From d5a6acc80918b9ff2594f4358c501af45c8e9847 Mon Sep 17 00:00:00 2001 From: Adam Pickering Date: Mon, 13 Jan 2025 16:45:34 -0700 Subject: [PATCH] Remove `stackstate/stackstate-k8s-agent` (#1098) --- assets/icons/stackstate-k8s-agent.svg | 16 - .../stackstate-k8s-agent-1.0.49.tgz | Bin 31844 -> 0 bytes .../stackstate-k8s-agent-1.0.51.tgz | Bin 31901 -> 0 bytes .../stackstate-k8s-agent-1.0.53.tgz | Bin 32376 -> 0 bytes .../stackstate-k8s-agent-1.0.54.tgz | Bin 32376 -> 0 bytes .../stackstate-k8s-agent-1.0.58.tgz | Bin 32976 -> 0 bytes .../stackstate-k8s-agent-1.0.66.tgz | Bin 33330 -> 0 bytes .../stackstate-k8s-agent-1.0.67.tgz | Bin 33331 -> 0 bytes .../stackstate-k8s-agent-1.0.68.tgz | Bin 33332 -> 0 bytes .../stackstate-k8s-agent-1.0.70.tgz | Bin 33333 -> 0 bytes .../stackstate-k8s-agent-1.0.76.tgz | Bin 33977 -> 0 bytes .../stackstate-k8s-agent-1.0.78.tgz | Bin 33976 -> 0 bytes .../stackstate-k8s-agent-1.0.81.tgz | Bin 34921 -> 0 bytes .../stackstate-k8s-agent-1.0.82.tgz | Bin 34919 -> 0 bytes .../stackstate-k8s-agent-1.0.84.tgz | Bin 34914 -> 0 bytes .../stackstate-k8s-agent-1.0.86.tgz | Bin 34915 -> 0 bytes .../stackstate-k8s-agent-1.0.87.tgz | Bin 34913 -> 0 bytes .../stackstate-k8s-agent-1.0.88.tgz | Bin 34917 -> 0 bytes .../stackstate-k8s-agent-1.0.89.tgz | Bin 34926 -> 0 bytes .../stackstate-k8s-agent-1.0.90.tgz | Bin 34926 -> 0 bytes .../stackstate-k8s-agent-1.0.93.tgz | Bin 34928 -> 0 bytes .../stackstate-k8s-agent-1.0.95.tgz | Bin 34927 -> 0 bytes .../stackstate-k8s-agent-1.0.96.tgz | Bin 34919 -> 0 bytes .../stackstate-k8s-agent-1.0.98.tgz | Bin 34913 -> 0 bytes .../stackstate-k8s-agent/1.0.49/.helmignore | 26 - .../stackstate-k8s-agent/1.0.49/Chart.lock | 6 - .../stackstate-k8s-agent/1.0.49/Chart.yaml | 25 - .../stackstate-k8s-agent/1.0.49/README.md | 235 ------ .../1.0.49/README.md.gotmpl | 45 -- .../stackstate-k8s-agent/1.0.49/Releasing.md | 15 - .../stackstate-k8s-agent/1.0.49/app-readme.md | 5 - .../charts/http-header-injector/.helmignore | 25 - .../charts/http-header-injector/Chart.yaml | 15 - .../charts/http-header-injector/README.md | 54 -- .../http-header-injector/Readme.md.gotpl | 26 - .../templates/_defines.tpl | 82 --- .../cert-hook-clusterrolbinding.yaml | 22 - .../templates/cert-hook-clusterrole.yaml | 24 - .../templates/cert-hook-config.yaml | 152 ---- .../templates/cert-hook-job-delete.yaml | 42 -- .../templates/cert-hook-job-setup.yaml | 43 -- .../templates/cert-hook-serviceaccount.yaml | 16 - .../templates/pull-secret.yaml | 29 - .../templates/webhook-cert-secret.yaml | 15 - .../templates/webhook-certificate.yaml | 20 - .../templates/webhook-config.yaml | 125 ---- .../templates/webhook-deployment.yaml | 56 -- .../webhook-mutatingwebhookconfiguration.yaml | 52 -- .../templates/webhook-service.yaml | 17 - .../charts/http-header-injector/values.yaml | 98 --- .../stackstate-k8s-agent/1.0.49/questions.yml | 184 ----- .../_cluster-agent-kube-state-metrics.yaml | 62 -- .../1.0.49/templates/_container-agent.yaml | 192 ----- .../templates/_container-process-agent.yaml | 148 ---- .../1.0.49/templates/_helpers.tpl | 175 ----- .../checks-agent-clusterrolebinding.yaml | 18 - .../templates/checks-agent-configmap.yaml | 14 - .../templates/checks-agent-deployment.yaml | 181 ----- .../checks-agent-poddisruptionbudget.yaml | 20 - .../checks-agent-serviceaccount.yaml | 14 - .../templates/cluster-agent-clusterrole.yaml | 106 --- .../cluster-agent-clusterrolebinding.yaml | 16 - .../templates/cluster-agent-configmap.yaml | 28 - .../templates/cluster-agent-deployment.yaml | 164 ----- .../cluster-agent-poddisruptionbudget.yaml | 18 - .../1.0.49/templates/cluster-agent-role.yaml | 18 - .../templates/cluster-agent-rolebinding.yaml | 15 - .../templates/cluster-agent-service.yaml | 18 - .../cluster-agent-serviceaccount.yaml | 12 - .../templates/logs-agent-clusterrole.yaml | 20 - .../logs-agent-clusterrolebinding.yaml | 18 - .../templates/logs-agent-configmap.yaml | 54 -- .../templates/logs-agent-daemonset.yaml | 90 --- .../templates/logs-agent-serviceaccount.yaml | 14 - .../templates/node-agent-clusterrole.yaml | 18 - .../node-agent-clusterrolebinding.yaml | 16 - .../templates/node-agent-configmap.yaml | 14 - .../templates/node-agent-daemonset.yaml | 101 --- .../1.0.49/templates/node-agent-scc.yaml | 56 -- .../1.0.49/templates/node-agent-service.yaml | 26 - .../templates/node-agent-serviceaccount.yaml | 12 - .../templates/openshift-logging-secret.yaml | 17 - .../1.0.49/templates/pull-secret.yaml | 35 - .../1.0.49/templates/secret.yaml | 22 - .../test/clusteragent_resources_test.go | 145 ---- .../1.0.49/test/clustername_test.go | 54 -- .../values/clustercheck_ksm_custom_url.yaml | 7 - .../values/clustercheck_ksm_no_override.yaml | 5 - .../values/clustercheck_ksm_override.yaml | 26 - .../clustercheck_no_ksm_custom_url.yaml | 7 - .../clustercheck_service_port_override.yaml | 4 - .../test/values/disable-all-resource.yaml | 17 - .../test/values/http-header-injector.yaml | 8 - .../1.0.49/test/values/minimal.yaml | 7 - .../1.0.49/values.schema.json | 79 -- .../stackstate-k8s-agent/1.0.49/values.yaml | 545 -------------- .../stackstate-k8s-agent/1.0.51/.helmignore | 26 - .../stackstate-k8s-agent/1.0.51/Chart.lock | 6 - .../stackstate-k8s-agent/1.0.51/Chart.yaml | 25 - .../stackstate-k8s-agent/1.0.51/README.md | 235 ------ .../1.0.51/README.md.gotmpl | 45 -- .../stackstate-k8s-agent/1.0.51/Releasing.md | 15 - .../stackstate-k8s-agent/1.0.51/app-readme.md | 5 - .../charts/http-header-injector/.helmignore | 25 - .../charts/http-header-injector/Chart.yaml | 15 - .../charts/http-header-injector/README.md | 54 -- .../http-header-injector/Readme.md.gotpl | 26 - .../templates/_defines.tpl | 82 --- .../cert-hook-clusterrolbinding.yaml | 22 - .../templates/cert-hook-clusterrole.yaml | 24 - .../templates/cert-hook-config.yaml | 152 ---- .../templates/cert-hook-job-delete.yaml | 42 -- .../templates/cert-hook-job-setup.yaml | 43 -- .../templates/cert-hook-serviceaccount.yaml | 16 - .../templates/pull-secret.yaml | 29 - .../templates/webhook-cert-secret.yaml | 15 - .../templates/webhook-certificate.yaml | 20 - .../templates/webhook-config.yaml | 125 ---- .../templates/webhook-deployment.yaml | 56 -- .../webhook-mutatingwebhookconfiguration.yaml | 52 -- .../templates/webhook-service.yaml | 17 - .../charts/http-header-injector/values.yaml | 98 --- .../stackstate-k8s-agent/1.0.51/questions.yml | 184 ----- .../_cluster-agent-kube-state-metrics.yaml | 62 -- .../1.0.51/templates/_container-agent.yaml | 192 ----- .../templates/_container-process-agent.yaml | 148 ---- .../1.0.51/templates/_helpers.tpl | 175 ----- .../checks-agent-clusterrolebinding.yaml | 18 - .../templates/checks-agent-configmap.yaml | 14 - .../templates/checks-agent-deployment.yaml | 182 ----- .../checks-agent-poddisruptionbudget.yaml | 20 - .../checks-agent-serviceaccount.yaml | 14 - .../templates/cluster-agent-clusterrole.yaml | 106 --- .../cluster-agent-clusterrolebinding.yaml | 16 - .../templates/cluster-agent-configmap.yaml | 28 - .../templates/cluster-agent-deployment.yaml | 164 ----- .../cluster-agent-poddisruptionbudget.yaml | 18 - .../1.0.51/templates/cluster-agent-role.yaml | 18 - .../templates/cluster-agent-rolebinding.yaml | 15 - .../templates/cluster-agent-service.yaml | 18 - .../cluster-agent-serviceaccount.yaml | 12 - .../templates/logs-agent-clusterrole.yaml | 20 - .../logs-agent-clusterrolebinding.yaml | 18 - .../templates/logs-agent-configmap.yaml | 54 -- .../templates/logs-agent-daemonset.yaml | 90 --- .../templates/logs-agent-serviceaccount.yaml | 14 - .../templates/node-agent-clusterrole.yaml | 18 - .../node-agent-clusterrolebinding.yaml | 16 - .../templates/node-agent-configmap.yaml | 14 - .../templates/node-agent-daemonset.yaml | 101 --- .../1.0.51/templates/node-agent-scc.yaml | 56 -- .../1.0.51/templates/node-agent-service.yaml | 26 - .../templates/node-agent-serviceaccount.yaml | 12 - .../templates/openshift-logging-secret.yaml | 17 - .../1.0.51/templates/pull-secret.yaml | 35 - .../1.0.51/templates/secret.yaml | 22 - .../test/clusteragent_resources_test.go | 145 ---- .../1.0.51/test/clustername_test.go | 54 -- .../values/clustercheck_ksm_custom_url.yaml | 7 - .../values/clustercheck_ksm_no_override.yaml | 5 - .../values/clustercheck_ksm_override.yaml | 26 - .../clustercheck_no_ksm_custom_url.yaml | 7 - .../clustercheck_service_port_override.yaml | 4 - .../test/values/disable-all-resource.yaml | 17 - .../test/values/http-header-injector.yaml | 8 - .../1.0.51/test/values/minimal.yaml | 7 - .../1.0.51/values.schema.json | 79 -- .../stackstate-k8s-agent/1.0.51/values.yaml | 545 -------------- .../stackstate-k8s-agent/1.0.53/.helmignore | 26 - .../stackstate-k8s-agent/1.0.53/Chart.lock | 6 - .../stackstate-k8s-agent/1.0.53/Chart.yaml | 25 - .../stackstate-k8s-agent/1.0.53/README.md | 238 ------- .../1.0.53/README.md.gotmpl | 45 -- .../stackstate-k8s-agent/1.0.53/Releasing.md | 15 - .../stackstate-k8s-agent/1.0.53/app-readme.md | 5 - .../charts/http-header-injector/.helmignore | 25 - .../charts/http-header-injector/Chart.yaml | 15 - .../charts/http-header-injector/README.md | 54 -- .../http-header-injector/Readme.md.gotpl | 26 - .../templates/_defines.tpl | 82 --- .../cert-hook-clusterrolbinding.yaml | 22 - .../templates/cert-hook-clusterrole.yaml | 24 - .../templates/cert-hook-config.yaml | 152 ---- .../templates/cert-hook-job-delete.yaml | 42 -- .../templates/cert-hook-job-setup.yaml | 43 -- .../templates/cert-hook-serviceaccount.yaml | 16 - .../templates/pull-secret.yaml | 29 - .../templates/webhook-cert-secret.yaml | 15 - .../templates/webhook-certificate.yaml | 20 - .../templates/webhook-config.yaml | 125 ---- .../templates/webhook-deployment.yaml | 56 -- .../webhook-mutatingwebhookconfiguration.yaml | 52 -- .../templates/webhook-service.yaml | 17 - .../charts/http-header-injector/values.yaml | 98 --- .../stackstate-k8s-agent/1.0.53/questions.yml | 184 ----- .../_cluster-agent-kube-state-metrics.yaml | 62 -- .../1.0.53/templates/_container-agent.yaml | 192 ----- .../templates/_container-process-agent.yaml | 154 ---- .../1.0.53/templates/_helpers.tpl | 175 ----- .../checks-agent-clusterrolebinding.yaml | 18 - .../templates/checks-agent-configmap.yaml | 14 - .../templates/checks-agent-deployment.yaml | 182 ----- .../checks-agent-poddisruptionbudget.yaml | 20 - .../checks-agent-serviceaccount.yaml | 14 - .../templates/cluster-agent-clusterrole.yaml | 106 --- .../cluster-agent-clusterrolebinding.yaml | 16 - .../templates/cluster-agent-configmap.yaml | 28 - .../templates/cluster-agent-deployment.yaml | 164 ----- .../cluster-agent-poddisruptionbudget.yaml | 18 - .../1.0.53/templates/cluster-agent-role.yaml | 18 - .../templates/cluster-agent-rolebinding.yaml | 15 - .../templates/cluster-agent-service.yaml | 18 - .../cluster-agent-serviceaccount.yaml | 12 - .../templates/logs-agent-clusterrole.yaml | 20 - .../logs-agent-clusterrolebinding.yaml | 18 - .../templates/logs-agent-configmap.yaml | 54 -- .../templates/logs-agent-daemonset.yaml | 90 --- .../templates/logs-agent-serviceaccount.yaml | 14 - .../templates/node-agent-clusterrole.yaml | 18 - .../node-agent-clusterrolebinding.yaml | 16 - .../templates/node-agent-configmap.yaml | 14 - .../templates/node-agent-daemonset.yaml | 101 --- .../1.0.53/templates/node-agent-scc.yaml | 56 -- .../1.0.53/templates/node-agent-service.yaml | 26 - .../templates/node-agent-serviceaccount.yaml | 12 - .../templates/openshift-logging-secret.yaml | 17 - .../1.0.53/templates/pull-secret.yaml | 35 - .../1.0.53/templates/secret.yaml | 22 - .../test/clusteragent_resources_test.go | 145 ---- .../1.0.53/test/clustername_test.go | 54 -- .../values/clustercheck_ksm_custom_url.yaml | 7 - .../values/clustercheck_ksm_no_override.yaml | 5 - .../values/clustercheck_ksm_override.yaml | 26 - .../clustercheck_no_ksm_custom_url.yaml | 7 - .../clustercheck_service_port_override.yaml | 4 - .../test/values/disable-all-resource.yaml | 17 - .../test/values/http-header-injector.yaml | 8 - .../1.0.53/test/values/minimal.yaml | 7 - .../1.0.53/values.schema.json | 79 -- .../stackstate-k8s-agent/1.0.53/values.yaml | 553 -------------- .../stackstate-k8s-agent/1.0.54/.helmignore | 26 - .../stackstate-k8s-agent/1.0.54/Chart.lock | 6 - .../stackstate-k8s-agent/1.0.54/Chart.yaml | 25 - .../stackstate-k8s-agent/1.0.54/README.md | 238 ------- .../1.0.54/README.md.gotmpl | 45 -- .../stackstate-k8s-agent/1.0.54/Releasing.md | 15 - .../stackstate-k8s-agent/1.0.54/app-readme.md | 5 - .../charts/http-header-injector/.helmignore | 25 - .../charts/http-header-injector/Chart.yaml | 15 - .../charts/http-header-injector/README.md | 54 -- .../http-header-injector/Readme.md.gotpl | 26 - .../templates/_defines.tpl | 82 --- .../cert-hook-clusterrolbinding.yaml | 22 - .../templates/cert-hook-clusterrole.yaml | 24 - .../templates/cert-hook-config.yaml | 152 ---- .../templates/cert-hook-job-delete.yaml | 42 -- .../templates/cert-hook-job-setup.yaml | 43 -- .../templates/cert-hook-serviceaccount.yaml | 16 - .../templates/pull-secret.yaml | 29 - .../templates/webhook-cert-secret.yaml | 15 - .../templates/webhook-certificate.yaml | 20 - .../templates/webhook-config.yaml | 125 ---- .../templates/webhook-deployment.yaml | 56 -- .../webhook-mutatingwebhookconfiguration.yaml | 52 -- .../templates/webhook-service.yaml | 17 - .../charts/http-header-injector/values.yaml | 98 --- .../stackstate-k8s-agent/1.0.54/questions.yml | 184 ----- .../_cluster-agent-kube-state-metrics.yaml | 62 -- .../1.0.54/templates/_container-agent.yaml | 192 ----- .../templates/_container-process-agent.yaml | 154 ---- .../1.0.54/templates/_helpers.tpl | 175 ----- .../checks-agent-clusterrolebinding.yaml | 18 - .../templates/checks-agent-configmap.yaml | 14 - .../templates/checks-agent-deployment.yaml | 182 ----- .../checks-agent-poddisruptionbudget.yaml | 20 - .../checks-agent-serviceaccount.yaml | 14 - .../templates/cluster-agent-clusterrole.yaml | 106 --- .../cluster-agent-clusterrolebinding.yaml | 16 - .../templates/cluster-agent-configmap.yaml | 28 - .../templates/cluster-agent-deployment.yaml | 164 ----- .../cluster-agent-poddisruptionbudget.yaml | 18 - .../1.0.54/templates/cluster-agent-role.yaml | 18 - .../templates/cluster-agent-rolebinding.yaml | 15 - .../templates/cluster-agent-service.yaml | 18 - .../cluster-agent-serviceaccount.yaml | 12 - .../templates/logs-agent-clusterrole.yaml | 20 - .../logs-agent-clusterrolebinding.yaml | 18 - .../templates/logs-agent-configmap.yaml | 54 -- .../templates/logs-agent-daemonset.yaml | 90 --- .../templates/logs-agent-serviceaccount.yaml | 14 - .../templates/node-agent-clusterrole.yaml | 18 - .../node-agent-clusterrolebinding.yaml | 16 - .../templates/node-agent-configmap.yaml | 14 - .../templates/node-agent-daemonset.yaml | 101 --- .../1.0.54/templates/node-agent-scc.yaml | 56 -- .../1.0.54/templates/node-agent-service.yaml | 26 - .../templates/node-agent-serviceaccount.yaml | 12 - .../templates/openshift-logging-secret.yaml | 17 - .../1.0.54/templates/pull-secret.yaml | 35 - .../1.0.54/templates/secret.yaml | 22 - .../test/clusteragent_resources_test.go | 145 ---- .../1.0.54/test/clustername_test.go | 54 -- .../values/clustercheck_ksm_custom_url.yaml | 7 - .../values/clustercheck_ksm_no_override.yaml | 5 - .../values/clustercheck_ksm_override.yaml | 26 - .../clustercheck_no_ksm_custom_url.yaml | 7 - .../clustercheck_service_port_override.yaml | 4 - .../test/values/disable-all-resource.yaml | 17 - .../test/values/http-header-injector.yaml | 8 - .../1.0.54/test/values/minimal.yaml | 7 - .../1.0.54/values.schema.json | 79 -- .../stackstate-k8s-agent/1.0.54/values.yaml | 553 -------------- .../stackstate-k8s-agent/1.0.58/.helmignore | 26 - .../stackstate-k8s-agent/1.0.58/Chart.lock | 6 - .../stackstate-k8s-agent/1.0.58/Chart.yaml | 25 - .../stackstate-k8s-agent/1.0.58/README.md | 247 ------- .../1.0.58/README.md.gotmpl | 45 -- .../stackstate-k8s-agent/1.0.58/Releasing.md | 15 - .../stackstate-k8s-agent/1.0.58/app-readme.md | 5 - .../charts/http-header-injector/.helmignore | 25 - .../charts/http-header-injector/Chart.yaml | 15 - .../charts/http-header-injector/README.md | 54 -- .../http-header-injector/Readme.md.gotpl | 26 - .../templates/_defines.tpl | 82 --- .../cert-hook-clusterrolbinding.yaml | 22 - .../templates/cert-hook-clusterrole.yaml | 24 - .../templates/cert-hook-config.yaml | 152 ---- .../templates/cert-hook-job-delete.yaml | 42 -- .../templates/cert-hook-job-setup.yaml | 43 -- .../templates/cert-hook-serviceaccount.yaml | 16 - .../templates/pull-secret.yaml | 29 - .../templates/webhook-cert-secret.yaml | 15 - .../templates/webhook-certificate.yaml | 20 - .../templates/webhook-config.yaml | 125 ---- .../templates/webhook-deployment.yaml | 56 -- .../webhook-mutatingwebhookconfiguration.yaml | 52 -- .../templates/webhook-service.yaml | 17 - .../charts/http-header-injector/values.yaml | 98 --- .../stackstate-k8s-agent/1.0.58/questions.yml | 184 ----- .../_cluster-agent-kube-state-metrics.yaml | 62 -- .../1.0.58/templates/_container-agent.yaml | 192 ----- .../templates/_container-process-agent.yaml | 154 ---- .../1.0.58/templates/_helpers.tpl | 175 ----- .../checks-agent-clusterrolebinding.yaml | 18 - .../templates/checks-agent-configmap.yaml | 14 - .../templates/checks-agent-deployment.yaml | 182 ----- .../checks-agent-poddisruptionbudget.yaml | 20 - .../checks-agent-serviceaccount.yaml | 14 - .../templates/cluster-agent-clusterrole.yaml | 106 --- .../cluster-agent-clusterrolebinding.yaml | 16 - .../templates/cluster-agent-configmap.yaml | 28 - .../templates/cluster-agent-deployment.yaml | 164 ----- .../cluster-agent-poddisruptionbudget.yaml | 18 - .../1.0.58/templates/cluster-agent-role.yaml | 18 - .../templates/cluster-agent-rolebinding.yaml | 15 - .../templates/cluster-agent-service.yaml | 18 - .../cluster-agent-serviceaccount.yaml | 12 - .../templates/logs-agent-clusterrole.yaml | 20 - .../logs-agent-clusterrolebinding.yaml | 18 - .../templates/logs-agent-configmap.yaml | 54 -- .../templates/logs-agent-daemonset.yaml | 90 --- .../templates/logs-agent-serviceaccount.yaml | 14 - .../templates/node-agent-clusterrole.yaml | 18 - .../node-agent-clusterrolebinding.yaml | 16 - .../templates/node-agent-configmap.yaml | 14 - .../templates/node-agent-daemonset.yaml | 102 --- .../templates/node-agent-podautoscaler.yaml | 35 - .../1.0.58/templates/node-agent-scc.yaml | 56 -- .../1.0.58/templates/node-agent-service.yaml | 26 - .../templates/node-agent-serviceaccount.yaml | 12 - .../templates/openshift-logging-secret.yaml | 17 - .../1.0.58/templates/pull-secret.yaml | 35 - .../1.0.58/templates/secret.yaml | 22 - .../test/clusteragent_resources_test.go | 145 ---- .../1.0.58/test/clustername_test.go | 54 -- .../values/clustercheck_ksm_custom_url.yaml | 7 - .../values/clustercheck_ksm_no_override.yaml | 5 - .../values/clustercheck_ksm_override.yaml | 26 - .../clustercheck_no_ksm_custom_url.yaml | 7 - .../clustercheck_service_port_override.yaml | 4 - .../test/values/disable-all-resource.yaml | 17 - .../test/values/http-header-injector.yaml | 8 - .../1.0.58/test/values/minimal.yaml | 7 - .../1.0.58/values.schema.json | 79 -- .../stackstate-k8s-agent/1.0.58/values.yaml | 579 --------------- .../stackstate-k8s-agent/1.0.66/.helmignore | 26 - .../stackstate-k8s-agent/1.0.66/Chart.lock | 6 - .../stackstate-k8s-agent/1.0.66/Chart.yaml | 25 - .../stackstate-k8s-agent/1.0.66/README.md | 248 ------- .../1.0.66/README.md.gotmpl | 45 -- .../stackstate-k8s-agent/1.0.66/Releasing.md | 15 - .../stackstate-k8s-agent/1.0.66/app-readme.md | 5 - .../charts/http-header-injector/.helmignore | 25 - .../charts/http-header-injector/Chart.yaml | 15 - .../charts/http-header-injector/README.md | 54 -- .../http-header-injector/Readme.md.gotpl | 26 - .../templates/_defines.tpl | 113 --- .../cert-hook-clusterrolbinding.yaml | 22 - .../templates/cert-hook-clusterrole.yaml | 24 - .../templates/cert-hook-config.yaml | 152 ---- .../templates/cert-hook-job-delete.yaml | 35 - .../templates/cert-hook-job-setup.yaml | 35 - .../templates/cert-hook-serviceaccount.yaml | 16 - .../templates/pull-secret.yaml | 29 - .../templates/webhook-cert-secret.yaml | 15 - .../templates/webhook-certificate.yaml | 20 - .../templates/webhook-config.yaml | 125 ---- .../templates/webhook-deployment.yaml | 56 -- .../webhook-mutatingwebhookconfiguration.yaml | 52 -- .../templates/webhook-service.yaml | 17 - .../charts/http-header-injector/values.yaml | 105 --- .../stackstate-k8s-agent/1.0.66/questions.yml | 184 ----- .../_cluster-agent-kube-state-metrics.yaml | 62 -- .../1.0.66/templates/_container-agent.yaml | 192 ----- .../templates/_container-process-agent.yaml | 162 ----- .../1.0.66/templates/_helpers.tpl | 175 ----- .../checks-agent-clusterrolebinding.yaml | 18 - .../templates/checks-agent-configmap.yaml | 14 - .../templates/checks-agent-deployment.yaml | 182 ----- .../checks-agent-poddisruptionbudget.yaml | 20 - .../checks-agent-serviceaccount.yaml | 14 - .../templates/cluster-agent-clusterrole.yaml | 106 --- .../cluster-agent-clusterrolebinding.yaml | 16 - .../templates/cluster-agent-configmap.yaml | 28 - .../templates/cluster-agent-deployment.yaml | 164 ----- .../cluster-agent-poddisruptionbudget.yaml | 18 - .../1.0.66/templates/cluster-agent-role.yaml | 18 - .../templates/cluster-agent-rolebinding.yaml | 15 - .../templates/cluster-agent-service.yaml | 18 - .../cluster-agent-serviceaccount.yaml | 12 - .../templates/logs-agent-clusterrole.yaml | 20 - .../logs-agent-clusterrolebinding.yaml | 18 - .../templates/logs-agent-configmap.yaml | 54 -- .../templates/logs-agent-daemonset.yaml | 90 --- .../templates/logs-agent-serviceaccount.yaml | 14 - .../templates/node-agent-clusterrole.yaml | 18 - .../node-agent-clusterrolebinding.yaml | 16 - .../templates/node-agent-configmap.yaml | 14 - .../templates/node-agent-daemonset.yaml | 105 --- .../templates/node-agent-podautoscaler.yaml | 35 - .../1.0.66/templates/node-agent-scc.yaml | 56 -- .../1.0.66/templates/node-agent-service.yaml | 26 - .../templates/node-agent-serviceaccount.yaml | 12 - .../templates/openshift-logging-secret.yaml | 17 - .../1.0.66/templates/pull-secret.yaml | 35 - .../1.0.66/templates/secret.yaml | 22 - .../test/clusteragent_resources_test.go | 145 ---- .../1.0.66/test/clustername_test.go | 54 -- .../values/clustercheck_ksm_custom_url.yaml | 7 - .../values/clustercheck_ksm_no_override.yaml | 5 - .../values/clustercheck_ksm_override.yaml | 26 - .../clustercheck_no_ksm_custom_url.yaml | 7 - .../clustercheck_service_port_override.yaml | 4 - .../test/values/disable-all-resource.yaml | 17 - .../test/values/http-header-injector.yaml | 8 - .../1.0.66/test/values/minimal.yaml | 7 - .../1.0.66/values.schema.json | 79 -- .../stackstate-k8s-agent/1.0.66/values.yaml | 582 --------------- .../stackstate-k8s-agent/1.0.67/.helmignore | 26 - .../stackstate-k8s-agent/1.0.67/Chart.lock | 6 - .../stackstate-k8s-agent/1.0.67/Chart.yaml | 25 - .../stackstate-k8s-agent/1.0.67/README.md | 248 ------- .../1.0.67/README.md.gotmpl | 45 -- .../stackstate-k8s-agent/1.0.67/Releasing.md | 15 - .../stackstate-k8s-agent/1.0.67/app-readme.md | 5 - .../charts/http-header-injector/.helmignore | 25 - .../charts/http-header-injector/Chart.yaml | 15 - .../charts/http-header-injector/README.md | 54 -- .../http-header-injector/Readme.md.gotpl | 26 - .../templates/_defines.tpl | 113 --- .../cert-hook-clusterrolbinding.yaml | 22 - .../templates/cert-hook-clusterrole.yaml | 24 - .../templates/cert-hook-config.yaml | 152 ---- .../templates/cert-hook-job-delete.yaml | 35 - .../templates/cert-hook-job-setup.yaml | 35 - .../templates/cert-hook-serviceaccount.yaml | 16 - .../templates/pull-secret.yaml | 29 - .../templates/webhook-cert-secret.yaml | 15 - .../templates/webhook-certificate.yaml | 20 - .../templates/webhook-config.yaml | 125 ---- .../templates/webhook-deployment.yaml | 56 -- .../webhook-mutatingwebhookconfiguration.yaml | 52 -- .../templates/webhook-service.yaml | 17 - .../charts/http-header-injector/values.yaml | 105 --- .../stackstate-k8s-agent/1.0.67/questions.yml | 184 ----- .../_cluster-agent-kube-state-metrics.yaml | 62 -- .../1.0.67/templates/_container-agent.yaml | 192 ----- .../templates/_container-process-agent.yaml | 162 ----- .../1.0.67/templates/_helpers.tpl | 175 ----- .../checks-agent-clusterrolebinding.yaml | 18 - .../templates/checks-agent-configmap.yaml | 14 - .../templates/checks-agent-deployment.yaml | 182 ----- .../checks-agent-poddisruptionbudget.yaml | 20 - .../checks-agent-serviceaccount.yaml | 14 - .../templates/cluster-agent-clusterrole.yaml | 106 --- .../cluster-agent-clusterrolebinding.yaml | 16 - .../templates/cluster-agent-configmap.yaml | 28 - .../templates/cluster-agent-deployment.yaml | 164 ----- .../cluster-agent-poddisruptionbudget.yaml | 18 - .../1.0.67/templates/cluster-agent-role.yaml | 18 - .../templates/cluster-agent-rolebinding.yaml | 15 - .../templates/cluster-agent-service.yaml | 18 - .../cluster-agent-serviceaccount.yaml | 12 - .../templates/logs-agent-clusterrole.yaml | 20 - .../logs-agent-clusterrolebinding.yaml | 18 - .../templates/logs-agent-configmap.yaml | 54 -- .../templates/logs-agent-daemonset.yaml | 90 --- .../templates/logs-agent-serviceaccount.yaml | 14 - .../templates/node-agent-clusterrole.yaml | 18 - .../node-agent-clusterrolebinding.yaml | 16 - .../templates/node-agent-configmap.yaml | 14 - .../templates/node-agent-daemonset.yaml | 105 --- .../templates/node-agent-podautoscaler.yaml | 35 - .../1.0.67/templates/node-agent-scc.yaml | 56 -- .../1.0.67/templates/node-agent-service.yaml | 26 - .../templates/node-agent-serviceaccount.yaml | 12 - .../templates/openshift-logging-secret.yaml | 17 - .../1.0.67/templates/pull-secret.yaml | 35 - .../1.0.67/templates/secret.yaml | 22 - .../test/clusteragent_resources_test.go | 145 ---- .../1.0.67/test/clustername_test.go | 54 -- .../values/clustercheck_ksm_custom_url.yaml | 7 - .../values/clustercheck_ksm_no_override.yaml | 5 - .../values/clustercheck_ksm_override.yaml | 26 - .../clustercheck_no_ksm_custom_url.yaml | 7 - .../clustercheck_service_port_override.yaml | 4 - .../test/values/disable-all-resource.yaml | 17 - .../test/values/http-header-injector.yaml | 8 - .../1.0.67/test/values/minimal.yaml | 7 - .../1.0.67/values.schema.json | 79 -- .../stackstate-k8s-agent/1.0.67/values.yaml | 582 --------------- .../stackstate-k8s-agent/1.0.68/.helmignore | 26 - .../stackstate-k8s-agent/1.0.68/Chart.lock | 6 - .../stackstate-k8s-agent/1.0.68/Chart.yaml | 25 - .../stackstate-k8s-agent/1.0.68/README.md | 248 ------- .../1.0.68/README.md.gotmpl | 45 -- .../stackstate-k8s-agent/1.0.68/Releasing.md | 15 - .../stackstate-k8s-agent/1.0.68/app-readme.md | 5 - .../charts/http-header-injector/.helmignore | 25 - .../charts/http-header-injector/Chart.yaml | 15 - .../charts/http-header-injector/README.md | 54 -- .../http-header-injector/Readme.md.gotpl | 26 - .../templates/_defines.tpl | 113 --- .../cert-hook-clusterrolbinding.yaml | 22 - .../templates/cert-hook-clusterrole.yaml | 24 - .../templates/cert-hook-config.yaml | 152 ---- .../templates/cert-hook-job-delete.yaml | 35 - .../templates/cert-hook-job-setup.yaml | 35 - .../templates/cert-hook-serviceaccount.yaml | 16 - .../templates/pull-secret.yaml | 29 - .../templates/webhook-cert-secret.yaml | 15 - .../templates/webhook-certificate.yaml | 20 - .../templates/webhook-config.yaml | 125 ---- .../templates/webhook-deployment.yaml | 56 -- .../webhook-mutatingwebhookconfiguration.yaml | 52 -- .../templates/webhook-service.yaml | 17 - .../charts/http-header-injector/values.yaml | 105 --- .../stackstate-k8s-agent/1.0.68/questions.yml | 184 ----- .../_cluster-agent-kube-state-metrics.yaml | 62 -- .../1.0.68/templates/_container-agent.yaml | 192 ----- .../templates/_container-process-agent.yaml | 162 ----- .../1.0.68/templates/_helpers.tpl | 175 ----- .../checks-agent-clusterrolebinding.yaml | 18 - .../templates/checks-agent-configmap.yaml | 14 - .../templates/checks-agent-deployment.yaml | 182 ----- .../checks-agent-poddisruptionbudget.yaml | 20 - .../checks-agent-serviceaccount.yaml | 14 - .../templates/cluster-agent-clusterrole.yaml | 106 --- .../cluster-agent-clusterrolebinding.yaml | 16 - .../templates/cluster-agent-configmap.yaml | 28 - .../templates/cluster-agent-deployment.yaml | 164 ----- .../cluster-agent-poddisruptionbudget.yaml | 18 - .../1.0.68/templates/cluster-agent-role.yaml | 18 - .../templates/cluster-agent-rolebinding.yaml | 15 - .../templates/cluster-agent-service.yaml | 18 - .../cluster-agent-serviceaccount.yaml | 12 - .../templates/logs-agent-clusterrole.yaml | 20 - .../logs-agent-clusterrolebinding.yaml | 18 - .../templates/logs-agent-configmap.yaml | 54 -- .../templates/logs-agent-daemonset.yaml | 90 --- .../templates/logs-agent-serviceaccount.yaml | 14 - .../templates/node-agent-clusterrole.yaml | 18 - .../node-agent-clusterrolebinding.yaml | 16 - .../templates/node-agent-configmap.yaml | 14 - .../templates/node-agent-daemonset.yaml | 105 --- .../templates/node-agent-podautoscaler.yaml | 35 - .../1.0.68/templates/node-agent-scc.yaml | 56 -- .../1.0.68/templates/node-agent-service.yaml | 26 - .../templates/node-agent-serviceaccount.yaml | 12 - .../templates/openshift-logging-secret.yaml | 17 - .../1.0.68/templates/pull-secret.yaml | 35 - .../1.0.68/templates/secret.yaml | 22 - .../test/clusteragent_resources_test.go | 145 ---- .../1.0.68/test/clustername_test.go | 54 -- .../values/clustercheck_ksm_custom_url.yaml | 7 - .../values/clustercheck_ksm_no_override.yaml | 5 - .../values/clustercheck_ksm_override.yaml | 26 - .../clustercheck_no_ksm_custom_url.yaml | 7 - .../clustercheck_service_port_override.yaml | 4 - .../test/values/disable-all-resource.yaml | 17 - .../test/values/http-header-injector.yaml | 8 - .../1.0.68/test/values/minimal.yaml | 7 - .../1.0.68/values.schema.json | 79 -- .../stackstate-k8s-agent/1.0.68/values.yaml | 582 --------------- .../stackstate-k8s-agent/1.0.70/.helmignore | 26 - .../stackstate-k8s-agent/1.0.70/Chart.lock | 6 - .../stackstate-k8s-agent/1.0.70/Chart.yaml | 25 - .../stackstate-k8s-agent/1.0.70/README.md | 248 ------- .../1.0.70/README.md.gotmpl | 45 -- .../stackstate-k8s-agent/1.0.70/Releasing.md | 15 - .../stackstate-k8s-agent/1.0.70/app-readme.md | 5 - .../charts/http-header-injector/.helmignore | 25 - .../charts/http-header-injector/Chart.yaml | 15 - .../charts/http-header-injector/README.md | 54 -- .../http-header-injector/Readme.md.gotpl | 26 - .../templates/_defines.tpl | 113 --- .../cert-hook-clusterrolbinding.yaml | 22 - .../templates/cert-hook-clusterrole.yaml | 24 - .../templates/cert-hook-config.yaml | 152 ---- .../templates/cert-hook-job-delete.yaml | 35 - .../templates/cert-hook-job-setup.yaml | 35 - .../templates/cert-hook-serviceaccount.yaml | 16 - .../templates/pull-secret.yaml | 29 - .../templates/webhook-cert-secret.yaml | 15 - .../templates/webhook-certificate.yaml | 20 - .../templates/webhook-config.yaml | 125 ---- .../templates/webhook-deployment.yaml | 56 -- .../webhook-mutatingwebhookconfiguration.yaml | 52 -- .../templates/webhook-service.yaml | 17 - .../charts/http-header-injector/values.yaml | 105 --- .../stackstate-k8s-agent/1.0.70/questions.yml | 184 ----- .../_cluster-agent-kube-state-metrics.yaml | 62 -- .../1.0.70/templates/_container-agent.yaml | 192 ----- .../templates/_container-process-agent.yaml | 162 ----- .../1.0.70/templates/_helpers.tpl | 175 ----- .../checks-agent-clusterrolebinding.yaml | 18 - .../templates/checks-agent-configmap.yaml | 14 - .../templates/checks-agent-deployment.yaml | 182 ----- .../checks-agent-poddisruptionbudget.yaml | 20 - .../checks-agent-serviceaccount.yaml | 14 - .../templates/cluster-agent-clusterrole.yaml | 106 --- .../cluster-agent-clusterrolebinding.yaml | 16 - .../templates/cluster-agent-configmap.yaml | 28 - .../templates/cluster-agent-deployment.yaml | 164 ----- .../cluster-agent-poddisruptionbudget.yaml | 18 - .../1.0.70/templates/cluster-agent-role.yaml | 18 - .../templates/cluster-agent-rolebinding.yaml | 15 - .../templates/cluster-agent-service.yaml | 18 - .../cluster-agent-serviceaccount.yaml | 12 - .../templates/logs-agent-clusterrole.yaml | 20 - .../logs-agent-clusterrolebinding.yaml | 18 - .../templates/logs-agent-configmap.yaml | 54 -- .../templates/logs-agent-daemonset.yaml | 90 --- .../templates/logs-agent-serviceaccount.yaml | 14 - .../templates/node-agent-clusterrole.yaml | 18 - .../node-agent-clusterrolebinding.yaml | 16 - .../templates/node-agent-configmap.yaml | 14 - .../templates/node-agent-daemonset.yaml | 105 --- .../templates/node-agent-podautoscaler.yaml | 35 - .../1.0.70/templates/node-agent-scc.yaml | 56 -- .../1.0.70/templates/node-agent-service.yaml | 26 - .../templates/node-agent-serviceaccount.yaml | 12 - .../templates/openshift-logging-secret.yaml | 17 - .../1.0.70/templates/pull-secret.yaml | 35 - .../1.0.70/templates/secret.yaml | 22 - .../test/clusteragent_resources_test.go | 145 ---- .../1.0.70/test/clustername_test.go | 54 -- .../values/clustercheck_ksm_custom_url.yaml | 7 - .../values/clustercheck_ksm_no_override.yaml | 5 - .../values/clustercheck_ksm_override.yaml | 26 - .../clustercheck_no_ksm_custom_url.yaml | 7 - .../clustercheck_service_port_override.yaml | 4 - .../test/values/disable-all-resource.yaml | 17 - .../test/values/http-header-injector.yaml | 8 - .../1.0.70/test/values/minimal.yaml | 7 - .../1.0.70/values.schema.json | 79 -- .../stackstate-k8s-agent/1.0.70/values.yaml | 582 --------------- .../stackstate-k8s-agent/1.0.76/.helmignore | 26 - .../stackstate-k8s-agent/1.0.76/Chart.lock | 6 - .../stackstate-k8s-agent/1.0.76/Chart.yaml | 25 - .../stackstate-k8s-agent/1.0.76/README.md | 257 ------- .../1.0.76/README.md.gotmpl | 45 -- .../stackstate-k8s-agent/1.0.76/Releasing.md | 15 - .../stackstate-k8s-agent/1.0.76/app-readme.md | 5 - .../charts/http-header-injector/.helmignore | 25 - .../charts/http-header-injector/Chart.yaml | 15 - .../charts/http-header-injector/README.md | 54 -- .../http-header-injector/Readme.md.gotpl | 26 - .../templates/_defines.tpl | 113 --- .../cert-hook-clusterrolbinding.yaml | 22 - .../templates/cert-hook-clusterrole.yaml | 24 - .../templates/cert-hook-config.yaml | 152 ---- .../templates/cert-hook-job-delete.yaml | 35 - .../templates/cert-hook-job-setup.yaml | 35 - .../templates/cert-hook-serviceaccount.yaml | 16 - .../templates/pull-secret.yaml | 29 - .../templates/webhook-cert-secret.yaml | 15 - .../templates/webhook-certificate.yaml | 20 - .../templates/webhook-config.yaml | 125 ---- .../templates/webhook-deployment.yaml | 56 -- .../webhook-mutatingwebhookconfiguration.yaml | 52 -- .../templates/webhook-service.yaml | 17 - .../charts/http-header-injector/values.yaml | 105 --- .../stackstate-k8s-agent/1.0.76/questions.yml | 184 ----- .../_cluster-agent-kube-state-metrics.yaml | 62 -- .../1.0.76/templates/_container-agent.yaml | 199 ------ .../templates/_container-process-agent.yaml | 168 ----- .../1.0.76/templates/_helpers.tpl | 175 ----- .../checks-agent-clusterrolebinding.yaml | 18 - .../templates/checks-agent-configmap.yaml | 14 - .../templates/checks-agent-deployment.yaml | 188 ----- .../checks-agent-poddisruptionbudget.yaml | 20 - .../checks-agent-serviceaccount.yaml | 14 - .../templates/cluster-agent-clusterrole.yaml | 149 ---- .../cluster-agent-clusterrolebinding.yaml | 16 - .../templates/cluster-agent-configmap.yaml | 28 - .../templates/cluster-agent-deployment.yaml | 172 ----- .../cluster-agent-poddisruptionbudget.yaml | 18 - .../1.0.76/templates/cluster-agent-role.yaml | 18 - .../templates/cluster-agent-rolebinding.yaml | 15 - .../templates/cluster-agent-service.yaml | 18 - .../cluster-agent-serviceaccount.yaml | 12 - .../templates/logs-agent-clusterrole.yaml | 20 - .../logs-agent-clusterrolebinding.yaml | 18 - .../templates/logs-agent-configmap.yaml | 60 -- .../templates/logs-agent-daemonset.yaml | 90 --- .../templates/logs-agent-serviceaccount.yaml | 14 - .../templates/node-agent-clusterrole.yaml | 18 - .../node-agent-clusterrolebinding.yaml | 16 - .../templates/node-agent-configmap.yaml | 14 - .../templates/node-agent-daemonset.yaml | 105 --- .../templates/node-agent-podautoscaler.yaml | 35 - .../1.0.76/templates/node-agent-scc.yaml | 56 -- .../1.0.76/templates/node-agent-service.yaml | 26 - .../templates/node-agent-serviceaccount.yaml | 12 - .../templates/openshift-logging-secret.yaml | 17 - .../1.0.76/templates/pull-secret.yaml | 35 - .../1.0.76/templates/secret.yaml | 22 - .../test/clusteragent_resources_test.go | 145 ---- .../1.0.76/test/clustername_test.go | 54 -- .../values/clustercheck_ksm_custom_url.yaml | 7 - .../values/clustercheck_ksm_no_override.yaml | 5 - .../values/clustercheck_ksm_override.yaml | 26 - .../clustercheck_no_ksm_custom_url.yaml | 7 - .../clustercheck_service_port_override.yaml | 4 - .../test/values/disable-all-resource.yaml | 17 - .../test/values/http-header-injector.yaml | 8 - .../1.0.76/test/values/minimal.yaml | 7 - .../1.0.76/values.schema.json | 79 -- .../stackstate-k8s-agent/1.0.76/values.yaml | 603 ---------------- .../stackstate-k8s-agent/1.0.78/.helmignore | 26 - .../stackstate-k8s-agent/1.0.78/Chart.lock | 6 - .../stackstate-k8s-agent/1.0.78/Chart.yaml | 25 - .../stackstate-k8s-agent/1.0.78/README.md | 257 ------- .../1.0.78/README.md.gotmpl | 45 -- .../stackstate-k8s-agent/1.0.78/Releasing.md | 15 - .../stackstate-k8s-agent/1.0.78/app-readme.md | 5 - .../charts/http-header-injector/.helmignore | 25 - .../charts/http-header-injector/Chart.yaml | 15 - .../charts/http-header-injector/README.md | 54 -- .../http-header-injector/Readme.md.gotpl | 26 - .../templates/_defines.tpl | 113 --- .../cert-hook-clusterrolbinding.yaml | 22 - .../templates/cert-hook-clusterrole.yaml | 24 - .../templates/cert-hook-config.yaml | 152 ---- .../templates/cert-hook-job-delete.yaml | 35 - .../templates/cert-hook-job-setup.yaml | 35 - .../templates/cert-hook-serviceaccount.yaml | 16 - .../templates/pull-secret.yaml | 29 - .../templates/webhook-cert-secret.yaml | 15 - .../templates/webhook-certificate.yaml | 20 - .../templates/webhook-config.yaml | 125 ---- .../templates/webhook-deployment.yaml | 56 -- .../webhook-mutatingwebhookconfiguration.yaml | 52 -- .../templates/webhook-service.yaml | 17 - .../charts/http-header-injector/values.yaml | 105 --- .../stackstate-k8s-agent/1.0.78/questions.yml | 184 ----- .../_cluster-agent-kube-state-metrics.yaml | 62 -- .../1.0.78/templates/_container-agent.yaml | 199 ------ .../templates/_container-process-agent.yaml | 168 ----- .../1.0.78/templates/_helpers.tpl | 175 ----- .../checks-agent-clusterrolebinding.yaml | 18 - .../templates/checks-agent-configmap.yaml | 14 - .../templates/checks-agent-deployment.yaml | 188 ----- .../checks-agent-poddisruptionbudget.yaml | 20 - .../checks-agent-serviceaccount.yaml | 14 - .../templates/cluster-agent-clusterrole.yaml | 149 ---- .../cluster-agent-clusterrolebinding.yaml | 16 - .../templates/cluster-agent-configmap.yaml | 28 - .../templates/cluster-agent-deployment.yaml | 172 ----- .../cluster-agent-poddisruptionbudget.yaml | 18 - .../1.0.78/templates/cluster-agent-role.yaml | 18 - .../templates/cluster-agent-rolebinding.yaml | 15 - .../templates/cluster-agent-service.yaml | 18 - .../cluster-agent-serviceaccount.yaml | 12 - .../templates/logs-agent-clusterrole.yaml | 20 - .../logs-agent-clusterrolebinding.yaml | 18 - .../templates/logs-agent-configmap.yaml | 60 -- .../templates/logs-agent-daemonset.yaml | 90 --- .../templates/logs-agent-serviceaccount.yaml | 14 - .../templates/node-agent-clusterrole.yaml | 18 - .../node-agent-clusterrolebinding.yaml | 16 - .../templates/node-agent-configmap.yaml | 14 - .../templates/node-agent-daemonset.yaml | 105 --- .../templates/node-agent-podautoscaler.yaml | 35 - .../1.0.78/templates/node-agent-scc.yaml | 56 -- .../1.0.78/templates/node-agent-service.yaml | 26 - .../templates/node-agent-serviceaccount.yaml | 12 - .../templates/openshift-logging-secret.yaml | 17 - .../1.0.78/templates/pull-secret.yaml | 35 - .../1.0.78/templates/secret.yaml | 22 - .../test/clusteragent_resources_test.go | 145 ---- .../1.0.78/test/clustername_test.go | 54 -- .../values/clustercheck_ksm_custom_url.yaml | 7 - .../values/clustercheck_ksm_no_override.yaml | 5 - .../values/clustercheck_ksm_override.yaml | 26 - .../clustercheck_no_ksm_custom_url.yaml | 7 - .../clustercheck_service_port_override.yaml | 4 - .../test/values/disable-all-resource.yaml | 17 - .../test/values/http-header-injector.yaml | 8 - .../1.0.78/test/values/minimal.yaml | 7 - .../1.0.78/values.schema.json | 79 -- .../stackstate-k8s-agent/1.0.78/values.yaml | 603 ---------------- .../stackstate-k8s-agent/1.0.81/.helmignore | 26 - .../stackstate-k8s-agent/1.0.81/Chart.lock | 6 - .../stackstate-k8s-agent/1.0.81/Chart.yaml | 25 - .../stackstate-k8s-agent/1.0.81/README.md | 263 ------- .../1.0.81/README.md.gotmpl | 45 -- .../stackstate-k8s-agent/1.0.81/Releasing.md | 15 - .../stackstate-k8s-agent/1.0.81/app-readme.md | 5 - .../charts/http-header-injector/.helmignore | 25 - .../charts/http-header-injector/Chart.yaml | 15 - .../charts/http-header-injector/README.md | 56 -- .../http-header-injector/Readme.md.gotpl | 26 - .../templates/_defines.tpl | 131 ---- .../cert-hook-clusterrolbinding.yaml | 24 - .../templates/cert-hook-clusterrole.yaml | 26 - .../templates/cert-hook-config.yaml | 158 ---- .../templates/cert-hook-job-delete.yaml | 39 - .../templates/cert-hook-job-setup.yaml | 39 - .../templates/cert-hook-serviceaccount.yaml | 18 - .../templates/pull-secret.yaml | 32 - .../templates/webhook-cert-secret.yaml | 18 - .../templates/webhook-certificate.yaml | 23 - .../templates/webhook-config.yaml | 128 ---- .../templates/webhook-deployment.yaml | 61 -- .../webhook-mutatingwebhookconfiguration.yaml | 54 -- .../templates/webhook-service.yaml | 20 - .../charts/http-header-injector/values.yaml | 110 --- .../stackstate-k8s-agent/1.0.81/questions.yml | 184 ----- .../_cluster-agent-kube-state-metrics.yaml | 62 -- .../1.0.81/templates/_container-agent.yaml | 191 ----- .../templates/_container-process-agent.yaml | 160 ----- .../1.0.81/templates/_helpers.tpl | 219 ------ .../checks-agent-clusterrolebinding.yaml | 21 - .../templates/checks-agent-configmap.yaml | 17 - .../templates/checks-agent-deployment.yaml | 185 ----- .../checks-agent-poddisruptionbudget.yaml | 23 - .../checks-agent-serviceaccount.yaml | 16 - .../templates/cluster-agent-clusterrole.yaml | 152 ---- .../cluster-agent-clusterrolebinding.yaml | 19 - .../templates/cluster-agent-configmap.yaml | 31 - .../templates/cluster-agent-deployment.yaml | 169 ----- .../cluster-agent-poddisruptionbudget.yaml | 21 - .../1.0.81/templates/cluster-agent-role.yaml | 21 - .../templates/cluster-agent-rolebinding.yaml | 18 - .../templates/cluster-agent-service.yaml | 21 - .../cluster-agent-serviceaccount.yaml | 14 - .../templates/logs-agent-clusterrole.yaml | 23 - .../logs-agent-clusterrolebinding.yaml | 21 - .../templates/logs-agent-configmap.yaml | 63 -- .../templates/logs-agent-daemonset.yaml | 91 --- .../templates/logs-agent-serviceaccount.yaml | 16 - .../templates/node-agent-clusterrole.yaml | 21 - .../node-agent-clusterrolebinding.yaml | 19 - .../templates/node-agent-configmap.yaml | 17 - .../templates/node-agent-daemonset.yaml | 110 --- .../templates/node-agent-podautoscaler.yaml | 39 - .../1.0.81/templates/node-agent-scc.yaml | 60 -- .../1.0.81/templates/node-agent-service.yaml | 28 - .../templates/node-agent-serviceaccount.yaml | 14 - .../templates/openshift-logging-secret.yaml | 22 - .../1.0.81/templates/pull-secret.yaml | 39 - .../1.0.81/templates/secret.yaml | 27 - .../test/clusteragent_resources_test.go | 145 ---- .../1.0.81/test/clustername_test.go | 54 -- .../values/clustercheck_ksm_custom_url.yaml | 7 - .../values/clustercheck_ksm_no_override.yaml | 5 - .../values/clustercheck_ksm_override.yaml | 26 - .../clustercheck_no_ksm_custom_url.yaml | 7 - .../clustercheck_service_port_override.yaml | 4 - .../test/values/disable-all-resource.yaml | 17 - .../test/values/http-header-injector.yaml | 8 - .../1.0.81/test/values/minimal.yaml | 7 - .../1.0.81/values.schema.json | 78 -- .../stackstate-k8s-agent/1.0.81/values.yaml | 616 ---------------- .../stackstate-k8s-agent/1.0.82/.helmignore | 26 - .../stackstate-k8s-agent/1.0.82/Chart.lock | 6 - .../stackstate-k8s-agent/1.0.82/Chart.yaml | 25 - .../stackstate-k8s-agent/1.0.82/README.md | 263 ------- .../1.0.82/README.md.gotmpl | 45 -- .../stackstate-k8s-agent/1.0.82/Releasing.md | 15 - .../stackstate-k8s-agent/1.0.82/app-readme.md | 5 - .../charts/http-header-injector/.helmignore | 25 - .../charts/http-header-injector/Chart.yaml | 15 - .../charts/http-header-injector/README.md | 56 -- .../http-header-injector/Readme.md.gotpl | 26 - .../templates/_defines.tpl | 131 ---- .../cert-hook-clusterrolbinding.yaml | 24 - .../templates/cert-hook-clusterrole.yaml | 26 - .../templates/cert-hook-config.yaml | 158 ---- .../templates/cert-hook-job-delete.yaml | 39 - .../templates/cert-hook-job-setup.yaml | 39 - .../templates/cert-hook-serviceaccount.yaml | 18 - .../templates/pull-secret.yaml | 32 - .../templates/webhook-cert-secret.yaml | 18 - .../templates/webhook-certificate.yaml | 23 - .../templates/webhook-config.yaml | 128 ---- .../templates/webhook-deployment.yaml | 61 -- .../webhook-mutatingwebhookconfiguration.yaml | 54 -- .../templates/webhook-service.yaml | 20 - .../charts/http-header-injector/values.yaml | 110 --- .../stackstate-k8s-agent/1.0.82/questions.yml | 184 ----- .../_cluster-agent-kube-state-metrics.yaml | 62 -- .../1.0.82/templates/_container-agent.yaml | 191 ----- .../templates/_container-process-agent.yaml | 160 ----- .../1.0.82/templates/_helpers.tpl | 219 ------ .../checks-agent-clusterrolebinding.yaml | 21 - .../templates/checks-agent-configmap.yaml | 17 - .../templates/checks-agent-deployment.yaml | 185 ----- .../checks-agent-poddisruptionbudget.yaml | 23 - .../checks-agent-serviceaccount.yaml | 16 - .../templates/cluster-agent-clusterrole.yaml | 152 ---- .../cluster-agent-clusterrolebinding.yaml | 19 - .../templates/cluster-agent-configmap.yaml | 31 - .../templates/cluster-agent-deployment.yaml | 169 ----- .../cluster-agent-poddisruptionbudget.yaml | 21 - .../1.0.82/templates/cluster-agent-role.yaml | 21 - .../templates/cluster-agent-rolebinding.yaml | 18 - .../templates/cluster-agent-service.yaml | 21 - .../cluster-agent-serviceaccount.yaml | 14 - .../templates/logs-agent-clusterrole.yaml | 23 - .../logs-agent-clusterrolebinding.yaml | 21 - .../templates/logs-agent-configmap.yaml | 63 -- .../templates/logs-agent-daemonset.yaml | 91 --- .../templates/logs-agent-serviceaccount.yaml | 16 - .../templates/node-agent-clusterrole.yaml | 21 - .../node-agent-clusterrolebinding.yaml | 19 - .../templates/node-agent-configmap.yaml | 17 - .../templates/node-agent-daemonset.yaml | 110 --- .../templates/node-agent-podautoscaler.yaml | 39 - .../1.0.82/templates/node-agent-scc.yaml | 60 -- .../1.0.82/templates/node-agent-service.yaml | 28 - .../templates/node-agent-serviceaccount.yaml | 14 - .../templates/openshift-logging-secret.yaml | 22 - .../1.0.82/templates/pull-secret.yaml | 39 - .../1.0.82/templates/secret.yaml | 27 - .../test/clusteragent_resources_test.go | 145 ---- .../1.0.82/test/clustername_test.go | 54 -- .../values/clustercheck_ksm_custom_url.yaml | 7 - .../values/clustercheck_ksm_no_override.yaml | 5 - .../values/clustercheck_ksm_override.yaml | 26 - .../clustercheck_no_ksm_custom_url.yaml | 7 - .../clustercheck_service_port_override.yaml | 4 - .../test/values/disable-all-resource.yaml | 17 - .../test/values/http-header-injector.yaml | 8 - .../1.0.82/test/values/minimal.yaml | 7 - .../1.0.82/values.schema.json | 78 -- .../stackstate-k8s-agent/1.0.82/values.yaml | 616 ---------------- .../stackstate-k8s-agent/1.0.84/.helmignore | 26 - .../stackstate-k8s-agent/1.0.84/Chart.lock | 6 - .../stackstate-k8s-agent/1.0.84/Chart.yaml | 25 - .../stackstate-k8s-agent/1.0.84/README.md | 263 ------- .../1.0.84/README.md.gotmpl | 45 -- .../stackstate-k8s-agent/1.0.84/Releasing.md | 15 - .../stackstate-k8s-agent/1.0.84/app-readme.md | 5 - .../charts/http-header-injector/.helmignore | 25 - .../charts/http-header-injector/Chart.yaml | 15 - .../charts/http-header-injector/README.md | 56 -- .../http-header-injector/Readme.md.gotpl | 26 - .../templates/_defines.tpl | 131 ---- .../cert-hook-clusterrolbinding.yaml | 24 - .../templates/cert-hook-clusterrole.yaml | 26 - .../templates/cert-hook-config.yaml | 158 ---- .../templates/cert-hook-job-delete.yaml | 39 - .../templates/cert-hook-job-setup.yaml | 39 - .../templates/cert-hook-serviceaccount.yaml | 18 - .../templates/pull-secret.yaml | 32 - .../templates/webhook-cert-secret.yaml | 18 - .../templates/webhook-certificate.yaml | 23 - .../templates/webhook-config.yaml | 128 ---- .../templates/webhook-deployment.yaml | 61 -- .../webhook-mutatingwebhookconfiguration.yaml | 54 -- .../templates/webhook-service.yaml | 20 - .../charts/http-header-injector/values.yaml | 110 --- .../stackstate-k8s-agent/1.0.84/questions.yml | 184 ----- .../_cluster-agent-kube-state-metrics.yaml | 62 -- .../1.0.84/templates/_container-agent.yaml | 191 ----- .../templates/_container-process-agent.yaml | 160 ----- .../1.0.84/templates/_helpers.tpl | 219 ------ .../checks-agent-clusterrolebinding.yaml | 21 - .../templates/checks-agent-configmap.yaml | 17 - .../templates/checks-agent-deployment.yaml | 185 ----- .../checks-agent-poddisruptionbudget.yaml | 23 - .../checks-agent-serviceaccount.yaml | 16 - .../templates/cluster-agent-clusterrole.yaml | 152 ---- .../cluster-agent-clusterrolebinding.yaml | 19 - .../templates/cluster-agent-configmap.yaml | 31 - .../templates/cluster-agent-deployment.yaml | 169 ----- .../cluster-agent-poddisruptionbudget.yaml | 21 - .../1.0.84/templates/cluster-agent-role.yaml | 21 - .../templates/cluster-agent-rolebinding.yaml | 18 - .../templates/cluster-agent-service.yaml | 21 - .../cluster-agent-serviceaccount.yaml | 14 - .../templates/logs-agent-clusterrole.yaml | 23 - .../logs-agent-clusterrolebinding.yaml | 21 - .../templates/logs-agent-configmap.yaml | 63 -- .../templates/logs-agent-daemonset.yaml | 91 --- .../templates/logs-agent-serviceaccount.yaml | 16 - .../templates/node-agent-clusterrole.yaml | 21 - .../node-agent-clusterrolebinding.yaml | 19 - .../templates/node-agent-configmap.yaml | 17 - .../templates/node-agent-daemonset.yaml | 110 --- .../templates/node-agent-podautoscaler.yaml | 39 - .../1.0.84/templates/node-agent-scc.yaml | 60 -- .../1.0.84/templates/node-agent-service.yaml | 28 - .../templates/node-agent-serviceaccount.yaml | 14 - .../templates/openshift-logging-secret.yaml | 22 - .../1.0.84/templates/pull-secret.yaml | 39 - .../1.0.84/templates/secret.yaml | 27 - .../test/clusteragent_resources_test.go | 145 ---- .../1.0.84/test/clustername_test.go | 54 -- .../values/clustercheck_ksm_custom_url.yaml | 7 - .../values/clustercheck_ksm_no_override.yaml | 5 - .../values/clustercheck_ksm_override.yaml | 26 - .../clustercheck_no_ksm_custom_url.yaml | 7 - .../clustercheck_service_port_override.yaml | 4 - .../test/values/disable-all-resource.yaml | 17 - .../test/values/http-header-injector.yaml | 8 - .../1.0.84/test/values/minimal.yaml | 7 - .../1.0.84/values.schema.json | 78 -- .../stackstate-k8s-agent/1.0.84/values.yaml | 616 ---------------- .../stackstate-k8s-agent/1.0.86/.helmignore | 26 - .../stackstate-k8s-agent/1.0.86/Chart.lock | 6 - .../stackstate-k8s-agent/1.0.86/Chart.yaml | 25 - .../stackstate-k8s-agent/1.0.86/README.md | 263 ------- .../1.0.86/README.md.gotmpl | 45 -- .../stackstate-k8s-agent/1.0.86/Releasing.md | 15 - .../stackstate-k8s-agent/1.0.86/app-readme.md | 5 - .../charts/http-header-injector/.helmignore | 25 - .../charts/http-header-injector/Chart.yaml | 15 - .../charts/http-header-injector/README.md | 56 -- .../http-header-injector/Readme.md.gotpl | 26 - .../templates/_defines.tpl | 131 ---- .../cert-hook-clusterrolbinding.yaml | 24 - .../templates/cert-hook-clusterrole.yaml | 26 - .../templates/cert-hook-config.yaml | 158 ---- .../templates/cert-hook-job-delete.yaml | 39 - .../templates/cert-hook-job-setup.yaml | 39 - .../templates/cert-hook-serviceaccount.yaml | 18 - .../templates/pull-secret.yaml | 32 - .../templates/webhook-cert-secret.yaml | 18 - .../templates/webhook-certificate.yaml | 23 - .../templates/webhook-config.yaml | 128 ---- .../templates/webhook-deployment.yaml | 61 -- .../webhook-mutatingwebhookconfiguration.yaml | 54 -- .../templates/webhook-service.yaml | 20 - .../charts/http-header-injector/values.yaml | 110 --- .../stackstate-k8s-agent/1.0.86/questions.yml | 184 ----- .../_cluster-agent-kube-state-metrics.yaml | 62 -- .../1.0.86/templates/_container-agent.yaml | 191 ----- .../templates/_container-process-agent.yaml | 160 ----- .../1.0.86/templates/_helpers.tpl | 219 ------ .../checks-agent-clusterrolebinding.yaml | 21 - .../templates/checks-agent-configmap.yaml | 17 - .../templates/checks-agent-deployment.yaml | 185 ----- .../checks-agent-poddisruptionbudget.yaml | 23 - .../checks-agent-serviceaccount.yaml | 16 - .../templates/cluster-agent-clusterrole.yaml | 152 ---- .../cluster-agent-clusterrolebinding.yaml | 19 - .../templates/cluster-agent-configmap.yaml | 31 - .../templates/cluster-agent-deployment.yaml | 169 ----- .../cluster-agent-poddisruptionbudget.yaml | 21 - .../1.0.86/templates/cluster-agent-role.yaml | 21 - .../templates/cluster-agent-rolebinding.yaml | 18 - .../templates/cluster-agent-service.yaml | 21 - .../cluster-agent-serviceaccount.yaml | 14 - .../templates/logs-agent-clusterrole.yaml | 23 - .../logs-agent-clusterrolebinding.yaml | 21 - .../templates/logs-agent-configmap.yaml | 63 -- .../templates/logs-agent-daemonset.yaml | 91 --- .../templates/logs-agent-serviceaccount.yaml | 16 - .../templates/node-agent-clusterrole.yaml | 21 - .../node-agent-clusterrolebinding.yaml | 19 - .../templates/node-agent-configmap.yaml | 17 - .../templates/node-agent-daemonset.yaml | 110 --- .../templates/node-agent-podautoscaler.yaml | 39 - .../1.0.86/templates/node-agent-scc.yaml | 60 -- .../1.0.86/templates/node-agent-service.yaml | 28 - .../templates/node-agent-serviceaccount.yaml | 14 - .../templates/openshift-logging-secret.yaml | 22 - .../1.0.86/templates/pull-secret.yaml | 39 - .../1.0.86/templates/secret.yaml | 27 - .../test/clusteragent_resources_test.go | 145 ---- .../1.0.86/test/clustername_test.go | 54 -- .../values/clustercheck_ksm_custom_url.yaml | 7 - .../values/clustercheck_ksm_no_override.yaml | 5 - .../values/clustercheck_ksm_override.yaml | 26 - .../clustercheck_no_ksm_custom_url.yaml | 7 - .../clustercheck_service_port_override.yaml | 4 - .../test/values/disable-all-resource.yaml | 17 - .../test/values/http-header-injector.yaml | 8 - .../1.0.86/test/values/minimal.yaml | 7 - .../1.0.86/values.schema.json | 78 -- .../stackstate-k8s-agent/1.0.86/values.yaml | 616 ---------------- .../stackstate-k8s-agent/1.0.87/.helmignore | 26 - .../stackstate-k8s-agent/1.0.87/Chart.lock | 6 - .../stackstate-k8s-agent/1.0.87/Chart.yaml | 25 - .../stackstate-k8s-agent/1.0.87/README.md | 263 ------- .../1.0.87/README.md.gotmpl | 45 -- .../stackstate-k8s-agent/1.0.87/Releasing.md | 15 - .../stackstate-k8s-agent/1.0.87/app-readme.md | 5 - .../charts/http-header-injector/.helmignore | 25 - .../charts/http-header-injector/Chart.yaml | 15 - .../charts/http-header-injector/README.md | 56 -- .../http-header-injector/Readme.md.gotpl | 26 - .../templates/_defines.tpl | 131 ---- .../cert-hook-clusterrolbinding.yaml | 24 - .../templates/cert-hook-clusterrole.yaml | 26 - .../templates/cert-hook-config.yaml | 158 ---- .../templates/cert-hook-job-delete.yaml | 39 - .../templates/cert-hook-job-setup.yaml | 39 - .../templates/cert-hook-serviceaccount.yaml | 18 - .../templates/pull-secret.yaml | 32 - .../templates/webhook-cert-secret.yaml | 18 - .../templates/webhook-certificate.yaml | 23 - .../templates/webhook-config.yaml | 128 ---- .../templates/webhook-deployment.yaml | 61 -- .../webhook-mutatingwebhookconfiguration.yaml | 54 -- .../templates/webhook-service.yaml | 20 - .../charts/http-header-injector/values.yaml | 110 --- .../stackstate-k8s-agent/1.0.87/questions.yml | 184 ----- .../_cluster-agent-kube-state-metrics.yaml | 62 -- .../1.0.87/templates/_container-agent.yaml | 191 ----- .../templates/_container-process-agent.yaml | 160 ----- .../1.0.87/templates/_helpers.tpl | 219 ------ .../checks-agent-clusterrolebinding.yaml | 21 - .../templates/checks-agent-configmap.yaml | 17 - .../templates/checks-agent-deployment.yaml | 185 ----- .../checks-agent-poddisruptionbudget.yaml | 23 - .../checks-agent-serviceaccount.yaml | 16 - .../templates/cluster-agent-clusterrole.yaml | 152 ---- .../cluster-agent-clusterrolebinding.yaml | 19 - .../templates/cluster-agent-configmap.yaml | 31 - .../templates/cluster-agent-deployment.yaml | 169 ----- .../cluster-agent-poddisruptionbudget.yaml | 21 - .../1.0.87/templates/cluster-agent-role.yaml | 21 - .../templates/cluster-agent-rolebinding.yaml | 18 - .../templates/cluster-agent-service.yaml | 21 - .../cluster-agent-serviceaccount.yaml | 14 - .../templates/logs-agent-clusterrole.yaml | 23 - .../logs-agent-clusterrolebinding.yaml | 21 - .../templates/logs-agent-configmap.yaml | 63 -- .../templates/logs-agent-daemonset.yaml | 91 --- .../templates/logs-agent-serviceaccount.yaml | 16 - .../templates/node-agent-clusterrole.yaml | 21 - .../node-agent-clusterrolebinding.yaml | 19 - .../templates/node-agent-configmap.yaml | 17 - .../templates/node-agent-daemonset.yaml | 110 --- .../templates/node-agent-podautoscaler.yaml | 39 - .../1.0.87/templates/node-agent-scc.yaml | 60 -- .../1.0.87/templates/node-agent-service.yaml | 28 - .../templates/node-agent-serviceaccount.yaml | 14 - .../templates/openshift-logging-secret.yaml | 22 - .../1.0.87/templates/pull-secret.yaml | 39 - .../1.0.87/templates/secret.yaml | 27 - .../test/clusteragent_resources_test.go | 145 ---- .../1.0.87/test/clustername_test.go | 54 -- .../values/clustercheck_ksm_custom_url.yaml | 7 - .../values/clustercheck_ksm_no_override.yaml | 5 - .../values/clustercheck_ksm_override.yaml | 26 - .../clustercheck_no_ksm_custom_url.yaml | 7 - .../clustercheck_service_port_override.yaml | 4 - .../test/values/disable-all-resource.yaml | 17 - .../test/values/http-header-injector.yaml | 8 - .../1.0.87/test/values/minimal.yaml | 7 - .../1.0.87/values.schema.json | 78 -- .../stackstate-k8s-agent/1.0.87/values.yaml | 616 ---------------- .../stackstate-k8s-agent/1.0.88/.helmignore | 26 - .../stackstate-k8s-agent/1.0.88/Chart.lock | 6 - .../stackstate-k8s-agent/1.0.88/Chart.yaml | 25 - .../stackstate-k8s-agent/1.0.88/README.md | 263 ------- .../1.0.88/README.md.gotmpl | 45 -- .../stackstate-k8s-agent/1.0.88/Releasing.md | 15 - .../stackstate-k8s-agent/1.0.88/app-readme.md | 5 - .../charts/http-header-injector/.helmignore | 25 - .../charts/http-header-injector/Chart.yaml | 15 - .../charts/http-header-injector/README.md | 56 -- .../http-header-injector/Readme.md.gotpl | 26 - .../templates/_defines.tpl | 131 ---- .../cert-hook-clusterrolbinding.yaml | 24 - .../templates/cert-hook-clusterrole.yaml | 26 - .../templates/cert-hook-config.yaml | 158 ---- .../templates/cert-hook-job-delete.yaml | 39 - .../templates/cert-hook-job-setup.yaml | 39 - .../templates/cert-hook-serviceaccount.yaml | 18 - .../templates/pull-secret.yaml | 32 - .../templates/webhook-cert-secret.yaml | 18 - .../templates/webhook-certificate.yaml | 23 - .../templates/webhook-config.yaml | 128 ---- .../templates/webhook-deployment.yaml | 61 -- .../webhook-mutatingwebhookconfiguration.yaml | 54 -- .../templates/webhook-service.yaml | 20 - .../charts/http-header-injector/values.yaml | 110 --- .../stackstate-k8s-agent/1.0.88/questions.yml | 184 ----- .../_cluster-agent-kube-state-metrics.yaml | 62 -- .../1.0.88/templates/_container-agent.yaml | 191 ----- .../templates/_container-process-agent.yaml | 160 ----- .../1.0.88/templates/_helpers.tpl | 219 ------ .../checks-agent-clusterrolebinding.yaml | 21 - .../templates/checks-agent-configmap.yaml | 17 - .../templates/checks-agent-deployment.yaml | 185 ----- .../checks-agent-poddisruptionbudget.yaml | 23 - .../checks-agent-serviceaccount.yaml | 16 - .../templates/cluster-agent-clusterrole.yaml | 152 ---- .../cluster-agent-clusterrolebinding.yaml | 19 - .../templates/cluster-agent-configmap.yaml | 31 - .../templates/cluster-agent-deployment.yaml | 169 ----- .../cluster-agent-poddisruptionbudget.yaml | 21 - .../1.0.88/templates/cluster-agent-role.yaml | 21 - .../templates/cluster-agent-rolebinding.yaml | 18 - .../templates/cluster-agent-service.yaml | 21 - .../cluster-agent-serviceaccount.yaml | 14 - .../templates/logs-agent-clusterrole.yaml | 23 - .../logs-agent-clusterrolebinding.yaml | 21 - .../templates/logs-agent-configmap.yaml | 63 -- .../templates/logs-agent-daemonset.yaml | 91 --- .../templates/logs-agent-serviceaccount.yaml | 16 - .../templates/node-agent-clusterrole.yaml | 21 - .../node-agent-clusterrolebinding.yaml | 19 - .../templates/node-agent-configmap.yaml | 17 - .../templates/node-agent-daemonset.yaml | 110 --- .../templates/node-agent-podautoscaler.yaml | 39 - .../1.0.88/templates/node-agent-scc.yaml | 60 -- .../1.0.88/templates/node-agent-service.yaml | 28 - .../templates/node-agent-serviceaccount.yaml | 14 - .../templates/openshift-logging-secret.yaml | 22 - .../1.0.88/templates/pull-secret.yaml | 39 - .../1.0.88/templates/secret.yaml | 27 - .../test/clusteragent_resources_test.go | 145 ---- .../1.0.88/test/clustername_test.go | 54 -- .../values/clustercheck_ksm_custom_url.yaml | 7 - .../values/clustercheck_ksm_no_override.yaml | 5 - .../values/clustercheck_ksm_override.yaml | 26 - .../clustercheck_no_ksm_custom_url.yaml | 7 - .../clustercheck_service_port_override.yaml | 4 - .../test/values/disable-all-resource.yaml | 17 - .../test/values/http-header-injector.yaml | 8 - .../1.0.88/test/values/minimal.yaml | 7 - .../1.0.88/values.schema.json | 78 -- .../stackstate-k8s-agent/1.0.88/values.yaml | 616 ---------------- .../stackstate-k8s-agent/1.0.89/.helmignore | 26 - .../stackstate-k8s-agent/1.0.89/Chart.lock | 6 - .../stackstate-k8s-agent/1.0.89/Chart.yaml | 26 - .../stackstate-k8s-agent/1.0.89/README.md | 263 ------- .../1.0.89/README.md.gotmpl | 45 -- .../stackstate-k8s-agent/1.0.89/Releasing.md | 15 - .../stackstate-k8s-agent/1.0.89/app-readme.md | 5 - .../charts/http-header-injector/.helmignore | 25 - .../charts/http-header-injector/Chart.yaml | 15 - .../charts/http-header-injector/README.md | 56 -- .../http-header-injector/Readme.md.gotpl | 26 - .../templates/_defines.tpl | 131 ---- .../cert-hook-clusterrolbinding.yaml | 24 - .../templates/cert-hook-clusterrole.yaml | 26 - .../templates/cert-hook-config.yaml | 158 ---- .../templates/cert-hook-job-delete.yaml | 39 - .../templates/cert-hook-job-setup.yaml | 39 - .../templates/cert-hook-serviceaccount.yaml | 18 - .../templates/pull-secret.yaml | 32 - .../templates/webhook-cert-secret.yaml | 18 - .../templates/webhook-certificate.yaml | 23 - .../templates/webhook-config.yaml | 128 ---- .../templates/webhook-deployment.yaml | 61 -- .../webhook-mutatingwebhookconfiguration.yaml | 54 -- .../templates/webhook-service.yaml | 20 - .../charts/http-header-injector/values.yaml | 110 --- .../stackstate-k8s-agent/1.0.89/questions.yml | 184 ----- .../_cluster-agent-kube-state-metrics.yaml | 62 -- .../1.0.89/templates/_container-agent.yaml | 191 ----- .../templates/_container-process-agent.yaml | 160 ----- .../1.0.89/templates/_helpers.tpl | 219 ------ .../checks-agent-clusterrolebinding.yaml | 21 - .../templates/checks-agent-configmap.yaml | 17 - .../templates/checks-agent-deployment.yaml | 185 ----- .../checks-agent-poddisruptionbudget.yaml | 23 - .../checks-agent-serviceaccount.yaml | 16 - .../templates/cluster-agent-clusterrole.yaml | 152 ---- .../cluster-agent-clusterrolebinding.yaml | 19 - .../templates/cluster-agent-configmap.yaml | 31 - .../templates/cluster-agent-deployment.yaml | 169 ----- .../cluster-agent-poddisruptionbudget.yaml | 21 - .../1.0.89/templates/cluster-agent-role.yaml | 21 - .../templates/cluster-agent-rolebinding.yaml | 18 - .../templates/cluster-agent-service.yaml | 21 - .../cluster-agent-serviceaccount.yaml | 14 - .../templates/logs-agent-clusterrole.yaml | 23 - .../logs-agent-clusterrolebinding.yaml | 21 - .../templates/logs-agent-configmap.yaml | 63 -- .../templates/logs-agent-daemonset.yaml | 91 --- .../templates/logs-agent-serviceaccount.yaml | 16 - .../templates/node-agent-clusterrole.yaml | 21 - .../node-agent-clusterrolebinding.yaml | 19 - .../templates/node-agent-configmap.yaml | 17 - .../templates/node-agent-daemonset.yaml | 110 --- .../templates/node-agent-podautoscaler.yaml | 39 - .../1.0.89/templates/node-agent-scc.yaml | 60 -- .../1.0.89/templates/node-agent-service.yaml | 28 - .../templates/node-agent-serviceaccount.yaml | 14 - .../templates/openshift-logging-secret.yaml | 22 - .../1.0.89/templates/pull-secret.yaml | 39 - .../1.0.89/templates/secret.yaml | 27 - .../test/clusteragent_resources_test.go | 145 ---- .../1.0.89/test/clustername_test.go | 54 -- .../values/clustercheck_ksm_custom_url.yaml | 7 - .../values/clustercheck_ksm_no_override.yaml | 5 - .../values/clustercheck_ksm_override.yaml | 26 - .../clustercheck_no_ksm_custom_url.yaml | 7 - .../clustercheck_service_port_override.yaml | 4 - .../test/values/disable-all-resource.yaml | 17 - .../test/values/http-header-injector.yaml | 8 - .../1.0.89/test/values/minimal.yaml | 7 - .../1.0.89/values.schema.json | 78 -- .../stackstate-k8s-agent/1.0.89/values.yaml | 616 ---------------- .../stackstate-k8s-agent/1.0.90/.helmignore | 26 - .../stackstate-k8s-agent/1.0.90/Chart.lock | 6 - .../stackstate-k8s-agent/1.0.90/Chart.yaml | 26 - .../stackstate-k8s-agent/1.0.90/README.md | 263 ------- .../1.0.90/README.md.gotmpl | 45 -- .../stackstate-k8s-agent/1.0.90/Releasing.md | 15 - .../stackstate-k8s-agent/1.0.90/app-readme.md | 5 - .../charts/http-header-injector/.helmignore | 25 - .../charts/http-header-injector/Chart.yaml | 15 - .../charts/http-header-injector/README.md | 56 -- .../http-header-injector/Readme.md.gotpl | 26 - .../templates/_defines.tpl | 131 ---- .../cert-hook-clusterrolbinding.yaml | 24 - .../templates/cert-hook-clusterrole.yaml | 26 - .../templates/cert-hook-config.yaml | 158 ---- .../templates/cert-hook-job-delete.yaml | 39 - .../templates/cert-hook-job-setup.yaml | 39 - .../templates/cert-hook-serviceaccount.yaml | 18 - .../templates/pull-secret.yaml | 32 - .../templates/webhook-cert-secret.yaml | 18 - .../templates/webhook-certificate.yaml | 23 - .../templates/webhook-config.yaml | 128 ---- .../templates/webhook-deployment.yaml | 61 -- .../webhook-mutatingwebhookconfiguration.yaml | 54 -- .../templates/webhook-service.yaml | 20 - .../charts/http-header-injector/values.yaml | 110 --- .../stackstate-k8s-agent/1.0.90/questions.yml | 184 ----- .../_cluster-agent-kube-state-metrics.yaml | 62 -- .../1.0.90/templates/_container-agent.yaml | 191 ----- .../templates/_container-process-agent.yaml | 160 ----- .../1.0.90/templates/_helpers.tpl | 219 ------ .../checks-agent-clusterrolebinding.yaml | 21 - .../templates/checks-agent-configmap.yaml | 17 - .../templates/checks-agent-deployment.yaml | 185 ----- .../checks-agent-poddisruptionbudget.yaml | 23 - .../checks-agent-serviceaccount.yaml | 16 - .../templates/cluster-agent-clusterrole.yaml | 152 ---- .../cluster-agent-clusterrolebinding.yaml | 19 - .../templates/cluster-agent-configmap.yaml | 31 - .../templates/cluster-agent-deployment.yaml | 169 ----- .../cluster-agent-poddisruptionbudget.yaml | 21 - .../1.0.90/templates/cluster-agent-role.yaml | 21 - .../templates/cluster-agent-rolebinding.yaml | 18 - .../templates/cluster-agent-service.yaml | 21 - .../cluster-agent-serviceaccount.yaml | 14 - .../templates/logs-agent-clusterrole.yaml | 23 - .../logs-agent-clusterrolebinding.yaml | 21 - .../templates/logs-agent-configmap.yaml | 63 -- .../templates/logs-agent-daemonset.yaml | 91 --- .../templates/logs-agent-serviceaccount.yaml | 16 - .../templates/node-agent-clusterrole.yaml | 21 - .../node-agent-clusterrolebinding.yaml | 19 - .../templates/node-agent-configmap.yaml | 17 - .../templates/node-agent-daemonset.yaml | 110 --- .../templates/node-agent-podautoscaler.yaml | 39 - .../1.0.90/templates/node-agent-scc.yaml | 60 -- .../1.0.90/templates/node-agent-service.yaml | 28 - .../templates/node-agent-serviceaccount.yaml | 14 - .../templates/openshift-logging-secret.yaml | 22 - .../1.0.90/templates/pull-secret.yaml | 39 - .../1.0.90/templates/secret.yaml | 27 - .../test/clusteragent_resources_test.go | 145 ---- .../1.0.90/test/clustername_test.go | 54 -- .../values/clustercheck_ksm_custom_url.yaml | 7 - .../values/clustercheck_ksm_no_override.yaml | 5 - .../values/clustercheck_ksm_override.yaml | 26 - .../clustercheck_no_ksm_custom_url.yaml | 7 - .../clustercheck_service_port_override.yaml | 4 - .../test/values/disable-all-resource.yaml | 17 - .../test/values/http-header-injector.yaml | 8 - .../1.0.90/test/values/minimal.yaml | 7 - .../1.0.90/values.schema.json | 78 -- .../stackstate-k8s-agent/1.0.90/values.yaml | 616 ---------------- .../stackstate-k8s-agent/1.0.93/.helmignore | 26 - .../stackstate-k8s-agent/1.0.93/Chart.lock | 6 - .../stackstate-k8s-agent/1.0.93/Chart.yaml | 26 - .../stackstate-k8s-agent/1.0.93/README.md | 263 ------- .../1.0.93/README.md.gotmpl | 45 -- .../stackstate-k8s-agent/1.0.93/Releasing.md | 15 - .../stackstate-k8s-agent/1.0.93/app-readme.md | 5 - .../charts/http-header-injector/.helmignore | 25 - .../charts/http-header-injector/Chart.yaml | 15 - .../charts/http-header-injector/README.md | 56 -- .../http-header-injector/Readme.md.gotpl | 26 - .../templates/_defines.tpl | 131 ---- .../cert-hook-clusterrolbinding.yaml | 24 - .../templates/cert-hook-clusterrole.yaml | 26 - .../templates/cert-hook-config.yaml | 158 ---- .../templates/cert-hook-job-delete.yaml | 39 - .../templates/cert-hook-job-setup.yaml | 39 - .../templates/cert-hook-serviceaccount.yaml | 18 - .../templates/pull-secret.yaml | 32 - .../templates/webhook-cert-secret.yaml | 18 - .../templates/webhook-certificate.yaml | 23 - .../templates/webhook-config.yaml | 128 ---- .../templates/webhook-deployment.yaml | 61 -- .../webhook-mutatingwebhookconfiguration.yaml | 54 -- .../templates/webhook-service.yaml | 20 - .../charts/http-header-injector/values.yaml | 110 --- .../stackstate-k8s-agent/1.0.93/questions.yml | 184 ----- .../_cluster-agent-kube-state-metrics.yaml | 62 -- .../1.0.93/templates/_container-agent.yaml | 191 ----- .../templates/_container-process-agent.yaml | 160 ----- .../1.0.93/templates/_helpers.tpl | 219 ------ .../checks-agent-clusterrolebinding.yaml | 21 - .../templates/checks-agent-configmap.yaml | 17 - .../templates/checks-agent-deployment.yaml | 185 ----- .../checks-agent-poddisruptionbudget.yaml | 23 - .../checks-agent-serviceaccount.yaml | 16 - .../templates/cluster-agent-clusterrole.yaml | 152 ---- .../cluster-agent-clusterrolebinding.yaml | 19 - .../templates/cluster-agent-configmap.yaml | 31 - .../templates/cluster-agent-deployment.yaml | 169 ----- .../cluster-agent-poddisruptionbudget.yaml | 21 - .../1.0.93/templates/cluster-agent-role.yaml | 21 - .../templates/cluster-agent-rolebinding.yaml | 18 - .../templates/cluster-agent-service.yaml | 21 - .../cluster-agent-serviceaccount.yaml | 14 - .../templates/logs-agent-clusterrole.yaml | 23 - .../logs-agent-clusterrolebinding.yaml | 21 - .../templates/logs-agent-configmap.yaml | 63 -- .../templates/logs-agent-daemonset.yaml | 91 --- .../templates/logs-agent-serviceaccount.yaml | 16 - .../templates/node-agent-clusterrole.yaml | 21 - .../node-agent-clusterrolebinding.yaml | 19 - .../templates/node-agent-configmap.yaml | 17 - .../templates/node-agent-daemonset.yaml | 110 --- .../templates/node-agent-podautoscaler.yaml | 39 - .../1.0.93/templates/node-agent-scc.yaml | 60 -- .../1.0.93/templates/node-agent-service.yaml | 28 - .../templates/node-agent-serviceaccount.yaml | 14 - .../templates/openshift-logging-secret.yaml | 22 - .../1.0.93/templates/pull-secret.yaml | 39 - .../1.0.93/templates/secret.yaml | 27 - .../test/clusteragent_resources_test.go | 145 ---- .../1.0.93/test/clustername_test.go | 54 -- .../values/clustercheck_ksm_custom_url.yaml | 7 - .../values/clustercheck_ksm_no_override.yaml | 5 - .../values/clustercheck_ksm_override.yaml | 26 - .../clustercheck_no_ksm_custom_url.yaml | 7 - .../clustercheck_service_port_override.yaml | 4 - .../test/values/disable-all-resource.yaml | 17 - .../test/values/http-header-injector.yaml | 8 - .../1.0.93/test/values/minimal.yaml | 7 - .../1.0.93/values.schema.json | 78 -- .../stackstate-k8s-agent/1.0.93/values.yaml | 616 ---------------- .../stackstate-k8s-agent/1.0.95/.helmignore | 26 - .../stackstate-k8s-agent/1.0.95/Chart.lock | 6 - .../stackstate-k8s-agent/1.0.95/Chart.yaml | 26 - .../stackstate-k8s-agent/1.0.95/README.md | 263 ------- .../1.0.95/README.md.gotmpl | 45 -- .../stackstate-k8s-agent/1.0.95/Releasing.md | 15 - .../stackstate-k8s-agent/1.0.95/app-readme.md | 5 - .../charts/http-header-injector/.helmignore | 25 - .../charts/http-header-injector/Chart.yaml | 15 - .../charts/http-header-injector/README.md | 56 -- .../http-header-injector/Readme.md.gotpl | 26 - .../templates/_defines.tpl | 131 ---- .../cert-hook-clusterrolbinding.yaml | 24 - .../templates/cert-hook-clusterrole.yaml | 26 - .../templates/cert-hook-config.yaml | 158 ---- .../templates/cert-hook-job-delete.yaml | 39 - .../templates/cert-hook-job-setup.yaml | 39 - .../templates/cert-hook-serviceaccount.yaml | 18 - .../templates/pull-secret.yaml | 32 - .../templates/webhook-cert-secret.yaml | 18 - .../templates/webhook-certificate.yaml | 23 - .../templates/webhook-config.yaml | 128 ---- .../templates/webhook-deployment.yaml | 61 -- .../webhook-mutatingwebhookconfiguration.yaml | 54 -- .../templates/webhook-service.yaml | 20 - .../charts/http-header-injector/values.yaml | 110 --- .../stackstate-k8s-agent/1.0.95/questions.yml | 184 ----- .../_cluster-agent-kube-state-metrics.yaml | 62 -- .../1.0.95/templates/_container-agent.yaml | 191 ----- .../templates/_container-process-agent.yaml | 160 ----- .../1.0.95/templates/_helpers.tpl | 219 ------ .../checks-agent-clusterrolebinding.yaml | 21 - .../templates/checks-agent-configmap.yaml | 17 - .../templates/checks-agent-deployment.yaml | 185 ----- .../checks-agent-poddisruptionbudget.yaml | 23 - .../checks-agent-serviceaccount.yaml | 16 - .../templates/cluster-agent-clusterrole.yaml | 152 ---- .../cluster-agent-clusterrolebinding.yaml | 19 - .../templates/cluster-agent-configmap.yaml | 31 - .../templates/cluster-agent-deployment.yaml | 169 ----- .../cluster-agent-poddisruptionbudget.yaml | 21 - .../1.0.95/templates/cluster-agent-role.yaml | 21 - .../templates/cluster-agent-rolebinding.yaml | 18 - .../templates/cluster-agent-service.yaml | 21 - .../cluster-agent-serviceaccount.yaml | 14 - .../templates/logs-agent-clusterrole.yaml | 23 - .../logs-agent-clusterrolebinding.yaml | 21 - .../templates/logs-agent-configmap.yaml | 63 -- .../templates/logs-agent-daemonset.yaml | 91 --- .../templates/logs-agent-serviceaccount.yaml | 16 - .../templates/node-agent-clusterrole.yaml | 21 - .../node-agent-clusterrolebinding.yaml | 19 - .../templates/node-agent-configmap.yaml | 17 - .../templates/node-agent-daemonset.yaml | 110 --- .../templates/node-agent-podautoscaler.yaml | 39 - .../1.0.95/templates/node-agent-scc.yaml | 60 -- .../1.0.95/templates/node-agent-service.yaml | 28 - .../templates/node-agent-serviceaccount.yaml | 14 - .../templates/openshift-logging-secret.yaml | 22 - .../1.0.95/templates/pull-secret.yaml | 39 - .../1.0.95/templates/secret.yaml | 27 - .../test/clusteragent_resources_test.go | 145 ---- .../1.0.95/test/clustername_test.go | 54 -- .../values/clustercheck_ksm_custom_url.yaml | 7 - .../values/clustercheck_ksm_no_override.yaml | 5 - .../values/clustercheck_ksm_override.yaml | 26 - .../clustercheck_no_ksm_custom_url.yaml | 7 - .../clustercheck_service_port_override.yaml | 4 - .../test/values/disable-all-resource.yaml | 17 - .../test/values/http-header-injector.yaml | 8 - .../1.0.95/test/values/minimal.yaml | 7 - .../1.0.95/values.schema.json | 78 -- .../stackstate-k8s-agent/1.0.95/values.yaml | 616 ---------------- .../stackstate-k8s-agent/1.0.96/.helmignore | 26 - .../stackstate-k8s-agent/1.0.96/Chart.lock | 6 - .../stackstate-k8s-agent/1.0.96/Chart.yaml | 26 - .../stackstate-k8s-agent/1.0.96/README.md | 263 ------- .../1.0.96/README.md.gotmpl | 45 -- .../stackstate-k8s-agent/1.0.96/Releasing.md | 15 - .../stackstate-k8s-agent/1.0.96/app-readme.md | 5 - .../charts/http-header-injector/.helmignore | 25 - .../charts/http-header-injector/Chart.yaml | 15 - .../charts/http-header-injector/README.md | 56 -- .../http-header-injector/Readme.md.gotpl | 26 - .../templates/_defines.tpl | 131 ---- .../cert-hook-clusterrolbinding.yaml | 24 - .../templates/cert-hook-clusterrole.yaml | 26 - .../templates/cert-hook-config.yaml | 158 ---- .../templates/cert-hook-job-delete.yaml | 39 - .../templates/cert-hook-job-setup.yaml | 39 - .../templates/cert-hook-serviceaccount.yaml | 18 - .../templates/pull-secret.yaml | 32 - .../templates/webhook-cert-secret.yaml | 18 - .../templates/webhook-certificate.yaml | 23 - .../templates/webhook-config.yaml | 128 ---- .../templates/webhook-deployment.yaml | 61 -- .../webhook-mutatingwebhookconfiguration.yaml | 54 -- .../templates/webhook-service.yaml | 20 - .../charts/http-header-injector/values.yaml | 110 --- .../stackstate-k8s-agent/1.0.96/questions.yml | 184 ----- .../_cluster-agent-kube-state-metrics.yaml | 62 -- .../1.0.96/templates/_container-agent.yaml | 191 ----- .../templates/_container-process-agent.yaml | 160 ----- .../1.0.96/templates/_helpers.tpl | 219 ------ .../checks-agent-clusterrolebinding.yaml | 21 - .../templates/checks-agent-configmap.yaml | 17 - .../templates/checks-agent-deployment.yaml | 185 ----- .../checks-agent-poddisruptionbudget.yaml | 23 - .../checks-agent-serviceaccount.yaml | 16 - .../templates/cluster-agent-clusterrole.yaml | 152 ---- .../cluster-agent-clusterrolebinding.yaml | 19 - .../templates/cluster-agent-configmap.yaml | 31 - .../templates/cluster-agent-deployment.yaml | 169 ----- .../cluster-agent-poddisruptionbudget.yaml | 21 - .../1.0.96/templates/cluster-agent-role.yaml | 21 - .../templates/cluster-agent-rolebinding.yaml | 18 - .../templates/cluster-agent-service.yaml | 21 - .../cluster-agent-serviceaccount.yaml | 14 - .../templates/logs-agent-clusterrole.yaml | 23 - .../logs-agent-clusterrolebinding.yaml | 21 - .../templates/logs-agent-configmap.yaml | 63 -- .../templates/logs-agent-daemonset.yaml | 91 --- .../templates/logs-agent-serviceaccount.yaml | 16 - .../templates/node-agent-clusterrole.yaml | 21 - .../node-agent-clusterrolebinding.yaml | 19 - .../templates/node-agent-configmap.yaml | 17 - .../templates/node-agent-daemonset.yaml | 110 --- .../templates/node-agent-podautoscaler.yaml | 39 - .../1.0.96/templates/node-agent-scc.yaml | 60 -- .../1.0.96/templates/node-agent-service.yaml | 28 - .../templates/node-agent-serviceaccount.yaml | 14 - .../templates/openshift-logging-secret.yaml | 22 - .../1.0.96/templates/pull-secret.yaml | 39 - .../1.0.96/templates/secret.yaml | 27 - .../test/clusteragent_resources_test.go | 145 ---- .../1.0.96/test/clustername_test.go | 54 -- .../values/clustercheck_ksm_custom_url.yaml | 7 - .../values/clustercheck_ksm_no_override.yaml | 5 - .../values/clustercheck_ksm_override.yaml | 26 - .../clustercheck_no_ksm_custom_url.yaml | 7 - .../clustercheck_service_port_override.yaml | 4 - .../test/values/disable-all-resource.yaml | 17 - .../test/values/http-header-injector.yaml | 8 - .../1.0.96/test/values/minimal.yaml | 7 - .../1.0.96/values.schema.json | 78 -- .../stackstate-k8s-agent/1.0.96/values.yaml | 616 ---------------- .../stackstate-k8s-agent/1.0.98/.helmignore | 26 - .../stackstate-k8s-agent/1.0.98/Chart.lock | 6 - .../stackstate-k8s-agent/1.0.98/Chart.yaml | 26 - .../stackstate-k8s-agent/1.0.98/README.md | 263 ------- .../1.0.98/README.md.gotmpl | 45 -- .../stackstate-k8s-agent/1.0.98/Releasing.md | 15 - .../stackstate-k8s-agent/1.0.98/app-readme.md | 5 - .../charts/http-header-injector/.helmignore | 25 - .../charts/http-header-injector/Chart.yaml | 15 - .../charts/http-header-injector/README.md | 56 -- .../http-header-injector/Readme.md.gotpl | 26 - .../templates/_defines.tpl | 131 ---- .../cert-hook-clusterrolbinding.yaml | 24 - .../templates/cert-hook-clusterrole.yaml | 26 - .../templates/cert-hook-config.yaml | 158 ---- .../templates/cert-hook-job-delete.yaml | 39 - .../templates/cert-hook-job-setup.yaml | 39 - .../templates/cert-hook-serviceaccount.yaml | 18 - .../templates/pull-secret.yaml | 32 - .../templates/webhook-cert-secret.yaml | 18 - .../templates/webhook-certificate.yaml | 23 - .../templates/webhook-config.yaml | 128 ---- .../templates/webhook-deployment.yaml | 61 -- .../webhook-mutatingwebhookconfiguration.yaml | 54 -- .../templates/webhook-service.yaml | 20 - .../charts/http-header-injector/values.yaml | 110 --- .../stackstate-k8s-agent/1.0.98/questions.yml | 184 ----- .../_cluster-agent-kube-state-metrics.yaml | 62 -- .../1.0.98/templates/_container-agent.yaml | 191 ----- .../templates/_container-process-agent.yaml | 160 ----- .../1.0.98/templates/_helpers.tpl | 219 ------ .../checks-agent-clusterrolebinding.yaml | 21 - .../templates/checks-agent-configmap.yaml | 17 - .../templates/checks-agent-deployment.yaml | 185 ----- .../checks-agent-poddisruptionbudget.yaml | 23 - .../checks-agent-serviceaccount.yaml | 16 - .../templates/cluster-agent-clusterrole.yaml | 152 ---- .../cluster-agent-clusterrolebinding.yaml | 19 - .../templates/cluster-agent-configmap.yaml | 31 - .../templates/cluster-agent-deployment.yaml | 169 ----- .../cluster-agent-poddisruptionbudget.yaml | 21 - .../1.0.98/templates/cluster-agent-role.yaml | 21 - .../templates/cluster-agent-rolebinding.yaml | 18 - .../templates/cluster-agent-service.yaml | 21 - .../cluster-agent-serviceaccount.yaml | 14 - .../templates/logs-agent-clusterrole.yaml | 23 - .../logs-agent-clusterrolebinding.yaml | 21 - .../templates/logs-agent-configmap.yaml | 63 -- .../templates/logs-agent-daemonset.yaml | 91 --- .../templates/logs-agent-serviceaccount.yaml | 16 - .../templates/node-agent-clusterrole.yaml | 21 - .../node-agent-clusterrolebinding.yaml | 19 - .../templates/node-agent-configmap.yaml | 17 - .../templates/node-agent-daemonset.yaml | 110 --- .../templates/node-agent-podautoscaler.yaml | 39 - .../1.0.98/templates/node-agent-scc.yaml | 60 -- .../1.0.98/templates/node-agent-service.yaml | 28 - .../templates/node-agent-serviceaccount.yaml | 14 - .../templates/openshift-logging-secret.yaml | 22 - .../1.0.98/templates/pull-secret.yaml | 39 - .../1.0.98/templates/secret.yaml | 27 - .../test/clusteragent_resources_test.go | 145 ---- .../1.0.98/test/clustername_test.go | 54 -- .../values/clustercheck_ksm_custom_url.yaml | 7 - .../values/clustercheck_ksm_no_override.yaml | 5 - .../values/clustercheck_ksm_override.yaml | 26 - .../clustercheck_no_ksm_custom_url.yaml | 7 - .../clustercheck_service_port_override.yaml | 4 - .../test/values/disable-all-resource.yaml | 17 - .../test/values/http-header-injector.yaml | 8 - .../1.0.98/test/values/minimal.yaml | 7 - .../1.0.98/values.schema.json | 78 -- .../stackstate-k8s-agent/1.0.98/values.yaml | 616 ---------------- index.yaml | 674 ------------------ .../overlay/app-readme.md | 5 - .../overlay/questions.yml | 184 ----- .../stackstate-k8s-agent/upstream.yaml | 8 - 1703 files changed, 101175 deletions(-) delete mode 100644 assets/icons/stackstate-k8s-agent.svg delete mode 100644 assets/stackstate/stackstate-k8s-agent-1.0.49.tgz delete mode 100644 assets/stackstate/stackstate-k8s-agent-1.0.51.tgz delete mode 100644 assets/stackstate/stackstate-k8s-agent-1.0.53.tgz delete mode 100644 assets/stackstate/stackstate-k8s-agent-1.0.54.tgz delete mode 100644 assets/stackstate/stackstate-k8s-agent-1.0.58.tgz delete mode 100644 assets/stackstate/stackstate-k8s-agent-1.0.66.tgz delete mode 100644 assets/stackstate/stackstate-k8s-agent-1.0.67.tgz delete mode 100644 assets/stackstate/stackstate-k8s-agent-1.0.68.tgz delete mode 100644 assets/stackstate/stackstate-k8s-agent-1.0.70.tgz delete mode 100644 assets/stackstate/stackstate-k8s-agent-1.0.76.tgz delete mode 100644 assets/stackstate/stackstate-k8s-agent-1.0.78.tgz delete mode 100644 assets/stackstate/stackstate-k8s-agent-1.0.81.tgz delete mode 100644 assets/stackstate/stackstate-k8s-agent-1.0.82.tgz delete mode 100644 assets/stackstate/stackstate-k8s-agent-1.0.84.tgz delete mode 100644 assets/stackstate/stackstate-k8s-agent-1.0.86.tgz delete mode 100644 assets/stackstate/stackstate-k8s-agent-1.0.87.tgz delete mode 100644 assets/stackstate/stackstate-k8s-agent-1.0.88.tgz delete mode 100644 assets/stackstate/stackstate-k8s-agent-1.0.89.tgz delete mode 100644 assets/stackstate/stackstate-k8s-agent-1.0.90.tgz delete mode 100644 assets/stackstate/stackstate-k8s-agent-1.0.93.tgz delete mode 100644 assets/stackstate/stackstate-k8s-agent-1.0.95.tgz delete mode 100644 assets/stackstate/stackstate-k8s-agent-1.0.96.tgz delete mode 100644 assets/stackstate/stackstate-k8s-agent-1.0.98.tgz delete mode 100644 charts/stackstate/stackstate-k8s-agent/1.0.49/.helmignore delete mode 100644 charts/stackstate/stackstate-k8s-agent/1.0.49/Chart.lock delete mode 100644 charts/stackstate/stackstate-k8s-agent/1.0.49/Chart.yaml delete mode 100644 charts/stackstate/stackstate-k8s-agent/1.0.49/README.md delete mode 100644 charts/stackstate/stackstate-k8s-agent/1.0.49/README.md.gotmpl delete mode 100644 charts/stackstate/stackstate-k8s-agent/1.0.49/Releasing.md delete mode 100644 charts/stackstate/stackstate-k8s-agent/1.0.49/app-readme.md delete mode 100644 charts/stackstate/stackstate-k8s-agent/1.0.49/charts/http-header-injector/.helmignore delete mode 100644 charts/stackstate/stackstate-k8s-agent/1.0.49/charts/http-header-injector/Chart.yaml delete mode 100644 charts/stackstate/stackstate-k8s-agent/1.0.49/charts/http-header-injector/README.md delete mode 100644 charts/stackstate/stackstate-k8s-agent/1.0.49/charts/http-header-injector/Readme.md.gotpl delete mode 100644 charts/stackstate/stackstate-k8s-agent/1.0.49/charts/http-header-injector/templates/_defines.tpl delete mode 100644 charts/stackstate/stackstate-k8s-agent/1.0.49/charts/http-header-injector/templates/cert-hook-clusterrolbinding.yaml delete mode 100644 charts/stackstate/stackstate-k8s-agent/1.0.49/charts/http-header-injector/templates/cert-hook-clusterrole.yaml delete mode 100644 charts/stackstate/stackstate-k8s-agent/1.0.49/charts/http-header-injector/templates/cert-hook-config.yaml delete mode 100644 charts/stackstate/stackstate-k8s-agent/1.0.49/charts/http-header-injector/templates/cert-hook-job-delete.yaml delete mode 100644 charts/stackstate/stackstate-k8s-agent/1.0.49/charts/http-header-injector/templates/cert-hook-job-setup.yaml delete mode 100644 charts/stackstate/stackstate-k8s-agent/1.0.49/charts/http-header-injector/templates/cert-hook-serviceaccount.yaml delete mode 100644 charts/stackstate/stackstate-k8s-agent/1.0.49/charts/http-header-injector/templates/pull-secret.yaml delete mode 100644 charts/stackstate/stackstate-k8s-agent/1.0.49/charts/http-header-injector/templates/webhook-cert-secret.yaml delete mode 100644 charts/stackstate/stackstate-k8s-agent/1.0.49/charts/http-header-injector/templates/webhook-certificate.yaml delete mode 100644 charts/stackstate/stackstate-k8s-agent/1.0.49/charts/http-header-injector/templates/webhook-config.yaml delete mode 100644 charts/stackstate/stackstate-k8s-agent/1.0.49/charts/http-header-injector/templates/webhook-deployment.yaml delete mode 100644 charts/stackstate/stackstate-k8s-agent/1.0.49/charts/http-header-injector/templates/webhook-mutatingwebhookconfiguration.yaml delete mode 100644 charts/stackstate/stackstate-k8s-agent/1.0.49/charts/http-header-injector/templates/webhook-service.yaml delete mode 100644 charts/stackstate/stackstate-k8s-agent/1.0.49/charts/http-header-injector/values.yaml delete mode 100644 charts/stackstate/stackstate-k8s-agent/1.0.49/questions.yml delete mode 100644 charts/stackstate/stackstate-k8s-agent/1.0.49/templates/_cluster-agent-kube-state-metrics.yaml delete mode 100644 charts/stackstate/stackstate-k8s-agent/1.0.49/templates/_container-agent.yaml delete mode 100644 charts/stackstate/stackstate-k8s-agent/1.0.49/templates/_container-process-agent.yaml delete mode 100644 charts/stackstate/stackstate-k8s-agent/1.0.49/templates/_helpers.tpl delete mode 100644 charts/stackstate/stackstate-k8s-agent/1.0.49/templates/checks-agent-clusterrolebinding.yaml delete mode 100644 charts/stackstate/stackstate-k8s-agent/1.0.49/templates/checks-agent-configmap.yaml delete mode 100644 charts/stackstate/stackstate-k8s-agent/1.0.49/templates/checks-agent-deployment.yaml delete mode 100644 charts/stackstate/stackstate-k8s-agent/1.0.49/templates/checks-agent-poddisruptionbudget.yaml delete mode 100644 charts/stackstate/stackstate-k8s-agent/1.0.49/templates/checks-agent-serviceaccount.yaml delete mode 100644 charts/stackstate/stackstate-k8s-agent/1.0.49/templates/cluster-agent-clusterrole.yaml delete mode 100644 charts/stackstate/stackstate-k8s-agent/1.0.49/templates/cluster-agent-clusterrolebinding.yaml delete mode 100644 charts/stackstate/stackstate-k8s-agent/1.0.49/templates/cluster-agent-configmap.yaml delete mode 100644 charts/stackstate/stackstate-k8s-agent/1.0.49/templates/cluster-agent-deployment.yaml delete mode 100644 charts/stackstate/stackstate-k8s-agent/1.0.49/templates/cluster-agent-poddisruptionbudget.yaml delete mode 100644 charts/stackstate/stackstate-k8s-agent/1.0.49/templates/cluster-agent-role.yaml delete mode 100644 charts/stackstate/stackstate-k8s-agent/1.0.49/templates/cluster-agent-rolebinding.yaml delete mode 100644 charts/stackstate/stackstate-k8s-agent/1.0.49/templates/cluster-agent-service.yaml delete mode 100644 charts/stackstate/stackstate-k8s-agent/1.0.49/templates/cluster-agent-serviceaccount.yaml delete mode 100644 charts/stackstate/stackstate-k8s-agent/1.0.49/templates/logs-agent-clusterrole.yaml delete mode 100644 charts/stackstate/stackstate-k8s-agent/1.0.49/templates/logs-agent-clusterrolebinding.yaml delete mode 100644 charts/stackstate/stackstate-k8s-agent/1.0.49/templates/logs-agent-configmap.yaml delete mode 100644 charts/stackstate/stackstate-k8s-agent/1.0.49/templates/logs-agent-daemonset.yaml delete mode 100644 charts/stackstate/stackstate-k8s-agent/1.0.49/templates/logs-agent-serviceaccount.yaml delete mode 100644 charts/stackstate/stackstate-k8s-agent/1.0.49/templates/node-agent-clusterrole.yaml delete mode 100644 charts/stackstate/stackstate-k8s-agent/1.0.49/templates/node-agent-clusterrolebinding.yaml delete mode 100644 charts/stackstate/stackstate-k8s-agent/1.0.49/templates/node-agent-configmap.yaml delete mode 100644 charts/stackstate/stackstate-k8s-agent/1.0.49/templates/node-agent-daemonset.yaml delete mode 100644 charts/stackstate/stackstate-k8s-agent/1.0.49/templates/node-agent-scc.yaml delete mode 100644 charts/stackstate/stackstate-k8s-agent/1.0.49/templates/node-agent-service.yaml delete mode 100644 charts/stackstate/stackstate-k8s-agent/1.0.49/templates/node-agent-serviceaccount.yaml delete mode 100644 charts/stackstate/stackstate-k8s-agent/1.0.49/templates/openshift-logging-secret.yaml delete mode 100644 charts/stackstate/stackstate-k8s-agent/1.0.49/templates/pull-secret.yaml delete mode 100644 charts/stackstate/stackstate-k8s-agent/1.0.49/templates/secret.yaml delete mode 100644 charts/stackstate/stackstate-k8s-agent/1.0.49/test/clusteragent_resources_test.go delete mode 100644 charts/stackstate/stackstate-k8s-agent/1.0.49/test/clustername_test.go delete mode 100644 charts/stackstate/stackstate-k8s-agent/1.0.49/test/values/clustercheck_ksm_custom_url.yaml delete mode 100644 charts/stackstate/stackstate-k8s-agent/1.0.49/test/values/clustercheck_ksm_no_override.yaml delete mode 100644 charts/stackstate/stackstate-k8s-agent/1.0.49/test/values/clustercheck_ksm_override.yaml delete mode 100644 charts/stackstate/stackstate-k8s-agent/1.0.49/test/values/clustercheck_no_ksm_custom_url.yaml delete mode 100644 charts/stackstate/stackstate-k8s-agent/1.0.49/test/values/clustercheck_service_port_override.yaml delete mode 100644 charts/stackstate/stackstate-k8s-agent/1.0.49/test/values/disable-all-resource.yaml delete mode 100644 charts/stackstate/stackstate-k8s-agent/1.0.49/test/values/http-header-injector.yaml delete mode 100644 charts/stackstate/stackstate-k8s-agent/1.0.49/test/values/minimal.yaml delete mode 100644 charts/stackstate/stackstate-k8s-agent/1.0.49/values.schema.json delete mode 100644 charts/stackstate/stackstate-k8s-agent/1.0.49/values.yaml delete mode 100644 charts/stackstate/stackstate-k8s-agent/1.0.51/.helmignore delete mode 100644 charts/stackstate/stackstate-k8s-agent/1.0.51/Chart.lock delete mode 100644 charts/stackstate/stackstate-k8s-agent/1.0.51/Chart.yaml delete mode 100644 charts/stackstate/stackstate-k8s-agent/1.0.51/README.md delete mode 100644 charts/stackstate/stackstate-k8s-agent/1.0.51/README.md.gotmpl delete mode 100644 charts/stackstate/stackstate-k8s-agent/1.0.51/Releasing.md delete mode 100644 charts/stackstate/stackstate-k8s-agent/1.0.51/app-readme.md delete mode 100644 charts/stackstate/stackstate-k8s-agent/1.0.51/charts/http-header-injector/.helmignore delete mode 100644 charts/stackstate/stackstate-k8s-agent/1.0.51/charts/http-header-injector/Chart.yaml delete mode 100644 charts/stackstate/stackstate-k8s-agent/1.0.51/charts/http-header-injector/README.md delete mode 100644 charts/stackstate/stackstate-k8s-agent/1.0.51/charts/http-header-injector/Readme.md.gotpl delete mode 100644 charts/stackstate/stackstate-k8s-agent/1.0.51/charts/http-header-injector/templates/_defines.tpl delete mode 100644 charts/stackstate/stackstate-k8s-agent/1.0.51/charts/http-header-injector/templates/cert-hook-clusterrolbinding.yaml delete mode 100644 charts/stackstate/stackstate-k8s-agent/1.0.51/charts/http-header-injector/templates/cert-hook-clusterrole.yaml delete mode 100644 charts/stackstate/stackstate-k8s-agent/1.0.51/charts/http-header-injector/templates/cert-hook-config.yaml delete mode 100644 charts/stackstate/stackstate-k8s-agent/1.0.51/charts/http-header-injector/templates/cert-hook-job-delete.yaml delete mode 100644 charts/stackstate/stackstate-k8s-agent/1.0.51/charts/http-header-injector/templates/cert-hook-job-setup.yaml delete mode 100644 charts/stackstate/stackstate-k8s-agent/1.0.51/charts/http-header-injector/templates/cert-hook-serviceaccount.yaml delete mode 100644 charts/stackstate/stackstate-k8s-agent/1.0.51/charts/http-header-injector/templates/pull-secret.yaml delete mode 100644 charts/stackstate/stackstate-k8s-agent/1.0.51/charts/http-header-injector/templates/webhook-cert-secret.yaml delete mode 100644 charts/stackstate/stackstate-k8s-agent/1.0.51/charts/http-header-injector/templates/webhook-certificate.yaml delete mode 100644 charts/stackstate/stackstate-k8s-agent/1.0.51/charts/http-header-injector/templates/webhook-config.yaml delete mode 100644 charts/stackstate/stackstate-k8s-agent/1.0.51/charts/http-header-injector/templates/webhook-deployment.yaml delete mode 100644 charts/stackstate/stackstate-k8s-agent/1.0.51/charts/http-header-injector/templates/webhook-mutatingwebhookconfiguration.yaml delete mode 100644 charts/stackstate/stackstate-k8s-agent/1.0.51/charts/http-header-injector/templates/webhook-service.yaml delete mode 100644 charts/stackstate/stackstate-k8s-agent/1.0.51/charts/http-header-injector/values.yaml delete mode 100644 charts/stackstate/stackstate-k8s-agent/1.0.51/questions.yml delete mode 100644 charts/stackstate/stackstate-k8s-agent/1.0.51/templates/_cluster-agent-kube-state-metrics.yaml delete mode 100644 charts/stackstate/stackstate-k8s-agent/1.0.51/templates/_container-agent.yaml delete mode 100644 charts/stackstate/stackstate-k8s-agent/1.0.51/templates/_container-process-agent.yaml delete mode 100644 charts/stackstate/stackstate-k8s-agent/1.0.51/templates/_helpers.tpl delete mode 100644 charts/stackstate/stackstate-k8s-agent/1.0.51/templates/checks-agent-clusterrolebinding.yaml delete mode 100644 charts/stackstate/stackstate-k8s-agent/1.0.51/templates/checks-agent-configmap.yaml delete mode 100644 charts/stackstate/stackstate-k8s-agent/1.0.51/templates/checks-agent-deployment.yaml delete mode 100644 charts/stackstate/stackstate-k8s-agent/1.0.51/templates/checks-agent-poddisruptionbudget.yaml delete mode 100644 charts/stackstate/stackstate-k8s-agent/1.0.51/templates/checks-agent-serviceaccount.yaml delete mode 100644 charts/stackstate/stackstate-k8s-agent/1.0.51/templates/cluster-agent-clusterrole.yaml delete mode 100644 charts/stackstate/stackstate-k8s-agent/1.0.51/templates/cluster-agent-clusterrolebinding.yaml delete mode 100644 charts/stackstate/stackstate-k8s-agent/1.0.51/templates/cluster-agent-configmap.yaml delete mode 100644 charts/stackstate/stackstate-k8s-agent/1.0.51/templates/cluster-agent-deployment.yaml delete mode 100644 charts/stackstate/stackstate-k8s-agent/1.0.51/templates/cluster-agent-poddisruptionbudget.yaml delete mode 100644 charts/stackstate/stackstate-k8s-agent/1.0.51/templates/cluster-agent-role.yaml delete mode 100644 charts/stackstate/stackstate-k8s-agent/1.0.51/templates/cluster-agent-rolebinding.yaml delete mode 100644 charts/stackstate/stackstate-k8s-agent/1.0.51/templates/cluster-agent-service.yaml delete mode 100644 charts/stackstate/stackstate-k8s-agent/1.0.51/templates/cluster-agent-serviceaccount.yaml delete mode 100644 charts/stackstate/stackstate-k8s-agent/1.0.51/templates/logs-agent-clusterrole.yaml delete mode 100644 charts/stackstate/stackstate-k8s-agent/1.0.51/templates/logs-agent-clusterrolebinding.yaml delete mode 100644 charts/stackstate/stackstate-k8s-agent/1.0.51/templates/logs-agent-configmap.yaml delete mode 100644 charts/stackstate/stackstate-k8s-agent/1.0.51/templates/logs-agent-daemonset.yaml delete mode 100644 charts/stackstate/stackstate-k8s-agent/1.0.51/templates/logs-agent-serviceaccount.yaml delete mode 100644 charts/stackstate/stackstate-k8s-agent/1.0.51/templates/node-agent-clusterrole.yaml delete mode 100644 charts/stackstate/stackstate-k8s-agent/1.0.51/templates/node-agent-clusterrolebinding.yaml delete mode 100644 charts/stackstate/stackstate-k8s-agent/1.0.51/templates/node-agent-configmap.yaml delete mode 100644 charts/stackstate/stackstate-k8s-agent/1.0.51/templates/node-agent-daemonset.yaml delete mode 100644 charts/stackstate/stackstate-k8s-agent/1.0.51/templates/node-agent-scc.yaml delete mode 100644 charts/stackstate/stackstate-k8s-agent/1.0.51/templates/node-agent-service.yaml delete mode 100644 charts/stackstate/stackstate-k8s-agent/1.0.51/templates/node-agent-serviceaccount.yaml delete mode 100644 charts/stackstate/stackstate-k8s-agent/1.0.51/templates/openshift-logging-secret.yaml delete mode 100644 charts/stackstate/stackstate-k8s-agent/1.0.51/templates/pull-secret.yaml delete mode 100644 charts/stackstate/stackstate-k8s-agent/1.0.51/templates/secret.yaml delete mode 100644 charts/stackstate/stackstate-k8s-agent/1.0.51/test/clusteragent_resources_test.go delete mode 100644 charts/stackstate/stackstate-k8s-agent/1.0.51/test/clustername_test.go delete mode 100644 charts/stackstate/stackstate-k8s-agent/1.0.51/test/values/clustercheck_ksm_custom_url.yaml delete mode 100644 charts/stackstate/stackstate-k8s-agent/1.0.51/test/values/clustercheck_ksm_no_override.yaml delete mode 100644 charts/stackstate/stackstate-k8s-agent/1.0.51/test/values/clustercheck_ksm_override.yaml delete mode 100644 charts/stackstate/stackstate-k8s-agent/1.0.51/test/values/clustercheck_no_ksm_custom_url.yaml delete mode 100644 charts/stackstate/stackstate-k8s-agent/1.0.51/test/values/clustercheck_service_port_override.yaml delete mode 100644 charts/stackstate/stackstate-k8s-agent/1.0.51/test/values/disable-all-resource.yaml delete mode 100644 charts/stackstate/stackstate-k8s-agent/1.0.51/test/values/http-header-injector.yaml delete mode 100644 charts/stackstate/stackstate-k8s-agent/1.0.51/test/values/minimal.yaml delete mode 100644 charts/stackstate/stackstate-k8s-agent/1.0.51/values.schema.json delete mode 100644 charts/stackstate/stackstate-k8s-agent/1.0.51/values.yaml delete mode 100644 charts/stackstate/stackstate-k8s-agent/1.0.53/.helmignore delete mode 100644 charts/stackstate/stackstate-k8s-agent/1.0.53/Chart.lock delete mode 100644 charts/stackstate/stackstate-k8s-agent/1.0.53/Chart.yaml delete mode 100644 charts/stackstate/stackstate-k8s-agent/1.0.53/README.md delete mode 100644 charts/stackstate/stackstate-k8s-agent/1.0.53/README.md.gotmpl delete mode 100644 charts/stackstate/stackstate-k8s-agent/1.0.53/Releasing.md delete mode 100644 charts/stackstate/stackstate-k8s-agent/1.0.53/app-readme.md delete mode 100644 charts/stackstate/stackstate-k8s-agent/1.0.53/charts/http-header-injector/.helmignore delete mode 100644 charts/stackstate/stackstate-k8s-agent/1.0.53/charts/http-header-injector/Chart.yaml delete mode 100644 charts/stackstate/stackstate-k8s-agent/1.0.53/charts/http-header-injector/README.md delete mode 100644 charts/stackstate/stackstate-k8s-agent/1.0.53/charts/http-header-injector/Readme.md.gotpl delete mode 100644 charts/stackstate/stackstate-k8s-agent/1.0.53/charts/http-header-injector/templates/_defines.tpl delete mode 100644 charts/stackstate/stackstate-k8s-agent/1.0.53/charts/http-header-injector/templates/cert-hook-clusterrolbinding.yaml delete mode 100644 charts/stackstate/stackstate-k8s-agent/1.0.53/charts/http-header-injector/templates/cert-hook-clusterrole.yaml delete mode 100644 charts/stackstate/stackstate-k8s-agent/1.0.53/charts/http-header-injector/templates/cert-hook-config.yaml delete mode 100644 charts/stackstate/stackstate-k8s-agent/1.0.53/charts/http-header-injector/templates/cert-hook-job-delete.yaml delete mode 100644 charts/stackstate/stackstate-k8s-agent/1.0.53/charts/http-header-injector/templates/cert-hook-job-setup.yaml delete mode 100644 charts/stackstate/stackstate-k8s-agent/1.0.53/charts/http-header-injector/templates/cert-hook-serviceaccount.yaml delete mode 100644 charts/stackstate/stackstate-k8s-agent/1.0.53/charts/http-header-injector/templates/pull-secret.yaml delete mode 100644 charts/stackstate/stackstate-k8s-agent/1.0.53/charts/http-header-injector/templates/webhook-cert-secret.yaml delete mode 100644 charts/stackstate/stackstate-k8s-agent/1.0.53/charts/http-header-injector/templates/webhook-certificate.yaml delete mode 100644 charts/stackstate/stackstate-k8s-agent/1.0.53/charts/http-header-injector/templates/webhook-config.yaml delete mode 100644 charts/stackstate/stackstate-k8s-agent/1.0.53/charts/http-header-injector/templates/webhook-deployment.yaml delete mode 100644 charts/stackstate/stackstate-k8s-agent/1.0.53/charts/http-header-injector/templates/webhook-mutatingwebhookconfiguration.yaml delete mode 100644 charts/stackstate/stackstate-k8s-agent/1.0.53/charts/http-header-injector/templates/webhook-service.yaml delete mode 100644 charts/stackstate/stackstate-k8s-agent/1.0.53/charts/http-header-injector/values.yaml delete mode 100644 charts/stackstate/stackstate-k8s-agent/1.0.53/questions.yml delete mode 100644 charts/stackstate/stackstate-k8s-agent/1.0.53/templates/_cluster-agent-kube-state-metrics.yaml delete mode 100644 charts/stackstate/stackstate-k8s-agent/1.0.53/templates/_container-agent.yaml delete mode 100644 charts/stackstate/stackstate-k8s-agent/1.0.53/templates/_container-process-agent.yaml delete mode 100644 charts/stackstate/stackstate-k8s-agent/1.0.53/templates/_helpers.tpl delete mode 100644 charts/stackstate/stackstate-k8s-agent/1.0.53/templates/checks-agent-clusterrolebinding.yaml delete mode 100644 charts/stackstate/stackstate-k8s-agent/1.0.53/templates/checks-agent-configmap.yaml delete mode 100644 charts/stackstate/stackstate-k8s-agent/1.0.53/templates/checks-agent-deployment.yaml delete mode 100644 charts/stackstate/stackstate-k8s-agent/1.0.53/templates/checks-agent-poddisruptionbudget.yaml delete mode 100644 charts/stackstate/stackstate-k8s-agent/1.0.53/templates/checks-agent-serviceaccount.yaml delete mode 100644 charts/stackstate/stackstate-k8s-agent/1.0.53/templates/cluster-agent-clusterrole.yaml delete mode 100644 charts/stackstate/stackstate-k8s-agent/1.0.53/templates/cluster-agent-clusterrolebinding.yaml delete mode 100644 charts/stackstate/stackstate-k8s-agent/1.0.53/templates/cluster-agent-configmap.yaml delete mode 100644 charts/stackstate/stackstate-k8s-agent/1.0.53/templates/cluster-agent-deployment.yaml delete mode 100644 charts/stackstate/stackstate-k8s-agent/1.0.53/templates/cluster-agent-poddisruptionbudget.yaml delete mode 100644 charts/stackstate/stackstate-k8s-agent/1.0.53/templates/cluster-agent-role.yaml delete mode 100644 charts/stackstate/stackstate-k8s-agent/1.0.53/templates/cluster-agent-rolebinding.yaml delete mode 100644 charts/stackstate/stackstate-k8s-agent/1.0.53/templates/cluster-agent-service.yaml delete mode 100644 charts/stackstate/stackstate-k8s-agent/1.0.53/templates/cluster-agent-serviceaccount.yaml delete mode 100644 charts/stackstate/stackstate-k8s-agent/1.0.53/templates/logs-agent-clusterrole.yaml delete mode 100644 charts/stackstate/stackstate-k8s-agent/1.0.53/templates/logs-agent-clusterrolebinding.yaml delete mode 100644 charts/stackstate/stackstate-k8s-agent/1.0.53/templates/logs-agent-configmap.yaml delete mode 100644 charts/stackstate/stackstate-k8s-agent/1.0.53/templates/logs-agent-daemonset.yaml delete mode 100644 charts/stackstate/stackstate-k8s-agent/1.0.53/templates/logs-agent-serviceaccount.yaml delete mode 100644 charts/stackstate/stackstate-k8s-agent/1.0.53/templates/node-agent-clusterrole.yaml delete mode 100644 charts/stackstate/stackstate-k8s-agent/1.0.53/templates/node-agent-clusterrolebinding.yaml delete mode 100644 charts/stackstate/stackstate-k8s-agent/1.0.53/templates/node-agent-configmap.yaml delete mode 100644 charts/stackstate/stackstate-k8s-agent/1.0.53/templates/node-agent-daemonset.yaml delete mode 100644 charts/stackstate/stackstate-k8s-agent/1.0.53/templates/node-agent-scc.yaml delete mode 100644 charts/stackstate/stackstate-k8s-agent/1.0.53/templates/node-agent-service.yaml delete mode 100644 charts/stackstate/stackstate-k8s-agent/1.0.53/templates/node-agent-serviceaccount.yaml delete mode 100644 charts/stackstate/stackstate-k8s-agent/1.0.53/templates/openshift-logging-secret.yaml delete mode 100644 charts/stackstate/stackstate-k8s-agent/1.0.53/templates/pull-secret.yaml delete mode 100644 charts/stackstate/stackstate-k8s-agent/1.0.53/templates/secret.yaml delete mode 100644 charts/stackstate/stackstate-k8s-agent/1.0.53/test/clusteragent_resources_test.go delete mode 100644 charts/stackstate/stackstate-k8s-agent/1.0.53/test/clustername_test.go delete mode 100644 charts/stackstate/stackstate-k8s-agent/1.0.53/test/values/clustercheck_ksm_custom_url.yaml delete mode 100644 charts/stackstate/stackstate-k8s-agent/1.0.53/test/values/clustercheck_ksm_no_override.yaml delete mode 100644 charts/stackstate/stackstate-k8s-agent/1.0.53/test/values/clustercheck_ksm_override.yaml delete mode 100644 charts/stackstate/stackstate-k8s-agent/1.0.53/test/values/clustercheck_no_ksm_custom_url.yaml delete mode 100644 charts/stackstate/stackstate-k8s-agent/1.0.53/test/values/clustercheck_service_port_override.yaml delete mode 100644 charts/stackstate/stackstate-k8s-agent/1.0.53/test/values/disable-all-resource.yaml delete mode 100644 charts/stackstate/stackstate-k8s-agent/1.0.53/test/values/http-header-injector.yaml delete mode 100644 charts/stackstate/stackstate-k8s-agent/1.0.53/test/values/minimal.yaml delete mode 100644 charts/stackstate/stackstate-k8s-agent/1.0.53/values.schema.json delete mode 100644 charts/stackstate/stackstate-k8s-agent/1.0.53/values.yaml delete mode 100644 charts/stackstate/stackstate-k8s-agent/1.0.54/.helmignore delete mode 100644 charts/stackstate/stackstate-k8s-agent/1.0.54/Chart.lock delete mode 100644 charts/stackstate/stackstate-k8s-agent/1.0.54/Chart.yaml delete mode 100644 charts/stackstate/stackstate-k8s-agent/1.0.54/README.md delete mode 100644 charts/stackstate/stackstate-k8s-agent/1.0.54/README.md.gotmpl delete mode 100644 charts/stackstate/stackstate-k8s-agent/1.0.54/Releasing.md delete mode 100644 charts/stackstate/stackstate-k8s-agent/1.0.54/app-readme.md delete mode 100644 charts/stackstate/stackstate-k8s-agent/1.0.54/charts/http-header-injector/.helmignore delete mode 100644 charts/stackstate/stackstate-k8s-agent/1.0.54/charts/http-header-injector/Chart.yaml delete mode 100644 charts/stackstate/stackstate-k8s-agent/1.0.54/charts/http-header-injector/README.md delete mode 100644 charts/stackstate/stackstate-k8s-agent/1.0.54/charts/http-header-injector/Readme.md.gotpl delete mode 100644 charts/stackstate/stackstate-k8s-agent/1.0.54/charts/http-header-injector/templates/_defines.tpl delete mode 100644 charts/stackstate/stackstate-k8s-agent/1.0.54/charts/http-header-injector/templates/cert-hook-clusterrolbinding.yaml delete mode 100644 charts/stackstate/stackstate-k8s-agent/1.0.54/charts/http-header-injector/templates/cert-hook-clusterrole.yaml delete mode 100644 charts/stackstate/stackstate-k8s-agent/1.0.54/charts/http-header-injector/templates/cert-hook-config.yaml delete mode 100644 charts/stackstate/stackstate-k8s-agent/1.0.54/charts/http-header-injector/templates/cert-hook-job-delete.yaml delete mode 100644 charts/stackstate/stackstate-k8s-agent/1.0.54/charts/http-header-injector/templates/cert-hook-job-setup.yaml delete mode 100644 charts/stackstate/stackstate-k8s-agent/1.0.54/charts/http-header-injector/templates/cert-hook-serviceaccount.yaml delete mode 100644 charts/stackstate/stackstate-k8s-agent/1.0.54/charts/http-header-injector/templates/pull-secret.yaml delete mode 100644 charts/stackstate/stackstate-k8s-agent/1.0.54/charts/http-header-injector/templates/webhook-cert-secret.yaml delete mode 100644 charts/stackstate/stackstate-k8s-agent/1.0.54/charts/http-header-injector/templates/webhook-certificate.yaml delete mode 100644 charts/stackstate/stackstate-k8s-agent/1.0.54/charts/http-header-injector/templates/webhook-config.yaml delete mode 100644 charts/stackstate/stackstate-k8s-agent/1.0.54/charts/http-header-injector/templates/webhook-deployment.yaml delete mode 100644 charts/stackstate/stackstate-k8s-agent/1.0.54/charts/http-header-injector/templates/webhook-mutatingwebhookconfiguration.yaml delete mode 100644 charts/stackstate/stackstate-k8s-agent/1.0.54/charts/http-header-injector/templates/webhook-service.yaml delete mode 100644 charts/stackstate/stackstate-k8s-agent/1.0.54/charts/http-header-injector/values.yaml delete mode 100644 charts/stackstate/stackstate-k8s-agent/1.0.54/questions.yml delete mode 100644 charts/stackstate/stackstate-k8s-agent/1.0.54/templates/_cluster-agent-kube-state-metrics.yaml delete mode 100644 charts/stackstate/stackstate-k8s-agent/1.0.54/templates/_container-agent.yaml delete mode 100644 charts/stackstate/stackstate-k8s-agent/1.0.54/templates/_container-process-agent.yaml delete mode 100644 charts/stackstate/stackstate-k8s-agent/1.0.54/templates/_helpers.tpl delete mode 100644 charts/stackstate/stackstate-k8s-agent/1.0.54/templates/checks-agent-clusterrolebinding.yaml delete mode 100644 charts/stackstate/stackstate-k8s-agent/1.0.54/templates/checks-agent-configmap.yaml delete mode 100644 charts/stackstate/stackstate-k8s-agent/1.0.54/templates/checks-agent-deployment.yaml delete mode 100644 charts/stackstate/stackstate-k8s-agent/1.0.54/templates/checks-agent-poddisruptionbudget.yaml delete mode 100644 charts/stackstate/stackstate-k8s-agent/1.0.54/templates/checks-agent-serviceaccount.yaml delete mode 100644 charts/stackstate/stackstate-k8s-agent/1.0.54/templates/cluster-agent-clusterrole.yaml delete mode 100644 charts/stackstate/stackstate-k8s-agent/1.0.54/templates/cluster-agent-clusterrolebinding.yaml delete mode 100644 charts/stackstate/stackstate-k8s-agent/1.0.54/templates/cluster-agent-configmap.yaml delete mode 100644 charts/stackstate/stackstate-k8s-agent/1.0.54/templates/cluster-agent-deployment.yaml delete mode 100644 charts/stackstate/stackstate-k8s-agent/1.0.54/templates/cluster-agent-poddisruptionbudget.yaml delete mode 100644 charts/stackstate/stackstate-k8s-agent/1.0.54/templates/cluster-agent-role.yaml delete mode 100644 charts/stackstate/stackstate-k8s-agent/1.0.54/templates/cluster-agent-rolebinding.yaml delete mode 100644 charts/stackstate/stackstate-k8s-agent/1.0.54/templates/cluster-agent-service.yaml delete mode 100644 charts/stackstate/stackstate-k8s-agent/1.0.54/templates/cluster-agent-serviceaccount.yaml delete mode 100644 charts/stackstate/stackstate-k8s-agent/1.0.54/templates/logs-agent-clusterrole.yaml delete mode 100644 charts/stackstate/stackstate-k8s-agent/1.0.54/templates/logs-agent-clusterrolebinding.yaml delete mode 100644 charts/stackstate/stackstate-k8s-agent/1.0.54/templates/logs-agent-configmap.yaml delete mode 100644 charts/stackstate/stackstate-k8s-agent/1.0.54/templates/logs-agent-daemonset.yaml delete mode 100644 charts/stackstate/stackstate-k8s-agent/1.0.54/templates/logs-agent-serviceaccount.yaml delete mode 100644 charts/stackstate/stackstate-k8s-agent/1.0.54/templates/node-agent-clusterrole.yaml delete mode 100644 charts/stackstate/stackstate-k8s-agent/1.0.54/templates/node-agent-clusterrolebinding.yaml delete mode 100644 charts/stackstate/stackstate-k8s-agent/1.0.54/templates/node-agent-configmap.yaml delete mode 100644 charts/stackstate/stackstate-k8s-agent/1.0.54/templates/node-agent-daemonset.yaml delete mode 100644 charts/stackstate/stackstate-k8s-agent/1.0.54/templates/node-agent-scc.yaml delete mode 100644 charts/stackstate/stackstate-k8s-agent/1.0.54/templates/node-agent-service.yaml delete mode 100644 charts/stackstate/stackstate-k8s-agent/1.0.54/templates/node-agent-serviceaccount.yaml delete mode 100644 charts/stackstate/stackstate-k8s-agent/1.0.54/templates/openshift-logging-secret.yaml delete mode 100644 charts/stackstate/stackstate-k8s-agent/1.0.54/templates/pull-secret.yaml delete mode 100644 charts/stackstate/stackstate-k8s-agent/1.0.54/templates/secret.yaml delete mode 100644 charts/stackstate/stackstate-k8s-agent/1.0.54/test/clusteragent_resources_test.go delete mode 100644 charts/stackstate/stackstate-k8s-agent/1.0.54/test/clustername_test.go delete mode 100644 charts/stackstate/stackstate-k8s-agent/1.0.54/test/values/clustercheck_ksm_custom_url.yaml delete mode 100644 charts/stackstate/stackstate-k8s-agent/1.0.54/test/values/clustercheck_ksm_no_override.yaml delete mode 100644 charts/stackstate/stackstate-k8s-agent/1.0.54/test/values/clustercheck_ksm_override.yaml delete mode 100644 charts/stackstate/stackstate-k8s-agent/1.0.54/test/values/clustercheck_no_ksm_custom_url.yaml delete mode 100644 charts/stackstate/stackstate-k8s-agent/1.0.54/test/values/clustercheck_service_port_override.yaml delete mode 100644 charts/stackstate/stackstate-k8s-agent/1.0.54/test/values/disable-all-resource.yaml delete mode 100644 charts/stackstate/stackstate-k8s-agent/1.0.54/test/values/http-header-injector.yaml delete mode 100644 charts/stackstate/stackstate-k8s-agent/1.0.54/test/values/minimal.yaml delete mode 100644 charts/stackstate/stackstate-k8s-agent/1.0.54/values.schema.json delete mode 100644 charts/stackstate/stackstate-k8s-agent/1.0.54/values.yaml delete mode 100644 charts/stackstate/stackstate-k8s-agent/1.0.58/.helmignore delete mode 100644 charts/stackstate/stackstate-k8s-agent/1.0.58/Chart.lock delete mode 100644 charts/stackstate/stackstate-k8s-agent/1.0.58/Chart.yaml delete mode 100644 charts/stackstate/stackstate-k8s-agent/1.0.58/README.md delete mode 100644 charts/stackstate/stackstate-k8s-agent/1.0.58/README.md.gotmpl delete mode 100644 charts/stackstate/stackstate-k8s-agent/1.0.58/Releasing.md delete mode 100644 charts/stackstate/stackstate-k8s-agent/1.0.58/app-readme.md delete mode 100644 charts/stackstate/stackstate-k8s-agent/1.0.58/charts/http-header-injector/.helmignore delete mode 100644 charts/stackstate/stackstate-k8s-agent/1.0.58/charts/http-header-injector/Chart.yaml delete mode 100644 charts/stackstate/stackstate-k8s-agent/1.0.58/charts/http-header-injector/README.md delete mode 100644 charts/stackstate/stackstate-k8s-agent/1.0.58/charts/http-header-injector/Readme.md.gotpl delete mode 100644 charts/stackstate/stackstate-k8s-agent/1.0.58/charts/http-header-injector/templates/_defines.tpl delete mode 100644 charts/stackstate/stackstate-k8s-agent/1.0.58/charts/http-header-injector/templates/cert-hook-clusterrolbinding.yaml delete mode 100644 charts/stackstate/stackstate-k8s-agent/1.0.58/charts/http-header-injector/templates/cert-hook-clusterrole.yaml delete mode 100644 charts/stackstate/stackstate-k8s-agent/1.0.58/charts/http-header-injector/templates/cert-hook-config.yaml delete mode 100644 charts/stackstate/stackstate-k8s-agent/1.0.58/charts/http-header-injector/templates/cert-hook-job-delete.yaml delete mode 100644 charts/stackstate/stackstate-k8s-agent/1.0.58/charts/http-header-injector/templates/cert-hook-job-setup.yaml delete mode 100644 charts/stackstate/stackstate-k8s-agent/1.0.58/charts/http-header-injector/templates/cert-hook-serviceaccount.yaml delete mode 100644 charts/stackstate/stackstate-k8s-agent/1.0.58/charts/http-header-injector/templates/pull-secret.yaml delete mode 100644 charts/stackstate/stackstate-k8s-agent/1.0.58/charts/http-header-injector/templates/webhook-cert-secret.yaml delete mode 100644 charts/stackstate/stackstate-k8s-agent/1.0.58/charts/http-header-injector/templates/webhook-certificate.yaml delete mode 100644 charts/stackstate/stackstate-k8s-agent/1.0.58/charts/http-header-injector/templates/webhook-config.yaml delete mode 100644 charts/stackstate/stackstate-k8s-agent/1.0.58/charts/http-header-injector/templates/webhook-deployment.yaml delete mode 100644 charts/stackstate/stackstate-k8s-agent/1.0.58/charts/http-header-injector/templates/webhook-mutatingwebhookconfiguration.yaml delete mode 100644 charts/stackstate/stackstate-k8s-agent/1.0.58/charts/http-header-injector/templates/webhook-service.yaml delete mode 100644 charts/stackstate/stackstate-k8s-agent/1.0.58/charts/http-header-injector/values.yaml delete mode 100644 charts/stackstate/stackstate-k8s-agent/1.0.58/questions.yml delete mode 100644 charts/stackstate/stackstate-k8s-agent/1.0.58/templates/_cluster-agent-kube-state-metrics.yaml delete mode 100644 charts/stackstate/stackstate-k8s-agent/1.0.58/templates/_container-agent.yaml delete mode 100644 charts/stackstate/stackstate-k8s-agent/1.0.58/templates/_container-process-agent.yaml delete mode 100644 charts/stackstate/stackstate-k8s-agent/1.0.58/templates/_helpers.tpl delete mode 100644 charts/stackstate/stackstate-k8s-agent/1.0.58/templates/checks-agent-clusterrolebinding.yaml delete mode 100644 charts/stackstate/stackstate-k8s-agent/1.0.58/templates/checks-agent-configmap.yaml delete mode 100644 charts/stackstate/stackstate-k8s-agent/1.0.58/templates/checks-agent-deployment.yaml delete mode 100644 charts/stackstate/stackstate-k8s-agent/1.0.58/templates/checks-agent-poddisruptionbudget.yaml delete mode 100644 charts/stackstate/stackstate-k8s-agent/1.0.58/templates/checks-agent-serviceaccount.yaml delete mode 100644 charts/stackstate/stackstate-k8s-agent/1.0.58/templates/cluster-agent-clusterrole.yaml delete mode 100644 charts/stackstate/stackstate-k8s-agent/1.0.58/templates/cluster-agent-clusterrolebinding.yaml delete mode 100644 charts/stackstate/stackstate-k8s-agent/1.0.58/templates/cluster-agent-configmap.yaml delete mode 100644 charts/stackstate/stackstate-k8s-agent/1.0.58/templates/cluster-agent-deployment.yaml delete mode 100644 charts/stackstate/stackstate-k8s-agent/1.0.58/templates/cluster-agent-poddisruptionbudget.yaml delete mode 100644 charts/stackstate/stackstate-k8s-agent/1.0.58/templates/cluster-agent-role.yaml delete mode 100644 charts/stackstate/stackstate-k8s-agent/1.0.58/templates/cluster-agent-rolebinding.yaml delete mode 100644 charts/stackstate/stackstate-k8s-agent/1.0.58/templates/cluster-agent-service.yaml delete mode 100644 charts/stackstate/stackstate-k8s-agent/1.0.58/templates/cluster-agent-serviceaccount.yaml delete mode 100644 charts/stackstate/stackstate-k8s-agent/1.0.58/templates/logs-agent-clusterrole.yaml delete mode 100644 charts/stackstate/stackstate-k8s-agent/1.0.58/templates/logs-agent-clusterrolebinding.yaml delete mode 100644 charts/stackstate/stackstate-k8s-agent/1.0.58/templates/logs-agent-configmap.yaml delete mode 100644 charts/stackstate/stackstate-k8s-agent/1.0.58/templates/logs-agent-daemonset.yaml delete mode 100644 charts/stackstate/stackstate-k8s-agent/1.0.58/templates/logs-agent-serviceaccount.yaml delete mode 100644 charts/stackstate/stackstate-k8s-agent/1.0.58/templates/node-agent-clusterrole.yaml delete mode 100644 charts/stackstate/stackstate-k8s-agent/1.0.58/templates/node-agent-clusterrolebinding.yaml delete mode 100644 charts/stackstate/stackstate-k8s-agent/1.0.58/templates/node-agent-configmap.yaml delete mode 100644 charts/stackstate/stackstate-k8s-agent/1.0.58/templates/node-agent-daemonset.yaml delete mode 100644 charts/stackstate/stackstate-k8s-agent/1.0.58/templates/node-agent-podautoscaler.yaml delete mode 100644 charts/stackstate/stackstate-k8s-agent/1.0.58/templates/node-agent-scc.yaml delete mode 100644 charts/stackstate/stackstate-k8s-agent/1.0.58/templates/node-agent-service.yaml delete mode 100644 charts/stackstate/stackstate-k8s-agent/1.0.58/templates/node-agent-serviceaccount.yaml delete mode 100644 charts/stackstate/stackstate-k8s-agent/1.0.58/templates/openshift-logging-secret.yaml delete mode 100644 charts/stackstate/stackstate-k8s-agent/1.0.58/templates/pull-secret.yaml delete mode 100644 charts/stackstate/stackstate-k8s-agent/1.0.58/templates/secret.yaml delete mode 100644 charts/stackstate/stackstate-k8s-agent/1.0.58/test/clusteragent_resources_test.go delete mode 100644 charts/stackstate/stackstate-k8s-agent/1.0.58/test/clustername_test.go delete mode 100644 charts/stackstate/stackstate-k8s-agent/1.0.58/test/values/clustercheck_ksm_custom_url.yaml delete mode 100644 charts/stackstate/stackstate-k8s-agent/1.0.58/test/values/clustercheck_ksm_no_override.yaml delete mode 100644 charts/stackstate/stackstate-k8s-agent/1.0.58/test/values/clustercheck_ksm_override.yaml delete mode 100644 charts/stackstate/stackstate-k8s-agent/1.0.58/test/values/clustercheck_no_ksm_custom_url.yaml delete mode 100644 charts/stackstate/stackstate-k8s-agent/1.0.58/test/values/clustercheck_service_port_override.yaml delete mode 100644 charts/stackstate/stackstate-k8s-agent/1.0.58/test/values/disable-all-resource.yaml delete mode 100644 charts/stackstate/stackstate-k8s-agent/1.0.58/test/values/http-header-injector.yaml delete mode 100644 charts/stackstate/stackstate-k8s-agent/1.0.58/test/values/minimal.yaml delete mode 100644 charts/stackstate/stackstate-k8s-agent/1.0.58/values.schema.json delete mode 100644 charts/stackstate/stackstate-k8s-agent/1.0.58/values.yaml delete mode 100644 charts/stackstate/stackstate-k8s-agent/1.0.66/.helmignore delete mode 100644 charts/stackstate/stackstate-k8s-agent/1.0.66/Chart.lock delete mode 100644 charts/stackstate/stackstate-k8s-agent/1.0.66/Chart.yaml delete mode 100644 charts/stackstate/stackstate-k8s-agent/1.0.66/README.md delete mode 100644 charts/stackstate/stackstate-k8s-agent/1.0.66/README.md.gotmpl delete mode 100644 charts/stackstate/stackstate-k8s-agent/1.0.66/Releasing.md delete mode 100644 charts/stackstate/stackstate-k8s-agent/1.0.66/app-readme.md delete mode 100644 charts/stackstate/stackstate-k8s-agent/1.0.66/charts/http-header-injector/.helmignore delete mode 100644 charts/stackstate/stackstate-k8s-agent/1.0.66/charts/http-header-injector/Chart.yaml delete mode 100644 charts/stackstate/stackstate-k8s-agent/1.0.66/charts/http-header-injector/README.md delete mode 100644 charts/stackstate/stackstate-k8s-agent/1.0.66/charts/http-header-injector/Readme.md.gotpl delete mode 100644 charts/stackstate/stackstate-k8s-agent/1.0.66/charts/http-header-injector/templates/_defines.tpl delete mode 100644 charts/stackstate/stackstate-k8s-agent/1.0.66/charts/http-header-injector/templates/cert-hook-clusterrolbinding.yaml delete mode 100644 charts/stackstate/stackstate-k8s-agent/1.0.66/charts/http-header-injector/templates/cert-hook-clusterrole.yaml delete mode 100644 charts/stackstate/stackstate-k8s-agent/1.0.66/charts/http-header-injector/templates/cert-hook-config.yaml delete mode 100644 charts/stackstate/stackstate-k8s-agent/1.0.66/charts/http-header-injector/templates/cert-hook-job-delete.yaml delete mode 100644 charts/stackstate/stackstate-k8s-agent/1.0.66/charts/http-header-injector/templates/cert-hook-job-setup.yaml delete mode 100644 charts/stackstate/stackstate-k8s-agent/1.0.66/charts/http-header-injector/templates/cert-hook-serviceaccount.yaml delete mode 100644 charts/stackstate/stackstate-k8s-agent/1.0.66/charts/http-header-injector/templates/pull-secret.yaml delete mode 100644 charts/stackstate/stackstate-k8s-agent/1.0.66/charts/http-header-injector/templates/webhook-cert-secret.yaml delete mode 100644 charts/stackstate/stackstate-k8s-agent/1.0.66/charts/http-header-injector/templates/webhook-certificate.yaml delete mode 100644 charts/stackstate/stackstate-k8s-agent/1.0.66/charts/http-header-injector/templates/webhook-config.yaml delete mode 100644 charts/stackstate/stackstate-k8s-agent/1.0.66/charts/http-header-injector/templates/webhook-deployment.yaml delete mode 100644 charts/stackstate/stackstate-k8s-agent/1.0.66/charts/http-header-injector/templates/webhook-mutatingwebhookconfiguration.yaml delete mode 100644 charts/stackstate/stackstate-k8s-agent/1.0.66/charts/http-header-injector/templates/webhook-service.yaml delete mode 100644 charts/stackstate/stackstate-k8s-agent/1.0.66/charts/http-header-injector/values.yaml delete mode 100644 charts/stackstate/stackstate-k8s-agent/1.0.66/questions.yml delete mode 100644 charts/stackstate/stackstate-k8s-agent/1.0.66/templates/_cluster-agent-kube-state-metrics.yaml delete mode 100644 charts/stackstate/stackstate-k8s-agent/1.0.66/templates/_container-agent.yaml delete mode 100644 charts/stackstate/stackstate-k8s-agent/1.0.66/templates/_container-process-agent.yaml delete mode 100644 charts/stackstate/stackstate-k8s-agent/1.0.66/templates/_helpers.tpl delete mode 100644 charts/stackstate/stackstate-k8s-agent/1.0.66/templates/checks-agent-clusterrolebinding.yaml delete mode 100644 charts/stackstate/stackstate-k8s-agent/1.0.66/templates/checks-agent-configmap.yaml delete mode 100644 charts/stackstate/stackstate-k8s-agent/1.0.66/templates/checks-agent-deployment.yaml delete mode 100644 charts/stackstate/stackstate-k8s-agent/1.0.66/templates/checks-agent-poddisruptionbudget.yaml delete mode 100644 charts/stackstate/stackstate-k8s-agent/1.0.66/templates/checks-agent-serviceaccount.yaml delete mode 100644 charts/stackstate/stackstate-k8s-agent/1.0.66/templates/cluster-agent-clusterrole.yaml delete mode 100644 charts/stackstate/stackstate-k8s-agent/1.0.66/templates/cluster-agent-clusterrolebinding.yaml delete mode 100644 charts/stackstate/stackstate-k8s-agent/1.0.66/templates/cluster-agent-configmap.yaml delete mode 100644 charts/stackstate/stackstate-k8s-agent/1.0.66/templates/cluster-agent-deployment.yaml delete mode 100644 charts/stackstate/stackstate-k8s-agent/1.0.66/templates/cluster-agent-poddisruptionbudget.yaml delete mode 100644 charts/stackstate/stackstate-k8s-agent/1.0.66/templates/cluster-agent-role.yaml delete mode 100644 charts/stackstate/stackstate-k8s-agent/1.0.66/templates/cluster-agent-rolebinding.yaml delete mode 100644 charts/stackstate/stackstate-k8s-agent/1.0.66/templates/cluster-agent-service.yaml delete mode 100644 charts/stackstate/stackstate-k8s-agent/1.0.66/templates/cluster-agent-serviceaccount.yaml delete mode 100644 charts/stackstate/stackstate-k8s-agent/1.0.66/templates/logs-agent-clusterrole.yaml delete mode 100644 charts/stackstate/stackstate-k8s-agent/1.0.66/templates/logs-agent-clusterrolebinding.yaml delete mode 100644 charts/stackstate/stackstate-k8s-agent/1.0.66/templates/logs-agent-configmap.yaml delete mode 100644 charts/stackstate/stackstate-k8s-agent/1.0.66/templates/logs-agent-daemonset.yaml delete mode 100644 charts/stackstate/stackstate-k8s-agent/1.0.66/templates/logs-agent-serviceaccount.yaml delete mode 100644 charts/stackstate/stackstate-k8s-agent/1.0.66/templates/node-agent-clusterrole.yaml delete mode 100644 charts/stackstate/stackstate-k8s-agent/1.0.66/templates/node-agent-clusterrolebinding.yaml delete mode 100644 charts/stackstate/stackstate-k8s-agent/1.0.66/templates/node-agent-configmap.yaml delete mode 100644 charts/stackstate/stackstate-k8s-agent/1.0.66/templates/node-agent-daemonset.yaml delete mode 100644 charts/stackstate/stackstate-k8s-agent/1.0.66/templates/node-agent-podautoscaler.yaml delete mode 100644 charts/stackstate/stackstate-k8s-agent/1.0.66/templates/node-agent-scc.yaml delete mode 100644 charts/stackstate/stackstate-k8s-agent/1.0.66/templates/node-agent-service.yaml delete mode 100644 charts/stackstate/stackstate-k8s-agent/1.0.66/templates/node-agent-serviceaccount.yaml delete mode 100644 charts/stackstate/stackstate-k8s-agent/1.0.66/templates/openshift-logging-secret.yaml delete mode 100644 charts/stackstate/stackstate-k8s-agent/1.0.66/templates/pull-secret.yaml delete mode 100644 charts/stackstate/stackstate-k8s-agent/1.0.66/templates/secret.yaml delete mode 100644 charts/stackstate/stackstate-k8s-agent/1.0.66/test/clusteragent_resources_test.go delete mode 100644 charts/stackstate/stackstate-k8s-agent/1.0.66/test/clustername_test.go delete mode 100644 charts/stackstate/stackstate-k8s-agent/1.0.66/test/values/clustercheck_ksm_custom_url.yaml delete mode 100644 charts/stackstate/stackstate-k8s-agent/1.0.66/test/values/clustercheck_ksm_no_override.yaml delete mode 100644 charts/stackstate/stackstate-k8s-agent/1.0.66/test/values/clustercheck_ksm_override.yaml delete mode 100644 charts/stackstate/stackstate-k8s-agent/1.0.66/test/values/clustercheck_no_ksm_custom_url.yaml delete mode 100644 charts/stackstate/stackstate-k8s-agent/1.0.66/test/values/clustercheck_service_port_override.yaml delete mode 100644 charts/stackstate/stackstate-k8s-agent/1.0.66/test/values/disable-all-resource.yaml delete mode 100644 charts/stackstate/stackstate-k8s-agent/1.0.66/test/values/http-header-injector.yaml delete mode 100644 charts/stackstate/stackstate-k8s-agent/1.0.66/test/values/minimal.yaml delete mode 100644 charts/stackstate/stackstate-k8s-agent/1.0.66/values.schema.json delete mode 100644 charts/stackstate/stackstate-k8s-agent/1.0.66/values.yaml delete mode 100644 charts/stackstate/stackstate-k8s-agent/1.0.67/.helmignore delete mode 100644 charts/stackstate/stackstate-k8s-agent/1.0.67/Chart.lock delete mode 100644 charts/stackstate/stackstate-k8s-agent/1.0.67/Chart.yaml delete mode 100644 charts/stackstate/stackstate-k8s-agent/1.0.67/README.md delete mode 100644 charts/stackstate/stackstate-k8s-agent/1.0.67/README.md.gotmpl delete mode 100644 charts/stackstate/stackstate-k8s-agent/1.0.67/Releasing.md delete mode 100644 charts/stackstate/stackstate-k8s-agent/1.0.67/app-readme.md delete mode 100644 charts/stackstate/stackstate-k8s-agent/1.0.67/charts/http-header-injector/.helmignore delete mode 100644 charts/stackstate/stackstate-k8s-agent/1.0.67/charts/http-header-injector/Chart.yaml delete mode 100644 charts/stackstate/stackstate-k8s-agent/1.0.67/charts/http-header-injector/README.md delete mode 100644 charts/stackstate/stackstate-k8s-agent/1.0.67/charts/http-header-injector/Readme.md.gotpl delete mode 100644 charts/stackstate/stackstate-k8s-agent/1.0.67/charts/http-header-injector/templates/_defines.tpl delete mode 100644 charts/stackstate/stackstate-k8s-agent/1.0.67/charts/http-header-injector/templates/cert-hook-clusterrolbinding.yaml delete mode 100644 charts/stackstate/stackstate-k8s-agent/1.0.67/charts/http-header-injector/templates/cert-hook-clusterrole.yaml delete mode 100644 charts/stackstate/stackstate-k8s-agent/1.0.67/charts/http-header-injector/templates/cert-hook-config.yaml delete mode 100644 charts/stackstate/stackstate-k8s-agent/1.0.67/charts/http-header-injector/templates/cert-hook-job-delete.yaml delete mode 100644 charts/stackstate/stackstate-k8s-agent/1.0.67/charts/http-header-injector/templates/cert-hook-job-setup.yaml delete mode 100644 charts/stackstate/stackstate-k8s-agent/1.0.67/charts/http-header-injector/templates/cert-hook-serviceaccount.yaml delete mode 100644 charts/stackstate/stackstate-k8s-agent/1.0.67/charts/http-header-injector/templates/pull-secret.yaml delete mode 100644 charts/stackstate/stackstate-k8s-agent/1.0.67/charts/http-header-injector/templates/webhook-cert-secret.yaml delete mode 100644 charts/stackstate/stackstate-k8s-agent/1.0.67/charts/http-header-injector/templates/webhook-certificate.yaml delete mode 100644 charts/stackstate/stackstate-k8s-agent/1.0.67/charts/http-header-injector/templates/webhook-config.yaml delete mode 100644 charts/stackstate/stackstate-k8s-agent/1.0.67/charts/http-header-injector/templates/webhook-deployment.yaml delete mode 100644 charts/stackstate/stackstate-k8s-agent/1.0.67/charts/http-header-injector/templates/webhook-mutatingwebhookconfiguration.yaml delete mode 100644 charts/stackstate/stackstate-k8s-agent/1.0.67/charts/http-header-injector/templates/webhook-service.yaml delete mode 100644 charts/stackstate/stackstate-k8s-agent/1.0.67/charts/http-header-injector/values.yaml delete mode 100644 charts/stackstate/stackstate-k8s-agent/1.0.67/questions.yml delete mode 100644 charts/stackstate/stackstate-k8s-agent/1.0.67/templates/_cluster-agent-kube-state-metrics.yaml delete mode 100644 charts/stackstate/stackstate-k8s-agent/1.0.67/templates/_container-agent.yaml delete mode 100644 charts/stackstate/stackstate-k8s-agent/1.0.67/templates/_container-process-agent.yaml delete mode 100644 charts/stackstate/stackstate-k8s-agent/1.0.67/templates/_helpers.tpl delete mode 100644 charts/stackstate/stackstate-k8s-agent/1.0.67/templates/checks-agent-clusterrolebinding.yaml delete mode 100644 charts/stackstate/stackstate-k8s-agent/1.0.67/templates/checks-agent-configmap.yaml delete mode 100644 charts/stackstate/stackstate-k8s-agent/1.0.67/templates/checks-agent-deployment.yaml delete mode 100644 charts/stackstate/stackstate-k8s-agent/1.0.67/templates/checks-agent-poddisruptionbudget.yaml delete mode 100644 charts/stackstate/stackstate-k8s-agent/1.0.67/templates/checks-agent-serviceaccount.yaml delete mode 100644 charts/stackstate/stackstate-k8s-agent/1.0.67/templates/cluster-agent-clusterrole.yaml delete mode 100644 charts/stackstate/stackstate-k8s-agent/1.0.67/templates/cluster-agent-clusterrolebinding.yaml delete mode 100644 charts/stackstate/stackstate-k8s-agent/1.0.67/templates/cluster-agent-configmap.yaml delete mode 100644 charts/stackstate/stackstate-k8s-agent/1.0.67/templates/cluster-agent-deployment.yaml delete mode 100644 charts/stackstate/stackstate-k8s-agent/1.0.67/templates/cluster-agent-poddisruptionbudget.yaml delete mode 100644 charts/stackstate/stackstate-k8s-agent/1.0.67/templates/cluster-agent-role.yaml delete mode 100644 charts/stackstate/stackstate-k8s-agent/1.0.67/templates/cluster-agent-rolebinding.yaml delete mode 100644 charts/stackstate/stackstate-k8s-agent/1.0.67/templates/cluster-agent-service.yaml delete mode 100644 charts/stackstate/stackstate-k8s-agent/1.0.67/templates/cluster-agent-serviceaccount.yaml delete mode 100644 charts/stackstate/stackstate-k8s-agent/1.0.67/templates/logs-agent-clusterrole.yaml delete mode 100644 charts/stackstate/stackstate-k8s-agent/1.0.67/templates/logs-agent-clusterrolebinding.yaml delete mode 100644 charts/stackstate/stackstate-k8s-agent/1.0.67/templates/logs-agent-configmap.yaml delete mode 100644 charts/stackstate/stackstate-k8s-agent/1.0.67/templates/logs-agent-daemonset.yaml delete mode 100644 charts/stackstate/stackstate-k8s-agent/1.0.67/templates/logs-agent-serviceaccount.yaml delete mode 100644 charts/stackstate/stackstate-k8s-agent/1.0.67/templates/node-agent-clusterrole.yaml delete mode 100644 charts/stackstate/stackstate-k8s-agent/1.0.67/templates/node-agent-clusterrolebinding.yaml delete mode 100644 charts/stackstate/stackstate-k8s-agent/1.0.67/templates/node-agent-configmap.yaml delete mode 100644 charts/stackstate/stackstate-k8s-agent/1.0.67/templates/node-agent-daemonset.yaml delete mode 100644 charts/stackstate/stackstate-k8s-agent/1.0.67/templates/node-agent-podautoscaler.yaml delete mode 100644 charts/stackstate/stackstate-k8s-agent/1.0.67/templates/node-agent-scc.yaml delete mode 100644 charts/stackstate/stackstate-k8s-agent/1.0.67/templates/node-agent-service.yaml delete mode 100644 charts/stackstate/stackstate-k8s-agent/1.0.67/templates/node-agent-serviceaccount.yaml delete mode 100644 charts/stackstate/stackstate-k8s-agent/1.0.67/templates/openshift-logging-secret.yaml delete mode 100644 charts/stackstate/stackstate-k8s-agent/1.0.67/templates/pull-secret.yaml delete mode 100644 charts/stackstate/stackstate-k8s-agent/1.0.67/templates/secret.yaml delete mode 100644 charts/stackstate/stackstate-k8s-agent/1.0.67/test/clusteragent_resources_test.go delete mode 100644 charts/stackstate/stackstate-k8s-agent/1.0.67/test/clustername_test.go delete mode 100644 charts/stackstate/stackstate-k8s-agent/1.0.67/test/values/clustercheck_ksm_custom_url.yaml delete mode 100644 charts/stackstate/stackstate-k8s-agent/1.0.67/test/values/clustercheck_ksm_no_override.yaml delete mode 100644 charts/stackstate/stackstate-k8s-agent/1.0.67/test/values/clustercheck_ksm_override.yaml delete mode 100644 charts/stackstate/stackstate-k8s-agent/1.0.67/test/values/clustercheck_no_ksm_custom_url.yaml delete mode 100644 charts/stackstate/stackstate-k8s-agent/1.0.67/test/values/clustercheck_service_port_override.yaml delete mode 100644 charts/stackstate/stackstate-k8s-agent/1.0.67/test/values/disable-all-resource.yaml delete mode 100644 charts/stackstate/stackstate-k8s-agent/1.0.67/test/values/http-header-injector.yaml delete mode 100644 charts/stackstate/stackstate-k8s-agent/1.0.67/test/values/minimal.yaml delete mode 100644 charts/stackstate/stackstate-k8s-agent/1.0.67/values.schema.json delete mode 100644 charts/stackstate/stackstate-k8s-agent/1.0.67/values.yaml delete mode 100644 charts/stackstate/stackstate-k8s-agent/1.0.68/.helmignore delete mode 100644 charts/stackstate/stackstate-k8s-agent/1.0.68/Chart.lock delete mode 100644 charts/stackstate/stackstate-k8s-agent/1.0.68/Chart.yaml delete mode 100644 charts/stackstate/stackstate-k8s-agent/1.0.68/README.md delete mode 100644 charts/stackstate/stackstate-k8s-agent/1.0.68/README.md.gotmpl delete mode 100644 charts/stackstate/stackstate-k8s-agent/1.0.68/Releasing.md delete mode 100644 charts/stackstate/stackstate-k8s-agent/1.0.68/app-readme.md delete mode 100644 charts/stackstate/stackstate-k8s-agent/1.0.68/charts/http-header-injector/.helmignore delete mode 100644 charts/stackstate/stackstate-k8s-agent/1.0.68/charts/http-header-injector/Chart.yaml delete mode 100644 charts/stackstate/stackstate-k8s-agent/1.0.68/charts/http-header-injector/README.md delete mode 100644 charts/stackstate/stackstate-k8s-agent/1.0.68/charts/http-header-injector/Readme.md.gotpl delete mode 100644 charts/stackstate/stackstate-k8s-agent/1.0.68/charts/http-header-injector/templates/_defines.tpl delete mode 100644 charts/stackstate/stackstate-k8s-agent/1.0.68/charts/http-header-injector/templates/cert-hook-clusterrolbinding.yaml delete mode 100644 charts/stackstate/stackstate-k8s-agent/1.0.68/charts/http-header-injector/templates/cert-hook-clusterrole.yaml delete mode 100644 charts/stackstate/stackstate-k8s-agent/1.0.68/charts/http-header-injector/templates/cert-hook-config.yaml delete mode 100644 charts/stackstate/stackstate-k8s-agent/1.0.68/charts/http-header-injector/templates/cert-hook-job-delete.yaml delete mode 100644 charts/stackstate/stackstate-k8s-agent/1.0.68/charts/http-header-injector/templates/cert-hook-job-setup.yaml delete mode 100644 charts/stackstate/stackstate-k8s-agent/1.0.68/charts/http-header-injector/templates/cert-hook-serviceaccount.yaml delete mode 100644 charts/stackstate/stackstate-k8s-agent/1.0.68/charts/http-header-injector/templates/pull-secret.yaml delete mode 100644 charts/stackstate/stackstate-k8s-agent/1.0.68/charts/http-header-injector/templates/webhook-cert-secret.yaml delete mode 100644 charts/stackstate/stackstate-k8s-agent/1.0.68/charts/http-header-injector/templates/webhook-certificate.yaml delete mode 100644 charts/stackstate/stackstate-k8s-agent/1.0.68/charts/http-header-injector/templates/webhook-config.yaml delete mode 100644 charts/stackstate/stackstate-k8s-agent/1.0.68/charts/http-header-injector/templates/webhook-deployment.yaml delete mode 100644 charts/stackstate/stackstate-k8s-agent/1.0.68/charts/http-header-injector/templates/webhook-mutatingwebhookconfiguration.yaml delete mode 100644 charts/stackstate/stackstate-k8s-agent/1.0.68/charts/http-header-injector/templates/webhook-service.yaml delete mode 100644 charts/stackstate/stackstate-k8s-agent/1.0.68/charts/http-header-injector/values.yaml delete mode 100644 charts/stackstate/stackstate-k8s-agent/1.0.68/questions.yml delete mode 100644 charts/stackstate/stackstate-k8s-agent/1.0.68/templates/_cluster-agent-kube-state-metrics.yaml delete mode 100644 charts/stackstate/stackstate-k8s-agent/1.0.68/templates/_container-agent.yaml delete mode 100644 charts/stackstate/stackstate-k8s-agent/1.0.68/templates/_container-process-agent.yaml delete mode 100644 charts/stackstate/stackstate-k8s-agent/1.0.68/templates/_helpers.tpl delete mode 100644 charts/stackstate/stackstate-k8s-agent/1.0.68/templates/checks-agent-clusterrolebinding.yaml delete mode 100644 charts/stackstate/stackstate-k8s-agent/1.0.68/templates/checks-agent-configmap.yaml delete mode 100644 charts/stackstate/stackstate-k8s-agent/1.0.68/templates/checks-agent-deployment.yaml delete mode 100644 charts/stackstate/stackstate-k8s-agent/1.0.68/templates/checks-agent-poddisruptionbudget.yaml delete mode 100644 charts/stackstate/stackstate-k8s-agent/1.0.68/templates/checks-agent-serviceaccount.yaml delete mode 100644 charts/stackstate/stackstate-k8s-agent/1.0.68/templates/cluster-agent-clusterrole.yaml delete mode 100644 charts/stackstate/stackstate-k8s-agent/1.0.68/templates/cluster-agent-clusterrolebinding.yaml delete mode 100644 charts/stackstate/stackstate-k8s-agent/1.0.68/templates/cluster-agent-configmap.yaml delete mode 100644 charts/stackstate/stackstate-k8s-agent/1.0.68/templates/cluster-agent-deployment.yaml delete mode 100644 charts/stackstate/stackstate-k8s-agent/1.0.68/templates/cluster-agent-poddisruptionbudget.yaml delete mode 100644 charts/stackstate/stackstate-k8s-agent/1.0.68/templates/cluster-agent-role.yaml delete mode 100644 charts/stackstate/stackstate-k8s-agent/1.0.68/templates/cluster-agent-rolebinding.yaml delete mode 100644 charts/stackstate/stackstate-k8s-agent/1.0.68/templates/cluster-agent-service.yaml delete mode 100644 charts/stackstate/stackstate-k8s-agent/1.0.68/templates/cluster-agent-serviceaccount.yaml delete mode 100644 charts/stackstate/stackstate-k8s-agent/1.0.68/templates/logs-agent-clusterrole.yaml delete mode 100644 charts/stackstate/stackstate-k8s-agent/1.0.68/templates/logs-agent-clusterrolebinding.yaml delete mode 100644 charts/stackstate/stackstate-k8s-agent/1.0.68/templates/logs-agent-configmap.yaml delete mode 100644 charts/stackstate/stackstate-k8s-agent/1.0.68/templates/logs-agent-daemonset.yaml delete mode 100644 charts/stackstate/stackstate-k8s-agent/1.0.68/templates/logs-agent-serviceaccount.yaml delete mode 100644 charts/stackstate/stackstate-k8s-agent/1.0.68/templates/node-agent-clusterrole.yaml delete mode 100644 charts/stackstate/stackstate-k8s-agent/1.0.68/templates/node-agent-clusterrolebinding.yaml delete mode 100644 charts/stackstate/stackstate-k8s-agent/1.0.68/templates/node-agent-configmap.yaml delete mode 100644 charts/stackstate/stackstate-k8s-agent/1.0.68/templates/node-agent-daemonset.yaml delete mode 100644 charts/stackstate/stackstate-k8s-agent/1.0.68/templates/node-agent-podautoscaler.yaml delete mode 100644 charts/stackstate/stackstate-k8s-agent/1.0.68/templates/node-agent-scc.yaml delete mode 100644 charts/stackstate/stackstate-k8s-agent/1.0.68/templates/node-agent-service.yaml delete mode 100644 charts/stackstate/stackstate-k8s-agent/1.0.68/templates/node-agent-serviceaccount.yaml delete mode 100644 charts/stackstate/stackstate-k8s-agent/1.0.68/templates/openshift-logging-secret.yaml delete mode 100644 charts/stackstate/stackstate-k8s-agent/1.0.68/templates/pull-secret.yaml delete mode 100644 charts/stackstate/stackstate-k8s-agent/1.0.68/templates/secret.yaml delete mode 100644 charts/stackstate/stackstate-k8s-agent/1.0.68/test/clusteragent_resources_test.go delete mode 100644 charts/stackstate/stackstate-k8s-agent/1.0.68/test/clustername_test.go delete mode 100644 charts/stackstate/stackstate-k8s-agent/1.0.68/test/values/clustercheck_ksm_custom_url.yaml delete mode 100644 charts/stackstate/stackstate-k8s-agent/1.0.68/test/values/clustercheck_ksm_no_override.yaml delete mode 100644 charts/stackstate/stackstate-k8s-agent/1.0.68/test/values/clustercheck_ksm_override.yaml delete mode 100644 charts/stackstate/stackstate-k8s-agent/1.0.68/test/values/clustercheck_no_ksm_custom_url.yaml delete mode 100644 charts/stackstate/stackstate-k8s-agent/1.0.68/test/values/clustercheck_service_port_override.yaml delete mode 100644 charts/stackstate/stackstate-k8s-agent/1.0.68/test/values/disable-all-resource.yaml delete mode 100644 charts/stackstate/stackstate-k8s-agent/1.0.68/test/values/http-header-injector.yaml delete mode 100644 charts/stackstate/stackstate-k8s-agent/1.0.68/test/values/minimal.yaml delete mode 100644 charts/stackstate/stackstate-k8s-agent/1.0.68/values.schema.json delete mode 100644 charts/stackstate/stackstate-k8s-agent/1.0.68/values.yaml delete mode 100644 charts/stackstate/stackstate-k8s-agent/1.0.70/.helmignore delete mode 100644 charts/stackstate/stackstate-k8s-agent/1.0.70/Chart.lock delete mode 100644 charts/stackstate/stackstate-k8s-agent/1.0.70/Chart.yaml delete mode 100644 charts/stackstate/stackstate-k8s-agent/1.0.70/README.md delete mode 100644 charts/stackstate/stackstate-k8s-agent/1.0.70/README.md.gotmpl delete mode 100644 charts/stackstate/stackstate-k8s-agent/1.0.70/Releasing.md delete mode 100644 charts/stackstate/stackstate-k8s-agent/1.0.70/app-readme.md delete mode 100644 charts/stackstate/stackstate-k8s-agent/1.0.70/charts/http-header-injector/.helmignore delete mode 100644 charts/stackstate/stackstate-k8s-agent/1.0.70/charts/http-header-injector/Chart.yaml delete mode 100644 charts/stackstate/stackstate-k8s-agent/1.0.70/charts/http-header-injector/README.md delete mode 100644 charts/stackstate/stackstate-k8s-agent/1.0.70/charts/http-header-injector/Readme.md.gotpl delete mode 100644 charts/stackstate/stackstate-k8s-agent/1.0.70/charts/http-header-injector/templates/_defines.tpl delete mode 100644 charts/stackstate/stackstate-k8s-agent/1.0.70/charts/http-header-injector/templates/cert-hook-clusterrolbinding.yaml delete mode 100644 charts/stackstate/stackstate-k8s-agent/1.0.70/charts/http-header-injector/templates/cert-hook-clusterrole.yaml delete mode 100644 charts/stackstate/stackstate-k8s-agent/1.0.70/charts/http-header-injector/templates/cert-hook-config.yaml delete mode 100644 charts/stackstate/stackstate-k8s-agent/1.0.70/charts/http-header-injector/templates/cert-hook-job-delete.yaml delete mode 100644 charts/stackstate/stackstate-k8s-agent/1.0.70/charts/http-header-injector/templates/cert-hook-job-setup.yaml delete mode 100644 charts/stackstate/stackstate-k8s-agent/1.0.70/charts/http-header-injector/templates/cert-hook-serviceaccount.yaml delete mode 100644 charts/stackstate/stackstate-k8s-agent/1.0.70/charts/http-header-injector/templates/pull-secret.yaml delete mode 100644 charts/stackstate/stackstate-k8s-agent/1.0.70/charts/http-header-injector/templates/webhook-cert-secret.yaml delete mode 100644 charts/stackstate/stackstate-k8s-agent/1.0.70/charts/http-header-injector/templates/webhook-certificate.yaml delete mode 100644 charts/stackstate/stackstate-k8s-agent/1.0.70/charts/http-header-injector/templates/webhook-config.yaml delete mode 100644 charts/stackstate/stackstate-k8s-agent/1.0.70/charts/http-header-injector/templates/webhook-deployment.yaml delete mode 100644 charts/stackstate/stackstate-k8s-agent/1.0.70/charts/http-header-injector/templates/webhook-mutatingwebhookconfiguration.yaml delete mode 100644 charts/stackstate/stackstate-k8s-agent/1.0.70/charts/http-header-injector/templates/webhook-service.yaml delete mode 100644 charts/stackstate/stackstate-k8s-agent/1.0.70/charts/http-header-injector/values.yaml delete mode 100644 charts/stackstate/stackstate-k8s-agent/1.0.70/questions.yml delete mode 100644 charts/stackstate/stackstate-k8s-agent/1.0.70/templates/_cluster-agent-kube-state-metrics.yaml delete mode 100644 charts/stackstate/stackstate-k8s-agent/1.0.70/templates/_container-agent.yaml delete mode 100644 charts/stackstate/stackstate-k8s-agent/1.0.70/templates/_container-process-agent.yaml delete mode 100644 charts/stackstate/stackstate-k8s-agent/1.0.70/templates/_helpers.tpl delete mode 100644 charts/stackstate/stackstate-k8s-agent/1.0.70/templates/checks-agent-clusterrolebinding.yaml delete mode 100644 charts/stackstate/stackstate-k8s-agent/1.0.70/templates/checks-agent-configmap.yaml delete mode 100644 charts/stackstate/stackstate-k8s-agent/1.0.70/templates/checks-agent-deployment.yaml delete mode 100644 charts/stackstate/stackstate-k8s-agent/1.0.70/templates/checks-agent-poddisruptionbudget.yaml delete mode 100644 charts/stackstate/stackstate-k8s-agent/1.0.70/templates/checks-agent-serviceaccount.yaml delete mode 100644 charts/stackstate/stackstate-k8s-agent/1.0.70/templates/cluster-agent-clusterrole.yaml delete mode 100644 charts/stackstate/stackstate-k8s-agent/1.0.70/templates/cluster-agent-clusterrolebinding.yaml delete mode 100644 charts/stackstate/stackstate-k8s-agent/1.0.70/templates/cluster-agent-configmap.yaml delete mode 100644 charts/stackstate/stackstate-k8s-agent/1.0.70/templates/cluster-agent-deployment.yaml delete mode 100644 charts/stackstate/stackstate-k8s-agent/1.0.70/templates/cluster-agent-poddisruptionbudget.yaml delete mode 100644 charts/stackstate/stackstate-k8s-agent/1.0.70/templates/cluster-agent-role.yaml delete mode 100644 charts/stackstate/stackstate-k8s-agent/1.0.70/templates/cluster-agent-rolebinding.yaml delete mode 100644 charts/stackstate/stackstate-k8s-agent/1.0.70/templates/cluster-agent-service.yaml delete mode 100644 charts/stackstate/stackstate-k8s-agent/1.0.70/templates/cluster-agent-serviceaccount.yaml delete mode 100644 charts/stackstate/stackstate-k8s-agent/1.0.70/templates/logs-agent-clusterrole.yaml delete mode 100644 charts/stackstate/stackstate-k8s-agent/1.0.70/templates/logs-agent-clusterrolebinding.yaml delete mode 100644 charts/stackstate/stackstate-k8s-agent/1.0.70/templates/logs-agent-configmap.yaml delete mode 100644 charts/stackstate/stackstate-k8s-agent/1.0.70/templates/logs-agent-daemonset.yaml delete mode 100644 charts/stackstate/stackstate-k8s-agent/1.0.70/templates/logs-agent-serviceaccount.yaml delete mode 100644 charts/stackstate/stackstate-k8s-agent/1.0.70/templates/node-agent-clusterrole.yaml delete mode 100644 charts/stackstate/stackstate-k8s-agent/1.0.70/templates/node-agent-clusterrolebinding.yaml delete mode 100644 charts/stackstate/stackstate-k8s-agent/1.0.70/templates/node-agent-configmap.yaml delete mode 100644 charts/stackstate/stackstate-k8s-agent/1.0.70/templates/node-agent-daemonset.yaml delete mode 100644 charts/stackstate/stackstate-k8s-agent/1.0.70/templates/node-agent-podautoscaler.yaml delete mode 100644 charts/stackstate/stackstate-k8s-agent/1.0.70/templates/node-agent-scc.yaml delete mode 100644 charts/stackstate/stackstate-k8s-agent/1.0.70/templates/node-agent-service.yaml delete mode 100644 charts/stackstate/stackstate-k8s-agent/1.0.70/templates/node-agent-serviceaccount.yaml delete mode 100644 charts/stackstate/stackstate-k8s-agent/1.0.70/templates/openshift-logging-secret.yaml delete mode 100644 charts/stackstate/stackstate-k8s-agent/1.0.70/templates/pull-secret.yaml delete mode 100644 charts/stackstate/stackstate-k8s-agent/1.0.70/templates/secret.yaml delete mode 100644 charts/stackstate/stackstate-k8s-agent/1.0.70/test/clusteragent_resources_test.go delete mode 100644 charts/stackstate/stackstate-k8s-agent/1.0.70/test/clustername_test.go delete mode 100644 charts/stackstate/stackstate-k8s-agent/1.0.70/test/values/clustercheck_ksm_custom_url.yaml delete mode 100644 charts/stackstate/stackstate-k8s-agent/1.0.70/test/values/clustercheck_ksm_no_override.yaml delete mode 100644 charts/stackstate/stackstate-k8s-agent/1.0.70/test/values/clustercheck_ksm_override.yaml delete mode 100644 charts/stackstate/stackstate-k8s-agent/1.0.70/test/values/clustercheck_no_ksm_custom_url.yaml delete mode 100644 charts/stackstate/stackstate-k8s-agent/1.0.70/test/values/clustercheck_service_port_override.yaml delete mode 100644 charts/stackstate/stackstate-k8s-agent/1.0.70/test/values/disable-all-resource.yaml delete mode 100644 charts/stackstate/stackstate-k8s-agent/1.0.70/test/values/http-header-injector.yaml delete mode 100644 charts/stackstate/stackstate-k8s-agent/1.0.70/test/values/minimal.yaml delete mode 100644 charts/stackstate/stackstate-k8s-agent/1.0.70/values.schema.json delete mode 100644 charts/stackstate/stackstate-k8s-agent/1.0.70/values.yaml delete mode 100644 charts/stackstate/stackstate-k8s-agent/1.0.76/.helmignore delete mode 100644 charts/stackstate/stackstate-k8s-agent/1.0.76/Chart.lock delete mode 100644 charts/stackstate/stackstate-k8s-agent/1.0.76/Chart.yaml delete mode 100644 charts/stackstate/stackstate-k8s-agent/1.0.76/README.md delete mode 100644 charts/stackstate/stackstate-k8s-agent/1.0.76/README.md.gotmpl delete mode 100644 charts/stackstate/stackstate-k8s-agent/1.0.76/Releasing.md delete mode 100644 charts/stackstate/stackstate-k8s-agent/1.0.76/app-readme.md delete mode 100644 charts/stackstate/stackstate-k8s-agent/1.0.76/charts/http-header-injector/.helmignore delete mode 100644 charts/stackstate/stackstate-k8s-agent/1.0.76/charts/http-header-injector/Chart.yaml delete mode 100644 charts/stackstate/stackstate-k8s-agent/1.0.76/charts/http-header-injector/README.md delete mode 100644 charts/stackstate/stackstate-k8s-agent/1.0.76/charts/http-header-injector/Readme.md.gotpl delete mode 100644 charts/stackstate/stackstate-k8s-agent/1.0.76/charts/http-header-injector/templates/_defines.tpl delete mode 100644 charts/stackstate/stackstate-k8s-agent/1.0.76/charts/http-header-injector/templates/cert-hook-clusterrolbinding.yaml delete mode 100644 charts/stackstate/stackstate-k8s-agent/1.0.76/charts/http-header-injector/templates/cert-hook-clusterrole.yaml delete mode 100644 charts/stackstate/stackstate-k8s-agent/1.0.76/charts/http-header-injector/templates/cert-hook-config.yaml delete mode 100644 charts/stackstate/stackstate-k8s-agent/1.0.76/charts/http-header-injector/templates/cert-hook-job-delete.yaml delete mode 100644 charts/stackstate/stackstate-k8s-agent/1.0.76/charts/http-header-injector/templates/cert-hook-job-setup.yaml delete mode 100644 charts/stackstate/stackstate-k8s-agent/1.0.76/charts/http-header-injector/templates/cert-hook-serviceaccount.yaml delete mode 100644 charts/stackstate/stackstate-k8s-agent/1.0.76/charts/http-header-injector/templates/pull-secret.yaml delete mode 100644 charts/stackstate/stackstate-k8s-agent/1.0.76/charts/http-header-injector/templates/webhook-cert-secret.yaml delete mode 100644 charts/stackstate/stackstate-k8s-agent/1.0.76/charts/http-header-injector/templates/webhook-certificate.yaml delete mode 100644 charts/stackstate/stackstate-k8s-agent/1.0.76/charts/http-header-injector/templates/webhook-config.yaml delete mode 100644 charts/stackstate/stackstate-k8s-agent/1.0.76/charts/http-header-injector/templates/webhook-deployment.yaml delete mode 100644 charts/stackstate/stackstate-k8s-agent/1.0.76/charts/http-header-injector/templates/webhook-mutatingwebhookconfiguration.yaml delete mode 100644 charts/stackstate/stackstate-k8s-agent/1.0.76/charts/http-header-injector/templates/webhook-service.yaml delete mode 100644 charts/stackstate/stackstate-k8s-agent/1.0.76/charts/http-header-injector/values.yaml delete mode 100644 charts/stackstate/stackstate-k8s-agent/1.0.76/questions.yml delete mode 100644 charts/stackstate/stackstate-k8s-agent/1.0.76/templates/_cluster-agent-kube-state-metrics.yaml delete mode 100644 charts/stackstate/stackstate-k8s-agent/1.0.76/templates/_container-agent.yaml delete mode 100644 charts/stackstate/stackstate-k8s-agent/1.0.76/templates/_container-process-agent.yaml delete mode 100644 charts/stackstate/stackstate-k8s-agent/1.0.76/templates/_helpers.tpl delete mode 100644 charts/stackstate/stackstate-k8s-agent/1.0.76/templates/checks-agent-clusterrolebinding.yaml delete mode 100644 charts/stackstate/stackstate-k8s-agent/1.0.76/templates/checks-agent-configmap.yaml delete mode 100644 charts/stackstate/stackstate-k8s-agent/1.0.76/templates/checks-agent-deployment.yaml delete mode 100644 charts/stackstate/stackstate-k8s-agent/1.0.76/templates/checks-agent-poddisruptionbudget.yaml delete mode 100644 charts/stackstate/stackstate-k8s-agent/1.0.76/templates/checks-agent-serviceaccount.yaml delete mode 100644 charts/stackstate/stackstate-k8s-agent/1.0.76/templates/cluster-agent-clusterrole.yaml delete mode 100644 charts/stackstate/stackstate-k8s-agent/1.0.76/templates/cluster-agent-clusterrolebinding.yaml delete mode 100644 charts/stackstate/stackstate-k8s-agent/1.0.76/templates/cluster-agent-configmap.yaml delete mode 100644 charts/stackstate/stackstate-k8s-agent/1.0.76/templates/cluster-agent-deployment.yaml delete mode 100644 charts/stackstate/stackstate-k8s-agent/1.0.76/templates/cluster-agent-poddisruptionbudget.yaml delete mode 100644 charts/stackstate/stackstate-k8s-agent/1.0.76/templates/cluster-agent-role.yaml delete mode 100644 charts/stackstate/stackstate-k8s-agent/1.0.76/templates/cluster-agent-rolebinding.yaml delete mode 100644 charts/stackstate/stackstate-k8s-agent/1.0.76/templates/cluster-agent-service.yaml delete mode 100644 charts/stackstate/stackstate-k8s-agent/1.0.76/templates/cluster-agent-serviceaccount.yaml delete mode 100644 charts/stackstate/stackstate-k8s-agent/1.0.76/templates/logs-agent-clusterrole.yaml delete mode 100644 charts/stackstate/stackstate-k8s-agent/1.0.76/templates/logs-agent-clusterrolebinding.yaml delete mode 100644 charts/stackstate/stackstate-k8s-agent/1.0.76/templates/logs-agent-configmap.yaml delete mode 100644 charts/stackstate/stackstate-k8s-agent/1.0.76/templates/logs-agent-daemonset.yaml delete mode 100644 charts/stackstate/stackstate-k8s-agent/1.0.76/templates/logs-agent-serviceaccount.yaml delete mode 100644 charts/stackstate/stackstate-k8s-agent/1.0.76/templates/node-agent-clusterrole.yaml delete mode 100644 charts/stackstate/stackstate-k8s-agent/1.0.76/templates/node-agent-clusterrolebinding.yaml delete mode 100644 charts/stackstate/stackstate-k8s-agent/1.0.76/templates/node-agent-configmap.yaml delete mode 100644 charts/stackstate/stackstate-k8s-agent/1.0.76/templates/node-agent-daemonset.yaml delete mode 100644 charts/stackstate/stackstate-k8s-agent/1.0.76/templates/node-agent-podautoscaler.yaml delete mode 100644 charts/stackstate/stackstate-k8s-agent/1.0.76/templates/node-agent-scc.yaml delete mode 100644 charts/stackstate/stackstate-k8s-agent/1.0.76/templates/node-agent-service.yaml delete mode 100644 charts/stackstate/stackstate-k8s-agent/1.0.76/templates/node-agent-serviceaccount.yaml delete mode 100644 charts/stackstate/stackstate-k8s-agent/1.0.76/templates/openshift-logging-secret.yaml delete mode 100644 charts/stackstate/stackstate-k8s-agent/1.0.76/templates/pull-secret.yaml delete mode 100644 charts/stackstate/stackstate-k8s-agent/1.0.76/templates/secret.yaml delete mode 100644 charts/stackstate/stackstate-k8s-agent/1.0.76/test/clusteragent_resources_test.go delete mode 100644 charts/stackstate/stackstate-k8s-agent/1.0.76/test/clustername_test.go delete mode 100644 charts/stackstate/stackstate-k8s-agent/1.0.76/test/values/clustercheck_ksm_custom_url.yaml delete mode 100644 charts/stackstate/stackstate-k8s-agent/1.0.76/test/values/clustercheck_ksm_no_override.yaml delete mode 100644 charts/stackstate/stackstate-k8s-agent/1.0.76/test/values/clustercheck_ksm_override.yaml delete mode 100644 charts/stackstate/stackstate-k8s-agent/1.0.76/test/values/clustercheck_no_ksm_custom_url.yaml delete mode 100644 charts/stackstate/stackstate-k8s-agent/1.0.76/test/values/clustercheck_service_port_override.yaml delete mode 100644 charts/stackstate/stackstate-k8s-agent/1.0.76/test/values/disable-all-resource.yaml delete mode 100644 charts/stackstate/stackstate-k8s-agent/1.0.76/test/values/http-header-injector.yaml delete mode 100644 charts/stackstate/stackstate-k8s-agent/1.0.76/test/values/minimal.yaml delete mode 100644 charts/stackstate/stackstate-k8s-agent/1.0.76/values.schema.json delete mode 100644 charts/stackstate/stackstate-k8s-agent/1.0.76/values.yaml delete mode 100644 charts/stackstate/stackstate-k8s-agent/1.0.78/.helmignore delete mode 100644 charts/stackstate/stackstate-k8s-agent/1.0.78/Chart.lock delete mode 100644 charts/stackstate/stackstate-k8s-agent/1.0.78/Chart.yaml delete mode 100644 charts/stackstate/stackstate-k8s-agent/1.0.78/README.md delete mode 100644 charts/stackstate/stackstate-k8s-agent/1.0.78/README.md.gotmpl delete mode 100644 charts/stackstate/stackstate-k8s-agent/1.0.78/Releasing.md delete mode 100644 charts/stackstate/stackstate-k8s-agent/1.0.78/app-readme.md delete mode 100644 charts/stackstate/stackstate-k8s-agent/1.0.78/charts/http-header-injector/.helmignore delete mode 100644 charts/stackstate/stackstate-k8s-agent/1.0.78/charts/http-header-injector/Chart.yaml delete mode 100644 charts/stackstate/stackstate-k8s-agent/1.0.78/charts/http-header-injector/README.md delete mode 100644 charts/stackstate/stackstate-k8s-agent/1.0.78/charts/http-header-injector/Readme.md.gotpl delete mode 100644 charts/stackstate/stackstate-k8s-agent/1.0.78/charts/http-header-injector/templates/_defines.tpl delete mode 100644 charts/stackstate/stackstate-k8s-agent/1.0.78/charts/http-header-injector/templates/cert-hook-clusterrolbinding.yaml delete mode 100644 charts/stackstate/stackstate-k8s-agent/1.0.78/charts/http-header-injector/templates/cert-hook-clusterrole.yaml delete mode 100644 charts/stackstate/stackstate-k8s-agent/1.0.78/charts/http-header-injector/templates/cert-hook-config.yaml delete mode 100644 charts/stackstate/stackstate-k8s-agent/1.0.78/charts/http-header-injector/templates/cert-hook-job-delete.yaml delete mode 100644 charts/stackstate/stackstate-k8s-agent/1.0.78/charts/http-header-injector/templates/cert-hook-job-setup.yaml delete mode 100644 charts/stackstate/stackstate-k8s-agent/1.0.78/charts/http-header-injector/templates/cert-hook-serviceaccount.yaml delete mode 100644 charts/stackstate/stackstate-k8s-agent/1.0.78/charts/http-header-injector/templates/pull-secret.yaml delete mode 100644 charts/stackstate/stackstate-k8s-agent/1.0.78/charts/http-header-injector/templates/webhook-cert-secret.yaml delete mode 100644 charts/stackstate/stackstate-k8s-agent/1.0.78/charts/http-header-injector/templates/webhook-certificate.yaml delete mode 100644 charts/stackstate/stackstate-k8s-agent/1.0.78/charts/http-header-injector/templates/webhook-config.yaml delete mode 100644 charts/stackstate/stackstate-k8s-agent/1.0.78/charts/http-header-injector/templates/webhook-deployment.yaml delete mode 100644 charts/stackstate/stackstate-k8s-agent/1.0.78/charts/http-header-injector/templates/webhook-mutatingwebhookconfiguration.yaml delete mode 100644 charts/stackstate/stackstate-k8s-agent/1.0.78/charts/http-header-injector/templates/webhook-service.yaml delete mode 100644 charts/stackstate/stackstate-k8s-agent/1.0.78/charts/http-header-injector/values.yaml delete mode 100644 charts/stackstate/stackstate-k8s-agent/1.0.78/questions.yml delete mode 100644 charts/stackstate/stackstate-k8s-agent/1.0.78/templates/_cluster-agent-kube-state-metrics.yaml delete mode 100644 charts/stackstate/stackstate-k8s-agent/1.0.78/templates/_container-agent.yaml delete mode 100644 charts/stackstate/stackstate-k8s-agent/1.0.78/templates/_container-process-agent.yaml delete mode 100644 charts/stackstate/stackstate-k8s-agent/1.0.78/templates/_helpers.tpl delete mode 100644 charts/stackstate/stackstate-k8s-agent/1.0.78/templates/checks-agent-clusterrolebinding.yaml delete mode 100644 charts/stackstate/stackstate-k8s-agent/1.0.78/templates/checks-agent-configmap.yaml delete mode 100644 charts/stackstate/stackstate-k8s-agent/1.0.78/templates/checks-agent-deployment.yaml delete mode 100644 charts/stackstate/stackstate-k8s-agent/1.0.78/templates/checks-agent-poddisruptionbudget.yaml delete mode 100644 charts/stackstate/stackstate-k8s-agent/1.0.78/templates/checks-agent-serviceaccount.yaml delete mode 100644 charts/stackstate/stackstate-k8s-agent/1.0.78/templates/cluster-agent-clusterrole.yaml delete mode 100644 charts/stackstate/stackstate-k8s-agent/1.0.78/templates/cluster-agent-clusterrolebinding.yaml delete mode 100644 charts/stackstate/stackstate-k8s-agent/1.0.78/templates/cluster-agent-configmap.yaml delete mode 100644 charts/stackstate/stackstate-k8s-agent/1.0.78/templates/cluster-agent-deployment.yaml delete mode 100644 charts/stackstate/stackstate-k8s-agent/1.0.78/templates/cluster-agent-poddisruptionbudget.yaml delete mode 100644 charts/stackstate/stackstate-k8s-agent/1.0.78/templates/cluster-agent-role.yaml delete mode 100644 charts/stackstate/stackstate-k8s-agent/1.0.78/templates/cluster-agent-rolebinding.yaml delete mode 100644 charts/stackstate/stackstate-k8s-agent/1.0.78/templates/cluster-agent-service.yaml delete mode 100644 charts/stackstate/stackstate-k8s-agent/1.0.78/templates/cluster-agent-serviceaccount.yaml delete mode 100644 charts/stackstate/stackstate-k8s-agent/1.0.78/templates/logs-agent-clusterrole.yaml delete mode 100644 charts/stackstate/stackstate-k8s-agent/1.0.78/templates/logs-agent-clusterrolebinding.yaml delete mode 100644 charts/stackstate/stackstate-k8s-agent/1.0.78/templates/logs-agent-configmap.yaml delete mode 100644 charts/stackstate/stackstate-k8s-agent/1.0.78/templates/logs-agent-daemonset.yaml delete mode 100644 charts/stackstate/stackstate-k8s-agent/1.0.78/templates/logs-agent-serviceaccount.yaml delete mode 100644 charts/stackstate/stackstate-k8s-agent/1.0.78/templates/node-agent-clusterrole.yaml delete mode 100644 charts/stackstate/stackstate-k8s-agent/1.0.78/templates/node-agent-clusterrolebinding.yaml delete mode 100644 charts/stackstate/stackstate-k8s-agent/1.0.78/templates/node-agent-configmap.yaml delete mode 100644 charts/stackstate/stackstate-k8s-agent/1.0.78/templates/node-agent-daemonset.yaml delete mode 100644 charts/stackstate/stackstate-k8s-agent/1.0.78/templates/node-agent-podautoscaler.yaml delete mode 100644 charts/stackstate/stackstate-k8s-agent/1.0.78/templates/node-agent-scc.yaml delete mode 100644 charts/stackstate/stackstate-k8s-agent/1.0.78/templates/node-agent-service.yaml delete mode 100644 charts/stackstate/stackstate-k8s-agent/1.0.78/templates/node-agent-serviceaccount.yaml delete mode 100644 charts/stackstate/stackstate-k8s-agent/1.0.78/templates/openshift-logging-secret.yaml delete mode 100644 charts/stackstate/stackstate-k8s-agent/1.0.78/templates/pull-secret.yaml delete mode 100644 charts/stackstate/stackstate-k8s-agent/1.0.78/templates/secret.yaml delete mode 100644 charts/stackstate/stackstate-k8s-agent/1.0.78/test/clusteragent_resources_test.go delete mode 100644 charts/stackstate/stackstate-k8s-agent/1.0.78/test/clustername_test.go delete mode 100644 charts/stackstate/stackstate-k8s-agent/1.0.78/test/values/clustercheck_ksm_custom_url.yaml delete mode 100644 charts/stackstate/stackstate-k8s-agent/1.0.78/test/values/clustercheck_ksm_no_override.yaml delete mode 100644 charts/stackstate/stackstate-k8s-agent/1.0.78/test/values/clustercheck_ksm_override.yaml delete mode 100644 charts/stackstate/stackstate-k8s-agent/1.0.78/test/values/clustercheck_no_ksm_custom_url.yaml delete mode 100644 charts/stackstate/stackstate-k8s-agent/1.0.78/test/values/clustercheck_service_port_override.yaml delete mode 100644 charts/stackstate/stackstate-k8s-agent/1.0.78/test/values/disable-all-resource.yaml delete mode 100644 charts/stackstate/stackstate-k8s-agent/1.0.78/test/values/http-header-injector.yaml delete mode 100644 charts/stackstate/stackstate-k8s-agent/1.0.78/test/values/minimal.yaml delete mode 100644 charts/stackstate/stackstate-k8s-agent/1.0.78/values.schema.json delete mode 100644 charts/stackstate/stackstate-k8s-agent/1.0.78/values.yaml delete mode 100644 charts/stackstate/stackstate-k8s-agent/1.0.81/.helmignore delete mode 100644 charts/stackstate/stackstate-k8s-agent/1.0.81/Chart.lock delete mode 100644 charts/stackstate/stackstate-k8s-agent/1.0.81/Chart.yaml delete mode 100644 charts/stackstate/stackstate-k8s-agent/1.0.81/README.md delete mode 100644 charts/stackstate/stackstate-k8s-agent/1.0.81/README.md.gotmpl delete mode 100644 charts/stackstate/stackstate-k8s-agent/1.0.81/Releasing.md delete mode 100644 charts/stackstate/stackstate-k8s-agent/1.0.81/app-readme.md delete mode 100644 charts/stackstate/stackstate-k8s-agent/1.0.81/charts/http-header-injector/.helmignore delete mode 100644 charts/stackstate/stackstate-k8s-agent/1.0.81/charts/http-header-injector/Chart.yaml delete mode 100644 charts/stackstate/stackstate-k8s-agent/1.0.81/charts/http-header-injector/README.md delete mode 100644 charts/stackstate/stackstate-k8s-agent/1.0.81/charts/http-header-injector/Readme.md.gotpl delete mode 100644 charts/stackstate/stackstate-k8s-agent/1.0.81/charts/http-header-injector/templates/_defines.tpl delete mode 100644 charts/stackstate/stackstate-k8s-agent/1.0.81/charts/http-header-injector/templates/cert-hook-clusterrolbinding.yaml delete mode 100644 charts/stackstate/stackstate-k8s-agent/1.0.81/charts/http-header-injector/templates/cert-hook-clusterrole.yaml delete mode 100644 charts/stackstate/stackstate-k8s-agent/1.0.81/charts/http-header-injector/templates/cert-hook-config.yaml delete mode 100644 charts/stackstate/stackstate-k8s-agent/1.0.81/charts/http-header-injector/templates/cert-hook-job-delete.yaml delete mode 100644 charts/stackstate/stackstate-k8s-agent/1.0.81/charts/http-header-injector/templates/cert-hook-job-setup.yaml delete mode 100644 charts/stackstate/stackstate-k8s-agent/1.0.81/charts/http-header-injector/templates/cert-hook-serviceaccount.yaml delete mode 100644 charts/stackstate/stackstate-k8s-agent/1.0.81/charts/http-header-injector/templates/pull-secret.yaml delete mode 100644 charts/stackstate/stackstate-k8s-agent/1.0.81/charts/http-header-injector/templates/webhook-cert-secret.yaml delete mode 100644 charts/stackstate/stackstate-k8s-agent/1.0.81/charts/http-header-injector/templates/webhook-certificate.yaml delete mode 100644 charts/stackstate/stackstate-k8s-agent/1.0.81/charts/http-header-injector/templates/webhook-config.yaml delete mode 100644 charts/stackstate/stackstate-k8s-agent/1.0.81/charts/http-header-injector/templates/webhook-deployment.yaml delete mode 100644 charts/stackstate/stackstate-k8s-agent/1.0.81/charts/http-header-injector/templates/webhook-mutatingwebhookconfiguration.yaml delete mode 100644 charts/stackstate/stackstate-k8s-agent/1.0.81/charts/http-header-injector/templates/webhook-service.yaml delete mode 100644 charts/stackstate/stackstate-k8s-agent/1.0.81/charts/http-header-injector/values.yaml delete mode 100644 charts/stackstate/stackstate-k8s-agent/1.0.81/questions.yml delete mode 100644 charts/stackstate/stackstate-k8s-agent/1.0.81/templates/_cluster-agent-kube-state-metrics.yaml delete mode 100644 charts/stackstate/stackstate-k8s-agent/1.0.81/templates/_container-agent.yaml delete mode 100644 charts/stackstate/stackstate-k8s-agent/1.0.81/templates/_container-process-agent.yaml delete mode 100644 charts/stackstate/stackstate-k8s-agent/1.0.81/templates/_helpers.tpl delete mode 100644 charts/stackstate/stackstate-k8s-agent/1.0.81/templates/checks-agent-clusterrolebinding.yaml delete mode 100644 charts/stackstate/stackstate-k8s-agent/1.0.81/templates/checks-agent-configmap.yaml delete mode 100644 charts/stackstate/stackstate-k8s-agent/1.0.81/templates/checks-agent-deployment.yaml delete mode 100644 charts/stackstate/stackstate-k8s-agent/1.0.81/templates/checks-agent-poddisruptionbudget.yaml delete mode 100644 charts/stackstate/stackstate-k8s-agent/1.0.81/templates/checks-agent-serviceaccount.yaml delete mode 100644 charts/stackstate/stackstate-k8s-agent/1.0.81/templates/cluster-agent-clusterrole.yaml delete mode 100644 charts/stackstate/stackstate-k8s-agent/1.0.81/templates/cluster-agent-clusterrolebinding.yaml delete mode 100644 charts/stackstate/stackstate-k8s-agent/1.0.81/templates/cluster-agent-configmap.yaml delete mode 100644 charts/stackstate/stackstate-k8s-agent/1.0.81/templates/cluster-agent-deployment.yaml delete mode 100644 charts/stackstate/stackstate-k8s-agent/1.0.81/templates/cluster-agent-poddisruptionbudget.yaml delete mode 100644 charts/stackstate/stackstate-k8s-agent/1.0.81/templates/cluster-agent-role.yaml delete mode 100644 charts/stackstate/stackstate-k8s-agent/1.0.81/templates/cluster-agent-rolebinding.yaml delete mode 100644 charts/stackstate/stackstate-k8s-agent/1.0.81/templates/cluster-agent-service.yaml delete mode 100644 charts/stackstate/stackstate-k8s-agent/1.0.81/templates/cluster-agent-serviceaccount.yaml delete mode 100644 charts/stackstate/stackstate-k8s-agent/1.0.81/templates/logs-agent-clusterrole.yaml delete mode 100644 charts/stackstate/stackstate-k8s-agent/1.0.81/templates/logs-agent-clusterrolebinding.yaml delete mode 100644 charts/stackstate/stackstate-k8s-agent/1.0.81/templates/logs-agent-configmap.yaml delete mode 100644 charts/stackstate/stackstate-k8s-agent/1.0.81/templates/logs-agent-daemonset.yaml delete mode 100644 charts/stackstate/stackstate-k8s-agent/1.0.81/templates/logs-agent-serviceaccount.yaml delete mode 100644 charts/stackstate/stackstate-k8s-agent/1.0.81/templates/node-agent-clusterrole.yaml delete mode 100644 charts/stackstate/stackstate-k8s-agent/1.0.81/templates/node-agent-clusterrolebinding.yaml delete mode 100644 charts/stackstate/stackstate-k8s-agent/1.0.81/templates/node-agent-configmap.yaml delete mode 100644 charts/stackstate/stackstate-k8s-agent/1.0.81/templates/node-agent-daemonset.yaml delete mode 100644 charts/stackstate/stackstate-k8s-agent/1.0.81/templates/node-agent-podautoscaler.yaml delete mode 100644 charts/stackstate/stackstate-k8s-agent/1.0.81/templates/node-agent-scc.yaml delete mode 100644 charts/stackstate/stackstate-k8s-agent/1.0.81/templates/node-agent-service.yaml delete mode 100644 charts/stackstate/stackstate-k8s-agent/1.0.81/templates/node-agent-serviceaccount.yaml delete mode 100644 charts/stackstate/stackstate-k8s-agent/1.0.81/templates/openshift-logging-secret.yaml delete mode 100644 charts/stackstate/stackstate-k8s-agent/1.0.81/templates/pull-secret.yaml delete mode 100644 charts/stackstate/stackstate-k8s-agent/1.0.81/templates/secret.yaml delete mode 100644 charts/stackstate/stackstate-k8s-agent/1.0.81/test/clusteragent_resources_test.go delete mode 100644 charts/stackstate/stackstate-k8s-agent/1.0.81/test/clustername_test.go delete mode 100644 charts/stackstate/stackstate-k8s-agent/1.0.81/test/values/clustercheck_ksm_custom_url.yaml delete mode 100644 charts/stackstate/stackstate-k8s-agent/1.0.81/test/values/clustercheck_ksm_no_override.yaml delete mode 100644 charts/stackstate/stackstate-k8s-agent/1.0.81/test/values/clustercheck_ksm_override.yaml delete mode 100644 charts/stackstate/stackstate-k8s-agent/1.0.81/test/values/clustercheck_no_ksm_custom_url.yaml delete mode 100644 charts/stackstate/stackstate-k8s-agent/1.0.81/test/values/clustercheck_service_port_override.yaml delete mode 100644 charts/stackstate/stackstate-k8s-agent/1.0.81/test/values/disable-all-resource.yaml delete mode 100644 charts/stackstate/stackstate-k8s-agent/1.0.81/test/values/http-header-injector.yaml delete mode 100644 charts/stackstate/stackstate-k8s-agent/1.0.81/test/values/minimal.yaml delete mode 100644 charts/stackstate/stackstate-k8s-agent/1.0.81/values.schema.json delete mode 100644 charts/stackstate/stackstate-k8s-agent/1.0.81/values.yaml delete mode 100644 charts/stackstate/stackstate-k8s-agent/1.0.82/.helmignore delete mode 100644 charts/stackstate/stackstate-k8s-agent/1.0.82/Chart.lock delete mode 100644 charts/stackstate/stackstate-k8s-agent/1.0.82/Chart.yaml delete mode 100644 charts/stackstate/stackstate-k8s-agent/1.0.82/README.md delete mode 100644 charts/stackstate/stackstate-k8s-agent/1.0.82/README.md.gotmpl delete mode 100644 charts/stackstate/stackstate-k8s-agent/1.0.82/Releasing.md delete mode 100644 charts/stackstate/stackstate-k8s-agent/1.0.82/app-readme.md delete mode 100644 charts/stackstate/stackstate-k8s-agent/1.0.82/charts/http-header-injector/.helmignore delete mode 100644 charts/stackstate/stackstate-k8s-agent/1.0.82/charts/http-header-injector/Chart.yaml delete mode 100644 charts/stackstate/stackstate-k8s-agent/1.0.82/charts/http-header-injector/README.md delete mode 100644 charts/stackstate/stackstate-k8s-agent/1.0.82/charts/http-header-injector/Readme.md.gotpl delete mode 100644 charts/stackstate/stackstate-k8s-agent/1.0.82/charts/http-header-injector/templates/_defines.tpl delete mode 100644 charts/stackstate/stackstate-k8s-agent/1.0.82/charts/http-header-injector/templates/cert-hook-clusterrolbinding.yaml delete mode 100644 charts/stackstate/stackstate-k8s-agent/1.0.82/charts/http-header-injector/templates/cert-hook-clusterrole.yaml delete mode 100644 charts/stackstate/stackstate-k8s-agent/1.0.82/charts/http-header-injector/templates/cert-hook-config.yaml delete mode 100644 charts/stackstate/stackstate-k8s-agent/1.0.82/charts/http-header-injector/templates/cert-hook-job-delete.yaml delete mode 100644 charts/stackstate/stackstate-k8s-agent/1.0.82/charts/http-header-injector/templates/cert-hook-job-setup.yaml delete mode 100644 charts/stackstate/stackstate-k8s-agent/1.0.82/charts/http-header-injector/templates/cert-hook-serviceaccount.yaml delete mode 100644 charts/stackstate/stackstate-k8s-agent/1.0.82/charts/http-header-injector/templates/pull-secret.yaml delete mode 100644 charts/stackstate/stackstate-k8s-agent/1.0.82/charts/http-header-injector/templates/webhook-cert-secret.yaml delete mode 100644 charts/stackstate/stackstate-k8s-agent/1.0.82/charts/http-header-injector/templates/webhook-certificate.yaml delete mode 100644 charts/stackstate/stackstate-k8s-agent/1.0.82/charts/http-header-injector/templates/webhook-config.yaml delete mode 100644 charts/stackstate/stackstate-k8s-agent/1.0.82/charts/http-header-injector/templates/webhook-deployment.yaml delete mode 100644 charts/stackstate/stackstate-k8s-agent/1.0.82/charts/http-header-injector/templates/webhook-mutatingwebhookconfiguration.yaml delete mode 100644 charts/stackstate/stackstate-k8s-agent/1.0.82/charts/http-header-injector/templates/webhook-service.yaml delete mode 100644 charts/stackstate/stackstate-k8s-agent/1.0.82/charts/http-header-injector/values.yaml delete mode 100644 charts/stackstate/stackstate-k8s-agent/1.0.82/questions.yml delete mode 100644 charts/stackstate/stackstate-k8s-agent/1.0.82/templates/_cluster-agent-kube-state-metrics.yaml delete mode 100644 charts/stackstate/stackstate-k8s-agent/1.0.82/templates/_container-agent.yaml delete mode 100644 charts/stackstate/stackstate-k8s-agent/1.0.82/templates/_container-process-agent.yaml delete mode 100644 charts/stackstate/stackstate-k8s-agent/1.0.82/templates/_helpers.tpl delete mode 100644 charts/stackstate/stackstate-k8s-agent/1.0.82/templates/checks-agent-clusterrolebinding.yaml delete mode 100644 charts/stackstate/stackstate-k8s-agent/1.0.82/templates/checks-agent-configmap.yaml delete mode 100644 charts/stackstate/stackstate-k8s-agent/1.0.82/templates/checks-agent-deployment.yaml delete mode 100644 charts/stackstate/stackstate-k8s-agent/1.0.82/templates/checks-agent-poddisruptionbudget.yaml delete mode 100644 charts/stackstate/stackstate-k8s-agent/1.0.82/templates/checks-agent-serviceaccount.yaml delete mode 100644 charts/stackstate/stackstate-k8s-agent/1.0.82/templates/cluster-agent-clusterrole.yaml delete mode 100644 charts/stackstate/stackstate-k8s-agent/1.0.82/templates/cluster-agent-clusterrolebinding.yaml delete mode 100644 charts/stackstate/stackstate-k8s-agent/1.0.82/templates/cluster-agent-configmap.yaml delete mode 100644 charts/stackstate/stackstate-k8s-agent/1.0.82/templates/cluster-agent-deployment.yaml delete mode 100644 charts/stackstate/stackstate-k8s-agent/1.0.82/templates/cluster-agent-poddisruptionbudget.yaml delete mode 100644 charts/stackstate/stackstate-k8s-agent/1.0.82/templates/cluster-agent-role.yaml delete mode 100644 charts/stackstate/stackstate-k8s-agent/1.0.82/templates/cluster-agent-rolebinding.yaml delete mode 100644 charts/stackstate/stackstate-k8s-agent/1.0.82/templates/cluster-agent-service.yaml delete mode 100644 charts/stackstate/stackstate-k8s-agent/1.0.82/templates/cluster-agent-serviceaccount.yaml delete mode 100644 charts/stackstate/stackstate-k8s-agent/1.0.82/templates/logs-agent-clusterrole.yaml delete mode 100644 charts/stackstate/stackstate-k8s-agent/1.0.82/templates/logs-agent-clusterrolebinding.yaml delete mode 100644 charts/stackstate/stackstate-k8s-agent/1.0.82/templates/logs-agent-configmap.yaml delete mode 100644 charts/stackstate/stackstate-k8s-agent/1.0.82/templates/logs-agent-daemonset.yaml delete mode 100644 charts/stackstate/stackstate-k8s-agent/1.0.82/templates/logs-agent-serviceaccount.yaml delete mode 100644 charts/stackstate/stackstate-k8s-agent/1.0.82/templates/node-agent-clusterrole.yaml delete mode 100644 charts/stackstate/stackstate-k8s-agent/1.0.82/templates/node-agent-clusterrolebinding.yaml delete mode 100644 charts/stackstate/stackstate-k8s-agent/1.0.82/templates/node-agent-configmap.yaml delete mode 100644 charts/stackstate/stackstate-k8s-agent/1.0.82/templates/node-agent-daemonset.yaml delete mode 100644 charts/stackstate/stackstate-k8s-agent/1.0.82/templates/node-agent-podautoscaler.yaml delete mode 100644 charts/stackstate/stackstate-k8s-agent/1.0.82/templates/node-agent-scc.yaml delete mode 100644 charts/stackstate/stackstate-k8s-agent/1.0.82/templates/node-agent-service.yaml delete mode 100644 charts/stackstate/stackstate-k8s-agent/1.0.82/templates/node-agent-serviceaccount.yaml delete mode 100644 charts/stackstate/stackstate-k8s-agent/1.0.82/templates/openshift-logging-secret.yaml delete mode 100644 charts/stackstate/stackstate-k8s-agent/1.0.82/templates/pull-secret.yaml delete mode 100644 charts/stackstate/stackstate-k8s-agent/1.0.82/templates/secret.yaml delete mode 100644 charts/stackstate/stackstate-k8s-agent/1.0.82/test/clusteragent_resources_test.go delete mode 100644 charts/stackstate/stackstate-k8s-agent/1.0.82/test/clustername_test.go delete mode 100644 charts/stackstate/stackstate-k8s-agent/1.0.82/test/values/clustercheck_ksm_custom_url.yaml delete mode 100644 charts/stackstate/stackstate-k8s-agent/1.0.82/test/values/clustercheck_ksm_no_override.yaml delete mode 100644 charts/stackstate/stackstate-k8s-agent/1.0.82/test/values/clustercheck_ksm_override.yaml delete mode 100644 charts/stackstate/stackstate-k8s-agent/1.0.82/test/values/clustercheck_no_ksm_custom_url.yaml delete mode 100644 charts/stackstate/stackstate-k8s-agent/1.0.82/test/values/clustercheck_service_port_override.yaml delete mode 100644 charts/stackstate/stackstate-k8s-agent/1.0.82/test/values/disable-all-resource.yaml delete mode 100644 charts/stackstate/stackstate-k8s-agent/1.0.82/test/values/http-header-injector.yaml delete mode 100644 charts/stackstate/stackstate-k8s-agent/1.0.82/test/values/minimal.yaml delete mode 100644 charts/stackstate/stackstate-k8s-agent/1.0.82/values.schema.json delete mode 100644 charts/stackstate/stackstate-k8s-agent/1.0.82/values.yaml delete mode 100644 charts/stackstate/stackstate-k8s-agent/1.0.84/.helmignore delete mode 100644 charts/stackstate/stackstate-k8s-agent/1.0.84/Chart.lock delete mode 100644 charts/stackstate/stackstate-k8s-agent/1.0.84/Chart.yaml delete mode 100644 charts/stackstate/stackstate-k8s-agent/1.0.84/README.md delete mode 100644 charts/stackstate/stackstate-k8s-agent/1.0.84/README.md.gotmpl delete mode 100644 charts/stackstate/stackstate-k8s-agent/1.0.84/Releasing.md delete mode 100644 charts/stackstate/stackstate-k8s-agent/1.0.84/app-readme.md delete mode 100644 charts/stackstate/stackstate-k8s-agent/1.0.84/charts/http-header-injector/.helmignore delete mode 100644 charts/stackstate/stackstate-k8s-agent/1.0.84/charts/http-header-injector/Chart.yaml delete mode 100644 charts/stackstate/stackstate-k8s-agent/1.0.84/charts/http-header-injector/README.md delete mode 100644 charts/stackstate/stackstate-k8s-agent/1.0.84/charts/http-header-injector/Readme.md.gotpl delete mode 100644 charts/stackstate/stackstate-k8s-agent/1.0.84/charts/http-header-injector/templates/_defines.tpl delete mode 100644 charts/stackstate/stackstate-k8s-agent/1.0.84/charts/http-header-injector/templates/cert-hook-clusterrolbinding.yaml delete mode 100644 charts/stackstate/stackstate-k8s-agent/1.0.84/charts/http-header-injector/templates/cert-hook-clusterrole.yaml delete mode 100644 charts/stackstate/stackstate-k8s-agent/1.0.84/charts/http-header-injector/templates/cert-hook-config.yaml delete mode 100644 charts/stackstate/stackstate-k8s-agent/1.0.84/charts/http-header-injector/templates/cert-hook-job-delete.yaml delete mode 100644 charts/stackstate/stackstate-k8s-agent/1.0.84/charts/http-header-injector/templates/cert-hook-job-setup.yaml delete mode 100644 charts/stackstate/stackstate-k8s-agent/1.0.84/charts/http-header-injector/templates/cert-hook-serviceaccount.yaml delete mode 100644 charts/stackstate/stackstate-k8s-agent/1.0.84/charts/http-header-injector/templates/pull-secret.yaml delete mode 100644 charts/stackstate/stackstate-k8s-agent/1.0.84/charts/http-header-injector/templates/webhook-cert-secret.yaml delete mode 100644 charts/stackstate/stackstate-k8s-agent/1.0.84/charts/http-header-injector/templates/webhook-certificate.yaml delete mode 100644 charts/stackstate/stackstate-k8s-agent/1.0.84/charts/http-header-injector/templates/webhook-config.yaml delete mode 100644 charts/stackstate/stackstate-k8s-agent/1.0.84/charts/http-header-injector/templates/webhook-deployment.yaml delete mode 100644 charts/stackstate/stackstate-k8s-agent/1.0.84/charts/http-header-injector/templates/webhook-mutatingwebhookconfiguration.yaml delete mode 100644 charts/stackstate/stackstate-k8s-agent/1.0.84/charts/http-header-injector/templates/webhook-service.yaml delete mode 100644 charts/stackstate/stackstate-k8s-agent/1.0.84/charts/http-header-injector/values.yaml delete mode 100644 charts/stackstate/stackstate-k8s-agent/1.0.84/questions.yml delete mode 100644 charts/stackstate/stackstate-k8s-agent/1.0.84/templates/_cluster-agent-kube-state-metrics.yaml delete mode 100644 charts/stackstate/stackstate-k8s-agent/1.0.84/templates/_container-agent.yaml delete mode 100644 charts/stackstate/stackstate-k8s-agent/1.0.84/templates/_container-process-agent.yaml delete mode 100644 charts/stackstate/stackstate-k8s-agent/1.0.84/templates/_helpers.tpl delete mode 100644 charts/stackstate/stackstate-k8s-agent/1.0.84/templates/checks-agent-clusterrolebinding.yaml delete mode 100644 charts/stackstate/stackstate-k8s-agent/1.0.84/templates/checks-agent-configmap.yaml delete mode 100644 charts/stackstate/stackstate-k8s-agent/1.0.84/templates/checks-agent-deployment.yaml delete mode 100644 charts/stackstate/stackstate-k8s-agent/1.0.84/templates/checks-agent-poddisruptionbudget.yaml delete mode 100644 charts/stackstate/stackstate-k8s-agent/1.0.84/templates/checks-agent-serviceaccount.yaml delete mode 100644 charts/stackstate/stackstate-k8s-agent/1.0.84/templates/cluster-agent-clusterrole.yaml delete mode 100644 charts/stackstate/stackstate-k8s-agent/1.0.84/templates/cluster-agent-clusterrolebinding.yaml delete mode 100644 charts/stackstate/stackstate-k8s-agent/1.0.84/templates/cluster-agent-configmap.yaml delete mode 100644 charts/stackstate/stackstate-k8s-agent/1.0.84/templates/cluster-agent-deployment.yaml delete mode 100644 charts/stackstate/stackstate-k8s-agent/1.0.84/templates/cluster-agent-poddisruptionbudget.yaml delete mode 100644 charts/stackstate/stackstate-k8s-agent/1.0.84/templates/cluster-agent-role.yaml delete mode 100644 charts/stackstate/stackstate-k8s-agent/1.0.84/templates/cluster-agent-rolebinding.yaml delete mode 100644 charts/stackstate/stackstate-k8s-agent/1.0.84/templates/cluster-agent-service.yaml delete mode 100644 charts/stackstate/stackstate-k8s-agent/1.0.84/templates/cluster-agent-serviceaccount.yaml delete mode 100644 charts/stackstate/stackstate-k8s-agent/1.0.84/templates/logs-agent-clusterrole.yaml delete mode 100644 charts/stackstate/stackstate-k8s-agent/1.0.84/templates/logs-agent-clusterrolebinding.yaml delete mode 100644 charts/stackstate/stackstate-k8s-agent/1.0.84/templates/logs-agent-configmap.yaml delete mode 100644 charts/stackstate/stackstate-k8s-agent/1.0.84/templates/logs-agent-daemonset.yaml delete mode 100644 charts/stackstate/stackstate-k8s-agent/1.0.84/templates/logs-agent-serviceaccount.yaml delete mode 100644 charts/stackstate/stackstate-k8s-agent/1.0.84/templates/node-agent-clusterrole.yaml delete mode 100644 charts/stackstate/stackstate-k8s-agent/1.0.84/templates/node-agent-clusterrolebinding.yaml delete mode 100644 charts/stackstate/stackstate-k8s-agent/1.0.84/templates/node-agent-configmap.yaml delete mode 100644 charts/stackstate/stackstate-k8s-agent/1.0.84/templates/node-agent-daemonset.yaml delete mode 100644 charts/stackstate/stackstate-k8s-agent/1.0.84/templates/node-agent-podautoscaler.yaml delete mode 100644 charts/stackstate/stackstate-k8s-agent/1.0.84/templates/node-agent-scc.yaml delete mode 100644 charts/stackstate/stackstate-k8s-agent/1.0.84/templates/node-agent-service.yaml delete mode 100644 charts/stackstate/stackstate-k8s-agent/1.0.84/templates/node-agent-serviceaccount.yaml delete mode 100644 charts/stackstate/stackstate-k8s-agent/1.0.84/templates/openshift-logging-secret.yaml delete mode 100644 charts/stackstate/stackstate-k8s-agent/1.0.84/templates/pull-secret.yaml delete mode 100644 charts/stackstate/stackstate-k8s-agent/1.0.84/templates/secret.yaml delete mode 100644 charts/stackstate/stackstate-k8s-agent/1.0.84/test/clusteragent_resources_test.go delete mode 100644 charts/stackstate/stackstate-k8s-agent/1.0.84/test/clustername_test.go delete mode 100644 charts/stackstate/stackstate-k8s-agent/1.0.84/test/values/clustercheck_ksm_custom_url.yaml delete mode 100644 charts/stackstate/stackstate-k8s-agent/1.0.84/test/values/clustercheck_ksm_no_override.yaml delete mode 100644 charts/stackstate/stackstate-k8s-agent/1.0.84/test/values/clustercheck_ksm_override.yaml delete mode 100644 charts/stackstate/stackstate-k8s-agent/1.0.84/test/values/clustercheck_no_ksm_custom_url.yaml delete mode 100644 charts/stackstate/stackstate-k8s-agent/1.0.84/test/values/clustercheck_service_port_override.yaml delete mode 100644 charts/stackstate/stackstate-k8s-agent/1.0.84/test/values/disable-all-resource.yaml delete mode 100644 charts/stackstate/stackstate-k8s-agent/1.0.84/test/values/http-header-injector.yaml delete mode 100644 charts/stackstate/stackstate-k8s-agent/1.0.84/test/values/minimal.yaml delete mode 100644 charts/stackstate/stackstate-k8s-agent/1.0.84/values.schema.json delete mode 100644 charts/stackstate/stackstate-k8s-agent/1.0.84/values.yaml delete mode 100644 charts/stackstate/stackstate-k8s-agent/1.0.86/.helmignore delete mode 100644 charts/stackstate/stackstate-k8s-agent/1.0.86/Chart.lock delete mode 100644 charts/stackstate/stackstate-k8s-agent/1.0.86/Chart.yaml delete mode 100644 charts/stackstate/stackstate-k8s-agent/1.0.86/README.md delete mode 100644 charts/stackstate/stackstate-k8s-agent/1.0.86/README.md.gotmpl delete mode 100644 charts/stackstate/stackstate-k8s-agent/1.0.86/Releasing.md delete mode 100644 charts/stackstate/stackstate-k8s-agent/1.0.86/app-readme.md delete mode 100644 charts/stackstate/stackstate-k8s-agent/1.0.86/charts/http-header-injector/.helmignore delete mode 100644 charts/stackstate/stackstate-k8s-agent/1.0.86/charts/http-header-injector/Chart.yaml delete mode 100644 charts/stackstate/stackstate-k8s-agent/1.0.86/charts/http-header-injector/README.md delete mode 100644 charts/stackstate/stackstate-k8s-agent/1.0.86/charts/http-header-injector/Readme.md.gotpl delete mode 100644 charts/stackstate/stackstate-k8s-agent/1.0.86/charts/http-header-injector/templates/_defines.tpl delete mode 100644 charts/stackstate/stackstate-k8s-agent/1.0.86/charts/http-header-injector/templates/cert-hook-clusterrolbinding.yaml delete mode 100644 charts/stackstate/stackstate-k8s-agent/1.0.86/charts/http-header-injector/templates/cert-hook-clusterrole.yaml delete mode 100644 charts/stackstate/stackstate-k8s-agent/1.0.86/charts/http-header-injector/templates/cert-hook-config.yaml delete mode 100644 charts/stackstate/stackstate-k8s-agent/1.0.86/charts/http-header-injector/templates/cert-hook-job-delete.yaml delete mode 100644 charts/stackstate/stackstate-k8s-agent/1.0.86/charts/http-header-injector/templates/cert-hook-job-setup.yaml delete mode 100644 charts/stackstate/stackstate-k8s-agent/1.0.86/charts/http-header-injector/templates/cert-hook-serviceaccount.yaml delete mode 100644 charts/stackstate/stackstate-k8s-agent/1.0.86/charts/http-header-injector/templates/pull-secret.yaml delete mode 100644 charts/stackstate/stackstate-k8s-agent/1.0.86/charts/http-header-injector/templates/webhook-cert-secret.yaml delete mode 100644 charts/stackstate/stackstate-k8s-agent/1.0.86/charts/http-header-injector/templates/webhook-certificate.yaml delete mode 100644 charts/stackstate/stackstate-k8s-agent/1.0.86/charts/http-header-injector/templates/webhook-config.yaml delete mode 100644 charts/stackstate/stackstate-k8s-agent/1.0.86/charts/http-header-injector/templates/webhook-deployment.yaml delete mode 100644 charts/stackstate/stackstate-k8s-agent/1.0.86/charts/http-header-injector/templates/webhook-mutatingwebhookconfiguration.yaml delete mode 100644 charts/stackstate/stackstate-k8s-agent/1.0.86/charts/http-header-injector/templates/webhook-service.yaml delete mode 100644 charts/stackstate/stackstate-k8s-agent/1.0.86/charts/http-header-injector/values.yaml delete mode 100644 charts/stackstate/stackstate-k8s-agent/1.0.86/questions.yml delete mode 100644 charts/stackstate/stackstate-k8s-agent/1.0.86/templates/_cluster-agent-kube-state-metrics.yaml delete mode 100644 charts/stackstate/stackstate-k8s-agent/1.0.86/templates/_container-agent.yaml delete mode 100644 charts/stackstate/stackstate-k8s-agent/1.0.86/templates/_container-process-agent.yaml delete mode 100644 charts/stackstate/stackstate-k8s-agent/1.0.86/templates/_helpers.tpl delete mode 100644 charts/stackstate/stackstate-k8s-agent/1.0.86/templates/checks-agent-clusterrolebinding.yaml delete mode 100644 charts/stackstate/stackstate-k8s-agent/1.0.86/templates/checks-agent-configmap.yaml delete mode 100644 charts/stackstate/stackstate-k8s-agent/1.0.86/templates/checks-agent-deployment.yaml delete mode 100644 charts/stackstate/stackstate-k8s-agent/1.0.86/templates/checks-agent-poddisruptionbudget.yaml delete mode 100644 charts/stackstate/stackstate-k8s-agent/1.0.86/templates/checks-agent-serviceaccount.yaml delete mode 100644 charts/stackstate/stackstate-k8s-agent/1.0.86/templates/cluster-agent-clusterrole.yaml delete mode 100644 charts/stackstate/stackstate-k8s-agent/1.0.86/templates/cluster-agent-clusterrolebinding.yaml delete mode 100644 charts/stackstate/stackstate-k8s-agent/1.0.86/templates/cluster-agent-configmap.yaml delete mode 100644 charts/stackstate/stackstate-k8s-agent/1.0.86/templates/cluster-agent-deployment.yaml delete mode 100644 charts/stackstate/stackstate-k8s-agent/1.0.86/templates/cluster-agent-poddisruptionbudget.yaml delete mode 100644 charts/stackstate/stackstate-k8s-agent/1.0.86/templates/cluster-agent-role.yaml delete mode 100644 charts/stackstate/stackstate-k8s-agent/1.0.86/templates/cluster-agent-rolebinding.yaml delete mode 100644 charts/stackstate/stackstate-k8s-agent/1.0.86/templates/cluster-agent-service.yaml delete mode 100644 charts/stackstate/stackstate-k8s-agent/1.0.86/templates/cluster-agent-serviceaccount.yaml delete mode 100644 charts/stackstate/stackstate-k8s-agent/1.0.86/templates/logs-agent-clusterrole.yaml delete mode 100644 charts/stackstate/stackstate-k8s-agent/1.0.86/templates/logs-agent-clusterrolebinding.yaml delete mode 100644 charts/stackstate/stackstate-k8s-agent/1.0.86/templates/logs-agent-configmap.yaml delete mode 100644 charts/stackstate/stackstate-k8s-agent/1.0.86/templates/logs-agent-daemonset.yaml delete mode 100644 charts/stackstate/stackstate-k8s-agent/1.0.86/templates/logs-agent-serviceaccount.yaml delete mode 100644 charts/stackstate/stackstate-k8s-agent/1.0.86/templates/node-agent-clusterrole.yaml delete mode 100644 charts/stackstate/stackstate-k8s-agent/1.0.86/templates/node-agent-clusterrolebinding.yaml delete mode 100644 charts/stackstate/stackstate-k8s-agent/1.0.86/templates/node-agent-configmap.yaml delete mode 100644 charts/stackstate/stackstate-k8s-agent/1.0.86/templates/node-agent-daemonset.yaml delete mode 100644 charts/stackstate/stackstate-k8s-agent/1.0.86/templates/node-agent-podautoscaler.yaml delete mode 100644 charts/stackstate/stackstate-k8s-agent/1.0.86/templates/node-agent-scc.yaml delete mode 100644 charts/stackstate/stackstate-k8s-agent/1.0.86/templates/node-agent-service.yaml delete mode 100644 charts/stackstate/stackstate-k8s-agent/1.0.86/templates/node-agent-serviceaccount.yaml delete mode 100644 charts/stackstate/stackstate-k8s-agent/1.0.86/templates/openshift-logging-secret.yaml delete mode 100644 charts/stackstate/stackstate-k8s-agent/1.0.86/templates/pull-secret.yaml delete mode 100644 charts/stackstate/stackstate-k8s-agent/1.0.86/templates/secret.yaml delete mode 100644 charts/stackstate/stackstate-k8s-agent/1.0.86/test/clusteragent_resources_test.go delete mode 100644 charts/stackstate/stackstate-k8s-agent/1.0.86/test/clustername_test.go delete mode 100644 charts/stackstate/stackstate-k8s-agent/1.0.86/test/values/clustercheck_ksm_custom_url.yaml delete mode 100644 charts/stackstate/stackstate-k8s-agent/1.0.86/test/values/clustercheck_ksm_no_override.yaml delete mode 100644 charts/stackstate/stackstate-k8s-agent/1.0.86/test/values/clustercheck_ksm_override.yaml delete mode 100644 charts/stackstate/stackstate-k8s-agent/1.0.86/test/values/clustercheck_no_ksm_custom_url.yaml delete mode 100644 charts/stackstate/stackstate-k8s-agent/1.0.86/test/values/clustercheck_service_port_override.yaml delete mode 100644 charts/stackstate/stackstate-k8s-agent/1.0.86/test/values/disable-all-resource.yaml delete mode 100644 charts/stackstate/stackstate-k8s-agent/1.0.86/test/values/http-header-injector.yaml delete mode 100644 charts/stackstate/stackstate-k8s-agent/1.0.86/test/values/minimal.yaml delete mode 100644 charts/stackstate/stackstate-k8s-agent/1.0.86/values.schema.json delete mode 100644 charts/stackstate/stackstate-k8s-agent/1.0.86/values.yaml delete mode 100644 charts/stackstate/stackstate-k8s-agent/1.0.87/.helmignore delete mode 100644 charts/stackstate/stackstate-k8s-agent/1.0.87/Chart.lock delete mode 100644 charts/stackstate/stackstate-k8s-agent/1.0.87/Chart.yaml delete mode 100644 charts/stackstate/stackstate-k8s-agent/1.0.87/README.md delete mode 100644 charts/stackstate/stackstate-k8s-agent/1.0.87/README.md.gotmpl delete mode 100644 charts/stackstate/stackstate-k8s-agent/1.0.87/Releasing.md delete mode 100644 charts/stackstate/stackstate-k8s-agent/1.0.87/app-readme.md delete mode 100644 charts/stackstate/stackstate-k8s-agent/1.0.87/charts/http-header-injector/.helmignore delete mode 100644 charts/stackstate/stackstate-k8s-agent/1.0.87/charts/http-header-injector/Chart.yaml delete mode 100644 charts/stackstate/stackstate-k8s-agent/1.0.87/charts/http-header-injector/README.md delete mode 100644 charts/stackstate/stackstate-k8s-agent/1.0.87/charts/http-header-injector/Readme.md.gotpl delete mode 100644 charts/stackstate/stackstate-k8s-agent/1.0.87/charts/http-header-injector/templates/_defines.tpl delete mode 100644 charts/stackstate/stackstate-k8s-agent/1.0.87/charts/http-header-injector/templates/cert-hook-clusterrolbinding.yaml delete mode 100644 charts/stackstate/stackstate-k8s-agent/1.0.87/charts/http-header-injector/templates/cert-hook-clusterrole.yaml delete mode 100644 charts/stackstate/stackstate-k8s-agent/1.0.87/charts/http-header-injector/templates/cert-hook-config.yaml delete mode 100644 charts/stackstate/stackstate-k8s-agent/1.0.87/charts/http-header-injector/templates/cert-hook-job-delete.yaml delete mode 100644 charts/stackstate/stackstate-k8s-agent/1.0.87/charts/http-header-injector/templates/cert-hook-job-setup.yaml delete mode 100644 charts/stackstate/stackstate-k8s-agent/1.0.87/charts/http-header-injector/templates/cert-hook-serviceaccount.yaml delete mode 100644 charts/stackstate/stackstate-k8s-agent/1.0.87/charts/http-header-injector/templates/pull-secret.yaml delete mode 100644 charts/stackstate/stackstate-k8s-agent/1.0.87/charts/http-header-injector/templates/webhook-cert-secret.yaml delete mode 100644 charts/stackstate/stackstate-k8s-agent/1.0.87/charts/http-header-injector/templates/webhook-certificate.yaml delete mode 100644 charts/stackstate/stackstate-k8s-agent/1.0.87/charts/http-header-injector/templates/webhook-config.yaml delete mode 100644 charts/stackstate/stackstate-k8s-agent/1.0.87/charts/http-header-injector/templates/webhook-deployment.yaml delete mode 100644 charts/stackstate/stackstate-k8s-agent/1.0.87/charts/http-header-injector/templates/webhook-mutatingwebhookconfiguration.yaml delete mode 100644 charts/stackstate/stackstate-k8s-agent/1.0.87/charts/http-header-injector/templates/webhook-service.yaml delete mode 100644 charts/stackstate/stackstate-k8s-agent/1.0.87/charts/http-header-injector/values.yaml delete mode 100644 charts/stackstate/stackstate-k8s-agent/1.0.87/questions.yml delete mode 100644 charts/stackstate/stackstate-k8s-agent/1.0.87/templates/_cluster-agent-kube-state-metrics.yaml delete mode 100644 charts/stackstate/stackstate-k8s-agent/1.0.87/templates/_container-agent.yaml delete mode 100644 charts/stackstate/stackstate-k8s-agent/1.0.87/templates/_container-process-agent.yaml delete mode 100644 charts/stackstate/stackstate-k8s-agent/1.0.87/templates/_helpers.tpl delete mode 100644 charts/stackstate/stackstate-k8s-agent/1.0.87/templates/checks-agent-clusterrolebinding.yaml delete mode 100644 charts/stackstate/stackstate-k8s-agent/1.0.87/templates/checks-agent-configmap.yaml delete mode 100644 charts/stackstate/stackstate-k8s-agent/1.0.87/templates/checks-agent-deployment.yaml delete mode 100644 charts/stackstate/stackstate-k8s-agent/1.0.87/templates/checks-agent-poddisruptionbudget.yaml delete mode 100644 charts/stackstate/stackstate-k8s-agent/1.0.87/templates/checks-agent-serviceaccount.yaml delete mode 100644 charts/stackstate/stackstate-k8s-agent/1.0.87/templates/cluster-agent-clusterrole.yaml delete mode 100644 charts/stackstate/stackstate-k8s-agent/1.0.87/templates/cluster-agent-clusterrolebinding.yaml delete mode 100644 charts/stackstate/stackstate-k8s-agent/1.0.87/templates/cluster-agent-configmap.yaml delete mode 100644 charts/stackstate/stackstate-k8s-agent/1.0.87/templates/cluster-agent-deployment.yaml delete mode 100644 charts/stackstate/stackstate-k8s-agent/1.0.87/templates/cluster-agent-poddisruptionbudget.yaml delete mode 100644 charts/stackstate/stackstate-k8s-agent/1.0.87/templates/cluster-agent-role.yaml delete mode 100644 charts/stackstate/stackstate-k8s-agent/1.0.87/templates/cluster-agent-rolebinding.yaml delete mode 100644 charts/stackstate/stackstate-k8s-agent/1.0.87/templates/cluster-agent-service.yaml delete mode 100644 charts/stackstate/stackstate-k8s-agent/1.0.87/templates/cluster-agent-serviceaccount.yaml delete mode 100644 charts/stackstate/stackstate-k8s-agent/1.0.87/templates/logs-agent-clusterrole.yaml delete mode 100644 charts/stackstate/stackstate-k8s-agent/1.0.87/templates/logs-agent-clusterrolebinding.yaml delete mode 100644 charts/stackstate/stackstate-k8s-agent/1.0.87/templates/logs-agent-configmap.yaml delete mode 100644 charts/stackstate/stackstate-k8s-agent/1.0.87/templates/logs-agent-daemonset.yaml delete mode 100644 charts/stackstate/stackstate-k8s-agent/1.0.87/templates/logs-agent-serviceaccount.yaml delete mode 100644 charts/stackstate/stackstate-k8s-agent/1.0.87/templates/node-agent-clusterrole.yaml delete mode 100644 charts/stackstate/stackstate-k8s-agent/1.0.87/templates/node-agent-clusterrolebinding.yaml delete mode 100644 charts/stackstate/stackstate-k8s-agent/1.0.87/templates/node-agent-configmap.yaml delete mode 100644 charts/stackstate/stackstate-k8s-agent/1.0.87/templates/node-agent-daemonset.yaml delete mode 100644 charts/stackstate/stackstate-k8s-agent/1.0.87/templates/node-agent-podautoscaler.yaml delete mode 100644 charts/stackstate/stackstate-k8s-agent/1.0.87/templates/node-agent-scc.yaml delete mode 100644 charts/stackstate/stackstate-k8s-agent/1.0.87/templates/node-agent-service.yaml delete mode 100644 charts/stackstate/stackstate-k8s-agent/1.0.87/templates/node-agent-serviceaccount.yaml delete mode 100644 charts/stackstate/stackstate-k8s-agent/1.0.87/templates/openshift-logging-secret.yaml delete mode 100644 charts/stackstate/stackstate-k8s-agent/1.0.87/templates/pull-secret.yaml delete mode 100644 charts/stackstate/stackstate-k8s-agent/1.0.87/templates/secret.yaml delete mode 100644 charts/stackstate/stackstate-k8s-agent/1.0.87/test/clusteragent_resources_test.go delete mode 100644 charts/stackstate/stackstate-k8s-agent/1.0.87/test/clustername_test.go delete mode 100644 charts/stackstate/stackstate-k8s-agent/1.0.87/test/values/clustercheck_ksm_custom_url.yaml delete mode 100644 charts/stackstate/stackstate-k8s-agent/1.0.87/test/values/clustercheck_ksm_no_override.yaml delete mode 100644 charts/stackstate/stackstate-k8s-agent/1.0.87/test/values/clustercheck_ksm_override.yaml delete mode 100644 charts/stackstate/stackstate-k8s-agent/1.0.87/test/values/clustercheck_no_ksm_custom_url.yaml delete mode 100644 charts/stackstate/stackstate-k8s-agent/1.0.87/test/values/clustercheck_service_port_override.yaml delete mode 100644 charts/stackstate/stackstate-k8s-agent/1.0.87/test/values/disable-all-resource.yaml delete mode 100644 charts/stackstate/stackstate-k8s-agent/1.0.87/test/values/http-header-injector.yaml delete mode 100644 charts/stackstate/stackstate-k8s-agent/1.0.87/test/values/minimal.yaml delete mode 100644 charts/stackstate/stackstate-k8s-agent/1.0.87/values.schema.json delete mode 100644 charts/stackstate/stackstate-k8s-agent/1.0.87/values.yaml delete mode 100644 charts/stackstate/stackstate-k8s-agent/1.0.88/.helmignore delete mode 100644 charts/stackstate/stackstate-k8s-agent/1.0.88/Chart.lock delete mode 100644 charts/stackstate/stackstate-k8s-agent/1.0.88/Chart.yaml delete mode 100644 charts/stackstate/stackstate-k8s-agent/1.0.88/README.md delete mode 100644 charts/stackstate/stackstate-k8s-agent/1.0.88/README.md.gotmpl delete mode 100644 charts/stackstate/stackstate-k8s-agent/1.0.88/Releasing.md delete mode 100644 charts/stackstate/stackstate-k8s-agent/1.0.88/app-readme.md delete mode 100644 charts/stackstate/stackstate-k8s-agent/1.0.88/charts/http-header-injector/.helmignore delete mode 100644 charts/stackstate/stackstate-k8s-agent/1.0.88/charts/http-header-injector/Chart.yaml delete mode 100644 charts/stackstate/stackstate-k8s-agent/1.0.88/charts/http-header-injector/README.md delete mode 100644 charts/stackstate/stackstate-k8s-agent/1.0.88/charts/http-header-injector/Readme.md.gotpl delete mode 100644 charts/stackstate/stackstate-k8s-agent/1.0.88/charts/http-header-injector/templates/_defines.tpl delete mode 100644 charts/stackstate/stackstate-k8s-agent/1.0.88/charts/http-header-injector/templates/cert-hook-clusterrolbinding.yaml delete mode 100644 charts/stackstate/stackstate-k8s-agent/1.0.88/charts/http-header-injector/templates/cert-hook-clusterrole.yaml delete mode 100644 charts/stackstate/stackstate-k8s-agent/1.0.88/charts/http-header-injector/templates/cert-hook-config.yaml delete mode 100644 charts/stackstate/stackstate-k8s-agent/1.0.88/charts/http-header-injector/templates/cert-hook-job-delete.yaml delete mode 100644 charts/stackstate/stackstate-k8s-agent/1.0.88/charts/http-header-injector/templates/cert-hook-job-setup.yaml delete mode 100644 charts/stackstate/stackstate-k8s-agent/1.0.88/charts/http-header-injector/templates/cert-hook-serviceaccount.yaml delete mode 100644 charts/stackstate/stackstate-k8s-agent/1.0.88/charts/http-header-injector/templates/pull-secret.yaml delete mode 100644 charts/stackstate/stackstate-k8s-agent/1.0.88/charts/http-header-injector/templates/webhook-cert-secret.yaml delete mode 100644 charts/stackstate/stackstate-k8s-agent/1.0.88/charts/http-header-injector/templates/webhook-certificate.yaml delete mode 100644 charts/stackstate/stackstate-k8s-agent/1.0.88/charts/http-header-injector/templates/webhook-config.yaml delete mode 100644 charts/stackstate/stackstate-k8s-agent/1.0.88/charts/http-header-injector/templates/webhook-deployment.yaml delete mode 100644 charts/stackstate/stackstate-k8s-agent/1.0.88/charts/http-header-injector/templates/webhook-mutatingwebhookconfiguration.yaml delete mode 100644 charts/stackstate/stackstate-k8s-agent/1.0.88/charts/http-header-injector/templates/webhook-service.yaml delete mode 100644 charts/stackstate/stackstate-k8s-agent/1.0.88/charts/http-header-injector/values.yaml delete mode 100644 charts/stackstate/stackstate-k8s-agent/1.0.88/questions.yml delete mode 100644 charts/stackstate/stackstate-k8s-agent/1.0.88/templates/_cluster-agent-kube-state-metrics.yaml delete mode 100644 charts/stackstate/stackstate-k8s-agent/1.0.88/templates/_container-agent.yaml delete mode 100644 charts/stackstate/stackstate-k8s-agent/1.0.88/templates/_container-process-agent.yaml delete mode 100644 charts/stackstate/stackstate-k8s-agent/1.0.88/templates/_helpers.tpl delete mode 100644 charts/stackstate/stackstate-k8s-agent/1.0.88/templates/checks-agent-clusterrolebinding.yaml delete mode 100644 charts/stackstate/stackstate-k8s-agent/1.0.88/templates/checks-agent-configmap.yaml delete mode 100644 charts/stackstate/stackstate-k8s-agent/1.0.88/templates/checks-agent-deployment.yaml delete mode 100644 charts/stackstate/stackstate-k8s-agent/1.0.88/templates/checks-agent-poddisruptionbudget.yaml delete mode 100644 charts/stackstate/stackstate-k8s-agent/1.0.88/templates/checks-agent-serviceaccount.yaml delete mode 100644 charts/stackstate/stackstate-k8s-agent/1.0.88/templates/cluster-agent-clusterrole.yaml delete mode 100644 charts/stackstate/stackstate-k8s-agent/1.0.88/templates/cluster-agent-clusterrolebinding.yaml delete mode 100644 charts/stackstate/stackstate-k8s-agent/1.0.88/templates/cluster-agent-configmap.yaml delete mode 100644 charts/stackstate/stackstate-k8s-agent/1.0.88/templates/cluster-agent-deployment.yaml delete mode 100644 charts/stackstate/stackstate-k8s-agent/1.0.88/templates/cluster-agent-poddisruptionbudget.yaml delete mode 100644 charts/stackstate/stackstate-k8s-agent/1.0.88/templates/cluster-agent-role.yaml delete mode 100644 charts/stackstate/stackstate-k8s-agent/1.0.88/templates/cluster-agent-rolebinding.yaml delete mode 100644 charts/stackstate/stackstate-k8s-agent/1.0.88/templates/cluster-agent-service.yaml delete mode 100644 charts/stackstate/stackstate-k8s-agent/1.0.88/templates/cluster-agent-serviceaccount.yaml delete mode 100644 charts/stackstate/stackstate-k8s-agent/1.0.88/templates/logs-agent-clusterrole.yaml delete mode 100644 charts/stackstate/stackstate-k8s-agent/1.0.88/templates/logs-agent-clusterrolebinding.yaml delete mode 100644 charts/stackstate/stackstate-k8s-agent/1.0.88/templates/logs-agent-configmap.yaml delete mode 100644 charts/stackstate/stackstate-k8s-agent/1.0.88/templates/logs-agent-daemonset.yaml delete mode 100644 charts/stackstate/stackstate-k8s-agent/1.0.88/templates/logs-agent-serviceaccount.yaml delete mode 100644 charts/stackstate/stackstate-k8s-agent/1.0.88/templates/node-agent-clusterrole.yaml delete mode 100644 charts/stackstate/stackstate-k8s-agent/1.0.88/templates/node-agent-clusterrolebinding.yaml delete mode 100644 charts/stackstate/stackstate-k8s-agent/1.0.88/templates/node-agent-configmap.yaml delete mode 100644 charts/stackstate/stackstate-k8s-agent/1.0.88/templates/node-agent-daemonset.yaml delete mode 100644 charts/stackstate/stackstate-k8s-agent/1.0.88/templates/node-agent-podautoscaler.yaml delete mode 100644 charts/stackstate/stackstate-k8s-agent/1.0.88/templates/node-agent-scc.yaml delete mode 100644 charts/stackstate/stackstate-k8s-agent/1.0.88/templates/node-agent-service.yaml delete mode 100644 charts/stackstate/stackstate-k8s-agent/1.0.88/templates/node-agent-serviceaccount.yaml delete mode 100644 charts/stackstate/stackstate-k8s-agent/1.0.88/templates/openshift-logging-secret.yaml delete mode 100644 charts/stackstate/stackstate-k8s-agent/1.0.88/templates/pull-secret.yaml delete mode 100644 charts/stackstate/stackstate-k8s-agent/1.0.88/templates/secret.yaml delete mode 100644 charts/stackstate/stackstate-k8s-agent/1.0.88/test/clusteragent_resources_test.go delete mode 100644 charts/stackstate/stackstate-k8s-agent/1.0.88/test/clustername_test.go delete mode 100644 charts/stackstate/stackstate-k8s-agent/1.0.88/test/values/clustercheck_ksm_custom_url.yaml delete mode 100644 charts/stackstate/stackstate-k8s-agent/1.0.88/test/values/clustercheck_ksm_no_override.yaml delete mode 100644 charts/stackstate/stackstate-k8s-agent/1.0.88/test/values/clustercheck_ksm_override.yaml delete mode 100644 charts/stackstate/stackstate-k8s-agent/1.0.88/test/values/clustercheck_no_ksm_custom_url.yaml delete mode 100644 charts/stackstate/stackstate-k8s-agent/1.0.88/test/values/clustercheck_service_port_override.yaml delete mode 100644 charts/stackstate/stackstate-k8s-agent/1.0.88/test/values/disable-all-resource.yaml delete mode 100644 charts/stackstate/stackstate-k8s-agent/1.0.88/test/values/http-header-injector.yaml delete mode 100644 charts/stackstate/stackstate-k8s-agent/1.0.88/test/values/minimal.yaml delete mode 100644 charts/stackstate/stackstate-k8s-agent/1.0.88/values.schema.json delete mode 100644 charts/stackstate/stackstate-k8s-agent/1.0.88/values.yaml delete mode 100644 charts/stackstate/stackstate-k8s-agent/1.0.89/.helmignore delete mode 100644 charts/stackstate/stackstate-k8s-agent/1.0.89/Chart.lock delete mode 100644 charts/stackstate/stackstate-k8s-agent/1.0.89/Chart.yaml delete mode 100644 charts/stackstate/stackstate-k8s-agent/1.0.89/README.md delete mode 100644 charts/stackstate/stackstate-k8s-agent/1.0.89/README.md.gotmpl delete mode 100644 charts/stackstate/stackstate-k8s-agent/1.0.89/Releasing.md delete mode 100644 charts/stackstate/stackstate-k8s-agent/1.0.89/app-readme.md delete mode 100644 charts/stackstate/stackstate-k8s-agent/1.0.89/charts/http-header-injector/.helmignore delete mode 100644 charts/stackstate/stackstate-k8s-agent/1.0.89/charts/http-header-injector/Chart.yaml delete mode 100644 charts/stackstate/stackstate-k8s-agent/1.0.89/charts/http-header-injector/README.md delete mode 100644 charts/stackstate/stackstate-k8s-agent/1.0.89/charts/http-header-injector/Readme.md.gotpl delete mode 100644 charts/stackstate/stackstate-k8s-agent/1.0.89/charts/http-header-injector/templates/_defines.tpl delete mode 100644 charts/stackstate/stackstate-k8s-agent/1.0.89/charts/http-header-injector/templates/cert-hook-clusterrolbinding.yaml delete mode 100644 charts/stackstate/stackstate-k8s-agent/1.0.89/charts/http-header-injector/templates/cert-hook-clusterrole.yaml delete mode 100644 charts/stackstate/stackstate-k8s-agent/1.0.89/charts/http-header-injector/templates/cert-hook-config.yaml delete mode 100644 charts/stackstate/stackstate-k8s-agent/1.0.89/charts/http-header-injector/templates/cert-hook-job-delete.yaml delete mode 100644 charts/stackstate/stackstate-k8s-agent/1.0.89/charts/http-header-injector/templates/cert-hook-job-setup.yaml delete mode 100644 charts/stackstate/stackstate-k8s-agent/1.0.89/charts/http-header-injector/templates/cert-hook-serviceaccount.yaml delete mode 100644 charts/stackstate/stackstate-k8s-agent/1.0.89/charts/http-header-injector/templates/pull-secret.yaml delete mode 100644 charts/stackstate/stackstate-k8s-agent/1.0.89/charts/http-header-injector/templates/webhook-cert-secret.yaml delete mode 100644 charts/stackstate/stackstate-k8s-agent/1.0.89/charts/http-header-injector/templates/webhook-certificate.yaml delete mode 100644 charts/stackstate/stackstate-k8s-agent/1.0.89/charts/http-header-injector/templates/webhook-config.yaml delete mode 100644 charts/stackstate/stackstate-k8s-agent/1.0.89/charts/http-header-injector/templates/webhook-deployment.yaml delete mode 100644 charts/stackstate/stackstate-k8s-agent/1.0.89/charts/http-header-injector/templates/webhook-mutatingwebhookconfiguration.yaml delete mode 100644 charts/stackstate/stackstate-k8s-agent/1.0.89/charts/http-header-injector/templates/webhook-service.yaml delete mode 100644 charts/stackstate/stackstate-k8s-agent/1.0.89/charts/http-header-injector/values.yaml delete mode 100644 charts/stackstate/stackstate-k8s-agent/1.0.89/questions.yml delete mode 100644 charts/stackstate/stackstate-k8s-agent/1.0.89/templates/_cluster-agent-kube-state-metrics.yaml delete mode 100644 charts/stackstate/stackstate-k8s-agent/1.0.89/templates/_container-agent.yaml delete mode 100644 charts/stackstate/stackstate-k8s-agent/1.0.89/templates/_container-process-agent.yaml delete mode 100644 charts/stackstate/stackstate-k8s-agent/1.0.89/templates/_helpers.tpl delete mode 100644 charts/stackstate/stackstate-k8s-agent/1.0.89/templates/checks-agent-clusterrolebinding.yaml delete mode 100644 charts/stackstate/stackstate-k8s-agent/1.0.89/templates/checks-agent-configmap.yaml delete mode 100644 charts/stackstate/stackstate-k8s-agent/1.0.89/templates/checks-agent-deployment.yaml delete mode 100644 charts/stackstate/stackstate-k8s-agent/1.0.89/templates/checks-agent-poddisruptionbudget.yaml delete mode 100644 charts/stackstate/stackstate-k8s-agent/1.0.89/templates/checks-agent-serviceaccount.yaml delete mode 100644 charts/stackstate/stackstate-k8s-agent/1.0.89/templates/cluster-agent-clusterrole.yaml delete mode 100644 charts/stackstate/stackstate-k8s-agent/1.0.89/templates/cluster-agent-clusterrolebinding.yaml delete mode 100644 charts/stackstate/stackstate-k8s-agent/1.0.89/templates/cluster-agent-configmap.yaml delete mode 100644 charts/stackstate/stackstate-k8s-agent/1.0.89/templates/cluster-agent-deployment.yaml delete mode 100644 charts/stackstate/stackstate-k8s-agent/1.0.89/templates/cluster-agent-poddisruptionbudget.yaml delete mode 100644 charts/stackstate/stackstate-k8s-agent/1.0.89/templates/cluster-agent-role.yaml delete mode 100644 charts/stackstate/stackstate-k8s-agent/1.0.89/templates/cluster-agent-rolebinding.yaml delete mode 100644 charts/stackstate/stackstate-k8s-agent/1.0.89/templates/cluster-agent-service.yaml delete mode 100644 charts/stackstate/stackstate-k8s-agent/1.0.89/templates/cluster-agent-serviceaccount.yaml delete mode 100644 charts/stackstate/stackstate-k8s-agent/1.0.89/templates/logs-agent-clusterrole.yaml delete mode 100644 charts/stackstate/stackstate-k8s-agent/1.0.89/templates/logs-agent-clusterrolebinding.yaml delete mode 100644 charts/stackstate/stackstate-k8s-agent/1.0.89/templates/logs-agent-configmap.yaml delete mode 100644 charts/stackstate/stackstate-k8s-agent/1.0.89/templates/logs-agent-daemonset.yaml delete mode 100644 charts/stackstate/stackstate-k8s-agent/1.0.89/templates/logs-agent-serviceaccount.yaml delete mode 100644 charts/stackstate/stackstate-k8s-agent/1.0.89/templates/node-agent-clusterrole.yaml delete mode 100644 charts/stackstate/stackstate-k8s-agent/1.0.89/templates/node-agent-clusterrolebinding.yaml delete mode 100644 charts/stackstate/stackstate-k8s-agent/1.0.89/templates/node-agent-configmap.yaml delete mode 100644 charts/stackstate/stackstate-k8s-agent/1.0.89/templates/node-agent-daemonset.yaml delete mode 100644 charts/stackstate/stackstate-k8s-agent/1.0.89/templates/node-agent-podautoscaler.yaml delete mode 100644 charts/stackstate/stackstate-k8s-agent/1.0.89/templates/node-agent-scc.yaml delete mode 100644 charts/stackstate/stackstate-k8s-agent/1.0.89/templates/node-agent-service.yaml delete mode 100644 charts/stackstate/stackstate-k8s-agent/1.0.89/templates/node-agent-serviceaccount.yaml delete mode 100644 charts/stackstate/stackstate-k8s-agent/1.0.89/templates/openshift-logging-secret.yaml delete mode 100644 charts/stackstate/stackstate-k8s-agent/1.0.89/templates/pull-secret.yaml delete mode 100644 charts/stackstate/stackstate-k8s-agent/1.0.89/templates/secret.yaml delete mode 100644 charts/stackstate/stackstate-k8s-agent/1.0.89/test/clusteragent_resources_test.go delete mode 100644 charts/stackstate/stackstate-k8s-agent/1.0.89/test/clustername_test.go delete mode 100644 charts/stackstate/stackstate-k8s-agent/1.0.89/test/values/clustercheck_ksm_custom_url.yaml delete mode 100644 charts/stackstate/stackstate-k8s-agent/1.0.89/test/values/clustercheck_ksm_no_override.yaml delete mode 100644 charts/stackstate/stackstate-k8s-agent/1.0.89/test/values/clustercheck_ksm_override.yaml delete mode 100644 charts/stackstate/stackstate-k8s-agent/1.0.89/test/values/clustercheck_no_ksm_custom_url.yaml delete mode 100644 charts/stackstate/stackstate-k8s-agent/1.0.89/test/values/clustercheck_service_port_override.yaml delete mode 100644 charts/stackstate/stackstate-k8s-agent/1.0.89/test/values/disable-all-resource.yaml delete mode 100644 charts/stackstate/stackstate-k8s-agent/1.0.89/test/values/http-header-injector.yaml delete mode 100644 charts/stackstate/stackstate-k8s-agent/1.0.89/test/values/minimal.yaml delete mode 100644 charts/stackstate/stackstate-k8s-agent/1.0.89/values.schema.json delete mode 100644 charts/stackstate/stackstate-k8s-agent/1.0.89/values.yaml delete mode 100644 charts/stackstate/stackstate-k8s-agent/1.0.90/.helmignore delete mode 100644 charts/stackstate/stackstate-k8s-agent/1.0.90/Chart.lock delete mode 100644 charts/stackstate/stackstate-k8s-agent/1.0.90/Chart.yaml delete mode 100644 charts/stackstate/stackstate-k8s-agent/1.0.90/README.md delete mode 100644 charts/stackstate/stackstate-k8s-agent/1.0.90/README.md.gotmpl delete mode 100644 charts/stackstate/stackstate-k8s-agent/1.0.90/Releasing.md delete mode 100644 charts/stackstate/stackstate-k8s-agent/1.0.90/app-readme.md delete mode 100644 charts/stackstate/stackstate-k8s-agent/1.0.90/charts/http-header-injector/.helmignore delete mode 100644 charts/stackstate/stackstate-k8s-agent/1.0.90/charts/http-header-injector/Chart.yaml delete mode 100644 charts/stackstate/stackstate-k8s-agent/1.0.90/charts/http-header-injector/README.md delete mode 100644 charts/stackstate/stackstate-k8s-agent/1.0.90/charts/http-header-injector/Readme.md.gotpl delete mode 100644 charts/stackstate/stackstate-k8s-agent/1.0.90/charts/http-header-injector/templates/_defines.tpl delete mode 100644 charts/stackstate/stackstate-k8s-agent/1.0.90/charts/http-header-injector/templates/cert-hook-clusterrolbinding.yaml delete mode 100644 charts/stackstate/stackstate-k8s-agent/1.0.90/charts/http-header-injector/templates/cert-hook-clusterrole.yaml delete mode 100644 charts/stackstate/stackstate-k8s-agent/1.0.90/charts/http-header-injector/templates/cert-hook-config.yaml delete mode 100644 charts/stackstate/stackstate-k8s-agent/1.0.90/charts/http-header-injector/templates/cert-hook-job-delete.yaml delete mode 100644 charts/stackstate/stackstate-k8s-agent/1.0.90/charts/http-header-injector/templates/cert-hook-job-setup.yaml delete mode 100644 charts/stackstate/stackstate-k8s-agent/1.0.90/charts/http-header-injector/templates/cert-hook-serviceaccount.yaml delete mode 100644 charts/stackstate/stackstate-k8s-agent/1.0.90/charts/http-header-injector/templates/pull-secret.yaml delete mode 100644 charts/stackstate/stackstate-k8s-agent/1.0.90/charts/http-header-injector/templates/webhook-cert-secret.yaml delete mode 100644 charts/stackstate/stackstate-k8s-agent/1.0.90/charts/http-header-injector/templates/webhook-certificate.yaml delete mode 100644 charts/stackstate/stackstate-k8s-agent/1.0.90/charts/http-header-injector/templates/webhook-config.yaml delete mode 100644 charts/stackstate/stackstate-k8s-agent/1.0.90/charts/http-header-injector/templates/webhook-deployment.yaml delete mode 100644 charts/stackstate/stackstate-k8s-agent/1.0.90/charts/http-header-injector/templates/webhook-mutatingwebhookconfiguration.yaml delete mode 100644 charts/stackstate/stackstate-k8s-agent/1.0.90/charts/http-header-injector/templates/webhook-service.yaml delete mode 100644 charts/stackstate/stackstate-k8s-agent/1.0.90/charts/http-header-injector/values.yaml delete mode 100644 charts/stackstate/stackstate-k8s-agent/1.0.90/questions.yml delete mode 100644 charts/stackstate/stackstate-k8s-agent/1.0.90/templates/_cluster-agent-kube-state-metrics.yaml delete mode 100644 charts/stackstate/stackstate-k8s-agent/1.0.90/templates/_container-agent.yaml delete mode 100644 charts/stackstate/stackstate-k8s-agent/1.0.90/templates/_container-process-agent.yaml delete mode 100644 charts/stackstate/stackstate-k8s-agent/1.0.90/templates/_helpers.tpl delete mode 100644 charts/stackstate/stackstate-k8s-agent/1.0.90/templates/checks-agent-clusterrolebinding.yaml delete mode 100644 charts/stackstate/stackstate-k8s-agent/1.0.90/templates/checks-agent-configmap.yaml delete mode 100644 charts/stackstate/stackstate-k8s-agent/1.0.90/templates/checks-agent-deployment.yaml delete mode 100644 charts/stackstate/stackstate-k8s-agent/1.0.90/templates/checks-agent-poddisruptionbudget.yaml delete mode 100644 charts/stackstate/stackstate-k8s-agent/1.0.90/templates/checks-agent-serviceaccount.yaml delete mode 100644 charts/stackstate/stackstate-k8s-agent/1.0.90/templates/cluster-agent-clusterrole.yaml delete mode 100644 charts/stackstate/stackstate-k8s-agent/1.0.90/templates/cluster-agent-clusterrolebinding.yaml delete mode 100644 charts/stackstate/stackstate-k8s-agent/1.0.90/templates/cluster-agent-configmap.yaml delete mode 100644 charts/stackstate/stackstate-k8s-agent/1.0.90/templates/cluster-agent-deployment.yaml delete mode 100644 charts/stackstate/stackstate-k8s-agent/1.0.90/templates/cluster-agent-poddisruptionbudget.yaml delete mode 100644 charts/stackstate/stackstate-k8s-agent/1.0.90/templates/cluster-agent-role.yaml delete mode 100644 charts/stackstate/stackstate-k8s-agent/1.0.90/templates/cluster-agent-rolebinding.yaml delete mode 100644 charts/stackstate/stackstate-k8s-agent/1.0.90/templates/cluster-agent-service.yaml delete mode 100644 charts/stackstate/stackstate-k8s-agent/1.0.90/templates/cluster-agent-serviceaccount.yaml delete mode 100644 charts/stackstate/stackstate-k8s-agent/1.0.90/templates/logs-agent-clusterrole.yaml delete mode 100644 charts/stackstate/stackstate-k8s-agent/1.0.90/templates/logs-agent-clusterrolebinding.yaml delete mode 100644 charts/stackstate/stackstate-k8s-agent/1.0.90/templates/logs-agent-configmap.yaml delete mode 100644 charts/stackstate/stackstate-k8s-agent/1.0.90/templates/logs-agent-daemonset.yaml delete mode 100644 charts/stackstate/stackstate-k8s-agent/1.0.90/templates/logs-agent-serviceaccount.yaml delete mode 100644 charts/stackstate/stackstate-k8s-agent/1.0.90/templates/node-agent-clusterrole.yaml delete mode 100644 charts/stackstate/stackstate-k8s-agent/1.0.90/templates/node-agent-clusterrolebinding.yaml delete mode 100644 charts/stackstate/stackstate-k8s-agent/1.0.90/templates/node-agent-configmap.yaml delete mode 100644 charts/stackstate/stackstate-k8s-agent/1.0.90/templates/node-agent-daemonset.yaml delete mode 100644 charts/stackstate/stackstate-k8s-agent/1.0.90/templates/node-agent-podautoscaler.yaml delete mode 100644 charts/stackstate/stackstate-k8s-agent/1.0.90/templates/node-agent-scc.yaml delete mode 100644 charts/stackstate/stackstate-k8s-agent/1.0.90/templates/node-agent-service.yaml delete mode 100644 charts/stackstate/stackstate-k8s-agent/1.0.90/templates/node-agent-serviceaccount.yaml delete mode 100644 charts/stackstate/stackstate-k8s-agent/1.0.90/templates/openshift-logging-secret.yaml delete mode 100644 charts/stackstate/stackstate-k8s-agent/1.0.90/templates/pull-secret.yaml delete mode 100644 charts/stackstate/stackstate-k8s-agent/1.0.90/templates/secret.yaml delete mode 100644 charts/stackstate/stackstate-k8s-agent/1.0.90/test/clusteragent_resources_test.go delete mode 100644 charts/stackstate/stackstate-k8s-agent/1.0.90/test/clustername_test.go delete mode 100644 charts/stackstate/stackstate-k8s-agent/1.0.90/test/values/clustercheck_ksm_custom_url.yaml delete mode 100644 charts/stackstate/stackstate-k8s-agent/1.0.90/test/values/clustercheck_ksm_no_override.yaml delete mode 100644 charts/stackstate/stackstate-k8s-agent/1.0.90/test/values/clustercheck_ksm_override.yaml delete mode 100644 charts/stackstate/stackstate-k8s-agent/1.0.90/test/values/clustercheck_no_ksm_custom_url.yaml delete mode 100644 charts/stackstate/stackstate-k8s-agent/1.0.90/test/values/clustercheck_service_port_override.yaml delete mode 100644 charts/stackstate/stackstate-k8s-agent/1.0.90/test/values/disable-all-resource.yaml delete mode 100644 charts/stackstate/stackstate-k8s-agent/1.0.90/test/values/http-header-injector.yaml delete mode 100644 charts/stackstate/stackstate-k8s-agent/1.0.90/test/values/minimal.yaml delete mode 100644 charts/stackstate/stackstate-k8s-agent/1.0.90/values.schema.json delete mode 100644 charts/stackstate/stackstate-k8s-agent/1.0.90/values.yaml delete mode 100644 charts/stackstate/stackstate-k8s-agent/1.0.93/.helmignore delete mode 100644 charts/stackstate/stackstate-k8s-agent/1.0.93/Chart.lock delete mode 100644 charts/stackstate/stackstate-k8s-agent/1.0.93/Chart.yaml delete mode 100644 charts/stackstate/stackstate-k8s-agent/1.0.93/README.md delete mode 100644 charts/stackstate/stackstate-k8s-agent/1.0.93/README.md.gotmpl delete mode 100644 charts/stackstate/stackstate-k8s-agent/1.0.93/Releasing.md delete mode 100644 charts/stackstate/stackstate-k8s-agent/1.0.93/app-readme.md delete mode 100644 charts/stackstate/stackstate-k8s-agent/1.0.93/charts/http-header-injector/.helmignore delete mode 100644 charts/stackstate/stackstate-k8s-agent/1.0.93/charts/http-header-injector/Chart.yaml delete mode 100644 charts/stackstate/stackstate-k8s-agent/1.0.93/charts/http-header-injector/README.md delete mode 100644 charts/stackstate/stackstate-k8s-agent/1.0.93/charts/http-header-injector/Readme.md.gotpl delete mode 100644 charts/stackstate/stackstate-k8s-agent/1.0.93/charts/http-header-injector/templates/_defines.tpl delete mode 100644 charts/stackstate/stackstate-k8s-agent/1.0.93/charts/http-header-injector/templates/cert-hook-clusterrolbinding.yaml delete mode 100644 charts/stackstate/stackstate-k8s-agent/1.0.93/charts/http-header-injector/templates/cert-hook-clusterrole.yaml delete mode 100644 charts/stackstate/stackstate-k8s-agent/1.0.93/charts/http-header-injector/templates/cert-hook-config.yaml delete mode 100644 charts/stackstate/stackstate-k8s-agent/1.0.93/charts/http-header-injector/templates/cert-hook-job-delete.yaml delete mode 100644 charts/stackstate/stackstate-k8s-agent/1.0.93/charts/http-header-injector/templates/cert-hook-job-setup.yaml delete mode 100644 charts/stackstate/stackstate-k8s-agent/1.0.93/charts/http-header-injector/templates/cert-hook-serviceaccount.yaml delete mode 100644 charts/stackstate/stackstate-k8s-agent/1.0.93/charts/http-header-injector/templates/pull-secret.yaml delete mode 100644 charts/stackstate/stackstate-k8s-agent/1.0.93/charts/http-header-injector/templates/webhook-cert-secret.yaml delete mode 100644 charts/stackstate/stackstate-k8s-agent/1.0.93/charts/http-header-injector/templates/webhook-certificate.yaml delete mode 100644 charts/stackstate/stackstate-k8s-agent/1.0.93/charts/http-header-injector/templates/webhook-config.yaml delete mode 100644 charts/stackstate/stackstate-k8s-agent/1.0.93/charts/http-header-injector/templates/webhook-deployment.yaml delete mode 100644 charts/stackstate/stackstate-k8s-agent/1.0.93/charts/http-header-injector/templates/webhook-mutatingwebhookconfiguration.yaml delete mode 100644 charts/stackstate/stackstate-k8s-agent/1.0.93/charts/http-header-injector/templates/webhook-service.yaml delete mode 100644 charts/stackstate/stackstate-k8s-agent/1.0.93/charts/http-header-injector/values.yaml delete mode 100644 charts/stackstate/stackstate-k8s-agent/1.0.93/questions.yml delete mode 100644 charts/stackstate/stackstate-k8s-agent/1.0.93/templates/_cluster-agent-kube-state-metrics.yaml delete mode 100644 charts/stackstate/stackstate-k8s-agent/1.0.93/templates/_container-agent.yaml delete mode 100644 charts/stackstate/stackstate-k8s-agent/1.0.93/templates/_container-process-agent.yaml delete mode 100644 charts/stackstate/stackstate-k8s-agent/1.0.93/templates/_helpers.tpl delete mode 100644 charts/stackstate/stackstate-k8s-agent/1.0.93/templates/checks-agent-clusterrolebinding.yaml delete mode 100644 charts/stackstate/stackstate-k8s-agent/1.0.93/templates/checks-agent-configmap.yaml delete mode 100644 charts/stackstate/stackstate-k8s-agent/1.0.93/templates/checks-agent-deployment.yaml delete mode 100644 charts/stackstate/stackstate-k8s-agent/1.0.93/templates/checks-agent-poddisruptionbudget.yaml delete mode 100644 charts/stackstate/stackstate-k8s-agent/1.0.93/templates/checks-agent-serviceaccount.yaml delete mode 100644 charts/stackstate/stackstate-k8s-agent/1.0.93/templates/cluster-agent-clusterrole.yaml delete mode 100644 charts/stackstate/stackstate-k8s-agent/1.0.93/templates/cluster-agent-clusterrolebinding.yaml delete mode 100644 charts/stackstate/stackstate-k8s-agent/1.0.93/templates/cluster-agent-configmap.yaml delete mode 100644 charts/stackstate/stackstate-k8s-agent/1.0.93/templates/cluster-agent-deployment.yaml delete mode 100644 charts/stackstate/stackstate-k8s-agent/1.0.93/templates/cluster-agent-poddisruptionbudget.yaml delete mode 100644 charts/stackstate/stackstate-k8s-agent/1.0.93/templates/cluster-agent-role.yaml delete mode 100644 charts/stackstate/stackstate-k8s-agent/1.0.93/templates/cluster-agent-rolebinding.yaml delete mode 100644 charts/stackstate/stackstate-k8s-agent/1.0.93/templates/cluster-agent-service.yaml delete mode 100644 charts/stackstate/stackstate-k8s-agent/1.0.93/templates/cluster-agent-serviceaccount.yaml delete mode 100644 charts/stackstate/stackstate-k8s-agent/1.0.93/templates/logs-agent-clusterrole.yaml delete mode 100644 charts/stackstate/stackstate-k8s-agent/1.0.93/templates/logs-agent-clusterrolebinding.yaml delete mode 100644 charts/stackstate/stackstate-k8s-agent/1.0.93/templates/logs-agent-configmap.yaml delete mode 100644 charts/stackstate/stackstate-k8s-agent/1.0.93/templates/logs-agent-daemonset.yaml delete mode 100644 charts/stackstate/stackstate-k8s-agent/1.0.93/templates/logs-agent-serviceaccount.yaml delete mode 100644 charts/stackstate/stackstate-k8s-agent/1.0.93/templates/node-agent-clusterrole.yaml delete mode 100644 charts/stackstate/stackstate-k8s-agent/1.0.93/templates/node-agent-clusterrolebinding.yaml delete mode 100644 charts/stackstate/stackstate-k8s-agent/1.0.93/templates/node-agent-configmap.yaml delete mode 100644 charts/stackstate/stackstate-k8s-agent/1.0.93/templates/node-agent-daemonset.yaml delete mode 100644 charts/stackstate/stackstate-k8s-agent/1.0.93/templates/node-agent-podautoscaler.yaml delete mode 100644 charts/stackstate/stackstate-k8s-agent/1.0.93/templates/node-agent-scc.yaml delete mode 100644 charts/stackstate/stackstate-k8s-agent/1.0.93/templates/node-agent-service.yaml delete mode 100644 charts/stackstate/stackstate-k8s-agent/1.0.93/templates/node-agent-serviceaccount.yaml delete mode 100644 charts/stackstate/stackstate-k8s-agent/1.0.93/templates/openshift-logging-secret.yaml delete mode 100644 charts/stackstate/stackstate-k8s-agent/1.0.93/templates/pull-secret.yaml delete mode 100644 charts/stackstate/stackstate-k8s-agent/1.0.93/templates/secret.yaml delete mode 100644 charts/stackstate/stackstate-k8s-agent/1.0.93/test/clusteragent_resources_test.go delete mode 100644 charts/stackstate/stackstate-k8s-agent/1.0.93/test/clustername_test.go delete mode 100644 charts/stackstate/stackstate-k8s-agent/1.0.93/test/values/clustercheck_ksm_custom_url.yaml delete mode 100644 charts/stackstate/stackstate-k8s-agent/1.0.93/test/values/clustercheck_ksm_no_override.yaml delete mode 100644 charts/stackstate/stackstate-k8s-agent/1.0.93/test/values/clustercheck_ksm_override.yaml delete mode 100644 charts/stackstate/stackstate-k8s-agent/1.0.93/test/values/clustercheck_no_ksm_custom_url.yaml delete mode 100644 charts/stackstate/stackstate-k8s-agent/1.0.93/test/values/clustercheck_service_port_override.yaml delete mode 100644 charts/stackstate/stackstate-k8s-agent/1.0.93/test/values/disable-all-resource.yaml delete mode 100644 charts/stackstate/stackstate-k8s-agent/1.0.93/test/values/http-header-injector.yaml delete mode 100644 charts/stackstate/stackstate-k8s-agent/1.0.93/test/values/minimal.yaml delete mode 100644 charts/stackstate/stackstate-k8s-agent/1.0.93/values.schema.json delete mode 100644 charts/stackstate/stackstate-k8s-agent/1.0.93/values.yaml delete mode 100644 charts/stackstate/stackstate-k8s-agent/1.0.95/.helmignore delete mode 100644 charts/stackstate/stackstate-k8s-agent/1.0.95/Chart.lock delete mode 100644 charts/stackstate/stackstate-k8s-agent/1.0.95/Chart.yaml delete mode 100644 charts/stackstate/stackstate-k8s-agent/1.0.95/README.md delete mode 100644 charts/stackstate/stackstate-k8s-agent/1.0.95/README.md.gotmpl delete mode 100644 charts/stackstate/stackstate-k8s-agent/1.0.95/Releasing.md delete mode 100644 charts/stackstate/stackstate-k8s-agent/1.0.95/app-readme.md delete mode 100644 charts/stackstate/stackstate-k8s-agent/1.0.95/charts/http-header-injector/.helmignore delete mode 100644 charts/stackstate/stackstate-k8s-agent/1.0.95/charts/http-header-injector/Chart.yaml delete mode 100644 charts/stackstate/stackstate-k8s-agent/1.0.95/charts/http-header-injector/README.md delete mode 100644 charts/stackstate/stackstate-k8s-agent/1.0.95/charts/http-header-injector/Readme.md.gotpl delete mode 100644 charts/stackstate/stackstate-k8s-agent/1.0.95/charts/http-header-injector/templates/_defines.tpl delete mode 100644 charts/stackstate/stackstate-k8s-agent/1.0.95/charts/http-header-injector/templates/cert-hook-clusterrolbinding.yaml delete mode 100644 charts/stackstate/stackstate-k8s-agent/1.0.95/charts/http-header-injector/templates/cert-hook-clusterrole.yaml delete mode 100644 charts/stackstate/stackstate-k8s-agent/1.0.95/charts/http-header-injector/templates/cert-hook-config.yaml delete mode 100644 charts/stackstate/stackstate-k8s-agent/1.0.95/charts/http-header-injector/templates/cert-hook-job-delete.yaml delete mode 100644 charts/stackstate/stackstate-k8s-agent/1.0.95/charts/http-header-injector/templates/cert-hook-job-setup.yaml delete mode 100644 charts/stackstate/stackstate-k8s-agent/1.0.95/charts/http-header-injector/templates/cert-hook-serviceaccount.yaml delete mode 100644 charts/stackstate/stackstate-k8s-agent/1.0.95/charts/http-header-injector/templates/pull-secret.yaml delete mode 100644 charts/stackstate/stackstate-k8s-agent/1.0.95/charts/http-header-injector/templates/webhook-cert-secret.yaml delete mode 100644 charts/stackstate/stackstate-k8s-agent/1.0.95/charts/http-header-injector/templates/webhook-certificate.yaml delete mode 100644 charts/stackstate/stackstate-k8s-agent/1.0.95/charts/http-header-injector/templates/webhook-config.yaml delete mode 100644 charts/stackstate/stackstate-k8s-agent/1.0.95/charts/http-header-injector/templates/webhook-deployment.yaml delete mode 100644 charts/stackstate/stackstate-k8s-agent/1.0.95/charts/http-header-injector/templates/webhook-mutatingwebhookconfiguration.yaml delete mode 100644 charts/stackstate/stackstate-k8s-agent/1.0.95/charts/http-header-injector/templates/webhook-service.yaml delete mode 100644 charts/stackstate/stackstate-k8s-agent/1.0.95/charts/http-header-injector/values.yaml delete mode 100644 charts/stackstate/stackstate-k8s-agent/1.0.95/questions.yml delete mode 100644 charts/stackstate/stackstate-k8s-agent/1.0.95/templates/_cluster-agent-kube-state-metrics.yaml delete mode 100644 charts/stackstate/stackstate-k8s-agent/1.0.95/templates/_container-agent.yaml delete mode 100644 charts/stackstate/stackstate-k8s-agent/1.0.95/templates/_container-process-agent.yaml delete mode 100644 charts/stackstate/stackstate-k8s-agent/1.0.95/templates/_helpers.tpl delete mode 100644 charts/stackstate/stackstate-k8s-agent/1.0.95/templates/checks-agent-clusterrolebinding.yaml delete mode 100644 charts/stackstate/stackstate-k8s-agent/1.0.95/templates/checks-agent-configmap.yaml delete mode 100644 charts/stackstate/stackstate-k8s-agent/1.0.95/templates/checks-agent-deployment.yaml delete mode 100644 charts/stackstate/stackstate-k8s-agent/1.0.95/templates/checks-agent-poddisruptionbudget.yaml delete mode 100644 charts/stackstate/stackstate-k8s-agent/1.0.95/templates/checks-agent-serviceaccount.yaml delete mode 100644 charts/stackstate/stackstate-k8s-agent/1.0.95/templates/cluster-agent-clusterrole.yaml delete mode 100644 charts/stackstate/stackstate-k8s-agent/1.0.95/templates/cluster-agent-clusterrolebinding.yaml delete mode 100644 charts/stackstate/stackstate-k8s-agent/1.0.95/templates/cluster-agent-configmap.yaml delete mode 100644 charts/stackstate/stackstate-k8s-agent/1.0.95/templates/cluster-agent-deployment.yaml delete mode 100644 charts/stackstate/stackstate-k8s-agent/1.0.95/templates/cluster-agent-poddisruptionbudget.yaml delete mode 100644 charts/stackstate/stackstate-k8s-agent/1.0.95/templates/cluster-agent-role.yaml delete mode 100644 charts/stackstate/stackstate-k8s-agent/1.0.95/templates/cluster-agent-rolebinding.yaml delete mode 100644 charts/stackstate/stackstate-k8s-agent/1.0.95/templates/cluster-agent-service.yaml delete mode 100644 charts/stackstate/stackstate-k8s-agent/1.0.95/templates/cluster-agent-serviceaccount.yaml delete mode 100644 charts/stackstate/stackstate-k8s-agent/1.0.95/templates/logs-agent-clusterrole.yaml delete mode 100644 charts/stackstate/stackstate-k8s-agent/1.0.95/templates/logs-agent-clusterrolebinding.yaml delete mode 100644 charts/stackstate/stackstate-k8s-agent/1.0.95/templates/logs-agent-configmap.yaml delete mode 100644 charts/stackstate/stackstate-k8s-agent/1.0.95/templates/logs-agent-daemonset.yaml delete mode 100644 charts/stackstate/stackstate-k8s-agent/1.0.95/templates/logs-agent-serviceaccount.yaml delete mode 100644 charts/stackstate/stackstate-k8s-agent/1.0.95/templates/node-agent-clusterrole.yaml delete mode 100644 charts/stackstate/stackstate-k8s-agent/1.0.95/templates/node-agent-clusterrolebinding.yaml delete mode 100644 charts/stackstate/stackstate-k8s-agent/1.0.95/templates/node-agent-configmap.yaml delete mode 100644 charts/stackstate/stackstate-k8s-agent/1.0.95/templates/node-agent-daemonset.yaml delete mode 100644 charts/stackstate/stackstate-k8s-agent/1.0.95/templates/node-agent-podautoscaler.yaml delete mode 100644 charts/stackstate/stackstate-k8s-agent/1.0.95/templates/node-agent-scc.yaml delete mode 100644 charts/stackstate/stackstate-k8s-agent/1.0.95/templates/node-agent-service.yaml delete mode 100644 charts/stackstate/stackstate-k8s-agent/1.0.95/templates/node-agent-serviceaccount.yaml delete mode 100644 charts/stackstate/stackstate-k8s-agent/1.0.95/templates/openshift-logging-secret.yaml delete mode 100644 charts/stackstate/stackstate-k8s-agent/1.0.95/templates/pull-secret.yaml delete mode 100644 charts/stackstate/stackstate-k8s-agent/1.0.95/templates/secret.yaml delete mode 100644 charts/stackstate/stackstate-k8s-agent/1.0.95/test/clusteragent_resources_test.go delete mode 100644 charts/stackstate/stackstate-k8s-agent/1.0.95/test/clustername_test.go delete mode 100644 charts/stackstate/stackstate-k8s-agent/1.0.95/test/values/clustercheck_ksm_custom_url.yaml delete mode 100644 charts/stackstate/stackstate-k8s-agent/1.0.95/test/values/clustercheck_ksm_no_override.yaml delete mode 100644 charts/stackstate/stackstate-k8s-agent/1.0.95/test/values/clustercheck_ksm_override.yaml delete mode 100644 charts/stackstate/stackstate-k8s-agent/1.0.95/test/values/clustercheck_no_ksm_custom_url.yaml delete mode 100644 charts/stackstate/stackstate-k8s-agent/1.0.95/test/values/clustercheck_service_port_override.yaml delete mode 100644 charts/stackstate/stackstate-k8s-agent/1.0.95/test/values/disable-all-resource.yaml delete mode 100644 charts/stackstate/stackstate-k8s-agent/1.0.95/test/values/http-header-injector.yaml delete mode 100644 charts/stackstate/stackstate-k8s-agent/1.0.95/test/values/minimal.yaml delete mode 100644 charts/stackstate/stackstate-k8s-agent/1.0.95/values.schema.json delete mode 100644 charts/stackstate/stackstate-k8s-agent/1.0.95/values.yaml delete mode 100644 charts/stackstate/stackstate-k8s-agent/1.0.96/.helmignore delete mode 100644 charts/stackstate/stackstate-k8s-agent/1.0.96/Chart.lock delete mode 100644 charts/stackstate/stackstate-k8s-agent/1.0.96/Chart.yaml delete mode 100644 charts/stackstate/stackstate-k8s-agent/1.0.96/README.md delete mode 100644 charts/stackstate/stackstate-k8s-agent/1.0.96/README.md.gotmpl delete mode 100644 charts/stackstate/stackstate-k8s-agent/1.0.96/Releasing.md delete mode 100644 charts/stackstate/stackstate-k8s-agent/1.0.96/app-readme.md delete mode 100644 charts/stackstate/stackstate-k8s-agent/1.0.96/charts/http-header-injector/.helmignore delete mode 100644 charts/stackstate/stackstate-k8s-agent/1.0.96/charts/http-header-injector/Chart.yaml delete mode 100644 charts/stackstate/stackstate-k8s-agent/1.0.96/charts/http-header-injector/README.md delete mode 100644 charts/stackstate/stackstate-k8s-agent/1.0.96/charts/http-header-injector/Readme.md.gotpl delete mode 100644 charts/stackstate/stackstate-k8s-agent/1.0.96/charts/http-header-injector/templates/_defines.tpl delete mode 100644 charts/stackstate/stackstate-k8s-agent/1.0.96/charts/http-header-injector/templates/cert-hook-clusterrolbinding.yaml delete mode 100644 charts/stackstate/stackstate-k8s-agent/1.0.96/charts/http-header-injector/templates/cert-hook-clusterrole.yaml delete mode 100644 charts/stackstate/stackstate-k8s-agent/1.0.96/charts/http-header-injector/templates/cert-hook-config.yaml delete mode 100644 charts/stackstate/stackstate-k8s-agent/1.0.96/charts/http-header-injector/templates/cert-hook-job-delete.yaml delete mode 100644 charts/stackstate/stackstate-k8s-agent/1.0.96/charts/http-header-injector/templates/cert-hook-job-setup.yaml delete mode 100644 charts/stackstate/stackstate-k8s-agent/1.0.96/charts/http-header-injector/templates/cert-hook-serviceaccount.yaml delete mode 100644 charts/stackstate/stackstate-k8s-agent/1.0.96/charts/http-header-injector/templates/pull-secret.yaml delete mode 100644 charts/stackstate/stackstate-k8s-agent/1.0.96/charts/http-header-injector/templates/webhook-cert-secret.yaml delete mode 100644 charts/stackstate/stackstate-k8s-agent/1.0.96/charts/http-header-injector/templates/webhook-certificate.yaml delete mode 100644 charts/stackstate/stackstate-k8s-agent/1.0.96/charts/http-header-injector/templates/webhook-config.yaml delete mode 100644 charts/stackstate/stackstate-k8s-agent/1.0.96/charts/http-header-injector/templates/webhook-deployment.yaml delete mode 100644 charts/stackstate/stackstate-k8s-agent/1.0.96/charts/http-header-injector/templates/webhook-mutatingwebhookconfiguration.yaml delete mode 100644 charts/stackstate/stackstate-k8s-agent/1.0.96/charts/http-header-injector/templates/webhook-service.yaml delete mode 100644 charts/stackstate/stackstate-k8s-agent/1.0.96/charts/http-header-injector/values.yaml delete mode 100644 charts/stackstate/stackstate-k8s-agent/1.0.96/questions.yml delete mode 100644 charts/stackstate/stackstate-k8s-agent/1.0.96/templates/_cluster-agent-kube-state-metrics.yaml delete mode 100644 charts/stackstate/stackstate-k8s-agent/1.0.96/templates/_container-agent.yaml delete mode 100644 charts/stackstate/stackstate-k8s-agent/1.0.96/templates/_container-process-agent.yaml delete mode 100644 charts/stackstate/stackstate-k8s-agent/1.0.96/templates/_helpers.tpl delete mode 100644 charts/stackstate/stackstate-k8s-agent/1.0.96/templates/checks-agent-clusterrolebinding.yaml delete mode 100644 charts/stackstate/stackstate-k8s-agent/1.0.96/templates/checks-agent-configmap.yaml delete mode 100644 charts/stackstate/stackstate-k8s-agent/1.0.96/templates/checks-agent-deployment.yaml delete mode 100644 charts/stackstate/stackstate-k8s-agent/1.0.96/templates/checks-agent-poddisruptionbudget.yaml delete mode 100644 charts/stackstate/stackstate-k8s-agent/1.0.96/templates/checks-agent-serviceaccount.yaml delete mode 100644 charts/stackstate/stackstate-k8s-agent/1.0.96/templates/cluster-agent-clusterrole.yaml delete mode 100644 charts/stackstate/stackstate-k8s-agent/1.0.96/templates/cluster-agent-clusterrolebinding.yaml delete mode 100644 charts/stackstate/stackstate-k8s-agent/1.0.96/templates/cluster-agent-configmap.yaml delete mode 100644 charts/stackstate/stackstate-k8s-agent/1.0.96/templates/cluster-agent-deployment.yaml delete mode 100644 charts/stackstate/stackstate-k8s-agent/1.0.96/templates/cluster-agent-poddisruptionbudget.yaml delete mode 100644 charts/stackstate/stackstate-k8s-agent/1.0.96/templates/cluster-agent-role.yaml delete mode 100644 charts/stackstate/stackstate-k8s-agent/1.0.96/templates/cluster-agent-rolebinding.yaml delete mode 100644 charts/stackstate/stackstate-k8s-agent/1.0.96/templates/cluster-agent-service.yaml delete mode 100644 charts/stackstate/stackstate-k8s-agent/1.0.96/templates/cluster-agent-serviceaccount.yaml delete mode 100644 charts/stackstate/stackstate-k8s-agent/1.0.96/templates/logs-agent-clusterrole.yaml delete mode 100644 charts/stackstate/stackstate-k8s-agent/1.0.96/templates/logs-agent-clusterrolebinding.yaml delete mode 100644 charts/stackstate/stackstate-k8s-agent/1.0.96/templates/logs-agent-configmap.yaml delete mode 100644 charts/stackstate/stackstate-k8s-agent/1.0.96/templates/logs-agent-daemonset.yaml delete mode 100644 charts/stackstate/stackstate-k8s-agent/1.0.96/templates/logs-agent-serviceaccount.yaml delete mode 100644 charts/stackstate/stackstate-k8s-agent/1.0.96/templates/node-agent-clusterrole.yaml delete mode 100644 charts/stackstate/stackstate-k8s-agent/1.0.96/templates/node-agent-clusterrolebinding.yaml delete mode 100644 charts/stackstate/stackstate-k8s-agent/1.0.96/templates/node-agent-configmap.yaml delete mode 100644 charts/stackstate/stackstate-k8s-agent/1.0.96/templates/node-agent-daemonset.yaml delete mode 100644 charts/stackstate/stackstate-k8s-agent/1.0.96/templates/node-agent-podautoscaler.yaml delete mode 100644 charts/stackstate/stackstate-k8s-agent/1.0.96/templates/node-agent-scc.yaml delete mode 100644 charts/stackstate/stackstate-k8s-agent/1.0.96/templates/node-agent-service.yaml delete mode 100644 charts/stackstate/stackstate-k8s-agent/1.0.96/templates/node-agent-serviceaccount.yaml delete mode 100644 charts/stackstate/stackstate-k8s-agent/1.0.96/templates/openshift-logging-secret.yaml delete mode 100644 charts/stackstate/stackstate-k8s-agent/1.0.96/templates/pull-secret.yaml delete mode 100644 charts/stackstate/stackstate-k8s-agent/1.0.96/templates/secret.yaml delete mode 100644 charts/stackstate/stackstate-k8s-agent/1.0.96/test/clusteragent_resources_test.go delete mode 100644 charts/stackstate/stackstate-k8s-agent/1.0.96/test/clustername_test.go delete mode 100644 charts/stackstate/stackstate-k8s-agent/1.0.96/test/values/clustercheck_ksm_custom_url.yaml delete mode 100644 charts/stackstate/stackstate-k8s-agent/1.0.96/test/values/clustercheck_ksm_no_override.yaml delete mode 100644 charts/stackstate/stackstate-k8s-agent/1.0.96/test/values/clustercheck_ksm_override.yaml delete mode 100644 charts/stackstate/stackstate-k8s-agent/1.0.96/test/values/clustercheck_no_ksm_custom_url.yaml delete mode 100644 charts/stackstate/stackstate-k8s-agent/1.0.96/test/values/clustercheck_service_port_override.yaml delete mode 100644 charts/stackstate/stackstate-k8s-agent/1.0.96/test/values/disable-all-resource.yaml delete mode 100644 charts/stackstate/stackstate-k8s-agent/1.0.96/test/values/http-header-injector.yaml delete mode 100644 charts/stackstate/stackstate-k8s-agent/1.0.96/test/values/minimal.yaml delete mode 100644 charts/stackstate/stackstate-k8s-agent/1.0.96/values.schema.json delete mode 100644 charts/stackstate/stackstate-k8s-agent/1.0.96/values.yaml delete mode 100644 charts/stackstate/stackstate-k8s-agent/1.0.98/.helmignore delete mode 100644 charts/stackstate/stackstate-k8s-agent/1.0.98/Chart.lock delete mode 100644 charts/stackstate/stackstate-k8s-agent/1.0.98/Chart.yaml delete mode 100644 charts/stackstate/stackstate-k8s-agent/1.0.98/README.md delete mode 100644 charts/stackstate/stackstate-k8s-agent/1.0.98/README.md.gotmpl delete mode 100644 charts/stackstate/stackstate-k8s-agent/1.0.98/Releasing.md delete mode 100644 charts/stackstate/stackstate-k8s-agent/1.0.98/app-readme.md delete mode 100644 charts/stackstate/stackstate-k8s-agent/1.0.98/charts/http-header-injector/.helmignore delete mode 100644 charts/stackstate/stackstate-k8s-agent/1.0.98/charts/http-header-injector/Chart.yaml delete mode 100644 charts/stackstate/stackstate-k8s-agent/1.0.98/charts/http-header-injector/README.md delete mode 100644 charts/stackstate/stackstate-k8s-agent/1.0.98/charts/http-header-injector/Readme.md.gotpl delete mode 100644 charts/stackstate/stackstate-k8s-agent/1.0.98/charts/http-header-injector/templates/_defines.tpl delete mode 100644 charts/stackstate/stackstate-k8s-agent/1.0.98/charts/http-header-injector/templates/cert-hook-clusterrolbinding.yaml delete mode 100644 charts/stackstate/stackstate-k8s-agent/1.0.98/charts/http-header-injector/templates/cert-hook-clusterrole.yaml delete mode 100644 charts/stackstate/stackstate-k8s-agent/1.0.98/charts/http-header-injector/templates/cert-hook-config.yaml delete mode 100644 charts/stackstate/stackstate-k8s-agent/1.0.98/charts/http-header-injector/templates/cert-hook-job-delete.yaml delete mode 100644 charts/stackstate/stackstate-k8s-agent/1.0.98/charts/http-header-injector/templates/cert-hook-job-setup.yaml delete mode 100644 charts/stackstate/stackstate-k8s-agent/1.0.98/charts/http-header-injector/templates/cert-hook-serviceaccount.yaml delete mode 100644 charts/stackstate/stackstate-k8s-agent/1.0.98/charts/http-header-injector/templates/pull-secret.yaml delete mode 100644 charts/stackstate/stackstate-k8s-agent/1.0.98/charts/http-header-injector/templates/webhook-cert-secret.yaml delete mode 100644 charts/stackstate/stackstate-k8s-agent/1.0.98/charts/http-header-injector/templates/webhook-certificate.yaml delete mode 100644 charts/stackstate/stackstate-k8s-agent/1.0.98/charts/http-header-injector/templates/webhook-config.yaml delete mode 100644 charts/stackstate/stackstate-k8s-agent/1.0.98/charts/http-header-injector/templates/webhook-deployment.yaml delete mode 100644 charts/stackstate/stackstate-k8s-agent/1.0.98/charts/http-header-injector/templates/webhook-mutatingwebhookconfiguration.yaml delete mode 100644 charts/stackstate/stackstate-k8s-agent/1.0.98/charts/http-header-injector/templates/webhook-service.yaml delete mode 100644 charts/stackstate/stackstate-k8s-agent/1.0.98/charts/http-header-injector/values.yaml delete mode 100644 charts/stackstate/stackstate-k8s-agent/1.0.98/questions.yml delete mode 100644 charts/stackstate/stackstate-k8s-agent/1.0.98/templates/_cluster-agent-kube-state-metrics.yaml delete mode 100644 charts/stackstate/stackstate-k8s-agent/1.0.98/templates/_container-agent.yaml delete mode 100644 charts/stackstate/stackstate-k8s-agent/1.0.98/templates/_container-process-agent.yaml delete mode 100644 charts/stackstate/stackstate-k8s-agent/1.0.98/templates/_helpers.tpl delete mode 100644 charts/stackstate/stackstate-k8s-agent/1.0.98/templates/checks-agent-clusterrolebinding.yaml delete mode 100644 charts/stackstate/stackstate-k8s-agent/1.0.98/templates/checks-agent-configmap.yaml delete mode 100644 charts/stackstate/stackstate-k8s-agent/1.0.98/templates/checks-agent-deployment.yaml delete mode 100644 charts/stackstate/stackstate-k8s-agent/1.0.98/templates/checks-agent-poddisruptionbudget.yaml delete mode 100644 charts/stackstate/stackstate-k8s-agent/1.0.98/templates/checks-agent-serviceaccount.yaml delete mode 100644 charts/stackstate/stackstate-k8s-agent/1.0.98/templates/cluster-agent-clusterrole.yaml delete mode 100644 charts/stackstate/stackstate-k8s-agent/1.0.98/templates/cluster-agent-clusterrolebinding.yaml delete mode 100644 charts/stackstate/stackstate-k8s-agent/1.0.98/templates/cluster-agent-configmap.yaml delete mode 100644 charts/stackstate/stackstate-k8s-agent/1.0.98/templates/cluster-agent-deployment.yaml delete mode 100644 charts/stackstate/stackstate-k8s-agent/1.0.98/templates/cluster-agent-poddisruptionbudget.yaml delete mode 100644 charts/stackstate/stackstate-k8s-agent/1.0.98/templates/cluster-agent-role.yaml delete mode 100644 charts/stackstate/stackstate-k8s-agent/1.0.98/templates/cluster-agent-rolebinding.yaml delete mode 100644 charts/stackstate/stackstate-k8s-agent/1.0.98/templates/cluster-agent-service.yaml delete mode 100644 charts/stackstate/stackstate-k8s-agent/1.0.98/templates/cluster-agent-serviceaccount.yaml delete mode 100644 charts/stackstate/stackstate-k8s-agent/1.0.98/templates/logs-agent-clusterrole.yaml delete mode 100644 charts/stackstate/stackstate-k8s-agent/1.0.98/templates/logs-agent-clusterrolebinding.yaml delete mode 100644 charts/stackstate/stackstate-k8s-agent/1.0.98/templates/logs-agent-configmap.yaml delete mode 100644 charts/stackstate/stackstate-k8s-agent/1.0.98/templates/logs-agent-daemonset.yaml delete mode 100644 charts/stackstate/stackstate-k8s-agent/1.0.98/templates/logs-agent-serviceaccount.yaml delete mode 100644 charts/stackstate/stackstate-k8s-agent/1.0.98/templates/node-agent-clusterrole.yaml delete mode 100644 charts/stackstate/stackstate-k8s-agent/1.0.98/templates/node-agent-clusterrolebinding.yaml delete mode 100644 charts/stackstate/stackstate-k8s-agent/1.0.98/templates/node-agent-configmap.yaml delete mode 100644 charts/stackstate/stackstate-k8s-agent/1.0.98/templates/node-agent-daemonset.yaml delete mode 100644 charts/stackstate/stackstate-k8s-agent/1.0.98/templates/node-agent-podautoscaler.yaml delete mode 100644 charts/stackstate/stackstate-k8s-agent/1.0.98/templates/node-agent-scc.yaml delete mode 100644 charts/stackstate/stackstate-k8s-agent/1.0.98/templates/node-agent-service.yaml delete mode 100644 charts/stackstate/stackstate-k8s-agent/1.0.98/templates/node-agent-serviceaccount.yaml delete mode 100644 charts/stackstate/stackstate-k8s-agent/1.0.98/templates/openshift-logging-secret.yaml delete mode 100644 charts/stackstate/stackstate-k8s-agent/1.0.98/templates/pull-secret.yaml delete mode 100644 charts/stackstate/stackstate-k8s-agent/1.0.98/templates/secret.yaml delete mode 100644 charts/stackstate/stackstate-k8s-agent/1.0.98/test/clusteragent_resources_test.go delete mode 100644 charts/stackstate/stackstate-k8s-agent/1.0.98/test/clustername_test.go delete mode 100644 charts/stackstate/stackstate-k8s-agent/1.0.98/test/values/clustercheck_ksm_custom_url.yaml delete mode 100644 charts/stackstate/stackstate-k8s-agent/1.0.98/test/values/clustercheck_ksm_no_override.yaml delete mode 100644 charts/stackstate/stackstate-k8s-agent/1.0.98/test/values/clustercheck_ksm_override.yaml delete mode 100644 charts/stackstate/stackstate-k8s-agent/1.0.98/test/values/clustercheck_no_ksm_custom_url.yaml delete mode 100644 charts/stackstate/stackstate-k8s-agent/1.0.98/test/values/clustercheck_service_port_override.yaml delete mode 100644 charts/stackstate/stackstate-k8s-agent/1.0.98/test/values/disable-all-resource.yaml delete mode 100644 charts/stackstate/stackstate-k8s-agent/1.0.98/test/values/http-header-injector.yaml delete mode 100644 charts/stackstate/stackstate-k8s-agent/1.0.98/test/values/minimal.yaml delete mode 100644 charts/stackstate/stackstate-k8s-agent/1.0.98/values.schema.json delete mode 100644 charts/stackstate/stackstate-k8s-agent/1.0.98/values.yaml delete mode 100644 packages/stackstate/stackstate-k8s-agent/overlay/app-readme.md delete mode 100644 packages/stackstate/stackstate-k8s-agent/overlay/questions.yml delete mode 100644 packages/stackstate/stackstate-k8s-agent/upstream.yaml diff --git a/assets/icons/stackstate-k8s-agent.svg b/assets/icons/stackstate-k8s-agent.svg deleted file mode 100644 index 478389d3a..000000000 --- a/assets/icons/stackstate-k8s-agent.svg +++ /dev/null @@ -1,16 +0,0 @@ - - - - - - - - - - - - - - - - diff --git a/assets/stackstate/stackstate-k8s-agent-1.0.49.tgz b/assets/stackstate/stackstate-k8s-agent-1.0.49.tgz deleted file mode 100644 index cacea319e431e38a55a5fab1b5793ef3401e2448..0000000000000000000000000000000000000000 GIT binary patch literal 0 HcmV?d00001 literal 31844 zcmV)^K!Cp=iwG0|00000|0w_~VMtOiV@ORlOnEsqVl!4SWK%V1T2nbTPgYhoO;>Dc zVQyr3R8em|NM&qo0PMYef7`gxDEj=n`V_dz_HL3&l;qb$x7+7<9e3Af6Whmj($l-m zaUc?sP*VgK0PU!W?`OY1ypbRYij*uX$=2+zS(yZ82Ebr27|aY9hyFF=kfZMP3)Y1b z6!G5S6jJWZ;Vk^Gbv*rkzrVM$Bmdj)_ly4>Z13;?*I;MAzt!(=?e(|*t3TKsZ14XU z=&uEP&66+=>3{X_jjPzWZ{&edL^$M_L~Pgsz=s@$Wa9ad^ALHM^n64)9%B>?K@2I6 z5Oo#{FpEPt??!NjhTuYQ)rH_Ha3DC!S>-wzq3#W$43lUGe)#K;18?xs>v#JRlhP~bd^Jy~jd@}3FqVF){ zuxIs`>MQIE_@)wtx1Oq)FhqS4aRIpiV~WCAS2u138Anur9fhdplp-OS5RctVTGwcP zOK2cFd`2SCT{xPwx`2!rqBn4aL(J!`t~IEw8N?BXI6_obLow7ydTVHzmeeq|3{11tLy%rob^1r{mvt5$^gWX5@zloQy%$@1FSo|Q_TEeX z#omq&cV7B_fck^cc7LzG>-%V{@4ws|w}anAo67$%6VO#xgy|9AKIcKXHnztbN)&i_q3Ph3yy3HVt~ zu@Kxqip3Joz>}7{Y-)|#35ZF+JPA|O8G=uD6$lveDdHIl{dZ#|;08kg!G{Z3?*kws@m--- zur%@%HJ-rs0GeA2}2xB6nvJ$WI>Y6Ydw+6!08R56bDE^Pk##y zRD1+vEPqRN&}-S{hoIeVJptn+3>Shi1qz^w^(45~6Tl&zAbv4t9L)r*OZhiAz0jI5 zW*|UuNak{wpT>kSJPHv|!fXga93>y0wQMj$(3Wr8triR=2g^P&>VMwuwc{v2_-xE0ZFln~{m_iz$2uBkecKXsokzmO{fIo-;jsonwo0_}7S^K|U3vACL1y0wzC$SbPr%Vjv9&NhHP~z~eEZDB|I~qrdtv6654gVKhO3q-v^B4pos>3jpT( zz)b!UwBm?y7=|gk$SorB6N>p<^d|bq4@oq}lZ2`=mK@60jlgM) zqKhdWYl&Cj8315BD-#LhSuK%iX>f4%2Fys1gs6Z+?tKA>5Wgk#`jSH5nk^Z&{P!gg z>xzJ@nhS}DDdEH?;c>)bMv}wnO95DbX5<)Bxbd&&PEKtPvYcfJ1;+L;4-XV&| za|g;fNx&_P-z^VN({B(~;%WJ8jXrN`-+eA*7`P?=Xk3M5&yB zpxaflc8nd2t=@aYS}hMih#41?TInIo2qwY5d`b}l*J#eb2SM0}4)`Dh;s*eu0DK4_ zhaWmXa2FoWMTIdAktoQ-(xBdBU&>GhZl~CvO35GwX@tb`$(2eF&YuBIRDdFoFuAy- z0#A`WgRxT2(lz_H_r*?#DJD`Vg^;lmvF>-f;7q>+zIZEzk~K@T+E=QnR03<=V#Aii z56y}u9&0VHTnd;ctE9`k+20DR=l4Tpkdz$?8<7AfIy zl99mSWC+@5doLLHFJ82lK_e8yGZJEdz6hHr1!7q&!75$eM>!1rV!)l7Uw4l|}gQ6Qb6N3N?2?fK7y@WB&Dk4%aEra(a z-L%vo49VoRluKHUhGa4kGwue_kzlfUM<}#75FeBTlcIYl*EQ4u0U9Nf4#3fvbigg7 zQ3oJO3GD!%VvcRDjgip2pEQC;=K*I&*@1bbe z@yXv#TP-sy7)hv)ST^(_o?&kNUDFpS1W#4;{5TQ)a(MPOg|1K*-=DSb zi|GxT31P4R*-Vxgg7(f<{|#-F z`N^e~R*<%oHk#K%Qz%}mdRCQoD4BhfD2Xc&oMgG=H7a&*BdiXqV@lEr^|Y9x4XH6&b|Xqm;TkG* zF-bwoR}$7b8xO<$8K7Ol%RYP8scb*GL6LF=aqbi}0L@KE6}A9LJVj{M#-RxbZxE;0 zZ%V^Vm#!v4!&{PyOSJ{Fb#}cg15dM2cm{5#C<0_;&bEYpNM}m8$bApbFUJRG$3^-y zCLs%(Q%7PF5+%bMbP_kkt9!{nw7N-rl-}B=2UB%>5rKA%+MQ>fOzBpywp>-i>fVhm zL6I(aDCbqTD_8Ll(n(4S(+(1afm3elhBsC9Lqd@}dSv?SF%X+rJW4nU0Es|=q&Ex- zz%8NILLt=j+C&tObQ-rrtz8G~5>8m=H>OuKPE6M+HcXXIxk(W_kc39cd(866xAvW4 z_rk#xGUf0@gl;4loN=1?JfZ1|{^SX;DY0Gy@E3!2@Yi9cDr>irm;@cm@2Mk~y$(R! z_iPvd{6)eSApXMPWbju3LyeL70;1A?lsl_%(_na8|s0r~WX<rAxeiLW+MV1xX@caG3Z3-BvZ)Meo!c; zJk_5xo_n-1PI*f4P?OeXd{|(^60kKA=7$i^R-x`tR`kFtSz39mA%>Liazr=?5x0lM zj6$iE!1(9$DVocnRTEB5)ruZaRNtc;Smx1R({AmmZ^nWd&;6BArxu1L*i#czNY%IM1A9ZvHr9J$G&{xRdTUEA>i~)% zBN51}^y-s_Huu0`23K48hu|PYl(P;v@HxK093$2NhceWGb-*c~BFfCzr?pe%&sbCz zx5|{V#>v+Dp(P*7p2`~!NJ7f#@E4K{~NF`?1~srXX%r9MYf85B};e{2rh#E&7^?e}*V!BwGT zXHB7J#TE0Xe`-u+S+JDhPso|PS+5w+mV>>r$9pqR4~@(6^l;*D>f`S6Z+8M*(VM-} zH>2frY%QR^uN!OG8oLm|8XQ)uJnI(XU7Ks_A`iNS6x_=R)$J*_5Z@ZyO{+ZO7UI39 zW2w{gt%z{pskke4rT&mShoEV^j~i88=#R@kwm`uByUI13S_qnPLkOOQN^)pOPij!7tSg5*4t~PyI%=JG_BHI z!lmJ?!DAv%TD8AKnS_FaP1&<13--@kYgi+vnkO!|nkO#D8YOCShUvVUU}?;j_6Ah0 za6A1he5Vek@?xv^`AfasUS$4$MPI*4TuZt1sW$94XhK@Ex)DX-X)|^QTcR0dURjs3 zQx51l{he}v@9*+NOq{-6xQ7x+@vW!B`!CX@D97prNE4$7WX6Y=L=plM5X8>GuAD|- zhh&oZG(7?7p9{At*Dqv*wR8&3w%o4miVd-;{*czFR~mA=p$yZyw?Z)`GY)ZBfoQ2c z&z86E4JrUVz+R_D)@2l|Ea(Q?IZ0O!v7w9`yxgjmaV{(?2)L~}%9r&?&Zt)sx-bR4 zW>?dU%5_QK4B|RPZwB?@Tun0^>rMd*)Tn2wBEXSc8)7K< zMdp$cIu;594JCPzXJq^$$cpI}nTbLij z{9FnDVXe=VXg6hit|Z`LY|oYG9@g|+iS~gk&o;h=hG(siXnmxq-8r|?HQP2i5v^!- zw$MM2(YYGK1KXUd5pT@oTus6QS)8j8KCr>L8u3Hfn{yboQ8{O7u9_w?nV&yJLMzP7 z%&eiwG>3LQ7SjeG8(I?f7FtW4c=wu8RTcbA%TXhF9LUqKp`opB<~I;Er4MRhtI>rTy>( z6rd=z-ZC5@A5tM2Kh9g_w8#sZZaKy^X>hBR?L$<%tVInSf^zAt~I6DTv9{mISa&&(5{JH$|8qM{NOze=2SC~as>IS61%ji`#Ck@-% zcc-W?GUlLykYC^abaZ}lba`|E4qv~$xI8)sCkJni3{59i?rzJW(1?L708p(OCSkR< z-l#pkzP+WIJect5CAn64AVs8eN9U+XXjsul7ncWzzg}D(Tpoe9=dVrIh@Zx&m5oo%ZYA?0_z2%T?NzA@ne#QRB^FTi}GqASMPN2 zep@U=su1R(ELFVh%DxawajAkJR3S`}pyW3>o!c25Z57kjwhv*&41X_cYWG`=m_T2u zYu>pjm+wosA=>XOs+4HT(&^keFjrJ9G^o_5wvf^7 z_qp#CM9Ocnc=2tS)K2kx3^_+M5=H*cZ?OCCe)r}3r~1b~|JnWLKfU+Q&HHEHw{z9+ z^3d9;IB!5m9#G5m`>rr(O$VW6|M$+th$}OgvbHv7A6;JG@1+8C+PH5M=RrzYHVK~=Q$-JOBs{GNi+bT)y!0B9q4R(gRHQ1-3~ge<&11(3dK zQs0VeP61@^8bPq4k~0w5%O)`Fkm3}E^|A?!Ts&|J#D3cZN*YR=LNITd)XvvzS}Thm zPOGM`8ns-9#b=FHFI;uIg{aqjUyBLulZaC>52^Vmt@2c=9s13bQ2cKaaTvxVfC(qe zhgOA{1Oa9=kyj>^!f~ zNy_kh1=$t1(%*dgv^*`jWLBR6C;x!65PSwW3dG*|g~4c9o{ZJeDV~Q>~Nh9jfN91QIr+qS;!6+Dl-$1)J!cmV++a1vE`r=>YPYL+p zXDpNOun^BYh|N{<@@!ikM<=5h=F*z(dEO8I4`3leF&J$1+u(gGCv=rB8fbs|1aRbs zNq}slUp5nzQ`fo9tKSA5xV!6FB667<#qREg%hcp>0`BhG_C2k}L9D$D9Lph1fkWng zUNf>6mlszDXUA8+9{od)hP15yjgnb5JZh2u70u7l*v=EKK-Bi5xzts4p;iAHN#{M* zg)#14qj`z4><~)+e0_9z^~>qSWi_Q^jKZKmrF^F@1{IVg%$pL%brx-d&B7!woE*G4 zS{+M_d^t8JP+!1mx5)*52-@F2b&&9^YmIir`JEcr49CIGM<EyD8FGC0zuu?+4<>Vp$R?FukupUcDek;KQ5fb*_^d2Mxsz&s8DSO^S-${Iyw01 z_0g*ajkW#0D_UoOzCC|k0=SsZ^Jj(@x7(ogVd|9{raH=<86gUUFH&Ajm0Ch9=DRpL ze|LO%bX8_jLD)G85oE}d2f%lCj$9AbNDkg!{&IDB`s>lj7nC(A!3m#s)vXmB(B;V(yrzg}Ej9{hZDcyRve_~hXA@#R07 zOn8^ed<{=ILQ5PCI{M$2=Lc7Zrzd|q{`pEDlAjl+acVPAK-+b_|I5+A>&suR&Q8xS z3y^kqcX!ME^7`oD)zSIY(d(nb%aR0aOIMG4rPrrFU%fthcT}G44TNRt(E2&eLSC+A z6{=*0uY-z{qszaap8tAvd46zseDd=WlC>hrWdW|U^V7@I!_(JS$0rwOYOt2Tx8Mrq z#W)X-E-o5M-(~MAU4Z!T^yKp3_~htZ&D*Qvlgp#?cL&v@-RyRN#TZX?udWAWn%BQU z|E>X}2|;Q+nh&&KODTPE@!Cl0W?EG_5UOq=FbeMF>kFa19sjL~EO*|*y$I9g#X9?` zuuRlmx1U|o@8sC?epr5>TdbWJGJwj`ejZdL|(m!O%k=IfX~jjYnb>eR(Q$CV@tDY*5WB5RhwTJ zpH|y8N>N!;&f}j^dZ}P6cY?hsf+3%pcQW0ZdX;9ID~De+T=EykW$C6nqbpWH;0pNA zI0~T@t3c1kau`E;DOO??(50vi4ZRo?u?p-$U`EPcD==F{=#Yfs3Ow30yVV6A-JjnY zL>S$N;TA>@-IL?$0)_6ya*Kn3$~-5AIz8jouvDVS7lW<6RwiWSwTxNTORY~2!R6tZ ztG3u}S+xs%Rje*Zy2X6jtc8|qKq-DmK+*?F9{3C*eWoZ?yNlLaJQGVoa${O+flhygy0!tCClT$54~s*v|?Annm4>iHBC`Hv?Gx%~ORMv_}<;5Rb|vWq^8Fff`8U z2GJ1Cw<_DG0p`k8!W4U@0Min%)F4~K4HHU|xZE&fpzV!WPnD@=*s5uk%Vm(xSfyq* ztY9(i7*D$9V^_^~*JO;<^pdAFkup?j0Y54f`YinsppQVi*9PsY_TAl8vDV@VYW>mp zY>efTotP6ce1k(Y$%X&YBsySk8KOhbR{?EAakCF&IKrWH;xt+S4Ac?Y!Ryy;?R;ry zKPQC$4Tp%$8Ame{@+4^wnQmz^iqBRHRu1^{XxEuxPfspRU)P_j zepQ|gkDdaLo&xvw6jypFiG-51X^DJR%9Z0U9Nf5&|}7JyoEW6?g)E zfhw@0P#r)faRCyAb1^3OXM%?dN zpB@iy9uIHsb$C+@j(MJ@uz4Ap7*4n=sj;8eT+^1#K=nhD3h^yEnO}(N3 zO1FYM#2!*4Q(~q# zgmOCvzb7!nV~hd-<5)JsYyBN5=(0Q)I7E{e7$F}f3;{-FxdfN8@zR#A?yHaq3)F21 ze2N)(sxx!GI=K*KrDhW&|C!f19s{Z@q6&ysu9!|}C*R>LQ>IMw2^oNrcuj4ye$G_+ zZh2iZAJgtNWhx6a>VL5gr3qqWTZTV2A7YEnv|ALEycId6HTQOD0%M9JJ_hYSvF@K( zy8!L`s4+~GE5>d!gfMeRZ6CEXgb=mO1rXccGs)l?=)&ld-}7~ zo>rM@WHw9F7dIqW6;=>o99ubpJWP5Gx2x7xb&A57$EH2m5e=&94wH4u_)VH1=NU#i znN&|6#Ifm2CoDb43RJ0zWje6bvNDtzjNk+X-O)Tx(}hmO?H-ui)tf5RE}7ZMKN_=_ zs@hcwJZlSl=4FrR8v?CPe=0c;eD7UqMZ)_DG9i+jN4-LP=?xRyT1a#uWH2V|GP)po#I8YS?p(x|5MeYL?{ zbdA;8SXu(P?|>@la*lXHRf=$P$&~WPX((R`K0IAl%!e}Y+J@7D={E<&ajFT!u;}oV zAxhPnBJjnvDwUOU6a|P1ty5X5`4sX@C4<0h4!zb}CU5krU2SCn^pxfXn2(ZsV zTfS{)r(}>%Jx)A6Me3DuNkbob8+`vv^k1_vDdFqp4_L$w=a{AGSAnM*YMH#H`B^Lx z>Winz$l1PAvrE3pQ_q|VDEsv@ckQwProLTq5{6y9eA>$WQfB?G1;sh~>3mS>cEKxY z0|m!&cBD+IFBLwKm&hT}WXQ!%MC3*FF(3X|7=M#aPrs~|5&F=`SovPYfoBni+UF(oLqfHU7S~X zU@X)giXlgUFlE&$v$?X)5ti#%hGsX29*X6aBGCRn18=a??YDtWxwfRnfR5SF)Eju3~QyNE-VZ)*RqIseITwbZPlBt#<|1vr{C3j?aj|32vVOZnfo z`#X>4Kbv?KY~L++a2Vrv#*j%z(3jV85sLo}RYu?!%GNn(UE?Si0&RIbCn5StF-mKO zI1C_%Vu8(8&XRw)#cnN=8M(m@)7X=}EaC8ukwj%{s?dN*gd#o!IfR0-wdWL!@z0bb z@q*^I04TL~VdJa}sw`2Lcn@1$3zfWgOu^KK-2-*S;xc^}nS}1;((?7=x&Py1Jxj^| zoT;rjjvD#j-z(n#wzajrxBn>rH}P0{+M+d}p?TL{C$iN*mU{!^Z(B|ATSNGF30T znt8R^-9%m4xC~&i%1qD9RnE#s6>@+2T2rDOHXDPiD!jHQ! zd~y!`&ilHR*J%JQtTDzmJMT>vn%pjmIZ&TtkT;n)nNPF_prmW6Yhtef{LBBrVxw#CB{o#99_ z)z1|A=q#T@ZfmFSir)cQ*n~Bjw)xj`ugXQutSb*hsi&$lK9q}Q*GS~Zs!Hro22e`j zU@=6~o|p3>e;0^(3U`8-Cx17Hc^>+X5W8_X7LX*FycBs3C}*cok0U%wJyk(k>bY;I zmU^67EAn(#XOpO*-<4Uy`cjo&qTFlMXxEWzB9G6NaUzGXb`lk${PN(7QSD7YR|Tk- zJF0xYMZT}Bg!bjii&98blGz}UgnAa8+Z57C)RDG0sYHp?`qUD22ulejEF8;E+;vUe z`s5Q?&zEFWO(Ke_@ot!oqKu<1DMb#Um72mq?V_tJs_4$`$s1g0QAWG)x{5sYx@YVw zE6VW7H&x_;WcO8+>$-2P$k$&u)gM+0El!rP1euGnQY-|HN{Oab3TzS@0 zc!hlH>REbY?u;7Ga5!Sx%~KiMZXQ>RyLlY3?kU`bG4FOmi%!@}w8jA}FXk7TKnvMR zGRkvVOl(jKvYAwpP|j^)9y_H%(3S3ub~**~6q89*xK%lOzck>>MSA4xEqRvaYGy^| z2uD*FWspeuWTi|Jjrz!`KjmI7=*gI3BKbFjjOA^LrB9VYX#tQDEiC70a?<(*m=3|G23%V?i5pH}-?#`kvsN|X#R~t< zFMYiF)j!Le|HmWp5^_& zQrEA7kNO|S{j2DOS?vgwpAeSQl0sVYVru9ewZZYPoB#RjAz1*>G9I8c^M8APZ>u=} zw+35}^M4bMjK>wz;vBIB5tL!5v(9HT=-f7etsWrcmK#f+=4?PfHx|4KJ0A%nmtLZ)$FttslKNI=omzPFt$3 zpQ%KU5|_F}S|H4uy1FO|VuB-{R!v{j)r`OTyT5k*ZLN{sOEvZ$q2Eh(YLmV7lJkGH0N|SWzt!K{F2(=#w;$*KCZ6>~>=t~l zH$9yVg;sVL7~?Co^OCt{hTyXViX+Ug6dMoq3uO$q&PMfqNms9SjCby3`T!^HvTNN{;!w-peFu*cWbM-{%`lU9__yydDa=(|An;x zbFA(TbhkyOE^#OnY=!8a$L@~UvoCw@oRS4|b5)qV!e?caKa@l255tJc3<{~g8{jqWpJalaKnj5k( zF8e<-ze3~CV|!9Bjy-PXndEM|VJ00_z9`0cQBe94(c#jFkR5C*n}R;uUkv{B@x|rQ z$$jCjAsxWilnvnY_3NXixIDNx{(tMTf;7jwD3!oto`Y{S z&%t9P@q8(Bn z+$g!}`Pi}q=T7mQ{9GHGz0yJ0X1Ye5wE2XhW*t*?G}pXioPvI-+h**F%O1tuuUEhN zSoTc?f!qE3;8EZ#e|x%lx}^;t^(FB|x&pZfUkqW}M3ufO{! z|2Oe`nfTBDh``TWK%^BbbXZzAGnrSV^C{+n~MB~^gh{okN;|KHaBWB!+oJc}~Btmyaq)#P+> zZpG3pyalhhY$K)8E`R!jqYBSQGYv#RLrFOqZ+4j62$*&D?C?llaxb{bPVjLb_@DT! zBLA0709L2}?e6Uq^}oHn!K3`&#Itf{uLlT5-u$9a6DslTr}wITYUY1PCXU>4-^f!q3K!$O#@qiJYLFS1ZA1oG=p6PO0G@zflMxCL2R?}+mz8pDdZc}TIOwRH}V{2EM|4Z6{YVAM!gW~yLf9uiyyOHN%=l?=e(bpsf z)|wAyQN!+G3|ib@O%yDLq*-GAua^9!LH^JFPRah$-+#>iw2^1o`M+|Gm@hZE4Q(+c zGY)Ym`PU@&5KA^n9oMFu$5)|D`goBUAx4%{Z5Jd|Wl!O8 z=nAJwXsBW<1(Ch$7wo@bjIXZI{KxM{J&bD33gc z#+TCe4VU_#YdAm`TwRG7ab>k5CV_0LRZw@IgdiJ}FR*6h2@V$Gw!g0#bsDg|xCbhV zJpq?f1g@@P$fs9V05d?*?+Ksq&B{6_u2q>CC9N}o9MQR7!A`lP|5e_1R0>Gz)x!5Y8 zB+f+}Owh-nq4TNt{Mlp5pZ|!bx&D{t>0P(}x3{%dvi}SQkLUjzd6w1x3ORx#Ph2#< zcW3Dx%Z61&b4YkU-^^Sq-KD=+E}(3Hm8a1~E*((*-5)L~P}cYdPY+b$fj@d~psa82 zkr-%Eb{j{Jt}nGsf%@vaHpPPFq&ARF3h|X)liBlQ45OfnqMIKJp;lQLvGMv*hSC|u zwwK$t7TaExJ*P-#Me3YCTq>Ei$z{?8PoxHn0&qJ;5lEQOlAW8&W({nVm!+Lc%+k(n zFIEmGt`Oi~I&gSF=&&<*xKN@p?$9;m_4HVP#GW$CW4eJf#3N-c$b?W`oA9Wos`M)B zIB{1hT`MO)YXqWc=Cj3W+d`gnM`l*Vh~6(~GQ+xw5X}tRR}h~$B}_45UW&MZ|F1#W|EvG#|FMy0Q@&kaPz*e*ZoxWYU{%UlS*J{ra z^Z%jzzxuoTW&f|;$N0aEJO%w})?1WdDI@`$Z}KfM@$99{8i5?dSSdoBcg_ zzr+47c3V#VDo0a5^^Ei8MypzdqGY-xro=~V(IpiX$aTd=MC2M6M9iH2>kZ4_FlGGj zm`{HpjGrLGqEq$PEuq)Bqeyw?bNp)2@nqK2m5(PIfmr!?vNRtzl#@1V)k7zw%`k1^ zs58U1siV&N$#tGY9M6#FCybNX1@W(uJgdwAcAe*!ahe$UKCq46qe}P`Gg-*pvPFcX z$EerJ3R!@kf7=L9G-d@L*_%cH^ntEeD?>QnDgaYo3m+H4rAcI9MueMIuOD&ZG zqEE#dOfm69*B6H+Hy}+Rn&A(upHArM*XBsrob_Zg!(M zVPhC<(*Xn5h#8P0D!^9k7FFE_UCYUMg^HNwInpq8k*7SN(R5{}}RpGKJ@1I>~+ z4rOp846{tO1rh}@k|TBh=bd1NRijz@P+$prs!By$&34(VJ)k$kz?`~UJB4nx2Demv z?`?DoX>f3MtWMwcy%jB6nb4_Oe2VzjnuY1hJxi?rt0n(zkpFXMuXz49*xh}+|9>OT z8uEXB?S}sa_6@_+YxCwac334xoja^F;ip(ybZtBa==Zv^?biebKfw@2KB8^ik=CmV z>9{0UG^Wx|XnHHbR@Jr}SUd?Ra?(@ddzcr z-)Cw0{{a5qyW3^|@2yAw&y76m^X>ljmw`WYqR)z_X8xxe&TdF16C6#tN|9bl3#`-s z`u&ps$NppfugyFK`;Qp!3o+iW)o^=qJvHaV3xYx9?&{u&f(u-h7bGQKT!#cvirQ%m ze@{@FDNJm8Q~KL5#@A@x2A{!bZwE!bojt42efoZAihP7`5IuPhkJBppatYlxX22eiqa0teJ*{5ksaT263epb3#v;TBz*b?%8$~o=y@spVl>jq~xD|aPcGQ=xtw2i!P=jidwYtS5$5zGZh=CuV0iY`Ko z!3h#DV~Qg_2JJtw;h$LB4L&2t{W-;w%Kheq3v$|ds?y5JI+0ccZOt!j+quIv_9cAc z{nMoqwFn-2Rzb9J&$jRGUy78hNedCU7R=(xpL)JoZgp?V{Ih>N**DG4 zUxrnS%=5iE@DRnADaTS?kPRqyoS;cmU$YKwFY-ng7kCU9FU=V-#*=?Bf%Vg;3i>|- zPW~q&kyH0n%65LUUWEOqif;6&(f{tN`pKtm|G&Lku>TGA#j8jCZv)SRZs#{=2y|@Y zn{UmnjACoqomatIX@hPx!I8~dtP+>x8bulA^oFB^PrF=vt4j%<0cqB@3JerR!9f^L z;Yl(B+gnWlgBW40g94@BiJ*^8}nh&Jm3m-~^~KR|ykG2@V4sO+XC&YdAs7 zYdry%Q_KKMV&z}QrYH=7n5HU@4o8!YOsLQC4U&$#)_WKQttTKt6M2vVp2if7@kbP> zLz(~UnFmgza1KZ$YYLJ;j3@|kguIsb>f-8x6N*|-z#*Bt>+$}#jWT6U+W2Y z2Pq~A1IMq9Sj&qk`4{qe%fkVJJynj9f3>_D=92*RS|N@&qE|Ocj>){8KJK-&FxAavrl`uQ$Pbnv6W3%z6^;JIpxjS+qzx{@Q9ic>>OryQkb>wpyRTd6t~_GdNNA znP?>zd~SX2TF>X)f5flWXJBX$tDLP5VFJ|0Ul0rsJ&yh*-BSLJMpHtrpNcQtsr=N% z`r9+`8T7rrw+BAkqy|8#Fs;^c1PBcf71EU@(u-8+$aA1&0pLQS%KqzsIZ43t=d*4Td>pA#PQYk+a-rCo`6u%`j{LpG$PKCgwaE3Ud z)pfFs$8K?2)2O@R z<>KlI4bxf{Dp;Hc9R-z%5C_0F2N#!Um=O zF2Rt^+6XTh{`m~le)Do33vu~MS@7jA=2I*^&{N@AmYUt1P;Gq%&UkIH{~{y=pTP&| zsQ&?c1_we?1lU(v9~leb!Ka97F<@e+Q;tJ|uTqXnQ2@vRRUv7>;5Vt-wGIC>(B1eM zd}#lkz`2J>TaX}lPQ|IGWjO%}L!Jbsk^>aNYd-@blQ{`spYCKs%qNC8$I(QEm&7Ch zkTE=oq{+GrFrGPjhtouM&XN2AdLY0|{t}%c2M`>by#X^4B%y;!_4^V|4j~P21Vcr! z)qFzzDPmmSXC(We3`1I6^X+V#$hY?JxA%7os%0^BpJhrrQTw;|vX|7~WUS#bGsbG2 zpa_9$G-u$0TvR&XgV-f}kkJz#0?6Tqj?86%$8%A^Ttmjh@T>ROmm3QPZl~Cv>PwD@ z;GCy1;p)IGoIeAa!XQok4pshc6o52AM5%R4j1*0xNH$8(X$=S9NQy3bmlO);AV6_Q z<|vSyQp8uv&7T{@#Q8GgHqm(ctI51aB!K(v3hB!*%?GL{j{|Dju-{kc5}oqMDNbx&#g~d5vyRSeSq(e>;`Ts=eV#s_q~XIQqt!HD#%uF%e_xud05b2nKk0DUz>NB}NLsSC=Cxpej}^V7j*? zSr*|+vSe8#t4ot*F|8&~8eoY->_b){{3Mx;5EX1yH9w@Gz@H+)!w#rAJFyqy8RpFM z<0L;Fcl!OAoRV+QOf2@M2GAAiLC#dg9Mrvj{|$EQky(9;eoqi{5w%r8Q(B`5R2N;l zgRLsM?D%!Zw!|q-Z2PPjBWd+2g+h<p%P z8UWA`()R^TRB}@Z`8AF&SojWxI8d}YI_E;}yk#6az+=ErI0j;Y5V|v>Tqxm?3#FV& zDH)WBo6czU(m+80K z^-lHNI`@D!M4yDAN?af#Riq8|jf!rzhyOrq>0C^3^pR6&N1=$((LlkNl3A9vT<)aA z*d1LKO4WjIQR; zdkpLoaLmCJvVsYfahmu%p=b!60Gkx?HvoSz7zTeGnw&OIfDa=vA~6X%dIu|5yCdVN zIskFsla&GZi-aiZ{)NNI;IE>x;sEmnU`0{p_NAzh4bqi#k$j7C7`8Nqt-t1}7VqtH z+q&GgDE9>X9a6DLAF54&L_13uSI3g_C8scAV?t+2Py_+xI~v3!LSQs^jDH6_k+U6r zgtIu56x!YtJ#+doLOz)xCcj^0->>xddfri;babQr=~iG~r0OoiunMV}petcrWu7Rs z=jm#nnr0f&kO32`b()E~fuJbir6l?n8LfhqlIVYu(F!=zgvu*mO_TGkf;XMdt02xQ zFONCB9AkOBN2aPgy2tLx^W9&~TQ* zQTeM5B^(dDlBM-ACetTc5#b<2+-4@jJ4HBh%~m_NDVj@$gq%aMg%e-y+uSv@bcIeg z+t-zZ)48g=nshP?`|kLq3kjTyL3ThHJwQKYw$MIa6{Hi_t)SkhQuONpP_}{2K zjFK?C>$H{PC%%e}(}Ylr#9w!Jo!rr0r)`LkMN>MCBaY||4BNw({X6UYuS}SilHyr( zB4yDZpe#En62B18Bla{Y3q|ldpMYGYDcV@(t#E9~_C<8NX&h!%sgkE0QNo1X= zcBmE9s($gZPH}9*4rOj%FoSU{j~)e&So|SD0E!?Z5yo*6^0%!t{9e<>$?`d%;&P1FIbV?uR6 zCJD-T?_(HnOw|WF#4RIP{uDR$)nD>7w~YI~$GJAdb)V-}!(Q`&ZZ)EZInk}gx4t9Y zY8-1m)2&9d#zWm4l4VbIT`mx%V_h4=I?h^ccq<;Zy6MhNTWu8UKL%X@eck7v3s61K zLFfXEYdi^EfMwlBp$ky0^DH!vMs5fXr3P4aAex?->VvnU)~xN&PVkLSMGw#3Rvd{g z1n4?@e371sE<9>=!>v9m-FH!1I4G@wx%i~C<`C9~ZSq9Mgj(aa+wV(;Q0lA0`P-aN zs%lk0vqX?9fVL}FAb7a*RqL?6jQl|lK5b0vIr%gJyQkS6qqyFrpX9lcE}zcQDWn=y zF8@W$*9cMBwq)hu zJ=C7Ah@ruTE~aG0Ar6~w-ik;{JGU)w-y1aBwq>x^pz3D8R@8G-0G3q9fY$2)gY72n zQ41itme#?`oD-6(_I+KW7Q%GWly}(5>Oa`xn4V^43uA_LJ!@44uW-L*eyydsMOIl# z-$w8T;!p^H_HfYe-*sx1WQD=8GMj_f-14x@3Rk&*oYK`MGM^QF;w;UrTYo*#ElJ0QIlClG`EN+x^i$P5DE z96)`co(;FeXO$O{<>(d5q~CUrY5vAi6y3OHRuEtzgJ4*pFd6}%l>e+tYOp<&B2kO- z!2^D3DY&P>cme!1n~xh~TCXv=G1><)EjPx#HbZk`jO#T!H%7ZYBlIGaE|auADivCV zPHhct5FLr>Ht&EN7-F?ukqe{rdD7Qzbb!1*vLjEoJKz@5r~?qCgm!>WF~>d(W#$z? z#$)hA2y`K_8R8u zcR3`^P4A0(s_zqQn3qy1&;{fdu-!}X%-s>+L;=kqUs4Y}t3bAlHtN9d%+;V*za;@J ztKH_W*spJ6BX!q7SxM{lUk0Obu)m$tdaDMri4L4Y`iIgdaxH6M&D+{tQ4}slbT_;O*D|K|$XuHY{l{lJ;PCj> zxp6xcl9g2D=K7pPOcE1kV7d5P zzTY(o)XVF>O5+K2E<;X$T4vR){wf<{5}5>fBgAhJiY%cd(BQcp4MNuoy6v&UpxA&1c~AA0eOo;{4Cvgz#B>kE=iAQTZ>_jv!? zMxIZffVu4jw3R!8^5bfoYu!rUgDhjHF0>#Iw4=WMtm=Mfxll}X%IMcPGFOSXicu>u z^o3e2P3gy6%#XR4A9FE3=3@S8axuFEq2#B$;M%nOcd!5QmL{=XTFVs>b@zYm4odgG z>}>BnuK$~OE(w^yYq33v&@G_qdM>4SV+N+_Ef5{O5R{Tjp;#<`tu8pENbZ!th{DL9 zDs6lQ#T;vOm7zlBVB&~znH(u|9hF{T+8e$DMv$olU}|%ClQ}y+y`AC^fm>0<2+JAa zGK))0Nzjp1W<=`kx2X78ykb)+zqn{KpAx3>I6YI;T9;FVP+d+T=f{n_oFYIsBxXH1 zMYn1r79(>XlD%(r!B5F7R$ZhuM%yj6)dg=5)lon*D)+%t zthzK#Mj`f7b{!?0D=V_BjX{iKB-9xJ14fCA#b7gXjk=Qio~rHLGi4=5x8dA?3P6o8 z*D5a8(}sy1JeH~H**Cczbjp7i$6bnGFhgru0P5ub&i-Ce{_pNQ-v6_a=gAXr9C1p5 zL~0?emThcd(yur`Gy(^)jLwvHmrF_#vF(`>!lmw-^sG+iCw?*%$uv_~ z1<8`4bxaHaq8|8ZuHC||Z*!9TK(kC}oI+nL`(X&6N=YKys!7k$Oc4ybdMgn~*K@hC z@NDRM*TU2;AmSj20z}16d4-&o>mxxGVhrF}41MWH4|TtH02z-JAD}4ca?(XnAcQTB z0Lk%|?30KkRE?flXm(1>^rL8)=#D9ZA)gA` zWM}vxNrG;quC&9mIFx*-PHetOiJyO*@?ZK8U=lH*$lM>tV);MV-QFwS|F*loKX{b? zn|RWp7CKxvHE9jYCo59NlLvuA(6&Y3*)jMP&D-+3x`$V7q2&w9SU3c2AwA7`ixA`) z7*EyL7QJ97k2K}02_;E91V2mbM_5f|Lc=N&-=4p2Oy1k`*ZPnnzY^+fL-(iCHfU54 zYz%lOaE2OFUQr)R@C}Nbc0whreb;$UYBUrpfHh3&22jk@K^Z3i%NXSGJaYe@3r z5XjSGyGd=`CRL72$?X+OM(Jd`!egr&>@R97RqThn_hd_DX*S)Uf~uU2ckqpibL?xe zq;Ds8X*p_tE_cdaJB6itAiZ#_ME`=&c`spzrt_epMWPOPs|zmGECXHN_NAtPiM?OY zL~pr9#E`LDLW9~yoausvMySiys~TaTuha;;361=#7tb^46{nDx6q4W|42e>p*E-)a zk_uC;E$3Q0H`y|})-d0ec6Kj}`{CJJdGsVcFF6ZkB^1cqFJ{A(waqcv=3^dmMGu-)!LHz2Rnx1wfMMH14Jzevf&u)uRI7je`EI$EKk1f^(9)M zqCJ|33s>|+PE=?&QSDl9&&lQG0?M+E(&-$oZzM zVQI+0Yal2~_$wRHEKz)}jfeW`9_?P77H-te&$^?_%{4ay+52;yZC=+oIlVj@=B~al zw-_*_{YRnC6BsH_Nxk3KP3TDfes#`bfM zYpYqv#7|KQN0WA|_1(QpEi!l`MtF^B!aj zQQlUijFY9@x4e^1maovwY0P?46wbQR)lU5u)f0}xcI#QIbpvU7ns}ash=Cu$Z|@bE zpIYDPTaf-dLA(=U#yhu=`_p!(^<7)+x1Aqi5;))Mcwy(a?5@f``_lKdBMQahdq+j7 zwmYpmMJ|a|ju#iX*~NNpEVGzIqCp(;gw>K_e*wK7m>?akKoJb)X}^hXGM6YiJH&bG zUXzj){U~>uu1_$ISueW_v${xj^JHZi>)N`?GWKDTThyU~R>3^U7MXGUs{panUpY@*o zw|F6AAjIGQ{ImG;2GJ4w>u>+O?Y#f_YTgEWe2N*DIl{6$QMp+M5?eU zErzjBQVfMD^<75qj{wFoih`%3{B8-`%xZ-%-SVHZ76; z@|(M-FOm`Z7#~Lg`uMah5wxGZm(?ZLEK^$^=ZngcV?|ZH(0CVdi22jTfMoslv-cg) z?zF{tI=k>D?LB+x5Z`5InGTTsbs{qk%kGjRokW2ssJuMBtKf`uK;#JFvHJewkGZ8P z9b^IWN43imFGdu>YimqI{o-tpRW%o1(gcm4%BYMa3Ob-If&b}7-v2GOiX(&~^|9T_ zQ6R?u4xo^s9KgScwmBi{hzSK0#5zfs1E}C6BN{Fd;|F1wGWP*RYI7gtB!ryYB;j$w zMNir*y?2hH0MTDiIJ?wwQ-Zp-GihxHv{f)wZ-yg0gP}Kvv#|Y4a;BbMMffM^_Sdpm zSKv?t2~N_TqmvlRkJ+9^8$iy9oN{i$p4GsptE}XWU@|A#-`o}7dy*4P^-Mx2=}MV2)|^TQo#c2wr;G`N&MvyT~8&Daz`25wOpru5r-SVn(dJFBPPE^pCqGyfaH`03c@|5y5!>P=37 z?6pqY)P-T#HRJy{Nxs2JB4^1h0_bBbZ!!-#s6GA{Kkez2I-MUJiT=CvLRh-Ya(&6L1AqNr=WX3%c;XQhh8WHz!{-jT}t+4 zcv3e*#%Eq>qr_EAD8DiX0&5cH8qt+9`Pv^+d?+KKEuyiD(q^Nu6_ z4u+=I%YOgmvuCZ%2jhQ%r`G-}wrQ&veXXY^{&RbKs}TRW)$i{=+J86lRN8+nQ?G5% zozNtb`Bl4^^f;na#`E`7l2v7^Z8tOl-^&J^3TPo$@eTx4mxZ1ycylEQ4gZbHrbV zkfBVK&=$h)q&=r#A^gsQn!P+`5`!!`A|z~mcP9XRYK!IBWFkdTptMdI)vKZ}DfBs_ z;5YBR=wTsfytdX9?>b9C=r)2NW;(BdAydk%3`4cVbHGUA7*XIuhD@R#4N+7$N^TM3 zgKkVo;Q54vU7yTi7|q4ZSOyT%fX>cOU#$g@i=sCLKmpO=$pK_joom!|7gi}5W;h5! zR0mj4DE2vqKp8^p6Y3)Hb~?Y>w+XQ{Tf@|u>Y1^*;7snFC(%>$PAeB;=9K5hcUpYN zEa(kn$Z5>kQ>onYOkXilM85yO1qAO@ZjP8X=BmU}f5RbSLrbA|$(%a{<+}^SFF1Xt zGZM~V{F|zkoh!+wT@iTL9;SWbS(91=*GQDD7>~1}W~%4)cV$jTlqxmaGA@>l?xvJ$ zFJ!v9is&JDmA`W=hFoYU?M!{wJIpV=s(w39wf^VYd0eyEmAbO+Dxr!a8{nwX|N2|I zgM$9IGkDDZv6;up_%mz)V`NSJzpj%Jk`BdhR7wiv0hZ8kD3c`(d%fAbt2m;2&1PM} z6*CfHPJ|Tl*p2Un#E0SVMgK*=r}J90Oo9y`BMH%sB~Qzj?x;WLv;6#zNZ#g9kE3q> z54KA4f9o;->t>#X^Z#+4{^6hH=l_zEze)bD?Lz+Nt?k|Y$N9gJXYKPpO$exb(o_+{ zGsD&sot(XR)pEBB^Z_XYS+v!aeb*fG zz=54&Y~FeT>K>K2H@MRISumn3yRunckTgXUdEhNW0A{(?-k!gfX<-ly@?HB7y=rJR z2LrOrnvc?tIKuqO^tbg^rLNIDsGhFuSB31#R#N|Q`u6G#UJJW2A*$W|EK)!zI0Fh zF`wn;fAz`pA{=$|zrSCM|JdCf^dIN{CZ3{VW3FbCGf)ik5WML3U#Mus^uT-wUiSMh zAE)HE|J2U^O2@(GIO^vA-qubz{_Ao5-^f$m*qEdjN(5v&yjh#AWQUHl7)Bk>f|~3K zX5%!2ap8R$jFf*}3NBjwSw$)3%jnRf{L3ufsPH}uGRl9jB8v*(t#G3Jmo$2)&;vSR zDF4=ev&r$Vo&S~Ikj-(_>i>I1{eNqF?{WTbgKts?rR~4B!Yx8%uCHLV^Nfd-=DE8}!@~#iNQ$$f#KpB zFdQHs(hj(tVt*=6Xl9UOABN$)C6r`Qj)9L|oh+w|1LZv{paD+dc#M58Aqoj4$z+;K zHLvd^X9|7`sDKce@Giao9ei+Vv6h<|CO!3fXv~iCl1+xV2YzTxi4c6&?O?{Y*>YNT zVQ67r^qQ%7dwXl+6aa4Hu1_Mdf$1f2NMOKvTm8YyUVp1M*xmX#*xl-m;f(;}#nGg7 zjpnz625i{sg3Qd?>RR^;v}O>SRFa|?nn4^60g2iF$m4Dqfqs#`2CtJi2@?h`5uCNu zS7*C!Y#!Nr6ye|Qv$XtIYT;4~z+(A780_p7<3G0c`;Yg(Y~*=jA>q@}K95ZdXJ+!YPx77Rhx&+>gZ&!^7I-{+z3k_XnoYwHL`fKyNIXlzP$zNCQ3-=U6DM!t(AFzOAf!l9 zXmD6ShTymNP9)Y<6*)wKbVUHZ^;xc^`f3S%i-e8If;0r5?piHXMs$Ci5^^F|4Z#>O zB_HJgoXH;}B%w+%g7gwE*KL86qFah(@^iWBE1APu62#Dupf({IaN$Z6fhQew*S(_3 znZXoygNg|gE9x8wSm_@wXd0L)GqhdSono^qF|{3NMbD|+II^$QuiPacFtU(l#fRW{ zd_uU+4&s2!p`4eOQ+dZ}bvrnm3;~JX078=6ksZ~TBE+|l>UY8@>(fWH*ulG)o9Y;ZZAZ?-jR0WSbDr)`Y(33wsv;Kc>74`BiM%=ooW4}+XZr;YxEIL#6~cQ zdn%s>fOe%6U6FB$no}83i7m=S*25VK;5KItuf!b|bEGn@%Lxft9p3eFMJ1Z07-QfK zycdEa^nl4#LXV+76H!{2)M!V@T&Ab5!IQ%dphFl~rzk0KZwzsmP?UATFXT48oP3H> zB1F0W20tMt)l+>3*zqJH6m`G|`B41L<$ZiTeud0pX_#KH`xU1Al##?;IzPBAb6ZI*K3>qHA0 zNYG6ZPK#}mFl0I$Pd{ZhETSFl6KewcU`7X(EFXu@;w2;wvzaHDRU9+zI+oHcZ_BCD zxfO@feD#eY&WvmJw|(##9cYv6v5aS-mSm5t6Blc~jiaIZ%+y$MDn@5nB-SJv;VV}f zy6%Ktr6TK49d;vqdI)Bzn2gjl9U7$M&qqTBm7^LN+50z&fU60?D&S+j<<#J)|5_B9 z#nomkA+U|wp&Lc+7Z!&l1g{z9F{#ILRYg?L!K`q_xyM*n@d54TtY0mtPZH5)8TOQ& zJTWFRrl*Oj4slK6mw>=ES3^nG+l#AWe!}Y*f64S7-_%VCUqPnT~5#KUu!d`vpTf45np*M5%Oe<^CB${e&3vFis7xAj-F=)W02x0Z;s{T8G0$`#OGX8Q+2%( ziw6xw)`$7KKV!@NK@?T3T3~Sy4Z_JR)t3laP|EE$UP&2GAo%R`IfllXLZJMpmDI=zZ^6wts)UuR0_SI(#h#S9@ZyD^ zDIgAT(Y#a@URrmBR>wp?f^v=W-J)OD8*FndMc0hF4>`aGj6tqkh@pe@Ks>3DuO9!cC8_t0wW*nIncwDPkNjPc%cq^cD0u;vD}D8 zIBQwqT4?DG1~L1nx?^0t<>IwhgG6BL1b%7Zb@@E_dBFKk+3VwmpNV%ZhG8y?=0TI} zKeu;F@jo`#*VdQuU!UZe=7^DBIZJk6Ta2bH68K~wx=E@v48G0@cC+qWYI2Iic6Mc%9=VE zSDi&1biguP)!lJ1W+d-6B!X@e@4vKaVpaYg^gAgD>1sdW!c&pn)o=Y_6o_|AS*I)9 zCb-_FTk%~%@%pHjngA4F6$TEq2u6W)VM!XD$2PV~9ZrVkf> z*XAU~Tu{~+cd5lq6-?xY#XA&3vybFG$gF;>ooukKw{M1H*LT}z${UU;Qm1|hi54v)`t8A)pS zowf1S(ez1!ZUQd)~ui5HwxdSljxcSSY0* z!TYqm_9J*Py#)`GXoDvU>pGr1Z-Lu5IN6)HFzPg~xZ=SJ$&kakkjgW$RSG%Fp5HJ7lz+IUL;XGlKk*2CogCQ#BAJQ*CWir_B)eu3CiCoh|TgVNK8Wl`bI) z^DHmx#xv7cqvKYitvLbeWh&ObcG(M8F}&+o z24EnW%YD5mOk(TE+CJrMtBR+g5m+1EzlZO@Gh7UQ|NU>05My2K^tVIzZ_s8|XnUDcU<-}q(b=zN@kx+)X=54osftp&?D$($heAriyk}K&gvU%%+PnJu!BKO zu?mVizB_^JRUb9MR&sGUk?3$xn#f9G1)!gpfHg%JR#>e{8krib8TM&e%b^_1I@Y2_ z+O#=8TNyj9)35ImT5t5?)u#Rj_Trra*%~8+=`mK*=KvV)ZdT%Z+{x6*P%EG>TMSi* zxaoni0`K(&>_MCq%Jo9n1HDJ6qvyvlvm56fzd+<)AH0UZAuVD{Q`l zslmyI3HMBerM?2*kI*9(_TV2R64)zlDr7HomBW*Be|=Hd=nY&!)>mX=_zN8#X92nQ zuIZ44tJ*r6M7Lz9JZD;jv)~|!xkw3%1>ZZ^Z~k-t_4$z^TsnNmNr%enM{&UVU7AWJ zwJJq*`-LVfLF15yznEG|)ZHJ5ZpAq56-Q~}j%J9|J`|3-_i5a$t3KeVaon0yJ`dJm za+VAGajVe+Wz3Z8*QP9KM0|sU2TI;JuwuZg$MRgrH+R=6P>8N-o@qN(Z6s;;Nj*9; zJB|SzX=##(>$1} z?C4WJrMM_~aq>Oo$5FgvFl3L76^i45Bqg#5I7!5DT>7esE zPx8!u|BI$IjUKwi|lDof|Z5@J(_mtC_Z;68t5FzkJf>ow&tL9xP?QrRA zpXR~SycSWjNEgk$@sTjhEr3Y+ST=iMWX=77=)NKS>{`GCd(eRhOtDpXW{01zX|^21 zJ`eF=H+Pr>1GM=wZCZgMF6B#3MNJKNz-g+ukd2RTUc>Z|`h@e_Bn?ZD%xeo0kwZi| zCmkwb;t{V6?)SX;J$I|Y=Ll7Q&RV&H*3K4`W--T^rj#CUKX3K2rgOWfgAf@cc?lj%j&HWvg;g z)Cf~(R%r`S4-yT&0)b%4dKDp8P!ur3;H!~VhqXVr9JSA%YsUW$MDlN*#QAEtgO7tm zVDH4RPs>&}W!PVuH9yJofc?L8Nl`BcOgjIqZI=E2b~m<`_8(93OmqIrLJyBQ{*7>~ zDOY^8k@wVxy>FW@R&gN_@r>PRPng0LS#2Qf;-;^iWhPg>ro%$jZ`6)$`ONn$i2s{# zfOGNx(ft3ro9oN--;+Gk@c%-v@A4i{hzwZ>{E?HzJR3v3wfo5CkO7(|N~Qm2*f@+H zkLM}Z9Or$V2@g9tNQ{rt>3$_W4cV zeyM$T5&VCA^pA=0KQ?#P*30ofHg=ct|C2nWkhobgP;<3`8O{!7w)WA<9}7?lS@ULt zq!RDV7JTH}=I~?9oyLUDHoezrsI0YVT=kee4VF{eXu9V-kDs$J+k;w47%@T^le4gB zdr+1B&(`0MGdLKNn9#B_uod`nI6T%Da-DEnaSuS_o1$Bg8q$NG_s=dae?2-oKYn{s zuo*yaE$zjo^6G2iF4-R#NT+9S|KEQuPv4$hRDt>Yyk@RIiXdv|wjXAS?3L-_u_wzKb!4-N5nfdFBVzG2O~X9Vz55be z&F$T4v|b;d{Bm?wIs7F9mlZgp7=}Ku(&Sq$Zusk)jnov;BUNy#Y}B`Z`7lDT(3oYy z$5pc?cB67)SKx4ffhWvZbeQN4TA1-)12+F}G*BGojrFx3e^^)XDHw-1xzzz6NHoks z`L6;On0zp0aYv<7)*1M8mb~^r3^3E29_lfpx_|iQ_+)-wVvP?8dn}%oXN;|926k)x z$MwpA9eu}XFi4p|5ruvdHvc72l-!=09DGMSAQ2*CvWMp-1JWlg7BRufj-n(CM?FVR zjxN;jRem|!|IK=z7YwXGtRd$s($}b4ONJI*9lANfOIq6+qx|J*$U?C8e*$E}JwlEPw)QqSp7uf_{DUw z0Lt{vMER-c;TT?Nagl|KR*RLa@~%p`s%jeNW_|LgilHZpOD>BcP&7TR2`zxxR+9ga zUQ{q>U*E867qV;Au`o3n9?tR?;bdRm;j6{s2JgD7;Cg}l_qNL-s-iu8aL)#D%;L@m z_iqp;z#~fgur7bc)HNAj*2?*RcQ@8{ zminKkcqZw8W_R?~nulXeFe7Rk((m)!O5iXfoHVe3HH}R`O8XHD2yenV zS_s$?=`a@E>w;JH+;~2+>-LzMU&3ko0RsgK_xY~Syw`brLqQV9(D*{fLgs^1h4DrI zJ{ExK19Yh1#u1f<7#_IKf@=yrR%_6#2F@B9vbB+;E=Hg)@ ztcuHv5nwpD5`xz!qPsUbbS6u~NX=_HoLupm4xO*(4D?ri7I6NX7$khc`EP4|y>$ND z++5pO#{YVf#|q!{V#**8FUuz2lLEd^5$t`QfDsddyiXh8{aZh3jvOuKGU>-{u4Kxu z@7Mz3wbP_GpQ(N0VTS(tsx0DkVwZHvk?A_41&4ayvPO*|yCrbIU9Q=1pVt(6UQmGC zc4?L}EJvMjc&@5EcPsMm+xZ8oa}Uhy#HYoYJYB&=2QyvNb``UOeVG|b(g|#&KzJ`F z6xLJvvJ&M&^R_N^B+0@e6D(9GSC}QSLMf@j7fh%ycQS=XNu*GlM4>)`!c55%>Juka zB~7SLm@p<;!h}Q#g(L|z2@(p)5o!`66p|uTCqx)YhEQp(U?oAQPJl2W`N6lG_+a_q zvjF+u@RV8ypb7H-+V0j)+5cy2cXKKKKgBaf|1&Po+n-8Vvk3XXTsX_!T@Qsfnm?(Z zCL#%vs0kMbr}~{BX@`nayJ%5q^T1GQ-dM&w^ZNI@H0mk&WLg@VwEnku%kjT9cD9!B zAD`q|fm0#`O=C33QuC^gDXjsELMcb~NpMX%l>3fWB=JEX$sBl>MiF$Pq@{#37I#)5 zr4bSAhN7r!y(e+#tUydVDy8C!eoEWylROkj;q<$gKD>>iAtW)@lqf-;rVz21`i_5i zet9mElsYSLko0;<48I%a@*dd}dz%XGi;oZ;t$4IDH$F{D0TB%l^OX zyF1JE|0K^!^``86_deVE*Zehq=l2)Jmx=W{KJPLbg}CXqNZ6qbUD(629*f&a+CwrY z(cifkMs%+o5#jNV1Cr90@ZJ0Ue!tMb`h*7Z^4P}u#5Nq~XBzbYNf`}Km6?)cX!0Oj z)obH4Ym&Z`fkCU;scGbV; zzrrv4%ejM!yc2hjV9ryxgR9RjYFgdqXE#^2x=r`EeUgaNlyVvich$|5$jx{VMe=W> z3wE1s-ls;UTJ}VeMBH6<1?jj=cimt2e{k>buiy@lF8dl6kpRYbZ(vSl3dBYjNd~WN zN;XxcgvL4K_}4Iz^n-I7+Y=T?+DZ6;uSOvQXSXD@i2XUZEYlta*eBM}66(eE&3rj~s2x*(e6ztfl$b9siA~^0>wxA7Q;0_|j5%&Av3$RHT>Oq#^ zw7CaYmOvz>FyJ&C1${P#Kr+zD4NX%Ps^L&=WQ2wA8Q0(sNDM7%Duhy69iq*Tq$0~~ z#5eo{rQ44KGW1!3$muc2ZGJSH8^I1st8f;N$Tuo&xRq7AVIjOryzO>-_s6a6b@yI^ z(l>e%hlurIFWm=y+fDz;Mc3G>y+`)Xv1z;Om7&^PL%sRX)CB|I}- zl@M{-svu^ya+nx1<%^K4^4zGVTco&xKLDQpSS*Q6OGYUTS&Fij7OLdpReV=cYPP&f zoqZf4EI7fd{*m>`yRw(>P-MgrZ^jpA?y+AvH87)yObX)ltJl7AYsFc@F~wIXGf@Vu7A$0554HzZ=A z*6gBO>S|Dsq)>wXs9npoz|}*aslC+%Ti{J^8HXqdh?2^DIBr8k+d_G}zb zlsxAJz)v!*Sgz2?oMV{Y_DrOj0t#B3&$-H~ZEv=k+xE!0D`9c0kiI3cFl*K>v5H?~ zYS;+!6kr0{Eak$7leZT~O#>w8CJCp-wn-Q=b;*>wW-E%yta?NOnA9hqLUVp6ahS0e zA|O>B)T2XJWoJ`GEZOJrQ)=8j%IFkoi3B+7#PbqEHdo_%gJG#FJ5q<$1ITk4j8wGi zDvacpC%~j=KUT*OAZhDe0^Mx1#G6Y`)Waq?OJW)p1~VjrEUX`T*~wmf9omZJv*>4b z{SPH!kNUmP?|c|L#6967zW%K0UO81wbhRGiHH(dzMpZGr17p6Ib9L`(O0TTI znc1I>YT+a?0-@5qB-DB`;7`mV9*1`9TEt3gQ8;+1CjXndTfHE*Q0T04Nuin z;U{ZoJw3L^YCIfA|A2Oy^z;!0eWg%uFB?T|M`nN8PNFEemBVO!svPI)>Iw}BoUSZt j=3v52ldQGela|l&Sw72W{^$P!00960<39&D0BQpOLTObP diff --git a/assets/stackstate/stackstate-k8s-agent-1.0.51.tgz b/assets/stackstate/stackstate-k8s-agent-1.0.51.tgz deleted file mode 100644 index 9603d52bcbcfdc57574ec240d7a297ebcc38b218..0000000000000000000000000000000000000000 GIT binary patch literal 0 HcmV?d00001 literal 31901 zcmV*KKxMxliwG0|00000|0w_~VMtOiV@ORlOnEsqVl!4SWK%V1T2nbTPgYhoO;>Dc zVQyr3R8em|NM&qo0PMYef7`gxDEj=n`V_dz_HL3&l;qb$x7+7<9e3Af6Whmj($l-m zaUc?sP*VgK0PU!W?`OY1ypbRYij*uX$=2+zS(yZ82Ebr27|aY9hyFF=kfZMP3)Y1b z6!G5S6jJWZ;Vk^Gbv*rkzrVM$Bmdj)_ly4>Z13;?*I;MAzt!(=?e(|*t3TKsZ14XU z=&uEP&66+=>3{X_jjPzWZ{&edL^$M_L~Pgsz=s@$Wa9ad^ALHM^n64)9%B>?K@2I6 z5Oo#{FpEPt??!NjhTuYQ)rH_Ha3DC!S>-wzq3#W$43lUGe)#K;18?xs>v#JRlhP~bd^Jy~jd@}3FqVF){ zuxIs`>MQIE_@)wtx1Oq)FhqS4aRIpiV~WCAS2u138Anur9fhdplp-OS5RctVTGwcP zOK2cFd`2SCT{xPwx`2!rqBn4aL(J!`t~IEw8N?BXI6_obLowCL{)|Z}sU;J4h|3l(muLVbq{O@n?Y?tK!VE0k}Z{jHm#KzLjNDd(s zJZny3;*fE8f*2nHHicWedqaf$ouI$96};R>C--{%Ch+@5R>M%dK&+z4y|8 zvA5&HotM5Jp#EUA-QVl)`aas~`!Dy#tqF<{RU)&!)!*9g_Fr_jb}t7z!=0DI-F;N2b0%8&{Pr?*+hTzj(1pNY@D2NX>(<8&?%6#)*x zZ||K54=vc;F8En~4(A|1V;rFzYJoFO!VpIj1)t?GS&(G&T2JIMaC(C%#Q_q~)89e^ z6(0c^%imHR^jdcLA!xT-Prx_{!-Zf>fdZ&vJqfP$1aL?vh+oVZM>7HIQvMB2FSKTi z83<4ulDQn_r!ip+k3s~LFdKppN6E)$EgQ@bwB_4&s|7>J!Lm;b`@&Fnw`T@O;+>+x zunA5|7*cFvUJgO~_XN&8Oxi5~rjQ0G!qLQroxb!?Bv>*K;142zqX7GIPbRwNc8d5E zDcwJ190qQ27=jT3NVHF^g|Zt`kN|Q(lZfLPk{C6HAsEAup;jv*0g~GXx$84v&s7aW zWLn58mhk+9aWcCg{x#xfkWU5a$KyPafXUAw7T*Jc7>Ec5Gsyj^EEu3MOhUD@IXpk^ zo_4^YsT%-7!7EXpb^uG_IGh6r6jmFq>hvNtl4lyW;TOXA870261(<;lCXqiC{Y%LV zKoEz}M`Bbc0=-yN#0< zx+37J=0YN3N;vUJcpR}9`En;-BBWeq31UoTF#@KxlM;*QyTSArm_VMS|`E7tB;>73T94`Pb|cP7Wara0EllCHj!ub^xLN z6fsUACsc@%DV|I{aB9B|(G3a#3<4(B{wuNObYwa8PFu9DQehxV2x;lSJIo<0Q7R`O z=ysK?9b*S$tM?wUR?7nrV#dX!R(c3Cf=Tc%pHhUtHJUTWKa-|Z4^JhR46`%+tOfD{| zz*A(;V64=$bj|+leX$c_iis3TA!O`Ctoz+AIMXkIFWyR_WX%$-_LXWXmB3oJ*svw> zL$jiZ$6CuPmjdR=D(NzB_P2tzpCCgHRm~LfQponUINMJ-jbh7C!=Ydq@Jg?eMM^lF zWF&An8G`mpI3A4lw#V&d&?Lo#_S<&u`8A(>3XjJrW}B$#a85eh91#0Mq8r05>Xbq#eufJVur18_7Z9dHY2 z)B%W6LOZ~xm}4J?9VsBlcx=ddBGewCnK8sWqH97hg8sD>;ZvI*K)hV0#s6aD>IO`wE3{et~=v1#)};!STMHCP$?q80@Y>SBxkoflX2FO+78S z;;T}@5?=`W{8$xV*3(j~F$9BEs1dtJl5o3I@~`SC$(J93-BfzQ053b8@|CLRQ@-39 zCR73Ok~1o;y|yV;pl78yRY}#oCRKs5#iqCN@gD=O5^6Ku~Au{A^<~t%Tf0q^_C^So*{k$d-K$hkvg(%QKCQps&SmR`>Vcd+6VV&& zBXh{}YcfJKLL4z*zT~#~Enwa|Ecfbz$LFzvC;m&u4wyr57$%G(dVJOauL%r(f+382 zL_6Sw1n7)VB_ISOt867k%b`ylCuM&c>UB|NF|+*tvUAlk*wCWvLU!;uj3$Vg&N@EZ z0f)!0&H)TVa;xl!6hVKQYg3T~5B!bLdR>bz8b)H+;F36i99?h_cpi%G=2;m5s<6sg1 z$QYi;r9)6<*HFj6d5D~Zh-Qp+nf|#LtX0ir6^7%n(5GcT9+=+@agL)&6-ZOZP^no3 z`aVgFPUqlZ{e6iU0(6yvc`uM-%8;^9JEu{rsAbAM)^WrUy@4S!H0DHGzDOnkO9$uX z+%#SL@@JM34!{}^z!6|d1=eS!rr;24_nXlXsUs@Zn3A+YJuRkaLu!nc-G~xXxP}T{ zOj6MDm4vm<#=|gw256V?vd`XiD%+24P^4TzoI3>#KywpPg)Kl5PZ656acDxq8^kI0 zo6<1TrK^e1@Rp?FQfRvJst!@$@rMI@}!BpK|M4(-xcITNVQ@YiwEmzgBx_6^X zP^1eU%6Zl8%2hmsbdu7-w1Y%p;FR0C;Z0TjkWeI#9+^IS48$fDj}ndoKq3$z=?#Md za7*a5PzW`>HW9@moyILuYu5q0gcFwejp-GQ6Vr8y4O8V)Zc@Y!B%zV=9<#jit$nB1 zy>KvvOgTIep&JPXXPhQJPiVTLKY0RdO03ra{KcRh{B@YA%G#|YCPByYd+Nw#uLBVG zJsSo9f06J7h`(?+8T?hiP-A4i0IbN&*jdpe8>=hnBKg+35N&BhTYq&nW$Uj)SFLSb zYdfoz75h7+(t}FbQzd1ygxL;7oWh7@q9Y&?0;9QOMszZ$VrfSo;VceiTbSj`+|zE% zV1#@!Lri|Z%D!Le@9AdK9zlC!Ek-Gu_d;EW{Q5VEM)oDy6GX3GWhXYOxK{Jtu}fYC`-;TG)`1Rlf%fsY6c_8kA?@8yIJca$5Z!G@vMm z32ruqN2aU?j>jOY2`Mr)0x<<5d#2u!=m#!Dh|-~m*@yrLF7(z<3_1}y$rN(69~6oy zPxU8_=N_$$Q=U>h)TFf;9~RiK1Z<6j`60x!Rj50Z6+Q4umR4SCh#}>>91#ve#O+}* zqflxkF#h>`iso`?)r6B%wW0?U)%WNImU;Bov|GFCo3UWVbAM&jsfD2l_SD3b5|CBD z4-M(U+K7m(bV^0`>K0&pK@5DYp_!iIEQ=;AgZHi&yrf};tQ zrpg9n9GkL+hP3j1RtQR>f00q6^?{P;f09wQI_RqRz}^tEjrE=wjgIzvLO5*3gsQ^- zk`=tdiIW1O>1jELar+7@Gf|~(B%Oy<8Bgq%Cxl|fB8MtwVg}<_x&aH7-rADOI)Ea` zNCfgKz51k~%{_3K!PQp&Avg#T<*Wk^e2#B0$B1>np$v6k9dOF0h%z(wY3)?`GZvM_ ztum#oaWeKm8M9%23w@O)k@Ai%+iE(N-7i&EiU5b;Wxti_F>heJn6|W-H-jHvK@KnQ zzvY3?8~72=k{N)~QCe_?KZO+f(l%nu$pPdL#FWH{^0_?3%rq)P914V@Uf7Xj&6^_s zIy)6G6jYch|9~Fmg%h}3gUumROsF(LD!!C`sn5|=28GnzADhEA@nZ;f`~BTTa8)ST zSySj)amD=UpBhtH7A$4>6LKbR)+@%d&9BP#x6v#28Y!u&$@+p*XEkK$b)Vn1^047b$iM!#J2`_(<+a+g?R7j zSnBkADjZ`j&-`2c>e4QJ+qdAKeyH`nUR z+Gut@fY)ln`MGBQ)Fv}jZ(I+h0@>|?lVmnRRB^1@(xxZwg>y>1_4Zon?pFd4O{;X5 zaA`Pe@R-PxR_!lQCZXV9Q}(RMg8ehs8rI0E=84O#=84O(Mv0o7VLI<7SQ@jXy#bXg z+)h6W->HMCyx8h}{!(wZ7n#3b(bumM*HSKhstx-MnvmA4ZbT7y+Kk=7mS{$qSJvh1 zlmog>f2SPa`@1|56Q{2i?x93deCz4({);pz%CUL@(!?kNnepKzk%Yhm1hI3lE2k0I zA(>=8O;14j=fbVZ^$QtcEuDh1Ew^jCVnb}IKcqG4m4@7ID8sbwtx!zKj6)n&AX;kA zv*qo3g9<TZ|)*6L&$&59Hptd{# z>&mO(L|z#E2hT$Djpc!{JEuAmOu5t_%u=5>MO&?XU`uq)0$oCTPXlxb-p1_D7Ul;r zKUczkSnG2o+D#dsD+zcQ+jAwlhc!J{qJ1FCvyE?|;aMvrS|4d@ch0SJ&9;qBL@QdI zE%Xm$bgstmz&7V<#2Yg?SCjBS7Uyb&4{UI*M*L9r<{UtcZV9N~q8;gz?oC?iJYXUA$PxZ_rR)uw@eX+Jyx z1t?0bw+si!hg68hkMmYJE%JhyiW*<6n^+tEY@p98I2q=g-g1 zPv0HCIs*SVeR~cL&W^#aNB;o79GxFMe=h&LMsvL*6FX$%6=so@x&bNhGI~|bNyGN` z-6`sej5(+vwiNv>7i_%ljw#C{k8E?;q?2M{piCsgbhXR{vM<@*wD`Bur`v{Z)QewEPBD1q-&cn*qei1s^+DkYk-bUJqq%oSA&4JtLNEo5~2 zeeQb&k@A}?UVK|7wNv~aL(UP6M3MjV8|?nO-+lT1ss8cLe|G=*Pw)M6^ZwcQ?OgS{ zJhXNy&KnSt2h?)?zAFq`(?Mw2|GjfD;>rxBtgX%2N0(ob2lBnE0uAhrYt9|I?t)=) z&{79gwJ?n^aDK1H04y#%TZ~K=^`2LL%aHw6@g2DNFMHm*$dmO@l*|@GR$&>=2AUFS zz{a9dI+SBk5f$W7*$C(RJICAdyW*R>CKEM3<67eXcaK+qRX$GrkE2-}LXKGPD(A=F zEys&Dxg@Mk{~PQN^7`M_&hDW9sQ+!^`Shu4Zj5TzjddGz@9tWn#`ogmIbvY=Bk^* z)VJcAQvlh!Mi8v1E4A?h{X*J6VEB;r)eLux)st2~uzhki396#tt<9ELFoV8RLW zp;aL!L4X-e>9^cp|m|-A(K5WJI^b0 zk}~{WL3YKh^f#YAEl*1>nbl{&$v@yM1fKzp0uj2HKxK0UY^Z z5+K{?m(2v_)OD`&>bHRh?(TY)h+O7IvAetBGBr7zfV;c4eNU@#5Nj_3$8tzh;E=hW z*Np7N<;B&(+40q{NB_{HAuX$aqhyv1k6Pq^Me}nsw)2E55VieiE_GF1Xw|<)(s_?{ zVT`-iXkMZ$JA{%yUmsmw{c?J7SxxB}qcA8?Dc`A!K?P+A^QMGxokiPVvoHw^CkJni zR>u+}UyjWQ)EBVYZE}Ghg7)`M9V9&KTBBWYey0XD!*THQ(aGi2yQA}qB--Yf4GkQ)SFexW9hIkh17Vpuw0=&rke6#& zg({ih>!9M~=<@HU=f7TEo*x_@pZvUpWUYvDS%B;8{Pgnl@bvZ7@yW%R8muMoEx3Yt zG0wxIi;ITRciFp27a%@7J-IwMJ~=v9^Y-faH@YkcutFwd4UzVAcb!Z%BO=)EW-(RD72Yjz?j<60iYOVz? zQ2*(Z1e9qU8POWFV|`tUo=HeXF!azzPT^5>9LA7dij`OebSY{>LoWtJtOC0bn33|=3d~j!IwYaE0*^M$Zgqi2_vg0; z5k~i6xP{R}_vE;`K%slF+~Q!MGS7*jPS3bCER|^T#b9f%l?hpSEn}ATQtQ)0aCvy< zsx5X~R_y{`6{`!9ZZV%WYoX;DP>LTCko19)2R?&HpD7Kt9Bo&pdv8dhv*q4bKQSws z`s!26WC2N+4187wzx(MXVt`MhFuOM>*QAt$D&)NzNP9GidOpQO{^N;)ZqO+-LtIb? zG%aZTY=GceDWy)hAs+SY@0CEJF{=b%zExHZM8jxJ^HiY*?NJ3I#G^7v8K7QPpav4T zK{SN(t;+UkfVpy&FvVUez_bJ`HOSU*!-SF~E;q~=XnSMUQ)Q|dwrZN?av7vER;if{ zD_BfB#*?o3*j2OLH5p?yz2s?4qzsi>z>f-rK1+WD=p)eXwL$x;eRp?NthIQ8T7NV? z8)NxoC+36<-{25Ua^b%;i4NFXhUgIVRX`h2-0Z^`j&LZQIE@wn19gOU@cMOIJ6{^w z&k5mw!y#gG#?j1#JW1L^rdwJ|l~pNg@Z*{OH~Ta{|Ighey_6q7&H4X!e^B)Q+}huL zjQ`ol<39h-jdk7+Ab*9s*rnHOZk(6Rs{{4YVf;M+)gH?)zVyDq>3qd~^mlh{(G8gl zeNg9uhiygCMPezhgT;5|t263!XX4mh?DhAyAN>;^{S#JU-+&Sgw^73p2i819o zt`QgiVMpl&(eikr{%xPA*B|xd2K@2F=Z|;d!{)3jk4VC9fJVurgn-RiPZj881)hLk zpbG3LR0ohrT!2L39E>P}*DT9ctiwN;xuo7lDm+97D{IgjIvcv@=}Qb5yA4XU5%+u6 zr^mya$HSX@9o`g!;~&p%{^Osz^PedSW3hJgcdc(4PA)`QsoBKHf9AE0$ABt}r~;yuE2b0L$#*!*lqu7ELI$8DUQ^qwpEFgy zTVB`9$FzG*naTo<`d_R=X@VHpmf?@hhuESs?G^B1d4`cr zCe@P%acnx%2}=*M0#&MFnGP(qtPEuaBRD}pcQnt_bfHsmy9XwB^`;87OJ;WRkH+k! zs&mq4f@I4f0OQi(ynvL;f1&J+g+UQ zm{JVQyE~uMDgQMhSeYG^*)*Uu`fK zU1PO2mX<*7JD^IsoFkr4l_K0+GNt@+8p@Y~4^P(>^Pvp9w&Ap3`pp4xoNB@_EIK@8 zh*Gtt2z+s^N@e97MFFBh>r|F%K7~9}$sjPBL$CFg$s4_DS6d#35|l?J=r(u?0_=0p zmT%kHDH-Hbj}wnik$RIaa<=c(?2@nY)HA07%6|RKUAt_6sc%=Dgke`NpSE(plv%%PL2-_LIv-TJUGPfU zK*6z`9VwIQONCG5C2~kK8FI1HQAxRlPMaDL>M6{e#S~bUv55R6{+8F@xj03Z7<8(? zZ9Q9&j~rxW6X<*Ez1ZkT`m(QP%!fY~#^0pV(=V%Kgg!KKmh)2YJVQY@WktE8KV~2f zA&vl~6wbv~T`@cB0H4fa$nhvd>c|F)%_inzr>gcIOzrtIw$3&6N3nAjJd=C-bXf_I z7XbDE>0i&D<)*FSQrBPZo~rDk%`{1F^AZXfO^#3j{k_KP{?wKw zVM+$bufb0v!ogECi}^fAnamb>J4Jko z)D=hBelMSMS09>~TW~S6F5vXQ@fa}D0aOX?A2?0W4{Bx7uOh;yLM%U3w|Zix4i27q z^+MT^>p4T+2H!WAqcxCL*cs)92&+T&1-XbF^-~6cQ2?Hz-zA7_(vFQbnSP3u?uoc> zUofid<+4K1%f|3ZZ6|}aTy5NmKiz8SavDLlby~iU8=vyII=H6tqTYoGCs$ul7w458 z7z?$BV#pC7Oj)(cY_6zYqHTQvUbt z{?6n1&nBJ)+jq+y9LD&aF=Wya^yRf&gyMfgl@a)bvULtx*EkA>KwBQqNr-+@jMADR z4g<)cSYWf2v*aIcv0KYzMsBdfH1=dKOE|n^BvIL#Dl}jcp@ejxba_R{%6;0EGGc!^1tuyY!~PMUjK3aZ{%5C|ATSNGF30T znt8R^-9%m4xC~&i%1qD9RnE#s6>@+2T2rDOHXDPiD!jHQ! zd~y!`&ilHR*J%JQtTDzmJMT>vn%pjmIZ&TtkT;n)nNPF_prmW6Yhtef{LBBrVxw#CB{o#99_ z)z1|A=q#T@ZfmFSir)cQ*n~Bjw)xj`ugXQutSb*hsi&$lK9q}Q*GS~Zs!Hro22e`j zU@=6~o|p3>e;0^(3U`8-Cx17Hc^>+X5W8_X7LX*FycBs3C}*cok0U%wJyk(k>bY;I zmU^67EAn(#XOpO*-<4Uy`cjo&qTFlMXxEWzB9G6NaUzGXb`lk${PN(7QSD7YR|Tk- zJF0xYMZT}Bg!bjii&98blGz}UgnAa8+Z57C)RDG0sYHp?`qUD22ulejEF8;E+;vUe z`s5Q?&zEFWO(Ke_@ot!oqKu<1DMb#Um72mq?V_tJs_4$`$s1g0QAWG)x{5sYx@YVw zE6VW7H&x_;WcO8+>$-2P$k$&u)gM+0El!rP1euGnQY-|HN{Oab3TzS@0 zc!hlH>REbY?u;7Ga5!Sx%~KiMZXQ>RyLlY3?kU`bG4FOmi%!@}w8jA}FXk7TKnvMR zGRkvVOl(jKvYAwpP|j^)9y_H%(3S3ub~**~6q89*xK*{D0EW2q-_|KNRJsJ&M`;}F zEdmijDgamw>l|%$pFPsT6ig4g(F&4Z^`pK zS65eLuW)qtqAV6EudbBMqTES^iCL+`#!bPQ zIjadTR`{5H=_B5S&obx#F$n_9Xc7xn7$w03HFE^0^Zy*|>=*q%cL$H>{~LLlo&TpX z@3trN!P&8P3SizZkb!nAkBNFWgWeelUZtG!ljM|k(T^Z4oy%h6EHOeH4(#J&<$K`3 z@=drHnS<3C{P;G4HxP%SqlaMd$8tINW@O-h^0SQm*J>J6YFcw2uv-7mt=)qB-`?4N z%>T5JXLz@pm>POVZE*bS=6^nWNEQIJj0b4V z{NLW++bYigt-;pg{NKbQ<8j5bI7e(j1Z5cNtn=9nI=4+=s|N_V<;IeyIU5iVIrjpZ zgeVuhqi@@k5j;5~U>Bep6mh0PhDm_bub2ethZZ5s$_$`K!%Jl&vqO&6o0?l@>qqa6 z4lmY_)0V31XDSh-#HB8g76|jEt}cp#nBa(~Rnr%BHDkeJjH8IF&AT5$JWIj2zb*^2 z5?n1LrsKqQef?)$EyFIqCxpYaa{g^8Jd4aIU1BN#i7Bx`k!lhjGkG{9kOXMTBl?_NK0{Wd~XRS&* zIek?-wuR=)0k+<)HbN*0vfXux3r7=*7(*5Pj6QM{$!&LAz0jAD;Ao-+twRc>Fju3^ z<|Chy=wD=H@rL}%N$W^}t7VE5q7fzf@47*;>$u7<(@-IuBeSNxJ%4RlppRz%t^3*} z^lO*F7g{fiGfpU+psH~xHb@B?$T{?<7M}}HrB9WO&6;a9IBRl#{a;o8TP6U!ZvVHx zU$+14_8;}XO*{`2+5NTaZ)=V8UaGP82>o8NQ=9Cqmz@8r1pwE~|E>O>BmQsuasF@O zSx>}n!S{O8)7emHWru+=zEV3cnQLYUK1-lD!u(3H@ld}|#&GLgQty{^^=ij>=f3Lb z#$LANDW-UHo)$rs2rb6pw71C6Kw(Ce=p(wPNlbD2LGGDdLm_%1t-%Pfs z;gV2;%<2eptC`*YOyOCoBQx{Dg61!=?UfmX^{zJ`njpTaY(iH$b<&kjD9ZI=F8(bq z6w8^H@-cyXz?F+=iDXv}-<1aGvA)G%^v7r8&r<9EiU|N};{SKIwuh3^yTV(1IheE+ti0*mp?ub46vghvkBP+Y@{~^Kq4YelMz&fz^*M3L239GWFjb+T{aa#8Ny>O0z=XtD;L2- z$7Zj&Aq(TO|1o?xq`N(oyA$VvH9Br7sa3E{zD;!M3s~=(GLB z;9nnKTppd=7w#I;0enr_08U@OK03_hgm`mwd47E8?4+gaO2+Y_wlxkKE|1?FoxXKO z_Af=lrHT?Zxdwm|)RpK7eqjUO5imysAvUP=!lRC>;)T zMrebfdEjgSHTJ=``ACScHwR}|Zw~(V)vJTcgNx(;w=OG4bG(aE z2|VUG_*U~AJVp{fSR`@Y81;385{G2Ma;S1_|$d7c;a(%U0) zP}6YQ>SMr-lAE57ElY6j6wk@e&Y0hOAB1hDYt%`bPbg~EF;z!%%{#^^=$E=}#;&;R zQQZA{^{bB~-&6p$-Ompmfo&t(NC>u#aC0%(mBQZm9rR4vzfuH)RkN+bHuMC4#dZejsMc~f2o@v)l(b) zGbs804YnWef85Bk!o>X#4E*^fB7RmH|E1=?IVW3E1*qNs4NCX_ZS6nif7!^hD6`9o ze!pK$P8a7^EX~4O@S4juQY!88r%yPl@O(7WKom5Tl#}shhslkAS!d4- z=lBNmd8M5v%j#t%^GZ{EIdah4rq&*roaKwg)~+=Fm$U)Z+JE*3#q+=Z)}#G*BhSOm z|AnTauSpE7H6P5PhTX#$w79>TC|C|jv&8&gE%{4>{Ga`ulKrQ@|Cs-2BhRw)f8`u8 zUv6?6+G0v(9O6*&uSx77mTZ(du1z_QuR@vh@k*J2UiM$~^~VW~{rty%OMdc0j4Y?x zE=Z`#p2FkM6;74VP{mdXB74^_*nh(qUtOd5kKcc?Linr{G9Njj5e%=25z3+goL%Xq z`6?>L#5M@!(Izj3bG~I`93lm+$7gXb{hs-1DtlEfuM7Ze9{E@5x~?G@^p#5)^C^sx zE}3Si`xhB$dSeoFE&nsyRW!)gQZNI z`$6xy5Oz6#{}@up2_1soI(z%xU1M5rb;>JBVgSPsP&9)$!qG&F)DE~sARr(j++5a0 zn2W6fO5$9!!32FA8akhP&!0V}{P~Y~n(KdQp5Arqe|uYdCHv1{@Ob{ek!M-`uaF~1 z^29~sdv})Jv20jXG>3%u^Uch)(p~zC9{8i@ z2Fm*O9*Kb#Ww&wk==xII6sWJxYf~&(PHF?`q!3@(HJLp>#xM%HD7yKv5Nef`5gV@` zWhk9dYj3?R;14P!=;jGn_MPs@I-3BC;+!p6oG^ZE!nxbY}UX=d0E=I z#4PRH_G0C5;tB!&r2~f-gbq7{hYKYt;|^U@UQdq&NbD)IJf<5+Lp)OEf=me2wF!@U zs!Ff2juUsK(zSB(vqm7AWCNr#?2+_>2eFgEEQ^FJ@=B0>x zx;5tUdZ-H-zR9dzIyBT`y+?z@13b<5|Eu2q*u?*%bpPXE=h6RTBhSj`KP%n-__go< z7fAhwat8atQmtnGi#s&P zd9C&=G5;UR|Es^dU-tjneT@Ix$Wze&#dufdGFyuu*q0LoinekJw}ox~qhF=eeEvV& z`Twrt{Qq(N-^{bVv;C!4tPM~9^_=bJTInwR#m@FKLG~YbwqKOu4|uj;;(bsjyf}Jn>y;OpIqlj#PJMye!@7JT@e2o$+OA~VApwm8K;Sn?*rTDJ*tFHF_VSd zEn7rLdW?FltdIrx`L~S#MPpU~lD%mJKp*IewK9bBtpYIhweWEvT$)4%W`uZDq)vUZ zztmDGAo^6S!4wlubbWDHas$#7q8a|c`ssw8er=9~%~?-2GwcOuluQaB*_?IN=dS&^ z5#6c-U4*JHjfreFDP(<0{PJWFi&lVX6WXP74rJ^$D8jH`*7oR__52AXNn9Ku`I6Nw zUzO?E8)mk4IxjTb5P`g;_|n_H^l85TXTHBe?$7^faR2}I{#IfC-{0Haf876X;;Ec0 zVz_M|fG{MtLZy6#={q?s&cbAZBds_-0k@E;pJ~bCv%>{n^UCNGa3DTN0RYa9Ux6{9 zARrULnJfT=;t7sGfVfISnt{o5*Bl6$&-ww5IJ~wkl(Qvi$>7ik&RoeZ_~H2vswfKV9NRsW>v z<2x#ELt;}r=K4@3Kx3GM{2(a6j*>8JjhQ-u(4?Fv(E&S%=3+NLkI@jkNf?(eTN8ac z`rG@|xg+PSdPpM1DU`>W4`d87`vOh-;){Ds4B#tDVn@RZ?aeM1DmVQcMiVhsZyA!& zgdbS!U-1usp%6#OM_C+j0-!JUXQD{!iC$-cT4=$aZJnLmK3WuA-X}Kc-3#`_>UpqC$spBlCkJZ zInXSL<4^`i!Z6EZTOd&oBRNv{f8GgZST&lZ4+WO6r>a!6)oho&+5>ts49uy!wNvP3 zYj8`&_ufXgkOl{5$LjQ5-&@hLl?k1i#ixjWty!49+_S{`zgqIo2KhgC_KN3!gWcW7 z`~NrctResB*KYVI=Y*lT$fyI-6QvOt_T8X!^pHyOu7lW-m_2eL1_kEU@{}15*y}MoZ|K57^|J=y4KHu(de;N2gC;F^-YUY2s;p~QFGQrWLs}$*_ zw7@$3uir2Ef9yZz|Juw`u>Xkhz7XU6S`D`+*Hd#&ydW4v?yl~gD7e67c|lU*#dSy! zrKp|8@b?6znZm@jH>JM~V|Zp zgPd0AE?z>mF)l9TaWwy zjXd)HFKtFP=`kEP-sjS17}@bXC$TJ>zM#6qLBgkRp!_KPitg@Omg8+&tOLIHDH6gM z!;n>>Jxjvy&?=_Aatr8Q5kHv;v2Jj7vvODBB}2TTM%&2yc8(s;yavr78NpnDWL{g4 zpy(pR7@QyhGp0D=W6=H+8~%y4-QY8V+@Dh{soZZ)xFDyUrz)+itP^QP(ANCYww*g% zV_(82-alO`QH$WQXB9*n_iX#_{-sFCnzRssYr!n8{Hf=g6@_9Aa|ae>Ex@zR_TV?6m66Iefe zs-XWf;N*WY5;=8GrEKRn>qXd)s^~_a8vXCSs-Jx7_W#?v1^eG%U%YzM|2FVE=yrZ{ zhCs(QzWLVN$|$y$-FX$fl{V;B6CByR#VT=0u2Ga>PH#9$__WK#x4M+z8IWdetH3~E z6dZ){6rLnAu)Wo!ae6;+jl@L7Vh-s?g=x{XY$b|YF-yrF@YrTh2(0T$QG?51>;Au?J z7=J{8I+Xdpo_XLj3g>`CvZf#j#E60rN62e=uP&}GIH9QZ1RRptj6~qw;ROgVWi4-l zc~AbU$ZvV0f771)*Swfcdg34RC%cJy8K4pLuaj6_dB9rFJ$4(no_iyB-FoivS=@U5 z|FxcgcaUO|FmU|ph_$?!l7Atew>%sm*i+>w`B%%kVLk~^uNC5mBYJhCEm8Y z8`EV6^jaaA5RctVzNlDo&j0hHgI8~kyjidw9E<1w?)J`pQUBZ7*?;u^-N^FyLbW8a=8chkgek#6n zr}9%5>u=A%XVCZh-X8dDlNtb}!n9h)5g;@`R7h8rNH0>MBhP`B1%L~QD*LYk<|F~n zpU)D;pFamNB{w)wZmDAuhU8WV;~PjZ9LdB+t>@rFNu~Tycxzw#Qv8T<(Y>%)f+a=B@VQA>O8pRI0}A>L)2isC<%`s0TmfB4IsB-AM6fBj)m9lOP8 zO{4CLmy4?>G)!w*tentL*2`Y?oRjXuhYy;GM6*#8*nGsr0KkwDK&{Vw3b|w(hB$yK zd9j?Zu5nED{0|;D9s?{vMuZzy3py!?TO5X9gunzvh(eA633N`94j3g|4w6;SpGrL* zL4OK3o*@7uki-)T10+zyh>i)Jp}G^Y;og^PX*(ABU0JkIw12970 z2pg38y97fvYa_g5_~$cF`_0RFEX3t2Wx&Oy(qjeY%qkF`pRX97hus zUJ{c4K*sPSk|ygizP&9}2{BH!A>-`?LXsFuaheU>ThMD5?+%U)7{ld*=& z%owY6f+7U2(VT$~a#87k4`P?_K}Jt}2q1?aIx?359?wMua}602!>`_BUv4ZIxSe8u zsxLVrf^(k6gsTI$aQ+Nv3WGHDJ5>3*Q2^2e5vA5GF;X;%BH1WCr!^daBPqJ%T~a8V zg8;=LnWI2*N)cZvH-ByrkH;s3pHak6#N{BGS({E9&DH_{h$VzFvy?70$l<7wBNFXT zkf9RJ3}6*X4kvkBFX4DF+S?v4Yzv2zGQbeupa?N`M#%`(k5a;r;J{oh1+NbD7~(LY z=yFOCo02e)W=6^0+aHuz%YXlnYR3kSSWHKbIh)5LBngJ$D-^=HPGgaw8th73jxwvF zi|u?FB}BQetD?}#t)u4#5=rs#>k>G~d3l-IEn5+H4GZ?uAy zGj`BjHK186be1YlSJjeF&7L8uE^Joz^U=1E>l(=ZQ$5- zSYHkEX#hY&NZ%JUQOQjuzja-oDn zE|hXArDRYZKW0+T<@XnS9;5cKeNN;?|E)Zp{5PcGcDsh2~RFO8+H!8Z>9{vNdrE@XC(ML|99fcxBM*{_8N@iKw za=DWdW0z2|@#e%f+h)3TQ|ffVL($_dPWc<5AcS<1GN0I&A*!a+uc@OCQ1~@epuimx zisTGpdIJ}Ty*VBwVvj~55FlwbKmibH529>I+Lu%%%N*$XmZ*-0X~exh{Po5=pC$J z?T(D6>Hx%jPgVxtFA}1t`xg!;gTIQ(iUZ6SfE7iV+n1t3Hb_^}Me;4mVc60bw*H!@ zTD-T*ZR>K|q5%Uu{KMQ6@OMbXCVi+j0TS&jVO$+c%9otNh>Z!IDM1mC2!YYuG5#I! zM9y~f5zgXJQfPZq^vvnU2>E1&nEZZ~eZSJ*>v>0Y($S6fr(1z}k*d24!z!d^g06&h zm3gAjo~NsQYMN<8Lk3K&)@df{27;o5my+mTWV8xaN}~TsMl0Y<6DqHOHBHXD3f^=+ zuYx$MygcUga*XBi9+|50=pq9oR1jSw5Ih;#Lgbc2KX4((6vq;C=Ldi$#8tdJlUnx_ za-~>B6M*^BO~cWI%Dw;cO*=MKm+#QkSavmbO+EQmz?i!Gt$;Tca+7fsag_+h4$C{z647$=A|;jSjLpTeTJZ|G~g+Y08^%# zXUa)|jLg{+jxr@rYSx7v%E8%jV`@lDLLxV}E2v4_)UMH!9LIBM@~ignQ+ozKzJeTH z;D4j`FiOJkuG3bEpZF>^P7^{g5`W#@b#h00owgxD7ES3mjyR$>Fl-NB_V29ozcOK7 zN{VOEku%OjIFvRY_z};N8G!QiOoUKJCwP7!3@T+JbDy7V)2Ir0VsluL?FNWQlB*Nxd#q2G&;lI z5FCVva@GL{>c%mQSO*+Rw+Yq(r+g}Uql)@J(qXHkd1ef~G9zXa{-vDo>3hLAG*Jhz zjtSKPnItIVy^mqQF;ySz5VwqE`BU7~SAWUV+%oR_9_QK+*L|K_4SUT8y48pt=0vv| z-};Vpt8uLPOt%`*8V_}INR~a-b-6&4j&*Ge>o{w*;jMVs>ZUt8ZM9LX{}^-u^mU(u zE;<%+j3*LNbOMhp*8P&IjEK+LRqy}KFK z47QuNM=gNpT3QD$b52OE+V^#hS_sogQ{G`KtN&n&V|tpIEsPn~^{iDHyu$sK`L&kj z7FlH}eH+0Wh(jR&+QUJ=f7hv5k`)HW%4`l^bIZdrD`>^)>A2$UKBCbAw|oRjTDcU3 zVqK=Rd<;rRZact!3kU^MJehjn)PAe><1h%MpuQ3v){*7Zy8yE|g!8LZX2}vo@|uUY zR9_JF?b}jL`L=p1gYr3%$G*zg_BHqcz)bH?SS-JoInirE1B%6 zBQpqua{%>)dN$k=pH*H+mZMiJlYZMhruiF7QFP;)SwVn>41!^W!e|75QvS0psloP8 zibO5S2M_qErQn_h;|1{7Y(8#`X}!ke#%LeJwA>i`+6>K&F|OC_+!*cpjL?fvx=hmg zs8nbbI<+;pL3AXh+q?sAV2IUrMJ|le=Sg3?(E;-M$c{YS?toiJqYgln650Vi#T@%E zl$lom8IQpeA<%`yW{7vd7>1$DeImU|(|~R=26;+rn^Y6Ov)JW+Q2#Z8hCOU8q=^sj;$hEA2HE(NoMNzmI zky9e}my|7y1Y-sL4FqEyE~k9ldf{%vl=HYgG`&!1Y3B;3H$?{Tej)Oi$!bxUyoK%l z*6a+}iq`Cm=FFOH165b&9Y-wIZlWvqiGc-h2CRVYtBIE_5vC2!c~hQcxNZ+W-F4bk zcNw;azqJQ_PyVm>qWwNK{OW_{?+NMb6pa@ki$7OC)L6lbo4yl;|>Q#wf$mX^WX-IO_g&wBQQ$v8#Ej?Nu| zv}7lTza!^gdb;1}qPF{;UZ~-9oMBkFuW>Be5F&p0`r;j;csy?qJUu4~xP{7tMSzgr z%b_R}GO;SFU~1Qde7H#M49R*9W-@qR+rdoDeP)gxHQ5SN{{emOC>Jv!s?0595`JzO zmevE~qAX(>BPDCC?c#R7bRcA`=Bd7@}gmY!g}e|~m;`tJDE5%|aH+jDSmb_{+!`Um*s==|vUbNS~rn(K2GF-c6E zf#u?F`F__VP%p3hDvc-9xePf0YME8H`m1b+Nn{e_jS#;@D6)i-jQe)Gp;x3VT-*o0 zzWwRw{N(8J=mH$RetU6wbPi4q-W-|kII)f=Es<@oXVLwNI+M0f&nqKg@`(%=6LfKT zaQN%R<-z3?;rl_DF5oYo*$H<_DX1(2j+JysVfN3jceeSLm(4g?1m{~FJ;Au=4!(zZxI_DvfHJ^dce}sJUi}OEw6T)ZlJ+A(cPfh;!t-Y;&G5`Di z-sAmm8+kr`0_L_C&{pmU%8#pUu5~MY53-D*y3m3=(2n~0v#R@{$#NTjTxAxw?K6CLQqOBg<`S%wYuPtBDqrn zBMKvbsa%r7(u2IfT_*lP3G+Q^md9v1a3tY zBP?fx%PcN2B|%44nGvbC-=gAY@rq5Q{Nkd`d`g(gQd&DpR8!1H48UM^yHC@(dA z4t{e7;!5J|M3OteT8zwnNcO(f1wSRTSap%s7;U%MRu{ZMR7U~L zsN4rnvFg$|8HLzS*>#j~uB^ziHU=?{kx*v@3>YOc7K6>mHR?+4d#bi~&ym8vo+nSh zal|PJ5~+o>TDGx;Nx$L%(Fh#GGCEV*T`nm}#I|Qj2$#;sQ2-jVH7YQ#>fMI7g}fP5{;rMjC{4tlYs2B9GTAq z6B7~5VseWpOCht4It|f#qnWZA%}{{lYGpMGGnODGua%6EyjxOk4dv3IdPnQb#fy*t zOgQNVnE6BqGNGDNu|LBU<$OAD1ZFr&xLD*MV|a!`$n6Xk9U0=#0cplT(X%?4pZLj8 zB-2b`6(mcF)-f>zha9c| zUC-sl!n2|4T?K2@R`Ae0%=7F?ny#U+Y7T{7R^^4c(tk z+n`ZJurc7Bz!_>xc}0CN!8a&!+6k4g_Fd;asnJlZ0M;<68$dBr2W6Z9EMt(z^V}I# zzRqf02E#D*7feI4avheQA{wu{W9dDY-pFrt+=!46!N}2bf7jPhNq-!v*b~>`WFeNi zts%*eLm*F&?IyK#n^ZYACAU{B8Ksl$3XiRBu)nCSRIwlO-jgkrrP*|Y3aWB8-oZC6 z&atn>lD?hXrRAvox!fsx?G%>of%L+y68#H8=e>j>n$ClY7Ku9GtuDA!vkY{7+n1UG zCiZ?o6TRgc5ktmq2@Pr+ai$9v8lf&*uWE#WzEUIXCN%P|UOdmFSDZp(Qb>Y>FeFNW zUh90zNGeRVww!D2++@q>TEl!>+S$D@?uTb@<hAM73+ZJtvo!3ne{5@7Vg!m2VWxU+i>53+1z4L*A^8EQ;;#P47;wS zA?KU2hNU3~uYsT};je5&vqbT^HXiD$d$fCTTDVa=KkJSzH`m+%!HU0sPZP)fV&wn{$yr&l! z`Q|De$t&^An~-I2)SUkgcD4)Wzgt_|JG+nPznges=wHi}6NvFv3(sWE?x(Hq+7wOD z$GF}4uB~Pv6F)^M98KD-)^|4p(7t}bJWP5p#yvWMe(z==zO*NpPZQ%lNfGy_RI(Hv z&wG$DM0s14GESCq-||j6S-wIyr!nhIQ8?>LS3C7vR8Ke#+pTA<)(xcTY2tYjA_jg0 zzr9yverkQEZ$bL=1o2LY8SmUe?oZpD)^}~O-*$e8N#K01`UL*jwlq1 z?;RDT+U~UO6uBf;IbK}kW*6(ZvCLu;i3V}V6IM%#{RQ-TV1jhC0!1*Gr~M|n$y}o7 z>=5UzdreAK^rPHqx<0`;X1(k#%<3Z9&6Aa7tZVBk%h=bgxeB3=97Rm1JH7N$M_0L# z_|-EPhgO$xf7N_JNr+x$3){Jzbl^vzW}o*aVf>KHVjQBUAO6qNr~iHS7pcbm^`EzY ze%5>T-{OUgfe?TH^UvbX8$?I!ufP5Cw)6ha&pteBwPbw0;5&U2F!l6=tr-z z-x)1cIt`eY?+_h$nci90{viooEZw8)9J0uEs zimldgJK8z>C!{kGNyYe?pjV|B9scOzxpOg2Si0 zqwQAYVAO z5vjtav>3)hNih_r)OQ)ZKLQxXC<>mYuR3zLKS|Ouyb9*sGg<$xrT@8WeRtPteMb@d z*|bFV%Wv+UzDP#sV|*M1=;PD2M9_ZrURIY}vrKJyoG&U%juln)LgQV;A?8mT1CsUI z&)#=HyVDlq>FmOrwD;_#LwuK=Wja9i*NMzHEW1mNbP@%kpz`wgu7Wet0g)qw$Ljl! zKjxOIbdUweAJr~PyckggudOi=^^3DXR@Gd5NfR`FDx)%zDCmH;1pcQRdH=WADvl6} z)W>!wM}ZjsJAgulasdA(+UA6)BPJA35bGpi4xoaQjA*z-j30zy%G?JOsm*gO^xip&0z`j7;p|e!O$qAS&ZM;+&{n}zy%~=142Iqu&cgOH$(ee372%(t z+h5COU4cUpBsfWTj!t4MKW2LxZ2&nZa>}_0dsYLZuCkIhg2|j{e{)xS?@3NH)iVj9 zq(cGyVj!O9S#v5Kbdux!oH8cZ%DFV?^&k(WBPYQ#!93sfdV4s>iJT?32%wL#yvaNatyz$cqe^B%(Tv=nKn1s1U6Mt2 zE8kGXBM&-B-YgHzY`%BF^z-%GsBhDpStmu1bQ?#rl$*wM><@%oH4k zXad7`MrlfSl5MpK6%C2?_OETWp`ab05OLJL%ed6H_`zaQ7df`Vo7Z|QAfBcDG*e{8?$X61V!22hbwxXSDrI)F7or3QDET<0J9D1P)0B3}9 zbt&1G;Yr;L8J~HjjS^Qeq5R4m2&_q%YeZMd>}S%YjC@b@FZ-?kKAj^+zb8=c(nMuFa&6lrX{{RhvI0~G;D~Q;J$=#dzj#(v@G`wa z&O46yI~bZ;FZ=zM&z`k5AB_J6o?82_*ru&w^tGOv_|NU_twQ|gR=>ahX#d^FQ)&OT zOue>2cS4g$=2z`v(&LCy8PDHSNmiAuw%yPKd@mbtDxigc{RuMcD|x%w?WI)4&LCwf zk}?y$@=`%QMVP8+L>3bj3CZWN&gp%VC3chvSQ09adb13zt?!nU-uAks7fc~Ivka2u z&JlkdLWVL`LR$#GllGi~h44EIYWDJ&Ner^&h>)=L-JJmNsV$aglZg~Xfzmoq2y^!hZDx!zrRsPPg7;>SZv@`Wx?=Zjgs`~9b)%u@n=W)$uSL({PtAr|!Y=EOi z|Lbq<4hs6;&fqcs$7UWYSIkI+IT2FGV>iAR5+8=c7yTFgp3ZC0G6^<(j3h)imOL$Ax}*M}&+_v>B6*ub zJ&wBhKiDeG|ED%+GU*G<8bS3W@xO#JR zd47C&admNY{_gnj=<4L)%~4)O{nGPtQ_phpKO(Da0qggFTSfg(6n~We8+g8j{h#u? z`_eu2$9$HX|J5hYi*VG<|Nee4{$qD{(0`o&n|O+fjk%gl&OkBDL-3;Cf1#ok(*yG% zc-im2e4LWs{!=^uD;)=$|}n2pm6#)bE3FjD??DY$6yXBDNCFQY?`@-MS^qr&?v$SD88iYzLCx5A0?U()EI zLJ#POq5NC>%_hgccK%m-LpH}ztN-s6_5ZEyy~p{#kw*;gFLHE`_2B*;ji!WLi-~-j z{RDuA>Exb~01ZLgTvcS^tj*uqmfVLwB~cKfq1dk@%DX=7P7y^}0ijEnZ{nZa*K0IS zzh0xc`uL@L?2q--&VSqcU_~6Y^S@u1|AYPg$N9gRCmVk;YgMN2As7=fg0z)d=G2T< zhCoJUxr=I)a3I$x(%v7^_PxG0Xywwb{P0V9A(%X?Q0lVD zMD5}iz;J+kNIT$miv6iPp_xIBeHe!GmQa#KIR-vv#LV`Djl9sxbL1?E>a#u8%TQCG&Kg;*wJfAu*f1iiCM@rvn;(
Z>L6EfO{+3(^pLx@)ym8PWZ5O2~;= zH3VbClzfx}a3+6@kc2A52+~WuT(<>Mif$>E$=z=bPO1fF!z zUH6JAX9iQ;4Jsx~tf+G!V5NV!plM*H%+PjOcZ$uf#ME}66+NeNz=+L93O4O0(9;4mROU29_G* zbV9U176LWYeWcPR8k0~FY$^Mqz@rlarl`{*#{49|%Vg&!QKHH(SdAr@f6#?P7bs%b zk*OFBHy=lsi^}4^ho;fe(*{R^nYE5fQGlt`YK{7;Q~DRW%WI`j-ApdNEX(NCe4c~$ z;Jn_&kxA!R#{U3JZ$ZBY<3BO`6=Mw*fONpK1f&{ic06i8b(Kt}wF*E=qg(jC9${7m zbWKAoub;<$SEEUXyS)(odPmxgW9jjJ>A%?B+S=I_ZWqXXuF*$0 z5gWlI?x}nl0NRyObVbG~YEETDCAKIRSr2C{fZLooyb^a<%#q5pE+-^pb$Hjy6_sd~ zVvK<|@LmXx&;uq{2|b4TOhjp6QllLqbD5sL22Tzv~5Nqw)XG-nVzRZ7YfY&rdO> z)04+BDZkz7u6Nh9y|>;bj*p$RzkAXi8xkQ2HAN@{Xh%2p@3Zg003bn%dRUg7q!s^2 zWD*z*fWcsZdD#@`N~TSi64=>W6TQd0pX#B+?G2TVfTzCe+Riru{!1aXS6bLcja%yoj ze=Q2l@@lh|5ZK1pp&Lc+7nVd71g{w8F&U5Ls*b2&f?45;^N+Ev<^#sf*}Pg%pA@3a zD(o3Md16guY)^BWnS8z3R_!1#0hmAl575ZVV%ou^=W=M{=H&^kQyNnu=yOp5{OHr1 zcPpQ7&5i2`Q-4GEZg&{U8EWj2sSvwqfa^gpp3tbY_%VCUqPl7Jk^0vq}}FOBJbb6AaiwDJO52?%_(`$HuUX6(lzs}VPq+u^5$4Rfu)y{PJGTq zHB;AXv3Sr>a3s3c&qBP$^;C!5De9LczuO3(W+kfHg8l}P;|t^R}HhyZTDSyFLcDMFt0O_15FZs zZ*z2Nndv>JqwW%-^-Cuo?SlCTQrG=)!|MyuYUG02H|Onn<~LUYNA zOgW}b&Qu)WL>t``FjMj2}(S#4+lc>*xq7!p2 zbm_x~Ka4qvH5XJhCS7U?TLlxjVeu}-(Cj05Px7=UHtPx2tfE(sg0SbzYGXw!rrCQn zMg{{>-=O1hUf)Cb<1zP*#qfW9pD@lRV4D5^_DKAPo$bw~{r{6Z599v@mq!YCLk17v z@$RkhlD&T|LcN_!O9VKmq3GH8eJkHJS}bX_i0FC7nCmx+))(4muftOyAZXkP1nX9{ z^*RROZxn9O@=d#fXsfKN9|Rl}MbB9`VM*8I;a`OwzoFMOU9~oVS(?&B#zSM$rVvOt z@Jw1$f)@XTc1kog-V|+;Xu~A}&y{dbQ&6JJa~DDDw#YG z%7s$;5rR+KYd=De&>ILai8chPu&EQM^A`AxgOk0f3uBz-6<0h25g7_tR~$6Qs-4R5 zSSv0y0c}JW&9F?lyi!}FV0aGr&+@ryv_*=6J1Zll`;RbLQUEyEHyEm)&WQYum4kzQ zEj9?6G7>wDs|rq6P4Oc2G+b|9&`(HAvcqCpk0J!3M>e*1?7}zb6q9Sq*cv7p%8{{{{dnwNl;dRnZp>za1cB6^iJel&S@yz)9iZaF6&;%Q z#n`I%Q92CLEZJ+vj3!P64oVb(+q_pqbs2&V1YX@hR7|yvO`S1A+`DWML3g$wxPdh@ z+n1(_oyY(zBzw7UHicG#c z%qeXO?tveUFJ8wRSKz%+{fwy8{(*|w7ZNq}C~hYt799En-3*z~(QnaXC*N5^i;W%n zE|qRDs2Ns4dB^vskiG7sA=p|jt|k&44k{B_ORNC&6O*u}3Bw7iRZAl?gSEpxD{DDa zgE@}1=#jQ<&d*jRj_d5}yMopmvv`fE|AD)BXFzt05yI>k>*@0VEO)mn@dNH;`ebMn z&=)O+Dn#7$KwE+L2NL!m;iYo@2=>725&G!)@xs|;_UsE?iDBlWjENqNF3?(N52C~~ zSVW0I;sEyGq4<2S2m;nx-P_x|0k0p&bD`MWeWySvx~hFX~3$7mfhN0X(O1 z?(k_JOjUODX^>J}6rw!&f%fAl-!WLS$Hq#<@j#Li)dZYyd7MkTaRKU8!TDu^Etp45S;H{O-LEftaCWr+?x^%St;QuSN~3R{ z{Zp`r9(6jXGlUbK6r-MVvom_l=uI7>h~!tO+neQC$o=o1yk+I+x;x-0`oGPc?aiwG zZ*y&#|K&-Z```bfDOKU$HUtbFg)O)|K1jmg1C!=J0=ctL8Sj)}*)Y z-d7Xk;_i?OfM5Sr@?2NO8}nWn8yZr(znyIp73l7+a-HmONim>pg}!Ad&02}ioxJ%b z(3!S*r*5&+htR51s2-h*BkMOzwi_4ri$Tf~3C}{CX*T?c2zp9n5Bz#foc|I+xHYFg zk@aokcHE(mM~zL)$pXz`X15wHS@$Z86PBnW66_SiWrKfv#g_YU-BLd6R(Ca@SU$ah z{5<{!UAWhFcXz$K={!_lwQIRIMTwc&N5_qr0llgj`HMbHyL6O;qiu7;k*8+~8gX~m zoTY{&-O7;Uw#rtLp9PE)HKKG-(bVxq(cy@6y~tSv=&LqP_4!JN#S|q%>i3D-xjukz zKR3$Pt5(I2lBp!AwEaJ!*C=_nNc)O+I&g|`41zc)SCcIlmB+tM&!Ts z-DUjeCwcz5@*fi90>wWI@9UTT>J170mcm~#Y4c9pVkZxlvfonn%bT7}_AAryQuO;8 zML$4^jzn*hc$gbW3eVi| z^JAK=2C*+fJh;sr@^*$cf3{60P{f6LDX1J%!_NdwH5YR63GHi`9nydZal_N70?EF1 zAQ3f0R0z_g3ML-$I^cgVn%@h*9(;jN{pY-uTWIZU(WHG3#1%Sz87nvR1pQc41mDn$ z?*@ygoBNUW)cYw>H^zh#QMC4Q4Dtril5y<4P%64Mv4LFTuKawa0}87u!qySRm6#gS z>XfQh)uI?9Orcq&D?~j=H24Yxf*I@8gj_*Uzz##GM_M1&{uFA|K7SrF{dBX&@53Z z!@t7DVfA>TNV)catyVjrn8;18o_(fBp0;m#)@QDUA^x=kVj^%?*D*vM>Id;K2xDV9 zKO*Q*T(|u%weK#1|4)woF*W|j=FZxBHU7uO?o$4LlBW_9H%|s?uQo8l*}=W7eN6Jl z5|mQby!%1YiTCaoeB|5a@Dt6QCWOwmy*Fv7oV96P^_V*ij#Jxcy5}N~pSLjEgRzt_ zVuUauXJOg)pf3HNtG}OQa4;b;p<`#@D)7~C1Z*JHIuWko9)Kp-Ww#(bqz6CmpS`>I z_2}&U`0Yu_W&pjlj2D~Et8a+AVt-&Eou0k@fB(8TeS7w<4$SB8)kMG*6ZVwUyjadhreRrvI1um!_c>#H2F@88{zt9Beg}$NR`|w8{^x* zco-o#XxwMQCslJMcB6J;SKu(iz!P>Xx=i-67H0f6fbIVq4HSn(V}0$%AJ%nz3ML@o zHzoiCiHCV8|5XqYlMkjW>FRXKCIg?zlGn*(hMDHfP)``u{lhoMC-d_XXM9N1XUVKQ zV`4o!uv_atuGbFi=sQ8%S;{1eDD;zb`7eoMesgMb@EwUZi4hr_J-jH{CIix9F_Wz7 zC`zJe)N}OY=$#(E+AnAOzd7&o9Dvbiv({kjjC1)vET-B!cVu;?S+Xxqc%q8c08wAx z3z{}f^pAX8l!$Yh@(znD4(IyX@k}QdG#SkE0^=;|R`O(kr9fDACsfqlqCiZ-i8M<} zwC7sSmA}D6!6W#j!3QyKUzrdvv&$|E7F%W$S!NPf<`q>YiYbpTfBZcpkHe#%-v9Hl z`iaKzi|JwslA2p3B1zbA`2I-7Asj5T~%^b-89b4`qWVsLr;{KTpmN9Yqaaw&|L-88Dxd1M`gcPZ<3G3~B7@zsq4DK7n=9aLmj&2*GnUlNMWWKcQ;2LzO|Wml4yP5`~L;#e~K`fV{|}M^#9u% zYt{U}yBljeOa0GNJk#_)_jmL*nulXUFe7RkG8l-$O5iXjp1+jxW^M4zl78F0|p8f?(LJWoIb z*?=cteCUb@jw#h?`zv8L&&=yegwA4?&%jj8h^QbW=yFp zqw1O@J+zH_7x~Bcf3Iv|)9yg(i{H=ly&lFmxA$?EMLZoRrI+St!9)uc_joGXmPHxX zRw+EzQ+~1JIT0_K&f~xje#6XEes*_`2>>MRj*NAHx6pf~FuL}O0cOTG=&+dX)r?sAn&sVc>mUqnj=Sx zxlH)5P2|6k7&u41ic$lHTxhjhVo!TXna%8s77{Ot@Z&_oEA-f}Rz-^(~ z@Sl$<^t_}1x#`h7Wmtha6YyMDdG6Qb-*@v5)aM?!w-cWcYl?IQQyt7qQP)+>4fbVc zh^JH7NQv-XPAP1r^kpr|rRH5->PV7>MJ8CNPp)vE#0r(93STgx!raLe9wm{&*dz+$ z6DZs(dBXU_33W*m#wSdekSt+JqJ&bCgfR&cO34w%Bt|GDMW|1RFp>^?yf>56T zVM_9YZ#nV7^1){T^1tONV;z8|$p34*TRT<%pRL`^rTqUC&jkI?q(E(q11wjjQQT{KkU)CujP|jX>8j1 z-`=gp|JvBuTE>5Tl4k`@iIg-=&>&0Ct3IZ*G8RWljvSEo73oqDdPb2XvH_Agh#rk& z=*GOIg*29QS0SY_k?fkHsO-EaN#w0SLc2Pp;)_8_JM5D>6e;2KyO$xnP2wT&1Zygk zU_eudSwcfEJUqWRmprB33LNl$pC|C^!8t@M6<*k7vVs3<^u4h4@3evc+84cUL;Yj_ z6xT_k0MsJwt84%r7E|H93dPO9dlk0GmG>%?{ek!D|9dO&D@hs81RNh82~Qo1)N1fT z7E#jB8q7ha1tk7&b-St4nAp#@8Q!`fyI&qSRx9xq>d>hZbv`ae6`KYVi(_M_R` znCAbxwq5oAUEkeVuKy=_R_Zrp@4FBA-oF;Eg*$(|u)a*J-wj2N(Ky0Qw?(2ZZJ5FV zmJL|a;b|YqoW%bn7D9U3S>r>nCyq{^@2P9=Q zJk@4OilM24a9yvh)2vPUPBO_=3vCj|L!%uR@F_@j4*Gyaz!Kx-1u`X_4r_Zl>%Huy zJnQN+cRS96q$why&RYgLs?62*;sOsYXRwCXubVbe@FggYOl9bKuU`Gk`*c9MwE5~4 z{6~%R875-=l?h2|7x#a9-pUHRAJ?|DR-{2OG`h>-B3-8kyZoOLwf*=6>pZ$UF z&vRtqbvDT2Ou#!z`fv;X!3W~MoxZer|3Bdt;1*le0;p>67mP^sZa7fQ8f#8aLjoMw{ZE{M@_5W{OlLXR=?>VcTTuGO{t)X^jG~{ ziQG)GI97jKU9jKui#|1S)p8&?kA=VLOVah5{(86`{@~x;UBWFOT@DN`k^{zfZ(vSl z3dBViNd~WNDmGP>gvL>I;aR#XQ8--7Uzm?FVPNO)jYz5qrZ1q z(hap#bHm~oVyaf9{+B4Eh+6U_X!!?9w;wYy3>in{%or3lKZebXV27o3IEzQ*8?`pv+N#~M5YZ#ScBixZ zqm)K0MOn)TRci5S zzN;uTU*46@J`NFE z?F-9W>03{vf#vX;nocczR>v9lJ&4JSHvt@(;(U;1n&MmLiK zxS~T-->7k$pMAWaR4+AwyfGq=F$vL|Jj!7$3g)teMtCuW0}Esf&D5(a%Y>qb2nBF{ z1ER;XIKnZvL#!(Q7yLv83L26tSp$xZCbmV}MExz%gqjH;&`KHYK%ZlXa3!52Ovzg8 z-})?v6o^Mn1zeb#txUR#SV*`GVLujp6$VBRj4?nYM|`x>*S1{I_O>WwNlL|lCxTrY zN}Lj`uQVn(37U_tkd>391*os*@DuC6kY^Z6eMD(5c}2-T3tAWqu!LHfGAnpqsp6B6 zU4?5Bv&d+6Q7-ijDBvknpg(HY3N3K`(C2DzJ;4rm+gm0e=53;-vJj3t5Yvv-UaU5| zn6O)9sx>9gMG5eeOe>Zvb+X_Xwzqv7siuU25$6l8vg+EKtroUDYVImn9BZU+NFwc; zbxW+`*MwR&f;WC%(Jb6m3yGIqBQZ30rux>IhG30YKsW%vwy0#&`tk&rl4^r|gkU_OQE4zEBFVz~VV0fh#n+*& zSU!t>?yvu$BMTbrZ1Pk@{j+eaXdh{J5&*h!$=0J{5V4 zJ_W~Ubf{7HFxm4I2cAp2<7kIQ95?M@$nG~f9Dzj-nD9tjvTGC_c>+Y?6PmGU^M0Qu zkuyAXQ-z6}^KuoY}=SjY}?lU-gEA)uWon$?&_+p>a}{U z=OK=T#RUA%0MP>IjipstOr;gLo6B7ZSN6Qw0$r(E!P3&A3TO;~ z^#zK6zz=UH@_}6GiN+MSX>Y1@8Kc_pjlsdrVCPc9tp4;!WojIS@7Af zKD+%hkFKq+E&aD0hql}=N5_-hUFM#xP=~&as~gXcz_aIPpPw*+U|aD<^-k0Q1nK6m9131ZTKv>c}U}4aN$f5`Z=L#^p z06-k6!H>~~LLP~ut8w`eukrz{5+TC^*!jBkpF8Vu>%6-53?HGrM>CT)rO9bS!rgC! z-d5-X8)ErxVm5lgCxTbmE$SbMLc+HP_#>_Xrg=~TMdrmGDPDhcv9DqU^3Pe{?90-;HL3}qp#WAd@NO#$)Va97deM>`S@nnRKQzJ$4rCU^2 zTI3Ff2ZZ|*;Xw!tQ7~YU-VR?p9xG;}NCo?dA9nnY%;}$vr@GTTm%qNs-r>8zdn?8F zYD?%O5mhoF^@L~pvq%HCm*aEAM$xd0#stqXUC@B?(L)a9@wUzFluM~U1gV2hnF!?x z?1e`W7YKMp1&?DTH}IE63HO7<2ubLwi+G2>0ZB<;bEQdz%tVF8s-6>w(Lei6-12+! zM^6j_fM42!Apd;>M@T6s(9QMb_2Fxv<4rQi@nC{&cztu$33&jM&{n}jwg2E2lT{F4 z2mRsu0TH&TU%zqV%ZxH_R-b6l?bWdJ zI>2+zU8V1$cN54_P9v<|Fm2Jdv19FN*!HHFD+wjvn zm?{{23WWHAZHR{pnpyz`)URyK)PeH9q~09q=TeI+?jS!IGP6(|NJdOzEq7%~+U-ow zQ&}IwAEN}F;1fd$?g)aYh5enUZ6m{I09RZ**vvtn2vFQvDMkt44tx8MG_4R${cy0+ zV}x*OOL#$vo|Le-F0}h_@L!(x6uZ!3fPs&qniry^hSxe}`d|3oarkq4nEK+q^;Imv z8=seeOfnQGLNQ=4fE2}BH4fuGJU2&Qn& zjvp*_{3SDl6^gB}@rj~+6r-OspG;7XCE*x+IsKC$52eK{4)0d^G&P*?xPsIeG0`6q zlbrxS46_hvi9|3B;5gc_C;{{54K)X5ogw&dZ6)B5M0-ZC4N+OB4kzVM9UlQWKvBDc z1Ep&KBk0OVa6)H(XF&0Rp4#*6a&FSd~i z?mGe?c+h4@Bfp?bayC21{xzH>KqOjs6?{4frKCSU`n${wnFQAVl#G=QGgy&^&IJ0H z0)80R%Zp6}6Kd12`B4i8+9Yoi53zhaRegqIGMH}B3ec~|y>l_`epTtr5Ez1d%aYm$ zS<7QY_#VKoe~5Vx6GD@BpDYb~yU7mHGM0lmvFKHwBVopWG*j0j-KJBbe4 z>rNSO=iuq~LOLFf^-CKdo$CcaM(v>c_)8So)@DHJzJI_+xl8nG%#?|Tr8(`RgD8wh zU5;e_bG8q)}-*pk6fO_deddxHk;|Ej3qe`WAD|6_@UgVY?~NH}fhi z$%HIB1qJUX#z#OG64RsHZcJMWt#-9|tba$2EXAK^MlLJq&-qKM{f6iJ#o8d=M%nI} z+=tr2E2(ki;NKQ8JgjCPzw+`b;L}a2m4}M5*ml#mDVx%qcod{}o%jGVnNEuYH#hP* z)rDvwdr)@`UB4m}(!h%tGK>_ekozYN<8BdRel5y2w2_V?Ux`$bOw_4PC>8CM6~}zb zHM!42N1Jd;=5Nf?orw&@>qQqtLPdrIOlS|%SYn~EW(7mM`mk4Gn zj>L3{xG_+z6;nd$Tt=hBgvu-nBz@r9fT6^fSR?EjiR$cPFBU?fmW8zj$+3@!VTi4;{6Hutkc61OBz8NQ`7rT`KMuiT5aG(Cgf8sZ zxal2Lh^78SBW=|*Rroh}JWBk4WKi9sZMKGuvlqLu>1*7wHpWdO9H+0$RyXCL<_^E? zJA61Tho$yWpK7?IL#Bgw1!*Ewd}m29Q9tG4;+FK7L9)u!jc$@!+iNxCx1zUIRUvdZSL=Je8qW1 zXZ)jTI!{rV#}aXwO@2)-x+^t6;T#$giPBPH#&nTJqK1Bfjn=}#i71wp<+{rayRy}g ze(22MYC8Hg( z8stD6`!gU>1jCE(0?(T>iY@Yl&GN9$@rWhviVka#y_)hD6?*yB0NuLOpB#b4wfJk4 zVV?K%mMVxF^&?~pMYw)rMwK=IDVbTo6Efa}35+-)nH2^DMR@d9-Qha`GAc@t^PBL3prE zS;?N0308Ay>)!~OD&+L$Y;1cmV)^jBc2V+ot@3!5vIZp`pR_N!Y=viZ!B<#yO0xyK%>Ec{C7!ah?&`EbS`HF-&E_k&_U)zR0es;+ox-N! zrT;6Zs8d#mrR4+s4F5|e7S9W}Ts(|fS15`@5R@NKvPVbTf4_74)ttZ1v_}EVzxegd z(<>6}qD99)V*|)JAk|m}r?@jK(vIBVqv)2*GihT&a@Ft5gGF+bpsP#E=@-j1Greuo#;qHGfE$vr)7>A!ftZ;X4z=m4u zfKF^K9(*?ND%~C@+$CA&L7`BN_@!(U+-S_WoK+*7%;ZI}qS3`jsX)AFEsyY5kv}_F ztq9A)q3T>JjLe$Ia$WG+c$Ah%iqJamJ+FUHFc%2rMkLdzw6PS0%`1IL6IUVwLkQ2sVmblKVV81rd*yEyxzaPk{LcJvbszVvcCDJ`4OMpG>8rpiRiwO zOVVn;h?XJ^1;0{zQ%5jr9PUsEL%h|0Wsvg_j|UP|&$-Jb%_@57I`oaz7@Dr1MEOK@ z07+=|0M92O8cBWz?z9w~S_UXG|K4K<$sVV4@ZLnYrpV8Zr)rk}%wiL1xi~}-&!8O= zb~brezNQ1v*!Fd`VF;*>3jc@74L=3VQr5yd7>~PY3Jqj$0;QsTUES2#V^ekL-K`{j0W}AVDGMz<; zm~&q@2)SZKy7k&2ndx6F82XJ|=f4m%VSH<#l)6XCA&GNDuBO==G{XJl1Lv|+G zm%oK&Zu`c0)_%DC^EIlEUK{mMij$Q5ASWYS&JC*?1Z805#c8MqFFbOBpd6F*mGImH<=|2@Pgvyct2awVMQuq@5{ovMpQkO-HKY! z^i2{&RYfP8#95p#kXDc2IfN4ta3zz;;TF4gH|b!*O#4j-3R6MFqj#uN)+gZJ$IjUYfDViE0^G@t*(WSxWB3M_<%cGNVmdlh7CAtFCgrQO`zu* z?z|V%E77r%&W}Ks&lQ9ZPn+f)4uC68pXK*I=|4*c_yjd6Le@#wQS_{MK`JSl&kbxi;%Agve(S>G;C7Ac?WWzO4||qX>YR#gD@8(@0>@p z+Kv`msMUbsXq*E+tzaq2vWl!fc#}Ys<~VlRlgfJydqO z9o@yDrmE_Nk9WGA9=(O8s+HDsRT^BkJjS2OP2%uz_7c!;c1mxfo`lCqnkD^Y=6kC3 z`QIw5>K2rmXhrKnSF4-KpxJ?qobR>4Pm=Q!)mM~ie^@dW;+P)mepsEDEN~`I|%n6 z=<}w~gwlF>!&T_h)vAsg&B-tnJJ~5p2gPTmZK~wethh^9Yrz`Jsf+_FTbohm{N3T6 z3hRn!7#E&4_TNV}zI^J`Pv7m)dvP@akC$3$TNmP!NebT3xKBYOwgr2eAe!h(yy=|mwjqL(Y9GM38M&MqbUV*!r2U7

+&A|zQlJjQ)F4#x2KuJu}sS`tuZktw|5IK zcR#pUWJ6+toY|Vs`wX!nV+a{Q;X0?hs(WpZilv|bkTS0~%YGBROYJpRd*PvEUL@)6 zJr=bO08Gq5d?eagFcCa;cPq@3nqwSLPBumhFcIhL^Nz`hdZ+Z~=;q^pclY{lB5vyy zZaY%p86g~VTALwyX-vl)` zHFW_yK<0sgZ7*J+DXxM-CErKiNeuj;S*K;D~z+?Tmt`|_%tvLeod+D2$nYvK6f9nWl$>YuPkAAOz@7|vI4 z8{{KF06L}1P!PnF0&DceCe z>r3~88F^s#-o{F%z9=HeVUDa3HGn6uk{upknUXzY$u^fz2PjyR!|&{1b$P@ zDgULfBmEA1p()A`48JFqdYF$SY?!6NB43yt+h6IR_#^v$@#Asv-Z0R!e#Jix)OzRl zxyr>o%2_?y3AgU)iKKF%dv}M<%JNFYXGmr@h=3?%zJsEu#%9jDNr!r@v6<$)}#4(29F6 zxM}50$cL1|wgXM7+`~aBp6(jVD1RJJ^*ig~tHOoF>8 zcGYXdYy@RvVbV<^1K7ziLAj8G@1%D|!*H%e8l)5jk$CZk>1PMyx%ei-Ua0UD(mLv< zP91hM9_%+WiI5B)@k7bXPo3muY!8&Ji}KX8W$&jZdT=*KhCTDhR_w;*D;?DnuDqP@U~E z6O0Vz2J{76SjL4S=W^;6u6c~~jpw7?Zq5Co;xQ2{_=y_I3&%pO{*ENA7RXUx%EXA3 zaNzd>`tNoyLk#*hAaC$#%d0;>g&z*2f*@8B`OWCRQql_vkC~o&@D+B0y1EiZ$h10C zZm%8w$SNRL>|WPd@BFpPyUD5UZ^-+?1X4?kSgQFJpWw$M zYMB7VU}svH>|hiMt3Q`?ENQzJX@Kx$#-x`cNF5AIBoZ2j`>6v9hz#Qcc!>?t)%XU+ zU)aFKr&5UtPRh0x~2U&oMtC!ww@BVIsg#m*Sb2<`UTyPNM?SGx50} zjv_&X*w~f`%M5tY^4_GPoCs7m7Ylc5dx;fe^)?*K&y~#9`C#wI_Z%=zZ~RIdrnPGh zq015H$@t}TlL$@rX0V1--8ppWVZTxxz5L#u4^O?)fTbaS5)x+T0{Gs% zOMjp;HBIp>Jyk{e!-t+^T7VbwDg)=X@pN#j9?CpX*#G5%rpGv>+Iy`=i~kGhMLtu z7iorE`7b{Gds}!rJ3X}XDuT9!@{_AGGE8_l_2Q|S@Ym|8_JZ3ld1$I0N^LrjYjKdG zw$vKSbVQkw>e`+`m|`tBGuT3$e4P!$|LOvZqw21Hwi29=VC;Bw^0MJ^7pSBoHq&fD z!v%XeccUq7O9h_a-Vf@&W*T?mJ2V2>HpB;fI^w{c#a;EX4;`g9ZHL3t^mt5}l_ZBA zN(>Y0C2=CP`f3^(s^>9(bCzYG`T53UGv3yArVp`Msp}yW6n!5^!O*{MuVp(fc_Jf-Oe2(>KRAChfb^Ndh^!}^B9H*xZBcj3*Kbj1urVZo6r#MQp=;};! z5i~0?Y<0R8ly&f923&nDzH@*(s?bkVNy4=L51 zwtUjD>VQ5pX@aD%S9a;AMzzXStv8(aFyHc3Aj^+_?Y)m)TUgS{G@(L}?le>GP<`D} z;zEP)BYK_4m#?H6p-3aW*%V$cQki$ArTQ;MU@}1e5Mv+q)(}1jS)Rj(txH$dfn6Cp zNcif(lx8t515CFqP8L|<)>;+Nsh0>;83lPIQPYAg$-t`%lW|AAJ1sEV1EI6%wBXh9 z()s0G`%S{_M(naw(Zk;&@SyB12l=Yx-@+JmEh_oZ?qW1dEN0-BOY?WFH~j3X{~0vn zinVl?wooa@$jw)z);4~QuYx{cU=qK9y52EYpvnft53o`} z&SBb~eWz5_TfFLaw%;dlcP{{S>kQ_a-Wc~@KoIL<;HTByJd8V&*Q%zOK85BzA5Bo6 zt6-E86;ws+*Y)>oN#Njri|=pSV3mivARnI)K><*6L!*yoE<#Ev_`l`r3twZcsaV@Q zXMYfYYeJ;3Rqg&+lI;5-c@3O1B<>Rw@b-7nK;a|Ds7qnV-{(D^P3x9)eRI|J4e03X z#6_w{u8$}o-uZm|dv|2zbssqOwxSyM|5U&xH%6?$OiO0dA@>aVv;8@qw^Mbx7<0gi-n zUP!wEzA9mA+FQs^aE({_a=sw>eQ=6f93y$OZVQ=S`yXaQ>etNaNb*!ZS`C5tj~NV3 zFU`*3Ne#NpS_IB*rv5%0$pSg!*XCqXnn z9pvZtkHlx7JwLIKM?ok7KQSPpz1uaIS@iKs&n@<+7{qNid4G_9OEhPt@~cXS(ofo|W^O6;h$ZyVP2|~y4r3?aa522zpFZ-y{Wq2z`CFKIJL>*v zbhTk36^g&{qdZ}&Er3Ar`7w+*e!!42*O2um1np@fKMs$0DlRTLjwB+Ox^Nb)Gyx178J7-0?%6x;gd6DJ5LJTsa(3 zSf;zY)j)_^)Z*uy^UPSguR``Bc+0z?(>RYvoZZy!$Ge!_0-k4VNXjzVSabPyoxG8> zb3b+Ao7VC-y{$!|KfzK&CAI$A&5~KOq&7n-fp|90q*#V*Mz!pOI&&&! z(?_kO{nbTa>c=}Def;!^v(0G^Wc46C8KM}yR8pu+#j(gFpZH9YkmqU*`OjiWjV3ksN8ES z;ag&lJ?<0N|H^6D(=ViOLJ2-J4n1DQYE}rPv!nW5=vj*lzM-*EpjasA8}KD@04H3j za|gb+dkY!2P^$1W;pe$CD~!;g&TU40nk~~6Y>**{-X%t}qN-Az7Je_CQoFV(Gh~nH z|JRyehtqUn^WPk4U?4XAy|Z;zY5*6_`5ss{YN z=p8*xjPjJq3!eYdWj@U@H(CMaK6@y7$WppTmC5=P!ZE}V82w$%O~vbX)qHN4=cM>6 zF93_Dswjg^lTLC3yQr5ZCoWBsOB1%Vn%_OHSI1fth_y0X4PCW?CE2^PyivipSzqep zpsNfoC1ij?x5eZ|+2Xn@UYFpNa*mKYcL?P#&4K6Qyr?465iUu>R?z$ft4m?vfBDrwA1 z{XEN#*?dq*qx49P7$!Ij7L+y^&Qn!AF{{&0`GD%e|D4Q5CG5O9te2<$Z!NTvJ&>(d zP2tNRFK;AIrpLdN4n~?C;2ZQ?YPVTl?Q>NT;sRX=Z3 zHr{U*Y_bjhVC*RQlcXYaQbLqd@Wxq6n@LWxh-w zJS-5d^;3N-D<)gjTFA93+eM`A1kxSDPZyY|DXeo~mWEGOGusRIP zPN?w)c=u9>&Lh^pzY;`*DSoWvXuPRf#oE;J$idL-{;fFpSMaQ-+ zd+?KSHc{R_Nz>AQLbG#O1PVz(smpJu8Ou5eXpxG}$>7?(b>Dr1->HH&l^PP!iK9HX zPAs)J(CW#co|UWP`@S1DPvR?~4X+Hs9Y#;5|8N?~WSOz~bgcrk7!Z<%N3Qh$E z{|YEYjft-H_c4kJET@3a4)3YGfqiyuq*n{frk`LF9)F!>U? zanlwz04q1BnEA$EW5GpvL)!)*7~RTqFR2i_Xl`*BNdVGV4s@9rwLvVT1AS~?D|&q0 zcoMIGGzk!HYZH@5T^-2yQl-v6R(>yh=u^di zAl7T;5-%Q8(>RRm4d}o`UJm=c@!%p*dIQd?bgYQ_PY&-? z-G47*S{I>(HoC(DgUqNtax=|at9MLebKrBd3cLLWAA3na@AJQM$$arE`nmWVymhTS zLQd7DjiHG}sqx0o^JBP}`Ij=H(6I!|v4skO-Di_zB7=4x1dZ#*m+1))#vgkRQ2~xMuz% zX*3StjH2W~_W6jSQ1?@UF$YGDXt1cNVEs0~aDp(LZvzV8w;F^4dT-BUNKU7PwM7qViD&J?W z+wMqa|42(oFKFU7Q^iT&4@r$))nF`I>Xyls$k@|^BBmBptsBL*Y%-{e|M#a6R}=}E z%CL9P4IsFj)lwGQehlsrpDSvtSi$GoFg*6?n(LJ*SiK4o+xN~|puto#CiGTQpF=C0 z1U0qg&VYKmR(zX5jz^W2phVMcd!^%{Sd1&o{yakxh#BRaXg==8*`pLha?n~&y7w@~Tsp}yNWKBPJ{%zQBp*1S?HFxlx{xrzo879jNJ7q0HI^)gy z?=fM0|5d9N{6CLq0m9U+~#ucCJ36d0)g}OQ2;4+6)l7(A^K81$Lt4uQ9Cw-!)D0nZ@hHYYl zI9+fu*&e@4GJPuF&saNO@U0z+(Q+Dxoo> zJk2_)(*JL7>xr~r%qXU>4!#LfkCLMNVA$RN%Tj}pUH>}@Hq!a%aYK*ILVV1}N5R}= zt94q4G;lM9J(RZrEr;ZuBqucp4nEbh;e)G*RyCo&GR1{bfed(teS9K_D3*~6T3gl; zKh2jJXHl}>PsS;_pz)UwR zD+>7uW1-~h>TRP_sL%vj_P0lW=X}^@ugx66qsCNJS!*{VD8)tkuNBH}TY#Y4p;Q*H zkYmfqW9{MtGSvFkr37@Je|kD4t$?lswn6RbC&6T0eQs~|CCS_LoXJM663wEG)!;kn_-75hqehQomKSrfAD|pK z0Np<5<^AjOyYKIn(0O3ny&YR4h+PhBw8nt&)S*dUe_tAQ6@Ecr<{GNO61Z|*z@@!r z4?=<44t!1e8uS_x@}BM$NM1%>H)Lw9z46n*kk!BWn+_2p=*t$;h`Jh2Nj8oIN|A?r zYpgCO8yEAMmN1fjcReEWI$ga);x@C^dk(Y+2wyK6doDI0^3|JTuWUcFU_1MLZ_YY8 z6|$%mg`6oHHvFg74Sv0~kMQ$s;`aRY^1sNEguE*^3GEc%pEh)ob;=^4!})8Et%h?xL-7HP(h1ZNRqSgz8UzB9PTF-}Znp2P+#Znei_ysf$d-Oii)igD{3Bb?sPqNL+~s?->Ge+g zMLQZ)kN;W;Jb%5Z0R=ktb-j#(+V1=cUgtnj{d4NVrC9Wbs*t?05|rU=Y*L>wqDp?7 z>#z0Q-&&n-Dgx&d~ac;OANlnefqDeP$P^ zKJYdRWKKWVIL&1H{uRK=s}G-O;*7l=x1#5gq-vch6fi6jeNv(gU0hg10gU5jrCI^E zSSvu_PtoE>sB=a40P=F2F*P+xlqL!({!w z&U)y8F;6$C)&p0d++I*e=0DJ*CkoO3oL(t{*@uSdI=-8){ zuD7N>$o3@a%`bLi9$S^|1ogw^J7<{4WJ2Rtvk-QArXU%`%A8`eT+h5`? zq_>GD*2X-W4U%FyUwD+SVyCL8ce++p)U}R)fo~YZyHk9|UeI$1)}Uos(px_oQlZeK zBuy-|6W5~d1I_s8@G|Vt0v&UNTCX|AB{@{>(1|hicfqR-oxcWMJtDvkt)1Lme+BT^ zIawChff*s48OOf#r8t_io#bUd1)BE2dRlBzR~V=` za;$3CQzY$SgGNT9PylftXZ;Z&_f~JkBTNt{X(AC<;}JHTYTp8Xew~VHX1WN)6~{lg zt-AUAf>e?Kk&*c#EYm=}YZK9Lg()gX5D%~jDi$J>Plg#q@Wx2j{^x_W{ve(#l=(^W zY=mRtee%}UGwV8Vsrvm*TAGBx2gp}=e(vcSZQedl(@F~iybBguAv*_!R$5dtI>iP_ z2@AJ()WrTNwmwopFE2(aKOO3ye_QhYzGOX`3mjH6{EmHibkOnsJFGCuJ3 zQMiNm)^ZLh?eR(g9fEPnL2bSySI$1QsF%N9q18yR5~=jByr21o+4CprV83n2?(v8G zZw*yR!tUP8A~(rDSEaMHYpt2)a}$f&DSRhNnX={9F4-Id7_?yID4Vm&05Yo5!@(i* z9_Z!CsYQ883+wU(9NS2YOqScZA3WU@ZtW~yJZi-p*MF=gE{+-?qkGIW$J`()6USur zlURzXxb~c-G|tkNX@~Xc+-mbbYp|m_v*$8m?d49)oXsq><4(Uqs4!|aU>D^7_=DYL zvkxwb%eyA;A8Gm~Xo>0b?OoKYr;CZzR=)gB@(QZ>ehb{%Aij7FJiHFPyb^p5v^&z? z_-Q5l9PnxvO+fTPu zm$=UTauk&nWT@#IX<+tDH(q-(1^P~3S=K)FS%c~gwn5b&r=W&(OWj_5U@{VajbmoG zb!xAE<#&~P>Wa@C`~|4!v#-+^#v4@MGxpk7%a8YF80Trt)D-_3>@O%;Xf;*gq`Q7B z^r0d9v;rDh1HHgsf)YPK9tAUN&sy6Jt=*s8rW;ECd$Ubf)Nz+W^R2+6eH5#WxtU<0 zE_|xw&=z$wE^8r6i?fGMQqkq!Fp3UnV2_C(LX# z`d*L1AY?rGD#QZ(62%n~vxu2pGHeSosE|)yJa)ae$@XTmK3_kc&>>moQaWBf$Z%Pt zs`WVyYlbVg&*H&!zutoQy#1RYZ8PP7({%Fa_6 zXy~~r_37Ab5JF$A*o8)eY{DtrEdZ;~x>b7r_EXEC%KGd?xxGai78Z!%PzLw&)UUD> zS+IpN6O{5Sp5lw9p%nb2PSlxO-{m>c)4P>->D3T-Gxo29$k7E3h!nXJVmm^rUOJG`fsv!Jc7p3t!e5LdzC2wB9& zGuW-a3%&THR#tEN)c#;%InR8^0frMo_B&oCe+Q4wJtt$FAXwyns2N~){}3w+6`r3B zi#^plNSS{G>=sqaS{j2T`Z5Qcw8@W_WE$c}|41d6TWKxvZqSfzY#Kr~`gHNlV7n<1 zJI=eZggjO&1=HCNywPmBHRv4ykRp~uLB6RkAi&phyAKXGuW&D5FULVHYg8h1y< zn*cp`4{k*g4@JS~@Ij0j;%Ag!AFJ^sc#%v;T!@$lF2k^O09rAa*AG@EL$305zW0r; z)eiEb8Xs}+QQ9<%85mXQY}ep&|F;nVD(G7*N@I~B_A3P@oJsC4bZ9kJO-J06g|Hj# z(}Y*w{-ngv(@+Lv9E8oVFE>gU`L?*-^%LuKo z!;6?h$%}wyjWbC!QOWG8FM;cD7Rp>X9Vpqf#>^VDR@MKQd|MzMjd5|SyWCZ+sC}Kp zMqaj|+md`Dai}NX>uzeTRtLirXZBTx`<58wfj8R5AVcOi%lJ=V*N66pp`+u?-8ZO~ zpI{vHR!0AwdCEPVx1GfeTo|Gg)bSdO!3c<{l~@_Y2>Sj_x4}<2|AF?-;)G^@p3rQ7 zRCbWExsW9*RCLA&rK`E&V6=>$GzFxSpuf|6PL++jD_+^r3S?44HQIfKoTEpg0ed3uOCISvyKH|Yv^h6mzb=@j^^=w~~k~NJO#n zNPt`X-xdPbE4?jts1hvQH=$|tTY&!{6z>d&hO>EDeiVI3c>%M+Mn{R&rR(ePM+H5l z4VvqvHr&Ffz(#LZAf;*w6{Cc5v$2Ke_v*upOSNw*P$(DJK##5*2+j=Qcc(FTGRLmb zlzO6Tev3MiMLV|NK|+vp#UqmXyVn?RbNeu!f$0{PMKO=vB&4E`J^1Nh4E7;V=YAIzpxOyZIjG)vK1O>mN9NZ3BTpzeO(RNTS)1i)^wvnmRsa6C+N9i z-qo`e>pVdeJ#uHvr0f-VWUy0+id&v`=U+8pDJH<*7JhB+NAPJt-v<9+B~p;5#W?W5 zT9{@XGJ)=6E`U1~RMOV=;03zzD4^a2cS*472T%*gcgSY(B>cJAGlCaAH5j5bQ9OWa z&oPGng-HkE;}Yvd8D`UPcH_xvH52tua7=RBY}p>_x8(-|%aIj>_rh1@7$8onh+_lI zvBTuSe1j(mFJn>!qpIv40CLQu z%747od$Z z%j4}njjt#@aWj5|1mg?qq0TEC;K;*0O-Xdl;Ya8sF2x;_IMJQYbj{JsrtcwKv6o8g zygKvP)L8bP0qE`bdj8bF{=yY%`u4uFv9&Yt3VQVTFZKTV?~ln3Cc$2~@Cxp0i5Gqk6RAK5CJ^XM z^#7We=-2;iVm3?j1z2$u@PlPeZmAKm5X39(vdPSTz~xnb$Ty=R2yzOx)SjrF3+-zi zV6bpR>Ca|FvVff*FvI#p6+rgMwWa+ZWwc^n&X-E4rQ!P-(GOg|;^Hz?iK~)GnM}UK z866-hAP(hep8QCL#dZ&FWdLa3{oM%CF%lvBkIv&a`FwLlRdop!ILhE7?NxGsV($&c z9BPoaTk=BQJ`taM$!>dYVP11Yd)nc~*J2-VqRk^uu=3Vtt&(=)OjXw67DlC%UfPSa zvH9KM0=8u<t*N5UxdsC@}9U?S98q4S?_OD*Z$G{Ioi{K&a!&KZ{`cidcN@3 z>#vU&AM|L8lK!R>G#m(kza*eV@B#18Wu0XhOnoBuD1;Gz?AL7IO;9RaKf0N4d$x@M zJ+yPIKXDvdRxvBz##z&;n@3pZx$%J5DBkQcy|KYDDDMVBn>Ax#-BWqBkYznk5jURfI)nY28^Nu zOop^by`Lj`F=a45)BF#5P5CBO@k)g(2D*8Duy+I0w+4LYeK5fOqFqcPkMt!esu1s6 zyy6_BtkpBGQBv0WeLS2JKoUfi=wi@-qiT!ok8kS2t~(5`olo)*1enxv5|L?MtO}yc zBS>*XUi36s|*&+w{dbXA7po_i8ls99v1o~3@%6utM;WM$D);z=gUkPtYp$uv}R&CH1PvCAl zl(5%vLJ!)j5fy8i(@Y+*&nHpe`;XE88hE{jQBm0s929zZo1Y`>g|v_ROE=0#Hm2yiBt zg_?D*wNq7aCjIP&R-;Y+{ci{(>^^arEP7YMK3>Qx44O z0Rbk-C=(4{$+=1lE;>7lhTK3kxIpk~B28zG%CN=oOKFaZ;!XZbOl?_TUt*algp^(R zK?rB=C^-*Y#5eunP`ILLa^d-vj2@KvvINfh8=Fg%s^N-6QTRqk!G#RP+Rep2+D|~V zR~=&&?O8qjF3Ddtx6sdNaQ=@oJw?qcqzdpF3gw>jr(!JzT^J_Pj7Z|&R%7(=Tl-&) zqX~t^(viL*@@v;gvXaR=W3y3_&4WG5$Qg61$>-#2LO7j>P7+1;$Ycg0JD3&<+Le~_ z!&&duHHI`HLrPb*T$%wa4Z_JmJg^o|AYy8 zkWQfnV9$(2#aL^!3YHf4=aaHVA{3rq4ksj@WU-GSl{~s^UU{6j$n;9OHmv313v2y` z=GDSdQ-0~%T5124Ab+m*C>8b#P2~$cXCL3a5PP9zE*|dnbdRX^95go zs5xj}5_!;nBQw%9@5~u3u4EeYO3KdCfkr{eBeF9TWzQm4@wdwTPW9X-&ww^Wm-xO) zTp%M=qz?79if*=t|4U6;)(c?uk5Ga3ni zhoss7c|eFgh_V%FUs04Wt4Fb70j;eLLplx}Sh!XrL`}Ym(bY5b9s~OXoNzFMETckY zoJKB>C>nq#z$Qif4Zz&Fj=$+rf^*xhdpyrJNmjH7_7L@=%o@q7&$E@C(;f7OwMf|;<3ppVn=TIEs#FzUvcLOb5qtngtbuH#}sVc9>oy^AmM?^SW z3%RQQzh(W^@hd08H4y7m%4=X0(`yp>>vi@}*Iuu;)f`jvb@U}cyUsj z8WIwp$iwX#ViGsCE99gC^IV+#syX=BoWl>VAcsTzZ`2$Fk?-HNno95!U&X;`N+?F+ zue-Ze%Cy&N8X{!Tn2wWxBYFe<=HO-b&a(gI33Fmn9E*;WawfpO)cL>GMo3ABC|`&&Fp=g=KOs-Z<(ZR2(wXXnT0*Vr7boeIf@9c`%##DU@dUY zXQDUCsQ)t=TML?J#?Z-6#ALz0lnXw7FD4F+lmWJ2LA5}_3G#UFqZlYyst;zw%_CXe ziW~dtuV~H96v3WD-66l+@gDye!K!(sI7&mAMU4muPrqCs*Hfak@ zqmc)~BPjuv8AM}?sW!Z2rDm;%E(BlODtdJBro<$=6kw6<@kMMCU21AAhFfkcJt(3y zV<@eFx!h7(VT83|n>>*rq1L$Vb-QvxDDkzx`P)_PP(l#P~$)sQZnZd`}GfRStPlW zTi-cwdi9QN39Jo>x(To~<=hy6#T62u)p9^@r;dBn5{N}xYwu;s38|>|eO;rL!YrgI z?XZ>9f3VFlwq_<9V}f-vdsPB2bH8PJucfI?R%uG#1n>r8Uoe2?px5o*wJNq`g`r?) zHip;K_OQwhTC#fl`P2E`}0EnvR|gn}8K&Kz)Vzg6dP z=y{S+k3@&HWI6TD!z}dSVifZ%St3hb{qUCZ3!=V$ed{W>-R0-)$s`@6Wv)Dtk^LS) zDta*SrO|oeIo);HGG0c^(!#2>K-gqhSC__)of|0^36g5|t<)Jm9C2f_o~Am%!h!`nWcx%_@^? zqkRz7a&7DzQ#9AcxLLJxZM2(HLN7yEq>|RAQXy67)Yjkz(Xm)=ix#+nK32ySxiLzg zCw=Wk3&`suThhAS0=JL`Er2K`v;|y>Id-8hGp_(LnSdvPp$m@95O0AA^nIE8M0%CR z0o`N*(v(&ARP)L#T0j?lo<67W=t20%!{PigM^h39?nB(E|L1xf=BDw<4fbrQ7rs`_*l%CGHkbmXmtjm)>~d z9qgo}-m<~0BLk<9{;A}NRLg2;^ZI*hvclzv3OQnTMcz`2F_zF@gE3a&D&&v-7sYLu zaUNEOre`Xx>|9akO_9L6Ux<97vRW1I z*Ekey@DaZ{9lk{rPZl+Trxzpww@`Vo2oTbH*%xJeCU#{NOkK1fA1+cmL9!XcOakvq zGt5-nXI9XoCR<_bKcMZ7ax)XG%G^RG;itA?sXZ_*$}*NQP`uVUF79-51|g$0kL4w; zbB`-4-*#+#pA*++rw$F~m|!UAzo<=tu6hsr=E#(^zh4i#skjPmMkZW|Ql~~^n#zI>mV4)|{=8jl5Z1)yf5h8*%uv_{^x z|6t81%GsYgXgz;^ae4mstoX$XO{ijk_im6GE8I51bq6cwXZ zV(_7omQ3l#T-=YjxF2(IKjz~8Vsdd8F+w??(u`}{{J(hrm$!6@5U+lTnvR``)jnp5k>MK1I82v z?o0{Gb12qWqpcKGG6xq&jLYO$iR-ZR3e?dMEii^mC4f`Pft$qH_37;l`v}~MDu!9k z371)XLQ1@rtTHE3tiDCr&*BxEN&dw}oB50|mB;IuqSm^c#E0r~61hHZFb$NC!kw@VL*AH zf|+X(m+NK2!~q-2s|nawdA(dA|A%4NrU-g-w2=*%2HD45~^At`bBFz}cQL*#&e2&pr6iATW<2Ch2hNkDd5mc(atDW4u3fH@8#E;c#H7@lJvayx@bONO|#K%8+>^sG+iD1I^&$TVYE z1xb^v@=6Q=q7L|Rp~C{KZwnHAN0Ur=oI+P@`@RpLN=YNzs!31LOcC_k`Y7Sa&;xm} zaBS%M)WXy$AmAVhJVeD$d4-_n>tjI`VhrGU2wfRS0d>E(0GUkGJV1fh=A?}RPcT~? z7=5*#Te43A7Ev{#`po6R0Q?bQ_u5|omr!{Lp&)o+h7XWb!=O1SG1HHtVWK-`2>N^` zXp^1c`Xut&fx6NV&qH6%LuIl1Dmi}oDdhjshXj*=2|?!mIF|GO-rmlB_WtL+gM;29 z|KG+F54Dit+ObM&kT-lt8BZF52cT)Qz>5>`D_S(=cXbc5Izr1Ama=dFnu2>8bBJK% z2^dG!*BU)JU((mSEfHg$hGZG}b| z!A6012Ir_YUEK(+`9SvIulFZ)R5%I z0g&DUc9WXAO{yH5k=qfA#_?hs;fd7^_7`=O%JxIrd$ysnbenEaL3M?VFPJw)GsnIb zP5SooA}L3m&*e$kX~wX055yO)<>+6MI>Ct;qVYN?X_2S{-splWHOoLZW?#7kOzwpx zO>|akL!n^4QYe)&3+UXcokNg)ajV>gM7uD67w z%u;L0wbo26wuG(?thbee9Wvv7bn!--p2X)BSD~zgJem8)9GH@}6)d`bcb=cC>jY9{ z+Mpeh@7WCPh*7I0Dt2SNwj};E1w$bnPF8AwsFk<`Rgb~J+JlhtH!mK7)ydbrzCsIB zv`-y&Q4~FsVinp=Scg{FYjSnIfRd~;DR?=KAQpC-A>{BEx2(veGcA%`;}GZ);OcY; zRGD>KB>g`H7~AhtadhMFC$#}_mRo`L@Zw~1Ev|M>TfPIN(0o~&K*5~b{60`4#N%PN zgQAs?;zoOQnNht6l5K1ZRc%snEB9*EgKrVlZMg5iY;UuuYKw}6%J7(?49i7ZL&`U0 z16xB1UJXW>!(ZBndKU$x+IXa|Zqn}Map79+{G>ZN-&}Jelzl$ew+-kzXXjVPgVfb0 z<`xTvw0kFXc?5ms$f(czx(O{A-=XYmh(lQd2A*<(k0=5&$Y!RF`08x1m+S64X`iMq zYUe4K()ZeVYUB)k*iEKrP1$`=DDl?IO1h2xq>6l%3$<=IRE zzbM)zav2+owun! z;x;(cQo?)PLRHA}JeLo|o0b#0Q^=Vr(`P;?TUt)BOx5`(FxzhIDYXA`#CS(dI4bPFz1^LR{kPxW+1-1z|8C<6p?fV;jv&Sx4Lp}Q+n+YRX;L&rAHrti zo2FWYO#Bq3a4>B)8sFUXK=b+qb1><^5O?Spx}BSz_|lwWK8uX|Bt_hvQ8}gXWYK|) zAM>%aXLz`bM}u&XQGmV@iRfMN-;b5zPP`fpK#y}C5&M-mSvx23O;Lmqo{Sx2tULAQ{GZ} zYo7^LrU&9uQ!D=4_(lj6Bh>_nS%%f927PRNV?N8_NPl+@FHU3!tAa5ga|lQmj&($; zuqiEuF;h|ug(>w-Lhttgh9L^Pr}3+n9PW>jv;?n$dG}1#zia4!?i%0RH5%Vg#C|p{ zk^S;paZeAUG5Qdm1RnbEv?&oZpS_dS<*ZqywlwF9%5uhvs(PbwhM|x7)7pS!{pPcG zEzoQ=#dsEW;Z59o_SPZ3%g!<#Ap7e~W}KGYB}Y06JW)`2d3;kcGvWb}BZMdF`}g0c zwyJoL1<3E!DNDQWkiA30!<10uQ&4kcX3o4BNV8Q z%~py6G5&V|`3$81{v_H~2vJ8&D4-zJN#Y8CikW0s!xduu(D&oXeMpfy+#{r&0-&w%9-+U%#re0oI_-E+$ z*SuO+;7|mKnWQ^MC$W|vlQWH0fLs!}d|F zJ7mx=2jV!6wWi`hC#kug62`=|D%=|MevpRJl8fM(m^|NfI%10H<5~-#8$=g;CT~h% zTBqZ+03$$$u*PDQTz$+;)nu9i$iOY~{g{4R4om1yOJ~*e+vP3#?aBX|Fn&I<=l?5x zOZhezK=N9r?P^2cZ=3OdTqIxNB9W`)76J4jlsDP?zO@SCaa6fRD4LTS>LBRQ&^c=r!?Tr-(~DopJVgmdcFtu&t6Hw6VShV<>2P$VVJC?~+;STJyo0q($V|0&iOCv4A+1^ixlW zO(b%=N9+bF5Utq6CW-wkvt^PQypgXYE`j&2EN(?J)k-H3>slGv`&mjHwrA*2DF7}A z_>Tz6Q<|u(N3LnBB&}T|T~>f<0UYq1{?ixT?u%z-1+U^e z1f7$BzlFZ3^|IT2`RrL^`@#61;i=UBieuV3N?+@#i2vN#>1X0U``zxrqyBd*PpSUb zQuW#j-6@R%nP0b!Nrxj!WjudJCD~QF+Gb4^@V#`vF@qKi_D9IDtN879kC##yyMUCb zNXmru%1b5r3}LFG5m`u7BqU#iI;ZzvEV^eI;CKD|RJSBC?s9qI) zNukRT1;07(L=Ou_<21FTc-LA9Lc10OvC?@344G19Z5XO0P63Q43=st`WXL4?(GW$2 zlD^G*vFV&&x5 z$2XdN$Sn9Zc*uFk*;6Up@V$!F82+YeC3YqGG)n>xn}fJd9BWZ);2Me272`=#)GYP1{I1mLh*Bj+Tgt_} z(%qCQIt!VuE+cvXUZwAx3n3R0N;47P^$GKH@2X$VQ!f7%ojk7De59`I8%0#j$Qn2* z9hL!4@g?) zP>rK%{rCF0_1}NY|GJ%L>H2?Mr+@lq_4U8v;;)ncYbTTcxxce_@VNfB@@#zl#|Z(I zPns%X=FFh+MCVS=UbWqB18pE>Ac?jb$(gBB_>%xoG>v>1UnNC69RSq^>U;nrPDTQ> zoSfSIH-vmP03F0#JENbP>9VZX$zpU&G6xTGH~^m-cC^K^#$^J?@@+&D9F#Xv9ANDQ zr|%kM4mh+^j4c{ZK-HrX_j)6pp9Lezk}JFA1z9shkptc^1YnYD?ak$>Obdgcm+sn! z=v70jF$~By>vr zE>Dhzqv7%8+moZ?(b?hac+u^?P|=F9!F&K- zcDpYhm*m&~RIdM0$HDqIs@DI0e>Wfh^|=3U<;fpxOwtR*0umYC?9EoP!-BLJMjTIq zn(PYZ;53I}=6xKDlzyEHE?WLsMJc7r=+L9|%Ou_?^F9eON`J5-i!$J?aH8~=IC?14 z13F?T{nmc7&GD~X|E1oL^>I|n|NB|_zrVBpxc;~Dh~fQ3j_!#b+<&0)jF4-wkZ+Tp z0B}EE+;ifg0ce`5icFlf`8zq1yYR;-@O(57=XFGR+lB2Jq9`dKWC`<4{FC~6jTZ6O zYqU@wKX;G)xt_}PZ+joCiKBA;cQfn1cX05y{En9-tWV+kH%^xYTYu+BUR|~l zH>gZu$)vhVh?Wr|a|@skAHK{SsdYCT$f;TsE1g zi{=Yp*h4O)EpR)-?o3)}=8$6-`u?IJgk({Ufe&q+ET@e<x{zuSA+>GnIlz5a*ZUcWtoHv)_k z2GhnhTHF%qu|cB^5;be1ZQU=>m_uw*Ns3}<4zWJ~BxL_Hjk{qO`Y?VCPNOjLBL=Pz zoHx|h!gk%*b7cRKg@3)z%KTr6g)40U%lUt=x4WN>|L7ldAMbzJ%JanVJJ4~1PY$7Z{GLuwZaur zBydPwh~(=9F%c5HQIs^)wG2W!eUiGO!Q6r&==xc{_ZR8ZdFlH+)IC!ARucyt!2pbr zsoVJ?MWaKl2B8GLO^zOWB)$;9t;2yq^PH5Cuzk$5}5=B17I*1U|vZw zg5vogNlXye5|$*64RV-?!`xnJ1W86UhPDj{NE6=wQQL@IiGPaHK`>` z774c{2T~Kh+9C3RN~j8UB>JLi#{>k-o6d{a>nHq< z!Om@*snd@H5+gLQ3~0@W6FFchPu=F^l(RayOiWIK(PHY`=dY-HSw#w|&LNA9}Pvq*$yo5fU&P&kloz?@E+Hj7e?cW2@JJ9by_-ppOVsAqgAmi|ifOIGA ziAPVUsZ#JXuL5Lbb}QeP!_3A3UD8xz`gs-wrkQ-Y{fW&lcc$yxn0vl|j(*zR+S=Jw z^BqwokFbbHdT!*8AOJk)T6sirbr2l%8#E0q*R? z5spxYLmW9z3nb@>nAYxcsbXw1a}ma7xEcPWD8ft_?hMVJOkIs76sZ6A|{fww1*Yzv{Q0H(SWc=Y;}l z9eiX@MCw1Z)a(P#z(=)GkEEnSGe3k=%z&Wis#3IP6CHbQjDrIUT7>I=LSP$Xhi(+PUsxJf5WHlV$7DQ~>pG%>31)>W&OgPvnhzK^XY*=FeNu=vtFUM6 z*u|3UgX7crBTeXA01YiOIJU}BaOK2ODp39+)o0liF&S*l3ppQif@V!rS-mQGT zH8-v&O#KbryWL?ZXQ;79rb6td0j>wZcuM2a;>YYY%j%}tM?%M_348UmZ|#=%%zghW zO{4?S_@Hl)L@4`{uY#xO|8{Hae>Yb4zYp_#`4ZThK)+T=M*4jnF#>|yTkp#k2ro2W z!MGW4dmGehh!k9^nE36j=S^+IEWW_T1bgrX+n?rdGOQNVEcW&`6j#xl_#i)Zc%j84 zP%Mgmf>1~L2uHY7F6vs$YYMtN)9W&1w#vsE}-U7=fu=G;Wi7&XQX6kw^ z7Izwoybp_af6kWsgCwb2wZPIS8N}0BYN!x$pj6v$JX12BETrI)00;zP)^5{Go%M4W zZ(W^MnSeeQf}t7@udh%hTGtET=8Y-~ijJ80tYOxIkN!*>#3+28=>*=fDh8G3hCn@I)W>+-gssV!08G zaNe@UwbarL3{v(*~4lbBFVvw%5lEKNs&>48vTO&4Z@d zf9~#A;(u&!ZfvgNzdpz_%Mqiva#rlXwHVD>Bnrtuc6nwr457&hcD3nU;@y}Nx%;^$ z4$meTZssP4{#2Q1ydy#F$)iFNgR(C=g)+l!?b|L^Tp z<3H{1ZLQ)zKFITs{C{!AKW?3`xc z!g`-wBEUfnMc2mfTl=BWVripAMAtLMT)$DYzR*5u@dfS21=B9>>_C07MUo_x7vT>YWC$~tDsHZaRSnCPLs?5OTeVPi9s7cKPfj|vYM9_3;Yh&l9a-ocV zg5dM+#?KI>^cn(8q78v6Z0ZE+yaj&a=0>IIs!BG8lM&x&_92^~Lu|d#` zk;G|SRdBj$iWjM;;cEK>{fxvU+bp5=C_*5*WNUZNF1#acRmd~YLWyHS<50_Czn=^X z^3aSzF}X-4)-cgfj!eYt$7A=R94GU4V>T0{2&DE*?36;zau7D`02LoD>Cn6{##X(L zvtf`8(t{{rG<7O)P@)Lj%Q%Mi37@ahJlVybOy>WmrU!N(R6bZ-ZOYuGTe{n3<= zrFogClf~>Ea07zI;ETrZzyJQ|=f-LfWUGw_~Va%C_+q4we#PO{eM84Ii*d( z1MtJ~#p`(E8oU##pD~r%KTt9ILZXH)#qES7fn;{cA`Yn3w@A&={ve$hy1Y66+)kLDhL1iLqi4}l;W)e0uVK`y6YH4I(RpA3xx`a_GM z3K2Iw&{p8RzJvovd8u44h66Brgg$zH`rvFb2lj=o#4z*GfQc@RKcKbH0mP|iu!vKG z#1S08*-I_ryoCdJCo>v#HH?>V054c_MKdwz;hWcRpd$=mfLHzM9UQ?m9Q1^7pBVb*_&{4S=g8jTthZjWODcm9iHX^ zxeqSskj3l9I+`TcWT-u7T12quh^Inkgr!m(933|Q`|#zP6HT~u_)d@xRnvIFQ|%aXKiE($pQz5~+JAoOJKgxZ2cxz*FO-HK%~50k0p&bD`MWeWySvx~hFx`$JB0aV3YTkUsmB_ELH!6Epxq~w=^-Qp>3r7Is0KTC~?(k_J zOjUOBxt~#76rw!&f%fAl-!WLS$Hq#<@j#Lh)dZYzd74(fYUhV$<*kj3ABdrlv{&=h zwePC=Je6AVOW>kTaRKU8!TDu^Etp45S;H{O-LEftba8U{_N4SWtHvcQN~3R{{Zp`* zp0wMjGlVmq7NeeXvkQ8~=ye^Uh~zh@+neQC%Kh)3yk+I+x;x-0`oHbH-R-LWZ+l~v z|K&lR`R{+xlr1Wo5<>F;Virm8D>jCH4z|wEx^kP`Qk=5T9R3e))!Zi6n)KG)`)Yz* z-W_rQ@Y}yiUg*krYtbuXLqlr!x3g`c0^QzLu9F=uDf%>0=v#);td;oO$y;m!ooQQi z>Xtiw2(3DW>e0D42EB&KcH_c+($82b;ZbNa&4$m3pyxz(!LQfE`A;E)8*};-gPv{N zjyn|csIiGTTcSD4>{i1i>t2O%%2IVig1ut6Z18Wd*mCc#Tgr#s>aG?O%cnPxpT}RJ z3-`wU{=SztormhHb}jd&C^0kp=(rIxpjR~`f6}8_hmLY^v~6xU^7Jf0BW`b-v(%8J zQyG%nR@qAOvw(4;MwAXJnmS%7IvkO%mpO|7J=Mm!K40mun4&~Ty&h3J*L(2o=SKN@ z)vEYWGLkZZyy@9wzcLN4M89uQ^aGUW zNc=iYhI#VDg2=2~ScrvHb1MHU$%RXi|0?{TDg;im|KHlK$bZ`#Tl*{juLpUSWdB)l zuDKr%ui4aB->V({U&+`NVa+n>6{DG)t$lB5l<)Sr1OIpZ<0qyAn8N?JcB=e;Yj?_=5gg_SiA2eSK$^z&;08|=XZBCy5Q;gK7DeoV8~ zAofLw2e-Ln9u3gu&$j6Viuj;j3M$9c@CSlsnhUx3g!VPe4yjLsxaL`0fn;Ahkcb*0 zDg^0J1rv{WZSa2-%^!td557RC{&U{S4Yc-lXd2CdxI)J-W95dPpr4A0;2V1J-Cz-Q zb3f9adOs!V#+Xndiq@WvLEa!*GLD@KrJ`#S8^|T@%FjnSps=bUY#mWtiK#KIPN`~D zEs8P16q;4KLe!l^gKt0}n6X|>$Q2X?>@b9Sr1fF#PoYNb%a<|Ze*=>LkKk#s8gAgz zfJ^M19QJ9|>ZS_&YqRDDdG4_PS1u{W%K_8Qe;eCX|G)jMot6E^gFLgG|MJko6OMl) z9BalEUvK0+^I`A%=8JV)NG2j@cg7Q@bVW8c5O#UfH_kHCt6tJ!sp@xX$F_PFdzQri zZ8*S%`2T4B|NZUF)%ov1o>};RDcE;)4=6>3ECv23$YPO=VZ62b$mWm(nk7nQ_*d9C ztR7DkDcA0>)oKS66S>LNv(FUC)Amiz`pnfZ#J_exOa<=hI)=zy{UGiJVQft2djuVd ztH}Ra`|dLM|K#W&Q{#VZ?`>>W<9}@JujKy+c`6}s^JJj*Y6CNz9nEd+W0F6Xpp>%a z%?C**-kUG@$oI|RCz?A=2%T+vZ_-dXYty>wF?Sjqr?$~_&qW?TZ)vs%V<}<82w_6b z!m{l_UHU&)e?Q6KU_xR-$Iif2;H%*XSYN7jB3#8i08OvTZb5oTk6s*Jy#4U&$;F$~ z*JmZ00rb`~UTiwAz9H_4{egvae)0PM{qKkK*B5W=z=b7~3$6H^4Trxbor2X;M-{08Vz`xTNe!Lyq*>|VM_uJP2i_&78i-` z{iom?ZtvHl_44%Wmy?Uy;jb9Dtic7vF!Yg=Cf{jsE8N^}WVVPIsghe|V|@D`?nVd> z8uLu}q-xH@Zq-ig8XONW@Pr+U4wKzM3p4&3!1n*G28zR?vAOZ{Pn$YE1rw0+YZCy1 zB*Q$E|2hbX$p*p`I|RhsUo@&lcw;&iIhH$I@AO#>9Gd zV0Siu-mD$i(RYGIgN#WOQRrvs@?Vl9{QBJH;5!i!Ne~&EJ-jFxkv?g$gh^I)6eV#y z>N$FL@>UOD?U#$g-<d6L3$|8c&duk08wAx37R!c z^pAX8l!$Yl@it2;4(IyX@j@pTG#SkE0^=;|*79V4r9fDACsfqlqCiZ-iENOTXwS8t zD}RHDf=BRKgAWoOU78Ruv&$|^7F%W$S!NPf78O+{iYfOmfBZcpkK>c)@BVdP{Y2yV z<#e$G%J$Ai`KjsQ1YYTIk)?}P%ayE(t}3~zZWn=;Ej`sAse=$f? zmUe#k{{b-vkx<%)P4zpa&LM3jF#O#FhKd78pwp!uGsWu)GMfvi4JcM~y<$JPC%i8fPWj&GIa)NI^Z2xUodoa8 z=oW)mxW10uLCsbvno_|nYv+7C%`LYK2r0D#@I_^;nEsQ!_jh0pP7K;^i zU8oc3Li7Gbs6*HMc4=f1Da-b>^mz)# zhpvd=m{Fa!zY=!y!o03T=v;KfT}StC#2LLdJMxnK(PwC5PQU2U_{-%pV@72eRo5ix zu5Hx2$lt&Jdu0oob_Y^ld_K?jdKlx}-p5@Q@ob!wUYesN6D?HSkr&Sa1X#wA72==~6z=$b9-e(Q){=FYHM~)T?ne^i} zS25)`cWe;}+8OUHW@_KKo1wqCDoX^N+9i{6WVX&2!C|~_S!0YLyCZPGO`+NFACD>Y zxTFBN?$SJESb;hd@K{%Q?APSqck>U_=N_2biO+~NMY@8i4rZpP>ni33`?52{vngz( zM0ii96gE@(v=-%3^R6y+B+0@u6D-sxSC}WULM5rfS4^m|a59B^Nu)3~iNg2<3Ueh- z7@s(yE@{H}gb5RpB}_?_P)d?8CP6|eIl`F42&JS5^$8J1k|ESuD>z9I>JuPLNq+D> zCq7s`_$)#Gw>)L61JD%te`9}Vuj>D^v%kHP{~zL+p#PZ^=1VXfKC45K5>9`38p7)|83IqSra}q&G=qet zH1xvbHy_?eo>6ZNj(D%fQ~34h4a6)HUf5x>f&Xgsy|DG~tbza97u`-n{bTCJrlg_E zW&BSsyb=+QX~RocDrxpX3zqtZHDV3VM4dDqFJF7=@tJ%5Uz{8szd8wf@$79(^Z(u0 zt@{6N?(ePE|ARbh^_#Ny!~1;i-v~Fty+58f{f#j-%h$P9-XvYP74l>BhUk zcJ;sZztS)K%e#S^yc0LTG3P1Vz{f8>YFho~7r#)p`c40|ea7W^Mg>i!zwYNs6n3#ipu~&=~4FI;upz0U9|W)>iG7g@`T*cH8a!pLcdQ z{aXdf+~_GB64ql9fAwfjL*LnW#dJB`t;!#_cGXACkIu1kEvg-gRom2TY`9w~%E{<; z#_*CF_d1QJD28U~oTltac_-#l^|vfxRvOfq*hX9u2#~DySU+Isw5|}!* z@a%NeLd0pSgP7MUU}DUauR^lgbEBSak>X1J0C@gmsUkKb8D%tP8OmBls8Wkp^Ib)$ z`SPxG_I`-4f_t28VHF(`5q-^X`bYX`a;m@EkGbMX)wo^vdpuS@3k#6-LYu4_GdfufKgy*3aY=`! zzER^gzxa4Rsa|RVd1XW%V-lh_d6dIi6wGA_jqzd%2NuW}nyFV;mI*}<5ene^8bp^5 zk{HL_4za5IPk2rR3L26tSp!auCbmT*qW+d>Ld^saXl0DHp~o>qxROp%rerPlZ+(_S z3dEzP0xnF=)*S1{I_O>Vt(u|5ePX)U&lsF|= zUujHo5;PxOAuA_I3s7Ir;V0IHAs=8Y^%14LSVz&Y;SuuQcVd3BhD9GW!<$mTQ6*T)ZA6DIMqmBlT_L@>y}u@ zuPL=`1bGTD32l}M8N%7?wtBWC%(Jb6m3yGIqBQZ30ruui%tG30YKsW%vwy0#&`tksnl4^r|gkU_SacMAPBFWPFVV0fh#kZlYSUt;r z=GXsF68C7>i^C3={qaekoM(#ucXMmM>i@gFy}R=NeURtNm)wyPe4O`C&$w^XI*ojf zi;H+u$U7QjnUaFFw<MkzxWq*3>tjb={9%T@ziS$9Tz7Yo<|G%Ps%3|fdsO5x`V<_a z(V<4&!(`V}9C#t^j-wqKaon_rA-mt`a0C`TV8SDjWLGFU@)U@|Cp2Rd@m`Onu`@h% zQ-zDc zVQyr3R8em|NM&qo0PMYMd)qeFC^}!OUxA}^PLqs8U3^P)rrq0h+}68}?QJ=kJ-d@v zfk;R~O%W^r+R-F_fBSiGBf*P z9L*r*&H~Q;zii^^cDvpE-CgCcZJ0%@)2Z6 zVjnS{pD59u$s%p6%QOI>C?pJXLKg!t!9E&vI!?zG%ZGJJs>ChsI$dX9P(+an zx#(a{Bh>H^b14qFEb|NU=Rm>(6G8!>p{s54W{m-P3pf4VvVN!R= z42e6x=X9OD-Nxr$exLnW!vB5ZUT*|P1^@5v?C#|Fe{b)R|8L{TGQ`^4&TtOF6dY?! zVp724@DwpV0Bi>Pd;0@~++DBR?|Ux~&}6TVUc7j*-yQGm?!V~ozwA%Eo&A^Yi~U^} z?!I(g4|RLvo$h{j&vjA1>%QEdG^Qv(RI$uvzuVtwcVD#odsn^P!S2h!-hs2X|8jTt z<=?vfLATp{T;t20!u5Xx{Rpv*34qJj|9-F6-OaB5o&87oZ!6D}qNni${4AH44{jjE zVvA?sNu#)IW9pMJ^o8_@K5z<;gB$T1fG0qGam;IngeU;*HaHe9fcy&uH<*%OjskAs z;shwR18~3z2#LoW2~*S=fRA@22pDoH;t2};RV{4+R`UpMd}&4|!6I6Y`amZGfx}D4Jr%=|UjN0vv$f-W4J| zvS7E{;Ai>SUjPqHaDY;%1yDByUGBu0&404C69sL=?Bhve}=p85>fOI5=V85eT0 zB^)pT;=4x>0|DV+4!Jv%1wAx@k*`iRN0%q<^A9e>^j8-KVw~I=45rAFRLwNXfhy8y0Ki-~-|NhE z?Wu7re}WG1Fq6LotvFyD`hGlJjypqVcG&sC?4d%p)e3Zc<&%OWzh~E-=eMO;bt(F8^`uhrqbw$8c z&80+ylyKq_|0G}`a^*=pM@YWR3dESoVgyX>LP~^`o$8Bhfz))l#^I3pZ=sJpHKuYi z;(|Yk;s8$oL;eIXJPnWsv}(tN95DbX5=_h!bmRafQy`1)*JzA<#IH_=ZxO|lMFGkM ziNGxk6Z?L<4KDOc;EK1BDOsyTi+#D8N+huMEjDOK{Lt)Z z;<5Jf(yf3wvP!(ooAa%p?MKK^fv9GRI5A}VSe%@v3YB83P{W~^GT@coC9{-pI88|4 za5@0ZmvGV>@9#{StDq5r;RW%ryI6)zlmekFmS9b)4#3IejPMJJSkg+dw;{$3?Lny^ z$*xk#Pod$ZqKf`Yvvtr0iDETIo!ihV=|RDbT#25C1&4xu$yvfEXB81Kn1;c76CYYC z5c*_#D*2M;qdu8V#frN@bSx&>q9p`c?1>MGgGtsskoy{H0S}F%X$#H z=7Je4K{l5q2B5jy@4m)OizoaMA+}ayP1VBY#vk(yUaP%XWZ4!M;fvecdttTN$2TZI zj9pMNuFG~)bqdyd#N^CN6;u1KlV8+YB3c>k1Y$p;=xRn0n-O2)f1iE%K3?LcvS2)8 zl+cl_F#tR3P=f<3w%u3Ahl?R{N#M!j{riIV)if1U8i3y3I&_7IV&d5prQTH2k}AF~ z6)bWEvrmsz_GL9K*%|}TTZbBPiX;)YJ0<<9nv!(+0oaSVC-m^D%PC!{d_AShZD2uV z5U;qR;@TTqQW<*IT2rM|-D^>0D674yN~u|MS!L*0ab1;Cv-ZNu(6hqIDy1dAwB)BE zskDT&m88+M92!G$8s)1hcS1?@qeMyEJXSU;?Nb1t&k+qEPt=c=%%N3}Rb8HHSJBbu zLKSFd+H&tRP-w$lgUZa2C|pWr!2zka-<=%1M5ywBRDe5uPFmhW>ztPA&B4`ympNQhNQpIzoFbgsYrYy6c`*N+?`x1E2v2+k(6OHVH$>G*x;hjgB%Sxg&a*|i=cW7n0aj)`U;{s2?Vc9Y{_W|18aCM zi8Ru_kp+}F(SBnV=p24{6TlmYeZlSrpx5nYsT9A4$d{fwf<`fyfDgyWn1hK2AY*tc zw+=y-T|=3H(-1lF5ltr6Rs832uvWDqtuUNSggh<#@zDHch;tlF%RrhshDtqEpzD&z z$aDpBSbtw(g#cY8qu%r6m@=d^)P>8ak(DwTnQ+CSP6b~!M5cIKri?QsuhCrol>052 z@U~>?lAI~=VK4L`@fc}embOg$b%4$;*SE#1N6diz_!fBDA#+(FeQDO>LP@#(rz)ru>aFrBb`EU4s z+D>hkaFWl?bu51z-=ILbD;1t*H2}@=kSc5el6bPvtix>`5?&)tv0Imhxh`E!god{w z6<114V4o|s<^ViRM&TK_ouL4bv9Z63GYp-p4N#uVd0J#Vyg13yr!k5Bx;}LzBtB7c zMvYG5rg(WT8HiRliH|a(!1Q2zBwR+IU87Pvk|tAzekip-*{~LCOje*s7d(>ds@;~7 zrVr^friE!Ip3K0h&r+U)mgSq*k`hP@AnrOg3;_Nv;R_Id z=WyElLBLRBWWE5b$V{fQqDeMZSJFk&tt~>-*NFN*6gH**!=R|vj;^(n)Jlr|15)Yb zr*!_3GAV>5PH&vTfF-QMBLM>AMZt<_B~XRrfIh%^=*zY+%iq4EUG2dbxnz!*{60#) zkM#FgA!3i9t^5(Al&pIp(uUzc{FA&B!y6>DDeHif z2}o)}icAepEP=pYskbEfPMzMR3`NXA1VAv<>IpIEM93sF$d%4Q2&O!ipERC(v@(q6 zl$t|zTAR$n%rwja+aO`C5Al2*>W*YZ2fUJ{m1iYlNcqbLcJ-UG(ESQNdSsQh%1*?NSR)fX_B-QUjL%gxpA|fdr zQ<1#72N@KFK6YWvzPMDS?ar_O+-EX~2|9`Vnsf|xahnhu#62j%!IVmMdJQs8Oj$!i zT=_mb1SP@mWL#^1pd|QTWSr~{y6Qc!*TigNy(dN^qx}&P4(m-qRpEcj3Qoo`X8IHqR;GEA8WoGQ-+OhCwG%CwmWlCA&Wb}bD zuE_ir@+yr2<-woV)wC?VUo5O-0S>^+ZX=OnUc+!XZE-PY4nMqt92))fYps}u(wSe( z3U>x6bfs>@XsbQQAqXi65#Vpu z)nH=?4GEPhNHs5IUus*g%JLDLq(Wm57C#1HuiM>Q23LhUUetx26jzf!{!?Sh^MaKW ze}d1X)q2^O%M|RjqcZAwBWYZgH&P+~x^WmqF&Kpa*NnI*^&e^!I$vi{-`CYTuZ>-b zU;|FoW!|4l@ovn0dYPB!QVQ0KXe7G|N+}~rna$P=vZ+6X<`CwkyE3D0p`dimpoe$tyU2}bI*oV5# z3e^YKBPl?(+u$trZ7@gL*y5hCQ|hC)(}+*M5{PJ8sY_3hgtGy!o-}FYK0SF7GEQK5 z@2?~wMdJR&YB_#ADRTXKQsn%lSWQYXopxo-joHc`tIAz-x0{5RRl(HWE0un!u}9{M z#3wcDk6MarCAU-6hJzYSh-;QNA`3ij#$K;4nvtI?n{voY0o|leUJCI2-SUXZC80O& zfkcvh>*y2|!#HuziFyIzL38qaSg+fZ^9Adu&(Mo5YzH{L8N&r2;S*L>6B^0d9 z=z2RTPFD@FCXegA?3eSnA}nh#xPBGotNP6+)GH31Spr|OJ9I+jrnqkcag(e!f%v}rUZx4yRPK*L$Sm#`hcxx)> zauOa$<6MsLffdf>h#yMdoWiJ;$|+TI*)ov{C*2tmQemQIW;Io&DYTo>nAQMUQ$>xlygMeVVsw3t5yyCuKn<2{I8et2^8D?|t7Gub^Ea2^@Ztpg zdi+oD%kky$^XKxN$_sMyAv8@08^3U6aXk~O+@{YJ{n#f z9{oDJI=ngtZ!S+w*NC4+sg;aRN^d1|c(@4PXg9z(&NZefqW<9Vf|alMS$6-6ke%kx z`JIvAUN|c5f7;pE-Ot?rvcJFEd%XW;8_&lE0L^dJNH+(dX|8n=gWlE?fY52jqj17I z{ci7NyZf@E%eQ1@?AaAlS3z}jY@VD$s<;q>M0q77sdqXtLQ`z=su1SBES0_N&b|;& z%~AzHr@;`E{3cmtGohoY;su+wfm?9Tce18-ZN`WR^trm`T`}eIeGa#LtM<3JRD$1r z6;a;^*zaO^1r*s3?ROScitQ)qwC)NpmsHI(DA%Z_*#DaEQr}C6l;33W?Atu4t?c&@ za*k*qiu~7au>J3D`{lc*`p3Wi)&AGNoOjR7`)A)aQ`PU%(3s%68CI9sfdTIHu zzq{A#KFWXFcs_n?n;YYrRb$-*?Yp~%sPV1%c!?Mod=H$r>a?&zxFXPC@T6Al^0Yp8 zcP1Cs$Wu(_C_rGuDNy&fdu~y=qxe{K8M%qs;!zv4}vXz|1#}ni(TwfbcLW+i* z#Muha2jnIx=UpC1Sm-=3f zCUC&rUB_aPtK2AfcQ;t2CWljSch|JxLgdP^IfMEFX1h&A z;0K`j?b8Ahp0%yfF0qZOflY86{(O9PHF|q|IXpQ(OCwoz3Vs4Yazp6@!vF~CMi-ao zN0}ycM8C>Qjhp%M!+#D7i?ao5mW)KEybz(91(Wyn==kjL$J66iH5zOC)R(l*0DW_L zngh6eo~P}x)@-*yYeV%&4O126h1oVTgfA0bO_fSQtjRY#zI=OfbUeyWQbE`y@)2an zk;e7AyMjC#Ub-I{)?f>@)J3nBa)d+R{v4e0a$>qPRnrug+z&Z20TR#pvzf z>B+0Zt7C(ufHf3P{G(rvkA5AFt`2`59UWf2IypN$J-Pa4odsVMj!-eD3c_{@8g%@B zt}YKpN9Siho%}q~4hWaoWgP1a6wqc>@BeaqczX5A=;HkHDg$Y6Z*MQ(FQ>P4Q3fT3xA3;yyt6Kg-R#GmqEqZ@zp=hFMl0f zT^=5toc+84XDx{!T7v81^8D)j==^kaayGnBgS7&_C0DR7$9Z%-9M zHJrMhRFw}htJ(;RfO~a16w=$tPjz^C;Vt~jFkKBd*-x2mqF}vTMu9k@Ij&6dHze*g z;zCL;oUxZDqv83{ug6!Ti^Hp5R#}!+XbRMtQp*Uwy+(@`_*UJ@VHq?kt_9Cf|M8;) zlt>&2(HeBY{<;!9Q=g2X@1PHy!sFn^At4GrKNUJlLoGVCDCT7dNHw#1$}Yd3TI)7) z5pOfj!=F)nsc0xqf}I(HKA)L)GL@cs6=(9xhqlz*@|VZF>82M(uB?NgD40g$$b_k^ z13eulV-)GRIFxlj=OSV>^lZS%IjfBa{YgvZ?mJ zlLaJQGN@cB{O%{4hygwi{NzriRFh&7%8++%Annj7=(rRU`Hv$C7K4tV8REPupm9O# zXAK0`N+>Oa>*I09{$2_sn6Od+=38lHPc)2HG*1<((H>PWKs?BklmO}^1u7ts8$^A$ z=$E!n15A}Gg(=QT9;P{9u|l?DHcTmr!hFMwg0?eZ9aW}$!j>(wRGx@<#VRqgW(8}~ zPVlsCKDO0rFItSDT3*sx6DUQcX7J-op-<8u0lEk@J5A6WHSg|5*;>mNsP#u}+ZanH zk}(!Ce1m;7O@&s|C^%$q7@`BvRl$Np&1M&daEyKF#A&1e=qVH0;pu5pJ6{^wFA3p4 zVIQ#t<7jTe$t3MQ(=Dx}%Bqw!_|c~S)jsv@|Eas=SMmd>u>bGu?Hy$7|NVo5NB_^Q zJjM3^)L5te08*bC;*?%-xJfDaj8$A2)N{u8djP65%NJH(#X4UAz!>R2ezbV#gE|*H zY%8)Z5-WKf6hO{7AH*k#MUlN5LYet{}{CQ}_iCUF50_zN(m2wt-! z-?k32VJi2R$_6GAy{p(i4SGu!xO>{TLde*ym#dAq+p#`9n#dkaWcM4 zPhwF8F4*6ZKk{@_7BIx4@Mjn7+D4XFl{(%&9 zS)L0VqDc&lkqaY+03-8M@=)1$sY_RPfyjgf>Lv<4!wfvtSx;Y`4MkbG=Z46A<}^+w zfGUls0;0ElrW4x9cR0yHDpROJ2B0KfQ(Lc}6Ctym=eXu$+`XnuX@Oe(FF0hJAV#)j z@O}Luw&;wzML|hxkz-m@Z&xNTq&VOc(EKZF|CKc}(7p|7!_NMxY1CzSeRE63_b36G*?dheewv}kfngXAB*8vVag{WKaMj9pXt<$Kw>wUe!Ty{m+#-_9ca^C?}+~pGSh^qAK z<^nI}k5iMsWPEtqMKK>r^=PZ~GD^u5kOHfwI3i~po)Sc{Sd#_5yjH2Oa)|;DQ6Y6I z9V(weo`_@+n8Tsdc*EpvX_dPz4}A&Bp%QcxJOv(hIcUna&BUey`OM+O;WMOODVH?# zfj7ao&qV*#8PB+RDP?pIPcw=F1zqaUvam2MZjlG-_NB3DN|N%e)zXYztRB$^Dl zIO(XQ+(M>}l?c@oCeC6CEK8<{{3QOCR|^)+6j`FzD*x7hw&px4AS+ow-&*g*K}XV; zd^KY}_&ziKCY_#sSg>VPnLnA?+1fIUF^*RyA-Wou?>(O<TCQ46@75Ch8N20{ll>+b&LHrN+8qE-#K|GF#;B4DlIK*GDDiy>!l9twlL(Td)9QU(+x}G4!4;L4^)8G!8GS)roECauD8wF$AxD5PrPaz$bETal zEY-0L&2JDr65A_9p!r`tr?=bgHi2_w8KInCqcPIzALnPxjV4IIN$Y$FOKUC1h(o8i zNP#S0SN~sO|4ARU)T*MyM`Ij#IGEN81FFdX-s^UA`QLZCyN~vtZ9Gek@0L3_4Dnl| z$fRTF$}7(Z#s7vXBk&8Q>+ChIao`Pr);wMkAN{B%N@I>V^dN^~gH3kMoPW4A-5Mq{ za*Y$F(I-1e!r@)RiSpW1Apw&B1$+Qf2*t$KK0PqRKT{HgOPbpNAlKTZjk7YSvPfN! zK4`QpRPs(Y1yd__57qURtMpl561wM0%hzALMf&mC=Ccz2PpR7Kp!_>V>Jd)mH&NjcPG34_q&hle=E=G@*fOCmWX=Ewb$#d?mFVi)_DL6Rc3l- zuE|#3laRZ!Q%#9>C9Dmyto(9cgR)wydq~*V-`gRhMVISq=96+YFT4v~`9r4eI4^N2 z-_4xCL2Mq-eQV7fkhzaNWn!uF>&SX4*hIX@+G{F$ubxG_1cRTND63DEbtlWFrV9XO z71ZmkA{)*!6OKKhl;t&Nx6IgWl5XBFiRCGGB^D1ybdCc#seY!=MHlHDa{b+IQDg~7 z9Qv)%wAH_sdsQl)V^et`ay?a^@gZL{xke&IR#{?)Jb+vZ2Wvvq?RmK#(szNFCvzu= zdD3@-nCGGI2(cTNngWs}lb0er1M=A^)Kd^Rq@J?yA@$rhh)6w!Su4_XmuHixpuZ@y zg!QE?zeK**%F%8j*F+j$QO1cB!pcRIi9bt&&qlS^0bLfLp6{sq{TAuIvJ%?oD=$kS zQA%cwL=x&*X1B?tlc*wXc~XfSsnw|^su1Q9OjtNpU$~oEy4A@ilAh1;sER}sW#e5l z9Yr2TRZ@x+LMt^z0kzAnvM8fFbtbQIr9~d?((5YH)a#zHudK+!%imOy29n%Yk*`~P zYel;L(xv{eTxfZ+j1|aSmX%@!Fy)c-b=qASQD1;C744oyvS!S?dOqGOh&oMbE`&Kt zX>mYxLP(CQtWI4zxVk=lpH*HeB&@JQ3Ua@jCzF)hJVnX5<8MVty3MmRS$Aq7*GdL& zo~k6><&c*o<&GOvnw+~FY+*9)cnT~_%3Th#ED5)HmL%gY2U?VT+dM^C+CTfmsF}8X zotaTTU;AoPqfVmsmFGsy4DBmUjvA@i?crqUBV<{Ab@K#8dDdfinSAT&S@~dI7|)#G zD2TQ;PifS(d5WU1%~KGC9m8E3jcqqH>x8{RYYKp++5A!!XeO^lLU}5`h7D>-o{drx z@>w^`V+Z?tZRy@<2l|^Qo93Xzt*Y?^FvO+*woV420{LYh#c{B=2m}bJ0AMw&3&07u zrI;hBQ2``aibepxMLaYRe%t!U3H>gtlb3I*N0EWbiL zSJ%q3kng0-!Yq~HQZJYEWJocQYsiO;rS+P*Po<1;36LBuEamNTR@ZhUo`860m@?BS z46%K|cGh#G`PCwrLpnu#DEUk6wQr-$4ob;N&siQasf$W+!O2AIs+Le{-lWYU%W$rO zj}sp$S7VE_SufYdYFJqep#}$&FJECg03U12+R{Z_a{;@?O`$NSQ=Pe3;$!-`O}tB= zRqX#E@jT3E6pE=Zj=U+V=Lk^c|JmEk=6~Pa>pj~4xAN4p|Hm=!wkPx9#ff$bV9qa) zfo3SpM4g*n=Yn{z;+gWJoGHz$A3+e>!_e5&*P{2WZ9m-#OUtXV-tf*MD69 z+jwL=u2>eAh%Jer^nIOmK3PGRwhCOv7$9+3k)LVUO*!srGj_#ZJRQJC#3{z z19XD|&Q!=S@sRoz5>NfmEQDE^0rY4%F>hpc$gz4;am#G==)KnA#Ts(lQg!`IDT0`| z*d@{eVct~LMS&L*9Pqem{GzI6DCQXBDB$Yw?)nhVV=%>ESA|&$t`ZW{apJnZ{M`kUwt4nZcac2u%=q5Y0)z1ck}F*nOMX6e&mG zR7ts#CXvr{3-fayh9S$%|7>e5B6LfWH&s1l6Kg6bud4ewX;s|G@vF+Q%`{&Qu=Q@e z5ki5NoUUVBIG9qz7%J&!^ns&59=n_Bg}#gg2UE>x3%F1Wb3NMZdE`n12 z(mEF4Dknt@(XbNzch#WSb&ATb(on&j1GA^SxjZ#3(5Bgc>%KM#{hE33nbynVj1vl{ zsBB!a4N{B-at_^@HO~d8+^5pUCe5`PoHRMT|F0|mtr7rUb^bdz$m{?19`AqL%JV>x z-Cw%=w$VuMl^T1G(C-yHwa(dk#r3~l0C2_n?|1hL;{SFY*Z(%2%|z^Ge6P2?oDGFm zb{H7qkve(FTr&gkNdmmpnBvXIg&a)@ z#fS~c;YkCgLhB?I;#7jR>qu9j$h4S~koaV}ShvlX1S70(CR^5UNvJ_)b%eRq%x-@o z@T}C4iF#p4^H(_b$_&E#)SC`X5MNa`p^;9VG;#?=sXk1_zonUCKJ!vKCU74VN{#ebUt=)(lN^5j=Ek_J$j>G%ou;GrvOZ z&|`a1FONO0=b2R8bTgTBRQa+P<7GkVD@2D&B|>7@RyqZ3+g}d;^kjH-e0E>B8%PK6 zC1nFRKRrD@O67!jeSCF!a#Yw!E9sSt<3nX@3TU`Gd3}8TrZBR9B^s_&l;ChyL$^Wg&3Q`~MvQz?(c@DnTJO_`F#19rp zoK{AC8KJ~JnX(kB>{abPndTyU3*f94CtLTnhs2)ec%At6h!oT~oVMHyxK(mv``D@k zr>uB|^SLnQ_uhuE?R1T@w7G<$dL2_{nycS2g^Yfs+h**FtD55O*Q;NA9Qn2auiU+W&utR>k9te$OR}K8sPj&ov*8jh^-`#uU|J!&zPyFY9 zMBryCAkvBzaw&owrJ|BT8JQz~MWH7?Zf*QmUjHlI{HUJF_@7?R|F5_6c>m*8o;4Qk ze_-IxR}t~E*7&cq{*9e%MG>I#{MXCf|JOfw%>S~LXIW;KHT{0Sn4B(!N3l2yZ^mmb zIY_Cr%O5}Dpv3dhECW%{P?Ar^n;4U80kdq+1s=&Oo(0!A2|k_!{}Z2e`2VU2z^dfG zz5U&+{I|c~d*uJyc-GGB^#H-h+usx_LM6Wb^j?)u#rpTjwBYvtP2d0A%j$pny9bZ! ze=ASM6fVYlgSY?JlpvE?wiO;=p)1hm0PqC-8jX>UIB-c2AeZAC%onA4o+PW6mCP$n z@l}w6<~G*$$mA@aHMVxG^}nJHs8auP(97EYy8TD}?^d3NUH?l}MPCvd*l0eOWevNB zGH7{!)e*1?IL!*{f4$@{HS&LUcXRrm?!jaJr>#7zuK%@j#C*QRZDV79aoNw&j0j zyNY`0TB@dC*0Pp<7vd24IFOE_)3kG&N8D?a^osJ1$FmH2(mHh0vkpiVQ(pJ`}>Ab#{tXBd!VG)6L2*{U^EIL zpN&QUGeFTF5vIrkJBLI8aqP&9`)z`<0r)E2l!z#||a++5a0SkbidC<#;122=E5VCa16 zJb(6>^5;L|sW1P621@$&9*KdLWw$Bl(aoi{ z$xvUO*CtyqpVS7@X(qn1Z8Cd)2w~v0QE>BpCe$h^BMx5Q%TPKa*mhFq)@<9$vgc&! zEJ>a7r%NT%G`UQg;E9xgkq2&PC;$-?QgY$pvR(sg)W>6`E=ZVARh#g*qpEaD>lETH6}r|=epU-a z-OOjp#kQq$vN$rcEJpNxL6ZsAZG>nh*uH@H%o$;7BBr@W@p7v@$E%?(o$z&5?aHB{ z*3^4cNIbw(|NOu1?T>Z*KXUg!_I4lrKeqC$ZU0&8_Qx;%{J(_jKa?}rXXa`Z>tF2L z5AOe!_y6qg?mfnTZ{>M#->zf^ZDlcA=r-ot)zP_UtT!Pg9~Rc%;@FqF%CPMEvClo` z_OsUd-?aZ%FYo`=ef0m>%CjxsuFuE@9@e+Z!n8@>u2g^3y2)$3XNC3uQ2t-ty@R~} z*WP3N-&UTC{4d74G?&>%{J=gRBT%&EQ@AZ{^Pl}HrTXjt;q3o=1@`~P{eL^p=4|^b z?^s)2{+qGwr&?KD`m@>g6GrwQXxq{nrPUpD<I91^Er97%siPib#3!xEf8y)Cv)p@OF3ziRy}k=+62=!Oq~g~ZJ9c&7uRJJ za6Ctj8!=AiL*iZ|X{$^CwhQf-VVoHGKCq44qe{3GGg+v(Wy=VO&8XK(3z>nRep?Gr zFku-W$(vdLv_V(wl|EebGr-i>%*Um0X%rZk0pdZHI`zr^Qc0zN=u)u;e#b-OXqo}Z7Obs4x9!ih=vEzAM5y{wo5*^LLe{6m z%`XPAX?d8|p#N;k8A|g-i)%(RX3oF^`!GeW)U)3R@DF^o|VU zOqFbd@1B3BiXzX>u{{94y)*CM1Po5laKT*eOXGp8V<~2g@2I>DiOukYYom;ZCNT2( zp_hRjM84mcFlB+zq+CY9Av+8f;xxYq(Ez-T7?&>_Q*9mn?Op8Lk#bf&A_3zRO0(tz zDTB*Sy3N%5W5{*MJiMS}BKlGeG>gK}m%)+HPcqqNNEF1# z8L9g}?F2I@8_nE@%#^T~suZ-+h>Sm!?J4#a2jlnmJQF<~hCZvoimG0RQj3oxJ~d z|Iz<*E6?V9yTATz;7^_Cv*f8*|M7vd?UU&g2h+9^q*syxtK`3KH|PIx@R5sEW~iDPd}e-noI z8ZDaO6BzIBqQJGYXJxui-w#cZi|`GihavveT(m4T-Gq86sj#?w8KUHl;zD3nvM*Qx zC>?t8b#SW3=OLa7{vSrZzYfb!Jr(?ar{B-%|9AS2=l`ud^8PQaMmFg&3U0hlrOz&t60MQTi3#-8C%7+qhT@eCtvqm@$SvD?@t``TmhrOnc>K(7hsV zG#6~$;A|)5M&czyyrf3c@cU+p9>=@}^&uI?oPlIsTacjWBE%S+A^|g`IN%e|{3{#$ zl{JgOCj=FLj?jBZ}LVK7kCU9C(ao$!PDQF!20oH3H_e{C;y9)piuTy!gl(w zo`wA=if;9(kpJ#0`pKv2{J*o8(f{=h#H&a7Zwt?Z9_P2G2rM|p*FTzD8O1hoIxmB_ z)&bpWLP0ifu}fT$YZN4y;~S15K5KLFttusW0;FEsN-$6uc!z#CgJ;nk?DXq2PM-&^ zkvIy-%xeXQ0Q7-VcpTg~ELK8Eu}@SpzT3KT1qflOXz#7jTb{jUHJ7aj=c<%6d*m(ZmjVItOq?kkuoV+?_4JV}J zcjWShgFOU0svIT1H=G;h5)XA6J`OmdqZ`G?WZq5}cN$umE<2#p@X3@o>}L8|*;3*9 zzdSyC_4?SEdz-0TX~*72)B2n-PlDg2TgpGsct*(eQ}Lxelb_mHe|rW#fv(ea_Q5Bc zR1YW-rqMVF0HGeDg1fRvdXWklc>y#p09%3W{5c3Ixxt=tOPvtk zC%1wb-$07tSSB`VJO}S{BIWzcTl?CV?6-*e?;DM)nP9jS&Jjnnysj8kB)FPMsH+n&r+-@3T z)Z*UzSEJo#h_@N1qWE{Y{`l_u@BY3Z5j6t&58o}TW4Ac2X~bRea(VTL`f)95Do50p z^^#Ye!bSJ~{d+x$M6*%g+4G2t0f0UufLfpV401Vb7~%k``5qXfuVfnJ`a1_hHft+$$;_Wm zK%FPBGQSCr}u#EzVzr_}~+GFCF#YgHPa4a0(B* zO6nsM!94g3QOyQS>~uWikeFBTjEhkK$N^O$X~5t&soJ#;{}a&N_zApk{t>~2gGp16 zAm*HkQ;*AX0wRVS2}&gg$b{E^0z@Wr62Ly*$%dFu3~`QwsR}O%i3cEKcp6BRbsk_i zFX$akBiT8}@(bty4>S2obc!56aCq?=%!wEI1yrivS8#d+sfPpTD~he=6Y9Q`(8zzrB;ar2Zxo4VRfQR{I1+2wbBD1MlUg z(gN?rDdD}0o_Oy;4&S$AE(1JShzjN!GA4#!y~nORSTJxq!|qI9azw<;c^VR~3~v77 z8PF7Zaq4%d@^>Q-#0esDty^KFXcPppQF={lH~=1Z?m~kUjtV{^(f$Y-%Hd1^mZ9Wun#T1K zPI}}0oypR+a5&8a^zjV}5MvjVj8XL{MGT1_-$`%_w3s;(JofD5v+% zd&Sn$-`~g5v4JBt({aI?P2&-q1VjH7^5H_Ku}Dz$_9U)?GV7uX?R*(IM5(XqqR_%^ zLC^IhlI-_&@rWIOL_F6P)s*zt6>yO0DY`*^W&xi4bS@{W_J&gdRuZUQ^?K1OmaPMq z5X-|4RJ7w2g>LbFSz|}gFr>r1Af{}0NF}4l?_+1gLt5cpYX{3`>`3*I?4Ju=2DqY7 zc?S`%pl=GZrmWO6CSpweRn{*QK@YFaMbg#E*hmKW`g|k?R5n#JnC{IvDnP>bl=>-Ed%vg6ka zjwOZM#MaM>F_K!ZTqyJePa~E8##}HYW<|Pg0M3mkb)K^FXoG@NhxOG=J`Dh92=V)j zBr0c94*4|>hs=Kqee5Y(3p!^gPXPu#`N7^Yjve3$V91{Uu|Wvg8Bs2TaL9#FP9>N0 z^5e%$>bdm!f-geU95gS9Jm|lX8R?pL=8P6sG7WkqWoPL?qoCvw*%^wmXOXM;TjhSI zdTx_vKpUbIRr_hc<5u>Alf(a$_ByG7oNr|zG zs5p3YVykTv*}5)uy5N!M@uHdX6QRI|bQ(`SaV|qtEvH{&M<1Z@Yp6hhJ0cXx6~y!b z&J$;IJdVT}jRe3$Qf+`dAjBR-*^0EUC`y>sqgb(k)>elh9fuAqT&oeHCSS$q>KS^E zfqeo_IG90}QK2$UBbP@M4Zss%lOp~G;O_=Q?}vfOY4ZfQFc2dW60fCCuwrVrWIR<1 zAnrP{G5~*<5Jla;b2#n&AS$aFV7>sXC`#PE6cw^Tx{@xEZcz$DUt{S1kfvI^x6AG5 zayz2j6Yvj6#UXv54gnJFJYrm#CFM&_VZbJY&K0BZNPxh2Q84~3@IKcq9hnJGzcQRfFD<#4IBI7l1#tD_zz#1p#T?cQxp4UN~R9+o(d^yJI zc#ln0X}U-N2@yos@Wh-9Y$kF`g73KCV`|0{bLR(uCd5^|ypU4&400t{1yg|e%1y(; zl*+UJ>P3PW(I zz$;l=n=zTTXa$4=A8~s!nYojNBlm1|a+{%roRE-nD2{OA%YB=>ftIe(>E`&l7IV5( zmDl4=W@G;&A{?%TT-E>Ivi|D$m6PEbh;=IEH86_lHHrN7I(w*Vuh-jZj;Z;&=8mA| z7&uH|IN%M_Rv8?4QsF2UNir|NiWBonsbMT-O4qg_Xe|wRiUYuus^*z;QXpevd%{5? z3>c9DHof;fGg{!y*1RY7TkLCbM>zmYk%^-!YJS&=mzPvLdq$EU?FGLxbNOPv2kSFBw%t<2YOm#vnp;q;a zlXObKG3-d@_62hohSKyX=7=>vBnUteWF!FT)0g_BfiE0zl%UZW{s!RCN0hS`I8--| zVZ>VCNV-k17C7fK(Hmvd|Cx-f1g z3=}NY2Q%X4k*sdTjeYf3wC3h<-`AXLL)^4Iw;c9{4Z7us9>$_uj&E}&-Etfow&|85 z+MrQ4g=AH$ZjlQ_&a7)=*o3XshPS4%wV3Y2+G?ZNycu)}^iA7Am!NteL+BEW8?=Nj z!Ln&n=n_<$w1uY8$OGY#lmN>NqOrwP8{V=~v(`fwg0F2AJ-T>PViH{nu*mlKBDRSx zHMJJQEw_~(6j7Qnlvco8ZYixW!rHJ+p2(0;Yuxs_T{$6?_*&rnZS0e(S{cwJ5#$=6 z?aCzx9?rgM8SC@NAJp(^W7>@6(**3ECufZ8eiMI^b|qatUZpcgHK=U3CJALkX|cIW zeni0yrbJSc1UASxG#Or@%v{MfRuT_dhC+X?jRf3a2q1W`6glrxJ-;j;O&aE6{ye{>n+0`av=rsvTTVxxlVs0M)m~U3P-x@7t%FCRJJu)X?PEHrpsceai9w+ znRAH!`iHkHlHAFy?;JS2ddIc|)&@k~1lXE#ZVbTU3JK6^IiR;w$31EZ#GcmuI77(jE- z>vr#26qQhFUoO@JR{)tzz!SmH1;=KH zx4;DYzRZ0hy-MSNZZZLBN-LXG5x=wC<$hTJPaAkBq)7PyR}isrt#*A}8`g2xNBl4v z@A~*Rr~j^xbHm#3`iM8E8()gF>ImCEsBwZ_1w+yCakrm3KGp(v-!txNND2?VFRH1& zPq1N{OT|E!ke|VJFTpc)M|>RtG=+RcIrO3g*(%a#0sg{V4SM%m5zwmAZTgD+>NeIA zcMB-XNxi-O?&RPlLMf@YY%uG{z$v7EDtRK+vKrdF{@$9ba5cCG^)| zj8(V_`D6b@aT{iwht;9!nMx}=R}^|vB=GJRBA=+NmW9b%*zT{*PJpec%}!`ewAnUL zb#>lJz(VaNx^|x!SO6!$GU&dTc-b6bTH%~lg!EqaMH!!oU0DTF7cIz# zi_}h#Y{oE?!28k+GZpul74)ddRv7yaXuG4_%mk}4w~$Hrscl$l4~&bljAaZIueFYg zJKdZ?$Y{-Dc}eTsFTj);R?RL9e%?=oVV6I~> z%-RTICp+n=K`d~Bdt4(Fik{Un;~4QyC- zB{?yd_rb4kemuTBJH9#|f}_(n!>i*69g_h(2FQ~6StGe$SMJQ%E zW%wx$%vCZ)#i*4Se5j-)Q~EI%_hT;Z$6VZxxwyZWT--&BP|l|`*enM+1=TH-2b=nToEvb*W&aLpj$xI^=wKm#th8jTR>WRBgiEeL!sFI z8f|bykvzzNF@=FUQ^N8biZ#|~D@B#e!Nn2dGC5Y_IxM{cbu>f^j3HAA;FNOUCUJIs zdOO2D0=J@yVU}~kWfq^160aqz%!w4MZ&CKMc*SOte{s=fJ|j%!@p`7HwJs;|p}L$z zu8$jeIf;jENXR;JiL^Cn+G%&jJ{fmZLp$1obTRjxxXFq+YopkN=$^Yq3pQu~@H`v5 znTpsR$V+XXgWrk+vfmW}NLQ@mruQz!Qk2BI5J}2_xg1%sk@Q`o4StN~q3R+nG1_j? zjW&3VsEz`gQ+Z6CVb!H!H1@F@PuFq8xw0b2+8Bg5L_(YqFkleLSR6Jd*QhOL-&1w^ zdZyF~=+<8tP#&mY=32z%df6~>z{c`w0`^s2FIUL_VHmb4g5Df$WCN(;|GNj-`=9pq zb|3G5+RF3f2{;KjC0-<@kVeDSg-Goi@emEbVJM?>rCQ{Ql1LnTW`uC*d>(i}t0>1< z#sM(mM=G5n($Ip7~c>Wp3DQ80sntB!dR zke!w#@tI*_A)u%@|fe(j=?A5<`Hf1AbiSumJ1Zf<)iZBoiK|&=uRh?*ph((#W=I(o-~3 z1pT%?N_aB#Kprd{8@fKVFm(zDIEVrdQSnn=A*lKKSWtx+19%=nR|Zl*-R~_xCKELe zP~f#WX`{ds%oYbmU#;hs?2~{+RE?-UbGa}8e?-{5_7}hZjXiiGZ z^rL8)=#CkJKA#ENWM{ZOiM)28t~A8+(3kU2S?s<_j-P%C`M>lb!6aZpkhwpO<@~?5 zx3izU|9S7=p!dlCxADY7Eo8WMtkN3f4Ifg*lZM~{Xxc3B;spGP7ESqG-NUSo(DH?) zEF6HQ;GV`DA{coB#!>aPM$a2aleT;{r6dXm;Ag4*@XM);s9#3no6FPMjXtYK0&z+$HCSeyVX zW6&pylnE(aXT2_iz90LG#vysB4vVeG#;fu~dQV>JN_NMM3GopO3VQAz`Z_Y{k0k|r zQe>RY#L_o4B>8awr1yZ`q^53@D#vEzcEqA_yx2x~Vs(T4MIEKG{gC#aZKy2WrW;gH zU18%3=1tMev9CpwzP-Fi%2DTYc~W+oF)ZB!@r7$S`j@0ma3Y3iybelQBnh)S7awHB*Z%p=$%{ZRKEx%(x$2ypg6S@p;8nC@UdP=Ke7Urlf5J zi>}|D=jZA=ffSiGXouu`HbXmN)M|-}-B_f zi)7b01iA#cIvoO4X5AJ^|4#wN_WM*E-T3=SZ9tsmR-iq+IN4l_tDV!9?*J(@U)Cm2 zFy}VE57Y?pc-ZZrXeFe$(Oz95k4f*W3tYpU?Ge z1G>)H`PK0tb@hq4#eyO2-U(eEL0>sC>hr#CLQBSXC_5YCP?ms!r(ED8ioguAnW-bb zIvecex;szWr|FB@c?zcVy>^}&IYS?IlPOwLb{`Z1XDigt-y#>S#8;*?A`cXUXA)z}=;n2QOo%diqyUlzB@_U^q{RaLUX zhviebv8~jN)JUYb4Gy)G@Lso26|y|fc9Xf_?=cXsVG^d!)BI7pH%)QgF8mM@ukgK&7ccyl+*SHF zSNguTM4?c8Z>cEdW~*_h$R(l5@l!-@avrGrb{yLKxr)77^k&XgS6jWXw-;~UZ zctGR`;febG{r9P@DjsA3@_Tj45--LS!E0+wME&e)kX7|8zM>JDJe5%yQQ);eQv(0% zjlBO|92Lh11?pq7m7+k5{~bU+Ln(kiiMAC&)DaU3Crs~XbfalP67I5x2 zpUIi2msb}48M^&7uhtbf6hUGp>CVwftmVh#OrsSbmqaePV#1zPz^JOM_>Gukg=l{( zuK3Q8GtpE}IE3O38T8A6IF4hjsd&&yYVN0mF)^(Qw+6i*q@lFrB6uby&o`Zpm}2_4 z)&l4T(FLE$n^Kt8>3A)`2+$#{u~;QnA2U-mnWg|TaEp9Drr(ys68h89SvCE3d5eB~ z^1mjGpHJ-h|4QFdzRd-Yyw+*E+R*pgX8a!)$yc~YQTt%7(QRjv_= z=Hv!>D!9$+k|erY`G%@F@}P@E?wz?+az->&|G*x4O}yAC;u241oPD09GUGgKt0V|* ztS?F0$WqzJO2NL5rqF+Dgr@i;*;I#6(U4Fd|C;6)3Ys4B5l79tWR|+te6S{I5jnQN zo0fVkAdV&d)DvP8iQMiHyMYQsD>ku7V*ko)nPdiUBx<@ftb)BZBgjCMxTZYuYMFYu8AZ6`)!G2Yjdh z^hLM(;#pb2tN0E<=Oo~7p>Jxv>~>#1d)C-~F#czFD)qnOn6{46*Lo`AKX-QenfT9s zw|nrY|J}+{s{gfAy|zMkN~1vL*KK3c;fPWh&)-o=c9pKSSyKgkFCB2qpap~d5i;y5 ze!Jb{r4+_4AZ03&GGV>)Qb|5Tn5t+*77`T+$rqu{>3)+W_LK=&A}US2Nrv9WH!E^) zd*9LBcMd3nMl23c}Uh~N0;P5}7W6x*}O zM2iAXNu4sPS4Ce^=yF8CZ_Yc>!-CN`O)V+jwN`@At_4A?bY1~Nrj%J5hH8mZ03!-R zM1cz#GKqdPL{Z^5xy0|=lwGlu?6ur&>@`w&k z_8^<-T(hRTuu91=$DZe-D!_t5an3OW$`E3g&>{kFXN%E+O^7Agnn|6Ap2;*9Gm|@) zQSj8f)53*VIr;VRjbLPuNFn zUW zD|I@eREg1+axt%TH>HZsLZ++Bh#r7f={x5_$c2Q`OvHD6!u;I3>eus>%YQ{Dk83s` zsVnebsde7bSQqUQc@@nu!#Bt znJj70>C6{xH6z;BY~B{LVon0giQqyGyKx<#xX>TG=)UN7bY6>wNwDE!Bq0`KNz?MV zJL*sRtiJvOlGZs?*W91$>e|T@9Z5s zuK%q(8(;r%LO|t{riz$3GiW@~xzn>(ZMWM%8%P;QqOC@9X6h9FBmfjmBOk_BNfA#6 zK(&E7AHax{kpL|xr*{7hA)gIE2XWWV=%;47EbDc$7#)+$!GjzQz^8^CZLzFznEQnB-b} zb9pM$!XW6SyY?Y^)zE4T1G3F}9>pJVfcePuxAj(~uF-Q)J#E>q3fagOQvZ4W=5qAw zn;(xy@*05A>*K4-lcV8iczpTxwg%Y`-us)8e^}pZW&BuQ|?*ChP@&_A}^g^+KM20te zvz6?yAT5Rw$CIEYyMj45&0&~%9|t3)U+030mVZ`JO6f8>^eFu@i8so;PlAlnAFRlt z40tP?DE%dl9?JB9ju=Y6wcl)W{43XgsW)VO9F_9_epdeP@9aOW|E)Y?cz=aOcoOoyen&zq^6K8GyPLAX*{4okV9}UEL9Z}wPVS9!sN(u;B z!h93|q`qFGMf~*|E!4-)-D7{Qr*i$<-Un;qs9gWu%=+&g96YZ7?L5i&i&d*KeGkBd zkTIlWPInt%;DmXdIA(Cv0R`eIG`xSl`jQ@H+( z(`CWd-#L<3m#xGND%O9m*UjaB*xh+N|8M1iA%3eaUmAd$eglSK{AbtcI=x0J?aFt* z#211|TZIyrO(yE1`2raBkPB%G+|IB&lNOpe{S(IboLt7`yX=6`$&&tc4 zIfau6cEOY=B$PzcSt`}MzLTCQ_zj=}LS(|b`2K(JzEFy_+{`fPsMiCdc9fTFGQ=J5 zU1LTBC}z;5KZ#BoGIfP89kCdaTp$_Fi_n{Z4PM z|Dm_nZ%^Qj0ON$gv~i6Vw}g6Z&}f51&Dv;N_X{-U5Svtzq8OS(><<75+5b%AZWx9> zj9-J(D2)7wfhz>(4fVCKT{rd|*?(l=U+=Rr|5sw+N*lm({@?5E?q}ma`Ul;|`(L*5 zJTd$ZwA(<1=o^)v^4yLT3)M%#M%qBscmg~$j;2Xv_4gD9Q+-v4OhoDS@_YTJeuW zCV{~K7z_rOSCWjNcs@uH6U4QIC5dB$9A@G$w^tfLl2MJJZNmZ5g!g~cHsYkJC^ZzL zDFQ^!XWUCoY6+7?!fnZc)Pyg$o~O&G;qT{&oT*(y5k^1bpK$`t@kfgyRAeL6Z1K2n zt41?=oiPl4j=R3*Il@B_O^bp)gc!h;lqjm5eA4UkifUs9Tf81rp9{644ne`n|EPmz zfY~xl*JQnxZ3ftqU(>7_IUO4Z$4dVyCHWw!(`Zq=38(EdE=_ch8px91x_sNk9H-;^ zAxWnRqDz9^c6H0S2 zp6{QdpLVylc6QZ#M^wopEFzMg8~Gy$0MEHr9+6xf1PA?wj;8^{t&}%cC7i0{G}_Pz zS&SB04rNS$J3DcNBh=v#N6ym%$$28CwYyxZ7~9NTgs~ZJhCeBaFcXHmgqcI56VXx_ zO0+F%lj)f>csT7qYM6neMahAOZNid4MvFms!LRe=PJ1smTF$+DUmv z*P%rtqW+ecuMpGqwlYTBHU+wpX;Y>IHui5P*9_j(DB!}>Yz?Hz2cQ{U%4G}N9vLeEmG>|y&;3jQG<-?{VPqt^@QLQ z2r=JsW^pusEep-^YO|IQ*v8nQ8%6FHmc|tXFB#@B8IR?cNFPqD7%1IEqS zyjoJ96r#;4>=`?GW=&*lPjj1@e7)IL?I17#m_Psz(8$XY+Qy{ka%kh` zV^IQp@6()jE1z%8jq3?he?#|fcNoeUYV47z5W8uB>p?J{(zvwvF?-Fjx@q>2&@pPl zUVZIbyX8G|-~UPz=|D6-=o=&v%Kqf5;3@jQ-5UGfjg|fH!#rQU1okG-uT_$feqTq7 zfZ+Dl`|<_C3(Z$BZU)@m2DKU@1(zx&etYYAQyVdhFR(Ge9=yT!r}>)^ zRWv6)$WI+!XfX*Ci=v+()R8{I5iXUBx)$@Af-a9WP%%Wu#LnioISRE>Zx-m8QPyTW znQ3lIZRY{yRPDuv73Y{l5g(*-{`Lh~sLR^?@=wmFfa$BcRi1;9IuL7`j} z?l3%Z-b3>M5+)?nf3?A#%Wt1d?$qe&4xbkAbzreNf+=Zsogth7qY&IVFvC<#ddej{ z(T6>^+S8|4ZbT!Tx2$n3wR8i6lzr0Ou`b?f@w%%)Auw?QzqatYdhYz(;ryrV^>M?` z#k&^6FqdWXplSA>yZe>+AKRN7o2&S*5Aw`%#3-(u6+3V(Mza=)LNbtDo*4~8XmWyG zZF-k@H|9j{ey)kbvq^@Vxe1~_Rc0D5$t#xSdnTQrVR}l!DxA|4K6x6gdW*&&C+0Er zZM+H1B`Y%Jm^wLEoktw>z%g7k-SIJIr06yjf_@Y4zl>^PUHu;PI~j@TdY=m!=t%GS zxA`y%B)F!m)0KV`{9xO!`L3Y^ebm|bO=!_J&!}1M8Aa^Y^$~gyMU=)g_AmtwZ5u~| zf9ZUqV@bpV7@?4P31akIsi{E>T4+|>#NACdW3>2(ns^+ChGh_+8|4U`Oyq{eI}}5+kK{ec)1KI@Cs?zJUOfuJo-?bB z6|IscP$W48q?iT%+Zib_LN^S(iTvI4X+1VV#tv9g~ND9lHFQUeRpb+5ir+jHWUf z8k07KK+1s+q%|dI@y}?dL^I<}5s_3IE)jUFgnOES5@jB{2wJyACJOVdwqx9B%?6C+ zxS$dO`dJUeo1=@<^S8&R7YF{MFV7F(y!i0u^}CCslOG$;Zhc)uef-$FR6G@e_@jOq z#o#|WKD{ty6sZ+=*4A6c&?k+$9DMZ2EfOT^sZ2Z8dcv_PGcb9dra~lYQZqpyP{R}v zG+o--*!ihkD5IYs_`JLEGXyEUh5(ajL!b(qI)OTGf!{bfJD9pK#%W%0#X}I2p@2=r zL36C4OpeD|aj6MtBf@BgWyXaT-?@oUWSUMe1p|+WtU4BQeP~OK3fc5Qr|>+TF7Y??_t}@(i?4 z;+W7l)NVE|Q5gOf-}u6EXYo*u5yn$^6}z%>*d|sXY@rrI526gbh1D z#fM8eH1CVCRqx|$7-WO=AW9fboeCV3C;~TmuZZe01Z@bsx`C*eY8#t6V}^L}u|)*k z+kxO3Hq2~)G$mwdUMA{fF?$ExfS@t>qVfChzdt%U{P6tU+40Mh#v|KUqvO}3Z8!ny zWop*GaoLO4F}&+U24ErC%YCycOk?ZF+CCR-tB$9k5m+1EzlR?nuv`rO_~Rdn5K~j_ z{I_HOAJAq_X;bh3{BV5nI^MVj?}X}SOr`b@RLs7RsG&=7J0XeS&?D$($b^o5iyk}q z&Kg>5?9g|pbb~?7unNjMzCVTRbsr7E)^c$*k?3$xnaEmV1)!gqgbhs?PFSs48krfa z9rjsS%dr~FajZp;v~6>7wlZ;CXJ6kHv|gFTYfSx*+{HTsvSW-8X2)1hp9f&MyIqOz zaVOI!L!*HH&|;`U#7z&h6?m^N;Q&%zD%XqQ0L&htkDi}CIGfCYeW5Ec%zQLpqD$is zXf1RAaq1Z?;?y8<1P5^TQj0im;Q-#rj7D7z<0Txx3zl5bObmMX<~1DX2m=`4Rlj-% z2XIWUG_*4~m@ZCFk{Y~Xm~hY3Seh%~!vsB2;Q;=NBocciY=!)Vsd9YwCfr;WHf96Y zkj)jD9R5Owr+Gl`gG)MO@w%~&CdoA!YR{P#5iC05sgN0AsT2oCht2;!eEH@?6D}RT z6Qn~`^^-JW{VvTElUi4zy8FTqmZWJ+<6mqoE$SW)WVdFV4$7l6bw{&A>K+Ow-TO4I zHgzBH)HrF)X`ct@FgeeK{iN0CfU;)F&Nk2C^mQBDNu^8 zYM)sxTsTHfO=JMewknk=227DFpP5d>x&*;oE*MADZS3B zaY>8P=$mK%6fCAE?KbKR;f$xnsOQ}5f?hFtU56+l`3>s!W_gx!|NAFzSvk7y4tR?G zZ+mZdyQ=@&-dN>-d5~xR`(HF=i^`^i&^&;cMH2jqjiH}|t@E?4+$Ogarz|vw|HE4~ zx5>38y><7#njn{Vhg<;s_OFr`x-#Bc^vc-KklOw2Y@4V+x3`t+WQR+NK8+OmmZ3Cj zB|dlZ7Mnn4+7_L<osxy zQwZV4oc_e1XB)TU4uw2wY+}xqXbv;G)o{tWS7Ds8R2`9EuNW>H{M#$G+`H?R@?p2S ztHs3f=?&!P@mJ`=y|KT)@8wPBq57&_%e^T|%*;MIZo~}eRn5qs^k~+hqZ}Mn^dN$dw zOv5YD?^_i803|vSzfO~3o;uOBL7pYqe^#7p?#IJxHucr_YDfQ9GIm8+vrKx$XeMWC-UdoY0r zY_WBCKB$+1$}u(kfuNb@LM}d`eGRii>JuTZ zc@|e7+1CyvqK1eHK{`~y#3NoC{2xX0N8#6lFA%E#oVRiVt-T$ZMspyp(DBPyxuGZM zr=lYGhF*L(SVZ02kF=-WPl>uQCX|SxwWni{H;9&uW9LGt=-R{va*4b0^N|iHtf~lG zM-*3LYD}wBs#;ZxVvI0_W|giGbtlo_8xRO)tXC6q1w{cn451!reOUWbs8Rd!Wz6{B zfaL!pcv`H68~8Nf5_>0yeOk4;slxu+tocEnJM90JON#Mwz_jz<#&*^JZ+~lNW&iOY z&n)M^JoNB{Webci(b2SX{uN@FmfxEhnA#ztg zh`T`;8`Jq7L5Jch^1s%;yA1w6Ir_)c_#fMQ8=KYmA6xq?`Ts$lN=V#18K}M5zzkj~x3=c19f4uegH}*F0?=*%VZ^w4_-RbfD_I1GG zWp>p8XM4J}xv@RDr>~Dcym0;;?9JZv6by zrjAd+1f=}h1b`sPFc0Ow4nkt`!HlIHoleK%+=Y5_7Fdl8z8jM|VF8`Y)RD0)+tgdX39*Q%b zs$w-j)Yo@{W=#|QBOezf;+$u^&60}4xxRM1(8&c&2J^hYIE%WqJQ-jq5SHBu6}7i0 z5R-5s8>A)LbFJsf-(aHP5q#F*gM>$yCIrmvvdfaimf1v>nZ%VvMU{zS%Kgh9e-Fvy z_~iM!f8AF<(KvoNT`YmJy|Yn%YI-<7vzgC99&VO0KG##)Vm*I;vvmiSm-m zV+fQ@kH>@-z-%l0e@QPX8MJS1xwT8#HO8?pJsJVd@>k(x-`?S?#nOi8`s?5ak^1+# z%Mz-iJ^k)q4APXPo!|X`K+HiTl=fj${Z6TKNLvXEe>Z`l;y@DUbg9Qo@w$S{<^pO1 ziq%}N*iU+8jmRjqi?vuTh4HeRMs+%mtb_12W1SAB-8Cn^nlhs?j7rl9?~8>~zBhV~ z7R~28J}qA-!TU10#UK{0uOoL*vsH?wRB+4MIUf(XG^e9g^8s+atU*30I=`@vdlW+p zqs~^NWfi@}VntmS>O{KGynhku&^5nZ8ks~2GtIcWIr{Lu&AgLD>nq>?FG2rPgvlJE z1Dc}$-`(1%=KtN_+Sps^e;(qQrvI7W(c5SqP7T3~sBK8UFA6Jx1}#gHjk>`^5k=;~TVD zLJw-juQ6)QF#^h7JWPdEb9pfW3L{J4@QU1W@#9yc}a)UD_+u}_wAg4{?5-5 z&VN&bgiksD?QCvV&VSq68(XXRUk~y);hUb!7zE;J)dYN6!1oz~y)P0lVoH$rSp&R( z??=s%qs2ld{kY9lO!>_nTSS6(#(RsI+BfcI=x?sd5<#bS$)p^atusb&81Gxw7-Pup z2pn)zXg2)EV+uVkDL}5fG*1~;pw0w5)>R(+HTn15`~&s52j+I-Gh$7Vu3)NznJMbJ zin+nQ>vo1q9s^C$H)E_uY0CcHg5H}53LI#iy!MaxQ?JBCsVCNk!^*MHchNl(is zv(nhK^}oAcjsLZ^x3h}>_#n?3oD(T&mZCwHo>zTLX$@EsD><@HqD#`DBJ_+RNeuc( z<{-K>NuZPPmKM@j+F6H;CPcC;ilVafo}{t21}W|6l!{OK8Ev!A>QJPF(;uFO@H$O~ zz*DTLP=Y?qAYmyDz3}+Whc}XE)LVli-s|xcem!~vG0TJ(c9?A7zZ!inZ2dcH;J@}o zx6@Gn*gwTp+9&|ENOU>qLz^X3c+Wy{-S?h_Epq8S3uUkGJ^TOO8vIH!#s>mUk57cB zjzwxUcp-}^Y3Onp|I-VvM8sp-@Di3vntjlMrM_W}Si>_>CymF;*PeQO=3f67Cx^$c zPQqS1dmGdIe>Zlk{=b|1d#m;TAkSL;rtJOjKHvK{!i{k6k0;ibiS;_6=rWqbxaqb? z+@TFqIKZ+2OWQo_A(@lppF$23deBaY48*4a$>>w~;r(I1Uus};N&`iCY-4k38=m)q zCOtq>M#EEWrlc5}ItbVG+B(hJr0--PxoROINisCraRHx$Oy{5vSPU#RUS1$G(r&ZJ z(^>CjH{*kjK66LOKuDS)66(BVprguMeJ?KX;NuL|@cMPrCJO!tiX&4Qdfu~VFL;mk zNryI{J%j(KaX!ODtiLiLN$ukPPtRLhgI9!EwX5gdpyeCfz)6p=1a9D6mcWg713?f3 zp#QT!@co+{S$H|<50Zg^x0LkY2L6Nh#eX?{iFofn;RfIaTh#)nYVa3~Nc48tSIru0 zWBjFKXRC3#@ounP{jdG6^b7y;ZlEUb#0_xFc?vi1@r#d|R=@ehFO;o*(?4yWae1Cm zK~w3k`?(UinGTXf{cUx@e$y}d)W}uKf#f_9{<<$o$8Y+Z;b!=ge|!58ZUE`BZ*Y+u zFur>Ob23vPF2YDMcx_X$sj4J2hWd_-+Zi2aPlF97!Q1iW_KguITn7+QF-u zC%AC*_YO-tp_Xc{S&~3P)vDD05``2|OP*wWkj9X(OTA+4{LGL|EH`F@S*^ zNSHv_@Bb*lCUI;AS%EX=9zt6Jk&MDX(0CN|#RLM$LGvq`Wh~aiq1(s_3*j?iz#owm zTGUpEm9#oUn;%6*j@d|P`3Fk3p9W+YGLFcZF(_<)44WIl4omBB7Wc?EYHhf+Rl8*& zqDz9^c6a??pBI&GJ2gcyrjmxP9rLcp;_#~JtCiOGyN0UVj)e2`|E;#?XiO>IdnrzRCI zHq=}s$mgAKYwAxOam{b~{<>d8U-O&(kv^K7>hJbruDDV)ZrA-DkJZn@0%X0=CacDb zPFBN@GO2%D(xItu)VR$rKHg8NmzqFc8Ii}Bgy>Bk<**h7b6G-TyqLm)1u}+a>eZEH zLeWEn0yw`0(dC0A#xb`;tSbK#o>PH>hU7}tfK#K1ZPAFRza^SbGXVrz8KZ6JaSRcz zq?42>S&RK!pXHDO@u;bQ3sbW-kgg&YQZ7R{OaxztzR?3?3=qi?AFcGYEmyR?EeeA) zqoU7K!LAG?P6^gm8k3v^%|}*l2c9F7*v4;2Bh)-)q+jEpYwN=W1^~!47!aTP7gk5z$gv2&ZjG zXj^J8R-0W+*ex>Cnv%z&1o%Ow70Z=6S#S*7+n$Y7Q$oRr^95H~ckRvA3)>zwcNHv7 zHPY84m3Ga#CD!q4N-Y~fo&roln`J_VaQ6D`Nz(#}x||DIZkxn0)0a$zYqqAS+^R=% zz@$FK6x#DUN#mTo5DA&~pdKB%Iy;*>V#z;Go>J@XQAMXzOL7pblP*dO`CLuv4Thzz z?Z`N+?m(WiV5Fm6*I}f-JOCzT`>}Bh0eIW&66j`QB;G=Lq5(D`7*Ag z=RMRj?%T9ZBj4lVBHk48js{t#q+qRWxiUedn1GKp_04Bp_oG+WMAzssUb57hY19=n zJ22*Zd86-LZRxc&xUl=PRV|!xD-dek3)jaCG^!|x2PlE-Cg89w^~J9Gl8fi~ab3v~ zEgJD26?u$41;=P~s8RPY+4U3$UP!y+Xop4|H|=4_?l(Fdfkh9P@JJ-t6^f2L1)}f? z&Dcb|*Q06d3{Txu;U{Nk12eX#dOSSO{D5}Gd*+COzEY^SSB;{!Bey?o^CaQdY8b6g vmFIo@_z?{Wysj#0=U~cBld84alUC2_Sv{*~@#p^n00960`vE~30B{2USORjq diff --git a/assets/stackstate/stackstate-k8s-agent-1.0.58.tgz b/assets/stackstate/stackstate-k8s-agent-1.0.58.tgz deleted file mode 100644 index 364d17b6074b4fe3acfea7ad8f9cc5072c728398..0000000000000000000000000000000000000000 GIT binary patch literal 0 HcmV?d00001 literal 32976 zcmV*DKy1GsiwG0|00000|0w_~VMtOiV@ORlOnEsqVl!4SWK%V1T2nbTPgYhoO;>Dc zVQyr3R8em|NM&qo0POvJf7>?FC=6f!R-Xco(tVm_B}(#ZqI&}R?@DyzfENlm>B?r!C){mU>y3_j6;sP*UwlN zPEo{r$1_N|w}A8Tzc%so`~CjG-k$t#zuzzZcd&bS_+Nv)!~RaczjM&v`LF(9f3SP_ zU!cDc>@`oqIHdp8zca34VU05PbLd?+4!Cx!3RZzjGF+ zC`6DUjlspYEg0js2Hwq13&wH!=Z=6qXay)nQGg;JBQ|Vx0Sqx@Lonk!{u#jl(bMQR zoe4<2mCW~~jF4F>lqL?tu30(}q1czwY>v=t2Odr;(sFJq0@AbU{ zK@mkh`X4jD&OfE|aZ=aeELnG%oPOk3Az zaZ6|*JA6(e(Oo#2wz`0f8KO6Ej6=*9t*$kwtvSRIhd4r1Rzq`$!yzCs`+u`Sg1&Ts zMp@k@9Flha!0UVa&stx4`hD?diTn?Vf4vbLHS)i|ySH1C|AYMp`M-^)C=eS>msf^7n%N&Q9?B5KZ=X(6eXH4*KK$y@O{v2hVpV!S2Cx z|JlKw5BHw?et`Oe@oxX1zwi5Kr|&;Mn6#!SLR5*&_D+9ix7&Z#-Pyk!><#yx5BCqf z{e$Owd(Z#c-x>D%?T0zO>~YTj8yF^tZA<}NKK~DP5BvS%{NFv?eVG5-cpkZ))+6wf zoMIukffS1+o`FX#ciGl7Bx4u~?Gb(86rMyk;x_<~fcoN@*B*&c1iD>tB3=Ob7m98$ zCD9y3+``2PP+|w*h!YT#fO!(8s51l~KUW}N$ft;BDD>Zrk$@Wv0R-7DQY~2Q*@q$p{l|JZu7GTe2M}TaSTHSB7_1INHtFAS5mhDvO1t>iW#R1fv5;@ z2!4I%M0jk$?smaX@^iQV0h-_lY&%M%MU@j-FgHjNf<5#V+s^N73)cGtw(@EIz@c6U>wZ_tV{VfI2&or z7&8!{I3x=>%#UNj7#@cRC}B1PA&!y{Pg*vZA!y6D?N$qhl7nTR81{vs?rzTvkigb0jfp3_~!1Aw#WJL;@tY4@1dZ>7O1< zI2rj+@XAR>mHG*KAizxi62+J*mhMah5Fl5ObjFsU845twm6(m|VhPVr7$@@) z@vjj-hkPbTJDuda1~B;<#NvBE5Cak6U=F!IlLZ4bfk~+LQ^yyl-LnojHgy9)D0m_2 z(+*%s9ES@4fx>FTRYP5*MsjMyHvCK&Kc~cZwg58_!X)x%VpJ)a0|?>}`bh8sMW7dp zikN{pNg^@w0iH|{MG+4d9sSjZk>C!02BRqoBvmtwa;S>5S^zNLFZVk0eVZXmLoaB> z5#ulnQzn%gQ{*QU^M&Y5^no9fXo9B+Rb?#cm#-UvvlvCA8J=i4i;8>#<9V4#7|&~o zOiP2K^H*R_f+R!*9CF7EK!o@$q1Trb`qmuHu;st6fLK=qT-97kL`(@MJ_%1F79(Ho z|4W3F%d9|*sVqjo)OJ!Lbo*Ri6bt0oE$7QTfc4%C>+C6EiLD2f9-0Stu`!0Y8fh<_WSF1lcvJzCQZot z-E_Ebb(2`T5o1T2VK5uos(hyFRV4=WXC;oSBr0RN{zjNCPwHyCSJQKY{yO~U zBxofzY|wZ6s`G61UCX?j#IyEMMf$UPdd8S7ma#1gVt;@PIkw5BNJg7&lFV#b&I5^6 zsNqm7oZyAtD-bKS3x5-<>w^C{$d$6Q3}MeScWyLIs~Va z*My%_#IjbprNmN_a{N=LRYIdtW(;GLThImBp;n5zq}JEcgQ6R$j|2f0dKwHX>^Nro zsfb9yv<%*x)L>MDFeKBLQajVyWJsn{p?BOMIu=Z}=ztrcoQe-hkCO`QP-^$60|GQo zrX7Hz3F&}aNTUuwloHwjKE)jSFziS*iA*MjoJV5wC-$cd@s8-45R9RJEfv|Bwp|ES zEKi`}0`vD!H0<>Ck7uoxnH6esvux#A<-O?|FBwoHOBPHDW{xL zX>TVd(JA^pL2RwYnySv`rXN?)s#ZW&Y_SWUTXhQY4T=zB=ah__irrit$9zwiy|tsreBZ8Wckrck_A^{guG zP_nZrqBL%v9`q<1d<0;~5se_vj(#kiLm&Ipb$PB`uC33xD$p&o<<5Jc*oM0Xm4z)) zyp&AG25E56pBz3%sCI+oz@6VGE$^Xqc1z88aJB77MF*|2Ey>}3*qxNR^t=OJ5*YjdLm2spcED>ApmRc%fDn+ZvXvMuXKHnn zpZ#g5*F}}Z%<{d?d|Jw2LyNMJ?BEL+O%XGlb$Y%Bj!$1)02qekR-L9$1pQgAO+^ws z@FSu55?uF`>2eZNYOL{36PGse11 z|6C5%s^&TygOiESr)57Lncoa?j-zQ6NK?m9saXa3K1qyD=ip)eeT5kUbd`d6FOXx( zkUFPxPNP;)%VcE2m4uR(azkWJwiU{FQ}PPUo8KU&PE>Z;4TJFe7OQcK7%;t4T1q^4nHy%o@72oR8T7F32l-~N4aZ+Vt^xacrZr%7NJP(UI9%a*3nK-V6T5I z#XqLx63u05o2I>*Ou-@8dDe`MNI8?R#+0NL>S-}W zhhW#q76od|POuRrrf>}vy4Vox?zCFI(gIT9;*&7Ud+XRGyzH}go$4PaHz-oBqR!o{ z2B0M#QiUx*5>FADwYhCV!Yjln_M6f$*QKk8(C}8I;!>Fj?0u!S9Dv8!C_DkTGZXv)<&QFW*B<8 zonpgu?Uoy9u}e;9q`b?ms6ERzB6ipu%pg+^(M0I)g25T5iO&<7YMqZB0ht!)01GO2`RuD_hZh-IQ9AQ1xN zg=0o^GN?jxKp)^d4rN=I73UQUQ}(H_Rd`l>3Wt56B=3TtYy4bqV|hCXUS{Oh!^AtkGR z2O3h>+a@%q7=TwW&KBjg`Wi-N3SlznXUI zP(Cvj%tZFBjXJf0HNl>mK~n;<>UW_bU053tk(ExV$X?xn42t3q`>Ihv8?6tNME{eFv(-UY zy#w}!m~E_g#AtN1-xI=NGbU6O{+F!a6;4GJ7)?*hL5w@9N12H#bt4((qsn+%{j zD;7Cc(T#H$$1-3?sPxvBT-E^;K}I5wSLxL!4Q=6p;|#7oi5h~V5K+!L;K=9r26K#9 z2OP_wMAiXke1<49W1rSel|N%qS>7sB${HtQ50ufB=C{ySX%eY8rn0T3W7+*uWu*vk z2%h&_nI7{B#>;6-i+OYS;RWQ-*r$y*K9nI%f-C$Pq|leP5o4_mAcr8PBu11kr3q5;rR+<6)~hlsrAJb+ zIS>{T#9#N?$gV>JeN{%Cr4?w zH|J7(8*quP^4eUA_m0lbPVdYj!lj-YuK22YM~)nVrjfaBRCPhRE+6g!0eAPtI?jzf1j6Q;*DNnNMobAGH$KN^YmB4TlYykk+hjL=kw} zjQzomj!iCr-;_gM4(KL*@^XOh?v_VPMjgFys~k_ox1LVKGfI=DovIfgO`Il>89#Fp zNeE0p5IYCEa+)h8B-70A?h#1;T)I`cekOCFNXPYT%kA2(*btlQ4{42hr6IQ)$}nwu zD-=^Q=MaY#h*sM3?0ARXpaRf6>~(5nT}Hv$f^M*zlXUeE8_KxB^POrL=fbjvfZM5~ zd{w{sV$O=f6!@Cmp))EsC4Do9n-skn)cbRX&Two_acbfSt#U?L^4NN@R3g(PQg%|K zo~eoeM{;e5q2L#pYf|V~C=fK1@g>hq>(tF`xRiOyM|OK9(C zfG)w?n*G_rd@ttbO8EC{eXc~iE#q?~0rz8ju0(ggrsqnu_hfmt@hvqxYlTGXBTenj zxs|Tjw$X`bO{=qo{+^7^)fn#C=3I?EnQIa71h zG?8g{{TUKkVPYn)T(UnX76m=aNhn=yf(yjaZvpoB83Y@DsN*`MvThOj@49f z$F2IRO#{DaKRg-#t0=YJG8`Zu%1o#q7OnEN2}_!8ImR_t%>_6*KLx*>{1g0qa&hwXsr>UAE%c5|?2wIDm_=6V z2Bg5t=v6f*4cpsytEn$C=AeR*U*7z1a`F1)@?->#U%nY#o?L*}N3Tu{O|PxHJuHVp zBL=bnK(%U^3oW$uM(y$S?QYfN!GzB)$+fyy=A4onu^)zj%U7J}0R#;B2^BlW`8oes`#i-krN!aS6vikDs57h)PPgWl}rE?=j>Y(MS~ezrVunzx&g64qbQ2usCR`gQ{AXMi4l^*JA({7oIOiCX0GcE5BvPey#Wp-29h4?_A``dMHZf z%OR_<3ugmOi8LT%St%W=v8;#+;;3wd^ZjSX+w!~Oo6k)qYJSGG#Q#4(Tmf47IQ2h{ z=5Yu)V!f-JpMJL-58mXG&^rBZa5%{8e>;2ogZ_j5w~goH$F8|CvRyaUZP5Mvxg~0R zD?VNz28Q1Q@2%P`tPnB>G#ET-RJ%I0%;(Q0AJdhu(!5BcxPXnKKzzm#=2zw8mF7t+?eBK=!T?1S{$|1ChOK0>cg&PGMLto50A$`=&tbw@sj=p|U9i z^QKAde9fk{viRV%YWk{C%XQd$)@b#@RkvG+YR&hxnBYE%I2H4dnvc@zPNmwR-^>Wb z|0WTKVN8PT+9PYC2AI(#7VySNFg3)8@gNjVkv!E)!Id&{*v-7NJQA?jHIA=BXsBV(yyH-x< zDql0u{`e8#$PbeM*+#!?CMc(^3w^gk8+hRJ=bj}ZSGm>h^XK6zH94Gu&!5}&J?+K; zti1{x%i&CcL*{;dGqR)0(bduU>D4bM|J0))Evr9LVqJ=;7WrS$;sQZ9kez z-BlM_^{kQC07cWZym-Bi4Owi(X8?-(wy;8$eN4YcOLxJ#R z%B!hTONhmMqmzrbr^hE(WhNDbU7!#_hCF$|`}wmYmqRs@qc@j7UtOO4a`O5M%9@nm zgwMM2sMx)EDL2C1AC$x^U3iqqpQoKpRSIN zE?%6zK6-h2`OhX3-sKWs!&8pX5l4eg{`cj@(be(U>mN^ly3&W>7sY9u+6)xXc3toP zd~)>i^5?7bvy00Dr2YN<{c^v&JUM!Ca&dL?^5pokBmvvfl_Ov2<=IbHFHhc{l&5tv&*yNvzJ$= zuSe%pu6keY62!-6uP={IU!Pp4d3$yG`ts!B z?NRk;H_QIN9OG-#o$3|>qu^e? z90~31^v5Q$T%h?S8KV&K%a^0Kh~h~}mgg{CjyBm(g=NAqUoMhJY|%VlCYl=&{~B?j zB|ACx;`C~CcKpl9<<| zj*Msx+OfW_M9(xNV;Fkq1E=sLy75SiqAyQ{&J@syjxDNr1p;!-tY_KfcO+}uMk(rQ z#(De`N-wsIF7Q?Jr&a^>)fhD-kPxGUXsXY|B62wVXj8b={iVjbxD zSPf%HFU3Nv1G*HIp`jOp9@c?f2)s!7YYk?r2n~`@T!BT~X1BV)qPz23g9xI#Fx=AU zpgVG0T_Dh%SZ;Z+PnqY$P^V|y8kR~V`E0Or(8`3Yyc#siYN_?!~u;3|lqLa=8l98LQOHh7~NPo#1KL zeC(>(?wX9TnqKm>CQ^n);w0u&9pCl#(h7;JREhe*6|OA+}l6o{^{)1$*Y&AuTC$UL1$#bRU)95c#gR@ zC9lw2{#@3cpD!=ZuSS0)y!#>le?)>L)w_nKrcDTQD@NoXKjpyUX-cxXc=R?2{mwEsBB1YfOMYs4f zGz3q3l7)LuTPGi4lOHj%Qaj3IY+g&3%TAM=%8ycfx>-?Wy*ZXJq?It0c5sf)jDY(j zCROBvgI)O(&qv8*f)%LOb~mXPGc%8c)aol*DUloAq<1WOmCE*L+O7*OaL&(5U}~giI5}$hHi> zZ$88pooTlyD0wS#N^9=z$^^y~M|=X>e_`Ffuyz63w^3u5n(3;3=a|tNWigR%5M^R3 z4_Pi@t12Z^IW!$@S*2asHoNQ9@3$JYwXXkFuIuZ}G%}y3>4_T>tO_fLFpjMpK^`W( zh8rns6E#EO++(wz?1%hkn;>9olL4HkK)*LrW2MPWCf~J#oE+b3PTyn z97b@8g6?>cr)i{9ZMz31ceSPpwM*u9@{h*srK)z7YRTFHpLyA1`UXI&(;rI?1mAj> zT9NR6fDFlvSzDKv4kYa-a^J~jaA*HO(3bB9)eI{I=$ng|V3I`YdcbD17mZDdhXId6 z*I`UT)lS$oDh>L{+;5X==4sbC!S^X|?k^~y+W(ElqnzPLMS-VICl zH5=)JEO*5{c0hK?TWtqyq)`IjI*n>N-`5+=W!F?~jHM-zyAG(5E*FR=RHXnnmq;mp zoQCqH;KS2(#e68!qixbF7$tK+9H*LMi(GJc$`GY$O%eF=T9wMm1&RVhh1RKTsC))_ zrjkKmHius84U;!^)vmTY4kaj$O3-ca7zEhope^6FvojsYXC5aWpCR>1xul^FybZp6 zBKoh{n3V8!^QM2X!#QPX`c>emhFZp0X&4ntg!YGqk{;;vmb z4b-tAy+qpPJmKb!ZzwJC(laCx^WfSOI>%G|MNcys`X3U4* z7slVD)6*}jWrRM?aF+8@?>s|6H)Tb+qd#RJ4k3;Jq!cd1R$VbW>j0n3W61G1MCvdB zip?hGVyCM19!%}|Gq%n(^?R{%7Ce)C`*>9ekQV^<0O?;(p5&&j;ZoOM?w+dbqU|(E zZu6EjtEw4_ZdR0878|D9;BAgj0sWoE>+aN+C1FYi$gjbVBf`OBG>`crhe4BDWRhWV z`q@N%0!f5_&s*EYZmjaK&MoD|)=XxLyqzIFL+T2nY`>S!xvS0j=9XK`tP3_ha5@2u zbO2RC`#Vk(^qpFn^s9*QnGnm5)vcYFDUm%woa?}apUtRR|nTrUe>!X;pFNo>f*f817o4~Pz*T&gej|5na!1Tj<8(EGBm$I z^jIvf6oK~t9e9JiZodt@W9tyg`z0A8ZT|6o!rWMb1f0Chhp@cWa*R0i+(jI^d{g^> z&G}D$tEFZYB_SH)D8SLQSr|}F{`Wz@U&{Z!+uwUQ|JlZ~WczNpgTolVHHJ(&hQ7RZ zi%|S;s4@aSQ?|}Q>l#PF5NONe1qsm)icwl~#9;tA6bo#&a+dtVEp}^}%*YLPn8u#$ zWeJD(j3g>sQ-uahA{6l<$RQMrt$li6jDMmeiI+6D1wg5_OB-ipP-Tg_q>jBr6j$l9$Ru>eCG$p39T zmY%k34QOcIwbzMkHIU_A!T1lc2q^l>-d8m(2aTPjhTxNEizjb&v?yJ6jC_CNzsmg2 zuGv^k0MzAw-{0FU&i{k{!~EaMv%3BVm% z{_LfuM7t6;23b{pxvxQ0t<^mw>?_#qkWtqK?^^ieT+N;LaVvkw+&$YBF6DcLJvc~@ z2Xxijy2o(eV*&x+?YHNDsDM7sh*m}8XHS!G>j*%Z3~U}izH-g2Gc zEIY!n8A_eJmd-5;=Qde4A5_HhRJ#(3ha)=2kz}f$DD=^JK8M`SUf&g20y2kwYcy^1 zujO8qi|5!>9*9y;RcCxC7tOAb$dOf**r5!dl)}Mch^9R+=R^K35c3r71TjzkZV>a_ z_Z=a2<8mw@NiumU@*GgkPN5!0;E;N%!iUsz*B~PGII~vd>8{QuQA58gvxN1fD!)Xz z*Q(KOBG*J7pDW`;4q@#iD#V}V!55?2n}DtgP%n2>`F@LhUs(z5%axaY)R-d?=n!5GLC$gR|$*7t{6jkHhFdao1M_p2i z96~EKg@f8oX-&&EczjUhK zuM}FIEMo;Smu00`0ZeryeUo2%iVcPa}IHP&K_SIOU zNuu_Zd81*5_7$04 zioQ0FBMLi(yEGcxZfMa7dxh3GfaS&fQWIz)uSQ0BF29BiYDu1rN)pOhH_T%P`v+a= z-e?E433J5fbJSPJbM``J$bQO+hS-lm{^ITnBkypXd-OKVTq`bOTo`rHJ6((k- z4wrkmq$gvFiJU_rWGrvjEPbjJj7xx&Xkj^Tm)A|tj>Hp@0F83TGzvp{zF<4+dGh$x zBA7!uMSLXXOXIn3qbv?e#Y``qJQPwFRpNq^iC9%FrPRF1AB!x*xe7i`LZn=cEy-rR zTpOzqWhsOP5=_2)f$0!@Y{0dZlepmo_Kll@GpAD%Uaasj{nAIgOP^KF|6>van9(E_ ztT0Z3DQe~jQ0M$`6uL+C@Ktv~(`NjBj{wF`H$bYS-L8YcO_W`T*|J>Ox$p78F-G}^7TX|OZ|4LoI3O?$89`~=J7iP61 zRDMEOPD=`D$&0C>chnZgzi$5Lvxj5>K&yCw*3AFi!-JjT{NEYuJk0-XJTe|vOp6P| zmPAm7q0Ty=&7ce01h#&FkXvr7c$%{X0g-brph<{w!8`i4O&P(HGXi!2x}mQCBk-JjOVRxZ1q?A;j|(jQi`VFe|~;LSi~jT-Vos*3~lX@_Rx!Oe^Q# zmXa|eI@atpm5Ft`GXI49aVz!=X2(WohA4n&P9i2K%-*H$+svj&IRfWO%9%7tLZ(|- z=6x8)ti=Dt)>=g9mS%72ddeo&RL)-2_jA^&w3E|UwPRaoz8qld-FhR0q9EH{r?_x5 zrHC<9(a-1uN0Hoix77=M83~T2TF^SAPzrNB+H5}ZDT#g~V~aQBUrt)b0$eRqq!5iL z(SO$sie1N5ewBs_=^U9g?ajqY(*k`o`)}RXCZS)u48G8MS)6e~;S^PkOR+&p&_K?i zKePB;fGT~eY;4wCtHD{5^Xvb*`rj%6;C1`I!^5)uZ~x)`$E`f~6xsc?>u(#4^j@j4 zcL@Dnu~VDutyi4?>jePU%>SMKfg}EJ_hJ5T*xtl^SSgUsp(bE}!%{!HOnsUtJOPbkXuVJ`kHFBHp}m+~=z2f&q!XoX}~4&Rjq>9PKZ z!RQaq)}NKu|1}c;)WrYq@9Y%U|K0x1gZ+0a&n6@Lzpxfyj@8|P?zYI(C60xHtq|Su z*xeC(_GQoA^G8;8+y6s?_wPSs-x+WCCy&{;8ENgH{pD)g`p%~fp)~bAT{)oWizg$f z3W42NB7)NJFUdquF1u8>=Vvd^eyUB4P)~$5 z-_=vmBr(CV(Yy!YP`z>-zj{%bexVANo=`d*=$z07LvzpB0BY=mX|RenhaX-*4oCRk zOZiBMuvbUtSFeu#_tlG|%cIfh|EbFg(j4!yR00oq4*sZl4jv+j?=6xzZ;bjnLWx5% zWjR#EtJ*^{Ek*V^;H(xW+w``F>^#p4dg<*EIjCtkZS^tWR>@7z$5tgccZ%oaXJ^ds zoe#pc(>3a(%_kH!>zJyex#k_?6!a_IHe**@^(gLcz53P1k#8#i+wSLkkHEH(Z6yTT zM!3Bg>`LM9h`e5bft``m%}i?iL|U;z zK1GnDTvSplBXh*BBo4&Kt&RW6^M9qAAJtPE|1&80{|$B@?tk3Mv&O{z4-EYILqzAh;7n)x4+spIzlP2c}KDB6E^_6{HB|5l#DQMefI z4c`9WP=n04Y%4OrLg%pO0PqO>l8jM^IPggnA)n(L%omk*o-C`EmCP$m@#V-tbDLUw zWO9}-8e6;8{9n-qRBQh^92C$0`a2Ky->p3NJO7uOioPZ>u+e-l%NlkEW6<*cYNB8{ zB+Ux*f4$@{4f22X_e%Dk{^3LZr>#7z&i}P@#C*BQZD@-rnRAFk$-gGChgh;v>bN%J zJiZEL(#I=h272Cq*4H1WH1_i!`z`s&4>7WwYP%qzDtii#LsvLeLPHf>DTwS{KV$y` z#`x+QEx!NuqZPturI7i+5shGYRg6#;4dCobFU?m`F($S_D33OIF`V-)o8S;BXgxlU zd+GPgS5w)ma(QI{V2jAVQrC42!Jw~P%9u}KjC9E~L)~v=tm%zO(6#)}Y**1BUrW^# z!dlkS?_wOI5J%EcbeeZ=3y6P>ie79!#nu~&WT(0iL3!jkG`^I!Z@AR|T*Cpn;Oa`u zh%2idF$rW_t%ADyBm~)*e1Q!kPjIjlxBY#?sMCPu=C$}A#imSLq5B@0+<1c zeort(0T?gjO;l!9>se^?i6Vb4^*(*kn-n0 z;%Tn`rFnWct^XbD9F*)ogTcf3|5lz=^}j-nAjuP>#`o^5ykpt2s%Q=g@8+ACYo)vN z7s~~d4Y2Yw8s*Xf<=_43k^*IozxVV&B_8;*=LX99_6~`GmSwkb^yubN+Z3p;&TCUF zSWapK>9i1E*)^FxKg2K!x+uE&z7T4al@S}S?`0^RQEYp;eQUApRoQcjbXKI!`O~G6 zX`5UoZSY8Hz$gH>GZcY@2`$;VxopNW@5B?updA8--^##Si{rYxUm^SI#mFurYH+il1tT6xY%m1ste^~ba+JA`u+saeW z|HXJ$<}%xeAJ~@@1d6tD3b&6x4Xgf{gqd( zEsKE7obTsa=`Q`n&i6B6_8)k@UzFtcc)nlafj|5Cey(q|>EDBQJMjNvH|FH8b2J51 z&p2;yw5nAoOQuU=N_@nYT~twlTvu#FM6Q8B#Eb`k-n9IPDdYdZeD*V8{53KxI#Yk$ z5_+9Gj+EyOY?C{d1-6!Z?|ah<}abd1VH$>pa7Z)8xo^fo=32Rl=v3$wKayEh8j7O1)N=$O8QQ+eUz* z2`d1}-ZTQB4|T;_8N$U*0hsz)__!1zBnwo z0ci@+41Zw#bV5(RHb=r1tS6fp_5w6crUj5}!Mf^m*Z$myZq3V$?BG`$`tJlvs*hI7#ePfKweUO z>8+o9n(zN(62OEL=ED%t4c`CT-#HwV&i@YgAN>Ef@`(L^97jiCNN!P(caierq(WSq?$2iDOFYNi?9S#m z!t-SA`EgQIOXp}#=;Cf*6^uOOIsCBUHoy<}(gqFI)dn$Il!PG)(nPmI@N3(TlXeHR zRgLyLX9Y#Z5L}?&6T~<>iUNgp2{Yt&fA_=>xvlBO*}@6^p1C8BbJI-XguX>yQPw(J zzNj~^NPvc*EktVju6d=Jum8;V*U0_-Uk%p(-NT*2`rkj;KYUpKxA9c2{bIOnA3!l< ze4kAM^jQuznxr!T;SP!N!*;7k?( zLh%$wAV6HDAo+ndMUfVFBm?PKAchlfHfcM;u;Tq@2r?pcZ}SCLH5L$OEV% zrkyQGO9sbApyx_f&}hMY9!lo{S;x{@Ozeof4Ux_8 zglnga08L;L@}r;tJ4(W^HDSsFL6dTkL`Uo>S_t)M5u+h^l`t+}wx-%U>eqLvb7wAC z<(Nc_Qz+e1vB$XRR| z(h_+KVp}!%Dp6{xN_k;kQuR`SYfFmNn-JZgP`v85bNt7U?~{3aPRT^{r5tFM#BnH- zBfv1rWM3dr5FiFd$kAjvI~sYoncegy?0Rb{~7G>?>wyk+jusR z|NCn{^j~teVR(9D-u$TnLdsG1cEcq67E6n+jVA#8URSpLlEB~x7{bU$w5>bRdNqT*iTiH)4G1jxe&Vl-KXOZVoQQSw)q5GyG8N<+{$Vd1F(W4mug0!tzo^lf!=l$BrBCta&n+wPCN0(h-})2@VT@tO zs?eS%VR&p6(@{AEbT5dX%!ODtIJ;T7EAf&cUQwfMEZk$@Rf9PtTg|Ah_z!rE@|8A0yPDV9|3Hz!<>)6P?sR#w)Dv?6G0erel|ovyJj z;S=v4uau}w@Ys_IqD^>Kwl1znO4g*M2wV$haph0F-Yu8YuX88yMv-L%%|ombm*g5n8Rqnc!-UVeTzsp$5+noCtZfw-D2#%m zFrLBJ$sFwNG-;gP4_qU$6_A-%9h(63fm3)A-FPfDLP@nxR5Ni~x^fN5FFo15!pAB9 zy%`GUcp4FkHi4t={O6!w@c$p|?>^lBzn$k1IES1g8Zp2LP-CtVCXW*w1~{6682Z<6 zikR1W1TJTo0hYwdzmCmN7y>a(RSZ3jrX6{q4#zi02JKkyVHC6;fe20IK?-;rQ#8RJ zP@oQF{(nzAa2ACNKq6UFkOX2xL5L&dwY(Rjs}Uy@wH|?EGM|$OygeR)08`fTrkMBS zzl!{pH~u&6$$!m@*|aDAF@Lg~sFwj6L;pI7<&{UQ_0(gxaqFo!hS#m99-qgpr~lo0 z1l~f5Ny5PCixbxJVoH8PK5uzAK(MFEQSw{MyJ0>FP_Gr@h$DJ+qvV*(+wJ3COB>T= z2lQGYnG%oPOuwjDa?byYlcN`}PP}=r863;!|NdcruQ>nr_6{G;f4A~H0xk|{wSGq7 z9QZRxxpdCsGXzGW;7Ak%>e#f^I!-7RI+!YWqZCPi8F)YN`riJt_pR2`r$3W9is2Lu zpFRbDn{ghqVXrsEe3pzopUis_?pw?_>{+x(I{w~jJ$fX4<1v-KimcW81TM1V{GY&U zb)T75V!@}@r>^yU%KbT7`Vb~Sef$~00MXOvH|du04>X<;a{X9*>CWV* zF4o_kfKQ@tJ2P{Yeo<5x? zj6Zz}VoGjspxja?Bn-)|5XLusa`;toezVOz*_O19Wq2c>h>vARpE`@W% z5v{H(MimLEW)kY_1_+`Ai8}RwVhzPB=g`0QL>HKrqB$UuEbWu|97chZ?&6(fH@Ohx zo2$zWTdnu+-^=BuB}Ogny??d3U50p6-)pJg|_wV0pCKAm?QDE~C7Xtu8MgX-w^BLrlZ5ZMJs>=)H zgmsN$s^`D=!07~F2{Izwuv*YbLEPdn1Y-oIC_)r+6iA>8l61g0;c}3yg8oeE@d)}e z!0{Xb7=a|7QWzkCB1UvV=o|%};x;q*0_4-DqD@bq+Uz9x0LmuG-37QMNf>}J`h&1R zslQ7wWV5!yONM_w0kz+}T*N|LzEBo?`HT4!OAqu^c$TGRHz!nEpMW!0i`ah=5`s_Q zy>!%n4?ck-At?gvE3J=Agz(@qM70<&c~er3LxQhTj!RJh$N^R1=)mANSG8yx{wJWj z@e_F8{yl*U50kbaLGYZ)QInSC1SAZ35|l~|R7kDy2@sjgQ2_h+SvJIcVu*7bO;vbF zOacHI!_!Ebtjhr7xubVDO=Rb&s9Mki0cP@-=oC4C;OP7nn3Et09aO5{mvDLvX@Dab zDvGV<6Y9?pr32oJUBY`AJ@Gz(9KP?!JVto35EaZdq)ZIIdXIg%v0&hKhW(ko zk!vQ#wqD$T-iNXa4 zP#ls43M8i#@s;l8$qnM^73g&l+FMk%{7xc3{5=?^EBNKCFOi^OAb3KJO@lZNa-H8}tO z&)C70WGXj3UwM+c7h?W_(s|(X=Vh}`|~AFRrTxv0#YHW zEPC=DWK1vm$^T5;kfL9DNEcq~Gvd}j7O$Y6z0&EGBIXuL&nykz4n~;nw8K`}VAj939tB@Jg%EX`r)H6z|2&vU*_q$j~ zH_;5Xn2uLTt)x>_8*3}(vGt>buZ7nLy;0~mZ{+;#4Z7IDJzy>%i^nFhUHNV zynb7a^o}y98v?W=QrbN-g>$HU@_;K|=YfLVD4#9p9BjpN7PIAf$T+?5$7QB`ND#J= z2VY^-)J=ehU+e+$&z(Ues3>*GlbFL9osq`>1&N6;pbL3PCqhvWI+P|VQ<8)|KQg3w zvv&+`#ADWno_-|aesZ#8i@!JjEiO%!3)Yv~(&Cw;qB0Y6a~s^(KV{d7YZNuL`Hqafe_dr5`H%!5Ofp~NycT_?h(X6-#@${ANIJC^BRUX-Cy8ui7g;C> zj*L+{|2cfF{`a2xr9aDCm8@X*TW||!DjKk*hNVu-j_N{Rb1{V)$}ydla&&1YCJHH6 zvvMYn1`i<)!$>}FZ`zHZE>i@Q9M^t-wGPGP_AIdaFm4V!+W``A1r+NdI zv)!z#>b46n8vl9y%ksLb4P=2oAePi<>ZTrQ7q^4W+A% zXU-IukAj9G{vO@2x2XpcZCckmrsqUh$PV$M=yP72R*&rpN^M*^|Mu3A=P&?{9!rw7 z*8CNr!)=H)9)amKeLQ|grtOf%zOjQiSUY2b786t!49BN$djXvS|d4O``?fDl!G067;Bz0yg@{_+D|@nn zrj*+++_49vy*brea=hKm)MO-KDfc3o8J10F`iTV2P5$JKtYKY7XbI9@X4GGyjd)-QZD+y%ebI2*2$Nmc2r4mc|b|9#5#u@+N+12cn zZ$RKWV4cTRTLNYx=-^MYnw+L$GiTq-9)&3G{2VEa|B1~a4*q`H5sz#T#n%IsK^#= zI>20 z?+fyIp~v%M@OzC*Ak_$Bi>Ru;H|k4SE%@s&y|T%& zp51$`@mJClcP<9XW35;z^C=9U={8KzR$c|3?FoN_^s5canZo{JnK0ot8F}kBUcZNZFAH zo=7F>?z&ipJ4DqYdKA9WeSK7*9S3c;tpCbK%a*!F51&K+$782zVf|>2(-sm%DG)Zc z@qf4%l}0)rO{ssxnRW~FJm77EX;*KVF0n|dwzBF3+rF1)QCK*?PK{-b@%9^Dk82}J zemig6BJ>D1+v-5tfLGZ;{*veC{9z~^3TN3vz_ez&PtXEUWMhTTH_J`jVZF1=ZcQym zDeoCxTl3XJA9rSD-pXXI$=R%Kb_46KbF!+PrDK{}`XCQsPlON(Vu=X#`E{Z&om9ib zrEczglchtTt|d&Xt~mNw=Z+kU(Y{Qov@lUhl~U?H#O~PKd=)MG4gjI|gx1mEs3W*U zN!mbY*Z~t6fK#*};A-Bf$`ynI>mbvOEIb=?I@kM8(le|^gKri|;yDd&RaIa3aiHU- z(V^PLC#pdC>cQmP5j91OgjBMR##)b`8>rAUcROtLTm!!F(*ulojnP!QGHyx@i2-D3 z^=aKf)<@m*(kf2Bk?7s_Ipg?RTyj3v1_25bV*w!yy{a-3!&<^rPbK)W7m%i%@=Tx& zkR8C6UzFXoUsKw`S~Q;DTc7 z5PYgB*Cr0N*^g8mo2ZLb>Ym!WTMT|kzKrh~w+-5sAb}r1MgAMyC+dj3o@MkWQ8J7N z8ANBo8r&^HMn6-EmU;=$8iz-Lf=JQIHrbjaG>!L}@hAFu5XdkZwfzAO35T7aeVonE z%ENKQ^=Ruh9`Km%a@x^u?P?qE7P9t6HgUx^%^d;vU#iBy?s~=5>YbAQJT4PO*jwfIC1~-Qctu=E(AXKAmZiswlmFKi^vwUa2EIm z+9tv(jwGGPjOo~qla(fm8A*%JY$aryOw?HHWOuup?w@WFOUb%9z3@8OD)`3W=wW)c zu>#n;yTfgkj5(GjHm2NshP_rJ;+dGl;Qdv8&9@B|W`{r0i?(Hx7#65V;lWHV1LAY34;_lGf}3^E=^h9A`{sPskJ!gDLpwLrK6FV zNlK{?oRM+_nv3**t0)(<+ly;ySne6Fga0o)pqzVmYqtYkZolDd(i+vdoSQa%`!q`0 z>}pp|!TizuH-9qu4W!&0@0S*eez5V_a3FBE0IC%4U~$kXGbQS^^-4YpCBOUR`2>0X zGcd{gNHXjHD|OFgu5OKa!$lEe#B6xJ5=5N9o*$ryxLWoRnSb;w=%G4za*JR0m83ZR z$;b=E`yEa*hC?Af_t_o2z9468YzyghkkSZVwRWtuJn)aPgk6ZpUIjWVt>&w3J=0@G zW%jb{lYftq#&yO^omj>t4*=D-J%+IGE-Zp8V~_Uez3PtW0di<^!J{9mtw(*{pXqIE z`<9)Vv<2r^z)ixGEB}oRevkk5)pb#r!dH!VFbZ{qmLGGhC4;atO5227A4HU77$S`u zKUz9>Ge|l@AxvON{mWXZovDsBtE=TgSfEHHV(pEN>I(PfK!Z* zv3MS&5phnn%bf}t^qsQdP#z$?Q+LIo&Md#i*2D_On2;@DgMv#$#tfS}JH>V;y%SXX zUZa|g3AgPH2EYo%GOf}utS*L;qeTv9Qy{;KUM1(=5so;flVDBFOJD@>y!N?!D5U`3 zy~F>fd!Sfymu)`6k$mH^bHHJBzu$(?EKB;Hh?@gSEQqjk_ zmCR^N;)#M*yMRo^5F*qnZuECnIpvu}6iLIl;*e-@1eUN9u8_?c!{tQcIQ#^2JPiKo zXVO+1+dJJH+*5eaQ4BSJG=pM6j6vu zXfE7mMN~+G7?Q^&LicI^k|W3gu@&3SuS{TllxuwmnEjLheGyt{{fs?uvQ;KaH<_u2 zV#|!vIP4(ee3*4pix*<)AiI*f-^2G@DLxf5GQb2BK_J&r-^0HlGGmd%4&Jz4UaKk&xkhUoh*C=sQ1X}7apz)6eGDT$+u-wiLYjqbl!z4@vA`^eoDv2R^u5;LvQ z0eW4;D=V0ac#M@Pud1HjYe0zybxcE5CdmWZFKH#dA!{NeOpUC!!{cv8_ct{6c&6w_ zzVsLJTA|!_u7YF@>qdWw+gi?3+?Q#XlgeowCbi*756Y-=Ua1CTg{cy^pIMbMA_s)d zIYADiW2nm~_puW$%;SkC>Ud zWI*}6plSX!EfJ7mZOgs7-Z7pw-xB!R>IAKAv>89UGgeG_>p84NMO!G;d7A~Vy23G9 zvT-&$+1;t&p;HLYBX<}#J;%Tlt6ii!wQ3`KJbs7;dv@Ne0xniNgY$Be`si z@j6F17Z`_ECkQ~Ms}32z{ST~-19fSa11suUP^&cOz^Bs>7iao9_n*4GV25))deH&F zCmekUY|!0ZJ4gNOs7?!(eU(hs7^`iup@ntwG+8$awVlu8MZNIu_!*b<7_PR;$W=eE z4<;I}wQ-z!sc|)NoNjQSCs4j7B-pyBC{{;Id|mV1{weYZgYWsHRjV?P$omQCzgcxnb_0Bo@ zww!D){*3W)PK`TEeL0pNr{S`m@rUy63ccUS&E4wx48Py8o>wD=fyO_&lBc%ZBEqtyF6nS6h z`Pl-{gqBC=mB1|Ksgug0kmj^=r_Q6*E5vERd@-%WbuFX8`=|p@r+qqn7h-|RRuhk z-C2#JLW{n}MYPk&t1TE1>KXRFs$PSVkb1^2T7Pn%^*;+u3tX!WzA$Hwa*4(70Cz^?fupZG zB{WAWN1>pPOUV`tI)I==-XlNAqXM=@opss%C;Gl()d+h zZx^-)4R!(5CUvX!(52a|-p-IM6a+UThUVTtZamr|X3I?u+4*n@6W*+EMvx=slv-F>{ zCo7!a&u&j;ESQ-#=J&e1wODK#Bk-qOIY5BVP8Q;l^4ipOoV|J}ZS=LM=}=Qyjgf7e z3W3>w6Dy%+$M3EVd_A`nOVI*zyQIg05r4nyAKfBoQ=k5%H;AeGc%nj)5E?+AUYjzGSs){jFfNGZ^ikS>;T5ekBmV=UXnVhBTxCN?F} z&U8qeP(&2$l5V*6iYPBrx4VRt15UqHvj*qw)WUijnKHfL>oghPWiMc0PN&~<&5wjz zRk5DrWA*eYy-7=BR|x_}VIjA;9wULUnLm~zKo^PoXfuSrGEiAVYaDmLRN;4DCvERN z8D-XaW{A>4VSpbu((HW=cPawU_^qD;HtMeWY1O+eJI(Um78| z&5_eUM!-ZHO9NC*XFhM**e7EzNw~rl|4_3So{Gr9=T4(}U;W-=thB_KBkgx$vp6uk^M= z*@T2SEP^Oo=$=k7TPg2&>v~93*dMR=RgMj%IRvE$E^Ggp_NBI$0b>6NazL06w-

*i zJSva@&LSP1DG!r3C3aykv)v04k<}SWer5;|9As1MMYLv5tdX$JO=|Aap;C04T)?{J zH;MI>Z<7S&FMBl79n{ZBzso+^ldH^ERww&V2+1m?PSbaAjV-~551}AY?OkCtnyvBaLeO#q#0)h@ERkBBG`(cHXR>t0YYvE@Z zQjXTuiqlC%UmUS$CQTuI$c~h^!hpz2><@Nt&j~U}EhjmtwYTGDkef#OG>c?#Eb+hv z9y36FRBy@LNkouAk9$#gXu<8ew(7^G7K}(6G6eIYCp=uHin%RT6?q=G1j=Xx7$J)( z%BN*S(V(Q-UE&V)GH2fCNYvKgTCy(g0nw9vTqX2n0n0qU@^$$HUU82rrE#b6F6#W|ZNJ3{<<*)Cfb>=Ao zRL-Y4HvV$qEYcuC?)^3=SkhV1Me*2uoy(J4& z&jKS3Z4n;1&X0kH}^2sLQ`iObfaXhfGJtQCNzw;QAI2zDIv~9@p z4uCDO#=sWJoL=&1&)qQv=2lC7FxPmQO~MmNU&z#q*aU=Byj?dA*2AUx|Z+C z+)Nt_BG_kjTe2QUdwL+?SMzc418E#nAIqn0k6NV-8)8*C?YkOrS5xYee_l^V``ghp zBBjP1SXi|NWjbd0XmR!Y`0&Q!L2~tfPN6%R^Ypy*4KMX%AhMRlPt88y2KBjr(M#~h z&fvY|8j!lLi*ZZUf5xKa)xh_z8%}cTNEU5?{>vnhAi?C9NG{c#O&Lr z1&uZ{KNDfl$>-O7IQ8qOzx9cK>4Bj$p6fl((4rm>_}K7ee?)EnOK#yOIT#E6cFnYU zlc=ONTydO*u)N!kX2-0d_8S3siHSajADHyOnxd3DGnZ54FEb2#fJgoh>?1+VMDZUt z>RifSvN-&JQ&4>76n~q(zsE1DGe8;pv12alM__Q#S6{RD4by*}hFIOup(?|@2+B=tKnPNMO3szE-?4< zAIa}tu^4BoHouh!`&{BbJMz|F?Y#+WB8%O=o`2r^J9xZ&-{#)*fYH2m;(;FmRb(Wg zRb?_KYkmT0Y>dxcITi)syEEr4`(w*m%N&g3pO(bn9&mKK%fHQ*H2R?LzCL5&a{M48 z<;bGCr?;!_vg^@y|AkBXy@&Erng}JSp-d_aWq$GaA)Y_-XdlCX+xoS_T*jaifjgxMynI^G{0QI5eS8Hf6C^e5 z0Pac=bnSV`RriKaEfS@x2?qDva~wlr?eX+OfO7TKyDkMQmMpH6S?p%k+W3hnN!G+i|Cww$Wi+_(pXKKo^^V4Ede? zJUMZGEfD?AqXrF05?f(9ac+} z>cvL+72LmN;q)Ew(-VoRjgAgAOZ75Ih$uR-X~Vn@E4+#!aR>__T1dL-_K+C|E>40F zXYK)r5pAm%_#eN!R^4(?0LU$nP;2d+*qYXH(LeTt&cK%EO-cqSvSjL|4>rabjR-VWN&n!g6Qx%+3{9Fykd zPZt8l`hFbK{&DHqikZ)o4rDM}&yWs`{oI&f4|Zoq;aX+y>X>^4K`V|%-5XN=lPoXg zT-cFot-l{Ut{$D{C^(q}y%6ySfFMUe8*VXEmuOAndujO(U$z*45FODjD3?-87xt3c zH{G2nA|b$tu9Uq?;!Ps*Sy*C@nFOZ`poN!~dt-C<X0JK>Nd%&}Rf{oy@!DK&z7cFX_eTa#sDmWr+YQyLwL4 ztrkWkd!)n*O=?&jZ?Q%u6%QLsSEIldRI}Wa#CcR4oXXuvFmdpNa%{}MPg(K)=@3Ko z8|ED+bB87WTG;7xYt}TRwUIxCxRO^I7~$*?^;pNunK4IYQ56NjT6vki6o;Oo;` zecHMQze=Z#f`Z9SD(iPlvaei7JAR%T>&Yx0z(=Bj#4+H1BH z((|^^=2q>E(F;W9Spc=~(cqNY#5{Yb-o<|F>w$dVscreZKH$q2^ggDTvjrq2vZ*1H z_IGtT3;06IS+C3#Luj0dVuoEzQHWabmR#+2mejsV!P4 z)9h`jtv>Ct3qztb9lGjXr#$ zjOe*9NzvAIb)3eI^@UV#4L;A9zqqH1E3B5mqJyarEt&xaB&NcZZ985JW_-#r1L&Yg z&>=Oe#hH8;m@M06e6=hHR)gH4>;(D-g>t_uF?z>w)zH!CnQuL1>zx;Ub++&69VZ#j z<&K0FLv}X6awW_=cT)h@lRl+zs_mebe%4F?LQuiV_+>_RJ>y8r#DCjCIt~DsYQPVM zS*~jSO4q$J)jlO5yn`aoG8(?-E7;n&NVXua*te}B!Aj1xV?b0M)44zj$Tc%$sZ-*{ z&`r-H0Z%v*Gef~^HO!T+@4Jgv`G`gvuqLD)ESeozPQ2L$eh&}p)o?bDpv-CEK&)TY zb*;IY-#hGRgl$lK5_VNawk=`wU-5aI<84~>sy;kQU?u8HY3S;s^YsbAiJ)11Jgy({ zwkvj6M@<&gbQ5rsw_+H$W@X>9dTT&Bscrw=UX)H%~G4Vs_np_g(yUGCUTB zGqL=iwr>u5ina>IQ$NgNt_?1M{@>vK;lUrAm7_wv_U5WNd+>j%hdB&bih|?#M48oj7Nj z{^I;4p>Ba*zAg`ECpXX2??v}X@oHbU|L6JT(d`*x?TLFG4T+#1mcDcztp1B|51fcY zpCEVFk{MZLs{6`_j^rXGJS0r}X|fK56hIaGIrcHcOs&j_f;yHv{;Lb{RQQXu@^W2#XO`U#)>PS=QdcItB)U-vyt3F_kI)~V%dpZ(^i;6Cz+>)RKZ7YX+FfkOtD4x9bHPDVN0{9gDHAGxZPGg^ z^{2S_l(l}V5h+u423k$M<>AStMTegIJU0(bF_g2@TQ(NdyMVICK@>wC6P!o z5fkM} zHaxXV>bFPk>6Np9fRF25UC0|@=t!6Ew?Q1cmRuB}a4Kj=+0NnhA>1r1%$@K9!2WgGX(^M0$XU27PblRG+q;Hmd%s z=^Yq>^Ua6l#ahCvF6cbyVja_eR7U+pikXfYi2&6S`HM^)( zrce~xMA8I#1SisjE94$i=8q?M_>HsUA>L(!Dh8m0;-`tQ;WvmVF#pgw(W5XsC&piG`g&-7JwVnG zUC^>Hzoo{_Lvh({*l6q(y?MXK;@y2y7kFYCqSqSq|i#0^7xz++7ll!fwnrm@aR zJm?6hk9_gq-XdQ{)xQVTEM;A^Zl2e?yMu~tW~`>s5t`v!p(NzL5IL0lbalRJGl;qC zI;hw?2c!(A4SUtLJIgno6fJ1!{bsp$U`v(3&eae)Eb(DYSw?`a9o>hQyNAsEJ(=h)n}Q+RRN(F$}XmYHZrZ^~R}Xr}uyqTVWfA z63N?T-Ui|c)m@?tpnjhkf3R$SbtMK+VhfNS4ms}*3TgO~6hkWF*>oOd{% z_T_THJVf~e^UcB($rkykSJ-Kz<2IZ+&1aby6O2hxlz-_%W_xZk1^xE4H5D;>T&PV_TJvO17;-Q(DlEbkX;60t#uZzUfZ!S5(#kS6q-!vc$ zj-&f(W_cLV=XwHK>x4v7K2!`kdy$ip^3tu!!d`|;&x95P)&vK`(yL79@FBVg4npK+ z$9ABNKwH&nwZw3IQYBF))2CqhDwU_Zv_tBH7vow&B*HKLcFhi!S47ehwrr58Bp^cT z$YI~p0MFNbF`vKQD-7F66uF29PPzMNW-{mTGEpmOJ$&=(eN0){h{bi|o?9121#4KH8dFd>fvC zUMUvhPxd-gS&F`owd?c1)EGVF6~1JB)-39^^|msJSMz-D8~+VKKWm-<><@qM zwi#gC^V8}RF#dkmN{TYgk`xEOWK$#f zBu`sm5~m2NlM+R8IlleJ{?9;nzg;`l7nH)|S#jF7xviaVMGwe63VvHuD!x~cA02H_ z_1SPsusGZFr>6JaXG{eysz{`iwl@c;XRPHgmm6`)M4h~CK|;HYV4ntPs2RH5`OTe- zT%47!j9ImlvK&&`T+IST(G@w4&kwMHoJSmyx&kW0umKIyS_B*5zSEL`e;(6U8&MMQ zNLsfpOy?zo63m-Yg1S~`YstvpYUP7!mj9cUCLcECHe7kNw<*5@x;ON6wE{g-Eb{IR zki9%6ZtY`CraShtW4liT{`qeBG)Df6jKKV-;5`Va8>4_6th0Mt*D`lorsb&ud`eud zt;{;jM!odGK((U*31@-+4U78uK!T&paG*wz@9J}ajOm!nZhR75+FvXRovwIWgdYW- zMSwT|(Ac5VTaQeqO9Gu*C!zVo>|gxvx`}-9J4-dQdhntjv`~LC4(jTRBQ{qN_x+G4 zMqK=a<^=i>HW^#4>wRkjtlXpXUpx}h+&qy6IaCQycjJQ#siYQwg`gDn^rQXzZSi7!zQ$|N7Ul~E*f&T#Fl$A+`n+sHuGml z!I(%ut2$w*+ahKy0RO(dTR}ppqM&NKLAHV!AcT*q5U;|tp+AGL_11O%s3hk9Iy$|Z ze&11GG|2Dasb7ODXiIxCR`q;jcU=942v-t4sR7&p_VjtUzLvpEoe&<%m^(@d2Koc6 zg$I@aOp+)r>_=8fFqnSr&g5h0LqoFbgjbuvwV(7Kya;>YU6HxI-fnjdzSCOm6Ls3V za*AymI=qYCZ|8@fjP?3`p8kGs$Ilw+eF~=yK%UY-pzPo3^46n&U zKaaU34|{FvN%3+d5Z`~)D#1doAVNeCCL5SUC1b}RhtR7^kN};?{C8+F2~=7-U0klA zvzQ8I$Z>Z5ev#Aq1*cD!;M1;$(Fr8%U>Ya5agq!fI7Cv_?L4Zkkv1y%!53-P2uXBz zp`*|o7x$$c6OHD`&{Q&7lr_}R>DCPx|KSRGU(`<)-5E=QZAgxk_7{e{#hn@{*MVg6 z0QU0liu1BPliJOV0QHT23WNp^#MDRAWYlolt5{mcpHwsP)Jo%tp-Dm@cGBqh*{nVA zRq0dg;APpR5p3dNM(ow~8W};4}qsj^=-Q4%CBC3$GO13V7Sc#oK z4@n!Oxt0tl8Kyj3(9>hPT4%bN@n>+!(t~T#ASBt>H@u!9TE}PCF6iRN-A*=WbVbzD zL%4V5D0B3?|92_J1WKTsC8F~cSLrIH^Aiqe1tvNj_(%0j<@>ZRSMp4Hh$RR#n|6KX z{G|z;WMv#on+{!>12f*(^IrsiA@<})-hAb{sug|U%|=YH)XGq|Q-79w**~yqvl)=> zX+845Y^%-FLp8ei;&%mS)vGWS2kEU$y_$}ta^u%)!v#E=fk#OzzlN%979(|HxwaC} zSO25OpuJdEDqjfQ|D03`uX=r47-Lh(uo=0Wo)5LRJ+39wHhB5+|M8a3B6kddKL_^- z+Od?h4LmcS!$c4*f+sA5v6t!}C_*GqQI;Ukjw|kYoI`LCow?DR$&-H(>dzg9eqCV$OEKP*_PH$f(msw3D z#L?9@$j*9g*}BFAyMf-eKeJt-7Ib}>XP?cnk~g<0^)Sf)l2P}tNYYYhS9FZ3B4c5c zYU$M8h$+45QQRfqp>@lb#y)Ch8{5NwMOst=xKG2&zp7}SrFc&#z{ z)jB%IF)JPK8&TARO-3^tad|2_o(ycj&jR z{Ogb}NA*xr1k!;$M`ETK$#ZZcrslcNak$fVkH~gHpt%;Q7|m|h8I*}&-dS-;V-EGs z!kS{rx+WERlQ&IOQ~sbuI+1#8t9P!M6sks{X{k`xAY~k?trE(Zp=5Ms3X7N|Wn_#J zIu3(|A(O|%?I@zU5Hb#fT1FGPr@`+=EAYeKV?qq70Q(NOGH~U$1+;iJwD_J(Mp(sxtn_mm1~OXBu&@2P zT$5XRh@qT$g4EL}i4f9Dft;h5Z@ENT`B6W+EY+->XO*nC0VCZvZ_iL{I5e-O`Z(Dw zU(X2Vw|%Y8?yI+ighzh^ev&{;8?%k6+*id>Z{>&=rjV+l=q3sr^%kQ`^C>1y1tMCa z2@A?}%1D_w`lGVoAP>}0M@_7FqlC{u{`p<6LL(s0x^9wxSSSTszQcdNr-m0x6xmoN z2BVTC{Kxp5_iOy(xn4X;*#bN+d5u|#JD%$9r4+zYKe~C4v8|Ti+&2f?>h(5G- z@WD`7P&sNkG>G$`4kjz1r!;OX`0GusS%te2(1M5Ws^Z=4b5=QOvG?fj>E&{Fw?r6r z-^M%%bhoMhHb4oi8Po$MJvp*C%}%=9hqwEV>|fvg1=xG#eyu&f2Fz3ak#Cb76tF!T zBuIPI+>~u1PU4RIni-}l3h#-4j`yFEmdGD)zm8k@y&&W*0dD5`tC+tTe)Kg|LR3ga zVo24jj0`)A51R9FoohO)eO=aBg(%lFy(I`&}>2UmAxTP?(3( zH%pqpx<%+&ISo>=oK}hm@mds$5xG|qvT8ogtTPPix_!ie6G04F z^$MNd2k#`_)KM#qw7Sa*RcZ5=rAK_9jaicAK}O5ku}V71+7lpYRCSam$EAm(;khx9 z?>uQYvp!VCb)9+Zy3W$(S2yFlYvL%r8#i7xsp?E)yX4(7LhdZAK%2Czlg&)DDXVv( zGL;1DPNh~?tv6>ZFs~_(WW|XXTgHmzMV2Vyoix*fdg%&@_2u^Z!7_zdr_U#73M+_3 zK>0dA1*Gn%{xEZj($NC({mSruz$Z#+fzSM=Xq5#g0b*E+OmiWfn#VjDW*9~|Q0M-U zo6!EZb50kI79lAQlXH=^rMniT8S#Ijs}=$*lYj__TV)x8MJM@?11_XSZ5v zM~Q~si3~Kd3c+;|b>Sq)g3i1l#Tuw$vQf=*6B+NsrIe5Rg3tjF+6p!5=CG4gIsy2< z^6eDJKU>T(k5n{*gUEt$9-uC@D}UG#yop@aQmld5drfkQNeiU_j)$}mN!C#(qL)oE z56q*dQpyft>OuTctcIOZ71HpA9^5QRmH|q0`#$4p9Jb!g(+jPV-%i?S*3bv|$WX0j zw@CR99MvI-gmMtnITLJ5ft)@s=XGYGAmJnjZQJY+V%2oHQk&MIioq&LvH)q{32L?z zca-oS-o#)mN5cF9F7j?1@_$r(@&rmpwu<8vO4FnQn*F-zn9-csYdNvfIvYuo8#+_pjzKklG20GFc_%-<(9dZi0-;?m!yEucO&z|16NgryF^MH10ogzLLCVH$+D z8h_TjY3Tw*rMXJJm>%9Er6?(VoAR*VcAlPuw}9>z7WS9GcdFTw*-%o-cCPE*EXUOn zSDbf(G|b!11m_%!%#@(i)+24GL}NSww*Nss5EWEW!D~l728>P0<^gio{TbIsEuHS{ zrJNkQ3;$*%S{(AQ0+r76QCz2lild@D0#Mqm!Q#9`^!`mShI+&ia+c!FmkP6#bVtln z?peknET0olK*k;R%UZe9UCw13lySpleoBOrGM$1RAizL$Nz5}x21@z(@N)>W;4N_d z4lB2+x=CjLoky_2%1#hh>@UP98}=3v)T>g_mL6NwTHGLbNv@o-IcCHrpcZ$(Hw48- p<^b7Lkr|B5Dc`i>rKl}Dc zVQyr3R8em|NM&qo0POvHf7>?lD2#vqtzHFwO83_!D^ZfKsh;hg$93G+-(2itIoY$P zo1;J^BwFm>B?r!2ojs!p3F=-W$}owB;Jd&7Fz^Q7d;Mv7^?g-d}R)As@1t{_{V#8J!zz{<=1ar>gUl0rsJ&pd2 zd`{>;&}2@?RSN)xPn77+Wsxq{Wm*7G6cdIyq01qd;t&mcJ+J4B>BD*zRnivsy}tKM zP(+arx#(a{6VwV2^C^zGEb|Kr7eK-TQ$hisqf*~`tvN9ivSF_`!+f4hJfAFjvgljP zIP6*drTPl{0=}t4;f<#%CJa%ZL|i~Fz?h?O(bbJxK*kXjU?(B!Ii*NQX2fIHv(^<_ z-Vhqd4quQ+bQg|htu7!FhUhh%;1Kg=t7{EvYXNb@A&wB0)zAXsa0p1u{@<*Spf4Su zQC4>ahoqf9@cQ1tLF-FTzc2o*kpCg^ueO4tM*jDA_YO+(f2aQ-|L@}|3dF|J&PWa+ z6g+EAV&af-c!n4s0yc*``v*gRce4Ba;m-Hd$sp)Y4)=C~!|%VJJlp-gzrS~II1Pe{ zk9MYmeSdm5ogD0=VDDM~z(?o+?i~8h2G3eE6d|faW_zc=Wq!EG{q6hp%ysfBn)vhQ}9_1lLbjOuk}bS183KWQXC)w zJ^d{-Q1KCvsr)U~L9b<(AA)wf^$1LpFkA`76exfy)|22`j{t{shWKd7I9do;m-26L zHqx3gW*|UuNS1P#AIF3-JP8p{!fXga93>x~v}`a#(3Wr8triR=2g^P&>VMwuwc{v2_-x9d=Fln~{m_r(%2uCv;cKXsokzmO{fIo@=jsonpfhq;&t3aTvJ4VF)G&AkjXt7Rqi&K?2ADO(KpLNMh6&hF}UqhFYzN1W0ZlhLX9` zKRuXmGV-C|m6MDr^%L|!fSLRyiZN9z-I)j=K&~L^j4eYm6o9NT7m7~PH5o0%5}uzh zP8K8LUm<=D`CO28I?ZIQ&N z@LbfV9l(+}4wnD|h1G_uhPp_NCZ2 zKra>*F#`*dL}KIvJe?wnA|5U~`l}Bk!5#h_Ml%#hs^%KyP!(yl0ARjf?sew-Hba(% zUeJmo#$gzyOe!~~$WJKdOVOL?13xCw6weZ>%2?7bUpE40F^WcWJk@d*75N0li!zZg zUepqqmIg=XufT!?Nr(zKqI9QZk4^njo=gbESxc%O^k+6`%+tOfG4uz*A%|V62qFR8#o%U9l5l ziis3TA!O{e&^EeVaIRkhU%Zt<$(kj4=_=J!iii-Jay?U>Y1TnRU*ZMkOuYqa88m+Y zu)q;sB#Z1tQRGUHUJ;rn!Fam1=f{a4|CRa^9G|}d6fu%eAAwL-kZoB&94P`k3!fh+ za=W}}-;Rg{S`eiP89MZv=A@_!L(m>P>%YPoJq!5ZHoc^3r@f^9+_0B6?gHv~~GR*RAZt{q_6MNzPgvS4mXHbp5R`U7pnSc(1PKHeo*} zJ!^4ceb?=)uCtYQE%9>l&e}y4$L$=44UO`Xgk>u}L;XGSch=$?PP{X^vQj z8V<#>37+enLXi>P`T`dWHWbS<@!AizRPgJH!fj@f)F zB2q9dgZDZ;E~-HolG#hCn`vD#B(s^&I<66&2qs&0z_n0K#RsLuN%eIob$iqS0h%PU z4#3frbifUyQ3oJO3GD!%Vvc6R?DX|dXRVf*6>4s?Z0N(Ba#GtDDFjbdG;+-$&m7Y0uv&UG#`MZ5rrfLJ zPEMXv^jm`1MvXO9oy|=@uA@_}fvnhK7e2S*6yj?XA;!)rnKTuU7F&=mST+|7;Hif z#|uOfZg)!lRXrv7@3Qzb*EFlQuTbwm)pXGDj;5SMy0j4Hl+&mY&54Tsk+sq zDp1yVR#j57;j}8yvF5z0q-NuZRiI~$nN>+kd1}c|F0HhJw6(O+ydIiD@mkfhsp&vL7o|YES*Ceed@YA*DlxA=Uf%&7TR*_Jy2}J-GIu%mMC6H zrelM2cz^~2^z5K^gXF-S-zTl^p-py6&3JIV?MOujt+Or3;s4|8PMWk<{PC8A$pT#< z7@S3+9C>3=La9x(Hz$mz<}e|T01<@?qfoIqEMw6!Vhj7ITyt)~h43(Nypzo8!XrB%q*5B8dAwX9t97G0kOc_%4MCUYW z74>08rd&xVd8BWM%*nPw8E-~jp@sY@H3Kr`T`ANhIWrQ%Xa?p8#&XUngLg-MV=$6h z!y;iEOb~#SBvAmK?f*s0tj(4fH3u`2hG2KE{|f)uq#<+8;}M6P{g_Orh>q}okk)k= zfW}CZxf&&l38I2hQBUZ-Tsrh!Aru1~87s#G@f(C9wa*4LiC9NFYk|G~l@$M&N;d@A z`2Q;xy@>#;0H_8zNE?E^e!t&u+ORVf=pe^_llBp-{+%|{O{i(DaYHzbxF{7eCyVBb zWDHbt05qOhsV15Cf>N!)8jxr%QyWU{ePs#`!OpX0bVSPOg*B!mtx!*kDLMqZPPQme zV>Hu7l$gRbROn(uu)EW0`AQ2&g^N$ZFz;1lm+-RB-c_o9oLr+wxwJa>-5P+Fct{nt z07*PWXx28o2??(dr`T^w!$Oy?CPKqolZs1qpkeQT^%)0voQ=X0u`h`LnHX;wvD=~x zwE)Uf1fEwJkIqkv^l40Dy>3n&iAhM5p3$I_xG7%UO9rCVP2!`BIx{_(Zs%4JXxFGc z$H|i^!voa;M%A#o&vw?JNEbYo^QzmGnq~;;ETx5Mm&?Mysqj0)o2vRTp-4J2G40J1 zV8$t)BpiudDF~4C>O}##A@oYDr{AQ6z9<+aLU0PGUd2Ug#IoVoN=1?JfW%9`REa_DY0Gy@Hc~Y@b_W1 zozsr0F$p@B|8_@eARU0X@7XW__?v_;K>Urv+2HR2h8iRD1z<&H#?Fc+*;rjk7s#T)zR^mx#Ix-p`OYCxHFgF$=QK>rREN z=GyZitJ-{0ScHCEGow7nW_o1Zd{I0#Y_f!>mAq?tAPG5#{(MoXeq}&}j;IbX!BJMp z187MWPnZXI%H#)6p$ z#Ens>r(jL6r^lcv0a^9i(2y>yjflufr&MIGZb1e`afp4`urDrDX}dEl0JmWV!JyM5 zY)HpQ7qhAA1I0bn@qCRL07#6_J){k zthdBybhO_R!eKKeR2BZGtl$-_q6$oAF)b0}jy_VyM3uUc3`bIBJh5Az5sDRy9IGhI z1&m`ESR_<>YfCQc0E!?Z5y-3b>XU}H^uTcjS6iZn;3!0tvko}&IljgmBh~@OGI)}8 zz!{$-%FNiOwNvHKoT#jBl__P7lQ|ERQK06x&{t^^sd%gMSxv_}_e+(PBETW|zTe99 zm{%}fOwi5|C+BhBy=m zMZK^i$(lDu{#9nVG89xCRsI2E)(TeQT!W1vG$vFYK`OqKeW`7|Dic&{l8TK%So|1* z{eFLc6&R$MWE`lrTJmIZ4a{0TXeKh`V8<>z2;96!>`Z%X5`{HC1vn?{Vd zqD7nlH;fIb^mJ-D-NXy1Z|f9ZK8;<8U<>ZwReq`~@ovr0dzC-xN(ye}((U#;U5RfC z&f8V~r7Q8?(oNgxM_NR<(sRQV30CjOkweflg4m6!E|}QmZC)VY_P*t{^YRY7$Q#bg zJM$M`V{UHMGrZC4yaONbhVygF-rh}SsNT39O9isq1+P=z2D7D2E$#(7rQUjbt#tP* zfrzG6y7ag-oGp0u!r=hrArnZTjTp0N>s%kC@Cqdf`^NsEThroiJ#WCU-kkFF=~$O&~KK@g$NEn1CR5 z4tC`B=4_EJ_Su%(wOz3xHq{@}8udy;Za0)++V)l`rewh( z4l59?wddLK4!uElZ*l<94xCm%yn{_ojnK;|*jVBXc5@=H9%4gbH~4<1TG+X;Y#`}& z>L_2=fxehzqc9h~X20l+%590^4B|Fra0d16{Gu})+tZ+$ctootSC(M5UaS<&G>O!K zsnOF^MSvr@NW@U^i%gCwlr0np8cKpYmk-az{KYcj<#%t6gm^ZUO;X}1^>wp!cs8yz z6XGefYbL`h#ERw#*jBm{C-TDR-+6+&-&u+|yK}0O%#}<1!H(?nXVO+{@AybMcNASh zd&`sP61;mmh_*1_$vJc-{JTAdu0(rZr_hxI+|40$CAzykgRVq-M@P^$zLh7?S|QQ; zNYex8+)CGM|L8=t;qkMD{*F$ct1;a1;d3?OdpmosCgF~bo~sew@yT;F;=4L{&SBK2 z%egb>s%awg1p9L&w8HGXnKe8+&7s}S(P;ya4NnpdRvw!=@!a+-p&8T-PE0Ef{cUx9 z>u3I&S85LZZ4$nkGylS_ZCmHd7R;?4FWbA>TOV#XuPZ6ubK<(`sQ%KE!VM^u*T<eqSSiJaDaR$bGLq2w#xTBtZ2IBA=jkAtyZ=VQSGvB zeS$H5f#g^{W}M<^_5?hAdVX>C_VoD)_~+T13vhIP3SON26Z~>=aq{%3{PPMe^^Q#J zkd1qoMONw$q`=ECRy8LL+uN7HsV_44pn{MWZ+<+vcztqtG6Kgh-;6F#F2L)fS0{$1 z*VbhumS>?616d@XS~biK9QyP|?eX<>bk*d+gwHR@mAVM$oRVv?ABKR-SDfep1Pu8J z6+6boB8kjxASTW`qd`V8xjd+3W^#o{UrUjrCZSulsmDwg6~A=>XOs+1(p zQe}O1V6LcIXi%w9ZLy@a-{rnn5GlXO;>EXRQai=(G2|T4NEG=$zryZ+`rYr}J=Q<| z^{?)~{^h-UYTiHjwwAOl2dS?>{@8yO5`X5J&ID{Or-Z&Tk&@IQ=H@PIXPX8Mm7VdxD+1npH-2Z$p&&Q8lb7N?`Zmip& z`}uQA)c96>yg&>Le*oTFwOd#t6cK1Jc-p9Tb;_R4pG}^tv9HqSNE?HIjiNw&#u4UY zW0;ov)kvS>c8w1oF?ZN><#89&ztiKst~nr7e`>-_7gR-=fBtOXIKQW$G@VT#uK?Nz zo|Tp%1(dyO0wGIFkOD|wHK}jKgQozpca0!e(cBq`>}3-eb|`iV!+O~SMlOyz1!BK# z0woPWP9c~#O={6t90g+U{LEmq3>e!$ zTh7N+f!j1(EF)if;d^-GQ>*_OM<4a6iMm&MR_lL*gTY|Gp#Kea`w#d3-^-KJ|MFw4 z)IFsl45ezMUC#=l(s`A+lr$lpB7f9G~y)9M1VdZKT9X?lf?o?!4Uik+Pw*m zdTieAfOgjx{~~`*z;{1mnY@UFc;P_|79_%)Q0WRFt@p`ffw?q3c%Jv&{{vWvPz(k; z{Wf^l$_ZWNx(C`HKLQ;2VGbplr{fnV|J0))PgZ}T#JUtyE%GnW@&Zlm zI{*}j+I}>b`l~Lq>R%!0>&Ut=#@#ElEK!!(?BvgvCzs=2&PJEjluj`Ug94TEow}l3 zP?j)nP8io2@(nf%lfdx$=+(*QSYqVMv3U*k1^jlKT;PYG{q1812~WD#Xjhm!)xc&r zj($FQeK~%6axpqRd!0wJE(?AFLUTj;4Z{!!>c;06XUBymWEXO@%jHM^965`#C2LoV zM4`M;q1q1SeKkILee~nYljjW@YrDx;w9Wv1bMdkSa5bOjO{^BT+n}}Wd8~%1j&f%v zjRN7Tlvh)wmJo~iMkg0F+<4ge0=u$r_-Ou+Na>6IE~XY0|m5Q z*ZaSm9KF2!Wqf{iaan-0zrVj}fYC&3H6G17TCk;*9*tfaN!?7VD#wl0Ed)lv zy?i+m+S}<*O=P)1^CFp`5b?{Gqqm6SX-SsnFkOze*-wRK!ZBYil1OaPJYOd88xj8s zaiJwUIridoJUTmmadJ66Kf3&7ooQKz#&N7EPZ`0tS7_M*->MroEQ3bP<>UqGKYo;e zGL0i6T7!11uWQjW3&{kA9{Rv3Jc+J75~JwLQ=v03G@|1k)w}`$xn|b0?CM*x_1Q)# zh;7b!{4+|gHjU*@us26Af*F+&u(fJUd3^4wEp}U0 z?E+sFs|%8DFrPPTq2(G-3bzuFv_Z)OpFpH-N`oCo+m&_i6-jiK;oIsbW<^t9eTtbZ zAnB5E;_ATfcDf18-#=SuQc6M<^4>M1J(@&4pJF2a@kBv4=oFeEE~o>V7PNjgKyam$ zQYYLHPkQ$EN+8jcRRS>IDk}$~VYH@ss!)UWsDcsVQJJI+P%kS`1BqNC8p7pHW&1S1 zT)9e^Vy_fnS^}0H$kuSfjFKcSH_RN+_NJ_-%2YFK)ilecen@AmQZpM?u$Xp=XI=BL zt7f}vGRA6pNo!4{4l1>PpA-sxlKu$LN1)wngZ8-n`SZ9~YxM-R{%C9)WBJ@L#zKa# zafoKQXla^6N9+wlbO`z?{*Neb_F)VsIFwGDMhk#}GNB#4eA(8{mxlHWLikTOL~O}8 zT9^niNqfk2OKYjJDrF6Ru<8G9pXT=e+>Q2Y`2p0}|M&KG`UU&{&f)&SgZ=+L9=H8J zH`aMSfZV5+*rnHOZgK~F#wxB1>Lp|REdbS;<(<{nvCcaH7$g11kCqI*Q|E%aZAH;V zVlA%&2jr6TLAo<>>@E)a2fGjc2@n1Wo3L+iT`}|>g3hS(^sdL&7d7qTp=8L!k<7VhQqH4*0Vs{}fD<70*y6u34?hAV z;oxQtIUo#R4lqkEUR8Jg8^RE;wyhyvV_IusnR^8OfxsMIBLE{!I+5|La@lx(Iuc9T z_{Z~~#{YeKIsWD7;`zyIb*1|a#axCzNl+f(bIe3TAW-9_Qzn8*!o>`{LEr|e%e4}w zdJFT8crCH>IWmYj0SkDA6kLf$ERbHIt!wQF#2@M=^a~9jKeb}W*iBICD8&7q_36Qe z`C!Aml?}6)BjV3&!mP9Z%~2SOdCcRr!+z7J#{Rc^xLdIQ4G#Br9_)Yj@_hW*dkU`c zVkj00d5s2N#^{HI=oWvDhTv&W&XC^I*2#z1q#KQ_OsO&%pV!jmGHaq!omHxAH!G^n z*D;%En7uin`uKCah4Gi^#?Iu})~fGL-`J8iDhM0Tqu@uLA<86SwCmnhHhD)n~!Pt znlhCI8uh;rz-fXY*_PoC&4<{cGwl`yC2to)-i>pkCdS-U<79<=uVb-nnpTvy?bDCSJtXf%Vc3Ee`(BKs%lqhuBw{>~xK-7LBPZHQ1?(823+VcINnqj4YeRJ^= zOp{1myV;EP;_;#4VZh_iWnN3DI@@rKN`rnf*F~j@f7*3UIb2AvQ`$15U7T(eQVh+z zJD=1oBe6mMuhsbC=BIf#tlTzjr4O>)C3n~X*`0~C9k7)~34EJ0s_A^+Y%o{d`nENe zmOyShph~)2Af8Z_QQzFjru?xQ%9nxJrsjOU}C_q$bo$6Fvo-(B>83bl?=(XN3c>!MSYRltLg7T;Y-3E_AfPD_y@@+e_ z(m_7=IPv%#saMJ+5q;oo@a+@Pf6d0Egs+=7=7=56DNEDu0#7y6I$oDY-C~JQUp!4l z?wmb6Z^&19>=_G$IxBzTu3bKPsBc%Cgke`NpSE(pmIX+3rLK~=@<-F88(@@Y&SyArjPZ@|qh$8?g zg-fwjSIo{jz$c3say$u4zXL4^JuPXua0>B<1 z{p-n-+_W`Z>iWywQbt71| z-^=G**46@ZX*6cmeYGAqodQNWfGVN=9j6KUPOVJ(RYdq)h~>xX5?svGiTM++UMM?q zeP^iK;M?YMviCIO@hcK?bK+K>8Dufo{0PQeZ1Pm;yun_#-v-{XW#jT*Bom~Mf4rYDHzz>? zPX5e?u>7gz1aauOi#T-orsw}P_MiM#OU)`uLNviqfTLNnFtD2Z|AT(Nl>dLXzxQDO zxsPYX_T6&uhcSL@4l?Nk`tlY#Lh*l~$_V{ToplacS2zlWK%YEbkP!W-7^Ss990rg> zvA||4XUXH=Vz-vbjNM>|Y0i_qEaCK?kwoRwRG|Tr2t|AdatH-uYcDMr;uXzp z0Z?k~%Enn4bXlVAydSo@7Akp7pMt3mc8}DJr0euqWD@$9OUu`Pc7ylBlY7>Z|GA^K z<~VBPfB&F(|KHBe?!n=M{J)RK($iM00S%9L?R6qs4P?1jF#cUE0*bz}b5~8vL1SO6 zA^0TP;>k-=ElO9Jk?(H&*O~v>H7n~0fV%wu`+K{^`G3%VnE&_ktgrvUIA)oum)&H( z+3aqjuH3r}V6nQHfSH@mm2)QK{`{q;M0+YW23b{pwXZ={t@S-5KzhMZJ_tB>ProW) zG{ju+fb)8L0&cssZ*HQFTu!(q9wAa-1UNeh! z1%@!kDC@Jzrp&S}b^*Z5f@Zztvf->U;n)nNEUzWIWx;Nfb@M?*bXK*evUoV63mi$N z`k6u>o#%51?(Fqlu|gmV(Xd9-KK`}bt8x)K+sXq{>Z$6CALXLiH6l5(suFvY0hCgB zSPap$=jD9J-vwiy!ksYY$=?lQp1Zyy#%^4W1tdu(FG-#Q%GpWO;|K*)PgOvedTtvQ zrXFY3l04nj*+gpScV!l_zEtHGDfe16+HK?-$>Vcn9LXW9okWF*!aVq5o`NQzt5Ob> zJF0xYNxrYF3k}MZS0x3hB(p(k5cRCG+Y}On)RDG2O-PB<`eY$>2umqLEF9}k+-*(W z`g9^$&zEFWO=^*<@ot!4q>Q63%}5TRm2AX8?W(Ixs_4$`$s1g0QbxP-x{^Hgx@YVw zOUm%dH$-0($=6>w)$djctxkWk2AQk!jI05sIyXX-cGu=ea3IX(FDN3} zFpGhDKHe%UK2K^XD7{FjJ48Msq$E|=r!F5Z-<-ZLsxLVSb9RU$_rG}xN!iWgO3t2s zb0ujv&&p)&xryB9G63_`C26mQydo)k+Mvqh?A2hM$=FjCSe2B$8fH}zcJr)A#$FB7 zm3-Yit}OjuoG}`v?canmn&<0Zk2RVk>R+2T8fNHUlQ|ls=C_BF<+qSk`Sr~cx$^9% z@Cy0%)wA}-+!-#N;cx_Vo2N3U+dQt|Zu2;Tyi>R|Gy*2H5uCA^~ z+u-Q#Rp}d2Ufn2-L%EX*6SGo>%e`FDlQG3a&Y=)8mOs}leX10UD}a<}VL5M?*G+9l z;)zIrMmaN$!jRe*Y-c@BnqMt~IixehM^e5tp8Gb+;-FN_^pfSFkc_Gl7o1MTs%j~v z=1tx#vI^%q_&5oXay7OjoAq*ItVWcj5E@7@`SLlYL-4Ty*H%vAh7;H~ZVJvUT}^ng z!pHPWn|N0~>)8Ke5(JphMCJ#YB*6?da|EdK{~YWc7X3f>2M_lDdwH7K|I?Uv+mrd| z{8T#yFz*-0Ks%OZqTcnOcTR%mDX07>Ii+3nBS=f<()Tz^Ob~|y+kC8i4;)y27cNG| zu)2UB-bC;k;!t$-5DflUE(gCG8Te;@){*~OO@m5JYwiP9>;Jj4Uy%R1d%F+$pYG*Z z-~TIh{VMpV|8d;Eie8x2j!^jtVL2@+q$Mw=hTc*4IR16>Kc77$3jkWj1GHxT?;alP z6zBiWVCP}}-^U~4amBQ_Kx{<>Wfp$yi8Fu+CAsnWa^KVP(wGo|Y_L|95$z7R$LjJfBdj_*(BQ!%4K(rtc6BK6e zQul3UQ=}Y$b0y_WnkFIBEiCgsjAK^f|6*$`B6Lf$H+4N_6Kg7Guj>0bYgO9G>8skY zEi_*au=Q@U5kgUr?XFW?IGRz!7^>)J^ns&DZoAv+g}z<}M>8#G9a1QTxfyLXANiC- z|0WZQH{@SVS|Y?*ASGxZ=g^;9d@ewhK2+lkmM z_+H=lbT$-P*_6IidBo!$OS;aRIAv*U#o&0k~ND>De|U2i@#L3~x&gvL5`(%2^y<@zue|CSeu<;+X@ zn7{+z%0;wBvMY!0N`v%RzsF$ohv(j(wbuU)69Cl2|L^bY6xaXV{?5bs@4YAk*P}@3k6#tx~19O5qtJ!?e2M#mEHC~N$~#NhwMA!4gcUV`!*wO9JIe$ zZQI=Wv>}wH-luB^6n*hz1XUrhTT4Vx8vYfT2+C#GO+`?K@Q{nZko3pOMR3=#*;{VN z%DC)5XMTmop~v>5ULAYf%rnW|bi+(Ks(e+9@v5NoHKN1iAwp)@R%Z&@w!a$u%hS>2 z$?My~-9kEmuPGbA*~^zF$GMykuTCy6PLG|PwAQ(jaeSz4je~~E(^n^FZ=8|+YteA2 zq69ai;q3hE<=M}*sS)al(8qW6R5VFUuxd2#KsZ#d9LKMoSEgU6!lfsa4hK3Xw87Ba zaW;UO^T9M&#aqA+&mo5+{GXM4Bt+P&qx12rqyII2esp;>I{n{uSwWiPU6o4UAz&BYJTrq5dPf8D@O{nW>Q7ybVS2mSpA z`F|hJmx=%UQv`nI0wS$gA)g}1Q7$SemXSH)R}u%}w|}r#)c+0+1`qQ8KAw#;d)+}W^8GIgHK7u}|MXt9PtE)f$;@&4|F-Xc z9u&`icJ>Y*=KsAs1yi^f?=9Z`-%x|hxa?kJfQ8O+o&&%m@FJO@5OLs>C_+BR*O)IW z&v~+}URE-%G{u)A2hB}-+9Q**e9_q2jpqNFXF#>*KZk>&{jb0CaQ=HQ&)v@dl}ANi zlNi`)KA2SvyTxJ9>i%k?U^yhs8uNd%7*3$1{9HS6N(ouAlcWw)ae}#%(Y(B--8;WG7x)4EW z@*EmpO4~PF>VK}`09`O1iy1Mt+7XjLw$&=AyH7%pjma0-GV%lmD{~2p!7kMD-qUXfy{AIh z<^26)NFgV52zuM>?OS(^X}#4c&nbxk3`0QC0^$fqGc8g(;0A$!fQWE&Sr=h0whAbT zbI}Gf^kHb|eC$1a@{sc9Pw_O@|I$3Y+t&XMb`DDCKZC)8{r_H`b@jhOjv&bsqsI5{ zti5BoXI0S{32*0{nQNuH^cTwolnt=*G#cg70p;KQ;gSMnjlc8sKqVgdqvr<7`t}xy zfmUU=arEf+Qri@$ug+^zELcuz1L>>~U)eR8JwL=S3c4t|{-F?Rm6Z`2uODP6ol$Ii zxqWM~?N!-xigZ?_&iTWol4+YEL%&HjC+XYQ#Snnf5GsE^3#AnV4Q;e9GBJSzdn8)j( zu4MQovv%#!P>b~*4kYg2X}fe&L$InA^`r^MBj^UxTv$SO3BP<6fTo^6mP9V&HClyDUuG^zF*^SEHM}Hhb2X z|99p8)!#oX`+w~}#Q)vPQ_%m#cvt2!+ln99mlFhvwsH!$m2Li`U!~N1{@sx*F z@4?#{{J+?ZIr-}xO##(2&f6QUY8A?o>5`ZdAF)*zRa79?6&n$eYhVyD;{l*IEk9w( z_&+e8|3VmljSP#<)n7M+UggY@((ZHme3gkZYwE@(%0?hIHc^)5<2~i2&02NWNog}o z_hIhLu-%urvwm`2BoW68@T%c z3Wz=xYcR#c6J1{%mfV0eg=mI9uzotBr(c^RVN2GN%?x`1nk2IVNVa5M^|@<*ZbY~0 zKo_CvOJgFNO$u3`62Ckd#G(~o+Jtt*{X%8L*QnczA!9c|5x@Pib~L7}=g%lf;^OGa zm#l8-t4#0SFf+E(`Jv%v3go5C*7kqR_x~{oV8RLWVTkA!@Bi)Z91cqMzr+0p|Nnb= z#QwjM;l+55d>Gj$y;&1hWNF z>RalpnWtEta46r*;xWe>GtyWJweH;l_FhB2#CcDy^rO;ZzssO~XUT&Fj*h~R+@K)u zBIU{b#2xIMRnkkH8IN>StQ=^!#|m*Ze`$ zBOpbBRN%q+>2ok86a-`@IFki{P&~sC2oP6k$TKk6xm6B?%<`##umJP`r$R&MNnbyJ zBMz@DQqE;cP>a5E6OM5r)6SNpC4*xl&~qib;Jc^asiG*b@7NfEU*DPcZz2Y# zXtZQL52f>ftYhgcCU!*LhREi4%C%EQfTl1B`B6}S9VKDdnlj~qph>w%q9b+`Eroit zjL{IhN*I?fTQlt)_3OLTxic56a!ew|DU@zacVq}MXM&pc)fe}f901QLi5(3uv^Tq4 zu-x2}F_BBfZB4YLgBADmTFZMuFZ( z0?D*3hF%H~R=khGZHP*aU9Cz2r$et*%wF@#7K_R{hxP&9afEI=|h1f?5Qdb+0<;8 zz1jnM*#*Yy&N?ORW_#$C%I|R#-9Q=~ou4Z2JAH3e%RUUyso8vr_}7|+@yk7HtpA%O z|89`~d+(s=|1;R%-+5U7@8j7*{_n5d=)c0YVR(9L-u&qSgp{N1?S@JCEtVEt8&3iH zt*&hQC4s?@FocnhXj^xr^=c${9&$xvD*cqEw-RhsZM%U*FMv}1bg5d2x3Zs9VytI_ zodfmf%CzXZ*cz$M3umGadCqV9tS$fVApUEAw;cbq^AP`WFVFU3yMF)6z#lr%cg0gP z|I-a;Hzczej%Hn@NN>~rGwAnA{-1{r`9JUHDV+a^@g9lseyN7rlk2JR5nB-qDtA}6 zz9^u;WqCnT;>B%95T&S{#qhTTrI|v-wl}4}4P$(TmTm9}Ob+%?F+~QJv?{u)X4uh3Byf9 ze(tG}|GPUorSt#YornGZy*%>%PkoGR(qq~8fNBYqOP^(A$G4osvTXW->Jmo@pTC0g zqx32M{JCWX-lWAk;9H*}A&fB$SryvzBn*$OVmd0PfbKc*lZ6oL24^=bHx@4$;uSU8 zM&7q`^myhqXb#B;<^m-1+JXc{7a_*r3<;Pq#Sx!^_FvfWFRbkbpAqE#oMK7kesjVF zIqf`EX=QafkyZq4%`a`+vC}p7C4A!juKD@PuxgQczEuVfQH+^#Eae5+fMUl9nnd+2>)`ex zZ**~i$AIzDoKaIe`!^F~x~EdM^PBY|><3l!UY{EM@3yL+eCqc9 zyZeRnzrmq+^`QUV!*i$G`TIKvbZq0BZ_TZYqFdRWSHat8gKjm!ahr!&B`(PoiZaaU z4TlMzce(ghcO^&$q*>c4Fi;o;M`1jNuagDX-D%P|y&t$jVk;msuR1mX=mV$lB)axk zdI%-eK2goYZRyH2D8KY%`wAbY{P*T4T;N$mDB1>&I{VK-zu^Br*x!A)|NnlTN8lWC zj%dUHCqRw4N|-!Ja2Vid24d)6!5Ly+>k+t|V+L3fEB`t+M_~xWG*vP5IGT0jg*qHx zBN=#Oy@yfIdITaglZF)VIHqWdKcGMvW&VFpJa86;OF$x7Q;-B=L_vrnGKoT@?uKm80a}E$^E7 zBtX4Zh$D{Z_*%&^nYY`=y_P;qmmSb+g=9uNc0K!|V#zuGFHVl0zdG?2!FF)0p8xxY zyZwG){_pJ_Jmmkmm*)|1aX_o}3kny&pF_%}a~_`~FcJkvq99Oa(^l&^p;YK#s^GO! zBmrjN{lM#c2M6z4t*1|aAqy1485%x)3jQ|dJZ8gQZ-)6inRq@~^d#K3m~q&%XpwaM zz14d3NczTODt#4MtMv(7WXbtIf!FFjGp)pePpwZ~>-m)XkNDO41Pl#gm9zCBOo00M z3xWZnr_sNqTgpGsWKPJ{WAUXsm!G;=e|rKxfxg%Go`Fv`sR2+bOsjPo0YU>rg>+?! z^dc2H@)BrS0JxB-vi~|@NfPk%=^|nL=~EC>a*YG!mO3S2NN$8MzJ?UTiA-$RdJ5i` zRLb{-xAwJf#cv4>-?v(qb0KgkTp*5UbzL#4NJur4P+vDd5G6>|sRtBmC|)^-{*@=X zz_b)C0EuL2pDY$I3Z!%w?3QULYr|YaCNO|GfuJrvOWk5#ff_f=&wJ28SV-ATUD_ zqL8CN0$q}%111TVgJc!-=TeVH(4Pa27YM)zB=L;G00|T^qEkW_DDV`wnZXwzpFS0B zdivC6C&>p;Hc9R-zzs>l08G&DgbhmlU4kK-buYYR_~#Q)`_0Q`EX3t=b%HN{F`r`T zfu0J_vefM6glg*(aOP?e`!7O5@Cm$^j{5JxCvYSrMSy*!^^vI%9(<0d76T@4O3HCa z@KwrjDGC5Npeh_482sj{7JY{Q3FvP81m3rQOW@MOq%BAgJg0Khq-8k)2}7O)r4j=b zQfqtyL?&|-z&?JK4Kbe>;v7da6$9BiI zI!VX2ZQHhO+qP}nPCB;z{CU5>zS{d_*FIUtYt>yf*SzN#*O=T{$oF9Vt2+z&ErO*e&WT0?t# zKDr7t&_My>B~8DYeZ46>#lNIWu<4i$t5%>RklF+#A$BJJ7K83YY7cl~@!s+I;r85& z@rbx}p#7R+Es}!k^@#Ouuh-i%iTP^pIf{dtamPiifwS4ahn_=&I9sNd+urpDi6alC zYPN}vFAzr?7dhjs-Uq@JpC`LX5Z*@tqeK`-0Z&kjc$IK{ID)uyde69ZjKGX&!xd(> zTr@9S*8l>l50W!USqK*4#AS65F8D%bQW{7Ht`Z#Ir-_9HUmPq)d{J!)9#qHD3#*k6 z!sISB3OE=2!K&@_YElAJAwB*dmJoByP-J|k^Cnqs($_cFViY1qO^PChGjo)L6gp(z z5pAGYMn5?p`%+RXhAFck@=8mcOt`%^vtVwb`sap;B7XN#;x+^$fTCj&X(91_fz2^? zN!B5vuMg7meI~_J`5dAMtb$UO^W?EW9bXNaibOpatJHKz7Tn|6ZB<8XhPkk>gQVEZ zb%Y|Hyjs6XD)8RdJrAQYvyyy4vd(|f0eAa1{~UqXztA=dYjNcq3zf0tyW$)pLeFnC zmH5p<*`Nr>%aJnyq{3hsq(oCP!5P_xRC48SLpzH)#-ho65pW8}5T6nFfG)*<09bX! zaVQVv?TOfJ9cYCN{a!HDUw;CMx3jj@8~URpui|^OG;9IYGRSgN+@n1F$B)`N&Dg1P z#q5DRsU;b3Y4d1uIc=vaM3;)whQn37O_WlW`dQOq%pW(H0_EcmY@Pfuqs2hkM*JUd zJ(AcVrS9D1Z@8-O%{o;I3 zzyc$I6`!45*M`w9)w^8dT5;0S4%tNXP70@d0D@IcJS(SLern?R8atFSGYm#Sz!B_% z7J-Qek0$k7-DovsEISFaGbkdOo#MIPx3gr6{! zR7%Xj^K8lvxDja9SuhNao;34{ zbpU(zY$o9hRc$P1H?F037ez@0i?)$p5KMt3SO5iyX4qETDL36w+JTzE^(V+&P+LUm ziNZyWPz_q883coFr}>XE(f*>_YhGG%{*KpyHEAniw}IY;(%UtrSYMX5He1O;mC`F3yp%#qMCz zIf@cI- z@4W0d+(Cg5)zEW5zT`-Jx}#2rlZ)S43jPN}JUVs(Wev~VVD(5CQcJ>x=>os=KQ$ zag0mxN{+fr`Rl+q`(P~uZ?fxK5BN|m10OtA?UU%w|3$uTdX^~Qz0Uj(;i6}5*}+7K z3bLI0;ydio{v*B?tONcdz9M(Z3ch2Ftejb9qw-ZvhO7pB=_$P4br=w&lYmzk^SKBU z!Hm0FIWg^|mbsY^QsS#@ho!xrR-2Af>~~kPEQPjOcw4cbQ{X$6!>&gPG^1@j$+s zH8wx{zVN^XikDQ;taE7V|t+vGk9)Px-? zYyB^rwxp_8o9|-PL1#t3Z`zZWdmELRSS?McjY6EcBUK=3?Z%yb=8M~xRq)b#!uME* z^5ej+_VacDTjlDRzaU0YtZC}noei>!n+&j=w;nuju+056`O(O#wO~Zm-Nm&~eYr0V z+L~m+=MpOGoB;>#`t(HYXFwmcglJQDR@eT_AJtqSet!s8L+UXzVrWWtz|)3_v|<#` zC?(OxE%D_Qy-Sa70Aa4#lg^XOM@|`taLlb$V@4prf2i~r9e3x;Pf20%bhBJ$xd^+% zDUbrcw2o8H$BMxBQ3SkwYvEgmOp{-7k57M5H}1N`ntum4p=oy>+ac)@UFoUi7iO5} zn+UIvv94W9xR(EQKVcMUM%%iN@&Ny&%~fL`Y1)3c7%{s!V(DajuFke*A8Ff8ydE)Y zb-nI}DZW6{(libJE@(6lv=pW==%D4^!wylqiaQ#h+^%|*Ccq=Kt-KZs^nlzFz;*^I zNSZ^q{hjjCJz+%eCsn!^k8~<%z&ymQ2Qw&Fq8T4kWe&%g9>7!FEL{POrE&GIm&&9J z76eVPXe-7tZ0-GzhohDzpNehFs|~_>=Hc#6yr*N9CZC^ej9cXB9d-PQb&4wj&Smmy z|K3K~_06J7#$A`|86Z$)~EBr2pY?M2IU^lN2ADH!U z@Q+PdI%U45eg%{wM>cm}j(8jB0cQbI=T&yW>x83yB)kQT=qn*y-JaXA##L(z;I8)s zSr)p;Onxn4{VCMtFz%=QJ=glKTB%vlhu5TSs8bz?^|)#6DKoU?^XXXGe-&oO z7i2xBFpl~$?Pd_kQpM)Sx)+13(UTAbLN?GuMrZ3@N8@p|KRTQ3vTR*@wO@PnXEzaW z!E4zoNo%n2bo|KE7^04F2Vwc0v?0DuTNP>JMom{EJx$ThhV?Ex`_gxJ_5gdBMvo>+ z^?<&SdVyYkYn0_#6Vw%-Dy7I3JfO-*cmBMCt7yXev2%1pq9}TT@JFK|ad0=D+VLE) zbV@b3neM!N%N5m$eoc)V$rco*+k@Nv7fm)5enFB(9KP9XHyXu9Ms9LY26c$2u$!bf zSiMxU^DCiv3-fK^Dw_?tBw6_pk!_wx{Wf$p2%-^>8SRqCQp&%^1NPHoe0-yK5w5em z4Z-Fo6v4XTi0OQKjJhd~|KZ;Jf1(X2gBQc3+*Rq~9kNVGgXZC;kfVy>l$jd~yXN#s zT|bxx2f%>E#8JTa*1vVZrZcaca99K{H)hBMZOYBx4VkiuD-P$KO0S8EOdsJ#yS|6m+TxOFsR{-nt0)tN%OpgEH} z)}U{hKu?~a=t$3<-k-h>|2*!&y4u~$Pm%beXELINWN4Gm6T9$5hwVz@n^iD=>t4+# z*f)*E%7hgj1uFO(Vg004@kFI3yFl>7KpU#TrFF>bLm5p|>@5x^)3ti3>;m?tp>&5@ z+ukMlSYLWCaWBzseAoDS+}Z$7Iytcf{_R)rP01Jq_lGu_mfDiLfi#9~bWI2NP@>*n z>dW4{4*6*p)Fe6wV_Ia#R3g=pL?RLxEX4%Z25xPU`}=eup`DmL8J(C~0dn_>I(FNw zpFd}QpCW=g-QozYwEdO)5xDSW`(yZd;oqKg6z>Dk3GbE2$U}liD^*=ui z&P&ol88&#cbna*T>yQaSjwbT0WetulH&w5qiZ?ip8->eAmq=oQOtSD-Q*_X|4~!`p zND0qd%ajoz*7le~cuz!$alqkE+tdNNB8rnyGI)Gu2#(SxjZS@glCD-$`Yg1fJ8mwe zMfGI4U>RL$!o#74j?Aw-OO(c(EMjf=jOUJSaWQh<<+&V}6J0t%dg}(1nGGR*38z`@ ze6pX+JU0!vomt~c%n8Zq+yLEeXwIE>pd)IwyL6va1AFa*J>i50a`ot`tNQzzWpIA- zNHyp970fHMG!=|4K_yXO`m(K{+4}PZj`W~4*>&dxyBaIf1~v%Bn0Pr;FgQ#yCiFzw zv0vvB*Pd0+DY8rY&>hgJ5K2H6LG3E`?Kx~T`C>FXEa7W64)o_q0EU=Ow0=GRmIk1u zaX|NAV8Q3^F1J_QfAMV|U@{~!;&EcMMavDc9!KlM&`8mJ@-&UiV?w!-5-9ao>8Jz7 zq;hCL-ay>_Oq7xF4Dx4A@h#0oJLL=`zyhnJN$G6zEQ82`3WqTIXbc1+W1s*e4O8sg zpaRY)ujc7Qzsn}AbWjphRAgEMhd@e6qQ;npr?c*PK|FO@Ilq4v#;mZ+DTL&;$uaR= zni@9n{}%E+L@%a>Baw`0G}-&6C zJ9fE${=5;0a%fJRX9bi<1L&g1EIJPFsXeMN;-nnP&yg= zproq|W-by_kA-Gwr!kxXM7gjVMy9Vs;sG{AHBG~j97$efm+`%l;kmw9_qy*h`Y4R~ zV_W#67H>cET3*T>K(DVGhueSWR3t>})Mn#R#7dLtTogkwy(Ki)@^|m;x0`>8^_%wg zU~S9XeXz3{$B(GR8(l97bq^O+dVYc0tw#y}e82nyBjNvK-<^r7NgE3eQlac>by-R6 zWJacL3?%46JGb<2E}9dVDIr@S-0BR1TS&S8^=24crF6(arP9CZjFLXf&sPJk(pO;j zGc2ic$^xQsjFU>`1Xb^uG0}z?WN_Y*JuGy@OW7EUj{GQhGVYyAzKqF4LLtWF^tdM2 z2-keiml)1zle!7kqOyh;_rV1@!_j9iuih-0sON0QYBWlaX<^LK*w*uv*DN>SKN7;y zI8T9Cgr^!wsK6)1uastC&AGbKKAtk)9Q@Yea-^=m^>bqoTTFcII;KfVmLt?Q zo(}nKnQ6Fi^@w4tvrSr2JqLjoW2fNm41Wd5WX|^XaFPCvA;uw`MoU z(VUldq+j4kOD_Toly&Fkzdlw}hXu3Vas~@@PFDh0A?-}1uAOQP=Mza`ZyXzLhL={g zrRKlGe&|L~)Pp^i=3{RqR{G{+{g#B3lCRV_^Opr_S~#&!%ibIAe6(9-*||=lshO5G zU`;P4?=4u`Cr|7D#u;3nlG}&Fh_1R|ymR{G+Re|udTazmgQ+FCaSr5C{N(d+KT#w4 za2wjoNqRgqFaMQL%kGq(Rcg57(s)-Um;RYK?bJ5Xa-6sZEgjjUp?>nNqHsQ{)LN6q zu{)6z#cOABf6G|f8KjaIeP&*zlAl<+&>+@HSbuIoz^a3Y6vA)Jye$Et4t#PJuQa&X zkx*Lx*Ve7csf@k3(HIZ$=6E9{SWW6R=ZYU(C1dL)+F;I_-zhV$l*#%gGrV9CVH|SI z@3-z^8N2vBiG0Z0-8aU5=tMetkjYMRu~$|PKzMe6ecsK^-tPW_{J8PvVSKDL`lc9i zs|?1tpNSc*w%tIRo(pZ;elMvuAwuQ<`x|$9qk4sX6?Cr0V}wV_gJFc1%irh5gRrN` zG;J33kWU=>>eNmEId17Wk8 zqI!k3sGRkV7#bOr-%oe&8Qf1uTj|!%$?cuM>%ow4nsdm20UVp^Ha!g@2gR`9WAoEOeU#Rpy(`XEE3r24M zvxlRA!%tg<=#P(HoA39cmm}XW3?>M{&mTuu1b;1Zc3m&vy*6{EvzN~uP_&$|P64(X z{*UF3^L6e0*c2G-RJ68X7n4?*3qCE?7CGBbaD29Ug(ci8@3;ZT`~HuEUo5`ktr9Hs zO#^6|(Tnb`HX=_ls2tignr8LBOOxYstXL^{Qp6qVpW2BR-p~GR-5psD7!i~a%Ji{@ zpJ8%tQ;+jy@{~xqP6c33EhHoDr>Li5;t(9|&`l5(dAtmdl}yUt)o&3+DKQ zqT%}_<@?0(BJ=0n+0p8Ar6rAeKhLkvgf9zS40|I{97Jt}=b~Uea+ch@*uC zOiUhT!pw+43dbPjRNU}?#%We8{6Q!5mFuLrGY~}XY8Vk-qM!L;FC6d4q~{*%qb9@( z@<2CGUUh5waVr=apatXK*RGE!kq!Y^d2#u;eYwJ$SxC-9K_D;&+4YOSN_Gjz@Tp;U zg$z>ZA7RAaoWe4KW8=~&_!L@?McoUY7?dzbU*N%!l6dT7WtQB`W3B?4;EGR1RFs$= zl5J3%vZSWxXUahU?CmZ}f(sbj2*Q5x4#&r6kbA?H(s@Wi3}G2gc70h3y(MLpdl80o z)T`R-h#Q{q@DdMlq9iBEJYD#qho5BJ;y@XPu3W_tFip->h;IC&e5WH)H{!IDOdZ*} zw4EAfpbinI@ss-!nvz+k00cd-Q=}E8>V(EvES2dsGyw=3In0vBO%F8@Umfns(p@^+ zd0S=x^}y@;(lOwKigvAA#_zIOMq(vce~tAJz##4unkYPzfCDxciutBB6J&*6bXdkz zF4si3N-5WGt&(aqzdgaObT^hQgVOGjVlr-7Q2q{yFh`A2B!i6M#&&W!DV5B5Vy{Z} z=hVPkd`G2ZLd66IL5L-AU$c;pzGF=vM;QV;>Cv#;DbU|goz} zm&^V2W4HOw37ve>yCPrfoyT1$PWlkx%6MikTpo3DQ+{-CUe&UF3-zjE+E?y}4)QEI zR#$s;^<_g}%;bXbTQNQ<{WLih=7DoS=`Tq`TA7$wPt+4Q&Z_!`Lb@MW{=!nGF}baG zW65L7Ds8tOOn>@6QCioS*9%Ohq;iz^pj#aG97PVI&yj$PZXRQlKpIXWQY-HVb)eTZ z^vTBY#>fHz^K7OH)xWw5r;ft?wL9GNgMxEz*44j#uB*WFH=zR3&blB%q<%Lt!Y!lB z0+WOr3i~5sF@^iE2+Qx2w*QGj>|iAGKS4!t@oosyZ$e`>#1jw$XY*}Pq=9`0;8LEMKOGr8MGP9v$ zfBIIZSi$IVwhG;s11NE|GDad!EQN9bFz>hkWaVl|-M z1z**QQRSsH2DO5t0XPQxr?xlpQ=a;I28MnTygaC3`G(NyA*d??YAcNbiiGZ{lM@8p z{m58wCyc~@boBa5s+d!q`oF4n!vVr+s6@d$E?1sJclsP&E50i?XI<#DiF$*hVuDVF z}?rV-qaZi;J{2iNa-Q6NFsP{ zLx_MHwJdGvbS9b@pdj9Ax+8U1o3ID{tQwCCA4y^u2r|E0b}E)wGa#22lfNqBqOHlE za!qaNM(B4w-I!8RaieszwRE!ZV@C=TBU?*HDGpafYh~`K&Qo(zU!JNc03;3L=yg7T zR>dWN@ZFEy9C7wWA5i*v-Qy(t#hCka?A!d${Z~xK+mEkv#P{+B@g4Eu$K+jLU`U6b z#4HE*fW&k0l3Q*z42bP!zp}v*MGxtHP*qwyOZ=C%bWmN`-oqSo#eH`*bZ4J%{gUI9 z3r0)?Z5Uw$wGc!8{IQuE2qF*=i9Xqo_!vfjk`4v~o+n3{*P^Ar6L@m<{P2|Ud6(OM z;ajo4cVIoG3FzFu>Hw^I0DR+0ed^}_(38Sa8o70|cW%ciCAmQJ)4brVS;( zv@VE z0Jfg^m$4o0*p4Rvoyu>$oz0y(0L1&SGw<+5&jRun*A0Td^TBFks>8B=EMpii9QWpk zR@oI|AL7C!w7lCA(X`SDj$xplMo0_$NQ1^&8j7k-e_v?Pbh8VfndqQBJ+E9kix)!3FP=W7b4Q+Pqv>#3zE_A!=sJI~r!{_aXS>jT z4?eHFe*y>*!`E$@-V_k&I?=-qKWAGuUAR?#UrrpRx(hNaDT~>wix$`vVC+qm;)}EG zTMTs}TbPZI8skF;gp&ms$;S+0h=Nbrr_ooNGCDhF#P$3AL@^kVh$q2|7RxT(+-NXsZ<;A<9&G4PRar?ptKMWtkF)TL2~ zNUL^rbTDnA0o53cMhe>dnH$?9A?LPsT+KYF{P0JYPQ6Yp9W#DfFbp=h2-UD$?GY%s zFEo%5mMW8s_poY)15T9U@=-C+upUUmp9KF}Xs73Pk8Agp(M|u1?BkIcO8Qt|t`>`v z^j4|A#(r#N03_>gRdD*OzIV?qua{l{I-c2pe}8h|r*Hb~1v*YIsQJy?v&GRXVggju z{}@^O$$qTYmC*q38|=yyg7pX&{9sCG0A%755W=@!33`}8e%fO#2SE{Rw{&1{9)Yr8 z0jn5fDN>V!MT^l25fItnLVHiLUIbDT`41CsJVyAxlb45rg-`@@&tdrB^Z9=(9f_3b zWV?gm*(gK6)t9GpJQ7X?02e_Ld|O!! zi7CrljEO3O-A2u}rB*DVP(=oe|vsrXUXzoP=dXXbT~UWC`oqfy~^B<`OFz zktkW;wb@3Bpn4=T!1=^<_8f6;3I4272;d2#>`P9fEXej+$h?n`Foe+V!cxMuuP>Al z=$inT1(f)mG4U=Mb;nzCttD*FRbg^s;XsZ`d{dFV5$4aE$#+3g1TIo4&;P+DECpNr z*NJ@0k-Za}1n1c&I<$@j_nc#U<3v*llq_1^54>_Mjh&Kp==DcUu1(-+33I$I{9U39 zrUl(wzNrud?US}yyAoSn1a0er*9c| zbP5{{+EA6zR?s`mpK_JRTB;&n<2Eho&<&}hA5|CHn=3mtZ=1WCn`UVr_u^_7bRK8! zM&K3ay{o`h2%PZWZIqu8#Z$PbOj(7(ElVXx5nE^SO{KocqF;?!1>+ab1MadE-}dv= zu`2iCwDp!pPp)V0rBml7w?Pjt)e-V>d{WNuw?TWL*>(+laT0r^se_cLQsAMgBz9G@ ztcoKg+cFXKC*sQdC@eb+3WQb>JP7+Eo@wzy%DsmTZCYh1>tmImdHYVA&Yr+zS9JOr zqoAF7?QN>4y6$CdTOV3WA!ce$Kz^GPeSAo#NSne%{nQAlsWqFlP*%n}(PwMeg>Q{H&a(jhb7$v0nH zes{u{N^s&+z;G&vN8!JL$66YvG7`Sgl?1UN2P^c8G|xeeE_}CCHcL^>Wb5l=D?!l4 zYu8mjRYmI3OXD-&J??^zTys>z)`0I@l_FPeiad}kUGBwXTE$w{& zRHC^Y*vFx_1H#ivLJxZi zC?^wDC~FbiB#WnonDv+FNivck@wloY(}KVrUX$u_nRg4Y{r=6a9FO33QP}n8zy^D^ z2PUTwu(?_N=6l_=X$iQ2bno$Tew5DJE+Zwery&vXb96NH{(`w~*V@Bm2eq-u5`mBR zlLTk)Zm+Luk1kW*J5AF=+}YcExXN^@1ShNQY`1?ac9rystH+WOH#~sS`NJPbP2%0g z>JmShh5Zl`K;Eb*$0$5HHFMm`3DT@!n{t}2utF|hH@B6tF#|dgzA*_;J;Qj{MG3pO z**ZI}pq(<~+o;JbvC{zW-id^;%p-}Z9xz%>mJ(ZdR$PRt>mX0N^dv%a&4T7mkaF`) zs~OWsXr|HJCrCf``9`z+3kplF;;JP z9~-f@R*qvm30C(cno80tr0cn=c%}Wi=eJvX$kySpvx!5Vy27b*j0_2L_rIj1n@O#5 zxWqPKN}meGBm!Xm@z{U#zqAef&2lbx{4yPtfGg#|>1H`5dCQ&l$5Gi;1#k}v+^MK} zSg&ECV~Xv8ma&&R|GH|})=j6Q@ft5_Qv&Vi!@>L`W)Izuzr*+VKw`)dd{D*PYX5v5 zzm!>4ZT)ESqX&&-MV1n8w1nFS!ED!?@y9MPSQw-Xrnp}+R`GmCn_OlYaGyk3Rgheb z3%+c;jB&X`k6hJ)2l3~Y$=mQ-q@iQl>M$G-)TF->)k&usmU^F(?5~Nd%tmziY5S(5 z8&oIQ^Sg{W8F=eXn2ygAJef+uG25sj#2{${S7{ykeH<4xi$o+s>>Ld-8q06!G0LsB zDl7Mg8GxA2e-TmJ{^WElvo}Pa0>(IiFlva5^68(`YsM38ZD`Ki9yG#K)TB`tKj&*A z#p#~4cDPLRJ;;UN#6E;-Y*xbQXXYoqhayJ|QQmo9^)3u(y%odJ_U_}qO2e-MNT~;n zeNi)#rE9~VYyUKX2MhiwaENdO0Z$Ypc>VMZ{UA824Rp#RxOs;g+)9}SJz4j?xl}#? zSUGQGJAa-)x}&!nP&)A&T&1BOis!n~jW5V2Q7Y$FI)Lc7RKa!?u@S%Y#trG8ksfw$ zfw}iPuev3yULY=pQ{{_h)xn%7`OD^r)UFq-kB7TUc;nfMG&D`5J4j?}Rdh_-&w&iu zX*-XOq}6*Zp+If$c7>^M4M^W{M}|V*otfa;cl(a*o(tiHIsRR@OWNSA%ckwz?=+BS zyf^NI^yUgfsYvk@MDCP!4^DB%FXnrqmGb`!IT3%F%d~r|gi;S=f##qYP_|1gZn39M zunj|Mn>tNNodYV)6C$)o6*g<2(X2NXNU#dT&o=RUR}AYzWlVE zJfr~KoI6>~6U&-jmepMytkqeN3e4)`cids^gIKJe3N}Md?hTc$nsd^0OJ_0Fv2@%4 zL+&tiAQVxKW#Jxs-z3U)fxJ>xuo?xj`XaSF5}~5h*lH0q#As_X7sfHaHMnr5_wQrG z;U{x8ZT)9o=Nzz{4&V56odFP1W-ygOUv@V2S5a}$nPlOLl=V+ z`Hu>=l|nQHxoDbn)fM7mj%>f5%ecqbWdsQIj`_QJy7@RfU!NX%?fN`E4fk)R z672T4`}(+jI$o?t(?*8H=8j+llm;C7CeZT|T#AZPoK!>+HVc{-cR!(dE7+p>NAtb? zz&f1C`*N9#SjX8gCTNRs4+2sa1JE1>X*>aJLEF#I^#25*zu;z4v!5O91UkT6as>n)tGSDF;aT<Ri*C|GT*@=BMe3vOqtG03FJT^2X_|}Axg_ih1d{Olb6B1 z9gZC>DS)GRKs4?>4uUGWld?(@oN2gec?9}JKzAzKO+TX2^^zE#Xtdvh!GMkZix{Z@ zO6#PXxL|S*uCG1=qTrw+KT0#1_x8J#Z{NukCyUywa{aqVqNvzC-8|8M-E$9{N6ah%@iq311D7VR@oNimGh3%CoZY6+lkWX& zQRy8L)_cF2}g@iF}Q7sbJeEay`%J{gAuBV6E ztXm~g^=%6`BhnSvs1%ckHl{v{4_3g@wHt+hPljAJWCG})VQxM&u#E@dHsgpr%m2p|#LORfQpU$d6k- z=`!{N2AzJsE~9=jX*aeJc3VAN5zKy|+52VBwNMg|-}%`C-(L0}DNB0427^3Hh7`1c z3BXR{5k77aQHs{6Yp9Rtm68h=TWw60*UI3v1XWax&W=>MILATnZ*=FNAJ~&KL7;2K zge}@Xf|zd@VB9m1&`Z1kw|Ou8khMGbk^{wwFIjNqWj?qbH2Cwv4CT^96`AyC`o%1d z<$%f>vcKDbGBxgS_A{3Je@uqd|&KC*IYY6sJWNOmdG3nV9!5=QJcAoY2U` zn7$vLpH;p+KxdLHa~x^|DZxr`L5EZR9hS$6E@;vdX@yv#u;eObKd%9ij1-f|8)M2N zsEVT@L_R)tRJuR>%H`|q->JJiFhiKJE;kLauGR#N0)0(^Xdi6#VNl+`OXbLKqjYn> z$2*f#?lGJ*ij7W=IP@naDuCvQUP!FFSN0%!qOx^1feV#&lNg29mHwCsnRP5D>jk4b zN5jZd`IV(jz82ullB5h*xb<~h5PC8Sc@ra9n`ohRP{6`9e$LPNaCWEX$Mv%YW58g^ z(Z)rF9;@3z5H0=_!PzsChq@i`rMk50;IxQ$i~FVPTB{fh=v>u40r;ey*u3<5_iw^z z?*c@=LOymyNIpw4HH_a{8Z>u7_FjD7I+w_7UDqXbST78ER~Bmy+_txr==|V&MhwrP zA6a2fStrbnk7(KbN1AB4oh!5Xf>g2v@5U}U*V~Hk71Qf-hoE5<-Hy(;=B{A}&alKq z_1G_FE`MM_%2`VuoQsjCHX))vRMaVpzp(3QY)*6=M%kxnTqE}v_TQ@w619TEi?Lm* ztu&SVFFZ|8N?pLOAFCaeC zm(l#9+qe4#@b~%K1hLJw>*=sD;j33rTbW2N=gZdBvhn~huagTPI8~4TQXOvl_Tk|{ z@9g=OzcK?zjMzX~#*5cdPCJ%77it%N*UjR+_MQ>&GvoDjJ?y$916*BQR-bzjAM&^x zQQYpuFuK3i;~AQ8oUn)0*nIQ5;}9F19y5m8b(>teRQ#cw>ZRR`LUMB#tXRXmkq`Q< zt|{-Cn%?HEvHgkpB2u$T6fM@UO2dx?$@zYgt|Nsapiflg4^#=yRv}1lOwym)}S_QQ73{&fwgk(xPN4Lli5Oc5pWm0%M*TZc?aoV7SSDDCG5(@?sR{#J*!fA` z0X)6|-PJSipD%>7#Gk!r&Yc~QNyI`axB%D&H50=$n=6e?TnB+j;c_Pc3{L0@%pLK+ z4ZIc&bH5tm)-;XHU}E?4o^f^EHtdm&R0J`iQElxJq_#@D$8AEX=rga_JZ+z|^<9fy zZE!&D)ffLNz}K=>I~vflxve?*(>o~%9vqJgJS{_*aBz1yw+SVG)`Jx%vEI1E869+Q zf)l*fbAC!4reozdI^QVsQ5srXsN$K(1m=&|lzP(Lzy3SF;}$K>l7Mc$O=5OHPbpMj zD+Vwtzc&Ub%!o;usU@cAiwxUw(8vsP?K5?i(TNOBHfZ|cE)1qZp4{+#yLf#+A5EK& z&jEF_CSgQQRn~@e8YJWqWoP%k0lt4w)654~X}z9r8Wkp3?|1O6KtWiTmVyBAguKb$ zv4y0~`zJV>ep-w?T}5ASBRiHiEq6C_p}DptF3(@%^Iy-bhTl}37JiGoS1ucxjh^qv zr-zg5w!7Xuygn}}PMrjiDvwh4Xb45&;Q>VKp;OOkIZ8@j&tO>w}RA_~GKY;55d{qKpS0&a?H4 zhprB<*u7ZLCe92O50nysP;e!WlVugvgkZ=|7MQ>F5QGO8o-&C!_usRl zf5SLT#aZ*Qf$tMlWytMn)k;&!9LSllQQQtb;T1e0wr3z4Mu z_Dl5-z7h9x|2fhwLqdw2q@zaHL`PLeM^R1rrEC)M`-R^3(^L#!bd-Jv@X+%fUb0eo zW&oXZogH&OKR1ZgwXjD_jZv*at^P~072nNbchN zHPzrTQz}F^ZQgCc2Q-ojKSuGF{5{!T*6Y-8Y22bItDse_s?1U_TO1?dg(n=b!Clcw!0{2lz1{J%CZW4?1;8`JEDLb_kW!U+ zuq%KnDQO|HpMs_KFU)fLR+z{v#?wQ8Nv&8}VgrVb20cdJ2}IC^0DnaQ1*d)?w3+LYefU{>Ng9)1ulNf#*)$yPF#Owl3UnJ1b0Nu+UFqD= zZ7$6n1GfPaD(I0a7LkYechoqT$Wek|?gB$B>a`HMC=n$=2XTO=pz-&o#9FuGQwK`E z?K(31c1bVl>hZ|s81=J_PF}R;yTR&VZOUvEwDe?I2D!Mab)nBP^=&U;DlD1SY6nlu z@$OuD?6Nb?1aq35SUPkWdo#<2L6>u0knDv>ns>SY&9V}$#^_E9q518I6O}%r$V)IU?#!!#g)1byo&ysqFK`r!E`T{H&Po*6%Ir(XR}4QIy~Y)bDt1`L(Ke}CaI z5o-MQhDhd>sS9W;p@Yu3X6vyDKW4o!xu@ z-XTLUP>%*Zq_9$D)LVDpTnwn^E~&mS&ObRA@VB3Z1gw^#k;PK)_L-Gw_m$jiu^fS< z*z~3ryB(SNy&Y7r9NC*>$qst;GnD=M9k%M05k#Ftc74wI>vaUOzaQI*fZDO=d5q=! zxejmDRNSrDk9OG)W7$XXdz(>nQ7j|u{yE}JDakJ?Pr>08n^H;~*Ttjk^JXimNuT}f z2$P)7>{!x>ds2o_vqh-!$?Q8%&O6^_$a`PtU%DZSdtV|vUj!}NrE+_J>^qbGvsel# zm5WT{EtB`C5cl{SctNs%z7$M^9{jH@LYNM0$c|aH9@rmS1V28C*SA>QSFf+VMvyn% zhoo`@0mmc2^Ukx)GQiZ+){+*$Kg28qV5Xki)Rj-NJ=c~Lyef@xUXRlz;Jn(@R4zFytZzS8Wca2uJ!0+LTPZ2-ICuz+QHk-?N#QNTF;pbBuAY*!>r2rw*V zYfk$oRZC90w}U>fm)bscwqrc=uQ- zEw!G$L}IK$T@rg0zNI?VdC|Sw+YhZhTfGW+yZfo}hOU?NJ0m=R-DjC)Kx<>`|EOwK zEVdIXvIO_ty;m*U-Tb*`y5wy59bQ9bdxs^P6yI?zO8StKTr{}Ch(Ez=IrbFBwj_|2JR}2JdWnEo_(qnpkJd!5eGNM0P*1z;kSf-o>uy~{sT5vq& z;{#87f5=?)x{%abPcHdW3MAb0k{V-P&u1p=#Wc7dgAMa*EyM}4)X*!=;cs)TEr7K; z4$f@`L$ynDm1UDxpd|-BDtaGlmn=wIOHIE$F65E#J7kY)-27fGX8h?kDf%>(rQzprchE40%<2kj3pHRFknFRsyV9IK z^+A&_=o4re#&ANUHCS59W}$JlquMFgvcdadWQSdB3jL2o>PnhhmH1_V25M+m1H9?i~kQD%JZdL6IzqU9!NcZj!@G z@w#iPw%=GO_9=&yeLXnxNV%DL#B%A2d)V(k8*QIaH~J$pM%(O;UVa8aHAxmVYDfYC z!xc#Y6n`{i$sAI7^z+L{k__3M-U2>VpHy)!l-jS2P9IwIQH zvnqx%GAfaQcZw7Q^1Vf1*xzaO%JFYyoPX`MtgZfF_4ToWMUh-0`ljfi?y3gT^!;{3 zOqS0jMPrir;yQi60!s*tp)*fl&_xKfBB7uOnr#E|6%#yF)b7VvI0v)#0sDnzLQ-=~ zK)LNRGd5(5Ok6sWSNA4wRTF}jlCn>89dFCBVJBJXGA;NT#=#xfzw>aF9pg#dv zFVr_eGpuXKl`_}5S({E1`lBQpx{7)weV)Q`ua++4t2Ie4kA!q4=Vb-ykipTH+t((B z-5Z#x%$QH)B)J;UDf>>Mm=yof4y#u38qngrufbhsvdaPner*0MqxP>@gp!q2B@xbQ zArEt}1|c7jdLt*L=4H<~L;qcKgy?s|KQ(eqJx-a=Cn>k0AegMym2d+iLAzj<#O=v1 ztmY7)nSg|oU+srpY0%F*)6#%E4WHuhK;fA2zap1K#g5=Z@Wp8`G00n%c>SzJE}N06vL9@ zgtf_Ig;Ih?bTi zg7b3-f+3tKs#r&Hqg4LycrTO&CR|;RMmiIOP^lcL*=C&>BYtLcrm3sEX@jX9++G>@$0cvlEQX}%w?>+_0x}Z|J ztR8pQtwn(@c{Fzcn`hU`U%ss^E-T-?i1%J!8Qcy5(GS-XSgp<)r5mojZDFdxRf9C*L1;A1 zw5e2KXot7u`91G67d{Oc8JNF$N2t*)n4?P!EFed`=xzUXSJHLY1D|;Ku2cjsiopgc zyr7I5LSQQ=4S^>8p8%%-SpUFf6L2s{<;AY}l8fi~aZ|_Btfscq#3Up&hC@ZtBC3-fv_$0*xLpZV@kKmnb?$ArOI&tH#EQ#$y`##_%*v6@D^? z)=^`7BFDqB)DIXW(O4Z(&{qoe_M%bLcI5V_gD421D>01Pr^>QEefork1lC9t)pIcC grb*OV?@8-t{j8t$v;6b_0ssL2|FMDc zVQyr3R8em|NM&qo0POvHf7>?lD2#vqtzHFwO83_!D^ZfKsh;hg$93G+-(2itIoY$P zo1;J^BwFm>B?r!2ojs!p3F=-W$}owB;Jd&7Fz^Q7d;Mv7^?g-d}R)As@1t{_{V#8J!zz{<=1ar>gUl0rsJ&pd2 zd`{>;&}2@?RSN)xPn77+Wsxq{Wm*7G6cdIyq01qd;t&mcJ+J4B>BD*zRnivsy}tKM zP(+arx#(a{6VwV2^C^zGEb|Kr7eK-TQ$hisqf*~`tvN9ivSF_`!+f4hJfAFjvgljP zIP6*drTPl{0=}t4;f<#%CJa%ZL|i~Fz?h?O(bbJxK*kXjU?(B!Ii*NQX2fIHv(^<_ z-Vhqd4quQ+bQg|htu7!FhUhh%;1Kg=t7{EvYXNb@A&wB0)zAXsa0p1u{@<*Spf4Su zQC4>ahoqf9@cQ1tVe3mzzc2o*kpCg^ueO4tM*jDA_YO+(f2aQ-|L@}|3dF|J&PWa+ z6g+EAV&af-c!n4s0yc*``v*gRce4Ba;m-Hd$sp)Y4)=C~!|%VJJlp-gzrS~II1Pe{ zk9MYmeSdm5ogD0=VDDM~z(?o+?i~8h2G3eE6d|faW_zc=Wq!EG{q6hp%ysfBn)vhQ}9_1lLbjOuk}bS183KWQXC)w zJ^d{-Q1KCvsr)U~L9b<(AA)wf^$1LpFkA`76exfy)|22`j{t{shWKd7I9do;m-26L zHqx3gW*|UuNS1P#AIF3-JP8p{!fXga93>x~v}`a#(3Wr8triR=2g^P&>VMwuwc{v2_-x9d=Fln~{m_r(%2uCv;cKXsokzmO{fIo@=jsonpfhq;&t3aTvJ4VF)G&AkjXt7Rqi&K?2ADO(KpLNMh6&hF}UqhFYzN1W0ZlhLX9` zKRuXmGV-C|m6MDr^%L|!fSLRyiZN9z-I)j=K&~L^j4eYm6o9NT7m7~PH5o0%5}uzh zP8K8LUm<=D`CO28I?ZIQ&N z@LbfV9l(+}4wnD|h1G_uhPp_NCZ2 zKra>*F#`*dL}KIvJe?wnA|5U~`l}Bk!5#h_Ml%#hs^%KyP!(yl0ARjf?sew-Hba(% zUeJmo#$gzyOe!~~$WJKdOVOL?13xCw6weZ>%2?7bUpE40F^WcWJk@d*75N0li!zZg zUepqqmIg=XufT!?Nr(zKqI9QZk4^njo=gbESxc%O^k+6`%+tOfG4uz*A%|V62qFR8#o%U9l5l ziis3TA!O{e&^EeVaIRkhU%Zt<$(kj4=_=J!iii-Jay?U>Y1TnRU*ZMkOuYqa88m+Y zu)q;sB#Z1tQRGUHUJ;rn!Fam1=f{a4|CRa^9G|}d6fu%eAAwL-kZoB&94P`k3!fh+ za=W}}-;Rg{S`eiP89MZv=A@_!L(m>P>%YPoJq!5ZHoc^3r@f^9+_0B6?gHv~~GR*RAZt{q_6MNzPgvS4mXHbp5R`U7pnSc(1PKHeo*} zJ!^4ceb?=)uCtYQE%9>l&e}y4$L$=44UO`Xgk>u}L;XGSch=$?PP{X^vQj z8V<#>37+enLXi>SkJ(49RRJw2o^;CxXeA9dIpFQ}ID*aZ-I9O5GlHK!7I6 ztOIZ~B^_`BY19FTQbIexrH9lz7Y2Lu`0f-r=?h92nL%_ z!|?)i69Y&fk7bgVhADyi9cVio9FV`f#-Ql47!lS?bDAZ;yeG_QxIP`p<4tSaqL zGRqWE8aGePJn95K0x;x=Mv!NQA4})ZMxVMa&$Y|7^*L7sx`npfdJh!aa5tc`uqBFD zlIhqW9Uh>;06jaX-5@z|=l4mgduWs0QZpW0Z#z=aLF;Twa`^u^yOSoZ6@R=XVX{CM z2nJ_SC`aB{lu&9D?ac|}sX0u@BS1vq!YEX14$D}yjM&0HD%YG_ZKnn+&e7IIxX!Ms zzv-^3f|5-)SGQ^X?ezNRzJSpTG1FP6=X>Dz^!WvVVMuP2)rTVJ&vR`mlHh@#2+fz^ zx~EK+i#e}`u!@8s__aOgd-8w1XYG=i$QG|JwP;nAIzdhDxJxNTR?0%l&DhCYXAK_Vg5Gk>EzgrPOO7eqSpypaXuduqQi6LbMTyoum7#GzQ2 zhG5X|7pWA#Mktitoq|TeOCW?3WL$p|f9YdvN73ljUG1{kthxPY0W(d$#3I~ya98-prJ<&Oh zT19=BkttUaN*?JOB6G5>P{x~)S7;%BO3i>wc~=T`NzROfFq(lmg0Y-)%HZ9R-x!Rf z*04wz2NMJ!B}o*3XZwE%YQ3HfhM5^LWG|XFn#>DWW6%AEb31 z2B0z0WUfZZVuGlkRMZoCFP9E|R|v%bN5;xALHq`xNbR!$O(NFO&RSrveOrB1v<#F-=uxSs(+`=bQ5Y?Yupe{BQ8pX%*mqp zA{hgf8~}|cR;o$ny`WTUum&WW%hZNadtaG?L$LF#86A;wdSQ(zNh{RTVu}vIu9Gba z)ELdQ5hbQ@4HdfB5bW->TE5Z(QsLs0FwA=u*(JQ}vv-y1A1Bu+QZB8|eYXanB_2|R zEkF`a5t_9PZ$iQ=#3}Zh(y-8_tBKI?)}-Q69cb7)V132`9%rNQMC?l4rKTA|I!kF`+U2q^a4P)H@TRJMOem7hOiX(- z1(#3&KCZcE{ZQK&2UmdYaIAfXryVklmFmYP2%K^-hfFzc6QREg24|cmK2K<>bv}9oY)Y)x0Q}9M9sGTm zZRfP3YD|KT<-gsL8b}8q?t3;20RAT73lM+fa5nh6fT707d;wUInX$8?Nj6qj(na#E zbs^f(h<5(&Y|75xhpt+?y4G%1D=YR7NTnyZvQ9|Kq!O07D02!UmWhslL+k8&jXi?)F_jplY~Bl%HjanlpX{9& zwp@|_kO&RszxG>>;9@BMZLQDimLgqbcw2A31=nxD_9de3g7-5d&Iw?DcFcn8^SVh)TFf;9~RiK1Z<0h`60xMO{hDT6+Q4= zmR5f7h#?h&6%h_X#O+}*qflxkFmZ-_j+Sz0)r6B%wW0?U)wk#dmPIDkv|EQ9nz3Le z0&!#1=_yzf?CCLRNnu?(JM z9dO3yh%z(wY3)?`GbbvmTV+aF<7CbQWfZ9SE%a5IL@M5@d{)!3&iztlr3i2czVEj( zJ?0gRSJRdj^A_;KbI74NpEh9wP=;O!uJGrOLSLSZnA7S2atLBdVnq2;x&&kzl_3rV zLQya5NV4Y5k$;t0t_%egN0ooTn6-kHIM-lf2#pDqN05pyWnXGrugV0KnxtZ55Eeg% zV87qrUjf1Vnmrr9?BG`iaca@*&O1xWh^j_tUx{`uhxpcezPFLdF zg7bEjf9XoRw{+8X`jHk9uJqh+MS|5ka^w&+jUaZTstYD|d7BpqxV>+A?Yz7LFY<;n z^UnOm*O;4I^$c$`JMX{;yy5)ZvbT4W8LBs~$5MgpcERh^x4~>_Q;U1SPN}!vUMt=G zN+6|{52&8|m+^SqXlQ~m{34TM3S|ogf`*dd&gH|iF@Ld)c=_F%BO#tmWs{V6N`2id9iEMA z&4hRg?V8E(3bCSj0=AW|#EHBx`gfk-?st}A&hDJ*By;6bf3PF_{F$`X+B-gy&K*UU z(BASSx&-gu4x%m0cXAG03IA@7p)1ke*C})*0e5o2mJOxoVooJi-1P39T?YZ)Oe8PIG9tb9CAOWW$q$gO$goPCU0gOK1jlgA>z=Lw{Rc z-};%q=9QX5f18A_=FGpaYuncOvITRi$IJF^_ST0R&g)8w_nf$HI;y|)q;LaD<@Isu z5To+5V>K1raihNKqk(^GhddbwtSGhKG8`Zu%G|9VmaXzV4=b8(dB`9utkiRD>n#6T7as8$Vg1BX7nQG0xS9bGkfFyZq{a-}Z9Ij7`W?1v%X@)aj~00BdO zLdA}8u}C6w8;FVX&S;R4OfC;9nVDQ6($`Yts7Yv8(MO}pqvIE&%cIK^@aE#B=^F9V z9BO6blRLMP$vk|7ueCp58t|IZl+bYaa240r^{l%8OQ=H&=>40K=vFvt?*H2@-~V@T zus3+P|LZ=Uk1YV&->Q*r4?){p>n8@is~LdMSudb)%6mKg!S~(%_dQ*{BP-*;u9&+D zu&3khBoC?LLa!0!mENP?>7)m3v2LqEn1`}d@v>94(diz+3_ zvs7819hfVs78+D)R9h@*?RUBF6-3H!vUu@rnbc14dki^8G!jMr&#$oipMLlIcaQat zfBmcbuYY;(o|^YhzHR5Kf6hZ|r>kEBLh^uGuHT;vgVuBqTK0cGyBKj}22+RA&Dlqn z-;f9Ly{iH=?2c>B9lGv{VR6t>2UWE&jm&U7Rzp_dEY1d+5^12zs!}=xW>pat98=i{=ljo&x8--mH=mnK)clNViT{6o zP&z9gr~b#$A`T%(tT)cZKXl7+_DwE{t<(PohlTrJclP!N5BERc%k%ML*W4J|t{dw% z=zjj(5;eXRA1@FC!ykb6R_zwn2t@=M44yWsU7fP$^JkOiYV51@Inu@;V52AypK*lw z*chheel^mkxLxDJN6Z~IU3uKa^zZbzuWJqn)t{Ph(*;#g=AS|G-WRy218B74~ch8>EX!mwU8fsu=&PJ!5O zn?OlJkW&ceO_SRBnoVnEao1_p^i`vl>vRHHqty#n-EJXTIN#S|g8L-mRLnzaK1w47 zm1>86Gba@PheRBPF$uDJudIn0U`CTzz?&q&%n&2SgHSj_(ny+uD`h&dn|W(_Bw(>C z9FIeJR69l{>t1I5EOe4OCm%yL=2qIEj~~~kC6@&36X4{Za1nw}07rq?J3liREd$0j z(3bNtRp2%a7t6?(Uicm!`PAxv#?eQ8YNGCyp4Ix_;9xM=FX(@R-TuS<|M&9b^uPRA zD|Jt)2t%nFY1gxYsB~UsE+tKfr^sLWp|*#_6pc7ZGZCN<$j{Qr`(&|zQ7{C*f_86$ zqaK^LJD}b5#lOg(6Y$;7SSBxGAzpY8g9V8&CseuuNb7wvSzs=W51!|J_x}JEA{2wc zPQMM_wQ@pNx$c4X$BzI9;`Z}^MjB)o0ElZSTHaq$A<;msvm$T7jHKkLG!k|EzR}6W+tcHdahXX4VHYSwkRean%Rhg1C$x%gOPJ(fIP{ z=kf8;#q-nGM=wt=|Jh{1yCMu~c*+rp<7m*y|GK<58Xup%{^|7RvGysrC{E+_%s>Hc z*Y*A{Cr2+Ye;J>jU0fC*?eFjJm;2@A$05fron*ZIZS<=OGs z%kk;!(YYF|HSoohaN?8jG!o0L+?zJTd3-V&HI%;V-k7`s@$uQ~%cIlRCl_koj!$1- zo?N^=svhlTw<@g0_*(bsc2K7GAvEaUEnqYeTa8EajuvbwrAMQeMp8G^s>*R=bqj$} za4%nug!Xp&QxjP((7Z?{C`A17<>)PIZT(MZT3@PnQ+XPizE_TG|!g_{6@sT zLR@IcPL91e9gohAUz}Wy&yOyDS!Y_-p>Z5*%2P)0?G;*fz_;qg4a=ZWb2)i|`i~za zpiJY)h}NJT>+4$d%tA7Op@%+j3QwYIkHjeY@>J*y42|fxM>VfNK(3kfEW7%aY<;#- z3Sygc9{-Het4(9M6YR|q4Efx=lWFqQt29erIa;ORlD|5PO*h>cjIs#=SA2}dQHVU* z1bRO7#T=xULQ6IQT?%s1(2Fr7o4_u_v84R90kc&^T1hCbIIa6;x4Jm3+w)t4fUMgv z+{$39TXI}oT-B{uZguQbndih%r#5a4OC{)hHrP36WkOb74x42Q)%x@hTppjhYKz^L zRlC4f#p;5j8_eg;T4=cjl)|k9ByCXgz$XxCo6=y%(RO9sdqonRW%#!GiCNLqSD#`g z3rM_pp4LXHphzsg~rUk8^4G>%@ zrPK*G#FL)=y%IvQ`tTZ zFjuY;rr0Y5n3jO02eLKXFry@i%MCLJw7n_osWR0JTQ$vcsUOlAtJKVf6)dKm;#t>x z?5f%BnvAiUUea0=J5tv?#u##lZ#jIog6 zYaF6kE?Sx<(Gh#Y5FLWPivJ^un|&C=2@a(br_lmnpiF2-FJHE`^QEEvf)M@_4iQ^2 zjus|DOwt}Q-O^gBtV&sfA8h)++o!qxKX;@3T7CdE_W!-ToqoaozjL^M@L>PHkH>BQ z&y9874!||0tiU7i3sk{2h3Wt@i3^Y@ zT!INj@QP&#w{=JkQ^~(nIxv~(T}29N(06RFdn9u%nw0Y>U;s*EJm3U~J+}C-%)^fW zNjSKfLk|_#89Q5D3(G>6D3Jl5jBtZxFbF>T<1w zsoui8BVJ4Fe2xraPQU_QAq7{W5euYOXzN-#0`Z5s3H?F?$WN^pGIkS`Itp>WXMK9G zVLsR}Z)L+Q=7{(+n=tF_e{&SZVjlB&?XchUsj>g<9_|+Ge}lvQod^5hy*wX3_MU=k zycmjwLSCc6mofTbA-ct%qak?OlQX3Ev~}_!Ht9wqD^sdW#^<$kxy+jARA-ec+s%rq z^SEOPL!SGl!W1shnUSBL#GH+MaIh9SLPVooO?q#{tN5=g|!RNzKt5g z)J#|PJI9RHD2s`7jVKd}7G$~n$EuV}<8g7lPZSfq13y;lvvLhN))g315mhqc3QBJE=I+;{Y9>uZg zOeZWo$O=@cigiq3=_6$*3mCx}3c8bJo~Dt`T<;#3+?BN|)G}Gv$zK|?m#W%Tnk#Dy zeCB13>62QMXtk)E7^a zkvnHk&l~bp9(%?Dq0Y*mxNDbB9_rf_Ct=vt%crf}uVq5$T2P#$pUwxBZW%n6=dIvW z&W@Bx^<~_z<(-R2G#SccMwOIZ=(On}LOq3& z@{xnAYyy32y%!rDNniHWjQQ|~!uXqXiuz@>jL-%uXE`tR&NLKsQ&yBa`cnqt5aI|x zO5sv$)fKa|4)Dn$h8#~qq|8H5Y&J0$J5{y!U~12wv30JgKZu>P;F;Xp$LmUfya2EV zNdJ2BBsXmhm%9FP_f%yU-A|L`Hg83=+Gx~06>n#pXTH*>`2NZkmQ z?f3FIm$kLPTpEp;bziLqPN#s84xmbCf5&NpzEdlceiacu7h?Ibx&#+9bz=U+s~5_S zT;Cb$Hu$!=9Ib)0!Okc*L|7T{SLC90)K3`%Mge$?ev=@wNjo*#Wcn#qx+mhkeIKtn zFP9a9UN(kfwVe#wauChp)@l7dZfxFib#P7PRlN%nPR3tR7w4587z?$B zV#pC7Or2_#*<78@5ti#%h8EX|9*gCbBGCRn18=a`?YDtSZ^X zZ#KJ|s4Mp_16ZtXCSc~~bLE@~xj%oYDbb#ajX_qGU+rs9Rcn0@36NfJln(;V-P5lM z7!5HOJm9?EUb$Q5uC1>K64)#3!9i*s(0yz14k%o)pEI%4`E?XM6>K7&740=Oz1Pg5 zU4bFYG0OU^vMIA{i(LRPv!GdTxokMAOgJ_}Da&igZdtI~WZisF5uH`-sVp9j=mJNQ zseY!=N9Xw*f;)SCSF8}oLNu(=w2yx+_o`fk&bIP^lzOT<<43t@c8y4mtg6HwWdNlV z9u`A1?RhyL@^`_Qr*J2XdGdF|nCGtVh_M@&V*yE$$xD*wfO2*c^*BPo)Ke7@rk>k| zg{jAxwIok>bvBV2`dyhttS?phMasQajdmNkM)LSv8AoymYbQ}5qA(A>n5Uo#=&Fq3KaRD#>h+8bm#->^6l2A$6p!P7_ihwLV!$9l}z|5DUlp6L(uv zw?3Un*7GG9Rg+qzYP=gJ7%AhZOEZ!~XeAqQP`m0XlPbD%d-4WXnv~J5ysjiqz3v(N z%91j?@=YaqAlZE-<+|=$OY-$sPW8K$LaWoCtU>0gJR@s>sm_hiq}{bS5*!F~`3s6j zHq2t6o{zT*i_eo<3Q8|h>JE|52q{UG^{LB;%QvU*i|R{G!kiuA$o+4gLQ;0~xRSG{ z-&{%B&9gFDdu}2(x(vWPbxGQ*A+Jcvo;Ij5IeRr&XEOGb1y&_xuZCHbgxx$VlCf6< zbtPXnk1I?67iWxyY5ONbxnxZ6CAAnz3J%3yE1p+zU`HCp2UmKXCYk3b8V zQZmYO8B=UfD>A24l2Fd0Vjeq}K+u)$jdmUZ^AxivRJc{O9;Im_bb1e!CqVX58V7rW zWI7GyCMAb;2{_RSD5N!uL@Ut<;5P^;Ce&x10s>7U&&dGAQCfK^VTB`FR&Pyvo~x@X z(l$7{dsX^|lvg)O<52FT!o;l9;c_om^khsik#i`7jOEWYOP?wQ;|d@pT3F88<#kir zk$55!pi$0DqcEiQ1>0HAljc{8U=HaF@sX4-jpx3NvN$LeGreSaC?un*#095Qv8q~1 zsd$)A4n9soq+E?H$!5LW7^@LwDTD?ROul@M=@5Kuz_pc=xZwo$jhliqOIH(K ztne}Y(k9-O&pP)1m;?c4G?Dp%CP^?u%^U&h{67bKheiL-{lSC%|6ZPE_Wv~I-S%WY zIzQD;0nGaaGSH5tnW%R?=$(_`dCDn2N=|7P{Rq<1x%55G5);JXz&0N%-vbAh--U~j zF|01&hc^+thBy=*Jp_Y4mdnBKMh5=)$!?%wW0{-=9+ z*7yHPUB3!G>VF*fuc8-bwIfu1LRd~q3TerUsiAk&J&u3f{Lg0($pV1Z@c^xv|GS3= zJH`3GGuU~U|M&68cw8|pE)ZK0K^cbn9)WBIUD!upn+FKF<;I%UoO=)uIrjpZgeVuh zqiP4=qBNl^H;fhL_4lW``WBH#N5m*N@&S9bT*< zr!7_24^<*aiA!A~EfD5SU0oCfF~Jc}tEMmNYQ}=c7)KFTn|D8ic#(o}e_a=5CAeBh zOvj1q`ufkhT83SIO9+Q)<^0=HdTm4}n!RQ+RdQG6pO8Op#Gb+I*a*!K1rRMr!~})e zyVQM~*%T>9;9N;Llcq_?bPLP85964X_`ld%iwND)>`h%y*~FU4*{k|~&RUgra{8)v zYzxho18lw9Y=lr0WV`DW7mj8WF@`Go8GYa=lH2aKdZDkE!O=_$T89)$VQxm7%||{Z z(Z9*W;tlzilh%m_d)bgkr>o)$pVNQ=#>;3TY}q+jXR`P!w9sNlZdATW;EBOrkN?cg?M8xFpmd zvpT}uQ)jn7Q+U?u$n1DwMf2C#_R0*xde@r|O%PvIHleXjoiz3dMY%rA#lPi+Vmb3t zJ|^%0xN;G#k?hLhyV4*%*6%SG{o%RyXRY;r!vp{|@&EffJH_>Xx4-jn{(CRaHY5AL zuohs<>h3^yTV(1I$3nqYh;C_icf_83S-X4QWM#MgPZGR;_aXbvc*8$<%)ZS?8wc&L zR@*jrK5Yo4srTvH0YzUt89`MD?A8(yl!kvrCW3O=byE?PAw1+FFeLr4auM8hZ1$EL zvNA6F&zWDLapFgC#`j^WE>xATjQYN^7Pfo*&AnM|5`L$ zswlzDXgE7RdwKSAZEA#iBJ}ZHJrzw76RaA|I}i@lE64Gx=auOfs&MHErNe>F32iVm zcbpBN=6o;>R`C|_!*j^t2>)j#9|;lm>gas@>ga!spC4TwjZXh}T~?6hcvqzoc*t|` zd(Ct35J`Mzk;M7KsIMcGI3zQcLsh(dKP0nKWUm9xdU3K%Z+pn>d0x;rl6gBIZD$`u^j&Tb5wQifSE3RvbyIrq- z^>O6)6@YE`^PNXv+sN)E1lvY>`(QqW&hnU0K7K- zyI;KjVefGF!T;-Cp5J+7_gC&`dWVtTUzN%EOLOtVv+1*z{9iZlQ$O|b-$nob!9joj zLH^&z^JU^c{}h3rxqwJ3R>-Faa+Hfoie+Su_?5(g_;_#QzxMoJ>*h!G)W-h|O8$R? z-G}=h@8#KG;{FK(e|{GcKO2qzTJzu7$<|Z>YWIJG(*1ushY$H*?&VpP*=0k&->)X8 zi*qZMX5lS(&1D-Ym3H~#M;ujnKALGD3K~kv$#^qkawA}t?b+dxyyjkTlbzthKJd@@ zY$E^HO#oJ>|Lq^_74^S^gTaIRzmI3*%wBg8jC}u#LQSZ|??1g)?Nc-VLo##R{=e<} zp9jVBpPjwKhxvamPr(!}#(Rsm|2NbiGcLOq8DODvoaX@W2)sxpC`26iB#MyF@ipel z%5$D9tCy9`D^2m`$U$?Hp7zM(EMGLXcBA>f<{41!`Oo2?X#eZ)Je>dD%X7E$f8|lp z*CYnEnh$1G!)|dHw7S2VC|C|jv&Q`2Ecr`={Ga{3()myS@FD-xy*%sA|BZ9Re7VVO zXp1RXaEL?6zb3JVSh7*-xHjiJ9)~jN<5(R7ecyl9*B@sz_VXY6E&0h0F|wR$yC9(| zdkT+3S2$HdLls*oi0oZGWB&ujczlJHKYaVq3gNR-$b8_4Mlc)~Ba}r0I2-Gwc^nmE zVjG0==p!$NbG~I$93lm+#}{!g{hs-1s`IK`UKs$`GV;gjx~?G@^p#5)^C^sxE}3Si z`!|_rdSeoFE&nsyRW!)gQZh6;eWMlFLwv0T%!Ajir_bsDN1D03! zKt-`f;Bt<@cpO7MACCcMfTG_LOi=(POL-HOnbmq0+I*tOUr2e7daw(%y!Z6mLGP&$ zb~%6l7*fay9fICAd;8X1V_I)@%5zF$0K*Vaw17Cm(M*ff4!A)eARr>#T-HUHi>(4m z;#{=B41E|HIv;yapFE`e`BOa2^}jSv@3!^7gPnuY`OjeRVE@0DXI=fTkRwR)#HjJT zJ8SP)?pakdM#9_qX69PyF8#%F0c8WMJdH-VbU^ucf4HPTS>x|KJy3}U{^+@ZvcA1V zVxU#oZ5%ziz0@`Z>Z|kG6bqJ<+CVxh#8-ArX3q~XjDjwTu74NOFOr{ z*f^ZHLV$niz~L34!_MI0LW#<_L)Vno(_;k^d&;bj=^D}yPtQ=Iga609JR948HoE=sYv2E`kotG! z4EBYkTFv|yEBBrIf0g||clP!l;=k|ZxpUvHjDzlFGF#}j=G)cNxo505F(n_C*56{= zSGvlu>iV%SJ?8ea(fr@G|JR`G|J8r+|G1auzI?mBpcuGY-!2Q&HhsHt{nh9uug#t{ z=Ko#!fA#kd%l=>c5AlEZ@)Y!cG2WHA%(mhO_T>bDqOF|5ZDpJP=vOH6c`)jXS_bdXoW8crU(p~zC+4nPH_9wLO7bW=}+V@L5@JF}r=lWJ3 z{d@3s2LCU1V^01$M^ixcjPv$Jt6GJ!WV$4##7At^MHLmub;U+R`%$mBfiLw!hjZKuL`FKxxX|q<{byC_4 z(|wpbGi>)|?yR3&7fHnN0(pMII9ZH{e}$yIG6UFk+A!lZIr42_8@)%B@F`}pkh^88 z2uV$;SL!6P06+h>5uj+w3P7?qjR0t)u2?HWxZEiKQ(p@oSHh)9WMD>!M@8z?C;Lk+ zl>(wq#Tra8@kG}bhb1>4O(B}$53HX~=;_zyNZ69~WHZBFfF{YT0Fo_PSAFi-jTElDIg! z@+GTV`YO}AH_VLfbbe^KnF4t!v$g$S^ZkEJ0+?{Zd>A6S#ruEzJBNdk{qJ!9!Trvw|XH2rkfX31XZbMS()Qf*EqVzdPcG+}3pK zY~h4{$J~*}xoswKLcd2|QKxmbd{J*+kpK-rTZq*5ZSzVsU;ml!Z;<=@zZ$InyN5f4 z^}m0xfB3Ne-^WwA_KV@ReE`Lb{e>|89MiW_tvwHu8IJU!(IapJnfjTQJUu^N@il)C z^$19jAQgCUe)=3t2?YU}3C?5zAQaDV1OmiW8uAQGc5ameA+vlcAS?hqz^Tv>deYYq z;E2O3i0cd94~>^nAw;MaHN{hNrv zDH<)A&qL`vAnRBG= z7c4jZ0!A}2R&N-R*#zFR*dO!vfT0ja$p={+Z~~w&RsvC^^+@lrf!bt)zsgN8fKj0L zkw7wSi=meSgca|ja9iV`i=4&QL0TejL2RoAj}xV)s+1SzB~>pKxVEHNy$R7Z3dO5_ zJI8+v`94|1=afuEU&?`INgRhVIRXr`O!fs51u>E%b^qs`V24$sS^7|5345x_LpC+r zWv}*tUUq@;y0cCRyV)MPrSf~+L^qHIN9U)?`%d3m)v^x*bZR!ABL1~zVf=E>8teaN z$-f)q|K2+&`u_~}_jexF|ND5hkpKH@H~O!zZ5W>3nm2!X03qe5d%Iy0ev73=*Tz$T zeyc0neo0{PBMf2WBihy-X}ucBorhe}m`XpT>8%7?RoiZ0(F>rIKV7O;;;rl_l^E;U zVCO*nxiT%fF1ALh^TL_vL!R^7K5NVWJBa_<-z~>~?L5SP+{?4Q*skCIGVq5^^j-1P z%>Q)5*$v5ThND?mDbm}t{|x&5lK4HKIo`eu4B^v9weZ8sxM>cljzr<|fq&U{w^PQq{# zk)L~Nj<|9GuLZGy+1R1j^#v$Az@O;WNZtwi8jFpDdH z>h*59)W0e7&-OWXO#+%T@G8LPziWQ}GOSu;o^O@GLlk4C97}mYHlWyXf+kUY%R0Ed z$QxZ;;4xslG-uQl&;HE>){h@6=>G&b`EN!dr|zkg?fhoF2>U@5z1OEk|GTZ~C!f0g z|L%U_{BLk5UOni4_wd~5cK-ej0v+4<=38?sqv%$4=T-1F+MruaaNOo0R*6e;g`x~| zdc$GD=Upzo)m;ga0cqB@3JerR!BH5`;p=1pc6XXIPVWbSlS8#@y*Lnml=a>PO#LB;p%~2QvF-=trJ&tA_d7%!+ z*GLB5SnpvJv>t&7&7>g(JdP=v;twcLMw$QL6Azq4;S!KY))XXx7*P=72zf2<`Di@i zgre3Xa7-2p5`nkJBM@N9THXxvp8Qvl-|{B^p*{Jpc`={$#6RXwb{+LHKojU+C9%Bn zh_#-2>?UqK^(OGD_0;2wxb^h^wjP1EkYbWBaQgg&wY->;e;@aK?n>72*s2#iF*kthh1*|gO&rB<^;8W{U*LptX{v&?1J^@36SmkVe2os<_ z{(@kD=xOwC>6Y>jG?^1}^;mrA&gG{r*596hPoVGhy=UN)O=MTJPV#m&;8{j9S`z|7vx+4Dl}GR22WN z)F0pd@ZH~*B%wwj|ND2V>eww#YZ`S|yj)#9pl(*Y&wuZM(<#6bWJI`OwV;!NxWQovCJ4+> zgec@FkU*Ct>3~VXOiGo04)I z5`2|%T#5of4yX!82L`{nszsmSe*(H2KY{n{-x9d=Flh@C1kb4)HECH+K*EqGL8-(* zh143K0FlWY1+b5wWkbv-hB(L3Oof-kBmj^xJd5O!bs1p1Z~&q}UBC1Wr-|$w6;%s* zAizxi5}hIk5FDMq0t*r(p@T~G`x4HMAq{W@Lq)OGd_w&>VqD&5DEpucL!P+i+u1ge z>+RvM?>?`nmc_t-k|}LP?O)%?UQ&OPsfNqU7^`)HA_T6`l7aVfQR#s9VwdncqW|Zu``(BB){P*{%c5L8? z#dPABvw1v1l3*A#s_q~XIQqt!F>S4$ zF%e_xud05b2nKk4DUz>NB}NLsHNMK8eoY- z>_b){{B^RJAS&3ZYJSLr0)LJK4?Cdh^a5U}QWW@clAn%y{r*Bu$yX{*fvEv>g?f-W z!9fn{LBIbByYR1I5YqPrO;mDI3HcR{M=X2`LmVht z9i20hJ8v1s4)7E(6i$IyAcXFWC>KgNimoaJ&+ZRM`^xw#A z7VXbwkCs+44SFthXX!wrpp+5W*$In#k<0X3?RuwrZku~R8=_CbP$e#qkt*^G^_7Zl zwuk>nZ0TG~aPomuXh)%l(a}J`l#)euZHe4TiLpzl*m!edAKPZSbyMne!DG?mE>8K0 zP!K{oOPNpX%Mex5=|$@30~CG@6)14Wgd#bEnBKqzVsDNoiP)o&2n0wT8=wFPwFgnQ zChcpg5@z-&Q7oW!)n-V?p#uxodW0zEs~KI*p|=>=N8pr$Ib?++RK{uI^Ms-ycm!-x z#NPn?&0rY(eQ46tJOVz9#E8Ts=;$4+VC{~Kr|JO2eNR>f;BOM5sQWh#XM?|s%8CQb z7l0K-ncJ75LN-WO(nazu%3;{i7SFo_ACy zom^{wx(%2Ysk-YhtU_ug=tfvKnI{Tunl&lQ+uewU447E0)0-$72#OM3N}_+0$tGAS ziT;~RHo%!)sIURnG-KT+c+>g33F55s`k2$pvDU|XVya5hMFvQyAi72%crvnu$PJ0U z<3f%pjwR;KF91!5t9W@XweC6OO0kM&0Q0q*hNBskd;j&Dc514w-=Uka>}Kqmdh%_6 zF?ILb0B0}o6-x9*%M#xqD|0(OQk6$?% zZh%-{qp$%+!CuoO+^n-ly7p$ht$0lF>xL_W;xTZP!SKKvrmZqK3gm&KoFo}vf;AcQ zQXRushbevAhM-Srz+)T%rjBZ!C?^FnF}5chWlEmZtP4Aoqw~|o)R35jL~d?3P?NZ+ zU85&C%yVh-tM>3?djUT@ha8UZe^7fEC1Lov(^iU~_$oF|GeR*Ee|`Sk$(i;#Z9{}C zn$mF^aYV0S*dBi0|7_X+%7l3-DV{|~?rBQ>kk$%j-}~Q@QB495(JeF=8EXEZrtp2b}S_=#47s|47DGNAt`W zdSyn;Cj9qu!l&;Ay^x12Rca#(SHC0moFmGb3&p$@*5@)K`B^Yi=3$ZOyqh z#BJMit6^{1pj(aTZY;Xh__k-#t;Vrsn{G9tEgE%mNY=ILx?CViW?dV@Hf*gnybX=5 zZn`sTtBqp&X3!PTw`~Vqf$EM7p(`+M(Gt1>%eGCSD^P9I7Me#RH-yJh1FSNLrWR9e zcq?kn`W)H`zOhyG`20)YIVb{wv`^bC@mODYhbRnl-3wwZP+GH zWK5_vZu|YdWC*3cI-I|aeNt7c0-7a)+yJy)xdOr6*;g%NeHrG z^ykJ%z%_;dg7@km=Y6i{SLLHAA393fyQxsd~rC`Wg7)2184C_RVD53PCM z%R#jq5z4B)@_ANhD#KeEI7^7}zEP#M%fr9*F_3@?RA`L#mf-;TkcwsD!%|`o$!wdB z))}}pwscp|q-%tzY@cN1;oa4qu85(*hAyUL!66QtZ{CVXN;|h5@6a1`_a+Ar?Z9cX z{aXff3p#HGY(s@N1z?GX3~0SVFxYM4C$$2iYmFUzpYuj?)xNEd)Jm96n)04oS^Ya( zB~!CzwnAoDx3g$v@Cuh)=NDa?TW!^m>6-{%LmUc8&>jx@{m-46wOL_sEYZdSn_DN= zSxPIGQO7;6w~>(+xb;I((#oZ9l$DpnHSxEzE{;q4Q~)ix3S0Ltt{?UilA8{&-vUCx z9M9$+IJ4iXBLEl#a%~ukq3OtS>Ro_Y9Kz)|m5#DRk-X*+HPv@Y{{D}6*STD`JVQ>W z`M@x9%Zf}U5D=sS7Blx9or+Gf(DB7-_pAfbn|J~-*w1Btsg6uq5H11K_xIXxOMF&& z|7nh1u`>H@_n77{NJr7NYYqni7Saxe6*{V!7HURhT~dSXu5_1Lly@FuR7=4v&!|_x z-|~rdV@%sUziy27PENBMW8d1@c4Lg&J?UJ~BBtB2 z1Fm6+)ecE6jMB|Y-}KP|^0w-ZG^lsL4Wv;AAW8}C0H0!c->Xda0?2d<9tnXiBsN35 z1Ew$xWx5sV$ePBGlPSnkTHBfTOnquL1EZFke_A#rZ6pVd=+ zoA}1OluCiFAisd^R*GltQsO2GXb$B)dJhlKV1S+-X@e{0uZH{OnPE}D0hPZ zGbw)o5p@gGsQErFM^uBu%$@xW<@0JpPBGnIQ{Xj{))n+Okk)m$oI-o&nY#^h&g1$J z{X(U+olKlwB^kWir3%PS>{g` z0=mlE;FUQvRqep)YPS^%5l{~TEj3>58!)gOq1MaAyzljgc?i-f0tIT3JQ^U=tmZ z1%G%=XfWF`L&46o#uVtPx4>_foUHvj&9Iw_>)>W&%GD-IE~DOzyh024GcTWZ_xi8! zk5V{|$dq^G5-G=dMnV|Pz#PF?%1|{kJIV_kMsl|=Gb~IHfRrRr0G{ptMbNz2PPaiL z#IEgZBIK5uravarDWWEzu)g`alilsT7$|w4^lT|>B>eda6)=qAry4*51(!vvf=YliDqlhV1+ z)2HVbXKzoRpMZa!y}1BK=cnMs$v?p_Cl@DApUOY4&{F#y2q|nr{j4ZEODC(j!=$|B zRGGA)PAAL>PFOliv2>JXBt^+b&>Mb9xWM1i~Q(>I7&V!6-br=XCuwSm|1COz~h)O zhQ)xX8x@8?)_ej!JzVK>%V+id58jOMMSP2^zvNSM|I5z7PVxSS{lkNY`(N+n`S=l- z+ulH1c_Au4?zXwswe&s6GKT9yEAD}C)YqR?-S;gQin+cr;w6sERbsAU)VdgAq;x@3 z`r$5yhr1Xa?qYbji{Y!ei@_xbB|qf_*L}->_xdkyX~fZNJ6Ax}-T%2iDBb_IxBGDa z)4e>G1T5f{*c(OY22gc9r_%Z{1M~D2sE%F;O35WrESA4k7aUV0w`pKPVdT%%R$u|e z9BXyeF`Uf7$Pwc*Ibs$uB3-m~G+YNvAX5oI)zQaw7US^vW{yJyZbTI$EEj~!EN(F+ zK}S|u5V>i%LB-GF6`M=>#YLO>oG_Kg@rk0=x|}M6>T)VMKd$BFQ~|msG3&`G($%18 zuiKl1WYSX&?P+)Z31m>*Ch^4Bsp)A)yUi)EALue@ME%wRTpWE(T;{`b-^n{brkS|%1!tjt1gX` zNr?TFT_*|W%0?n-o(n{a7B1)xTlYZaI4 zX~PnV#Nthpi2W}2qE7h_IiB3qYOx-#a`g%K!bn!w30)AJ3yl;56ct1c}r_ zS}pseN1iQ`0MQ5>#WFjCJoLGwBoW)5IU!s|0!0DP2e1pb*Ax2D4N5_SKB-Z$WF_ZIWRIY5z!(hH;A$n zGV3T?pWYiS)REN!1z4_DRiBEqh)culC#Fbq@Y z{WLy0*I}uR+_<=(N>}y^UCHja2_YeZk)!ASp`Ey;AF5RBiOcj}$feTOkmSc9kiHRi zliIpXsvMh>n=wl!>0}$@snrek7qyit_Cr3Dp`~tVFx{XcoSlt#@QsUe>}xS)papkn zIck3{cgkKng{6BSy>PQc|BBQ(UcwMf=Rrk_L>=%(7hJ1Z2D&k7%PC-T@2qH|w_YP+ z$k+{`L2V<>b-_X-q!UeLBMkJ78eun~QLxkMc_zKV6%vy|8XTogAX}Yp8A*ky)|PXv zottbKU0axMYe$|H#{KyGjWj)p&uh*?SqTNwRn}~nvbH%U-A;c|=G9H2+6ryZff%=J zhITV))Dq>yy;)l_Zz0D}NOzjG8X#(A4o~%CaJcax{DjmkTJ%I+lZ1k_cjA=LJFuzq@5Fht<4Fc7Eb)VJZb19N|iMO|A|3}`{dxH9a!mWG^f$`+P}9J~gC zvV^~~5zQ`&$+huVU)`sj=hMQC+WAR$bh)|aMnHRiu5X*sbzYxco(ywWUzuBs7}CzG z(B}yZm7AvC@9QRXRJgLVvmp*;2^a;+!9Sr0%psebI^wIh#a?c@^5lJ*zN(eS!P2){ zc^c%5zS~8{HK*)8aB95GvQpp2dQwNe%7xvu0e8N1)R8Nbm#<0fJ**OSWIuDQ5~Ym2 zt|j6nnQd?DkO6D3IOH+A32!Q}GFV@iv?})QtwdE_j@!GHQ>C%3JsW9|KleT))Jnn! zedkfg>h#8UB%4+fy6coowONzzR4lEgSY~Mc1DI{M_Bido95LS03ygd-PDgSqzIijU z4vrf8?_h7YVE^6O+1=ZJu>ao26GQ(>=6^zrw_121@9cQo`le0M41I{(t#8_D7BcZu zl)}-h-D-VvJpk>iXUxN-2V>l$6X^G@2jWY6hWR`(?voU8e@-P!;pwsm8AFt}RVm|S zDfcaJrIY1zbbS`H-W-LCu5`6izeV+gbZ^;wZi zVwG^sMQ(Pnt{clDCXr|mhdg1mq}X3TuLovGM=MYSgJs%pqMOVm%FYgP-n!eQWJN#9 zou=y(jAPcz?!vAvlHELAS;o4ywz7FRkO_Rt6YAy@VCm$pS_~}W# zh;&*&sTe;I^s0Q{!ynxJ<^6=CU?gFTl8G$)xKQv(>l;O__nPq6IDE`IDv9_LA=e_P)Og<`ClATi6Z8r7hWt#8a{IUM=#-qHD~>|j+e1!Oh>`NHWLkt%FTi(xF3 z6hmQ3eUs7q1AuXiqTq4*sw0Q{qa-cEt6+Y9BI|!{>3=@AzWLm0eM1rZ*|bFV%dhU9 z9wig>AwG=)^x<(^B4|H(C#y@YS*Nx%=ZngcV?|ZH(0HRb#Qbq%K(c=O$-53{ciLh+ zon3gH_MW|Ti0`tqOb5vRdM(rc%kGjRokW2ssJuMBso;!sK;#JFsrvrI54oi(9b^IW z2er!*FD4YhD{D+d{o-tpRW%o1(gaN(%czVb3Ob-If&b+i%%KV+n;;aakL^y50x|xd z0SXz)0sKj{%?VLQOemlr))_k;Km{im(Qt_vKMKQ?xsNE)mqX+vgq++Y;c>!6PueTJ zcY&e+(O*!wxYTh|g1WXdgM0_HRWMagrhDOt6)6Y0&FI9!f_}f+vD`zUlP@i|OrJ2cT<2mwYa7%3}IVC+Gl1fDU0z z)haprm|@k7O#x)!28CftzpaO5^yjs+diw417X3E!zaosEO>O>vuF`_t>jcPN>!f5| z7=~Rl{tuJncQ{GpEV)4deTb3IFOMQzUEGBi4V=KIQt;Yi5S=vuCB{tK@?H;iks6cd5 z6PqOVFU;0S=I~m+lDGukzp%6w?OZFpOs(q_bnhoQb=c<6kvaf4CzPv8NxuwF>SoCJ z%&|U{7{`S2u`vj2NtkOyV|DCjk^$yqtL~BtkyyBK{#~o}jXYBt{s5e?y-|#OPxLSQ zwf`=iBPYKlQ0~%1Wj%6j`$*DSHS%Qzs1Cpp-`#oqtlxk3q^jU$dWWoc8u7Ozn_+Q|uJ^vNkv`r3ut*0jbb9Z;A5dXQ;?;k##|K7_}dH!o1_1XuzGnzy) zuXq=e9!HeQc>bPBF0RgM+YOI^Z*>No3TPo@#u6T)vSsM*U?CNap86GFn)H=hN7k8QC$n>@QH3Y69hjn~$i;^)p<5W0;Zh?&l7V91m*8^cg7@f>%7)DDmGu8owG@$c~v*%j@46cya*QTxZfX-Gx<3h6N6S5Y+(| z6pDS0Ay9@8`-Hj(yqPb@hc+RWW^0%_Q#~^_7o5qxizIq%-f87R%$)N4_(qElc_m2$ z8FChL_E;*nJkwW<6p`=${{n({CO1b+ALgpWQa|Akv7x2VyJXI11?8I&;v-Jq>U4+; z82_qjWp*X`v?~G++rzX^JZn;G;2McKE5_5TsF~_{{aqcWBTAJTZ5=L_58X{E*IvkU zbrsP=@H~G3Xbic~P}-ULu6LMUdR6`XJk|Q2Yv*yr7GrgP>Nuf_BOBnT(f|58`-6i1 zw>Nmm|8YN$mGNiT0_Ko4_5Zp`CP+FIzfvhFlm}Qs!=X%;H0<>j%dX;x?iE{f1y?Lc zggFsX$Ya;O7ZM+a!)N_x{hrQi(J~1(e2gSSHMKYW<~_wsCg{-+56l~0-~Vt8iQ zdZaVM>qLpEJA1baw1Jd?EZS-;Ia6OyKq5fVED2$Hg&qlX08|&K{Q*ok84J*oIko$5 z4EcNrdWidWMnA>rvTV>RV)RThhX8Uo1fN=Vw8g5%6#~f0ZA4QXRX0&=VC@N~Z=zxz zII>fWEnAO3-J=rs24kI{1tZEpV75>4V!%0~$OCT}0x-+9_U7WHObdfxknh^N=v70j zF$~ByYd%Up;t2Dx>2K?;N?oIQP(5AQuL{}NR#N|Y_U2;z;?0jIV|mHJ_|?hf#p&^A zJUY2}dwP5_etq=nB(I`=>3Mly&wBDdBAaXh>-T>l8A1CR4?@9MbAQF-=rbvb$?Py}Zzx_EV03^6* zu`D}DkN6>xNuW>w3WWk{%N6E5c;0S5UoXiY|Czh~ry33}-p0K3zuVoe`+u$X{|9;M z2OAyqLb8BDhSz(u5$v!bEQS`x3#TTtf<8EnNnClKJ0q1}*PM%Hf0kZK$iZoQ%pJ49}tpc*C8j{3Z7us*Hg07%IOt-#p~}&t3mhtsxh0W3K$aTb2L2Tf6J^ z{~(W;-j_JLCu(wkr~OeBU5JHzRr~}=(1t!ZyjRlvRiS3IqSdEY1iUEY;Ud4{}1wznEfV`FZJNEYmqq4 z|7^Q$w_}yUt~`F3Cj>)Xg%p={BQ!$>xgMA>ju3N^1X?sEy>0_hNf0q?>vl8HLtQ==4Xn3=Jt zC13aSwIe3k^nRu%^l z@p-G;?mTa`yRFVn_e*D|>kP=H0OQ8t(7K?Lt0?h#&vKx+X0;q6zkoF+Oox&b#psx@ zpa)UR|50w+(hU7={u*9oaTa78-cd5PH}3@{^X^nPj2rC}@=xMAioQw4V)&%JT0a3x_II2nHez zs9?(SUy`J3Km^Yx35G!k*oAB>PN--D??RBTH~2&#czsb~$+QeYI^8IxXwX?O1YZBd z_ratbI&-jdcsY)%OvPhUM z8IXGL^~SPf88Q5Ej>xIlH3VVAN%RFL;0%BCDMCdyLe&HSE_um^lZoSng7@A>vl z$Fd4gdDI#lVC~+dVaYkp7lZ|c3sg^ykqn!tuY{^#Yta`)J1QVx-gI6>Uq9h@40f&q zCCd1M(_1OUA8cwv6{xnbjiDGdHJ^km6_v&Rhq}{fX~RN6%u2>hsLv9VYPI;PLi$&R z%e8W-%|tG~+?LR%(|HNnz0P=!&Kq)6X-{QO)GjZO?3ewKLt^#;xc3x%bOXx4XR~=G&t} z9$_9y>6wy090%~6tL2e25(mL7ZpnBWK+H;cb5+8rN>25LYGhF_vKq>m0e5lYaBI|I z5J%3_oHU98KCj)?QpMC}ZbcX!x9hg+J6L&V@#0KI=pEbDt-=V~Tix~M*RnRWvIRFM zMLJ3qBZWT{r2ACo@Kf3MklKJW@E}8ZlLL1Lgauhbi?M$hUFA8^M>I!5l>0lppd6)Q zm3r)C7)A-*gg*6%_&dckiI^q0pD;Smnb(CV9Wo&&vVR*XZt#jo0OzV^KTA~_0?A*) zD0Sf=;L#?;S*n<OS z7DhrppLv4G%rU{QW$5~fwyY*qUwJ6?S6A!*^tk4Ko9C_iKf&Ing+(zgC52d9`T+3~XcS(AAOqm4$uJ6NDFZpE7+SdE z>=Udj`GE4SRsLqL z1lo;CG7`r!VgxuhH`dp$;GW9`j&U>K=EiB%5DB1^17QFmtT6f#0MFh!IU&6j^GvaGq^I+hg)M8xy-3CZzyOoI|UU(bj<8*ew!mu zEA?iHo+)K*5(Nv*ZK>@%pq!|^+_2&t6VHpXFui^IoGjI4>HIglHKXJ$+mN>l;ZV)9 zgpnn9+*)G!IGSEcI`JhJ)k0lw#Ntjvk@sQw?%%TII17TNRSPWig3O=KQeAzNR?(n1_9Nn$|2XM+Jv#GyMEwl>AFk#UG4&Kaul@cIgclTEqsb>675#Ae8A&su7o z>+YL^mutv9ZeC|52bv{?UgzjEGSgd5N%_9amC7)Q8-U`c8bkRJ@RR&l{!-B;7KrA_ z?hUv(M-{LNRp9cBv)q$P7oI$Ea|Og9E}EyZ!c*g}(CAni2T-k1y<2pr^#1i9vSbUw+{j1DKvl8!JW%*pUm!5eRaD}3-~gySQEjNG`q$SE`X5> z<{YSDDkeRQQg|XyU1qhXPqAE0Bb>J^aV@oU4Oz%O%kF3wZ?SmI)gTbK;{>V=IL+cB z!>v0eEVT8~e&m&@Qp}{!ycFyTx!U<)H(lA^+$ejcd=tuBmIKoRdoE+HF1aUTnuvj` zqKI_RGI-r07wk7Ty+vxIWC%Amb}^g!{&JDZ#=W{4UJL^;qh1lR^5(`WU40|li2jd^ z190IQLKgaBpXr)B`R2xwjyJD`Xob}@G0h+Cx|rl*&*iOS7N%!1#DKIv`%OCJSL&vgAcYY*3vhXNC7S%*?*eoE=aO6T=qAiS=scOX#W~STTmzzBr2ykCr~gc z^nuU+cewwN{yIpv`SGsLFwAY)JaC@<_s(7={?AsY-C4(fevoI8D~3Y%Bi4>-F`o2^ z=aMWPMTt`Nxhf~%WyiX}OKKx>{|iYRmQFI>%T16MTz8EpdA90x5h4A)h6Y>XMpM=gP%-NTD$r6b%Fzq5Fl z5T9w+$H{)aX}~QY+}-fka^{KP7Cj%#;i+iuB%`oM=U<1n3|!M_b5+$q_ZAj%_@4$ zC~$qxRBfziMKyb?#z-9V<_3+36U{v=oeoyMZ>)y@%k$7QpP+gEKRdPfFS|QiYyY1I zdG5yl3oefo@S4PT;PFj|>NR`+))LyR-f>ZrK~D{r)UNxeRc;? z0t7e>1`cP#s@aT;LHav|D>Olsu3*wU^5Pc`hegr1Y#6d|crHzAH(?ZA(My_aY8&7z zNobe`6J=W}5C|iPvQ*pj^rJ6mFh~>SP34hLS`ZR=EQEWSfDmOKn+R&RWyT9T%7J0r zt*`Es=Ln}MIP{Agh_{F5Cui@DPR{r3M_*qYynXrc?VI=KhsQs+p5558i1_$vd?9!$ zIQ}R3((}Q7baZmA$_P>`bXMA1Pthm!MiJQPlV2oAl~WlGwHcFP-lKL;nISKwe0eQ-o!RmTzMEwEdMr~7jk#x%1lME=0a&f$R+8#qlE35>=?1*5B~c#(P@F1J3?FGx)3fCaP}MR53tba!_3!aJ1a zy-@;EC^2l=3~D)u<6u&dhh!9j$$4p@Erb>2qyb<2cx)=la5Dc;_G?avKpM})Mk(Yh z`)*4QQ1Rh{PSpEiY{h#&nK(%n?t1~Fp-~|MA&S6t-YX)y49)-?t7#xAt{Td?RoMgY zf9exXcela0g0`CNPpU*(nwOb28JN8Xu7Oh@Y~K3gk3SwA9(;W9{`Bb8aqE$8tTnWo z(N>%Q^|B3XU%Bl1n;71CCIirrv~sU}89kM)BWwFou&pMZhSrz^`0xRK0!MQ(`18-d z2|^52wX@%k?7zW)8KqUheX!l>#hZBJ2E6B@pFT~cf3RTog+vV_irWbZcm!jDZpMtu z=-246m+!2u#zqhQkfvrZxCK^0dB?ZskiG1qBG^VQE+!Hkjw%z`NUQ+#3rnFb3Bw4h z*GMA^gVn>nC~G+qgE@`0$dT42M` zmN7n}{ztSH+y_6j6c&D{kT`^WIDI8WoOiGf@6&{OBMIXb?88eIT+)PRV|?=l_GN?- z4Dc*py@!1`qL&idDeTV|r)NnGRxwPtXG$#974SiT9_g?T{~$q%z2dq;{z6qbI(_SQ zR)vk)z$IjLMV3x}rIV99ApiaaoiKk>xhas~icF-IyH7at4x^B#31MN%_YV(x|8wx_ z?Xe_WI(g5@kc#TZp~vD8O$3wL6r#HMLJ?LRM9NJ;>5g!#M4iM``Ykris)% z6wbQ$XjzU69)F1wii?7mC*P3{RpmPdP4?JWsW=`;5+a&_(XU1^&gr{`e@YS^MZ1_BvTJlTaqE2xEYE{A6Wr8i3M?+b~Fv{I;E_!%= zeDLnL^g5}=B`!*%ldS%eGoKz02B-uDvsC9P2~dE;A=dloIexzsmSvQ_OE2@hOicy^or6vXKFv% zHR=!h+=2g_{_!)@0n9u9ZCCk!cV~BP|NAfxx-%<*Cy#W|+n*f?L%TtzQH*8t7upN? zAWKKDNu2vdYsYI9h(H(Hghyuh`6RmAKj)ADB`1d$!R*JhMjSm zNG@dJ33s z*+4FDSAIT{0fj{suIun3CV&{z>XeFB#iE!ZOrcqoDMZ~#H24k#f(7d}gj_*UKo5f} zM_QiW{>8IR{I4O6{+CB#u^O)7a~7r8yL1xMs@A;<`&+Z-2YK$W|5qZdOqT=Z zo&VZfRsWy8?sj**|3AdD$oVgi0X*aQSL0X=%;zDV_b9SdJ;Y(pu zrbeVLZ~Dquety*pIw@8CLG4)9&vMU-_`ePZxD@}d=l|c^>a5Ry5ArO+|4UJ~t9w8x zGGxi|zaWccHiqfeuC>h}2ee3(O82j@acHd&FH)}EVXKt}=qhrHskL1wlBe#Qob`pP zVXS@WfE04v)nyEUyV^nD4Z_rz&i4q~<(HoQt@hnj@c-G~|8xESw|3jr`0u;jy|w)R zAWtPEZk`NOUu|H9v%_15J5VU@PQwj!_PFHnGrf$_g>|LGS;Sc z)nVo|7@F*Qy5}N~U#=d%b5zQylu!##IU{FbIVxpS`ae^pKPxEZjKqY7HHjH!R1Am1 z;#8~?F2jrJVl=!gy9LN0J$!j^{_f*%$LDWP-kg>U4bWRdd9ld6`ii(KCJ7qS+4-CQ z@BcoYy*Yo^1m^3{VkNWCr(eK5D72tpD=JtZ3A&u}I7(6*e!j5<$Q8rGOWL1r?7jAG z8~+Y{`1xjPXWyS3-EUtr=C87=1~}c*Zl}F9yQgoCKE8bO_T9(R<9ENmIsbJ^huya^ z_1u>cPfuxzKFlR(a!BZBc+%95fQ1({@ry+F_EWGGx3`+yNx@MG}Z;_U{U zQw&4z8ENv37Q1d|tCi>?YNSeTRjujmf4mzZ7--yP!e>=8Cbru+u^Vudq2sw8iy=!# zSsye0E5Q2yZVSa>-s-fU|I(5E>5M}dT`31}5=`6#6AK`7a5A z=;}--!#n042@n~bJ-jICk(l&Zz*1Iq6eGT0_Z&MtekX^o@yq$a@5cK)8J}NoRtK{_ zkD~N{SU{zBUTt+HS$M!tqfiuU03yD==QQal@Be&UgotyNL<1I798Tr66ypSfV{MG;;YH%oIGFFA}^HMBar80kOF3vSP7i zF_C2P%{tjP#7Pk1v z-UQq6#J^V~7El@Ok2Zv6;K^esNs4=f08S!CZjYi)?&F7#>-|t)A>BI3BtRC4TqTjR-O17%G6_+l%^9t z6bq+(Z}b8!n$IHtq@N;=%9sw8IcNOQN1ep=q`=tJv#!=sQE2ifbTF+uyPOL2F?34 z|6wRe;usn`Rk2WcmdG%k=-Q}u2|NGC3SlPnn-GMY0uik{rz6)uF(R?G)bXcvi&FKg8 zl@l#gav##v(=1A{wo2hj7SH8Sn@^rI@uEq}7e%X_#8J*ves(vG2>>J+*2dbwTj>2# z7)|{}0aN4a3|K(-8^*6yH|MB<(iabNVKrP{)PUjO3J6Y2($Ri>=ya6!TFnbOnP2gO zPOR_e4D_G;tl<1NH%RcD^WS!-Q#t=_ZMD1G>+|13JVr2}CkqCFcv>|9pBM0Xfnd+e z1dNyyJK z{tW}FFC9$%UIM944Wd3hfcmY1r%w-@-V`)_dcgDHsuH{%`MX?^gYPw)eKy^8Z6T zGxR^R0=@mElr^i65A=nz*xl7oIQ9G~aT2AG7X>|dcX+1Wr6d{B^vo<;R@&S#l$tY> zG2eRqyCWKmrF^m|jm=yCJA2jmU)|m9b^ON%c{bpTq$y28G{}KMk7y9UFo^n6NMqq}6A~JblwDF3m5ui#^sNmD=}@LrdlDyfz`lq> zkq}OQdg{WPFql9TVoiY(#593`h19j&qqiU5rcpwz4LFR(<0ypR4&Q>$5^lLembUO; ziN59b|DCk(U;Sb9vLpZqdx6@dE0yU1b~uz+&wnai(Y>zUgp7uGX39mm$Q|KHkx z-$=rujKj&%F}K9ANUR3SWj-Y>SuTnGWx1E!i+tL$0v4t;`6vZTdBf_lmZhRjDvy_M zJ@xq9di|dt9~`|tcE|qWZOrrkZSPe5e>;1->-GO2&qnj6Z2j~h-}~Ec+ui%~iS}h; zM^LmbI|~uL;v?SIfFa%Qv`&<1t|Y zT*Lb$fNSd-9LI4${-=N7`?oo=@G6V5Ami|kk}+Jve?>9>htU@=8vi$316*UPQUDbV z{)!Qa-c4fBtg<%7U))PrjN^1|U1PiQU;SU{7ye~ko5{S-5-Q|3xP}OG9>O(z`f8)5 z)$V<@3uUX_vrh)6QF@k8PQ%pRv~wkLFU*2K{H=AtcF!*Q)XG)MP8vl4w>RyS4DFuX zal3BYzPb4X*MM{xD_qhDFgSP%bFxw(rS#~6WboRiVpCN~XbR08tt*kQfv1U}&ujQp z?xH|U6~f(LR1yVADAm@po5g8>0kmr9k7ss z8Cw;ZkD5~i$KA#jlmQG}L%=w~{_tlBHt~Hm$O4=)_fQ%2NkSpx)USg+pFtow=;)Fr z3G?M}$To7qLimg;@P{OXKGhX`A+1i(=0{MGVK(Aw{(;i%=Zs8T79nzK3<{ec#pY_* zVQCr8;vV@%qYbyTYS%1;kBGA~80`8ei=2G>yEMZm} z)P>ke#V5>_Bk#(QEd$3H5I|qckGc}5I*su3bTvZ6X={R**D7FQ%#?3JveI*-nQoEd zO8x+N{=;nSzLJa*>azr8EhSWm#Vh%)pwuFbM!B>1Lxd$KxFrd(5!wo9u__ka<7_J% z(cEAuH-9px`MLMYPPeuR#_fHz@qSXglmzlxi9E_AL~imZhxI9_ z%M$A2#S{)KkSR3Ntgb8*iX0*oz@sbRqbLh}9CJOyqVnJ21?4Dcq>+#{;6!O+`_v=i z?-Wg_83zLWgwX+vBMcEPq?3>dS&RK!p5>4N@u(?)b5*mSrKTbl!YFm&AmGs^#7Ym0 zF+kD?@sUbj-Eu|S+ozC)3FUDVa(1aGaZa$l(wO8Vs6LuPR!)){puC>LPiz2_D8pFl zHKlzTRh0aTpoPHzOQ@A8vx4V^C_W3>O}Hch^Oa^7Id=EBJU0y;>g7pu-y#q}1MNKMIOUIP3e(~9Lvoh&$p?(JAdswttM z#QB1&Y?}6Fn}uzUn7axVClcu^5~h01nk6>zYe+R4L7oCEg#k-=>cZ)pcgH;q#2ZBs zr{%VZ?=yMHRJdkKips5e(g-lAPceo1{7ynYXD=j$M0!xyhpx%ariobc&$FjgyL(j8 zDb-3N;A|K!OAPs3&FT$?rEcuVG_3AGo{L~4qg^*)B)&WVCT07vX$%3Pf!Za|%|=PQ zh4e%nY=W~Wq<(2IeUg%u^+PQ?(TndxTd{st{oG#vLy148?$~#SQ5sKA`eZzF^uL|% z0S^K2{$ADpcWY~B?f?5A&)2WHBPZB6@2;G2Tc>rZefNutcvZ+c%#uV%!BX3Dse(u` z4xbw8tIx9TC#$K6koHS~!igKqz%DkvwLg zQAJ5SKnYwn0SALrUhIl5xpQ;3$m_Rq7s=jx51}m(uPS+M$}` zralbm{YHi((C7i<7V%PciK1f^0ulJQYHYk{Jf@*<3{TTk;U{Bg9W}Nmay%?c{eVFd zjnxqaeWg%uFB(N{M{a*Qh=L%x62qu{sx0f%r%z}|V2wmkJqL4cnnbPjp0s|}&-z(E T%Rm1w00960!fhT70EPnqSyn~5 diff --git a/assets/stackstate/stackstate-k8s-agent-1.0.68.tgz b/assets/stackstate/stackstate-k8s-agent-1.0.68.tgz deleted file mode 100644 index 196608860dc1dfcaf71030fa800466c63cc399c6..0000000000000000000000000000000000000000 GIT binary patch literal 0 HcmV?d00001 literal 33332 zcmV)`Kz_d;iwG0|00000|0w_~VMtOiV@ORlOnEsqVl!4SWK%V1T2nbTPgYhoO;>Dc zVQyr3R8em|NM&qo0POvJf7>?FC=6f!R-Xco(tVm_B}(#ZqIB?r!2t6D#-V@3IOM2%^^A4l z3`M+mJcpEfOSlOCYa36$-|rvn?aBZ4`~Bj72fK%d|25bXH0pLRpLo)Mx$a#o7OnN?|98WO{h9HKN zM~FI$1(?MlTy`V4KtnJRTs0D01&#zqIjdYH6V$y%lwlGL!FPZEe&7wBd;Mv7^?g-d}R)As@1t{_{V#8J!zz{<=1ar>gpAifYJ&pd2 zd`{>;&}2@?RSN)xPn77+Wsxq{Wm*7G6cdIyq01qd;t&mcJ+J4B>BD*zRnivsy}tKM zP(+arx#(a{6VwV2^C^zGEb}u87eK-TQ$hisqf*~`tvN9ivSF_`!+f4hJfAFjvgljP zIP6*drTPl{0=}t4;f<#%CJa%ZL|i~Fz?h?O(bbJxK*kXjU?(B!Ii*NQX2fIHv(^<_ z-Vhqd4quQ+bQg|htu7!FhUhh%;1Kg=t7{EvYXNb@A&wB0)zAXsa0p1u{@<*Spf4Su zQC4>ahoqf9@cQ1tv(}fMeqa1qA^$_-Uu^|Pjr{NL?j4lm|4#ow{@=$_6o`$bosk?u zD0tSK#Ka-v@C-3N1Z)m>_78^s?qv7*;m-5vWDxWxhkHB0;q&K{XS>h)`+En6(;%4m zXlFXu_os)`$-zDf_MY_*e1s0*&Y}No@T@gM5u!?Dws-nFyWPP~x4(Zm=nwnPhyA{{ z`+RqBxc7Xp_t*Yl*zdO=rg`P#od4G_Oc2|e0=RnqAM6bd2F3Zmd$|8F|L@~@X+~t}z4k&pu?4%^1wYBp;SvOBiX)UmEpWz37~*KA;IkYi3zBSJ>ycar&aM%qI6wk= z`detA;v*na`CF=kUdt{&1nqX~5tt@nxDt#hPykh|C&9HI0S@U5@zIiTv=Fc^<=^0J zq%~vAK!Dk1ekYW?_atPYLC2;9s(ry7ThcrMDj%GIO^reR)!IFUhe-r^61=yE+GSM|R zbHwLJ>HaC>FmQvz5KIt2qJ3g5l--bm1ds!oL>w=W#HcY0!4!rJwOSDgkla2DC3B^J zdNAQ+c}$e)W*rDOphh(qWj!3z|D zUMwnN1{NfV#K;GDIz<#kJY074S06@#JN!9}W+;$U%{9uQD$;5Jz&*9UhAa)e zpcO}q!!S&lRBlX>pHR$~qBqe8eoUe%o+VV3v7}$VZUoL^6piM1s^u&y@(GL=Wg=m` zs3kHj4UW!VfdvVY5EXF99X9|G;x~j|T~g>Mckg?Z7+vs+|xqbX|P zh!jlA;Jr?di)s*tWcE_(W?GjF$!sRHj%!3Gg2|R0a4l3*@j+>EQhgmt-5zy7fF{YT z18_7Y9dH9_)B%W6LOZ~xm}4J?9jPRd>C}+(NNoMY?vx?k5nU643G}a|8avk~7eW!s z6KJ@={5=#6JAM7*S*vAcg__$e8~QM(oYeM33c*tqja+lcGl%p#td?GlF}-q%DfjBQ zlauEZ{gxoMQDaS2XLHk!>*!Q#AS<@mh0m=xh4>mph_Q1@CQZd|u8w2ACrol)u9(_` zc;!j0cZF-CokAQY6kX0KVsjEo{O^k|-=|aDR2G6~f-*XaHHKh!6KZgT#n$5m3gL2u zd=drnVD-J@eLYQ%N<%Q%--NChQA`4xqTHK$T5`oVrGh2C5cc`8D!#0zrC4JK2AfdB z@dA;A+nthsRZmI2{1EJ?(h~-F-RYFCR6U>a<+d=P3W(R7QEBb1O{oGs8_lUos%|x@ z3Y0aTRh86iIIRkFtU0eLso8j973f)GW>wNso?7ygODnA)Z7ppyuZN~kyjJzBD(z4* z%M?)>H&4wx>I6OlFyx3vkY|P;OXtu=pSmv3wac~jIadX`g|^&!4;0&QH=wexC5l&) z>DVA04xXXsaI#ywL2}^E?~_*d&?dX3W<0pwcBG<%*4dWi@c(gkCrw%_{&-8mWPvUa z49=oZj=Zrbq0}bYn-j)UbC{4vfQZ6{QK;A)ma%9Vv4wq9t~s~bP7PL^qpgc@on2Lb z(_K{sC7W)pZqxeP?Xh;AsUFB3zae^!ePkQ~en}>XMu;N@%$MAOL<^Yr4m+#*;PGXw z;EDf|sRQN^9ES~h43(Nypzo8!XrB%q*5B8dAwX9t97G0kOc_%4MCUYW z74>08rd&xVd8BWM%*nPw8E-~jp@sY@H3Kr`T`ANhIWrQ%Xa?p8#&XUngLg-MV=$6h z!y;iEOb~#SBvAmK?f*s0tj(4fH3u`2hG2KE{|f)mq#<+8;}M6P{g6zjh>q}okk)k= zfW}CZxf&&l38I2hQBUZ-Tsrh!Aru1~87s#G@f(C9wa*4LiC9NFYk|G~l@$M&N;d@A z`2Q;xy@>#;0H_8zNE?E^e!t&u+ORVf=pe^_llBp-{+%|{O{i(DaYHzbxF{7eCyVBb zWDHbt05qOhsV15Cf>N!)8jxr%QyWU{ePs#`!OpX0bVSPOg*B!mtx!*kDLMqZPPQme zV>Hu7l$gRbROn(uu)EW0`AQ2&g^N$ZFz;1lm+-RB-c_o9oLr+wxwJa>-5P+Fct{nt z07*PWXx28o2??(dr`T^w!$Oy?CPKqolZs1qpkeQT^%)0voQ=X0u`h`LnHX;wvD=~x zwE)Uf1fEwJkIqkv^l40Dy>3n&iAhM5p3$I_xG7%UO9rCVP2!`BIx{_(Zs%4JXxFGc z$H|i^!voa;M%A#o&vw?JNEbYo^QzmGnq~;;ETx5Mm&?Mysqj0)o2vRTp-4J2G40J1 zV8$t)BpiudDF~4C>O}##A@oYDr{AQ6z9<+aLU0PGUd2Ug#IoVoN=1?JfW%9`REa_DY0Gy@Hc~Y@b_W1 zozsr0F$p@B|8_@eARU0X@7XW__?v_;K>Urv+2HR2h8iRD1z<&H#?Fc+*;rjk7s#T)zR^mx#Ix-p`OYCxHFgF$=QK>rREN z=GyZitJ-{0ScHCEGow7nW_o1Zd{I0#Y_f!>mAq?tAPG5#{(MoXeq}&}j;IbX!BJMp z187MWPnZXI%H#)6p$ z#Ens>r(jL6r^lcv0a^9i(2y>yjflufr&MIGZb1e`afp4`urDrDX}dEl0JmWV!JyM5 zY)HpQ7qhAA1I0bn@qCRL07#6_J){k zthdBybhO_R!eKKeR2BZGtl$-_q6$oAF)b0}jy_VyM3uUc3`bIBJh5Az5sDRy9IGhI z1&m`ESR_<>YfCQc0E!?Z5y-3b>XU}H^uTcjS6iZn;3!0tvko}&IljgmBh~@OGI)}8 zz!{$-%FNiOwNvHKoT#jBl__P7lQ|ERQK06x&{t^^sd%gMSxv_}_e+(PBETVd-fv}k z%qtkLrY$YzE#QY2kVA7mZNdhi480Ou;m;w3zC0T-r_}-E5X6+ki1MX$3CJ`mLmUc( zqF&gMWX+o+|0=Uw844EPf2Z ze!suJ3a$!?KW_>>E3TM7{ZnHq%YwBI{)C*#AL|w4@^i2^jvr~}H>Gh|ep62TO(RBJ z(IQTO8^(rIdOEe7ZsG;hw{;3HpT@34um$(;DnHegc(>;0y~-bTB?Y%~>2~{_uEe(m z=j|&0(v^5`>89=UBP}9a>AB&G1gm%C$RTJNLF`6V7fkH(HZKrxd*AZfd3gt36e;%WIoG$Qj7kmmAKY&J5_BsY|wP2sRK>TRP8c*wle?X&7a&dWCXgAAcoInnOh6Dj z2fK2b(-od7)M(AY}Y%K8xyE&0p53!-J8$92s7IrQy8%VmH zI?C5|pf4ubD9nYg*)KYya$90JgSbr@oI$-izvv9d_B5y_9?>evl_i+17b`_GO(Jz* zYVVy|89?=E79K9DRdHXkzoXOVY7BRL_*{+n-p-z@Nw}k<=W2v^eDYk4_^u9~a~SpM za_-EzYMRJA!TuZxtuQ-pW)06yb7;47blL!9!;^%AmB*$|JhwedXa;qI6Vr-Ae_LJO z`kBAxm6}6;n}o0C%)hW}+t&HA1#_#%%l2;e)`uI;>q?6EoVac}s=xH4a05!^^>OMD zqw=$3H5J@(qrU2+fq!dMuUuGa(Ph6%;XA@zLp|KO+v$pJ{nyf9se@AJi0sqZ!TV%t`R@Y zp;k6NxpOO-%)>|cTKfa00k0`d2@Qu2S8;t^&#L>sggUf<-oF`%ZiS=f{=ePw{eK4s zdxMAjzwYDt*aD#ats3d}5VXy;eqzwOngIx%^#Tf~ytmUIJn#0O_jLJ=tc(M@V(u!y zo{qbdJfw;Xy+)K*dXIXilOD9ix~&Rf9?DY1%TDbJQ5Bae2s*`upyXF6{n{BFZ50dH zwvE?9Aik3|wc9dAOrS5-HSgS%%l9SR@~v93(oz|I`&B|iqcgut;W;R>A=>XOs+1(p zQe}O1V6LcIXi%w9ZLy@a-{rnn5GlXO;>EXRQai=(G2|T4NEG=$zryZ+`rYU69_t_f z`d9Z~|MK2FHSeE%+s;-0oQKvu@zdsiSt?3}N?EijtG2+GyrVgi@vyU#n zArItxR|RO;9oL*Yblnxh;-IAts%l{xnc@6ij{#U*c)l8$Eb2Y2{FWj6wc3qJZ)6FI%Uu2&nC~+*jMRuq>VwqMo}O>;|TMy zF-*(-YNStbyT*r)m^*B`^0)Pys~4`i-9of*zOTgu_esR5n1|GSltv6H z)eik;PAL8li8u^n5@h#YSrawDj3%*wH%Wq-Ax4Y`p>T$zku(KY%5-8k^Vaf6z+zW8 z9*6R%c8pBcz0CYs=p=PcK89?}t+YWOKdw(pE(zEtz{x-1A_SiRjsmfFer7OQ28?Z> zE$3sZz-<~XmXR;L@I5^8sn!3CqmTO3MBOVrtM$LZ!CYh>&hEg@su4e^N>AcEZN}3Q)k-zjqZ4Zel8gY_lB0wLIpQV%c$zlPcUYsB{I8*860#z+4(1JkR^?{{bvSCd29p%nU z8U?~vDX*qVEg=^3jZQA!o*ti!%SbM@BW0qc@j7k1x-DIeGmB zWlc(O!slISd3SGK%8hV$$m-d-ipxg7oSu*09=$w$addfNusB46oAHl-J~{qnG`>9g zX?%Qi@#6IL(aY1ze>R!$t_Xt~o^nLuI2v^Fzb-G1#>Z!`e?0wZtbGbDiqkkfGf+U= zb-n-d$Z8j4v;aj!$3zw1#A@2nt$(>-^&E^6dER z<@ogV=v)of8u(&LIPpn%8j0mr?oFHFJU$tX8cN@FZ%kf+`1tJg<%;(xcH!BdMEdRpq#`x`n_f zxR))PIZT(MZT3@PnQ+XPizE_TG|!g_{6@sT zLR@IcPL91e9gohAe>u4vpC4WRyw0?&L*qEsl&6f~+bgu}fN#}}8?U zxRt?Hx8%6GxT;&R-0Ik=GS7*jPHo&8mP*k1Y_N0C%7m=E95%}qs`cq1xI8|0)fT%g zt9F5}iq!>4H<-_xwa{`6D1}=INZO#}flnaPHl@LiqwUJN_lhJs%kXXW6SJbJuRg_0 z7LatwIB|90cRSsL=I@^^G$|#a3VH7u(jHBso=-86|9GOH8*~cI5Es+|O$%B-8z8t+ zN~sfWh$lV!dnJ%)$|?bvZPNN0DK$*~vUcPK==SxHT1tI)L93r-4 z94$qx}~*LS(UN|KiKqtw@-8Xf9^*6wfq2T?EiavJN<(Ff9G)j;KBZXACKGq zpBwAEA3*L?OYG8XHaEEgK4TSE2KACL{uY30&GOFb>saR<0F06T<3~$|-l=oJ-L|6W zBC(d&fdg{M`5@hyICd8Y{e#^H|AYtsgiYAD#;SICHa{-_%Vy9S znR1nd=_OuZ?#;+6w2(hnwdd!{%k%N*^5}9j{^8A!Kb~BSN2mY0T7Ip>IOjYbamd*Z z$#jaSymzb)_1O<%A(3|YEm3ebVWNZONH!zn!SUb=J06s{Vtu(RM!rTU|H<4N3IhDW z%i;I!a%MJL074DB`g=0(Bm1e838=y%tD8#~S%F93XQ+a03e^E*5*Hv* zxC9f5;1$afZtIX7rjmcDbYL>myNVRlpzqjT_ekbkG%4p%zyOrSc)$q|du;JvnTH<% zl5lV{ha3^%k7 zcrg?Ug}g?CFJtumLUfBiM?>(mCud0SY3t-eY|@QJR;E;$jL&Q7a+x*Jsm>}@wwo1I z=W)jphCKI8g(+O1Gb2Agi8&kj;9yt&#EVffo#GFm-OYfR8LWssrbuRxO>qcCdI^3@ zV2Gy}1pvmeY=+nR2U5^wc`k5>CNVHUK1>(_j4X2bU}fW_Ek#}LA`@1q%SGhk`&cKk zeerrE%1SLNM*b78bvgx9opCE5dYxoCp`m<-v&6D8D=rjExgcIs+pM3nZ9}&#(9OrR zdrg_j0*(4#2;ek9kZjBF`{qMz(V2FOf|9ojq_pPVu1#P}am1&f{TJ5#3u_mkeH%4~ zshO_oca9mYQ5F;F8c`+`Ey!~Dk5ws|%A@IM%PQ^4w%J{;e!tbIEw$mVQf=5|rjf-W z&Gy}pU{zQ_gmG-;i1IM$HQX9o+u}J27ap7UWJffpsyj^9E#o(7qMTN#bTX-)Jc?t} znNC=GkQJy>73-M7(nrcr7BGS{6m%!cJWV5=x!yf6xhrc`sAaOSlfN`(FIBaxG*{LZ z_{_^5(>H5co&H#IAo$k1)QW`n17t{UwcEP9bRcR!ktYdk4tMqs1a0|#P|dJXz`nV7 z38qP;uH9@#d-3>C@i5?V=rXS*RGn?OMx{YNnd_ob#Xs#jryMRM*ePup(k@Q73Mq!> z-JMVBmXX+?|JQ1Kar4u>8&+5@PflzhA35Q ziojRbs#I1kP!u34v`%#@E>D?Kl?(#2IrLg@n7jb5cD3bkC_#Btf^LJyAizEcZTYsH zS?M63dz^TDj?^pVl88R=Hu(05=)Y!TQo`5G8*{`C=ai-CcY&uGY8|i3qi(T8s4t!- zBX`c8o;T#HJobzQLYdUxa%R3j5Xfl+?j4CO+&}q{{gn9}yXF&y)Wh^2;iNED-kuFY=B?g`9Z#z#m z!P# zkpA`LNp9L2E_MCo?y1Tyx}PS=ZQhDzRW(D=&5AP1V#9PBe4is!K!2<8x;?dJNtluW z@@w$ph;Z;2En>dRVbJ6jnPga;el}5`Koa5K@`w3iH&$tWbxV1%HIvywZ{~>4k-8Bq z+wbLbE^BLnxilIx>%LkKoK68F9YB@P{*KcGeWz9?{VF1SF2wRcsqsS1*(u zxxO>hZSZY#Ia&j0gPl=sh_Eu?ugFF1sGl+ji~{f&{U$+VlXhyf$@EjKbWg;6`#xTE zUM?#Hy=)A}YC9RUfoBnt9lnEoQ%JsF3u}GFcxYL z#gHRFm^#%ev$;B*BP`dk3@xq^Jr>I=MWFqE2Hs$=+iwH!*s^hXza$f+kAJ+MFgGVb z0#5$Shp_yqc5(^R1WlL$q82yzGoV{0!h7~`KPN#YgF zZ2?ef?aIbk8FX2q?z|tix)v&VO`n3P4|b2#jil@JS!5FWmrKjne|CfS!;^c~lK;7* zw&pl$mwd&hEkCgZ#gb$I{bQtpN>>ckOi|TMcBnS1|rvECPzYvU68W%Rysb ztReU$+TzJeQY}hXnUU{q{MVWP*)=Qc34pr%|NDEp#rc2Gf0+OG@~p4_!8m4_s+Zkl zzS-<Q9cMbcTc}6 zU^K*B@PPArd*yDKySBa}NMNt92M4KnK=-Z1JD_mIe$K>F=hsp6RIrJ7RGf(?0&S+^cdCI@`(vQtGMdj34Eq*)<|LvZ@k$lmV1d zcvuY4wCCk~$lnEHp2D3l=E>g;W1hRdBgSrAjs+x1CND{z1IpP+)Z+*RQ%_Yun0js- z7N#C&){;Ek)!9U9=yzonvA$I07b*8zHQH_D8p-2xWgN*Nter%Kh{8PhVxEE~psP|2 zlsl??ze&EYtP2gwl~*MNsU)*OY7q6TvfC6Agw&C?I!#E4)cRy0bqGr-Lo6KYPuy)y z-THJQSqkIo0o03aw6mvId!}@{FtjraCu5lXlnUNN^y`2sXIhIBcvo%)~7BXF5jHKFRCv&33GOcBlo{~3Q5_`<4Vq+ zesd*hH_yss?YW8E=rREF)Fo-JhP)yvd)lDNfNXA|b z)RlbQJgzMLUz{--rtRN^Gn(h?Uyn7KBUz0f+q~^DWljXONRr&SJ6S?y2 zr|=5-_SLiY#@rb$o#AiD}%l5h8CT$*JzCcSYFJpJOV9b zO35hCWlXU_t;n2GNkTb~ih1l@0zp^0H`;jw%u~#wP~le9dX%P#(CIx?o&ecLX&meg zlIb**o0J^ZCE!FSppe!q60JldfZrgXm{6a23J5fbJSPJbM``7ygcXixS-mywd9JRm zNZa7(?p5g3V-f_I(M0A4nk2ytHFE^0^Zy*|9TxpR_XiL5|9g3w+5gj+ciWTs z==@YW1u*Yt$Ur-mW}@Eppm$D!7b&OwAUUO7^dm@1=hF8$OH2@l1KWJ8d=DI0eitrA z#<048AKpap8sboN^bidGSS|;@8yWa#e%6uyT1|sWO>6E0R_p({vtN+^yL-D2`Je9P zS>OLFb^R*%sQ+=?zlvU%)s9g431K-cDWoMYriR{8_c;D_^FN=ft!&S2+Z{@=$V<8j5bxIk=01Z5cNdjzr>bYUNXZ5|-xmK$qYbM8Sv+3)3Y8iIAHmGf^)>9rA^X!e@PRLNbLe?tDa5qk!+VcgbfpaD0OqwPk(=9CXK8#~l;{Rf6Eh2PFvp01;WfN;EXRqq}Icrtg$?2=w zu`M)T4zTrZvk^j3knOHhTsWFh#2BjRXY_%iNN&5^>V>{u21he3XdO~0g}E7RHXr$v zME@oei#Oz7PFg1dTrE?i5RE9&f7cC)UB^{^orVhO9GNxk&BaU80&SZ8kM3)e(63zv zUueB7&N!iPhN{M;*dQfnAm`AZTYN4+l|EHAHfyfc;H=5{^?y_SZ=C?}y8YkbVfp-T zzyF~B-N$oBk=O2Spaa&{NL#xIO6|yALjpkJll!b zE%;vF_jEQCTG?S>jK^x{C3DRT!6yk6N0^Tl8xQphbr^2hCG~zuSFd)AckZiBuI*)8 zS~10&u@5<#5sDETR>PA9Ooi6VDx|3dZP$^$LQ!ZjCou`hY`JNhF^R@l-!-?Y;gV2; z%<2epPo3TVOyOCpBeUa$70q8`+bc5&>s@a?G(mh-*@VVAb<)@;6y^Fb7yp(Qisj5p z`Ix{1;L1g`MzSl1?@EL8Sii?$^oQr(pS9Ni4HE#=#Q*Q_>=f7k-TuzQ`R~0v+l=i0 z!dieatGff;ZIP)<918_oA-bj6-4T2CW$o^Hla<}}KS}WZ-G}Tu;|>4dG5axIE%0+P3vDsU0 z$jZ3vKWBc0#-Yddq+T6++{`n{-E_lDI;wnCjPa_V^fjWx+P1$M{L9nP z<;m;Y!rekTfUhYVz}d@}C&#&*5U)-yFHVo0owU}ul5u>fZH&3}7z3m~h=XpUdy*(laH4Ue& zHUr)(xv70@U4nB~JSRUpV}5UK2)m!IQI3b0Px!Q z?|$+AhrPqy2mh~od4A`S-Cwz%=^aLTe^n;uFU`dd&!*2>@_*gHPyN)#e;57#2M7KA z2l;;=&zFh+{8I#e<^m$ESRtPx$WbmTDVC8r;#U#};^V!I|Jw6^t(za!Qyc#?DEa>l zb|3D4yq9N#iTfuE{P|r({A@J-Yt4USCtFhmsNMe!O85Wm96scKxtC{EW|s~9e!rTW zF3zo3nuWLEHJ5FqRNCc_A8}OS`DmtrC}=1tC*#eG$&G+nwr7V&@|t_WO?HA0`@lcr zvx)p)Hvw3k{%8AIIt#=z0HHUw@p@*w26Lx8x^3#K>~0?Sh1= z>?u4BUEx#-4OMKVAhLJ$jQtN7KVA@hMF8o_W}j8GO0;B2gy=5bVv ziER+dqmR58&iR&2aflSO9$&=0^n2#3sm`l%d1U}#%g7(A>$-+u&{r;H%%?C$x@4N6 z?%!mh>5WOywfxU)SJ5C}OVt#@TGrCkd4U~*fR122P<*g-?xl94Om{? z0~N&{fy+4p<8ci6d^`r20g8T0Fhv2FEagp9W>)K2X!D68e<9^T>cKA5^4`;L2fe34 z*ya5FV@M$8!_JKzR^fPjc_b6FQ*F189N ziF45gGxT9-=zQ!wee#g<=TGr8*Z?yN8rfWz;JW|JC0=Ec<`$Kg9pt%Tv(*#dufdGTVwD*q0LoinekJx0P-FqhF=eeE#2^{r|vW z|L;HS|L^7LcDq}&@2|aT-LnYTj(tDZN_XimX5Y_**`Lt9UzFr`Xx}gKz#rYdpX*zF z^zXsj8T`N4jXC-298Ce$GtS!^t!fp@lIfC|5+AWu7gbas*A*KPk!xTOG2;QCH!VM6 z%J@GppZ`o4e~k=_&edNxgkI&$k<#vS`eK!dGHdF_Cdx)2Ha1a~=Hor(rOjG(*GXwJ zO!r~#%&^^;xwC$9T_h353*`9;<76=+{uPq;$_!xFX~T@uh!l#(YLhhEW zA|y4XUa6DF0{r~jMu4IzD*(yfGyBiX#1ma#9G2XGG=*q}Kd^o}p{HM)BVkL{lg$i!0h%PU0!X%GUG=$Ze{Mv# z>OdEv>PurHn@tK?pAx@38N{L$VA_Os#Qj2L#Mh|Xiy>n-K@q?GvUW74tmn@tN#f$@ z%9pHe>8nid-Y_$^)A^y{W(wq`%+~gQ&G-K?31Gqr^I?eS7VrPw> zQtDgkteK}+op31M%;GV}8Z**Z3bpRt0`^`*zQlP?uJohQV!z9veP_vo1&)rwkldgk z?;_>LNrkvJ-Ji|Qmw17>*_|zLgcr%e^W&tbmM+kO(B=eC)|3H=^zd`Qr|7x)Q?;h?H z*8l#&{^7&=e;-ff+AoIN_5l<#_GiNQ3ryciwe~zrW;oJ^MvuS^Wa?*H^7Q<8#n=2n z)FU88f>hwa`RNNVB@_f?CODG?fKWWc5eN`hX~;7$*|}8?gv|1(fUp4c0H;Dj=t*Bc zfFlmCEK<&8N>Gcwa}$nnBIE&75!23=q$Pu6BhYgtyWqR0->IS~urv1BOBzB_CvQzzKl9SP4Xt)+4>g25OTH{wg=Y07ik{ zM*_*TErwnS5LUd8!flO%E^-!I2Wg4C1+lFfJWiCFs#0Ey z?HvCx&`kQ>}GrDmdfvO6Wu@>9G#yk?>l{ORm(mM(5cyciul)>h4IThYpnm9 zCI4=a|9kJC=>Id=-`{yy|L^13LjLcs-RQrZYh?;!qbf43a}wet}FaWBvIV!M9-%fKHx(RamD zGyl^KXE!9X8IERMrATkn{xj(JOa7mS5BWdu=P8{3i18kY@qVd>+mq|5@ex}Q3@Ue5 zx4tN#z-4(sQsTvJND!r{oyG9C1f`im#kM!4zYSx2g_dpb2}}<5P~_X$GYj1}3&{kA z9z{OF*N7g)_!p$lilwER&>*K3y31D~GB>GK0JD;P!WuyN(9_?Cq`VB>`^Re~Y7;#6q=IM@o|UbOYm$;RX(a;Jf>~Vo zQ?GZ+rT$Hsf40xDYZB0$fmZ=O|6TL*mtoZ+^L(oe9-mz z(;E&GKJRkzt?o*Y3`n!KRbZen3XZ~f4qqn=u)EWwae6;+g~V1sW?pq{0?-Fe;YoDu zvGfp1s(qrGiQCeZYfyga$@UdKPWkW6QMkafh)}c*9Ch}egMPvPf3Uy%aR2}PJdeOR zvVZh-s=~=y5db$P0Bi zzD6?e#(EEfZ@sW*XFt*0Je#I2|QxAh3Tg%p#7fzuZ!tmVa&{2Tea<>3Iqo+?Mlzgyll z^GSeutq?~X(ebsCV=`~Ik9#eBm@Ye@*9ysuct_@$fIo+nOXoa3M_?ohjzmGA%%-i@aYCuk!BoL( zrAPwI!25yM_YR)DZ?&F2{h2IK3}_kE!%kWUbaGaFHeF{{&vE`^>Zw3qG|zb*<-9?myyJ>k}|Eh*i$khcE%^ zR!uT3e3@0+NVe2V) zUs5UG7v9>}z7@YEG<@G`UCxETrEq~bqSbZ9s3IZNOhSF#06~->QKueItf6@29Qs$D z=mOJHv;ZWMrG2tkz$lQ?UA&X*CKrNyb9K34tM&f^|(4R{^9zlN&I9?zCBap;13Iili#E4D_U7)~I+-3$}fPDH? zwCU+no1G*dK-na@y8t&N2?H=ezY{hn^>+z|Y}UQ-lHs3EKpS(gFE0Hi=$zY9n2aGJ=@QBk#^ z2LjCGFVQJ-0Kw7uE3hCz5;~|?QR#nQFMqjImlLC_>;0Eg5((7nKfpFLnvqI9`jSH;IOlOpxH7nf%O^ln7^GLfKy`ly z3P741s?@qQMv5j;BpapYw1xw4Bt@6JOA>`k5TH0DOB6^>DdH>L&669%)9Gu%&naRk z;&KqptWBqlW@`Ze#1cZ8SxOfg<#5!<5sCH($WRGq2CxbxhqF8`=2~qCrrYN*>>*%?GL{j{|DIT!` zkc5}oqMDNbx&{t1dx@@5SeSsXe>{`Ss=eVSj)Nq#!+_4^AsC10sL1*Qhj73x9i z1P3{&2mSsl?A9Z*`c$VdC=<0)K~q|z2~-zd`-7b-y6pIM$F{^NP3-eoF-G##s}u@7 z#j`}^zB3mL3a-f4jlh}lq%Kod9c|#)by!~w^JxG;LrC8jG*QV-CFEB)9K6gXD2M~MK05Cwd9KyEx@X zLO}@WEM-2iFGEyKr(aS>AE5ASs6c@`CKSmT#PkL(5PNexNyHwFL?A%&*Z>7Us6B|X zHECZ{l`ykMiDCh*t2RSA4jovy)+0nQU(M)h4!y;|J_4s4%pofrp)yVrpC=Rz!6RUk zBK`*8ZwABQ??aQG<`M8=Bt|4AK}YXk1#5R?JXHrE?t8K_0DqGZMcuz~I2-(3R8|~d zz5uK!%G|yb6|zCPk}i^OQ4Yh7#<27EJk{d8U2a#G+ZE*=fqy_MHt9pP36N+P3FFEv zDPM95BQ_;;p#()hA_OK&$M|=^BRSjA2e^nsNuljc(KFVM3G>G5LL*eIM)Z^}M4x z>Ev4b(`~@KNY!13VHHv{K{vv>$vjbL)2vBZ-tI;;WWdB~o!&&zKv0zMQWE`}Og6zv zN%Y@jvH{NYLWK>mrWxxt!JE$KO%P|5*T$T<{SIPvAS&D}yvH|TV;ecebnU8u^NNhh|sq|AX4YC<(*Qowic^#8eY9dO3yqBp9j|05Y&9nCXi z=#?2UoAA%&giqfK#-WKaz&a*W2V|0R)1LAM&w-B@(1@omqfTa9DOHr;AOTQutCkgRLfb-6&4%(^y)ZP;3EcpDm9 z-E?QxRvX3k&7dowZ`%&K0@WQELRVniq9t?%mTj9tSD@OaEi{itZU~R123TbfO)aL{ z@K)5C^*OW?d}FKV@%ftyljur-F5Ba?)F!&p)ar&?Z7V%=QCcvR*1%kCDXlTW+OSQY z$e2)T-1hr@$q-6?bvS<;`=qK?1vEB&ih=?ugXVL#{ZKnEuBB7I6}Zqaw7*KQI78FrcF17QF;!QA6oOi zmxF3KB9v8o<@2o2RED=SaF!6`eWOZimxq7rV;}()sL&YeEyDrwAr;HQho!_GlG!#L ztut_IZ0W9^N!JKb**?k2!@H|JT@gcr4P8vhf?oAFL+JVz% z`?n0}7IfYW*oF#k3cwN%8PIx#V6fZ7Pih53*BU!`p7Ta>)xNEd)Jm96n)04oS^Ya( zB~!CzwnAoDx3g$v@Cuh)=NDa?TW!^m>6-{%LmUc8&>jx@{m-46wOL_sEYZdSn_DN= zSxPIGQO7;6w~>(+xb;I((#oZ9l$DpnHSxEzE{;q4Q~)ix3S0Ltt{?UilA8{&-vUCx z9M9$+IJ4iXBLEl#a%~ukq3OtS>Ro_Y9Kz)|m5#DRk-X*+HPv@Y{{D}6*STD`JVQ>W z`M@x9%Zf}U5D=sS7Blx9or+Gf(DB7-_pAfbn|J~-*e_&$sg6uq5H11K_xIXxOMF&& z|7nh1u`>H@_n77{NJr7NYYqni7Saxe6*{V!7HURhT~dSXu5_1Lly@FuR7=4v&!|_x z-|~rdV@%sUziy27PENBMW8d1@c4Lg&J?UJ~BBtB2 z1Fm6+)ecE6jMB|Y-}KP|^0w-ZG^lsL4Wv;AAW8}C0H0!c->Xda0?2d<9tnXiBsN35 z1Ew$xWx5sV$ePBGlPSnkTHBfTOnquL1EZFke_A#rZ6pVd=+ zoA}1OluCiFAisd^R*GltQsO2GXb$B)dJhNB&~rH1&1t<=gV{s}&LRCn=@Yq@i9eKQ;)T9{)G<#@1RzQ?ne@c|Q0@i+ zW>WqFBI*{VQS*IVj;IEQnLGO%%IDRHoMO7arod|?tt;qnAg$|gIfeGlGj|*2oX7Pc z`h`ksJDE7WN-}u2OBIlv*sV$zU}3xcVSWZ|!^8ZHX4k2oxkB(XVzG9Y-MCK-EPyj$ z1$33S!7GtsUov0NIE>1n9bO%-2C}sah$GvVaBbAiX}O;|BWUysr!2T71^QP1YIRE$ zxP!K9%&T=UgMPbh&xx4ZkAH48xE&ErN00s*oUjdADtThR8Bc7HhSdhJ2Ha6Y%U6<7 zphTFq#N{mymPM~U{P?-kuDb2DJ^Zyj=zH>iy=U!rsYOh?-khFi)-cN<-eAq2QadTT zg>}&lZ^gy6sre+=CPV+}`5rhveQ{wN^M&F_W!^&ja@`^oo{V$Pm5?{`l4(k(Q1~jw zMcv+;W6G>&-hJu}EjVaJoZ-L(|Ia&L6nqfB;*TK!ml&ejaTt>Yad4(48XI?(-?)6{c zAEa;^kty%WB~p&_jD#?nfjNS)l%Z;7c9a)7jO1=#W>}aY04YhL06g3Oi=cV4oo<6h zh+W&+M93{QO@BzHQ$%$;(!4Nv<8)V9;9x_(v^)^;Dq$JLMRqJt5t^y z;x`CIy6b5Yv5w9t3ikR}a@&fjlqs?U{;%9LPXu%Ypkbp%9P(|nh6y-#)(qFJCZ%(s zr%%r>&fcEBI064WdvgJf&QHNFC;tRLpIn?geJcOFLQCy;Af&Jf^|PYvES;?84wLeh zQ)SYII-M{lKF1nvFwFEtTq%ydFozaHf&9Ru?H>?a`8Pw8)Q6h@<3#Qh{U{a5mCBjG2{o20V@l zV^|EBx=~>WWX&hw)5Dc6w|rLL|KQCCU&Ob#`b$1F_rL5M>=f^R*grgYxc~KDo{t}a zx$OMoJen zr62BMc({w<;Vy=UyBNNjyBJ)8Q1Vk=aNW23cd!5QmPQ=SwsQqk-Tj~YgVOzPd%F+! zKi$i7Nx%YLiM>&TZU9x+b1JPLGcZqYf$Hdmpp;w^#bWtub-^)3a+?Mw6h{7BZ3Pxk z%&}Hi9mB~Sj2tm8lOtvkBhp1%N5gf%1TvKXR2_X>XE6?sZ{|2e;6_w2!g4{l%;FYP z5_Dvh1(BPE8&v!(Ua`59UtF}A&k0j`9G@s^t;?xGs4l0H^W$1xP8FbQ60@G1B3%ud z_PV`ENG3hi(4KbZUoJu~ZL$*1+CyPVbkAL(B^$N?cv=kJ&t>cw%1h0kf?wSUIo`Pd z#d|u52W-HU=?{kx*v@3>YOc7LzT=73xavd#v`BPt;)vx(SyCQ~+v(xmIzx zo;EC@NG#qoiP-OQFY1*4Fpj$v!C-;5vH;Y{|GmS5qWs_AJA9D;_whV>1WqGPNsve_ zq}8%ddgR$62@s9IQ7p4F$U~n?N)oZ{nG?cgBv2FpeE>VbGAN6YFj47rk+!v@-l;Ig z0YKLzl$kbBG{X@>QsW9?6fhsg$OHcnT4x%cgrYf&e6`J!fb6tfnFAve6A>+9a)T&K zA+wIM_36FQLLFHxP=MuXWi<;kmLMjtm5!0TTUu@n<s~l?Y@UnA})+Hgvsf zVQLo;agam-qT;8#LRQQ5iJ%HG2Jj+=zKm*vy5Bp1Os9$uP!x1I>7pnQ!WKv7G+y(T z?30KkRE?flXm(1>^rL8)=#DvpA)gD{WM}vx zNrG;quC&FAIFx*-?2*4qiJyO*@?ZMSVG=Q+$lM;sYWY9d-#sYa|G$5DICzl%_wl4d zEp)hUdZaZhn{}j)C(YbL(6&Y3`6>7XE!*mv2G^lOFxh_~}gmj{*Y=nWnQ6uaoGzxZFJRs%$>%;Bki3=TIQgj}4BdkEGiU-$YNEl{DCO~i#O zlrbkNv=g+BbF=5<`f>qfS;unlN)ka#?7ToI;di&p<*=Gp$*yn=bO~_zas*VFOGoP&?|Qd-1<0ZKx)uQk&uxDlXb{?Vx66TRCgh~i zep6x8EOPEX7KXYusd&9xwd&57i263%c3|#rv8Zc{iUBRi7*~dU*V2&lP1(ZIkb~Di zP?qplHlo=@F}XG#>#O^;^L$#kQ9D2BjxIOX+z4pz&-HCHy3Xsf%adX5>ML`L5kuN} z75Y4Zp>osI`+ePnjtWejyiH>^71vQy@yqzj_hZyRic!! z*R@2vB(v>p9Wr1I7Kc1$H{neMRtD?ql2*muy_Kk{%W-?Ra;h}8wPzy@^5@=%gjz}X zpzk~iS)Jbaj%3qnLU)~#sWxl!orZ$^1`<@m32j)PnxPMIyY)?5%|a%A zic&b5wOg%kt_Prf^^AF#^k9s8bOQa}^+0@S&oG}S#(k0^?$4=YDLh^FAY+K~wklbIz#a2&QONKP6pQa26@%UGv_30x zNvsmCxya2f)^%f9#3T|8;*ck-mK6I7==H!1>1YLtV6aU4O>~pFMA_LP&Rchzl&t7S zxzlugf^p1x*f9WuUmB$LLWGam{50m>7~xDaue~ZXD$w}F5&*F z`GS%Vy~q}}3pwe)_dv})?^VM1FbQ&-( z-y%8zg_56Jt!WbZK+RHd2cRh2DYja}?P%xh zACOK9C>7%;f?k#Hd-%P(zq}uD6pSQ{Q8JNb9~TNfX?>%p^QAYV8=BT|J;X)%n2 zl42-Ksc$lRzXvdmQ4~B*Uv=bgf0U$UcoodgPh|biE&b2u);FJ9t#2q|Kbe-ue)-ki z)1zd9KE$U{fId8KO9bsF?__n!HS5%t=6q3Ea;&JT7aDIAhnPQZ3`o{*KY7;y?M_>a zr?U&M)84a}4)I-fmgxZ5U$15Qf7xAfq?0HR1(lb_Hx-Cm_cx8==s9&57va06dOPZkRV;Pl^L_r6%CGfvogE>@TWD|rU^|9T_Q6R?u zGe99jIe37neG2N>JB!W{~fIwhE@|$y87<^pj-NRT>3T;SQ9voAAM=A6e}l?0)S^(A>*nJQbEDL4$#42Exw(vO5eP93&6bfgXd&I#q}QqnKOle!r) zK69)OCB`wKd~6H?TN36P(O4b(nPh-D*{ZvwLL?S$oPXD9eIw75hTj7xY;P1J-xK}I ze(k?Y=g7%#36#4uQCW{%+dh)CR*igF0jdLV#CLZdKkN6OJ*g^qncgAmoksjE3{9=) z{r>YOPg?gMjQ<6m+VfwrP21$q*LrH=KX-R`3h|#i{r=&@`R~0vmFK_KQLlZVJEKV? z^NM#d>2XA4 ze|v+6{2%x8SQ&qYEnp5=Q~$54WP+qa@hg>*LV18CG#tugNyA=mvFs|2=w7i!S8&CG zM3@sHg*|09w=bEwBrH~$Aa zrTM?}kpK05o|W_eVV?fspY`Yenv=gt{;%Ca{^ya;#;=cFo#a*2FFh~s>se3!M`V*NVEz7Yr>Osl;t%rw9-iOB{!jVced(V1 zV?OK6|7y$gDjaq5zkgVa|JdIj^dIK`eLO|Q##}roXP_A7A$ZpBKU2|){~vpA+TAve zEDV3=uc)TeC(ALZ#al;neP*^02}D8?#uUjAq#aG{_qRU>1%Lz> zEtX{`=@CC9G6@t4K%r1TZMnj{2hZE>=j$c;<3DrP|5U@l#oL&-{&&0Eb^ovR{{J9P z{a~YmUPu;D$nbh^Hi8{CgvHR}c;VD!R?r8hF^Mbhb7!RT>zZ@X?9b9msa!_69+h7f z{zjGeg_BYFgW*|J0dKeymA~ZPLzNLw9z*4~=9`C{|GDdbsx{=|ZOoPbcdPP$cWZaO z{vYHK)B6%<_e4$Z@3cRPq6@K*uZo`lX^=1Oapcn;*g92__OsT17e{iByvRa7pgnP3 zr%CE~#2L|q76pVXp}&cLN?$MNB>#FrC-URB9W_S)@s zOQj7>*6aD3K8@>N8(lVR{jEbxU3M#OFlYUDI_+BghwZKP`Ts#460_fA@}(YJb}bUe z`JZjK?RKnE*pM0pk|-OFN}=Xe#(gf~TOb`mFyLJnMlw+cd}@?p4Kp(q zwdCubzIMbUo1CUDJhn!WV0=b)Fm2mx7%exoU@=dOnyz?tb!E0G09?h67lq;g)5_u? zB0g_*+nwjFcDL2p>3-?#be#dY6kyyq99kE2aup>$?^zBM*Q}OftcpZ2q1QCa>yWZ_Vy3c*06 z0ToPH{!5aS4T#|RB*8EU0lScG#R(N{;9Usv^#-2^1g|ejESZ);NT(a66b(8HhQRBe z_&%7FL+6$AdB{9cDyxYLha`kP)fIdiLVr@I$c<3FI`arR+^P&1VpB75=s}nTK@G*T zEC^H(*AkY*_Z4!Oi9_99Nd!qkC5E~U14s`({Mp!uk*cE9kdLMa;2EEBFIA}}R2B)d zB?D3qzTQ}tEF*?L&Jj5kyM`c)IElXC1f1cIK1Ha=MyT52ao-k=CiE&{82lV}eaUmU zg&=ww1$hWjfGa6cL_7JUH{}(T#tgc6GpIP?Vn>~TfR+Ez1Wf_cWqPK`dL!F(uqC^p zSut`lHV%%J{8dWwK|-U^qIeHZ2B%S~qJuO*P6@8dcO%SkI=vq$8TNpWh_f>o>^JyKg zP*tViX;uYDZFVc)SHsMv0bS8lWBPgKIjWg_y6u_GuXd)J+qm_7Klgsw>2|kw#C&^H z$Ro@nDLqs2hvNXAbG1B@M&clt#Vr|61Bh8EZ>~x>RmrK|P>n3=MOH%@GvF>x9Bz#| z4C2Unnv+IRz~{BQTB?}Z%&iEc<96M4eFrP=EMA<+2)$#wx>Xoqd#k(N{94wAR<_{g zq)11pVx;hgf^?ti9DXYM9#R{S1|DQ6Z*t)7fUqD-XfgILqpLh8`iSO8h;o027nGw^ ztWuAi48tg)o6x5o5r3zcCK0m)_Y+13I`g^^r9&p}RP;Lm>HU z7^N;81U%Y=I7=0imCXx$Fvn}&GH#M?Vgq z!NN%B=QB?*nK>r-wG3Tf(U#Su>MIYW{_1M|pB~rzZ}YrWA84IpvWjP^mf*^47?x|k z34@9J%;Z>cn$~AIjf_duGGC#qwCy>)O47VT)3B@c=`NTh>3pOv=tLtWe%>20sFPL5 zh~B@J1l&vrMgbSoJSQ4Q_1CJg4N9x2gw$alpIVz%gzH+}t>g8X^Ig3T}FHV_9<>QLDhwF~J_Z!NKR- zH|bUjN?vz!n?^&2MuA zYNg&R(KDs2O`>3-xh=Jw2b2@Fmm5}`W8!&H7N)mvpOdA!ES>*mw`P>QWgGH#AsniC zmN2pek6TMDA4k(mNhiMKqFSiyjab}iDDplm-~C&*9A`n$v}%EcUXc0oS*j}#GN4r3 zZ#@&jR$7RoB}ohj_-rtsi8yrU!q%oZHZl%z#5qGX9$sIeaIz^EzRnv}me>q=?O98$ zbKQMY@Nx~g$Ia`^aRX5NRAVSV0)CPo%U>$G!~)Sg z*}VZb=coc!p$c4{ah7{h>B5sIZmxhh#6|N|R(NXM6&f8&;{d8Ps&|X-wBBHwGbwt? zsJl=Ayu%n2%0+Gt!z1H8^!6cOJcZ`3I=FNB?UUJ^s;_SMX#rmb7HcAyl4jQ!!UZsL z!JGp%OvR*!Q3_AwsmrYP^eL9BX@v8ZC9b8Gt|1HAXW1R?;w=`hxf%olcbq`A0jF79 zWVm(5goU@!`HC*Ryy((&fC5UsG9CZ_qLT^EyF?76&k%)<0ch8U3chg{vP6JMO8 zmHmkqjmISPd+@>5#ajBN5-GstBl}Mi-33WjhRgmYG%K546YXDvXbTF3f<)yM=L8BS zg+B24{|@&*(q9MZHb36=8HTwnn+MLb|K8cF#Q)jqv^(qg&kyn}a>Y>Se#F`_Eyj~R z@m!LnqbO0TK3C-gyzE#Pcu8$U?tdYP!_rB{d$|eng6ppFB(K*WrV~{{k2ql!&Zz>Q zJdIwnMYEF=^OX8J-i%~vl{4j(I=NJJo8zDbhT*#Ej*T&6`KTojw0n3Ft#pK&;&&Dg z6XMg&IO2N$kiXT3IuPfIvf(JTdtf_TcEfkYqGIIBb`Sb=5G7PC_k<#LoAL@R^E^s@ z>RXrsiw=|{(LZIr;i)8I0n{kuwggeXSCZ7gvp%{NNZu}+QC2($l6VYvolQ*o5Hhbk&uQUZ)R=Xt&2<$_aD^tQ(iKdaM_&BG;jk$BmJLG|4$q}&?Iw((D|$(jO>G05 zB?%4FV4`eG1p;9NQI=|(o__QN4F+kVys11AN(({)kA-kg6A+@zV-rE`w#;~8M>#Nz zyYnZxA-Y5baee#P0sd6gAp*CYO%sUm#D5fFjftb{U z6L7>Zc?4|;yY1~?%7qg88JsUW?dRZx^a>nIq7RNJtm-)8yajga@N|Ff!kA`xfh!&y zpG-J(1P9Hr@{)8q)`CmTKpPQ8dq`C-ujKIr6wd+sQ9f5Kk0%(ow=z<){|J+X1%Sf? zg`xOqjL08Y**QFrVgsiMBZ1Mls9h!hJ7bG&CwiAVd+k&U-~fm%$l;V>Jy##Z^NYw<>$! z{ZDFzc-SI}0o{YjNbOY<_*CIhqgz%_8{gUwri{PD-5!-J16-k%=5I&MAEjkSh$ zGunz1pkB6N?JJjEe-pzy&tw1^l2-1OFQccjb!2T{3bxh6)6g1o03SZUPvB@S27mtf zH$jM@s&@AKk^MIqFr&08xDU2Fy?7IE+<^C7^wX!Q^bZ!yzL2P4L~%PI0gqrz(9M`} z8T}eP_VS(8)!68vAJWte2DiW}DDU|89I}^vR0P||#l=LT!%<}-8;KQweqkxJC1Dt0 z^%`kpVX%7G7iBF+Vlbz%7CF+o&E?t3%yC_OeOJ(WtroBHxj8f!?*hn9F+y4#V>x{m zfadOcC4Ru2Or8vt0m{cdLlXkr^gy~}jN=scA&g4p#y;$W+9TxA^YcezliAlVWF>}~ z&oahG)c=Uqg8Sfymcqgh6%vQA52vrBi1QBi;eDD=ZzN&7f_-?&f=in4Y>aQ-z`l$y zf&rf8tM{-ENAyxcJB9uE;`A)3!77Fc_e_bUx&l53&?6o8;U6SOu~%GI$X}=`N2hPy z&Z@9c8@Pn5uE^5KuXJ*f2jt(spcCeADmMiZT#<>?a`y>m-eDB-G$AZZ`TpTS?|%+n zy*-wMODFF+8B$UGIP_RNqKRNqn?h7KUns&#Y3Nh`S6xerx(8W0Y8a>e@+i&S(KL~o zhr(I+KCR1+>;s+}XRSG@Q8f;ex4E#NwHggj+FxM$+7u$2)>2+80<|{sZc7wfP*~QTu zoZC{*4BJ|_1{eqMEe&#qZ~b7Z!s9P-LUB>>^5i?xp{jhxpvfK^D;38BNkT*ua2lm2 zVdbmzLh4oC>dY7ppYW898@`(MoeiJoQcHdbT+}HpK&>h`yG*bJ^Jplm7)H7K%|#E- zj}P7*mtH5;xWq+ibduG7a^}kdSOXa6BVLyoz7N+pX)w!YF7lhL@l8(S`)}7f;(P&Yg*LXJ8jq7oTLV{FQ zET=0pU|HPGzhsYZnpy4^!==OZTg4{13KL5;>{{EjoFF~Ff&2vh8lxYy_xARzyy-l+ zrta8c4NfsBHplOmV*C<{ndY^idrB`+FzXZVA{q={u`x?~(7wCWv9kSN8u>S>famW2 zwfMh#o%R0zFwgh2|4VO;)ouS8-uJ)zH>-aCBRBtI($;(bdhh>>?ETFiaNl_A$7dz` ze}%fLLcl!x-|p5{#s8zdKL0<^vm*PiigEq@cz7&!ef^`_(f*Z;-4NCylU`Ap=S=NK zyGH$CpF8k>(?5P@I)HiSzwIjj@9ylb?SCKUL3d^)@Z^y$di%2@VQ4q#G>Wlo{z7{p zA7tt1HHmY-Xzh5d0ukt9oAAgCKR>0}Y7qM(#Dm$~QRHQ4^P}4|0!4fjFF8%8)UY#7 z6Ul{4d|dq+7KaoQ&aa}xuRzkT4M;=`5#^i=sep+Gh5^_=^WM+gZU$c<)ciSb5kYHDry#EoEg8q%3Z9!~_syTAfnSs#p|Lgef$uGKHu+i3Z<+K(JuFhL9^L3g}^Q zZ=XRaCUg>aEB`SV+l$rYu@c3$;5lN3qJ5;bNHFYGc!VG>)xw;P{!KS zt~$(|21AowPxoBp@ypfYcaBOql@e;l##Uw#PIy-;! z|NY;`vp47On!tShS*&Ch`t%F92Za_CY()hNBte%`9!E)P!_POi0J&m#cuD*7jlI|2 zZR6je4?o{b?dNrX7}{X(Z`o>-oE>Idi?J9H|M`j>9G4Y zrk?vU;^`?((TBMNO%4hD3{RT+5wP%rCVr9V-hK+U;`VkkTCYw{e?2~L9DWSGTfE(X zbBbZ;JtIxN(PG!_Y_$?yM2%F*t*SM>{f~De1OtuRO!%y7#>93TCw2plGITuGV=-ju zDC=X!e+5|o-)*5d%v+uI^ItmBKb>(1qbubAPJ&4u%6}7hidg^?77k@PWt9p~rK=lc zX@)7^)KJeD)q|tgC#TEv5@URbKW5>gJY!}(J+RxI=bgrZt-s^c%MzBNh(f=lCjTWt z5M7<=WO&EiBLO0#vxgTYJra{X3s}mkj$*|3>z-q$$M59uHGVli_}zG)C*$+$&FWy* z=TVgY4-2UD&a17iBnuDtX%vcL4M4=#_nam@<^7+Jix6?nl4!t!io>bAc089^{!|9@ zyg)THvVJ!5tbC`()ZV8+RKkfQ3rn~Eq?qB}+&yYNhj$ge0=Y91PO|4hc#S$ppJ00btp@%bgrNKp3E?TWt zvMRbN~;UD(jz>k0jl*Z5zze8#q($)gQf11EhaYt}u-qIr` zcwIqew*smI3N>7>=udKG)nt^$#ab+v!g$%tXF8upHbHoou;CE%->MT|Lz#LElhSm; zhhpKB?~PudMe|wYpOmkY;6oYRVi0w7+d8ZTD|vG&m}T{xPlsHZ(|Xl>0E{mikWY$C z^ef|@_|V6wlhtTBMQ^cKQP+ezlP)ChUxqql&F_~+W|6`|Gj48INsm={(8M>+BQrIa^I zJHRaNFIBCnZ2}S+2h1b92OYE!Fe6f7EUH%}AKj(#yk|$?88yF!3-BEV3Rdnx+@N`% z=06N2NgP9Crz#dI&k`BN6aD*`2f7b1q$$^KsMN>spfU3@q$Fq&^fnhvWqwmJP^ zzH*|4O726NdYVNk)>bK8$>O;jYV*l+CSEj2`J!l*lQ_zm%Fph`F#&)i!`fIocniH> z3ZtpNC}3)QodFBze#7{+>gF6ZQ2OFwF06*jiyAN-Tmiv}NjloE51o$EUaNUQC-W;_ z(24c^oPqw6pB0?{<^~C#bN<`zbSme+t*v%CYSxYxOPTcJHdis_S9fe4aRx~=Ue46MbvHwQbyXH{I=4$I<-lT{ zQG&yC-?G*eLv};pfa^lDVLzTy=y6E_ay6oP%Af*u#^JH7^4M<3zi-ALZ;m~FYbQP> z))e8&=Q^0FqNb~u89GYOP?XGJBPGInI;XIj(x;6mmzpMs|>K-99;c2fz>NP z)xTjt^`(QU-%B9%sX^4I2T;FN@bu|{)0={(PY;+rBUt*JKg5DeeeNOQ6A35;(`oU)f^1tROQyqZj$p7uV?cJ*X&-UKdTK<2C zXNLY~R-m`Pl(J?O@`1i^7Q4F|3a6ewB~GF=@}i&z?+(w@yObnDnx2_O%SxL&hEj88 zGUi*ae|JQKv6N31rLlSIe`l{6|Es&Zy^jC*AkPMzku;@Ahz415Uga^RpRvFfa%4=r z3o@kKwUi=>XEBmF@DU9H7zR;a3TZ4HZbCu>lCn#RqO$Rxgub-_Asxz;YER;X4%ioQ zC=$ZyPfuNV69yBALaZrJf|w={u#mczd-V3>+cZk3wE>6GcpQcB+u>XAS;8%M$kG=6 zE77;y{=btJ{;OY%hAr`r{*zyZtpZS=co$g=0~SzjJ#+b0Y&~=PDQ{Rk*0NO8N#*hK zt*0KJTd)7~|8Hk+cfI}}YHZM%DaKGD8R zY&>-Nh|$2uO}9_{A#JI`4wiLTIEa!lk~sGq)FHJf#UDAK%J}qDkFJJd`qR>wu zI5JIL%X;?gWi+NS8PeXfXYgMQ&S#j2@i)d((zv+)+p;z`;5A`d?P^)qX!!=$a6Bd~ zfNOZ41aNI#gX1_3$p7>YeE&8_7G7m>7GxaWQ8I>W_^&AD|1kREMdSa5Yk+HPRSKY@ z!Cx^V(Yr}3npM`u_=|f9i*cN;t!r#o{;U5h{ldSjYcrYmSwe;U2Gi%Oy(38mV4b`yF0M6-dA1p;awHB@&-#@Ul#-Pv$cGA!dP$5DWNH=-au zH$g?9GN-{c^rJ}7?I*N@7d4M@;mGep77kr0)m*V4fPjisDgPw`DI%6UNun&&+380# zpS*uXeXjg2lXN6n55+k^lc-*z1`=tK8920*vyNdyTAtHcVNgp{jD+=1EFDb1rvnyJ zFk`DC^HFn(;JDk^f--=CYX}%e*dP8Z!6v@123dep<{m1eK1nEKoceXp=Q9W-2OV9~ zBw@ZB4%tRdSO}kS1^$qP(5JeBFQnB8+WZJAGR#I?%|B4O{hX1B%OXThjX`1aqu5*x zJ1i~3S==MvXtd#$R_&UF@DXu#27|rl+dCcmMu1W`dIE=ljaiDn#&j&9Z?|7FSq^ur z^2hFu_$c|&8FsEur9-i3o2rcscPl|T3B5`fUQ**;ClTev(5#%(lszf$#9XTWmL<$e zgSrq~srZDsa^zh(vSr{n0|Mx4`B7H_Ri_c2o~}lSIBiW3^I8Q=jG6LHNLG4oG}A3o zT*)5*&wrSW-B*%PLVcE?tfho1v3Mol6_i?}(I|KJeu%K-1h*t1HbPqgEmp;Xdz@`$ zBbpm5<>pW3G(Y!#+39w-choeiyF%&qh2^#MEhkdJGI&ixr&d0z(~SG>#AK$M0M@2B zAEbq*IF|-WQ(IEYiAlwa4KWu1@_8fNn)p*jT(f(&y=fQG*X*8sD32y5^1J?+E3QP1 zn@xKh`Qm3`0kT(`!A#1UJ%d;F(ARaXZaIR|hv(!|?LKvkk90WYtgjnf; zF$PE)AwE*+t6Q#Ud;1i!Frhq-Le4G~CC&-fR~nO?1l31V$jV7l1C-Zu_=yc*5@i@m zy{5EJql%J$5wtKEUc=iQYvZtJv8weNm$5w8kahgp&cDOhS-E>#dI z#^F;#ef3$^{bV&YF;aSrS1iU!hLLdSkSB;GqjmI?fjp1pUD*R*&t)s^FM2?4LsUI*% zqOm%npsy6_?M0)g?a1v<2T>42S7I2oPnBhT`t%7639OMQs^?(NO_Qj#-jmkP`dL5g UXZh#<1pom5|B{-vkN}1Q0ABw`_5c6? diff --git a/assets/stackstate/stackstate-k8s-agent-1.0.70.tgz b/assets/stackstate/stackstate-k8s-agent-1.0.70.tgz deleted file mode 100644 index ac0fe12083d5cc7ccd6c9a9789a2b6a69cebc932..0000000000000000000000000000000000000000 GIT binary patch literal 0 HcmV?d00001 literal 33333 zcmV*4Ky|+#iwG0|00000|0w_~VMtOiV@ORlOnEsqVl!4SWK%V1T2nbTPgYhoO;>Dc zVQyr3R8em|NM&qo0POvJf7>?FC=6f!R-Xco(tVm_B}(#3oa)~0xn0L?eI>DdEGK*R zbaNDlge0sff(1Z3+9c<*-#@&OAPI_;EIVmy?r&3>1ZD=nU@*YEfN|(wF%CKEUOi`B zI71Qd9nB%--V!dt|JugW@Av!9_V(m|`~80Lzk}U_gZ~=r9rSnl{heq1o&V|&_6NHM z{{{M6!Cvzuj6?cg{afQIHtu)wz$hXda!evNYysdy4ns2Ye8_o-JWP5%q8v{#3Wgwt zlt+j(rpB@@)WMwDR^4Z(MR|6$+_zW4gw{&&ve z6om*fq%pYowgqGS*1)^oX~8&7|J)I<2dx0bC<;*IW5kB7E`TA1YzXF@$G;#LAbJx0 z8~L2jf1t^nkgFB|3ZE#^oy#I!tjn|jpeQB`b3&IxFvTGn_Ih5=7t@FJDypO{?t6Xj zxuA$5A9B&boF=FhAm&pXb6MsW6fS^-2d0DqK1Zd#^;&acC}hK4Z-)6inRq@~^kmVu zm~q&%`b+f{_62-XiNYICRZJM7K8d)1T!1l0;i9V>w}6ZzD!@)c)N@Lakj#k3u4k<) zw7elSkR84tk?1ZQ&01YRCJfPQIKd(2%U0JK)Ybyxh(jD9DyyLd#NiN-nEk(5Awgd{ zK%=bg3Jys-f8h1KgMRBvPronztdRd9@vpXmqelMsclVx^F?}z2Rq&V{^g)Q?0-M( z_r2ZkcLxW1-w*cw+8+%2{r1B&uY8>I{~Cq~Vp~%HSI_@vdxK|#;{4w|*ngP+_whV( zJ*`LJXF0_}a1ALIOFRRQTJEx~Sx6=@6xt*Dz$rYAuElQv9s%{mGp{`oqX=}n;8?r> z@-Gx!V@je0inxV~6QINnz!4`PCIRy#Oi^bDK7Ou1z>rT7&rs;U8zTYN7y=01k7T{~ zfK0@9g<8SV$WzpK0cYqu2}4zd3Ebvq5BL-XDB>7~3`7V8D3EHL(66L!17vkT(F`+A zmjY1{;1K-!&WZ5Ig5B+cpXKLp2?8|55z3(!IO8M?aWqr#Sq_s0Nj9(bNG=0s*N9Ra zAOSu7Ei_Q^5s<0;E!9D|^2p~YNAnA-PLo*bBtT7jgPSZ6REyWU^ zpD<1qBjR5neh&FukajZ7cMV|jGl<3afFK4U!odP^e=Z9KXbO{1?Wc||PP%6uaAfKR zfKc#4)TbT5k~j{R00M>8hO36UNR8ywhHdzTFn&&n?`#2PAcRTe&&8-xvH%doA@q^p z1&Tl~78NlA3z9@)Su>DCSGio9F{SBGDAj5~|8r(l1{(0%tLbMsqyXauyZ&1jdUp zkuYA=5}B3;hv%=sf&@v33OMAB8-NJ$8$z!xDfF#5nqkX-UjwnO2)L@bl8BfRPJ9xc zL@Y+W-2aydDVJG;7*kn{fT``IMCkUpz9<&RvC9>XM=X2`Lma3vl}jKOQc)BKcnTN_ zr-0#EgaV)slzhk$1CSyiIs-vR2~frYMSL%l2?`Ovd^LKDD4s4ID3>GwH!za#L=|wQ z>Hr=xu|H8H=q_-l)_X~`1M_} z6Jm;q6iOjv>{MtQ-7YxSFM%)KN}*)U61{YlYAQuU2u-=3sm?U(Afm7E0&}L`0<{d9 zKLA+Z2rrUF_M#|qB}lIb&68j}UEA~HM3Dbl{RxiF-vEjjNvMxNC@aXeEFg{)0iK1= zj}y6FUbJsV!~!jd(u52h`b~3ERD~gE51#j5Uz9a*K?b& zpOc=oxUjzK_Ep!}%Da|$IeBO8qKf2a_4Ir(8!U6OC}{l=GUV7Kn<5!$_JL$}lI1i< ztV0clV%Y>Q^iH8j35TXK4lOAm^!r8W`-SZHZ5tT@Fn zn@>eV3Z`Z7UZ=-JH3&m8dnI)Uu@A$JRFcSaYRGvcwtixF$`J2}t_i^e`d3noo$Hee zp@`)PG+bc*9*TyYoc?syYMEJ~<~GZQKFld6wSAF7@Ki-3*BtW9A-xW&rB`E2ubpDb zy*lpXjE-WBA=ur78XRG<^>~3o zxEvv$M1ee5eeZZ*Pm`n45DfM=p({odlfb4Z_okkfT=7k*V2Lk;eSWNpFY9S3))<1p zCe(1eKqTRIr{rJNQ<5(~1pBG&!>F3Elj8a;x%VfT6=3#szA?1bE=Z6 zTTQA0WsPT5B{dsPs{$Qs&Z|mlHlA1ode)d(m9&(nmi*+>N-IcPOB>DWp(zxvRXwXp zJCw{aMU=+PQ!|e`fsX(TIieBdnc>IMIkeHIuFG@na&3LiRe^4yEw|nS#Wvgxs4Q%W z;+14NHb{HBJ8u)F#@S6UI|>n2<++h{A^WPA$pB{WE=rrCKE&>#1RALOYT6T1}2bzcCYZ0YAKn;5Edd zSeS-j(C-(i6u(9&l-`|!M!`!UgcD?3hDZP)V|XSPIYE_OL%9m&A#xHTnlaX8`sZq} zRyCIm4^F2-^Oya2Xnr%qIgVykAWa=ZrDhfA`y?^ir-O&}_cdk+&{YZtk%1gjhLkD#y>V`$ei`VnZ$g$s~eZ;DNr_FQ|YFcaD5Kba4N`=hH zqWK~j1C<;AjVD&BN#?zvRBNyXB$~_AhEjW9nSw*G^Sl`yk#c%rjVVbh)YD>$4#BRI zEeg~a&9o6Erf>}vy4Vox?zCFI(gIT9;*&7UdllIwyzH}gmFgeI*CFADwGD4V!fV7S_M6hM(50)1(D2rz;!+)G*gIf-#sMB@qwqxROCmrf##=`0 zw&+4FfbtZ9=T*kT^OGWd8k1PBn^Q+(5)!3nH0UI5idXlNfoOG;_$Z^!Ob@2pxm5(( zHEPds@?^^JKy`poHLUKloi!-Z1&`#s>UO238A3WsX<^#svM_Ke{Lb*Es(wT$lFm#_ zdou-?af&AiM`BkB0wle9Q2=fTy%OuGrq?E-XdrFe5~W`qvP(E)ng6@ix;Qair`RxE zyXBT&?B^32DKB^{y3jhsdGrXJa4?5VIc^i7zY7LuoF+a`XsUHSdIW4rtk(ei&7d9p zeVA?Mw4-WFf{x|C-H{qd2O#cyHVgp%CgBSZf8%gA_`86i#>jjDSdp2rv!Y2hR#(zR z@~w3t+R=!1{_bqb&fkZwTD!W|ZdNNR_76yjLYi#U{RVOC65PlscH3G>G5LL*eIM)Z>Cufng7z_$7^Q693zasGhvJ{? zofx)Uk^hhg4duV~TaMsjDF1D(&+C>VU1WG$Z@&fCZ@~5?qV9tCGbGLlV1IVZg6#9U zQz5Il_I${yHlGw0pZcAaTLg%y_^u|qCJd@^;K0$SD_N#HP+N(8>GW;41Lsu_|vqoAtkGR3mQ@v z;U+YwljYYi&KBjg`YmWcQ4kZ{Yz&W0Sr42{K~@t|WNHLr3Pkoyy&=(eYWFU6C}K7u z0D_S|o)CjhgibPtT%B16#gwP|lg4w4R>mn$DIRLl+KdkiY*+%eMZ)|L;>9M^9m$Fw zcp*zGKX}BDiouEq2O;A2u$WOOwGx;(Lq11KIkalR$*Ee=1B&WfbOXyG6KmS7Lk`VY zFcX2eG3xXbtO@q?7&Ijyt9~0A(uK7V5n1V!itN=b$e<_=u@4*e#f2(ucZLPvHq0Ox zbee<>=@{waHX$~MTTp_d8I{NB4ahh#Wep8!<=dft5o9C+d6iy$($JP3ILhE^OVkh?hKO?30f#=v*O+6(I^akK zPqGd;<8wrr8T+($s{EM~mDQ~>rL1u>=YcW`)ch9uDor94Z&g04=~(A}sj^Z8I0WDK zTbUm78pf+>ON)66_~8ZQ(40@3umLDTuLM{4b4Z~t&qmB?bpSa8F(omgd?{T5GL6a* zhXSFf7j`6B^XACE$}Crgf{LTcKVZyS!AhKKurY+jgvujG#h0=#wXIiWf=W$Nu`vjX zA49O;@9(dIt3u+>n?lcuE9OuC)R@Y$V6B5cA!qW(dd0Z>9PEwbN1FLfXN$iwIYGZnz@B>K!?92%1I^yHV8z6T7_43k2NWx4d><-hmf+ z!QdH=3Py-~--pes0;@yU7gI8`mSLKz6&}H1%yTTiVp(Ua(W@t+&@o zcfS&dXj-L9k4wYZf>%$Tv}&K8G6@AIu(J18mb55y|6+|CzaF_xGUE|XA_;*B z2x8}8S59-fgk+Za-8};7pDVX2SI=e67U^Q2ZMj|B6&qqx{UNPUuQcR#Lm8%RZ-rt? z798TR0?}G~o*nPN8+7+3&mh`?(+Y@pu<5B0dKm>9OT58uPUO`?Y$)so-|tilI~SG> zB;8IO}1UUKss5PjL4;OEG76PIZ#Ga;ZPqk$wJ5+G_0`A4%tq zqDyFRc@kZMcW(#L7UnxShpvQwx5v6+~yorpF(ezwrx(dlzFhC4odu10)sXV29n+|ki?W}26clI(~3iX zTV3D!nZM?hnnQn^gsppbF0V8_HOppha1l8N{aWKxNbVCzx1SV14`xf zaq1AG^0Q+#72I*7zUrfae`|+483?Q>wcauuARo%ytsj=H@;whLnr?Z>HED3GmF+`R zyR2KEV2ocPIaZGur#PBD0Z*TvU!1)?d2tN>dG_W49G;(mm&gAEzZ_p2KYc3yyh2O8 zBNIDh;~r*_mHGoI@G^{5%}K-d_GNJDiwr)fAmrtnACE6ik1vl$;ONzx(dF?4I6ZuQ zY-l>QE+er#3ym1aA_3K^VQ%2ir#EVkudk!4CJ!cjeo3y>ML6e_T#NlM1YEx2L=PZf z$WN%)F)kKKWNrg7ao!mXGLp&VK_xSjD@6KQiX1fw4J-O+ba{C6a&&okc?{lMyfR%Q zewstAYXaT){GZNhjN6r0zyXE`; zo;}+eJly|vAJ4}Y0PSzpNVkWeZLakbgWlB)K zT?N?Fad(o3RB@r#i1JGBQSWrpgSJ?=RUynnS*m#1seK`;;!*`cr??Q5{3@kiJENnm zVgcK>@mdJPce18-TgHe9^rgDyottv`zJy!8RZCV{D#LHTN@!?w=65MP2SqkS`<+FV zlH^&ctj`Y26;%rjDmAJtmbCV}-1iD1KrPqr&xJv2ItVTMzn@)Z<7g3wkR#R`=i(o_O~I8io!HI1wLB8A z*cFb)p**S`Ba?M6Gk+F3Nu86AAscfmZP3S$>(i1;0`>`T@=v%3!6$&DKPpJq)sTyh5vx2B}US%#NO^Bz+U;3f8hr|?(I7u@RpbyB;(#iW|v4Bx91iylI zZ-S#9o3}fl-Sx%4$e$DN-OpGiFJd8Hco2gHi7+Qrx&lb+eKJ{KE{zYK=Y9A802U$? zgTYR}4c@hKLRY!&f%eCb07rh91js)0%VvV|fxFPRd$fTEK7a06B66L34L^S#u2Yl4 z8TkCUZQs*x{OQ{3z_I-I6gU)J4=v?y2u7Eq@!|Q&_~r3G^=QbG)t@M_F2z)f{7baF zKvVk;00pA9AI+uystc|9S4jFgvM!8q_X;gblw~$M`SaEB<@lGg(PcHIQ;fo(K&5=A zu4osOCCr->#&w2#gU!MuFq|H~KHeNljC?sZr%+$OZ@0+>ehAv%K6a4sq-%|Kg}GA= zY=-0T=i}4M@!R8z(aG6q9?7~a_z4Kj4dpisLm;RdpI@9E6`GJ;$k8sBAN_OWEY6m! zT`>}c@i7kgm*<4)bNxe635Y?HIc!ZP*${gh^JFW0gPRWifZLB;9u4v$Vwe_lhfRs;pDz;%9cc6oMm z_G)}`IyzT_wFbVJ5>9*)oIFF7;qlVIV-5ZlvAU--fy*xZQJ-$%$c6@Sr zd3^EquzIwc-Kww}dbjHGU+Rh8q$>J|c{ z;9kBO3GMCVrzWyopm~{0P>A^DtI=CT@w6n%bC@ni+w7;pGU1pn7fB?xXr3<<_>G8v zg}Bg?og8~{G9H~By*$1gpC4ZSvd*-uL*qEsl&6f~+bgu}fN#}}8?U zxRt?Hx8%6GxT;&R-0Ik=GS7*jPHo&8mP*k1e6aJZl?hpSIc%0KRO{12aCvm@sx5X~ zR_y{`6{`!9ZZMxWYoX;DPztvakhDR`1D`;oZAyb3N86Qk?=?wumf_p#CuT)cUww+1 zEFkHUapLO0?{>Ng&EG#;Xi`c-74qISq&=EMJ)dGC|M5gYH|P|aAugx`nijNvHb8Kt zlu{?$5Knsc_evnqlvM&S-zqByqG7bAd8$x@_Namp;!&BT3{WpCPy>lvBO1cxPG$Qv zz+AaXm}0LKU|Ir}9>~^k!;F$7E;q~^(DtURr^-|_Y}GW&rG7|ftWq-@RzfS(i!eUknN&_|%%YlHT<{rU5_SZnnJwf<;q8)Nz0FvdcL zuW^WGxoBycM2GARLv#rGD*lfsZuVgeCpeT&oJI?Pfij^TzIxTx&X5It8PrS0_*(#~HOo7zuVbBe05C@Sj~^`=dZ*3>ciW1h zi^N)92M)+3=Yw=-;@Dk0>p$Cl@K1Q~PuPTgYpiOQXXB%@)6vOcLKbXYt-z5I?+3VxiuTEZ{TsDKw z$ds!rOt0_)b8kjoqlNsrsy)A4UY?Ifmxq_5@sDqQ`sw&$JUaQ`)$(g4#yRKlh(peP zOr}#r<-KEdsLy^B3yHMDZ;67l2@@SGN3t0q4~_?4*zusm73<4oG4eG+`A_EFP!Qk` zUJk!+FNb>bTW-J~tZ;ukD;!(0t~6VP-2hFJSqTAKvYsl?%L+UKzd#jiQ>YFglehqh z!X=nc1g}_@a9fAuFqQmEr2~_h-c_Wa27Sl&x<@kSqDeWA0tTQo#sf}(*kgsQ$!;2Tkr|L@g8;ZFMf0Cd)z~`8WhCrakOQ%c(lZ1;Ic!R(VRF`Wd zO!XG#9r0RX=W}Eba{?Cd3Mse}jaVSPLR;6`5r{w3P3RXIKz?e)kg=Pf)KQ50J?qnh z4fDZyN5?&bOTvG){Q z)};u}L=?S(#F0GCr@R%VpL?r#h=t*=|-; zoyQ$X81mdV6{c{3&W!y0B<5`7gJ-+)Cti$_=@fqe?QRCl%wR?A5k)eCY>GoD(o67L z0z*8-C;%{yWi!0iKaheh%X5K4G>L%;@?pXdU}TZY2P+#dZ7J${7n!g^T`nRQ-^V(U z?TgcqC@Zz782L}U*2xr5b;hlL=yj6mgog4R&JxSYthi7t<$`!kZL@yPwhi5~KsO)L z?lom93pDC~A%N2aL9#8wADR!bMQ7SA3QFECkkXoayEcI_#Sx!^_Fq`{FRWdF_HEP{ zre?aT-#KQqMp;axYebn)v>?mnKUSq=Dvze4EvvLE+h%vY`u$d;w$z5dO0{8=nMM|i zG~0JWf>mJ!5yr8VBg(_1*KliWZHwn9TzG8WlO55Zs_rmZw~XJUiE>({(#fQH@-U7~ zXF6f&K~|tjRjgwQOCKpiS-=R+P|%$$^E8cg=6d(Q;(x|5MeY3$_b?e*K zSXu(P?SLxja)Ee4RYrYtC!6xeYA9a{K3rW_%#S)uwhw6w$ILk(4m-8jffpR!GDN9b zQv|-cR;99XfuaCWp>?WLae2y=s$>wD&7s$N!{h~cwW}?ULkY^G5_B6p1_AatXv??l z%t{CO+~dUKbEIA=mqhe|x52khME^A#lM=pe-k2kHI43MkzY9FoQ0sVI9(9W)LVfWx z8M$-z^t>To<*{ch5bCV_iMw|B6XC@dEN?6 ztASMY=demKb!ZzwJEP zkdGW>WfSOI>%G|MNcys`X3U2_6vp4AQ`9f3WrQ|RIm>yecc!7Bo3f(Z(Vs97hY&{q zQVN%1tFD-xb%0M6G30m>B4r+eVzY_4*r}?$2UC0gjIDD`{Xy)U1<&N(K3-P>F8{C%I{BxYYHRyQeC<=zf|cw|Og?Rn-hdH!I34iw)Cl@O_R@0sXDU>-N-^C1FYi z$gjbVBf`OBw21jKhe4BDWRhWV`q@N%0!f5_%OB>8-B_jh)h*@4)=Xv#y_q9EN9snf zY`>S!xvZ@P=F(`)tov#`a54pqbO2RC`#Vk(^qpFn^s9*Qxe&{b)g`!?sT1=jUcFFu zo^Ceu%`(mfIP?fZDu zdAY0*^s+G=tLxVd_+?%;xHJj<8(EGPJlx^hhkP6oK~t8F+)eZodt@Bg@9+y-X%ZAOCniV{T4@ z1f2Yt4`KOJ%L(Gpa~E;w@=eeGYwSPyt(KZql!R!4qX0*pK$Q{txjO3{w61Uz41qp*ydWX^Q87wufjA5x zhhl-vR?d>gzr}7XlNr0g4%3_`ds)KiJtK+Ar>Q~%CJ~DG5abXF#@1e1FvdSqlEf>T z+XA4}+Lev7GU&2I-FZK3buCo#nmz?nAM75g8%fvcv&ba$FPE0D|Lg|uhbQ-}CI53r zZOw7i$p8Mc;{AU+JG;*g9_0UhJeHoeY7J<3ylbx$*=iumy@v7cVi8dEm7Tk4S`Hff zVhzD3(H2i$l4?=9%8Yz> z=9|s#ChE$)%K#Run+ce?`CK_?LhjFBX-c%GVq=h1P46|c zXjfnebBwY+t8B_F+hP|0%q(cuTP_>UDie;)P|EUJvRfAHHd!}6tBB63_EZ)RM|6QB z$y7g6=%e#|4#AzhzAIJ;WFZ>XXxhiWmU~q$LT6ifKuSGTo$;ewG`mJ5M^;s0k1~K# z3J;4Rn)bY$5Ba-b%u~1%#yt7EVa#*acf{C@%dvnY$>b%;b3i#eiFzENVCty~2vg5( z!@|_#%vzGCyE>al4gIdnBG#9x{37LEt46zxTqAjWu8bo>e2X5K)*1U(8d`1awu( zfpSNc?>EW!m35&(x$>%{AeCe`NDZQ%Rd$;~f{;4WR;LLmky@WDqz+*zWr&4i{fWD+ zsau~;BIH+B9l}Q!dxjlJr1 zBpYTiP|wF(g~jJdEd`|)DRqa)XM~ib%KFsh!{wXP_eJ$3Ct=PGape9tPa!G0d0ffa z({HXM?dDmTtUWi88(juqp1LIM)sR;tWltManVh{EtTP#V$^xsBvRA{bO2TfQ70KAE zfx42fo5z)<|BEw5!?gXIa7Ocd{p+ztlSKV%^G3rA{cAEugVg-?aI*XsvMRs6c_LSy z{S;my-@ba*-k3YXr869kU~cnN26daq72IteN04_4cV)1*-O!>F_8P5m0LzQ{l}Dh3 zOeq=Vxr`|`s1=!0DoH5kQ8AC5OCab<_eML9fO(2p6e`@RT948+5jwqx$`c^_D2;=? zK{B0&a+8w7x&)l)1QgPmMWU5x1n?UK6cg$*PXU1@k>_N9;wY`Wl(51PEvvVtJTtQ2D|#}fn8-O4LdNpvnx#*bf^h|q5-lv}?Q+`G zb|jvN1Zb2q(BzqE;W<+G0cKPEwd8BJtI{(kX-a*m-bARw)|G$@~nf*VFdAB{8 z56@4uQvmaRfef@`X(sAj4|?Y$c#(3-kCIc`ML&YHbS{05v%~~(IIzvf%J;y5<#*v? zWDKhd_~A_iuOSXaM-Rc^kL7akyODu^=4T!GuhlfD)U@V4V730AJNpIszq_~lkpJmk zp7s5|QrEA7kNO|S{j2DOS?vgwpAeSQl0sVYVru9eb&um;H~;h5L$Uy%bv!_8=Kt=& zvz_An-x=&Y%>Vm%WIV2z78i)Eh@cEZeUCskgD&hNu+0O6+;U@0YtB6gh@5)?O+u6l z-qE+M$_Sp^Az&AvYZP&&LWW6z)UTKX>W3B~%*qU)N5e~HBeO$})tj1IhU-V~wGJ=V zkkgi`>xU{4q{O8zkroK^rmilEf|%flr&ZGzbv0wbV~nGStIfL~LcB=9xWBFovl3h_ zB&OrUb$$J3T`j{dza@mjv~vD!DZMtL6U|;TnJT#}^H0bhH)79Vc5H-ZhysWfBw~WX z>|N@<&1{O4BXF*yoJrFpWV(fA-iL9_O8j4Jtwn@xY4)bBr)*+PAhBCZxQ;vW~VmUTdz6)Hwyr+ng2WeXO8&4-G}*qAJ29o zb_>4O_dT5rg;sVL7~`?pdC6QeL-0ug#S!LX#l}PZLLG)%c1gWo($%XSd5SPVMX)T*!Ic{!g|-64^0qXRW_lqPMtLN2}QX+%*DUugF|89Th;r#bro^3|< ze_<`anAP2Z?zYI(C60uGtq|SP?Cyv?`?7ZTyvfRL`=2Cu|L#Nfo$-c$@R)s@kv0z6 zU#+%n?tI!1N>lICwF8R2crt>j5ZJ9HA}9_2icAFMvg@WIC_{M2MPNw!W91^a>)7lq zH)Lg8_MbDqLgUb5ds45CJ#OZilc;j7pidS38lk<&IxTW zGF$#lsF_amP1v%d_N?!Qe>|K&U$gOO>cY1?0H_$OK*?JK~2MH ztIdG-N^WW&TbJOR70=1f&Y0g@8^Z3VYm}wUClod7m@3m;^Nw)}`n7JGu`8}?io0E} ze)VzW_Z5I`_w$`cVB5&cz-e2mBQZZy(Y8I=70 z2D=aUKi;bOeEc>8}t4Km}hdyxSaI>&hq0FS`SWP(D(fls0c`5a$k zzN|dw$+CJ`$-L4OUyd9!H|c4QOwRH}V{12>|7)HB)t>(x42t%@{?5bs@4Y;CJO5W6 z6@5)&V5|9HRyFJvhe50RtBHc;kTh$||IL!WG|2zi-z%N}^ba2LKi$i-?)=|4N6eR- z+=jN8k_Cr2l>BQFdx#|)rH*TJ&f{??lRl2sG0^w@=Y9QgMq@w!vEP!P{179{skRFe zsICO-fGs0`tgh=Cfvt31ld@WT|2y0nOzl(88 z1f|JyXnZMc-*Bn_xrPID!FViY#Mo*_Oaj?ftDx>a2|+d{Utr6~6CA9>ZGYb~>NH?^ zbq`b&dju}$2#m)um_%AY^Q(_H^c^Ym_8|9iIctaSb}7(Cej@8wxn|10DOk~}eL zeDBWMJC=J^6^)VbcD|XpR=P`nv0Ome04qiRdyRkk8UruO@aFAyf(#x<)k){&I<9BU6a}KLky#!i=yiv3ZYh68L{#DL59*9 z#kQB*w-(!8l|83OXGQ9qKU^xAw#jAE29Kl$i~?{oM-fPv(2|{-%VrI1l$WKQOU%;F zZ7((sC$13SUpjDjMd+|Ic(_oaGVahd<@NMffyACN>tnixG{h5iT#yN&x;EiSPgUtv z)^XylRJt}!e%1&?)68e9)wY#9>5j~-iV?kC&}4@7K0-7zY+pfq=A1CahpqT>rG6_ho$wm z*!GpKGOW6O>`RZi{cJSo9{e!aq*ZxEN-@QBq{a=iCWiGR=_w(Mw(6pa3go(CBO-DQ3?gPc0Q9Ei zCrlat2j=r%2;-;7u;^U`fy8+Ndkm$`CGh3c%FY!pD_xX%ZQj5#mviI`zr^ zQcIDWIfr;uos|7GAn>&OV(ANyY}Zs zbgK?@5vsm4CbHS2ko76?%acJYS^=g_Xh+;HR7QM_y1f`Ob`uow+b?TJW6FB|jFKcS zj;?&k>XyFB^zIEaV>_K68g8aQUdn83|JQu~ACmwkoG>4Th;H%z-~P_Qpk)6$*njZ< zzn4es|0@|@jQ7ZgA&zFpZg+sTVF{tJr^bS|K0bJhD91hw&q;8Yvd-E^3Ek@$Hat!+ zTOg&rrOujpiq#2+^35zBbF48VjipfQ-YsD7HRMa2_vA`HDlPWA4BB^=JXql9Fbv5J z3i2*eewifZWsEeKuS4y=NahrECvw%i8z;ZEA1 z!MfTYMvIa#L_wP9b_jlL`*G6lfVQg9e&?*9$QXhP^jm@$XNOUs(5_&H-0ts=_#wA7 z-8x%1q2Dog;LY- zPGSA;KifZeSpVj!Ye;gvy{(*&I)~cFG9Q6eb}*3<|KLBn(?qraTZdDHlm}$PS~W zP>+@|8iLme20*Qhc$&tGM^G>kCs?jWcD6oV*RplX@ zn(eYzdq6L{zX58YDvJ#L~KNQ1-k6XkuU@2zUthXFb@n@?f5N z>-k{knfh~OT6A4(ja27_Gtq}U=eK>4vi#lGzMLv#wI4w`u(}3(r3leQcY-((+b_?s}Px+R4ag4$v$BXpnT}*??X~OJa_Tb$p1JA z!%akf?x~UgyE{9j^Z(tQhyDM(Jo5feeT;03-beB%A%wGy=n9(z(jvlfbr6tQByqoHxpPteypJX6X4{(8Ht>_r&6}_oAn~>2UYZ5pBnw|wyK|e z>h}M;`-Str!GU=7p#R;&bEn(+`#T79Y~!16&8>{0TiKmg!P{tqZZ*Min}=8>F3A;& zGR)}>hY6o|x%gIhB}fLOS=%ZwP#6V=VLXSY$pY-|G-;gP4_qO!6_A-%9h(63fm3)K zU3)A&gpz8XsAl4}bmbb9UwX2Ag^yGIdvg>n@GK$}Z39Q0{pVS~;Qv3^-+j3M|9+lF z;2d&}Xv6>~K#jRdm^?{v7~p6IV(4GN8Dd`R5xAUV23Qg+|2j5DVF<)DRWbB9nswxb zIvigk8F*v8hf&aa1R^w(h7|BPrf7;kpgd0t=3UOsnEex z!E2>R0?fesf!FsA`tMtL$@xElQ+1!2R${@Y)~BxZe9HYt{Azsyh6b_9+4>MB zKz;lL!2r>d=-<*Uo zy0S!ikqRAo3A8K#Tu4;ee;u$S33&Q+kud)BDTpb##({E6osuvlH$oU+LyF-^0``WkSw}gi8Tdm8v5V#aB5J$ASt{7D$q?$>nuNxqU5+v%>1Bx{iube~w z$`f5+T8b8cM6$F`77G{!Qo4(GlHKG&kZ-OoH*B@uzke^6o0b^0wDUJ68UB;;> z{#~g*zWd?3zb#2ZjY9tS?^e~ZTb$N3>aKXXx_Uyxw3fxn2@Pev>{ZV>>E6G8ubD_R z8%2T5M_dd53>g8``poB$OSWN%1E?-9kQ3H5j;Wsi-UBC7fF;O?aKmarCk1hX!w^gm zn4t(!$Wb7HE=ke>lZ4AbvI_chsmCMe&jH5^1YiV`ct&A>1d15ZDWMA#c#7N1;0usX zpNcj;eQL9l_^9iW^=H)UL;_`($!I!_7 zPqFksPlab$YIbu%we<-&bG3;57a<||1l~(W{rBJ#I24j1z`oM@$W#aqK1WoG0h2c+ zMGhc1Jbw)qBuGLBmFo8;oEjXszT%jcc@8zP>0q?~w;k}HW zcppFx-*;plBRpM-3g#M8CWc?V$G+THFmN-+{#;*jNCf9RjtN%=w{ZCcXbOY$>KCZ) z??3@alS7qSx5h}(B#LCC^qkgk0FI>Sl6Og>a0vnwhh&KY$tgvArMr1@gLpDMCH$Ns zh9WKp(ahR(+Gw^G06;7ul$oV;p-~P;jU16^e}oK`aAp9jP;xlS<9asT3nm9U!OFI9 zI4c7T@imGNW9O7iQ2i(+3<(a*)l%^4Ku;kK6N)b96tOu819{9S*?afB5^MSI?^EsA zz!8h-#4%^{c!VUuFnobRxYQ}EGE{?oiOW%DQ*^PNE31Sk_jOYgTDf)f+(05Je%}<2 zSOG}FOKnk2$$wn~2bsM>*C;GZz|)`3B(rL7I2B+ef$CYWC%qEcI&cZGGWl>@krYrBs}?ZbT9T}ba3fi=E|Sfq$-0;}lP3+Z z#3A+}D-eE~EGCEwwyK&R@}R(yB-SQ<~W4vto?osaGi! zdWvU>%6(@p7!+KQuN#3g<4IkntUB7jvFotD8s^ggfQFF1FKD8Yn@Y&9a6Dq+TNvU% z(dy`&k=%L9ICg-ifT3^-!~!97XGFPB!XXz*Ih9f}D32dAX=n5M3%-m|d)U4pa-;u7 zX0vF2HhZ+Rl4;NjsXI#t8U>|{$j(k!+>2bM-)h%8)pOh21KJRM5{4>qfs9m?F<;H-Y7V`{z&-*e9Lymr9HBB!6Q3s(4Z$N| zlOp~G;BN-Q;O|3|p5_toVI)Q*CP7EsXD9YTv6cw^Tx{@xEZ&41zj>fR__dM0&yEnOG-SZUYMtIh(Lhj?@KO@}n@l#r zN=fwJWU>Ly^g@LVu%;R7Ho=?D=S>i2mDk6dUXHas-eXf$nl3UxLIu$^0>P7!Ektfe z^c@#+OmQqRcYXnALR`hmbE$RDAyB1~i*6rvwhu2I9;g9n@K0Lu>Y124mU!s>iutqjieEQe5fqPs!wiN8-Y{*I!BHR&9OWd*_!6wi zn3w7p#yU*t+cpG!N&_C_2rzY2^F%o*kcqK9;V4t`q-I^%p&Xu{G^U2cBqVZkyMda- zP3;;z$zh&LlV7!mAKMG~;RWPyg#Uxu!zc;E&z-hX{KQwWahef|k@)NL=T6SF*J&Ff zWYLt4lZYdF4a4^E`~GLk{#PcVm9HwmlHmHFBpd=$^h$_P#us-f->IQ91J+7>YW*J%ShI@;-af_DF6i&FZndrSz(r}nP+9|XwWYMi2y4SO zc_L#%t#RA$_a#Fp_0{40ZS0e(S{2YN5#$D-?aCDh?#{ky8SBf)@6_;VW7>}8(**3E zWqXX`dXs*Vb|qatouzX~HK<~^CW&Q4soUHoKceUwQzEI!0vlu;nhdW{X0B`*tB41! zLZLr5Mgp!e1Q5Je2RZL^J-;d+O&R~svb1#moZ<)pJIRe4h(tNMtD8367)I$iRDNj9 z`(6&J<%m#L?Um27LQ@&u(!g0ljQ5Qytz91et&f2ORG>m*thWpY$cI!c3m=vedq`&6 zbhOUEt+A!MdM;ffL}mLVD-Z9k_H;!I4K{Q!B?}I5*nIO=L{i$h?RW>?pu0DD2GI_j zHru~tK)0atX23R7cvAqDc*ua(D+GhxCVo;YAiCDr!S^|DBv7*&|xs}zw zvsE%RYi28ChIKoORtB$d$#s6wrMcBs9hts~;5EddkOb}Fpx^)8sacy92FDU@EU>wC zVx6V5Vi|SZ^LiT@X@Ofm6eX=(3P)LaNn8_uJL}@Ov`+=llB=+F|Kj>#FCn?<0Q)T< z6wL8#?twG=tvUjLK_J(Lu^5_;ET`TDn8hJnj#KFl9pDXNCTvvuT5CL?>dp zEj!>EhFI;8SwMHJc(GW-DNlK69Wt2 z3|IkOr|a%hKFhpT~X?E>P+_9a{!wR2kTr_Kl({lX~=Zb^Z@)xTQZ zQU&gy?HcoH9n7HLZrgJr=Jw;CTMceUgwxTZzXm64gO*C3*l)%YTclyN0jvRc)X?&k zWE3b7rY&)K%Y$XnYY#tu?zF3Jduur^QY8K z%5Gs@bi-S5acyco$+gMQe{#MDj!s@&7{`2}I8vFn(7s%^NQEck+;b)5jl5)<(kT?a zig8i5_vV-~>)H1vCm)$QI(G=tlARp>j$D~j|EES*S>Dd9tA^KM+_i9D;aIdGMEvsA z=q;jnx@?eMVo4Hk1C@`T03qW$LQy7UViTd#O}LioyUS&fA=!?_I)nGMS*&Yre021v z$>*ASSZRk0spbk%W$tN|@N6KqJOZ7 z4#|Q)ye2f5?Ul?Z$@6Dh5VV9PrG~l z*Z4;%oJM5IyK;$?<2)lFjAmetU@T>*nwcHtg$^UR+m{&@CI~=Ek|+Sr_x~bj-fXAa zpb=u%b~X`mOHI=slj#&u9gn6vb+6y=_q8}+00ON+Wu6DA8?tm|BNjLzJ+2UnMbB#0 zVS@M#LXqxznnbLlGm3(}{*~OeVk%{d?129(H_a0PT>)s=s1b*J8?9ji&Yd;Gb*o9~ zT@bdVd;Fsfz+?309Fccy%AVeDmY+#p&_o@dzBf zdNaB_z5u6(ua8Z4oLY`SmQG->X9;!`btZGJ7TjhD%jXhaP0;A_@aW~}^6>H)yt#N~ z=ny}R&YF!wPA!${le`{B#c-yPwN@7?U+vM7akR*fPKcxAgHnNH8E`hzJdBx@b_P6- z31e6cn7UD62xQGC;M2pEF1LJE-~Zsv2w%jvxcW;zHTS>lJliSW|FD1X?BV{`dwD*7 z1m?Ck&{kfE%8$Eku5~Sa53-Emy3mSyARP7eXI1xo%Y|aDuZ(zwBXgCQs~EK|h8QVb z(3F0-i{arehKIWt9`0iJYVKli2|~$FdBJtx^54Dw%Uc?8G~3Ppu1U;#a*A{{ zXxi)cCLx*hR6~2(oqxFqy|l?nIBO4uDbYQ5g_dmC0^n&ect4l1V<;~*e+qteC**kN z0+6rR#Ao_lip6z_gA+;4n`AXIx5vu6Ru}x3EMnC~T4S`MVOm}A8c`huyr6OuKF6v{ z<75(IKV{cR!nv}M$l4ghI7UL95inqs$XHCaAXlg>x$m*sTRu^TCFmwx8c+eK5$0OO z<$Bt%gd(wc(f5Rw{K2%~`cFh(BuhtN9H_#_m~VdSfAo&;p4<;olwnV5)Z5tAE4 zSqhnTl&w$ijTY+2YJmbQS1YSon6U&gd98Gew_^sG+iD}FK*$uyH#CCMPg zqd74Iha9c| z4@nYqBXy-MUc{l~LuHTrT}u4?cMg+?2}S1iI9AL5!T#>E;{E^o2M2=(`F|fz zI@Cgk>!wFq!?IaN>Uh%3Jp^rA1fHLOmuT6R-_VYR3oORI zsq=msAD!#4)JASx+)tz{`-QG#cie=K5W&dNbN|pz+|mzKD)z)>dN1TsX=_OG;}A&S z2)jvb-6mCz&B@J}C6jcrjq%j#2K$TJN)`JdAIi{Dw=|e;P!Z0~#yj}N#X0u1m@?3U zyR;m&KbJdYubsluJ&<0wS)zYM>Krd&h^F(PqD7((c%uuh)hq+u7`5dTFu8YDG|^kH z5iw-!hR~q45$C#Kp%K!Frm_(R`bLego6soOY4tpl-rx#}Ng)jmQzwwE&bN%D!c=R^ zxz^52wv4VV%(t~8&kEyybpA$~p2X)hXQ8Zw0_iGiHcVOD9FuORzbNzSCQ)sLHt0Z% zTQ)u!7E7wF|qRkp@iSvGMB?@UM0K2G0-Kz<*N};Wj1Y* z^llYkY_C=&(Tz8wJPk;*oC~yv=O^21alPx^>J=b|=IdGn96Y!Eb)Z3L+ube)u9=XN zM*B^LQM1Uo`&bz2+N9$3Zq=$gUn1(;aNB{ozr~`iEh+}IAY)t^_FYRu&NpQXOG6G` z13_8BU)hLe7sce-c%-lH)6Vm0;YRKJq&vFYTyrC!y+7Bt&FDI(XP3vr+|^g+79)nV z^D6Xt0z>7dsrUQ32^|%#EbVNFLsTR)?o31>0pQf*B<#Dj| ztyZ1}Iiv4(k#Wr_yAPZiZ?mk__pzSTk*{)LH*LV3FCBH{%H-v1QhN`pL><}BU8_VX zW3Ow8ctvL0+d5>x8Y~WZ%x=P)3akv)*Cnlry?ZNBRhQ%TZsk;IY-`U(8syKt4+*uB z@Il{s6tX(K@g2#g)r9UkB~xwI zjI4vB#{N6l+b!6CcXoF7_8;uO_wmHgzmoZ%5aX>DUdTH;9=E<}Q#3;#;&$tswwi@Z z{1l~dG;6n7-&_ws`|3IKFzLY<_vi%rz3YMa(w<>HPmKE{MckiL$x?W_>_Ns5fWPx1O|G*N~>x#ET?E4Ez9oeW%F$*!o7_ zg80`N;++sP-noI?pSL@$Z`xwN?fejv!1-QB!#lracUAw@m%gtZQ79JQJ1Pdd-D!PR zlirj6AzsKB z2=Vv7{wn^wMs&jd{_DSPI`97azkhi5TGBu%6?Qo)M|SrnDHw zLP;?crqnkXy*~gL$0!OOr>{D4xIaqLGQ0}r=O?oM=a&BGbL*SWt=2abv7b##WWW6C z?&(o7K_B9iC_o<`wv}Q`dCI~BvH@-Z3+A@*I*7+7}*4&NPTQ~aukU1 z{|r#bP!8ZvqHRuyI$}Zr1+mW9=>RG?$%uwa#Q0$trp$dvk-i)vCn4nICJB!dE_%{l z>AedS1&IEF!o{VIn-bKuof+gipsj+bdNLIh480{>gzYDiGxhW;!aqefFU!Ze0*4|< zaFXsEeWQT|=&iGd2Z~fg2QtDgCw{meHTr&g$v6%Ukr@%>SA&em1rF|Ak5mcCQm4d##g_ zbzvBG&GrEyy(rRB)TsC0TU0@(ooya;K9- zuAQY>a!NE+|G)uyO@h=Z;sVd+oPC+8GUq(*sw4|dCzlg#0@d?j%SynkV7E84kMdYM|+Dd^r$a_X?np(Awwa84*!my&)Np482d z@tI?NC^3!+l=BdH2eWLVSA$(`JU)s z_G|xLI!BIwOQ77PiOPE9+V+v8wQA(c3Q!$@Bfh)y_<6to{7F^8%k&Oe?Q+xg^wrQIj`dUv-{O9iOP9gqtr{6z#IRCwur}F&QI_k9#bZ0b) zWM1(uCOwWQmGS&Nm0Vn%)wUZR0pIEjI2F)B!2Sps_LaQ7-|eMT#?B#SDv~l2z4B6F zK1Z0UXhaqh6$#0gvA$sAI!jwB6R;#yntHR$jI#F=FO$?hu}s20?-(8p`o-h^#t1eJ>+-Z1@;Sh;A%-TE28g{Xw7g=YK@gNAo zr!@a}9`e85&$Dv=Kg`oV{ImZ2Uvu&|$^W%m$p5^vyMOR7|L^75`utB50xF+0RmAYj zu=Pl1hS!M_Q+M`m7ia@116j1ySaPPmpnybxqFEBc^a?!^=m4lLQ2PUza55I4C39-` z-x%`w5cClD?Tmhk(`DJ9SH$R}ZQsjVlC@mD`A>II3=<*udHoPTxeu zJaA~I7+ba;fx1T}?hVE|KMO{bfxv8^l*dr{t@-95$A9kppK1-ccpG!||J|zo-`(0> z&;JK`#PGhv(LGUv`#bHAqUb_QN1(FG0FH~ei`#xVi!wTwf;-d?-i zZmG1P$$CD2)2DI%Yop7CrN4EEsmpF94d%@MPN!Xq|FFHa-v2+yLt^%uOup2E%dSP@ zIRCTlw%v|Z3cK?7Wu6cW?<%CatRqo3@e6R~Q;#H@a5ZAy2ybY{BxN26f{7)RWKoX8 z7e@ulahNZyXEAkknvlVOc`%G*BT1AEN2O5nD&szv@GX!IAsFy33?rGS13oosv4)u$ zi(2w^PaivCl1)xi7am)qNC-Y7JD9d@HjI{=TCkWWsHQ7kU0s=N3IJEJ<3*v^z_hYB zh=|Wy-FD}BtKDsNcDi3WJ6&f$E(I7j4u{qSom@qU&wG{w#WAbp82JUPF=0BCq$ozm zgati_V*ZbE+m;sSZ}ZpiDvPrqu_eDY_UqE*kzdv#{KtK6E&rujc&i0qw*2pO zc6Vy>f3LmH|MDQuhL(5WI3Qj0^^u>n+|Hy3Ra-%;d_iPwfKU6`u&6Bm9p0y*l#@zI)R2#+2;do?aV=G;B~%s( zvn2yk55C@5mMkO4ALodiid91}Mw~=nZ~)HmN1q~86eCnE@wje_MiY9KFbsZ20fRdkRB$SJ{j`EGrIU~ADAMLQ}WVBU0IL?1ulcMNu} z10~A%g40_m#UE^HLlvmDu#KS@H8-DxEESc-|A)HMXlcVj!OTj>O{mWj)M~Z*szUl# z$mLo&)Mh3ZUvA6j)A_sv?cRCaVWAG^Sa1IxnBIVX2gcvf`xSi}DgY^mX9OfWsdqeb zKvk7Ordbsrwb8A7UyU%E26RP3jp^r^=cs1#;kIWszuJ**ZsXSD{oMOyr`z4$5##Mq zp^q?+r1VVbAC3dK&(-=!8i|cy7Pn+P4IpNvytyjlR5ho1Lp8Rj7g-Hw%z(Q%bGS9` zFqk8kX-*nN0iW0IYPn)+Gq+-lj@xzH^%bnVvUqVOBlM2#>QZ5Z?X9kQ^J`ff`mzNV zC&fDIDn=@Qs7Uvz&f%xB?;*DVX^=t2@DLWs~}4n zaCaO@6J3lfEPiWt(S`K3pt$$i1RJFyN#!3>S+^ldz{cCGF$u|#CbkPFm`)b1NSJDJ znk6>zYe@B|;t&H%VZaiex+=ee0^*ILh|_Z0#P^ws0u(3gk_B|ATyb?AAxtD8bMzzm z3=u{`KOcF5$;>gquVviz6>V8fSAAtt>aVW8|I>8M|2FqqbwcYLlT|!RwS-h=!?0ZQ zO&Cn%XC`UIX<8rUG%^NJ>wLvsrESmYRg&f%nucAiPj|sAN#`SVK_?n1@$=r0!8=)n zjOhJq$-vEwU=(mM&2yr0RDZ1s&GKy11{m1JRMORv`;~=$1;Go3=~Jd-xhVrVs2Ex} zZdC#sTvd;JzJYSwIJvYdxLl zaD90m?SuxDaQc{+0N?vC=iSQ3TT0_*#+2XCtK1|*IWdmjsTJBjb#Oj#7KPL=O@2(8 zv#M^Yb;LDnsjye~aQ=7e^WRiOI^eC3@&t*yX*~NVc+UOb-fqqRbEn;2`+q;k^YyEv zPXg`6OEMD2GGYWcH#gSTui&1`3660y;O53@yde^BsgR~OHQZix>HHbW?BOdKIA=x1!5lSy%CE$ks|NI^4-5>%W)P2O|uqQ=mnWSU!=MMAp=Ua z{nj&~Y^8-dTGGUTfX@a4nutwzu54|JZ6o6lN1QXf#>3+)R8BVK#MgPF${L%YuRUw2 zd9J%}DqgOk_qchTnG$H07J8kd(B1B*2=OzCFVAmIWS zxnPcgB2zKwVU)rXx$82kJ$;JhYB$1p%M#a8OV^Nv?6d5ScJUUI*PIOkfjbVMT7c6m zE;8J@W5PmPPwhuunJdLe`piqguCS|}6T9ii{^my6E9Hw&-m)Z25A3;uxjN;ZjAIqMGn|+ZhDKG&9Yoc3n+!vFGyCF$>c(8Dc=%A98iFPJFSC zR`w@eG#-=C@4*LK7i;O0O5^~SkL*89bQfe<87}*q@T_cl&9r|FrY$%W3Ko?^oHHnx z9Qwff|2v%jNPivV+kAW1XBg(TY#unz{(EPy68~qb)9$R}KR?K`$Pq(v_ao+xX)&Jk ziRY3m9Yu+{>T^|2z{`$xfrr#aL5e?${VJmXBHjLA!?s(dv$HQ~b{2 zVM2Vm8An{NAM&^QPzT~%Q8pZ7G!;Zc`qiWu8Z= zPkjqhV9|kcB>Jb!H$0U^EPxt^+?FBg=Sq?rc-BX^0x8>NGs=qRKr)Zv(6kEXGaR1l z98%lL-h4k1YF8}(8$$!klmENB)%b6FyWREq|ARaaDgT!j{L|+7TIw$?^|x0h^|OE~ zL93-cM|GF@W5xxasJ)5FA42Dq`#G(=iyE^IwYjc>i5#)`kYZ|vTHd2P?UBxUgf*+^ zHKV}wIa9T3{4bd6-$BMVZK~Je{aY*bdMvBQYC3-B#!sz23tN4{N0zdx{GFm1l=Rsh zL-|I2;y5-?CxI!r{3zt=)uCbVV;|vZ-x= zvm~Km8cdXJsX!o%Aj(p0)6pur$blsA<}LTN!r;IUBdX#zr(d2Ax6-If_I>?j9@ zakoCYQ=TK7rr^*ok`QkX&riZ#~7I)Eh-$qfdU3AXN@!IMilLhIyxg8O1c@JP?DL zZ~~4XlSj~ou-o4LrCcbXpTYUE(|!(4NUy-bB>Lcp!m5rV_FG`L4o~;zPK;@m7dYd= z@yUckM@Y~dD=$f>V=biA473qpw1-sX@=6|0K*=1iALV1!@_2%Qdn=TZ{YRKAEC3uH zC=A6dg2{Q z^WG={sgxMDYzDU+#Bnew*h2~mA>_O?&=$gqbJBn>zCAWC%5X6MQ1)w1h(H?m#6~HU zEcXlPW3K&T>co%f1}E`u`w$7&)(#Z^NYw<>$! z{ZDFzc-SI}0Y{YjNbOXD)rCIhqgz%_8{gUwri{PD-5!-J16-k%=5I&MAEjkSh$ zGulcL;Js|a+*dBU{w9WZo+$t{Bz?J8K8&6!)={*5Da2NjOhaqT0etuXKY^pA82tI? z-vlFus@mD_NA}-fz>LzW;6B*y^x{pjaRc6S(NCYI(mz-T`$D6J5yj<%1U!NNWDn!eBMo7Zoi>f|%1pi=?z}b9u2cldg-;?+RM4)#Oz^H;3lrT>#lBMo5ceEQikm z(9&Jc#1FWV$(^AxK>65bXhMLC9!PhLah$?Fgi)#7*oS>kYlPf-e*S1IGW+_4ti&+$ zS;qK?`XA9+a3B28Qdsz*LgEni;q;YMao)i`yiXJAjUqy;I${2%a#J9|6`9Ce?mpqnJB&h}CWM74-#Et~pLn^8thaQVZG!a5-Q>g0Z3&mI|4SnkWs%uGA_aIA04RqQsQ)%vsrkT{- z6wW&LXC4|dxO@il>s?#1DV8pm|B&rM}%Hb-B!eNn~UUxNbzT(qoH`p7NT^vo~ z+?IQ0*w(r=z(~NiG{_yk^@FJjkH5qT#Yw@-gYQU(s`43wW_xU`R2(-X2@y@eX_TIX zm9NqZsaJWcGh;Y>!c#hK_-fjBHhiATE%_mEQKvWnwW{FkGQ$?aqoJ%480GFa7d<>b zK6rOrdYx3`5*MY>Nml>KnNN=g1H3bY(+W@`@qhQa>-^sj^W5$Hw=ZN{ao6|1QNQ8*x6uf{>7-U!zOC%kw*dJ4 zAO0?N$lG1^kXMbmSg-Z4t2kaaH%MRUYhYz7u zhfq8+drmfPsr*zX>?d);!W164IybcYf^d39(h=CrcW3rfG+LDVHJ*)iW(ee;1rW$lYYMx^h+pan%9c%DZNC+tWUg)XfSxi#w_hY`|euD%GQ5r#~`ReySa`7()ZN2ud*Z#lA+TZK}_l=i+d{(ml zSGcRH1kAJl?QU&V{6E_3{r>|!E3*Hp7}wvAhsR>a*FUNq?O(~*4Ph-Z=#@+JT&VqM z$EZK-a|iiv`p3^q2QY8{w_TP0-JRXF{qMs(=+3MZo;=b;Z+~_q4DAM;MlqJnUuZAn zgDf4rCUNc;tsSpbAOc-%6CRo2=chDV4Psw}crcqgio6VMesr5gpoov+C8z0>8g|BM zBBhXtkE>t9;*es(`Bjwo6-fHE0f`6_QO?Pb3YfTI7=ZmV@BPf}X7B|<&7bpDuA#rX zO+)V%hzoS=GFE2j3HrIH2)5!E+YA=bH1@Uj#QQl>H>QLV5xn+v3i1lkl5yOvP%64M zvw>XSuKau?0}6{OT-V`6OaMXC>X3?7#iW>`OrcqosYKmLHTVt`f(7d}gj_*YK$F3h zl$QIqe{n&zuV1Io{~FThe|Z!Zv*8*(XHkm1OD8d{-nv&|e{0eFAkQ7v|4O8l>3YDt z{a<^l>i@IX-R`c}|A%-M+5hD+fM;y~Y7%R~8Q*N=x$tK1$CistQYa00F7A{id?}2| z)QHsOMPC`q&#!txC#9-Cs2$7tS?*bp{MX?Cmy-YW{QrAfo%R0jL7qkAe<|vAbqy#* zhAcV$7i_W2!Z6+1wYE6qfEI~T>HZZK4t*=ciN1AFUG1Rn24QMU=X(V0@=MSDR_pF6M(N{jGOFwy5}N~Uw%D)=ctrZIiVJwaz@U=a#YHu^nd1+{;Z&sGZGUT)+A<_Q9%xe z#i^JlT!t6b#b|h0b_U4bWRdd9ld6`ii+LCJ7qS+4-CQ z@BcoYy*Yo^1m^3{VkWcDr(eK5C~iT)R$Q<^5_CD_ag?Ms{Cr~zkSm6VhqOQ6*n92W zHvS#@@bk^o&b~i6y5GKL%wJ_!4RE@r-A;RJc2D0NeSG=m?Yobs$M1fBbN=g;4!dt- z>bWl?o}SVaeV9woBuVIJc+%95fQ1({@ry+F_EWHxw6~kldUbO8>+yLb`7!uz@pc2w zDTbl;@cV=ytn`$1z7*zZJ|2MTb=gvUpmr1opA`GE9C%Af=M3Ae-n6$SpX9j4rMxJl?qR#s~co# zhAH0^sb^62;OOGHC~pbzoKEL>D(%&eygyWM%-X(Vj@9j9KFuoP7k`Xx2xFA0L^ z>P#oYJLVn<5E-34yeR3BnDkk|QdV^oBfekv96LRJC&}0N<^14x<9(it&#yPDgIS+P zQTjhDpwc_9HoKB6Jm9BMD2g=z5ntbPn)Hb_#6%Xf&1n&fqccDT+EUvq(SZ!HM zWm!mFSyokmA)>L;37ucnJ7P`Y&ITkCWg-8Qp@2I=XEg)`FG1ITg&Zdd#OoE{$ouYEA&-%Le3wA`|_} zxF*<;~I# zFpK+3RcmUSfP}^Y^9b)j2Q385h*TJh>Q%`{cWFHD*%5d~&2QlXdI%C#FR^)WnX%)AQ@Squb1dX>iq9+4ErWC9~{ zNuf_^n8ykCA&a9Bln-4I!7ZUOe|{zG-nn{RiO{z!#Z9;A@5HsaF+1{#y_*+k{qQWeJ;i2GU%-dJ;1GETkDm^NC2)X0;|Zr*F(x z&a_a;eMnPJizp@9DupXqJeNalK6}o@izX>w6s>X+M>$gY-rd+H0FY!@qqT#l(EFt@ zn)-_Zrs(SoSU~q1=+~;7bJRfTgNM1W8V)aNz>v5Cf)kT;v|lHkj?!MMc|j-hD_+ov z_5JLD{*#{-?EmHl37)h6+wOEK`@gNNc6WQd|9gnX2nO_I!5|P%t0v&{0zNMg?0K1h z5p#k(FB;(aN8f7JwiZj7^y4yDG38fhY#wn2Ni<&0)V_5$Lw|Kt7H~SZODg5SVx3Wn z!*t)W))Yf_L*any;%38sJf+a%(gn!Xh~_DS3e*{g$Fj;}yCMI+8GpPv_V}%x_>@{x zge#xxV5W+iu3~2BC_O?^GDnP*81Lzv!fHsLHlkc=-n>h#1zBHZfc56!>bD83UJ0uH z4Fjq#9ZdaR0;x|8qCP!<`mKVePY;~l6f}K$!1Nix(&q$9F9k`T5+J=49DPb)^iojt z=78w6VCaq33Puq0<^bq(f}j7$fzQ_uJ}c1wwM?1n05nJcZ|`mIR{ejr_qNvh|3f@8 z?tf+ldizUV)~rH5&iJXRBuXPM3VQJF@Jzi+NiwAAnOU@aX>-R=YR*i- zeCzq|j%YBJ`pKd^HgEp#>{a7`b$7Sd@gE=L*?=>WrZfrBAWM#`+@|z17WhJsjEQ$a zhLpROx=7+#jBE~kM1uf^LDZK@8ViS;kkEjn?2@9YY`iC-Z*4$GhcczwlQ^LR_C;)p zgmU`RQy1QZ!33fZYYLPgrU?Wrq^{*2z5Vz$jS^~Yz+p5VMKCJ7OZ=n%&)hz_u%5Z;IJTbs|JDZl zMiLff98Qjoxh1wmVm4SV^C@Y`a!K?r%e~}Y!%O-+TV8D?%tnIv@a7I z4_!WDH1KiJ?Gt}UTdJ^wWgQj{qGXJ0PJ+MlbP~}0K|oT6f6hokpTbWc4&u1fKxa+^ zMR{zaGq(-PdP##ZASugt~w;s6gmEnp2VU-xvP&`%&F zGEH5}diLyPG^Q~b(%!RY@LvtiXPAibH^x)aIJy7ZvNks0HDUVN)v~V9@(r%xcuZIT z*YG|G;M%$d$8j8x|LGt2{%wvdyvpJ%$T+;CWDM8vUs25eVf4j|#{Ui10N2>6R6s?8 zzhXq9cavB&tE`Rj7xxktBb~0TYiw8ktN$zg!oRF*Gnw~ULWTYY*AQXOL%4=dUv0c; zwR>Of;41e4 z%-E_ZeAJjCIPNyKpbTK(8Un@<_J==9u!-+0A`5WJ+(Tv5Ckcg&Q@;-Sd+Gg@>=_r1F2vcvZkR^D<9Qq#(j4ZGSf`}YeSq9 zX`vy`wSm&mmagT*pyI)X7>fYqyb*3q{3#=@**)9dw2SC#cF#VPTay#{U4P6ku0)NS zO?w>q;%8w2vRT|Fi^kNQtc33+sr+$4C#t@>#_fHz@qALelnnA(sXWRgL@x5EhxI9_ z!xHM_!4wh}$P}JwzOF1YiX;&#;L#QEQIrKf(p-~RRQ@}>pd1yAG!nW7oT!`FKJ|$B zJ4F*}#(_XTVRQiF2t$Mm?IdJE*JA&cdpYDl+-eHoT-EGnsd*6#VU)UX5b$UdVs#IU zF+kD?@sXFly5-7kZ=XUICX~lf$l0ah#5uwGN;Jt?P<=F&tehn^KzTfepV$BD2NiMK)=_n6}Q06q|dLt zVv6M0ken3n)Q$gpC$QYQlk!ngP zD0RM&Dx0Rg*=AweBgU?R#fe1viiD}2vu24+{2Ed%Mo^{zOJTqgp1N@Q=G}2m1Mx;t z#A&&0;`>YQfA%-oKO3&&3N#A(0-`b<#E2*)%ar{(1J0YIlz+ zI;C1^1e^`SWtkx#t69Clu+)tmnTFLJ*mDt#WVGuhjKr4*z@%(HHccQvG*GJqy4fg= zx6q!bgH3Q2h14$*(GocrHS zcdzRIyS25m_Wym5=j+$pkrQkjcUO+MtNyeecJW=SHnV0qhesR85w8~=hx zF%F*^>Z{MP?kB6MiIKX;c*R0(rqNVPt-zS?<*ht-)ulH!;9RfI`fA}c(h8xxdx_*W z1C1(5>H%utvI#gCr1D@_e96^w{J1Ifh(7hAG39xTJ^@GF=umat!_tu@B=AzVJI3u$ z&2dw2hV*(P!x3oofN_g>DZ50~F$#eQd|X8vFB*?&=o{o|8Y=u`kk(POJ(2XVEcF8h zNiiwG0|00000|0w_~VMtOiV@ORlOnEsqVl!4SWK%V1T2nbTPgYhoO;>Dc zVQyr3R8em|NM&qo0POvJf7>?FC=Bnv)u+Itbe|?!iIQKF>fZL;j^j4In%F*;lRbO7 zxg3auB-9ka0-zmj;_I{DKfIA335wKE89>@`oqIHZ5+uZ^qNxIf4Pqlj?GF^Slq1%MAZ49UdvA?G3TFzNY-ay-T;7=Rd3 z9wF*17GM^KaNdpJ3=P0gaMe(76*v$a<*ag*j8OL)QHDu00N?%i!2Hy2{3&wH!=Z@F+`mF%PC<;*IW5fonE`TA1YyhU5$FC3!5Iv55 zLp~?;A80fsoP3>D2fTgoY46IjB$tty`INAmUTaDWg>2C4O)#G(BhM$Zo-Fzf zGY)%Jcd4$zzJPBkQF!C2iU~v1ClMEr3oxcAoON~MW{`121=vxDdQKq{k_qwH^`v!$ z<~M`}vcqR265WNPNvjLUh#`6nM>xcM-s)Oo+L}Qeafl;CWi>Q|I2-^Hv;Q|MBA zXqeSqz#wVoZ+U(1*?#Lw&%Q7JERg>p@vk<5qelMscXrG2f4l!6|L@}|O2o$E&WH{n z6+CNFV&V{Tc!C%o05*l&d;0@_XSDPEv+eK4qphGndbYbAJp2Cp(es_}`+K|l&&EM8 z^3nEqYtJ7)8;|z)P_X;FzwaZo54WHB&$phpCMZHw$;|e4e|x99wcYLSU2OFS{qG0; zzPI!J&epTt@3(gU*54ZR`|XE$UimoZ|1}H~#5Se?E}sAU`+Hk^#reP6-+q|?_whV( zJ*`LJXF0_}a1ALIYdiywTJEx~Nk~R86xt*D$SFLEuElQv9s%{mGp{`oqX=}n;7Ggx z@-Gx!V@jeKinxV~6QINnz!4`PCIRy#Oi^b5KHXLzV92M4XDIaFjgf$B3;_fmhO*uV zKt|%bLaktFCP2LT%62<1=0mTI38nP^r)r7iP{Mb2cX@y8^Eq`JY?ZJ7~()~JmhdiVoU%J8Mw|q zj47D`Kg4PWQK~oqV;C~jYCV$6*6B5(6bDGaOMeTMS$qU!EPqS=)oa=1C4rB?I0?gr zU`&AmsA4?{uJs6TNGFI7=ZvG7fOR4N2B$-<%3}rs6o+Ik+46Br7{j6ul<*yZ5J$}YP zB93Q@aWsZ>h$9jpx!)N`UP}M;V8Y4Jhl00{GO9E`^+14`{3VJpRV>{~2_QhOc&UUb zLo*bBtTE?`PSZ6REyWU^pD<2lL*ic{eg^qekaj%IcMV|jGl<3afFK4U!odu3e<}+G zXbh83Z2%9?kGrQGaA@iVfKc#K)TbT5k~j|M00M>8hO36UNR6JEjoR>vFn&gf?`#2P zAcRTePsON;ISWA?LLUiUpa}G0Q4upRBS|DiKEUHKqA23wyraMRFcRG1Phm7cfuw4x zQ4Um*mJk8HU+#70`!++ChF;K$BgSDErc5e#(#TIJ=5x`T=p#QQ(HKt>s>)c>I$t*e zr!k6#Q#{t|0xI$ejAvycVLYoPGA#`b&fb6-36c;Ma7YsY01@IhgkD`x=v#9%!j#!L*DUeHql*=qZjHxU}z|?k9BK9J=z9<&Rv5RZ{86qyE zq9_jV7%&u$0mG9B1wb3Xe8>?4kRl;E18>oKRL1v9GD0EZ7q5r!5XIxU1Ld3~;08wW zou~q?R2{V@idtI68q`IYsi-W>=PB~9*ae&%LK@%*hL}tAA-U-QLj5UXoI*~h5G7MQ znR?*VejB1|6ap9oObE$KvC?&9IrUE4{Vr2sAWH~o>A*Y4AuLfUCm`r{m8>0O2V<-E z9aFI}aYN)Zu4Q?6&KGtD}P=xaQ~oT;}! zEraF{0A@JCvt*XND2iMO(knvqBp6TE_WU>zLU=!3bHLTh$BUS zXW{eXL~ieA?e&P5p&3z{kfB4rX-5blu8M+*`g6o#ZUVag{`6OxNEC)8$EBj`!+% zZWZ=((z6s7)_2{W>N;C_*Ag!$@2p)^k^HQlo-byDWh|kB))$Z=$EMyC$w;#esM${0 zd494CH5`g%6TH+rg(4*!PBIcWoD4vFXXJm6owFO;}ox!E3OGh`Du z0yIh{9e|@T>3|zZqYgln650Vi#T@%E>_{bvjK_wYM`G(IcBc&Sj_8^YjG%ud)!3=F zTnI%hPoUuf^Y=hB?D*uT(^kvO3N^P`HuPamIjQZ76oRKJ8oB0>XAbH0tXg_C#`MN1 zrrfLJc21sC^m~HXN{uyDoy|=@E~8T|fvnhK7e2S*6yj?XA;!)q88sEVxjK&do-oOI zxngP$;*}@0-W4v5b_{WtP;@b+h)qc-@qZ}3{E$v@Q&|X}5z6Q&));`DRj9!c7F&;( zD1`GN@<|j(L+}U3`+Axjl?GsIZxy;?L@^0$igIu2X~`8|l?s;lLfGfWs`#>=mST+o z*jj}ej%SD@-0qb8t9nZEVFSmgSRY1Jtj7n>7Y)TdAS!qsH zQnl8kDp1yVR#j57;+kd1}c|F0HhJw57DsydIiD@mkfh zsC;v2+f7=u_9_xpuj>K4+>xx6qcg_du}?cLgd7 zTcUU&nT`$8b}-%xc7y%e4Uz+QexJ0shgR7wHRHkMwj&iCw9K|7hyTyBJ89Bd@y9z7 zCNp%7U~n3Ra^%g45=zfRdsD)AdK@O?5g?*)VH7Ghhh;2UMr>dom21vg+o`PucC=*? zF0-rZuez(Mpk&p})jF+TZ;!S8T=hWC{D$Z?_K|S}_$3)38X=AtFkf;8i54*L9p|j- zgU9Ewf+zk<#txVRa2O_xBYJ$+0j~)RUceAWKB66PLIQL~s1juYl2x`6qvfQoTn@57 z4fVRHvh7(u?U}Do8Ej}#Hk2KF4xg@Q zh(ob34Zv2vU!+p}8lq5oqY4@YFM$w_ka2M$0f3C*iCp9aRdx-@3I&LqgotL0b&>wL z7_3#zb%qDWW1;!WempS08R8sAlPZv=j-gVs3iN%F812)+!}|LYGX&@=1w&*Y$CM#; zp6HxLt)f26$e1e$B~AK<$ee5|l<_9y4VuZHQZpc9-jzaKk~1M8j3!`;U@YgHI`Hnu zZwy9KYnUaBgAoFdk|YYi^S!@{nYG#yqvl{n(g5u2_TS(aO&T)gJRWk$*^6X6Ms$e( zjkK=A05pd*nX6GU8zCwv74?MP%cTS26+$tCK2msXDzVXzmnn~ zQ|X2v8~;CY(HjY{3V>>mgR}wI?f3irrVTq)kr{IAS7{%y>fdQI-GrLf8aIUFh>KDo zbFyf@NX9@V2SDSAm1>fCFDTU-tO1GUGPR-9-dCpJ0Bk>RMn|NaURYyF(hBvon4$x) z<7A5hHAXXSM2RU}LxnCj06W{QmanvcRJiyg4D((^b_p;0>|Le$$I&&4lnbtN->m^? ziHB5S3y{Q9gl28Sn~?AZafG|Y7AY9cheC8@Yj1`T@$tZf|NaW)E1#J(f~WMsT$ z#BPhuEZMUfoLuqSZ~}qYRTXJ(zCi77=LI zsI}wd$&}%Y%79TdtZv)R5)|ozhjLzZyHe8(A)TbOFzs?#7&sL#Xn0dqKO_`MXC|h- znF7o>#iN8Hu`2}ul3u+i05^nQiS<;|YZFmCAZ^?drC%Me3pin!zrNPGI5AzP*f3qY z<(6OU=Mx$!uYD^V(z4<_dIXL+m_nu;w~5f-1%oqA6Q3tE)jA(N0yZVqYXJUk&~E)W z$hLFZQ8gw($MWCqNDZU|5cfSB1^|DT@CAs!b2!=hQNU1RWWE5b$jsPT(IgwIE9oNn z*18aFYed^WI-9cnBb&G+e{@!DVz5~rH$i(_$PZO zhAmg*-y}i<`LF$!BRCt#e_PA*x}``L8Q#|0*WmgU*uF&6UGRQ}#5n=%&yHD;eO`7d zWHpzb4_VdblfokO>zWzmK{nGP>*n*K)v(DDexBb=(bR5IS}3#XLOYaO3}xa-XKw~z ziDj`!#*|R}Z=qp_F$pqXvnDjXN~@lc;2^7N2&@9V2DKE$p?2pM+X5;|H=^}Ct9Y1I z^il(`3+x(n#v}+ZqlrvMFiL_6s!*@%*Ct-i!-%Q&mbE zP{O-L8>Ihx4E;v^d6E`3q-53Cpds~`Z$g7QXn6zUOh-+tuR#Nff|%fDV|ZlBdf<2r zvYL=0QzH;7LS!#oHzfK_8MEY;f|z|dfMBStbz;zoP|>H5D-)jBr}1<%8DL%DNC!c5X6uQNsI^wA>#J1m{BOT5|}VyK1Fjm zv}(f1sanwkit2SFTozbdC)!lWRHm5#;+0XSM&Tyd(^G+zfUNpDG^BcFBOqj3^8q+_Uy+l1I4)}RDO6N(zHxyPogp&_lj&I&#V)j?NX1A9ZvHr6#Unk~!k3E{9A6RHaTTUPK2P67%{=0H#)#vP2OtfrM) z1sR>E%6LBHXhJAfEOMxVl4mfEWt^SZ;aV0dSqD%A8HqrChpRqmXmbx7W^nbv>;N2u zh;r5e2R_Hwm}A5`;84aAvko}rQ$(2=`?Pkt7cvIM#jP@>tZ_2taTyeCev9oJO(GS3 zST`#Qs_%lp*g$> zAcr8PBu13arH4$WQ5oV;Aoi_=4SLqRDe|wfgIq&Fh2{QF7{Xa_n#eWS_yxp-N{hVW zOWBv&^+9EFOHXKH;~yb@48UH$zqbgk$`EnZ6na)%F@O4}##ELCOWDDNoXK0c%K)7r z*vDg8yaVtgA{4Ro&>B%Y1{;i!G-;{e?9m*+2qe)}L~bGg6F!wOunWVpi)k}*q^%s@ z)y%C?5s5(++=W#`N+rl$r|}(K5}_x zK63eHDp8X=H_CgOm&R;qhjQgjy=!F_sDo+c4p`_mo;plF&s@ff?&6iWmhuW$ZFtt8 z32DvhMihZ(Ne;HQb&`Vu_)YoC=74U}Wi|(ReXm(!5_9Q=TcwICzV&oIuVI=i@>sn9 zX}(B-%ml2ENJ3x&g4j9OmD3$XNG6$E>?4r=xp3=r^<1V@k`XYO3BbL5${>F6y^~E$ zQ)MQtQLn+|wq_ZoP4CNMN@g75umaIi8?bHfnYY#59qmK34aXG_?_dX3BY`stRu;co zJ30AV53!---THpJTJpNEtRQx`>nL9~*ru3}r!W`3<`{~M%1x~a8N^L42pQD7i=nVY z>BiK#CeafrA)d8LST7c?6EumGHQ6YQsv^LVT(M#(_(dlE6`CIk1P!HCB$qqW#{9*y zXXdw(j^vp(l}*xTDqVWD)R{J}C6i|=v`Z$=EX0-P3D{I>BPa60=-+uV%s*H`o<3+G_Ta0K-eUFH3txdUE8LN-4@J^+PdxC?Apc+=T%I_ zJDgm%xYb|iRJh%#@@`CJ#Hjr2SWN|Y+^DbGH1M1DR+LEt6s6W%h6Ch7s%|4{mG6XE z&~(dvut|ekt!y8n+GX8n2V?vTl4JFlaf+kK6Y%uu+40xv_})toeJZ{KvOzR1Xo3POH)`{L;Qo>*6BI?b3*WENWP-8s@ehZM{)@e0|quHF+@M(+hH?F8Mm6 zi^ACwc$@Lw-WVj&U|iB6D+)$qA9sAfp~#?q%{81BEEPT*{(GUs2`gqv6HD z;V;9BgNq~Z_WZT!8u8N@wX*Ta*{x*aA0Ods?JSuF$EP$UG#va9uNho)|DRA9X3+bM zk!UR(HTQq+l<)uC-{0MOxc~1yo=+_R+TW^?ZVy1)T+<%|d9rmo>HDGe%6HFV!{g+?31rCEW6@662{#6xk5%cNSGj+GVNdZXK8_sumhlYE)Z@{r3CZ_X;BAH(9*+woGcL_&tW4BN~Y! z|NSfM{=47({{3V9<6r;k{_9`f`={pplW*I(>bH4l?R14`Ku8`?%k}%VFlbE&p=JN~ z*2Rb`Gng{qHfJAQenlS0_pXZYusg0fcj&qchQ&ck9aPoAG_=F{y&eOwxbSQ-GFjAn zTKO$Q_G`s=;O4*VdG8`m)Nzd@DYlBL)UP0PmgJEi4hs2s9WxZdAKE1=j7Y$s2d+ zt8`S-4liJ%C=j1ru z+$jv}WfK^=KK^qZ;#JlRAoWt2(B!%pj>UzSp(*v(v99tl|N3dfhBG-qBSlf^PSA}n;0 zvL#<#H8ZMTRFTLVfWLAy7?QIAdA9nkLj z;$P%X3Ha`3EVCc65YIe_!Hh(h6Dp6(up za&H6ePoDse{4fcSZS>1#g7OnP*SF=gfd_7HdzOe?=AO{o+rct5Ih=so+qNP0%bUmX`llWZX<7Y=66=y#waEX1=I3Z^->IQM)b`^z z2}5ZXlwD}mze3Usmr3RKE>XOK^&?;%f^ zHzkbg8z&4l3zNWba`5J8bu2OR<=C7k_tSivT;KMqaDPY(-C$S$~Pm&*_TIdm3hbJngHi9&gy zLbV;t`{wfK=%K%9@nm zgipKjblSanDL2C1A&Y0{A}$;La(s6A?%?(D%Y%y}gT)~l+>C$t>ge#7;pN4_&zFY> z=P!>>4qhK${Ikh~cX{F0@RTE3#nGUn|8sGEaCvxo^3(Cpm-^iOyf}?hn}Gt_uIv3* zM+dJjUR|D@o?jFo?d|RDmHXxO(ZS23^UI^xM~4?B3D}n2Bl$|NPk+9Aee~|AJlz`z z%hX5qb9x&>xt3L^k{P}ZDo&0r{&9N#%jL!S!Qt`A&r3+wiolr#xX#W`FHR3nUtb=d z4A0bHErBnlgcF~H$B|fW<=(Uz&cmbOu%Yx__6G6=h!0OsE)I@Qj?UG*y*xg-I68lK zP(9ksZYf!e@kICPW>BX0i!|up4PZ1;O^ru$LkqTBOb>^zji`31RfMK(nuKHoLq~8` znXAfW>Q)P*1z)@#3Kj48rzQelp!p>kp%C$l*TZ*+;&Dmf=P+FiH>v#;))L30I!_|8 zkMn$)CU8jnE5wB=?PTlo}p(E!m$PT^5>?U5KoMcO`nlGQT} zE2B#T+%y$BIYT2l?opvE5U_MJ7pyQSy54NJ*U!Vn_w8$|PASA~%6a@VN-s%{$o7q)*efwjFI(=bCRwq7yW)t8|$qM}74vX0m{!OGc3^Q|EdL7tP;f zU1(BDLKX7fHKaY7L_MEkBLDG3K{x0WnjtQz1DY1Jel|dGr8I3P+z^j?_V-F4(U?^N zFyAUG2cluLrg^GRgZ8L`5#mvqqzq6mD^LT8Tq7F7`F3UdG{9WBN|<7o7+_igmYSk# zxM4y`5|!~u;3|lqLa)}|*8LRZch7~NP9pg#YeC(>(?wX9TnqKmpDpDp| zE#OCmLZ7842J{hV_u8O+*}lEKEY?~)L9IU;p9->k<`{D}h_7*oCb?K@nnVZeEkkqw z`YJk*C~o#)3`aPW?yE)%fPp$ZJb3-Ot=&!y?dOE>pKyrSoN+WW@ne$qkm;7zQe{=j z8vKX%W@vu?uZ=M)_yN?M|L^s;ivFM5&-Qj6&j0V@ai9O^#yal@ko(jUd*>PzKWE@G zr{d~By>uAA2B6wwd1v)yPUjr}%pv`!PnIOPQ|E%aZAH;VVkxf!2jr6TL8_lSbnN~9 z{?3Dc!h?UpD(qWxs&;XDd3bsPZ(Nc`v1H%D(?AHO-iXa=2;F;|(2{%j!^{z7PwEJci#8 z1*an>I#`ZmGeYjf@xUp@AN&qB(wCBRmY3avJ8A^?gLlJ&cf*5s!xG*N1vTLgoE+*; z-*PlO9K!wi4&m6Gb>*p5*bUGqnUoN)IqRtcy{y0^@CvFZqe686nZyN16wbkjB6!8J zY}`5)iK)zBDp#0H1Fu3PHRwA&u6raCGMaq!C}04}vv|M>=ppWl|H>r&2#|z>n-6P|v!5>i z>-ggG)xr78qZ4%*{td-k#(hap9^g~VL_;7@FZ747@?$2C8eo5~g|!^Nx5e zvGXZ1h&cf>c!d;PiAJpYUZJf^ZH2@i>JIsH4In?YV#wG{Q0gee{hsyd;Ry5L2y?9? z%wlqkKg9{=!?Vs)cm6v?VJyTMkCzVnPM@0d-<@YW{X+i7XM5ZG59h!4@qGH!dkU`c zY#`Q4dDRG?$LNQd=oWv92Hx>-?W zk3Ezyq}@MVQ{W7pnq}m(5M7ZE_IKn@JR2tCG5!eJ-3*u!WQy2Bie#4E6o=U6%)##o z4DlGF0Khnw&G1_PKnl7n&jk+ABnC#vhY3S~ky$Qhu57$KOH)_i$b=>80v4%*Jl4s6 zU!Dv_S*c9M$baIsj>mwiGY$nrs|!pgw3P2~mV8%c4u(Rb5yWe1oAq4HS;m; zUQ?#BK%@Q_>rk2?O15S2L-QfF=uEpsLCK#BrL^YWE=^!eam2@<{a4ogD{B{^eH%4~ zshO_oca9mYQ5F;F8c`10wpc@W2@ zGo7&XAS+O%DwY|;Qp?IvW-x*i6m&=PJWWHL-QPVhxjTkcsBJQ{lm9ekFIBax6nNGa z_{_^5(^sKdo&H#IAo$k1(29ij0x~2m4sBgtI*_%WNP`NS!tK3%L0i5bR5Pp;z;DlA zgK-k6ds3UxUNj9W9tJ!PUB{~lRVE(Ss5Iy&bEQ_g|4F;fDTfOQmP$LPw2RXnQ;MN^ zcjuG(Wh6G}|D_sV+ygf6hK0Mwjr2j5yXFo%AiGzxwgWcOD1mR4Mm3%9s}1I&oAEZr z(h|tJ1FEFUIpPUbw+@(l>y$rUL-|th;p@60pOmTJwpAAn0dhbbehM%Qiw=(&qExLZ z0$*IKQdv1iQGlq>I+dwi8rxEp3<9$`^jdG3yd;% z(n3DVT(fL2-_LIv-TJZSYc>ox!o3 z9VwIQ+tW|vy_85a8A@xbO3E*E+SG_pPhsXPs=%_0MdT;(x4co)#VNAHR;T*g_LCL) z$U#;%fxflgi;a$?FZ*i7eDFhI{7pJd{jyp{=yNq^IWP6jH57DHR+KyXV+P_7;s`)W z;aqIh6|=Jr@X0KO9FIbzPRXFyY+^2Us%r1S)Sf?M>s(WR5IbkVGr6~qmz4l{0bmc1 z{`KTZZrU0yb^Yb;smd<8pC-v|-hyUTHAB(OiZaV$!*m;bpCeR2zt(uIPiiCIU4qCa?bv9O>8Dufo{0PQoyE#t zE-M7RYz!~eb~0$o)yAFp*R7T=rx9dZr{(*&@hP9HgKH`;>Rp&{a`_c?abD?xu~2&` zh8zLHlvS(D=E^!pSgvCknq4D$D3(`>K>NS9ysh1CzYV-Y>!{EBB^e=Y{_%ds+*pDH zoV?A4u)NiBggErvMI5?(Q~Q6-`A>eUrDhc+AsXQ*z|o{x7+}r)4_p0y>HdeE{_ey1 z&wV@#w(nMe2aNGMW5}c<=*ye_2*v+~DkJ!FW$WB(UEwGg0Bw0ZCn0*F7^O8s90rg> zvA||4XDQ;tVz-vbjNV{}Y3#{fmT-L6NTRYeRcOE@LJ=Q;974g^+J_Ft_-9IzctLYp z0F+w0uyIxfWtPYbh}fXjwNS~c3>8dm*ga6Uwl33Wk-5;JTw1<J z$5A8y`}@WFAGf!6_Mbh-|ND3>J#En%(9pbVuM^p7Aj`dh@gHIlQ1q33+-h158oQ(o zz-Q4GPhKQzQM%|D`R>Mlnfaexv$LE4sPX@Kw%zX+=l|Zb2mhaYd6w7zU>vhd)yr;s zUu||bQCIF=2C!J&Ou@|U@XALOa)0_-Q=%O<8-uJWzu4EHs@C!z5+J?cDjx)HjkhUa zG{jsCge!nPpS#0)UwX&3emqhO_7h$7U#X@>)8#ES%e9-Mn8B!B*|CEgp{O z3`dfwex}ezXZcKu+q->Nh!e;nRjkpp&A*m=RW5#NQ+Z%YJyo6YrCc<-MkYsARbrPi zfKmzZ->TzbR$D8>$$iF4e*!*c$=u6l$N=%IJ`%xs+L;NUuA; zz(%RdXL@K(-xpOTorF0%#Bn`@c?x;^&Ev}7pMG=Y@i))HeEvBp*XX_o^VH?>uZFxJ zZ-3gL%KZJ+V4eB;Qx;g1x4#-@Ri1wHEXdbi4b+vN-#o619KJYXG`!hi70zgWrNeTp z(c~_NrFo;_B@Rn6M}ylN?BQhj{dLt94CaYkS23jU3Rg0yXKAa2Go(Jl;RyIQPi5f0 zd0Ytq%;QJ|kiuP<5WsF|(L;TS);NIW#r#71a3PycMtLr)jty!-cAZKR%DHyTW9OR) zy3+U4&NX44Vy2A>pR?AZG?j=>0i$wB$UaJggl~{cxuSf?gtNr9**u_l;R`h)s<3xlsl;~F)MYr z+{*<$8B9>B0Hj0<%eexbG(A`oPecMV%$;E=4C&#E?aAoLvuTT9 z4(SB(p_DI;=e~`yI4Bh}y>u*7NHA833y#NPRkf5-^Co|0vg2yySMe=|8*}t7*8;m_m#SM6v8e{cI)QUBZ7-r9SZ|M&68cx*8(&JkM> zK^unp9+7MYo!eHv)dR%ba%0H@t9uX-IrkEpgeVuhrSBY;5nMStXBVJr6mh0P#z}zG zub2ethZZ5s$_$}L!%Jl&vqR3+o0_|}>qqa64lmb`)0V31$0`w|#HB8=76|jEt}cp# znBa(~Rnr%BHDkeJjH8Gv`-C4tJWIj2zb*^25?n1Lrt<{o`ufkhT83SIPY8!;<^0=H zmU%=+n!P46V|Z8QACW(9#Gb+I*a*!K1rW_h!~})eyVQN3*%T>9@LWkblg3HNbPLP8 z5964X_`ld%iwND)>`h%y*~FU4*{k|~&RUgra{8)vYzxho18lupZG=!1WV`DW7mg+r zF@`Go8GYm^lH2aKdZDkE!qG$vT89)$VXj7-%||{Z(QjmA@rL}%N$W^}t7VE5q7fzf z@47*;>$u7<(@-IuBeSNxJ%4RlpiiIwt^3*}bZnQw7g{fiGfpU+psH~xHb@B?$T{?< z7M}}HrBC%7D^dF)G_0fm<=9zil+r$5M@5BlX9Uo!Z2w7o=EuMUiI+EtFOZM9uGYKS+NKICXZC`N2h4Nv-LD70QyAx$M~d&l(^ zib9JyiAhK%^Htl7Npy+zU9*cCE(tZrtd21E)Y|RO^unb&GBYnOX#NsrFPTAJTfOq3 zY2vHOCU>b*=Uw`QqFf*5;-B+Ev7C7?9}~Wxk?Ou?sxDcf!#%G-dc;3sGLnbq-k+t` z{}mI!)Z~BJ@9%CG&wu*c+YjsieLS1Y?DB=R0OMBUPIO|6OkLtoDA)?onr=6a*yAtj zcauM|w%h(6lDy^aQ?@wc&Hv;%TWm&JIcdvcwQY6(`i4-NI@m8AGx^1n(Nv{C*jOT( z((o_HL{l!iY$}>Egoj)-hNM4NE}FZ}&9UKzEX>RCpP65$aq0dt?#};K%(7rv3!M{EpUL2jQ3wHzQV7{VkFn5&OBc}&1pWNf{ z^!4kb!(67KH%Axe$A@)!HJZC)twO`a@tdR5x6XVsOVMzl!n0SS;q>hE_36*G347{^ z&_>02Dw?FrS;S*^AhN30v%@zpE0Y3M;nLGw$6=lk+F)qzFaM0o2AM_)dNcU(CFF33 z|GkipgkXJhaCZ6T;Qw5{Jh(U*9{=CETvg5SF3RDusAUhCbsjS7e1(~H9&%UQS?-Fw zZSd_o>iZvx0w@Akv}pZD`D%IvkG-}hIO)62OP zOB2l(ye6}al)72q(-=lB}) zd8M5v%j#$)b4*h_I&zTRq}Cpp&*+QBR_r+Yk2NdwK45{x38Y zeNAFuqxpaqHEa!I(Bl4TqF^~B%@Xr}wd6nb^M7Y|r~HHF9wk zF{F?aIsm;*_V(IcV_I)@%1cUO0K*VaG=n(8(L}E#9dLs{KtM#exrUQ47h46C#JQ-B z3HmrNbUyZ;KKW0}bk$t{OY^jETL0VM-Y?mIwzeM5|L^5lR{tyHh>|=pY<%z9(mR%W zRu#=5;d;KAxmLPMf3aLp*#Ij~qhT%`RQ}zcE-6&j_&ZMzRpNm^dv2(#Z`Vi+wJ5uh zqenNF+NeN%bzY-l!E#a~NGFAW&aTPq`Z0!4&_&Vp4~5vStc=)!{2*iZjE2|C?OTg& zugacOq_ZM*(w{DsP}}6PX@f^n6+{8JnW6|JOsI>_T~@OOHp&L!q)=k)BA%79g>w%<`D7Ar0|J?VB?pRM#dv>ZvNd$~sQml}gvj z$?qD0Xqx$MvD&tfC*7f-RY9riMQLVO?;|EO!}b*fgiZ-ljF^`q?&;Q;$LpakWcVht zcIjADi}n7)cINl#lcc4NJf=bYBxV%t}`%C_qI z$uB+T_OsIb-?abNR@win|8W1?y*&5j+w}#-z}@w_AD{~@5=wH zzxS*Z|JUDpi2u8nr=b6f@vcmswh=$DFDD2TZRMPC3)}o>ze=n5{J*>N|9!{#fB#|s ze=kqB+uh*#{?e<~J&SEDCv z9r%B-8!Z?`?iGPLUd1VH$>pa7Z(`?M^z&3i1D&bSiWFdFU77>yj zrCupZWC4EuZ6iR@m=%CzZyEv6hq_{|4B>pc08D)?d|U{ZCXs;|As!W}Q=jZFwNwg- zJ{4;)#l#a`UmTX)fHZ|@hCi@=I-#dun8I6=2$gcEtTcWyF`L+lwJ%H$f4<{jzp6#;oU0C`sbt=*pL@ zZt1JcC*Lp?x6}Ed;bsctrOd|mf6e#*F$rM83G-oy=mzh9?r%TaDxLp5+k5c;zn4es z|0@|@jQ7xoA&w?TZg+sTVF{tJr-ub?Z9aI1D91hw&q#2Pvd+?`gzj|=8=4c$7D%aY zsk3IDVrAh_zL`Zc#}YHroD^!^y9MmMhJ1>LEc5m zkCO^bF({};Rw%?ndiqzQ7xUJ8KLv_z$zGd$TRqH!)<^c@1zYHtg8)T zv?vKf6r_o62jJJXA1Cb&Xsa6S_s$B6i~%@DzbA-sb`S*$?E+@V?f&kFA97pMjkARl z`Wn8iAfG*#+M{{Z17{fqlou0Q~yiynh=pI7Y)c z^LZ$p2V@;fXECuO^7=(K#bd6WG6FP)Nyra^0_-RW!`7H74+Krhc@iD4gJ>?)qj`)5 z;7!7~eA$|4@2Fqjr_PF;1a$Yr3O@AY&8Mv@gCX&;-N3q$GAUywKk4Hp6n$ z&tWtXWA&CH8CL&+#r`G#02m5!lzf!M0Ve?ZVkHnoT95P|8>me-_?z4W0~iH*9|5y2xp48PXDY?P6Os_%cyys>=OfUQ+c^fon^O)teAqqfor+w{!f* zknfXOd`8Jw^rakVmc(%=vjo5}%Vb|5Q4k|JQulw}33gC5nxzi~mawO)G_tALE_<~H z^s)<#*PUf0>}GrDmP&MS6Wu@>9Go31?>l`_R?9X9=+taJMf_{c!uaK$CD#Adl7BbI z|Gm3k^#9q~+k43WbT7{a@_&ErhyDxBHVjX1%$q+oKu9_2-fozL-(qRewec9B-|Nb@ zUlSO-fFX>0MBBO}tye?2^N=eVQ|YHPy_I0AYTFGgdI6O3r%TmJyp{c=5@S8z+TK@x zE=-HAi!G7rykHZ3$aB8#v$XubgZQt#QvSc4t?h^Sk9&DG7u)s6Uk3iviM}hIn)#n@ zIJ+U4OmH;mDn)ve=RaHhe#!sy*|UfEk9&Cv_8&3cLowd3)o^=qJvBaJ3xYxA?rQCe z0t#G~7bGQK+=K*CirQ%me@{@FDO7BGQ~KL5##d zV*CrzwqkiwO=#fCnpr4cg~;5bS^>;T_6chMMoet|IbtPmTQF z+1@VM|97?@_W$?t$ooIF8QG-AvhM-a5-OKI%gByzIf-T2^aa%=4iY|n1La5QQ+#{d zvI1|?Vjb|UPmvJD7>2A0?O76rhgLBil~X|XlK9C?h;@Uro0Yp1FB#$$HQGkrw{!G( z<~3*z$q42GB=g#W1VtAi#^3}Am@&l>AA|N^+2F6N?FOF_z;*z9fOEx z@zR`8V?6nd39O$!RnY$#aPnV_L{8mPDckwYdJ*=6DtfO^jsCZ;>L;JN{r}Eh!Tz`P zOuTx~|L)_R@$IjO>o@iAy$bCa)qJ{b9%#J!lzv> zzSUg`k^yPfwh9asM!`WCPvJ>213TMI8mIRIS4eCHWad@JCIEfp6dpy_9!rf-QtcDf zOx%{PT!ZpUPqwe{ams&hiozM5M1-PE;HW$Q+3y$p|F`yb9`66YpXU)cgPbE8F~A8> zW3Cb=j}jaPIGTVM`d4s*nAds)E~c0Pmc+`xj!jV*0x?Zh3_Xq}9eJ}1$Ja;(-dOKp z6to_J2u;)_Jdb0F#`q%&)S=A(?}-Oaqi_yLBx?$iK#V8|afG~<_i}hSB!0|E4|puX!<@^u#~rPj(&kGC(8fUnQ};`-iojdh8}{ zJ@rQLs`b?4v$*y2e_D^gJ4i7}7&v};#9CfV$#2N#Ee{6>_Eb4aertKx%qIcrwL%72)>2nqFpTUW`&rB<^;B)J9*LptZ{v&?1J_AF8SmkVe2os<_zCtiS^f>xW zx~2RBji!WLJr-ZOQ~9Zj^|vSBGw6GL?>YEvlNtb}!n9h)5g;@`R7h8rNH0>MBhP`B z1%L~QD*LYk<|F}6pUx7-pFRaKCD%AmZmDAuhU7*F;{eh?Ex&6>F&xRnhOMXILrJCl zPhc0PVO`^x>iHi$a6ATBf{X|^tQK@q5H~ms!3co~iV%ey z1rq3-BponHxEv&_pg)y*Jc9lda6Cf*Mj(kN6b4A3h!GtVIzxe{xXlc{0QvN(Xw%cD zHakf^fU-$)cL8ol5(Z#|{vd2n>hBT^*{plvCBr|Tf!c3g%wr)gUn&c}{Kb5Vr3ZQ{ zJj+tEn-i+7&%l|hMeM%_3BhOZK|1Px0H48ukQ4#-mDWebLU`~gqFM}?yeTQiA;DKE z$E7F$oUN2=I9+x6WKW`suuJ>fSLRyIzL)W+X^L2bJpg1)Lm08sG?qiejtzg!)s&xV+d;_CXnjw7BNm**1~u?ZL0_Zx>X{ zV&Ff^l(wSwukU3qslUls!)0cS)jB~D0#|6xzz4agbifC(OZXt8Cq4v_!w(&q#|V$- zqJp`PlZoM1@3Aj877W}>u|L(f{Sm=Ak7L5sfm=9#0yKp|di4ub_jjNGq{*R5ty^NG zXc9%TQF=~mH~>ddbjeEBuo>^LT_L z!7zM@LO9nctTI$vdlHwU%&O>OJ6Bc-QSR%iD713x=(#P4r1*VRJYoeP2`{xpH6{Ob z2^?hd8eOBXFab|~I+e_-z2Q`Vl?1A1y`J<+Wb42s#LDm^743LIq3>QV8>|Q#hIF_W z#8j;gxkOaub?k%$NE_T6tzhMBUAaDz{d15+ODF@j$e0dOPtcgw$F+&l2)%$DD)Ul5|#VTTreoO zB40NGr^b`IOj&ibfn(QUeKpLd0RRmleP7T-B{!9jmu|y%bk0!jyk#6az+=ErI0j;Y z5V|v>Tqxm?3#FV&DH)WD86BhR(7wNa!^-lHNCij3gM4yDAN?af#Riq8|jf!rzhyOrq>0C^3^pR6&N1=$( z(LlkNl38|biQGwvu}i4fcynT#Z8P1vDRsKwq3CfJr~E`H2qB%M%qR9`h^p!IOX}zY z6n+gAC~${_A~}PY-oOQ7Z;nTa*rSmM1W1|1LKO4WjIQR;H3s$(IObpqS;2(LI8A(>P&5FKfK7_{8-TwX3|l`AOnRC}z=x3- zk(dM>y@M63-I4KB9e}v+$;tryT|yLf|IXoL>qk*pae(;(u%ak)`%+ZM2I)$=NWMim z4BHyR_K$h0#e2KljxM(&$~^-AfK+VK2Wk@_(asXa)v=^}$tjH3n9!LL6ak447|k8y z-vN*0Y)2pAEDj}wwl_u3oPLauPiBb8@0Z#4OZ~l`cT^`GU2A{36_^*Py2~)ELTV=H zN?2E!CkkzvH7U#6-H3(^m{_gTn3m)VaaMVG%<1J=%i}#VRprq|21uwNx<(*)GO~rp4T-+vLXIhpCFagA08NOiczGtZ z?kVI-v5F=D^QD_6FA^dVhhZ*H<_ax+l|ss;Oh-WL%aF)VR*}M)V91pyd zrS+jM)8~5;;UGlZo?2!m72!w?M(ty#XfCHGWF-c_dIP}M(F^_R!5=D(69 zE9x$4{)2-Ih6mmj;zKSjWgiwscU$?iN+#z(QZHSOXQ#y_#j_5TE+k@}>x7JB@nJ_OU#k1(h znGqu#O6#P`@Cu+jCzdwaDWuSsRt;m4lDE6Xl*EYgxhMm(eTV5M6o?&UVb7a&rn03} zP^#$^vaBwP5AHSgiqfK#-WLF6>v}|#2{X&4Q zQ}XBO>HR{d05{y~Q~hTyN()E&H82;S>DRam*sx7T)0j|e-1ho?$q-6?b%ZIHlXO+B z3TT$HbOq3MtGWN+w3N;n5l-vw^NE%909UCKFng=*lp-D9dFWc8huD7tpd;UK_5+QG0wgE!Mc z&4{c^YOvjv@>GlR&f^tpDOmFqVFCONpD8rPwAmAe#%S;4yrD7njh#L;#<HtJ3 zp&j5;Eboq%iK74+kHI4$(1pZih)rzd_>Y5@dgh}79y?Nt#3bTuvuRQ zgKMX}yPex9Hv+frc78b|&i(!KdaBonmCj446zBr-3)t3DJaZSEH&H-y$d}YZ&nl2D zqm4T7J5$Z*)o)2a%WAi|?rYG-M(VDEva*3O81DtU!G2Ebts2ZGI&co@pGu#|wM_h> zd`HjqUB-@iYNClzniZ)h_J?ve2r!fK7Z6dmFpZk;<8nkbu%>SBttg)tBXWxA{*nT( zk+iO$zk#%_!{rp(+t1x?m~tN1r~4>WTG|cB>GzYtTQBWMX0cn8dc?xE{%Jx6Y{k=r zjAobB&s;}(9I;qCG_Twz1{S~>umU=5lk~E9u-9rfD3LN#4#zHy!>AnECE4K&B3nCy zII_JxmqzWJmV2qYh(b=y^eJ7~McyjTY_=r`N;oQPR}{Bx_pdPF!~ zar#Se!X{{`?|J)udLpKsqmIwA(=aP!!C=i>shyOqalGkn$XypGdl3-=X{MH@oIFJ2GdA&STI2B~W1Bmp;2d0`3=G6E+QWkM!4 z5$e3zwN&3-UYrccW=^a#cwgIzbd-T9{?s+Ub{0%FQ8Py1mm!glT0JpM_2QP8OcyHKD<5#|#DA&l^*qtFD3HEIC>G zx0_)%6_>%y$e625mRv@?33-EN@@L`LY`6agzmURdNXEP?mq!|0`PqAuY%^)cDfB3A$D!2BO$lcG<}hb$B62PLEWjl{eHi% z#Q_5lXbmd!JV+hIr7s<^zzOMbg-|SdR;vyp#BUIabl1})VjZ2G80_}1r&L2 zEZkafnx>3M9*b)1l^J%&Zhv;BibC!(zbH?JNTzYd!&=|0A!5T73VDHz9l$ zuW|LCd}{80+TP#p7w><1w*PSd^SwNuJ^^#vBWNqnLFN42HrG0rz6aTj0lLtFdte;( z^=DQ0L(7F?s;`WBjU#iFpsN_QE`}K@{mqnqxQpfCE|!P8SRU?T`D*TBaS1}nPkF(0 z-}2wR{>xih#Rh&OSHRWX|GQVZ|7~w~Xa8aSzmMmFfEm0J`DY-0)#q!tcfT+7Sp0(4Dc){|4Dt3lIVw>JvOsHYm*(=Pb)S?HxrR>E0(6^x1Q zxhphhgBAc!izyLuc~C?NQRY{7nv?e~0Qrhd{G8vXSX`I5IFaN$Ko%o&dzrj%b-{~d z7OO7O8lxS-(&~aYi0att8I>F7DOOz?C!-MiDZ7pm&egewtc^j8VA}dwCu`0>=@jBuJzd(rVe(8EFqB0iqE&h|{Ev;DVAwYklT5|Ix-ru z1JaD+qGxq7Z}F3%NG4XrD)k5{n$uKZr3YTjbzGJ8ZBCN!XqE|?Q|OCjKMVm>iQZ&e zHR(B;DS}~FZzTd5yCpXko()~^TA11eL>wehfT;K>uaMSqeI%$ti~&50p)VuRpzik$ zAmg#(0~7^aPP!-xgs{btv7l?-l6?}fgsKtMdoCYF;P(XkSK%D^gvv{(1;KMOe1PN{ z2F*^1nSK-v6WuXIFyvD~o9qlfBuUVX)RoqF7Kf4#)fwU+QsU&R1LLXs+M*W>|+IJlgrA9-s0$9TYF2w4C znL1hH1Yns}WjxOvYUS&!)@3jZQ-}LBra9MP>AALXOFx$G=jXbT-EkvALIfj6&;3I? zUQ6Fmsn`?Oad{y-Oj|>e9|u7CGuTaP>o%!!Y)Wn}Su#o|+a(@b-C%!FTd86{XsJM4Js>&_UCe^?6p%^x(Ct=cT4myNCxC34AFERRJ2Ic z0dIA|rJ7}+n}cXM1xz-f1x@spYeWngyCF2FZN!-_SZIWFe5q`Nfxc2B>?Sk{P+C0C zqzAV`ViI$MgVb?jqw_5zsW8>ra;~*=lP#lb1M_X^XtBb$AD+FHM^EDOlCw}&LVo!a3&E!?P`pLIu?a zwfE=x4k2CVG_>-;A; zw%yp{Jpbj0@t$5_dgz~ucO`D<#`WUxc-?Y^%Wa6hNg`-Kk)%xao3$(AEGY^v$Voh)CX>(iL^rYM|srK_F#EvhFRhwavr zR_hwl^fd822@wN7fM4G$GC#Gx(RWM!ZGw0w#Ef@tAor*3PV1Yt*l#;O#3XRO*AeW_ zZ`ob-fAgj9Yey7{#rKYin{Ibnw~Aa6t0ZYIafx4^QNc`&gltjOg(Sj20ubM9?3DL`JVLO+T4*USr?DO6vj31I&j6?MJ z!+$@1{J+lrF4edn|8?`XC%q^COT3UV5aRED{Z0INjp&H|`0KxJI`9AXzkhi5TGBu%6?t`9RHO0s82pQ+K5zPQ(6pTp`;iJQ|g2+tUBsw!XP-wZ5T<{cKty`{h@6PY;t3`WPQa0s8p3EfKVzyqDD_*DO<89_Ne7 zl4C_xz0i2WIK=#MV?eTg`^ozbXm{FTJe^&5o%Wu+bcpY=vrGrb{yLE<`(<~@kxrsO z6jWXw-&Al$Iv{d{@K}BS;fLH(l@781`GeYJi5DY^;FUEdqJD8U$f}x)FKB|sk7ZOw z5(OR5mcajd4W>|qk&O_F)W>!wM}ZjsTYy4_asYo4ZF54@5fch1h;^1t2T;LDMl@U? z#t*_UW$put^o0&N2_YvpNqC%a(UbN{@13J4K=c&~XBRqdN>JB!W_|B~whE@|$@EPy z^yY9Dwx3AO)YGd7{{-FqQa0-f9Eu>pNxF0NEdcUkwx`hskaHrZoSU#GH8AQbD|sWB z%!&3_cg6Rf=RjcIeV}?~THU*G@8x)2q{k9&K(Vy4O>gl)3 zTlCw^|AsJrI=1=$rAp;>uM;49trLlLVHkGJ_&-dNKj0*hv*ZQ=^f5+0mop)o1?f1d z>?ah>$TbR7aGTX7S#-DZ4OKjHr;|jkouyfFLNrzXzyW$gg48ME98ad4eVM5;afkBLuCLsBb2MFUcU@a>SoCJ%u8*QxQq$qm*zlVL&97mx>ROAlfW-0TXmOI zh{VD@{_k6@Z=_9W@B?td_J%R?J<-4H*Z%u-jvW1-K)Fj3mG#KAZIh(6YUIlbP#u6H zzO()KdB6YsNmap%^k!b~IO6YMXli}m?|=W~N$dWD@xQ=RYyTD7v{j70)>9MzxwErf zi2vN~_n$r3fA8g~wEtSBUfZBMp-Cijfp;Y27e#^6I%QO^ioT@K=ZJz|z4xMrg`n};T2s93ECr$42!fdDyat9$DYG&R)e_GE zBZ*@~fe#rniGDOhQQ;`LL5y#8V@d+gCnW6pWER6{E@s9ufRF}sc7FPDBY<2Ky(s_+ zhz?HLRRC(ALZ#ap7ezB7*FJMrzr$+45}Hz(c4fk;Tgm?9a1w4;gr zKKnZ;03^6*vlV9<@sC6%fx=cO6o9H5QbwCe~`I~ zdnJ7ADUOGBFYgoAnAD26DnynS1z45@Jp@bYwOZqeBRRsk;A2N{#W)IC8VM=n z@=MPRB98>Ur|qZhmcq5LG{A<(C{k=LrCgV9-BCa3v;6!Iqw<-<{4(av|4z3y|GR7a z*ZX;9&j0m1{pp|O=l_zEe-ZqztqT5gcWY;FJ^%0JS^50W0Rg2=noOd3re|#^G=|~BXcVA-1{EqaTN!$dK>A0h0~iTHn8S|Q_-Wi3kN2|*u>g^ zd5;9{_0JVP3!@1KUvHl-*se0zhtX}efb;i%-Kzd4lCS0eJv=|c{!iN7ee0h3IiKa`|MZ*Z zS!K+d|Lwi1|HsZwr@fy4_wiH}8yzeVXP_A79z1QgpGt4V{KC8k&)V&0>nZu;KXd2* zRKvl=%a}L+ce~ql|F8A>e=kpcW1~SYqzEWjjH3Ww-| zhUy#swk+eAfcIL)Az^Q?-EOy3sLy0QpTFtTIRCZLWy8|nI>gXrOG$${^S{$+*YF>< zx7PdrdwEFAev`qMdT`mbNF3*Xw%xYdu}ZKj4`1d1!SJp^s>>RQx`|(aGoN}S*@UYR z^G0|>GbSnXNDxdcp(KlR96mb=EXQHKw4TLq(`iBm1Lnanl7%EuHXN0p=2et@F6mn! z9YPTBE({|Xr~^JWYO#iy8H-x-bx$8VVvtQvQx_guqeuuoBRZJ2Z8nUSn@X^lCwfh1 zyt=wF%M=8zV#kX@v4Lr2aS#!ox4P}lvsSy?>g;qscXqnYfLsbPZX6D+3p%-q5})@h z2a01>%Q4~$SYyI8l%z;T$Akqvh+_Wta@m#^=x6zBc$LLjka2iN$=H%#8{2hh^2pP* z2>)@PrRBd=3zu2|X3PIhXLqM2|M%MK_%HYJY-o80jswy~Umy8N%k4~xP_-4b$`?e| z2Kcm}4U5e3?;#6^DpUvpkp@%gV0VlN+B9_6bw8dUfOx zbhuR!FvOx})}aSs76i2_zRiL_fw-1xNqk>b4kK}>(<@m)l2BPgU4}uV2Os`yEW`*^ zQ7XtsQv~pg&$yPV&=M+&gjte7sRv(fEK8;l-5=)_IT5RdV2n74KH~tq#UFi&R8fpj zwZ!APEecKORl*Sb99MlQbGU^hdb$d76QT%LLZXOr@XQL4~E8Yrg(=jFQ* z#yFkcj+6|0z(>T{84UKGZSQm}t00x5)?f!~_a;qCj&VLAEGS%{da92kY@$9As*MoSwO z3T9S1ZbE&QpjNBZR|V-`=`PpGsWvmY__8dcPv`RzwXe?W4huD$W4-*Z!1M<7J23u+ z-mmD>P(esJJR>35NWJ5c1FEtVGR>+Gsf}*s`)Y*QG@>gSY79TmJVzCi54SzD_|=Yd za~VsI_cQP5PPee`{K3D4_X(Tp+S=^F%8bHiUd2v<7scKI3 zf@*A0PqG@$m_c`O=5TA=VK7H7)0{Ml0zR+Y)pEtuVwPfzj@xzH^%bnVvUqVO5qigV zb*V65d#kJ7{9M+CzHGt8NwJQ)ijm46D$;$bWB94)d&q4-8f1`hd6N@&2ZRM#LW{nC z8C~Tu(ML3|gh=-{cuqNL#VYjJ@i2@Mx(R*i5%G75VG=P)a6e&mpd+sfRXSusPh|f# zLfqgHks!`h&VH7vFa%P*hEeLmLBOL;h_h4)Sy{ZO55{=SOU7k1i2{fN5>nAISt$Li zIlDw=Ew#0$YHt}ASw**`0e8odG|@$5VewnDi%z7s1;xGBCfFzyNh<%4%DN3v0yf@e zjY&v`G_hSc#&EK5MZ#2frggrCdTPvtd}y`6dh|@-vft#c5g}AA{zss+npXaSdB4Y}Hpd|6BU}H&sXnymc;5khq)1vyX!3 z-2d(E*8D$r+U>Rf_q{w{zBu|M&~CgWBXKMdBfz=2vA%o(_f$@B#La-48>jJxNYJH1 zn%>-4*4#qWEO0a?*u57x__TbHZZ)BlbvHLIzx0-@4+=IzDCwFwLRQdE;7X(qwxodd(n1|AX<|UYXM+Jv#HKq}wl>AKk#UG4&KX|g z;qetJC!2EO>$p*6jm^;4p0w0F*UdK-FW1m}+&s@r2{cO!z0RxCC`^|elJa?(D=))j z-2jw4)isnK0YAx)Q)o;wtd=g0tL`N)sMEa`Ov_L!2~^WroMb zS)tLeG!CGeqk6XJPHPR8Ig_KO^tuZL!8`OpakWE_AC*ATMM7wb&dl*u%R;+#RjvU%V<`|q8-3jWVl zr`=iOKi|u<$Pq(v_ao+xX)&JkiRY3m9Yu+{>T^|0z{`$xfrr!va{qJ59F`6;-pfsp z7o2yEJ9$0-Fr27Tdc+Q^a84EV$;0S1TQoa4Gf&B{@n)n*tL!PK4Vr zIW}U(@=;4v(C*a%vKziD5f!6c zwtLX0gD9bDx+fHCw<(X%GS8#br@n}OHrH7& zkRv7^QVh*di+hxZJmUag#UpH1G z|K)yYnorO?|DT;2{>$#p*4qE)UY@(j|3baD^tQ(iKdaM_xSTa9AWg zW5bYz!&7Nmy9uM{ieA!WQ`-P%NkYRkm?+y)QGqamC`+|XPe1yM27@$F-c%k5r3E2@ zheElh2?$l@p;#NzyYnZ-E-Y5baee#O{ zsd6a8p*CYO%sUm$D5fFjff&?;6L3T~c?4|;yY20#zc_xo1pkxl% z5Av~Uc|1Yj-bzo&_9IOe76c9tR1L*XqeuS0%+BF~R2w)=7zvERMFyj(DtQrl9xk`e z>1Sl7bie}ITt#sBh;(;$^~5`r=Dkq@QYkTP*$i$uh~r>Vu!j^BLdbb(pe=+I=cEB& ze0ywOl;L3hq3qY35Q#MIiH%e!S@zwQ?x5ns1)Zq(Mc<0|ell^AEZp}3MnfY*1VR;o z>%3J&G#Q)$I95|fR9rQbajUWi-v8JqobGOea|LZR+8qH& z=R#~X$uzXa9KeSU@E35j6oWti{HtKZP-T1j`wRQ8FknV%m2e+ycY5+B*|-7kxoD?P zQ|TWpgngk=!-(Q?LINJan4p_6;}ZQEJ@)dI)z!7pT|cC$2?n>oEGVz|_8hjCZBz`~ zD8$RG^%ID_LoV*KEc8U?w;x(4TX8~yGu4m#0T*>6lP#K_{_ZgZH;Gzf89b+7)un%EW zN;mdlAJiHlx1OKQjYVc(zmS<2Mn20JA5s4ttp)eN4=q&-KU9@Cgnc-9B~_evun+Ik zgnA=M;}z_~OBP(xglA)X^9J@M!UzI9%UADVA70Q)N$mvo=d07Rv<9o_CR{URE!7e5 zL4Y3Vun&JHL5i*7Iz#?KWqEOO=5|(98?}H-%Ib(Lo%~8C$2lPX{so;de^a?Bkl>0; z_?%;;t@@RklGZgy7@veR!T#k z`oHR2Qq?`k(osV{?U#FL?uw?F)Z7%#I`?T^c4QlH*Enm=$s1K;Gr7!x{jAw&kkbAF z)90p0sa1Sk2?wOUacIPVkdNU)R4neck)VXGte-_2)odhfwn;uJG6VJjt(7$Ij-o_K z;y-V1Z{@Ey;H`4aQ|@&Tg}{_!pjfhe-1YHDdg~>GOSmS%^GVfdj|~tpE**(1!-#UY zN}_OBgs0a{&5N)2^w|yehGiE=vvZc^o*A~aZjCT@;28~ahj0C0sKTSqaYAuY@bch0 z(xIw+#-Q0A3o9kZ4M{>o5pWWv$6@8G^g`-Y-s;F04xjLpjvKz3_MHu%=WtmJoix3|c%lJnnxMSZPDH=O~`x&Q0#b*lKkd);;X@B4Y~cK+KJvaPu5 z``@VFaQ@q9gx_>ht1RDEcIsOY{QeJrZ*|Dqz3m~d8g;Q=>tRt@NPGN#<1OX=vF&?NUb`A;*rsFvT;krr!r|jiW3&5@W9ovq21?%)3+oY zf!%y}WSAMRFA;ma5zJ zZPV=(>G=iZJLuPle$d|A+q3ebb8t=Fu*C|TVp44O-_xT15{i-LwW51MFHte;6YnA# z3|_G@OMB41yVkL?^{{r*QT z{>7lJ*Z%d||C6l!%^q;ycg&;qrKk$-_x@q`>%>|{nzpE zSnT-vN42Be%I4na~sTQ;`vD#V@uA7SS~JwerOK zIj9>`phN_(J)Tl|Rnd}h+)`C4nl`h5T;Hzzd>{dZMHa5}@B$M+^l5cSMX6#^Oi`xL ztjbiP?xY%g2MWQ0`5GWsP!-VK;L4ts`?r5_(Q9A6OzHn?NTdJdQCQ4|YxtB!DYh=1 z#I$kn$jvVLy&tVsTAIKW%U z|9brYy{*oA|93CXBJ#h4x?NoZO308U$Nz#YZnH294mqJkP%7P@Vd2oXLc9pM zc88@_8lWrW7W3A2AtX=THaY4GXG5%g>3|e+T-7Cpz+LU2??z!Nrt?=M?ea^{{#NVm zD&+rc@Bg{}|69B5D*pR!cWZ1*eaCW#f+@T8oSfWyjnztM!8F+6w z@PQv&!p}6GnE{=xTd(3l8FN#+>M(N{jGOFwxaT5{Uw%D)XH?3moKS$Wvx{wkYlkkc*gcG_FBTl(h3 z`O7zF@6Jz--u?dO^w%j3cF$t!xi2H0p3oG1m`l`Tm(Wk}sHq(R3omHm7lH2W$6zaI zZ#P%#)$z%%N2iV5kKnt-+YLCS2t)4~Ve*Xa?Fd?MVN0#vzQZlmj>kCOMS< zCh!!a046LP%5cgm6rKuKH^|ZqL%yl5p3$oZFJ2#?++LO#{X_gQ3m26cGxO<=-R?Z= zGa7ljcf>ssU}bdl@FJy0V$x>;OIg)XjQD=tbL`~k zo$S8GFQ*5;8}IXAe15%H4Q72BMd|;rfJ*PY+U!cQ@PMC0p-9$1M0|bEY0^{P|9QU% z73Xad4OmcdIF-kar!vZ)ieR26s6r#_XCsfwR|3M(E1}@_J_VuzP9#}a;yn`@x%>@g zDjv>fN!|$}??OR9EUvq(SZ!HMWm!mFxvi=)Q%(8$`p18U=JDd_`TKu-t#+cR^=g_} zBBfiWQ9c@4I73z%Qe@?-)oL}XqNzf!Y8u8{i@qB4d?ku}**$)WYw;8W`cBu(U5c(T zO@ztbaB!5ri6r~}HeY=fw)n{21l#e%zgHs`P>J^PhkcrbAq$6p*nb5-0v=ErLr44$ zsj*30D-8c>3PZ&m!I5!GUoau-3N~Acs0I{jI9}18M@^AxiqHrta%3*Up62g6dCAO;-2`>N7TtGT29egOjhJIsm|mJDf@539Wv+l%OkT` zVWAN>7e^a@w2?Q0Xno`J{}tT-6fk*H?ttdp|L=6`{=eP!?)v`cKAw5^Kg&nDQa2CB zieYNkHYARDVI}Y)XP%$x^5)hKFpK+3RdZ^afP}^Y^9b)j2Q36lL@LChdR6k#y>&gm zvLo<}oZrF)_zoQfEB7F7xOt!EKMW;J9HFsOg@wwqM8bHYe;@New*iJU<=PFE`Unpi zGw*^!76XBhUgh|}Ba*_HOkhMVDfB4~bDVG=vN#Gs`Op;zZV8p~^DD4>r|NYDq3^am zZn{l>C$7zn(UDi|-Ml~E&`o?_aObeCRhcxxHh*F}hlDHDZ^LAC6&z>{uMU#{-TCH*r zM>$gY-rd+H0FY!@>uU#3q4!HLn)-_(rux?zuz>D2^k1uP&QT+!4<6>yYB;>85yQ?E z6r7l(qy2ix3pYeiDtnX(J^q>5!VE;E4BzVsLZ@bf}?Ekj5+THE-{_j2> z0}SZVf*=r&t0v&{0G}5Cd%g`|#2k?4MFF0F^sQ!XYjG=+eq81%ru^!R%_GhriN?1x zwQt?c&|e*u1)R=pk_tJnSYwppFx|JTHN}wKP&nYaxY@8DPD%8zbOCZTqIt-mqUwyp zLz(5F-4K7@#2;_Q9$(stPpLHpT=`rFGnLeI6*Hlu^aw@C95GU2yvK7At08^dSmjdj z=3QzHWPOzY>&@Wm%K)oaK-Iq?p!%)B)V~Ul`cx40=>Y0Wfu~OgPHzHDpAMKl11xH5q{bW%dn>YV=_Nw?_-QDdq{^Pwo8}OE-DNRB& z$dcnKw<-OM1-{TDW8z(qA?2>6E|Pc_Bbx&s(I9|f5cQ>!#=_wyBs3r?yQHWp8}CWz zTN@D4p$w_^C{E~reHNP{p`8BZu?ug)U;cmtV!! z6Sq$;tS4?dj;$yE&)R_BNW!9w!|{tFZi#J?m<^W8d`em}T@wAvaxb|T`LtyPEKF%~ zE)`38!s@Y>rBEl8$IG`KdVH3i|EEU>FJ2$HV}J27=K24&cdGusoxR=l{J)oHqj^!b z{_-JT``d2Y-TU*A_GMz@q02{%20kvjec}&kOC@$Nt;51Wl#G$hN$@wGP6E0=2uSMi zPZ>$*WBAL5gE%e~(3w*}ksizF%q_#RUeaI;$jWGVD$SIHKoc9`rdDgGSsnD5WN9Qy z@JJ9$)a^Kj&rTv^P&>>A7Ah|WE|d6GKOpTuPEk! zH`?Mw#l3{Z*iYBiHI^&?)&G@#;a}FZ8O-}_ zLWTYY*AQXML%4>IUu?W-wR>Oe;rv+daEz zQ!Bq(cG4&cxV>qoWN7#7j@xzH_RY;lxCZ3QSk)zs0Kvgq7?YI(DTPNDEQ7~36`QI` zKvQULX#EoT8hDxr{=9~d>_gfM6-a91%hgh8mb#3arPux zcQ)OW49j(v{V2%38&MFSo2VjD8Pnhz`cWkK_9NQCi=0O|apdZV@DI%skNun&&(dkDtAH07>eXjg2lXN6X55+z}v#6e;MkUfDGwRS%&N_w-X?aX% z!JwA77#Zsym^zq%PX{cdU}CGH@KIxmVv}OM~S&w?J%{3v-pZ~qtS+2TD5Bt!bil}84UKGZSQpK8$n8)=!rT6 zY|K*pHKt=peY^dd$#l3{l|OcO#78NQ-eTkWR5}!kvZ-3waJ3SglhCV#;UP7yb+V$o z=$e&FnzAS5orFu(-?CJ*Ql~B?Rw_PWuIzbN_H3Crj({NgT7J}-K;>zqr-!SNA`V*< z#XMI*6ERc13Cl{)jb^?@jw|^C;QkMzvHMChN~q5g)U}jSB_^+wyMj}TFdF5?ejO$( zIl!AM=YVk>h659!I|TSy+H<7PrZwFm)#@>3c~ke_YUs%CD|* zdtYokpA;`8gS=KMk1`37i#+OKeG2NZg!*_eg&hlI3ePlOSC$z?b`dJz(G~Dflm$Na zx$a_-`ET%?a#S?ZNaz}HtZria)Fa~W6iuiZ2Lk#+W z)fB|J%Gu9S^CA|)D0Sf=;L#?;>K+&|K+*{7BQJe*$(7sQK7}kyD37C%vrEN^bHMsa zeUh`F`e-UyIZJAS@^}tEu>nk?46)Q}m-cB?x#VA@S_lSMs#=*dEA_k($!Aq|6D~=> ze08&nda12QL6ks+`d4jQaSPns_4&289AJaIZY|>wL>`e^nG44Q2pWz)1b+bnE*#Mo78aV#r+MZ#3iSu@2Z zehsM>BPdgVr7&O#PhB{9^X{mpiFl(Z;@83!2 z=i-H=kVp^ede=4C*)%ar{(1J0YIl!nbxOI?2sj&tw`GQWtY)i}QAqt#XZj>1D{F_EcA^#E$8E*> zS@pC0{SPJnn7U)%9Y$$9J?NA1%(?&VboZ+Mzgt^7YyaPSdA@wf9XY|qad+j2+d8aM z?Ymzb#H&QsVU{F93zoMnmkLCRaroGfUwxK&KUz&ijMP2GD;8=qjizL31;%(UXY$-t zr{36rQ@uXxtA&$DD}?gyC6e0=G^!}62dII|BH&<<%7b0;C0Eb!=ISSCh2@{|5j7|No6lFG~QJ0{|O(!i)d_ diff --git a/assets/stackstate/stackstate-k8s-agent-1.0.78.tgz b/assets/stackstate/stackstate-k8s-agent-1.0.78.tgz deleted file mode 100644 index 4a54baec3a9065240136ec7095021e6519fa747c..0000000000000000000000000000000000000000 GIT binary patch literal 0 HcmV?d00001 literal 33976 zcmV*MKx4ljiwG0|00000|0w_~VMtOiV@ORlOnEsqVl!4SWK%V1T2nbTPgYhoO;>Dc zVQyr3R8em|NM&qo0POvJf7>?FC=Bnv)u+Itbe|?!iIU$_-P@kqaoomNli0^{vS&{> zmjjWIgqk8)0JNh`e0}!&hc^-=L6Lf~lXlJhZ7P$%%m5e+W`LOiKBz@gwMXO*jDgu2&=GEAZY`0mFaw!E$Hy?(duWP@IBg84KVc|Mu-WYKq+ zaoDrEOLZ0Y1$Y%Ha|)4=Oo+#>C#@?q zzacb`9X=zG=q?;hT3tX!4AE;i!Xf7KR@WNS)(ql^LmVM0tDzah;Q)}B{l8fuL0>vR z!>sNC21z@A%j$hf&34Nf3*=DHS)i|vs;$`+x-Xme;-d#A~qIxMsx_N z;8~Lr6Niw)6U6ucuqoW$+aLHlqn+;$w!a^bwu1iXV0Sw>`2PFRvz_nzd%ODw;~*IM zXnVZ1=Z_D@qy0S;>^|%7`v~pB?F0YW*0a_GMTjby+1~DN?{v4eyZyb3t^T0@{h;6X zcD~=)I@tYwYxi&ctwF!vewgQ#k8}QC!!SW?V+!En`MwN%Z zB)%)u3YJEmqQ)~gL1#%Aswzz2Ha~m7rzk)X$1r3dLMT9i)Z>JLC6yZ>s{@KAm~lE6 zh>8FQ;Mey~ghv+aZWsJ4KZkP=pfQe64z<7;Ct--AiGt5^m@G)Tc`+p)=Y>&}@4SSD z0^6DRL&Ak&2snk~G4@4|S~{GlozQRq+HJc5>Shi z1qz^w^(45~Bfue@AU>Qkj%EVZh5Q?w4z((e83<4ulDTBd$1!0Hi#|}ocK|{hB_E%( zY%l}RmT%jw77XQ#lVfNG3Wl0JJi|~D?-Ui-OpH^)kYa1|asb-DCvfgzB1UTpX@DXe zO>EfdOApE63IzDW2;eBdz8Wzy1~*g0r$`wqDWfxRgToMv5I~}RV(pgQkb(q|1DZq} z&lKZm4CxR@BtX*M8Ax7A|MXzO$q8;(I_40}Om)LckJObI7G2~Q#xBVP*S5+UU>OAuo!ixDujosa!~mp7h|a)Uv>ui5{gRAOi1@{;;X6d}c6i=oe zIJMt~=o*Cp1_2X7@=~mH9a&Dj)BApxsW6ZwgtT!VD{YM#!6f*XPbos+3e6e#APD==0Uv}w`~YASfDZxW@Iwa(?!x1_TpMtR zL_sDNB=sKqQid{cGsXT?N(M1VBP14Wt`w(m{sd^E0u+IS$t5inc#7;9jFl3bY6`!; zFLpvqF_A(kgp9or+J@A&)Jx!tw^ArsvqUdlrJ70+5kgb0XR0&JI*8~iJj0x+w?Hj} z<_`d7IKs1Jmc1y7TnW-ELh~dTPuKSRI1%K(R)2z{v$udEMiS~H5XuU&Ei;HCMSy4F z^W#LC_p|nTM9k2PC{4)Fq2DwoMO7Gp_SUohYn;(DgCE!FB~?4^CH3cuy|j8aX)3I4 z(uAzuO}l$mH;J_yF?P5a2D70p%V)Z7Whd?}--k|emg2ZdqB5rIZ-nXcq%OyMbv?HV z`#I@ZiVN$zZclZct-NcAmy>sv6;&iZtEcCSF|f=|sG#*ZWXNIEn<5!$_6BNZDLc$%fy2oFw4e0@6dZhy+RLDclQ29ZA@=8su!&M2mc=rxS=9kJ z8NVU?j3Sn`(k&wvl9XegI-L?4eKO-0quPQl$j;zW)Fq|9mL3#cOKl_wu+Y+ASh4G5 zj88>G3Z`Z7UZ>kzH3&m8c_no-txJYvG7(zGHKHTIWb=;NN)aEF7AMu$fz<6$2Lx!8 zOgaEZW6}XPkVYMVC?&K5e2O{tVc3yM5*d#TIgf!4bCHOBPXDW=@3 z<91G-Q}la+*h-BxRh`XEKQ5zFErG1qVi!KQ;uPX*6d}gWC>b>sySX}!`JOPzdAVZB z2Jy<1T3dxnqa8yWCKO#vDPmI+O8g&+FF&MH+*B5VXM{33iZupcXBBF2goWwx0)=os zL_UcExe@%q@xGoWN2LMS+FOOL7*R|Do1)yCdRlVDSEYg_z7Y2Lu`0f-r=?h90Jc`4 zhT|C`3AZ~X|EivneE9*`OQk0a@Uqh>U#WUN<;!hgLKP4%Iiu3r8=F!EdRCfKl~k=Y zsS1=eo>i69tT?R-bSycqDydm{Vio9FVrEs+Ql47!lS?bDAZ;maG_QxIP`p<4tSVV3 z*~t`98aGdmdDISk1YpP!jUdksek`3sANtgFd9Gb9)8|YT=oZ?twha{9a95zRU=qa( z$#fV<5bXuK+rf6Nf#krQx04q4&??qaGag*d9I5D_Wz3Qs{y&d((xkQGk9QxJT$)<;v7elDv+j*p;EI7^nH>T?bE@-`uh?y1n4S-jmSWbDMRW!(K(G; zMSYl&F;@~wZs{8$bF!^a#+#7WXeNJ3&47$~R|<7W&V+<8nt&;Sv7B@2z`G;AF&Ig$ zVU{osMhHMkk|+Sr_Wmkn)@nlGc*r4V&y(>O(INgf(z*@< z&>Yfau13jhgs7lY)DwCymkx+m2*m(L=9FWE_zgmlva(mrCrk^Ms~a=c7l!ro?&;z~2qptse)OIj0>} zV-j>M|Lu;{Kso?%-?L!=@OKGcfcQIyldT^G3^hjP3&4uZjGYxtva!07E|PDp3(>Yl zwEd&ADce5|T(x#|t(~k^R_q^;N>6ZgIw2{ON?7Ki%qfgmCOQHVAuyUdW<)20Dl`Z5 z5zgXJwuMWtHv_Q5vREWz zN+|xf(6Gap1evc{6PjM8RnJIpm{m0dR)JoFT8iROyK@V(fQr(MXg$v=9%U81bOYE0 zb`3gX5(JphM5ZGcCBXz$sMmQa&q(kht@d11Gc>wDu0bK=gu)4uj?s-caHuLAsS1Xw zJeW1;xt9C$kaOryXO-4So+P!W4-T_R9(c>NmpP6CxzQ!phchv~85ioNs+2aMgm;ZL zNdNa3`i=VYOlE0q1Z;zZ`60x!Rj50X6+Q4mmR4aQh#?h{7!eLa#O+}*qflxkFk!-ciso`?)r6B% zwW0?U)$2&OEU>svw5gJ*Ofvz*E2B;~g_~ecPX$r}vg+&5km{L@h{#H(RAjH#U$GnZ zgnGMFptum#oaWdQEGAP>o7UmmGA{BmE-n#5q z+u*6PQUo{v-}hUY9`hQ;i)l-Xc{BL&1?12i*O(|8C?gRCSNKy%p)a=z&EZV|IRr5! zF`|4fJ!CSC$`FSFVYe0x^sISPe6xrTy@o%=sw2xq}*BG+K!7Z4LFcjOgc%D&XD z4=R&edO{l;{|ND80QUO*y+v?UhKRGK(6i!-`O`l&rm`$pY9Cz4nfxwy8K5%+`(!MO zcL1J5gd&z6S|e)5V1p5oTUshOdo%|y0!efgk(&s>gimD*?85NuV%m%xX)A|!HFIm! zxGc9uC;p}ZU9Mm*C%_d$w<;YGTh1ts0_t^RHp+)33lVG}I-|;sd?DVA#bGRR7hg!h zS`im+xA2AdHV|7;<^H`8@0w8*PB-r&!iA1iu0YLtKdT&qrUCwLRCTfbu3(S?0qci; z)XvL02=Zt+Gw&>%V~M%B(ZG#Hv-1u@G#bv&4F_X1nW5T{K9UM;w+r5+u1ChiP90(j zZUlNOz-y(}xCA1aR_Sr)(zrI@beAWs+U2fHLcvF~?3|h96wACbStGy9M=sCIM=sw? zC2Df#MtM*3(wHsnP_DeGcdg6>4(KLbW^;ho_nIXpF_&JrRjRn+TTkcn8m74-Pt*&L=8F`_ zOu!0>Bm^cP2+P5)oLUqinPhIUk3jn8LeuH$nM|o9BVe*E0Jr&+LHy#jlTA!hWhSjr zufgO@vkcRw?XsAX8HYHmK(v$rw(T8wTixB!K1ADaTmkV8EU+30oKdi{_}$vc$=`a2 z4JGf^_uJKy*M(&TvAbPI`Le+_#e_VCx$rf|P-IkYYE8%>ZgN4$px#{!g(XTirp`5q zo=^$#tX0B#v2dNBNu+j@jnb$p0vyQ|D~5t!Wa3|;`Jq72P+CQDxif9dUo3lO-jsAC z&$Ov*l0H-E(yOJ;v~ew&JX4`vGI3@ht~^h`rcxU@krzh)&XZyO!O~IMol~8VvRvv< zcAk;nAh%k3$NS^Ceen|7HMhk}@a}C_+`@b(o8p!5?{-hT6779$iB}SEH#_2$=JWt9c_hIW4Pm;@M^^Owh>-U!X52{ zS0lXRZSZQuceM+i!>G5qa~t4Q(?sSJ_oql`h1upeYq*h{L%W%M+y)>U?j-Cl+{1O^ zS$8j?8PpZFZ!1n9Y;}F(2N0T9YEB?*626)Ph=SF&sm*Q+=0^9rZEJSz%?;;OOvO8# zT(`K@U+7f0-Kp|!Otpzo`Ps3W3hua3U-j0&Z`xZ?CJj)OT5lN+kPoT4ji^<=6J|lv zE%(7D4Q{nEJ4Ch1y3r2C_!lI{>M`RKN0TSu>C?0G(|0E?j=?`q-=2fRvlH;k@jt=K zR3eWJU!czr1~ZeE#P6;&=#- zUcDV&9G`eA=i!8TGBL=dlVYOx`0X zVGl#V;f~#o^H} z!;8aji?>9!G zwQ$tj|G87X|8swTckAK)zx#MTwE$>;t46v#0Bv)vrx^6EW&lDby@0|o?``+DzVG(G z@9FX#Ss4d*#oSe(Jsrm?c}Nu(YriP3bOZHHClP6jwM`YmJd~x1w;kIzA}cOc5Om5I zLCLRDLbNkF+A6lTZJ#y^q48eU)PBzxF@e5R*SvF6F5j1M%eP9br=>Fd_N#=3Mz4II z!gEk$L$u#nR4HkfrJlQWV6LcIXi%w9Z6WsC?{nWPh?L)C@#5Push#5Y7;=tiB#Qj^ zudw^?e)s$LkM)m#{j2-0e|hhpn)gq>ZRe`r=ApII6`}zlc|a}K@7uzlH64VO{oh*` zBd*L~Y6G`9`{?p3@<6_KRfLD#am~3y*Ih6y4qED*4Y5va+jV2z2Ho4+mZFgS(J7VsH>dGx4rhlhfVqLR|rvB7~n=YsdQ@_16 zaGc*$P@2vrkQV@L1kcLrkOIoyHGz=jHAn%ZubR}i0?JbW*}Fy%tZ?uQME0@?3_F%P zg<-vH0wWiQodU7nHi44HFsBgAn8nO9*ZBytMynUDy4^y!alWq$ zd1~}WD<6=4QD%w{kO2H;oF?u~HNW7BpAw7b6e z7x_~HzWW)=>_;rbGY?`gBN66=%Hwi*!kvs}n9B`%&-1?fe*g;+iow=)zYX5EazaDoPgWgwjuV+@;PfS z1IO}lQ{Yf^J+PF&0T^BkFAvX7E`K@xrydQtv-%Sy)+MuQk^cqF&(YYvQ$vBM?ZE>F-R0T&=~1Bx*#$T4a{1vuhtA?`&e|0tQ7A7| zsJ4T7Utb=-Ieh-=_(g-p+OFgktusL1p1&#qT+HYBV@QkJZP5CB_EHT~9p%nc90kG` zDX*qVEg=^34Uf;?og5usmYGx#c8)>>8S>iFGpdAc_c zmZ^{I=kzv&axJS+B{O^-RJ=L9_{Zt_FP9hRhes!GeqKVdRs_y0z;$+hdU1Mm`s(uJ z&G1YO))M$)N;vUJcoK=_R@$b`a2_2GhYh9gvNw<~Kzwxi=Hl?=&GEUKx0fexE{@ON z9afKavs+3QV|=4~bu%c_`$Zb`?*=fMsHVoFxuFHyEvARVS4LF3)G9*LHcdh@f}tb0 zs?1g8GIgtk(Sk2t4TXw#@>3ImFVOswj8KU9#jD{vMDe&J@N<|hhMUxW3TugDQk^G} zu;V;mrU@Jp{|a%TN;}#5{N!?Ydi2Zj#pT)I#mi;pZXFu;-e+N4r9Yx{GjlWK|M}h+m!S8XOv!&97`Lx zH$^byQ}a${7*wy)1c&8VmWImC;vhHObZ4l_DhOQBGa5%BE@c(y`M?-+gis1RSp{?{ z1V%$IMwqMuyAb7)^4AK?RuP9Kp}3;B?wj4}qPW)Qw+7)_>oDBHP^>jMt}g0oEtXpx zSykpaG1TelzJ{f8n?Bpx-fv|>UtTkvC0f;%!~k3zow;fYJJYIN;HzSFLDCK8(`GHS zoFYoWSOSthO7p;H5b4vjt!+o!)w$+tlIR4@>ndGl$x&Z@ikU1R>5@_8YO8ZSg^T8I zvMw|!C7}v=?;6q`O`@JpF_HgxqM#de3e6A~)B#NkT0a{gxKf(76K;q{J^OnlkZ8;* z0hn)^Z*TGKpLs6l&F!3goFOi~7@mlddiM6MAH;e5NYeHvh{TqR6lB?g$5fTdf} zHQX?vB#FxnGh5TWG3%)^)eKuT&2ot$(iyAt!G;wqrXAx+*L>`%+3uQ*v6^1;oGMaV zv|7NA3WYvPPYmcI(C)QC`?7s|ds(ctc!FAgG(Ht%`OGoqY!F}L5KVHi)HI0>*;|I_ z0Q6OKAW_`x!x)ZmDBV|$761cvczF2gRa?8A8rshZ;XmOJu{q;tX5z;r?IF`Gt)dE$KyW#&y9874|AYtsgjLwL=2Y$C^z!KR&G7V9{kiJhdN#f7q|0D6APhTIues%Kt6k<_5?__*$oOvq^R(W8I?D9_>nC!mM8Fa9f&^dmqL4sNE9 z1Hu620JHSUS`v8{VTe~Bts!1>vex8a?h*J00#kU60E{&0LAH2P^{CJ&(D6k z{I8RX%a@1eFOJ`+%kXa~<}&U}g7N^LVkQ~_ff_HJPZ5j~E@t2j0yj`y1C}t=TbOsm zYl)ptkwMG}n87Qg;7T-N)%OZ*UCI;^f2cd;&ozMj)QTZvH$kbR5chl5r-viVha=3j zjxdYKG5!=Mm=Di7Pu=^psG&VP3fcKU_8_wjuC)O!l9 z@oXU0OL^4@pU3EjndlaOiU#0mPYR0O)7J6F*ra5QtZcF}8Kc+I<+9Ucr?H_7jc!&{ z?Z+NT7;@h~T~pu;otkCjvk+a85B7KDPdpnY<1zjS+T9G85oC(kBZ_2}-4ur~bLQap z1crEwQ2<~Z%Vv13e;@^2mgfS8Xc7Y>ju-wNA!>sxuA+M5_x-C$yCBaF%>mW)6lzqY=bwYMb?QX4G}d>zetP zcCRT@S)ft>i*+bX5GC6(_@Vg_TXd$~qM+o@g;H8`Z0(7uft z!_-Vy^*hIm)+mdKbd4wz`X*$#9MP(jOy$yav}KicW!vnoSHItB)Ry-2H>o|XGSkRx zmS#k6NU$obAi_Ada)f!9^crqlSeq786wW+0?a7X4P*r!BtXsx!(u6rrCDX~Idh#%i zO=mh`=|NVYN>!|F3`;F5Lz%${PEgPt&GR%3b#{OEz~t^2R-v}Z%ufE(n7vfhu2SGx zTi`PQmvh7us%{-H_tq(YyoU0n;KSE-MLwymetWOFa0rkC;_y>|VOVr{%n+q& zO%eFwT9wMmIf?>Ah1RLI+T~_js**uqj6<*WmdQ&3YgbzyhZ2-WCFnMI3gCf`?w2~?=~_^nqo2+Pm2MlnklW7S zM9z+sN%igNZ{)p{NHiJB-By*9U+A>yCPF=hnX{+@%Q6;`pTyttMokx|$P!zf>Tlam zR^%fGS=j{o)_N}t9Z6sI)r|Szhr;-qbej5QwT#f`YR+YZyS=%%bFE&3A%;t=8p zKuY0UnCgnzSqJ!J7DJ9lAyTJgP#Bw-3rkhm9!%N%8C&O?`h&2X1<&N(K3-M=F8{C%I{BxYYHRyQeC<=zf|c&AbK8s%nO!n-yi2#fGUFe4is!K)=>_txs)P5~gH; z{2Kf?A{;zMvzX6w7&N&>CK(i`pH0+fkVN?R{F#QZ#wt&t-BMndW-?ps%@pw|Qn#jM z_Fg{cwmvj57i(i?-RbLrlQCeV1E><(-*K9t@6^hqUqysZg;;*9E(*p>9UMII>V>i+ z*L#M#4ZdwIM{6LhU>W6x2rIvX1-Zx_^-~6cQ2-vJ-zA7_(vFQbnSP3u?uoc>-&w5o z%VmY2myO}2GADz!Ty5Nmf8A>7avDKqIxXMFjZgVp9b8j+QSZWplgqEDi}OkkjD^}m zG2{pkrgpW;Y_4|a2+MUWL$hl{kHqpy5orJSmbbOr?YDtV2ppJB#9R^ zw*^3{wF?_(Wl&~`ynu)eT3rj3yvk6))Em2p>ekj}`YbXRI+RPx*AM6Z50CXMCI53< zZOw7i$p8L+@&3o{?VbID2l;;=kEN$AS_2wx@7n7`wi?KCuVMU$SOgS(WgoYimV?GF zX#?g3Cje^ve-5_${o?%JJ9zN_xtC{o{SU@5%T&GW zw)fR$cN2Bx-emxb)y)*l+zzjNR3Z1LuQVmvVY4yFs`86{4XSD_?;!!w3$F4(;MRDX z0!Bm3#ZcG<(<}d#*JsY^sgu{zxn<$pChO+?iU_u9hi&n2 zL}xgXO!YH`K03>1QrzC{yF#2m7O7&5roH`ZxmV@lr#6)brqol_8DGjpvuk8>WK|`0 zDFY~_aIqMoY0t~~kiQGaJcT=f%#*(x$UJv_N08mP91BR2OkSEi2b8nZsK*hgr=F^C zJ@u>`w5J|t)|x!s)!Aff=yzq7vA$I0mnrvJHQG(&n#tpHWt_<&ter%Kh{HViVxEd7 zpsP|&lsl??zfHcctP3s5l@}$2sU)*OY8dq_I=3k#h^ZrOahjMCsrAWX>JXMv##lI( zpSYWvy7lQ~vYs!=sG8I=RpZ?-!Au!PU7DF3LMz#fgW5$`*;LV;v&kD=X;VhK@Vc5j z^}1*5D{IQ|$~V>Ifn@j9l=4KG5auc5?Kh7re}DSTmB-&a3-kHsq+Fx>BFs~l$G;l# zg1r4{gDUg)SA%ut>rYu=QQrP)m{ocD&9fk1e>G57etz?~E^_$djM4CBhgCSE`IQdK zu||`-9G2#dhL<=j$s7%CZ?K1x(|LM;%{vR<30?cS4 z(`1d3V1k-Cg4Fr{ZtWfv{eSni9{j)VsVM^sZ*$>Z7v{MN4UP1=iu{4=CRg2bMpCiFSdr>arZd>b@M-;JthkPTgC&pX8!MO9~AY!o$al?hxvaWkBr9_)8ZVl z1rfAisP7TUX3)94%eQ)fm|Jcvd0=%90wU*LLX!~Xg17XY!!m*^x6j!H=o&?wsgQ9J zAoVLIf%>6E2(vOn=+W>}*~sjWbM>a?uI>8Kd#%IEHRQCV>iV%t1SxT;ORNRLys4{; zq97(X;%U|NMP1EU@EGGL;%a}w4nWR9Q#pH8-_KdA(oRla)sAhU`Er1*cdLyMih|6#PI2LA zLJ?!AqMy-6jv{Gxx77=My%dfnTF^SAPzrN3+H5}ZDT#g~Ba1iWUrt&_0$eRqq!5iL z(SO$sie1N5ewl^}=^U9g?d|z1(*k|^{BPaYCZS`y48G8MS)6e~;RIEUOR+&p&_K?i zKehN=fGT~e=U9o_520Zt1t|Z%vdgkgv$`$oI9FrUeobv79ovW&d9JUUB(jz~EffTL zpG2IB)stETy1#FdM3`{Gd>G?-G19>rjMl>yGH7dB|Ejr-rAD$ zf3*YSFzrRzA|K9IE-2Z1gdpa8mt?Xbh#+Pd6MdlhCfX@;rjxfJe zY&_5})M1$AdZG7AboJ`MDCfS)@wKhCOGgdy=F*28O$fz^4XWWu9}R`p%POR)WNq)b zzCuxGF()wz$z;B2n=y$lvA%0|QNtyn2AS0n=AK%+{h404R7Ympiwl~+#I~2rAg_15 z@}X(stI8&KsZ-}&`h=ofALinp^Fpzlc`qLmzMqlmzGkW}S)s!{uR(gmKVmYHhv(j( zrPluy6TsBuf7$QvZWqsg`rF$N>;HW`o6PL;g|z_VR^v`|Vv9^&;z%gi3elQwH;&lj zFY9-cKeD#l{vVRO$f6t*i;|KoksU;CB4my&YEMD?_ACbf>STCv{AOLa8%PK96=j3Dqud@jJ$U)# z9!ICIUL7ChG8Mf(zBoTQs>`d<+#PEb8ZJ&=AD_N;=9^iHh6@#*y&4UtXQ!`Df38i~ zQ%{86RII0>NxGaxJaz{nt9m^|67->;zxLuQ??Ftg4>?ut9h zU6J1#{5q0Xgk-{UsO)qV*O2x?GAZSfaKKqEGegtMm$KtkFX*M0Ipv_H2^^|VW$%^T z^tf_af^&zePJVV~nOOT=@_xET9enzPqGlaabyC{AW1ND1smtH&ip!piuGgzyeddz; zO8H^;^PT7Xu#w$M(hnQq{bl{A6#kA}A4@Q>Gj~VxgS;<&LizCA<+IfJ|B4AfYV&{e zi}ye69_&2$|J}>;2hZ&BmHQdrVWy9-%H`lobMeEo>a&#mUpDYxKlS-Pit!&?`~8Rb z|9g49O#J_UMBsleAl`}<^(lfJ<)Tt!8O$brC2=4=-rM*uJ^z=w`B^=+@n2iT_>Y~f zorn9M@8wxx;{FE)e*GaLzE&FlrRKjmkz7&*sI~vLO85V6KivO$KhL7fUMu>2e>FM1 zoTgZsXujYznHf^*W`R$ia8%*>YNmlGXecS?o6nBz8v(OU`5hkVOWJ~~Sb`6B;D6$? ziu_+T0c4&2x3|Ar)c^MPw;tsGeLO2?cD#dN^!r~FYC>iH_~{*MpPKm}k_lTc`D2s) zpRMBl&-U)Y!~DOOr*QTz#(QD**G(jMENPG#m)(mDu+Ta7a{zb*eo00sL>%}eijdFo zHRkimeV#0X56&)v@d zgTaKKX{1$zn5p(`M+|G zpf5MM4Q(+cGY)Ym`PU?N5lc2oJ>{mH$Csf@`g^IifxhoQ>+6pb8vFT={g(XXhZtF2 zyj_q`l|6^Yp(~s&p`nVc6-4%~p0WQ0V|;mq=0AM<$qM1LQV4zIh(<8HEJmn{25@$% zm*&f;7!%z%lxv9)2>J5TG_iRUg2R82hb)(vNIf``zTW7PUE%oh8c{r+FCFWZF><-g z?QN^2clsF4`S6W#h*T%`_$=M@$0QR;!@yJ_$iKCSPE~$P*ka#BG1yFzPf;e{l~~ z6ng|NrU+bK#*j}hF9BwNqTdrtQ2<7BdB>y?W?J~ze4@yoNimp43J7bY_w?JX-cvC( za&Z+gq>vLj0KHB2_S#)zT5omA3rb=D!w^t3gE+#`M6Vm(+s6c&nUZY~ca#ABmCxw8{uF35BF@{mlMbY&Sh1jmFjIcm{kgY~%iYSzF;d3oBo#60bsp1pGX za)ki@(vivwVwIiI%7qe@fsU>zucyZXB=(e99@90XAs#8aITJ#4ZNj6Ts?w{hZ3}tQ9ST|%l)7G&W`^}XVnQ=)UqL|VlrY7Jc`4$aZjE`o9_m7d zZ!&9_jzzUt??22kzn`bM{lDt%zfJriWqqJ?8ea(){1F|JPR8|EvFS|J%Jh_vPF51;xPK`gU2EHtE}y>#s&PxvlmrG5_z% z|Es@uP>TQS?>)r--OE$Z|HXJ$CQsXlAJ~@@1d6tD&bWnb{ zVE^CC)9rRQc)q{%s&&sIU^D0YxmLPMf3frZOql%#p6?eW`5m6`mw4dMe!idUTfOz~ z!SxROzu1jQ`RhDQ0o60k+dHjl70Qz7l9&=7u|*e^R3O(C8xfIfU=T6m0icbRpD<eyJd?A zNsm&m)J|jpe*SGEK+%{LfMjnP0nmrKVyz6}e7gWleJy-k2$v?2ff*ql6{%C7>@T%c z3Wz=xYcR#c6J1{%mfV0eg=mI9uzotBr(c^RVRP1#%?x`18YPngNH%9(^|@<*ZbY~0 zKo_CvOJgFNO$u3`62Ckd#G(~o+Jtt*{X%8Lm#Eu|A!9c|5x@Pib~MJU=T9g};^OGa zm#l8-tIQ|gFcr7c`JtgP1@cm6WA%v zNcnM6A+AmLXS4Gao?&jRvl))?ESY(JoD|j48JZC~Uk|K;k%v5kA2-|v`0-BKpuxJ@ zAV!OlFhoI`=ym{pZToT3?tr$c(SGl&pvV}2bM$+H7-xr3pwKR0hMe_xNBod8O*hUK zPUv^c9eJFaW)dg#d*l_hTW8A`_2xAR&;YcBNNum1SE~8?&wPJ{+~0p`u>S8HY!}x5 z{{G&?cC_GYek1A; zkRm}U@Zjv^1sD?w0x}Vt$pSzqp5O=sh^sW@8JKL}DhEPl`BXqy0D6E^p&|67uOGk> zhgTLUXEG(IMcQ54vBYz)A!@6G$S5rbni zoHL(?(s@AEv2+#_J0h=NWK%rm+9@MIW0-{eFet!|k}zzInesr;q?{+wAv=ubLOq(t zXaHU(jLVm;iS~~A^?mBxnG04qA`#;hO1GvvItVg*f|~ZlHwBtt_!pGKj)oW7o84wu zZu&WlCSt7KG9<(5Kd{)p*xE=- zA49%RX7L#%W6_s#pji^fq0ABh!z`11fkZ)!U0s6hJ zZ2J{~!E+eG$VarTJJNbJl$M8F(U?jH z`g37gbX{zTROf{~(T6pn}%|2v5P+AHP%+u7QFi2t~kXLGS#fBa?OPo3zy;;EVc zslnL|$z+0~NmnV-n>_#7>i0|jp9cpI@gMi{6!w3_cn`&Rzf!~P$@SFuh%E>PmDbhT z7X=i!EH6k(ytoMoq7=2$82+B1G*hTBdsF(`FveGC-Ugq+Xnz+)zMb0Aoi~#rAK`06 z4`cib(tE}7q?*vcl{K?az6z1KNwor)mFyGN0Lq7+{xKxg!*dr;jr@<3FkD6C=bjq* zzq7qv+W+6#ez5=V<&pP)>TP6`9?QN5R7;0bW~0O-3#I;Ga=Ru&TdxjQoLk{SJY@5dEd^_ zIV2;P3y{of3lbDvgcySpBw)rAM|=$0e`SNevbGz1Mv(h+iY1l%%?TIewDVM@ zmDTPg@lWy~6(A z)`58Sp#R;&bEoF~{cQv~%=qS}xs_3LBi4Bpyp;@es|k+VJj5z-L9S4gVNP#2O!&0R z#kaaEK{6oC+E#&q!YDWl<0*WT%)rielg4R#;0g&-KxSTb7y;-br|>ws_E@?JCDlGr z&BSf#$~7pz^kn-AAE*5HrYM}@Nkk~x1dh7%pZ$Kp|9@+5=i&bU`*|LLGsroj5d)k6 zHRdW|@+iS!fTIbBp??J@h(~^9ArRA4#n9tu(vdgIaD0tq;EnYj zMnUTlh|ok`!t*$$XpBFiKpo2b|DJf@Gz#Z{M6#wJ3B-tk5J$*sc`t^SLry4aJpxB$ zHX{*ucQgb6rmW>nFz?BK75Oc1^l#de|C$%mNl*M^{$$rtF9S4!{#6poyMI{gsmE^O z)>Cf;uUbz%K8ssV|EKi`yn_^zgn^S6$E@YWl>CN#-tusOU{95!dloH{jvrgCM~|d$ zJf_lDk+oW%!FiUP|1)@_?laR$Eco2|+_j$1x&Me?t0 zlWr;hK%*%kSC7S)?o@v2V*Tw2_ze19-+Kl=+oT3SsW7e9NdyQD5EasuCDMyj=*V-R zWdYzqqRRg3fH_IP)2Fk9@uyEgOvyD4lw0bUgdw>R!uT3e3`a7tVe2XQP*N#B6yDm` zz7@YEH2lzNT}*`l*FY%0z@>18IHJ{c#i$}7)l5Qt-2g$9AW^3tP^_VN?Rk2d~In_gS{5rOG?ewSS3T#X`|#m|W+KsS6a_XP zaWMceWCT#_GoL~(*@htwpt`(3PFUACrh5Jd51fnvmLMa-4XXv66vPb|u1su;1fDuUI355X?C}Kp%gw9alDQ+`^FF-zhD%$k) zsm)H351?$4v@XC6Nx}e(&>w^iO8s4eA)9qCykz+2Gf?*C#XJ_`@`c*Lm%o@#vGhPs zg=bl6c5_0t^%*#GwFvu*kPv(ZAEcxH2k;pj3P}-QUuk`0EQAN2BC5rJ$(xdL91?t$ za$Jf6Kn|!1M+XMKxvE9);eQ6Y8$W{&?cWnP_b_P-5(Lkw95rcKPC&wtCqb#iK!wyA zp8=7{90jmXx3VGT6GNQiXrjVPViEwz7@kCO%eo9Oo;iAl(?oWTimC-Y5MU;MiB6FN z2oBF)gBb~u&_Sj8eE}y&kOnw{p`zGoKB4{;F)lCmlYLNzA$MH!?QEOK_4eS`_qPkG zWijxdWlCF7``7ofm(<^6tl=^<#%i6Q2!Sg!XW)ZeR65{;uo6DV=!p*ji!NCfHXN&sdY-#?_bG@SY@cT_9QMxnN`uncCM@vqTJV2QE27X(Q{i8N%8xtc*F`o5?*SHYD)g= z5;(}@6}m=YVFJGS=~ObS_J&gdRuZV5^?K4Pk*x!l5G%uvRJ7v-g}!^eY_K9|7}DWh z5L2}}JB1-qi>uU)0XNP6EUX#s_GYt zV1SpGBKc}nVx$0kbvcp(s$$gwrnM!>vItj_CCegNU79S5X*GG$081QVAF=}BZ<5&v zQNdPK^FwYF_){c!*a20i7w|%rqQH-n{B+#y_h)iSzE*h(Obwtb)PvLs4suZU`~BD0 ztw(0{sZL=~CThEarnE*As4lwpwzjM2vg6ksW{Fdp*!#0$jO4CYDHM8)CyB~^XD%2N zT#>IEfm7p2U8bx$+Q4CTSYHkEX#hY&NZ%JUQOQjud5qeF_BoM;{#%*NqJ3*@w6v0G&F4Awc>z(SkP1=AqM4yDAN?af#RpcJ(YZcvW5C5Ss>0C^3{E<^=N1=$( z(LlkNl38|biL|7|*dq^EfVd>Dxl ziAm7W7OY_Hj*O@30K|PyRtDhj5~8U4cMd08KZ?qV1I!nI6-Albm!d*8NLSKD@-50? z*wz@ff6P-Y-rMDNbh#Z-?h*J0q{2uaC?i0koh6K`V@dgvQy8%^p)(~Y0umuGnmfk7 z10KoQjy}R!97+mpZ;GBd{TLyi%n*~`FSGBL`g=X^s7^Y**8X%WFfUSdmtk0i)J)Ko zu&y#s6xuXvQkJ*75e*qIv0A4$Q8W+~CA^eGzmd@@SSgAAi;PylnO>-{0@gHR-70v~ z`Me6^tn%`h)621z$9rt5%A<=6kWfK%jX>~ZWDAiS5`D*o98(-i%$;8Vnh;m<@=R*o zQ^=KK6-@xqA|p&-Wt2L5R3LwaiQ^!jT$`vSX)cE~h8t914S0d|9`-8))e&olb%PGn&X#vQZLD zR+8CgBzTcRd9I)=Pm9@DSc!ylRe7~_Lt_@-)BJ_22)OeM&QS(u6?)XK-xI>&N_43D z|6A5y9=~!&T>-JaaAO6GV(N{PaJ9i7>e{P~KI4SK36dMUt4zb8s(+;FFOOf%egi{18Wh+!~hxERz{vNuhC}HVmz8zrKCirS}uTV;ljdHWi;JcN#J> zr=&Q_%n@k=7HsLmvy;ZukeGx-Zo{mg&~sC}Mx%EeB&TWG+JjH+8T|MHayZ2QM(shA zgyC(ctxOd0Rhak_LNOA5-QIR`htQq2Awm{S={SivqSr8N55Di;S|`z(V!1~@VN($GBi3D!)#e13m)_O{~iejz~D zDfzSX^nRgJfE#Z0ss4eB(!!B`4a~)7`ZewXHf)p8G$zy-RRxdOr6c>-8&C1vDIJONI|(hH!YBLi8A6;az20F014YE(V~qqz(Kh^``X z69Ik8K6lNByLA(=F>S_Az=XG-W_C_-%}YPYQ&?R-l@wD*HK<~6Gl^yVwfk^beninV zrbJScg#pQ^O&N@&4u!L&v?6-C3WfgM7zwz>5J2!jZDxJQ_57mjO=bK)%hJ+SdW<6k z?37S)AQBZ8qVA=2V;H7;arvP&?|V6@mfKF*yigGWIW#dPALm{|L#K{IJ}Op}F-{bY zg)Pd7rRmt98qGSb&+w3e>#U%(^ZgKup)p}>&PcTeeoulKZ&YdRz4V*jClgSCigL5w zG8`ZuQXqRmVh_n=lQ9z+xFu}ft7p>7NmRDC`ttDZ%IGa(XkhWil*~B9VRP%Yh@@oN zZhHsbR(E%_579OpH#2ZEpc^m>GGHrO1StSZc4a{8HKwhdCN7T)Ai9*0t?zS=g|6D` zx;rj}>7*&|gqhX9Gc_XhP{>pW3+tEBA2I?qv!rM63K!<*RT7%hMbxJD+X!Am912m? z9&Gjdx1AczMPYC#FvgoBw~8*KXjCW}jyt2*5z-d8<-^+2%B9e@g%?gX@!hp9p-lT! z04;?bSa-QDA3_(Bn+~ww0z$zQPo^F?wcn~u8W;p}ak>;k(~;%Wy8yE|g!9W(Jj)VA z@|s8IRo_qh$KQls=A!QM3^^I+gG|khO)@b_K#&T4&RhX?T1&}7N9QNq(+)^)^$Nsb zzmU1=Ix+!DI0sPQ1#ZJF@mb|v$~k(4YT&osW2z%$^_`U{x^~UsAizS}!LUMuH`7AR zh^$L$u-%pNREzS?;}vTuSo0KN0sIZ0DKy5k*%OAwXz%2_p)vN2ojx?ixY@Ia#%MQp zGO-Ay>zqQLp9}p(XXXdjh>pZ`n|G82D@`=HFiMwAeQQt$$eZsw(&eE8ZXk_108vV4 z2ly1ryQ5{|C_u(z@JI-BA+Z_a9WWN=_6Yh{(kVX8M?uCQPibwFYQhf}M+_~BKkR}4 z#T2O!h8iL^e$>$%*M<*1nj^lOW02Zq5_0Y2lWXouy z4*bqkGkWz~640{RZLa$ow6T%8>!7Tp^+L24>~06!Ijy&9Fq`PWIi!CoeInN~@rUvq zJ=b>`JLaj0CPryiq@J)3r8NjJlkyi3QMWLSn%i+Xq8jX`ZttxqpBE!?is}B60C)QgbdhTMgDD!s&|B zUxE`hK}#i1>^0+w4brgq1g-&h)X?&kWG5*RrjG*iClA(hvioEfX~|9we@Cv& zsfSvlYjM{*S60L8I9;}IU*TA^Aw>M*)$kpncsy^As%B0Sa08VWrT`%$a6(ZgWWtD0 z=gqFA`tI`LWJor1Vx7VJ+D@!%ZjW{O2j~R8ssEYw2$5>85LM>RR|!8SsO4s-3A2%z zBO;}RS-V?1{nAOfIpj;tJAFi$R#x#@*u?K-;W=It8jLw+DA<11m;zmO4g6-w$=bi& z47;hg3~oloTp3w%8TBUQHJZtvdHJ-n+kcIpOW`ymW8RfZq#Wl731Kt=Qv_ovL)Fae zs5k)_No!wbYZ)N`DM_LLJlp%Lpm{Y*w?QL>)pj}(a!XCq=gD}CsE!!aox0oa_xoBL zFaUwppfb;c)KOge(h&=skRDeE#iD1m>M%n52BAoIJxwCk(brck<#G{PXnfIXFB!0lyso6TCb= zKYsdD{&|Jw+V4O}VH1pL#X(v+SU4Xn){!&_qY4S`=1W>AMSs?m*>+bU~YQ^ZRI(roWI-VTIbUDAiFU@7g}%+jHAB( ztm=Mfxll~?l`*eyWUdl)6{FV0FhixknbHq;u{_+x@^BZ+!(A+2&0Q=mK`8ktFSzbo z{=3(Ic}uG>;5TvwT;2V@d!_r|_I7vnAJ+f-crFN-!7E|UMCb-kbv>`r)G-6o^cJ{| zUIr%HXFK{3Z#UA1*4bFgy6xJ-_kg_%gVY8~I#0VBv% z0${aWah=5_JieLY5P=&}#R$t8;WCS3Oi9p@Rc1sg`ZuWfS-fIXDZjXAGoKQs^0+=x z)LNI*g-~5iC+EktyqqpT*Cb{=IYqh}H0^bJqmYbxs-ZpYfyUfN_OoV8cMnCPCn zLUT4~0r0e#5+RodMU)U_es!lgdG7*{uh_)T`F)DTb%~1;NzMagF*3K8$@^9pJWpn^ z>LRT%+7T?RE_jWoj;)?iX*f@@>e4tFh1gHob(C0BVG}R&lwWHcXiOSYA!V{*d;gQ~tv^?otGU8QRDKP$&O) z5B7`le{c8U{?B`P9z6ml5vL?bq!!X@*}F4xKad27M&K|`lQx12N)loAObOvKdM65i z-ZULy8A!!Qn5cBxNS}|S9;GnG0YKLzl$mx>G{F%HvYLe%OAwRS%Ew6FEiX+& zxpb)B(K>VSB2*cF)(tT8i4bH$HK)Qp!xZJ5B5?#}I7+x!4!qT1&2VFZ3puzwZKflsKsgjx_hH^T==u3^wv zO3d`5Xqf1ZDS{!N3fg36_#sJxZltcX#)l?=ltRnI4`K!j{y*+=W zPet-8q0ZsBKArZ4Mis$k1Mdx-p~jR~)CUuMjUwkhp%T`<>wqZTG!!d}v>auhOH0{nr?7Mnq!;d%=wFZw$V(Wa={%@tk*EXS z>Viu(%Rn~=(Q*oyY(fi~=q=ZX7&3N4Xi(dTGhMLI2gSRdn=Eg#OEbvp{#@g>E3D# zrmSs_Nw?jfm3eiQNVGy5bnwKQ&CsqPjas4{uUBhJ=HcTQ3h4r~R0Bk<%t@(!3=UQv zgj{TldkB^%U-$YFEl}Z-O~i#O{4ggfwBxdlO|$3Z@^S%XsmgNjN)ka#?7ToI;di&p z6IDrcv&I?=H7^1<0ZK zx)uQk&uxAkXb_Hex66TRCgh~iUQ=PzEZXfp7KXYusTjMpT6O13M13399hm!DEb7{# z;x-F1#&vIjYiY>&rfgto$iZtMC`q#B?D#Liw2Hg45 zQAe&!3BM$@_pnOTk^RiIN|e(4x|WDnWU@KaAp_Q6amZtK6W&x{Ww5?3X;tjqwM122 zV%)oxQ>C%3-5Y6;boV|a)I!3y`p&J8#W|7hNH#4dbjK-~YEv!WsaRS}u}tgyCpfm< z*yB9^<%sc~USQ;#%XB0!#W!z4mcdbT{=2oiQ#k+K-rm{WdpQ5Sk0*xymCV_M7;m-k zOx}d@xb;n&q6zvKw_D$|)huMq)D1 z4QYCsc%FoafgixH?-iM!THolqCI2=-yc1%^J2#N~({`uzOHFFdg<|o&qvEF9oz|@)m&7Vbnv2}*Drq;CSxh3)AP#xLYDuxbfL;$wkd9WM z2nO@C-$XZ=OVphm;=E_NNy&xA(mGK+DD9)I}n z$B+Nl+25ra_v62A{`REz%Yd}@93vj770qgUB)jFu{$2F%NMh>k#^Ckl6pt=4cm+By3<(y9EUV*EtVt8#P?esK4f_Y;nSp@cC^MzZYV zLcu4kZxprO8^Yh<@GXK`gsV$H5MP zULN06a7H>Ha)j_$egENy+)|YevHII8WT~!I2&YD&BYfqLF30VDkF)4 z4roi@f4v4%sKUrb2u12+yOX0pjQ=e_AwxNUKZ&+EA?k<;1r)?O%ccXU;3Oj&E)e5~ zVVE-aAw~K^hn$3vlba+wPPphvd!_fzQ4}Eh5{0u19XBPYYdf>PcR*VOQ}tx}CK!5i zI1AfPBxmaBRfPWr-TYGC))hDuL4uQX=jdAi)(hrg|nJlyoSdUkt?aJZny+gHCe1pHs#JTRE2oy&mMDbmSy>BADl!UQe)? zHrF};T_ZZ@Q+f9n(|bBW2QUJ32y3cV$=SyYt7dEpAOklj3{(1TJuIU?ubtJ?ZBQphuA)3JOol%-nOR}wuP|=WBn}2O%hJtp0Lc~$~Hsey?;s=XKUF6sb zZ(i%MfOwYn(@crYG;+H~>;@_jo%D!J68l$X>m*ZnEni7o0`Fg0+KP6rm0qUSbqc!o zlbkwibLdcQ0GtuZ)m5)wh9`A1WPIkO-jukE3FVjOKwv|{TqC+v+kPg2Urx5_E~yZS zg?s$pw_4xGJ*B}9zzN$M#>n?X|FU2E@6$PQ{CfhWl_o0dk!#yqlGdt`FDpQG0FL<1 z_Ty*${<9}l1uxQ@dA*Z}zk{Kv^?kqp{gWrH`wzzd0#EJ!uQ1bA+4QxZn)uJ1o$W&W z=XSq;@UZ`TFHhzEueH@{Z|F{F63JZPT}*l$Q7Ys4dnzHg+N*6h+yY)}4>%RjLcl(U z4Esvn-miHnm9aBOnTn*$M6bLinNJa>DjJc+L`6dKd8{wRux|F130M*;k9xCg;;nC% zl-~Bbr58*gIJ2Cl<<1d*9YKaNRYLC&ek1pD3Oj_~SWvTI;DWiH-^d*HpM-=?(y%#+!1dZ3$n&NF|DG1$05X4O9H85mKnU!IvmUs>r zNgN{ze8`YV^rIn)3dhL}VtlI`QxbSSAz{}ivlvEmF*B9{gfyVD^V1g_0pz0SbpcR7 zba-+A*;Hr0HQj|(N`@H@f)LdK78D9Q#}Ft(hmS$_1I#WF}HW!@9 zz4Ih`Y~E?*Ld=}<{P;$T4|$D90~vA}bM{y&w>;BVj1-aY|NjDlcPfn|rZ;o{KlZ-7 zyKNlV_wUC~QA4LsmSa+jw?y~)&Nz-|;@gRnV<+8jPP&f+k&uKjMKT0wM-%&f_IFSK zNN~|+E6y_FABju?g{@F109C(|z*2u_0p&eIp>L8oH zO8D4Q91rbY-Y2dxsTFZmh&(H1gCeP(>Sg_19;eeJk!rMYxL7}Q*QuKJLb|J`Rk{Z+ z%0WA0k_rvQF4T9m!~E8(>W}kG*Z-P!9v6IkE@PgaXNly<1m+J zm!2C$9tnC++fUmqg==AHfDMmPq}W_axh~(jqkht7`S~A4_q*t^JA4p0ur{Q=3+=v!Ww4$A@RM9UmT@ zpB%hCDyyj9dS2ewvz+`7quXo&=kNczRsBySU(5e{cz%TapR~LC);;xeKFiJj={L`_ z%9uC*+j~|2kDZ-Pdp-Z}n6wcDL*PU+eY%UY`2KMuT2R5m4yxdTlnq4jW)Gv^rimHJKUo#%WCA%KO|I zsrl&UC;k}dBpI(#L+!ggZn$}kD};8OysNLCqNqHlY1Qbvc)Nv!;2PR?j~5Xhr(DNv0R4$%b- z)i?ZYS;jE|@3o9W!rorH-EOH+pUHYYf77RN{%fPlhNZuCh@s1tk_L0;f2Y%~;XiC| zt@r=;@{pMQCW9~a;IeCxIL`lUyKT2)m0(vMzRUxH;a!DPmo*Y~6TbjwKJ`el30EWL zjqrwMOj72NAedM}Nfzlie0CIAj>CLuJ&WO{(}WBL%!6Sh3rV7EI4VKSt0?(g(zif5 zgdpHu7)CNs2YhVQVhuAh7PaK-o<4TOAe)?~E~x(0xfEpFI2>9RbaE9XKJQr$ z6vwQVW5gG*#)N4oNs)|>2@84<#r$vOvMnvp&+^ysDvPrqu_eDYw(HX5k*8}B z{^LGN%YUgBF0}y6mj9j3?oLhq@3q(QU+(4E(DDu(2c(O>KJt^6+nE%hYAa}!FNmxS z@M%9A7MbPWLlzEIs1O7q4X6;x@?VmqY(Rv}CketJ1nfeV6(>}bfoCBo*Bg8yki0%9 zv1C{Vp`C7&LNw?o7@}VP!1uwV44qew=ON=rsi-C{9Fh?FRA=yM2>nTMMQ%X#>c}JL zaH}FI0<0)kfl zM-w$gOsDCYChLu2)4`JLhGIp}No*YKEBUJwIgYM$Y;nujrV2)g-IcXFHd|tV$<%+4rEX5cdx9hg+D_D7D@#0J(^p5T7 zQenXMR#(0GxvUL+*@BCcVjXoABb7f?r2ACI@Ke$EklTPX$ROkLCMWI=2n(`=7JdIR zy2@jsk7!;Ak?ybXoO0BPRp_zfVHhQJ6Z+I6;_np0Bx01{e!}QLM_w1IbjXCB$o_4F zxWOYLL7c0c{VY{s2&8-sqtu0ifJd7UXQ>jhvUpJ+jPaV6jLT>e1rP@$q@rW8Q2JSO zc8SbdYHLr`-ZCz-if%~*?v5jAqKnAF;zt zy`y!E$!a}Ixr9_^!?2w5O&Cn%XD0iK)3iRyX=Dtd*7=INO52{(swB-DG_7{EHr=IW zNjkq$7j&X4C4PRj%HW->s*Gs;YstXPj9?^iG0bzK>!|)(RW-}AO&eff8B@EiUb$ac z=vOLu!7zNv^jdC8AP0q^g)`1R#=KGvDDP_ZYDH}l7421NFWATvZJDE6nw#q6^G%nk zJArY)xCOXxM_Cro0mfQSCmOCVkE5N?fD%q0@)F^%KFoQu^6{3^xS28KH}onuyP+Hy zNAJ`MZJ#X#-z2F+PjGu1lc8n#r}s;_YVxAggMs*nzN>s+27aW{=;9|h03 z|J&QG`G4-T+iU;tdwITmar8-`-FQhx;#eX^fOB(Wefa|Jshr@5n*ldBPU8)cpi6}` zy}7ZhxrL}%;Al*+doOVCY55}EYC=QJLQ~i&stD0Bv$6SUj;LCxHMeM)x~xs2V4<-sm7N31iQKpARvcsEc~KUo%a_l| zt(q*I|7MqFq+GHLdAbk|)i_HUS%TZGTTCBE^GoSY{Fakyp{6(1;!a(Wx8e59U$W#l z3xcLu3oP`4%%3k(T~Q%}O11pf6QOLSg*sZ&#DIX$1_PRiO?R$rZHjFp;}A!jGrY#b z<1187Hs!?Eaihu_o1w2gX{mXxn{O&!uA%q1d7haPXqFawomZz(m@YXaoT)FevIjAH^OhxIU7U;?l^#I0Zy~Hh;ZwU2@7pKwI6t8t`sBbGcN_Z!mf7S*-c0GH#f>& zDPM&0l4ZyAz@96Zt5fdLm?om*s#QcjXc@9@kpuRdo8BThQZj^_8@m`yeSWz}X5(C4 zbuYpI%*aH~<%}A!MO1)|sv;lW%S;>3H*6s8*OwGt>OuuB%Bd zwp^Y%W?}kPLJUazL#|HNi7)oi%KpTQ#$yutJ@{bjWG#JCi5%eak^QGx-33`z!exIG zo|Q$fnfB*k+JZx&U{N{5IfH`9q4&K1zr*>D^w&YY&9`@bhA_8f^T2ub-#dF1{GY8( zyR*iBzL#f_BZlJcN6a15Vm#>+&m~zpiV}6z=c<^1mmTW@52+30{^yc8EFEOLmzy9j zIPV&F@_PPZI8mkah#gkpoGR**htX@cXm)aDo|0eV%}9|}*;7u*lWSGWYzHkc4A)h2 zY{ZP^qn4!VwN zl^2W6U{9w?G9GHZmdTB z%l*(apP+gEKRY%2m))JMwg1n(Ja?1-g_K7QcunFv$oQsB^;*1tYo%U~W%XE1<9BZS zrPXI)t55jIQdX6}Q#6B;KD&b`0Ro%`1BbI=)oey$kp52L3QbU@E0{Eoym-ptut<8w zh9L`wr_!``6GqV$y`;&ewgJwPgobG_QMRR`0$~JEmTH@xe)Jg)25F+asXP)&3qk@9 zg>p|55UR{Wvx3@fneoDoa$p#D>!Um6Il^fQ4*e`U;_UGB`0cwF$EW-DgD=ky&R(9M zy?K9nc=Su_$&D?Oh>st~7ec0jF(_6iFYW?d!q!TQexP$8QgLZ$HAmv4=E^wkn_?&TL>%8Ndvz4 z_Sn2A!@>MR*{?Yv5^3BM8>vvT?7J=9LB)p)I#KV7z7_BNWa1=QxbFpwhDL@6gen5p zd8>$MGB^Wptfr2rxN0clR%H*o|FKUv-Q5P~3fgM4KdKaIX zh1hD6X=sf(fDa$wFW_h?27mtfUxE=smF?~CFYNz<0W(sog!^E-(~~#J#tnGSMLT_( zO8;OX>f7~?pFeF&pc zy0H)Ypw$0Ci2CPfEw~SUXsKHGp{m3o?8C_`sp7nYeR!WH z)Eh|}uV5cuvfz>?JR9SiH?S`eMiAgxzIqS)@Pb}SYA3KiU!9(%HCRPA;hHIHsg8gT z0`y3SefS#*Qfw918S)n@%ZrmUx3j9+s0Cb7R!3y%G*aYE!7{<_pDGDGhz< z|EhCIRrerEM-Bb7U+$&3E1G6fb5l6$+^2Qfk!`?TR?@sXiV`J> z|Gd4umA~GAx5_n7xz|Ay0#lBGV#)Gx*T*C2t(Ook;hF@`Csn6CHbBI@vd^!lNOr5*X#?Hzz$jJvw-IRC=9Mafyr6=p?KEg8|+d!bubsy`D?6 zQ+mnhRZ~T=lHcLo-XhOR&VT`#=1>)gf>9wuiiG)Wv$Ohh5=#-P}|TfDO6EW9o_O zYZ1_E)X~hryWId9!*<)DTkY^6wdxRxM@G-d#w`_}%B1}$PFR@216Rj}cApbY-;#6$ zcJtkt{TPiF<$jH4V_mrJcPKPSWyNx`LIak??fgsj_@fe0z`yaXZ z7lXE5``2s#PqOwmd%%6;r5~S_tp646swx5V?0>skTNVG0_Im$+PtS_%zbeM{U&q5^ zvE%C>)sFUOGIm2+iwt_@(mWSxKiV<$rf)cWwWBKM%Sy zD}^UVy6ElCM#9i;&}kH7+Wdv~LO#gS(Q6Xte$m?TS^*L0WSj87grA>MY!$@5fOs&A zdl7jV+WhD;4WNi~@siVYN)9{YG?7xstdFZ-!{U@;!ueH{_!Ua}wLyu9E~1>1Ar&-n z!!Q8*7vB4Y+s)*Q3N?SuOSy*r?luj*B`PkeW0z}XLQl|7MMkg{zt|>NMAO*U$`kMB zpl(co5)r)icuM6}MN7tUOI4|8+ROrSeY^7Wfdmv5S-8%_3rqmfr_~`9rHV;0MVUgg zDpQHNlWOoCC|pjy&qdHHc6p0;JLU{mhdGQm8po-+%2hwmR$m-@QDG$o~@Rc6ALXAw!lN{|mOb&B8F<+O@VgYfUb~R%v;-qkUVwUzV%P&3qTdljR zkpHv2|L6MuZ|%0L`0u;jy|w;-FHZ#$HxCA?k2WyE+2PV~hbs7EiApJI-g1;=;JxL* z2Yze`Kht<-26VP=y^05A%uVg8!^~kYZnEp)o{Kns`StjnQ7NZ#LJgjBM$E!8DrHmn zKl4g|7AWP6z=Vc1i3u|*y2D{{D&`57@S-{y4KK@X0kTUEUml#kJOAzI^z8V}Ny*Rv zy)~2ANN}Uw#oYnT0<64DLa33ktU4f(3%0%OQ`W zB(>p}8(WZEF+Dt_{pH5qYwx!4@6d-|Zl*T&{qc*h+t!Tvt8A)4PPeq%X>ZML>6;hl zFW;QKJ3l#k_xqdEU#B$KJ&UR5zKnQ!LR0i%E>V+RLO;Qyrgj7@yr79+1iH5$gRP{! z-CV6#$0xrYoi=tqg6|e@H{g^a483QB$u~;ux}B|7qLZkeD!Em)rk8(yH%2h3vCM$a z%4Q5~w{c)M;6;Xx=ejS3EFEQijQFnz>;JngREK%1(|-1}BmL7EhcLQQ4&Wr1cczt|wds$-i5Anw=TvTSv%%?kcyYsBm z*s=9@oO)TpQdCjs=hT$HBnYCbw>lW!5%)-dmC@0|iav6G{B zvilmpoF4pcyw8L2`SoHonDuECrGIAumEL)^*_CAB0Y8aCk*tA;`1+pHq^G?9^L`O3 z&f6p!u%O~_DvupcWt2Y^!8}h;g+|uTMjn-~1cakkLc#5Q3Pc5*NV2fRdnPn;`5Vks zJe<#xyc0y;g@S-sTz6Tq+On9+vXHuRTUBMIn)3DakN*tK?L<@S)ikk0 zO1Dmo?veKqL$N)-9Bd;ApF;wcF9ovxX?6kTJQ z2$Q|x;3$6+N%sA1zWOX|@sYg=w&RI^uSP7O67A&=`!owf77qWg{|o#GctB|k9q~J) z#wKm8F#M+}3>9|-N5(CE!Gx?U*la1H8c?X=ctwAbGpnYfG)~rHx)jFCW<1mRGO~%n zyMzsg82?u7_!`pGF-%Is2_K4yQ$9C(juy>tBmcO3oCF`r)h#+vqubVLEttuhlfg`@ z$9y{F(wNq><{e;s*?@ddWT0P(d*VYMQ75ZtIYnzRS&`SII+HJ??7t0n$eiCVkIZ6) zg+|<59Buf~M&1ab^^MQ}S8)GRz~oK21DbRHztgSz|90EE>-(Skc;?;zEFbAg-8>vC zhN)fKkT~XrmB5Rfd48(Pn_D};EbcE=&8cky5*i20BfJM4v=A^6sSu0mRmn&9*7f|# zj=(c=ehU}iJ9HGR+=IB`=6#y~FqAZLgvL%47AnsY3FC?Wear*h1{l(mYd2KtBRpu# zybBIl35E;*UoGz$6PlK*YMLb7wT${vuc-gmkBnGZ!seZUG$*f~ zgv>q*X{OP9BGR;3t%=R)8}pSjEmUG3($v!;N{O~g;z|_H+f{8od(NyEO;WySwaP&p zyu>Mx3z>R)HT0=nPOf33PXM~##|c$iD8;qanH3_Dj) zaAJ~<_Um1zQQB)cFX&``#tS;JzMnnNfAX_}{oh=W;5qxh?M|n%|J&MXcemI3zx#L$ zFrY^ZfrPdU1<#Qd(R8rGb%!H28BNQcb#7K$p9?wavhV*e`l}p8& zcd0dy^;H6_H-oD$1FT*FRsV*7>bC|{|0+Q0Q$f_H1E?a20 zy|=wv_5a!4+gj`Y_wmfQ|Ct5!_ETNftU^D~2hL)3S6$)M#|OIWq)R#&c3x}JK(14`ulA@|?yeFY= zZ9qteGNjt0IH3dfS!{}ga{8CYF1!hY2}B|06jg$lCJ?ZYx|aLm?EEZ^5^8P0VKg2` zA^diD20lx;BglTCJUCbJBf@z?Jyr$sJy%&O~_!tJWEEsPDe?U4dtHO3o@S41S=u-TZ%efnTzkm z0Umr@z#3k@?&(0GA3;cDn!1+tes z75W=oLxeF8;Tk@EvGJzW?tQU~%T~K*9}iBV^ld^p4O4s5&M%RBVHO19Z+#bR_w1rg zt^8`)Nuwy>_NJYZq204PZr5$wH#Z;Q8jvqzRhKjZ1P5qIe2&y@1sBVnJ*^^}5 z*>qDfEZ14~qagckL_vIRqKZUiOoMCaN0H#$k7x%kavtHtk>7_b9J*4gxne;80Tr`S z{!2uqh?w#uiLy{frytRL@ctF`x$?VA(vc`V6#D?pqI!xNl}MA!s6$IR>likqReor1&R~$7baY9Rg!!^NWEnYQA$`Ub`9l&ypXv<0&{ijC^CP&(FdK2T{6OvY zQ${8(i?DL44+@(fCFW|i!_*Sa;w#FHMjLKv)viSd9}#C~FxY#xz0rVD1SsbXxHa*oL|n6b zw!LW==xcV*K9pONWBFZw%rCA)j+;$;9QopBVF9vP+$M{{)SaxP?;1p$|OWC@~DUPDX7B|>f^x_b}W!7Jkxw#S!NX3MW}#BSHMS67Wmlb zx{F2Tzru6MQPD^vp=-dgx{2*mkBGlhG@)i32=o(12QZEhB3x)EArrb5`?uW7AqV1C zQxNAWXFp5Li&zMw)P;k9N1G6Nh7R}y!6#2S8jXz6tXa(JdQ%nE)^%v0qZOE zNzQ`mqp4)&EU5{~<2n4q1~7>-#8R(a+NV+Fl7EqEAsAq(YGux>)bm0lpHYuE*uXapo3I;vFcb=TrZJ{ zyeWCeON8%bSTS9xk%h$2tsQHmno<>%I$ubYP1D|Nv#{+EV^^ugv8?nJ2~$01%@mvX zHKbaMpiBXl!hj__b>ZaAyQ7{a;*Fw+({kCw_nACoDqOQAN99&MX#^P5rx-%Le64VKtQ~6FiB^0cw-xJW z)z9+xKa}`m>W+PP7^U&_pijm#=l-|T-K+ZlZf)(X{eSP}`SK-q#$C> z?|yL*uM$~@S&|4XSl+f=DiA5g;bTL7^;zcqXf+ivQui3ISg6f3nv$s%7~{R1$#Yko zdSe4l_4=%@7EU6q5X!rkNNzLGsG_7Epaw3BfP+CQ4|c_uTs_B+n?jH1Q!g4*o@4Y0 zI_gG;s_Pz>jw~U8Z*{w4+z!`B5QwOctNO-^#$y`# zM)x!g6@D_h)=_RV|7Dc zVQyr3R8em|NM&qo0PMYcd)qehDE#}k`V@GT?$aczt1n5acf03x9k=zbPV8ej*|VqH z<3J=Np{58H0PSd#oX`F~xRD?UilihvX;<858<_-V2Ebr20OrCt^lli39CdGAur8dT zkoS-0kn-LVE`tBs#xocU2G0%-3-04pzbZA43lsKzWMui!`|@Q-k>}9##x-A z06~T{1{dG9V1(Zqc(;2k7)8mS`@KPL(DG4)LLY@5Mr_pT0vKS(Mqti)^b>+UqNm|+ z$m4|m15M_H+_V5t=tPO`To&nKU8V&9MG;|`6S^FMDGt!6-|zK3F?(3Qq)O7@L2uCe zR!~Hd2f659PGi*a5%VaHxGeJ%3Kl@Z15-i)pQA$8_F8jdC}g94e}?%yp7cDj=*yyS zG2^grb(iWY>fUD>K^TBYqm!JRp&vyFXgFKI1 zPwNr*QBJV{+(L@Q8qdI^mb+|g7LW-Hg!YKua|%zwTk#u!M?ih)nb$oMp%8St;6%It z@-GzLVoJgV3b}=g6QINnz#%6fB0lR$n4-=IeE3v?fFX|}o}$oy*G2+vF$5628_Rm{ z0GWvI3blfzkte9}0?yDy90aNg6S&RKKJX~=QOGe27zh#akuUW)pZvfPvfe z!<3Q*@B*xM5QT~(Fogj_tyZ2D&fo;8UQuiisK22v27p6JGewNV)I&`4lvqo^WGNNw zd7^V0j#l9EBQHN4rQ4?zowcW08>ab30h zau6PYX&eMA!I%O$Q2BZiTp zxa?sfIC2iDk3t;IY}m=m9+E8S3-CuFz@d*l#g$|V?&gTkk=l?YlbL}#90Xv3021w! z<14x$0SO=nG!8jlsL7!*By1cKAIUx4Nb*_oXAj1lj6Epk?@3CPo-=*mVoo;=4}} z10msH0l7Dq1${JyaiBK2$Cszw^A0#Rb$vi6cq!`B4q$N<1xo;d!fL}+L!GBaOP^Y8 z_=zxnL5b&V0cIe8ap=v(s0z6RK@>m_30|NG^dnIbGq50WC`R7L(B1$;%NN^gm2zheRDG*XD(|{OLS&V?G?W9EPw=#W^ zFOXpu*BU!UTu4Px9N;NnD3}63J||K8^1*q zPnQmqOA>=S7|M5|3b;{q)VeQfX&Gx!=V4}6d}}_>k$1zc;OrPuABQl&T%r%iT?Y{A z%@N}iazceDnd8~K2hQ!c0lGzjSgM&2lGkFT>&SBIoj%*VPK1FhA*7`P?*F#CHIOK6vLt z4&QZv;4VB}%C!LpNEBpZK~nFrCuJxDcXRB`rDPC;G(lp~=1MsXmQR2t%10rHnOxEm zfv3n`z(^_TiKg(&ulY`hC?--U1(31VLfeoUrFscG@m2~YYnJGxt58!ZB0^}&^-Oi9 zSqBk4!wbxrdJEJtX#N0TfkV8A7wL<<$dw>_d1yTerl)K7yeJmrzfymKZo%E9W zbIo2_zne4_RyS!v*6*f+L#vy_+Km`H+75%+(3Ij@pUlV>o5ldU?mJusS%CJwBP6>@ZnevNKZ9x~L_lybZf>K{e4+?Lk zHsbqOXlXDgIaxECPenumre*NnCP#P`2m>-Zle(GKB?B^>39aK6(TQNPWk($si4RJP zlj`e8>h`Dud^Cw?9e~3r>3};(!wx`{650VC#TzBOu1Lby^K7k==T`0wHj-xI-8q(Y@$;&K$dT@3!htY3h*ro5n~sWOzMi= zOdZF3kD27WOfj_w=@lon-W4`RJB2uiDY}|d#O5TB_}}GUzDuUKsVoG~1f_K3YmC7D zI@I70i>=2?6u{*ec_j4ZIqN&e`)ZmTl}2EAxDH(rqL}zLMVU9%v}B5}O9hKPA?&kb zm48`HOTNYk4A-HC;{_ryw>u^Ks+y8)`4Kowq$l)o)9IA0R6d`w<+d=Pa)=wwsHFDR zrc{oewdPbQRU1vJ9A&jixljeVxwdS) z2a0UCYfzcn5=AS?bZn3yI`j|r{JqKzk^^^kpR~G%*4Zu9a^)cHx@H7O!Vow5pprX?J8FcPWFWRJxJTku-;v9#wGLWW@p;EI7^gI$9?bE@-`g?;J0(6z!L8LFo zlp%GW=$uBaygtmxlq(4(kMs?Z8QGRA)0>f3Xd!<}&45gKR|<7W&Wr>woPjxlk(_ht z!n-5CF&Ij%VG%P9CI~=E;?M^#4*w!%)_O~fnu94xBd~ukc!j^O(~vpm(U?QdzK^F< zM928wNb5QbKyyixni|E638I2hQBUZ-TpC&4AQS-{np=(u;&%vzYM%{g9I}o!)&d8E z8!7%Vm1YRC@&8vYdJ_Rw0Zw_)eX`$UfYI_)D?{d;Yun^4nQV}@`V za#1Q^P8Q7;Ng1eM0B9_+5=}B|1*KYpH6YPkrZ$w?`pOg>fxQ>?=m?e33#&~@QlXj_ zQ*;FOootb##%QLsC^3aAsL;hmV1KXG@{|^k2p5k8LDs6sF40Rr_ihsXOk%yRPaTO!K$Mm;m zZMfL-i~W2|L*we;=>WvNo(%(lze)H4#NRla4gW4+s4+5M09ItC?5t>#jn$QO zk!)*Si1sw1y}vt~viJ9qtJc1*wV&2Xi~R#qX$h`wCnRN32}@0sIfWrhMTbv91SU(z zjOe6Lh30_X!$lOxwlK?2uCHC>zyx_@ftdV$oqoU8-;<*odj#!cDltmwyca5M6ph4x z(syFmGDZGPLNt>9wcm0C7bE%KR&!pr6zM#}+j{#3T)zg}7l^tK-cOM@CxHFgF$>bq zO{YRyv+;aLtJa?s7NK9(%qR}BnI363U*=B@>n!1y+1(UP&P@snWm;WmhjNRdjyRIp zn*wOCEau6W6N>*WH0&TEerju0ho+yBsu#pRN~;;`m3#P>0yu?)E|iTxQWQLnR9UJ(CfQtf+H&CuuqxdDZY6AEWY8b;UR zz_F@utST6)vS2o#=T@H2L(ZW$UzF}fvLvZ9eQ=ak>VY>*Tbbj~mj_*PeYg(HPsT3*2@)lrk`8_%^cFp`y)VFB0{3G)Jo7wb@WEGzcFOIcdEg&>BMOJYbk2oSf2#f(CsmB6?{ z^Eq0|p;Z%3PSuhgP*iUs;Zo=6D$%A&CNj-9Nw1AMITWsgJ-HP~2uQ1MLPMfw)*>P; zolud!+I+>X*%x}5wmZWDu+ee{Ihw{nO*+Q9xJ`%+VgpKWIHRcMntN)>8XA(yo2(F& zgujtVt@VMD@W06~O6UDp?0m1Q`iIc89AzX=uwHI8Nc} zi`fx43J~S21CBh7Z!yP+b-=OoC1xFP&gY0SGxkaCWG`e67+1H-l(NRj9FI$(J$L=5hjD({-!V5V7U-;>e-i)Mul3S+Wwr7Q8dc%*a>b z-I^c9Ds%Cb6l~;i;Wi6jiEj(O6=mk%EAejVMd38_&LdoDSmkomthTetAgJr$??zSS z>+f;~$q}%*>qq6hyay+bnltm>+&LP|&8<3a)S8|5;G$7;es0+rqs|P~8|h=I(004v zbz*vCw%Cb5OwNoz9|iPU$!=T%5lt(#xN~V-TQIuIl2&eVS0o{4qggc0Ok;|r)|sr9 zUFIW~W#%K7ZKe`6nR}zGrFmh@8XJ@=Yw80lvOpC~D|Wz2v+=}W`bBCoo;MdS#ns3v zT(#kOjV2^D%Nvmgo(4G>?&%;0Iq=)Em(2j(rpasu@a9&t#02Kj3%3dtmw(&S@w~=K zJj_$|0wggp1v2BXLP80F2?%26U{_9d6akr~X0eYz^5@E})6EMRQb~Hiq(=bm?NbWz zv+td3V(Kb0NsVd^CbKn5F>QNa7E!X`5Cr0`VSpU=iLx!m@_g-K(O!sk2Q!AWv>Ce91l(DV5t=6HCyv3LRAgPn?7nD6CKycGWZo{5*DeW)Yx zQUdPhM7$K;{T_&yqP?f{a2wys<8ZBzXnmyaX?SL(tG9o2B3kn-+(Lg(N8#ld?)fCV z9Pxu4gqM?WPv_v}2=DnAyd3d;oq}gD>Z9(=0eIOokuk-+ITBi7dic$19^_`wZs#1g z2FRKx3C~uZ;X3hbdX`WR>KezlB{vYZy1w-b2+b=MHxM=nU(5wWZr8T0!)^=aR?oWa z-R#DP8_sl7`8-vwOm)>st8y8vO7nlJLyXeTj@49f$DR7Bj|P6z)`~J{fTGlT%dn3; zNL9wARxu~cil$rUgLN9*YNh)S)h;V*-vWkkhR*N8Od6{~@&;cT^Q#mNbIh!~Mbffg zCN(lP*|PadA_Gw5!P{9R?1Y{wd5bJ#G^N*8HX?m>k=bYpspBDhizqm{I2C(NfiMp# zNkUb?b`;^C(NdNC8A)~(|KM;fj5%l{&}N)6NR?O#JS+_tUlnoM;JZ7BYaP|Z|eR^?u{`U0c3Hayvn@iaTKcD;) z{B&}8^7N_c61`QAS!z^i@oQp5r@+ft2#OXX5A9x3U!==U2_Zkf`Tpec^~u%A7#yFy z8DE`Tg4ai{P7F;p4_WrOrt4C7a-~j~G*0?hPaXc~M6>1OLDS1hzbCiYM*ylJ5xt>i zwiv~jBH)q5A`VSTDHALtr9ryGy6g^RdJBcf#nd`Ko1>4$S4YP`kFSodPQaVXGt)KV zr#bCR$0u{3DI-EjhF4a!Nz{adrkDn!U5?E^C769$9)kwETpl#Cnib3yc1|W3S_bHt6{@!5tZFlf(UzhL5%GkFn zW>Nw7wU4*tAyr)H#iG2@o7FoVV5cqgK2-?wK$gm9JGV2UD=t+KbT}nJ$uCk!wo^LV z%I~~wTVe>g`Kzp{eF89I0)3&bdFQ5FzAxamu_eU-XvZ`#JFH)m+7A5ky;>PF?<^XW zcu#{ce(Dr4msHJ>UuZ&GtaI&OGv7;yl;33W{M#a_o&5I*a*k*yiu|8nVE5mH?zg`_ z)<6FBukOG8)%*3SdH>|=cBcBLEVOpAB-S7#3#jG#{V6wSbqAqk|NF_scI&f~yvnH0 zKDzvxJdo{OOY!v$9 zGY&DoHiivyTN~~5S00x#{X01>?wSK;^`|D>bU|4Nhfkjj9Ow50l%}%| zgS)2Sz4H zK?1~nTL((w-=9D*Z|c;})~s7A4Qh~7OUMLk_}RYB#cd*RzX@~PDSjG>tN zR7c$_JgfD;;j_KrAgBKg_XoqB{`U}1M*qu>wNm$#iZGI@kv3h-iAop*y*Z>l3N2G& zDQN;cMc&d2^tDMu(U_AY%m;dpyfk%*M-~eh`XlfQX!j>L?6Y~h1KM3r{11eX z%gA6Xz>6NlU_nC636-WK()uHwEHIaM6un;WoBtQE0HFvB_Xch7YbzskmFXvFfA|1! z=moKl>_fkFCMX-qOPxuo4SL|yr@kd3o8-{_^l8+jCWkZd=~LSfdtupQwwu7Q>^~Ja z6yA>XGE~ucbp&}5-in5Q1fdq?2U+cL1jbk6>+}Xr{yaOmy8h{We5Hq19@YLpiIvfL zic#QSqN$y{M!vg%d@jvrdCYoq!njVFVz6151cui~uTIv-5+P4^;cI0blFLig|0#~6A5UIiUB5lK9G{-Q&LU~bDIbAQuuy(v1a;RJm*>a1CZsu< z+QstYe~z8S*^;$OMj}^UXgcjecOG55x;}Y*^!?e%%NmWfy&+0kXMn!BJSzZP&Dq%t zQ#G#(p!H4iwHl@>%AL_C2<56NAMuY27S&{L{(t&*ST> zqaUx2k1k)HzCJoTz4~XJspxX?s2FXBE0m)_C;#i}^62{b{Pho~KVIv*`^)?UOE%pK zXuGQSe>yojyZY(+;{5U|2kG$e@UYk~XD3H5PcE-d&Q6Z63bLs!ZFjPj&dz_lK0A4P zQk;l2#8_g0{V_?kQLJSZDrJT*gNoNDSN}M_{Q3Io^62>V^^Xl?UWr%M3S1YL=U3;) z=V#Zaug4c^uo~ctDB;8-!D%QKLbyt}0Z?8{Z zU!7dOJt`mVdMR*LV|=Z9bvr1N(^wX=eu~5EFf2bqy1)87Z2?`LuIvc-56i*8RKZEINyiL6%x0X02 z)ny!tjgYaSB;F0;LdkWq_2udH`26_ildJ2CqpP2q%-t$9?!&{}xJqMJX{zRC$p7`v z>z}T!F2<#V72vF9a1C#5aE?aF14{7q4O(`<*D5iTbr+%mqW7G_lkm1jA{6Fn`|v?l zH?M8FG{9|Bp$$lD(UILoF=IHI+e#%6R$-_!))I;XgU&Jo*tO8Mq_4JMGUA4EWr%h*rP$m4e2D6no`AH})7r}>Sw<;IG z&H1f{FW@E&x6;pVLyoI*>D!3qR=e#Lc}@&%+n~odM7ag zSH~Bw+G3w+)z0x%zPcdk4)b}v7Ft#X1y4T#N#8};M;609N88oK;42dA=--ZqNxdL!4g)G%0BP ztbyQ0Y1&S>0iN{j@1;P(DJunFzLi$?MZ;)C^HiZ4?NJ3o#KR&$Fu+}IV7&&h8ZPsRBV_zH11DXUzI6m*s^Jsi8_+ZSfvlvtY9(i z6wkWmV^_^~*JO;;^pY1np*lR(0)CP!^ii5JKo5a-zYW^g?N6Vs^R-q_Q0tG{*J>;q zmdISL;aeP_S;kSH#^Dir!w?;TfpR@1ikm$c!3hqeMX1pNps#Mz+&->KB|JP?pYuEu)-2WdO4)=2R|9j7$?d(4v z=XVR_6a3iR&jTCb$)$({(5|VR(*SWzm^TM z^vRVQIO5($b`U$efbqWPF|gzzB;|C z2c3~AS7ESZ+V9?syh024b5(nOy1Kf!9$y_@jjz9d^TQ7(m)GOd|6MM>R$`oU9*sHV z?E82+MO0?Rt3rMLy%6#88h%R@oKKkOU^$ZY2)P%-1E(0@*&S@9FD2(Rm)(LpDg^h= zx?yMCu(NJxVBL^Y6Yjytq5AeML&NS8?$37#$Cj)sZ>@r^k0$Y~fPgJoUlr)51s;K) zpmNj6RR@qsT!4hZ5=5){Np^sI2B5r) z2b=)0?HB*b3=jyAn1j1HDBd5N0%>8UIQ*DzoVE-$0-S_ry@FH1|U%5rGs^X zNzBCzyhA$hBLT4v-H3Tdyq4Jc92vx%fCaok3a&&WR{dVCt&O%q;*YmdGF)l^*{Kyl z#_s$=M$P;b z^fu9{D=R&@n-*2aiN_L#JWx(VB3z(zBLzQ-nHPHC*}nXV7vp$3#qUA8n*uZQP!W5q zViCgxhtSfO;P)5?c#4q^U=+z_^jiNw3c4)M1rE_91}4aZF++fnMJ8;lY`narQR#tX zzzUU|MlPX`b-de`ug9XS)P*ACJ?XVhr+})%a|J}Nc1#B}l<#mFe^v(1gex>=@!MZ`IvOCDN|aYR{skzngj@vZ5e%6e~2wQlWtK^vKI~st(mut35+NX`4qJO z!n%K9?HshP!`d)4)0O?sFrzifVj|rl%7nTEStd-fDkVdC)E#YErCr)KyX)2Ow;Hvz z`2STd{_D&%vREY1;%gGD3M+^(imVt>JxuyF_ubZ>dyaxdkInnCBWhID9VY7*@tZJF z&g-sZGO356-6j2e!AbCEVDF?b>;*2z-00-D^JmQVF!Py z&0eZ%SLvUuE%2F_eWugITAlt_av=D+ccm4H-uI9pxnXYW^3s5){Y0JzusPg2d?ski z_JeAM6$19n3}Nfa*23MRp5P-(@)uB)s!ze8?LU)aYvn0+efXrGwciy$2Ggy zN9PRQQbdVblLx-KR;jXbi9#Pyp>?X0VtH1SsALeB&0(+ghRFnqm8&g}0tu=|CFnMI z41DZy(3Wr8=_MoN^ByNXK1b@6GD$@5c^iEFMD$<1F)85dX76jn4(F650eL}BHPkx0 zmj~8jiBMm9nvBe8d2(uyt@5~M4%pR+_Y-&R;`u>!yP`M zpaL+1m-5sUoXXjeFsaTg|61nkM54)19u}&g>_Vqa4iTy;OpOI~ewdU+0eU}@56HZaTESC}bTF6e`Favo zlso!U2BHAs5I{=dQf$=~v$GEH$RdIqPXeSad7#*AVlH;7YVX0+oW& znYWLdN`R~Yum?#0dh#SQZ4H;Y{&M$JX%{_AljJsUMYGD9q3C9LnPstIvJHO75z3+8 zXuLM3wkQb`GC+0>ejE}G9-~FXml+J2+&q(v^3%^I>LZ9l{CoCDUhKw7FHzl6UTn=| zw9vab;&Y@j%BB0gY|LeS=5LaYV`k+$?t#-OV59@6658Kz8l!L2%A{X~gwKUoeyoxx zW2Vl%pY*DQvLn`ainL+Cwqq2oR=DwTf)6PUi^AbSy)QTSSk=@=6hC|DR!Rc+efRLGReQsp|b4 zPmn(T>HUbgISCSQvS&VoWlt?9h{K+{$O>IvG)!pi|2%qirq+9DFtf%fkZo^cW#LS_ zAY(F8Qrh%?VhvJnXk0C5bl_-{b7mbruB2NPY({bg9hS?A?Np^A8J=GMeDcp$!9*!* zo}`&gENhMftU?~gL`~Slm`NHkS&0l=#SKup8aiz5^JyJ(#z(28RB7dWmPYpxU9+($ zcS6VyP1aH3=*`tn*H`C1pS=E}$Eujz@!^N9Jhf%@0DkV9(f^F6;{HE-)TTz0k^oI` z=;Lr!&keXD|I2W1|9L+D%l`2B?*9KFo)yQpmgg9Z@LO|{MJLdc$xaEy|As0fzzcQP zHEiAB&>sOk?Jr4yzE_OWS|AR6$e|FEsn997l3DE5GMN!-oG_aE#9o?k-~iM)8*}Le zc_7lTsBk6ckwrv86!H3?sMWPl$y~DvroMJOQu)@KjA&@m%@j+^*SkgFfuBb5KXcVmA4iq^9}W)k@gMdN zcllo*f11euG|gJG1)#$I_xaxQg8Y9r+~xmykf*u+52J{ss{YG_C)Shhbrizg z8jvA_MJjI+Ln?cvI(b?^?#<71KWT4>2DG}%ueO9NtJU0o6C~*uv$0PsZZrje>(tgR z$T)=@&9sA%`D>*k;z8~h3M9r0x^FGc1|T=EwgE_$)oI?2(k9|X-kPMM_v+c(6)

xZJB+ufTu3^?Ov-wL=Q4O%W$$A1w=z>J73O#g@jhei7FmSmugVZb4VhQ`M+_FW__)2dpXj-AC%EO}-i>5i(GGvuS zK`R0%#5=PXqHfR2NtI2UXP#UFJ@aG}>6z!g6YANG%dmhX$pmpTW!4MjHXLNZR>xRV zkHg7dJ+63b)|axVYgz1$*lQNrZA4(p;&a7e%OI>|>cY(pSP`(Q4(PIQPsNTZW_`={ zm6c4YSb0^bv{Eu_1WYqrSvzc66=|!3rxi%84xwf!+)5y|{4{b-*@~!YW!+sfwptNK zRfM%Ho1}5p9MrDL;#P;7>tu5)qFtG(Ela)b89Q5B5neG#TNX%~s;yYpovtM@>>HkSA|$>0H!=FRKDF!fe6-o?OZr^SDyiB;Q;qY|OJVl}$#<)k>9Qo~jf!<&amTtVtSFn!2VOtTR# zik6Okrot%6K1u?N+#wllOxd5yVO;`FbbKy(5lh0AXaw*(1QZkMLskKS#$nIN0Qpf` znXJ0R!auFo@G9EX)g@7_9NoPtx>drfYel&#c2aI)mg;bsmn(WQqL|1z6hOwZXP|{o zrGjwI0z=STEPcYD8HAp@syLFJEFh0v~E{ zZRsSgIe|T6|Kp6UT89^R7UK8zG_n7Pi0@-YV;SXf68ke$&k&@_{_kLLn798v93JfK zKOW+#Xa8YJWjxuAE>5*k28E8lH=Bs}@>|YT7Wx^@nOHOI$?MRZ+8MhQ?i3#Fx zXkXAP+Y<+tor&Sr%u5#V{hJWpLL3M-7=huR%j9IYkjSTr{MXtfRN7>H8^9|0KRC$S z|Lq^_@9pIOLp;sx{}R)`oEON>{O@7p^J?R_>=cDr&+8T2i@XWkPCWi+JXP{P8$B>} z0BvFcULpSv5BKx>|Nh=^C;uPhk@0whM7u<6MFf=~&}q<8;dg1D)UNL!>RvY*UON6! z7Kogg&wY7{#sSJWZ%XyNt2{U}C+S^)Zc)gY3TQ-pq<%%jS3mS}!mPMunpb+s%B@$H zZn~B;SB8M{=sphKdZmLOX~;bE$djtci>jKDm;sEV zkgF3gFMxQFfN_6q3bPbkB_w7?nds`<|H@j1U4D-Vhe_q^+d>K-L?@cPW-=X1S4PK^ zKkmey(VQm`nj-QcT9A+l3e$Iqa|yF4QjP$bl5(z0s>)%~2dD(U3pRpr>`nlA^~dbi#Pq0mpyeiB?boKeIWD(PqRo}*A63boY> zox2lg>(+h ziu>mB%(Ot;H~d@owFx)gE`rasUKVGZP&h+nWub(&b&NXH?!MV{;HHi@hxPYVTs-XkHWV)djJf$s0yBoW4( zFb@VeoK;dQRX`GQ7(~Q36*Kgfm3Yujl^HzbEw)9O^>STeKDTmT<5_qA*CYT?b^M>= z{m=d`|IdRw_Y~P@w}1O$BKP2a{LE8&E)@j0e~vx|K9%Iun_-Y zFxbiehj_LVu_q@NcjCMlvjdJBV94VQ!(WL8I<>biFO(|tjsj!X}~S2VxDv8T*$rB6MxzNg}=igkUh1AAY4 zgrZCzW&#dmMRqYRc-A%aSxTxqhig?Rb%z0Pjo|IOU{qho(`fx)GXPXY{HJHbgT4Iy z-(YWlxBfrGv(3m(J1wAwS)Du3ku5THiDR+BQZ3lf?9LHf;PcwuWzARYw*Q9&Z~7yJ zY;uOC*u`wBj@e}M_1Zz3R%?;#I~3J~QrDxXv6J{`4@OlMa%F3Qs0zcsA`(@xY|~Iw zMF_iCREDJciA8l!v3dS8LtNDkKV$Rx>i9GDESud;H}Q{jWT91YW>y6zY7ikvZu3*q zBem<-)>o^+pPi1cPF`;ccMBn*zMzOu_Y~hJqp3Cz@N;~Ac6M@{2^RM1{m@iose0pc}($ie~VqXwiV`v^O29@iSF!2=bE#Ui?ki#+l_ewqzg7wwW#r3PB|8@QH z=;~;E`oF8<)z!zlDvr~tmhGZz?V@Xafzh>g@oVlaeoglD?#l>Z6Ob9ppt3{O+(Oz9 z$gB`g#sQ~Ube6iwThj~Bp5ITB!DgT)L0ro3O&^rpD0#G9vFY9AX1)5wM=yG)us?P`-+SC28`*;d{;?50T;!ip z;qQp|(}01U@q6lD1b*%t&fT->X>|X;W&ofn`|tfi{D*_*`@8(F5AyuMBm3;^%)iV? zKVOu|!RMZ1U-HvP{x=Q$pr6Y4KhN_1KSS})PX0f@^LgSw>;gZ0_P`IBfC!eautyQ( zDC3nJNoPj!D~^2e@pCin?%CSYSpGM0{M1jC{2w0X{eSj{`@8(F5Av)bxOa}9Uzp?P zAHw7Fb2IwxaXyXYzp*H2xCN*@|2Zt=|K8u}{}1!5itM?j-^ZUTrsu;R#U!b0a%Rfu zL5j*<^x*>zOH9qpBozfs6N?#bQlp?+z$_aghet}ov!HcOf_CRX_w%eH|Cq{ z$np{Ef|#o4i98Bi!5U&3s9+|d_5GU{?0>)rU*DkRcVB-PUyZMiE>5q1KKZ8=Lh?OF zG=#x*KCX~x0B6@)al8)mL1=0R3TWV9D_>rlCf4_Hb$G|{fMo(xst1SClMr3A8ysEV zB8sQW#*qZlX;v)r=~JtvZ+aNcc!*4KfK(^;`6B8k-&2n(bxo6_nk_@`I+7uCMqoHl zjv>sWFhaUy63hNKGSR~n5x;ABk=PDjezumXDRdNBOTUY7gaRB&cduF2Ma3uH4a)nX zcobW2D3ZM7LIkB9;>dVJ*&d#9+w0;&&;{4mLQGv-?TCmk+iDfm-6tW)#$*d@8F`HT zmALKiTSlD(Mq1qiCB+_rt2qMK*Ae9N>uZ1+py>A)Q{;om67V@ngqapTHlHZ+7gD|^ zey9=gS^w$R!~Rn-H8Nhi5u}h4Is*M|_V&hIV_I)@%1cTj0D}Nfw17Co;Y_b{9dL($ zPe4dG2odrDpA+U{E1!}m<1;)%??;Bt$GxXdwyz`C*Z-1CNZZ!`o*h0b*nbRn`M)3L zX{!I_VuVVb7}w6b-FQ#9QxzRXBAfZ*CZNvAHmS?qVV>+ zTp)wAjMxx;Cj(U&g|na8M(5jJ7CkdhXG!SHdkZCLMy+iEDYn5QsVO2K+|5x4VkWdn z=O!$p)NU3OvYm+v+0LlpYX{FMk?)^7OwNixInGcyxe}#OHe6Fsv+D{ZHVZe$bPH*K zCu&=r3WcgR;YnXr>6g}V;x5$~*A7Np3q;*W#H)4Al|1Q=LsAwIWwQ_=Db|MwNRndv z0-}-32~&)il_KuxR-4DGp{`{3Ib@|NF!J!`=S> zA)dAGf9lu>@Am)qYY%K)BW%kU_)C>jyXStM3i&UTpZmA}-OJ~H+B-Pd`F}sibMLmj zDF^*=gn5SMFWt7cuS02CZ{$6<^|#p9%RiGu0B+M?Y4H2GIdbATcDHEX*H|yy zEdg7%@5@l?F8$f;`_jeiKhVA}zmoqU?E4Dbw6pK4Vc(Y-YHe!JgPR%reYT9*neIsn zsGiBP>$AdyDA`$+PlWN;$ng1G z{dGs^O~(95+L@fbTxAlKHg#>2s9GS_Hi;@s>IcgDl(y==Q$D4b9>TmT#r9C{qP8MV0-5_Znl>+QKZKk3m_1Gq`jgqKJcoZ{P$lbD4ge0b0H|k<62S59^ z7NBs-azN5IwE$=%GO=_AaJiQQroQGru7peD(7+545A)QiPxhBeDg{K3iiMnF(i2^u zAC}C3)P-n<-?x4`p(kJKBVkL{m(2|NKAOa{97wigUG=$Zf38Kh>OdEv>Pu}R>rDz- zpAxS)8N{OHV_JuH#JyZ)#2eJ@N06~QKabyjSveY0*7s(V#8G~93_@=Lxb>=5z0{zvQR>`Ar`zqeO6RZ` z@39919L`SM=AdoE5@HjQTo$+W@zGmEIrd<1LHwhHbs8Tfb#EiM{o|y1r$YC9(xWuz z#4jh?v+5*Hx#8rG;~EG6_;JuP5w^W;mMHQG-;stv?9DYS1aQM|z6Q4o+ju&hH2oXhG<5Gq4Iq7V-kV-*Ow^`+I4F2J32r z7%fVI0QpHmt`Yd9?L~3B1KO%a`&VZLMaBqRqTgf0I6De`g?0rqWH#RS#1ENMfvvNJ z6Z$=KM;7O{nZybG0eMB8+uHI)y?I4^Gy-iQ`rEsJ(_iLOU;ksCw?^*A|Ekvi_MRQ& z?Y{@l4tM!~ALJ?3{lswFK0rbe{zMpmiRoLpQ@aS_84mS1=p%3knfjTOJiRzx@ilw4 z`Upr-EBB<};`Ak$5(<1W6P(F>Kq#K!5cr6zG?Xcr^e8q1LgrCXK$s8ufK#C%_NAK+ zz#)e>7AY4p>54_)h4E-U5pou);5^QjBqjZ0vruMAcELAKzfnbzZ|7JZfnR<#@85(B zPSJSDJRV5%JXy!m1&#Z4k3=YBb3EnRDAPw%7zg~w&%qAkAZSgQvhmZTT*l!MI|`RV z?OaA^1YX6A%a^U0wm<*n*TlIiAQZG!gRf(? zO;J(c%uA|XDsXK{v3e7rTNH>_gLY<~Fywh;5nWI+6@4iglEqOJ$arBeNOPLzNEF1# znWOtZ>kc<6b`cIhqaKNa#nii2Psk)L_0>^}~k7ta6p_jmDM z9^?@d-2w2gdhXXxpf*PuQmBgk@) z%xeo06kUWEgEJ&xMihs93fg~Rqrb4W8+=NT`*VUNk(2ca7v!|FR3(+waX?ZLv^Br9 zZT-_V_62<6{o_WlhXs#4DIwZ8z^3a+LsHTvtwi8jRq`uk;>clniM%QD&-OXCAp!Ln zcopD_KQupo9#+jW&)4cAK@?-A97}jXHXz?|f+kUY%Nn)4$Q#Z2k8~$zn%hgl!%p$+ zHzs=L!-tZ7{s=hvZ$?6=PN|gW?0G;Q_Mb$rtkC~9RsG~sdH*vUWc9z{^ZmoYPXBv| zr}_T>UbpjqxTC{|+s4=5nlsM2Fv8s%wA{+>ybRu28+5A)j{JXO)w?1$C`>WyPhIh; z%f+{&}0t{O`?Cu)wpBP_zvhQ+5CIY>>PE86NKM@BBX=buj?CT2@hy@7)j%r0 zzGT*W82YV8AVf2j=JIhw(Gk&96iva+Lhm>fJJr z_^96saL5t8zE$&HrlRq1zon1HWe4Q0h>~0ED|62&2?BB_gz+t;7*1s9=+;y4 zuAqXw%e}P|E9bw(GQAg8Itf6@20(v(+ z(FLZZXaPtlOM7IofT1s?yLczrO)do4=IU~zR_ooncXGLDiBU^>?_aHMmm%I|oQmS# z6#CK-NoN^_`RM-Me?1iA1we z=-Yh6#Q?y75kRfad=9x}8-_T5D*u<9u&!}T^x}6ta5@E8f)qPH&1!xp0da?e089{= zp%78XkuQNRN!$UGn9D)33VL&?_af-c0mlmjUWO@)Mh8i2T(RiYUALJ#DNbc=nujMh5jzUkj;7!UNZdi5vcvy)iM&|@})Y#m%o@t zv9#Ap!UZ-bn-aci%< zm*^BZfZ*uj6<82I4jfdf-&b&U45^Pp7$}OZ<`e485#us-w(Nr<40)27ZD-pAV`z_l z`SsI^YH3)9k1}b1sQt^YvX|7~WUApZGsbG2pa_8*v}E9&TvR&Xo!BM3lU@n$e8}Ou zjttF(r%O@6WV~l$_|<#t$&CdAcXRB`bv|t(IOlOhxVmr)mQR4D&`+`_LX`p!`5+0u zR%l&=k)m-J%0}rqt>FM1O3@|LmZM+^d=v#_iG0Z^d3=R*lbJz0oxUdgf+B`OE(g)f z+GN^jwiW#B43ULrqbTy}l%}L!v*`|p%k%YJ{CXvYSQSWG95 zIh(~JBngJWOBBGRj>?vz8Xihqjxy__i|p`k1w@&z>!Q%gt)u6L5=s91x_HD2Kw@5K zi)u>tYXcl)c7|?Ikeh(7e>j)Ss%_hptfL zHW<9ZZap%sPjzUBB2jxKG$l3aKy}e|INU3v%l2P)Y)hQd#6F)DV!3r2Wb4 z(UMB0K`*85EDdNBlp-QK;AVa=a+Q3mT<=uRZF3K3L-a@xsK5o%$wZ!^zEWPp_V6Ex zEuD)APTq40?W<-nIvOaLQnE-B!^xeL7`vE?jW;Luv2Chb*QHJuJQh9f;*=i<1p%b9 zg!#n23{f?meohQ%fWoh#0tN1vP$Xv%(;GNn?9K5c7JD=j0w2j^1LOmt_8`g{(%w*& zFtbOAVgaqIHbdIK8(6rS5u%u{Vstf!ZZNQqz$piF$Z|)hjMLcTF-0Tr2-u{EzXAB0 z!7%*$$b|iQ1Uwju5s8T3(K}ed+8yZ%)d7fmJy{umze$Lq?%z0^4gW4GD-JMU09F*G z=2VIb*&tm>7s<9LgJDl&*!z2yYVqDKx3A0Xi*k>^KOhyG^pV;GNVJQXadj;zUvdgV zHYIeS1cgsR1SU(z_;2K8H@6=XpeW#_B>as`*1<|i_}^r* z2F@g*${JXcNPz3$P3H4Dh||i=F(>Iqo8vt(Rpr%13P`9Rx`r=!GPH%r9SOhTLXIhp zB_^vXfX2mDyu6TF_Z)JiScNlydE=(ZRDC4mFv!G7U8AKxC6F>w42@y(uKOEYt)EXoynAuTv2Qnqy9^6xTqUm@=+`HxjD|<0#}R+>94MyjX*V ziv*5}=5;LL^uSA5T3_lieZLnH4g$pOsbywT9*)#t)IN5OmU4PR&Y{@QiZ7cscMC0D zr_+h=V@6|nOE!u9*;+FDg7_~JDBmk6&1o?Q3u}>ZsVc9xZfMNndlDCN9RYWl!Z}Xi ztV56b^?OV>T#F7>|9{H*&G9pB6WtiGHl|(!qnLWrI9PA+$GY}f_P ztm+@D`pxmH`LATjn!1ac|KKQv(F1RozCXmFFOSBh083>CXeczU)PbRO>^HD)yYzV? zc#K29)S==NWllpT=9UzP>2^f!0dsrlql?qp)R2e-L>|Meq0nXm7ze?pPFrnJ#86rNq6rrzj%6npYMmvWTdh%4m97)OinGq!sqI@aJz;xeX z`U&}B2btURrk$zIQc9>*{nAT2#c^P8ER(8$1&ktjNiKNA;tvS|Py`tXLH3+LebT^} zJ#d_&(Xl8;;3zMy5E)(7Q?wrGBkLDJOzz-6pcFhH;|Y{M$RhPS3!fSc~rF2F{y z{R{gQ(6@bKzXH`gUD>a|xWzmB6l>lA08e^8&@@Kq8ldgUB?#`%62LMmDI%|932-`h}xzA zV1ndTqp}g0ETscLcoUMl5WtwvpSmL}j+93o(c zx{?eQD|Z)_Lb~U~Fiy@Gvn*@g_cKr}bEM+7NqIhG&_tBHU-n`eICVGjUQIFSyG7wt z?6EnqG&mbnEoq|lG#)T;n--Mk7hZq`2N?G}rw3jQdoD3(cdE3u%KA;8{|Tr-dGA?o z8TOF}DUdxOu?J+fO<#}{T!X#*%?oM0B`VuTm|1xDwVBUjsIileC|PibgZjJnJd(ne zeXsYtH|!ovo)(X%7UDpN zqV{Mw7<}qfXk-e5LoqW}Dw)N)i2_xkJUP<4Zz7~EaLwKIlF9{_y_Jbn>)0e)$yJj+ z6+jE_6js{h=B|MOx$6M?Eg%%k@oe4$=k{B5_ym1lE>72CXgac-dgo&n1#o$th-X!BHoP5K0e{PPCABea_vWNF+IzW2sf~SWw<@(UZugF*Hrnmo zxU53yx_{Aj0YZP#`2)Z$q7yOQmL0W&m0L8qFiKNYoqnhTd^Cw?9cjwZ0e6sw9e^k$ zv;#bfWlnS%5DSp$6g(0FT}W((cn3_yc6$Q78)@vH#MvNIkfpS;NfmCDt39Ds`Bip- zk0OecYeoeTTff4ok88^pI`t9X&-G4y{M)BNs(;l#yW-frQKLp85LG5Kt%RQu)bg;?xDUyQ z7@^X_tkbRiLE)y{T=FH`JAFl%R91dx*!U%-Zb!X3G??v}p; zJ?y4p6WokUx!PpOWwbXVuh2sN%*vFh?+wGE~jX zj`Dwiq1^4uC^QoUASH3=gBOQ?5j3y2)2-16v1>b@2)U)E>G$z;im3L4)SY@T7z_ql z954WZ)}T_$gTw${+R_mVoRA(j2t}f2wdycI{0^Z|cRh_m*3nUy!NK50Zd);xGDUX4 z|CO8OiGZ#E)NIt4L%xmHFahV@n&HZnR5%xU`t;)R{O#$>6Y$UTH<#e(;uQRR@=x&7 z$>qt@r}EDmwA6M7LJAurRm;EA(#b0FB00=GWwrsRL#}fIlpZH$N=#MI_Bb?gyiK>H ztDX!`<@P}=iLAc54}O00{mJF)ldF?4I6iwbzB;)Cua91xnC^IO83tK8fx(^zAyd?u z=;B&%nOJ&L!+lU$e!9jB@pKA74iDQ5w)3Gutqm6K%B(Oh5*ms-S>7 zZ|Gd$x$)J}@z3L{qpK6}=JL$2n)qq9CFxYl>^!7~EL*M|#1prDYZfR+knxgnw8-{t zfW!E`(sE@Pa6Z;z3NtJE8h9KL#;}-^DzVTA$eK^U$MsVPt(8q0yOs;Z zT&D~=!=XtG=_*F8#6V-E=bF;HTs*s6JiA;xyIee9OfDXmAe8)+6+L@R^@*_92W9_9_&Bct^W`4ToJHEQr*W?@<1;c*W*YesR%eJ||4Y@qMDGwUQGCP$egn^W#<~ zC-l)RiCAAwk*)?!``!K|Ad|joXkWW3EEhp9X|fW|+WKNjbkE(OB^$K>c$yE1k%@yN zN{BMQxWnB1>H?6hSjQgx*940ziH{RW#!_ZAGPgC(udOclK3+tsi?qgQd-}Ax;1#0U zw|+t80mB@tE{)WqK^!&rLZvIV(8UCDiq)u!r+ItW5{ z!P0>8L4`0+H=T0Yu$UsTc+)s!pEZx`x{p)-!zk)f1pNit$^uX&{|}x&%gg`6gXcT> z{}9ikN8mK%l=!jKLRu~Rh(n&65+BhJ97RdcPH;s@EVey!Lb&vD3VomtmnT>{oG}u_ zDx5mf_ehE5EsU@a&@BmMq-7M&aEOr9xB?jZ%!3i?fqw|CGx5Db;T(pZ+U7|>cCfqD zIFpHqh!zpKLzE?uSx4Pt>b=oIoz*OmkL7A*H48HqBPP@EM@Z)4ms>-*bg16ZI&(e| zuJqIE`j~k{2r{9XQ?Wn86lIJ@aR?STjJa6kAY*ue1IX>Ta2@Hj*#Sw!dC{{vn7jDN zP$&cIVikIZ4TUA>j? zrH`B3SoCb@de_3#E+FI}4t+$$Pnkko%k_z%3NZ%oB7&au*n_&?JAh25iVslecRA^z z&=X%!a6J*fwqvI z<|0c7@)S%@)z>F_{z#tw%U3f>;%EeZl&2p-Ih8RD%1C^3c~+aeHKLAz z(`g@Qlo4zW@Lt0Os!e%GeK5nfD0H3^Dq-!pF4B@iL$Lx_!vwCx>VuiOf#d{W8GUBD z%v>{N>#WyhFbERIgv9qd(_zW|zcJrGm1g>vx{}>-6G8$6Lr2g3LmQ||8(XQ^6PH;* zE{aZDLy{jyKwe$hO={~lsd8*i?ygxpNhaGho?6{te^Fbhd_QE}G+HW4kLd>Gz3ptg zgKu1%W2Z%yP9)r=<*5C++$s0k2`t?MNy6m<{VRed^Dt14YwT5*8~5XjH}dL9d~P@kWhLZGGhnk}O55g`bbEtE zkyqF8*vqv+JDF_Q3~fSFt0l@neZ97%mQaqNkfuV78X#(=#$457@O|s@kIbTXQnTmAAsR zG-Pa3wy-p0;MEY61^lIrsF(gJ)5c?+x>Y*{B!z3W^P}$QVslMKSbKl2b4ckrug|Ye zMw!%yCT|-<+AtS-Jcfa?Pt4eGvW{}amiKIkLsNseOP| zqKfPnu2rHC4%xLtoRQh~whk$<8jC{~vzzd`0xN~}Wl5`i?`|Zjssae#ube83ZROcW zjo`!&A)!_hJ{&lYLRQC)z9-qVn$UfxWU35FeXn9^HN`Ug^`GF{c59FG{+A=h`+9+q zZ?2P(ycXYjGtvY{#r^N_U_W>NySKN0aJakweTXN5-i?fHg&1$O@Iq$7dEEM{P0)#H=m-Yi6cTi!||%a`c(JYxMh3Km^yYNvjS>M_SbyY-~ix`i~kO}vZ)#K3pp zmtPf`A6j4O+@gP-A>IivDV+s+RW@tyCrr@!-C64IIdRXLz_M4?E0 z?KOwL7ano8V_Wf753G>AhUvr1CzFQDHCGo-y0D1!bn={M0$CW*eY zL!5cW>y#|%N4e8x? zwZ5W={b*Vu`{fsRPmkjXdLNyJK6?MSEfKVz{3@$Uu4z(RUgwL-l4C_xz0mZ=QGog5 z+JI#J_LE;bpxtSU@pN|KZPI)8(jmUf&N3Y!`|Gt#Z6Lc#j&vOQqM)+!_^O06k^zw; zgs1BJci&}}s$`G_$nVrHOT3s+1aGV{5%u%4K~~jVd_`k4eJs5);?VDawgmo{TQG;p zjckHYs6Mtk84ASse*!3AC5xOe8c46#v*uJX=p@7Y8D&hcm2+v(>p>PuM^1t#f_c8`_XUgT?OF$*TSS+9 zE_0+YeWv4g03$%VuqJAioPEr&YRaYnGH{22AfeyZ!&3UQ+F3RIc6p0_oB3Z6#?PlV z|G!ir&mMFFq_1_rwJr>Tt{MN`B>4kQ5;;rm5J2xEL1uguZW)*MO@<9oU_j}Rpy*WT@?hOi**LVtxT1z z%oH31Xa<9~MrlfRl5MpK6%C2>_OETWp`h)f0CCj*lya$O@q@*rE^=&zH>>qnKzf$; zQ%{LaHFCR0>;@_jo#cv568jfs>m+md|Fid{-EHH@qMw_;qJ~btEXSl4Z;9^popEf> z#J3a2$4zyfgkIJTvvb z;+S?DrLXnO@c-P{Xjl9{+s)?AO8@&H&qV#NrRud6y8SeZWz2Ms&<4k8D*gEzDsZ~e z)w*-4fbXOO&Ka~|u&)s#f#SChd%Tpw*a=D*uH=!HS*!T~lT>*lvVC#{Y|kc!FpfhdbxN;Z<$al=fa4TC`M(Ja3r6F+T2j1OUkHLX7X-1= z`3x8`q|B{hsFCpFNf7@hCf z9kC=^L)3-nS&+G)Ozxj%@iX&I3m0PLjIWO$H2aY0R_5R#?-S0RN#T|k@`~Xi^8No2 z5d8P@aKyASR|S^(Cy6lYSOR?=&$&@hemKMYjHf^AIDkWxd{VWFdnNg}6C4lSPL31b zTGSf2Zba#dNv|ksmU>x!SL$?}rb>*ql#Am^cT=kFEM!nUsnZ=eC?_{f5El}PTZr%a zg!$OJ>YwMCEdSM=JTBPqT*V1J&r(H^bF?u-{%f|kS{3bZ-V%s0}adrJEEVWbXhiRR9o~- zFozIv)PZZq_O_TdxQYYW_!x1I#FK|84zTuu(^{jod1;F-D6|w`+OE#|C4W?r?oL_{Wo{2{vTUg zt>$X|Kg3fNY)n!`xdO#Bci?5S`BHf+<`?E2c-3saS}n;x|1)#_Pc$5yzl~Yzf4jXo z?*Fyg{~zQTKiHU{7m5WGGQ8QFtzd^WVKIz2UN|+`70khDh?2_t+!?9-dd#_K`e)^( zR4$`kkIF9#f1}F#!pW%o!SXDsfVbR<%3pHtp$Z1H$58pL{pKO(f9Cq1Xbm}k8#Cqq z?W+9W-q>EP{|9-*^uCd^d!#4#7u+3CdLb6_Rq-bPkMhMmq#^ErYf=>%KWp>5IFbkG zbry#a?uhd`PPrE#Z-7%=6cDn6`6m7;eZ9b={ObiCsgIA1vG41dx&CeIgIl&SbNx3f z>%XX5OETqC>l9J zNEYQ7eD!p&9FK&`dRC_8<|*p+NC17R8cAu^ACyAPi*6(|WD33m${|Dsyo+P15_Q1m zS}E2tGb6O2UU!VzQ6|}BnEUY58BoFatn6UMw%IaTu4};|fxw!ncy)DUwo{VabCZ?hzeG6o+o8anE0?YJ&&8d>Rq{>0D1{9lQM3vB?? z`G2e39<%>xZ*Q;c{~qL7GyD!b50s0(QTZv$?M$&yeH3)c7evk)gt(jai^}SEpTvEg zDnte%jj&+K>R*&{(nEshqf~}Lh{%O%D@n0vL+U~#U$60rkl>A?#8GJ(gmk)AO3`4l zV2FPGOTLdr<$%~l+J46!#;|ki%o?P$Iu-WSL9ZxUXyu5I^60E7-Cbi`_O?n zi=weEo@7yEa^Ty&L}92qCo^%Foc6MVD8;IWrVR^72R{8)+lZB_qSR0*O%WilKFhsS zrQ5UOL4#iIu;f;wQ;Se~g_{b=K)llG8N)Nec;Q(0R zWK-3a_VT^mY7SX1Z`-B?SdCHPL6BIIBl}qFjDq-+lzx>&b|U}iVu?A)DzO%0q--J( zo8qgK$N=wBvQd1MITA$2pjjQXG~i0w7tu~m*mb#6mBEH7UJojvOh^qQ5U}zebJ5^<=1Wvo@~jjX;xrP#s87GQh${anV{Hev?$(zquw#)Is!@!WR4{7`7n@qTqlo% zqkae20C`)z-p;Gdt(GEQ1uBosBN1#!#lTW?oG*F@3Ucab9I4QdM(tGvI~HM5w4;L_ z=1u2CjEYTumjT^PFh~_cadIoA7>jjn=mOOiHf6X;L(NAq;i9tmf8PvRS`(325VMx! zQyh|1O72EP*J%qX=<=N$YCVyQFN+fTWI8WFyLVdmNNhq@j<p}I=J)0_&BvDvMBUk)>y1awJLEmQ21z|+m-)9p@eez`MU-^Rl8 z{VI65)oyQYiTMt&khw^JI6l!bmgj*y%Nv=CQ*qeMl7@;I0?4kEH&-Q`s&qKs&=^^a z7g-KvOo2N;ark4@VG&2p(>zXT#Ada-T&kGZ%tD0G^4orMdZ=A ziL1Nb>{`y6xlodulO`Q~-J}Fud06OTlc!K;7?jiosD=kw7gRZLzlTVarMSTT8+w)J zeIMYw6QbPT;WcJb^4ICrj`}f8@j7&IfW&VuQ$fm1$la9Sp2;pRjtemnvM~9NmBvR3 zl>#`^HM<$tsTLG}jVbqGFJg2Zl8kF6tC|=6k$G(MmgP2@(g>0W#aJLFiiLTna4)PckWnu05D?1m^t zeVn>J9LbcqaD`%S&}o-gmtSLSW>rox5Dq<(GVbdf78*z}pp@Zq+b9f)j&ziyo5@W}@&n((<>aH`(s5D=FbH{1$n*X-Xl;emt zc{Hp2EY%WRne^jw&G&IMQlE*!6~ladmN~U1(a3zoeXQ%w7*)#i0Zr=N*qH9pvy{*7 z)CC@yPKiJ7tuyl8S$9T^{+%M=dP1-Y_%fAsYWk>uEvuX5)n<%LWE&GvH{Q9QNE}u= zctK=}n903dSHUWDoG`iK+#^|6@d52Yu3s%_OroQmD(pE2d2FnY%t&){qD{fp*nChGKoVU?XPX1#~ zYK63qJ-Hqjp)n3ii(e)NTGlZ2KH^*UVsccEtq}c-JqzpqxsG(f8s|!b$b6nmzY3V4 z|8H)#s{VhQJFECl5A%Hc<{3?}TYE{0l0-!e0q^F<`SuO`Q^ovb+!VOE@oH}f1zaq4 znwuNPnc0Zu5T1z%_uviozAWCPUoEKiftwqjT?PyGM>2hjVVjN~5{vw$yeWP*Bvq9a`laqadJJ%olH; zp<4}EIe$)X%__NI8%pyM_w_t07+EThqPJK+o}rhLO~fr1)m%fb?Zur?k&of_!(XuF zB#WZDRSP5zqAZ-vQhm`O3re;9#tR{c@&34??(M&vcF zRP9N@ZCx#VlQ*m^&04bTi-un3X85*H>RU3QpVyhnfu>35*LinpndyR4Qr0E<>dsL0 z4M6i#(?j(Upn>+h@}U zHNLw2=LLKfSgwv>N;mr!3g_sN5B3~rG!>H`Qx4D6iPWz4{JAVQW)YCLtomAN=^C<_ zd{M(OF8*Ti+N(iy;EofhH(;J6MTTR4h)C?3rTru*Q>B>6kOUmu3c0#Dvg@uhZf>-_ zTD}S8Ei1%yz@5pMt4r?L5T^oh)hL_ujj=3M05`<>WhKf?92-Cs@hrrwl>ah25t2$|P)#j%!o2x%>RsdYH$0?x6ou{(6#c<;VLj zkzuaO=D{=kKibXaPFerA(Q39@EB)U?JoBiSihEJ9Xl##>w2J~CWqd$WeGTsGoS>I2 z=R#iKSeZLsE8=j5m?IeiDtAGclke7Qat!}fOhpO3;)Go|r;GmNX*BCS8oZpCC)79b zrqq^J(J4%*lS|c$r~_uJ59;`#*zELPx2Za0Z4(M7t_(cQ1`RPvw%TUUD6EC?_T zak$v2qAosfd$hUFqedL=Dx9Hn`hUv~2lT zE@LfN@fXGkc1*K!vkI8~mwlGJ|JR0wnYsV(RQCV&&i2MC{^x@{54r!}e&e6SSXaCL z&Kf52Toi?H5k&92Yn=^KSZ!UWlBRf$cm;s~zPOGcLFvqW^;7N_vYZ&vfOaoVAsR7g35K5cDoFX{UJIrx z_j9>%j=xG`;yn`K`YwXU2B^KYZ5H0X^2DJjD52CcJGZE1FG-?NK^}_b2%a18$T;(8 z%Ha{4Up;2qZOF;|Rhyc7u>?}96SGQ5&a&$_41$Ue7kH%K7q}Jg!*t}OS-cxWMDVNp z0|g-&!F4_=B!&!L4?L$15f!gW?T4aWcXmH_5yRV?;9Wse&-Q0sf|urHs)?XXCJ5KS za0o7I{QB#!PxklDUw=G4czf7*Vj64o-TH28P9V*MYSzAvAQG<2Y!g!%fPrLeP0Dwp z6WO|CZC?wvRman$<3tZWeS*J%XSf*r_S=66LX35_lV1+p|AHQ|O6!8V;QEt`*YUaCfs3Kgpd;X$G`C;7bMV7#+HwM!lR=+KhW+49+7Ze zdlaJR3XPP}RTnW5?9-U>6p@&--Tl4JKlk3A9V)`bqmK;rv8a9+2P7HbR4}P^A*$Oi zG+}WZhdBJn)Ka4EUd9JCc-k#vY37b*h}1r#PSg7}E?a60@(??1%_##P>ukHoh26B( zXn``WeUsOwDr*kKcRf_TG+TG&V7ZjjS`OSCNet3FQ1a2fl|oBBmUnU?jJQ^TQgRCO z%sUD7K1TK&s7EKZl5>W~TAFpIT7sm~XKZe6f&wZdV5FK+sY_Xv{r824l z0i=kjXqRG*rqy@=q$dOJ@`0$*rFugbx> zQ+aC=i+OCsI3Ct~wcR6XKF_3<{L-SRQz-16Dmb@Hum!WLDXSS=dHD53_fHS^J{*=_ zr`5C$MQIs-!~A3<#D~3}v~hrA8W&j4x$h~yB>1YXqq38$JB7!2mZJavop#N^rS1-3 z#{K`s##Yt;cc;CxivRu~&)xL@UBR4-yZ-;B-5ULWtrK3Ire0gVFHP%T0Q`$6|8J$_ zZ{JqQuSrKpErxbUow z^U(8VVDmLN!QslrpGCMS7P~e#=a^%BDdp}i3NC1`_m&I^??7`URL*{uCjTiX&sr0Z zneyLe)&66rwUYlH=J_MZf67~TdE%de_ZN}=>PG&h>7{BIBPEXn@2;>~zJ9=`M4zpY$gz8|w` z4Qn3qsn|O$N9;Dc$oIRA+=2hw@v)|+gPZ05xxG`(|F*Tgv5NotAdd`Zq(!stE`Qwoj6;=s=yHe`jJ&zkQoP9oN9=|1ugEYxNqwWRy$X^HGAU zMom@NOXB}`*#9e$7AMOAv(A6*o%Wdh$L7la^Ff|@&VPA+lqtu*F^)ConyR;|pZl=4 z;*0mk7wfnXk66y`v}05$$m7IZLS>Oe`%cZSdVxo!sw=hLlAk5N{$e+sg=&Bidlu}0d#UQDq z^os=_TJ7);qB2`3v6Gn_oypna9L95(*hFGklBo7<*hL2Z+&tyZITI$*=~(iFYCisn zITPv<_uD2l(^4i>>y|Sm6gEFa5)6S3k0e~IVy2Q`m|{4-EPLH4lVh9|EOe!Ovan%hnJI}YK;n~8({cyw^TW6emo%%NJ~%t+g< z=En4qzCSpB^Zx9^`SIb0U*4boG-1I0S%L%q4Q2coa~aa41Wlm?e}QLpXug;6OeSmBsGfq=y@Pj0$G7Jt7Jg7T zB=NjFV`@Ev*v;0fRxM)3-!U9yDdAFp!e6<~e^C_Cs}qyP{*VPIlAY;54;2A(K!!y~ zP?to6ld2y!3d3>7?Bl}^3VpR-PWOJX-sfrb!|`TKs-;s(`9Dd7mGk@9>PoYCj~&xk z6srLuzJ6pl?dV`YIbMVSc9PN_i7N3Nl-l`J<>x<8H_ds0YT_RAtmXOiOL6hcPAI6o zivj6$h-ns=XwOdEQ~m~11rP750`EmMxX=-y=9gWTEVj%ivdkr}+*VYXDyH1O{PEY2 zJPrkCRxK!iFbj`B6C8AMfzhC2@ld+;wohK>T|(AQ4u<-+pyZ zvp6Pk|5x|FAf&(|j1y>yzhi72(pCb)Urk`BxC410^Sd4p!Rrb#TL`F$FIb~qF`v}R z8k13K7i+Ox3T@J{6|QVHkF106Atn93m}Xa>_-e|GhX^Z8CwwXvPFZjCTH4#6(D10N zPJ&P6?iNTi$qvS0%~>g!QNb>2=6o{b(wvT0%@JUIS%Z91n2a~A!it5^l|iVh!SjmI z%3?)b8|qZLP`v*()S+tracN{4DaX)*sg&l2wcinzoR?f_@l|7>lK z+yAs%EB}uNd1l@JEuQIG-|ZY}f*HHELrKC4E1`p&c)p{{J9uQbwR^w!TYOx`CMd;8 zL;}P*(2^EHcEC>=>hoqXUlPUZN}-%j_3OnEKQj)-?bjt#qGo0L42?~jyjV=XsqT1 z9?h5{~qG8;$M~ z*SJlF3$=FO<_=RRuQS9HN!`2|V#U-1Xhs?Y#=y_61b=daVao41hGXhsar9Fk5H zHQ!+LhC10nwK2ip#M+4Ay10OHpH3+Bv~*8(HNbhI$D-?m!BbV`X(=wl(jzb0`CRIA zxh(8ctObW6{mV>`QeD*c4YgzSnYpIv46arp;pa07YvOob+vQU8_T~9l(wb!^tf@~{ zvq++vN|KsKOi**{Yym#H;Rv69NvCzP3yOlFlxX7OhU^1oTc6CJ>2#{Xz;R{g&=w_7Xu z{~?|!_dnADJ$^@*HQ&pP%QSJpXn4hDuP4eIPfwSml+%Dl9r&<+qTg|p_Ax)PiPPo`VpUn`M*EF(NGD5^R_XA|2MaGs`($<+ncNV{|9;2-~@4w(^#53s(Do> z%x*@aPzde`3NBC|GvCp-Y%EJ8BLOzRQ3QgQDXEym{dGujggCjx@@!(gM{($^L5%w< zhw-x{#Xa&>oM**p;BU`;cppb2ps}nex&#SMAtEvM9sl6${EX8SJ8Q5{heH~}&--T( zl9V}qpYVqKS9Ra{vI5YJk@Q0DyYQ!e{8 z{igrww`ay%kPQ1i8xS0YQt0ZUu#X$MuqVrUB<|64D9Ic}e`kCY;oV+@xW~R^D8KftD#GK z0`a|&9O3gE{wC^m$7JUJ41yzL?mNzl7jNhgC#a7*FJ8cZ*SL4e%;!H7#!>C!{vXF# zTZ4Cqn44tBxt6x2a1Dn;L?XC`k7)$g&NXs0`Ajw3jW^?GSyF)xwfLqPx zJECeyikn^Z=H@e8gQWaKkCs!A2{sxj9@0w;$VQ1IN~wvfSnZj6PkpL@dQ^_zyk7(3 zsaOHm@VSgc(J@^}$`_)ND2QTp*FU|9JVLMCKujV5HIGYe2BTu7DzN@^xE%G%eO5Ci zz59QKS-}@x)`$}%QB2fep7VBR9i$tf8U@9o3 zSsX${E)-8NllMFAGVME^@_}eQ7H2uL2n-XjI>FP->O(_2+*x+uj5G}6}NmPfT zh<(fj6oxnijsQhbq0s}G;GnQR9~5l3+Mqg3Pi#x+74FnbZ2Ug}v1sdKT*iodF_Fz+kOmVwI| z5J2ClkERmnI<@f3bk#zX(^dyDuT{X5(WV}SWR+K0J>5!*EBPwPlQW40v1yqy#UV+h zl&Zy1v3S*fA}F;;u~i=I{SaZvLHCw~SPN|lv{)5)?s2xY>2YqomfOPF)BGxUxz%oO zZs}>(T6X1~r*Ig;j@;#|rpO>OB0Sxl-_ z35mIglyqH$0u?`1G*GwWy6bKc8Px5#`|414q`sSv`5mjMakK6YX(;|IY^T->!w1or zHXl&%gOsa3F7Qa#*A@qzZ?4pxiGN?TxpO6$1tNEnkZVOE@*MS;4163rRI8J&?e@t z(u*V2=_?d-vu5oQ>+)-i4I7a>1qg>8Ng4Oy`2B~&jsX%3C}p_ZHVQ+c)N@7H2t`r3 zDI2Hy7?)3>(MzB>%-IX#kgDhoyh~K06i%iO-^D6Kzn+ZkltHb;w_{n?8zn=p)n3i$P5uj zOB;t?c48ENjC-C*&*Jw#7==UZ4@19Cc``ZapY_bN|Jm89-2ZHBY^~xyKgjd#Tka|g zuAFyY&3IuQQ~e$mig;bf+0W8c$Z|^mcB#X(5eA=Y>g&&{?q{d2iGjYycuQhqrc+l; z?;|p!)|t|Zn$l})aB6lLbG2|xjaZ}ZUZ@h5rP)eplaq3!Y6A9pT&Z2fmt4q{AJ@fh z*u?=IVwOk26mYbX6zl6A!UvAvBe%NUv2KUPyjqP&Z@8w?g_`aGVGas7xs(DBjRA@N z_!>6>9S(6ETIi{pD*4Gmt*3E&r10T5`VZ)(bf^Vw>Ha0}?M0*VE+RMh?a?TrR|1X3 xP0VpVfBq~D2^^`yHFGdSUm|M#u{rDNSv{*~_587){~rJV|Nn0Jj=BKS0{~p2vGV`` diff --git a/assets/stackstate/stackstate-k8s-agent-1.0.82.tgz b/assets/stackstate/stackstate-k8s-agent-1.0.82.tgz deleted file mode 100644 index 5652bc608eceb8f255e7f52ad22395777deaca75..0000000000000000000000000000000000000000 GIT binary patch literal 0 HcmV?d00001 literal 34919 zcmV)>K!d*@iwG0|00000|0w_~VMtOiV@ORlOnEsqVl!4SWK%V1T2nbTPgYhoO;>Dc zVQyr3R8em|NM&qo0PMYcd)qehDE#}k`V@GT?$aczt1n5acf03x9k=zbPV8ej*|VqH z<3J=Np{58H0PSd#oX`F~xRD?UilihvX;<858<_-V2Ebr20OrCt^lli39CdGAur8dT zkoS-0kn-LVE`tBs#xocU2G0%-3-04pzbZA43lsKzWMui!`|@Q-k>}9##x-A z06~T{1{dG9V1(Zqc(;2k7)8mS`@KPL(DG4)LLY@5Mr_pT0vKS(Mqti)^b>+UqNm|+ z$m4|m15M_H+_V5t=tPO`To&nKU8V&9MG;|`6S^FMDGt!6-|zK3F?(3Qq)O7@L2uCe zR!~Hd2f659PGi*a5%VaHxGeJ%3Kl@Z15-i)pQA$8_F8jdC}g94e}?%yp7cDj=*yyS zG2^grb(iWY>V$^VCV@)EJOxHF_F(t| zd4q%J2mb!S-rnKJqJTHBm^ZynGF=AU&09Vid=Y!#JFF*hHpY8O&2YDX3 zp4KDqqnu&^xP=spHJ*V-EqB@0EFcpY2<;KQ=M0@bBTrD{1)QOaI0#e~CUBddec(~#qmW}5Fc2c-BVX!qLcx;C4Up9VMKjDe zT?#~bfFtnBuTF%=7VK^p{3t&MOW>m^4p9cRz!}9sfWw)B&oY=SNV<6uCGVHHQIzj` zF%1N^3-O193xfb~3a3--i5|6dI8i&M!3eb5b_3WAj>ar_3j^%SjfWhrP>c!S0Ry+` zhbbis;00LiAPN;nU6cW{MbzsfU>8DY2G-$xK$iR#5X477rt-H0)N9%0 zMrLf-wbhpz`%3xYi@UA)O&UUNVjr0@juM8=Q~zb_FxwqbMLtIrSb#gfT3} zSuHRl5a2L=|Ds=F&mN398GBI7-;iU3C@KV&L9l+u!3YGu@h1G_uhB{A;mOi!G z@DpMDf)dZ!0?a@Fj5fr&B~x$b)4^fAwG} zxWk*naE5$I)m)<-sUkv@G0!XZI`cf6AqztE6B5%T1sQy`>RrU5agvKRqV+ewMoZ)N%- zUm(LSt~GXyxR8pXIKWfDP%s4y&qCw_eaPoQju?Ox3DN2IR;{^3d_Tt%6d-y{KsC8e|(lXYd&cn>C_||-$BkzV?!PzmSJ`Q1kxkMk3yAB}K znfRR$v6HVclU-O+1QB0&z3Ls;zg|;CzO7#+W;;j@))-2IWSD~g-M1;_k>zV3I zvkoG9h8LJK^%kgQ(EI_w0*81JFVYuzkt;#=^3Zw`Oi$PDc~LCLf2IBe#}{uBH4g-` zf^5qI;!qLLv+#LQERQf2?ahc-paoHykfB4rsZWZkFaqu2i@__L(zAf?H|Zr+JLx6$ z=bF8=em7|gVsp*7_*UAMFo51aR)lbl8zS4vdMbc3xh zU6#~lyjRt8>#(1bo<>|)-F1hm>ulv+OT3J{vvyH=^3!^HzL*V`Iqem+eh(RP99)

E=YjA_1Wu=~3BRC-rLArk5d(;6wn#8jXz~Pj1z#XJv2Ovrb?EsHrjy)K3q>@CYQ$x-pvGo(XQ-*j)bWH#z z(7Tap>|CE*2t_PQpy2}Z_eeDC^z{$tt(KV;`sgPe`XHm6RQ5#zp{FVux#o~(4(av0 zTzb{U^vWrw+^geWMxImjdyLpxjWt!B%}qWw(Wx3B%eUBt&#gEG_!fnTu?tEjb;WL` zj$^*ZOmbePnA(H%ij!LJ3LB%HLL9^tUCk+Ca}r4W@A5C-B~#o~7J_GjQabWAMqqy( zYH*0f*5f4#;Bt&S68iF-^_}B=HBF96BQQK%hpq@wOnjT7%$sUjGR4=Wg2kQ?_Svz@ zzpSPuUtrlh-0+E>8osxZ3O-Z)=2plHT6Z*L6bjnsLpHJCxTbNKe#0_UuQhRGt zDo4*+bE=f8jV4u&vf8t%l$tfCRgR8^^Qx4ZwI^1No(40kl$PSulAl~!X$fhKw9%{{ znn3Bb%4bz!hmzh*5v6hSy+#MazgS?4vTx*=Rd8 zTyc)p6k(HH)nMISRS6~QZmu?I{bqZty%(wnGRJR--eM0KLx7*-38Eq5hyn8@b0EvFfz|cdq16~s!T@b27nSf-KEyW14 zmL#@eiJ@K>RcCuS`;aoQfkoL^cJL((XNZ~3I=wgm$EPnZ0Sp3ir*3^Hg5EsSraTEf z@B^XQ5?uF`>2fjW)ex4EFap1{hl8H{U;jnBa7|>3*E20z)lHqWJF<_vltEJ}-i&Os z!NrjeIT~{cIhrL_BkC<+=Cx_)ONbUE6jD940n0)dS;Kotq;b_7SwOz0_8T)n7x4X? z5Z*!@h=pkchJ!(#O7Uxq0%>t8XcW9;?3d(uF!2Fo4A0~uC#bS(C{v*B0QNK?m9saXYj9*K?i>EL1gy}=9tx=QXK(wAe( zkh)KFPNP;{A7*6Am4uQ<`i97iY|EAD&B!aXkUynnK&HGag}NkXMgkblz#PFy&N+4A z-I3oI45ikvh#3bH1Ry1G=z|xBe-Sfly(LD?!IY#C*gqJ&!r#|v$ei1a#i)M?Y3{)@xG?rM2CYiN@Qmw%nkZ3Mb8%k|`WeSeK-ivy4gv#iJ)utq=P)&;| zIs*Gnw#ZRqG}Bs?n8FoQ=wc(Vzt?JcN()GYi${VWYgJ^I=%t@~H;Mjna*IM`X6)Q| zYXDl}AywD{B=O{-S=;bBB)meLVy`X@3thUL2o0|x6<6v&!`=bwGY;@L9fc=iUlIZ` zG1f9-w?!A0eKF6fj7JxzdHOUav0m4wjzlCNO3$d#N!%1K?L&3~x&oRWOty2Y z2()Wdp5tW6lrEd<0HbVJ-Df)uDAEOw<-F>4rKTA`I!kC_+T=1faLOmr@TRJMOem7Z zOiWud`IvEvCoxB2R|#3&KCL(`9TDv7mzdB-9a8@)%=frfKV#Cxn zTx|Kpem8>&Xc?^yQR9jSqI0ODTHh5^9eBzytlZye5se-|*+7@02sD>74dRy4`R>Posu zwzV!qdm7Q+-uabe`dDy?q0&UxV!nMBNAPr%0R=!2ax*1?lIe zQz5O{cs`_6>rV=c&@XFd6bIQ%kF=XF^QVS&mhj8$Zi*)7CWVDEtuC}fxy4XN9LelW z0W??^^JL5k#s3x>b`TLiwKc0l(@#m&3*sN8RSkhC zSXDSy6%18bFdNWwE6?X4=g^xkN_Qh!lGK?#I7%z^z#FEm%yH<;gD$x~T!`t-xKKA$ zrKAA`yc@JZ+P_E8tJR;clfs6SwE6}#Bo^~^Xiyg|uV9qws7dt=Xh5MK5nOK!PfXb! zIGuvDCZx#J@WqM{+6&hm3BOT?S#nE3%)T5zFxIDaV$g|D(dUq>BRsKBeHg3q40Bnndc>%NEUnx^5JSo(F(e!Wh}*+rMxoG3U|ga3 z94+P0stG5jYDo_$syC5vsq=J|Xj3H@9b;YGCd3A@0VOz`QB-ryJvC(w4N2uqRtQSM z-^ira`ante-(-@m4!Y_F*lS|8v2KXbY*~Jf35WHVP*wP!vO+IsB%r{g1_T9S+|GFF z)UiySMb1QW)xYh}ktOF>5jD#S&!&RR&v}F$*r*QSf z>t4m$E8!W`7O3@ zG!B*fVe#m)V;zGh%1R#K2z)zerFzUO7_Fu)Db`!S_b(xb=DNms(Lm{mD7eC#Lkc~4 zRA?@5e8?e)D2Wi|OKBmKYE*`}G#-PsK~I}EN8U|(k!vU@Il2E6x^U)`kah3*m8Ptaye>N+gW80)OGN8qpI@t zcR7RP2-w{9qjFx}gOf+inR##S91Z5?RvkBL&CYvp(Wp5;x9p5jXNKyH^s!WEyIt@) zF+DO{?8G1@XGWlp0(z}vH!gvQrj=UUxiqdV7~N$_D>u0-l902}EE;E~F~w5rOjgS- z^O4Ik^O4IoQ;C|)y;0WEyf9{s4a$`@^??;xpbDlHJ7A^Rcw#X9A~hM$n~Rs?YGf6z z+VH$a6Ox+cjmQH}gB%R^bdZA__-)zCW`J(fWHtkMbE{cm0(0qwTZM|tzwPOGUgIPl z=BauCl9-qRnQ>Slp@hH$1hI3lD?U3JIK2 zu(tRe?q}q0HN={dclhmIx#V?WSwrmZRZ-s5*(M*5CpQDJV_I^Gj1AfB~KST9zt6EqIhX|hooRYib9xnf07@QVy?EHppl3mOWmNG5is zjrp@h&&+Nm9lECK2rBIJhRf(+dn!Ht$7x1p}(i2@Nx|Id=g%c z_`wds%SpJWbMSJ6_k0Xqj`+S#!7~{3QFrD5ylk4tnBv|X39T?a{AM)|ax-YRbB(%JY1uE6 z8X22x+59Du0Vwj|?JN>@LQj>vMV2v|(rYUlk-oafY&3<`@esa66dYZgian=5n1_@k zp(CsmNn*c zz(xI(no`J`uEbI+=JT$sTObk21_??YGfr_hdjg(5y|_God;0PO{PXo;AJcXMT?P#b}y+f(q*TFke}ate{%Wy!VjEh9;YbEPGtjb*VeKQYTCrCw;7^4u5o_*>dur>1CzglUwW~0M(F)-cU1J zjABd?@W^5jhbEYWa-(-wN4Duj6;OXahj+ZoXnmnsN4oRXmA7bzs$DIIO) zciy%wF@)UwRo2u#0T?lXzEIb^b5kzg7jWCyl41a~V;Yzp)~`uz2Y&fpt&Ev>77a?g zr$HD$b&8lvs^-WqG@&ilx%RJ_?G^g{?9M4`|m;b+g~5+ zAOHGS_h0|&{rc3rfAV!ZQ~gsGT02=1YY>tJ)N=j)lpD0VgV3`7{p4c1_1Q^YWz=UM zU4Bg-$o8)Cb+S9IK6mK4D~82EOBGbr!oGP|LJXsHg@nSV(%a>V-A8E2kuF{VqMB=J@H-|+b`tN-mC91aIN{qG^34c(_lWOiaaVPlalecT@s43Vrbz zhnQa*!v?vn4fQQR*BGP{lP|3+k4u^Uog5c;%>lFeQxk5wpe%&Lr%wis^LqkH(^&`d z3ZS*%Susx%KJmMO86 zGy$F>Z|Md4+9aZA%t;dF1HDIHn!3azivkP`x6}Y*}UBW?XD;Oi@Z4j-~5PW zWH1)sMGs=IAR*?2N>dVP{Si+Vn9DngUa$Af{|i`vPy~j1gEsiJl@Yqi^b@o{d;mD~ zg4jp)pb?|toAqp|8zdS(!(o{YJZ@_%IG}B zDDW@Q)J|R_-(5gHm*%rPX1zIKTqjL2*epx}!|S70C+lO0kSDwFwX&ejw#fy41lnIe zc98I-YYj@t<)!NX6vxqzC$F!r-=18KPtRXxku>F$k3c9`C_gfSy6cO}^W$6-(i~0g zV)^ku$Ijwx$=W3&kt;7Wopzx+k1k$apS(W${_NysjmFyE5GAcMK;K-R6#%a0?Cgc9 zn%4!;`X>2W4O126&S)|@!dK~-rb;Ct7W0iyF5jLWpIjH2R1kKF0t6ZA$=mNwpB!;n zD*MT%FtH*i7YGIIzt{#hsjKJBs_`HHe0p*H_UP>N<E!t5@%7cw zkJraXmoHCWADx|E{j<(gbh&s`jJCrS%F&>c|8;eFbbWmO`iIjWul3#iWqyJsn{EZP zUDf+PogAHA{d9eCetDIHba;4pSnQXxlcSd>m)9p}C&yO>+0>S{JK0KS=RaPboxD9M zPQ)5wEHS|Tn55b$*0KtfGQ*ca#p{!+f1F?be0_C!bbR{y#|AR5#4BqBu8Yg_tMlXY zv+L8>;|n!d4e&*jaN?2RG!zS=+}zc}d3-V+*OZG*)7!5=e0=`;>ge?K$)%dN*Qc+q zPA=abm5+A46gaCfzSh0E9h6D(ni~DP1&qdJuJ&kdX(@G!>GAl?h-#O@Luk^bSwJQ* zaCq(&xvE&EYPB%>>DAd-C|{>P)Dids&Cl@!1&Cjrjo%`Qrv-tZ!E`m=re2a;OB|Ex zG7iN?$kzX!_U8x&d~V*!@RjOS56)*-D)JBovp6;6t-pm5bo! z{8qyka1(}G>F2j0$5pxXZNze`-S&z+Cx$w?9@nr`;M^C(y=Sdd=*t}DX%t_*lNf=k z;|o`9vCp(>=lCjLU66E#`Mh2WEvtfpr=NhN@1pD@i{YN5?doFi6^V89?@g61v*f6+ z9>q)+kaWoq1?muTGlh$0)1>E`l#oz{ynhR6pT=R|qnOD5^h7~7=meS}&aVQR6tsTU zKyafpZ719SPx|)vQXt`!l>#u|N-O)KVYH%os!)ygsDdHlVUeU1P(LkD0g2oq8o=dV zY5O$5Ou15+VwdP+S^$U9Z6=a(g$l+u$Xp= zXI=BLt7f}vGDd28$%~#)9iD0dKgkvPC`}olhd{gE2JP$ir%%`UTB|3h^+)Y%HI@xa zWG>h6Ee_BupNOxt6~$!Tc6B!vHf z1H_h$qlNL_le7m+x3rQft5VwFojJhged^!;>$9Xa>;Nk6{|^p_d%64nz30z%_MZ>( zxbOcnW1Y1F$b4#vt$)Q1C38M$ZpGDwdf_sD13;D6^3Li_Zs#2U%q9JY50)UjSL1^F zZAIQhqLI~s19HLmAlY6xwg}G#&-Qor34adzgc2^RxVyVLzdk;HJw89HzP-I)%LZBc z+$LTE|*^`G0r)U#vF3? zeLS5aDzoBMp+5g!h7CXQ;hHI4z|*ll5?8NZowTDf_rD( zu(NL1SvNGWZpf(#_h95uefyT7VRs4l=evYsOV*XQRzcTClXzA@z?Q793iQ(gkHAk* zx#{Gp1IQ#UK*C@NCKSONmWF!Q&OA&-7gO=ZWR3ylW2iyj^L5=L8ST>~J3u}IP~OD@ zPJr0iVan%a|lmyjN5gjoD5UBCe!8*Yt z=3)lkAszUUfLMoa#JnS3OYD4(3}Q~e0^T46SE3QCelOS7Mq45A$6F~GE;WGc)QTWu zcYdLx5cm4lr`;9i?h13GE6jX!i9h}gX4U=Q90ie>jXY}X_M1GF{=fUV`@iAy!@Xy_ z`@e^HK78mu1-E!H65?K_Vd2XNeYX(Z;?2}vwypK#&($EU1DueO$TDn|% zo9NV)m7d&9i>l+qV+lhZC?_HjF3`D=f*-}q3q9~`U;f04aXg*k_n_TPfth)zh&@)Z zh+%?5Xz5Gvdkh0S#mEORiexi-t$!c|U6$tphiDQ56Xd~|A;8EY6E;>hUS86u^guFT zg-T8%m(a&L-tEiRV^LP>LJ{(w^jfD=K-J;70-{$trUM$vcQ}ndD}(1ku^ zbyqT(R8Jm7k?Bk)EIr5yRH2Hs3%9h2A`}%r-S1A8S(?T=^MQL{GWnO4r)a#egTK^f zFIBax^iS3n_{_^b(`jO@PJb*p5PaRc(uzdyd&rR7Ft>GiX+YF|BF_WZ9PS-H6SQUf zK{dk)0sH3i3{2xt<&dpMd;Vlo@i5>~;JO`*sXC!>jY^GvGU>(=^*!l2ryR}&*eNLf zNf##ye}bWYcV~mTr6ktq|3;0^Z(-_p!^+LiR{9`~U2=~dkmlU1?0~H_O5j_kQFZ70 zdV{$tYv9&cS_0X0K$Ud4L_DS{@V?3Er|hw6%9orCSJ&mZqfV;rqt@IRb_R&!nqBOp za|UlIqC~C917BUMR9U%1p^vE0I@L+BJS$36G6>A(u-AISWCF#?)s{zr1l6MwbQ?Sd zKK3|h%eU?Hk`eNGkCPssBlSv|B%=4c4ZeON`mf%Y6!3Mk_cdaNbIOu{yr8EVYMtH7 z18cEFs4qQDM&`6UIW@>udE7Gx?CQk(iMw|3{GhsBQ5*zay?olreWUw{t_8(8`pJAy z0hqx{d1?wyI|+%Lsif1Px55yT<>J$ocCc4MWNsBS4Qwq`O~ z=-nLgIZ_$r(*0gG=CVHXH%Z4av+^DH!08k)(g9Qn?Qb}Z(Kl*k(yv0o=Rzz$R!NjG zQ|I1KdeuVN5$iie-3DLRm!lPs*4P%BCXS>qJQwzsjeaHd_5 zF&QZ-ZTdg42B|kRt`;;paJ0!evko6u(ya@Z9>nL&b=IW>GtMi{vUVqVJRZQ;q@WWP~+Om28Kljb(f5uaB|DQc-Q=>^qfF?Nf zaX72z23(Q9J?=oDPZEOu*|%m_737|nfRFHJab0P38Lx%7fO z5NTLcxRUe8A|fFQ`3U5ww$qC@qadSJ<;f7!P8%r02>(b)9IY6P7665@SlRVfe0LVh zglTNl>RPB|u2}_BUppSDeCtg{G&JdEilyc2-6HV7Pb2xCxoWA8qe}h{2M7815BrC^ z{I3u4So`!b(yI1LBHt0k!RYN8qC%wq+-I3gK=I z$dJJzl{bkYmAz7(JS`yi=4ZN}v^PWpTHWPWTSAuAYHq&?lJtw&*e4b@ngYOeYHJr{ zoI;Lf+Cj+twbBvsAa@J}65|Ekw-#pukQ-Rr0Hn(5G;c>~6Y(N%O;XW&_3Z5m7`DQP z7Og>s<(f0yx@@-{#@kdbBpqQUWxc_38N95rcd_|fnW+_wymCe^>8L*gZg2H+=PdDX zL>D-eL;oX%9=gazP2M{gxZIgR>XmA-gnd_T*`jBBrMDF{txFU~4zggYW2~vi z;pDF#SG+arOIg&lEOtliH4E)FBCuugx#F;85LPmE;pPUc2v}7IbXmBkVn-FTzGeH$ zN+wmTyed>$DVa3_rWvlR9X73swAI1W3ZzztP%{*6C6HQv8abzIMO3x2?yebIt%##4 z!djM1(l~1lYFA}(tHaH8vbhz}uFTYyrC#@povp11ub8AQ3nWd|R;=qz*p{uoa;Dv{ z5Lg}gtpS;Z+!WES< zMpcxdRj{`L+9}jNY!u8WOLHNpPM%(OXq~N6mkn}MpFWo^R2KF~J(~tUQjaSH(uxjo zWJWSiE@h2*T&Zi4Z>|(J=2@A_CL`r)rAjhSRSKJO$SYFTBn>J}T~iL$nW`pXfmJDM z%3+qJs4>rqR5j&5U8!lzD7Tx1U? z8)YP7S@t3Ggsv<^3A|i3BK0)h#5<$Oq&OV0Zp>2}^Ts@`*f-{J#K1}5u8f6aH#G0v z)}S>GU|BK0^7J+rNG_#36Hv|uwIZ-wDG9|ebLO!_E%{yPH)4lbGEY9pREfQM>roO# zOGiIbVU%PaB>_h6kc>8_?9b(}E&(SxK9{_RCE-dm0{9&QiV5{0tAIe`u;*le{3xwV zR$XG@pVn)5747QklBiaW?p_t$D&f_&qFfa_DK{}ob-2vS6+IbIOynF2AY<7x(88xu z!MFlQffklA)Oua_QcgS}@zFSQ!=x}IS0lC;L{C}{SOjxOXNZrbe5pP6ZIt;zDVgbo zOOsq|%~D)&Iu)y`rIeaC*&CfzIGf<(BtSIvflvsnmuq7+qAY<>LxRbdFEJf~4>h>9 zbQ0H`z@D-HamH4y!;3o$@q2rk*ndRC_c5cfjPf{%{TZrf2vTMLcQ822+kYPp4|et+ z5AoEq|1hO8o@_@Kr`jll^?rg3v?F=*)xRC~FNps#;gs(sr?m5SBuVLvTZ*&91aUaD zFX)x+i37{d#BgioB@6ieO$cux4g?#F!0^vya=cJlurp62#{iRoX?3uI^h_b~E#weeeaio&et^@{C9-UMzZ9{)3*D*2y{9+*0S zHn9M&kpG8=`+5C;e{Z;x{}1xWcsxR)T_Uz3f=UqRG-#>tyR=Vg*LM(guNw_79sei` zM9$3TzC1AS?agxM4+M}SO8Iaj7}z;p|Xybq&@75G2jT8jwX()3ML zPuawp%IT}>eokAJbaL{la%^+Wmji6QTW^F==%;5t2`(JYC}Iqi^fP+TQ78|E+UkYQ z-HF4QUIrXeD1o^iZ8jfyl!U*LiNzc8FDI=N0j`oM5{O2W=)bE5#jfKj-=v{JI)`S( zeRFwcTA=M4{;m7kgd1-c!RJ~pi!)9roT0LD$u~#|8pt{H<`$m|P=!y`94k?K0W_?n z0A=5oc3IkKR=1@c=W47vO{{FBf}vELLPySl3E;Meyt|iNWV~*;g)fiJ}=YN z%RL{R=V~Xn_O?x$f{8cR9^`07C`N2l4o_NvDYU(`LXzmh;cu90F((lT$ZWZ8n=uKm zamW$9g~6(ZOF|7Yt0PWzUAz71zMxS@rib4vn&05qQ|7nQr=D5gQ}I>By1v$dy{|n& zQKkl*qjCDon7wJMal!vMHO@b+CWsxRbewEnLd0IDMX)3f2hUjF`X zu(!Wk{~zMnW@M+G7Er^i&K>B;7MZ%lvDjd#7HnvC=LjzFdF}49<|}sF|3iW|{gFa8 zIYU$IVm4LBY_j=!?VwGowaE1yifTfs>rvF$N&K@1qbduzvb8`|h2dWjiKh!7;V`KjrV z+VyMetJUDoPRCa#uQ!Feg^*BRP(-MEitm%rRGSC*IX*u-J2}n-3ww2Pb$NPR6-F9@wMG!GYp%5_SZcnbFx@cm23;TZpWB_9dF`s(Q7`qk0@x_)_d zbu>Qx-&OJI>f>D%$7xl|cG0zV(Y3z7=vuq@HTM?3CVP7KWdyJZ$c$xB*&%CgA?*ib zR){C#fYU5GOWowH=>=%d?u7d=$iAG@FLJ?@W<>_Gzm*a#mk@=vMo zcf|W?z`)MZeNn4-fPHKl{V|UH;bxdDalzJIBv2%<=ON z;qm#o8GZLSpGNZESQIqe0#u&=92W9_@9*^ghj~^-_FU8N3^XF#4-SZir3i%(98QU!Qa~=7Am_PsD zJ9xH}{}1xyY^TI{uZ;e`jo{9O9Yo4yf1EWSL-WI(=L7Hv{2WhEfH?3-7$T43Tg;cG z=lp3@XDgU<65`nrgY+&r?U(Tkcd<48)X!S-zu_G~mHgk^d!D!d8SL%Oe;(wyU-`fC zs$jPae3p2StGa!I%YfCRS!esVTWLPS(?I^O7yPkW{_j6~oGU>;)x(4`m@M54p&S>OiKMq>*lNVrQ z`G|EvOjYzm9tEyo4KWQ=FcZ=G{>=;aKVXEfZ_x6)uRn~h#@9y|r`JE9{L=~{`JN*h z!r(d|S4cE~vumw5UWfT0G_?Z-G;pw$FRx7#>-)GmykmI4GJz@8gG1>_h_2ZUj;?PJ z#nWZuNCN3JE0+26snyaqJq%|&M5Z`EsuTNs5%rVrsmGPNrpZywmZ5hY$&fiCFdQhy z5av-BAzdI)lMrNMvIVw`JjVV? z-1he^qfP=Nt?q%6VvoSp9D(cW2=e*$HNXr|^m~jc^1);Y_#7p|ObZ{IPZaqJDPI#m z)QI@3|Mcr&|EZW78L!<4QpgD%f&Mmod*iM#t+zVmB_$DnK>#RPKpf(5rq{U+xI@4v zAS4`w2>F1|33IWPPf3*V8J?l{BSYuo-qR=B*OBY%e@P~!ZR>x}4xbh5KZd*f-w*RN z)&FuaLM2a(Yv7&0 zkU?5TY>2*-fhvr`+0SgF^KCDSo|&h!By{Gzg_1O*);56@+u)JZ6p;_^<|qU)6WXM6 z6P8hGHwy~c&P0W5XVmbugXfgU_s<q7)2NwIwa z(MaZmDMrjn5%+Yf&EwTjS2BE^S=%@eip6?g>g87b{r{TAzjf@t_VfGy{o(%MZvX!f z&)WAtb!>!p`~Um32ez&ewq*?brOK(@b3ado{1?j4{oDWUG@}ArJTkPxQpGhJBx9P7m`2E}*xqBY+Sxf$J+5UHUP_+LY z?C$>_{4m(p3R>6^8eoK|DG4)fA0;R@BIHB0CeHZ|zM%?$oNTgL26_ap^W z&t%#4Sz$ty>?}-|M3i`lt;)(dAE( zha4|Z&x;u+i!t$TkhG6V0d}1>Q&Ez7Y!lcf>po>uTr8bfECWWj| ziC3HqV$t$3twTHFUam6Y4eItI$k?5q$8W!^9E~aKdoxPnC_lRLC97KcN|Ptn%sb~a zwye4H1X(Hbx%b##@>Bo(Cn7$KIbj|Q5N&h@RB`^ZKP>uxK0n-@|3Apn?RHzGb6AY` z*n&*Vxef6By|h7tb+ti^ z79~M|{3IdQ2>jCaqPX1wZB?WFtFwY4V+1bI?=fPW9fiI^yMh@q8}EDKhs>$K*4e@d z{hqlai*wsd;)MQyyrRx+ZTX_!ydpjtfwmC+?Onj>FY~Fd|1r;7BlqKfRqKCy&kpkT z--Bm|yZpZo@|5a+Vz_M|AR!5VB86 z1f-~yds1+5`VveD1wNSx&SX9y6wh!7e8g26$`nj`6q^Ad^Qb5w%m;nIsn8Jn(oF~8 zki#2`lna@3#iH-Rcr>2~ISW;A9%oCElK!z-C^IFy;G3u4sG`WXb1aX*FTa}iZ$bvA zXuM<|52SgXtYhhd#{IfSA{4SYo^oxJ>7yx(1AgS^V25!Kw5Cki_-RruseB~>pKxVEHNy$R4Q3dE~HJ2Ouh@;tJLE-0CbzLX5f;wTDayf7G~IZbmU3S#8U z(fyxwhZ~h~UExEHb#0L%&$pFSlD*moTI~YH|H3+;@21CBEfwzy!0GS2Wj^x;t!`SHCX@GOa4~F{`2{ukpKB`m;dKso-O2m+Zp|A)v4D~!Ssw< z-~(TCc`(gDDp-rsBQc$;f|2Nz(od4`S-`RgZ%%hk4 zkZ@O6_5}>#44vPF+U(I%5KL*oA!ETIXNp03a>+A>k}JZ;$bHVnsU>rKnH4<+?)`#f z&OONyrRkkV@b?%cxdp`bIO*LsjPMOww!ud*d3Jz8&kly~j3qDR=gl% zcZB+`IQzNsWr$F~&}yUUSvGk=b%~>x&tF0LQJTqr`qZ*q8J|)QgIl+?1$@+u~a@tv{lFI5hAgKu2nqS(s z{^=U~0zUEnaiiG7g2$ee5N#Y_({-dFDQS~dB51rnx8)ptLB;KYju$ziZN4;CA=UTkncD_lc>IBjoM!1jb{Bvx|1`_?Iq!1r+D@o z6TS1{LrFh>1f2XgBcW5LR7!OAJRlGIPoh^==zp84e)6fj{}~Rl`rq*R{^4M!|2@Rh zeE)y1+xb7-(c!~w;qDDuZe@2~25+qmy43_n{y(wmU6C6UrkM4ouK3jD z;#*Y`!4ycnwv}L@F!YatXbxY;3$VXer*V3JbA!azMkZr$Y-;4_pM2uHC9wJ zu9doS{R5A6=f6|__vR>A;8{p0+J=m&y8n4L$ld=85BK+X{vQwWJOUSxb3{W1I00(R zRnCz~i~}EsGY~=V2F?)cwH|@1Ic9*xk+QF2a})#sw?Ih0K(MunQh~!+N9Jzi_!dcD zGV47I{njH8qM1r_`8c9zir*t&U3>gLPkP`y43>a|vZf#jM2La_hp5-;y&PYUIiaZa z2pp5ef`s7h@fi4+vQ}?~d0+llk>Bb~{!RPxzvjh!)))UVf3n-Kp8}dd?uGNSZ(2`#d=a&t{@>Ok@D@@`Vg^oMp0HLgqU1N^@m3G}2=-MuN`7ngZkb1X z)Nchi74(UCr2+|o%9y|c5tko|IhZG z4|4H8hX)7Gck%xpK9MEe0gn|X|=8$q}^v351j77n*C8Rq$4+ zg#a_~ZrB_2UhKVVwVpoxi7ZeAXK3{FDfru*^N5Z5{Tb%-c+&I8qA%gT#f-zgMT?~4 z@2%FON7Cm2Q)vUpTCI=ZGR-&j5xiCzgSAQuKDIt~t>WKPJ{Lb5D@AkDx@om zrFEvzc$YxS0>FhtmHpQNOA>>pPZu%cPoIK_l3VO6bI&OW0&*vW@hzknPGsol)>H7V zpn|>2y|oi7=fA}?c-LxO&4s|FaDh0Y<#olVA|cgGPAc61L6jg-N7GQOp?Kv2dN)1M z1*WBF0Z1rIdt|YIp)aMocqiFSE(F=;>T;u2>)pF|a=B@VQA>L7U#)JJA>L)2isIiC z`s17LzWLjd#MCITfB$Ax9lOOzO`{%)m#eGCG)QV$tQ^xo)=OXYos;g}yLXz2M6*%o z+kC{u0Kk9|K&{Vw4!L9-hB$yK|CgMwu5nEC;&(l8It5sQ6gxl7YJMjHafgEdOc0o% z5K+jHFM%#e+yRrA%R#aVdUL7wBIwNl#|s2t2;yi)p^pTL2+=8_3*`3{x0%5gAfG-J zZF>6DW+%x9P&P?wcvznDj{ zwCqlVXHjZ)GeWiX5jevSiTw&80r&{sNdx$I;3GH^lETNH()!3$2oF9-REq%<3MkCE+u6-0Wm{82}*_D z%0-L$2#5@qEP#FZBpYHrF~m6zXUe@KB0hkO;aMn;tcw7ng`;;kjb-O3uWHZ-K4$Wl z=oC4C;OOENSP(xB98{{`S8#R=sgFY#D2lD-6Y9+o<1%%&?1Lf!g>APK)# zXkCMmqH!3?M(H`N;Q$;;(IwNCqhJYq6a{37e90+!e1&wAnL#|Az9#&FB8EaP2hq&h zWZG!9763pbArzUVkfSq$qe6~IwBJL93OG}MWhgnEWpN!GJllVPriUxr!r`n4Fu=Dc zM2uZfGC|d&6f-0^FjGsxs{%cRIEX2_np4E)B=F_2oMi9)cS@{fzrRbgV*^JlrW41U z&EgS~1jFDZ3gA*lWlK>F4<#-~nRU@ccKEjfqRiKIQE27X(Q`wIB>#O~JYoePF)y@5 zH6{DC0S+=dL$@f%O~BVboJ(fawr$FBNdncgUQc=@vb94HVnz6&@^-wU&~vYsHC6-- zLt3~CV#-#BOl-B{I`*3QNFSfqTEU6|=rVmI`{zQJ0iGyS-a*87^o=tJV56Qfo>=Oy zvVNfm`nb6i$yO^9BRSyf%aH_78LQ?nZ7fNeB3w(BG)1z$G---yJ$X_COB7%avK-;B z=mjeDgBQiQHFhvq$SL_s#eXn0fUZytQU{L6Kz%kC zyuxlhGObT_XowZXcUwpB0Jz_elK#Be5+jVRL^a54`@U5ND!#N1=7hxo}s={Uc>hAABioU ziwRENa|-RNW-&S%D40^RNE5@!os<~6n2L=zC-$*zs$18kP8U2DJ?`R^9|#2jq_c$i z#J&tsHJyG=3}}GDub~13?wC*{XAsjHIA83|@gx>|G!g%(_?y8n z{QJm+{dojD7>W^zh~LpWSi#yI=?c{Whf^ z=0&P*6NXht%>-Qw>pJs9p-rMurIGP#(U1ZYt96ozsD_{@;H4z|jZD_TN=f+NWU>a% zB%#V0Sd&PA>)=i1^E!yr%FQt+=|`L6Juy|~)kO+Os35wAFL*Mvg~%NVzu`iTDUKy3 zt15uT#Z|n#kXrW~a-~>>Gk|&HrpZ)&B;+v2#7SMFr9UN*GGQ~<=x!X&s63BoPQN0)57ZMHv#OOxG)L_&;c8->EdP2^j*wBhEn>Kd~EnTP6 ziSJ`ZV|hz9iT&AHGW&w~FB2%=D=5urF$W84k#MOhueWY!%;I|z7jhi|cbURDPT{OW zkNWj{OgLPN4psku%KFXmGi?*y7_l~{UIU|;deb;qZ}7*u_IjhwIH7Qc*{G_KTvp>^yxuy4Ecc_Mg> zL%`Ib;uB>~Lnh{y6o=_{MD77|d+DQ#)7sRKhy+9)!>pmub5pxQqjy{+C*jZ9qYv!` zeE$-1IL7}*?NJy9!KY4JZBfKmvBjSeijny1)2B}661vkiM988E9j75j^cDu~(YJ$7 z)=hPhuwFt+&!Qu9j2PlTo=&RBxd6(0VtGb8hZK79RKpxe$^4lSB@v>0Daycf-(mU* z`C8MzQ@1 z`xVf)ePh1@)jeI=ufVv)JNp$_wtZ>80@XHe?Xzg)-t<^%fMr+r$=$xbBF<~g`o_cw zzV`k7@x_~x%lnl8UAN>flH2>0MgeZP<+u9JU6kgo^ebSlzSFNT7qDTQ5TX&G*0>!G z29hC^`s#2~FgNL{S{cwZM(7%#?aCzx?#~jyGAk(}uVV>tI+a!c9qk#&60C^YrT}1q zGVQ7nMS~=fp5h&KR>SYu@)WP%U$$;s6ct|S#KHk zkq0S|Jt46NWVTITkQ7{lz5LA!X}u*X+eesLc=xrL&ts^ulaDA_aEOEYyY@Vi!j^rn z_q;dk9!#D=vQrcC3WGy2Ggc~@#kz?CRiZpO(z|aWq%CmG-Sv{n1(&^*iB#*@BwNWUweq&C`nxkssueQUQWwJ~n@j-@u*?cKPn zLg~7H(RKksf6@5^z%8N^G2NCOwS$#gG`TQJQ&gRPr~`a7iDw;Y%FzLLkcJ(AC?&K5 zJc?ybbQur}km(dW5&~UFY=(FTOvQG40=*k)?4QKhAXAW~w6aMRZk4M&p;q}-c7cx~ zij-?c1rb}n!l{pI%NIKJ5#P`CPJR5_yX>itbIVsh^$~CJB4{Pjs@?kD^BSA=CKy~h z<%7ML z_?;ni^y=3TP*d$T(|tACSWDe?P*%`-Av*LA_WZq!)>}51b#&ki(m$0xk!hLuL)pY$ z>fFbUd1}0*Q4;N`FZPFWHwZA3@)rkf zp}&T-uEOOM+IuhDZJ2W&RfjRjRcdVB;cXU9B|WiQ6;j2*w)t&B3T(~Wgp_92 zsh`PfdK$7w8)~oJCk7V4DX<(meJ0sU{oKyfY)~R)p$w^A8i!Fiw5hej$VIkx0dZ(s zu{K8SoR)`)8H`51aLR%WDZpV_<8|9rfqQ7X#=KewGw8S5_Kb+xeEc)3!Dd7_O^gN& zIAI&Kl=8%3J)YPi4Xbb9YH&vdEni5~l>%YDt0+u(ZB4R1v@?d19-(BRv!K7DyB|%F&+|8z;OOEM{Cx6H@YBiV z$Qp#uSP7pAew#?v_Al3TIkr|#9=!>bU z>QR!6O3deKgiB~qxJ%9@>`q^^#f6M=^>iO!M)FY_&>S<{Fq;!?wGB)_2A!&)fIDyK zT;RF!)zR_K%Yvoi^JJ= zQUF%ve?A-*@_!!eKijSU5Aj?Puz)vW-xs1gKvlA3rS4|b?2cXt3c-a@B$mHc7aS`k z9D)gjp*L4L@B)fC*6J#qUdG_%h;bPlH+9F6=I7cEvI8cNsQ}RGSm!qN-*|jC#{mL& zqKXlg3&Ld-&xjJgBdaWk)Rym1{Fl#%O!`w7TFGqT089 zLFEC%9IGyk;z@wLgk2{w=j#4P*2W;h5fbW*fC0l;df~DKxj|jYeUH_q>WMlCLU+N^ zfbv0wFi$s~a@w$%BC&YWIAotSkL$XRQ~tv!>QV=`92P$mBlo9yGbNyK^4vpSf&_{mTx z1M6ZHdWPiBq?7|{4}8DW{%6*=C5gYGX(Vh;p(mF8AOKJW`jc(dq-SWR2nJofmGGsH zo7`CRZ0LH|!qhGx7vjV z!WM_-ra|+T?30kiRE?jY!2{V!v(5Mc}aaR!?!4Oo)aoz?YS<}l0!qW0$9TYuEgqtnYw}G1Yj9`X1dH= zGiB?n*JUsW632wZ_dC;J$^E}E-#?XR`j@(r-Ek8_0t7=x&;3Iis7o7Lsn`>jSwSv} zPFq8gA4fo5UD-`)>o%!!Y)ky9u=%xmM3JY3Z(zn857dC^2x^ z>U>K{%1yPloNMjOWJ~GV!hCD&RhJw0PdWVI16PZVmDUj#E;r4LsL%%9+K11clg;GTC>DnRQzvEq4VN+hSKqbYrP0PXm(N0RrvO#p(81Ty0jkdIiX!`LY%P2hVMP9jM{9 zcfZSlYbIo*(P3R-RL?8$Ar^+JHYs1kjaqf@OGI@WHXWFUTP&*DqWoKPGRBp+!nHJH zY*V(dG-Tk_5R?V{rH!bU{wdSOW1YHHI|d|$Yqj&E?&xB3O-5LIf39;#={m2^uTDmp z)Q2W-8$;SK7kWH~fwE7`*l@Cra>bVSY=}cy0*1bFUWh3IbI9hVj`-T!VlUTSd9pT5 zU)0LuVCjuko*I$Z?{|@L%_+MNoEmSvSnm(9o>Y;qBFxuqz`ZXWRpiQ)01c^qfK{T3 z>=&+8q7V+*wM3ke+4i;$DXjVrezSGW_+Q;M#U;kMsVQBgXrBfst>n zlaag@-+D9B1V_dF@9K=skx(>Lmt*?F*K!ASq zD*KhuQl-&=dHEL63CNZF)M`!R&;x2N3(zO;B?oxuF$Yhzkmy}?0F~_i%dfY?o{DcM z3U~6Y)^I!8IQx5~Lmo=S_=%ub#WEj#=kBlG4>^5$g+=f1)sFOQq=Zd6aE?p zk9kK0NPi+knI4EsO|AI1^_5U4u2mBxX6aU=8uX#{mH8}(Bm2E~ba5&>SQShFnN2{p zaB@bZ3Y*em7;`1XP?%C*rSyIWU=*Ryf1JGP$l?AVNlWo6n4g}=`kz|*Kc8A(eQLG7 zqKN%yS|a=97k5vO;|Y2norXSo|F|s?w4eMct4pqFQd?fHzRS)s9U%MbwM=awyGxFA9QvZ5vhw(kt2ks z>ic)!WtOUBkOj!^)GkZBm{0_7tT7Sw^Rq!#)m(fEp%y)xp^?|`-h{+C-Yhsup? zf>5YFwmTUL#Q1*#C}1c9@CVU0Cq(Trp@4!&Me|le_#Mzz&QyIF<_ZSAC0qpUCz3Pu^vc73 zjqZLf9_tDmiXg#Bx^r~41o<)D)93?`OCqP7o3JMpFsdpmc_Wz2iS`$F#b0}p6HWD0 zLMZ8wL%$kGuh+BYR5Iu!!}}R!Ot6)6Y0&FI7D`7>f+vD`zUub{i|OrJ2cTO-mwYaB zq%nP_<97ffK)bLeYL%RQ%&=<8rT{W5<}5~+#+8&w^?11 zdUq?^P{kwnI!WZ(S(qiSiKglw*hjC3pBP14;@ODiEFIicJ#x7iQ}ub9gIXNn8T&|Igl+cDIcqi+*nYiW)lovK*6Iyd}EV zcgC?j6W>l8A3N!ObJBerh=e4xDS{zDJDS+WxG2qen>15C;){*p-`yh zN0yJmEsfGI#Jcs0?ESnX4%-xZrW61tH03JQ@8i&<9)|SKJl9Hz^Mt1S+*}AOiJ9w$ z&XwBF1UfA7R*jMgEV1mr>i*_9KS-TYXBTQ=`)3Ibe1Tu~srg&JMh?GZNS@L}Wj%AQ zt&+5MjdEE5Y8^<-H`>o$Hk&V>Pb&B!&&=!}#r$U!nOd)!%~#K#I}h)S{|L`a{jWHt z-A3taJv012H#XW8|Ic=_xwF#$KFBjs|7)pwZG~<>&0-ld-6OQYahghh{)P&iu5`8T zoGRcu>40+vEg0-;#7Lm{?ZX}~r7(7aQidyeq-EA>KENbZ-iR!r$`g{05}iE6%782b zuw<#c>Mf$KJ3lPQz3qKVZgsQ_^y@|Z`K!r;LQa=taLsD zh72ilYZz)IehrK)NpK1QV%P-w(GW$2!|Vz(-tv-^hJHY4U#990w|=~Jvl^dprZsEbm^dkLlTA&o&{L+P@Hp22c-*fK-0PoUJXX)J9bAb z$<`2cA$k^ME+~`xr&;{Wywk#kSUKbC;|I+?WV)3(c*y&Nvu9Gc<%PUrxQKlJe*^^o zy*wN-t;|({rT$4G%sQ4pU&nK96qFy%FhAqz&pHm^5G9{ft>RuuKJEm^L${OT#J3i; z2Cf@Xx?<8RikhWfmfw{+9jB=hqb=p)xYFH}syhoAR8Q)32M)@~O%ue0gyI(ByFOt) z_OANpc_zz$btjJtHau5xLeH~QQREzL%#i<@?X6Zt{@ZM=;(t8MV@3SwIAD~lx&7Bg z*2U7G_?-$#p)A0%H0sD;Nu5SxIPw%lco%Hw391;|r_bW+Kc;1!!|XO@t^ZbgZ2h-a@n0Y2nY#X0>-4*S7GM7h zF8+Dqe{EFaKesowc2?{EL7t_r|2!a|vPn}#49#?$H60RN2TIJ%**y>R1u28V+v;3W zrcS;zVC+OfSYrVXy*KsG)`+#~ViA&LX6z2J0~E#||X9b##Yi1qiIk* zp2Vwa?A#Vo|NZ{s>G@9|Umu>!=>F&L4nLe8?Vp{W9iIMtw10Shy!Y;~ETTU4x_qc- zG5#OZ+Z+LBpa0rb`A-yI@&5;S{tV|oWq0@3nEF1S#n%7io9Ah5%v%4=ovQ!G)>f;z zTK^C6R0SK8R8g)#G0h!#*=)X4-irB!c?VuKo3B<&^3VUwT>ldd2j_2N*81OWZ;tza zt@i&1dBzVmCg_D?0fh{2_GT;CVNF;JBaRnNO?Cxya2led@;-M)D!(3cE}H&Xc`234 zXxF3i%fjEN^1g5~Du1v%iz?tPccSu_+P&fmsN`G31A z|F<``SL^>l9x=Ud;I5YS+Ipx~$py8~ZYK*+Sf4#`)#9>=L|sQOz(|M#l&-_ofCK}1Lo-C21SpC|ju4VX zIR;-n9W2Kqp|YNpX}NiddOZ?ApQ=Vun)L^zQ1hZ22@RQo?|^a$kpb`Gn5sk_@VQos zwam;2ZK&5Bqjr=@HW}tVJaq{dvj!pVX8oeF`rRjSU#AL@ zfk-1Pn6mm8rJVGT;Q1((VGts6q1sAPEZUH|5XskTd?F-xqbPAyS_UDVu9Z?Wm@F8g zU;mQtqft3@UOAtK$|I$-n)tAfV(4O1A;d9sN5vJn6{^={9+3{WIs=B-)a*WVAkLy_ ztcxdE6qy|Ob}vyF>dwhb944o|>>x_9>Y-`F0@8s`ztuKkrK%`36iQPB2&~U?FV(3f zbQTG_B@0pqzTG%>bNDMy(OcBTs+B|WQ$=`VVn{dyjw(Jf%3n1UxRugFE?PJM7C6~d zwWYm$Z?~F5*2~+rX#rMaRCo|1mgLAj7CWOL{v@SeC6S%TKe||APO?g@#TY4@2*jrN zDkU<&yOeAcUuBL2(J^RN2Q3Y_lJ-TklM{Ab?o?&4VT#v-N+=Uj!w3Yd{6`%$4a}73 z*k<{)TZ1QCa%-9um{ak8B(Bt7r9>tuwi+#pci^aZOu3GLQUjSI$$LHwWFFVa@ z0X9J1R3D8Q=4DzOxL%u@O-}t zUT(G9n_FVO11w}N5+IIGw2b9>AkXqf=HgTwcC)0RVuk>+E9K2q38yL@jyE($7UM;h zLm5-x&QBcv7dbOi|OjEoLT^u0so6A&?G81w)CAep@%ZuYeOoS{<{$r)_kwT>a z&UDRg#&xO%#b0B}eb|c_U56y&n#ro>MSo--+q`ADjixk$BtkJ3h{YE3CD!HF7@Jv@Qw)SdkED$II){Y@5)3G1xZE}hL!u)cB`LWi5$yn zYClW01Xm{gxLosn9F5dxqHx79AD?ATtw}U8UvVGnx-&+V@_ay(dN($vyYwvOvpaQx zN2XKa&wJ~Pym!`}5u<;n2)LdQtOCAFWu2Nn>R-$1W_h(4BNN%iMAVIU?k5t5l@4AI znIdL#FV|JD3LPg*t~mEd)>V8!dywl_OB$2tXr~H$&Osg<>mxJL+#D%iZ>Cj)1j0b( zW{~H0$;%?#llkQN$b=-!bA_ik!ieFgtOWSpr#T;1KHrKP*Au4tCOzkEG?bJ7n3Gx| z?PE`_2S#X&!_wlHiGh|iOudizmc5u9)nh9}|6od*;YwQq-3ImajnXcqIu+h^!j zLsrh8(_6DjF4%_Byu^Jy&k9DC%A@ElmXBxXrDPLv%SAQU&}(~fCsgEPxc%@KY&prI zsBYB)iGwH$XR}mabjX5IZNKqC2%@|Y)k{(;AP7mXhf^H$LJ(aSM{2?#p^OoEjVo1q zQgB;W3*Y1oD@(JMEc>FN*SQ(KEtL9}Oz7uzrgETZ68d%ComytP;FOegiN3lsRDA=` z{M7VNeFXVQeJp>e+$9$sb@f%R4L9eg0#L^sMe_JUHwU;k!?<;=m}W&p#XRX926I?%tpf#>pgUKAtH=J{Z|v*yZrXq^g)fU zZvS}!Uj>${Bbd_7zJx`QlZLgMZ zLV3#yF&%JcGUn=%dp5+WKwPzpk`5Xcubb!c;pV0@PYsUxaC74pvuSj@^HjF(95i}m z7>FtL3e$+28>e(FAlU}}HyTFZ!!^Vt4#hsxwt4c+jiVf|-U-o4Rx`vj8{6Yzk}pTD zG_qODPgIBrWq-=_tpf_*$I(dJ9|d$cL~+=GPp&D}Fj`zm0X`eJzuDcLlVnx6^hcpt z)%1#JzYn4!kI?ybTIu39Af-uo1^2}6m9N4Keis`v7S5V|CGO;#}+94F8XIv$<2&|82CIt=3Ba_YluKDyHIIR4f|XVdXEM#C*}$DO}r_! zrB!qa6YAtr^&;wk+3JHjeke9Oz1MB34q4lT!ig&bPqRTojMDAMn;v}$zb^jHl75Op zyq-{Igb?+&{xA;2yTYVD;BE(8Z^NzmuJ^e_ZtiXey0}MEta(O?W$)IN9ySXCj6)nQ zHvH0NR>gtL$cKB{ukl|h{rNuX8&cMCGY>Wpx^CQcvNXjpk4D-JM06mgKr?R4Z@cuXwC%^KcJ2;Ptc?8;JQas~ zoPv<7pV}QXQB(*kTpoIsAC|dE(oUWXbMWw2g^08L)1#9Q2S=y7?vrn?_s-s&pS}Nh zx_|g%Qk}$ZA|vu!gFO)RpGJn;k=3Xp;)at~nQj)Xm`VE7i;==_V>GuV0#rrTFd1)5!1`!ebD*r%1 zNJem-j|zz)gVzJksY67?t5W-+XxE+H&t1gu_9l2&(A2a2S(o6Yd6{Y=D3b}oH8324 z%NoD_`soVKKR0d!m8C#R`-RMNN zE?L{xf^F6DH0e0egHNB}Z{Qg&2EYCGUxE;0UG3zT1NXn6N37Di;4ZlSid}6v1#X61!V!mok8|$ zjGAC;xwx1}=^I>`$Xa3rz+VZ6rXmb0%5N==%njC{eO}gbAdoqUwJ1!RHgC^Xrs8$} z^tcsU^R(DC!gnd#4J{EfZ|P>}twt23H<_ebN2X!@UoOrPpaS ztwT{-#@{eM842-WuP1FB;F!h*)^qNAiZ2Pis_UriQyYa3Bz2I8vupMz?9{cJyRX(QPT|k3>zAq<+&+ zl@T%lvhimTZi>aO&CNOH7+*@cyNiMg+Uva~L&7`ITnUx4pQXuv%E`0V1Z1ZC zw^_CS*lDfgzlVALNb;ZZ)?J?XXW;!sq`!L8kCpIuC*iN4p_S~nlKob)-+jn__3!&IN&XE6Fn_HFqj~mU6<|_Z&gFH*J|E+j4-j9dxeD`lF7ntwIY+A#b zhkPpbPRkLy%`Wo&ZXI9iG_f$0jseO=4Drc(a>3pg|^$EKQqM zpty7Kl3_lfhMO^*D&ArD$2YHGen<&o?24vg1(JDfK|%sWm@(AH0;W7%^}zj+b$(=S zJ@}$S^`G-ruA#fViQ`~_j*ITNHB_hA$cA68C(R;Hptm z750+&{~h-KN~Fcfa=@(fUwfxLX8*Cd^8b90XP)z4o*!k(@o$V{&AF!Pt?K7K?5+6X z{qe;*F2p02vpek=RSNPrF_%zTB+$ ze7E0`7=0<07wm66J+$A=VSe7KJJsWnBfj>7-xpU5hiF7)aJfWJ8e`3yr zy2SmqNzJsB3DvsgObLa}Pmu&epu-~x7ps`5!nvQ2{MpQPT&9Ef1jVcKmAY#=G%{g&j=#=3cj6Iz|~YxJ5i-{ zWDPat2~D{RKi;?k?uz!}|z<)y-KgL{!G$}z-D8XOgS=~4y5?|mnR4i8X z-+d0Q-izG&ZoNG^{^{_v7X30cO!0ONPO(gq7HAH_I*o?aV%u+RG*VMUW2)q}+?d?{ z`P~S?>c%1yKCPNHvF+N4U4w&6#-TB|=o3E3x_&^11}*0Qc0(SASfkZ^^|GbH)er_T zz0&buP&CRD&8-9DGJk(c;y#J{Kw_Q5UMHIGWjvF~+BK@DV0G`{-O=&wd5MJ|6b?x| zFVC1-&meZQ^{Q2i*ztD^2U$wE6rk`|Zu4IhMfB>#q_IC_0g7a2I?zK!z#Nca5faoT z5#gljhmFE;+%fz3@Pk5M?U&QNU#$0e8vSs*S(9q%lv4gr5@F^1KDN5jEZ$?sG#15b zfQYXj8BRMo7*LKEA%LBvv`3;!JO`zAK2`bo57bR_UZ9$|$2@C!KK)W$JhKxDYVTq| zIvrw~#UMcu5e+VMM5y^?mnDlW^NB2Ti7U4iRi=t5_b-3^H6)LN z!`C1GbzkF@J{-##VhNNPoeBC?Gr}pn(&8dZ7p;~nSrtPSa#h_l-kSA|rMpr~u9OSS zLRo#}jtTkET5Y>_DfiTH@~*TZgoj!0=ZS7%J{S9?1Nz2So6?g3J~IYT^sls8`G2v$aaeO!3T9NW%bGc#47oI?<5hD6SYOs4pA;tJO{=hCA#`OB>T2-3VzjbY zQP+k#l`a(TzYTS$ntxmxnMMk8&A7cey6|V4`BhrXzs|FS`@bSC@q|0T8TLP0+vD~> z?bgcw<3XNT_kW9Ly4H6)N19;9uI*5gu)<2{ASa&h=<*I8*=_CK@BJ1Zm$3;-aT1XL zu@1DPg^(TaQ-=C{TMF55ODx`dT!<+(A2uR{1@AG)?cM@P)EJl4g_9^mAak6P=~lRo zug|hng@%_d%p?FaF6d*I32`(692_T5^Ri1NVfH(}%2nOg9Ll@&X&pi`D zme3fqn{W|jH^rAk@w!qd=TrT9am3GzgK_(H36&@se~?HQmFd5iU>9?=v0!M9@$3L) z6-J7AxvRE?{u<-fMPs0h9&9G88eQ5LFo|3N!AlSy?2e<( zD_-D{b8koTC7l0eW@VUh{@dKx*sR2V*=V+RR_DKmc&s>X&*lsQ^StT;GAqNz9N9H) z6EJ2*R*iWxYW%s6n)el5@K%07lKofwfwU?#KwdAU!`u1mH16gtq&1om!!w7Z6GhE8 z7`>rRc2I3h@HeqGVz@3Ypxmbu3Oy~|Q(X;kp6IdYI$`isRe4&9%dqswi*`Pj`dlsx z`xI-zp-BHS)1y=uwS7bFSbb)$X*z?el}PycjKZ2Yp4WD{)VzIpK9;m*nF(v^lhrJe zsHT#n<`EOr+&VeUy(FfYn3QI6LYjq=(M(Q6Qi+*ho;5f@oZ~c>CXZ@f)d{nk zkth^`dxC-s)W^(s^er3963Iw_4R92J;AKiGCUJiqQXC;pF0nkDSnp9BI%^Q)zRF?z zEJ<;Xd==+eaT@sBb06Nv(FkZPYl<#Gf>Ve{jD5#HI6FV%G{w#u?9<_p#_;q08H6Nd zj^8J|A^%m~cl_>u(uVxkycqNw;ve&qUB-<9P!|OkSpq#0VdlK>*;V4a@Vn^3dExV6 z;=K5O&KmrTQbIEZM+b+@5$8~`8XTX57&TP6l>YAcmn@(mZa5K%IZn@&B(Idl0ckio z>ag}Hd+e!~&%*2f^lw-+Jqu`d}) z@pJgwr@bU8HPD*TKv7<{(VE$YZU;SF=Z7E#C;SiAsuHj=E!L@S@p67X>{xg5b_h)%$;cb>=QO4i{MnkxU|E3B1 zhc%Xf4*v(P0j_1M>Hs1d{7J@q`!GsGv)Z0t{>6fnBoa^8&b4e;{cHX!{Uv`n*I=oY zPf{!-WVi+@lZ?YPeE#Oj%VW3m%`NVa-HvBw*0o=bZs7rnXp4A&qjKhdM*6l8*pMv8~@5(BbPB8gIJ;wn~q=H64EDxe;f<2Ucuz<4TF zz%_g>BT;lr7n1UYs3Z!aSl#tcZz7M-Yc~*+NI=cwQk%i3Sg8uEKOHVd{c@kxObM_b z1{lQWI;aw;N_cb)T}s8u_$+-{M9o9FG}ZS$iTl2io32O{L4?J+SN|f>DI}N*N@*5{ z5RnVT6U^lOPP za{+}R4uK;;QB-L3KqfdStj`Ap8?H8}PSX?HQhJ3uHB%cve7wDX$}g5~nE% z)ikR%@&zN|6Q;rMqZqo_R0xHfKavJuVs%(HM84s?@?7vGLnEJ1**T4a!T?Nf5M#ZQ zrBxuHd*rya{w2!e#xP$tK;BlbxASUqt2KoO=e%^YhU?}Z+gk;nJ&}X!VioK_w2ie$ zAoqDeIVrwMiM&sdQiAFzD^Rm^4qEo|z7x}|`hu5wRzm7r?6Tso>MP9q3bSS4as~v@ zcj}|51iDTwJTqOj5aqPhLCk9vFlDrwtQp2)%P0gT|KC6=~J@3S1CfkFKO>vH-xu!Uma!ONMxW>RN()G2)LFbz*b?4%xB9M1ll+(skYLl1pWfy~1GYO%IYVrXzfoAG&*2{#V zP$Ul)^a|L3W>F|{Zcr>L{~caqCIt;ng{%Qb+GwDQ10;TPX_-$LAn2w9_h3k6at$G! z#6-wiF0$gKCQFsaET%kY9jR;deGoG-Y_x^1bsUKq5AxvTWz zNOk%O#oVk}yTrQu8e_voBu@dtp+{22eK>yq;jm+X1OrMLF1L-skSO(B5jH|mRBp<~ zsXoT#Q)u)OC=PS>f;glqy2Ci?>P*7wh$a6#eM*fNQMEgzTATtS{rI-Tkk8e$(a4ku zwF8;dt2>bAJUvpG80vZ?zC1ur%0`ou7y{6q-X)~>mX>%6=?QzX2}Wp)!xAz>#L?2m zp_iQ)#UJCIXVSCy{SQXr5c|W>?^B*kPWop(GwpwNwkr2O8yj1z_|FgWeEXKW%7QEB z-B&YSSjSYqhlL_u7jpKqG!?R((!X8mFl~gv=bHNZv#R^qscT}O?=jwz*qG_m71R5O z%&2vyw4$c;+8UgiUB+B398)9KsJj=cgk@>AQrhIC9I2Xsy&hL;SMenmGUdm0u^V=A zK!=#+Q7{D@tt7?zx`*(ABlyUzZg;HPp)s#kBhnkLsdS;Hdq9|j0!}Wa07PRzqCdXI zO+bf39ETQq>ZVG5vQX=3+#V@>IF9}UdMO=hL0h_i$$NXzsJx5F4Sstxis+ROG5%js&LI5%+QyJT7PWLx_Va6>RCO1?C1Xn00960Bplzt0MY{hhqhl) diff --git a/assets/stackstate/stackstate-k8s-agent-1.0.84.tgz b/assets/stackstate/stackstate-k8s-agent-1.0.84.tgz deleted file mode 100644 index 32727d16f895a0d2740735194c4133b5551193ad..0000000000000000000000000000000000000000 GIT binary patch literal 0 HcmV?d00001 literal 34914 zcmV*7KytqyiwG0|00000|0w_~VMtOiV@ORlOnEsqVl!4SWK%V1T2nbTPgYhoO;>Dc zVQyr3R8em|NM&qo0PMYcd)qehDE#}k`V@GT?$aczn{P>~cf03x9k=nXj_qSP*|Vpc z<3J=Np{58H0PSd#oX`F~xRD?UilihvX;<858<_-V2Ebr20OrCt^lli39CdGAur8dU zkoS*fkn-LF&V&Ej#4{KS2G92Q<-dc$Aph^q-t*`GwX^?xusay+J{#=**I?&hXYcuc zfx$+wS3EJ}kp9XDEO$T=7@6wJH2b#ur#q5|wVKz*ka3CNW6*zL4+ zgBEv$`m)F8BozIH!)dDv$e1B|3&%LXe9`J!gW8%y9CC<5L}fKJhd3Al60!d;EhOkm zMrf4QUBV$r@9*>my%+nfFFpOf__IX*2gJMC2#yN*KiJ#fFUbF$XIuII5Kmqr))se0 zatNW&v*siwE+L1fi18s{Gq`*3Y?Uv$n(hc zv>t(<g1@eDj_xy!bu0U5(UXpiUvr|>wu6~6&^1k{(FdEFxs3PHCEj>QWg z|3cv{rX-xBkXyJo0ZQxu9C898;bfqXA}nk4yOt}%V4q~>E=b0d|2d0QNHWN zG!WP>#2*qa3n$K?$rPxOTS@K&z5FY`V$lnrBuVt5) zgYXDU;viTG#uUhb%GZu;2-@;(yVZh$lq!->4Ku<(Pl2A9G!pL&<))J0#h4*AbjOf;OHrS80E?q2SO5qVRvWGw>O3`C`qXN} zE5i5%C7!bdn1KMsp*ItwD&!IbQ2;$8c!46&k3>bxz?{UP7cLQO zhc|=a6#0^>nMOHOMT970o>%O3=6N5F|`04-1eNQ_L5lH_-=vM8XN4 z##EKDR-|m*5S&LS9L?}VuYD-bCoq~9iG!F5za#YK zibBttqbauR_Xdb{MX_p$noEg@DB;8-!AZy>VU;-GPhR6r{kk5l0F#stNqSNm!TXT!}eu>8@K>X@-^cGP( zSvXKGNDS^^DBp=H;6~L^>%OR^WvoG+hnZRNt@%7d-VM8g(<4ZI9Krx|i9R5A9YClz zLyS|%2^FGbhNrV0IJe&h=oSTHsb)e*UW=8kBg?6G`fT$$5eBk^kd_X-!wkX#rE&s- zZdb|L33f2Hdfy|~8hr=?%($4;N+V@PFbV$UGl~$nK??@n3&P%az;Jpty zeBS|ryYOTo*9IIQQILrRNxjFOl%WjV&9FCPxjE9Ed)JOP?0AB7-ha!E@B zo+5h=Bc-S(n!>N|@|_S-Or%f>AY*4j+mITidI>!7RthC+mguFcP*W))LTJkMOm(JN z2N6BRbIh4~3)C`b{s3T(Lp+b?>5II`l^}b0Xgvw0r)&4TC>G?uR)2z{i#Lgy2Lf3^ zwq*`+s0ip;_`E2VCm8egdPL08oG4Am(4pVdCq-2lg7(gf!E2n-Glw76=_OS==_U2& zioLXYH)$%YZqkIT-c9=lRyT>Y8!>jc83wbVHRUs1x3m)vn)jiToJJg1N>s{pgN-m< zmegjvSJiW?u%DBjMqF6kbqA{JY~@``yo|iFc2Rlq(|UTom<^UW?G?2C2pMu5T$my$ zY4#y;dK%!oB5Fbnhho_TFZE6#PYH+9lmrf^VutQN+k1f~2kj9Zvqfe&%VpLnu1?e?og1Vs8SJH#RTd9rs zJ{DRU3`$Pc%;r-Ok$`C#ytl~_UIoH{Oi!h5rgh1HOs7KYxJ7gHr^&<7o%ra6&rZ4$`m#5T%56fJZUM9t=8CNg|VpA?K0U`ib2sL%bupCIDmT z-AFZdrcW+}B9nNh_S1Q*WoCsw`bmdA$S5b3eUU)usftFfIpmo`dOa_f zUbQj3c8V$Y>bRSc=M?=OBeqgwO;u-elaEbwss_mNEq38^D^3BvMImDBf|7Avv74#m znC~%@oR=x4_8`6Dq}IE_#%L!H2QfugGm6-Z1QP%I{LA;r6gQQH;2EQoj(m+F*jt4f z9AdHcc!>hI7$J{@zC34r?|5HLlcUlQ>>R8@SA-}gzD-f)O*Ji<;;T}@VowPB>{#Vr zR@0KNF$6oSP{Z*Yk(k?^l6_T8Nw)kD93;{c`nc(I%2q0$PuX%Cm{2*y4QEtRdt*~7 zN6$)gs+6j=CRL8I+Ow*ZniZ#2j*f=&s+5|QCsvN01~aRamg3ZspIlmL32BYA(X1Yt zKXfC^rcT#muK4L+WK6m0^M9&*4_g} zHry4c%x#IHrDQrbNDv+P`@8;b-b1VGmg@0fv+YPp2Q}H2Wbprab|-aO zEB<&(f_RQD5%kZ)K#sh*Q9{X`Xn#f+Pp-p+JOV@%&W%FJ=CFuG%ZLr^qcY7|Ydf{G zgk_4Zi1FH{d?j^7Zy#U3(-0KddzL_@?81LjNSK%xcA zd&fPi`q1NxNWl~Tl8FQ65F7T=$geaxv%C5SEcJ1i!X-20i(|{)=|un#dNfr&_eCn>uNCWFL1agQirx8QEro ziz6R$G~yI;G)=5V)LX#JYtzt|5Y0&_qORpqjaqqqn2`xr5=tKF8zM8ZEmx*DC9lz3{*;;lneeU@>XMu(31Bz{GXx_!=hTIF zM}A{4lv=|)W*m$WfRx0c4_+MnMa-<#mKZe$Q<8>YZ-4L_|5&FXGtQ$Chn)QwPbP?t z@V}APbr^u=k|s4ZisxfQ1*M{%(0jQwvb;ek0ys3c9Am`q5DL{k8_+mp9c`=y_6Ijo z{9`K35M<;3uUz!T0;~d{8ss2t2=)hq!Jux#&Xx0t9Q#$;N38ny+Dtd0rnSZl;Uwgu zRKT1pnk|wtP{9DuSYjobWY!8wwFYZIqPa|MD7E#KDL4eXFY3_|Dx()xo06nLH7%y- z5bQbGB1etUOlwhM3Rh5}iw(ivZmZ=fEg%st9tnc1RgqnymwxWuB>KnkEee&Hv2)+8 z0ceSbRACE{#FK|+ZNux3@EUQ7y}C5ab?I^C>3RdR?D75|Mx?J)=e^aZ|j!mkdO!o5V-y321sS+0HE^ z(5_K=j*}%*x@@WgjIv>MpY1fDNEbYk^QzmGnq~m$G@*rQlgr$|DVIpYo2vQ|p-37t zF>TG{W5y{S#~g`WDe#fB>P0@dBlJeBrX2Q*Y0(&+6Vr8y4O822 zvE>*0`Iv^vGr{usv`%pzJpv~j%pg;S+eGN^g25T5vBzVYXq}H90hNWS$=YT?IH)p$Rl&aXdhFFQA+2%P-&xRDE^ba z6T_A%@^2ENq5QA?mLoVH%Kx^S^SY%-=NaDC+t=Xw71+K&)P3-Nio`hq?9Yx_kbZ7D z71ElG=R;bx{-m%7{kmpGagfdQNW1wme`;7~3BSzlrf70*QdlU{>Own|TMTu?k<8u{ zK!as5PsWT;{BNOQ2NCg8TeCVey-KQH5dSc(Y6vU?y#}=uMS(Ww7TW?UO4p+GGOc)& zR_rAQz%H0cm$Bf1@;=(xgr>I1|&Qf_n{Fh0!A5}F&qYLC36f#aIoFZu$U5f)p zs=|?~V5rK1S%aQic|H$0hu&;nx*N%oq|WrgVOpsN-Y{)tjzeD_bjkJMLQHSQg}SLK zB@HOxU84=s{ylTA%DSj^XE&eK(*O_fY!nsJg|8Fg|fTnBq{E07S7R$qsPM9-{6L|Qtb zB7L>~ie0lW^fGOCh6P})fC7^m5EO`UJL9QS z)6%Vi^v+XddLHCxN+?z=a-^J+=P-(-pPks@S|?Pp4xk7!5`ydwSAEjZ7Cms3!qpeE zLvR=%%2@{-dK}+kjuGpCBk4=bI^dko5M^fUliJB%$Q&>(ZM^fjw4Ao2SZ@wLyo4N@>l))l1EnXT;0kXBDfHw~ zp}D;AA%`HMBtn!gq=ihXQ5oXWcnsDCJ#F3$c{k}ruA!jhRH$A>yJg^t8BQ{^U=MsVEB?or4QGlRf1w z0(81ypG;)&4#3lpP{fi;Yea1yY%oUhNJ}|qj~4)jAP#Rrau)&^^O^L4UFx2l51Wx8 zZDseadS;Cpmu1%I#9!B;%jL}F1h}H>R;eLk%jw0DL%pugM)9&_DS{1nXOx+dFU7kt zKa6GO;!7!5%j3dr7QPhU27D{Z%)gi7UDJ!gY37|rxYV%9<)~S0XO%%v*TLV7s>;{j ztd?Eo zBbR07BbRNa5;d87qpYQQVaysElq+lMeJip+6-+C3z*4jE#9;bGYBHWT7ca%t$SPd5 z;dzZFBsI$$kq4dzIoR3NK@M`@H)SuI0lG<(*$m+It!9Y{%%vA@6)GjWX>TDN)R>LfbI6a@4e_AjCY=Y4-qPXcn>?U3JIK2 zu(J5w*~`e^YKS!@@6PwT<&xKhWd*UjTSa+OXPbOLp4?pcntdozDmS$zq!2f`Af!<5 z&xgVir5jV{>UdA6fOys_VZB(oPS7}1r^!ZXR22aZ<%$(S!7nnnvC#aGFK8&NBAM8k zHs&uDJu|zNbOg_|sjL$|Q|Z#Hh0e5bH4L7q&^8R5ne!{p60oVzMo#3p(ZBa#n18Tv zly>Ko2c#^P`jg#fWDm%#*532^c;;NZfOgGe@dCUDI~BJu-^-zRDg66A6E8*kP)FjW z1l-SwcqzL3JrFNNdr#-#Hom3D;aVZl`bgc=@XShAZ~y2-wBlK~h5nw7!pkw-^GSF) z;s-kjFDK!i&cVwO-t#edIpX^|1dm~ETJCM6^?I9ZXj%Red8ApnpY}rAZ!x8nhS{Bu5D9?-4@J^o^{*1 z*|iThoav_Wd8%BQ>Z+4gMXB|cVIO&r zs*FpmVosPPO}ESk>omC4O7|hET~^k;~{*DC^)=05qnO7Fb^q7 zLRG+a7~x;gLY4dlNp=VLOcZ?26o=uo*4MEo;nY zfQ$MmHKmX>U5TYu%x7I$w?HD44HA?*W}M=1`UE_EdU1LF_T=R;_~-eXOW6m%9RCx% zI=(!9`qXrZ-m1qeHLA4uHL;>o;AJcXMT?P#b}y+f(q*TFkYC>Xczk(we04kmN2hN_ zSI3v&?C|xmp~>bU%O2NsUFuG*)CrTuNgwN}!ylbzwwyd@dRgiBpo zr=98eWDYcCL@3Gd%8E9Lnvl>G(_pyGviXO6mgWBx>hv7;eq$tD3r9u%-@U!veE#2O z&-M47kaTMuk>d1P6ya&3%ySj!aR_r^2yHagy@P(6$BklNl@~u6q4z&sk{gWJ#<+NET4b_4{*f(CQ9C%l`MXi|tltCwY}opM7-s z6?q`ryUN$e?zsBgq3bRg76&a=P*n>PCnx9kY7D^Q!i(j|WYON!(r+oUUrW9NH~*#2 zI~RGf9tz|6a>&Xv%-KLwBJmkpR!V!5Ei0n@%t{;KeE-?;w)igp=5w8inw@bi@&C_T zO|-$|)c-h|M*-xB^{+F|Jl$eUmpVz}tMtE}=Q~;bZ+HJ-XRy`(9^(1Ahx2wjw z4Z5E{w?vI^#m7s;!0-pqd#iQ}4g7q827@QHYL|zH`~2C&RJ`_7s5W^=C19h_7oTy6 z`L!`@klWf&-vV@vK`Jr%(z^1vlY~VP*C!jQ)bs#SR zS__^P^CSV3zN-TvjroxPNM6;cZv|UO0Hp6~L9jw4q#)9lbzs7EN5N#h$o}}Wye~ndrCzZO4Uf4F6Klf41(SaQXhquDY29^ z0iGal;RX8IB%)}4`MJUA?AciQxa+Y5s&AX%R7o*ulL>m3s`_q1a@`@ZSby@5xUCs6SO~m1UU49 z*hluEUpf<%4dtcIB-I8z@cDD!5|K@E=zjh@Y*LfMDfs-kZHT?F>@nL-;8^yb3LFY= zhk6;RXuLXtJPvO~!#{ygi}L-f_BaHitI>6O11Eo;9$#I*Iv-u>;gv_VKT%?3be>=o z_?Kv6C$Ew3E+C&t^I0CV-i$D=lcpGK7AAq=?C|yR>R2M=$u2xo7S!1`xxf!W``gD3 z5}tIeK`FVsRQ;dgIQ;qe?CSdM@#W~`{49&4DW`k_Lcv1$krC8gUtFFa<(iP@XlfVB zkN!Dw7H13AE*Xhjd7a!Mrem5am4sN#H#)w2dvbJqU1U;0*d+=OWT+=^zdwI=#AT`M zC!4~=ilAH|6tw?h8{DKWpEt|KfAq`A#r506)03BnSH}j6W74`=^61s^(J!OxtHYnK zj}9+io}3+?o?QL2&Qx@{cvOtG!xhTWpyU5_b$NJwbbj{J$Gb^P>(k@6$Hj?Q zLyRQ`*q@SA8^u~yp;Bh}I;c21zWT@cHKN+3@DQ4`X&R6*3>=<& zMXoBAsah?JetLB}63W-fPjv*oK=VsHMgihir=z!s;z>c^XE0rjHmR57))L30x{O1y z5i&NE#JfRUD7j9yzC5`eoge*je068aH#v3WLJi&31eBJap&A z&nSEj|H&EW(a$K!z#YlmX@7=bz-Q*23}2~UCDAjBj#4$1o#h^sy6H|os8tZST(dNe zoYT`P(6e4w<_x~z)wBxef`65Uo_Akb1$NGbD&emcn61RgPeO6I2tG8sRk;YR&u=w+ z0oP%;rG9>Ea$J>5-&!oU+-v0WB1<4LX5li1Vv}CIzjZH4xk= zP1^}Kz~jFCy%b0|VWj}fx6;bKXc(<%o+?zMJ*r@ccvvJU1=LRqR6ruPhz4-6TiQMi zFjKA+rr0I=m==H~hr|`!Fr_4piVZV|#{CKFt1{&bTQjl_IL3jr2sK&&^wsU#;pu5xTXGuOFA3p4;Q+A( z<7jTY_ayBB(=Dx}%Bqw$cxw*uWuN-@|N1Ox1v`L>`~Ureo!#91|L*f=Tl>!kdEEE^ znX%5=0c1Y4#MZxJhmtv;G`HgFLcMSqzXqVnYk6n&Cb#nr0OpeZ<3~#n-m7uJ{k9@+ zBGJg|zyY~ne2{D}99x8EgJ*kN`-DG-eL@MBRovZOonIfFpN-B>t8Z`b*RnyDKE84T zN8DS>4q|Ip@TaybSn(1%Gh@E=jrjc#v%MH^*74gb@rS<>|M~p&@$1u**C$u?pffVz zDh!rP``w$8*Jv((E^E)LtE-Fa(beJA==#SuKmBxkc|AJ$-{taaDaIM+(TGFNevBs* zL}gaID%9sc3K1`_;WtFV`Iw0gmLpk@kb5yaaEkG*-N8osQgTjn*)6!ELU3=b8@ARB zTkD1f)(tr|;U0_}s&C&iG;A;7{(P5kY{9zn)+*@wXdF)q2-t%4Re^q5;1PHQm77kk zI)F^#0wfF;U`!FbVQHv$?aaeebTJigOy(F+K870fJzv*7lF>d*vIFEZ0Oegg-~@XfIxu69Nf(y2ZRC40cJ@)WFiCb8Nv`Rzgk1Q;%2SR#oQzC4+LiL76BM)(uwqh zmCM7+laW}buYbJw>H5DcMr)MCM7l+k33UmwOqgUa~*Q?)eHEL_||Epa5 zSD9&KK2M^>*CbdKRuEwnSuvt|nDlGzyRAL<3Iu=F4+P=zYiF5J>8icnPibiX@ZWN8}d%m?m)$>d*Fo}%&G4*pV`y;Rk% z(mz>S;4?4#Os9#pI{mTaK=5tvN-Gk*A0b0>!`#;8r2$d&2vI92KD1mR4M%A6~s}1I| ztbrS2X$fTA0aeoF67iU-!22erpR&iQDPM9nTwRyrjykEfk6LqQ*cl*>Yj&}Z&KbO= zh!V9X4}5v8Qf1{5g+8J}>r^Mj@~kLP$sjPB!(QtRlL-_nS6dzh5>$^$&~5M-_}Js1 zE#J1&OGe0NJx+RjhSV!%l88R=Hu(05=)ZbnQoz^E-q(m7&IwBb@`9dfsC9NP53I!! zp}zDq8JW}ax_3~*e_l@o+x)v1Y=qK|*1z-j* z<*6w+k+UOVQk_};Oy=xFqRCJm7OJ4^LZ?j*5vnOnjRkdnn3P52C-Jw;HtOOOSz@PC z{%!ZkihSfCE1f{!TJOb1N79#mHDf;fAvgXeoT7eNE+h1{kh5GbvCd5L^(3q)cl0L= zL;=JhfRw_8*s3dLXC2^?c?3Bg2S{D=K(X1xTG z9vBI=hhoSPAWWTV71>;!&JmXBScc}eh#raMl_JpoKRdmh{qCR*dPmkxRqvO0jP&tO z?`O=-Nsxe(J@X+fdulmG9QNErmgw@LVM1&F=i%#9wcbmEnH5ffYp14o;jQ|s_?Dc!1IGmY{L(k0{~1rk{eSkTO^qfc0UG1b$KkY| z8*oMbmz~|c=lT3Edppm!_x}&^EIGclJjY;!-Pq)pmOEW)x)9syrED+Gzu27~!8OiK8Wh(E^|_7E8O{ito;1nJ|qF zTU`s4%r&cE>TAbCm2bVth=wNJOtG|lyV6GEN~! zQ|%yR{#xpYxSuVELyOiR z!*b1;ZdJD14CAdU7m|)Jld|66xeQ*G*}K^Mt<2O4MqW81mvq#h0k^k$xpS6yIHGeL z%Ax<6LJwVJqbBd}4_xldAoWVMSi-(5w`|cfzS5ftnpWtk^6+TIqG`^x3|VDS(24*G z@y;xUsN3^$Qe_k8nJ1S(&pg>gdgi(BgnD-4GAtlTGC|x-nbktM?F_PDt7ELG$Km9! z9#_0I>q}YGwJdf=>@^GRCL*w9@wwu#We`>}b>Zd)ED2au2XtAur(#DHv%Y2f%1S0x zth_8#S}B<|0;UMzjUVEuMk)s z`KsrwNImNYKT?k?1k#cYab!j^ zPcCJRd0eS$l5egQHs)EH$|fV_YNbjtPgM$=a>z?k)+7xoOTY7IHP_xqh_p8Cyh~K-l&dMK-PWKr z4q#a^zx4Dr7f3FpJQGmP2DK!xTqy~~FmvXyLoNAT={I7BSu#&P$W)2Fdh1aVMN3CN zQ(=^3A0+`s?vRW&rtHtXN8dj_zI--74YLm7-h~J1I9YOLe%+%OyP-QB33<3Lsq_pp?w?!lg+r zwq_|VIGKo5)ly2$o9vCwGMr8DaS|Y!`amcI*2|T#8c~)&s3F1R%a@oA!N(e0TRMqr zPGHa2|2Si-*5Spih4{TaP3%7+;`^A9^e>42GU1dTC8xCWb|gvZj9ZGc#29h7V_(oK z+Y<+tt%>2r%uD9*!IWLf{`QO9H=jFz4*(nOMp4UsZ7kLx7t$6&;c&g-oHhN&{0NTU? zyh8pT9PH)w|GnLvt^9wGN5$MJkq#-9=sIsn>B1ni!Ork9i=1o;y6#5atAy29%FRE%rVg@jdLat80 zya3{P0>=HdDa=xEm5`VnWumKZ|0`=5cKJOf943{sZwo1W5FKmwn#y!6T^Suu{(Xih>VC`{ia&LzyINI3#zO3Jx1i36rvSmb>eMXbR8`PN!Q=$58$s(Q*M z)>KYkRrhn+s-%;XSCwO%YrY&{>)mQ2ghD?(`$=%&a7qzlsHC6K2aZB{DAZOjbnZ?Z zPW3Y2kU|N})o8Q%$fG3ujf^eckbgO89Sd-kOp!n|qD22)H7Ir+SNSFl71B90EAE@i zQ_})%-|%nU*CyO}y9hqldRd%tLg5sZjZ3~kO3*;gp*OSmT!1Qks^(aU+6$mzB?Tz^ zzO>8IPP4i#?KoFs)oEg7BOQm_7J06(n@qG;=e63F2WF+Jv_#~;tA?DX=k`46>bs26Mcj@yoUA^4% z(Rr?Rd~0vpq$!wqbL~Nnri5a|hUM_26_`TXODiOaE*$=bxfXL0k$_AWtF{@F@EV64 z(OVcSYq%uTAhSB+MAx<3pY979b!2+@y`=dKjy+|5D}Cyj^*t3|Rjli49oYNYBNS!& zFcWYfE3%7m!LzQR&r(v|Ib5qksXGjSYXooK2BZ2)o<{5ciUFW1;y*px+276I{|$Ec zw(I{xJe!Q{wABJ?nAN!h9oZsNmpBp|EY*TF&F&n*1-`7^UDkZXZu@^o@TNaf$R=lK zifzoM>X=P7U#}drX}K1;xiBG3xElxw^%X^gx~KR)8BMi$fS;rD)6?UlOt7%m$5)ppM^&+P>Kn|h zLc`U`>*Mn`&X`k;Xt+`#8djs>{Nnud{O8J`UDZVBW4~%D>V(W%#$)#&vdZJj9ld^8 z8W^k$m!9U@7yE+H8bkANF{oUpgo&qcZw^1agdC3WznAin5Uj5cFRou7{;%tohgXNA zlmA^6udY7cWpSLAwQL(*Ya3nbD~ztSjbC$b@oTcDcV9;Un}AGN29+JM<`&X^K&FLw zG7dP+qO;UZ-kM&3_WXX53^oHb3F1)5I{DcdX=d%4!-we_bv5Y` zit2St**Xz}&^-`nPYeURr59@%GWXa03Y`uVC% z4!-mp`w`Qi2=1-p=U3+V`G@fM z{L+lReVk7t`EM)=8g2n9&wmaI`M>wJ`v1c`%OZQO==bsGis|{VM=?n%o1B?)dXS=W z7k&JQ!xB?-Gf723)5Ky%o75<%7BI_($l;OF@GNMRlc4Q6(EU8C$p5ARpexUR277t^ z|JnXF{>y_rD@S&|hj1U;MWHIvvqLnmAL{u_v*7mmf=`9~56G0Q7yP-7{6EN_|L^WU z+sgk3d2+T>V!W3||KCJ#=fVym<+4A{8jzv+;m-2`cm#fl$0$G?cq9yw$MG%Zi_&xc zG^(=|%sC11?1({nmz?&?c!t~98h`3%CHdd*4xmc@@9sX&+y4x9x92|(^4zcdUwT!r zT?W2LJji9;zQ$$1^3klb{oAfIU*KsV|5pqCSS|neo;}Z>|LhK)Z}tBNd78@qm19J1 zh5Pd8kP#(w4sjr7mkI1ARCbj3Vazy>t^=9$<62zyEX^0FTXE&0g{FtU8a zx*(=1dLoYkSFnbd1}d0|Xnp_Y1^XW`!q+!w@x!+tM^~fk!;6#aUylE2g^>Kf5e;E* zosTOd8o=4LRvfRxd=Q%2fdU#h*vgmJrit}^TpivqJYbo?l;^~Iw}|4& zqH!dFbea{*eE!^O>6;#gGae!n93a(+eLj!+$@kRbN?p_BsAh}MyN+bYoFUj5D8~@y zQ5YdzGKppX8yV|iiiqE}yhv<^FF#vL)f764tfk*YI6?sqrMuTO>!RWl?*`?4Q9O#R zHxx-;av_4!4smEaqHGUOx$SjvA?SkZYayntt#(Ajmuh6;eWMi@gHjF&R{!-lb z_YI>?0wXQ&fs$g6z|{+1;e+4VKR3{doYj4ATLcmenfCBjS#ADd4U`Ew~>6F=05 z_^ki*+nxSXF*Pz?yAh<26FLO_P4@QMU1M5rb;?UhA^?K`P&9`)#Nkx0a~*JpfKNb3 zI0zB)0iO}(Vk@7LDC09cMIVNS&d0r{Pd2Y3*Vq4&Oh}v7|DGK@E7*VRZ1aCV%+pl= z%f$$lJTa=Bcf0YPaH}dhj6~M+&B;*eF8#$~fu`)IEX_xmaG=?Df4ZQcY2*Ju;Xw=B zw2ci~BQ|I{)N2F=T^8NaF)W)4ZJDFKJg#NFU@@pAq|;pVlCDWK@F9Ys-$mi=54k`F zX&JF0`auS&FbZcsvyINTy)1fWp3aicnfDe-(u`W$1X65+M^aNnKDe8q5X4Mqlg>?8 zMyXvdC}cYm6|$XC!&eTTQzGBLbeNnafpVOoa&jd~qindQpk~)4NNg5vj_DTC0FTwS zIu#04ZNlTes?sm5`5s)Os_7y}U znGvQKF)Kyf)2%j-S3_OO@O5Tw<3K1D>wT@4TlM$*Heb&aqoW8kkUoZbm5&^hPf2G0im*&Xr^N`O<@_)njzdQRy``^L# z{_jDahqCS6E(2f0w%2OHCT)8&J+sZ^{s(><$p8DY|8<=I><;#~^8Z1e-1(0f@6zDs z8?gi4E(FW$fQu37myXCbmG<^o@2M~U@6G=2c`^R??%?^>|L;MbZnwKZ`@Y6{;dTkw zxP4!SQg`VuX5W`CX8(cqefgFA4`JU|;HIs8Uk&@d%us7ngC1PZ;O~oN%+7RAQb6@g zmR+9}CPc~3!gNVQiHF#-th^=2b;VjlWE$v)%vb>GGnAh&W&9tQ&t4J6&yeBsnfmLF z(3_0;le9BAdAZCaDsAe@CQ-FOtZWihnA8uH^(k%DeW!d%F+GHNRf_GQ%&V#=*JT`X zJV!k*W}M7N#JfS#J}L#+b=pitN$Rn6U>hY-mGCHLvXHxF%LqwKw{FzMSPp*nZ7o3I zgyn#wZ)yS1Mr2~?4&Y)p2TXm?K0hp( z0jUeo48L#vbV5(Q)(*QoYUB{ z=FSsjrOcP!V}H$0{qvuQ_%P;#c`!h<(HT(1`On@?(f{-L!S?+BL7r~6+bW&IV!THl z3~)F-cAJB?4NHhkNOD=+*2hP05#`u}!3FUT6V_>bl+?YA;O38$>YWPR^GT1=oD;vC zY|pBbIOT?uKaOi442{i@-uASBz0H#^an@)*`KUG!-=)yLvqbS6hlfEx?vS6ghWDbl zWTiB0l1hwNi}k=N7+J`3_+i6sfFJIq4H~Sg4Pvw? z2?FFN3Au*g*R~hM?G9+G8tr$^3W|&&xJ19lh;eop`U>q5X2@*3?};BWrve*i3n%n@ z=8i1RO*4rT`UCQcI=8jui+b~#_-F{)LiD${0jIytr@sEjJa2{EkN;Jz|Ls28&)a_w zo*iuS|31i5s{4uIwtawvBz#2}e~IZ^xl_9c;wcXGIp`yB2bubrlsvgOTJkk}w)zN2 zQ7iYP;Ns*Zm=FqlG8LT3d_X9k;t=?Vt2C4;nDi(%148CeQ9zgv`hZiRA@-%44!|LY zHx?-uGU*;od7i9e>4L`nx{4J zGz70>#^uY_RNJ5b`Yv(q%J_R9k&tl;rQ!IOzX<-Kn!7oU*L`d}q%R5KKj8o|c?fR& z;7wSpmy|?~0m_XF6+hlE74I)MM3*p}3Z8nykPNW(o<-g@e-9W6a2S7(#Q`S(dO{Nr zMOu&a@fJ|$Ti~zq{0YF&*GD)&POcV1rvilK+OKe1{GyATN7fm3EC>Z{)!^$`ZBtYf zIP;RKmkL~4Qmozt=oSUy)u5f3Ck%NWnMW6tOhjKwhGcOR1u|Y34APvYIT8gia^~p% z&$`16%eb!aA;-G5NRj8;N-D`-?E|fL0povR9ng2v`^Dxf_^1p43em3gVYpGy*#;xwn zo18OAap~SwnhbAZ1<|$f1fbum%C=7l^nZi_3_V2KdR(nnBe}tp3l~%IW;MN~V9RRT z4a}SU6cXl1O;5a){iGt{zS!A)rv6--2TvDkklQYI>+lCmY}Z)+Z$AFR;CUhc=ibil zR{lT8v$@y~+hyQ>mx239^j0zdlMQD#Ak!%hr(LC>Zu0(bXRmPnv-^B&|NStJUhYG} zU18bhFoaWdeiv%9M@vC4r3HtK1c#g|2I9faE4m(f{fh} z>bv6X=gOBMLIFcdfLVM9D*$C<*KE^U)_*GGe-sD7Dk4AgRM~&*KQEmB@9k~lzdXnz zCd#+^7}-R81;ZcmGddFy)=aQ(If-Q1Fvk`2@88!iIlgZ8!LoAou44OCl%h6E4VUXQ@gmtK)#AB4}%VY1{gz zYwQd7#QVpMVh;-*ds0HQaez(Nk%pwCOMS>{COgWbDf^0y(;{;8j`i3=XdyzMq^&ja@&NR1|gomBr>2FN* z&c}}>{rm}V^52YvPMuOI(b@BWJnTP-URk04t*iRUr}F-1XOPwZcAoDY47U2;Lp;s* z|M$9`|HB;}KHN6G{??pv)`b!7-k`-scIRdAR@$IjO>pG@6RX}8xj|uyS%2z^PhBp) zRV5Kjfz)eT2?h#7|1gMV@GPE#z1=#E)BBqnB(^p(8G~a}BS-%@yzQ~%h)k-nqMC87 z)RpTWc&s}Ao$|joL%|$RLqgFeWK7ll&$B`9{%7Z4Z*S}W@gUD5Z~-|-G-QAipvGL~ z92v(r@NqZ=5%g~06tQ0G5xAOR23Q;^`#Ls5K>!3>t0)yXoOWdHMviZh^d+<2Oub`p zCr=-*9ox2T+qS*2ZEl>6ZQIVq*2cDN+x(sU@8>yHr)pkJbxqZyJI%zJ`dlP zJ~fS;C|{fb?D#<(h=<6`cYordHcuonexd{pPk-YK4N{5@TQzP{y#^(}Gy+6pPoHWs zUs%v%!anGI*%)~9cVPa<&_705Cr-cld;MgLo}3)69Uw;T-vG9)<$$Xj!HxBwKH&kX zjVpiYcSsQTt$Dn&)#I=QRJ2%s0u|KakZF}0nktPehWf2WMF^h5anOZxBqkMtLhDn7WWSuT>CKLJv;0v*+_gCs$KvzliNp4P zM-xllG&WfCR**u9=OvE$xsZ-@CX%hWK`-F=m%i6EIojL+`qKUnjSFiEGKLVBL1g+m z+E8@pdh2t**PXXEggYG+wc8f77 z#Ol2XOoHx1DPDcI(sHw^tFP17 z3z^qf5RWGCoV+ecA>w(9U8n<>t|bILLfo$jJwi?ebQn;H1lzaEc?S7J{7sqPd57w` z^UWU`ML=OE9JI@g?mwHblXzhvuFY4o&Vtv)9H$S$ z9o-Hv=yHMN3-XE;gJ~cM?uAkOYi2tjNW~ABl4IswbOwOAk_%;z=_UI?Ua4S4LEaKo z?_XiwC|Lh^vT&1r29bn{FhI^tuA8n~wqO7WkrAV1l*AXa{wWfPm1+_c35DTO4KSnP z&Ng@Y?lzh1Y!8Q7bwpB>P2|VM+lQvlyvyps~2v%v)o%<+b zY7<8^7Qw@a^%I1VQm|TO9v1>i#b{YLDm6x}o(;ta^%Hm7*aUzli zoJ*y)Ej;M)7{dx@Gj0n?(jly>sPh3H!TFEhNbSJ8b-E%b5RS;bKv{&0 zJq=NB|6Dk@gHeF5cvX>$g!2hK{u*#DP-qY|5^V5n4)T!*beJyHk(!KjFPGn>nEUiK z<12~CmC;AyXv{Y*HbwE*+T~oLOsOzq$u%9lC0a5G3GcqSAER@MPnGVC+KinuqNV7g z6jJ#p`22(zL1B-E{lN1rVI+M{6m+bhBg|E&IWrFqRk{+3BJ03dPBK;1S|ZJEf0>2=1g>|wRcf8+X~Az4SA zCCj51Ru7oPMQ@>2i^F??U$grEKD-n}d^|vTGNF;8Aomt|{0(a6oyV;FkBDqw0rF2m z65r}|;@W!aEU*4iy#Q+|C$Fng)0qBoCD$X{D1-~ui!pk+(XJfw?%d2}Xr&zI2LS}A z+0KVqqY}+cn+z{?7yFD+!>t9+wxgg4KqF%@;vMV&#~s>A67KTBkcG6o3Ge9oM<+-g zhmYN?oW0n5b!U30QR44di#DUDV^(y?V`&hxqq>q;S52aZa6n6@gbvqRvgm`;{zuB)!Ehx-)6g2qivZUKac0a^5h>7ej$|Ja+Qq)Cs-8*Z14O7)ZXu~X zGDK$k=C!k1T-hpK1asNpsH)A}%S)wm)~ZtW+T{@_vq&XyhGimfY$Ms})U^Rz^=7)j z4rCh0!^)%TUD%8Po;@J&n9z9W(-%_z&i-Qydlt>!{TRvcz`{3FCnk&e@GAPteJ|nY z4;P7Aq{ELUf37JUcXcik=!_;VOI+^!R!Hr%>5kL5vI?&KIgJTyRqA z9wKqmCZ({S*BnN;;qtmie&`qsh*=+CLI|44X<07}uQQGkBu68?TREA@nIv~DvkQ+G zN99ovi9Mx{PRlt`Ny&pngX+4qWRm~|$R;qe0Npp`p=-ZVtR|j^%62DK>y$v5CL;?H% za7gaJ_u@dt-@8=eMSqkL`i%mpEbtvqoqT8y(B1nI*lvyR9j7f+j?VG(Ge_ByH4 z*H=7yCG#mJ0@dg0p}O7*m~S88ZKuing(Zxug_F0_#%i?o?X9$==SBBnorvTI6G1H`k= z9#5`?+$;~=hc#9uVMfZNF9jKJOF`yA9Kf76rryVH`(jODXtExi6L6;?sQAMD#?JUg z=3wOZCZ;k;w3IL7({Ho&Eo$)YCsc3MXdliWncw`DT_T|C6+E(66TPV!DeoutV@?v| z5PafI^edeIlHL+2v+;=Vcfp4FYUe<4j3N%$?dIY4&ci-0Z1h{=|KQO(g_Bhud}*Yk zm+zzG66=d~BgdxGxMrXUbDfDWO3r3B*Iw?rvB=jsmKw54y7w8)kDz+{dpgACcy53A zC)0S|BkEtos)>uSl_N*F&b-)#6`$cQ2R+pcV;2xC0@Jsb0%jM^v##;%wVIV(%2SpA z097f_d8cuk<&qRpg~(gP7;)4!sfUQV4Z`~^3v>RrtXfMPQ{(Nm4Qt+rk_jcDGRp}P zlc|$3?XO5)Hb@A%e|aWRP|j_>ZGt2X>(C3ARI-N#kXo4EeXGt3bFBJ z@t1p{_vi-$k;Jd|rVVe~RSOcR;Sh!fGBKW+Xx)CN^qycw~n3-ftjMMQ+(#u}U#h!`Cnm$3vsvg$+|s?Em0M1yW{xpjS2CU zp;Ch~(}KuUc#|y6->tO!pEKD0VxpzidT=*|{)FF2SsZR!%Su|eyg4E$;dqYOs$3jy zTjNb#x8(FVXn-rZ_!i#)hx!tyL;`9Jj~#OT<+_NVVLx~Hk4j$I?YjWsc8)98y_i}O za#I+`9jGvQ7U7mEReH`$j82FG^;QbXmAD>zAD;<%H`t3N8gM5@aD z=YQA6b~($?@hbVngO&G4XLosPnp1RtbEmhw^fx}?ZFRCt00XgLm>vBPYZ7vAEJ&vC zwi04DmGH6{uG_9h=5ZlBEf~+lsKZ@I}aJ-_FjH2dj?5n&I+XAgdHW z?Om+YY#-4K)w?2zkoUOaE>S|dsjO#}aD0oXPj1{mNNj79t+F?60!jUV&F#fd{H+Tw zK~)YB2c}DBz9aY>XTAd_P1W+I$FbFD*h>w6m`t;x-YaP#mpY_XpDX2Y&|X^#9d_fr z75eAlbwE|g)GPC&s6YErI@y(XJLh3(0hRSRpFU=oGCsNRsy7NpB)78^yIbK&9L<(4 zBamXQt#c0+*bS{?HM{5#keM^#d~H(0E*ArZnZ>NwX@XxDT;V)8<4@-A*lw_rn19{P zR6|@K@3ArCuk3g{e>Jz8wc6ji=~WUHATPAA#1!MS$P z_~c8|TaUx>Y_093@$$~??gkwFk*kJ~4+zOZ`2P#yj1@{i<$_1_h?gSIf6sb|$!`W#ZT zo4z`q{$@qWJO0oM)=A`PbKA*X5-xA7w0Y0Zkac%)DqJz6!5&8_)FWOpAXp0haQ#x_ zO6;t>;{f1L=T^p|+5bnJGTXJT&?-SXSbOC|cbJ-4Dma`3UAT^_;&J|M$b@C-)CUBn z^GAjr5e3xKN>-B2QRMd~5n4pC5gmb$0xGktsnC=M}6~Dq{a(ZR{m6PSZXO_LRCO>xW z_|+dR6m4HG!q5BTk%NiGgQ^2$E*@Xj4xSz`i?F&ld5>)EP~lVs!@p(1qiAjv9c>t! z=FpAQNfd}Q)TxOVZ${R?BL14@MSyTE;shq&V|Sv0$yL&`dXh^ue>+=-T0p-W*H->c zCM!aD$iUe{(LuXTbb;<%(6n_TF45)R8c9p=Nrqq>nBHEZO*Q)B?lOJn zH|c6aWXCn7|C@~Lfgq3!W~MtX9;agiYdA)|wQ79pP5cz>rrvw7j9HAkuNVb1f7t#M z_fB@-8n^7e^TIp@{JCs#U zJXe%?L`Sb=egdfrkD0;bpmdvS{$00I*u4*n1s$NBbG})6jT?7k&Ly;~pvL^qS)mPX zA6t3f!!(6EVf-F{+#jQERc@S-VSUmfxPqxi5v^In`5#c_VX(8`=J;W-KnFSU#RT>I zQodF11|g*BrY8KAjbg|U-zmAg#y@Rb1G(_)cHAbz0Sq9;2V`azBS$f4$bm6YdrP+Q=zpyQA~wDp$D zxYdAhuAUu~6u!W&{yxh(SIi6tqlP|D|y|2G{Y0P(r?&4BRG>k%qDI2%PU zRY$7IEYES&M0KAOCuo2wVhy^MDq^U`LINsHL7@QgaqS*U)}K`(NK0H*@*Rhoxhn+u z8MuQy5UwfuA2kAUB911IXr3372>&f&fg44wCRKL-tm+0I^k}SG+PXOlGx8iCiAQ(? z7|TVuja)ZpW>rxp_kF!?O|`kvu<@WN&NtMU?x(X2RT{z)ua3nu<-ZjB-+F|saZth( zYA!U-7U_l2S5yf7cwx+#QFx|sGfqJ5_!zaMIUKx1&|HkaHAb8<1+ihwboHu9X5v2+ zlJ5nt0tqqKzb4;Xi0(Yt;De{A9|s!gRl5nGP;q`8G z($~R*@dgXx%3rBf!)@9HFw}^LfpR5hlMuX>Uc4dW$HeY{VZInBf8v88tNXLMY?j-J zz9rp42Yq-FIe83{UDyf<79_HyCK*DLM-rq%*zJl1S3NuuG5LJZZq=b-9s_s zS8qaTO1N_+0}n;rmfpjXU)M&c0VUc*6vU{JlkZ%q6F(`QZVSkehu#z3|A|gn7Dd7? zC?s_T_G3~O?+)R=k(%s~J)J=OgrizMr!f<%X(`HljPNlKgnvmXy2O!#dBK#HonN5x z`%@tTj;g51o!GzxCl=!Jv&YjR%*cA$`D*01e-eVeUdejUZcsB%XHAG~<4_!so)(U= z)~fm{gmORnr<{{u87=Qx@2109rD~vMra;>Icf(Q!B5q(Uh`bCsmR7kno+>wNxS&Bs zVyCZZS1so+hw2x_;*{@_T2qhB^mw5D**O=$?DN_Dpa#wJpqY9+Y~jLk{NV_3Jg266 z(t3w{C0k7ATeFKJDoUl@=qd01kY{^!)m!UL`QpFnra`Ip3eNBexrm~ zd_Awo*SLi4X;8bwsO-eN1lB1n`#*aTdcoSG2RWP$+8=c+FPGfqFAkm^l|*ON8u}9* zUe-004i2Ur9Nwj);jh#En6BR_dAQRe+R$(FFsrud^DW#ITi1sAhfC^s&(3zU0u(kJ zqQ7Prts@!~4Ql8sh?7mIic6G=Ai{Mj=ry0P_zb*|SQx~vi7gd+uAd<2mGn#8216!f zSxIS{d|Tc38c$4J+5_gp?Xf+Y!CzEws^2DJhE7%|Om4Zbtkoqn7aXuUQ7Ikhn87 zT$N>ObD0=i!^COS*d0}0)3D@k4}(?8%~rFRy87qtM~Z4leGMOO1#;FaG1;QZKM#oM zqWGhNq8n)rdP>(B>I@oEm7OXr9fkU6zc0$RmaWx;F2GUvU5~!uVb+ByS=~_Ub~0PP zvJ;@Qu{W&~u(h?dA-K8?5Ew)izL5xR5s7Zq@nk^VahRR+7UQ|Lk{qXbOhl(#iXq7zCs zTf0&uQW@v2yawO@^C{0SDtuuqnZ*8azmTqSgSB$b^2CM=4Wa zvJK62ki$FLt=+lsUP}MGF^!0Pmvhrx)cf!YWiI1O{VmT;tU$`=hU(?sz3fRlL6!tv zc3Rv%Q+hMTj37aYEnJkKQAXvGF@FbAwYVFdD(IW!jB`$&BCMxTG}~(UBAM;dun0sILBzX>t@ldLy)0B$cUlwXtp(XMy_r2QNJ zFZEBasMGYXuND6-x9zW|u@B0cRJdy5R|UEsD_j4_GN&Lckξl&@jSih0YvE}y7V ztV0<;`(_HKQ(*Qq@Y4gtL{PrR^gm@fQjb4CtBgC~Y3oWsF@zH>g!fIurVZaN`-^lQ z8L`CpQ*5?MBm>dk@kR5767QW9+5|1mY;B}HNKt2p%G%o^IB##4`KJ8!R56%p0o19Y z0v*uOgA6m&Y#lU6w`HyNN1&yLIq%5PwD$#pQNa|lDhQgW5qcCuVLDvRNL2^Uq_!9f zM)f=^d7BU@ngs1VE=d!gdy|mdidrB1;Q>_};35k+akyWhFn1*nt=bm~7v}Rzz(inKjz&-DD8Wl7?evpMSEd?PKi4| z3gG(k#5S^#nn!{`U`X(z7lG9r6OrLH!|w)&q|!g)NpfCDNQn;*DVXDo8Gg^}pLwTI zJtF&t1ihs^XQ3=M=k(w4=GSCbyt9m>!~KTkLR?oQvp7FX3G)xV_M;}afWeC->X+_t zacuy5W8PXg1&x;_Da+3KONq`@Nki*Jnm!rvtm!f2!9NyJ`kRJ0*>$wQ0HJv0LfeG~ z+ck0TE1HF3b-bPJ^oaHzAud_?Mcj~ha`rrgL3t&(gZh^=HJio%Tt%C_6 zyb=v?Py7U?jL0VUfXYWizHiHhKBJQwRtAqKuvD;5sLS4{W{~dgOtCB9Pw>tmbH1XR zOk^#rc!zwRv)QMVKu+`IIk=pVOTj)-)&v(mHO>ieBvmydWd(->&iuDqqnw$TWBSWZ zL|l}l`^zTFj>__bN(ir6uuS({`_quQA`0)<-jp>zMtp9`*P^PiYRu*}a%Uin7-hS0 z(%^T<8qXNq_P8cWTHgm|YExm3mDvrz;zqV}V>m%vkkelrKF3cxR+@erW$S|XU^O?w zfigBO$F-OHOaMVl1Z5qqA1NPS{_n}TuzE&tZuj--Xcx&og=+ng8SqP1UxLyoFt zyyn03HRa?N&r>qZu=wwJ1_kdGr1w(wq17h_&u=WAuOwpp_p$CTa;qzxqXv*gp7?Z! zro3)j4g-NawOi5L^fkfAw;3vyW_|Xox?DjIf^BR7a&E@Efs2r4^H+a++a}uY zyeo4TixPluyhY*niptYE%$8r~5Q}Mtq~)Ijwv_Krcyvy^GwUsG^*)bz;1f6uOzW_ zH@d){*pp2vD#2_czu|>EH>^Hl8G#C&q3%SVP3YJ#d&-dr2YPFGUCu(+p<+!mcG+&a zURpOE1yyp1U*khgC7smj9vCd;xr=8Ac*!nV6ydPYL-d0lzW;nK^`2%P{zziJ{sTi0}k0G{b1k*^C*eN@^mA9YdHQ6<86yy%G{+5u)( ziwXUSJTb$Lht!d`46C!KYRtvVduoovd3q3jVxVYl`WyxvxIDEXCLp$8V6x#)HOU|M ztKshoc|$AyauYmZYj%@5fSTvkcZa(DUV%wgx39Y8GYhdU0uj=>)L#4p1_utu@B3jC@bMDC zH-jcap8Eu_D9nIcN@uTsatiy*20|PM;?F56chKQ-RMNjwq>F}go%c1Hc>j{a)g217 z^@(ni+#eG~gVgfwKO_4!8OF~$xH_u+M>`H?6F2wbl@6>7PQ=A0ksA?`Ye>My6iW%& z=IY?=7d8e&(ckFxkG{&Ys&=e+lV#Ure=_F16NsJVU+5hY3;DnKA~cs)+v$tHKfXp5 z9`Xcw1o+bWzh-vu{kZto1$hN|`M%yP0k@x?H(N&9V!oGdZ%Q-9pMs^W+#u5efaa?E zJgT030OIW@_O$=_^>sb-ldnKj4PcCOW??fPGLdjaTN0TAz_32o(OVTV9q zu(vO#H2w}`{>75OW6aLHggM@26O%sjy^dD%<3HAA`)a&bp-G#ol{`ud=~X`R-7{7D zHuSc{FD57V@oIub3#kVE-%@#rb4CBI&@~@-WO~A zOzXb>GlE1Wy zJ7`uO-fTAWM`U3UQ&~GlFgcoS_ncZ}!tG#qe+2H6oiQC!y@hSMZD6lchPZ zj|KSLAk>%yXnE7??OLK!FLWHGi2j<>=_NOZ3KUb1Y# zt*LolS=QLND3ApnR^0D#36#`igV!Fp%U5dT$xSin!zM8nk&ZO>43}C2&iw12yx|Tf zDmY;lUon6D%u_y(|Cc9c zAGqmz5NbcgP04H6oJNCPk`ylU5k9OI4)4_NEwA=_k=|UX5HTg1hk`Aw{uZaE{8<7) zK*kI!I9#{9B@r!(qnJVL{s|`!3VNGL1}`O5SgOpX1Pz`7HuQ9*_wd6~4IxK!`lR4q z>a3bV;Ias-V^s~x32sZ-N!&i^H zg#|TC+KQ1kT&4QA<@(e#mF`%n2Ot2nO>63X z_5Ax$K9v4YH8?u+1{g_!~IEI2U@x%x(K3yynaE7Xh6ek^B1kV@45la_7F+_;O!cgllkW9 zURM?@rPdE)K!|^xGNX~ofNsx1*<@Wi8ge405W%1T)X%?46{rANbeMA<@GJ%G*D)Un zT#856iY7WunW{e&3bMr6Z8vO6sNx8t6kx#)n%3WwTO6vO*jQELZ+VY&RMXD>BRxi} zU=dB7OB&h<)s-W5d8EF6UhYrPRSuup595h%6H;|NirGRMDvwiL2_wy5!K_u9gy*?J zxwyB9o~jEYmXa3JeLrgn5>%!_0rr~ACW?qWG01dP%vX` zM1}B>A<1IYDQA4C^^zg}OJU2+96RN>%Hf&|UjJd|Il~!mjv~&yIj=+~h&IVjxAsjS zR^pshxy?8|Zic07nG7eRt}V`O3%f|hOCVpm8y9y$?|16`T24nF=>qlLNw=HCHt)rB z_*}0ln64s}2CzYCgMvKaQ=OSxW7m3gLWHde$@wtv3u?rG3?yT?95QQr+69ePNGvLa zX0|uk1&u&H|L9W{d5pAclWGY62~k|kQv$Y?eQa_a=R&10h!K$s>!?fTp&9b^n9seB zsR+t(`#)7YqrqEM4G^E3g=|FHJcpr}3usl}q}&G%obfULN$HyS=X%N&P*S#GBdfcK zL7@qp(rrnf34OWP^Lq3`|9T6fFTs@r2CV~KE2NB>q%%!m)-g`>#+)aNx;$NpmD;m|68imf!THeRq3dLq@B5udaGzvwh0;-Th!bB6{~9%G409BS&cS1rmd)z z{(euc1vshfk@6$P#0cx7N<&23QDLUdX>)fQD$PCfrr#@UOSY-9TB~*7pm1_Xqjn`D zkEw7)%Z?{8n6iHOIXN{tQgHFg0ClVvad>SMDZ5d;(r|d!a7raVbz4nUh{JtoN{O~? zs_)$F#U|VihK#Q)#p45yD)%fK^cT;K0zIpqqs(}Rn86lyWe>2WpY`u@fuPS~fz)2L z>%^$oj`zxy&@2}<;Hoy59{vNmxMG%Iix1(3n!=d6V(I44#DbrChDuHhjAI(={UaD+`K zkSB=A#^O=OOGM-dy~d_IFtbWDR_w%pKfj1IIVIh<+=i!OS~Mp(3%blg(h=HNv0dE8 z_;L5uh-%lxr6J*?R;FCu99yl8%TAmDVfzzrt<4zU`Xic#&r zh`0UojSEkDyN6?p5@wudwZZpxJggk6c@u0&UWIL(8FS^tJeEePiL*v`Oi42s+#qQ7 zz6>04b6{C~6$iqDSIBkQN4bJ#gGFCk43r1IxpR3vE!{w)`(89#ZT(xkX$Nu+0}Tc| zqLO+V8m$s--E%M7IJblu6b!KK{i0z6rdgBiV405g zl6a9!Ox5{!<552&cxukcE|S9|kMI}bgVqfGqyM;p;(g7h=MFi`q}v*wXDC3jb8VCQ z0>Gg&wLA_u5YF{dlN;(T*J5iKky;lIjAIeVujqkzaZ{L`NOd7*bgZ7luS0j@5}izd z15W8AnjG`6VdoA7(3BPi>pT5p$X*clzh}#QB7oOdm_$9#@>I2!tvW@cSR5-k7heQ! zT!M7_RI+vdUALiz-_Qabf~pCTYyKw`t7IdAlm8vXPwz8_{0l9_lfPgRiul~&%Lp&r zBShN2ZwsMqJM`Cs-i=Gd=H?cHt5aO5)^8tgbYOB5;6d}@?``32f)052VevKr4!w7Z#?@7N04I;HDZ$;^JaH|DCi4}G z`^T7n#7053&6R@`noeMv=j27QNbIFs^~|c`$LOg;A6n)xII;t27JIDHuclMhFXx?o z(d(V-T62;1?ghh2iGSZAYJjAkNa<*439@`^a(M+N)&MC2wuy?jwt$_O@$cU5rEUG6 zalqZC9e~l@OB(n_$vKR_N1>u)eOoi^9R&f-O5MRrj_a6IX=WAjKRL^ zR@;TCRip_)OcQSSsgPWt`DXf0d`;78BTn^d6F*-I`-9Yz2H}MZoLF11nb)$g97&^% z?~zWB&LychhY$OBcdrfx+2W&2l9CW1R>5P7a!3Crr<+^Q8*t|exE&de!qr4aCKNZ0!@&g28#fJri)EdKDtsHPI8SKWio*(I#3K9iybvs zTnZORIg3VQb-iP6-$REfbBB4`W6y37h&TxtN&!g?G7sDp7(1y%{;PJ3Ty7{6WAKm6 z3E0qI@kQy=%IHv2du?M!)tGdES~y{;t=te^9dpEhJ2s>1qkWTW#DJXnjv&I(7qj04 zba8u~1J=R7Ykw9kS;;yh=htFG8rfVq5#o?D*bKa}KSP5zqZR-8MW4$*cNzU{HMYE)O9(iYP=KWUgvh zc%){@v*=tcZ)aX-_}-QLZEb#q#YZDUzw86cl9&<&YOswV7g!p*-`CR$<%jo4oge{W z7r!kZa}4{ty>BZ!WxTlvyN!V)67-5$OGE`+pAbt6#Zl*6gsomfOC9(|<$=|_Qz2xY zK>to3t1g`1$5k&F@o>lb7$fAhzi^yZiCe#(LVc{7Ze-ibPl`i+#0!|i_eSB`5KSkch)bfzTS7! zb8FBX^$#yv@_C?!ZJpW?d4~$6Y@q7|_g%8Z;#r%ILS708s0f`%3o7kKP@VZNP$j=# zo$c*dI*&st#Y{<-qyGXU%#_@{GX&Qcc_R;Zpnm*?9dSqre*kvhBUN-_QexWv$IwMQ zN3NjFk?gQNPz&Qp@gQHWNoa(La9a}O4%gXO@?oX&M>SviI-@e}9mbL|vERfH^E;4) zL2^hg_``W62<_2&mpHcVr4m2qt*jktB4hgs8bgypD5%e-n~=BPg0erL zuei?D#~cG&eX{w2W`N?OzM{M~wv_YlfKPS~08r>W-c|8{WIFivH!-O?2XroMYY+MR z$Di2018NPYhx7n|dHa~}-eu@I1=TwGowU*?Mxbx;WI(IReXB#&;Yu-SF@`8F57yKcKq2Mq=Fs+aHd|+)Zoz}X@RarS)$t=>|IB*gBg-d zv?#r-ESE{r(lV2}KE6dDUb*(5-6l0^;lsN9=Fqcxy@L1)Y#@!>P! zQ1GaxlkaY(?;}de|EZLacJD^vpMkI_?V1DmM~!LkNBr0MfoQc@ZFdeu^0=%2a=Y;IQ^`){moYYqAP#!H5>&Xed7oYgk+@}uNJ{~5F*nK)*YLo4i# zM%*qSi;FS^VLTHuEnVf|t6zwdw`|EAtcJQX=kyTzBZs4%$x$QZbh1xA;3ERhX~L!6 zHEL{`QXU5`=hb!|_(6K{IlB4#Ry^!n@T5jp)WaKf zq#pzybIWO>yFqkjk5OFQk-fXk{cl@GJE4tYS01vPg9w$du+0pmtG-8*X-t<=T4aH| zogtllJh6Amj~30S6oJ+_2s&G%Os$CqV+hPhX1#u0WHE>1QF3SaMijh7&dF+8c?m2S zY=d%4(=~s3rk9nuY^O&)Kh|dV(H}b|s`)p(0n0e~^&3^cdQmCOCHWnI_Y#mI6_s=p zpncN&tl&NQZQ^nScq5wOJL%;U98W&j!5YbQkze|?G~>Ja>u%`dAj(ZQT$0YhW1YDY z?a;}Xp`byk(6`K7v%9ZIWhq6+VQePxwHF%F5BK}0kBz$n#2iNg1V>pB0gPs3mDj)} zqqik}g5cVl<|gU3wSq0&hXKbCDmQf;u^-!9lQnp>iDo;(NJ`&QJn?yUs!W=>z<<2N zlUy{DwC9rrttX2o3q)YHmZlEvktocw+a+fOI^i~#dOo@ZCRPDul7I|sfJI}watxq# zYg_xj$xk(v!gNmpik@fGj4yBhJ;xUsD^F}0>Y`8Mcr}&xp&-N>_g6^e4Ep5NvB{X} zLt7_=gLYY4l6pF6HE)hf5>S8pT<4Q)Xw)-TIxi7+Lcm})v|Gf7T~ekMHEN~XL zRvrm-s8EKLOOGoC?e_cfZ#%g$wv9~a>5_VM!c%V}&@l1J2bcQ2GV8^y66N6mD`^y_j0A0;11 z(u5M+ZsVQ0D*eO{yFHj1?Dym2Y1^qcC(}JvqIWbezS3|pd6(KD%Lse)&dp>)s)*r?f0rEe=UXOIX8wX4Hv9fg z9`r?d2^{2!=vH9cnee1YYPL~R>_6Y`?<_jlctC*_q{2(|)X!yZ&K15izfiBjs6V*D zLTE^Kq!!w%+dS^2iacG4kT&rj1wk8|cFhlq4B#djAR#N4CHW`4goqom*Jkp3w+9*0 zv(8xN-K%x;!1li9*+{W8PhIkvNA_?0&DYkgM7wJw)`~822?*IhkR{vQl_?*OQ3Qxr z+A2;g#S=m1%BS-Ffv`O5xJ!uLDb8#8-siof&C{F`ZE<@jz?El^ElRe@g7TW$|4&6w z*o%7L3kic_2!E9+5`s!NTT8Pf1RijR6<)V%I~rE)zY zO($nGkkt4|m3&b)22`K-Hj6uRkiET+fk;Cm(&KR`Y=FJF+?7QZW`QS zZb7i34cx1vU{c!*=KM{6b){(Osir~MU*_xqOO|O0dGPnR8f~)N zFpb?s0NdG0VWjF9>TgfAumH8(aF&MAkjUvc(c;ps*N~-IePJ!U8;u^-wmaOy4NJ_sTL$;^)`Hfs zm#WqE(uSmJEnq7K1-oq$ztIhzT+Yl;0ZXYIE_BRAxlrSXZ;)qJ0Rzvdmo5!tt~)!D zouLK7l}vnsilWOjiXwz`P{nsL2;_uShzvJN9?CH6l%>_4SDcAIxLAN?C#FX!4cI!bXFl|ILE$fPQc2@$SwL9Rh% zwR~w9&1!;trsC@#wZ(&b)oggs#w=?}RbsU&Es)HIN!#;b$*4WGWyf1#pw;J3HDYfI z=aYT7CTds+n}1bKi@l?X*$|~2Bq)tYU=?37XN;Il;{hbjT(hf>^kh5sP?ifYH95|7 z@Y&j4U#}ejXqdCTsh;*nywh^p%$>ppJN8-vH`NG@;cl?mq%fR}uEu#VUwm~TWWS;9 z*sb{tBKxR&1+`MQ4CvCA32S{=vD%#aC1t}#8ft+cO&OW#!1P-*=Q4jieb>R*Zt!OX z2cdRFO0?fP9c3LjyL@vdb8i23D=P1s(9(>~5-_iP7@pd7F`lWHgG3X)%}OOJ7_2`+ z*X!RWbr)PAG-(rVAFxB%o%rgmoGZLO?tSR2rdUvy7b&Z>$&}^ErKdUrw+l`R1;?=rTA23cvy+|3OT-6KNc+J)WcJIJ5#^;WPg}cL;Ya z%fbG6ZKU@DvVQR{eIj06O)Y)>6xD1TgSbYl=;R5Ox++o4IZ2hNz+S+>G0WpJZccx3 zq>?8l0O9UZf%H!#tI6$u^AvN5Wa}Dxanx@Yak(xN4g01HylN-z6THz(H}13Dww?%d z#T6mXYAvJb1%Z_zC18ET`a8P&4O>O#u&b#gwIR^!gDLbQa!Sfkl7#hHSll`0Y+H0&D^xE^73wii=GBD_M2gqiB#V!dphl@o( z$RM3AFlOfxfM&KXcc%W@x?|K965VtpL2=2>rIpsFjscx_bX_#MQhi=kWy}j%0i5mq zeE&uLv3_cpZ~#C|P5mchO-@eC(z}1SMU6g{%l9*N+E=FEg8$P7>jAw~sBa!TRICWK ztDExb2)y2Ek{LhBizQF8X>4IHt3c$fJ)_8`i2+OU{>g2tqPMh)bv}DhU}2YS5ql&2 z$o~od1_1eagQFoxQkJIO%1li#G(Nz!qc(2o>u@z7!2nRksc0cUQ8dz~0}Q@;DgKgS z#yt`OiM1ak@D%lWByjpvHIdS+uaq1?lrfG|*$HvL)zGCqf%slXj_`R7e-rh(V>0u9 z2Emar_Z{cOi#K$L6V%6@7cbzyYur0!=JTHkhimx! z&6StOZs(g@+#kCg_o#PF`ALcyj=8(;=J(>AIEy0j+gxwE9k&=$Bfl;8IHeJD*IkbK zZpUr;ZNKT>h>BYAAzF;ckZ}1|kYu7%vpICv-60+-z^!KU9Z|I;#mz2ybMqOlK~jFA zN6RV51RISM59uWaWTQk9rPRb#toF>kr#@9cJu1g<-mii2RIGq&_*_P!=$I}f!0349--H6ASRK3n#ZL!gHf?k6{=o-3| zik0zM`m%_chjMAE?|l;YeI++tktl))i*>L5MWRzkFcp;2EDj+e7m6pC$@`slnf9Gd z`9QQDi?f_r1cnJ%o#1I^^`W61?kqd-@|;dMh?dugB&tJE#6IQ%3PT(MM}VTJ(CC3o za8OvE4+=J1ZBU)2C$^>Z3U_LzHh}ned;gN9qY;F-M`8?iRC39-HLXf;%&%=hTSLJ$ zM1)D$pMERBMq#LlM}X6|KTH{zp%g>La5xV7bPD0;py?$}Qxd9aR&C@9M#3jdgWpFn zbg`)r3ORoy4Zy_euxyBY!+GVo;7f)^KB2O68V7{|nBE}9dM8V(KtT7%aclicl*f%> zzHETJtzK{E)#g@f3J=bC>1GYr%|Euc3O;)x2iL_a*nwypYmq?i^MZ0xe3cS;pCY9M z)lpWUX6YQX?B#tYrdjm`FZHa1)VbJY#b4D|nD-TC%fRIf2%zuOM^g!OomzNix@sZH zX{&>n*D7GjXj6|uvdXKho^B<@m3)=t$(h80*tATU;*g|LO4Z`1SiEXK5tLe_*eVb9 zeu%K-pnFR~tcA7&TC9pY_c+_y^fGG<@GX~iC8o^HuNwWY3=DYMeg3sHPpXV>8pMI_Wl z2vRO}H7KAdRG{DM&BW)i^c9M^S+jPDb@?^M zhK)#`0)#`4q>TG;{QkpX#{dZilrmgy8-*cJ>bW9pgrcb2l#Nq;jLWCc=p|4b=IjM= zNL6%)an#kBgw+vC{(1V88ZV-1cS^N51xEVuZHXbDt7)T=DHCc3GO1U0AkTSvq%two z^+}P2zWI3gOyVPOY2!qcx_4Q{}_p?*i#6aI;yd|+Q)2S<__Ys*<>r81yP3g5YI5oSB zxmq};MyyeHFH{N3(rl%)$w@gQuuHj{Ri|?I@E%;bpMj~_M%aF7m*wM_GlE*D}hGiCgwPwKYx~n1ddeUnmL%E hFA=r=*qn9ste(}gdj8nY{|^8F|NnJevIqdu0{|X|g&6<< diff --git a/assets/stackstate/stackstate-k8s-agent-1.0.86.tgz b/assets/stackstate/stackstate-k8s-agent-1.0.86.tgz deleted file mode 100644 index dd539421753aafb9ade13ffbe4bd875e972320e9..0000000000000000000000000000000000000000 GIT binary patch literal 0 HcmV?d00001 literal 34915 zcmV)^K!Cp=iwG0|00000|0w_~VMtOiV@ORlOnEsqVl!4SWK%V1T2nbTPgYhoO;>Dc zVQyr3R8em|NM&qo0PMYcd)qehDE#}k`V@GT?$aczn{P>~cf03x9k=nXj_qSP*|Vpc z<3J=Np{58H0PSd#oX`F~xRD?UilihvX;<858<_-V2Ebr20OrCt^lli39CdGAur8dU zkoS*fkn-LF&V&Ej#4{KS2G92Q<-dc$Aph^q-t*`GwX^?xusay+J{#=**I?&hXYcuc zfx$+wS3EJ}kp94IecNlzh#`>;`~4~Avv}O|$h14C0ur(RFD)eK zOGapv)?LCON$>CU2E7;0T3>qleeq|B{11qCvk@E>@_(?mzh995JI}WA{~?~dM650D zjN}kPp=ZrWOk6?^PZ8roz-Dmw;MowO1L!~Z_I92>o4ojb{Co$(F`7L0{O1Rg@4w&s ze*gKwV6s1%Ovc}TKR6h_cs3dDA9#EF2M6CDc)R;vYl=cdmCS7K4tDpugM;qg;A&@Y zxHlN?AN2P2pFKZ#{@20oa4=|ZC;5`cIsb2A5F@rR1#tQNe?HjR+0D=Yy=U9`{~*sJ z*VB3gewH&V0Jo50vBWd*sO2u(ng(PH1ED>l51hi|@K*c=;1N(?dggVHL?{H^E;tr1 zfcy)Ex0sS}jzVtX;shwM18~R*h=|X65~ip#1Rp<_AYjO&h^Hv@-?fo|TMPjN??)!US&fvkyFqd=zpF0|r8beB?_tPUu%sw*j&`plFI2 zrwf574{!*6edk1YWWnxs!O!w@umC=q;1Fd{3!G6L1UQ^3_$-6Tf~1=lQSxDt8%6o9 z7t=ssyAXd!xG)F+r*JaCp6F3ag%h=78Vo_ZZ8w13;Aq5xw=lrI+<3_03dNWJ9x!m5 zewa`)2VQ{H4x&(T2qrLKsMX4|!YLdh)hmh(0`)ia#Q<<9X{Lygn0knbo)Sw57%!xL zJxf$>!_f*{e&pq+!*u(UqOR+j zoYev|1OX1?4^LV)m?3D(x9wI722!d>J~hk;13d+LX3|K!GnAW3f)`_k)YLUEhoJp? z3>Q621V_#w^-+k!sSP`M*+Y^geF6S31UU4ur?`?#z}*b-8B+VPWHK{whl2o&5kR7S za(qQMBp?CgfW{%mb2T|MhJ=kn;v>1G8%jP){_Me+laU9-{5?*o(sQN{e9Yu8QH-f# z$!<{q0diGOq-YVEp#Y?fxm0wTu1RUhm*{yh<77S}-VNdxkk15ZCzEW~046_!NPPDR zVjv_O%pvz?vY?M9Fb>on_vrGZd)@&@rmhbN1usQ?+5s$%qF@0aP*`oaYN+$nXz5d{ z4X+5}7nFF;7GMSf7>C|WjH-}J5JUm=kl+Q1KtB={F#~fFhhpS?JeeShLLMwS`l|;+ z!5!WVhEwEAs%9GHP!$oPjCo$M*O}+p3|Sa@K`Ra!he41qsXQz|UQ97xh~7jW_z?*w zcp6hx##)iGbwh9-p>Q zn=1-EYmTPavfmpZ))mF7C2B4uBBF#7j|3+ni;yQ5odO}nG7X3^mBk2{+D=Nuek;=# z`2rbsajmf<#D!E8#Q~lGhJp!Tcp4%f=tDjaa>M|nNQh3qw`|QV;`=2YqX6-%)6rW* z@nqpZxgasPgQ0vUs(>3+N3Hv!mX@&wbslDB#kc1340$)~3Qmt8^>GLT%q9AO+;sq< z-V8BLAtzLbk{O=Pdf?oC8=zYhh^3kdA$cuUx{fTT-s!W=>qHpH5<*%!@D4Kw3zW(U z2)bP*YbV&j*y??cSZnkl2r%PfQY(#=8Nnp@m(M6d;07%icrOTh-vRH1Kzt8i=!5q@ zMc;qp!oxUIS%nWo~JMJB3FX!<)QT?n4YfP^P*Ug|62VCjxOFLY90t= z1=*H4#GxXfXW{drSe{_a+v^cAM{}YyAw!3LQ=b%7VF=ngF9xr1O3xgASf`g%?WC8~ zpDXs#>fNNNu)0YTvU)e|A6VTa)^5bu;bs`jhSrqNbluWUJZRpBPI4M?Tq#j0(+xJl zbXiiH@m^KWt-^jzdKz(Ib=MuJuCtYQE%7q)&e}!g$xrL)`C>L$=CoJP`Xgk>ad2UZ zq@>x0#OY~(^NOemH5`g%6TH+rg*+u3PE!&%oDM;I>`%Vme=*o^H$fA{L2y9=>@AjI z6Qw{Ti=|l8szY!xIV1dnB9^w&EhCnalwqGLoe~;-GUXSe+JY`fuNf261*N`{9u(e6 zZN&Gn(9&Q~a`oct9nm!b z7(?$ysD4EP;j#%-=)Nu#>Z&&RZ=rEA-J%I`lzCIjQW61VT?$G;+-$&m7Y0 zdAanejp?;hOu1Lb-Hbe^==T`0l^ScRI-8q(Y@$;&K$dT@3!htY3h*ro5n~sWjO&Ws zOdZF3kD27WOfj_w=@lon-W4`RJApWeDY}|b#AYOr_}}MWzE7sOsVoG~7^QUNYYf5O zD%9W*i>=2?6u`v@c_j4ZIqQ4J`)ZmTm4;yFU=_L|L^1JgiZXAiX~`5{l?oPnLfB`= zD*v*YmVAvN*ja@dj^~KP-0qa@t7=NJ<%i%Pk)F`UO{Y_~Qu%z!mfOID${}tzqmtSi zn^HM?R+>|#RIN3sa+KAcRi)IdIIVJYG@MtZ)T}(Qa`ZHqS*5fTrI6OnFyM%Wkf#?vmd>FseX6=V(=ON6=Ry_e=GwCM z9w@Tmu0UmOOB5|7)3HH<=)m9K^>-^bNDkcDebVwCT4lFXj|ZD=M@l-V$+jee|If2K zsnc5V$6FG_b99NIe;x*MgrPOOmqZ#@y^#gvduqQi6Lbzg zyb0kg#DQ3thG1tf$WtkPjZh#hZUv2kmyG?AJP#&5fQ;d(T;v2*b`51Jl!eGifN08C zSIM8t!CKW^cX)6z5t_g3$3yd*A;@~f0X05iws5zLDGz5G5gV*@SIt`g|9*sEU?8kUA zL3D)wjkK=A05q30si{#sA0sL#74?MP%cYU!4MGvXp}FN4BYuZasP@@_#v$uyV=b^h zxRK%?Q)z}E8~=ahqBj;`6#&&B2WdmFKNt)KbsKiBoKNJ~uhKqZ)xXzfx(PL{HD(AW zAs3|r=48=qk(7Z727tyAE72sgR#2)nSOXHxWokpIt*=bMA=rIUkB(3oy|CJpBo(S@ zF-3=9&&d`!YK&%DixN|~f(l)12=;bcEl+6yiE!~q5M-^2>=M27bMGe6KaOuvsLYI= z`)&#w6D3`qYt#1Vrf>H9Co#;^n<$AX?odK1xqO(}T%& zZW)1gjmmSJESb_}QypNG4XgWXrvXK};E|kH-LBL$14yR{ElitS<_1o=L>k^y)sF~8 z(wK>9YbGBvPVqSANbE|1kEB&E^1&UUH)1{2^x8z^FGy>*MCn(D>mG*q4mmdB@ciu33ZIN@LhnKIlaLVp(w&Nz)d9@9kYeDny|lvu9;_?tny z^Y>x8ozsS@5%D{g{dPxcARU0X*Rx>&@HYuxfcP7S)1AKy7;22n7l0L+DLX5gWMg$D zT_oFD7ouH_X!q~VrtJQG=&H4+Ywe}A(qjLBR9b?o+X+dTRKijdWlmwpQqkd)5P|W+ zF(W!DRG~Sb4{#m@vMtQ=lk002IWR^ZnIk5@U#H)%_4nlH#vVcYm`aRNI`4%_8%0C$ zpY)v=woH+KlMoH%f9WE&sHG?hv^lrf7En>T7Oj_Q z#iO)hFF62qfn9^ni1zxAlIOfaYEq~NyF$` z95_-Hj#LFhRTj(|^xVqxdB{2RX7keBNR}jZrVkF&NZIJfw5%g;H=UGzNkdjtkgNDRnz77rQqUAM=QXMs^z6K2_^do}njp4B= z+XE*Pkk*70nHs)W5kh<6x+CFt>M%=gDTvvZ0|-X?v`!2<5i0r&a&?3!_GvuXPG~&q z%<+V$6c5#!;7Oev8y0|VkT5TRc)kjCN3voMyp*MtTL@xExg>^!g8*@RSj;FCS_zCR zG@qe`99lKu{X}dEl0BbFGkfTW))TCpii`#_QAl9G+hf|7buDK_stf3*Pyv_!Q6&BB#17Xwp^|j~MUasYWOumglZLkFfuj_z zzL*_?!vImvI^fXb_!e`FSO*+QUt-n)=X{1JGh?6BPWD3PfN^=NOet%e%<;H%iZ;K+ z_Kn7&az88{U3RQv@I+b30~~_y2dz|(c@3lGv?axQbNJyUqI@AOWKxaF5SPYdur}yv^Jd7qNiT8@1tllQpi3bh#TD}>e`-ucSxe#hE*;{&1yTV41&52{%%xN zzWy#}kQ@Q)yM9#8%X@J0s5vw5&7Gsc+}x<+My=U-4=x%t=jVo@pv@EHfXuY%`Up$=n-dEzJvK*4Ut2SyS&@kp-$?TCoF`nvEw0(=Sq!@w~ZsDXvCV z;i?VKYcwILS>A{|@HEK5&aMt}kORLdd)W-oO`6PR0IzQ~OH5!cy>P2garw7B9nWi& z#KSyMFF+C#Qy?=ADP%9}dd^>uVKyJ16p3lcK=i&vlYaWXi;62!>xP|#%4#i91-|v}tDcXlR z5-%m-eon+o(cSNXcq!U@IuEz;EjYj#YR=RroM<=2c&%!PA_jD9qj^Un9 z!pjjq*g<$X3HNjkUXJjdkHO0k-`6R42BSXe&K!W3O%oYY+?yex6{d&ZtmZ*(2JL3f zach9Ad6MvK=^3sQ&$?#`^`NeBd|Pq@VXNyKzktxZQgH)elknACK;(99n>y^aU~crR z+uqHteYoLFHK!KyU>r#i$a{p?sx1$W%3uli`&m(X5}|C6pyV;*6o=C%;OWzg%k#Gt;KbxbEMpuVNzl^R9ua3c+%Tv=e z;-@+7Ovfj4peZ9lNrqQev`N&2gr=AV!)=z$KjgD4|EEx==dkx1BjH*&D)RsC?d|6C z|2})Rcd*U>`4G>?769#U)kwF8pl#Cnib3yc1|W3W_bHt4{_bGs`|jZTzAoR9m9cME z%%lSDYaegPL#nvYi$!^*H>-C#z)oA}eX0=Vfh?6zc5Wv`S6r$f=x|Dcl3%5eY^QXz zmEU>Ww!{!}^PQ}zeF89I0)3&bdFQ5FzAxamu_eU-XvZ`#JFIs}Z3lk&UagFocNPsw zyr)4JKX;0lORDC`FEpVo*17h(%=Z!^mq?tBm^W zqsy)#nafcge6gXsLp#T9`OFIlot902UWsEJr4b_MVo0OOgFr@*TMO zFMZy*$dmO@7|)kOR-R$b2AUFy&)Bk3+M8@y5#?uA+6d?S&yKgnclkG;>rB+_jBAPi zf8J`M4IZcd$I(0rAV;i!opI*r7Gt{9NfKYB|Lr{A$?AW*`v*INt^W5A&&Q8llQFzq zHP&s={rtHlYJ4j`ULppDKY-p_wOeT5=L<9#JgHT?JUraz&nBkgwWmV0$vY|m8->33 zj6=+?jbVe_)`t2Pplb|LiOHANmB*z_|4xpJyXJsd{iz8zT~HRn;qzw$$N4=0rRl5# zc?r;3@T{08383^{9SCX6j|4#Ss!n|?*g^szeOC*D6)GVGk-n@0!;W*1z_4D{fsqMP zkN~mY)`61v_a_j{n>w|#HS5+&gBm1NlUKD`u8()qMynUDy4{>Bezvc3F`V>AD^`|% zQx=>mov4LqOUZcHA&>OSLKq>tnQO}<0gK(>=sJ)`{nyAuculX*bDgB_S*{_w=2nQh zj~|=Uk_kBZ32^dHI1j)lfJ0yGonIJ?)&9-2 zEF*)l0MC06gEYy{qZBf zp%=tHvJd^znV@VaFLfrVHt2!RpZk`GY?4Fw^XFlcnjB8S=g)0J?1g2I*=_>Ivj0@z zPiX6B=t>W-JgWVP5-X$g z1f#&eL=!uCjeK_j`AnM6@|g8zgmIlT#bC2A2@Ge4ua8&95+P4^;hD0a&bG+~ehAv% zK6a4sq-zaI$>pW${}jjJ&&Ow1*Kdz6M*T-jvKb{`HtkGE88=|Cj2I!m1(*nTdoSnTe zRr9(4THhpJt6{35+!;+KNBA-w(^RP>#A3eD@#Wi-qvPu$lM2EvQGg&rJ$d{6`LiP~ zOJzUV6ed;#YsI{qRYjjVzeEuP>u#2|F5gd!|S8-v!70WzSej5m-z{nY`PWD zc2)1cIzBwTdUbtqetDIHbZ~HRQ0$k}S{JK0L7=RaSc9=|;< zPQ)5wEHS|Tl%(1y*0KtfGQ-zF#o6)IKh7_IxxTtQJUTi1xq-|p@yc3)>*DhK>ip>Z z^!ns%bfE^T0ltV5PCOEvgkm9-o4a~AkB nsTvediy1akIv7o4o}XGFV(!gJ~_KO zzI=OFKHBwC;4H^@rh9cWD3jzhHTri07>&zZ?a|!OQtB4dqtU4m)h>mH(49U*a(e5WhMdy+ssH3Iaca>1wn|y(G7mI40F) z9Ey#Qv7sd14dOz{b+Yy4$@S>`=$GTG>x;vyS54+_6&m;9VQyTdv8yyyb2H@s`sekl ztE-DqDPaXT%Nbn5TN#|AQSyKie0zfy9q_G63}xMgXn^Pgr|>wu?U4wDdD=dHl-12^ zn=TD-(^O~!(pq$6w^7U(j^?&f354ZrJ&A)rnu(+gt)3gSC=k%NnM+m}6y9#O+pFiH zJ2!qt;dA&;&Nz>LMo9+lNbXMiGXw)ZGw)>hO7$v_F1s;TTO_n_2GcltrCg23gP zrE%n(o>qaL^|~@=@CC1?RX`W~t2Fey`_d|~b1qZ~f33i5B~E@4ipxdtq1mmXRTD|%N*uu6kolQ7=o*# z3s-Hi&$Mdi_$psrkaUOntX>N(tAc{3pMa$AqUndGl$x&ZD zikU1R>5?G|)FI@03Kz|$NzXMYA)yR;{}$3djl;f2F_Hi2iGps>2{c2TUj;NNX#K2# z;6`cMPPhRc_wDbcK*9+t1z^6FR`x~1Xhri>p&IQ`1w+KcB1tKrep;Xc61hb*fQ#MI z_Gy5ba-}fEF44!d04zBquHc3#C2>@2m^n1=Pgq}-DQDQSX_kpPlFV4857w+;G3^9T zyXIq8&34yhjMVg!7d@dmJk(E^~aZr=`1Putp()6jlN2>%HO zh%FdLbK|`yX%CogX(d%wrL@6YbAT`V)W84NXGtsA0aV=o?;q^!=I;M@pFi8$e?G|L zzW>jRb=D3b^Qk4a{uMiv%=x6b6;~JPh0FLg099VgJF7Rjop%5*m-HV$T7vLijSKF# z6?qehMpg$7$OYqrWP9P*B0L*B+uPbF{5k9sO1P}z?(XXR`sn;@bbeZWdwai@4YKs{ zl^ZzX-dc7LTf2fkwOzrAm(ZCR^QCXZ?}wP}#dx!h-(HD7{FV66=dX`npPsxvxvB@9 zkqK8}uw>fr-juvXbNO>wdtO~#U0jc@4zEVnKfd|tr{l}((aHZVmtRXU&Nz=o9CG$! zJeeRWv*J~uKL1gOczF%KAqvjNOmwgu$$Es`i{XJ&jBo7@Hqw`pbDGO;!5tNXdu!dW zwQks2H#D$r$f*hUVB}DJ`<9_$dkOdFyM$v4)|IzbLDxs)cv?Wf7Obxd^wR>5z$>WS zbaK@JWD*x3VXy#Wir@`PL%nNf9;Tv;sd!^D$AI!N)S&PAy6%yT_GywGAfEv!@8SU` zKy3TPzcK>^0wm_(ZU#9Z3}6m0OY$KT8Gz3ahIska8sZf9)W)#FoU-Uz)+J; zq$jLg9$ub|#5#Tb(Gsucf@OnozIX#%n6vo8>HY$G-B27<=Wb4Dy8oM@AQH2YM~&Tnlc&=EcQ1GUxAXj9_u2OT z?;)O#ANxNxR8!jK2biAaQVbZ(^JCo%Iv4?NqGKktq6`Iy_fE^lHa+KtuTsr}1ZH@LVVsWI?>9wq8G{ zdy;NZESrx>_nI=L1#0!b5Ti+eAla7T5A}!GqBH3h1tojokkFcW+nB(J;*d{3`!B5f z7uL=}`!=i%Q!`!J?+i0qqbw%UEuu`QOOR#4B&$*~ltJ4}Oe6Do5-q+a!K$!=2&2e~5!J(_UvuAW?YUtTi-GgU>wroGB zW>_I$-&~%8NgS#ivh`@spKK}~20RK}w}UZNClszxsnJg+-B_Z&Ctc^1!?^%E1;sz< z;zZ$3Fx2nvY*4q9#2WqIsPXwNO#NXoST&$u#rXye5*97?tEWu zFqdTw+!#wsAnOjOk}j8s$5aL0H#z;3JyuQmlC$CJx*T`ZNws~{nmfbJ0C8Nii+yy? z;4MXzs5N=u%WIV?E0-wr5fxgeIw_WCMTtrVf!Q4PT5p(4pjf%u@+gp?dQ^gLgU7(f z9tUmtww+!wLO$zp(&ICvUMZ7A^ntg*w@*a>)fXHYF%_inzr>gcIOzrtow$3#52eES&Jd=6* zxTyrl3IKb6^sgsRGSk*@sp~IyPnCAj!!${5^OiKLtQm@KmX}!;8z$S}ha90C`nASu zeQJx6Fd+kE*Wkw?;ovcvM|_dNpvlcM$uK|tY@$AaIK;nakL1N}tn?DqE#<}5Ohya6 zn;||!Dx+Mw-^<2a)@S}E={ROqzT+M^nE*yQfGVN=9j7t+POVJ(RY>?uh~>vBi85yD z-1|wdS|~eWeW$3~;M@9gv;xu!JEP1HVRdc3Bo?)!e!?Iy^uc5Fy9AL=+KJI7lTVS- zJrVcpe9r2;TvqV==@?$C?WEt9tBpJGt6ME?rV*rDr{;ZJ`;yAl!4;L4^)8G#x&Df} zIIHx)NT@v&LyiDp>Qt-9=IV5guuR7?G`~gkNGz`uf%gB|>Fw-y2W`+hvTmw+zr zW)sVr;{dCW$1zb8)-h(1hD=r>!&Y$vl&*#joBMoP$DHv|YAID(IiID`eMHx6EXth_ z@7O% zr}f-`EAqeW?Cw3!=YQGTdA_~>e~4$v@vY@K1|$5|Tx8KP^klMALh-+$$_Vg6-F5A> zZgA)ifu8o4BtSnZMrq9vhd$&`h{;sw6kN$Hc59i;2sKU^&3$4oO*pU*>YR^{8z{pF|4d07Eg6g!0EMww+Vxg^cNWWp zX>8c)TBu~MSp`#HJ07Zh>rF;9H0frFrRD4GBJjXZBl(}XYN?N-O8)N*_Ve){_71lB zUmxVL_UX&kfST8P_BxTS2D0317;P7UwHE=^dmjr1#1-QLYTNq`!6!j(PiFeIa4$1* z`qDhSeO7;($p19WTC)Y9!v6R9?(>5Df3~yD|MMVEbNwGi5ldD5mkCd-Cf(~OgxfVB zLk5df-Xw-p_DXf~G>6=qo$7wl-VhCFb(ddm30YRFx&0z3INxstzD3D z3OSl;2O;y4M=KUhbFO8`DvN?v z1W<@~W-&zFo|lsf!rxdeLV$tKb>&wVG)bX{NR;^}1*5Y;8q&#UyQ6AZe<$VqJH_wru^SGwptb z!1Bm%4ai&;Vyyv~@~}|(b~gzQmDz<+wBoqS`Ir}>ouBePL zs-g@ngS`>ZPNDX3tzbr3nhQa7^7Ohx>ui*|Y>=b+^tp7Qvam<$SvUBRdR!rpmUM_C zGm?37DQnE*N?ntDbEU8`&(c&j87WsQRg!tCQrMJ3UXrpVX;5kEnsTttR5b|;EK6Ba z4znypjd_-&swoHRN=;)PR}P~u&KNb58m+<^^|Ki@V~sj#j2iPs&HP0TnWIMHB6~R5 zFe4GmvJaUjbY&q*;N`Lrsi*NK-Wg3M#o>r`W1iBOH|BB0zA=v@22KKZX)GMOp?UAN z2CZ=b%ZmA>r?xY z>Jkh8v|hujXjfO4M745s_p<0#39qgc<*L|8xrte-!)0DB>B)#++4Iq`(VN2AOQlfsZ(jo4lgJ!v^$5zHZ-B0iGxrS{ynQRWAwWTqD` zO>(g{OL4);M69ZoQfl60Z*-R7Y=V!I0MXP3LLsnTu8h@)vIIg62_|2@#B>Ng*5KOG zNnCRRd&d698C$guFK#Ww@9k+~{}B=2$Bf1@%Hufpr>LGGNR|EH{@@^Q|9!BtzqS8( zh^LY{mxwKipb`W+4O%MvF71=r)g46L>qf&%$3Myf zku&qTFHg}pKpE#vsh)S02WRFay$jGS3OQ2&jfjubuZZ~Shh9#Y6}L?DN-tTt^~%ys z*K+2{5Ktc7$H7~#b?_q%Iq5=`b+r^hLR?}JZGkXvs_LT9j|dKVQZ;!|RWlMZfN>OZ zbpqxE5YH1Z?ypT@mV&E<#Ox>&U48psSK=y>wS zo!B#)^8`XuL_S1w5;8$y`Yv%UVKzm|5g=1i&Xq|VFx|o;@53l!1^&;s)*?c;G<{Rm zQ#P@ta{8*epVL+)ot(U?9NS#;JaP@(ogg267I)nZ@SW!Ni+u4{|gm6eBh)hbOJT6xv=|AxU)M@Hfo0n3ISEWV%?j&6tGO zIOK@l!eCj$C7}kH)e$GUuHF80U(l!{)5Gs2&2Mn*Df3(DQ_rmLsrag5U0>_K-q#+X zDAR|TfCE{PU5pE!bq#%%lIqUkS`|v&VE|ksc>6XO)mQQ~TK`uJ096tH>DkWyZvOsn zu)DWi{~zMnWMrqU7Er^i&K>B;7MZ%lk=S6V7OZJ@=LjzFW$o^=<|}sF|3iW|{gFa8 zIYU!yV>VUCY_j=!<)BT=waC>SifTfs>rvF$N&Jfkqbduzvavu^h2dWkiKCPE+kRZ~$XWY#hsy9bd~9$)V0 z^~=)0U}d=UG}pe^7lhUrnum))8K_ARm-2hl2PHSTP;5$Y=GxQA&(26QYu_9`OxLKZ zNsmxeuVc#YGV6DYQ_wd`9&J}_dUv^AuYUE>iykWMkKNDr9{0ya_8@_OY=jRN`KMI) zJL3H`U|?tbp86MoU;2h~`z(7J-T$u`0I16Td#@1xVgLEwHvj8`Jb&=WK3hBUuQSrm zS7mbWrRUh!{4|pPO#?sZr!xM}v%LS$j`(LQ{~zG_GVvd_fgiqj;D<~=1j|?0qX=@8 z@k)-QGo$zwN51&@rI~j7Z0u<)|C=~|>ZeNn?;Pa)fA)6vw)tNlYArV^Pp>3s8Cfb5O|ty|>l>ALdyW*>gp|k3UyT&xbvVNmAM5%#_oE z6qUQ^<3}8pn3|hODhiq=7BkwUMnScJSvEutkCcXIL93huZO?)3=UGMmHw^$?dHyrl z%j^Ho_P6n09^_d$vhzKJ``9iDRgs<@qIvyL&tIAax6c=RD&&7arfj|7&voSgLH_)I zcmLT|{y)f*vz-#-y)^p&CW1Q`b`U9-{c+ZS49yRBo)5qy@Jl>K0ph?TVTe4AZ!uq# zp7WwKfqt!Ha?ZIHi%7{WxgJPhNnL z}K{iomV^q-2Uk@4D%AcdUJA?R#EXj4&5l`IJN%pW!L`Ff?>N?md07c^$dF{+DDz+O+=n?BH3!{$ppG|NCK{ zruttlMyTY8QSH3jjrW9GRncK2vYu~FhEjLwFBS_lWj|$UKFWjx&A$871qDqT{|5>W zTHvN_Y|t99LDQjLBQWT)=$4LQ*<5JL9QEaKE%OD7K`kMj=AxH$O`?Gh5e)q<3U7bN z1u{s>hz-#XGEjw4IQyAxbiVCn(KGXOmW0l{w@{L1)Y>MHVjDb?nj-SS-3)~wWQaWUGiw_MLa|uyYrWj6zyDv+__vPz*Is`Azqhk@u-*SZ z#Iy4KPaPZK?f(CM?SZXpgiRR(f30$A``ph{A^(N)bN}|gyZQW2yZifF|L+HR?%lRG z<)A-~FwfBZwcGagbtp~ijlAc!{ucXs`Dc;{z-{^~4Sv5gM{b{od{&bG8@B)5*)Q7v z4z~Ay5Ar;eZSQs&_#(EwRueX9+nec`Z6^0W@Y6v4-R)KtE*00#Ki!{Ddjv|G<3qiZFhL44==` zUw4GwWXzwWoyp0|WhPN+Q&%>Lss&U^exR&RX{+u#b zUlBaWIiI^4U+azDZsANW-3ZjkF5jSD2b|sM=_Iy+$~#1NMgEmqb|mB@Uw4g z0SYH92PAz{3xGBv6H9jh7rQxN>TB-fQn)k@4a^YnFi)NOWPhooQb6>mSjZ_RJ<;{~ zVaW_gU5IA*ee0(adh)eC61HG{+03Btqj5aVfn*ETRiC@|=UQ~D4s;Q!zSJhN-lUNA zDe;PvK`dH6rgdmX+{;x)yg}W51R1;Y^Z4zTm7_6XeQ!!h9OXw>zGPKPUup8hntA7( z#+EgAo**k_zVsgZYkumV|3t)xF(=G}0iuo0fGW;^_I8T?pU)4r=l>7#bi3VF=^Pg0 zJ@R0H!|Acx9JFm%LTo~k%i^{^K6;BN#~utWh<}){PUEAb?rj7&f1FhBROp^hdX(mz z_~m4KR-MEtH=O)&TmxZfY=-ob7o_vY3M*GP}wSo99h4!5#isv{y3<7e8{H!&+ z7sVwjrD2m)ik#v(=4N9&$044_^PU&Q`5nO=%?Vws2UfwzLY~798*T&qa4&7pU|nqx zqeV#&AU{dSH3Yx5y(n&XKwH&lzjIblWDLP2`aMRBv%}C=XqPZUX5)QN{E#^n*f?7_ zq2DuiWN~hqNu1ChkXO{Xtu0^Fo7cogL(mqYzr77O{dGR|^*`o$E98FsuWJ2o_t}2l z{(JE3V4MHmgaj4HhAAvi_)X${k$;Hu|pfzF2#!r)S8Hb1LFkA?= za}l8-cpWn?U$&;&{`}W>iE~%R-}{J!j8iBL$G`kV@E6tG&2hZ$W8)!xNeKT52Z+f- zaN`GW!eYIoBytQ;Zd|DN@rJ2*f4L#LgyB^1)EkCmfUWl|@~-)Nz)*n0_=7ACI04WT znt&+MdZdrHfI8m-f0gG?0EWIk!U1w}wHP`TAS~B@h1=p6UF1Bn&ah)aC}^t&U&m^j zqN2c=msGt};M$U6^(H{KC=jm(?aVx3$n(fNx}ant`cg6^i=!xz@xow`<}}TbD2S0W zNB4i$9d200b%hT(*0n{7Jl|GQN%m?VXtfI%{|oDYzMCFjwN%KvyYLQD|M22O`C-f> zzIZ8*^U`xT9i-i(h(DaR)L{KzE%{pw`_JctLjLE2ZT_E!c{Y&$ZEN(iQKw!@1=BNb zb#LC}oJopH_pZ`pcoQp#u8k)E{a#hJeM+GJBMe~ZA==jCYP}lC4W?YUn2I;6=`96Y zR@-i1-t4E4Fi&cF;;rl_6$$sn&h9hy=h8fQx>$qUcDY-JKVV|J#`1sj@gD}y3;93y zc6PV&|3RM3#dg>(1NXZO+)tvnius>xIJ*IvPH{NxDg||u_kTNkh4Y`?=Ue;lhk5jJ z9}?~g%RYx8oTBr)P@6qk3W6yuIAkO^u?UB)5Rr9w)uqh7rC&i#GTK#?SUq=-I*W-I4Yw@({j7^iYN~)QT5m z?2b_16=y$Jz6=ox7+M0%;zL*gC>y(Go8GeiQz8GOI0#k|`I)E6{$u}n;rxGZZyW#R zK^`$tzSYObCgLj?{*a&1nTW7vf_=+LB+Di*s4j6B^Vw@CKT0$C&!1bCYhzNZ1HSbr z62c3^fR&-Wh=btBDyID&bLd_YFP;lAXmEDZa@XP|L%gI$+sMauhMt~z4eCQOf-DEg zytW`g(M5|U2P73iTk}iX z)<0ciU%)5cKW-FzSn$}B5~7U*Y`Ts#BqeRqQUtD5CBIT8jvSVk$eSYnY@TBq5>TIk zmjS-`L-X^OVbwhIe5)=JL@{Q{v4j_71M(dwXcE;otWn#GywR-xNOy9kxxFMj>;zAL zW1@FHek|$dPk@vEW+Zg#luC)to(JS%|4H=93jJ?g)lWW^_dh#>tp2z2eD7ee)&Cyi zX}rph)%ov~|GgOs=6D(siZ&r*s_uWD4RZHCI|qAvTmO#-c^-ia$T^}R1DpUg z<|^mNIL3jG!zqZMcLS%0^;(a>)eJMh;z-%ou^9>iAlOvBbByn7*seXcZQHhO8*6Oa zwr$(?nl)Nuud!|0`0aV#?|XN$lP3MAX__=??_TG59Muu8>fdW6b>VdOjVWc!dLjt- zzd(kXQ!DH8#ZzV*AWUqi=l?FC1fE5zaR!syW5fcs+U9@@n6<;rztF-717C+{z zAaeU`3Fa%OUBfy2hY?US=I}HEDEE6acrfO;iUDK_uGy_B0>>43ph~iIQ`qodHFZ}$ zwQ`1Y)>ZHeBQUKUz>Nw6sf>@2MC_C zScAjTpNuL?zDg1GN;_8NlRE$EYE}$0dN3D}5GV(JlVv5CB+P z{{DF#4eAv8{}E|$>jw0LRVFkbJtFf%2c)#dPnZvWt}ZfJ_mb9U78)AFnX>ebz7#9o?DBM3^|rS#q-VCLjg|JK zZA^PtAX*T;)&P0wBq|UXLimyU}Apn>wr$5NeM&GF8++Zoa6cS&>J_ETKH!!m(KeWv7_C#3B8(3s)23?@v zCmpV_0P_$xLd8TM8OeV*pB2??Z46LJSBVE#oY@IghxI>50rUHeQ#9_t|7F1O)T(zh z9lgP-5=616qU(-P&!>?NSUlPIW&a*o79qpYkrr zpE$EDJEvlsbSVFqrp8P|@MLUqF@L+DmHUvNtZG#zcLSh2{T)Qaf7={2=>2 zta(Z~P%~b5$o2M{!NaJ9)Q>5TQA$Vsq5@L;4d^;6hNYHx;myk43N~Co5h||Ze~zfM zfC$BbwTTRzWe5z2cTCNZ6e%o14U~qI#*T=xwR7Zfrf1bBNpiDn*`td0mFs?R=Qld7{Cy(7-5l3urec+-l@jnV36k4)Sl{vlt_@w z;+m|{tFd6cd>JX1Jukna+Ad#SqP%T)BZpltGh4LzM3N1${)hqVoi^H1SLcC7O)8tK zyC&fS>H?`A+|in>&4m0U+X}SS^34fXonQLYlk*PFU;c5g$ENUu7fk1mxxjI>N?}|kO|Ko9&~86 zm_hW*6HEbmr!4)bVH3QOukpQ362P{LtRv{MU+T+@Xu^b?86<1gX2xWYzHZ#fKr|*x zc;#*6(yF1fN$mq7}9D;|!L7bw&5%@}Oo8i9- zjRifGbMxXqLI(5{##d;7LaTsX!>ki|oW&r{TLyO7-7k`?{Hjev(W2Jri>RxVA**BR zL-Mv*e%nI2kG2m{%U^=(FiYI8*6hOa4=iX6yRb?B2G=yb2;berlE9><9d)^VptG!rz59q{;+p5`x;oR%S?b91BxX zC`)~eIT)2QJ-Pf2W+Yi8XlIPtJnc&|5?L>pCZMk}#d%aYpP3Jq5T+(+Cbd6)A<-P~ zn0Qin+N5|1XADnKDRmIutfwEt}>F4!pl?WTY3IzT#iz@YFJrGzBJBcG{wIfN_?Bd#~~zuWQ|x{OMC^d4$bP5N`>+7w>4`i{-2<*8f@a|HyQ~| zms1?j52##6rVu)h(24(WNL4nlgh2V|SKPopY&hNk!t74Lgg{79W|AKu(i@UitDDrX zhzH22fsz*V2Z>Z({Q4gxGG-zg^gkq0yox`qScF4Lb6&iee!_5d3CkUjU#9b?WAf_E z*{67u^cGQSn8L4;0~qCs&s=Xyb|NG9Z=yU@9ony3OC!aj5AAc_meEgc_l%unKGb{XM~_Y?ljpj@Vi9?@ec-Nwi6nbPY`5ofA4EW9c$~h#s}Z9-85HrxlAPAv8A} zOOT4DPvrF}e|6nBH*C9Z2K}?LWt)e&xMC@npFKp474zvijvWFF(Vsz)t?QDY=Qk zB%Ijw(V2fD3W{UgXt+9eW?RShg=ICaJa>LmmUIr|KcJ<)w7CHizzpO_61VN`S1OF|x^2_cKn-WbSiEmfm3@2Xgi&XvRKz2YHowl-v@&h4WIg|G;{K88F*W=M# zCz@f^6cBvaNE#1QYy20)vt5ROB3ObGR3?v_Z}F7X*y?8TKGRnG7{8%C|5LCwTVB1@RtaJ!wu=ee^3$`>U!5GfIHp z_vW~sh{t+3lr~$@0oi}iO(FlM|LxlEDh8BgS*bH^SJQZ8QM|DQX>=Y;AumO`SxbvV z5ygD#Oj7DBA=Y9tkyJ)8?96LkIYDBBOClGa?N-($Z5imcY6EYp3N8e=cvB5@rXL`Z zaU48B>yua*D4K|rcq|{aQW5917&2akjR)%p2@fLDc^No@V6=nfm(dRo2}<}M4@qI> z5B(HC(E=p-FopFT9h<4}dUF)2xD7i})Wm}BC|8LfMJ|kd!y~B`U*+v^3?WW7eFcxg z85`~nDZY7uL$Hd(Y3HSc;4@ebc@%j)`do;&a~z8};bgn|UWhjbF^$L~mAy{b8S4fE z0mTt6uLZt(tHB2AxRAFFzDmUrVAKcpUhZ(2QTV%p_JbUY)6=34Y_gp3Dx+}yu+9%7 zZZn5K8ou%JT%c=XMRUljPJ1VlYhb0fPw=;=sd50A{TPJ97FCpuWD%z$WI%`|RK)<_9_E-rU!4{-8v@h7HtCPG8VAThm@5#JgNQRG2-ZWE9=P71dxJR$NBQ(B zG?v5DgKI&G!9%j*J%&bxBH1vU3Viht=AY#&!N;;2NVFV|i}0T)L?>rf`+P7>(i3lc zV$82>^-vOR+gQf*LA8(cjFM)nV3FSSw|mAbXGYP#0vl4`4lEF;?V5#_m#iWNo(s*b zmWG9}nMO5nU%|=wc`)B#QLsxb&Ex^&qw8X4sh3e&dm z?8s!qm|t?B71t61mDCh|9aOoI{2Y|&5EdcTM#LPaRSYdB^ zIUc;=*xm2{KhiN^C0|lywfW|`_onBRAl4&401>&m!$~p7-moPFMAxYz1*lQX6sA=N zb#tx8WTFeKShj2ZO~8cdth%Qj`$Q#EA-j2`%<9WWH34NZMvc9>(I2~qirkR3S_VeZ z%mlYfoj!Z6Y0>B_2WeXb4@!BF;2I91fEOJn>+i18RBW1zd6RvyP#TqD{O9!rlohO= zi$_nX^MILy6~z({$GC?3QmG>NzhK_5G>@(>8$+RMo_>E=C~#K3yr=%IFAaPF;hl__ zg*L40|HL?Nnc~2DdX)Rx>0>FHI~R?7KUHjibCI;l*FGF~mT8`ad^9Dt(=eqJw_628 zJkPHR)1s2elxr_Yva<B$L{#pOB6bwMXwLLPH+L*X`lQe%}R)08~o+#51N$R z;(K*A2p<9%^9T^+xZtexi?LGOr63!A)QV|TH(Q7;$-(RnlIi_BxBAj{aydQRRdLV1 zu9dA#c2?_T>|%3zOseACT{sygm406vwCV@`GjIg~c8odIlIswcyfQq(kY|XUM^ir` zJO?6-JFt?>c6RN@FExTBl7YSgN-)ks)0Y?mF=YWx2o=Ia$syhbMs3<6__4R(d{8=Z zjDeX_*V(Fs=^i;NR+{;z>F<_Ak{o3#3lEJnIG!J@--app4ZXPZs1gE>8GOzUHgA^{ z{f2P=K2Cpr-}BB6wy4%U?P?Imv8>{OpNii4D-z-JOFw|K z+=}ISnU=llv-5#q%Oe zRa)^fJxr~su`VDd5k&WngSc$X?c4$-CqI;KK75__B`OHq5r!^8p+NdsMX*Da9XC}f zi&oS+W5h@e!Or@M$vLSmPZV!mqc%>Nx8g|H7@}luHm})G9>!5?*>lTXeV1Upo|$oF z0PcOdouAZrnGi5#-AI6}fLbC9s;~-1U&iO8lt9TLHF%HPiLG--L-JqxflzDu@iQ5F)3%2uWeR~rYVPHN5!-|=S!17wP{v>j{?f9a|XakzCceWUx3g3 zJ=W*L=QKIjA1>gZmMZEWo?brxceQV?5RCO}At@u1QtLMl9Ug6QW3q^@iYX2tw=p+` z!1;qAxu`0bb%F?r_>Qx5*QJ!bs!f4N@}#AVmjOlxf4*Km-d-Mppppg7l9~fqNB7tF zRoBrhGc40HFbE%R^!TKSeG@)Mod8lz0l&QzD{7HUhu}965lWBz++VMId2W>Wiu% z`qQ9$*8Slv03ly+W9z5D6M1qVY1r%++|JUd#&K_#vfO>UrHCqVDk6Ii#C?7-TYdeJ z4m&JY0mn03Bn@{)BT+XbL|S&7J-?yG_kTA7c^ZNYqSVh+bUj3Rz}7|IR9DR4nYjv( z#?g;Wk@^s@x#QFRUs0xu#1O$@sGU*FBe2?ZQf6b?at*%+3C$R`M2aq;j)6;shYQRE zM%1BPZI>I(rFKc3rU&i^c|Ty`us@F@t($GbHHC~NR=q1&s+zGo@4b7q4+jOi7DFec zI|-d6%10*mm(<8Yt)km0`n0%og5L31xr-Un%QJ^{*t&>wYEzw13 z>dht5htGcQ{&Er;@mu=W`>dul74mD|lsvcXZaDNbzgrlV!xs3KjS!g>6+$u<$;{tP zvdilPB(Y9w6z@|%csOlvG>XiGss%4=1M5V;2G&3JB4V?r2dMz2=-+6<0r4EoKx*TFuanvPdw^j;4&do$hM3SV zJw|Ks8OOVkqodt}k4q>HCIi}S`EIBm7!hbi;^WsH}q4WsT z;vvWMYd;6UXb-71?2+w7OC+(v z(7U=Y&)=EiY|A)CJtTJV34;hGgj2o0PiB=v4fZP z#{=%36%UE*|HjvP!B1-98PD%Qh>_`S9ijm-|;n zE`P~xBlZ(blP)&c4uvsf+JydTrLzkS>Qy1Vq*%N^&=Hs|E$S9A-fs>W9O^YId7vk! z=3H8Lu5V*ap)a!meW+_v)wkbFVAvk3p}gzbqf1RoWULFE4yU%uF`2(YI2Qkxt<6?d8*q?rh1Y-|B80^HYa#-O`dE8`wQS|}S>vw*B* zreT-Fwux?N8=_A>7gtoy2QQ@p3Dp{bNtt8g)TX|7k4_YFe4zt|$Jg=ZRv5mr{lx%T zpOu&-0qGW|%wN$Tp@mhwUaE(@V!hPEh`eN{ajFzU>ubXpc*msHAcM} zF=Cu%nKjkj%mSvB=x#9jk#b*znvmL!~}C_)ht zdU9WjT|O9X0-pDL(*KL zhuDxt#Y2DTiG(}`nnP2Lw>Y3wWJ;LtO+||L7q8S=Cq40KNVfH_gm0t zNsKBeMnkB$(zwXk!2j3lHQ=53XcYS43fJ>}75_S)|C6)Cy^)D;<|vP=cs8GkjvyV` zsZU^OPxwvhTA99~Y~@SV3W^T=p_RW{bWr9$=CbU_Z`J8Yr09ssa0ej9GXJA6 zp6s8>E5AaCC0<()DyOAFb{9g+XmT{dKyPxQ3?W@_<^t$vy_1|QT zoP5)O-9QPYFyrj6J2fT#D{$r7iVr@kzt}M{!oPzTz{%YK!0C>&YUJz7z$3tKKHy$( z2=)w=`1^asV7QK<^@k@KHYgDUN-o-g0^da3{h|rnp4DMuH`Sn(rY{CNTi1_jo}$W~DGqJn z8*?LTf+YBNN;D&iU_CUcZ?}*h0Z;yaiv*LIB<{4*{c>qvOP}J3+dU*+u@ML!;-eG3 z#UfewkutJ%?i?;~im=AuO)hXBv=JnqeQthoefLJ1Odyt=K-;~;SSfUl zvSFrUndl;>vR>)4FW`PEks<(>*HY5pmvVCYzB-ejVA7Ld$76s%NAKIFwVx>R$6Bk{ z^JK$yKEbfbBQX!O-{YQ>E{Ua}7iEoXy_JgYualUGWD{}qo_~)L%7Je`Dksyg=M)e8 zf7h+Uo;=;R9B2GKXGl9{7Fh_1Uv3nvxMSDJr1%lNRF$=Sz0`ZLrb35Mdr|M-gNRvW zG}xxV_mFLqD2yX$1GqMFVqc%OiR$c_26I^Q1hNgWT#vkk^g)0ljHyCrQe0BB>VzwW za1iG20$>=d37}8u)@f*EA33T*qWJ+Sd?9d3>^a9UEJ3*7&@M#kc`rs56cGh`ln1Kg zV#=$uUXLgd!nq&8xPet4wXpsMHeMg-`b1VWV~O5CVMpLY;g^_mdHyf2SBul@jQyti z{vs%p+)`diO4&rh1^zezpe{1!i7sd#72uNU=48&`@m$LQH%;G_lw8Z|3KS9P2)y?r zA@81i_KIX-O6=`fDwE*4T-lIch|Nko&M17yQxEcej9PLID?C73B)@lAvq<93Sn>Nn zv4GdZ*p+JzFHOSLRXM;DgLu)vpugG)(&r17W~$FRCUqY-rU2PY{sK*JfU;=M=R#B> zzq*4uHzOq1=~oBJaYD!BF>U7vpm!wVgvqSLnP5{q^+c@b<3o(MiLUAM|L3iL(4*M2wW*V@>GWwaX^JXWHwE{Nx-N`Jt~F~qr^eL3zewQVA>je(d?~K z{fU?BG)-?#$emWp|FM<ZG-NKT z<$$39sRYQd1L3nLbyyQ>DvO>pDSe8@129F^y@V;WdVZpB>ggu228bzkAi3<3x&yN7 z)|-*=wcU-b_aItq3)B}+Jl>rRA+ug2ijL@O$l{3_Td1IxQcQ-VTsx7hJ9S(xp*>ij zL;Y&LJd_b$gv@#Bubzny7IENFYTx?+R4k0x5s$V~&z4>!Fb4)G_-9aVN zI~zk&>0nhTq(O>*3E@;Uc;=d!cj+0WY>%Kaq>P1wV8f(MEEvF{?1d={FOagpYAYok z=t9Ix*W<*-p!j5~g|ee$c*#t$w{-o*5&O9&JXHFTpxMiAx7JKNJ3r8ybbELu>|6_x zi*VMa;Pk%5aUKT4&;+&tp`hh6aZBCQfao@5E`Q2jdd5TaLGi;604dSW2zxKm%B&uS z?nx2FXt@dOohRR=r0~-*{0&<%VA%*Lg6gf*8vRA)-ieZn;CCJ#Wp7(0yW>{mJbKD6 z~2GebJW@Qs=j zj2UoxnX)8=>^U3GU{VFu-)=)uMWx}ykxvG*%lF$2r3_dC%E`A3(1|VA9ld*gduSG9U#m|~;S1a33a|{uP_bWkH;;-zO z?Hth|o9~$S38E+wmGKO(z$;R0nF*gSkxWP};LZ7I934FC4_c6NS)iuxq>uUVcF{g= zlZ=GKYugek9L%(^V*j#O-+#Od`#0qdpQ4S)^1H*e+LvH^yUz5|dq89b&1z|L)ph@*`9s;g#uVce?``#(Z<|hXz_-Qmdx0evR{(CyGQi!(WfNf2_S3{?^>1Vr zW<-OfGWBfX)Ez*u`D={j^vBV&0#(P*ie7#>uKuw?^Z^h z`H@<@NGV=3cJdZJiqIX_>?;Bh9L4xZiEaX~l+v*HFCTk2ksb&2IZIOrgC$h&efTdK^{A8Os$k)hV%|H`I7&>;!4jBbi+wcZfsew<-ny-KDFi- zJXh`hj+--^Ufx;FsG7vshhSX}s9CCA2efl?YTN+`4~3!Mw8;(5`^`3lrIP`+@A7>| zsekMF{8US~uIAKYCMi(d@Oywri4l~3BWQx6z#YO*BRQcIQsHomNMRgd`9A%)MG`_M zyfw^^j;YU|q=5XYaip!52~$O;W9-S;OksLKCy2!${=}G6qqy~-=uj`Su#&bG{ql%i zSEg7q&HT7s#8w)3t-UlHX!1eGBmX62;uL6QDlMiwhI3_p zp!XM@*s&Y5DhC z*?xl=?u#w}-l2soh6RF<35Vz0=BkrHmTg|=?pE-sg$bZ(yeER&@A|!C-7$I@u)eWD z`_TvKwG7t>ItzMK?4ag9;moT_r$z{#cMqP_0zrIj{#D%kzD4O|Pyv$^Bt=S>+5C=K zmiw5v`$m;!ghb+8v@WAUx1RVLX?(@TmxRo-gvv=x2ZA`SK23!!lMbuc0FZoBqRj33 zi@P9Vg0!q9`?WE__|#aHc!=3mau~e}y?VuzAPJ#^2Q++j@lwE*Xr|b*Hil9gEeq|{ zolzO|yajA;j6$84P999Lg zcZB)%AQV{brzAcb{8Z}Ms`*=+ZV08W zvrRU7rs`b)S^c6xnHU9CI}Uxc$8M#ETvvRc3TPJTxQ_swDZ$G4!EWUaFo)2#MnlJg zwM$J|q-M|r>4Ov)t_pMGBHl^Nc2ICG4~`@aTdA^-`aryRCfe0$VT9L$7jlVl%8r?k z2P&M(uu|@(4E2byKJIU!wlH~Y`+21YWx38uy6+v%ko09SGK`_xqgS*Dvb5xG9E)q>w zDacpWtK70xfSB64)9z#pPEi2s&#O(MeURO{vc9=?tL7M7%dK=Y-TL;y{IYM`$k8?K z1*J1(Kp~1(Y>hqgBAUIIINn#ob8jgvG7bl7rahWghpwQ(kLP5Qz&H?37sXcHol(U5 z#&XjdN_t>RP{nD|zGBFrq2OpiGHU&l@8j+bN%Kf28dpQxFXC;-MlXu0>E6E7naS=_ zO3q24!1voK1=I7=IyFwIP_n>EU4*C%ht$SY<96(ekV-AmAach&cGNC%Z%L2^p=n|A_h>Yk*pYnok6{G{x^?ICde+HGHUmGGQLEc*K>KX!K_rJ4Tg?~U5{h2d zQf^PI=rjyWZTZxaRUu+{|rE&{9~ zW(3(70}2S8Wu_;AecfkcXSIYnq^}r$*b6{cyz2nYiA>0tZ@yd~OlA?l!M?rvJ0OR* z=2a2#!S~}BTfR}(M>;xLOdJmQ=6K}o8U9ms_|tR~t+VUS+5rk&kIp?i2X{1UE%F#C zKMML~7yh}IZoAZgzVbOJ2e&{U0`^&w#V^JvC*LzTVV`lgMvCzpi+1|RY2hI|_*tT` zXab2|6*9->x7dnIN!Re$qnY2&{E95Jj++t&yzapb*-8l!YoAQ4#)fr8T%tgx#-UKMmmD2v1)d%fC~^njf{y>AL< zE#0(E^JPrC+W259_S6U{#f6^7r!@r6+iy2h|19C*(uQ zr>4&`=L|j9#U;%ij?LT>7_DLT+be7fFS0aZKA+>04Au|lIX+GFd|huf8$-URLYr z#~aFUeqg|yoF*YY<5{wyrx2(j%q~VP)<1uC(Q%q1CwA1n>sX)RG-vuM4>B`+8{e(h z2)pjaqgHYn=97zun*>BkU1pbkkx{9ZWsWC;;cdcn{pN1IsAsjeZ|%|Pg+8LE9dhl@ z8_%qfy9tz3od-H^0=IRTy#a{xE z?LVKMQfl%}3WZ8#|3+X>&>raGu!&w@w!1rENIR{M4tY(2b?hoAwG_}JrcnM;u4$h& zb9+xx;iu?TzzMH~ZI!=FklDt^+o-m7eSEHZXO4Pb7Xnnjy^|e|Mn4#mjOr(k2UtG^ z*Qbvav;iG+*6kYKgoyW3CB`(@;={#F{1WpFFutjG!17P*oeeI*zuI$Qy@E{4u087_ z2eFOgO`$3`!HpDpb!*0%KQ)=r$seOp-S=`C-cu^(YF{jGosILAc7}3Pbaliln2Hn_ z)ESErGV25?4U)q1wqKQn3}>gO8TGah8LGgrqO zi}mfS_`(5{%@-(^YC#&t8e*2sIGCkCre{Sn=Kjq+iuxH84@%u;H|4^u>G&X_SM*vJfBQbFA|T(wlF*DlSI!DP>jh9xO|@gv20?Vb~5vKHFvcWH$VBtxv9jh9_1D2UMLpN2#I4->bHS zQN_a={~i@tycuQXkX;>)GeIH-s7G>b2=ep1IXb%jz7TkO_P)8Cep~xUsQ8Ewg7qS#pk(a@x%f(;OFe)o=Cq@Qr<;$3 zLm}@trA0=;ZU)5{R1PHV0&sVEFzZr^?hAZzt9gU@gJlqexq!raD`uoWYNGw(;fVV& z+RX~>kW5@?DzqDBIaElF<-J`)bd=&lpLv{WKZzi_0iRi9!(t3-sahJ7QlEmb7nTV*5KE1s7WZI=Xg59NebzH`n)s)70VC?9mAKH%(O3 zi&W@EHxvPG;q!94w&%wLYD9TqsLJH!W^sBCS(F607gai`r+q)^!Bh!#gru$iQ>I-9 zG3A4%o%QuFid3D#6b(7|Wc>~k6peu1Zj!&juErn4g`^DgJ9{MLfrfiTv`|y9mAA@7 zEEZ4x+gu(owLdg%gwgI>YhRnOUzV2RkuZ#|&tZL^xF1qWugV<23wLf@*r8*f}L zU@eRaYE1pkyu!#OOkynO&_*=a5w7*KFP1xxBZa*QUHCcf@#;z#LYvs84I`D%?ddTw zQK`KHX;HQ08bF_Ej+Qik8;d`e=f^e;;nz>h=pjL}QnX_Jwpu+r+nUk*Ix*Nuv+r4m z(d-_*-iYytpHXOx%Ih1oe#ZkE+?tm8B=cY?!~XZ2c%n~2zkXN_IpN}*>9`t}nLYt8 zx(ePSNwqYX;bN1r#?GilPJ-HG9t!X1$q={VK^%*}6~nZgw;G|(<~3nK44tJbrqDddv` zM*!M=i-_jLO=C`T$mp6Da=_ZxR=a%)uP3~Wqbu+Zoe+QjDb$VWDfZXxN;$HamQ6)M zQ-4URQPE^XRm^zC{pE!Ru<7IDUI~SnAi%OXTKsN=muMQOI#9YCR%ze&FLc-mZ~vB3 zRW|Ck4>sZAu2n~DSr%_LvC2m*kNnL_r)?GUnCN9Idj*_tZOau2ru%|M3HU_kv;41| z>RN8JohPNYdE2eDkRufZ8*WDzGG?g

fF%4H)_-t?ltJrhOf7nQ`hV)*G_L53Dtp zLV~{6!Yv^Q|f~Kynq`qGvs8>%7{4YTxLatN5O~c{$sS}kjV2LE<#ro0g z*%}AHiTQAylaR$S1;!AX)NvmZR1+{fyC>6{f5AK1kKd0@p*fr}%ATp~slTxdqxxC# zj+#uTNLl#_{pD5YFqvt8xP9NYNgA9MIWv>8{d=G^k~uIuRev~g`+xYy5lC~ z15d4oCHI8NH@*~|d)b&`g`!4}>fKG20gS2o@>+ApqrDZ(EkXXx4@WKUJdFh&v@)|# z_=l7vB*JI!`4QlFD?LO0lirHgO5*JuPM+R@(tk9Bs)jNiP0*e?KFTwQg* zPTunj&G$zLpT`2g1Kfq-`W=wrZu1CeQ}A@l_O^TLWvdGSzGW=_>`P1T^V22oqrfL_ z!&;vkFm$k|!2}}DxiHfQZv=w`K@KN%vo>?hNw=3aIlPyUu#WRpJU{8GavZZQ%) z(QD&#~sj0i8}$;{MRi{;bI5vym4vp9siN|47JN zmihL{JV_t}P&;fLMFl`?8;HHvaDHh)2Y8@-!{F$Q`_ryDkbi7NTxt>$8voG0LoH}; z4bA@5BD-*J4Q*ZOXb@$sV33h1g<^~P(HTw*sv~X^YM)3RFNZMlr~$Yg zj&Oc&t3hfdm{u;(*)O?4Y!31FHL`G`RsqiR{EfdK*Q+x2oyd1E+Mx$ z4EwDHXJ-v+;uHe6R%1$A48!WCg^Vh<+sac`tlmUL0i`-0zl2eI-C890&f!l;(`Xhg z>k?m0K}5DHAl+LG>gNBQ7sdVcYzN||2U-D`wA8CzvUyEbW^kI7{Q0XcySfo$6kx{) z&>*IhO9wf{18DPDH+d$^p#{uBdL45Ej^32Z@c<)S%egky+tvQpgWJ)J+k^(S2O@mN z+}#WD%4I|es4mcH;wV?V?A_qRr0j&Ynsx|5P@iFhf9BIjy&+@CadIKA7SUeqJ-%t$*ISdD0&F7UX}Qoq83_ znU1sm?7MoN`C0TNRwSbg4?Qs5wH1tA?tH*TbZbfvPAbV@A7O@+CeJfs_*%9N3Pw)Y z77Zzw+q+U&#JFJ1>Kmg*nMoI~w-{k!zq&l6@}9_LN>!MQqgKDYQXc=mcKF<|Ha5qZ5E*|M_dJi6fuC3K)bcs`gL_=;yI-D8Qc4q_#>>&V7kkbM8%{ha=2 zK|C3aAoTYNcwYzw{;+^X_~cBzGnq1zNHUy36oxdT@a9X1vRY@O_$_l(uu zEN_$?6d)+t%rUACqB*SWqD_)n1sxOBE?8>Ow|^~5kg|)jmCO8^j2piy*oi}`wWnj* zTd3AX-Kfu7W#<|*#ls1S5!eflA@bFSWcAe6RNVY6}=~n#qYlJncR=>m>M&kux8y|lsKSS$PcrS72;XbzN3C@^P zw?U^Z5lO3! zIw`*4%Axc9X@L2IIkzh!8Jcb2uHC%KQZUAn(dn$KY*wA=47eXP5WVN(^8LCqcwtvK z8*IuYP8Z6W%PKTrC(Zp!OV7~kI%nOLtj?@PthpqA@Iw@6{iba@l`dJ% zJ*v^!yvEmz@HZm$@xwS<-*3N$nw5a0mM!nLN{h>^XU^uQyecwS(#!)bkk+kBG)KmZ z6~S&%W+(yPU7PhVo+#_W^NU?F@W~ARUfPIdyA_5OLqrpzs2*aLR)RJL-Oa92^-SdM zdqXLr`fao<$*PoTC3YjH1U8^O%b;xd^MX&d6F|Fcx?`=LHaXU>YI0FRmPVv8)%NpYmU#27HLnn{o+n$ z@b}HZTq7L&q;EPd?q`vl5ohjW;r8tlIU0TNY&%25G+VJ!x|GRT zGE(qS>18kn?r?-jwiYl~hvlov6@)S*qHo124M_+3Agp6BB8h^sL5m0qtp$C~F#NYXWBB z>AIAKOHaBTY3d+K)WM6ZM{VbLFENEy8nQ?OpvTSPdtSUt& z)^xq{Wxin<8r1?Na|xC#b&{;%0`f6{IkKWFP!2Yrq)Yn=u)b+ucL<2^EZ+pk!9Kp? z>o5Bo8C#xuc;<)V&en1n?28-~?|9gr!uDU;X~#-Wx3W zjoy4y+KmNF#|ZZke=`fNnQc-5xhXp)k^dt_HlKkl&?ldP?TcZ^#S|cGIU%6e4BSaaDvPGcp54R;jDz6phodHC9z5zv-^*CxC5D%jAlMW%kLG*7 z(f#>WMEvjh|32vW6D+<09Bl3E)&Dp3JN$6~Oyu_YO_=qS?>y?(?c`&72(w&%*a|tK z$yC+E{1vc2ozJJaOzMeI2d_Bp3k7I2A1fD2hhfc!0rIFU4On z%(zEFAhGtO1fHT^j|5JiswPsJ^_7|+c=3h~af14|^Wp{kca4Lm%zgedVI0*i@BeX}wKaH$h`CF4oNH-a3fFKr zL?nW1_?Sj;?OcQBc^;_$%pdaoS>9QAnJ76bl&{u7S!l<8Te1 zzq#`I*zJ6CiyLIO;~w>nDL+Xu!!dW)-TY>}6K7E*ewzz!x8oLLYUKCj9;Y;7?z+oS z-|e_9f75TeH=?3eeTWt#G9+C76(pG`)oc#kb$5t|3UIsGd`DC*NpZ7_-rRhKYmk(m z=+SZtGQ~zC#Y1|D0of>#L@9M~6}vri^Qq4jP>;&-yZ38gJQXY88a|hiC_1JKNeM$# z5(QDLZu_SU*EWeP2mVS0suc!eZU4f05`E5=;f9G>b!s$c5qwX7YZgU8cRK zQ$7%_$Ko_+7J*>`RwsCxS$$||mpjW6yga89j-ur?B8loy6tNGwfWi=mz!9J*Ds*}v zQydib=YxU`R~uC4>4|MA&BC3UsSP1M-rm1t>1YHY?vWUS9hY3PZB45Z9P?{i(DqPp z4H01y_NU)Uuu⋘t}Aq^$$}fW+=swF&vJAKAl4NIcR!`)0Bj2npGS5f|2kE)8O|} z3|(w0ghJ9ENfR)!IxH(9-*8@eGWe3Akx!`XoW?<60;V^JvEIqjDiqK?a@<-E6XkPb zm@gY3Z>!had9}IKn!(s(C(^U&m zPFo$syjB5I#+!N+l2v|X^>iyKuH>yG&(0(k#HMA+6o(|0QmPh5#o|@_iJ;UX$yRx= z_d|pw7u{PDVlA{K&|+2GxyRYo#>ct+T5b(zPxGtb)Dl4sw{8LEove) zEQ{CF3~K4KI?2}aPE2O9Md;WR=SZ4sigPKaG_|EWWHG5yDJ141Qqpx13{?D7@j%^< z>#n;+Y*4r3?yE!Hk@{{v=C`b(#?87rq@nn;u%22kOdmvJ+JHd84^poFxWFS_U)vmX zzPVC+E?z1Ed8b7=ZBC^&c`09ZF=$1T5SpkaA3zgmrv7fdOehLP@?b%)fDLFCg%alm z#iH`x;WcJb(BM?a8gQh|2D&&v;y0JJ`Gf(2Zc1+C?cUY zLy&T*t3d%xp#uG0hgO&@)T2JP(NGg?fj6Ti3?dpJC6)Pb)Po53xbm?#nJk&vB2#tC z_>`3ZKghJoa-~5Q9K(!uXyRy9vN-vI7r>{`V&6>4Ktjn)4 zHf%)l6d)XWBxT%(ZS5pT+Ng zFbap*ABKLP@?>(-KkJ!k|FcuQ|Jm5sTE%~UkmuXC+*KA_Iq$xj@xnT$`aLYv@Vbz* zpQWjg>aZMPx>;Go=$XrPtQr)a)_l zV&Rw?p+?=jP$eo$vz5{oC#6W$1nl*=Qo4#Sxrix0u8X~}ivv2uERTXI;Aj;o)|Wkm z4;;ZoZgsa~-3^U-wHkrm@Jyu%HQfWk929VJDa9We0}}o5HEser9O5{%&{H>6@{@&H zPviDT;lpwCAJ9wbP>b2p{Y&24i$>*5L~iigqftb!1R9N-nB#o@{8<_jI8uRY=3s`l gMAZ5t^VQX}dREWs`J+GoKL7y#|4#x%;Q-PD080ZKBLDyZ diff --git a/assets/stackstate/stackstate-k8s-agent-1.0.87.tgz b/assets/stackstate/stackstate-k8s-agent-1.0.87.tgz deleted file mode 100644 index be5c5cf196bcbeee70e67cadb6ae2d327f5b76d4..0000000000000000000000000000000000000000 GIT binary patch literal 0 HcmV?d00001 literal 34913 zcmV*GKxw}piwG0|00000|0w_~VMtOiV@ORlOnEsqVl!4SWK%V1T2nbTPgYhoO;>Dc zVQyr3R8em|NM&qo0PMYcd)qehDE#}k`V@GT?$aczn{P>~cf03x9k=nXj_qSP*|Vpc z<3J=Np{58H0PSd#oX`F~xRD?UilihvX;<858<_-V2Ebr20OrCt^lli39CdGAur8dU zkoS*fkn-LF&V&Ej#4{KS2G92Q<-dc$Aph^q-t*`GwX^?xusay+J{#=**I?&hXYcuc zfx$+wS3EJ}kp94IecNlzh#`>;`~4~Avv}O|$h14C0ur(RFD)eK zOGapv)?LCON$>CU2E7;0TVHzmeeq|B{11qCvk@E>@_(?mzh995JI}WA{~?~dM650D zjN}kPp=ZrWOk6?^PZ8roz-Dmw;MowO1L!~Z_I92>o4ojb{Co$(F`7L0{O1Rg@4w&s ze*gKwV6s1%Ovc}TKR6h_cs3dDA9#EF2M6CDc)R;vYl=cdmCS7K4tDpugM;qg;A&@Y zxHlN?AN2P2pFKZ#{@20oa4=|ZC;5`cIsb2A5F@rR1#tQNe?HjR+0D=Yy=U9`{~*sJ z*VB3gewH&V0Jo50vBWd*sO2u(ng(PH1ED>l51hi|@K*c=;1N(?dggVHL?{H^E;tr1 zfcy)Ex0sS}jzVtX;shwM18~R*h=|X65~ip#1Rp<_AYjO&h^Hv@-?fo|TMPjN??)!US&fvkyFqd=zpF0|r8beB?_tPUu%sw*j&`plFI2 zrwf574{!*6edk1YWWnxs!O!w@umC=q;1Fd{3!G6L1UQ^3_$-6Tf~1=lQSxDt8%6o9 z7t=ssyAXd!xG)F+r*JaCp6F3ag%h=78Vo_ZZ8w13;Aq5xw=lrI+<3_03dNWJ9x!m5 zewa`)2VQ{H4x&(T2qrLKsMX4|!YLdh)hmh(0`)ia#Q<<9X{Lygn0knbo)Sw57%!xL zJxf$>!_f*{e&pq+!*u(UqOR+j zoYev|1OX1?4^LV)m?3D(x9wI722!d>J~hk;13d+LX3|K!GnAW3f)`_k)YLUEhoJp? z3>Q621V_#w^-+k!sSP`M*+Y^geF6S31UU4ur?`?#z}*b-8B+VPWHK{whl2o&5kR7S za(qQMBp?CgfW{%mb2T|MhJ=kn;v>1G8%jP){_Me+laU9-{5?*o(sQN{e9Yu8QH-f# z$!<{q0diGOq-YVEp#Y?fxm0wTu1RUhm*{yh<77S}-VNdxkk15ZCzEW~046_!NPPDR zVjv_O%pvz?vY?M9Fb>on_vrGZd)@&@rmhbN1usQ?+5s$%qF@0aP*`oaYN+$nXz5d{ z4X+5}7nFF;7GMSf7>C|WjH-}J5JUm=kl+Q1KtB={F#~fFhhpS?JeeShLLMwS`l|;+ z!5!WVhEwEAs%9GHP!$oPjCo$M*O}+p3|Sa@K`Ra!he41qsXQz|UQ97xh~7jW_z?*w zcp6hx##)iGbwh9-p>Q zn=1-EYmTPavfmpZ))mF7C2B4uBBF#7j|3+ni;yQ5odO}nG7X3^mBk2{+D=Nuek;=# z`2rbsajmf<#D!E8#Q~lGhJp!Tcp4%f=tDjaa>M|nNQh3qw`|QV;`=2YqX6-%)6rW* z@nqpZxgasPgQ0vUs(>3+N3Hv!mX@&wbslDB#kc1340$)~3Qmt8^>GLT%q9AO+;sq< z-V8BLAtzLbk{O=Pdf?oC8=zYhh^3kdA$cuUx{fTT-s!W=>qHpH5<*%!@D4Kw3zW(U z2)bP*YbV&j*y??cSZnkl2r%PfQY(#=8Nnp@m(M6d;07%icrOTh-vRH1Kzt8i=!5q@ zMc;qp!oxUIS%nWo~JMJB3FX!<)QT?n4YfP^P*Ug|62VCjxOFLY90t= z1=*H4#GxXfXW{drSe{_a+v^cAM{}YyAw!3LQ=b%7VF=ngF9xr1O3xgASf`g%?WC8~ zpDXs#>fNNNu)0YTvU)e|A6VTa)^5bu;bs`jhSrqNbluWUJZRpBPI4M?Tq#j0(+xJl zbXiiH@m^KWt-^jzdKz(Ib=MuJuCtYQE%7q)&e}!g$xrL)`C>L$=CoJP`Xgk>ad2UZ zq@>x0#OY~(^NOemH5`g%6TH+rg*+u3PE!&%oQfGb+21{Qz6aY)&_r<%T#x{Ji)GkE zDG=5S&cT2*03+rLArw9d(;6w8pqQPz~O{+z#XJv2Ovrb?EsHrjy)K3q>@A?6GP4;vGo(XQ-*j)bWH%p z(7Tap>`b3r2t_PQpy2}Z_fRzK1FdhHZb?$vQOBhM-NJw|M$#+s_m<|ZGT=u{1m#YwGqg^kfpAP!=Ru4WXm83`o*_xYFalPPX03&Ar+DINJ5L$J3B zH8{j#>+uo=a4|w234M9a`rh%rnkGl3A=o)sg{}xuOnjT7%$sUjGR0S=g2kQ?_Svz@ zzpSPuUt6EQhKA*DXHZY-bh#StRr1r+9 zRF0mN=2R(FYfY*gWwmEjDK#rjs~jB-=T#{+D^IK(Jq>17DJ{jRB|o{e(h|}dX`@*^ zG=b7BWzwbLdN-sxHs8%eD2nPzAcVwyeDe zifp(mP?_5jMN7$aY>*&2@b`E9-O3G;19x_xw7iE_*)7%M!Dic$k`8LJEy>{j^XyLQ zv{wA_mIUz}T_Wh8hk+bWu%z;D; znD>r*R`sFB7m)8%5$t062SVF-S0?+kkKfBhHj!ZndCUQe}XRX26g?#MpwQU*<_cr&ui z1{X&@extAQq+}*clA+REl3C6iAC(L8IU$W4|QNgNY9yV|XeTIYE_OLzxO?A#xHRnljc^ z^5=4}RyEfh9-K^s<}ds4(EMhIa~w{~K$<#+O3f%3T6mKa?Ys> z?~eS&U?{bQdCWK%BLFFhLm#|2_=}iXt1U5V4yGgx!QTGhHU6|6jT2jRjZ*KsCrg+7Rpy27^J}hMgqnXyC#1yWeLKho?z1>#JQ(8bGTs#s4S*s$uL@)i^yGitq<69IeGh^qz zTLaJ%52?ZyAc-dr&Dw_7A>lRR6nk}PnCsHzL}+*oskl-H8ukuYpK*Z4=_ouA`;ril zv9XpByDd7m?2CC;Wjwq%$OR|PK#?wZBcmk(rH2q(fm1G#hBsC9BSMih zW@6f!$;XUSJdQaMyHemIY1NB-a7XBkSWh**HWB#?(%LOi`qd%3g43cgIwz*<6dR_t z;bO}#_VY0fm1lzG@oAmnJbDC9IG91E47Z8U-vxs+PGgV9G|@UAJpwi*)@uO%X3*~Z zeVA_Nw4rK5{ElV6-H{qd2O#eCY#0FiO~Mx-{>I^S=kEfB8YA-sU`1xi&Wa}4SY1gM z$+p&oXjdcJ{kyX%yMG_LYVGM-dugq-*gqhZmf-4kLQ*D`u+&7EQy8*TboeAhV7ze5 zh)xPsXb$KDoJWCd3$y&>`r1VfjFCs?h{^BQ>Gx~>Jvq9uN6+yL__&s`z=RsK9v7$HRp9pk5+ExW&YH#&Juo^-A&Qt+@!EjrqzXZD7P5uh$ET3 zDS!scVxEi{q4?iI!ww?ir?zHwXnK`Yy&(Q!TGbF(26_!@DT)GZ&MmeDRFtko>t$N; zD6QB_4uD-?*Pt^ZzK`zgNdYz^6g7`0!YCo!KhDI02H7I19P&h@>FuE28 zj#PysRl!h|1+xY{xAJ@*at^)OymU8`B}tv>gTu5^54>U8${dHjJm`|^!-bgMj0<&B zRZ1FAz`I5pr2TsYy;}WwmJ~Lmq}A7;A+eaRLxZ|#c@3jfM@_1)K?4f?h~Ro-cx=k{ zz{v!pH6cZ&hA&ox&|bLiNcf#P%#vFQV)o?#f{{M06N65Kiavu}9pQ<68c((p8qYd& zJmD$DL$xM&QYXiT1z;N_%nKl%uR`6Ctk?rDWohLWf*4XRi6P-2K-?Y{GYW-P0^OgOB^gsQ^-lofh8BLM{_H6SPu<95bV zr>3P_1?ioq%Je+Q(UefESma1KCC_0LNk2QW!?jMRWF0^eWF!RH9j^MMp)GpgD21yp zW{2P~K$No%IP^Ha#T+Bn0Y}o8n03H8pCQW3*eA7es~EvG}kr8iv~(hM8Or_3{vRH zqe63e<3kQXL`j4wUq}m?RHHJ)rSTZ74SL$V8S-w@i(ErN$;thn(1kN+G?8hru?vU@ zl_&CwFJ)h9(+3r-F1ewNjD3XoF$4#L!ND@PDni6XUFd0X#r(;i8dFggG&%;gyb#+Fy=Gq1H05cJ0CV9 zL)yyjUG>ZwH7?7n(TTsVLzl~$%L#Br*R4`R#Fo>GBZqojpN-;W$x;Lx@XjbRBVUSl zV}2OR%*B^du$IS#+bn!3z76d+9-KUC&dhsr=V&lDH|n@iYj)m)i$=})xnXCFIx|#nq>rRR+wFq0 z#PrB)u@i%soEd>W3h1?x-M9oInpSFY=hC<~V04!yt=#0UNJ7p=vuK=|#uQ7fGg&RW z%ttQE%ttQUOeJbE_eNPu^TL=lHYiut)caOsfhw3*?0}_a zYQysyO-O2%HzE%_4RWxvtAiZmz;DW4HUo5%CbJp9>s!qd6PQac+$vOD{%udk^BN`b zFi+GAki^6k$c)1Z2_*z3Ac&oVT{+oN1Z0|;#XbVbpG&t+H!oyJCFuc^9s#(wPbtJN zzIU>TsjJK+HL5k3%+@T$wCR0WM9G{(9F!nxv;o`gecyZ0Js9si{~jV#0`VSpU=(cejf2rp`9`fIPXm@HP8Tq*QKdO-LbbazRL; z-k%SJB}zA@&eidrPyz9*Rl<6)be*7as7{lO(x@r|9Lg0df`VUUaATqQAz#o?SVc0i zGi}UYEP7^kE9nTHX;WDze5TT+R|}nK<7yZ@Q=x4bI5X#0o+V&Yp^co#bEALn!7%?| z;VA9SDGx|lEcGY5&&VE-Tdlq4^YP5NcmeI2$KnNe4|XbUVZN6`@lyErdnR6r_Mwi% zO9{B26Y)}X_j@2-iuRt)!)<&^kHfV>qVMa0~rC9fg-;xaX7b za>NgI5MEBgJ)MJ>BfRHh@N&fWbqb!rsE@ic2jFGXM8*{NW=Lp->ESo4d61hyyP0#` z8X#+)Bs^PshU>($?pZ=Ts4E=bmfS$t>iWhnAT+O3+(6hQd^Hykxn0|)4!bRw8$Ii` zce86BZaC9Tx~ znbgSGWXt9+hzvlH2XAMQu=9DUpoJ>=3zFtawdCWM);q(c3`t;)R{O!rhWAM-OHAKXNT&WW#jgvmsQ-?n~&ulq)(Dbs>@5wFp5rAq)L~p2> zEk-e>2zX>Zk3*AE$^;8ZX^`%)F1tgS-a;XAF}2Rm=IEo*)#1@EqpQQKWANtk)O3yb zX-+%S@yQ%$%7{>s;guC_5;Y;ADW<`2n`QG4`7F!-Db(pX?ES__xE79z{J(p9yZQXT z&z|iaZ1aCU#PhKQK>J%Y((NH=o3y@S(7T!e2%YwQ3Mah3JJ|WYJNUk@%XegD?AsMH zset?1$6NA{DlYV5QC{iI>YWa-(-wN4Duj6;OXZWD+X>MXmnsN4oRXmAS1BahDIIO) zciy%wF@)TFCu?e-0F0PGU#M%|xha?L3%G4;NihK0F%8TP>s?aYfnUB?D`V!JMS~LW zX%NQGog(IvsyXrtO=ydCuKh0ay@W{lO%~6;Et1;Fe~%#Nh=!ub|M?Ym|2^n_|L(E= z@vnb%|MjolyQk*;lW*IZ>YuaF+R2hwgODtsmh1QD+@RGRgqHp9XBXS8&Q9_wqdxoS z@+{>|q)6E!>ITH^no zx0+~!$Ep8uG>-zv5$j)PoO!y%m@aja#8>HmJI{Br`rq#U!Omc-|2@R>@nhFy3~yJB zbsKa)e{P8y--?fyh=Jh`p!Zho78>~Z0u2UFYSk_e5BK@AiK%$)sZee5j!M8rp)Wq; z5c6we*dVvHp}qy^8iQ0~@}+g9eosJYI_p4Q z0<;!9E9OZ8D1BE4LK^cU0g$|^Q{M`Xy0y}v21(WARjromV>OrH|L67Y3ts0k#RW#n^u(xJ|>wGV-MtzU?EQO8w6mim6X^ z)V;#9T>sm7w!1UP>3=(WgPpDZ_YhA;|I3cGQumaKFqEp1HeJk#N*Dya8Kgc6EmLAC zX#zY!-ogv?wMj(Lh?6AD2l{}#GzR4ok^+6dDx^Thg0zRbK4MmVcBE0o4~Q`KNUC> z-VXILRMB{K1bH0ZiiUpzp%&%)S?zHMMpvWj^af7;JUza;esw;&(!(o{YJZ}{%IG}7 zDDW@Q#7tX(n^x$;8OX&1Wl@Z$CL@!8>zr^hdAG}iWpC~2Jm`sVVq0B|{HXD>|E zye@#&H_6v(n5rmuMw7`AzD&n7RVoRwm~V7^`S#@K_`1lXg0M>zAjnWp-hO}n?1;-! z*-tiwi4{S)KqzSc#WuJ}T|RG?jsNJElZ)%Oho>hm53i057RRJ@v*gjM zUmqP_zC1ZQJUzMkXPv3&a`C7bZHFtAqd~|2>+16G`sn=Zr<0$r_1*nteu5>NZUwYm z)%&lG4^OXNU0#bR?9olb`Ace1Ybdc#HzXuTDpA5yg{&z|Ua18f{W9$*m=hNp%^A zVk2a1D2aE2xKMJPY<+ohJvu-7<@oCQ;_&KKlet@k#(j908&_%UDoxeg4EewQdHw3@ z>S9z%SOLy*2G{Ub2Ipv$JfH;M-k?PXe5(>eS$82CAo{>5JPvPrBtl`HwvQiWb@SS$ zO9R|A721Hb79H7b6f=gSxvf+JVL4k*;vkS_A}K?w=LRhb1T=2uk`)Gpx0~(u>UrqS zjh|8Y9R8Ct&ZD1El7TytyVL#*!GO=qI~l%Gy-K2I79FK(Dm%+PD0S1Feo(6*aJgn_ z966__RiJ0RuFM&H!K-N%&;|c04L$F^v|uvC)eW|mI|EvVrTbRD;4@Ohj|*sSMMZ-;OgkY zRa@*ct=c)h%2yX8-C;hf*Fwvxpy25zAnCg(`^aKv*U@%$G5DIqI{NpzN|#x3)K`yU zCJRWqWQYQF2)UlZMYCzrb4^M}C_~=Ag|tuOu}`QVOV_7N~$kZV?UOVz;z? z8epbeDNM0T^f4^}OAd)ExM50392Fa84vqU0)>mc98MbViWulHGGgj$?H7i(5JHgYg z`Pfyn-8C5_HNE6TPpA%0wSXVz3Vo8M4A4WM-EV{Tb^G(@>wK-{6V&>n_O%+zh9xqW zYxouiXqs`P>Fv9RSQF{l|}%AiP)Og8OYn z-bA92)qw+Y!T2EAUO2W0&j!!-w)P2s4*P@>E~~h^yE?x*Lp_C$CSg>Op5@ z!c`b7nfALkC9lz3{#@3cS65dT*Q2Y$tI_q3Z+`me`0{#m^1sXF*HVl#&Z7~Boc$P2 zCWy+ccvYy+e-t8KUc+yQg7YyG9V|z(9wGN)c;FP{Tf2je^rhsS=CWIGM}^?tS~qO1 z8@ARB4Xhh-YQjAjIaJ@iWoX!5!u|O!;n;$8<*ilF_0c$<77(xn>#G9&w7?_q3Mx09 zTy+4M#05wgEWnr|c*D|A@7kG%spw)V-k8iWpnME9=zG4ddnBWMnq&vaX8_8(c)$q| z+kWw{%m9G^i8;8NK@JE5m;=m`e8@xw;4_3FUVgQPc*V_Hor}3g;2#Lg;4K0$)T9&X z2`iU}mnS2!PGA3c@zeExpIlwPI=p;&d-di9g;-$#AIwWT#dH8N2ff z9fi2pw?1vJFt=BjYh7XHqf7kpZ!oLw|7IwN#BAhIW4GVrsr3Kd%iaI&JU`fdw!Qy* zi09+S{!?&^=R+axWf~T~h|mvn(JkH#4Z+jCHOjq_h!;ID_i-~lLC===uWSKC@s+0`nQFpXum3C>{?5;{R8< z_^&e4$b6nei?2zrDy$&FD6(Qi^)Ttz+;>}h?imW^JvQshj;K*pcbKeO#BahxIj_5t z$)tMnFp5lPI$`NSR-g)1tX;UJRTQD9`00LkyvWit(wPt31CzLV}{4gnt$WP*LnQhd?DYC>) zr~KRQlNI^MK~_3}zO~+qjgF)*{c6U1_(N{|O*lpUvRp>!YawU3USge@ELhLjWm-3$ayK%+5N%Bl8GyJPwe$&cVMv^8An`pex@rCszeO_JNZCCw^phN7G0WtPQ;$u{^QM<|DWt?^o) z+M*;($N1iH z#63HovpO%A75siWhSzF4>9^%-;|~1lR!f^{1nJhPc^}ulq;hp|Mdf9^3u8{MzoIVA zDm^d~Y7fPbBS4rs)he>NI-Mgd)3FTAZxKBb%PU2o{eO0PJNw;18}yE>o2uR~@fhjj zpWe@yo0A{`Cwt~YSoYL%j5zGMi!9OQMZ<*F{?EhLr)s^I1~V(10@?O9Ru;~*3o<4n zC8bUOC)ObKhQ`%`MhA{IIj7d)<5Id+!Db{^&|$f(*iKa{lHtkqFUS9E6-<<}=1H2_ z#Ioi%z$)Z%Ow@#RjG3e%la3awmlR z&}1DY4&Pk8y1qL9<@oHY9;;$<$A=%b^3;~q1NfzHM*lOOiu?cUQJWe~N&+;-p^w99 zJvZQr{4YDZd(ZRvU-ovMZ}0yf;#qQhYk7{r2){KKS#%6Nne3EM{BNi-0=!UnT|2EC z9Qs3`r~M@f(2t5yT64sq4>=TKG8H-nS2By;S|&3>jT1(5pV&(i4(x+EXJanCAP+{??s8x9~#I(}}$}qw|QxZo@2BQT)VJwz*y%pb`#WGf@-A|2u>IeEf&KgKhrT z2YIZ0`m!~k=JlSvPNb`WEcY5l+eKjQML_l5$ASTI#khdl_P#^#Ns!xLt6X9JKMSla-k%IY+4M`;uBB5zGn(R=mm?Ftw+!iN^E zL5Ag;Gu^6ew;9G;S1u$SVJ2n0!E+hBEVFm9`CFN(6^y)cMlR{7KLc)W^>XJd@o+@v zIFv*GGld?y$VN@x-5%i>mto9kqAE23SRsVz&r?io8*PXB}TYu?HyI&!& zJn~xuGM9x|YXGJ^EL6VTO@c#Zb|F>ap&UeILO10JSuucQ{?3IfDr1bQ zC_~F&Zv?bcsC`^3m{FGILQtJNz3$LD8>KEAO)omfyQCa$pHCLTAHl7 z#KJ$V*YGOZ)zu|YtsLFGEV@;~t1CshDt1zCVwUP~nU_m?GNPEsITS#~vS*-$Po;u! z36KIUEMus3R`*g)JR$MXD09Q4FeFzawiiTCS`JtQb4aI%kEDF5J@;*t`9Ud}>4i&^ zTx`u!TyQcGtE#1xnm5@Son<(i;Nv7fH1&Z{2&|VYV>O~Iflxz&$(JuN9fFTFxVCf> z*POtfvHx+#R;|N}TMO}fdz#pPM8x+oqp^(gIF9`(s%HpNW&gK7ILO<7AMEUJ?LQvk zsb~LTN@YCR4lho$Q3&h3f(*1HdGpo3-RWNt|7F4{KT1w%=j}+6(iyiDXNfW5aL2x& zSGFe(EL#)9jhUCs;fFUNyoERrY%l~ne=d`g?Ls1-Ch}ivlTc}s^=$yFCpYc@5|7`TY)B&`K z1$c%0KRDRS>;HSZJ6rkxAdig4BP7}-VoM^Z1c6S2mI}X1`=oYt2T}LB(eTpokFr4I z%zW<4Q#1}x#(7h!=UwH&nK?=C0(6T)&Qw4n;v@AdBEI^emlI~iEz`WxOIB{ZvUJn6 zoVhXtlt=e*@YZV`{76Gix=>|ZEk%$JmzYFbAk3Spx+wG`f@}6?Sh_Mgp8Rnq z_KfB{fzT9@57C^2Oi-Al6y01;R@pch>uJy7w7-z14J=7f1L zz~Qu#TB!n(ki#G%zNwg@x2(j2cB;(aA#brQ%B+{G67!{%`x?)x`@bdufU4vF6z_lb zw)uY^)g&A07wR(HGVapnWx9H~ z=cDsn?fBN-wnggwwG2&5?wg_4RbB#Bq9NsE>>+bCgC*> zIij~PSk`b!s6l3R#EGtJw?Ew%H0sFo@Ow$~8ytJe{8swZGwXXQzN%Q)*E+EGwMQt* z^kF98KvrZIxR{ z&=lL4P1P}*Y`$JOXwz~na&?EIno#O`6g74d|Kh=@%0jMeED%*;_?JYYDwb^;imC`< z8;i=2bU(4E?kP6Ue`biQ+TmwxK3^Vxrk-W9yXhwWk&Z01EY8fbz(frq1j%iFYI>x0 z{o49!Ir!6)(be(Ux^OoT66!082z5{KeKMMA^8i0b=clK~N10$@uaB=TPmZc$>(n=x zTZM+Jlh?=RZ=5lw8qsj2LNu&K!}-Pe>G{u zvNSMQ87@7|wJ-Jsp*4o);bKs^P6-oF;ocm6cnLWi;eRjXBOzE{A6{I)KKx(TFAuK{ zM<@TgDqdZEyvyP^Eo<2}y4E(j)>jx^Ya74j-s0C}Pw&2t05$=cvJ5IaWX&z4{eVmh z@njrunnh=+o4hr>0PXqxBpGZ5Y7)ey{ND6I$xSX4n-ZM4_H^>IGt$i3H-`_?HR@{8 zBNWx^n6kUf`W@pG^o^27+ZCJMU9Q)wUw!nVhYI^+_w&8S{jrffNZ=nE;loA#DHZ;X zcs~so*crd4{zc%IzTwxR5m#?<@6v$ z z`v0^2ZTy!9c~*|>d=KG1wu?elq-Td{UO&|HmuA83^97#@`5%xeTQB%?9r=HdKmXs| zf3}tX5Ax(}r^I+KjsCxh;Le2|M9O7~7D09^|=S`M>n4 zV7m-_k$8~Hx_ynyfaRlEXZyEZX}-YIK>n{5{IOd8?>&2-KmXYsJm2d75ArmX|0~Cc z+zR*Q(IF#B<{aWc&Mp(!PpIrD@xz#L9$g1A>BqIY2KavPVxT`xY2;-;4qEb)7hq)h zh;>0sRrEw21+HKXF%48O6Vdwq%?tKFV1%!4(Bg-0KaQ?O*M}D;*S{S9(+VN^fg>8i z;5r{yNHl=6Yppn5hxs5hwF3n-aIlpxuT2x{`?xy1V|c(afhpC4L+MF~uGtNau5S^= zlSSi50_ij>mihd-)zUXT3}-wq#!xRy}Yk85_4qtw@mZ~Xq6j@8Zi*SSj97=buY1T!>C*BRp`=WRh zTW=_myyQXzr5)nXctqJAo^spk;zG~`*VjT!U0dylh%eh}71Z4)A;`vL3v3v9jQyp! z?e7~#odiZ&-UB7Y9)YVF0@v3O9;%mr($Ykymliltcgq0ib9OafrjIUgtXC4gsHl zkZ=$pgbWbQp=O=bMwE)Lr_E#R5&)Pg$CeGT}h8@BVZ_LDR?3v_@>ubg0(|47x13rDIq&7uqsMeR*8Ve8FN+OGu}==p|i~Xy8KxL%)l{+aGd) z4AL@UL-d0TRACg(er6k;Z+ltv%sibXp)>C-l%yH8wh5%z29KnshUQoz(CMsk*qlT{>Jf}pyf9WteO9JIML*?X3lt$TbO+n4BOOV(s+#J&_qyZkQ zZFMRXs@jCdeO0AjTE~gIRAXE@7;!BSbt4fk*EyH+q&p5tSwxieLWHDPA0i-0itQ_i zMlvHzF=AGVxTjlf92 z%cZjqAKB0%w!>V%a#$6m~P#ui?JO1?Auy^ z!U@X(N#E20ppD4H(jCCXZVs6Gn)|pEE{#J2GekVhQ>Q-JUn;2-5Irgua*9b$bbWqU zG6PZzPxUG+m-XhAe2ZIaZA118R_$aA+8^O&VC)GO@y62M~r8y^l zIoY07CvnORCx0B*Ko}aEA-(Ns0ehP#U*fFMe)3UmAihhXeP@Z{ISvnlfZQQJYYp#3 zamh+)*d&!Ar+ALJ*%;4pi0ARV=S6XTM=(coLKo|SRWP!U=kUXZ+WT}RX;0`kNGbwp;akS)X_H6YL zkfK)ZNx{X*OE4i6_+%ct~Fo!hga6V)78& z_`#d7ST8Aw90Qaa7bphFSYyKWE6yPxaAd3S|0Q7_= zAd0je>EkV+&bPo{<@pnUp|6i{fSg<{hE4?t%e7zOw)jOCIghL}>{t*A+N#0VvD&7n zC~)Q_RWB8|wxn3S3D7MH#H&F&Gfx=uJTi|iD4B@9lnlw@C<-m)V&u%x z{hxJ*8|L0+z4dj2@8vSh4sn=4$^o(2G zn>RUUlH$_6t27zj#0sKo;|V~&SCws_66pU30~mUUw)MDLuSRl%DHkrL;>~J$OTm`a zwi}o?`za*MlbW7*EBi@B!hNx``%L}0G!LFG)*!cC?$+TCnAond{NH^1hr#ng{?EOg z-L3q8kY{tT9k$EB{VoIdljyBt{wEvGZa}6}98SARLEYs2-_Bm){Ac(1*8clp9=+U$ zguBAB&tV9s==?6!W{;MFU`h)P83_(KRSeRTOP(>5ToOJ;?sL{oEt%uXtmr9l?^h&q z?n#a)P47H{zsD%aEg-hXN$<8{gm2KI4L*VKvwakLb})Q*qx2*qE$p0t~f>lI*=Bcv(*neI)|KHo&#(#N` zM@*D&^)a%E_zH$UEZk$@Rd9P$Zh|Ah_z!rE@|DM9Yf36?}o)+bz$)6P)Mwyj zfG_^g{QPBDHP1ZXs*40sjG1yQ;RV@%e8&lzMD-18)b=88H0wXoot$ZIF9{Dj!PDQE z=$(%rOZxc};N-s<37tBnQlhix0eRSe61}oQ|65n}lTYRS&(0vL|Lr{AI~Z*BzlV65 z@Bi<0JO76}I()coeEqFCL{|0hIRHBI!$Jy@#RS zdIUl=RRGXHFTZInA4e2T@CW3pYmfiuNe`Td!2*y_))XXx2vHE=5cOKUm!s`XlMuW;8UY_u*6K|$@5}!x@>{*}ziD6o*Swfb`{F<5Pj(yjQ$SCM~-s)i=!M-X-$#1RRE%S(v z`mF$m9MS7rHSc9A8V~nd`e=@-=`o%8?l`0(ZHB{=#9@17>R--Q4pw$$yVzqrc~%Gs^G0s3jt=} z{Z4Ptd-42ztM&BhD>6qBoTA~=r{Hfh&LcML_otZ8;&IO-^S*@p7Bdd}7A=yFzqeYC z9!Z}AOr;GVYqdUs%QWBACvc`R25XfRd}@8_TFct*(0WAUXslb^a+e|rKxfkAK3+t~r1Y+8Mw*8EoMBm{)|hzjw_VriZ! zRNe*9!T@j~Qe_8rz=Fi!>C<`4_|vB#qU09)%HDHAf`Hr!X?zPQhGQ8!y7d&iFX&+J zb8qd;%K2|G4c@m}S2H1TDV!sYXn9>RtVoD8laxv~KoBKJ)ZsJ~ZzyKDfZk0{bb)Cp zngbHb(jJ-5VdzWoF5XFglPf{Cxw_o2)q4N_yN zhwuKjATc!>?BBmzR>y8}Qq$;%;^p${F%6Ph7B9y%koD46ednxu|NgyZBGGIV`ZgbN zF#s@N1W@ZUpFu9!h9M51N&qHjtZN(-#rS;>oJ;_gAjQ^Cvzp&YK-}RV0AmEEC`1%; zJ zwb@DX0hCRW>NvO~ao~e7`h&1Rp}z|-WV0TGmkj@W0&0VHwTOhge5sD`1SO5mUNk6C$@jn6Gji12#_U|!V^e|})5(LkwxJyY{PC(31Pl8ghw{qcP zJ^>=*B@195Kg))gPYiL6!>RHwiHHv%V|W_MGwUM2Xzu78PGi|Q%B>pofsdK|B|1e8 zAUM2u4d%p;0|%Ar_Z6HTLF(fW28v><`Gk5i#JJ3zE&HGdLmp*j+u1hJ7}~>M-+f+E zEsg8&NoEZYwSRpldrAFGCK@g?W31K*iV(O#3kKfHMWqAYi*3St>6Y-`haA4|$k<$X zvJe$a%6le;U%khk+*vSiH^bgcC)6f_a~?;8s~fjq@dRiJ{Um)NR5|dF50dz6h1N9~ zDH?~NY?PkU8VdD0vcG%qd=D;d3y0GpzyRN(5HWT^ z$rx3SQp}Lxz)UR#uL|@8;vlBzYDN*8k-(Sda+1CG-Yc<|{r)~tj}08Ln2sHDHj76{ z5)6ZvD1ZwcmMulKb0Bd!%B+emvg5xM5M{ouib5;5j-K0*Nb=uT#UoY#67xb^R8z8F z8{i<*Q*?`h+yp%P>0C0aHf~d%OA@G_^?K4Pk*z&~5G%qDmAm5=g`Ru8tg#|!7}CUD z5L31~WP+;|*ReC=BYl2eYXvJtpv&};?4Ju=26&=Sc?S{S(KpU0fQ@>_xMHcl%KC*O z=;P*6BwMXajO2i?E=LkTWvrURw6-K^if|=a(iF++(xfS-)#OPHEKz_x$Z~|A#q%+u zg00Hthde0oW=Qa`1FDYO&dbsf%P4&b~T3Gzh|iy@9lDXy4;>9_Xzw0Qn5)Ns!f1IJC7Mx_mc7@r!Zs_Lgz|Q z_#{MNyl{+v2RxFq9esfFD3BD|<_CRq{V_%!nIk5@U#H)%_4jJtQJr*rs}0pwU|yu^ zHepzW)J)Kou&y#s6xt*lRT>(<77Zydv05joh-wIm0$xhO-^h3stdxZRO~xzWOfssh zfHesPxC-86KCgl}t=t@Ql7F;0-eXf$UR|VsgbJc-_<|=xTZr6|@H;N#nBrJs(y9Vz zd|buL3#oO_AXkc2I0cwDZko*1M?wyROrX>iTKX!1l!=?ULU-eEO67S(b0SVm)#g}N zn?|cmA-QFtCQ3jup5xXTpIQ3_`jdepDq zW5VG|bg26OQ`T>epJ}7$#)!2w^$Hlp)SJY?YJ)%0wO1Q`#tDT}BoBC3nT8`(|47wu zj$h4xB}-P+UDW&shbfF6c*FGlAr5_cG%f{LDld@S46S3ofqmPh&lAC890H~e z6`v?`8ZtJwq&Q5sBXSRz+e;r_oYbaBY7fIW2tIe(YKtPiiY@+>P>jT1pFejpm(ZQIAwm{S=r{>EqPH+;55FILwr;A6 zg!K|qdKMj-W5f^#@^n&#&IM536U#H&8KlsYryAx+N+!^ZD2Wi|3sDB9`wr7j$QL`v z+@3e>Om&u0LapkTUfL;+1A`-(RRzpp6v<0+!6O!bNDzP`$VdpX=LG7L2EOQlqZEw} zMmYqB0iv9Bz@f+St&CUL0Y}onhjqX?pGlctLj9k~EWpt`Glsn)Bc>DndpY5g_kwX~ ztV{(Q6RHDJNl?VQ&JmVls@|KqK@mxFdxOLcqoLhF5%;==2R6h_TOO3d-mvLGIimZq zJt)VwIpc$J92>SiC`YtG^MeeMruGLeW1WHlf{kGlRslA=70m+Nbf(l`);A_j@U`#n zk1pPnT;4AQ=(;6;k=))dH41RUEx*-&?xHkzrC$Ma`JH}+xquDZ#1M@LwZ`pWFpvzP z)K`a_g1Jdo)yjaTK|)smZC5TqaDSEnmRU&=c^ylDlZmtf=xEnKmS9EHHU$7h$b=W~htK`c?Pr>vW+rEL9QT&$6^M0iWOy0Xx=}WUyGd zyQmz}Jtu}ya>kftS@XW1foho}6}L^w^C5#KqU6J(7t_G0yO9rSib>xs3MXQZ&55PK z*`R7k6RoH5fPvezpgh0u0xUSd_~$uY@M_p|i9x$lrL|SoZ~FXCKn2Qu&w9(Sk32|$ z>Nb4<8**?O|!n?1{d>%uMoqR;eoI@Pc-?itF6t?WUz3+Q3 zx(DN(=iftw>TTRppc~liq`+3(=_CLw5t#z5)&zI<>X>paf#_1McD~OTOuA~XYsR@0 zrjw?uacNrr-qfSS@*-7@EUaHfFG>m6jH;5tQ`y)?ZdHqBbS!mP|0aaD5C=jOwTC-{ z!RJneMy4=06fqC{QKJlOwzc#9kA<{@LCHqJObaz5(k`jM zc3;XpuW&D)VB@Hc!{QXA7|Z%%5Xy_b8G+SoUCt5O@|X75;Pqutz%%QBR% z`xk8&AoLfVKmgn#Iu_Gy(NQ~CxkZx;qcla;`G-2dN8@hG&z#}2hg~Vovcfdq!x5v=Ck;eW>oDDJoSxPILRN+>++!JbgTd@hhDAxHf#DQy=mDT<_G!zq!kv`Zzay^-~}51}}n^BCXo3?>?`wS#N^DwNu{T z&FqwGfm?Sw-wcU!fB&MI>UDg;vr;Mnx`g~3wzU+`Oh)`V3TOs-Lp}7O1X&Yp)Pdg_ zLPxKD4FNUPZZq9iqm8xHT?b_atrwyLe}C8C&1k)4gIPxh&LI6$=@Xfji9eK0?4?eA z?3ky<@0hxPBA@bDDY}Y>k|5F zNb4$GPNBW~!rg`$=TUVSlU$|7=1op}rWD?K;Z)KSyJaC&ENtuFCZxbtyiG`HcAff} z#HJ@9i?pHk%6(#B0h|KMq0?uQz0}X`RLuq@Qs&B#+NE(Al|!3aJB(apYv&M$wiRn* z)Xr&nkeI<}^mC^ySd#)AmNj0tT@|>8wrkAGbufc|vu)3anDxg$vl^^Ngww=m(0~&* zK}#u59Mt294brgu2CfEoRM7I3L|rKmrmq6CHxJg8Vte@UbEjRFgStKZwY@Xw$^Z3V zwBIE+V%q5I}By(corlEcTicE3J}t>C=g`=CN>f3zS*@@ z-(S3+6v<|8tW$Vj+l_Tal3SO3fDTNYn7L_-5UJ)0QDsuoO86N;Ee|`5`;d%?5h^Xr zI^EhE6mH7RC10|=(^rH^W#xB<@0_wiQz;Q)CDHU%6=> z3+M_!%|?wl6L9XW8Lm`Gg>#{&PcJUd-=4fY2LC*Na|sSFPQWk6{{*j&FOQ!- zm4Du#g|<5oQrH-&TK=7uPF9f^$zkp(vkgEUa-9>P^f)n7Vyc3+$DxViZMr30^<;P| zw+~`TWcB5J@XMPYk1x-TuZ~CH==9C#>i80z9lky`-En3a23b0R!JY;oQ`DL0;#zQ< zCCsKwnmnkaSW2$vhpBBP!jgR^3gA#{1X9Xp>`o9cskY4El_1sn%b^*bCFqN}s_Ida zj7rRBYJ^K@QMgOaCG1XLvBiaya`ki{UqJ za%CBCKGI?eGb{QUcpMSNu$Yr7v(OO8noq!|&F23~^8fUvgwLZjQa{S4BLCO!v)z3D zpM&SmcDMO|9^(1<5twYBpsfrnm5qGcr1dU*_tS(Cy3mq5K#uzQv#R^Pu&`7Ddrt~%y&o&j$HWkk{70*|bipM1gB|l{a*F(#H_xdk$?&5H|nG}Fk z`JWGV3i&_x_nvLn|A%<42$;hgvF!`d9iS@NveI@lT6RY-1clhbC=$zGs|${l4i3SX z!qA&36?hKC9BXxzN-sn3a>TfdjhlMoNb7U$2H62)$W;7ib*gilx^Fzbo8bU~J5j|5 z%Q@jPh-XBJ-;q`3L@LX7DF0c!VlyefxM(w<5vIcUK2g+K$q56fk`v1LaVwJ(`skKK ztS_fXSA(YgZhst*abGpGuRRqO^PrbBSqW!td@&)q=Wft~4O;*_%}2z@guxLdM44aR zQEuM30AwrHF$aH_U~%Q}aU#hW$}C6bHpY3^>VhBRd8E2XYmBy|Ppb=FBdT5N=Tx3A z%&_XxC>{scOW1WBbFQv`WNi#093i332pBMor4ufjlN;2P-1k`Rsh+5FAaoZj3@9H| z2=jE$DW?sKDH4k}jYIZD^SG}1IORW#qAo?ypQDW|09EpT|M|1L{6E;==6`*V=g}i@ z5^_rXSZX1ymVLq@k4=e>Xb29YBxWbLq9hjEo*5xrIyr?t&}YkIEd9+G31SsZ9qDVN z#PAkI*azsA1TxSv3a22-a~ zJR$^{P|c~>pJ9qJwxc)%a~#H8EOL-BJjVg#c38NMblU8IB;dU0Sslw={A4JUadokZ zJVWwFQp*3d2Yy^=_cQC;g2dm^G!QnY&=bpk5CEv+{K>Xz(lazu1cR>LO8C;nO>QiD zHgvsfVQLo;auA0;qT;7aA+F{6SWtx+19%=mPde;D-R~VhCKJU6DD=CWbW!LFVT(g^ z(V%%t_DRTMszy}rxjYzx-(&3E1PkC1DwB{4f){4^0Le5Anw=6e{U{nHx?_f5z-NLs z*%@9yV!s=zl;(II1(FZdRqG#8;%6VH{Fi2dn1oCyGV9}5F8_B9_MROS&i|h8Y~}w$ zJjqZC9j==kX$^}vR#L~4H~2%)wngB@3HSvq+VVSJM6#}!obrWrSU3c2AwA7KmJsAA zn4YSyPxSnuJp7lhrj*3d5d17pKZ0^9V;Yo^_~!DoHhFI@Pxa+db|usyJlChwKF}y5 z*c{-U!8xi;c}aaR#kVMQo)aoz?YZvJl0!qW0$9TYuEgqtnYw`F1Yj9_X0piKGG*(m z)@3jV62FAR^*hsH$@Ran-anC6`j@(r-Em_=0t7=x&;3K&r%MxCsn`>jRY5L@PFq8g zABRBRT-i-(>o%!!Y)0;`Sv*cA+cln8-C%!FTd90MWW6+6DoKy&2Iai%Y`lYST%2QP zMV3A!+@PdWVI16PZ?O zwL$xstl120K~t+G%07Lywxotoj-im2LX8?AYNfVZ)no8{U0ED znN?dP4R-|?+hA8obYrL~PXm(F0Rrve#mVMcTy0gjd&!uq-|4gYQ>P6~?ymY@|kP;)jq> zO9|f@IFCY>hmO7{*|eO{J*Q-nlaag@ z-+EKh1V_dF@6P^S?*4aocW?h-d;j|oPXxUi8QKal-fH2wOoa2e^-Y_iDf$q#Ti>+R zEM(%RD22mmyVd&Ub_cX?Ua%e}eHh_B9Ye2wyCc4|rlkTFDg zTa_|KmU7?nRvKBpM7QS=>(5Xy?@CiU^;=YrIS$&bC#}{kq{(gKWgH*|egMC|Q)GT@ zeWO#0{&k9YC%}w%?jZMO?M~~Pw%BhwKSacLzSoZa&TmOXXZBa+f7TI&BJsVW+{@dY z)@Ma7iBv2(7rALBaW|HEL_*OZ4tdNfNwL3xejiMc_Ew+>`irFBL^qin`pynW{r`FV_JdGarTc$M?92@@e@I>3S~b0!QEfIpK$1pB#co!mSrF33O;Flqp0nj5q^e)$GoHB zqdyU%Ob^7RrdIsh`bH=e*QyB;vvjLb4f@#n#(b8;k^SB~yf~2^tO_Q8%qAdPI5{Iy zg-vNOjJc9xC`_quQhI*?Fp5yXK`k)Rx!zqO#;zQB^NAy-^fk{b56$<88+HXow*LDWS?|`;)rs~TmS1{-;;5=wQk({ZgS04Tuy8ESg ztSfLRf&?e&&e6#d9P|_iX zemRg{uV>AvWY9^5_cO|vU@Pa+px1*el#ZMPPXzOP)9(uw)7!NUK(~l4_)MlqWBN?T z?*K-Cc41A_DmnX@VbzpP0c79~1wlf;t%s%bXSK6x`t9--{WkNzCXAm?Z2o_#BAz|y z1V~@&cxzo41YI-!+ez{VoFsCV+#!HIM9AZECZw|<8AlZ)hN3ySMZR)wv$`bp?pC&; zibw8slE}5QFiXyers^NqN3V&W7)4y->5Q{4GgW4sM_m;Jp^J3_!i`Lojm#7r1ZWC_ zw?=77c9Lzi2^9^A^!Bf9wxOWyqX2Q#{+x2DXYqr@q%Lx7g*U79SU`G~_ES%ZO*L}6 zN9+bF5S`?TO%nSTX6qy~cq?B?TmtW3Skj7irj`Fcdtch!HjXU%x%n$<==95SOlt9# z=w9C$$M#HoJ8^vMr2EZD_i-Q+lF+6Ih5+qoV!z-14mJ{`sLht`?zH$Ju}Gi*6bgkx zp%%Xo>((o>_w$lCY*Xl&QUILLl&eg?k3*As7}7uUTq`Bc6PogKb0M%KX097LS86{K z=di?EHA*J1#IpaY`O%H z%<%u**l1V$Kikdb&PxCLAkReouchj>6}tU2i)F}kkI)9kX)68s8!B$P($%_is(|mL z1I`(=V6d+dBZ1<#4|}|n!q^E)8Lp&}mPxDm0FzXCBeH}lPe?vWbnXx<0kRChlBM#h zw+OoK{IDSRw)ZW)VG71sgnk`Ij`+2Y7%oH!ts(qD>T@a@!XGTC#mgfmTaYEYlt#`E zHv+&nS8UHFgfNanC3Q-#Ugdq6qJZNRKKZ{13=2l%yINAbSzic(Hx~r4()kP+GNjC{ zVW^S#H88Ry!6^iYVH4;_LlhMbvn$Ma%S%!k`T?bp7tmpX;*nSxivYqJ(8=lhgQWnf z>(RRkppa_!pP3t;%H5i@m*d4JXTSL@^ z=vk1tpiJ(cX7MxgP74=e<&3Y7A2j=r*;eM@A@38;o=M@B7xIeXBJ%zJ5fJ?M@^Hko zGFJtb`X`An>sSJP9nZN@P<}YW{EVkR>o9;rlzdXPihCvbxDy-?-A;}Z-&)ifxNb!0 zib=01YLzGN_SJL?kr?bJ*m?jI4I{fO%N9nid%^9`h@w|yXv3k znJoX+ojfks@LYunJ$L;h>Fw^|kXZ?mvH;7{s3U_VbsCM~$Ws*IU9h1isA5QC!l~dwKD!M3hz2O?yllQ~HgsGI#{}32 z2$m4*TPgSDu@Uv1K8vsan3i=8v)h=p{#)&__1|8_e|?x|>iS=;)9?OSeEl!D_~(iL zwNZ)x+}_yQS*`yEd6vHZ^MHWLCQTJFG}Cd`bVPI=C^0u@_dL)Sqznpgt8+=2I`;yN zA;tYHLV0#T8fph957hYpWt^T1(2_W{`EP>wpaTue13RLhqI6j{Y*btHO)!TLanylp z$M&|EHn@rd+4vZ7kHnLQC=Rgpg40R1m=Ak)h_R8g2D2U&xHml4@mUB?8HDEeBy%1P zaEg8S$S|NH*4oF@w=ygYMqwGX_kmT@S938S$E@in|43rO&keqgvra|?160fSU zb6ZIL_xq2h=RbXXeRwW|`=7r%{BU}-e|CO$c>43v{^9xY-n+xHi2B&;@}Zu^_ic{aTmO@9o~N}jYyCHOs{S8aTdn45{XfK0 z6>LmSMY#gSGwmkwIqv_p+W#Nq z89&&Vpcje-6f(Too2_7nHDNJ~I9@n4*%i#eX^4`_``j6+{Cdo}X!>X6rBp7XU60By z3xA`^`@+en{K4`ps(`oLiOOGc@1Y6?w8v2St^MX9=YQt zt^Wsk#Pq(AvwNf`_ZQq9PTIC0FUy;J)|M-fNN3}89!_DyEu{u=yeu{5$=fd zI!?J4Aa8(EToe$pg!v}^DSf@bqx|ay9;uIyjj`|RnYsRL>w{aiF?0PlE9<|tv$I%Y}%R_%Y=n;Wb6{}1w@g#4_MFLmIu?Vu#d ze>VN5-*QS}SDwBp((d+Xs>Nj!iMoznfRPXfC|!rE0SN~3hGvL32~ZS`93do&atywD zI#`ZJLS;QGvvTtk^?D?LK2?pRH0uvaq2@(55*jiE-vQ+iA_LyVF;$5=;B&1MYnho5 z+EA}MM(rq*Y%0~Fk{G_oY3 zC}fRxv-PUcY&Tk4?XRt^w%0?K0*s%;edhv?u4o#vj^jb0W_3I(zkoAD#DtO*#qbc3 zr~@=%|0uWZ7>0h9zlOJ2l0_MV4;T#{^|f|fmn9l$t$6sK_F0(!E3t5)4PZL|Z?)TF z_CM|I?UnuCgFI`7-+||Wa?v*`KV`X{DHf`af=>B@$XSCBce8#`S^e&lxUW-%$UvkK z7ED?Fi&9Q{Nbr1=$}k8KxlnB-DHd%=U5MoCH9ip%yit@mDlLPMPS;8)8cY@p(XW5W z_tB^vIoue1~QN9!had9}IKQpBr3<&k+Lf(@w{SZa>*MejgCP92RS6&lj0y{cfxB20>QbkM`R>AZ+h zvB~c;pt}hMsbVNjZlx4sv91kWpxVNw3^!@0`6wn_R2Kj5n?Xx!A`%N?)^dD`Ly}6# z-H7NqZ9xTHzLP_(Cvx#+Q9_?g=Ot+OPU{|tO~}ge_V0n{E$DY3{55kXGa6q3NIP{) zKx&ZYRHr6XS1EX!QvotIyOr>P%%RQ*_HCdZL$0?22tag`66%(6Th%j3Irr#Xj!OA;JkYp+f@z5RHjEd02)m?9P zEoaSKD9O!9la9V_QUb0#EOfESQ>ZfxN@@dC!-K2~svNlALnO*lT;To-1_z{g|eB9lAI`;y0J6AY~@xZc1>^WS1Amg_sCgnEb~|<0FMi0i5ZY z-Hhv03yQzSl>4w3F}e;(#x;{w&5QoXJhpkuavM!)1WANqED)2$%9osxOG&Jyv37Lt z9qY2LKnstUKcvbGSw>G5e;aZ!h0M{XxZ7I?S8_!mHj5wXK;i;T!Id|5LlmPvPF)|4 zWXfE)LNPb!v`ehZuQ4{WDyJ9-haO28_jL{n4I~&)%5b@D6oy1cI!aP=m zY6-4P`f<7D`#2h@&qU#hVLm>~oLZA;WWM4))^%r$D&_frCiQM?On2#7%4c`#0*_3m z#Gm)p8F}xlJ0nK_P7!cDAy@@`naVmfebm2})y?v1Ge#z|jftom@7zx$4l5nJATmYF z(a}y7_MC$}Hr7XGq`5g#zTQl$1_^|L%*`Or z?UI*8xF_?;^N|TjnCA*lafA`WPgx1@y-#yKtbD!|H?Aj4^-X%t+h`~!|1l@ELfXfk zTn~)U7>A|BFB1bTYnXZ;@hy8XIjYB2i2lW%h4uejN4j8*bEQFKK2N4!1`v(50Vtz7i3f$aywKs$UE*3k@&5h&C zY(#Si&%}g#@CJKd7H`t87F7Gd&5h44g9ZB|nZCuaO;0?*NAVZ%RiqbxjFsl{xaoOK zL3<<6P-Tdgse{cmU7~BH(cEHW`m#Qy(Oh#|YC8`oC~Dsht#Xc05YQ~X&`ZfC;+BhQuA$fV;!dc@$8h`MFW7RDMN!?V z1ri5Q7S3j=zUYtzrP_Yug%Ct}A*z?8R6r1tUJs`@=7k`-E{@cMK|&cL@)}pF_N3sp zt`@$@8&;NPEm`(OL$7l)d|N2>Et$~I>rCZ9(k@r+XQ=uHp!uok zq525&lloZxQn^bmI_m1HUK?)CQ3b5xD){z{vpkZ@5S~5r^UIlixoDoN3ePP)sx>g4 zL{P0!)w}wWMkCvtO3@Rr?n43a4mc<-UYU)CC)RuD>_S8shx)H3xOe&Ov+08xU)}!m z0=^0?S4S|Vn|%v~bM(judk!?3ib;#|hLMFwc@A!?8a^BzDcxeiD?aQp{vX0uFA4T-_Ymb=Mg;H`-n;--Pm( z6=FKz&ScEhCHHKIQ-Qc@7bP7uEM7Oy<-^TQXPz1y_2K5mEoRf`cIT;V-8pFV$}kX9 z>J_FDH#bh{T0pW5`foIhz=vyyNgRrOrfu`&n;S01XBzK^4kwm%B!aERit1D{+|tYNgck^+1-aDTJAJ15DiaOsaiv#RM8 z(S9F9TTmzzB&w!3Cs3$TXyb)*ig}jC3=sT#@7-I45nQ!$@|`h3t+vw>ET@V?W(nbw z?5uRz9KB_fj!CXlhM?@iZqs{Z5;jN2wJF-%eST~`%ws)w(EllaJ;}H7<9(ONFxO@C z;2HiO?PhbQtpD3+HCrqHj|X|?Q85+wqGHk59wTWN1wP97fTsEy+}AllFI&!qyuh(C zcf3}_;S4cHG6Yoaf-ooFt<~fh{;QaZ5_-i6yKqhy{mIj4)_XK~IWbSDZ{kgAh}Kb;#N#6i!?jc$y6wVw7%2-t_28_;vAjmh@8;;`M|w zBZR2G^@njF-W4YO0e3s#dK+%dcfHRga&vb((8WEPV$CyBEPJ=E^sreFU>xFbvEi3C zvnmc`Mn2rrevSW9>CY!ptOGDcu#3{?xSCTDC(F9h%SnkEsu^u?x2I^?@~>RRTCn0T zj1%mbX60rTF#9k2EP4O04GlAM|KF+X|LvXajaB^52YDWH|G)jlKZ&ufcKyfQ^*8^3 zyM7j7z0sOopUKlV3WtOVvel{*n_R^aT&b6gES}vm9qLOsFr-zzE<=o#t9B<`Oo zFPL>0&?|h2({wR3lXVrA@);Hfy=;}nEs z{nYNDiK0SS;quV4{IJYTl6LZBn1hGEDny*^pB|ljI5;}pb)S5Dy?6HJ{OtY5)BVFA z8!v8LRYZLJJiHJr9=!0gdKrY^J~=o#)n&v~7A6!Xcz|9mI2cfHWr(06U%MiTxNj_u zEl&&$lO{N3EE1ENG6bGLQ-Gwof4jN)vRo*|U%>mi)qDkBjIY3pX^0tkqOh*xv8?+$ zxQ+ee-I;_p$q-O7An-yoV$c!{J?~YJ^2xmxOmj-NWrwBff-aX=3Rnu71%mq|pQ}c| zQkh4ff+;nA36sPHfc-t)L-D7DkzZwHZ+}mTjSQy*MONdYf;CiK9Dn6FX7cXma^oC- zmBhq*B*OJw1dk0+du!V)ynW?~LsL*fsbzLQDNf~KDB&$uM*z9Jv1lJz|yC1$V*qCl{~djcf3ciE)OQ zt8gWP*%v1&7+|@bpomczA{q6BFqMo$I@jlWv~PN2P~XSgj!iqqDkuve?hLY5W7Gs& z%f-b+O5fnhMAi~30RBoiG!4uIkAW+i@-JDJi9XnV->E|C^(a?=ClIXO%?>_SXS z<%S{bg5D#P>fy_|waM(77pfAGiC8nj1~@#I#_PKf#*Xeq80${#!!8`ZRU*y@*oBWg z#lb+qcniDmhD4V*W!X@^c@MiP;F-)fp-xnMBTlN4{GqVTgKAN9nBD_eMX(8_iJ3X)EML;cG{X#20qr=c99FaX{*r!WnB9v zuT53f9E$IHsC;R*?#jV(DW|m@xH*y-q^V@6PHZLT43D)m>rS-9q2HfQXQKe5YgR7LrePtA71s(A7<}2X>+!}NJa`XfnIg3*J6xS4g46sDt z8IJN;GUkz)o)5n!DVB?vl_%d*zS?CKjajC$u~Kn)fJ%{Q0*)y^iYs50gL9|y)+845 z*objFtodrYN7Q_tNiF%MMNy|v*gI8lZkb>UW>-^IGr02b>x=H69`1cOEWJ*vX&s8v zGX947$w-I~dp&960LL^gu%2_@Q+!GARb5AACs%h0kMk@=|NlGfnuAN-9l(tH|Ba2U zs{ij!duJ8@{Xw3)>HoWeITv^R|4X|y`u|!dygE(2wtQcj*1rJw7g7G-O3B~8t&(4p zj*wam?dV{zH#e0FfRfGivaSMHf&+mF!;w0*GP+Gmx1%SEif&6ue#Q&gi?!QJ1pCCQ}xBfoZeJUmB&l8 zr<~slvgEC3JE3eBh&RcsoI(a#h69S8Kyw#+yK~a)26BbYI~g~txwEt5CLlBAzs;)s z$4+Y{|2@p}N0R@Px9;-9KLhVCBK_5yeyoJQI|+XU4XtFqmF%~Y{q95dtB(({68#?H zS&IBuSwB@FaEAQX+T5z-f81zpG*|iGALLn*{cpva@qRpf=evJfxxjosX44whJmgcc zcUq3vZFZ6GcN@6_|F`2~O-%|^zc5jV_A)+rhmt%lk_o(|1Cg0x>+r-*KQ^J+Y7(;|#GBpR0Sz)~WNF&80>zz+ zmkjd>HQbEhRPheGKfZYl^FvAyV^=f{E0D}<3lb72!i=Fl7BJ=Est4|mtn(vt>%kWt zs{fp~at+<>O&kXcbX;`DE%(X}J%_&(6~Wc?;@ZLD>gIl|J@I}<)V&Fz1O=@T z(ULXtLR~6`HnoAVxIu>ORk9UPg_%06hzTZeTAfnSs#p{ggehsqY70?!+Rz_;8@~?~ z*fPbXIY(6!5E5*kBwx{iIzRu;#GHQnHi0^>fz$tGG%nWaHGIh^m$>Jn1Xqoks<4;D z|L?H>S0XJ=mIG#;|Jpn4G5e3rmH+31JoB9Y^86@Mj(=kuYtA)QZ&g3{VQ?Qc39-3qG{k z;U7e0woqaxGdDVuv&A`#=Pt2{#Iht&?b)!44E(uy%AIp2Or+DX zO=_m4OsLi^XG$n+eu^X*0v#SnxLCzZCBHDmaC}+zx>G3Kf3tV`;r!>r)3c-Z$0b7_ z=?tlzL}kbZUoX9iNsxhba{B)N{`>so{pp7~FyDR@d`1w_SMcq$0USAeRhJULpK=)s2mTw%_%Y@(q)7>yLJ9r?&+5hzk@y0qp<=P3|L${e z^>3}#2T&UtCuYmu7)s(>6MNL zgQ8KMXl@-Cm-+is68A~m2NLTf_BzpgFXNd^)~-=K1*>}p?~aad&r2-)pm0dyd3nav zdIqtZtyisD#E!pXILK1Mr2vJ$a-096D56& zEH2TWow%p`4Wu`q=VPtNkAaI!z%;j2sH1{=8R;Cg}h_i8{Qtb)J&>YiqCOyd5p z?tei@fkhZ6&=P;g*gB-G1ctwwz)*1q@<8TyJs^VD6=b#$P!nIUM!jM_sg*S*qtq_e zV!0IBq+=^w*=!zJ2jN3X`h79Yu0HYAlo<~ZR+>)uR4kmb-srWow?CobQCXb?pUT}W zkZ6(}jKi9ye0`Rs zDm1)wVI~2XaX}w*W?~88P==gONN~X*O8`NPukxG|1H@s7Mle8^7`hn8dG47IvV_K< z-GqxMyD7dTir1AwIiKp+iz9w!9E{tqOQ=NA_=7~cs7(L81iP4{jRiwE??Drt$0bNQ8H5@Yfi(E*b-6^k6e#)#%d3fJx*E2wsBtV0RpKCWp{i%?mu5UGV~s zoO?TxFX8+*Gb_W4^WWyi#%3k{%SN-kvpWAh#AC&Adp2hfnCDd&kXacv=E$ybn}9Jh zvTDqmQRB~j)V#0gg17PulI*|Y52RJ00rGk&9p27gr*SuLA+6Dj7@j#KohWL)!RQTj zvV&@4g1?Ei5yN$H0p&iOQ0Qstp6Y6V^F)tD*9n8Cs>;(+T!y7bUbOSM)aP2PpR8t)L^YKp zHIJB}=GMt+?j3Gs!o{Qj6|Uj z+!GXBpgv~4qi@+*mPkedY=EN(1TRxkF^T)@km3k&a*5^H#Cnh7&{=~R_f-z#XGw~C z@sc?fVwES$P(z02s7t}&#n^Zh2KRN&I_Lp6X(VM zbJpNzloFaTI663FjyQ*k)!_If#HgXlrSx~lzhnUoal?s7%yD|IBzdJY4oJh%QHQlp z*<(+=d=_5+r-yq7?+*Q8IDZ>6{Qoz$Hn%G4zqPZoTK^C7tknx;&fh-evR~70`mNS) z&y2eu8TNfPAUF!8)YU~{A2)PqPZjn^+@tAG5;}_h&iE+8yS)f;kA2Bdil4*ZKJ6t* zxrrGq6y;STGuv>SH#h1XWt@r@0u)6f zZ9Kr>tC!+08D`ugA&^*mQUXs=uSWu>PgN5s&H75s5kwi|IF+3cM_dhES`>)yh3p8Q z=kPdDuRA6;|7Q?98FSxpUc7iihd4of+p<${2jWXb9Kv-!x(Wu*MS5 z;s3xjz_n~u9YI8cKgp&)-~mee8C=xy22#+i{P2$CRI>nBkba>u!EC-ifm)62Hv_x7%@xF*Wl0 za*tCQF?ZeNsPA^%mcQvY-5XI+t3E`F5g8IL{|b^!lxjAI?z%g~Lj}0qY`!C^mZZ4Z zMQ?6C!!=0CPxNRx1({-_k>Vk}#DHv+NTQUwxQgALx%t%R3aCfr_}%+8FrJDPa1Ec! zNE98@g`|WbDv5$9R=54ro5*AI+6}}c5>WHV)MhX$TB-u;PlwAkSPud`}0A;hN}&#^Yp~FlxE>h&D4evA8+qpvUD_p5cf!o!H!EV*|w%t z36A--EogfvxQ2)@3H#G;CD!W7ftsar(6XQRotS3T8@$xB5>n@4mlcmyUt!)?m@NaBGa!JzQy)zw z&~<9zndz#9D5tFsVqU9&DdSB&3dt(JvU<9e6j$}q z2nH&Cs(7Go$931;A~vYoarf1s?nr$%AM;yQQR8Oa9nw(zSy)f47p4!QF>OGg;0GyJ ze_Y^^uCHwlI^SHWJr^$(fxOeAoHnOYo4k}SyBM^hNeE3;lMkQ?G*f@KUM3WUB6+Z& zSHK1|i$aNWgJMzn@9-KkDQIviWDPjdW&>RuAn}_^+kCw!oXw5(W_skdn%LIO;)!dtCY0 zn@pC>Y>}zDWqis?fFER9Wx3KI3yxt%J2Y{$N?p+6e8E-LZClOt!lX^iU8NUCs?%2} z=4Q>>CD!HF7#lVsc?u8?J(4o+!}0qMhaCeX7*NV^xos4NM5*VBz!8d~a$`15^)W7= zLZg>JahS6g#35Dj9mY{tXB1XPEcxf@Q)>K(s@*Bo;uIL^$G0Vhe6FUAMkY5KNy8W><>e~PkAyq>7Vt?wEx+u-v4ZDY^~xyKgjd#Tka|guAFyY&3IuQ zQ~e$mYIt49+0W8cNODU1cB#X(5eA=Y>g&&{?q{d2iGjYwcuQhqrc+l;?;7$jRA@N_!>6>9S(6E zTIi{pD*4Gmt*3E&r10T5`VZ)(bg0E_>Ha0}?M0*VCL%ZZ?a?TrR|1X3P0VpVfBq~D p2^^`wHFGdSTOw-xk@@QCSv{*~_59JF{~rJV|Nk61>U03o0{}4lUFrY; diff --git a/assets/stackstate/stackstate-k8s-agent-1.0.88.tgz b/assets/stackstate/stackstate-k8s-agent-1.0.88.tgz deleted file mode 100644 index d0d9aebfd0260b059fd085fbbd779ee0c0653238..0000000000000000000000000000000000000000 GIT binary patch literal 0 HcmV?d00001 literal 34917 zcmV*EKx@AriwG0|00000|0w_~VMtOiV@ORlOnEsqVl!4SWK%V1T2nbTPgYhoO;>Dc zVQyr3R8em|NM&qo0PMYcd)qehDE#}k`V@GT?$aczn{P>~cf03x9k=nXj_qSP*|Vpc z<3J=Np{58H0PSd#oX`F~xRD?UilihvX;<858<_-V2Ebr20OrCt^lli39CdGAur8dU zkoS*fkn-LF&V&Ej#4{KS2G92Q<-dc$Aph^q-t*`GwX^?xusay+J{#=**I?&hXYcuc zfx$+wS3EJ}kp94IecNlzh#`>;`~4~Avv}O|$h14C0ur(RFD)eK zOGapv)?LCON$>CU2E7+AT3>qleeq|B{11qCvk@E>@_(?mzh995JI}WA{~?~dM650D zjN}kPp=ZrWOk6?^PZ8roz-Dmw;MowO1L!~Z_I92>o4ojb{Co$(F`7L0{O1Rg@4w&s ze*gKwV6s1%Ovc}TKR6h_cs3dDA9#EF2M6CDc)R;vYl=cdmCS7K4tDpugM;qg;A&@Y zxHlN?AN2P2pFKZ#{@20oa4=|ZC;5`cIsb2A5F@rR1#tQNe?HjR+0D=Yy=U9`{~*sJ z*VB3gewH&V0Jo50vBWd*sO2u(ng(PH1ED>l51hi|@K*c=;1N(?dggVHL?{H^E;tr1 zfcy)Ex0sS}jzVtX;shwM18~R*h=|X65~ip#1Rp<_AYjO&h^Hv@-?fo|TMPjN??)!US&fvkyFqd=zpF0|r8beB?_tPUu%sw*j&`plFI2 zrwf574{!*6edk1YWWnxs!O!w@umC=q;1Fd{3!G6L1UQ^3_$-6Tf~1=lQSxDt8%6o9 z7t=ssyAXd!xG)F+r*JaCp6F3ag%h=78Vo_ZZ8w13;Aq5xw=lrI+<3_03dNWJ9x!m5 zewa`)2VQ{H4x&(T2qrLKsMX4|!YLdh)hmh(0`)ia#Q<<9X{Lygn0knbo)Sw57%!xL zJxf$>!_f*{e&pq+!*u(UqOR+j zoYev|1OX1?4^LV)m?3D(x9wI722!d>J~hk;13d+LX3|K!GnAW3f)`_k)YLUEhoJp? z3>Q621V_#w^-+k!sSP`M*+Y^geF6S31UU4ur?`?#z}*b-8B+VPWHK{whl2o&5kR7S za(qQMBp?CgfW{%mb2T|MhJ=kn;v>1G8%jP){_Me+laU9-{5?*o(sQN{e9Yu8QH-f# z$!<{q0diGOq-YVEp#Y?fxm0wTu1RUhm*{yh<77S}-VNdxkk15ZCzEW~046_!NPPDR zVjv_O%pvz?vY?M9Fb>on_vrGZd)@&@rmhbN1usQ?+5s$%qF@0aP*`oaYN+$nXz5d{ z4X+5}7nFF;7GMSf7>C|WjH-}J5JUm=kl+Q1KtB={F#~fFhhpS?JeeShLLMwS`l|;+ z!5!WVhEwEAs%9GHP!$oPjCo$M*O}+p3|Sa@K`Ra!he41qsXQz|UQ97xh~7jW_z?*w zcp6hx##)iGbwh9-p>Q zn=1-EYmTPavfmpZ))mF7C2B4uBBF#7j|3+ni;yQ5odO}nG7X3^mBk2{+D=Nuek;=# z`2rbsajmf<#D!E8#Q~lGhJp!Tcp4%f=tDjaa>M|nNQh3qw`|QV;`=2YqX6-%)6rW* z@nqpZxgasPgQ0vUs(>3+N3Hv!mX@&wbslDB#kc1340$)~3Qmt8^>GLT%q9AO+;sq< z-V8BLAtzLbk{O=Pdf?oC8=zYhh^3kdA$cuUx{fTT-s!W=>qHpH5<*%!@D4Kw3zW(U z2)bP*YbV&j*y??cSZnkl2r%PfQY(#=8Nnp@m(M6d;07%icrOTh-vRH1Kzt8i=!5q@ zMc;qp!oxUIS%nWo~JMJB3FX!<)QT?n4YfP^P*Ug|62VCjxOFLY90t= z1=*H4#GxXfXW{drSe{_a+v^cAM{}YyAw!3LQ=b%7VF=ngF9xr1O3xgASf`g%?WC8~ zpDXs#>fNNNu)0YTvU)e|A6VTa)^5bu;bs`jhSrqNbluWUJZRpBPI4M?Tq#j0(+xJl zbXiiH@m^KWt-^jzdKz(Ib=MuJuCtYQE%7q)&e}!g$xrL)`C>L$=CoJP`Xgk>ad2UZ zq@>x0#OY~(^NOemH5`g%6TH+rg*+u3PE!&%oDM zjrcwmS{e*WPS(ukQxTDXX&Jn?$q`-!!hlRqrEaEm$$(6!LhHCibS#)`(NV`m;)BxS zr20CPx;^RuAC2Q_2jFl*I^Yh{umcdKgm!>OF~=SZI#Nj@lZheck=Xi)-6=!7Bf2I4 zW9Z#THFl;?E`%bMCD3qz`FkiDc5?R9d8=h+g+BU8hd#(CCzXAXKQe#b3XLFN}O?0XT$nq_A;d3ia0lq~cV(fyFab2;S zspFXMF_WB^DW>)yz2cv5QRYoGEt%r0Qo&+R2>a|< z2%6gDxXi;avPXXIm8WTR8o6m zQz}Q#N^`1|sUGoxq0x1{~24^7P`z(mC{{PgR#^+U45%T&M!wTwB)O z14TC66{yT@iK3-sIyOkVyDz@qdA7e>xj}N^&hC?z_s}Z4rFuNrY&%lYK~1(L8T@~q z-ASF+ia*|xAfBU31pV_ckRxwylu&Xf+Mf}|lj|@cj{p&cbE8nQIV@t)GGYV!s7!O# z+D`2(IY(=Xu*t4!uWKJ@q^Qt-sTWa5B11V=&4IHD&P9dJsZ|04`w=potxXT(Prgep-cAX#Ng zF~Y1RiEUV7sMkf+*ZQ!LRL|K~Mg#|Ds*ECbGrrsTQs3rcT-&*~eYVpeYq^ zMz-1D;>d>_jW~rIO%tmT^%gMm+BEbfL~{}fsh-+^Wg!f$;k_i%xay58Am3B_jhUcx z_~A_mZy^rE!ZZXsgF&83@oR(vX>luP6ue~Ym*jac@d0EEPvs&fsIqG)Q=u$GP69+z z#=1)WTn^T%=DNd!lZnv$Wj`L8-wbh%!)X~vQ^!!LSp|9?iH-K@;9>o}!3+VqO70-i zmt)G1x=(aYqgGxYW@N&Zgpx=4hRBR;%a!R($!j#1Kc!|sCcG3~$rPeTy83$toASH3=gBJ&X5i@JGB}UD`l%yfp+aJ8fKh|l;jPq#3A!k3v zlL?|D{BNXn9R{Geq)APU;`ta+L8+)G^j8s01nM9#~ATDghI8?1~d*?M;mK_ z{lSeC|CmZM1ljoiD;K@70IL9~202I@g8ji@FsR$GbLD&@$9|Re5v%^aHq%Y0X{|9s zI0?BZ6)-1@W{ac@R4@QEmRN}z=vFx`yQUmD##J!#k1AxCt_yWY=IGpbMUBFOdWWE5b$V}N;(IgwI zE9oNH*18bwYDBw#cQ$4B??YFuJzZ-rt(6x02c*&xT-{Dc%A^vOnkaJ$LzapTpM(gE z7mgXxNudhO0eyh;D3EPomY-Z-yU2kt^2i)9`TaWmeyzVJM>qBe+Q(F4l+t-GRN5#S zivOhV#IR+G{F{VmDF17}h)}ZHBp3g(hp*NeC?nbgCsWW|Wm{#h6H%wcZC>5NdpRa*Jy*Ze~+M7t3S_@!iJQz`WiGO7V~vzP!}z)VU+5qN%b{oK%pNITyG4I zP1znenSit=q{!6p#flKx3)dY9zf*@(x-J|(1}pdXOOESJh4yX$#z2H zS!a$XJf(Q3)&x)LZRhxM3HRrsH>LN8||punUC1O;N; z&Uot7v~;T=z4KI=o(DOa5{eaz94V*dIgBFdXD4>J)(MrY11N%wgdn@aRi8ApMGqXM zaP`IP5F7@Ga@GNd9>=$sW5hb(Ncs}94mjsCM41`;q;|3wG6#&yTV+aF<7AG@4d_QQVddzDWEvGFh)|`QI>pn}yUH?)zlj}SkG;9xK~SO!-`h`6W=JuR-7KlxK*D$0UJ=ioxl zWKX$^0G%$_Clgt`1MoB?6tU#e8d2K^8;p@W(o)XZ;{|{rh{KzZ+=T$fd?tNhm%3-? z!)9biTiLy`;DWtlZP@z-_eayfH30j}t}RceUXa(Z#(P_OH=QM@c!ieLlY8D(bV zOYv^Z4`Z3R_)-ei^0;uDg)hao0pE%;^Y5j2*Yu)rntA6DE;X!jIciqhS!EE^b?|qi zs`B-BIfLW~Sl{)da$eqplSj>&d2j9<4d&)X9XD#t&UDKAyg$$`AJz&x!0QdGO zh4{tyPBt-hm6@bQwFZ;fnx&XFy)TO>nRAGP5=4zQV7tBVdoQ{NIf8e&b!yYu~Sx#V?WSwZaXR#D#6*(M*5CpQ@_%1x~aDa1`K z2r1P2^P#Xr>BiK#I^Gj1AfB~KSTB~Y6EqIhX|hooRYib9xnf07@QVy?EHppl3mOWm zNG5isjrog3&&+Nm9lECK2rBIJhRf(+dn!Ht#}r0p}(i2@Nx|I zd=g%c_`wds%SpJWbMSJ6_k0Xqj`+S#!7~{3QFrD5ylk4tnBv|H39T?a{AM)|ax-W* zbB(%J zY1uE68X22x+582O0Vwj|?JN>@K2MdrMV2v|(wUWwNMBuKHkv}}cnIGj3Jxz$#GX?i z%tK0&P!+HpM)()BP$hpsl3m3=I9v&14%!g38E0J>;qDDulu)2e*bZYpyCOFzY(`6R z%Np|;;G%v?O(|qeS7NCZ^I2EcEszLhg9Igy8K*d$J^@dkUR<8PJ$ZQy{(1i9Que_w z$NvPcjxUd&J~dsUx9TxVjVdjEO|0k?co_>p(PHGG-An3=blE8({4kId(BXi`djOAS2F;i)4osPg!gv`JKuK)-}iO-j;xG* zyJ994a9{g)OCD0ig8UwJn@M1YKS+w`G^jnJT*OKqR z&420h&PATAhr)Qi9J2BZb2iYFNPNbYmD1j1%ZeyJv(iR5-+y+zExyaY`CMnBW@lVW z{QvV-6K(J~^*@g0Q2;q&{p*Y~Pq!G;rB0IgD*bQg`A$~<+uc9d8Eo~xhj>1I?3#?> z?W(bEgYM_gEm7lJ@$nKdF#G}Z-m2X~13zD&!Qe@)+U4QlK7Teb6|X%Ns!iTe3D_v~ z#b+F1er*gJ)=Tfr6*0O`A05UfxMDTwrC9T;|;g9L{4vJQ+) zkb(q={k9I2#J@j*VBXZJovm57RvOeGshYg1)pC8jn>Jd#aMkVRT=BDgor~e5KU%S} z^qaEaROv)5L|aP6!wz|*Ulzg$+09&A9tl|N21nO{JnFwjCcv1V(zDIX}DNMzVyPkedJTA{~1Fu z^{I}!S9q4|e>=~1cLq8AZ)b0?v(^6|;>qZL*|ApYo>CEpQZ>@1i#bsVgP=Eq)JLIZ zN-QN!fG5aXc!9n)i6|Ozl7#s{ACQ-(F7e2G4nuzkeg*CR7>9i}Yj;4q>xus&Z$`j( zKVumgj0Je!gBZ+7h&iFsltfy8#N#>U@{Xd{>wWkC0u~??ft}q!8@y{}gsw9E1nrL> z0S>(&_K|()m(B!bLwTt)Nwq-_eE!_GL}Zg3x}QG}o7CiR3O;{s8)7dkd(3tdIF|jV z0*AuepYIL36z{#Jd$5+>{&PP{zc;!*;Pn1|0 zohKLt{w12&$!p}h3&>~Ee3r+oHzSPeq$viQg-KvIJA8e-I+h4|vJ20Y1$DMfF7QLp z{`RqhgeP5VP)aT@RsW|r4u3vAySjdRd^tKfKg%L%$|;|KP_R&bWCV5B7nkQpxhAAJ zn%c$kqkoQ^#o26oTUB_S5`jgBwho*W%t7nxKLc8LN68S2T~@6Vqd zaak(+$)+%|A}ALK1?|7s1~;k8=gqS5AN_K2asBr2^yKB?)v>|in6z$|JbHC}^vme_ z>hS05qr=OWCufJJCs+ThGZkGf9u=eQaD{R-==gtKT^?Q^ouB=5^7FO6yT8m&uw>J% zfVQi8|JCu~>D8<2i}TB?9HfJTgM(tfoE{&(Jifd>K0Q9VD#)g`wB5;8Iz9jS`tArE+0PARUWr%M5?mLT=U3-P z=cm^vXQK->SPk$+lyKsa;3O0aq1@cn!+CT(8r77GP1D;iL40(6c6E4ic6_Pk?e)po z)$!%q!}8ItmjY)w#xvckn?ac*uc^_$8^CB>=4y}ThL%#dm>!Kzji`1hJcK4~ng(PH z1Bd5ck*kVjs#Xi5pI)7ggz|OrQyqaX(EJjQQGoc>>F6z@cv2Af8BABBP3k4NwZt*0 zF5^&agp3U(@oo?oO0JWwFHf#V=SROBUtM1uUcG8EcdO924-a$WDve#GshXQ1|JOgS zUtL{Yj7kYBz*)}V8s5s_9F39(l;GPNwCI3uRbnXXE<^)FA2@}_;cbsZD9qFL@uRG6 zUfXnOfSaa58<5tbBfE`a#&9&Zl}aEiXX{BE1ky|-WoY%>phbaz#?4%^!l3YWv)x`j z58b)(GYX%>e{#lo^fO8_a7S`?+Mgj9@R@lh!&j>lTchPf)CAZRW5?- z^IHvHz;zgIsh{7P99QMiw-(DSciSuSoEYlldR)U&fpcH%>^^IyLSN=EPowziox~7a z9bLF;i+!e5JI7b~>Vl*@%xCplXjv5$JpBYDeHUdPS?ugO+O94JUz1oz|6W(=GE0v7 z>QT&O0ZEq(QJ@YX*HgG?Hcfi2NeKyM$osdD_GujUJ&K9^PfrwdgHE6s;`}P0NkQvp z4Foqz({{oQ@VIY(F9i}#SSbMWt+cW)8b&LcrwY|*k17}<9u`ST0rk@Y6_Cg+q5)j& zmbOm=%#f77?{Hg5gwWpbai+&y8iLaPd^=BUXM=xce(spigCtyG~$r6 zALGdcQJEF53ibJqLd45!_zh8TK4zkWf5&r4ckk&Ki?%BTd=OYwF;U-;KzSDr zI00hYFaDJoAP^ui2X`~b0bu}hfLW3cnaBWqhA_m-uhtN+xLK=nG4}}k1A!U5MF57H zbRs=rmM(Ey8iEztLs;XmoJac02h?sQOu>|lmyjN5gjoD5UBCe!8*Y> z=3)lkAszUUfLMoa#JnS3OYD4x3}Q~e9Nr)WSE3QCelOS7Mq45A$6F~GE;WGc)QTWu zcYdLx5cm4lr|lKy_6l>YE6jX!i9h}gX4U=Q3j&)Lx7QaCTy&1yu74Q>49Xx z3YDBjE}@TgyxW&&BT-iBLJ{(w^jaqqK-J;70-{$trUM$vcQ}ndD}(1ku^ zbyqT(R8Jm8k?Bk)EIr5yRH2Hs3%9h2A`}%r-S3VUS(-*V^MQL{GWnO4r)WI4gTK^f zFIBax^iS3n_{_^b(`jO@PJb*p5PaLa(uzdyN63)eFt>GiX+YF|BF_WZ4DKF06SQUf zK{dk)0sH3i6inh!<&dpMd;Vlo@i5>~;JO`*sXC!>jY^GvGU>(=^*!l2ryR}&*eNLf zNf##ye}bWYcV~mTr6ktq|3;0^Z(-_p!_v*qM*1L)U2=~dkmlU1?0}6lO5j_iQFZ70 zYJ<5fYv9IMS^`;jK$Ud4L_DS{@V?3Er|hw6%9orCSJ&mZqfV;rqt@IRb_R&!nqBOp za|UlIqC~C917BXNR9U%1p^vE0I@L+BJS$36G6>A(u-AISWCF#?)s{zr1l6MwbQ?Sd zKK3|h%eU?Hk`eM*kCPssA@xd`B%%+z4ZeLM`mf%Y6!3Mk_cdaNbHb8udE7Gx?CQk(iMw|3{GhsBQ5*zay?olreWUw{t_8(8`pJAy z0hqx{d1?wyI|+%Lsif1Px53B)1(J$ocCc4MWNsBS4Qwq`O~ z=-mwQ8B!VL(*0gG=CVHXH%Z4av+^DHz{vzK(g9Qn?e92^(RXTP(yv0oXF@DLR!NjG zQ|I1KdeuVN5$iie-3H&*m!lPsR@fP3h6t-`^ChvU9rY6ifuRo`qu(Wnbka_YHko{i zlLPxLVNYz|kh>)H-}zO1CQ5jN}SBESDAAsY*pMJh}em_@AwUiBi@) zNi&;R)*J^|g*=Xlny`*BlQd+q5*fCN8=!PGblBYI(>msik5Wsi(#rWPjqW45W@AzA zgpePatfR!?o2ysXSLeSRpMBM1RZQ;q@WWP~+Om28zx2)Mf5uaB|DQc-Q=>^qfW|oV zaX78#23(Q?j-e-$of3-w4OK>f7wWES zr*(rve+cxnza#YcL+WSa(gnc32QVm0YrMJo%kyp;hB^~u=!0oMG?wlna zj_4eRa_E1i&_fs5sL8wg1D889NWD@mmay;2EnD=Auk@yZrWJasJUm*lXqs~^LsnT7 zv?72)yfcd->h`>xRN2IN=E)_{Gfy^=o_X#&p`P8i3=2q-Ob|CyX0=dmJA*9P>KJS4 zaX9&_#}#kQ`cf8kEsNa|d(A?-i3n_2e6Bcb8HANgUAVacO9EEa0bLgEsn}7)tZ&)A zvXV&^D=!O`R!U}#fN6#+Ylls%B5ir_v;wKsA=C_o8wsSApGM9pTM<>Qth;N*Rx9GD zim;YtlQhnngW6?T-0E<1oosGJv`aI!WvSOaV`pnC!Yd|e%K}MLwH52S6SigRFP&-k zD+HEDerrJHvJh(xz?6rD%D1~oaHz~Kq$)g=gQ!gCraU1l25?f3(;=Z4sL0vhxo|~g zj8PS3Xc_E{fOZPCk81@p%FH}TGBGARy6tQ+%`#=J3)EB1|f95HYbxJzT<*bU8l zw>4;u16WqfFFn1@1(HiC&jggSK`jX^S4u)L%$#}bP)mMS`iSsbMwBHGYDh5o@+GE2@UaHh zmQLcD6WBBMKhD^yb$D@WA%1U96Z?;d_&#PdmQfzZu|Gxi3_+^w|Mmw5dHe5!o&Bx- z$3r~z>_1GYj3?XS#fdfwVZB$7fp#QszWTR2{R`s1OgQC7$tmr;9Z6C;RvY*UON6! z7Kogg&wY7{#sSJWZ%XyNt2{U}C+S^)Zc)gY3TQ-pq<%%jS3mS}!mPMunpb+s%B@$H zZn~B;SB8M{=sphKdaZ*WX~;bE$djtci>jKDm;sEV zkgF3gFMxQSfN_6q3bPbkB_w7?nds`<|H@j1U4D-Vhe_q^+d>K-M8}%FrZOE%S4PK^ zKkmey(VQm`nj-Qcnv;+T3e$Iqa|yF4QjP$bl5(z0;(+NE7I_~=5i9V2zO@z+x~1ux zs-CimHI>s>)%~2dD(U3pRpr>`nlA^~dbipLq0mpyeiB?boKnOXD(PqRfum3!3boY> zox2lQzQ_LDA9jc4T@dIRlZ3>g>(+h ziu>mB)U-g`H~d@owFx)gE`rasUKVGZP&h?pWub(&b&NXH?!MV{;HCW)*hPYVTs-XkHWV)djJf$r~{BoW4( zFb@VeoK{jRRX`GQ7(~Q36*Kgfm3Yujl^HzbEw)9O^>S5WzO-^*<5_k8*CYT?b^M>= z{mqW)HAJd|$%|U#pWh83}m^K1phEi21deWJCQzU4~o6UHZIC zS1*V^5jiN}qaWeNV+#73=z12ll@9 z2t}Db%mf_BitJ)s@T_a-vy@bK4%ezs>J9_o8o}GQ!Kl8Hr_uVqVgRU$_)pJv_ILC5 ze}mnyIzC$$?gm0aeMJ$W?kT=cMpJDb;OFT4^z`^B6D;iY@zv$YQB`c6 z`UZ2W&~SC~`uO~fGv-ty8m?4`hSg{|zc@cV|G6?~S2Yp(*sq$3Iw7-`@z_0xtn&DB zN3UO&1_mp`rKh>}#l9f4#?U-m3@XFi~~-y=qz=Ux26}MJ-?qMgUvuqg1D65n?5MH$%SH5f-~2iPJVVqnpyki@L{?} zT}^s~qIw-uc9&VdW1ND%QSxZJV$-|J^?LQIk6!dpVSns?zW2C4HnIl^{9_}0xX3@H z!ru|^rvU>yjAFoZDyF)9C(x#Q;E6_TPJj_z(Nf_qO?8ALRLiNA}s;nSY&; ze!eP`gD*YDzUHTq{BIigK|hu8f1c(2e|E$_TlxP0&zFh+unqk1#RETN0wP$x!X8DC zql{N_B%K+>uQ>9>$1lya+h=1>WBK32@l!ul@_*+b@Bg#6v$xIv`XJ8=f_v-u`IR|- z{vkX*zciz7ALr9Z{u_&ehFgHj^Phu4{_nl5{{Jw~vdEq*`hEPlVtPL8QB0D`CTFIc z9;B$;MIS%nu*B5dOj1$MG_jb`CN&DG1S=*sh- z!Cqeff40Ak|MDQu%8{M#A>7AyQK*Xa>=4cChkE|fEVzBX;8P+012Sdn1%Iw1{}1x# z|GWFow(|c$o}BHJ81JRg|2Glbxv+ysx$KX#24rY{xbu7f9)VxtF$xd|9tlI_aeRyU zqV$|Ujp}R#b524$J7SRDC8zx|p5ZpO#-I9GN&Yvy1E`Y!ySvZx_CJH&?fK7xJohXA zmtGZYmw_)54{}+zuW=c$d^GE9|F$d57kC=T|J8y&R?GjrXV3HJKf8nHTmAn*o~H7D zp&*`xK`Hy-w$34^v5ZUyzIw8OMdbK zj4U6qE{Lg$p2(xX6|5nqfeL0KTHn8U!Ttw~@bwK^{P69^(bees@Z#k9m*an0AtXO= zL_-){=i>^A25@$*702r^AB3iMpnwJrw({k*X<~gJSBG~D4_GEJrFw8EJqgh@yTQ@* zEuwg`XdFo(oo2-{pFg)+`lg5BjEBes2S{~dpUFzbnx~TZXyFqzh z6pv!-4MmcdT!^5wLmV29DBHtRZhKu^2)f|XV(TAa-^KtL#lg;bM_4U6b6Vj&jzh?)}3icm6+x*`T z^EB1}axp?BPmF5k-EO=m+^UKWBa!udb25~=OMkIgpeg$)OY>1C9BB64pDrk9+W0?E zc+dhjZDWJhhz*(!^%{XemqoX949n(1Tjr=Qk87DPSPW_j=`a;r?Vt<=DmfIG^5rwffU=|k<=8C5AJ3t1ThoZ zq;nINQEJx<3fay?g=}Zk@Rft-l*sol9VTZyRRsM&Q15}SpaW4eVj zz+<(oPK82MoA9`=s`N|iIB}P1j4KBtt_7lQB;w^d=Te?@#~~?;h_YUYkQD1f1SCnZ zeFf1-W`rq5%t{gWbgRwd)lio*e4Sa_I1q}(dSC11R{j0|ipIZn?7#N%`~SV2y@T!k z{~?~0?|=C9qhx35EKT5se%xAnK!*ULYXL;!BnUup3Br8#o@Jmj;I{NJ$s@6LYF z{&%pw|9g<&s>aeIJeEX$~Y?u&(;twLjOQTXmp|Q1zuYk@Y5p ztWSwooD5>o@-eMLJK|ohGU5&D_9MvHou9{VzpNaM3F~`PO5!L#y7DEfTKY0~}6|-R7We!xCZ>l3W(I_3_bLL^<|ga6$aTgmoGpC3SBjxcTFxdZ$A7eA1&d z=fp23+q3E>RjZ}a3!oHg1{KB^7GcPX^*EKxki;b9PvJLG4r z;k_s>St$*hq*CM*&oMU}<2erTJf8QwD9-N)=4ejnVm+`5Mi%lMe%Npu;D>u@g9htr zgBUGJf&lqRLarhBwe3Z5y93&)M*E$!f+AxGF46BXVw@d@zCyc%88RF1d*X-8sldkB z!U_GJxg(2n(@f%o{(!uq&TVb^qTakFJ{p3y5dH0K!0E5^sjvSr&s!n)<9}7_f4k52 z^Y-6^X9wH-zYp@1>V9IlZ66>Z311P$Ut;=J?$j=Vc#1=P4*Ce(L8g8tB~LDnmVC{g ztv&)$)XF_6xHx$UCWHc?Oa*5$9}tSCI0Qc8Dh*`{COwMHfRK4q6cFZvKHyYnh<)j% z18~UUjYZ0ZOuAyxcVRr5kA<9tDmag`B}qyD$SjnZl3noK)9+MK3gWQXBG zsGW-l4Z-V}arv?})%NGVzDu0DGXCC2BxIaIX*mAnFM_|Q=5CJTbsrlK=}SWRPdGqK z9)cS`coP=uB_)w#fO6wP#g8{k#rw+*(IpJ0f~VdvBm-={XOVZ!-vfpM9L67Hali?H zp3nqDk=7%9yam+x7Wk_?e*!S{^$`w`ldHwhsQ_WQ_AA^Lzvv?8k#&Y03qnC#HTXJK z+Y}WA&b*}Rr2^NM6stD@x zoH@Gxv+i)iGOjCp$g!?1Qsnuzl1j2y`#`H*!1!NS2lU{U2cfLl4om9#`wtNNzCY!o^g)Sxs*# z*s|Jo1M_A-g@k!h(-UuHKdDH#FLrjHsXv$I!PCVW+clQ|n~(o6cwWf= zxwo^smH!X&Y%aFLb{V+eW#E1iy;aQrWW(7F$aIRsX;&$zo4o(q*(;p?>^|Sxe?QEl zm-~=#S6KEr4B-@=--X)j(NYjhX~7{Q!6B!LL3(n@Glr5&!pF#c&f2LZb9|WNp^&2-=!o z+P41b8v6o1@&0k6*u#Ryo|F)69AMLRq#-G3la?ZItt$DIGI8XvyhPp<`DgPS+mL|z z47?2R#UGlVzYMG9nde(|ksyjOQ;sFPARCbHI6;%BzG02pUgV8t{YSc!GtKQK;bA9u z`Wq9y^YLRzKYs$8{5K<^Q>Ro)boM+T5BpD|S61kM>#Bb8sl5N$8D#apo#%T8gRTDe z5Kr^{|GjSK|8Pf#54Vl4zcpu^bzy|NH)yeu-FX?jl{V;B6CC;f#Hx2iZcvzF)}OlK zQAobc-f`P)&KMbN7Jd5XGZ?{h4^#0}siLH%H#^Bi0$k9IzZ+k2`B9m&Y zsAgO%b>;d89;?oOr~L2DP%y{SkWjP<8B=xt^K6j2|Jga%+uQnoJjnA1TtLnd4H@7B zs4-VLN5(M@d>l?e1ic$LMXc9)1g>V70TxHfzK+dM5CFl}DoOgt=eaWo% zF!Wmh%0M;0k3fi~D$V8Nh@uJpfP8iB@&7#Of%7m}020cYf+P?j3IZIWUaR+VbUosP zqShmDMCNl6g11K_;A6^Ky(#8>`CmnTt2h2P?aTj~7qe+!{Kx#sZo_^GXbioZIFi{l zS?g(!-9@dZy)nFLJ?-&%)Oz}VTaUn7NHK{SIC*)@TD^#p-;l>!J?tacSLG=At<}3_ z9`RAX72uE~dVQp;eJaWjmr+`w*oRHJ$5_&qMD?0{$Cy+zI=V$oBNx=v3&kN z+b!yU`}@zf_P-DEJOVBbXtiFUU=F+)q+A-k@fiXmQE(&*0(CLjY8}Ot3Y|q2yj5x; zzzn?K=?!`>Uc7I$o<4m=<|u+wG<^CL{B6d0#D@L;6!Td;?s;V1mvG-=#$n&0Mbh#2 zR_oCt>2rXov;kzT)+cb8=9~Hi&Q!)=t&)OItxsL+`IPxb{Azsyh6b_9+4=(}Kz)3L zppWQD_?xr?`3D-$2)TJIzI12uQy1%RPrxTI=nZ;1JK&Q|s}Izg-)fzNfKVS%AzoQ5 z%`=6{y8v1k04_wT?7$9KkQh9DI*%ED`V>Tz++ttZdrn9YkUJrbZz08SEMrHvo`UxU z9qfJXt({pp|1GA$`&R2}CL}I}bHouXuPcTX39)99Qt1W=q6CRLoQC2J#Vi-lyXlE8 zFfB!MKtfsCBl9^7eJS3>JIQZyCCD~cmm9WP@87?d>rG1xThe>~YIVB|@h;<36#uT! zAK(4(-QN}@rbdJP`*+Lg*eyD8nvFu= z<|8f!00xWzYJKK2$R*n_!~s+Zz~qc|jbox1zwd#Q3BVGh*!pQ!^E(NMI~)XHjKCCy zh(eBh33Nf?4j9K=4w6;Sn@PnNL2m{)o+AK55JyuAeI!ssh)xKdBfqD(%?!Q(`Shu1 z)6=ImJ4rr(vPn`M2X`b6d@x3T5H=|EcL9cM)`Rep;h#@HZP2b3k&u@!)e*k@#XO3o zX?G$$i(<2zk*cjvz!`r?Y*+{hz$frtTEM>tpTMDz6h8Kp+D9frc<>pbS`3(2Knceo z!B+{#B`5&ofT|D+z~DFO2lXNTC!o9W6L{bLJ%)=OCT&52;5ij{DJjbdh#BfhP%8FT zE?mqfKxDjR0qo;v*%0%IAWhZnEGocM9zpi=$5g3}{NeH_9-QEWAzP;Z79m$|cL9~5E8qs(kO+a?-Ad-&_S z&r7PMaUDL%tO26-ukU0pslUlY!)0cS)jB~D0yk*EzS(&|Gp|7u>z2o7uuql zlKt8M2brFtTNLCb;Mq^-l3BHJoAO+eK=rKGlU|8z?Gc1n5q_xL9j_?#-0NkH6+y$0 zChmfmveh9IT&=i{oe>}D^YdCOSTO=!rjKO*T<9{u6NSnW zFBCx^HhX(TD|aVSs%_tD|#9a_21_ z*#VvahJpzY3xv>}5#>S&hg>M-R7y#|IDX7TcFyiE_##5>Vf&KEjs6=MCZzq@?9q}+ zra>>I?kp{66qF(&JK|=3FLIT9t6c9?&uwxKXhZZ!5U9un(#u31qP|vc!}jnWiY=Xs z364K-3hldQF*+J3m{2lLGsDT9lo-31ij6lX_PK4UTi2yd7d#R@?&6f62n7M8(}elN zz6?<{oqkCyXn?}6p#lZ&h)^VF5YrntU+m5CI2L;}5&|E|V*}&^q4prk8q(fSl`ykM ziDCh*t2RU0!5dh(nh~OyuVQpHhpsWOkH85BGstpBsEpIt<1s};@CewXh`#~&o58U2 z_o0dV^9Xn_6eAK5zoU1sg0(x+7pemg_jGx~>y_$DaCmr8vL$wu{ z7pb~U7*-)Q6Lcl4tIQLHHVH?ShQ_Z&Lkdi+)=4U&8iJyLmy+-|GF}BMCE#f;XAZs~}D*H^-dhA8n5J*i@BQ7bzg2g6JB);K|SyB6lSGjte=aIF^{S zssI`vSMl;fYTYx)m0}f60p^XHCUf)3B#-*)NqMDQ4g zfT=^pC(4|LjLj`64%6+3+ymzJ(uWr(wW%Qy35Yy~SwW%argnu!@3=@#;-9sLAKP>I z;U(m7g#V4&!!Qnl&z-i~qKL0zi$5h4Bk|Yg&z;OAbf;~IkVO+ZPC}08EezVj?+2f) zo9ZHAy@ZsWMMvfsF~os9om8Q70hIT|@{D!{DfHy2hB=aw2{a>0B1HK@l!58K!}JsK z#SSvJ=S@3Pou!metNNvvc8cS`;7Ddw0dp8d@{(Neh{Ycg1fU2q5`yeGf%>F@FM8l8 zMWcgJ4#8o7C}$mT=y7~2;}v$mku>mO9dOQPQs$RX|7S7_a5T@1VXw%D>4g7YPWa@# zU>q7NQvt_>>VQ-d6!ETegyop3_hxQTMAF>eAaTQJXm?P=y{_Sb4RO5sL?c42aXT0c zBtt0m)#0XKZqik?GN5UY&=o-2l}ixZpCy20R#HS>#}eRVBCP;A+BJ|RSP`{N0l*l^ zt43ubFkVOpfbb?HcOif=pUG9gHEj24CSYUQjGch-RzFYoIr%j&`6O>)b@@b6%pldE zN_@d<-Tp&g`hGyMX|ryKJ&K^U`JAObTzQ1Y;jN6^SBg!3MBy!_L^eP5JCc5)()~%@ zLZ@qYiGOn$3jMh@5^#$lfZ)A4J$s)S>Y}rL)jj(iD8tSF=koTyzghATINW_ZIkkR$e@WR`LO84G;r!}uEe-;5IEN&o8_H3l1>;c}^F+8unab(C$=eZI$(#KK~O?fpXuo-ZJbX z4^kj|LShfdbd$ayDYyoE`I{HgdP`Kck1(_F?rSrj$53M@A5k*r5C`>l?Rg}HE&Fco z``(N0!FcES_Yk3a8}}6G1~xk>uoZVY2>?q(ra-GT!JWN2rkqP4x|FM(?=uFIuG;IG zaV~}Fq$z7$n%2KJ^(e8tNL3>X>zC1sQUW%ks-*B#Hnx#l)uI_4OC8p~3E?fofe=OQ z;m%<2xl^H$DGUz9%vh;p7V9PoREhHB$nU<6khZ`zch^fQ7hLw1W>T$VlWb*IP5M*- zEx1!yd6%2J1_tD=1MIheP%y*OSr44sZ`I)w^nJNFU5laV$a3nPk69GJ#dRW{Wr;j_ z^}PwcTT?J%4qQQxx91=CJQ$A?;vLvQaS8Ld}S@ zODeG4m-1AJ^4|S0D=Ap>c4P_s4d0d2#;typL zd#RHjJLakJl153ir@q)9%H1HqOv+zCMBUsps=trR5LM$eb@yOJ`MeyFQ%nyU3cOm< zx`h53(z*(lQ)utLaJON`c~l+7Bv+}id6UzgDTTLQIFa-SGj0H?rm==7OnFZFXfRkJ~fl({mbc4-_&<8rr(&4YEN*dBiT+-aBPpl%O;ZSM?v z@_+po?RUwIm^S)4xkzurELRMJHG4|!q->4rO*gzH>9mvUlT4co{U;au;OOM#rEv)n ziX)Y=UG0?Lc`AA`7D%Rq%o9!~37taWD;XD+Q#`|zY0thlaZAa>(YZsAllEJCc4J+U$paT;pW^URdM5?($RGHMY5`IQd%fn9NJ|rVz zgh~suPPg_3g`0A7$(L;J^c7)JS^1q|iI(7f7Cw?-qxuI+p*@qS_Nuck2FNFc@fY zzyJhVgGwzA5(9W?OGhklLVDaF6p5bIs>2xZJA^{r^)wDyM@L--`-2;~ZN*f|6xjj) zS8kfe0=fcFvr!`s`6gP!1e|+ohAUN4;auqH(~HaVwKMGaJT~vwa)j zF#e#lTv-O3kF=P=%!REas%jEHnhN<`eK~v-!W0{6D=Z;qz#X)Q|G1$p5wb zY&W0(=ivFX-EID#hj>1I1SZ=jXe$FtWh37>MkfXl-tm?jRxlqh> z%Aivmn#7QVhMs zgF`T;F!W|h1)f7O$68&b(#sIM95F6qo$B1C?i-KqW;j6L zPE;|%a!$Am;u%rmcVv}0k;?KN%6}HG*i6bVF51jzgsCvTPZYIQa>4+r&q$9)u3s=+aCvH+*b|lYfpv6Jm@7&R>D~uUrdPZxf`@#!xjKf^ARyJVQ@qV zQRY{7l$&=h0NILl%)#F!SX?=LoJcZ;GRu*4eMX z1Ih;#!aUt`%4x%5ip1hg=dU zNBSBmF}#Hl_5r#jfef^a!YK|Bk{VY4L!WstLOt*gp>-y%S16pp&{Nwy3CNChm)d4B zF%i)`B6oNrtD3=b^J6dPXC&HC( zdR-qgj|f2~RC6l!XPBal?I;ex9EUL%iyUMO&v5{`9Tu)5oi;ll2{yJ|KN$*T zTwSap&yf6)l=46Afgcyz{mlBdAn|uJ4TQ}p^u)3s1OTcyf3mHb^bE}u!JwzClMZ`O_j?DB$wcu13jHo8T@?C4 z*y7M!G-%$EeG;;msu9(DE)Ry__ZWLO!2)=M$|U51;Ds4JKr#)3W~anVKZ=Hl?wBDM z@R^`Zc7_*_*zblar8%BQf#gGV)%u5&_}RxP|D{DJ5|<1V78ukD#2&mZaMHV1fTaE@wIUQ!=S@hu9S=Y&dFd#-!5C(hjD)z)>Rgep! z)7FsW$03k6S9X)yx=pGan~}R~7LSw3c8w=iH`rg)Rw~~QSuc&2O44JxK{;=UO{6*;2YTFy9(G)#b+h=;DpMdJ>--&O%uU`O*s5Y?#uvIVRoiU|!_a zRUGzmZO}d@Yc@k$(9~*)vQJ;FEvX@tV<@DhP@@KjTB$8p^%y)~c@Q!#MD8JIPQLE- z1}#utrFF!G%S$sODztsKcHy(UjZ^`zOF^U!E>8m2Woij z-S2YXnh6efTbqD6*7K^I3DEHQ!jB%x{a4iiP z+msC~4H7?B%*EPu8aC zt6F&+EWOssQzH=j{Vp=DIc4{OQ{$}{>ir?slPdC6fcd%&xc8-_id>lypdqynuu4>s z{lc|M6rv%!mWWd_-Q3n81y*Bm$YORAURPkHu)Z#7mG9lPL{(M%;QN(Rg|V$X8>tbS z_#q_JQo?rz&ZCg!p`-6fHZ3P~&ncNIBU0b1SXxf8jDGzmxVGKcR;7%QrQEl?l}45?(d~J}`ZE;FyVBH7{T9_@j)QjVNvm}WX>yx*83%}gAHc8g z6qz4e-{{n$f1M)U2{7ZGJIK9RyVLrnE%w{a4-xU5@3o`9^IHK=(kx(>7o{vQ{AlWN@G|8@7* zC;cb?L%fha5aRED{Z;&Vi|CmB{nvlpb>98;$@?d*mJF;R_)aXRvB$y3);B*3AV5EQ zmHozOsnTe`ynKu3801QRZnY+H=m9mC1?b}sk^?;Sn1iQUNc65cfJ%1%_1*1GPlY!W zg**9HYq%Y4oc$xx5f7ze{6x^JLYWVLaQ9d5Cmi}C31bwGW!cBMf=^oCC~A9WgrDKy zG4H7O=ud^Yar~|8qh9@LJVqa)lh8*W9=9ce_LFzAy5yQBwdHlbs4O{FRMiVjZxjWXKduc( z)^9&~*8%NLTa2f(3vZL&vzHF>U3Qk~0NGz>GP8l~E;-V1=!=5N%Hx|7&PWDCju4)x z??3#IS*nsj79f96yDafyOcA`X#zfT5&jwjlbMY08(d4o8%7{b11KJY!Uv9w+DmSt* zLZSND?qnzsjMM>CaFP)XSBUY$AV`?|kRqM;A|oN> z+6DD)A1g@XB&_L~yawVlE7JD{zcsroX?6%2X{I1k!SBxmaBm4|k1r-Ai+txb9Ax<`7zzo=mU^TBBz|2uqPETswyjaBbdyI_E&escRk68rg|zN zlyu0UUk;?#>sfOu8FZ52{fsgu*vh#y==C5Ar6VW76Tv*+^!tLv^meTS&@G}1K9ecZ zm_F0-JAe_OU04&fO3prJST$u+02#PLL6FdI>tQMVS?#Qve!ILyzs>xw3FGGzoBv;` zh-VKv0n*nx-dYz1LD!7`c9Q%7CyAUTcL<;l5%Rd43F$0I#!&@{p=eHSk*}QFtS(8t zyOnLI;*oouBy#O6%#t&rsrm=@(QD!-MiG~II^*oiOqChuQC9^)=wh9Ka3fP?BQpgD z0h+?#tx=kion%{WLPbL&z5Q#OZ768_C_o&wKc`&kS^Quzsf!$2;mvA27LcB${nS%p zQ;pp25xap3L?^jolf?do**eJ#-pW@Jm%#fMmbBvkXYWh9+s2VaKR16x4V`{jj!7-v z65Z=N|Qm z74V&Oz&V2!4E8l*BvAbJVUL$m7&}2J!<97BGHEp*V3I0tM3zwH3CTx^&K+VUK$Zbm zvQ%F67D3mY9~R`^_P(VzOu;yd(68gj5x@2k!-XiJHH1G%eNII~_=5$tczMKR3$kRF z(#ZMYMgaKcitX8i5XNz+q)zG8tGq8$6mXovC;vBrVZms8S4)aF>kC2f=7JzrI-dbU zhLpKA3^fwJ21b@7IE4T)Yy$mgh@!$_c7+*lc}Yq`KcF=70y<1kJQ6Eo5kOc2IyrrR zuoOUbJ$hFG6jJS;93nQ*L4pmsbWFk_3Bw4_0xWtc&N-%o(uFvnXu) z*NrG$G3gaW%~CJR?@FDH(^QGkmU3}i>26BZorMglCw0052j$$R3F1ORaSQQXpD-VL zSN-!mljXmBK~w7FiO_k{_7&^ zVrfwPPKBgU7GPN#b!4!lPNOj#d5R*u3pVrwRSaoNI2ByTXP1E=(EvrAm(7>WhK_6D zm;f6A!4hJ9E9JgCHln`MXYutP)3VNCb{n(Sf2%#V{@bhguMhJ~UH_|f`rSW^um1%X z|2*-(HY)L-+Z$UutM&gN&(ha_9uQF3q^Tl?W;)KAj)<-UCFbVro(KAZltJNbbuKAW z=U$*Oq`03&D9;W^L+t?NfjS?cjMH-gS`w!=|4k4dbfAHGU`O;*lrGDLjcSX&3FZ(Y zjyiDd*xnY?23K()8y_R?k$CbD#R1k{a5~8r^I^{pF*b76VAi7o_lD;>J`2GqgU}qG zWX{6@PO%Rk83t6uTKjnVR)&SaC@iD)KCo)~YAy!km^B^cA4yF3xxu&fR)wz7G^id= z;#Dwogi^RzZ*t^eju)&FB_tJPes z|A%<0f{n?kC|97E<_^4UHeV`l#r(p&1FxFRSF0uY=YM9d|A~f!^S3c;{cpE7$Nj%n z`~QPH;|CiP^g^+KLWVbcvlZ;HCM<>##|x(>yMj454N+2gpF1O!UynH#P5-RCl*(na z>rwe-;crxVUpN_+KUkhc74VijQTa>mJygMf_82O^wckAC{Lftf6RjcVZ)2wXzg?C8 z+Z)@f_5UD`nBF&Xc8~Pr{(`#$N-xAhzAF9%;8DJ~hcv_;a80Tr<7aJt7f12{z0Tq= z!X0s5$0_#$)#k%)@=QaeVMv!A#N~Z{kK}ps{LTTUtL%F{PR+T9*awYY2|QPc>ZX8l1a)V%0MLPMtDJD?mwWWc*PrYcbfe6E#Z zEi*Gh8|rn(s2ydJO@_G-Pn`i3jL*srW^9`+qvg6591;kunTl6eS9Y5Mz*XV}G!_S# zMwUbrg{;wTwq7-w?M7>>{k65#_Il`2fbo;K?_A)~6-`6daXcv0td3{p7jTA%m{5|U z7#<=Lb$}-9ALX_k!_d$2*YGw=vM6Kl0i&U#zSfTGvP2`T6%YT@J`3}IB^EBU0Zixr zt#*6N{-?dYy|Vv%kY~;CJMcVEF8W60r!2QK#X|K_&?#RKIcpH&Zq_djQJ{pxn=aut$s60|StBDW$D26UJ6+#?CcT`-FTcLVQ<`L;|t21DTP0j8@2jVP> z#=3ZtMUhE?Z}$>~q3)c_#9>m}%MPLxs~(y*EFc~D^jmEsR;r3pL!mT9fWZ1J_fnl& zLT8b%Te2W^;MV`C^e8dlDy}`K<06sJPwZf z9bg0GZS{IPuQs<@ig*>MJTi|&upt!#OU-e<=p87?siSeELPHw0R~777gh|nk4tkh3 zofk1GHu+r!bT`2uRSd<+t(0Oc*0rGvR9o1T;U*0=AH{@=%HschGiYf|L}EeAT8>X~ zNKz@e8xdWnEvTT&cXFupL@vH8O6Zg6yaesuY272S30XPb{yh-A1^o_$zh=&4M&m00 zX{T-pNDb1Q>ePhlDg{q-DnQ0&xAJ{C%xn_SB~7(Vu}=a|H5Sb1j&l1xP*9=c_&Ch(uY63*5ho zsq4d$OqmN;DCP#8c8PWQHO6LEe`OG7kuw5oGcC7o%qAjQHI`Rq;Ur#>hmrF%fm+o%@NzVWoo? zM5c(D+{<+ptU|{LlPk_Wl64gy&>rOa)sn^}I@+nio^z1L#`?&NG&e`e*PCh8Ab~KD zxf$fSUGlOB_hdeKJ~AN*^IYL6jxb{QDJucK_i4_DmCv{0#`T1$zDdt{8x7^;Kjx%X zNc-56>wys(POxNEfVet~7|u=gIV|fEoJ# z=4Pwv|F^lbivRR5&$n-$(FD7-m!v33RKyVQZf=}!-@rdr%umKmftwqz_J&Zv#bT$q zxpADCjc5+xnV4`7-eB*`;!XP1f@&YQx$)U$uwZ{A)3+G5>4_)!DE=~ zH$AT@Xm11>stnOGb+EanOLVO?np=!aU)HBInrm)LZRY_6MeW<6Rn9RA0-D8q@%9G%s;q&$EJ&rSd3xi{;}PdMVjN+;UOPHT2qE+zA!=7;ZoO1zS$C zD5_hvK;j_E!r3g<7ag*oRNHU75P~Q#MD>!C3J5~d>){l~ybwg!#gUpYNGM}OUgJvD zo)p~H)xtMc@=mPb+IkNEvu~krjvo17&w)l$G3hbo@JyXZ?P|}T%W`8D0eQ=+ucel*A&bcu zH5}vOFBY%88bk-~IDvWt=2=o?IQEB##I9M|Pl7U4ikS>az`?DMtD7Uc?mFY|BZ$b_;3v|i9@l^v~8YzbK@w-t9L@QlGO|`&Bpe)nB>cm zD~)Ux^AiHbtAe&yTH#d93FS`ak8bC;3)>yzdej z=DKViJj4H^-E8iZ^?w_!W^3jD@gUDUDyHIIR4f|XVdXEM#C*}$DO}r_! zrB!qa6YAtr^&;wk+3JHjeke9Oz1MB34q4lT!ig&bPqRTojMDAMn;v}$zb^jHl75Op zyq-{Igb?+&{xA;2yTYVD;BE(8Z^NzmuJ^e_ZtiXey0}MEta(O?W$)IN9ySXCj6)nQ zHvH0NR>gtL$cKB{ukl|h{rNuX8&cMCGY>Wpx^CQcvNXjpk4D-JM06mgKr?R4Z@cuXwC%^KcJ2;Ptc?8;JQas~ zoPv<7pV}QXQB(*kTpoIsAC|dE(oUWXbMWw2g^08L)1#9Q2S=y7?vrn?_s-s&pS}Nh zx_|g%Qk}$ZA|vu!gFO)RpGJn;k=3Xp;)at~nQj)Xm`VE7i;==_V>GuV0#rrTFd1)5!1`!ebD*r%1 zNJem-j|zz)gVzJksY67?t5W-+XxE+H&t1gu_9l2&(A2a2S(o6Yd6{Y=D3b}oH8324 z%NoD_`soVKKR0d!m8C#R`-RMNN zE?L{xf^F6DH0e0egHNB}Z{Qg&2EYCGUxE;0UG3zT1NXn6N37Di;4ZlSid}6v1#X61!V!mok8|$ zjGAC;xwx1}=^I>`$Xa3rz+VZ6rXmb0%5N==%njC{eO}gbAdoqUwJ1!RHgC^Xrs8$} z^tcsU^R(DC!gnd#4J{EfZ|P>}twt23H<_ebN2X!@UoOrPpaS ztwT{-#@{eM842-WuP1FB;F!h*)^qNAiZ2Pis_UriQyYa3Bz2I8vupMz?9{cJyRX(QPT|k3>zAq<+&+ zl@T%lvhimTZi>aO&CNOH7+*@cyNiMg+Uva~L&7`ITnUx4pQXuv%E`0V1Z1ZC zw^_CS*lDfgzlVALNb;ZZ)?J?XXW;!sq`!L8kCpIuC*iN4p_S~nlKob)-+jn__3!&IN&XE6Fn_HFqj~mU6<|_aDgFH*J|E+j4-j9dxeD`lF7ntwIY+A#b zhkPpbPRkLy%`Wo&ZXI9iG_f$0jseO=4Drc(a>3pg|^$EKQqM zpty7Kl3_lfhMO^*D&ArD$2YHGen<&o?24vg1(JDfK|%sWm@(AH0;W7%^}zj+b$(=S zJ@}$S^`G-ruA#fViQ`~_j*ITNHB_hA$cA68C(R;Hptm z750+&{~h-KN~Fcfa=@(fUwfxLX8*Cd^8b90XP)z4o*!k(@o$V{&AF!Pt?K7K?5+6X z{qe;*F2p02vpek=RSNPrF_%zTB+$ ze7E0`7=0<07wm66J+$A=VSe7KJJsWnBfj>7-xpU5hiF7)aJfWJ8e`3yr zy2SmqNzJsB3DvsgObLa}Pmu&epu-~x7ps`5!nvQ2{MpQPT&9Ef1jVcKmAY#=G%{g&j=#=3cj6Iz|~YxJ5i-{ zWDPat2~D{RKi;?k?uz!}|z<)y-KgL{!G$}z-D8XOgS=~4y5?|mnR4i8X z-+d0Q-izG&ZoNG^{^{_v7X30cO!0ONPO(gq7HAH_I*o?aV%u+RG*VMUW2)q}+?d?{ z`P~S?>c%1yKCPNHvF+N4U4w&6#-TB|=o3E3x_&^11}*0Qc0(SASfkZ^^|GbH)er_T zz0&buP&CRD&8-9DGJk(c;y#J{Kw_Q5UMHIGWjvF~+BK@DV0G`{-O=&wd5MJ|6b?x| zFVC1-&meZQ^{Q2i*ztD^2U$wE6rk`|Zu4IhMfB>#q_IC_0g7a2I?zK!z#Nca5faoT z5#gljhmFE;+%fz3@Pk5M?U&QNU#$0e8vSs*S(9q%lv4gr5@F^1KDN5jEZ$?sG#15b zfQYXj8BRMo7*LKEA%LBvv`3;!JO`zAK2`bo57bR_UZ9$|$2@C!KK)W$JhKxDYVTq| zIvrw~#UMcu5e+VMM5y^?mnDlW^NB2Ti7U4iRi=t5_b-3^H6)LN z!`C1GbzkF@J{-##VhNNPoeBC?Gr}pn(&8dZ7p;~nSrtPSa#h_l-kSA|rMpr~u9OSS zLRo#}jtTkET5Y>_DfiTH@~*TZgoj!0=ZS7%J{S9?1Nz2So6?g3J~IYT^sls8`G2v$aaeO!3T9NW%bGc#47oI?<5hD6SYOs4pA;tJO{=hCA#`OB>T2-3VzjbY zQP+k#l`a(TzYTS$ntxmxnMMk8&A7cey6|V4`BhrXzs|FS`@bSC@q|0T8TLP0+vD~> z?bgcw<3XNT_kW9Ly4H6)N19;9uI*5gu)<2{ASa&h=<*I8*=_CK@BJ1Zm$3;-aT1XL zu@1DPg^(TaQ-=C{TMF55ODx`dT!<+(A2uR{1@AG)?cM@P)EJl4g_9^mAak6P=~lRo zug|hng@%_d%p?FaF6d*I32`(692_T5^Ri1NVfH(}%2nOg9Ll@&X&pi`D zme3fqn{W|jH^rAk@w!qd=TrT9am3GzgK_(H36&@se~?HQmFd5iU>9?=v0!M9@$3L) z6-J7AxvRE?{u<-fMPs0h9&9G88eQ5LFo|3N!AlSy?2e<( zD_-D{b8koTC7l0eW@VUh{@dKx*sR2V*=V+RR_DKmc&s>X&*lsQ^StT;GAqNz9N9H) z6EJ2*R*iWxYW%s6n)el5@K%07lKofwfwU?#KwdAU!`u1mH16gtq&1om!!w7Z6GhE8 z7`>rRc2I3h@HeqGVz@3Ypxmbu3Oy~|Q(X;kp6IdYI$`isRe4&9%dqswi*`Pj`dlsx z`xI-zp-BHS)1y=uwS7bFSbb)$X*z?el}PycjKZ2Yp4WD{)VzIpK9;m*nF(v^lhrJe zsHT#n<`EOr+&VeUy(FfYn3QI6LYjq=(M(Q6Qi+*ho;5f@oZ~c>CXZ@f)d{nk zkth^`dxC-s)W^(s^er3963Iw_4R92J;AKiGCUJiqQXC;pF0nkDSnp9BI%^Q)zRF?z zEJ<;Xd==+eaT@sBb06Nv(FkZPYl<#Gf>Ve{jD5#HI6FV%G{w#u?9<_p#_;q08H6Nd zj^8J|A^%m~cl_>u(uVxkycqNw;ve&qUB-<9P!|OkSpq#0VdlK>*;V4a@Vn^3dExV6 z;=K5O&KmrTQbIEZM+b+@5$8~`8XTX57&TP6l>YAcmn@(mZa5K%IZn@&B(Idl0ckio z>ag}Hd+e!~&%*2f^lw{~_`>;FNXwR)k<`P-*l_G|i0 zzt#HfnQ<2+!@kc31V^Eiy1FRrw-+Jqu`d})@pJgw zr@bU8H!%SR2l)7-g`&J_WM&(V^9Dylki;yFyOp7uU}=1SYsYOI)7Rl@K!O3Fj8oA< zfTC!mjRzQf^-}yL!;E_*1QKgcO5iE#^+@3KscIsnSzoC+f+%Agr?L~`h^wJXivsbz zkR9Rk93Cg?b;so9{|tgBW9~c7ix+R`5GSaQJ1<_qf7dv8%G~Ea6UI^P^8O#kSzCj5 zh?u)%$GMi)rEm?0LqsCDhL33k*UmL~p67x3&-@|ZpXHr}w^@=!8G{cP4dEL8nr~M{2#amxR$M|BZz45CmHqa!zdBWYKwmP7YkC7NIYFT*RoypulcX^m;B{igQZwL zNwJWT;Tot+GY;4A`I{@RkKN8Ux41!eJMK~MnDUbpGaPew-OX>tJ8>38;b8G+6M2kYyMdTQ0%{(a+6+cTOI2X~>2Nvfm;0<{N`U<^ zz#u-?L6tyN%A;%OQYu!)XX(u%Y97j^slN9~-1n8_bVZ^FA}rRu`WJ~#A;DBoO0zhG zh+HV1U?%T(+GW~%I^_e=dMr+JW)T=BV0D70nbn7ecDb`G!OL?x;V4>OBa)~NMG^a; z3n&b62pj>5qC%$!GQ~k*e?BPKaJ4~oo}Sp2(k$Gmnc5KI=cSu9T(@AfTLqszk%Q}E74AT^jkQQ1 z_jy4%DZWaHyit)-g6b$MP_uLnTK4n46Vt4EgO_?%Lh4-Xvf{DoE6n=}vt{6N1_aP| z>Z7Ryx=t-TGhMY1<+Rm7%xe`eWxT0JAz9^DR!_H*;!561^6X4vL2O#4OmRq3DWz(0 zR4iV#p9o4Vl5CX+dp|^2a?!mdA=W}$0xed>oqL>ZZG4>DujSTo_B6i=UT(G9n_GIC zwVqu$rONW=+@dB@!?Jiy&7hV(tCMU!@5E##TZE2HagL<9rZ|^!N>f|9Ll%=Nl|o`J zA|+iH!9c}N6%W+yxbC`J#0GUc?!G$I9jWi;V}8pjYTT^5LmG-d3+t)%!t_BjrVR)b z{2=A(j|)7~^|j4G=bJ0F=i;Rzkat>?)8p( zBo7w!3fO>VQ7Cb4P%J9{9bRK51r1JxtN};bY@mw+Bz|*gn@<=Z=%xhsU`SUt!;JU~y%W|NZ`0??k`C8YnBmUs*4345{$Mre$~5;8-?(bC4D zmz@~JALFK{{#pF~2cvL^{bA_$DNiOR{j;8#_CGt-`=5=CtyTQz2YJ4I%Uxx`mGkba z88573s^7yx4X+D1`&pU_Nlt0sE_IkT!r*gFef?S0{p{2=G0?XdZ%J&-bn1%fT|{Qo zI#W7PQ+jO;PR$-;E*6fd5o*-U3ss`BG+QZcaZ-v@O~77{E2XRWl8cz~a t&!43sfg=^TW)5a(OGK?dGGARit7rABoDc zVQyr3R8em|NM&qo0POvJf7>?FC=6f!R-Xco(tVm_B}(#3UUYBw+>YZmzM8~7mXkeu zx;Y9&LK16=U;)sMHu3rF_YZF*NP;3M$xhl8_qUBj0y6_(Fc=I5Gn7I1iZaMh_v#t# z!Wjx#?|2RgbCz%s{MR;~e!t&;a&RF2?f3ine+T;qgZ~;FJnirG`+HCNd;irR91ixL z{1@nN1$)I4QwGU@^*6?qZ`>c`fnkUlWIhh*umyk%84U2uaUo*?a(vu#5n=w+N8S)b zkgyODYcbEKQ2>|S5H8RVj5t?~I9Guq&QaDXSMdaOuMwd>4u{}}zyCOJ2G5;-xBr8+ zI6(n|6e$cgzHPzCf3M+P@3mkQB|rC_zSD1cC_d04oU!N?f*vBL z;cv)gnEV4x<``eK0FdZ-iSAq!>H4Zn3jl&5OnrvQatNk=fQG%E({uUkp}mqSNrU@N z-x&-zNd&o&@eXDrMlBCfm-rDAgnqy5O9rk)NpUvZmu|n z`q~rh8-G^F{{XvJTftEw|NHv~2L<^**vbEUdGZpmwz$*cW{!e|W6W3|+k~7yLzE2x zox{DuCqsx1q4(6?A3S|BefE6vbO7N5O`p2n)5GcW=ljnOo*wq62h-_v^89)KaPsWQ zbaHU$?jIZ;K0kE#4&2rZg@{O*+1~5#9d!GL-TnUMV1KyZA08Y!`v*^+9zOkRe{b0D zw|637#bcfS*D#0?-I@Zpdj3D{4+eYr`M>{UH~;VDd0=~555Ui2h6Ugn5+6pE9!Ki1Gl3;MWgUgvSQ#ZWsJ4 zJ_k$Sp{XCD3~G)uii5xpXA(ZmU@{=7=0ya5TINPkymMj_aBS!Nhky%%05AflQ{Ux1 zYN&p^c1(gHXt&J<&?`S0(cnD{d{1mV#BhatOaKcgxK2Mz30?p<@Z}DoP;m&RFrcW_ z%Co|2I6<;kBpU?sH}v=bFeqpyh~k*Ii1MD|O9_}Pg?>FxRBp}D5?p@d#iyfm`;?+H z_Ec-*Gyn_4tp{RhKD$PQ_#WcOlD|0w{t@7*_*(#ST4s4M2oJzC4uX|nbb%bGd_4iK z^#CwPW{8cJl%WNObt!&>vys}Z_!M|33h+`)y@wH|)aTA8E&5STmQ^3)aM&O;J+*IPc7*iytu6{WL?cZa#bbQP?at?`yLO-0Du#=Y# z5-jO)@JAu=L(g|5SK=wSnIkqwazB<#W(scnAOI5t5O1FtU)~J~NB|iiamf6IoE!>6 z!p0%?kl4}<1)n899T+n_av`6;Cn;5G&h&uiQ}GusMrE;Nx5$A2v8pFhv zNIG@bq_pHqIBrZCUW~ANh1fY{b57dnG}|?Riq9b8-#v^d2r&Z-$lSRo=%Fc$1G&dN zzBuikb-=N%>j6x_OJ1LJ0F9$4SON$nRuirq>O3_{`qXN}D@@rr!LGFhJ_P}cLwC+c zmCGdvq5!&x^8!Jj7x9Wd1q&R9eB?cUIzavM}_VRzIW+20_B4!dQUZnD}hTdlP+P$2gq&vzW*-#)_1!8-lY4g`>GY zRcjy0^9hU=MIvFes3bBe4UW#=fCcvA0OfE9D+mA~VmFvvT@vUTb2P=4{oVkvs>oL@ zUUMZ85y1?*I5-Vygj})c6bLDnX+Vsw%tt`iwo=0PTbaJd7s#-SZH*lv#-$=J4*V&g zD3}83&qCw@W#n@qLli)QxajnpRcme$-!Jh51&Cd~9=%7zpDryZmpBGDFcj~26>uf% z$aSCBQZiPf&cn>C_{MymBln74!r3t-o*%-%X99hIZ#n=IcaA6{kYU0_$=sjK9dKs8 z4bU|T_)<-|kR0=st|Q9HcgnUoPK1Fd!KI}I?=XX~K&hC3pxc$QcIsOgTfTR&u|^+( zz^9B)YN?S@Etoj}vN=HrT%jceA30$kJK!T1h#vtAJ@CH3m8d7J<$|?{gCg3 zi1=6tr2ta;mTMbAqm(a!%ijv2WXuw^bQNk!MT84Yv7X7!)axK3ulEF&jvK|C{5SF^I6i-usCgg|6+~MW&<`a6j)BjOVqw8p zv^OJSffiV5LYfZsramdM!Vt6v&-!otl%56rv`H_?+DR|TpKJEg`rV|cFuF+*vVJ!m z92(uk*KS1V(RLWjgw~YLRNc}}JZ#>FR&p9~Tq#j0)AhH)bXiiH@m^KWt;2p+dKz(I zb=Murt}~T)CGj%y&e%oe$xrL4`Jy*i+S$jVriQ*tQ$ARxIS7GC&KqQK#SktOQa5{a9**QTp zZKYjCtRyMJK2aIW5eb-< z#(SNZ@G1}nc=lT8W=fX~@NCAlj%!3FoXM6QX)fX)q!uUC*P+nuQ3rTv63;ro52v^T zZXgLe01<*o2e`y%z6*nnP?GR;s>yl4w|;zgN)hYut_i>dx>rJtoh!=)SH!XeYA(>f zhrD5@Z+|*#we+k|rk`}^gN$-g*%t`}M^@Bw%_7e%((7rt^s0^Nja5w9SI51KJSXV) z7}2#FtE*a@n|y4dQ#C-AZ?O%ZU2zKhYZM|%&k3H?6}y=_miZo2!Fictau4DZC$-uY zHby&zeh?FMIVXtDaUk%2%)k7YOmSVA3!Vu|>B!d@g8g-<@k5_)Jzk;!E=S14p(pID zA1&{zX|hxrg2CZBbVZ2x*fS~0ys4%oQ+!=2XzX%fpB=0G%W7KkHHKiY4mHeQARIHZ zQ?jqBDan=}g2P05LeFnHowAk6=To-a7A8~yEd(EYQuhW#c_iWWrs8%G{PHT1lp5g9Q6% z@A=dHy~+)e1$TCzw7Q4Z*)7%M!Dic$k`8LJEy>{j^XyLQw3h#PkArxDE)ew2!a$6? zK2bu+nP_j0DNBySxI6-w7tW1B$>y+#MahUQ?4vTx*=Rd8SYbzNim=J9s=w~8s)Ukt zH&>gqezQH+-ZR+)8S@(=*S?FiBfu~51d$LiM1lU2F-Ww4es4Kvl^-0oj3hk%FP>Up z4#9B{Q-;Xtc?Z14(0c&`7`ljbz+3F0b4;Wtlf-l^(bTJ=(zciL4=Dp1 z7?h1f2VcN&hN$kW)AIvxeERYNz#zak^3;bQ=*}~3%9G%LpD@XmV5+Bdm-9I!< zA^5dD=sV(ny=U#hF_9@=Un|inPwIr-1Wvt8O=W4JrepoAx-LP6fY)- za7uYSuJ91pH8+a!e4rK`4~_Y(V0Wc9gRgIOtyq@$VDih9DaMf5oCV;b0{I z*&qvPLvYaV_xp7lb|x>ah_PR%eb}gfr_Hnzs#~kw5KcqJO9j-*qS+!T0~H(qwI^1h zNoKvEWNUl{h&PwY4W;tF(glZL?^!)MLh1BEYg3X`sHR019fEx;TjZ$GnrSUcbm0mr zRIwr0-)ps8sRbm$#l=C8^(rz;IO%8SD$zequ2Cr6jIH}_1wctWBnumW1fD!JV;f$F zgg1y0->pl-LX|EjLcwcD#icZ8m^)x);{XrSQFz4nB_Y5Q?JdK1TV!GQ7qhI&cyxZ6 zr%z$x>vetVaD)Ra^^6*w#B}lUUeXYaZsH%sO+ej)$#!lPfo6?LJ5H8Nab;5)Fv^D2 zZrf=VG|d2#Swag{E|}WIM3py_=Tk=fNz4%6l>!e5 zuU_PV8%(bFdaCF(iO3(2)^3T^ua4*?oE4qX8P;7V*)a7D=UaZhpN~l>ZzdQwJ`F3* zg9qT0fjOkoaT{~}oijLPBz9R$60P&W17K2OyawQJ8tvfk!*n~R991LibqxRQj?h3l z05R7wVF2(q0iT2T8-ugK-#H99M*0izC7CHZOPWMuRV7s<+gclLbX{YhaE`fbgO z;vnnkk#_S%-fCE93BSnhrbuEpDJ+y}b*>$XErv94B(paK&|q22lQGA{|2NmLg9v-6 zuUQ?MUL{q}v3HbK)dZG--hf(yqCmNG^KAj)rEAf8kyboTD>{h**amh3IwS0PJ|(e; zxG;&m87fh)vs9jA?`2Z$g{-D&w1M1!Ldr0KGb9|NYjNO6RydXwG*wwJ8_;tt?DLQ@ z=*}0VyOAtO(xwlN(n=0^N0pbkA9}*jCDw;?KD{a9>ZYueG@yWYgEk2N_XxVR`txm4 zSd)@g-++e1W4;az@}T7nj8YvnslEXXDD)!i*BiqVUDg4oQ;^n#1nC+cUlBrc;kv=$ z57L+=wiHbXgCK4{a zJY6N)WXVLP=}XdUqfU&%b+9L=0to?W^-X9<^vqgBq@@!o(pQ_W*fsk?Ez@Ra7yvd} z?jS?cIH*a-NEJ5;F+prVi671gs=4N#>av=Kr1B;!1i|5Ncv5S9AUOPQJV{pvRdoaG zH8Go5H^iv7EWgK?!Fo(6EBsGU!O1xZNHD1bL4g?iWjtv$E!`@J+j+8#<3fgJnD~-K zj^(A~1&ktb&yMeK4GWd10|T1{J0%vr!sFCl~axJKWif#N12=L&ZY33P?2P#@lSkUbW&4T!vet6@T3e zUAD_yR)A|>-70lNY*}w{ub^2>Z+^UQo;^Uai^CUb6- z^)xSxS!0KC=}moLL>8!mX~Yg#={BA?Og~Fq#`EstrMMb-h08WPtz|$ZH zgFO}GAP0V1{<0aM+jN=D0N&hd7VE%VYT=fl;_`1D70+vw#KSz5FF+C#lOxj?R&XdF zP!56b9L&nejv~Ob)GhV_NPe!|I$b>zA(g}pnA8Md-#(=fzxv+EB&M!1lhmlzU@}{? z6w|i%Wf8#(2K}G}QKJpmp7Y#!);*jIo<4^Nl|a0M9ax0~PAOPh{0{ar^0yjdP02fW zzE>`JZCKV2yL(lXH@$3=56F|73*Yh`ij>N2tqCc_Z7v8Y)VsSwVTjVLsdII1Pso6H z#wuaFSh-G+IF#08tu)Gtzz@ZW6+zA~BDgWv{E)|KD6Arx*qJ8guNFNsyOp#A&ors5 z6FyVw((8rJG;uWyo+;5b44j#}SDqzcTcM4t$aABA=fN=lVBsju&M6N_SuFJ@JI}}( z$c@(Cv3)#a7cZdQ&@5hncW+j41M{62#Y^GetxdcX?R}ZVO9{9ei+CxzyETZHqP-(~ zxQTD2Ib10uN*}3f4bQA}_4bceL~Gi@4fJ^DcuRc`xsb?=ORZu~m=#So+z0D4xYbJc zA+lXY*1iP{;S8PKgqbu}h2#yMaORgO9OgbX@)iltev#Bj`(%seFR=(fkq2*PkubA; z%H%DgjMkLi8rg`{(M4vX$)%2q{A)zO(fKLgb8>`vNJ$c^0=A>b{{<~&$zPCQSN@M5 zu7xoNZ3xQ)nl4ERT})7 zc+pAlA{K(AMax68m*f|5Wv7IYU*5eqxp;eWc`^dWuiuR>PcFdQqc2-3cPUtjF%B&}iKPn4tIeAd`vefVKweKMS<&f~+kTaW)VoVTl@nR8&I;E5j7Lw8+ zuEW~=4n=wkiO9y(DnFa0k4BeA$G?m&k1kKZyNlPlYxtkq+L?||#-J%8LJ5YKUbIQn zgoLJ;1jAjH%|GO`D*q=}rx(!qjpA@492NP0_xJbm`G220*+1On|Gbaqa|?j>_j07$ zL(tY~efgkw6$4;0>v;rDS#PgDc;4+l@2T<~QQ7y*ikVcvJ$1)h@Q^Id^do?< z3b51WdY>%hvp|%}Cp$M2qDwB75L7rNPRXxANVZct+Vb9c+w{cXa`S_zsqO^$h;sCW zy84}+a`C=^+r*X>1E3v~K<}_VB(*L0#e2CjX5JYzNb#NqVZ7}WF_%=$kzZ&+o3C^2 z51H>JM2c^sc>ZmX)K30;1Q|mloo>>-UeoZ)d9C zW}&r{C9wt}SwJn@-?zCzt2+oS^WR$=+pW(|;wYm&`>673@<6tC*%{a3|G(X7q75Fa{>RWF3LrzYH_lw< z=@w(U)JYOwrT-0{4zl{+-ofFZztjKjp)HM=|-Sj=EQPR_lL*Cwqf_PX8P1_Xj)u z?>?T4{+AtVsqRS?VJK81<+_*?l`sgLIV2tm4Oe0zX##(W+@%|+W0Q!W5yMHC5A+GS zY3dReFBUNLhTvDw?oIr#N9XMhXm?%yU*yg)_~B3Ocz?u` zh0nwph2uCs{6ByO2t{D9*KdOlt&Gr>uAiX&`7`iCH;6rC8vW9lAblt=R3@o5aKP`-37q)z^~vS<)!FD$4X-fO{zR~m(Ru2lz`HmQi7?hI3OWFS^j-#JX-d>L1 zpInSi&)#N{H06{pfGb!iKQf%U@%hEsajpqzj;408{OF$}YjL`y?UIqmmFJpHyU?9S z=WoU*Z;xKQK6zQAvF2@vlGbUU?=D^!0Iufj?18DA*9Fk(BzY`{sfu!IG?^UXt8`3V zrIHYX`9>!f?@y0U#ziLOgk7KjL5du4`h9zAiOW*iPbP(l7eTo|C}{u1HrPpBJ#SWx z|LB*~^YQzm*QYO!E>AQT%cQllBovCQM;!!c$ zma9;f2A%w`%ZsD&@!8v-PJbS&v-^wu1WPvE5@@@s_g|eHy}o=kK0mv-%t1OlJUlG+ z%j=V)mnRqFlh-H5mj&6>7QQ>#O0Um;9=|?$e^Q)?HN;rrfc+&&wNb2P6e?wgZ-a`r zCzt;?yZB{%d2w`n`u67rGOy%T)(Twb7iX7e$7ip{r*B8+aD!YFId8|OZ!b?S-XE2ZcD)oht1-S+y}BKgN%EQ+ z{ksK>`pR7G(cIEfY8TU^(Q7TLZ3+)2NtHTo*yZcddqn(cLEvXFU5>V?m*mzG%cQ!9L%tExK9tzKLX0c9R<^!49gohA ze>u4vpC4VmYBG1L(AbTKxp5WFuEJH#&XE7>pW|1Tm*=BW!U}L!Gq{4cHaJV8gn<%# ze}$GE@V!h7Wt@d5fant=@Fcu;aD>7iV@wmjbwLDwG3hEjqH>D5@Ptb6cqd z!fLjj#z7$5L{f&9&lOr02x#2Q6)Ox1ueaOn)$`Dv8$YA)S?*8H8H;{KNe1pn>`r@g z1OqnL??m`Y`6`K?S-dD!Q`uR4gHko!dJk$H1h%VL3PlWgE` zl#oz{ymt*rkHlfmB|aAaad<&H=meT3&Z`2N6g2*SBMXLzg+-E5K)tj;1tffpNC206rR`GyGv!KQ@?E0mlLD~BNL;}U zGlJu&*f4E0?oDY=mMLf0vT2ryI+Dy-sSnnyU@+~}pLO-euAJ?*$r#D$B@TK*X*^W| zev&KnMYu9R7lC%K4cg=O?d>>UYxM**e$+lzquH=T`f$y^_5(D_T+}CVctqb(M24U* zubyJb%`S}K#1Di=sMZ3YCr{swUcYWDPfkty1;*?rKR|Rz8CvMudxG|Ws+Lw#WmHNV zymJTmx=;P{e`QNr!w;b1{Qux^u$Mdk-+TIG=l^*xkNx~VGuBx@fXt^B-}+bVP%`#O zeJU;w)C-648vv?2mbX@KayoATpbzOke>Mc+ojMoXZ7cFF5{1dNzpCCzp2Mh`Ag2LG1hr{?vX2YaT*p zX3W<<5x*N^b_e6lI(~N~e*Z_}KcBrhdGq@8&FN)5=oC+x41*=oemgV#1}(&&tJ?GG z^74E8F#6@#yq_m&>n}80U;dBL*3L5l^Rxh^%;3sLx(-5igG6w?x6& zgz^p+BUz7-J8?X)it(M_!B+ZGa87gC&AFpOaPPbucHRv;?}i564LLR84xAjSPv0^$ z><;1ne1~v!NxS0ID(HG>63+?<=#utifnHkR0eA)FHJw~_0I9$Qa2PDXgdliD(@^i~ zG7pu}#bmrOkz+vKF;t-M__*$Yi1w+I9UzYaD9+*m!+>x5`M)9q1Ohl_;ARdPz!dll z_%z9fj70!GO&DV3M{9^xoUGM3n0o;JfxsMIBLG81Iu#N3|oX?KLVJHp)P2s0mD z;*WoVS#|z5M?u7ABa0ee`%Rw8`@j3S^S{Bq@fW|RRrU6TB=-nnrPLPrJmePi%N6iv49~A%85vX z3v{NX;1@pgLKi&Q7k~PTQ9PacpFq2t0@L$Q5_>FT5yJ!r*V32Z_ZSBL)JGnGQ6!q- zwElr4bWxsh9K1;sOpps>iU7rnOxRe_cyUN0(*ucs6*4)ESVAAFc(*U#j(Az23q{C% z2SVDwR zWW6?_a}+EbI`4^&s8LmQn5bLCufs%HkGqn|Bzy8GigagMVW~lupbAxt zUAUoD6rsrY>0WoT%+fScnGfs(lgYm2za>`kr*1RSxF@>=YFLq>B@UKfzGHyR$*vQW9(Qf1}3d zw=ng)Vdds$D}9j0F1f=FNONvhcEDB|#qq7vsJiogy}?|SHE?SzEr4t~pi;VAAQlrD zcwguAlm1vWPU{^N2^1?=TNVWZltTpQHh2g;-({dJ-nP?2M#$z4!w#Dx`AWJZ zqED<1zJJ8~uilsx@O882HGGG2N|S)Rz>y6#Z1=)o&6f!I#ZhErtmTQ-AY0|3qYdoR z;{C{8yJ$bCZdVisL02uGrgGote4=YWv5tN+A7lV#@KRV!!Ks)X36rYK@^3}XPQ;rG zg|ScuW#>9=VnnE>Fm)DG`C(EP5uf;Pk!{q*DWb%nQ~qu5(VBc@AuF9g-y84wMn}+> ze$`_>{4qEFI-H_W#lXzz)`Favo6g&D;3Zek|A%KLyCEuz`W~UwC;zb0R zKM9aL(%0fZ`4yQfU9cNQ{1vE0cN^Vm9Yu`Jqgr>{Ds?e&kdOWlOB@6m=VXUtf+^Kw4vG zlo=vl9-FU-MQy2{FbE7i@DTkjK%|p)sdTp`V z*aN@X)zW4fLArHn-p92MscaowQF&GG!kFRlH`K*hr3Xe_?IAv72w*C$T17UO);UZw z9ZS*T8j)kZyb=W3|7YL~4!Zp|aE^_WD(9DYf|U8k`PpaM62#$TZ9bT0t(FtSpkptx zLYL%DN8S;Gos`r8;;IMXi3xQvvP*8QJ&gVY-uTMHT)98Gdw8^*_# zbjyOxNUos6xUynis*;fmPshKU{IgYXQOdd}DQ4r#n#F)s$m5u(37a@G2}dR)kzuR2 z0ZLaxi_d*Ntz*vlDD{*ot(?!&XgAR{8;kNw2>GGOUX(a`clm03dG^c6+i!ZTipd@C zf7r@XTUHO?*FG8j&v+`%|FfnxIhq6qXyS*SAI|Ds1Fp#bGT7UHn$Q2TKX|%3|G$rC zh56RFIR+#Dy*|hy6X=R$rKdp-u2~6F9XlS$eCtg{G}P&4 zilxQt-6C+$Pb2xCIclkoqe}h{`Um;=5BrC^{IB=&82j{9Ye3E8J#(E%R|8S*4UBe+ zz{ZP!?7hzg2jYrx0k!>ohu{k**Abb%4cx1ooW3>>@1FIaCh|W`v({_@sPO-Ny7#mo z|DOzY`G4-^X|DgnD59yV|1#l;^`v_pg>bh9WXPbA%$r1!%w8!iPYcN0`D@ir>NZ3J zTJ7amdqS4gYVN-YlJtw&*e3=z>H@%KwKWS;Mj%5obwNn~T6q!iAZLaGiSvT$TZ6L! z$PKLN08-_3n)jnLiFlUxCaLJXdj56=3|rwtgVrF!a?P1;UAEf}<83Mzl8(@mvfkj? z99~xWyO{hf-P8(BUO6Y1bkv^!`)&2|%US$kh%Ee24E@gpy68L`HF@u#Z@bP6(p#wp zOPFWnhA(>NuJpEorWJasJUm*lXqs~^LsnT7v?72)yfcF#>h`>tRN2IN`pG5G(@!>$ zo__8+p`O{e3=0U7bPzXPX1!2ugMJolb&NInST6a?#};qR_)->iEsNa}d(A+*jR zv;wKsA=EU5TM49=pGMXxTM<>Qth;N*Rx9GDim;YtlQhnnh1ykF-0E<1oosGJv@0{U zWvN#^V`ghB!Yd|e%K}MLwH52y6SigRubgRjD+E?YerrJHst{`pz?6rD%D1~oaHz~K zq$)g=g{VyEraU2Q25^#(^+G~1P?5F2bK#207^5o6&??wl0c{m(pEn9-l%=^4R3}fb zJ+#hNsmlgAs!yLy7b**TB%e)#AIZlS0%=8uSTZB&CzrBDKep60$v0aH8~vkS<+8F$W)2Hdh0=&_YEhOzs3F0`%a=YGg3mR$wsaELoWQR3|FOnat;35u5Ai#Dn)rW2 z*zaL&k>}`|L>rGnD_ra931TYKknnH=l`KgWp1(^ou4YF5bC^w6tp98 z^3}T@^v<#OGU1dLf>YXgKa!+$=30ui!~`)oFc0XZ?}-J=&c$$R?j;NO>0Jn~p&xKI z7=po{%jIOZkcg*={8!o}l-gu{AHXX4-#^Iv|Lq^_@9pIOeLT(m{}R`~+%1ru```V@ z=he<{*(nOMH?LQ0FY+#MJMs9R@l?tGZ1lkN0%#Kt@Cx~Vc(|X}|M&L>JNbVvkBG;^ zCE5j|Dv>ghvZ)o_T(RGIiW_}GQ}%SvU01HrJJth)RrNjJi3pCx8A7WM+$P%g)-}E zDT0K!#3kAQq2E;1MWGjAKV(VO?HicOVt`ZV8qfB(w z>3?M{%`U&kn8BoS_H7}B4AKqFi8=45G`;>Ifd!Fra5kjGt+I|vTemEnDQdH8<=o3SsFbcKh3zfUm4`*r_ut=c<=6bZ5eB=@w{)Q(8 zZ-`%3S|=P_B~v62wJ1@)s|LlaV=LdJpkQ6kKG3d?>KIfncpQ<@lpmqbOSxExQzAx>vw9|}kOFPciSZPhHY^24= zZIEaCx=kW0$x}jsqjz!02wy#kL7@HnHc5mr!_VN6)GSO84M!q>53V8%Szm9 zr-}?7;uPDU%y_vjF<)D`ukozA|7#Kes5<^n@%(3hm;dKpo;!-{v)jLYGm(B84aEkb ze;N*X9n0_6o*e%HPc!+yUI3s9`Mq^==XQ>|304WMC{4Q#ho}W#_Rz`i0?6s z{IRsWiAcyp@I_GThdvw2Nj6k36YE-d#Ab1h~#!U3Kw*KM)D`oY}-aX}CWvuJ53hX_0F+rI=%mf_BitJ)s@a)ylCn>4+9IjQN z)GZFcHG;SAf>C`VPowpJ%>Ymp@t>Xy4)*frfBn7v-THqY&o(1F?X-XzZguuRN2bVB zC64(9OSWJ`w>wL4fv@X#mvvt;+x{OCyy=e=vdJ2nVi&WiI%bo}*J}rDTCGK{f1#)* zl)5*H8ebCs>cObWLauBr5LIFLS45&JmTek}st92hi%OGpH?gShC^pZ3W{9iW;b%-f zUmbs@o@cYY={o+AiY&A$&djR7L=7SYiEV!BdL(!K%KK_H_}8bS%aga8!rekhsBb7D z)E&k5$!Mz01NcXje56%IsH7MV*jYt9a}VL{@oxx#Kr4O9O+I;ZoCF-Nin~q{h(PUkoan zl`y#}>@47?myp4c|L>K2#0Be{qx12bqyII2d31R+I{n{O@#^a1T@}Y^Rm*nKwRX|9 zzQO2PyZAMC7QZHIz56x-*aUb+GpNjvHP?{z0z50kld-^Q7M-PT^49bK)bV;rGT02% zB#2A-x#_)gm5 z+^ko>`RGOW752yM=R1%4VF1krIr!Rh>|1^s$^WK-AJkJB|K~~m z{?CB_vy=b#@O+*454*q*Up??cCLn@wSJ)*8GL*TM9Er<}{I59j_{Xo!w7X|(Ph%|ktZZ5G@;U-7As{{f!S&4NGIk^hHz`~Tj-lb!s(mnY{t#m9SP^#5%HcP{K8 zQZD=BtN|IC@6VnOzyt70JV60sz{O#RT;^ZfATbM|Jmz5-Rb}L@-&tIYsZM(3HQ~}AtQnp4ElkXT{^HISJ_c= z4`a?)G!8`4kFh)kc;0{3S0862ad}Q1a>w=ib=!q-}Y{43063AdCy!E}S zXY_x-$RA&!<&WQg9$k*cN9U*GUrzpMgpmBi5D8&0&c_wv4PbPv6vuIx4?SoB?l=-5bB18hmls2*OJIal$t0HjZ+N1HDZ*aYxJ6=K z`0}!~WKFK4h+67h~J_8XN71uqWDT6ja?OAc)3f3v3yA?0YM5o8PyLIth%lx(7;%Jph+;1jgeC zviW!nd4*=Uz2;N5%y^B@%Mw?V?H%9w{{~)Aj4z` zdfV*njk`v--sqH<1V;b{0U&4r{m>6*YMtwV8w5NILd-yjkO$ZtQyW`(1V@=W!!z`0 zsOfy@Jbtu&9l5^#mt;cPw*L3z@JYe{W3bEreLqiA{Vx|IRPe;8cHZsAd%~TnXmJwR z>~2nmQhVvI77H|GKj~>c%7g>WzWdV!1x*|O2MP~b;HF({&>FEp)1lrVFzBl2mX=}J zUTDi4_2qFb^974REg_lZqL*}aqJd8l481N2uYb%1GDyqt4bhJxP=!`Fdzo!?zU^hv zGxKzogwDLPP?CDo+B%S88$1x2BJ#k^9EBjJT${9R!ZJ$jWhOEt!| zgAvyPQ8yCtYMpZ>Puk;C~H{(nv9-#Y$Z`}zI<{$T%bxBtJ7XYKQ!IzGa?{r}zi0~^N(+j0i} zR^`<0xtpg#{&VH$?)`uF^7)_k4i0wrzwhO_bKl;SgZ?H{D6xQ=~s@(E|vD~ z+3cw=|L@HI?`bjq_g??$?*8AsJl$@0i~fC$^}^i}uyy~w45jwcU(LTSUCjOi{rmDO z`5(f+ufR<^|GpajeVL(Ft_BX=%;E2=Wz5cWPf|ekOqN}r6edK;&O&!dM6iqKs;s;v z$W_H!L}VK1g;aY0DjUjAKB4R%KAXS7l)Xio&*$>j4JKC^_b1_Ja{6+WOH|s_wOyiW zfmqumsxYbVDeF_(s=H44lw!IM_o@`zeYsavPp*qNWc~sd=muo2!gigSx#4 zQhMX%@tZFzM`KER?u_6#%8#yiNvoE=(&ULX^UhhFEo<&PK~~Cq?LGFl{M5JqMA(Bd z!_zNxUI}b z?-60X3xjj)9VM*O*p$@0j^OsqN%gEkcWmjAnsah5C)=~q5+|?WT)rJr@$Pd>^G#1AR79}H2v@WZ1Zz&FUtdc(U>T(VMXHc6$(Yk%Q0y)j<+p}&Y1 zjvK}K9l-)EFj;N}R>H_aUcgUVZUg*uCv8w*ZEfJAMQ{)xFG6gBG6j>GVlyB_9u*0MdY}gw;TmF3T+;!5$l#Sh%DG6oV$gT4Z#189ISXZQ z9&1aIlHRdiC^IFy;D^UQ$fC$Ib1V5Hef`?O5en(t zpEBi?>7gl%19s%)V25!Kw5C-0_$g8@;_!$bg-fn>E+aGqZ(_>C%hpW!pa1$Hx!jex z?|qCz$_NyW<6r+E_^WE}+8nR?Sl^Joz?l8y2Z#zIxV{Ik!(zQ8II;{-Zd?fe;~kap z{&GWf0mB*Rsdp5K09zkvM zI6zFU7DcZ)2;*wM#BK14DsmPXHtd)a3fi*4<5+G}WE434lE{}5Tw72q-vsCy1^iXN zotY;Txh`Hr=LAoAUkZk#aTEn2UKkA0oTfPvIWc19sQ%AhhZ~l0UExEHbxn~X?AuZ* ziC*mirFH>*|H3fPcT@9KONP9=32z|rj?PczJ&Z-fmM?`lFSWy|Anh(e?EbW+2J8QN z$=_=De?ILO@;@K$^8eh=vxWR`JExzmUg|YeFg4@Wzs;N2nS{8s?<#eMH@b^DUt{RKfB_6$MA~XxjaMVF!4wM@mGNd3y`^BwYMTwryZsar<_S%YzZLx?BjG+9 z>^+e`SLVS}#Tw+c%bhy>0TbIbmjBz2|ImM0$p5)N*xSkfdwI4O+hMm1-0d=OH;LXV z=6|x`>;`x?^TSzJDyZ8${~PQV>_2-?cmCh^^Qh%M#LO0!eE~x_LuWUka(grs1YMeQ z$cS^uYsnyvSn{-^b4PMSYI#@S8FjrmK8SV@hxmXGZWJ&t}2>O<0kEC)%yHXuRXMTk;3LmXyA{E$sS`!96( z7uvRiPYJSrPOv0$vOeLQoOYI~q_Q*zBo#qh@k`s(KW$@Qz{lS|Y!rK#^Vp*jqV)yX zbRB6(O4_8A2yClLex*z32F z1=!!K(>S%ixk7wvBa$&#HZ@}OPr_@5CMGhW#`0?VYNe`N-{7(C{I|+~XO4n}KMOHI z+mJC;=RZ&Sx$~dF;r{;a{>QyM55PHO43UrmhJhS&nR8?k`+?_&GY~=d3eFI9S`WbG z+^2xXk@T;la})%Cv$c#;;fJ%1$lb{NYb5TH8Si1}wH^S+KsdjE5Y1$o%ZCv`Q~wk4 zS&#om|D@MpF9kG#?o}L#?3%Ro*r7L3>#;L|SFOhmTSTqL|F`u3 zyobccF$JeDPiV`D2>uPZtmXI~f<0M|;NM!#HFdFvdab|@86x9rIqyX(8rSc&lxbXa zK(7_x8FuLP?5k>$*7<*Na`f`eiL>ywgJbplf3jE9{|*kG?EHW4<#_;X9MEdLLcs#K zb4ZwQdSi10M!evN7Xf0mm1@xW1GZ=s`CaoTjYksSB8Ujo_M7VgRv2f4iD(?~~VE`BxsiFfrV2NY!`0*m9 z?D1m|5q#}?(%*B6g8<)fX?zWd4<{mabn7wrSkS>f=H8l_mGj?X5`1j6F6Uh061YGN zk@C8HSP>U%Iw_TE04Iu*sKRMT-jK|44&5tA#~=Q-#4*tt?B9P_RmW^`Qd8@P z{N?KEF$t1d1~11X5cSemJ?pId`0=A+BHnBidL|z+J^(PF7!cz#n?okph9U-_OaLZk ztZf_<#rUHGPN%>ZAo2X*$P+-9IPQQ+%)}rW1>Lz&d=Yf# zfcXmqU_lH2s)bC8c8^EN$xY_gN!11Op#)NycwG-(KN#Hyu<1Qs-83r*$jsPWNZ{@Pya$ZOT02RxsOzj&vJ0R%_qZ@>b3abTfR{(T8&$B=k_ z2m?v6(R@tYIigJD&K7-8gdt3s*><*dG=}!@*AKTVs-&)0>~ey=_diOpmi_)QQI9nozL-udb2f{IOA;RjFHr!ODlA)yYH%oUS<0-7 zE;8f46%b{*C=n0FGIqEwU-uuMKeE*=ux-g4_gr`_q|VR^{9# zZ!QU-YSybsFGaSx5rk+FekiXyUJ~fq*UK6!f`TDj+&M92t3xKZT5%nFi#??5=e1U_ zVg$NOABp}sS7m_93zc^e_AGs4jRM%HXY^Gp`Kzp72!fv9T#96?m5GrY@b%?L0;r5t zbC@=kBux>nB}7Ij;cw%`1QE_wW%ENA3fwv3JZyog;x;&e zjQ!w7adtW$^!p1jCEv&Z5V{6X6{k}0lqDa(U2~A0jI#6wN z9S-)&=rS*`Tec-uX<`~^`4|baSK%)7)StyNo}*6E&AB35Hw0(eF}g@uxkJBY*I|6s z%%=bV1tEE#(?kU~6_8)~(TE1`Vc>g`R!irM#Lin>WC#8fP!vo7Um&>dj0odOIAmNY zCqhbk#qpy$vU7HS!Ilwf58D@5Z1mrWFd^+*y+=zb=?1+Ny0h@0kx+_=%!r%$y~t(q zt#ZASJ-5w0pb62%K_DX+h+8JYi26oe8#agkh;Qj^OmOmv5on$@^U+a2!Ia=dni)>) zr1;pygm1hVHtn{lZe5o;Rq&YixQ$bO!UP16%o66~`!Yo2bowRnpaBxUf(j(KV@!~k zK~!zvJia&gCo$in;ShL8m<^BzxY~mVZAg1VRYK1mDT+C?uG|c%3*NxM)r=6yd=;as zICO)7eE?1wm_wQ~p;AU-m&F7P!2@8D!hZwsH;rNN_o0sa^8mOos5~<~pJ>0Dlt@dELJ;I2-((SC$;0zW`rSl=@RiDnx@+B~>Kbq6~&Tg<Gvy^!r$SujU=uNhjCJQEd(8MY3)ahLuS51YHa3I`c%LO~O&7 zq48_ckOJeYb&`sxhM*|mB{=*IPu9UoaQNSNvIfp1qskgslTd)`;7#W9I*8NC%`qqW zN1Nk4(N)FKMGAS5yDuDWqD}Q+|wC*`%Qn3nWz-Nt{ zCUW)Rkij4mD0PjNzDgiv;%2VV-F`SD!XD9_h*Mp)Io9>2(Rx!zY*~no63`H(2w*2e z3^d1_xGAoIIPqm%18>Av5z0`=WV{(Sfc|0)8qO0qGMv}3fa8FdqO>~HrRsby#0&(8 znNv&8q&ys~rkBOrX4w zP@2=C4GU|La3L$Nw{9rR{Cg4@avcG8k-|An;jBZC{Ok7^Gq@HVvi|=R^_%0T$|<@r zV&zS}21Y*hrg5;|;Ez=8^+umEOyCR&1MfQ1a3t#=%lggn%lR*5$(p*0od4h`h2emA zRGlCCp(jk^LV%?*12hyGm(pNpnEm?ZX_vAmf`@(xs5B}*lI}EkqEAWvFx`%bJz#Dx zeRO_Wn;IP901GqB8VWtrwJS7w%RzDy|ExXy++M&>FCl{?|KF%R4C5fU?X=|YQ89En0 zaZW63v~x(HE36vYBqb7PMg&KQuq7`8(|w2TC*<)RWNy!!cBZtYlu#@C#YsEGVlX%s zSyjLSMv*uq=R9KYhX4Txf)s}!YbTJO6!4`3j#D%$808Qg1&A=(0Y@(LuSLAV4mcJL zKC}bQ*j&i`66*gXa;Sh@;WCR7KclAwrp6BCwYs@|Eq zK@mxFe}m*2Mnk`YBJNEc4@`*L_B<$uy=B*fazuCIdr*#Vd(H>tIJWG4P>yJe?gtqp zP5lpS&N>AL1QWwHyaG&kYq|y4=}!FuOcdKcuwMav+b8xbP~Fjy{R)g*JhNYcW!s1L zD^P9o)IN(w>`jk_23U4NEWccL5W&jv*RhVvO5izb_a2nRx1OV1_@mQv{|_X z!QFWR7;Ys+;aRDH_3h_+{V9e%X6|fE4 zow^B_n6~35pl_?6rTd)xnwNYMr?9GgA}QvOC{QJL!E2rVLr>iOfPB+toDjPNL1Xhd zPw#N$5uSwCB643THt`XK*FM3b`RTnQaZglSf0C!r>Dpa#zqt&B`dk|cxb`7{;G?vj zeasAX@v?r^Ir}DEXbnqM#P_o(EnL8-eu#h>>q;kby`r^FWkWA z9H8&#S+C&L@aN)#b|XtGudLsc{f|Qh^7@|fmiiuYApxQ%1oi;Wws{vM1=nCNfAvgw zZ}G~e2{Q}tt~T>|3^jK05y1-v{h zHFr7*07FEkK&v&u!G0ZA&J_@C%GKa`#$nP{ds8>gl`yR|Wt~gY`gf)tC7u_lYGh#j zI(kt`z;;xX6rRk+HnOW)B%@l8-b<>prd1ANl~=39UXnESK2 z1J2C1()a{DPb^MjJ~SOsPQLSe8U=7UPQG`zLWW@DyYzt!z@owaV2up;q0i>;ex(1j(xz6+~?P2&X=-Eg$IAM|?NO zJN5Bz@35yn&MhDP)JMFuQLt@?EKdYvC zlRMy9DU|?SL4FR~Mv7-9BYqtPG=sdM9(rDatcf;i!EX(rqgKC$fSPKzneMC6##-vG zg|dRy3;SsA`P2QqjMiH=n00jE4AMW9K9Ok|{~>*1FI4hl%RJS$q)`&>smJ$+VmAnU zD&#M~yl!q9)!)Zuh^k>t-8)=UKCeb(71RBO0}{Ac7FCBa z$yI9X-emP>O5tr5P9?S2tqQ4PVB7pOAqBSPX+lb~&FZHUo1TU=QjXed_lbrD{1jLY zow7+f={>jCayCejvXG9{HjP889Lm+&;^ZP)yMTUZda*V}ZJm~fi5rYUzp%=J4Jq)$ zvc{{n%K~@Mc7=Jh4yMs>x9u4bv-$XER)fumu(}xa8*sulXes51!+JciMH*J0z}4W6 z3R=FAs4E4+)KOse#xQd~% zX06m#$~HLOw8LAGPCGe1$+St+e|mlZj!$1+=qn*yaU>$PtC{jUPlY35fn-XEJmGkn z(8(3Pl5vqa#WPHq_UuO;w-iq;ojU|c$xa4;N36_==UuIgx|^LV%i*=0E*rS7{D`+9 zKlEI%c4A$T zWDC@ zEbpE9`d(6c?Z~M^gWis53ih7Wra)EQ0KZ;x()RDw!>%hf!Alu$omg46uW&9g=T^PBsdN|@a*s} zoaXg*x-}ZXcWq}AF1O?~eGyNmh^U*8s#6d8{eEAG0}3Ee8dU0ekT}2#Upj1n{_ zp@{daQXM9U-5?aIt|xIwJ1XijIOt!AZL3d&Oc5RMf5oPG!l6q5H5)ZzkZq$il*75R zX4q0C73@NfAD>^Gy+3_<0{(gS?gAX0pMqab{s~^4T%0_9EPh_0rSd!AQdm2w8uvR5 zovb1;lEvLqWE+4gT!Ig#6$*dk3${DTX##k>WT1F_B)6rk=0lC!7uM#oLsy; zxjY$x0uxg6mVS|sigyM)>4 zYqq$MQm&rv^y{qELtuvh$q+fjaeWsf{d1wp+&ZD13!#ENiA2D0cRs6rhIBdUjq*# zOsUW3q|7Wd1fu36@MXLCzmohv&J43fv_a}e@l@ph+IzB>&;N7y^vT{X|Id9qpFabg z?Gv=6gQfJ5Z|k()h3{UPFhUhtkq5|9UwxK!KelWr<|<{-Yd_S9A#KHokr-$s)m&YA zmx^bXif5OKXP1iSn@PoE6NG}FvV!Zr<-dLX7ddzRaJHQkfK~aQ4+n+(p9lL-cI*Fr zJeL?O;1%EYh3EzlnQU2VyBRIJqZWcfY+)4f<*(HR$5ID}U_xN%&ZP>xfP9X%x>BVV zA$S?0OvJ`bZ{rB>b9D`}116Bl_|MX+bDdt_cz84S0|ah(6)h|mn28{s5y4(ZR9Rr5 zEZ?B~Xa0)Lh5TZ?&1{aT4CDJqQfnk944_O-DCWntNKWXXYaG#@m?B*Tn)JH8Nq{Fk z+0dT4sjyrGPSRv4oR#y%6sw-QLQ6Vq0q{5<5hD`@hnL`Gezixr`CtQ(tysq${6m7p zmcz%2B;zQv8kyZ0=R>OtUc`$?c9GH;&5J&*E_j28x>~;=!oD!~WtT?rB=FsYT_-VP z^7u#8_Ce%Fh^sRk1`K0y370PL73vD^dnor*kE9(4-2_Vw$^#X`Jl%7OX+vXz_~K3C zkbc!XuIoM}`Tr^FDUK6w#);K&%)dD^+yuvJ`9ByO>>p<3|K8sI!QoE+-^ZhpI|Dwf zt(LzKfiNDnzH1XSL!Y8{>$|p8h$#P)m-53|yVd&cdH~v2?$9*q1RnLxL9J>Xy3 zMs8Qi2x9J>2$u4v%O0c@5!RNaw2(D2z`jJ+XAu>tS-WDY$-jB^nE64w^{CalhD6(4 zy^AQ0V1F(!k@TWsKOkrDe<*sSh{jb0BpVx>?=-+?+*G=ccUmtyZ)M|-?b)6Fyl^MqY6Z8Wl(QE|c{~fl@FPyIyvjKI(cWLqPk!i)1dLHU5oI6d3O;ImC#iMb zV)oV#9pQNUj%5=BX0ff74f@>rPJb4|k^Sx*ou7&hmIV_) z+Lb0-I0C8A$`wfFQWo}f?BY3QL(58DDk`_TtcU2sj4+MI7iWx=t$s#<8AQ55*> zVQoO7e*4jf4rq7Ud_1jPc%Af~xpeUFqO)`di2iyjZZ?bV5+fal9xo`)C(@zMaYiyA zVubvu{Ql#QnWZWjWDfF2al#>9ObCKk#+dN>`Pm?toZZL3`a1pd03C>j0 zD-ZuIy7{FTW}4%W1aVGMoue*Gi;wB~yRx!gU@_(FggvT&QB_&W8_r}_w7=RbesBaQ z>guV4kkTQCel-xsaf~^Y3_8y6enuJNY-L><)OwJG(h-y35oez7dOeW^N;-0M0J=tG z$>t(N5>=Xy46Ci!9{4KjM2)cUwca!7~I7!4Txj_JZibNutATVY@GLF(ogrEh!MxHco z8C{Z|?#%pa6sptYJDntA?JUfaw^&j258p#?u$Oo-Uih;)qhDvL%o&Ti@({G^s{mwM znJQbEDSi;384TWQr777-w&f<2HzZQqzqa0ng0_bO#8CS-pNjn z8vY2Zu$@taT!;5B{k8ugnIk8^$58Cjcx5$mZPO%atQy&}98?GRA=}@3_^jW5_Nc7j zWfGXxIStu+80cEh`~ByS9<}cOFzzcnmG)o0Ojv6mL6?AarX%;4__7zz{AaYr~K&aV#+6C_)6dkRt8qqagAM zC-DuUY|xDe_8b@EpzGpA1j8kt8BG8o1?c?Z?B!Mf*(iFG1LR>QlM{Q8&ebI$-CfEj zdEt9rfT{p<3i&=q6UZkhbuqCKcr#y)pPGainyqH)RP{{RoO32~F5>W^ey5ZRK68rm z<2xljM6`t(GUO~`^r290S*ovSDI(tg|2YKbOl*#*GUiIhvY-3_(V?Nx+hoqIg!0`8 zu@NKhl^gH^M!(8h>A8}4+9jS;?P1a?W$OW`dgR3&Z|sZYKvN$PnudlKG0*0RAd&wXz%84}CV){cXIZ42CXJJSd;8=vRqsY$~b$JbQOB{^i|^ld-tm zJAQL=d2xC?8jnsc-k%TA z|0n(KzIIRjIiF_pzx?ER6^^R;-+!9F|8aOY=<>$O=e$Jvj` zd9+r?(@RZe1(2q}%Dqo6BV}I~E*Gu-EN>}g%c!eI*_Y{kqul%Sl2P`9akD4~-ndSb z{gT`s%JqP{F_e94zPZowubls--jMZiROy?Mag(QSwvV>R#Vn*YVx@HgSBM zWc%OK_9PGqNmx?^Lx6U)vHzd_cQ61*kfNS!*~zxzi$o@Y!C){L41js~F;AkH_SAlz zX0jcU_K0S*ETD7=`%V2*`Fcqw#n($Z(I3Aw#r{~&!uju7AKbBxh4a5#oB!Jf2b=l- zI8QnLYS!uiJv|t3-Y1z?oXqJNtq%ePA6EiZXyL#wX=1+NZ_jg%2}G~s91`{py4`Na z1`6EF=P&v+&VQ1o?TnIWOxF?sXum3vHy6SXKM>i6PfWS*EXk~8{rbe z=JJSU2^^)U|Dw6-+l=S^n2HhS5|i8}5t!J*eTMml1&?zq8c`EQyhyx8QWgQd;_;QL zN|PZ=D8-0dF-am3l9UGUOJQF*U?I?CM3PX4`9nZXyjLeTmjEV#j#GY3Gf_YmEp0Yv zV&jc8!kFh#J0X%? zQH6Jme5gb1{{hynM){9vp%_m@FuAkR=REV}|Mvdw^Zlv#uLs*3`TrPCG1N-MYZoC+ zd(#oiQP0B+4n6Q)5qN$IKhufc1j1pGbD?wg@33Pqy^jcg% zfsU}zgTG_+%Xl`Hc^1z?@!iGCrO|tL@zMkjudakyo+K<8-XBlbqInj=Hh}9H8PlaP zpHbiV_%_9fwU_7(any^Tv1$cyh6&!P)rSckfL?Mi_63tll<{hvyOE5}<-;2CoOt$xI;E=)n(lbUERXS9&bei)KO9q|1zp?WTeAC1^Mfy+4bq-P4q~+-N zjOa`r_ysIO0smu8CIRFA6#m1Q_lfDkc^=2d8AX;Mu?TXZ9SrC7NY#ONrr=85ve0e5 z2Al$_f0qAebTL@16DbkmnrG3%PMn*9wNBvq^vq6J=y&Rb+l8g__|BhanCMV9Vh{Y` zsK{@!*7;VVRGVr(&NaU>*-E_DFyB^As$3iQ8aTa1F8etYVyJ0H()-dUI zy5nhHy-UL8S|3b~(R+5oWKdbECptgj-TG1{!f6-^%oMXy2UM*xm(SucIJom5R8q(` z55el_8>+9+1D#cT8FA5+rMn_3OnyI;!r7gZtIGwGenz2Rfj1=))Wog|gsJwMd)AbT zt*Vk;vJ^}Sc>D4V=rVWh5hiX^VBCalTB6%TU3eOReYOeSj?Pcl*W<-mrRJ{ym1e%K zMWBJ_*1rxck+u0@mxHF6P?1La%L=3Al0rYm!my}MIu-T3diCH-#Ns~OcVHfGu~^g> zo!-1AV=9*KbC!lmZjv=D4HbAx2+FDUXLh1Ag$WuAT>@iQQt9Kdt^y`6WKnpjep-9@ z>Fyd#D*JQYdSL3Dy?%SrbGHJR3q(~H)Z}F&q0C9F(^FMac!`$I#E*{pR1z#fl1S&S z%rgojB1X23`Wmc}%FC`i)tok8)ymVr()U_J?@`~reSG$dIIu172!p{dN6NEVVfR)Rp66Y!~R zgk_sWI(i;v<(3&43|I(5t{cgCJ{(o98WkETkA#Nrfer|Z8=fTL+E4>NG+MDcm$Hm^ z^y{8=JH#ZLg317%cq2ZhJvTd;jcw=zEo^GRW1*s&t$2NX?Y5}^T&Hcd^H-BDPh(CZ z(b?&4|Iq2~bhh_*K5g&svPkU)}ZrE@fu#{X&&bS-cmC5^w-9IT~&Bwdm~W)W1p4fzcveBX#rSZ|Fg3* z75``F`SXqa=c7DZR^CCo4SN4&UH>D$Tc@f$hqfa$RxJS>lLY$IR)}Z<{Yhz#>KxTt%M&yrG!_tQQFC$VL6XPu6pH70 z9NQH5E|w&U4033RVN=>8f+V9FL)(S}qzAwL-q?s^s!(Yt!cZg-I-hYZHKql|iok8j zfz*S~x1QS^{UkH;Qfc(q%8B|@YxqKSiAEqvEk>@6S05?bqV`az79M~D4x6gCbX2VE zPIJV0dDk`_z`Bo`4vNLng4kzjWmL?cX8aQ}**X5`Q=}YF4 zM$1*c zu_eEuSw%UW{|jlQe^m@wNa8eF7Vp97;EYR?0jUA9Bq)2-ZczQ4*$+vEJrE<(-X9DO ze%RaJ*37Fx6`8q^z?M}kEIr1>r1zj?r=FpaJ{quYZ*{O!Ck(0`v*|6GE{Yf+x+Grc z*~0+6ho0R^Wslv|hAB{QVGoZREH|GfOsdN2|6|)}j3&eq#mq*J&uGLl)ZDF#Zmz9s z8Y(B3*dvIQFv&0@*Ot=34Oz%Ly2jg$qJ(>0RRDeuU2Lz-$X?Jyc zKuwiWrg=3WQ=?n^z8+yV3+S4L8dL1Eux*+thTEUp{CY>axs8>_`-kxR{hgh?eKp=8 zRXP_7iKOR7$7;6$_wrWfl3Z-4NH#Ef-(?!<98FSz+&m6%N zcR0*Z$h5ZPJQj=ET`yP6Y-T0K*berB?(_;)U0K33*Qd~9e`+x*kEZLZ-r`!`mUSq{ z#mTUaaW~frE^Ze3)Y_>V3v=W)APq9eaZoRS2Lr<5JfkJ;f8y6g-uDqLkWl6R3O`bT zn!hoxJsl=Iqb=yukf^^Ux&ojlTt8!UV6)4s?LxwoF3kSzm~o*}selVpv!6?I)vo1h z!eszQvEVI8b7_REZeHPoeoRHnxQu2zhBPJ#RfNeCol8QnD`eJ6Uwa07&vDi-$s%JB zjJXa&h^Oc3w`CVw$ZmZ~-~JZ(C>533tp3m&5+8U5K6>nrNkWD+^8+|Vmnpa=iL~T& zOSJH7LhY#H5CfAiV40ACv0*Sk!V%|!R@){~#7w5MG-FpRrbCl%!1@-Tu>`94ntYB3 zBS}<@Ji&zR=){IZGVu(`w)Bjwg)^v<(tZtWi~~#8;%|3PIZbHmM^VSKQcFo?HcYBD zUnlWIe`cCig39SpmfRUctMird7<_+0uQFM5Xcl%;eYy{3nOuz2C7oEL)XxV)2IEc` zWK{28X$Ed)1gAiNu8f(*(fqY8G^?}C;G)}@NxEs|er8EjL-3NJiO_5;TRK^d$rFe( z&OgPvS`HXf0P|{1eNu?_>adsWby~md4GDslTD0nM;PM@t57HmD)aS<9rZ|Cp4-|el!eQ zS2xW%VmqiW8~n}P>?1!bpZ`mf=|*(k>k~u~$aMZyz=HGt?%sAi{`cO&CjZ;xJfAg@}1r!MQ@@AF%8O0L+3K6y!o zW}G#QJkxP0R_Eom<(G<0#2qKqQeAJv;$EaE`f&H|uh?>$$8poF1(t+y9xWEBfkMcE zQg6TWOevzWRMjh5DiDa+U_djP$Wjq)sVy}Vka8iIiT0wjFr~P)^u)Jzqg8Fz(Pf`? z%sjW(Fud1&RhvJPeZ>c&}kH=D-KEZEHTh`h8i~jBTp@c`Xk^c{jvI`c9&ct zS~$Bqa0`j5V3k+FcNd)1p47VV-FHE8IdhDY=Bcjm)Hz3WIwsQ?>NV=;uEDI{V4HI} zdIr@4C;{Gs2Ia-8aLMqE^B#JK5Hlg6`KwLtUw!-C{7y~J?%-(&UniDqVwlR!zC*$# zFbcpO14E{A&=W4+<)$nGik3C5m6mQGPuNG@9h>4qOm`Ob`5pg1J8Bz8lj_ z5w4CR@2SZ*=12d;yX&P~R>s77=P;Bsj zl5q?H+(5!GBpU3vGWqt_(}9;?Db>ov5Hef&h18x_lLG9yK9S86d9G8;X!}!PZXHPU zI*BL7{wU<*F-f8x{Oa3c9eaw491w_+|GSIsk}Mn1n4+2FZl%m#%^bE_Xa+6sh_$)gsQ??*)m84Ue z>zpoVyRf@puT8?1K-`$3EsgV+K8N{I&pponbi8hqTgCRi&oJO))jW8C|Hn?Zdr&?9 z+uiPNZ~Q+V&%VMZ4MvrK53_?UQJj5?~9eh+VY%q4tF{m#>2Mk3luxv)xz z{%t-?18HAVHXKR62Y!3kZ}@K3xfB<7zXyFf;2AYCBcq62OP|B$VMu92qt&`!Sh16#vfaPqHA zGwjsK%Izj${-5?)^ZMVI8fxMCe^6WhcMhKKZu0*=%JZ1(|J@hVMf)fA1?? z_4AmTh1Rb60(aje8Z)8T)*O|%?5eil`gqBnC8!$n?%0H_az(SgEeyH1{EI)RXO15pSh9C$8^TsZs_+V<1TICqC6(Z>D+ zp6EnApfu|zE`m0S3KONv!@%*wvNuV_$x~1XZTd+Q;?42J>G|6irx%C*H=lnzdh^r! zH?QAa9G`sKd3NjTBI@IZ@ud>+(2hRnmth3{H!n^vOc^zlr3r-%9$=;m4M!Y&3=w4G z3beFChN8W(ICeZS3{0NVM2J`oY9yKs%w=&`x+n z1+-ORQ>QKR{=dNQ9G@L7WV~61fGB{V9g&HEZ6(kPtinvr###x@IcOuo=(=Fa6_rAf zff0e=e^ZQAClpzrUe_q4`;RbLQUW+WG8n3#4n=;`LAs8QwAv_W#z^cmt|~ZPHO1*C zNfUv0KUcf&=_h0+IbbnuMiJU#M0WO{+lhCqJ#lyjS}AqR&K+(!O4E2!vWFHqO6G<# zw$40;b7U-*KOS@KHgGV1Gp6S41c5Z3i8-ZEvK$5-OQ7<@C7qb}C2iIFD4VpiJUI+w zrsP%efrHYF;HKymQC)`i0NP#?A!=Tg#t+4~?i_yT6G5NvLHioIX0$(;60$Nbb4>&l zMn2qtpb_|@^V@H~eRF*D{>OJ`FJ7K>zOjvUhJG{JMiQWzP{Z6e5k#UEhAo^c04yYH zYf`-%ohjB)w0$bYR+CIa$B6;_`YZee+E$9e@4x?-V#LH$JOAZ{|6ed*PH9u{5d2_v z@g~{01@AEJT12G|SE7V{xub#+#pQ&=g2R|#)DtG)nrE10$62ETi;X4ykV-c<^%Aq7 zs(|o4awbMJdXL8IhY%&6!6Hfw631`| zXD_vi^A--_oy=%B(lB1aA^gPRE1HRXjBj4Up%W%szj_CU@Pb}xXlHP^Si7I6HFzbN zaLv?Mnk%5A7=y>aA^eTR5_=_Vh2n*&^5X1Gu)Qv9%mS_AB1KfBXRAt`o}hlJMI9#3A~698k;v+Pm1h?UNQaP#oyI z!nj%8gM$OFXu1eJZ#%YJgEJhiT>3eTn^CoDOS_LbqgSYR_eprk2LsF`(u3|ssa*W5 zP5;wQo{c6T3-!Ofy8Xw&_D27EoabxO|FpO6`qV!Q?@yxrHJg5Hl)rl^e02H z`?rk?%pb>W+Q3?deQNej>ruPyD)Pr&M(!d1-S}8@)4?tB|9pN>&;Pdne0LN7^-&%S zXJk~mBGO&&aDF5_8wN@86w4MbY!srST#jCmw1|sj1236CWVTofzH!r!&1kls#HUQdL==gr5M)Rd zOx#=z!2eeCz7>8m_!6P!&qXUY(0{&1lW+yZ6*_(uD>w8U{a986-|&m?28(MN`>FQS z`vp<=W`q({y!Lbk@&?h0HS$U*m0g?Lz*O8I%l10iimD=P9Z|*vQ#7p)scKbCiW$lj z+OfJy)V&t;FTRXF#1Ys!)uknS)esO8T%V*s^MT$!|4XPb{rq_bcie#F|0j4-&ea?E zm~)A=*V)gjl&`~Hll;HO`d^E*I9m@`wEx>V*qO5b*xUGjKFYJq{;$Z7GH3fYC9#&A zQ_WWOOKJn_FX^OGb#tt@=4Vav--ZLf zi~Qf|KA)2RyWNfaf0Sn#`CrLMR9^!sk>M+We@eEv%fc|*Tz_hDC;%-Jr9Rj!91p#4 z*jqVKCd@BH>t=F42s1OzJRs;m zT!sE--Tk9J>sbHiNB>zE|7WkeTaW+ueCJ@Z{y)l7ONnCRdD!^c-(dFd!jgT zD3y%zt3lF9=~oLrv{~UF<;ZNM#7=f>OeSYXa#+t@<}!(6Nut|xVV4>B3-gqF=S-N% zr&Gxj>iPI*=1gcx-0zyy%uAV2uUpNOP}=;INiY;S+ANi777LyH!WN^+Rn_ZGll1tf zql>ri|8a8h=JfSh#n1um8V)zCV9`@wN%f=WmsqQB3p+ z0ynLIZ@8dwpepIeI(o=co=G3Rz4aByHN(Rzgl}*CgYNS#{+&ed?d{CYzB_&Kuzk&0 zw9c+N;A~HKw!6FYd;0pt`=4IFdHeqCCBvV#wqu?*}0tTe8^ycRIKo z5}obt58rR=a5YRo!mmv{7!ps4L~|_=67%`kKiK`wJl)^12WhpI;} zUY(xZU6wfXA<>v6%gT(o^(O+={Wb(b}(Ez7AaOQ|b& zRaNGyDG#rI{5dp_7bicy`};%n6MZ<=)5QuX+dCWdtD%Q;WThiT)~;HuSFtSi}U zC7?FGV8ii>{iJ8sl#bFkSZtl|Ez zj7vP@4se0}&;Iji`=6cdjsM4^Jd5uCR?l>8?siTM!%SVk`1S5-Ns9i!%EO}`^5k=^lcAVOb;9A*O|61ngV6d!4|@5I7^!XhQw76 z+9{Ev!)eml970nyFX?1)#Y;Nz9&Ag#hW+2dtPBhGe|x*Td$ss4yWO3G&HnE(9w(05 zcS{C=d0KY?S(IU8iR>D82^g~=tH!b!HU6`=nhzCS@J@a~DE@2yK;|ekB<(@Q$9MDB z>DiUMdvHI*-^K5}stFZ9X1%(ZBJZ(g| z(!6_lK9#g)oe682lhv$}sHT>r<_jjMxpQ)w2T4pbGbzpNgfuH9qnVwErYQ-{>;yD( zlFuwiJX1+JGb71aboc81UwhBDH~Rl$Jag`U<^_8E16|hqQEpu3sSEamS1tBtpxV>v>C%i#9`d*c zZ;#K-J4v!3mFI5J>ZQ${FCK~mjg6fCg3rqGKN!(?tQEp#+gKp~yZZOYd1A$Eo-1|M#}wA0%Tu7jXLGM0jc+s%C>1u!xe5E|>9tdBK$k zc|<#2%o0hn_ga(JhsGi6cqZzw@hSV#LyynO^Z(-H=*6p(U>q&q#sdHU-Tl4&+Wg-> zIM~epM|rlIl``)yzZSY*H|Pf2+rNKj-38fr7>E(0afAUV2iN#oSD!>f+A*cux^SB% z1D=hM(MkMQAty0C9K=Mn#mAgv^eO!1*P}G8HnE_Evb=6&VH=+J6OG4!%#6m}+E7i2 zG&!P;{kD$jEw~=Ba0DcmT(uCAIGz~e0Rf-d8U2`3A=@khmKaY;kQo^aSm+J8ZX)CP zP#<%IaV{jy5DB%#HPF$bKz%QDNBFRW$BBO3v$^>{fRf2n2A=oq*-v~-Q!=EzXV2ij z8yq|__xV4Vkfd>X|BvTwZNV$T>|L_w-Jo?T+`!40uo!OOT^7TQcLVKqyAAq3`vc#< zDUgMid78($fVY&4;RgPjr{Zr;UqU|qAGiUy!B+JaL^b#`MtyrbNmaAPq91>WFk>mw z>BhUkcJ;sZzsfKC%ew*RVEH_wN=Jqp;Fx9{Zs5abAFq%7-eEMjZ^Nb3b zNWbM5H{-n|k7M<>z2NqHe%Yr^abMn+oX5g%`H~F%p1&RJ1zrDERWwH*s>PU%nZ#dV znyXUX?$~enV>;G=ce>qIOxHq=TU_+^_5<7ia(-%hD>-0_jZQ|#{E7l`NrFs?XK^*V zJ$v(M_7%`f%IUlJ8xS&6GvEe3REek%GlfvYP?c0clIYw1`Arltdff&R7AvSlWNO

Xw3b zzm&7**ttH{;SN;W)Tjiw&MVHz=yk^MMg_G5ji@L|vvvtu_4B@$(5!odS1_v(bt!RK z^H>cux zXO<{tGdg8PBbK3-YSd9RdG>IJHc&RqgDBQ7GHV3`WKAxVdmzqId8CA}hQ|Uz>^~*j5bI_!e zCT`dV$PAuozFV&{iY5_mEci8u5zpfYX>LiZD*qLJqyiNU$(61Fr^alcPeY>qmS~&L z1Q6(Fj1FMTF};S;P79q_id zOhC*-qP4OBP6rUvfz&?sHj|~WOJt^R8J~y>;71u&ELZ7dDKTts$2N{u1qGwdmr|wW z+G@5+lQuPWH7rgw($^%BcFwvbTKF}gR*axb0VZLji)1+%M3TtAP;`96=wSGi(bSkwZ2f>EP zU74X6t9iY_qzR23nT6Fo*mD_-bS{P_jMSG$z@%z6IZGe_ADC4F{kM$9TWU|VjZFx~ z6B<>B84*d=)(Dc zVQyr3R8em|NM&qo0POvJf7>?FC=6f!R-Xco(tVm_B}(#3UUYBw+>YZmzM8~7mXkeu zx;Y9&LK16=U;)sMHu3rF_YZF*NP;3M$xhl8_qUBj0y6_(Fc=I5Gn7I1iZaMh_v#t# z!Wjx#?|2RgbCz%s{MR;~e!t&;a&RF2?f3ine+T;qgZ~;FJnirG`+HCNd;irR91ixL z{1@nN1$)I4QwGU@^*6?qZ`>c`fnkUlWIhh*umyk%84U2uaUo*?a(vu#5n=w+N8S)b zkgyODYcbEKQ2>|S5H8RVj5t?~I9Guq&QaDXSMdaOuMwd>4u{}}zyCOJ2G5;-xBr8+ zI6(n|6e$cgzHPzCf3M+P@3mkQB|rC_zSD1cC_d04oU!N?f*vBL z;cv)gnEV4x<``eK0FdZ-iSAq!>H4Zn3jl&5OnrvQatNk=fQG%E({uUkp}mqSNrU@N z-x&-zNd&o&@eXDrMlBCfm-rDAgnqy5O9rk)NpUvZmz6f zzV-zB#-A1PKfvzQR&Z3v|Nj2LK|%fxcJlvTp1ee?E$+0qnWJFg7&F$#HX-NF5M@I^ z=Wy@v$q=GL=sk7!2Tz|&pFN*E9Y8oi)2FWY^lY{_j88&HsCO9@w7N1Mst$VF9>?#D|jrQShK; zFWZ_0cme~iJ)%#Hz?1Nr{|&$cAip^JwSyxRf^HX_@E1V*LgBSfaJWDrGjK5sq}Ty| z$S{boM;!r^*BOG(wm<&j&c@e>%mbphIw0F1!t)OUH0 z8mb?!9g|=P+HJD|^vaJ$Gp3<{bFqBtflqP(a0QUWGRpw#FB&#n<6zK1xna%bnSvWX2*3mZ#M>vvmv=(~595R0)Cx^n2 zuyKezB(`)z!Dq=&2gVGKT*&9|NlKNPGdRQ$z@QCTe6Epi}0tm=srEke^2fV43e zl1|+9dNAcdH@sflGi64K;tM1mH+~Y)r2dDI!}#~KDFBL3R8AYuxo9BPeB0V(4F&9 z<#GvvD1a{Fyg(4>MZBUH8P7y&N3zi-A)rBGF4tEa28S(^GbA@s!i*Qj! zUANfl)OAgUEDSxT)ek9yL69)1Fcu&;CO%v8-bA0+F%GBxEGDvyu_9&bhTtqh;b`tp z)!K*hd;+6Ikw_RVDv3-=gQN2|V1d0jKsg-33Iafg*bOFEmjt@T98Ixhzc)avD)Lo} z*IY?NL@>iH4o*WFAy+Iq1wx8t8W5u^^AXUst(5TnR;DlV1v2bnTVqFvajD3Q1AhuA z3Z{Vivk-Ye8Tnku5CxDRE;>DD)tXzx_e(rM0b-Z0NAD5wr%MaUC62)j48=QM1zgEG za^2^(l#JD=^Dr|jzA>NY$i1SMaCQud=Z7%xnLr=ln-0Llog>N!WSDSKGWTb52b`I2 z19Xi7zEo2#B*%QE>xgplow99?6Ja1qaA|45JIo*~P%0)M=ys*7o%$BWmhT;GtkFjx z@G0YyT56gC9G9bC*9|inYNH5HCpi zf+XMju8^S=+{}GuzUm*Q636GOvRFx2s}yl0!C6%Pc(&JKjb?h zB0d&EDS(u|<=TeODCJAw^0z`L8M8z!U4@!b5#d5ptY@+_^*V^iYk%Q0D&GRR4C)^M zEd0=4#EbMrUgQdpP9B;g4Wg>H<3=$j|Bd_!j?dpEY90tg1<{rT^g~I2W8ib6SXeL? z?ahc-paqtikfuYusZWZmFa+(vv;G@DrDp*@ZPH7!cG64o=bF8=em5y9jBZkdtlv!s zhekK?wHr}-v>gUBp*7_*RkySg51aR)m7GQ#S4vdMbp5R`U6#~lyjRt8>#(1do<>|) z-F1hu>rCZcNxY1_Gj>sV^3!^1zUU2>w)S#bUqFg1h6`OJCCxMvr`7=LsZtYa805<) zc&T;@c}f_Zr6e#o8-n)pXK;TC2X4CwnkWu}a~$~YauqgS3Phq{F#vLak4x{GwG`&;{u+V}iP%)K}7j!fT<8c%IL-G#Hdv*7W965|Myu zX}s5o39kZSfM>6TZl-j}0MBMz>$pZ_!kKK@k>(=)L27YAeH{wj9(90+Ch@ET{BVjp z;0BVg0}vsYbbw2I=DRTH2qg(mr<$AxeCx+|rxdXc@0tKipnE0M*txP?a78RjpymSo zd&nDh`u3-@R!h$cW%@~nKFBC1m3@&waAZX-*DUhPBE6oLORw6P-dM$yeRbT+$a8{z zj}cv~vAU|Yxyi>SI#mN?`4-#o*%hb2zeXXV^qk;HU9p>~W0~(U6`YqTCifstaZ;;Y zVPmvY=m#-Dmve&X90vmb$NbBW$rRU>x!{?gl#YCjA=qDs8b9>;*5f4#;Btgq9D2ge z`qA>fnkGx7As8I4Lsx`|k3Ey3%$sUjGR4=Wg2pZv_Svz@zpSPuUtrlh|1;Q~i zJ0<(7nv!h!AvjE=C-nTL(cjpS#W3fNvnHko!wGB9&EN9De0gl+ma0aKhN%@PHXv(_c(|b=mJ6SEDXfR z>k}oEoQd}4n6l(JjLRc{dEwkBlxz-*Sd@&|!agd~oQ<|qgB5nPrU;wts`~5hs!AwX zcXPE#>o?nD?LCt{kTJg@a_zfFI|BR?PY?+aLlo#Q8G}R%==YX$R{6nU%SgiG|Kh0y z<`5hQF=dFHo_D}&480dHfT4>>2fW1|I>$tcG7iZoTZ$28JxNT*5>34-Ds6i?|By1U zfkD|wbnpcXXNc;~Iz2xC$EPnZ01N_rBTsz@g6=%iraTD__z9D238s2VcR8Q)atO;v z7=mBhgT5pF*L&73921%1^|cbM@}y4q9hv4X>ClvlH!a&taB<{8hDMA)hGvP^h`5{g;G27<&Lx>d(X?$Eh-FNLQgOM1})IQpUPWey#>>u>s_%G@-WX@PLVvx}n@pOvF$p1G|x()?UAJU|*M)6{T z2&a_S<9aU>PL@{)MZgdBDaQn{8-zl+&jut8X-7G0frI{)5dS_AZV00B|5q$}6Ao4a zkPWhsHUtO#e!pM0VQ2EviWvKK+J}w$ciK!lp}Mu&4dFCoyi`D~ESfEnGEl(*Pt(n%ML>I20 zLKPc={k>Mpm0Ca|TwELkS+63qgp+=Dt`hy@ zJa_<38JI&V9k(&p-#LR*Mq-!6B+)t_JOCyo#%lonrqK@mK1{cB%274KUdQm??g$N} z0}yi^69xc(6Yx2RzcDx){GG#)W2CGvy^!r$SPfR!F2%2UpK1%7l=PGR!4f%i4cYN3~MgEOLG!*|e-!cRj zL-F5Mb6z(T={&=mdiw@kzXsbEh`I~jPmx$Bfce=n3)0U`r$Sn@@q9?D)}Isxq2Jcb zC=Rlo9%(mU2a;01cMKJQ;IL{C{%|JBYBC z`kK|D=~Yto9D7G;RZUH2H{TWzUb+^o7iq=gw4#$3fNfwmpfkdr=Tj1k zhzpb0o1qf*I!om__Fg8{UdU>iMjOZtD5MM%I77lQx)ukHWQAi{K~t3lvjIKV!afff zgYJA$x*N%oByIZOD6QmxcT{NRY1K@f9I77p@x| z{veH6VoQPbz8pX>Qr0>?=$NbMbI7C#kMGl1vYk+PHksoIPe~rCHNlfQIW{Z++ah6Z z0R6=})E$e84tOa_%WENsB6%e-#0&(8nZu$-q0ma8uR^mqT8g2S6HZLkk{*y$ZzAE+ z%hOe&O_oe#n!Y5xHtNJETnBq{Dv%J6R^Nn%M9-{6L|QtbB7L>_ie0lW)G}>$h5=xs zIvcmrq6`Y)tfCQ5|5EO{9U&fPG)6%VixSc1Q?De#yDy7xVRLp|K{5_5{L5oVbOHiG0fnJvXTcl z1kd}eRF8QBqt&z}#heBF^b#_tk8AWT8Ypfea;|XakU&?M3iaWQ2N?tr!4V>CDLiCS zjY<=j#$zxx=xOuj$h}Gray11dmis^970#T~M5e*oFCfB1SmY&NioR5?4>DL?azYzv z{|Nra5FGaVhpXVq2odLXp{KPiKAno<9pKMGOb|^D ztr0QrV1o$~CM|h6d$I&D1aWv3;+qh_n9ao<*p=6_^I@8F6?&H1_I%NTWLsM<&$3x&4Z1#c7ABfZ5=9Aa{A1j-cP zw36Mp0K%JA>Tze&xVGSQmnE&-<*rCV&PTK8oSDWHOT9B`Ex*hMHqXolHs4GsYBJ|W zSx@uAm^F4Nm)_I|Mr461m`3b?m2TsS!}PP%WjyaLUW%)cSGa7$(;7`kYL+)54?GQW zFxXQ;4szhP?i^}OWk50faK@Ot<%*r5mHIqfJsdN_U%&&@vHBhOk(OPGf9nV4JNZS zOEGPGUltL(V9*ar5H;F>?K#h#XWhfe;OTRSPzl64*nw3@;FN;3#qVH0BY&$Q)|9-1 z=X>Rn*M?;cvAb7AdDF`_`G7pRx$rIDp-8FR)|!w)+~$IiLcO~?6ox3>nmSkK_Jjej2SP|s>B7z%p%@28;hQcb6iJfU;{%X-Pvs+0^@Jy4+ zI^i>=F1=ppOcPhb;F%I_!@!xjd*xXIwiVjQiaa;^cODG$4;GHn?40s|l*Lkivh$3r zf!t{A9oxqOc=u)%H!$CcQM?rX-P*)U(cYIyyp({uv51$VyIX^JDcU=- zhnx6Tn!}YsqV$ov*6_?qS8xAlMYN_Z+(3UvrtoqMcWenSM|^LF@NyFF$PQkP@Q%&k z<%sXf3ZB8JOx+m+c-b@&F~!|E;#y&9{H8Sxxf!(EvE$YNS<{m6WTg$)if2<>LOrN! zm~Tr?AWU_A>jw~uS1L{*OcK7C1Bl$NZCl1}1Ljt3-R5p~W8;Q3-BdnLl`T_Ub<(O_ z2CLHipVEj?`q{FYa_+d1UzKU#H|4D;f(A%RjknbIkPC^-xYR10831@zp!eQ=HBX5!L>=#Lmv`@BZ{t}A-6nXGw76~)k zr%c`=%4kjLt&xpL9bIHLnq2C*$iGGe9G#!?Jts$)hm<6tDquT`{9n*gmiz??cIE&0 z;aV7T(1xH*8STQz?_Qy02?ff9?I>pROMHdGX0#-ytTCGd#_OllltNZ?C7xO_n|DRs z0*O#Gh*R>AGUA7`N8s_}^NX|hr!P;yKhNG>h(7q`DSL zi5Hy&FJd7`TC_Ygdr5u~S9VGW`Q_bV!_?q|AEK_@lDWmXil{FH8L%U;7>cP!0+24LP&W<7cUlZs8dSmU?C|D z;ySF&?@*+-kcezdt@5*3`e<}{bo|Tc^62seyt{aVFI^q5v{Pd*jSy zo^COwOPwU~Rr=rH=^(5B?HwEr`aAvaKAz8?yEIHgQJ9VWZIFpZ(BhW9`@=wzZ);1?XyrRIKx* zb%nWw-=9FxZ|c;})~s7A z4Qh~7O=4`o~B|cukMbbDbp5S;ml#nGvGy^XKNYWCBip0Sx~WE&}ic_@T%5 z&d)SP;{a?MXp6D`N^t9j^JU~~FMPX4JeB&Nb`+DJ>Zp5#XSMz}c(OO>=k&k9et)pj z|L)_-=zrOdvxCJfOgmA|3&T`gCBnOMPx7<_zMU6V1YxQVIo{fg!e~0 zS@=wxQ8s1>G}!UpFaaXbc5JKrqM5*3DSr1LS>R_0|(sR z_6!l(B!}+p?XXEr24~>*wylXhH~cZ%P2d>*pAsAjuZLm=4fgc%a8s!vKFUH+AbN1TzRhPvywu?8f)H$C~2Jr`tIU&0pM!R&K{V`d0halPLjuRn5rnZMw7`AzDmc` zRVoQFm~V7)@&5GqWL#uYPS^zs5TwWvr{A}?mbfgH{bW*@coCEfgo5^8Y=fQD)$?Z6 z_>X=$Js-b6dVTux=<-Bku}oS!OCG;EIsRodzC8MQe0+5A^7QS|>(k4B)|ra7D;^c2 zZMh0%Y0%04y1Y0VAD_Mb>GbEZI=jEfPq1XuErGVHdjHkQ(d)}s4_b0`PSVN2@4%lCkR2#)wMxjz>_%^6` zdvf`Yvx{HGmlsFJr*D65AoEIYWv#$XB&>?&N<>{Z53hl&_NLnZ=7zHI<#!Hz-xpt@ohTL14R@rEugfJ*@*hd+SQu;0w2!)&X6( zU!|buuP?0wJ9mXD;jcBAt>luQfMUBMc;D<+bwzM^*6vLSN)CPowy%ox~7a9-rH4^L?gKJI7b~>YSt-pUvyF z(C{iK-1Os+)LE2ivKZ`H+Aa?U-{4q9|K3#T(o2r~>Jp!d0)j3PqCgrUH&eJsHcfi2 zNeKyM$a~k2^hg}`T;gN#ABPvTgHE7n;=C%LNkQY!8VIhWrfr2A_>-Rby%b0|rKJG$ zx6;ZUZy2d)o-9#PW(W4gla7Sdh+z`==JNi^5oRCUtr9B@&iPdl%a*by(ef7sA_2?RYs+> z!8><=ulv+L|5vu8HT(c7&i@Y%2Yb2m|GlSAcK)CD^4QP+Gh?0g1IT=8@vVQw4kcrs z)TiR|K)rAnzX71iV|i=!Ca3cj0Q!*r^Jha4-l=oJ-L@j{BGJg}zyi78e2{D}EL(&p z{U`f7|Aaq>e?keDRh->jo{f*s-j2>*SD)VAt!INMeR63Bj+ncVAH>eD;7{#Wu;w9j zX2yK&6Y;wtW_K{&tmAh_;`e_f{`1+JlQ*wV-<)37gHG|3$uL+V?YA?-Z_q;gxvD*{ zE-%l=qsybq(fGx?pME;I7>`c>ce(spiE++YG-8m^7x8q8h{%dph5GCT7xCg4eoGXb zO(^eRF_QHNxf90&s~F$;9c-m91?M!E-JClr1ozInVdvej^KNM1-H=lg?!d{R`t&VB z!|o97&vyt%m$WNRt%9zHCh@F*fG%lI7U-n~9)MR+Uen1{2apO}0EfX6ObCKkG!6Bx zF7r?sT};Ls6FCOt9YY2Bj*sgeh-jZW*#Yt>fZ{A3Fbw#%pZ_Z|Kp=o)25#n%0Zf6< zfKQWr$XEp6(}W>bezb;I#mQQogSiLb9|+9hH3BeHq+@XtRxA%MPe**69=|yMY5d=( zm*ZDQ7cWoV0>&x7AwClqrvxZRMs)NkfIyCy3f2iGG2=7v2C2Z07{n@cqt810wZP8i zNF!z#EZ`NAa0ME^>N~l%HrfjDAMb@^xKIGHQ!9d$-gt$MLd@+MpLR!>yCckvjxh7l zCI0v)m{sS0a}-2;HnOPkwcq5ay#KqOJO3LzJ=}Y;JO8_n=kw>@V{q*+hFsi>G%Rcx zp&u8#TiiJsg2z3<=e@_RlTVS3N*WpgRYfp9r=`lJr-@cwS?bB%w5T*E9t#-4pqz+A zxIkxG3Vz`;FLc3^eetKi7{$}6{|U6aDKI?`C9%gc7BNh4a4mfaeve_`PkrP87)7EP zPU{~?LKo#3$HALK!34Q5rU+2H$b^j*jTeVBGChz8SRs?sh$Zx)ig)|+?TD8Zx=@7N zM^5W>3WzkGOCV~sqbi`Gc;~0_XGQQ_$QNWzyrQ;VKc{<=Zc!}jk4g9HGNlD-^*UM!Mm@ihsSg(XB7 zMMjJ$$H%>z`)*^;Jx9U9q4S>Th#FN@hl#pH{5njO^|&jUOtL4BqDXh96_y%g393-V z*o7NfMG=aOpYC-h%PdVJmHEIvFq!y>=J@o>9#v^#jZS|k zI1qgATq;Gvc>yUB8|JnuFC2*4kAyvd&f(tS6HZ&UA7nF(5U}qqUV~{I${e!wXwO?V zB@Y7@1-8?{m`DqSZB%OXlTJ65sP9SFS>wPjHtKsiK!Zi9!w^IZno;%z%UWQ1()Fzm27lCPvo zBKpMI;QL3s|LToN0be(JUc+}dr!)!33mn-{!*(wW)_jSOUmQh7##)|O4YE}pI@-W4 zE#8mpwTt$H>UKqO5Ome@X)5=P&L_GC6zk|G^Fan+1}}xx6r76Lkua&sEdN&I>_oiD zP#6nkPlCLLWMX{qlr63BR9|A}ST=K2DWOmvCE?z{C z`I7+2LmtRCn?B<^Rk`<|a?hW#b*8C5@|`p1nataVO(j590GI=${(AH%Gi^1O+J4!4 zsbdq5pfk{eK3|;Go-Y1LxQ{sd9daCrFupoS%KBEkPVk*5-q0)@nIH3_A8A zD|C6@Fs`-#^XScMx!wzhnKi6HroWAmg){AfjLS$#Y2E*cH%Psqv9+L)!Omsyk5W&m(#rWPjdl}Vv#}_@gpePa>_v&AcbBimmuJ76y#1!fs+ipI z{)eqRwPp1He(jUd|BR>N{6A}IlcPy+fF^$E`QfbIHQ4t*(JeWkFif*wFcBY-ZR&UbTts=-oR+L z2yDCv$lm*0a3HQ27f{>ZcL=_4avhQB+rYib$?0qJ@a|dvX(IpAG;7TkfC~TLr+ZHe z^8d+Tm;dKpp62>Lj3Sz<`Y#inSWmjwQ3!WyK!yw&$-GGv$?TQV^0a`=oxfK7q;5kr zpw(V}wI^g*t>*rlAW6TNjeTNpqb>k!R$H?mWdt%bQx}Bvuay@O4{~NGkT@@>zBM=- zfZV{E4j@%tr+Gh0lZa<|Z<31MtLJZ5z_1lQG-wSnEZ3ar)@8fxFy5weA?XM`DeDcM z&EaL0zl+J=(oL=45i(GGvuSK`R0%#5*$>qHfQNNtI2Ur=MH`J^f@8 z>FMXL6Y80b%dmhTNe6M$W!4MjHt1);R>xSAkL8lTd~EU7j4x$T*Rt3xvDXZ=+lauH z#b=AdmO)s_)P<89up(ep9nfXro{Ak+%=(t?D#HJz-n6{>qtlw?bfbJd1c%D( zLaM?;S%}JnZpss~W&kJoST7_L0~J~OI~T5~j4`UB46TB_70_0p_IaaVMp>E*L3Q%< z+C%GXmAY(@qx$sObfL1aNAlS;_>p{UA&^#dh$Sm^kYk1lYFzKu+h)TR5lqY zS1VPLeyUQ~ltW&TvLG^DC{lxj=F$<(YtTCa4vG zgG`n9tG6B`QM6R_GZ{un^idLE5S-9tJ4gxEu)%n6gk zkQ|Mew;&whIbaaXAekXH67r??+&59?2c=}D7Y|6}D=3cUZpWcP=8u|fe zgCQ9Fxm-?m3yFA|$bY3xLa9yG_W`Vu|NVo!|KI+>{@zah-^bJ3|1WX<%iRLmx&Pgd zd|vJRmYt$7d-Hn5_9E{Bw-b;58Bdk`&qfbSFMu}j0I!h$hll%l{eORNu#^Ay@`!jm zT%uhdx*~!~5U4b0sqninEw$@k5Vfxx4G$gvC<{c+&F8LeipBxTT;3Gwc~{=x%vjR9 z09~VyQ5nz(dr1BjVNd>{mJ@2kEmOSWBrCUCS-R<3PHh@^eVSh^xQp7`U2?-{i{0h1Jw2hjqDlv9|#OD>mC zlOlN$AX8Gzm1!JM)xsk0!ziK!{?E78AVRe?eN)v_Cb7D5`l`C0(^e&&oV=X{jPTWy7zEnCZ<9nAGfZ6=_~ERQTA>2skij6rp01dox2(jy zcB;tWAx^Ok%8Zxm67#i{`x?)>`@bdufU4vF6wiP5clm$r<+-ECKD+(fHxucn(NJs< z`lsQL*RlM5?aA>U@HCVE>jeO+kpFx8dxJv!hkk!2|L^13PQ;#^T-=HCV$2?3g!mrA z$RA6~n}~!w1YZQTe(1BYoMc1wLLP=2&Rxo0rmC0Ue6-rtPOi;un{Wl=Z^kZUXoiW8 z=&&4~@B)))owP!d=)!W}FxO&+BOKt_a@{ujI2`*SL*yC;s~Ro{)yRyFI8}Ac_NV)T zMje?NzgINBf!R~!w^CNm?A=rTRmQp=tH9o47Za4}!%V<|tjI3L1v`m@oY1)(@qPh;Z|o4bYzN5 zRpOX$uw)B1bi1H`WK37 zLaBSBsPQH7uO5u5Eab}80#Ox)e?=s!V%eslsEQDFv8XgjcN2^1j$-rtXNI_{9e&2- z^VRWZ>UlQXo37&@smMaB;>@fHOw=Gkkl5y@u19j$ue`5TgMWQGx;%NiDcmiDg!+ae zLfuh(pNyv3JiyQK+3VLQ$C+SZZ%!^RPLHc%>(qCcTZe|r(>Et)@2oMW8qshmLo}>M z!`b=S>$9ILgLYLDq0D~ORMZKXwTj2?KxCE2mpgv*vNSMQ87?)=)m`j!Oll0x{l%cN zSqYPy!p;JIdI=dE`Tt(YM_jPJIXWM|Ir?AYmq(XJqtpLg6|b&7-c@m&R<&#wU27Lz z>l=)&wToYKXYp&Y*1K;bfK7mBG=s_vS#u3ZFTk@xJQ)j|X3<&dCT~p-Kpn4_B!kUB zO@g?TpPSw*xygZIQ-U+co>qRgMw;39}UtxdDe!la#KPIw!3H)OsyuZjlrNZA5@23F+TjTfCKM4HVC!D)y)zj$w zf6V|uRsP@mh4>E#Pxp8EU+?AlgGct+`Ik$%1@mxHf8$G+vKk^FBO_(46D@qeD= z@Ba+=KRfw<56{<$|F8@E@YMr9WC9`>cZFSoAVZm3$&t9s$p4BXkAM8yOuKuw_B59N zO)h?_r%L`04)gba_6PgB{IB=&tRc8}7eBwTi=Tgp8=qgB(RYvaX(a!(M?u3aK&AcX zu#o?If2aT7&$BAB=bHCE{#-FV@7ENQq_WAmDW`@MnY-xoXFn`)HP@4r7t~EGX0%D2 zf@%RXe26SJQX1NV*0BWb>_B((tRw%M27s=#|Md6s`u~%IUHq4OdDf2Xd8`5)jJ-7NTX9r=HlxBu@QJlVhwlvzGjCcm_}<|M&Ku=KX*AdprBjy*zg-|5qLr?3RJA5)X1!w{LJ5uzED>Z2xvE z%~yCD$p7_%KUT~C{U=ZJ_Mg4})1Cf*FHckXzjlnsop4_r9Wo+#!Jr?A*`)*fag`k< z_b}#+MdLsu{TRz*fam>Zef4ohA~*Z7-x8nPz(>X%u`Y;-jGoA%z!t0_CV>oQ!du_F zdPe^TjQsHxTK@R`=h5Y8d~|*~{^jJKMhMAI43Q89<9u8p-T+3&N^u;A`5-j40|hj= zU@KmZbrb8~akbozVFAqqrj(B#ikpOJOt1WCe2s`dT{ey+kWRB=ncLe|OP%ykKXXH5 z>IX=6VvjANUh+M?aV3vwa#Yi0=#C>1GG_<|eR(m2x&%f@l}uvU|Ar@Om?G?Tjaww< zg)c8#OV;E%im0XDMSg?=KNQ!!X4xw$9(J!#{w|73eB%v4f|qQFpzuQ+>Kjq!4NtM{ zwQ(Wng7KJ(sj<y1u%NpJ*U5CDP}&=37^rq;O*xIw_fAjAxW2zh|bF}1OkM{tz6Gdx3| zhMLZY&f`bh*OBY%e@P~!ZR>we4xbeKKL)$}-}m!0)&FuaLIqEZYUkZdN$AWw3ni&Xt*rwow!s6TDIyQt%uxtp%C$-BCM=`WZWa`>orwzB&ZyyQ2hS;y z?_WDi&Wb=e)=)XQ5~Wc#Y*SFN>k1?$3pdAf4N2fn%P4`6-v{1BhI;v z-+W&$ekO?k?5@AU;rDBE8Gdw0vgSMlvNny^jZ z-b~NzGP(bOp9b>(uKa&3_Mg4}!A}0)%agPJ@bNAUe!dky;N3#7$`800k$&Zf>{4m( zp3R>6^8e2K|DG1(fA965?(YBH%hT<4x9H#3STEcy0bBR)%TQ`B{nh;Y(#7mQ(7!Lg zlK&z6`wHB&^Y5$S-@0MbLdFtdR^GhX_9HLA3LQZ__@UG7fOJ+doLe#_W8Gl-#CtvF$p-b8m z%?x@Tn#8jlNV=q5`MGO;u0^-(KpUa*OKl?SO$t$;V7E9K_@d?cqz>(fxw*=SHK^N* zAf-269>4jrax|v2=gtU@qx|TKm$Yi>D@~qQGw+<$*|O%&6J({#*WP1)%TIm#PlP=f zGfZ6=AkxSNRAK+w9~AF@K0Vyo|L^7LcDt?8In2j<j-Y&oK(*$bjOw+sW~V2aUzG`@s;!3qL#x0(^tKtT((H#U(4HW|LHky!ID9(;MT3ANq@U z;kZ$p-w`a(0+Z!tU?q$!Yf-(y4>JqkUEb_FwJHr{u{4;ib#*4e@e{f@aKi*wsdVugN>ydv$krhJia z-e3<6L7R*I_AcP`xB1l9|ETM(k^Aw#s`bCUCkJ`|@BWj+UH;#Dc}jIZKHTOVAT9}C zVai_mSg)&pJ3x0U~gDi?XGsp4}{Q5z^e-~0XMWZEkSs>i=L>)sH)Yq>a9HEfT z{V7vUnI4+LIABL!4t5v^L2F8-kDnstA`Xw}QMlx4=Q2V=@Fu2Ayll;s|M{;UlFMD0 z``*Vmq>Mn}IR5nyg1@TfuFdhPkM#}d3yj%Met@Vjg6n(mIxN;pf+NcS<;I2ZKi*Lp z?=Lq*7ciW0o_a@-2(a~$M(&t>1QZ2+7=IGQ0mA^gTod3$S`UgD|f4OWX#(s3K>PVZ)9&p`a}rJdWiyMMiZM*o1yeI_{oA~Wok@sG`>s-Fc;hRGs_jn! z`n{@b`!$B%3mCxAMWn69)p#`$8%(iqQ5kPm(OU|(thU*}yxUJ9VV=CWG7|2y z!QK=3b7dYpRjfg7yWFY6A26|9WBI@R_z(T3h5VoUgT0;nzn5owu^o2Hz}+qbca!L? zV*V!^&TfEbGe4YlrGmQ6^S{A#Sq^5Tk!QW$)>^~=LAb4C+ic=$!TY)N-9fpKvEI36~DAi{nIw~1$_Md!$z@(IgdRmAzEL6 zP1lizq@+z+iNLn1G&s{o(>q51jiuxg%pzLy6HycpHx zXu=Dk0r`&OH1X12&O>lwXFmLfuVO4M05By zUV#0*I*n8Nn=8b(HX<2=Wm6+Y|0KM2XksE0YAmm&uU4wc^$i~D&VQ@?cjhQq__Gib zv<(?kb^i0DpF95<9PaP$?tk3N^8lPf#t;c9U>L|TmpMl!u^)JTI0F%Muiy+(r}Y3_ z&V34K97+E=I!8eOI9tmo6@EDDh}@0LzeeINneiTmUh4q}(M+ZQyFf(0xqKKAH1$6r zPab>x{~kHuEDV+ahoUAY2}Fp1zz>nra$b(cBZdiTJpjjevA`jCe>?)7PiV`T`K%}Y zE6Hy;lYf(*_^*C3pY`~E^iO&n_EJC-=w8K<$gW9Sj~#jwwH`YYc-4CButn5*{C`^y zzz|*TvHc&sMiYokRdX@mh)buqH+CROPR(+ z2lQG2o?(Yx&%UZAX`TNUCr2;eoHz?_J2+O)|0jDz{qNx5$3P7iqq!FW{}r z7_3xM@TK*oYdl{v|M0(BUx228uX3jT;A0>^zCzGL*}ybMdL` zt8b6M7tnY5&R_t(n6!F8uKBIjX$Ua!5aHsL#=2vgfF+K>MDVrmNq^5N4g!3`rSUZ+KAecy(XGeeV?hV|n0sqxR?dHmN$|1Nx}0-~OW*=A zM9S;(VMSc5>7-Pu0h}mKq6()Wc|$VGIdrca-UYg)XaR62O1pTmfT1VEJAWtmO{@gj z=BjeTR_o)(k7B)P@nK7P?_aHMmm=1sjPT+=6#Cw^i z3jJMxA)0kByrlW(3y>SM%VosnvjJuSSWf;U1IRcc7y_E|W^95iLFPQ`Td@CBFKT*V(AI{|c zk_dYMQtHn_VY4m*j24#OVI&rvBd=A19`JlB{^Fe?1`r&bzX1#E#es!N`S&H99Yf;z zAq*tNM)NUo=ZG?qJ6rTY5r!~jX4~1;(HPppUq9TgsFucc_#(0f@Y=tA5WOUSHgjWT63jH7^ z=yFaFo#Vh0b~(Y``yZuP%YOfusK*)(UrZ;KIh)19C5aD%mneWs6_zbUH8>QwEM?Y3 z7n$+j3Wzda*F~X}TT9Ok1d{ysb@A{O0LQG*7TJ{S*9JK7>@~VZL2d%R{pn0Ft8#9W zHt&4n0)W8x2z6)uN@VD_|f(U1;viTtl1@0Vi9=1SLaT}aK z#(r?4I6EB=`u&BNl5b=H2welH3e_N0yfd^@)lNQ6y@wgr=lM9jG?C z4hMT>beR{}E!z^SG%*dde2j$It8f>3>d#^s&rv7o=3J4j8-g?K7+s{S+@asH>oC4* z=2HNGf{?t=X`+Ig3dpbgXheheFz`J|tEF>BV&^R`vIBn#C<>;4FA!XJMuc%C95Swy z6CowN;`mV=**UwvV9N-#hwTe2Hu~>Gn2`3Z-lHXzbc0?B-C20hNGL@_X2i|>UgR?Q zR=M8Ep4;Xg(1hsXAdry@#4QtHM13Q#4V%M%#J6-dCOG-T2sF={`RFL1U`p^J%?u}Y zQhe-U!Z+Rwn|9k&x2{W_DtOF$+{P(CVFCh3W(o80eHkKhI{lJ(&;W^FK?M@rF(ydN zAgVTS9^ae$lbG+(a0omk%m&Br7(@)3!!*HJrI&e|Pu z7pemga~)9`fWHZdyzbu^oDKfYD@zX0Uw|(uO8u!M6{10^k}8sIQ3k`F!m#)EEYsaS@l z%&DbkQXY=bVB|h_j+SD2LdGE9(DE;vHg^jxU8mEr=lPVx;*@L>d$YA<_Br-mCQx2T zD9vfnhK03AxR90CTQ?MD{yhl{xsHIlNZ}l(aMqzm{`Gr|8C;7FS^s~E`pxlEPdf@JFildZSMnCUAy?fp?v0IFj{`W&P&(<@}ejWKG>g&VO)}!f?Pl zs?HDn&=aO{A;40Z0U8R8OKC7P%zl0Iv`g6&!9za;R2mf@Np~7N(Wj(-m~KbJ9x%6; zJ~}_GO%0B4fQ1=m4TYZR+7%kT%()MH4zsLx#vT4BErz{afRtx=5Ilkm4A0WXy=69|-HD44n(0 zI42f1+Bqc96;=&xk`f6tBZ4DD*piol>Apkv6Y}^DGPmbVJ5$>hqoLnH5%;E!2PVXAdmfa--m>dKIikDqJt)VwJ?DdR99#B2C`YtK_k#?Q zrv3*uXPtrrf{9@pUI8Y&HQfU2bf#}JJ$F~;q%-xmxa)mO_k1$~k(tCaywgM_XD+N@lH z;O;yD47ZXZ@;aUXr&Hkt&{0}}FlKYH3fPA2 zPTd4dOxy7j(6`mk(tS>T%}YLsQ&?3#krZ=C6sVHB;I&Twp(pNsK)z`+PKaHCpt1R! zr+2vW2v5Rm5xK7voA`*rYoB1z{PfB6}@KIXN zK4ylxcv-*doPConw1%ZB;`>>Y7B1jZKSaQcbtM=qme*Zm4r#}VVU*Yyvn;FM_cBlo zcckLBN#1PyLd411#OMMTykO0vW0(*dG+q?^sf@`pszj`LT zw|HgKgqekRSDX1fh8jEhh~Nc-eo%kco<~yHvhO+1ooC&{$>8a8h)}(adkS<5o1GNc znme5YfFUANpw*h-V84zl=L(26fNH8QY% z9laCKi z0cYl0X?%j7Cl;qMADWIRC*OHKjRLqFC*oO@$dgz9)?s-r=|BGALX)KW#Tjxs&0e0> zDV{{c6%QkMsXKLXRPj0m3mspacF#H>Nmu6a!G0-%+jT@_mtYB?%G+A*SZbr)-iga9l(zF11Adc-9fF935~2N!S615KKD2CB8_CE+S$9Je`6ET%dD_O%dyW zDc^2SpnD~p{gXHwcnY$VRyL{PTIK4SP^<1$c7cZ?g5=eV3L>_Cgi{~amJf95BfgvC zo%;BLcFbLC{L1RlD`Qr!_X~O)%JY$_IOyopLR3n{MZuA+hf7pH)-6 z$sO>lluCfEAU}s~BgHe55xhI$+MAfjS?j5cvpI0NYis^nsfmcgfm(X8BT36w+3hljT_BPBJi>kwz zsjPWq~_ryTZI$2h-@c+xCoz*?jyntHEYOSY3?z4LD&Nw3PD1VLhJMA`Pog;A(J3 z1ufr5)Rh8Z>L@UK@?ab(wuhf@JMFR@)a~J~?LprW|LZ+#e@ITml+)Mgd3qXVT*c5> zvsP*=Wg8rC+TpE8r=1+1WZIL#;HG%Wk$+ric#szhcuo;m{?3nvEJU$hOfM%HiBu zGi<4n3U;B#kIyg8-k-ia0slOEcL9#hPr)xI{{*j2E>0dl7C*1hQu!TlDXg7Tjr*O3 zPF9f^$>Q!QvJF5La-Cry^*BCLVj_dK$Dxknt-B>%^+b3o`yIrR$m*;6;FotVPA=Y_ zT%L@;@#}Y^%aaT6_UO%t?vA&HW00W}XzXbaGD)3|F0KT(UcyYugv*0WiY4WGewf-u zA}rBoynr7njX+5GjNb_YI@OjQyb`2Je>u{_vjTlFS5-Yql2M7-T#j%FEfRN$UBc}2 zHCtRrDOXST@kAsasR7M>YC2{!th}~?4#=QV6%=si9i0n2H@ZAJ{$+G|ba?{aUA)$; z#{bmYl60zNb{;}Q7A=<-#FK0L#w?H*K}Ji;&?4Knfgi@7q?RknfU}VjQ$97KuYrdV zrqt(iQf3w!0#Wl3__E#nUrGKSXNK7#+936#cq;OL?LFDc=l?l;`ebjH|K~oQ&!2(L z_6ge3!BYCjw{=?Y!gnuC7@-QS$OB}luRhDVA6qsQbCojawIAxlkhWsPNDMTRYOXH5 zOU1KG#j{JrvrEPE&7|V72|~e7S;2MR^54Gxi=4ZDINMGNz^eSuhl4`?&x8FZyY>G* zo=XfC@QQEyLUaR&Otvhw-HevqQ42vKwlIqL^4IEuW2u8fFd;B>=TZe;Kt9J>U8&NG z5WEagCSv2Jw{e8`xw;0~0TW1N{AX#^xlXTdJiM9v0RlI?iWZg&%tR2+h+wZHsw}Wj zmTyr0Gk-idD~Dp(P!*0C=2_h>;0{!%OfozuKeRe6Rt?R;=R={vp9) z%i&{1l5vz-jm++h^P$xRFXBZcyGUt_=0%@Y7ra44U9DdbVPBa0vP+|Q68LVyu9KKC zdHf@4`ylco#MK!N1BS7iXVmd=4@Q2EOrYDl9`G-1 zBeyGM1Tl9`1WWnTWe-w{2y4qyTF4q1U|*u^vxth+tX(nH1C;demxNL!#}j z-bEZB3VsB?evo8-Zhfah3;uP6SSRo)>)b%*&fA^VcWo}8tREumS>LOJKI^wMRQX?} z{i(wXMf`h59xt^!ty@Vhj-)TCjodVnupP@H!Xa-EgDj?%q?lhouLovG?N$ha-ZJSo z-c34&wzWg7VTS9JEa^vKnX`R@QAB%bDD?6oY2fkFGDd9N(lTZYRa+tSiJ_3MMzoj2 z&$gAD@V|OGZhUzO`&Y#m1P91Sz!$PJua7=HYPH0{I_Eo;2m*X=efKj5 zqLV#HPHcUrL#+xUuYUO+kqO9^ylu6nap(d$mpSN@Pl5wn^pJtaN=P`D9Y6%T|N7y2 z;7IpoUbvHQwSwDG%GnE~Jf4MN_z|a9US%BqXzwrQCqMK?0>&twh_VlJ1s}D(lhitI zF?;I=4_Qavk9@>MnHq=-MJ@lg^&Qtv$Fd0mv)ES427PXQr$39~$bNT@&QC=L%Yq3Y z?Mjm^oCLU)g>`8@jJcA0D0HdsQhI*`Fp5y%H=9LwiII*&j~5i@6Y0?BI3pPl zF+%=Se*f{u%u_a6&GKU7)>9FU0ED@9ncoQ|8gzT zzwn*W1ffuVY+W~E9Oz8J6zZ!_+IL4ex1|4U3KckFswz4h_YCXt8>4-`2h%?W3y`IPdB^^0B09_-p zWOETBiK^3RuLCFs%7mS$Rbuv0&8jJz0!YCP3W9`wQx8k&&uVAY^qb`k`c3A4gDE?k zn*9G#B`LYj36Q>4{+3-B1YJG;yGil~oFrnF+#rBHMIw<+5E!!{8As_PLeK(VBTpK) zj4nw}cV_-I3e{=yolX+5b{1yITdb)1hwq^`*h{<^FZ|h@(XTUA=8Q#Mc?jC|RRFTB zOqH$76h8>i3bcBYk1s@8RKy7!}uI&5;N zN)vUC36qgNzYb5D$zsRKC^3#OVPhQ>XG_9dAsS1wpZ0Uk$X3-QB_c5w#{EO9^_{RO z4Sxhy*v=?IuEYD6{@VYL%#oAdV<>iMys{d(wrP?yR*h^~4yptEknQh1eAe$jdsJ5N zG6~G;oQCW@40NsM{r>Yuk6QPC821&PO8YP0rmbW2HJ*y|zy1BaCpr6XzyEY+|Gk%| z)c$LjdQF4wjKrb1GTHTUk0C@R`mkU?k?q% zyzo6QKvjS_g?yi*3FH%$x|rAqyqPb@PfbD$%~msYs(Pku&N-7g7jgJdzf;NupEFE=bU?`lWhP~cm*_9m8y`qaQ z=ZXameTKOda_F_|1lWba@LB&^zo!y}w>%Va$r-vn5)kcJvb22dj{1{6&F6oJvo?on z998pwuveJ>d%OD|_w%fr|GRnmr+=Ey|Av#lhX41$e(wI)-u~g!-Tc3oXY2DnaR`<^ zX|jmsnPKaJx)GTV>E7+C%=3sENpr_C&5XQzjYB}tEDoTV*2)p^yFl&_V9fBCgBHx$ zlGcj|viT775OYnBUdidAtk=t9bUanpgA5MAmzL>%y{d65bK>$gicCPIO%#cHj0vZL z>`(_B#SC{npSm2{vh@H|J@Vp?H}*wxps9}tO+&+rm}hfDkjQ@xU>fHB-NkEhlLtXB z+qHMmtD07QFd*8j_$c}4hdvwY{x;rH216Gq9+Xd4^s7WRHkH(Wp1r#m|MKp|$yi+O z9ltrbyf{4`jYlUJ?@y0U#&3__oMcthuRSmC>uDzcL%hxwuzLTum)HMz@typ?hv$#5 z|C4@qU%RLNoKLg)Uw-nu3P;ua??27o|2RAx^mp_BKAyZ{qhqRx8OVou2%h!(&&1C( zlj#sV@AseYrsN<0sht0%j)V1aRL%b7^#K0!Y(f<=!Wkk+QD~my1?^mba9$Wz^N9?924NQSN-cVcn>apBvi||T;rw^45AN8;!uj8=&HwF#gU$SZ zoTnUrHEVT%o*oQ1?~}|cPUiHC)(3%tk1K&Hv~b{;G%?@sx92&>1fth*4hee)-EOyI z0|jp8^A~*@=RZl)c1B4wrfUfRv|#>k?;Sj^$N$;i*nd3Ev$X}MiOhJEYnxNgjc|!! zb9qFw1ddYFf6-j^ZN~F{OvQ+EiAipg2uy6@KEr&&g2y=)ji?DDUL;;4DT{z!@%Tzr zrOA*blw!oKm?V)1NlF9wrLeCYun=f6B1x#j{2?GG-m8|vi@|X`NElk?o0&`BPGdk&L7Wh-pBoaC@6Cc=!LJl@M|9AjD zPE7h?=i7wmPcjNR=>o@uH<#LKnS_#EsZnEzMZJP^MoHW@q2waG?ZUuvfeYQJe!|?# zNYKWcl4z@E6W6D&u%bc$8>b}1gw4dzy#;(Q(0o9Xs4aP$CJ}@q!V(*3+VB?ABoTS0 zN7TgJ3rPYWa~5946K!#gf!0VevBL+v(lKHqd%cnA}cfN%KrcBM`+`X&%6PTT-AG2_xX4Rc*icjm zR-}Kh*&9zWOXG#99aLC|(=^3MoDjlj>I?efrC4)}h-`M#EzG>o|BK@c2I)|ui(sFcs zMsy|*`~sGtfd4TklYnu53jblu`^0qNJdfk!j3UdBSOmGy4uC(cd5S|{*)dS)jq^gDIJ?ZQ%deCN+IOmwIlu?PNe zROB~V>wGIws!cT?=bB%cY$aZ6m~Sg5Rj!Tu@%cLpJ+3~lI18~7jW7$G-7uAXYnXI9 z-SIT9-X&pktq&&0=smk(GN>%o6P=&%Zha{e;WP{dW{O#<1FBY;%V+Tz9Nc*jDk)@} zhhTN|4b@lZfzB$vjJRmZ(p?c1CcmFa;q1=I)#ZXoKcmpEz?+f?YGPLf!c_asJ!{Iv zR#nL^Sqi2EynXowbeX&M2otv{FmA#&EzxbFE<6puKHCIuN9U*O>+#~OQu9}UN;6;A zBGABd>t6?!$lCm{%R$pjs7RyzWrfjlNueKOVOZ2Bor?Niy?XE^VsRhtJ1~#8SS;#` zPH$e5F%`@AIZHz&H^~~7h6=nT1m#rwGdoe5!UPS5E`hNtsr2z!R{@h3vM9V%Kdn9d zbaxFVmHoMHJur37UcWu*xmy9u1){18YVxv?Q064o>8UCyyhKZ9;zvh)DhZY#Nu+aE z<{5<%5hGhieGS$~3gj_GwAbpi%ip;a%s@0@h-yp@z#??=%Q8LXz^by3;e2jlU z$^WG<-M*ry@&4BaU28D??Hpt3vX!g>7uo-8ckA*0cJ_8R_rH(wkd*yHCtvEp)s9Ef zwD_|dbc1cLGVPxHRHofk6Hc4U+nb0cegVNE8j`F9*CQ5=&{SqjBnwF#D?y;k3Ha1D z!m`aG9X$`Ta?6Yi1}uaj*NtR6AC4+ljS7vFM?%B*KnH}y4NsDAZKwes8m-u!OIgM{ z`gPB`9b%GAL1h3>yb&MMo|_%a#x`_<7B;ouu~1RXR=mExcH2|{uG6;K`Kw8nr!gmy z=W>zyxVB^e*Y-nrD&dd2J}&EWNgKzwC_(vquT47#$N9 z_kgG3Z`HOvYtZ?ocnvS}G>>xuZz&mj`fFpqt|~mTy%DJYvCqo#Uz>%mv;Zuy|Jm7@ zivP3o{Q1WI^HH8HEAOD)2EG5XE`Rz!DAyv?xPo|92XSu;BHGV~Wo7;MkR?N7DuM@5 zF;zlY|4TB-21Lnxl3^N@m|g0&(u}G$&=(5jdP7W91aA#4Jbf*%wk2DYD|%}Mq44@U zzKty9&WL)#G=tCj$cNdkRpD?~Jb{-iWVb&hJS4wf(t}@rZ*0UdRj4!+VJH#^ozJ+I8q)$}Mc}sN zK>PjeDN+taB{gac>L!Y?8NJRJUhtu2 zqvfjb5JbNSj8Vr&iHj?1v=79*7ZX?+*qC zKkV&qYv$FUip*R{V9P2NmLB6`(tA*{Q_s*y9}QTyw>sFV69(0e+4L4o7ex#ZT@o+! z>|uc3L(gudvd3;}!xX5uu!qMDmYYu#CRJti|FP{fMiXL*VrHYqXEb6NYVKA=H`mrR zas^%iwVBD)msJ^kHlJ6ZJvgtoSz?bYrrUo2rgxyr?2lKeZT@N7MCHZ*eVe%Q}?f z;$&FIxSMMQ7dH!iYVFjGg*kE?kOmp#IH(uEg8^Z2p3#!_Kk@4#@B4@rNT_mug&(Ov z&EJ^Uo(>b9(H8V+NYvjFT>;P&uAebFu-WC+b|GO(7iRx<%(zggRKSI)+0Ui9YS;2L z;WB`uSnw94ximsnH?QzPKc=E(Tt+h!-WVb%0Z+{DXl!{7iR)6RXi4QyjA3gTRBq2kZ`2n1w%M@IbL|SsX zC0h73p>|Yph=EBMuuRCn*f1C%;fQlVt8J4gVkXmBnz1Vu)1gT>V0{bFSOQgiO+H72 zkt8Zco?yaubYepynRo_eTY5&;!WmRaX}<gR(YgK;Me zGOG8lGy^v?f>R(sSH{fZX#QFkn$_86aM5kdB;7P}KeHsNA$ZBqL})gaEuE~!= zE`?g9H+SfnxvbB4ywuoM+Ab1`s@iuWD~>S^0PikHG?z^D4oH@ox^Hf)O>YSrG9g}Gc^&0ha*I-s}u+6y~ zJ%j22lmPERgYx24xMcXoc@Moqh?$Vk{M9D+ufF|mey65qckr}?uMRP*VU;V@NJcD_;MdsIFNocAopF0>?A3}zsAyRerU(8)!Caqm-;HUe z2vy2u^(xl_C^q;% z$vB1pZXjV85)F1-nS6We>A=gclxk&S2$`+?LTXQ|Ndfj;pUCEkJl82^wEd|tw+Kxj6=3P*kXNdp;|2%s2Qd5N1t(*dHN>OV>dWPjxxyh^$e3qS+DO-@YO42FK zbxs$wUD#c)*Ct_0AZ|?2md5!@pTm5q=N{*OI$k%*tzvuMXBhCYY9746|6`}yJ*b}l z?QVCsH~t@w@+@=2RNjlKN#lBqWPK6_B$p$enQQRi@_P|5-nrWLF7X1#+}~XAnEt4l z!?RB2y}|`yNx9p2l4Iqs7AjilRXgm`XJ6qH@^Q)&n#g94hIYZsGwRz=d3s5!ohi(y zQ)tzz90x2uK4_AMYOynG-JV9sStc}1d`vtqMjh2lzlS$H<`TZ8e&^{hBN1(-Tv#PU z|27|{fwZqF8;+#k1HZlNH+(niT#Adk--A9K@QfOnkx|61rO#pWFr+l1(Q4hVEM|2Y zWIU!9bYS9||6RMk&g57RV2WW^<c2!$&eY|AP5>$bE>L zeB#z$I(?RO`b3O8;{fpsMT=z}LS(=*jB6MV+9orRYvDSg84Xm0YxEY;p6S|?;qrR{ z$7RtsY?!cQXu?9ZV8pNK70p`KT_?{noj^#tfhYtL4m_7dE*$;|ZTo3voV!DkXk&i@ zPjn(5P@44<7eO0Eg^AMTVc_^-*_$Ne{@Xh$FP%P<1}n-`}Sri>cO(uBeW4=~e(h9eF>h6u88 z1zOr6L($$?96O#E1}0BwB1EhPH4_BdicBFvbN`+0-uKl)8T|ts7wi4(CR$(S*W37bd9JCQ(bX_pzib|o# zz=%NbzbVG56N)TQuWOXj{YRKADFGZG84T4=ha$h}AYI2tT5S|GV&J^n?+CG(Ht4XGzo&WN}|1TIYr?e?}2!1fT zc#~}0f_Ip9EuvC~D^bF}+)=@Z;&MV_!C_1=>IoBY%`?ohns98+l}Du$Ju0ik26On6pHSrnGJI z?qX#wU6-HVHMCxt$!pwWkKM_;1hO-1VwcBQ51$8MrMsPpzv4=!PX>%VX3U=bw-iDNi~ zvzJ=Mc?*Z|PG&S5X&5iz5Po9u70pCG#y79w&d2#k8*j^VlW&zib&55m?{7fgOI)4|V+2JLf zu&8A`3Q2rTCfew#PXr5(c_L&+SR%#Y@lo%8k6ykx(Tqzc?*tiARsAFhSvsPb5>hRt zs=F@?V@aAsH2T@r(yH!JE=LV?I;>J@;fiLN)ZL@bJNN5cZR zyLq$G0cBnLX3tGs)^3XLyQ%!%F5R__55C{q+bv#i!MXAJH=g^z6JRFhfLdZB z+@%Vx0|8`2=xCQFn`|{602^S!Z8=g^hMWqx&UiA^Mo~`CfuLx<7B0YVFxRg}PjHE| zD!0#ZO$nv|BLUygxQHcVpD~f)=;TwHQJlo0I{0nvt6e>!vC}kgQp?$gr!*s~2{_~O zG^u^n4$i&WTWlup)3%rhNyiOeUH6EF&kMPwxU?wiln3@+9h_ff*izUvlr;jb+WqFD z#}_9@Z%-<(YjHx{(infk{wY{QPX+_DaeyGr&;8E-`${;Mcm4mz`wi#+jZSz?C-uhieQl@y zCBQ$);s2cu`FHMm$ZuFjX)Ts_OfcBn+u8*{#pZflR{!n zyfzjnx?$M>$_;`ssythxJ>~LVkQHx5*9ql$NqFsl;t+j34k%^-?Op8M_DPEyC=PU9 zVce|l!NGx7G+l(Aw;fxq!5I!$F8v(F&8S+nrQOGz(JR!u`y{;Ng8^m|=|Oj+R4#tj zrvGUt&qfoFh5FxK-TvcXd!zq7&hs_tf7)Ajed?cu_b1W*noU18%HO?|zmkVGy5C0k z+vt7|q5Cz*huElokMXQU|EtZPx)QiR|J&Z%->Lckc6YnojsEu-&zkIiYu=0xXBlnR1ZhWk{>EIUme?C8`=YQLOzPpM4`X~>E zGcqb&5$UdXI6o4e4TB_kie-xzHVV;EE=R9OTEs=NftO4mGFz+#-?-_=W;9z*VpfKD zbDMj?!yJt)ZJSP@xcBO%pmIhHKNmF9vcttEu&-fxNGTEGnrBfBl6~z!B8o&*2r{G! zCT^|<;D0N6-wMAOe2Gx==c1Jx=s(}1Nw@;y3LU?Sl^c4Fek?13Z}`P`gT*zC{ZxDE z{eq}_GeQX}UVAzNd4p)h8hIs@%C60AU@C5qWqX}$MO6{DjwoY-DVo-YRJE!m#SCQ% z?O0tU>Rt=_7hlF7;s|V=>e7+I)M%GY79N&eqs{jWt@oUI2e+W+kw>`d8z>}~u%ALUtQ|5xNknX~ig@6_U|mvmC8x;fTc^Rp)TZ^MD# zMgH$}pHIpE-R?&IKgzR={I6srs;>c+$ncfGKP6k-Wnq|Yu0ORn6o8hAQXgy1;u*(emg?Y-ob0*B> z)2ZYM^?dv@b0#z;?srXU=A}%i*R5tsC~bbqBp8YuZI((ki-k^pVT;k^s_J#8NqYR# z(Z$>M|2VmLbNc$MV(5d;kj6eWnwETr>`*ZS#n9UNQ+p7zyB0`vljWyXuUi=`}yRek^Gn%rhK~v7Zj7Eg+_viUZ>-) z(}Mvi1LgpRMMz1X#Z0ogA2x}iX~*odlee0DjbAQ~esSIxY4oG%W^Jma3(n>LvY2Y; z_o>;H<;jsa0$+x?VSz!)zHH^veJNk@$Q7WnN@ z{d+xPG1bA}e)BK#Bw@+$H~+sN;viy5Q`lC&6Y6ZzHVVU^O<}0H1GNG3yS`vb)|G6w z5>Ojou;F;ce$q2*N=Ip&tmSkmPm|7^aAk{SWD|t985<7OF#Bf5*HC6UL|A1w;n#BF zRL_lmM0@*l9-UT?li=4Xx+M{9vV&<@OI8XORB+4MF`o^&GN#j23j#P_wxAdkf$^qw zSg{ED7=*eWJg@967AxzzQ0MZ6mi>3(4qfx><&k-;u+)gVi=z+!X(PW$i}~ky)^Pt< z#wDI{2e`ogXaD)M{m;(!#{c6{o<;Y6t7p14cRQzsVWzI_NScb$O6WzwJb$3eJNUwG zYY%?!w|c*hxj+<>1L>honKWWyb)_~3CN=G1)Lh!76EFTrjP7Eq$W zxTGnZM5zMV?Hs0CktV*r$TJ-p9$lDO2)17^q*B;e0yM&q^C=521>`9ZNa%Hub7Dj! zjL8H>mc$q>I|{ zKS;2PCE8dqG{;0l5x#r^agSq)f zbImZC59pfCPNt;z>~o^EGp%~u<0C3VE9{JrtQEG$YEuVk>t)Zmc+pIXWzi~6M8WTv zkt&XooLwsb$%a$3ZsVoMVI^p~{bGO_`nCrwriTsm>r7i0O@XrKU<+Y2oTW_xL*gn3 z?UcyT;WX)N4xy=1H*6nav*r@9`|BGF@sIur0j zS9wy2%dqyyi*7!b=3Fi-`xG0+p-lg>(4*88b$vtKSbcV^dA2~RRap4xg2IM5o;IRf zY2Lj&pGsP@&V)71$!bC-F=N zu!ZqIx_fp1uf6Bn8~y(=o;mkF^8!8ofi7$QC^s(i)CGIOs}_4RQ0?jTbZN#V4|&{! zx5ww^og~?i%5%49_0s0f7Z1gO#zszm!DnUpAB<=`)(YXWZ7h)g-Ti}l{)e6Cdz<_J zM|rm3oJdKt1Wg|Gxau8dKWA~I6!(;bmt;sq;F()Ck*6p~K#XV{gOX)hD`v^C1sRQr zWLFgTCeC}3MBWx8bf|L}f0t%-z&@${tlACyEjZ@mF;Czh$8R8Fnec)klO6n5qwfX%e`g*1*S;7HJL(_%r?^TwC7?bDFY^=z zET+PH7KrQAdlvM`rS~k5ZN zJfa;hW{ITPd#%aqL*tNjJQH=;_>_I=p~q+C`G0Y8^y1Y?FpidQV}bww?*86>ZT@c` z9Bk(QqdZ&9N}2bUUklx@8+3#1?ccw%?t*LqF9*>0JPgE$(Kte_t52dK?U>SSUAWDX z0nf(B=p_EDkdv4m4q_tP;$u!S`V{{1>rt9kn^@37Szb4?uno`qiN<3^5I0BMOu389598Zk#fPhc!jDF0ikZl$LON=Ka$czjIEcAw4H<9st zsE;|qI2V#;h=khW8t7?b~^DH+n0^uixt!&GPUiD zj+Uyy2J_)cGOXgPM@oTxJEEXIH$g?9I_1#~^f^~E;{$rLsG27@HTCx)ONN2goUU0M zLrm4Y*Z&fQ6j4HjWIRtIh}or<33l-Q#rwi|PiJzZT2It&&Q1a=1RNw}mOD6fjLV&4 z30@u38C%in96_c!QAOO1E|4gq5l8|gj>|JWz!V3i{rRXA!}SLBetKqG`efl=%`}D( zpKkB(SUR3SL~O4z0xNlOXYes6 zlYntV&d{JV0W%B46n0ozhXQ&)iQDL5qJ3_x@D(G{-X9DOe%RaJo+E<`S-RICbxT3J zU&`5Y>|CGfa0jYwYE%MT=N0E<^g3gBqk>w3MpTrfS-S+S`gz|=Xx6>KE0|S?x|F!A zd8`JS@`0vo6*!K70{TjSw3WcrX@qBos}Uj&TNA{hRtXd1O??rT)qZ8oe2W}c@m9jU zGfNb+8J#kt5zA0ZHR`CEym~!RoLVN?s&@8an6Toadq+lWgti7=tgAZ@INHYexUgR< ztl`{Y{vrH+e`jZJ-wd-kXV*@tSl;ei^gtR|j;v|u)Y?aNmaXT#gv@M<(5WFVh_uuY z7g|nbXe)QfYEbb|NR36Twd*n%sQOdK1ND2p-}1}YpnlIk)|p{}MUx0O7W^8-i05&HG`A#HmH!GqQh|zwrSv zwotGw*Gv=o6!IjaBISu-SB4W8gp#e$q+mhw(N(evmb3u%(I$Rk1DNm}^N>tgm`Gl; zNLdCg3{_h}t;(4-JTF!8dC0clio`53W(cU4`UVv63~JCHv}>iwLNn1&cmJ7?VzE&Q5LD@IVJ0Fy9anUDdTy?%Srvp~WT=Ym$-CQ-!n z@mv`=LUUAM%qF?n#uYxY?ksuy3!O;7W)`uz_j(U=C~C>U~?&QAL0JPYlA4(j(mySw|F_|K2> zeEwXx%7TyM9_SG-tz+unqw*Nu6!MPqEK{1CK7G3~VcM904-NIrXI=M$*VM$w++w_B zi8a${DrQy@%&7H7pNZPiTU&5p*BE=TaK^1tqi8;6Y}wxCXqv)rlG=54r$wlwx^mNo@ai*Amd}BW~2KT-rK82@g|}$_#N;# z=GTgh)=kXwK79Cqh6ElS;My@*a9W~jea&)p^K72Yvw6Pu=l=x&0RR6UFks~X(gOf5 CoRF*l diff --git a/assets/stackstate/stackstate-k8s-agent-1.0.93.tgz b/assets/stackstate/stackstate-k8s-agent-1.0.93.tgz deleted file mode 100644 index 648827d8dbbcbef87cb2ab54830397a951de705f..0000000000000000000000000000000000000000 GIT binary patch literal 0 HcmV?d00001 literal 34928 zcmV)xK$E{8iwG0|00000|0w_~VMtOiV@ORlOnEsqVl!4SWK%V1T2nbTPgYhoO;>Dc zVQyr3R8em|NM&qo0POvJf7>?FC=6f!R-Xco(tVm_B}(#3UUYBw+>YZmzM8~7mXkeu zx;Y9&LK16=U;)sMHu3rF_YZF*NP;3M$xhl8_qUBj0y6_(Fc=I5Gn7I1iZaMh_v#t# z!Wjx#?|2RgbCz%s{MR;~e!t&;a&RF2?f3ine+T;qgZ~;FJnirG`+HCNd;irR91ixL z{1@nN1$)I4QwGU@^*6?qZ`>c`fnkUlWIhh*umyk%84U2uaUo*?a(vu#5n=w+N8S)b zkgyODYcbEKQ2>|S5H8RVj5t?~I9Guq&QaDXSMdaOuMwd>4u{}}zyCOJ2G5;-xBr8+ zI6(n|6e$cgzHPzCf3M+P@3mkQB|rC_zSD1cC_d04oU!N?f*vBL z;cv)gnEV4x<``eK0FdZ-iSAq!>H4Zn3jl&5OnrvQatNk=fQG%E({uUkp}mqSNrU@N z-x&-zNd&o&@eXDrMlBCfm-rDAgnqy5O9rk)NpUvZmygc zeeDVMjXx{oe}LVqt>CDT|NZ@ggM$1Y?BxHwJb8&&Tij`JGe^O~F=nifZ9>kUAEZPG^Zn-sPY?UkgXwfSdH%eAIC=JD zIypFW_YV#apC7t=2X1SILPVs@Z145=4!Zrr?tcGrus_`I4-XEV{eve@51;{ku$%w)@jS3Stq0&|F~b6I4T%pY0ixhR z%U-rM3-AO6Tzf>H7=b6@HUArc2S9#t^lJx4CjV_=Uo2pWtwTLT2D%7)Y@L z{E%S~VUIcjCa*IDpKnVLP~;NCQWWZUZ6x5@hX8_)BT?@oz!UymqL#1}@&vWNfHQO+ z2Z5|YId1)D54Z$*C}chiC!$m)2Z+B z9yL@yUOOhi5VYH71L&0>jcD*52EHdY9%8scJ|=(#6kMktrUWm58~AbuQK&csQy5Ux zYUNqsHJl*XE0PTY`5StC02mZB6GU-LTts!k}L5P+{_W1Be@?-CNl*$eh`2O0*JRyj4$to1SEhAkT_)iLQW2a zAz|YXdq`~QhJw$MpAL)}9=VXu-; zE+n10Yf@VBB^)=V3@=95y+Z69vNZ=Pw&K>R?hBM>|s^$viP!{2$ zjJj^I*Qx883|Sa@POBeM27@4BQeiAWZcKc(C> zpQ^PF<@p3giz1OQT2vC5lmb3ae#6-gcSsU5V0Fft}Y35jX9cP%YJWwSXJb! z7O%OIh=^c@T^yW-G(xUebP9wN%QPTHSLP$2Yg;Md`>jl0zCwYbhD4QRiW1R(xYV&yjmYFX8MM63-7|;4^_fz&9O$i91J>5y&v%qGayR<_;;UZqMm39zkbMf zLPUHlgi-)0eap2Cp;5}0z~yg+P%>tTTDl4~r6R(GrdZEpXXogav9V= z09g2;zlay=hk6AD?N?4 zu)6CGW!IU?yOMYrd1vgR^5m!W)O^t!EN$)Ow7!58SqvAtNJ^S%Bu=dX)>EY>)G)}G zP4H6f6!MfXI7>-ja3**P?LF=9J!v;V6U9MrjsxFauENGkfk+ffv8Gjr;B@*HvvY!I z+Df~OSV>ZbeX4XysP)N|U$klqx*$DfOi&k;`bv6GcrCOM&-1yK27?mIn%;a$A`&ny zjrTe+;Z-0E@a(nF&6F+~;Mt689oL9VIFl_q(p_Oh4(+2N~t0vM&+{j;yHVnnj*jq}S7O=~a!%kXTkpWnUooG9sOz z-(y7AYOk(pZE^CkiCR?$S$U&vDDCP~;9sK1Bq^|JI)UnL^m#t`hULyaH$d;{_l1#me+E)G3m zZT)C@Urm#x(hv*|*P$yy#K)dVQRYoGEt%r$QbA*vi~Q_Zj8tJ52Z8U-6w902yVV{zoPhqKd zv*fTx+TlY01BOTlS$h0qs2%F)r>e^{?Xqov&Simat}Pqygd!8}8dT;sM$t+#E!!k- z;O-p^4!z24k_C5mx3s#4*4Z=Fa>>sc#ng4fi4jA&cZ;9 zygpY#$;oJMjwwqH#kf2Im>15CLdh1fh(*bWE$pT;&Dm&EHCSOytBr8Iy;XnRy;TV@ z>u#|&>41%QT6@oACuB@%vFAH*fNsv_`i5+ zfjI=nK};DUr{^8;8bj{|3}EOY(gAO=ht4sP0*ym5%9dh;S+5e)$wX7Hib^|Q&R3)i zY+z6}5*>U2!x^Hwvrf+s!13wJ3jl)v-^ddnf}lIkv?))51Af9JTY{;c(p}DHz8u0b z5{BT{_Mq>G|Mi}=3r9w#kbSKLtUR?7K1inNOFB2DLQYFK6I>j5kf9MHkfB-PK_cG* zs$c7dzJzFjLoVA>f3Pfsp)tG{SU6g}69vS3V!qLHbOArT3*j~N1HL>B!JyyIQ_24t zp+I=wavC`=X8r5v)d2l-A`oHMM zBmFl;jQQcL45Y53sZ^{2T^Gk%2et69`rcrM097Stl=Q@yQY6n7t<$KL*NQ2gGAW^i zd0!Km5pTIN&J4dn3-PDW5Ac+Ag;|Dw?zRDmL)uY}Ti~F7CB(l^giC^G{Qni}-h_jd z0AzzKqz%DAzu)iIZP=N-z#_(eo%Ug){+%|{PN;6Jc1bu587~!3D~o1}qzqJW2Gm|z zi9VV2h?1@G6(HVRDz}x&6H6Byg1u+;=m@0)46RK`QlXj_U33Wct!$B_M(d}wDA9#0 zs8Gd*V1KXGa-|lK2p1OzLDs{_Ea9Y|ovTFuIJrilbUC)}z7+r^@sKQR01|le(2UJ^ z9TMIkMtrv}4GUGeoCpQ4Ar+U>tYPkhm8AnbOh@4n-<^a2PqgO@-*b_L;cLvYD&x`l zX`ViXiLcl7slyQtu+%eZbQ06W%X>*fG`fj@6t@C(4W3`K~@Dp}eJF-2OCd zIS(FyQwHXcN+)j2^>@zTl#$qFF-f$}2M>TriSZhMziG6CzYo(LopM@@u-7qsxjRAw z=>WuB$AkgE-voRP;%^Mj27l);?~;#ja8LYk!)*ii1rksy}w(VviJ9) zt=7J(wV&2Xi~R!<;T0~=C0~6%p1)}2nIQ>3W-xC9lIfACKijPt{@3~4FMMM6d^c^3zOp$-%5DmqD&9@A} z#ZdgW)tuK2MLN&$rry2**RR3$1)}bP_fsU+31EJ<%!2fD)2WcwY&;**s`V#@LFl(N zGm3+(r$^e&7kS%ZohAGtyPG13-K4Nkrq#K2D7F~V#F5P26hMPzF;B)E6aU{_!ww?s zrG961XnK`YJ;&ZrT2&KR26_W(35o*c+Re8GgqN;G>qT1eIIZX;W?&oG4d{%p=lPVx zBKpE4_GYL=z0Oj3j=h&jwHLCQrqKp+0}3g_1kR9flCH&pBU#~CR?t*s!E8X!wXo7d z#-KZ2l!c&rmYEAH@PL2%=z_v)3 z8$f@t4t2+(q61!v((;N3qDWp(3^4-%V&<^uQ7E($=xfnzj+SC*<%APcwWJ3m)tgAT z^dfbYXp@9V1oTB*X-<0VRGoBdF$@d#cN78j{MJtPli;zu`%(^?~5n6ZUhBl>=*N-)wFc0Aa3f(GL8!wnqlHg z7CDv|lov3H#GO07!!;~aq7EPkQXGQp4p)9s(3TE3PT{J9*&#Rz5Mi_fj$Gzn`^-nQ z1CGVLV%h;`Y>o)kW1rMc_CnggxVlxklrc`)JT5Ls>%aN-jl`k6idZyVb__FkqO9Zr z4#D$&E7fD(z-TpXNik;uKfQzu>f;)HqXvpwiJU9kIV8{(rb2yq<3R>NL~w)%TM9p! zRHM?wrLh@|4SL$VIdZSkgIrBPiRJ!Jc%3unG?8hr_6vwG5f*vLm!dC~>w^qjmz>Z> z+CPH-F$9PG{^2UPGFrrWUFd0X$^6Mrg{deD8ri|QoXJ|bivX?Hu}`O>cnA2i5EDd` zLu*9L``BQDgh@+Y)SfH>3_%=Th4>}}FlKXcA9m$c?R*H03~6g$^{VIGsBjt1jaK}1 zFL&84c3Ao9kFG-%aKF9>CKJeVaZAaTezc9=1jg4@78W(ta2J(Nx??0ZbgZ&n+N}1o${?tF+24+;>fXQYN=S}?%`bpd&dWQv z>QQrM-r1#&26J<(*Eed-&O5lMQFDH7`ASBe8LBqY$3mg)cEQ`k^+<2A6Ni|b8-X$f zIIUziE`ac+m3rLSG_EZ;-DOEDceyK)kn_JS?V>O_ZTn5)yOeiw&7`wCamH6od!G@?5ThU zIq=)^m(2j(rps&w@aA5#SO@7+3%3j#mw)T1*j}R~Hs+~(0h0Kb9GSkhfFSvXuO#llq$U9S_9=z<)%Q*&F?E%hq(-#{li8Z3n6|wy ziwIsY=m#Z;8g0P#oafH7?%`zc^f^SR1mYd+z$zqgO2OLVcd(z4zbha%7QTb$d*#B{ zhG-4RyH`d0CSrGx#F;T+f6F&1QYyE#GNcfL@D$KNRa$1UbKmaK~K#LmsE0u$E+^X_}b7T0G6{hSCyF)1ynuE?<9Gqyz1hYM%y(iMFNJ@%mhn=w_hlF_CE#xC;-%>B)+}C%_KvLLCcc$M zaix$beWb2UJhRf(+eKOtt!WWA(BF|kyd1+F+r!Hd-(09XIl;G7$WxJQqa(0ZFOxmiiuYA(5GwTE$#3E1GV&64q&OtCj9XWV?)P zehV1F89KWOGwH1gNgX`l*e_E%%zbL)GZJ3@BH5Al&lb&JViAlY58li!VP*l9NnJ!4 ztuMVbvJ|OfjLdeEOC1;a*NA|l^HaX_GmgK}WW^=%J{gj$g$cnDSYb$2+uBcle5sC(J zN*+>1{BZUNJbrwBarXZ7q9tXEq}Td#Uc)Mswo{fB&9)IjkWn8 zinJFJk&UTU-Zo1gjV_Ole;HjKU7mn<7q4~K@IST9Gaa9dSyM!Z5)3arYLf^G2~9Bx zhP&*W-}JL8|0h?T7tr~Q;&3Az75RVn_xJMof1fbZ?8Xi-t9l{sq!6B+4szfnN+|%b+23SkSxyiUtV77$MT&Ds?+BB zoh;fVR0t(b$*)2fwo^LV@~(N?^uFNo@q?(T?g99Sa`c6|`kkF} z@xFlD#Fi8TpdFJyZ>ByZwJrF?d$|H;-WfDVF`mX=yzLY*msHJ>UuZ&`uV?KKneQb; zif^KL{%w)ePX2oY8ABxGMgGsPu>0?R_xXp1>W_c@tNX8iIUgSD_m94BXR6<3p|z8x zuLdDmKrP$fx4A*9I|wcF-&-5otH>T`#xyJA=@v{XTr zEle&pS-)3f00tMHuSO<{I*&`grO19Q`3~&-mp&hC;YJ+W1# z)D5y#MdaPG(neU{-&)=l-{s%j)|sf;8Q0?fzujq^4IZoh$Iv1QAVah_&RpQ>7UQ_o zNfKYB{|%lFvijfN!Qr64)Bo<{`TV)7GlsXT#<~rNtvHSB7U3CsG_X3O)YW4}CV)ZVY1k8Y-KAS399%oiD8`%%W8N zotTBY+K?=ND#CRal!a}$z1486-xE-Z&N`4+0Idbjh;xzvO5fFikjD8)03@&K)Hebw zBmmNPwICSb5mFH8%Q`U3*ais<<7FKfnZN`I5c6#vD9N4v1cH83r*^hx-CAiNgQRNm zs#eRD88>aTd||8G&0W9G_H{09llo}H$5L;~0#cV{NWbzAO_@8hQfG@xgJ-&B-rZE}^ zUE4rgjQ3Z9TQ{69BVT*r+dbl`)c>?wnEX^n-77q+^}oTBy+J>x{|)y0gPs0&A5TXA z%Z{~F_oRw26snPORLqG=7zEB75)Xxjp=(hbz{NJP+x;Uu&N`h?sxV~L9w z3mAGs@GEHdCVtqX^L7WcyDtAPa_1QQ@Ut(XfziNUIM4?R9Qq6s;W#3EJ>tp2XW}fv zahxCiA3y_yA~4wNx50;2M(9dMPtgAS8Tg?a#2zw@e(6k*9+MX;hg2Il;P$p>h{z^6 zbZ>8mO=>bY1Gl$rP3*bhec5gT$ME));81uyRLf9BuHSD0#lBG}02JoQoFU7)F%vqro-hiopKWm!y}Ii^e{O3~O1 zOdP}8qc^IL6)cn=8BX2!{Nn65*Mu}XQ@dDx^v{vCI9<|q$w=hNb4{mR=+2|_H{+AH zM=xHVysXh!^X@}Q>om}J7q1HdS95muU{ucQ0%&z&JeI>$MY%PCOpfqXI;O5tNr=IG zqmzsGr^hGbB9n5$E>M6VMUFV-zP+`?VyWyWlfuMXpj;pnwEtoo?4+)qH><{f^vmh_ z`2ErA)0an=CmM@o(%M<__|?hrFQf70(a+=Kql=fPZ;xJ|UjDPrRJ2{_s2FX_#V1RH zPX5>B#nJfq?CnpdKabTJ{Y8F)C7W&uv|ZKvuTG9$U%ncjpIuz$ARQha9v1uM^~ur8 zlZ)}m>yzWlf^2FFADwKa*JnSEU!S}`DNe*1Vk~jD{*t8EDAqCxl`_M(LB-pX%YU3* z{4&10I66Lk`*Q=CS8@ky1+Mdpv&*yNv)AL(x1)18SPk$+1T*a7;56h5q1fEj!+Cr% z8r77GP1D=2Kzw}m_VVcT?a76lx8u{dmnRqRkIF~8UfP@07~iU1-44nmVNH$x-2z5^ zL9X^_ZfPmCi|NtmwHDPjg$I+QO|t+`U|_kYSLCW!+8mM_l@H3b$N88j(a%+iYQeDI$-w0`6N$g%B#+6(vTVI@xM`y>soLr92 zk1k&|nY&eJ?8d{~xC*CM;gV)&$p7`v@vFL zUM7Pw&O#JG^obF85?(tvLSde^&!0tg{o15U0o*nf%2Biy9ocOZ)efS$tyBVGHCs>P zAP{aMDMQQW3M~r+G;ZdK6$XXZ+wJ!1d1%jypHcWMwsrnD!^lrwDEG|R*oNoK6n2WwU^n0D&Vy82^R&UV{mjO6qZ2R)%Qo+<%9$rbt{ zTp6H?K)crl?Q#3|cAT%ZdV(51Y9Fi7Y!D)SxaME`0h(p5<&!u(qVFgoL(rF3OtIu< z7e;X62f`y%YXQ)cr*B8EU$>Pfr>6Y^WA>9DAiAUsE%YrtL3=<|ODm}|Dy0qHxdVLN zr~diBvL&tI2T*bTe{eY1%box4J$#QF@=2MGr{VR4T8T+I@6_*F< zg~Rv_0978#TdOxYowoqchxDI68-nmooeS=^6?qqlMqURN$OY$vWP4%RB0T9o+28pm z{5kv+O1P}z?C$bxe0=tHboRRX^!9E&8${`oOFMAH+>QJoc76qaYQKUt51}(N=4+pb z-wiRlgYjk^zdI7Y|0D6A&)%H8d42lk^s*jwilu@yn^zYPOdtDRNw+Q43=O*5WJ#kV0U$yhsr2o zGOn1&C?M|`D$sX)T=zgk_0*{ikVgR&XYqhxz_1$e|DRv{XF*5R)Ob~Z;EF~eX1 zuaJZ*(C}5?$+fl7R*3(2FC@c-0+5|r5v26SD|8fMZqN9%JHp%@VQzGUnU5~<$3MZW zI{%xaAmX!;MUAihCQs%4-~HVA-{9%t-jm(=-+ervKldJkYkx81;$9?OVao{pxZvI5 z&e0G&?g>8cJ#L+RigfhR&3JxLJ(e+tVSuJeEl{ifxfo3X1c|l` zf2=>m2AxT_NGRC@hlJM5+r|VGjNwEsf8f1&LhwC}^(Fcs64{heV(W0d(sx<-U@ zbqUf;IAmE$gz~66+M-Ikv~6bB%fH_%)W+ifSF!l7Gt=;5kwk^BNw6#|A;Ks!VnjJU z?$z9P8+-0K3KkBX_e4k3sH!?l)GgxIVWO;ZHR_YR+M+Oqv1n_+~2eRuI1Oyf}Ijjcy}-m)oq7_ca? zoesuCS}1IzQlp=Aa#NrD~f}ltCmkwxo>nn(KVo0M?aYlG5|ApDXga8RLqWqNmVxaw<1F);!TFaSSW+C zbDcIZB2-hDIt!{iFe!_OPyDyYEo$QwQDV?3|F-vNO+K=al}@1VjrV+`Bj`)N>MYi`PEoxqml5h%$Xd=xyfc%$JP9j`9sMZZ`CEU(++U)B7)4H1V|q8 zK)%`Z8Q-bOy$6+h{*}A+RH@+ua}PDSZ*i1wpeZKfnV)v zX)}!=-8wbzf)@@10$~X5FauGFqKxVBAZL=9HyC$rD$=D z$T44D2?Fi^GjIk6-F_Q5$HqyO^GiHI%KYQ}>@#f%;&8GyA561W%L!u8u@_mP%kzeD zt^J=zZ(hswUO3FGVFfb%ZH#Q2X%}Q%MoLQS{!hF?>J5#p1&s`jCONMSxcG&*c`4OAkhtc0nK9gk#Q^(G@4>U1;3(&F`Q z5xD24k^IjbwbaK^CI1KggM9pl{li`U*L!)4efp|3pyu(OxlW|3fhhL|M!Q8|<3&LB z-sge?amBcR+Wx*n@P(7>h>YF_?p01sUz>+_&-zaj`Jbj)YqkJX`2RlLds>kHPX@dE zKlk!9*Z*M@(NxucnefDV(!GvCxLX4Q8|EwtD&HEdDS=7Jev({$~PRbe@fxym!#IU1tXAtyF_0%(HUC z7d>-VdRsx$3O!XG9<5k3&AFB#t1Jpy5kMi{nZXcsdtOYcY~noq(HWSj)0W8fVQy?W!zpb-1}sHn$?$m6_VI)T^E` zv$YlB6_d1OfuyP0igoP?+p_gn&a}G~0;?mxH6U|Uh_wb_%ELnC+ubBMRAv`a6&}h$ zR3>y&o{%*IILXI)A)y$k$lBkza7AT|Q59uq73{5mwhFb+8wE4U(p(6tlc(1nT4$@& zWrG~mr_ZJfm4!W$&!)kTf zsGrTK8Ee!@W7L>8YUVF$$Q(5i7n#FJhZ%`jmVHP+p)Cth0xy@1NIs1>@z!WEDGp1l z8~v2VywQ&>_KkilF>n&ND`Vl94b9(fYtR}Cu&kJ0X}!$_l1nMi1e7yDtq3evNENt^&p9&rJ|q7FiN72k^mz&NJJZx{^w#?mw;gvpGzFX z;&3Gz4*UiI$%M+t${~tE=NepFI*DseU|0M9SYxZ!;l-VY_?c|Ikv zi1Ijzy&0Rk_d z=h%ChaLNn8Deb%;Nm4p%hP!Qjv3 za=cJlu|p6334iR)kP7Rb*1?|$U-YUj7? z6ouKF*DJOcc^9~yc>K?Js^ot*dSH41w223Jh5SD}+|TR(`+I|({J)n+#N*)-?E=vi z5mbUer9n%D--T(ZUH^ipecfny==eujAaZU#cXd-V4p8Rurclqj@&;$dlHLXA8ikC? zfJWFu@~;Sc@(;C~P$O=c;uR-Zxz)s8|(2KAivZQMAqN--ZX8>g=WYPlW2GCz5VC-L;!Yl<>35l9fCc5hMzp|EQ zm)~Q|U{X2zwvfUHk%?ljnMlXd718m;A2)o@sO<@uq=-C-7C5Aw!t`BoxrCY&$%_D) zl47n*`nlA>}c(>jN zq0mchKM5{BoDoDRD(PqRiJ?#!h1&9k%H8RQGqns@q)-BLJ=#n@atRK9!xMuy#4jtY z6ArGDDH4cUl&IfTgJRaPm2c8eE}cWY;=a3hty`e{8~&~OT8A5N7s2ORFN#x!37ny_ zamhDG3L3~5bms=2b5Mm()f_8Oy8+a!BmrgLmv&j&X-2oD9cOE-v?f+I(qiN`$g_Rj zCXtooDWSm8yEtToub#vp(Efd!B*K_s>cYSeXO+|n6%dCE1`+mj#SFb=CGNFTMFtOX zifvG4yj+)4Trpr z<@ak(j{ktCnfzZb08oYe-`n3C6yiVh`#br6AJ29o_T=Q^PMjBG_5dTq_ZUY0SX$mh zB;+CZBB=F4pN-`t8>$!bFx+tNQuZ=cz5M2*)vk7OZEo9yD;R$>b|FJEOngL#W^}}(fYq;0H})iPfrF1d-?Of{@(s>{lAZAn~|M%T0jlAI(wiaQ)H?V$9#h& zTd<+qoh7)y*Y&&0y04gR{|^b?^hXNWWDQNRi`i5iv&rP^wSzXT)*{!xP*f92-5W)X zFNuHkU{qxxSGE?2sxbU3B2g8~HVs8pgs_W6rAfM*SX6fuo990>#8vI^GbW#}jz3e+ zv)SHs9sfv07Frc&W>sLK1`&e9Ha~SelDmH8eYG0=>(kNY$=glgZXqPpHxv=-j^g`d zG}Yz-evZ#xzdkw61Pgm}a(QujToqfVzQf!)G+ds(IXQc0jXBkbhD#ZuVLcko&d*+- z{ahKetC|R9_N%6%PROiPJaz{nt31Bk@tc>Wfx*gfscEk6VxMDDV`%O#29?c9nA{Y0 z7Vy(c$l%ET_ewtEg7wYO`S{Jz{~EtMx;z@4{_m=Ib@lPCisQ7ZWxMEFyXacqV05ir z{F*z9Uz4@oeH#I60z9J`RA$JUYe;$lo)zNBSl~2^&QdpdYkC0cc)cVUYzAr)#HIY) z^j^tL4iuXboH_Qi^0PJ4%*H2&_tQ1ix$zsvu6FV7!5vd_-X{M(H5^G&%NeC;{*EkBLqf78GZ>Zy$X^CW-&XTbm2 z$^UzJzE1pyUEqhW9{3>>5W%=B>=FbS%G^qh#AQbQR~&i#ZelT`P3ja>3z*?U zWVw;j&=$0gC1_^{x|?Sm`QJ1Ebfx{Lzn|CtpB(Jszue2Sc4X%}2=}pD6sjUUTSW8b zp`O1s3+|q;_*BUM0MF=V!Jq5M|HHiffA8SQPX6D^lk=V8w*?;ckxm)?a@~B|941AS%kgK|VgTsK;qgiMBw_9nx!qY(h zuNVBWTK?}pd78KX?De1S^#6N#n#%vRV?^$R`|9YB5y1-v{Xonv9oUbn>?pa1F=s3q z2O{amSRMmB??3CSk24av*^m8}_~ZsYGVX|VK}=-yL>2|MU=1+|WH1xn`rg$u`afXg zkFU`3$L~LnE=S{|^V9J!C;v1;NPc37gfJNA;|lQxFgjL><2cL*p{X4xpuq)O@p7!2 zSpSZz<#r4UXeKbFeEd+{Bt&C+ zz4TX$1)8#-^fVu3!hvSr{po^&rj7ptg$FHg(=Ik>jo6^+P;U?zbX9aq%dl)Ov}KO^ z^0=1yg2kYgkj!$?OS(GIz^4d?UKfSeKjs1%q-FSq=tmK#LMxoT%r-jT_Oj@ic{)o% zXWm&TNj++99Z0ba9tceldEjP_LJ(7~O-A|%Cn9|1{HY~MgMk~yZ55wlXnKHX~bcs10O3}0u~HV%Yh zu->6_W4g8AK~5p|8D((jbnsuIRk&Ia%%V7 z%~K)&x$<-O{=a+q{7-ua2fO><_wwAiZ*R&$e;i?+q4`_)?d_>hn#LP(&TahW`+D&+ zNd#bb{S^+sUz;O$&wV~?$^R|;{|*j{{=fa*`QN=f_vPEWTL!+0Z?DmWZTj|RdS;i& z{SW*!kpFk(|7)@T?DY?J^8a3*oc)K7cWLnRt@r`&7J^lNz{QC4D@SCPN_+Qg_SBdE zcjo{1v>5+;um5y+|LZe z;HI5_Uk(4h%up*=0|##A@b}d+W@ox5DIj|$%dSrf6QX2ip}Qm^*hO?zR^Afis$wl7 zG7a=XsyzUe4do}FQ1%a>&0k^4-XhKCbNTBAldFvTlkhV+eYwgdDsAf8E>X2WtnCt2 znAG=_^(k%DU8j6XG2MrIRf_Gt+^ec5*F_vMe}Nn~rVKAe*u6r+KPm;-wfam&N$Rmp zU~45&mT-wrMIn33RuPi8Ze7WPu^jyD+ggCaDa`>%-_!!2oXGgn9l+&Y4w(F!`?wM= zi9-!DL@dlxCqJ2ADyifUUBVY~;$w$*eSTOn15y{F9)8dG(+WNLS|15r(w=B$(DTqF zp5;K&CGE=3UGsA-x@8C22$f%I6IpLki24M(#mT@IEzc))Xh+P=RYt5q-ChJKz47w+ z&6kyf3)J?7^5}>cRk# zMmC@d`_KNMc>nY1;m-blFHg7IZI#YpKHei227Wj@vAct|HB0bKNOD-*R_3Gkh%n!U z!8!Jh64q&KO6p!maQo(@dRC!3w)9BNIk}gU?OADwlh<(a=C}sJQ2Pw2ZBGlB+dT2o z&pPcVALRz(hZNcmhA3Y6;ZYFa8{}oZ;oT@MSt&J}q*COyzwnvf7%%+LU&IT?jpF={ zV1X8xEH?uyVPqjM;HNFO0e-rZHYl*RHt^9RI0%rJB;*=`U)ydJw>zLMYqURDD@Zbi z-~#;~Bg*Je=t;CIm?5+Az9W9fSOvDu7FOtY%pF;r+h!6g^n2tLX}2}yi+uA2duRyS zT=chh0jIysr@sD2U3ZP#kN;Jz|Lr|F$oqfypB(P;|K7_}s{8TbHtzs&N%#s=_R=Ts z#ZK)!h-ZGN?4S?84W#nVq~z)O@rtim+v)=#M6KA9g7edtV2TOw@QiaN^#CUR%nyNw zm`p>Nf=NxW84x0miUdME&;yKc4Y4P#=>R`u@X8?NTqIpF=sVXpnoqc#g)%sgwIxYO z?^rLCnUY=b!{Z-hQRJC9mWSZi5BmMPkisb%Evd@_;hrbz7`mXoe(m50g>>#unR3eX z&=kf2JMwa{!#D_9Q!0J@6e$;RctnrFC09F_5gLLwF=gUqYo`3qfBleL?#kTvKE@$s z1PaITuYVByRW)~Qj#quGZ%AKY%zp9%M1>Jt--Fj-v0f4!Sq3OKE`>p{xgolM z;f(XtJBmbrt&cQv$Lu4ZDDcDhlPC@t2GHf2058&dpv+r9+PA=8h5ZS@&{HNHASPFf zqSqXRakXFKHuyyqIg1P%cFYL{ZQ0;)EVn5#3Y>mP3%oB=S z7cZi7f~UMM1w+y}iUJWY3N$@FB;#rbrR?Z7G#Rul9ga zyMVrbVHoJUsrjlUL*CtlH;{No=cn=>#v)?Nm%^Nv+Tm1?c9$S_f7()m^?$wOZ#Dcs zpY{v+pAUEWf9~hmLjJd%)6Z5f^%^RensMvj=1uHOLR{K+l{&*4UqMuDe+tm=Rb|_+ zG4x)*0ER9iZ8fgOtC84XiiL~Hc(aP$Qm|#U%?9S(ehLZmgr>*eihh!jaGwqKp2(jo z^Wdps4RYJ%P96S$iR~K8|LwBOMfe!8&)GP&WR5ShqNl*U-;m6?BRL{9y|W1Z9-}0;0N)-bz1xP7e}$H9 z@C8hs9H7uOgW=mF?Gxl8{~D1a5zbI4UXaooOgvkh{apDnL@1zW1u%mTVFjRU?3!JA z%lc1+{Ey-wSV!b%o+|&3gQo@i|Nj0i{>!~Qe4>1>%*Z<8D;WNmpV66!uzG@h&u}El zCNGF8aTK%p8z?>sH~HJ!mT|Q)Db@ksy99CJ<->rMp*@d-;Mgdp?mgzvy~J+3;9^kY z?55?${3S)Kq()oI$99GuN52O3A!$LDgQQ;@kRb0OL@Ash4l^Qt$fltE7dre4ZQH@8 z1ld0)SQ0r|pKwl2J4;nkS(*cqilD9drETh;wy`hZ`@8P`T}gajx;1C zZPH2vwpAs+QYIHUj9Vh_iu|*Ej%`RleFk0y`1}ve&tHdC^UU+TJV@Zhs4hnnUJwn) zcO0jQSKqQmZ7%X!v;HHU$?4`gNqE?)Kl_dH-ue8wq@TY4hX0%5(5h2PB|2*l$ix1V z=#>@v-=?accq-3-2K}u5H+Z^#*x%`Y_wh8}|KI6${tst5yuWRH{jE7=vR@K|^LTjjqqN5R6Mg_xji$e610 zpC|p?`On~Re}8xX<6fQz;2biBNJs(0K#sZ0IWmd;!1Kcyh@g7~XNWqj2jFtoW-`s?!-$}%{|R~W*yI2A z$N^_zumm_1H91KjLIebUh@6)5ax@+>Oi=3qIL3je#@Es zoAktg^^5te$N!^$((AC70-8YgDvm^UP1<_w(3`0B*qOkq)?-Sp9G%h-z*9!0q zJM?wgCaPj>#l_wqadHV$aDUZG$C+&Lsn zIK8ns0wZ2<#0vs>FxhGy$Aoa5MHal4Y9a6`_&9L-&h!0`t=8kmukZpzaE6ADAA`Tm z8H?z!*PHol9#0$>FM0y*d!I7cGiVWX{JqtB@Ic%-@QLsNq^;H$aFOPl`U2j{jKNAJ z1z%cUy2kS*^AG>4^#y1e_$p`W4?YI+<0}L`L{7usgdfO1&}5GB)kFTJI~Sk2zWVkE zd;xu@?+gaui%F{o^p7i&e;vm2`TpC|P;=_rE9o>2iJ{EMakGZ#IX65|1m;@hNt;;!=xCAZ`L!`Ve zA6CT0nodfk8o-I-B&u*4k~bu?oJ04@;a#9xiWUHeqO^+_3mAGryz_U0-^5CgZLTUe zY_&dq{3zC&79X~x_x{!Db}3?A$_Ow1L!m!@`0K7RbDn20wUg`UYrj1K?|C^B75)e0j5P%5+GZZ2M8S(_sC5}5_5;HMKMnQKj6ki10Ibi+* z0T_Zfni1$Bjv_*2ipc_bj^s8y_#EWp$GlCCADiqX_yCF~33VLY;5hKW1pPtSpwQn1 z7@}GC!b_Tez5uyFyIe+GUcQtjeDN1`i7#Bc6X{tLo8635ZG8dO_(Ocdf^h)8fRDlh z{v-GTj<}@od{?S{c*=zbn`V&Qr`Qc37FNv@R zAf^5+6gKN3z-VFV9Y$i&Ir3UH=mF2C;xFDQVgSL>`5UmnUL07clz(5s*)b%ZAHqOV zY&0JecaA6%xwAzd6k!NcX11Me9gU$q{Pn}_ifUE6t_{g^jAH}tVj~-<3V@Jg1@~2B)L8rW@eE8*i-xWIx3U21UJ68#{ zG3T6z5oYqlEm%GRib5|*p9p0RJmi5S{#v1R4MvK@VJI4<=CpzX{7{H4k+&QLOW>g> zz)R!_PRZjdMzJ*q03rdQ$Sj2_jU2`6#&Pq&=%R0?AHc3@a#3ZMnP@@zWwP;FspKIlQ)+H zP&Mn-q?aOF-3UUo2tSn99WM!V?dxTY6+yueF7BL|veh9IT&=i{y~Q3<_VZdRSTO=! zrjJDboU1ax<%P;S2z!>ku|@%G)HC`jmi$%LF9bo)Z!Sf$)yl+34*2?VBmq>$syR#> zOOmDt*ODbok*qIGnqpc{p47k+1-=Vuj_|kfVuA=~tFrka3 zqc}Sq5BmLun3Bim?~>RrK$WhBr@}^LKtAdB-}nON8~L>XSfb)Z6baq4(U}yl1JXw8 z;b5q<#wvGAQ!XD(VIV8qnx6WzSVn%->AX4rWb20DOuJAQDJysVx9m@h zubNF20H7cw?{hk<;JX6yD?b|1;5`g{Ptt1XoRQe0i!1NIp8|@4Dd0;9*Rl~|TwRBZ ztM5d}Q_s@-ItFxhC&HEyY7g5NSeOLfiGU*QTfLi0D(MEj6k4|MwUJPYh|JiW`CZFp z@~v`Zls&i2-J%K6#X%rr9EkfU!rb~sUNAO?|A=q?Y)o+Si4ka?O7qcCK*5yYMVdoS z?78^Z#e{Fs88$7vsTN+BI#uwP_qdHye!>IpJs9qD=x< zr9t#-(U1b;t96pJsD_{@;3YWx4Num=N^tn!c(Ml0B=^c1Sd*ZE>)=i1^E!yr%FQt+ znM#}EJ<(OgAx8>`t01a|$9Xa|g~$yKe_&jWNsh%j0V{y|HY|U6F7)#`WKyvTXTWET zn-HrqOy+NNiPzjwjF%r3iH= zgAp{xoH#VDfjIGcTmx^!R}sok$Yf+1H-P?P4I0i9I5P0pv4G=%m!h;f{-x?9FvJW5 zh?!GM&!jvYp~1)HMk#Hd^ueWX}%=~*2LUJ7ecag$5PT{OWkNoTR7&EvQ9kTxa6!n|qr^#K-r$c^?e#{VGECqM2~+So({Lo~AItj9@yq!yWyzYli=6-9D23sG zcT}A;`k^O`=t6*{G6OUe8kf?vXc!3l=DC=%Jc5UQ2&gnaK9Y_%c%si!{V?5*h&^C# zFMV`=TALai;Q$LW%o++k)3qx!ddrb>5-F`c{M=r^PcI>ZBmdv1Jq+U@xb3v%7KMN1 zTl^U&KH|S_Z#$Xe>P}k|A&Mq+oQ4dMYZ$bL&-=H=nRbydCn3c#=*ZX?Lq8C`YBcM}tqWvbqp zV?q&0bI*k2!bU?6g(B`vT@*}++xAf?hrMMdg>po9^u6}8 zbf1%7^O8^E6jqf_B*h#O1*+uMc&*ca=!sh*kZ;`>20q(!jte?#P}=4 zCO)F@+9y~vKfR$OZj_3PQt}i!UAs$eLYJXXpKBul*FFRge3aI+kC~w^UhA(qXWyg? ztpTix_t9jUl&l6NFBXd;3? zEuEMIR^1JMl2c6F@*;4`_t*>@8k`BLmNZd%8Ve}6P74bAg&X*s1N2Qk>t($f{#<;} zZe(fYmGzsl|8b~5Ui35GQr|-^BtZ0pz#ib)HgAoj;2P}Zubv6-Ene9)VP@go)n-1A zp~g-=B6z`|AJpHq=aCe)?0e30=UMk~GI;tNB2;hVo&w#%W+w%<=1wO8V2H>RXtgFd z*soLtSAer=R)gndnpG9hjT}B#0<_Xus;`y-zB5HC@zF??Ce9HWNc0PlmjhX(J*p3H@|Ke;F}IG-vUg)+@H-IaAv-hW-91;Vi_Cr zq3MWn@}1|?D1ggxBFIIFJbCqRGM4A3{^K7*G)dH7oFS*v?1fyNHcCWs@i3AX#ZzZU z6$4bT(DB7-_pAew6lfkF?3W^7UPnZW36=l?NrVZvz-Oho)HC#QCBkjn$5h=WR*6$l zcx{`*p67FE2ZNF=g`O62Mx0r#sY-23+dX5cjrLAX zTxw(A+WAXujN3hpsf~7fXEUo%+D>Ye2Lab#R8j(PjmU&gw`E7}b;V{*ER4cwRpm75 z01r*#Sw}d1bifTHVFw^WFzEo7_#)A|h_VInbP67DfzBm1MXUp+d}BU=?v=O}ki_o5 zQ;?;!vPl(JHCNx6T6I^m3p^ANBrkDP5V7^cp8B}9eDqTv@!cE*)yKcRW1;#uw|q!c zAMqBCj8-D8+Sl({&rQr7coXop{qw2v&Y=vC6wW+DJtt;O5o;4KjbH<|Ta4We=jh(Bk-c%{P z&BDH}q3J{07`1f{A0~5HpnRR0`BCHNh{RW({4O&Wh;;|eFOdT&~ zPcw{T%J%T{ZKqw9E4w}XwLR!N;(xto?GMQ*n{qijJx@>AjEf)|Yu55@rEG&EQ#-sB zX}^;rnM|8B{io*#;P~|Ag}#u&RZJpc(3+{q^Hew@5=o|n$Y+kH37uRuEEyM>`#i&x zY0rMt@m2BE(z!#Blmy~kKQBVPnR_U z04;G0ZlLsS;J?y$-6WkO}ncNJCWz?DBH)tXL%*v-;g%D07 zJY`+6M2c~q;Q)p+Fh?*FGE~mYj=X&VLtz&XF>odbK!W4Y1J4fs!f9S_Ph6uBeAjk1 z;c`n((--k{iio<0sXFzb-|zR8IG_Lmr9q|M42k=_@Z`e=I4(V|5Q=!uD%D|v*bPFV z>Ut7~w4A24(8($iI9Z%cMOFl; zLc=o*q#nm-N=#&M`8d?^#&x%(tDXpsWxoMg5&?d7AN=y}#mU9nlgpD4IDY+Zba`?C z-X6U<(cSUZa5ge@0*yTlfhMWbQP7p()=QX4nQ)_!$-AUn&ks}ENZ2L%j2G}jr4a}z zpYdfuK&J%LgI9u7=`Tlmcvhe<=G3Z3Nir%io68X{p+({@u}hepzGjOHsqgCPKAwmp zBsHM9PffRQhLz7a(BU9dN`(UMyqk4_=SG)D$G?m&k1kKZyNlPF)%c%!Tar$-%+5n- z$fD))dU_Hxz?cQ{8p>!%8CqofHt@svlhkrW8E`gIV#=pR>^JZ*!j$@aPRa~OLm+BC z0$=_lSu_7U&+7b7&J43fv_a}m@l@o0+k3K?&;NAz^vT{X|I>XupFabg?G?18GpxM% z(AH_)3*WsoVTdZUA`g_MzWOZder(xL%vH*$*M6uIgW8G_BQexSZXa~%T`HzsDyCg3 zrd=wgZzdI!O%Mux$_lRgmjCwkU*uf&!`XIHKvw1dJ{%PCzaH#A*{%Qg@mylCfLDAw z9ikgRWU_6!i^%L=I%**(M2toeU;bKMa4h#W5KIUR-MQRaEFhm_t*+cEiNMMXQ6?fD zr#Gj>O#yYewF4%Q%BbGbT6UdYwRw0m_X7lOcoi)y7nq6AtP#OpM^ss0u?e|B`Oo|n zoeTNJc$?WAQyHB3k)+m0P8mR%oKnn>YmuDNL)SQ>JuyYP3N-0;dy@c9da|KCb*p5# z2%MzJQaCI3mnl{~cZHU8*aF~jKF&!dxDhYG%lvAOUG%{QAX~AH>;8uXi!Fzf6-mZb zX*DvtJJg3(7rclUk?bO+F`AdMT3zr45fw0DL4@6A?#nKX;z{7U3A;{W#^kY@sO^Ku zj}TX9I1CuZ;%YTr;49P>-1kuKRUb+F8oCLV8k7ergn7D`7t@Bu1o6e2#3B7d?rp8| zpLbGEah!NFPOQ0O{>_=;COB5h|H0s3|1c~6_xAP=4tMhZJ|30a8}MOmwfuz$Z}PD9 zU7Mg8`V_TW-?gPeMERe*lpoI8t=4zf1JJ&DMjapbVC4761iHQJ0sqoAa{E$75Oe25 zu#`Vt_8_H*u(m9vg{+YQ_$9hNi>OG=+Z9ty{>`h$%n#bFN3GU1B-)lqbpoHV&JASlyxnPi*XHuc`XR!e^}RYkwSG$j(EnB1^*X#z#J_js zv0b~itQTU^fggdKea@ShvSYl6`~W@t_^?1A|2fBlvJyhda~|NiU0ZaN?S`sm}MR!cZ6aK2ONJ;3MIcRzC=I)#Vi#MXB@ zfUYo}>zD5lnSfl$+g58Dhc1wFnS(z0BsjoD4;gr@goJb10YtF-uOF@lj&v~Rg**9H zE4Uq{oV`HG=Uf=vA8~r+wbS8`_Wp8y@oG!{k**4EJY2T8dY~ynQ6<-?r3$Zd>2owp!m2M1R&T z5&iP3y{AX<1bvE5Ll1p=*cJ%dk3NX%f@_-8=6owE3y$Sg)k5QpqQGYlYXcJX+mAkU zK)ciC<7w@}>!kP0rGtMLouxZK^w(Q)3te=V80k3lctLUQlMa23Gm-%jBjiuz_aA@E zELF)MbC5rZlOyqBLJ+(%#)Q|;&jwLdaq%UI(e$C%mBpdg0c`>NFV`Ze58oM05DMkT zb|*stAOBl`0*W#Kf8uSkLR32@2^2)?I*0`*=Oir}E)iu%L69)_5kV?OK}JG|$&F(c z#fl%DV&gn_e!i=h2TaHg7GdH8S9%`e5^ z;T(q~h;x$a9Cfi>d`$fsl$G@Yiz#O(>`?`bs>)K{a3-^&{ncLagCjUmS5GB`lny!c ztARLxtZ6(m|#J&^01UHWz`fs5<5M zI)GxJOxTH9C1xMhteUbZfE3)IAV}yp^{|xwtaesSzgga(-(>zbn6k5}$^S1^>Y4kT z0O@Px$J&KK(ADF=nB+?TFfiVk`ag@$C1TFA2@}zOg=#unwXXam{ zP@U4>=_Ca>v^^9chT69&m%0W&7))v-$5eQ;T8{z5F|?n0N^Gi; zn>}JSP=e@yw#mGIp{7nUhu7kjz{T+qzREO@Mp65|LHHr4@*wj|6IqOmmlY5(zzY*k%SA`)}K`9HK;-wB)2@JC>U?TjMi zI=p}Bul*0n969+thGLh-E31)fn~R^sCEB`abMx7wEyyL+B!yG1EisVR02|8)#0 zN>vGEA^c9*b8;5K?+mEv%Tp>ah>{bGgVuMq9Kh!`U!L{VEEIZD>lDH7V2~zE0>3&R zcn@2&mlNxVsk{5F;_a4{p1IT4h@CgCUb5jl9S&y~c}F7c#l50gG|j7hD4D`&98da7sjcWF*Xgh(~oFfJC2?z)t1FQmJ= zjOZbFnTVT9QsgTDqd62x*jzd7uEDoTVtjrPcyFl&_V9fBCgBHx$lGcj| zviT775OYnBUdidAtk=t9bUanpgA5MAmzL>%y{d65Gad6biu_KcO%&;vj0vZL7f}Zs z#SC{npSm2{vh@H|J@Vp?H}*x!r>Tz!O~d$$SaNejkjQEdV49NP-NkEhlLtXB+qHMm ztD07QFd*8j_$c}4hdvwY{x;rH216Gq9+Xd4^s7WRHkH(Wp1r#m|MKp|$yi*P9=|!c zyf{4`jYlUJ?@y0U#&3__oMcthuRSmC>uDzcL%hxwuzLTum)HMz@typ?hv$#5|C4@q zU%RLNoKLg)Uw-nu3P;ua??27o|2RAx^mp_BKAyZ{qhr;H8OVou2%h!(&&1C(KkX1a z@AseYrsN<0sht0%j)V1aRL%b7^#K0!UMq<=!Wkk+QD~my1?^mba9$Wz^N9?924NQSNw`eS$CW@8S~&1anwW3++w+`b0@3R@hlIU@ZnxX90T?&) z`HMb{^B)tcFrJ8Da_33!JoD%O_Wthk{i*nW2iu$Z{}@j()M|>ii;#A`=}5ph&oMH3 z4}2%SD2D%~6RiZuNs4vRG*m0ph3{?;{I?@o#0MVm%n4H(==#>_sW^ZH?P1-6e_-^p zcs7=K7SBTQ-NnnL(R+9C(gfvoW2g$q@+4u&@cwwZ7HzW-wgLRk$e1pT`HcF;$Ezt$ zpuI$Ch)-Mu4Fs0B!vt?fOelI_U}wp}+%HWk(R-_P?nW{a$3o|A_1S|I*VT|gs_eyspE5@GhyHt zunYzKk2#qHjQdmg4`bdZrVHnJ93N*i(%H>LkPGc#GOtIf4!ko3SL&99ZsVZi6j1%M z{6C|M!D^jIi4fO3ixzg`+!U;J0?#LAcEUoxQzzUmER|w&{yf73V!9D~-~&fR-hj2v zw-Tk=RP%AJ`IX65;hp@T5G&CLvn$!)cxB%jCf!bVJk6_j z$)#HBgUPXX&u*B^1WWZq=l!}{U&;g%4MTw$7*^_ls#WI5SUd&?cOHaF9>?Y(SRH*s z^%Z)clK?LxE}HV>Rz!u#n`M%yx^r@MxnR;dDD*4vrX+%z*j0fr)qZo&nsOXfRkBN# zf++!SU%mld=B_=$gh&dEn+QoubejN233VMQ(k4ziIzL@sj~8canZE*5n)$jGfd-yi z|2nWlj?{-;4w_~{MH=ldD~y)Q!ul8s!=gUv+^_fQ)q^h)i~DfjfqA^eVo_goj^Ub& zsaQVFSsE&_>DRC{RNyTkD5u(=*@^NhG-$Z!49vY^rH{wD3YdIrMd79TY3(7WyK6A1 z?9X-UfvI!$`t3>2-3nkVc%6mY zC90ap@_2G;YHSytjm*XO@g&q-#J9VRM82^Bh|4U!G zeML{>{Vz$=c1B4wrfW$6v%vmid+*?R{r-1<4CNkquu44{))mu-3wq98R zM=9Dr;(^uMjOYEBiV^2{V5Rm7CTDM-#Y|2>@Hoe!5jE+#?exq@$|9gwJiby@X)LkCP^ehlF|TvDdOu4SO_#3ktEb<-Vl(p52DEx%Xp%{F$r{>@@txj0*o2+|^#ME$@I!05+^H!Nx2m=EN`MF&|D^C_7tV{A5~4S)I)Qf2zHl(3yGEZj9IOf7B4rEPx*;kP8La z`8MJClZ=Aai#W)PgqJ#M6$vG~QlrKai+Tm;jFPx*Qi(;VfM8;=z=dv1|Ae_xmY{?8 zNTQ=&nZ09QVMT=iHcm+>)oWtt-U2=tXg;7x)Rw%h_O0QFu*4>CHoS#2NkpFM5j8p2 zLXyD8oQ0S1L`U4hL|Y`8*x^$;l+!U{Go=YjN7XS!ju9oX#O*E;BaC?-wG$%Q6;*i0 z$cH+G{U2ZQyE`~reSG$dIIu172!p{N`a$wCsxN)goM1bk{6 zWx35F9X$`Toy&|2)Dke{x{-|M!%@Z5M4^%LNND&T=zy?z;FTm?PgMBOXvOXr^At-X)z}^DGiQuMMS}rPp@si@Y&m_9$5uqhrG2 z9`IEBz1p^C4LaWxui<5$=5a3IEhS@5e{Jm7RfR{k{{V9E&-$z^|Fv28N(;aO`_G-7 zsrWxT&!2Df|3`VYth|GE8}#{`b@|g50=X8U#udb?I*5B)5Yc`4wf(t}@rZ*0UdRjV`@6S05?bqV`az79M~D4x6gCbX2VE zPIJV0dDk`_z`Bo`4vNLng4kzjWmL?cX8aQ}**X5`Q=}Yc zu_eEuSw%UW{|jlQe^m?_)i$tbv@G6()4>^+CIeCfWJyr=s9m}GIkO*<40|9(q`f~F z9Q?4izpa^9gDNs}A%QKcSXg?Di%IW6$xb~(BYiY%-QMb8r%sqvJLb@{Xu2q3fasEF z&|wdQ^%?5yRw`$#O>LM0^%nNtGJl;Qq-|z42?Cq=Z z4yn?)SV$y2H#%0k4Y-%LI+x^XvzwwwNxm9?qBpcX{Rr zrntjljzXrjCFikN)b4t@VrDZdF~)YV7j&mruF z3e^0Kd&TK6;Tdf~pN2&JEzuPWZ$kPRqXU~=UTqf=rgUNUAIFRrl}ZI%n40}u8dEDR zUlT3^IEn>tL7Gb=WOefjA3Vn{TE=BG<1wT$NvI-Bp6FZ>f?XlAR{GjA*n5t%en}P? zi(t%k7(%=~RlhB}*g|&eQ~LI|z(=X5)MoXE-jMjfGw{)4e@qfGq?sSUDIS@_HA$o; zr(2?hUlVFa6^9s@gaONh42%t%0TPZl7qr?oi6Uk)ouwJOVlf?>bOYA642|Vb#n zL>Nh;V&n-XY{yFsB$A0|P`0IKWG$RQm6Y~tU}GFux)y)Cd&+4-TR*xwo|RfkDzjly zt@%2MC;Btfv=UTKkFw;>AX=TTjK|>n3wo8wqC>N=o9fejFw5j(q%P^iBBg#l7%~`l z!XTr1|4K7(Gb1Y_POa4TX&dK*U_7BwW%8q8 z@VdHb))Cu5ec9k|Y;zv@S^4~5noKvM^Io4Iia@6GuL2gF|9AJc>+!$$4mSDU9_RV| zxouB^{l-gDlBPOi5VUV^z0aQ^xX{86^CrRVZM*S?P{E~YrMbQJyoHSz3DLGWAs@ZL z!N=8`4C)2-I&ga%h^uf#d{F2+0^4HJR&tbngg|F{3Z_J9p^sb48w$D$fq{xCn&x)4 zIO$TTReE!Wo|((~jK@ojZKdrZp{S~TH?rawlQ86YB3Ex;kUMo*2Y;X6np1McHuT9$ zGBo3?VdR;%OIn?m+m>G{HW7E6R7-We5sQ0~qUgijyT4+~X&%Q-vldtq#(A_@qy`Eh z2THyD&NHQm%2HLYXsJLTVuJzAXd+8Rw57JxOhC$oV8+@{X<zH|NyYDKcfuj=!MV+}4Xr6|CQ=ro*OjjI|>RDo-?+i6=07jl#4E0CAPx@o^OYJVX zM6?KY;=nB=s)AKs1>aq8R(n$G!gt>V#pTQ~PMW8>!c*rQ)#;c_W2o1tpSuRLdV_7w z<>(ny51<5i4;qvgufiq6H_m(L9YV~6gyyd{xqtQTck??nJ-dUaC48M&vWa0TH~S6= zm%u0hcMJ@f%0W-Kgzxl@)UEdPDVCeE2q;?CxK>)afjnU!b$4uv4>ft+*`N@(=Kz`o zSmtTz;T((!OME-EzX_{csYWtlp#;Ciu6{x6rt6H`TVt2T> zGex*MipU2YN7gNK`EYyNTc(C2L%6;5%h9xFyUSE|?i>txF%8U|dZlT^?X6e27C^DV z|3$_z1aJchLz8&eab@!Dt)~Mozf!7|i6LjU@(ZawttJK7bA2M4C-PjUn9=s9!rVHL z=yeiLjQvr_$77O2J^0nP#X9yB7daphBmZ|7-6dHzqA^7?$;ane-SmcO{}@bLawwE6 zs)x8>P^fcg=b3jwWu7Gh2>k2l)k{qgTDNivyeUPk5$PG0Q{^VJLhxC3R;Fx0-YQ9_ zG}k#@&~{;W!Csq$ErGZ(MOzx@FMSU4rJj47|LJ($D7T93eV?JjPt`nlf&a%&w|h`M z|J&W}Zg2cQ9_3l)h^f36Rg=c`7|Hr13`j0VJTuqe!R7ZNV7zm+?Ooypj=8_N;4%GC zGlyq`jPwc@geB!}<4KN{zgnnhrC05+%a|<+pOBAJp3p=#do;8QW}Z>shDy~-TJ20> zMx8>dUgbDo@$o^EJXDLFS?l&RLe4UwY2stzc`@p!Uiv+}=`ok^E%iH3hZ%`zE9Jr} zA^NxZFb$-AP1$fH{T}%3UBBVGS?5w*-2EQ(>40a{$c&64b}fAln};E#5sg;seq}MM z(;(w9y`TdV*Zdzk{J~6)^#GtOB@Xr#gn^phIuKIgl z;i{j<)GV}i)fc$?CefG)#kS_C#AR2t1=q(*_AEiwn0Ln}Y?UjT^>y(fm3|9+ZGWhK zr9_4!zvbs?gl~LJ8C|oEUNZ{99(>D_b$muGAPwQ_(V*lUW+WP-|f9LsT{eO(-e(Qg^$|DE7BI!NW_@+bE&GNq4)K_R=S*w1_ zW5efe{iV}qNvBW5$TJQQzfiPT)*(a&Jj1xQ@t|!YQ@IwdBbw1bRk%iP5$&0-JsB>) z7jRq_eZz(cONJ&aU<*e4nqJYYW!-i1EYks`v>S**AmPAsS;Ru(pU}3SX2!WYB#Acm zC-6iEass7UKXDPXQB;^HT^F#}BEtJuZ(EhaF{Q=quy@qze zBPyV+3Y$7@k@x=%e&_h?a3SN(G6X~c1nr1S1Z*pTUSJhwayHgVXwE?!5k}VqQ?95K ziVTbh1pk|2tU95{0`8dGC zKS`Phy!*M@eNR6jGsyvqX)}t@79+B=|J+WzW9^B*{yf101-bdM_o#n}4 z7&9fWiVqx=W&}4yuZZe0vb$TmfJq zSzD9p-RMlQj-u^TDYlwq8ahr4;MZT_FVMD941WLpuZj^9Q|%bK%B2NoMk`XQBWZt5jw zK~(|q7qGqVqhZ)aDXs<*eS>QQ*~qK_^b?cN)r{d}`EKNqrNLUVFDqJJC}PeMEt=A{ z&AW@0xpZBAe%H`?WhSq2k3DuL?-Iz)u!&tBV?BHxfR*lcCjN>mnLZgX_K@%U3@zGl z(F5%{IZh=ULc%NM#t|HXStIn(!^ii|B6Db8=t@ke9^_1nX!IV9*AF2|JcC7)7$lD2 z5YAp|73VD+!aJGKaHL_pghTj=#aA>F`5524hC?TArGE7e4&ep8($LP}aItnjPiyc> zGU1x3u{2jeM==JEfkXH^i6!<**b2o9Q{~0kn_zog*q8-eLpCS2a`H2soa+3IjAn64B^qTT83DN4Xp|(CM&BrG+b+Wm0#KI`7=CbG5DefScHPb50xhID6Yw zF6`#bMhBF2?VCL}by>S9zVD{;d%JYkHkNDItrfuSmc$aR4O&0aSG)&|p15bdNm;-8w zjc}JLxDEu65uu}9nrOn+cmQmG3Ag1)RT*+B;5y^UP#Z-#K?j1O`C7ODzrkF;8a=@! z&Z^u#$2BFG0*nNFL*pWrjD5yLhNF{DX-07pi|XLFwXb&dh{jISz)3A?AD+^Ts3zcy z%hROxRXaHMYHzWbyieO=A|xF*e0AL;8a^-Nmg3T)tWzG?dv$Prm0?R^*HG37xN7&C ziymK`9KAiMyspIwaZ6+T4g05H5j`0U(8dAIcv4cmkiHl6iqY#PL=nl&ox+!S)^h&; zZ{D{Xm!>;_1^55EyZd$j--Dflz0LXmV?6ge|L-f|T;BEnFYh;;|2I0}HJ#KO%lEaN z`j-IzB!~ZZI^^HE>mk2k9i_Ec-Z8;oZ*OZC02Q0-bzKFBl!l5BRwDHpb##}P?#53J z7u}VUz9w#(rS)4p!x0THMLzCm#jS$icWK5F3Eu>74b6ieiJ<31j=*oe5B8s8+j`S4 z^6}bOpy-BW11L8L#;EdajrNqwdqGyb6~UD1rKvHvb1eFf#Tk)mx9U}HT+!AOv?@zpTNF`N zsrL(_?#&1#sCez^4CD=>6>H>`P%67Nw}Gj+L6+@xvK3WD*gB$&38rXTA5zt-niMmX zDYRpCm8g3y=wEype~2Tnb*f8C_NpNuB)C3Ff#w6ffBv^nWBU2?4DPrA$^TdIq@1fa z@G<8SX)h-!ts6DfVXsO4-(&r+MOvJ#2Q1qE?Hue(*?;V9{68P%S!VxN7?|l1s~e1@Q-q2wo+mzJ2obhvm-gI=Pq-Z#IYpN?YXea4E%+8%Dr`mAE;gU*n~Nfbji1ZL{hOoA+=^NZL2-@o3UzrJ|e1m^R%O3o-I z`UHWSR=_u0&^S<)bYvYpzIfQa z<}6xgR~>M+r#su--T6Iz{o?&kuiw0Ve|GZrm)93R&**UQCZ%EU6BqJ~N(^aIfu>19 zKf-rS{fJp|NwY|cScSj;6nwK5`ORp(JU#pQQ;hy9E~%lca@4f{0$HRnlrFFjRU&{FLI1SV`(vDa+LRjkdG}{?EgC* z+zyG(cK3(xw{^H0CLrP0CLRolCq<&U76^&?`!kjdSuzBcm?ZWl(flBnIVNj2q@F|7 zqZhAE&+aZu9Qu%G%#vkg#@u?AuzTA-Y&Q~i`kkO*o-v6E6#XP!`Ag!MU!U7F_9r4F zF(T800VxCK0ER_KNuR|`vbrBOiK1!8?6Z@%ntY94E{=Y2-WO@~qv>XCs-+9g<^Qml zYUlT<*_GwVkvQXtD%Jo*eSIfr)-%C?3c4r->^$QG7T4lA=ws&#ouB`OzG*HB)D!pE zXRFAkUx|xnS3f(Fn5IS>NBN6LvafIR)n`dZjQke( z?NI%DJz_D{!QX!KFY+W|$?!M-uMlw%F{LSNtKSKAHfbA$;m@Wp)ZBsEfcaftFeU3s zHd_g(jW5`6ykbA;nKh-OG)~rXx|F9$XHK}X#WJ!9!rP1uhiaI8v*T+hGaVwVGMw;h zIdQ7zMn9sx{W*_LtH(+3YZcv+h&I{5G^`~ng$pXUW$l>HhFlrb>8b?*oG)8Y42r;b z(>knJ1bqxbT@RjD_7;nkbzP`)`9jP7yKslD`StS1JXTn0#NEZwhyQCMze$Vv=Xus} z|5wH(o^c1b!2W0d`LzAd&i2Ot<58YP_kXKrx;A$^r-ossuI)&giqcBxMZr9Opvyb> z!ftC1e($$>zpPDAM$?#uMD$=AEri^FpBU=%WhG?89jW->aUtf^eB6i-4!keHZVwhv zqQSVNDV#*90@>{xrdyFFzP`va9U2~8m{|z6UofOn*jNHI!jSVR3oixaDG*5Lb&+#o zL?n#K1V-eFLZ8y4$UPH5p7I2Yn{XLrH=|cf%eqP^=L_?Cb;2)2P~$C4fN|wTNh1%vgcq6VKtnkO#wsV zDhTbA$kE|6>1+<6shXE`vbf?Uop=wnC11n-Z(&x31^d6f-QB%f{FmMC&cSB?_ZW{8 z$L+f%gTOqkyMQdpu(3pTjk^SlS&&s@*^C{#<`fmExo@Y4l_4Rbtg zM7h$udwD*Uv}T3C-*T zG;@;AEJ!?4Njftl;Y=mj%#1`cl_WFG31+5}%QTv&I7wxi6Ur<|CbLN-v--0J{ohXF znGRqJ<9~Gb>i%DQ&$l=F|6@FJ?tkV5di(=j*8EX!T;{0@_Jmh0_GX~k)9LBbj7uK! zxCd{K&&@kYvLTh{Zqe$c&7ChEiUW;}oc@B(%JM%L(Ri#C!e!f7Apg7j2lf09JJ0tv z_y3RbY{5B^l4c2-JnC`PJIsF0;z%j(DG4vhkcz-Fw`?L$QILQb(KrSr%d}R^l3@!n z8WYK`DDF+1_auqDElB84=P>>*&FFxAQu|r88~Dr90A45Y1bBiq6-toO3}Tkhzzbfy zdH+W8jCxye%*SJ%z(0@QK*TcP1w$q~_^(Fa3;O@bI{2@BF&cK%KlV>?m2^r#eG*>g zDGXRlh4(BF*Qxg`=#xwDSs=%$_w4`ow&0&6V>}md`r<@*Y9Fd*gBP%fl8!Ey@qc^4 zl?Zu6J6_BZNwfD_lh=pFA?tW1>ag)C`_e;?&&u=v;^gSXtCL_HE#Jlh|Nq_ny#Y@L zu=xGj{NFw}*v$V&dA6FBGVd?H7P?l9G_5wVpoOx$Ze(E_p7#@t$AHX?#@*Ub zO^Gx)qK*Bwj_ED99BwZ%2i(V{?oFLg)wu!P5ne%-UV`9FY?$y5fO_w3nEd`wd^q`ha) z;J+FiJTdqAKberEaeDu^=WT7lE5htuvgh5Pbt&Ay$(XPhZs1)O!;NAd;aO*jLY+k z3Ytj2Oy(Eug^|!s?_IrNWr%rKS-j(J9qa{N|5jBrM<1%in2njl zUtyZ7Qr+&@Z~0?7)_`}q-B(Q4LXKNp^!D}x+yHWZYI-X1~^J(@K&`iqdyZ0LqGE+0)20m1Ys1P%SP{UA_R6&yH+y41Y6ft_;1`-x4s6}LI z+Zi1#Rf7%Y!SBqZ{aRu4cvu^kz{tPjG7L??aXh1Fbn- zvp9yBs(G*fB?>8`gbK-co&97*du}BZIZljnm2%iZ9{+J}tr?x_*H2n#hfT`KxSP=zQ^5V|m zV@@UkZ^nen#(ZfXh+*si&Mx?zz7##etx4%6{1{bn)uR-dT zf_A@@v**~kKGoq4RNK_31h~#C&dKO?#_&c3wFHf*C`q$+30n2@zL(IfdxKXns}OZ5 zaar?N4K(EgP1!1N903LNmHucefvM97&kk23L>#szh()auCdQlkA}p)@%9{BWIj-WZ zgnMU}C}uM{Wkw^Gp_XdYQ8jt>dZIYBOtMw&?87i&#YOjyjMxZm4ZK)acOG!Gjq!0| zzgAeoxx@TJ`2GIQ&fdNmW^>N2ol>#9-M8q0G_V|5)6l84kLoO2&wB}(*%qNwLtGGP zsUa@3oXXHv?vT}>;-Qcli&$&dWiU|nr;Z2e_k6$Qm$5F=IfW;fI;jKQ8IS)HgN zo6iIg=x2-$V9YVShSE+FrgSa#AH54k4n&0~J}Y;VUlj#dQ)qt2I7 zrRCacwn~#WHFh;DPBqfkB$0N`x+PlpHKA6FpiBWKVZbsW12}vA_M~Tlgd@%ct+q{~ zi0R|GGH`_EsKS^{aEmq);)YBo7bAOIhjRRaCDjK*7PPqd9q z2*wi{Rfri8N!Hd6GwoC_zK)xo=4bW$A4;Mz4aQM0YLBH?gy`_iIKU* zc*zoLrqfi+tRk3E>y17WwWYVV;KHsk_G00TTct+dyl|~5quEMji9;ILL}Bnd z;Bm~a6&bCYnCE@?@Bs}8JUqa)W3b?~MAiD5Dc zVQyr3R8em|NM&qo0POvJf7>?FC=6f!R-Xco(tVm_B}(#3UUYBw+>YZmzM8~7mXkeu zx;Y9&LK16=U;)sMHu3rF_YZF*NP;3M$xhl8_qUBj0y6_(Fc=I5Gn7I1iZaMh_v#t# z!Wjx#?|2RgbCz%s{MR;~e!t&;a&RF2?f3ine+T;qgZ~;FJnirG`+HCNd;irR91ixL z{1@nN1$)I4QwGU@^*6?qZ`>c`fnkUlWIhh*umyk%84U2uaUo*?a(vu#5n=w+N8S)b zkgyODYcbEKQ2>|S5H8RVj5t?~I9Guq&QaDXSMdaOuMwd>4u{}}zyCOJ2G5;-xBr8+ zI6(n|6e$cgzHPzCf3M+P@3mkQB|rC_zSD1cC_d04oU!N?f*vBL z;cv)gnEV4x<``eK0FdZ-iSAq!>H4Zn3jl&5OnrvQatNk=fQG%E({uUkp}mqSNrU@N z-x&-zNd&o&@eXDrMlBCfm-rDAgnqy5O9rk)NpUvZms+j zeeDVMjXx{oe}LVqt>CDT|NZ@ggM$1Y?BxHwJb8&&Tij`JGe^O~F=nifZ9>kUAEZPG^Zn-sPY?UkgXwfSdH%eAIC=JD zIypFW_YV#apC7t=2X1SILPVs@Z145=4!Zrr?tcGrus_`I4-XEV{eve@51;{ku$%w)@jS3Stq0&|F~b6I4T%pY0ixhR z%U-rM3-AO6Tzf>H7=b6@HUArc2S9#t^lJx4CjV_=Uo2pWtwTLT2D%7)Y@L z{E%S~VUIcjCa*IDpKnVLP~;NCQWWZUZ6x5@hX8_)BT?@oz!UymqL#1}@&vWNfHQO+ z2Z5|YId1)D54Z$*C}chiC!$m)2Z+B z9yL@yUOOhi5VYH71L&0>jcD*52EHdY9%8scJ|=(#6kMktrUWm58~AbuQK&csQy5Ux zYUNqsHJl*XE0PTY`5StC02mZB6GU-LTts!k}L5P+{_W1Be@?-CNl*$eh`2O0*JRyj4$to1SEhAkT_)iLQW2a zAz|YXdq`~QhJw$MpAL)}9=VXu-; zE+n10Yf@VBB^)=V3@=95y+Z69vNZ=Pw&K>R?hBM>|s^$viP!{2$ zjJj^I*Qx883|Sa@POBeM27@4BQeiAWZcKc(C> zpQ^PF<@p3giz1OQT2vC5lmb3ae#6-gcSsU5V0Fft}Y35jX9cP%YJWwSXJb! z7O%OIh=^c@T^yW-G(xUebP9wN%QPTHSLP$2Yg;Md`>jl0zCwYbhD4QRiW1R(xYV&yjmYFX8MM63-7|;4^_fz&9O$i91J>5y&v%qGayR<_;;UZqMm39zkbMf zLPUHlgi-)0eap2Cp;5}0z~yg+P%>tTTDl4~r6R(GrdZEpXXogav9V= z09g2;zlay=hk6AD?N?4 zu)6CGW!IU?yOMYrd1vgR^5m!W)O^t!EN$)Ow7!58SqvAtNJ^S%Bu=dX)>EY>)G)}G zP4H6f6!MfXI7>-ja3**P?LF=9J!v;V6U9MrjsxFauENGkfk+ffv8Gjr;B@*HvvY!I z+Df~OSV>ZbeX4XysP)N|U$klqx*$DfOi&k;`bv6GcrCOM&-1yK27?mIn%;a$A`&ny zjrTe+;Z-0E@a(nF&6F+~;Mt689oL9VIFl_q(p_Oh4(+2N~t0vM&+{j;yHVnnj*jq}S7O=~a!%kXTkpWnUooG9sOz z-(y7AYOk(pZE^CkiCR?$S$U&vDDCP~;9sK1Bq^|JI)UnL^m#t`hULyaH$d;{_l1#me+E)G3m zZT)C@Urm#x(hv*|*P$yy#K)dVQRYoGEt%r$QbA*vi~Q_Zj8tJ52Z8U-6w902yVV{zoPhqKd zv*fTx+TlY01BOTlS$h0qs2%F)r>e^{?Xqov&Simat}Pqygd!8}8dT;sM$t+#E!!j) zqNng+3M;os7Tnq0(&`>sXU|lR2b*n5N;;^?<|Kpv&$CCV(^~%HJr3dpxXQNHkV1+fUHp2DxR{eGNRwcx& zyT#h112*1i?LCv7kTJy}a_zfFI|cj_PY?+aLlo#Q8RJ9?==YX0SNXwV%SgiG|Kh0y z<`5hQF=dFHo_D}&480dHfT4>>2fW1|I>$r`G!DrqTZ$28y-G|c6HUD;D(!qZUy(Af zfkD|wbnpcXXNc;~Iz2xC$EPnZ01N_rBTs+`g6=%iraTD__z9D238s2VcR8Q=atO;v z7=mBhgT5pF*L&7392uEH_O%kQ^3+cFAep8w>D-hGIW6H#aB<{8hDMA)hGvNeiF^yF zeytn&5~2kTxol7U!LksB#_(QX;b`?v6cF!;`9{yt1^o0bgxAmy`0_LagML3xCI4%L z0^xnjY2>`5eVK%97<&Lx>d(Yd$Eh-FNVlOZM1})IQpUPWey#>>u>s_%G@-WX@PLVvx}n@pOvF$p1G|8V?0fAK0XBNAY5U z2&a_Sv^FJ4g=$)K(IMEkvPF&>t)JGSL>I20 zLKPc={k>Mpm0Ca|TwELkSq~$#gp+=Dt`hy@e`_r)H zJa_<38JI&VowzaA-#LR*Mq-!6B+)t_JOCyo#%lonrqK@mK1_FX%4s#iUdQm|?g$N} z0}yi^69xc(6Yx2RzcDx){GG#)W2CGvy^!r$SPYgKb2%5$!K1%7l=PGR!4f%i4cYN3~MgEOLG!*|e-!cRj zL-F5Mb6z(T={&=mdiw@kzXsbEh`I~jPmx$Bfce=n3)0U`r$Sn@@q9?D)}Isxq2Jcb zC=Rlo9%(mU2a;01cMKJQ;IL{C{%|JBYBC z`kmFG=~Yto9D7G;RZUHoH{TWzUb+^o7iq=gw4#%kfo)(npfkdr=Tj1k z=nIqBo1qf*I!om__Fg8{UdU>iMjOZtD5MM%I77lox)ukHWQAi{K~t3lvjIKV!b%Sr zgYJA$x*N%oBrW^kD6QmxcT{NRY1K@f9I77p@x| z{veH6VoQPbz8pX>Qr0>?=$NbMbI7C#kMGl1vYk+PHksoIPe~rCHNlfQIW{Z++ah6Z z0R6=})E$e84tOa_%PS&?B6&SA#0&(8nZu$-q0ma8uSK&tT8g2S6HZLkk{*y$ZzAE+ zi_}%3O_oe#n!Yf-HtNJETnBq{Dv%J6R^Nn%M9-{6L|QtbB7L>_ie0lW)G}>$h5=xs zIvcmrq6`Y)_fCQ7e5fq5AU(AzM)6%VixTz=0I4)#phKVm( zQ?De#yDy7xVRv#|K{5_5{L3CV$pQjG0fnJvXTcl z1kd}eRF8QBqt&z}#heBF^b#_tk8AXe8Ypfha;|XakU&?M3iaWQ2N?tr!4V>CDg0zo zjY<=j#%3@!=xOuj$h}Gray11dmis^9bE9FazYzv z{|Nra5FGaVhpXVqXc6aip{KPoKAno<9pKMGOb|^D ztr0QrV}l72CM|hUd$I&D1aWv3;+qh_n9ap~*p*kc^C2`cq^*6`tDbYC!eux&TJhJt z+-1AiWd*qAHLg;3#Fq6gM-KI-H#drhB`XnZ;f_X`GxFYn;0 zN6ndeXO}t}%+0M{->5Y^@8F_F&H1_ID;afWsM<&$3x&4Z1#c7ABfZ5=9Aa{A1j-cP zw36Mp0K%JA>Tze&xVGSQmnE&-<*rCV&PTK8oSDWKOT9B`Ex*hMHqXolHs4GsYBJ|W zS%34wm^F4Qmk!kjMwEdnm~}nJ6Nl+%sn>YkW4shsBgb&rhNm@}u!iq<8t`DSrve`2 zz;DZ6HUo5-#eMa)KzAZ8r2$1W^0yW+V;LI zB6z`|ACw?!v;o_5o;%OFhm*n6=MbS1hmu7KEB_zs@$l?z`R zqBSJ%UKR11h}}UFXU2s6E#IU_sod7ekV4$%vXDZ(yPFh-K;4>BSLY6e43TH76~>E| zs|ATeX;ap!qpS%0P^?=K#!J!Omtnk=fV;7am!i8{vv?`mJF<$K_*NRl zl|rKQk-9eV%t}{p7imSbrbXO9e@6!KatwED4=+c2Z|3lF67I+vUXJjNjp5~p@5&aQ z!Ke)088dj2*oiKrx7Lz-^^h|Ztu1&!?yu*t9Ea5PrI>+!U+qAL}p@Y6?4U`Xu9D_Sf|0QR=OLJ?J~0Y zEno;|= zzVz0}QlySCGTTiqbzJ0MBLa@jPx;Q1Bg{iel2aA19Yy{xXemqnf&{zrfBbMQj5%mS z(58%bVdQtO(6WRA<<52#v-u^yLSZvnk`vdM%>m=}Q))^fE4mV|t(eWbqHcjiC>q2m zc}N-Y!`UP7`0@G0+56L%C*YrF?=D0i{BrV7@ap8^aI(#mP@5V zr*~4uJ!t|`*=ftkgSwZcmXEJ}4*@8Lg!hJ=*?bgZf`E$`i#XJ&rgY$tlm>A%*5-pK z(q2eJHl|j2+bn%Fx;#4mWpsITc>>;Dyw+XA|I{|mbbK;qO%WYRFue4rO(G~HG{qzs z?y_%w)6c5>pImufK<77#!;NrM7unvN+d&d3mWH%XccMPMhm@ zvXIXLQ7WJ8+)Rirxl}?>A(S{JzY1a4PU&dNyXI}v`-02I52B{J2jC;h(HH9KcXrCf z`vPtgTT%>wc1!}jnfj2_w%`}<JZ-ZGIs7oaG#8#D3 zH^^2Mk$1~V8)1EaYk6CImw$6xXQF0jT#NtzcBgSRc&z##LyIVY4AI^=bAhK@jN?)# zNqm+5H+VY8>VJC&hlBo3|GSUp^XIP47~ZZL>o(}#-nMv+@A=0IM8WV!;JlZ+g$8$f zfdb=CYt=3f33q#|<0y_@8J zVixXdL$ds-2-jUu7PjH`R>QG=Pe3U;>p)%sv=%%g&Pf6&eOCuU8s{Scki4o>-w3df z07&1}f?$M4NI|48>%cH$8zeA{mvvxd0uv-a%(r!*BzO7~2>MN(+S!_QYo&nZ1`KOT8%zNR>|1LWHGcJj^gh>SZBxklD8P&hVR^2T%(lIl_(tZBioR&sA_lT!b|I=<^@>3mkukfta{{~O?2K}7=H`wnFcKY9aJQ@8j zJJwR&lPbbcs7A_BF()cv5IA#4JQNy^!$Q&o{uH@OH&DkT5kVt{lh7XM6LQmxB`#hp zVCW6Oub|zV_+gLE+a1vEy8OS$on!FB&%THTMgxE0Kp!k{=rc@&Gyd&o5Ur87Z#OkSuQQf=UX+uNQYBAevU zy}cbasmb6B+}^e|vFC>OWxEL+!`oAWL*eyMEkhNJmnO)Q@R~RL3ka1cKgep2Lom7= zjnk7h@#pK4%kitT(WM$*VXFO!U?ZdR)JK7Lfu?588u9KNvbk`UWifT;m@<_pMPoBC zaSU&d-khwDB|@&~!ne|2I@=~2_#tS2|Ik9hqpmS1C5M!<|5F@CKcBq49KS!g7@eNI z%_3>aDPI6ruuy(vICbOmi?icg6VmKV?PB@SKS$Q$bV=JKBati5HJx^$JCDxaj8EPk zy?A}{vPNUgyALI;(?H){ye$_(EI6>m>2|8aKl z%lPu*==k*Q&kbZ=$sMc}xXv%mF3*n7UXM@Tj?U#^HNY1U%&?1t(~vKOVslpy=kdvC zR8uZCO>e&f@$uQ)%cIk`Cl_+wj!)lSo?N^?Dj)57X>V3ze5-nOJ1CQcH8uKo3mEkU zx!R+-rKQv^rbnaKT2$K<9!!!p%>q1uf#sfFk*kVjs#XiFpI*Kmapmjur#b?kqxmJC zpa8MU*Q57{_|t;G&tSS7ZBsAFttFO8brFYrBcy#Lv3rFWS8}aveQ`P-ogM#jaydRf zx_s4S?pC3(8xM2iDx6w{OPZY_|JOgquP!goN2P=n;H+kF1#fL|mPQE!CHVddEj!?Q znGDJ}3sC^kCr02&ce%j7qJwM+!d#Fpl9z`X&Zdu4%0fI3%98h^!#O| zbztW%OeOra2D6o1=@U?F7Xt5_-Ks7GZq9EtZvJh;a4T>1ZOCy|7x*?}xz(5Siaf`M zIyoL!uw<~@XM?>btyJiX?B!|XUbT}Lg3IG`TW!A2G-~JgDqo$GbmOymy%ri?1%-Qk z9FjVVGEEkPJxkl=!QdMltBBv5DqVWXkzZZnQ&B+BB?1yiBjjcZ7s)0_&owC_p$vKN z8j>D~!=6igEdJy0f_BgeG)9B&C3QX@Lqz_!^M_F84~?rvPTkmBQq^M9(J$V2P2qf*WQ8$5F9i z+GyOH(w;0+&ah?EEE8iSnXytItXaWe+NnS5>W^JH+ijCElG95Z^n}uQss#KbSLlmy zWq>XM?Oq$S$L-tOalY2-32OYPeXK^aL5TF>nt$yFXqLH_PvY>1zN3f?L0?`m#gdy{ z7{Q4j2#-*$1wc=pz8$@O-BzBQn)VBf*-w6e=#nzD(6{si?EzISt)$ARls0(h4)ArK z`se@3mb8W+K*jn0!Qo&pcmBWk^vTZu^IjhN`G01tvwi@XPc6Rnuh^kv?34ObTpp+w z4&yffRCz3Kt={Bx-U2`$(trMJ2*NvcF1XuPHjX5Un?=r8H+{?GWsH(P7x8A@TyRsz2G8V9K&ykg0l(b9V|w& z9wB$)cwiOdJHLai^rhgO=CYe}M}^?tc{l958+P6e4ZIt2YQh~jIaHs%WoXzP!u|OU z;pmcf#i>=$_0S}q6%f!R?a2bYw7>)K3d(Cbx#|E?feYX;Sb_;b@QS8^-PL6tDx-+W zxMCusfV^XQjS9tBXG#RG-`-}du=MZO0FaLmBX95R3@@EP!Fk^>ow zKzo`n#LAD>5UV&@t8*~-0Q>`iIlM*yhKh77Zo-P?;pORwuhZif=Rb}A`}A`B>geL- z$y>lU%2v2y=IYxzQ13KDxvo{{*w@ z{BMqeh|fkAHNN(nJeBu<_jBiegQtgkPj=^j_wjuG+(qC-}VgxOMU=($PmlBXFt+#^6hz7K1|R7_X)cZL~_QRWlr8WGCX zB}g;jkYy(oCklUpp?-H~gSw?8*69C6jn8jk>UYD+ z&Cgc)AdOvehaHe+*sSb;tu%_`Tc=TV=lgntxhhBC)>v8q*>pgqbh$t*CNjXj&fq8g zv1-bfoDWymc5z2qs!daC&W4=P$p!nICmDHgV( zL?wejZw{T-J1Wv8R<5=z3Ir&J2+(ct5O}`JKwG?Rr-zJ?%^ijvHb?T6bV)>?SQ~u* zi1%N;F)85dX3uN*4(F660eOKV8*13@g~6IH5%P zZv1sPMfI{=MyO*UYdI(J&P?+1B&;ZQ^rsX=0rW!v34u$#RhP_8JHW+@2r_>XAbH3G z`DW8+e5We+9#ro6Q?|}D^+&#Q<~);m`>?45$O-^+fYe`)9%ZJj=2F`)dry^i(fu?@ zZ1Yw$tE?H4Zkm@_1{)^Z;QJh*9QuvMYjbLgk}x3yWY^$_A!gtqT10G_!Jx>^Gs!SN z{Y;|1fH?Gj&zj`2CglgXz@>Yj+XX7*-jFBcWOUOI+jxt;XdVzsdcezmKm z%`}2^>(soDYadeCI=G_ps@{b$!{cwLi?d1(jJVoEe8>>MR9dx)Y%Z;Hm}WYbqQx~L z$9#Du2(wSQtKg!Pbx%^v#+NmV0jrR&F;NpXab^;ZOh&@OR&fKAu7(z$ z`+WMwobyrYDOFlIpN-LOqH8u5<(ClhLzBHIarEx;)%f!4my@^O^jH;>INtxTm8Y<* z9>A}CGWwtKRGj~3O>J^C2@cT24?RDe)w>2y7yCG!_Zd=&;o_P>Gzf5~ezKJd%0Un~Z3v)6Eo1i`TnF z;GUmG@;`IbQXfZ^{2%lW^6?+`4|n-r@8vP}>8sX&n#X(QI+3mhqTCx8?G}NJ7XjIO zp9>De72^VG`}+>T7f!AtGI|@hS2;O-Z64k|>pxB8f0|~k*#c1E|NC_BX+i!!8SL`^ z+{@Ek|A$dTQ&s7qhWX3~tl~fX!-a7Nm?ohGy!5kp8vuBH}^L3gAWS_`?uc_@Nm3p9yr)c{XbD-a+4Xof)LJQVo_c&&my7 z^vqr9Z3Rs$^i+9xv|`aT=URrWvM6Xp0EKvG21C^Cc`>Q7iSzW6OQ5HpY$84V+;u`d zvvC;~5G3g!Zo15Rq1*=jEZFK8Yx1#N@|TY--kR~HEb3YoyCwFTfp!}a*s}O+ao92l zE19}*asyTbtf~XLEZkGEql#JIvVCPFlPXqT6)LTi%o+jHG*{LRn^r~I>fmVwQmaF# zX$rRzNG(5&tW&lks#;lh*Nm-J#8DMtEz2fpoHYxztFpM&;pRHo+=^&dW@^h)uX@JJ z)>ed9OwyJGlBQ}a*0m>W%hq2x)9zLXtd9KFfXr1P)*65*4-1uVcaz{ynO#U#cqj`| znb1vnLe>o6Bp>UAgkqo~Yk%j$6_qhYRg|Gsu(tx*D%3u26wD|~b0Mfso?d%sovl)r z4RTbUKASF77WPO!n+89Uk1Yh!iVm@4M$%6%WsQDpscVvNwiGt{S((ZvBjswPO43hN z3Y&7sD^k`Z4Ju7tQx4XeswQE9RVi!AVV0$+(a(xhHRV8UscH0M%VG4@8KY)Wqjfl= zem0|KtWhV8QDfeynZKwZbJR#&WDX}CW+Y-+_96X*wk$*myj(US`83|dTcgROI4rSl z^ivx1MnAULH~O)}z)9e)jD=%1G=ICTL2E3)vSNOv^)?qsE~PvZP|gIkBCuR33B@pT z`Y}T-d0laD#0;~fpL~$15`Xp9gCvTUihd@;D2YBw0*u@s5p7KRpNnB#0)|z5E^!cx z!oq)zwsmz$R4Yq&uZnJ!@akGou8N(M zo0z3KT;}D9o{Wf(#T*JCrCA$j;Zvz#Tmhs&3(Yucy{&sF$Da^;Xp}i&k{FVs5%U&= zBRmHTf*B+;#708C)Smk$%KV^|%=E&cNiMc#DK0pj@>SJPO7)xUiOwpVP4F=sAd=pJ zkO+*IYh%@-EP+r%f{B+eeKG`}YjADpB(6DuUG4v4jjdXT7k3`wclI>#|A?^X`IN*W z%Ht&VW~iPcNR|KJLH{uC|9v<(*!h3l$5YS$Lzl|jWIH-PRZbz)c?BtGN8;qGcRlEx zWAA0cDK7-4wDW!>N$JeB6l;kIVsKy{&`aMF3znUW;nv(s7Vy)%5MDz+;A}7igFlzc z$!;MLPZRmCv`Hwn$@)HkRr0@okoW)FKiJ>f$^ZL!n*0AHu79~(AUpTJ`;pJ9o!_!k z6lQN;uh?GXUEp@&@jv6KlK0hFPTNeh@8K!1^dv43p}vlLt$P&-Qhj zL{^fggaSwJ;*b%(dJ=;``}b{<2xEq+3j;r#RZ=TdKpZj{MA*|6GxU~~xYte<89c-( zwn3Tka$RD+wsK$NS$F@}Bmhu#{Ga0a&;Bm|&%Hc%6xnCDfBR-4{WKbi4MP7k9P&Dr z->*G6{sW$7@_)SmKo#%y5JQJX@~YW*>)RKV*np!(dgz1)&<5(GjPruG#){U(l!{Q{(rF z<~J~Viu_i}>Y2TJ%D>83*JBmfd+cI@GJTi{IFJ?D#kk;IYopeo`&JsBMA<;kmf!+k*Y7UtzGAlhKO}h5A1P#$H8jO8W>a;{CX=t%4%)O@i(LOgQB5dyZxl7Y zB>vTdQI&;U*;*i~!tk$%L{%)?G!#`4!Y&q-Ch2ZsQQc8&p8w1cSGB{>n0&rE{!Bg3 zW_#0h{38`vXjPne$Y^^#<;8K_ARm-2Jd zdnGqHP;5$Y=GfE9&(=sY8=oBBPuIw!Nf#4TuVc#2GV6DYRnRv|9&J`^dUm;4uYU8< zi|#AzkJ-<69{0yYb}xZ{OoaCr`KMI)TjKpRU|?(fp85xYU;Bh}_pEvvo&T>H0I16U zd%qC>;o#~1F8}MjJb&=WK0812Z!^-*H|28hwddHk{4|pPO#?rur!xM}ll=Xk0sm(w z|L@`XI`JQNfgiql;D<~=1mmu-OAurzb1OL#ml^qAapdujUz=%n&(@yC^1sQ&PxVyE z|G{DY{?Gnkf0zIDUY<1s_wM57H+J#!4{_u3Ycu-pu|AFDzxF6-xCN-R{~Q+bfA8<~ z|ND7XMfP0t-p8LSrsw^dVvRR_QzQR zGBn?xJs*Gv;FoxU0>pre!w|X5zxLU()XtwqbvA-ICn26KF-UI`YrlwRxQngvr+(Iw z{|(Oos^tIP-qXDQPk(P`|GAgvZsq^Vqk`Qs@KxeLuIly;4g*$?W}WTdZl(DOPXqbC zUhv0i`M>|B5c?|Hp|E#Y*&Pe2DKlWSVlNVK#Juq3WoyZr zTt^YL)Vs)!P~eB+y4NgwMa9GJ70Ta5afxrdAxQ9&4G|Q6h(moN%Dmwzw!Jnk1YIy5 zb1^kG+7V$-wACo6x=%n5jmZ|+GV<8>R^m3lZy9wG7-@A6loWdaF6Ri0#}Q=n@fi3N z5cGTO6Xb!(60kW+gqadPCZ9<17ec-!_fRA3(ca_l2ffF9YGiKhMvy>;$q@9m+1nd; zjc&csDK80*01N^^&;t6QAI{V|*8w*Oco>A3fe;}NusNnSw(0m;d{Io~HU=E=H)}iBavm+l}{xJ5|x*B(mAvoD8M* z(qAnWXv%)l(|nW(2bz8Nrwa<2HvSJ39<;zsyV#&LVuPkby+L5mRnaXi!?L~5mO1Ln z<67nm7K2(sGRs9T>FPuSpCTA~T@+sbmeC^;lCG!1ihsjwH zD90KqCs(30%7$$UDt29g#AM;-n64oS{E6IFr$V8sP5z`OtMp3iSaFwXjB5uYt_7lQ zB;wUN=SrTm#~~?;h_YFTkQD2E1SCnZeFM=*=9o%G%t{gabgRwd)lgS5e4Sa_I1q}# zdf)2dR{j0|n$Ev<{J-||`~UsH{^4%_e;?1<=Rb9Pgm?S@yY&Y)juE!y4E(Lisoiro zPlf#F%Fo^V|L*1UKkXeH?CyWx%X8=5O7%x2HmB8gIloxAB|r>&4F` z5rEzGS2+BBZI0YM_xY?P|F`V_J2)u%|Mqw1fA{j-mv8TG8Tcx`y+#wZ>D!y>nO!FL zKk(B){@<1Vuf_he*FV_F|9g3I_8&gprNPg);s?B22v+$47bDWI9Fbir?cKB4Q(yky zng8F@V*KyD{?pz4zk7MQ-R>6s`x@(oyCq=j{(Tur?WMn(e_y(o{RjH@N6E3smC^f zt(8Ps!X-Wxh3qX`MM&bhbtMnRa`3ZnYXJ(UGzTPoQwxA{BI8SU0GE3?VDfA3<4U+B z4mHdWu`o}a{A7Nqq>@8)317&Gj~(9i`C-WnNL`3}_&wuKEA-@ReI#^Ad!m^^&qI@V zmIFzbv@1V%&Cj*ymK|s#RDP*VWW7lt>J#i1Cj(!!JfGB|9Wggo8L?Y3 zUsjIBl=j>i!EuxyUGb7uEq$fQ6Km$3vpQSW+~Hz0Z~uv~2V;h*3j;(N z*?=nSKl_8?{m-X|JNy5=Jl$@$RXT_Hc#m8d_~Got?he}4EWtM+$zgF@nUCHh!h9D7 z=h!<+Sf{Zmse2v4?VFS8S%vP{(jztJ$IPIlpBa2QfNOIqIltlM?rvZkeBs_ccZvurPOSaN|D$8!e@G8yzoPR5icA!it{^y z1zKRT+zhOQk%hc~pSIiv_~}mCpupPNz(wPH^S&QD*0DJHAS* zC>+PX{z33p)!el?UiGoQA$@@{`^gUw6-ID<4_=4GdP#6(8KB&_5dOzID&zg-hUfx@ zGtN`*C=vm-KGMh?vyXtHzz^e3qBvj}K$mL*yh!VTGH(HC-vWOX_9p;CPnmFlm|QK2 zUULw})qaWF;1^ZoEHZ4^F((wXWrN4D+@{DVaQY>YFD1CPpjf^M&@~G9tA0B(PbhL- zyok;Tp7OpF3`yfC3Pijx7^FE(b0l(N#LQ9spS=z@EaSSuhaBsgB1PD@rBo8V+5<}M z0{Z@iVW97(=Bt(rd3O`uK;j*ppUQg}i-;{>3Ugj+hf_h?U4q#CX-f^(|Mil;)$sp( z+ArjPKHTO1xu0hX`QLUI`pu1yQyADL}thm2JPq z(0c&`7`lkG)wmk3Mq-007A`8|%_@3J!IsrF8<=pvCpKZ=839g&}Ts{B6=o)+x?`}@22FZc5BiSoTNBkPE-VEAKxMrR_z>IwEe!;vVP zydbK?QOxFVp!g`<$_AuwMM~};bEu#>^I7L=kw>1e*OX&{%?vyt4=AE=&U^;5BpD| zS61kMo2q`|sXYG~^t1Zk;OYKhf2aT5$J2cOf2Z5|Kb-0C{tqr=-1WW!uzUp1#D-@=f)u%51)MflzRT9AzNWHd|U?4E`j)G_o-^L5DzgMSm zYJYQu_|`@wW3X&$#OR-d*A7igWI~PQ)%4X$Rk^;wW8L|0mH*Bh1q*)`VuH3IW2(-7 zp7e9)KZC>l{oVbKdwCv!bI2GXAq5NrIp#9w$Rzdy&ktuHg6C*;XvkN@8z z2b_h$65vqOj8KViH~Cn zPG6qTmJ<>D8**98@jV24vK+y`wVZ3}Vh{CNfgdtN#@BM*i&QkO-)kw;xafdhE5I}C z(CgV()g-O+|KjB6<(m^{;cW-U>iPdCS@2q_g}|raf0mm z1@xW1GZ=s`CaoTjYksSB8Ujo_M7VgRv2f4iD(?~~VE`BxsiFfrV2NY!`0*m9?D1m| z5q#}?(%*B6g8<)fX?zWd4<{mabn7wrSkS>f=H8l_mGj?X5`1j6F6Uh061YGNk@C8H zSP>U%Iw_TE04Iu*sKRMT-jK|44&5tA#~=Q-#4*tt?B9P_RmW^`Qd8@P{N?KE zF$t1d1~11X5cSemJ?pId`0=A+BHnBidL|z+J^(PF7!cz#n?okph9U-_OaLZktZf_< z#rUHGPN%>ZAo2X*$P+-9IPQQ+%)}rW1>Lz&d=Yf#fcXmq zU_lH2s)bC8c8^EN$xY_gN!11Op#)NycwG-(KN#Hyu<1Qs-83r*$jsPWNZ{@Pya$ZOT02RxsOzj&vJ0R%_qZ@>b3abTfR{(T8&$B=k_2m?v6 z(R@tYIigJD&K7-8gdt3s*><*dG=}!@*AKTVs-Xh*TutE035SITVzwRUmM`Sv)AYv1-S|M_NOz!tjf7f-dqwu z)vQ;OUW#mWBM8wV{7_zZyd==Iua`Ae1O-F5xN~C4R){f~E5ClEHxfID(D-$C*;Oong1W*~P<}ht6 zNtz;DOO`Z6vc5EFifKK0QUgmA_%5V5!r#V=2_l@W%I1eK6u5K5dDsF~#cgl`8T-MF z;_P%h==T?5N*fP#>`&*`j!?+VDT{Afgj_b~81NvoxEMq-aHuDk<(3MdMufG;In%SME8bsaLU zz7ru&JxlNF7|_|B2wO&|J#1fKVG?*J0*bV6^=>Yyq#N{7XxYNoMnWkfGGlY*cP*F6 zx5|}K_S`miizY-D2Z4-nAnv0GbL$&l?nCpnj0Q^lrzi!vDY6o$ROXQ}4z z&2syy+&(Y&0Q>_IzMUV+?SeqNh$)jNnBpZPFr-sV7E(}nI7DEww2XfTJP@-TeS(W9 z5EPn@3O#*LGC?k0AS%9()9+*Ty_$DqC!Jg?m$o&S7s&z30HVIsn z2GOrYLkf(q)=AQ$8iJyLm*DU>JXr@T!Qp@7$r?D5+$(EfO@aolgEyJa>mW`mH^-c0 zDs7JUL{}Au94R2Kf~XoE=gH6%A~!hvfpIw|ITq^#tN`lUu>9q@(9h?PNyRFh0iQK) zn#k&hLk5FPNYyo3`YM5xiLkjwcl+Ut2+KutB2IPH=2+L8M(a%>u~i{Do zM$jB{;?TGT;>7E54ZIOwMJPidlaXoM0Q!qHXgE*c$iQF60*(V-iqh)%m#UM%5Hk=U zW=<_Vlk#wc1|xU8bF>uG6EX(*)|Y?Tw7FYo={lW`J<8W{Q1o5sOggcQf1BV%6-{Xp0jWsqF} z#fh@8=FTC3uCQuolaxrc84(;I!j`-YO!pnSpOD9Qkhwi?+L_XpQbMil7boo$i^1Sn z1u$4n_6d=NA2OPP~zZQ`VJK$Kj z0?`gQV{;+%OQ`=dIS^Qyr^nDKGGaR6pNk2fyyuKVV(C<1nNS^&N`fNZO-xvpsd{IQ z2}LB$Jrj}(8x1`ainup*Q7|EH+ee`s_LiL#$`Rd-mqIzd?YSwGIx1w4 zH1$-lx%CuW6-*4<@Etq|iLL?KtXzWN?mPhu2b3c6I-UTh zQ{e^BQI`m5f)x?d6#z_-IBJwW0+Xev4`Ma3-i)(nRTLETG^zEhy|4Zs2nc&^P(4m-TA+bMZmD zk)@Sa)^E!G$Dsmw(a(5GeGj>i0MQcydw^%#yfu=7Yp|EUdM3QLcxBUsnT2;(oB2G3 z8aw%j;01$zP=D8+M^f0b?>Wz%XWhfe;OTRSP`!c&`M{izFG$O&J?M{MQi(nfX?lsi5bHWo*oc zrX$M9cb-q904~RgAQvU_6~1YCbnNeRF;A`?E{mL0j*6`MJ+FbbztmD8vL zJT!@C9pUuR0XL9@9e@bIqyt>yi$v=p$`-)WDR{sII+xfKu@0E>jrjz+SK?Yg61xLW zL6*|WCRJS3TzzM1)m_al@K8jMyu?vK#MTdc>f_q-(NBHEcXJR_AOH4_h3ezn@*z=u z#9KTvT8Xr3U%zKPH!*kMO~Bjs&j)*T&UhYbV*f#>73P}wxubZ1j^>=(3 zqH0)Z_YT*Q`Q6|TowAoz_$5WMha}rvy7Bxn^1(NP!=gHD0w{7Py19E6f#Y zoI=0dwr6C|=Hs7PH#Q@}>fqFGzzN%+rIaTQ>+!@EX{b2vtLBahTE3B(F9pKX@nZHg z!#JjF4?o{_+GV-2+rwYmgT5pF*L&9fkesq9m$TFJ^n}g02%@oOE#FqkHaIf1!&{N| zJ2{fcv`N!{dVT3n^U1Bq9c_nVLLLg(D)7WJ-v9=6IUW$yLLWagn*tGfbKG z>_;766;CalI|NC|P6mHRtjvkuU#-l)o1In5;kBGt8@R9hh_@j??DF;KJtF>eSt9_@ z635^MO5auvLfmT#c$t9m?S?$Vwk_3n7i}m-vYk`#6yCRX3SNAOBSOg4h**fFUrZ@u~YR#bZF$*Dtw z-neNB_MX+IKvmrUzg}|E_V3lht}8adP4Se;&5&3|of&?E7UIvWeA++gzwuuP;WWZi z))h;n80Q%dU^oMF1S26s<;?8J+ZQktb^#FsXMzAEI1WAV?C>v~=Joc(H5$QpZD$iM zx8yW^5l^RxsC$^IQxE$6eqV_L3LsD#RO-!;xZev;K5T&F(&GxDi1(~g9VUp~AQY;u zCviwSDmpYc=wFHLrB8%R5gqV<#SVMIp-TWY8#Q8(ZKE}m!@09&*it$bEJ%+ZpI@B4 zKYe)u{(1K90vw&6f?rPl30|FCoIHLkeqN!a@@3#sSi8s?w@VG3tRjJv#o1J3MSvQsgxTq9wz!b`uAc7Wi8w-1 z1DgBPbPH!#`HTY{4nn0=DB#Y!Sr>S2ba{0A%jojx@&vrQc&%BD|Eaen=~T=XcY0~uhj*|a&H5{guu|9%dN!%@;TP(%B_+JtjrK)BI0p+ zb4uJ4P?uXfU;?R(>MgBh*XdQ8hc|OSK;VW~(ZX_pnF!4q5$ttDl?4`?kQXPYK`QS0hGxp#r(Jy$tgW_jU(C3dvlU}zs3Gk#R8`@L1N|uYj zNt!H$vvPl#V%2k3Xi0}H03PS#oMeI<@e;huulCqQA8Y`!73;X}e@L*{ayVI$WL%Y2 zBeT0heQ0&Ti+B;qE>aq!c`2*a1#b{h0TUKP*lp&%?9wQn1iqWF>m+7O9;=DkK8XAX zadn2nfMG1IR?`K(LS4aq59MCpoU%W{i(m&+h)++yb zC-oG^i8tfKnmgv-oEdI{W3~Jr3=Z}Wv+{p$Z~x$MC;#u`QOUglAJ$gOUx@G~4_n{0 z37Vl#QM>hBTPj49|H(`F;jGT)w=@9#U!`5I!wW_Hdq*DI zwL7g_NiL40H?NJ{G(NN)%Ob)dZxDklrj?|aUqG)1W=QQ;2!h@+={Md@Ix@PoL#)B0 z>y#|%M`7`_eS%R$duf3C@*-(C`O-2*#N*O3W@KDjA@qr%kgrCxmqbOkm7DOtdO90G zc?tVh#TNtz$Vk9?AtoL85y;u+yoo70#*4@g(8G`a=i$TuasIa%!EyBWf8G4`QSZ_J z;4j1;i2wfAU-{2#L?-m_zy9l{^Wm?LK0a!-gu?>oJC)u8d~SXBGY6tmct}oceWwHH z3gfwc`5uu8$d$ZpwWe|C0y&pC=#x)^16=fwfyYWnIF}tj1iSzG;djw{6N8V+9 z#6_7Jhzmt6|F`uW*G|W>2?Dd&R?7x`Zhfaei{Z$AcaF|aMF-1*2_WsFlr5ZuEtZ9K zX+Dg(l6)w1sqa#He*`d!Q0P5OUUkH9e-@;rcqPo+N2301Oa14z_1$f&^&LUVlr5LFcyUy>M2ABtUB9C{tl7Qp{lwPTV%L8PvOSb%a)(xTxKQFasr33DG2q+%3gB!rmUIA&4I zcu$%uy>o#=50O_WSX?T*38$`Yy~x}FZD~yD3GYD|I7_$)+K&Whs_B)7{}$c+QVbr> zaY%wVC#lX+7u&_h)UQEVSue1da(2QVRlumKEaeSnGAr6&?G-;bf)jQ1R6&v(6^$n7N^WI6y{BeG<35%`L#Q+}@l zCfIdYcJy8%CvmhBq>3l=b0$(Ff8n=utNl$lX{xu5K zDgB*J60vp`X31NusQQQRp*Pq|yhAVi*__d@Ggan{MO}Fa+Vxdfxvfl?GTA6UrMBsqJ4|Z$m-bLjhu_eVcNrYw&}?q&9L)g*U797(g6D`>ChIrW(1~ zBW437hz@9*%=;H=>Lhb`EnW#+9PeLf(u#Jbl}@VGb#l7*ql`Lia;QrFb&d&>@ms$R zPnyYs$I2)%jxb?k9l&Ty!dxL5OS7N$AJ52E)g>h&F&CWwL#y?juqh3H1XkG2C_=8o z`&6h?>~D~R`4^%&0 zt>^vz^GAL3OLd1DqPu@qBw%T@06Yxeh;6y-k0s8_{-<9(Aez%uG89RrBqFiub5sH}2 zkxzh&2|+Z%p(osPmXV6yV1%_54j3^JH`UY2tgY`FN^f)BQVS**oavRCV(0K*$B?2_ zl~5MK?}R-kXCeH~fSSHMr2>N}Il(w+eRsbu%ue(hEDkMor4f3}^+6^`dyD%6&>p$!FRND8JhaxUHL)S+Fq8&??mapAWf6}M<{10)~=1`5JYW@%Q z3iE$&cmLylo|W@|H&6fcPxJZTaPrsi|328y-T&I#KYY5I|M&82ef}p7!O|y97STL2 zY&}pnP4nURyIr6TNU4zuc`TC$$vf>h1O(0E0Gi3l909)zoG!|Gy*x(8Q*}Ma;1GOineNxC8n-gjF>j;D?^N1Ek&elja4L8ab-+=~ zaM$yx%b_h>4?xu;FYb6_U!;7R`iRgpjK7E_H%A1CtmXiwDGA~V^YXr)X7WG8>udq5_kVkN{f`&l$^UzJ{s{X&>38?F zd+N{mG@JkBC(o;JRL%eX)BOF9!^1&;H~;VB$tyNGR-KrEe3*yeS-<~G{7m!H4#D$& z|M_l8{_&s6`CsZdSRY5#{C~1{P`v-OTmSFnDQ;|Z4pAurQXO8e&1yN$eoW4zwK|?& zYBDQ;G-X-teR3Ho`?_$sX!U1#ODS7MT|LUaOz#`z-lvz0vLB3_MLF=sb)xK-|68AeU5+S{4e!}tdFBo|9_I#|M&Kv?B@TyJf#_w`9!`+{{(;q$>d&O4-G+E zhbn37*{FV}TXGk^h(quHWAAOd+qRL#@%Q``vvhmXTi+&*kCSZw zd)l4^A|VNDieL!PjyCrHv;PhT00~mmlPx>Bt@t95NnkJ-3o{L&QrV?7J!ziWMP$2Jzu|88ymZyy|N=Kte7<@l>v zs{{1(V8D5wWL|MHr)RW22o!u=2~?ql1HYt+`G&te&p9R#y^eE8*gNQUyB!;VaWkL4 z=+ij=F`)|Mi3lclp7hQ$fBtXp?>^t3ivM@8y_x@y@f1U?rg*yuY1f;M1dQ_>Bcu1g zcjAj;_+L8FN`RcCSQkx0wL)F^?)JccJEBE=-~rE^Fr|U6Z=Ifs14z&w);;(KMn8*Z zW0`01EEL~eyj&W+cNZ^BP+m8Ns(>s{5|#|_kEd(VHVa`J!0(KV>C%|bsBe6{n&Jf7 zOO%HA#6{3RV2L|S@OH$6q6Y?cmK@Ce(xei-w_4|JBqMQLWQHs5&?*Eg!m8W+X{VSc z?ZQ-Y3D@U5rX*>g+%G0W7^W`5z&^YwTDwjEX7KS1B>d>^o}4+J{LL@27Up{ zP{99~lS#n1KZXA==6zziaGuBUaYiGZ-CP8@&<-Z^dZg;WJ5z9_ZdvFy4mwT&)j!Ms zGrAb8)`^q|am}-6VJFT_!CEKqd}3xNEc82d!tKIRDK_WNGfW_+8?gsIa8%?CSnGT% zQL0TfALp81nQSFqYnX2B9*O4M^;-sVV)AjXuakiHED?p{0uWJ!#;JNj$ z154ycec0uoX(m*p(f+c+Xt^w`kFhW;>XXj>daqtR_!6Q>Cp%R;Z4NF4>-V%axs{NUrD6c|;hKtU?+$&c4c&w{{$+uP%UaFtg9&)<729wJE zT(=&WI%lunp7h+U0LFsXS-4HUBNED-#5(OuB{hy{>0H?8s7WQk5+sRqPPjayFd|}P z>!`268mYYO%2Um0@Kvom4J>`Hm1hQh9&eFpno}+f8a3WUSU=u+vIzbC?VYCeWJU)b zeCb$(?p}8VazEZGu?X$&n^uXK4;SwqUh?7kwhkq*B^HNj%gu-{E3isfUzfD1Q}h>_4{m4xZQVfA=^3|Bv%*ZNX_GGaltS=8#vt^(1KPl_hYL zqWvQtSiQ}7-jAsmagGO8YOi2&_V!uKW3Efa zItAvKMhvsnINf4GVrI4FSyp_;CWcP=K9p z6P`cGC}_QigUm>HsiRhrP_ipEYAms+S8&cKiQ6WXScD1)CKd}^=*ILl!Q{fCWh`U;DdqY1DZr_$=hn*8jc7{YyxM)TS${c`%4rXH;IzbDYTJTt?sAel(UthazDgf7MJLHK}lP*tVP9o9S z>2Ckf>F#v4_jf*R@9(q+ZF|#(rH@cx3wzAP4`f&&u*&n}x5m04%Wo+}W9m z|FiS_`9}YLlxNGzJ7~8-pTAj`KYbyPYY}Q(LAlA$pb#EXcS zDxs|ZC7EOcqGUeFFbzt~E_GXJMpYZ=3x#sMAtowQ8;bBUG1Y1d`NZ5%lSS&4weWq4M#r$c;KOvKy;ypMWoN;L~AT>ai1Z9ufm8+jK`yt7&2Vz9p`-8#3 z4}1IDnt3&-A~P2f*s_X+rN_9K^d6M#)H5{FN5j_btqykTgjuy?4n2#eiy{VyE{O&m z_ApqVq0Vlla>m-!hAB{QVGoa+EjOPgOsdN2|6|)}j3&eq#mq*J&uGLl)ZDF#Znn`i zas^%iwVBD)msJ^kHlJ6ZJvgtoSz?c@r`vx3rgxys!dNKeZT@SCjQsZ*eVe%Q}?f z;$&FIxSMMQ7dH!iYW!-WVb%0Z+{DXl!{7iR)6RXi4QyjA3gTRBq2kZ`2n2bkvUwGL|SsX zC0h73p>|Yph=EBMuuRCn*svKO;fQlVt8J4gVkXmBnz1Vu)1gT>V13KbSPoTuO+H72 zkt8Zco?yauyu?5vnRo_eTY5&;!WmRaX}<gR(YgK;Me zGOG8lGy^v?f>R*CtE|l8X#QFkn$_86aM5kdB;7P}KeHsNA$ZBqM07TmEuE~!= zE`?g9H+SfnxvbB4ywuoM+Ab1`s@iuWD~>S)oq+AGQto@W0rWCi9p7_>ppsLL}y6m%# zndi3qu2LE}I$==MnJaUd8#Wsb$BJdX4(IYcQ)f*ydc0 zoujN^n^?JPVY$FYEPeHxhac)qGgS1rKKCl6ZTPe$ENsDlh>UM3W0kLpjm)r zo|YcY!I-ebw^RF@u*#KcBqJ6|@N4Yq7sPJ5&bYlb_G-l7e9&=Z-7=RCx3|4zYDhAK+graJO?$SxOl9ZJ!H^fzz|5&vnnv8-dX;Md6dU|s zWE?{PH;^ziiH99mCg0wAI`HxmMk%+cZF02xw zf13}}K-$-o4M)=Nf#2Ts8@`)$F2%*&??Imqct(xP$S7jh(&w;w7*ZP1XtnNF7PC4H zG9J?lIxum~|DnSl%;Z=PV2WW^<c2!$&eY|AP5>$bE>L zeD2m?I(?RO`b3O8;{fpsMT=z}LS(=*jB6VY+9ooUYvDSg84Xm0YxEY;p6S|?;qrR{ z$7RtsY?!cQXu<-vV8pNK70p`KT_?{n9Y9LEfhYtL4m_7dEF}I3ZTo3voV!DkXk&i@ zPjnzBP@44<7eO0Eg^AMTVc_^-*_$Ne{@Xh$FP%P<1}n-`}Sri>cO(uBeW4=~e(h9eF>h6u88 z1zOr6L($$?96O#E1}0BwB1EhPH4_BdicBFvbN`+0-uKl)8T|ts7wi4(CR$(S*W37bd9JCQ(bX_pzib|o# zz=%NbzbVG56N)TQuWOXj{YRKADFGZG84T4=ha$h}AdSaIT5S|GV&J^n?+CG(Ht4XGzTD$N|dlKcT_N27D@ueg%wlL2E7`M%H4q74^4 z(4LdyRKg)7yi#r)!6BG6LLWVReD5qWhxUc8#DwZW&cujD@6mYu5Te90SVW0I;usF$ z?4?$5-ohcglNk+18pcaFgr8V^MKh6)@y%;EbmCU(SMT5uUeGHI?F@9b7CteKhw#n&fmyrc6doA zENU5#LK0t-i8i|G6T!k`o(P!{mPm1UeAN4&qnB?^G~?3AJ3)q2RX<5WmX2tqgj7qZ z>h24}Sdu0YjefSZw5ofQ%TWWJ4y#mJxT0Amb@!h8uwVUGmZYsaGOLuK!xt85p0o-m$EYaGa^&?H*GFN=XJGoRwe5Zh6 zaJSC#gV5|_@*FW)S~v`Db0v#0?xQR zO=@4YgLAL;7MscYv@Iq=(s9FA*FB=)^FnSZE-lJB<$=9d2j^EAwiI>^WsQKVcE7pk z@x{r}+mp)cTAUEKG{)bse+m}SlfeLO9N>&6CDjY*dqJ-ly>3Djk=)!Ve3@r0=l}oa zeY$|0%YuH~k_X zuZ;zYZdf*ea)V%uD$mwvPr1AoWW`(2bwYVw5?=eCI7DBM1Bw|ydl!4RebV9viUXZj z7&ohXaB$!iO&6i(ZO4{taE8N`OFxHkGpbf?Y43`bEv(W@(q5ij5xBocU-spdi^L$PEpZ3;WpZaIv{YkXHX48+2@^>%gujHYP?zhqX zHoD(K=zh)dAvUVtV?1lo|7!E6t^_X7|F-w`cWVB>-Q8|?qyIg|vnKoBnm6Oac=#@N z|F&^~`Qw;P8(7P*PtD$GJ!-dIMgF+U$UWr08y{~Qf3>}yyaQc8rl=2=vOWM4awh$0acf()sG ziJPkd_}_}&x594*Un11}xoG7E`p@@h60U%_LdUOS<%XW4AIpm18-DTKU~x@jKh>Uk zzaZ+~j8KA#*PhNm-XL1BMqUY}vTJi2n2H-@*ys2{KG6H;e+xCHpFhvwjvJ8te+5sT|27=> zUF82x_xY6k-|cSX|D!z1$p1=4qWT(8i40!}{8O^UT^5Gf=K52MLjh=+DD}Z+;dtnU z!`{k?GFkRL6anpzWCHoQHU&%N8L*VsJh^l=%#x=4Q4@hWhYl%pUpJHcL716w<^e$m z;wtnv>+T=*S;zW6Kl;zY_&1C3do7V=_5AlEZrLGM7mlOA_6l3%ks~Uzn%dJ7>a7 zKAlRQP|wFdGiO3m;(phpW?ssKdfjTKgwp1xOoE}v(PpVsvsmcl7q%EpuBu*lnxw}+ z9bLSA|Id?)H>a=9DuzDj3~8K1F=Rtvre4h?$U-{5c>VwV>;3ubi?>Z+K7Xs^jAEis z5V&ate8UBe164^!*3mEm?f7qi?oPU`1?=6H*1mKjMmH3v!72c8p)5TVam5#a6vIiT4*GQ=yf_yi#x&g zZYQ%v45cbw%bnTnzrP@) zGCdfOGGGp1ScH`HS`(cwPns&@SJ9(?g*ZAe)=ojaGkw!n7Zq}w+y5L;?4~waG zexI6MS)Lq;GoGko4M5b_cYSZCOrbSxQ~G ztEw_rO?i0z@F7&>WIANA8%BA8mWbtzF6eI7@_SYP4~bzlbFJ`ZiyEmUP6(Z-L(q z)xXyx7E>Mk?Kl4-PZE|4fAjwe5eE@dn!>jFols|!wow@VYzjlo9jFbM-}MDkvaV#a zm4Mp#f(^$j_LH7jQ#wlHWG$yld75A;K!d3BQ&T zr+RMmBih@a^XRmCoCLpC(JhH+lO0UMTC!5Opn_Z0j`?iJl`);JS`fhbvIWJU2#hza z!-_@F#~{@8;CW?lu~=Exg*ulnwCukNcj%g5FOSS)g{4N^T^xP*zc%ulw3vUMXASp% zWnAJJcYq7*fA*hG+yCrrZ~Q+V zj7yrrNt7y(-OgdU6=~w@i#*ez;n9Veg<$&yLn?)hB|sw#IiIrdQb3*pfrMTcIVVO$ z!kA28M6M|GDNTypGZEw|Pr$edmr-^zdd0M?tAujCFt1l9{K7aGcb}I~i=y$BM7pRA z|APd(SfY&;Lvu`L2dExlWK>pBbuA?C+s5?GgTnvbCvtTKVCpcgw%#u~l4~wrKbV_; zG}jEH`GBtJ>|{!c&pszwJJYJiJwBo`w8G8^$y#B1tTuI!wqEv}ixo#7B99Dv++b;%~p>KP@VtUv>zs|IE(G)0q4z>_h!&%xCFeI*m z&`yaQ9Zr+Z<`9~yc}XXWD_+ux_h4J{HSGTuW@T8g|J&Q$-K)ia+3oHeZ1#VT@i=kZ zzFRT~%+tCH$f67zOJvu$OTd@~Sv8i;sPTV$tNBpT1@Gh+gyO&E4`hx)L((2(e0(>5 zozDHdh0KX&Ea<{6nM6^`b;c~HvmI1BGyF}Qg&1zi3n>4|j6zQ;_f*#-S|oZbQD*|4 z=qgVtaT(SgdC|@1(wxg>WuIcBIF#vM7J8JLqONbK8>`QbHP04EwF(PAT~OFC$J0iX zE6ux?=Tk{*)|s%TIa$priE3&|YQA8CnmZ?_d62|3Gn3NHPDry-GMd?mXquAH%uYZv zC;7~R#50woGcyv-RFciiNHkMPGSi%3W-7T%qj`#xRHiwh%z|Vxn?y3JKWotc?IfP* z0JbpxM|ZF8|F!pgd!zq9#xv*sXI`MkKhR~(ALYhnp1NR9c-3NW2C6-so-WO}uJyptpwQhDwctzO#P`Qo8C(Adc7FZir1|AP^Y$66s=wv7eyzq@}>&;PLVd~b9A z|0vHEoD(T&mY~U_9#_4??B^_wl;WO}@RAIv2t0GkCh`;o35XGmV^Fe8YsD-XwjiT1 zk?e}%-o$xNlE~YFgbsBM%a{;F>PK2lSp=vgG0gEW<=yDnVw-;QA zkVmxR#VnCDd#^QleP|rAj%T6{8=tZ-J@ojjJpV6Fj$XVv3C7X#Z7lHr-`(Haug(AM zg8@nhwfKY0{C|{Zt63@Y{_<;~`*nkEu)Y2Jch+5yjfa64F&amxb@fR!q#aYbtqZqV zGT_-58J)y`6LJ#M!$C}BTYSt(MxVl8emzRlY7+}uD9h_c7PjGeKhby$$joTmtqs+b zNRuPl*l+8Y-h%593r9e5$yEy>iQ|be9uV-Uozagu6|&7DV2Sah1euY+fQ8n1Xu z5A`ue80SLL43SV7vY*+tl|Ev7Mzq}i84wla|s&r(y0gh?L;RZf@_VN1I?|t^m8)U!dpAOErJkO}0 ziS%23aWmda@;Fw1+Y4^L=a+rz6!+zA$$2dNmM_WB@A=!oUeNV#RYi03p<0aDm`VH< zrnxHB?T-DHKc-_1c&FQa#dIy?xWz?pZ$H2dAm^v1w~_;<*yv<*%&#aAmn6uPcotW) z+p{;HW?uo#q@2EczX2gLH3M$oLzRdMF;fUN3{^=LB#FN5pWj3gqt|U9VX=Z*M5eZ# z(a};h*kC?fNrqLN^++kOZ$}i==O(BKRHr<;fj;MIW_&6csWXUkln$tCl zV~DAm_xfL=kRnQ`kc{U^1TnkRGQkeszjIpC#s0M(FGDkGy+M0#Bq712bkiZv_Bt}Vz}O*-cQeLOP?&rg-sC~+G-OtjC96~1Cb+WUjS!4G@;+jC@aAxrlfq;4r_ z_e(i@j-BgM9qvH2O^r%`>%8Kej9zC9Z&XlA(1?nXG;5cjRX^{03C+4Ucm=ZxQI`^z zHILOmQ$Em?tpdjpP(WYlkG2w+I*st`a5X~2VQYd|)GA?Oys0n3vf8h#nQxKfD&9)C zcV>xVHltH!G-4TQsYV@DlUJ`Nic`xZTh-1!3=>vdbnnQBjnLM>i*y9~bs( zg*BWz%s+(R@9*sF?VDjX=j_@k70cUwiylY=%aJt=om%^-&a(Bqmynrl5jr)*1(B8- z;zG-*3~l8OSq&;43aPP(wRT+w166#0_0`k)#!1_T;@m`VNPl1@y0V{_2^?BnUVdZ`)Yl~Lu4Ih9`IQNQd{Fb7Ra zY2t=`fXv{T=DYPOqi7Q0#)4mi81X!gkmi=es`B69M=DU!kX-2+aB9p3`ZOf!Z;7_~ zOaOs?#^?aX9Mfwk?IdAJ*JA(CyI|x%)aev(VQThs=~@jy!eszQvEVI8jnM)|D3ToU z(H07}<(g?ipF*BwRHQr+?85#*niMQ(KDtU)!IBoBKH9`jYycCUV;+(z3lqs} z7Aec1g`sLIs8u<$hUcX!J`dRzT#=YX#tZ@VQs00Ao~SHt2|BYjO0Y3Hn4qJ>`*YQ+f36krktEE6(-v)6A=dKO4H;#|;b+a!vZ zKAtNBM`(^JjM*eN+qhx~?YRU=qC&h737L-XFipB9qp&7sDL&61QtL-lN2gLtau95o z+?5%Mv6|N#Oq$Txky%*XgFTnQNatc`!bp921Wc-Cld}W@@PSz+(0|KlyruR;+t`F) zJfTsAm=Td=ZT&FQPW9sJxanzrR=@wDBpTCT90fxz)7eS?oM)l^&q4kEXLomh6aV>9 zp3k2PS6T3J+yg!0rFBgGdsH67n?l}ko@Gjt)2DA&CQKU>@S&l;`K;@H@S2(!nOlsP zEU{)fO~uSAf*G~m=rd7UdTR?V>>6V)7S6a;YV^$u*Qzp_tyGpc)FO2ga5Rwm&{cgY zR80KXQfpzKhI~v#5d~AhF-N4-T=p3ri diff --git a/assets/stackstate/stackstate-k8s-agent-1.0.96.tgz b/assets/stackstate/stackstate-k8s-agent-1.0.96.tgz deleted file mode 100644 index 56d400829fac9f7448c896f3bc61e8abc475c901..0000000000000000000000000000000000000000 GIT binary patch literal 0 HcmV?d00001 literal 34919 zcmV)zK#{*6iwG0|00000|0w_~VMtOiV@ORlOnEsqVl!4SWK%V1T2nbTPgYhoO;>Dc zVQyr3R8em|NM&qo0POvJf7>?FC=6f!R-Xco(tVm_B}(#3UUYBw+>YZmzM8~7mXkeu zx;Y9&LK16=U;)sMHu3rF_YZF*NP;3M$xhl8_qUBj0y6_(Fc=I5Gn7I1iZaMh_v#t# z!Wjx#?|2RgbCz%s{MR;~e!t&;a&RF2?f3ine+T;qgZ~;FJnirG`+HCNd;irR91ixL z{1@nN1$)I4QwGU@^*6?qZ`>c`fnkUlWIhh*umyk%84U2uaUo*?a(vu#5n=w+N8S)b zkgyODYcbEKQ2>|S5H8RVj5t?~I9Guq&QaDXSMdaOuMwd>4u{}}zyCOJ2G5;-xBr8+ zI6(n|6e$cgzHPzCf3M+P@3mkQB|rC_zSD1cC_d04oU!N?f*vBL z;cv)gnEV4x<``eK0FdZ-iSAq!>H4Zn3jl&5OnrvQatNk=fQG%E({uUkp}mqSNrU@N z-x&-zNd&o&@eXDrMlBCfm-rDAgnqy5O9rk)NpUvZmv9f z`q~rh8-G^F{{XvJTftEw|NHv~2L<^**vbEUdGZpmwz$*cW{!e|W6W3|+k~7yLzE2x zox{DuCqsx1q4(6?A3S|BefE6vbO7N5O`p2n)5GcW=ljnOo*wq62h-_v^89)KaPsWQ zbaHU$?jIZ;K0kE#4&2rZg@{O*+1~5#9d!GL-TnUMV1KyZA08Y!`v*^+9zOkRe{b0D zw|637#bcfS*D#0?-I@Zpdj3D{4-WS7^MC*8U^oBo<9T3vS`Wa_Vul6a8WJB)0z|=s zmc49i7T^gCxb}!XF#=D*YyLL?4}kpQ=+_R8PzbtRaKc{z@e765KEdGvh0MUkFpy#g z_#wj}!X9-5OkQUQKHrugpvWbNr6|)pN21@Zk5Y+)eGoLcD~0tQ zEItQI;GwA>q6}(|Gm3-24`&iS&0sPhspdrle_G~7QM_|v5^!wi{D*)Gg8(oBr&HhM zJ!+_aymm~2A!xVF2GA=%8qwfA417;)Jj8H?d`tifD7a2PObK29H}K^SqEK-NrZAwW z)ylKNYdAr&S0oz*@;CJO05B+MCWzvgxQOze;!6pbEQNkOPgHKr(GpyKbo-Q| zGxk(#<1_#Z#H|NnX+FC~g!mrf$dbP~1pX1=srXv}a$072F$fR9G!BB5V03{TsC+#E zuJr&gNM?wQmXx6dhjl4_gR_y^t@sppC<^dWOudH@rqt)-EEkv|2>dYq^r&Tm8G^QW z+itaBAf$@mQ_YMpP*cFslSbg3quf;Dyckm?r>=fE1nu8rxO9BXIdTq(heAJ`nXr?W z4iYTsaqveW@I%jcC0F7pxS1n1M{+-wOlAsh{2%}m1Q2hZ7+>BE2}l4LAaTh2g`6A; zL&C-(_K?`p4F#ViKOGn|JaQqQzb7eGYR>e4=Tq?)FGgjtWVgtH0I{kkQnUz7QvlM& zTu3@~*QB)MOE_*!8D5OAdxh9JWOGj1=``ClfQru`;@>@tCA1wI7z13g)CTh)K?dVoIBh(3}?s_RLvF2p)A5h z8Fk%auT$4G8L}|+oK`=i3nGGRBIOts8=~2!*4$ zKUHfV%JT_~7DXaqw5TL9DGiR!-+%@7;sE7v2rCExA!0X}TwN0A8gn$omi^uUv8u>d zEnaga5fQ-*yEr%vX@p#{=oAPkmT5qYuFOY3*S1o^_gk61$QQ`4i*1b^A;zU5FAn@E zpeUFE>d!*t0cGTKAwv{Eg1G4PoK?}H!u|McolFZ z>&SJV*HSW8qt3(3toX)!o+I~)Uc%WiB%U9_z-Iz|fNweg6L*d%BamUjMakTs%^h%N zz75bd3iwh@xsV+5m98Vo$#=@OIZlLuD8Z$r1@AC}ut2GpfS}uzvUciQ7+bz~u(3uT zfxxGXPim==QZ1M`|FStj2wb5h1s^$KA3NY97l_tp=8VwwR9C~N=1YVO|hQI&eZE5BCq|0&!~J0m>+KwB=ocuTPCpbQTm#BFl5EVpQ7SInR0gi#sjbdTJ zShP1IVu2P|YC@V0^`<^4vceFw2haL%{FI&r{Ip3g$=XRT$)9WX()!(`s4%)o5wd_>Ctu=%!JmI&s5#gPCRVhhgNbLaa<`;Dbw}0!gN_uoAF*%&#l9LR(cw7 zVRhFX%C0k&cO~&M^3K>r<;hR$srjNeSlZglX?+1HvKTIOk(4ykNSs;&tfxv%s9}&V zo8YC|DdZ_(aF&w5;A{xm?tu%Ti>B=+Xred>&T-(o%T?HTDG-TbDb}>=5S&imVs=gt zOYSz31_lpN1BWH2dTvg^>rw8d(;6Qn#8jX@WUzY zfE!4{4nTxp(g7~D!;qS}i>*l<6lO`XHm6RQ5#z!I2fUT(ihCi}ZS0F1@NT84}AXsq72nUPh!7 z^m~lxTJ6}MtNhDqTJkl9V6YA~%wHfJ zGqY2&uc|4@mLGz{M214oZ#tc_mCEN+w%isbR1R^&8I{!D+LX%Cv(}s{rD~%|m7}co ztSY5u&1sdRqv5L# zZk8PONIQH8V89RwAxn>c47EcY{Zw^%rd_rT(77zo&9!CYols=LU4zQp#wc1zrfr)9 z(NlOZg_YYR3-0W0X>|{+vuCQugUvQ2B^}gcbCSXT=h>swX)XWp9tZIPT_EV4g@G7( zeXfL(lhNKBQ;F8{v9;tNyxss}f?? z-C}Lh0UPhM_MXX3$e7{~x%OS8odSM|Cy0cIAqw=DjB%m`^n1&htNh@wWhCM8fAQ1; za|n)um@-68&pY5XhTaPpz|cjc1Kwf}ons;e8i!<*EyW14UL~fJiKbo^m3F?IuSgl# zz@Tg-I`{&HGemV~ot__npg21j*Ltp`&tQDd1@zokWAB;bZ$z8oR)AVxH$44LnB5YL$kz#M7{-7 zzt#+0)BcI!fWUUe0dszLBF4;lK(YA zf$+ZNG;&_jzD&Y4j6DD;^=D$K<5Zb7q}xyyBEtb9DPvtGKUae_s@cx-;B?CMf64`C=NS-ZPr%@}f6;nKAQbGyy zz9upw-g0G}8GeHn;!mL;;3?}0xh}|=;Q)p+Fh?*Fb50(9cf>aeL!mn?V#>e-0Z4Eh zdf?gNU--;gZ)KBnFePaS_7D1R{1J8h<&P~BSXl5iR_UMiqg7R?q(8K~e4sJ*fh zeKPA2C0pYwK)ktBZYz~1mM%C1d(Z085lRObTAPxjLNzVA=n(8%*&;`c)=z6uq6=40 zp^6Q`{$8u)N-ZD}E-ns&tcQ_V!bv|nSBd^{a*aaia%|mwD*#I3Az9b}B=F>+8JqDs zB)mb4_-03pI|%`vXwMnG=OPQk*O+Bh#-sDo zJbeliU$5&^ha((dsb|#aB&Lg(_mYNabQAw5ZUyQdOg43^2sCR{T63~witC%wj8QhM zb_-7fid4a4F|WE^p=kz?%o19ta=*+CoV*^Xc~e$D#smq+CaOG}JfAY+Phy7n-V}I9 zc=#d@++cFW*HcBWNksmzw029Resx4I;jHMG&amz}$%d()IN$j5U42YKc}u~#{b|^8 z9y|c249p>wPTZL5@0`IYBeBb3l4zX|9srXP<23+((`W~OAErAx<+K`MuVeUfcZ3Gg z0f@Pd2?Kz?3HThu-x!jLaizpCnp~juL zp1LjvCdkDLM8)@U`hBdvCk7mI1WjWVAEk8ObCouVhWtP2J3efgBLBuA8jAm#ZyAD% zq4;mBIjrV=U&~IyI z6bD&PkF=XF^0vb|OZY{0H$@V=NnxQ(t8?v8Y%!#XBbmJ^fCkHAo{Tvr{=d0~9Yokm z{m$yp^eU-(j=iI_swS`u^aj)t6a~t)n{NvUFI|h)i?rf#TG2_&z&5ZO&>3OR^C^i% z^o2?6%}|MYou%>|doPn}FJv`MqYdN+6jFu>oFU;PU5f)pvcj>fpsC7&*?^vFVWo$R zL3h3=-Hl{Pl9qjNlvZ-UJE}a+{m>JJF0nqG^XW|)S2ty)qyYuI8?-_A!bi}p)t_&Z z!kUz{`UW&4-t%>6kjE`=V3g{pN%akAK%p05zup+0=&}wtor1I`BuLlr_=*sk3)c+} ze~`v3v8BLzUk)G`DQg`cbj(%sIb_m=$MW)Q42fP%e@l%wf@^P-rF4*P_`REyd8v2`8p%Ne@V>H<57Z zMd~WiCQBwVO<$N^8+Bq7u7f=}6-Wq3t8YR>qG#43A}yUzk-pk|#je>GYMC}W!vL_+ zat9fj#z9RwMyj|;hzVi?O8js}P|Y>>RF~B>B$YQ=AqWnC!;@O;1Hs{c<4L+YsHz)a zuZh{jx*b<*3Qo>dK!Qo#2nxj5FXl? zax5<>FJKgjJ9m7CYgnj69Y7GII0V@puKc8+Egf*2!c_;eLvR!z!e|E^xy--znU81( z9E*F!v;)rA91*I=KB=ATg|vZjb*pqKW1O^kTwIXWfAj4di9>l6v1q#N7-sN9S;+$& zg6I8Ks>i&6(Q4X~V$K47dI=fS$2Iy!4HUN$Iaj!INT4fBh5GQugA9U*;0O`66n-+P zMx}{MV>1{V^t5?%X!`4Acz($>D}RnNIm;WC^Xt@!I+ z?y_C%vI1Q58ds@1V#|7$BZqp^n;XT$l9dRya7UxenS3SQt=-00g+klyg13q5k=|k_4ly}50%Zzt zTFGu)0O3t5^|-TXTw8Fu%aT^^a#tiF=c8G4&P?NrrQVsemS5%rn`h<&n{TERHJNjx ztiO3-%o@9uONZ(MBg#M(%(|ZAiNo}>)N4HNFMAoyjcN@hvo%XGZF^r9 z5xii~4@wX<+JNmj&z)!8!^z<3bBIt0#5>r5RY>5Jg0;o(U_T>&S3qnmd%7w2D z(HfF>uZs9h#O@%8Gh@R3mTyv|RBmf!NFi=>SxBMY-AxKZpl(g6t8<4!hR8G43ggAf z)q=#Kv?*)VQC0+gDAuhAa()rvj=BDaJWfMlEy+aFG%PDvAlG6xN zY2W%`gyNWr(+HDGAoxvrE{XsGl2YR>^*!W5A~P|yin(G|G~I9|tkd9DE8UIAb{X0H z7BGY}baoSF(pwdhI(WjdU#51L`_#y1B)t4ZvLo%EEt6Y$TocNd}$emVIkcy)4d^7ygt618EEY3g8U@N42xC&7!j z2$B{p56xbZU&QsD5<-4?_u}N@?aAfI2pqqDH@ZBz0B?`poM@U%9x{A$b=Rd=%cWAG z(>p2So-_fe?6l?NLEXzz%g5KghX9mA!h1u`Y(9!HLBPd}MI7o>Q#x=+N`tr>Yx6-A zX)h!q8&j*iZI(V7T^=3(GP*pvJOS@6UhA&me`=d&IzAb*riczD7+!kRCJ_`8nqm?R zciA_;>1S2`Pp&*Kpz|BW;YK(r^8fDd@8$FVK6$c#xXb@}AJ69&0PXMPNVkWet<(DQ zLGLOCz+~3*2%NIsUVres+kf6u{ zS;%LBD3wokZYD&RTq+@`5K5eqUxhGir*yRCUGui-eZl492T@bq1Mm^$=nHlAJ3Hm# zeF3+LEhz>-J0^kNOnpddTkwnbas|x1GiZ=vJdM40+bLo$shT6d(1bQ$&)Od{-%E%T z-$e2J+ajr*{PzelhDgYZ{GVT8_uu{Q^A8WzAOHGS_h0{VK0Ma%AAR4>RKLwaYbQ%z z4MMVjTDHG$bAwiQ5L)KHw>Gw0pPj_PMSb>B<=5naZ12kZO=ic{=MGhO#jsdtse&q7 zm|SeKey_#=3@$uhjZ74E9+!Sgk^Nfo9oYFVeLmR86ZKFSFIGdAx52Cp)FqO8VyjB2 z8)U1B$h&2wjj+DIwY)99%fGp;Gf}fMuEqa^_x$4pqG0$VaNf(^LW8@# zK!Ne6wQ84#guA`faTLd{49_M`q&RF8di=8=`fRM-7{vB9R5t&vc0$EEUs_j~MXCBb zF$;IKAzA)ZgzGLS3)^setKnF`C!iFabs(<*S__^L=Oh7?zN-Tvjq{NJNM6;cZvs;I>_0forrQVbUq)I1hA;MBJ9%h&$^|BB;$ZY1u@`%Ht zSAH}Ogh_vlbX3>$usqjE@;qe>>6jT|={|pMPD>`pAxB zwt==7@2>>6Za7~?zV^bmd&Er)vh@cU}NoWuB3At&;5*IHP zF!YAtSJ3WF{IEyo?G9*nUH)I>&N2AmXJ14Eqk+G0pbr)}^cg0?aYXof#FK^3#94&n zI6wS9fCdOfV6fM3gAc8Y(3Os!p#AwX@IyCw z-rf$I)MRi5Zg1O~*mJ}CvfTuZ;q58Gq40XBmZ6HqOB3Wtc+DIB1%yhJA7r)1AsAhb z#_36$`1AG2<@nXv=u!=@FxCDZ8EBKvOekjd*ts*<3iwvY0w^OqoiQqOlp6 zIEJ@JZ%)?75+PS~;all1oo$m1{1CLie`q1$QP&uhl0!<_|0#~6pHJRij^CeLj84zq zW|1`IlrMlQSSUX-oVxM(#o2ML32AnwcCq~EpCfB=x}@!rk;s+jnohgWok! z7vq!HC&!ls+0+(3I@wCE&wd`iK6!sqoQO5VSmJK|B}uPQtYs7`WrlBqink}1|2Vt& zWqf&YbbR{u=LRybQW&xhSz;aKo$W_HMRjY;8PcL7Oxbk)SQyqcN(fkrm zP=MIw>(P5e{AoepXE0rkwyBro))LF4x`;!*5z@Yr*u6rGE4fy-zBnC^&W?XMxg4J# zUA}5EcdO9Yjfc5$6;7?fCC$!||LdRQSC^OPqf){Oa8@(8g10s}OQVE=5`2G!mL2fD zOa^6~g(!gN6C>~>ymoMe!aQxCKa1-6wMmx(xNRzwqi8KUvfC)C9Yk|msRY7mww}g8 zAlyV!hL+D2S{4Xs+{_g#3<|He+wIl!(4G}Pqwra7OU@aKenv^|?MUoSdvgQ>HrMY& z$V&MtiI`cu7FAQ(S$$tpHQjpaX&nT%i&zRr?uyeo(6e`}v<<#+hiM(qh1*mLdj7J~ zIIgV{>1^a&`o3xW5|ZdDfoH|Mt+H~%(axRtm1HsrXf3w#@~-0DkuMV{kB zog9xVSTb1dv%%hzRx0#G_VP4xui8lr!R7I}tv26h8nttLm9Nf8y7Ae(UJDJcg2KH% z4oRIwnI?sB z4M~s0Vb3K#7XNX0K|AOKnkLSx0-6*w{;YxEN^06xxPd?Encqu+gi~4yKz}Q(?D2+? ziss2eHQFN!hKPkll2Smuv_J(Ue2qu|mwTn{QvfsNN@4O{qUVzWu*67Q!3{Hl}8ydO~SDRRVsJEA&OU zGC&uBcCQWE0-z^P-;Q3tZYxhtP5TAL>?c1!bV(Un=v#V%_JFFER#IhDN*la$2l%>A z{quiiOIpJZpyK@h;Bc^)JOAH%`ef(-c`uLs{690+SwDcxrxxG(SL{$S_DOvzE)UcT zhw&Q#syvprR&R1TZvmhW=|6uq1mT@J7u;~;0&?cI7dh|(vQcHoG)8~H)({0jcmeg$hDLT6^o*FF)y z8)9|` zkB~cYJg|!Ko!`M$`ciOCbJ@+gqe5`+yc>4j4Lk3K2Hp)hHQ^4N9I8*>GBoTC;r@Jw zaCAw#;?yeWdT0{Q3JBlRl~KfG zTrrVRK;AJ_pzrv&?tzHvsZ$#uj{+#p;sL{eZ~OVbBHsf7IA-8x4jI4{_zd_o$$^YT zpgm0(V&z9`h*g}d)j61Z0RDl%99|;;Lq$3kH(|x{@bYxT*Xi+#^Pk55eR?^5b#(Fa zqTyhQR_} zAqiKY;j6xrYipye5dZOBNQMgqAUm}pNa>AN=qSY8p7CjSgt)e}Y+c z{x?TK#AhRm8ejWOp33{b`?>SK!PCRNC%f~%`*=Qo?mY(A{$j|*y-2#kmJ#}K!Mnws zqak?Q6MWu#+&cLb>FA@O5ja%@<8xZ7TzZ;l)s>~5+)ay0bKiiNQ4V?rlsH) zKJ!8sJlPk2`ioIKo%)|ZyPE>j^H36dEMpGC1P9mBm*Dpp2L9AX9)M9Kn&Gtmfh2TM zo^c$!Nfb$bICrPN#rK z-BTGC+QZ&vi_KKuP#$spjQ8LF`5Jj5^Wj& zSbvBOI+JdZP_hRO39Xs8jR}m1AF?TE|Alt{LfbiL--oqfDyA#@JHw2|DD#PQjR@uH z5~P`M$g-3O;sd@xh!vr#tSp}OKtX&Rl8FEq-~B*zwA+!8rJCahk^sa_s*qK zB%BwJBC%m^tMbBusQpOT1Lz#?9X{c-W&1%k!w3QU?&39=#-Yp`TaWgHcPWMr)6iPa!m<)Nbu?9$@>$X>f> zKd5e36bC_9EuW@x-{^dzYe2D%elj0q0A}z~SWUsHm>mg|s%-LaMTSnqn+%1qPzGh^ zI&ES^sHQM=7F2m)QWg=P_-~P0)W#{I#Gq6DZST>Vd}JXjoj~6k@A*bY(3gJIV?O*b zH~u=DqIy{_Bh;~wwVac9XC`@h5>^yD`cn#`0Qw<-guo@=s!L|49pK_c1erexkUZpp ze6#5@zEhQZ4=VTkDO+cn`Xk>tbDqh(eb`h2WCegZKRn`niH_gi|gAJ2y@O_R@4*f>swK=s#NtloUvTN|e5Hs))Eh4teU{K`dnPixs zekM_0KpgtNXHD{aH&%LxYM1hSYbK(F-pmo3Bbhla-S1^%E-RbAPBHFNBfGH!PN#t4 z4j@u!|G-F$evm7ZdKF?e=VJMxOquLcY4?8QR10NGtnU11j#fZgV`r2ZB3~Yx zuZTr$sh=dWcbx*`xGkdeNmx~HsFCD|N+)jFJvD(-JzuMK( zW*R}db!y(nwGXLm9b8d)Rqw)>;qf=r#aX2XMqKS7K4b`BDy>>YHkZ~pOfwxz(c&7B zW4^o+1ls>+;0zAB{Wfrpjgu|aF|)c3S|1*7}++{F37lyl$6%}pLm1R8yZ^+8W|i-a$Xz8$CY%;g3U;- zpu@PbVqU6}kql4AznuKDRd7+tx+f`S{CtGEG5S3`@> zeLj6-&iN?ylq#*9&&Fss(KQ>3@=FN$p~+s9IC^*aYJ7S2%gNhsdaQ~`9PfYF%2QZY z58&568U4?AD$f72rZzd61P5s1hn^qK>Rkh_$p13f+kcwR|FS=Lx;y{Bk7tGX*0?za zBmccV$RZQyilnBP`2U77Bfv9x)-`Bd`Jp!iYT94m0KJfm(pn$}J;)#zlc~@tTqQHu zt)(*~)UYt>^F$|2IB)>!*v4#nK^};3EGityxp)!b5QS_Aa#WjX#G6r&QLFM~@M)(U zlwsumOmG~n7>pJGg|S%K^+tSm8jFN!blB<|s61K+h#p~T7 zaL-R8`JXvzsgI*d{tx;G`S=g}hr9f*_wpF~^i^v>&Eq|Dok&*$QSJ?lc8kEqi-7FC z&jknKig5w8{e6ev3n$kR8NChMtDKy^HV^Nf^`9p4KTWgNYyqh7|9!gmv>^YV40ic{ z?&WE&|HCMvsjB}n;feL6dmV*vw+3X$ppnd*M3Ky1DJ@S6$lUpB)lcd+L<3sw;Mp8rR{6V_ z{4L$o3Qk@*Czo{8p8)%9_43PE{9%YJ{7?-2&jh;YJR3E6@1SqH&J5C9sRm1!XXS=3 zdgiY5wt}V=da67;TCr%Fb1g$wSroJ)fI_@8gCXknyqHwk#CiJ3CD7APHj$ow?mD5K z*|-b~2$FOVH(h4EP;P^M7HoBlHThUB`OC)^Z_W5p7IiI)-4c7vK)a0yY*~D^IBXe& zl}ueYxdAHzR@DJr7VfFoQN^rp*}gK8Nfj%v3YAt$W{rSpnk#FEO{*epb?~$TsnsFW zG=*CUq?VsX)+t*NRjsVMYsOY9;;4$SmSvMP&YFeVRaxBXaC4n(Zbh^!Gqq)@S3P59 zYb(MlCTYt8NmI2I>)I2xW$Uk;X?H6GR!4qoK<26tYYo7ZhlR?wyGd}U%r2xVJd}l~ zOz5UOA!`P3l8^O5LNQR0wZC)Wipm(HD$39**joW@6>6V13TBk0xe!z*Pp>_+&Q__* z205xvpG_Ak3wtD=O@klF#})!6+DFGKZ56GZL{Z`;dM@TNa`OUM?Gvd>U`!tf;3RNY#=I2gkqRE z{g|Payso%6Vuo4LPd><0iNAX5K@vqvML&~altdpT0Y+|+h&Cqu&&9AV0mCXjmpF*U z;Yu_d_zeP*36+tRLm+YJSQ#KcN-L99mw5Q6^%@>U+q$|Ws+Fa?S4FofaVk046YR`QWWqwdfW_sb!Bo|w=6c?OM`KoFtrTR_wL}wMwCioZ*5J~Sq zNCd{qwXteZmO!W>!Nkj#J{f|~HMq8P64#u-uJ-@2##XJvi#reTJA0b=e?-{xd`e;w z<#7^wGgQwJq{{#ApnsV6|2`ZX?EF9O2(O_Za5fl%!Jo_J zWVeurr-}Sm+9Z_PWPKmND*4|($ov28AMEe#ZWKMpv>h>p`Lf;4bF@uy$jGa3K^9F zjj)I0UlI1?A8I+FM%*&RD^9XuM>2gt){d z+5n;7RMkbH7hykSN!8>NJ5qS_Ta7a0Y>AU1|2{kE_7XdOQ z#ax-j0aYz5@;;0rTHybDYYie)OVc-1J!KNBE2poj`#Eh@(#grI%CXHgUktGEZoLsg zp_kfz5?p>bBZyK|($DA|dq&J8~2pbDR=IaZ){1E^U^0?NKG?XtAfjBZOi&em9IO{{FB#mH@tXZyNM zA}h&LLV=@qamWZ?J&8e}{rfgagfYX^g@GT=DybDJAPyM}BJAmk8G6e~+-s+b3?AYX z+n~&Nxh^qZTe+|Cth@hf5&)<={!j7zXMdOf=U$#WitMx7zkM^2ei{wM2BCi%4tX8R z@7JCj{{c@k`M+KOpbGiFx4$}9HY`OQbGUG3!B+_ni4dj=!jEQ*KB{fFKE<}squS7 z^Bb5wMSd$~^~~Nq#+*#J$5lcnLf+}9LS37VqEa-)zBv?srDSMRiV@^4!|{n zx9@^ceIrk!^?%I(P!;i?o(vB5^5=j3z5U(#e;>~_BRlQ1fEsRf_CQCb$W$ec`36h2 zU_-Y%OK^d&>vxxRUoqSM9}>Ljj})@W8k%Akv#B~}lgZa>2W?udMXrCLs3w%UH;Nix z694MKsLDdFY%LH~Vfa@>qAHec8j7k2VHb-^lXN$+sO~5>&wpl!tJ>jbOg>*7f2N*i zv%Tp${*j6-v?|Wbs=!1IA_R$Te(HK8cm2xyYBl)Rr=!c0x0}M<&a$d3?F!H!n*AgO%Y@(_G!fKF6fS(A-}PDw~xsxhd={ z;HQ_6!IA&(m3+hn>zkwV@tdRnHGX+?c{Dox-&OJI>f>D%$7xl|cG0zV(Y3z8=vuq@ zHFp-jCTqR>HUiiLct$g*%#bzLkn{pPE5wtrz-bnprEc=p^Z?ZHdPy?a4AdluOZmC! zy^@<8C^jWHbL?s5XKSRHjZY5mr)%WVq>Blv*D+;hne{uyD(D*}k2WhdJ-ghjSHJn_ zMfVl<$L!}jkNaaHyO+Q}Cc^uR{8K9YE%AODFt9a#PyK_yuYJO~dsaP-&i~g80957w zyq%ej3UDrhy;SQyKr~N&f!Nfd8|T z|M&2Go%j#Czz<(N@Ixjbf^k>aB?vN>yGu`{S$u z8Jh3Uo)5qS@Jl>F0b;<#VTfGjU;AuXYUfX*Ivc^9lMv6A7^F9ewO_p$J;|M&7VmH%tUh};SH)zKj%f)@<>ftX!7upd|1QF0Gs&R8@K zMADD3JO+5)f7VwYXC!j7ANwuw$qjsD+!5=7n8@gfEDCJF8e$U2U?#lvy{l*Rf56Be zU!moX-+vxmj>bplr{iBv{%M4e{KOCmVKC0e72*wGbgUG|ahMN6Q#(*VgA2CeRseVDDXpZ-D{S;qT*rq3gz#jxWqT!5F~iXh6oBj#G$?sW!~@<+g=+Nf-V@3 zxtJOo?TD}^+G-S3-6tT3#$*d@8F}n`D{-6Ow~RUojI_E3N{T%ImvaQh;|Q|(cno|B z2>Lzt3G%>X3D_JZ!b}MtlTRf13n5>Vd#DliXz%g&gWh94H8Qt$BS;{_WC(iO?Cp)a zMz`MRl$QiY00sddXaW7u4`*tf>wp^sJPbn2K!}hB*c?+ETX_UWnLEQX^l7N+eCRxW zw0#}9zW$eFLfW?e_vG+N!T)2h%l~~pPgDIb7b8^g#He=O?Z$h;ovLVY64~r-PKHu@ z>8}8W~GRIy4B|KYN#t2zRs*|90In!tN#9fP3PY_{$Km~{r~=8|8TeezmI3_^Pf6C!n^(d-TDI?#|YbU2L4v%)b6>P zr$YX7<>&7GfA{kFpY{$8cK5&U<+*d;-jsv>IKn(b^SAEX+f$)5jW^<)+xX4*_2Ore z2*B?8D;$2mHb?HB`+U}t|6BI|9UK(>fBU=hzk7M^%eQy8415*eUZV-y^zF^`%r2Ar zANXk?|L@BG*JA(K>mTgo|Ghjp`wt)Q(%|P?@dMs11grdjixKHpj>s;R_U_s2sW1QU z%>VCcG5+^n|LN}j-@QEDZg-3ReU0_P-4d{M|Go^R_R?R?zb{?P{saB{@+odjKjM%1=I_>>oaxzrvKgMVim&^4AR}R~h#w;b(ICa+OO|+SIjOqH2Ly+a;8D5OAdxeC5R0^=D!Uu6RkSmcG*Di8b@iS)DCw?mR(O%6#oT_P6}hxBo=ggE7O@g#jXs zY(N$EpZ!7c{^!%fo&En_o^H3>DxJf8yhkn!{BU++cL!~2mf)L^5-aqaxW*_v(geLui@m)aSeo__8C&!o)$2-dE%v? zb=prp$_>O1DYPF9QM~ZOqaeUH$jf@eyHQ-SQff9yrO0c4;WNE4UihKEh!>6<#rYk< z0xd9EZU$Du$UKZfnXH`Q{Dw&=9n_ z=x^@=PJf$Eef^KR?i#rt|EpU6+k0}5_y6ucIo##{y_cs{_v6ED-T~s0@D--)rBB|A zo!WU2&-_r?K_7q{NadeN$ZRVozMt0e;Bfl|jn6NV;Oscdl+55cb=^!s-qg;O+IQkMn7Jx|mzbU}Un+QAVD>D-?(<&^26 zDU1Vl;_9mGS;^Lv#Vd z8Rw~Y6o~*^A8F){*+)Q8;D_-iQ5-M~pvyG@UZnLvnYVznZ-KuG`xAhnr%X6NOs*D1 zuQ>?gYQMy7@QW&P78y3|m=g-xvccn6Zc}6wIQ^2yml9lCP%PgB=o$t5Rll8?Clt9Z zUPR{vPkCPohNN*61tMM;4APvYITATBV&J(cEM)+clQ|+mHXye_F`@xj)$3$^UzKwinxBw+!6vGH^GE-YVvQvf=Co zcsBFHSyw8k+dTgp>=*1mdrx=%-}m#VyT@G)YavvF$49A9QdPl0>CA(?YWaztu+XA%58MoDe~zCBKQw+$oz3N72< z3z$4PK%r{}!?#D;C&)$qH6lkMoS{;@Af-2$c(yqEx$ykERsJ6bPYd?{{rz41mwS2mMEPEsk#)pZF#It;qcag<^#uE#;YgHC zUJzB{C}#6FP<#|_^0&7w<7#74tOLGx3F5-bhXE}^dmabDu~AIjd(5GGiQRa?#h}L7 zP0Nk>ONv-YjkcDL?F>DRehunF(t<1pNxwEALEc4(QaD2#W<>muO+ouFbodwAwu4Uz zvVTsnByzGo;hdayma3$(GzTOVL0j=l+tfd8V_(3>-#=^=dzkasqY|R^1=w^QX-G=i zq?HJ4t4e;QOfGU5w?y6*`Dgna+mL|z47>{P`5&5}zYeSBndf_Xkid&kU5+NaAR3VG zI8GCf3N5#? zJ1>K`)&|{Zf+hbSU-d5W6$(?#>Qk40>N5VVDv4kUq+Z)fFc27eM?o})Z{r2n->cI& zwZFMSd}||;F<3S=V)ReKYlkK#GNH!uYWixWs$AdTvF`l0%715$f`vZ|F+tmqF;(Y3 zPx`s@pTXh&{_g(Ay*v-VIb;lxkOGE*9CMj-WD@&<=Z7;8LH7#I5OrD)z~$VhfX0#Z zucLDm1c0-(j8fr;vyRB!$N<52d97xP(<|409%*I_ROG=c6_9Et3jwDs7bH&N@cGl5sF#|~RWt;hej^#Htw#K$oO zr!P-v%ZUj74Y{o4_#T2iS&rb}TFy0fv4?uCzz-QB<7+wZMJgKC@3oX^Ty#LM72p|m z==JQYYLeFZe{pj3^392}@V0|v_56RbKX{VY{|*kG?EHW4<#_;X9MEdLLcs#Kb4ZwQ zdSi10M!evN7Xf0mm z1@xW1GZ=s`CaoTjYksSB8Ujo_M7VgRv2f4iD(?~~VE`BxsiFfrV2NY!`0*m9?D1m| z5q#}?(%*B6g8<)fX?zWd4<{mabn7wrSkS>f=H8l_mGj?X5`1j6F6Uh061YGNk@C8H zSP>U%Iw_TE04Iu*sKRMT-jK|44&5tA#~=Q-#4*tt?B9P_RmW^`Qd8@P{N?KE zF$t1d1~11X5cSemJ?pId`0=A+BHnBidL|z+J^(PF7!cz#n?okph9U-_OaLZktZf_< z#rUHGPN%>ZAo2X*$P+-9IPQQ+%)}rW1>Lz&d=Yf#fcXmq zU_lH2s)bC8c8^EN$xY_gN!11Op#)NycwG-(KN#Hyu<1Qs-83r*$jsPWNZ{@Pya$ZOT02RxsOzj&vJ0R%_qZ@>b3abTfR{(T8&$B=k_2m?v6 z(R@tYIigJD&K7-8gdt3s*><*dG=}!@*AKTVs-pB1+E*o}lVciYek8n5iYM=92_-#;emv4+DJ(}`uyX7O-I;=|x23gA+OWlK>F4h1etnRU@cX8gAT zqRiKIQ7Gls(sKiWB>#O~JbVSfF)Or1HYNMD0S-KSjjmCUn}BbBIup#QoZIBhB>_~; zdNt{#$W}Lk5G}$F<#oqP0$uxhSz|>|FocUcC#Gz5$OKm_u48Yphm`%i)(TdPK$qzw z(Ld*^3~+g&@(#kDrEjcJ02}p;zKSJ(mGuij(DR#1k!-axF_Htmz8pyam9c6L)5emd zDZ;g6NmC^2OOvLU){`eSutb6HLYgD|ZM>Ku!r7{9eh5Q>J4c*{El^e51}BiQAKWO; zPRE0Oe<7yi@%g(X_6ty@tKq4z5gCwA`u#V)fcZv#Z2*?2co9WH_iS_~#p{5y(Rw)8 zE1|Uin6XUC9 zQw0Dh2+8}L&MNq>fc(mjMl^U21K*RhS~_PW_UPiuJMgD~qF@U6Qo^-tL>O1sA>-;h z5%Sct^uCS(o!yDBWrW(p_5~Iufp;RHNc&dr=8{UfK`(`tEqrYxlp-QCHfMgeo1_7fW)t$0txOI6C`F3 zRa-re@8bPQ%y)A*1RfFw2IK**AR$5<(%w+%(6dJhZ4Rv~w@vCQI52QEBSbP^#po&y z-C$rJfKvwMkmii7l#$qFF+oG{0GOok-vIngV;KB>s3QbD04@yqh(y@ysJ$*{?T)xL z)d7gPj;IX4-vmTn_iqf&27l+3B?ss)z?T%Io>!6z(I8bx70I?JgJDl$*!z2yYX06V zx39|W^KuWsKOo`T`Jvn{2(*isGI@e2UNQnhI>lrm1%-!01SU(%_;>*TTBaJdtRVz*T7w z{aQ4n!1!vNBrU2TC<=H94u8Xwb+8f~{x_bifiuayvIf>9Xy7_{lli<3;uU!Dv7d=8mZtil=aS>vXO ztbRCTFvx^dU8AM15=fZ{n`?BpAI^xdTr?-*R99_|b-ih{-V_pB6{6z_G(;&v-N|4C z%`qnqjcXuIydKxU8}U_yG88fynZ^yEzgUBY^8}6z{B@ z)Y3C44@YP)a>qMIOEEnmV~}rs`Ik+byM>mn)9Kjrd`e<*o;HcS*;+FD9D6SlC@&(C?r`aQ-Bu0@Be|35|j=J=^{pKgp; z`CYGpkx#v89IQ9^BUO97(WeX(I77k|yv{Tn$@<5#eslbC{!3Z1rtTu=KR8NZIN%*s zCyjpS2_w1?V5!Ui4TZ*~G%Xqi!oGPfrYw)(p&tS&&5w_y;|-qZ^He`fwVI0$Y#ZMj9^U-=e) zhKY~(uiM*B=D51k)#_QlW-gl$m<*#%IX zC<|-u91`dXtA;j7iBy{r!4V>C$;-fW-=X^nd3*<%+w-QKDQzhw)XIKw(oV4$430(q z6|jI&B#zTLj~M(RKmdXu#UaSr3FIdQeCdGW6pad7IRr-mB8+yxk<0vR5!tW)LIz1w zPX(J>Pr+5e#IOzj0TbSu4g_|(Qx5_Y#rBW(S3uwP+5QStcXYVF0^=4>_g7%q_VNA- zRNFk?&!Q1~(_^6lmL2jZUI6NdIIlIU6B8@=Eu8eP1ZX=xe^&3P-wwC@tp90^v;GR0 z8y)tWuywT22oq!64*Pw<5K?`$TxifI>9SfG&@`Or8lcU}B?#`$6TomlDI%}q32-_U zUH~0+iI65(5iwl>zyyh-M(HCkS&FLy;Z=xlLI7hn7ps76*zVL#z{Ip2KLLHO{Vd(* z~@ zCV^FV!=L076Suqwobo+3!-fWDf~qA=l%B={3a-5bVU<(=Q{tfXMWbCebEw|uHn8`E~rSZbralM|QP z*td56QXAuTPh)DM-QL;EDwMX98s$O2^%s?t09+$7;nQu|k$YXSnG*}6a9UM4jXJRAG;m^QhAo|R__(E8Xm zQc*Mc`0J>u8RQK$*7Fi%P4rd^ero_9wN5q!)Km}7bYG1&)>4culoj=3h@QfODa`1{ zWrJBqTh1W;Q)wQVmhm6b&-Oy4Ubf6ree)V6v8H-_Cn@%gz^6h|1I+8@rcwPJUxug} z7TUeTbtL&}ELMSD>j1wAvK4aO)~2S?wyt>Jd)83A&l!uV!>!~hHFmDDdQ+wFHVgZb zS^-yuelf6ZewL8}Tk|XddZI=b^pzR8Cg&L>O zZ@29k*|YihXV#6)h_E_1^&4=)HfSm3iNkt4u|*mxj{B;)qk@)iB<4$jFm=3`Jk*Y=?Ai2wDTwLc`MY|7>A^gKObGcJN?tXa#qm9h)CUkPuuw-0h?(+;&rak*n z$5+KuOXm(jQnHi5-w`Ww;`di8^Y3P7)pB?(C)Nh;D?j3G2oSq`J$jFbKV8-c0JOw0 zxPj8Qm4guXngU)XpnSU_&#-Mv_1#4qN|9{m6g-9Zt(}5bB;&RD9H;=wiIbi3M-gf+ z7gaiiu7IBr)WU$OFE5FB9HG?042#)*zi|4l4-S)!pgML;D$84MzP=TeUV3us(4aSN znu5J&wJA_lH^8r#oV5LW^|0%TO>k2@WpXnlmQiPh-=Kx~Gb^9=5BhKX7eY9V@RW7M z5-G-ch65PRz#PFy$WS>mJM#7g424}l#K4 vm4?H{k3#WO#J#mdj@Lk*4gv%{C zO<%;*DI)3~rs~v#e!t&W;(!7Olm?Z0GbHZ!!jlgh;JEa-LMY-rt5k;xVmAnds_RJ{ z(vFG_4G#KOVteTmAyY&L{9m!do^a?AK+Q&t7-ZXM4drm|tQoeHP6Z3nOGt8`s^Eu6iOkmi-1~Nd)-Seelb>7bh2QPcBbJ;P~~s(dEenczg8b zM0dwq!`aBt2{iUJ1e&ByM?qJDTQ6ZIWx|a@ChwARJwHrsBVm{5GhVe8!gr z0i6;|4_*mUrN12M;aP#cm{Y4BCCRA7Y%WK*gcgar#4cfW`kE~+q`s@C`**-0*0Am)&Ybc{7WoVJ@+rSUwPg2VjWx&};i7B5NvERVM2vh3wIVm$B4S}fn2z>dI zWX=5ZJgf6RIWx=_(FUnM#Z!_0ZSTomKL69<(|z1F;^+0Ui+a=3~DPzjKokQxqZ;3cd3|mshD=Dn0Bd{ zzL``^HbE%(DJ!_{TmIYEf01+94`8ORE5HT7>eEDm2!Li)iKrkUNbmwwwv4DJzwYqYvBmyflM45B)xn)UA@`B5;x> zOW~~CU#3{~+!b2VVGDrA`8X$;;6}UzFY~KCcF_kLfNaG&uKOPnEVdj@RwNl$rPavn z?oc0EUGO4aM6!#N#%Ny3YIVUIL{z|p1rc_exi7mkiYI~ZChR(i8I#9qqP7nrKSErc z;V@tri>uXifv-?kaNk3@SA8VyYv?9eYET}i5a#J#UQ8Pr6T}y95{L8;xwo~-f8I$w z#c|@zII-rA`8Q{Vo8VY2{|AGE{ll#M-`m?iINZtq`*>7xZ@`DO)$$i2yvf7XcWr`Z z=u^~geb<%>5#@jKQhqpVw_4v_4?z3s8FhTzgOT4O6X^D?2mDLh$n8rRLCl>K!BYNo z*@KiK!rHQw7P3YL;Fsw7ETSScZ&yq;`8Tf~Ge2mz9<^H6kZ60hcM%7Of*--JA0(Nd zTi>aGk$;^b)(L#dIyaEH^LD58U7O1%>xT$?*7xcF)%qt^1*X!^?5&zzi$9C;b z>sFGBBk9d+BR7o?ZO5{RaL60PAd6`wDdrc@>wy_kyA^_W(QV}>{I8zQ22ftY z{#Ee>!2vQ7uwIBs2Yv){_Bn52%8v0O@&okn!Xj4S}ozQ!1+$4_W++;-~G&i=oB836I zu3x@KWCC&}Z(FTt9J)ZxWe)n}li&asJ!Igq5)#g32N1#TzkawLIMTtK7w+U+t>AW) za`pl#pL1bwf5hpP*G`8&+WX7-$q&7efH8_EqU^(5!AGs{B(=_4%-;IJL)MXZSs!sx zrUv3dQOo~reaE%av223CEVk9ML7!XS>Ca*~vfrJf^Hb5mvS0#8yC`J~Ct-_aVO^RJ zW3D703SH{El-?f!j3N|z50h6NG2EX8X(?U_^Y)Rbf7??3xov%S+iHDB5dB%VMD)wA z_MRTa6Z9!M4L$VfVOt<*Kl&i53$AHWoAa%xEI5`|RSS(XiUOZKtPM!iZ$J9b0qstk zkEgW@uan+0mk$12be8S_(O+-HEp*XcVx;5H;|0aJPdfBD&PWDCjF3N--+%luvs5L6 z%t8JrPL9Nj2|@767!zJUKO00<#l@E-M$?C4R~Cm}2ebw7zg&x?K7401K`4|T+no#r zeEe?#3Mk3|{E4^C3Q_HtBv25k>mU}OoRhR@xI~m41wq2xM+B)D1sMq;CO3{*6f@qF z=1T8epwL6)6$%!Y%5K7`Yg;cecR*VjQ+mRC5C+Z?E`s(W!I^4$<>9|YH@_5vhjSc~ zAkImubJWFl@iFylP*&CpET){Dutyazswzu)!1&nRP@t*lFfS`V^NI${z$;>`11uP1VQNe7t@K-Y*Y*<1v^qUx02>i~*@ zGGQlbm6&~0vuetw08(&+f*_&a)WcHxv)WlT{bqTCev|p%V9L&>CjY-wsb}tU0;I2% zA8Qu|L06CeZj$@~CyAIPHwd6lkw{Mz1jZ~##!))o5VXM8$dkq`qf64$otb})LUl@i zr;|jiorPKQ7Ava$;d|%}_7d;V3x76e^y^HOIb%^*9)fm#6;^I5Q)MeN#Sa2BgTZ^P zG$lL9w%mmBhD2)n*Vfxm(DqP(7;4|9T5?)@mE4x1dRl7F3J!eso`ufvmO zvf!~YN{k~+*jNWJ+LAC=h{n?Fr~St>vQ>3SiAc-^=l{@ZeJ5;6!ykbawlj*5>+t@i zzxF>QbL8ar7>ZpQudGI{ZJH#FRU=!LgX#c3Wczy$pY{9C9+efmOv3Ftry+X}16}KR zzyJKvqt^W&#(jmS(*Dc0Y3mq$ji=)LZ-0O9NzVS;??2tyfA8ffwf`EXUelmEBXKCM zqIP}UV~7xOp4XH2QKhZ6UDE`-kqtNz&|JX2fYf)TyuIJ;rBKGsA)zQ299V=RW^?2d z;9^1$jd17*_nc*>MTh_wQluSy6hvO(B)&nE4Z0D*p5tO1 zbX~lNV7TNnqX{6S0G(f)z1#{Q8%1w&fIQ4(%4rYMxw?F%yG!|cFMQ7nP!(WKA>Zd{ z0{H}`E+#etZ|2MKQHe%$xa<5*%=vP@Q zJy#M>yTp^KJxuzGuu|G|V>ZzX9-=#Sn5hB%S!?;*9y6aN5y^!weGNOmz zWi}3F1R2**+Nt`kc9>s#RsG{U<@%p(=W#_BV|o2z923crHE>kufBn6~K~DcW7#uv^ z>3{d}7#=^v7SKl4p*)!Y;`Xk%MxxTaOHZGe1ViC0HSF~k%dX^z?iF2hIae%j=rhcv zkVCIsC%`TYhR^!X`aPBQz2%{ZOU}^sk$`B&lBMNqchsNsX+Hl$oV7VrC9eUs|U7^{U3L%yi7#DDpd%Hc_NwGA5h~UPK*m6f@lQ zeCl#&%hm%>^~j4m-q;r@pQb({G!5e~V#&=BK_aU;fN4sCcNee4O&$cjY}ejJuWDNL z!GLJ9;-loFANp*p``dU+84O*dcu+oF(XSHO*i=&gdG_vN{L8x+Cu4DGdi>_(^5XP( zG#;H?ygxlY8NWSxbCOk2zxKSmucw*(5Aix%!0P?qUS9v>#dq@m9-cqK{!jYdeeIt5 zb3V=HfBDJtDjZewzyCCU|Ksp*(BIAf`*`w-jgD0(W*{HtA$ZpBKNCOG{Io;xyx)Jm zo05P0r*i(6Iu6#yQ8oXc>>U*Ef9=-)dwGf*8=XT`ihxvy*K4y{j960mQh!avM!4sMPilOs{`Q{3ua-(A=7-TF3he4J$a-_!Oa z5D7_GQv^eRcC@kopZ#|*07#Ico^094w&IIKCV|0VFc=Jgc}Sv|_SAlzX0jcU_K0S* zETD7=`%V2*`Fcqw#n($Z(I3Aw#r{~&!uju7AKbBxh4a5#oB!Jf2b=l-I8QnLYS!ui zJv|t3-Y1z?oXqJNtq%ePA6EiZXyL#wX=1+NZ_jg%2}G~s91`{py4`Na24LLG=P&v+ z&VQ1o?TnIWOxF?sXum3vHy6SXKM>i6PfWS*EXk~8#xri5%Y*<2^^)U z|Dw6-+l=S^n2HhS5)%?95tx|GeTKQA1&?zq8c`FTy-1QrQWgQd;_;QLN|PZ=D8-0d zF-am3l9UGUOJQF*U?I?CM3PX4`9nZX99<_nngAw&j#GY3Gf_YmEp0YvV&jc<2-Go+ z7)C2{y2XUZ(R9}yPf838h@pctbxh1OheSHU9&s;c1Wb6I0Zk;!XeE0aOJK~BTvCOT z5Nyn1f&`R28!kFh#J0X%?QH6Jme5g|x z`~lXkM){8kwHQxCFuAkR=REV}|Mvdw^Zlv#uLs*3`TrPCG1N-MYZoC+d()BNQP0E7 z7(MV^5qN$IKhufc1j1pG`D?wg@33Pqy^jcg%fsU}zgTG_+ z%Xl`Hc^1z?@!iGCrO|tL@zMlkudakyo+K<8-XBlbqInj=Hh}9H8PlaPpHbiV_%_9f zwU_7(@#%}8v1$cyh6&!P)rSck*k5um_63tl^!93}<-;2Co zOt$xI;E=)n(lbUERXSAjq?+>)ONJLZd}34Q8~CP)bBYA4lItw4vPsL)@fp#XJn#!x zh64V_oJ<17{VDv1G4B)8h4Va)k28uaLt+u+LOU4F>yfGh?@Ym!x@Do;JQz3yRR1jh z&*);XS|?H>#5K>Ng`GGz1#6wa^XZwLu+Z<+3AYPNrC6Rn&oF_cZp0q=!%>kpX07wB zM5#8_e4J~3WwMoctzo{cob0+b?#JivF!Z?kyy7gxN;JakdUnH9_N`&k?R3Y}yn2^h z+OMZ61Qv(Kl3I zp$9q%{4(OADNlMuRG7SpCW*E?Cs&sXCasS`zXEScBB+U76$n%9H}|Y5$6Zw=yJRVt z67crr8_;F$+9OPer@*+0@U%p?3DEE~0Q+nc=N+A&uCK?7vvtj10V>UWU5h{i&#iwQ zSRzOE!!8F+God1l_Lmh#%VptyjD=xQpLFi;d-dwUmx#rExbMI`-eR$+FFMD3O~zC# z-{&k1mE0t2SQ;wumJpOv?a%B)X$liG7`g<;uB6h(V_gMIzRjZWQvI~{@YCHjm{j)X zy7j=+IeY!~q~~r0Fc*lbE~v?OM?#sCSf~A}q(&1hOn9pu^{FISf+Ug737TgVMnsHk z9rZO>BbAq3d8#>WzN(d{fu--Y^30&m<1I2xbIPSbqsF@k>&IJ97NNhtz0;_ zFCB}}-RrJE?#Ejt7NPxp(<%}3;o{xHOFmrR)}aKp#NtqGxf$_g1y%{`>ylP=>fTFK zHIe1<pFnoxgm*)$)~-A2hY2hm3mOY<@Q0VV&JzI6MF zp2quM8+5I~^tW@2smoTf23%zSv)!%7|J&Ky-Q52^%0p8251o9e2Uj~DNz>xbZqN<3 zy~?zE@>7}4SWP%>E^luln)n3-i)cu)7F>^5I6_mIF_A1JajXP^E+^nq+X%}xi*)on z%yup_G8nKBhFmw2@q9R{Ts0~*QXUBn-vb>G7B@Ue!nL6Wd}y>{cP?ca@95V(>vo7q zHU*UdJn=?+OnYv2FdN&@30m0Hg2zHdHCyre`r2(%0k}@vYUi&eU7p6AM543P-TtA| z-RW%a?|j!r_$MHm%YSVazS07)!2V}vXDa^B&hzIR z`_D&twyeB^b{q8m%ewsO1EE}tP~!^XRUO2=Er@78AC{H%-$RxRjj0G8M8#AIW&JP7 zBpVPV^GSwjP-1qe+e$O4+CX0@lRvJp7Wl3I*h9j`u8v_pHh^npKdPOAv72(I>SI}3yctx=h0+=(pkNh$G(j`KY?+=Lma}nbXk$x$L$iu< zI{z2aO8=@DvXI1Sv@G6()4>^+CIeCfWJyr=sNJCYIkO*<40|9(q`f~F9Q?4izpa^9 zgDNs}A%QKcSXg?Di%IW6$xb~(BYiYr-QMb8r%o7DJ7&{cG+h)iKy*pG(6fgDdJjFj zmC7EwsSQ)0-ohRpH&|{yO_)@b)&Iw~(-=*NC5oAi9-q;OWvIDZ72RB0*T@xk1=MCH zS6^0T^x1q~f%f3M-e!qCvY2lF0hr!_ehirqz(v3chc_a^njWwrA+f` zK&D2w_I*9VY!=Wp4K=3NXJOkkQw+C1xB2ysbaNXkkM|GZ_xn3Ld;4mNZtth%y3$C2mP3emT?))cnoPw5~>K3CpwpeU{}bjmA>{2_MYRcUy?<}A{cWWh7eEB z)o;r#wvgTWl)n8f@KGu%wORe4HzYpr41Dz1ACrU(Y32uTiY`-dO%iFz>6U2W*M!

h787?FvzIhztRlc z%m_|_09_d~i=+8#U1(Nko54l5F_U!D$o@Ty(1#Z!L|R8B>2lKQosMRpT$aQ!BN7+Q#`H7*A+anfz!NwytiPb;Nd1 zUpDxgyV*y6RzCliCew}Ryw@j)B9Q6)tAGXP|J}Xqdi?LbgH8Uo$9X<~ZrhV!zwwfk zq^Zsr1nt{f@AGE}F0}B&yh(6-+itueRB)+UX>M;lZ($=wLbPp8$VYE*@NxAfgL*-| z4&2@b;woGb9~AnIz_ysQl^mrXA<&tgf+_w^Sqm%)<2+g{QUisM1Et=6=b2JO zWvQxHv{WDvvB7|5G?Aqu+EQC;CLrZPFca-XX<zH|NyYDKc zfuj=!MV+}4Xr6|CQ=ro*OjjI|>RDo-?+i6=07jl#4E0CAPx@o^OYJVXM6_^rciU2z|G1P0+&s~FAy}>r;a`X(U2T%gM z2Mx-LSK*T38|OXr4k2bjLi1Of+`szvyZN1(p54LI6249>*~BoFn|+6bOJEd$I|hbK z<)9~A!gqQ{>Q;OD6w6In1Qac6Tq`ZzK%TIVx;r+-hnl?ZY)}Z?a{$c(Ec3MVa0|wS zCBB{7--K1JR3jO&P=a4$SHB>3({;w}t+7`t7NMeLO_(0|3k7q1%6&JcnIc>rMdX8y zBkPvAe7L>sEmK31A>7{jP^fcg z=b3jwWu7Gh2>kQt)k{qgTDNivyeUPk5$PG0Q{^VJLhxC3R;Fx0-YQ9_G}k#@&~{;W z!Csq$ErGZ(MOzx@FMSU4rJj47|LJ($D7T93eV<{#$Etbo0{@SlZug*i{WiuHW$8taB+Y?tTyYbigxeWJX32yOutO&BKt=h(@b*zp|LsX^`=lUeJMw zYyNlb{yLLmJ%A~OU6ntlk2y7SioB0rPFmH_%@~8bBhAa6a|gDDx!~kqnP%9jla<>| z!u&t&v*z``F*Ve}_5Yx@{_h+--`(W@eU#@h*Z;dO{Idk>X4U_)tNz|sxa#LIH4Cj> z^#$&}Ni=3cv8_2OaoJUE!S(TyJxfqE=H0OgTjh#oeO-J=rQZTy+aIc5DUspGZ~1u| z;TvC5M%S#P*NlR&$KLhE%2rIXD>X*aR5Ul}BtUEKVfC=$ON+0~bI)fz>%Tq^o8=R{ z*#CF8w*Eig-+8`S{~zPI-}+y!^2h_lA zlA#F;)q)YfrdKp;S$Ca0%X9)E?FOO{NI39Z7P)ZvC$#OSnQ`t8NurJY2|Uq>d_ZZ| zPh13T6cr{)mxqDlhh=Y)jFYFJ658~WCd8ZLi_`PBFHSEG{ck@1c=YC{_itXmyEs1i zw)5=P*G1IF593QE;-MXV&@aOX{BK^IUYIg!C`%Ix8$7^F7aEQ@_!uI{#uaF3hYUq~ zV{zXe%;>1kL?-x_jSO3uW{pv_I{4e}HyEuc4jrhze+{!lq7J zI+j4?hf6v!?@QXM_fa-!XL)iM#!Shp;sXbz z8Np4_E26p#?E$pCCPLJ_DvckCaosum&?kaE--Grwbj@ggFePMVT;`exDvW%%0YM}1 zMd!EQe*5P5=>3oH&R)Dc>3m}w>kR#7w2dS{GogmLZz709Eeu;YR{&T@*4CtYH#$?S zqiFk7imfJ@hK>^h`1M!#3$(2igWrGuFU5$7sdoO$3;(}hz?{;i;34?I?BY$baSPsI z+O>#E9j-(P`*KGGBZ|uji3Nu-!Kf!pz%|b>%Z{@~2NoMk`XQBWZt5jwK~(|q7qGqV zqhZ)aDXs<*eS>QQ*~qK_^b?cN)r{d}`EKNqrNLUVFDqJJC}PeMEt=A{&AW@0xpZBA ze%H`?WhSq2k3DuL?-Iz)u!&tBV?BHxfR*lcCjN>mnLZgX_K@%U3@zGl(F5%{IZh=U zLc%NM#t|HXStIn(!^ii|B6Db8=t@ke9^_1nX!IV9*AF2|JcC7)7$lD25YAp|73VD+ z!aJGKaHL_pghTj=#aA>F`5524hC?Szwtn>v4&ep8($LP}aItnjPiyc>GU1x3u{2je zM==JEfkXHki6!<**b2o9Q{~0kn_zog*q8-eLpCS2a`H2soa+2tjAn z64B^qTT83DN4Xp|(CM&BrG+b+Wm0#KI`7=CbG5DefScHPb50xhID6YwF6`#bMhBF2 z?VCL}by>S9zVD{;d%JYkHkNDItrfuSmc$aR4O&0aSG)&|p15bdNm;-8wjc}JLxDEu6 z5uu}9nryPwcmQmG3Ag1)RT*+B;5y^UP#Z-#K?j1O`C7ODzrkF;8a=@!&Z^u#$2BFG z0*nNFL*pWrjD5yLhNF{DX-07pi|XLFwXb&dh{jISz)3A;_ z1^55EyZd$j--Dflz0LXmV?6ge|L-f|T;BEnAMZDu|2I0}HJ#KO%lEaN`j-IzB!~ZZ zI^^HE>mk2k9i_Ec-Z8;oZ*OZC02Q0-bzKFBl!l5BRwDHpb##}P?#53J7u}VUz9w#( zrS)4p!x0THMLzCm#jS$icWK5F3Eu>74b6ieiJ<31j=*oe5B8s8+j`S4^6}bOpy-BW z11L8L#;EdajrNqwdqGyb6~UD1rKvH zvb1eFf#Tk)mx9U}HT+!AOv?@zpTNF`NsrL(_?#&1# zsCez^4CD=>6>H>`P%67Nw}Gj+L6+@xvK3WD*gB$&38rXTA5zt-niMmXDYRpCm8g3y z=wEype~2Tnb*f8C_NpNuB)C3Ff#w6ffBu(HWBU2?4DPrA$^TFAq@1fa@G<8SX|J=N zS1DhIy(am8kM+M6X>qn5uxS6cbFedI|FO66|9q5Znf+gpA7#$=Z%SeX+W^ zZRFy^$;BoqBx6yCJL4Et3Gz5ImrzwDF}_oat6tJcrRwHbZ_Uq|Y);!pruCQ5y3 z4@E%xBbh*cu1&#Gc?K-yHBT;G4YQv&Y?pJ-Pg_Jeh_A6oOwXdfw&6&&AR(X zeb%x5&yW7IF#gY8ceft@@A=NbX8nJZrt57N#U9n9tuTIir~969jHr0pD;z z<3Lr?k#+Qtr#zEBe0%FFkZXpAR|wzU`Ulx4 z?re8==lAsWi}ydhe)IPI*~!~qUSIq?qr<_Ql!n1iT*xyjF{DWankEVT2;VjJBWB4Z z%_1#g75@HH@XcD}H>36P^z7%8i$?NeYMAov7FW-5^MhRGn5^B9dJa{OUc5RzySprL z=tH70OO}-xbL&~c?rs0D-ALH!cY=m_#w03G^pkYuFNtG*eQwj(pNNpeh)fR#qzsq? z7#1NVeHJsx>VDWHil!a2&raTI@-=?BIQqqTU!>8Grkk~?mM%D#|I1>ko!_TsSC%J7 z;*2M%SOXCC^_`$u&jbT1=%N&`^NbHzT#M(RkDV`ce*PEwrnx9kPuydltsL>betfz|=P_}nA=vPAz=g3M&imY9=TCZkRc2((BO~ZI+(KnUu zN>8~;E;NT^&5=81}4yL-p_Vh{aR~ zfBVh9$diO6!{7Y>f{25NDNSKp{Z6Q}N!ut4e>R1o<_^>b%m-ezn#RKx6>9bZG4=@4O+;e=nyiBml{`VsBz z&v|rOJx+pOtLTq4E&7h3k;g*$Z3ua`&WvBFX#?k4VyMrTm5>d0q~e3eg_u+GaU()F@V*4QJy<}A2IG>Za1x~o zWVdseZbh2-`XbMCXn1sCW+B*q!H`N}V+qg*L(ZoxycCe9Kp>&lMb3#4kuW9`7?CRq zeM*xe_e=zN$`ded!ex}*j9xJ<>nfp~FU;%J3BNE7#@**7)S_s7C6O*_!~Y<`E|zFx z#n2qn*#W9Y7#WpSR9y?n`?fKC^Pup*_laCx0hl_BtF8Boj^vt)*AM3AAI&wxXg;88 zIy;$?;Gq2OX6V}#uC{z?h-I&K~{}rGiv;2Z#5q(y5ODsf>8X|{DI6-Xh_xz3mcb+&_QXNJFtvk=2gc>(1=nNjFT<(}$#M2kd^CF)GT6J6y=B`(9- zBQLu7T$*#atn5>46o)eX%R-M*Q`Gehbz}9}vF6zVsa9d(rwa-j=6KqOa;16q@_Z_3 z%{mj-G$*TBB~eW+NzE5bP;=+xG!K%PW@b{F*$HV@N=7p~5lvGPn%N0x<|Ln4ka(t& zbY@1vnM$&m8Hr{pNoJZ8%uFShX*5r9lFBqElv$8WW|K%}^=A$Gzn#Q09l#dG|LE@3 z{lE5}Z*TPf$9U%4|I7>Y_y@YI`J>#p%u^Ta39nl0%|NxM)6=CHmptTg58fW1n|G3A zLn_bRqSZ^AJ6}8$2O1kW{RN+u<$o}u@mMQ_%eJvV{&)8e>iHjbp6_k${~zVqf^#Az z%@Q zNfLQmkkFydVf(wUyZ&O^#7f8@L&64H0-E6C!_B)rU17_gWM?^z(O zQ}0>OCzsx{K#o)I+5hit!9PgGcrM`d#fk9LK2*&HFJKWR9bGQt|MG$>5%P$3yqG1D zX79BouMdqw*6~c#VdGQwrH3A$mFNG($au|Bv!) zH7jM_Uw$ogzi!YCwzq%(&bkY-@h}i0M&k&zu0Dx|v||Aw2j2Kfw{_t*O9ng}Bcqe} zuR=~@dN_!QY>SUM$>>w~%dbaiT5V!M3uSrT$ig-}?W=VX36B%~x@U9qe*h(usSG^t*|VScn5JY%d(WQ1e>XUIV(#;Q zFd<3f^!^{u+uDLxgxR}f&$~hEQn-PWF<~*>z`HDl8}A0%?RFdVfA$Bye^Vd}FY`2y za{+HD8N&_yH&4aioW6v7{6BC5aD%PtEr@FHXN>yxc9N=QjYU8H5@E(tq|=RegYD{n z?SGYD_?LGB&cX6|MwN~XH^4E?INZR8&puus`@PS8d4uft{L{f1m**K3G?9MGFK)(r zNgl`QZ+pS*_x!R?o#MW{Ejf>c-|{6H`aOR;*bBP;t*U5_K2(b_8#9T&!ZcT8W1re?qme5evpA!Z7phM_8{f+W$m{qvhBV)VKVBrH}?i^$ZrGdfzT1{=(W zE6K2mvmPl0_U(v*`rHH+f$Ee;H_+!?&5RG|&7x|a;MCOLhb$QeT64N)aSSn4^Irc; z6jDS96_W8hi6CZ|S|-@R`xoyE<2{|pk!n3ryE!`vtPpUJkXi2F&@nD|jwN_?OlNFG zt8)aI>O>WBH@ZNgh(;g@kT@>S^Z-*Fl=kPNQViD{)cfg~ZRwMRdo|M-LVUWtzhmim z0uddsgn}EF9L2WbRRkx3#ukh{6x=|}1j7FH_X=zhMTU74IAi@Iw22wXDCB}h)1WWr zFn$4=U(qaMksfB2PK09j-=*IBZQ2i&`a2j5qZ~SXTR$HS;ZUT*X@n_s%R)%w}}T zj7BU&E!C)_YVzv!L~&}FWUJcQhhf5si|!p6u@TxDc(JbTJm6>>4>PHMT+)fDZ)^^FpM5+%S1&b#yfUhsF{jdtJnENy3g)0mDNWq450Du= z(|osHWfV;!+*t5y5F?()5z^d}SXKTj{73~V8j>qr15S9>00dHdKZiwh&r7DE=Fd0sWDo>2t|@3KH5UTwp=q! z=u^m(jEa;ef?XL-To6jOLX(08%|}}@7XVVB5E-!eWC6~K=&tXQtn$x>q2-i~b?tqKZ8oiC+I%eB>Pl_qU! z>}pt?YNW48BJG@YOSJH7Lai7gZHzNe+Syle;oQF;??> zgGmz_J2DHad$8v+80lOLO&F;!kAO+lY;u-B06s9Q1p03ojknaEXd9alj3+dz5Hli@ ztgRnr+NoZA9XCDA&+7L-ltg11jH6)4WjZ_QpYtrV|2e4N|LpGWZ{j~c%Jcbi;VKJ0 zj(ea-ytIy~e~-#zcvHwb&a+Hua{Bb`%7kfS0zNdU4( zMKGh*8+|5fOK)w#gkg?uMqkTCGBFWu`s}wdes89tkD8LiL9yKomZK zp-srgW12(`d76d_KRKjr8`_>~dU&4s0fUT>jhc<_UwCh?8pWH4!r*tncFaE0Mr8jbP0kA diff --git a/assets/stackstate/stackstate-k8s-agent-1.0.98.tgz b/assets/stackstate/stackstate-k8s-agent-1.0.98.tgz deleted file mode 100644 index 6138b10586cec1dba7309e1578e96a9f4a73ee7b..0000000000000000000000000000000000000000 GIT binary patch literal 0 HcmV?d00001 literal 34913 zcmV)&K#ad1iwG0|00000|0w_~VMtOiV@ORlOnEsqVl!4SWK%V1T2nbTPgYhoO;>Dc zVQyr3R8em|NM&qo0POvJf7>?FC=6f!R-Xco(tVm_B}(#3UUYBw+>Yb6zM8~7mXkeu zx;Y9&LK16=U;)sMHu3rF_YZF*NP;3M$xhN0_qUBj0y6_(Fc=I5Gn7I1iZaMh_v#t# z!Wjx#?|2RgbCz%s{MR;~e!t&;a&RF2?f3ine+T<}PycIh@U*|z@9#b7@BLSQa5&iC z`!CSn3igU8rVNt*>TirI-?(q&fnkUlWIhh*umyk%84U2uaUo*?a(vu#5n=w+N8S)b zkgyODYcbEKQ2>|S5H8RVj5t?~I9Guq&QaDXSMdaOuMwd>4u{}}zyCOJ2G5;-xBr8+ zI6(n|6e$cgzHPzCf2ZMH@3mkQB|rC_zSD1cC_d04oU!N^1U*Df z!{3q1F!=|X%rU-d0U*)w65Y8d()CrD761fAnEDKpr7S{+z1|!J3nwMd@o@`)q?vuE z?+gZ<5Q1FDc(*bVqn3xLOZA9nZqmxKM`et&py=DYzu(>ogB6c; z{$Il&Ms#Zm;OhDRv_Cl5%g_J)r-R-6zmMmE?P)y#KZ_X_fNMy6I0+C14_fxJtyzF4 zFyPuF`p5`839tFz06YNli=$sVI6@)lcEJgM0mLs9Ui$=x3luT~7sEh`9pHxyg9v-n z5ioh3A^3D#f`B5IAeN#~ziT4_*FFRgd>Dy(9{`^4?-I3yrI076{RNz%^Ee1(70Pkz zKYPF>$U`CXVL(BMkcT{>(79OYKtNOn1kHTP$dV(<0~~_i-dhnK8?d`w@U!?FEP;on zeuy%tInF2!0zaHd_%wsbfTWri5&UtP8%6QXiAlh*o%0_8E(`*|2%JuRm-ncl1oGN3 z35KBEHXA^%{AfgjcQEihvGEYY74k6wETG^z{V*kX0o=fsJBUKXA(+B|qE;)<3a{V< z$zG9c5Xj%q;{(8;pqU_wW8xypdx|e5V6qgN_B>I(HAhQu`H>f&j?(Q@iq6<`DQtfT!Yb0mx~Y<;5U80Mj@KR)Wz5a-j0{1i01%z#y3+ zHd<1K797^4_zliRYTx2h;GrnMOEL8xMwn8ckF#80h9L06_~WCN31$e|;%&Rtf`O1K zf=@Lw!az*{M^74ocaCyXiSuGik(|2vkH020JSr{}C%bBp+XjVCBT?DEy<9U}g8X+gQfF}Q)Dc*m=ND_KXb`@EKt zu^M$AW@g1V=JOo6SM(Cjjv?{<5C%RI=mUJy0hqXRL>Yk$6D~^T{%r1mGxKeLu2I03 zYRZM=n6GplQBJ;7w#{)O3`7YoEiHJ58H5E&#RLT1u9US?-@@4Py@QQ4`UnI*WqeXg zjg)G^#QB%a2}0lsEh+fG3H#6iAGkpL0AT2W4<2OjLkDo~@~2C&HuwSJ1u0*UQaKEkkANb|Lm`N%Ske-KC&^yGNGj@yrtsVQd?!T2$3iFt zkkU6?+YlP1d-s(Nl6_OsH{hzqN`?of7} zsk|$RmyvhIE-FucT2IXvy}{DfUQX)^NRh>Gp^K!XnMUH&8elzNYC;WzeAxsq)lMN# z34^ng1O{hA&~^`82wgO7H$fA{L2!-(-(9Z4#!G=n6iczDRfpho`UbOef@s=GyNp;# zQigr1bV{i8$&_ETY74p`J#b7=7nJ%+dQf;Rv=Ptqxt0cl63d$2d`cn`FfEPuIx*o@ zAPn&AmC((UE*aq2jB6d&h)g(>Ej!XL(aPN=U#q1&Sl@X#clb$}mEaR=N$5_SM0 z1d|SMiO+l&1|6X!;ptS9^MG&t`0kV<*5O?ffC+T3gc>_nmJ6Cgum<)pGN5(tj0sO6ePo>`>V({kxmjmeN$R!L=FAonsNouEHrMAvGs zu4-*@^0A3pRR>vlqirbd>QmrfqYzPgPVl6z@Xge*%=(xL{>v1TI}xWiwbkCRG1@8g zgP5SpIYD%e1A+fT{^f^cqU*|B{7g_vN4~}o?5{(OANqU)@)8AbIYKTDJz;JAV0m9n zlcmxS3=Y?!D?-G_o=H*WO*Ji<;_FgDW0#Bk>{#VrR@0KNF$9BksA2vB;h347l6_T8 zNw)kD940apdVbUCl&w@gpR(n)FrjjY8_uYt_SU9Uj-IvVR4G*(O{yGawP#f+HET|* z932hkRVg)VPplk04Q5s;EybxNKG}5B64Dy!q*-k=f#S5vXH{XJlAcdtsduyFut(bA zLjVJYNC;Va{9~vc>gcDc%QNk=ZGg^Yfo`rX8}Ec76Yd&R<~ByrN-}NRB#55EgDI@s zCRuQ2cT1~#Xq`P%JsxbfDJkioCYzHC{y)zirA}-4k9RnT7w7^(?<@?&$m??@l$?zA z=9seNP>jnXfO+BED3ojwi&&J5*uriq)0~YqRf84QwAu*Q+gtV5-CLCqv+fpalMdK; zr?vM?c0$G!hsd?>BJC9LYdk?DL<~`&zhsOPEui09&RpdOhbhTTwu~C*~VHM;Gwp+YnwuKj6#L5DfbLJeB;f5ekI&EvJ$5 zlJ;d1wqfi6NU1*)OC6`mtRdZovJe>#5J?&9GWoe0tWnK&o(HE>uK$aEJkozt#F!t> z%0TKmno7kg&~;zM7Sh~#{XZj?oBvY2|zZ;LfQ}< z^!xpO-G-gXt1M#d*J&R%>fdQI?S$&qYL|r5knvIhwX$foNXkG3XF%wVYOR$8c?JP z9*cR^?FvmZfMk}?LY4bvZs6oaNzI$G`Y|R*I5tt`+2r|@5q}ah#P_DaL&C!sdEf?< zE54p8dQBqoho!Y!BK4~ydI@Jm$8?5u*GV=^{lxjkpYQ5p63SZ&#ywEOmh<2NIAvfC zsdVDTTz}^bP8o?^7L!EleDDC6lo+o8_?t#M`1>&3(J80Z2zwpFm%Af0kPbl1bxarl z{7t~;ApXYSZ18suLynRD0(?nk%FdD|(O6YU70I^NhG@BV0s*XbUy&%=OfDIWR#k zULY#IkJImC^*u4*m?LN!tN19T^Pa1;Q8eWLN#F5d%M|%H4$)Bj*L=$mTnxp3Tg`dh zP^9w=Z|dzEaQzx=Um)r(ct1sAodD)%%PdGgH=PP;&BpT~ty+Il7=(UZGov`jdU~YY ze37>u)>*xD%Rp~HEkRMBT)X+Ufbi0_XuU`)9;X$Z#0+c$y8)dM_B@}GSj1tN#NG^* zsMlF4&$0J1srEuv(=^&ZZa^Vrn7|nlPSUkFa3m`n%L$QX3zi_+al zmLzG}2S;fo2fU@qkgfDyq-CF(mCMm2*Nvm%_ zL*hMOhX#4v@)|~|j+#{8fCdzL5%%ki;fXHmfYT{RYeIr_4Uew~p}BC~;P3}&%o1A) ztoP*rf|0V;@j=I2MV~_^O?Z5t#**!X!n4U7Pk2i5P^}4`)XA}70oWD^a|7rv)}iiL zRCK^gQCeORK@`dBi6LenK+GH#Jqm?Z0(~u-&CyZ}t(9tWOM&UZxlT(3&fVBE1G$eXvEh5s=2^Hz9%~$N2eW8|Vvoj0;8!dN`p=lh{ zq+_Itn}nDkHlV~0X9U$;b5C_yO+!+7lNEyC@OM0^wLTCW{x_batAnb#0rr}hO{^PY z)LWK6V$5JYCX^Nar>NlMTm>YU)QzA(jQwJsw3?P~6~s+FS;lc8Lo-Z#$s)({g7N}J zk+^fmcesXyO4I=aL5f3=-Qmhl3fj^E$0=NOFgpZC0V0fcz>&-RYoGaucEGW?S4=zL zjLi|DdhC4(7 zYZ$GjEh*+K;K!GcL491KZ`43>E0J@BJBI|i!c?daZ#>8#hzO1lVN2mBlWJ6&xHL9{ zu|ZFpH%IPOdXTFrD6!oC39obJoF+02)_wsICc+{w`BL3k7Gi>Ea%hc+c^?~0 zkT7YU<-FN%ACnp;@#S9j8#tKD=FCM-i6&cd?mgu+^{Hf z0$+)D!@Cq#XYV}1m5x=mOPkexRv83!FZ(cH$6|b0biu0H>Ag#sv`G zv{H{do5r;Tr@Jg^kzF6v=No)CKKCpRaKCt;_N>P(JH_G~(7sjly zTe)lOxmDR&XdFP!56b9L&nejv~Ob z)GhV_NPe!|I$b>z;g!TanA8Md-#(=fzxdwCB&M!1lhmlzU@}{?6w|i%Wf8#(2K}G} zQKJpmp7Y#!);*jIo<4^Nl|a0M9ax0~PAOPh{0{ar@^=Nq#=>{-e6L*i+7PWFdH1S_ z-$d*Vk~lLa?63JIMM~wiR)!SfHkXAI>fPO>Fa+w>l)5^1C}fB{W34b=tXwTf97>zA zRvl$U;D=(}iXi6~5$>4lf5_uB6xNbVG))up7mKHv-B4P>X_{2l38*PG>h*$Ynz$N< z)0Ai%hSJR4G0zgPtzbu1#YG-J5OPzZsJ>M6jus~(nspr z#4{^hy=? z+;JnnDg(jq%5zZ!5RjA_Z>jGg7ZRC?sa4Dsv!dySD`A}mw_53LM7GPw=C^<$oT0Ou zFq7V@kkr8wj{P#V!`!DvJ|p4fFOnT;|7_9xB^JRb^5D(v5@tS7nbbv;(fZOGBTJDw z#>i|pxzurye~kz@IzQz*PmVATDM?OMz;+b*zoMlq`709a%K!1hwJ_$O4MCeS+J%wd zy+X?p3Y0tBQOxF-_zH#1Xh}|7V>Snj*H5V_g{n>3n_L!y)mIl8j9(5ADh>IX;(elvj zCHX~M-zg#F*S9ZDF5aA6o{YfptGA=elMC?X==F)F$>br!H&=IEdbM0C6*|3>GVVze zkjhhAP9D^~EVX=m?RyA7IV8L{8wGP=ev5M{N>8A)zTI!El#-^Q(SV z<^SZ$^8z}*QygxDqay$B{{CJ*|L>D0`-i*ypZD>6Y5~yxUXFBo2--TWFCX--VgO8L zJ&(XC>+SUi&%6ESJypIVD*K*UF_Q|or|xwN9+Jhm{>#ft{aC(JL3P?(zmtW07Kl>$ zwC84ObjhU>f(oI;DfvwZ!*)tXTi!Kqo8A{(KE4+<)ja?oQI5V)SHH7UF5VY#o7j?K z0JLKg=*`soq_zdWcrRDL%sYbyDaO;-i?^L3=8~#8@(WF9^YyI#KJ&eVNbyY+&%Z5_ z+R1;9AY+JxyvYCg4R-(C?>>M3Q2p_*e|7)$FX#PZ{r=JS?M(ICEVOpA^wl6F3#euL z`!+XdbqAqk{(Ea zR@w;b`&-M~;=BBt+d309JL6jX|F=7hv%zE4{}@_C0c42w#+eH|-C`VeSBGtXnG$WRO%%Ue#*3GUKL= zmM?5|ySeN4*}l%jZBieN_*m*qSwO0Eq81`7CF5a+IZ`hRp@Yn3ZY+;DEPCZf<3O17 z$4EzYO%Ka+og~jw#*mJg5ti=Lr{=U|f=qq}4F3}@0`M95p~v^m&ooBkplcgwi}C(S zaO;NiW#mgQe7i?HmHMA{3zMJfsC$KHwf;AFvN!1G^uNJ=f3Va4?&Hbmf7!8?>Yh{) zhC($`j*2-^34_3yL*k*(a2ytrCh(`oUAlof9*GDVF`R_VgW;M2z~?Y z-oy`kbl&cOcGu;gV;l+(J!3|(qr;M<&bIv2i)HF3=!ERhwkm|ut`k@ zXW;g>t%*H1yf52L;27SX5*!MzhiVzBXuLE*o`l!D;h#aMMEOBhdmMt%UgarE=ao6GULlZ(;m*_$kqrkwH_ za0LtHM}|{3KEF6S&NU&;&eSfJAN_M=El!uTT{056@?6tt7rOK4{Pp z*1Y>r(mDxo>YRu~;hm$)qsx7AO}81?|7s20N*%=gq3|AN_iIK7M!f>h$H& z<%z~(nY4D6JpSe6_}9_+^62OB@zKT0(>F)2PA~siXDZq*bX1JC<>Hg2K_~y~^5STG zeD>z2)1SxcjQ%1&!IDk41lq3Z{a;RwUS0k&K0mv-%t1OlJUlG+%d3;4mnRqFlUFCl zmj&6>7Ct)JO0Uj-9=|$ycT${)HN;rrZv8n)uTiXJ6e?wguY-y=Czt;?yZCi{d2w`n z`sU{bGOy$g)(Twb7iX7e$7ip`r*B5*a6?=aId8|OZ!S+R-W`>XcD=MWt1-S&y}BKgNy3^M{ksK>`hr~T(cIEf zY8TU^(JL*gZ3+)2NtV?m*mzG%cQ!9L%tExzLMCzLX0c9R<^!49gohAe?7SzpC4WR(q!&d zp|KkebK@$UT7^rRogx3%KgYjZUY?Ii2`j)^&EN{&+TbjW5(Y}}{S{hv!1pp4lyMfK z0HTkKz?1OW!4V4cw0-&{s_WM#T?*i~sZfrhwdlxhqo{Te&26O;2&>t88V7-J6G<6b zK38a2AfRzGSFA87yxwlNSI|CAqgFu{-U}5e(Q|zY`%V<*OuO zX7O57O=V~GeM!}H>#e7C5ZEqaDIB>gPU}F=-m%g)_`)5gbwC$xQz_{A%S!9O&Rv*F z_-hSjE4k7qpx7=1-Z#5dT?pKq-)h|a+l1j(-s;KhJrajK zm-txx$KeI-pc81CIIjw5QqcIb27)W8X78XfL0rk=X6_D^XA^}|Pm9|d-%#iBXI>c%m|L7V#Bo2xHqLe zS*Dy}%cfZ-#z-<_r9N1*g2A*?f7aC>yK=VMCSxS0mpJGNrSVh=_(`tNXW_~KT?E>_ zHfWFAx3}Ybt<@9M_)+^BBYu+7Hkyb1k35;SqgH5gCHMykd$aH@h%`6F(3h zp;`-oo;-a!diAQUJUKP(7Z|gj`~cA(JofYd%vfjr05YFieCuDaL&?}D^{Kc#P%j+DZvd$B zSl(K_$?3cWfIg)E^vMu}cj{blx2?##NHp>~us|+2A0*og%NF5D|H=N&KjF{epHRYO z6=!#sXXE3uH>0yx)u*?2>)9YmpIq93Bj#@82eI=j_*458ta%8XnK57bMEq`u*&U2G z>-gP~`28P=|9tlPOOmzU?`(dE(QX#C>s zPd}Ypj7O*cyIg*)#5iXx8ZpS|i+DOkL}bFNLVfmvi+FJizaOWGBu zRzcT8lXzA@K$o;93-rb zezb;I#mQQogSiLb9|+9hH3BeHq+@XtRxA%MPe**69=|yMY5d=(m*ZcKE?%Cz0gO|A zLwqJKP6<$sjNIr`0D&AY6_gW9V#a6S4N?IfF^E-&MxS-~Yk{53kw(lgSimbJ;R-Z- z)pv4jZL}5QKi&z+aG?NXr&a_hz3~big_zqjKJAV$cSo2T9bx99OMLq$m{sS0a}-2; zHnOPkwcq5ay#KqOJO3LzJ=}Y;JO8_n=hLU&V{q*+hFsi>q$_M0p&u8#TiiJsg2z3< z=e@_RlaG;(J{lT3WzkGOCV~s zqbi`Gc;}~aW<`)($QNWzyrQ;VKc{<=Zc!}jk4g9HGNlD-^*UM!NR@HGjRg(XB7MMjJ$$H%>z`)*^; zJx9U9q4S>Th#FN@hl#pH{5njO^|&jUOtL4BqDXh96_y%g393-V*o7NfMG=aOlkRmV z%PdVJmEpiXFqxdo@}_9KFoVC;W-nQ_EA>y>=J@o>9#yGfjZS|kI1qgATq;Gvc>yUB z8|JnuFC2*4kAyvd&f(tS6HZ&UA7nF(5U_7AUV&*G%Dl1lXwO?VB@Y7@1-8?{m`DqS zZB%OXlTI#{sP9SFS>UKqO z5Ome@X)5=P&L_GC6zk|G^Fan+1}}xx6r76Lkua&sCjUlc=tR89P#6nkPl9wl8MX{qlr63BR9|A}ST=K2DWOmvCE?z{C`I7+2LmtRCn?B<^ zRk`<|a?hW#b*8C5@|`p1nataVO(j590GI=${(AH%Gi^1O+J4!4sk z{eK3|;Go-Y1LxQ{sd9deCrFupoS%KBEkPVk*5-q0)@nIH3_A8AD|C6@Fs`-#^XT;} zx!wzhnKi6HroWAmZ8PnHjLS$#Y2E*cH%Psqv9+L)!OPny`s8lW=4*5*D_K8=!PGwD{cT(>Lav zk5W&m(#rX4jCK=Uv#}_@gpePa>_v&Ax0k<+FVB8GdGl3|RWXU<{SRAt3d`yN{L&|* z{~1rk`G3~bCP$Ot08RYR^TS!aYrqxxUj}>oPxJX-_6JXQ=l}QdtT5jiH^*S)ztaa< zWCC50)D#o{-%w@*cqY%f2CXYU^oBr9`wJYP7m`t03&fxY8RTLz6*`5hWCpvnbY_Ga z7Dj!Z=%fh;4nQ5-m`yLp0}+lzg(Eo^FCrYGkPShOYBP;^GYT?lRh|q!?UaKujQpPo zj-wTW(E^|_7Aw2ni0@8gkuZ%8TU`T{$SEsfs$<6^nOD8Zh=w}dOtG|hy;}tC`DrBo zGe<4;aa76wLH{5h|6%`dm;d!%9%G-rY7MA)yl1Wx>1rU#y@t_l5!iSUkiGY*;6Pk4 zE}*u*?+|?Ex;oYQq~(ho5Ra0e;1R#rJGv8 z$t&mNl8*WlV85+iemRRj43UK&ilP6RKo^~7qbBbi^ljIfL3%6IUs1jh<9c%MBSbjlPa4yPd~W?diu#G($mjfC)6_=mtg@x zk`Cgg%d8j5ZP3qxt&XuKAIl|w`PkyE8DGkxu4S=XVy_u!w-JFYi_aE^ErYOHI-twKJrz5unDs5&S4J|aV&zq#(n`s!5im`2W$mzORiv#Bo>m~WI)s|0a4Uh- z^3%vVWh&| zZCM~`sYjFv0g|h1}d`lcP?B}8DmsM8CnHBm z=|W{;kL0sy@FV%yLLjZ^5KCqx{p3>C=*O12Ci!MdVWXdwscbS*u2!lf{Zyr}DTllw zWlhqc($qEOV6CZY5*ApMvZfqnS&AC{tVmT;4%C*KMnAS3MqivUY9=*WhcoJDGit^f zb(z(obm1LX^PEWh0VL<4wFZnoNqr66;1kr7>^x zV~c&GA4?3J1n$aMIA%lhx7!-D#sVxW=2u#8bAjYi$}<7wOi(KV%axK)3^S)6Gt`pT z757HWFiZN$2bn7IS8qK?qG+k;XEKbE=%XaS$PE(F#-#tb7}h0VSjFcO2eCL@iG~Be zK|nI0GO}_ABn}-b1LQ|(WwPoL5C61Y!=q?hSC>S!vUK;V=vE1@t`+5~*h#sGS*pWj zUasiLi1=8{p#V~vwSg8sl?uicKnk?bjHA|@x`%T739*MpnG+_7Avqc`Z$UW1bHE^& zK{7*ZB;-r&xo@J(4@${QFC3cWVr!P-g3~EqRSl(7zsa8Htiss@AHxA6=^Y4(z<9Yf zRxQdB2sI>_c=^&NL-45v*OpG=niJU7{y)~(s&#mA=OKP)PZR%-2z#DSNi3o~PGWC{ z>N$c``TrgC5A*)thl7Ki|Hpki_543{smx8bqw`bc6hfU}AO-D6oP71J2fcIby-Yae zh2WHS-j5_How=4`Eipk14$K33>3d?qvU4%qntRCteta9kYv>1@4TfOw=W;pOEhOS; zBL9^(38gk!-v_Wt{`U{^{(t)i`+Gb2e;-eC|G&ibFLw)M=l*v;@_DuMTXu@V?9J;H z+l#yl+)h0HXFOH%KN~$Ty#U(81H3~1A0F=K_5c07!A}0)%Om3PaEW$-=!ys`L7>v0 zrNZyRwA8MDLDar(G(2?tRu+hyo6lX{6paIvxx6XV^RB$XnX#mI0lG#ZqcWfo_K^H5 z!k+v?Ehp57Tc&u$Nmg#PvUJn6oZ2!3lt=fm@YZV;{76Agx=?0aEk%$Jm$*b5AoQE6 zx+wG_?1wC=n!Kp08SxoF848)SfVlzm7YP{q*QPK_!Bs+{W|WDpI{mM#rP<|=7&Dku z&b}?A@Ihpv*lQ-zv2;arJn_d3-!p1^0wyUU526JQDW@=fms~EPCPnfhK&GUaE7Lfj zs)a?~hfzce{GV^FL4;~)`lhO#mlIeAq%wz=ku0XE*PH$o`%Qrl00 z%MWJ+QHo0X8GU3Z6h@)8e4%o8`r%A10~RTiz+8_ulaE}2!{715;0^K1O6!D!t7M7< zq826Uch#Vnb!_FEG?Yu{P_MXeFJ9>uDF23ktG?FZ#@j{kxz>x~lwksAsBB#F4U&Qe zG6vnb!RH)Q;Zrro3e;`@H7iL#+4rSgmUf!aZE45Z8Y``dm5sC*xefAcU$;qQC3#9H zaP%$?8R4rZF$lDO-zJGLW|+D#@WWXpwL%5NA%j7LJzX(FZ&`_Z?NpJ$L!4q8lo>DA zCFV;j_cfk%_kT?S09D8TDW3oA@ACiL%X3GOeRlh|uO`w@qoLR!^iRVfuVeZB(v#yq z;AtlR*9!ntA^-RG_XdUd5B>g5{@=&5orpa-xwsSO#h5+72=P6Jkw2D}HxUVW2tEsH z{m^G)Imw3Vg**&5oV%30OjR$x`DnGPom`vSHsK1!-;7xQ<<+^S5aX9uvhR8JxRyAA@s*xETajNQ??N9dwjXE+ley?bL1GA^d zZ>6lB*}JFwtBiF$R)M|8E+#0`hnau_S&?0g3!c3i`XnXQp2M{&l)A+MxJK~yT`;Pz zazgz$B!I9=*SeAs>CthV96G2=yqob zF7Rdj?y~MHX50Tmf;W9jA)BnBDRwcNs$({pe7$zirqx>H`WK37LaBSBsPQH7FCL7l zEab}80#Ox)e?=s!V%eslsEQDFv8XgjcN2^1j$-rtXNI_{9e&2-^VRWZ>UlQXo37&@ zsmMaB;>@fHOw=Gkkl5y@u19j$ue`5TgMW28x;%NaDcmiDg!+miLfuh(pNyv3JiyQK z*{fG4$C+SZuTL&7PLHc%>(qCcTZe|r)7K|wZ>=$>8qshmLo}>M!`b=StFxaggLYLD zq0D~ORMZKXwTj2?KxCE2mpgv_vNSMQ87?)=)m`j!Oll0x{l%cNSqYPy!p;JIdnn_|wToYKXYp&Y z*1NAGfK7mBG=s_vS#u3ZFTk@xJQ)j|X3<&dCT~p-Kpn4_B!kUBO@g?TpPSw*xygZI zQ-U+co>qRgMw;39E# zPxp8EU+?Al#v}Xe{LH`3NIzed%fXkPV_);rNd7ks{Ggu7_&-nb_kRZbpPl@_hv&=0 zf7k_n_~L;dG64~cyTUF(kfF@2&XA60iY}GKmGl@{{Q4)7ysp6p0y)8-$A&K-J(zx>DeNhHxKpvrCD(I ze8Hze{s(wQHw*q;NB$q??f-iRPj>SEUY?xq6d&)E(f_v*+_|uWNV)9WSpzaO-=94n zfCu2$c!C1NfQ!Qrxy--z*|OBmpGI{yf;lH4o-Hv*ZxU<2h-bKqt?{RR){_4X&j70A z|K8ryy#G&sZ)g9xm*;Nf|H`9+-7@e+;z6$J_6-gLR*z<#?cZ*t`2tS^`M+N9$7=b% z|Kw@j{$!pXdH;7A7gn8 z@Vx)5uRhL56IUiuMzR5%f^ue(rH#Kb9>ursgoY+XKsj0{Q${M?6F1EOTMQ! zuH-RIj%vCL-EkyB<_y80FE55rm%s?Al1VK4-|<8ZQ-r;)af`&f@a1J|$(me85w+C2 z$d6FqhvK@|EPF-8!|oNz-$ikWZ@eK$@RAJ?6n=<9eIv@e;VHJgHZBBRFdlO;H8$E2 zVNbNxD5$zmKoE_|7T7ZK*!NcAHotEfbrKk9bq|yjdjKxy2#m)OWb^SD_!JQIN9+^i zfyolEIZA|?5^tRdC8+VOvz0oNz z361~^0zl9L`k^1r)H>GzHwbtbgqVR4ArG)QrZ%?n2#zv$hG*#GP}BL)dHiVmI&yve zFUf?oZT;`b;gf>@$6%NL`+lCL`d=FEp)1lrVFzBl2mX=}JUTDi4_2qFb^974R zEg_lZqL*}aqJfVQ481N2uYb%1GDyqt4bhJxP=!`Fdzo!?zU^hvGxKzogwDLPP?CDo z+B%S88$1x2BJ#k^9EBjJT${9R!ZJ$jWhOEt!|gAvyPQ8yCtYMpZ> zPuk;C~H z{(nv9-#Y$Z`}zI<{$T%bxBtJ7XYKQ!IzGa?{r}zi0~^N(+j0i}TIJO4xtpg#{&VH$ z?)`uF^7)_k4i0wrzwhO_bKl;SgT5VMo}u|`_wDVeP@2XYan5c0=KFf_Gf4zscl{L( zzh9aoch7x3YsvpD`~MCOivGX--TB|WJon|>yITgnh;Ogagl+ovW_o6q$^9FC8p!{< z^8dBifA;zZJNbVvPtN|s$GbH6`BwaZcMHKPKj30S`jsQHOQpSgHhb#J|2y;lds>YD zz1M%byZ?7DPq*9MqJLjwy>Pb#Y~8;vL#e&=7xV8+7qkCB|GxZ6{!RGz6}V~V-&e!G zFEiB2)xd$9IsARGjMaJ5hrI_x+y(-0aU+z`alj|Z5nZH1e8&ifCBkW!w;UAR(>{@-Mq9pa$Ca|@VC`-7+ zr=pO(Wvd8DT(_>|!B`G{_H8Xd;gsfpq;F~gP)=lg=?>s>F9%G1&3#-6m&Bol86pyFNcGnE|N_Q4hao{Aq=re65d!E@@9RGw69}63=oV>5_Kk z=dSs=7TvM~ZG_4%wTY}ZDMWpO-Qr~6i1UnxlaF!( z@k0vj2SXGu{O~9U@D1{^-tcY|m#mbUO;RcH%3t_QZ;Tgy=r7`h<3@3QN3cK(OqQF0 zl`yi97x3ej+WMo!EbFhirXE~mNnY%tra90LvVrqh!JJ< zDD))S70i&?c;68}WUK;PXA3LzJLZlo&TTV^75Y8$inQCB@aGQ64xFq}qQ})s)@5D~+Jcwt0 zsO+E*zzwAG&!pt(`SFUcS=;IZAVjU$lY;Zpmtcws@bHXtCiMU&{>%@7hnP%5nSx18 zu^A8|kBS6BJKMA9zJBfC2!(X+PnmMc^w1Q>0Xyeu)LV)~ zfUOTSa>wigpeXRe_@gKe7zWVgngB1-dZ5f(K-#y!Uxob%z|d1B93UoFi=tN?gmJZB z;x_n26*-Fx8+ObI1#Q{jaV)nfG76l2N#sijt}Q5*Zvu3U0{*Js&dd{vTo*5*bAqS5 zF9k!=IEn%hFAN50PSYHToER~4RR3qM!wt*0uJ9qpx~51G_H8MZM6dRMQoDe@e_yYK%a_8Om)hY}kam|Kc7NJZgY|#C>ck#L_4_MXU}EA!x~VhwWJ z+#U@DL6_znGU6QaN-~HemOSk! zxgvaw*yn7VS~AC%SsoSn%-Fi|Ao85uy~%5QiBNKV(zT{tF%cg|_YBQ-bWD6D*0G ztWP*6r=6uLsVvO_Nk!0B{L(h{PutiR@bUK#8^s>xJoc!BXng@TT}K*{k~V220^6#R zUn!G|9L6n?w?+QhKF2mBpgsey0(|~W^YfQs)jacjFAoxUF{;bagcn2u@*T%%;?=jT zQJagr)~vs!GdbN{CkYQb^=H3R-aDT@mGtvx!0>-l99nfssYGY(0eRSe61}oQ|Jzjc z6Hn#&&!C^x{{~O@5Bod)?>?U9`~N%L&VO^J!~5ID*Wa2`M!PWbyH{wrmECz6ytOvy zMiVUg|M;qRiLX$YVpgBJ{8N|lZ&gVIQy}%)R)T@R&^rpEIeZf@!2VvH#;N_y72;bP zk&MBzsS%@p5?(trF_8&1mRHkPD^=zC29I^;zg7M_a}+H6S%?YRhK#8?|9R5So&O9D z_xE@AKknsu0L~#}h=dd{4CI*0oFkLi4?I7dfe5-+aE7SUdH^oxJ_R(6q<j~s9o21|fL zQInGdB1AyohsbF;FGu4M!vwV+fMdK^;1Ik!9s$oMwB^iv))W7g&R>lYL(fIEkT38yzUM_|MY zj(9;J4<=i!>0EOI{w~jJ$NAQ9QZ`|0Mb_LGq_0eO??J$WX52nl7i2z&t2pB zocV|U)%pxH4Sba|^#>mV`SBM7Jw#5!--RE@KhR{3@zq2Ar8^g&y1x4M2z&;8r|%2~ z;Im1q2jrUHYMq7v6AuwCUTG}cGr7vU1WFhH#zm^=zz$gA7(9Nwh$(yg7(@hL`=0do zoZ=wBH(VNDL*m1Uh#lQ}3_cWeun)PnW@hF5x0nPUTCK}Dm$(Ej5JRNAE+1CJ#hOk^ zr5eDA;v}kY8j?38vz$Zs%Hdt0TZ$F{hoZEL7Yi7ALcH^Lg5ShSkZrCiH*B>&eE1;N zn-(9or1$>S>UJq&UCIbA{zIWZe)#c+zb$c0vppz=pqPj^8-z3AUk#0VorIi5Y7f$3!vy;DFO9 z@C8V|^;4|obrKLaeh`2O0y7jM0vYlI&?SyLU=lMiNJc?-E)-t`-8o?X0s$C;IGPdY zA&w$KWQxfGd5+{ZJ@_2t;8GM21)Z8oy3IsEqiZf$GN3;6wY57%m+j zw>b%%=VaWaq%6ZArpOVXWbCb6xR}oXi+IT#*r!|35dDcF#{6(5@0Uc_1CUaG77Ckn z5n!~i^bRAj=p1>i8uWnYQ}Gw?6fuC{==?QUU@s0VRLZ|E;p`X^&ktcBDK?sqi91J> ziQL(u4~j5^DKp#7wvNWo9{%?Jc15)`uES@MHGtRt?Y-zF`5R9aT&l-dt`h_yaD|o> zd=QID2Yle$gb(6c!UqpB_@N_WbNSOHub@-jQ$GCiz3+;h1qC;A-<_+3+L&|B!w55Z z;ub6)0Y#ygq)&u02Ojc35`V4Gx&|Xf;xH7AQgd3t0e&b%m&jX=f+g@!6yPQD1gGTj z74l7H2Jv+I2D5X5C<>VvL_KShX`|Sh0|1eLP-K=ulFkf{3OORszJL@JaHasuP%=2n z;&KmM2wgN?*%k(8MSy{SjY34}Il&WDJxVb}oC7npB)lrnQ|JdVL6>ua=o|;0u*(Vd z-v1!QTK4;gL_OAU_+mP-%-Jj+E=hbCyhH(9s<3P+s==YaWht{Ry2yuXRpvT3UU+h%}-~7S(S5}ytyQRs#&ily%gE% zMi8P!_@TV+cuAmZUoUH{2nvR9ap%O8tqz&sYQ=Tz4fc?-pVwN!iV^5CeI)wlT$KSX zFI3(^*t7JFH40#(p3zsaGWLTT#o6h2(C;tA zlsrCvo5X$rs&q9x6*eLR@=3q{+7~ci%dZW<5*06^Na&u8&ZKx9kTzNm2YV&7mV-90 zx?46dR=H!Ea`|Wq16kqL^wgilGV-HN=gs*iTQ>w}+J(AES-I=KWq)FP)oiK&00kj= zpVL_d-xZKw`O%05?_l72l2%LSjKm&YTzLon6i^gQ0bfeEmW>GG>N;dxeJ4VmdY0bT zF`%fKyYNjK=F(6WWEjf7G}WX9&q?^-UCZ9b+56T?GdQu4aTt=BpT8#i1Jv>;rJh zz#P(?v6V6syDTPX2p#~F6#g54ziAAEzYleUpa;N(As>+ldmXjc<*eNix28G(G1n25 z0r;DM$m{-%!P(&Nyt3o~{RQ}vqSW(BQXv|oDybsb7G*H(DGYmm&r;3bo8|UZxqV*l z0r&?bd^4;Oh%@01L!Z-py51$BLjaO3pfsVDN3v3U#d<5L(D*cm^rodOv=L% z8jRfW&e2j#PskYLTVMWV)8=lWrR#J$_B@}GSe&O#VsEyV%s$87%LK{`38gtL+61u{ z2^X^Rdh3S5%)cigB-ase7b%?M6wW&I$iM!GF@tN-A?yE7QNKBUs@$g=BUXObYhdJ4 zZyE>d4gN^gUT^d%!vxNdFa@tO4M(#6v8>-5znuS4maM6}$oUVBQWy?+OVvrEA9})w zE(BOAGeAS3aVbrUhJmneo{K5VBY5bCfJ*b@Bk6d9C;B|q57X_4*aPPF(nsf~wW+}o z4zMu8tf9~|UAsb~w;VYqkgz4j*NXV^aEjAltFd@6er5UnmdOC zy27fVO;RG&W<+p=2wUv#g3PK6ghM_nSM z306c*R{$_U;;2#j2uzmZsz7)Z;+qh_n9ap1U>mkObrUc#ZO2bQ-)lch_c{4BFZm=+ zVO9A=Qp_Pyph|9y*E;=&p136f`KHY{A$AFZ#^!UL-uB8PJPEHwjK5NB;v)*LeS$^v z(;G_SMya?cB~PK#wY%gdbQucuxi%7T?Lz>;2WdU~kQwUYwf?Ge_D#Cb8o;WE?`Kh3 zIEzpH5CJnPmSC`0UW}31rX4GWQDS4vvaEjJ%Rn{Uk&4?Uc}F6HCL;Lb(uql6)!pz% zImN^+F9N50kIk^5!I_|HNfV`~v4Dc>w4ktGxPi|(K;PuEUe>GO&&3DrMwV7yS-&g$ zABPI$ML**$^*!W50z^*;>;ax_^VUcTuEAdZ>Y4D~;+0JkW)|LEZRYbBYV71Af)@<> zLH%8O9!X)#zUMr5o^=l=gQw3SLiIN8DbOu!c2Zz#?sO6WhKNjoR%?QT{Yq7E1vr~# zHF#d8Sychu$l-G(Kr5Z4`f3^AJ5!_*AB|LrGO&Ib4JsvIJ4#IoPiA-<*_ASq(Z-}% z|7{4bp&xLe)gBJ|{o783?j|uiZM54vn^}d@c2c7}2)O>Dk`jPxL?(Q?Ejx0rD>idtVH8fQDyLBgcxV#OI>PCr z18yJ*I{*=aNe8&Z7m3zIlr4a#Q}BQbbS|+eVjVE$8}kWtuf(;0Bz6a$f-I$#O{%!6 zx%$r3s=Jz9;Gu{hd5NQfh^-&?)W@~uqo4YS@8%$=KK|_;3)RQDbhJc#t!I|!>(Z*Vev4ygtehkr5crb+-{kUu}>uAdv zq<<>SBhxbeL;BfXsMO1rd8%(-qa@Z;kMAVKz7hCTNNRw2-P|;)zvIggRl`ENcesuu zUya2o&}$vwH$k>SuG`wwRNB@R?|aW0iuXBVQFXYLT&2d&RaS4R6y9cGUs5aJs?aY6 zw$0BnQebPIWu!FQEQvY+>uE?M2%XI)@LFIjqnxtaEuo3jDCF@v7~zz#X(*VXjc)6#DJ9JtKQI zAOFm{u^ACo2d91mPS^%5r95$1k0-WBL&b4lHFs3d@|DDVDG;WP7qh1s#xZ4k`02LO zF3XkO9{$!I^d0fP-m~`mwW8UcWoI0iRR`nGZq z;$Bn0%LJ5fH{=<%ZK=MyXhSKI?VN(A@V>TF@QP%-HlG6(Ksj-;Q~oGI&E=v>r_dGf zGlE(eQ1#^{5sxF3T9{!m+wT`n-}S*^vJq6rj!9*C>&@4?)IL~kZ z!x@+(7zr6FXJ$v_}ts1bu~8?B)n&Yd;GmeQ$UL3;f7{Nn80>B|%F&$G7| z;OP7m{Ce_F@XN`?$>Yc3=M`EiUj{CPwTrBAyVTIhDiSzZoJ~bm1gJv8GYq62$7f1R zWN`U7)bYl3x1_6{2##gH0a+3Oesv%G`u4@i#ha7MlMy(6^>%c5asl2Py*|<1@y2jA zGIRosJq>{-snb!=mEhJ(m`Ry%qmaqFq+HJrQ`<<`CHjmP@I$2$2q~ZOWkEov1k;08 zf>h}*M|yZxpfBdssz*sODlwbO5iX%c;x4gEn4P|6iwmjm>ghh7h$AF5pt(;?w{V7) z&p6QGAXG|)0`9zQC`hA_6G9|M&4+Vz7W$d^;VY8$e{TZMloc z>|Q!*At*$QMiF2BT3v7~_cjnr2n^l1+*&LkpJT1A+$xE{$_!B^A|9tVr^HPGb-A?z zCXmXg-qKojonEzhcr*6{1a5d0Ei4z9iO{SO!CpsHSzxgVxk35Q{1u%G`Nepf*&I_D zocWQY)<{knK$)CU%#Ul4oYF(rIHEl2-UP08e_dp*?l0WVr~Oq{&h^EBBWv zRy}uxmUP$x;Bh|ANhY`vFTuIUBBe2!m$F)2@EQ>nFkwN2-Dd8~E{)g^2P%Ylx|bKzhQBjU7tl%q~`64sV4vC)nn!d?bf4K>lzYm&-O0j08#KG`0c$U^Hb|P6)^Iz zGsHT9Pg&;%GI!qYw7zR|`DFbNVbA(r9iUpjr2**wD(!k5UMS+g4*lYIdXN4Ge~cZf_t zuHpT5f3`h36b98OZ%w?`~VI?+Btl>z0Uq`OV(bqj-Wo zMyH{NK0a&<1no!fMRmb7O=@$#6_o|Y@~Uc~aYj+#vxl_-iTdqF?>nH~Y4h>4cHwo> zd*;%?zl+Y&9U%Jajktv_x=W079D2N*r^KsH(X5lEi5GQ0&U$(CdJ<0RES2k<^Fpj3x+$@?*P`p@5J7EkFT9 z8Gt|Wwpk&n9g_qKB6S_a0+e%-77dq(vZEkKnEQwz6{8>{A;jdyF^gixd(vF#oeLCt zi2QFaO&FDi_9I+md2Ex@E(MLvxJMF{YY@8nqGPMZ_v%J#o*x_ha`w|lIk3F zv0Z#j{Th^&^#Y42XD94Y1&pf7Qr>VTv!eaYUh%ynI8j$mC4`g?IrOW6IF4h?sbtV` zhW9hd7-uW%(xBFZER>Fz1dllLeAnxV++NZ_rUTG5B1<+Gfv>1K<@Y*(VxUaeiCQIQ zAJwdyvMGQR+@K&x=r{GSl>V%CR!zTI-k{%P{@0kYv#H7dFIDQ9`v*ZQ=^f40YiGskG1<5!{=Np0+_!@cAxMg%ndb%_7uTiK@>F;!sh_$mY zOWt5b)jxa>y~bYR9eUx<=8S%ssWN9Q>dHgVuCKz%ZDp!#Wv2K+fMzgwr+muUPgC7hgwUJ{gyjiWs0OA&Cz-=*@k-$0c>h9^RB~@8Pq4|JkFmf|p6SUFS4p?_i*7J@5CQKYG-< z|HHU1@KoA=`8I7Gqp$H)od50b?>))cfBXHXJNxgwJf-$u!_;dUbY~j0Sj8yanBdo1(z=(;ssh(bDZGG2JdYkK(S}?ibOs~`wJBR-|h7_f$gt8ERC+s;n z3*mPL)b!;k6&OUx3C2O|yIT(6Q=2c(`f3&mJ*jny;CC=c6DEP*ocFwkxu9{{N>jY; zG=k8r1%c0WRsln}l&lRyw#2c(h@%J*;6jSDqmP2fE1bkPh_XR9BG_|WjDxO=7ZD7X zd}cHOgcP9ji?f$o0c4}-bq$^d%qisi98Dmfpwz|0 zM&QkSIeuyqVraISsZ-T6WpmD%%(;lehx(mTF8ItT&X4bu_z>|fYRHhYh|z~axn-%o zqNRv<|NrL@oHMaGqRN;n9m{_514M_0LT{5fw-U;CBg96Gyi@Mg3mE+-Yo+H(;%S$7 zQniOkpE$;(R=^b!X)E@pX;D4Zv--O5WLLBp^PBo z8cI7=-_;KDORuWm&Qq@c*>)aRbTO9KFUB#E99aWLh5pyyI~?Tnzk|WS)1CfzACKYj zGi(8EWF5+r2_SCoifbe)-MjSkiAgXN&Qil(Z?Wu3j_6*|MVE8M0*5}sTnah#+I0f# z!eIEU|E%9rY2RBOin!zqT^|XEb}U(1zH~?ZNuTEPKg3y^Lp6@7`9Ihz%>TXJ{g3;3 zR?h$3JpI!@&F6o^$zQ|&`(QtJ|7&mm@ab;;-^;W0`JXrhOP@4ZMDxtB^+4S;&4=Ib zc7Zw|rA8{`u}mH$@3i9(5HyPeXeKLj1pF?L`vVv=Jm#PUbGD@QB7$r_1UzUC*a3hqi1z z09B8?xZ{m|k@9KkBSONFUG&VeQ`1tm!`+BPcAP`k4NLt$;G?V z$?hn*aT$`THM-hlBoZ{@=%wS8Q~wIxz$JFb~1Ae*c;HndYY*g6IAI^WBvE_Mgi6 zU+OqmA4k>vf3kN_y#KXZ|L^4~ZftZ8Q7Hma9bT`^YB|n+OwOaVI-Xu?GAn>IWm)ch zav3T6x^TH@^=ElYDO*NeJ<7gJ?;GXbrwtIq=4HqU@LC_E4?|)QzF+Tl39* zj(_F+FZG73kE2rmf0Eb#_x7Lc=KsAsr5Tj@M7~M?1b_v}dcL+}4%?`^x=wvom0_xu#IbbHd|NR<2(x4PGN*L8fizD*n-C)xh@v^@z#LK4;# z!4RMwZS4PN{~Zhf5~QdnTXwRo_#%->U@#aA1_NLoV%k&tb(+a`NZKQs(XxQjCG0o# zPvz?+ofKa$=|q40(iHn+Jqzc*YkhFXHWtqRZf*W=9~^Av|KmL6_^Vl~1N8J@zRH20fzod!zhQB?}IVKRjj&n%ZJLq=19UFjgGoQcc(>VW0nzl1a zqA^`d0H6i)e|zuXc|HEm{>J{}ah|O$I89{6qg>mZdT!)U3`fi(nk8_QqW+8Ks&6x% z_hTwXoJ&kdoJ3$^Huo9kh88@|v1mk1c=jSm9!XgQ^oqwtL`YH^ zz%PY;<$#4ilMzWm9p(=KIdOEI>}Ud*1UgRnHO)i;S+um-poxt))*(>GG-4R7$mtdn zB1h9*dps#IG$4i!($q0A(;O1%2z$i6oDneLc?L9*ETfg|Z7hK?OL9pSPC~FTiwP1? z@|4GXIB8*m^%j_OQk_#vN3+16f+msBk(v0wMig?e(YfLS_;F%VMLXXnJb#i=(8(+~ zCK9^TR?8%m>`ILqODyUYoHI(|wh1K{;cXWNmJ3|yM)ecsUPgj8-jqaJJ)5{beT5Yj z0@yeuAtu)*hVCukgMsD)nnZ2M+cb$F91)h-0N#eTkS2-9Gd-dv=3Yn=_?WZsGM;FQ zYYenTl8GHY;FXRM8!1m%I;xH-a*Qa6tDC)Qq~H^iqe zg2t*9z!@fZt5zQ-bYOqU!Ppl}D$(1kb?!zo630bm(87kILa-vOhRvUOig_|GOeL3a zea>S_k_O8CVlqTx>N*VU#+$Nr*z}(UAKyU2kM2pH>5^~yq|1pBzkVOSdA9FGZ z826{}AI7{-Oc&1cI6lrOvJ8nukPGc#IIl;l4!ko3SL&99Zu4N^6j1%M{6C|M!D^jI zi4fO3ixzg`+!U;J0?(&scEUoxQzzUmER|w;{yf73lDZLl;15Sd-k7z{w-Tk=RP%AJ z`IX65;hp@T5G&CLv+LOnQ`xtMNw?D-PxI5s36;WaGCYmJL?wnj*E||1F3jGSaDT$yac2yuuwcp&crW|)wmF$wGU`oK-mv2Cq zxoeLwA)W%`Cc@Ja-6lZ8(*W$VO`Lahe!9LMFV5CAe+8&C^K~r(4LrC0bzq4c*$=xM zG|hyHG}>QQ7%i8D`!N=VMSaq_zwgzn2VWu<_u;++^LUHJqQ2-H^EDY$v3#GiG*ohv ztYK-Wz*|C4PPIR?6QwCk&|v5i7`u{6ACGkvF!?r%!b|nj+QUzG*I-iFpX=5GQ|IjU z+moKV6~J5|s=A;i-yI2MPGX(*tCAW`v@qeVcGRbmU zcIBz&wE3!5o(7h_*UB@4K99G^G|efO28|l;BCH>8Jz0eQ{`OAOdNQK}559CPLU*sb z0=XY=l~{!K_f4xr%!iA24=?#}eOreT*b<9FwdH2SmlaqgtglO2)v0?gQPo72$CFc2 zW4rKdWG=psC!yvdzTIs+3TZ<9!DZ8YM0Xn{(;P$}K`hP3_y?5yU;5JRD|#C5e{ImU z2GifpF{UnC$r^Bx{m*u{9{+D=Z+CP5`zQ}d**|phr5;@EcqC1WKf6IU*!C*Z?#WMO zI%75Aw7I;!iD=>%5G-HBnj7s8t|dfiru-CWxS(b_pI9?CfO8J2Jpli z@iFbW*}-gVLnmlqQwtso71eCT>+5T`O$FdOZL6KXnsj*@a}tTpPIvo%pKReH#Z|pxG<=L|G z4%%(d`!DPArw@d3Ekcbeh*xzG_qHIS{d`zf)_)IKGBlrEV+DsA>a!p-`?j#6(5#*5Ja^*YavxvQ@dFw^k4eufOB_cv9UuRqZ*n9ig#m z3E-F{(5JRSL=)&wN^?}_sMcDZpb??5fKZE?i$f2RJdUSOJkR6U9O6~5BvE9LLrV;E zM5hrX8PyotHXI;5`1SY3MjTUxN<$HbB7xBPjBBYeEihIDZc7fN9(=y_+~(*fnUR-D zqsLZG)Sp_z7phA%0!eBya&^4=NYNIxheEaR032}GRK2C6Vr_StBhJgaw&?)YebjVN zES46;K2s~BV*WJapODGU@kgH`x|(AA8IyQt_lx9^emb64%+~( znf<7C3dU~AovM#zZSiJMDHlp>n1F&+{Luu>0JCL!ZdlI7rJ;>2`3=n~%IW-HNGtuT zV#q=gr_r)_4^9VXT$&6>4Ui>4*`s!Y>gUXUNHXk!7?Jk=U~urm-u|{`UJa_q%!LHD ztYTs5F)k*(2PHf842|^BfOUJTgPl5IQ0{cp!?4~wM zfqDyjc-&yQ`7~itRaXBW+fHLNA(kj+HhO$UBbK4&ZdG)1ZCxW*;1y7tnOuEYmCl_Q+zo{Rd!r2l_o2f6MO4tjDJUWRf}{Al*s3tJ4E&s+2O#s{xrB-P-r{ z2(wv0*EH0aVxNU=(@Zhk{@mu*JJQWp>PYO|ZC9i1}>h+C;>uFg1h?QpuGDYlp{vL4Qu19y4m2&TBhVU9wkwI%1VSk&%% zxngEBD>24)uorZvSFq~J5~jI6g&zA;i&1$rU0?MU*YdWkLpd%^hINd)xmIv-v(Ts3 zPTg3TBewx*kU@@vdI3Bb5EkbdEouJ~zb^8=k7$8}D)(3TkqXrOjd|_qFyR?(L7#?1 z{VmZI06pRQ8KVQ6U0!V$5~g%v_HW0G3zbR*T$q~uT$-zPEngEZ12~EWZ$X+%BV={+ z3Lo@iDq6;6G~+R(F-fQ*OrGdm5`tYJvsU`rGuV5Mvwley8H-@dbr?cCJy*XiyVyc@ z>r?vnx4=iKsMKclhu)C*z%%gCV}DE%GNhRwz$v;+!8J*wC8t}WgqbI2W|qHi;r;GM%LvyJ9gNnsfu!w*ZYLP{r5eb3_Sh^N}yL-xMLR&wII-ZqUN-DEqQmy$qi6{Cq)3g#)PLHzW z&LCQyuZ+jw`wM!N$)ZEEu$$`BeK5=9Vx%tV#3H4BJ{U3>cfuf}djCo@a5Ez~1p;(s z%q))PuXUkWooxme-NsDPO(XX+OQITrmkdpWW@FjX$!biVK%8;@Dc03;z?cG`txJ_GugEgJ3+NQDyR@Vc5F5Y1R?jL4DcaZ|-Iv z`C0k=Uz$ueqVry#Ac{by^REIHod0+Cw(Ie~_YOAs-yY}r{JCvUg8jxzQj(@RV-U1& zZ@tf-A-K@O5A!C$?QOg9hETz!YNffo^}L0R7zxp~IUygt!NJGXn+)m&^*V5S8;GlL zMSM``I|AEc(pGYmeuO}0dJ3jQX`zo>%o_^23xR=(DVpYXwm9ihs8xD%hn|_s`i#d* zjcujvBB7|NeK)e=7?UvMc_LSDUywU>SqFcg-5tXH?UeQv4 zK*RbQ;x$VBIlm?DY7!-Bp zN}zcf`b~jOqcB}@NUCRvfxa`;xB(b>YBAIw0YB-F)i1TXtf)`joB3yRB`W1KWkb%m$SIjYk!nZ{7BQ9pMLX7vW!oXgQOs2)HG@E$ZMFJ6U9 zhHsqr&^v^f2?@<#ZF2wW+wbOgYI=4DPfPeZv1Aj&RBrYi5-x#J0PYwVGL?g#a0%b( z9jROG=~FB>Wf4%ctZ}WhbOU+9KI-n+6d!8xy0bwcaL)lW3$V=7(!(tn6PEaPYJU?} zxl)Z}#6k&vja~hM*iF|Nx3|V#tyqMLmNj8|;4c)+^(pt=m}ZJ_brg{gI*zPc=JMh8 zwzo_TNrrHH>zAWx&vuuo?A$pR@?sj8IrU1@h}&DQaxH*jga4C^V+h~|5{4nsV8@lo zx3``Sy!=Y3Rwjm!*~%}Z_OzN5V9)i5Y@Wz-onl7Yp9*v9K%&=4JTdl1As>%P67}F$ z-xllGQ(WYLK#cs~U38aZ*@(sz%_JY6XLZvXru}0uZONffvZx;7f{b)(!Ww)cI80UxX8!3+F9cDmhz>iOU9c6WQ@|M4i#GDl41 zy{MWruE$8$Ct*NxIpUeQ1`jU37Xjm)t8MQRFL2EL%>|F?kD56=>tx<5To9I&yNxF~ zR{m@#Ped*QN8qgc++Dp;alo=o(?k-(N@ZZRYLS{^I;lD`tNe`T6sr%qOGHwp9qw9lH? z|Hjl%3)laH+WNn9@O*cZ|MyXz$6WvKzVOcyteaK;%dYx+U*W2s$J8vecGVZS`zFzt z3B|VNsKjMgwFTG5OZF^5)tGn3CTx`}n)P+@A(eg$d~JWIex*c)BfsV6X@qZlO&MLY zj$Shg!XA6q8!KBe&92lKNmJ3>ppyWtxrf!miZ3m`HqSku^{oH;JZzRv@M8bp-P-#9 ze1GTpX8nJR=YH#dxymC4ydvp6*7&AF)y?w0+0<8PU|Fkv%VWbQZvCaxXGy0|#K~JCD%`yZ;0R-)cOayEzfnH!0W^y*xN@&hO8xcm=1yio56p9Rt2n7F|Vyrr$$O84c zMk(EYgvpW;!10m6Q2lf$@|zCQb$q1NMnN-1VyAIc!Re|gPCrSS2)z5b+I>$yAv4JV zi)k~8&=w=Iv;W*qykqT&!!yuIsbhBTaLZAe#*>mgw8&91HM$^Qts{D8_Z?@I#*n`g{-C*U&Yi{lS!wm2sJCBB(I(;RXbaz!#n0e*5j4 zUKzB_yI@}%>PZLBl&o6$Cs0L_FN=Dvv_616aF;amY=Az53K>fPu}v5uncQz^EZ zWEwh74B*#a;V;m(QVf3o{l63=CZ^i?FE9N6f&p_%n}Ubn2eXSe$;K^shiTU$Ds{LL zCG5)`6^tk@CnOde#ss6DFag&*!z??_8XZ_{Ea`_-y1A*Bm<3e@#9zSnx{roo8>P4! zNc0V^4P+y;0?y??j z#y$4foxDpRJHsY+d5rb&c>q?r+nM+)u4MXTz}Q2+?=!S$!$l9Y=j1q*a0m&nlp9BI z2xg7YM-Lz0JB!SreW5Ecp?Z)rF{06XG+sZ1DDeyyQDTrdhC?`esa2e}a0u^YM#GVY z@e&T|QXC#1_5Szh<(m`DxODPPkResoPm++OBbq58)l#au`@%4mq)9}hpKUFz z>K^5C)Ig`hDwP(lXqHLcJ?gx3zs}XR?gMUO=gm27;N$FVSGlm8Hya&L*0pc;+|*_5 zrue>_%J1#cUE5f$Ww%xUw_6fRv^Hq{NRzkB6<_gAE|n4ADPS1ft+V_fH2WC2W1yc@ z8*t&6(W#ae-Kka}@l5vM`@Oy0;`J7s8?S%kxeq)6W?~MgB{srcs^B^hKt_a)c4@N7 zR^tJ%0Vdp*BUNR{setQ@Cqr!%^-`2j`)gu}^O#>&joPBsoGoqS+GcHe)+E?x1+^fCCX7WC5 zi;0kQ-0;w;UuGe)HAW|ACLRg8^Yt+$QUb-7UIb3vCPWqa-X_nS+@eD^a zycGGkqZPLbg5RYXOC)>~yfrirek6jP6FCCE`99cxif!vnzsSdHV}YU@mJOiXAQ+>{ zvo+dNF7E|d@m6%5P@b2B*ZwCC(bwaEVg}IO#ole7w77xdK<5?4&FUT;9C$_3Md*3k zvE>?^;c(^B&tcq*s#ROseasoXLcP0B!b?6FU?!0sbT>-n;%9C8pLX(WGyz$t|LxW7 zKMuAx`rqR`Uz7f)y>-{8{#kf`678?q^kbv^-Anl^d1#~iZFIkl?)MP7Uvqqjjq3Lp z&sy}q+We_2feZA%?Y;e-n*VQix7*$5e~mws>Kq5FO=m^opcKTqGNK$pj*^#ai%&>< zuU-l&XVma>K{G8oTzmri8kUEY5+Sa67S$lx*A672NJNDoL#kln=4t@`x1#s0@SDMx z2sM8$TDgJ#^F5k`DNuv#{ctCo@MrbMShey+rKG^wd9;?wyIxxv$v6p4<{F! zq>zk7A?}Q0R3*sc%v?fMmBjc?Ev|Y=CzYz3W4$#$Ym)yq9Qa-2|4#S$l>FcAZsh-? zJj=-cN=Bmk8c>N0UkUtEvc+8%hS}!&Q;S0ZXqhPW!Diuj=!L`H%84>r_B|89$3HV?LQ~>? z*Q91%%7l8|YNmwJ=BG@8p~%r@sZ_IA=;Rl+7)`FKUU!5GT$YtEu|cGUrAd%CmT-JRdl z*Dv1x^!m-)_h%<>e|dfJ^NbD$Z&DftKXD8Bg%hR);Pc9nCkEvnGw_9*QF-clzB#7vBI!=o_!S-$^vqcQ0DqhQ-+3ml- zA0s$utTN#9syPF@(>SnO@FK@JG?o@aCP#Tc2>IBO#s0t3!R?UfYl=NB5 zB&+*jlPH>Y%sxALtI5~+<>KfU=Y5ezKbmgVrdqn-T>dYMsdj#!nq66*9EmfYsA3I3 z)Yo@{W<3)OsGy5dz|J#1U~w&;gFbe?(E0ga=$q!EKs|AfeYT2x`jxnNb|qBY-lsrJ zI>anbD!k_=?x}u*xr#^olLp_8d3b3eLM^YmtXXYYPGwn2UAe2OGFMG`c>Uwgp?SPG z`SIP~AF7||!?B(&RzTU_*`QwyJ)9#e9VxPQ)oQ((RoPXgS2YdeokibNx+^{9D!I@c zk~K%}n2{fCd&jL^$^AG>glTHDag@J^B>Va{UwxKz#K>=f-wxHk*CQ5F9sKP#{~}Kk zmJEOM{|h1xBBnHjZS^~$&L(Z6F#OpRhMGH28!*4?3#MdU$!047webZTj#um_J+r2C zl*Y+gPM7jD>C6dNwpd0sL3o?7;ZO~;Z+3hQWu`-fRfZFOEhkR(+~`NNw?F66Y4tb> zeyyTg6453*n1;1vrEoz7x2zrW*^nz^I$gCOfb(Swia`+=Z(4^Hi=dA|sO!P=%HCqJ zvaSntE?;Qbe;4l1HNRdSna2uCjkvow`tYAN@|(1nf1YOz_kU$v;u&{<3+#XPpHJKW z>}+rRKOW^-bpN+{rfYMzb7~l7>e`N^sVJ?4UKGsp2fDn2FYLDV;P-y3_siM@Wi*Xh zNJI~|(L%@#_=%xDUsggk+>we89v5Ox&Bu)h;lTS6?Dk**B^r!Nn!-txDv;gIVY(G* z;_Hh%)1l$fg_(t5`vpTPg^eXZBMdp8vhY$so&te{UKcqhMnuAxOkhN=DD){!irh01 zGRFs`=VFFKNIE?z&Fn}0Od45RsguIcP#N{Y`u zCt5qxs>eM(qB69?&Irj`VSB7Lb&$4R_MD3s&7@cst@1<^{Eiu^;wZ`4wE~cAI7RC= zUWy!6f~MOq2AH95d%$9P*g(I|v~|%GD0>dJ5LUxk+7vJ(u7c1`i5wkHlg{Q4nyPt8 zCyOgy(uwzATkAmx(mpn3>!;i z*SJf-m<3rimd&W~pS{(5sOW-s@(V)oU-JhtN1-8U4>CT!o4-!ye%?anL^Bq2VV6vz zsO36i7S!1es+}4BCeA_(H{}JC|71p?CzX4u>k%yyJ(j350Z(+5CzZGiYmdC>=5uMz z<+8F*u~8h#^e+oNN=;GMH`I;QXUCdn3#3|wg`X}cY?$L|Bg&QL-OKZ-q&4eISks)W zW|c%WwInrPFhR|olhZs%Vw#yrX=W#+St%LK>_jw8NoZy#pqZ0=WK*S&vXD=82_WYSNH$gd%nHV z{~zO-bN@3h(BmKIvgVI+<1$ZOuqV7~u{Q(No=#7fW?b@+$31v^d~V)Jk`1XmcZ*gp zZSH*WP#kD%=6i_x&7{;_|GtE5u`>XYy?Phr4fD!gZbxK6!iL7!ZD z&jLA4y=VWww*~(o8RNNt(-$YgQ~OXg8@zx;lyr2tjQ`6Eu0+Tq+VNtRNSeLZn!G+V z4q3-DQHPCB*_R%Ad{&DWd4Kt} z(EYkWH`w0({X6R}$i~A!j2Mk0)Vlg48q$s_-PVQMEE(`@jEqj=zX~~t>ER$IvMoO5 zB%@E^FTWn8X|;(3EtKVTBMaN`0rdt7`MjTKJO*TDH15`hYD%QZ5pC?Zbxd!;^@xQd zAi3nKg^v_)CNtOOZ}D-VL^^|F!>Be&Ju< z4LAqO=NVNxGTZ>iG~;jsA3pndeeCx>`{fO?-}6rgXI!3VRM15FEx))K?m7#%#T3hHwcR0OJ19^F8nb2T$Qpf`)Ed4f|@e;=}B7--Gun#D21RLy(+FHuMlB~(bp z^CW_pU22(N2k&3JFO2teCP%9EMD6D6B(OrjK|*G^gG0x-+&Pxu)iIs16|K$@WU3QY z#NFrui6R<-BtYW0JktYAaZuWyk4iCIZ&2^2XSStJ7VgzdV+ir-_Wq8g;|WA`z!C~> zTyhlKhF1}s2pU^3_E2yGF%t;;*WW9!Nfa68QQ(aAkI*J&B%_cE8cl<~n8Wx5XnsYr zj755wbsNQmLHJA<@W&*9KD8AhrRh)51We5i$BHPhk{5RdA9FGZ7)Rs`4N4O*vp`H? zhoyBWpa+z=jUFc2=f(z6tw%LoIS_R^{EbbpxUNJ zCBSuFaZX0BGln-Rs3mAbMM;{qOVFyH_q~K>-5b1uS%s)eiOZVDYM?0}Xv$WB;|M6A zuk=S-2~3?vcy_oNA>yz#K`d&OFfrcL7hzfLSJuq8$Z-{KCEPo+L@}GuDKi?e47F6F zj;hJ4*AvC5Ws3-!teKYcJ}to zFq?CB?Uah;?Y>11q=DtgnuboTeN<=JdfrRO%(e)f8sdUTOAT?MkrWFY>5g_9>WyCZ#lS!#+S}@J#dFdX-T$ ziEv}VuR)A>9!E%XOJY^|uka%ksAx#8bPYH)W&?d167{!4+k7T~KtE%20Ar5nHI#Oe zFr{m;f9qW^av17XG@(x+PckY} zo(OhjIB`KJ*$Pbx7BnASC97ab3s4_z;wLtM3C}SP$&`hOT@>kTGNXza)= ztnR^{%V4B)F*ISMzB~dZRkO)i0s;8ItP<$IWi;MWd!lV@LNK1ts6xz$NV2wmm}#ea z@patvG(W4~|4NsgrOD~jw<{B-jS2YBP~Uvkbw7AbO^nPf#!Hr1Go7YlW);DVT5t53 zs4cy<1s8UWu@?(x+$uHt=7noj8O>HIOB`yEx(PTMNPXz4z7#4Zer&0=uunrirlN>~ zsohXZirndL$GIDt@@lmTy_K2zB-Ek@On4-e>?D*WV-wryy8s_Ef*<_8QiJ~nDLx_{xly=oM1A_{}w0gq#Tt;lHI#60iAhYx5- p;NbzT9fJj@C92lfELS(r=Gi=(=WBodUjP6A|Nnrd?L+|70|0*U&bt5r diff --git a/charts/stackstate/stackstate-k8s-agent/1.0.49/.helmignore b/charts/stackstate/stackstate-k8s-agent/1.0.49/.helmignore deleted file mode 100644 index 15a5c1277..000000000 --- a/charts/stackstate/stackstate-k8s-agent/1.0.49/.helmignore +++ /dev/null @@ -1,26 +0,0 @@ -# Patterns to ignore when building packages. -# This supports shell glob matching, relative path matching, and -# negation (prefixed with !). Only one pattern per line. -.DS_Store -# Common VCS dirs -.git/ -.gitignore -.bzr/ -.bzrignore -.hg/ -.hgignore -.svn/ -# Common backup files -*.swp -*.bak -*.tmp -*~ -# Various IDEs -.project -.idea/ -*.tmproj -.vscode/ -linter_values.yaml -ci/ -installation/ -logo.svg diff --git a/charts/stackstate/stackstate-k8s-agent/1.0.49/Chart.lock b/charts/stackstate/stackstate-k8s-agent/1.0.49/Chart.lock deleted file mode 100644 index eb882a083..000000000 --- a/charts/stackstate/stackstate-k8s-agent/1.0.49/Chart.lock +++ /dev/null @@ -1,6 +0,0 @@ -dependencies: -- name: http-header-injector - repository: https://helm.stackstate.io - version: 0.0.6 -digest: sha256:eec4d022d97ef52e88860b54682692fd369c864ca49ccde01b30605cce20c96f -generated: "2023-08-25T14:49:57.569449+02:00" diff --git a/charts/stackstate/stackstate-k8s-agent/1.0.49/Chart.yaml b/charts/stackstate/stackstate-k8s-agent/1.0.49/Chart.yaml deleted file mode 100644 index d9a94b9ce..000000000 --- a/charts/stackstate/stackstate-k8s-agent/1.0.49/Chart.yaml +++ /dev/null @@ -1,25 +0,0 @@ -annotations: - catalog.cattle.io/certified: partner - catalog.cattle.io/display-name: StackState Agent - catalog.cattle.io/kube-version: '>=1.19.0-0' - catalog.cattle.io/release-name: stackstate-k8s-agent -apiVersion: v2 -appVersion: 2.19.1 -dependencies: -- alias: httpHeaderInjectorWebhook - name: http-header-injector - repository: file://./charts/http-header-injector - version: 0.0.6 -deprecated: true -description: Helm chart for the StackState Agent. -home: https://github.com/StackVista/stackstate-agent -icon: https://raw.githubusercontent.com/StackVista/helm-charts/master/stable/stackstate-k8s-agent/logo.svg -keywords: -- monitoring -- observability -- stackstate -maintainers: -- email: ops@stackstate.com - name: Stackstate -name: stackstate-k8s-agent -version: 1.0.49 diff --git a/charts/stackstate/stackstate-k8s-agent/1.0.49/README.md b/charts/stackstate/stackstate-k8s-agent/1.0.49/README.md deleted file mode 100644 index 714263c4e..000000000 --- a/charts/stackstate/stackstate-k8s-agent/1.0.49/README.md +++ /dev/null @@ -1,235 +0,0 @@ -# stackstate-k8s-agent - -Helm chart for the StackState Agent. - -Current chart version is `1.0.49` - -**Homepage:** - -## Requirements - -| Repository | Name | Version | -|------------|------|---------| -| https://helm.stackstate.io | httpHeaderInjectorWebhook(http-header-injector) | 0.0.6 | - -## Required Values - -In order to successfully install this chart, you **must** provide the following variables: - -* `stackstate.apiKey` -* `stackstate.cluster.name` -* `stackstate.url` - -The parameter `stackstate.cluster.name` is entered when installing the Cluster Agent StackPack. - -Install them on the command line on Helm with the following command: - -```shell -helm install \ ---set-string 'stackstate.apiKey'='' \ ---set-string 'stackstate.cluster.name'='' \ ---set-string 'stackstate.url'='' \ -stackstate/stackstate-k8s-agent -``` - -## Recommended Values - -It is also recommended that you set a value for `stackstate.cluster.authToken`. If it is not provided, a value will be generated for you, but the value will change each time an upgrade is performed. - -The command for **also** installing with a set token would be: - -```shell -helm install \ ---set-string 'stackstate.apiKey'='' \ ---set-string 'stackstate.cluster.name'='' \ ---set-string 'stackstate.cluster.authToken'='' \ ---set-string 'stackstate.url'='' \ -stackstate/stackstate-k8s-agent -``` - -## Values - -| Key | Type | Default | Description | -|-----|------|---------|-------------| -| all.hardening.enabled | bool | `false` | An indication of whether the containers will be evaluated for hardening at runtime | -| all.image.registry | string | `"quay.io"` | The image registry to use. | -| checksAgent.affinity | object | `{}` | Affinity settings for pod assignment. | -| checksAgent.apm.enabled | bool | `true` | Enable / disable the agent APM module. | -| checksAgent.checksTagCardinality | string | `"orchestrator"` | | -| checksAgent.config | object | `{"override":[]}` | | -| checksAgent.config.override | list | `[]` | A list of objects containing three keys `name`, `path` and `data`, specifying filenames at specific paths which need to be (potentially) overridden using a mounted configmap | -| checksAgent.enabled | bool | `true` | Enable / disable runnning cluster checks in a separately deployed pod | -| checksAgent.image.pullPolicy | string | `"IfNotPresent"` | Default container image pull policy. | -| checksAgent.image.repository | string | `"stackstate/stackstate-k8s-agent"` | Base container image repository. | -| checksAgent.image.tag | string | `"e36d1c88"` | Default container image tag. | -| checksAgent.livenessProbe.enabled | bool | `true` | Enable use of livenessProbe check. | -| checksAgent.livenessProbe.failureThreshold | int | `3` | `failureThreshold` for the liveness probe. | -| checksAgent.livenessProbe.initialDelaySeconds | int | `15` | `initialDelaySeconds` for the liveness probe. | -| checksAgent.livenessProbe.periodSeconds | int | `15` | `periodSeconds` for the liveness probe. | -| checksAgent.livenessProbe.successThreshold | int | `1` | `successThreshold` for the liveness probe. | -| checksAgent.livenessProbe.timeoutSeconds | int | `5` | `timeoutSeconds` for the liveness probe. | -| checksAgent.logLevel | string | `"INFO"` | Logging level for clusterchecks agent processes. | -| checksAgent.networkTracing.enabled | bool | `true` | Enable / disable the agent network tracing module. | -| checksAgent.nodeSelector | object | `{}` | Node labels for pod assignment. | -| checksAgent.priorityClassName | string | `""` | Priority class for clusterchecks agent pods. | -| checksAgent.processAgent.enabled | bool | `true` | Enable / disable the agent process agent module. | -| checksAgent.readinessProbe.enabled | bool | `true` | Enable use of readinessProbe check. | -| checksAgent.readinessProbe.failureThreshold | int | `3` | `failureThreshold` for the readiness probe. | -| checksAgent.readinessProbe.initialDelaySeconds | int | `15` | `initialDelaySeconds` for the readiness probe. | -| checksAgent.readinessProbe.periodSeconds | int | `15` | `periodSeconds` for the readiness probe. | -| checksAgent.readinessProbe.successThreshold | int | `1` | `successThreshold` for the readiness probe. | -| checksAgent.readinessProbe.timeoutSeconds | int | `5` | `timeoutSeconds` for the readiness probe. | -| checksAgent.replicas | int | `1` | Number of clusterchecks agent pods to schedule | -| checksAgent.resources.limits.cpu | string | `"400m"` | Memory resource limits. | -| checksAgent.resources.limits.memory | string | `"600Mi"` | | -| checksAgent.resources.requests.cpu | string | `"20m"` | Memory resource requests. | -| checksAgent.resources.requests.memory | string | `"512Mi"` | | -| checksAgent.scc.enabled | bool | `false` | Enable / disable the installation of the SecurityContextConfiguration needed for installation on OpenShift | -| checksAgent.serviceaccount.annotations | object | `{}` | Annotations for the service account for the cluster checks pods | -| checksAgent.skipSslValidation | bool | `false` | Set to true if self signed certificates are used. | -| checksAgent.strategy | object | `{"type":"RollingUpdate"}` | The strategy for the Deployment object. | -| checksAgent.tolerations | list | `[]` | Toleration labels for pod assignment. | -| clusterAgent.affinity | object | `{}` | Affinity settings for pod assignment. | -| clusterAgent.collection.kubeStateMetrics.annotationsAsTags | object | `{}` | Extra annotations to collect from resources and to turn into StackState tag. | -| clusterAgent.collection.kubeStateMetrics.clusterCheck | bool | `false` | For large clusters where the Kubernetes State Metrics Check Core needs to be distributed on dedicated workers. | -| clusterAgent.collection.kubeStateMetrics.enabled | bool | `true` | Enable / disable the cluster agent kube-state-metrics collection. | -| clusterAgent.collection.kubeStateMetrics.labelsAsTags | object | `{}` | Extra labels to collect from resources and to turn into StackState tag. # It has the following structure: # labelsAsTags: # : # can be pod, deployment, node, etc. # : # where is the kubernetes label and is the StackState tag # : # : # : # # Warning: the label must match the transformation done by kube-state-metrics, # for example tags.stackstate/version becomes tags_stackstate_version. | -| clusterAgent.collection.kubernetesEvents | bool | `true` | Enable / disable the cluster agent events collection. | -| clusterAgent.collection.kubernetesMetrics | bool | `true` | Enable / disable the cluster agent metrics collection. | -| clusterAgent.collection.kubernetesResources.configmaps | bool | `true` | Enable / disable collection of ConfigMaps. | -| clusterAgent.collection.kubernetesResources.cronjobs | bool | `true` | Enable / disable collection of CronJobs. | -| clusterAgent.collection.kubernetesResources.daemonsets | bool | `true` | Enable / disable collection of DaemonSets. | -| clusterAgent.collection.kubernetesResources.deployments | bool | `true` | Enable / disable collection of Deployments. | -| clusterAgent.collection.kubernetesResources.endpoints | bool | `true` | Enable / disable collection of Endpoints. If endpoints are disabled then StackState won't be able to connect a Service to Pods that serving it | -| clusterAgent.collection.kubernetesResources.ingresses | bool | `true` | Enable / disable collection of Ingresses. | -| clusterAgent.collection.kubernetesResources.jobs | bool | `true` | Enable / disable collection of Jobs. | -| clusterAgent.collection.kubernetesResources.namespaces | bool | `true` | Enable / disable collection of Namespaces. | -| clusterAgent.collection.kubernetesResources.persistentvolumeclaims | bool | `true` | Enable / disable collection of PersistentVolumeClaims. Disabling these will not let StackState connect PersistentVolumes to pods they are attached to | -| clusterAgent.collection.kubernetesResources.persistentvolumes | bool | `true` | Enable / disable collection of PersistentVolumes. | -| clusterAgent.collection.kubernetesResources.replicasets | bool | `true` | Enable / disable collection of ReplicaSets. | -| clusterAgent.collection.kubernetesResources.resourcequotas | bool | `true` | Enable / disable collection of ResourceQuotas. | -| clusterAgent.collection.kubernetesResources.secrets | bool | `true` | Enable / disable collection of Secrets. | -| clusterAgent.collection.kubernetesResources.statefulsets | bool | `true` | Enable / disable collection of StatefulSets. | -| clusterAgent.collection.kubernetesResources.volumeattachments | bool | `true` | Enable / disable collection of Volume Attachments. Used to bind Nodes to Persistent Volumes. | -| clusterAgent.collection.kubernetesTimeout | int | `10` | Default timeout (in seconds) when obtaining information from the Kubernetes API. | -| clusterAgent.collection.kubernetesTopology | bool | `true` | Enable / disable the cluster agent topology collection. | -| clusterAgent.config | object | `{"configMap":{"maxDataSize":null},"events":{"categories":{}},"override":[],"topology":{"collectionInterval":90}}` | | -| clusterAgent.config.configMap.maxDataSize | string | `nil` | Maximum amount of characters for the data property of a ConfigMap collected by the kubernetes topology check | -| clusterAgent.config.events.categories | object | `{}` | Custom mapping from Kubernetes event reason to StackState event category. Categories allowed: Alerts, Activities, Changes, Others | -| clusterAgent.config.override | list | `[]` | A list of objects containing three keys `name`, `path` and `data`, specifying filenames at specific paths which need to be (potentially) overridden using a mounted configmap | -| clusterAgent.config.topology.collectionInterval | int | `90` | Interval for running topology collection, in seconds | -| clusterAgent.enabled | bool | `true` | Enable / disable the cluster agent. | -| clusterAgent.image.pullPolicy | string | `"IfNotPresent"` | Default container image pull policy. | -| clusterAgent.image.repository | string | `"stackstate/stackstate-k8s-cluster-agent"` | Base container image repository. | -| clusterAgent.image.tag | string | `"e36d1c88"` | Default container image tag. | -| clusterAgent.livenessProbe.enabled | bool | `true` | Enable use of livenessProbe check. | -| clusterAgent.livenessProbe.failureThreshold | int | `3` | `failureThreshold` for the liveness probe. | -| clusterAgent.livenessProbe.initialDelaySeconds | int | `15` | `initialDelaySeconds` for the liveness probe. | -| clusterAgent.livenessProbe.periodSeconds | int | `15` | `periodSeconds` for the liveness probe. | -| clusterAgent.livenessProbe.successThreshold | int | `1` | `successThreshold` for the liveness probe. | -| clusterAgent.livenessProbe.timeoutSeconds | int | `5` | `timeoutSeconds` for the liveness probe. | -| clusterAgent.logLevel | string | `"INFO"` | Logging level for stackstate-k8s-agent processes. | -| clusterAgent.nodeSelector | object | `{}` | Node labels for pod assignment. | -| clusterAgent.priorityClassName | string | `""` | Priority class for stackstate-k8s-agent pods. | -| clusterAgent.readinessProbe.enabled | bool | `true` | Enable use of readinessProbe check. | -| clusterAgent.readinessProbe.failureThreshold | int | `3` | `failureThreshold` for the readiness probe. | -| clusterAgent.readinessProbe.initialDelaySeconds | int | `15` | `initialDelaySeconds` for the readiness probe. | -| clusterAgent.readinessProbe.periodSeconds | int | `15` | `periodSeconds` for the readiness probe. | -| clusterAgent.readinessProbe.successThreshold | int | `1` | `successThreshold` for the readiness probe. | -| clusterAgent.readinessProbe.timeoutSeconds | int | `5` | `timeoutSeconds` for the readiness probe. | -| clusterAgent.replicaCount | int | `1` | Number of replicas of the cluster agent to deploy. | -| clusterAgent.resources.limits.cpu | string | `"400m"` | CPU resource limits. | -| clusterAgent.resources.limits.memory | string | `"800Mi"` | Memory resource limits. | -| clusterAgent.resources.requests.cpu | string | `"70m"` | CPU resource requests. | -| clusterAgent.resources.requests.memory | string | `"512Mi"` | Memory resource requests. | -| clusterAgent.service.port | int | `5005` | Change the Cluster Agent service port | -| clusterAgent.service.targetPort | int | `5005` | Change the Cluster Agent service targetPort | -| clusterAgent.serviceaccount.annotations | object | `{}` | Annotations for the service account for the cluster agent pods | -| clusterAgent.strategy | object | `{"type":"RollingUpdate"}` | The strategy for the Deployment object. | -| clusterAgent.tolerations | list | `[]` | Toleration labels for pod assignment. | -| fullnameOverride | string | `""` | Override the fullname of the chart. | -| global.extraEnv.open | object | `{}` | Extra open environment variables to inject into pods. | -| global.extraEnv.secret | object | `{}` | Extra secret environment variables to inject into pods via a `Secret` object. | -| global.imagePullCredentials | object | `{}` | Globally define credentials for pulling images. | -| global.imagePullSecrets | list | `[]` | Secrets / credentials needed for container image registry. | -| httpHeaderInjectorWebhook.enabled | bool | `false` | Enable the webhook for injection http header injection sidecar proxy | -| logsAgent.affinity | object | `{}` | Affinity settings for pod assignment. | -| logsAgent.enabled | bool | `true` | Enable / disable k8s pod log collection | -| logsAgent.image.pullPolicy | string | `"IfNotPresent"` | Default container image pull policy. | -| logsAgent.image.repository | string | `"stackstate/promtail"` | Base container image repository. | -| logsAgent.image.tag | string | `"2.7.1"` | Default container image tag. | -| logsAgent.nodeSelector | object | `{}` | Node labels for pod assignment. | -| logsAgent.priorityClassName | string | `""` | Priority class for logsAgent pods. | -| logsAgent.resources.limits.cpu | string | `"1300m"` | Memory resource limits. | -| logsAgent.resources.limits.memory | string | `"192Mi"` | | -| logsAgent.resources.requests.cpu | string | `"20m"` | Memory resource requests. | -| logsAgent.resources.requests.memory | string | `"100Mi"` | | -| logsAgent.serviceaccount.annotations | object | `{}` | Annotations for the service account for the daemonset pods | -| logsAgent.tolerations | list | `[]` | Toleration labels for pod assignment. | -| logsAgent.updateStrategy | object | `{"rollingUpdate":{"maxUnavailable":100},"type":"RollingUpdate"}` | The update strategy for the DaemonSet object. | -| nameOverride | string | `""` | Override the name of the chart. | -| nodeAgent.affinity | object | `{}` | Affinity settings for pod assignment. | -| nodeAgent.apm.enabled | bool | `true` | Enable / disable the nodeAgent APM module. | -| nodeAgent.checksTagCardinality | string | `"orchestrator"` | low, orchestrator or high. Orchestrator level adds pod_name, high adds display_container_name | -| nodeAgent.config | object | `{"override":[]}` | | -| nodeAgent.config.override | list | `[]` | A list of objects containing three keys `name`, `path` and `data`, specifying filenames at specific paths which need to be (potentially) overridden using a mounted configmap | -| nodeAgent.containerRuntime.customSocketPath | string | `""` | If the container socket path does not match the default for CRI-O, Containerd or Docker, supply a custom socket path. | -| nodeAgent.containerRuntime.hostProc | string | `"/proc"` | | -| nodeAgent.containers.agent.env | object | `{}` | Additional environment variables for the agent container | -| nodeAgent.containers.agent.image.pullPolicy | string | `"IfNotPresent"` | Default container image pull policy. | -| nodeAgent.containers.agent.image.repository | string | `"stackstate/stackstate-k8s-agent"` | Base container image repository. | -| nodeAgent.containers.agent.image.tag | string | `"e36d1c88"` | Default container image tag. | -| nodeAgent.containers.agent.livenessProbe.enabled | bool | `true` | Enable use of livenessProbe check. | -| nodeAgent.containers.agent.livenessProbe.failureThreshold | int | `3` | `failureThreshold` for the liveness probe. | -| nodeAgent.containers.agent.livenessProbe.initialDelaySeconds | int | `15` | `initialDelaySeconds` for the liveness probe. | -| nodeAgent.containers.agent.livenessProbe.periodSeconds | int | `15` | `periodSeconds` for the liveness probe. | -| nodeAgent.containers.agent.livenessProbe.successThreshold | int | `1` | `successThreshold` for the liveness probe. | -| nodeAgent.containers.agent.livenessProbe.timeoutSeconds | int | `5` | `timeoutSeconds` for the liveness probe. | -| nodeAgent.containers.agent.logLevel | string | `nil` | Set logging verbosity, valid log levels are: trace, debug, info, warn, error, critical, and off # If not set, fall back to the value of agent.logLevel. | -| nodeAgent.containers.agent.processAgent.enabled | bool | `false` | Enable / disable the agent process agent module. - deprecated | -| nodeAgent.containers.agent.readinessProbe.enabled | bool | `true` | Enable use of readinessProbe check. | -| nodeAgent.containers.agent.readinessProbe.failureThreshold | int | `3` | `failureThreshold` for the readiness probe. | -| nodeAgent.containers.agent.readinessProbe.initialDelaySeconds | int | `15` | `initialDelaySeconds` for the readiness probe. | -| nodeAgent.containers.agent.readinessProbe.periodSeconds | int | `15` | `periodSeconds` for the readiness probe. | -| nodeAgent.containers.agent.readinessProbe.successThreshold | int | `1` | `successThreshold` for the readiness probe. | -| nodeAgent.containers.agent.readinessProbe.timeoutSeconds | int | `5` | `timeoutSeconds` for the readiness probe. | -| nodeAgent.containers.agent.resources.limits.cpu | string | `"270m"` | Memory resource limits. | -| nodeAgent.containers.agent.resources.limits.memory | string | `"420Mi"` | | -| nodeAgent.containers.agent.resources.requests.cpu | string | `"20m"` | Memory resource requests. | -| nodeAgent.containers.agent.resources.requests.memory | string | `"180Mi"` | | -| nodeAgent.containers.processAgent.enabled | bool | `true` | Enable / disable the process agent container. | -| nodeAgent.containers.processAgent.env | object | `{}` | Additional environment variables for the process-agent container | -| nodeAgent.containers.processAgent.image.pullPolicy | string | `"IfNotPresent"` | Process-agent container image pull policy. | -| nodeAgent.containers.processAgent.image.registry | string | `nil` | | -| nodeAgent.containers.processAgent.image.repository | string | `"stackstate/stackstate-k8s-process-agent"` | Process-agent container image repository. | -| nodeAgent.containers.processAgent.image.tag | string | `"c9dbfd73"` | Default process-agent container image tag. | -| nodeAgent.containers.processAgent.logLevel | string | `nil` | Set logging verbosity, valid log levels are: trace, debug, info, warn, error, critical, and off # If not set, fall back to the value of agent.logLevel. | -| nodeAgent.containers.processAgent.resources.limits.cpu | string | `"125m"` | Memory resource limits. | -| nodeAgent.containers.processAgent.resources.limits.memory | string | `"400Mi"` | | -| nodeAgent.containers.processAgent.resources.requests.cpu | string | `"25m"` | Memory resource requests. | -| nodeAgent.containers.processAgent.resources.requests.memory | string | `"128Mi"` | | -| nodeAgent.httpTracing.enabled | bool | `true` | | -| nodeAgent.logLevel | string | `"INFO"` | Logging level for agent processes. | -| nodeAgent.networkTracing.enabled | bool | `true` | Enable / disable the nodeAgent network tracing module. | -| nodeAgent.nodeSelector | object | `{}` | Node labels for pod assignment. | -| nodeAgent.priorityClassName | string | `""` | Priority class for nodeAgent pods. | -| nodeAgent.protocolInspection.enabled | bool | `true` | Enable / disable the nodeAgent protocol inspection. | -| nodeAgent.scc.enabled | bool | `false` | Enable / disable the installation of the SecurityContextConfiguration needed for installation on OpenShift. | -| nodeAgent.service | object | `{"annotations":{},"loadBalancerSourceRanges":["10.0.0.0/8"],"type":"ClusterIP"}` | The Kubernetes service for the agent | -| nodeAgent.service.annotations | object | `{}` | Annotations for the service | -| nodeAgent.service.loadBalancerSourceRanges | list | `["10.0.0.0/8"]` | The IP4 CIDR allowed to reach LoadBalancer for the service. For LoadBalancer type of service only. | -| nodeAgent.service.type | string | `"ClusterIP"` | Type of Kubernetes service: ClusterIP, LoadBalancer, NodePort | -| nodeAgent.serviceaccount.annotations | object | `{}` | Annotations for the service account for the agent daemonset pods | -| nodeAgent.skipKubeletTLSVerify | bool | `false` | Set to true if you want to skip kubelet tls verification. | -| nodeAgent.skipSslValidation | bool | `false` | Set to true if self signed certificates are used. | -| nodeAgent.tolerations | list | `[]` | Toleration labels for pod assignment. | -| nodeAgent.updateStrategy | object | `{"rollingUpdate":{"maxUnavailable":100},"type":"RollingUpdate"}` | The update strategy for the DaemonSet object. | -| openShiftLogging.installSecret | bool | `false` | Install a secret for logging on openshift | -| processAgent.checkIntervals.connections | int | `30` | Override the default value of the connections check interval in seconds. | -| processAgent.checkIntervals.container | int | `30` | Override the default value of the container check interval in seconds. | -| processAgent.checkIntervals.process | int | `30` | Override the default value of the process check interval in seconds. | -| stackstate.apiKey | string | `nil` | **PROVIDE YOUR API KEY HERE** API key to be used by the StackState agent. | -| stackstate.cluster.authToken | string | `""` | Provide a token to enable secure communication between the agent and the cluster agent. | -| stackstate.cluster.name | string | `nil` | **PROVIDE KUBERNETES CLUSTER NAME HERE** Name of the Kubernetes cluster where the agent will be installed. | -| stackstate.url | string | `nil` | **PROVIDE STACKSTATE URL HERE** URL of the StackState installation to receive data from the agent. | -| targetSystem | string | `"linux"` | Target OS for this deployment (possible values: linux) | diff --git a/charts/stackstate/stackstate-k8s-agent/1.0.49/README.md.gotmpl b/charts/stackstate/stackstate-k8s-agent/1.0.49/README.md.gotmpl deleted file mode 100644 index 7909e6f0d..000000000 --- a/charts/stackstate/stackstate-k8s-agent/1.0.49/README.md.gotmpl +++ /dev/null @@ -1,45 +0,0 @@ -{{ template "chart.header" . }} -{{ template "chart.description" . }} - -Current chart version is `{{ template "chart.version" . }}` - -{{ template "chart.homepageLine" . }} - -{{ template "chart.requirementsSection" . }} - -## Required Values - -In order to successfully install this chart, you **must** provide the following variables: - -* `stackstate.apiKey` -* `stackstate.cluster.name` -* `stackstate.url` - -The parameter `stackstate.cluster.name` is entered when installing the Cluster Agent StackPack. - -Install them on the command line on Helm with the following command: - -```shell -helm install \ ---set-string 'stackstate.apiKey'='' \ ---set-string 'stackstate.cluster.name'='' \ ---set-string 'stackstate.url'='' \ -stackstate/stackstate-k8s-agent -``` - -## Recommended Values - -It is also recommended that you set a value for `stackstate.cluster.authToken`. If it is not provided, a value will be generated for you, but the value will change each time an upgrade is performed. - -The command for **also** installing with a set token would be: - -```shell -helm install \ ---set-string 'stackstate.apiKey'='' \ ---set-string 'stackstate.cluster.name'='' \ ---set-string 'stackstate.cluster.authToken'='' \ ---set-string 'stackstate.url'='' \ -stackstate/stackstate-k8s-agent -``` - -{{ template "chart.valuesSection" . }} diff --git a/charts/stackstate/stackstate-k8s-agent/1.0.49/Releasing.md b/charts/stackstate/stackstate-k8s-agent/1.0.49/Releasing.md deleted file mode 100644 index bab6c2b94..000000000 --- a/charts/stackstate/stackstate-k8s-agent/1.0.49/Releasing.md +++ /dev/null @@ -1,15 +0,0 @@ -To make a new release of this helm chart, follow the following steps: - - -- Create a branch from master -- Set the latest tags for the docker images, based on the dev settings (while we do not promote to prod, the moment we promote to prod we should take those tags) from https://gitlab.com/stackvista/devops/agent-promoter/-/blob/master/config.yml. Set the value to the folowing keys: - * stackstate-k8s-cluster-agent: - * [clusterAgent.image.tag] - * stackstate-k8s-agent: - * [nodeAgent.containers.agent.image.tag] - * [checksAgent.image.tag] - * stackstate-k8s-process-agent: - * [nodeAgent.containers.processAgent.image.tag] -- Bump the version of the chart -- Merge the mr and hit the public release button on the ci pipeline -- Manually smoke-test (deploy) the newly released stackstate/stackstate-k8s-agent chart to make sure it runs diff --git a/charts/stackstate/stackstate-k8s-agent/1.0.49/app-readme.md b/charts/stackstate/stackstate-k8s-agent/1.0.49/app-readme.md deleted file mode 100644 index 8025fe1d3..000000000 --- a/charts/stackstate/stackstate-k8s-agent/1.0.49/app-readme.md +++ /dev/null @@ -1,5 +0,0 @@ -## Introduction - -StackState is a modern Application Troubleshooting and Observability solution designed for the rapid evolving engineering landscape. With specific enhancements for Kubernetes environments it empowers engineers, allowing them to remediate application issues independently in production. - -The StackState Agent auto-discovers your entire environment in minutes, assimilating topology, logs, metrics, and events and sends this of to the StackState server. By using StackState you're able to tracke all activity in your environment in real-time and over time. StackState provides instant understanding of the business impact of an issue, offering end-to-end chain observability and ensuring that you can quickly correlate any product or environmental changes to the overall health of your cloud-native implementation. diff --git a/charts/stackstate/stackstate-k8s-agent/1.0.49/charts/http-header-injector/.helmignore b/charts/stackstate/stackstate-k8s-agent/1.0.49/charts/http-header-injector/.helmignore deleted file mode 100644 index 69790771c..000000000 --- a/charts/stackstate/stackstate-k8s-agent/1.0.49/charts/http-header-injector/.helmignore +++ /dev/null @@ -1,25 +0,0 @@ -# Patterns to ignore when building packages. -# This supports shell glob matching, relative path matching, and -# negation (prefixed with !). Only one pattern per line. -.DS_Store -# Common VCS dirs -.git/ -.gitignore -.bzr/ -.bzrignore -.hg/ -.hgignore -.svn/ -# Common backup files -*.swp -*.bak -*.tmp -*~ -# Various IDEs -.project -.idea/ -*.tmproj -.vscode/ -linter_values.yaml -ci/ -installation/ diff --git a/charts/stackstate/stackstate-k8s-agent/1.0.49/charts/http-header-injector/Chart.yaml b/charts/stackstate/stackstate-k8s-agent/1.0.49/charts/http-header-injector/Chart.yaml deleted file mode 100644 index c1f1de800..000000000 --- a/charts/stackstate/stackstate-k8s-agent/1.0.49/charts/http-header-injector/Chart.yaml +++ /dev/null @@ -1,15 +0,0 @@ -apiVersion: v2 -appVersion: 0.0.1 -description: 'Helm chart for deploying the http-header-injector sidecar, which automatically - injects x-request-id into http traffic going through the cluster for pods which - have the annotation `http-header-injector.stackstate.io/inject: enabled` is set. ' -home: https://github.com/StackVista/http-header-injector -icon: https://www.stackstate.com/wp-content/uploads/2019/02/152x152-favicon.png -keywords: -- monitoring -- stackstate -maintainers: -- email: ops@stackstate.com - name: Stackstate Lupulus Team -name: http-header-injector -version: 0.0.6 diff --git a/charts/stackstate/stackstate-k8s-agent/1.0.49/charts/http-header-injector/README.md b/charts/stackstate/stackstate-k8s-agent/1.0.49/charts/http-header-injector/README.md deleted file mode 100644 index 3f83e01b8..000000000 --- a/charts/stackstate/stackstate-k8s-agent/1.0.49/charts/http-header-injector/README.md +++ /dev/null @@ -1,54 +0,0 @@ -# http-header-injector - -![Version: 0.0.6](https://img.shields.io/badge/Version-0.0.6-informational?style=flat-square) ![AppVersion: 0.0.1](https://img.shields.io/badge/AppVersion-0.0.1-informational?style=flat-square) - -Helm chart for deploying the http-header-injector sidecar, which automatically injects x-request-id into http traffic -going through the cluster for pods which have the annotation `http-header-injector.stackstate.io/inject: enabled` is set. - -**Homepage:** - -## Maintainers - -| Name | Email | Url | -| ---- | ------ | --- | -| Stackstate Lupulus Team | | | - -## Values - -| Key | Type | Default | Description | -|-----|------|---------|-------------| -| certificatePrehook | object | `{"image":{"pullPolicy":"IfNotPresent","registry":null,"repository":"stackstate/container-tools","tag":"1.1.8"}}` | Helm prehook to setup/remove a certificate for the sidecarInjector mutationwebhook | -| certificatePrehook.image.pullPolicy | string | `"IfNotPresent"` | Policy when pulling an image | -| certificatePrehook.image.registry | string | `nil` | Registry for the docker image. | -| certificatePrehook.image.tag | string | `"1.1.8"` | The tag for the docker image | -| debug | bool | `false` | Enable debugging. This will leave leave artifacts around like the prehook jobs for further inspection | -| enabled | bool | `true` | Enable/disable the mutationwebhook | -| global.imagePullCredentials | object | `{}` | Globally define credentials for pulling images. | -| global.imagePullSecrets | list | `[]` | Globally add image pull secrets that are used. | -| global.imageRegistry | string | `nil` | Globally override the image registry that is used. Can be overridden by specific containers. Defaults to quay.io | -| images.pullSecretName | string | `nil` | | -| proxy | object | `{"image":{"pullPolicy":"IfNotPresent","registry":null,"repository":"stackstate/http-header-injector-proxy","tag":"sha-5ff79451"},"resources":{"limits":{"memory":"40Mi"},"requests":{"memory":"25Mi"}}}` | Proxy being injected into pods for rewriting http headers | -| proxy.image.pullPolicy | string | `"IfNotPresent"` | Policy when pulling an image | -| proxy.image.registry | string | `nil` | Registry for the docker image. | -| proxy.image.tag | string | `"sha-5ff79451"` | The tag for the docker image | -| proxy.resources.limits.memory | string | `"40Mi"` | Memory resource limits. | -| proxy.resources.requests.memory | string | `"25Mi"` | Memory resource requests. | -| proxyInit | object | `{"image":{"pullPolicy":"IfNotPresent","registry":null,"repository":"stackstate/http-header-injector-proxy-init","tag":"sha-5ff79451"}}` | InitContainer within pod which redirects traffic to the proxy container. | -| proxyInit.image.pullPolicy | string | `"IfNotPresent"` | Policy when pulling an image | -| proxyInit.image.registry | string | `nil` | Registry for the docker image | -| proxyInit.image.tag | string | `"sha-5ff79451"` | The tag for the docker image | -| sidecarInjector | object | `{"image":{"pullPolicy":"IfNotPresent","registry":null,"repository":"stackstate/generic-sidecar-injector","tag":"sha-9c852245"}}` | Service for injecting the proxy sidecar into pods | -| sidecarInjector.image.pullPolicy | string | `"IfNotPresent"` | Policy when pulling an image | -| sidecarInjector.image.registry | string | `nil` | Registry for the docker image. | -| sidecarInjector.image.tag | string | `"sha-9c852245"` | The tag for the docker image | -| webhook | object | `{"failurePolicy":"Ignore","tls":{"certManager":{"issuer":"","issuerKind":"ClusterIssuer","issuerNamespace":""},"mode":"generated","provided":{"caBundle":"","crt":"","key":""},"secret":{"name":""}}}` | MutationWebhook that will be installed to inject a sidecar into pods | -| webhook.failurePolicy | string | `"Ignore"` | How should the webhook fail? Best is to use Ignore, because there is a brief moment at initialization when the hook s there but the service not. Also, putting this to fail can cause the control plane be unresponsive. | -| webhook.tls.certManager.issuer | string | `""` | The issuer that is used for the webhook. Only used if you set webhook.tls.mode to "cert-manager". | -| webhook.tls.certManager.issuerKind | string | `"ClusterIssuer"` | The issuer kind that is used for the webhook, valid values are "Issuer" or "ClusterIssuer". Only used if you set webhook.tls.mode to "cert-manager". | -| webhook.tls.certManager.issuerNamespace | string | `""` | The namespace the cert-manager issuer is located in. If left empty defaults to the release's namespace that is used for the webhook. Only used if you set webhook.tls.mode to "cert-manager". | -| webhook.tls.mode | string | `"generated"` | The mode for the webhook. Can be "provided", "generated", "secret" or "cert-manager". If you want to use cert-manager, you need to install it first. NOTE: If you choose "generated", additional privileges are required to create the certificate and webhook at runtime. | -| webhook.tls.provided.caBundle | string | `""` | The caBundle that is used for the webhook. This is the certificate that is used to sign the webhook. Only used if you set webhook.tls.mode to "provided". | -| webhook.tls.provided.crt | string | `""` | The certificate that is used for the webhook. Only used if you set webhook.tls.mode to "provided". | -| webhook.tls.provided.key | string | `""` | The key that is used for the webhook. Only used if you set webhook.tls.mode to "provided". | -| webhook.tls.secret.name | string | `""` | The name of the secret containing the pre-provisioned certificate data that is used for the webhook. Only used if you set webhook.tls.mode to "secret". | - diff --git a/charts/stackstate/stackstate-k8s-agent/1.0.49/charts/http-header-injector/Readme.md.gotpl b/charts/stackstate/stackstate-k8s-agent/1.0.49/charts/http-header-injector/Readme.md.gotpl deleted file mode 100644 index 225032aa2..000000000 --- a/charts/stackstate/stackstate-k8s-agent/1.0.49/charts/http-header-injector/Readme.md.gotpl +++ /dev/null @@ -1,26 +0,0 @@ -{{ template "chart.header" . }} -{{ template "chart.description" . }} - -Current chart version is `{{ template "chart.version" . }}` - -{{ template "chart.homepageLine" . }} - -{{ template "chart.requirementsSection" . }} - -## Required Values - -No values have to be included to install this chart. After installing this chart, it becomes possible to annotate pods with -the `http-header-injector.stackstate.io/inject: enabled` annotation to make sure the sidecar provided by this chart is -activated on a pod. - -## Recommended Values - -{{ template "chart.valuesSection" . -}} - -## Install - -Install from the command line on Helm with the following command: - -```shell -helm install stackstate/http-header-injector -``` diff --git a/charts/stackstate/stackstate-k8s-agent/1.0.49/charts/http-header-injector/templates/_defines.tpl b/charts/stackstate/stackstate-k8s-agent/1.0.49/charts/http-header-injector/templates/_defines.tpl deleted file mode 100644 index f1b8b8872..000000000 --- a/charts/stackstate/stackstate-k8s-agent/1.0.49/charts/http-header-injector/templates/_defines.tpl +++ /dev/null @@ -1,82 +0,0 @@ -{{- define "http-header-injector.app.name" -}} -{{ .Release.Name }}-http-header-injector -{{- end -}} - -{{- define "http-header-injector.webhook-service.name" -}} -{{ .Release.Name }}-http-header-injector -{{- end -}} - -{{- define "http-header-injector.webhook-service.fqname" -}} -{{ .Release.Name }}-http-header-injector.{{ .Release.Namespace }}.svc -{{- end -}} - -{{- define "http-header-injector.cert-secret.name" -}} -{{- if eq .Values.webhook.tls.mode "secret" -}} -{{ .Values.webhook.tls.secret.name }} -{{- else -}} -{{ .Release.Name }}-http-injector-cert -{{- end -}} -{{- end -}} - -{{- define "http-header-injector.cert-clusterrole.name" -}} -{{ .Release.Name }}-http-injector-cert-cluster-role -{{- end -}} - -{{- define "http-header-injector.cert-serviceaccount.name" -}} -{{ .Release.Name }}-http-injector-cert-sa -{{- end -}} - -{{- define "http-header-injector.cert-config.name" -}} -{{ .Release.Name }}-cert-config -{{- end -}} - -{{- define "http-header-injector.mutatingwebhookconfiguration.name" -}} -{{ .Release.Name }}-http-header-injector-webhook.stackstate.io -{{- end -}} - -{{- define "http-header-injector.webhook-config.name" -}} -{{ .Release.Name }}-http-header-injector-config -{{- end -}} - -{{- define "http-header-injector.mutating-webhook.name" -}} -{{ .Release.Name }}-http-header-injector-webhook -{{- end -}} - -{{- define "http-header-injector.pull-secret.name" -}} -{{ include "http-header-injector.app.name" . }}-pull-secret -{{- end -}} - -{{/* If the issuer is located in a different namespace, it is possible to set that, else default to the release namespace */}} -{{- define "cert-manager.certificate.namespace" -}} -{{ .Values.webhook.tls.certManager.issuerNamespace | default .Release.Namespace }} -{{- end -}} - -{{- define "http-header-injector.image.registry.global" -}} - {{- if .Values.global }} - {{- .Values.global.imageRegistry | default "quay.io" -}} - {{- else -}} - quay.io - {{- end -}} -{{- end -}} - -{{- define "http-header-injector.image.registry" -}} - {{- if ((.ContainerConfig).image).registry -}} - {{- tpl .ContainerConfig.image.registry . -}} - {{- else -}} - {{- include "http-header-injector.image.registry.global" . }} - {{- end -}} -{{- end -}} - -{{- define "http-header-injector.image.pullSecrets" -}} - {{- $pullSecrets := list }} - {{- $pullSecrets = append $pullSecrets (include "http-header-injector.pull-secret.name" .) }} - {{- range .Values.global.imagePullSecrets -}} - {{- $pullSecrets = append $pullSecrets . -}} - {{- end -}} - {{- if (not (empty $pullSecrets)) -}} -imagePullSecrets: - {{- range $pullSecrets | uniq }} - - name: {{ . }} - {{- end }} - {{- end -}} -{{- end -}} diff --git a/charts/stackstate/stackstate-k8s-agent/1.0.49/charts/http-header-injector/templates/cert-hook-clusterrolbinding.yaml b/charts/stackstate/stackstate-k8s-agent/1.0.49/charts/http-header-injector/templates/cert-hook-clusterrolbinding.yaml deleted file mode 100644 index fb804f729..000000000 --- a/charts/stackstate/stackstate-k8s-agent/1.0.49/charts/http-header-injector/templates/cert-hook-clusterrolbinding.yaml +++ /dev/null @@ -1,22 +0,0 @@ -{{- if eq .Values.webhook.tls.mode "generated" }} -apiVersion: rbac.authorization.k8s.io/v1 -kind: ClusterRoleBinding -metadata: - name: "{{ include "http-header-injector.cert-serviceaccount.name" . }}" - labels: - app.kubernetes.io/component: http-header-injector-cert-hook - app.kubernetes.io/instance: {{ .Release.Name }} - app.kubernetes.io/name: {{ include "http-header-injector.app.name" . }} - annotations: - "helm.sh/hook": pre-install,pre-upgrade,post-delete,post-upgrade - "helm.sh/hook-weight": "-3" - "helm.sh/hook-delete-policy": before-hook-creation,hook-succeeded -roleRef: - apiGroup: rbac.authorization.k8s.io - kind: ClusterRole - name: "{{ include "http-header-injector.cert-clusterrole.name" . }}" -subjects: - - kind: ServiceAccount - name: "{{ include "http-header-injector.cert-serviceaccount.name" . }}" - namespace: {{ .Release.Namespace }} -{{- end }} diff --git a/charts/stackstate/stackstate-k8s-agent/1.0.49/charts/http-header-injector/templates/cert-hook-clusterrole.yaml b/charts/stackstate/stackstate-k8s-agent/1.0.49/charts/http-header-injector/templates/cert-hook-clusterrole.yaml deleted file mode 100644 index 595ae5c1b..000000000 --- a/charts/stackstate/stackstate-k8s-agent/1.0.49/charts/http-header-injector/templates/cert-hook-clusterrole.yaml +++ /dev/null @@ -1,24 +0,0 @@ -{{- if eq .Values.webhook.tls.mode "generated" }} -apiVersion: rbac.authorization.k8s.io/v1 -kind: ClusterRole -metadata: - name: "{{ include "http-header-injector.cert-clusterrole.name" . }}" - labels: - app.kubernetes.io/component: http-header-injector-cert-hook - app.kubernetes.io/instance: {{ .Release.Name }} - app.kubernetes.io/name: {{ include "http-header-injector.app.name" . }} - annotations: - "helm.sh/hook": pre-install,pre-upgrade,post-delete,post-upgrade - "helm.sh/hook-weight": "-4" - "helm.sh/hook-delete-policy": before-hook-creation,hook-succeeded -rules: - - apiGroups: [ "admissionregistration.k8s.io" ] - resources: [ "mutatingwebhookconfigurations" ] - verbs: [ "get", "create", "patch","update","delete" ] - - apiGroups: [ "" ] - resources: [ "secrets" ] - verbs: [ "create", "get", "patch","update","delete" ] - - apiGroups: [ "apps" ] - resources: [ "deployments" ] - verbs: [ "get" ] -{{- end }} diff --git a/charts/stackstate/stackstate-k8s-agent/1.0.49/charts/http-header-injector/templates/cert-hook-config.yaml b/charts/stackstate/stackstate-k8s-agent/1.0.49/charts/http-header-injector/templates/cert-hook-config.yaml deleted file mode 100644 index b0c5f22fd..000000000 --- a/charts/stackstate/stackstate-k8s-agent/1.0.49/charts/http-header-injector/templates/cert-hook-config.yaml +++ /dev/null @@ -1,152 +0,0 @@ -{{- if eq .Values.webhook.tls.mode "generated" }} -apiVersion: v1 -kind: ConfigMap -metadata: - name: "{{ include "http-header-injector.cert-config.name" . }}" - labels: - app.kubernetes.io/component: http-header-injector-cert-hook - app.kubernetes.io/instance: {{ .Release.Name }} - app.kubernetes.io/name: {{ include "http-header-injector.app.name" . }} - annotations: - "helm.sh/hook": pre-install,pre-upgrade,post-delete,post-upgrade - "helm.sh/hook-weight": "-3" - "helm.sh/hook-delete-policy": before-hook-creation,hook-succeeded -data: - generate-cert.sh: | - #!/bin/bash - - # We are going for a self-signed certificate here. We would like to use k8s CertificateSigningRequest, however, - # currently there are no out of the box signers that can sign a 'server auth' certificate, which is required for mutation webhooks. - set -ex - - SCRIPTDIR="${BASH_SOURCE%/*}" - - DIR=`mktemp -d` - - cd "$DIR" - - {{ if .Values.enabled }} - echo "Chart enabled, creating secret and webhook" - - openssl genrsa -out ca.key 2048 - - openssl req -x509 -new -nodes -key ca.key -subj "/CN={{ include "http-header-injector.webhook-service.fqname" . }}" -days 10000 -out ca.crt - - openssl genrsa -out tls.key 2048 - - openssl req -new -key tls.key -out tls.csr -config "$SCRIPTDIR/csr.conf" - - openssl x509 -req -in tls.csr -CA ca.crt -CAkey ca.key \ - -CAcreateserial -out tls.crt -days 10000 \ - -extensions v3_ext -extfile "$SCRIPTDIR/csr.conf" -sha256 - - # Create or update the secret - echo "Applying secret" - kubectl create secret tls "{{ include "http-header-injector.cert-secret.name" . }}" \ - -n "{{ .Release.Namespace }}" \ - --cert=./tls.crt \ - --key=./tls.key \ - --dry-run=client \ - -o yaml | kubectl apply -f - - - echo "Applying mutationwebhook" - caBundle=`base64 -w 0 ca.crt` - cat "$SCRIPTDIR/mutatingwebhookconfiguration.yaml" | sed "s/\\\$CA_BUNDLE/$caBundle/g" | kubectl apply -f - - {{ else }} - echo "Chart disabled, not creating secret and webhook" - {{ end }} - delete-cert.sh: | - #!/bin/bash - - set -x - - DIR="${BASH_SOURCE%/*}" - if [[ ! -d "$DIR" ]]; then DIR="$PWD"; fi - if [[ "$DIR" = "." ]]; then DIR="$PWD"; fi - - cd "$DIR" - - # Using detection of deployment hee to also make this work in post-delete. - if kubectl get deployments "{{ include "http-header-injector.app.name" . }}" -n "{{ .Release.Namespace }}"; then - echo "Chart enabled, not removing secret and mutationwebhook" - exit 0 - else - echo "Chart disabled, removing secret and mutationwebhook" - fi - - # Create or update the secret - echo "Deleting secret" - kubectl delete secret "{{ include "http-header-injector.cert-secret.name" . }}" -n "{{ .Release.Namespace }}" - - echo "Applying mutationwebhook" - kubectl delete MutatingWebhookConfiguration "{{ include "http-header-injector.mutating-webhook.name" . }}" -n "{{ .Release.Namespace }}" - - exit 0 - - csr.conf: | - [ req ] - default_bits = 2048 - prompt = no - default_md = sha256 - req_extensions = req_ext - distinguished_name = dn - - [ dn ] - C = NL - ST = Utrecht - L = Hilversum - O = StackState - OU = Dev - CN = {{ include "http-header-injector.webhook-service.fqname" . }} - - [ req_ext ] - subjectAltName = @alt_names - - [ alt_names ] - DNS.1 = {{ include "http-header-injector.webhook-service.fqname" . }} - - [ v3_ext ] - authorityKeyIdentifier=keyid,issuer:always - basicConstraints=CA:FALSE - keyUsage=keyEncipherment,dataEncipherment - extendedKeyUsage=serverAuth - subjectAltName=@alt_names - - mutatingwebhookconfiguration.yaml: | - apiVersion: admissionregistration.k8s.io/v1 - kind: MutatingWebhookConfiguration - metadata: - name: "{{ include "http-header-injector.mutating-webhook.name" . }}" - namespace: "{{ .Release.Namespace }}" - webhooks: - - clientConfig: - caBundle: "$CA_BUNDLE" - service: - name: "{{ include "http-header-injector.webhook-service.name" . }}" - path: /mutate - namespace: {{ .Release.Namespace }} - port: 8443 - # Putting failure on ignore, not doing so can crash the entire control plane if something goes wrong with the service. - failurePolicy: "{{ .Values.webhook.failurePolicy }}" - name: "{{ include "http-header-injector.mutatingwebhookconfiguration.name" . }}" - namespaceSelector: - matchExpressions: - - key: kubernetes.io/metadata.name - operator: NotIn - values: - - kube-system - - cert-manager - - {{ .Release.Namespace }} - rules: - - apiGroups: - - "" - apiVersions: - - v1 - operations: - - CREATE - resources: - - pods - sideEffects: None - admissionReviewVersions: - - v1 -{{- end }} diff --git a/charts/stackstate/stackstate-k8s-agent/1.0.49/charts/http-header-injector/templates/cert-hook-job-delete.yaml b/charts/stackstate/stackstate-k8s-agent/1.0.49/charts/http-header-injector/templates/cert-hook-job-delete.yaml deleted file mode 100644 index 027d69b37..000000000 --- a/charts/stackstate/stackstate-k8s-agent/1.0.49/charts/http-header-injector/templates/cert-hook-job-delete.yaml +++ /dev/null @@ -1,42 +0,0 @@ -{{- if eq .Values.webhook.tls.mode "generated" }} -{{- $containerConfig := dict "ContainerConfig" .Values.certificatePrehook -}} -apiVersion: batch/v1 -kind: Job -metadata: - name: {{ .Release.Name }}-header-injector-cert-delete - labels: - app.kubernetes.io/component: http-header-injector-cert-hook-delete - app.kubernetes.io/instance: {{ .Release.Name }} - app.kubernetes.io/name: {{ include "http-header-injector.app.name" . }} - annotations: - "helm.sh/hook": post-delete,post-upgrade - "helm.sh/hook-weight": "-2" - "helm.sh/hook-delete-policy": before-hook-creation{{- if not .Values.debug -}},hook-succeeded{{- end }} -spec: - template: - metadata: - labels: - app.kubernetes.io/component: http-header-injector-delete - app.kubernetes.io/instance: {{ .Release.Name }} - app.kubernetes.io/name: {{ include "http-header-injector.app.name" . }} - annotations: - checksum/config: {{ include (print $.Template.BasePath "/cert-hook-config.yaml") . | sha256sum }} - spec: - serviceAccountName: "{{ include "http-header-injector.cert-serviceaccount.name" . }}" - {{- include "http-header-injector.image.pullSecrets" . | nindent 6 }} - volumes: - - name: "{{ include "http-header-injector.cert-config.name" . }}" - configMap: - name: "{{ include "http-header-injector.cert-config.name" . }}" - defaultMode: 0777 - containers: - - name: webhook-cert-delete - image: "{{ include "http-header-injector.image.registry" (merge $containerConfig .) }}/{{ .Values.certificatePrehook.image.repository }}:{{ .Values.certificatePrehook.image.tag }}" - imagePullPolicy: {{ .Values.certificatePrehook.image.pullPolicy }} - volumeMounts: - - name: "{{ include "http-header-injector.cert-config.name" . }}" - mountPath: /scripts - command: [ "/scripts/delete-cert.sh" ] - restartPolicy: Never - backoffLimit: 0 -{{- end }} diff --git a/charts/stackstate/stackstate-k8s-agent/1.0.49/charts/http-header-injector/templates/cert-hook-job-setup.yaml b/charts/stackstate/stackstate-k8s-agent/1.0.49/charts/http-header-injector/templates/cert-hook-job-setup.yaml deleted file mode 100644 index b8e310442..000000000 --- a/charts/stackstate/stackstate-k8s-agent/1.0.49/charts/http-header-injector/templates/cert-hook-job-setup.yaml +++ /dev/null @@ -1,43 +0,0 @@ -{{- if eq .Values.webhook.tls.mode "generated" }} -{{- $containerConfig := dict "ContainerConfig" .Values.certificatePrehook -}} -apiVersion: batch/v1 -kind: Job -metadata: - name: {{ .Release.Name }}-header-injector-cert-setup - labels: - app.kubernetes.io/component: http-header-injector-cert-hook-setup - app.kubernetes.io/instance: {{ .Release.Name }} - app.kubernetes.io/name: {{ include "http-header-injector.app.name" . }} - annotations: - "helm.sh/hook": pre-install,pre-upgrade - "helm.sh/hook-weight": "-2" - "helm.sh/hook-delete-policy": before-hook-creation{{- if not .Values.debug -}},hook-succeeded{{- end }} -spec: - template: - metadata: - labels: - app.kubernetes.io/component: http-header-injector-setup - app.kubernetes.io/instance: {{ .Release.Name }} - app.kubernetes.io/name: {{ include "http-header-injector.app.name" . }} - annotations: - checksum/config: {{ include (print $.Template.BasePath "/cert-hook-config.yaml") . | sha256sum }} - spec: - serviceAccountName: "{{ include "http-header-injector.cert-serviceaccount.name" . }}" - {{- include "http-header-injector.image.pullSecrets" . | nindent 6 }} - volumes: - - name: "{{ include "http-header-injector.cert-config.name" . }}" - configMap: - name: "{{ include "http-header-injector.cert-config.name" . }}" - defaultMode: 0777 - containers: - - name: webhook-cert-setup - image: "{{ include "http-header-injector.image.registry" (merge $containerConfig .) }}/{{ .Values.certificatePrehook.image.repository }}:{{ .Values.certificatePrehook.image.tag }}" - imagePullPolicy: {{ .Values.certificatePrehook.image.pullPolicy }} - volumeMounts: - - name: "{{ include "http-header-injector.cert-config.name" . }}" - mountPath: /scripts - readOnly: true - command: ["/scripts/generate-cert.sh"] - restartPolicy: Never - backoffLimit: 0 -{{- end }} diff --git a/charts/stackstate/stackstate-k8s-agent/1.0.49/charts/http-header-injector/templates/cert-hook-serviceaccount.yaml b/charts/stackstate/stackstate-k8s-agent/1.0.49/charts/http-header-injector/templates/cert-hook-serviceaccount.yaml deleted file mode 100644 index 4d6931b05..000000000 --- a/charts/stackstate/stackstate-k8s-agent/1.0.49/charts/http-header-injector/templates/cert-hook-serviceaccount.yaml +++ /dev/null @@ -1,16 +0,0 @@ -{{- if eq .Values.webhook.tls.mode "generated" }} -apiVersion: v1 -kind: ServiceAccount -metadata: - name: "{{ include "http-header-injector.cert-serviceaccount.name" . }}" - namespace: {{ .Release.Namespace }} - annotations: - "helm.sh/hook": pre-install,pre-upgrade,post-delete,post-upgrade - "helm.sh/hook-weight": "-4" - "helm.sh/hook-delete-policy": before-hook-creation,hook-succeeded - labels: - app.kubernetes.io/component: http-header-injector-cert-hook - app.kubernetes.io/instance: {{ .Release.Name }} - app.kubernetes.io/name: {{ include "http-header-injector.app.name" . }} - app: "{{ include "http-header-injector.app.name" . }}" -{{- end }} diff --git a/charts/stackstate/stackstate-k8s-agent/1.0.49/charts/http-header-injector/templates/pull-secret.yaml b/charts/stackstate/stackstate-k8s-agent/1.0.49/charts/http-header-injector/templates/pull-secret.yaml deleted file mode 100644 index 5dc48d931..000000000 --- a/charts/stackstate/stackstate-k8s-agent/1.0.49/charts/http-header-injector/templates/pull-secret.yaml +++ /dev/null @@ -1,29 +0,0 @@ -{{- $defaultRegistry := .Values.global.imageRegistry }} -{{- $top := . }} -{{- $registryAuthMap := dict }} - -{{- range $registry, $credentials := .Values.global.imagePullCredentials }} - {{- $registryAuthDocument := dict -}} - {{- $_ := set $registryAuthDocument "username" $credentials.username }} - {{- $_ := set $registryAuthDocument "password" $credentials.password }} - {{- $authMessage := printf "%s:%s" $registryAuthDocument.username $registryAuthDocument.password | b64enc }} - {{- $_ := set $registryAuthDocument "auth" $authMessage }} - {{- if eq $registry "default" }} - {{- $registryAuthMap := set $registryAuthMap (include "http-header-injector.image.registry.global" $top) $registryAuthDocument }} - {{ else }} - {{- $registryAuthMap := set $registryAuthMap $registry $registryAuthDocument }} - {{- end }} -{{- end }} -{{- $dockerAuthsDocuments := dict "auths" $registryAuthMap }} - -apiVersion: v1 -kind: Secret -metadata: - labels: - app.kubernetes.io/component: http-header-injector - app.kubernetes.io/instance: {{ .Release.Name }} - app.kubernetes.io/name: {{ include "http-header-injector.app.name" . }} - name: {{ include "http-header-injector.pull-secret.name" . }} -data: - .dockerconfigjson: {{ $dockerAuthsDocuments | toJson | b64enc | quote }} -type: kubernetes.io/dockerconfigjson \ No newline at end of file diff --git a/charts/stackstate/stackstate-k8s-agent/1.0.49/charts/http-header-injector/templates/webhook-cert-secret.yaml b/charts/stackstate/stackstate-k8s-agent/1.0.49/charts/http-header-injector/templates/webhook-cert-secret.yaml deleted file mode 100644 index ba7a216f2..000000000 --- a/charts/stackstate/stackstate-k8s-agent/1.0.49/charts/http-header-injector/templates/webhook-cert-secret.yaml +++ /dev/null @@ -1,15 +0,0 @@ -{{- if eq .Values.webhook.tls.mode "provided" }} -apiVersion: v1 -kind: Secret -metadata: - name: {{ include "http-header-injector.cert-secret.name" . }} - namespace: {{ .Release.Namespace }} - labels: - app.kubernetes.io/component: http-header-injector - app.kubernetes.io/instance: {{ .Release.Name }} - app.kubernetes.io/name: {{ include "http-header-injector.app.name" . }} -type: kubernetes.io/tls -data: - tls.crt: {{ .Values.webhook.tls.provided.crt | b64enc }} - tls.key: {{ .Values.webhook.tls.provided.key | b64enc }} -{{- end }} diff --git a/charts/stackstate/stackstate-k8s-agent/1.0.49/charts/http-header-injector/templates/webhook-certificate.yaml b/charts/stackstate/stackstate-k8s-agent/1.0.49/charts/http-header-injector/templates/webhook-certificate.yaml deleted file mode 100644 index 752132d44..000000000 --- a/charts/stackstate/stackstate-k8s-agent/1.0.49/charts/http-header-injector/templates/webhook-certificate.yaml +++ /dev/null @@ -1,20 +0,0 @@ -{{- if eq .Values.webhook.tls.mode "cert-manager" }} -apiVersion: cert-manager.io/v1 -kind: Certificate -metadata: - name: {{ include "http-header-injector.webhook-service.name" . }} - namespace: {{ include "cert-manager.certificate.namespace" . }} - labels: - app.kubernetes.io/component: http-header-injector - app.kubernetes.io/instance: {{ .Release.Name }} - app.kubernetes.io/name: {{ include "http-header-injector.app.name" . }} -spec: - secretName: {{ include "http-header-injector.cert-secret.name" . }} - issuerRef: - name: {{ .Values.webhook.tls.certManager.issuer }} - kind: {{ .Values.webhook.tls.certManager.issuerKind }} - dnsNames: - - "{{ include "http-header-injector.webhook-service.name" . }}" - - "{{ include "http-header-injector.webhook-service.name" . }}.{{ .Release.Namespace }}" - - "{{ include "http-header-injector.webhook-service.name" . }}.{{ .Release.Namespace }}.svc" -{{- end }} diff --git a/charts/stackstate/stackstate-k8s-agent/1.0.49/charts/http-header-injector/templates/webhook-config.yaml b/charts/stackstate/stackstate-k8s-agent/1.0.49/charts/http-header-injector/templates/webhook-config.yaml deleted file mode 100644 index f611a52e3..000000000 --- a/charts/stackstate/stackstate-k8s-agent/1.0.49/charts/http-header-injector/templates/webhook-config.yaml +++ /dev/null @@ -1,125 +0,0 @@ -{{- if .Values.enabled -}} -{{- $proxyContainerConfig := dict "ContainerConfig" .Values.proxy -}} -{{- $proxyInitContainerConfig := dict "ContainerConfig" .Values.proxyInit -}} -apiVersion: v1 -kind: ConfigMap -metadata: - labels: - app.kubernetes.io/component: http-header-injector - app.kubernetes.io/instance: {{ .Release.Name }} - app.kubernetes.io/name: {{ include "http-header-injector.app.name" . }} - name: {{ .Release.Name }}-http-header-injector-config -data: - sidecarconfig.yaml: | - initContainers: - - name: http-header-proxy-init - image: "{{ include "http-header-injector.image.registry" (merge $proxyInitContainerConfig .) }}/{{ .Values.proxyInit.image.repository }}:{{ .Values.proxyInit.image.tag }}" - imagePullPolicy: {{ .Values.proxyInit.image.pullPolicy }} - command: ["/init-iptables.sh"] - env: - - name: CHART_VERSION - value: "{{ .Chart.Version }}" - - name: PROXY_PORT - value: {% if index .Annotations "config.http-header-injector.stackstate.io/proxy-port" %}"{% index .Annotations "config.http-header-injector.stackstate.io/proxy-port" %}"{% else %}"7060"{% end %} - - name: PROXY_UID - value: {% if index .Annotations "config.http-header-injector.stackstate.io/proxy-uid" %}"{% index .Annotations "config.http-header-injector.stackstate.io/proxy-uid" %}"{% else %}"2103"{% end %} - - name: POD_HOST_NETWORK - value: {% .Spec.HostNetwork %} - {% if eq (index .Annotations "linkerd.io/inject") "enabled" %} - - name: LINKERD - value: true - # Reference: https://linkerd.io/2.13/reference/proxy-configuration/ - - name: LINKERD_PROXY_UID - value: {% if index .Annotations "config.linkerd.io/proxy-uid" %}"{% index .Annotations "config.linkerd.io/proxy-uid" %}"{% else %}"2102"{% end %} - # Due to https://github.com/linkerd/linkerd2/issues/10981 this is now not realy possible, still bringing in the code for future reference - - name: LINKERD_ADMIN_PORT - value: {% if index .Annotations "config.linkerd.io/admin-port" %}"{% index .Annotations "config.linkerd.io/admin-port" %}"{% else %}"4191"{% end %} - {% end %} - securityContext: - allowPrivilegeEscalation: false - capabilities: - add: - - NET_ADMIN - - NET_RAW - privileged: false - readOnlyRootFilesystem: true - runAsNonRoot: false - runAsUser: 0 - seccompProfile: - type: RuntimeDefault - volumeMounts: - # This is required for iptables to be able to run - - mountPath: /run - name: http-header-proxy-init-xtables-lock - - containers: - - name: http-header-proxy - image: "{{ include "http-header-injector.image.registry" (merge $proxyContainerConfig .) }}/{{ .Values.proxy.image.repository }}:{{ .Values.proxy.image.tag }}" - imagePullPolicy: {{ .Values.proxy.image.pullPolicy }} - env: - - name: CHART_VERSION - value: "{{ .Chart.Version }}" - - name: PORT - value: {% if index .Annotations "config.http-header-injector.stackstate.io/proxy-port" %}"{% index .Annotations "config.http-header-injector.stackstate.io/proxy-port" %}"{% else %}"7060"{% end %} - - name: DEBUG - value: {% if index .Annotations "config.http-header-injector.stackstate.io/debug" %}"{% index .Annotations "config.http-header-injector.stackstate.io/debug" %}"{% else %}"disabled"{% end %} - securityContext: - runAsUser: {% if index .Annotations "config.http-header-injector.stackstate.io/proxy-uid" %}{% index .Annotations "config.http-header-injector.stackstate.io/proxy-uid" %}{% else %}2103{% end %} - seccompProfile: - type: RuntimeDefault - {{- with .Values.proxy.resources }} - resources: - {{- toYaml . | nindent 12 }} - {{- end }} - - name: http-header-inject-debug - image: "{{ include "http-header-injector.image.registry" (merge $proxyContainerConfig .) }}/{{ .Values.proxyInit.image.repository }}:{{ .Values.proxyInit.image.tag }}" - imagePullPolicy: {{ .Values.proxyInit.image.pullPolicy }} - command: ["/bin/sh", "-c", "while echo \"Running\"; do sleep 1; done"] - securityContext: - allowPrivilegeEscalation: false - capabilities: - add: - - NET_ADMIN - - NET_RAW - privileged: false - readOnlyRootFilesystem: true - runAsNonRoot: false - runAsUser: 0 - seccompProfile: - type: RuntimeDefault - volumeMounts: - # This is required for iptables to be able to run - - mountPath: /run - name: http-header-proxy-init-xtables-lock - - volumes: - - emptyDir: {} - name: http-header-proxy-init-xtables-lock - - mutationconfig.yaml: | - mutationConfigs: - - name: "http-header-injector" - annotationNamespace: "http-header-injector.stackstate.io" - annotationTrigger: "inject" - annotationConfig: - volumeMounts: [] - initContainersBeforePodInitContainers: [ "http-header-proxy-init" ] - initContainers: [ "http-header-proxy-init" ] - containers: [ "http-header-proxy" ] - volumes: [ "http-header-proxy-init-xtables-lock" ] - volumeMounts: [ ] - # Namespaces are ignored by the mutatingwebhook - ignoreNamespaces: [ ] - - name: "http-header-injector-debug" - annotationNamespace: "http-header-injector-debug.stackstate.io" - annotationTrigger: "inject" - annotationConfig: - volumeMounts: [] - initContainersBeforePodInitContainers: [ ] - initContainers: [ ] - containers: [ "http-header-inject-debug" ] - volumes: [ "http-header-proxy-init-xtables-lock" ] - volumeMounts: [ ] - # Namespaces are ignored by the mutatingwebhook - ignoreNamespaces: [ ] - {{- end -}} \ No newline at end of file diff --git a/charts/stackstate/stackstate-k8s-agent/1.0.49/charts/http-header-injector/templates/webhook-deployment.yaml b/charts/stackstate/stackstate-k8s-agent/1.0.49/charts/http-header-injector/templates/webhook-deployment.yaml deleted file mode 100644 index e885d0e46..000000000 --- a/charts/stackstate/stackstate-k8s-agent/1.0.49/charts/http-header-injector/templates/webhook-deployment.yaml +++ /dev/null @@ -1,56 +0,0 @@ -{{- if .Values.enabled -}} -{{- $containerConfig := dict "ContainerConfig" .Values.sidecarInjector -}} -apiVersion: apps/v1 -kind: Deployment -metadata: - labels: - app.kubernetes.io/component: http-header-injector - app.kubernetes.io/instance: {{ .Release.Name }} - app.kubernetes.io/name: {{ include "http-header-injector.app.name" . }} - app: "{{ include "http-header-injector.app.name" . }}" - name: "{{ include "http-header-injector.app.name" . }}" -spec: - replicas: 1 - selector: - matchLabels: - app: "{{ include "http-header-injector.app.name" . }}" - template: - metadata: - labels: - app.kubernetes.io/component: http-header-injector - app.kubernetes.io/instance: {{ .Release.Name }} - app.kubernetes.io/name: {{ include "http-header-injector.app.name" . }} - app: "{{ include "http-header-injector.app.name" . }}" - annotations: - checksum/config: {{ include (print $.Template.BasePath "/webhook-config.yaml") . | sha256sum }} - # This is here to make sure the generic injector gets restarted and picks up a new secret that may have been generated upon upgrade. - revision: "{{ .Release.Revision }}" - name: "{{ include "http-header-injector.app.name" . }}" - spec: - {{- include "http-header-injector.image.pullSecrets" . | nindent 6 }} - volumes: - - name: "{{ include "http-header-injector.webhook-config.name" . }}" - configMap: - name: "{{ include "http-header-injector.webhook-config.name" . }}" - - name: "{{ include "http-header-injector.cert-secret.name" . }}" - secret: - secretName: "{{ include "http-header-injector.cert-secret.name" . }}" - containers: - - image: "{{ include "http-header-injector.image.registry" (merge $containerConfig .) }}/{{ .Values.sidecarInjector.image.repository }}:{{ .Values.sidecarInjector.image.tag }}" - imagePullPolicy: {{ .Values.sidecarInjector.image.pullPolicy }} - name: http-header-injector - volumeMounts: - - name: "{{ include "http-header-injector.webhook-config.name" . }}" - mountPath: /etc/webhook/config - readOnly: true - - name: "{{ include "http-header-injector.cert-secret.name" . }}" - mountPath: /etc/webhook/certs - readOnly: true - command: [ "/sidecarinjector" ] - args: - - --port=8443 - - --sidecar-config-file=/etc/webhook/config/sidecarconfig.yaml - - --mutation-config-file=/etc/webhook/config/mutationconfig.yaml - - --cert-file-path=/etc/webhook/certs/tls.crt - - --key-file-path=/etc/webhook/certs/tls.key -{{- end -}} \ No newline at end of file diff --git a/charts/stackstate/stackstate-k8s-agent/1.0.49/charts/http-header-injector/templates/webhook-mutatingwebhookconfiguration.yaml b/charts/stackstate/stackstate-k8s-agent/1.0.49/charts/http-header-injector/templates/webhook-mutatingwebhookconfiguration.yaml deleted file mode 100644 index 32d58afde..000000000 --- a/charts/stackstate/stackstate-k8s-agent/1.0.49/charts/http-header-injector/templates/webhook-mutatingwebhookconfiguration.yaml +++ /dev/null @@ -1,52 +0,0 @@ -{{- if not (eq .Values.webhook.tls.mode "generated") }} -apiVersion: admissionregistration.k8s.io/v1 -kind: MutatingWebhookConfiguration -metadata: - name: "{{ include "http-header-injector.mutating-webhook.name" . }}" - namespace: "{{ .Release.Namespace }}" - labels: - app.kubernetes.io/component: http-header-injector - app.kubernetes.io/instance: {{ .Release.Name }} - app.kubernetes.io/name: {{ include "http-header-injector.app.name" . }} - annotations: - {{- if eq .Values.webhook.tls.mode "cert-manager" }} - cert-manager.io/inject-ca-from: {{ include "cert-manager.certificate.namespace" . }}/{{ include "http-header-injector.webhook-service.name" . }} - {{- else if eq .Values.webhook.tls.mode "secret" }} - cert-manager.io/inject-ca-from-secret: {{ .Release.Namespace }}/{{ .Values.webhook.tls.secret.name | required "'webhook.tls.secret.name' is required when webhook.tls.mode is 'secret'" }} - {{- end }} -webhooks: - - clientConfig: - {{- if eq .Values.webhook.tls.mode "provided" }} - caBundle: "{{ .Values.webhook.tls.provided.caBundle | b64enc }}" - {{- else if or (eq .Values.webhook.tls.mode "cert-manager") (eq .Values.webhook.tls.mode "secret") }} - caBundle: "" - {{- end }} - service: - name: "{{ include "http-header-injector.webhook-service.name" . }}" - path: /mutate - namespace: {{ .Release.Namespace }} - port: 8443 - # Putting failure on ignore, not doing so can crash the entire control plane if something goes wrong with the service. - failurePolicy: "{{ .Values.webhook.failurePolicy }}" - name: "{{ include "http-header-injector.mutatingwebhookconfiguration.name" . }}" - namespaceSelector: - matchExpressions: - - key: kubernetes.io/metadata.name - operator: NotIn - values: - - kube-system - - cert-manager - - {{ .Release.Namespace }} - rules: - - apiGroups: - - "" - apiVersions: - - v1 - operations: - - CREATE - resources: - - pods - sideEffects: None - admissionReviewVersions: - - v1 -{{- end }} diff --git a/charts/stackstate/stackstate-k8s-agent/1.0.49/charts/http-header-injector/templates/webhook-service.yaml b/charts/stackstate/stackstate-k8s-agent/1.0.49/charts/http-header-injector/templates/webhook-service.yaml deleted file mode 100644 index 6936a5d23..000000000 --- a/charts/stackstate/stackstate-k8s-agent/1.0.49/charts/http-header-injector/templates/webhook-service.yaml +++ /dev/null @@ -1,17 +0,0 @@ -{{- if .Values.enabled -}} -apiVersion: v1 -kind: Service -metadata: - labels: - app.kubernetes.io/component: http-header-injector - app.kubernetes.io/instance: {{ .Release.Name }} - app.kubernetes.io/name: {{ include "http-header-injector.app.name" . }} - name: "{{ include "http-header-injector.webhook-service.name" . }}" -spec: - ports: - - port: 8443 - protocol: TCP - targetPort: 8443 - selector: - app: "{{ include "http-header-injector.app.name" . }}" -{{- end -}} diff --git a/charts/stackstate/stackstate-k8s-agent/1.0.49/charts/http-header-injector/values.yaml b/charts/stackstate/stackstate-k8s-agent/1.0.49/charts/http-header-injector/values.yaml deleted file mode 100644 index 236a8bb6a..000000000 --- a/charts/stackstate/stackstate-k8s-agent/1.0.49/charts/http-header-injector/values.yaml +++ /dev/null @@ -1,98 +0,0 @@ -# enabled -- Enable/disable the mutationwebhook -enabled: true - -# debug -- Enable debugging. This will leave leave artifacts around like the prehook jobs for further inspection -debug: false - -global: - # global.imageRegistry -- Globally override the image registry that is used. Can be overridden by specific containers. Defaults to quay.io - imageRegistry: null - # global.imagePullSecrets -- Globally add image pull secrets that are used. - imagePullSecrets: [] - # global.imagePullCredentials -- Globally define credentials for pulling images. - imagePullCredentials: {} - -images: - pullSecretName: - -# proxy -- Proxy being injected into pods for rewriting http headers -proxy: - image: - # proxy.image.registry -- Registry for the docker image. - registry: - # proxy.image.repository - Repository for the docker image - repository: "stackstate/http-header-injector-proxy" - # proxy.image.pullPolicy -- Policy when pulling an image - pullPolicy: IfNotPresent - # proxy.image.tag -- The tag for the docker image - tag: sha-5ff79451 - - # proxy.resource -- Resources for the proxy container - resources: - requests: - # proxy.resources.requests.memory -- Memory resource requests. - memory: "25Mi" - limits: - # proxy.resources.limits.memory -- Memory resource limits. - memory: "40Mi" - -# proxyInit -- InitContainer within pod which redirects traffic to the proxy container. -proxyInit: - image: - # proxyInit.image.registry -- Registry for the docker image - registry: - # proxyInit.image.repository - Repository for the docker image - repository: "stackstate/http-header-injector-proxy-init" - # proxyInit.image.pullPolicy -- Policy when pulling an image - pullPolicy: IfNotPresent - # proxyInit.image.tag -- The tag for the docker image - tag: sha-5ff79451 - -# sidecarInjector -- Service for injecting the proxy sidecar into pods -sidecarInjector: - image: - # sidecarInjector.image.registry -- Registry for the docker image. - registry: - # sidecarInjector.image.repository - Repository for the docker image - repository: "stackstate/generic-sidecar-injector" - # sidecarInjector.image.pullPolicy -- Policy when pulling an image - pullPolicy: IfNotPresent - # sidecarInjector.image.tag -- The tag for the docker image - tag: sha-9c852245 - -# certificatePrehook -- Helm prehook to setup/remove a certificate for the sidecarInjector mutationwebhook -certificatePrehook: - image: - # certificatePrehook.image.registry -- Registry for the docker image. - registry: - # certificatePrehook.image.repository - Repository for the docker image. - repository: stackstate/container-tools - # certificatePrehook.image.pullPolicy -- Policy when pulling an image - pullPolicy: IfNotPresent - # certificatePrehook.image.tag -- The tag for the docker image - tag: 1.1.8 - -# webhook -- MutationWebhook that will be installed to inject a sidecar into pods -webhook: - # webhook.failurePolicy -- How should the webhook fail? Best is to use Ignore, because there is a brief moment at initialization when the hook s there but the service not. Also, putting this to fail can cause the control plane be unresponsive. - failurePolicy: Ignore - tls: - # webhook.tls.mode -- The mode for the webhook. Can be "provided", "generated", "secret" or "cert-manager". If you want to use cert-manager, you need to install it first. NOTE: If you choose "generated", additional privileges are required to create the certificate and webhook at runtime. - mode: "generated" - provided: - # webhook.tls.provided.caBundle -- The caBundle that is used for the webhook. This is the certificate that is used to sign the webhook. Only used if you set webhook.tls.mode to "provided". - caBundle: "" - # webhook.tls.provided.crt -- The certificate that is used for the webhook. Only used if you set webhook.tls.mode to "provided". - crt: "" - # webhook.tls.provided.key -- The key that is used for the webhook. Only used if you set webhook.tls.mode to "provided". - key: "" - certManager: - # webhook.tls.certManager.issuer -- The issuer that is used for the webhook. Only used if you set webhook.tls.mode to "cert-manager". - issuer: "" - # webhook.tls.certManager.issuerKind -- The issuer kind that is used for the webhook, valid values are "Issuer" or "ClusterIssuer". Only used if you set webhook.tls.mode to "cert-manager". - issuerKind: "ClusterIssuer" - # webhook.tls.certManager.issuerNamespace -- The namespace the cert-manager issuer is located in. If left empty defaults to the release's namespace that is used for the webhook. Only used if you set webhook.tls.mode to "cert-manager". - issuerNamespace: "" - secret: - # webhook.tls.secret.name -- The name of the secret containing the pre-provisioned certificate data that is used for the webhook. Only used if you set webhook.tls.mode to "secret". - name: "" diff --git a/charts/stackstate/stackstate-k8s-agent/1.0.49/questions.yml b/charts/stackstate/stackstate-k8s-agent/1.0.49/questions.yml deleted file mode 100644 index 5d6e6a011..000000000 --- a/charts/stackstate/stackstate-k8s-agent/1.0.49/questions.yml +++ /dev/null @@ -1,184 +0,0 @@ -questions: - - variable: stackstate.apiKey - label: "StackState API Key" - type: string - description: "The API key for StackState." - required: true - group: General - - variable: stackstate.url - label: "StackState URL" - type: string - description: "The URL where StackState is running." - required: true - group: General - - variable: stackstate.cluster.name - label: "StackState Cluster Name" - type: string - description: "The StackState Cluster Name given when installing the instance of the Kubernetes StackPack in StackState. This is used to identify the cluster in StackState." - required: true - group: General - - variable: all.registry.override - label: "Override Default Image Registry" - type: boolean - description: "Whether or not to override the default image registry." - default: false - group: "General" - show_subquestions_if: true - subquestions: - - variable: all.image.registry - label: "Docker Image Registry" - type: string - description: "The registry to pull the StackState Agent images from." - default: "quay.io" - - variable: global.imagePullCredentials.username - label: "Docker Image Pull Username" - type: string - description: "The username to use when pulling the StackState Agent images." - - variable: global.imagePullCredentials.password - label: "Docker Image Pull Password" - type: secret - description: "The password to use when pulling the StackState Agent images." - - variable: nodeAgent.containers.agent.resources.override - label: "Override Node Agent Resource Allocation" - type: boolean - description: "Whether or not to override the default resources." - default: "false" - group: "Node Agent" - show_subquestions_if: true - subquestions: - - variable: nodeAgent.containers.agent.resources.requests.cpu - label: "CPU Requests" - type: string - description: "The requested CPU for the Node Agent." - default: "20m" - - variable: nodeAgent.containers.agent.resources.requests.memory - label: "Memory Requests" - type: string - description: "The requested memory for the Node Agent." - default: "180Mi" - - variable: nodeAgent.containers.agent.resources.limits.cpu - label: "CPU Limit" - type: string - description: "The CPU limit for the Node Agent." - default: "270m" - - variable: nodeAgent.containers.agent.resources.limits.memory - label: "Memory Limit" - type: string - description: "The memory limit for the Node Agent." - default: "420Mi" - - variable: nodeAgent.containers.processAgent.enabled - label: "Enable Process Agent" - type: boolean - description: "Whether or not to enable the Process Agent." - default: "true" - group: "Process Agent" - - variable: nodeAgent.skipKubeletTLSVerify - label: "Skip Kubelet TLS Verify" - type: boolean - description: "Whether or not to skip TLS verification when connecting to the kubelet API." - default: "true" - group: "Process Agent" - - variable: nodeAgent.containers.processAgent.resources.override - label: "Override Process Agent Resource Allocation" - type: boolean - description: "Whether or not to override the default resources." - default: "false" - group: "Process Agent" - show_subquestions_if: true - subquestions: - - variable: nodeAgent.containers.processAgent.resources.requests.cpu - label: "CPU Requests" - type: string - description: "The requested CPU for the Process Agent." - default: "25m" - - variable: nodeAgent.containers.processAgent.resources.requests.memory - label: "Memory Requests" - type: string - description: "The requested memory for the Process Agent." - default: "128Mi" - - variable: nodeAgent.containers.processAgent.resources.limits.cpu - label: "CPU Limit" - type: string - description: "The CPU limit for the Process Agent." - default: "125m" - - variable: nodeAgent.containers.processAgent.resources.limits.memory - label: "Memory Limit" - type: string - description: "The memory limit for the Process Agent." - default: "400Mi" - - variable: clusterAgent.enabled - label: "Enable Cluster Agent" - type: boolean - description: "Whether or not to enable the Cluster Agent." - default: "true" - group: "Cluster Agent" - - variable: clusterAgent.collection.kubernetesResources.secrets - label: "Collect Secret Resources" - type: boolean - description: | - Whether or not to collect Kubernetes Secrets. - NOTE: StackState will not send the actual data of the secrets, only the metadata and a secure hash of the data. - default: "true" - group: "Cluster Agent" - - variable: clusterAgent.resources.override - label: "Override Cluster Agent Resource Allocation" - type: boolean - description: "Whether or not to override the default resources." - default: "false" - group: "Cluster Agent" - show_subquestions_if: true - subquestions: - - variable: clusterAgent.resources.requests.cpu - label: "CPU Requests" - type: string - description: "The requested CPU for the Cluster Agent." - default: "70m" - - variable: clusterAgent.resources.requests.memory - label: "Memory Requests" - type: string - description: "The requested memory for the Cluster Agent." - default: "512Mi" - - variable: clusterAgent.resources.limits.cpu - label: "CPU Limit" - type: string - description: "The CPU limit for the Cluster Agent." - default: "400m" - - variable: clusterAgent.resources.limits.memory - label: "Memory Limit" - type: string - description: "The memory limit for the Cluster Agent." - default: "800Mi" - - variable: logsAgent.enabled - label: "Enable Logs Agent" - type: boolean - description: "Whether or not to enable the Logs Agent." - default: "true" - group: "Logs Agent" - - variable: logsAgent.resources.override - label: "Override Logs Agent Resource Allocation" - type: boolean - description: "Whether or not to override the default resources." - default: "false" - group: "Logs Agent" - show_subquestions_if: true - subquestions: - - variable: logsAgent.resources.requests.cpu - label: "CPU Requests" - type: string - description: "The requested CPU for the Logs Agent." - default: "20m" - - variable: logsAgent.resources.requests.memory - label: "Memory Requests" - type: string - description: "The requested memory for the Logs Agent." - default: "100Mi" - - variable: logsAgent.resources.limits.cpu - label: "CPU Limit" - type: string - description: "The CPU limit for the Logs Agent." - default: "1300m" - - variable: logsAgent.resources.limits.memory - label: "Memory Limit" - type: string - description: "The memory limit for the Logs Agent." - default: "192Mi" diff --git a/charts/stackstate/stackstate-k8s-agent/1.0.49/templates/_cluster-agent-kube-state-metrics.yaml b/charts/stackstate/stackstate-k8s-agent/1.0.49/templates/_cluster-agent-kube-state-metrics.yaml deleted file mode 100644 index f99fbf618..000000000 --- a/charts/stackstate/stackstate-k8s-agent/1.0.49/templates/_cluster-agent-kube-state-metrics.yaml +++ /dev/null @@ -1,62 +0,0 @@ -{{- define "cluster-agent-kube-state-metrics" -}} -{{- $kubeRes := .Values.clusterAgent.collection.kubernetesResources }} -{{- if .Values.clusterAgent.collection.kubeStateMetrics.clusterCheck }} -cluster_check: true -{{- end }} -init_config: -instances: - - collectors: - - nodes - - pods - - services - {{- if $kubeRes.persistentvolumeclaims }} - - persistentvolumeclaims - {{- end }} - {{- if $kubeRes.persistentvolumes }} - - persistentvolumes - {{- end }} - {{- if $kubeRes.namespaces }} - - namespaces - {{- end }} - {{- if $kubeRes.endpoints }} - - endpoints - {{- end }} - {{- if $kubeRes.daemonsets }} - - daemonsets - {{- end }} - {{- if $kubeRes.deployments }} - - deployments - {{- end }} - {{- if $kubeRes.replicasets }} - - replicasets - {{- end }} - {{- if $kubeRes.statefulsets }} - - statefulsets - {{- end }} - {{- if $kubeRes.cronjobs }} - - cronjobs - {{- end }} - {{- if $kubeRes.jobs }} - - jobs - {{- end }} - {{- if $kubeRes.ingresses }} - - ingresses - {{- end }} - {{- if $kubeRes.secrets }} - - secrets - {{- end }} - - resourcequotas - - replicationcontrollers - - limitranges - - horizontalpodautoscalers - - poddisruptionbudgets - - storageclasses - - volumeattachments - {{- if .Values.clusterAgent.collection.kubeStateMetrics.clusterCheck }} - skip_leader_election: true - {{- end }} - labels_as_tags: - {{ .Values.clusterAgent.collection.kubeStateMetrics.labelsAsTags | toYaml | indent 8 }} - annotations_as_tags: - {{ .Values.clusterAgent.collection.kubeStateMetrics.annotationsAsTags | toYaml | indent 8 }} -{{- end -}} diff --git a/charts/stackstate/stackstate-k8s-agent/1.0.49/templates/_container-agent.yaml b/charts/stackstate/stackstate-k8s-agent/1.0.49/templates/_container-agent.yaml deleted file mode 100644 index 033ca11ec..000000000 --- a/charts/stackstate/stackstate-k8s-agent/1.0.49/templates/_container-agent.yaml +++ /dev/null @@ -1,192 +0,0 @@ -{{- define "container-agent" -}} -- name: node-agent -{{- if .Values.all.hardening.enabled}} - lifecycle: - preStop: - exec: - command: [ "/bin/sh", "-c", "echo 'Giving slim.ai monitor time to submit data...'; sleep 120" ] -{{- end }} - image: "{{ include "stackstate-k8s-agent.imageRegistry" . }}/{{ .Values.nodeAgent.containers.agent.image.repository }}:{{ .Values.nodeAgent.containers.agent.image.tag }}" - imagePullPolicy: "{{ .Values.nodeAgent.containers.agent.image.pullPolicy }}" - env: - - name: STS_API_KEY - valueFrom: - secretKeyRef: - name: {{ include "stackstate-k8s-agent.fullname" . }} - key: sts-api-key - - name: STS_KUBERNETES_KUBELET_HOST - valueFrom: - fieldRef: - fieldPath: status.hostIP - - name: KUBERNETES_HOSTNAME - valueFrom: - fieldRef: - fieldPath: spec.nodeName - - name: STS_HOSTNAME - value: "$(KUBERNETES_HOSTNAME)-{{ .Values.stackstate.cluster.name}}" - - name: AGENT_VERSION - value: {{ .Values.nodeAgent.containers.agent.image.tag | quote }} - - name: HOST_PROC - value: "/host/proc" - - name: HOST_SYS - value: "/host/sys" - - name: KUBERNETES - value: "true" - - name: STS_APM_ENABLED - value: {{ .Values.nodeAgent.apm.enabled | quote }} - - name: STS_APM_URL - value: {{ include "stackstate-k8s-agent.stackstate.url" . }} - - name: STS_CLUSTER_AGENT_ENABLED - value: {{ .Values.clusterAgent.enabled | quote }} - {{- if .Values.clusterAgent.enabled }} - - name: STS_CLUSTER_AGENT_KUBERNETES_SERVICE_NAME - value: {{ .Release.Name }}-cluster-agent - - name: STS_CLUSTER_AGENT_AUTH_TOKEN - valueFrom: - secretKeyRef: - name: {{ include "stackstate-k8s-agent.fullname" . }} - key: sts-cluster-auth-token - {{- end }} - - name: STS_CLUSTER_NAME - value: {{ .Values.stackstate.cluster.name | quote }} - - name: STS_SKIP_VALIDATE_CLUSTERNAME - value: "true" - - name: STS_CHECKS_TAG_CARDINALITY - value: {{ .Values.nodeAgent.checksTagCardinality | quote }} - {{- if .Values.checksAgent.enabled }} - - name: STS_EXTRA_CONFIG_PROVIDERS - value: "endpointschecks" - {{- end }} - - name: STS_HEALTH_PORT - value: "5555" - - name: STS_LEADER_ELECTION - value: "false" - - name: LOG_LEVEL - value: {{ .Values.nodeAgent.containers.agent.logLevel | default .Values.nodeAgent.logLevel | quote }} - - name: STS_LOG_LEVEL - value: {{ .Values.nodeAgent.containers.agent.logLevel | default .Values.nodeAgent.logLevel | quote }} - - name: STS_NETWORK_TRACING_ENABLED - value: {{ .Values.nodeAgent.networkTracing.enabled | quote }} - - name: STS_PROTOCOL_INSPECTION_ENABLED - value: {{ .Values.nodeAgent.protocolInspection.enabled | quote }} - - name: STS_PROCESS_AGENT_ENABLED - value: {{ .Values.nodeAgent.containers.agent.processAgent.enabled | quote }} - - name: STS_CONTAINER_CHECK_INTERVAL - value: {{ .Values.processAgent.checkIntervals.container | quote }} - - name: STS_CONNECTION_CHECK_INTERVAL - value: {{ .Values.processAgent.checkIntervals.connections | quote }} - - name: STS_PROCESS_CHECK_INTERVAL - value: {{ .Values.processAgent.checkIntervals.process | quote }} - - name: STS_PROCESS_AGENT_URL - value: {{ include "stackstate-k8s-agent.stackstate.url" . }} - - name: STS_SKIP_SSL_VALIDATION - value: {{ .Values.nodeAgent.skipSslValidation | quote }} - - name: STS_SKIP_KUBELET_TLS_VERIFY - value: {{ .Values.nodeAgent.skipKubeletTLSVerify | quote }} - - name: STS_STS_URL - value: {{ include "stackstate-k8s-agent.stackstate.url" . }} - {{- if .Values.nodeAgent.containerRuntime.customSocketPath }} - - name: STS_CRI_SOCKET_PATH - value: {{ .Values.nodeAgent.containerRuntime.customSocketPath }} - {{- end }} - {{- range $key, $value := .Values.nodeAgent.containers.agent.env }} - - name: {{ $key }} - value: {{ $value | quote }} - {{- end }} - {{- range $key, $value := .Values.global.extraEnv.open }} - - name: {{ $key }} - value: {{ $value | quote }} - {{- end }} - {{- range $key, $value := .Values.global.extraEnv.secret }} - - name: {{ $key }} - valueFrom: - secretKeyRef: - name: {{ include "stackstate-k8s-agent.fullname" . }} - key: {{ $key }} - {{- end }} - {{- if .Values.nodeAgent.containers.agent.livenessProbe.enabled }} - livenessProbe: - httpGet: - path: /health - port: healthport - failureThreshold: {{ .Values.nodeAgent.containers.agent.livenessProbe.failureThreshold }} - initialDelaySeconds: {{ .Values.nodeAgent.containers.agent.livenessProbe.initialDelaySeconds }} - periodSeconds: {{ .Values.nodeAgent.containers.agent.livenessProbe.periodSeconds }} - successThreshold: {{ .Values.nodeAgent.containers.agent.livenessProbe.successThreshold }} - timeoutSeconds: {{ .Values.nodeAgent.containers.agent.livenessProbe.timeoutSeconds }} - {{- end }} - {{- if .Values.nodeAgent.containers.agent.readinessProbe.enabled }} - readinessProbe: - httpGet: - path: /health - port: healthport - failureThreshold: {{ .Values.nodeAgent.containers.agent.readinessProbe.failureThreshold }} - initialDelaySeconds: {{ .Values.nodeAgent.containers.agent.readinessProbe.initialDelaySeconds }} - periodSeconds: {{ .Values.nodeAgent.containers.agent.readinessProbe.periodSeconds }} - successThreshold: {{ .Values.nodeAgent.containers.agent.readinessProbe.successThreshold }} - timeoutSeconds: {{ .Values.nodeAgent.containers.agent.readinessProbe.timeoutSeconds }} - {{- end }} - ports: - - containerPort: 8126 - name: traceport - protocol: TCP - - containerPort: 5555 - name: healthport - protocol: TCP - {{- with .Values.nodeAgent.containers.agent.resources }} - resources: - {{- toYaml . | nindent 12 }} - {{- end }} - volumeMounts: - {{- if .Values.nodeAgent.containerRuntime.customSocketPath }} - - name: customcrisocket - mountPath: {{ .Values.nodeAgent.containerRuntime.customSocketPath }} - readOnly: true - {{- end }} - - name: crisocket - mountPath: /var/run/crio/crio.sock - readOnly: true - - name: containerdsocket - mountPath: /var/run/containerd/containerd.sock - readOnly: true - - name: kubelet - mountPath: /var/lib/kubelet - readOnly: true - - name: nfs - mountPath: /var/lib/nfs - readOnly: true - - name: dockersocket - mountPath: /var/run/docker.sock - readOnly: true - - name: dockernetns - mountPath: /run/docker/netns - readOnly: true - - name: dockeroverlay2 - mountPath: /var/lib/docker/overlay2 - readOnly: true - - name: procdir - mountPath: /host/proc - readOnly: true - - name: cgroups - mountPath: /host/sys/fs/cgroup - readOnly: true - {{- if .Values.nodeAgent.config.override }} - {{- range .Values.nodeAgent.config.override }} - - name: config-override-volume - mountPath: {{ .path }}/{{ .name }} - subPath: {{ .path | replace "/" "_"}}_{{ .name }} - readOnly: true - {{- end }} - {{- end }} -{{- if .Values.all.hardening.enabled}} - securityContext: - privileged: true - runAsUser: 0 # root - capabilities: - add: [ "ALL" ] - readOnlyRootFilesystem: false -{{- else }} - securityContext: - privileged: false -{{- end }} -{{- end -}} diff --git a/charts/stackstate/stackstate-k8s-agent/1.0.49/templates/_container-process-agent.yaml b/charts/stackstate/stackstate-k8s-agent/1.0.49/templates/_container-process-agent.yaml deleted file mode 100644 index 98f4f96b9..000000000 --- a/charts/stackstate/stackstate-k8s-agent/1.0.49/templates/_container-process-agent.yaml +++ /dev/null @@ -1,148 +0,0 @@ -{{- define "container-process-agent" -}} -- name: process-agent -{{ if .Values.nodeAgent.containers.processAgent.image.registry }} - image: "{{ .Values.nodeAgent.containers.processAgent.image.registry }}/{{ .Values.nodeAgent.containers.processAgent.image.repository }}:{{ .Values.nodeAgent.containers.processAgent.image.tag }}" -{{ else }} - image: "{{ include "stackstate-k8s-agent.imageRegistry" . }}/{{ .Values.nodeAgent.containers.processAgent.image.repository }}:{{ .Values.nodeAgent.containers.processAgent.image.tag }}" -{{- end }} - imagePullPolicy: "{{ .Values.nodeAgent.containers.processAgent.image.pullPolicy }}" - ports: - - containerPort: 6063 - env: - - name: STS_API_KEY - valueFrom: - secretKeyRef: - name: {{ include "stackstate-k8s-agent.fullname" . }} - key: sts-api-key - - name: STS_KUBERNETES_KUBELET_HOST - valueFrom: - fieldRef: - fieldPath: status.hostIP - - name: KUBERNETES_HOSTNAME - valueFrom: - fieldRef: - fieldPath: spec.nodeName - - name: STS_HOSTNAME - value: "$(KUBERNETES_HOSTNAME)-{{ .Values.stackstate.cluster.name}}" - - name: AGENT_VERSION - value: {{ .Values.nodeAgent.containers.processAgent.image.tag | quote }} - - name: STS_LOG_TO_CONSOLE - value: "true" - - name: HOST_PROC - value: "/host/proc" - - name: HOST_SYS - value: "/host/sys" - - name: KUBERNETES - value: "true" - - name: STS_CLUSTER_AGENT_ENABLED - value: {{ .Values.clusterAgent.enabled | quote }} - {{- if .Values.clusterAgent.enabled }} - - name: STS_CLUSTER_AGENT_KUBERNETES_SERVICE_NAME - value: {{ .Release.Name }}-cluster-agent - - name: STS_CLUSTER_AGENT_AUTH_TOKEN - valueFrom: - secretKeyRef: - name: {{ include "stackstate-k8s-agent.fullname" . }} - key: sts-cluster-auth-token - {{- end }} - - name: STS_CLUSTER_NAME - value: {{ .Values.stackstate.cluster.name | quote }} - - name: STS_SKIP_VALIDATE_CLUSTERNAME - value: "true" - - name: LOG_LEVEL - value: {{ .Values.nodeAgent.containers.processAgent.logLevel | default .Values.nodeAgent.logLevel | quote }} - - name: STS_LOG_LEVEL - value: {{ .Values.nodeAgent.containers.processAgent.logLevel | default .Values.nodeAgent.logLevel | quote }} - - name: STS_NETWORK_TRACING_ENABLED - value: {{ .Values.nodeAgent.networkTracing.enabled | quote }} - - name: STS_PROTOCOL_INSPECTION_ENABLED - value: {{ .Values.nodeAgent.protocolInspection.enabled | quote }} - - name: STS_PROCESS_AGENT_ENABLED - value: {{ .Values.nodeAgent.containers.processAgent.enabled | quote }} - - name: STS_CONTAINER_CHECK_INTERVAL - value: {{ .Values.processAgent.checkIntervals.container | quote }} - - name: STS_CONNECTION_CHECK_INTERVAL - value: {{ .Values.processAgent.checkIntervals.connections | quote }} - - name: STS_PROCESS_CHECK_INTERVAL - value: {{ .Values.processAgent.checkIntervals.process | quote }} - - name: STS_PROCESS_AGENT_URL - value: {{ include "stackstate-k8s-agent.stackstate.url" . }} - - name: STS_SKIP_SSL_VALIDATION - value: {{ .Values.nodeAgent.skipSslValidation | quote }} - - name: STS_SKIP_KUBELET_TLS_VERIFY - value: {{ .Values.nodeAgent.skipKubeletTLSVerify | quote }} - - name: STS_STS_URL - value: {{ include "stackstate-k8s-agent.stackstate.url" . }} - - name: STS_HTTP_TRACING_ENABLED - value: {{ .Values.nodeAgent.httpTracing.enabled | quote }} - {{- if .Values.nodeAgent.containerRuntime.customSocketPath }} - - name: STS_CRI_SOCKET_PATH - value: {{ .Values.nodeAgent.containerRuntime.customSocketPath }} - {{- end }} - {{- range $key, $value := .Values.nodeAgent.containers.processAgent.env }} - - name: {{ $key }} - value: {{ $value | quote }} - {{- end }} - {{- range $key, $value := .Values.global.extraEnv.open }} - - name: {{ $key }} - value: {{ $value | quote }} - {{- end }} - {{- range $key, $value := .Values.global.extraEnv.secret }} - - name: {{ $key }} - valueFrom: - secretKeyRef: - name: {{ include "stackstate-k8s-agent.fullname" . }} - key: {{ $key }} - {{- end }} - {{- with .Values.nodeAgent.containers.processAgent.resources }} - resources: - {{- toYaml . | nindent 12 }} - {{- end }} - volumeMounts: - {{- if .Values.nodeAgent.containerRuntime.customSocketPath }} - - name: customcrisocket - mountPath: {{ .Values.nodeAgent.containerRuntime.customSocketPath }} - readOnly: true - {{- end }} - - name: crisocket - mountPath: /var/run/crio/crio.sock - readOnly: true - - name: containerdsocket - mountPath: /var/run/containerd/containerd.sock - readOnly: true - - name: sys-kernel-debug - mountPath: /sys/kernel/debug - # Having sys-kernel-debug as read only breaks specific monitors from receiving metrics - # readOnly: true - - name: dockersocket - mountPath: /var/run/docker.sock - readOnly: true - - name: procdir - mountPath: /host/proc - readOnly: true - - name: passwd - mountPath: /etc/passwd - readOnly: true - - name: cgroups - mountPath: /host/sys/fs/cgroup - readOnly: true - {{- if .Values.nodeAgent.config.override }} - {{- range .Values.nodeAgent.config.override }} - - name: config-override-volume - mountPath: {{ .path }}/{{ .name }} - subPath: {{ .path | replace "/" "_"}}_{{ .name }} - readOnly: true - {{- end }} - {{- end }} -{{- if .Values.all.hardening.enabled}} - securityContext: - privileged: true - runAsUser: 0 # root - capabilities: - add: [ "ALL" ] - readOnlyRootFilesystem: false -{{- else }} - securityContext: - privileged: true -{{- end }} -{{- end -}} diff --git a/charts/stackstate/stackstate-k8s-agent/1.0.49/templates/_helpers.tpl b/charts/stackstate/stackstate-k8s-agent/1.0.49/templates/_helpers.tpl deleted file mode 100644 index 09a27fd6e..000000000 --- a/charts/stackstate/stackstate-k8s-agent/1.0.49/templates/_helpers.tpl +++ /dev/null @@ -1,175 +0,0 @@ -{{/* vim: set filetype=mustache: */}} -{{/* -Expand the name of the chart. -*/}} -{{- define "stackstate-k8s-agent.name" -}} -{{- default .Chart.Name .Values.nameOverride | trunc 63 | trimSuffix "-" -}} -{{- end -}} - -{{/* -Create a default fully qualified app name. -We truncate at 63 chars because some Kubernetes name fields are limited to this (by the DNS naming spec). -If release name contains chart name it will be used as a full name. -*/}} -{{- define "stackstate-k8s-agent.fullname" -}} -{{- if .Values.fullnameOverride -}} -{{- .Values.fullnameOverride | trunc 63 | trimSuffix "-" -}} -{{- else -}} -{{- $name := default .Chart.Name .Values.nameOverride -}} -{{- if contains $name .Release.Name -}} -{{- .Release.Name | trunc 63 | trimSuffix "-" -}} -{{- else -}} -{{- printf "%s-%s" .Release.Name $name | trunc 63 | trimSuffix "-" -}} -{{- end -}} -{{- end -}} -{{- end -}} - -{{/* -Create chart name and version as used by the chart label. -*/}} -{{- define "stackstate-k8s-agent.chart" -}} -{{- printf "%s-%s" .Chart.Name .Chart.Version | replace "+" "_" | trunc 63 | trimSuffix "-" -}} -{{- end -}} - -{{/* -Common labels -*/}} -{{- define "stackstate-k8s-agent.labels" -}} -app.kubernetes.io/name: {{ include "stackstate-k8s-agent.name" . }} -helm.sh/chart: {{ include "stackstate-k8s-agent.chart" . }} -app.kubernetes.io/instance: {{ .Release.Name }} -{{- if .Chart.AppVersion }} -app.kubernetes.io/version: {{ .Chart.AppVersion | quote }} -{{- end }} -app.kubernetes.io/managed-by: {{ .Release.Service }} -{{- end -}} - -{{/* -Cluster agent checksum annotations -*/}} -{{- define "stackstate-k8s-agent.checksum-configs" }} -checksum/secret: {{ include (print $.Template.BasePath "/secret.yaml") . | sha256sum }} -{{- end }} - -{{/* -StackState URL function -*/}} -{{- define "stackstate-k8s-agent.stackstate.url" -}} -{{ tpl .Values.stackstate.url . | quote }} -{{- end }} - -{{- define "stackstate-k8s-agent.configmap.override.checksum" -}} -{{- if .Values.clusterAgent.config.override }} -checksum/override-configmap: {{ include (print $.Template.BasePath "/cluster-agent-configmap.yaml") . | sha256sum }} -{{- end }} -{{- end }} - -{{- define "stackstate-k8s-agent.nodeAgent.configmap.override.checksum" -}} -{{- if .Values.nodeAgent.config.override }} -checksum/override-configmap: {{ include (print $.Template.BasePath "/node-agent-configmap.yaml") . | sha256sum }} -{{- end }} -{{- end }} - -{{- define "stackstate-k8s-agent.logsAgent.configmap.override.checksum" -}} -checksum/override-configmap: {{ include (print $.Template.BasePath "/logs-agent-configmap.yaml") . | sha256sum }} -{{- end }} - -{{- define "stackstate-k8s-agent.checksAgent.configmap.override.checksum" -}} -{{- if .Values.checksAgent.config.override }} -checksum/override-configmap: {{ include (print $.Template.BasePath "/checks-agent-configmap.yaml") . | sha256sum }} -{{- end }} -{{- end }} - - -{{/* -Return the image registry -*/}} -{{- define "stackstate-k8s-agent.imageRegistry" -}} - {{- if .Values.global }} - {{- .Values.global.imageRegistry | default .Values.all.image.registry -}} - {{- else -}} - {{- .Values.all.image.registry -}} - {{- end -}} -{{- end -}} - -{{/* -Renders a value that contains a template. -Usage: -{{ include "stackstate-k8s-agent.tplvalue.render" ( dict "value" .Values.path.to.the.Value "context" $) }} -*/}} -{{- define "stackstate-k8s-agent.tplvalue.render" -}} - {{- if typeIs "string" .value }} - {{- tpl .value .context }} - {{- else }} - {{- tpl (.value | toYaml) .context }} - {{- end }} -{{- end -}} - -{{- define "stackstate-k8s-agent.pull-secret.name" -}} -{{ include "stackstate-k8s-agent.fullname" . }}-pull-secret -{{- end -}} - -{{/* -Return the proper Docker Image Registry Secret Names evaluating values as templates -{{ include "stackstate-k8s-agent.image.pullSecrets" ( dict "images" (list .Values.path.to.the.image1, .Values.path.to.the.image2) "context" $) }} -*/}} -{{- define "stackstate-k8s-agent.image.pullSecrets" -}} - {{- $pullSecrets := list }} - {{- $context := .context }} - {{- if $context.Values.global }} - {{- range $context.Values.global.imagePullSecrets -}} - {{/* Is plain array of strings, compatible with all bitnami charts */}} - {{- $pullSecrets = append $pullSecrets (include "stackstate-k8s-agent.tplvalue.render" (dict "value" . "context" $context)) -}} - {{- end -}} - {{- end -}} - {{- range $context.Values.imagePullSecrets -}} - {{- $pullSecrets = append $pullSecrets (include "stackstate-k8s-agent.tplvalue.render" (dict "value" .name "context" $context)) -}} - {{- end -}} - {{- range .images -}} - {{- if .pullSecretName -}} - {{- $pullSecrets = append $pullSecrets (include "stackstate-k8s-agent.tplvalue.render" (dict "value" .pullSecretName "context" $context)) -}} - {{- end -}} - {{- end -}} - {{- $pullSecrets = append $pullSecrets (include "stackstate-k8s-agent.pull-secret.name" $context) -}} - {{- if (not (empty $pullSecrets)) -}} -imagePullSecrets: - {{- range $pullSecrets | uniq }} - - name: {{ . }} - {{- end }} - {{- end }} -{{- end -}} - -{{/* -Check whether the kubernetes-state-metrics configuration is overridden. If so, return 'true' else return nothing (which is false). -{{ include "stackstate-k8s-agent.kube-state-metrics.overridden" $ }} -*/}} -{{- define "stackstate-k8s-agent.kube-state-metrics.overridden" -}} -{{- if .Values.clusterAgent.config.override }} - {{- range $i, $val := .Values.clusterAgent.config.override }} - {{- if and (eq $val.name "conf.yaml") (eq $val.path "/etc/stackstate-agent/conf.d/kubernetes_state.d") }} -true - {{- end }} - {{- end }} -{{- end }} -{{- end -}} - -{{- define "stackstate-k8s-agent.nodeAgent.kube-state-metrics.overridden" -}} -{{- if .Values.nodeAgent.config.override }} - {{- range $i, $val := .Values.nodeAgent.config.override }} - {{- if and (eq $val.name "auto_conf.yaml") (eq $val.path "/etc/stackstate-agent/conf.d/kubernetes_state.d") }} -true - {{- end }} - {{- end }} -{{- end }} -{{- end -}} - -{{/* -Return the appropriate os label -*/}} -{{- define "label.os" -}} -{{- if semverCompare "^1.14-0" .Capabilities.KubeVersion.GitVersion -}} -kubernetes.io/os -{{- else -}} -beta.kubernetes.io/os -{{- end -}} -{{- end -}} diff --git a/charts/stackstate/stackstate-k8s-agent/1.0.49/templates/checks-agent-clusterrolebinding.yaml b/charts/stackstate/stackstate-k8s-agent/1.0.49/templates/checks-agent-clusterrolebinding.yaml deleted file mode 100644 index 9db8b0bc3..000000000 --- a/charts/stackstate/stackstate-k8s-agent/1.0.49/templates/checks-agent-clusterrolebinding.yaml +++ /dev/null @@ -1,18 +0,0 @@ -{{- if .Values.checksAgent.enabled }} -apiVersion: rbac.authorization.k8s.io/v1 -kind: ClusterRoleBinding -metadata: - name: {{ .Release.Name }}-checks-agent - labels: -{{ include "stackstate-k8s-agent.labels" . | indent 4 }} - app.kubernetes.io/component: checks-agent -roleRef: - apiGroup: rbac.authorization.k8s.io - kind: ClusterRole - name: {{ .Release.Name }}-node-agent -subjects: -- apiGroup: "" - kind: ServiceAccount - name: {{ .Release.Name }}-checks-agent - namespace: {{ .Release.Namespace }} -{{- end -}} diff --git a/charts/stackstate/stackstate-k8s-agent/1.0.49/templates/checks-agent-configmap.yaml b/charts/stackstate/stackstate-k8s-agent/1.0.49/templates/checks-agent-configmap.yaml deleted file mode 100644 index faeefa1fc..000000000 --- a/charts/stackstate/stackstate-k8s-agent/1.0.49/templates/checks-agent-configmap.yaml +++ /dev/null @@ -1,14 +0,0 @@ -{{- if and .Values.checksAgent.enabled .Values.checksAgent.config.override }} -apiVersion: v1 -kind: ConfigMap -metadata: - name: {{ .Release.Name }}-checks-agent - labels: -{{ include "stackstate-k8s-agent.labels" . | indent 4 }} - app.kubernetes.io/component: checks-agent -data: -{{- range .Values.checksAgent.config.override }} - {{ .path | replace "/" "_"}}_{{ .name }}: | -{{ .data | indent 4 -}} -{{- end -}} -{{- end -}} diff --git a/charts/stackstate/stackstate-k8s-agent/1.0.49/templates/checks-agent-deployment.yaml b/charts/stackstate/stackstate-k8s-agent/1.0.49/templates/checks-agent-deployment.yaml deleted file mode 100644 index 376db4ddf..000000000 --- a/charts/stackstate/stackstate-k8s-agent/1.0.49/templates/checks-agent-deployment.yaml +++ /dev/null @@ -1,181 +0,0 @@ -{{- if .Values.checksAgent.enabled }} -apiVersion: apps/v1 -kind: Deployment -metadata: - name: {{ .Release.Name }}-checks-agent - namespace: {{ .Release.Namespace }} - labels: -{{ include "stackstate-k8s-agent.labels" . | indent 4 }} - app.kubernetes.io/component: checks-agent -spec: - selector: - matchLabels: - app.kubernetes.io/component: checks-agent - app.kubernetes.io/instance: {{ .Release.Name }} - app.kubernetes.io/name: {{ include "stackstate-k8s-agent.name" . }} - replicas: {{ .Values.checksAgent.replicas }} -{{- with .Values.checksAgent.strategy }} - strategy: - {{- toYaml . | nindent 4 }} -{{- end }} - template: - metadata: - annotations: - {{- include "stackstate-k8s-agent.checksum-configs" . | nindent 8 }} - {{- include "stackstate-k8s-agent.nodeAgent.configmap.override.checksum" . | nindent 8 }} - labels: - app.kubernetes.io/component: checks-agent - app.kubernetes.io/instance: {{ .Release.Name }} - app.kubernetes.io/name: {{ include "stackstate-k8s-agent.name" . }} - spec: - {{- include "stackstate-k8s-agent.image.pullSecrets" (dict "images" (list .Values.checksAgent.image .Values.all.image) "context" $) | nindent 6 }} - {{- if .Values.all.hardening.enabled}} - terminationGracePeriodSeconds: 240 - {{- end }} - containers: - - name: {{ .Chart.Name }} - image: "{{ include "stackstate-k8s-agent.imageRegistry" . }}/{{ .Values.checksAgent.image.repository }}:{{ .Values.checksAgent.image.tag }}" - imagePullPolicy: "{{ .Values.checksAgent.image.pullPolicy }}" - {{- if .Values.all.hardening.enabled}} - lifecycle: - preStop: - exec: - command: [ "/bin/sh", "-c", "echo 'Giving slim.ai monitor time to submit data...'; sleep 120" ] - {{- end }} - env: - - name: STS_API_KEY - valueFrom: - secretKeyRef: - name: {{ include "stackstate-k8s-agent.fullname" . }} - key: sts-api-key - - name: KUBERNETES_HOSTNAME - valueFrom: - fieldRef: - fieldPath: spec.nodeName - - name: STS_HOSTNAME - value: "$(KUBERNETES_HOSTNAME)-{{ .Values.stackstate.cluster.name}}" - - name: AGENT_VERSION - value: {{ .Values.checksAgent.image.tag | quote }} - - name: LOG_LEVEL - value: {{ .Values.checksAgent.logLevel | quote }} - - name: STS_APM_ENABLED - value: "false" - - name: STS_CLUSTER_AGENT_ENABLED - value: {{ .Values.clusterAgent.enabled | quote }} - {{- if .Values.clusterAgent.enabled }} - - name: STS_CLUSTER_AGENT_KUBERNETES_SERVICE_NAME - value: {{ .Release.Name }}-cluster-agent - - name: STS_CLUSTER_AGENT_AUTH_TOKEN - valueFrom: - secretKeyRef: - name: {{ include "stackstate-k8s-agent.fullname" . }} - key: sts-cluster-auth-token - {{- end }} - - name: STS_CLUSTER_NAME - value: {{ .Values.stackstate.cluster.name | quote }} - - name: STS_SKIP_VALIDATE_CLUSTERNAME - value: "true" - - name: STS_CHECKS_TAG_CARDINALITY - value: {{ .Values.checksAgent.checksTagCardinality | quote }} - - name: STS_EXTRA_CONFIG_PROVIDERS - value: "clusterchecks" - - name: STS_HEALTH_PORT - value: "5555" - - name: STS_LEADER_ELECTION - value: "false" - - name: STS_LOG_LEVEL - value: {{ .Values.checksAgent.logLevel | quote }} - - name: STS_NETWORK_TRACING_ENABLED - value: "false" - - name: STS_PROCESS_AGENT_ENABLED - value: "false" - - name: STS_SKIP_SSL_VALIDATION - value: {{ .Values.checksAgent.skipSslValidation | quote }} - - name: STS_STS_URL - value: {{ include "stackstate-k8s-agent.stackstate.url" . }} - {{- range $key, $value := .Values.global.extraEnv.open }} - - name: {{ $key }} - value: {{ $value | quote }} - {{- end }} - {{- range $key, $value := .Values.global.extraEnv.secret }} - - name: {{ $key }} - valueFrom: - secretKeyRef: - name: {{ include "stackstate-k8s-agent.fullname" . }} - key: {{ $key }} - {{- end }} - livenessProbe: - httpGet: - path: /health - port: healthport - failureThreshold: {{ .Values.checksAgent.livenessProbe.failureThreshold }} - initialDelaySeconds: {{ .Values.checksAgent.livenessProbe.initialDelaySeconds }} - periodSeconds: {{ .Values.checksAgent.livenessProbe.periodSeconds }} - successThreshold: {{ .Values.checksAgent.livenessProbe.successThreshold }} - timeoutSeconds: {{ .Values.checksAgent.livenessProbe.timeoutSeconds }} - readinessProbe: - httpGet: - path: /health - port: healthport - failureThreshold: {{ .Values.checksAgent.readinessProbe.failureThreshold }} - initialDelaySeconds: {{ .Values.checksAgent.readinessProbe.initialDelaySeconds }} - periodSeconds: {{ .Values.checksAgent.readinessProbe.periodSeconds }} - successThreshold: {{ .Values.checksAgent.readinessProbe.successThreshold }} - timeoutSeconds: {{ .Values.checksAgent.readinessProbe.timeoutSeconds }} - ports: - - containerPort: 5555 - name: healthport - protocol: TCP - {{- if .Values.all.hardening.enabled}} - securityContext: - privileged: true - runAsUser: 0 # root - capabilities: - add: [ "ALL" ] - readOnlyRootFilesystem: false - {{- else }} - securityContext: - privileged: false - {{- end }} - {{- with .Values.checksAgent.resources }} - resources: - {{- toYaml . | nindent 12 }} - {{- end }} - volumeMounts: - - name: confd-empty-volume - mountPath: /etc/stackstate-agent/conf.d - readOnly: true - {{- if .Values.checksAgent.config.override }} - {{- range .Values.checksAgent.config.override }} - - name: config-override-volume - mountPath: {{ .path }}/{{ .name }} - subPath: {{ .path | replace "/" "_"}}_{{ .name }} - readOnly: true - {{- end }} - {{- end }} - {{- if .Values.checksAgent.priorityClassName }} - priorityClassName: {{ .Values.checksAgent.priorityClassName }} - {{- end }} - serviceAccountName: {{ .Release.Name }}-checks-agent - nodeSelector: - {{ template "label.os" . }}: {{ .Values.targetSystem }} - {{- with .Values.checksAgent.nodeSelector }} - {{- toYaml . | nindent 8 }} - {{- end }} - {{- with .Values.checksAgent.affinity }} - affinity: - {{- toYaml . | nindent 8 }} - {{- end }} - {{- with .Values.checksAgent.tolerations }} - tolerations: - {{- toYaml . | nindent 8 }} - {{- end }} - volumes: - - name: confd-empty-volume - emptyDir: {} - {{- if .Values.checksAgent.config.override }} - - name: config-override-volume - configMap: - name: {{ .Release.Name }}-checks-agent - {{- end }} -{{- end -}} diff --git a/charts/stackstate/stackstate-k8s-agent/1.0.49/templates/checks-agent-poddisruptionbudget.yaml b/charts/stackstate/stackstate-k8s-agent/1.0.49/templates/checks-agent-poddisruptionbudget.yaml deleted file mode 100644 index 7a9f1d8f9..000000000 --- a/charts/stackstate/stackstate-k8s-agent/1.0.49/templates/checks-agent-poddisruptionbudget.yaml +++ /dev/null @@ -1,20 +0,0 @@ -{{- if .Values.checksAgent.enabled }} -{{- if .Capabilities.APIVersions.Has "policy/v1/PodDisruptionBudget" }} -apiVersion: policy/v1 -{{- else }} -apiVersion: policy/v1beta1 -{{- end }} -kind: PodDisruptionBudget -metadata: - name: {{ .Release.Name }}-checks-agent - labels: -{{ include "stackstate-k8s-agent.labels" . | indent 4 }} - app.kubernetes.io/component: checks-agent -spec: - maxUnavailable: 1 - selector: - matchLabels: - app.kubernetes.io/component: checks-agent - app.kubernetes.io/instance: {{ .Release.Name }} - app.kubernetes.io/name: {{ include "stackstate-k8s-agent.name" . }} -{{- end -}} diff --git a/charts/stackstate/stackstate-k8s-agent/1.0.49/templates/checks-agent-serviceaccount.yaml b/charts/stackstate/stackstate-k8s-agent/1.0.49/templates/checks-agent-serviceaccount.yaml deleted file mode 100644 index 444aad220..000000000 --- a/charts/stackstate/stackstate-k8s-agent/1.0.49/templates/checks-agent-serviceaccount.yaml +++ /dev/null @@ -1,14 +0,0 @@ -{{- if .Values.checksAgent.enabled }} -apiVersion: v1 -kind: ServiceAccount -metadata: - name: {{ .Release.Name }}-checks-agent - namespace: {{ .Release.Namespace }} - labels: -{{ include "stackstate-k8s-agent.labels" . | indent 4 }} - app.kubernetes.io/component: checks-agent -{{- end -}} -{{- with .Values.checksAgent.serviceaccount.annotations }} - annotations: - {{- toYaml . | nindent 4 }} -{{- end }} diff --git a/charts/stackstate/stackstate-k8s-agent/1.0.49/templates/cluster-agent-clusterrole.yaml b/charts/stackstate/stackstate-k8s-agent/1.0.49/templates/cluster-agent-clusterrole.yaml deleted file mode 100644 index 6a7b27d18..000000000 --- a/charts/stackstate/stackstate-k8s-agent/1.0.49/templates/cluster-agent-clusterrole.yaml +++ /dev/null @@ -1,106 +0,0 @@ -{{- $kubeRes := .Values.clusterAgent.collection.kubernetesResources }} -apiVersion: rbac.authorization.k8s.io/v1 -kind: ClusterRole -metadata: - name: {{ include "stackstate-k8s-agent.fullname" . }} - labels: -{{ include "stackstate-k8s-agent.labels" . | indent 4 }} - app.kubernetes.io/component: cluster-agent -rules: -- apiGroups: - - "" - resources: - - events - - nodes - - pods - - services - {{- if $kubeRes.namespaces }} - - namespaces - {{- end }} - {{- if .Values.clusterAgent.collection.kubernetesMetrics }} - - componentstatuses - {{- end }} - {{- if $kubeRes.configmaps }} - - configmaps - {{- end }} - {{- if $kubeRes.endpoints }} - - endpoints - {{- end }} - {{- if $kubeRes.persistentvolumeclaims }} - - persistentvolumeclaims - {{- end }} - {{- if $kubeRes.persistentvolumes }} - - persistentvolumes - {{- end }} - {{- if $kubeRes.secrets }} - - secrets - {{- end }} - {{- if $kubeRes.resourcequotas }} - - resourcequotas - {{- end }} - verbs: - - get - - list - - watch -{{- if or $kubeRes.daemonsets $kubeRes.deployments $kubeRes.replicasets $kubeRes.statefulsets }} -- apiGroups: - - "apps" - resources: - {{- if $kubeRes.daemonsets }} - - daemonsets - {{- end }} - {{- if $kubeRes.deployments }} - - deployments - {{- end }} - {{- if $kubeRes.replicasets }} - - replicasets - {{- end }} - {{- if $kubeRes.statefulsets }} - - statefulsets - {{- end }} - verbs: - - get - - list - - watch -{{- end}} -{{- if $kubeRes.ingresses }} -- apiGroups: - - "extensions" - - "networking.k8s.io" - resources: - - ingresses - verbs: - - get - - list - - watch -{{- end}} -{{- if or $kubeRes.cronjobs $kubeRes.jobs }} -- apiGroups: - - "batch" - resources: - {{- if $kubeRes.cronjobs }} - - cronjobs - {{- end }} - {{- if $kubeRes.jobs }} - - jobs - {{- end }} - verbs: - - get - - list - - watch -{{- end}} -- nonResourceURLs: - - "/healthz" - - "/version" - verbs: - - get -- apiGroups: - - "storage.k8s.io" - resources: - {{- if $kubeRes.volumeattachments }} - - volumeattachments - {{- end }} - verbs: - - get - - list - - watch diff --git a/charts/stackstate/stackstate-k8s-agent/1.0.49/templates/cluster-agent-clusterrolebinding.yaml b/charts/stackstate/stackstate-k8s-agent/1.0.49/templates/cluster-agent-clusterrolebinding.yaml deleted file mode 100644 index 0b1bd37ea..000000000 --- a/charts/stackstate/stackstate-k8s-agent/1.0.49/templates/cluster-agent-clusterrolebinding.yaml +++ /dev/null @@ -1,16 +0,0 @@ -apiVersion: rbac.authorization.k8s.io/v1 -kind: ClusterRoleBinding -metadata: - name: {{ include "stackstate-k8s-agent.fullname" . }} - labels: -{{ include "stackstate-k8s-agent.labels" . | indent 4 }} - app.kubernetes.io/component: cluster-agent -roleRef: - apiGroup: rbac.authorization.k8s.io - kind: ClusterRole - name: {{ include "stackstate-k8s-agent.fullname" . }} -subjects: -- apiGroup: "" - kind: ServiceAccount - name: {{ include "stackstate-k8s-agent.fullname" . }} - namespace: {{ .Release.Namespace }} diff --git a/charts/stackstate/stackstate-k8s-agent/1.0.49/templates/cluster-agent-configmap.yaml b/charts/stackstate/stackstate-k8s-agent/1.0.49/templates/cluster-agent-configmap.yaml deleted file mode 100644 index 89273e11b..000000000 --- a/charts/stackstate/stackstate-k8s-agent/1.0.49/templates/cluster-agent-configmap.yaml +++ /dev/null @@ -1,28 +0,0 @@ -apiVersion: v1 -kind: ConfigMap -metadata: - name: {{ .Release.Name }}-cluster-agent - labels: -{{ include "stackstate-k8s-agent.labels" . | indent 4 }} - app.kubernetes.io/component: cluster-agent -data: - kubernetes_api_events_conf: | - init_config: - instances: - - collect_events: {{ .Values.clusterAgent.collection.kubernetesEvents }} - event_categories:{{ .Values.clusterAgent.config.events.categories | toYaml | nindent 10 }} - kubernetes_api_topology_conf: | - init_config: - instances: - - collection_interval: {{ .Values.clusterAgent.config.topology.collectionInterval }} - resources:{{ .Values.clusterAgent.collection.kubernetesResources | toYaml | nindent 10 }} - {{- if .Values.clusterAgent.collection.kubeStateMetrics.enabled }} - kube_state_metrics_core_conf: | - {{- include "cluster-agent-kube-state-metrics" . | nindent 6 }} - {{- end }} -{{- if .Values.clusterAgent.config.override }} -{{- range .Values.clusterAgent.config.override }} - {{ .path | replace "/" "_"}}_{{ .name }}: | -{{ .data | indent 4 -}} -{{- end -}} -{{- end -}} diff --git a/charts/stackstate/stackstate-k8s-agent/1.0.49/templates/cluster-agent-deployment.yaml b/charts/stackstate/stackstate-k8s-agent/1.0.49/templates/cluster-agent-deployment.yaml deleted file mode 100644 index 60c50803a..000000000 --- a/charts/stackstate/stackstate-k8s-agent/1.0.49/templates/cluster-agent-deployment.yaml +++ /dev/null @@ -1,164 +0,0 @@ -apiVersion: apps/v1 -kind: Deployment -metadata: - name: {{ .Release.Name }}-cluster-agent - labels: -{{ include "stackstate-k8s-agent.labels" . | indent 4 }} - app.kubernetes.io/component: cluster-agent -spec: - replicas: {{ .Values.clusterAgent.replicaCount }} - selector: - matchLabels: - app.kubernetes.io/component: cluster-agent - app.kubernetes.io/instance: {{ .Release.Name }} - app.kubernetes.io/name: {{ include "stackstate-k8s-agent.name" . }} -{{- with .Values.clusterAgent.strategy }} - strategy: - {{- toYaml . | nindent 4 }} -{{- end }} - template: - metadata: - annotations: - {{- include "stackstate-k8s-agent.checksum-configs" . | nindent 8 }} - {{- include "stackstate-k8s-agent.configmap.override.checksum" . | nindent 8 }} - labels: - app.kubernetes.io/component: cluster-agent - app.kubernetes.io/instance: {{ .Release.Name }} - app.kubernetes.io/name: {{ include "stackstate-k8s-agent.name" . }} - spec: - {{- include "stackstate-k8s-agent.image.pullSecrets" (dict "images" (list .Values.clusterAgent.image .Values.all.image) "context" $) | nindent 6 }} - {{- if .Values.clusterAgent.priorityClassName }} - priorityClassName: {{ .Values.clusterAgent.priorityClassName }} - {{- end }} - serviceAccountName: {{ include "stackstate-k8s-agent.fullname" . }} - {{- if .Values.all.hardening.enabled}} - terminationGracePeriodSeconds: 240 - {{- end }} - containers: - - name: cluster-agent - image: "{{ include "stackstate-k8s-agent.imageRegistry" . }}/{{ .Values.clusterAgent.image.repository }}:{{ .Values.clusterAgent.image.tag }}" - imagePullPolicy: "{{ .Values.clusterAgent.image.pullPolicy }}" - {{- if .Values.all.hardening.enabled}} - lifecycle: - preStop: - exec: - command: [ "/bin/sh", "-c", "echo 'Giving slim.ai monitor time to submit data...'; sleep 120" ] - {{- end }} - env: - - name: STS_API_KEY - valueFrom: - secretKeyRef: - name: {{ include "stackstate-k8s-agent.fullname" . }} - key: sts-api-key - - name: STS_CLUSTER_AGENT_AUTH_TOKEN - valueFrom: - secretKeyRef: - name: {{ include "stackstate-k8s-agent.fullname" . }} - key: sts-cluster-auth-token - - name: KUBERNETES_HOSTNAME - valueFrom: - fieldRef: - fieldPath: spec.nodeName - - name: STS_HOSTNAME - value: "$(KUBERNETES_HOSTNAME)-{{ .Values.stackstate.cluster.name}}" - - name: LOG_LEVEL - value: {{ .Values.clusterAgent.logLevel | quote }} - {{- if .Values.checksAgent.enabled }} - - name: STS_CLUSTER_CHECKS_ENABLED - value: "true" - - name: STS_EXTRA_CONFIG_PROVIDERS - value: "kube_endpoints kube_services" - - name: STS_EXTRA_LISTENERS - value: "kube_endpoints kube_services" - {{- end }} - - name: STS_CLUSTER_NAME - value: {{.Values.stackstate.cluster.name | quote }} - - name: STS_SKIP_VALIDATE_CLUSTERNAME - value: "true" - - name: STS_COLLECT_KUBERNETES_METRICS - value: {{ .Values.clusterAgent.collection.kubernetesMetrics | quote }} - - name: STS_COLLECT_KUBERNETES_TIMEOUT - value: {{ .Values.clusterAgent.collection.kubernetesTimeout | quote }} - - name: STS_COLLECT_KUBERNETES_TOPOLOGY - value: {{ .Values.clusterAgent.collection.kubernetesTopology | quote }} - - name: STS_LEADER_ELECTION - value: "true" - - name: STS_LOG_LEVEL - value: {{ .Values.clusterAgent.logLevel | quote }} - - name: STS_CLUSTER_AGENT_CMD_PORT - value: {{ .Values.clusterAgent.service.targetPort | quote }} - - name: STS_STS_URL - value: {{ include "stackstate-k8s-agent.stackstate.url" . }} - {{- if .Values.clusterAgent.config.configMap.maxDataSize }} - - name: STS_CONFIGMAP_MAX_DATASIZE - value: {{ .Values.clusterAgent.config.configMap.maxDataSize | quote }} - {{- end}} - {{- range $key, $value := .Values.global.extraEnv.open }} - - name: {{ $key }} - value: {{ $value | quote }} - {{- end }} - {{- range $key, $value := .Values.global.extraEnv.secret }} - - name: {{ $key }} - valueFrom: - secretKeyRef: - name: {{ include "stackstate-k8s-agent.fullname" . }} - key: {{ $key }} - {{- end }} - {{- if .Values.all.hardening.enabled}} - securityContext: - privileged: true - runAsUser: 0 # root - capabilities: - add: [ "ALL" ] - readOnlyRootFilesystem: false - {{- else }} - securityContext: - privileged: false - {{- end }} - {{- with .Values.clusterAgent.resources }} - resources: - {{- toYaml . | nindent 12 }} - {{- end }} - volumeMounts: - - name: logs - mountPath: /var/log/stackstate-agent - - name: config-override-volume - mountPath: /etc/stackstate-agent/conf.d/kubernetes_api_events.d/conf.yaml - subPath: kubernetes_api_events_conf - - name: config-override-volume - mountPath: /etc/stackstate-agent/conf.d/kubernetes_api_topology.d/conf.yaml - subPath: kubernetes_api_topology_conf - readOnly: true - {{- if .Values.clusterAgent.collection.kubeStateMetrics.enabled }} - - name: config-override-volume - mountPath: /etc/stackstate-agent/conf.d/kubernetes_state_core.d/conf.yaml - subPath: kube_state_metrics_core_conf - readOnly: true - {{- end }} - {{- if .Values.clusterAgent.config.override }} - {{- range .Values.clusterAgent.config.override }} - - name: config-override-volume - mountPath: {{ .path }}/{{ .name }} - subPath: {{ .path | replace "/" "_"}}_{{ .name }} - readOnly: true - {{- end }} - {{- end }} - nodeSelector: - {{ template "label.os" . }}: {{ .Values.targetSystem }} - {{- with .Values.clusterAgent.nodeSelector }} - {{- toYaml . | nindent 8 }} - {{- end }} - {{- with .Values.clusterAgent.affinity }} - affinity: - {{- toYaml . | nindent 8 }} - {{- end }} - {{- with .Values.clusterAgent.tolerations }} - tolerations: - {{- toYaml . | nindent 8 }} - {{- end }} - volumes: - - name: logs - emptyDir: {} - - name: config-override-volume - configMap: - name: {{ .Release.Name }}-cluster-agent diff --git a/charts/stackstate/stackstate-k8s-agent/1.0.49/templates/cluster-agent-poddisruptionbudget.yaml b/charts/stackstate/stackstate-k8s-agent/1.0.49/templates/cluster-agent-poddisruptionbudget.yaml deleted file mode 100644 index 652fa63d9..000000000 --- a/charts/stackstate/stackstate-k8s-agent/1.0.49/templates/cluster-agent-poddisruptionbudget.yaml +++ /dev/null @@ -1,18 +0,0 @@ -{{- if .Capabilities.APIVersions.Has "policy/v1/PodDisruptionBudget" }} -apiVersion: policy/v1 -{{- else }} -apiVersion: policy/v1beta1 -{{- end }} -kind: PodDisruptionBudget -metadata: - name: {{ include "stackstate-k8s-agent.fullname" . }} - labels: -{{ include "stackstate-k8s-agent.labels" . | indent 4 }} - app.kubernetes.io/component: cluster-agent -spec: - maxUnavailable: 1 - selector: - matchLabels: - app.kubernetes.io/component: cluster-agent - app.kubernetes.io/instance: {{ .Release.Name }} - app.kubernetes.io/name: {{ include "stackstate-k8s-agent.name" . }} diff --git a/charts/stackstate/stackstate-k8s-agent/1.0.49/templates/cluster-agent-role.yaml b/charts/stackstate/stackstate-k8s-agent/1.0.49/templates/cluster-agent-role.yaml deleted file mode 100644 index afe1594c1..000000000 --- a/charts/stackstate/stackstate-k8s-agent/1.0.49/templates/cluster-agent-role.yaml +++ /dev/null @@ -1,18 +0,0 @@ -{{- $kubeRes := .Values.clusterAgent.collection.kubernetesResources }} -apiVersion: rbac.authorization.k8s.io/v1 -kind: Role -metadata: - name: {{ include "stackstate-k8s-agent.fullname" . }} - labels: -{{ include "stackstate-k8s-agent.labels" . | indent 4 }} - app.kubernetes.io/component: cluster-agent -rules: -- apiGroups: - - "" - resources: - - configmaps - verbs: - - create - - get - - patch - - update diff --git a/charts/stackstate/stackstate-k8s-agent/1.0.49/templates/cluster-agent-rolebinding.yaml b/charts/stackstate/stackstate-k8s-agent/1.0.49/templates/cluster-agent-rolebinding.yaml deleted file mode 100644 index befaa77f2..000000000 --- a/charts/stackstate/stackstate-k8s-agent/1.0.49/templates/cluster-agent-rolebinding.yaml +++ /dev/null @@ -1,15 +0,0 @@ -apiVersion: rbac.authorization.k8s.io/v1 -kind: RoleBinding -metadata: - name: {{ include "stackstate-k8s-agent.fullname" . }} - labels: -{{ include "stackstate-k8s-agent.labels" . | indent 4 }} - app.kubernetes.io/component: cluster-agent -roleRef: - apiGroup: rbac.authorization.k8s.io - kind: Role - name: {{ include "stackstate-k8s-agent.fullname" . }} -subjects: -- apiGroup: "" - kind: ServiceAccount - name: {{ include "stackstate-k8s-agent.fullname" . }} diff --git a/charts/stackstate/stackstate-k8s-agent/1.0.49/templates/cluster-agent-service.yaml b/charts/stackstate/stackstate-k8s-agent/1.0.49/templates/cluster-agent-service.yaml deleted file mode 100644 index 93c39aaba..000000000 --- a/charts/stackstate/stackstate-k8s-agent/1.0.49/templates/cluster-agent-service.yaml +++ /dev/null @@ -1,18 +0,0 @@ -apiVersion: v1 -kind: Service -metadata: - name: {{ .Release.Name }}-cluster-agent - namespace: {{ .Release.Namespace }} - labels: -{{ include "stackstate-k8s-agent.labels" . | indent 4 }} - app.kubernetes.io/component: cluster-agent -spec: - ports: - - name: clusteragent - port: {{int .Values.clusterAgent.service.port }} - protocol: TCP - targetPort: {{int .Values.clusterAgent.service.targetPort }} - selector: - app.kubernetes.io/component: cluster-agent - app.kubernetes.io/instance: {{ .Release.Name }} - app.kubernetes.io/name: {{ include "stackstate-k8s-agent.name" . }} diff --git a/charts/stackstate/stackstate-k8s-agent/1.0.49/templates/cluster-agent-serviceaccount.yaml b/charts/stackstate/stackstate-k8s-agent/1.0.49/templates/cluster-agent-serviceaccount.yaml deleted file mode 100644 index ff7b7be35..000000000 --- a/charts/stackstate/stackstate-k8s-agent/1.0.49/templates/cluster-agent-serviceaccount.yaml +++ /dev/null @@ -1,12 +0,0 @@ -apiVersion: v1 -kind: ServiceAccount -metadata: - name: {{ include "stackstate-k8s-agent.fullname" . }} - namespace: {{ .Release.Namespace }} - labels: -{{ include "stackstate-k8s-agent.labels" . | indent 4 }} - app.kubernetes.io/component: cluster-agent -{{- with .Values.clusterAgent.serviceaccount.annotations }} - annotations: - {{- toYaml . | nindent 4 }} -{{- end }} diff --git a/charts/stackstate/stackstate-k8s-agent/1.0.49/templates/logs-agent-clusterrole.yaml b/charts/stackstate/stackstate-k8s-agent/1.0.49/templates/logs-agent-clusterrole.yaml deleted file mode 100644 index 70d70aa47..000000000 --- a/charts/stackstate/stackstate-k8s-agent/1.0.49/templates/logs-agent-clusterrole.yaml +++ /dev/null @@ -1,20 +0,0 @@ -{{- if .Values.logsAgent.enabled }} -apiVersion: rbac.authorization.k8s.io/v1 -kind: ClusterRole -metadata: - name: {{ .Release.Name }}-logs-agent - labels: -{{ include "stackstate-k8s-agent.labels" . | indent 4 }} - app.kubernetes.io/component: logs-agent -rules: -- apiGroups: # Kubelet connectivity - - "" - resources: - - nodes - - services - - pods - verbs: - - get - - watch - - list -{{- end -}} diff --git a/charts/stackstate/stackstate-k8s-agent/1.0.49/templates/logs-agent-clusterrolebinding.yaml b/charts/stackstate/stackstate-k8s-agent/1.0.49/templates/logs-agent-clusterrolebinding.yaml deleted file mode 100644 index 802c5d8c5..000000000 --- a/charts/stackstate/stackstate-k8s-agent/1.0.49/templates/logs-agent-clusterrolebinding.yaml +++ /dev/null @@ -1,18 +0,0 @@ -{{- if .Values.logsAgent.enabled }} -apiVersion: rbac.authorization.k8s.io/v1 -kind: ClusterRoleBinding -metadata: - name: {{ .Release.Name }}-logs-agent - labels: -{{ include "stackstate-k8s-agent.labels" . | indent 4 }} - app.kubernetes.io/component: logs-agent -roleRef: - apiGroup: rbac.authorization.k8s.io - kind: ClusterRole - name: {{ .Release.Name }}-logs-agent -subjects: -- apiGroup: "" - kind: ServiceAccount - name: {{ .Release.Name }}-logs-agent - namespace: {{ .Release.Namespace }} -{{- end -}} diff --git a/charts/stackstate/stackstate-k8s-agent/1.0.49/templates/logs-agent-configmap.yaml b/charts/stackstate/stackstate-k8s-agent/1.0.49/templates/logs-agent-configmap.yaml deleted file mode 100644 index c934777ef..000000000 --- a/charts/stackstate/stackstate-k8s-agent/1.0.49/templates/logs-agent-configmap.yaml +++ /dev/null @@ -1,54 +0,0 @@ -{{- if .Values.logsAgent.enabled }} -apiVersion: v1 -kind: ConfigMap -metadata: - name: {{ .Release.Name }}-logs-agent - labels: -{{ include "stackstate-k8s-agent.labels" . | indent 4 }} - app.kubernetes.io/component: logs-agent -data: - promtail.yaml: | - server: - http_listen_port: 9080 - grpc_listen_port: 0 - - clients: - - url: {{ tpl .Values.stackstate.url . }}/logs/k8s?api_key=${STS_API_KEY} - external_labels: - sts_cluster_name: {{ .Values.stackstate.cluster.name | quote }} - - positions: - filename: /tmp/positions.yaml - target_config: - sync_period: 10s - scrape_configs: - - job_name: pod-logs - kubernetes_sd_configs: - - role: pod - pipeline_stages: - - docker: {} - - cri: {} - relabel_configs: - - action: replace - source_labels: - - __meta_kubernetes_pod_name - target_label: pod_name - - action: replace - source_labels: - - __meta_kubernetes_pod_uid - target_label: pod_uid - - action: replace - source_labels: - - __meta_kubernetes_pod_container_name - target_label: container_name - # The __path__ is required by the promtail client - - replacement: /var/log/pods/*$1/*.log - separator: / - source_labels: - - __meta_kubernetes_pod_uid - - __meta_kubernetes_pod_container_name - target_label: __path__ - # Drop all remaining labels, we do not need those - - action: drop - regex: __meta_(.*) -{{- end -}} diff --git a/charts/stackstate/stackstate-k8s-agent/1.0.49/templates/logs-agent-daemonset.yaml b/charts/stackstate/stackstate-k8s-agent/1.0.49/templates/logs-agent-daemonset.yaml deleted file mode 100644 index 015cdba2a..000000000 --- a/charts/stackstate/stackstate-k8s-agent/1.0.49/templates/logs-agent-daemonset.yaml +++ /dev/null @@ -1,90 +0,0 @@ -{{- if .Values.logsAgent.enabled }} -apiVersion: apps/v1 -kind: DaemonSet -metadata: - name: {{ .Release.Name }}-logs-agent - namespace: {{ .Release.Namespace }} - labels: -{{ include "stackstate-k8s-agent.labels" . | indent 4 }} - app.kubernetes.io/component: logs-agent -spec: - selector: - matchLabels: - app.kubernetes.io/component: logs-agent - app.kubernetes.io/instance: {{ .Release.Name }} - app.kubernetes.io/name: {{ include "stackstate-k8s-agent.name" . }} -{{- with .Values.logsAgent.updateStrategy }} - updateStrategy: - {{- toYaml . | nindent 4 }} -{{- end }} - template: - metadata: - annotations: - {{- include "stackstate-k8s-agent.checksum-configs" . | nindent 8 }} - {{- include "stackstate-k8s-agent.logsAgent.configmap.override.checksum" . | nindent 8 }} - labels: - app.kubernetes.io/component: logs-agent - app.kubernetes.io/instance: {{ .Release.Name }} - app.kubernetes.io/name: {{ include "stackstate-k8s-agent.name" . }} - spec: - {{- include "stackstate-k8s-agent.image.pullSecrets" (dict "images" (list .Values.logsAgent.image .Values.all.image) "context" $) | nindent 6 }} - containers: - - name: logs-agent - image: "{{ include "stackstate-k8s-agent.imageRegistry" . }}/{{ .Values.logsAgent.image.repository }}:{{ .Values.logsAgent.image.tag }}" - args: - - -config.expand-env=true - - -config.file=/etc/promtail/promtail.yaml - imagePullPolicy: "{{ .Values.logsAgent.image.pullPolicy }}" - env: - - name: STS_API_KEY - valueFrom: - secretKeyRef: - name: {{ include "stackstate-k8s-agent.fullname" . }} - key: sts-api-key - - name: "HOSTNAME" # needed when using kubernetes_sd_configs - valueFrom: - fieldRef: - fieldPath: "spec.nodeName" - securityContext: - privileged: false - {{- with .Values.logsAgent.resources }} - resources: - {{- toYaml . | nindent 12 }} - {{- end }} - volumeMounts: - - name: logs - mountPath: /var/log - readOnly: true - - name: logs-agent-config - mountPath: /etc/promtail - readOnly: true - - name: varlibdockercontainers - mountPath: /var/lib/docker/containers - readOnly: true - {{- if .Values.logsAgent.priorityClassName }} - priorityClassName: {{ .Values.logsAgent.priorityClassName }} - {{- end }} - serviceAccountName: {{ .Release.Name }}-logs-agent - {{- with .Values.logsAgent.nodeSelector }} - nodeSelector: - {{- toYaml . | nindent 8 }} - {{- end }} - {{- with .Values.logsAgent.affinity }} - affinity: - {{- toYaml . | nindent 8 }} - {{- end }} - {{- with .Values.logsAgent.tolerations }} - tolerations: - {{- toYaml . | nindent 8 }} - {{- end }} - volumes: - - name: logs - hostPath: - path: /var/log - - name: varlibdockercontainers - hostPath: - path: /var/lib/docker/containers - - name: logs-agent-config - configMap: - name: {{ .Release.Name }}-logs-agent -{{- end -}} diff --git a/charts/stackstate/stackstate-k8s-agent/1.0.49/templates/logs-agent-serviceaccount.yaml b/charts/stackstate/stackstate-k8s-agent/1.0.49/templates/logs-agent-serviceaccount.yaml deleted file mode 100644 index e562c04e4..000000000 --- a/charts/stackstate/stackstate-k8s-agent/1.0.49/templates/logs-agent-serviceaccount.yaml +++ /dev/null @@ -1,14 +0,0 @@ -{{- if .Values.logsAgent.enabled }} -apiVersion: v1 -kind: ServiceAccount -metadata: - name: {{ .Release.Name }}-logs-agent - namespace: {{ .Release.Namespace }} - labels: -{{ include "stackstate-k8s-agent.labels" . | indent 4 }} - app.kubernetes.io/component: logs-agent -{{- with .Values.logsAgent.serviceaccount.annotations }} - annotations: - {{- toYaml . | nindent 4 }} -{{- end }} -{{- end -}} diff --git a/charts/stackstate/stackstate-k8s-agent/1.0.49/templates/node-agent-clusterrole.yaml b/charts/stackstate/stackstate-k8s-agent/1.0.49/templates/node-agent-clusterrole.yaml deleted file mode 100644 index 11a53c6ed..000000000 --- a/charts/stackstate/stackstate-k8s-agent/1.0.49/templates/node-agent-clusterrole.yaml +++ /dev/null @@ -1,18 +0,0 @@ -apiVersion: rbac.authorization.k8s.io/v1 -kind: ClusterRole -metadata: - name: {{ .Release.Name }}-node-agent - labels: -{{ include "stackstate-k8s-agent.labels" . | indent 4 }} - app.kubernetes.io/component: node-agent -rules: -- apiGroups: # Kubelet connectivity - - "" - resources: - - nodes/metrics - - nodes/proxy - - nodes/spec - - endpoints - verbs: - - get - - list diff --git a/charts/stackstate/stackstate-k8s-agent/1.0.49/templates/node-agent-clusterrolebinding.yaml b/charts/stackstate/stackstate-k8s-agent/1.0.49/templates/node-agent-clusterrolebinding.yaml deleted file mode 100644 index 8a33cb0bc..000000000 --- a/charts/stackstate/stackstate-k8s-agent/1.0.49/templates/node-agent-clusterrolebinding.yaml +++ /dev/null @@ -1,16 +0,0 @@ -apiVersion: rbac.authorization.k8s.io/v1 -kind: ClusterRoleBinding -metadata: - name: {{ .Release.Name }}-node-agent - labels: -{{ include "stackstate-k8s-agent.labels" . | indent 4 }} - app.kubernetes.io/component: node-agent -roleRef: - apiGroup: rbac.authorization.k8s.io - kind: ClusterRole - name: {{ .Release.Name }}-node-agent -subjects: -- apiGroup: "" - kind: ServiceAccount - name: {{ .Release.Name }}-node-agent - namespace: {{ .Release.Namespace }} diff --git a/charts/stackstate/stackstate-k8s-agent/1.0.49/templates/node-agent-configmap.yaml b/charts/stackstate/stackstate-k8s-agent/1.0.49/templates/node-agent-configmap.yaml deleted file mode 100644 index 8fdd99258..000000000 --- a/charts/stackstate/stackstate-k8s-agent/1.0.49/templates/node-agent-configmap.yaml +++ /dev/null @@ -1,14 +0,0 @@ -{{- if .Values.nodeAgent.config.override }} -apiVersion: v1 -kind: ConfigMap -metadata: - name: {{ .Release.Name }}-node-agent - labels: -{{ include "stackstate-k8s-agent.labels" . | indent 4 }} - app.kubernetes.io/component: node-agent -data: -{{- range .Values.nodeAgent.config.override }} - {{ .path | replace "/" "_"}}_{{ .name }}: | -{{ .data | indent 4 -}} -{{- end -}} -{{- end -}} diff --git a/charts/stackstate/stackstate-k8s-agent/1.0.49/templates/node-agent-daemonset.yaml b/charts/stackstate/stackstate-k8s-agent/1.0.49/templates/node-agent-daemonset.yaml deleted file mode 100644 index d10182508..000000000 --- a/charts/stackstate/stackstate-k8s-agent/1.0.49/templates/node-agent-daemonset.yaml +++ /dev/null @@ -1,101 +0,0 @@ -apiVersion: apps/v1 -kind: DaemonSet -metadata: - name: {{ .Release.Name }}-node-agent - namespace: {{ .Release.Namespace }} - labels: -{{ include "stackstate-k8s-agent.labels" . | indent 4 }} - app.kubernetes.io/component: node-agent -spec: - selector: - matchLabels: - app.kubernetes.io/component: node-agent - app.kubernetes.io/instance: {{ .Release.Name }} - app.kubernetes.io/name: {{ include "stackstate-k8s-agent.name" . }} -{{- with .Values.nodeAgent.updateStrategy }} - updateStrategy: - {{- toYaml . | nindent 4 }} -{{- end }} - template: - metadata: - annotations: - {{- include "stackstate-k8s-agent.checksum-configs" . | nindent 8 }} - {{- include "stackstate-k8s-agent.nodeAgent.configmap.override.checksum" . | nindent 8 }} - labels: - app.kubernetes.io/component: node-agent - app.kubernetes.io/instance: {{ .Release.Name }} - app.kubernetes.io/name: {{ include "stackstate-k8s-agent.name" . }} - spec: - {{- include "stackstate-k8s-agent.image.pullSecrets" (dict "images" (list .Values.nodeAgent.containers.agent.image .Values.all.image) "context" $) | nindent 6 }} - {{- if .Values.all.hardening.enabled}} - terminationGracePeriodSeconds: 240 - {{- end }} - containers: - {{- include "container-agent" . | nindent 6 }} - {{- if .Values.nodeAgent.containers.processAgent.enabled }} - {{- include "container-process-agent" . | nindent 6 }} - {{- end }} - dnsPolicy: ClusterFirstWithHostNet - hostNetwork: true - hostPID: true - {{- if .Values.nodeAgent.priorityClassName }} - priorityClassName: {{ .Values.nodeAgent.priorityClassName }} - {{- end }} - serviceAccountName: {{ .Release.Name }}-node-agent - nodeSelector: - {{ template "label.os" . }}: {{ .Values.targetSystem }} - {{- with .Values.nodeAgent.nodeSelector }} - {{- toYaml . | nindent 8 }} - {{- end }} - {{- with .Values.nodeAgent.affinity }} - affinity: - {{- toYaml . | nindent 8 }} - {{- end }} - {{- with .Values.nodeAgent.tolerations }} - tolerations: - {{- toYaml . | nindent 8 }} - {{- end }} - volumes: - {{- if .Values.nodeAgent.containerRuntime.customSocketPath }} - - hostPath: - path: {{ .Values.nodeAgent.containerRuntime.customSocketPath }} - name: customcrisocket - {{- end }} - - hostPath: - path: /var/lib/kubelet - name: kubelet - - hostPath: - path: /var/lib/nfs - name: nfs - - hostPath: - path: /var/lib/docker/overlay2 - name: dockeroverlay2 - - hostPath: - path: /run/docker/netns - name: dockernetns - - hostPath: - path: /var/run/crio/crio.sock - name: crisocket - - hostPath: - path: /var/run/containerd/containerd.sock - name: containerdsocket - - hostPath: - path: /sys/kernel/debug - name: sys-kernel-debug - - hostPath: - path: /var/run/docker.sock - name: dockersocket - - hostPath: - path: {{ .Values.nodeAgent.containerRuntime.hostProc }} - name: procdir - - hostPath: - path: /etc/passwd - name: passwd - - hostPath: - path: /sys/fs/cgroup - name: cgroups - {{- if .Values.nodeAgent.config.override }} - - name: config-override-volume - configMap: - name: {{ .Release.Name }}-node-agent - {{- end }} diff --git a/charts/stackstate/stackstate-k8s-agent/1.0.49/templates/node-agent-scc.yaml b/charts/stackstate/stackstate-k8s-agent/1.0.49/templates/node-agent-scc.yaml deleted file mode 100644 index 562a099c7..000000000 --- a/charts/stackstate/stackstate-k8s-agent/1.0.49/templates/node-agent-scc.yaml +++ /dev/null @@ -1,56 +0,0 @@ -{{- if .Values.nodeAgent.scc.enabled }} -allowHostDirVolumePlugin: true -# was true -allowHostIPC: true -# was true -allowHostNetwork: true -# Allow host PID for dogstatsd origin detection -allowHostPID: true -# Allow host ports for dsd / trace / logs intake -allowHostPorts: true -allowPrivilegeEscalation: true -# was true -allowPrivilegedContainer: true -# was - '*' -allowedCapabilities: [] -allowedUnsafeSysctls: -- '*' -apiVersion: security.openshift.io/v1 -defaultAddCapabilities: null -fsGroup: -# was RunAsAny - type: MustRunAs -groups: [] -kind: SecurityContextConstraints -metadata: - name: {{ .Release.Name }}-node-agent - namespace: {{ .Release.Namespace }} -priority: null -readOnlyRootFilesystem: false -requiredDropCapabilities: null -# was RunAsAny -runAsUser: - type: MustRunAsRange -# Use the `spc_t` selinux type to access the -# docker socket + proc and cgroup stats -seLinuxContext: - type: RunAsAny - seLinuxOptions: - user: "system_u" - role: "system_r" - type: "spc_t" - level: "s0" -# was - '*' -seccompProfiles: [] -supplementalGroups: - type: RunAsAny -users: -- system:serviceaccount:{{ .Release.Namespace }}:{{ .Release.Name }}-node-agent -# Allow hostPath for docker / process metrics -volumes: - - configMap - - downwardAPI - - emptyDir - - hostPath - - secret -{{- end }} diff --git a/charts/stackstate/stackstate-k8s-agent/1.0.49/templates/node-agent-service.yaml b/charts/stackstate/stackstate-k8s-agent/1.0.49/templates/node-agent-service.yaml deleted file mode 100644 index ad5ad71ce..000000000 --- a/charts/stackstate/stackstate-k8s-agent/1.0.49/templates/node-agent-service.yaml +++ /dev/null @@ -1,26 +0,0 @@ -apiVersion: v1 -kind: Service -metadata: - name: {{ .Release.Name }}-node-agent - namespace: {{ .Release.Namespace }} - labels: -{{ include "stackstate-k8s-agent.labels" . | indent 4 }} - app.kubernetes.io/component: node-agent -{{- with .Values.nodeAgent.service.annotations }} - annotations: - {{- toYaml . | nindent 4 }} -{{- end }} -spec: - type: {{ .Values.nodeAgent.service.type }} -{{- if eq .Values.nodeAgent.service.type "LoadBalancer" }} - loadBalancerSourceRanges: {{ toYaml .Values.nodeAgent.service.loadBalancerSourceRanges | nindent 4}} -{{- end }} - ports: - - name: traceport - port: 8126 - protocol: TCP - targetPort: 8126 - selector: - app.kubernetes.io/component: node-agent - app.kubernetes.io/instance: {{ .Release.Name }} - app.kubernetes.io/name: {{ include "stackstate-k8s-agent.name" . }} diff --git a/charts/stackstate/stackstate-k8s-agent/1.0.49/templates/node-agent-serviceaccount.yaml b/charts/stackstate/stackstate-k8s-agent/1.0.49/templates/node-agent-serviceaccount.yaml deleted file mode 100644 index 935fa9674..000000000 --- a/charts/stackstate/stackstate-k8s-agent/1.0.49/templates/node-agent-serviceaccount.yaml +++ /dev/null @@ -1,12 +0,0 @@ -apiVersion: v1 -kind: ServiceAccount -metadata: - name: {{ .Release.Name }}-node-agent - namespace: {{ .Release.Namespace }} - labels: -{{ include "stackstate-k8s-agent.labels" . | indent 4 }} - app.kubernetes.io/component: node-agent -{{- with .Values.nodeAgent.serviceaccount.annotations }} - annotations: - {{- toYaml . | nindent 4 }} -{{- end }} diff --git a/charts/stackstate/stackstate-k8s-agent/1.0.49/templates/openshift-logging-secret.yaml b/charts/stackstate/stackstate-k8s-agent/1.0.49/templates/openshift-logging-secret.yaml deleted file mode 100644 index df813afe2..000000000 --- a/charts/stackstate/stackstate-k8s-agent/1.0.49/templates/openshift-logging-secret.yaml +++ /dev/null @@ -1,17 +0,0 @@ -{{- if .Values.openShiftLogging.installSecret }} -apiVersion: v1 -kind: Secret -metadata: - name: {{ include "stackstate-k8s-agent.fullname" . }}-logging-secret - namespace: openshift-logging - labels: -{{ include "stackstate-k8s-agent.labels" . | indent 4 }} -type: Opaque -data: - username: {{ "apikey" | b64enc | quote }} -{{- if .Values.global.receiverApiKey }} - password: {{ .Values.global.receiverApiKey | b64enc | quote }} -{{- else }} - password: {{ .Values.stackstate.apiKey | b64enc | quote }} -{{- end }} -{{- end }} diff --git a/charts/stackstate/stackstate-k8s-agent/1.0.49/templates/pull-secret.yaml b/charts/stackstate/stackstate-k8s-agent/1.0.49/templates/pull-secret.yaml deleted file mode 100644 index 441a42a15..000000000 --- a/charts/stackstate/stackstate-k8s-agent/1.0.49/templates/pull-secret.yaml +++ /dev/null @@ -1,35 +0,0 @@ -{{- $defaultRegistry := .Values.global.imageRegistry }} -{{- $top := . }} -{{- $registryAuthMap := dict }} - -{{- range $registry, $credentials := .Values.global.imagePullCredentials }} - {{- $registryAuthDocument := dict -}} - {{- $_ := set $registryAuthDocument "username" $credentials.username }} - {{- $_ := set $registryAuthDocument "password" $credentials.password }} - {{- $authMessage := printf "%s:%s" $registryAuthDocument.username $registryAuthDocument.password | b64enc }} - {{- $_ := set $registryAuthDocument "auth" $authMessage }} - {{- if eq $registry "default" }} - {{- $registryAuthMap := set $registryAuthMap (include "stackstate-k8s-agent.imageRegistry" $top) $registryAuthDocument }} - {{ else }} - {{- $registryAuthMap := set $registryAuthMap $registry $registryAuthDocument }} - {{- end }} -{{- end }} - -{{- if .Values.all.image.pullSecretUsername }} - {{- $registryAuthDocument := dict -}} - {{- $_ := set $registryAuthDocument "username" .Values.all.image.pullSecretUsername }} - {{- $_ := set $registryAuthDocument "password" .Values.all.image.pullSecretPassword }} - {{- $authMessage := printf "%s:%s" $registryAuthDocument.username $registryAuthDocument.password | b64enc }} - {{- $_ := set $registryAuthDocument "auth" $authMessage }} - {{- $registryAuthMap := set $registryAuthMap (include "stackstate-k8s-agent.imageRegistry" $top) $registryAuthDocument }} -{{- end }} - -{{- $dockerAuthsDocuments := dict "auths" $registryAuthMap }} - -apiVersion: v1 -kind: Secret -metadata: - name: {{ include "stackstate-k8s-agent.pull-secret.name" . }} -data: - .dockerconfigjson: {{ $dockerAuthsDocuments | toJson | b64enc | quote }} -type: kubernetes.io/dockerconfigjson diff --git a/charts/stackstate/stackstate-k8s-agent/1.0.49/templates/secret.yaml b/charts/stackstate/stackstate-k8s-agent/1.0.49/templates/secret.yaml deleted file mode 100644 index 31057ccf3..000000000 --- a/charts/stackstate/stackstate-k8s-agent/1.0.49/templates/secret.yaml +++ /dev/null @@ -1,22 +0,0 @@ -apiVersion: v1 -kind: Secret -metadata: - name: {{ include "stackstate-k8s-agent.fullname" . }} - namespace: {{ .Release.Namespace }} - labels: -{{ include "stackstate-k8s-agent.labels" . | indent 4 }} -type: Opaque -data: -{{- if .Values.global.receiverApiKey }} - sts-api-key: {{ .Values.global.receiverApiKey | b64enc | quote }} -{{- else }} - sts-api-key: {{ .Values.stackstate.apiKey | b64enc | quote }} -{{- end }} -{{- if .Values.stackstate.cluster.authToken }} - sts-cluster-auth-token: {{ .Values.stackstate.cluster.authToken | b64enc | quote }} -{{- else }} - sts-cluster-auth-token: {{ randAlphaNum 32 | b64enc | quote }} -{{- end }} -{{- range $key, $value := .Values.global.extraEnv.secret }} - {{ $key }}: {{ $value | b64enc | quote }} -{{- end }} diff --git a/charts/stackstate/stackstate-k8s-agent/1.0.49/test/clusteragent_resources_test.go b/charts/stackstate/stackstate-k8s-agent/1.0.49/test/clusteragent_resources_test.go deleted file mode 100644 index 25875e871..000000000 --- a/charts/stackstate/stackstate-k8s-agent/1.0.49/test/clusteragent_resources_test.go +++ /dev/null @@ -1,145 +0,0 @@ -package test - -import ( - "regexp" - "strings" - "testing" - - v1 "k8s.io/api/rbac/v1" - - "github.com/stretchr/testify/assert" - "gitlab.com/StackVista/DevOps/helm-charts/helmtestutil" -) - -var requiredRules = []string{ - "events+get,list,watch", - "nodes+get,list,watch", - "pods+get,list,watch", - "services+get,list,watch", - "configmaps+create,get,patch,update", -} - -var optionalRules = []string{ - "namespaces+get,list,watch", - "componentstatuses+get,list,watch", - "configmaps+list,watch", // get is already required - "endpoints+get,list,watch", - "persistentvolumeclaims+get,list,watch", - "persistentvolumes+get,list,watch", - "secrets+get,list,watch", - "apps/daemonsets+get,list,watch", - "apps/deployments+get,list,watch", - "apps/replicasets+get,list,watch", - "apps/statefulsets+get,list,watch", - "extensions/ingresses+get,list,watch", - "batch/cronjobs+get,list,watch", - "batch/jobs+get,list,watch", -} - -var roleDescriptionRegexp = regexp.MustCompile(`^((?P\w+)/)?(?P\w+)\+(?P[\w,]+)`) - -type Rule struct { - Group string - ResourceName string - Verb string -} - -func assertRuleExistence(t *testing.T, rules []v1.PolicyRule, roleDescription string, shouldBePresent bool) { - match := roleDescriptionRegexp.FindStringSubmatch(roleDescription) - assert.NotNil(t, match) - - var roleRules []Rule - for _, rule := range rules { - for _, group := range rule.APIGroups { - for _, resource := range rule.Resources { - for _, verb := range rule.Verbs { - roleRules = append(roleRules, Rule{group, resource, verb}) - } - } - } - } - - resGroup := match[roleDescriptionRegexp.SubexpIndex("group")] - resName := match[roleDescriptionRegexp.SubexpIndex("name")] - verbs := strings.Split(match[roleDescriptionRegexp.SubexpIndex("verbs")], ",") - - for _, verb := range verbs { - requiredRule := Rule{resGroup, resName, verb} - found := false - for _, rule := range roleRules { - if rule == requiredRule { - found = true - break - } - } - if shouldBePresent { - assert.Truef(t, found, "Rule %v has not been found", requiredRule) - } else { - assert.Falsef(t, found, "Rule %v should not be present", requiredRule) - } - } -} - -func TestAllResourcesAreEnabled(t *testing.T) { - output := helmtestutil.RenderHelmTemplate(t, "stackstate-k8s-agent", "values/minimal.yaml") - resources := helmtestutil.NewKubernetesResources(t, output) - - assert.Contains(t, resources.ClusterRoles, "stackstate-k8s-agent") - assert.Contains(t, resources.Roles, "stackstate-k8s-agent") - rules := resources.ClusterRoles["stackstate-k8s-agent"].Rules - rules = append(rules, resources.Roles["stackstate-k8s-agent"].Rules...) - - for _, requiredRole := range requiredRules { - assertRuleExistence(t, rules, requiredRole, true) - } - // be default, everything is enabled, so all the optional roles should be present as well - for _, optionalRule := range optionalRules { - assertRuleExistence(t, rules, optionalRule, true) - } -} - -func TestMostOfResourcesAreDisabled(t *testing.T) { - output := helmtestutil.RenderHelmTemplate(t, "stackstate-k8s-agent", "values/minimal.yaml", "values/disable-all-resource.yaml") - resources := helmtestutil.NewKubernetesResources(t, output) - - assert.Contains(t, resources.ClusterRoles, "stackstate-k8s-agent") - assert.Contains(t, resources.Roles, "stackstate-k8s-agent") - rules := resources.ClusterRoles["stackstate-k8s-agent"].Rules - rules = append(rules, resources.Roles["stackstate-k8s-agent"].Rules...) - - for _, requiredRole := range requiredRules { - assertRuleExistence(t, rules, requiredRole, true) - } - - // we expect all optional resources to be removed from ClusterRole with the given values - for _, optionalRule := range optionalRules { - assertRuleExistence(t, rules, optionalRule, false) - } -} - -func TestNoClusterWideModificationRights(t *testing.T) { - output := helmtestutil.RenderHelmTemplate(t, "stackstate-k8s-agent", "values/minimal.yaml", "values/http-header-injector.yaml") - resources := helmtestutil.NewKubernetesResources(t, output) - assert.Contains(t, resources.ClusterRoles, "stackstate-k8s-agent") - illegalVerbs := []string{"create", "patch", "update", "delete"} - - for _, clusterRole := range resources.ClusterRoles { - for _, rule := range clusterRole.Rules { - for _, verb := range rule.Verbs { - assert.NotContains(t, illegalVerbs, verb, "ClusterRole %s should not have %s verb for %s resource", clusterRole.Name, verb, rule.Resources) - } - } - } -} - -func TestServicePortChange(t *testing.T) { - output := helmtestutil.RenderHelmTemplate(t, "stackstate-k8s-agent", "values/minimal.yaml", "values/clustercheck_service_port_override.yaml") - resources := helmtestutil.NewKubernetesResources(t, output) - - cluster_agent_service := resources.Services["stackstate-k8s-agent-cluster-agent"] - - port := cluster_agent_service.Spec.Ports[0] - assert.Equal(t, port.Name, "clusteragent") - assert.Equal(t, port.Port, int32(8008)) - assert.Equal(t, port.TargetPort.IntVal, int32(9009)) -} diff --git a/charts/stackstate/stackstate-k8s-agent/1.0.49/test/clustername_test.go b/charts/stackstate/stackstate-k8s-agent/1.0.49/test/clustername_test.go deleted file mode 100644 index 55090b995..000000000 --- a/charts/stackstate/stackstate-k8s-agent/1.0.49/test/clustername_test.go +++ /dev/null @@ -1,54 +0,0 @@ -package test - -import ( - "testing" - - "github.com/gruntwork-io/terratest/modules/helm" - "github.com/stretchr/testify/assert" - - "gitlab.com/StackVista/DevOps/helm-charts/helmtestutil" -) - -func TestHelmBasicRender(t *testing.T) { - output := helmtestutil.RenderHelmTemplate(t, "stackstate-k8s-agent", "values/minimal.yaml") - - // Parse all resources into their corresponding types for validation and further inspection - helmtestutil.NewKubernetesResources(t, output) -} - -func TestClusterNameValidation(t *testing.T) { - testCases := []struct { - Name string - ClusterName string - IsValid bool - }{ - {"not allowed end with special character [.]", "name.", false}, - {"not allowed end with special character [-]", "name.", false}, - {"not allowed start with special character [-]", "-name", false}, - {"not allowed start with special character [.]", ".name", false}, - {"upper case is not allowed", "Euwest1-prod.cool-company.com", false}, - {"upper case is not allowed", "euwest1-PROD.cool-company.com", false}, - {"upper case is not allowed", "euwest1-prod.cool-company.coM", false}, - {"dots and dashes are allowed in the middle", "euwest1-prod.cool-company.com", true}, - {"underscore is not allowed", "why_7", false}, - } - - for _, testCase := range testCases { - t.Run(testCase.Name, func(t *testing.T) { - output, err := helmtestutil.RenderHelmTemplateOpts( - t, "cluster-agent", - &helm.Options{ - ValuesFiles: []string{"values/minimal.yaml"}, - SetStrValues: map[string]string{ - "stackstate.cluster.name": testCase.ClusterName, - }, - }) - if testCase.IsValid { - assert.Nil(t, err) - } else { - assert.NotNil(t, err) - assert.Contains(t, output, "stackstate.cluster.name: Does not match pattern") - } - }) - } -} diff --git a/charts/stackstate/stackstate-k8s-agent/1.0.49/test/values/clustercheck_ksm_custom_url.yaml b/charts/stackstate/stackstate-k8s-agent/1.0.49/test/values/clustercheck_ksm_custom_url.yaml deleted file mode 100644 index 57b973eed..000000000 --- a/charts/stackstate/stackstate-k8s-agent/1.0.49/test/values/clustercheck_ksm_custom_url.yaml +++ /dev/null @@ -1,7 +0,0 @@ -checksAgent: - enabled: true - kubeStateMetrics: - url: http://my-custom-ksm-url.monitoring.svc.local:8080/metrics -dependencies: - kubeStateMetrics: - enabled: true diff --git a/charts/stackstate/stackstate-k8s-agent/1.0.49/test/values/clustercheck_ksm_no_override.yaml b/charts/stackstate/stackstate-k8s-agent/1.0.49/test/values/clustercheck_ksm_no_override.yaml deleted file mode 100644 index b6c817d47..000000000 --- a/charts/stackstate/stackstate-k8s-agent/1.0.49/test/values/clustercheck_ksm_no_override.yaml +++ /dev/null @@ -1,5 +0,0 @@ -checksAgent: - enabled: true -dependencies: - kubeStateMetrics: - enabled: true diff --git a/charts/stackstate/stackstate-k8s-agent/1.0.49/test/values/clustercheck_ksm_override.yaml b/charts/stackstate/stackstate-k8s-agent/1.0.49/test/values/clustercheck_ksm_override.yaml deleted file mode 100644 index 9ca201345..000000000 --- a/charts/stackstate/stackstate-k8s-agent/1.0.49/test/values/clustercheck_ksm_override.yaml +++ /dev/null @@ -1,26 +0,0 @@ -checksAgent: - enabled: true -dependencies: - kubeStateMetrics: - enabled: true -agent: - config: - override: -# agent.config.override -- Disables kubernetes_state check on regular agent pods. - - name: auto_conf.yaml - path: /etc/stackstate-agent/conf.d/kubernetes_state.d - data: | -clusterAgent: - config: - override: -# clusterAgent.config.override -- Defines kubernetes_state check for clusterchecks agents. Auto-discovery -# with ad_identifiers does not work here. Use a specific URL instead. - - name: conf.yaml - path: /etc/stackstate-agent/conf.d/kubernetes_state.d - data: | - cluster_check: true - - init_config: - - instances: - - kube_state_url: http://YOUR_KUBE_STATE_METRICS_SERVICE_NAME:8080/metrics diff --git a/charts/stackstate/stackstate-k8s-agent/1.0.49/test/values/clustercheck_no_ksm_custom_url.yaml b/charts/stackstate/stackstate-k8s-agent/1.0.49/test/values/clustercheck_no_ksm_custom_url.yaml deleted file mode 100644 index a62691878..000000000 --- a/charts/stackstate/stackstate-k8s-agent/1.0.49/test/values/clustercheck_no_ksm_custom_url.yaml +++ /dev/null @@ -1,7 +0,0 @@ -checksAgent: - enabled: true - kubeStateMetrics: - url: http://my-custom-ksm-url.monitoring.svc.local:8080/metrics -dependencies: - kubeStateMetrics: - enabled: false diff --git a/charts/stackstate/stackstate-k8s-agent/1.0.49/test/values/clustercheck_service_port_override.yaml b/charts/stackstate/stackstate-k8s-agent/1.0.49/test/values/clustercheck_service_port_override.yaml deleted file mode 100644 index c01a98fcb..000000000 --- a/charts/stackstate/stackstate-k8s-agent/1.0.49/test/values/clustercheck_service_port_override.yaml +++ /dev/null @@ -1,4 +0,0 @@ -clusterAgent: - service: - port: 8008 - targetPort: 9009 diff --git a/charts/stackstate/stackstate-k8s-agent/1.0.49/test/values/disable-all-resource.yaml b/charts/stackstate/stackstate-k8s-agent/1.0.49/test/values/disable-all-resource.yaml deleted file mode 100644 index cd33e843e..000000000 --- a/charts/stackstate/stackstate-k8s-agent/1.0.49/test/values/disable-all-resource.yaml +++ /dev/null @@ -1,17 +0,0 @@ -clusterAgent: - collection: - kubernetesMetrics: false - kubernetesResources: - namespaces: false - configmaps: false - endpoints: false - persistentvolumes: false - persistentvolumeclaims: false - secrets: false - daemonsets: false - deployments: false - replicasets: false - statefulsets: false - ingresses: false - cronjobs: false - jobs: false diff --git a/charts/stackstate/stackstate-k8s-agent/1.0.49/test/values/http-header-injector.yaml b/charts/stackstate/stackstate-k8s-agent/1.0.49/test/values/http-header-injector.yaml deleted file mode 100644 index c9392ce2d..000000000 --- a/charts/stackstate/stackstate-k8s-agent/1.0.49/test/values/http-header-injector.yaml +++ /dev/null @@ -1,8 +0,0 @@ -httpHeaderInjectorWebhook: - webhook: - tls: - mode: "provided" - provided: - caBundle: insert-ca-here - crt: insert-cert-here - key: insert-key-here diff --git a/charts/stackstate/stackstate-k8s-agent/1.0.49/test/values/minimal.yaml b/charts/stackstate/stackstate-k8s-agent/1.0.49/test/values/minimal.yaml deleted file mode 100644 index b310c9a09..000000000 --- a/charts/stackstate/stackstate-k8s-agent/1.0.49/test/values/minimal.yaml +++ /dev/null @@ -1,7 +0,0 @@ -stackstate: - apiKey: foobar - cluster: - name: some-k8s-cluster - token: some-token - - url: https://stackstate:7000/receiver diff --git a/charts/stackstate/stackstate-k8s-agent/1.0.49/values.schema.json b/charts/stackstate/stackstate-k8s-agent/1.0.49/values.schema.json deleted file mode 100644 index 2b977af3d..000000000 --- a/charts/stackstate/stackstate-k8s-agent/1.0.49/values.schema.json +++ /dev/null @@ -1,79 +0,0 @@ -{ - "$schema": "https://json-schema.org/draft/2019-09/schema", - "$id": "https://stackstate.io/example.json", - "type": "object", - "default": {}, - "title": "StackState Agent Helm chart values", - "required": [ - "stackstate", - "clusterAgent" - ], - "properties": { - "stackstate": { - "type": "object", - "required": [ - "apiKey", - "cluster", - "url" - ], - "properties": { - "apiKey": { - "type": "string" - }, - "cluster": { - "type": "object", - "required": ["name"], - "properties": { - "name": { - "type": "string", - "pattern": "^[a-z0-9]([a-z0-9\\-\\.]*[a-z0-9])$" - }, - "authToken": { - "type": "string" - } - } - }, - "url": { - "type": "string" - } - } - }, - "clusterAgent": { - "type": "object", - "required": [ - "config" - ], - "properties": { - "config": { - "type": "object", - "required": [ - "events" - ], - "properties": { - "events": { - "type": "object", - "properties": { - "categories": { - "type": "object", - "patternProperties": { - ".*": { - "type": [ - "string" - ], - "enum": [ - "Alerts", - "Activities", - "Changes", - "Others" - ] - } - } - } - } - } - } - } - } - } - } -} diff --git a/charts/stackstate/stackstate-k8s-agent/1.0.49/values.yaml b/charts/stackstate/stackstate-k8s-agent/1.0.49/values.yaml deleted file mode 100644 index 8dc0cb14f..000000000 --- a/charts/stackstate/stackstate-k8s-agent/1.0.49/values.yaml +++ /dev/null @@ -1,545 +0,0 @@ -##################### -# General variables # -##################### - -global: - extraEnv: - # global.extraEnv.open -- Extra open environment variables to inject into pods. - open: {} - # global.extraEnv.secret -- Extra secret environment variables to inject into pods via a `Secret` object. - secret: {} - # global.imagePullSecrets -- Secrets / credentials needed for container image registry. - imagePullSecrets: [] - # global.imagePullCredentials -- Globally define credentials for pulling images. - imagePullCredentials: {} - -# nameOverride -- Override the name of the chart. -nameOverride: "" -# fullnameOverride -- Override the fullname of the chart. -fullnameOverride: "" - -# targetSystem -- Target OS for this deployment (possible values: linux) -targetSystem: "linux" - -all: - image: - # all.image.registry -- The image registry to use. - registry: "quay.io" - hardening: - # all.hardening.enabled -- An indication of whether the containers will be evaluated for hardening at runtime - enabled: false - -nodeAgent: - containerRuntime: - # nodeAgent.containerRuntime.customSocketPath -- If the container socket path does not match the default for CRI-O, Containerd or Docker, supply a custom socket path. - customSocketPath: "" - # nodeAgent.containerRuntime.customHostProc -- If the container is launched from a place where /proc is mounted differently, /proc can be changed - hostProc: /proc - - scc: - # nodeAgent.scc.enabled -- Enable / disable the installation of the SecurityContextConfiguration needed for installation on OpenShift. - enabled: false - apm: - # nodeAgent.apm.enabled -- Enable / disable the nodeAgent APM module. - enabled: true - networkTracing: - # nodeAgent.networkTracing.enabled -- Enable / disable the nodeAgent network tracing module. - enabled: true - protocolInspection: - # nodeAgent.protocolInspection.enabled -- Enable / disable the nodeAgent protocol inspection. - enabled: true - httpTracing: - enabled: true - # nodeAgent.skipSslValidation -- Set to true if self signed certificates are used. - skipSslValidation: false - # nodeAgent.skipKubeletTLSVerify -- Set to true if you want to skip kubelet tls verification. - skipKubeletTLSVerify: false - - # nodeAgent.checksTagCardinality -- low, orchestrator or high. Orchestrator level adds pod_name, high adds display_container_name - checksTagCardinality: orchestrator - - # nodeAgent.config -- - config: - # nodeAgent.config.override -- A list of objects containing three keys `name`, `path` and `data`, specifying filenames at specific paths which need to be (potentially) overridden using a mounted configmap - override: [] - - # nodeAgent.priorityClassName -- Priority class for nodeAgent pods. - priorityClassName: "" - - containers: - - agent: - image: - # nodeAgent.containers.agent.image.repository -- Base container image repository. - repository: stackstate/stackstate-k8s-agent - # nodeAgent.containers.agent.image.tag -- Default container image tag. - tag: "e36d1c88" - # nodeAgent.containers.agent.image.pullPolicy -- Default container image pull policy. - pullPolicy: IfNotPresent - processAgent: - # nodeAgent.containers.agent.processAgent.enabled -- Enable / disable the agent process agent module. - deprecated - enabled: false - # nodeAgent.containers.agent.env -- Additional environment variables for the agent container - env: {} - # nodeAgent.containers.agent.logLevel -- Set logging verbosity, valid log levels are: trace, debug, info, warn, error, critical, and off - ## If not set, fall back to the value of agent.logLevel. - logLevel: # INFO - - resources: - limits: - # nodeAgent.containers.agent.resources.limits.cpu -- CPU resource limits. - cpu: "270m" - # nodeAgent.containers.agent.resources.limits.cpu -- Memory resource limits. - memory: "420Mi" - requests: - # nodeAgent.containers.agent.resources.requests.cpu -- CPU resource requests. - cpu: "20m" - # nodeAgent.containers.agent.resources.requests.cpu -- Memory resource requests. - memory: "180Mi" - livenessProbe: - # nodeAgent.containers.agent.livenessProbe.enabled -- Enable use of livenessProbe check. - enabled: true - # nodeAgent.containers.agent.livenessProbe.failureThreshold -- `failureThreshold` for the liveness probe. - failureThreshold: 3 - # nodeAgent.containers.agent.livenessProbe.initialDelaySeconds -- `initialDelaySeconds` for the liveness probe. - initialDelaySeconds: 15 - # nodeAgent.containers.agent.livenessProbe.periodSeconds -- `periodSeconds` for the liveness probe. - periodSeconds: 15 - # nodeAgent.containers.agent.livenessProbe.successThreshold -- `successThreshold` for the liveness probe. - successThreshold: 1 - # nodeAgent.containers.agent.livenessProbe.timeoutSeconds -- `timeoutSeconds` for the liveness probe. - timeoutSeconds: 5 - readinessProbe: - # nodeAgent.containers.agent.readinessProbe.enabled -- Enable use of readinessProbe check. - enabled: true - # nodeAgent.containers.agent.readinessProbe.failureThreshold -- `failureThreshold` for the readiness probe. - failureThreshold: 3 - # nodeAgent.containers.agent.readinessProbe.initialDelaySeconds -- `initialDelaySeconds` for the readiness probe. - initialDelaySeconds: 15 - # nodeAgent.containers.agent.readinessProbe.periodSeconds -- `periodSeconds` for the readiness probe. - periodSeconds: 15 - # nodeAgent.containers.agent.readinessProbe.successThreshold -- `successThreshold` for the readiness probe. - successThreshold: 1 - # nodeAgent.containers.agent.readinessProbe.timeoutSeconds -- `timeoutSeconds` for the readiness probe. - timeoutSeconds: 5 - - processAgent: - # nodeAgent.containers.processAgent.enabled -- Enable / disable the process agent container. - enabled: true - image: - # Override to pull the image from an alternate registry - registry: - # nodeAgent.containers.processAgent.image.repository -- Process-agent container image repository. - repository: stackstate/stackstate-k8s-process-agent - # nodeAgent.containers.processAgent.image.tag -- Default process-agent container image tag. - tag: "c9dbfd73" - # nodeAgent.containers.processAgent.image.pullPolicy -- Process-agent container image pull policy. - pullPolicy: IfNotPresent - # nodeAgent.containers.processAgent.env -- Additional environment variables for the process-agent container - env: {} - # nodeAgent.containers.processAgent.logLevel -- Set logging verbosity, valid log levels are: trace, debug, info, warn, error, critical, and off - ## If not set, fall back to the value of agent.logLevel. - logLevel: # INFO - - resources: - limits: - # nodeAgent.containers.processAgent.resources.limits.cpu -- CPU resource limits. - cpu: "125m" - # nodeAgent.containers.processAgent.resources.limits.cpu -- Memory resource limits. - memory: "400Mi" - requests: - # nodeAgent.containers.processAgent.resources.requests.cpu -- CPU resource requests. - cpu: "25m" - # nodeAgent.containers.processAgent.resources.requests.cpu -- Memory resource requests. - memory: "128Mi" - # nodeAgent.service -- The Kubernetes service for the agent - service: - # nodeAgent.service.type -- Type of Kubernetes service: ClusterIP, LoadBalancer, NodePort - type: ClusterIP - # nodeAgent.service.annotations -- Annotations for the service - annotations: {} - # nodeAgent.service.loadBalancerSourceRanges -- The IP4 CIDR allowed to reach LoadBalancer for the service. For LoadBalancer type of service only. - loadBalancerSourceRanges: ["10.0.0.0/8"] - - # nodeAgent.logLevel -- Logging level for agent processes. - logLevel: INFO - - # nodeAgent.updateStrategy -- The update strategy for the DaemonSet object. - updateStrategy: - type: RollingUpdate - rollingUpdate: - maxUnavailable: 100 - - # nodeAgent.nodeSelector -- Node labels for pod assignment. - nodeSelector: {} - - # nodeAgent.tolerations -- Toleration labels for pod assignment. - tolerations: [] - - # nodeAgent.affinity -- Affinity settings for pod assignment. - affinity: {} - - serviceaccount: - # nodeAgent.serviceaccount.annotations -- Annotations for the service account for the agent daemonset pods - annotations: {} - -processAgent: - checkIntervals: - # processAgent.checkIntervals.container -- Override the default value of the container check interval in seconds. - container: 30 - # processAgent.checkIntervals.connections -- Override the default value of the connections check interval in seconds. - connections: 30 - # processAgent.checkIntervals.process -- Override the default value of the process check interval in seconds. - process: 30 - -clusterAgent: - collection: - # clusterAgent.collection.kubernetesEvents -- Enable / disable the cluster agent events collection. - kubernetesEvents: true - # clusterAgent.collection.kubernetesMetrics -- Enable / disable the cluster agent metrics collection. - kubernetesMetrics: true - # clusterAgent.collection.kubernetesTimeout -- Default timeout (in seconds) when obtaining information from the Kubernetes API. - kubernetesTimeout: 10 - # clusterAgent.collection.kubernetesTopology -- Enable / disable the cluster agent topology collection. - kubernetesTopology: true - kubeStateMetrics: - # clusterAgent.collection.kubeStateMetrics.enabled -- Enable / disable the cluster agent kube-state-metrics collection. - enabled: true - # clusterAgent.collection.kubeStateMetrics.clusterCheck -- For large clusters where the Kubernetes State Metrics Check Core needs to be distributed on dedicated workers. - clusterCheck: false - # clusterAgent.collection.kubeStateMetrics.labelsAsTags -- Extra labels to collect from resources and to turn into StackState tag. - ## It has the following structure: - ## labelsAsTags: - ## : # can be pod, deployment, node, etc. - ## : # where is the kubernetes label and is the StackState tag - ## : - ## : - ## : - ## - ## Warning: the label must match the transformation done by kube-state-metrics, - ## for example tags.stackstate/version becomes tags_stackstate_version. - labelsAsTags: {} - # pod: - # app: app - # node: - # zone: zone - # team: team - - # clusterAgent.collection.kubeStateMetrics.annotationsAsTags -- Extra annotations to collect from resources and to turn into StackState tag. - - ## It has the following structure: - ## annotationsAsTags: - ## : # can be pod, deployment, node, etc. - ## : # where is the kubernetes annotation and is the StackState tag - ## : - ## : - ## : - ## - ## Warning: the annotation must match the transformation done by kube-state-metrics, - ## for example tags.stackstate/version becomes tags_stackstate_version. - annotationsAsTags: {} - kubernetesResources: - # clusterAgent.collection.kubernetesResources.volumeattachments -- Enable / disable collection of Volume Attachments. Used to bind Nodes to Persistent Volumes. - volumeattachments: true - # clusterAgent.collection.kubernetesResources.namespaces -- Enable / disable collection of Namespaces. - namespaces: true - # clusterAgent.collection.kubernetesResources.configmaps -- Enable / disable collection of ConfigMaps. - configmaps: true - # clusterAgent.collection.kubernetesResources.endpoints -- Enable / disable collection of Endpoints. If endpoints are disabled then StackState won't be able to connect a Service to Pods that serving it - endpoints: true - # clusterAgent.collection.kubernetesResources.persistentvolumes -- Enable / disable collection of PersistentVolumes. - persistentvolumes: true - # clusterAgent.collection.kubernetesResources.persistentvolumeclaims -- Enable / disable collection of PersistentVolumeClaims. Disabling these will not let StackState connect PersistentVolumes to pods they are attached to - persistentvolumeclaims: true - # clusterAgent.collection.kubernetesResources.secrets -- Enable / disable collection of Secrets. - secrets: true - # clusterAgent.collection.kubernetesResources.daemonsets -- Enable / disable collection of DaemonSets. - daemonsets: true - # clusterAgent.collection.kubernetesResources.deployments -- Enable / disable collection of Deployments. - deployments: true - # clusterAgent.collection.kubernetesResources.replicasets -- Enable / disable collection of ReplicaSets. - replicasets: true - # clusterAgent.collection.kubernetesResources.statefulsets -- Enable / disable collection of StatefulSets. - statefulsets: true - # clusterAgent.collection.kubernetesResources.ingresses -- Enable / disable collection of Ingresses. - ingresses: true - # clusterAgent.collection.kubernetesResources.cronjobs -- Enable / disable collection of CronJobs. - cronjobs: true - # clusterAgent.collection.kubernetesResources.jobs -- Enable / disable collection of Jobs. - jobs: true - # clusterAgent.collection.kubernetesResources.resourcequotas -- Enable / disable collection of ResourceQuotas. - resourcequotas: true - - # clusterAgent.config -- - config: - events: - # clusterAgent.config.events.categories -- Custom mapping from Kubernetes event reason to StackState event category. Categories allowed: Alerts, Activities, Changes, Others - categories: {} - topology: - # clusterAgent.config.topology.collectionInterval -- Interval for running topology collection, in seconds - collectionInterval: 90 - configMap: - # clusterAgent.config.configMap.maxDataSize -- Maximum amount of characters for the data property of a ConfigMap collected by the kubernetes topology check - maxDataSize: - # clusterAgent.config.override -- A list of objects containing three keys `name`, `path` and `data`, specifying filenames at specific paths which need to be (potentially) overridden using a mounted configmap - override: [] - - service: - # clusterAgent.service.port -- Change the Cluster Agent service port - port: 5005 - # clusterAgent.service.targetPort -- Change the Cluster Agent service targetPort - targetPort: 5005 - - # clusterAgent.enabled -- Enable / disable the cluster agent. - enabled: true - - image: - # clusterAgent.image.repository -- Base container image repository. - repository: stackstate/stackstate-k8s-cluster-agent - # clusterAgent.image.tag -- Default container image tag. - tag: "e36d1c88" - # clusterAgent.image.pullPolicy -- Default container image pull policy. - pullPolicy: IfNotPresent - - livenessProbe: - # clusterAgent.livenessProbe.enabled -- Enable use of livenessProbe check. - enabled: true - # clusterAgent.livenessProbe.failureThreshold -- `failureThreshold` for the liveness probe. - failureThreshold: 3 - # clusterAgent.livenessProbe.initialDelaySeconds -- `initialDelaySeconds` for the liveness probe. - initialDelaySeconds: 15 - # clusterAgent.livenessProbe.periodSeconds -- `periodSeconds` for the liveness probe. - periodSeconds: 15 - # clusterAgent.livenessProbe.successThreshold -- `successThreshold` for the liveness probe. - successThreshold: 1 - # clusterAgent.livenessProbe.timeoutSeconds -- `timeoutSeconds` for the liveness probe. - timeoutSeconds: 5 - - # clusterAgent.logLevel -- Logging level for stackstate-k8s-agent processes. - logLevel: INFO - - # clusterAgent.priorityClassName -- Priority class for stackstate-k8s-agent pods. - priorityClassName: "" - - readinessProbe: - # clusterAgent.readinessProbe.enabled -- Enable use of readinessProbe check. - enabled: true - # clusterAgent.readinessProbe.failureThreshold -- `failureThreshold` for the readiness probe. - failureThreshold: 3 - # clusterAgent.readinessProbe.initialDelaySeconds -- `initialDelaySeconds` for the readiness probe. - initialDelaySeconds: 15 - # clusterAgent.readinessProbe.periodSeconds -- `periodSeconds` for the readiness probe. - periodSeconds: 15 - # clusterAgent.readinessProbe.successThreshold -- `successThreshold` for the readiness probe. - successThreshold: 1 - # clusterAgent.readinessProbe.timeoutSeconds -- `timeoutSeconds` for the readiness probe. - timeoutSeconds: 5 - - # clusterAgent.replicaCount -- Number of replicas of the cluster agent to deploy. - replicaCount: 1 - - serviceaccount: - # clusterAgent.serviceaccount.annotations -- Annotations for the service account for the cluster agent pods - annotations: {} - - # clusterAgent.strategy -- The strategy for the Deployment object. - strategy: - type: RollingUpdate - # rollingUpdate: - # maxUnavailable: 1 - - resources: - limits: - # clusterAgent.resources.limits.cpu -- CPU resource limits. - cpu: "400m" - # clusterAgent.resources.limits.memory -- Memory resource limits. - memory: "800Mi" - requests: - # clusterAgent.resources.requests.cpu -- CPU resource requests. - cpu: "70m" - # clusterAgent.resources.requests.memory -- Memory resource requests. - memory: "512Mi" - - # clusterAgent.nodeSelector -- Node labels for pod assignment. - nodeSelector: {} - - # clusterAgent.tolerations -- Toleration labels for pod assignment. - tolerations: [] - - # clusterAgent.affinity -- Affinity settings for pod assignment. - affinity: {} - -openShiftLogging: - # openShiftLogging.installSecret -- Install a secret for logging on openshift - installSecret: false - -logsAgent: - # logsAgent.enabled -- Enable / disable k8s pod log collection - enabled: true - - # logsAgent.priorityClassName -- Priority class for logsAgent pods. - priorityClassName: "" - - image: - # logsAgent.image.repository -- Base container image repository. - repository: stackstate/promtail - # logsAgent.image.tag -- Default container image tag. - tag: 2.7.1 - # logsAgent.image.pullPolicy -- Default container image pull policy. - pullPolicy: IfNotPresent - - resources: - limits: - # logsAgent.resources.limits.cpu -- CPU resource limits. - cpu: "1300m" - # logsAgent.resources.limits.cpu -- Memory resource limits. - memory: "192Mi" - requests: - # logsAgent.resources.requests.cpu -- CPU resource requests. - cpu: "20m" - # logsAgent.resources.requests.cpu -- Memory resource requests. - memory: "100Mi" - - # logsAgent.updateStrategy -- The update strategy for the DaemonSet object. - updateStrategy: - type: RollingUpdate - rollingUpdate: - maxUnavailable: 100 - - # logsAgent.nodeSelector -- Node labels for pod assignment. - nodeSelector: {} - - # logsAgent.tolerations -- Toleration labels for pod assignment. - tolerations: [] - - # logsAgent.affinity -- Affinity settings for pod assignment. - affinity: {} - - serviceaccount: - # logsAgent.serviceaccount.annotations -- Annotations for the service account for the daemonset pods - annotations: {} - -checksAgent: - # checksAgent.enabled -- Enable / disable runnning cluster checks in a separately deployed pod - enabled: true - scc: - # checksAgent.scc.enabled -- Enable / disable the installation of the SecurityContextConfiguration needed for installation on OpenShift - enabled: false - apm: - # checksAgent.apm.enabled -- Enable / disable the agent APM module. - enabled: true - networkTracing: - # checksAgent.networkTracing.enabled -- Enable / disable the agent network tracing module. - enabled: true - processAgent: - # checksAgent.processAgent.enabled -- Enable / disable the agent process agent module. - enabled: true - # checksAgent.skipSslValidation -- Set to true if self signed certificates are used. - skipSslValidation: false - - # nodeAgent.checksTagCardinality -- low, orchestrator or high. Orchestrator level adds pod_name, high adds display_container_name - checksTagCardinality: orchestrator - - # checksAgent.config -- - config: - # checksAgent.config.override -- A list of objects containing three keys `name`, `path` and `data`, specifying filenames at specific paths which need to be (potentially) overridden using a mounted configmap - override: [] - - image: - # checksAgent.image.repository -- Base container image repository. - repository: stackstate/stackstate-k8s-agent - # checksAgent.image.tag -- Default container image tag. - tag: "e36d1c88" - # checksAgent.image.pullPolicy -- Default container image pull policy. - pullPolicy: IfNotPresent - - livenessProbe: - # checksAgent.livenessProbe.enabled -- Enable use of livenessProbe check. - enabled: true - # checksAgent.livenessProbe.failureThreshold -- `failureThreshold` for the liveness probe. - failureThreshold: 3 - # checksAgent.livenessProbe.initialDelaySeconds -- `initialDelaySeconds` for the liveness probe. - initialDelaySeconds: 15 - # checksAgent.livenessProbe.periodSeconds -- `periodSeconds` for the liveness probe. - periodSeconds: 15 - # checksAgent.livenessProbe.successThreshold -- `successThreshold` for the liveness probe. - successThreshold: 1 - # checksAgent.livenessProbe.timeoutSeconds -- `timeoutSeconds` for the liveness probe. - timeoutSeconds: 5 - - # checksAgent.logLevel -- Logging level for clusterchecks agent processes. - logLevel: INFO - - # checksAgent.priorityClassName -- Priority class for clusterchecks agent pods. - priorityClassName: "" - - readinessProbe: - # checksAgent.readinessProbe.enabled -- Enable use of readinessProbe check. - enabled: true - # checksAgent.readinessProbe.failureThreshold -- `failureThreshold` for the readiness probe. - failureThreshold: 3 - # checksAgent.readinessProbe.initialDelaySeconds -- `initialDelaySeconds` for the readiness probe. - initialDelaySeconds: 15 - # checksAgent.readinessProbe.periodSeconds -- `periodSeconds` for the readiness probe. - periodSeconds: 15 - # checksAgent.readinessProbe.successThreshold -- `successThreshold` for the readiness probe. - successThreshold: 1 - # checksAgent.readinessProbe.timeoutSeconds -- `timeoutSeconds` for the readiness probe. - timeoutSeconds: 5 - - # checksAgent.replicas -- Number of clusterchecks agent pods to schedule - replicas: 1 - - resources: - limits: - # checksAgent.resources.limits.cpu -- CPU resource limits. - cpu: "400m" - # checksAgent.resources.limits.cpu -- Memory resource limits. - memory: "600Mi" - requests: - # checksAgent.resources.requests.cpu -- CPU resource requests. - cpu: "20m" - # checksAgent.resources.requests.cpu -- Memory resource requests. - memory: "512Mi" - - serviceaccount: - # checksAgent.serviceaccount.annotations -- Annotations for the service account for the cluster checks pods - annotations: {} - - # checksAgent.strategy -- The strategy for the Deployment object. - strategy: - type: RollingUpdate - # rollingUpdate: - # maxUnavailable: 1 - - # checksAgent.nodeSelector -- Node labels for pod assignment. - nodeSelector: {} - - # checksAgent.tolerations -- Toleration labels for pod assignment. - tolerations: [] - - # checksAgent.affinity -- Affinity settings for pod assignment. - affinity: {} - -################################## -# http-header-injector variables # -################################## - -httpHeaderInjectorWebhook: - # httpHeaderInjectorWebhook.enabled -- Enable the webhook for injection http header injection sidecar proxy - enabled: false - -######################## -# StackState variables # -######################## - -stackstate: - # stackstate.apiKey -- (string) **PROVIDE YOUR API KEY HERE** API key to be used by the StackState agent. - apiKey: - cluster: - # stackstate.cluster.name -- (string) **PROVIDE KUBERNETES CLUSTER NAME HERE** Name of the Kubernetes cluster where the agent will be installed. - name: - # stackstate.cluster.authToken -- Provide a token to enable secure communication between the agent and the cluster agent. - authToken: "" - # stackstate.url -- (string) **PROVIDE STACKSTATE URL HERE** URL of the StackState installation to receive data from the agent. - url: diff --git a/charts/stackstate/stackstate-k8s-agent/1.0.51/.helmignore b/charts/stackstate/stackstate-k8s-agent/1.0.51/.helmignore deleted file mode 100644 index 15a5c1277..000000000 --- a/charts/stackstate/stackstate-k8s-agent/1.0.51/.helmignore +++ /dev/null @@ -1,26 +0,0 @@ -# Patterns to ignore when building packages. -# This supports shell glob matching, relative path matching, and -# negation (prefixed with !). Only one pattern per line. -.DS_Store -# Common VCS dirs -.git/ -.gitignore -.bzr/ -.bzrignore -.hg/ -.hgignore -.svn/ -# Common backup files -*.swp -*.bak -*.tmp -*~ -# Various IDEs -.project -.idea/ -*.tmproj -.vscode/ -linter_values.yaml -ci/ -installation/ -logo.svg diff --git a/charts/stackstate/stackstate-k8s-agent/1.0.51/Chart.lock b/charts/stackstate/stackstate-k8s-agent/1.0.51/Chart.lock deleted file mode 100644 index eb882a083..000000000 --- a/charts/stackstate/stackstate-k8s-agent/1.0.51/Chart.lock +++ /dev/null @@ -1,6 +0,0 @@ -dependencies: -- name: http-header-injector - repository: https://helm.stackstate.io - version: 0.0.6 -digest: sha256:eec4d022d97ef52e88860b54682692fd369c864ca49ccde01b30605cce20c96f -generated: "2023-08-25T14:49:57.569449+02:00" diff --git a/charts/stackstate/stackstate-k8s-agent/1.0.51/Chart.yaml b/charts/stackstate/stackstate-k8s-agent/1.0.51/Chart.yaml deleted file mode 100644 index 8c4791bd8..000000000 --- a/charts/stackstate/stackstate-k8s-agent/1.0.51/Chart.yaml +++ /dev/null @@ -1,25 +0,0 @@ -annotations: - catalog.cattle.io/certified: partner - catalog.cattle.io/display-name: StackState Agent - catalog.cattle.io/kube-version: '>=1.19.0-0' - catalog.cattle.io/release-name: stackstate-k8s-agent -apiVersion: v2 -appVersion: 2.19.1 -dependencies: -- alias: httpHeaderInjectorWebhook - name: http-header-injector - repository: file://./charts/http-header-injector - version: 0.0.6 -deprecated: true -description: Helm chart for the StackState Agent. -home: https://github.com/StackVista/stackstate-agent -icon: https://raw.githubusercontent.com/StackVista/helm-charts/master/stable/stackstate-k8s-agent/logo.svg -keywords: -- monitoring -- observability -- stackstate -maintainers: -- email: ops@stackstate.com - name: Stackstate -name: stackstate-k8s-agent -version: 1.0.51 diff --git a/charts/stackstate/stackstate-k8s-agent/1.0.51/README.md b/charts/stackstate/stackstate-k8s-agent/1.0.51/README.md deleted file mode 100644 index ee8065f70..000000000 --- a/charts/stackstate/stackstate-k8s-agent/1.0.51/README.md +++ /dev/null @@ -1,235 +0,0 @@ -# stackstate-k8s-agent - -Helm chart for the StackState Agent. - -Current chart version is `1.0.51` - -**Homepage:** - -## Requirements - -| Repository | Name | Version | -|------------|------|---------| -| https://helm.stackstate.io | httpHeaderInjectorWebhook(http-header-injector) | 0.0.6 | - -## Required Values - -In order to successfully install this chart, you **must** provide the following variables: - -* `stackstate.apiKey` -* `stackstate.cluster.name` -* `stackstate.url` - -The parameter `stackstate.cluster.name` is entered when installing the Cluster Agent StackPack. - -Install them on the command line on Helm with the following command: - -```shell -helm install \ ---set-string 'stackstate.apiKey'='' \ ---set-string 'stackstate.cluster.name'='' \ ---set-string 'stackstate.url'='' \ -stackstate/stackstate-k8s-agent -``` - -## Recommended Values - -It is also recommended that you set a value for `stackstate.cluster.authToken`. If it is not provided, a value will be generated for you, but the value will change each time an upgrade is performed. - -The command for **also** installing with a set token would be: - -```shell -helm install \ ---set-string 'stackstate.apiKey'='' \ ---set-string 'stackstate.cluster.name'='' \ ---set-string 'stackstate.cluster.authToken'='' \ ---set-string 'stackstate.url'='' \ -stackstate/stackstate-k8s-agent -``` - -## Values - -| Key | Type | Default | Description | -|-----|------|---------|-------------| -| all.hardening.enabled | bool | `false` | An indication of whether the containers will be evaluated for hardening at runtime | -| all.image.registry | string | `"quay.io"` | The image registry to use. | -| checksAgent.affinity | object | `{}` | Affinity settings for pod assignment. | -| checksAgent.apm.enabled | bool | `true` | Enable / disable the agent APM module. | -| checksAgent.checksTagCardinality | string | `"orchestrator"` | | -| checksAgent.config | object | `{"override":[]}` | | -| checksAgent.config.override | list | `[]` | A list of objects containing three keys `name`, `path` and `data`, specifying filenames at specific paths which need to be (potentially) overridden using a mounted configmap | -| checksAgent.enabled | bool | `true` | Enable / disable runnning cluster checks in a separately deployed pod | -| checksAgent.image.pullPolicy | string | `"IfNotPresent"` | Default container image pull policy. | -| checksAgent.image.repository | string | `"stackstate/stackstate-k8s-agent"` | Base container image repository. | -| checksAgent.image.tag | string | `"9af1b63f"` | Default container image tag. | -| checksAgent.livenessProbe.enabled | bool | `true` | Enable use of livenessProbe check. | -| checksAgent.livenessProbe.failureThreshold | int | `3` | `failureThreshold` for the liveness probe. | -| checksAgent.livenessProbe.initialDelaySeconds | int | `15` | `initialDelaySeconds` for the liveness probe. | -| checksAgent.livenessProbe.periodSeconds | int | `15` | `periodSeconds` for the liveness probe. | -| checksAgent.livenessProbe.successThreshold | int | `1` | `successThreshold` for the liveness probe. | -| checksAgent.livenessProbe.timeoutSeconds | int | `5` | `timeoutSeconds` for the liveness probe. | -| checksAgent.logLevel | string | `"INFO"` | Logging level for clusterchecks agent processes. | -| checksAgent.networkTracing.enabled | bool | `true` | Enable / disable the agent network tracing module. | -| checksAgent.nodeSelector | object | `{}` | Node labels for pod assignment. | -| checksAgent.priorityClassName | string | `""` | Priority class for clusterchecks agent pods. | -| checksAgent.processAgent.enabled | bool | `true` | Enable / disable the agent process agent module. | -| checksAgent.readinessProbe.enabled | bool | `true` | Enable use of readinessProbe check. | -| checksAgent.readinessProbe.failureThreshold | int | `3` | `failureThreshold` for the readiness probe. | -| checksAgent.readinessProbe.initialDelaySeconds | int | `15` | `initialDelaySeconds` for the readiness probe. | -| checksAgent.readinessProbe.periodSeconds | int | `15` | `periodSeconds` for the readiness probe. | -| checksAgent.readinessProbe.successThreshold | int | `1` | `successThreshold` for the readiness probe. | -| checksAgent.readinessProbe.timeoutSeconds | int | `5` | `timeoutSeconds` for the readiness probe. | -| checksAgent.replicas | int | `1` | Number of clusterchecks agent pods to schedule | -| checksAgent.resources.limits.cpu | string | `"400m"` | Memory resource limits. | -| checksAgent.resources.limits.memory | string | `"600Mi"` | | -| checksAgent.resources.requests.cpu | string | `"20m"` | Memory resource requests. | -| checksAgent.resources.requests.memory | string | `"512Mi"` | | -| checksAgent.scc.enabled | bool | `false` | Enable / disable the installation of the SecurityContextConfiguration needed for installation on OpenShift | -| checksAgent.serviceaccount.annotations | object | `{}` | Annotations for the service account for the cluster checks pods | -| checksAgent.skipSslValidation | bool | `false` | Set to true if self signed certificates are used. | -| checksAgent.strategy | object | `{"type":"RollingUpdate"}` | The strategy for the Deployment object. | -| checksAgent.tolerations | list | `[]` | Toleration labels for pod assignment. | -| clusterAgent.affinity | object | `{}` | Affinity settings for pod assignment. | -| clusterAgent.collection.kubeStateMetrics.annotationsAsTags | object | `{}` | Extra annotations to collect from resources and to turn into StackState tag. | -| clusterAgent.collection.kubeStateMetrics.clusterCheck | bool | `false` | For large clusters where the Kubernetes State Metrics Check Core needs to be distributed on dedicated workers. | -| clusterAgent.collection.kubeStateMetrics.enabled | bool | `true` | Enable / disable the cluster agent kube-state-metrics collection. | -| clusterAgent.collection.kubeStateMetrics.labelsAsTags | object | `{}` | Extra labels to collect from resources and to turn into StackState tag. # It has the following structure: # labelsAsTags: # : # can be pod, deployment, node, etc. # : # where is the kubernetes label and is the StackState tag # : # : # : # # Warning: the label must match the transformation done by kube-state-metrics, # for example tags.stackstate/version becomes tags_stackstate_version. | -| clusterAgent.collection.kubernetesEvents | bool | `true` | Enable / disable the cluster agent events collection. | -| clusterAgent.collection.kubernetesMetrics | bool | `true` | Enable / disable the cluster agent metrics collection. | -| clusterAgent.collection.kubernetesResources.configmaps | bool | `true` | Enable / disable collection of ConfigMaps. | -| clusterAgent.collection.kubernetesResources.cronjobs | bool | `true` | Enable / disable collection of CronJobs. | -| clusterAgent.collection.kubernetesResources.daemonsets | bool | `true` | Enable / disable collection of DaemonSets. | -| clusterAgent.collection.kubernetesResources.deployments | bool | `true` | Enable / disable collection of Deployments. | -| clusterAgent.collection.kubernetesResources.endpoints | bool | `true` | Enable / disable collection of Endpoints. If endpoints are disabled then StackState won't be able to connect a Service to Pods that serving it | -| clusterAgent.collection.kubernetesResources.ingresses | bool | `true` | Enable / disable collection of Ingresses. | -| clusterAgent.collection.kubernetesResources.jobs | bool | `true` | Enable / disable collection of Jobs. | -| clusterAgent.collection.kubernetesResources.namespaces | bool | `true` | Enable / disable collection of Namespaces. | -| clusterAgent.collection.kubernetesResources.persistentvolumeclaims | bool | `true` | Enable / disable collection of PersistentVolumeClaims. Disabling these will not let StackState connect PersistentVolumes to pods they are attached to | -| clusterAgent.collection.kubernetesResources.persistentvolumes | bool | `true` | Enable / disable collection of PersistentVolumes. | -| clusterAgent.collection.kubernetesResources.replicasets | bool | `true` | Enable / disable collection of ReplicaSets. | -| clusterAgent.collection.kubernetesResources.resourcequotas | bool | `true` | Enable / disable collection of ResourceQuotas. | -| clusterAgent.collection.kubernetesResources.secrets | bool | `true` | Enable / disable collection of Secrets. | -| clusterAgent.collection.kubernetesResources.statefulsets | bool | `true` | Enable / disable collection of StatefulSets. | -| clusterAgent.collection.kubernetesResources.volumeattachments | bool | `true` | Enable / disable collection of Volume Attachments. Used to bind Nodes to Persistent Volumes. | -| clusterAgent.collection.kubernetesTimeout | int | `10` | Default timeout (in seconds) when obtaining information from the Kubernetes API. | -| clusterAgent.collection.kubernetesTopology | bool | `true` | Enable / disable the cluster agent topology collection. | -| clusterAgent.config | object | `{"configMap":{"maxDataSize":null},"events":{"categories":{}},"override":[],"topology":{"collectionInterval":90}}` | | -| clusterAgent.config.configMap.maxDataSize | string | `nil` | Maximum amount of characters for the data property of a ConfigMap collected by the kubernetes topology check | -| clusterAgent.config.events.categories | object | `{}` | Custom mapping from Kubernetes event reason to StackState event category. Categories allowed: Alerts, Activities, Changes, Others | -| clusterAgent.config.override | list | `[]` | A list of objects containing three keys `name`, `path` and `data`, specifying filenames at specific paths which need to be (potentially) overridden using a mounted configmap | -| clusterAgent.config.topology.collectionInterval | int | `90` | Interval for running topology collection, in seconds | -| clusterAgent.enabled | bool | `true` | Enable / disable the cluster agent. | -| clusterAgent.image.pullPolicy | string | `"IfNotPresent"` | Default container image pull policy. | -| clusterAgent.image.repository | string | `"stackstate/stackstate-k8s-cluster-agent"` | Base container image repository. | -| clusterAgent.image.tag | string | `"9af1b63f"` | Default container image tag. | -| clusterAgent.livenessProbe.enabled | bool | `true` | Enable use of livenessProbe check. | -| clusterAgent.livenessProbe.failureThreshold | int | `3` | `failureThreshold` for the liveness probe. | -| clusterAgent.livenessProbe.initialDelaySeconds | int | `15` | `initialDelaySeconds` for the liveness probe. | -| clusterAgent.livenessProbe.periodSeconds | int | `15` | `periodSeconds` for the liveness probe. | -| clusterAgent.livenessProbe.successThreshold | int | `1` | `successThreshold` for the liveness probe. | -| clusterAgent.livenessProbe.timeoutSeconds | int | `5` | `timeoutSeconds` for the liveness probe. | -| clusterAgent.logLevel | string | `"INFO"` | Logging level for stackstate-k8s-agent processes. | -| clusterAgent.nodeSelector | object | `{}` | Node labels for pod assignment. | -| clusterAgent.priorityClassName | string | `""` | Priority class for stackstate-k8s-agent pods. | -| clusterAgent.readinessProbe.enabled | bool | `true` | Enable use of readinessProbe check. | -| clusterAgent.readinessProbe.failureThreshold | int | `3` | `failureThreshold` for the readiness probe. | -| clusterAgent.readinessProbe.initialDelaySeconds | int | `15` | `initialDelaySeconds` for the readiness probe. | -| clusterAgent.readinessProbe.periodSeconds | int | `15` | `periodSeconds` for the readiness probe. | -| clusterAgent.readinessProbe.successThreshold | int | `1` | `successThreshold` for the readiness probe. | -| clusterAgent.readinessProbe.timeoutSeconds | int | `5` | `timeoutSeconds` for the readiness probe. | -| clusterAgent.replicaCount | int | `1` | Number of replicas of the cluster agent to deploy. | -| clusterAgent.resources.limits.cpu | string | `"400m"` | CPU resource limits. | -| clusterAgent.resources.limits.memory | string | `"800Mi"` | Memory resource limits. | -| clusterAgent.resources.requests.cpu | string | `"70m"` | CPU resource requests. | -| clusterAgent.resources.requests.memory | string | `"512Mi"` | Memory resource requests. | -| clusterAgent.service.port | int | `5005` | Change the Cluster Agent service port | -| clusterAgent.service.targetPort | int | `5005` | Change the Cluster Agent service targetPort | -| clusterAgent.serviceaccount.annotations | object | `{}` | Annotations for the service account for the cluster agent pods | -| clusterAgent.strategy | object | `{"type":"RollingUpdate"}` | The strategy for the Deployment object. | -| clusterAgent.tolerations | list | `[]` | Toleration labels for pod assignment. | -| fullnameOverride | string | `""` | Override the fullname of the chart. | -| global.extraEnv.open | object | `{}` | Extra open environment variables to inject into pods. | -| global.extraEnv.secret | object | `{}` | Extra secret environment variables to inject into pods via a `Secret` object. | -| global.imagePullCredentials | object | `{}` | Globally define credentials for pulling images. | -| global.imagePullSecrets | list | `[]` | Secrets / credentials needed for container image registry. | -| httpHeaderInjectorWebhook.enabled | bool | `false` | Enable the webhook for injection http header injection sidecar proxy | -| logsAgent.affinity | object | `{}` | Affinity settings for pod assignment. | -| logsAgent.enabled | bool | `true` | Enable / disable k8s pod log collection | -| logsAgent.image.pullPolicy | string | `"IfNotPresent"` | Default container image pull policy. | -| logsAgent.image.repository | string | `"stackstate/promtail"` | Base container image repository. | -| logsAgent.image.tag | string | `"2.7.1"` | Default container image tag. | -| logsAgent.nodeSelector | object | `{}` | Node labels for pod assignment. | -| logsAgent.priorityClassName | string | `""` | Priority class for logsAgent pods. | -| logsAgent.resources.limits.cpu | string | `"1300m"` | Memory resource limits. | -| logsAgent.resources.limits.memory | string | `"192Mi"` | | -| logsAgent.resources.requests.cpu | string | `"20m"` | Memory resource requests. | -| logsAgent.resources.requests.memory | string | `"100Mi"` | | -| logsAgent.serviceaccount.annotations | object | `{}` | Annotations for the service account for the daemonset pods | -| logsAgent.tolerations | list | `[]` | Toleration labels for pod assignment. | -| logsAgent.updateStrategy | object | `{"rollingUpdate":{"maxUnavailable":100},"type":"RollingUpdate"}` | The update strategy for the DaemonSet object. | -| nameOverride | string | `""` | Override the name of the chart. | -| nodeAgent.affinity | object | `{}` | Affinity settings for pod assignment. | -| nodeAgent.apm.enabled | bool | `true` | Enable / disable the nodeAgent APM module. | -| nodeAgent.checksTagCardinality | string | `"orchestrator"` | low, orchestrator or high. Orchestrator level adds pod_name, high adds display_container_name | -| nodeAgent.config | object | `{"override":[]}` | | -| nodeAgent.config.override | list | `[]` | A list of objects containing three keys `name`, `path` and `data`, specifying filenames at specific paths which need to be (potentially) overridden using a mounted configmap | -| nodeAgent.containerRuntime.customSocketPath | string | `""` | If the container socket path does not match the default for CRI-O, Containerd or Docker, supply a custom socket path. | -| nodeAgent.containerRuntime.hostProc | string | `"/proc"` | | -| nodeAgent.containers.agent.env | object | `{}` | Additional environment variables for the agent container | -| nodeAgent.containers.agent.image.pullPolicy | string | `"IfNotPresent"` | Default container image pull policy. | -| nodeAgent.containers.agent.image.repository | string | `"stackstate/stackstate-k8s-agent"` | Base container image repository. | -| nodeAgent.containers.agent.image.tag | string | `"9af1b63f"` | Default container image tag. | -| nodeAgent.containers.agent.livenessProbe.enabled | bool | `true` | Enable use of livenessProbe check. | -| nodeAgent.containers.agent.livenessProbe.failureThreshold | int | `3` | `failureThreshold` for the liveness probe. | -| nodeAgent.containers.agent.livenessProbe.initialDelaySeconds | int | `15` | `initialDelaySeconds` for the liveness probe. | -| nodeAgent.containers.agent.livenessProbe.periodSeconds | int | `15` | `periodSeconds` for the liveness probe. | -| nodeAgent.containers.agent.livenessProbe.successThreshold | int | `1` | `successThreshold` for the liveness probe. | -| nodeAgent.containers.agent.livenessProbe.timeoutSeconds | int | `5` | `timeoutSeconds` for the liveness probe. | -| nodeAgent.containers.agent.logLevel | string | `nil` | Set logging verbosity, valid log levels are: trace, debug, info, warn, error, critical, and off # If not set, fall back to the value of agent.logLevel. | -| nodeAgent.containers.agent.processAgent.enabled | bool | `false` | Enable / disable the agent process agent module. - deprecated | -| nodeAgent.containers.agent.readinessProbe.enabled | bool | `true` | Enable use of readinessProbe check. | -| nodeAgent.containers.agent.readinessProbe.failureThreshold | int | `3` | `failureThreshold` for the readiness probe. | -| nodeAgent.containers.agent.readinessProbe.initialDelaySeconds | int | `15` | `initialDelaySeconds` for the readiness probe. | -| nodeAgent.containers.agent.readinessProbe.periodSeconds | int | `15` | `periodSeconds` for the readiness probe. | -| nodeAgent.containers.agent.readinessProbe.successThreshold | int | `1` | `successThreshold` for the readiness probe. | -| nodeAgent.containers.agent.readinessProbe.timeoutSeconds | int | `5` | `timeoutSeconds` for the readiness probe. | -| nodeAgent.containers.agent.resources.limits.cpu | string | `"270m"` | Memory resource limits. | -| nodeAgent.containers.agent.resources.limits.memory | string | `"420Mi"` | | -| nodeAgent.containers.agent.resources.requests.cpu | string | `"20m"` | Memory resource requests. | -| nodeAgent.containers.agent.resources.requests.memory | string | `"180Mi"` | | -| nodeAgent.containers.processAgent.enabled | bool | `true` | Enable / disable the process agent container. | -| nodeAgent.containers.processAgent.env | object | `{}` | Additional environment variables for the process-agent container | -| nodeAgent.containers.processAgent.image.pullPolicy | string | `"IfNotPresent"` | Process-agent container image pull policy. | -| nodeAgent.containers.processAgent.image.registry | string | `nil` | | -| nodeAgent.containers.processAgent.image.repository | string | `"stackstate/stackstate-k8s-process-agent"` | Process-agent container image repository. | -| nodeAgent.containers.processAgent.image.tag | string | `"c9dbfd73"` | Default process-agent container image tag. | -| nodeAgent.containers.processAgent.logLevel | string | `nil` | Set logging verbosity, valid log levels are: trace, debug, info, warn, error, critical, and off # If not set, fall back to the value of agent.logLevel. | -| nodeAgent.containers.processAgent.resources.limits.cpu | string | `"125m"` | Memory resource limits. | -| nodeAgent.containers.processAgent.resources.limits.memory | string | `"400Mi"` | | -| nodeAgent.containers.processAgent.resources.requests.cpu | string | `"25m"` | Memory resource requests. | -| nodeAgent.containers.processAgent.resources.requests.memory | string | `"128Mi"` | | -| nodeAgent.httpTracing.enabled | bool | `true` | | -| nodeAgent.logLevel | string | `"INFO"` | Logging level for agent processes. | -| nodeAgent.networkTracing.enabled | bool | `true` | Enable / disable the nodeAgent network tracing module. | -| nodeAgent.nodeSelector | object | `{}` | Node labels for pod assignment. | -| nodeAgent.priorityClassName | string | `""` | Priority class for nodeAgent pods. | -| nodeAgent.protocolInspection.enabled | bool | `true` | Enable / disable the nodeAgent protocol inspection. | -| nodeAgent.scc.enabled | bool | `false` | Enable / disable the installation of the SecurityContextConfiguration needed for installation on OpenShift. | -| nodeAgent.service | object | `{"annotations":{},"loadBalancerSourceRanges":["10.0.0.0/8"],"type":"ClusterIP"}` | The Kubernetes service for the agent | -| nodeAgent.service.annotations | object | `{}` | Annotations for the service | -| nodeAgent.service.loadBalancerSourceRanges | list | `["10.0.0.0/8"]` | The IP4 CIDR allowed to reach LoadBalancer for the service. For LoadBalancer type of service only. | -| nodeAgent.service.type | string | `"ClusterIP"` | Type of Kubernetes service: ClusterIP, LoadBalancer, NodePort | -| nodeAgent.serviceaccount.annotations | object | `{}` | Annotations for the service account for the agent daemonset pods | -| nodeAgent.skipKubeletTLSVerify | bool | `false` | Set to true if you want to skip kubelet tls verification. | -| nodeAgent.skipSslValidation | bool | `false` | Set to true if self signed certificates are used. | -| nodeAgent.tolerations | list | `[]` | Toleration labels for pod assignment. | -| nodeAgent.updateStrategy | object | `{"rollingUpdate":{"maxUnavailable":100},"type":"RollingUpdate"}` | The update strategy for the DaemonSet object. | -| openShiftLogging.installSecret | bool | `false` | Install a secret for logging on openshift | -| processAgent.checkIntervals.connections | int | `30` | Override the default value of the connections check interval in seconds. | -| processAgent.checkIntervals.container | int | `30` | Override the default value of the container check interval in seconds. | -| processAgent.checkIntervals.process | int | `30` | Override the default value of the process check interval in seconds. | -| stackstate.apiKey | string | `nil` | **PROVIDE YOUR API KEY HERE** API key to be used by the StackState agent. | -| stackstate.cluster.authToken | string | `""` | Provide a token to enable secure communication between the agent and the cluster agent. | -| stackstate.cluster.name | string | `nil` | **PROVIDE KUBERNETES CLUSTER NAME HERE** Name of the Kubernetes cluster where the agent will be installed. | -| stackstate.url | string | `nil` | **PROVIDE STACKSTATE URL HERE** URL of the StackState installation to receive data from the agent. | -| targetSystem | string | `"linux"` | Target OS for this deployment (possible values: linux) | diff --git a/charts/stackstate/stackstate-k8s-agent/1.0.51/README.md.gotmpl b/charts/stackstate/stackstate-k8s-agent/1.0.51/README.md.gotmpl deleted file mode 100644 index 7909e6f0d..000000000 --- a/charts/stackstate/stackstate-k8s-agent/1.0.51/README.md.gotmpl +++ /dev/null @@ -1,45 +0,0 @@ -{{ template "chart.header" . }} -{{ template "chart.description" . }} - -Current chart version is `{{ template "chart.version" . }}` - -{{ template "chart.homepageLine" . }} - -{{ template "chart.requirementsSection" . }} - -## Required Values - -In order to successfully install this chart, you **must** provide the following variables: - -* `stackstate.apiKey` -* `stackstate.cluster.name` -* `stackstate.url` - -The parameter `stackstate.cluster.name` is entered when installing the Cluster Agent StackPack. - -Install them on the command line on Helm with the following command: - -```shell -helm install \ ---set-string 'stackstate.apiKey'='' \ ---set-string 'stackstate.cluster.name'='' \ ---set-string 'stackstate.url'='' \ -stackstate/stackstate-k8s-agent -``` - -## Recommended Values - -It is also recommended that you set a value for `stackstate.cluster.authToken`. If it is not provided, a value will be generated for you, but the value will change each time an upgrade is performed. - -The command for **also** installing with a set token would be: - -```shell -helm install \ ---set-string 'stackstate.apiKey'='' \ ---set-string 'stackstate.cluster.name'='' \ ---set-string 'stackstate.cluster.authToken'='' \ ---set-string 'stackstate.url'='' \ -stackstate/stackstate-k8s-agent -``` - -{{ template "chart.valuesSection" . }} diff --git a/charts/stackstate/stackstate-k8s-agent/1.0.51/Releasing.md b/charts/stackstate/stackstate-k8s-agent/1.0.51/Releasing.md deleted file mode 100644 index bab6c2b94..000000000 --- a/charts/stackstate/stackstate-k8s-agent/1.0.51/Releasing.md +++ /dev/null @@ -1,15 +0,0 @@ -To make a new release of this helm chart, follow the following steps: - - -- Create a branch from master -- Set the latest tags for the docker images, based on the dev settings (while we do not promote to prod, the moment we promote to prod we should take those tags) from https://gitlab.com/stackvista/devops/agent-promoter/-/blob/master/config.yml. Set the value to the folowing keys: - * stackstate-k8s-cluster-agent: - * [clusterAgent.image.tag] - * stackstate-k8s-agent: - * [nodeAgent.containers.agent.image.tag] - * [checksAgent.image.tag] - * stackstate-k8s-process-agent: - * [nodeAgent.containers.processAgent.image.tag] -- Bump the version of the chart -- Merge the mr and hit the public release button on the ci pipeline -- Manually smoke-test (deploy) the newly released stackstate/stackstate-k8s-agent chart to make sure it runs diff --git a/charts/stackstate/stackstate-k8s-agent/1.0.51/app-readme.md b/charts/stackstate/stackstate-k8s-agent/1.0.51/app-readme.md deleted file mode 100644 index 8025fe1d3..000000000 --- a/charts/stackstate/stackstate-k8s-agent/1.0.51/app-readme.md +++ /dev/null @@ -1,5 +0,0 @@ -## Introduction - -StackState is a modern Application Troubleshooting and Observability solution designed for the rapid evolving engineering landscape. With specific enhancements for Kubernetes environments it empowers engineers, allowing them to remediate application issues independently in production. - -The StackState Agent auto-discovers your entire environment in minutes, assimilating topology, logs, metrics, and events and sends this of to the StackState server. By using StackState you're able to tracke all activity in your environment in real-time and over time. StackState provides instant understanding of the business impact of an issue, offering end-to-end chain observability and ensuring that you can quickly correlate any product or environmental changes to the overall health of your cloud-native implementation. diff --git a/charts/stackstate/stackstate-k8s-agent/1.0.51/charts/http-header-injector/.helmignore b/charts/stackstate/stackstate-k8s-agent/1.0.51/charts/http-header-injector/.helmignore deleted file mode 100644 index 69790771c..000000000 --- a/charts/stackstate/stackstate-k8s-agent/1.0.51/charts/http-header-injector/.helmignore +++ /dev/null @@ -1,25 +0,0 @@ -# Patterns to ignore when building packages. -# This supports shell glob matching, relative path matching, and -# negation (prefixed with !). Only one pattern per line. -.DS_Store -# Common VCS dirs -.git/ -.gitignore -.bzr/ -.bzrignore -.hg/ -.hgignore -.svn/ -# Common backup files -*.swp -*.bak -*.tmp -*~ -# Various IDEs -.project -.idea/ -*.tmproj -.vscode/ -linter_values.yaml -ci/ -installation/ diff --git a/charts/stackstate/stackstate-k8s-agent/1.0.51/charts/http-header-injector/Chart.yaml b/charts/stackstate/stackstate-k8s-agent/1.0.51/charts/http-header-injector/Chart.yaml deleted file mode 100644 index c1f1de800..000000000 --- a/charts/stackstate/stackstate-k8s-agent/1.0.51/charts/http-header-injector/Chart.yaml +++ /dev/null @@ -1,15 +0,0 @@ -apiVersion: v2 -appVersion: 0.0.1 -description: 'Helm chart for deploying the http-header-injector sidecar, which automatically - injects x-request-id into http traffic going through the cluster for pods which - have the annotation `http-header-injector.stackstate.io/inject: enabled` is set. ' -home: https://github.com/StackVista/http-header-injector -icon: https://www.stackstate.com/wp-content/uploads/2019/02/152x152-favicon.png -keywords: -- monitoring -- stackstate -maintainers: -- email: ops@stackstate.com - name: Stackstate Lupulus Team -name: http-header-injector -version: 0.0.6 diff --git a/charts/stackstate/stackstate-k8s-agent/1.0.51/charts/http-header-injector/README.md b/charts/stackstate/stackstate-k8s-agent/1.0.51/charts/http-header-injector/README.md deleted file mode 100644 index 3f83e01b8..000000000 --- a/charts/stackstate/stackstate-k8s-agent/1.0.51/charts/http-header-injector/README.md +++ /dev/null @@ -1,54 +0,0 @@ -# http-header-injector - -![Version: 0.0.6](https://img.shields.io/badge/Version-0.0.6-informational?style=flat-square) ![AppVersion: 0.0.1](https://img.shields.io/badge/AppVersion-0.0.1-informational?style=flat-square) - -Helm chart for deploying the http-header-injector sidecar, which automatically injects x-request-id into http traffic -going through the cluster for pods which have the annotation `http-header-injector.stackstate.io/inject: enabled` is set. - -**Homepage:** - -## Maintainers - -| Name | Email | Url | -| ---- | ------ | --- | -| Stackstate Lupulus Team | | | - -## Values - -| Key | Type | Default | Description | -|-----|------|---------|-------------| -| certificatePrehook | object | `{"image":{"pullPolicy":"IfNotPresent","registry":null,"repository":"stackstate/container-tools","tag":"1.1.8"}}` | Helm prehook to setup/remove a certificate for the sidecarInjector mutationwebhook | -| certificatePrehook.image.pullPolicy | string | `"IfNotPresent"` | Policy when pulling an image | -| certificatePrehook.image.registry | string | `nil` | Registry for the docker image. | -| certificatePrehook.image.tag | string | `"1.1.8"` | The tag for the docker image | -| debug | bool | `false` | Enable debugging. This will leave leave artifacts around like the prehook jobs for further inspection | -| enabled | bool | `true` | Enable/disable the mutationwebhook | -| global.imagePullCredentials | object | `{}` | Globally define credentials for pulling images. | -| global.imagePullSecrets | list | `[]` | Globally add image pull secrets that are used. | -| global.imageRegistry | string | `nil` | Globally override the image registry that is used. Can be overridden by specific containers. Defaults to quay.io | -| images.pullSecretName | string | `nil` | | -| proxy | object | `{"image":{"pullPolicy":"IfNotPresent","registry":null,"repository":"stackstate/http-header-injector-proxy","tag":"sha-5ff79451"},"resources":{"limits":{"memory":"40Mi"},"requests":{"memory":"25Mi"}}}` | Proxy being injected into pods for rewriting http headers | -| proxy.image.pullPolicy | string | `"IfNotPresent"` | Policy when pulling an image | -| proxy.image.registry | string | `nil` | Registry for the docker image. | -| proxy.image.tag | string | `"sha-5ff79451"` | The tag for the docker image | -| proxy.resources.limits.memory | string | `"40Mi"` | Memory resource limits. | -| proxy.resources.requests.memory | string | `"25Mi"` | Memory resource requests. | -| proxyInit | object | `{"image":{"pullPolicy":"IfNotPresent","registry":null,"repository":"stackstate/http-header-injector-proxy-init","tag":"sha-5ff79451"}}` | InitContainer within pod which redirects traffic to the proxy container. | -| proxyInit.image.pullPolicy | string | `"IfNotPresent"` | Policy when pulling an image | -| proxyInit.image.registry | string | `nil` | Registry for the docker image | -| proxyInit.image.tag | string | `"sha-5ff79451"` | The tag for the docker image | -| sidecarInjector | object | `{"image":{"pullPolicy":"IfNotPresent","registry":null,"repository":"stackstate/generic-sidecar-injector","tag":"sha-9c852245"}}` | Service for injecting the proxy sidecar into pods | -| sidecarInjector.image.pullPolicy | string | `"IfNotPresent"` | Policy when pulling an image | -| sidecarInjector.image.registry | string | `nil` | Registry for the docker image. | -| sidecarInjector.image.tag | string | `"sha-9c852245"` | The tag for the docker image | -| webhook | object | `{"failurePolicy":"Ignore","tls":{"certManager":{"issuer":"","issuerKind":"ClusterIssuer","issuerNamespace":""},"mode":"generated","provided":{"caBundle":"","crt":"","key":""},"secret":{"name":""}}}` | MutationWebhook that will be installed to inject a sidecar into pods | -| webhook.failurePolicy | string | `"Ignore"` | How should the webhook fail? Best is to use Ignore, because there is a brief moment at initialization when the hook s there but the service not. Also, putting this to fail can cause the control plane be unresponsive. | -| webhook.tls.certManager.issuer | string | `""` | The issuer that is used for the webhook. Only used if you set webhook.tls.mode to "cert-manager". | -| webhook.tls.certManager.issuerKind | string | `"ClusterIssuer"` | The issuer kind that is used for the webhook, valid values are "Issuer" or "ClusterIssuer". Only used if you set webhook.tls.mode to "cert-manager". | -| webhook.tls.certManager.issuerNamespace | string | `""` | The namespace the cert-manager issuer is located in. If left empty defaults to the release's namespace that is used for the webhook. Only used if you set webhook.tls.mode to "cert-manager". | -| webhook.tls.mode | string | `"generated"` | The mode for the webhook. Can be "provided", "generated", "secret" or "cert-manager". If you want to use cert-manager, you need to install it first. NOTE: If you choose "generated", additional privileges are required to create the certificate and webhook at runtime. | -| webhook.tls.provided.caBundle | string | `""` | The caBundle that is used for the webhook. This is the certificate that is used to sign the webhook. Only used if you set webhook.tls.mode to "provided". | -| webhook.tls.provided.crt | string | `""` | The certificate that is used for the webhook. Only used if you set webhook.tls.mode to "provided". | -| webhook.tls.provided.key | string | `""` | The key that is used for the webhook. Only used if you set webhook.tls.mode to "provided". | -| webhook.tls.secret.name | string | `""` | The name of the secret containing the pre-provisioned certificate data that is used for the webhook. Only used if you set webhook.tls.mode to "secret". | - diff --git a/charts/stackstate/stackstate-k8s-agent/1.0.51/charts/http-header-injector/Readme.md.gotpl b/charts/stackstate/stackstate-k8s-agent/1.0.51/charts/http-header-injector/Readme.md.gotpl deleted file mode 100644 index 225032aa2..000000000 --- a/charts/stackstate/stackstate-k8s-agent/1.0.51/charts/http-header-injector/Readme.md.gotpl +++ /dev/null @@ -1,26 +0,0 @@ -{{ template "chart.header" . }} -{{ template "chart.description" . }} - -Current chart version is `{{ template "chart.version" . }}` - -{{ template "chart.homepageLine" . }} - -{{ template "chart.requirementsSection" . }} - -## Required Values - -No values have to be included to install this chart. After installing this chart, it becomes possible to annotate pods with -the `http-header-injector.stackstate.io/inject: enabled` annotation to make sure the sidecar provided by this chart is -activated on a pod. - -## Recommended Values - -{{ template "chart.valuesSection" . -}} - -## Install - -Install from the command line on Helm with the following command: - -```shell -helm install stackstate/http-header-injector -``` diff --git a/charts/stackstate/stackstate-k8s-agent/1.0.51/charts/http-header-injector/templates/_defines.tpl b/charts/stackstate/stackstate-k8s-agent/1.0.51/charts/http-header-injector/templates/_defines.tpl deleted file mode 100644 index f1b8b8872..000000000 --- a/charts/stackstate/stackstate-k8s-agent/1.0.51/charts/http-header-injector/templates/_defines.tpl +++ /dev/null @@ -1,82 +0,0 @@ -{{- define "http-header-injector.app.name" -}} -{{ .Release.Name }}-http-header-injector -{{- end -}} - -{{- define "http-header-injector.webhook-service.name" -}} -{{ .Release.Name }}-http-header-injector -{{- end -}} - -{{- define "http-header-injector.webhook-service.fqname" -}} -{{ .Release.Name }}-http-header-injector.{{ .Release.Namespace }}.svc -{{- end -}} - -{{- define "http-header-injector.cert-secret.name" -}} -{{- if eq .Values.webhook.tls.mode "secret" -}} -{{ .Values.webhook.tls.secret.name }} -{{- else -}} -{{ .Release.Name }}-http-injector-cert -{{- end -}} -{{- end -}} - -{{- define "http-header-injector.cert-clusterrole.name" -}} -{{ .Release.Name }}-http-injector-cert-cluster-role -{{- end -}} - -{{- define "http-header-injector.cert-serviceaccount.name" -}} -{{ .Release.Name }}-http-injector-cert-sa -{{- end -}} - -{{- define "http-header-injector.cert-config.name" -}} -{{ .Release.Name }}-cert-config -{{- end -}} - -{{- define "http-header-injector.mutatingwebhookconfiguration.name" -}} -{{ .Release.Name }}-http-header-injector-webhook.stackstate.io -{{- end -}} - -{{- define "http-header-injector.webhook-config.name" -}} -{{ .Release.Name }}-http-header-injector-config -{{- end -}} - -{{- define "http-header-injector.mutating-webhook.name" -}} -{{ .Release.Name }}-http-header-injector-webhook -{{- end -}} - -{{- define "http-header-injector.pull-secret.name" -}} -{{ include "http-header-injector.app.name" . }}-pull-secret -{{- end -}} - -{{/* If the issuer is located in a different namespace, it is possible to set that, else default to the release namespace */}} -{{- define "cert-manager.certificate.namespace" -}} -{{ .Values.webhook.tls.certManager.issuerNamespace | default .Release.Namespace }} -{{- end -}} - -{{- define "http-header-injector.image.registry.global" -}} - {{- if .Values.global }} - {{- .Values.global.imageRegistry | default "quay.io" -}} - {{- else -}} - quay.io - {{- end -}} -{{- end -}} - -{{- define "http-header-injector.image.registry" -}} - {{- if ((.ContainerConfig).image).registry -}} - {{- tpl .ContainerConfig.image.registry . -}} - {{- else -}} - {{- include "http-header-injector.image.registry.global" . }} - {{- end -}} -{{- end -}} - -{{- define "http-header-injector.image.pullSecrets" -}} - {{- $pullSecrets := list }} - {{- $pullSecrets = append $pullSecrets (include "http-header-injector.pull-secret.name" .) }} - {{- range .Values.global.imagePullSecrets -}} - {{- $pullSecrets = append $pullSecrets . -}} - {{- end -}} - {{- if (not (empty $pullSecrets)) -}} -imagePullSecrets: - {{- range $pullSecrets | uniq }} - - name: {{ . }} - {{- end }} - {{- end -}} -{{- end -}} diff --git a/charts/stackstate/stackstate-k8s-agent/1.0.51/charts/http-header-injector/templates/cert-hook-clusterrolbinding.yaml b/charts/stackstate/stackstate-k8s-agent/1.0.51/charts/http-header-injector/templates/cert-hook-clusterrolbinding.yaml deleted file mode 100644 index fb804f729..000000000 --- a/charts/stackstate/stackstate-k8s-agent/1.0.51/charts/http-header-injector/templates/cert-hook-clusterrolbinding.yaml +++ /dev/null @@ -1,22 +0,0 @@ -{{- if eq .Values.webhook.tls.mode "generated" }} -apiVersion: rbac.authorization.k8s.io/v1 -kind: ClusterRoleBinding -metadata: - name: "{{ include "http-header-injector.cert-serviceaccount.name" . }}" - labels: - app.kubernetes.io/component: http-header-injector-cert-hook - app.kubernetes.io/instance: {{ .Release.Name }} - app.kubernetes.io/name: {{ include "http-header-injector.app.name" . }} - annotations: - "helm.sh/hook": pre-install,pre-upgrade,post-delete,post-upgrade - "helm.sh/hook-weight": "-3" - "helm.sh/hook-delete-policy": before-hook-creation,hook-succeeded -roleRef: - apiGroup: rbac.authorization.k8s.io - kind: ClusterRole - name: "{{ include "http-header-injector.cert-clusterrole.name" . }}" -subjects: - - kind: ServiceAccount - name: "{{ include "http-header-injector.cert-serviceaccount.name" . }}" - namespace: {{ .Release.Namespace }} -{{- end }} diff --git a/charts/stackstate/stackstate-k8s-agent/1.0.51/charts/http-header-injector/templates/cert-hook-clusterrole.yaml b/charts/stackstate/stackstate-k8s-agent/1.0.51/charts/http-header-injector/templates/cert-hook-clusterrole.yaml deleted file mode 100644 index 595ae5c1b..000000000 --- a/charts/stackstate/stackstate-k8s-agent/1.0.51/charts/http-header-injector/templates/cert-hook-clusterrole.yaml +++ /dev/null @@ -1,24 +0,0 @@ -{{- if eq .Values.webhook.tls.mode "generated" }} -apiVersion: rbac.authorization.k8s.io/v1 -kind: ClusterRole -metadata: - name: "{{ include "http-header-injector.cert-clusterrole.name" . }}" - labels: - app.kubernetes.io/component: http-header-injector-cert-hook - app.kubernetes.io/instance: {{ .Release.Name }} - app.kubernetes.io/name: {{ include "http-header-injector.app.name" . }} - annotations: - "helm.sh/hook": pre-install,pre-upgrade,post-delete,post-upgrade - "helm.sh/hook-weight": "-4" - "helm.sh/hook-delete-policy": before-hook-creation,hook-succeeded -rules: - - apiGroups: [ "admissionregistration.k8s.io" ] - resources: [ "mutatingwebhookconfigurations" ] - verbs: [ "get", "create", "patch","update","delete" ] - - apiGroups: [ "" ] - resources: [ "secrets" ] - verbs: [ "create", "get", "patch","update","delete" ] - - apiGroups: [ "apps" ] - resources: [ "deployments" ] - verbs: [ "get" ] -{{- end }} diff --git a/charts/stackstate/stackstate-k8s-agent/1.0.51/charts/http-header-injector/templates/cert-hook-config.yaml b/charts/stackstate/stackstate-k8s-agent/1.0.51/charts/http-header-injector/templates/cert-hook-config.yaml deleted file mode 100644 index b0c5f22fd..000000000 --- a/charts/stackstate/stackstate-k8s-agent/1.0.51/charts/http-header-injector/templates/cert-hook-config.yaml +++ /dev/null @@ -1,152 +0,0 @@ -{{- if eq .Values.webhook.tls.mode "generated" }} -apiVersion: v1 -kind: ConfigMap -metadata: - name: "{{ include "http-header-injector.cert-config.name" . }}" - labels: - app.kubernetes.io/component: http-header-injector-cert-hook - app.kubernetes.io/instance: {{ .Release.Name }} - app.kubernetes.io/name: {{ include "http-header-injector.app.name" . }} - annotations: - "helm.sh/hook": pre-install,pre-upgrade,post-delete,post-upgrade - "helm.sh/hook-weight": "-3" - "helm.sh/hook-delete-policy": before-hook-creation,hook-succeeded -data: - generate-cert.sh: | - #!/bin/bash - - # We are going for a self-signed certificate here. We would like to use k8s CertificateSigningRequest, however, - # currently there are no out of the box signers that can sign a 'server auth' certificate, which is required for mutation webhooks. - set -ex - - SCRIPTDIR="${BASH_SOURCE%/*}" - - DIR=`mktemp -d` - - cd "$DIR" - - {{ if .Values.enabled }} - echo "Chart enabled, creating secret and webhook" - - openssl genrsa -out ca.key 2048 - - openssl req -x509 -new -nodes -key ca.key -subj "/CN={{ include "http-header-injector.webhook-service.fqname" . }}" -days 10000 -out ca.crt - - openssl genrsa -out tls.key 2048 - - openssl req -new -key tls.key -out tls.csr -config "$SCRIPTDIR/csr.conf" - - openssl x509 -req -in tls.csr -CA ca.crt -CAkey ca.key \ - -CAcreateserial -out tls.crt -days 10000 \ - -extensions v3_ext -extfile "$SCRIPTDIR/csr.conf" -sha256 - - # Create or update the secret - echo "Applying secret" - kubectl create secret tls "{{ include "http-header-injector.cert-secret.name" . }}" \ - -n "{{ .Release.Namespace }}" \ - --cert=./tls.crt \ - --key=./tls.key \ - --dry-run=client \ - -o yaml | kubectl apply -f - - - echo "Applying mutationwebhook" - caBundle=`base64 -w 0 ca.crt` - cat "$SCRIPTDIR/mutatingwebhookconfiguration.yaml" | sed "s/\\\$CA_BUNDLE/$caBundle/g" | kubectl apply -f - - {{ else }} - echo "Chart disabled, not creating secret and webhook" - {{ end }} - delete-cert.sh: | - #!/bin/bash - - set -x - - DIR="${BASH_SOURCE%/*}" - if [[ ! -d "$DIR" ]]; then DIR="$PWD"; fi - if [[ "$DIR" = "." ]]; then DIR="$PWD"; fi - - cd "$DIR" - - # Using detection of deployment hee to also make this work in post-delete. - if kubectl get deployments "{{ include "http-header-injector.app.name" . }}" -n "{{ .Release.Namespace }}"; then - echo "Chart enabled, not removing secret and mutationwebhook" - exit 0 - else - echo "Chart disabled, removing secret and mutationwebhook" - fi - - # Create or update the secret - echo "Deleting secret" - kubectl delete secret "{{ include "http-header-injector.cert-secret.name" . }}" -n "{{ .Release.Namespace }}" - - echo "Applying mutationwebhook" - kubectl delete MutatingWebhookConfiguration "{{ include "http-header-injector.mutating-webhook.name" . }}" -n "{{ .Release.Namespace }}" - - exit 0 - - csr.conf: | - [ req ] - default_bits = 2048 - prompt = no - default_md = sha256 - req_extensions = req_ext - distinguished_name = dn - - [ dn ] - C = NL - ST = Utrecht - L = Hilversum - O = StackState - OU = Dev - CN = {{ include "http-header-injector.webhook-service.fqname" . }} - - [ req_ext ] - subjectAltName = @alt_names - - [ alt_names ] - DNS.1 = {{ include "http-header-injector.webhook-service.fqname" . }} - - [ v3_ext ] - authorityKeyIdentifier=keyid,issuer:always - basicConstraints=CA:FALSE - keyUsage=keyEncipherment,dataEncipherment - extendedKeyUsage=serverAuth - subjectAltName=@alt_names - - mutatingwebhookconfiguration.yaml: | - apiVersion: admissionregistration.k8s.io/v1 - kind: MutatingWebhookConfiguration - metadata: - name: "{{ include "http-header-injector.mutating-webhook.name" . }}" - namespace: "{{ .Release.Namespace }}" - webhooks: - - clientConfig: - caBundle: "$CA_BUNDLE" - service: - name: "{{ include "http-header-injector.webhook-service.name" . }}" - path: /mutate - namespace: {{ .Release.Namespace }} - port: 8443 - # Putting failure on ignore, not doing so can crash the entire control plane if something goes wrong with the service. - failurePolicy: "{{ .Values.webhook.failurePolicy }}" - name: "{{ include "http-header-injector.mutatingwebhookconfiguration.name" . }}" - namespaceSelector: - matchExpressions: - - key: kubernetes.io/metadata.name - operator: NotIn - values: - - kube-system - - cert-manager - - {{ .Release.Namespace }} - rules: - - apiGroups: - - "" - apiVersions: - - v1 - operations: - - CREATE - resources: - - pods - sideEffects: None - admissionReviewVersions: - - v1 -{{- end }} diff --git a/charts/stackstate/stackstate-k8s-agent/1.0.51/charts/http-header-injector/templates/cert-hook-job-delete.yaml b/charts/stackstate/stackstate-k8s-agent/1.0.51/charts/http-header-injector/templates/cert-hook-job-delete.yaml deleted file mode 100644 index 027d69b37..000000000 --- a/charts/stackstate/stackstate-k8s-agent/1.0.51/charts/http-header-injector/templates/cert-hook-job-delete.yaml +++ /dev/null @@ -1,42 +0,0 @@ -{{- if eq .Values.webhook.tls.mode "generated" }} -{{- $containerConfig := dict "ContainerConfig" .Values.certificatePrehook -}} -apiVersion: batch/v1 -kind: Job -metadata: - name: {{ .Release.Name }}-header-injector-cert-delete - labels: - app.kubernetes.io/component: http-header-injector-cert-hook-delete - app.kubernetes.io/instance: {{ .Release.Name }} - app.kubernetes.io/name: {{ include "http-header-injector.app.name" . }} - annotations: - "helm.sh/hook": post-delete,post-upgrade - "helm.sh/hook-weight": "-2" - "helm.sh/hook-delete-policy": before-hook-creation{{- if not .Values.debug -}},hook-succeeded{{- end }} -spec: - template: - metadata: - labels: - app.kubernetes.io/component: http-header-injector-delete - app.kubernetes.io/instance: {{ .Release.Name }} - app.kubernetes.io/name: {{ include "http-header-injector.app.name" . }} - annotations: - checksum/config: {{ include (print $.Template.BasePath "/cert-hook-config.yaml") . | sha256sum }} - spec: - serviceAccountName: "{{ include "http-header-injector.cert-serviceaccount.name" . }}" - {{- include "http-header-injector.image.pullSecrets" . | nindent 6 }} - volumes: - - name: "{{ include "http-header-injector.cert-config.name" . }}" - configMap: - name: "{{ include "http-header-injector.cert-config.name" . }}" - defaultMode: 0777 - containers: - - name: webhook-cert-delete - image: "{{ include "http-header-injector.image.registry" (merge $containerConfig .) }}/{{ .Values.certificatePrehook.image.repository }}:{{ .Values.certificatePrehook.image.tag }}" - imagePullPolicy: {{ .Values.certificatePrehook.image.pullPolicy }} - volumeMounts: - - name: "{{ include "http-header-injector.cert-config.name" . }}" - mountPath: /scripts - command: [ "/scripts/delete-cert.sh" ] - restartPolicy: Never - backoffLimit: 0 -{{- end }} diff --git a/charts/stackstate/stackstate-k8s-agent/1.0.51/charts/http-header-injector/templates/cert-hook-job-setup.yaml b/charts/stackstate/stackstate-k8s-agent/1.0.51/charts/http-header-injector/templates/cert-hook-job-setup.yaml deleted file mode 100644 index b8e310442..000000000 --- a/charts/stackstate/stackstate-k8s-agent/1.0.51/charts/http-header-injector/templates/cert-hook-job-setup.yaml +++ /dev/null @@ -1,43 +0,0 @@ -{{- if eq .Values.webhook.tls.mode "generated" }} -{{- $containerConfig := dict "ContainerConfig" .Values.certificatePrehook -}} -apiVersion: batch/v1 -kind: Job -metadata: - name: {{ .Release.Name }}-header-injector-cert-setup - labels: - app.kubernetes.io/component: http-header-injector-cert-hook-setup - app.kubernetes.io/instance: {{ .Release.Name }} - app.kubernetes.io/name: {{ include "http-header-injector.app.name" . }} - annotations: - "helm.sh/hook": pre-install,pre-upgrade - "helm.sh/hook-weight": "-2" - "helm.sh/hook-delete-policy": before-hook-creation{{- if not .Values.debug -}},hook-succeeded{{- end }} -spec: - template: - metadata: - labels: - app.kubernetes.io/component: http-header-injector-setup - app.kubernetes.io/instance: {{ .Release.Name }} - app.kubernetes.io/name: {{ include "http-header-injector.app.name" . }} - annotations: - checksum/config: {{ include (print $.Template.BasePath "/cert-hook-config.yaml") . | sha256sum }} - spec: - serviceAccountName: "{{ include "http-header-injector.cert-serviceaccount.name" . }}" - {{- include "http-header-injector.image.pullSecrets" . | nindent 6 }} - volumes: - - name: "{{ include "http-header-injector.cert-config.name" . }}" - configMap: - name: "{{ include "http-header-injector.cert-config.name" . }}" - defaultMode: 0777 - containers: - - name: webhook-cert-setup - image: "{{ include "http-header-injector.image.registry" (merge $containerConfig .) }}/{{ .Values.certificatePrehook.image.repository }}:{{ .Values.certificatePrehook.image.tag }}" - imagePullPolicy: {{ .Values.certificatePrehook.image.pullPolicy }} - volumeMounts: - - name: "{{ include "http-header-injector.cert-config.name" . }}" - mountPath: /scripts - readOnly: true - command: ["/scripts/generate-cert.sh"] - restartPolicy: Never - backoffLimit: 0 -{{- end }} diff --git a/charts/stackstate/stackstate-k8s-agent/1.0.51/charts/http-header-injector/templates/cert-hook-serviceaccount.yaml b/charts/stackstate/stackstate-k8s-agent/1.0.51/charts/http-header-injector/templates/cert-hook-serviceaccount.yaml deleted file mode 100644 index 4d6931b05..000000000 --- a/charts/stackstate/stackstate-k8s-agent/1.0.51/charts/http-header-injector/templates/cert-hook-serviceaccount.yaml +++ /dev/null @@ -1,16 +0,0 @@ -{{- if eq .Values.webhook.tls.mode "generated" }} -apiVersion: v1 -kind: ServiceAccount -metadata: - name: "{{ include "http-header-injector.cert-serviceaccount.name" . }}" - namespace: {{ .Release.Namespace }} - annotations: - "helm.sh/hook": pre-install,pre-upgrade,post-delete,post-upgrade - "helm.sh/hook-weight": "-4" - "helm.sh/hook-delete-policy": before-hook-creation,hook-succeeded - labels: - app.kubernetes.io/component: http-header-injector-cert-hook - app.kubernetes.io/instance: {{ .Release.Name }} - app.kubernetes.io/name: {{ include "http-header-injector.app.name" . }} - app: "{{ include "http-header-injector.app.name" . }}" -{{- end }} diff --git a/charts/stackstate/stackstate-k8s-agent/1.0.51/charts/http-header-injector/templates/pull-secret.yaml b/charts/stackstate/stackstate-k8s-agent/1.0.51/charts/http-header-injector/templates/pull-secret.yaml deleted file mode 100644 index 5dc48d931..000000000 --- a/charts/stackstate/stackstate-k8s-agent/1.0.51/charts/http-header-injector/templates/pull-secret.yaml +++ /dev/null @@ -1,29 +0,0 @@ -{{- $defaultRegistry := .Values.global.imageRegistry }} -{{- $top := . }} -{{- $registryAuthMap := dict }} - -{{- range $registry, $credentials := .Values.global.imagePullCredentials }} - {{- $registryAuthDocument := dict -}} - {{- $_ := set $registryAuthDocument "username" $credentials.username }} - {{- $_ := set $registryAuthDocument "password" $credentials.password }} - {{- $authMessage := printf "%s:%s" $registryAuthDocument.username $registryAuthDocument.password | b64enc }} - {{- $_ := set $registryAuthDocument "auth" $authMessage }} - {{- if eq $registry "default" }} - {{- $registryAuthMap := set $registryAuthMap (include "http-header-injector.image.registry.global" $top) $registryAuthDocument }} - {{ else }} - {{- $registryAuthMap := set $registryAuthMap $registry $registryAuthDocument }} - {{- end }} -{{- end }} -{{- $dockerAuthsDocuments := dict "auths" $registryAuthMap }} - -apiVersion: v1 -kind: Secret -metadata: - labels: - app.kubernetes.io/component: http-header-injector - app.kubernetes.io/instance: {{ .Release.Name }} - app.kubernetes.io/name: {{ include "http-header-injector.app.name" . }} - name: {{ include "http-header-injector.pull-secret.name" . }} -data: - .dockerconfigjson: {{ $dockerAuthsDocuments | toJson | b64enc | quote }} -type: kubernetes.io/dockerconfigjson \ No newline at end of file diff --git a/charts/stackstate/stackstate-k8s-agent/1.0.51/charts/http-header-injector/templates/webhook-cert-secret.yaml b/charts/stackstate/stackstate-k8s-agent/1.0.51/charts/http-header-injector/templates/webhook-cert-secret.yaml deleted file mode 100644 index ba7a216f2..000000000 --- a/charts/stackstate/stackstate-k8s-agent/1.0.51/charts/http-header-injector/templates/webhook-cert-secret.yaml +++ /dev/null @@ -1,15 +0,0 @@ -{{- if eq .Values.webhook.tls.mode "provided" }} -apiVersion: v1 -kind: Secret -metadata: - name: {{ include "http-header-injector.cert-secret.name" . }} - namespace: {{ .Release.Namespace }} - labels: - app.kubernetes.io/component: http-header-injector - app.kubernetes.io/instance: {{ .Release.Name }} - app.kubernetes.io/name: {{ include "http-header-injector.app.name" . }} -type: kubernetes.io/tls -data: - tls.crt: {{ .Values.webhook.tls.provided.crt | b64enc }} - tls.key: {{ .Values.webhook.tls.provided.key | b64enc }} -{{- end }} diff --git a/charts/stackstate/stackstate-k8s-agent/1.0.51/charts/http-header-injector/templates/webhook-certificate.yaml b/charts/stackstate/stackstate-k8s-agent/1.0.51/charts/http-header-injector/templates/webhook-certificate.yaml deleted file mode 100644 index 752132d44..000000000 --- a/charts/stackstate/stackstate-k8s-agent/1.0.51/charts/http-header-injector/templates/webhook-certificate.yaml +++ /dev/null @@ -1,20 +0,0 @@ -{{- if eq .Values.webhook.tls.mode "cert-manager" }} -apiVersion: cert-manager.io/v1 -kind: Certificate -metadata: - name: {{ include "http-header-injector.webhook-service.name" . }} - namespace: {{ include "cert-manager.certificate.namespace" . }} - labels: - app.kubernetes.io/component: http-header-injector - app.kubernetes.io/instance: {{ .Release.Name }} - app.kubernetes.io/name: {{ include "http-header-injector.app.name" . }} -spec: - secretName: {{ include "http-header-injector.cert-secret.name" . }} - issuerRef: - name: {{ .Values.webhook.tls.certManager.issuer }} - kind: {{ .Values.webhook.tls.certManager.issuerKind }} - dnsNames: - - "{{ include "http-header-injector.webhook-service.name" . }}" - - "{{ include "http-header-injector.webhook-service.name" . }}.{{ .Release.Namespace }}" - - "{{ include "http-header-injector.webhook-service.name" . }}.{{ .Release.Namespace }}.svc" -{{- end }} diff --git a/charts/stackstate/stackstate-k8s-agent/1.0.51/charts/http-header-injector/templates/webhook-config.yaml b/charts/stackstate/stackstate-k8s-agent/1.0.51/charts/http-header-injector/templates/webhook-config.yaml deleted file mode 100644 index f611a52e3..000000000 --- a/charts/stackstate/stackstate-k8s-agent/1.0.51/charts/http-header-injector/templates/webhook-config.yaml +++ /dev/null @@ -1,125 +0,0 @@ -{{- if .Values.enabled -}} -{{- $proxyContainerConfig := dict "ContainerConfig" .Values.proxy -}} -{{- $proxyInitContainerConfig := dict "ContainerConfig" .Values.proxyInit -}} -apiVersion: v1 -kind: ConfigMap -metadata: - labels: - app.kubernetes.io/component: http-header-injector - app.kubernetes.io/instance: {{ .Release.Name }} - app.kubernetes.io/name: {{ include "http-header-injector.app.name" . }} - name: {{ .Release.Name }}-http-header-injector-config -data: - sidecarconfig.yaml: | - initContainers: - - name: http-header-proxy-init - image: "{{ include "http-header-injector.image.registry" (merge $proxyInitContainerConfig .) }}/{{ .Values.proxyInit.image.repository }}:{{ .Values.proxyInit.image.tag }}" - imagePullPolicy: {{ .Values.proxyInit.image.pullPolicy }} - command: ["/init-iptables.sh"] - env: - - name: CHART_VERSION - value: "{{ .Chart.Version }}" - - name: PROXY_PORT - value: {% if index .Annotations "config.http-header-injector.stackstate.io/proxy-port" %}"{% index .Annotations "config.http-header-injector.stackstate.io/proxy-port" %}"{% else %}"7060"{% end %} - - name: PROXY_UID - value: {% if index .Annotations "config.http-header-injector.stackstate.io/proxy-uid" %}"{% index .Annotations "config.http-header-injector.stackstate.io/proxy-uid" %}"{% else %}"2103"{% end %} - - name: POD_HOST_NETWORK - value: {% .Spec.HostNetwork %} - {% if eq (index .Annotations "linkerd.io/inject") "enabled" %} - - name: LINKERD - value: true - # Reference: https://linkerd.io/2.13/reference/proxy-configuration/ - - name: LINKERD_PROXY_UID - value: {% if index .Annotations "config.linkerd.io/proxy-uid" %}"{% index .Annotations "config.linkerd.io/proxy-uid" %}"{% else %}"2102"{% end %} - # Due to https://github.com/linkerd/linkerd2/issues/10981 this is now not realy possible, still bringing in the code for future reference - - name: LINKERD_ADMIN_PORT - value: {% if index .Annotations "config.linkerd.io/admin-port" %}"{% index .Annotations "config.linkerd.io/admin-port" %}"{% else %}"4191"{% end %} - {% end %} - securityContext: - allowPrivilegeEscalation: false - capabilities: - add: - - NET_ADMIN - - NET_RAW - privileged: false - readOnlyRootFilesystem: true - runAsNonRoot: false - runAsUser: 0 - seccompProfile: - type: RuntimeDefault - volumeMounts: - # This is required for iptables to be able to run - - mountPath: /run - name: http-header-proxy-init-xtables-lock - - containers: - - name: http-header-proxy - image: "{{ include "http-header-injector.image.registry" (merge $proxyContainerConfig .) }}/{{ .Values.proxy.image.repository }}:{{ .Values.proxy.image.tag }}" - imagePullPolicy: {{ .Values.proxy.image.pullPolicy }} - env: - - name: CHART_VERSION - value: "{{ .Chart.Version }}" - - name: PORT - value: {% if index .Annotations "config.http-header-injector.stackstate.io/proxy-port" %}"{% index .Annotations "config.http-header-injector.stackstate.io/proxy-port" %}"{% else %}"7060"{% end %} - - name: DEBUG - value: {% if index .Annotations "config.http-header-injector.stackstate.io/debug" %}"{% index .Annotations "config.http-header-injector.stackstate.io/debug" %}"{% else %}"disabled"{% end %} - securityContext: - runAsUser: {% if index .Annotations "config.http-header-injector.stackstate.io/proxy-uid" %}{% index .Annotations "config.http-header-injector.stackstate.io/proxy-uid" %}{% else %}2103{% end %} - seccompProfile: - type: RuntimeDefault - {{- with .Values.proxy.resources }} - resources: - {{- toYaml . | nindent 12 }} - {{- end }} - - name: http-header-inject-debug - image: "{{ include "http-header-injector.image.registry" (merge $proxyContainerConfig .) }}/{{ .Values.proxyInit.image.repository }}:{{ .Values.proxyInit.image.tag }}" - imagePullPolicy: {{ .Values.proxyInit.image.pullPolicy }} - command: ["/bin/sh", "-c", "while echo \"Running\"; do sleep 1; done"] - securityContext: - allowPrivilegeEscalation: false - capabilities: - add: - - NET_ADMIN - - NET_RAW - privileged: false - readOnlyRootFilesystem: true - runAsNonRoot: false - runAsUser: 0 - seccompProfile: - type: RuntimeDefault - volumeMounts: - # This is required for iptables to be able to run - - mountPath: /run - name: http-header-proxy-init-xtables-lock - - volumes: - - emptyDir: {} - name: http-header-proxy-init-xtables-lock - - mutationconfig.yaml: | - mutationConfigs: - - name: "http-header-injector" - annotationNamespace: "http-header-injector.stackstate.io" - annotationTrigger: "inject" - annotationConfig: - volumeMounts: [] - initContainersBeforePodInitContainers: [ "http-header-proxy-init" ] - initContainers: [ "http-header-proxy-init" ] - containers: [ "http-header-proxy" ] - volumes: [ "http-header-proxy-init-xtables-lock" ] - volumeMounts: [ ] - # Namespaces are ignored by the mutatingwebhook - ignoreNamespaces: [ ] - - name: "http-header-injector-debug" - annotationNamespace: "http-header-injector-debug.stackstate.io" - annotationTrigger: "inject" - annotationConfig: - volumeMounts: [] - initContainersBeforePodInitContainers: [ ] - initContainers: [ ] - containers: [ "http-header-inject-debug" ] - volumes: [ "http-header-proxy-init-xtables-lock" ] - volumeMounts: [ ] - # Namespaces are ignored by the mutatingwebhook - ignoreNamespaces: [ ] - {{- end -}} \ No newline at end of file diff --git a/charts/stackstate/stackstate-k8s-agent/1.0.51/charts/http-header-injector/templates/webhook-deployment.yaml b/charts/stackstate/stackstate-k8s-agent/1.0.51/charts/http-header-injector/templates/webhook-deployment.yaml deleted file mode 100644 index e885d0e46..000000000 --- a/charts/stackstate/stackstate-k8s-agent/1.0.51/charts/http-header-injector/templates/webhook-deployment.yaml +++ /dev/null @@ -1,56 +0,0 @@ -{{- if .Values.enabled -}} -{{- $containerConfig := dict "ContainerConfig" .Values.sidecarInjector -}} -apiVersion: apps/v1 -kind: Deployment -metadata: - labels: - app.kubernetes.io/component: http-header-injector - app.kubernetes.io/instance: {{ .Release.Name }} - app.kubernetes.io/name: {{ include "http-header-injector.app.name" . }} - app: "{{ include "http-header-injector.app.name" . }}" - name: "{{ include "http-header-injector.app.name" . }}" -spec: - replicas: 1 - selector: - matchLabels: - app: "{{ include "http-header-injector.app.name" . }}" - template: - metadata: - labels: - app.kubernetes.io/component: http-header-injector - app.kubernetes.io/instance: {{ .Release.Name }} - app.kubernetes.io/name: {{ include "http-header-injector.app.name" . }} - app: "{{ include "http-header-injector.app.name" . }}" - annotations: - checksum/config: {{ include (print $.Template.BasePath "/webhook-config.yaml") . | sha256sum }} - # This is here to make sure the generic injector gets restarted and picks up a new secret that may have been generated upon upgrade. - revision: "{{ .Release.Revision }}" - name: "{{ include "http-header-injector.app.name" . }}" - spec: - {{- include "http-header-injector.image.pullSecrets" . | nindent 6 }} - volumes: - - name: "{{ include "http-header-injector.webhook-config.name" . }}" - configMap: - name: "{{ include "http-header-injector.webhook-config.name" . }}" - - name: "{{ include "http-header-injector.cert-secret.name" . }}" - secret: - secretName: "{{ include "http-header-injector.cert-secret.name" . }}" - containers: - - image: "{{ include "http-header-injector.image.registry" (merge $containerConfig .) }}/{{ .Values.sidecarInjector.image.repository }}:{{ .Values.sidecarInjector.image.tag }}" - imagePullPolicy: {{ .Values.sidecarInjector.image.pullPolicy }} - name: http-header-injector - volumeMounts: - - name: "{{ include "http-header-injector.webhook-config.name" . }}" - mountPath: /etc/webhook/config - readOnly: true - - name: "{{ include "http-header-injector.cert-secret.name" . }}" - mountPath: /etc/webhook/certs - readOnly: true - command: [ "/sidecarinjector" ] - args: - - --port=8443 - - --sidecar-config-file=/etc/webhook/config/sidecarconfig.yaml - - --mutation-config-file=/etc/webhook/config/mutationconfig.yaml - - --cert-file-path=/etc/webhook/certs/tls.crt - - --key-file-path=/etc/webhook/certs/tls.key -{{- end -}} \ No newline at end of file diff --git a/charts/stackstate/stackstate-k8s-agent/1.0.51/charts/http-header-injector/templates/webhook-mutatingwebhookconfiguration.yaml b/charts/stackstate/stackstate-k8s-agent/1.0.51/charts/http-header-injector/templates/webhook-mutatingwebhookconfiguration.yaml deleted file mode 100644 index 32d58afde..000000000 --- a/charts/stackstate/stackstate-k8s-agent/1.0.51/charts/http-header-injector/templates/webhook-mutatingwebhookconfiguration.yaml +++ /dev/null @@ -1,52 +0,0 @@ -{{- if not (eq .Values.webhook.tls.mode "generated") }} -apiVersion: admissionregistration.k8s.io/v1 -kind: MutatingWebhookConfiguration -metadata: - name: "{{ include "http-header-injector.mutating-webhook.name" . }}" - namespace: "{{ .Release.Namespace }}" - labels: - app.kubernetes.io/component: http-header-injector - app.kubernetes.io/instance: {{ .Release.Name }} - app.kubernetes.io/name: {{ include "http-header-injector.app.name" . }} - annotations: - {{- if eq .Values.webhook.tls.mode "cert-manager" }} - cert-manager.io/inject-ca-from: {{ include "cert-manager.certificate.namespace" . }}/{{ include "http-header-injector.webhook-service.name" . }} - {{- else if eq .Values.webhook.tls.mode "secret" }} - cert-manager.io/inject-ca-from-secret: {{ .Release.Namespace }}/{{ .Values.webhook.tls.secret.name | required "'webhook.tls.secret.name' is required when webhook.tls.mode is 'secret'" }} - {{- end }} -webhooks: - - clientConfig: - {{- if eq .Values.webhook.tls.mode "provided" }} - caBundle: "{{ .Values.webhook.tls.provided.caBundle | b64enc }}" - {{- else if or (eq .Values.webhook.tls.mode "cert-manager") (eq .Values.webhook.tls.mode "secret") }} - caBundle: "" - {{- end }} - service: - name: "{{ include "http-header-injector.webhook-service.name" . }}" - path: /mutate - namespace: {{ .Release.Namespace }} - port: 8443 - # Putting failure on ignore, not doing so can crash the entire control plane if something goes wrong with the service. - failurePolicy: "{{ .Values.webhook.failurePolicy }}" - name: "{{ include "http-header-injector.mutatingwebhookconfiguration.name" . }}" - namespaceSelector: - matchExpressions: - - key: kubernetes.io/metadata.name - operator: NotIn - values: - - kube-system - - cert-manager - - {{ .Release.Namespace }} - rules: - - apiGroups: - - "" - apiVersions: - - v1 - operations: - - CREATE - resources: - - pods - sideEffects: None - admissionReviewVersions: - - v1 -{{- end }} diff --git a/charts/stackstate/stackstate-k8s-agent/1.0.51/charts/http-header-injector/templates/webhook-service.yaml b/charts/stackstate/stackstate-k8s-agent/1.0.51/charts/http-header-injector/templates/webhook-service.yaml deleted file mode 100644 index 6936a5d23..000000000 --- a/charts/stackstate/stackstate-k8s-agent/1.0.51/charts/http-header-injector/templates/webhook-service.yaml +++ /dev/null @@ -1,17 +0,0 @@ -{{- if .Values.enabled -}} -apiVersion: v1 -kind: Service -metadata: - labels: - app.kubernetes.io/component: http-header-injector - app.kubernetes.io/instance: {{ .Release.Name }} - app.kubernetes.io/name: {{ include "http-header-injector.app.name" . }} - name: "{{ include "http-header-injector.webhook-service.name" . }}" -spec: - ports: - - port: 8443 - protocol: TCP - targetPort: 8443 - selector: - app: "{{ include "http-header-injector.app.name" . }}" -{{- end -}} diff --git a/charts/stackstate/stackstate-k8s-agent/1.0.51/charts/http-header-injector/values.yaml b/charts/stackstate/stackstate-k8s-agent/1.0.51/charts/http-header-injector/values.yaml deleted file mode 100644 index 236a8bb6a..000000000 --- a/charts/stackstate/stackstate-k8s-agent/1.0.51/charts/http-header-injector/values.yaml +++ /dev/null @@ -1,98 +0,0 @@ -# enabled -- Enable/disable the mutationwebhook -enabled: true - -# debug -- Enable debugging. This will leave leave artifacts around like the prehook jobs for further inspection -debug: false - -global: - # global.imageRegistry -- Globally override the image registry that is used. Can be overridden by specific containers. Defaults to quay.io - imageRegistry: null - # global.imagePullSecrets -- Globally add image pull secrets that are used. - imagePullSecrets: [] - # global.imagePullCredentials -- Globally define credentials for pulling images. - imagePullCredentials: {} - -images: - pullSecretName: - -# proxy -- Proxy being injected into pods for rewriting http headers -proxy: - image: - # proxy.image.registry -- Registry for the docker image. - registry: - # proxy.image.repository - Repository for the docker image - repository: "stackstate/http-header-injector-proxy" - # proxy.image.pullPolicy -- Policy when pulling an image - pullPolicy: IfNotPresent - # proxy.image.tag -- The tag for the docker image - tag: sha-5ff79451 - - # proxy.resource -- Resources for the proxy container - resources: - requests: - # proxy.resources.requests.memory -- Memory resource requests. - memory: "25Mi" - limits: - # proxy.resources.limits.memory -- Memory resource limits. - memory: "40Mi" - -# proxyInit -- InitContainer within pod which redirects traffic to the proxy container. -proxyInit: - image: - # proxyInit.image.registry -- Registry for the docker image - registry: - # proxyInit.image.repository - Repository for the docker image - repository: "stackstate/http-header-injector-proxy-init" - # proxyInit.image.pullPolicy -- Policy when pulling an image - pullPolicy: IfNotPresent - # proxyInit.image.tag -- The tag for the docker image - tag: sha-5ff79451 - -# sidecarInjector -- Service for injecting the proxy sidecar into pods -sidecarInjector: - image: - # sidecarInjector.image.registry -- Registry for the docker image. - registry: - # sidecarInjector.image.repository - Repository for the docker image - repository: "stackstate/generic-sidecar-injector" - # sidecarInjector.image.pullPolicy -- Policy when pulling an image - pullPolicy: IfNotPresent - # sidecarInjector.image.tag -- The tag for the docker image - tag: sha-9c852245 - -# certificatePrehook -- Helm prehook to setup/remove a certificate for the sidecarInjector mutationwebhook -certificatePrehook: - image: - # certificatePrehook.image.registry -- Registry for the docker image. - registry: - # certificatePrehook.image.repository - Repository for the docker image. - repository: stackstate/container-tools - # certificatePrehook.image.pullPolicy -- Policy when pulling an image - pullPolicy: IfNotPresent - # certificatePrehook.image.tag -- The tag for the docker image - tag: 1.1.8 - -# webhook -- MutationWebhook that will be installed to inject a sidecar into pods -webhook: - # webhook.failurePolicy -- How should the webhook fail? Best is to use Ignore, because there is a brief moment at initialization when the hook s there but the service not. Also, putting this to fail can cause the control plane be unresponsive. - failurePolicy: Ignore - tls: - # webhook.tls.mode -- The mode for the webhook. Can be "provided", "generated", "secret" or "cert-manager". If you want to use cert-manager, you need to install it first. NOTE: If you choose "generated", additional privileges are required to create the certificate and webhook at runtime. - mode: "generated" - provided: - # webhook.tls.provided.caBundle -- The caBundle that is used for the webhook. This is the certificate that is used to sign the webhook. Only used if you set webhook.tls.mode to "provided". - caBundle: "" - # webhook.tls.provided.crt -- The certificate that is used for the webhook. Only used if you set webhook.tls.mode to "provided". - crt: "" - # webhook.tls.provided.key -- The key that is used for the webhook. Only used if you set webhook.tls.mode to "provided". - key: "" - certManager: - # webhook.tls.certManager.issuer -- The issuer that is used for the webhook. Only used if you set webhook.tls.mode to "cert-manager". - issuer: "" - # webhook.tls.certManager.issuerKind -- The issuer kind that is used for the webhook, valid values are "Issuer" or "ClusterIssuer". Only used if you set webhook.tls.mode to "cert-manager". - issuerKind: "ClusterIssuer" - # webhook.tls.certManager.issuerNamespace -- The namespace the cert-manager issuer is located in. If left empty defaults to the release's namespace that is used for the webhook. Only used if you set webhook.tls.mode to "cert-manager". - issuerNamespace: "" - secret: - # webhook.tls.secret.name -- The name of the secret containing the pre-provisioned certificate data that is used for the webhook. Only used if you set webhook.tls.mode to "secret". - name: "" diff --git a/charts/stackstate/stackstate-k8s-agent/1.0.51/questions.yml b/charts/stackstate/stackstate-k8s-agent/1.0.51/questions.yml deleted file mode 100644 index 5d6e6a011..000000000 --- a/charts/stackstate/stackstate-k8s-agent/1.0.51/questions.yml +++ /dev/null @@ -1,184 +0,0 @@ -questions: - - variable: stackstate.apiKey - label: "StackState API Key" - type: string - description: "The API key for StackState." - required: true - group: General - - variable: stackstate.url - label: "StackState URL" - type: string - description: "The URL where StackState is running." - required: true - group: General - - variable: stackstate.cluster.name - label: "StackState Cluster Name" - type: string - description: "The StackState Cluster Name given when installing the instance of the Kubernetes StackPack in StackState. This is used to identify the cluster in StackState." - required: true - group: General - - variable: all.registry.override - label: "Override Default Image Registry" - type: boolean - description: "Whether or not to override the default image registry." - default: false - group: "General" - show_subquestions_if: true - subquestions: - - variable: all.image.registry - label: "Docker Image Registry" - type: string - description: "The registry to pull the StackState Agent images from." - default: "quay.io" - - variable: global.imagePullCredentials.username - label: "Docker Image Pull Username" - type: string - description: "The username to use when pulling the StackState Agent images." - - variable: global.imagePullCredentials.password - label: "Docker Image Pull Password" - type: secret - description: "The password to use when pulling the StackState Agent images." - - variable: nodeAgent.containers.agent.resources.override - label: "Override Node Agent Resource Allocation" - type: boolean - description: "Whether or not to override the default resources." - default: "false" - group: "Node Agent" - show_subquestions_if: true - subquestions: - - variable: nodeAgent.containers.agent.resources.requests.cpu - label: "CPU Requests" - type: string - description: "The requested CPU for the Node Agent." - default: "20m" - - variable: nodeAgent.containers.agent.resources.requests.memory - label: "Memory Requests" - type: string - description: "The requested memory for the Node Agent." - default: "180Mi" - - variable: nodeAgent.containers.agent.resources.limits.cpu - label: "CPU Limit" - type: string - description: "The CPU limit for the Node Agent." - default: "270m" - - variable: nodeAgent.containers.agent.resources.limits.memory - label: "Memory Limit" - type: string - description: "The memory limit for the Node Agent." - default: "420Mi" - - variable: nodeAgent.containers.processAgent.enabled - label: "Enable Process Agent" - type: boolean - description: "Whether or not to enable the Process Agent." - default: "true" - group: "Process Agent" - - variable: nodeAgent.skipKubeletTLSVerify - label: "Skip Kubelet TLS Verify" - type: boolean - description: "Whether or not to skip TLS verification when connecting to the kubelet API." - default: "true" - group: "Process Agent" - - variable: nodeAgent.containers.processAgent.resources.override - label: "Override Process Agent Resource Allocation" - type: boolean - description: "Whether or not to override the default resources." - default: "false" - group: "Process Agent" - show_subquestions_if: true - subquestions: - - variable: nodeAgent.containers.processAgent.resources.requests.cpu - label: "CPU Requests" - type: string - description: "The requested CPU for the Process Agent." - default: "25m" - - variable: nodeAgent.containers.processAgent.resources.requests.memory - label: "Memory Requests" - type: string - description: "The requested memory for the Process Agent." - default: "128Mi" - - variable: nodeAgent.containers.processAgent.resources.limits.cpu - label: "CPU Limit" - type: string - description: "The CPU limit for the Process Agent." - default: "125m" - - variable: nodeAgent.containers.processAgent.resources.limits.memory - label: "Memory Limit" - type: string - description: "The memory limit for the Process Agent." - default: "400Mi" - - variable: clusterAgent.enabled - label: "Enable Cluster Agent" - type: boolean - description: "Whether or not to enable the Cluster Agent." - default: "true" - group: "Cluster Agent" - - variable: clusterAgent.collection.kubernetesResources.secrets - label: "Collect Secret Resources" - type: boolean - description: | - Whether or not to collect Kubernetes Secrets. - NOTE: StackState will not send the actual data of the secrets, only the metadata and a secure hash of the data. - default: "true" - group: "Cluster Agent" - - variable: clusterAgent.resources.override - label: "Override Cluster Agent Resource Allocation" - type: boolean - description: "Whether or not to override the default resources." - default: "false" - group: "Cluster Agent" - show_subquestions_if: true - subquestions: - - variable: clusterAgent.resources.requests.cpu - label: "CPU Requests" - type: string - description: "The requested CPU for the Cluster Agent." - default: "70m" - - variable: clusterAgent.resources.requests.memory - label: "Memory Requests" - type: string - description: "The requested memory for the Cluster Agent." - default: "512Mi" - - variable: clusterAgent.resources.limits.cpu - label: "CPU Limit" - type: string - description: "The CPU limit for the Cluster Agent." - default: "400m" - - variable: clusterAgent.resources.limits.memory - label: "Memory Limit" - type: string - description: "The memory limit for the Cluster Agent." - default: "800Mi" - - variable: logsAgent.enabled - label: "Enable Logs Agent" - type: boolean - description: "Whether or not to enable the Logs Agent." - default: "true" - group: "Logs Agent" - - variable: logsAgent.resources.override - label: "Override Logs Agent Resource Allocation" - type: boolean - description: "Whether or not to override the default resources." - default: "false" - group: "Logs Agent" - show_subquestions_if: true - subquestions: - - variable: logsAgent.resources.requests.cpu - label: "CPU Requests" - type: string - description: "The requested CPU for the Logs Agent." - default: "20m" - - variable: logsAgent.resources.requests.memory - label: "Memory Requests" - type: string - description: "The requested memory for the Logs Agent." - default: "100Mi" - - variable: logsAgent.resources.limits.cpu - label: "CPU Limit" - type: string - description: "The CPU limit for the Logs Agent." - default: "1300m" - - variable: logsAgent.resources.limits.memory - label: "Memory Limit" - type: string - description: "The memory limit for the Logs Agent." - default: "192Mi" diff --git a/charts/stackstate/stackstate-k8s-agent/1.0.51/templates/_cluster-agent-kube-state-metrics.yaml b/charts/stackstate/stackstate-k8s-agent/1.0.51/templates/_cluster-agent-kube-state-metrics.yaml deleted file mode 100644 index f99fbf618..000000000 --- a/charts/stackstate/stackstate-k8s-agent/1.0.51/templates/_cluster-agent-kube-state-metrics.yaml +++ /dev/null @@ -1,62 +0,0 @@ -{{- define "cluster-agent-kube-state-metrics" -}} -{{- $kubeRes := .Values.clusterAgent.collection.kubernetesResources }} -{{- if .Values.clusterAgent.collection.kubeStateMetrics.clusterCheck }} -cluster_check: true -{{- end }} -init_config: -instances: - - collectors: - - nodes - - pods - - services - {{- if $kubeRes.persistentvolumeclaims }} - - persistentvolumeclaims - {{- end }} - {{- if $kubeRes.persistentvolumes }} - - persistentvolumes - {{- end }} - {{- if $kubeRes.namespaces }} - - namespaces - {{- end }} - {{- if $kubeRes.endpoints }} - - endpoints - {{- end }} - {{- if $kubeRes.daemonsets }} - - daemonsets - {{- end }} - {{- if $kubeRes.deployments }} - - deployments - {{- end }} - {{- if $kubeRes.replicasets }} - - replicasets - {{- end }} - {{- if $kubeRes.statefulsets }} - - statefulsets - {{- end }} - {{- if $kubeRes.cronjobs }} - - cronjobs - {{- end }} - {{- if $kubeRes.jobs }} - - jobs - {{- end }} - {{- if $kubeRes.ingresses }} - - ingresses - {{- end }} - {{- if $kubeRes.secrets }} - - secrets - {{- end }} - - resourcequotas - - replicationcontrollers - - limitranges - - horizontalpodautoscalers - - poddisruptionbudgets - - storageclasses - - volumeattachments - {{- if .Values.clusterAgent.collection.kubeStateMetrics.clusterCheck }} - skip_leader_election: true - {{- end }} - labels_as_tags: - {{ .Values.clusterAgent.collection.kubeStateMetrics.labelsAsTags | toYaml | indent 8 }} - annotations_as_tags: - {{ .Values.clusterAgent.collection.kubeStateMetrics.annotationsAsTags | toYaml | indent 8 }} -{{- end -}} diff --git a/charts/stackstate/stackstate-k8s-agent/1.0.51/templates/_container-agent.yaml b/charts/stackstate/stackstate-k8s-agent/1.0.51/templates/_container-agent.yaml deleted file mode 100644 index 033ca11ec..000000000 --- a/charts/stackstate/stackstate-k8s-agent/1.0.51/templates/_container-agent.yaml +++ /dev/null @@ -1,192 +0,0 @@ -{{- define "container-agent" -}} -- name: node-agent -{{- if .Values.all.hardening.enabled}} - lifecycle: - preStop: - exec: - command: [ "/bin/sh", "-c", "echo 'Giving slim.ai monitor time to submit data...'; sleep 120" ] -{{- end }} - image: "{{ include "stackstate-k8s-agent.imageRegistry" . }}/{{ .Values.nodeAgent.containers.agent.image.repository }}:{{ .Values.nodeAgent.containers.agent.image.tag }}" - imagePullPolicy: "{{ .Values.nodeAgent.containers.agent.image.pullPolicy }}" - env: - - name: STS_API_KEY - valueFrom: - secretKeyRef: - name: {{ include "stackstate-k8s-agent.fullname" . }} - key: sts-api-key - - name: STS_KUBERNETES_KUBELET_HOST - valueFrom: - fieldRef: - fieldPath: status.hostIP - - name: KUBERNETES_HOSTNAME - valueFrom: - fieldRef: - fieldPath: spec.nodeName - - name: STS_HOSTNAME - value: "$(KUBERNETES_HOSTNAME)-{{ .Values.stackstate.cluster.name}}" - - name: AGENT_VERSION - value: {{ .Values.nodeAgent.containers.agent.image.tag | quote }} - - name: HOST_PROC - value: "/host/proc" - - name: HOST_SYS - value: "/host/sys" - - name: KUBERNETES - value: "true" - - name: STS_APM_ENABLED - value: {{ .Values.nodeAgent.apm.enabled | quote }} - - name: STS_APM_URL - value: {{ include "stackstate-k8s-agent.stackstate.url" . }} - - name: STS_CLUSTER_AGENT_ENABLED - value: {{ .Values.clusterAgent.enabled | quote }} - {{- if .Values.clusterAgent.enabled }} - - name: STS_CLUSTER_AGENT_KUBERNETES_SERVICE_NAME - value: {{ .Release.Name }}-cluster-agent - - name: STS_CLUSTER_AGENT_AUTH_TOKEN - valueFrom: - secretKeyRef: - name: {{ include "stackstate-k8s-agent.fullname" . }} - key: sts-cluster-auth-token - {{- end }} - - name: STS_CLUSTER_NAME - value: {{ .Values.stackstate.cluster.name | quote }} - - name: STS_SKIP_VALIDATE_CLUSTERNAME - value: "true" - - name: STS_CHECKS_TAG_CARDINALITY - value: {{ .Values.nodeAgent.checksTagCardinality | quote }} - {{- if .Values.checksAgent.enabled }} - - name: STS_EXTRA_CONFIG_PROVIDERS - value: "endpointschecks" - {{- end }} - - name: STS_HEALTH_PORT - value: "5555" - - name: STS_LEADER_ELECTION - value: "false" - - name: LOG_LEVEL - value: {{ .Values.nodeAgent.containers.agent.logLevel | default .Values.nodeAgent.logLevel | quote }} - - name: STS_LOG_LEVEL - value: {{ .Values.nodeAgent.containers.agent.logLevel | default .Values.nodeAgent.logLevel | quote }} - - name: STS_NETWORK_TRACING_ENABLED - value: {{ .Values.nodeAgent.networkTracing.enabled | quote }} - - name: STS_PROTOCOL_INSPECTION_ENABLED - value: {{ .Values.nodeAgent.protocolInspection.enabled | quote }} - - name: STS_PROCESS_AGENT_ENABLED - value: {{ .Values.nodeAgent.containers.agent.processAgent.enabled | quote }} - - name: STS_CONTAINER_CHECK_INTERVAL - value: {{ .Values.processAgent.checkIntervals.container | quote }} - - name: STS_CONNECTION_CHECK_INTERVAL - value: {{ .Values.processAgent.checkIntervals.connections | quote }} - - name: STS_PROCESS_CHECK_INTERVAL - value: {{ .Values.processAgent.checkIntervals.process | quote }} - - name: STS_PROCESS_AGENT_URL - value: {{ include "stackstate-k8s-agent.stackstate.url" . }} - - name: STS_SKIP_SSL_VALIDATION - value: {{ .Values.nodeAgent.skipSslValidation | quote }} - - name: STS_SKIP_KUBELET_TLS_VERIFY - value: {{ .Values.nodeAgent.skipKubeletTLSVerify | quote }} - - name: STS_STS_URL - value: {{ include "stackstate-k8s-agent.stackstate.url" . }} - {{- if .Values.nodeAgent.containerRuntime.customSocketPath }} - - name: STS_CRI_SOCKET_PATH - value: {{ .Values.nodeAgent.containerRuntime.customSocketPath }} - {{- end }} - {{- range $key, $value := .Values.nodeAgent.containers.agent.env }} - - name: {{ $key }} - value: {{ $value | quote }} - {{- end }} - {{- range $key, $value := .Values.global.extraEnv.open }} - - name: {{ $key }} - value: {{ $value | quote }} - {{- end }} - {{- range $key, $value := .Values.global.extraEnv.secret }} - - name: {{ $key }} - valueFrom: - secretKeyRef: - name: {{ include "stackstate-k8s-agent.fullname" . }} - key: {{ $key }} - {{- end }} - {{- if .Values.nodeAgent.containers.agent.livenessProbe.enabled }} - livenessProbe: - httpGet: - path: /health - port: healthport - failureThreshold: {{ .Values.nodeAgent.containers.agent.livenessProbe.failureThreshold }} - initialDelaySeconds: {{ .Values.nodeAgent.containers.agent.livenessProbe.initialDelaySeconds }} - periodSeconds: {{ .Values.nodeAgent.containers.agent.livenessProbe.periodSeconds }} - successThreshold: {{ .Values.nodeAgent.containers.agent.livenessProbe.successThreshold }} - timeoutSeconds: {{ .Values.nodeAgent.containers.agent.livenessProbe.timeoutSeconds }} - {{- end }} - {{- if .Values.nodeAgent.containers.agent.readinessProbe.enabled }} - readinessProbe: - httpGet: - path: /health - port: healthport - failureThreshold: {{ .Values.nodeAgent.containers.agent.readinessProbe.failureThreshold }} - initialDelaySeconds: {{ .Values.nodeAgent.containers.agent.readinessProbe.initialDelaySeconds }} - periodSeconds: {{ .Values.nodeAgent.containers.agent.readinessProbe.periodSeconds }} - successThreshold: {{ .Values.nodeAgent.containers.agent.readinessProbe.successThreshold }} - timeoutSeconds: {{ .Values.nodeAgent.containers.agent.readinessProbe.timeoutSeconds }} - {{- end }} - ports: - - containerPort: 8126 - name: traceport - protocol: TCP - - containerPort: 5555 - name: healthport - protocol: TCP - {{- with .Values.nodeAgent.containers.agent.resources }} - resources: - {{- toYaml . | nindent 12 }} - {{- end }} - volumeMounts: - {{- if .Values.nodeAgent.containerRuntime.customSocketPath }} - - name: customcrisocket - mountPath: {{ .Values.nodeAgent.containerRuntime.customSocketPath }} - readOnly: true - {{- end }} - - name: crisocket - mountPath: /var/run/crio/crio.sock - readOnly: true - - name: containerdsocket - mountPath: /var/run/containerd/containerd.sock - readOnly: true - - name: kubelet - mountPath: /var/lib/kubelet - readOnly: true - - name: nfs - mountPath: /var/lib/nfs - readOnly: true - - name: dockersocket - mountPath: /var/run/docker.sock - readOnly: true - - name: dockernetns - mountPath: /run/docker/netns - readOnly: true - - name: dockeroverlay2 - mountPath: /var/lib/docker/overlay2 - readOnly: true - - name: procdir - mountPath: /host/proc - readOnly: true - - name: cgroups - mountPath: /host/sys/fs/cgroup - readOnly: true - {{- if .Values.nodeAgent.config.override }} - {{- range .Values.nodeAgent.config.override }} - - name: config-override-volume - mountPath: {{ .path }}/{{ .name }} - subPath: {{ .path | replace "/" "_"}}_{{ .name }} - readOnly: true - {{- end }} - {{- end }} -{{- if .Values.all.hardening.enabled}} - securityContext: - privileged: true - runAsUser: 0 # root - capabilities: - add: [ "ALL" ] - readOnlyRootFilesystem: false -{{- else }} - securityContext: - privileged: false -{{- end }} -{{- end -}} diff --git a/charts/stackstate/stackstate-k8s-agent/1.0.51/templates/_container-process-agent.yaml b/charts/stackstate/stackstate-k8s-agent/1.0.51/templates/_container-process-agent.yaml deleted file mode 100644 index 98f4f96b9..000000000 --- a/charts/stackstate/stackstate-k8s-agent/1.0.51/templates/_container-process-agent.yaml +++ /dev/null @@ -1,148 +0,0 @@ -{{- define "container-process-agent" -}} -- name: process-agent -{{ if .Values.nodeAgent.containers.processAgent.image.registry }} - image: "{{ .Values.nodeAgent.containers.processAgent.image.registry }}/{{ .Values.nodeAgent.containers.processAgent.image.repository }}:{{ .Values.nodeAgent.containers.processAgent.image.tag }}" -{{ else }} - image: "{{ include "stackstate-k8s-agent.imageRegistry" . }}/{{ .Values.nodeAgent.containers.processAgent.image.repository }}:{{ .Values.nodeAgent.containers.processAgent.image.tag }}" -{{- end }} - imagePullPolicy: "{{ .Values.nodeAgent.containers.processAgent.image.pullPolicy }}" - ports: - - containerPort: 6063 - env: - - name: STS_API_KEY - valueFrom: - secretKeyRef: - name: {{ include "stackstate-k8s-agent.fullname" . }} - key: sts-api-key - - name: STS_KUBERNETES_KUBELET_HOST - valueFrom: - fieldRef: - fieldPath: status.hostIP - - name: KUBERNETES_HOSTNAME - valueFrom: - fieldRef: - fieldPath: spec.nodeName - - name: STS_HOSTNAME - value: "$(KUBERNETES_HOSTNAME)-{{ .Values.stackstate.cluster.name}}" - - name: AGENT_VERSION - value: {{ .Values.nodeAgent.containers.processAgent.image.tag | quote }} - - name: STS_LOG_TO_CONSOLE - value: "true" - - name: HOST_PROC - value: "/host/proc" - - name: HOST_SYS - value: "/host/sys" - - name: KUBERNETES - value: "true" - - name: STS_CLUSTER_AGENT_ENABLED - value: {{ .Values.clusterAgent.enabled | quote }} - {{- if .Values.clusterAgent.enabled }} - - name: STS_CLUSTER_AGENT_KUBERNETES_SERVICE_NAME - value: {{ .Release.Name }}-cluster-agent - - name: STS_CLUSTER_AGENT_AUTH_TOKEN - valueFrom: - secretKeyRef: - name: {{ include "stackstate-k8s-agent.fullname" . }} - key: sts-cluster-auth-token - {{- end }} - - name: STS_CLUSTER_NAME - value: {{ .Values.stackstate.cluster.name | quote }} - - name: STS_SKIP_VALIDATE_CLUSTERNAME - value: "true" - - name: LOG_LEVEL - value: {{ .Values.nodeAgent.containers.processAgent.logLevel | default .Values.nodeAgent.logLevel | quote }} - - name: STS_LOG_LEVEL - value: {{ .Values.nodeAgent.containers.processAgent.logLevel | default .Values.nodeAgent.logLevel | quote }} - - name: STS_NETWORK_TRACING_ENABLED - value: {{ .Values.nodeAgent.networkTracing.enabled | quote }} - - name: STS_PROTOCOL_INSPECTION_ENABLED - value: {{ .Values.nodeAgent.protocolInspection.enabled | quote }} - - name: STS_PROCESS_AGENT_ENABLED - value: {{ .Values.nodeAgent.containers.processAgent.enabled | quote }} - - name: STS_CONTAINER_CHECK_INTERVAL - value: {{ .Values.processAgent.checkIntervals.container | quote }} - - name: STS_CONNECTION_CHECK_INTERVAL - value: {{ .Values.processAgent.checkIntervals.connections | quote }} - - name: STS_PROCESS_CHECK_INTERVAL - value: {{ .Values.processAgent.checkIntervals.process | quote }} - - name: STS_PROCESS_AGENT_URL - value: {{ include "stackstate-k8s-agent.stackstate.url" . }} - - name: STS_SKIP_SSL_VALIDATION - value: {{ .Values.nodeAgent.skipSslValidation | quote }} - - name: STS_SKIP_KUBELET_TLS_VERIFY - value: {{ .Values.nodeAgent.skipKubeletTLSVerify | quote }} - - name: STS_STS_URL - value: {{ include "stackstate-k8s-agent.stackstate.url" . }} - - name: STS_HTTP_TRACING_ENABLED - value: {{ .Values.nodeAgent.httpTracing.enabled | quote }} - {{- if .Values.nodeAgent.containerRuntime.customSocketPath }} - - name: STS_CRI_SOCKET_PATH - value: {{ .Values.nodeAgent.containerRuntime.customSocketPath }} - {{- end }} - {{- range $key, $value := .Values.nodeAgent.containers.processAgent.env }} - - name: {{ $key }} - value: {{ $value | quote }} - {{- end }} - {{- range $key, $value := .Values.global.extraEnv.open }} - - name: {{ $key }} - value: {{ $value | quote }} - {{- end }} - {{- range $key, $value := .Values.global.extraEnv.secret }} - - name: {{ $key }} - valueFrom: - secretKeyRef: - name: {{ include "stackstate-k8s-agent.fullname" . }} - key: {{ $key }} - {{- end }} - {{- with .Values.nodeAgent.containers.processAgent.resources }} - resources: - {{- toYaml . | nindent 12 }} - {{- end }} - volumeMounts: - {{- if .Values.nodeAgent.containerRuntime.customSocketPath }} - - name: customcrisocket - mountPath: {{ .Values.nodeAgent.containerRuntime.customSocketPath }} - readOnly: true - {{- end }} - - name: crisocket - mountPath: /var/run/crio/crio.sock - readOnly: true - - name: containerdsocket - mountPath: /var/run/containerd/containerd.sock - readOnly: true - - name: sys-kernel-debug - mountPath: /sys/kernel/debug - # Having sys-kernel-debug as read only breaks specific monitors from receiving metrics - # readOnly: true - - name: dockersocket - mountPath: /var/run/docker.sock - readOnly: true - - name: procdir - mountPath: /host/proc - readOnly: true - - name: passwd - mountPath: /etc/passwd - readOnly: true - - name: cgroups - mountPath: /host/sys/fs/cgroup - readOnly: true - {{- if .Values.nodeAgent.config.override }} - {{- range .Values.nodeAgent.config.override }} - - name: config-override-volume - mountPath: {{ .path }}/{{ .name }} - subPath: {{ .path | replace "/" "_"}}_{{ .name }} - readOnly: true - {{- end }} - {{- end }} -{{- if .Values.all.hardening.enabled}} - securityContext: - privileged: true - runAsUser: 0 # root - capabilities: - add: [ "ALL" ] - readOnlyRootFilesystem: false -{{- else }} - securityContext: - privileged: true -{{- end }} -{{- end -}} diff --git a/charts/stackstate/stackstate-k8s-agent/1.0.51/templates/_helpers.tpl b/charts/stackstate/stackstate-k8s-agent/1.0.51/templates/_helpers.tpl deleted file mode 100644 index 09a27fd6e..000000000 --- a/charts/stackstate/stackstate-k8s-agent/1.0.51/templates/_helpers.tpl +++ /dev/null @@ -1,175 +0,0 @@ -{{/* vim: set filetype=mustache: */}} -{{/* -Expand the name of the chart. -*/}} -{{- define "stackstate-k8s-agent.name" -}} -{{- default .Chart.Name .Values.nameOverride | trunc 63 | trimSuffix "-" -}} -{{- end -}} - -{{/* -Create a default fully qualified app name. -We truncate at 63 chars because some Kubernetes name fields are limited to this (by the DNS naming spec). -If release name contains chart name it will be used as a full name. -*/}} -{{- define "stackstate-k8s-agent.fullname" -}} -{{- if .Values.fullnameOverride -}} -{{- .Values.fullnameOverride | trunc 63 | trimSuffix "-" -}} -{{- else -}} -{{- $name := default .Chart.Name .Values.nameOverride -}} -{{- if contains $name .Release.Name -}} -{{- .Release.Name | trunc 63 | trimSuffix "-" -}} -{{- else -}} -{{- printf "%s-%s" .Release.Name $name | trunc 63 | trimSuffix "-" -}} -{{- end -}} -{{- end -}} -{{- end -}} - -{{/* -Create chart name and version as used by the chart label. -*/}} -{{- define "stackstate-k8s-agent.chart" -}} -{{- printf "%s-%s" .Chart.Name .Chart.Version | replace "+" "_" | trunc 63 | trimSuffix "-" -}} -{{- end -}} - -{{/* -Common labels -*/}} -{{- define "stackstate-k8s-agent.labels" -}} -app.kubernetes.io/name: {{ include "stackstate-k8s-agent.name" . }} -helm.sh/chart: {{ include "stackstate-k8s-agent.chart" . }} -app.kubernetes.io/instance: {{ .Release.Name }} -{{- if .Chart.AppVersion }} -app.kubernetes.io/version: {{ .Chart.AppVersion | quote }} -{{- end }} -app.kubernetes.io/managed-by: {{ .Release.Service }} -{{- end -}} - -{{/* -Cluster agent checksum annotations -*/}} -{{- define "stackstate-k8s-agent.checksum-configs" }} -checksum/secret: {{ include (print $.Template.BasePath "/secret.yaml") . | sha256sum }} -{{- end }} - -{{/* -StackState URL function -*/}} -{{- define "stackstate-k8s-agent.stackstate.url" -}} -{{ tpl .Values.stackstate.url . | quote }} -{{- end }} - -{{- define "stackstate-k8s-agent.configmap.override.checksum" -}} -{{- if .Values.clusterAgent.config.override }} -checksum/override-configmap: {{ include (print $.Template.BasePath "/cluster-agent-configmap.yaml") . | sha256sum }} -{{- end }} -{{- end }} - -{{- define "stackstate-k8s-agent.nodeAgent.configmap.override.checksum" -}} -{{- if .Values.nodeAgent.config.override }} -checksum/override-configmap: {{ include (print $.Template.BasePath "/node-agent-configmap.yaml") . | sha256sum }} -{{- end }} -{{- end }} - -{{- define "stackstate-k8s-agent.logsAgent.configmap.override.checksum" -}} -checksum/override-configmap: {{ include (print $.Template.BasePath "/logs-agent-configmap.yaml") . | sha256sum }} -{{- end }} - -{{- define "stackstate-k8s-agent.checksAgent.configmap.override.checksum" -}} -{{- if .Values.checksAgent.config.override }} -checksum/override-configmap: {{ include (print $.Template.BasePath "/checks-agent-configmap.yaml") . | sha256sum }} -{{- end }} -{{- end }} - - -{{/* -Return the image registry -*/}} -{{- define "stackstate-k8s-agent.imageRegistry" -}} - {{- if .Values.global }} - {{- .Values.global.imageRegistry | default .Values.all.image.registry -}} - {{- else -}} - {{- .Values.all.image.registry -}} - {{- end -}} -{{- end -}} - -{{/* -Renders a value that contains a template. -Usage: -{{ include "stackstate-k8s-agent.tplvalue.render" ( dict "value" .Values.path.to.the.Value "context" $) }} -*/}} -{{- define "stackstate-k8s-agent.tplvalue.render" -}} - {{- if typeIs "string" .value }} - {{- tpl .value .context }} - {{- else }} - {{- tpl (.value | toYaml) .context }} - {{- end }} -{{- end -}} - -{{- define "stackstate-k8s-agent.pull-secret.name" -}} -{{ include "stackstate-k8s-agent.fullname" . }}-pull-secret -{{- end -}} - -{{/* -Return the proper Docker Image Registry Secret Names evaluating values as templates -{{ include "stackstate-k8s-agent.image.pullSecrets" ( dict "images" (list .Values.path.to.the.image1, .Values.path.to.the.image2) "context" $) }} -*/}} -{{- define "stackstate-k8s-agent.image.pullSecrets" -}} - {{- $pullSecrets := list }} - {{- $context := .context }} - {{- if $context.Values.global }} - {{- range $context.Values.global.imagePullSecrets -}} - {{/* Is plain array of strings, compatible with all bitnami charts */}} - {{- $pullSecrets = append $pullSecrets (include "stackstate-k8s-agent.tplvalue.render" (dict "value" . "context" $context)) -}} - {{- end -}} - {{- end -}} - {{- range $context.Values.imagePullSecrets -}} - {{- $pullSecrets = append $pullSecrets (include "stackstate-k8s-agent.tplvalue.render" (dict "value" .name "context" $context)) -}} - {{- end -}} - {{- range .images -}} - {{- if .pullSecretName -}} - {{- $pullSecrets = append $pullSecrets (include "stackstate-k8s-agent.tplvalue.render" (dict "value" .pullSecretName "context" $context)) -}} - {{- end -}} - {{- end -}} - {{- $pullSecrets = append $pullSecrets (include "stackstate-k8s-agent.pull-secret.name" $context) -}} - {{- if (not (empty $pullSecrets)) -}} -imagePullSecrets: - {{- range $pullSecrets | uniq }} - - name: {{ . }} - {{- end }} - {{- end }} -{{- end -}} - -{{/* -Check whether the kubernetes-state-metrics configuration is overridden. If so, return 'true' else return nothing (which is false). -{{ include "stackstate-k8s-agent.kube-state-metrics.overridden" $ }} -*/}} -{{- define "stackstate-k8s-agent.kube-state-metrics.overridden" -}} -{{- if .Values.clusterAgent.config.override }} - {{- range $i, $val := .Values.clusterAgent.config.override }} - {{- if and (eq $val.name "conf.yaml") (eq $val.path "/etc/stackstate-agent/conf.d/kubernetes_state.d") }} -true - {{- end }} - {{- end }} -{{- end }} -{{- end -}} - -{{- define "stackstate-k8s-agent.nodeAgent.kube-state-metrics.overridden" -}} -{{- if .Values.nodeAgent.config.override }} - {{- range $i, $val := .Values.nodeAgent.config.override }} - {{- if and (eq $val.name "auto_conf.yaml") (eq $val.path "/etc/stackstate-agent/conf.d/kubernetes_state.d") }} -true - {{- end }} - {{- end }} -{{- end }} -{{- end -}} - -{{/* -Return the appropriate os label -*/}} -{{- define "label.os" -}} -{{- if semverCompare "^1.14-0" .Capabilities.KubeVersion.GitVersion -}} -kubernetes.io/os -{{- else -}} -beta.kubernetes.io/os -{{- end -}} -{{- end -}} diff --git a/charts/stackstate/stackstate-k8s-agent/1.0.51/templates/checks-agent-clusterrolebinding.yaml b/charts/stackstate/stackstate-k8s-agent/1.0.51/templates/checks-agent-clusterrolebinding.yaml deleted file mode 100644 index 9db8b0bc3..000000000 --- a/charts/stackstate/stackstate-k8s-agent/1.0.51/templates/checks-agent-clusterrolebinding.yaml +++ /dev/null @@ -1,18 +0,0 @@ -{{- if .Values.checksAgent.enabled }} -apiVersion: rbac.authorization.k8s.io/v1 -kind: ClusterRoleBinding -metadata: - name: {{ .Release.Name }}-checks-agent - labels: -{{ include "stackstate-k8s-agent.labels" . | indent 4 }} - app.kubernetes.io/component: checks-agent -roleRef: - apiGroup: rbac.authorization.k8s.io - kind: ClusterRole - name: {{ .Release.Name }}-node-agent -subjects: -- apiGroup: "" - kind: ServiceAccount - name: {{ .Release.Name }}-checks-agent - namespace: {{ .Release.Namespace }} -{{- end -}} diff --git a/charts/stackstate/stackstate-k8s-agent/1.0.51/templates/checks-agent-configmap.yaml b/charts/stackstate/stackstate-k8s-agent/1.0.51/templates/checks-agent-configmap.yaml deleted file mode 100644 index faeefa1fc..000000000 --- a/charts/stackstate/stackstate-k8s-agent/1.0.51/templates/checks-agent-configmap.yaml +++ /dev/null @@ -1,14 +0,0 @@ -{{- if and .Values.checksAgent.enabled .Values.checksAgent.config.override }} -apiVersion: v1 -kind: ConfigMap -metadata: - name: {{ .Release.Name }}-checks-agent - labels: -{{ include "stackstate-k8s-agent.labels" . | indent 4 }} - app.kubernetes.io/component: checks-agent -data: -{{- range .Values.checksAgent.config.override }} - {{ .path | replace "/" "_"}}_{{ .name }}: | -{{ .data | indent 4 -}} -{{- end -}} -{{- end -}} diff --git a/charts/stackstate/stackstate-k8s-agent/1.0.51/templates/checks-agent-deployment.yaml b/charts/stackstate/stackstate-k8s-agent/1.0.51/templates/checks-agent-deployment.yaml deleted file mode 100644 index 4530fc616..000000000 --- a/charts/stackstate/stackstate-k8s-agent/1.0.51/templates/checks-agent-deployment.yaml +++ /dev/null @@ -1,182 +0,0 @@ -{{- if .Values.checksAgent.enabled }} -apiVersion: apps/v1 -kind: Deployment -metadata: - name: {{ .Release.Name }}-checks-agent - namespace: {{ .Release.Namespace }} - labels: -{{ include "stackstate-k8s-agent.labels" . | indent 4 }} - app.kubernetes.io/component: checks-agent -spec: - selector: - matchLabels: - app.kubernetes.io/component: checks-agent - app.kubernetes.io/instance: {{ .Release.Name }} - app.kubernetes.io/name: {{ include "stackstate-k8s-agent.name" . }} - replicas: {{ .Values.checksAgent.replicas }} -{{- with .Values.checksAgent.strategy }} - strategy: - {{- toYaml . | nindent 4 }} -{{- end }} - template: - metadata: - annotations: - {{- include "stackstate-k8s-agent.checksum-configs" . | nindent 8 }} - {{- include "stackstate-k8s-agent.nodeAgent.configmap.override.checksum" . | nindent 8 }} - labels: - app.kubernetes.io/component: checks-agent - app.kubernetes.io/instance: {{ .Release.Name }} - app.kubernetes.io/name: {{ include "stackstate-k8s-agent.name" . }} - spec: - {{- include "stackstate-k8s-agent.image.pullSecrets" (dict "images" (list .Values.checksAgent.image .Values.all.image) "context" $) | nindent 6 }} - {{- if .Values.all.hardening.enabled}} - terminationGracePeriodSeconds: 240 - {{- end }} - containers: - - name: {{ .Chart.Name }} - image: "{{ include "stackstate-k8s-agent.imageRegistry" . }}/{{ .Values.checksAgent.image.repository }}:{{ .Values.checksAgent.image.tag }}" - imagePullPolicy: "{{ .Values.checksAgent.image.pullPolicy }}" - {{- if .Values.all.hardening.enabled}} - lifecycle: - preStop: - exec: - command: [ "/bin/sh", "-c", "echo 'Giving slim.ai monitor time to submit data...'; sleep 120" ] - {{- end }} - env: - - name: STS_API_KEY - valueFrom: - secretKeyRef: - name: {{ include "stackstate-k8s-agent.fullname" . }} - key: sts-api-key - - name: KUBERNETES_HOSTNAME - valueFrom: - fieldRef: - fieldPath: spec.nodeName - - name: STS_HOSTNAME - value: "$(KUBERNETES_HOSTNAME)-{{ .Values.stackstate.cluster.name}}" - - name: AGENT_VERSION - value: {{ .Values.checksAgent.image.tag | quote }} - - name: LOG_LEVEL - value: {{ .Values.checksAgent.logLevel | quote }} - - name: STS_APM_ENABLED - value: "false" - - name: STS_CLUSTER_AGENT_ENABLED - value: {{ .Values.clusterAgent.enabled | quote }} - {{- if .Values.clusterAgent.enabled }} - - name: STS_CLUSTER_AGENT_KUBERNETES_SERVICE_NAME - value: {{ .Release.Name }}-cluster-agent - - name: STS_CLUSTER_AGENT_AUTH_TOKEN - valueFrom: - secretKeyRef: - name: {{ include "stackstate-k8s-agent.fullname" . }} - key: sts-cluster-auth-token - {{- end }} - - name: STS_CLUSTER_NAME - value: {{ .Values.stackstate.cluster.name | quote }} - - name: STS_SKIP_VALIDATE_CLUSTERNAME - value: "true" - - name: STS_CHECKS_TAG_CARDINALITY - value: {{ .Values.checksAgent.checksTagCardinality | quote }} - - name: STS_EXTRA_CONFIG_PROVIDERS - value: "clusterchecks" - - name: STS_HEALTH_PORT - value: "5555" - - name: STS_LEADER_ELECTION - value: "false" - - name: STS_LOG_LEVEL - value: {{ .Values.checksAgent.logLevel | quote }} - - name: STS_NETWORK_TRACING_ENABLED - value: "false" - - name: STS_PROCESS_AGENT_ENABLED - value: "false" - - name: STS_SKIP_SSL_VALIDATION - value: {{ .Values.checksAgent.skipSslValidation | quote }} - - name: STS_STS_URL - value: {{ include "stackstate-k8s-agent.stackstate.url" . }} - {{- range $key, $value := .Values.global.extraEnv.open }} - - name: {{ $key }} - value: {{ $value | quote }} - {{- end }} - {{- range $key, $value := .Values.global.extraEnv.secret }} - - name: {{ $key }} - valueFrom: - secretKeyRef: - name: {{ include "stackstate-k8s-agent.fullname" . }} - key: {{ $key }} - {{- end }} - livenessProbe: - httpGet: - path: /health - port: healthport - failureThreshold: {{ .Values.checksAgent.livenessProbe.failureThreshold }} - initialDelaySeconds: {{ .Values.checksAgent.livenessProbe.initialDelaySeconds }} - periodSeconds: {{ .Values.checksAgent.livenessProbe.periodSeconds }} - successThreshold: {{ .Values.checksAgent.livenessProbe.successThreshold }} - timeoutSeconds: {{ .Values.checksAgent.livenessProbe.timeoutSeconds }} - readinessProbe: - httpGet: - path: /health - port: healthport - failureThreshold: {{ .Values.checksAgent.readinessProbe.failureThreshold }} - initialDelaySeconds: {{ .Values.checksAgent.readinessProbe.initialDelaySeconds }} - periodSeconds: {{ .Values.checksAgent.readinessProbe.periodSeconds }} - successThreshold: {{ .Values.checksAgent.readinessProbe.successThreshold }} - timeoutSeconds: {{ .Values.checksAgent.readinessProbe.timeoutSeconds }} - ports: - - containerPort: 5555 - name: healthport - protocol: TCP - {{- if .Values.all.hardening.enabled}} - securityContext: - privileged: true - runAsUser: 0 # root - capabilities: - add: [ "ALL" ] - readOnlyRootFilesystem: false - {{- else }} - securityContext: - privileged: false - {{- end }} - {{- with .Values.checksAgent.resources }} - resources: - {{- toYaml . | nindent 12 }} - {{- end }} - volumeMounts: - - name: confd-empty-volume - mountPath: /etc/stackstate-agent/conf.d -# setting as readOnly: false because we need the ability to write data on /etc/stackstate-agent/conf.d as we enable checks to run. - readOnly: false - {{- if .Values.checksAgent.config.override }} - {{- range .Values.checksAgent.config.override }} - - name: config-override-volume - mountPath: {{ .path }}/{{ .name }} - subPath: {{ .path | replace "/" "_"}}_{{ .name }} - readOnly: true - {{- end }} - {{- end }} - {{- if .Values.checksAgent.priorityClassName }} - priorityClassName: {{ .Values.checksAgent.priorityClassName }} - {{- end }} - serviceAccountName: {{ .Release.Name }}-checks-agent - nodeSelector: - {{ template "label.os" . }}: {{ .Values.targetSystem }} - {{- with .Values.checksAgent.nodeSelector }} - {{- toYaml . | nindent 8 }} - {{- end }} - {{- with .Values.checksAgent.affinity }} - affinity: - {{- toYaml . | nindent 8 }} - {{- end }} - {{- with .Values.checksAgent.tolerations }} - tolerations: - {{- toYaml . | nindent 8 }} - {{- end }} - volumes: - - name: confd-empty-volume - emptyDir: {} - {{- if .Values.checksAgent.config.override }} - - name: config-override-volume - configMap: - name: {{ .Release.Name }}-checks-agent - {{- end }} -{{- end -}} diff --git a/charts/stackstate/stackstate-k8s-agent/1.0.51/templates/checks-agent-poddisruptionbudget.yaml b/charts/stackstate/stackstate-k8s-agent/1.0.51/templates/checks-agent-poddisruptionbudget.yaml deleted file mode 100644 index 7a9f1d8f9..000000000 --- a/charts/stackstate/stackstate-k8s-agent/1.0.51/templates/checks-agent-poddisruptionbudget.yaml +++ /dev/null @@ -1,20 +0,0 @@ -{{- if .Values.checksAgent.enabled }} -{{- if .Capabilities.APIVersions.Has "policy/v1/PodDisruptionBudget" }} -apiVersion: policy/v1 -{{- else }} -apiVersion: policy/v1beta1 -{{- end }} -kind: PodDisruptionBudget -metadata: - name: {{ .Release.Name }}-checks-agent - labels: -{{ include "stackstate-k8s-agent.labels" . | indent 4 }} - app.kubernetes.io/component: checks-agent -spec: - maxUnavailable: 1 - selector: - matchLabels: - app.kubernetes.io/component: checks-agent - app.kubernetes.io/instance: {{ .Release.Name }} - app.kubernetes.io/name: {{ include "stackstate-k8s-agent.name" . }} -{{- end -}} diff --git a/charts/stackstate/stackstate-k8s-agent/1.0.51/templates/checks-agent-serviceaccount.yaml b/charts/stackstate/stackstate-k8s-agent/1.0.51/templates/checks-agent-serviceaccount.yaml deleted file mode 100644 index 444aad220..000000000 --- a/charts/stackstate/stackstate-k8s-agent/1.0.51/templates/checks-agent-serviceaccount.yaml +++ /dev/null @@ -1,14 +0,0 @@ -{{- if .Values.checksAgent.enabled }} -apiVersion: v1 -kind: ServiceAccount -metadata: - name: {{ .Release.Name }}-checks-agent - namespace: {{ .Release.Namespace }} - labels: -{{ include "stackstate-k8s-agent.labels" . | indent 4 }} - app.kubernetes.io/component: checks-agent -{{- end -}} -{{- with .Values.checksAgent.serviceaccount.annotations }} - annotations: - {{- toYaml . | nindent 4 }} -{{- end }} diff --git a/charts/stackstate/stackstate-k8s-agent/1.0.51/templates/cluster-agent-clusterrole.yaml b/charts/stackstate/stackstate-k8s-agent/1.0.51/templates/cluster-agent-clusterrole.yaml deleted file mode 100644 index 6a7b27d18..000000000 --- a/charts/stackstate/stackstate-k8s-agent/1.0.51/templates/cluster-agent-clusterrole.yaml +++ /dev/null @@ -1,106 +0,0 @@ -{{- $kubeRes := .Values.clusterAgent.collection.kubernetesResources }} -apiVersion: rbac.authorization.k8s.io/v1 -kind: ClusterRole -metadata: - name: {{ include "stackstate-k8s-agent.fullname" . }} - labels: -{{ include "stackstate-k8s-agent.labels" . | indent 4 }} - app.kubernetes.io/component: cluster-agent -rules: -- apiGroups: - - "" - resources: - - events - - nodes - - pods - - services - {{- if $kubeRes.namespaces }} - - namespaces - {{- end }} - {{- if .Values.clusterAgent.collection.kubernetesMetrics }} - - componentstatuses - {{- end }} - {{- if $kubeRes.configmaps }} - - configmaps - {{- end }} - {{- if $kubeRes.endpoints }} - - endpoints - {{- end }} - {{- if $kubeRes.persistentvolumeclaims }} - - persistentvolumeclaims - {{- end }} - {{- if $kubeRes.persistentvolumes }} - - persistentvolumes - {{- end }} - {{- if $kubeRes.secrets }} - - secrets - {{- end }} - {{- if $kubeRes.resourcequotas }} - - resourcequotas - {{- end }} - verbs: - - get - - list - - watch -{{- if or $kubeRes.daemonsets $kubeRes.deployments $kubeRes.replicasets $kubeRes.statefulsets }} -- apiGroups: - - "apps" - resources: - {{- if $kubeRes.daemonsets }} - - daemonsets - {{- end }} - {{- if $kubeRes.deployments }} - - deployments - {{- end }} - {{- if $kubeRes.replicasets }} - - replicasets - {{- end }} - {{- if $kubeRes.statefulsets }} - - statefulsets - {{- end }} - verbs: - - get - - list - - watch -{{- end}} -{{- if $kubeRes.ingresses }} -- apiGroups: - - "extensions" - - "networking.k8s.io" - resources: - - ingresses - verbs: - - get - - list - - watch -{{- end}} -{{- if or $kubeRes.cronjobs $kubeRes.jobs }} -- apiGroups: - - "batch" - resources: - {{- if $kubeRes.cronjobs }} - - cronjobs - {{- end }} - {{- if $kubeRes.jobs }} - - jobs - {{- end }} - verbs: - - get - - list - - watch -{{- end}} -- nonResourceURLs: - - "/healthz" - - "/version" - verbs: - - get -- apiGroups: - - "storage.k8s.io" - resources: - {{- if $kubeRes.volumeattachments }} - - volumeattachments - {{- end }} - verbs: - - get - - list - - watch diff --git a/charts/stackstate/stackstate-k8s-agent/1.0.51/templates/cluster-agent-clusterrolebinding.yaml b/charts/stackstate/stackstate-k8s-agent/1.0.51/templates/cluster-agent-clusterrolebinding.yaml deleted file mode 100644 index 0b1bd37ea..000000000 --- a/charts/stackstate/stackstate-k8s-agent/1.0.51/templates/cluster-agent-clusterrolebinding.yaml +++ /dev/null @@ -1,16 +0,0 @@ -apiVersion: rbac.authorization.k8s.io/v1 -kind: ClusterRoleBinding -metadata: - name: {{ include "stackstate-k8s-agent.fullname" . }} - labels: -{{ include "stackstate-k8s-agent.labels" . | indent 4 }} - app.kubernetes.io/component: cluster-agent -roleRef: - apiGroup: rbac.authorization.k8s.io - kind: ClusterRole - name: {{ include "stackstate-k8s-agent.fullname" . }} -subjects: -- apiGroup: "" - kind: ServiceAccount - name: {{ include "stackstate-k8s-agent.fullname" . }} - namespace: {{ .Release.Namespace }} diff --git a/charts/stackstate/stackstate-k8s-agent/1.0.51/templates/cluster-agent-configmap.yaml b/charts/stackstate/stackstate-k8s-agent/1.0.51/templates/cluster-agent-configmap.yaml deleted file mode 100644 index 89273e11b..000000000 --- a/charts/stackstate/stackstate-k8s-agent/1.0.51/templates/cluster-agent-configmap.yaml +++ /dev/null @@ -1,28 +0,0 @@ -apiVersion: v1 -kind: ConfigMap -metadata: - name: {{ .Release.Name }}-cluster-agent - labels: -{{ include "stackstate-k8s-agent.labels" . | indent 4 }} - app.kubernetes.io/component: cluster-agent -data: - kubernetes_api_events_conf: | - init_config: - instances: - - collect_events: {{ .Values.clusterAgent.collection.kubernetesEvents }} - event_categories:{{ .Values.clusterAgent.config.events.categories | toYaml | nindent 10 }} - kubernetes_api_topology_conf: | - init_config: - instances: - - collection_interval: {{ .Values.clusterAgent.config.topology.collectionInterval }} - resources:{{ .Values.clusterAgent.collection.kubernetesResources | toYaml | nindent 10 }} - {{- if .Values.clusterAgent.collection.kubeStateMetrics.enabled }} - kube_state_metrics_core_conf: | - {{- include "cluster-agent-kube-state-metrics" . | nindent 6 }} - {{- end }} -{{- if .Values.clusterAgent.config.override }} -{{- range .Values.clusterAgent.config.override }} - {{ .path | replace "/" "_"}}_{{ .name }}: | -{{ .data | indent 4 -}} -{{- end -}} -{{- end -}} diff --git a/charts/stackstate/stackstate-k8s-agent/1.0.51/templates/cluster-agent-deployment.yaml b/charts/stackstate/stackstate-k8s-agent/1.0.51/templates/cluster-agent-deployment.yaml deleted file mode 100644 index 60c50803a..000000000 --- a/charts/stackstate/stackstate-k8s-agent/1.0.51/templates/cluster-agent-deployment.yaml +++ /dev/null @@ -1,164 +0,0 @@ -apiVersion: apps/v1 -kind: Deployment -metadata: - name: {{ .Release.Name }}-cluster-agent - labels: -{{ include "stackstate-k8s-agent.labels" . | indent 4 }} - app.kubernetes.io/component: cluster-agent -spec: - replicas: {{ .Values.clusterAgent.replicaCount }} - selector: - matchLabels: - app.kubernetes.io/component: cluster-agent - app.kubernetes.io/instance: {{ .Release.Name }} - app.kubernetes.io/name: {{ include "stackstate-k8s-agent.name" . }} -{{- with .Values.clusterAgent.strategy }} - strategy: - {{- toYaml . | nindent 4 }} -{{- end }} - template: - metadata: - annotations: - {{- include "stackstate-k8s-agent.checksum-configs" . | nindent 8 }} - {{- include "stackstate-k8s-agent.configmap.override.checksum" . | nindent 8 }} - labels: - app.kubernetes.io/component: cluster-agent - app.kubernetes.io/instance: {{ .Release.Name }} - app.kubernetes.io/name: {{ include "stackstate-k8s-agent.name" . }} - spec: - {{- include "stackstate-k8s-agent.image.pullSecrets" (dict "images" (list .Values.clusterAgent.image .Values.all.image) "context" $) | nindent 6 }} - {{- if .Values.clusterAgent.priorityClassName }} - priorityClassName: {{ .Values.clusterAgent.priorityClassName }} - {{- end }} - serviceAccountName: {{ include "stackstate-k8s-agent.fullname" . }} - {{- if .Values.all.hardening.enabled}} - terminationGracePeriodSeconds: 240 - {{- end }} - containers: - - name: cluster-agent - image: "{{ include "stackstate-k8s-agent.imageRegistry" . }}/{{ .Values.clusterAgent.image.repository }}:{{ .Values.clusterAgent.image.tag }}" - imagePullPolicy: "{{ .Values.clusterAgent.image.pullPolicy }}" - {{- if .Values.all.hardening.enabled}} - lifecycle: - preStop: - exec: - command: [ "/bin/sh", "-c", "echo 'Giving slim.ai monitor time to submit data...'; sleep 120" ] - {{- end }} - env: - - name: STS_API_KEY - valueFrom: - secretKeyRef: - name: {{ include "stackstate-k8s-agent.fullname" . }} - key: sts-api-key - - name: STS_CLUSTER_AGENT_AUTH_TOKEN - valueFrom: - secretKeyRef: - name: {{ include "stackstate-k8s-agent.fullname" . }} - key: sts-cluster-auth-token - - name: KUBERNETES_HOSTNAME - valueFrom: - fieldRef: - fieldPath: spec.nodeName - - name: STS_HOSTNAME - value: "$(KUBERNETES_HOSTNAME)-{{ .Values.stackstate.cluster.name}}" - - name: LOG_LEVEL - value: {{ .Values.clusterAgent.logLevel | quote }} - {{- if .Values.checksAgent.enabled }} - - name: STS_CLUSTER_CHECKS_ENABLED - value: "true" - - name: STS_EXTRA_CONFIG_PROVIDERS - value: "kube_endpoints kube_services" - - name: STS_EXTRA_LISTENERS - value: "kube_endpoints kube_services" - {{- end }} - - name: STS_CLUSTER_NAME - value: {{.Values.stackstate.cluster.name | quote }} - - name: STS_SKIP_VALIDATE_CLUSTERNAME - value: "true" - - name: STS_COLLECT_KUBERNETES_METRICS - value: {{ .Values.clusterAgent.collection.kubernetesMetrics | quote }} - - name: STS_COLLECT_KUBERNETES_TIMEOUT - value: {{ .Values.clusterAgent.collection.kubernetesTimeout | quote }} - - name: STS_COLLECT_KUBERNETES_TOPOLOGY - value: {{ .Values.clusterAgent.collection.kubernetesTopology | quote }} - - name: STS_LEADER_ELECTION - value: "true" - - name: STS_LOG_LEVEL - value: {{ .Values.clusterAgent.logLevel | quote }} - - name: STS_CLUSTER_AGENT_CMD_PORT - value: {{ .Values.clusterAgent.service.targetPort | quote }} - - name: STS_STS_URL - value: {{ include "stackstate-k8s-agent.stackstate.url" . }} - {{- if .Values.clusterAgent.config.configMap.maxDataSize }} - - name: STS_CONFIGMAP_MAX_DATASIZE - value: {{ .Values.clusterAgent.config.configMap.maxDataSize | quote }} - {{- end}} - {{- range $key, $value := .Values.global.extraEnv.open }} - - name: {{ $key }} - value: {{ $value | quote }} - {{- end }} - {{- range $key, $value := .Values.global.extraEnv.secret }} - - name: {{ $key }} - valueFrom: - secretKeyRef: - name: {{ include "stackstate-k8s-agent.fullname" . }} - key: {{ $key }} - {{- end }} - {{- if .Values.all.hardening.enabled}} - securityContext: - privileged: true - runAsUser: 0 # root - capabilities: - add: [ "ALL" ] - readOnlyRootFilesystem: false - {{- else }} - securityContext: - privileged: false - {{- end }} - {{- with .Values.clusterAgent.resources }} - resources: - {{- toYaml . | nindent 12 }} - {{- end }} - volumeMounts: - - name: logs - mountPath: /var/log/stackstate-agent - - name: config-override-volume - mountPath: /etc/stackstate-agent/conf.d/kubernetes_api_events.d/conf.yaml - subPath: kubernetes_api_events_conf - - name: config-override-volume - mountPath: /etc/stackstate-agent/conf.d/kubernetes_api_topology.d/conf.yaml - subPath: kubernetes_api_topology_conf - readOnly: true - {{- if .Values.clusterAgent.collection.kubeStateMetrics.enabled }} - - name: config-override-volume - mountPath: /etc/stackstate-agent/conf.d/kubernetes_state_core.d/conf.yaml - subPath: kube_state_metrics_core_conf - readOnly: true - {{- end }} - {{- if .Values.clusterAgent.config.override }} - {{- range .Values.clusterAgent.config.override }} - - name: config-override-volume - mountPath: {{ .path }}/{{ .name }} - subPath: {{ .path | replace "/" "_"}}_{{ .name }} - readOnly: true - {{- end }} - {{- end }} - nodeSelector: - {{ template "label.os" . }}: {{ .Values.targetSystem }} - {{- with .Values.clusterAgent.nodeSelector }} - {{- toYaml . | nindent 8 }} - {{- end }} - {{- with .Values.clusterAgent.affinity }} - affinity: - {{- toYaml . | nindent 8 }} - {{- end }} - {{- with .Values.clusterAgent.tolerations }} - tolerations: - {{- toYaml . | nindent 8 }} - {{- end }} - volumes: - - name: logs - emptyDir: {} - - name: config-override-volume - configMap: - name: {{ .Release.Name }}-cluster-agent diff --git a/charts/stackstate/stackstate-k8s-agent/1.0.51/templates/cluster-agent-poddisruptionbudget.yaml b/charts/stackstate/stackstate-k8s-agent/1.0.51/templates/cluster-agent-poddisruptionbudget.yaml deleted file mode 100644 index 652fa63d9..000000000 --- a/charts/stackstate/stackstate-k8s-agent/1.0.51/templates/cluster-agent-poddisruptionbudget.yaml +++ /dev/null @@ -1,18 +0,0 @@ -{{- if .Capabilities.APIVersions.Has "policy/v1/PodDisruptionBudget" }} -apiVersion: policy/v1 -{{- else }} -apiVersion: policy/v1beta1 -{{- end }} -kind: PodDisruptionBudget -metadata: - name: {{ include "stackstate-k8s-agent.fullname" . }} - labels: -{{ include "stackstate-k8s-agent.labels" . | indent 4 }} - app.kubernetes.io/component: cluster-agent -spec: - maxUnavailable: 1 - selector: - matchLabels: - app.kubernetes.io/component: cluster-agent - app.kubernetes.io/instance: {{ .Release.Name }} - app.kubernetes.io/name: {{ include "stackstate-k8s-agent.name" . }} diff --git a/charts/stackstate/stackstate-k8s-agent/1.0.51/templates/cluster-agent-role.yaml b/charts/stackstate/stackstate-k8s-agent/1.0.51/templates/cluster-agent-role.yaml deleted file mode 100644 index afe1594c1..000000000 --- a/charts/stackstate/stackstate-k8s-agent/1.0.51/templates/cluster-agent-role.yaml +++ /dev/null @@ -1,18 +0,0 @@ -{{- $kubeRes := .Values.clusterAgent.collection.kubernetesResources }} -apiVersion: rbac.authorization.k8s.io/v1 -kind: Role -metadata: - name: {{ include "stackstate-k8s-agent.fullname" . }} - labels: -{{ include "stackstate-k8s-agent.labels" . | indent 4 }} - app.kubernetes.io/component: cluster-agent -rules: -- apiGroups: - - "" - resources: - - configmaps - verbs: - - create - - get - - patch - - update diff --git a/charts/stackstate/stackstate-k8s-agent/1.0.51/templates/cluster-agent-rolebinding.yaml b/charts/stackstate/stackstate-k8s-agent/1.0.51/templates/cluster-agent-rolebinding.yaml deleted file mode 100644 index befaa77f2..000000000 --- a/charts/stackstate/stackstate-k8s-agent/1.0.51/templates/cluster-agent-rolebinding.yaml +++ /dev/null @@ -1,15 +0,0 @@ -apiVersion: rbac.authorization.k8s.io/v1 -kind: RoleBinding -metadata: - name: {{ include "stackstate-k8s-agent.fullname" . }} - labels: -{{ include "stackstate-k8s-agent.labels" . | indent 4 }} - app.kubernetes.io/component: cluster-agent -roleRef: - apiGroup: rbac.authorization.k8s.io - kind: Role - name: {{ include "stackstate-k8s-agent.fullname" . }} -subjects: -- apiGroup: "" - kind: ServiceAccount - name: {{ include "stackstate-k8s-agent.fullname" . }} diff --git a/charts/stackstate/stackstate-k8s-agent/1.0.51/templates/cluster-agent-service.yaml b/charts/stackstate/stackstate-k8s-agent/1.0.51/templates/cluster-agent-service.yaml deleted file mode 100644 index 93c39aaba..000000000 --- a/charts/stackstate/stackstate-k8s-agent/1.0.51/templates/cluster-agent-service.yaml +++ /dev/null @@ -1,18 +0,0 @@ -apiVersion: v1 -kind: Service -metadata: - name: {{ .Release.Name }}-cluster-agent - namespace: {{ .Release.Namespace }} - labels: -{{ include "stackstate-k8s-agent.labels" . | indent 4 }} - app.kubernetes.io/component: cluster-agent -spec: - ports: - - name: clusteragent - port: {{int .Values.clusterAgent.service.port }} - protocol: TCP - targetPort: {{int .Values.clusterAgent.service.targetPort }} - selector: - app.kubernetes.io/component: cluster-agent - app.kubernetes.io/instance: {{ .Release.Name }} - app.kubernetes.io/name: {{ include "stackstate-k8s-agent.name" . }} diff --git a/charts/stackstate/stackstate-k8s-agent/1.0.51/templates/cluster-agent-serviceaccount.yaml b/charts/stackstate/stackstate-k8s-agent/1.0.51/templates/cluster-agent-serviceaccount.yaml deleted file mode 100644 index ff7b7be35..000000000 --- a/charts/stackstate/stackstate-k8s-agent/1.0.51/templates/cluster-agent-serviceaccount.yaml +++ /dev/null @@ -1,12 +0,0 @@ -apiVersion: v1 -kind: ServiceAccount -metadata: - name: {{ include "stackstate-k8s-agent.fullname" . }} - namespace: {{ .Release.Namespace }} - labels: -{{ include "stackstate-k8s-agent.labels" . | indent 4 }} - app.kubernetes.io/component: cluster-agent -{{- with .Values.clusterAgent.serviceaccount.annotations }} - annotations: - {{- toYaml . | nindent 4 }} -{{- end }} diff --git a/charts/stackstate/stackstate-k8s-agent/1.0.51/templates/logs-agent-clusterrole.yaml b/charts/stackstate/stackstate-k8s-agent/1.0.51/templates/logs-agent-clusterrole.yaml deleted file mode 100644 index 70d70aa47..000000000 --- a/charts/stackstate/stackstate-k8s-agent/1.0.51/templates/logs-agent-clusterrole.yaml +++ /dev/null @@ -1,20 +0,0 @@ -{{- if .Values.logsAgent.enabled }} -apiVersion: rbac.authorization.k8s.io/v1 -kind: ClusterRole -metadata: - name: {{ .Release.Name }}-logs-agent - labels: -{{ include "stackstate-k8s-agent.labels" . | indent 4 }} - app.kubernetes.io/component: logs-agent -rules: -- apiGroups: # Kubelet connectivity - - "" - resources: - - nodes - - services - - pods - verbs: - - get - - watch - - list -{{- end -}} diff --git a/charts/stackstate/stackstate-k8s-agent/1.0.51/templates/logs-agent-clusterrolebinding.yaml b/charts/stackstate/stackstate-k8s-agent/1.0.51/templates/logs-agent-clusterrolebinding.yaml deleted file mode 100644 index 802c5d8c5..000000000 --- a/charts/stackstate/stackstate-k8s-agent/1.0.51/templates/logs-agent-clusterrolebinding.yaml +++ /dev/null @@ -1,18 +0,0 @@ -{{- if .Values.logsAgent.enabled }} -apiVersion: rbac.authorization.k8s.io/v1 -kind: ClusterRoleBinding -metadata: - name: {{ .Release.Name }}-logs-agent - labels: -{{ include "stackstate-k8s-agent.labels" . | indent 4 }} - app.kubernetes.io/component: logs-agent -roleRef: - apiGroup: rbac.authorization.k8s.io - kind: ClusterRole - name: {{ .Release.Name }}-logs-agent -subjects: -- apiGroup: "" - kind: ServiceAccount - name: {{ .Release.Name }}-logs-agent - namespace: {{ .Release.Namespace }} -{{- end -}} diff --git a/charts/stackstate/stackstate-k8s-agent/1.0.51/templates/logs-agent-configmap.yaml b/charts/stackstate/stackstate-k8s-agent/1.0.51/templates/logs-agent-configmap.yaml deleted file mode 100644 index c934777ef..000000000 --- a/charts/stackstate/stackstate-k8s-agent/1.0.51/templates/logs-agent-configmap.yaml +++ /dev/null @@ -1,54 +0,0 @@ -{{- if .Values.logsAgent.enabled }} -apiVersion: v1 -kind: ConfigMap -metadata: - name: {{ .Release.Name }}-logs-agent - labels: -{{ include "stackstate-k8s-agent.labels" . | indent 4 }} - app.kubernetes.io/component: logs-agent -data: - promtail.yaml: | - server: - http_listen_port: 9080 - grpc_listen_port: 0 - - clients: - - url: {{ tpl .Values.stackstate.url . }}/logs/k8s?api_key=${STS_API_KEY} - external_labels: - sts_cluster_name: {{ .Values.stackstate.cluster.name | quote }} - - positions: - filename: /tmp/positions.yaml - target_config: - sync_period: 10s - scrape_configs: - - job_name: pod-logs - kubernetes_sd_configs: - - role: pod - pipeline_stages: - - docker: {} - - cri: {} - relabel_configs: - - action: replace - source_labels: - - __meta_kubernetes_pod_name - target_label: pod_name - - action: replace - source_labels: - - __meta_kubernetes_pod_uid - target_label: pod_uid - - action: replace - source_labels: - - __meta_kubernetes_pod_container_name - target_label: container_name - # The __path__ is required by the promtail client - - replacement: /var/log/pods/*$1/*.log - separator: / - source_labels: - - __meta_kubernetes_pod_uid - - __meta_kubernetes_pod_container_name - target_label: __path__ - # Drop all remaining labels, we do not need those - - action: drop - regex: __meta_(.*) -{{- end -}} diff --git a/charts/stackstate/stackstate-k8s-agent/1.0.51/templates/logs-agent-daemonset.yaml b/charts/stackstate/stackstate-k8s-agent/1.0.51/templates/logs-agent-daemonset.yaml deleted file mode 100644 index 015cdba2a..000000000 --- a/charts/stackstate/stackstate-k8s-agent/1.0.51/templates/logs-agent-daemonset.yaml +++ /dev/null @@ -1,90 +0,0 @@ -{{- if .Values.logsAgent.enabled }} -apiVersion: apps/v1 -kind: DaemonSet -metadata: - name: {{ .Release.Name }}-logs-agent - namespace: {{ .Release.Namespace }} - labels: -{{ include "stackstate-k8s-agent.labels" . | indent 4 }} - app.kubernetes.io/component: logs-agent -spec: - selector: - matchLabels: - app.kubernetes.io/component: logs-agent - app.kubernetes.io/instance: {{ .Release.Name }} - app.kubernetes.io/name: {{ include "stackstate-k8s-agent.name" . }} -{{- with .Values.logsAgent.updateStrategy }} - updateStrategy: - {{- toYaml . | nindent 4 }} -{{- end }} - template: - metadata: - annotations: - {{- include "stackstate-k8s-agent.checksum-configs" . | nindent 8 }} - {{- include "stackstate-k8s-agent.logsAgent.configmap.override.checksum" . | nindent 8 }} - labels: - app.kubernetes.io/component: logs-agent - app.kubernetes.io/instance: {{ .Release.Name }} - app.kubernetes.io/name: {{ include "stackstate-k8s-agent.name" . }} - spec: - {{- include "stackstate-k8s-agent.image.pullSecrets" (dict "images" (list .Values.logsAgent.image .Values.all.image) "context" $) | nindent 6 }} - containers: - - name: logs-agent - image: "{{ include "stackstate-k8s-agent.imageRegistry" . }}/{{ .Values.logsAgent.image.repository }}:{{ .Values.logsAgent.image.tag }}" - args: - - -config.expand-env=true - - -config.file=/etc/promtail/promtail.yaml - imagePullPolicy: "{{ .Values.logsAgent.image.pullPolicy }}" - env: - - name: STS_API_KEY - valueFrom: - secretKeyRef: - name: {{ include "stackstate-k8s-agent.fullname" . }} - key: sts-api-key - - name: "HOSTNAME" # needed when using kubernetes_sd_configs - valueFrom: - fieldRef: - fieldPath: "spec.nodeName" - securityContext: - privileged: false - {{- with .Values.logsAgent.resources }} - resources: - {{- toYaml . | nindent 12 }} - {{- end }} - volumeMounts: - - name: logs - mountPath: /var/log - readOnly: true - - name: logs-agent-config - mountPath: /etc/promtail - readOnly: true - - name: varlibdockercontainers - mountPath: /var/lib/docker/containers - readOnly: true - {{- if .Values.logsAgent.priorityClassName }} - priorityClassName: {{ .Values.logsAgent.priorityClassName }} - {{- end }} - serviceAccountName: {{ .Release.Name }}-logs-agent - {{- with .Values.logsAgent.nodeSelector }} - nodeSelector: - {{- toYaml . | nindent 8 }} - {{- end }} - {{- with .Values.logsAgent.affinity }} - affinity: - {{- toYaml . | nindent 8 }} - {{- end }} - {{- with .Values.logsAgent.tolerations }} - tolerations: - {{- toYaml . | nindent 8 }} - {{- end }} - volumes: - - name: logs - hostPath: - path: /var/log - - name: varlibdockercontainers - hostPath: - path: /var/lib/docker/containers - - name: logs-agent-config - configMap: - name: {{ .Release.Name }}-logs-agent -{{- end -}} diff --git a/charts/stackstate/stackstate-k8s-agent/1.0.51/templates/logs-agent-serviceaccount.yaml b/charts/stackstate/stackstate-k8s-agent/1.0.51/templates/logs-agent-serviceaccount.yaml deleted file mode 100644 index e562c04e4..000000000 --- a/charts/stackstate/stackstate-k8s-agent/1.0.51/templates/logs-agent-serviceaccount.yaml +++ /dev/null @@ -1,14 +0,0 @@ -{{- if .Values.logsAgent.enabled }} -apiVersion: v1 -kind: ServiceAccount -metadata: - name: {{ .Release.Name }}-logs-agent - namespace: {{ .Release.Namespace }} - labels: -{{ include "stackstate-k8s-agent.labels" . | indent 4 }} - app.kubernetes.io/component: logs-agent -{{- with .Values.logsAgent.serviceaccount.annotations }} - annotations: - {{- toYaml . | nindent 4 }} -{{- end }} -{{- end -}} diff --git a/charts/stackstate/stackstate-k8s-agent/1.0.51/templates/node-agent-clusterrole.yaml b/charts/stackstate/stackstate-k8s-agent/1.0.51/templates/node-agent-clusterrole.yaml deleted file mode 100644 index 11a53c6ed..000000000 --- a/charts/stackstate/stackstate-k8s-agent/1.0.51/templates/node-agent-clusterrole.yaml +++ /dev/null @@ -1,18 +0,0 @@ -apiVersion: rbac.authorization.k8s.io/v1 -kind: ClusterRole -metadata: - name: {{ .Release.Name }}-node-agent - labels: -{{ include "stackstate-k8s-agent.labels" . | indent 4 }} - app.kubernetes.io/component: node-agent -rules: -- apiGroups: # Kubelet connectivity - - "" - resources: - - nodes/metrics - - nodes/proxy - - nodes/spec - - endpoints - verbs: - - get - - list diff --git a/charts/stackstate/stackstate-k8s-agent/1.0.51/templates/node-agent-clusterrolebinding.yaml b/charts/stackstate/stackstate-k8s-agent/1.0.51/templates/node-agent-clusterrolebinding.yaml deleted file mode 100644 index 8a33cb0bc..000000000 --- a/charts/stackstate/stackstate-k8s-agent/1.0.51/templates/node-agent-clusterrolebinding.yaml +++ /dev/null @@ -1,16 +0,0 @@ -apiVersion: rbac.authorization.k8s.io/v1 -kind: ClusterRoleBinding -metadata: - name: {{ .Release.Name }}-node-agent - labels: -{{ include "stackstate-k8s-agent.labels" . | indent 4 }} - app.kubernetes.io/component: node-agent -roleRef: - apiGroup: rbac.authorization.k8s.io - kind: ClusterRole - name: {{ .Release.Name }}-node-agent -subjects: -- apiGroup: "" - kind: ServiceAccount - name: {{ .Release.Name }}-node-agent - namespace: {{ .Release.Namespace }} diff --git a/charts/stackstate/stackstate-k8s-agent/1.0.51/templates/node-agent-configmap.yaml b/charts/stackstate/stackstate-k8s-agent/1.0.51/templates/node-agent-configmap.yaml deleted file mode 100644 index 8fdd99258..000000000 --- a/charts/stackstate/stackstate-k8s-agent/1.0.51/templates/node-agent-configmap.yaml +++ /dev/null @@ -1,14 +0,0 @@ -{{- if .Values.nodeAgent.config.override }} -apiVersion: v1 -kind: ConfigMap -metadata: - name: {{ .Release.Name }}-node-agent - labels: -{{ include "stackstate-k8s-agent.labels" . | indent 4 }} - app.kubernetes.io/component: node-agent -data: -{{- range .Values.nodeAgent.config.override }} - {{ .path | replace "/" "_"}}_{{ .name }}: | -{{ .data | indent 4 -}} -{{- end -}} -{{- end -}} diff --git a/charts/stackstate/stackstate-k8s-agent/1.0.51/templates/node-agent-daemonset.yaml b/charts/stackstate/stackstate-k8s-agent/1.0.51/templates/node-agent-daemonset.yaml deleted file mode 100644 index d10182508..000000000 --- a/charts/stackstate/stackstate-k8s-agent/1.0.51/templates/node-agent-daemonset.yaml +++ /dev/null @@ -1,101 +0,0 @@ -apiVersion: apps/v1 -kind: DaemonSet -metadata: - name: {{ .Release.Name }}-node-agent - namespace: {{ .Release.Namespace }} - labels: -{{ include "stackstate-k8s-agent.labels" . | indent 4 }} - app.kubernetes.io/component: node-agent -spec: - selector: - matchLabels: - app.kubernetes.io/component: node-agent - app.kubernetes.io/instance: {{ .Release.Name }} - app.kubernetes.io/name: {{ include "stackstate-k8s-agent.name" . }} -{{- with .Values.nodeAgent.updateStrategy }} - updateStrategy: - {{- toYaml . | nindent 4 }} -{{- end }} - template: - metadata: - annotations: - {{- include "stackstate-k8s-agent.checksum-configs" . | nindent 8 }} - {{- include "stackstate-k8s-agent.nodeAgent.configmap.override.checksum" . | nindent 8 }} - labels: - app.kubernetes.io/component: node-agent - app.kubernetes.io/instance: {{ .Release.Name }} - app.kubernetes.io/name: {{ include "stackstate-k8s-agent.name" . }} - spec: - {{- include "stackstate-k8s-agent.image.pullSecrets" (dict "images" (list .Values.nodeAgent.containers.agent.image .Values.all.image) "context" $) | nindent 6 }} - {{- if .Values.all.hardening.enabled}} - terminationGracePeriodSeconds: 240 - {{- end }} - containers: - {{- include "container-agent" . | nindent 6 }} - {{- if .Values.nodeAgent.containers.processAgent.enabled }} - {{- include "container-process-agent" . | nindent 6 }} - {{- end }} - dnsPolicy: ClusterFirstWithHostNet - hostNetwork: true - hostPID: true - {{- if .Values.nodeAgent.priorityClassName }} - priorityClassName: {{ .Values.nodeAgent.priorityClassName }} - {{- end }} - serviceAccountName: {{ .Release.Name }}-node-agent - nodeSelector: - {{ template "label.os" . }}: {{ .Values.targetSystem }} - {{- with .Values.nodeAgent.nodeSelector }} - {{- toYaml . | nindent 8 }} - {{- end }} - {{- with .Values.nodeAgent.affinity }} - affinity: - {{- toYaml . | nindent 8 }} - {{- end }} - {{- with .Values.nodeAgent.tolerations }} - tolerations: - {{- toYaml . | nindent 8 }} - {{- end }} - volumes: - {{- if .Values.nodeAgent.containerRuntime.customSocketPath }} - - hostPath: - path: {{ .Values.nodeAgent.containerRuntime.customSocketPath }} - name: customcrisocket - {{- end }} - - hostPath: - path: /var/lib/kubelet - name: kubelet - - hostPath: - path: /var/lib/nfs - name: nfs - - hostPath: - path: /var/lib/docker/overlay2 - name: dockeroverlay2 - - hostPath: - path: /run/docker/netns - name: dockernetns - - hostPath: - path: /var/run/crio/crio.sock - name: crisocket - - hostPath: - path: /var/run/containerd/containerd.sock - name: containerdsocket - - hostPath: - path: /sys/kernel/debug - name: sys-kernel-debug - - hostPath: - path: /var/run/docker.sock - name: dockersocket - - hostPath: - path: {{ .Values.nodeAgent.containerRuntime.hostProc }} - name: procdir - - hostPath: - path: /etc/passwd - name: passwd - - hostPath: - path: /sys/fs/cgroup - name: cgroups - {{- if .Values.nodeAgent.config.override }} - - name: config-override-volume - configMap: - name: {{ .Release.Name }}-node-agent - {{- end }} diff --git a/charts/stackstate/stackstate-k8s-agent/1.0.51/templates/node-agent-scc.yaml b/charts/stackstate/stackstate-k8s-agent/1.0.51/templates/node-agent-scc.yaml deleted file mode 100644 index 562a099c7..000000000 --- a/charts/stackstate/stackstate-k8s-agent/1.0.51/templates/node-agent-scc.yaml +++ /dev/null @@ -1,56 +0,0 @@ -{{- if .Values.nodeAgent.scc.enabled }} -allowHostDirVolumePlugin: true -# was true -allowHostIPC: true -# was true -allowHostNetwork: true -# Allow host PID for dogstatsd origin detection -allowHostPID: true -# Allow host ports for dsd / trace / logs intake -allowHostPorts: true -allowPrivilegeEscalation: true -# was true -allowPrivilegedContainer: true -# was - '*' -allowedCapabilities: [] -allowedUnsafeSysctls: -- '*' -apiVersion: security.openshift.io/v1 -defaultAddCapabilities: null -fsGroup: -# was RunAsAny - type: MustRunAs -groups: [] -kind: SecurityContextConstraints -metadata: - name: {{ .Release.Name }}-node-agent - namespace: {{ .Release.Namespace }} -priority: null -readOnlyRootFilesystem: false -requiredDropCapabilities: null -# was RunAsAny -runAsUser: - type: MustRunAsRange -# Use the `spc_t` selinux type to access the -# docker socket + proc and cgroup stats -seLinuxContext: - type: RunAsAny - seLinuxOptions: - user: "system_u" - role: "system_r" - type: "spc_t" - level: "s0" -# was - '*' -seccompProfiles: [] -supplementalGroups: - type: RunAsAny -users: -- system:serviceaccount:{{ .Release.Namespace }}:{{ .Release.Name }}-node-agent -# Allow hostPath for docker / process metrics -volumes: - - configMap - - downwardAPI - - emptyDir - - hostPath - - secret -{{- end }} diff --git a/charts/stackstate/stackstate-k8s-agent/1.0.51/templates/node-agent-service.yaml b/charts/stackstate/stackstate-k8s-agent/1.0.51/templates/node-agent-service.yaml deleted file mode 100644 index ad5ad71ce..000000000 --- a/charts/stackstate/stackstate-k8s-agent/1.0.51/templates/node-agent-service.yaml +++ /dev/null @@ -1,26 +0,0 @@ -apiVersion: v1 -kind: Service -metadata: - name: {{ .Release.Name }}-node-agent - namespace: {{ .Release.Namespace }} - labels: -{{ include "stackstate-k8s-agent.labels" . | indent 4 }} - app.kubernetes.io/component: node-agent -{{- with .Values.nodeAgent.service.annotations }} - annotations: - {{- toYaml . | nindent 4 }} -{{- end }} -spec: - type: {{ .Values.nodeAgent.service.type }} -{{- if eq .Values.nodeAgent.service.type "LoadBalancer" }} - loadBalancerSourceRanges: {{ toYaml .Values.nodeAgent.service.loadBalancerSourceRanges | nindent 4}} -{{- end }} - ports: - - name: traceport - port: 8126 - protocol: TCP - targetPort: 8126 - selector: - app.kubernetes.io/component: node-agent - app.kubernetes.io/instance: {{ .Release.Name }} - app.kubernetes.io/name: {{ include "stackstate-k8s-agent.name" . }} diff --git a/charts/stackstate/stackstate-k8s-agent/1.0.51/templates/node-agent-serviceaccount.yaml b/charts/stackstate/stackstate-k8s-agent/1.0.51/templates/node-agent-serviceaccount.yaml deleted file mode 100644 index 935fa9674..000000000 --- a/charts/stackstate/stackstate-k8s-agent/1.0.51/templates/node-agent-serviceaccount.yaml +++ /dev/null @@ -1,12 +0,0 @@ -apiVersion: v1 -kind: ServiceAccount -metadata: - name: {{ .Release.Name }}-node-agent - namespace: {{ .Release.Namespace }} - labels: -{{ include "stackstate-k8s-agent.labels" . | indent 4 }} - app.kubernetes.io/component: node-agent -{{- with .Values.nodeAgent.serviceaccount.annotations }} - annotations: - {{- toYaml . | nindent 4 }} -{{- end }} diff --git a/charts/stackstate/stackstate-k8s-agent/1.0.51/templates/openshift-logging-secret.yaml b/charts/stackstate/stackstate-k8s-agent/1.0.51/templates/openshift-logging-secret.yaml deleted file mode 100644 index df813afe2..000000000 --- a/charts/stackstate/stackstate-k8s-agent/1.0.51/templates/openshift-logging-secret.yaml +++ /dev/null @@ -1,17 +0,0 @@ -{{- if .Values.openShiftLogging.installSecret }} -apiVersion: v1 -kind: Secret -metadata: - name: {{ include "stackstate-k8s-agent.fullname" . }}-logging-secret - namespace: openshift-logging - labels: -{{ include "stackstate-k8s-agent.labels" . | indent 4 }} -type: Opaque -data: - username: {{ "apikey" | b64enc | quote }} -{{- if .Values.global.receiverApiKey }} - password: {{ .Values.global.receiverApiKey | b64enc | quote }} -{{- else }} - password: {{ .Values.stackstate.apiKey | b64enc | quote }} -{{- end }} -{{- end }} diff --git a/charts/stackstate/stackstate-k8s-agent/1.0.51/templates/pull-secret.yaml b/charts/stackstate/stackstate-k8s-agent/1.0.51/templates/pull-secret.yaml deleted file mode 100644 index 441a42a15..000000000 --- a/charts/stackstate/stackstate-k8s-agent/1.0.51/templates/pull-secret.yaml +++ /dev/null @@ -1,35 +0,0 @@ -{{- $defaultRegistry := .Values.global.imageRegistry }} -{{- $top := . }} -{{- $registryAuthMap := dict }} - -{{- range $registry, $credentials := .Values.global.imagePullCredentials }} - {{- $registryAuthDocument := dict -}} - {{- $_ := set $registryAuthDocument "username" $credentials.username }} - {{- $_ := set $registryAuthDocument "password" $credentials.password }} - {{- $authMessage := printf "%s:%s" $registryAuthDocument.username $registryAuthDocument.password | b64enc }} - {{- $_ := set $registryAuthDocument "auth" $authMessage }} - {{- if eq $registry "default" }} - {{- $registryAuthMap := set $registryAuthMap (include "stackstate-k8s-agent.imageRegistry" $top) $registryAuthDocument }} - {{ else }} - {{- $registryAuthMap := set $registryAuthMap $registry $registryAuthDocument }} - {{- end }} -{{- end }} - -{{- if .Values.all.image.pullSecretUsername }} - {{- $registryAuthDocument := dict -}} - {{- $_ := set $registryAuthDocument "username" .Values.all.image.pullSecretUsername }} - {{- $_ := set $registryAuthDocument "password" .Values.all.image.pullSecretPassword }} - {{- $authMessage := printf "%s:%s" $registryAuthDocument.username $registryAuthDocument.password | b64enc }} - {{- $_ := set $registryAuthDocument "auth" $authMessage }} - {{- $registryAuthMap := set $registryAuthMap (include "stackstate-k8s-agent.imageRegistry" $top) $registryAuthDocument }} -{{- end }} - -{{- $dockerAuthsDocuments := dict "auths" $registryAuthMap }} - -apiVersion: v1 -kind: Secret -metadata: - name: {{ include "stackstate-k8s-agent.pull-secret.name" . }} -data: - .dockerconfigjson: {{ $dockerAuthsDocuments | toJson | b64enc | quote }} -type: kubernetes.io/dockerconfigjson diff --git a/charts/stackstate/stackstate-k8s-agent/1.0.51/templates/secret.yaml b/charts/stackstate/stackstate-k8s-agent/1.0.51/templates/secret.yaml deleted file mode 100644 index 31057ccf3..000000000 --- a/charts/stackstate/stackstate-k8s-agent/1.0.51/templates/secret.yaml +++ /dev/null @@ -1,22 +0,0 @@ -apiVersion: v1 -kind: Secret -metadata: - name: {{ include "stackstate-k8s-agent.fullname" . }} - namespace: {{ .Release.Namespace }} - labels: -{{ include "stackstate-k8s-agent.labels" . | indent 4 }} -type: Opaque -data: -{{- if .Values.global.receiverApiKey }} - sts-api-key: {{ .Values.global.receiverApiKey | b64enc | quote }} -{{- else }} - sts-api-key: {{ .Values.stackstate.apiKey | b64enc | quote }} -{{- end }} -{{- if .Values.stackstate.cluster.authToken }} - sts-cluster-auth-token: {{ .Values.stackstate.cluster.authToken | b64enc | quote }} -{{- else }} - sts-cluster-auth-token: {{ randAlphaNum 32 | b64enc | quote }} -{{- end }} -{{- range $key, $value := .Values.global.extraEnv.secret }} - {{ $key }}: {{ $value | b64enc | quote }} -{{- end }} diff --git a/charts/stackstate/stackstate-k8s-agent/1.0.51/test/clusteragent_resources_test.go b/charts/stackstate/stackstate-k8s-agent/1.0.51/test/clusteragent_resources_test.go deleted file mode 100644 index 25875e871..000000000 --- a/charts/stackstate/stackstate-k8s-agent/1.0.51/test/clusteragent_resources_test.go +++ /dev/null @@ -1,145 +0,0 @@ -package test - -import ( - "regexp" - "strings" - "testing" - - v1 "k8s.io/api/rbac/v1" - - "github.com/stretchr/testify/assert" - "gitlab.com/StackVista/DevOps/helm-charts/helmtestutil" -) - -var requiredRules = []string{ - "events+get,list,watch", - "nodes+get,list,watch", - "pods+get,list,watch", - "services+get,list,watch", - "configmaps+create,get,patch,update", -} - -var optionalRules = []string{ - "namespaces+get,list,watch", - "componentstatuses+get,list,watch", - "configmaps+list,watch", // get is already required - "endpoints+get,list,watch", - "persistentvolumeclaims+get,list,watch", - "persistentvolumes+get,list,watch", - "secrets+get,list,watch", - "apps/daemonsets+get,list,watch", - "apps/deployments+get,list,watch", - "apps/replicasets+get,list,watch", - "apps/statefulsets+get,list,watch", - "extensions/ingresses+get,list,watch", - "batch/cronjobs+get,list,watch", - "batch/jobs+get,list,watch", -} - -var roleDescriptionRegexp = regexp.MustCompile(`^((?P\w+)/)?(?P\w+)\+(?P[\w,]+)`) - -type Rule struct { - Group string - ResourceName string - Verb string -} - -func assertRuleExistence(t *testing.T, rules []v1.PolicyRule, roleDescription string, shouldBePresent bool) { - match := roleDescriptionRegexp.FindStringSubmatch(roleDescription) - assert.NotNil(t, match) - - var roleRules []Rule - for _, rule := range rules { - for _, group := range rule.APIGroups { - for _, resource := range rule.Resources { - for _, verb := range rule.Verbs { - roleRules = append(roleRules, Rule{group, resource, verb}) - } - } - } - } - - resGroup := match[roleDescriptionRegexp.SubexpIndex("group")] - resName := match[roleDescriptionRegexp.SubexpIndex("name")] - verbs := strings.Split(match[roleDescriptionRegexp.SubexpIndex("verbs")], ",") - - for _, verb := range verbs { - requiredRule := Rule{resGroup, resName, verb} - found := false - for _, rule := range roleRules { - if rule == requiredRule { - found = true - break - } - } - if shouldBePresent { - assert.Truef(t, found, "Rule %v has not been found", requiredRule) - } else { - assert.Falsef(t, found, "Rule %v should not be present", requiredRule) - } - } -} - -func TestAllResourcesAreEnabled(t *testing.T) { - output := helmtestutil.RenderHelmTemplate(t, "stackstate-k8s-agent", "values/minimal.yaml") - resources := helmtestutil.NewKubernetesResources(t, output) - - assert.Contains(t, resources.ClusterRoles, "stackstate-k8s-agent") - assert.Contains(t, resources.Roles, "stackstate-k8s-agent") - rules := resources.ClusterRoles["stackstate-k8s-agent"].Rules - rules = append(rules, resources.Roles["stackstate-k8s-agent"].Rules...) - - for _, requiredRole := range requiredRules { - assertRuleExistence(t, rules, requiredRole, true) - } - // be default, everything is enabled, so all the optional roles should be present as well - for _, optionalRule := range optionalRules { - assertRuleExistence(t, rules, optionalRule, true) - } -} - -func TestMostOfResourcesAreDisabled(t *testing.T) { - output := helmtestutil.RenderHelmTemplate(t, "stackstate-k8s-agent", "values/minimal.yaml", "values/disable-all-resource.yaml") - resources := helmtestutil.NewKubernetesResources(t, output) - - assert.Contains(t, resources.ClusterRoles, "stackstate-k8s-agent") - assert.Contains(t, resources.Roles, "stackstate-k8s-agent") - rules := resources.ClusterRoles["stackstate-k8s-agent"].Rules - rules = append(rules, resources.Roles["stackstate-k8s-agent"].Rules...) - - for _, requiredRole := range requiredRules { - assertRuleExistence(t, rules, requiredRole, true) - } - - // we expect all optional resources to be removed from ClusterRole with the given values - for _, optionalRule := range optionalRules { - assertRuleExistence(t, rules, optionalRule, false) - } -} - -func TestNoClusterWideModificationRights(t *testing.T) { - output := helmtestutil.RenderHelmTemplate(t, "stackstate-k8s-agent", "values/minimal.yaml", "values/http-header-injector.yaml") - resources := helmtestutil.NewKubernetesResources(t, output) - assert.Contains(t, resources.ClusterRoles, "stackstate-k8s-agent") - illegalVerbs := []string{"create", "patch", "update", "delete"} - - for _, clusterRole := range resources.ClusterRoles { - for _, rule := range clusterRole.Rules { - for _, verb := range rule.Verbs { - assert.NotContains(t, illegalVerbs, verb, "ClusterRole %s should not have %s verb for %s resource", clusterRole.Name, verb, rule.Resources) - } - } - } -} - -func TestServicePortChange(t *testing.T) { - output := helmtestutil.RenderHelmTemplate(t, "stackstate-k8s-agent", "values/minimal.yaml", "values/clustercheck_service_port_override.yaml") - resources := helmtestutil.NewKubernetesResources(t, output) - - cluster_agent_service := resources.Services["stackstate-k8s-agent-cluster-agent"] - - port := cluster_agent_service.Spec.Ports[0] - assert.Equal(t, port.Name, "clusteragent") - assert.Equal(t, port.Port, int32(8008)) - assert.Equal(t, port.TargetPort.IntVal, int32(9009)) -} diff --git a/charts/stackstate/stackstate-k8s-agent/1.0.51/test/clustername_test.go b/charts/stackstate/stackstate-k8s-agent/1.0.51/test/clustername_test.go deleted file mode 100644 index 55090b995..000000000 --- a/charts/stackstate/stackstate-k8s-agent/1.0.51/test/clustername_test.go +++ /dev/null @@ -1,54 +0,0 @@ -package test - -import ( - "testing" - - "github.com/gruntwork-io/terratest/modules/helm" - "github.com/stretchr/testify/assert" - - "gitlab.com/StackVista/DevOps/helm-charts/helmtestutil" -) - -func TestHelmBasicRender(t *testing.T) { - output := helmtestutil.RenderHelmTemplate(t, "stackstate-k8s-agent", "values/minimal.yaml") - - // Parse all resources into their corresponding types for validation and further inspection - helmtestutil.NewKubernetesResources(t, output) -} - -func TestClusterNameValidation(t *testing.T) { - testCases := []struct { - Name string - ClusterName string - IsValid bool - }{ - {"not allowed end with special character [.]", "name.", false}, - {"not allowed end with special character [-]", "name.", false}, - {"not allowed start with special character [-]", "-name", false}, - {"not allowed start with special character [.]", ".name", false}, - {"upper case is not allowed", "Euwest1-prod.cool-company.com", false}, - {"upper case is not allowed", "euwest1-PROD.cool-company.com", false}, - {"upper case is not allowed", "euwest1-prod.cool-company.coM", false}, - {"dots and dashes are allowed in the middle", "euwest1-prod.cool-company.com", true}, - {"underscore is not allowed", "why_7", false}, - } - - for _, testCase := range testCases { - t.Run(testCase.Name, func(t *testing.T) { - output, err := helmtestutil.RenderHelmTemplateOpts( - t, "cluster-agent", - &helm.Options{ - ValuesFiles: []string{"values/minimal.yaml"}, - SetStrValues: map[string]string{ - "stackstate.cluster.name": testCase.ClusterName, - }, - }) - if testCase.IsValid { - assert.Nil(t, err) - } else { - assert.NotNil(t, err) - assert.Contains(t, output, "stackstate.cluster.name: Does not match pattern") - } - }) - } -} diff --git a/charts/stackstate/stackstate-k8s-agent/1.0.51/test/values/clustercheck_ksm_custom_url.yaml b/charts/stackstate/stackstate-k8s-agent/1.0.51/test/values/clustercheck_ksm_custom_url.yaml deleted file mode 100644 index 57b973eed..000000000 --- a/charts/stackstate/stackstate-k8s-agent/1.0.51/test/values/clustercheck_ksm_custom_url.yaml +++ /dev/null @@ -1,7 +0,0 @@ -checksAgent: - enabled: true - kubeStateMetrics: - url: http://my-custom-ksm-url.monitoring.svc.local:8080/metrics -dependencies: - kubeStateMetrics: - enabled: true diff --git a/charts/stackstate/stackstate-k8s-agent/1.0.51/test/values/clustercheck_ksm_no_override.yaml b/charts/stackstate/stackstate-k8s-agent/1.0.51/test/values/clustercheck_ksm_no_override.yaml deleted file mode 100644 index b6c817d47..000000000 --- a/charts/stackstate/stackstate-k8s-agent/1.0.51/test/values/clustercheck_ksm_no_override.yaml +++ /dev/null @@ -1,5 +0,0 @@ -checksAgent: - enabled: true -dependencies: - kubeStateMetrics: - enabled: true diff --git a/charts/stackstate/stackstate-k8s-agent/1.0.51/test/values/clustercheck_ksm_override.yaml b/charts/stackstate/stackstate-k8s-agent/1.0.51/test/values/clustercheck_ksm_override.yaml deleted file mode 100644 index 9ca201345..000000000 --- a/charts/stackstate/stackstate-k8s-agent/1.0.51/test/values/clustercheck_ksm_override.yaml +++ /dev/null @@ -1,26 +0,0 @@ -checksAgent: - enabled: true -dependencies: - kubeStateMetrics: - enabled: true -agent: - config: - override: -# agent.config.override -- Disables kubernetes_state check on regular agent pods. - - name: auto_conf.yaml - path: /etc/stackstate-agent/conf.d/kubernetes_state.d - data: | -clusterAgent: - config: - override: -# clusterAgent.config.override -- Defines kubernetes_state check for clusterchecks agents. Auto-discovery -# with ad_identifiers does not work here. Use a specific URL instead. - - name: conf.yaml - path: /etc/stackstate-agent/conf.d/kubernetes_state.d - data: | - cluster_check: true - - init_config: - - instances: - - kube_state_url: http://YOUR_KUBE_STATE_METRICS_SERVICE_NAME:8080/metrics diff --git a/charts/stackstate/stackstate-k8s-agent/1.0.51/test/values/clustercheck_no_ksm_custom_url.yaml b/charts/stackstate/stackstate-k8s-agent/1.0.51/test/values/clustercheck_no_ksm_custom_url.yaml deleted file mode 100644 index a62691878..000000000 --- a/charts/stackstate/stackstate-k8s-agent/1.0.51/test/values/clustercheck_no_ksm_custom_url.yaml +++ /dev/null @@ -1,7 +0,0 @@ -checksAgent: - enabled: true - kubeStateMetrics: - url: http://my-custom-ksm-url.monitoring.svc.local:8080/metrics -dependencies: - kubeStateMetrics: - enabled: false diff --git a/charts/stackstate/stackstate-k8s-agent/1.0.51/test/values/clustercheck_service_port_override.yaml b/charts/stackstate/stackstate-k8s-agent/1.0.51/test/values/clustercheck_service_port_override.yaml deleted file mode 100644 index c01a98fcb..000000000 --- a/charts/stackstate/stackstate-k8s-agent/1.0.51/test/values/clustercheck_service_port_override.yaml +++ /dev/null @@ -1,4 +0,0 @@ -clusterAgent: - service: - port: 8008 - targetPort: 9009 diff --git a/charts/stackstate/stackstate-k8s-agent/1.0.51/test/values/disable-all-resource.yaml b/charts/stackstate/stackstate-k8s-agent/1.0.51/test/values/disable-all-resource.yaml deleted file mode 100644 index cd33e843e..000000000 --- a/charts/stackstate/stackstate-k8s-agent/1.0.51/test/values/disable-all-resource.yaml +++ /dev/null @@ -1,17 +0,0 @@ -clusterAgent: - collection: - kubernetesMetrics: false - kubernetesResources: - namespaces: false - configmaps: false - endpoints: false - persistentvolumes: false - persistentvolumeclaims: false - secrets: false - daemonsets: false - deployments: false - replicasets: false - statefulsets: false - ingresses: false - cronjobs: false - jobs: false diff --git a/charts/stackstate/stackstate-k8s-agent/1.0.51/test/values/http-header-injector.yaml b/charts/stackstate/stackstate-k8s-agent/1.0.51/test/values/http-header-injector.yaml deleted file mode 100644 index c9392ce2d..000000000 --- a/charts/stackstate/stackstate-k8s-agent/1.0.51/test/values/http-header-injector.yaml +++ /dev/null @@ -1,8 +0,0 @@ -httpHeaderInjectorWebhook: - webhook: - tls: - mode: "provided" - provided: - caBundle: insert-ca-here - crt: insert-cert-here - key: insert-key-here diff --git a/charts/stackstate/stackstate-k8s-agent/1.0.51/test/values/minimal.yaml b/charts/stackstate/stackstate-k8s-agent/1.0.51/test/values/minimal.yaml deleted file mode 100644 index b310c9a09..000000000 --- a/charts/stackstate/stackstate-k8s-agent/1.0.51/test/values/minimal.yaml +++ /dev/null @@ -1,7 +0,0 @@ -stackstate: - apiKey: foobar - cluster: - name: some-k8s-cluster - token: some-token - - url: https://stackstate:7000/receiver diff --git a/charts/stackstate/stackstate-k8s-agent/1.0.51/values.schema.json b/charts/stackstate/stackstate-k8s-agent/1.0.51/values.schema.json deleted file mode 100644 index 2b977af3d..000000000 --- a/charts/stackstate/stackstate-k8s-agent/1.0.51/values.schema.json +++ /dev/null @@ -1,79 +0,0 @@ -{ - "$schema": "https://json-schema.org/draft/2019-09/schema", - "$id": "https://stackstate.io/example.json", - "type": "object", - "default": {}, - "title": "StackState Agent Helm chart values", - "required": [ - "stackstate", - "clusterAgent" - ], - "properties": { - "stackstate": { - "type": "object", - "required": [ - "apiKey", - "cluster", - "url" - ], - "properties": { - "apiKey": { - "type": "string" - }, - "cluster": { - "type": "object", - "required": ["name"], - "properties": { - "name": { - "type": "string", - "pattern": "^[a-z0-9]([a-z0-9\\-\\.]*[a-z0-9])$" - }, - "authToken": { - "type": "string" - } - } - }, - "url": { - "type": "string" - } - } - }, - "clusterAgent": { - "type": "object", - "required": [ - "config" - ], - "properties": { - "config": { - "type": "object", - "required": [ - "events" - ], - "properties": { - "events": { - "type": "object", - "properties": { - "categories": { - "type": "object", - "patternProperties": { - ".*": { - "type": [ - "string" - ], - "enum": [ - "Alerts", - "Activities", - "Changes", - "Others" - ] - } - } - } - } - } - } - } - } - } - } -} diff --git a/charts/stackstate/stackstate-k8s-agent/1.0.51/values.yaml b/charts/stackstate/stackstate-k8s-agent/1.0.51/values.yaml deleted file mode 100644 index e5d8a9a56..000000000 --- a/charts/stackstate/stackstate-k8s-agent/1.0.51/values.yaml +++ /dev/null @@ -1,545 +0,0 @@ -##################### -# General variables # -##################### - -global: - extraEnv: - # global.extraEnv.open -- Extra open environment variables to inject into pods. - open: {} - # global.extraEnv.secret -- Extra secret environment variables to inject into pods via a `Secret` object. - secret: {} - # global.imagePullSecrets -- Secrets / credentials needed for container image registry. - imagePullSecrets: [] - # global.imagePullCredentials -- Globally define credentials for pulling images. - imagePullCredentials: {} - -# nameOverride -- Override the name of the chart. -nameOverride: "" -# fullnameOverride -- Override the fullname of the chart. -fullnameOverride: "" - -# targetSystem -- Target OS for this deployment (possible values: linux) -targetSystem: "linux" - -all: - image: - # all.image.registry -- The image registry to use. - registry: "quay.io" - hardening: - # all.hardening.enabled -- An indication of whether the containers will be evaluated for hardening at runtime - enabled: false - -nodeAgent: - containerRuntime: - # nodeAgent.containerRuntime.customSocketPath -- If the container socket path does not match the default for CRI-O, Containerd or Docker, supply a custom socket path. - customSocketPath: "" - # nodeAgent.containerRuntime.customHostProc -- If the container is launched from a place where /proc is mounted differently, /proc can be changed - hostProc: /proc - - scc: - # nodeAgent.scc.enabled -- Enable / disable the installation of the SecurityContextConfiguration needed for installation on OpenShift. - enabled: false - apm: - # nodeAgent.apm.enabled -- Enable / disable the nodeAgent APM module. - enabled: true - networkTracing: - # nodeAgent.networkTracing.enabled -- Enable / disable the nodeAgent network tracing module. - enabled: true - protocolInspection: - # nodeAgent.protocolInspection.enabled -- Enable / disable the nodeAgent protocol inspection. - enabled: true - httpTracing: - enabled: true - # nodeAgent.skipSslValidation -- Set to true if self signed certificates are used. - skipSslValidation: false - # nodeAgent.skipKubeletTLSVerify -- Set to true if you want to skip kubelet tls verification. - skipKubeletTLSVerify: false - - # nodeAgent.checksTagCardinality -- low, orchestrator or high. Orchestrator level adds pod_name, high adds display_container_name - checksTagCardinality: orchestrator - - # nodeAgent.config -- - config: - # nodeAgent.config.override -- A list of objects containing three keys `name`, `path` and `data`, specifying filenames at specific paths which need to be (potentially) overridden using a mounted configmap - override: [] - - # nodeAgent.priorityClassName -- Priority class for nodeAgent pods. - priorityClassName: "" - - containers: - - agent: - image: - # nodeAgent.containers.agent.image.repository -- Base container image repository. - repository: stackstate/stackstate-k8s-agent - # nodeAgent.containers.agent.image.tag -- Default container image tag. - tag: "9af1b63f" - # nodeAgent.containers.agent.image.pullPolicy -- Default container image pull policy. - pullPolicy: IfNotPresent - processAgent: - # nodeAgent.containers.agent.processAgent.enabled -- Enable / disable the agent process agent module. - deprecated - enabled: false - # nodeAgent.containers.agent.env -- Additional environment variables for the agent container - env: {} - # nodeAgent.containers.agent.logLevel -- Set logging verbosity, valid log levels are: trace, debug, info, warn, error, critical, and off - ## If not set, fall back to the value of agent.logLevel. - logLevel: # INFO - - resources: - limits: - # nodeAgent.containers.agent.resources.limits.cpu -- CPU resource limits. - cpu: "270m" - # nodeAgent.containers.agent.resources.limits.cpu -- Memory resource limits. - memory: "420Mi" - requests: - # nodeAgent.containers.agent.resources.requests.cpu -- CPU resource requests. - cpu: "20m" - # nodeAgent.containers.agent.resources.requests.cpu -- Memory resource requests. - memory: "180Mi" - livenessProbe: - # nodeAgent.containers.agent.livenessProbe.enabled -- Enable use of livenessProbe check. - enabled: true - # nodeAgent.containers.agent.livenessProbe.failureThreshold -- `failureThreshold` for the liveness probe. - failureThreshold: 3 - # nodeAgent.containers.agent.livenessProbe.initialDelaySeconds -- `initialDelaySeconds` for the liveness probe. - initialDelaySeconds: 15 - # nodeAgent.containers.agent.livenessProbe.periodSeconds -- `periodSeconds` for the liveness probe. - periodSeconds: 15 - # nodeAgent.containers.agent.livenessProbe.successThreshold -- `successThreshold` for the liveness probe. - successThreshold: 1 - # nodeAgent.containers.agent.livenessProbe.timeoutSeconds -- `timeoutSeconds` for the liveness probe. - timeoutSeconds: 5 - readinessProbe: - # nodeAgent.containers.agent.readinessProbe.enabled -- Enable use of readinessProbe check. - enabled: true - # nodeAgent.containers.agent.readinessProbe.failureThreshold -- `failureThreshold` for the readiness probe. - failureThreshold: 3 - # nodeAgent.containers.agent.readinessProbe.initialDelaySeconds -- `initialDelaySeconds` for the readiness probe. - initialDelaySeconds: 15 - # nodeAgent.containers.agent.readinessProbe.periodSeconds -- `periodSeconds` for the readiness probe. - periodSeconds: 15 - # nodeAgent.containers.agent.readinessProbe.successThreshold -- `successThreshold` for the readiness probe. - successThreshold: 1 - # nodeAgent.containers.agent.readinessProbe.timeoutSeconds -- `timeoutSeconds` for the readiness probe. - timeoutSeconds: 5 - - processAgent: - # nodeAgent.containers.processAgent.enabled -- Enable / disable the process agent container. - enabled: true - image: - # Override to pull the image from an alternate registry - registry: - # nodeAgent.containers.processAgent.image.repository -- Process-agent container image repository. - repository: stackstate/stackstate-k8s-process-agent - # nodeAgent.containers.processAgent.image.tag -- Default process-agent container image tag. - tag: "c9dbfd73" - # nodeAgent.containers.processAgent.image.pullPolicy -- Process-agent container image pull policy. - pullPolicy: IfNotPresent - # nodeAgent.containers.processAgent.env -- Additional environment variables for the process-agent container - env: {} - # nodeAgent.containers.processAgent.logLevel -- Set logging verbosity, valid log levels are: trace, debug, info, warn, error, critical, and off - ## If not set, fall back to the value of agent.logLevel. - logLevel: # INFO - - resources: - limits: - # nodeAgent.containers.processAgent.resources.limits.cpu -- CPU resource limits. - cpu: "125m" - # nodeAgent.containers.processAgent.resources.limits.cpu -- Memory resource limits. - memory: "400Mi" - requests: - # nodeAgent.containers.processAgent.resources.requests.cpu -- CPU resource requests. - cpu: "25m" - # nodeAgent.containers.processAgent.resources.requests.cpu -- Memory resource requests. - memory: "128Mi" - # nodeAgent.service -- The Kubernetes service for the agent - service: - # nodeAgent.service.type -- Type of Kubernetes service: ClusterIP, LoadBalancer, NodePort - type: ClusterIP - # nodeAgent.service.annotations -- Annotations for the service - annotations: {} - # nodeAgent.service.loadBalancerSourceRanges -- The IP4 CIDR allowed to reach LoadBalancer for the service. For LoadBalancer type of service only. - loadBalancerSourceRanges: ["10.0.0.0/8"] - - # nodeAgent.logLevel -- Logging level for agent processes. - logLevel: INFO - - # nodeAgent.updateStrategy -- The update strategy for the DaemonSet object. - updateStrategy: - type: RollingUpdate - rollingUpdate: - maxUnavailable: 100 - - # nodeAgent.nodeSelector -- Node labels for pod assignment. - nodeSelector: {} - - # nodeAgent.tolerations -- Toleration labels for pod assignment. - tolerations: [] - - # nodeAgent.affinity -- Affinity settings for pod assignment. - affinity: {} - - serviceaccount: - # nodeAgent.serviceaccount.annotations -- Annotations for the service account for the agent daemonset pods - annotations: {} - -processAgent: - checkIntervals: - # processAgent.checkIntervals.container -- Override the default value of the container check interval in seconds. - container: 30 - # processAgent.checkIntervals.connections -- Override the default value of the connections check interval in seconds. - connections: 30 - # processAgent.checkIntervals.process -- Override the default value of the process check interval in seconds. - process: 30 - -clusterAgent: - collection: - # clusterAgent.collection.kubernetesEvents -- Enable / disable the cluster agent events collection. - kubernetesEvents: true - # clusterAgent.collection.kubernetesMetrics -- Enable / disable the cluster agent metrics collection. - kubernetesMetrics: true - # clusterAgent.collection.kubernetesTimeout -- Default timeout (in seconds) when obtaining information from the Kubernetes API. - kubernetesTimeout: 10 - # clusterAgent.collection.kubernetesTopology -- Enable / disable the cluster agent topology collection. - kubernetesTopology: true - kubeStateMetrics: - # clusterAgent.collection.kubeStateMetrics.enabled -- Enable / disable the cluster agent kube-state-metrics collection. - enabled: true - # clusterAgent.collection.kubeStateMetrics.clusterCheck -- For large clusters where the Kubernetes State Metrics Check Core needs to be distributed on dedicated workers. - clusterCheck: false - # clusterAgent.collection.kubeStateMetrics.labelsAsTags -- Extra labels to collect from resources and to turn into StackState tag. - ## It has the following structure: - ## labelsAsTags: - ## : # can be pod, deployment, node, etc. - ## : # where is the kubernetes label and is the StackState tag - ## : - ## : - ## : - ## - ## Warning: the label must match the transformation done by kube-state-metrics, - ## for example tags.stackstate/version becomes tags_stackstate_version. - labelsAsTags: {} - # pod: - # app: app - # node: - # zone: zone - # team: team - - # clusterAgent.collection.kubeStateMetrics.annotationsAsTags -- Extra annotations to collect from resources and to turn into StackState tag. - - ## It has the following structure: - ## annotationsAsTags: - ## : # can be pod, deployment, node, etc. - ## : # where is the kubernetes annotation and is the StackState tag - ## : - ## : - ## : - ## - ## Warning: the annotation must match the transformation done by kube-state-metrics, - ## for example tags.stackstate/version becomes tags_stackstate_version. - annotationsAsTags: {} - kubernetesResources: - # clusterAgent.collection.kubernetesResources.volumeattachments -- Enable / disable collection of Volume Attachments. Used to bind Nodes to Persistent Volumes. - volumeattachments: true - # clusterAgent.collection.kubernetesResources.namespaces -- Enable / disable collection of Namespaces. - namespaces: true - # clusterAgent.collection.kubernetesResources.configmaps -- Enable / disable collection of ConfigMaps. - configmaps: true - # clusterAgent.collection.kubernetesResources.endpoints -- Enable / disable collection of Endpoints. If endpoints are disabled then StackState won't be able to connect a Service to Pods that serving it - endpoints: true - # clusterAgent.collection.kubernetesResources.persistentvolumes -- Enable / disable collection of PersistentVolumes. - persistentvolumes: true - # clusterAgent.collection.kubernetesResources.persistentvolumeclaims -- Enable / disable collection of PersistentVolumeClaims. Disabling these will not let StackState connect PersistentVolumes to pods they are attached to - persistentvolumeclaims: true - # clusterAgent.collection.kubernetesResources.secrets -- Enable / disable collection of Secrets. - secrets: true - # clusterAgent.collection.kubernetesResources.daemonsets -- Enable / disable collection of DaemonSets. - daemonsets: true - # clusterAgent.collection.kubernetesResources.deployments -- Enable / disable collection of Deployments. - deployments: true - # clusterAgent.collection.kubernetesResources.replicasets -- Enable / disable collection of ReplicaSets. - replicasets: true - # clusterAgent.collection.kubernetesResources.statefulsets -- Enable / disable collection of StatefulSets. - statefulsets: true - # clusterAgent.collection.kubernetesResources.ingresses -- Enable / disable collection of Ingresses. - ingresses: true - # clusterAgent.collection.kubernetesResources.cronjobs -- Enable / disable collection of CronJobs. - cronjobs: true - # clusterAgent.collection.kubernetesResources.jobs -- Enable / disable collection of Jobs. - jobs: true - # clusterAgent.collection.kubernetesResources.resourcequotas -- Enable / disable collection of ResourceQuotas. - resourcequotas: true - - # clusterAgent.config -- - config: - events: - # clusterAgent.config.events.categories -- Custom mapping from Kubernetes event reason to StackState event category. Categories allowed: Alerts, Activities, Changes, Others - categories: {} - topology: - # clusterAgent.config.topology.collectionInterval -- Interval for running topology collection, in seconds - collectionInterval: 90 - configMap: - # clusterAgent.config.configMap.maxDataSize -- Maximum amount of characters for the data property of a ConfigMap collected by the kubernetes topology check - maxDataSize: - # clusterAgent.config.override -- A list of objects containing three keys `name`, `path` and `data`, specifying filenames at specific paths which need to be (potentially) overridden using a mounted configmap - override: [] - - service: - # clusterAgent.service.port -- Change the Cluster Agent service port - port: 5005 - # clusterAgent.service.targetPort -- Change the Cluster Agent service targetPort - targetPort: 5005 - - # clusterAgent.enabled -- Enable / disable the cluster agent. - enabled: true - - image: - # clusterAgent.image.repository -- Base container image repository. - repository: stackstate/stackstate-k8s-cluster-agent - # clusterAgent.image.tag -- Default container image tag. - tag: "9af1b63f" - # clusterAgent.image.pullPolicy -- Default container image pull policy. - pullPolicy: IfNotPresent - - livenessProbe: - # clusterAgent.livenessProbe.enabled -- Enable use of livenessProbe check. - enabled: true - # clusterAgent.livenessProbe.failureThreshold -- `failureThreshold` for the liveness probe. - failureThreshold: 3 - # clusterAgent.livenessProbe.initialDelaySeconds -- `initialDelaySeconds` for the liveness probe. - initialDelaySeconds: 15 - # clusterAgent.livenessProbe.periodSeconds -- `periodSeconds` for the liveness probe. - periodSeconds: 15 - # clusterAgent.livenessProbe.successThreshold -- `successThreshold` for the liveness probe. - successThreshold: 1 - # clusterAgent.livenessProbe.timeoutSeconds -- `timeoutSeconds` for the liveness probe. - timeoutSeconds: 5 - - # clusterAgent.logLevel -- Logging level for stackstate-k8s-agent processes. - logLevel: INFO - - # clusterAgent.priorityClassName -- Priority class for stackstate-k8s-agent pods. - priorityClassName: "" - - readinessProbe: - # clusterAgent.readinessProbe.enabled -- Enable use of readinessProbe check. - enabled: true - # clusterAgent.readinessProbe.failureThreshold -- `failureThreshold` for the readiness probe. - failureThreshold: 3 - # clusterAgent.readinessProbe.initialDelaySeconds -- `initialDelaySeconds` for the readiness probe. - initialDelaySeconds: 15 - # clusterAgent.readinessProbe.periodSeconds -- `periodSeconds` for the readiness probe. - periodSeconds: 15 - # clusterAgent.readinessProbe.successThreshold -- `successThreshold` for the readiness probe. - successThreshold: 1 - # clusterAgent.readinessProbe.timeoutSeconds -- `timeoutSeconds` for the readiness probe. - timeoutSeconds: 5 - - # clusterAgent.replicaCount -- Number of replicas of the cluster agent to deploy. - replicaCount: 1 - - serviceaccount: - # clusterAgent.serviceaccount.annotations -- Annotations for the service account for the cluster agent pods - annotations: {} - - # clusterAgent.strategy -- The strategy for the Deployment object. - strategy: - type: RollingUpdate - # rollingUpdate: - # maxUnavailable: 1 - - resources: - limits: - # clusterAgent.resources.limits.cpu -- CPU resource limits. - cpu: "400m" - # clusterAgent.resources.limits.memory -- Memory resource limits. - memory: "800Mi" - requests: - # clusterAgent.resources.requests.cpu -- CPU resource requests. - cpu: "70m" - # clusterAgent.resources.requests.memory -- Memory resource requests. - memory: "512Mi" - - # clusterAgent.nodeSelector -- Node labels for pod assignment. - nodeSelector: {} - - # clusterAgent.tolerations -- Toleration labels for pod assignment. - tolerations: [] - - # clusterAgent.affinity -- Affinity settings for pod assignment. - affinity: {} - -openShiftLogging: - # openShiftLogging.installSecret -- Install a secret for logging on openshift - installSecret: false - -logsAgent: - # logsAgent.enabled -- Enable / disable k8s pod log collection - enabled: true - - # logsAgent.priorityClassName -- Priority class for logsAgent pods. - priorityClassName: "" - - image: - # logsAgent.image.repository -- Base container image repository. - repository: stackstate/promtail - # logsAgent.image.tag -- Default container image tag. - tag: 2.7.1 - # logsAgent.image.pullPolicy -- Default container image pull policy. - pullPolicy: IfNotPresent - - resources: - limits: - # logsAgent.resources.limits.cpu -- CPU resource limits. - cpu: "1300m" - # logsAgent.resources.limits.cpu -- Memory resource limits. - memory: "192Mi" - requests: - # logsAgent.resources.requests.cpu -- CPU resource requests. - cpu: "20m" - # logsAgent.resources.requests.cpu -- Memory resource requests. - memory: "100Mi" - - # logsAgent.updateStrategy -- The update strategy for the DaemonSet object. - updateStrategy: - type: RollingUpdate - rollingUpdate: - maxUnavailable: 100 - - # logsAgent.nodeSelector -- Node labels for pod assignment. - nodeSelector: {} - - # logsAgent.tolerations -- Toleration labels for pod assignment. - tolerations: [] - - # logsAgent.affinity -- Affinity settings for pod assignment. - affinity: {} - - serviceaccount: - # logsAgent.serviceaccount.annotations -- Annotations for the service account for the daemonset pods - annotations: {} - -checksAgent: - # checksAgent.enabled -- Enable / disable runnning cluster checks in a separately deployed pod - enabled: true - scc: - # checksAgent.scc.enabled -- Enable / disable the installation of the SecurityContextConfiguration needed for installation on OpenShift - enabled: false - apm: - # checksAgent.apm.enabled -- Enable / disable the agent APM module. - enabled: true - networkTracing: - # checksAgent.networkTracing.enabled -- Enable / disable the agent network tracing module. - enabled: true - processAgent: - # checksAgent.processAgent.enabled -- Enable / disable the agent process agent module. - enabled: true - # checksAgent.skipSslValidation -- Set to true if self signed certificates are used. - skipSslValidation: false - - # nodeAgent.checksTagCardinality -- low, orchestrator or high. Orchestrator level adds pod_name, high adds display_container_name - checksTagCardinality: orchestrator - - # checksAgent.config -- - config: - # checksAgent.config.override -- A list of objects containing three keys `name`, `path` and `data`, specifying filenames at specific paths which need to be (potentially) overridden using a mounted configmap - override: [] - - image: - # checksAgent.image.repository -- Base container image repository. - repository: stackstate/stackstate-k8s-agent - # checksAgent.image.tag -- Default container image tag. - tag: "9af1b63f" - # checksAgent.image.pullPolicy -- Default container image pull policy. - pullPolicy: IfNotPresent - - livenessProbe: - # checksAgent.livenessProbe.enabled -- Enable use of livenessProbe check. - enabled: true - # checksAgent.livenessProbe.failureThreshold -- `failureThreshold` for the liveness probe. - failureThreshold: 3 - # checksAgent.livenessProbe.initialDelaySeconds -- `initialDelaySeconds` for the liveness probe. - initialDelaySeconds: 15 - # checksAgent.livenessProbe.periodSeconds -- `periodSeconds` for the liveness probe. - periodSeconds: 15 - # checksAgent.livenessProbe.successThreshold -- `successThreshold` for the liveness probe. - successThreshold: 1 - # checksAgent.livenessProbe.timeoutSeconds -- `timeoutSeconds` for the liveness probe. - timeoutSeconds: 5 - - # checksAgent.logLevel -- Logging level for clusterchecks agent processes. - logLevel: INFO - - # checksAgent.priorityClassName -- Priority class for clusterchecks agent pods. - priorityClassName: "" - - readinessProbe: - # checksAgent.readinessProbe.enabled -- Enable use of readinessProbe check. - enabled: true - # checksAgent.readinessProbe.failureThreshold -- `failureThreshold` for the readiness probe. - failureThreshold: 3 - # checksAgent.readinessProbe.initialDelaySeconds -- `initialDelaySeconds` for the readiness probe. - initialDelaySeconds: 15 - # checksAgent.readinessProbe.periodSeconds -- `periodSeconds` for the readiness probe. - periodSeconds: 15 - # checksAgent.readinessProbe.successThreshold -- `successThreshold` for the readiness probe. - successThreshold: 1 - # checksAgent.readinessProbe.timeoutSeconds -- `timeoutSeconds` for the readiness probe. - timeoutSeconds: 5 - - # checksAgent.replicas -- Number of clusterchecks agent pods to schedule - replicas: 1 - - resources: - limits: - # checksAgent.resources.limits.cpu -- CPU resource limits. - cpu: "400m" - # checksAgent.resources.limits.cpu -- Memory resource limits. - memory: "600Mi" - requests: - # checksAgent.resources.requests.cpu -- CPU resource requests. - cpu: "20m" - # checksAgent.resources.requests.cpu -- Memory resource requests. - memory: "512Mi" - - serviceaccount: - # checksAgent.serviceaccount.annotations -- Annotations for the service account for the cluster checks pods - annotations: {} - - # checksAgent.strategy -- The strategy for the Deployment object. - strategy: - type: RollingUpdate - # rollingUpdate: - # maxUnavailable: 1 - - # checksAgent.nodeSelector -- Node labels for pod assignment. - nodeSelector: {} - - # checksAgent.tolerations -- Toleration labels for pod assignment. - tolerations: [] - - # checksAgent.affinity -- Affinity settings for pod assignment. - affinity: {} - -################################## -# http-header-injector variables # -################################## - -httpHeaderInjectorWebhook: - # httpHeaderInjectorWebhook.enabled -- Enable the webhook for injection http header injection sidecar proxy - enabled: false - -######################## -# StackState variables # -######################## - -stackstate: - # stackstate.apiKey -- (string) **PROVIDE YOUR API KEY HERE** API key to be used by the StackState agent. - apiKey: - cluster: - # stackstate.cluster.name -- (string) **PROVIDE KUBERNETES CLUSTER NAME HERE** Name of the Kubernetes cluster where the agent will be installed. - name: - # stackstate.cluster.authToken -- Provide a token to enable secure communication between the agent and the cluster agent. - authToken: "" - # stackstate.url -- (string) **PROVIDE STACKSTATE URL HERE** URL of the StackState installation to receive data from the agent. - url: diff --git a/charts/stackstate/stackstate-k8s-agent/1.0.53/.helmignore b/charts/stackstate/stackstate-k8s-agent/1.0.53/.helmignore deleted file mode 100644 index 15a5c1277..000000000 --- a/charts/stackstate/stackstate-k8s-agent/1.0.53/.helmignore +++ /dev/null @@ -1,26 +0,0 @@ -# Patterns to ignore when building packages. -# This supports shell glob matching, relative path matching, and -# negation (prefixed with !). Only one pattern per line. -.DS_Store -# Common VCS dirs -.git/ -.gitignore -.bzr/ -.bzrignore -.hg/ -.hgignore -.svn/ -# Common backup files -*.swp -*.bak -*.tmp -*~ -# Various IDEs -.project -.idea/ -*.tmproj -.vscode/ -linter_values.yaml -ci/ -installation/ -logo.svg diff --git a/charts/stackstate/stackstate-k8s-agent/1.0.53/Chart.lock b/charts/stackstate/stackstate-k8s-agent/1.0.53/Chart.lock deleted file mode 100644 index eb882a083..000000000 --- a/charts/stackstate/stackstate-k8s-agent/1.0.53/Chart.lock +++ /dev/null @@ -1,6 +0,0 @@ -dependencies: -- name: http-header-injector - repository: https://helm.stackstate.io - version: 0.0.6 -digest: sha256:eec4d022d97ef52e88860b54682692fd369c864ca49ccde01b30605cce20c96f -generated: "2023-08-25T14:49:57.569449+02:00" diff --git a/charts/stackstate/stackstate-k8s-agent/1.0.53/Chart.yaml b/charts/stackstate/stackstate-k8s-agent/1.0.53/Chart.yaml deleted file mode 100644 index 1008ccd20..000000000 --- a/charts/stackstate/stackstate-k8s-agent/1.0.53/Chart.yaml +++ /dev/null @@ -1,25 +0,0 @@ -annotations: - catalog.cattle.io/certified: partner - catalog.cattle.io/display-name: StackState Agent - catalog.cattle.io/kube-version: '>=1.19.0-0' - catalog.cattle.io/release-name: stackstate-k8s-agent -apiVersion: v2 -appVersion: 2.19.1 -dependencies: -- alias: httpHeaderInjectorWebhook - name: http-header-injector - repository: file://./charts/http-header-injector - version: 0.0.6 -deprecated: true -description: Helm chart for the StackState Agent. -home: https://github.com/StackVista/stackstate-agent -icon: https://raw.githubusercontent.com/StackVista/helm-charts/master/stable/stackstate-k8s-agent/logo.svg -keywords: -- monitoring -- observability -- stackstate -maintainers: -- email: ops@stackstate.com - name: Stackstate -name: stackstate-k8s-agent -version: 1.0.53 diff --git a/charts/stackstate/stackstate-k8s-agent/1.0.53/README.md b/charts/stackstate/stackstate-k8s-agent/1.0.53/README.md deleted file mode 100644 index d277be68d..000000000 --- a/charts/stackstate/stackstate-k8s-agent/1.0.53/README.md +++ /dev/null @@ -1,238 +0,0 @@ -# stackstate-k8s-agent - -Helm chart for the StackState Agent. - -Current chart version is `1.0.53` - -**Homepage:** - -## Requirements - -| Repository | Name | Version | -|------------|------|---------| -| https://helm.stackstate.io | httpHeaderInjectorWebhook(http-header-injector) | 0.0.6 | - -## Required Values - -In order to successfully install this chart, you **must** provide the following variables: - -* `stackstate.apiKey` -* `stackstate.cluster.name` -* `stackstate.url` - -The parameter `stackstate.cluster.name` is entered when installing the Cluster Agent StackPack. - -Install them on the command line on Helm with the following command: - -```shell -helm install \ ---set-string 'stackstate.apiKey'='' \ ---set-string 'stackstate.cluster.name'='' \ ---set-string 'stackstate.url'='' \ -stackstate/stackstate-k8s-agent -``` - -## Recommended Values - -It is also recommended that you set a value for `stackstate.cluster.authToken`. If it is not provided, a value will be generated for you, but the value will change each time an upgrade is performed. - -The command for **also** installing with a set token would be: - -```shell -helm install \ ---set-string 'stackstate.apiKey'='' \ ---set-string 'stackstate.cluster.name'='' \ ---set-string 'stackstate.cluster.authToken'='' \ ---set-string 'stackstate.url'='' \ -stackstate/stackstate-k8s-agent -``` - -## Values - -| Key | Type | Default | Description | -|-----|------|---------|-------------| -| all.hardening.enabled | bool | `false` | An indication of whether the containers will be evaluated for hardening at runtime | -| all.image.registry | string | `"quay.io"` | The image registry to use. | -| checksAgent.affinity | object | `{}` | Affinity settings for pod assignment. | -| checksAgent.apm.enabled | bool | `true` | Enable / disable the agent APM module. | -| checksAgent.checksTagCardinality | string | `"orchestrator"` | | -| checksAgent.config | object | `{"override":[]}` | | -| checksAgent.config.override | list | `[]` | A list of objects containing three keys `name`, `path` and `data`, specifying filenames at specific paths which need to be (potentially) overridden using a mounted configmap | -| checksAgent.enabled | bool | `true` | Enable / disable runnning cluster checks in a separately deployed pod | -| checksAgent.image.pullPolicy | string | `"IfNotPresent"` | Default container image pull policy. | -| checksAgent.image.repository | string | `"stackstate/stackstate-k8s-agent"` | Base container image repository. | -| checksAgent.image.tag | string | `"9af1b63f"` | Default container image tag. | -| checksAgent.livenessProbe.enabled | bool | `true` | Enable use of livenessProbe check. | -| checksAgent.livenessProbe.failureThreshold | int | `3` | `failureThreshold` for the liveness probe. | -| checksAgent.livenessProbe.initialDelaySeconds | int | `15` | `initialDelaySeconds` for the liveness probe. | -| checksAgent.livenessProbe.periodSeconds | int | `15` | `periodSeconds` for the liveness probe. | -| checksAgent.livenessProbe.successThreshold | int | `1` | `successThreshold` for the liveness probe. | -| checksAgent.livenessProbe.timeoutSeconds | int | `5` | `timeoutSeconds` for the liveness probe. | -| checksAgent.logLevel | string | `"INFO"` | Logging level for clusterchecks agent processes. | -| checksAgent.networkTracing.enabled | bool | `true` | Enable / disable the agent network tracing module. | -| checksAgent.nodeSelector | object | `{}` | Node labels for pod assignment. | -| checksAgent.priorityClassName | string | `""` | Priority class for clusterchecks agent pods. | -| checksAgent.processAgent.enabled | bool | `true` | Enable / disable the agent process agent module. | -| checksAgent.readinessProbe.enabled | bool | `true` | Enable use of readinessProbe check. | -| checksAgent.readinessProbe.failureThreshold | int | `3` | `failureThreshold` for the readiness probe. | -| checksAgent.readinessProbe.initialDelaySeconds | int | `15` | `initialDelaySeconds` for the readiness probe. | -| checksAgent.readinessProbe.periodSeconds | int | `15` | `periodSeconds` for the readiness probe. | -| checksAgent.readinessProbe.successThreshold | int | `1` | `successThreshold` for the readiness probe. | -| checksAgent.readinessProbe.timeoutSeconds | int | `5` | `timeoutSeconds` for the readiness probe. | -| checksAgent.replicas | int | `1` | Number of clusterchecks agent pods to schedule | -| checksAgent.resources.limits.cpu | string | `"400m"` | Memory resource limits. | -| checksAgent.resources.limits.memory | string | `"600Mi"` | | -| checksAgent.resources.requests.cpu | string | `"20m"` | Memory resource requests. | -| checksAgent.resources.requests.memory | string | `"512Mi"` | | -| checksAgent.scc.enabled | bool | `false` | Enable / disable the installation of the SecurityContextConfiguration needed for installation on OpenShift | -| checksAgent.serviceaccount.annotations | object | `{}` | Annotations for the service account for the cluster checks pods | -| checksAgent.skipSslValidation | bool | `false` | Set to true if self signed certificates are used. | -| checksAgent.strategy | object | `{"type":"RollingUpdate"}` | The strategy for the Deployment object. | -| checksAgent.tolerations | list | `[]` | Toleration labels for pod assignment. | -| clusterAgent.affinity | object | `{}` | Affinity settings for pod assignment. | -| clusterAgent.collection.kubeStateMetrics.annotationsAsTags | object | `{}` | Extra annotations to collect from resources and to turn into StackState tag. | -| clusterAgent.collection.kubeStateMetrics.clusterCheck | bool | `false` | For large clusters where the Kubernetes State Metrics Check Core needs to be distributed on dedicated workers. | -| clusterAgent.collection.kubeStateMetrics.enabled | bool | `true` | Enable / disable the cluster agent kube-state-metrics collection. | -| clusterAgent.collection.kubeStateMetrics.labelsAsTags | object | `{}` | Extra labels to collect from resources and to turn into StackState tag. # It has the following structure: # labelsAsTags: # : # can be pod, deployment, node, etc. # : # where is the kubernetes label and is the StackState tag # : # : # : # # Warning: the label must match the transformation done by kube-state-metrics, # for example tags.stackstate/version becomes tags_stackstate_version. | -| clusterAgent.collection.kubernetesEvents | bool | `true` | Enable / disable the cluster agent events collection. | -| clusterAgent.collection.kubernetesMetrics | bool | `true` | Enable / disable the cluster agent metrics collection. | -| clusterAgent.collection.kubernetesResources.configmaps | bool | `true` | Enable / disable collection of ConfigMaps. | -| clusterAgent.collection.kubernetesResources.cronjobs | bool | `true` | Enable / disable collection of CronJobs. | -| clusterAgent.collection.kubernetesResources.daemonsets | bool | `true` | Enable / disable collection of DaemonSets. | -| clusterAgent.collection.kubernetesResources.deployments | bool | `true` | Enable / disable collection of Deployments. | -| clusterAgent.collection.kubernetesResources.endpoints | bool | `true` | Enable / disable collection of Endpoints. If endpoints are disabled then StackState won't be able to connect a Service to Pods that serving it | -| clusterAgent.collection.kubernetesResources.ingresses | bool | `true` | Enable / disable collection of Ingresses. | -| clusterAgent.collection.kubernetesResources.jobs | bool | `true` | Enable / disable collection of Jobs. | -| clusterAgent.collection.kubernetesResources.namespaces | bool | `true` | Enable / disable collection of Namespaces. | -| clusterAgent.collection.kubernetesResources.persistentvolumeclaims | bool | `true` | Enable / disable collection of PersistentVolumeClaims. Disabling these will not let StackState connect PersistentVolumes to pods they are attached to | -| clusterAgent.collection.kubernetesResources.persistentvolumes | bool | `true` | Enable / disable collection of PersistentVolumes. | -| clusterAgent.collection.kubernetesResources.replicasets | bool | `true` | Enable / disable collection of ReplicaSets. | -| clusterAgent.collection.kubernetesResources.resourcequotas | bool | `true` | Enable / disable collection of ResourceQuotas. | -| clusterAgent.collection.kubernetesResources.secrets | bool | `true` | Enable / disable collection of Secrets. | -| clusterAgent.collection.kubernetesResources.statefulsets | bool | `true` | Enable / disable collection of StatefulSets. | -| clusterAgent.collection.kubernetesResources.volumeattachments | bool | `true` | Enable / disable collection of Volume Attachments. Used to bind Nodes to Persistent Volumes. | -| clusterAgent.collection.kubernetesTimeout | int | `10` | Default timeout (in seconds) when obtaining information from the Kubernetes API. | -| clusterAgent.collection.kubernetesTopology | bool | `true` | Enable / disable the cluster agent topology collection. | -| clusterAgent.config | object | `{"configMap":{"maxDataSize":null},"events":{"categories":{}},"override":[],"topology":{"collectionInterval":90}}` | | -| clusterAgent.config.configMap.maxDataSize | string | `nil` | Maximum amount of characters for the data property of a ConfigMap collected by the kubernetes topology check | -| clusterAgent.config.events.categories | object | `{}` | Custom mapping from Kubernetes event reason to StackState event category. Categories allowed: Alerts, Activities, Changes, Others | -| clusterAgent.config.override | list | `[]` | A list of objects containing three keys `name`, `path` and `data`, specifying filenames at specific paths which need to be (potentially) overridden using a mounted configmap | -| clusterAgent.config.topology.collectionInterval | int | `90` | Interval for running topology collection, in seconds | -| clusterAgent.enabled | bool | `true` | Enable / disable the cluster agent. | -| clusterAgent.image.pullPolicy | string | `"IfNotPresent"` | Default container image pull policy. | -| clusterAgent.image.repository | string | `"stackstate/stackstate-k8s-cluster-agent"` | Base container image repository. | -| clusterAgent.image.tag | string | `"9af1b63f"` | Default container image tag. | -| clusterAgent.livenessProbe.enabled | bool | `true` | Enable use of livenessProbe check. | -| clusterAgent.livenessProbe.failureThreshold | int | `3` | `failureThreshold` for the liveness probe. | -| clusterAgent.livenessProbe.initialDelaySeconds | int | `15` | `initialDelaySeconds` for the liveness probe. | -| clusterAgent.livenessProbe.periodSeconds | int | `15` | `periodSeconds` for the liveness probe. | -| clusterAgent.livenessProbe.successThreshold | int | `1` | `successThreshold` for the liveness probe. | -| clusterAgent.livenessProbe.timeoutSeconds | int | `5` | `timeoutSeconds` for the liveness probe. | -| clusterAgent.logLevel | string | `"INFO"` | Logging level for stackstate-k8s-agent processes. | -| clusterAgent.nodeSelector | object | `{}` | Node labels for pod assignment. | -| clusterAgent.priorityClassName | string | `""` | Priority class for stackstate-k8s-agent pods. | -| clusterAgent.readinessProbe.enabled | bool | `true` | Enable use of readinessProbe check. | -| clusterAgent.readinessProbe.failureThreshold | int | `3` | `failureThreshold` for the readiness probe. | -| clusterAgent.readinessProbe.initialDelaySeconds | int | `15` | `initialDelaySeconds` for the readiness probe. | -| clusterAgent.readinessProbe.periodSeconds | int | `15` | `periodSeconds` for the readiness probe. | -| clusterAgent.readinessProbe.successThreshold | int | `1` | `successThreshold` for the readiness probe. | -| clusterAgent.readinessProbe.timeoutSeconds | int | `5` | `timeoutSeconds` for the readiness probe. | -| clusterAgent.replicaCount | int | `1` | Number of replicas of the cluster agent to deploy. | -| clusterAgent.resources.limits.cpu | string | `"400m"` | CPU resource limits. | -| clusterAgent.resources.limits.memory | string | `"800Mi"` | Memory resource limits. | -| clusterAgent.resources.requests.cpu | string | `"70m"` | CPU resource requests. | -| clusterAgent.resources.requests.memory | string | `"512Mi"` | Memory resource requests. | -| clusterAgent.service.port | int | `5005` | Change the Cluster Agent service port | -| clusterAgent.service.targetPort | int | `5005` | Change the Cluster Agent service targetPort | -| clusterAgent.serviceaccount.annotations | object | `{}` | Annotations for the service account for the cluster agent pods | -| clusterAgent.strategy | object | `{"type":"RollingUpdate"}` | The strategy for the Deployment object. | -| clusterAgent.tolerations | list | `[]` | Toleration labels for pod assignment. | -| fullnameOverride | string | `""` | Override the fullname of the chart. | -| global.extraEnv.open | object | `{}` | Extra open environment variables to inject into pods. | -| global.extraEnv.secret | object | `{}` | Extra secret environment variables to inject into pods via a `Secret` object. | -| global.imagePullCredentials | object | `{}` | Globally define credentials for pulling images. | -| global.imagePullSecrets | list | `[]` | Secrets / credentials needed for container image registry. | -| httpHeaderInjectorWebhook.enabled | bool | `false` | Enable the webhook for injection http header injection sidecar proxy | -| logsAgent.affinity | object | `{}` | Affinity settings for pod assignment. | -| logsAgent.enabled | bool | `true` | Enable / disable k8s pod log collection | -| logsAgent.image.pullPolicy | string | `"IfNotPresent"` | Default container image pull policy. | -| logsAgent.image.repository | string | `"stackstate/promtail"` | Base container image repository. | -| logsAgent.image.tag | string | `"2.7.1"` | Default container image tag. | -| logsAgent.nodeSelector | object | `{}` | Node labels for pod assignment. | -| logsAgent.priorityClassName | string | `""` | Priority class for logsAgent pods. | -| logsAgent.resources.limits.cpu | string | `"1300m"` | Memory resource limits. | -| logsAgent.resources.limits.memory | string | `"192Mi"` | | -| logsAgent.resources.requests.cpu | string | `"20m"` | Memory resource requests. | -| logsAgent.resources.requests.memory | string | `"100Mi"` | | -| logsAgent.serviceaccount.annotations | object | `{}` | Annotations for the service account for the daemonset pods | -| logsAgent.tolerations | list | `[]` | Toleration labels for pod assignment. | -| logsAgent.updateStrategy | object | `{"rollingUpdate":{"maxUnavailable":100},"type":"RollingUpdate"}` | The update strategy for the DaemonSet object. | -| nameOverride | string | `""` | Override the name of the chart. | -| nodeAgent.affinity | object | `{}` | Affinity settings for pod assignment. | -| nodeAgent.apm.enabled | bool | `true` | Enable / disable the nodeAgent APM module. | -| nodeAgent.checksTagCardinality | string | `"orchestrator"` | low, orchestrator or high. Orchestrator level adds pod_name, high adds display_container_name | -| nodeAgent.config | object | `{"override":[]}` | | -| nodeAgent.config.override | list | `[]` | A list of objects containing three keys `name`, `path` and `data`, specifying filenames at specific paths which need to be (potentially) overridden using a mounted configmap | -| nodeAgent.containerRuntime.customSocketPath | string | `""` | If the container socket path does not match the default for CRI-O, Containerd or Docker, supply a custom socket path. | -| nodeAgent.containerRuntime.hostProc | string | `"/proc"` | | -| nodeAgent.containers.agent.env | object | `{}` | Additional environment variables for the agent container | -| nodeAgent.containers.agent.image.pullPolicy | string | `"IfNotPresent"` | Default container image pull policy. | -| nodeAgent.containers.agent.image.repository | string | `"stackstate/stackstate-k8s-agent"` | Base container image repository. | -| nodeAgent.containers.agent.image.tag | string | `"9af1b63f"` | Default container image tag. | -| nodeAgent.containers.agent.livenessProbe.enabled | bool | `true` | Enable use of livenessProbe check. | -| nodeAgent.containers.agent.livenessProbe.failureThreshold | int | `3` | `failureThreshold` for the liveness probe. | -| nodeAgent.containers.agent.livenessProbe.initialDelaySeconds | int | `15` | `initialDelaySeconds` for the liveness probe. | -| nodeAgent.containers.agent.livenessProbe.periodSeconds | int | `15` | `periodSeconds` for the liveness probe. | -| nodeAgent.containers.agent.livenessProbe.successThreshold | int | `1` | `successThreshold` for the liveness probe. | -| nodeAgent.containers.agent.livenessProbe.timeoutSeconds | int | `5` | `timeoutSeconds` for the liveness probe. | -| nodeAgent.containers.agent.logLevel | string | `nil` | Set logging verbosity, valid log levels are: trace, debug, info, warn, error, critical, and off # If not set, fall back to the value of agent.logLevel. | -| nodeAgent.containers.agent.processAgent.enabled | bool | `false` | Enable / disable the agent process agent module. - deprecated | -| nodeAgent.containers.agent.readinessProbe.enabled | bool | `true` | Enable use of readinessProbe check. | -| nodeAgent.containers.agent.readinessProbe.failureThreshold | int | `3` | `failureThreshold` for the readiness probe. | -| nodeAgent.containers.agent.readinessProbe.initialDelaySeconds | int | `15` | `initialDelaySeconds` for the readiness probe. | -| nodeAgent.containers.agent.readinessProbe.periodSeconds | int | `15` | `periodSeconds` for the readiness probe. | -| nodeAgent.containers.agent.readinessProbe.successThreshold | int | `1` | `successThreshold` for the readiness probe. | -| nodeAgent.containers.agent.readinessProbe.timeoutSeconds | int | `5` | `timeoutSeconds` for the readiness probe. | -| nodeAgent.containers.agent.resources.limits.cpu | string | `"270m"` | Memory resource limits. | -| nodeAgent.containers.agent.resources.limits.memory | string | `"420Mi"` | | -| nodeAgent.containers.agent.resources.requests.cpu | string | `"20m"` | Memory resource requests. | -| nodeAgent.containers.agent.resources.requests.memory | string | `"180Mi"` | | -| nodeAgent.containers.processAgent.enabled | bool | `true` | Enable / disable the process agent container. | -| nodeAgent.containers.processAgent.env | object | `{}` | Additional environment variables for the process-agent container | -| nodeAgent.containers.processAgent.image.pullPolicy | string | `"IfNotPresent"` | Process-agent container image pull policy. | -| nodeAgent.containers.processAgent.image.registry | string | `nil` | | -| nodeAgent.containers.processAgent.image.repository | string | `"stackstate/stackstate-k8s-process-agent"` | Process-agent container image repository. | -| nodeAgent.containers.processAgent.image.tag | string | `"c9dbfd73"` | Default process-agent container image tag. | -| nodeAgent.containers.processAgent.logLevel | string | `nil` | Set logging verbosity, valid log levels are: trace, debug, info, warn, error, critical, and off # If not set, fall back to the value of agent.logLevel. | -| nodeAgent.containers.processAgent.resources.limits.cpu | string | `"125m"` | Memory resource limits. | -| nodeAgent.containers.processAgent.resources.limits.memory | string | `"400Mi"` | | -| nodeAgent.containers.processAgent.resources.requests.cpu | string | `"25m"` | Memory resource requests. | -| nodeAgent.containers.processAgent.resources.requests.memory | string | `"128Mi"` | | -| nodeAgent.httpTracing.enabled | bool | `true` | | -| nodeAgent.logLevel | string | `"INFO"` | Logging level for agent processes. | -| nodeAgent.networkTracing.enabled | bool | `true` | Enable / disable the nodeAgent network tracing module. | -| nodeAgent.nodeSelector | object | `{}` | Node labels for pod assignment. | -| nodeAgent.priorityClassName | string | `""` | Priority class for nodeAgent pods. | -| nodeAgent.protocolInspection.enabled | bool | `true` | Enable / disable the nodeAgent protocol inspection. | -| nodeAgent.scc.enabled | bool | `false` | Enable / disable the installation of the SecurityContextConfiguration needed for installation on OpenShift. | -| nodeAgent.service | object | `{"annotations":{},"loadBalancerSourceRanges":["10.0.0.0/8"],"type":"ClusterIP"}` | The Kubernetes service for the agent | -| nodeAgent.service.annotations | object | `{}` | Annotations for the service | -| nodeAgent.service.loadBalancerSourceRanges | list | `["10.0.0.0/8"]` | The IP4 CIDR allowed to reach LoadBalancer for the service. For LoadBalancer type of service only. | -| nodeAgent.service.type | string | `"ClusterIP"` | Type of Kubernetes service: ClusterIP, LoadBalancer, NodePort | -| nodeAgent.serviceaccount.annotations | object | `{}` | Annotations for the service account for the agent daemonset pods | -| nodeAgent.skipKubeletTLSVerify | bool | `false` | Set to true if you want to skip kubelet tls verification. | -| nodeAgent.skipSslValidation | bool | `false` | Set to true if self signed certificates are used. | -| nodeAgent.tolerations | list | `[]` | Toleration labels for pod assignment. | -| nodeAgent.updateStrategy | object | `{"rollingUpdate":{"maxUnavailable":100},"type":"RollingUpdate"}` | The update strategy for the DaemonSet object. | -| openShiftLogging.installSecret | bool | `false` | Install a secret for logging on openshift | -| processAgent.checkIntervals.connections | int | `30` | Override the default value of the connections check interval in seconds. | -| processAgent.checkIntervals.container | int | `28` | Override the default value of the container check interval in seconds. | -| processAgent.checkIntervals.process | int | `32` | Override the default value of the process check interval in seconds. | -| processAgent.softMemoryLimit.goMemLimit | string | `"340MiB"` | Soft-limit for golang heap allocation, for sanity, must be around 85% of nodeAgent.containers.processAgent.resources.limits.cpu. | -| processAgent.softMemoryLimit.httpObservationsBufferSize | int | `40000` | Sets a maximum for the number of http observations to keep in memory between check runs, to use 40k requires around ~400Mib of memory. | -| processAgent.softMemoryLimit.httpStatsBufferSize | int | `40000` | Sets a maximum for the number of http stats to keep in memory between check runs, to use 40k requires around ~400Mib of memory. | -| stackstate.apiKey | string | `nil` | **PROVIDE YOUR API KEY HERE** API key to be used by the StackState agent. | -| stackstate.cluster.authToken | string | `""` | Provide a token to enable secure communication between the agent and the cluster agent. | -| stackstate.cluster.name | string | `nil` | **PROVIDE KUBERNETES CLUSTER NAME HERE** Name of the Kubernetes cluster where the agent will be installed. | -| stackstate.url | string | `nil` | **PROVIDE STACKSTATE URL HERE** URL of the StackState installation to receive data from the agent. | -| targetSystem | string | `"linux"` | Target OS for this deployment (possible values: linux) | diff --git a/charts/stackstate/stackstate-k8s-agent/1.0.53/README.md.gotmpl b/charts/stackstate/stackstate-k8s-agent/1.0.53/README.md.gotmpl deleted file mode 100644 index 7909e6f0d..000000000 --- a/charts/stackstate/stackstate-k8s-agent/1.0.53/README.md.gotmpl +++ /dev/null @@ -1,45 +0,0 @@ -{{ template "chart.header" . }} -{{ template "chart.description" . }} - -Current chart version is `{{ template "chart.version" . }}` - -{{ template "chart.homepageLine" . }} - -{{ template "chart.requirementsSection" . }} - -## Required Values - -In order to successfully install this chart, you **must** provide the following variables: - -* `stackstate.apiKey` -* `stackstate.cluster.name` -* `stackstate.url` - -The parameter `stackstate.cluster.name` is entered when installing the Cluster Agent StackPack. - -Install them on the command line on Helm with the following command: - -```shell -helm install \ ---set-string 'stackstate.apiKey'='' \ ---set-string 'stackstate.cluster.name'='' \ ---set-string 'stackstate.url'='' \ -stackstate/stackstate-k8s-agent -``` - -## Recommended Values - -It is also recommended that you set a value for `stackstate.cluster.authToken`. If it is not provided, a value will be generated for you, but the value will change each time an upgrade is performed. - -The command for **also** installing with a set token would be: - -```shell -helm install \ ---set-string 'stackstate.apiKey'='' \ ---set-string 'stackstate.cluster.name'='' \ ---set-string 'stackstate.cluster.authToken'='' \ ---set-string 'stackstate.url'='' \ -stackstate/stackstate-k8s-agent -``` - -{{ template "chart.valuesSection" . }} diff --git a/charts/stackstate/stackstate-k8s-agent/1.0.53/Releasing.md b/charts/stackstate/stackstate-k8s-agent/1.0.53/Releasing.md deleted file mode 100644 index bab6c2b94..000000000 --- a/charts/stackstate/stackstate-k8s-agent/1.0.53/Releasing.md +++ /dev/null @@ -1,15 +0,0 @@ -To make a new release of this helm chart, follow the following steps: - - -- Create a branch from master -- Set the latest tags for the docker images, based on the dev settings (while we do not promote to prod, the moment we promote to prod we should take those tags) from https://gitlab.com/stackvista/devops/agent-promoter/-/blob/master/config.yml. Set the value to the folowing keys: - * stackstate-k8s-cluster-agent: - * [clusterAgent.image.tag] - * stackstate-k8s-agent: - * [nodeAgent.containers.agent.image.tag] - * [checksAgent.image.tag] - * stackstate-k8s-process-agent: - * [nodeAgent.containers.processAgent.image.tag] -- Bump the version of the chart -- Merge the mr and hit the public release button on the ci pipeline -- Manually smoke-test (deploy) the newly released stackstate/stackstate-k8s-agent chart to make sure it runs diff --git a/charts/stackstate/stackstate-k8s-agent/1.0.53/app-readme.md b/charts/stackstate/stackstate-k8s-agent/1.0.53/app-readme.md deleted file mode 100644 index 8025fe1d3..000000000 --- a/charts/stackstate/stackstate-k8s-agent/1.0.53/app-readme.md +++ /dev/null @@ -1,5 +0,0 @@ -## Introduction - -StackState is a modern Application Troubleshooting and Observability solution designed for the rapid evolving engineering landscape. With specific enhancements for Kubernetes environments it empowers engineers, allowing them to remediate application issues independently in production. - -The StackState Agent auto-discovers your entire environment in minutes, assimilating topology, logs, metrics, and events and sends this of to the StackState server. By using StackState you're able to tracke all activity in your environment in real-time and over time. StackState provides instant understanding of the business impact of an issue, offering end-to-end chain observability and ensuring that you can quickly correlate any product or environmental changes to the overall health of your cloud-native implementation. diff --git a/charts/stackstate/stackstate-k8s-agent/1.0.53/charts/http-header-injector/.helmignore b/charts/stackstate/stackstate-k8s-agent/1.0.53/charts/http-header-injector/.helmignore deleted file mode 100644 index 69790771c..000000000 --- a/charts/stackstate/stackstate-k8s-agent/1.0.53/charts/http-header-injector/.helmignore +++ /dev/null @@ -1,25 +0,0 @@ -# Patterns to ignore when building packages. -# This supports shell glob matching, relative path matching, and -# negation (prefixed with !). Only one pattern per line. -.DS_Store -# Common VCS dirs -.git/ -.gitignore -.bzr/ -.bzrignore -.hg/ -.hgignore -.svn/ -# Common backup files -*.swp -*.bak -*.tmp -*~ -# Various IDEs -.project -.idea/ -*.tmproj -.vscode/ -linter_values.yaml -ci/ -installation/ diff --git a/charts/stackstate/stackstate-k8s-agent/1.0.53/charts/http-header-injector/Chart.yaml b/charts/stackstate/stackstate-k8s-agent/1.0.53/charts/http-header-injector/Chart.yaml deleted file mode 100644 index c1f1de800..000000000 --- a/charts/stackstate/stackstate-k8s-agent/1.0.53/charts/http-header-injector/Chart.yaml +++ /dev/null @@ -1,15 +0,0 @@ -apiVersion: v2 -appVersion: 0.0.1 -description: 'Helm chart for deploying the http-header-injector sidecar, which automatically - injects x-request-id into http traffic going through the cluster for pods which - have the annotation `http-header-injector.stackstate.io/inject: enabled` is set. ' -home: https://github.com/StackVista/http-header-injector -icon: https://www.stackstate.com/wp-content/uploads/2019/02/152x152-favicon.png -keywords: -- monitoring -- stackstate -maintainers: -- email: ops@stackstate.com - name: Stackstate Lupulus Team -name: http-header-injector -version: 0.0.6 diff --git a/charts/stackstate/stackstate-k8s-agent/1.0.53/charts/http-header-injector/README.md b/charts/stackstate/stackstate-k8s-agent/1.0.53/charts/http-header-injector/README.md deleted file mode 100644 index 3f83e01b8..000000000 --- a/charts/stackstate/stackstate-k8s-agent/1.0.53/charts/http-header-injector/README.md +++ /dev/null @@ -1,54 +0,0 @@ -# http-header-injector - -![Version: 0.0.6](https://img.shields.io/badge/Version-0.0.6-informational?style=flat-square) ![AppVersion: 0.0.1](https://img.shields.io/badge/AppVersion-0.0.1-informational?style=flat-square) - -Helm chart for deploying the http-header-injector sidecar, which automatically injects x-request-id into http traffic -going through the cluster for pods which have the annotation `http-header-injector.stackstate.io/inject: enabled` is set. - -**Homepage:** - -## Maintainers - -| Name | Email | Url | -| ---- | ------ | --- | -| Stackstate Lupulus Team | | | - -## Values - -| Key | Type | Default | Description | -|-----|------|---------|-------------| -| certificatePrehook | object | `{"image":{"pullPolicy":"IfNotPresent","registry":null,"repository":"stackstate/container-tools","tag":"1.1.8"}}` | Helm prehook to setup/remove a certificate for the sidecarInjector mutationwebhook | -| certificatePrehook.image.pullPolicy | string | `"IfNotPresent"` | Policy when pulling an image | -| certificatePrehook.image.registry | string | `nil` | Registry for the docker image. | -| certificatePrehook.image.tag | string | `"1.1.8"` | The tag for the docker image | -| debug | bool | `false` | Enable debugging. This will leave leave artifacts around like the prehook jobs for further inspection | -| enabled | bool | `true` | Enable/disable the mutationwebhook | -| global.imagePullCredentials | object | `{}` | Globally define credentials for pulling images. | -| global.imagePullSecrets | list | `[]` | Globally add image pull secrets that are used. | -| global.imageRegistry | string | `nil` | Globally override the image registry that is used. Can be overridden by specific containers. Defaults to quay.io | -| images.pullSecretName | string | `nil` | | -| proxy | object | `{"image":{"pullPolicy":"IfNotPresent","registry":null,"repository":"stackstate/http-header-injector-proxy","tag":"sha-5ff79451"},"resources":{"limits":{"memory":"40Mi"},"requests":{"memory":"25Mi"}}}` | Proxy being injected into pods for rewriting http headers | -| proxy.image.pullPolicy | string | `"IfNotPresent"` | Policy when pulling an image | -| proxy.image.registry | string | `nil` | Registry for the docker image. | -| proxy.image.tag | string | `"sha-5ff79451"` | The tag for the docker image | -| proxy.resources.limits.memory | string | `"40Mi"` | Memory resource limits. | -| proxy.resources.requests.memory | string | `"25Mi"` | Memory resource requests. | -| proxyInit | object | `{"image":{"pullPolicy":"IfNotPresent","registry":null,"repository":"stackstate/http-header-injector-proxy-init","tag":"sha-5ff79451"}}` | InitContainer within pod which redirects traffic to the proxy container. | -| proxyInit.image.pullPolicy | string | `"IfNotPresent"` | Policy when pulling an image | -| proxyInit.image.registry | string | `nil` | Registry for the docker image | -| proxyInit.image.tag | string | `"sha-5ff79451"` | The tag for the docker image | -| sidecarInjector | object | `{"image":{"pullPolicy":"IfNotPresent","registry":null,"repository":"stackstate/generic-sidecar-injector","tag":"sha-9c852245"}}` | Service for injecting the proxy sidecar into pods | -| sidecarInjector.image.pullPolicy | string | `"IfNotPresent"` | Policy when pulling an image | -| sidecarInjector.image.registry | string | `nil` | Registry for the docker image. | -| sidecarInjector.image.tag | string | `"sha-9c852245"` | The tag for the docker image | -| webhook | object | `{"failurePolicy":"Ignore","tls":{"certManager":{"issuer":"","issuerKind":"ClusterIssuer","issuerNamespace":""},"mode":"generated","provided":{"caBundle":"","crt":"","key":""},"secret":{"name":""}}}` | MutationWebhook that will be installed to inject a sidecar into pods | -| webhook.failurePolicy | string | `"Ignore"` | How should the webhook fail? Best is to use Ignore, because there is a brief moment at initialization when the hook s there but the service not. Also, putting this to fail can cause the control plane be unresponsive. | -| webhook.tls.certManager.issuer | string | `""` | The issuer that is used for the webhook. Only used if you set webhook.tls.mode to "cert-manager". | -| webhook.tls.certManager.issuerKind | string | `"ClusterIssuer"` | The issuer kind that is used for the webhook, valid values are "Issuer" or "ClusterIssuer". Only used if you set webhook.tls.mode to "cert-manager". | -| webhook.tls.certManager.issuerNamespace | string | `""` | The namespace the cert-manager issuer is located in. If left empty defaults to the release's namespace that is used for the webhook. Only used if you set webhook.tls.mode to "cert-manager". | -| webhook.tls.mode | string | `"generated"` | The mode for the webhook. Can be "provided", "generated", "secret" or "cert-manager". If you want to use cert-manager, you need to install it first. NOTE: If you choose "generated", additional privileges are required to create the certificate and webhook at runtime. | -| webhook.tls.provided.caBundle | string | `""` | The caBundle that is used for the webhook. This is the certificate that is used to sign the webhook. Only used if you set webhook.tls.mode to "provided". | -| webhook.tls.provided.crt | string | `""` | The certificate that is used for the webhook. Only used if you set webhook.tls.mode to "provided". | -| webhook.tls.provided.key | string | `""` | The key that is used for the webhook. Only used if you set webhook.tls.mode to "provided". | -| webhook.tls.secret.name | string | `""` | The name of the secret containing the pre-provisioned certificate data that is used for the webhook. Only used if you set webhook.tls.mode to "secret". | - diff --git a/charts/stackstate/stackstate-k8s-agent/1.0.53/charts/http-header-injector/Readme.md.gotpl b/charts/stackstate/stackstate-k8s-agent/1.0.53/charts/http-header-injector/Readme.md.gotpl deleted file mode 100644 index 225032aa2..000000000 --- a/charts/stackstate/stackstate-k8s-agent/1.0.53/charts/http-header-injector/Readme.md.gotpl +++ /dev/null @@ -1,26 +0,0 @@ -{{ template "chart.header" . }} -{{ template "chart.description" . }} - -Current chart version is `{{ template "chart.version" . }}` - -{{ template "chart.homepageLine" . }} - -{{ template "chart.requirementsSection" . }} - -## Required Values - -No values have to be included to install this chart. After installing this chart, it becomes possible to annotate pods with -the `http-header-injector.stackstate.io/inject: enabled` annotation to make sure the sidecar provided by this chart is -activated on a pod. - -## Recommended Values - -{{ template "chart.valuesSection" . -}} - -## Install - -Install from the command line on Helm with the following command: - -```shell -helm install stackstate/http-header-injector -``` diff --git a/charts/stackstate/stackstate-k8s-agent/1.0.53/charts/http-header-injector/templates/_defines.tpl b/charts/stackstate/stackstate-k8s-agent/1.0.53/charts/http-header-injector/templates/_defines.tpl deleted file mode 100644 index f1b8b8872..000000000 --- a/charts/stackstate/stackstate-k8s-agent/1.0.53/charts/http-header-injector/templates/_defines.tpl +++ /dev/null @@ -1,82 +0,0 @@ -{{- define "http-header-injector.app.name" -}} -{{ .Release.Name }}-http-header-injector -{{- end -}} - -{{- define "http-header-injector.webhook-service.name" -}} -{{ .Release.Name }}-http-header-injector -{{- end -}} - -{{- define "http-header-injector.webhook-service.fqname" -}} -{{ .Release.Name }}-http-header-injector.{{ .Release.Namespace }}.svc -{{- end -}} - -{{- define "http-header-injector.cert-secret.name" -}} -{{- if eq .Values.webhook.tls.mode "secret" -}} -{{ .Values.webhook.tls.secret.name }} -{{- else -}} -{{ .Release.Name }}-http-injector-cert -{{- end -}} -{{- end -}} - -{{- define "http-header-injector.cert-clusterrole.name" -}} -{{ .Release.Name }}-http-injector-cert-cluster-role -{{- end -}} - -{{- define "http-header-injector.cert-serviceaccount.name" -}} -{{ .Release.Name }}-http-injector-cert-sa -{{- end -}} - -{{- define "http-header-injector.cert-config.name" -}} -{{ .Release.Name }}-cert-config -{{- end -}} - -{{- define "http-header-injector.mutatingwebhookconfiguration.name" -}} -{{ .Release.Name }}-http-header-injector-webhook.stackstate.io -{{- end -}} - -{{- define "http-header-injector.webhook-config.name" -}} -{{ .Release.Name }}-http-header-injector-config -{{- end -}} - -{{- define "http-header-injector.mutating-webhook.name" -}} -{{ .Release.Name }}-http-header-injector-webhook -{{- end -}} - -{{- define "http-header-injector.pull-secret.name" -}} -{{ include "http-header-injector.app.name" . }}-pull-secret -{{- end -}} - -{{/* If the issuer is located in a different namespace, it is possible to set that, else default to the release namespace */}} -{{- define "cert-manager.certificate.namespace" -}} -{{ .Values.webhook.tls.certManager.issuerNamespace | default .Release.Namespace }} -{{- end -}} - -{{- define "http-header-injector.image.registry.global" -}} - {{- if .Values.global }} - {{- .Values.global.imageRegistry | default "quay.io" -}} - {{- else -}} - quay.io - {{- end -}} -{{- end -}} - -{{- define "http-header-injector.image.registry" -}} - {{- if ((.ContainerConfig).image).registry -}} - {{- tpl .ContainerConfig.image.registry . -}} - {{- else -}} - {{- include "http-header-injector.image.registry.global" . }} - {{- end -}} -{{- end -}} - -{{- define "http-header-injector.image.pullSecrets" -}} - {{- $pullSecrets := list }} - {{- $pullSecrets = append $pullSecrets (include "http-header-injector.pull-secret.name" .) }} - {{- range .Values.global.imagePullSecrets -}} - {{- $pullSecrets = append $pullSecrets . -}} - {{- end -}} - {{- if (not (empty $pullSecrets)) -}} -imagePullSecrets: - {{- range $pullSecrets | uniq }} - - name: {{ . }} - {{- end }} - {{- end -}} -{{- end -}} diff --git a/charts/stackstate/stackstate-k8s-agent/1.0.53/charts/http-header-injector/templates/cert-hook-clusterrolbinding.yaml b/charts/stackstate/stackstate-k8s-agent/1.0.53/charts/http-header-injector/templates/cert-hook-clusterrolbinding.yaml deleted file mode 100644 index fb804f729..000000000 --- a/charts/stackstate/stackstate-k8s-agent/1.0.53/charts/http-header-injector/templates/cert-hook-clusterrolbinding.yaml +++ /dev/null @@ -1,22 +0,0 @@ -{{- if eq .Values.webhook.tls.mode "generated" }} -apiVersion: rbac.authorization.k8s.io/v1 -kind: ClusterRoleBinding -metadata: - name: "{{ include "http-header-injector.cert-serviceaccount.name" . }}" - labels: - app.kubernetes.io/component: http-header-injector-cert-hook - app.kubernetes.io/instance: {{ .Release.Name }} - app.kubernetes.io/name: {{ include "http-header-injector.app.name" . }} - annotations: - "helm.sh/hook": pre-install,pre-upgrade,post-delete,post-upgrade - "helm.sh/hook-weight": "-3" - "helm.sh/hook-delete-policy": before-hook-creation,hook-succeeded -roleRef: - apiGroup: rbac.authorization.k8s.io - kind: ClusterRole - name: "{{ include "http-header-injector.cert-clusterrole.name" . }}" -subjects: - - kind: ServiceAccount - name: "{{ include "http-header-injector.cert-serviceaccount.name" . }}" - namespace: {{ .Release.Namespace }} -{{- end }} diff --git a/charts/stackstate/stackstate-k8s-agent/1.0.53/charts/http-header-injector/templates/cert-hook-clusterrole.yaml b/charts/stackstate/stackstate-k8s-agent/1.0.53/charts/http-header-injector/templates/cert-hook-clusterrole.yaml deleted file mode 100644 index 595ae5c1b..000000000 --- a/charts/stackstate/stackstate-k8s-agent/1.0.53/charts/http-header-injector/templates/cert-hook-clusterrole.yaml +++ /dev/null @@ -1,24 +0,0 @@ -{{- if eq .Values.webhook.tls.mode "generated" }} -apiVersion: rbac.authorization.k8s.io/v1 -kind: ClusterRole -metadata: - name: "{{ include "http-header-injector.cert-clusterrole.name" . }}" - labels: - app.kubernetes.io/component: http-header-injector-cert-hook - app.kubernetes.io/instance: {{ .Release.Name }} - app.kubernetes.io/name: {{ include "http-header-injector.app.name" . }} - annotations: - "helm.sh/hook": pre-install,pre-upgrade,post-delete,post-upgrade - "helm.sh/hook-weight": "-4" - "helm.sh/hook-delete-policy": before-hook-creation,hook-succeeded -rules: - - apiGroups: [ "admissionregistration.k8s.io" ] - resources: [ "mutatingwebhookconfigurations" ] - verbs: [ "get", "create", "patch","update","delete" ] - - apiGroups: [ "" ] - resources: [ "secrets" ] - verbs: [ "create", "get", "patch","update","delete" ] - - apiGroups: [ "apps" ] - resources: [ "deployments" ] - verbs: [ "get" ] -{{- end }} diff --git a/charts/stackstate/stackstate-k8s-agent/1.0.53/charts/http-header-injector/templates/cert-hook-config.yaml b/charts/stackstate/stackstate-k8s-agent/1.0.53/charts/http-header-injector/templates/cert-hook-config.yaml deleted file mode 100644 index b0c5f22fd..000000000 --- a/charts/stackstate/stackstate-k8s-agent/1.0.53/charts/http-header-injector/templates/cert-hook-config.yaml +++ /dev/null @@ -1,152 +0,0 @@ -{{- if eq .Values.webhook.tls.mode "generated" }} -apiVersion: v1 -kind: ConfigMap -metadata: - name: "{{ include "http-header-injector.cert-config.name" . }}" - labels: - app.kubernetes.io/component: http-header-injector-cert-hook - app.kubernetes.io/instance: {{ .Release.Name }} - app.kubernetes.io/name: {{ include "http-header-injector.app.name" . }} - annotations: - "helm.sh/hook": pre-install,pre-upgrade,post-delete,post-upgrade - "helm.sh/hook-weight": "-3" - "helm.sh/hook-delete-policy": before-hook-creation,hook-succeeded -data: - generate-cert.sh: | - #!/bin/bash - - # We are going for a self-signed certificate here. We would like to use k8s CertificateSigningRequest, however, - # currently there are no out of the box signers that can sign a 'server auth' certificate, which is required for mutation webhooks. - set -ex - - SCRIPTDIR="${BASH_SOURCE%/*}" - - DIR=`mktemp -d` - - cd "$DIR" - - {{ if .Values.enabled }} - echo "Chart enabled, creating secret and webhook" - - openssl genrsa -out ca.key 2048 - - openssl req -x509 -new -nodes -key ca.key -subj "/CN={{ include "http-header-injector.webhook-service.fqname" . }}" -days 10000 -out ca.crt - - openssl genrsa -out tls.key 2048 - - openssl req -new -key tls.key -out tls.csr -config "$SCRIPTDIR/csr.conf" - - openssl x509 -req -in tls.csr -CA ca.crt -CAkey ca.key \ - -CAcreateserial -out tls.crt -days 10000 \ - -extensions v3_ext -extfile "$SCRIPTDIR/csr.conf" -sha256 - - # Create or update the secret - echo "Applying secret" - kubectl create secret tls "{{ include "http-header-injector.cert-secret.name" . }}" \ - -n "{{ .Release.Namespace }}" \ - --cert=./tls.crt \ - --key=./tls.key \ - --dry-run=client \ - -o yaml | kubectl apply -f - - - echo "Applying mutationwebhook" - caBundle=`base64 -w 0 ca.crt` - cat "$SCRIPTDIR/mutatingwebhookconfiguration.yaml" | sed "s/\\\$CA_BUNDLE/$caBundle/g" | kubectl apply -f - - {{ else }} - echo "Chart disabled, not creating secret and webhook" - {{ end }} - delete-cert.sh: | - #!/bin/bash - - set -x - - DIR="${BASH_SOURCE%/*}" - if [[ ! -d "$DIR" ]]; then DIR="$PWD"; fi - if [[ "$DIR" = "." ]]; then DIR="$PWD"; fi - - cd "$DIR" - - # Using detection of deployment hee to also make this work in post-delete. - if kubectl get deployments "{{ include "http-header-injector.app.name" . }}" -n "{{ .Release.Namespace }}"; then - echo "Chart enabled, not removing secret and mutationwebhook" - exit 0 - else - echo "Chart disabled, removing secret and mutationwebhook" - fi - - # Create or update the secret - echo "Deleting secret" - kubectl delete secret "{{ include "http-header-injector.cert-secret.name" . }}" -n "{{ .Release.Namespace }}" - - echo "Applying mutationwebhook" - kubectl delete MutatingWebhookConfiguration "{{ include "http-header-injector.mutating-webhook.name" . }}" -n "{{ .Release.Namespace }}" - - exit 0 - - csr.conf: | - [ req ] - default_bits = 2048 - prompt = no - default_md = sha256 - req_extensions = req_ext - distinguished_name = dn - - [ dn ] - C = NL - ST = Utrecht - L = Hilversum - O = StackState - OU = Dev - CN = {{ include "http-header-injector.webhook-service.fqname" . }} - - [ req_ext ] - subjectAltName = @alt_names - - [ alt_names ] - DNS.1 = {{ include "http-header-injector.webhook-service.fqname" . }} - - [ v3_ext ] - authorityKeyIdentifier=keyid,issuer:always - basicConstraints=CA:FALSE - keyUsage=keyEncipherment,dataEncipherment - extendedKeyUsage=serverAuth - subjectAltName=@alt_names - - mutatingwebhookconfiguration.yaml: | - apiVersion: admissionregistration.k8s.io/v1 - kind: MutatingWebhookConfiguration - metadata: - name: "{{ include "http-header-injector.mutating-webhook.name" . }}" - namespace: "{{ .Release.Namespace }}" - webhooks: - - clientConfig: - caBundle: "$CA_BUNDLE" - service: - name: "{{ include "http-header-injector.webhook-service.name" . }}" - path: /mutate - namespace: {{ .Release.Namespace }} - port: 8443 - # Putting failure on ignore, not doing so can crash the entire control plane if something goes wrong with the service. - failurePolicy: "{{ .Values.webhook.failurePolicy }}" - name: "{{ include "http-header-injector.mutatingwebhookconfiguration.name" . }}" - namespaceSelector: - matchExpressions: - - key: kubernetes.io/metadata.name - operator: NotIn - values: - - kube-system - - cert-manager - - {{ .Release.Namespace }} - rules: - - apiGroups: - - "" - apiVersions: - - v1 - operations: - - CREATE - resources: - - pods - sideEffects: None - admissionReviewVersions: - - v1 -{{- end }} diff --git a/charts/stackstate/stackstate-k8s-agent/1.0.53/charts/http-header-injector/templates/cert-hook-job-delete.yaml b/charts/stackstate/stackstate-k8s-agent/1.0.53/charts/http-header-injector/templates/cert-hook-job-delete.yaml deleted file mode 100644 index 027d69b37..000000000 --- a/charts/stackstate/stackstate-k8s-agent/1.0.53/charts/http-header-injector/templates/cert-hook-job-delete.yaml +++ /dev/null @@ -1,42 +0,0 @@ -{{- if eq .Values.webhook.tls.mode "generated" }} -{{- $containerConfig := dict "ContainerConfig" .Values.certificatePrehook -}} -apiVersion: batch/v1 -kind: Job -metadata: - name: {{ .Release.Name }}-header-injector-cert-delete - labels: - app.kubernetes.io/component: http-header-injector-cert-hook-delete - app.kubernetes.io/instance: {{ .Release.Name }} - app.kubernetes.io/name: {{ include "http-header-injector.app.name" . }} - annotations: - "helm.sh/hook": post-delete,post-upgrade - "helm.sh/hook-weight": "-2" - "helm.sh/hook-delete-policy": before-hook-creation{{- if not .Values.debug -}},hook-succeeded{{- end }} -spec: - template: - metadata: - labels: - app.kubernetes.io/component: http-header-injector-delete - app.kubernetes.io/instance: {{ .Release.Name }} - app.kubernetes.io/name: {{ include "http-header-injector.app.name" . }} - annotations: - checksum/config: {{ include (print $.Template.BasePath "/cert-hook-config.yaml") . | sha256sum }} - spec: - serviceAccountName: "{{ include "http-header-injector.cert-serviceaccount.name" . }}" - {{- include "http-header-injector.image.pullSecrets" . | nindent 6 }} - volumes: - - name: "{{ include "http-header-injector.cert-config.name" . }}" - configMap: - name: "{{ include "http-header-injector.cert-config.name" . }}" - defaultMode: 0777 - containers: - - name: webhook-cert-delete - image: "{{ include "http-header-injector.image.registry" (merge $containerConfig .) }}/{{ .Values.certificatePrehook.image.repository }}:{{ .Values.certificatePrehook.image.tag }}" - imagePullPolicy: {{ .Values.certificatePrehook.image.pullPolicy }} - volumeMounts: - - name: "{{ include "http-header-injector.cert-config.name" . }}" - mountPath: /scripts - command: [ "/scripts/delete-cert.sh" ] - restartPolicy: Never - backoffLimit: 0 -{{- end }} diff --git a/charts/stackstate/stackstate-k8s-agent/1.0.53/charts/http-header-injector/templates/cert-hook-job-setup.yaml b/charts/stackstate/stackstate-k8s-agent/1.0.53/charts/http-header-injector/templates/cert-hook-job-setup.yaml deleted file mode 100644 index b8e310442..000000000 --- a/charts/stackstate/stackstate-k8s-agent/1.0.53/charts/http-header-injector/templates/cert-hook-job-setup.yaml +++ /dev/null @@ -1,43 +0,0 @@ -{{- if eq .Values.webhook.tls.mode "generated" }} -{{- $containerConfig := dict "ContainerConfig" .Values.certificatePrehook -}} -apiVersion: batch/v1 -kind: Job -metadata: - name: {{ .Release.Name }}-header-injector-cert-setup - labels: - app.kubernetes.io/component: http-header-injector-cert-hook-setup - app.kubernetes.io/instance: {{ .Release.Name }} - app.kubernetes.io/name: {{ include "http-header-injector.app.name" . }} - annotations: - "helm.sh/hook": pre-install,pre-upgrade - "helm.sh/hook-weight": "-2" - "helm.sh/hook-delete-policy": before-hook-creation{{- if not .Values.debug -}},hook-succeeded{{- end }} -spec: - template: - metadata: - labels: - app.kubernetes.io/component: http-header-injector-setup - app.kubernetes.io/instance: {{ .Release.Name }} - app.kubernetes.io/name: {{ include "http-header-injector.app.name" . }} - annotations: - checksum/config: {{ include (print $.Template.BasePath "/cert-hook-config.yaml") . | sha256sum }} - spec: - serviceAccountName: "{{ include "http-header-injector.cert-serviceaccount.name" . }}" - {{- include "http-header-injector.image.pullSecrets" . | nindent 6 }} - volumes: - - name: "{{ include "http-header-injector.cert-config.name" . }}" - configMap: - name: "{{ include "http-header-injector.cert-config.name" . }}" - defaultMode: 0777 - containers: - - name: webhook-cert-setup - image: "{{ include "http-header-injector.image.registry" (merge $containerConfig .) }}/{{ .Values.certificatePrehook.image.repository }}:{{ .Values.certificatePrehook.image.tag }}" - imagePullPolicy: {{ .Values.certificatePrehook.image.pullPolicy }} - volumeMounts: - - name: "{{ include "http-header-injector.cert-config.name" . }}" - mountPath: /scripts - readOnly: true - command: ["/scripts/generate-cert.sh"] - restartPolicy: Never - backoffLimit: 0 -{{- end }} diff --git a/charts/stackstate/stackstate-k8s-agent/1.0.53/charts/http-header-injector/templates/cert-hook-serviceaccount.yaml b/charts/stackstate/stackstate-k8s-agent/1.0.53/charts/http-header-injector/templates/cert-hook-serviceaccount.yaml deleted file mode 100644 index 4d6931b05..000000000 --- a/charts/stackstate/stackstate-k8s-agent/1.0.53/charts/http-header-injector/templates/cert-hook-serviceaccount.yaml +++ /dev/null @@ -1,16 +0,0 @@ -{{- if eq .Values.webhook.tls.mode "generated" }} -apiVersion: v1 -kind: ServiceAccount -metadata: - name: "{{ include "http-header-injector.cert-serviceaccount.name" . }}" - namespace: {{ .Release.Namespace }} - annotations: - "helm.sh/hook": pre-install,pre-upgrade,post-delete,post-upgrade - "helm.sh/hook-weight": "-4" - "helm.sh/hook-delete-policy": before-hook-creation,hook-succeeded - labels: - app.kubernetes.io/component: http-header-injector-cert-hook - app.kubernetes.io/instance: {{ .Release.Name }} - app.kubernetes.io/name: {{ include "http-header-injector.app.name" . }} - app: "{{ include "http-header-injector.app.name" . }}" -{{- end }} diff --git a/charts/stackstate/stackstate-k8s-agent/1.0.53/charts/http-header-injector/templates/pull-secret.yaml b/charts/stackstate/stackstate-k8s-agent/1.0.53/charts/http-header-injector/templates/pull-secret.yaml deleted file mode 100644 index 5dc48d931..000000000 --- a/charts/stackstate/stackstate-k8s-agent/1.0.53/charts/http-header-injector/templates/pull-secret.yaml +++ /dev/null @@ -1,29 +0,0 @@ -{{- $defaultRegistry := .Values.global.imageRegistry }} -{{- $top := . }} -{{- $registryAuthMap := dict }} - -{{- range $registry, $credentials := .Values.global.imagePullCredentials }} - {{- $registryAuthDocument := dict -}} - {{- $_ := set $registryAuthDocument "username" $credentials.username }} - {{- $_ := set $registryAuthDocument "password" $credentials.password }} - {{- $authMessage := printf "%s:%s" $registryAuthDocument.username $registryAuthDocument.password | b64enc }} - {{- $_ := set $registryAuthDocument "auth" $authMessage }} - {{- if eq $registry "default" }} - {{- $registryAuthMap := set $registryAuthMap (include "http-header-injector.image.registry.global" $top) $registryAuthDocument }} - {{ else }} - {{- $registryAuthMap := set $registryAuthMap $registry $registryAuthDocument }} - {{- end }} -{{- end }} -{{- $dockerAuthsDocuments := dict "auths" $registryAuthMap }} - -apiVersion: v1 -kind: Secret -metadata: - labels: - app.kubernetes.io/component: http-header-injector - app.kubernetes.io/instance: {{ .Release.Name }} - app.kubernetes.io/name: {{ include "http-header-injector.app.name" . }} - name: {{ include "http-header-injector.pull-secret.name" . }} -data: - .dockerconfigjson: {{ $dockerAuthsDocuments | toJson | b64enc | quote }} -type: kubernetes.io/dockerconfigjson \ No newline at end of file diff --git a/charts/stackstate/stackstate-k8s-agent/1.0.53/charts/http-header-injector/templates/webhook-cert-secret.yaml b/charts/stackstate/stackstate-k8s-agent/1.0.53/charts/http-header-injector/templates/webhook-cert-secret.yaml deleted file mode 100644 index ba7a216f2..000000000 --- a/charts/stackstate/stackstate-k8s-agent/1.0.53/charts/http-header-injector/templates/webhook-cert-secret.yaml +++ /dev/null @@ -1,15 +0,0 @@ -{{- if eq .Values.webhook.tls.mode "provided" }} -apiVersion: v1 -kind: Secret -metadata: - name: {{ include "http-header-injector.cert-secret.name" . }} - namespace: {{ .Release.Namespace }} - labels: - app.kubernetes.io/component: http-header-injector - app.kubernetes.io/instance: {{ .Release.Name }} - app.kubernetes.io/name: {{ include "http-header-injector.app.name" . }} -type: kubernetes.io/tls -data: - tls.crt: {{ .Values.webhook.tls.provided.crt | b64enc }} - tls.key: {{ .Values.webhook.tls.provided.key | b64enc }} -{{- end }} diff --git a/charts/stackstate/stackstate-k8s-agent/1.0.53/charts/http-header-injector/templates/webhook-certificate.yaml b/charts/stackstate/stackstate-k8s-agent/1.0.53/charts/http-header-injector/templates/webhook-certificate.yaml deleted file mode 100644 index 752132d44..000000000 --- a/charts/stackstate/stackstate-k8s-agent/1.0.53/charts/http-header-injector/templates/webhook-certificate.yaml +++ /dev/null @@ -1,20 +0,0 @@ -{{- if eq .Values.webhook.tls.mode "cert-manager" }} -apiVersion: cert-manager.io/v1 -kind: Certificate -metadata: - name: {{ include "http-header-injector.webhook-service.name" . }} - namespace: {{ include "cert-manager.certificate.namespace" . }} - labels: - app.kubernetes.io/component: http-header-injector - app.kubernetes.io/instance: {{ .Release.Name }} - app.kubernetes.io/name: {{ include "http-header-injector.app.name" . }} -spec: - secretName: {{ include "http-header-injector.cert-secret.name" . }} - issuerRef: - name: {{ .Values.webhook.tls.certManager.issuer }} - kind: {{ .Values.webhook.tls.certManager.issuerKind }} - dnsNames: - - "{{ include "http-header-injector.webhook-service.name" . }}" - - "{{ include "http-header-injector.webhook-service.name" . }}.{{ .Release.Namespace }}" - - "{{ include "http-header-injector.webhook-service.name" . }}.{{ .Release.Namespace }}.svc" -{{- end }} diff --git a/charts/stackstate/stackstate-k8s-agent/1.0.53/charts/http-header-injector/templates/webhook-config.yaml b/charts/stackstate/stackstate-k8s-agent/1.0.53/charts/http-header-injector/templates/webhook-config.yaml deleted file mode 100644 index f611a52e3..000000000 --- a/charts/stackstate/stackstate-k8s-agent/1.0.53/charts/http-header-injector/templates/webhook-config.yaml +++ /dev/null @@ -1,125 +0,0 @@ -{{- if .Values.enabled -}} -{{- $proxyContainerConfig := dict "ContainerConfig" .Values.proxy -}} -{{- $proxyInitContainerConfig := dict "ContainerConfig" .Values.proxyInit -}} -apiVersion: v1 -kind: ConfigMap -metadata: - labels: - app.kubernetes.io/component: http-header-injector - app.kubernetes.io/instance: {{ .Release.Name }} - app.kubernetes.io/name: {{ include "http-header-injector.app.name" . }} - name: {{ .Release.Name }}-http-header-injector-config -data: - sidecarconfig.yaml: | - initContainers: - - name: http-header-proxy-init - image: "{{ include "http-header-injector.image.registry" (merge $proxyInitContainerConfig .) }}/{{ .Values.proxyInit.image.repository }}:{{ .Values.proxyInit.image.tag }}" - imagePullPolicy: {{ .Values.proxyInit.image.pullPolicy }} - command: ["/init-iptables.sh"] - env: - - name: CHART_VERSION - value: "{{ .Chart.Version }}" - - name: PROXY_PORT - value: {% if index .Annotations "config.http-header-injector.stackstate.io/proxy-port" %}"{% index .Annotations "config.http-header-injector.stackstate.io/proxy-port" %}"{% else %}"7060"{% end %} - - name: PROXY_UID - value: {% if index .Annotations "config.http-header-injector.stackstate.io/proxy-uid" %}"{% index .Annotations "config.http-header-injector.stackstate.io/proxy-uid" %}"{% else %}"2103"{% end %} - - name: POD_HOST_NETWORK - value: {% .Spec.HostNetwork %} - {% if eq (index .Annotations "linkerd.io/inject") "enabled" %} - - name: LINKERD - value: true - # Reference: https://linkerd.io/2.13/reference/proxy-configuration/ - - name: LINKERD_PROXY_UID - value: {% if index .Annotations "config.linkerd.io/proxy-uid" %}"{% index .Annotations "config.linkerd.io/proxy-uid" %}"{% else %}"2102"{% end %} - # Due to https://github.com/linkerd/linkerd2/issues/10981 this is now not realy possible, still bringing in the code for future reference - - name: LINKERD_ADMIN_PORT - value: {% if index .Annotations "config.linkerd.io/admin-port" %}"{% index .Annotations "config.linkerd.io/admin-port" %}"{% else %}"4191"{% end %} - {% end %} - securityContext: - allowPrivilegeEscalation: false - capabilities: - add: - - NET_ADMIN - - NET_RAW - privileged: false - readOnlyRootFilesystem: true - runAsNonRoot: false - runAsUser: 0 - seccompProfile: - type: RuntimeDefault - volumeMounts: - # This is required for iptables to be able to run - - mountPath: /run - name: http-header-proxy-init-xtables-lock - - containers: - - name: http-header-proxy - image: "{{ include "http-header-injector.image.registry" (merge $proxyContainerConfig .) }}/{{ .Values.proxy.image.repository }}:{{ .Values.proxy.image.tag }}" - imagePullPolicy: {{ .Values.proxy.image.pullPolicy }} - env: - - name: CHART_VERSION - value: "{{ .Chart.Version }}" - - name: PORT - value: {% if index .Annotations "config.http-header-injector.stackstate.io/proxy-port" %}"{% index .Annotations "config.http-header-injector.stackstate.io/proxy-port" %}"{% else %}"7060"{% end %} - - name: DEBUG - value: {% if index .Annotations "config.http-header-injector.stackstate.io/debug" %}"{% index .Annotations "config.http-header-injector.stackstate.io/debug" %}"{% else %}"disabled"{% end %} - securityContext: - runAsUser: {% if index .Annotations "config.http-header-injector.stackstate.io/proxy-uid" %}{% index .Annotations "config.http-header-injector.stackstate.io/proxy-uid" %}{% else %}2103{% end %} - seccompProfile: - type: RuntimeDefault - {{- with .Values.proxy.resources }} - resources: - {{- toYaml . | nindent 12 }} - {{- end }} - - name: http-header-inject-debug - image: "{{ include "http-header-injector.image.registry" (merge $proxyContainerConfig .) }}/{{ .Values.proxyInit.image.repository }}:{{ .Values.proxyInit.image.tag }}" - imagePullPolicy: {{ .Values.proxyInit.image.pullPolicy }} - command: ["/bin/sh", "-c", "while echo \"Running\"; do sleep 1; done"] - securityContext: - allowPrivilegeEscalation: false - capabilities: - add: - - NET_ADMIN - - NET_RAW - privileged: false - readOnlyRootFilesystem: true - runAsNonRoot: false - runAsUser: 0 - seccompProfile: - type: RuntimeDefault - volumeMounts: - # This is required for iptables to be able to run - - mountPath: /run - name: http-header-proxy-init-xtables-lock - - volumes: - - emptyDir: {} - name: http-header-proxy-init-xtables-lock - - mutationconfig.yaml: | - mutationConfigs: - - name: "http-header-injector" - annotationNamespace: "http-header-injector.stackstate.io" - annotationTrigger: "inject" - annotationConfig: - volumeMounts: [] - initContainersBeforePodInitContainers: [ "http-header-proxy-init" ] - initContainers: [ "http-header-proxy-init" ] - containers: [ "http-header-proxy" ] - volumes: [ "http-header-proxy-init-xtables-lock" ] - volumeMounts: [ ] - # Namespaces are ignored by the mutatingwebhook - ignoreNamespaces: [ ] - - name: "http-header-injector-debug" - annotationNamespace: "http-header-injector-debug.stackstate.io" - annotationTrigger: "inject" - annotationConfig: - volumeMounts: [] - initContainersBeforePodInitContainers: [ ] - initContainers: [ ] - containers: [ "http-header-inject-debug" ] - volumes: [ "http-header-proxy-init-xtables-lock" ] - volumeMounts: [ ] - # Namespaces are ignored by the mutatingwebhook - ignoreNamespaces: [ ] - {{- end -}} \ No newline at end of file diff --git a/charts/stackstate/stackstate-k8s-agent/1.0.53/charts/http-header-injector/templates/webhook-deployment.yaml b/charts/stackstate/stackstate-k8s-agent/1.0.53/charts/http-header-injector/templates/webhook-deployment.yaml deleted file mode 100644 index e885d0e46..000000000 --- a/charts/stackstate/stackstate-k8s-agent/1.0.53/charts/http-header-injector/templates/webhook-deployment.yaml +++ /dev/null @@ -1,56 +0,0 @@ -{{- if .Values.enabled -}} -{{- $containerConfig := dict "ContainerConfig" .Values.sidecarInjector -}} -apiVersion: apps/v1 -kind: Deployment -metadata: - labels: - app.kubernetes.io/component: http-header-injector - app.kubernetes.io/instance: {{ .Release.Name }} - app.kubernetes.io/name: {{ include "http-header-injector.app.name" . }} - app: "{{ include "http-header-injector.app.name" . }}" - name: "{{ include "http-header-injector.app.name" . }}" -spec: - replicas: 1 - selector: - matchLabels: - app: "{{ include "http-header-injector.app.name" . }}" - template: - metadata: - labels: - app.kubernetes.io/component: http-header-injector - app.kubernetes.io/instance: {{ .Release.Name }} - app.kubernetes.io/name: {{ include "http-header-injector.app.name" . }} - app: "{{ include "http-header-injector.app.name" . }}" - annotations: - checksum/config: {{ include (print $.Template.BasePath "/webhook-config.yaml") . | sha256sum }} - # This is here to make sure the generic injector gets restarted and picks up a new secret that may have been generated upon upgrade. - revision: "{{ .Release.Revision }}" - name: "{{ include "http-header-injector.app.name" . }}" - spec: - {{- include "http-header-injector.image.pullSecrets" . | nindent 6 }} - volumes: - - name: "{{ include "http-header-injector.webhook-config.name" . }}" - configMap: - name: "{{ include "http-header-injector.webhook-config.name" . }}" - - name: "{{ include "http-header-injector.cert-secret.name" . }}" - secret: - secretName: "{{ include "http-header-injector.cert-secret.name" . }}" - containers: - - image: "{{ include "http-header-injector.image.registry" (merge $containerConfig .) }}/{{ .Values.sidecarInjector.image.repository }}:{{ .Values.sidecarInjector.image.tag }}" - imagePullPolicy: {{ .Values.sidecarInjector.image.pullPolicy }} - name: http-header-injector - volumeMounts: - - name: "{{ include "http-header-injector.webhook-config.name" . }}" - mountPath: /etc/webhook/config - readOnly: true - - name: "{{ include "http-header-injector.cert-secret.name" . }}" - mountPath: /etc/webhook/certs - readOnly: true - command: [ "/sidecarinjector" ] - args: - - --port=8443 - - --sidecar-config-file=/etc/webhook/config/sidecarconfig.yaml - - --mutation-config-file=/etc/webhook/config/mutationconfig.yaml - - --cert-file-path=/etc/webhook/certs/tls.crt - - --key-file-path=/etc/webhook/certs/tls.key -{{- end -}} \ No newline at end of file diff --git a/charts/stackstate/stackstate-k8s-agent/1.0.53/charts/http-header-injector/templates/webhook-mutatingwebhookconfiguration.yaml b/charts/stackstate/stackstate-k8s-agent/1.0.53/charts/http-header-injector/templates/webhook-mutatingwebhookconfiguration.yaml deleted file mode 100644 index 32d58afde..000000000 --- a/charts/stackstate/stackstate-k8s-agent/1.0.53/charts/http-header-injector/templates/webhook-mutatingwebhookconfiguration.yaml +++ /dev/null @@ -1,52 +0,0 @@ -{{- if not (eq .Values.webhook.tls.mode "generated") }} -apiVersion: admissionregistration.k8s.io/v1 -kind: MutatingWebhookConfiguration -metadata: - name: "{{ include "http-header-injector.mutating-webhook.name" . }}" - namespace: "{{ .Release.Namespace }}" - labels: - app.kubernetes.io/component: http-header-injector - app.kubernetes.io/instance: {{ .Release.Name }} - app.kubernetes.io/name: {{ include "http-header-injector.app.name" . }} - annotations: - {{- if eq .Values.webhook.tls.mode "cert-manager" }} - cert-manager.io/inject-ca-from: {{ include "cert-manager.certificate.namespace" . }}/{{ include "http-header-injector.webhook-service.name" . }} - {{- else if eq .Values.webhook.tls.mode "secret" }} - cert-manager.io/inject-ca-from-secret: {{ .Release.Namespace }}/{{ .Values.webhook.tls.secret.name | required "'webhook.tls.secret.name' is required when webhook.tls.mode is 'secret'" }} - {{- end }} -webhooks: - - clientConfig: - {{- if eq .Values.webhook.tls.mode "provided" }} - caBundle: "{{ .Values.webhook.tls.provided.caBundle | b64enc }}" - {{- else if or (eq .Values.webhook.tls.mode "cert-manager") (eq .Values.webhook.tls.mode "secret") }} - caBundle: "" - {{- end }} - service: - name: "{{ include "http-header-injector.webhook-service.name" . }}" - path: /mutate - namespace: {{ .Release.Namespace }} - port: 8443 - # Putting failure on ignore, not doing so can crash the entire control plane if something goes wrong with the service. - failurePolicy: "{{ .Values.webhook.failurePolicy }}" - name: "{{ include "http-header-injector.mutatingwebhookconfiguration.name" . }}" - namespaceSelector: - matchExpressions: - - key: kubernetes.io/metadata.name - operator: NotIn - values: - - kube-system - - cert-manager - - {{ .Release.Namespace }} - rules: - - apiGroups: - - "" - apiVersions: - - v1 - operations: - - CREATE - resources: - - pods - sideEffects: None - admissionReviewVersions: - - v1 -{{- end }} diff --git a/charts/stackstate/stackstate-k8s-agent/1.0.53/charts/http-header-injector/templates/webhook-service.yaml b/charts/stackstate/stackstate-k8s-agent/1.0.53/charts/http-header-injector/templates/webhook-service.yaml deleted file mode 100644 index 6936a5d23..000000000 --- a/charts/stackstate/stackstate-k8s-agent/1.0.53/charts/http-header-injector/templates/webhook-service.yaml +++ /dev/null @@ -1,17 +0,0 @@ -{{- if .Values.enabled -}} -apiVersion: v1 -kind: Service -metadata: - labels: - app.kubernetes.io/component: http-header-injector - app.kubernetes.io/instance: {{ .Release.Name }} - app.kubernetes.io/name: {{ include "http-header-injector.app.name" . }} - name: "{{ include "http-header-injector.webhook-service.name" . }}" -spec: - ports: - - port: 8443 - protocol: TCP - targetPort: 8443 - selector: - app: "{{ include "http-header-injector.app.name" . }}" -{{- end -}} diff --git a/charts/stackstate/stackstate-k8s-agent/1.0.53/charts/http-header-injector/values.yaml b/charts/stackstate/stackstate-k8s-agent/1.0.53/charts/http-header-injector/values.yaml deleted file mode 100644 index 236a8bb6a..000000000 --- a/charts/stackstate/stackstate-k8s-agent/1.0.53/charts/http-header-injector/values.yaml +++ /dev/null @@ -1,98 +0,0 @@ -# enabled -- Enable/disable the mutationwebhook -enabled: true - -# debug -- Enable debugging. This will leave leave artifacts around like the prehook jobs for further inspection -debug: false - -global: - # global.imageRegistry -- Globally override the image registry that is used. Can be overridden by specific containers. Defaults to quay.io - imageRegistry: null - # global.imagePullSecrets -- Globally add image pull secrets that are used. - imagePullSecrets: [] - # global.imagePullCredentials -- Globally define credentials for pulling images. - imagePullCredentials: {} - -images: - pullSecretName: - -# proxy -- Proxy being injected into pods for rewriting http headers -proxy: - image: - # proxy.image.registry -- Registry for the docker image. - registry: - # proxy.image.repository - Repository for the docker image - repository: "stackstate/http-header-injector-proxy" - # proxy.image.pullPolicy -- Policy when pulling an image - pullPolicy: IfNotPresent - # proxy.image.tag -- The tag for the docker image - tag: sha-5ff79451 - - # proxy.resource -- Resources for the proxy container - resources: - requests: - # proxy.resources.requests.memory -- Memory resource requests. - memory: "25Mi" - limits: - # proxy.resources.limits.memory -- Memory resource limits. - memory: "40Mi" - -# proxyInit -- InitContainer within pod which redirects traffic to the proxy container. -proxyInit: - image: - # proxyInit.image.registry -- Registry for the docker image - registry: - # proxyInit.image.repository - Repository for the docker image - repository: "stackstate/http-header-injector-proxy-init" - # proxyInit.image.pullPolicy -- Policy when pulling an image - pullPolicy: IfNotPresent - # proxyInit.image.tag -- The tag for the docker image - tag: sha-5ff79451 - -# sidecarInjector -- Service for injecting the proxy sidecar into pods -sidecarInjector: - image: - # sidecarInjector.image.registry -- Registry for the docker image. - registry: - # sidecarInjector.image.repository - Repository for the docker image - repository: "stackstate/generic-sidecar-injector" - # sidecarInjector.image.pullPolicy -- Policy when pulling an image - pullPolicy: IfNotPresent - # sidecarInjector.image.tag -- The tag for the docker image - tag: sha-9c852245 - -# certificatePrehook -- Helm prehook to setup/remove a certificate for the sidecarInjector mutationwebhook -certificatePrehook: - image: - # certificatePrehook.image.registry -- Registry for the docker image. - registry: - # certificatePrehook.image.repository - Repository for the docker image. - repository: stackstate/container-tools - # certificatePrehook.image.pullPolicy -- Policy when pulling an image - pullPolicy: IfNotPresent - # certificatePrehook.image.tag -- The tag for the docker image - tag: 1.1.8 - -# webhook -- MutationWebhook that will be installed to inject a sidecar into pods -webhook: - # webhook.failurePolicy -- How should the webhook fail? Best is to use Ignore, because there is a brief moment at initialization when the hook s there but the service not. Also, putting this to fail can cause the control plane be unresponsive. - failurePolicy: Ignore - tls: - # webhook.tls.mode -- The mode for the webhook. Can be "provided", "generated", "secret" or "cert-manager". If you want to use cert-manager, you need to install it first. NOTE: If you choose "generated", additional privileges are required to create the certificate and webhook at runtime. - mode: "generated" - provided: - # webhook.tls.provided.caBundle -- The caBundle that is used for the webhook. This is the certificate that is used to sign the webhook. Only used if you set webhook.tls.mode to "provided". - caBundle: "" - # webhook.tls.provided.crt -- The certificate that is used for the webhook. Only used if you set webhook.tls.mode to "provided". - crt: "" - # webhook.tls.provided.key -- The key that is used for the webhook. Only used if you set webhook.tls.mode to "provided". - key: "" - certManager: - # webhook.tls.certManager.issuer -- The issuer that is used for the webhook. Only used if you set webhook.tls.mode to "cert-manager". - issuer: "" - # webhook.tls.certManager.issuerKind -- The issuer kind that is used for the webhook, valid values are "Issuer" or "ClusterIssuer". Only used if you set webhook.tls.mode to "cert-manager". - issuerKind: "ClusterIssuer" - # webhook.tls.certManager.issuerNamespace -- The namespace the cert-manager issuer is located in. If left empty defaults to the release's namespace that is used for the webhook. Only used if you set webhook.tls.mode to "cert-manager". - issuerNamespace: "" - secret: - # webhook.tls.secret.name -- The name of the secret containing the pre-provisioned certificate data that is used for the webhook. Only used if you set webhook.tls.mode to "secret". - name: "" diff --git a/charts/stackstate/stackstate-k8s-agent/1.0.53/questions.yml b/charts/stackstate/stackstate-k8s-agent/1.0.53/questions.yml deleted file mode 100644 index 5d6e6a011..000000000 --- a/charts/stackstate/stackstate-k8s-agent/1.0.53/questions.yml +++ /dev/null @@ -1,184 +0,0 @@ -questions: - - variable: stackstate.apiKey - label: "StackState API Key" - type: string - description: "The API key for StackState." - required: true - group: General - - variable: stackstate.url - label: "StackState URL" - type: string - description: "The URL where StackState is running." - required: true - group: General - - variable: stackstate.cluster.name - label: "StackState Cluster Name" - type: string - description: "The StackState Cluster Name given when installing the instance of the Kubernetes StackPack in StackState. This is used to identify the cluster in StackState." - required: true - group: General - - variable: all.registry.override - label: "Override Default Image Registry" - type: boolean - description: "Whether or not to override the default image registry." - default: false - group: "General" - show_subquestions_if: true - subquestions: - - variable: all.image.registry - label: "Docker Image Registry" - type: string - description: "The registry to pull the StackState Agent images from." - default: "quay.io" - - variable: global.imagePullCredentials.username - label: "Docker Image Pull Username" - type: string - description: "The username to use when pulling the StackState Agent images." - - variable: global.imagePullCredentials.password - label: "Docker Image Pull Password" - type: secret - description: "The password to use when pulling the StackState Agent images." - - variable: nodeAgent.containers.agent.resources.override - label: "Override Node Agent Resource Allocation" - type: boolean - description: "Whether or not to override the default resources." - default: "false" - group: "Node Agent" - show_subquestions_if: true - subquestions: - - variable: nodeAgent.containers.agent.resources.requests.cpu - label: "CPU Requests" - type: string - description: "The requested CPU for the Node Agent." - default: "20m" - - variable: nodeAgent.containers.agent.resources.requests.memory - label: "Memory Requests" - type: string - description: "The requested memory for the Node Agent." - default: "180Mi" - - variable: nodeAgent.containers.agent.resources.limits.cpu - label: "CPU Limit" - type: string - description: "The CPU limit for the Node Agent." - default: "270m" - - variable: nodeAgent.containers.agent.resources.limits.memory - label: "Memory Limit" - type: string - description: "The memory limit for the Node Agent." - default: "420Mi" - - variable: nodeAgent.containers.processAgent.enabled - label: "Enable Process Agent" - type: boolean - description: "Whether or not to enable the Process Agent." - default: "true" - group: "Process Agent" - - variable: nodeAgent.skipKubeletTLSVerify - label: "Skip Kubelet TLS Verify" - type: boolean - description: "Whether or not to skip TLS verification when connecting to the kubelet API." - default: "true" - group: "Process Agent" - - variable: nodeAgent.containers.processAgent.resources.override - label: "Override Process Agent Resource Allocation" - type: boolean - description: "Whether or not to override the default resources." - default: "false" - group: "Process Agent" - show_subquestions_if: true - subquestions: - - variable: nodeAgent.containers.processAgent.resources.requests.cpu - label: "CPU Requests" - type: string - description: "The requested CPU for the Process Agent." - default: "25m" - - variable: nodeAgent.containers.processAgent.resources.requests.memory - label: "Memory Requests" - type: string - description: "The requested memory for the Process Agent." - default: "128Mi" - - variable: nodeAgent.containers.processAgent.resources.limits.cpu - label: "CPU Limit" - type: string - description: "The CPU limit for the Process Agent." - default: "125m" - - variable: nodeAgent.containers.processAgent.resources.limits.memory - label: "Memory Limit" - type: string - description: "The memory limit for the Process Agent." - default: "400Mi" - - variable: clusterAgent.enabled - label: "Enable Cluster Agent" - type: boolean - description: "Whether or not to enable the Cluster Agent." - default: "true" - group: "Cluster Agent" - - variable: clusterAgent.collection.kubernetesResources.secrets - label: "Collect Secret Resources" - type: boolean - description: | - Whether or not to collect Kubernetes Secrets. - NOTE: StackState will not send the actual data of the secrets, only the metadata and a secure hash of the data. - default: "true" - group: "Cluster Agent" - - variable: clusterAgent.resources.override - label: "Override Cluster Agent Resource Allocation" - type: boolean - description: "Whether or not to override the default resources." - default: "false" - group: "Cluster Agent" - show_subquestions_if: true - subquestions: - - variable: clusterAgent.resources.requests.cpu - label: "CPU Requests" - type: string - description: "The requested CPU for the Cluster Agent." - default: "70m" - - variable: clusterAgent.resources.requests.memory - label: "Memory Requests" - type: string - description: "The requested memory for the Cluster Agent." - default: "512Mi" - - variable: clusterAgent.resources.limits.cpu - label: "CPU Limit" - type: string - description: "The CPU limit for the Cluster Agent." - default: "400m" - - variable: clusterAgent.resources.limits.memory - label: "Memory Limit" - type: string - description: "The memory limit for the Cluster Agent." - default: "800Mi" - - variable: logsAgent.enabled - label: "Enable Logs Agent" - type: boolean - description: "Whether or not to enable the Logs Agent." - default: "true" - group: "Logs Agent" - - variable: logsAgent.resources.override - label: "Override Logs Agent Resource Allocation" - type: boolean - description: "Whether or not to override the default resources." - default: "false" - group: "Logs Agent" - show_subquestions_if: true - subquestions: - - variable: logsAgent.resources.requests.cpu - label: "CPU Requests" - type: string - description: "The requested CPU for the Logs Agent." - default: "20m" - - variable: logsAgent.resources.requests.memory - label: "Memory Requests" - type: string - description: "The requested memory for the Logs Agent." - default: "100Mi" - - variable: logsAgent.resources.limits.cpu - label: "CPU Limit" - type: string - description: "The CPU limit for the Logs Agent." - default: "1300m" - - variable: logsAgent.resources.limits.memory - label: "Memory Limit" - type: string - description: "The memory limit for the Logs Agent." - default: "192Mi" diff --git a/charts/stackstate/stackstate-k8s-agent/1.0.53/templates/_cluster-agent-kube-state-metrics.yaml b/charts/stackstate/stackstate-k8s-agent/1.0.53/templates/_cluster-agent-kube-state-metrics.yaml deleted file mode 100644 index f99fbf618..000000000 --- a/charts/stackstate/stackstate-k8s-agent/1.0.53/templates/_cluster-agent-kube-state-metrics.yaml +++ /dev/null @@ -1,62 +0,0 @@ -{{- define "cluster-agent-kube-state-metrics" -}} -{{- $kubeRes := .Values.clusterAgent.collection.kubernetesResources }} -{{- if .Values.clusterAgent.collection.kubeStateMetrics.clusterCheck }} -cluster_check: true -{{- end }} -init_config: -instances: - - collectors: - - nodes - - pods - - services - {{- if $kubeRes.persistentvolumeclaims }} - - persistentvolumeclaims - {{- end }} - {{- if $kubeRes.persistentvolumes }} - - persistentvolumes - {{- end }} - {{- if $kubeRes.namespaces }} - - namespaces - {{- end }} - {{- if $kubeRes.endpoints }} - - endpoints - {{- end }} - {{- if $kubeRes.daemonsets }} - - daemonsets - {{- end }} - {{- if $kubeRes.deployments }} - - deployments - {{- end }} - {{- if $kubeRes.replicasets }} - - replicasets - {{- end }} - {{- if $kubeRes.statefulsets }} - - statefulsets - {{- end }} - {{- if $kubeRes.cronjobs }} - - cronjobs - {{- end }} - {{- if $kubeRes.jobs }} - - jobs - {{- end }} - {{- if $kubeRes.ingresses }} - - ingresses - {{- end }} - {{- if $kubeRes.secrets }} - - secrets - {{- end }} - - resourcequotas - - replicationcontrollers - - limitranges - - horizontalpodautoscalers - - poddisruptionbudgets - - storageclasses - - volumeattachments - {{- if .Values.clusterAgent.collection.kubeStateMetrics.clusterCheck }} - skip_leader_election: true - {{- end }} - labels_as_tags: - {{ .Values.clusterAgent.collection.kubeStateMetrics.labelsAsTags | toYaml | indent 8 }} - annotations_as_tags: - {{ .Values.clusterAgent.collection.kubeStateMetrics.annotationsAsTags | toYaml | indent 8 }} -{{- end -}} diff --git a/charts/stackstate/stackstate-k8s-agent/1.0.53/templates/_container-agent.yaml b/charts/stackstate/stackstate-k8s-agent/1.0.53/templates/_container-agent.yaml deleted file mode 100644 index 033ca11ec..000000000 --- a/charts/stackstate/stackstate-k8s-agent/1.0.53/templates/_container-agent.yaml +++ /dev/null @@ -1,192 +0,0 @@ -{{- define "container-agent" -}} -- name: node-agent -{{- if .Values.all.hardening.enabled}} - lifecycle: - preStop: - exec: - command: [ "/bin/sh", "-c", "echo 'Giving slim.ai monitor time to submit data...'; sleep 120" ] -{{- end }} - image: "{{ include "stackstate-k8s-agent.imageRegistry" . }}/{{ .Values.nodeAgent.containers.agent.image.repository }}:{{ .Values.nodeAgent.containers.agent.image.tag }}" - imagePullPolicy: "{{ .Values.nodeAgent.containers.agent.image.pullPolicy }}" - env: - - name: STS_API_KEY - valueFrom: - secretKeyRef: - name: {{ include "stackstate-k8s-agent.fullname" . }} - key: sts-api-key - - name: STS_KUBERNETES_KUBELET_HOST - valueFrom: - fieldRef: - fieldPath: status.hostIP - - name: KUBERNETES_HOSTNAME - valueFrom: - fieldRef: - fieldPath: spec.nodeName - - name: STS_HOSTNAME - value: "$(KUBERNETES_HOSTNAME)-{{ .Values.stackstate.cluster.name}}" - - name: AGENT_VERSION - value: {{ .Values.nodeAgent.containers.agent.image.tag | quote }} - - name: HOST_PROC - value: "/host/proc" - - name: HOST_SYS - value: "/host/sys" - - name: KUBERNETES - value: "true" - - name: STS_APM_ENABLED - value: {{ .Values.nodeAgent.apm.enabled | quote }} - - name: STS_APM_URL - value: {{ include "stackstate-k8s-agent.stackstate.url" . }} - - name: STS_CLUSTER_AGENT_ENABLED - value: {{ .Values.clusterAgent.enabled | quote }} - {{- if .Values.clusterAgent.enabled }} - - name: STS_CLUSTER_AGENT_KUBERNETES_SERVICE_NAME - value: {{ .Release.Name }}-cluster-agent - - name: STS_CLUSTER_AGENT_AUTH_TOKEN - valueFrom: - secretKeyRef: - name: {{ include "stackstate-k8s-agent.fullname" . }} - key: sts-cluster-auth-token - {{- end }} - - name: STS_CLUSTER_NAME - value: {{ .Values.stackstate.cluster.name | quote }} - - name: STS_SKIP_VALIDATE_CLUSTERNAME - value: "true" - - name: STS_CHECKS_TAG_CARDINALITY - value: {{ .Values.nodeAgent.checksTagCardinality | quote }} - {{- if .Values.checksAgent.enabled }} - - name: STS_EXTRA_CONFIG_PROVIDERS - value: "endpointschecks" - {{- end }} - - name: STS_HEALTH_PORT - value: "5555" - - name: STS_LEADER_ELECTION - value: "false" - - name: LOG_LEVEL - value: {{ .Values.nodeAgent.containers.agent.logLevel | default .Values.nodeAgent.logLevel | quote }} - - name: STS_LOG_LEVEL - value: {{ .Values.nodeAgent.containers.agent.logLevel | default .Values.nodeAgent.logLevel | quote }} - - name: STS_NETWORK_TRACING_ENABLED - value: {{ .Values.nodeAgent.networkTracing.enabled | quote }} - - name: STS_PROTOCOL_INSPECTION_ENABLED - value: {{ .Values.nodeAgent.protocolInspection.enabled | quote }} - - name: STS_PROCESS_AGENT_ENABLED - value: {{ .Values.nodeAgent.containers.agent.processAgent.enabled | quote }} - - name: STS_CONTAINER_CHECK_INTERVAL - value: {{ .Values.processAgent.checkIntervals.container | quote }} - - name: STS_CONNECTION_CHECK_INTERVAL - value: {{ .Values.processAgent.checkIntervals.connections | quote }} - - name: STS_PROCESS_CHECK_INTERVAL - value: {{ .Values.processAgent.checkIntervals.process | quote }} - - name: STS_PROCESS_AGENT_URL - value: {{ include "stackstate-k8s-agent.stackstate.url" . }} - - name: STS_SKIP_SSL_VALIDATION - value: {{ .Values.nodeAgent.skipSslValidation | quote }} - - name: STS_SKIP_KUBELET_TLS_VERIFY - value: {{ .Values.nodeAgent.skipKubeletTLSVerify | quote }} - - name: STS_STS_URL - value: {{ include "stackstate-k8s-agent.stackstate.url" . }} - {{- if .Values.nodeAgent.containerRuntime.customSocketPath }} - - name: STS_CRI_SOCKET_PATH - value: {{ .Values.nodeAgent.containerRuntime.customSocketPath }} - {{- end }} - {{- range $key, $value := .Values.nodeAgent.containers.agent.env }} - - name: {{ $key }} - value: {{ $value | quote }} - {{- end }} - {{- range $key, $value := .Values.global.extraEnv.open }} - - name: {{ $key }} - value: {{ $value | quote }} - {{- end }} - {{- range $key, $value := .Values.global.extraEnv.secret }} - - name: {{ $key }} - valueFrom: - secretKeyRef: - name: {{ include "stackstate-k8s-agent.fullname" . }} - key: {{ $key }} - {{- end }} - {{- if .Values.nodeAgent.containers.agent.livenessProbe.enabled }} - livenessProbe: - httpGet: - path: /health - port: healthport - failureThreshold: {{ .Values.nodeAgent.containers.agent.livenessProbe.failureThreshold }} - initialDelaySeconds: {{ .Values.nodeAgent.containers.agent.livenessProbe.initialDelaySeconds }} - periodSeconds: {{ .Values.nodeAgent.containers.agent.livenessProbe.periodSeconds }} - successThreshold: {{ .Values.nodeAgent.containers.agent.livenessProbe.successThreshold }} - timeoutSeconds: {{ .Values.nodeAgent.containers.agent.livenessProbe.timeoutSeconds }} - {{- end }} - {{- if .Values.nodeAgent.containers.agent.readinessProbe.enabled }} - readinessProbe: - httpGet: - path: /health - port: healthport - failureThreshold: {{ .Values.nodeAgent.containers.agent.readinessProbe.failureThreshold }} - initialDelaySeconds: {{ .Values.nodeAgent.containers.agent.readinessProbe.initialDelaySeconds }} - periodSeconds: {{ .Values.nodeAgent.containers.agent.readinessProbe.periodSeconds }} - successThreshold: {{ .Values.nodeAgent.containers.agent.readinessProbe.successThreshold }} - timeoutSeconds: {{ .Values.nodeAgent.containers.agent.readinessProbe.timeoutSeconds }} - {{- end }} - ports: - - containerPort: 8126 - name: traceport - protocol: TCP - - containerPort: 5555 - name: healthport - protocol: TCP - {{- with .Values.nodeAgent.containers.agent.resources }} - resources: - {{- toYaml . | nindent 12 }} - {{- end }} - volumeMounts: - {{- if .Values.nodeAgent.containerRuntime.customSocketPath }} - - name: customcrisocket - mountPath: {{ .Values.nodeAgent.containerRuntime.customSocketPath }} - readOnly: true - {{- end }} - - name: crisocket - mountPath: /var/run/crio/crio.sock - readOnly: true - - name: containerdsocket - mountPath: /var/run/containerd/containerd.sock - readOnly: true - - name: kubelet - mountPath: /var/lib/kubelet - readOnly: true - - name: nfs - mountPath: /var/lib/nfs - readOnly: true - - name: dockersocket - mountPath: /var/run/docker.sock - readOnly: true - - name: dockernetns - mountPath: /run/docker/netns - readOnly: true - - name: dockeroverlay2 - mountPath: /var/lib/docker/overlay2 - readOnly: true - - name: procdir - mountPath: /host/proc - readOnly: true - - name: cgroups - mountPath: /host/sys/fs/cgroup - readOnly: true - {{- if .Values.nodeAgent.config.override }} - {{- range .Values.nodeAgent.config.override }} - - name: config-override-volume - mountPath: {{ .path }}/{{ .name }} - subPath: {{ .path | replace "/" "_"}}_{{ .name }} - readOnly: true - {{- end }} - {{- end }} -{{- if .Values.all.hardening.enabled}} - securityContext: - privileged: true - runAsUser: 0 # root - capabilities: - add: [ "ALL" ] - readOnlyRootFilesystem: false -{{- else }} - securityContext: - privileged: false -{{- end }} -{{- end -}} diff --git a/charts/stackstate/stackstate-k8s-agent/1.0.53/templates/_container-process-agent.yaml b/charts/stackstate/stackstate-k8s-agent/1.0.53/templates/_container-process-agent.yaml deleted file mode 100644 index 345484161..000000000 --- a/charts/stackstate/stackstate-k8s-agent/1.0.53/templates/_container-process-agent.yaml +++ /dev/null @@ -1,154 +0,0 @@ -{{- define "container-process-agent" -}} -- name: process-agent -{{ if .Values.nodeAgent.containers.processAgent.image.registry }} - image: "{{ .Values.nodeAgent.containers.processAgent.image.registry }}/{{ .Values.nodeAgent.containers.processAgent.image.repository }}:{{ .Values.nodeAgent.containers.processAgent.image.tag }}" -{{ else }} - image: "{{ include "stackstate-k8s-agent.imageRegistry" . }}/{{ .Values.nodeAgent.containers.processAgent.image.repository }}:{{ .Values.nodeAgent.containers.processAgent.image.tag }}" -{{- end }} - imagePullPolicy: "{{ .Values.nodeAgent.containers.processAgent.image.pullPolicy }}" - ports: - - containerPort: 6063 - env: - - name: STS_API_KEY - valueFrom: - secretKeyRef: - name: {{ include "stackstate-k8s-agent.fullname" . }} - key: sts-api-key - - name: STS_KUBERNETES_KUBELET_HOST - valueFrom: - fieldRef: - fieldPath: status.hostIP - - name: KUBERNETES_HOSTNAME - valueFrom: - fieldRef: - fieldPath: spec.nodeName - - name: STS_HOSTNAME - value: "$(KUBERNETES_HOSTNAME)-{{ .Values.stackstate.cluster.name}}" - - name: AGENT_VERSION - value: {{ .Values.nodeAgent.containers.processAgent.image.tag | quote }} - - name: STS_LOG_TO_CONSOLE - value: "true" - - name: HOST_PROC - value: "/host/proc" - - name: HOST_SYS - value: "/host/sys" - - name: KUBERNETES - value: "true" - - name: STS_CLUSTER_AGENT_ENABLED - value: {{ .Values.clusterAgent.enabled | quote }} - {{- if .Values.clusterAgent.enabled }} - - name: STS_CLUSTER_AGENT_KUBERNETES_SERVICE_NAME - value: {{ .Release.Name }}-cluster-agent - - name: STS_CLUSTER_AGENT_AUTH_TOKEN - valueFrom: - secretKeyRef: - name: {{ include "stackstate-k8s-agent.fullname" . }} - key: sts-cluster-auth-token - {{- end }} - - name: STS_CLUSTER_NAME - value: {{ .Values.stackstate.cluster.name | quote }} - - name: STS_SKIP_VALIDATE_CLUSTERNAME - value: "true" - - name: LOG_LEVEL - value: {{ .Values.nodeAgent.containers.processAgent.logLevel | default .Values.nodeAgent.logLevel | quote }} - - name: STS_LOG_LEVEL - value: {{ .Values.nodeAgent.containers.processAgent.logLevel | default .Values.nodeAgent.logLevel | quote }} - - name: STS_NETWORK_TRACING_ENABLED - value: {{ .Values.nodeAgent.networkTracing.enabled | quote }} - - name: STS_PROTOCOL_INSPECTION_ENABLED - value: {{ .Values.nodeAgent.protocolInspection.enabled | quote }} - - name: STS_PROCESS_AGENT_ENABLED - value: {{ .Values.nodeAgent.containers.processAgent.enabled | quote }} - - name: STS_CONTAINER_CHECK_INTERVAL - value: {{ .Values.processAgent.checkIntervals.container | quote }} - - name: STS_CONNECTION_CHECK_INTERVAL - value: {{ .Values.processAgent.checkIntervals.connections | quote }} - - name: STS_PROCESS_CHECK_INTERVAL - value: {{ .Values.processAgent.checkIntervals.process | quote }} - - name: GOMEMLIMIT - value: {{ .Values.processAgent.softMemoryLimit.goMemLimit | quote }} - - name: STS_HTTP_STATS_BUFFER_SIZE - value: {{ .Values.processAgent.softMemoryLimit.httpStatsBufferSize | quote }} - - name: STS_HTTP_OBSERVATIONS_BUFFER_SIZE - value: {{ .Values.processAgent.softMemoryLimit.httpObservationsBufferSize | quote }} - - name: STS_PROCESS_AGENT_URL - value: {{ include "stackstate-k8s-agent.stackstate.url" . }} - - name: STS_SKIP_SSL_VALIDATION - value: {{ .Values.nodeAgent.skipSslValidation | quote }} - - name: STS_SKIP_KUBELET_TLS_VERIFY - value: {{ .Values.nodeAgent.skipKubeletTLSVerify | quote }} - - name: STS_STS_URL - value: {{ include "stackstate-k8s-agent.stackstate.url" . }} - - name: STS_HTTP_TRACING_ENABLED - value: {{ .Values.nodeAgent.httpTracing.enabled | quote }} - {{- if .Values.nodeAgent.containerRuntime.customSocketPath }} - - name: STS_CRI_SOCKET_PATH - value: {{ .Values.nodeAgent.containerRuntime.customSocketPath }} - {{- end }} - {{- range $key, $value := .Values.nodeAgent.containers.processAgent.env }} - - name: {{ $key }} - value: {{ $value | quote }} - {{- end }} - {{- range $key, $value := .Values.global.extraEnv.open }} - - name: {{ $key }} - value: {{ $value | quote }} - {{- end }} - {{- range $key, $value := .Values.global.extraEnv.secret }} - - name: {{ $key }} - valueFrom: - secretKeyRef: - name: {{ include "stackstate-k8s-agent.fullname" . }} - key: {{ $key }} - {{- end }} - {{- with .Values.nodeAgent.containers.processAgent.resources }} - resources: - {{- toYaml . | nindent 12 }} - {{- end }} - volumeMounts: - {{- if .Values.nodeAgent.containerRuntime.customSocketPath }} - - name: customcrisocket - mountPath: {{ .Values.nodeAgent.containerRuntime.customSocketPath }} - readOnly: true - {{- end }} - - name: crisocket - mountPath: /var/run/crio/crio.sock - readOnly: true - - name: containerdsocket - mountPath: /var/run/containerd/containerd.sock - readOnly: true - - name: sys-kernel-debug - mountPath: /sys/kernel/debug - # Having sys-kernel-debug as read only breaks specific monitors from receiving metrics - # readOnly: true - - name: dockersocket - mountPath: /var/run/docker.sock - readOnly: true - - name: procdir - mountPath: /host/proc - readOnly: true - - name: passwd - mountPath: /etc/passwd - readOnly: true - - name: cgroups - mountPath: /host/sys/fs/cgroup - readOnly: true - {{- if .Values.nodeAgent.config.override }} - {{- range .Values.nodeAgent.config.override }} - - name: config-override-volume - mountPath: {{ .path }}/{{ .name }} - subPath: {{ .path | replace "/" "_"}}_{{ .name }} - readOnly: true - {{- end }} - {{- end }} -{{- if .Values.all.hardening.enabled}} - securityContext: - privileged: true - runAsUser: 0 # root - capabilities: - add: [ "ALL" ] - readOnlyRootFilesystem: false -{{- else }} - securityContext: - privileged: true -{{- end }} -{{- end -}} diff --git a/charts/stackstate/stackstate-k8s-agent/1.0.53/templates/_helpers.tpl b/charts/stackstate/stackstate-k8s-agent/1.0.53/templates/_helpers.tpl deleted file mode 100644 index 09a27fd6e..000000000 --- a/charts/stackstate/stackstate-k8s-agent/1.0.53/templates/_helpers.tpl +++ /dev/null @@ -1,175 +0,0 @@ -{{/* vim: set filetype=mustache: */}} -{{/* -Expand the name of the chart. -*/}} -{{- define "stackstate-k8s-agent.name" -}} -{{- default .Chart.Name .Values.nameOverride | trunc 63 | trimSuffix "-" -}} -{{- end -}} - -{{/* -Create a default fully qualified app name. -We truncate at 63 chars because some Kubernetes name fields are limited to this (by the DNS naming spec). -If release name contains chart name it will be used as a full name. -*/}} -{{- define "stackstate-k8s-agent.fullname" -}} -{{- if .Values.fullnameOverride -}} -{{- .Values.fullnameOverride | trunc 63 | trimSuffix "-" -}} -{{- else -}} -{{- $name := default .Chart.Name .Values.nameOverride -}} -{{- if contains $name .Release.Name -}} -{{- .Release.Name | trunc 63 | trimSuffix "-" -}} -{{- else -}} -{{- printf "%s-%s" .Release.Name $name | trunc 63 | trimSuffix "-" -}} -{{- end -}} -{{- end -}} -{{- end -}} - -{{/* -Create chart name and version as used by the chart label. -*/}} -{{- define "stackstate-k8s-agent.chart" -}} -{{- printf "%s-%s" .Chart.Name .Chart.Version | replace "+" "_" | trunc 63 | trimSuffix "-" -}} -{{- end -}} - -{{/* -Common labels -*/}} -{{- define "stackstate-k8s-agent.labels" -}} -app.kubernetes.io/name: {{ include "stackstate-k8s-agent.name" . }} -helm.sh/chart: {{ include "stackstate-k8s-agent.chart" . }} -app.kubernetes.io/instance: {{ .Release.Name }} -{{- if .Chart.AppVersion }} -app.kubernetes.io/version: {{ .Chart.AppVersion | quote }} -{{- end }} -app.kubernetes.io/managed-by: {{ .Release.Service }} -{{- end -}} - -{{/* -Cluster agent checksum annotations -*/}} -{{- define "stackstate-k8s-agent.checksum-configs" }} -checksum/secret: {{ include (print $.Template.BasePath "/secret.yaml") . | sha256sum }} -{{- end }} - -{{/* -StackState URL function -*/}} -{{- define "stackstate-k8s-agent.stackstate.url" -}} -{{ tpl .Values.stackstate.url . | quote }} -{{- end }} - -{{- define "stackstate-k8s-agent.configmap.override.checksum" -}} -{{- if .Values.clusterAgent.config.override }} -checksum/override-configmap: {{ include (print $.Template.BasePath "/cluster-agent-configmap.yaml") . | sha256sum }} -{{- end }} -{{- end }} - -{{- define "stackstate-k8s-agent.nodeAgent.configmap.override.checksum" -}} -{{- if .Values.nodeAgent.config.override }} -checksum/override-configmap: {{ include (print $.Template.BasePath "/node-agent-configmap.yaml") . | sha256sum }} -{{- end }} -{{- end }} - -{{- define "stackstate-k8s-agent.logsAgent.configmap.override.checksum" -}} -checksum/override-configmap: {{ include (print $.Template.BasePath "/logs-agent-configmap.yaml") . | sha256sum }} -{{- end }} - -{{- define "stackstate-k8s-agent.checksAgent.configmap.override.checksum" -}} -{{- if .Values.checksAgent.config.override }} -checksum/override-configmap: {{ include (print $.Template.BasePath "/checks-agent-configmap.yaml") . | sha256sum }} -{{- end }} -{{- end }} - - -{{/* -Return the image registry -*/}} -{{- define "stackstate-k8s-agent.imageRegistry" -}} - {{- if .Values.global }} - {{- .Values.global.imageRegistry | default .Values.all.image.registry -}} - {{- else -}} - {{- .Values.all.image.registry -}} - {{- end -}} -{{- end -}} - -{{/* -Renders a value that contains a template. -Usage: -{{ include "stackstate-k8s-agent.tplvalue.render" ( dict "value" .Values.path.to.the.Value "context" $) }} -*/}} -{{- define "stackstate-k8s-agent.tplvalue.render" -}} - {{- if typeIs "string" .value }} - {{- tpl .value .context }} - {{- else }} - {{- tpl (.value | toYaml) .context }} - {{- end }} -{{- end -}} - -{{- define "stackstate-k8s-agent.pull-secret.name" -}} -{{ include "stackstate-k8s-agent.fullname" . }}-pull-secret -{{- end -}} - -{{/* -Return the proper Docker Image Registry Secret Names evaluating values as templates -{{ include "stackstate-k8s-agent.image.pullSecrets" ( dict "images" (list .Values.path.to.the.image1, .Values.path.to.the.image2) "context" $) }} -*/}} -{{- define "stackstate-k8s-agent.image.pullSecrets" -}} - {{- $pullSecrets := list }} - {{- $context := .context }} - {{- if $context.Values.global }} - {{- range $context.Values.global.imagePullSecrets -}} - {{/* Is plain array of strings, compatible with all bitnami charts */}} - {{- $pullSecrets = append $pullSecrets (include "stackstate-k8s-agent.tplvalue.render" (dict "value" . "context" $context)) -}} - {{- end -}} - {{- end -}} - {{- range $context.Values.imagePullSecrets -}} - {{- $pullSecrets = append $pullSecrets (include "stackstate-k8s-agent.tplvalue.render" (dict "value" .name "context" $context)) -}} - {{- end -}} - {{- range .images -}} - {{- if .pullSecretName -}} - {{- $pullSecrets = append $pullSecrets (include "stackstate-k8s-agent.tplvalue.render" (dict "value" .pullSecretName "context" $context)) -}} - {{- end -}} - {{- end -}} - {{- $pullSecrets = append $pullSecrets (include "stackstate-k8s-agent.pull-secret.name" $context) -}} - {{- if (not (empty $pullSecrets)) -}} -imagePullSecrets: - {{- range $pullSecrets | uniq }} - - name: {{ . }} - {{- end }} - {{- end }} -{{- end -}} - -{{/* -Check whether the kubernetes-state-metrics configuration is overridden. If so, return 'true' else return nothing (which is false). -{{ include "stackstate-k8s-agent.kube-state-metrics.overridden" $ }} -*/}} -{{- define "stackstate-k8s-agent.kube-state-metrics.overridden" -}} -{{- if .Values.clusterAgent.config.override }} - {{- range $i, $val := .Values.clusterAgent.config.override }} - {{- if and (eq $val.name "conf.yaml") (eq $val.path "/etc/stackstate-agent/conf.d/kubernetes_state.d") }} -true - {{- end }} - {{- end }} -{{- end }} -{{- end -}} - -{{- define "stackstate-k8s-agent.nodeAgent.kube-state-metrics.overridden" -}} -{{- if .Values.nodeAgent.config.override }} - {{- range $i, $val := .Values.nodeAgent.config.override }} - {{- if and (eq $val.name "auto_conf.yaml") (eq $val.path "/etc/stackstate-agent/conf.d/kubernetes_state.d") }} -true - {{- end }} - {{- end }} -{{- end }} -{{- end -}} - -{{/* -Return the appropriate os label -*/}} -{{- define "label.os" -}} -{{- if semverCompare "^1.14-0" .Capabilities.KubeVersion.GitVersion -}} -kubernetes.io/os -{{- else -}} -beta.kubernetes.io/os -{{- end -}} -{{- end -}} diff --git a/charts/stackstate/stackstate-k8s-agent/1.0.53/templates/checks-agent-clusterrolebinding.yaml b/charts/stackstate/stackstate-k8s-agent/1.0.53/templates/checks-agent-clusterrolebinding.yaml deleted file mode 100644 index 9db8b0bc3..000000000 --- a/charts/stackstate/stackstate-k8s-agent/1.0.53/templates/checks-agent-clusterrolebinding.yaml +++ /dev/null @@ -1,18 +0,0 @@ -{{- if .Values.checksAgent.enabled }} -apiVersion: rbac.authorization.k8s.io/v1 -kind: ClusterRoleBinding -metadata: - name: {{ .Release.Name }}-checks-agent - labels: -{{ include "stackstate-k8s-agent.labels" . | indent 4 }} - app.kubernetes.io/component: checks-agent -roleRef: - apiGroup: rbac.authorization.k8s.io - kind: ClusterRole - name: {{ .Release.Name }}-node-agent -subjects: -- apiGroup: "" - kind: ServiceAccount - name: {{ .Release.Name }}-checks-agent - namespace: {{ .Release.Namespace }} -{{- end -}} diff --git a/charts/stackstate/stackstate-k8s-agent/1.0.53/templates/checks-agent-configmap.yaml b/charts/stackstate/stackstate-k8s-agent/1.0.53/templates/checks-agent-configmap.yaml deleted file mode 100644 index faeefa1fc..000000000 --- a/charts/stackstate/stackstate-k8s-agent/1.0.53/templates/checks-agent-configmap.yaml +++ /dev/null @@ -1,14 +0,0 @@ -{{- if and .Values.checksAgent.enabled .Values.checksAgent.config.override }} -apiVersion: v1 -kind: ConfigMap -metadata: - name: {{ .Release.Name }}-checks-agent - labels: -{{ include "stackstate-k8s-agent.labels" . | indent 4 }} - app.kubernetes.io/component: checks-agent -data: -{{- range .Values.checksAgent.config.override }} - {{ .path | replace "/" "_"}}_{{ .name }}: | -{{ .data | indent 4 -}} -{{- end -}} -{{- end -}} diff --git a/charts/stackstate/stackstate-k8s-agent/1.0.53/templates/checks-agent-deployment.yaml b/charts/stackstate/stackstate-k8s-agent/1.0.53/templates/checks-agent-deployment.yaml deleted file mode 100644 index 4530fc616..000000000 --- a/charts/stackstate/stackstate-k8s-agent/1.0.53/templates/checks-agent-deployment.yaml +++ /dev/null @@ -1,182 +0,0 @@ -{{- if .Values.checksAgent.enabled }} -apiVersion: apps/v1 -kind: Deployment -metadata: - name: {{ .Release.Name }}-checks-agent - namespace: {{ .Release.Namespace }} - labels: -{{ include "stackstate-k8s-agent.labels" . | indent 4 }} - app.kubernetes.io/component: checks-agent -spec: - selector: - matchLabels: - app.kubernetes.io/component: checks-agent - app.kubernetes.io/instance: {{ .Release.Name }} - app.kubernetes.io/name: {{ include "stackstate-k8s-agent.name" . }} - replicas: {{ .Values.checksAgent.replicas }} -{{- with .Values.checksAgent.strategy }} - strategy: - {{- toYaml . | nindent 4 }} -{{- end }} - template: - metadata: - annotations: - {{- include "stackstate-k8s-agent.checksum-configs" . | nindent 8 }} - {{- include "stackstate-k8s-agent.nodeAgent.configmap.override.checksum" . | nindent 8 }} - labels: - app.kubernetes.io/component: checks-agent - app.kubernetes.io/instance: {{ .Release.Name }} - app.kubernetes.io/name: {{ include "stackstate-k8s-agent.name" . }} - spec: - {{- include "stackstate-k8s-agent.image.pullSecrets" (dict "images" (list .Values.checksAgent.image .Values.all.image) "context" $) | nindent 6 }} - {{- if .Values.all.hardening.enabled}} - terminationGracePeriodSeconds: 240 - {{- end }} - containers: - - name: {{ .Chart.Name }} - image: "{{ include "stackstate-k8s-agent.imageRegistry" . }}/{{ .Values.checksAgent.image.repository }}:{{ .Values.checksAgent.image.tag }}" - imagePullPolicy: "{{ .Values.checksAgent.image.pullPolicy }}" - {{- if .Values.all.hardening.enabled}} - lifecycle: - preStop: - exec: - command: [ "/bin/sh", "-c", "echo 'Giving slim.ai monitor time to submit data...'; sleep 120" ] - {{- end }} - env: - - name: STS_API_KEY - valueFrom: - secretKeyRef: - name: {{ include "stackstate-k8s-agent.fullname" . }} - key: sts-api-key - - name: KUBERNETES_HOSTNAME - valueFrom: - fieldRef: - fieldPath: spec.nodeName - - name: STS_HOSTNAME - value: "$(KUBERNETES_HOSTNAME)-{{ .Values.stackstate.cluster.name}}" - - name: AGENT_VERSION - value: {{ .Values.checksAgent.image.tag | quote }} - - name: LOG_LEVEL - value: {{ .Values.checksAgent.logLevel | quote }} - - name: STS_APM_ENABLED - value: "false" - - name: STS_CLUSTER_AGENT_ENABLED - value: {{ .Values.clusterAgent.enabled | quote }} - {{- if .Values.clusterAgent.enabled }} - - name: STS_CLUSTER_AGENT_KUBERNETES_SERVICE_NAME - value: {{ .Release.Name }}-cluster-agent - - name: STS_CLUSTER_AGENT_AUTH_TOKEN - valueFrom: - secretKeyRef: - name: {{ include "stackstate-k8s-agent.fullname" . }} - key: sts-cluster-auth-token - {{- end }} - - name: STS_CLUSTER_NAME - value: {{ .Values.stackstate.cluster.name | quote }} - - name: STS_SKIP_VALIDATE_CLUSTERNAME - value: "true" - - name: STS_CHECKS_TAG_CARDINALITY - value: {{ .Values.checksAgent.checksTagCardinality | quote }} - - name: STS_EXTRA_CONFIG_PROVIDERS - value: "clusterchecks" - - name: STS_HEALTH_PORT - value: "5555" - - name: STS_LEADER_ELECTION - value: "false" - - name: STS_LOG_LEVEL - value: {{ .Values.checksAgent.logLevel | quote }} - - name: STS_NETWORK_TRACING_ENABLED - value: "false" - - name: STS_PROCESS_AGENT_ENABLED - value: "false" - - name: STS_SKIP_SSL_VALIDATION - value: {{ .Values.checksAgent.skipSslValidation | quote }} - - name: STS_STS_URL - value: {{ include "stackstate-k8s-agent.stackstate.url" . }} - {{- range $key, $value := .Values.global.extraEnv.open }} - - name: {{ $key }} - value: {{ $value | quote }} - {{- end }} - {{- range $key, $value := .Values.global.extraEnv.secret }} - - name: {{ $key }} - valueFrom: - secretKeyRef: - name: {{ include "stackstate-k8s-agent.fullname" . }} - key: {{ $key }} - {{- end }} - livenessProbe: - httpGet: - path: /health - port: healthport - failureThreshold: {{ .Values.checksAgent.livenessProbe.failureThreshold }} - initialDelaySeconds: {{ .Values.checksAgent.livenessProbe.initialDelaySeconds }} - periodSeconds: {{ .Values.checksAgent.livenessProbe.periodSeconds }} - successThreshold: {{ .Values.checksAgent.livenessProbe.successThreshold }} - timeoutSeconds: {{ .Values.checksAgent.livenessProbe.timeoutSeconds }} - readinessProbe: - httpGet: - path: /health - port: healthport - failureThreshold: {{ .Values.checksAgent.readinessProbe.failureThreshold }} - initialDelaySeconds: {{ .Values.checksAgent.readinessProbe.initialDelaySeconds }} - periodSeconds: {{ .Values.checksAgent.readinessProbe.periodSeconds }} - successThreshold: {{ .Values.checksAgent.readinessProbe.successThreshold }} - timeoutSeconds: {{ .Values.checksAgent.readinessProbe.timeoutSeconds }} - ports: - - containerPort: 5555 - name: healthport - protocol: TCP - {{- if .Values.all.hardening.enabled}} - securityContext: - privileged: true - runAsUser: 0 # root - capabilities: - add: [ "ALL" ] - readOnlyRootFilesystem: false - {{- else }} - securityContext: - privileged: false - {{- end }} - {{- with .Values.checksAgent.resources }} - resources: - {{- toYaml . | nindent 12 }} - {{- end }} - volumeMounts: - - name: confd-empty-volume - mountPath: /etc/stackstate-agent/conf.d -# setting as readOnly: false because we need the ability to write data on /etc/stackstate-agent/conf.d as we enable checks to run. - readOnly: false - {{- if .Values.checksAgent.config.override }} - {{- range .Values.checksAgent.config.override }} - - name: config-override-volume - mountPath: {{ .path }}/{{ .name }} - subPath: {{ .path | replace "/" "_"}}_{{ .name }} - readOnly: true - {{- end }} - {{- end }} - {{- if .Values.checksAgent.priorityClassName }} - priorityClassName: {{ .Values.checksAgent.priorityClassName }} - {{- end }} - serviceAccountName: {{ .Release.Name }}-checks-agent - nodeSelector: - {{ template "label.os" . }}: {{ .Values.targetSystem }} - {{- with .Values.checksAgent.nodeSelector }} - {{- toYaml . | nindent 8 }} - {{- end }} - {{- with .Values.checksAgent.affinity }} - affinity: - {{- toYaml . | nindent 8 }} - {{- end }} - {{- with .Values.checksAgent.tolerations }} - tolerations: - {{- toYaml . | nindent 8 }} - {{- end }} - volumes: - - name: confd-empty-volume - emptyDir: {} - {{- if .Values.checksAgent.config.override }} - - name: config-override-volume - configMap: - name: {{ .Release.Name }}-checks-agent - {{- end }} -{{- end -}} diff --git a/charts/stackstate/stackstate-k8s-agent/1.0.53/templates/checks-agent-poddisruptionbudget.yaml b/charts/stackstate/stackstate-k8s-agent/1.0.53/templates/checks-agent-poddisruptionbudget.yaml deleted file mode 100644 index 7a9f1d8f9..000000000 --- a/charts/stackstate/stackstate-k8s-agent/1.0.53/templates/checks-agent-poddisruptionbudget.yaml +++ /dev/null @@ -1,20 +0,0 @@ -{{- if .Values.checksAgent.enabled }} -{{- if .Capabilities.APIVersions.Has "policy/v1/PodDisruptionBudget" }} -apiVersion: policy/v1 -{{- else }} -apiVersion: policy/v1beta1 -{{- end }} -kind: PodDisruptionBudget -metadata: - name: {{ .Release.Name }}-checks-agent - labels: -{{ include "stackstate-k8s-agent.labels" . | indent 4 }} - app.kubernetes.io/component: checks-agent -spec: - maxUnavailable: 1 - selector: - matchLabels: - app.kubernetes.io/component: checks-agent - app.kubernetes.io/instance: {{ .Release.Name }} - app.kubernetes.io/name: {{ include "stackstate-k8s-agent.name" . }} -{{- end -}} diff --git a/charts/stackstate/stackstate-k8s-agent/1.0.53/templates/checks-agent-serviceaccount.yaml b/charts/stackstate/stackstate-k8s-agent/1.0.53/templates/checks-agent-serviceaccount.yaml deleted file mode 100644 index 444aad220..000000000 --- a/charts/stackstate/stackstate-k8s-agent/1.0.53/templates/checks-agent-serviceaccount.yaml +++ /dev/null @@ -1,14 +0,0 @@ -{{- if .Values.checksAgent.enabled }} -apiVersion: v1 -kind: ServiceAccount -metadata: - name: {{ .Release.Name }}-checks-agent - namespace: {{ .Release.Namespace }} - labels: -{{ include "stackstate-k8s-agent.labels" . | indent 4 }} - app.kubernetes.io/component: checks-agent -{{- end -}} -{{- with .Values.checksAgent.serviceaccount.annotations }} - annotations: - {{- toYaml . | nindent 4 }} -{{- end }} diff --git a/charts/stackstate/stackstate-k8s-agent/1.0.53/templates/cluster-agent-clusterrole.yaml b/charts/stackstate/stackstate-k8s-agent/1.0.53/templates/cluster-agent-clusterrole.yaml deleted file mode 100644 index 6a7b27d18..000000000 --- a/charts/stackstate/stackstate-k8s-agent/1.0.53/templates/cluster-agent-clusterrole.yaml +++ /dev/null @@ -1,106 +0,0 @@ -{{- $kubeRes := .Values.clusterAgent.collection.kubernetesResources }} -apiVersion: rbac.authorization.k8s.io/v1 -kind: ClusterRole -metadata: - name: {{ include "stackstate-k8s-agent.fullname" . }} - labels: -{{ include "stackstate-k8s-agent.labels" . | indent 4 }} - app.kubernetes.io/component: cluster-agent -rules: -- apiGroups: - - "" - resources: - - events - - nodes - - pods - - services - {{- if $kubeRes.namespaces }} - - namespaces - {{- end }} - {{- if .Values.clusterAgent.collection.kubernetesMetrics }} - - componentstatuses - {{- end }} - {{- if $kubeRes.configmaps }} - - configmaps - {{- end }} - {{- if $kubeRes.endpoints }} - - endpoints - {{- end }} - {{- if $kubeRes.persistentvolumeclaims }} - - persistentvolumeclaims - {{- end }} - {{- if $kubeRes.persistentvolumes }} - - persistentvolumes - {{- end }} - {{- if $kubeRes.secrets }} - - secrets - {{- end }} - {{- if $kubeRes.resourcequotas }} - - resourcequotas - {{- end }} - verbs: - - get - - list - - watch -{{- if or $kubeRes.daemonsets $kubeRes.deployments $kubeRes.replicasets $kubeRes.statefulsets }} -- apiGroups: - - "apps" - resources: - {{- if $kubeRes.daemonsets }} - - daemonsets - {{- end }} - {{- if $kubeRes.deployments }} - - deployments - {{- end }} - {{- if $kubeRes.replicasets }} - - replicasets - {{- end }} - {{- if $kubeRes.statefulsets }} - - statefulsets - {{- end }} - verbs: - - get - - list - - watch -{{- end}} -{{- if $kubeRes.ingresses }} -- apiGroups: - - "extensions" - - "networking.k8s.io" - resources: - - ingresses - verbs: - - get - - list - - watch -{{- end}} -{{- if or $kubeRes.cronjobs $kubeRes.jobs }} -- apiGroups: - - "batch" - resources: - {{- if $kubeRes.cronjobs }} - - cronjobs - {{- end }} - {{- if $kubeRes.jobs }} - - jobs - {{- end }} - verbs: - - get - - list - - watch -{{- end}} -- nonResourceURLs: - - "/healthz" - - "/version" - verbs: - - get -- apiGroups: - - "storage.k8s.io" - resources: - {{- if $kubeRes.volumeattachments }} - - volumeattachments - {{- end }} - verbs: - - get - - list - - watch diff --git a/charts/stackstate/stackstate-k8s-agent/1.0.53/templates/cluster-agent-clusterrolebinding.yaml b/charts/stackstate/stackstate-k8s-agent/1.0.53/templates/cluster-agent-clusterrolebinding.yaml deleted file mode 100644 index 0b1bd37ea..000000000 --- a/charts/stackstate/stackstate-k8s-agent/1.0.53/templates/cluster-agent-clusterrolebinding.yaml +++ /dev/null @@ -1,16 +0,0 @@ -apiVersion: rbac.authorization.k8s.io/v1 -kind: ClusterRoleBinding -metadata: - name: {{ include "stackstate-k8s-agent.fullname" . }} - labels: -{{ include "stackstate-k8s-agent.labels" . | indent 4 }} - app.kubernetes.io/component: cluster-agent -roleRef: - apiGroup: rbac.authorization.k8s.io - kind: ClusterRole - name: {{ include "stackstate-k8s-agent.fullname" . }} -subjects: -- apiGroup: "" - kind: ServiceAccount - name: {{ include "stackstate-k8s-agent.fullname" . }} - namespace: {{ .Release.Namespace }} diff --git a/charts/stackstate/stackstate-k8s-agent/1.0.53/templates/cluster-agent-configmap.yaml b/charts/stackstate/stackstate-k8s-agent/1.0.53/templates/cluster-agent-configmap.yaml deleted file mode 100644 index 89273e11b..000000000 --- a/charts/stackstate/stackstate-k8s-agent/1.0.53/templates/cluster-agent-configmap.yaml +++ /dev/null @@ -1,28 +0,0 @@ -apiVersion: v1 -kind: ConfigMap -metadata: - name: {{ .Release.Name }}-cluster-agent - labels: -{{ include "stackstate-k8s-agent.labels" . | indent 4 }} - app.kubernetes.io/component: cluster-agent -data: - kubernetes_api_events_conf: | - init_config: - instances: - - collect_events: {{ .Values.clusterAgent.collection.kubernetesEvents }} - event_categories:{{ .Values.clusterAgent.config.events.categories | toYaml | nindent 10 }} - kubernetes_api_topology_conf: | - init_config: - instances: - - collection_interval: {{ .Values.clusterAgent.config.topology.collectionInterval }} - resources:{{ .Values.clusterAgent.collection.kubernetesResources | toYaml | nindent 10 }} - {{- if .Values.clusterAgent.collection.kubeStateMetrics.enabled }} - kube_state_metrics_core_conf: | - {{- include "cluster-agent-kube-state-metrics" . | nindent 6 }} - {{- end }} -{{- if .Values.clusterAgent.config.override }} -{{- range .Values.clusterAgent.config.override }} - {{ .path | replace "/" "_"}}_{{ .name }}: | -{{ .data | indent 4 -}} -{{- end -}} -{{- end -}} diff --git a/charts/stackstate/stackstate-k8s-agent/1.0.53/templates/cluster-agent-deployment.yaml b/charts/stackstate/stackstate-k8s-agent/1.0.53/templates/cluster-agent-deployment.yaml deleted file mode 100644 index 60c50803a..000000000 --- a/charts/stackstate/stackstate-k8s-agent/1.0.53/templates/cluster-agent-deployment.yaml +++ /dev/null @@ -1,164 +0,0 @@ -apiVersion: apps/v1 -kind: Deployment -metadata: - name: {{ .Release.Name }}-cluster-agent - labels: -{{ include "stackstate-k8s-agent.labels" . | indent 4 }} - app.kubernetes.io/component: cluster-agent -spec: - replicas: {{ .Values.clusterAgent.replicaCount }} - selector: - matchLabels: - app.kubernetes.io/component: cluster-agent - app.kubernetes.io/instance: {{ .Release.Name }} - app.kubernetes.io/name: {{ include "stackstate-k8s-agent.name" . }} -{{- with .Values.clusterAgent.strategy }} - strategy: - {{- toYaml . | nindent 4 }} -{{- end }} - template: - metadata: - annotations: - {{- include "stackstate-k8s-agent.checksum-configs" . | nindent 8 }} - {{- include "stackstate-k8s-agent.configmap.override.checksum" . | nindent 8 }} - labels: - app.kubernetes.io/component: cluster-agent - app.kubernetes.io/instance: {{ .Release.Name }} - app.kubernetes.io/name: {{ include "stackstate-k8s-agent.name" . }} - spec: - {{- include "stackstate-k8s-agent.image.pullSecrets" (dict "images" (list .Values.clusterAgent.image .Values.all.image) "context" $) | nindent 6 }} - {{- if .Values.clusterAgent.priorityClassName }} - priorityClassName: {{ .Values.clusterAgent.priorityClassName }} - {{- end }} - serviceAccountName: {{ include "stackstate-k8s-agent.fullname" . }} - {{- if .Values.all.hardening.enabled}} - terminationGracePeriodSeconds: 240 - {{- end }} - containers: - - name: cluster-agent - image: "{{ include "stackstate-k8s-agent.imageRegistry" . }}/{{ .Values.clusterAgent.image.repository }}:{{ .Values.clusterAgent.image.tag }}" - imagePullPolicy: "{{ .Values.clusterAgent.image.pullPolicy }}" - {{- if .Values.all.hardening.enabled}} - lifecycle: - preStop: - exec: - command: [ "/bin/sh", "-c", "echo 'Giving slim.ai monitor time to submit data...'; sleep 120" ] - {{- end }} - env: - - name: STS_API_KEY - valueFrom: - secretKeyRef: - name: {{ include "stackstate-k8s-agent.fullname" . }} - key: sts-api-key - - name: STS_CLUSTER_AGENT_AUTH_TOKEN - valueFrom: - secretKeyRef: - name: {{ include "stackstate-k8s-agent.fullname" . }} - key: sts-cluster-auth-token - - name: KUBERNETES_HOSTNAME - valueFrom: - fieldRef: - fieldPath: spec.nodeName - - name: STS_HOSTNAME - value: "$(KUBERNETES_HOSTNAME)-{{ .Values.stackstate.cluster.name}}" - - name: LOG_LEVEL - value: {{ .Values.clusterAgent.logLevel | quote }} - {{- if .Values.checksAgent.enabled }} - - name: STS_CLUSTER_CHECKS_ENABLED - value: "true" - - name: STS_EXTRA_CONFIG_PROVIDERS - value: "kube_endpoints kube_services" - - name: STS_EXTRA_LISTENERS - value: "kube_endpoints kube_services" - {{- end }} - - name: STS_CLUSTER_NAME - value: {{.Values.stackstate.cluster.name | quote }} - - name: STS_SKIP_VALIDATE_CLUSTERNAME - value: "true" - - name: STS_COLLECT_KUBERNETES_METRICS - value: {{ .Values.clusterAgent.collection.kubernetesMetrics | quote }} - - name: STS_COLLECT_KUBERNETES_TIMEOUT - value: {{ .Values.clusterAgent.collection.kubernetesTimeout | quote }} - - name: STS_COLLECT_KUBERNETES_TOPOLOGY - value: {{ .Values.clusterAgent.collection.kubernetesTopology | quote }} - - name: STS_LEADER_ELECTION - value: "true" - - name: STS_LOG_LEVEL - value: {{ .Values.clusterAgent.logLevel | quote }} - - name: STS_CLUSTER_AGENT_CMD_PORT - value: {{ .Values.clusterAgent.service.targetPort | quote }} - - name: STS_STS_URL - value: {{ include "stackstate-k8s-agent.stackstate.url" . }} - {{- if .Values.clusterAgent.config.configMap.maxDataSize }} - - name: STS_CONFIGMAP_MAX_DATASIZE - value: {{ .Values.clusterAgent.config.configMap.maxDataSize | quote }} - {{- end}} - {{- range $key, $value := .Values.global.extraEnv.open }} - - name: {{ $key }} - value: {{ $value | quote }} - {{- end }} - {{- range $key, $value := .Values.global.extraEnv.secret }} - - name: {{ $key }} - valueFrom: - secretKeyRef: - name: {{ include "stackstate-k8s-agent.fullname" . }} - key: {{ $key }} - {{- end }} - {{- if .Values.all.hardening.enabled}} - securityContext: - privileged: true - runAsUser: 0 # root - capabilities: - add: [ "ALL" ] - readOnlyRootFilesystem: false - {{- else }} - securityContext: - privileged: false - {{- end }} - {{- with .Values.clusterAgent.resources }} - resources: - {{- toYaml . | nindent 12 }} - {{- end }} - volumeMounts: - - name: logs - mountPath: /var/log/stackstate-agent - - name: config-override-volume - mountPath: /etc/stackstate-agent/conf.d/kubernetes_api_events.d/conf.yaml - subPath: kubernetes_api_events_conf - - name: config-override-volume - mountPath: /etc/stackstate-agent/conf.d/kubernetes_api_topology.d/conf.yaml - subPath: kubernetes_api_topology_conf - readOnly: true - {{- if .Values.clusterAgent.collection.kubeStateMetrics.enabled }} - - name: config-override-volume - mountPath: /etc/stackstate-agent/conf.d/kubernetes_state_core.d/conf.yaml - subPath: kube_state_metrics_core_conf - readOnly: true - {{- end }} - {{- if .Values.clusterAgent.config.override }} - {{- range .Values.clusterAgent.config.override }} - - name: config-override-volume - mountPath: {{ .path }}/{{ .name }} - subPath: {{ .path | replace "/" "_"}}_{{ .name }} - readOnly: true - {{- end }} - {{- end }} - nodeSelector: - {{ template "label.os" . }}: {{ .Values.targetSystem }} - {{- with .Values.clusterAgent.nodeSelector }} - {{- toYaml . | nindent 8 }} - {{- end }} - {{- with .Values.clusterAgent.affinity }} - affinity: - {{- toYaml . | nindent 8 }} - {{- end }} - {{- with .Values.clusterAgent.tolerations }} - tolerations: - {{- toYaml . | nindent 8 }} - {{- end }} - volumes: - - name: logs - emptyDir: {} - - name: config-override-volume - configMap: - name: {{ .Release.Name }}-cluster-agent diff --git a/charts/stackstate/stackstate-k8s-agent/1.0.53/templates/cluster-agent-poddisruptionbudget.yaml b/charts/stackstate/stackstate-k8s-agent/1.0.53/templates/cluster-agent-poddisruptionbudget.yaml deleted file mode 100644 index 652fa63d9..000000000 --- a/charts/stackstate/stackstate-k8s-agent/1.0.53/templates/cluster-agent-poddisruptionbudget.yaml +++ /dev/null @@ -1,18 +0,0 @@ -{{- if .Capabilities.APIVersions.Has "policy/v1/PodDisruptionBudget" }} -apiVersion: policy/v1 -{{- else }} -apiVersion: policy/v1beta1 -{{- end }} -kind: PodDisruptionBudget -metadata: - name: {{ include "stackstate-k8s-agent.fullname" . }} - labels: -{{ include "stackstate-k8s-agent.labels" . | indent 4 }} - app.kubernetes.io/component: cluster-agent -spec: - maxUnavailable: 1 - selector: - matchLabels: - app.kubernetes.io/component: cluster-agent - app.kubernetes.io/instance: {{ .Release.Name }} - app.kubernetes.io/name: {{ include "stackstate-k8s-agent.name" . }} diff --git a/charts/stackstate/stackstate-k8s-agent/1.0.53/templates/cluster-agent-role.yaml b/charts/stackstate/stackstate-k8s-agent/1.0.53/templates/cluster-agent-role.yaml deleted file mode 100644 index afe1594c1..000000000 --- a/charts/stackstate/stackstate-k8s-agent/1.0.53/templates/cluster-agent-role.yaml +++ /dev/null @@ -1,18 +0,0 @@ -{{- $kubeRes := .Values.clusterAgent.collection.kubernetesResources }} -apiVersion: rbac.authorization.k8s.io/v1 -kind: Role -metadata: - name: {{ include "stackstate-k8s-agent.fullname" . }} - labels: -{{ include "stackstate-k8s-agent.labels" . | indent 4 }} - app.kubernetes.io/component: cluster-agent -rules: -- apiGroups: - - "" - resources: - - configmaps - verbs: - - create - - get - - patch - - update diff --git a/charts/stackstate/stackstate-k8s-agent/1.0.53/templates/cluster-agent-rolebinding.yaml b/charts/stackstate/stackstate-k8s-agent/1.0.53/templates/cluster-agent-rolebinding.yaml deleted file mode 100644 index befaa77f2..000000000 --- a/charts/stackstate/stackstate-k8s-agent/1.0.53/templates/cluster-agent-rolebinding.yaml +++ /dev/null @@ -1,15 +0,0 @@ -apiVersion: rbac.authorization.k8s.io/v1 -kind: RoleBinding -metadata: - name: {{ include "stackstate-k8s-agent.fullname" . }} - labels: -{{ include "stackstate-k8s-agent.labels" . | indent 4 }} - app.kubernetes.io/component: cluster-agent -roleRef: - apiGroup: rbac.authorization.k8s.io - kind: Role - name: {{ include "stackstate-k8s-agent.fullname" . }} -subjects: -- apiGroup: "" - kind: ServiceAccount - name: {{ include "stackstate-k8s-agent.fullname" . }} diff --git a/charts/stackstate/stackstate-k8s-agent/1.0.53/templates/cluster-agent-service.yaml b/charts/stackstate/stackstate-k8s-agent/1.0.53/templates/cluster-agent-service.yaml deleted file mode 100644 index 93c39aaba..000000000 --- a/charts/stackstate/stackstate-k8s-agent/1.0.53/templates/cluster-agent-service.yaml +++ /dev/null @@ -1,18 +0,0 @@ -apiVersion: v1 -kind: Service -metadata: - name: {{ .Release.Name }}-cluster-agent - namespace: {{ .Release.Namespace }} - labels: -{{ include "stackstate-k8s-agent.labels" . | indent 4 }} - app.kubernetes.io/component: cluster-agent -spec: - ports: - - name: clusteragent - port: {{int .Values.clusterAgent.service.port }} - protocol: TCP - targetPort: {{int .Values.clusterAgent.service.targetPort }} - selector: - app.kubernetes.io/component: cluster-agent - app.kubernetes.io/instance: {{ .Release.Name }} - app.kubernetes.io/name: {{ include "stackstate-k8s-agent.name" . }} diff --git a/charts/stackstate/stackstate-k8s-agent/1.0.53/templates/cluster-agent-serviceaccount.yaml b/charts/stackstate/stackstate-k8s-agent/1.0.53/templates/cluster-agent-serviceaccount.yaml deleted file mode 100644 index ff7b7be35..000000000 --- a/charts/stackstate/stackstate-k8s-agent/1.0.53/templates/cluster-agent-serviceaccount.yaml +++ /dev/null @@ -1,12 +0,0 @@ -apiVersion: v1 -kind: ServiceAccount -metadata: - name: {{ include "stackstate-k8s-agent.fullname" . }} - namespace: {{ .Release.Namespace }} - labels: -{{ include "stackstate-k8s-agent.labels" . | indent 4 }} - app.kubernetes.io/component: cluster-agent -{{- with .Values.clusterAgent.serviceaccount.annotations }} - annotations: - {{- toYaml . | nindent 4 }} -{{- end }} diff --git a/charts/stackstate/stackstate-k8s-agent/1.0.53/templates/logs-agent-clusterrole.yaml b/charts/stackstate/stackstate-k8s-agent/1.0.53/templates/logs-agent-clusterrole.yaml deleted file mode 100644 index 70d70aa47..000000000 --- a/charts/stackstate/stackstate-k8s-agent/1.0.53/templates/logs-agent-clusterrole.yaml +++ /dev/null @@ -1,20 +0,0 @@ -{{- if .Values.logsAgent.enabled }} -apiVersion: rbac.authorization.k8s.io/v1 -kind: ClusterRole -metadata: - name: {{ .Release.Name }}-logs-agent - labels: -{{ include "stackstate-k8s-agent.labels" . | indent 4 }} - app.kubernetes.io/component: logs-agent -rules: -- apiGroups: # Kubelet connectivity - - "" - resources: - - nodes - - services - - pods - verbs: - - get - - watch - - list -{{- end -}} diff --git a/charts/stackstate/stackstate-k8s-agent/1.0.53/templates/logs-agent-clusterrolebinding.yaml b/charts/stackstate/stackstate-k8s-agent/1.0.53/templates/logs-agent-clusterrolebinding.yaml deleted file mode 100644 index 802c5d8c5..000000000 --- a/charts/stackstate/stackstate-k8s-agent/1.0.53/templates/logs-agent-clusterrolebinding.yaml +++ /dev/null @@ -1,18 +0,0 @@ -{{- if .Values.logsAgent.enabled }} -apiVersion: rbac.authorization.k8s.io/v1 -kind: ClusterRoleBinding -metadata: - name: {{ .Release.Name }}-logs-agent - labels: -{{ include "stackstate-k8s-agent.labels" . | indent 4 }} - app.kubernetes.io/component: logs-agent -roleRef: - apiGroup: rbac.authorization.k8s.io - kind: ClusterRole - name: {{ .Release.Name }}-logs-agent -subjects: -- apiGroup: "" - kind: ServiceAccount - name: {{ .Release.Name }}-logs-agent - namespace: {{ .Release.Namespace }} -{{- end -}} diff --git a/charts/stackstate/stackstate-k8s-agent/1.0.53/templates/logs-agent-configmap.yaml b/charts/stackstate/stackstate-k8s-agent/1.0.53/templates/logs-agent-configmap.yaml deleted file mode 100644 index c934777ef..000000000 --- a/charts/stackstate/stackstate-k8s-agent/1.0.53/templates/logs-agent-configmap.yaml +++ /dev/null @@ -1,54 +0,0 @@ -{{- if .Values.logsAgent.enabled }} -apiVersion: v1 -kind: ConfigMap -metadata: - name: {{ .Release.Name }}-logs-agent - labels: -{{ include "stackstate-k8s-agent.labels" . | indent 4 }} - app.kubernetes.io/component: logs-agent -data: - promtail.yaml: | - server: - http_listen_port: 9080 - grpc_listen_port: 0 - - clients: - - url: {{ tpl .Values.stackstate.url . }}/logs/k8s?api_key=${STS_API_KEY} - external_labels: - sts_cluster_name: {{ .Values.stackstate.cluster.name | quote }} - - positions: - filename: /tmp/positions.yaml - target_config: - sync_period: 10s - scrape_configs: - - job_name: pod-logs - kubernetes_sd_configs: - - role: pod - pipeline_stages: - - docker: {} - - cri: {} - relabel_configs: - - action: replace - source_labels: - - __meta_kubernetes_pod_name - target_label: pod_name - - action: replace - source_labels: - - __meta_kubernetes_pod_uid - target_label: pod_uid - - action: replace - source_labels: - - __meta_kubernetes_pod_container_name - target_label: container_name - # The __path__ is required by the promtail client - - replacement: /var/log/pods/*$1/*.log - separator: / - source_labels: - - __meta_kubernetes_pod_uid - - __meta_kubernetes_pod_container_name - target_label: __path__ - # Drop all remaining labels, we do not need those - - action: drop - regex: __meta_(.*) -{{- end -}} diff --git a/charts/stackstate/stackstate-k8s-agent/1.0.53/templates/logs-agent-daemonset.yaml b/charts/stackstate/stackstate-k8s-agent/1.0.53/templates/logs-agent-daemonset.yaml deleted file mode 100644 index 015cdba2a..000000000 --- a/charts/stackstate/stackstate-k8s-agent/1.0.53/templates/logs-agent-daemonset.yaml +++ /dev/null @@ -1,90 +0,0 @@ -{{- if .Values.logsAgent.enabled }} -apiVersion: apps/v1 -kind: DaemonSet -metadata: - name: {{ .Release.Name }}-logs-agent - namespace: {{ .Release.Namespace }} - labels: -{{ include "stackstate-k8s-agent.labels" . | indent 4 }} - app.kubernetes.io/component: logs-agent -spec: - selector: - matchLabels: - app.kubernetes.io/component: logs-agent - app.kubernetes.io/instance: {{ .Release.Name }} - app.kubernetes.io/name: {{ include "stackstate-k8s-agent.name" . }} -{{- with .Values.logsAgent.updateStrategy }} - updateStrategy: - {{- toYaml . | nindent 4 }} -{{- end }} - template: - metadata: - annotations: - {{- include "stackstate-k8s-agent.checksum-configs" . | nindent 8 }} - {{- include "stackstate-k8s-agent.logsAgent.configmap.override.checksum" . | nindent 8 }} - labels: - app.kubernetes.io/component: logs-agent - app.kubernetes.io/instance: {{ .Release.Name }} - app.kubernetes.io/name: {{ include "stackstate-k8s-agent.name" . }} - spec: - {{- include "stackstate-k8s-agent.image.pullSecrets" (dict "images" (list .Values.logsAgent.image .Values.all.image) "context" $) | nindent 6 }} - containers: - - name: logs-agent - image: "{{ include "stackstate-k8s-agent.imageRegistry" . }}/{{ .Values.logsAgent.image.repository }}:{{ .Values.logsAgent.image.tag }}" - args: - - -config.expand-env=true - - -config.file=/etc/promtail/promtail.yaml - imagePullPolicy: "{{ .Values.logsAgent.image.pullPolicy }}" - env: - - name: STS_API_KEY - valueFrom: - secretKeyRef: - name: {{ include "stackstate-k8s-agent.fullname" . }} - key: sts-api-key - - name: "HOSTNAME" # needed when using kubernetes_sd_configs - valueFrom: - fieldRef: - fieldPath: "spec.nodeName" - securityContext: - privileged: false - {{- with .Values.logsAgent.resources }} - resources: - {{- toYaml . | nindent 12 }} - {{- end }} - volumeMounts: - - name: logs - mountPath: /var/log - readOnly: true - - name: logs-agent-config - mountPath: /etc/promtail - readOnly: true - - name: varlibdockercontainers - mountPath: /var/lib/docker/containers - readOnly: true - {{- if .Values.logsAgent.priorityClassName }} - priorityClassName: {{ .Values.logsAgent.priorityClassName }} - {{- end }} - serviceAccountName: {{ .Release.Name }}-logs-agent - {{- with .Values.logsAgent.nodeSelector }} - nodeSelector: - {{- toYaml . | nindent 8 }} - {{- end }} - {{- with .Values.logsAgent.affinity }} - affinity: - {{- toYaml . | nindent 8 }} - {{- end }} - {{- with .Values.logsAgent.tolerations }} - tolerations: - {{- toYaml . | nindent 8 }} - {{- end }} - volumes: - - name: logs - hostPath: - path: /var/log - - name: varlibdockercontainers - hostPath: - path: /var/lib/docker/containers - - name: logs-agent-config - configMap: - name: {{ .Release.Name }}-logs-agent -{{- end -}} diff --git a/charts/stackstate/stackstate-k8s-agent/1.0.53/templates/logs-agent-serviceaccount.yaml b/charts/stackstate/stackstate-k8s-agent/1.0.53/templates/logs-agent-serviceaccount.yaml deleted file mode 100644 index e562c04e4..000000000 --- a/charts/stackstate/stackstate-k8s-agent/1.0.53/templates/logs-agent-serviceaccount.yaml +++ /dev/null @@ -1,14 +0,0 @@ -{{- if .Values.logsAgent.enabled }} -apiVersion: v1 -kind: ServiceAccount -metadata: - name: {{ .Release.Name }}-logs-agent - namespace: {{ .Release.Namespace }} - labels: -{{ include "stackstate-k8s-agent.labels" . | indent 4 }} - app.kubernetes.io/component: logs-agent -{{- with .Values.logsAgent.serviceaccount.annotations }} - annotations: - {{- toYaml . | nindent 4 }} -{{- end }} -{{- end -}} diff --git a/charts/stackstate/stackstate-k8s-agent/1.0.53/templates/node-agent-clusterrole.yaml b/charts/stackstate/stackstate-k8s-agent/1.0.53/templates/node-agent-clusterrole.yaml deleted file mode 100644 index 11a53c6ed..000000000 --- a/charts/stackstate/stackstate-k8s-agent/1.0.53/templates/node-agent-clusterrole.yaml +++ /dev/null @@ -1,18 +0,0 @@ -apiVersion: rbac.authorization.k8s.io/v1 -kind: ClusterRole -metadata: - name: {{ .Release.Name }}-node-agent - labels: -{{ include "stackstate-k8s-agent.labels" . | indent 4 }} - app.kubernetes.io/component: node-agent -rules: -- apiGroups: # Kubelet connectivity - - "" - resources: - - nodes/metrics - - nodes/proxy - - nodes/spec - - endpoints - verbs: - - get - - list diff --git a/charts/stackstate/stackstate-k8s-agent/1.0.53/templates/node-agent-clusterrolebinding.yaml b/charts/stackstate/stackstate-k8s-agent/1.0.53/templates/node-agent-clusterrolebinding.yaml deleted file mode 100644 index 8a33cb0bc..000000000 --- a/charts/stackstate/stackstate-k8s-agent/1.0.53/templates/node-agent-clusterrolebinding.yaml +++ /dev/null @@ -1,16 +0,0 @@ -apiVersion: rbac.authorization.k8s.io/v1 -kind: ClusterRoleBinding -metadata: - name: {{ .Release.Name }}-node-agent - labels: -{{ include "stackstate-k8s-agent.labels" . | indent 4 }} - app.kubernetes.io/component: node-agent -roleRef: - apiGroup: rbac.authorization.k8s.io - kind: ClusterRole - name: {{ .Release.Name }}-node-agent -subjects: -- apiGroup: "" - kind: ServiceAccount - name: {{ .Release.Name }}-node-agent - namespace: {{ .Release.Namespace }} diff --git a/charts/stackstate/stackstate-k8s-agent/1.0.53/templates/node-agent-configmap.yaml b/charts/stackstate/stackstate-k8s-agent/1.0.53/templates/node-agent-configmap.yaml deleted file mode 100644 index 8fdd99258..000000000 --- a/charts/stackstate/stackstate-k8s-agent/1.0.53/templates/node-agent-configmap.yaml +++ /dev/null @@ -1,14 +0,0 @@ -{{- if .Values.nodeAgent.config.override }} -apiVersion: v1 -kind: ConfigMap -metadata: - name: {{ .Release.Name }}-node-agent - labels: -{{ include "stackstate-k8s-agent.labels" . | indent 4 }} - app.kubernetes.io/component: node-agent -data: -{{- range .Values.nodeAgent.config.override }} - {{ .path | replace "/" "_"}}_{{ .name }}: | -{{ .data | indent 4 -}} -{{- end -}} -{{- end -}} diff --git a/charts/stackstate/stackstate-k8s-agent/1.0.53/templates/node-agent-daemonset.yaml b/charts/stackstate/stackstate-k8s-agent/1.0.53/templates/node-agent-daemonset.yaml deleted file mode 100644 index d10182508..000000000 --- a/charts/stackstate/stackstate-k8s-agent/1.0.53/templates/node-agent-daemonset.yaml +++ /dev/null @@ -1,101 +0,0 @@ -apiVersion: apps/v1 -kind: DaemonSet -metadata: - name: {{ .Release.Name }}-node-agent - namespace: {{ .Release.Namespace }} - labels: -{{ include "stackstate-k8s-agent.labels" . | indent 4 }} - app.kubernetes.io/component: node-agent -spec: - selector: - matchLabels: - app.kubernetes.io/component: node-agent - app.kubernetes.io/instance: {{ .Release.Name }} - app.kubernetes.io/name: {{ include "stackstate-k8s-agent.name" . }} -{{- with .Values.nodeAgent.updateStrategy }} - updateStrategy: - {{- toYaml . | nindent 4 }} -{{- end }} - template: - metadata: - annotations: - {{- include "stackstate-k8s-agent.checksum-configs" . | nindent 8 }} - {{- include "stackstate-k8s-agent.nodeAgent.configmap.override.checksum" . | nindent 8 }} - labels: - app.kubernetes.io/component: node-agent - app.kubernetes.io/instance: {{ .Release.Name }} - app.kubernetes.io/name: {{ include "stackstate-k8s-agent.name" . }} - spec: - {{- include "stackstate-k8s-agent.image.pullSecrets" (dict "images" (list .Values.nodeAgent.containers.agent.image .Values.all.image) "context" $) | nindent 6 }} - {{- if .Values.all.hardening.enabled}} - terminationGracePeriodSeconds: 240 - {{- end }} - containers: - {{- include "container-agent" . | nindent 6 }} - {{- if .Values.nodeAgent.containers.processAgent.enabled }} - {{- include "container-process-agent" . | nindent 6 }} - {{- end }} - dnsPolicy: ClusterFirstWithHostNet - hostNetwork: true - hostPID: true - {{- if .Values.nodeAgent.priorityClassName }} - priorityClassName: {{ .Values.nodeAgent.priorityClassName }} - {{- end }} - serviceAccountName: {{ .Release.Name }}-node-agent - nodeSelector: - {{ template "label.os" . }}: {{ .Values.targetSystem }} - {{- with .Values.nodeAgent.nodeSelector }} - {{- toYaml . | nindent 8 }} - {{- end }} - {{- with .Values.nodeAgent.affinity }} - affinity: - {{- toYaml . | nindent 8 }} - {{- end }} - {{- with .Values.nodeAgent.tolerations }} - tolerations: - {{- toYaml . | nindent 8 }} - {{- end }} - volumes: - {{- if .Values.nodeAgent.containerRuntime.customSocketPath }} - - hostPath: - path: {{ .Values.nodeAgent.containerRuntime.customSocketPath }} - name: customcrisocket - {{- end }} - - hostPath: - path: /var/lib/kubelet - name: kubelet - - hostPath: - path: /var/lib/nfs - name: nfs - - hostPath: - path: /var/lib/docker/overlay2 - name: dockeroverlay2 - - hostPath: - path: /run/docker/netns - name: dockernetns - - hostPath: - path: /var/run/crio/crio.sock - name: crisocket - - hostPath: - path: /var/run/containerd/containerd.sock - name: containerdsocket - - hostPath: - path: /sys/kernel/debug - name: sys-kernel-debug - - hostPath: - path: /var/run/docker.sock - name: dockersocket - - hostPath: - path: {{ .Values.nodeAgent.containerRuntime.hostProc }} - name: procdir - - hostPath: - path: /etc/passwd - name: passwd - - hostPath: - path: /sys/fs/cgroup - name: cgroups - {{- if .Values.nodeAgent.config.override }} - - name: config-override-volume - configMap: - name: {{ .Release.Name }}-node-agent - {{- end }} diff --git a/charts/stackstate/stackstate-k8s-agent/1.0.53/templates/node-agent-scc.yaml b/charts/stackstate/stackstate-k8s-agent/1.0.53/templates/node-agent-scc.yaml deleted file mode 100644 index 562a099c7..000000000 --- a/charts/stackstate/stackstate-k8s-agent/1.0.53/templates/node-agent-scc.yaml +++ /dev/null @@ -1,56 +0,0 @@ -{{- if .Values.nodeAgent.scc.enabled }} -allowHostDirVolumePlugin: true -# was true -allowHostIPC: true -# was true -allowHostNetwork: true -# Allow host PID for dogstatsd origin detection -allowHostPID: true -# Allow host ports for dsd / trace / logs intake -allowHostPorts: true -allowPrivilegeEscalation: true -# was true -allowPrivilegedContainer: true -# was - '*' -allowedCapabilities: [] -allowedUnsafeSysctls: -- '*' -apiVersion: security.openshift.io/v1 -defaultAddCapabilities: null -fsGroup: -# was RunAsAny - type: MustRunAs -groups: [] -kind: SecurityContextConstraints -metadata: - name: {{ .Release.Name }}-node-agent - namespace: {{ .Release.Namespace }} -priority: null -readOnlyRootFilesystem: false -requiredDropCapabilities: null -# was RunAsAny -runAsUser: - type: MustRunAsRange -# Use the `spc_t` selinux type to access the -# docker socket + proc and cgroup stats -seLinuxContext: - type: RunAsAny - seLinuxOptions: - user: "system_u" - role: "system_r" - type: "spc_t" - level: "s0" -# was - '*' -seccompProfiles: [] -supplementalGroups: - type: RunAsAny -users: -- system:serviceaccount:{{ .Release.Namespace }}:{{ .Release.Name }}-node-agent -# Allow hostPath for docker / process metrics -volumes: - - configMap - - downwardAPI - - emptyDir - - hostPath - - secret -{{- end }} diff --git a/charts/stackstate/stackstate-k8s-agent/1.0.53/templates/node-agent-service.yaml b/charts/stackstate/stackstate-k8s-agent/1.0.53/templates/node-agent-service.yaml deleted file mode 100644 index ad5ad71ce..000000000 --- a/charts/stackstate/stackstate-k8s-agent/1.0.53/templates/node-agent-service.yaml +++ /dev/null @@ -1,26 +0,0 @@ -apiVersion: v1 -kind: Service -metadata: - name: {{ .Release.Name }}-node-agent - namespace: {{ .Release.Namespace }} - labels: -{{ include "stackstate-k8s-agent.labels" . | indent 4 }} - app.kubernetes.io/component: node-agent -{{- with .Values.nodeAgent.service.annotations }} - annotations: - {{- toYaml . | nindent 4 }} -{{- end }} -spec: - type: {{ .Values.nodeAgent.service.type }} -{{- if eq .Values.nodeAgent.service.type "LoadBalancer" }} - loadBalancerSourceRanges: {{ toYaml .Values.nodeAgent.service.loadBalancerSourceRanges | nindent 4}} -{{- end }} - ports: - - name: traceport - port: 8126 - protocol: TCP - targetPort: 8126 - selector: - app.kubernetes.io/component: node-agent - app.kubernetes.io/instance: {{ .Release.Name }} - app.kubernetes.io/name: {{ include "stackstate-k8s-agent.name" . }} diff --git a/charts/stackstate/stackstate-k8s-agent/1.0.53/templates/node-agent-serviceaccount.yaml b/charts/stackstate/stackstate-k8s-agent/1.0.53/templates/node-agent-serviceaccount.yaml deleted file mode 100644 index 935fa9674..000000000 --- a/charts/stackstate/stackstate-k8s-agent/1.0.53/templates/node-agent-serviceaccount.yaml +++ /dev/null @@ -1,12 +0,0 @@ -apiVersion: v1 -kind: ServiceAccount -metadata: - name: {{ .Release.Name }}-node-agent - namespace: {{ .Release.Namespace }} - labels: -{{ include "stackstate-k8s-agent.labels" . | indent 4 }} - app.kubernetes.io/component: node-agent -{{- with .Values.nodeAgent.serviceaccount.annotations }} - annotations: - {{- toYaml . | nindent 4 }} -{{- end }} diff --git a/charts/stackstate/stackstate-k8s-agent/1.0.53/templates/openshift-logging-secret.yaml b/charts/stackstate/stackstate-k8s-agent/1.0.53/templates/openshift-logging-secret.yaml deleted file mode 100644 index df813afe2..000000000 --- a/charts/stackstate/stackstate-k8s-agent/1.0.53/templates/openshift-logging-secret.yaml +++ /dev/null @@ -1,17 +0,0 @@ -{{- if .Values.openShiftLogging.installSecret }} -apiVersion: v1 -kind: Secret -metadata: - name: {{ include "stackstate-k8s-agent.fullname" . }}-logging-secret - namespace: openshift-logging - labels: -{{ include "stackstate-k8s-agent.labels" . | indent 4 }} -type: Opaque -data: - username: {{ "apikey" | b64enc | quote }} -{{- if .Values.global.receiverApiKey }} - password: {{ .Values.global.receiverApiKey | b64enc | quote }} -{{- else }} - password: {{ .Values.stackstate.apiKey | b64enc | quote }} -{{- end }} -{{- end }} diff --git a/charts/stackstate/stackstate-k8s-agent/1.0.53/templates/pull-secret.yaml b/charts/stackstate/stackstate-k8s-agent/1.0.53/templates/pull-secret.yaml deleted file mode 100644 index 441a42a15..000000000 --- a/charts/stackstate/stackstate-k8s-agent/1.0.53/templates/pull-secret.yaml +++ /dev/null @@ -1,35 +0,0 @@ -{{- $defaultRegistry := .Values.global.imageRegistry }} -{{- $top := . }} -{{- $registryAuthMap := dict }} - -{{- range $registry, $credentials := .Values.global.imagePullCredentials }} - {{- $registryAuthDocument := dict -}} - {{- $_ := set $registryAuthDocument "username" $credentials.username }} - {{- $_ := set $registryAuthDocument "password" $credentials.password }} - {{- $authMessage := printf "%s:%s" $registryAuthDocument.username $registryAuthDocument.password | b64enc }} - {{- $_ := set $registryAuthDocument "auth" $authMessage }} - {{- if eq $registry "default" }} - {{- $registryAuthMap := set $registryAuthMap (include "stackstate-k8s-agent.imageRegistry" $top) $registryAuthDocument }} - {{ else }} - {{- $registryAuthMap := set $registryAuthMap $registry $registryAuthDocument }} - {{- end }} -{{- end }} - -{{- if .Values.all.image.pullSecretUsername }} - {{- $registryAuthDocument := dict -}} - {{- $_ := set $registryAuthDocument "username" .Values.all.image.pullSecretUsername }} - {{- $_ := set $registryAuthDocument "password" .Values.all.image.pullSecretPassword }} - {{- $authMessage := printf "%s:%s" $registryAuthDocument.username $registryAuthDocument.password | b64enc }} - {{- $_ := set $registryAuthDocument "auth" $authMessage }} - {{- $registryAuthMap := set $registryAuthMap (include "stackstate-k8s-agent.imageRegistry" $top) $registryAuthDocument }} -{{- end }} - -{{- $dockerAuthsDocuments := dict "auths" $registryAuthMap }} - -apiVersion: v1 -kind: Secret -metadata: - name: {{ include "stackstate-k8s-agent.pull-secret.name" . }} -data: - .dockerconfigjson: {{ $dockerAuthsDocuments | toJson | b64enc | quote }} -type: kubernetes.io/dockerconfigjson diff --git a/charts/stackstate/stackstate-k8s-agent/1.0.53/templates/secret.yaml b/charts/stackstate/stackstate-k8s-agent/1.0.53/templates/secret.yaml deleted file mode 100644 index 31057ccf3..000000000 --- a/charts/stackstate/stackstate-k8s-agent/1.0.53/templates/secret.yaml +++ /dev/null @@ -1,22 +0,0 @@ -apiVersion: v1 -kind: Secret -metadata: - name: {{ include "stackstate-k8s-agent.fullname" . }} - namespace: {{ .Release.Namespace }} - labels: -{{ include "stackstate-k8s-agent.labels" . | indent 4 }} -type: Opaque -data: -{{- if .Values.global.receiverApiKey }} - sts-api-key: {{ .Values.global.receiverApiKey | b64enc | quote }} -{{- else }} - sts-api-key: {{ .Values.stackstate.apiKey | b64enc | quote }} -{{- end }} -{{- if .Values.stackstate.cluster.authToken }} - sts-cluster-auth-token: {{ .Values.stackstate.cluster.authToken | b64enc | quote }} -{{- else }} - sts-cluster-auth-token: {{ randAlphaNum 32 | b64enc | quote }} -{{- end }} -{{- range $key, $value := .Values.global.extraEnv.secret }} - {{ $key }}: {{ $value | b64enc | quote }} -{{- end }} diff --git a/charts/stackstate/stackstate-k8s-agent/1.0.53/test/clusteragent_resources_test.go b/charts/stackstate/stackstate-k8s-agent/1.0.53/test/clusteragent_resources_test.go deleted file mode 100644 index 25875e871..000000000 --- a/charts/stackstate/stackstate-k8s-agent/1.0.53/test/clusteragent_resources_test.go +++ /dev/null @@ -1,145 +0,0 @@ -package test - -import ( - "regexp" - "strings" - "testing" - - v1 "k8s.io/api/rbac/v1" - - "github.com/stretchr/testify/assert" - "gitlab.com/StackVista/DevOps/helm-charts/helmtestutil" -) - -var requiredRules = []string{ - "events+get,list,watch", - "nodes+get,list,watch", - "pods+get,list,watch", - "services+get,list,watch", - "configmaps+create,get,patch,update", -} - -var optionalRules = []string{ - "namespaces+get,list,watch", - "componentstatuses+get,list,watch", - "configmaps+list,watch", // get is already required - "endpoints+get,list,watch", - "persistentvolumeclaims+get,list,watch", - "persistentvolumes+get,list,watch", - "secrets+get,list,watch", - "apps/daemonsets+get,list,watch", - "apps/deployments+get,list,watch", - "apps/replicasets+get,list,watch", - "apps/statefulsets+get,list,watch", - "extensions/ingresses+get,list,watch", - "batch/cronjobs+get,list,watch", - "batch/jobs+get,list,watch", -} - -var roleDescriptionRegexp = regexp.MustCompile(`^((?P\w+)/)?(?P\w+)\+(?P[\w,]+)`) - -type Rule struct { - Group string - ResourceName string - Verb string -} - -func assertRuleExistence(t *testing.T, rules []v1.PolicyRule, roleDescription string, shouldBePresent bool) { - match := roleDescriptionRegexp.FindStringSubmatch(roleDescription) - assert.NotNil(t, match) - - var roleRules []Rule - for _, rule := range rules { - for _, group := range rule.APIGroups { - for _, resource := range rule.Resources { - for _, verb := range rule.Verbs { - roleRules = append(roleRules, Rule{group, resource, verb}) - } - } - } - } - - resGroup := match[roleDescriptionRegexp.SubexpIndex("group")] - resName := match[roleDescriptionRegexp.SubexpIndex("name")] - verbs := strings.Split(match[roleDescriptionRegexp.SubexpIndex("verbs")], ",") - - for _, verb := range verbs { - requiredRule := Rule{resGroup, resName, verb} - found := false - for _, rule := range roleRules { - if rule == requiredRule { - found = true - break - } - } - if shouldBePresent { - assert.Truef(t, found, "Rule %v has not been found", requiredRule) - } else { - assert.Falsef(t, found, "Rule %v should not be present", requiredRule) - } - } -} - -func TestAllResourcesAreEnabled(t *testing.T) { - output := helmtestutil.RenderHelmTemplate(t, "stackstate-k8s-agent", "values/minimal.yaml") - resources := helmtestutil.NewKubernetesResources(t, output) - - assert.Contains(t, resources.ClusterRoles, "stackstate-k8s-agent") - assert.Contains(t, resources.Roles, "stackstate-k8s-agent") - rules := resources.ClusterRoles["stackstate-k8s-agent"].Rules - rules = append(rules, resources.Roles["stackstate-k8s-agent"].Rules...) - - for _, requiredRole := range requiredRules { - assertRuleExistence(t, rules, requiredRole, true) - } - // be default, everything is enabled, so all the optional roles should be present as well - for _, optionalRule := range optionalRules { - assertRuleExistence(t, rules, optionalRule, true) - } -} - -func TestMostOfResourcesAreDisabled(t *testing.T) { - output := helmtestutil.RenderHelmTemplate(t, "stackstate-k8s-agent", "values/minimal.yaml", "values/disable-all-resource.yaml") - resources := helmtestutil.NewKubernetesResources(t, output) - - assert.Contains(t, resources.ClusterRoles, "stackstate-k8s-agent") - assert.Contains(t, resources.Roles, "stackstate-k8s-agent") - rules := resources.ClusterRoles["stackstate-k8s-agent"].Rules - rules = append(rules, resources.Roles["stackstate-k8s-agent"].Rules...) - - for _, requiredRole := range requiredRules { - assertRuleExistence(t, rules, requiredRole, true) - } - - // we expect all optional resources to be removed from ClusterRole with the given values - for _, optionalRule := range optionalRules { - assertRuleExistence(t, rules, optionalRule, false) - } -} - -func TestNoClusterWideModificationRights(t *testing.T) { - output := helmtestutil.RenderHelmTemplate(t, "stackstate-k8s-agent", "values/minimal.yaml", "values/http-header-injector.yaml") - resources := helmtestutil.NewKubernetesResources(t, output) - assert.Contains(t, resources.ClusterRoles, "stackstate-k8s-agent") - illegalVerbs := []string{"create", "patch", "update", "delete"} - - for _, clusterRole := range resources.ClusterRoles { - for _, rule := range clusterRole.Rules { - for _, verb := range rule.Verbs { - assert.NotContains(t, illegalVerbs, verb, "ClusterRole %s should not have %s verb for %s resource", clusterRole.Name, verb, rule.Resources) - } - } - } -} - -func TestServicePortChange(t *testing.T) { - output := helmtestutil.RenderHelmTemplate(t, "stackstate-k8s-agent", "values/minimal.yaml", "values/clustercheck_service_port_override.yaml") - resources := helmtestutil.NewKubernetesResources(t, output) - - cluster_agent_service := resources.Services["stackstate-k8s-agent-cluster-agent"] - - port := cluster_agent_service.Spec.Ports[0] - assert.Equal(t, port.Name, "clusteragent") - assert.Equal(t, port.Port, int32(8008)) - assert.Equal(t, port.TargetPort.IntVal, int32(9009)) -} diff --git a/charts/stackstate/stackstate-k8s-agent/1.0.53/test/clustername_test.go b/charts/stackstate/stackstate-k8s-agent/1.0.53/test/clustername_test.go deleted file mode 100644 index 55090b995..000000000 --- a/charts/stackstate/stackstate-k8s-agent/1.0.53/test/clustername_test.go +++ /dev/null @@ -1,54 +0,0 @@ -package test - -import ( - "testing" - - "github.com/gruntwork-io/terratest/modules/helm" - "github.com/stretchr/testify/assert" - - "gitlab.com/StackVista/DevOps/helm-charts/helmtestutil" -) - -func TestHelmBasicRender(t *testing.T) { - output := helmtestutil.RenderHelmTemplate(t, "stackstate-k8s-agent", "values/minimal.yaml") - - // Parse all resources into their corresponding types for validation and further inspection - helmtestutil.NewKubernetesResources(t, output) -} - -func TestClusterNameValidation(t *testing.T) { - testCases := []struct { - Name string - ClusterName string - IsValid bool - }{ - {"not allowed end with special character [.]", "name.", false}, - {"not allowed end with special character [-]", "name.", false}, - {"not allowed start with special character [-]", "-name", false}, - {"not allowed start with special character [.]", ".name", false}, - {"upper case is not allowed", "Euwest1-prod.cool-company.com", false}, - {"upper case is not allowed", "euwest1-PROD.cool-company.com", false}, - {"upper case is not allowed", "euwest1-prod.cool-company.coM", false}, - {"dots and dashes are allowed in the middle", "euwest1-prod.cool-company.com", true}, - {"underscore is not allowed", "why_7", false}, - } - - for _, testCase := range testCases { - t.Run(testCase.Name, func(t *testing.T) { - output, err := helmtestutil.RenderHelmTemplateOpts( - t, "cluster-agent", - &helm.Options{ - ValuesFiles: []string{"values/minimal.yaml"}, - SetStrValues: map[string]string{ - "stackstate.cluster.name": testCase.ClusterName, - }, - }) - if testCase.IsValid { - assert.Nil(t, err) - } else { - assert.NotNil(t, err) - assert.Contains(t, output, "stackstate.cluster.name: Does not match pattern") - } - }) - } -} diff --git a/charts/stackstate/stackstate-k8s-agent/1.0.53/test/values/clustercheck_ksm_custom_url.yaml b/charts/stackstate/stackstate-k8s-agent/1.0.53/test/values/clustercheck_ksm_custom_url.yaml deleted file mode 100644 index 57b973eed..000000000 --- a/charts/stackstate/stackstate-k8s-agent/1.0.53/test/values/clustercheck_ksm_custom_url.yaml +++ /dev/null @@ -1,7 +0,0 @@ -checksAgent: - enabled: true - kubeStateMetrics: - url: http://my-custom-ksm-url.monitoring.svc.local:8080/metrics -dependencies: - kubeStateMetrics: - enabled: true diff --git a/charts/stackstate/stackstate-k8s-agent/1.0.53/test/values/clustercheck_ksm_no_override.yaml b/charts/stackstate/stackstate-k8s-agent/1.0.53/test/values/clustercheck_ksm_no_override.yaml deleted file mode 100644 index b6c817d47..000000000 --- a/charts/stackstate/stackstate-k8s-agent/1.0.53/test/values/clustercheck_ksm_no_override.yaml +++ /dev/null @@ -1,5 +0,0 @@ -checksAgent: - enabled: true -dependencies: - kubeStateMetrics: - enabled: true diff --git a/charts/stackstate/stackstate-k8s-agent/1.0.53/test/values/clustercheck_ksm_override.yaml b/charts/stackstate/stackstate-k8s-agent/1.0.53/test/values/clustercheck_ksm_override.yaml deleted file mode 100644 index 9ca201345..000000000 --- a/charts/stackstate/stackstate-k8s-agent/1.0.53/test/values/clustercheck_ksm_override.yaml +++ /dev/null @@ -1,26 +0,0 @@ -checksAgent: - enabled: true -dependencies: - kubeStateMetrics: - enabled: true -agent: - config: - override: -# agent.config.override -- Disables kubernetes_state check on regular agent pods. - - name: auto_conf.yaml - path: /etc/stackstate-agent/conf.d/kubernetes_state.d - data: | -clusterAgent: - config: - override: -# clusterAgent.config.override -- Defines kubernetes_state check for clusterchecks agents. Auto-discovery -# with ad_identifiers does not work here. Use a specific URL instead. - - name: conf.yaml - path: /etc/stackstate-agent/conf.d/kubernetes_state.d - data: | - cluster_check: true - - init_config: - - instances: - - kube_state_url: http://YOUR_KUBE_STATE_METRICS_SERVICE_NAME:8080/metrics diff --git a/charts/stackstate/stackstate-k8s-agent/1.0.53/test/values/clustercheck_no_ksm_custom_url.yaml b/charts/stackstate/stackstate-k8s-agent/1.0.53/test/values/clustercheck_no_ksm_custom_url.yaml deleted file mode 100644 index a62691878..000000000 --- a/charts/stackstate/stackstate-k8s-agent/1.0.53/test/values/clustercheck_no_ksm_custom_url.yaml +++ /dev/null @@ -1,7 +0,0 @@ -checksAgent: - enabled: true - kubeStateMetrics: - url: http://my-custom-ksm-url.monitoring.svc.local:8080/metrics -dependencies: - kubeStateMetrics: - enabled: false diff --git a/charts/stackstate/stackstate-k8s-agent/1.0.53/test/values/clustercheck_service_port_override.yaml b/charts/stackstate/stackstate-k8s-agent/1.0.53/test/values/clustercheck_service_port_override.yaml deleted file mode 100644 index c01a98fcb..000000000 --- a/charts/stackstate/stackstate-k8s-agent/1.0.53/test/values/clustercheck_service_port_override.yaml +++ /dev/null @@ -1,4 +0,0 @@ -clusterAgent: - service: - port: 8008 - targetPort: 9009 diff --git a/charts/stackstate/stackstate-k8s-agent/1.0.53/test/values/disable-all-resource.yaml b/charts/stackstate/stackstate-k8s-agent/1.0.53/test/values/disable-all-resource.yaml deleted file mode 100644 index cd33e843e..000000000 --- a/charts/stackstate/stackstate-k8s-agent/1.0.53/test/values/disable-all-resource.yaml +++ /dev/null @@ -1,17 +0,0 @@ -clusterAgent: - collection: - kubernetesMetrics: false - kubernetesResources: - namespaces: false - configmaps: false - endpoints: false - persistentvolumes: false - persistentvolumeclaims: false - secrets: false - daemonsets: false - deployments: false - replicasets: false - statefulsets: false - ingresses: false - cronjobs: false - jobs: false diff --git a/charts/stackstate/stackstate-k8s-agent/1.0.53/test/values/http-header-injector.yaml b/charts/stackstate/stackstate-k8s-agent/1.0.53/test/values/http-header-injector.yaml deleted file mode 100644 index c9392ce2d..000000000 --- a/charts/stackstate/stackstate-k8s-agent/1.0.53/test/values/http-header-injector.yaml +++ /dev/null @@ -1,8 +0,0 @@ -httpHeaderInjectorWebhook: - webhook: - tls: - mode: "provided" - provided: - caBundle: insert-ca-here - crt: insert-cert-here - key: insert-key-here diff --git a/charts/stackstate/stackstate-k8s-agent/1.0.53/test/values/minimal.yaml b/charts/stackstate/stackstate-k8s-agent/1.0.53/test/values/minimal.yaml deleted file mode 100644 index b310c9a09..000000000 --- a/charts/stackstate/stackstate-k8s-agent/1.0.53/test/values/minimal.yaml +++ /dev/null @@ -1,7 +0,0 @@ -stackstate: - apiKey: foobar - cluster: - name: some-k8s-cluster - token: some-token - - url: https://stackstate:7000/receiver diff --git a/charts/stackstate/stackstate-k8s-agent/1.0.53/values.schema.json b/charts/stackstate/stackstate-k8s-agent/1.0.53/values.schema.json deleted file mode 100644 index 2b977af3d..000000000 --- a/charts/stackstate/stackstate-k8s-agent/1.0.53/values.schema.json +++ /dev/null @@ -1,79 +0,0 @@ -{ - "$schema": "https://json-schema.org/draft/2019-09/schema", - "$id": "https://stackstate.io/example.json", - "type": "object", - "default": {}, - "title": "StackState Agent Helm chart values", - "required": [ - "stackstate", - "clusterAgent" - ], - "properties": { - "stackstate": { - "type": "object", - "required": [ - "apiKey", - "cluster", - "url" - ], - "properties": { - "apiKey": { - "type": "string" - }, - "cluster": { - "type": "object", - "required": ["name"], - "properties": { - "name": { - "type": "string", - "pattern": "^[a-z0-9]([a-z0-9\\-\\.]*[a-z0-9])$" - }, - "authToken": { - "type": "string" - } - } - }, - "url": { - "type": "string" - } - } - }, - "clusterAgent": { - "type": "object", - "required": [ - "config" - ], - "properties": { - "config": { - "type": "object", - "required": [ - "events" - ], - "properties": { - "events": { - "type": "object", - "properties": { - "categories": { - "type": "object", - "patternProperties": { - ".*": { - "type": [ - "string" - ], - "enum": [ - "Alerts", - "Activities", - "Changes", - "Others" - ] - } - } - } - } - } - } - } - } - } - } -} diff --git a/charts/stackstate/stackstate-k8s-agent/1.0.53/values.yaml b/charts/stackstate/stackstate-k8s-agent/1.0.53/values.yaml deleted file mode 100644 index c49a26150..000000000 --- a/charts/stackstate/stackstate-k8s-agent/1.0.53/values.yaml +++ /dev/null @@ -1,553 +0,0 @@ -##################### -# General variables # -##################### - -global: - extraEnv: - # global.extraEnv.open -- Extra open environment variables to inject into pods. - open: {} - # global.extraEnv.secret -- Extra secret environment variables to inject into pods via a `Secret` object. - secret: {} - # global.imagePullSecrets -- Secrets / credentials needed for container image registry. - imagePullSecrets: [] - # global.imagePullCredentials -- Globally define credentials for pulling images. - imagePullCredentials: {} - -# nameOverride -- Override the name of the chart. -nameOverride: "" -# fullnameOverride -- Override the fullname of the chart. -fullnameOverride: "" - -# targetSystem -- Target OS for this deployment (possible values: linux) -targetSystem: "linux" - -all: - image: - # all.image.registry -- The image registry to use. - registry: "quay.io" - hardening: - # all.hardening.enabled -- An indication of whether the containers will be evaluated for hardening at runtime - enabled: false - -nodeAgent: - containerRuntime: - # nodeAgent.containerRuntime.customSocketPath -- If the container socket path does not match the default for CRI-O, Containerd or Docker, supply a custom socket path. - customSocketPath: "" - # nodeAgent.containerRuntime.customHostProc -- If the container is launched from a place where /proc is mounted differently, /proc can be changed - hostProc: /proc - - scc: - # nodeAgent.scc.enabled -- Enable / disable the installation of the SecurityContextConfiguration needed for installation on OpenShift. - enabled: false - apm: - # nodeAgent.apm.enabled -- Enable / disable the nodeAgent APM module. - enabled: true - networkTracing: - # nodeAgent.networkTracing.enabled -- Enable / disable the nodeAgent network tracing module. - enabled: true - protocolInspection: - # nodeAgent.protocolInspection.enabled -- Enable / disable the nodeAgent protocol inspection. - enabled: true - httpTracing: - enabled: true - # nodeAgent.skipSslValidation -- Set to true if self signed certificates are used. - skipSslValidation: false - # nodeAgent.skipKubeletTLSVerify -- Set to true if you want to skip kubelet tls verification. - skipKubeletTLSVerify: false - - # nodeAgent.checksTagCardinality -- low, orchestrator or high. Orchestrator level adds pod_name, high adds display_container_name - checksTagCardinality: orchestrator - - # nodeAgent.config -- - config: - # nodeAgent.config.override -- A list of objects containing three keys `name`, `path` and `data`, specifying filenames at specific paths which need to be (potentially) overridden using a mounted configmap - override: [] - - # nodeAgent.priorityClassName -- Priority class for nodeAgent pods. - priorityClassName: "" - - containers: - - agent: - image: - # nodeAgent.containers.agent.image.repository -- Base container image repository. - repository: stackstate/stackstate-k8s-agent - # nodeAgent.containers.agent.image.tag -- Default container image tag. - tag: "9af1b63f" - # nodeAgent.containers.agent.image.pullPolicy -- Default container image pull policy. - pullPolicy: IfNotPresent - processAgent: - # nodeAgent.containers.agent.processAgent.enabled -- Enable / disable the agent process agent module. - deprecated - enabled: false - # nodeAgent.containers.agent.env -- Additional environment variables for the agent container - env: {} - # nodeAgent.containers.agent.logLevel -- Set logging verbosity, valid log levels are: trace, debug, info, warn, error, critical, and off - ## If not set, fall back to the value of agent.logLevel. - logLevel: # INFO - - resources: - limits: - # nodeAgent.containers.agent.resources.limits.cpu -- CPU resource limits. - cpu: "270m" - # nodeAgent.containers.agent.resources.limits.cpu -- Memory resource limits. - memory: "420Mi" - requests: - # nodeAgent.containers.agent.resources.requests.cpu -- CPU resource requests. - cpu: "20m" - # nodeAgent.containers.agent.resources.requests.cpu -- Memory resource requests. - memory: "180Mi" - livenessProbe: - # nodeAgent.containers.agent.livenessProbe.enabled -- Enable use of livenessProbe check. - enabled: true - # nodeAgent.containers.agent.livenessProbe.failureThreshold -- `failureThreshold` for the liveness probe. - failureThreshold: 3 - # nodeAgent.containers.agent.livenessProbe.initialDelaySeconds -- `initialDelaySeconds` for the liveness probe. - initialDelaySeconds: 15 - # nodeAgent.containers.agent.livenessProbe.periodSeconds -- `periodSeconds` for the liveness probe. - periodSeconds: 15 - # nodeAgent.containers.agent.livenessProbe.successThreshold -- `successThreshold` for the liveness probe. - successThreshold: 1 - # nodeAgent.containers.agent.livenessProbe.timeoutSeconds -- `timeoutSeconds` for the liveness probe. - timeoutSeconds: 5 - readinessProbe: - # nodeAgent.containers.agent.readinessProbe.enabled -- Enable use of readinessProbe check. - enabled: true - # nodeAgent.containers.agent.readinessProbe.failureThreshold -- `failureThreshold` for the readiness probe. - failureThreshold: 3 - # nodeAgent.containers.agent.readinessProbe.initialDelaySeconds -- `initialDelaySeconds` for the readiness probe. - initialDelaySeconds: 15 - # nodeAgent.containers.agent.readinessProbe.periodSeconds -- `periodSeconds` for the readiness probe. - periodSeconds: 15 - # nodeAgent.containers.agent.readinessProbe.successThreshold -- `successThreshold` for the readiness probe. - successThreshold: 1 - # nodeAgent.containers.agent.readinessProbe.timeoutSeconds -- `timeoutSeconds` for the readiness probe. - timeoutSeconds: 5 - - processAgent: - # nodeAgent.containers.processAgent.enabled -- Enable / disable the process agent container. - enabled: true - image: - # Override to pull the image from an alternate registry - registry: - # nodeAgent.containers.processAgent.image.repository -- Process-agent container image repository. - repository: stackstate/stackstate-k8s-process-agent - # nodeAgent.containers.processAgent.image.tag -- Default process-agent container image tag. - tag: "c9dbfd73" - # nodeAgent.containers.processAgent.image.pullPolicy -- Process-agent container image pull policy. - pullPolicy: IfNotPresent - # nodeAgent.containers.processAgent.env -- Additional environment variables for the process-agent container - env: {} - # nodeAgent.containers.processAgent.logLevel -- Set logging verbosity, valid log levels are: trace, debug, info, warn, error, critical, and off - ## If not set, fall back to the value of agent.logLevel. - logLevel: # INFO - - resources: - limits: - # nodeAgent.containers.processAgent.resources.limits.cpu -- CPU resource limits. - cpu: "125m" - # nodeAgent.containers.processAgent.resources.limits.cpu -- Memory resource limits. - memory: "400Mi" - requests: - # nodeAgent.containers.processAgent.resources.requests.cpu -- CPU resource requests. - cpu: "25m" - # nodeAgent.containers.processAgent.resources.requests.cpu -- Memory resource requests. - memory: "128Mi" - # nodeAgent.service -- The Kubernetes service for the agent - service: - # nodeAgent.service.type -- Type of Kubernetes service: ClusterIP, LoadBalancer, NodePort - type: ClusterIP - # nodeAgent.service.annotations -- Annotations for the service - annotations: {} - # nodeAgent.service.loadBalancerSourceRanges -- The IP4 CIDR allowed to reach LoadBalancer for the service. For LoadBalancer type of service only. - loadBalancerSourceRanges: ["10.0.0.0/8"] - - # nodeAgent.logLevel -- Logging level for agent processes. - logLevel: INFO - - # nodeAgent.updateStrategy -- The update strategy for the DaemonSet object. - updateStrategy: - type: RollingUpdate - rollingUpdate: - maxUnavailable: 100 - - # nodeAgent.nodeSelector -- Node labels for pod assignment. - nodeSelector: {} - - # nodeAgent.tolerations -- Toleration labels for pod assignment. - tolerations: [] - - # nodeAgent.affinity -- Affinity settings for pod assignment. - affinity: {} - - serviceaccount: - # nodeAgent.serviceaccount.annotations -- Annotations for the service account for the agent daemonset pods - annotations: {} - -processAgent: - softMemoryLimit: - # processAgent.softMemoryLimit.goMemLimit -- Soft-limit for golang heap allocation, for sanity, must be around 85% of nodeAgent.containers.processAgent.resources.limits.cpu. - goMemLimit: 340MiB - # processAgent.softMemoryLimit.httpStatsBufferSize -- Sets a maximum for the number of http stats to keep in memory between check runs, to use 40k requires around ~400Mib of memory. - httpStatsBufferSize: 40000 - # processAgent.softMemoryLimit.httpObservationsBufferSize -- Sets a maximum for the number of http observations to keep in memory between check runs, to use 40k requires around ~400Mib of memory. - httpObservationsBufferSize: 40000 - - checkIntervals: - # processAgent.checkIntervals.container -- Override the default value of the container check interval in seconds. - container: 28 - # processAgent.checkIntervals.connections -- Override the default value of the connections check interval in seconds. - connections: 30 - # processAgent.checkIntervals.process -- Override the default value of the process check interval in seconds. - process: 32 - -clusterAgent: - collection: - # clusterAgent.collection.kubernetesEvents -- Enable / disable the cluster agent events collection. - kubernetesEvents: true - # clusterAgent.collection.kubernetesMetrics -- Enable / disable the cluster agent metrics collection. - kubernetesMetrics: true - # clusterAgent.collection.kubernetesTimeout -- Default timeout (in seconds) when obtaining information from the Kubernetes API. - kubernetesTimeout: 10 - # clusterAgent.collection.kubernetesTopology -- Enable / disable the cluster agent topology collection. - kubernetesTopology: true - kubeStateMetrics: - # clusterAgent.collection.kubeStateMetrics.enabled -- Enable / disable the cluster agent kube-state-metrics collection. - enabled: true - # clusterAgent.collection.kubeStateMetrics.clusterCheck -- For large clusters where the Kubernetes State Metrics Check Core needs to be distributed on dedicated workers. - clusterCheck: false - # clusterAgent.collection.kubeStateMetrics.labelsAsTags -- Extra labels to collect from resources and to turn into StackState tag. - ## It has the following structure: - ## labelsAsTags: - ## : # can be pod, deployment, node, etc. - ## : # where is the kubernetes label and is the StackState tag - ## : - ## : - ## : - ## - ## Warning: the label must match the transformation done by kube-state-metrics, - ## for example tags.stackstate/version becomes tags_stackstate_version. - labelsAsTags: {} - # pod: - # app: app - # node: - # zone: zone - # team: team - - # clusterAgent.collection.kubeStateMetrics.annotationsAsTags -- Extra annotations to collect from resources and to turn into StackState tag. - - ## It has the following structure: - ## annotationsAsTags: - ## : # can be pod, deployment, node, etc. - ## : # where is the kubernetes annotation and is the StackState tag - ## : - ## : - ## : - ## - ## Warning: the annotation must match the transformation done by kube-state-metrics, - ## for example tags.stackstate/version becomes tags_stackstate_version. - annotationsAsTags: {} - kubernetesResources: - # clusterAgent.collection.kubernetesResources.volumeattachments -- Enable / disable collection of Volume Attachments. Used to bind Nodes to Persistent Volumes. - volumeattachments: true - # clusterAgent.collection.kubernetesResources.namespaces -- Enable / disable collection of Namespaces. - namespaces: true - # clusterAgent.collection.kubernetesResources.configmaps -- Enable / disable collection of ConfigMaps. - configmaps: true - # clusterAgent.collection.kubernetesResources.endpoints -- Enable / disable collection of Endpoints. If endpoints are disabled then StackState won't be able to connect a Service to Pods that serving it - endpoints: true - # clusterAgent.collection.kubernetesResources.persistentvolumes -- Enable / disable collection of PersistentVolumes. - persistentvolumes: true - # clusterAgent.collection.kubernetesResources.persistentvolumeclaims -- Enable / disable collection of PersistentVolumeClaims. Disabling these will not let StackState connect PersistentVolumes to pods they are attached to - persistentvolumeclaims: true - # clusterAgent.collection.kubernetesResources.secrets -- Enable / disable collection of Secrets. - secrets: true - # clusterAgent.collection.kubernetesResources.daemonsets -- Enable / disable collection of DaemonSets. - daemonsets: true - # clusterAgent.collection.kubernetesResources.deployments -- Enable / disable collection of Deployments. - deployments: true - # clusterAgent.collection.kubernetesResources.replicasets -- Enable / disable collection of ReplicaSets. - replicasets: true - # clusterAgent.collection.kubernetesResources.statefulsets -- Enable / disable collection of StatefulSets. - statefulsets: true - # clusterAgent.collection.kubernetesResources.ingresses -- Enable / disable collection of Ingresses. - ingresses: true - # clusterAgent.collection.kubernetesResources.cronjobs -- Enable / disable collection of CronJobs. - cronjobs: true - # clusterAgent.collection.kubernetesResources.jobs -- Enable / disable collection of Jobs. - jobs: true - # clusterAgent.collection.kubernetesResources.resourcequotas -- Enable / disable collection of ResourceQuotas. - resourcequotas: true - - # clusterAgent.config -- - config: - events: - # clusterAgent.config.events.categories -- Custom mapping from Kubernetes event reason to StackState event category. Categories allowed: Alerts, Activities, Changes, Others - categories: {} - topology: - # clusterAgent.config.topology.collectionInterval -- Interval for running topology collection, in seconds - collectionInterval: 90 - configMap: - # clusterAgent.config.configMap.maxDataSize -- Maximum amount of characters for the data property of a ConfigMap collected by the kubernetes topology check - maxDataSize: - # clusterAgent.config.override -- A list of objects containing three keys `name`, `path` and `data`, specifying filenames at specific paths which need to be (potentially) overridden using a mounted configmap - override: [] - - service: - # clusterAgent.service.port -- Change the Cluster Agent service port - port: 5005 - # clusterAgent.service.targetPort -- Change the Cluster Agent service targetPort - targetPort: 5005 - - # clusterAgent.enabled -- Enable / disable the cluster agent. - enabled: true - - image: - # clusterAgent.image.repository -- Base container image repository. - repository: stackstate/stackstate-k8s-cluster-agent - # clusterAgent.image.tag -- Default container image tag. - tag: "9af1b63f" - # clusterAgent.image.pullPolicy -- Default container image pull policy. - pullPolicy: IfNotPresent - - livenessProbe: - # clusterAgent.livenessProbe.enabled -- Enable use of livenessProbe check. - enabled: true - # clusterAgent.livenessProbe.failureThreshold -- `failureThreshold` for the liveness probe. - failureThreshold: 3 - # clusterAgent.livenessProbe.initialDelaySeconds -- `initialDelaySeconds` for the liveness probe. - initialDelaySeconds: 15 - # clusterAgent.livenessProbe.periodSeconds -- `periodSeconds` for the liveness probe. - periodSeconds: 15 - # clusterAgent.livenessProbe.successThreshold -- `successThreshold` for the liveness probe. - successThreshold: 1 - # clusterAgent.livenessProbe.timeoutSeconds -- `timeoutSeconds` for the liveness probe. - timeoutSeconds: 5 - - # clusterAgent.logLevel -- Logging level for stackstate-k8s-agent processes. - logLevel: INFO - - # clusterAgent.priorityClassName -- Priority class for stackstate-k8s-agent pods. - priorityClassName: "" - - readinessProbe: - # clusterAgent.readinessProbe.enabled -- Enable use of readinessProbe check. - enabled: true - # clusterAgent.readinessProbe.failureThreshold -- `failureThreshold` for the readiness probe. - failureThreshold: 3 - # clusterAgent.readinessProbe.initialDelaySeconds -- `initialDelaySeconds` for the readiness probe. - initialDelaySeconds: 15 - # clusterAgent.readinessProbe.periodSeconds -- `periodSeconds` for the readiness probe. - periodSeconds: 15 - # clusterAgent.readinessProbe.successThreshold -- `successThreshold` for the readiness probe. - successThreshold: 1 - # clusterAgent.readinessProbe.timeoutSeconds -- `timeoutSeconds` for the readiness probe. - timeoutSeconds: 5 - - # clusterAgent.replicaCount -- Number of replicas of the cluster agent to deploy. - replicaCount: 1 - - serviceaccount: - # clusterAgent.serviceaccount.annotations -- Annotations for the service account for the cluster agent pods - annotations: {} - - # clusterAgent.strategy -- The strategy for the Deployment object. - strategy: - type: RollingUpdate - # rollingUpdate: - # maxUnavailable: 1 - - resources: - limits: - # clusterAgent.resources.limits.cpu -- CPU resource limits. - cpu: "400m" - # clusterAgent.resources.limits.memory -- Memory resource limits. - memory: "800Mi" - requests: - # clusterAgent.resources.requests.cpu -- CPU resource requests. - cpu: "70m" - # clusterAgent.resources.requests.memory -- Memory resource requests. - memory: "512Mi" - - # clusterAgent.nodeSelector -- Node labels for pod assignment. - nodeSelector: {} - - # clusterAgent.tolerations -- Toleration labels for pod assignment. - tolerations: [] - - # clusterAgent.affinity -- Affinity settings for pod assignment. - affinity: {} - -openShiftLogging: - # openShiftLogging.installSecret -- Install a secret for logging on openshift - installSecret: false - -logsAgent: - # logsAgent.enabled -- Enable / disable k8s pod log collection - enabled: true - - # logsAgent.priorityClassName -- Priority class for logsAgent pods. - priorityClassName: "" - - image: - # logsAgent.image.repository -- Base container image repository. - repository: stackstate/promtail - # logsAgent.image.tag -- Default container image tag. - tag: 2.7.1 - # logsAgent.image.pullPolicy -- Default container image pull policy. - pullPolicy: IfNotPresent - - resources: - limits: - # logsAgent.resources.limits.cpu -- CPU resource limits. - cpu: "1300m" - # logsAgent.resources.limits.cpu -- Memory resource limits. - memory: "192Mi" - requests: - # logsAgent.resources.requests.cpu -- CPU resource requests. - cpu: "20m" - # logsAgent.resources.requests.cpu -- Memory resource requests. - memory: "100Mi" - - # logsAgent.updateStrategy -- The update strategy for the DaemonSet object. - updateStrategy: - type: RollingUpdate - rollingUpdate: - maxUnavailable: 100 - - # logsAgent.nodeSelector -- Node labels for pod assignment. - nodeSelector: {} - - # logsAgent.tolerations -- Toleration labels for pod assignment. - tolerations: [] - - # logsAgent.affinity -- Affinity settings for pod assignment. - affinity: {} - - serviceaccount: - # logsAgent.serviceaccount.annotations -- Annotations for the service account for the daemonset pods - annotations: {} - -checksAgent: - # checksAgent.enabled -- Enable / disable runnning cluster checks in a separately deployed pod - enabled: true - scc: - # checksAgent.scc.enabled -- Enable / disable the installation of the SecurityContextConfiguration needed for installation on OpenShift - enabled: false - apm: - # checksAgent.apm.enabled -- Enable / disable the agent APM module. - enabled: true - networkTracing: - # checksAgent.networkTracing.enabled -- Enable / disable the agent network tracing module. - enabled: true - processAgent: - # checksAgent.processAgent.enabled -- Enable / disable the agent process agent module. - enabled: true - # checksAgent.skipSslValidation -- Set to true if self signed certificates are used. - skipSslValidation: false - - # nodeAgent.checksTagCardinality -- low, orchestrator or high. Orchestrator level adds pod_name, high adds display_container_name - checksTagCardinality: orchestrator - - # checksAgent.config -- - config: - # checksAgent.config.override -- A list of objects containing three keys `name`, `path` and `data`, specifying filenames at specific paths which need to be (potentially) overridden using a mounted configmap - override: [] - - image: - # checksAgent.image.repository -- Base container image repository. - repository: stackstate/stackstate-k8s-agent - # checksAgent.image.tag -- Default container image tag. - tag: "9af1b63f" - # checksAgent.image.pullPolicy -- Default container image pull policy. - pullPolicy: IfNotPresent - - livenessProbe: - # checksAgent.livenessProbe.enabled -- Enable use of livenessProbe check. - enabled: true - # checksAgent.livenessProbe.failureThreshold -- `failureThreshold` for the liveness probe. - failureThreshold: 3 - # checksAgent.livenessProbe.initialDelaySeconds -- `initialDelaySeconds` for the liveness probe. - initialDelaySeconds: 15 - # checksAgent.livenessProbe.periodSeconds -- `periodSeconds` for the liveness probe. - periodSeconds: 15 - # checksAgent.livenessProbe.successThreshold -- `successThreshold` for the liveness probe. - successThreshold: 1 - # checksAgent.livenessProbe.timeoutSeconds -- `timeoutSeconds` for the liveness probe. - timeoutSeconds: 5 - - # checksAgent.logLevel -- Logging level for clusterchecks agent processes. - logLevel: INFO - - # checksAgent.priorityClassName -- Priority class for clusterchecks agent pods. - priorityClassName: "" - - readinessProbe: - # checksAgent.readinessProbe.enabled -- Enable use of readinessProbe check. - enabled: true - # checksAgent.readinessProbe.failureThreshold -- `failureThreshold` for the readiness probe. - failureThreshold: 3 - # checksAgent.readinessProbe.initialDelaySeconds -- `initialDelaySeconds` for the readiness probe. - initialDelaySeconds: 15 - # checksAgent.readinessProbe.periodSeconds -- `periodSeconds` for the readiness probe. - periodSeconds: 15 - # checksAgent.readinessProbe.successThreshold -- `successThreshold` for the readiness probe. - successThreshold: 1 - # checksAgent.readinessProbe.timeoutSeconds -- `timeoutSeconds` for the readiness probe. - timeoutSeconds: 5 - - # checksAgent.replicas -- Number of clusterchecks agent pods to schedule - replicas: 1 - - resources: - limits: - # checksAgent.resources.limits.cpu -- CPU resource limits. - cpu: "400m" - # checksAgent.resources.limits.cpu -- Memory resource limits. - memory: "600Mi" - requests: - # checksAgent.resources.requests.cpu -- CPU resource requests. - cpu: "20m" - # checksAgent.resources.requests.cpu -- Memory resource requests. - memory: "512Mi" - - serviceaccount: - # checksAgent.serviceaccount.annotations -- Annotations for the service account for the cluster checks pods - annotations: {} - - # checksAgent.strategy -- The strategy for the Deployment object. - strategy: - type: RollingUpdate - # rollingUpdate: - # maxUnavailable: 1 - - # checksAgent.nodeSelector -- Node labels for pod assignment. - nodeSelector: {} - - # checksAgent.tolerations -- Toleration labels for pod assignment. - tolerations: [] - - # checksAgent.affinity -- Affinity settings for pod assignment. - affinity: {} - -################################## -# http-header-injector variables # -################################## - -httpHeaderInjectorWebhook: - # httpHeaderInjectorWebhook.enabled -- Enable the webhook for injection http header injection sidecar proxy - enabled: false - -######################## -# StackState variables # -######################## - -stackstate: - # stackstate.apiKey -- (string) **PROVIDE YOUR API KEY HERE** API key to be used by the StackState agent. - apiKey: - cluster: - # stackstate.cluster.name -- (string) **PROVIDE KUBERNETES CLUSTER NAME HERE** Name of the Kubernetes cluster where the agent will be installed. - name: - # stackstate.cluster.authToken -- Provide a token to enable secure communication between the agent and the cluster agent. - authToken: "" - # stackstate.url -- (string) **PROVIDE STACKSTATE URL HERE** URL of the StackState installation to receive data from the agent. - url: diff --git a/charts/stackstate/stackstate-k8s-agent/1.0.54/.helmignore b/charts/stackstate/stackstate-k8s-agent/1.0.54/.helmignore deleted file mode 100644 index 15a5c1277..000000000 --- a/charts/stackstate/stackstate-k8s-agent/1.0.54/.helmignore +++ /dev/null @@ -1,26 +0,0 @@ -# Patterns to ignore when building packages. -# This supports shell glob matching, relative path matching, and -# negation (prefixed with !). Only one pattern per line. -.DS_Store -# Common VCS dirs -.git/ -.gitignore -.bzr/ -.bzrignore -.hg/ -.hgignore -.svn/ -# Common backup files -*.swp -*.bak -*.tmp -*~ -# Various IDEs -.project -.idea/ -*.tmproj -.vscode/ -linter_values.yaml -ci/ -installation/ -logo.svg diff --git a/charts/stackstate/stackstate-k8s-agent/1.0.54/Chart.lock b/charts/stackstate/stackstate-k8s-agent/1.0.54/Chart.lock deleted file mode 100644 index eb882a083..000000000 --- a/charts/stackstate/stackstate-k8s-agent/1.0.54/Chart.lock +++ /dev/null @@ -1,6 +0,0 @@ -dependencies: -- name: http-header-injector - repository: https://helm.stackstate.io - version: 0.0.6 -digest: sha256:eec4d022d97ef52e88860b54682692fd369c864ca49ccde01b30605cce20c96f -generated: "2023-08-25T14:49:57.569449+02:00" diff --git a/charts/stackstate/stackstate-k8s-agent/1.0.54/Chart.yaml b/charts/stackstate/stackstate-k8s-agent/1.0.54/Chart.yaml deleted file mode 100644 index 96ddf3ea3..000000000 --- a/charts/stackstate/stackstate-k8s-agent/1.0.54/Chart.yaml +++ /dev/null @@ -1,25 +0,0 @@ -annotations: - catalog.cattle.io/certified: partner - catalog.cattle.io/display-name: StackState Agent - catalog.cattle.io/kube-version: '>=1.19.0-0' - catalog.cattle.io/release-name: stackstate-k8s-agent -apiVersion: v2 -appVersion: 2.19.1 -dependencies: -- alias: httpHeaderInjectorWebhook - name: http-header-injector - repository: file://./charts/http-header-injector - version: 0.0.6 -deprecated: true -description: Helm chart for the StackState Agent. -home: https://github.com/StackVista/stackstate-agent -icon: https://raw.githubusercontent.com/StackVista/helm-charts/master/stable/stackstate-k8s-agent/logo.svg -keywords: -- monitoring -- observability -- stackstate -maintainers: -- email: ops@stackstate.com - name: Stackstate -name: stackstate-k8s-agent -version: 1.0.54 diff --git a/charts/stackstate/stackstate-k8s-agent/1.0.54/README.md b/charts/stackstate/stackstate-k8s-agent/1.0.54/README.md deleted file mode 100644 index c00a2fb4a..000000000 --- a/charts/stackstate/stackstate-k8s-agent/1.0.54/README.md +++ /dev/null @@ -1,238 +0,0 @@ -# stackstate-k8s-agent - -Helm chart for the StackState Agent. - -Current chart version is `1.0.54` - -**Homepage:** - -## Requirements - -| Repository | Name | Version | -|------------|------|---------| -| https://helm.stackstate.io | httpHeaderInjectorWebhook(http-header-injector) | 0.0.6 | - -## Required Values - -In order to successfully install this chart, you **must** provide the following variables: - -* `stackstate.apiKey` -* `stackstate.cluster.name` -* `stackstate.url` - -The parameter `stackstate.cluster.name` is entered when installing the Cluster Agent StackPack. - -Install them on the command line on Helm with the following command: - -```shell -helm install \ ---set-string 'stackstate.apiKey'='' \ ---set-string 'stackstate.cluster.name'='' \ ---set-string 'stackstate.url'='' \ -stackstate/stackstate-k8s-agent -``` - -## Recommended Values - -It is also recommended that you set a value for `stackstate.cluster.authToken`. If it is not provided, a value will be generated for you, but the value will change each time an upgrade is performed. - -The command for **also** installing with a set token would be: - -```shell -helm install \ ---set-string 'stackstate.apiKey'='' \ ---set-string 'stackstate.cluster.name'='' \ ---set-string 'stackstate.cluster.authToken'='' \ ---set-string 'stackstate.url'='' \ -stackstate/stackstate-k8s-agent -``` - -## Values - -| Key | Type | Default | Description | -|-----|------|---------|-------------| -| all.hardening.enabled | bool | `false` | An indication of whether the containers will be evaluated for hardening at runtime | -| all.image.registry | string | `"quay.io"` | The image registry to use. | -| checksAgent.affinity | object | `{}` | Affinity settings for pod assignment. | -| checksAgent.apm.enabled | bool | `true` | Enable / disable the agent APM module. | -| checksAgent.checksTagCardinality | string | `"orchestrator"` | | -| checksAgent.config | object | `{"override":[]}` | | -| checksAgent.config.override | list | `[]` | A list of objects containing three keys `name`, `path` and `data`, specifying filenames at specific paths which need to be (potentially) overridden using a mounted configmap | -| checksAgent.enabled | bool | `true` | Enable / disable runnning cluster checks in a separately deployed pod | -| checksAgent.image.pullPolicy | string | `"IfNotPresent"` | Default container image pull policy. | -| checksAgent.image.repository | string | `"stackstate/stackstate-k8s-agent"` | Base container image repository. | -| checksAgent.image.tag | string | `"9af1b63f"` | Default container image tag. | -| checksAgent.livenessProbe.enabled | bool | `true` | Enable use of livenessProbe check. | -| checksAgent.livenessProbe.failureThreshold | int | `3` | `failureThreshold` for the liveness probe. | -| checksAgent.livenessProbe.initialDelaySeconds | int | `15` | `initialDelaySeconds` for the liveness probe. | -| checksAgent.livenessProbe.periodSeconds | int | `15` | `periodSeconds` for the liveness probe. | -| checksAgent.livenessProbe.successThreshold | int | `1` | `successThreshold` for the liveness probe. | -| checksAgent.livenessProbe.timeoutSeconds | int | `5` | `timeoutSeconds` for the liveness probe. | -| checksAgent.logLevel | string | `"INFO"` | Logging level for clusterchecks agent processes. | -| checksAgent.networkTracing.enabled | bool | `true` | Enable / disable the agent network tracing module. | -| checksAgent.nodeSelector | object | `{}` | Node labels for pod assignment. | -| checksAgent.priorityClassName | string | `""` | Priority class for clusterchecks agent pods. | -| checksAgent.processAgent.enabled | bool | `true` | Enable / disable the agent process agent module. | -| checksAgent.readinessProbe.enabled | bool | `true` | Enable use of readinessProbe check. | -| checksAgent.readinessProbe.failureThreshold | int | `3` | `failureThreshold` for the readiness probe. | -| checksAgent.readinessProbe.initialDelaySeconds | int | `15` | `initialDelaySeconds` for the readiness probe. | -| checksAgent.readinessProbe.periodSeconds | int | `15` | `periodSeconds` for the readiness probe. | -| checksAgent.readinessProbe.successThreshold | int | `1` | `successThreshold` for the readiness probe. | -| checksAgent.readinessProbe.timeoutSeconds | int | `5` | `timeoutSeconds` for the readiness probe. | -| checksAgent.replicas | int | `1` | Number of clusterchecks agent pods to schedule | -| checksAgent.resources.limits.cpu | string | `"400m"` | Memory resource limits. | -| checksAgent.resources.limits.memory | string | `"600Mi"` | | -| checksAgent.resources.requests.cpu | string | `"20m"` | Memory resource requests. | -| checksAgent.resources.requests.memory | string | `"512Mi"` | | -| checksAgent.scc.enabled | bool | `false` | Enable / disable the installation of the SecurityContextConfiguration needed for installation on OpenShift | -| checksAgent.serviceaccount.annotations | object | `{}` | Annotations for the service account for the cluster checks pods | -| checksAgent.skipSslValidation | bool | `false` | Set to true if self signed certificates are used. | -| checksAgent.strategy | object | `{"type":"RollingUpdate"}` | The strategy for the Deployment object. | -| checksAgent.tolerations | list | `[]` | Toleration labels for pod assignment. | -| clusterAgent.affinity | object | `{}` | Affinity settings for pod assignment. | -| clusterAgent.collection.kubeStateMetrics.annotationsAsTags | object | `{}` | Extra annotations to collect from resources and to turn into StackState tag. | -| clusterAgent.collection.kubeStateMetrics.clusterCheck | bool | `false` | For large clusters where the Kubernetes State Metrics Check Core needs to be distributed on dedicated workers. | -| clusterAgent.collection.kubeStateMetrics.enabled | bool | `true` | Enable / disable the cluster agent kube-state-metrics collection. | -| clusterAgent.collection.kubeStateMetrics.labelsAsTags | object | `{}` | Extra labels to collect from resources and to turn into StackState tag. # It has the following structure: # labelsAsTags: # : # can be pod, deployment, node, etc. # : # where is the kubernetes label and is the StackState tag # : # : # : # # Warning: the label must match the transformation done by kube-state-metrics, # for example tags.stackstate/version becomes tags_stackstate_version. | -| clusterAgent.collection.kubernetesEvents | bool | `true` | Enable / disable the cluster agent events collection. | -| clusterAgent.collection.kubernetesMetrics | bool | `true` | Enable / disable the cluster agent metrics collection. | -| clusterAgent.collection.kubernetesResources.configmaps | bool | `true` | Enable / disable collection of ConfigMaps. | -| clusterAgent.collection.kubernetesResources.cronjobs | bool | `true` | Enable / disable collection of CronJobs. | -| clusterAgent.collection.kubernetesResources.daemonsets | bool | `true` | Enable / disable collection of DaemonSets. | -| clusterAgent.collection.kubernetesResources.deployments | bool | `true` | Enable / disable collection of Deployments. | -| clusterAgent.collection.kubernetesResources.endpoints | bool | `true` | Enable / disable collection of Endpoints. If endpoints are disabled then StackState won't be able to connect a Service to Pods that serving it | -| clusterAgent.collection.kubernetesResources.ingresses | bool | `true` | Enable / disable collection of Ingresses. | -| clusterAgent.collection.kubernetesResources.jobs | bool | `true` | Enable / disable collection of Jobs. | -| clusterAgent.collection.kubernetesResources.namespaces | bool | `true` | Enable / disable collection of Namespaces. | -| clusterAgent.collection.kubernetesResources.persistentvolumeclaims | bool | `true` | Enable / disable collection of PersistentVolumeClaims. Disabling these will not let StackState connect PersistentVolumes to pods they are attached to | -| clusterAgent.collection.kubernetesResources.persistentvolumes | bool | `true` | Enable / disable collection of PersistentVolumes. | -| clusterAgent.collection.kubernetesResources.replicasets | bool | `true` | Enable / disable collection of ReplicaSets. | -| clusterAgent.collection.kubernetesResources.resourcequotas | bool | `true` | Enable / disable collection of ResourceQuotas. | -| clusterAgent.collection.kubernetesResources.secrets | bool | `true` | Enable / disable collection of Secrets. | -| clusterAgent.collection.kubernetesResources.statefulsets | bool | `true` | Enable / disable collection of StatefulSets. | -| clusterAgent.collection.kubernetesResources.volumeattachments | bool | `true` | Enable / disable collection of Volume Attachments. Used to bind Nodes to Persistent Volumes. | -| clusterAgent.collection.kubernetesTimeout | int | `10` | Default timeout (in seconds) when obtaining information from the Kubernetes API. | -| clusterAgent.collection.kubernetesTopology | bool | `true` | Enable / disable the cluster agent topology collection. | -| clusterAgent.config | object | `{"configMap":{"maxDataSize":null},"events":{"categories":{}},"override":[],"topology":{"collectionInterval":90}}` | | -| clusterAgent.config.configMap.maxDataSize | string | `nil` | Maximum amount of characters for the data property of a ConfigMap collected by the kubernetes topology check | -| clusterAgent.config.events.categories | object | `{}` | Custom mapping from Kubernetes event reason to StackState event category. Categories allowed: Alerts, Activities, Changes, Others | -| clusterAgent.config.override | list | `[]` | A list of objects containing three keys `name`, `path` and `data`, specifying filenames at specific paths which need to be (potentially) overridden using a mounted configmap | -| clusterAgent.config.topology.collectionInterval | int | `90` | Interval for running topology collection, in seconds | -| clusterAgent.enabled | bool | `true` | Enable / disable the cluster agent. | -| clusterAgent.image.pullPolicy | string | `"IfNotPresent"` | Default container image pull policy. | -| clusterAgent.image.repository | string | `"stackstate/stackstate-k8s-cluster-agent"` | Base container image repository. | -| clusterAgent.image.tag | string | `"9af1b63f"` | Default container image tag. | -| clusterAgent.livenessProbe.enabled | bool | `true` | Enable use of livenessProbe check. | -| clusterAgent.livenessProbe.failureThreshold | int | `3` | `failureThreshold` for the liveness probe. | -| clusterAgent.livenessProbe.initialDelaySeconds | int | `15` | `initialDelaySeconds` for the liveness probe. | -| clusterAgent.livenessProbe.periodSeconds | int | `15` | `periodSeconds` for the liveness probe. | -| clusterAgent.livenessProbe.successThreshold | int | `1` | `successThreshold` for the liveness probe. | -| clusterAgent.livenessProbe.timeoutSeconds | int | `5` | `timeoutSeconds` for the liveness probe. | -| clusterAgent.logLevel | string | `"INFO"` | Logging level for stackstate-k8s-agent processes. | -| clusterAgent.nodeSelector | object | `{}` | Node labels for pod assignment. | -| clusterAgent.priorityClassName | string | `""` | Priority class for stackstate-k8s-agent pods. | -| clusterAgent.readinessProbe.enabled | bool | `true` | Enable use of readinessProbe check. | -| clusterAgent.readinessProbe.failureThreshold | int | `3` | `failureThreshold` for the readiness probe. | -| clusterAgent.readinessProbe.initialDelaySeconds | int | `15` | `initialDelaySeconds` for the readiness probe. | -| clusterAgent.readinessProbe.periodSeconds | int | `15` | `periodSeconds` for the readiness probe. | -| clusterAgent.readinessProbe.successThreshold | int | `1` | `successThreshold` for the readiness probe. | -| clusterAgent.readinessProbe.timeoutSeconds | int | `5` | `timeoutSeconds` for the readiness probe. | -| clusterAgent.replicaCount | int | `1` | Number of replicas of the cluster agent to deploy. | -| clusterAgent.resources.limits.cpu | string | `"400m"` | CPU resource limits. | -| clusterAgent.resources.limits.memory | string | `"800Mi"` | Memory resource limits. | -| clusterAgent.resources.requests.cpu | string | `"70m"` | CPU resource requests. | -| clusterAgent.resources.requests.memory | string | `"512Mi"` | Memory resource requests. | -| clusterAgent.service.port | int | `5005` | Change the Cluster Agent service port | -| clusterAgent.service.targetPort | int | `5005` | Change the Cluster Agent service targetPort | -| clusterAgent.serviceaccount.annotations | object | `{}` | Annotations for the service account for the cluster agent pods | -| clusterAgent.strategy | object | `{"type":"RollingUpdate"}` | The strategy for the Deployment object. | -| clusterAgent.tolerations | list | `[]` | Toleration labels for pod assignment. | -| fullnameOverride | string | `""` | Override the fullname of the chart. | -| global.extraEnv.open | object | `{}` | Extra open environment variables to inject into pods. | -| global.extraEnv.secret | object | `{}` | Extra secret environment variables to inject into pods via a `Secret` object. | -| global.imagePullCredentials | object | `{}` | Globally define credentials for pulling images. | -| global.imagePullSecrets | list | `[]` | Secrets / credentials needed for container image registry. | -| httpHeaderInjectorWebhook.enabled | bool | `false` | Enable the webhook for injection http header injection sidecar proxy | -| logsAgent.affinity | object | `{}` | Affinity settings for pod assignment. | -| logsAgent.enabled | bool | `true` | Enable / disable k8s pod log collection | -| logsAgent.image.pullPolicy | string | `"IfNotPresent"` | Default container image pull policy. | -| logsAgent.image.repository | string | `"stackstate/promtail"` | Base container image repository. | -| logsAgent.image.tag | string | `"2.7.1"` | Default container image tag. | -| logsAgent.nodeSelector | object | `{}` | Node labels for pod assignment. | -| logsAgent.priorityClassName | string | `""` | Priority class for logsAgent pods. | -| logsAgent.resources.limits.cpu | string | `"1300m"` | Memory resource limits. | -| logsAgent.resources.limits.memory | string | `"192Mi"` | | -| logsAgent.resources.requests.cpu | string | `"20m"` | Memory resource requests. | -| logsAgent.resources.requests.memory | string | `"100Mi"` | | -| logsAgent.serviceaccount.annotations | object | `{}` | Annotations for the service account for the daemonset pods | -| logsAgent.tolerations | list | `[]` | Toleration labels for pod assignment. | -| logsAgent.updateStrategy | object | `{"rollingUpdate":{"maxUnavailable":100},"type":"RollingUpdate"}` | The update strategy for the DaemonSet object. | -| nameOverride | string | `""` | Override the name of the chart. | -| nodeAgent.affinity | object | `{}` | Affinity settings for pod assignment. | -| nodeAgent.apm.enabled | bool | `true` | Enable / disable the nodeAgent APM module. | -| nodeAgent.checksTagCardinality | string | `"orchestrator"` | low, orchestrator or high. Orchestrator level adds pod_name, high adds display_container_name | -| nodeAgent.config | object | `{"override":[]}` | | -| nodeAgent.config.override | list | `[]` | A list of objects containing three keys `name`, `path` and `data`, specifying filenames at specific paths which need to be (potentially) overridden using a mounted configmap | -| nodeAgent.containerRuntime.customSocketPath | string | `""` | If the container socket path does not match the default for CRI-O, Containerd or Docker, supply a custom socket path. | -| nodeAgent.containerRuntime.hostProc | string | `"/proc"` | | -| nodeAgent.containers.agent.env | object | `{}` | Additional environment variables for the agent container | -| nodeAgent.containers.agent.image.pullPolicy | string | `"IfNotPresent"` | Default container image pull policy. | -| nodeAgent.containers.agent.image.repository | string | `"stackstate/stackstate-k8s-agent"` | Base container image repository. | -| nodeAgent.containers.agent.image.tag | string | `"9af1b63f"` | Default container image tag. | -| nodeAgent.containers.agent.livenessProbe.enabled | bool | `true` | Enable use of livenessProbe check. | -| nodeAgent.containers.agent.livenessProbe.failureThreshold | int | `3` | `failureThreshold` for the liveness probe. | -| nodeAgent.containers.agent.livenessProbe.initialDelaySeconds | int | `15` | `initialDelaySeconds` for the liveness probe. | -| nodeAgent.containers.agent.livenessProbe.periodSeconds | int | `15` | `periodSeconds` for the liveness probe. | -| nodeAgent.containers.agent.livenessProbe.successThreshold | int | `1` | `successThreshold` for the liveness probe. | -| nodeAgent.containers.agent.livenessProbe.timeoutSeconds | int | `5` | `timeoutSeconds` for the liveness probe. | -| nodeAgent.containers.agent.logLevel | string | `nil` | Set logging verbosity, valid log levels are: trace, debug, info, warn, error, critical, and off # If not set, fall back to the value of agent.logLevel. | -| nodeAgent.containers.agent.processAgent.enabled | bool | `false` | Enable / disable the agent process agent module. - deprecated | -| nodeAgent.containers.agent.readinessProbe.enabled | bool | `true` | Enable use of readinessProbe check. | -| nodeAgent.containers.agent.readinessProbe.failureThreshold | int | `3` | `failureThreshold` for the readiness probe. | -| nodeAgent.containers.agent.readinessProbe.initialDelaySeconds | int | `15` | `initialDelaySeconds` for the readiness probe. | -| nodeAgent.containers.agent.readinessProbe.periodSeconds | int | `15` | `periodSeconds` for the readiness probe. | -| nodeAgent.containers.agent.readinessProbe.successThreshold | int | `1` | `successThreshold` for the readiness probe. | -| nodeAgent.containers.agent.readinessProbe.timeoutSeconds | int | `5` | `timeoutSeconds` for the readiness probe. | -| nodeAgent.containers.agent.resources.limits.cpu | string | `"270m"` | Memory resource limits. | -| nodeAgent.containers.agent.resources.limits.memory | string | `"420Mi"` | | -| nodeAgent.containers.agent.resources.requests.cpu | string | `"20m"` | Memory resource requests. | -| nodeAgent.containers.agent.resources.requests.memory | string | `"180Mi"` | | -| nodeAgent.containers.processAgent.enabled | bool | `true` | Enable / disable the process agent container. | -| nodeAgent.containers.processAgent.env | object | `{}` | Additional environment variables for the process-agent container | -| nodeAgent.containers.processAgent.image.pullPolicy | string | `"IfNotPresent"` | Process-agent container image pull policy. | -| nodeAgent.containers.processAgent.image.registry | string | `nil` | | -| nodeAgent.containers.processAgent.image.repository | string | `"stackstate/stackstate-k8s-process-agent"` | Process-agent container image repository. | -| nodeAgent.containers.processAgent.image.tag | string | `"160f79ee"` | Default process-agent container image tag. | -| nodeAgent.containers.processAgent.logLevel | string | `nil` | Set logging verbosity, valid log levels are: trace, debug, info, warn, error, critical, and off # If not set, fall back to the value of agent.logLevel. | -| nodeAgent.containers.processAgent.resources.limits.cpu | string | `"125m"` | Memory resource limits. | -| nodeAgent.containers.processAgent.resources.limits.memory | string | `"400Mi"` | | -| nodeAgent.containers.processAgent.resources.requests.cpu | string | `"25m"` | Memory resource requests. | -| nodeAgent.containers.processAgent.resources.requests.memory | string | `"128Mi"` | | -| nodeAgent.httpTracing.enabled | bool | `true` | | -| nodeAgent.logLevel | string | `"INFO"` | Logging level for agent processes. | -| nodeAgent.networkTracing.enabled | bool | `true` | Enable / disable the nodeAgent network tracing module. | -| nodeAgent.nodeSelector | object | `{}` | Node labels for pod assignment. | -| nodeAgent.priorityClassName | string | `""` | Priority class for nodeAgent pods. | -| nodeAgent.protocolInspection.enabled | bool | `true` | Enable / disable the nodeAgent protocol inspection. | -| nodeAgent.scc.enabled | bool | `false` | Enable / disable the installation of the SecurityContextConfiguration needed for installation on OpenShift. | -| nodeAgent.service | object | `{"annotations":{},"loadBalancerSourceRanges":["10.0.0.0/8"],"type":"ClusterIP"}` | The Kubernetes service for the agent | -| nodeAgent.service.annotations | object | `{}` | Annotations for the service | -| nodeAgent.service.loadBalancerSourceRanges | list | `["10.0.0.0/8"]` | The IP4 CIDR allowed to reach LoadBalancer for the service. For LoadBalancer type of service only. | -| nodeAgent.service.type | string | `"ClusterIP"` | Type of Kubernetes service: ClusterIP, LoadBalancer, NodePort | -| nodeAgent.serviceaccount.annotations | object | `{}` | Annotations for the service account for the agent daemonset pods | -| nodeAgent.skipKubeletTLSVerify | bool | `false` | Set to true if you want to skip kubelet tls verification. | -| nodeAgent.skipSslValidation | bool | `false` | Set to true if self signed certificates are used. | -| nodeAgent.tolerations | list | `[]` | Toleration labels for pod assignment. | -| nodeAgent.updateStrategy | object | `{"rollingUpdate":{"maxUnavailable":100},"type":"RollingUpdate"}` | The update strategy for the DaemonSet object. | -| openShiftLogging.installSecret | bool | `false` | Install a secret for logging on openshift | -| processAgent.checkIntervals.connections | int | `30` | Override the default value of the connections check interval in seconds. | -| processAgent.checkIntervals.container | int | `28` | Override the default value of the container check interval in seconds. | -| processAgent.checkIntervals.process | int | `32` | Override the default value of the process check interval in seconds. | -| processAgent.softMemoryLimit.goMemLimit | string | `"340MiB"` | Soft-limit for golang heap allocation, for sanity, must be around 85% of nodeAgent.containers.processAgent.resources.limits.cpu. | -| processAgent.softMemoryLimit.httpObservationsBufferSize | int | `40000` | Sets a maximum for the number of http observations to keep in memory between check runs, to use 40k requires around ~400Mib of memory. | -| processAgent.softMemoryLimit.httpStatsBufferSize | int | `40000` | Sets a maximum for the number of http stats to keep in memory between check runs, to use 40k requires around ~400Mib of memory. | -| stackstate.apiKey | string | `nil` | **PROVIDE YOUR API KEY HERE** API key to be used by the StackState agent. | -| stackstate.cluster.authToken | string | `""` | Provide a token to enable secure communication between the agent and the cluster agent. | -| stackstate.cluster.name | string | `nil` | **PROVIDE KUBERNETES CLUSTER NAME HERE** Name of the Kubernetes cluster where the agent will be installed. | -| stackstate.url | string | `nil` | **PROVIDE STACKSTATE URL HERE** URL of the StackState installation to receive data from the agent. | -| targetSystem | string | `"linux"` | Target OS for this deployment (possible values: linux) | diff --git a/charts/stackstate/stackstate-k8s-agent/1.0.54/README.md.gotmpl b/charts/stackstate/stackstate-k8s-agent/1.0.54/README.md.gotmpl deleted file mode 100644 index 7909e6f0d..000000000 --- a/charts/stackstate/stackstate-k8s-agent/1.0.54/README.md.gotmpl +++ /dev/null @@ -1,45 +0,0 @@ -{{ template "chart.header" . }} -{{ template "chart.description" . }} - -Current chart version is `{{ template "chart.version" . }}` - -{{ template "chart.homepageLine" . }} - -{{ template "chart.requirementsSection" . }} - -## Required Values - -In order to successfully install this chart, you **must** provide the following variables: - -* `stackstate.apiKey` -* `stackstate.cluster.name` -* `stackstate.url` - -The parameter `stackstate.cluster.name` is entered when installing the Cluster Agent StackPack. - -Install them on the command line on Helm with the following command: - -```shell -helm install \ ---set-string 'stackstate.apiKey'='' \ ---set-string 'stackstate.cluster.name'='' \ ---set-string 'stackstate.url'='' \ -stackstate/stackstate-k8s-agent -``` - -## Recommended Values - -It is also recommended that you set a value for `stackstate.cluster.authToken`. If it is not provided, a value will be generated for you, but the value will change each time an upgrade is performed. - -The command for **also** installing with a set token would be: - -```shell -helm install \ ---set-string 'stackstate.apiKey'='' \ ---set-string 'stackstate.cluster.name'='' \ ---set-string 'stackstate.cluster.authToken'='' \ ---set-string 'stackstate.url'='' \ -stackstate/stackstate-k8s-agent -``` - -{{ template "chart.valuesSection" . }} diff --git a/charts/stackstate/stackstate-k8s-agent/1.0.54/Releasing.md b/charts/stackstate/stackstate-k8s-agent/1.0.54/Releasing.md deleted file mode 100644 index bab6c2b94..000000000 --- a/charts/stackstate/stackstate-k8s-agent/1.0.54/Releasing.md +++ /dev/null @@ -1,15 +0,0 @@ -To make a new release of this helm chart, follow the following steps: - - -- Create a branch from master -- Set the latest tags for the docker images, based on the dev settings (while we do not promote to prod, the moment we promote to prod we should take those tags) from https://gitlab.com/stackvista/devops/agent-promoter/-/blob/master/config.yml. Set the value to the folowing keys: - * stackstate-k8s-cluster-agent: - * [clusterAgent.image.tag] - * stackstate-k8s-agent: - * [nodeAgent.containers.agent.image.tag] - * [checksAgent.image.tag] - * stackstate-k8s-process-agent: - * [nodeAgent.containers.processAgent.image.tag] -- Bump the version of the chart -- Merge the mr and hit the public release button on the ci pipeline -- Manually smoke-test (deploy) the newly released stackstate/stackstate-k8s-agent chart to make sure it runs diff --git a/charts/stackstate/stackstate-k8s-agent/1.0.54/app-readme.md b/charts/stackstate/stackstate-k8s-agent/1.0.54/app-readme.md deleted file mode 100644 index 8025fe1d3..000000000 --- a/charts/stackstate/stackstate-k8s-agent/1.0.54/app-readme.md +++ /dev/null @@ -1,5 +0,0 @@ -## Introduction - -StackState is a modern Application Troubleshooting and Observability solution designed for the rapid evolving engineering landscape. With specific enhancements for Kubernetes environments it empowers engineers, allowing them to remediate application issues independently in production. - -The StackState Agent auto-discovers your entire environment in minutes, assimilating topology, logs, metrics, and events and sends this of to the StackState server. By using StackState you're able to tracke all activity in your environment in real-time and over time. StackState provides instant understanding of the business impact of an issue, offering end-to-end chain observability and ensuring that you can quickly correlate any product or environmental changes to the overall health of your cloud-native implementation. diff --git a/charts/stackstate/stackstate-k8s-agent/1.0.54/charts/http-header-injector/.helmignore b/charts/stackstate/stackstate-k8s-agent/1.0.54/charts/http-header-injector/.helmignore deleted file mode 100644 index 69790771c..000000000 --- a/charts/stackstate/stackstate-k8s-agent/1.0.54/charts/http-header-injector/.helmignore +++ /dev/null @@ -1,25 +0,0 @@ -# Patterns to ignore when building packages. -# This supports shell glob matching, relative path matching, and -# negation (prefixed with !). Only one pattern per line. -.DS_Store -# Common VCS dirs -.git/ -.gitignore -.bzr/ -.bzrignore -.hg/ -.hgignore -.svn/ -# Common backup files -*.swp -*.bak -*.tmp -*~ -# Various IDEs -.project -.idea/ -*.tmproj -.vscode/ -linter_values.yaml -ci/ -installation/ diff --git a/charts/stackstate/stackstate-k8s-agent/1.0.54/charts/http-header-injector/Chart.yaml b/charts/stackstate/stackstate-k8s-agent/1.0.54/charts/http-header-injector/Chart.yaml deleted file mode 100644 index c1f1de800..000000000 --- a/charts/stackstate/stackstate-k8s-agent/1.0.54/charts/http-header-injector/Chart.yaml +++ /dev/null @@ -1,15 +0,0 @@ -apiVersion: v2 -appVersion: 0.0.1 -description: 'Helm chart for deploying the http-header-injector sidecar, which automatically - injects x-request-id into http traffic going through the cluster for pods which - have the annotation `http-header-injector.stackstate.io/inject: enabled` is set. ' -home: https://github.com/StackVista/http-header-injector -icon: https://www.stackstate.com/wp-content/uploads/2019/02/152x152-favicon.png -keywords: -- monitoring -- stackstate -maintainers: -- email: ops@stackstate.com - name: Stackstate Lupulus Team -name: http-header-injector -version: 0.0.6 diff --git a/charts/stackstate/stackstate-k8s-agent/1.0.54/charts/http-header-injector/README.md b/charts/stackstate/stackstate-k8s-agent/1.0.54/charts/http-header-injector/README.md deleted file mode 100644 index 3f83e01b8..000000000 --- a/charts/stackstate/stackstate-k8s-agent/1.0.54/charts/http-header-injector/README.md +++ /dev/null @@ -1,54 +0,0 @@ -# http-header-injector - -![Version: 0.0.6](https://img.shields.io/badge/Version-0.0.6-informational?style=flat-square) ![AppVersion: 0.0.1](https://img.shields.io/badge/AppVersion-0.0.1-informational?style=flat-square) - -Helm chart for deploying the http-header-injector sidecar, which automatically injects x-request-id into http traffic -going through the cluster for pods which have the annotation `http-header-injector.stackstate.io/inject: enabled` is set. - -**Homepage:** - -## Maintainers - -| Name | Email | Url | -| ---- | ------ | --- | -| Stackstate Lupulus Team | | | - -## Values - -| Key | Type | Default | Description | -|-----|------|---------|-------------| -| certificatePrehook | object | `{"image":{"pullPolicy":"IfNotPresent","registry":null,"repository":"stackstate/container-tools","tag":"1.1.8"}}` | Helm prehook to setup/remove a certificate for the sidecarInjector mutationwebhook | -| certificatePrehook.image.pullPolicy | string | `"IfNotPresent"` | Policy when pulling an image | -| certificatePrehook.image.registry | string | `nil` | Registry for the docker image. | -| certificatePrehook.image.tag | string | `"1.1.8"` | The tag for the docker image | -| debug | bool | `false` | Enable debugging. This will leave leave artifacts around like the prehook jobs for further inspection | -| enabled | bool | `true` | Enable/disable the mutationwebhook | -| global.imagePullCredentials | object | `{}` | Globally define credentials for pulling images. | -| global.imagePullSecrets | list | `[]` | Globally add image pull secrets that are used. | -| global.imageRegistry | string | `nil` | Globally override the image registry that is used. Can be overridden by specific containers. Defaults to quay.io | -| images.pullSecretName | string | `nil` | | -| proxy | object | `{"image":{"pullPolicy":"IfNotPresent","registry":null,"repository":"stackstate/http-header-injector-proxy","tag":"sha-5ff79451"},"resources":{"limits":{"memory":"40Mi"},"requests":{"memory":"25Mi"}}}` | Proxy being injected into pods for rewriting http headers | -| proxy.image.pullPolicy | string | `"IfNotPresent"` | Policy when pulling an image | -| proxy.image.registry | string | `nil` | Registry for the docker image. | -| proxy.image.tag | string | `"sha-5ff79451"` | The tag for the docker image | -| proxy.resources.limits.memory | string | `"40Mi"` | Memory resource limits. | -| proxy.resources.requests.memory | string | `"25Mi"` | Memory resource requests. | -| proxyInit | object | `{"image":{"pullPolicy":"IfNotPresent","registry":null,"repository":"stackstate/http-header-injector-proxy-init","tag":"sha-5ff79451"}}` | InitContainer within pod which redirects traffic to the proxy container. | -| proxyInit.image.pullPolicy | string | `"IfNotPresent"` | Policy when pulling an image | -| proxyInit.image.registry | string | `nil` | Registry for the docker image | -| proxyInit.image.tag | string | `"sha-5ff79451"` | The tag for the docker image | -| sidecarInjector | object | `{"image":{"pullPolicy":"IfNotPresent","registry":null,"repository":"stackstate/generic-sidecar-injector","tag":"sha-9c852245"}}` | Service for injecting the proxy sidecar into pods | -| sidecarInjector.image.pullPolicy | string | `"IfNotPresent"` | Policy when pulling an image | -| sidecarInjector.image.registry | string | `nil` | Registry for the docker image. | -| sidecarInjector.image.tag | string | `"sha-9c852245"` | The tag for the docker image | -| webhook | object | `{"failurePolicy":"Ignore","tls":{"certManager":{"issuer":"","issuerKind":"ClusterIssuer","issuerNamespace":""},"mode":"generated","provided":{"caBundle":"","crt":"","key":""},"secret":{"name":""}}}` | MutationWebhook that will be installed to inject a sidecar into pods | -| webhook.failurePolicy | string | `"Ignore"` | How should the webhook fail? Best is to use Ignore, because there is a brief moment at initialization when the hook s there but the service not. Also, putting this to fail can cause the control plane be unresponsive. | -| webhook.tls.certManager.issuer | string | `""` | The issuer that is used for the webhook. Only used if you set webhook.tls.mode to "cert-manager". | -| webhook.tls.certManager.issuerKind | string | `"ClusterIssuer"` | The issuer kind that is used for the webhook, valid values are "Issuer" or "ClusterIssuer". Only used if you set webhook.tls.mode to "cert-manager". | -| webhook.tls.certManager.issuerNamespace | string | `""` | The namespace the cert-manager issuer is located in. If left empty defaults to the release's namespace that is used for the webhook. Only used if you set webhook.tls.mode to "cert-manager". | -| webhook.tls.mode | string | `"generated"` | The mode for the webhook. Can be "provided", "generated", "secret" or "cert-manager". If you want to use cert-manager, you need to install it first. NOTE: If you choose "generated", additional privileges are required to create the certificate and webhook at runtime. | -| webhook.tls.provided.caBundle | string | `""` | The caBundle that is used for the webhook. This is the certificate that is used to sign the webhook. Only used if you set webhook.tls.mode to "provided". | -| webhook.tls.provided.crt | string | `""` | The certificate that is used for the webhook. Only used if you set webhook.tls.mode to "provided". | -| webhook.tls.provided.key | string | `""` | The key that is used for the webhook. Only used if you set webhook.tls.mode to "provided". | -| webhook.tls.secret.name | string | `""` | The name of the secret containing the pre-provisioned certificate data that is used for the webhook. Only used if you set webhook.tls.mode to "secret". | - diff --git a/charts/stackstate/stackstate-k8s-agent/1.0.54/charts/http-header-injector/Readme.md.gotpl b/charts/stackstate/stackstate-k8s-agent/1.0.54/charts/http-header-injector/Readme.md.gotpl deleted file mode 100644 index 225032aa2..000000000 --- a/charts/stackstate/stackstate-k8s-agent/1.0.54/charts/http-header-injector/Readme.md.gotpl +++ /dev/null @@ -1,26 +0,0 @@ -{{ template "chart.header" . }} -{{ template "chart.description" . }} - -Current chart version is `{{ template "chart.version" . }}` - -{{ template "chart.homepageLine" . }} - -{{ template "chart.requirementsSection" . }} - -## Required Values - -No values have to be included to install this chart. After installing this chart, it becomes possible to annotate pods with -the `http-header-injector.stackstate.io/inject: enabled` annotation to make sure the sidecar provided by this chart is -activated on a pod. - -## Recommended Values - -{{ template "chart.valuesSection" . -}} - -## Install - -Install from the command line on Helm with the following command: - -```shell -helm install stackstate/http-header-injector -``` diff --git a/charts/stackstate/stackstate-k8s-agent/1.0.54/charts/http-header-injector/templates/_defines.tpl b/charts/stackstate/stackstate-k8s-agent/1.0.54/charts/http-header-injector/templates/_defines.tpl deleted file mode 100644 index f1b8b8872..000000000 --- a/charts/stackstate/stackstate-k8s-agent/1.0.54/charts/http-header-injector/templates/_defines.tpl +++ /dev/null @@ -1,82 +0,0 @@ -{{- define "http-header-injector.app.name" -}} -{{ .Release.Name }}-http-header-injector -{{- end -}} - -{{- define "http-header-injector.webhook-service.name" -}} -{{ .Release.Name }}-http-header-injector -{{- end -}} - -{{- define "http-header-injector.webhook-service.fqname" -}} -{{ .Release.Name }}-http-header-injector.{{ .Release.Namespace }}.svc -{{- end -}} - -{{- define "http-header-injector.cert-secret.name" -}} -{{- if eq .Values.webhook.tls.mode "secret" -}} -{{ .Values.webhook.tls.secret.name }} -{{- else -}} -{{ .Release.Name }}-http-injector-cert -{{- end -}} -{{- end -}} - -{{- define "http-header-injector.cert-clusterrole.name" -}} -{{ .Release.Name }}-http-injector-cert-cluster-role -{{- end -}} - -{{- define "http-header-injector.cert-serviceaccount.name" -}} -{{ .Release.Name }}-http-injector-cert-sa -{{- end -}} - -{{- define "http-header-injector.cert-config.name" -}} -{{ .Release.Name }}-cert-config -{{- end -}} - -{{- define "http-header-injector.mutatingwebhookconfiguration.name" -}} -{{ .Release.Name }}-http-header-injector-webhook.stackstate.io -{{- end -}} - -{{- define "http-header-injector.webhook-config.name" -}} -{{ .Release.Name }}-http-header-injector-config -{{- end -}} - -{{- define "http-header-injector.mutating-webhook.name" -}} -{{ .Release.Name }}-http-header-injector-webhook -{{- end -}} - -{{- define "http-header-injector.pull-secret.name" -}} -{{ include "http-header-injector.app.name" . }}-pull-secret -{{- end -}} - -{{/* If the issuer is located in a different namespace, it is possible to set that, else default to the release namespace */}} -{{- define "cert-manager.certificate.namespace" -}} -{{ .Values.webhook.tls.certManager.issuerNamespace | default .Release.Namespace }} -{{- end -}} - -{{- define "http-header-injector.image.registry.global" -}} - {{- if .Values.global }} - {{- .Values.global.imageRegistry | default "quay.io" -}} - {{- else -}} - quay.io - {{- end -}} -{{- end -}} - -{{- define "http-header-injector.image.registry" -}} - {{- if ((.ContainerConfig).image).registry -}} - {{- tpl .ContainerConfig.image.registry . -}} - {{- else -}} - {{- include "http-header-injector.image.registry.global" . }} - {{- end -}} -{{- end -}} - -{{- define "http-header-injector.image.pullSecrets" -}} - {{- $pullSecrets := list }} - {{- $pullSecrets = append $pullSecrets (include "http-header-injector.pull-secret.name" .) }} - {{- range .Values.global.imagePullSecrets -}} - {{- $pullSecrets = append $pullSecrets . -}} - {{- end -}} - {{- if (not (empty $pullSecrets)) -}} -imagePullSecrets: - {{- range $pullSecrets | uniq }} - - name: {{ . }} - {{- end }} - {{- end -}} -{{- end -}} diff --git a/charts/stackstate/stackstate-k8s-agent/1.0.54/charts/http-header-injector/templates/cert-hook-clusterrolbinding.yaml b/charts/stackstate/stackstate-k8s-agent/1.0.54/charts/http-header-injector/templates/cert-hook-clusterrolbinding.yaml deleted file mode 100644 index fb804f729..000000000 --- a/charts/stackstate/stackstate-k8s-agent/1.0.54/charts/http-header-injector/templates/cert-hook-clusterrolbinding.yaml +++ /dev/null @@ -1,22 +0,0 @@ -{{- if eq .Values.webhook.tls.mode "generated" }} -apiVersion: rbac.authorization.k8s.io/v1 -kind: ClusterRoleBinding -metadata: - name: "{{ include "http-header-injector.cert-serviceaccount.name" . }}" - labels: - app.kubernetes.io/component: http-header-injector-cert-hook - app.kubernetes.io/instance: {{ .Release.Name }} - app.kubernetes.io/name: {{ include "http-header-injector.app.name" . }} - annotations: - "helm.sh/hook": pre-install,pre-upgrade,post-delete,post-upgrade - "helm.sh/hook-weight": "-3" - "helm.sh/hook-delete-policy": before-hook-creation,hook-succeeded -roleRef: - apiGroup: rbac.authorization.k8s.io - kind: ClusterRole - name: "{{ include "http-header-injector.cert-clusterrole.name" . }}" -subjects: - - kind: ServiceAccount - name: "{{ include "http-header-injector.cert-serviceaccount.name" . }}" - namespace: {{ .Release.Namespace }} -{{- end }} diff --git a/charts/stackstate/stackstate-k8s-agent/1.0.54/charts/http-header-injector/templates/cert-hook-clusterrole.yaml b/charts/stackstate/stackstate-k8s-agent/1.0.54/charts/http-header-injector/templates/cert-hook-clusterrole.yaml deleted file mode 100644 index 595ae5c1b..000000000 --- a/charts/stackstate/stackstate-k8s-agent/1.0.54/charts/http-header-injector/templates/cert-hook-clusterrole.yaml +++ /dev/null @@ -1,24 +0,0 @@ -{{- if eq .Values.webhook.tls.mode "generated" }} -apiVersion: rbac.authorization.k8s.io/v1 -kind: ClusterRole -metadata: - name: "{{ include "http-header-injector.cert-clusterrole.name" . }}" - labels: - app.kubernetes.io/component: http-header-injector-cert-hook - app.kubernetes.io/instance: {{ .Release.Name }} - app.kubernetes.io/name: {{ include "http-header-injector.app.name" . }} - annotations: - "helm.sh/hook": pre-install,pre-upgrade,post-delete,post-upgrade - "helm.sh/hook-weight": "-4" - "helm.sh/hook-delete-policy": before-hook-creation,hook-succeeded -rules: - - apiGroups: [ "admissionregistration.k8s.io" ] - resources: [ "mutatingwebhookconfigurations" ] - verbs: [ "get", "create", "patch","update","delete" ] - - apiGroups: [ "" ] - resources: [ "secrets" ] - verbs: [ "create", "get", "patch","update","delete" ] - - apiGroups: [ "apps" ] - resources: [ "deployments" ] - verbs: [ "get" ] -{{- end }} diff --git a/charts/stackstate/stackstate-k8s-agent/1.0.54/charts/http-header-injector/templates/cert-hook-config.yaml b/charts/stackstate/stackstate-k8s-agent/1.0.54/charts/http-header-injector/templates/cert-hook-config.yaml deleted file mode 100644 index b0c5f22fd..000000000 --- a/charts/stackstate/stackstate-k8s-agent/1.0.54/charts/http-header-injector/templates/cert-hook-config.yaml +++ /dev/null @@ -1,152 +0,0 @@ -{{- if eq .Values.webhook.tls.mode "generated" }} -apiVersion: v1 -kind: ConfigMap -metadata: - name: "{{ include "http-header-injector.cert-config.name" . }}" - labels: - app.kubernetes.io/component: http-header-injector-cert-hook - app.kubernetes.io/instance: {{ .Release.Name }} - app.kubernetes.io/name: {{ include "http-header-injector.app.name" . }} - annotations: - "helm.sh/hook": pre-install,pre-upgrade,post-delete,post-upgrade - "helm.sh/hook-weight": "-3" - "helm.sh/hook-delete-policy": before-hook-creation,hook-succeeded -data: - generate-cert.sh: | - #!/bin/bash - - # We are going for a self-signed certificate here. We would like to use k8s CertificateSigningRequest, however, - # currently there are no out of the box signers that can sign a 'server auth' certificate, which is required for mutation webhooks. - set -ex - - SCRIPTDIR="${BASH_SOURCE%/*}" - - DIR=`mktemp -d` - - cd "$DIR" - - {{ if .Values.enabled }} - echo "Chart enabled, creating secret and webhook" - - openssl genrsa -out ca.key 2048 - - openssl req -x509 -new -nodes -key ca.key -subj "/CN={{ include "http-header-injector.webhook-service.fqname" . }}" -days 10000 -out ca.crt - - openssl genrsa -out tls.key 2048 - - openssl req -new -key tls.key -out tls.csr -config "$SCRIPTDIR/csr.conf" - - openssl x509 -req -in tls.csr -CA ca.crt -CAkey ca.key \ - -CAcreateserial -out tls.crt -days 10000 \ - -extensions v3_ext -extfile "$SCRIPTDIR/csr.conf" -sha256 - - # Create or update the secret - echo "Applying secret" - kubectl create secret tls "{{ include "http-header-injector.cert-secret.name" . }}" \ - -n "{{ .Release.Namespace }}" \ - --cert=./tls.crt \ - --key=./tls.key \ - --dry-run=client \ - -o yaml | kubectl apply -f - - - echo "Applying mutationwebhook" - caBundle=`base64 -w 0 ca.crt` - cat "$SCRIPTDIR/mutatingwebhookconfiguration.yaml" | sed "s/\\\$CA_BUNDLE/$caBundle/g" | kubectl apply -f - - {{ else }} - echo "Chart disabled, not creating secret and webhook" - {{ end }} - delete-cert.sh: | - #!/bin/bash - - set -x - - DIR="${BASH_SOURCE%/*}" - if [[ ! -d "$DIR" ]]; then DIR="$PWD"; fi - if [[ "$DIR" = "." ]]; then DIR="$PWD"; fi - - cd "$DIR" - - # Using detection of deployment hee to also make this work in post-delete. - if kubectl get deployments "{{ include "http-header-injector.app.name" . }}" -n "{{ .Release.Namespace }}"; then - echo "Chart enabled, not removing secret and mutationwebhook" - exit 0 - else - echo "Chart disabled, removing secret and mutationwebhook" - fi - - # Create or update the secret - echo "Deleting secret" - kubectl delete secret "{{ include "http-header-injector.cert-secret.name" . }}" -n "{{ .Release.Namespace }}" - - echo "Applying mutationwebhook" - kubectl delete MutatingWebhookConfiguration "{{ include "http-header-injector.mutating-webhook.name" . }}" -n "{{ .Release.Namespace }}" - - exit 0 - - csr.conf: | - [ req ] - default_bits = 2048 - prompt = no - default_md = sha256 - req_extensions = req_ext - distinguished_name = dn - - [ dn ] - C = NL - ST = Utrecht - L = Hilversum - O = StackState - OU = Dev - CN = {{ include "http-header-injector.webhook-service.fqname" . }} - - [ req_ext ] - subjectAltName = @alt_names - - [ alt_names ] - DNS.1 = {{ include "http-header-injector.webhook-service.fqname" . }} - - [ v3_ext ] - authorityKeyIdentifier=keyid,issuer:always - basicConstraints=CA:FALSE - keyUsage=keyEncipherment,dataEncipherment - extendedKeyUsage=serverAuth - subjectAltName=@alt_names - - mutatingwebhookconfiguration.yaml: | - apiVersion: admissionregistration.k8s.io/v1 - kind: MutatingWebhookConfiguration - metadata: - name: "{{ include "http-header-injector.mutating-webhook.name" . }}" - namespace: "{{ .Release.Namespace }}" - webhooks: - - clientConfig: - caBundle: "$CA_BUNDLE" - service: - name: "{{ include "http-header-injector.webhook-service.name" . }}" - path: /mutate - namespace: {{ .Release.Namespace }} - port: 8443 - # Putting failure on ignore, not doing so can crash the entire control plane if something goes wrong with the service. - failurePolicy: "{{ .Values.webhook.failurePolicy }}" - name: "{{ include "http-header-injector.mutatingwebhookconfiguration.name" . }}" - namespaceSelector: - matchExpressions: - - key: kubernetes.io/metadata.name - operator: NotIn - values: - - kube-system - - cert-manager - - {{ .Release.Namespace }} - rules: - - apiGroups: - - "" - apiVersions: - - v1 - operations: - - CREATE - resources: - - pods - sideEffects: None - admissionReviewVersions: - - v1 -{{- end }} diff --git a/charts/stackstate/stackstate-k8s-agent/1.0.54/charts/http-header-injector/templates/cert-hook-job-delete.yaml b/charts/stackstate/stackstate-k8s-agent/1.0.54/charts/http-header-injector/templates/cert-hook-job-delete.yaml deleted file mode 100644 index 027d69b37..000000000 --- a/charts/stackstate/stackstate-k8s-agent/1.0.54/charts/http-header-injector/templates/cert-hook-job-delete.yaml +++ /dev/null @@ -1,42 +0,0 @@ -{{- if eq .Values.webhook.tls.mode "generated" }} -{{- $containerConfig := dict "ContainerConfig" .Values.certificatePrehook -}} -apiVersion: batch/v1 -kind: Job -metadata: - name: {{ .Release.Name }}-header-injector-cert-delete - labels: - app.kubernetes.io/component: http-header-injector-cert-hook-delete - app.kubernetes.io/instance: {{ .Release.Name }} - app.kubernetes.io/name: {{ include "http-header-injector.app.name" . }} - annotations: - "helm.sh/hook": post-delete,post-upgrade - "helm.sh/hook-weight": "-2" - "helm.sh/hook-delete-policy": before-hook-creation{{- if not .Values.debug -}},hook-succeeded{{- end }} -spec: - template: - metadata: - labels: - app.kubernetes.io/component: http-header-injector-delete - app.kubernetes.io/instance: {{ .Release.Name }} - app.kubernetes.io/name: {{ include "http-header-injector.app.name" . }} - annotations: - checksum/config: {{ include (print $.Template.BasePath "/cert-hook-config.yaml") . | sha256sum }} - spec: - serviceAccountName: "{{ include "http-header-injector.cert-serviceaccount.name" . }}" - {{- include "http-header-injector.image.pullSecrets" . | nindent 6 }} - volumes: - - name: "{{ include "http-header-injector.cert-config.name" . }}" - configMap: - name: "{{ include "http-header-injector.cert-config.name" . }}" - defaultMode: 0777 - containers: - - name: webhook-cert-delete - image: "{{ include "http-header-injector.image.registry" (merge $containerConfig .) }}/{{ .Values.certificatePrehook.image.repository }}:{{ .Values.certificatePrehook.image.tag }}" - imagePullPolicy: {{ .Values.certificatePrehook.image.pullPolicy }} - volumeMounts: - - name: "{{ include "http-header-injector.cert-config.name" . }}" - mountPath: /scripts - command: [ "/scripts/delete-cert.sh" ] - restartPolicy: Never - backoffLimit: 0 -{{- end }} diff --git a/charts/stackstate/stackstate-k8s-agent/1.0.54/charts/http-header-injector/templates/cert-hook-job-setup.yaml b/charts/stackstate/stackstate-k8s-agent/1.0.54/charts/http-header-injector/templates/cert-hook-job-setup.yaml deleted file mode 100644 index b8e310442..000000000 --- a/charts/stackstate/stackstate-k8s-agent/1.0.54/charts/http-header-injector/templates/cert-hook-job-setup.yaml +++ /dev/null @@ -1,43 +0,0 @@ -{{- if eq .Values.webhook.tls.mode "generated" }} -{{- $containerConfig := dict "ContainerConfig" .Values.certificatePrehook -}} -apiVersion: batch/v1 -kind: Job -metadata: - name: {{ .Release.Name }}-header-injector-cert-setup - labels: - app.kubernetes.io/component: http-header-injector-cert-hook-setup - app.kubernetes.io/instance: {{ .Release.Name }} - app.kubernetes.io/name: {{ include "http-header-injector.app.name" . }} - annotations: - "helm.sh/hook": pre-install,pre-upgrade - "helm.sh/hook-weight": "-2" - "helm.sh/hook-delete-policy": before-hook-creation{{- if not .Values.debug -}},hook-succeeded{{- end }} -spec: - template: - metadata: - labels: - app.kubernetes.io/component: http-header-injector-setup - app.kubernetes.io/instance: {{ .Release.Name }} - app.kubernetes.io/name: {{ include "http-header-injector.app.name" . }} - annotations: - checksum/config: {{ include (print $.Template.BasePath "/cert-hook-config.yaml") . | sha256sum }} - spec: - serviceAccountName: "{{ include "http-header-injector.cert-serviceaccount.name" . }}" - {{- include "http-header-injector.image.pullSecrets" . | nindent 6 }} - volumes: - - name: "{{ include "http-header-injector.cert-config.name" . }}" - configMap: - name: "{{ include "http-header-injector.cert-config.name" . }}" - defaultMode: 0777 - containers: - - name: webhook-cert-setup - image: "{{ include "http-header-injector.image.registry" (merge $containerConfig .) }}/{{ .Values.certificatePrehook.image.repository }}:{{ .Values.certificatePrehook.image.tag }}" - imagePullPolicy: {{ .Values.certificatePrehook.image.pullPolicy }} - volumeMounts: - - name: "{{ include "http-header-injector.cert-config.name" . }}" - mountPath: /scripts - readOnly: true - command: ["/scripts/generate-cert.sh"] - restartPolicy: Never - backoffLimit: 0 -{{- end }} diff --git a/charts/stackstate/stackstate-k8s-agent/1.0.54/charts/http-header-injector/templates/cert-hook-serviceaccount.yaml b/charts/stackstate/stackstate-k8s-agent/1.0.54/charts/http-header-injector/templates/cert-hook-serviceaccount.yaml deleted file mode 100644 index 4d6931b05..000000000 --- a/charts/stackstate/stackstate-k8s-agent/1.0.54/charts/http-header-injector/templates/cert-hook-serviceaccount.yaml +++ /dev/null @@ -1,16 +0,0 @@ -{{- if eq .Values.webhook.tls.mode "generated" }} -apiVersion: v1 -kind: ServiceAccount -metadata: - name: "{{ include "http-header-injector.cert-serviceaccount.name" . }}" - namespace: {{ .Release.Namespace }} - annotations: - "helm.sh/hook": pre-install,pre-upgrade,post-delete,post-upgrade - "helm.sh/hook-weight": "-4" - "helm.sh/hook-delete-policy": before-hook-creation,hook-succeeded - labels: - app.kubernetes.io/component: http-header-injector-cert-hook - app.kubernetes.io/instance: {{ .Release.Name }} - app.kubernetes.io/name: {{ include "http-header-injector.app.name" . }} - app: "{{ include "http-header-injector.app.name" . }}" -{{- end }} diff --git a/charts/stackstate/stackstate-k8s-agent/1.0.54/charts/http-header-injector/templates/pull-secret.yaml b/charts/stackstate/stackstate-k8s-agent/1.0.54/charts/http-header-injector/templates/pull-secret.yaml deleted file mode 100644 index 5dc48d931..000000000 --- a/charts/stackstate/stackstate-k8s-agent/1.0.54/charts/http-header-injector/templates/pull-secret.yaml +++ /dev/null @@ -1,29 +0,0 @@ -{{- $defaultRegistry := .Values.global.imageRegistry }} -{{- $top := . }} -{{- $registryAuthMap := dict }} - -{{- range $registry, $credentials := .Values.global.imagePullCredentials }} - {{- $registryAuthDocument := dict -}} - {{- $_ := set $registryAuthDocument "username" $credentials.username }} - {{- $_ := set $registryAuthDocument "password" $credentials.password }} - {{- $authMessage := printf "%s:%s" $registryAuthDocument.username $registryAuthDocument.password | b64enc }} - {{- $_ := set $registryAuthDocument "auth" $authMessage }} - {{- if eq $registry "default" }} - {{- $registryAuthMap := set $registryAuthMap (include "http-header-injector.image.registry.global" $top) $registryAuthDocument }} - {{ else }} - {{- $registryAuthMap := set $registryAuthMap $registry $registryAuthDocument }} - {{- end }} -{{- end }} -{{- $dockerAuthsDocuments := dict "auths" $registryAuthMap }} - -apiVersion: v1 -kind: Secret -metadata: - labels: - app.kubernetes.io/component: http-header-injector - app.kubernetes.io/instance: {{ .Release.Name }} - app.kubernetes.io/name: {{ include "http-header-injector.app.name" . }} - name: {{ include "http-header-injector.pull-secret.name" . }} -data: - .dockerconfigjson: {{ $dockerAuthsDocuments | toJson | b64enc | quote }} -type: kubernetes.io/dockerconfigjson \ No newline at end of file diff --git a/charts/stackstate/stackstate-k8s-agent/1.0.54/charts/http-header-injector/templates/webhook-cert-secret.yaml b/charts/stackstate/stackstate-k8s-agent/1.0.54/charts/http-header-injector/templates/webhook-cert-secret.yaml deleted file mode 100644 index ba7a216f2..000000000 --- a/charts/stackstate/stackstate-k8s-agent/1.0.54/charts/http-header-injector/templates/webhook-cert-secret.yaml +++ /dev/null @@ -1,15 +0,0 @@ -{{- if eq .Values.webhook.tls.mode "provided" }} -apiVersion: v1 -kind: Secret -metadata: - name: {{ include "http-header-injector.cert-secret.name" . }} - namespace: {{ .Release.Namespace }} - labels: - app.kubernetes.io/component: http-header-injector - app.kubernetes.io/instance: {{ .Release.Name }} - app.kubernetes.io/name: {{ include "http-header-injector.app.name" . }} -type: kubernetes.io/tls -data: - tls.crt: {{ .Values.webhook.tls.provided.crt | b64enc }} - tls.key: {{ .Values.webhook.tls.provided.key | b64enc }} -{{- end }} diff --git a/charts/stackstate/stackstate-k8s-agent/1.0.54/charts/http-header-injector/templates/webhook-certificate.yaml b/charts/stackstate/stackstate-k8s-agent/1.0.54/charts/http-header-injector/templates/webhook-certificate.yaml deleted file mode 100644 index 752132d44..000000000 --- a/charts/stackstate/stackstate-k8s-agent/1.0.54/charts/http-header-injector/templates/webhook-certificate.yaml +++ /dev/null @@ -1,20 +0,0 @@ -{{- if eq .Values.webhook.tls.mode "cert-manager" }} -apiVersion: cert-manager.io/v1 -kind: Certificate -metadata: - name: {{ include "http-header-injector.webhook-service.name" . }} - namespace: {{ include "cert-manager.certificate.namespace" . }} - labels: - app.kubernetes.io/component: http-header-injector - app.kubernetes.io/instance: {{ .Release.Name }} - app.kubernetes.io/name: {{ include "http-header-injector.app.name" . }} -spec: - secretName: {{ include "http-header-injector.cert-secret.name" . }} - issuerRef: - name: {{ .Values.webhook.tls.certManager.issuer }} - kind: {{ .Values.webhook.tls.certManager.issuerKind }} - dnsNames: - - "{{ include "http-header-injector.webhook-service.name" . }}" - - "{{ include "http-header-injector.webhook-service.name" . }}.{{ .Release.Namespace }}" - - "{{ include "http-header-injector.webhook-service.name" . }}.{{ .Release.Namespace }}.svc" -{{- end }} diff --git a/charts/stackstate/stackstate-k8s-agent/1.0.54/charts/http-header-injector/templates/webhook-config.yaml b/charts/stackstate/stackstate-k8s-agent/1.0.54/charts/http-header-injector/templates/webhook-config.yaml deleted file mode 100644 index f611a52e3..000000000 --- a/charts/stackstate/stackstate-k8s-agent/1.0.54/charts/http-header-injector/templates/webhook-config.yaml +++ /dev/null @@ -1,125 +0,0 @@ -{{- if .Values.enabled -}} -{{- $proxyContainerConfig := dict "ContainerConfig" .Values.proxy -}} -{{- $proxyInitContainerConfig := dict "ContainerConfig" .Values.proxyInit -}} -apiVersion: v1 -kind: ConfigMap -metadata: - labels: - app.kubernetes.io/component: http-header-injector - app.kubernetes.io/instance: {{ .Release.Name }} - app.kubernetes.io/name: {{ include "http-header-injector.app.name" . }} - name: {{ .Release.Name }}-http-header-injector-config -data: - sidecarconfig.yaml: | - initContainers: - - name: http-header-proxy-init - image: "{{ include "http-header-injector.image.registry" (merge $proxyInitContainerConfig .) }}/{{ .Values.proxyInit.image.repository }}:{{ .Values.proxyInit.image.tag }}" - imagePullPolicy: {{ .Values.proxyInit.image.pullPolicy }} - command: ["/init-iptables.sh"] - env: - - name: CHART_VERSION - value: "{{ .Chart.Version }}" - - name: PROXY_PORT - value: {% if index .Annotations "config.http-header-injector.stackstate.io/proxy-port" %}"{% index .Annotations "config.http-header-injector.stackstate.io/proxy-port" %}"{% else %}"7060"{% end %} - - name: PROXY_UID - value: {% if index .Annotations "config.http-header-injector.stackstate.io/proxy-uid" %}"{% index .Annotations "config.http-header-injector.stackstate.io/proxy-uid" %}"{% else %}"2103"{% end %} - - name: POD_HOST_NETWORK - value: {% .Spec.HostNetwork %} - {% if eq (index .Annotations "linkerd.io/inject") "enabled" %} - - name: LINKERD - value: true - # Reference: https://linkerd.io/2.13/reference/proxy-configuration/ - - name: LINKERD_PROXY_UID - value: {% if index .Annotations "config.linkerd.io/proxy-uid" %}"{% index .Annotations "config.linkerd.io/proxy-uid" %}"{% else %}"2102"{% end %} - # Due to https://github.com/linkerd/linkerd2/issues/10981 this is now not realy possible, still bringing in the code for future reference - - name: LINKERD_ADMIN_PORT - value: {% if index .Annotations "config.linkerd.io/admin-port" %}"{% index .Annotations "config.linkerd.io/admin-port" %}"{% else %}"4191"{% end %} - {% end %} - securityContext: - allowPrivilegeEscalation: false - capabilities: - add: - - NET_ADMIN - - NET_RAW - privileged: false - readOnlyRootFilesystem: true - runAsNonRoot: false - runAsUser: 0 - seccompProfile: - type: RuntimeDefault - volumeMounts: - # This is required for iptables to be able to run - - mountPath: /run - name: http-header-proxy-init-xtables-lock - - containers: - - name: http-header-proxy - image: "{{ include "http-header-injector.image.registry" (merge $proxyContainerConfig .) }}/{{ .Values.proxy.image.repository }}:{{ .Values.proxy.image.tag }}" - imagePullPolicy: {{ .Values.proxy.image.pullPolicy }} - env: - - name: CHART_VERSION - value: "{{ .Chart.Version }}" - - name: PORT - value: {% if index .Annotations "config.http-header-injector.stackstate.io/proxy-port" %}"{% index .Annotations "config.http-header-injector.stackstate.io/proxy-port" %}"{% else %}"7060"{% end %} - - name: DEBUG - value: {% if index .Annotations "config.http-header-injector.stackstate.io/debug" %}"{% index .Annotations "config.http-header-injector.stackstate.io/debug" %}"{% else %}"disabled"{% end %} - securityContext: - runAsUser: {% if index .Annotations "config.http-header-injector.stackstate.io/proxy-uid" %}{% index .Annotations "config.http-header-injector.stackstate.io/proxy-uid" %}{% else %}2103{% end %} - seccompProfile: - type: RuntimeDefault - {{- with .Values.proxy.resources }} - resources: - {{- toYaml . | nindent 12 }} - {{- end }} - - name: http-header-inject-debug - image: "{{ include "http-header-injector.image.registry" (merge $proxyContainerConfig .) }}/{{ .Values.proxyInit.image.repository }}:{{ .Values.proxyInit.image.tag }}" - imagePullPolicy: {{ .Values.proxyInit.image.pullPolicy }} - command: ["/bin/sh", "-c", "while echo \"Running\"; do sleep 1; done"] - securityContext: - allowPrivilegeEscalation: false - capabilities: - add: - - NET_ADMIN - - NET_RAW - privileged: false - readOnlyRootFilesystem: true - runAsNonRoot: false - runAsUser: 0 - seccompProfile: - type: RuntimeDefault - volumeMounts: - # This is required for iptables to be able to run - - mountPath: /run - name: http-header-proxy-init-xtables-lock - - volumes: - - emptyDir: {} - name: http-header-proxy-init-xtables-lock - - mutationconfig.yaml: | - mutationConfigs: - - name: "http-header-injector" - annotationNamespace: "http-header-injector.stackstate.io" - annotationTrigger: "inject" - annotationConfig: - volumeMounts: [] - initContainersBeforePodInitContainers: [ "http-header-proxy-init" ] - initContainers: [ "http-header-proxy-init" ] - containers: [ "http-header-proxy" ] - volumes: [ "http-header-proxy-init-xtables-lock" ] - volumeMounts: [ ] - # Namespaces are ignored by the mutatingwebhook - ignoreNamespaces: [ ] - - name: "http-header-injector-debug" - annotationNamespace: "http-header-injector-debug.stackstate.io" - annotationTrigger: "inject" - annotationConfig: - volumeMounts: [] - initContainersBeforePodInitContainers: [ ] - initContainers: [ ] - containers: [ "http-header-inject-debug" ] - volumes: [ "http-header-proxy-init-xtables-lock" ] - volumeMounts: [ ] - # Namespaces are ignored by the mutatingwebhook - ignoreNamespaces: [ ] - {{- end -}} \ No newline at end of file diff --git a/charts/stackstate/stackstate-k8s-agent/1.0.54/charts/http-header-injector/templates/webhook-deployment.yaml b/charts/stackstate/stackstate-k8s-agent/1.0.54/charts/http-header-injector/templates/webhook-deployment.yaml deleted file mode 100644 index e885d0e46..000000000 --- a/charts/stackstate/stackstate-k8s-agent/1.0.54/charts/http-header-injector/templates/webhook-deployment.yaml +++ /dev/null @@ -1,56 +0,0 @@ -{{- if .Values.enabled -}} -{{- $containerConfig := dict "ContainerConfig" .Values.sidecarInjector -}} -apiVersion: apps/v1 -kind: Deployment -metadata: - labels: - app.kubernetes.io/component: http-header-injector - app.kubernetes.io/instance: {{ .Release.Name }} - app.kubernetes.io/name: {{ include "http-header-injector.app.name" . }} - app: "{{ include "http-header-injector.app.name" . }}" - name: "{{ include "http-header-injector.app.name" . }}" -spec: - replicas: 1 - selector: - matchLabels: - app: "{{ include "http-header-injector.app.name" . }}" - template: - metadata: - labels: - app.kubernetes.io/component: http-header-injector - app.kubernetes.io/instance: {{ .Release.Name }} - app.kubernetes.io/name: {{ include "http-header-injector.app.name" . }} - app: "{{ include "http-header-injector.app.name" . }}" - annotations: - checksum/config: {{ include (print $.Template.BasePath "/webhook-config.yaml") . | sha256sum }} - # This is here to make sure the generic injector gets restarted and picks up a new secret that may have been generated upon upgrade. - revision: "{{ .Release.Revision }}" - name: "{{ include "http-header-injector.app.name" . }}" - spec: - {{- include "http-header-injector.image.pullSecrets" . | nindent 6 }} - volumes: - - name: "{{ include "http-header-injector.webhook-config.name" . }}" - configMap: - name: "{{ include "http-header-injector.webhook-config.name" . }}" - - name: "{{ include "http-header-injector.cert-secret.name" . }}" - secret: - secretName: "{{ include "http-header-injector.cert-secret.name" . }}" - containers: - - image: "{{ include "http-header-injector.image.registry" (merge $containerConfig .) }}/{{ .Values.sidecarInjector.image.repository }}:{{ .Values.sidecarInjector.image.tag }}" - imagePullPolicy: {{ .Values.sidecarInjector.image.pullPolicy }} - name: http-header-injector - volumeMounts: - - name: "{{ include "http-header-injector.webhook-config.name" . }}" - mountPath: /etc/webhook/config - readOnly: true - - name: "{{ include "http-header-injector.cert-secret.name" . }}" - mountPath: /etc/webhook/certs - readOnly: true - command: [ "/sidecarinjector" ] - args: - - --port=8443 - - --sidecar-config-file=/etc/webhook/config/sidecarconfig.yaml - - --mutation-config-file=/etc/webhook/config/mutationconfig.yaml - - --cert-file-path=/etc/webhook/certs/tls.crt - - --key-file-path=/etc/webhook/certs/tls.key -{{- end -}} \ No newline at end of file diff --git a/charts/stackstate/stackstate-k8s-agent/1.0.54/charts/http-header-injector/templates/webhook-mutatingwebhookconfiguration.yaml b/charts/stackstate/stackstate-k8s-agent/1.0.54/charts/http-header-injector/templates/webhook-mutatingwebhookconfiguration.yaml deleted file mode 100644 index 32d58afde..000000000 --- a/charts/stackstate/stackstate-k8s-agent/1.0.54/charts/http-header-injector/templates/webhook-mutatingwebhookconfiguration.yaml +++ /dev/null @@ -1,52 +0,0 @@ -{{- if not (eq .Values.webhook.tls.mode "generated") }} -apiVersion: admissionregistration.k8s.io/v1 -kind: MutatingWebhookConfiguration -metadata: - name: "{{ include "http-header-injector.mutating-webhook.name" . }}" - namespace: "{{ .Release.Namespace }}" - labels: - app.kubernetes.io/component: http-header-injector - app.kubernetes.io/instance: {{ .Release.Name }} - app.kubernetes.io/name: {{ include "http-header-injector.app.name" . }} - annotations: - {{- if eq .Values.webhook.tls.mode "cert-manager" }} - cert-manager.io/inject-ca-from: {{ include "cert-manager.certificate.namespace" . }}/{{ include "http-header-injector.webhook-service.name" . }} - {{- else if eq .Values.webhook.tls.mode "secret" }} - cert-manager.io/inject-ca-from-secret: {{ .Release.Namespace }}/{{ .Values.webhook.tls.secret.name | required "'webhook.tls.secret.name' is required when webhook.tls.mode is 'secret'" }} - {{- end }} -webhooks: - - clientConfig: - {{- if eq .Values.webhook.tls.mode "provided" }} - caBundle: "{{ .Values.webhook.tls.provided.caBundle | b64enc }}" - {{- else if or (eq .Values.webhook.tls.mode "cert-manager") (eq .Values.webhook.tls.mode "secret") }} - caBundle: "" - {{- end }} - service: - name: "{{ include "http-header-injector.webhook-service.name" . }}" - path: /mutate - namespace: {{ .Release.Namespace }} - port: 8443 - # Putting failure on ignore, not doing so can crash the entire control plane if something goes wrong with the service. - failurePolicy: "{{ .Values.webhook.failurePolicy }}" - name: "{{ include "http-header-injector.mutatingwebhookconfiguration.name" . }}" - namespaceSelector: - matchExpressions: - - key: kubernetes.io/metadata.name - operator: NotIn - values: - - kube-system - - cert-manager - - {{ .Release.Namespace }} - rules: - - apiGroups: - - "" - apiVersions: - - v1 - operations: - - CREATE - resources: - - pods - sideEffects: None - admissionReviewVersions: - - v1 -{{- end }} diff --git a/charts/stackstate/stackstate-k8s-agent/1.0.54/charts/http-header-injector/templates/webhook-service.yaml b/charts/stackstate/stackstate-k8s-agent/1.0.54/charts/http-header-injector/templates/webhook-service.yaml deleted file mode 100644 index 6936a5d23..000000000 --- a/charts/stackstate/stackstate-k8s-agent/1.0.54/charts/http-header-injector/templates/webhook-service.yaml +++ /dev/null @@ -1,17 +0,0 @@ -{{- if .Values.enabled -}} -apiVersion: v1 -kind: Service -metadata: - labels: - app.kubernetes.io/component: http-header-injector - app.kubernetes.io/instance: {{ .Release.Name }} - app.kubernetes.io/name: {{ include "http-header-injector.app.name" . }} - name: "{{ include "http-header-injector.webhook-service.name" . }}" -spec: - ports: - - port: 8443 - protocol: TCP - targetPort: 8443 - selector: - app: "{{ include "http-header-injector.app.name" . }}" -{{- end -}} diff --git a/charts/stackstate/stackstate-k8s-agent/1.0.54/charts/http-header-injector/values.yaml b/charts/stackstate/stackstate-k8s-agent/1.0.54/charts/http-header-injector/values.yaml deleted file mode 100644 index 236a8bb6a..000000000 --- a/charts/stackstate/stackstate-k8s-agent/1.0.54/charts/http-header-injector/values.yaml +++ /dev/null @@ -1,98 +0,0 @@ -# enabled -- Enable/disable the mutationwebhook -enabled: true - -# debug -- Enable debugging. This will leave leave artifacts around like the prehook jobs for further inspection -debug: false - -global: - # global.imageRegistry -- Globally override the image registry that is used. Can be overridden by specific containers. Defaults to quay.io - imageRegistry: null - # global.imagePullSecrets -- Globally add image pull secrets that are used. - imagePullSecrets: [] - # global.imagePullCredentials -- Globally define credentials for pulling images. - imagePullCredentials: {} - -images: - pullSecretName: - -# proxy -- Proxy being injected into pods for rewriting http headers -proxy: - image: - # proxy.image.registry -- Registry for the docker image. - registry: - # proxy.image.repository - Repository for the docker image - repository: "stackstate/http-header-injector-proxy" - # proxy.image.pullPolicy -- Policy when pulling an image - pullPolicy: IfNotPresent - # proxy.image.tag -- The tag for the docker image - tag: sha-5ff79451 - - # proxy.resource -- Resources for the proxy container - resources: - requests: - # proxy.resources.requests.memory -- Memory resource requests. - memory: "25Mi" - limits: - # proxy.resources.limits.memory -- Memory resource limits. - memory: "40Mi" - -# proxyInit -- InitContainer within pod which redirects traffic to the proxy container. -proxyInit: - image: - # proxyInit.image.registry -- Registry for the docker image - registry: - # proxyInit.image.repository - Repository for the docker image - repository: "stackstate/http-header-injector-proxy-init" - # proxyInit.image.pullPolicy -- Policy when pulling an image - pullPolicy: IfNotPresent - # proxyInit.image.tag -- The tag for the docker image - tag: sha-5ff79451 - -# sidecarInjector -- Service for injecting the proxy sidecar into pods -sidecarInjector: - image: - # sidecarInjector.image.registry -- Registry for the docker image. - registry: - # sidecarInjector.image.repository - Repository for the docker image - repository: "stackstate/generic-sidecar-injector" - # sidecarInjector.image.pullPolicy -- Policy when pulling an image - pullPolicy: IfNotPresent - # sidecarInjector.image.tag -- The tag for the docker image - tag: sha-9c852245 - -# certificatePrehook -- Helm prehook to setup/remove a certificate for the sidecarInjector mutationwebhook -certificatePrehook: - image: - # certificatePrehook.image.registry -- Registry for the docker image. - registry: - # certificatePrehook.image.repository - Repository for the docker image. - repository: stackstate/container-tools - # certificatePrehook.image.pullPolicy -- Policy when pulling an image - pullPolicy: IfNotPresent - # certificatePrehook.image.tag -- The tag for the docker image - tag: 1.1.8 - -# webhook -- MutationWebhook that will be installed to inject a sidecar into pods -webhook: - # webhook.failurePolicy -- How should the webhook fail? Best is to use Ignore, because there is a brief moment at initialization when the hook s there but the service not. Also, putting this to fail can cause the control plane be unresponsive. - failurePolicy: Ignore - tls: - # webhook.tls.mode -- The mode for the webhook. Can be "provided", "generated", "secret" or "cert-manager". If you want to use cert-manager, you need to install it first. NOTE: If you choose "generated", additional privileges are required to create the certificate and webhook at runtime. - mode: "generated" - provided: - # webhook.tls.provided.caBundle -- The caBundle that is used for the webhook. This is the certificate that is used to sign the webhook. Only used if you set webhook.tls.mode to "provided". - caBundle: "" - # webhook.tls.provided.crt -- The certificate that is used for the webhook. Only used if you set webhook.tls.mode to "provided". - crt: "" - # webhook.tls.provided.key -- The key that is used for the webhook. Only used if you set webhook.tls.mode to "provided". - key: "" - certManager: - # webhook.tls.certManager.issuer -- The issuer that is used for the webhook. Only used if you set webhook.tls.mode to "cert-manager". - issuer: "" - # webhook.tls.certManager.issuerKind -- The issuer kind that is used for the webhook, valid values are "Issuer" or "ClusterIssuer". Only used if you set webhook.tls.mode to "cert-manager". - issuerKind: "ClusterIssuer" - # webhook.tls.certManager.issuerNamespace -- The namespace the cert-manager issuer is located in. If left empty defaults to the release's namespace that is used for the webhook. Only used if you set webhook.tls.mode to "cert-manager". - issuerNamespace: "" - secret: - # webhook.tls.secret.name -- The name of the secret containing the pre-provisioned certificate data that is used for the webhook. Only used if you set webhook.tls.mode to "secret". - name: "" diff --git a/charts/stackstate/stackstate-k8s-agent/1.0.54/questions.yml b/charts/stackstate/stackstate-k8s-agent/1.0.54/questions.yml deleted file mode 100644 index 5d6e6a011..000000000 --- a/charts/stackstate/stackstate-k8s-agent/1.0.54/questions.yml +++ /dev/null @@ -1,184 +0,0 @@ -questions: - - variable: stackstate.apiKey - label: "StackState API Key" - type: string - description: "The API key for StackState." - required: true - group: General - - variable: stackstate.url - label: "StackState URL" - type: string - description: "The URL where StackState is running." - required: true - group: General - - variable: stackstate.cluster.name - label: "StackState Cluster Name" - type: string - description: "The StackState Cluster Name given when installing the instance of the Kubernetes StackPack in StackState. This is used to identify the cluster in StackState." - required: true - group: General - - variable: all.registry.override - label: "Override Default Image Registry" - type: boolean - description: "Whether or not to override the default image registry." - default: false - group: "General" - show_subquestions_if: true - subquestions: - - variable: all.image.registry - label: "Docker Image Registry" - type: string - description: "The registry to pull the StackState Agent images from." - default: "quay.io" - - variable: global.imagePullCredentials.username - label: "Docker Image Pull Username" - type: string - description: "The username to use when pulling the StackState Agent images." - - variable: global.imagePullCredentials.password - label: "Docker Image Pull Password" - type: secret - description: "The password to use when pulling the StackState Agent images." - - variable: nodeAgent.containers.agent.resources.override - label: "Override Node Agent Resource Allocation" - type: boolean - description: "Whether or not to override the default resources." - default: "false" - group: "Node Agent" - show_subquestions_if: true - subquestions: - - variable: nodeAgent.containers.agent.resources.requests.cpu - label: "CPU Requests" - type: string - description: "The requested CPU for the Node Agent." - default: "20m" - - variable: nodeAgent.containers.agent.resources.requests.memory - label: "Memory Requests" - type: string - description: "The requested memory for the Node Agent." - default: "180Mi" - - variable: nodeAgent.containers.agent.resources.limits.cpu - label: "CPU Limit" - type: string - description: "The CPU limit for the Node Agent." - default: "270m" - - variable: nodeAgent.containers.agent.resources.limits.memory - label: "Memory Limit" - type: string - description: "The memory limit for the Node Agent." - default: "420Mi" - - variable: nodeAgent.containers.processAgent.enabled - label: "Enable Process Agent" - type: boolean - description: "Whether or not to enable the Process Agent." - default: "true" - group: "Process Agent" - - variable: nodeAgent.skipKubeletTLSVerify - label: "Skip Kubelet TLS Verify" - type: boolean - description: "Whether or not to skip TLS verification when connecting to the kubelet API." - default: "true" - group: "Process Agent" - - variable: nodeAgent.containers.processAgent.resources.override - label: "Override Process Agent Resource Allocation" - type: boolean - description: "Whether or not to override the default resources." - default: "false" - group: "Process Agent" - show_subquestions_if: true - subquestions: - - variable: nodeAgent.containers.processAgent.resources.requests.cpu - label: "CPU Requests" - type: string - description: "The requested CPU for the Process Agent." - default: "25m" - - variable: nodeAgent.containers.processAgent.resources.requests.memory - label: "Memory Requests" - type: string - description: "The requested memory for the Process Agent." - default: "128Mi" - - variable: nodeAgent.containers.processAgent.resources.limits.cpu - label: "CPU Limit" - type: string - description: "The CPU limit for the Process Agent." - default: "125m" - - variable: nodeAgent.containers.processAgent.resources.limits.memory - label: "Memory Limit" - type: string - description: "The memory limit for the Process Agent." - default: "400Mi" - - variable: clusterAgent.enabled - label: "Enable Cluster Agent" - type: boolean - description: "Whether or not to enable the Cluster Agent." - default: "true" - group: "Cluster Agent" - - variable: clusterAgent.collection.kubernetesResources.secrets - label: "Collect Secret Resources" - type: boolean - description: | - Whether or not to collect Kubernetes Secrets. - NOTE: StackState will not send the actual data of the secrets, only the metadata and a secure hash of the data. - default: "true" - group: "Cluster Agent" - - variable: clusterAgent.resources.override - label: "Override Cluster Agent Resource Allocation" - type: boolean - description: "Whether or not to override the default resources." - default: "false" - group: "Cluster Agent" - show_subquestions_if: true - subquestions: - - variable: clusterAgent.resources.requests.cpu - label: "CPU Requests" - type: string - description: "The requested CPU for the Cluster Agent." - default: "70m" - - variable: clusterAgent.resources.requests.memory - label: "Memory Requests" - type: string - description: "The requested memory for the Cluster Agent." - default: "512Mi" - - variable: clusterAgent.resources.limits.cpu - label: "CPU Limit" - type: string - description: "The CPU limit for the Cluster Agent." - default: "400m" - - variable: clusterAgent.resources.limits.memory - label: "Memory Limit" - type: string - description: "The memory limit for the Cluster Agent." - default: "800Mi" - - variable: logsAgent.enabled - label: "Enable Logs Agent" - type: boolean - description: "Whether or not to enable the Logs Agent." - default: "true" - group: "Logs Agent" - - variable: logsAgent.resources.override - label: "Override Logs Agent Resource Allocation" - type: boolean - description: "Whether or not to override the default resources." - default: "false" - group: "Logs Agent" - show_subquestions_if: true - subquestions: - - variable: logsAgent.resources.requests.cpu - label: "CPU Requests" - type: string - description: "The requested CPU for the Logs Agent." - default: "20m" - - variable: logsAgent.resources.requests.memory - label: "Memory Requests" - type: string - description: "The requested memory for the Logs Agent." - default: "100Mi" - - variable: logsAgent.resources.limits.cpu - label: "CPU Limit" - type: string - description: "The CPU limit for the Logs Agent." - default: "1300m" - - variable: logsAgent.resources.limits.memory - label: "Memory Limit" - type: string - description: "The memory limit for the Logs Agent." - default: "192Mi" diff --git a/charts/stackstate/stackstate-k8s-agent/1.0.54/templates/_cluster-agent-kube-state-metrics.yaml b/charts/stackstate/stackstate-k8s-agent/1.0.54/templates/_cluster-agent-kube-state-metrics.yaml deleted file mode 100644 index f99fbf618..000000000 --- a/charts/stackstate/stackstate-k8s-agent/1.0.54/templates/_cluster-agent-kube-state-metrics.yaml +++ /dev/null @@ -1,62 +0,0 @@ -{{- define "cluster-agent-kube-state-metrics" -}} -{{- $kubeRes := .Values.clusterAgent.collection.kubernetesResources }} -{{- if .Values.clusterAgent.collection.kubeStateMetrics.clusterCheck }} -cluster_check: true -{{- end }} -init_config: -instances: - - collectors: - - nodes - - pods - - services - {{- if $kubeRes.persistentvolumeclaims }} - - persistentvolumeclaims - {{- end }} - {{- if $kubeRes.persistentvolumes }} - - persistentvolumes - {{- end }} - {{- if $kubeRes.namespaces }} - - namespaces - {{- end }} - {{- if $kubeRes.endpoints }} - - endpoints - {{- end }} - {{- if $kubeRes.daemonsets }} - - daemonsets - {{- end }} - {{- if $kubeRes.deployments }} - - deployments - {{- end }} - {{- if $kubeRes.replicasets }} - - replicasets - {{- end }} - {{- if $kubeRes.statefulsets }} - - statefulsets - {{- end }} - {{- if $kubeRes.cronjobs }} - - cronjobs - {{- end }} - {{- if $kubeRes.jobs }} - - jobs - {{- end }} - {{- if $kubeRes.ingresses }} - - ingresses - {{- end }} - {{- if $kubeRes.secrets }} - - secrets - {{- end }} - - resourcequotas - - replicationcontrollers - - limitranges - - horizontalpodautoscalers - - poddisruptionbudgets - - storageclasses - - volumeattachments - {{- if .Values.clusterAgent.collection.kubeStateMetrics.clusterCheck }} - skip_leader_election: true - {{- end }} - labels_as_tags: - {{ .Values.clusterAgent.collection.kubeStateMetrics.labelsAsTags | toYaml | indent 8 }} - annotations_as_tags: - {{ .Values.clusterAgent.collection.kubeStateMetrics.annotationsAsTags | toYaml | indent 8 }} -{{- end -}} diff --git a/charts/stackstate/stackstate-k8s-agent/1.0.54/templates/_container-agent.yaml b/charts/stackstate/stackstate-k8s-agent/1.0.54/templates/_container-agent.yaml deleted file mode 100644 index 033ca11ec..000000000 --- a/charts/stackstate/stackstate-k8s-agent/1.0.54/templates/_container-agent.yaml +++ /dev/null @@ -1,192 +0,0 @@ -{{- define "container-agent" -}} -- name: node-agent -{{- if .Values.all.hardening.enabled}} - lifecycle: - preStop: - exec: - command: [ "/bin/sh", "-c", "echo 'Giving slim.ai monitor time to submit data...'; sleep 120" ] -{{- end }} - image: "{{ include "stackstate-k8s-agent.imageRegistry" . }}/{{ .Values.nodeAgent.containers.agent.image.repository }}:{{ .Values.nodeAgent.containers.agent.image.tag }}" - imagePullPolicy: "{{ .Values.nodeAgent.containers.agent.image.pullPolicy }}" - env: - - name: STS_API_KEY - valueFrom: - secretKeyRef: - name: {{ include "stackstate-k8s-agent.fullname" . }} - key: sts-api-key - - name: STS_KUBERNETES_KUBELET_HOST - valueFrom: - fieldRef: - fieldPath: status.hostIP - - name: KUBERNETES_HOSTNAME - valueFrom: - fieldRef: - fieldPath: spec.nodeName - - name: STS_HOSTNAME - value: "$(KUBERNETES_HOSTNAME)-{{ .Values.stackstate.cluster.name}}" - - name: AGENT_VERSION - value: {{ .Values.nodeAgent.containers.agent.image.tag | quote }} - - name: HOST_PROC - value: "/host/proc" - - name: HOST_SYS - value: "/host/sys" - - name: KUBERNETES - value: "true" - - name: STS_APM_ENABLED - value: {{ .Values.nodeAgent.apm.enabled | quote }} - - name: STS_APM_URL - value: {{ include "stackstate-k8s-agent.stackstate.url" . }} - - name: STS_CLUSTER_AGENT_ENABLED - value: {{ .Values.clusterAgent.enabled | quote }} - {{- if .Values.clusterAgent.enabled }} - - name: STS_CLUSTER_AGENT_KUBERNETES_SERVICE_NAME - value: {{ .Release.Name }}-cluster-agent - - name: STS_CLUSTER_AGENT_AUTH_TOKEN - valueFrom: - secretKeyRef: - name: {{ include "stackstate-k8s-agent.fullname" . }} - key: sts-cluster-auth-token - {{- end }} - - name: STS_CLUSTER_NAME - value: {{ .Values.stackstate.cluster.name | quote }} - - name: STS_SKIP_VALIDATE_CLUSTERNAME - value: "true" - - name: STS_CHECKS_TAG_CARDINALITY - value: {{ .Values.nodeAgent.checksTagCardinality | quote }} - {{- if .Values.checksAgent.enabled }} - - name: STS_EXTRA_CONFIG_PROVIDERS - value: "endpointschecks" - {{- end }} - - name: STS_HEALTH_PORT - value: "5555" - - name: STS_LEADER_ELECTION - value: "false" - - name: LOG_LEVEL - value: {{ .Values.nodeAgent.containers.agent.logLevel | default .Values.nodeAgent.logLevel | quote }} - - name: STS_LOG_LEVEL - value: {{ .Values.nodeAgent.containers.agent.logLevel | default .Values.nodeAgent.logLevel | quote }} - - name: STS_NETWORK_TRACING_ENABLED - value: {{ .Values.nodeAgent.networkTracing.enabled | quote }} - - name: STS_PROTOCOL_INSPECTION_ENABLED - value: {{ .Values.nodeAgent.protocolInspection.enabled | quote }} - - name: STS_PROCESS_AGENT_ENABLED - value: {{ .Values.nodeAgent.containers.agent.processAgent.enabled | quote }} - - name: STS_CONTAINER_CHECK_INTERVAL - value: {{ .Values.processAgent.checkIntervals.container | quote }} - - name: STS_CONNECTION_CHECK_INTERVAL - value: {{ .Values.processAgent.checkIntervals.connections | quote }} - - name: STS_PROCESS_CHECK_INTERVAL - value: {{ .Values.processAgent.checkIntervals.process | quote }} - - name: STS_PROCESS_AGENT_URL - value: {{ include "stackstate-k8s-agent.stackstate.url" . }} - - name: STS_SKIP_SSL_VALIDATION - value: {{ .Values.nodeAgent.skipSslValidation | quote }} - - name: STS_SKIP_KUBELET_TLS_VERIFY - value: {{ .Values.nodeAgent.skipKubeletTLSVerify | quote }} - - name: STS_STS_URL - value: {{ include "stackstate-k8s-agent.stackstate.url" . }} - {{- if .Values.nodeAgent.containerRuntime.customSocketPath }} - - name: STS_CRI_SOCKET_PATH - value: {{ .Values.nodeAgent.containerRuntime.customSocketPath }} - {{- end }} - {{- range $key, $value := .Values.nodeAgent.containers.agent.env }} - - name: {{ $key }} - value: {{ $value | quote }} - {{- end }} - {{- range $key, $value := .Values.global.extraEnv.open }} - - name: {{ $key }} - value: {{ $value | quote }} - {{- end }} - {{- range $key, $value := .Values.global.extraEnv.secret }} - - name: {{ $key }} - valueFrom: - secretKeyRef: - name: {{ include "stackstate-k8s-agent.fullname" . }} - key: {{ $key }} - {{- end }} - {{- if .Values.nodeAgent.containers.agent.livenessProbe.enabled }} - livenessProbe: - httpGet: - path: /health - port: healthport - failureThreshold: {{ .Values.nodeAgent.containers.agent.livenessProbe.failureThreshold }} - initialDelaySeconds: {{ .Values.nodeAgent.containers.agent.livenessProbe.initialDelaySeconds }} - periodSeconds: {{ .Values.nodeAgent.containers.agent.livenessProbe.periodSeconds }} - successThreshold: {{ .Values.nodeAgent.containers.agent.livenessProbe.successThreshold }} - timeoutSeconds: {{ .Values.nodeAgent.containers.agent.livenessProbe.timeoutSeconds }} - {{- end }} - {{- if .Values.nodeAgent.containers.agent.readinessProbe.enabled }} - readinessProbe: - httpGet: - path: /health - port: healthport - failureThreshold: {{ .Values.nodeAgent.containers.agent.readinessProbe.failureThreshold }} - initialDelaySeconds: {{ .Values.nodeAgent.containers.agent.readinessProbe.initialDelaySeconds }} - periodSeconds: {{ .Values.nodeAgent.containers.agent.readinessProbe.periodSeconds }} - successThreshold: {{ .Values.nodeAgent.containers.agent.readinessProbe.successThreshold }} - timeoutSeconds: {{ .Values.nodeAgent.containers.agent.readinessProbe.timeoutSeconds }} - {{- end }} - ports: - - containerPort: 8126 - name: traceport - protocol: TCP - - containerPort: 5555 - name: healthport - protocol: TCP - {{- with .Values.nodeAgent.containers.agent.resources }} - resources: - {{- toYaml . | nindent 12 }} - {{- end }} - volumeMounts: - {{- if .Values.nodeAgent.containerRuntime.customSocketPath }} - - name: customcrisocket - mountPath: {{ .Values.nodeAgent.containerRuntime.customSocketPath }} - readOnly: true - {{- end }} - - name: crisocket - mountPath: /var/run/crio/crio.sock - readOnly: true - - name: containerdsocket - mountPath: /var/run/containerd/containerd.sock - readOnly: true - - name: kubelet - mountPath: /var/lib/kubelet - readOnly: true - - name: nfs - mountPath: /var/lib/nfs - readOnly: true - - name: dockersocket - mountPath: /var/run/docker.sock - readOnly: true - - name: dockernetns - mountPath: /run/docker/netns - readOnly: true - - name: dockeroverlay2 - mountPath: /var/lib/docker/overlay2 - readOnly: true - - name: procdir - mountPath: /host/proc - readOnly: true - - name: cgroups - mountPath: /host/sys/fs/cgroup - readOnly: true - {{- if .Values.nodeAgent.config.override }} - {{- range .Values.nodeAgent.config.override }} - - name: config-override-volume - mountPath: {{ .path }}/{{ .name }} - subPath: {{ .path | replace "/" "_"}}_{{ .name }} - readOnly: true - {{- end }} - {{- end }} -{{- if .Values.all.hardening.enabled}} - securityContext: - privileged: true - runAsUser: 0 # root - capabilities: - add: [ "ALL" ] - readOnlyRootFilesystem: false -{{- else }} - securityContext: - privileged: false -{{- end }} -{{- end -}} diff --git a/charts/stackstate/stackstate-k8s-agent/1.0.54/templates/_container-process-agent.yaml b/charts/stackstate/stackstate-k8s-agent/1.0.54/templates/_container-process-agent.yaml deleted file mode 100644 index 345484161..000000000 --- a/charts/stackstate/stackstate-k8s-agent/1.0.54/templates/_container-process-agent.yaml +++ /dev/null @@ -1,154 +0,0 @@ -{{- define "container-process-agent" -}} -- name: process-agent -{{ if .Values.nodeAgent.containers.processAgent.image.registry }} - image: "{{ .Values.nodeAgent.containers.processAgent.image.registry }}/{{ .Values.nodeAgent.containers.processAgent.image.repository }}:{{ .Values.nodeAgent.containers.processAgent.image.tag }}" -{{ else }} - image: "{{ include "stackstate-k8s-agent.imageRegistry" . }}/{{ .Values.nodeAgent.containers.processAgent.image.repository }}:{{ .Values.nodeAgent.containers.processAgent.image.tag }}" -{{- end }} - imagePullPolicy: "{{ .Values.nodeAgent.containers.processAgent.image.pullPolicy }}" - ports: - - containerPort: 6063 - env: - - name: STS_API_KEY - valueFrom: - secretKeyRef: - name: {{ include "stackstate-k8s-agent.fullname" . }} - key: sts-api-key - - name: STS_KUBERNETES_KUBELET_HOST - valueFrom: - fieldRef: - fieldPath: status.hostIP - - name: KUBERNETES_HOSTNAME - valueFrom: - fieldRef: - fieldPath: spec.nodeName - - name: STS_HOSTNAME - value: "$(KUBERNETES_HOSTNAME)-{{ .Values.stackstate.cluster.name}}" - - name: AGENT_VERSION - value: {{ .Values.nodeAgent.containers.processAgent.image.tag | quote }} - - name: STS_LOG_TO_CONSOLE - value: "true" - - name: HOST_PROC - value: "/host/proc" - - name: HOST_SYS - value: "/host/sys" - - name: KUBERNETES - value: "true" - - name: STS_CLUSTER_AGENT_ENABLED - value: {{ .Values.clusterAgent.enabled | quote }} - {{- if .Values.clusterAgent.enabled }} - - name: STS_CLUSTER_AGENT_KUBERNETES_SERVICE_NAME - value: {{ .Release.Name }}-cluster-agent - - name: STS_CLUSTER_AGENT_AUTH_TOKEN - valueFrom: - secretKeyRef: - name: {{ include "stackstate-k8s-agent.fullname" . }} - key: sts-cluster-auth-token - {{- end }} - - name: STS_CLUSTER_NAME - value: {{ .Values.stackstate.cluster.name | quote }} - - name: STS_SKIP_VALIDATE_CLUSTERNAME - value: "true" - - name: LOG_LEVEL - value: {{ .Values.nodeAgent.containers.processAgent.logLevel | default .Values.nodeAgent.logLevel | quote }} - - name: STS_LOG_LEVEL - value: {{ .Values.nodeAgent.containers.processAgent.logLevel | default .Values.nodeAgent.logLevel | quote }} - - name: STS_NETWORK_TRACING_ENABLED - value: {{ .Values.nodeAgent.networkTracing.enabled | quote }} - - name: STS_PROTOCOL_INSPECTION_ENABLED - value: {{ .Values.nodeAgent.protocolInspection.enabled | quote }} - - name: STS_PROCESS_AGENT_ENABLED - value: {{ .Values.nodeAgent.containers.processAgent.enabled | quote }} - - name: STS_CONTAINER_CHECK_INTERVAL - value: {{ .Values.processAgent.checkIntervals.container | quote }} - - name: STS_CONNECTION_CHECK_INTERVAL - value: {{ .Values.processAgent.checkIntervals.connections | quote }} - - name: STS_PROCESS_CHECK_INTERVAL - value: {{ .Values.processAgent.checkIntervals.process | quote }} - - name: GOMEMLIMIT - value: {{ .Values.processAgent.softMemoryLimit.goMemLimit | quote }} - - name: STS_HTTP_STATS_BUFFER_SIZE - value: {{ .Values.processAgent.softMemoryLimit.httpStatsBufferSize | quote }} - - name: STS_HTTP_OBSERVATIONS_BUFFER_SIZE - value: {{ .Values.processAgent.softMemoryLimit.httpObservationsBufferSize | quote }} - - name: STS_PROCESS_AGENT_URL - value: {{ include "stackstate-k8s-agent.stackstate.url" . }} - - name: STS_SKIP_SSL_VALIDATION - value: {{ .Values.nodeAgent.skipSslValidation | quote }} - - name: STS_SKIP_KUBELET_TLS_VERIFY - value: {{ .Values.nodeAgent.skipKubeletTLSVerify | quote }} - - name: STS_STS_URL - value: {{ include "stackstate-k8s-agent.stackstate.url" . }} - - name: STS_HTTP_TRACING_ENABLED - value: {{ .Values.nodeAgent.httpTracing.enabled | quote }} - {{- if .Values.nodeAgent.containerRuntime.customSocketPath }} - - name: STS_CRI_SOCKET_PATH - value: {{ .Values.nodeAgent.containerRuntime.customSocketPath }} - {{- end }} - {{- range $key, $value := .Values.nodeAgent.containers.processAgent.env }} - - name: {{ $key }} - value: {{ $value | quote }} - {{- end }} - {{- range $key, $value := .Values.global.extraEnv.open }} - - name: {{ $key }} - value: {{ $value | quote }} - {{- end }} - {{- range $key, $value := .Values.global.extraEnv.secret }} - - name: {{ $key }} - valueFrom: - secretKeyRef: - name: {{ include "stackstate-k8s-agent.fullname" . }} - key: {{ $key }} - {{- end }} - {{- with .Values.nodeAgent.containers.processAgent.resources }} - resources: - {{- toYaml . | nindent 12 }} - {{- end }} - volumeMounts: - {{- if .Values.nodeAgent.containerRuntime.customSocketPath }} - - name: customcrisocket - mountPath: {{ .Values.nodeAgent.containerRuntime.customSocketPath }} - readOnly: true - {{- end }} - - name: crisocket - mountPath: /var/run/crio/crio.sock - readOnly: true - - name: containerdsocket - mountPath: /var/run/containerd/containerd.sock - readOnly: true - - name: sys-kernel-debug - mountPath: /sys/kernel/debug - # Having sys-kernel-debug as read only breaks specific monitors from receiving metrics - # readOnly: true - - name: dockersocket - mountPath: /var/run/docker.sock - readOnly: true - - name: procdir - mountPath: /host/proc - readOnly: true - - name: passwd - mountPath: /etc/passwd - readOnly: true - - name: cgroups - mountPath: /host/sys/fs/cgroup - readOnly: true - {{- if .Values.nodeAgent.config.override }} - {{- range .Values.nodeAgent.config.override }} - - name: config-override-volume - mountPath: {{ .path }}/{{ .name }} - subPath: {{ .path | replace "/" "_"}}_{{ .name }} - readOnly: true - {{- end }} - {{- end }} -{{- if .Values.all.hardening.enabled}} - securityContext: - privileged: true - runAsUser: 0 # root - capabilities: - add: [ "ALL" ] - readOnlyRootFilesystem: false -{{- else }} - securityContext: - privileged: true -{{- end }} -{{- end -}} diff --git a/charts/stackstate/stackstate-k8s-agent/1.0.54/templates/_helpers.tpl b/charts/stackstate/stackstate-k8s-agent/1.0.54/templates/_helpers.tpl deleted file mode 100644 index 09a27fd6e..000000000 --- a/charts/stackstate/stackstate-k8s-agent/1.0.54/templates/_helpers.tpl +++ /dev/null @@ -1,175 +0,0 @@ -{{/* vim: set filetype=mustache: */}} -{{/* -Expand the name of the chart. -*/}} -{{- define "stackstate-k8s-agent.name" -}} -{{- default .Chart.Name .Values.nameOverride | trunc 63 | trimSuffix "-" -}} -{{- end -}} - -{{/* -Create a default fully qualified app name. -We truncate at 63 chars because some Kubernetes name fields are limited to this (by the DNS naming spec). -If release name contains chart name it will be used as a full name. -*/}} -{{- define "stackstate-k8s-agent.fullname" -}} -{{- if .Values.fullnameOverride -}} -{{- .Values.fullnameOverride | trunc 63 | trimSuffix "-" -}} -{{- else -}} -{{- $name := default .Chart.Name .Values.nameOverride -}} -{{- if contains $name .Release.Name -}} -{{- .Release.Name | trunc 63 | trimSuffix "-" -}} -{{- else -}} -{{- printf "%s-%s" .Release.Name $name | trunc 63 | trimSuffix "-" -}} -{{- end -}} -{{- end -}} -{{- end -}} - -{{/* -Create chart name and version as used by the chart label. -*/}} -{{- define "stackstate-k8s-agent.chart" -}} -{{- printf "%s-%s" .Chart.Name .Chart.Version | replace "+" "_" | trunc 63 | trimSuffix "-" -}} -{{- end -}} - -{{/* -Common labels -*/}} -{{- define "stackstate-k8s-agent.labels" -}} -app.kubernetes.io/name: {{ include "stackstate-k8s-agent.name" . }} -helm.sh/chart: {{ include "stackstate-k8s-agent.chart" . }} -app.kubernetes.io/instance: {{ .Release.Name }} -{{- if .Chart.AppVersion }} -app.kubernetes.io/version: {{ .Chart.AppVersion | quote }} -{{- end }} -app.kubernetes.io/managed-by: {{ .Release.Service }} -{{- end -}} - -{{/* -Cluster agent checksum annotations -*/}} -{{- define "stackstate-k8s-agent.checksum-configs" }} -checksum/secret: {{ include (print $.Template.BasePath "/secret.yaml") . | sha256sum }} -{{- end }} - -{{/* -StackState URL function -*/}} -{{- define "stackstate-k8s-agent.stackstate.url" -}} -{{ tpl .Values.stackstate.url . | quote }} -{{- end }} - -{{- define "stackstate-k8s-agent.configmap.override.checksum" -}} -{{- if .Values.clusterAgent.config.override }} -checksum/override-configmap: {{ include (print $.Template.BasePath "/cluster-agent-configmap.yaml") . | sha256sum }} -{{- end }} -{{- end }} - -{{- define "stackstate-k8s-agent.nodeAgent.configmap.override.checksum" -}} -{{- if .Values.nodeAgent.config.override }} -checksum/override-configmap: {{ include (print $.Template.BasePath "/node-agent-configmap.yaml") . | sha256sum }} -{{- end }} -{{- end }} - -{{- define "stackstate-k8s-agent.logsAgent.configmap.override.checksum" -}} -checksum/override-configmap: {{ include (print $.Template.BasePath "/logs-agent-configmap.yaml") . | sha256sum }} -{{- end }} - -{{- define "stackstate-k8s-agent.checksAgent.configmap.override.checksum" -}} -{{- if .Values.checksAgent.config.override }} -checksum/override-configmap: {{ include (print $.Template.BasePath "/checks-agent-configmap.yaml") . | sha256sum }} -{{- end }} -{{- end }} - - -{{/* -Return the image registry -*/}} -{{- define "stackstate-k8s-agent.imageRegistry" -}} - {{- if .Values.global }} - {{- .Values.global.imageRegistry | default .Values.all.image.registry -}} - {{- else -}} - {{- .Values.all.image.registry -}} - {{- end -}} -{{- end -}} - -{{/* -Renders a value that contains a template. -Usage: -{{ include "stackstate-k8s-agent.tplvalue.render" ( dict "value" .Values.path.to.the.Value "context" $) }} -*/}} -{{- define "stackstate-k8s-agent.tplvalue.render" -}} - {{- if typeIs "string" .value }} - {{- tpl .value .context }} - {{- else }} - {{- tpl (.value | toYaml) .context }} - {{- end }} -{{- end -}} - -{{- define "stackstate-k8s-agent.pull-secret.name" -}} -{{ include "stackstate-k8s-agent.fullname" . }}-pull-secret -{{- end -}} - -{{/* -Return the proper Docker Image Registry Secret Names evaluating values as templates -{{ include "stackstate-k8s-agent.image.pullSecrets" ( dict "images" (list .Values.path.to.the.image1, .Values.path.to.the.image2) "context" $) }} -*/}} -{{- define "stackstate-k8s-agent.image.pullSecrets" -}} - {{- $pullSecrets := list }} - {{- $context := .context }} - {{- if $context.Values.global }} - {{- range $context.Values.global.imagePullSecrets -}} - {{/* Is plain array of strings, compatible with all bitnami charts */}} - {{- $pullSecrets = append $pullSecrets (include "stackstate-k8s-agent.tplvalue.render" (dict "value" . "context" $context)) -}} - {{- end -}} - {{- end -}} - {{- range $context.Values.imagePullSecrets -}} - {{- $pullSecrets = append $pullSecrets (include "stackstate-k8s-agent.tplvalue.render" (dict "value" .name "context" $context)) -}} - {{- end -}} - {{- range .images -}} - {{- if .pullSecretName -}} - {{- $pullSecrets = append $pullSecrets (include "stackstate-k8s-agent.tplvalue.render" (dict "value" .pullSecretName "context" $context)) -}} - {{- end -}} - {{- end -}} - {{- $pullSecrets = append $pullSecrets (include "stackstate-k8s-agent.pull-secret.name" $context) -}} - {{- if (not (empty $pullSecrets)) -}} -imagePullSecrets: - {{- range $pullSecrets | uniq }} - - name: {{ . }} - {{- end }} - {{- end }} -{{- end -}} - -{{/* -Check whether the kubernetes-state-metrics configuration is overridden. If so, return 'true' else return nothing (which is false). -{{ include "stackstate-k8s-agent.kube-state-metrics.overridden" $ }} -*/}} -{{- define "stackstate-k8s-agent.kube-state-metrics.overridden" -}} -{{- if .Values.clusterAgent.config.override }} - {{- range $i, $val := .Values.clusterAgent.config.override }} - {{- if and (eq $val.name "conf.yaml") (eq $val.path "/etc/stackstate-agent/conf.d/kubernetes_state.d") }} -true - {{- end }} - {{- end }} -{{- end }} -{{- end -}} - -{{- define "stackstate-k8s-agent.nodeAgent.kube-state-metrics.overridden" -}} -{{- if .Values.nodeAgent.config.override }} - {{- range $i, $val := .Values.nodeAgent.config.override }} - {{- if and (eq $val.name "auto_conf.yaml") (eq $val.path "/etc/stackstate-agent/conf.d/kubernetes_state.d") }} -true - {{- end }} - {{- end }} -{{- end }} -{{- end -}} - -{{/* -Return the appropriate os label -*/}} -{{- define "label.os" -}} -{{- if semverCompare "^1.14-0" .Capabilities.KubeVersion.GitVersion -}} -kubernetes.io/os -{{- else -}} -beta.kubernetes.io/os -{{- end -}} -{{- end -}} diff --git a/charts/stackstate/stackstate-k8s-agent/1.0.54/templates/checks-agent-clusterrolebinding.yaml b/charts/stackstate/stackstate-k8s-agent/1.0.54/templates/checks-agent-clusterrolebinding.yaml deleted file mode 100644 index 9db8b0bc3..000000000 --- a/charts/stackstate/stackstate-k8s-agent/1.0.54/templates/checks-agent-clusterrolebinding.yaml +++ /dev/null @@ -1,18 +0,0 @@ -{{- if .Values.checksAgent.enabled }} -apiVersion: rbac.authorization.k8s.io/v1 -kind: ClusterRoleBinding -metadata: - name: {{ .Release.Name }}-checks-agent - labels: -{{ include "stackstate-k8s-agent.labels" . | indent 4 }} - app.kubernetes.io/component: checks-agent -roleRef: - apiGroup: rbac.authorization.k8s.io - kind: ClusterRole - name: {{ .Release.Name }}-node-agent -subjects: -- apiGroup: "" - kind: ServiceAccount - name: {{ .Release.Name }}-checks-agent - namespace: {{ .Release.Namespace }} -{{- end -}} diff --git a/charts/stackstate/stackstate-k8s-agent/1.0.54/templates/checks-agent-configmap.yaml b/charts/stackstate/stackstate-k8s-agent/1.0.54/templates/checks-agent-configmap.yaml deleted file mode 100644 index faeefa1fc..000000000 --- a/charts/stackstate/stackstate-k8s-agent/1.0.54/templates/checks-agent-configmap.yaml +++ /dev/null @@ -1,14 +0,0 @@ -{{- if and .Values.checksAgent.enabled .Values.checksAgent.config.override }} -apiVersion: v1 -kind: ConfigMap -metadata: - name: {{ .Release.Name }}-checks-agent - labels: -{{ include "stackstate-k8s-agent.labels" . | indent 4 }} - app.kubernetes.io/component: checks-agent -data: -{{- range .Values.checksAgent.config.override }} - {{ .path | replace "/" "_"}}_{{ .name }}: | -{{ .data | indent 4 -}} -{{- end -}} -{{- end -}} diff --git a/charts/stackstate/stackstate-k8s-agent/1.0.54/templates/checks-agent-deployment.yaml b/charts/stackstate/stackstate-k8s-agent/1.0.54/templates/checks-agent-deployment.yaml deleted file mode 100644 index 4530fc616..000000000 --- a/charts/stackstate/stackstate-k8s-agent/1.0.54/templates/checks-agent-deployment.yaml +++ /dev/null @@ -1,182 +0,0 @@ -{{- if .Values.checksAgent.enabled }} -apiVersion: apps/v1 -kind: Deployment -metadata: - name: {{ .Release.Name }}-checks-agent - namespace: {{ .Release.Namespace }} - labels: -{{ include "stackstate-k8s-agent.labels" . | indent 4 }} - app.kubernetes.io/component: checks-agent -spec: - selector: - matchLabels: - app.kubernetes.io/component: checks-agent - app.kubernetes.io/instance: {{ .Release.Name }} - app.kubernetes.io/name: {{ include "stackstate-k8s-agent.name" . }} - replicas: {{ .Values.checksAgent.replicas }} -{{- with .Values.checksAgent.strategy }} - strategy: - {{- toYaml . | nindent 4 }} -{{- end }} - template: - metadata: - annotations: - {{- include "stackstate-k8s-agent.checksum-configs" . | nindent 8 }} - {{- include "stackstate-k8s-agent.nodeAgent.configmap.override.checksum" . | nindent 8 }} - labels: - app.kubernetes.io/component: checks-agent - app.kubernetes.io/instance: {{ .Release.Name }} - app.kubernetes.io/name: {{ include "stackstate-k8s-agent.name" . }} - spec: - {{- include "stackstate-k8s-agent.image.pullSecrets" (dict "images" (list .Values.checksAgent.image .Values.all.image) "context" $) | nindent 6 }} - {{- if .Values.all.hardening.enabled}} - terminationGracePeriodSeconds: 240 - {{- end }} - containers: - - name: {{ .Chart.Name }} - image: "{{ include "stackstate-k8s-agent.imageRegistry" . }}/{{ .Values.checksAgent.image.repository }}:{{ .Values.checksAgent.image.tag }}" - imagePullPolicy: "{{ .Values.checksAgent.image.pullPolicy }}" - {{- if .Values.all.hardening.enabled}} - lifecycle: - preStop: - exec: - command: [ "/bin/sh", "-c", "echo 'Giving slim.ai monitor time to submit data...'; sleep 120" ] - {{- end }} - env: - - name: STS_API_KEY - valueFrom: - secretKeyRef: - name: {{ include "stackstate-k8s-agent.fullname" . }} - key: sts-api-key - - name: KUBERNETES_HOSTNAME - valueFrom: - fieldRef: - fieldPath: spec.nodeName - - name: STS_HOSTNAME - value: "$(KUBERNETES_HOSTNAME)-{{ .Values.stackstate.cluster.name}}" - - name: AGENT_VERSION - value: {{ .Values.checksAgent.image.tag | quote }} - - name: LOG_LEVEL - value: {{ .Values.checksAgent.logLevel | quote }} - - name: STS_APM_ENABLED - value: "false" - - name: STS_CLUSTER_AGENT_ENABLED - value: {{ .Values.clusterAgent.enabled | quote }} - {{- if .Values.clusterAgent.enabled }} - - name: STS_CLUSTER_AGENT_KUBERNETES_SERVICE_NAME - value: {{ .Release.Name }}-cluster-agent - - name: STS_CLUSTER_AGENT_AUTH_TOKEN - valueFrom: - secretKeyRef: - name: {{ include "stackstate-k8s-agent.fullname" . }} - key: sts-cluster-auth-token - {{- end }} - - name: STS_CLUSTER_NAME - value: {{ .Values.stackstate.cluster.name | quote }} - - name: STS_SKIP_VALIDATE_CLUSTERNAME - value: "true" - - name: STS_CHECKS_TAG_CARDINALITY - value: {{ .Values.checksAgent.checksTagCardinality | quote }} - - name: STS_EXTRA_CONFIG_PROVIDERS - value: "clusterchecks" - - name: STS_HEALTH_PORT - value: "5555" - - name: STS_LEADER_ELECTION - value: "false" - - name: STS_LOG_LEVEL - value: {{ .Values.checksAgent.logLevel | quote }} - - name: STS_NETWORK_TRACING_ENABLED - value: "false" - - name: STS_PROCESS_AGENT_ENABLED - value: "false" - - name: STS_SKIP_SSL_VALIDATION - value: {{ .Values.checksAgent.skipSslValidation | quote }} - - name: STS_STS_URL - value: {{ include "stackstate-k8s-agent.stackstate.url" . }} - {{- range $key, $value := .Values.global.extraEnv.open }} - - name: {{ $key }} - value: {{ $value | quote }} - {{- end }} - {{- range $key, $value := .Values.global.extraEnv.secret }} - - name: {{ $key }} - valueFrom: - secretKeyRef: - name: {{ include "stackstate-k8s-agent.fullname" . }} - key: {{ $key }} - {{- end }} - livenessProbe: - httpGet: - path: /health - port: healthport - failureThreshold: {{ .Values.checksAgent.livenessProbe.failureThreshold }} - initialDelaySeconds: {{ .Values.checksAgent.livenessProbe.initialDelaySeconds }} - periodSeconds: {{ .Values.checksAgent.livenessProbe.periodSeconds }} - successThreshold: {{ .Values.checksAgent.livenessProbe.successThreshold }} - timeoutSeconds: {{ .Values.checksAgent.livenessProbe.timeoutSeconds }} - readinessProbe: - httpGet: - path: /health - port: healthport - failureThreshold: {{ .Values.checksAgent.readinessProbe.failureThreshold }} - initialDelaySeconds: {{ .Values.checksAgent.readinessProbe.initialDelaySeconds }} - periodSeconds: {{ .Values.checksAgent.readinessProbe.periodSeconds }} - successThreshold: {{ .Values.checksAgent.readinessProbe.successThreshold }} - timeoutSeconds: {{ .Values.checksAgent.readinessProbe.timeoutSeconds }} - ports: - - containerPort: 5555 - name: healthport - protocol: TCP - {{- if .Values.all.hardening.enabled}} - securityContext: - privileged: true - runAsUser: 0 # root - capabilities: - add: [ "ALL" ] - readOnlyRootFilesystem: false - {{- else }} - securityContext: - privileged: false - {{- end }} - {{- with .Values.checksAgent.resources }} - resources: - {{- toYaml . | nindent 12 }} - {{- end }} - volumeMounts: - - name: confd-empty-volume - mountPath: /etc/stackstate-agent/conf.d -# setting as readOnly: false because we need the ability to write data on /etc/stackstate-agent/conf.d as we enable checks to run. - readOnly: false - {{- if .Values.checksAgent.config.override }} - {{- range .Values.checksAgent.config.override }} - - name: config-override-volume - mountPath: {{ .path }}/{{ .name }} - subPath: {{ .path | replace "/" "_"}}_{{ .name }} - readOnly: true - {{- end }} - {{- end }} - {{- if .Values.checksAgent.priorityClassName }} - priorityClassName: {{ .Values.checksAgent.priorityClassName }} - {{- end }} - serviceAccountName: {{ .Release.Name }}-checks-agent - nodeSelector: - {{ template "label.os" . }}: {{ .Values.targetSystem }} - {{- with .Values.checksAgent.nodeSelector }} - {{- toYaml . | nindent 8 }} - {{- end }} - {{- with .Values.checksAgent.affinity }} - affinity: - {{- toYaml . | nindent 8 }} - {{- end }} - {{- with .Values.checksAgent.tolerations }} - tolerations: - {{- toYaml . | nindent 8 }} - {{- end }} - volumes: - - name: confd-empty-volume - emptyDir: {} - {{- if .Values.checksAgent.config.override }} - - name: config-override-volume - configMap: - name: {{ .Release.Name }}-checks-agent - {{- end }} -{{- end -}} diff --git a/charts/stackstate/stackstate-k8s-agent/1.0.54/templates/checks-agent-poddisruptionbudget.yaml b/charts/stackstate/stackstate-k8s-agent/1.0.54/templates/checks-agent-poddisruptionbudget.yaml deleted file mode 100644 index 7a9f1d8f9..000000000 --- a/charts/stackstate/stackstate-k8s-agent/1.0.54/templates/checks-agent-poddisruptionbudget.yaml +++ /dev/null @@ -1,20 +0,0 @@ -{{- if .Values.checksAgent.enabled }} -{{- if .Capabilities.APIVersions.Has "policy/v1/PodDisruptionBudget" }} -apiVersion: policy/v1 -{{- else }} -apiVersion: policy/v1beta1 -{{- end }} -kind: PodDisruptionBudget -metadata: - name: {{ .Release.Name }}-checks-agent - labels: -{{ include "stackstate-k8s-agent.labels" . | indent 4 }} - app.kubernetes.io/component: checks-agent -spec: - maxUnavailable: 1 - selector: - matchLabels: - app.kubernetes.io/component: checks-agent - app.kubernetes.io/instance: {{ .Release.Name }} - app.kubernetes.io/name: {{ include "stackstate-k8s-agent.name" . }} -{{- end -}} diff --git a/charts/stackstate/stackstate-k8s-agent/1.0.54/templates/checks-agent-serviceaccount.yaml b/charts/stackstate/stackstate-k8s-agent/1.0.54/templates/checks-agent-serviceaccount.yaml deleted file mode 100644 index 444aad220..000000000 --- a/charts/stackstate/stackstate-k8s-agent/1.0.54/templates/checks-agent-serviceaccount.yaml +++ /dev/null @@ -1,14 +0,0 @@ -{{- if .Values.checksAgent.enabled }} -apiVersion: v1 -kind: ServiceAccount -metadata: - name: {{ .Release.Name }}-checks-agent - namespace: {{ .Release.Namespace }} - labels: -{{ include "stackstate-k8s-agent.labels" . | indent 4 }} - app.kubernetes.io/component: checks-agent -{{- end -}} -{{- with .Values.checksAgent.serviceaccount.annotations }} - annotations: - {{- toYaml . | nindent 4 }} -{{- end }} diff --git a/charts/stackstate/stackstate-k8s-agent/1.0.54/templates/cluster-agent-clusterrole.yaml b/charts/stackstate/stackstate-k8s-agent/1.0.54/templates/cluster-agent-clusterrole.yaml deleted file mode 100644 index 6a7b27d18..000000000 --- a/charts/stackstate/stackstate-k8s-agent/1.0.54/templates/cluster-agent-clusterrole.yaml +++ /dev/null @@ -1,106 +0,0 @@ -{{- $kubeRes := .Values.clusterAgent.collection.kubernetesResources }} -apiVersion: rbac.authorization.k8s.io/v1 -kind: ClusterRole -metadata: - name: {{ include "stackstate-k8s-agent.fullname" . }} - labels: -{{ include "stackstate-k8s-agent.labels" . | indent 4 }} - app.kubernetes.io/component: cluster-agent -rules: -- apiGroups: - - "" - resources: - - events - - nodes - - pods - - services - {{- if $kubeRes.namespaces }} - - namespaces - {{- end }} - {{- if .Values.clusterAgent.collection.kubernetesMetrics }} - - componentstatuses - {{- end }} - {{- if $kubeRes.configmaps }} - - configmaps - {{- end }} - {{- if $kubeRes.endpoints }} - - endpoints - {{- end }} - {{- if $kubeRes.persistentvolumeclaims }} - - persistentvolumeclaims - {{- end }} - {{- if $kubeRes.persistentvolumes }} - - persistentvolumes - {{- end }} - {{- if $kubeRes.secrets }} - - secrets - {{- end }} - {{- if $kubeRes.resourcequotas }} - - resourcequotas - {{- end }} - verbs: - - get - - list - - watch -{{- if or $kubeRes.daemonsets $kubeRes.deployments $kubeRes.replicasets $kubeRes.statefulsets }} -- apiGroups: - - "apps" - resources: - {{- if $kubeRes.daemonsets }} - - daemonsets - {{- end }} - {{- if $kubeRes.deployments }} - - deployments - {{- end }} - {{- if $kubeRes.replicasets }} - - replicasets - {{- end }} - {{- if $kubeRes.statefulsets }} - - statefulsets - {{- end }} - verbs: - - get - - list - - watch -{{- end}} -{{- if $kubeRes.ingresses }} -- apiGroups: - - "extensions" - - "networking.k8s.io" - resources: - - ingresses - verbs: - - get - - list - - watch -{{- end}} -{{- if or $kubeRes.cronjobs $kubeRes.jobs }} -- apiGroups: - - "batch" - resources: - {{- if $kubeRes.cronjobs }} - - cronjobs - {{- end }} - {{- if $kubeRes.jobs }} - - jobs - {{- end }} - verbs: - - get - - list - - watch -{{- end}} -- nonResourceURLs: - - "/healthz" - - "/version" - verbs: - - get -- apiGroups: - - "storage.k8s.io" - resources: - {{- if $kubeRes.volumeattachments }} - - volumeattachments - {{- end }} - verbs: - - get - - list - - watch diff --git a/charts/stackstate/stackstate-k8s-agent/1.0.54/templates/cluster-agent-clusterrolebinding.yaml b/charts/stackstate/stackstate-k8s-agent/1.0.54/templates/cluster-agent-clusterrolebinding.yaml deleted file mode 100644 index 0b1bd37ea..000000000 --- a/charts/stackstate/stackstate-k8s-agent/1.0.54/templates/cluster-agent-clusterrolebinding.yaml +++ /dev/null @@ -1,16 +0,0 @@ -apiVersion: rbac.authorization.k8s.io/v1 -kind: ClusterRoleBinding -metadata: - name: {{ include "stackstate-k8s-agent.fullname" . }} - labels: -{{ include "stackstate-k8s-agent.labels" . | indent 4 }} - app.kubernetes.io/component: cluster-agent -roleRef: - apiGroup: rbac.authorization.k8s.io - kind: ClusterRole - name: {{ include "stackstate-k8s-agent.fullname" . }} -subjects: -- apiGroup: "" - kind: ServiceAccount - name: {{ include "stackstate-k8s-agent.fullname" . }} - namespace: {{ .Release.Namespace }} diff --git a/charts/stackstate/stackstate-k8s-agent/1.0.54/templates/cluster-agent-configmap.yaml b/charts/stackstate/stackstate-k8s-agent/1.0.54/templates/cluster-agent-configmap.yaml deleted file mode 100644 index 89273e11b..000000000 --- a/charts/stackstate/stackstate-k8s-agent/1.0.54/templates/cluster-agent-configmap.yaml +++ /dev/null @@ -1,28 +0,0 @@ -apiVersion: v1 -kind: ConfigMap -metadata: - name: {{ .Release.Name }}-cluster-agent - labels: -{{ include "stackstate-k8s-agent.labels" . | indent 4 }} - app.kubernetes.io/component: cluster-agent -data: - kubernetes_api_events_conf: | - init_config: - instances: - - collect_events: {{ .Values.clusterAgent.collection.kubernetesEvents }} - event_categories:{{ .Values.clusterAgent.config.events.categories | toYaml | nindent 10 }} - kubernetes_api_topology_conf: | - init_config: - instances: - - collection_interval: {{ .Values.clusterAgent.config.topology.collectionInterval }} - resources:{{ .Values.clusterAgent.collection.kubernetesResources | toYaml | nindent 10 }} - {{- if .Values.clusterAgent.collection.kubeStateMetrics.enabled }} - kube_state_metrics_core_conf: | - {{- include "cluster-agent-kube-state-metrics" . | nindent 6 }} - {{- end }} -{{- if .Values.clusterAgent.config.override }} -{{- range .Values.clusterAgent.config.override }} - {{ .path | replace "/" "_"}}_{{ .name }}: | -{{ .data | indent 4 -}} -{{- end -}} -{{- end -}} diff --git a/charts/stackstate/stackstate-k8s-agent/1.0.54/templates/cluster-agent-deployment.yaml b/charts/stackstate/stackstate-k8s-agent/1.0.54/templates/cluster-agent-deployment.yaml deleted file mode 100644 index 60c50803a..000000000 --- a/charts/stackstate/stackstate-k8s-agent/1.0.54/templates/cluster-agent-deployment.yaml +++ /dev/null @@ -1,164 +0,0 @@ -apiVersion: apps/v1 -kind: Deployment -metadata: - name: {{ .Release.Name }}-cluster-agent - labels: -{{ include "stackstate-k8s-agent.labels" . | indent 4 }} - app.kubernetes.io/component: cluster-agent -spec: - replicas: {{ .Values.clusterAgent.replicaCount }} - selector: - matchLabels: - app.kubernetes.io/component: cluster-agent - app.kubernetes.io/instance: {{ .Release.Name }} - app.kubernetes.io/name: {{ include "stackstate-k8s-agent.name" . }} -{{- with .Values.clusterAgent.strategy }} - strategy: - {{- toYaml . | nindent 4 }} -{{- end }} - template: - metadata: - annotations: - {{- include "stackstate-k8s-agent.checksum-configs" . | nindent 8 }} - {{- include "stackstate-k8s-agent.configmap.override.checksum" . | nindent 8 }} - labels: - app.kubernetes.io/component: cluster-agent - app.kubernetes.io/instance: {{ .Release.Name }} - app.kubernetes.io/name: {{ include "stackstate-k8s-agent.name" . }} - spec: - {{- include "stackstate-k8s-agent.image.pullSecrets" (dict "images" (list .Values.clusterAgent.image .Values.all.image) "context" $) | nindent 6 }} - {{- if .Values.clusterAgent.priorityClassName }} - priorityClassName: {{ .Values.clusterAgent.priorityClassName }} - {{- end }} - serviceAccountName: {{ include "stackstate-k8s-agent.fullname" . }} - {{- if .Values.all.hardening.enabled}} - terminationGracePeriodSeconds: 240 - {{- end }} - containers: - - name: cluster-agent - image: "{{ include "stackstate-k8s-agent.imageRegistry" . }}/{{ .Values.clusterAgent.image.repository }}:{{ .Values.clusterAgent.image.tag }}" - imagePullPolicy: "{{ .Values.clusterAgent.image.pullPolicy }}" - {{- if .Values.all.hardening.enabled}} - lifecycle: - preStop: - exec: - command: [ "/bin/sh", "-c", "echo 'Giving slim.ai monitor time to submit data...'; sleep 120" ] - {{- end }} - env: - - name: STS_API_KEY - valueFrom: - secretKeyRef: - name: {{ include "stackstate-k8s-agent.fullname" . }} - key: sts-api-key - - name: STS_CLUSTER_AGENT_AUTH_TOKEN - valueFrom: - secretKeyRef: - name: {{ include "stackstate-k8s-agent.fullname" . }} - key: sts-cluster-auth-token - - name: KUBERNETES_HOSTNAME - valueFrom: - fieldRef: - fieldPath: spec.nodeName - - name: STS_HOSTNAME - value: "$(KUBERNETES_HOSTNAME)-{{ .Values.stackstate.cluster.name}}" - - name: LOG_LEVEL - value: {{ .Values.clusterAgent.logLevel | quote }} - {{- if .Values.checksAgent.enabled }} - - name: STS_CLUSTER_CHECKS_ENABLED - value: "true" - - name: STS_EXTRA_CONFIG_PROVIDERS - value: "kube_endpoints kube_services" - - name: STS_EXTRA_LISTENERS - value: "kube_endpoints kube_services" - {{- end }} - - name: STS_CLUSTER_NAME - value: {{.Values.stackstate.cluster.name | quote }} - - name: STS_SKIP_VALIDATE_CLUSTERNAME - value: "true" - - name: STS_COLLECT_KUBERNETES_METRICS - value: {{ .Values.clusterAgent.collection.kubernetesMetrics | quote }} - - name: STS_COLLECT_KUBERNETES_TIMEOUT - value: {{ .Values.clusterAgent.collection.kubernetesTimeout | quote }} - - name: STS_COLLECT_KUBERNETES_TOPOLOGY - value: {{ .Values.clusterAgent.collection.kubernetesTopology | quote }} - - name: STS_LEADER_ELECTION - value: "true" - - name: STS_LOG_LEVEL - value: {{ .Values.clusterAgent.logLevel | quote }} - - name: STS_CLUSTER_AGENT_CMD_PORT - value: {{ .Values.clusterAgent.service.targetPort | quote }} - - name: STS_STS_URL - value: {{ include "stackstate-k8s-agent.stackstate.url" . }} - {{- if .Values.clusterAgent.config.configMap.maxDataSize }} - - name: STS_CONFIGMAP_MAX_DATASIZE - value: {{ .Values.clusterAgent.config.configMap.maxDataSize | quote }} - {{- end}} - {{- range $key, $value := .Values.global.extraEnv.open }} - - name: {{ $key }} - value: {{ $value | quote }} - {{- end }} - {{- range $key, $value := .Values.global.extraEnv.secret }} - - name: {{ $key }} - valueFrom: - secretKeyRef: - name: {{ include "stackstate-k8s-agent.fullname" . }} - key: {{ $key }} - {{- end }} - {{- if .Values.all.hardening.enabled}} - securityContext: - privileged: true - runAsUser: 0 # root - capabilities: - add: [ "ALL" ] - readOnlyRootFilesystem: false - {{- else }} - securityContext: - privileged: false - {{- end }} - {{- with .Values.clusterAgent.resources }} - resources: - {{- toYaml . | nindent 12 }} - {{- end }} - volumeMounts: - - name: logs - mountPath: /var/log/stackstate-agent - - name: config-override-volume - mountPath: /etc/stackstate-agent/conf.d/kubernetes_api_events.d/conf.yaml - subPath: kubernetes_api_events_conf - - name: config-override-volume - mountPath: /etc/stackstate-agent/conf.d/kubernetes_api_topology.d/conf.yaml - subPath: kubernetes_api_topology_conf - readOnly: true - {{- if .Values.clusterAgent.collection.kubeStateMetrics.enabled }} - - name: config-override-volume - mountPath: /etc/stackstate-agent/conf.d/kubernetes_state_core.d/conf.yaml - subPath: kube_state_metrics_core_conf - readOnly: true - {{- end }} - {{- if .Values.clusterAgent.config.override }} - {{- range .Values.clusterAgent.config.override }} - - name: config-override-volume - mountPath: {{ .path }}/{{ .name }} - subPath: {{ .path | replace "/" "_"}}_{{ .name }} - readOnly: true - {{- end }} - {{- end }} - nodeSelector: - {{ template "label.os" . }}: {{ .Values.targetSystem }} - {{- with .Values.clusterAgent.nodeSelector }} - {{- toYaml . | nindent 8 }} - {{- end }} - {{- with .Values.clusterAgent.affinity }} - affinity: - {{- toYaml . | nindent 8 }} - {{- end }} - {{- with .Values.clusterAgent.tolerations }} - tolerations: - {{- toYaml . | nindent 8 }} - {{- end }} - volumes: - - name: logs - emptyDir: {} - - name: config-override-volume - configMap: - name: {{ .Release.Name }}-cluster-agent diff --git a/charts/stackstate/stackstate-k8s-agent/1.0.54/templates/cluster-agent-poddisruptionbudget.yaml b/charts/stackstate/stackstate-k8s-agent/1.0.54/templates/cluster-agent-poddisruptionbudget.yaml deleted file mode 100644 index 652fa63d9..000000000 --- a/charts/stackstate/stackstate-k8s-agent/1.0.54/templates/cluster-agent-poddisruptionbudget.yaml +++ /dev/null @@ -1,18 +0,0 @@ -{{- if .Capabilities.APIVersions.Has "policy/v1/PodDisruptionBudget" }} -apiVersion: policy/v1 -{{- else }} -apiVersion: policy/v1beta1 -{{- end }} -kind: PodDisruptionBudget -metadata: - name: {{ include "stackstate-k8s-agent.fullname" . }} - labels: -{{ include "stackstate-k8s-agent.labels" . | indent 4 }} - app.kubernetes.io/component: cluster-agent -spec: - maxUnavailable: 1 - selector: - matchLabels: - app.kubernetes.io/component: cluster-agent - app.kubernetes.io/instance: {{ .Release.Name }} - app.kubernetes.io/name: {{ include "stackstate-k8s-agent.name" . }} diff --git a/charts/stackstate/stackstate-k8s-agent/1.0.54/templates/cluster-agent-role.yaml b/charts/stackstate/stackstate-k8s-agent/1.0.54/templates/cluster-agent-role.yaml deleted file mode 100644 index afe1594c1..000000000 --- a/charts/stackstate/stackstate-k8s-agent/1.0.54/templates/cluster-agent-role.yaml +++ /dev/null @@ -1,18 +0,0 @@ -{{- $kubeRes := .Values.clusterAgent.collection.kubernetesResources }} -apiVersion: rbac.authorization.k8s.io/v1 -kind: Role -metadata: - name: {{ include "stackstate-k8s-agent.fullname" . }} - labels: -{{ include "stackstate-k8s-agent.labels" . | indent 4 }} - app.kubernetes.io/component: cluster-agent -rules: -- apiGroups: - - "" - resources: - - configmaps - verbs: - - create - - get - - patch - - update diff --git a/charts/stackstate/stackstate-k8s-agent/1.0.54/templates/cluster-agent-rolebinding.yaml b/charts/stackstate/stackstate-k8s-agent/1.0.54/templates/cluster-agent-rolebinding.yaml deleted file mode 100644 index befaa77f2..000000000 --- a/charts/stackstate/stackstate-k8s-agent/1.0.54/templates/cluster-agent-rolebinding.yaml +++ /dev/null @@ -1,15 +0,0 @@ -apiVersion: rbac.authorization.k8s.io/v1 -kind: RoleBinding -metadata: - name: {{ include "stackstate-k8s-agent.fullname" . }} - labels: -{{ include "stackstate-k8s-agent.labels" . | indent 4 }} - app.kubernetes.io/component: cluster-agent -roleRef: - apiGroup: rbac.authorization.k8s.io - kind: Role - name: {{ include "stackstate-k8s-agent.fullname" . }} -subjects: -- apiGroup: "" - kind: ServiceAccount - name: {{ include "stackstate-k8s-agent.fullname" . }} diff --git a/charts/stackstate/stackstate-k8s-agent/1.0.54/templates/cluster-agent-service.yaml b/charts/stackstate/stackstate-k8s-agent/1.0.54/templates/cluster-agent-service.yaml deleted file mode 100644 index 93c39aaba..000000000 --- a/charts/stackstate/stackstate-k8s-agent/1.0.54/templates/cluster-agent-service.yaml +++ /dev/null @@ -1,18 +0,0 @@ -apiVersion: v1 -kind: Service -metadata: - name: {{ .Release.Name }}-cluster-agent - namespace: {{ .Release.Namespace }} - labels: -{{ include "stackstate-k8s-agent.labels" . | indent 4 }} - app.kubernetes.io/component: cluster-agent -spec: - ports: - - name: clusteragent - port: {{int .Values.clusterAgent.service.port }} - protocol: TCP - targetPort: {{int .Values.clusterAgent.service.targetPort }} - selector: - app.kubernetes.io/component: cluster-agent - app.kubernetes.io/instance: {{ .Release.Name }} - app.kubernetes.io/name: {{ include "stackstate-k8s-agent.name" . }} diff --git a/charts/stackstate/stackstate-k8s-agent/1.0.54/templates/cluster-agent-serviceaccount.yaml b/charts/stackstate/stackstate-k8s-agent/1.0.54/templates/cluster-agent-serviceaccount.yaml deleted file mode 100644 index ff7b7be35..000000000 --- a/charts/stackstate/stackstate-k8s-agent/1.0.54/templates/cluster-agent-serviceaccount.yaml +++ /dev/null @@ -1,12 +0,0 @@ -apiVersion: v1 -kind: ServiceAccount -metadata: - name: {{ include "stackstate-k8s-agent.fullname" . }} - namespace: {{ .Release.Namespace }} - labels: -{{ include "stackstate-k8s-agent.labels" . | indent 4 }} - app.kubernetes.io/component: cluster-agent -{{- with .Values.clusterAgent.serviceaccount.annotations }} - annotations: - {{- toYaml . | nindent 4 }} -{{- end }} diff --git a/charts/stackstate/stackstate-k8s-agent/1.0.54/templates/logs-agent-clusterrole.yaml b/charts/stackstate/stackstate-k8s-agent/1.0.54/templates/logs-agent-clusterrole.yaml deleted file mode 100644 index 70d70aa47..000000000 --- a/charts/stackstate/stackstate-k8s-agent/1.0.54/templates/logs-agent-clusterrole.yaml +++ /dev/null @@ -1,20 +0,0 @@ -{{- if .Values.logsAgent.enabled }} -apiVersion: rbac.authorization.k8s.io/v1 -kind: ClusterRole -metadata: - name: {{ .Release.Name }}-logs-agent - labels: -{{ include "stackstate-k8s-agent.labels" . | indent 4 }} - app.kubernetes.io/component: logs-agent -rules: -- apiGroups: # Kubelet connectivity - - "" - resources: - - nodes - - services - - pods - verbs: - - get - - watch - - list -{{- end -}} diff --git a/charts/stackstate/stackstate-k8s-agent/1.0.54/templates/logs-agent-clusterrolebinding.yaml b/charts/stackstate/stackstate-k8s-agent/1.0.54/templates/logs-agent-clusterrolebinding.yaml deleted file mode 100644 index 802c5d8c5..000000000 --- a/charts/stackstate/stackstate-k8s-agent/1.0.54/templates/logs-agent-clusterrolebinding.yaml +++ /dev/null @@ -1,18 +0,0 @@ -{{- if .Values.logsAgent.enabled }} -apiVersion: rbac.authorization.k8s.io/v1 -kind: ClusterRoleBinding -metadata: - name: {{ .Release.Name }}-logs-agent - labels: -{{ include "stackstate-k8s-agent.labels" . | indent 4 }} - app.kubernetes.io/component: logs-agent -roleRef: - apiGroup: rbac.authorization.k8s.io - kind: ClusterRole - name: {{ .Release.Name }}-logs-agent -subjects: -- apiGroup: "" - kind: ServiceAccount - name: {{ .Release.Name }}-logs-agent - namespace: {{ .Release.Namespace }} -{{- end -}} diff --git a/charts/stackstate/stackstate-k8s-agent/1.0.54/templates/logs-agent-configmap.yaml b/charts/stackstate/stackstate-k8s-agent/1.0.54/templates/logs-agent-configmap.yaml deleted file mode 100644 index c934777ef..000000000 --- a/charts/stackstate/stackstate-k8s-agent/1.0.54/templates/logs-agent-configmap.yaml +++ /dev/null @@ -1,54 +0,0 @@ -{{- if .Values.logsAgent.enabled }} -apiVersion: v1 -kind: ConfigMap -metadata: - name: {{ .Release.Name }}-logs-agent - labels: -{{ include "stackstate-k8s-agent.labels" . | indent 4 }} - app.kubernetes.io/component: logs-agent -data: - promtail.yaml: | - server: - http_listen_port: 9080 - grpc_listen_port: 0 - - clients: - - url: {{ tpl .Values.stackstate.url . }}/logs/k8s?api_key=${STS_API_KEY} - external_labels: - sts_cluster_name: {{ .Values.stackstate.cluster.name | quote }} - - positions: - filename: /tmp/positions.yaml - target_config: - sync_period: 10s - scrape_configs: - - job_name: pod-logs - kubernetes_sd_configs: - - role: pod - pipeline_stages: - - docker: {} - - cri: {} - relabel_configs: - - action: replace - source_labels: - - __meta_kubernetes_pod_name - target_label: pod_name - - action: replace - source_labels: - - __meta_kubernetes_pod_uid - target_label: pod_uid - - action: replace - source_labels: - - __meta_kubernetes_pod_container_name - target_label: container_name - # The __path__ is required by the promtail client - - replacement: /var/log/pods/*$1/*.log - separator: / - source_labels: - - __meta_kubernetes_pod_uid - - __meta_kubernetes_pod_container_name - target_label: __path__ - # Drop all remaining labels, we do not need those - - action: drop - regex: __meta_(.*) -{{- end -}} diff --git a/charts/stackstate/stackstate-k8s-agent/1.0.54/templates/logs-agent-daemonset.yaml b/charts/stackstate/stackstate-k8s-agent/1.0.54/templates/logs-agent-daemonset.yaml deleted file mode 100644 index 015cdba2a..000000000 --- a/charts/stackstate/stackstate-k8s-agent/1.0.54/templates/logs-agent-daemonset.yaml +++ /dev/null @@ -1,90 +0,0 @@ -{{- if .Values.logsAgent.enabled }} -apiVersion: apps/v1 -kind: DaemonSet -metadata: - name: {{ .Release.Name }}-logs-agent - namespace: {{ .Release.Namespace }} - labels: -{{ include "stackstate-k8s-agent.labels" . | indent 4 }} - app.kubernetes.io/component: logs-agent -spec: - selector: - matchLabels: - app.kubernetes.io/component: logs-agent - app.kubernetes.io/instance: {{ .Release.Name }} - app.kubernetes.io/name: {{ include "stackstate-k8s-agent.name" . }} -{{- with .Values.logsAgent.updateStrategy }} - updateStrategy: - {{- toYaml . | nindent 4 }} -{{- end }} - template: - metadata: - annotations: - {{- include "stackstate-k8s-agent.checksum-configs" . | nindent 8 }} - {{- include "stackstate-k8s-agent.logsAgent.configmap.override.checksum" . | nindent 8 }} - labels: - app.kubernetes.io/component: logs-agent - app.kubernetes.io/instance: {{ .Release.Name }} - app.kubernetes.io/name: {{ include "stackstate-k8s-agent.name" . }} - spec: - {{- include "stackstate-k8s-agent.image.pullSecrets" (dict "images" (list .Values.logsAgent.image .Values.all.image) "context" $) | nindent 6 }} - containers: - - name: logs-agent - image: "{{ include "stackstate-k8s-agent.imageRegistry" . }}/{{ .Values.logsAgent.image.repository }}:{{ .Values.logsAgent.image.tag }}" - args: - - -config.expand-env=true - - -config.file=/etc/promtail/promtail.yaml - imagePullPolicy: "{{ .Values.logsAgent.image.pullPolicy }}" - env: - - name: STS_API_KEY - valueFrom: - secretKeyRef: - name: {{ include "stackstate-k8s-agent.fullname" . }} - key: sts-api-key - - name: "HOSTNAME" # needed when using kubernetes_sd_configs - valueFrom: - fieldRef: - fieldPath: "spec.nodeName" - securityContext: - privileged: false - {{- with .Values.logsAgent.resources }} - resources: - {{- toYaml . | nindent 12 }} - {{- end }} - volumeMounts: - - name: logs - mountPath: /var/log - readOnly: true - - name: logs-agent-config - mountPath: /etc/promtail - readOnly: true - - name: varlibdockercontainers - mountPath: /var/lib/docker/containers - readOnly: true - {{- if .Values.logsAgent.priorityClassName }} - priorityClassName: {{ .Values.logsAgent.priorityClassName }} - {{- end }} - serviceAccountName: {{ .Release.Name }}-logs-agent - {{- with .Values.logsAgent.nodeSelector }} - nodeSelector: - {{- toYaml . | nindent 8 }} - {{- end }} - {{- with .Values.logsAgent.affinity }} - affinity: - {{- toYaml . | nindent 8 }} - {{- end }} - {{- with .Values.logsAgent.tolerations }} - tolerations: - {{- toYaml . | nindent 8 }} - {{- end }} - volumes: - - name: logs - hostPath: - path: /var/log - - name: varlibdockercontainers - hostPath: - path: /var/lib/docker/containers - - name: logs-agent-config - configMap: - name: {{ .Release.Name }}-logs-agent -{{- end -}} diff --git a/charts/stackstate/stackstate-k8s-agent/1.0.54/templates/logs-agent-serviceaccount.yaml b/charts/stackstate/stackstate-k8s-agent/1.0.54/templates/logs-agent-serviceaccount.yaml deleted file mode 100644 index e562c04e4..000000000 --- a/charts/stackstate/stackstate-k8s-agent/1.0.54/templates/logs-agent-serviceaccount.yaml +++ /dev/null @@ -1,14 +0,0 @@ -{{- if .Values.logsAgent.enabled }} -apiVersion: v1 -kind: ServiceAccount -metadata: - name: {{ .Release.Name }}-logs-agent - namespace: {{ .Release.Namespace }} - labels: -{{ include "stackstate-k8s-agent.labels" . | indent 4 }} - app.kubernetes.io/component: logs-agent -{{- with .Values.logsAgent.serviceaccount.annotations }} - annotations: - {{- toYaml . | nindent 4 }} -{{- end }} -{{- end -}} diff --git a/charts/stackstate/stackstate-k8s-agent/1.0.54/templates/node-agent-clusterrole.yaml b/charts/stackstate/stackstate-k8s-agent/1.0.54/templates/node-agent-clusterrole.yaml deleted file mode 100644 index 11a53c6ed..000000000 --- a/charts/stackstate/stackstate-k8s-agent/1.0.54/templates/node-agent-clusterrole.yaml +++ /dev/null @@ -1,18 +0,0 @@ -apiVersion: rbac.authorization.k8s.io/v1 -kind: ClusterRole -metadata: - name: {{ .Release.Name }}-node-agent - labels: -{{ include "stackstate-k8s-agent.labels" . | indent 4 }} - app.kubernetes.io/component: node-agent -rules: -- apiGroups: # Kubelet connectivity - - "" - resources: - - nodes/metrics - - nodes/proxy - - nodes/spec - - endpoints - verbs: - - get - - list diff --git a/charts/stackstate/stackstate-k8s-agent/1.0.54/templates/node-agent-clusterrolebinding.yaml b/charts/stackstate/stackstate-k8s-agent/1.0.54/templates/node-agent-clusterrolebinding.yaml deleted file mode 100644 index 8a33cb0bc..000000000 --- a/charts/stackstate/stackstate-k8s-agent/1.0.54/templates/node-agent-clusterrolebinding.yaml +++ /dev/null @@ -1,16 +0,0 @@ -apiVersion: rbac.authorization.k8s.io/v1 -kind: ClusterRoleBinding -metadata: - name: {{ .Release.Name }}-node-agent - labels: -{{ include "stackstate-k8s-agent.labels" . | indent 4 }} - app.kubernetes.io/component: node-agent -roleRef: - apiGroup: rbac.authorization.k8s.io - kind: ClusterRole - name: {{ .Release.Name }}-node-agent -subjects: -- apiGroup: "" - kind: ServiceAccount - name: {{ .Release.Name }}-node-agent - namespace: {{ .Release.Namespace }} diff --git a/charts/stackstate/stackstate-k8s-agent/1.0.54/templates/node-agent-configmap.yaml b/charts/stackstate/stackstate-k8s-agent/1.0.54/templates/node-agent-configmap.yaml deleted file mode 100644 index 8fdd99258..000000000 --- a/charts/stackstate/stackstate-k8s-agent/1.0.54/templates/node-agent-configmap.yaml +++ /dev/null @@ -1,14 +0,0 @@ -{{- if .Values.nodeAgent.config.override }} -apiVersion: v1 -kind: ConfigMap -metadata: - name: {{ .Release.Name }}-node-agent - labels: -{{ include "stackstate-k8s-agent.labels" . | indent 4 }} - app.kubernetes.io/component: node-agent -data: -{{- range .Values.nodeAgent.config.override }} - {{ .path | replace "/" "_"}}_{{ .name }}: | -{{ .data | indent 4 -}} -{{- end -}} -{{- end -}} diff --git a/charts/stackstate/stackstate-k8s-agent/1.0.54/templates/node-agent-daemonset.yaml b/charts/stackstate/stackstate-k8s-agent/1.0.54/templates/node-agent-daemonset.yaml deleted file mode 100644 index d10182508..000000000 --- a/charts/stackstate/stackstate-k8s-agent/1.0.54/templates/node-agent-daemonset.yaml +++ /dev/null @@ -1,101 +0,0 @@ -apiVersion: apps/v1 -kind: DaemonSet -metadata: - name: {{ .Release.Name }}-node-agent - namespace: {{ .Release.Namespace }} - labels: -{{ include "stackstate-k8s-agent.labels" . | indent 4 }} - app.kubernetes.io/component: node-agent -spec: - selector: - matchLabels: - app.kubernetes.io/component: node-agent - app.kubernetes.io/instance: {{ .Release.Name }} - app.kubernetes.io/name: {{ include "stackstate-k8s-agent.name" . }} -{{- with .Values.nodeAgent.updateStrategy }} - updateStrategy: - {{- toYaml . | nindent 4 }} -{{- end }} - template: - metadata: - annotations: - {{- include "stackstate-k8s-agent.checksum-configs" . | nindent 8 }} - {{- include "stackstate-k8s-agent.nodeAgent.configmap.override.checksum" . | nindent 8 }} - labels: - app.kubernetes.io/component: node-agent - app.kubernetes.io/instance: {{ .Release.Name }} - app.kubernetes.io/name: {{ include "stackstate-k8s-agent.name" . }} - spec: - {{- include "stackstate-k8s-agent.image.pullSecrets" (dict "images" (list .Values.nodeAgent.containers.agent.image .Values.all.image) "context" $) | nindent 6 }} - {{- if .Values.all.hardening.enabled}} - terminationGracePeriodSeconds: 240 - {{- end }} - containers: - {{- include "container-agent" . | nindent 6 }} - {{- if .Values.nodeAgent.containers.processAgent.enabled }} - {{- include "container-process-agent" . | nindent 6 }} - {{- end }} - dnsPolicy: ClusterFirstWithHostNet - hostNetwork: true - hostPID: true - {{- if .Values.nodeAgent.priorityClassName }} - priorityClassName: {{ .Values.nodeAgent.priorityClassName }} - {{- end }} - serviceAccountName: {{ .Release.Name }}-node-agent - nodeSelector: - {{ template "label.os" . }}: {{ .Values.targetSystem }} - {{- with .Values.nodeAgent.nodeSelector }} - {{- toYaml . | nindent 8 }} - {{- end }} - {{- with .Values.nodeAgent.affinity }} - affinity: - {{- toYaml . | nindent 8 }} - {{- end }} - {{- with .Values.nodeAgent.tolerations }} - tolerations: - {{- toYaml . | nindent 8 }} - {{- end }} - volumes: - {{- if .Values.nodeAgent.containerRuntime.customSocketPath }} - - hostPath: - path: {{ .Values.nodeAgent.containerRuntime.customSocketPath }} - name: customcrisocket - {{- end }} - - hostPath: - path: /var/lib/kubelet - name: kubelet - - hostPath: - path: /var/lib/nfs - name: nfs - - hostPath: - path: /var/lib/docker/overlay2 - name: dockeroverlay2 - - hostPath: - path: /run/docker/netns - name: dockernetns - - hostPath: - path: /var/run/crio/crio.sock - name: crisocket - - hostPath: - path: /var/run/containerd/containerd.sock - name: containerdsocket - - hostPath: - path: /sys/kernel/debug - name: sys-kernel-debug - - hostPath: - path: /var/run/docker.sock - name: dockersocket - - hostPath: - path: {{ .Values.nodeAgent.containerRuntime.hostProc }} - name: procdir - - hostPath: - path: /etc/passwd - name: passwd - - hostPath: - path: /sys/fs/cgroup - name: cgroups - {{- if .Values.nodeAgent.config.override }} - - name: config-override-volume - configMap: - name: {{ .Release.Name }}-node-agent - {{- end }} diff --git a/charts/stackstate/stackstate-k8s-agent/1.0.54/templates/node-agent-scc.yaml b/charts/stackstate/stackstate-k8s-agent/1.0.54/templates/node-agent-scc.yaml deleted file mode 100644 index 562a099c7..000000000 --- a/charts/stackstate/stackstate-k8s-agent/1.0.54/templates/node-agent-scc.yaml +++ /dev/null @@ -1,56 +0,0 @@ -{{- if .Values.nodeAgent.scc.enabled }} -allowHostDirVolumePlugin: true -# was true -allowHostIPC: true -# was true -allowHostNetwork: true -# Allow host PID for dogstatsd origin detection -allowHostPID: true -# Allow host ports for dsd / trace / logs intake -allowHostPorts: true -allowPrivilegeEscalation: true -# was true -allowPrivilegedContainer: true -# was - '*' -allowedCapabilities: [] -allowedUnsafeSysctls: -- '*' -apiVersion: security.openshift.io/v1 -defaultAddCapabilities: null -fsGroup: -# was RunAsAny - type: MustRunAs -groups: [] -kind: SecurityContextConstraints -metadata: - name: {{ .Release.Name }}-node-agent - namespace: {{ .Release.Namespace }} -priority: null -readOnlyRootFilesystem: false -requiredDropCapabilities: null -# was RunAsAny -runAsUser: - type: MustRunAsRange -# Use the `spc_t` selinux type to access the -# docker socket + proc and cgroup stats -seLinuxContext: - type: RunAsAny - seLinuxOptions: - user: "system_u" - role: "system_r" - type: "spc_t" - level: "s0" -# was - '*' -seccompProfiles: [] -supplementalGroups: - type: RunAsAny -users: -- system:serviceaccount:{{ .Release.Namespace }}:{{ .Release.Name }}-node-agent -# Allow hostPath for docker / process metrics -volumes: - - configMap - - downwardAPI - - emptyDir - - hostPath - - secret -{{- end }} diff --git a/charts/stackstate/stackstate-k8s-agent/1.0.54/templates/node-agent-service.yaml b/charts/stackstate/stackstate-k8s-agent/1.0.54/templates/node-agent-service.yaml deleted file mode 100644 index ad5ad71ce..000000000 --- a/charts/stackstate/stackstate-k8s-agent/1.0.54/templates/node-agent-service.yaml +++ /dev/null @@ -1,26 +0,0 @@ -apiVersion: v1 -kind: Service -metadata: - name: {{ .Release.Name }}-node-agent - namespace: {{ .Release.Namespace }} - labels: -{{ include "stackstate-k8s-agent.labels" . | indent 4 }} - app.kubernetes.io/component: node-agent -{{- with .Values.nodeAgent.service.annotations }} - annotations: - {{- toYaml . | nindent 4 }} -{{- end }} -spec: - type: {{ .Values.nodeAgent.service.type }} -{{- if eq .Values.nodeAgent.service.type "LoadBalancer" }} - loadBalancerSourceRanges: {{ toYaml .Values.nodeAgent.service.loadBalancerSourceRanges | nindent 4}} -{{- end }} - ports: - - name: traceport - port: 8126 - protocol: TCP - targetPort: 8126 - selector: - app.kubernetes.io/component: node-agent - app.kubernetes.io/instance: {{ .Release.Name }} - app.kubernetes.io/name: {{ include "stackstate-k8s-agent.name" . }} diff --git a/charts/stackstate/stackstate-k8s-agent/1.0.54/templates/node-agent-serviceaccount.yaml b/charts/stackstate/stackstate-k8s-agent/1.0.54/templates/node-agent-serviceaccount.yaml deleted file mode 100644 index 935fa9674..000000000 --- a/charts/stackstate/stackstate-k8s-agent/1.0.54/templates/node-agent-serviceaccount.yaml +++ /dev/null @@ -1,12 +0,0 @@ -apiVersion: v1 -kind: ServiceAccount -metadata: - name: {{ .Release.Name }}-node-agent - namespace: {{ .Release.Namespace }} - labels: -{{ include "stackstate-k8s-agent.labels" . | indent 4 }} - app.kubernetes.io/component: node-agent -{{- with .Values.nodeAgent.serviceaccount.annotations }} - annotations: - {{- toYaml . | nindent 4 }} -{{- end }} diff --git a/charts/stackstate/stackstate-k8s-agent/1.0.54/templates/openshift-logging-secret.yaml b/charts/stackstate/stackstate-k8s-agent/1.0.54/templates/openshift-logging-secret.yaml deleted file mode 100644 index df813afe2..000000000 --- a/charts/stackstate/stackstate-k8s-agent/1.0.54/templates/openshift-logging-secret.yaml +++ /dev/null @@ -1,17 +0,0 @@ -{{- if .Values.openShiftLogging.installSecret }} -apiVersion: v1 -kind: Secret -metadata: - name: {{ include "stackstate-k8s-agent.fullname" . }}-logging-secret - namespace: openshift-logging - labels: -{{ include "stackstate-k8s-agent.labels" . | indent 4 }} -type: Opaque -data: - username: {{ "apikey" | b64enc | quote }} -{{- if .Values.global.receiverApiKey }} - password: {{ .Values.global.receiverApiKey | b64enc | quote }} -{{- else }} - password: {{ .Values.stackstate.apiKey | b64enc | quote }} -{{- end }} -{{- end }} diff --git a/charts/stackstate/stackstate-k8s-agent/1.0.54/templates/pull-secret.yaml b/charts/stackstate/stackstate-k8s-agent/1.0.54/templates/pull-secret.yaml deleted file mode 100644 index 441a42a15..000000000 --- a/charts/stackstate/stackstate-k8s-agent/1.0.54/templates/pull-secret.yaml +++ /dev/null @@ -1,35 +0,0 @@ -{{- $defaultRegistry := .Values.global.imageRegistry }} -{{- $top := . }} -{{- $registryAuthMap := dict }} - -{{- range $registry, $credentials := .Values.global.imagePullCredentials }} - {{- $registryAuthDocument := dict -}} - {{- $_ := set $registryAuthDocument "username" $credentials.username }} - {{- $_ := set $registryAuthDocument "password" $credentials.password }} - {{- $authMessage := printf "%s:%s" $registryAuthDocument.username $registryAuthDocument.password | b64enc }} - {{- $_ := set $registryAuthDocument "auth" $authMessage }} - {{- if eq $registry "default" }} - {{- $registryAuthMap := set $registryAuthMap (include "stackstate-k8s-agent.imageRegistry" $top) $registryAuthDocument }} - {{ else }} - {{- $registryAuthMap := set $registryAuthMap $registry $registryAuthDocument }} - {{- end }} -{{- end }} - -{{- if .Values.all.image.pullSecretUsername }} - {{- $registryAuthDocument := dict -}} - {{- $_ := set $registryAuthDocument "username" .Values.all.image.pullSecretUsername }} - {{- $_ := set $registryAuthDocument "password" .Values.all.image.pullSecretPassword }} - {{- $authMessage := printf "%s:%s" $registryAuthDocument.username $registryAuthDocument.password | b64enc }} - {{- $_ := set $registryAuthDocument "auth" $authMessage }} - {{- $registryAuthMap := set $registryAuthMap (include "stackstate-k8s-agent.imageRegistry" $top) $registryAuthDocument }} -{{- end }} - -{{- $dockerAuthsDocuments := dict "auths" $registryAuthMap }} - -apiVersion: v1 -kind: Secret -metadata: - name: {{ include "stackstate-k8s-agent.pull-secret.name" . }} -data: - .dockerconfigjson: {{ $dockerAuthsDocuments | toJson | b64enc | quote }} -type: kubernetes.io/dockerconfigjson diff --git a/charts/stackstate/stackstate-k8s-agent/1.0.54/templates/secret.yaml b/charts/stackstate/stackstate-k8s-agent/1.0.54/templates/secret.yaml deleted file mode 100644 index 31057ccf3..000000000 --- a/charts/stackstate/stackstate-k8s-agent/1.0.54/templates/secret.yaml +++ /dev/null @@ -1,22 +0,0 @@ -apiVersion: v1 -kind: Secret -metadata: - name: {{ include "stackstate-k8s-agent.fullname" . }} - namespace: {{ .Release.Namespace }} - labels: -{{ include "stackstate-k8s-agent.labels" . | indent 4 }} -type: Opaque -data: -{{- if .Values.global.receiverApiKey }} - sts-api-key: {{ .Values.global.receiverApiKey | b64enc | quote }} -{{- else }} - sts-api-key: {{ .Values.stackstate.apiKey | b64enc | quote }} -{{- end }} -{{- if .Values.stackstate.cluster.authToken }} - sts-cluster-auth-token: {{ .Values.stackstate.cluster.authToken | b64enc | quote }} -{{- else }} - sts-cluster-auth-token: {{ randAlphaNum 32 | b64enc | quote }} -{{- end }} -{{- range $key, $value := .Values.global.extraEnv.secret }} - {{ $key }}: {{ $value | b64enc | quote }} -{{- end }} diff --git a/charts/stackstate/stackstate-k8s-agent/1.0.54/test/clusteragent_resources_test.go b/charts/stackstate/stackstate-k8s-agent/1.0.54/test/clusteragent_resources_test.go deleted file mode 100644 index 25875e871..000000000 --- a/charts/stackstate/stackstate-k8s-agent/1.0.54/test/clusteragent_resources_test.go +++ /dev/null @@ -1,145 +0,0 @@ -package test - -import ( - "regexp" - "strings" - "testing" - - v1 "k8s.io/api/rbac/v1" - - "github.com/stretchr/testify/assert" - "gitlab.com/StackVista/DevOps/helm-charts/helmtestutil" -) - -var requiredRules = []string{ - "events+get,list,watch", - "nodes+get,list,watch", - "pods+get,list,watch", - "services+get,list,watch", - "configmaps+create,get,patch,update", -} - -var optionalRules = []string{ - "namespaces+get,list,watch", - "componentstatuses+get,list,watch", - "configmaps+list,watch", // get is already required - "endpoints+get,list,watch", - "persistentvolumeclaims+get,list,watch", - "persistentvolumes+get,list,watch", - "secrets+get,list,watch", - "apps/daemonsets+get,list,watch", - "apps/deployments+get,list,watch", - "apps/replicasets+get,list,watch", - "apps/statefulsets+get,list,watch", - "extensions/ingresses+get,list,watch", - "batch/cronjobs+get,list,watch", - "batch/jobs+get,list,watch", -} - -var roleDescriptionRegexp = regexp.MustCompile(`^((?P\w+)/)?(?P\w+)\+(?P[\w,]+)`) - -type Rule struct { - Group string - ResourceName string - Verb string -} - -func assertRuleExistence(t *testing.T, rules []v1.PolicyRule, roleDescription string, shouldBePresent bool) { - match := roleDescriptionRegexp.FindStringSubmatch(roleDescription) - assert.NotNil(t, match) - - var roleRules []Rule - for _, rule := range rules { - for _, group := range rule.APIGroups { - for _, resource := range rule.Resources { - for _, verb := range rule.Verbs { - roleRules = append(roleRules, Rule{group, resource, verb}) - } - } - } - } - - resGroup := match[roleDescriptionRegexp.SubexpIndex("group")] - resName := match[roleDescriptionRegexp.SubexpIndex("name")] - verbs := strings.Split(match[roleDescriptionRegexp.SubexpIndex("verbs")], ",") - - for _, verb := range verbs { - requiredRule := Rule{resGroup, resName, verb} - found := false - for _, rule := range roleRules { - if rule == requiredRule { - found = true - break - } - } - if shouldBePresent { - assert.Truef(t, found, "Rule %v has not been found", requiredRule) - } else { - assert.Falsef(t, found, "Rule %v should not be present", requiredRule) - } - } -} - -func TestAllResourcesAreEnabled(t *testing.T) { - output := helmtestutil.RenderHelmTemplate(t, "stackstate-k8s-agent", "values/minimal.yaml") - resources := helmtestutil.NewKubernetesResources(t, output) - - assert.Contains(t, resources.ClusterRoles, "stackstate-k8s-agent") - assert.Contains(t, resources.Roles, "stackstate-k8s-agent") - rules := resources.ClusterRoles["stackstate-k8s-agent"].Rules - rules = append(rules, resources.Roles["stackstate-k8s-agent"].Rules...) - - for _, requiredRole := range requiredRules { - assertRuleExistence(t, rules, requiredRole, true) - } - // be default, everything is enabled, so all the optional roles should be present as well - for _, optionalRule := range optionalRules { - assertRuleExistence(t, rules, optionalRule, true) - } -} - -func TestMostOfResourcesAreDisabled(t *testing.T) { - output := helmtestutil.RenderHelmTemplate(t, "stackstate-k8s-agent", "values/minimal.yaml", "values/disable-all-resource.yaml") - resources := helmtestutil.NewKubernetesResources(t, output) - - assert.Contains(t, resources.ClusterRoles, "stackstate-k8s-agent") - assert.Contains(t, resources.Roles, "stackstate-k8s-agent") - rules := resources.ClusterRoles["stackstate-k8s-agent"].Rules - rules = append(rules, resources.Roles["stackstate-k8s-agent"].Rules...) - - for _, requiredRole := range requiredRules { - assertRuleExistence(t, rules, requiredRole, true) - } - - // we expect all optional resources to be removed from ClusterRole with the given values - for _, optionalRule := range optionalRules { - assertRuleExistence(t, rules, optionalRule, false) - } -} - -func TestNoClusterWideModificationRights(t *testing.T) { - output := helmtestutil.RenderHelmTemplate(t, "stackstate-k8s-agent", "values/minimal.yaml", "values/http-header-injector.yaml") - resources := helmtestutil.NewKubernetesResources(t, output) - assert.Contains(t, resources.ClusterRoles, "stackstate-k8s-agent") - illegalVerbs := []string{"create", "patch", "update", "delete"} - - for _, clusterRole := range resources.ClusterRoles { - for _, rule := range clusterRole.Rules { - for _, verb := range rule.Verbs { - assert.NotContains(t, illegalVerbs, verb, "ClusterRole %s should not have %s verb for %s resource", clusterRole.Name, verb, rule.Resources) - } - } - } -} - -func TestServicePortChange(t *testing.T) { - output := helmtestutil.RenderHelmTemplate(t, "stackstate-k8s-agent", "values/minimal.yaml", "values/clustercheck_service_port_override.yaml") - resources := helmtestutil.NewKubernetesResources(t, output) - - cluster_agent_service := resources.Services["stackstate-k8s-agent-cluster-agent"] - - port := cluster_agent_service.Spec.Ports[0] - assert.Equal(t, port.Name, "clusteragent") - assert.Equal(t, port.Port, int32(8008)) - assert.Equal(t, port.TargetPort.IntVal, int32(9009)) -} diff --git a/charts/stackstate/stackstate-k8s-agent/1.0.54/test/clustername_test.go b/charts/stackstate/stackstate-k8s-agent/1.0.54/test/clustername_test.go deleted file mode 100644 index 55090b995..000000000 --- a/charts/stackstate/stackstate-k8s-agent/1.0.54/test/clustername_test.go +++ /dev/null @@ -1,54 +0,0 @@ -package test - -import ( - "testing" - - "github.com/gruntwork-io/terratest/modules/helm" - "github.com/stretchr/testify/assert" - - "gitlab.com/StackVista/DevOps/helm-charts/helmtestutil" -) - -func TestHelmBasicRender(t *testing.T) { - output := helmtestutil.RenderHelmTemplate(t, "stackstate-k8s-agent", "values/minimal.yaml") - - // Parse all resources into their corresponding types for validation and further inspection - helmtestutil.NewKubernetesResources(t, output) -} - -func TestClusterNameValidation(t *testing.T) { - testCases := []struct { - Name string - ClusterName string - IsValid bool - }{ - {"not allowed end with special character [.]", "name.", false}, - {"not allowed end with special character [-]", "name.", false}, - {"not allowed start with special character [-]", "-name", false}, - {"not allowed start with special character [.]", ".name", false}, - {"upper case is not allowed", "Euwest1-prod.cool-company.com", false}, - {"upper case is not allowed", "euwest1-PROD.cool-company.com", false}, - {"upper case is not allowed", "euwest1-prod.cool-company.coM", false}, - {"dots and dashes are allowed in the middle", "euwest1-prod.cool-company.com", true}, - {"underscore is not allowed", "why_7", false}, - } - - for _, testCase := range testCases { - t.Run(testCase.Name, func(t *testing.T) { - output, err := helmtestutil.RenderHelmTemplateOpts( - t, "cluster-agent", - &helm.Options{ - ValuesFiles: []string{"values/minimal.yaml"}, - SetStrValues: map[string]string{ - "stackstate.cluster.name": testCase.ClusterName, - }, - }) - if testCase.IsValid { - assert.Nil(t, err) - } else { - assert.NotNil(t, err) - assert.Contains(t, output, "stackstate.cluster.name: Does not match pattern") - } - }) - } -} diff --git a/charts/stackstate/stackstate-k8s-agent/1.0.54/test/values/clustercheck_ksm_custom_url.yaml b/charts/stackstate/stackstate-k8s-agent/1.0.54/test/values/clustercheck_ksm_custom_url.yaml deleted file mode 100644 index 57b973eed..000000000 --- a/charts/stackstate/stackstate-k8s-agent/1.0.54/test/values/clustercheck_ksm_custom_url.yaml +++ /dev/null @@ -1,7 +0,0 @@ -checksAgent: - enabled: true - kubeStateMetrics: - url: http://my-custom-ksm-url.monitoring.svc.local:8080/metrics -dependencies: - kubeStateMetrics: - enabled: true diff --git a/charts/stackstate/stackstate-k8s-agent/1.0.54/test/values/clustercheck_ksm_no_override.yaml b/charts/stackstate/stackstate-k8s-agent/1.0.54/test/values/clustercheck_ksm_no_override.yaml deleted file mode 100644 index b6c817d47..000000000 --- a/charts/stackstate/stackstate-k8s-agent/1.0.54/test/values/clustercheck_ksm_no_override.yaml +++ /dev/null @@ -1,5 +0,0 @@ -checksAgent: - enabled: true -dependencies: - kubeStateMetrics: - enabled: true diff --git a/charts/stackstate/stackstate-k8s-agent/1.0.54/test/values/clustercheck_ksm_override.yaml b/charts/stackstate/stackstate-k8s-agent/1.0.54/test/values/clustercheck_ksm_override.yaml deleted file mode 100644 index 9ca201345..000000000 --- a/charts/stackstate/stackstate-k8s-agent/1.0.54/test/values/clustercheck_ksm_override.yaml +++ /dev/null @@ -1,26 +0,0 @@ -checksAgent: - enabled: true -dependencies: - kubeStateMetrics: - enabled: true -agent: - config: - override: -# agent.config.override -- Disables kubernetes_state check on regular agent pods. - - name: auto_conf.yaml - path: /etc/stackstate-agent/conf.d/kubernetes_state.d - data: | -clusterAgent: - config: - override: -# clusterAgent.config.override -- Defines kubernetes_state check for clusterchecks agents. Auto-discovery -# with ad_identifiers does not work here. Use a specific URL instead. - - name: conf.yaml - path: /etc/stackstate-agent/conf.d/kubernetes_state.d - data: | - cluster_check: true - - init_config: - - instances: - - kube_state_url: http://YOUR_KUBE_STATE_METRICS_SERVICE_NAME:8080/metrics diff --git a/charts/stackstate/stackstate-k8s-agent/1.0.54/test/values/clustercheck_no_ksm_custom_url.yaml b/charts/stackstate/stackstate-k8s-agent/1.0.54/test/values/clustercheck_no_ksm_custom_url.yaml deleted file mode 100644 index a62691878..000000000 --- a/charts/stackstate/stackstate-k8s-agent/1.0.54/test/values/clustercheck_no_ksm_custom_url.yaml +++ /dev/null @@ -1,7 +0,0 @@ -checksAgent: - enabled: true - kubeStateMetrics: - url: http://my-custom-ksm-url.monitoring.svc.local:8080/metrics -dependencies: - kubeStateMetrics: - enabled: false diff --git a/charts/stackstate/stackstate-k8s-agent/1.0.54/test/values/clustercheck_service_port_override.yaml b/charts/stackstate/stackstate-k8s-agent/1.0.54/test/values/clustercheck_service_port_override.yaml deleted file mode 100644 index c01a98fcb..000000000 --- a/charts/stackstate/stackstate-k8s-agent/1.0.54/test/values/clustercheck_service_port_override.yaml +++ /dev/null @@ -1,4 +0,0 @@ -clusterAgent: - service: - port: 8008 - targetPort: 9009 diff --git a/charts/stackstate/stackstate-k8s-agent/1.0.54/test/values/disable-all-resource.yaml b/charts/stackstate/stackstate-k8s-agent/1.0.54/test/values/disable-all-resource.yaml deleted file mode 100644 index cd33e843e..000000000 --- a/charts/stackstate/stackstate-k8s-agent/1.0.54/test/values/disable-all-resource.yaml +++ /dev/null @@ -1,17 +0,0 @@ -clusterAgent: - collection: - kubernetesMetrics: false - kubernetesResources: - namespaces: false - configmaps: false - endpoints: false - persistentvolumes: false - persistentvolumeclaims: false - secrets: false - daemonsets: false - deployments: false - replicasets: false - statefulsets: false - ingresses: false - cronjobs: false - jobs: false diff --git a/charts/stackstate/stackstate-k8s-agent/1.0.54/test/values/http-header-injector.yaml b/charts/stackstate/stackstate-k8s-agent/1.0.54/test/values/http-header-injector.yaml deleted file mode 100644 index c9392ce2d..000000000 --- a/charts/stackstate/stackstate-k8s-agent/1.0.54/test/values/http-header-injector.yaml +++ /dev/null @@ -1,8 +0,0 @@ -httpHeaderInjectorWebhook: - webhook: - tls: - mode: "provided" - provided: - caBundle: insert-ca-here - crt: insert-cert-here - key: insert-key-here diff --git a/charts/stackstate/stackstate-k8s-agent/1.0.54/test/values/minimal.yaml b/charts/stackstate/stackstate-k8s-agent/1.0.54/test/values/minimal.yaml deleted file mode 100644 index b310c9a09..000000000 --- a/charts/stackstate/stackstate-k8s-agent/1.0.54/test/values/minimal.yaml +++ /dev/null @@ -1,7 +0,0 @@ -stackstate: - apiKey: foobar - cluster: - name: some-k8s-cluster - token: some-token - - url: https://stackstate:7000/receiver diff --git a/charts/stackstate/stackstate-k8s-agent/1.0.54/values.schema.json b/charts/stackstate/stackstate-k8s-agent/1.0.54/values.schema.json deleted file mode 100644 index 2b977af3d..000000000 --- a/charts/stackstate/stackstate-k8s-agent/1.0.54/values.schema.json +++ /dev/null @@ -1,79 +0,0 @@ -{ - "$schema": "https://json-schema.org/draft/2019-09/schema", - "$id": "https://stackstate.io/example.json", - "type": "object", - "default": {}, - "title": "StackState Agent Helm chart values", - "required": [ - "stackstate", - "clusterAgent" - ], - "properties": { - "stackstate": { - "type": "object", - "required": [ - "apiKey", - "cluster", - "url" - ], - "properties": { - "apiKey": { - "type": "string" - }, - "cluster": { - "type": "object", - "required": ["name"], - "properties": { - "name": { - "type": "string", - "pattern": "^[a-z0-9]([a-z0-9\\-\\.]*[a-z0-9])$" - }, - "authToken": { - "type": "string" - } - } - }, - "url": { - "type": "string" - } - } - }, - "clusterAgent": { - "type": "object", - "required": [ - "config" - ], - "properties": { - "config": { - "type": "object", - "required": [ - "events" - ], - "properties": { - "events": { - "type": "object", - "properties": { - "categories": { - "type": "object", - "patternProperties": { - ".*": { - "type": [ - "string" - ], - "enum": [ - "Alerts", - "Activities", - "Changes", - "Others" - ] - } - } - } - } - } - } - } - } - } - } -} diff --git a/charts/stackstate/stackstate-k8s-agent/1.0.54/values.yaml b/charts/stackstate/stackstate-k8s-agent/1.0.54/values.yaml deleted file mode 100644 index bac77a9e3..000000000 --- a/charts/stackstate/stackstate-k8s-agent/1.0.54/values.yaml +++ /dev/null @@ -1,553 +0,0 @@ -##################### -# General variables # -##################### - -global: - extraEnv: - # global.extraEnv.open -- Extra open environment variables to inject into pods. - open: {} - # global.extraEnv.secret -- Extra secret environment variables to inject into pods via a `Secret` object. - secret: {} - # global.imagePullSecrets -- Secrets / credentials needed for container image registry. - imagePullSecrets: [] - # global.imagePullCredentials -- Globally define credentials for pulling images. - imagePullCredentials: {} - -# nameOverride -- Override the name of the chart. -nameOverride: "" -# fullnameOverride -- Override the fullname of the chart. -fullnameOverride: "" - -# targetSystem -- Target OS for this deployment (possible values: linux) -targetSystem: "linux" - -all: - image: - # all.image.registry -- The image registry to use. - registry: "quay.io" - hardening: - # all.hardening.enabled -- An indication of whether the containers will be evaluated for hardening at runtime - enabled: false - -nodeAgent: - containerRuntime: - # nodeAgent.containerRuntime.customSocketPath -- If the container socket path does not match the default for CRI-O, Containerd or Docker, supply a custom socket path. - customSocketPath: "" - # nodeAgent.containerRuntime.customHostProc -- If the container is launched from a place where /proc is mounted differently, /proc can be changed - hostProc: /proc - - scc: - # nodeAgent.scc.enabled -- Enable / disable the installation of the SecurityContextConfiguration needed for installation on OpenShift. - enabled: false - apm: - # nodeAgent.apm.enabled -- Enable / disable the nodeAgent APM module. - enabled: true - networkTracing: - # nodeAgent.networkTracing.enabled -- Enable / disable the nodeAgent network tracing module. - enabled: true - protocolInspection: - # nodeAgent.protocolInspection.enabled -- Enable / disable the nodeAgent protocol inspection. - enabled: true - httpTracing: - enabled: true - # nodeAgent.skipSslValidation -- Set to true if self signed certificates are used. - skipSslValidation: false - # nodeAgent.skipKubeletTLSVerify -- Set to true if you want to skip kubelet tls verification. - skipKubeletTLSVerify: false - - # nodeAgent.checksTagCardinality -- low, orchestrator or high. Orchestrator level adds pod_name, high adds display_container_name - checksTagCardinality: orchestrator - - # nodeAgent.config -- - config: - # nodeAgent.config.override -- A list of objects containing three keys `name`, `path` and `data`, specifying filenames at specific paths which need to be (potentially) overridden using a mounted configmap - override: [] - - # nodeAgent.priorityClassName -- Priority class for nodeAgent pods. - priorityClassName: "" - - containers: - - agent: - image: - # nodeAgent.containers.agent.image.repository -- Base container image repository. - repository: stackstate/stackstate-k8s-agent - # nodeAgent.containers.agent.image.tag -- Default container image tag. - tag: "9af1b63f" - # nodeAgent.containers.agent.image.pullPolicy -- Default container image pull policy. - pullPolicy: IfNotPresent - processAgent: - # nodeAgent.containers.agent.processAgent.enabled -- Enable / disable the agent process agent module. - deprecated - enabled: false - # nodeAgent.containers.agent.env -- Additional environment variables for the agent container - env: {} - # nodeAgent.containers.agent.logLevel -- Set logging verbosity, valid log levels are: trace, debug, info, warn, error, critical, and off - ## If not set, fall back to the value of agent.logLevel. - logLevel: # INFO - - resources: - limits: - # nodeAgent.containers.agent.resources.limits.cpu -- CPU resource limits. - cpu: "270m" - # nodeAgent.containers.agent.resources.limits.cpu -- Memory resource limits. - memory: "420Mi" - requests: - # nodeAgent.containers.agent.resources.requests.cpu -- CPU resource requests. - cpu: "20m" - # nodeAgent.containers.agent.resources.requests.cpu -- Memory resource requests. - memory: "180Mi" - livenessProbe: - # nodeAgent.containers.agent.livenessProbe.enabled -- Enable use of livenessProbe check. - enabled: true - # nodeAgent.containers.agent.livenessProbe.failureThreshold -- `failureThreshold` for the liveness probe. - failureThreshold: 3 - # nodeAgent.containers.agent.livenessProbe.initialDelaySeconds -- `initialDelaySeconds` for the liveness probe. - initialDelaySeconds: 15 - # nodeAgent.containers.agent.livenessProbe.periodSeconds -- `periodSeconds` for the liveness probe. - periodSeconds: 15 - # nodeAgent.containers.agent.livenessProbe.successThreshold -- `successThreshold` for the liveness probe. - successThreshold: 1 - # nodeAgent.containers.agent.livenessProbe.timeoutSeconds -- `timeoutSeconds` for the liveness probe. - timeoutSeconds: 5 - readinessProbe: - # nodeAgent.containers.agent.readinessProbe.enabled -- Enable use of readinessProbe check. - enabled: true - # nodeAgent.containers.agent.readinessProbe.failureThreshold -- `failureThreshold` for the readiness probe. - failureThreshold: 3 - # nodeAgent.containers.agent.readinessProbe.initialDelaySeconds -- `initialDelaySeconds` for the readiness probe. - initialDelaySeconds: 15 - # nodeAgent.containers.agent.readinessProbe.periodSeconds -- `periodSeconds` for the readiness probe. - periodSeconds: 15 - # nodeAgent.containers.agent.readinessProbe.successThreshold -- `successThreshold` for the readiness probe. - successThreshold: 1 - # nodeAgent.containers.agent.readinessProbe.timeoutSeconds -- `timeoutSeconds` for the readiness probe. - timeoutSeconds: 5 - - processAgent: - # nodeAgent.containers.processAgent.enabled -- Enable / disable the process agent container. - enabled: true - image: - # Override to pull the image from an alternate registry - registry: - # nodeAgent.containers.processAgent.image.repository -- Process-agent container image repository. - repository: stackstate/stackstate-k8s-process-agent - # nodeAgent.containers.processAgent.image.tag -- Default process-agent container image tag. - tag: "160f79ee" - # nodeAgent.containers.processAgent.image.pullPolicy -- Process-agent container image pull policy. - pullPolicy: IfNotPresent - # nodeAgent.containers.processAgent.env -- Additional environment variables for the process-agent container - env: {} - # nodeAgent.containers.processAgent.logLevel -- Set logging verbosity, valid log levels are: trace, debug, info, warn, error, critical, and off - ## If not set, fall back to the value of agent.logLevel. - logLevel: # INFO - - resources: - limits: - # nodeAgent.containers.processAgent.resources.limits.cpu -- CPU resource limits. - cpu: "125m" - # nodeAgent.containers.processAgent.resources.limits.cpu -- Memory resource limits. - memory: "400Mi" - requests: - # nodeAgent.containers.processAgent.resources.requests.cpu -- CPU resource requests. - cpu: "25m" - # nodeAgent.containers.processAgent.resources.requests.cpu -- Memory resource requests. - memory: "128Mi" - # nodeAgent.service -- The Kubernetes service for the agent - service: - # nodeAgent.service.type -- Type of Kubernetes service: ClusterIP, LoadBalancer, NodePort - type: ClusterIP - # nodeAgent.service.annotations -- Annotations for the service - annotations: {} - # nodeAgent.service.loadBalancerSourceRanges -- The IP4 CIDR allowed to reach LoadBalancer for the service. For LoadBalancer type of service only. - loadBalancerSourceRanges: ["10.0.0.0/8"] - - # nodeAgent.logLevel -- Logging level for agent processes. - logLevel: INFO - - # nodeAgent.updateStrategy -- The update strategy for the DaemonSet object. - updateStrategy: - type: RollingUpdate - rollingUpdate: - maxUnavailable: 100 - - # nodeAgent.nodeSelector -- Node labels for pod assignment. - nodeSelector: {} - - # nodeAgent.tolerations -- Toleration labels for pod assignment. - tolerations: [] - - # nodeAgent.affinity -- Affinity settings for pod assignment. - affinity: {} - - serviceaccount: - # nodeAgent.serviceaccount.annotations -- Annotations for the service account for the agent daemonset pods - annotations: {} - -processAgent: - softMemoryLimit: - # processAgent.softMemoryLimit.goMemLimit -- Soft-limit for golang heap allocation, for sanity, must be around 85% of nodeAgent.containers.processAgent.resources.limits.cpu. - goMemLimit: 340MiB - # processAgent.softMemoryLimit.httpStatsBufferSize -- Sets a maximum for the number of http stats to keep in memory between check runs, to use 40k requires around ~400Mib of memory. - httpStatsBufferSize: 40000 - # processAgent.softMemoryLimit.httpObservationsBufferSize -- Sets a maximum for the number of http observations to keep in memory between check runs, to use 40k requires around ~400Mib of memory. - httpObservationsBufferSize: 40000 - - checkIntervals: - # processAgent.checkIntervals.container -- Override the default value of the container check interval in seconds. - container: 28 - # processAgent.checkIntervals.connections -- Override the default value of the connections check interval in seconds. - connections: 30 - # processAgent.checkIntervals.process -- Override the default value of the process check interval in seconds. - process: 32 - -clusterAgent: - collection: - # clusterAgent.collection.kubernetesEvents -- Enable / disable the cluster agent events collection. - kubernetesEvents: true - # clusterAgent.collection.kubernetesMetrics -- Enable / disable the cluster agent metrics collection. - kubernetesMetrics: true - # clusterAgent.collection.kubernetesTimeout -- Default timeout (in seconds) when obtaining information from the Kubernetes API. - kubernetesTimeout: 10 - # clusterAgent.collection.kubernetesTopology -- Enable / disable the cluster agent topology collection. - kubernetesTopology: true - kubeStateMetrics: - # clusterAgent.collection.kubeStateMetrics.enabled -- Enable / disable the cluster agent kube-state-metrics collection. - enabled: true - # clusterAgent.collection.kubeStateMetrics.clusterCheck -- For large clusters where the Kubernetes State Metrics Check Core needs to be distributed on dedicated workers. - clusterCheck: false - # clusterAgent.collection.kubeStateMetrics.labelsAsTags -- Extra labels to collect from resources and to turn into StackState tag. - ## It has the following structure: - ## labelsAsTags: - ## : # can be pod, deployment, node, etc. - ## : # where is the kubernetes label and is the StackState tag - ## : - ## : - ## : - ## - ## Warning: the label must match the transformation done by kube-state-metrics, - ## for example tags.stackstate/version becomes tags_stackstate_version. - labelsAsTags: {} - # pod: - # app: app - # node: - # zone: zone - # team: team - - # clusterAgent.collection.kubeStateMetrics.annotationsAsTags -- Extra annotations to collect from resources and to turn into StackState tag. - - ## It has the following structure: - ## annotationsAsTags: - ## : # can be pod, deployment, node, etc. - ## : # where is the kubernetes annotation and is the StackState tag - ## : - ## : - ## : - ## - ## Warning: the annotation must match the transformation done by kube-state-metrics, - ## for example tags.stackstate/version becomes tags_stackstate_version. - annotationsAsTags: {} - kubernetesResources: - # clusterAgent.collection.kubernetesResources.volumeattachments -- Enable / disable collection of Volume Attachments. Used to bind Nodes to Persistent Volumes. - volumeattachments: true - # clusterAgent.collection.kubernetesResources.namespaces -- Enable / disable collection of Namespaces. - namespaces: true - # clusterAgent.collection.kubernetesResources.configmaps -- Enable / disable collection of ConfigMaps. - configmaps: true - # clusterAgent.collection.kubernetesResources.endpoints -- Enable / disable collection of Endpoints. If endpoints are disabled then StackState won't be able to connect a Service to Pods that serving it - endpoints: true - # clusterAgent.collection.kubernetesResources.persistentvolumes -- Enable / disable collection of PersistentVolumes. - persistentvolumes: true - # clusterAgent.collection.kubernetesResources.persistentvolumeclaims -- Enable / disable collection of PersistentVolumeClaims. Disabling these will not let StackState connect PersistentVolumes to pods they are attached to - persistentvolumeclaims: true - # clusterAgent.collection.kubernetesResources.secrets -- Enable / disable collection of Secrets. - secrets: true - # clusterAgent.collection.kubernetesResources.daemonsets -- Enable / disable collection of DaemonSets. - daemonsets: true - # clusterAgent.collection.kubernetesResources.deployments -- Enable / disable collection of Deployments. - deployments: true - # clusterAgent.collection.kubernetesResources.replicasets -- Enable / disable collection of ReplicaSets. - replicasets: true - # clusterAgent.collection.kubernetesResources.statefulsets -- Enable / disable collection of StatefulSets. - statefulsets: true - # clusterAgent.collection.kubernetesResources.ingresses -- Enable / disable collection of Ingresses. - ingresses: true - # clusterAgent.collection.kubernetesResources.cronjobs -- Enable / disable collection of CronJobs. - cronjobs: true - # clusterAgent.collection.kubernetesResources.jobs -- Enable / disable collection of Jobs. - jobs: true - # clusterAgent.collection.kubernetesResources.resourcequotas -- Enable / disable collection of ResourceQuotas. - resourcequotas: true - - # clusterAgent.config -- - config: - events: - # clusterAgent.config.events.categories -- Custom mapping from Kubernetes event reason to StackState event category. Categories allowed: Alerts, Activities, Changes, Others - categories: {} - topology: - # clusterAgent.config.topology.collectionInterval -- Interval for running topology collection, in seconds - collectionInterval: 90 - configMap: - # clusterAgent.config.configMap.maxDataSize -- Maximum amount of characters for the data property of a ConfigMap collected by the kubernetes topology check - maxDataSize: - # clusterAgent.config.override -- A list of objects containing three keys `name`, `path` and `data`, specifying filenames at specific paths which need to be (potentially) overridden using a mounted configmap - override: [] - - service: - # clusterAgent.service.port -- Change the Cluster Agent service port - port: 5005 - # clusterAgent.service.targetPort -- Change the Cluster Agent service targetPort - targetPort: 5005 - - # clusterAgent.enabled -- Enable / disable the cluster agent. - enabled: true - - image: - # clusterAgent.image.repository -- Base container image repository. - repository: stackstate/stackstate-k8s-cluster-agent - # clusterAgent.image.tag -- Default container image tag. - tag: "9af1b63f" - # clusterAgent.image.pullPolicy -- Default container image pull policy. - pullPolicy: IfNotPresent - - livenessProbe: - # clusterAgent.livenessProbe.enabled -- Enable use of livenessProbe check. - enabled: true - # clusterAgent.livenessProbe.failureThreshold -- `failureThreshold` for the liveness probe. - failureThreshold: 3 - # clusterAgent.livenessProbe.initialDelaySeconds -- `initialDelaySeconds` for the liveness probe. - initialDelaySeconds: 15 - # clusterAgent.livenessProbe.periodSeconds -- `periodSeconds` for the liveness probe. - periodSeconds: 15 - # clusterAgent.livenessProbe.successThreshold -- `successThreshold` for the liveness probe. - successThreshold: 1 - # clusterAgent.livenessProbe.timeoutSeconds -- `timeoutSeconds` for the liveness probe. - timeoutSeconds: 5 - - # clusterAgent.logLevel -- Logging level for stackstate-k8s-agent processes. - logLevel: INFO - - # clusterAgent.priorityClassName -- Priority class for stackstate-k8s-agent pods. - priorityClassName: "" - - readinessProbe: - # clusterAgent.readinessProbe.enabled -- Enable use of readinessProbe check. - enabled: true - # clusterAgent.readinessProbe.failureThreshold -- `failureThreshold` for the readiness probe. - failureThreshold: 3 - # clusterAgent.readinessProbe.initialDelaySeconds -- `initialDelaySeconds` for the readiness probe. - initialDelaySeconds: 15 - # clusterAgent.readinessProbe.periodSeconds -- `periodSeconds` for the readiness probe. - periodSeconds: 15 - # clusterAgent.readinessProbe.successThreshold -- `successThreshold` for the readiness probe. - successThreshold: 1 - # clusterAgent.readinessProbe.timeoutSeconds -- `timeoutSeconds` for the readiness probe. - timeoutSeconds: 5 - - # clusterAgent.replicaCount -- Number of replicas of the cluster agent to deploy. - replicaCount: 1 - - serviceaccount: - # clusterAgent.serviceaccount.annotations -- Annotations for the service account for the cluster agent pods - annotations: {} - - # clusterAgent.strategy -- The strategy for the Deployment object. - strategy: - type: RollingUpdate - # rollingUpdate: - # maxUnavailable: 1 - - resources: - limits: - # clusterAgent.resources.limits.cpu -- CPU resource limits. - cpu: "400m" - # clusterAgent.resources.limits.memory -- Memory resource limits. - memory: "800Mi" - requests: - # clusterAgent.resources.requests.cpu -- CPU resource requests. - cpu: "70m" - # clusterAgent.resources.requests.memory -- Memory resource requests. - memory: "512Mi" - - # clusterAgent.nodeSelector -- Node labels for pod assignment. - nodeSelector: {} - - # clusterAgent.tolerations -- Toleration labels for pod assignment. - tolerations: [] - - # clusterAgent.affinity -- Affinity settings for pod assignment. - affinity: {} - -openShiftLogging: - # openShiftLogging.installSecret -- Install a secret for logging on openshift - installSecret: false - -logsAgent: - # logsAgent.enabled -- Enable / disable k8s pod log collection - enabled: true - - # logsAgent.priorityClassName -- Priority class for logsAgent pods. - priorityClassName: "" - - image: - # logsAgent.image.repository -- Base container image repository. - repository: stackstate/promtail - # logsAgent.image.tag -- Default container image tag. - tag: 2.7.1 - # logsAgent.image.pullPolicy -- Default container image pull policy. - pullPolicy: IfNotPresent - - resources: - limits: - # logsAgent.resources.limits.cpu -- CPU resource limits. - cpu: "1300m" - # logsAgent.resources.limits.cpu -- Memory resource limits. - memory: "192Mi" - requests: - # logsAgent.resources.requests.cpu -- CPU resource requests. - cpu: "20m" - # logsAgent.resources.requests.cpu -- Memory resource requests. - memory: "100Mi" - - # logsAgent.updateStrategy -- The update strategy for the DaemonSet object. - updateStrategy: - type: RollingUpdate - rollingUpdate: - maxUnavailable: 100 - - # logsAgent.nodeSelector -- Node labels for pod assignment. - nodeSelector: {} - - # logsAgent.tolerations -- Toleration labels for pod assignment. - tolerations: [] - - # logsAgent.affinity -- Affinity settings for pod assignment. - affinity: {} - - serviceaccount: - # logsAgent.serviceaccount.annotations -- Annotations for the service account for the daemonset pods - annotations: {} - -checksAgent: - # checksAgent.enabled -- Enable / disable runnning cluster checks in a separately deployed pod - enabled: true - scc: - # checksAgent.scc.enabled -- Enable / disable the installation of the SecurityContextConfiguration needed for installation on OpenShift - enabled: false - apm: - # checksAgent.apm.enabled -- Enable / disable the agent APM module. - enabled: true - networkTracing: - # checksAgent.networkTracing.enabled -- Enable / disable the agent network tracing module. - enabled: true - processAgent: - # checksAgent.processAgent.enabled -- Enable / disable the agent process agent module. - enabled: true - # checksAgent.skipSslValidation -- Set to true if self signed certificates are used. - skipSslValidation: false - - # nodeAgent.checksTagCardinality -- low, orchestrator or high. Orchestrator level adds pod_name, high adds display_container_name - checksTagCardinality: orchestrator - - # checksAgent.config -- - config: - # checksAgent.config.override -- A list of objects containing three keys `name`, `path` and `data`, specifying filenames at specific paths which need to be (potentially) overridden using a mounted configmap - override: [] - - image: - # checksAgent.image.repository -- Base container image repository. - repository: stackstate/stackstate-k8s-agent - # checksAgent.image.tag -- Default container image tag. - tag: "9af1b63f" - # checksAgent.image.pullPolicy -- Default container image pull policy. - pullPolicy: IfNotPresent - - livenessProbe: - # checksAgent.livenessProbe.enabled -- Enable use of livenessProbe check. - enabled: true - # checksAgent.livenessProbe.failureThreshold -- `failureThreshold` for the liveness probe. - failureThreshold: 3 - # checksAgent.livenessProbe.initialDelaySeconds -- `initialDelaySeconds` for the liveness probe. - initialDelaySeconds: 15 - # checksAgent.livenessProbe.periodSeconds -- `periodSeconds` for the liveness probe. - periodSeconds: 15 - # checksAgent.livenessProbe.successThreshold -- `successThreshold` for the liveness probe. - successThreshold: 1 - # checksAgent.livenessProbe.timeoutSeconds -- `timeoutSeconds` for the liveness probe. - timeoutSeconds: 5 - - # checksAgent.logLevel -- Logging level for clusterchecks agent processes. - logLevel: INFO - - # checksAgent.priorityClassName -- Priority class for clusterchecks agent pods. - priorityClassName: "" - - readinessProbe: - # checksAgent.readinessProbe.enabled -- Enable use of readinessProbe check. - enabled: true - # checksAgent.readinessProbe.failureThreshold -- `failureThreshold` for the readiness probe. - failureThreshold: 3 - # checksAgent.readinessProbe.initialDelaySeconds -- `initialDelaySeconds` for the readiness probe. - initialDelaySeconds: 15 - # checksAgent.readinessProbe.periodSeconds -- `periodSeconds` for the readiness probe. - periodSeconds: 15 - # checksAgent.readinessProbe.successThreshold -- `successThreshold` for the readiness probe. - successThreshold: 1 - # checksAgent.readinessProbe.timeoutSeconds -- `timeoutSeconds` for the readiness probe. - timeoutSeconds: 5 - - # checksAgent.replicas -- Number of clusterchecks agent pods to schedule - replicas: 1 - - resources: - limits: - # checksAgent.resources.limits.cpu -- CPU resource limits. - cpu: "400m" - # checksAgent.resources.limits.cpu -- Memory resource limits. - memory: "600Mi" - requests: - # checksAgent.resources.requests.cpu -- CPU resource requests. - cpu: "20m" - # checksAgent.resources.requests.cpu -- Memory resource requests. - memory: "512Mi" - - serviceaccount: - # checksAgent.serviceaccount.annotations -- Annotations for the service account for the cluster checks pods - annotations: {} - - # checksAgent.strategy -- The strategy for the Deployment object. - strategy: - type: RollingUpdate - # rollingUpdate: - # maxUnavailable: 1 - - # checksAgent.nodeSelector -- Node labels for pod assignment. - nodeSelector: {} - - # checksAgent.tolerations -- Toleration labels for pod assignment. - tolerations: [] - - # checksAgent.affinity -- Affinity settings for pod assignment. - affinity: {} - -################################## -# http-header-injector variables # -################################## - -httpHeaderInjectorWebhook: - # httpHeaderInjectorWebhook.enabled -- Enable the webhook for injection http header injection sidecar proxy - enabled: false - -######################## -# StackState variables # -######################## - -stackstate: - # stackstate.apiKey -- (string) **PROVIDE YOUR API KEY HERE** API key to be used by the StackState agent. - apiKey: - cluster: - # stackstate.cluster.name -- (string) **PROVIDE KUBERNETES CLUSTER NAME HERE** Name of the Kubernetes cluster where the agent will be installed. - name: - # stackstate.cluster.authToken -- Provide a token to enable secure communication between the agent and the cluster agent. - authToken: "" - # stackstate.url -- (string) **PROVIDE STACKSTATE URL HERE** URL of the StackState installation to receive data from the agent. - url: diff --git a/charts/stackstate/stackstate-k8s-agent/1.0.58/.helmignore b/charts/stackstate/stackstate-k8s-agent/1.0.58/.helmignore deleted file mode 100644 index 15a5c1277..000000000 --- a/charts/stackstate/stackstate-k8s-agent/1.0.58/.helmignore +++ /dev/null @@ -1,26 +0,0 @@ -# Patterns to ignore when building packages. -# This supports shell glob matching, relative path matching, and -# negation (prefixed with !). Only one pattern per line. -.DS_Store -# Common VCS dirs -.git/ -.gitignore -.bzr/ -.bzrignore -.hg/ -.hgignore -.svn/ -# Common backup files -*.swp -*.bak -*.tmp -*~ -# Various IDEs -.project -.idea/ -*.tmproj -.vscode/ -linter_values.yaml -ci/ -installation/ -logo.svg diff --git a/charts/stackstate/stackstate-k8s-agent/1.0.58/Chart.lock b/charts/stackstate/stackstate-k8s-agent/1.0.58/Chart.lock deleted file mode 100644 index eb882a083..000000000 --- a/charts/stackstate/stackstate-k8s-agent/1.0.58/Chart.lock +++ /dev/null @@ -1,6 +0,0 @@ -dependencies: -- name: http-header-injector - repository: https://helm.stackstate.io - version: 0.0.6 -digest: sha256:eec4d022d97ef52e88860b54682692fd369c864ca49ccde01b30605cce20c96f -generated: "2023-08-25T14:49:57.569449+02:00" diff --git a/charts/stackstate/stackstate-k8s-agent/1.0.58/Chart.yaml b/charts/stackstate/stackstate-k8s-agent/1.0.58/Chart.yaml deleted file mode 100644 index 5b879f157..000000000 --- a/charts/stackstate/stackstate-k8s-agent/1.0.58/Chart.yaml +++ /dev/null @@ -1,25 +0,0 @@ -annotations: - catalog.cattle.io/certified: partner - catalog.cattle.io/display-name: StackState Agent - catalog.cattle.io/kube-version: '>=1.19.0-0' - catalog.cattle.io/release-name: stackstate-k8s-agent -apiVersion: v2 -appVersion: 2.19.1 -dependencies: -- alias: httpHeaderInjectorWebhook - name: http-header-injector - repository: file://./charts/http-header-injector - version: 0.0.6 -deprecated: true -description: Helm chart for the StackState Agent. -home: https://github.com/StackVista/stackstate-agent -icon: https://raw.githubusercontent.com/StackVista/helm-charts/master/stable/stackstate-k8s-agent/logo.svg -keywords: -- monitoring -- observability -- stackstate -maintainers: -- email: ops@stackstate.com - name: Stackstate -name: stackstate-k8s-agent -version: 1.0.58 diff --git a/charts/stackstate/stackstate-k8s-agent/1.0.58/README.md b/charts/stackstate/stackstate-k8s-agent/1.0.58/README.md deleted file mode 100644 index 6929dc358..000000000 --- a/charts/stackstate/stackstate-k8s-agent/1.0.58/README.md +++ /dev/null @@ -1,247 +0,0 @@ -# stackstate-k8s-agent - -Helm chart for the StackState Agent. - -Current chart version is `1.0.58` - -**Homepage:** - -## Requirements - -| Repository | Name | Version | -|------------|------|---------| -| https://helm.stackstate.io | httpHeaderInjectorWebhook(http-header-injector) | 0.0.6 | - -## Required Values - -In order to successfully install this chart, you **must** provide the following variables: - -* `stackstate.apiKey` -* `stackstate.cluster.name` -* `stackstate.url` - -The parameter `stackstate.cluster.name` is entered when installing the Cluster Agent StackPack. - -Install them on the command line on Helm with the following command: - -```shell -helm install \ ---set-string 'stackstate.apiKey'='' \ ---set-string 'stackstate.cluster.name'='' \ ---set-string 'stackstate.url'='' \ -stackstate/stackstate-k8s-agent -``` - -## Recommended Values - -It is also recommended that you set a value for `stackstate.cluster.authToken`. If it is not provided, a value will be generated for you, but the value will change each time an upgrade is performed. - -The command for **also** installing with a set token would be: - -```shell -helm install \ ---set-string 'stackstate.apiKey'='' \ ---set-string 'stackstate.cluster.name'='' \ ---set-string 'stackstate.cluster.authToken'='' \ ---set-string 'stackstate.url'='' \ -stackstate/stackstate-k8s-agent -``` - -## Values - -| Key | Type | Default | Description | -|-----|------|---------|-------------| -| all.hardening.enabled | bool | `false` | An indication of whether the containers will be evaluated for hardening at runtime | -| all.image.registry | string | `"quay.io"` | The image registry to use. | -| checksAgent.affinity | object | `{}` | Affinity settings for pod assignment. | -| checksAgent.apm.enabled | bool | `true` | Enable / disable the agent APM module. | -| checksAgent.checksTagCardinality | string | `"orchestrator"` | | -| checksAgent.config | object | `{"override":[]}` | | -| checksAgent.config.override | list | `[]` | A list of objects containing three keys `name`, `path` and `data`, specifying filenames at specific paths which need to be (potentially) overridden using a mounted configmap | -| checksAgent.enabled | bool | `true` | Enable / disable runnning cluster checks in a separately deployed pod | -| checksAgent.image.pullPolicy | string | `"IfNotPresent"` | Default container image pull policy. | -| checksAgent.image.repository | string | `"stackstate/stackstate-k8s-agent"` | Base container image repository. | -| checksAgent.image.tag | string | `"9af1b63f"` | Default container image tag. | -| checksAgent.livenessProbe.enabled | bool | `true` | Enable use of livenessProbe check. | -| checksAgent.livenessProbe.failureThreshold | int | `3` | `failureThreshold` for the liveness probe. | -| checksAgent.livenessProbe.initialDelaySeconds | int | `15` | `initialDelaySeconds` for the liveness probe. | -| checksAgent.livenessProbe.periodSeconds | int | `15` | `periodSeconds` for the liveness probe. | -| checksAgent.livenessProbe.successThreshold | int | `1` | `successThreshold` for the liveness probe. | -| checksAgent.livenessProbe.timeoutSeconds | int | `5` | `timeoutSeconds` for the liveness probe. | -| checksAgent.logLevel | string | `"INFO"` | Logging level for clusterchecks agent processes. | -| checksAgent.networkTracing.enabled | bool | `true` | Enable / disable the agent network tracing module. | -| checksAgent.nodeSelector | object | `{}` | Node labels for pod assignment. | -| checksAgent.priorityClassName | string | `""` | Priority class for clusterchecks agent pods. | -| checksAgent.processAgent.enabled | bool | `true` | Enable / disable the agent process agent module. | -| checksAgent.readinessProbe.enabled | bool | `true` | Enable use of readinessProbe check. | -| checksAgent.readinessProbe.failureThreshold | int | `3` | `failureThreshold` for the readiness probe. | -| checksAgent.readinessProbe.initialDelaySeconds | int | `15` | `initialDelaySeconds` for the readiness probe. | -| checksAgent.readinessProbe.periodSeconds | int | `15` | `periodSeconds` for the readiness probe. | -| checksAgent.readinessProbe.successThreshold | int | `1` | `successThreshold` for the readiness probe. | -| checksAgent.readinessProbe.timeoutSeconds | int | `5` | `timeoutSeconds` for the readiness probe. | -| checksAgent.replicas | int | `1` | Number of clusterchecks agent pods to schedule | -| checksAgent.resources.limits.cpu | string | `"400m"` | Memory resource limits. | -| checksAgent.resources.limits.memory | string | `"600Mi"` | | -| checksAgent.resources.requests.cpu | string | `"20m"` | Memory resource requests. | -| checksAgent.resources.requests.memory | string | `"512Mi"` | | -| checksAgent.scc.enabled | bool | `false` | Enable / disable the installation of the SecurityContextConfiguration needed for installation on OpenShift | -| checksAgent.serviceaccount.annotations | object | `{}` | Annotations for the service account for the cluster checks pods | -| checksAgent.skipSslValidation | bool | `false` | Set to true if self signed certificates are used. | -| checksAgent.strategy | object | `{"type":"RollingUpdate"}` | The strategy for the Deployment object. | -| checksAgent.tolerations | list | `[]` | Toleration labels for pod assignment. | -| clusterAgent.affinity | object | `{}` | Affinity settings for pod assignment. | -| clusterAgent.collection.kubeStateMetrics.annotationsAsTags | object | `{}` | Extra annotations to collect from resources and to turn into StackState tag. | -| clusterAgent.collection.kubeStateMetrics.clusterCheck | bool | `false` | For large clusters where the Kubernetes State Metrics Check Core needs to be distributed on dedicated workers. | -| clusterAgent.collection.kubeStateMetrics.enabled | bool | `true` | Enable / disable the cluster agent kube-state-metrics collection. | -| clusterAgent.collection.kubeStateMetrics.labelsAsTags | object | `{}` | Extra labels to collect from resources and to turn into StackState tag. # It has the following structure: # labelsAsTags: # : # can be pod, deployment, node, etc. # : # where is the kubernetes label and is the StackState tag # : # : # : # # Warning: the label must match the transformation done by kube-state-metrics, # for example tags.stackstate/version becomes tags_stackstate_version. | -| clusterAgent.collection.kubernetesEvents | bool | `true` | Enable / disable the cluster agent events collection. | -| clusterAgent.collection.kubernetesMetrics | bool | `true` | Enable / disable the cluster agent metrics collection. | -| clusterAgent.collection.kubernetesResources.configmaps | bool | `true` | Enable / disable collection of ConfigMaps. | -| clusterAgent.collection.kubernetesResources.cronjobs | bool | `true` | Enable / disable collection of CronJobs. | -| clusterAgent.collection.kubernetesResources.daemonsets | bool | `true` | Enable / disable collection of DaemonSets. | -| clusterAgent.collection.kubernetesResources.deployments | bool | `true` | Enable / disable collection of Deployments. | -| clusterAgent.collection.kubernetesResources.endpoints | bool | `true` | Enable / disable collection of Endpoints. If endpoints are disabled then StackState won't be able to connect a Service to Pods that serving it | -| clusterAgent.collection.kubernetesResources.ingresses | bool | `true` | Enable / disable collection of Ingresses. | -| clusterAgent.collection.kubernetesResources.jobs | bool | `true` | Enable / disable collection of Jobs. | -| clusterAgent.collection.kubernetesResources.namespaces | bool | `true` | Enable / disable collection of Namespaces. | -| clusterAgent.collection.kubernetesResources.persistentvolumeclaims | bool | `true` | Enable / disable collection of PersistentVolumeClaims. Disabling these will not let StackState connect PersistentVolumes to pods they are attached to | -| clusterAgent.collection.kubernetesResources.persistentvolumes | bool | `true` | Enable / disable collection of PersistentVolumes. | -| clusterAgent.collection.kubernetesResources.replicasets | bool | `true` | Enable / disable collection of ReplicaSets. | -| clusterAgent.collection.kubernetesResources.resourcequotas | bool | `true` | Enable / disable collection of ResourceQuotas. | -| clusterAgent.collection.kubernetesResources.secrets | bool | `true` | Enable / disable collection of Secrets. | -| clusterAgent.collection.kubernetesResources.statefulsets | bool | `true` | Enable / disable collection of StatefulSets. | -| clusterAgent.collection.kubernetesResources.volumeattachments | bool | `true` | Enable / disable collection of Volume Attachments. Used to bind Nodes to Persistent Volumes. | -| clusterAgent.collection.kubernetesTimeout | int | `10` | Default timeout (in seconds) when obtaining information from the Kubernetes API. | -| clusterAgent.collection.kubernetesTopology | bool | `true` | Enable / disable the cluster agent topology collection. | -| clusterAgent.config | object | `{"configMap":{"maxDataSize":null},"events":{"categories":{}},"override":[],"topology":{"collectionInterval":90}}` | | -| clusterAgent.config.configMap.maxDataSize | string | `nil` | Maximum amount of characters for the data property of a ConfigMap collected by the kubernetes topology check | -| clusterAgent.config.events.categories | object | `{}` | Custom mapping from Kubernetes event reason to StackState event category. Categories allowed: Alerts, Activities, Changes, Others | -| clusterAgent.config.override | list | `[]` | A list of objects containing three keys `name`, `path` and `data`, specifying filenames at specific paths which need to be (potentially) overridden using a mounted configmap | -| clusterAgent.config.topology.collectionInterval | int | `90` | Interval for running topology collection, in seconds | -| clusterAgent.enabled | bool | `true` | Enable / disable the cluster agent. | -| clusterAgent.image.pullPolicy | string | `"IfNotPresent"` | Default container image pull policy. | -| clusterAgent.image.repository | string | `"stackstate/stackstate-k8s-cluster-agent"` | Base container image repository. | -| clusterAgent.image.tag | string | `"9af1b63f"` | Default container image tag. | -| clusterAgent.livenessProbe.enabled | bool | `true` | Enable use of livenessProbe check. | -| clusterAgent.livenessProbe.failureThreshold | int | `3` | `failureThreshold` for the liveness probe. | -| clusterAgent.livenessProbe.initialDelaySeconds | int | `15` | `initialDelaySeconds` for the liveness probe. | -| clusterAgent.livenessProbe.periodSeconds | int | `15` | `periodSeconds` for the liveness probe. | -| clusterAgent.livenessProbe.successThreshold | int | `1` | `successThreshold` for the liveness probe. | -| clusterAgent.livenessProbe.timeoutSeconds | int | `5` | `timeoutSeconds` for the liveness probe. | -| clusterAgent.logLevel | string | `"INFO"` | Logging level for stackstate-k8s-agent processes. | -| clusterAgent.nodeSelector | object | `{}` | Node labels for pod assignment. | -| clusterAgent.priorityClassName | string | `""` | Priority class for stackstate-k8s-agent pods. | -| clusterAgent.readinessProbe.enabled | bool | `true` | Enable use of readinessProbe check. | -| clusterAgent.readinessProbe.failureThreshold | int | `3` | `failureThreshold` for the readiness probe. | -| clusterAgent.readinessProbe.initialDelaySeconds | int | `15` | `initialDelaySeconds` for the readiness probe. | -| clusterAgent.readinessProbe.periodSeconds | int | `15` | `periodSeconds` for the readiness probe. | -| clusterAgent.readinessProbe.successThreshold | int | `1` | `successThreshold` for the readiness probe. | -| clusterAgent.readinessProbe.timeoutSeconds | int | `5` | `timeoutSeconds` for the readiness probe. | -| clusterAgent.replicaCount | int | `1` | Number of replicas of the cluster agent to deploy. | -| clusterAgent.resources.limits.cpu | string | `"400m"` | CPU resource limits. | -| clusterAgent.resources.limits.memory | string | `"800Mi"` | Memory resource limits. | -| clusterAgent.resources.requests.cpu | string | `"70m"` | CPU resource requests. | -| clusterAgent.resources.requests.memory | string | `"512Mi"` | Memory resource requests. | -| clusterAgent.service.port | int | `5005` | Change the Cluster Agent service port | -| clusterAgent.service.targetPort | int | `5005` | Change the Cluster Agent service targetPort | -| clusterAgent.serviceaccount.annotations | object | `{}` | Annotations for the service account for the cluster agent pods | -| clusterAgent.strategy | object | `{"type":"RollingUpdate"}` | The strategy for the Deployment object. | -| clusterAgent.tolerations | list | `[]` | Toleration labels for pod assignment. | -| fullnameOverride | string | `""` | Override the fullname of the chart. | -| global.extraEnv.open | object | `{}` | Extra open environment variables to inject into pods. | -| global.extraEnv.secret | object | `{}` | Extra secret environment variables to inject into pods via a `Secret` object. | -| global.imagePullCredentials | object | `{}` | Globally define credentials for pulling images. | -| global.imagePullSecrets | list | `[]` | Secrets / credentials needed for container image registry. | -| httpHeaderInjectorWebhook.enabled | bool | `false` | Enable the webhook for injection http header injection sidecar proxy | -| logsAgent.affinity | object | `{}` | Affinity settings for pod assignment. | -| logsAgent.enabled | bool | `true` | Enable / disable k8s pod log collection | -| logsAgent.image.pullPolicy | string | `"IfNotPresent"` | Default container image pull policy. | -| logsAgent.image.repository | string | `"stackstate/promtail"` | Base container image repository. | -| logsAgent.image.tag | string | `"2.7.1"` | Default container image tag. | -| logsAgent.nodeSelector | object | `{}` | Node labels for pod assignment. | -| logsAgent.priorityClassName | string | `""` | Priority class for logsAgent pods. | -| logsAgent.resources.limits.cpu | string | `"1300m"` | Memory resource limits. | -| logsAgent.resources.limits.memory | string | `"192Mi"` | | -| logsAgent.resources.requests.cpu | string | `"20m"` | Memory resource requests. | -| logsAgent.resources.requests.memory | string | `"100Mi"` | | -| logsAgent.serviceaccount.annotations | object | `{}` | Annotations for the service account for the daemonset pods | -| logsAgent.tolerations | list | `[]` | Toleration labels for pod assignment. | -| logsAgent.updateStrategy | object | `{"rollingUpdate":{"maxUnavailable":100},"type":"RollingUpdate"}` | The update strategy for the DaemonSet object. | -| nameOverride | string | `""` | Override the name of the chart. | -| nodeAgent.affinity | object | `{}` | Affinity settings for pod assignment. | -| nodeAgent.apm.enabled | bool | `true` | Enable / disable the nodeAgent APM module. | -| nodeAgent.autoScalingEnabled | bool | `false` | Enable / disable autoscaling for the node agent pods. | -| nodeAgent.checksTagCardinality | string | `"orchestrator"` | low, orchestrator or high. Orchestrator level adds pod_name, high adds display_container_name | -| nodeAgent.config | object | `{"override":[]}` | | -| nodeAgent.config.override | list | `[]` | A list of objects containing three keys `name`, `path` and `data`, specifying filenames at specific paths which need to be (potentially) overridden using a mounted configmap | -| nodeAgent.containerRuntime.customSocketPath | string | `""` | If the container socket path does not match the default for CRI-O, Containerd or Docker, supply a custom socket path. | -| nodeAgent.containerRuntime.hostProc | string | `"/proc"` | | -| nodeAgent.containers.agent.env | object | `{}` | Additional environment variables for the agent container | -| nodeAgent.containers.agent.image.pullPolicy | string | `"IfNotPresent"` | Default container image pull policy. | -| nodeAgent.containers.agent.image.repository | string | `"stackstate/stackstate-k8s-agent"` | Base container image repository. | -| nodeAgent.containers.agent.image.tag | string | `"9af1b63f"` | Default container image tag. | -| nodeAgent.containers.agent.livenessProbe.enabled | bool | `true` | Enable use of livenessProbe check. | -| nodeAgent.containers.agent.livenessProbe.failureThreshold | int | `3` | `failureThreshold` for the liveness probe. | -| nodeAgent.containers.agent.livenessProbe.initialDelaySeconds | int | `15` | `initialDelaySeconds` for the liveness probe. | -| nodeAgent.containers.agent.livenessProbe.periodSeconds | int | `15` | `periodSeconds` for the liveness probe. | -| nodeAgent.containers.agent.livenessProbe.successThreshold | int | `1` | `successThreshold` for the liveness probe. | -| nodeAgent.containers.agent.livenessProbe.timeoutSeconds | int | `5` | `timeoutSeconds` for the liveness probe. | -| nodeAgent.containers.agent.logLevel | string | `nil` | Set logging verbosity, valid log levels are: trace, debug, info, warn, error, critical, and off # If not set, fall back to the value of agent.logLevel. | -| nodeAgent.containers.agent.processAgent.enabled | bool | `false` | Enable / disable the agent process agent module. - deprecated | -| nodeAgent.containers.agent.readinessProbe.enabled | bool | `true` | Enable use of readinessProbe check. | -| nodeAgent.containers.agent.readinessProbe.failureThreshold | int | `3` | `failureThreshold` for the readiness probe. | -| nodeAgent.containers.agent.readinessProbe.initialDelaySeconds | int | `15` | `initialDelaySeconds` for the readiness probe. | -| nodeAgent.containers.agent.readinessProbe.periodSeconds | int | `15` | `periodSeconds` for the readiness probe. | -| nodeAgent.containers.agent.readinessProbe.successThreshold | int | `1` | `successThreshold` for the readiness probe. | -| nodeAgent.containers.agent.readinessProbe.timeoutSeconds | int | `5` | `timeoutSeconds` for the readiness probe. | -| nodeAgent.containers.agent.resources.limits.cpu | string | `"270m"` | Memory resource limits. | -| nodeAgent.containers.agent.resources.limits.memory | string | `"420Mi"` | | -| nodeAgent.containers.agent.resources.requests.cpu | string | `"20m"` | Memory resource requests. | -| nodeAgent.containers.agent.resources.requests.memory | string | `"180Mi"` | | -| nodeAgent.containers.processAgent.enabled | bool | `true` | Enable / disable the process agent container. | -| nodeAgent.containers.processAgent.env | object | `{}` | Additional environment variables for the process-agent container | -| nodeAgent.containers.processAgent.image.pullPolicy | string | `"IfNotPresent"` | Process-agent container image pull policy. | -| nodeAgent.containers.processAgent.image.registry | string | `nil` | | -| nodeAgent.containers.processAgent.image.repository | string | `"stackstate/stackstate-k8s-process-agent"` | Process-agent container image repository. | -| nodeAgent.containers.processAgent.image.tag | string | `"160f79ee"` | Default process-agent container image tag. | -| nodeAgent.containers.processAgent.logLevel | string | `nil` | Set logging verbosity, valid log levels are: trace, debug, info, warn, error, critical, and off # If not set, fall back to the value of agent.logLevel. | -| nodeAgent.containers.processAgent.resources.limits.cpu | string | `"125m"` | Memory resource limits. | -| nodeAgent.containers.processAgent.resources.limits.memory | string | `"400Mi"` | | -| nodeAgent.containers.processAgent.resources.requests.cpu | string | `"25m"` | Memory resource requests. | -| nodeAgent.containers.processAgent.resources.requests.memory | string | `"128Mi"` | | -| nodeAgent.httpTracing.enabled | bool | `true` | | -| nodeAgent.logLevel | string | `"INFO"` | Logging level for agent processes. | -| nodeAgent.networkTracing.enabled | bool | `true` | Enable / disable the nodeAgent network tracing module. | -| nodeAgent.nodeSelector | object | `{}` | Node labels for pod assignment. | -| nodeAgent.priorityClassName | string | `""` | Priority class for nodeAgent pods. | -| nodeAgent.protocolInspection.enabled | bool | `true` | Enable / disable the nodeAgent protocol inspection. | -| nodeAgent.scaling.autoscalerLimits.agent.maximum.cpu | string | `"500m"` | Maximum CPU resource limits for main agent. | -| nodeAgent.scaling.autoscalerLimits.agent.maximum.memory | string | `"750Mi"` | Maximum memory resource limits for main agent. | -| nodeAgent.scaling.autoscalerLimits.agent.minimum.cpu | string | `"20m"` | Minimum CPU resource limits for main agent. | -| nodeAgent.scaling.autoscalerLimits.agent.minimum.memory | string | `"180Mi"` | Minimum memory resource limits for main agent. | -| nodeAgent.scaling.autoscalerLimits.processAgent.maximum.cpu | string | `"1000m"` | Maximum CPU resource limits for process agent. | -| nodeAgent.scaling.autoscalerLimits.processAgent.maximum.memory | string | `"1500Mi"` | Maximum memory resource limits for process agent. | -| nodeAgent.scaling.autoscalerLimits.processAgent.minimum.cpu | string | `"25m"` | Minimum CPU resource limits for process agent. | -| nodeAgent.scaling.autoscalerLimits.processAgent.minimum.memory | string | `"100Mi"` | Minimum memory resource limits for process agent. | -| nodeAgent.scc.enabled | bool | `false` | Enable / disable the installation of the SecurityContextConfiguration needed for installation on OpenShift. | -| nodeAgent.service | object | `{"annotations":{},"loadBalancerSourceRanges":["10.0.0.0/8"],"type":"ClusterIP"}` | The Kubernetes service for the agent | -| nodeAgent.service.annotations | object | `{}` | Annotations for the service | -| nodeAgent.service.loadBalancerSourceRanges | list | `["10.0.0.0/8"]` | The IP4 CIDR allowed to reach LoadBalancer for the service. For LoadBalancer type of service only. | -| nodeAgent.service.type | string | `"ClusterIP"` | Type of Kubernetes service: ClusterIP, LoadBalancer, NodePort | -| nodeAgent.serviceaccount.annotations | object | `{}` | Annotations for the service account for the agent daemonset pods | -| nodeAgent.skipKubeletTLSVerify | bool | `false` | Set to true if you want to skip kubelet tls verification. | -| nodeAgent.skipSslValidation | bool | `false` | Set to true if self signed certificates are used. | -| nodeAgent.tolerations | list | `[]` | Toleration labels for pod assignment. | -| nodeAgent.updateStrategy | object | `{"rollingUpdate":{"maxUnavailable":100},"type":"RollingUpdate"}` | The update strategy for the DaemonSet object. | -| openShiftLogging.installSecret | bool | `false` | Install a secret for logging on openshift | -| processAgent.checkIntervals.connections | int | `30` | Override the default value of the connections check interval in seconds. | -| processAgent.checkIntervals.container | int | `28` | Override the default value of the container check interval in seconds. | -| processAgent.checkIntervals.process | int | `32` | Override the default value of the process check interval in seconds. | -| processAgent.softMemoryLimit.goMemLimit | string | `"340MiB"` | Soft-limit for golang heap allocation, for sanity, must be around 85% of nodeAgent.containers.processAgent.resources.limits.cpu. | -| processAgent.softMemoryLimit.httpObservationsBufferSize | int | `40000` | Sets a maximum for the number of http observations to keep in memory between check runs, to use 40k requires around ~400Mib of memory. | -| processAgent.softMemoryLimit.httpStatsBufferSize | int | `40000` | Sets a maximum for the number of http stats to keep in memory between check runs, to use 40k requires around ~400Mib of memory. | -| stackstate.apiKey | string | `nil` | **PROVIDE YOUR API KEY HERE** API key to be used by the StackState agent. | -| stackstate.cluster.authToken | string | `""` | Provide a token to enable secure communication between the agent and the cluster agent. | -| stackstate.cluster.name | string | `nil` | **PROVIDE KUBERNETES CLUSTER NAME HERE** Name of the Kubernetes cluster where the agent will be installed. | -| stackstate.url | string | `nil` | **PROVIDE STACKSTATE URL HERE** URL of the StackState installation to receive data from the agent. | -| targetSystem | string | `"linux"` | Target OS for this deployment (possible values: linux) | diff --git a/charts/stackstate/stackstate-k8s-agent/1.0.58/README.md.gotmpl b/charts/stackstate/stackstate-k8s-agent/1.0.58/README.md.gotmpl deleted file mode 100644 index 7909e6f0d..000000000 --- a/charts/stackstate/stackstate-k8s-agent/1.0.58/README.md.gotmpl +++ /dev/null @@ -1,45 +0,0 @@ -{{ template "chart.header" . }} -{{ template "chart.description" . }} - -Current chart version is `{{ template "chart.version" . }}` - -{{ template "chart.homepageLine" . }} - -{{ template "chart.requirementsSection" . }} - -## Required Values - -In order to successfully install this chart, you **must** provide the following variables: - -* `stackstate.apiKey` -* `stackstate.cluster.name` -* `stackstate.url` - -The parameter `stackstate.cluster.name` is entered when installing the Cluster Agent StackPack. - -Install them on the command line on Helm with the following command: - -```shell -helm install \ ---set-string 'stackstate.apiKey'='' \ ---set-string 'stackstate.cluster.name'='' \ ---set-string 'stackstate.url'='' \ -stackstate/stackstate-k8s-agent -``` - -## Recommended Values - -It is also recommended that you set a value for `stackstate.cluster.authToken`. If it is not provided, a value will be generated for you, but the value will change each time an upgrade is performed. - -The command for **also** installing with a set token would be: - -```shell -helm install \ ---set-string 'stackstate.apiKey'='' \ ---set-string 'stackstate.cluster.name'='' \ ---set-string 'stackstate.cluster.authToken'='' \ ---set-string 'stackstate.url'='' \ -stackstate/stackstate-k8s-agent -``` - -{{ template "chart.valuesSection" . }} diff --git a/charts/stackstate/stackstate-k8s-agent/1.0.58/Releasing.md b/charts/stackstate/stackstate-k8s-agent/1.0.58/Releasing.md deleted file mode 100644 index bab6c2b94..000000000 --- a/charts/stackstate/stackstate-k8s-agent/1.0.58/Releasing.md +++ /dev/null @@ -1,15 +0,0 @@ -To make a new release of this helm chart, follow the following steps: - - -- Create a branch from master -- Set the latest tags for the docker images, based on the dev settings (while we do not promote to prod, the moment we promote to prod we should take those tags) from https://gitlab.com/stackvista/devops/agent-promoter/-/blob/master/config.yml. Set the value to the folowing keys: - * stackstate-k8s-cluster-agent: - * [clusterAgent.image.tag] - * stackstate-k8s-agent: - * [nodeAgent.containers.agent.image.tag] - * [checksAgent.image.tag] - * stackstate-k8s-process-agent: - * [nodeAgent.containers.processAgent.image.tag] -- Bump the version of the chart -- Merge the mr and hit the public release button on the ci pipeline -- Manually smoke-test (deploy) the newly released stackstate/stackstate-k8s-agent chart to make sure it runs diff --git a/charts/stackstate/stackstate-k8s-agent/1.0.58/app-readme.md b/charts/stackstate/stackstate-k8s-agent/1.0.58/app-readme.md deleted file mode 100644 index 8025fe1d3..000000000 --- a/charts/stackstate/stackstate-k8s-agent/1.0.58/app-readme.md +++ /dev/null @@ -1,5 +0,0 @@ -## Introduction - -StackState is a modern Application Troubleshooting and Observability solution designed for the rapid evolving engineering landscape. With specific enhancements for Kubernetes environments it empowers engineers, allowing them to remediate application issues independently in production. - -The StackState Agent auto-discovers your entire environment in minutes, assimilating topology, logs, metrics, and events and sends this of to the StackState server. By using StackState you're able to tracke all activity in your environment in real-time and over time. StackState provides instant understanding of the business impact of an issue, offering end-to-end chain observability and ensuring that you can quickly correlate any product or environmental changes to the overall health of your cloud-native implementation. diff --git a/charts/stackstate/stackstate-k8s-agent/1.0.58/charts/http-header-injector/.helmignore b/charts/stackstate/stackstate-k8s-agent/1.0.58/charts/http-header-injector/.helmignore deleted file mode 100644 index 69790771c..000000000 --- a/charts/stackstate/stackstate-k8s-agent/1.0.58/charts/http-header-injector/.helmignore +++ /dev/null @@ -1,25 +0,0 @@ -# Patterns to ignore when building packages. -# This supports shell glob matching, relative path matching, and -# negation (prefixed with !). Only one pattern per line. -.DS_Store -# Common VCS dirs -.git/ -.gitignore -.bzr/ -.bzrignore -.hg/ -.hgignore -.svn/ -# Common backup files -*.swp -*.bak -*.tmp -*~ -# Various IDEs -.project -.idea/ -*.tmproj -.vscode/ -linter_values.yaml -ci/ -installation/ diff --git a/charts/stackstate/stackstate-k8s-agent/1.0.58/charts/http-header-injector/Chart.yaml b/charts/stackstate/stackstate-k8s-agent/1.0.58/charts/http-header-injector/Chart.yaml deleted file mode 100644 index c1f1de800..000000000 --- a/charts/stackstate/stackstate-k8s-agent/1.0.58/charts/http-header-injector/Chart.yaml +++ /dev/null @@ -1,15 +0,0 @@ -apiVersion: v2 -appVersion: 0.0.1 -description: 'Helm chart for deploying the http-header-injector sidecar, which automatically - injects x-request-id into http traffic going through the cluster for pods which - have the annotation `http-header-injector.stackstate.io/inject: enabled` is set. ' -home: https://github.com/StackVista/http-header-injector -icon: https://www.stackstate.com/wp-content/uploads/2019/02/152x152-favicon.png -keywords: -- monitoring -- stackstate -maintainers: -- email: ops@stackstate.com - name: Stackstate Lupulus Team -name: http-header-injector -version: 0.0.6 diff --git a/charts/stackstate/stackstate-k8s-agent/1.0.58/charts/http-header-injector/README.md b/charts/stackstate/stackstate-k8s-agent/1.0.58/charts/http-header-injector/README.md deleted file mode 100644 index 3f83e01b8..000000000 --- a/charts/stackstate/stackstate-k8s-agent/1.0.58/charts/http-header-injector/README.md +++ /dev/null @@ -1,54 +0,0 @@ -# http-header-injector - -![Version: 0.0.6](https://img.shields.io/badge/Version-0.0.6-informational?style=flat-square) ![AppVersion: 0.0.1](https://img.shields.io/badge/AppVersion-0.0.1-informational?style=flat-square) - -Helm chart for deploying the http-header-injector sidecar, which automatically injects x-request-id into http traffic -going through the cluster for pods which have the annotation `http-header-injector.stackstate.io/inject: enabled` is set. - -**Homepage:** - -## Maintainers - -| Name | Email | Url | -| ---- | ------ | --- | -| Stackstate Lupulus Team | | | - -## Values - -| Key | Type | Default | Description | -|-----|------|---------|-------------| -| certificatePrehook | object | `{"image":{"pullPolicy":"IfNotPresent","registry":null,"repository":"stackstate/container-tools","tag":"1.1.8"}}` | Helm prehook to setup/remove a certificate for the sidecarInjector mutationwebhook | -| certificatePrehook.image.pullPolicy | string | `"IfNotPresent"` | Policy when pulling an image | -| certificatePrehook.image.registry | string | `nil` | Registry for the docker image. | -| certificatePrehook.image.tag | string | `"1.1.8"` | The tag for the docker image | -| debug | bool | `false` | Enable debugging. This will leave leave artifacts around like the prehook jobs for further inspection | -| enabled | bool | `true` | Enable/disable the mutationwebhook | -| global.imagePullCredentials | object | `{}` | Globally define credentials for pulling images. | -| global.imagePullSecrets | list | `[]` | Globally add image pull secrets that are used. | -| global.imageRegistry | string | `nil` | Globally override the image registry that is used. Can be overridden by specific containers. Defaults to quay.io | -| images.pullSecretName | string | `nil` | | -| proxy | object | `{"image":{"pullPolicy":"IfNotPresent","registry":null,"repository":"stackstate/http-header-injector-proxy","tag":"sha-5ff79451"},"resources":{"limits":{"memory":"40Mi"},"requests":{"memory":"25Mi"}}}` | Proxy being injected into pods for rewriting http headers | -| proxy.image.pullPolicy | string | `"IfNotPresent"` | Policy when pulling an image | -| proxy.image.registry | string | `nil` | Registry for the docker image. | -| proxy.image.tag | string | `"sha-5ff79451"` | The tag for the docker image | -| proxy.resources.limits.memory | string | `"40Mi"` | Memory resource limits. | -| proxy.resources.requests.memory | string | `"25Mi"` | Memory resource requests. | -| proxyInit | object | `{"image":{"pullPolicy":"IfNotPresent","registry":null,"repository":"stackstate/http-header-injector-proxy-init","tag":"sha-5ff79451"}}` | InitContainer within pod which redirects traffic to the proxy container. | -| proxyInit.image.pullPolicy | string | `"IfNotPresent"` | Policy when pulling an image | -| proxyInit.image.registry | string | `nil` | Registry for the docker image | -| proxyInit.image.tag | string | `"sha-5ff79451"` | The tag for the docker image | -| sidecarInjector | object | `{"image":{"pullPolicy":"IfNotPresent","registry":null,"repository":"stackstate/generic-sidecar-injector","tag":"sha-9c852245"}}` | Service for injecting the proxy sidecar into pods | -| sidecarInjector.image.pullPolicy | string | `"IfNotPresent"` | Policy when pulling an image | -| sidecarInjector.image.registry | string | `nil` | Registry for the docker image. | -| sidecarInjector.image.tag | string | `"sha-9c852245"` | The tag for the docker image | -| webhook | object | `{"failurePolicy":"Ignore","tls":{"certManager":{"issuer":"","issuerKind":"ClusterIssuer","issuerNamespace":""},"mode":"generated","provided":{"caBundle":"","crt":"","key":""},"secret":{"name":""}}}` | MutationWebhook that will be installed to inject a sidecar into pods | -| webhook.failurePolicy | string | `"Ignore"` | How should the webhook fail? Best is to use Ignore, because there is a brief moment at initialization when the hook s there but the service not. Also, putting this to fail can cause the control plane be unresponsive. | -| webhook.tls.certManager.issuer | string | `""` | The issuer that is used for the webhook. Only used if you set webhook.tls.mode to "cert-manager". | -| webhook.tls.certManager.issuerKind | string | `"ClusterIssuer"` | The issuer kind that is used for the webhook, valid values are "Issuer" or "ClusterIssuer". Only used if you set webhook.tls.mode to "cert-manager". | -| webhook.tls.certManager.issuerNamespace | string | `""` | The namespace the cert-manager issuer is located in. If left empty defaults to the release's namespace that is used for the webhook. Only used if you set webhook.tls.mode to "cert-manager". | -| webhook.tls.mode | string | `"generated"` | The mode for the webhook. Can be "provided", "generated", "secret" or "cert-manager". If you want to use cert-manager, you need to install it first. NOTE: If you choose "generated", additional privileges are required to create the certificate and webhook at runtime. | -| webhook.tls.provided.caBundle | string | `""` | The caBundle that is used for the webhook. This is the certificate that is used to sign the webhook. Only used if you set webhook.tls.mode to "provided". | -| webhook.tls.provided.crt | string | `""` | The certificate that is used for the webhook. Only used if you set webhook.tls.mode to "provided". | -| webhook.tls.provided.key | string | `""` | The key that is used for the webhook. Only used if you set webhook.tls.mode to "provided". | -| webhook.tls.secret.name | string | `""` | The name of the secret containing the pre-provisioned certificate data that is used for the webhook. Only used if you set webhook.tls.mode to "secret". | - diff --git a/charts/stackstate/stackstate-k8s-agent/1.0.58/charts/http-header-injector/Readme.md.gotpl b/charts/stackstate/stackstate-k8s-agent/1.0.58/charts/http-header-injector/Readme.md.gotpl deleted file mode 100644 index 225032aa2..000000000 --- a/charts/stackstate/stackstate-k8s-agent/1.0.58/charts/http-header-injector/Readme.md.gotpl +++ /dev/null @@ -1,26 +0,0 @@ -{{ template "chart.header" . }} -{{ template "chart.description" . }} - -Current chart version is `{{ template "chart.version" . }}` - -{{ template "chart.homepageLine" . }} - -{{ template "chart.requirementsSection" . }} - -## Required Values - -No values have to be included to install this chart. After installing this chart, it becomes possible to annotate pods with -the `http-header-injector.stackstate.io/inject: enabled` annotation to make sure the sidecar provided by this chart is -activated on a pod. - -## Recommended Values - -{{ template "chart.valuesSection" . -}} - -## Install - -Install from the command line on Helm with the following command: - -```shell -helm install stackstate/http-header-injector -``` diff --git a/charts/stackstate/stackstate-k8s-agent/1.0.58/charts/http-header-injector/templates/_defines.tpl b/charts/stackstate/stackstate-k8s-agent/1.0.58/charts/http-header-injector/templates/_defines.tpl deleted file mode 100644 index f1b8b8872..000000000 --- a/charts/stackstate/stackstate-k8s-agent/1.0.58/charts/http-header-injector/templates/_defines.tpl +++ /dev/null @@ -1,82 +0,0 @@ -{{- define "http-header-injector.app.name" -}} -{{ .Release.Name }}-http-header-injector -{{- end -}} - -{{- define "http-header-injector.webhook-service.name" -}} -{{ .Release.Name }}-http-header-injector -{{- end -}} - -{{- define "http-header-injector.webhook-service.fqname" -}} -{{ .Release.Name }}-http-header-injector.{{ .Release.Namespace }}.svc -{{- end -}} - -{{- define "http-header-injector.cert-secret.name" -}} -{{- if eq .Values.webhook.tls.mode "secret" -}} -{{ .Values.webhook.tls.secret.name }} -{{- else -}} -{{ .Release.Name }}-http-injector-cert -{{- end -}} -{{- end -}} - -{{- define "http-header-injector.cert-clusterrole.name" -}} -{{ .Release.Name }}-http-injector-cert-cluster-role -{{- end -}} - -{{- define "http-header-injector.cert-serviceaccount.name" -}} -{{ .Release.Name }}-http-injector-cert-sa -{{- end -}} - -{{- define "http-header-injector.cert-config.name" -}} -{{ .Release.Name }}-cert-config -{{- end -}} - -{{- define "http-header-injector.mutatingwebhookconfiguration.name" -}} -{{ .Release.Name }}-http-header-injector-webhook.stackstate.io -{{- end -}} - -{{- define "http-header-injector.webhook-config.name" -}} -{{ .Release.Name }}-http-header-injector-config -{{- end -}} - -{{- define "http-header-injector.mutating-webhook.name" -}} -{{ .Release.Name }}-http-header-injector-webhook -{{- end -}} - -{{- define "http-header-injector.pull-secret.name" -}} -{{ include "http-header-injector.app.name" . }}-pull-secret -{{- end -}} - -{{/* If the issuer is located in a different namespace, it is possible to set that, else default to the release namespace */}} -{{- define "cert-manager.certificate.namespace" -}} -{{ .Values.webhook.tls.certManager.issuerNamespace | default .Release.Namespace }} -{{- end -}} - -{{- define "http-header-injector.image.registry.global" -}} - {{- if .Values.global }} - {{- .Values.global.imageRegistry | default "quay.io" -}} - {{- else -}} - quay.io - {{- end -}} -{{- end -}} - -{{- define "http-header-injector.image.registry" -}} - {{- if ((.ContainerConfig).image).registry -}} - {{- tpl .ContainerConfig.image.registry . -}} - {{- else -}} - {{- include "http-header-injector.image.registry.global" . }} - {{- end -}} -{{- end -}} - -{{- define "http-header-injector.image.pullSecrets" -}} - {{- $pullSecrets := list }} - {{- $pullSecrets = append $pullSecrets (include "http-header-injector.pull-secret.name" .) }} - {{- range .Values.global.imagePullSecrets -}} - {{- $pullSecrets = append $pullSecrets . -}} - {{- end -}} - {{- if (not (empty $pullSecrets)) -}} -imagePullSecrets: - {{- range $pullSecrets | uniq }} - - name: {{ . }} - {{- end }} - {{- end -}} -{{- end -}} diff --git a/charts/stackstate/stackstate-k8s-agent/1.0.58/charts/http-header-injector/templates/cert-hook-clusterrolbinding.yaml b/charts/stackstate/stackstate-k8s-agent/1.0.58/charts/http-header-injector/templates/cert-hook-clusterrolbinding.yaml deleted file mode 100644 index fb804f729..000000000 --- a/charts/stackstate/stackstate-k8s-agent/1.0.58/charts/http-header-injector/templates/cert-hook-clusterrolbinding.yaml +++ /dev/null @@ -1,22 +0,0 @@ -{{- if eq .Values.webhook.tls.mode "generated" }} -apiVersion: rbac.authorization.k8s.io/v1 -kind: ClusterRoleBinding -metadata: - name: "{{ include "http-header-injector.cert-serviceaccount.name" . }}" - labels: - app.kubernetes.io/component: http-header-injector-cert-hook - app.kubernetes.io/instance: {{ .Release.Name }} - app.kubernetes.io/name: {{ include "http-header-injector.app.name" . }} - annotations: - "helm.sh/hook": pre-install,pre-upgrade,post-delete,post-upgrade - "helm.sh/hook-weight": "-3" - "helm.sh/hook-delete-policy": before-hook-creation,hook-succeeded -roleRef: - apiGroup: rbac.authorization.k8s.io - kind: ClusterRole - name: "{{ include "http-header-injector.cert-clusterrole.name" . }}" -subjects: - - kind: ServiceAccount - name: "{{ include "http-header-injector.cert-serviceaccount.name" . }}" - namespace: {{ .Release.Namespace }} -{{- end }} diff --git a/charts/stackstate/stackstate-k8s-agent/1.0.58/charts/http-header-injector/templates/cert-hook-clusterrole.yaml b/charts/stackstate/stackstate-k8s-agent/1.0.58/charts/http-header-injector/templates/cert-hook-clusterrole.yaml deleted file mode 100644 index 595ae5c1b..000000000 --- a/charts/stackstate/stackstate-k8s-agent/1.0.58/charts/http-header-injector/templates/cert-hook-clusterrole.yaml +++ /dev/null @@ -1,24 +0,0 @@ -{{- if eq .Values.webhook.tls.mode "generated" }} -apiVersion: rbac.authorization.k8s.io/v1 -kind: ClusterRole -metadata: - name: "{{ include "http-header-injector.cert-clusterrole.name" . }}" - labels: - app.kubernetes.io/component: http-header-injector-cert-hook - app.kubernetes.io/instance: {{ .Release.Name }} - app.kubernetes.io/name: {{ include "http-header-injector.app.name" . }} - annotations: - "helm.sh/hook": pre-install,pre-upgrade,post-delete,post-upgrade - "helm.sh/hook-weight": "-4" - "helm.sh/hook-delete-policy": before-hook-creation,hook-succeeded -rules: - - apiGroups: [ "admissionregistration.k8s.io" ] - resources: [ "mutatingwebhookconfigurations" ] - verbs: [ "get", "create", "patch","update","delete" ] - - apiGroups: [ "" ] - resources: [ "secrets" ] - verbs: [ "create", "get", "patch","update","delete" ] - - apiGroups: [ "apps" ] - resources: [ "deployments" ] - verbs: [ "get" ] -{{- end }} diff --git a/charts/stackstate/stackstate-k8s-agent/1.0.58/charts/http-header-injector/templates/cert-hook-config.yaml b/charts/stackstate/stackstate-k8s-agent/1.0.58/charts/http-header-injector/templates/cert-hook-config.yaml deleted file mode 100644 index b0c5f22fd..000000000 --- a/charts/stackstate/stackstate-k8s-agent/1.0.58/charts/http-header-injector/templates/cert-hook-config.yaml +++ /dev/null @@ -1,152 +0,0 @@ -{{- if eq .Values.webhook.tls.mode "generated" }} -apiVersion: v1 -kind: ConfigMap -metadata: - name: "{{ include "http-header-injector.cert-config.name" . }}" - labels: - app.kubernetes.io/component: http-header-injector-cert-hook - app.kubernetes.io/instance: {{ .Release.Name }} - app.kubernetes.io/name: {{ include "http-header-injector.app.name" . }} - annotations: - "helm.sh/hook": pre-install,pre-upgrade,post-delete,post-upgrade - "helm.sh/hook-weight": "-3" - "helm.sh/hook-delete-policy": before-hook-creation,hook-succeeded -data: - generate-cert.sh: | - #!/bin/bash - - # We are going for a self-signed certificate here. We would like to use k8s CertificateSigningRequest, however, - # currently there are no out of the box signers that can sign a 'server auth' certificate, which is required for mutation webhooks. - set -ex - - SCRIPTDIR="${BASH_SOURCE%/*}" - - DIR=`mktemp -d` - - cd "$DIR" - - {{ if .Values.enabled }} - echo "Chart enabled, creating secret and webhook" - - openssl genrsa -out ca.key 2048 - - openssl req -x509 -new -nodes -key ca.key -subj "/CN={{ include "http-header-injector.webhook-service.fqname" . }}" -days 10000 -out ca.crt - - openssl genrsa -out tls.key 2048 - - openssl req -new -key tls.key -out tls.csr -config "$SCRIPTDIR/csr.conf" - - openssl x509 -req -in tls.csr -CA ca.crt -CAkey ca.key \ - -CAcreateserial -out tls.crt -days 10000 \ - -extensions v3_ext -extfile "$SCRIPTDIR/csr.conf" -sha256 - - # Create or update the secret - echo "Applying secret" - kubectl create secret tls "{{ include "http-header-injector.cert-secret.name" . }}" \ - -n "{{ .Release.Namespace }}" \ - --cert=./tls.crt \ - --key=./tls.key \ - --dry-run=client \ - -o yaml | kubectl apply -f - - - echo "Applying mutationwebhook" - caBundle=`base64 -w 0 ca.crt` - cat "$SCRIPTDIR/mutatingwebhookconfiguration.yaml" | sed "s/\\\$CA_BUNDLE/$caBundle/g" | kubectl apply -f - - {{ else }} - echo "Chart disabled, not creating secret and webhook" - {{ end }} - delete-cert.sh: | - #!/bin/bash - - set -x - - DIR="${BASH_SOURCE%/*}" - if [[ ! -d "$DIR" ]]; then DIR="$PWD"; fi - if [[ "$DIR" = "." ]]; then DIR="$PWD"; fi - - cd "$DIR" - - # Using detection of deployment hee to also make this work in post-delete. - if kubectl get deployments "{{ include "http-header-injector.app.name" . }}" -n "{{ .Release.Namespace }}"; then - echo "Chart enabled, not removing secret and mutationwebhook" - exit 0 - else - echo "Chart disabled, removing secret and mutationwebhook" - fi - - # Create or update the secret - echo "Deleting secret" - kubectl delete secret "{{ include "http-header-injector.cert-secret.name" . }}" -n "{{ .Release.Namespace }}" - - echo "Applying mutationwebhook" - kubectl delete MutatingWebhookConfiguration "{{ include "http-header-injector.mutating-webhook.name" . }}" -n "{{ .Release.Namespace }}" - - exit 0 - - csr.conf: | - [ req ] - default_bits = 2048 - prompt = no - default_md = sha256 - req_extensions = req_ext - distinguished_name = dn - - [ dn ] - C = NL - ST = Utrecht - L = Hilversum - O = StackState - OU = Dev - CN = {{ include "http-header-injector.webhook-service.fqname" . }} - - [ req_ext ] - subjectAltName = @alt_names - - [ alt_names ] - DNS.1 = {{ include "http-header-injector.webhook-service.fqname" . }} - - [ v3_ext ] - authorityKeyIdentifier=keyid,issuer:always - basicConstraints=CA:FALSE - keyUsage=keyEncipherment,dataEncipherment - extendedKeyUsage=serverAuth - subjectAltName=@alt_names - - mutatingwebhookconfiguration.yaml: | - apiVersion: admissionregistration.k8s.io/v1 - kind: MutatingWebhookConfiguration - metadata: - name: "{{ include "http-header-injector.mutating-webhook.name" . }}" - namespace: "{{ .Release.Namespace }}" - webhooks: - - clientConfig: - caBundle: "$CA_BUNDLE" - service: - name: "{{ include "http-header-injector.webhook-service.name" . }}" - path: /mutate - namespace: {{ .Release.Namespace }} - port: 8443 - # Putting failure on ignore, not doing so can crash the entire control plane if something goes wrong with the service. - failurePolicy: "{{ .Values.webhook.failurePolicy }}" - name: "{{ include "http-header-injector.mutatingwebhookconfiguration.name" . }}" - namespaceSelector: - matchExpressions: - - key: kubernetes.io/metadata.name - operator: NotIn - values: - - kube-system - - cert-manager - - {{ .Release.Namespace }} - rules: - - apiGroups: - - "" - apiVersions: - - v1 - operations: - - CREATE - resources: - - pods - sideEffects: None - admissionReviewVersions: - - v1 -{{- end }} diff --git a/charts/stackstate/stackstate-k8s-agent/1.0.58/charts/http-header-injector/templates/cert-hook-job-delete.yaml b/charts/stackstate/stackstate-k8s-agent/1.0.58/charts/http-header-injector/templates/cert-hook-job-delete.yaml deleted file mode 100644 index 027d69b37..000000000 --- a/charts/stackstate/stackstate-k8s-agent/1.0.58/charts/http-header-injector/templates/cert-hook-job-delete.yaml +++ /dev/null @@ -1,42 +0,0 @@ -{{- if eq .Values.webhook.tls.mode "generated" }} -{{- $containerConfig := dict "ContainerConfig" .Values.certificatePrehook -}} -apiVersion: batch/v1 -kind: Job -metadata: - name: {{ .Release.Name }}-header-injector-cert-delete - labels: - app.kubernetes.io/component: http-header-injector-cert-hook-delete - app.kubernetes.io/instance: {{ .Release.Name }} - app.kubernetes.io/name: {{ include "http-header-injector.app.name" . }} - annotations: - "helm.sh/hook": post-delete,post-upgrade - "helm.sh/hook-weight": "-2" - "helm.sh/hook-delete-policy": before-hook-creation{{- if not .Values.debug -}},hook-succeeded{{- end }} -spec: - template: - metadata: - labels: - app.kubernetes.io/component: http-header-injector-delete - app.kubernetes.io/instance: {{ .Release.Name }} - app.kubernetes.io/name: {{ include "http-header-injector.app.name" . }} - annotations: - checksum/config: {{ include (print $.Template.BasePath "/cert-hook-config.yaml") . | sha256sum }} - spec: - serviceAccountName: "{{ include "http-header-injector.cert-serviceaccount.name" . }}" - {{- include "http-header-injector.image.pullSecrets" . | nindent 6 }} - volumes: - - name: "{{ include "http-header-injector.cert-config.name" . }}" - configMap: - name: "{{ include "http-header-injector.cert-config.name" . }}" - defaultMode: 0777 - containers: - - name: webhook-cert-delete - image: "{{ include "http-header-injector.image.registry" (merge $containerConfig .) }}/{{ .Values.certificatePrehook.image.repository }}:{{ .Values.certificatePrehook.image.tag }}" - imagePullPolicy: {{ .Values.certificatePrehook.image.pullPolicy }} - volumeMounts: - - name: "{{ include "http-header-injector.cert-config.name" . }}" - mountPath: /scripts - command: [ "/scripts/delete-cert.sh" ] - restartPolicy: Never - backoffLimit: 0 -{{- end }} diff --git a/charts/stackstate/stackstate-k8s-agent/1.0.58/charts/http-header-injector/templates/cert-hook-job-setup.yaml b/charts/stackstate/stackstate-k8s-agent/1.0.58/charts/http-header-injector/templates/cert-hook-job-setup.yaml deleted file mode 100644 index b8e310442..000000000 --- a/charts/stackstate/stackstate-k8s-agent/1.0.58/charts/http-header-injector/templates/cert-hook-job-setup.yaml +++ /dev/null @@ -1,43 +0,0 @@ -{{- if eq .Values.webhook.tls.mode "generated" }} -{{- $containerConfig := dict "ContainerConfig" .Values.certificatePrehook -}} -apiVersion: batch/v1 -kind: Job -metadata: - name: {{ .Release.Name }}-header-injector-cert-setup - labels: - app.kubernetes.io/component: http-header-injector-cert-hook-setup - app.kubernetes.io/instance: {{ .Release.Name }} - app.kubernetes.io/name: {{ include "http-header-injector.app.name" . }} - annotations: - "helm.sh/hook": pre-install,pre-upgrade - "helm.sh/hook-weight": "-2" - "helm.sh/hook-delete-policy": before-hook-creation{{- if not .Values.debug -}},hook-succeeded{{- end }} -spec: - template: - metadata: - labels: - app.kubernetes.io/component: http-header-injector-setup - app.kubernetes.io/instance: {{ .Release.Name }} - app.kubernetes.io/name: {{ include "http-header-injector.app.name" . }} - annotations: - checksum/config: {{ include (print $.Template.BasePath "/cert-hook-config.yaml") . | sha256sum }} - spec: - serviceAccountName: "{{ include "http-header-injector.cert-serviceaccount.name" . }}" - {{- include "http-header-injector.image.pullSecrets" . | nindent 6 }} - volumes: - - name: "{{ include "http-header-injector.cert-config.name" . }}" - configMap: - name: "{{ include "http-header-injector.cert-config.name" . }}" - defaultMode: 0777 - containers: - - name: webhook-cert-setup - image: "{{ include "http-header-injector.image.registry" (merge $containerConfig .) }}/{{ .Values.certificatePrehook.image.repository }}:{{ .Values.certificatePrehook.image.tag }}" - imagePullPolicy: {{ .Values.certificatePrehook.image.pullPolicy }} - volumeMounts: - - name: "{{ include "http-header-injector.cert-config.name" . }}" - mountPath: /scripts - readOnly: true - command: ["/scripts/generate-cert.sh"] - restartPolicy: Never - backoffLimit: 0 -{{- end }} diff --git a/charts/stackstate/stackstate-k8s-agent/1.0.58/charts/http-header-injector/templates/cert-hook-serviceaccount.yaml b/charts/stackstate/stackstate-k8s-agent/1.0.58/charts/http-header-injector/templates/cert-hook-serviceaccount.yaml deleted file mode 100644 index 4d6931b05..000000000 --- a/charts/stackstate/stackstate-k8s-agent/1.0.58/charts/http-header-injector/templates/cert-hook-serviceaccount.yaml +++ /dev/null @@ -1,16 +0,0 @@ -{{- if eq .Values.webhook.tls.mode "generated" }} -apiVersion: v1 -kind: ServiceAccount -metadata: - name: "{{ include "http-header-injector.cert-serviceaccount.name" . }}" - namespace: {{ .Release.Namespace }} - annotations: - "helm.sh/hook": pre-install,pre-upgrade,post-delete,post-upgrade - "helm.sh/hook-weight": "-4" - "helm.sh/hook-delete-policy": before-hook-creation,hook-succeeded - labels: - app.kubernetes.io/component: http-header-injector-cert-hook - app.kubernetes.io/instance: {{ .Release.Name }} - app.kubernetes.io/name: {{ include "http-header-injector.app.name" . }} - app: "{{ include "http-header-injector.app.name" . }}" -{{- end }} diff --git a/charts/stackstate/stackstate-k8s-agent/1.0.58/charts/http-header-injector/templates/pull-secret.yaml b/charts/stackstate/stackstate-k8s-agent/1.0.58/charts/http-header-injector/templates/pull-secret.yaml deleted file mode 100644 index 5dc48d931..000000000 --- a/charts/stackstate/stackstate-k8s-agent/1.0.58/charts/http-header-injector/templates/pull-secret.yaml +++ /dev/null @@ -1,29 +0,0 @@ -{{- $defaultRegistry := .Values.global.imageRegistry }} -{{- $top := . }} -{{- $registryAuthMap := dict }} - -{{- range $registry, $credentials := .Values.global.imagePullCredentials }} - {{- $registryAuthDocument := dict -}} - {{- $_ := set $registryAuthDocument "username" $credentials.username }} - {{- $_ := set $registryAuthDocument "password" $credentials.password }} - {{- $authMessage := printf "%s:%s" $registryAuthDocument.username $registryAuthDocument.password | b64enc }} - {{- $_ := set $registryAuthDocument "auth" $authMessage }} - {{- if eq $registry "default" }} - {{- $registryAuthMap := set $registryAuthMap (include "http-header-injector.image.registry.global" $top) $registryAuthDocument }} - {{ else }} - {{- $registryAuthMap := set $registryAuthMap $registry $registryAuthDocument }} - {{- end }} -{{- end }} -{{- $dockerAuthsDocuments := dict "auths" $registryAuthMap }} - -apiVersion: v1 -kind: Secret -metadata: - labels: - app.kubernetes.io/component: http-header-injector - app.kubernetes.io/instance: {{ .Release.Name }} - app.kubernetes.io/name: {{ include "http-header-injector.app.name" . }} - name: {{ include "http-header-injector.pull-secret.name" . }} -data: - .dockerconfigjson: {{ $dockerAuthsDocuments | toJson | b64enc | quote }} -type: kubernetes.io/dockerconfigjson \ No newline at end of file diff --git a/charts/stackstate/stackstate-k8s-agent/1.0.58/charts/http-header-injector/templates/webhook-cert-secret.yaml b/charts/stackstate/stackstate-k8s-agent/1.0.58/charts/http-header-injector/templates/webhook-cert-secret.yaml deleted file mode 100644 index ba7a216f2..000000000 --- a/charts/stackstate/stackstate-k8s-agent/1.0.58/charts/http-header-injector/templates/webhook-cert-secret.yaml +++ /dev/null @@ -1,15 +0,0 @@ -{{- if eq .Values.webhook.tls.mode "provided" }} -apiVersion: v1 -kind: Secret -metadata: - name: {{ include "http-header-injector.cert-secret.name" . }} - namespace: {{ .Release.Namespace }} - labels: - app.kubernetes.io/component: http-header-injector - app.kubernetes.io/instance: {{ .Release.Name }} - app.kubernetes.io/name: {{ include "http-header-injector.app.name" . }} -type: kubernetes.io/tls -data: - tls.crt: {{ .Values.webhook.tls.provided.crt | b64enc }} - tls.key: {{ .Values.webhook.tls.provided.key | b64enc }} -{{- end }} diff --git a/charts/stackstate/stackstate-k8s-agent/1.0.58/charts/http-header-injector/templates/webhook-certificate.yaml b/charts/stackstate/stackstate-k8s-agent/1.0.58/charts/http-header-injector/templates/webhook-certificate.yaml deleted file mode 100644 index 752132d44..000000000 --- a/charts/stackstate/stackstate-k8s-agent/1.0.58/charts/http-header-injector/templates/webhook-certificate.yaml +++ /dev/null @@ -1,20 +0,0 @@ -{{- if eq .Values.webhook.tls.mode "cert-manager" }} -apiVersion: cert-manager.io/v1 -kind: Certificate -metadata: - name: {{ include "http-header-injector.webhook-service.name" . }} - namespace: {{ include "cert-manager.certificate.namespace" . }} - labels: - app.kubernetes.io/component: http-header-injector - app.kubernetes.io/instance: {{ .Release.Name }} - app.kubernetes.io/name: {{ include "http-header-injector.app.name" . }} -spec: - secretName: {{ include "http-header-injector.cert-secret.name" . }} - issuerRef: - name: {{ .Values.webhook.tls.certManager.issuer }} - kind: {{ .Values.webhook.tls.certManager.issuerKind }} - dnsNames: - - "{{ include "http-header-injector.webhook-service.name" . }}" - - "{{ include "http-header-injector.webhook-service.name" . }}.{{ .Release.Namespace }}" - - "{{ include "http-header-injector.webhook-service.name" . }}.{{ .Release.Namespace }}.svc" -{{- end }} diff --git a/charts/stackstate/stackstate-k8s-agent/1.0.58/charts/http-header-injector/templates/webhook-config.yaml b/charts/stackstate/stackstate-k8s-agent/1.0.58/charts/http-header-injector/templates/webhook-config.yaml deleted file mode 100644 index f611a52e3..000000000 --- a/charts/stackstate/stackstate-k8s-agent/1.0.58/charts/http-header-injector/templates/webhook-config.yaml +++ /dev/null @@ -1,125 +0,0 @@ -{{- if .Values.enabled -}} -{{- $proxyContainerConfig := dict "ContainerConfig" .Values.proxy -}} -{{- $proxyInitContainerConfig := dict "ContainerConfig" .Values.proxyInit -}} -apiVersion: v1 -kind: ConfigMap -metadata: - labels: - app.kubernetes.io/component: http-header-injector - app.kubernetes.io/instance: {{ .Release.Name }} - app.kubernetes.io/name: {{ include "http-header-injector.app.name" . }} - name: {{ .Release.Name }}-http-header-injector-config -data: - sidecarconfig.yaml: | - initContainers: - - name: http-header-proxy-init - image: "{{ include "http-header-injector.image.registry" (merge $proxyInitContainerConfig .) }}/{{ .Values.proxyInit.image.repository }}:{{ .Values.proxyInit.image.tag }}" - imagePullPolicy: {{ .Values.proxyInit.image.pullPolicy }} - command: ["/init-iptables.sh"] - env: - - name: CHART_VERSION - value: "{{ .Chart.Version }}" - - name: PROXY_PORT - value: {% if index .Annotations "config.http-header-injector.stackstate.io/proxy-port" %}"{% index .Annotations "config.http-header-injector.stackstate.io/proxy-port" %}"{% else %}"7060"{% end %} - - name: PROXY_UID - value: {% if index .Annotations "config.http-header-injector.stackstate.io/proxy-uid" %}"{% index .Annotations "config.http-header-injector.stackstate.io/proxy-uid" %}"{% else %}"2103"{% end %} - - name: POD_HOST_NETWORK - value: {% .Spec.HostNetwork %} - {% if eq (index .Annotations "linkerd.io/inject") "enabled" %} - - name: LINKERD - value: true - # Reference: https://linkerd.io/2.13/reference/proxy-configuration/ - - name: LINKERD_PROXY_UID - value: {% if index .Annotations "config.linkerd.io/proxy-uid" %}"{% index .Annotations "config.linkerd.io/proxy-uid" %}"{% else %}"2102"{% end %} - # Due to https://github.com/linkerd/linkerd2/issues/10981 this is now not realy possible, still bringing in the code for future reference - - name: LINKERD_ADMIN_PORT - value: {% if index .Annotations "config.linkerd.io/admin-port" %}"{% index .Annotations "config.linkerd.io/admin-port" %}"{% else %}"4191"{% end %} - {% end %} - securityContext: - allowPrivilegeEscalation: false - capabilities: - add: - - NET_ADMIN - - NET_RAW - privileged: false - readOnlyRootFilesystem: true - runAsNonRoot: false - runAsUser: 0 - seccompProfile: - type: RuntimeDefault - volumeMounts: - # This is required for iptables to be able to run - - mountPath: /run - name: http-header-proxy-init-xtables-lock - - containers: - - name: http-header-proxy - image: "{{ include "http-header-injector.image.registry" (merge $proxyContainerConfig .) }}/{{ .Values.proxy.image.repository }}:{{ .Values.proxy.image.tag }}" - imagePullPolicy: {{ .Values.proxy.image.pullPolicy }} - env: - - name: CHART_VERSION - value: "{{ .Chart.Version }}" - - name: PORT - value: {% if index .Annotations "config.http-header-injector.stackstate.io/proxy-port" %}"{% index .Annotations "config.http-header-injector.stackstate.io/proxy-port" %}"{% else %}"7060"{% end %} - - name: DEBUG - value: {% if index .Annotations "config.http-header-injector.stackstate.io/debug" %}"{% index .Annotations "config.http-header-injector.stackstate.io/debug" %}"{% else %}"disabled"{% end %} - securityContext: - runAsUser: {% if index .Annotations "config.http-header-injector.stackstate.io/proxy-uid" %}{% index .Annotations "config.http-header-injector.stackstate.io/proxy-uid" %}{% else %}2103{% end %} - seccompProfile: - type: RuntimeDefault - {{- with .Values.proxy.resources }} - resources: - {{- toYaml . | nindent 12 }} - {{- end }} - - name: http-header-inject-debug - image: "{{ include "http-header-injector.image.registry" (merge $proxyContainerConfig .) }}/{{ .Values.proxyInit.image.repository }}:{{ .Values.proxyInit.image.tag }}" - imagePullPolicy: {{ .Values.proxyInit.image.pullPolicy }} - command: ["/bin/sh", "-c", "while echo \"Running\"; do sleep 1; done"] - securityContext: - allowPrivilegeEscalation: false - capabilities: - add: - - NET_ADMIN - - NET_RAW - privileged: false - readOnlyRootFilesystem: true - runAsNonRoot: false - runAsUser: 0 - seccompProfile: - type: RuntimeDefault - volumeMounts: - # This is required for iptables to be able to run - - mountPath: /run - name: http-header-proxy-init-xtables-lock - - volumes: - - emptyDir: {} - name: http-header-proxy-init-xtables-lock - - mutationconfig.yaml: | - mutationConfigs: - - name: "http-header-injector" - annotationNamespace: "http-header-injector.stackstate.io" - annotationTrigger: "inject" - annotationConfig: - volumeMounts: [] - initContainersBeforePodInitContainers: [ "http-header-proxy-init" ] - initContainers: [ "http-header-proxy-init" ] - containers: [ "http-header-proxy" ] - volumes: [ "http-header-proxy-init-xtables-lock" ] - volumeMounts: [ ] - # Namespaces are ignored by the mutatingwebhook - ignoreNamespaces: [ ] - - name: "http-header-injector-debug" - annotationNamespace: "http-header-injector-debug.stackstate.io" - annotationTrigger: "inject" - annotationConfig: - volumeMounts: [] - initContainersBeforePodInitContainers: [ ] - initContainers: [ ] - containers: [ "http-header-inject-debug" ] - volumes: [ "http-header-proxy-init-xtables-lock" ] - volumeMounts: [ ] - # Namespaces are ignored by the mutatingwebhook - ignoreNamespaces: [ ] - {{- end -}} \ No newline at end of file diff --git a/charts/stackstate/stackstate-k8s-agent/1.0.58/charts/http-header-injector/templates/webhook-deployment.yaml b/charts/stackstate/stackstate-k8s-agent/1.0.58/charts/http-header-injector/templates/webhook-deployment.yaml deleted file mode 100644 index e885d0e46..000000000 --- a/charts/stackstate/stackstate-k8s-agent/1.0.58/charts/http-header-injector/templates/webhook-deployment.yaml +++ /dev/null @@ -1,56 +0,0 @@ -{{- if .Values.enabled -}} -{{- $containerConfig := dict "ContainerConfig" .Values.sidecarInjector -}} -apiVersion: apps/v1 -kind: Deployment -metadata: - labels: - app.kubernetes.io/component: http-header-injector - app.kubernetes.io/instance: {{ .Release.Name }} - app.kubernetes.io/name: {{ include "http-header-injector.app.name" . }} - app: "{{ include "http-header-injector.app.name" . }}" - name: "{{ include "http-header-injector.app.name" . }}" -spec: - replicas: 1 - selector: - matchLabels: - app: "{{ include "http-header-injector.app.name" . }}" - template: - metadata: - labels: - app.kubernetes.io/component: http-header-injector - app.kubernetes.io/instance: {{ .Release.Name }} - app.kubernetes.io/name: {{ include "http-header-injector.app.name" . }} - app: "{{ include "http-header-injector.app.name" . }}" - annotations: - checksum/config: {{ include (print $.Template.BasePath "/webhook-config.yaml") . | sha256sum }} - # This is here to make sure the generic injector gets restarted and picks up a new secret that may have been generated upon upgrade. - revision: "{{ .Release.Revision }}" - name: "{{ include "http-header-injector.app.name" . }}" - spec: - {{- include "http-header-injector.image.pullSecrets" . | nindent 6 }} - volumes: - - name: "{{ include "http-header-injector.webhook-config.name" . }}" - configMap: - name: "{{ include "http-header-injector.webhook-config.name" . }}" - - name: "{{ include "http-header-injector.cert-secret.name" . }}" - secret: - secretName: "{{ include "http-header-injector.cert-secret.name" . }}" - containers: - - image: "{{ include "http-header-injector.image.registry" (merge $containerConfig .) }}/{{ .Values.sidecarInjector.image.repository }}:{{ .Values.sidecarInjector.image.tag }}" - imagePullPolicy: {{ .Values.sidecarInjector.image.pullPolicy }} - name: http-header-injector - volumeMounts: - - name: "{{ include "http-header-injector.webhook-config.name" . }}" - mountPath: /etc/webhook/config - readOnly: true - - name: "{{ include "http-header-injector.cert-secret.name" . }}" - mountPath: /etc/webhook/certs - readOnly: true - command: [ "/sidecarinjector" ] - args: - - --port=8443 - - --sidecar-config-file=/etc/webhook/config/sidecarconfig.yaml - - --mutation-config-file=/etc/webhook/config/mutationconfig.yaml - - --cert-file-path=/etc/webhook/certs/tls.crt - - --key-file-path=/etc/webhook/certs/tls.key -{{- end -}} \ No newline at end of file diff --git a/charts/stackstate/stackstate-k8s-agent/1.0.58/charts/http-header-injector/templates/webhook-mutatingwebhookconfiguration.yaml b/charts/stackstate/stackstate-k8s-agent/1.0.58/charts/http-header-injector/templates/webhook-mutatingwebhookconfiguration.yaml deleted file mode 100644 index 32d58afde..000000000 --- a/charts/stackstate/stackstate-k8s-agent/1.0.58/charts/http-header-injector/templates/webhook-mutatingwebhookconfiguration.yaml +++ /dev/null @@ -1,52 +0,0 @@ -{{- if not (eq .Values.webhook.tls.mode "generated") }} -apiVersion: admissionregistration.k8s.io/v1 -kind: MutatingWebhookConfiguration -metadata: - name: "{{ include "http-header-injector.mutating-webhook.name" . }}" - namespace: "{{ .Release.Namespace }}" - labels: - app.kubernetes.io/component: http-header-injector - app.kubernetes.io/instance: {{ .Release.Name }} - app.kubernetes.io/name: {{ include "http-header-injector.app.name" . }} - annotations: - {{- if eq .Values.webhook.tls.mode "cert-manager" }} - cert-manager.io/inject-ca-from: {{ include "cert-manager.certificate.namespace" . }}/{{ include "http-header-injector.webhook-service.name" . }} - {{- else if eq .Values.webhook.tls.mode "secret" }} - cert-manager.io/inject-ca-from-secret: {{ .Release.Namespace }}/{{ .Values.webhook.tls.secret.name | required "'webhook.tls.secret.name' is required when webhook.tls.mode is 'secret'" }} - {{- end }} -webhooks: - - clientConfig: - {{- if eq .Values.webhook.tls.mode "provided" }} - caBundle: "{{ .Values.webhook.tls.provided.caBundle | b64enc }}" - {{- else if or (eq .Values.webhook.tls.mode "cert-manager") (eq .Values.webhook.tls.mode "secret") }} - caBundle: "" - {{- end }} - service: - name: "{{ include "http-header-injector.webhook-service.name" . }}" - path: /mutate - namespace: {{ .Release.Namespace }} - port: 8443 - # Putting failure on ignore, not doing so can crash the entire control plane if something goes wrong with the service. - failurePolicy: "{{ .Values.webhook.failurePolicy }}" - name: "{{ include "http-header-injector.mutatingwebhookconfiguration.name" . }}" - namespaceSelector: - matchExpressions: - - key: kubernetes.io/metadata.name - operator: NotIn - values: - - kube-system - - cert-manager - - {{ .Release.Namespace }} - rules: - - apiGroups: - - "" - apiVersions: - - v1 - operations: - - CREATE - resources: - - pods - sideEffects: None - admissionReviewVersions: - - v1 -{{- end }} diff --git a/charts/stackstate/stackstate-k8s-agent/1.0.58/charts/http-header-injector/templates/webhook-service.yaml b/charts/stackstate/stackstate-k8s-agent/1.0.58/charts/http-header-injector/templates/webhook-service.yaml deleted file mode 100644 index 6936a5d23..000000000 --- a/charts/stackstate/stackstate-k8s-agent/1.0.58/charts/http-header-injector/templates/webhook-service.yaml +++ /dev/null @@ -1,17 +0,0 @@ -{{- if .Values.enabled -}} -apiVersion: v1 -kind: Service -metadata: - labels: - app.kubernetes.io/component: http-header-injector - app.kubernetes.io/instance: {{ .Release.Name }} - app.kubernetes.io/name: {{ include "http-header-injector.app.name" . }} - name: "{{ include "http-header-injector.webhook-service.name" . }}" -spec: - ports: - - port: 8443 - protocol: TCP - targetPort: 8443 - selector: - app: "{{ include "http-header-injector.app.name" . }}" -{{- end -}} diff --git a/charts/stackstate/stackstate-k8s-agent/1.0.58/charts/http-header-injector/values.yaml b/charts/stackstate/stackstate-k8s-agent/1.0.58/charts/http-header-injector/values.yaml deleted file mode 100644 index 236a8bb6a..000000000 --- a/charts/stackstate/stackstate-k8s-agent/1.0.58/charts/http-header-injector/values.yaml +++ /dev/null @@ -1,98 +0,0 @@ -# enabled -- Enable/disable the mutationwebhook -enabled: true - -# debug -- Enable debugging. This will leave leave artifacts around like the prehook jobs for further inspection -debug: false - -global: - # global.imageRegistry -- Globally override the image registry that is used. Can be overridden by specific containers. Defaults to quay.io - imageRegistry: null - # global.imagePullSecrets -- Globally add image pull secrets that are used. - imagePullSecrets: [] - # global.imagePullCredentials -- Globally define credentials for pulling images. - imagePullCredentials: {} - -images: - pullSecretName: - -# proxy -- Proxy being injected into pods for rewriting http headers -proxy: - image: - # proxy.image.registry -- Registry for the docker image. - registry: - # proxy.image.repository - Repository for the docker image - repository: "stackstate/http-header-injector-proxy" - # proxy.image.pullPolicy -- Policy when pulling an image - pullPolicy: IfNotPresent - # proxy.image.tag -- The tag for the docker image - tag: sha-5ff79451 - - # proxy.resource -- Resources for the proxy container - resources: - requests: - # proxy.resources.requests.memory -- Memory resource requests. - memory: "25Mi" - limits: - # proxy.resources.limits.memory -- Memory resource limits. - memory: "40Mi" - -# proxyInit -- InitContainer within pod which redirects traffic to the proxy container. -proxyInit: - image: - # proxyInit.image.registry -- Registry for the docker image - registry: - # proxyInit.image.repository - Repository for the docker image - repository: "stackstate/http-header-injector-proxy-init" - # proxyInit.image.pullPolicy -- Policy when pulling an image - pullPolicy: IfNotPresent - # proxyInit.image.tag -- The tag for the docker image - tag: sha-5ff79451 - -# sidecarInjector -- Service for injecting the proxy sidecar into pods -sidecarInjector: - image: - # sidecarInjector.image.registry -- Registry for the docker image. - registry: - # sidecarInjector.image.repository - Repository for the docker image - repository: "stackstate/generic-sidecar-injector" - # sidecarInjector.image.pullPolicy -- Policy when pulling an image - pullPolicy: IfNotPresent - # sidecarInjector.image.tag -- The tag for the docker image - tag: sha-9c852245 - -# certificatePrehook -- Helm prehook to setup/remove a certificate for the sidecarInjector mutationwebhook -certificatePrehook: - image: - # certificatePrehook.image.registry -- Registry for the docker image. - registry: - # certificatePrehook.image.repository - Repository for the docker image. - repository: stackstate/container-tools - # certificatePrehook.image.pullPolicy -- Policy when pulling an image - pullPolicy: IfNotPresent - # certificatePrehook.image.tag -- The tag for the docker image - tag: 1.1.8 - -# webhook -- MutationWebhook that will be installed to inject a sidecar into pods -webhook: - # webhook.failurePolicy -- How should the webhook fail? Best is to use Ignore, because there is a brief moment at initialization when the hook s there but the service not. Also, putting this to fail can cause the control plane be unresponsive. - failurePolicy: Ignore - tls: - # webhook.tls.mode -- The mode for the webhook. Can be "provided", "generated", "secret" or "cert-manager". If you want to use cert-manager, you need to install it first. NOTE: If you choose "generated", additional privileges are required to create the certificate and webhook at runtime. - mode: "generated" - provided: - # webhook.tls.provided.caBundle -- The caBundle that is used for the webhook. This is the certificate that is used to sign the webhook. Only used if you set webhook.tls.mode to "provided". - caBundle: "" - # webhook.tls.provided.crt -- The certificate that is used for the webhook. Only used if you set webhook.tls.mode to "provided". - crt: "" - # webhook.tls.provided.key -- The key that is used for the webhook. Only used if you set webhook.tls.mode to "provided". - key: "" - certManager: - # webhook.tls.certManager.issuer -- The issuer that is used for the webhook. Only used if you set webhook.tls.mode to "cert-manager". - issuer: "" - # webhook.tls.certManager.issuerKind -- The issuer kind that is used for the webhook, valid values are "Issuer" or "ClusterIssuer". Only used if you set webhook.tls.mode to "cert-manager". - issuerKind: "ClusterIssuer" - # webhook.tls.certManager.issuerNamespace -- The namespace the cert-manager issuer is located in. If left empty defaults to the release's namespace that is used for the webhook. Only used if you set webhook.tls.mode to "cert-manager". - issuerNamespace: "" - secret: - # webhook.tls.secret.name -- The name of the secret containing the pre-provisioned certificate data that is used for the webhook. Only used if you set webhook.tls.mode to "secret". - name: "" diff --git a/charts/stackstate/stackstate-k8s-agent/1.0.58/questions.yml b/charts/stackstate/stackstate-k8s-agent/1.0.58/questions.yml deleted file mode 100644 index 5d6e6a011..000000000 --- a/charts/stackstate/stackstate-k8s-agent/1.0.58/questions.yml +++ /dev/null @@ -1,184 +0,0 @@ -questions: - - variable: stackstate.apiKey - label: "StackState API Key" - type: string - description: "The API key for StackState." - required: true - group: General - - variable: stackstate.url - label: "StackState URL" - type: string - description: "The URL where StackState is running." - required: true - group: General - - variable: stackstate.cluster.name - label: "StackState Cluster Name" - type: string - description: "The StackState Cluster Name given when installing the instance of the Kubernetes StackPack in StackState. This is used to identify the cluster in StackState." - required: true - group: General - - variable: all.registry.override - label: "Override Default Image Registry" - type: boolean - description: "Whether or not to override the default image registry." - default: false - group: "General" - show_subquestions_if: true - subquestions: - - variable: all.image.registry - label: "Docker Image Registry" - type: string - description: "The registry to pull the StackState Agent images from." - default: "quay.io" - - variable: global.imagePullCredentials.username - label: "Docker Image Pull Username" - type: string - description: "The username to use when pulling the StackState Agent images." - - variable: global.imagePullCredentials.password - label: "Docker Image Pull Password" - type: secret - description: "The password to use when pulling the StackState Agent images." - - variable: nodeAgent.containers.agent.resources.override - label: "Override Node Agent Resource Allocation" - type: boolean - description: "Whether or not to override the default resources." - default: "false" - group: "Node Agent" - show_subquestions_if: true - subquestions: - - variable: nodeAgent.containers.agent.resources.requests.cpu - label: "CPU Requests" - type: string - description: "The requested CPU for the Node Agent." - default: "20m" - - variable: nodeAgent.containers.agent.resources.requests.memory - label: "Memory Requests" - type: string - description: "The requested memory for the Node Agent." - default: "180Mi" - - variable: nodeAgent.containers.agent.resources.limits.cpu - label: "CPU Limit" - type: string - description: "The CPU limit for the Node Agent." - default: "270m" - - variable: nodeAgent.containers.agent.resources.limits.memory - label: "Memory Limit" - type: string - description: "The memory limit for the Node Agent." - default: "420Mi" - - variable: nodeAgent.containers.processAgent.enabled - label: "Enable Process Agent" - type: boolean - description: "Whether or not to enable the Process Agent." - default: "true" - group: "Process Agent" - - variable: nodeAgent.skipKubeletTLSVerify - label: "Skip Kubelet TLS Verify" - type: boolean - description: "Whether or not to skip TLS verification when connecting to the kubelet API." - default: "true" - group: "Process Agent" - - variable: nodeAgent.containers.processAgent.resources.override - label: "Override Process Agent Resource Allocation" - type: boolean - description: "Whether or not to override the default resources." - default: "false" - group: "Process Agent" - show_subquestions_if: true - subquestions: - - variable: nodeAgent.containers.processAgent.resources.requests.cpu - label: "CPU Requests" - type: string - description: "The requested CPU for the Process Agent." - default: "25m" - - variable: nodeAgent.containers.processAgent.resources.requests.memory - label: "Memory Requests" - type: string - description: "The requested memory for the Process Agent." - default: "128Mi" - - variable: nodeAgent.containers.processAgent.resources.limits.cpu - label: "CPU Limit" - type: string - description: "The CPU limit for the Process Agent." - default: "125m" - - variable: nodeAgent.containers.processAgent.resources.limits.memory - label: "Memory Limit" - type: string - description: "The memory limit for the Process Agent." - default: "400Mi" - - variable: clusterAgent.enabled - label: "Enable Cluster Agent" - type: boolean - description: "Whether or not to enable the Cluster Agent." - default: "true" - group: "Cluster Agent" - - variable: clusterAgent.collection.kubernetesResources.secrets - label: "Collect Secret Resources" - type: boolean - description: | - Whether or not to collect Kubernetes Secrets. - NOTE: StackState will not send the actual data of the secrets, only the metadata and a secure hash of the data. - default: "true" - group: "Cluster Agent" - - variable: clusterAgent.resources.override - label: "Override Cluster Agent Resource Allocation" - type: boolean - description: "Whether or not to override the default resources." - default: "false" - group: "Cluster Agent" - show_subquestions_if: true - subquestions: - - variable: clusterAgent.resources.requests.cpu - label: "CPU Requests" - type: string - description: "The requested CPU for the Cluster Agent." - default: "70m" - - variable: clusterAgent.resources.requests.memory - label: "Memory Requests" - type: string - description: "The requested memory for the Cluster Agent." - default: "512Mi" - - variable: clusterAgent.resources.limits.cpu - label: "CPU Limit" - type: string - description: "The CPU limit for the Cluster Agent." - default: "400m" - - variable: clusterAgent.resources.limits.memory - label: "Memory Limit" - type: string - description: "The memory limit for the Cluster Agent." - default: "800Mi" - - variable: logsAgent.enabled - label: "Enable Logs Agent" - type: boolean - description: "Whether or not to enable the Logs Agent." - default: "true" - group: "Logs Agent" - - variable: logsAgent.resources.override - label: "Override Logs Agent Resource Allocation" - type: boolean - description: "Whether or not to override the default resources." - default: "false" - group: "Logs Agent" - show_subquestions_if: true - subquestions: - - variable: logsAgent.resources.requests.cpu - label: "CPU Requests" - type: string - description: "The requested CPU for the Logs Agent." - default: "20m" - - variable: logsAgent.resources.requests.memory - label: "Memory Requests" - type: string - description: "The requested memory for the Logs Agent." - default: "100Mi" - - variable: logsAgent.resources.limits.cpu - label: "CPU Limit" - type: string - description: "The CPU limit for the Logs Agent." - default: "1300m" - - variable: logsAgent.resources.limits.memory - label: "Memory Limit" - type: string - description: "The memory limit for the Logs Agent." - default: "192Mi" diff --git a/charts/stackstate/stackstate-k8s-agent/1.0.58/templates/_cluster-agent-kube-state-metrics.yaml b/charts/stackstate/stackstate-k8s-agent/1.0.58/templates/_cluster-agent-kube-state-metrics.yaml deleted file mode 100644 index f99fbf618..000000000 --- a/charts/stackstate/stackstate-k8s-agent/1.0.58/templates/_cluster-agent-kube-state-metrics.yaml +++ /dev/null @@ -1,62 +0,0 @@ -{{- define "cluster-agent-kube-state-metrics" -}} -{{- $kubeRes := .Values.clusterAgent.collection.kubernetesResources }} -{{- if .Values.clusterAgent.collection.kubeStateMetrics.clusterCheck }} -cluster_check: true -{{- end }} -init_config: -instances: - - collectors: - - nodes - - pods - - services - {{- if $kubeRes.persistentvolumeclaims }} - - persistentvolumeclaims - {{- end }} - {{- if $kubeRes.persistentvolumes }} - - persistentvolumes - {{- end }} - {{- if $kubeRes.namespaces }} - - namespaces - {{- end }} - {{- if $kubeRes.endpoints }} - - endpoints - {{- end }} - {{- if $kubeRes.daemonsets }} - - daemonsets - {{- end }} - {{- if $kubeRes.deployments }} - - deployments - {{- end }} - {{- if $kubeRes.replicasets }} - - replicasets - {{- end }} - {{- if $kubeRes.statefulsets }} - - statefulsets - {{- end }} - {{- if $kubeRes.cronjobs }} - - cronjobs - {{- end }} - {{- if $kubeRes.jobs }} - - jobs - {{- end }} - {{- if $kubeRes.ingresses }} - - ingresses - {{- end }} - {{- if $kubeRes.secrets }} - - secrets - {{- end }} - - resourcequotas - - replicationcontrollers - - limitranges - - horizontalpodautoscalers - - poddisruptionbudgets - - storageclasses - - volumeattachments - {{- if .Values.clusterAgent.collection.kubeStateMetrics.clusterCheck }} - skip_leader_election: true - {{- end }} - labels_as_tags: - {{ .Values.clusterAgent.collection.kubeStateMetrics.labelsAsTags | toYaml | indent 8 }} - annotations_as_tags: - {{ .Values.clusterAgent.collection.kubeStateMetrics.annotationsAsTags | toYaml | indent 8 }} -{{- end -}} diff --git a/charts/stackstate/stackstate-k8s-agent/1.0.58/templates/_container-agent.yaml b/charts/stackstate/stackstate-k8s-agent/1.0.58/templates/_container-agent.yaml deleted file mode 100644 index 033ca11ec..000000000 --- a/charts/stackstate/stackstate-k8s-agent/1.0.58/templates/_container-agent.yaml +++ /dev/null @@ -1,192 +0,0 @@ -{{- define "container-agent" -}} -- name: node-agent -{{- if .Values.all.hardening.enabled}} - lifecycle: - preStop: - exec: - command: [ "/bin/sh", "-c", "echo 'Giving slim.ai monitor time to submit data...'; sleep 120" ] -{{- end }} - image: "{{ include "stackstate-k8s-agent.imageRegistry" . }}/{{ .Values.nodeAgent.containers.agent.image.repository }}:{{ .Values.nodeAgent.containers.agent.image.tag }}" - imagePullPolicy: "{{ .Values.nodeAgent.containers.agent.image.pullPolicy }}" - env: - - name: STS_API_KEY - valueFrom: - secretKeyRef: - name: {{ include "stackstate-k8s-agent.fullname" . }} - key: sts-api-key - - name: STS_KUBERNETES_KUBELET_HOST - valueFrom: - fieldRef: - fieldPath: status.hostIP - - name: KUBERNETES_HOSTNAME - valueFrom: - fieldRef: - fieldPath: spec.nodeName - - name: STS_HOSTNAME - value: "$(KUBERNETES_HOSTNAME)-{{ .Values.stackstate.cluster.name}}" - - name: AGENT_VERSION - value: {{ .Values.nodeAgent.containers.agent.image.tag | quote }} - - name: HOST_PROC - value: "/host/proc" - - name: HOST_SYS - value: "/host/sys" - - name: KUBERNETES - value: "true" - - name: STS_APM_ENABLED - value: {{ .Values.nodeAgent.apm.enabled | quote }} - - name: STS_APM_URL - value: {{ include "stackstate-k8s-agent.stackstate.url" . }} - - name: STS_CLUSTER_AGENT_ENABLED - value: {{ .Values.clusterAgent.enabled | quote }} - {{- if .Values.clusterAgent.enabled }} - - name: STS_CLUSTER_AGENT_KUBERNETES_SERVICE_NAME - value: {{ .Release.Name }}-cluster-agent - - name: STS_CLUSTER_AGENT_AUTH_TOKEN - valueFrom: - secretKeyRef: - name: {{ include "stackstate-k8s-agent.fullname" . }} - key: sts-cluster-auth-token - {{- end }} - - name: STS_CLUSTER_NAME - value: {{ .Values.stackstate.cluster.name | quote }} - - name: STS_SKIP_VALIDATE_CLUSTERNAME - value: "true" - - name: STS_CHECKS_TAG_CARDINALITY - value: {{ .Values.nodeAgent.checksTagCardinality | quote }} - {{- if .Values.checksAgent.enabled }} - - name: STS_EXTRA_CONFIG_PROVIDERS - value: "endpointschecks" - {{- end }} - - name: STS_HEALTH_PORT - value: "5555" - - name: STS_LEADER_ELECTION - value: "false" - - name: LOG_LEVEL - value: {{ .Values.nodeAgent.containers.agent.logLevel | default .Values.nodeAgent.logLevel | quote }} - - name: STS_LOG_LEVEL - value: {{ .Values.nodeAgent.containers.agent.logLevel | default .Values.nodeAgent.logLevel | quote }} - - name: STS_NETWORK_TRACING_ENABLED - value: {{ .Values.nodeAgent.networkTracing.enabled | quote }} - - name: STS_PROTOCOL_INSPECTION_ENABLED - value: {{ .Values.nodeAgent.protocolInspection.enabled | quote }} - - name: STS_PROCESS_AGENT_ENABLED - value: {{ .Values.nodeAgent.containers.agent.processAgent.enabled | quote }} - - name: STS_CONTAINER_CHECK_INTERVAL - value: {{ .Values.processAgent.checkIntervals.container | quote }} - - name: STS_CONNECTION_CHECK_INTERVAL - value: {{ .Values.processAgent.checkIntervals.connections | quote }} - - name: STS_PROCESS_CHECK_INTERVAL - value: {{ .Values.processAgent.checkIntervals.process | quote }} - - name: STS_PROCESS_AGENT_URL - value: {{ include "stackstate-k8s-agent.stackstate.url" . }} - - name: STS_SKIP_SSL_VALIDATION - value: {{ .Values.nodeAgent.skipSslValidation | quote }} - - name: STS_SKIP_KUBELET_TLS_VERIFY - value: {{ .Values.nodeAgent.skipKubeletTLSVerify | quote }} - - name: STS_STS_URL - value: {{ include "stackstate-k8s-agent.stackstate.url" . }} - {{- if .Values.nodeAgent.containerRuntime.customSocketPath }} - - name: STS_CRI_SOCKET_PATH - value: {{ .Values.nodeAgent.containerRuntime.customSocketPath }} - {{- end }} - {{- range $key, $value := .Values.nodeAgent.containers.agent.env }} - - name: {{ $key }} - value: {{ $value | quote }} - {{- end }} - {{- range $key, $value := .Values.global.extraEnv.open }} - - name: {{ $key }} - value: {{ $value | quote }} - {{- end }} - {{- range $key, $value := .Values.global.extraEnv.secret }} - - name: {{ $key }} - valueFrom: - secretKeyRef: - name: {{ include "stackstate-k8s-agent.fullname" . }} - key: {{ $key }} - {{- end }} - {{- if .Values.nodeAgent.containers.agent.livenessProbe.enabled }} - livenessProbe: - httpGet: - path: /health - port: healthport - failureThreshold: {{ .Values.nodeAgent.containers.agent.livenessProbe.failureThreshold }} - initialDelaySeconds: {{ .Values.nodeAgent.containers.agent.livenessProbe.initialDelaySeconds }} - periodSeconds: {{ .Values.nodeAgent.containers.agent.livenessProbe.periodSeconds }} - successThreshold: {{ .Values.nodeAgent.containers.agent.livenessProbe.successThreshold }} - timeoutSeconds: {{ .Values.nodeAgent.containers.agent.livenessProbe.timeoutSeconds }} - {{- end }} - {{- if .Values.nodeAgent.containers.agent.readinessProbe.enabled }} - readinessProbe: - httpGet: - path: /health - port: healthport - failureThreshold: {{ .Values.nodeAgent.containers.agent.readinessProbe.failureThreshold }} - initialDelaySeconds: {{ .Values.nodeAgent.containers.agent.readinessProbe.initialDelaySeconds }} - periodSeconds: {{ .Values.nodeAgent.containers.agent.readinessProbe.periodSeconds }} - successThreshold: {{ .Values.nodeAgent.containers.agent.readinessProbe.successThreshold }} - timeoutSeconds: {{ .Values.nodeAgent.containers.agent.readinessProbe.timeoutSeconds }} - {{- end }} - ports: - - containerPort: 8126 - name: traceport - protocol: TCP - - containerPort: 5555 - name: healthport - protocol: TCP - {{- with .Values.nodeAgent.containers.agent.resources }} - resources: - {{- toYaml . | nindent 12 }} - {{- end }} - volumeMounts: - {{- if .Values.nodeAgent.containerRuntime.customSocketPath }} - - name: customcrisocket - mountPath: {{ .Values.nodeAgent.containerRuntime.customSocketPath }} - readOnly: true - {{- end }} - - name: crisocket - mountPath: /var/run/crio/crio.sock - readOnly: true - - name: containerdsocket - mountPath: /var/run/containerd/containerd.sock - readOnly: true - - name: kubelet - mountPath: /var/lib/kubelet - readOnly: true - - name: nfs - mountPath: /var/lib/nfs - readOnly: true - - name: dockersocket - mountPath: /var/run/docker.sock - readOnly: true - - name: dockernetns - mountPath: /run/docker/netns - readOnly: true - - name: dockeroverlay2 - mountPath: /var/lib/docker/overlay2 - readOnly: true - - name: procdir - mountPath: /host/proc - readOnly: true - - name: cgroups - mountPath: /host/sys/fs/cgroup - readOnly: true - {{- if .Values.nodeAgent.config.override }} - {{- range .Values.nodeAgent.config.override }} - - name: config-override-volume - mountPath: {{ .path }}/{{ .name }} - subPath: {{ .path | replace "/" "_"}}_{{ .name }} - readOnly: true - {{- end }} - {{- end }} -{{- if .Values.all.hardening.enabled}} - securityContext: - privileged: true - runAsUser: 0 # root - capabilities: - add: [ "ALL" ] - readOnlyRootFilesystem: false -{{- else }} - securityContext: - privileged: false -{{- end }} -{{- end -}} diff --git a/charts/stackstate/stackstate-k8s-agent/1.0.58/templates/_container-process-agent.yaml b/charts/stackstate/stackstate-k8s-agent/1.0.58/templates/_container-process-agent.yaml deleted file mode 100644 index 345484161..000000000 --- a/charts/stackstate/stackstate-k8s-agent/1.0.58/templates/_container-process-agent.yaml +++ /dev/null @@ -1,154 +0,0 @@ -{{- define "container-process-agent" -}} -- name: process-agent -{{ if .Values.nodeAgent.containers.processAgent.image.registry }} - image: "{{ .Values.nodeAgent.containers.processAgent.image.registry }}/{{ .Values.nodeAgent.containers.processAgent.image.repository }}:{{ .Values.nodeAgent.containers.processAgent.image.tag }}" -{{ else }} - image: "{{ include "stackstate-k8s-agent.imageRegistry" . }}/{{ .Values.nodeAgent.containers.processAgent.image.repository }}:{{ .Values.nodeAgent.containers.processAgent.image.tag }}" -{{- end }} - imagePullPolicy: "{{ .Values.nodeAgent.containers.processAgent.image.pullPolicy }}" - ports: - - containerPort: 6063 - env: - - name: STS_API_KEY - valueFrom: - secretKeyRef: - name: {{ include "stackstate-k8s-agent.fullname" . }} - key: sts-api-key - - name: STS_KUBERNETES_KUBELET_HOST - valueFrom: - fieldRef: - fieldPath: status.hostIP - - name: KUBERNETES_HOSTNAME - valueFrom: - fieldRef: - fieldPath: spec.nodeName - - name: STS_HOSTNAME - value: "$(KUBERNETES_HOSTNAME)-{{ .Values.stackstate.cluster.name}}" - - name: AGENT_VERSION - value: {{ .Values.nodeAgent.containers.processAgent.image.tag | quote }} - - name: STS_LOG_TO_CONSOLE - value: "true" - - name: HOST_PROC - value: "/host/proc" - - name: HOST_SYS - value: "/host/sys" - - name: KUBERNETES - value: "true" - - name: STS_CLUSTER_AGENT_ENABLED - value: {{ .Values.clusterAgent.enabled | quote }} - {{- if .Values.clusterAgent.enabled }} - - name: STS_CLUSTER_AGENT_KUBERNETES_SERVICE_NAME - value: {{ .Release.Name }}-cluster-agent - - name: STS_CLUSTER_AGENT_AUTH_TOKEN - valueFrom: - secretKeyRef: - name: {{ include "stackstate-k8s-agent.fullname" . }} - key: sts-cluster-auth-token - {{- end }} - - name: STS_CLUSTER_NAME - value: {{ .Values.stackstate.cluster.name | quote }} - - name: STS_SKIP_VALIDATE_CLUSTERNAME - value: "true" - - name: LOG_LEVEL - value: {{ .Values.nodeAgent.containers.processAgent.logLevel | default .Values.nodeAgent.logLevel | quote }} - - name: STS_LOG_LEVEL - value: {{ .Values.nodeAgent.containers.processAgent.logLevel | default .Values.nodeAgent.logLevel | quote }} - - name: STS_NETWORK_TRACING_ENABLED - value: {{ .Values.nodeAgent.networkTracing.enabled | quote }} - - name: STS_PROTOCOL_INSPECTION_ENABLED - value: {{ .Values.nodeAgent.protocolInspection.enabled | quote }} - - name: STS_PROCESS_AGENT_ENABLED - value: {{ .Values.nodeAgent.containers.processAgent.enabled | quote }} - - name: STS_CONTAINER_CHECK_INTERVAL - value: {{ .Values.processAgent.checkIntervals.container | quote }} - - name: STS_CONNECTION_CHECK_INTERVAL - value: {{ .Values.processAgent.checkIntervals.connections | quote }} - - name: STS_PROCESS_CHECK_INTERVAL - value: {{ .Values.processAgent.checkIntervals.process | quote }} - - name: GOMEMLIMIT - value: {{ .Values.processAgent.softMemoryLimit.goMemLimit | quote }} - - name: STS_HTTP_STATS_BUFFER_SIZE - value: {{ .Values.processAgent.softMemoryLimit.httpStatsBufferSize | quote }} - - name: STS_HTTP_OBSERVATIONS_BUFFER_SIZE - value: {{ .Values.processAgent.softMemoryLimit.httpObservationsBufferSize | quote }} - - name: STS_PROCESS_AGENT_URL - value: {{ include "stackstate-k8s-agent.stackstate.url" . }} - - name: STS_SKIP_SSL_VALIDATION - value: {{ .Values.nodeAgent.skipSslValidation | quote }} - - name: STS_SKIP_KUBELET_TLS_VERIFY - value: {{ .Values.nodeAgent.skipKubeletTLSVerify | quote }} - - name: STS_STS_URL - value: {{ include "stackstate-k8s-agent.stackstate.url" . }} - - name: STS_HTTP_TRACING_ENABLED - value: {{ .Values.nodeAgent.httpTracing.enabled | quote }} - {{- if .Values.nodeAgent.containerRuntime.customSocketPath }} - - name: STS_CRI_SOCKET_PATH - value: {{ .Values.nodeAgent.containerRuntime.customSocketPath }} - {{- end }} - {{- range $key, $value := .Values.nodeAgent.containers.processAgent.env }} - - name: {{ $key }} - value: {{ $value | quote }} - {{- end }} - {{- range $key, $value := .Values.global.extraEnv.open }} - - name: {{ $key }} - value: {{ $value | quote }} - {{- end }} - {{- range $key, $value := .Values.global.extraEnv.secret }} - - name: {{ $key }} - valueFrom: - secretKeyRef: - name: {{ include "stackstate-k8s-agent.fullname" . }} - key: {{ $key }} - {{- end }} - {{- with .Values.nodeAgent.containers.processAgent.resources }} - resources: - {{- toYaml . | nindent 12 }} - {{- end }} - volumeMounts: - {{- if .Values.nodeAgent.containerRuntime.customSocketPath }} - - name: customcrisocket - mountPath: {{ .Values.nodeAgent.containerRuntime.customSocketPath }} - readOnly: true - {{- end }} - - name: crisocket - mountPath: /var/run/crio/crio.sock - readOnly: true - - name: containerdsocket - mountPath: /var/run/containerd/containerd.sock - readOnly: true - - name: sys-kernel-debug - mountPath: /sys/kernel/debug - # Having sys-kernel-debug as read only breaks specific monitors from receiving metrics - # readOnly: true - - name: dockersocket - mountPath: /var/run/docker.sock - readOnly: true - - name: procdir - mountPath: /host/proc - readOnly: true - - name: passwd - mountPath: /etc/passwd - readOnly: true - - name: cgroups - mountPath: /host/sys/fs/cgroup - readOnly: true - {{- if .Values.nodeAgent.config.override }} - {{- range .Values.nodeAgent.config.override }} - - name: config-override-volume - mountPath: {{ .path }}/{{ .name }} - subPath: {{ .path | replace "/" "_"}}_{{ .name }} - readOnly: true - {{- end }} - {{- end }} -{{- if .Values.all.hardening.enabled}} - securityContext: - privileged: true - runAsUser: 0 # root - capabilities: - add: [ "ALL" ] - readOnlyRootFilesystem: false -{{- else }} - securityContext: - privileged: true -{{- end }} -{{- end -}} diff --git a/charts/stackstate/stackstate-k8s-agent/1.0.58/templates/_helpers.tpl b/charts/stackstate/stackstate-k8s-agent/1.0.58/templates/_helpers.tpl deleted file mode 100644 index 09a27fd6e..000000000 --- a/charts/stackstate/stackstate-k8s-agent/1.0.58/templates/_helpers.tpl +++ /dev/null @@ -1,175 +0,0 @@ -{{/* vim: set filetype=mustache: */}} -{{/* -Expand the name of the chart. -*/}} -{{- define "stackstate-k8s-agent.name" -}} -{{- default .Chart.Name .Values.nameOverride | trunc 63 | trimSuffix "-" -}} -{{- end -}} - -{{/* -Create a default fully qualified app name. -We truncate at 63 chars because some Kubernetes name fields are limited to this (by the DNS naming spec). -If release name contains chart name it will be used as a full name. -*/}} -{{- define "stackstate-k8s-agent.fullname" -}} -{{- if .Values.fullnameOverride -}} -{{- .Values.fullnameOverride | trunc 63 | trimSuffix "-" -}} -{{- else -}} -{{- $name := default .Chart.Name .Values.nameOverride -}} -{{- if contains $name .Release.Name -}} -{{- .Release.Name | trunc 63 | trimSuffix "-" -}} -{{- else -}} -{{- printf "%s-%s" .Release.Name $name | trunc 63 | trimSuffix "-" -}} -{{- end -}} -{{- end -}} -{{- end -}} - -{{/* -Create chart name and version as used by the chart label. -*/}} -{{- define "stackstate-k8s-agent.chart" -}} -{{- printf "%s-%s" .Chart.Name .Chart.Version | replace "+" "_" | trunc 63 | trimSuffix "-" -}} -{{- end -}} - -{{/* -Common labels -*/}} -{{- define "stackstate-k8s-agent.labels" -}} -app.kubernetes.io/name: {{ include "stackstate-k8s-agent.name" . }} -helm.sh/chart: {{ include "stackstate-k8s-agent.chart" . }} -app.kubernetes.io/instance: {{ .Release.Name }} -{{- if .Chart.AppVersion }} -app.kubernetes.io/version: {{ .Chart.AppVersion | quote }} -{{- end }} -app.kubernetes.io/managed-by: {{ .Release.Service }} -{{- end -}} - -{{/* -Cluster agent checksum annotations -*/}} -{{- define "stackstate-k8s-agent.checksum-configs" }} -checksum/secret: {{ include (print $.Template.BasePath "/secret.yaml") . | sha256sum }} -{{- end }} - -{{/* -StackState URL function -*/}} -{{- define "stackstate-k8s-agent.stackstate.url" -}} -{{ tpl .Values.stackstate.url . | quote }} -{{- end }} - -{{- define "stackstate-k8s-agent.configmap.override.checksum" -}} -{{- if .Values.clusterAgent.config.override }} -checksum/override-configmap: {{ include (print $.Template.BasePath "/cluster-agent-configmap.yaml") . | sha256sum }} -{{- end }} -{{- end }} - -{{- define "stackstate-k8s-agent.nodeAgent.configmap.override.checksum" -}} -{{- if .Values.nodeAgent.config.override }} -checksum/override-configmap: {{ include (print $.Template.BasePath "/node-agent-configmap.yaml") . | sha256sum }} -{{- end }} -{{- end }} - -{{- define "stackstate-k8s-agent.logsAgent.configmap.override.checksum" -}} -checksum/override-configmap: {{ include (print $.Template.BasePath "/logs-agent-configmap.yaml") . | sha256sum }} -{{- end }} - -{{- define "stackstate-k8s-agent.checksAgent.configmap.override.checksum" -}} -{{- if .Values.checksAgent.config.override }} -checksum/override-configmap: {{ include (print $.Template.BasePath "/checks-agent-configmap.yaml") . | sha256sum }} -{{- end }} -{{- end }} - - -{{/* -Return the image registry -*/}} -{{- define "stackstate-k8s-agent.imageRegistry" -}} - {{- if .Values.global }} - {{- .Values.global.imageRegistry | default .Values.all.image.registry -}} - {{- else -}} - {{- .Values.all.image.registry -}} - {{- end -}} -{{- end -}} - -{{/* -Renders a value that contains a template. -Usage: -{{ include "stackstate-k8s-agent.tplvalue.render" ( dict "value" .Values.path.to.the.Value "context" $) }} -*/}} -{{- define "stackstate-k8s-agent.tplvalue.render" -}} - {{- if typeIs "string" .value }} - {{- tpl .value .context }} - {{- else }} - {{- tpl (.value | toYaml) .context }} - {{- end }} -{{- end -}} - -{{- define "stackstate-k8s-agent.pull-secret.name" -}} -{{ include "stackstate-k8s-agent.fullname" . }}-pull-secret -{{- end -}} - -{{/* -Return the proper Docker Image Registry Secret Names evaluating values as templates -{{ include "stackstate-k8s-agent.image.pullSecrets" ( dict "images" (list .Values.path.to.the.image1, .Values.path.to.the.image2) "context" $) }} -*/}} -{{- define "stackstate-k8s-agent.image.pullSecrets" -}} - {{- $pullSecrets := list }} - {{- $context := .context }} - {{- if $context.Values.global }} - {{- range $context.Values.global.imagePullSecrets -}} - {{/* Is plain array of strings, compatible with all bitnami charts */}} - {{- $pullSecrets = append $pullSecrets (include "stackstate-k8s-agent.tplvalue.render" (dict "value" . "context" $context)) -}} - {{- end -}} - {{- end -}} - {{- range $context.Values.imagePullSecrets -}} - {{- $pullSecrets = append $pullSecrets (include "stackstate-k8s-agent.tplvalue.render" (dict "value" .name "context" $context)) -}} - {{- end -}} - {{- range .images -}} - {{- if .pullSecretName -}} - {{- $pullSecrets = append $pullSecrets (include "stackstate-k8s-agent.tplvalue.render" (dict "value" .pullSecretName "context" $context)) -}} - {{- end -}} - {{- end -}} - {{- $pullSecrets = append $pullSecrets (include "stackstate-k8s-agent.pull-secret.name" $context) -}} - {{- if (not (empty $pullSecrets)) -}} -imagePullSecrets: - {{- range $pullSecrets | uniq }} - - name: {{ . }} - {{- end }} - {{- end }} -{{- end -}} - -{{/* -Check whether the kubernetes-state-metrics configuration is overridden. If so, return 'true' else return nothing (which is false). -{{ include "stackstate-k8s-agent.kube-state-metrics.overridden" $ }} -*/}} -{{- define "stackstate-k8s-agent.kube-state-metrics.overridden" -}} -{{- if .Values.clusterAgent.config.override }} - {{- range $i, $val := .Values.clusterAgent.config.override }} - {{- if and (eq $val.name "conf.yaml") (eq $val.path "/etc/stackstate-agent/conf.d/kubernetes_state.d") }} -true - {{- end }} - {{- end }} -{{- end }} -{{- end -}} - -{{- define "stackstate-k8s-agent.nodeAgent.kube-state-metrics.overridden" -}} -{{- if .Values.nodeAgent.config.override }} - {{- range $i, $val := .Values.nodeAgent.config.override }} - {{- if and (eq $val.name "auto_conf.yaml") (eq $val.path "/etc/stackstate-agent/conf.d/kubernetes_state.d") }} -true - {{- end }} - {{- end }} -{{- end }} -{{- end -}} - -{{/* -Return the appropriate os label -*/}} -{{- define "label.os" -}} -{{- if semverCompare "^1.14-0" .Capabilities.KubeVersion.GitVersion -}} -kubernetes.io/os -{{- else -}} -beta.kubernetes.io/os -{{- end -}} -{{- end -}} diff --git a/charts/stackstate/stackstate-k8s-agent/1.0.58/templates/checks-agent-clusterrolebinding.yaml b/charts/stackstate/stackstate-k8s-agent/1.0.58/templates/checks-agent-clusterrolebinding.yaml deleted file mode 100644 index 9db8b0bc3..000000000 --- a/charts/stackstate/stackstate-k8s-agent/1.0.58/templates/checks-agent-clusterrolebinding.yaml +++ /dev/null @@ -1,18 +0,0 @@ -{{- if .Values.checksAgent.enabled }} -apiVersion: rbac.authorization.k8s.io/v1 -kind: ClusterRoleBinding -metadata: - name: {{ .Release.Name }}-checks-agent - labels: -{{ include "stackstate-k8s-agent.labels" . | indent 4 }} - app.kubernetes.io/component: checks-agent -roleRef: - apiGroup: rbac.authorization.k8s.io - kind: ClusterRole - name: {{ .Release.Name }}-node-agent -subjects: -- apiGroup: "" - kind: ServiceAccount - name: {{ .Release.Name }}-checks-agent - namespace: {{ .Release.Namespace }} -{{- end -}} diff --git a/charts/stackstate/stackstate-k8s-agent/1.0.58/templates/checks-agent-configmap.yaml b/charts/stackstate/stackstate-k8s-agent/1.0.58/templates/checks-agent-configmap.yaml deleted file mode 100644 index faeefa1fc..000000000 --- a/charts/stackstate/stackstate-k8s-agent/1.0.58/templates/checks-agent-configmap.yaml +++ /dev/null @@ -1,14 +0,0 @@ -{{- if and .Values.checksAgent.enabled .Values.checksAgent.config.override }} -apiVersion: v1 -kind: ConfigMap -metadata: - name: {{ .Release.Name }}-checks-agent - labels: -{{ include "stackstate-k8s-agent.labels" . | indent 4 }} - app.kubernetes.io/component: checks-agent -data: -{{- range .Values.checksAgent.config.override }} - {{ .path | replace "/" "_"}}_{{ .name }}: | -{{ .data | indent 4 -}} -{{- end -}} -{{- end -}} diff --git a/charts/stackstate/stackstate-k8s-agent/1.0.58/templates/checks-agent-deployment.yaml b/charts/stackstate/stackstate-k8s-agent/1.0.58/templates/checks-agent-deployment.yaml deleted file mode 100644 index 4530fc616..000000000 --- a/charts/stackstate/stackstate-k8s-agent/1.0.58/templates/checks-agent-deployment.yaml +++ /dev/null @@ -1,182 +0,0 @@ -{{- if .Values.checksAgent.enabled }} -apiVersion: apps/v1 -kind: Deployment -metadata: - name: {{ .Release.Name }}-checks-agent - namespace: {{ .Release.Namespace }} - labels: -{{ include "stackstate-k8s-agent.labels" . | indent 4 }} - app.kubernetes.io/component: checks-agent -spec: - selector: - matchLabels: - app.kubernetes.io/component: checks-agent - app.kubernetes.io/instance: {{ .Release.Name }} - app.kubernetes.io/name: {{ include "stackstate-k8s-agent.name" . }} - replicas: {{ .Values.checksAgent.replicas }} -{{- with .Values.checksAgent.strategy }} - strategy: - {{- toYaml . | nindent 4 }} -{{- end }} - template: - metadata: - annotations: - {{- include "stackstate-k8s-agent.checksum-configs" . | nindent 8 }} - {{- include "stackstate-k8s-agent.nodeAgent.configmap.override.checksum" . | nindent 8 }} - labels: - app.kubernetes.io/component: checks-agent - app.kubernetes.io/instance: {{ .Release.Name }} - app.kubernetes.io/name: {{ include "stackstate-k8s-agent.name" . }} - spec: - {{- include "stackstate-k8s-agent.image.pullSecrets" (dict "images" (list .Values.checksAgent.image .Values.all.image) "context" $) | nindent 6 }} - {{- if .Values.all.hardening.enabled}} - terminationGracePeriodSeconds: 240 - {{- end }} - containers: - - name: {{ .Chart.Name }} - image: "{{ include "stackstate-k8s-agent.imageRegistry" . }}/{{ .Values.checksAgent.image.repository }}:{{ .Values.checksAgent.image.tag }}" - imagePullPolicy: "{{ .Values.checksAgent.image.pullPolicy }}" - {{- if .Values.all.hardening.enabled}} - lifecycle: - preStop: - exec: - command: [ "/bin/sh", "-c", "echo 'Giving slim.ai monitor time to submit data...'; sleep 120" ] - {{- end }} - env: - - name: STS_API_KEY - valueFrom: - secretKeyRef: - name: {{ include "stackstate-k8s-agent.fullname" . }} - key: sts-api-key - - name: KUBERNETES_HOSTNAME - valueFrom: - fieldRef: - fieldPath: spec.nodeName - - name: STS_HOSTNAME - value: "$(KUBERNETES_HOSTNAME)-{{ .Values.stackstate.cluster.name}}" - - name: AGENT_VERSION - value: {{ .Values.checksAgent.image.tag | quote }} - - name: LOG_LEVEL - value: {{ .Values.checksAgent.logLevel | quote }} - - name: STS_APM_ENABLED - value: "false" - - name: STS_CLUSTER_AGENT_ENABLED - value: {{ .Values.clusterAgent.enabled | quote }} - {{- if .Values.clusterAgent.enabled }} - - name: STS_CLUSTER_AGENT_KUBERNETES_SERVICE_NAME - value: {{ .Release.Name }}-cluster-agent - - name: STS_CLUSTER_AGENT_AUTH_TOKEN - valueFrom: - secretKeyRef: - name: {{ include "stackstate-k8s-agent.fullname" . }} - key: sts-cluster-auth-token - {{- end }} - - name: STS_CLUSTER_NAME - value: {{ .Values.stackstate.cluster.name | quote }} - - name: STS_SKIP_VALIDATE_CLUSTERNAME - value: "true" - - name: STS_CHECKS_TAG_CARDINALITY - value: {{ .Values.checksAgent.checksTagCardinality | quote }} - - name: STS_EXTRA_CONFIG_PROVIDERS - value: "clusterchecks" - - name: STS_HEALTH_PORT - value: "5555" - - name: STS_LEADER_ELECTION - value: "false" - - name: STS_LOG_LEVEL - value: {{ .Values.checksAgent.logLevel | quote }} - - name: STS_NETWORK_TRACING_ENABLED - value: "false" - - name: STS_PROCESS_AGENT_ENABLED - value: "false" - - name: STS_SKIP_SSL_VALIDATION - value: {{ .Values.checksAgent.skipSslValidation | quote }} - - name: STS_STS_URL - value: {{ include "stackstate-k8s-agent.stackstate.url" . }} - {{- range $key, $value := .Values.global.extraEnv.open }} - - name: {{ $key }} - value: {{ $value | quote }} - {{- end }} - {{- range $key, $value := .Values.global.extraEnv.secret }} - - name: {{ $key }} - valueFrom: - secretKeyRef: - name: {{ include "stackstate-k8s-agent.fullname" . }} - key: {{ $key }} - {{- end }} - livenessProbe: - httpGet: - path: /health - port: healthport - failureThreshold: {{ .Values.checksAgent.livenessProbe.failureThreshold }} - initialDelaySeconds: {{ .Values.checksAgent.livenessProbe.initialDelaySeconds }} - periodSeconds: {{ .Values.checksAgent.livenessProbe.periodSeconds }} - successThreshold: {{ .Values.checksAgent.livenessProbe.successThreshold }} - timeoutSeconds: {{ .Values.checksAgent.livenessProbe.timeoutSeconds }} - readinessProbe: - httpGet: - path: /health - port: healthport - failureThreshold: {{ .Values.checksAgent.readinessProbe.failureThreshold }} - initialDelaySeconds: {{ .Values.checksAgent.readinessProbe.initialDelaySeconds }} - periodSeconds: {{ .Values.checksAgent.readinessProbe.periodSeconds }} - successThreshold: {{ .Values.checksAgent.readinessProbe.successThreshold }} - timeoutSeconds: {{ .Values.checksAgent.readinessProbe.timeoutSeconds }} - ports: - - containerPort: 5555 - name: healthport - protocol: TCP - {{- if .Values.all.hardening.enabled}} - securityContext: - privileged: true - runAsUser: 0 # root - capabilities: - add: [ "ALL" ] - readOnlyRootFilesystem: false - {{- else }} - securityContext: - privileged: false - {{- end }} - {{- with .Values.checksAgent.resources }} - resources: - {{- toYaml . | nindent 12 }} - {{- end }} - volumeMounts: - - name: confd-empty-volume - mountPath: /etc/stackstate-agent/conf.d -# setting as readOnly: false because we need the ability to write data on /etc/stackstate-agent/conf.d as we enable checks to run. - readOnly: false - {{- if .Values.checksAgent.config.override }} - {{- range .Values.checksAgent.config.override }} - - name: config-override-volume - mountPath: {{ .path }}/{{ .name }} - subPath: {{ .path | replace "/" "_"}}_{{ .name }} - readOnly: true - {{- end }} - {{- end }} - {{- if .Values.checksAgent.priorityClassName }} - priorityClassName: {{ .Values.checksAgent.priorityClassName }} - {{- end }} - serviceAccountName: {{ .Release.Name }}-checks-agent - nodeSelector: - {{ template "label.os" . }}: {{ .Values.targetSystem }} - {{- with .Values.checksAgent.nodeSelector }} - {{- toYaml . | nindent 8 }} - {{- end }} - {{- with .Values.checksAgent.affinity }} - affinity: - {{- toYaml . | nindent 8 }} - {{- end }} - {{- with .Values.checksAgent.tolerations }} - tolerations: - {{- toYaml . | nindent 8 }} - {{- end }} - volumes: - - name: confd-empty-volume - emptyDir: {} - {{- if .Values.checksAgent.config.override }} - - name: config-override-volume - configMap: - name: {{ .Release.Name }}-checks-agent - {{- end }} -{{- end -}} diff --git a/charts/stackstate/stackstate-k8s-agent/1.0.58/templates/checks-agent-poddisruptionbudget.yaml b/charts/stackstate/stackstate-k8s-agent/1.0.58/templates/checks-agent-poddisruptionbudget.yaml deleted file mode 100644 index 7a9f1d8f9..000000000 --- a/charts/stackstate/stackstate-k8s-agent/1.0.58/templates/checks-agent-poddisruptionbudget.yaml +++ /dev/null @@ -1,20 +0,0 @@ -{{- if .Values.checksAgent.enabled }} -{{- if .Capabilities.APIVersions.Has "policy/v1/PodDisruptionBudget" }} -apiVersion: policy/v1 -{{- else }} -apiVersion: policy/v1beta1 -{{- end }} -kind: PodDisruptionBudget -metadata: - name: {{ .Release.Name }}-checks-agent - labels: -{{ include "stackstate-k8s-agent.labels" . | indent 4 }} - app.kubernetes.io/component: checks-agent -spec: - maxUnavailable: 1 - selector: - matchLabels: - app.kubernetes.io/component: checks-agent - app.kubernetes.io/instance: {{ .Release.Name }} - app.kubernetes.io/name: {{ include "stackstate-k8s-agent.name" . }} -{{- end -}} diff --git a/charts/stackstate/stackstate-k8s-agent/1.0.58/templates/checks-agent-serviceaccount.yaml b/charts/stackstate/stackstate-k8s-agent/1.0.58/templates/checks-agent-serviceaccount.yaml deleted file mode 100644 index 444aad220..000000000 --- a/charts/stackstate/stackstate-k8s-agent/1.0.58/templates/checks-agent-serviceaccount.yaml +++ /dev/null @@ -1,14 +0,0 @@ -{{- if .Values.checksAgent.enabled }} -apiVersion: v1 -kind: ServiceAccount -metadata: - name: {{ .Release.Name }}-checks-agent - namespace: {{ .Release.Namespace }} - labels: -{{ include "stackstate-k8s-agent.labels" . | indent 4 }} - app.kubernetes.io/component: checks-agent -{{- end -}} -{{- with .Values.checksAgent.serviceaccount.annotations }} - annotations: - {{- toYaml . | nindent 4 }} -{{- end }} diff --git a/charts/stackstate/stackstate-k8s-agent/1.0.58/templates/cluster-agent-clusterrole.yaml b/charts/stackstate/stackstate-k8s-agent/1.0.58/templates/cluster-agent-clusterrole.yaml deleted file mode 100644 index 6a7b27d18..000000000 --- a/charts/stackstate/stackstate-k8s-agent/1.0.58/templates/cluster-agent-clusterrole.yaml +++ /dev/null @@ -1,106 +0,0 @@ -{{- $kubeRes := .Values.clusterAgent.collection.kubernetesResources }} -apiVersion: rbac.authorization.k8s.io/v1 -kind: ClusterRole -metadata: - name: {{ include "stackstate-k8s-agent.fullname" . }} - labels: -{{ include "stackstate-k8s-agent.labels" . | indent 4 }} - app.kubernetes.io/component: cluster-agent -rules: -- apiGroups: - - "" - resources: - - events - - nodes - - pods - - services - {{- if $kubeRes.namespaces }} - - namespaces - {{- end }} - {{- if .Values.clusterAgent.collection.kubernetesMetrics }} - - componentstatuses - {{- end }} - {{- if $kubeRes.configmaps }} - - configmaps - {{- end }} - {{- if $kubeRes.endpoints }} - - endpoints - {{- end }} - {{- if $kubeRes.persistentvolumeclaims }} - - persistentvolumeclaims - {{- end }} - {{- if $kubeRes.persistentvolumes }} - - persistentvolumes - {{- end }} - {{- if $kubeRes.secrets }} - - secrets - {{- end }} - {{- if $kubeRes.resourcequotas }} - - resourcequotas - {{- end }} - verbs: - - get - - list - - watch -{{- if or $kubeRes.daemonsets $kubeRes.deployments $kubeRes.replicasets $kubeRes.statefulsets }} -- apiGroups: - - "apps" - resources: - {{- if $kubeRes.daemonsets }} - - daemonsets - {{- end }} - {{- if $kubeRes.deployments }} - - deployments - {{- end }} - {{- if $kubeRes.replicasets }} - - replicasets - {{- end }} - {{- if $kubeRes.statefulsets }} - - statefulsets - {{- end }} - verbs: - - get - - list - - watch -{{- end}} -{{- if $kubeRes.ingresses }} -- apiGroups: - - "extensions" - - "networking.k8s.io" - resources: - - ingresses - verbs: - - get - - list - - watch -{{- end}} -{{- if or $kubeRes.cronjobs $kubeRes.jobs }} -- apiGroups: - - "batch" - resources: - {{- if $kubeRes.cronjobs }} - - cronjobs - {{- end }} - {{- if $kubeRes.jobs }} - - jobs - {{- end }} - verbs: - - get - - list - - watch -{{- end}} -- nonResourceURLs: - - "/healthz" - - "/version" - verbs: - - get -- apiGroups: - - "storage.k8s.io" - resources: - {{- if $kubeRes.volumeattachments }} - - volumeattachments - {{- end }} - verbs: - - get - - list - - watch diff --git a/charts/stackstate/stackstate-k8s-agent/1.0.58/templates/cluster-agent-clusterrolebinding.yaml b/charts/stackstate/stackstate-k8s-agent/1.0.58/templates/cluster-agent-clusterrolebinding.yaml deleted file mode 100644 index 0b1bd37ea..000000000 --- a/charts/stackstate/stackstate-k8s-agent/1.0.58/templates/cluster-agent-clusterrolebinding.yaml +++ /dev/null @@ -1,16 +0,0 @@ -apiVersion: rbac.authorization.k8s.io/v1 -kind: ClusterRoleBinding -metadata: - name: {{ include "stackstate-k8s-agent.fullname" . }} - labels: -{{ include "stackstate-k8s-agent.labels" . | indent 4 }} - app.kubernetes.io/component: cluster-agent -roleRef: - apiGroup: rbac.authorization.k8s.io - kind: ClusterRole - name: {{ include "stackstate-k8s-agent.fullname" . }} -subjects: -- apiGroup: "" - kind: ServiceAccount - name: {{ include "stackstate-k8s-agent.fullname" . }} - namespace: {{ .Release.Namespace }} diff --git a/charts/stackstate/stackstate-k8s-agent/1.0.58/templates/cluster-agent-configmap.yaml b/charts/stackstate/stackstate-k8s-agent/1.0.58/templates/cluster-agent-configmap.yaml deleted file mode 100644 index 89273e11b..000000000 --- a/charts/stackstate/stackstate-k8s-agent/1.0.58/templates/cluster-agent-configmap.yaml +++ /dev/null @@ -1,28 +0,0 @@ -apiVersion: v1 -kind: ConfigMap -metadata: - name: {{ .Release.Name }}-cluster-agent - labels: -{{ include "stackstate-k8s-agent.labels" . | indent 4 }} - app.kubernetes.io/component: cluster-agent -data: - kubernetes_api_events_conf: | - init_config: - instances: - - collect_events: {{ .Values.clusterAgent.collection.kubernetesEvents }} - event_categories:{{ .Values.clusterAgent.config.events.categories | toYaml | nindent 10 }} - kubernetes_api_topology_conf: | - init_config: - instances: - - collection_interval: {{ .Values.clusterAgent.config.topology.collectionInterval }} - resources:{{ .Values.clusterAgent.collection.kubernetesResources | toYaml | nindent 10 }} - {{- if .Values.clusterAgent.collection.kubeStateMetrics.enabled }} - kube_state_metrics_core_conf: | - {{- include "cluster-agent-kube-state-metrics" . | nindent 6 }} - {{- end }} -{{- if .Values.clusterAgent.config.override }} -{{- range .Values.clusterAgent.config.override }} - {{ .path | replace "/" "_"}}_{{ .name }}: | -{{ .data | indent 4 -}} -{{- end -}} -{{- end -}} diff --git a/charts/stackstate/stackstate-k8s-agent/1.0.58/templates/cluster-agent-deployment.yaml b/charts/stackstate/stackstate-k8s-agent/1.0.58/templates/cluster-agent-deployment.yaml deleted file mode 100644 index 60c50803a..000000000 --- a/charts/stackstate/stackstate-k8s-agent/1.0.58/templates/cluster-agent-deployment.yaml +++ /dev/null @@ -1,164 +0,0 @@ -apiVersion: apps/v1 -kind: Deployment -metadata: - name: {{ .Release.Name }}-cluster-agent - labels: -{{ include "stackstate-k8s-agent.labels" . | indent 4 }} - app.kubernetes.io/component: cluster-agent -spec: - replicas: {{ .Values.clusterAgent.replicaCount }} - selector: - matchLabels: - app.kubernetes.io/component: cluster-agent - app.kubernetes.io/instance: {{ .Release.Name }} - app.kubernetes.io/name: {{ include "stackstate-k8s-agent.name" . }} -{{- with .Values.clusterAgent.strategy }} - strategy: - {{- toYaml . | nindent 4 }} -{{- end }} - template: - metadata: - annotations: - {{- include "stackstate-k8s-agent.checksum-configs" . | nindent 8 }} - {{- include "stackstate-k8s-agent.configmap.override.checksum" . | nindent 8 }} - labels: - app.kubernetes.io/component: cluster-agent - app.kubernetes.io/instance: {{ .Release.Name }} - app.kubernetes.io/name: {{ include "stackstate-k8s-agent.name" . }} - spec: - {{- include "stackstate-k8s-agent.image.pullSecrets" (dict "images" (list .Values.clusterAgent.image .Values.all.image) "context" $) | nindent 6 }} - {{- if .Values.clusterAgent.priorityClassName }} - priorityClassName: {{ .Values.clusterAgent.priorityClassName }} - {{- end }} - serviceAccountName: {{ include "stackstate-k8s-agent.fullname" . }} - {{- if .Values.all.hardening.enabled}} - terminationGracePeriodSeconds: 240 - {{- end }} - containers: - - name: cluster-agent - image: "{{ include "stackstate-k8s-agent.imageRegistry" . }}/{{ .Values.clusterAgent.image.repository }}:{{ .Values.clusterAgent.image.tag }}" - imagePullPolicy: "{{ .Values.clusterAgent.image.pullPolicy }}" - {{- if .Values.all.hardening.enabled}} - lifecycle: - preStop: - exec: - command: [ "/bin/sh", "-c", "echo 'Giving slim.ai monitor time to submit data...'; sleep 120" ] - {{- end }} - env: - - name: STS_API_KEY - valueFrom: - secretKeyRef: - name: {{ include "stackstate-k8s-agent.fullname" . }} - key: sts-api-key - - name: STS_CLUSTER_AGENT_AUTH_TOKEN - valueFrom: - secretKeyRef: - name: {{ include "stackstate-k8s-agent.fullname" . }} - key: sts-cluster-auth-token - - name: KUBERNETES_HOSTNAME - valueFrom: - fieldRef: - fieldPath: spec.nodeName - - name: STS_HOSTNAME - value: "$(KUBERNETES_HOSTNAME)-{{ .Values.stackstate.cluster.name}}" - - name: LOG_LEVEL - value: {{ .Values.clusterAgent.logLevel | quote }} - {{- if .Values.checksAgent.enabled }} - - name: STS_CLUSTER_CHECKS_ENABLED - value: "true" - - name: STS_EXTRA_CONFIG_PROVIDERS - value: "kube_endpoints kube_services" - - name: STS_EXTRA_LISTENERS - value: "kube_endpoints kube_services" - {{- end }} - - name: STS_CLUSTER_NAME - value: {{.Values.stackstate.cluster.name | quote }} - - name: STS_SKIP_VALIDATE_CLUSTERNAME - value: "true" - - name: STS_COLLECT_KUBERNETES_METRICS - value: {{ .Values.clusterAgent.collection.kubernetesMetrics | quote }} - - name: STS_COLLECT_KUBERNETES_TIMEOUT - value: {{ .Values.clusterAgent.collection.kubernetesTimeout | quote }} - - name: STS_COLLECT_KUBERNETES_TOPOLOGY - value: {{ .Values.clusterAgent.collection.kubernetesTopology | quote }} - - name: STS_LEADER_ELECTION - value: "true" - - name: STS_LOG_LEVEL - value: {{ .Values.clusterAgent.logLevel | quote }} - - name: STS_CLUSTER_AGENT_CMD_PORT - value: {{ .Values.clusterAgent.service.targetPort | quote }} - - name: STS_STS_URL - value: {{ include "stackstate-k8s-agent.stackstate.url" . }} - {{- if .Values.clusterAgent.config.configMap.maxDataSize }} - - name: STS_CONFIGMAP_MAX_DATASIZE - value: {{ .Values.clusterAgent.config.configMap.maxDataSize | quote }} - {{- end}} - {{- range $key, $value := .Values.global.extraEnv.open }} - - name: {{ $key }} - value: {{ $value | quote }} - {{- end }} - {{- range $key, $value := .Values.global.extraEnv.secret }} - - name: {{ $key }} - valueFrom: - secretKeyRef: - name: {{ include "stackstate-k8s-agent.fullname" . }} - key: {{ $key }} - {{- end }} - {{- if .Values.all.hardening.enabled}} - securityContext: - privileged: true - runAsUser: 0 # root - capabilities: - add: [ "ALL" ] - readOnlyRootFilesystem: false - {{- else }} - securityContext: - privileged: false - {{- end }} - {{- with .Values.clusterAgent.resources }} - resources: - {{- toYaml . | nindent 12 }} - {{- end }} - volumeMounts: - - name: logs - mountPath: /var/log/stackstate-agent - - name: config-override-volume - mountPath: /etc/stackstate-agent/conf.d/kubernetes_api_events.d/conf.yaml - subPath: kubernetes_api_events_conf - - name: config-override-volume - mountPath: /etc/stackstate-agent/conf.d/kubernetes_api_topology.d/conf.yaml - subPath: kubernetes_api_topology_conf - readOnly: true - {{- if .Values.clusterAgent.collection.kubeStateMetrics.enabled }} - - name: config-override-volume - mountPath: /etc/stackstate-agent/conf.d/kubernetes_state_core.d/conf.yaml - subPath: kube_state_metrics_core_conf - readOnly: true - {{- end }} - {{- if .Values.clusterAgent.config.override }} - {{- range .Values.clusterAgent.config.override }} - - name: config-override-volume - mountPath: {{ .path }}/{{ .name }} - subPath: {{ .path | replace "/" "_"}}_{{ .name }} - readOnly: true - {{- end }} - {{- end }} - nodeSelector: - {{ template "label.os" . }}: {{ .Values.targetSystem }} - {{- with .Values.clusterAgent.nodeSelector }} - {{- toYaml . | nindent 8 }} - {{- end }} - {{- with .Values.clusterAgent.affinity }} - affinity: - {{- toYaml . | nindent 8 }} - {{- end }} - {{- with .Values.clusterAgent.tolerations }} - tolerations: - {{- toYaml . | nindent 8 }} - {{- end }} - volumes: - - name: logs - emptyDir: {} - - name: config-override-volume - configMap: - name: {{ .Release.Name }}-cluster-agent diff --git a/charts/stackstate/stackstate-k8s-agent/1.0.58/templates/cluster-agent-poddisruptionbudget.yaml b/charts/stackstate/stackstate-k8s-agent/1.0.58/templates/cluster-agent-poddisruptionbudget.yaml deleted file mode 100644 index 652fa63d9..000000000 --- a/charts/stackstate/stackstate-k8s-agent/1.0.58/templates/cluster-agent-poddisruptionbudget.yaml +++ /dev/null @@ -1,18 +0,0 @@ -{{- if .Capabilities.APIVersions.Has "policy/v1/PodDisruptionBudget" }} -apiVersion: policy/v1 -{{- else }} -apiVersion: policy/v1beta1 -{{- end }} -kind: PodDisruptionBudget -metadata: - name: {{ include "stackstate-k8s-agent.fullname" . }} - labels: -{{ include "stackstate-k8s-agent.labels" . | indent 4 }} - app.kubernetes.io/component: cluster-agent -spec: - maxUnavailable: 1 - selector: - matchLabels: - app.kubernetes.io/component: cluster-agent - app.kubernetes.io/instance: {{ .Release.Name }} - app.kubernetes.io/name: {{ include "stackstate-k8s-agent.name" . }} diff --git a/charts/stackstate/stackstate-k8s-agent/1.0.58/templates/cluster-agent-role.yaml b/charts/stackstate/stackstate-k8s-agent/1.0.58/templates/cluster-agent-role.yaml deleted file mode 100644 index afe1594c1..000000000 --- a/charts/stackstate/stackstate-k8s-agent/1.0.58/templates/cluster-agent-role.yaml +++ /dev/null @@ -1,18 +0,0 @@ -{{- $kubeRes := .Values.clusterAgent.collection.kubernetesResources }} -apiVersion: rbac.authorization.k8s.io/v1 -kind: Role -metadata: - name: {{ include "stackstate-k8s-agent.fullname" . }} - labels: -{{ include "stackstate-k8s-agent.labels" . | indent 4 }} - app.kubernetes.io/component: cluster-agent -rules: -- apiGroups: - - "" - resources: - - configmaps - verbs: - - create - - get - - patch - - update diff --git a/charts/stackstate/stackstate-k8s-agent/1.0.58/templates/cluster-agent-rolebinding.yaml b/charts/stackstate/stackstate-k8s-agent/1.0.58/templates/cluster-agent-rolebinding.yaml deleted file mode 100644 index befaa77f2..000000000 --- a/charts/stackstate/stackstate-k8s-agent/1.0.58/templates/cluster-agent-rolebinding.yaml +++ /dev/null @@ -1,15 +0,0 @@ -apiVersion: rbac.authorization.k8s.io/v1 -kind: RoleBinding -metadata: - name: {{ include "stackstate-k8s-agent.fullname" . }} - labels: -{{ include "stackstate-k8s-agent.labels" . | indent 4 }} - app.kubernetes.io/component: cluster-agent -roleRef: - apiGroup: rbac.authorization.k8s.io - kind: Role - name: {{ include "stackstate-k8s-agent.fullname" . }} -subjects: -- apiGroup: "" - kind: ServiceAccount - name: {{ include "stackstate-k8s-agent.fullname" . }} diff --git a/charts/stackstate/stackstate-k8s-agent/1.0.58/templates/cluster-agent-service.yaml b/charts/stackstate/stackstate-k8s-agent/1.0.58/templates/cluster-agent-service.yaml deleted file mode 100644 index 93c39aaba..000000000 --- a/charts/stackstate/stackstate-k8s-agent/1.0.58/templates/cluster-agent-service.yaml +++ /dev/null @@ -1,18 +0,0 @@ -apiVersion: v1 -kind: Service -metadata: - name: {{ .Release.Name }}-cluster-agent - namespace: {{ .Release.Namespace }} - labels: -{{ include "stackstate-k8s-agent.labels" . | indent 4 }} - app.kubernetes.io/component: cluster-agent -spec: - ports: - - name: clusteragent - port: {{int .Values.clusterAgent.service.port }} - protocol: TCP - targetPort: {{int .Values.clusterAgent.service.targetPort }} - selector: - app.kubernetes.io/component: cluster-agent - app.kubernetes.io/instance: {{ .Release.Name }} - app.kubernetes.io/name: {{ include "stackstate-k8s-agent.name" . }} diff --git a/charts/stackstate/stackstate-k8s-agent/1.0.58/templates/cluster-agent-serviceaccount.yaml b/charts/stackstate/stackstate-k8s-agent/1.0.58/templates/cluster-agent-serviceaccount.yaml deleted file mode 100644 index ff7b7be35..000000000 --- a/charts/stackstate/stackstate-k8s-agent/1.0.58/templates/cluster-agent-serviceaccount.yaml +++ /dev/null @@ -1,12 +0,0 @@ -apiVersion: v1 -kind: ServiceAccount -metadata: - name: {{ include "stackstate-k8s-agent.fullname" . }} - namespace: {{ .Release.Namespace }} - labels: -{{ include "stackstate-k8s-agent.labels" . | indent 4 }} - app.kubernetes.io/component: cluster-agent -{{- with .Values.clusterAgent.serviceaccount.annotations }} - annotations: - {{- toYaml . | nindent 4 }} -{{- end }} diff --git a/charts/stackstate/stackstate-k8s-agent/1.0.58/templates/logs-agent-clusterrole.yaml b/charts/stackstate/stackstate-k8s-agent/1.0.58/templates/logs-agent-clusterrole.yaml deleted file mode 100644 index 70d70aa47..000000000 --- a/charts/stackstate/stackstate-k8s-agent/1.0.58/templates/logs-agent-clusterrole.yaml +++ /dev/null @@ -1,20 +0,0 @@ -{{- if .Values.logsAgent.enabled }} -apiVersion: rbac.authorization.k8s.io/v1 -kind: ClusterRole -metadata: - name: {{ .Release.Name }}-logs-agent - labels: -{{ include "stackstate-k8s-agent.labels" . | indent 4 }} - app.kubernetes.io/component: logs-agent -rules: -- apiGroups: # Kubelet connectivity - - "" - resources: - - nodes - - services - - pods - verbs: - - get - - watch - - list -{{- end -}} diff --git a/charts/stackstate/stackstate-k8s-agent/1.0.58/templates/logs-agent-clusterrolebinding.yaml b/charts/stackstate/stackstate-k8s-agent/1.0.58/templates/logs-agent-clusterrolebinding.yaml deleted file mode 100644 index 802c5d8c5..000000000 --- a/charts/stackstate/stackstate-k8s-agent/1.0.58/templates/logs-agent-clusterrolebinding.yaml +++ /dev/null @@ -1,18 +0,0 @@ -{{- if .Values.logsAgent.enabled }} -apiVersion: rbac.authorization.k8s.io/v1 -kind: ClusterRoleBinding -metadata: - name: {{ .Release.Name }}-logs-agent - labels: -{{ include "stackstate-k8s-agent.labels" . | indent 4 }} - app.kubernetes.io/component: logs-agent -roleRef: - apiGroup: rbac.authorization.k8s.io - kind: ClusterRole - name: {{ .Release.Name }}-logs-agent -subjects: -- apiGroup: "" - kind: ServiceAccount - name: {{ .Release.Name }}-logs-agent - namespace: {{ .Release.Namespace }} -{{- end -}} diff --git a/charts/stackstate/stackstate-k8s-agent/1.0.58/templates/logs-agent-configmap.yaml b/charts/stackstate/stackstate-k8s-agent/1.0.58/templates/logs-agent-configmap.yaml deleted file mode 100644 index c934777ef..000000000 --- a/charts/stackstate/stackstate-k8s-agent/1.0.58/templates/logs-agent-configmap.yaml +++ /dev/null @@ -1,54 +0,0 @@ -{{- if .Values.logsAgent.enabled }} -apiVersion: v1 -kind: ConfigMap -metadata: - name: {{ .Release.Name }}-logs-agent - labels: -{{ include "stackstate-k8s-agent.labels" . | indent 4 }} - app.kubernetes.io/component: logs-agent -data: - promtail.yaml: | - server: - http_listen_port: 9080 - grpc_listen_port: 0 - - clients: - - url: {{ tpl .Values.stackstate.url . }}/logs/k8s?api_key=${STS_API_KEY} - external_labels: - sts_cluster_name: {{ .Values.stackstate.cluster.name | quote }} - - positions: - filename: /tmp/positions.yaml - target_config: - sync_period: 10s - scrape_configs: - - job_name: pod-logs - kubernetes_sd_configs: - - role: pod - pipeline_stages: - - docker: {} - - cri: {} - relabel_configs: - - action: replace - source_labels: - - __meta_kubernetes_pod_name - target_label: pod_name - - action: replace - source_labels: - - __meta_kubernetes_pod_uid - target_label: pod_uid - - action: replace - source_labels: - - __meta_kubernetes_pod_container_name - target_label: container_name - # The __path__ is required by the promtail client - - replacement: /var/log/pods/*$1/*.log - separator: / - source_labels: - - __meta_kubernetes_pod_uid - - __meta_kubernetes_pod_container_name - target_label: __path__ - # Drop all remaining labels, we do not need those - - action: drop - regex: __meta_(.*) -{{- end -}} diff --git a/charts/stackstate/stackstate-k8s-agent/1.0.58/templates/logs-agent-daemonset.yaml b/charts/stackstate/stackstate-k8s-agent/1.0.58/templates/logs-agent-daemonset.yaml deleted file mode 100644 index 015cdba2a..000000000 --- a/charts/stackstate/stackstate-k8s-agent/1.0.58/templates/logs-agent-daemonset.yaml +++ /dev/null @@ -1,90 +0,0 @@ -{{- if .Values.logsAgent.enabled }} -apiVersion: apps/v1 -kind: DaemonSet -metadata: - name: {{ .Release.Name }}-logs-agent - namespace: {{ .Release.Namespace }} - labels: -{{ include "stackstate-k8s-agent.labels" . | indent 4 }} - app.kubernetes.io/component: logs-agent -spec: - selector: - matchLabels: - app.kubernetes.io/component: logs-agent - app.kubernetes.io/instance: {{ .Release.Name }} - app.kubernetes.io/name: {{ include "stackstate-k8s-agent.name" . }} -{{- with .Values.logsAgent.updateStrategy }} - updateStrategy: - {{- toYaml . | nindent 4 }} -{{- end }} - template: - metadata: - annotations: - {{- include "stackstate-k8s-agent.checksum-configs" . | nindent 8 }} - {{- include "stackstate-k8s-agent.logsAgent.configmap.override.checksum" . | nindent 8 }} - labels: - app.kubernetes.io/component: logs-agent - app.kubernetes.io/instance: {{ .Release.Name }} - app.kubernetes.io/name: {{ include "stackstate-k8s-agent.name" . }} - spec: - {{- include "stackstate-k8s-agent.image.pullSecrets" (dict "images" (list .Values.logsAgent.image .Values.all.image) "context" $) | nindent 6 }} - containers: - - name: logs-agent - image: "{{ include "stackstate-k8s-agent.imageRegistry" . }}/{{ .Values.logsAgent.image.repository }}:{{ .Values.logsAgent.image.tag }}" - args: - - -config.expand-env=true - - -config.file=/etc/promtail/promtail.yaml - imagePullPolicy: "{{ .Values.logsAgent.image.pullPolicy }}" - env: - - name: STS_API_KEY - valueFrom: - secretKeyRef: - name: {{ include "stackstate-k8s-agent.fullname" . }} - key: sts-api-key - - name: "HOSTNAME" # needed when using kubernetes_sd_configs - valueFrom: - fieldRef: - fieldPath: "spec.nodeName" - securityContext: - privileged: false - {{- with .Values.logsAgent.resources }} - resources: - {{- toYaml . | nindent 12 }} - {{- end }} - volumeMounts: - - name: logs - mountPath: /var/log - readOnly: true - - name: logs-agent-config - mountPath: /etc/promtail - readOnly: true - - name: varlibdockercontainers - mountPath: /var/lib/docker/containers - readOnly: true - {{- if .Values.logsAgent.priorityClassName }} - priorityClassName: {{ .Values.logsAgent.priorityClassName }} - {{- end }} - serviceAccountName: {{ .Release.Name }}-logs-agent - {{- with .Values.logsAgent.nodeSelector }} - nodeSelector: - {{- toYaml . | nindent 8 }} - {{- end }} - {{- with .Values.logsAgent.affinity }} - affinity: - {{- toYaml . | nindent 8 }} - {{- end }} - {{- with .Values.logsAgent.tolerations }} - tolerations: - {{- toYaml . | nindent 8 }} - {{- end }} - volumes: - - name: logs - hostPath: - path: /var/log - - name: varlibdockercontainers - hostPath: - path: /var/lib/docker/containers - - name: logs-agent-config - configMap: - name: {{ .Release.Name }}-logs-agent -{{- end -}} diff --git a/charts/stackstate/stackstate-k8s-agent/1.0.58/templates/logs-agent-serviceaccount.yaml b/charts/stackstate/stackstate-k8s-agent/1.0.58/templates/logs-agent-serviceaccount.yaml deleted file mode 100644 index e562c04e4..000000000 --- a/charts/stackstate/stackstate-k8s-agent/1.0.58/templates/logs-agent-serviceaccount.yaml +++ /dev/null @@ -1,14 +0,0 @@ -{{- if .Values.logsAgent.enabled }} -apiVersion: v1 -kind: ServiceAccount -metadata: - name: {{ .Release.Name }}-logs-agent - namespace: {{ .Release.Namespace }} - labels: -{{ include "stackstate-k8s-agent.labels" . | indent 4 }} - app.kubernetes.io/component: logs-agent -{{- with .Values.logsAgent.serviceaccount.annotations }} - annotations: - {{- toYaml . | nindent 4 }} -{{- end }} -{{- end -}} diff --git a/charts/stackstate/stackstate-k8s-agent/1.0.58/templates/node-agent-clusterrole.yaml b/charts/stackstate/stackstate-k8s-agent/1.0.58/templates/node-agent-clusterrole.yaml deleted file mode 100644 index 11a53c6ed..000000000 --- a/charts/stackstate/stackstate-k8s-agent/1.0.58/templates/node-agent-clusterrole.yaml +++ /dev/null @@ -1,18 +0,0 @@ -apiVersion: rbac.authorization.k8s.io/v1 -kind: ClusterRole -metadata: - name: {{ .Release.Name }}-node-agent - labels: -{{ include "stackstate-k8s-agent.labels" . | indent 4 }} - app.kubernetes.io/component: node-agent -rules: -- apiGroups: # Kubelet connectivity - - "" - resources: - - nodes/metrics - - nodes/proxy - - nodes/spec - - endpoints - verbs: - - get - - list diff --git a/charts/stackstate/stackstate-k8s-agent/1.0.58/templates/node-agent-clusterrolebinding.yaml b/charts/stackstate/stackstate-k8s-agent/1.0.58/templates/node-agent-clusterrolebinding.yaml deleted file mode 100644 index 8a33cb0bc..000000000 --- a/charts/stackstate/stackstate-k8s-agent/1.0.58/templates/node-agent-clusterrolebinding.yaml +++ /dev/null @@ -1,16 +0,0 @@ -apiVersion: rbac.authorization.k8s.io/v1 -kind: ClusterRoleBinding -metadata: - name: {{ .Release.Name }}-node-agent - labels: -{{ include "stackstate-k8s-agent.labels" . | indent 4 }} - app.kubernetes.io/component: node-agent -roleRef: - apiGroup: rbac.authorization.k8s.io - kind: ClusterRole - name: {{ .Release.Name }}-node-agent -subjects: -- apiGroup: "" - kind: ServiceAccount - name: {{ .Release.Name }}-node-agent - namespace: {{ .Release.Namespace }} diff --git a/charts/stackstate/stackstate-k8s-agent/1.0.58/templates/node-agent-configmap.yaml b/charts/stackstate/stackstate-k8s-agent/1.0.58/templates/node-agent-configmap.yaml deleted file mode 100644 index 8fdd99258..000000000 --- a/charts/stackstate/stackstate-k8s-agent/1.0.58/templates/node-agent-configmap.yaml +++ /dev/null @@ -1,14 +0,0 @@ -{{- if .Values.nodeAgent.config.override }} -apiVersion: v1 -kind: ConfigMap -metadata: - name: {{ .Release.Name }}-node-agent - labels: -{{ include "stackstate-k8s-agent.labels" . | indent 4 }} - app.kubernetes.io/component: node-agent -data: -{{- range .Values.nodeAgent.config.override }} - {{ .path | replace "/" "_"}}_{{ .name }}: | -{{ .data | indent 4 -}} -{{- end -}} -{{- end -}} diff --git a/charts/stackstate/stackstate-k8s-agent/1.0.58/templates/node-agent-daemonset.yaml b/charts/stackstate/stackstate-k8s-agent/1.0.58/templates/node-agent-daemonset.yaml deleted file mode 100644 index 39632a5cf..000000000 --- a/charts/stackstate/stackstate-k8s-agent/1.0.58/templates/node-agent-daemonset.yaml +++ /dev/null @@ -1,102 +0,0 @@ ---- -apiVersion: apps/v1 -kind: DaemonSet -metadata: - name: {{ .Release.Name }}-node-agent - namespace: {{ .Release.Namespace }} - labels: -{{ include "stackstate-k8s-agent.labels" . | indent 4 }} - app.kubernetes.io/component: node-agent -spec: - selector: - matchLabels: - app.kubernetes.io/component: node-agent - app.kubernetes.io/instance: {{ .Release.Name }} - app.kubernetes.io/name: {{ include "stackstate-k8s-agent.name" . }} -{{- with .Values.nodeAgent.updateStrategy }} - updateStrategy: - {{- toYaml . | nindent 4 }} -{{- end }} - template: - metadata: - annotations: - {{- include "stackstate-k8s-agent.checksum-configs" . | nindent 8 }} - {{- include "stackstate-k8s-agent.nodeAgent.configmap.override.checksum" . | nindent 8 }} - labels: - app.kubernetes.io/component: node-agent - app.kubernetes.io/instance: {{ .Release.Name }} - app.kubernetes.io/name: {{ include "stackstate-k8s-agent.name" . }} - spec: - {{- include "stackstate-k8s-agent.image.pullSecrets" (dict "images" (list .Values.nodeAgent.containers.agent.image .Values.all.image) "context" $) | nindent 6 }} - {{- if .Values.all.hardening.enabled}} - terminationGracePeriodSeconds: 240 - {{- end }} - containers: - {{- include "container-agent" . | nindent 6 }} - {{- if .Values.nodeAgent.containers.processAgent.enabled }} - {{- include "container-process-agent" . | nindent 6 }} - {{- end }} - dnsPolicy: ClusterFirstWithHostNet - hostNetwork: true - hostPID: true - {{- if .Values.nodeAgent.priorityClassName }} - priorityClassName: {{ .Values.nodeAgent.priorityClassName }} - {{- end }} - serviceAccountName: {{ .Release.Name }}-node-agent - nodeSelector: - {{ template "label.os" . }}: {{ .Values.targetSystem }} - {{- with .Values.nodeAgent.nodeSelector }} - {{- toYaml . | nindent 8 }} - {{- end }} - {{- with .Values.nodeAgent.affinity }} - affinity: - {{- toYaml . | nindent 8 }} - {{- end }} - {{- with .Values.nodeAgent.tolerations }} - tolerations: - {{- toYaml . | nindent 8 }} - {{- end }} - volumes: - {{- if .Values.nodeAgent.containerRuntime.customSocketPath }} - - hostPath: - path: {{ .Values.nodeAgent.containerRuntime.customSocketPath }} - name: customcrisocket - {{- end }} - - hostPath: - path: /var/lib/kubelet - name: kubelet - - hostPath: - path: /var/lib/nfs - name: nfs - - hostPath: - path: /var/lib/docker/overlay2 - name: dockeroverlay2 - - hostPath: - path: /run/docker/netns - name: dockernetns - - hostPath: - path: /var/run/crio/crio.sock - name: crisocket - - hostPath: - path: /var/run/containerd/containerd.sock - name: containerdsocket - - hostPath: - path: /sys/kernel/debug - name: sys-kernel-debug - - hostPath: - path: /var/run/docker.sock - name: dockersocket - - hostPath: - path: {{ .Values.nodeAgent.containerRuntime.hostProc }} - name: procdir - - hostPath: - path: /etc/passwd - name: passwd - - hostPath: - path: /sys/fs/cgroup - name: cgroups - {{- if .Values.nodeAgent.config.override }} - - name: config-override-volume - configMap: - name: {{ .Release.Name }}-node-agent - {{- end }} diff --git a/charts/stackstate/stackstate-k8s-agent/1.0.58/templates/node-agent-podautoscaler.yaml b/charts/stackstate/stackstate-k8s-agent/1.0.58/templates/node-agent-podautoscaler.yaml deleted file mode 100644 index f3de625e9..000000000 --- a/charts/stackstate/stackstate-k8s-agent/1.0.58/templates/node-agent-podautoscaler.yaml +++ /dev/null @@ -1,35 +0,0 @@ ---- -{{- if .Values.nodeAgent.autoScalingEnabled }} -apiVersion: "autoscaling.k8s.io/v1" -kind: VerticalPodAutoscaler -metadata: - name: {{ .Release.Name }}-node-agent-vpa - namespace: {{ .Release.Namespace }} -spec: - targetRef: - apiVersion: "apps/v1" - kind: DaemonSet - name: {{ .Release.Name }}-node-agent - resourcePolicy: - containerPolicies: - - containerName: 'node-agent' - minAllowed: - cpu: {{ .Values.nodeAgent.scaling.autoscalerLimits.agent.minimum.cpu }} - memory: {{ .Values.nodeAgent.scaling.autoscalerLimits.agent.minimum.memory }} - maxAllowed: - cpu: {{ .Values.nodeAgent.scaling.autoscalerLimits.agent.maximum.cpu }} - memory: {{ .Values.nodeAgent.scaling.autoscalerLimits.agent.maximum.memory }} - controlledResources: ["cpu", "memory"] - controlledValues: RequestsAndLimits - - containerName: 'process-agent' - minAllowed: - cpu: {{ .Values.nodeAgent.scaling.autoscalerLimits.processAgent.minimum.cpu }} - memory: {{ .Values.nodeAgent.scaling.autoscalerLimits.processAgent.minimum.memory }} - maxAllowed: - cpu: {{ .Values.nodeAgent.scaling.autoscalerLimits.processAgent.maximum.cpu }} - memory: {{ .Values.nodeAgent.scaling.autoscalerLimits.processAgent.maximum.memory }} - controlledResources: ["cpu", "memory"] - controlledValues: RequestsAndLimits - updatePolicy: - updateMode: "Auto" -{{- end }} diff --git a/charts/stackstate/stackstate-k8s-agent/1.0.58/templates/node-agent-scc.yaml b/charts/stackstate/stackstate-k8s-agent/1.0.58/templates/node-agent-scc.yaml deleted file mode 100644 index 562a099c7..000000000 --- a/charts/stackstate/stackstate-k8s-agent/1.0.58/templates/node-agent-scc.yaml +++ /dev/null @@ -1,56 +0,0 @@ -{{- if .Values.nodeAgent.scc.enabled }} -allowHostDirVolumePlugin: true -# was true -allowHostIPC: true -# was true -allowHostNetwork: true -# Allow host PID for dogstatsd origin detection -allowHostPID: true -# Allow host ports for dsd / trace / logs intake -allowHostPorts: true -allowPrivilegeEscalation: true -# was true -allowPrivilegedContainer: true -# was - '*' -allowedCapabilities: [] -allowedUnsafeSysctls: -- '*' -apiVersion: security.openshift.io/v1 -defaultAddCapabilities: null -fsGroup: -# was RunAsAny - type: MustRunAs -groups: [] -kind: SecurityContextConstraints -metadata: - name: {{ .Release.Name }}-node-agent - namespace: {{ .Release.Namespace }} -priority: null -readOnlyRootFilesystem: false -requiredDropCapabilities: null -# was RunAsAny -runAsUser: - type: MustRunAsRange -# Use the `spc_t` selinux type to access the -# docker socket + proc and cgroup stats -seLinuxContext: - type: RunAsAny - seLinuxOptions: - user: "system_u" - role: "system_r" - type: "spc_t" - level: "s0" -# was - '*' -seccompProfiles: [] -supplementalGroups: - type: RunAsAny -users: -- system:serviceaccount:{{ .Release.Namespace }}:{{ .Release.Name }}-node-agent -# Allow hostPath for docker / process metrics -volumes: - - configMap - - downwardAPI - - emptyDir - - hostPath - - secret -{{- end }} diff --git a/charts/stackstate/stackstate-k8s-agent/1.0.58/templates/node-agent-service.yaml b/charts/stackstate/stackstate-k8s-agent/1.0.58/templates/node-agent-service.yaml deleted file mode 100644 index ad5ad71ce..000000000 --- a/charts/stackstate/stackstate-k8s-agent/1.0.58/templates/node-agent-service.yaml +++ /dev/null @@ -1,26 +0,0 @@ -apiVersion: v1 -kind: Service -metadata: - name: {{ .Release.Name }}-node-agent - namespace: {{ .Release.Namespace }} - labels: -{{ include "stackstate-k8s-agent.labels" . | indent 4 }} - app.kubernetes.io/component: node-agent -{{- with .Values.nodeAgent.service.annotations }} - annotations: - {{- toYaml . | nindent 4 }} -{{- end }} -spec: - type: {{ .Values.nodeAgent.service.type }} -{{- if eq .Values.nodeAgent.service.type "LoadBalancer" }} - loadBalancerSourceRanges: {{ toYaml .Values.nodeAgent.service.loadBalancerSourceRanges | nindent 4}} -{{- end }} - ports: - - name: traceport - port: 8126 - protocol: TCP - targetPort: 8126 - selector: - app.kubernetes.io/component: node-agent - app.kubernetes.io/instance: {{ .Release.Name }} - app.kubernetes.io/name: {{ include "stackstate-k8s-agent.name" . }} diff --git a/charts/stackstate/stackstate-k8s-agent/1.0.58/templates/node-agent-serviceaccount.yaml b/charts/stackstate/stackstate-k8s-agent/1.0.58/templates/node-agent-serviceaccount.yaml deleted file mode 100644 index 935fa9674..000000000 --- a/charts/stackstate/stackstate-k8s-agent/1.0.58/templates/node-agent-serviceaccount.yaml +++ /dev/null @@ -1,12 +0,0 @@ -apiVersion: v1 -kind: ServiceAccount -metadata: - name: {{ .Release.Name }}-node-agent - namespace: {{ .Release.Namespace }} - labels: -{{ include "stackstate-k8s-agent.labels" . | indent 4 }} - app.kubernetes.io/component: node-agent -{{- with .Values.nodeAgent.serviceaccount.annotations }} - annotations: - {{- toYaml . | nindent 4 }} -{{- end }} diff --git a/charts/stackstate/stackstate-k8s-agent/1.0.58/templates/openshift-logging-secret.yaml b/charts/stackstate/stackstate-k8s-agent/1.0.58/templates/openshift-logging-secret.yaml deleted file mode 100644 index df813afe2..000000000 --- a/charts/stackstate/stackstate-k8s-agent/1.0.58/templates/openshift-logging-secret.yaml +++ /dev/null @@ -1,17 +0,0 @@ -{{- if .Values.openShiftLogging.installSecret }} -apiVersion: v1 -kind: Secret -metadata: - name: {{ include "stackstate-k8s-agent.fullname" . }}-logging-secret - namespace: openshift-logging - labels: -{{ include "stackstate-k8s-agent.labels" . | indent 4 }} -type: Opaque -data: - username: {{ "apikey" | b64enc | quote }} -{{- if .Values.global.receiverApiKey }} - password: {{ .Values.global.receiverApiKey | b64enc | quote }} -{{- else }} - password: {{ .Values.stackstate.apiKey | b64enc | quote }} -{{- end }} -{{- end }} diff --git a/charts/stackstate/stackstate-k8s-agent/1.0.58/templates/pull-secret.yaml b/charts/stackstate/stackstate-k8s-agent/1.0.58/templates/pull-secret.yaml deleted file mode 100644 index 441a42a15..000000000 --- a/charts/stackstate/stackstate-k8s-agent/1.0.58/templates/pull-secret.yaml +++ /dev/null @@ -1,35 +0,0 @@ -{{- $defaultRegistry := .Values.global.imageRegistry }} -{{- $top := . }} -{{- $registryAuthMap := dict }} - -{{- range $registry, $credentials := .Values.global.imagePullCredentials }} - {{- $registryAuthDocument := dict -}} - {{- $_ := set $registryAuthDocument "username" $credentials.username }} - {{- $_ := set $registryAuthDocument "password" $credentials.password }} - {{- $authMessage := printf "%s:%s" $registryAuthDocument.username $registryAuthDocument.password | b64enc }} - {{- $_ := set $registryAuthDocument "auth" $authMessage }} - {{- if eq $registry "default" }} - {{- $registryAuthMap := set $registryAuthMap (include "stackstate-k8s-agent.imageRegistry" $top) $registryAuthDocument }} - {{ else }} - {{- $registryAuthMap := set $registryAuthMap $registry $registryAuthDocument }} - {{- end }} -{{- end }} - -{{- if .Values.all.image.pullSecretUsername }} - {{- $registryAuthDocument := dict -}} - {{- $_ := set $registryAuthDocument "username" .Values.all.image.pullSecretUsername }} - {{- $_ := set $registryAuthDocument "password" .Values.all.image.pullSecretPassword }} - {{- $authMessage := printf "%s:%s" $registryAuthDocument.username $registryAuthDocument.password | b64enc }} - {{- $_ := set $registryAuthDocument "auth" $authMessage }} - {{- $registryAuthMap := set $registryAuthMap (include "stackstate-k8s-agent.imageRegistry" $top) $registryAuthDocument }} -{{- end }} - -{{- $dockerAuthsDocuments := dict "auths" $registryAuthMap }} - -apiVersion: v1 -kind: Secret -metadata: - name: {{ include "stackstate-k8s-agent.pull-secret.name" . }} -data: - .dockerconfigjson: {{ $dockerAuthsDocuments | toJson | b64enc | quote }} -type: kubernetes.io/dockerconfigjson diff --git a/charts/stackstate/stackstate-k8s-agent/1.0.58/templates/secret.yaml b/charts/stackstate/stackstate-k8s-agent/1.0.58/templates/secret.yaml deleted file mode 100644 index 31057ccf3..000000000 --- a/charts/stackstate/stackstate-k8s-agent/1.0.58/templates/secret.yaml +++ /dev/null @@ -1,22 +0,0 @@ -apiVersion: v1 -kind: Secret -metadata: - name: {{ include "stackstate-k8s-agent.fullname" . }} - namespace: {{ .Release.Namespace }} - labels: -{{ include "stackstate-k8s-agent.labels" . | indent 4 }} -type: Opaque -data: -{{- if .Values.global.receiverApiKey }} - sts-api-key: {{ .Values.global.receiverApiKey | b64enc | quote }} -{{- else }} - sts-api-key: {{ .Values.stackstate.apiKey | b64enc | quote }} -{{- end }} -{{- if .Values.stackstate.cluster.authToken }} - sts-cluster-auth-token: {{ .Values.stackstate.cluster.authToken | b64enc | quote }} -{{- else }} - sts-cluster-auth-token: {{ randAlphaNum 32 | b64enc | quote }} -{{- end }} -{{- range $key, $value := .Values.global.extraEnv.secret }} - {{ $key }}: {{ $value | b64enc | quote }} -{{- end }} diff --git a/charts/stackstate/stackstate-k8s-agent/1.0.58/test/clusteragent_resources_test.go b/charts/stackstate/stackstate-k8s-agent/1.0.58/test/clusteragent_resources_test.go deleted file mode 100644 index 25875e871..000000000 --- a/charts/stackstate/stackstate-k8s-agent/1.0.58/test/clusteragent_resources_test.go +++ /dev/null @@ -1,145 +0,0 @@ -package test - -import ( - "regexp" - "strings" - "testing" - - v1 "k8s.io/api/rbac/v1" - - "github.com/stretchr/testify/assert" - "gitlab.com/StackVista/DevOps/helm-charts/helmtestutil" -) - -var requiredRules = []string{ - "events+get,list,watch", - "nodes+get,list,watch", - "pods+get,list,watch", - "services+get,list,watch", - "configmaps+create,get,patch,update", -} - -var optionalRules = []string{ - "namespaces+get,list,watch", - "componentstatuses+get,list,watch", - "configmaps+list,watch", // get is already required - "endpoints+get,list,watch", - "persistentvolumeclaims+get,list,watch", - "persistentvolumes+get,list,watch", - "secrets+get,list,watch", - "apps/daemonsets+get,list,watch", - "apps/deployments+get,list,watch", - "apps/replicasets+get,list,watch", - "apps/statefulsets+get,list,watch", - "extensions/ingresses+get,list,watch", - "batch/cronjobs+get,list,watch", - "batch/jobs+get,list,watch", -} - -var roleDescriptionRegexp = regexp.MustCompile(`^((?P\w+)/)?(?P\w+)\+(?P[\w,]+)`) - -type Rule struct { - Group string - ResourceName string - Verb string -} - -func assertRuleExistence(t *testing.T, rules []v1.PolicyRule, roleDescription string, shouldBePresent bool) { - match := roleDescriptionRegexp.FindStringSubmatch(roleDescription) - assert.NotNil(t, match) - - var roleRules []Rule - for _, rule := range rules { - for _, group := range rule.APIGroups { - for _, resource := range rule.Resources { - for _, verb := range rule.Verbs { - roleRules = append(roleRules, Rule{group, resource, verb}) - } - } - } - } - - resGroup := match[roleDescriptionRegexp.SubexpIndex("group")] - resName := match[roleDescriptionRegexp.SubexpIndex("name")] - verbs := strings.Split(match[roleDescriptionRegexp.SubexpIndex("verbs")], ",") - - for _, verb := range verbs { - requiredRule := Rule{resGroup, resName, verb} - found := false - for _, rule := range roleRules { - if rule == requiredRule { - found = true - break - } - } - if shouldBePresent { - assert.Truef(t, found, "Rule %v has not been found", requiredRule) - } else { - assert.Falsef(t, found, "Rule %v should not be present", requiredRule) - } - } -} - -func TestAllResourcesAreEnabled(t *testing.T) { - output := helmtestutil.RenderHelmTemplate(t, "stackstate-k8s-agent", "values/minimal.yaml") - resources := helmtestutil.NewKubernetesResources(t, output) - - assert.Contains(t, resources.ClusterRoles, "stackstate-k8s-agent") - assert.Contains(t, resources.Roles, "stackstate-k8s-agent") - rules := resources.ClusterRoles["stackstate-k8s-agent"].Rules - rules = append(rules, resources.Roles["stackstate-k8s-agent"].Rules...) - - for _, requiredRole := range requiredRules { - assertRuleExistence(t, rules, requiredRole, true) - } - // be default, everything is enabled, so all the optional roles should be present as well - for _, optionalRule := range optionalRules { - assertRuleExistence(t, rules, optionalRule, true) - } -} - -func TestMostOfResourcesAreDisabled(t *testing.T) { - output := helmtestutil.RenderHelmTemplate(t, "stackstate-k8s-agent", "values/minimal.yaml", "values/disable-all-resource.yaml") - resources := helmtestutil.NewKubernetesResources(t, output) - - assert.Contains(t, resources.ClusterRoles, "stackstate-k8s-agent") - assert.Contains(t, resources.Roles, "stackstate-k8s-agent") - rules := resources.ClusterRoles["stackstate-k8s-agent"].Rules - rules = append(rules, resources.Roles["stackstate-k8s-agent"].Rules...) - - for _, requiredRole := range requiredRules { - assertRuleExistence(t, rules, requiredRole, true) - } - - // we expect all optional resources to be removed from ClusterRole with the given values - for _, optionalRule := range optionalRules { - assertRuleExistence(t, rules, optionalRule, false) - } -} - -func TestNoClusterWideModificationRights(t *testing.T) { - output := helmtestutil.RenderHelmTemplate(t, "stackstate-k8s-agent", "values/minimal.yaml", "values/http-header-injector.yaml") - resources := helmtestutil.NewKubernetesResources(t, output) - assert.Contains(t, resources.ClusterRoles, "stackstate-k8s-agent") - illegalVerbs := []string{"create", "patch", "update", "delete"} - - for _, clusterRole := range resources.ClusterRoles { - for _, rule := range clusterRole.Rules { - for _, verb := range rule.Verbs { - assert.NotContains(t, illegalVerbs, verb, "ClusterRole %s should not have %s verb for %s resource", clusterRole.Name, verb, rule.Resources) - } - } - } -} - -func TestServicePortChange(t *testing.T) { - output := helmtestutil.RenderHelmTemplate(t, "stackstate-k8s-agent", "values/minimal.yaml", "values/clustercheck_service_port_override.yaml") - resources := helmtestutil.NewKubernetesResources(t, output) - - cluster_agent_service := resources.Services["stackstate-k8s-agent-cluster-agent"] - - port := cluster_agent_service.Spec.Ports[0] - assert.Equal(t, port.Name, "clusteragent") - assert.Equal(t, port.Port, int32(8008)) - assert.Equal(t, port.TargetPort.IntVal, int32(9009)) -} diff --git a/charts/stackstate/stackstate-k8s-agent/1.0.58/test/clustername_test.go b/charts/stackstate/stackstate-k8s-agent/1.0.58/test/clustername_test.go deleted file mode 100644 index 55090b995..000000000 --- a/charts/stackstate/stackstate-k8s-agent/1.0.58/test/clustername_test.go +++ /dev/null @@ -1,54 +0,0 @@ -package test - -import ( - "testing" - - "github.com/gruntwork-io/terratest/modules/helm" - "github.com/stretchr/testify/assert" - - "gitlab.com/StackVista/DevOps/helm-charts/helmtestutil" -) - -func TestHelmBasicRender(t *testing.T) { - output := helmtestutil.RenderHelmTemplate(t, "stackstate-k8s-agent", "values/minimal.yaml") - - // Parse all resources into their corresponding types for validation and further inspection - helmtestutil.NewKubernetesResources(t, output) -} - -func TestClusterNameValidation(t *testing.T) { - testCases := []struct { - Name string - ClusterName string - IsValid bool - }{ - {"not allowed end with special character [.]", "name.", false}, - {"not allowed end with special character [-]", "name.", false}, - {"not allowed start with special character [-]", "-name", false}, - {"not allowed start with special character [.]", ".name", false}, - {"upper case is not allowed", "Euwest1-prod.cool-company.com", false}, - {"upper case is not allowed", "euwest1-PROD.cool-company.com", false}, - {"upper case is not allowed", "euwest1-prod.cool-company.coM", false}, - {"dots and dashes are allowed in the middle", "euwest1-prod.cool-company.com", true}, - {"underscore is not allowed", "why_7", false}, - } - - for _, testCase := range testCases { - t.Run(testCase.Name, func(t *testing.T) { - output, err := helmtestutil.RenderHelmTemplateOpts( - t, "cluster-agent", - &helm.Options{ - ValuesFiles: []string{"values/minimal.yaml"}, - SetStrValues: map[string]string{ - "stackstate.cluster.name": testCase.ClusterName, - }, - }) - if testCase.IsValid { - assert.Nil(t, err) - } else { - assert.NotNil(t, err) - assert.Contains(t, output, "stackstate.cluster.name: Does not match pattern") - } - }) - } -} diff --git a/charts/stackstate/stackstate-k8s-agent/1.0.58/test/values/clustercheck_ksm_custom_url.yaml b/charts/stackstate/stackstate-k8s-agent/1.0.58/test/values/clustercheck_ksm_custom_url.yaml deleted file mode 100644 index 57b973eed..000000000 --- a/charts/stackstate/stackstate-k8s-agent/1.0.58/test/values/clustercheck_ksm_custom_url.yaml +++ /dev/null @@ -1,7 +0,0 @@ -checksAgent: - enabled: true - kubeStateMetrics: - url: http://my-custom-ksm-url.monitoring.svc.local:8080/metrics -dependencies: - kubeStateMetrics: - enabled: true diff --git a/charts/stackstate/stackstate-k8s-agent/1.0.58/test/values/clustercheck_ksm_no_override.yaml b/charts/stackstate/stackstate-k8s-agent/1.0.58/test/values/clustercheck_ksm_no_override.yaml deleted file mode 100644 index b6c817d47..000000000 --- a/charts/stackstate/stackstate-k8s-agent/1.0.58/test/values/clustercheck_ksm_no_override.yaml +++ /dev/null @@ -1,5 +0,0 @@ -checksAgent: - enabled: true -dependencies: - kubeStateMetrics: - enabled: true diff --git a/charts/stackstate/stackstate-k8s-agent/1.0.58/test/values/clustercheck_ksm_override.yaml b/charts/stackstate/stackstate-k8s-agent/1.0.58/test/values/clustercheck_ksm_override.yaml deleted file mode 100644 index 9ca201345..000000000 --- a/charts/stackstate/stackstate-k8s-agent/1.0.58/test/values/clustercheck_ksm_override.yaml +++ /dev/null @@ -1,26 +0,0 @@ -checksAgent: - enabled: true -dependencies: - kubeStateMetrics: - enabled: true -agent: - config: - override: -# agent.config.override -- Disables kubernetes_state check on regular agent pods. - - name: auto_conf.yaml - path: /etc/stackstate-agent/conf.d/kubernetes_state.d - data: | -clusterAgent: - config: - override: -# clusterAgent.config.override -- Defines kubernetes_state check for clusterchecks agents. Auto-discovery -# with ad_identifiers does not work here. Use a specific URL instead. - - name: conf.yaml - path: /etc/stackstate-agent/conf.d/kubernetes_state.d - data: | - cluster_check: true - - init_config: - - instances: - - kube_state_url: http://YOUR_KUBE_STATE_METRICS_SERVICE_NAME:8080/metrics diff --git a/charts/stackstate/stackstate-k8s-agent/1.0.58/test/values/clustercheck_no_ksm_custom_url.yaml b/charts/stackstate/stackstate-k8s-agent/1.0.58/test/values/clustercheck_no_ksm_custom_url.yaml deleted file mode 100644 index a62691878..000000000 --- a/charts/stackstate/stackstate-k8s-agent/1.0.58/test/values/clustercheck_no_ksm_custom_url.yaml +++ /dev/null @@ -1,7 +0,0 @@ -checksAgent: - enabled: true - kubeStateMetrics: - url: http://my-custom-ksm-url.monitoring.svc.local:8080/metrics -dependencies: - kubeStateMetrics: - enabled: false diff --git a/charts/stackstate/stackstate-k8s-agent/1.0.58/test/values/clustercheck_service_port_override.yaml b/charts/stackstate/stackstate-k8s-agent/1.0.58/test/values/clustercheck_service_port_override.yaml deleted file mode 100644 index c01a98fcb..000000000 --- a/charts/stackstate/stackstate-k8s-agent/1.0.58/test/values/clustercheck_service_port_override.yaml +++ /dev/null @@ -1,4 +0,0 @@ -clusterAgent: - service: - port: 8008 - targetPort: 9009 diff --git a/charts/stackstate/stackstate-k8s-agent/1.0.58/test/values/disable-all-resource.yaml b/charts/stackstate/stackstate-k8s-agent/1.0.58/test/values/disable-all-resource.yaml deleted file mode 100644 index cd33e843e..000000000 --- a/charts/stackstate/stackstate-k8s-agent/1.0.58/test/values/disable-all-resource.yaml +++ /dev/null @@ -1,17 +0,0 @@ -clusterAgent: - collection: - kubernetesMetrics: false - kubernetesResources: - namespaces: false - configmaps: false - endpoints: false - persistentvolumes: false - persistentvolumeclaims: false - secrets: false - daemonsets: false - deployments: false - replicasets: false - statefulsets: false - ingresses: false - cronjobs: false - jobs: false diff --git a/charts/stackstate/stackstate-k8s-agent/1.0.58/test/values/http-header-injector.yaml b/charts/stackstate/stackstate-k8s-agent/1.0.58/test/values/http-header-injector.yaml deleted file mode 100644 index c9392ce2d..000000000 --- a/charts/stackstate/stackstate-k8s-agent/1.0.58/test/values/http-header-injector.yaml +++ /dev/null @@ -1,8 +0,0 @@ -httpHeaderInjectorWebhook: - webhook: - tls: - mode: "provided" - provided: - caBundle: insert-ca-here - crt: insert-cert-here - key: insert-key-here diff --git a/charts/stackstate/stackstate-k8s-agent/1.0.58/test/values/minimal.yaml b/charts/stackstate/stackstate-k8s-agent/1.0.58/test/values/minimal.yaml deleted file mode 100644 index b310c9a09..000000000 --- a/charts/stackstate/stackstate-k8s-agent/1.0.58/test/values/minimal.yaml +++ /dev/null @@ -1,7 +0,0 @@ -stackstate: - apiKey: foobar - cluster: - name: some-k8s-cluster - token: some-token - - url: https://stackstate:7000/receiver diff --git a/charts/stackstate/stackstate-k8s-agent/1.0.58/values.schema.json b/charts/stackstate/stackstate-k8s-agent/1.0.58/values.schema.json deleted file mode 100644 index 2b977af3d..000000000 --- a/charts/stackstate/stackstate-k8s-agent/1.0.58/values.schema.json +++ /dev/null @@ -1,79 +0,0 @@ -{ - "$schema": "https://json-schema.org/draft/2019-09/schema", - "$id": "https://stackstate.io/example.json", - "type": "object", - "default": {}, - "title": "StackState Agent Helm chart values", - "required": [ - "stackstate", - "clusterAgent" - ], - "properties": { - "stackstate": { - "type": "object", - "required": [ - "apiKey", - "cluster", - "url" - ], - "properties": { - "apiKey": { - "type": "string" - }, - "cluster": { - "type": "object", - "required": ["name"], - "properties": { - "name": { - "type": "string", - "pattern": "^[a-z0-9]([a-z0-9\\-\\.]*[a-z0-9])$" - }, - "authToken": { - "type": "string" - } - } - }, - "url": { - "type": "string" - } - } - }, - "clusterAgent": { - "type": "object", - "required": [ - "config" - ], - "properties": { - "config": { - "type": "object", - "required": [ - "events" - ], - "properties": { - "events": { - "type": "object", - "properties": { - "categories": { - "type": "object", - "patternProperties": { - ".*": { - "type": [ - "string" - ], - "enum": [ - "Alerts", - "Activities", - "Changes", - "Others" - ] - } - } - } - } - } - } - } - } - } - } -} diff --git a/charts/stackstate/stackstate-k8s-agent/1.0.58/values.yaml b/charts/stackstate/stackstate-k8s-agent/1.0.58/values.yaml deleted file mode 100644 index 476230af0..000000000 --- a/charts/stackstate/stackstate-k8s-agent/1.0.58/values.yaml +++ /dev/null @@ -1,579 +0,0 @@ -##################### -# General variables # -##################### - -global: - extraEnv: - # global.extraEnv.open -- Extra open environment variables to inject into pods. - open: {} - # global.extraEnv.secret -- Extra secret environment variables to inject into pods via a `Secret` object. - secret: {} - # global.imagePullSecrets -- Secrets / credentials needed for container image registry. - imagePullSecrets: [] - # global.imagePullCredentials -- Globally define credentials for pulling images. - imagePullCredentials: {} - -# nameOverride -- Override the name of the chart. -nameOverride: "" -# fullnameOverride -- Override the fullname of the chart. -fullnameOverride: "" - -# targetSystem -- Target OS for this deployment (possible values: linux) -targetSystem: "linux" - -all: - image: - # all.image.registry -- The image registry to use. - registry: "quay.io" - hardening: - # all.hardening.enabled -- An indication of whether the containers will be evaluated for hardening at runtime - enabled: false - -nodeAgent: - # nodeAgent.autoScalingEnabled -- Enable / disable autoscaling for the node agent pods. - autoScalingEnabled: false - containerRuntime: - # nodeAgent.containerRuntime.customSocketPath -- If the container socket path does not match the default for CRI-O, Containerd or Docker, supply a custom socket path. - customSocketPath: "" - # nodeAgent.containerRuntime.customHostProc -- If the container is launched from a place where /proc is mounted differently, /proc can be changed - hostProc: /proc - - scc: - # nodeAgent.scc.enabled -- Enable / disable the installation of the SecurityContextConfiguration needed for installation on OpenShift. - enabled: false - apm: - # nodeAgent.apm.enabled -- Enable / disable the nodeAgent APM module. - enabled: true - networkTracing: - # nodeAgent.networkTracing.enabled -- Enable / disable the nodeAgent network tracing module. - enabled: true - protocolInspection: - # nodeAgent.protocolInspection.enabled -- Enable / disable the nodeAgent protocol inspection. - enabled: true - httpTracing: - enabled: true - # nodeAgent.skipSslValidation -- Set to true if self signed certificates are used. - skipSslValidation: false - # nodeAgent.skipKubeletTLSVerify -- Set to true if you want to skip kubelet tls verification. - skipKubeletTLSVerify: false - - # nodeAgent.checksTagCardinality -- low, orchestrator or high. Orchestrator level adds pod_name, high adds display_container_name - checksTagCardinality: orchestrator - - # nodeAgent.config -- - config: - # nodeAgent.config.override -- A list of objects containing three keys `name`, `path` and `data`, specifying filenames at specific paths which need to be (potentially) overridden using a mounted configmap - override: [] - - # nodeAgent.priorityClassName -- Priority class for nodeAgent pods. - priorityClassName: "" - - scaling: - autoscalerLimits: - agent: - minimum: - # nodeAgent.scaling.autoscalerLimits.agent.minimum.cpu -- Minimum CPU resource limits for main agent. - cpu: "20m" - # nodeAgent.scaling.autoscalerLimits.agent.minimum.memory -- Minimum memory resource limits for main agent. - memory: "180Mi" - maximum: - # nodeAgent.scaling.autoscalerLimits.agent.maximum.cpu -- Maximum CPU resource limits for main agent. - cpu: "500m" - # nodeAgent.scaling.autoscalerLimits.agent.maximum.memory -- Maximum memory resource limits for main agent. - memory: "750Mi" - processAgent: - minimum: - # nodeAgent.scaling.autoscalerLimits.processAgent.minimum.cpu -- Minimum CPU resource limits for process agent. - cpu: "25m" - # nodeAgent.scaling.autoscalerLimits.processAgent.minimum.memory -- Minimum memory resource limits for process agent. - memory: "100Mi" - maximum: - # nodeAgent.scaling.autoscalerLimits.processAgent.maximum.cpu -- Maximum CPU resource limits for process agent. - cpu: "1000m" - # nodeAgent.scaling.autoscalerLimits.processAgent.maximum.memory -- Maximum memory resource limits for process agent. - memory: "1500Mi" - - containers: - agent: - image: - # nodeAgent.containers.agent.image.repository -- Base container image repository. - repository: stackstate/stackstate-k8s-agent - # nodeAgent.containers.agent.image.tag -- Default container image tag. - tag: "9af1b63f" - # nodeAgent.containers.agent.image.pullPolicy -- Default container image pull policy. - pullPolicy: IfNotPresent - processAgent: - # nodeAgent.containers.agent.processAgent.enabled -- Enable / disable the agent process agent module. - deprecated - enabled: false - # nodeAgent.containers.agent.env -- Additional environment variables for the agent container - env: {} - # nodeAgent.containers.agent.logLevel -- Set logging verbosity, valid log levels are: trace, debug, info, warn, error, critical, and off - ## If not set, fall back to the value of agent.logLevel. - logLevel: # INFO - - resources: - limits: - # nodeAgent.containers.agent.resources.limits.cpu -- CPU resource limits. - cpu: "270m" - # nodeAgent.containers.agent.resources.limits.cpu -- Memory resource limits. - memory: "420Mi" - requests: - # nodeAgent.containers.agent.resources.requests.cpu -- CPU resource requests. - cpu: "20m" - # nodeAgent.containers.agent.resources.requests.cpu -- Memory resource requests. - memory: "180Mi" - livenessProbe: - # nodeAgent.containers.agent.livenessProbe.enabled -- Enable use of livenessProbe check. - enabled: true - # nodeAgent.containers.agent.livenessProbe.failureThreshold -- `failureThreshold` for the liveness probe. - failureThreshold: 3 - # nodeAgent.containers.agent.livenessProbe.initialDelaySeconds -- `initialDelaySeconds` for the liveness probe. - initialDelaySeconds: 15 - # nodeAgent.containers.agent.livenessProbe.periodSeconds -- `periodSeconds` for the liveness probe. - periodSeconds: 15 - # nodeAgent.containers.agent.livenessProbe.successThreshold -- `successThreshold` for the liveness probe. - successThreshold: 1 - # nodeAgent.containers.agent.livenessProbe.timeoutSeconds -- `timeoutSeconds` for the liveness probe. - timeoutSeconds: 5 - readinessProbe: - # nodeAgent.containers.agent.readinessProbe.enabled -- Enable use of readinessProbe check. - enabled: true - # nodeAgent.containers.agent.readinessProbe.failureThreshold -- `failureThreshold` for the readiness probe. - failureThreshold: 3 - # nodeAgent.containers.agent.readinessProbe.initialDelaySeconds -- `initialDelaySeconds` for the readiness probe. - initialDelaySeconds: 15 - # nodeAgent.containers.agent.readinessProbe.periodSeconds -- `periodSeconds` for the readiness probe. - periodSeconds: 15 - # nodeAgent.containers.agent.readinessProbe.successThreshold -- `successThreshold` for the readiness probe. - successThreshold: 1 - # nodeAgent.containers.agent.readinessProbe.timeoutSeconds -- `timeoutSeconds` for the readiness probe. - timeoutSeconds: 5 - - processAgent: - # nodeAgent.containers.processAgent.enabled -- Enable / disable the process agent container. - enabled: true - image: - # Override to pull the image from an alternate registry - registry: - # nodeAgent.containers.processAgent.image.repository -- Process-agent container image repository. - repository: stackstate/stackstate-k8s-process-agent - # nodeAgent.containers.processAgent.image.tag -- Default process-agent container image tag. - tag: "160f79ee" - # nodeAgent.containers.processAgent.image.pullPolicy -- Process-agent container image pull policy. - pullPolicy: IfNotPresent - # nodeAgent.containers.processAgent.env -- Additional environment variables for the process-agent container - env: {} - # nodeAgent.containers.processAgent.logLevel -- Set logging verbosity, valid log levels are: trace, debug, info, warn, error, critical, and off - ## If not set, fall back to the value of agent.logLevel. - logLevel: # INFO - - resources: - limits: - # nodeAgent.containers.processAgent.resources.limits.cpu -- CPU resource limits. - cpu: "125m" - # nodeAgent.containers.processAgent.resources.limits.cpu -- Memory resource limits. - memory: "400Mi" - requests: - # nodeAgent.containers.processAgent.resources.requests.cpu -- CPU resource requests. - cpu: "25m" - # nodeAgent.containers.processAgent.resources.requests.cpu -- Memory resource requests. - memory: "128Mi" - # nodeAgent.service -- The Kubernetes service for the agent - service: - # nodeAgent.service.type -- Type of Kubernetes service: ClusterIP, LoadBalancer, NodePort - type: ClusterIP - # nodeAgent.service.annotations -- Annotations for the service - annotations: {} - # nodeAgent.service.loadBalancerSourceRanges -- The IP4 CIDR allowed to reach LoadBalancer for the service. For LoadBalancer type of service only. - loadBalancerSourceRanges: ["10.0.0.0/8"] - - # nodeAgent.logLevel -- Logging level for agent processes. - logLevel: INFO - - # nodeAgent.updateStrategy -- The update strategy for the DaemonSet object. - updateStrategy: - type: RollingUpdate - rollingUpdate: - maxUnavailable: 100 - - # nodeAgent.nodeSelector -- Node labels for pod assignment. - nodeSelector: {} - - # nodeAgent.tolerations -- Toleration labels for pod assignment. - tolerations: [] - - # nodeAgent.affinity -- Affinity settings for pod assignment. - affinity: {} - - serviceaccount: - # nodeAgent.serviceaccount.annotations -- Annotations for the service account for the agent daemonset pods - annotations: {} - -processAgent: - softMemoryLimit: - # processAgent.softMemoryLimit.goMemLimit -- Soft-limit for golang heap allocation, for sanity, must be around 85% of nodeAgent.containers.processAgent.resources.limits.cpu. - goMemLimit: 340MiB - # processAgent.softMemoryLimit.httpStatsBufferSize -- Sets a maximum for the number of http stats to keep in memory between check runs, to use 40k requires around ~400Mib of memory. - httpStatsBufferSize: 40000 - # processAgent.softMemoryLimit.httpObservationsBufferSize -- Sets a maximum for the number of http observations to keep in memory between check runs, to use 40k requires around ~400Mib of memory. - httpObservationsBufferSize: 40000 - - checkIntervals: - # processAgent.checkIntervals.container -- Override the default value of the container check interval in seconds. - container: 28 - # processAgent.checkIntervals.connections -- Override the default value of the connections check interval in seconds. - connections: 30 - # processAgent.checkIntervals.process -- Override the default value of the process check interval in seconds. - process: 32 - -clusterAgent: - collection: - # clusterAgent.collection.kubernetesEvents -- Enable / disable the cluster agent events collection. - kubernetesEvents: true - # clusterAgent.collection.kubernetesMetrics -- Enable / disable the cluster agent metrics collection. - kubernetesMetrics: true - # clusterAgent.collection.kubernetesTimeout -- Default timeout (in seconds) when obtaining information from the Kubernetes API. - kubernetesTimeout: 10 - # clusterAgent.collection.kubernetesTopology -- Enable / disable the cluster agent topology collection. - kubernetesTopology: true - kubeStateMetrics: - # clusterAgent.collection.kubeStateMetrics.enabled -- Enable / disable the cluster agent kube-state-metrics collection. - enabled: true - # clusterAgent.collection.kubeStateMetrics.clusterCheck -- For large clusters where the Kubernetes State Metrics Check Core needs to be distributed on dedicated workers. - clusterCheck: false - # clusterAgent.collection.kubeStateMetrics.labelsAsTags -- Extra labels to collect from resources and to turn into StackState tag. - ## It has the following structure: - ## labelsAsTags: - ## : # can be pod, deployment, node, etc. - ## : # where is the kubernetes label and is the StackState tag - ## : - ## : - ## : - ## - ## Warning: the label must match the transformation done by kube-state-metrics, - ## for example tags.stackstate/version becomes tags_stackstate_version. - labelsAsTags: {} - # pod: - # app: app - # node: - # zone: zone - # team: team - - # clusterAgent.collection.kubeStateMetrics.annotationsAsTags -- Extra annotations to collect from resources and to turn into StackState tag. - - ## It has the following structure: - ## annotationsAsTags: - ## : # can be pod, deployment, node, etc. - ## : # where is the kubernetes annotation and is the StackState tag - ## : - ## : - ## : - ## - ## Warning: the annotation must match the transformation done by kube-state-metrics, - ## for example tags.stackstate/version becomes tags_stackstate_version. - annotationsAsTags: {} - kubernetesResources: - # clusterAgent.collection.kubernetesResources.volumeattachments -- Enable / disable collection of Volume Attachments. Used to bind Nodes to Persistent Volumes. - volumeattachments: true - # clusterAgent.collection.kubernetesResources.namespaces -- Enable / disable collection of Namespaces. - namespaces: true - # clusterAgent.collection.kubernetesResources.configmaps -- Enable / disable collection of ConfigMaps. - configmaps: true - # clusterAgent.collection.kubernetesResources.endpoints -- Enable / disable collection of Endpoints. If endpoints are disabled then StackState won't be able to connect a Service to Pods that serving it - endpoints: true - # clusterAgent.collection.kubernetesResources.persistentvolumes -- Enable / disable collection of PersistentVolumes. - persistentvolumes: true - # clusterAgent.collection.kubernetesResources.persistentvolumeclaims -- Enable / disable collection of PersistentVolumeClaims. Disabling these will not let StackState connect PersistentVolumes to pods they are attached to - persistentvolumeclaims: true - # clusterAgent.collection.kubernetesResources.secrets -- Enable / disable collection of Secrets. - secrets: true - # clusterAgent.collection.kubernetesResources.daemonsets -- Enable / disable collection of DaemonSets. - daemonsets: true - # clusterAgent.collection.kubernetesResources.deployments -- Enable / disable collection of Deployments. - deployments: true - # clusterAgent.collection.kubernetesResources.replicasets -- Enable / disable collection of ReplicaSets. - replicasets: true - # clusterAgent.collection.kubernetesResources.statefulsets -- Enable / disable collection of StatefulSets. - statefulsets: true - # clusterAgent.collection.kubernetesResources.ingresses -- Enable / disable collection of Ingresses. - ingresses: true - # clusterAgent.collection.kubernetesResources.cronjobs -- Enable / disable collection of CronJobs. - cronjobs: true - # clusterAgent.collection.kubernetesResources.jobs -- Enable / disable collection of Jobs. - jobs: true - # clusterAgent.collection.kubernetesResources.resourcequotas -- Enable / disable collection of ResourceQuotas. - resourcequotas: true - - # clusterAgent.config -- - config: - events: - # clusterAgent.config.events.categories -- Custom mapping from Kubernetes event reason to StackState event category. Categories allowed: Alerts, Activities, Changes, Others - categories: {} - topology: - # clusterAgent.config.topology.collectionInterval -- Interval for running topology collection, in seconds - collectionInterval: 90 - configMap: - # clusterAgent.config.configMap.maxDataSize -- Maximum amount of characters for the data property of a ConfigMap collected by the kubernetes topology check - maxDataSize: - # clusterAgent.config.override -- A list of objects containing three keys `name`, `path` and `data`, specifying filenames at specific paths which need to be (potentially) overridden using a mounted configmap - override: [] - - service: - # clusterAgent.service.port -- Change the Cluster Agent service port - port: 5005 - # clusterAgent.service.targetPort -- Change the Cluster Agent service targetPort - targetPort: 5005 - - # clusterAgent.enabled -- Enable / disable the cluster agent. - enabled: true - - image: - # clusterAgent.image.repository -- Base container image repository. - repository: stackstate/stackstate-k8s-cluster-agent - # clusterAgent.image.tag -- Default container image tag. - tag: "9af1b63f" - # clusterAgent.image.pullPolicy -- Default container image pull policy. - pullPolicy: IfNotPresent - - livenessProbe: - # clusterAgent.livenessProbe.enabled -- Enable use of livenessProbe check. - enabled: true - # clusterAgent.livenessProbe.failureThreshold -- `failureThreshold` for the liveness probe. - failureThreshold: 3 - # clusterAgent.livenessProbe.initialDelaySeconds -- `initialDelaySeconds` for the liveness probe. - initialDelaySeconds: 15 - # clusterAgent.livenessProbe.periodSeconds -- `periodSeconds` for the liveness probe. - periodSeconds: 15 - # clusterAgent.livenessProbe.successThreshold -- `successThreshold` for the liveness probe. - successThreshold: 1 - # clusterAgent.livenessProbe.timeoutSeconds -- `timeoutSeconds` for the liveness probe. - timeoutSeconds: 5 - - # clusterAgent.logLevel -- Logging level for stackstate-k8s-agent processes. - logLevel: INFO - - # clusterAgent.priorityClassName -- Priority class for stackstate-k8s-agent pods. - priorityClassName: "" - - readinessProbe: - # clusterAgent.readinessProbe.enabled -- Enable use of readinessProbe check. - enabled: true - # clusterAgent.readinessProbe.failureThreshold -- `failureThreshold` for the readiness probe. - failureThreshold: 3 - # clusterAgent.readinessProbe.initialDelaySeconds -- `initialDelaySeconds` for the readiness probe. - initialDelaySeconds: 15 - # clusterAgent.readinessProbe.periodSeconds -- `periodSeconds` for the readiness probe. - periodSeconds: 15 - # clusterAgent.readinessProbe.successThreshold -- `successThreshold` for the readiness probe. - successThreshold: 1 - # clusterAgent.readinessProbe.timeoutSeconds -- `timeoutSeconds` for the readiness probe. - timeoutSeconds: 5 - - # clusterAgent.replicaCount -- Number of replicas of the cluster agent to deploy. - replicaCount: 1 - - serviceaccount: - # clusterAgent.serviceaccount.annotations -- Annotations for the service account for the cluster agent pods - annotations: {} - - # clusterAgent.strategy -- The strategy for the Deployment object. - strategy: - type: RollingUpdate - # rollingUpdate: - # maxUnavailable: 1 - - resources: - limits: - # clusterAgent.resources.limits.cpu -- CPU resource limits. - cpu: "400m" - # clusterAgent.resources.limits.memory -- Memory resource limits. - memory: "800Mi" - requests: - # clusterAgent.resources.requests.cpu -- CPU resource requests. - cpu: "70m" - # clusterAgent.resources.requests.memory -- Memory resource requests. - memory: "512Mi" - - # clusterAgent.nodeSelector -- Node labels for pod assignment. - nodeSelector: {} - - # clusterAgent.tolerations -- Toleration labels for pod assignment. - tolerations: [] - - # clusterAgent.affinity -- Affinity settings for pod assignment. - affinity: {} - -openShiftLogging: - # openShiftLogging.installSecret -- Install a secret for logging on openshift - installSecret: false - -logsAgent: - # logsAgent.enabled -- Enable / disable k8s pod log collection - enabled: true - - # logsAgent.priorityClassName -- Priority class for logsAgent pods. - priorityClassName: "" - - image: - # logsAgent.image.repository -- Base container image repository. - repository: stackstate/promtail - # logsAgent.image.tag -- Default container image tag. - tag: 2.7.1 - # logsAgent.image.pullPolicy -- Default container image pull policy. - pullPolicy: IfNotPresent - - resources: - limits: - # logsAgent.resources.limits.cpu -- CPU resource limits. - cpu: "1300m" - # logsAgent.resources.limits.cpu -- Memory resource limits. - memory: "192Mi" - requests: - # logsAgent.resources.requests.cpu -- CPU resource requests. - cpu: "20m" - # logsAgent.resources.requests.cpu -- Memory resource requests. - memory: "100Mi" - - # logsAgent.updateStrategy -- The update strategy for the DaemonSet object. - updateStrategy: - type: RollingUpdate - rollingUpdate: - maxUnavailable: 100 - - # logsAgent.nodeSelector -- Node labels for pod assignment. - nodeSelector: {} - - # logsAgent.tolerations -- Toleration labels for pod assignment. - tolerations: [] - - # logsAgent.affinity -- Affinity settings for pod assignment. - affinity: {} - - serviceaccount: - # logsAgent.serviceaccount.annotations -- Annotations for the service account for the daemonset pods - annotations: {} - -checksAgent: - # checksAgent.enabled -- Enable / disable runnning cluster checks in a separately deployed pod - enabled: true - scc: - # checksAgent.scc.enabled -- Enable / disable the installation of the SecurityContextConfiguration needed for installation on OpenShift - enabled: false - apm: - # checksAgent.apm.enabled -- Enable / disable the agent APM module. - enabled: true - networkTracing: - # checksAgent.networkTracing.enabled -- Enable / disable the agent network tracing module. - enabled: true - processAgent: - # checksAgent.processAgent.enabled -- Enable / disable the agent process agent module. - enabled: true - # checksAgent.skipSslValidation -- Set to true if self signed certificates are used. - skipSslValidation: false - - # nodeAgent.checksTagCardinality -- low, orchestrator or high. Orchestrator level adds pod_name, high adds display_container_name - checksTagCardinality: orchestrator - - # checksAgent.config -- - config: - # checksAgent.config.override -- A list of objects containing three keys `name`, `path` and `data`, specifying filenames at specific paths which need to be (potentially) overridden using a mounted configmap - override: [] - - image: - # checksAgent.image.repository -- Base container image repository. - repository: stackstate/stackstate-k8s-agent - # checksAgent.image.tag -- Default container image tag. - tag: "9af1b63f" - # checksAgent.image.pullPolicy -- Default container image pull policy. - pullPolicy: IfNotPresent - - livenessProbe: - # checksAgent.livenessProbe.enabled -- Enable use of livenessProbe check. - enabled: true - # checksAgent.livenessProbe.failureThreshold -- `failureThreshold` for the liveness probe. - failureThreshold: 3 - # checksAgent.livenessProbe.initialDelaySeconds -- `initialDelaySeconds` for the liveness probe. - initialDelaySeconds: 15 - # checksAgent.livenessProbe.periodSeconds -- `periodSeconds` for the liveness probe. - periodSeconds: 15 - # checksAgent.livenessProbe.successThreshold -- `successThreshold` for the liveness probe. - successThreshold: 1 - # checksAgent.livenessProbe.timeoutSeconds -- `timeoutSeconds` for the liveness probe. - timeoutSeconds: 5 - - # checksAgent.logLevel -- Logging level for clusterchecks agent processes. - logLevel: INFO - - # checksAgent.priorityClassName -- Priority class for clusterchecks agent pods. - priorityClassName: "" - - readinessProbe: - # checksAgent.readinessProbe.enabled -- Enable use of readinessProbe check. - enabled: true - # checksAgent.readinessProbe.failureThreshold -- `failureThreshold` for the readiness probe. - failureThreshold: 3 - # checksAgent.readinessProbe.initialDelaySeconds -- `initialDelaySeconds` for the readiness probe. - initialDelaySeconds: 15 - # checksAgent.readinessProbe.periodSeconds -- `periodSeconds` for the readiness probe. - periodSeconds: 15 - # checksAgent.readinessProbe.successThreshold -- `successThreshold` for the readiness probe. - successThreshold: 1 - # checksAgent.readinessProbe.timeoutSeconds -- `timeoutSeconds` for the readiness probe. - timeoutSeconds: 5 - - # checksAgent.replicas -- Number of clusterchecks agent pods to schedule - replicas: 1 - - resources: - limits: - # checksAgent.resources.limits.cpu -- CPU resource limits. - cpu: "400m" - # checksAgent.resources.limits.cpu -- Memory resource limits. - memory: "600Mi" - requests: - # checksAgent.resources.requests.cpu -- CPU resource requests. - cpu: "20m" - # checksAgent.resources.requests.cpu -- Memory resource requests. - memory: "512Mi" - - serviceaccount: - # checksAgent.serviceaccount.annotations -- Annotations for the service account for the cluster checks pods - annotations: {} - - # checksAgent.strategy -- The strategy for the Deployment object. - strategy: - type: RollingUpdate - # rollingUpdate: - # maxUnavailable: 1 - - # checksAgent.nodeSelector -- Node labels for pod assignment. - nodeSelector: {} - - # checksAgent.tolerations -- Toleration labels for pod assignment. - tolerations: [] - - # checksAgent.affinity -- Affinity settings for pod assignment. - affinity: {} - -################################## -# http-header-injector variables # -################################## - -httpHeaderInjectorWebhook: - # httpHeaderInjectorWebhook.enabled -- Enable the webhook for injection http header injection sidecar proxy - enabled: false - -######################## -# StackState variables # -######################## - -stackstate: - # stackstate.apiKey -- (string) **PROVIDE YOUR API KEY HERE** API key to be used by the StackState agent. - apiKey: - cluster: - # stackstate.cluster.name -- (string) **PROVIDE KUBERNETES CLUSTER NAME HERE** Name of the Kubernetes cluster where the agent will be installed. - name: - # stackstate.cluster.authToken -- Provide a token to enable secure communication between the agent and the cluster agent. - authToken: "" - # stackstate.url -- (string) **PROVIDE STACKSTATE URL HERE** URL of the StackState installation to receive data from the agent. - url: diff --git a/charts/stackstate/stackstate-k8s-agent/1.0.66/.helmignore b/charts/stackstate/stackstate-k8s-agent/1.0.66/.helmignore deleted file mode 100644 index 15a5c1277..000000000 --- a/charts/stackstate/stackstate-k8s-agent/1.0.66/.helmignore +++ /dev/null @@ -1,26 +0,0 @@ -# Patterns to ignore when building packages. -# This supports shell glob matching, relative path matching, and -# negation (prefixed with !). Only one pattern per line. -.DS_Store -# Common VCS dirs -.git/ -.gitignore -.bzr/ -.bzrignore -.hg/ -.hgignore -.svn/ -# Common backup files -*.swp -*.bak -*.tmp -*~ -# Various IDEs -.project -.idea/ -*.tmproj -.vscode/ -linter_values.yaml -ci/ -installation/ -logo.svg diff --git a/charts/stackstate/stackstate-k8s-agent/1.0.66/Chart.lock b/charts/stackstate/stackstate-k8s-agent/1.0.66/Chart.lock deleted file mode 100644 index ab1abbaf8..000000000 --- a/charts/stackstate/stackstate-k8s-agent/1.0.66/Chart.lock +++ /dev/null @@ -1,6 +0,0 @@ -dependencies: -- name: http-header-injector - repository: https://helm.stackstate.io - version: 0.0.8 -digest: sha256:c3b39729fb1d0b742d799b83905467fddbce2f15cf7fb65ed4806cee6a27c818 -generated: "2023-12-05T10:09:00.393174914+01:00" diff --git a/charts/stackstate/stackstate-k8s-agent/1.0.66/Chart.yaml b/charts/stackstate/stackstate-k8s-agent/1.0.66/Chart.yaml deleted file mode 100644 index 3ded895c3..000000000 --- a/charts/stackstate/stackstate-k8s-agent/1.0.66/Chart.yaml +++ /dev/null @@ -1,25 +0,0 @@ -annotations: - catalog.cattle.io/certified: partner - catalog.cattle.io/display-name: StackState Agent - catalog.cattle.io/kube-version: '>=1.19.0-0' - catalog.cattle.io/release-name: stackstate-k8s-agent -apiVersion: v2 -appVersion: 2.19.1 -dependencies: -- alias: httpHeaderInjectorWebhook - name: http-header-injector - repository: file://./charts/http-header-injector - version: 0.0.8 -deprecated: true -description: Helm chart for the StackState Agent. -home: https://github.com/StackVista/stackstate-agent -icon: https://raw.githubusercontent.com/StackVista/helm-charts/master/stable/stackstate-k8s-agent/logo.svg -keywords: -- monitoring -- observability -- stackstate -maintainers: -- email: ops@stackstate.com - name: Stackstate -name: stackstate-k8s-agent -version: 1.0.66 diff --git a/charts/stackstate/stackstate-k8s-agent/1.0.66/README.md b/charts/stackstate/stackstate-k8s-agent/1.0.66/README.md deleted file mode 100644 index 35d62b47b..000000000 --- a/charts/stackstate/stackstate-k8s-agent/1.0.66/README.md +++ /dev/null @@ -1,248 +0,0 @@ -# stackstate-k8s-agent - -Helm chart for the StackState Agent. - -Current chart version is `1.0.66` - -**Homepage:** - -## Requirements - -| Repository | Name | Version | -|------------|------|---------| -| https://helm.stackstate.io | httpHeaderInjectorWebhook(http-header-injector) | 0.0.8 | - -## Required Values - -In order to successfully install this chart, you **must** provide the following variables: - -* `stackstate.apiKey` -* `stackstate.cluster.name` -* `stackstate.url` - -The parameter `stackstate.cluster.name` is entered when installing the Cluster Agent StackPack. - -Install them on the command line on Helm with the following command: - -```shell -helm install \ ---set-string 'stackstate.apiKey'='' \ ---set-string 'stackstate.cluster.name'='' \ ---set-string 'stackstate.url'='' \ -stackstate/stackstate-k8s-agent -``` - -## Recommended Values - -It is also recommended that you set a value for `stackstate.cluster.authToken`. If it is not provided, a value will be generated for you, but the value will change each time an upgrade is performed. - -The command for **also** installing with a set token would be: - -```shell -helm install \ ---set-string 'stackstate.apiKey'='' \ ---set-string 'stackstate.cluster.name'='' \ ---set-string 'stackstate.cluster.authToken'='' \ ---set-string 'stackstate.url'='' \ -stackstate/stackstate-k8s-agent -``` - -## Values - -| Key | Type | Default | Description | -|-----|------|---------|-------------| -| all.hardening.enabled | bool | `false` | An indication of whether the containers will be evaluated for hardening at runtime | -| all.image.registry | string | `"quay.io"` | The image registry to use. | -| checksAgent.affinity | object | `{}` | Affinity settings for pod assignment. | -| checksAgent.apm.enabled | bool | `true` | Enable / disable the agent APM module. | -| checksAgent.checksTagCardinality | string | `"orchestrator"` | | -| checksAgent.config | object | `{"override":[]}` | | -| checksAgent.config.override | list | `[]` | A list of objects containing three keys `name`, `path` and `data`, specifying filenames at specific paths which need to be (potentially) overridden using a mounted configmap | -| checksAgent.enabled | bool | `true` | Enable / disable runnning cluster checks in a separately deployed pod | -| checksAgent.image.pullPolicy | string | `"IfNotPresent"` | Default container image pull policy. | -| checksAgent.image.repository | string | `"stackstate/stackstate-k8s-agent"` | Base container image repository. | -| checksAgent.image.tag | string | `"edf7fca5"` | Default container image tag. | -| checksAgent.livenessProbe.enabled | bool | `true` | Enable use of livenessProbe check. | -| checksAgent.livenessProbe.failureThreshold | int | `3` | `failureThreshold` for the liveness probe. | -| checksAgent.livenessProbe.initialDelaySeconds | int | `15` | `initialDelaySeconds` for the liveness probe. | -| checksAgent.livenessProbe.periodSeconds | int | `15` | `periodSeconds` for the liveness probe. | -| checksAgent.livenessProbe.successThreshold | int | `1` | `successThreshold` for the liveness probe. | -| checksAgent.livenessProbe.timeoutSeconds | int | `5` | `timeoutSeconds` for the liveness probe. | -| checksAgent.logLevel | string | `"INFO"` | Logging level for clusterchecks agent processes. | -| checksAgent.networkTracing.enabled | bool | `true` | Enable / disable the agent network tracing module. | -| checksAgent.nodeSelector | object | `{}` | Node labels for pod assignment. | -| checksAgent.priorityClassName | string | `""` | Priority class for clusterchecks agent pods. | -| checksAgent.processAgent.enabled | bool | `true` | Enable / disable the agent process agent module. | -| checksAgent.readinessProbe.enabled | bool | `true` | Enable use of readinessProbe check. | -| checksAgent.readinessProbe.failureThreshold | int | `3` | `failureThreshold` for the readiness probe. | -| checksAgent.readinessProbe.initialDelaySeconds | int | `15` | `initialDelaySeconds` for the readiness probe. | -| checksAgent.readinessProbe.periodSeconds | int | `15` | `periodSeconds` for the readiness probe. | -| checksAgent.readinessProbe.successThreshold | int | `1` | `successThreshold` for the readiness probe. | -| checksAgent.readinessProbe.timeoutSeconds | int | `5` | `timeoutSeconds` for the readiness probe. | -| checksAgent.replicas | int | `1` | Number of clusterchecks agent pods to schedule | -| checksAgent.resources.limits.cpu | string | `"400m"` | Memory resource limits. | -| checksAgent.resources.limits.memory | string | `"600Mi"` | | -| checksAgent.resources.requests.cpu | string | `"20m"` | Memory resource requests. | -| checksAgent.resources.requests.memory | string | `"512Mi"` | | -| checksAgent.scc.enabled | bool | `false` | Enable / disable the installation of the SecurityContextConfiguration needed for installation on OpenShift | -| checksAgent.serviceaccount.annotations | object | `{}` | Annotations for the service account for the cluster checks pods | -| checksAgent.skipSslValidation | bool | `false` | Set to true if self signed certificates are used. | -| checksAgent.strategy | object | `{"type":"RollingUpdate"}` | The strategy for the Deployment object. | -| checksAgent.tolerations | list | `[]` | Toleration labels for pod assignment. | -| clusterAgent.affinity | object | `{}` | Affinity settings for pod assignment. | -| clusterAgent.collection.kubeStateMetrics.annotationsAsTags | object | `{}` | Extra annotations to collect from resources and to turn into StackState tag. | -| clusterAgent.collection.kubeStateMetrics.clusterCheck | bool | `false` | For large clusters where the Kubernetes State Metrics Check Core needs to be distributed on dedicated workers. | -| clusterAgent.collection.kubeStateMetrics.enabled | bool | `true` | Enable / disable the cluster agent kube-state-metrics collection. | -| clusterAgent.collection.kubeStateMetrics.labelsAsTags | object | `{}` | Extra labels to collect from resources and to turn into StackState tag. # It has the following structure: # labelsAsTags: # : # can be pod, deployment, node, etc. # : # where is the kubernetes label and is the StackState tag # : # : # : # # Warning: the label must match the transformation done by kube-state-metrics, # for example tags.stackstate/version becomes tags_stackstate_version. | -| clusterAgent.collection.kubernetesEvents | bool | `true` | Enable / disable the cluster agent events collection. | -| clusterAgent.collection.kubernetesMetrics | bool | `true` | Enable / disable the cluster agent metrics collection. | -| clusterAgent.collection.kubernetesResources.configmaps | bool | `true` | Enable / disable collection of ConfigMaps. | -| clusterAgent.collection.kubernetesResources.cronjobs | bool | `true` | Enable / disable collection of CronJobs. | -| clusterAgent.collection.kubernetesResources.daemonsets | bool | `true` | Enable / disable collection of DaemonSets. | -| clusterAgent.collection.kubernetesResources.deployments | bool | `true` | Enable / disable collection of Deployments. | -| clusterAgent.collection.kubernetesResources.endpoints | bool | `true` | Enable / disable collection of Endpoints. If endpoints are disabled then StackState won't be able to connect a Service to Pods that serving it | -| clusterAgent.collection.kubernetesResources.ingresses | bool | `true` | Enable / disable collection of Ingresses. | -| clusterAgent.collection.kubernetesResources.jobs | bool | `true` | Enable / disable collection of Jobs. | -| clusterAgent.collection.kubernetesResources.namespaces | bool | `true` | Enable / disable collection of Namespaces. | -| clusterAgent.collection.kubernetesResources.persistentvolumeclaims | bool | `true` | Enable / disable collection of PersistentVolumeClaims. Disabling these will not let StackState connect PersistentVolumes to pods they are attached to | -| clusterAgent.collection.kubernetesResources.persistentvolumes | bool | `true` | Enable / disable collection of PersistentVolumes. | -| clusterAgent.collection.kubernetesResources.replicasets | bool | `true` | Enable / disable collection of ReplicaSets. | -| clusterAgent.collection.kubernetesResources.resourcequotas | bool | `true` | Enable / disable collection of ResourceQuotas. | -| clusterAgent.collection.kubernetesResources.secrets | bool | `true` | Enable / disable collection of Secrets. | -| clusterAgent.collection.kubernetesResources.statefulsets | bool | `true` | Enable / disable collection of StatefulSets. | -| clusterAgent.collection.kubernetesResources.volumeattachments | bool | `true` | Enable / disable collection of Volume Attachments. Used to bind Nodes to Persistent Volumes. | -| clusterAgent.collection.kubernetesTimeout | int | `10` | Default timeout (in seconds) when obtaining information from the Kubernetes API. | -| clusterAgent.collection.kubernetesTopology | bool | `true` | Enable / disable the cluster agent topology collection. | -| clusterAgent.config | object | `{"configMap":{"maxDataSize":null},"events":{"categories":{}},"override":[],"topology":{"collectionInterval":90}}` | | -| clusterAgent.config.configMap.maxDataSize | string | `nil` | Maximum amount of characters for the data property of a ConfigMap collected by the kubernetes topology check | -| clusterAgent.config.events.categories | object | `{}` | Custom mapping from Kubernetes event reason to StackState event category. Categories allowed: Alerts, Activities, Changes, Others | -| clusterAgent.config.override | list | `[]` | A list of objects containing three keys `name`, `path` and `data`, specifying filenames at specific paths which need to be (potentially) overridden using a mounted configmap | -| clusterAgent.config.topology.collectionInterval | int | `90` | Interval for running topology collection, in seconds | -| clusterAgent.enabled | bool | `true` | Enable / disable the cluster agent. | -| clusterAgent.image.pullPolicy | string | `"IfNotPresent"` | Default container image pull policy. | -| clusterAgent.image.repository | string | `"stackstate/stackstate-k8s-cluster-agent"` | Base container image repository. | -| clusterAgent.image.tag | string | `"edf7fca5"` | Default container image tag. | -| clusterAgent.livenessProbe.enabled | bool | `true` | Enable use of livenessProbe check. | -| clusterAgent.livenessProbe.failureThreshold | int | `3` | `failureThreshold` for the liveness probe. | -| clusterAgent.livenessProbe.initialDelaySeconds | int | `15` | `initialDelaySeconds` for the liveness probe. | -| clusterAgent.livenessProbe.periodSeconds | int | `15` | `periodSeconds` for the liveness probe. | -| clusterAgent.livenessProbe.successThreshold | int | `1` | `successThreshold` for the liveness probe. | -| clusterAgent.livenessProbe.timeoutSeconds | int | `5` | `timeoutSeconds` for the liveness probe. | -| clusterAgent.logLevel | string | `"INFO"` | Logging level for stackstate-k8s-agent processes. | -| clusterAgent.nodeSelector | object | `{}` | Node labels for pod assignment. | -| clusterAgent.priorityClassName | string | `""` | Priority class for stackstate-k8s-agent pods. | -| clusterAgent.readinessProbe.enabled | bool | `true` | Enable use of readinessProbe check. | -| clusterAgent.readinessProbe.failureThreshold | int | `3` | `failureThreshold` for the readiness probe. | -| clusterAgent.readinessProbe.initialDelaySeconds | int | `15` | `initialDelaySeconds` for the readiness probe. | -| clusterAgent.readinessProbe.periodSeconds | int | `15` | `periodSeconds` for the readiness probe. | -| clusterAgent.readinessProbe.successThreshold | int | `1` | `successThreshold` for the readiness probe. | -| clusterAgent.readinessProbe.timeoutSeconds | int | `5` | `timeoutSeconds` for the readiness probe. | -| clusterAgent.replicaCount | int | `1` | Number of replicas of the cluster agent to deploy. | -| clusterAgent.resources.limits.cpu | string | `"400m"` | CPU resource limits. | -| clusterAgent.resources.limits.memory | string | `"800Mi"` | Memory resource limits. | -| clusterAgent.resources.requests.cpu | string | `"70m"` | CPU resource requests. | -| clusterAgent.resources.requests.memory | string | `"512Mi"` | Memory resource requests. | -| clusterAgent.service.port | int | `5005` | Change the Cluster Agent service port | -| clusterAgent.service.targetPort | int | `5005` | Change the Cluster Agent service targetPort | -| clusterAgent.serviceaccount.annotations | object | `{}` | Annotations for the service account for the cluster agent pods | -| clusterAgent.strategy | object | `{"type":"RollingUpdate"}` | The strategy for the Deployment object. | -| clusterAgent.tolerations | list | `[]` | Toleration labels for pod assignment. | -| fullnameOverride | string | `""` | Override the fullname of the chart. | -| global.extraEnv.open | object | `{}` | Extra open environment variables to inject into pods. | -| global.extraEnv.secret | object | `{}` | Extra secret environment variables to inject into pods via a `Secret` object. | -| global.imagePullCredentials | object | `{}` | Globally define credentials for pulling images. | -| global.imagePullSecrets | list | `[]` | Secrets / credentials needed for container image registry. | -| httpHeaderInjectorWebhook.enabled | bool | `false` | Enable the webhook for injection http header injection sidecar proxy | -| logsAgent.affinity | object | `{}` | Affinity settings for pod assignment. | -| logsAgent.enabled | bool | `true` | Enable / disable k8s pod log collection | -| logsAgent.image.pullPolicy | string | `"IfNotPresent"` | Default container image pull policy. | -| logsAgent.image.repository | string | `"stackstate/promtail"` | Base container image repository. | -| logsAgent.image.tag | string | `"2.7.1-4b6ae2af"` | Default container image tag. | -| logsAgent.nodeSelector | object | `{}` | Node labels for pod assignment. | -| logsAgent.priorityClassName | string | `""` | Priority class for logsAgent pods. | -| logsAgent.resources.limits.cpu | string | `"1300m"` | Memory resource limits. | -| logsAgent.resources.limits.memory | string | `"192Mi"` | | -| logsAgent.resources.requests.cpu | string | `"20m"` | Memory resource requests. | -| logsAgent.resources.requests.memory | string | `"100Mi"` | | -| logsAgent.serviceaccount.annotations | object | `{}` | Annotations for the service account for the daemonset pods | -| logsAgent.tolerations | list | `[]` | Toleration labels for pod assignment. | -| logsAgent.updateStrategy | object | `{"rollingUpdate":{"maxUnavailable":100},"type":"RollingUpdate"}` | The update strategy for the DaemonSet object. | -| nameOverride | string | `""` | Override the name of the chart. | -| nodeAgent.affinity | object | `{}` | Affinity settings for pod assignment. | -| nodeAgent.apm.enabled | bool | `true` | Enable / disable the nodeAgent APM module. | -| nodeAgent.autoScalingEnabled | bool | `false` | Enable / disable autoscaling for the node agent pods. | -| nodeAgent.checksTagCardinality | string | `"orchestrator"` | low, orchestrator or high. Orchestrator level adds pod_name, high adds display_container_name | -| nodeAgent.config | object | `{"override":[]}` | | -| nodeAgent.config.override | list | `[]` | A list of objects containing three keys `name`, `path` and `data`, specifying filenames at specific paths which need to be (potentially) overridden using a mounted configmap | -| nodeAgent.containerRuntime.customSocketPath | string | `""` | If the container socket path does not match the default for CRI-O, Containerd or Docker, supply a custom socket path. | -| nodeAgent.containerRuntime.hostProc | string | `"/proc"` | | -| nodeAgent.containers.agent.env | object | `{}` | Additional environment variables for the agent container | -| nodeAgent.containers.agent.image.pullPolicy | string | `"IfNotPresent"` | Default container image pull policy. | -| nodeAgent.containers.agent.image.repository | string | `"stackstate/stackstate-k8s-agent"` | Base container image repository. | -| nodeAgent.containers.agent.image.tag | string | `"edf7fca5"` | Default container image tag. | -| nodeAgent.containers.agent.livenessProbe.enabled | bool | `true` | Enable use of livenessProbe check. | -| nodeAgent.containers.agent.livenessProbe.failureThreshold | int | `3` | `failureThreshold` for the liveness probe. | -| nodeAgent.containers.agent.livenessProbe.initialDelaySeconds | int | `15` | `initialDelaySeconds` for the liveness probe. | -| nodeAgent.containers.agent.livenessProbe.periodSeconds | int | `15` | `periodSeconds` for the liveness probe. | -| nodeAgent.containers.agent.livenessProbe.successThreshold | int | `1` | `successThreshold` for the liveness probe. | -| nodeAgent.containers.agent.livenessProbe.timeoutSeconds | int | `5` | `timeoutSeconds` for the liveness probe. | -| nodeAgent.containers.agent.logLevel | string | `nil` | Set logging verbosity, valid log levels are: trace, debug, info, warn, error, critical, and off # If not set, fall back to the value of agent.logLevel. | -| nodeAgent.containers.agent.processAgent.enabled | bool | `false` | Enable / disable the agent process agent module. - deprecated | -| nodeAgent.containers.agent.readinessProbe.enabled | bool | `true` | Enable use of readinessProbe check. | -| nodeAgent.containers.agent.readinessProbe.failureThreshold | int | `3` | `failureThreshold` for the readiness probe. | -| nodeAgent.containers.agent.readinessProbe.initialDelaySeconds | int | `15` | `initialDelaySeconds` for the readiness probe. | -| nodeAgent.containers.agent.readinessProbe.periodSeconds | int | `15` | `periodSeconds` for the readiness probe. | -| nodeAgent.containers.agent.readinessProbe.successThreshold | int | `1` | `successThreshold` for the readiness probe. | -| nodeAgent.containers.agent.readinessProbe.timeoutSeconds | int | `5` | `timeoutSeconds` for the readiness probe. | -| nodeAgent.containers.agent.resources.limits.cpu | string | `"270m"` | Memory resource limits. | -| nodeAgent.containers.agent.resources.limits.memory | string | `"420Mi"` | | -| nodeAgent.containers.agent.resources.requests.cpu | string | `"20m"` | Memory resource requests. | -| nodeAgent.containers.agent.resources.requests.memory | string | `"180Mi"` | | -| nodeAgent.containers.processAgent.enabled | bool | `true` | Enable / disable the process agent container. | -| nodeAgent.containers.processAgent.env | object | `{}` | Additional environment variables for the process-agent container | -| nodeAgent.containers.processAgent.image.pullPolicy | string | `"IfNotPresent"` | Process-agent container image pull policy. | -| nodeAgent.containers.processAgent.image.registry | string | `nil` | | -| nodeAgent.containers.processAgent.image.repository | string | `"stackstate/stackstate-k8s-process-agent"` | Process-agent container image repository. | -| nodeAgent.containers.processAgent.image.tag | string | `"76e11e86"` | Default process-agent container image tag. | -| nodeAgent.containers.processAgent.logLevel | string | `nil` | Set logging verbosity, valid log levels are: trace, debug, info, warn, error, critical, and off # If not set, fall back to the value of agent.logLevel. | -| nodeAgent.containers.processAgent.procVolumeReadOnly | bool | `true` | Configure whether /host/proc is read only for the process agent container | -| nodeAgent.containers.processAgent.resources.limits.cpu | string | `"125m"` | Memory resource limits. | -| nodeAgent.containers.processAgent.resources.limits.memory | string | `"400Mi"` | | -| nodeAgent.containers.processAgent.resources.requests.cpu | string | `"25m"` | Memory resource requests. | -| nodeAgent.containers.processAgent.resources.requests.memory | string | `"128Mi"` | | -| nodeAgent.httpTracing.enabled | bool | `true` | | -| nodeAgent.logLevel | string | `"INFO"` | Logging level for agent processes. | -| nodeAgent.networkTracing.enabled | bool | `true` | Enable / disable the nodeAgent network tracing module. | -| nodeAgent.nodeSelector | object | `{}` | Node labels for pod assignment. | -| nodeAgent.priorityClassName | string | `""` | Priority class for nodeAgent pods. | -| nodeAgent.protocolInspection.enabled | bool | `true` | Enable / disable the nodeAgent protocol inspection. | -| nodeAgent.scaling.autoscalerLimits.agent.maximum.cpu | string | `"200m"` | Maximum CPU resource limits for main agent. | -| nodeAgent.scaling.autoscalerLimits.agent.maximum.memory | string | `"450Mi"` | Maximum memory resource limits for main agent. | -| nodeAgent.scaling.autoscalerLimits.agent.minimum.cpu | string | `"20m"` | Minimum CPU resource limits for main agent. | -| nodeAgent.scaling.autoscalerLimits.agent.minimum.memory | string | `"180Mi"` | Minimum memory resource limits for main agent. | -| nodeAgent.scaling.autoscalerLimits.processAgent.maximum.cpu | string | `"200m"` | Maximum CPU resource limits for process agent. | -| nodeAgent.scaling.autoscalerLimits.processAgent.maximum.memory | string | `"500Mi"` | Maximum memory resource limits for process agent. | -| nodeAgent.scaling.autoscalerLimits.processAgent.minimum.cpu | string | `"25m"` | Minimum CPU resource limits for process agent. | -| nodeAgent.scaling.autoscalerLimits.processAgent.minimum.memory | string | `"100Mi"` | Minimum memory resource limits for process agent. | -| nodeAgent.scc.enabled | bool | `false` | Enable / disable the installation of the SecurityContextConfiguration needed for installation on OpenShift. | -| nodeAgent.service | object | `{"annotations":{},"loadBalancerSourceRanges":["10.0.0.0/8"],"type":"ClusterIP"}` | The Kubernetes service for the agent | -| nodeAgent.service.annotations | object | `{}` | Annotations for the service | -| nodeAgent.service.loadBalancerSourceRanges | list | `["10.0.0.0/8"]` | The IP4 CIDR allowed to reach LoadBalancer for the service. For LoadBalancer type of service only. | -| nodeAgent.service.type | string | `"ClusterIP"` | Type of Kubernetes service: ClusterIP, LoadBalancer, NodePort | -| nodeAgent.serviceaccount.annotations | object | `{}` | Annotations for the service account for the agent daemonset pods | -| nodeAgent.skipKubeletTLSVerify | bool | `false` | Set to true if you want to skip kubelet tls verification. | -| nodeAgent.skipSslValidation | bool | `false` | Set to true if self signed certificates are used. | -| nodeAgent.tolerations | list | `[]` | Toleration labels for pod assignment. | -| nodeAgent.updateStrategy | object | `{"rollingUpdate":{"maxUnavailable":100},"type":"RollingUpdate"}` | The update strategy for the DaemonSet object. | -| openShiftLogging.installSecret | bool | `false` | Install a secret for logging on openshift | -| processAgent.checkIntervals.connections | int | `30` | Override the default value of the connections check interval in seconds. | -| processAgent.checkIntervals.container | int | `28` | Override the default value of the container check interval in seconds. | -| processAgent.checkIntervals.process | int | `32` | Override the default value of the process check interval in seconds. | -| processAgent.softMemoryLimit.goMemLimit | string | `"340MiB"` | Soft-limit for golang heap allocation, for sanity, must be around 85% of nodeAgent.containers.processAgent.resources.limits.cpu. | -| processAgent.softMemoryLimit.httpObservationsBufferSize | int | `40000` | Sets a maximum for the number of http observations to keep in memory between check runs, to use 40k requires around ~400Mib of memory. | -| processAgent.softMemoryLimit.httpStatsBufferSize | int | `40000` | Sets a maximum for the number of http stats to keep in memory between check runs, to use 40k requires around ~400Mib of memory. | -| stackstate.apiKey | string | `nil` | **PROVIDE YOUR API KEY HERE** API key to be used by the StackState agent. | -| stackstate.cluster.authToken | string | `""` | Provide a token to enable secure communication between the agent and the cluster agent. | -| stackstate.cluster.name | string | `nil` | **PROVIDE KUBERNETES CLUSTER NAME HERE** Name of the Kubernetes cluster where the agent will be installed. | -| stackstate.url | string | `nil` | **PROVIDE STACKSTATE URL HERE** URL of the StackState installation to receive data from the agent. | -| targetSystem | string | `"linux"` | Target OS for this deployment (possible values: linux) | diff --git a/charts/stackstate/stackstate-k8s-agent/1.0.66/README.md.gotmpl b/charts/stackstate/stackstate-k8s-agent/1.0.66/README.md.gotmpl deleted file mode 100644 index 7909e6f0d..000000000 --- a/charts/stackstate/stackstate-k8s-agent/1.0.66/README.md.gotmpl +++ /dev/null @@ -1,45 +0,0 @@ -{{ template "chart.header" . }} -{{ template "chart.description" . }} - -Current chart version is `{{ template "chart.version" . }}` - -{{ template "chart.homepageLine" . }} - -{{ template "chart.requirementsSection" . }} - -## Required Values - -In order to successfully install this chart, you **must** provide the following variables: - -* `stackstate.apiKey` -* `stackstate.cluster.name` -* `stackstate.url` - -The parameter `stackstate.cluster.name` is entered when installing the Cluster Agent StackPack. - -Install them on the command line on Helm with the following command: - -```shell -helm install \ ---set-string 'stackstate.apiKey'='' \ ---set-string 'stackstate.cluster.name'='' \ ---set-string 'stackstate.url'='' \ -stackstate/stackstate-k8s-agent -``` - -## Recommended Values - -It is also recommended that you set a value for `stackstate.cluster.authToken`. If it is not provided, a value will be generated for you, but the value will change each time an upgrade is performed. - -The command for **also** installing with a set token would be: - -```shell -helm install \ ---set-string 'stackstate.apiKey'='' \ ---set-string 'stackstate.cluster.name'='' \ ---set-string 'stackstate.cluster.authToken'='' \ ---set-string 'stackstate.url'='' \ -stackstate/stackstate-k8s-agent -``` - -{{ template "chart.valuesSection" . }} diff --git a/charts/stackstate/stackstate-k8s-agent/1.0.66/Releasing.md b/charts/stackstate/stackstate-k8s-agent/1.0.66/Releasing.md deleted file mode 100644 index bab6c2b94..000000000 --- a/charts/stackstate/stackstate-k8s-agent/1.0.66/Releasing.md +++ /dev/null @@ -1,15 +0,0 @@ -To make a new release of this helm chart, follow the following steps: - - -- Create a branch from master -- Set the latest tags for the docker images, based on the dev settings (while we do not promote to prod, the moment we promote to prod we should take those tags) from https://gitlab.com/stackvista/devops/agent-promoter/-/blob/master/config.yml. Set the value to the folowing keys: - * stackstate-k8s-cluster-agent: - * [clusterAgent.image.tag] - * stackstate-k8s-agent: - * [nodeAgent.containers.agent.image.tag] - * [checksAgent.image.tag] - * stackstate-k8s-process-agent: - * [nodeAgent.containers.processAgent.image.tag] -- Bump the version of the chart -- Merge the mr and hit the public release button on the ci pipeline -- Manually smoke-test (deploy) the newly released stackstate/stackstate-k8s-agent chart to make sure it runs diff --git a/charts/stackstate/stackstate-k8s-agent/1.0.66/app-readme.md b/charts/stackstate/stackstate-k8s-agent/1.0.66/app-readme.md deleted file mode 100644 index 8025fe1d3..000000000 --- a/charts/stackstate/stackstate-k8s-agent/1.0.66/app-readme.md +++ /dev/null @@ -1,5 +0,0 @@ -## Introduction - -StackState is a modern Application Troubleshooting and Observability solution designed for the rapid evolving engineering landscape. With specific enhancements for Kubernetes environments it empowers engineers, allowing them to remediate application issues independently in production. - -The StackState Agent auto-discovers your entire environment in minutes, assimilating topology, logs, metrics, and events and sends this of to the StackState server. By using StackState you're able to tracke all activity in your environment in real-time and over time. StackState provides instant understanding of the business impact of an issue, offering end-to-end chain observability and ensuring that you can quickly correlate any product or environmental changes to the overall health of your cloud-native implementation. diff --git a/charts/stackstate/stackstate-k8s-agent/1.0.66/charts/http-header-injector/.helmignore b/charts/stackstate/stackstate-k8s-agent/1.0.66/charts/http-header-injector/.helmignore deleted file mode 100644 index 69790771c..000000000 --- a/charts/stackstate/stackstate-k8s-agent/1.0.66/charts/http-header-injector/.helmignore +++ /dev/null @@ -1,25 +0,0 @@ -# Patterns to ignore when building packages. -# This supports shell glob matching, relative path matching, and -# negation (prefixed with !). Only one pattern per line. -.DS_Store -# Common VCS dirs -.git/ -.gitignore -.bzr/ -.bzrignore -.hg/ -.hgignore -.svn/ -# Common backup files -*.swp -*.bak -*.tmp -*~ -# Various IDEs -.project -.idea/ -*.tmproj -.vscode/ -linter_values.yaml -ci/ -installation/ diff --git a/charts/stackstate/stackstate-k8s-agent/1.0.66/charts/http-header-injector/Chart.yaml b/charts/stackstate/stackstate-k8s-agent/1.0.66/charts/http-header-injector/Chart.yaml deleted file mode 100644 index d2c911c5d..000000000 --- a/charts/stackstate/stackstate-k8s-agent/1.0.66/charts/http-header-injector/Chart.yaml +++ /dev/null @@ -1,15 +0,0 @@ -apiVersion: v2 -appVersion: 0.0.1 -description: 'Helm chart for deploying the http-header-injector sidecar, which automatically - injects x-request-id into http traffic going through the cluster for pods which - have the annotation `http-header-injector.stackstate.io/inject: enabled` is set. ' -home: https://github.com/StackVista/http-header-injector -icon: https://www.stackstate.com/wp-content/uploads/2019/02/152x152-favicon.png -keywords: -- monitoring -- stackstate -maintainers: -- email: ops@stackstate.com - name: Stackstate Lupulus Team -name: http-header-injector -version: 0.0.8 diff --git a/charts/stackstate/stackstate-k8s-agent/1.0.66/charts/http-header-injector/README.md b/charts/stackstate/stackstate-k8s-agent/1.0.66/charts/http-header-injector/README.md deleted file mode 100644 index 33e6bedf7..000000000 --- a/charts/stackstate/stackstate-k8s-agent/1.0.66/charts/http-header-injector/README.md +++ /dev/null @@ -1,54 +0,0 @@ -# http-header-injector - -![Version: 0.0.7](https://img.shields.io/badge/Version-0.0.7-informational?style=flat-square) ![AppVersion: 0.0.1](https://img.shields.io/badge/AppVersion-0.0.1-informational?style=flat-square) - -Helm chart for deploying the http-header-injector sidecar, which automatically injects x-request-id into http traffic -going through the cluster for pods which have the annotation `http-header-injector.stackstate.io/inject: enabled` is set. - -**Homepage:** - -## Maintainers - -| Name | Email | Url | -| ---- | ------ | --- | -| Stackstate Lupulus Team | | | - -## Values - -| Key | Type | Default | Description | -|-----|------|---------|-------------| -| certificatePrehook | object | `{"image":{"pullPolicy":"IfNotPresent","registry":null,"repository":"stackstate/container-tools","tag":"1.2.0"}}` | Helm prehook to setup/remove a certificate for the sidecarInjector mutationwebhook | -| certificatePrehook.image.pullPolicy | string | `"IfNotPresent"` | Policy when pulling an image | -| certificatePrehook.image.registry | string | `nil` | Registry for the docker image. | -| certificatePrehook.image.tag | string | `"1.2.0"` | The tag for the docker image | -| debug | bool | `false` | Enable debugging. This will leave leave artifacts around like the prehook jobs for further inspection | -| enabled | bool | `true` | Enable/disable the mutationwebhook | -| global.imagePullCredentials | object | `{}` | Globally define credentials for pulling images. | -| global.imagePullSecrets | list | `[]` | Globally add image pull secrets that are used. | -| global.imageRegistry | string | `nil` | Globally override the image registry that is used. Can be overridden by specific containers. Defaults to quay.io | -| images.pullSecretName | string | `nil` | | -| proxy | object | `{"image":{"pullPolicy":"IfNotPresent","registry":null,"repository":"stackstate/http-header-injector-proxy","tag":"sha-5ff79451"},"resources":{"limits":{"memory":"40Mi"},"requests":{"memory":"25Mi"}}}` | Proxy being injected into pods for rewriting http headers | -| proxy.image.pullPolicy | string | `"IfNotPresent"` | Policy when pulling an image | -| proxy.image.registry | string | `nil` | Registry for the docker image. | -| proxy.image.tag | string | `"sha-5ff79451"` | The tag for the docker image | -| proxy.resources.limits.memory | string | `"40Mi"` | Memory resource limits. | -| proxy.resources.requests.memory | string | `"25Mi"` | Memory resource requests. | -| proxyInit | object | `{"image":{"pullPolicy":"IfNotPresent","registry":null,"repository":"stackstate/http-header-injector-proxy-init","tag":"sha-5ff79451"}}` | InitContainer within pod which redirects traffic to the proxy container. | -| proxyInit.image.pullPolicy | string | `"IfNotPresent"` | Policy when pulling an image | -| proxyInit.image.registry | string | `nil` | Registry for the docker image | -| proxyInit.image.tag | string | `"sha-5ff79451"` | The tag for the docker image | -| sidecarInjector | object | `{"image":{"pullPolicy":"IfNotPresent","registry":null,"repository":"stackstate/generic-sidecar-injector","tag":"sha-9c852245"}}` | Service for injecting the proxy sidecar into pods | -| sidecarInjector.image.pullPolicy | string | `"IfNotPresent"` | Policy when pulling an image | -| sidecarInjector.image.registry | string | `nil` | Registry for the docker image. | -| sidecarInjector.image.tag | string | `"sha-9c852245"` | The tag for the docker image | -| webhook | object | `{"failurePolicy":"Ignore","tls":{"certManager":{"issuer":"","issuerKind":"ClusterIssuer","issuerNamespace":""},"mode":"generated","provided":{"caBundle":"","crt":"","key":""},"secret":{"name":""}}}` | MutationWebhook that will be installed to inject a sidecar into pods | -| webhook.failurePolicy | string | `"Ignore"` | How should the webhook fail? Best is to use Ignore, because there is a brief moment at initialization when the hook s there but the service not. Also, putting this to fail can cause the control plane be unresponsive. | -| webhook.tls.certManager.issuer | string | `""` | The issuer that is used for the webhook. Only used if you set webhook.tls.mode to "cert-manager". | -| webhook.tls.certManager.issuerKind | string | `"ClusterIssuer"` | The issuer kind that is used for the webhook, valid values are "Issuer" or "ClusterIssuer". Only used if you set webhook.tls.mode to "cert-manager". | -| webhook.tls.certManager.issuerNamespace | string | `""` | The namespace the cert-manager issuer is located in. If left empty defaults to the release's namespace that is used for the webhook. Only used if you set webhook.tls.mode to "cert-manager". | -| webhook.tls.mode | string | `"generated"` | The mode for the webhook. Can be "provided", "generated", "secret" or "cert-manager". If you want to use cert-manager, you need to install it first. NOTE: If you choose "generated", additional privileges are required to create the certificate and webhook at runtime. | -| webhook.tls.provided.caBundle | string | `""` | The caBundle that is used for the webhook. This is the certificate that is used to sign the webhook. Only used if you set webhook.tls.mode to "provided". | -| webhook.tls.provided.crt | string | `""` | The certificate that is used for the webhook. Only used if you set webhook.tls.mode to "provided". | -| webhook.tls.provided.key | string | `""` | The key that is used for the webhook. Only used if you set webhook.tls.mode to "provided". | -| webhook.tls.secret.name | string | `""` | The name of the secret containing the pre-provisioned certificate data that is used for the webhook. Only used if you set webhook.tls.mode to "secret". | - diff --git a/charts/stackstate/stackstate-k8s-agent/1.0.66/charts/http-header-injector/Readme.md.gotpl b/charts/stackstate/stackstate-k8s-agent/1.0.66/charts/http-header-injector/Readme.md.gotpl deleted file mode 100644 index 225032aa2..000000000 --- a/charts/stackstate/stackstate-k8s-agent/1.0.66/charts/http-header-injector/Readme.md.gotpl +++ /dev/null @@ -1,26 +0,0 @@ -{{ template "chart.header" . }} -{{ template "chart.description" . }} - -Current chart version is `{{ template "chart.version" . }}` - -{{ template "chart.homepageLine" . }} - -{{ template "chart.requirementsSection" . }} - -## Required Values - -No values have to be included to install this chart. After installing this chart, it becomes possible to annotate pods with -the `http-header-injector.stackstate.io/inject: enabled` annotation to make sure the sidecar provided by this chart is -activated on a pod. - -## Recommended Values - -{{ template "chart.valuesSection" . -}} - -## Install - -Install from the command line on Helm with the following command: - -```shell -helm install stackstate/http-header-injector -``` diff --git a/charts/stackstate/stackstate-k8s-agent/1.0.66/charts/http-header-injector/templates/_defines.tpl b/charts/stackstate/stackstate-k8s-agent/1.0.66/charts/http-header-injector/templates/_defines.tpl deleted file mode 100644 index a3614d755..000000000 --- a/charts/stackstate/stackstate-k8s-agent/1.0.66/charts/http-header-injector/templates/_defines.tpl +++ /dev/null @@ -1,113 +0,0 @@ -{{- define "http-header-injector.app.name" -}} -{{ .Release.Name }}-http-header-injector -{{- end -}} - -{{- define "http-header-injector.webhook-service.name" -}} -{{ .Release.Name }}-http-header-injector -{{- end -}} - -{{- define "http-header-injector.webhook-service.fqname" -}} -{{ .Release.Name }}-http-header-injector.{{ .Release.Namespace }}.svc -{{- end -}} - -{{- define "http-header-injector.cert-secret.name" -}} -{{- if eq .Values.webhook.tls.mode "secret" -}} -{{ .Values.webhook.tls.secret.name }} -{{- else -}} -{{ .Release.Name }}-http-injector-cert -{{- end -}} -{{- end -}} - -{{- define "http-header-injector.cert-clusterrole.name" -}} -{{ .Release.Name }}-http-injector-cert-cluster-role -{{- end -}} - -{{- define "http-header-injector.cert-serviceaccount.name" -}} -{{ .Release.Name }}-http-injector-cert-sa -{{- end -}} - -{{- define "http-header-injector.cert-config.name" -}} -{{ .Release.Name }}-cert-config -{{- end -}} - -{{- define "http-header-injector.mutatingwebhookconfiguration.name" -}} -{{ .Release.Name }}-http-header-injector-webhook.stackstate.io -{{- end -}} - -{{- define "http-header-injector.webhook-config.name" -}} -{{ .Release.Name }}-http-header-injector-config -{{- end -}} - -{{- define "http-header-injector.mutating-webhook.name" -}} -{{ .Release.Name }}-http-header-injector-webhook -{{- end -}} - -{{- define "http-header-injector.pull-secret.name" -}} -{{ include "http-header-injector.app.name" . }}-pull-secret -{{- end -}} - -{{/* If the issuer is located in a different namespace, it is possible to set that, else default to the release namespace */}} -{{- define "cert-manager.certificate.namespace" -}} -{{ .Values.webhook.tls.certManager.issuerNamespace | default .Release.Namespace }} -{{- end -}} - -{{- define "http-header-injector.image.registry.global" -}} - {{- if .Values.global }} - {{- .Values.global.imageRegistry | default "quay.io" -}} - {{- else -}} - quay.io - {{- end -}} -{{- end -}} - -{{- define "http-header-injector.image.registry" -}} - {{- if ((.ContainerConfig).image).registry -}} - {{- tpl .ContainerConfig.image.registry . -}} - {{- else -}} - {{- include "http-header-injector.image.registry.global" . }} - {{- end -}} -{{- end -}} - -{{- define "http-header-injector.image.pullSecrets" -}} - {{- $pullSecrets := list }} - {{- $pullSecrets = append $pullSecrets (include "http-header-injector.pull-secret.name" .) }} - {{- range .Values.global.imagePullSecrets -}} - {{- $pullSecrets = append $pullSecrets . -}} - {{- end -}} - {{- if (not (empty $pullSecrets)) -}} -imagePullSecrets: - {{- range $pullSecrets | uniq }} - - name: {{ . }} - {{- end }} - {{- end -}} -{{- end -}} - -{{- define "http-header-injector.cert-setup.container.main" }} -{{- $containerConfig := dict "ContainerConfig" .Values.certificatePrehook -}} -name: webhook-cert-setup -image: "{{ include "http-header-injector.image.registry" (merge $containerConfig .) }}/{{ .Values.certificatePrehook.image.repository }}:{{ .Values.certificatePrehook.image.tag }}" -imagePullPolicy: {{ .Values.certificatePrehook.image.pullPolicy }} -{{- with .Values.certificatePrehook.resources }} -resources: - {{- toYaml . | nindent 2 }} -{{- end }} -volumeMounts: - - name: "{{ include "http-header-injector.cert-config.name" . }}" - mountPath: /scripts - readOnly: true -command: ["/scripts/generate-cert.sh"] -{{- end }} - -{{- define "http-header-injector.cert-delete.container.main" }} -{{- $containerConfig := dict "ContainerConfig" .Values.certificatePrehook -}} -name: webhook-cert-delete -image: "{{ include "http-header-injector.image.registry" (merge $containerConfig .) }}/{{ .Values.certificatePrehook.image.repository }}:{{ .Values.certificatePrehook.image.tag }}" -imagePullPolicy: {{ .Values.certificatePrehook.image.pullPolicy }} -{{- with .Values.certificatePrehook.resources }} -resources: - {{- toYaml . | nindent 2 }} -{{- end }} -volumeMounts: - - name: "{{ include "http-header-injector.cert-config.name" . }}" - mountPath: /scripts -command: [ "/scripts/delete-cert.sh" ] -{{- end }} \ No newline at end of file diff --git a/charts/stackstate/stackstate-k8s-agent/1.0.66/charts/http-header-injector/templates/cert-hook-clusterrolbinding.yaml b/charts/stackstate/stackstate-k8s-agent/1.0.66/charts/http-header-injector/templates/cert-hook-clusterrolbinding.yaml deleted file mode 100644 index fb804f729..000000000 --- a/charts/stackstate/stackstate-k8s-agent/1.0.66/charts/http-header-injector/templates/cert-hook-clusterrolbinding.yaml +++ /dev/null @@ -1,22 +0,0 @@ -{{- if eq .Values.webhook.tls.mode "generated" }} -apiVersion: rbac.authorization.k8s.io/v1 -kind: ClusterRoleBinding -metadata: - name: "{{ include "http-header-injector.cert-serviceaccount.name" . }}" - labels: - app.kubernetes.io/component: http-header-injector-cert-hook - app.kubernetes.io/instance: {{ .Release.Name }} - app.kubernetes.io/name: {{ include "http-header-injector.app.name" . }} - annotations: - "helm.sh/hook": pre-install,pre-upgrade,post-delete,post-upgrade - "helm.sh/hook-weight": "-3" - "helm.sh/hook-delete-policy": before-hook-creation,hook-succeeded -roleRef: - apiGroup: rbac.authorization.k8s.io - kind: ClusterRole - name: "{{ include "http-header-injector.cert-clusterrole.name" . }}" -subjects: - - kind: ServiceAccount - name: "{{ include "http-header-injector.cert-serviceaccount.name" . }}" - namespace: {{ .Release.Namespace }} -{{- end }} diff --git a/charts/stackstate/stackstate-k8s-agent/1.0.66/charts/http-header-injector/templates/cert-hook-clusterrole.yaml b/charts/stackstate/stackstate-k8s-agent/1.0.66/charts/http-header-injector/templates/cert-hook-clusterrole.yaml deleted file mode 100644 index 595ae5c1b..000000000 --- a/charts/stackstate/stackstate-k8s-agent/1.0.66/charts/http-header-injector/templates/cert-hook-clusterrole.yaml +++ /dev/null @@ -1,24 +0,0 @@ -{{- if eq .Values.webhook.tls.mode "generated" }} -apiVersion: rbac.authorization.k8s.io/v1 -kind: ClusterRole -metadata: - name: "{{ include "http-header-injector.cert-clusterrole.name" . }}" - labels: - app.kubernetes.io/component: http-header-injector-cert-hook - app.kubernetes.io/instance: {{ .Release.Name }} - app.kubernetes.io/name: {{ include "http-header-injector.app.name" . }} - annotations: - "helm.sh/hook": pre-install,pre-upgrade,post-delete,post-upgrade - "helm.sh/hook-weight": "-4" - "helm.sh/hook-delete-policy": before-hook-creation,hook-succeeded -rules: - - apiGroups: [ "admissionregistration.k8s.io" ] - resources: [ "mutatingwebhookconfigurations" ] - verbs: [ "get", "create", "patch","update","delete" ] - - apiGroups: [ "" ] - resources: [ "secrets" ] - verbs: [ "create", "get", "patch","update","delete" ] - - apiGroups: [ "apps" ] - resources: [ "deployments" ] - verbs: [ "get" ] -{{- end }} diff --git a/charts/stackstate/stackstate-k8s-agent/1.0.66/charts/http-header-injector/templates/cert-hook-config.yaml b/charts/stackstate/stackstate-k8s-agent/1.0.66/charts/http-header-injector/templates/cert-hook-config.yaml deleted file mode 100644 index b0c5f22fd..000000000 --- a/charts/stackstate/stackstate-k8s-agent/1.0.66/charts/http-header-injector/templates/cert-hook-config.yaml +++ /dev/null @@ -1,152 +0,0 @@ -{{- if eq .Values.webhook.tls.mode "generated" }} -apiVersion: v1 -kind: ConfigMap -metadata: - name: "{{ include "http-header-injector.cert-config.name" . }}" - labels: - app.kubernetes.io/component: http-header-injector-cert-hook - app.kubernetes.io/instance: {{ .Release.Name }} - app.kubernetes.io/name: {{ include "http-header-injector.app.name" . }} - annotations: - "helm.sh/hook": pre-install,pre-upgrade,post-delete,post-upgrade - "helm.sh/hook-weight": "-3" - "helm.sh/hook-delete-policy": before-hook-creation,hook-succeeded -data: - generate-cert.sh: | - #!/bin/bash - - # We are going for a self-signed certificate here. We would like to use k8s CertificateSigningRequest, however, - # currently there are no out of the box signers that can sign a 'server auth' certificate, which is required for mutation webhooks. - set -ex - - SCRIPTDIR="${BASH_SOURCE%/*}" - - DIR=`mktemp -d` - - cd "$DIR" - - {{ if .Values.enabled }} - echo "Chart enabled, creating secret and webhook" - - openssl genrsa -out ca.key 2048 - - openssl req -x509 -new -nodes -key ca.key -subj "/CN={{ include "http-header-injector.webhook-service.fqname" . }}" -days 10000 -out ca.crt - - openssl genrsa -out tls.key 2048 - - openssl req -new -key tls.key -out tls.csr -config "$SCRIPTDIR/csr.conf" - - openssl x509 -req -in tls.csr -CA ca.crt -CAkey ca.key \ - -CAcreateserial -out tls.crt -days 10000 \ - -extensions v3_ext -extfile "$SCRIPTDIR/csr.conf" -sha256 - - # Create or update the secret - echo "Applying secret" - kubectl create secret tls "{{ include "http-header-injector.cert-secret.name" . }}" \ - -n "{{ .Release.Namespace }}" \ - --cert=./tls.crt \ - --key=./tls.key \ - --dry-run=client \ - -o yaml | kubectl apply -f - - - echo "Applying mutationwebhook" - caBundle=`base64 -w 0 ca.crt` - cat "$SCRIPTDIR/mutatingwebhookconfiguration.yaml" | sed "s/\\\$CA_BUNDLE/$caBundle/g" | kubectl apply -f - - {{ else }} - echo "Chart disabled, not creating secret and webhook" - {{ end }} - delete-cert.sh: | - #!/bin/bash - - set -x - - DIR="${BASH_SOURCE%/*}" - if [[ ! -d "$DIR" ]]; then DIR="$PWD"; fi - if [[ "$DIR" = "." ]]; then DIR="$PWD"; fi - - cd "$DIR" - - # Using detection of deployment hee to also make this work in post-delete. - if kubectl get deployments "{{ include "http-header-injector.app.name" . }}" -n "{{ .Release.Namespace }}"; then - echo "Chart enabled, not removing secret and mutationwebhook" - exit 0 - else - echo "Chart disabled, removing secret and mutationwebhook" - fi - - # Create or update the secret - echo "Deleting secret" - kubectl delete secret "{{ include "http-header-injector.cert-secret.name" . }}" -n "{{ .Release.Namespace }}" - - echo "Applying mutationwebhook" - kubectl delete MutatingWebhookConfiguration "{{ include "http-header-injector.mutating-webhook.name" . }}" -n "{{ .Release.Namespace }}" - - exit 0 - - csr.conf: | - [ req ] - default_bits = 2048 - prompt = no - default_md = sha256 - req_extensions = req_ext - distinguished_name = dn - - [ dn ] - C = NL - ST = Utrecht - L = Hilversum - O = StackState - OU = Dev - CN = {{ include "http-header-injector.webhook-service.fqname" . }} - - [ req_ext ] - subjectAltName = @alt_names - - [ alt_names ] - DNS.1 = {{ include "http-header-injector.webhook-service.fqname" . }} - - [ v3_ext ] - authorityKeyIdentifier=keyid,issuer:always - basicConstraints=CA:FALSE - keyUsage=keyEncipherment,dataEncipherment - extendedKeyUsage=serverAuth - subjectAltName=@alt_names - - mutatingwebhookconfiguration.yaml: | - apiVersion: admissionregistration.k8s.io/v1 - kind: MutatingWebhookConfiguration - metadata: - name: "{{ include "http-header-injector.mutating-webhook.name" . }}" - namespace: "{{ .Release.Namespace }}" - webhooks: - - clientConfig: - caBundle: "$CA_BUNDLE" - service: - name: "{{ include "http-header-injector.webhook-service.name" . }}" - path: /mutate - namespace: {{ .Release.Namespace }} - port: 8443 - # Putting failure on ignore, not doing so can crash the entire control plane if something goes wrong with the service. - failurePolicy: "{{ .Values.webhook.failurePolicy }}" - name: "{{ include "http-header-injector.mutatingwebhookconfiguration.name" . }}" - namespaceSelector: - matchExpressions: - - key: kubernetes.io/metadata.name - operator: NotIn - values: - - kube-system - - cert-manager - - {{ .Release.Namespace }} - rules: - - apiGroups: - - "" - apiVersions: - - v1 - operations: - - CREATE - resources: - - pods - sideEffects: None - admissionReviewVersions: - - v1 -{{- end }} diff --git a/charts/stackstate/stackstate-k8s-agent/1.0.66/charts/http-header-injector/templates/cert-hook-job-delete.yaml b/charts/stackstate/stackstate-k8s-agent/1.0.66/charts/http-header-injector/templates/cert-hook-job-delete.yaml deleted file mode 100644 index 1e67e5a45..000000000 --- a/charts/stackstate/stackstate-k8s-agent/1.0.66/charts/http-header-injector/templates/cert-hook-job-delete.yaml +++ /dev/null @@ -1,35 +0,0 @@ -{{- if eq .Values.webhook.tls.mode "generated" }} -apiVersion: batch/v1 -kind: Job -metadata: - name: {{ .Release.Name }}-header-injector-cert-delete - labels: - app.kubernetes.io/component: http-header-injector-cert-hook-delete - app.kubernetes.io/instance: {{ .Release.Name }} - app.kubernetes.io/name: {{ include "http-header-injector.app.name" . }} - annotations: - "helm.sh/hook": post-delete,post-upgrade - "helm.sh/hook-weight": "-2" - "helm.sh/hook-delete-policy": before-hook-creation{{- if not .Values.debug -}},hook-succeeded{{- end }} -spec: - template: - metadata: - labels: - app.kubernetes.io/component: http-header-injector-delete - app.kubernetes.io/instance: {{ .Release.Name }} - app.kubernetes.io/name: {{ include "http-header-injector.app.name" . }} - annotations: - checksum/config: {{ include (print $.Template.BasePath "/cert-hook-config.yaml") . | sha256sum }} - spec: - serviceAccountName: "{{ include "http-header-injector.cert-serviceaccount.name" . }}" - {{- include "http-header-injector.image.pullSecrets" . | nindent 6 }} - volumes: - - name: "{{ include "http-header-injector.cert-config.name" . }}" - configMap: - name: "{{ include "http-header-injector.cert-config.name" . }}" - defaultMode: 0777 - containers: - - {{ include "http-header-injector.cert-delete.container.main" . | nindent 8 }} - restartPolicy: Never - backoffLimit: 0 -{{- end }} diff --git a/charts/stackstate/stackstate-k8s-agent/1.0.66/charts/http-header-injector/templates/cert-hook-job-setup.yaml b/charts/stackstate/stackstate-k8s-agent/1.0.66/charts/http-header-injector/templates/cert-hook-job-setup.yaml deleted file mode 100644 index 19451d293..000000000 --- a/charts/stackstate/stackstate-k8s-agent/1.0.66/charts/http-header-injector/templates/cert-hook-job-setup.yaml +++ /dev/null @@ -1,35 +0,0 @@ -{{- if eq .Values.webhook.tls.mode "generated" }} -apiVersion: batch/v1 -kind: Job -metadata: - name: {{ .Release.Name }}-header-injector-cert-setup - labels: - app.kubernetes.io/component: http-header-injector-cert-hook-setup - app.kubernetes.io/instance: {{ .Release.Name }} - app.kubernetes.io/name: {{ include "http-header-injector.app.name" . }} - annotations: - "helm.sh/hook": pre-install,pre-upgrade - "helm.sh/hook-weight": "-2" - "helm.sh/hook-delete-policy": before-hook-creation{{- if not .Values.debug -}},hook-succeeded{{- end }} -spec: - template: - metadata: - labels: - app.kubernetes.io/component: http-header-injector-setup - app.kubernetes.io/instance: {{ .Release.Name }} - app.kubernetes.io/name: {{ include "http-header-injector.app.name" . }} - annotations: - checksum/config: {{ include (print $.Template.BasePath "/cert-hook-config.yaml") . | sha256sum }} - spec: - serviceAccountName: "{{ include "http-header-injector.cert-serviceaccount.name" . }}" - {{- include "http-header-injector.image.pullSecrets" . | nindent 6 }} - volumes: - - name: "{{ include "http-header-injector.cert-config.name" . }}" - configMap: - name: "{{ include "http-header-injector.cert-config.name" . }}" - defaultMode: 0777 - containers: - - {{ include "http-header-injector.cert-setup.container.main" . | nindent 8 }} - restartPolicy: Never - backoffLimit: 0 -{{- end }} diff --git a/charts/stackstate/stackstate-k8s-agent/1.0.66/charts/http-header-injector/templates/cert-hook-serviceaccount.yaml b/charts/stackstate/stackstate-k8s-agent/1.0.66/charts/http-header-injector/templates/cert-hook-serviceaccount.yaml deleted file mode 100644 index 4d6931b05..000000000 --- a/charts/stackstate/stackstate-k8s-agent/1.0.66/charts/http-header-injector/templates/cert-hook-serviceaccount.yaml +++ /dev/null @@ -1,16 +0,0 @@ -{{- if eq .Values.webhook.tls.mode "generated" }} -apiVersion: v1 -kind: ServiceAccount -metadata: - name: "{{ include "http-header-injector.cert-serviceaccount.name" . }}" - namespace: {{ .Release.Namespace }} - annotations: - "helm.sh/hook": pre-install,pre-upgrade,post-delete,post-upgrade - "helm.sh/hook-weight": "-4" - "helm.sh/hook-delete-policy": before-hook-creation,hook-succeeded - labels: - app.kubernetes.io/component: http-header-injector-cert-hook - app.kubernetes.io/instance: {{ .Release.Name }} - app.kubernetes.io/name: {{ include "http-header-injector.app.name" . }} - app: "{{ include "http-header-injector.app.name" . }}" -{{- end }} diff --git a/charts/stackstate/stackstate-k8s-agent/1.0.66/charts/http-header-injector/templates/pull-secret.yaml b/charts/stackstate/stackstate-k8s-agent/1.0.66/charts/http-header-injector/templates/pull-secret.yaml deleted file mode 100644 index 5dc48d931..000000000 --- a/charts/stackstate/stackstate-k8s-agent/1.0.66/charts/http-header-injector/templates/pull-secret.yaml +++ /dev/null @@ -1,29 +0,0 @@ -{{- $defaultRegistry := .Values.global.imageRegistry }} -{{- $top := . }} -{{- $registryAuthMap := dict }} - -{{- range $registry, $credentials := .Values.global.imagePullCredentials }} - {{- $registryAuthDocument := dict -}} - {{- $_ := set $registryAuthDocument "username" $credentials.username }} - {{- $_ := set $registryAuthDocument "password" $credentials.password }} - {{- $authMessage := printf "%s:%s" $registryAuthDocument.username $registryAuthDocument.password | b64enc }} - {{- $_ := set $registryAuthDocument "auth" $authMessage }} - {{- if eq $registry "default" }} - {{- $registryAuthMap := set $registryAuthMap (include "http-header-injector.image.registry.global" $top) $registryAuthDocument }} - {{ else }} - {{- $registryAuthMap := set $registryAuthMap $registry $registryAuthDocument }} - {{- end }} -{{- end }} -{{- $dockerAuthsDocuments := dict "auths" $registryAuthMap }} - -apiVersion: v1 -kind: Secret -metadata: - labels: - app.kubernetes.io/component: http-header-injector - app.kubernetes.io/instance: {{ .Release.Name }} - app.kubernetes.io/name: {{ include "http-header-injector.app.name" . }} - name: {{ include "http-header-injector.pull-secret.name" . }} -data: - .dockerconfigjson: {{ $dockerAuthsDocuments | toJson | b64enc | quote }} -type: kubernetes.io/dockerconfigjson \ No newline at end of file diff --git a/charts/stackstate/stackstate-k8s-agent/1.0.66/charts/http-header-injector/templates/webhook-cert-secret.yaml b/charts/stackstate/stackstate-k8s-agent/1.0.66/charts/http-header-injector/templates/webhook-cert-secret.yaml deleted file mode 100644 index ba7a216f2..000000000 --- a/charts/stackstate/stackstate-k8s-agent/1.0.66/charts/http-header-injector/templates/webhook-cert-secret.yaml +++ /dev/null @@ -1,15 +0,0 @@ -{{- if eq .Values.webhook.tls.mode "provided" }} -apiVersion: v1 -kind: Secret -metadata: - name: {{ include "http-header-injector.cert-secret.name" . }} - namespace: {{ .Release.Namespace }} - labels: - app.kubernetes.io/component: http-header-injector - app.kubernetes.io/instance: {{ .Release.Name }} - app.kubernetes.io/name: {{ include "http-header-injector.app.name" . }} -type: kubernetes.io/tls -data: - tls.crt: {{ .Values.webhook.tls.provided.crt | b64enc }} - tls.key: {{ .Values.webhook.tls.provided.key | b64enc }} -{{- end }} diff --git a/charts/stackstate/stackstate-k8s-agent/1.0.66/charts/http-header-injector/templates/webhook-certificate.yaml b/charts/stackstate/stackstate-k8s-agent/1.0.66/charts/http-header-injector/templates/webhook-certificate.yaml deleted file mode 100644 index 752132d44..000000000 --- a/charts/stackstate/stackstate-k8s-agent/1.0.66/charts/http-header-injector/templates/webhook-certificate.yaml +++ /dev/null @@ -1,20 +0,0 @@ -{{- if eq .Values.webhook.tls.mode "cert-manager" }} -apiVersion: cert-manager.io/v1 -kind: Certificate -metadata: - name: {{ include "http-header-injector.webhook-service.name" . }} - namespace: {{ include "cert-manager.certificate.namespace" . }} - labels: - app.kubernetes.io/component: http-header-injector - app.kubernetes.io/instance: {{ .Release.Name }} - app.kubernetes.io/name: {{ include "http-header-injector.app.name" . }} -spec: - secretName: {{ include "http-header-injector.cert-secret.name" . }} - issuerRef: - name: {{ .Values.webhook.tls.certManager.issuer }} - kind: {{ .Values.webhook.tls.certManager.issuerKind }} - dnsNames: - - "{{ include "http-header-injector.webhook-service.name" . }}" - - "{{ include "http-header-injector.webhook-service.name" . }}.{{ .Release.Namespace }}" - - "{{ include "http-header-injector.webhook-service.name" . }}.{{ .Release.Namespace }}.svc" -{{- end }} diff --git a/charts/stackstate/stackstate-k8s-agent/1.0.66/charts/http-header-injector/templates/webhook-config.yaml b/charts/stackstate/stackstate-k8s-agent/1.0.66/charts/http-header-injector/templates/webhook-config.yaml deleted file mode 100644 index f611a52e3..000000000 --- a/charts/stackstate/stackstate-k8s-agent/1.0.66/charts/http-header-injector/templates/webhook-config.yaml +++ /dev/null @@ -1,125 +0,0 @@ -{{- if .Values.enabled -}} -{{- $proxyContainerConfig := dict "ContainerConfig" .Values.proxy -}} -{{- $proxyInitContainerConfig := dict "ContainerConfig" .Values.proxyInit -}} -apiVersion: v1 -kind: ConfigMap -metadata: - labels: - app.kubernetes.io/component: http-header-injector - app.kubernetes.io/instance: {{ .Release.Name }} - app.kubernetes.io/name: {{ include "http-header-injector.app.name" . }} - name: {{ .Release.Name }}-http-header-injector-config -data: - sidecarconfig.yaml: | - initContainers: - - name: http-header-proxy-init - image: "{{ include "http-header-injector.image.registry" (merge $proxyInitContainerConfig .) }}/{{ .Values.proxyInit.image.repository }}:{{ .Values.proxyInit.image.tag }}" - imagePullPolicy: {{ .Values.proxyInit.image.pullPolicy }} - command: ["/init-iptables.sh"] - env: - - name: CHART_VERSION - value: "{{ .Chart.Version }}" - - name: PROXY_PORT - value: {% if index .Annotations "config.http-header-injector.stackstate.io/proxy-port" %}"{% index .Annotations "config.http-header-injector.stackstate.io/proxy-port" %}"{% else %}"7060"{% end %} - - name: PROXY_UID - value: {% if index .Annotations "config.http-header-injector.stackstate.io/proxy-uid" %}"{% index .Annotations "config.http-header-injector.stackstate.io/proxy-uid" %}"{% else %}"2103"{% end %} - - name: POD_HOST_NETWORK - value: {% .Spec.HostNetwork %} - {% if eq (index .Annotations "linkerd.io/inject") "enabled" %} - - name: LINKERD - value: true - # Reference: https://linkerd.io/2.13/reference/proxy-configuration/ - - name: LINKERD_PROXY_UID - value: {% if index .Annotations "config.linkerd.io/proxy-uid" %}"{% index .Annotations "config.linkerd.io/proxy-uid" %}"{% else %}"2102"{% end %} - # Due to https://github.com/linkerd/linkerd2/issues/10981 this is now not realy possible, still bringing in the code for future reference - - name: LINKERD_ADMIN_PORT - value: {% if index .Annotations "config.linkerd.io/admin-port" %}"{% index .Annotations "config.linkerd.io/admin-port" %}"{% else %}"4191"{% end %} - {% end %} - securityContext: - allowPrivilegeEscalation: false - capabilities: - add: - - NET_ADMIN - - NET_RAW - privileged: false - readOnlyRootFilesystem: true - runAsNonRoot: false - runAsUser: 0 - seccompProfile: - type: RuntimeDefault - volumeMounts: - # This is required for iptables to be able to run - - mountPath: /run - name: http-header-proxy-init-xtables-lock - - containers: - - name: http-header-proxy - image: "{{ include "http-header-injector.image.registry" (merge $proxyContainerConfig .) }}/{{ .Values.proxy.image.repository }}:{{ .Values.proxy.image.tag }}" - imagePullPolicy: {{ .Values.proxy.image.pullPolicy }} - env: - - name: CHART_VERSION - value: "{{ .Chart.Version }}" - - name: PORT - value: {% if index .Annotations "config.http-header-injector.stackstate.io/proxy-port" %}"{% index .Annotations "config.http-header-injector.stackstate.io/proxy-port" %}"{% else %}"7060"{% end %} - - name: DEBUG - value: {% if index .Annotations "config.http-header-injector.stackstate.io/debug" %}"{% index .Annotations "config.http-header-injector.stackstate.io/debug" %}"{% else %}"disabled"{% end %} - securityContext: - runAsUser: {% if index .Annotations "config.http-header-injector.stackstate.io/proxy-uid" %}{% index .Annotations "config.http-header-injector.stackstate.io/proxy-uid" %}{% else %}2103{% end %} - seccompProfile: - type: RuntimeDefault - {{- with .Values.proxy.resources }} - resources: - {{- toYaml . | nindent 12 }} - {{- end }} - - name: http-header-inject-debug - image: "{{ include "http-header-injector.image.registry" (merge $proxyContainerConfig .) }}/{{ .Values.proxyInit.image.repository }}:{{ .Values.proxyInit.image.tag }}" - imagePullPolicy: {{ .Values.proxyInit.image.pullPolicy }} - command: ["/bin/sh", "-c", "while echo \"Running\"; do sleep 1; done"] - securityContext: - allowPrivilegeEscalation: false - capabilities: - add: - - NET_ADMIN - - NET_RAW - privileged: false - readOnlyRootFilesystem: true - runAsNonRoot: false - runAsUser: 0 - seccompProfile: - type: RuntimeDefault - volumeMounts: - # This is required for iptables to be able to run - - mountPath: /run - name: http-header-proxy-init-xtables-lock - - volumes: - - emptyDir: {} - name: http-header-proxy-init-xtables-lock - - mutationconfig.yaml: | - mutationConfigs: - - name: "http-header-injector" - annotationNamespace: "http-header-injector.stackstate.io" - annotationTrigger: "inject" - annotationConfig: - volumeMounts: [] - initContainersBeforePodInitContainers: [ "http-header-proxy-init" ] - initContainers: [ "http-header-proxy-init" ] - containers: [ "http-header-proxy" ] - volumes: [ "http-header-proxy-init-xtables-lock" ] - volumeMounts: [ ] - # Namespaces are ignored by the mutatingwebhook - ignoreNamespaces: [ ] - - name: "http-header-injector-debug" - annotationNamespace: "http-header-injector-debug.stackstate.io" - annotationTrigger: "inject" - annotationConfig: - volumeMounts: [] - initContainersBeforePodInitContainers: [ ] - initContainers: [ ] - containers: [ "http-header-inject-debug" ] - volumes: [ "http-header-proxy-init-xtables-lock" ] - volumeMounts: [ ] - # Namespaces are ignored by the mutatingwebhook - ignoreNamespaces: [ ] - {{- end -}} \ No newline at end of file diff --git a/charts/stackstate/stackstate-k8s-agent/1.0.66/charts/http-header-injector/templates/webhook-deployment.yaml b/charts/stackstate/stackstate-k8s-agent/1.0.66/charts/http-header-injector/templates/webhook-deployment.yaml deleted file mode 100644 index e885d0e46..000000000 --- a/charts/stackstate/stackstate-k8s-agent/1.0.66/charts/http-header-injector/templates/webhook-deployment.yaml +++ /dev/null @@ -1,56 +0,0 @@ -{{- if .Values.enabled -}} -{{- $containerConfig := dict "ContainerConfig" .Values.sidecarInjector -}} -apiVersion: apps/v1 -kind: Deployment -metadata: - labels: - app.kubernetes.io/component: http-header-injector - app.kubernetes.io/instance: {{ .Release.Name }} - app.kubernetes.io/name: {{ include "http-header-injector.app.name" . }} - app: "{{ include "http-header-injector.app.name" . }}" - name: "{{ include "http-header-injector.app.name" . }}" -spec: - replicas: 1 - selector: - matchLabels: - app: "{{ include "http-header-injector.app.name" . }}" - template: - metadata: - labels: - app.kubernetes.io/component: http-header-injector - app.kubernetes.io/instance: {{ .Release.Name }} - app.kubernetes.io/name: {{ include "http-header-injector.app.name" . }} - app: "{{ include "http-header-injector.app.name" . }}" - annotations: - checksum/config: {{ include (print $.Template.BasePath "/webhook-config.yaml") . | sha256sum }} - # This is here to make sure the generic injector gets restarted and picks up a new secret that may have been generated upon upgrade. - revision: "{{ .Release.Revision }}" - name: "{{ include "http-header-injector.app.name" . }}" - spec: - {{- include "http-header-injector.image.pullSecrets" . | nindent 6 }} - volumes: - - name: "{{ include "http-header-injector.webhook-config.name" . }}" - configMap: - name: "{{ include "http-header-injector.webhook-config.name" . }}" - - name: "{{ include "http-header-injector.cert-secret.name" . }}" - secret: - secretName: "{{ include "http-header-injector.cert-secret.name" . }}" - containers: - - image: "{{ include "http-header-injector.image.registry" (merge $containerConfig .) }}/{{ .Values.sidecarInjector.image.repository }}:{{ .Values.sidecarInjector.image.tag }}" - imagePullPolicy: {{ .Values.sidecarInjector.image.pullPolicy }} - name: http-header-injector - volumeMounts: - - name: "{{ include "http-header-injector.webhook-config.name" . }}" - mountPath: /etc/webhook/config - readOnly: true - - name: "{{ include "http-header-injector.cert-secret.name" . }}" - mountPath: /etc/webhook/certs - readOnly: true - command: [ "/sidecarinjector" ] - args: - - --port=8443 - - --sidecar-config-file=/etc/webhook/config/sidecarconfig.yaml - - --mutation-config-file=/etc/webhook/config/mutationconfig.yaml - - --cert-file-path=/etc/webhook/certs/tls.crt - - --key-file-path=/etc/webhook/certs/tls.key -{{- end -}} \ No newline at end of file diff --git a/charts/stackstate/stackstate-k8s-agent/1.0.66/charts/http-header-injector/templates/webhook-mutatingwebhookconfiguration.yaml b/charts/stackstate/stackstate-k8s-agent/1.0.66/charts/http-header-injector/templates/webhook-mutatingwebhookconfiguration.yaml deleted file mode 100644 index 32d58afde..000000000 --- a/charts/stackstate/stackstate-k8s-agent/1.0.66/charts/http-header-injector/templates/webhook-mutatingwebhookconfiguration.yaml +++ /dev/null @@ -1,52 +0,0 @@ -{{- if not (eq .Values.webhook.tls.mode "generated") }} -apiVersion: admissionregistration.k8s.io/v1 -kind: MutatingWebhookConfiguration -metadata: - name: "{{ include "http-header-injector.mutating-webhook.name" . }}" - namespace: "{{ .Release.Namespace }}" - labels: - app.kubernetes.io/component: http-header-injector - app.kubernetes.io/instance: {{ .Release.Name }} - app.kubernetes.io/name: {{ include "http-header-injector.app.name" . }} - annotations: - {{- if eq .Values.webhook.tls.mode "cert-manager" }} - cert-manager.io/inject-ca-from: {{ include "cert-manager.certificate.namespace" . }}/{{ include "http-header-injector.webhook-service.name" . }} - {{- else if eq .Values.webhook.tls.mode "secret" }} - cert-manager.io/inject-ca-from-secret: {{ .Release.Namespace }}/{{ .Values.webhook.tls.secret.name | required "'webhook.tls.secret.name' is required when webhook.tls.mode is 'secret'" }} - {{- end }} -webhooks: - - clientConfig: - {{- if eq .Values.webhook.tls.mode "provided" }} - caBundle: "{{ .Values.webhook.tls.provided.caBundle | b64enc }}" - {{- else if or (eq .Values.webhook.tls.mode "cert-manager") (eq .Values.webhook.tls.mode "secret") }} - caBundle: "" - {{- end }} - service: - name: "{{ include "http-header-injector.webhook-service.name" . }}" - path: /mutate - namespace: {{ .Release.Namespace }} - port: 8443 - # Putting failure on ignore, not doing so can crash the entire control plane if something goes wrong with the service. - failurePolicy: "{{ .Values.webhook.failurePolicy }}" - name: "{{ include "http-header-injector.mutatingwebhookconfiguration.name" . }}" - namespaceSelector: - matchExpressions: - - key: kubernetes.io/metadata.name - operator: NotIn - values: - - kube-system - - cert-manager - - {{ .Release.Namespace }} - rules: - - apiGroups: - - "" - apiVersions: - - v1 - operations: - - CREATE - resources: - - pods - sideEffects: None - admissionReviewVersions: - - v1 -{{- end }} diff --git a/charts/stackstate/stackstate-k8s-agent/1.0.66/charts/http-header-injector/templates/webhook-service.yaml b/charts/stackstate/stackstate-k8s-agent/1.0.66/charts/http-header-injector/templates/webhook-service.yaml deleted file mode 100644 index 6936a5d23..000000000 --- a/charts/stackstate/stackstate-k8s-agent/1.0.66/charts/http-header-injector/templates/webhook-service.yaml +++ /dev/null @@ -1,17 +0,0 @@ -{{- if .Values.enabled -}} -apiVersion: v1 -kind: Service -metadata: - labels: - app.kubernetes.io/component: http-header-injector - app.kubernetes.io/instance: {{ .Release.Name }} - app.kubernetes.io/name: {{ include "http-header-injector.app.name" . }} - name: "{{ include "http-header-injector.webhook-service.name" . }}" -spec: - ports: - - port: 8443 - protocol: TCP - targetPort: 8443 - selector: - app: "{{ include "http-header-injector.app.name" . }}" -{{- end -}} diff --git a/charts/stackstate/stackstate-k8s-agent/1.0.66/charts/http-header-injector/values.yaml b/charts/stackstate/stackstate-k8s-agent/1.0.66/charts/http-header-injector/values.yaml deleted file mode 100644 index b7ed95b53..000000000 --- a/charts/stackstate/stackstate-k8s-agent/1.0.66/charts/http-header-injector/values.yaml +++ /dev/null @@ -1,105 +0,0 @@ -# enabled -- Enable/disable the mutationwebhook -enabled: true - -# debug -- Enable debugging. This will leave leave artifacts around like the prehook jobs for further inspection -debug: false - -global: - # global.imageRegistry -- Globally override the image registry that is used. Can be overridden by specific containers. Defaults to quay.io - imageRegistry: null - # global.imagePullSecrets -- Globally add image pull secrets that are used. - imagePullSecrets: [] - # global.imagePullCredentials -- Globally define credentials for pulling images. - imagePullCredentials: {} - -images: - pullSecretName: - -# proxy -- Proxy being injected into pods for rewriting http headers -proxy: - image: - # proxy.image.registry -- Registry for the docker image. - registry: - # proxy.image.repository - Repository for the docker image - repository: "stackstate/http-header-injector-proxy" - # proxy.image.pullPolicy -- Policy when pulling an image - pullPolicy: IfNotPresent - # proxy.image.tag -- The tag for the docker image - tag: sha-5ff79451 - - # proxy.resource -- Resources for the proxy container - resources: - requests: - # proxy.resources.requests.memory -- Memory resource requests. - memory: "25Mi" - limits: - # proxy.resources.limits.memory -- Memory resource limits. - memory: "40Mi" - -# proxyInit -- InitContainer within pod which redirects traffic to the proxy container. -proxyInit: - image: - # proxyInit.image.registry -- Registry for the docker image - registry: - # proxyInit.image.repository - Repository for the docker image - repository: "stackstate/http-header-injector-proxy-init" - # proxyInit.image.pullPolicy -- Policy when pulling an image - pullPolicy: IfNotPresent - # proxyInit.image.tag -- The tag for the docker image - tag: sha-5ff79451 - -# sidecarInjector -- Service for injecting the proxy sidecar into pods -sidecarInjector: - image: - # sidecarInjector.image.registry -- Registry for the docker image. - registry: - # sidecarInjector.image.repository - Repository for the docker image - repository: "stackstate/generic-sidecar-injector" - # sidecarInjector.image.pullPolicy -- Policy when pulling an image - pullPolicy: IfNotPresent - # sidecarInjector.image.tag -- The tag for the docker image - tag: sha-9c852245 - -# certificatePrehook -- Helm prehook to setup/remove a certificate for the sidecarInjector mutationwebhook -certificatePrehook: - image: - # certificatePrehook.image.registry -- Registry for the docker image. - registry: - # certificatePrehook.image.repository - Repository for the docker image. - repository: stackstate/container-tools - # certificatePrehook.image.pullPolicy -- Policy when pulling an image - pullPolicy: IfNotPresent - # certificatePrehook.image.tag -- The tag for the docker image - tag: 1.2.0 - resources: - limits: - cpu: "100m" - memory: "100Mi" - requests: - cpu: "100m" - memory: "100Mi" - -# webhook -- MutationWebhook that will be installed to inject a sidecar into pods -webhook: - # webhook.failurePolicy -- How should the webhook fail? Best is to use Ignore, because there is a brief moment at initialization when the hook s there but the service not. Also, putting this to fail can cause the control plane be unresponsive. - failurePolicy: Ignore - tls: - # webhook.tls.mode -- The mode for the webhook. Can be "provided", "generated", "secret" or "cert-manager". If you want to use cert-manager, you need to install it first. NOTE: If you choose "generated", additional privileges are required to create the certificate and webhook at runtime. - mode: "generated" - provided: - # webhook.tls.provided.caBundle -- The caBundle that is used for the webhook. This is the certificate that is used to sign the webhook. Only used if you set webhook.tls.mode to "provided". - caBundle: "" - # webhook.tls.provided.crt -- The certificate that is used for the webhook. Only used if you set webhook.tls.mode to "provided". - crt: "" - # webhook.tls.provided.key -- The key that is used for the webhook. Only used if you set webhook.tls.mode to "provided". - key: "" - certManager: - # webhook.tls.certManager.issuer -- The issuer that is used for the webhook. Only used if you set webhook.tls.mode to "cert-manager". - issuer: "" - # webhook.tls.certManager.issuerKind -- The issuer kind that is used for the webhook, valid values are "Issuer" or "ClusterIssuer". Only used if you set webhook.tls.mode to "cert-manager". - issuerKind: "ClusterIssuer" - # webhook.tls.certManager.issuerNamespace -- The namespace the cert-manager issuer is located in. If left empty defaults to the release's namespace that is used for the webhook. Only used if you set webhook.tls.mode to "cert-manager". - issuerNamespace: "" - secret: - # webhook.tls.secret.name -- The name of the secret containing the pre-provisioned certificate data that is used for the webhook. Only used if you set webhook.tls.mode to "secret". - name: "" diff --git a/charts/stackstate/stackstate-k8s-agent/1.0.66/questions.yml b/charts/stackstate/stackstate-k8s-agent/1.0.66/questions.yml deleted file mode 100644 index 5d6e6a011..000000000 --- a/charts/stackstate/stackstate-k8s-agent/1.0.66/questions.yml +++ /dev/null @@ -1,184 +0,0 @@ -questions: - - variable: stackstate.apiKey - label: "StackState API Key" - type: string - description: "The API key for StackState." - required: true - group: General - - variable: stackstate.url - label: "StackState URL" - type: string - description: "The URL where StackState is running." - required: true - group: General - - variable: stackstate.cluster.name - label: "StackState Cluster Name" - type: string - description: "The StackState Cluster Name given when installing the instance of the Kubernetes StackPack in StackState. This is used to identify the cluster in StackState." - required: true - group: General - - variable: all.registry.override - label: "Override Default Image Registry" - type: boolean - description: "Whether or not to override the default image registry." - default: false - group: "General" - show_subquestions_if: true - subquestions: - - variable: all.image.registry - label: "Docker Image Registry" - type: string - description: "The registry to pull the StackState Agent images from." - default: "quay.io" - - variable: global.imagePullCredentials.username - label: "Docker Image Pull Username" - type: string - description: "The username to use when pulling the StackState Agent images." - - variable: global.imagePullCredentials.password - label: "Docker Image Pull Password" - type: secret - description: "The password to use when pulling the StackState Agent images." - - variable: nodeAgent.containers.agent.resources.override - label: "Override Node Agent Resource Allocation" - type: boolean - description: "Whether or not to override the default resources." - default: "false" - group: "Node Agent" - show_subquestions_if: true - subquestions: - - variable: nodeAgent.containers.agent.resources.requests.cpu - label: "CPU Requests" - type: string - description: "The requested CPU for the Node Agent." - default: "20m" - - variable: nodeAgent.containers.agent.resources.requests.memory - label: "Memory Requests" - type: string - description: "The requested memory for the Node Agent." - default: "180Mi" - - variable: nodeAgent.containers.agent.resources.limits.cpu - label: "CPU Limit" - type: string - description: "The CPU limit for the Node Agent." - default: "270m" - - variable: nodeAgent.containers.agent.resources.limits.memory - label: "Memory Limit" - type: string - description: "The memory limit for the Node Agent." - default: "420Mi" - - variable: nodeAgent.containers.processAgent.enabled - label: "Enable Process Agent" - type: boolean - description: "Whether or not to enable the Process Agent." - default: "true" - group: "Process Agent" - - variable: nodeAgent.skipKubeletTLSVerify - label: "Skip Kubelet TLS Verify" - type: boolean - description: "Whether or not to skip TLS verification when connecting to the kubelet API." - default: "true" - group: "Process Agent" - - variable: nodeAgent.containers.processAgent.resources.override - label: "Override Process Agent Resource Allocation" - type: boolean - description: "Whether or not to override the default resources." - default: "false" - group: "Process Agent" - show_subquestions_if: true - subquestions: - - variable: nodeAgent.containers.processAgent.resources.requests.cpu - label: "CPU Requests" - type: string - description: "The requested CPU for the Process Agent." - default: "25m" - - variable: nodeAgent.containers.processAgent.resources.requests.memory - label: "Memory Requests" - type: string - description: "The requested memory for the Process Agent." - default: "128Mi" - - variable: nodeAgent.containers.processAgent.resources.limits.cpu - label: "CPU Limit" - type: string - description: "The CPU limit for the Process Agent." - default: "125m" - - variable: nodeAgent.containers.processAgent.resources.limits.memory - label: "Memory Limit" - type: string - description: "The memory limit for the Process Agent." - default: "400Mi" - - variable: clusterAgent.enabled - label: "Enable Cluster Agent" - type: boolean - description: "Whether or not to enable the Cluster Agent." - default: "true" - group: "Cluster Agent" - - variable: clusterAgent.collection.kubernetesResources.secrets - label: "Collect Secret Resources" - type: boolean - description: | - Whether or not to collect Kubernetes Secrets. - NOTE: StackState will not send the actual data of the secrets, only the metadata and a secure hash of the data. - default: "true" - group: "Cluster Agent" - - variable: clusterAgent.resources.override - label: "Override Cluster Agent Resource Allocation" - type: boolean - description: "Whether or not to override the default resources." - default: "false" - group: "Cluster Agent" - show_subquestions_if: true - subquestions: - - variable: clusterAgent.resources.requests.cpu - label: "CPU Requests" - type: string - description: "The requested CPU for the Cluster Agent." - default: "70m" - - variable: clusterAgent.resources.requests.memory - label: "Memory Requests" - type: string - description: "The requested memory for the Cluster Agent." - default: "512Mi" - - variable: clusterAgent.resources.limits.cpu - label: "CPU Limit" - type: string - description: "The CPU limit for the Cluster Agent." - default: "400m" - - variable: clusterAgent.resources.limits.memory - label: "Memory Limit" - type: string - description: "The memory limit for the Cluster Agent." - default: "800Mi" - - variable: logsAgent.enabled - label: "Enable Logs Agent" - type: boolean - description: "Whether or not to enable the Logs Agent." - default: "true" - group: "Logs Agent" - - variable: logsAgent.resources.override - label: "Override Logs Agent Resource Allocation" - type: boolean - description: "Whether or not to override the default resources." - default: "false" - group: "Logs Agent" - show_subquestions_if: true - subquestions: - - variable: logsAgent.resources.requests.cpu - label: "CPU Requests" - type: string - description: "The requested CPU for the Logs Agent." - default: "20m" - - variable: logsAgent.resources.requests.memory - label: "Memory Requests" - type: string - description: "The requested memory for the Logs Agent." - default: "100Mi" - - variable: logsAgent.resources.limits.cpu - label: "CPU Limit" - type: string - description: "The CPU limit for the Logs Agent." - default: "1300m" - - variable: logsAgent.resources.limits.memory - label: "Memory Limit" - type: string - description: "The memory limit for the Logs Agent." - default: "192Mi" diff --git a/charts/stackstate/stackstate-k8s-agent/1.0.66/templates/_cluster-agent-kube-state-metrics.yaml b/charts/stackstate/stackstate-k8s-agent/1.0.66/templates/_cluster-agent-kube-state-metrics.yaml deleted file mode 100644 index f99fbf618..000000000 --- a/charts/stackstate/stackstate-k8s-agent/1.0.66/templates/_cluster-agent-kube-state-metrics.yaml +++ /dev/null @@ -1,62 +0,0 @@ -{{- define "cluster-agent-kube-state-metrics" -}} -{{- $kubeRes := .Values.clusterAgent.collection.kubernetesResources }} -{{- if .Values.clusterAgent.collection.kubeStateMetrics.clusterCheck }} -cluster_check: true -{{- end }} -init_config: -instances: - - collectors: - - nodes - - pods - - services - {{- if $kubeRes.persistentvolumeclaims }} - - persistentvolumeclaims - {{- end }} - {{- if $kubeRes.persistentvolumes }} - - persistentvolumes - {{- end }} - {{- if $kubeRes.namespaces }} - - namespaces - {{- end }} - {{- if $kubeRes.endpoints }} - - endpoints - {{- end }} - {{- if $kubeRes.daemonsets }} - - daemonsets - {{- end }} - {{- if $kubeRes.deployments }} - - deployments - {{- end }} - {{- if $kubeRes.replicasets }} - - replicasets - {{- end }} - {{- if $kubeRes.statefulsets }} - - statefulsets - {{- end }} - {{- if $kubeRes.cronjobs }} - - cronjobs - {{- end }} - {{- if $kubeRes.jobs }} - - jobs - {{- end }} - {{- if $kubeRes.ingresses }} - - ingresses - {{- end }} - {{- if $kubeRes.secrets }} - - secrets - {{- end }} - - resourcequotas - - replicationcontrollers - - limitranges - - horizontalpodautoscalers - - poddisruptionbudgets - - storageclasses - - volumeattachments - {{- if .Values.clusterAgent.collection.kubeStateMetrics.clusterCheck }} - skip_leader_election: true - {{- end }} - labels_as_tags: - {{ .Values.clusterAgent.collection.kubeStateMetrics.labelsAsTags | toYaml | indent 8 }} - annotations_as_tags: - {{ .Values.clusterAgent.collection.kubeStateMetrics.annotationsAsTags | toYaml | indent 8 }} -{{- end -}} diff --git a/charts/stackstate/stackstate-k8s-agent/1.0.66/templates/_container-agent.yaml b/charts/stackstate/stackstate-k8s-agent/1.0.66/templates/_container-agent.yaml deleted file mode 100644 index 033ca11ec..000000000 --- a/charts/stackstate/stackstate-k8s-agent/1.0.66/templates/_container-agent.yaml +++ /dev/null @@ -1,192 +0,0 @@ -{{- define "container-agent" -}} -- name: node-agent -{{- if .Values.all.hardening.enabled}} - lifecycle: - preStop: - exec: - command: [ "/bin/sh", "-c", "echo 'Giving slim.ai monitor time to submit data...'; sleep 120" ] -{{- end }} - image: "{{ include "stackstate-k8s-agent.imageRegistry" . }}/{{ .Values.nodeAgent.containers.agent.image.repository }}:{{ .Values.nodeAgent.containers.agent.image.tag }}" - imagePullPolicy: "{{ .Values.nodeAgent.containers.agent.image.pullPolicy }}" - env: - - name: STS_API_KEY - valueFrom: - secretKeyRef: - name: {{ include "stackstate-k8s-agent.fullname" . }} - key: sts-api-key - - name: STS_KUBERNETES_KUBELET_HOST - valueFrom: - fieldRef: - fieldPath: status.hostIP - - name: KUBERNETES_HOSTNAME - valueFrom: - fieldRef: - fieldPath: spec.nodeName - - name: STS_HOSTNAME - value: "$(KUBERNETES_HOSTNAME)-{{ .Values.stackstate.cluster.name}}" - - name: AGENT_VERSION - value: {{ .Values.nodeAgent.containers.agent.image.tag | quote }} - - name: HOST_PROC - value: "/host/proc" - - name: HOST_SYS - value: "/host/sys" - - name: KUBERNETES - value: "true" - - name: STS_APM_ENABLED - value: {{ .Values.nodeAgent.apm.enabled | quote }} - - name: STS_APM_URL - value: {{ include "stackstate-k8s-agent.stackstate.url" . }} - - name: STS_CLUSTER_AGENT_ENABLED - value: {{ .Values.clusterAgent.enabled | quote }} - {{- if .Values.clusterAgent.enabled }} - - name: STS_CLUSTER_AGENT_KUBERNETES_SERVICE_NAME - value: {{ .Release.Name }}-cluster-agent - - name: STS_CLUSTER_AGENT_AUTH_TOKEN - valueFrom: - secretKeyRef: - name: {{ include "stackstate-k8s-agent.fullname" . }} - key: sts-cluster-auth-token - {{- end }} - - name: STS_CLUSTER_NAME - value: {{ .Values.stackstate.cluster.name | quote }} - - name: STS_SKIP_VALIDATE_CLUSTERNAME - value: "true" - - name: STS_CHECKS_TAG_CARDINALITY - value: {{ .Values.nodeAgent.checksTagCardinality | quote }} - {{- if .Values.checksAgent.enabled }} - - name: STS_EXTRA_CONFIG_PROVIDERS - value: "endpointschecks" - {{- end }} - - name: STS_HEALTH_PORT - value: "5555" - - name: STS_LEADER_ELECTION - value: "false" - - name: LOG_LEVEL - value: {{ .Values.nodeAgent.containers.agent.logLevel | default .Values.nodeAgent.logLevel | quote }} - - name: STS_LOG_LEVEL - value: {{ .Values.nodeAgent.containers.agent.logLevel | default .Values.nodeAgent.logLevel | quote }} - - name: STS_NETWORK_TRACING_ENABLED - value: {{ .Values.nodeAgent.networkTracing.enabled | quote }} - - name: STS_PROTOCOL_INSPECTION_ENABLED - value: {{ .Values.nodeAgent.protocolInspection.enabled | quote }} - - name: STS_PROCESS_AGENT_ENABLED - value: {{ .Values.nodeAgent.containers.agent.processAgent.enabled | quote }} - - name: STS_CONTAINER_CHECK_INTERVAL - value: {{ .Values.processAgent.checkIntervals.container | quote }} - - name: STS_CONNECTION_CHECK_INTERVAL - value: {{ .Values.processAgent.checkIntervals.connections | quote }} - - name: STS_PROCESS_CHECK_INTERVAL - value: {{ .Values.processAgent.checkIntervals.process | quote }} - - name: STS_PROCESS_AGENT_URL - value: {{ include "stackstate-k8s-agent.stackstate.url" . }} - - name: STS_SKIP_SSL_VALIDATION - value: {{ .Values.nodeAgent.skipSslValidation | quote }} - - name: STS_SKIP_KUBELET_TLS_VERIFY - value: {{ .Values.nodeAgent.skipKubeletTLSVerify | quote }} - - name: STS_STS_URL - value: {{ include "stackstate-k8s-agent.stackstate.url" . }} - {{- if .Values.nodeAgent.containerRuntime.customSocketPath }} - - name: STS_CRI_SOCKET_PATH - value: {{ .Values.nodeAgent.containerRuntime.customSocketPath }} - {{- end }} - {{- range $key, $value := .Values.nodeAgent.containers.agent.env }} - - name: {{ $key }} - value: {{ $value | quote }} - {{- end }} - {{- range $key, $value := .Values.global.extraEnv.open }} - - name: {{ $key }} - value: {{ $value | quote }} - {{- end }} - {{- range $key, $value := .Values.global.extraEnv.secret }} - - name: {{ $key }} - valueFrom: - secretKeyRef: - name: {{ include "stackstate-k8s-agent.fullname" . }} - key: {{ $key }} - {{- end }} - {{- if .Values.nodeAgent.containers.agent.livenessProbe.enabled }} - livenessProbe: - httpGet: - path: /health - port: healthport - failureThreshold: {{ .Values.nodeAgent.containers.agent.livenessProbe.failureThreshold }} - initialDelaySeconds: {{ .Values.nodeAgent.containers.agent.livenessProbe.initialDelaySeconds }} - periodSeconds: {{ .Values.nodeAgent.containers.agent.livenessProbe.periodSeconds }} - successThreshold: {{ .Values.nodeAgent.containers.agent.livenessProbe.successThreshold }} - timeoutSeconds: {{ .Values.nodeAgent.containers.agent.livenessProbe.timeoutSeconds }} - {{- end }} - {{- if .Values.nodeAgent.containers.agent.readinessProbe.enabled }} - readinessProbe: - httpGet: - path: /health - port: healthport - failureThreshold: {{ .Values.nodeAgent.containers.agent.readinessProbe.failureThreshold }} - initialDelaySeconds: {{ .Values.nodeAgent.containers.agent.readinessProbe.initialDelaySeconds }} - periodSeconds: {{ .Values.nodeAgent.containers.agent.readinessProbe.periodSeconds }} - successThreshold: {{ .Values.nodeAgent.containers.agent.readinessProbe.successThreshold }} - timeoutSeconds: {{ .Values.nodeAgent.containers.agent.readinessProbe.timeoutSeconds }} - {{- end }} - ports: - - containerPort: 8126 - name: traceport - protocol: TCP - - containerPort: 5555 - name: healthport - protocol: TCP - {{- with .Values.nodeAgent.containers.agent.resources }} - resources: - {{- toYaml . | nindent 12 }} - {{- end }} - volumeMounts: - {{- if .Values.nodeAgent.containerRuntime.customSocketPath }} - - name: customcrisocket - mountPath: {{ .Values.nodeAgent.containerRuntime.customSocketPath }} - readOnly: true - {{- end }} - - name: crisocket - mountPath: /var/run/crio/crio.sock - readOnly: true - - name: containerdsocket - mountPath: /var/run/containerd/containerd.sock - readOnly: true - - name: kubelet - mountPath: /var/lib/kubelet - readOnly: true - - name: nfs - mountPath: /var/lib/nfs - readOnly: true - - name: dockersocket - mountPath: /var/run/docker.sock - readOnly: true - - name: dockernetns - mountPath: /run/docker/netns - readOnly: true - - name: dockeroverlay2 - mountPath: /var/lib/docker/overlay2 - readOnly: true - - name: procdir - mountPath: /host/proc - readOnly: true - - name: cgroups - mountPath: /host/sys/fs/cgroup - readOnly: true - {{- if .Values.nodeAgent.config.override }} - {{- range .Values.nodeAgent.config.override }} - - name: config-override-volume - mountPath: {{ .path }}/{{ .name }} - subPath: {{ .path | replace "/" "_"}}_{{ .name }} - readOnly: true - {{- end }} - {{- end }} -{{- if .Values.all.hardening.enabled}} - securityContext: - privileged: true - runAsUser: 0 # root - capabilities: - add: [ "ALL" ] - readOnlyRootFilesystem: false -{{- else }} - securityContext: - privileged: false -{{- end }} -{{- end -}} diff --git a/charts/stackstate/stackstate-k8s-agent/1.0.66/templates/_container-process-agent.yaml b/charts/stackstate/stackstate-k8s-agent/1.0.66/templates/_container-process-agent.yaml deleted file mode 100644 index fa6ceb592..000000000 --- a/charts/stackstate/stackstate-k8s-agent/1.0.66/templates/_container-process-agent.yaml +++ /dev/null @@ -1,162 +0,0 @@ -{{- define "container-process-agent" -}} -- name: process-agent -{{ if .Values.nodeAgent.containers.processAgent.image.registry }} - image: "{{ .Values.nodeAgent.containers.processAgent.image.registry }}/{{ .Values.nodeAgent.containers.processAgent.image.repository }}:{{ .Values.nodeAgent.containers.processAgent.image.tag }}" -{{ else }} - image: "{{ include "stackstate-k8s-agent.imageRegistry" . }}/{{ .Values.nodeAgent.containers.processAgent.image.repository }}:{{ .Values.nodeAgent.containers.processAgent.image.tag }}" -{{- end }} - imagePullPolicy: "{{ .Values.nodeAgent.containers.processAgent.image.pullPolicy }}" - ports: - - containerPort: 6063 - env: - - name: STS_API_KEY - valueFrom: - secretKeyRef: - name: {{ include "stackstate-k8s-agent.fullname" . }} - key: sts-api-key - - name: STS_KUBERNETES_KUBELET_HOST - valueFrom: - fieldRef: - fieldPath: status.hostIP - - name: KUBERNETES_HOSTNAME - valueFrom: - fieldRef: - fieldPath: spec.nodeName - - name: STS_HOSTNAME - value: "$(KUBERNETES_HOSTNAME)-{{ .Values.stackstate.cluster.name}}" - - name: AGENT_VERSION - value: {{ .Values.nodeAgent.containers.processAgent.image.tag | quote }} - - name: STS_LOG_TO_CONSOLE - value: "true" - - name: HOST_PROC - value: "/host/proc" - - name: HOST_SYS - value: "/host/sys" - - name: HOST_ETC - value: "/host/etc" - - name: KUBERNETES - value: "true" - - name: STS_CLUSTER_AGENT_ENABLED - value: {{ .Values.clusterAgent.enabled | quote }} - {{- if .Values.clusterAgent.enabled }} - - name: STS_CLUSTER_AGENT_KUBERNETES_SERVICE_NAME - value: {{ .Release.Name }}-cluster-agent - - name: STS_CLUSTER_AGENT_AUTH_TOKEN - valueFrom: - secretKeyRef: - name: {{ include "stackstate-k8s-agent.fullname" . }} - key: sts-cluster-auth-token - {{- end }} - - name: STS_CLUSTER_NAME - value: {{ .Values.stackstate.cluster.name | quote }} - - name: STS_SKIP_VALIDATE_CLUSTERNAME - value: "true" - - name: LOG_LEVEL - value: {{ .Values.nodeAgent.containers.processAgent.logLevel | default .Values.nodeAgent.logLevel | quote }} - - name: STS_LOG_LEVEL - value: {{ .Values.nodeAgent.containers.processAgent.logLevel | default .Values.nodeAgent.logLevel | quote }} - - name: STS_NETWORK_TRACING_ENABLED - value: {{ .Values.nodeAgent.networkTracing.enabled | quote }} - - name: STS_PROTOCOL_INSPECTION_ENABLED - value: {{ .Values.nodeAgent.protocolInspection.enabled | quote }} - - name: STS_PROCESS_AGENT_ENABLED - value: {{ .Values.nodeAgent.containers.processAgent.enabled | quote }} - - name: STS_CONTAINER_CHECK_INTERVAL - value: {{ .Values.processAgent.checkIntervals.container | quote }} - - name: STS_CONNECTION_CHECK_INTERVAL - value: {{ .Values.processAgent.checkIntervals.connections | quote }} - - name: STS_PROCESS_CHECK_INTERVAL - value: {{ .Values.processAgent.checkIntervals.process | quote }} - - name: GOMEMLIMIT - value: {{ .Values.processAgent.softMemoryLimit.goMemLimit | quote }} - - name: STS_HTTP_STATS_BUFFER_SIZE - value: {{ .Values.processAgent.softMemoryLimit.httpStatsBufferSize | quote }} - - name: STS_HTTP_OBSERVATIONS_BUFFER_SIZE - value: {{ .Values.processAgent.softMemoryLimit.httpObservationsBufferSize | quote }} - - name: STS_PROCESS_AGENT_URL - value: {{ include "stackstate-k8s-agent.stackstate.url" . }} - - name: STS_SKIP_SSL_VALIDATION - value: {{ .Values.nodeAgent.skipSslValidation | quote }} - - name: STS_SKIP_KUBELET_TLS_VERIFY - value: {{ .Values.nodeAgent.skipKubeletTLSVerify | quote }} - - name: STS_STS_URL - value: {{ include "stackstate-k8s-agent.stackstate.url" . }} - - name: STS_HTTP_TRACING_ENABLED - value: {{ .Values.nodeAgent.httpTracing.enabled | quote }} - {{- if .Values.nodeAgent.containerRuntime.customSocketPath }} - - name: STS_CRI_SOCKET_PATH - value: {{ .Values.nodeAgent.containerRuntime.customSocketPath }} - {{- end }} - {{- range $key, $value := .Values.nodeAgent.containers.processAgent.env }} - - name: {{ $key }} - value: {{ $value | quote }} - {{- end }} - {{- range $key, $value := .Values.global.extraEnv.open }} - - name: {{ $key }} - value: {{ $value | quote }} - {{- end }} - {{- range $key, $value := .Values.global.extraEnv.secret }} - - name: {{ $key }} - valueFrom: - secretKeyRef: - name: {{ include "stackstate-k8s-agent.fullname" . }} - key: {{ $key }} - {{- end }} - {{- with .Values.nodeAgent.containers.processAgent.resources }} - resources: - {{- toYaml . | nindent 12 }} - {{- end }} - volumeMounts: - {{- if .Values.nodeAgent.containerRuntime.customSocketPath }} - - name: customcrisocket - mountPath: {{ .Values.nodeAgent.containerRuntime.customSocketPath }} - readOnly: true - {{- end }} - - name: crisocket - mountPath: /var/run/crio/crio.sock - readOnly: true - - name: containerdsocket - mountPath: /var/run/containerd/containerd.sock - readOnly: true - - name: sys-kernel-debug - mountPath: /sys/kernel/debug - # Having sys-kernel-debug as read only breaks specific monitors from receiving metrics - # readOnly: true - - name: dockersocket - mountPath: /var/run/docker.sock - readOnly: true - # The agent needs access to /etc to figure out what os it is running on. - - name: etcdir - mountPath: /host/etc - readOnly: true - - name: procdir - mountPath: /host/proc - # We have an agent option STS_DISABLE_BPF_JIT_HARDEN that write to /proc. this is a debug setting but if we want to use - # it, we have the option to make /proc writable. - readOnly: {{ .Values.nodeAgent.containers.processAgent.procVolumeReadOnly }} - - name: passwd - mountPath: /etc/passwd - readOnly: true - - name: cgroups - mountPath: /host/sys/fs/cgroup - readOnly: true - {{- if .Values.nodeAgent.config.override }} - {{- range .Values.nodeAgent.config.override }} - - name: config-override-volume - mountPath: {{ .path }}/{{ .name }} - subPath: {{ .path | replace "/" "_"}}_{{ .name }} - readOnly: true - {{- end }} - {{- end }} -{{- if .Values.all.hardening.enabled}} - securityContext: - privileged: true - runAsUser: 0 # root - capabilities: - add: [ "ALL" ] - readOnlyRootFilesystem: false -{{- else }} - securityContext: - privileged: true -{{- end }} -{{- end -}} diff --git a/charts/stackstate/stackstate-k8s-agent/1.0.66/templates/_helpers.tpl b/charts/stackstate/stackstate-k8s-agent/1.0.66/templates/_helpers.tpl deleted file mode 100644 index 09a27fd6e..000000000 --- a/charts/stackstate/stackstate-k8s-agent/1.0.66/templates/_helpers.tpl +++ /dev/null @@ -1,175 +0,0 @@ -{{/* vim: set filetype=mustache: */}} -{{/* -Expand the name of the chart. -*/}} -{{- define "stackstate-k8s-agent.name" -}} -{{- default .Chart.Name .Values.nameOverride | trunc 63 | trimSuffix "-" -}} -{{- end -}} - -{{/* -Create a default fully qualified app name. -We truncate at 63 chars because some Kubernetes name fields are limited to this (by the DNS naming spec). -If release name contains chart name it will be used as a full name. -*/}} -{{- define "stackstate-k8s-agent.fullname" -}} -{{- if .Values.fullnameOverride -}} -{{- .Values.fullnameOverride | trunc 63 | trimSuffix "-" -}} -{{- else -}} -{{- $name := default .Chart.Name .Values.nameOverride -}} -{{- if contains $name .Release.Name -}} -{{- .Release.Name | trunc 63 | trimSuffix "-" -}} -{{- else -}} -{{- printf "%s-%s" .Release.Name $name | trunc 63 | trimSuffix "-" -}} -{{- end -}} -{{- end -}} -{{- end -}} - -{{/* -Create chart name and version as used by the chart label. -*/}} -{{- define "stackstate-k8s-agent.chart" -}} -{{- printf "%s-%s" .Chart.Name .Chart.Version | replace "+" "_" | trunc 63 | trimSuffix "-" -}} -{{- end -}} - -{{/* -Common labels -*/}} -{{- define "stackstate-k8s-agent.labels" -}} -app.kubernetes.io/name: {{ include "stackstate-k8s-agent.name" . }} -helm.sh/chart: {{ include "stackstate-k8s-agent.chart" . }} -app.kubernetes.io/instance: {{ .Release.Name }} -{{- if .Chart.AppVersion }} -app.kubernetes.io/version: {{ .Chart.AppVersion | quote }} -{{- end }} -app.kubernetes.io/managed-by: {{ .Release.Service }} -{{- end -}} - -{{/* -Cluster agent checksum annotations -*/}} -{{- define "stackstate-k8s-agent.checksum-configs" }} -checksum/secret: {{ include (print $.Template.BasePath "/secret.yaml") . | sha256sum }} -{{- end }} - -{{/* -StackState URL function -*/}} -{{- define "stackstate-k8s-agent.stackstate.url" -}} -{{ tpl .Values.stackstate.url . | quote }} -{{- end }} - -{{- define "stackstate-k8s-agent.configmap.override.checksum" -}} -{{- if .Values.clusterAgent.config.override }} -checksum/override-configmap: {{ include (print $.Template.BasePath "/cluster-agent-configmap.yaml") . | sha256sum }} -{{- end }} -{{- end }} - -{{- define "stackstate-k8s-agent.nodeAgent.configmap.override.checksum" -}} -{{- if .Values.nodeAgent.config.override }} -checksum/override-configmap: {{ include (print $.Template.BasePath "/node-agent-configmap.yaml") . | sha256sum }} -{{- end }} -{{- end }} - -{{- define "stackstate-k8s-agent.logsAgent.configmap.override.checksum" -}} -checksum/override-configmap: {{ include (print $.Template.BasePath "/logs-agent-configmap.yaml") . | sha256sum }} -{{- end }} - -{{- define "stackstate-k8s-agent.checksAgent.configmap.override.checksum" -}} -{{- if .Values.checksAgent.config.override }} -checksum/override-configmap: {{ include (print $.Template.BasePath "/checks-agent-configmap.yaml") . | sha256sum }} -{{- end }} -{{- end }} - - -{{/* -Return the image registry -*/}} -{{- define "stackstate-k8s-agent.imageRegistry" -}} - {{- if .Values.global }} - {{- .Values.global.imageRegistry | default .Values.all.image.registry -}} - {{- else -}} - {{- .Values.all.image.registry -}} - {{- end -}} -{{- end -}} - -{{/* -Renders a value that contains a template. -Usage: -{{ include "stackstate-k8s-agent.tplvalue.render" ( dict "value" .Values.path.to.the.Value "context" $) }} -*/}} -{{- define "stackstate-k8s-agent.tplvalue.render" -}} - {{- if typeIs "string" .value }} - {{- tpl .value .context }} - {{- else }} - {{- tpl (.value | toYaml) .context }} - {{- end }} -{{- end -}} - -{{- define "stackstate-k8s-agent.pull-secret.name" -}} -{{ include "stackstate-k8s-agent.fullname" . }}-pull-secret -{{- end -}} - -{{/* -Return the proper Docker Image Registry Secret Names evaluating values as templates -{{ include "stackstate-k8s-agent.image.pullSecrets" ( dict "images" (list .Values.path.to.the.image1, .Values.path.to.the.image2) "context" $) }} -*/}} -{{- define "stackstate-k8s-agent.image.pullSecrets" -}} - {{- $pullSecrets := list }} - {{- $context := .context }} - {{- if $context.Values.global }} - {{- range $context.Values.global.imagePullSecrets -}} - {{/* Is plain array of strings, compatible with all bitnami charts */}} - {{- $pullSecrets = append $pullSecrets (include "stackstate-k8s-agent.tplvalue.render" (dict "value" . "context" $context)) -}} - {{- end -}} - {{- end -}} - {{- range $context.Values.imagePullSecrets -}} - {{- $pullSecrets = append $pullSecrets (include "stackstate-k8s-agent.tplvalue.render" (dict "value" .name "context" $context)) -}} - {{- end -}} - {{- range .images -}} - {{- if .pullSecretName -}} - {{- $pullSecrets = append $pullSecrets (include "stackstate-k8s-agent.tplvalue.render" (dict "value" .pullSecretName "context" $context)) -}} - {{- end -}} - {{- end -}} - {{- $pullSecrets = append $pullSecrets (include "stackstate-k8s-agent.pull-secret.name" $context) -}} - {{- if (not (empty $pullSecrets)) -}} -imagePullSecrets: - {{- range $pullSecrets | uniq }} - - name: {{ . }} - {{- end }} - {{- end }} -{{- end -}} - -{{/* -Check whether the kubernetes-state-metrics configuration is overridden. If so, return 'true' else return nothing (which is false). -{{ include "stackstate-k8s-agent.kube-state-metrics.overridden" $ }} -*/}} -{{- define "stackstate-k8s-agent.kube-state-metrics.overridden" -}} -{{- if .Values.clusterAgent.config.override }} - {{- range $i, $val := .Values.clusterAgent.config.override }} - {{- if and (eq $val.name "conf.yaml") (eq $val.path "/etc/stackstate-agent/conf.d/kubernetes_state.d") }} -true - {{- end }} - {{- end }} -{{- end }} -{{- end -}} - -{{- define "stackstate-k8s-agent.nodeAgent.kube-state-metrics.overridden" -}} -{{- if .Values.nodeAgent.config.override }} - {{- range $i, $val := .Values.nodeAgent.config.override }} - {{- if and (eq $val.name "auto_conf.yaml") (eq $val.path "/etc/stackstate-agent/conf.d/kubernetes_state.d") }} -true - {{- end }} - {{- end }} -{{- end }} -{{- end -}} - -{{/* -Return the appropriate os label -*/}} -{{- define "label.os" -}} -{{- if semverCompare "^1.14-0" .Capabilities.KubeVersion.GitVersion -}} -kubernetes.io/os -{{- else -}} -beta.kubernetes.io/os -{{- end -}} -{{- end -}} diff --git a/charts/stackstate/stackstate-k8s-agent/1.0.66/templates/checks-agent-clusterrolebinding.yaml b/charts/stackstate/stackstate-k8s-agent/1.0.66/templates/checks-agent-clusterrolebinding.yaml deleted file mode 100644 index 9db8b0bc3..000000000 --- a/charts/stackstate/stackstate-k8s-agent/1.0.66/templates/checks-agent-clusterrolebinding.yaml +++ /dev/null @@ -1,18 +0,0 @@ -{{- if .Values.checksAgent.enabled }} -apiVersion: rbac.authorization.k8s.io/v1 -kind: ClusterRoleBinding -metadata: - name: {{ .Release.Name }}-checks-agent - labels: -{{ include "stackstate-k8s-agent.labels" . | indent 4 }} - app.kubernetes.io/component: checks-agent -roleRef: - apiGroup: rbac.authorization.k8s.io - kind: ClusterRole - name: {{ .Release.Name }}-node-agent -subjects: -- apiGroup: "" - kind: ServiceAccount - name: {{ .Release.Name }}-checks-agent - namespace: {{ .Release.Namespace }} -{{- end -}} diff --git a/charts/stackstate/stackstate-k8s-agent/1.0.66/templates/checks-agent-configmap.yaml b/charts/stackstate/stackstate-k8s-agent/1.0.66/templates/checks-agent-configmap.yaml deleted file mode 100644 index faeefa1fc..000000000 --- a/charts/stackstate/stackstate-k8s-agent/1.0.66/templates/checks-agent-configmap.yaml +++ /dev/null @@ -1,14 +0,0 @@ -{{- if and .Values.checksAgent.enabled .Values.checksAgent.config.override }} -apiVersion: v1 -kind: ConfigMap -metadata: - name: {{ .Release.Name }}-checks-agent - labels: -{{ include "stackstate-k8s-agent.labels" . | indent 4 }} - app.kubernetes.io/component: checks-agent -data: -{{- range .Values.checksAgent.config.override }} - {{ .path | replace "/" "_"}}_{{ .name }}: | -{{ .data | indent 4 -}} -{{- end -}} -{{- end -}} diff --git a/charts/stackstate/stackstate-k8s-agent/1.0.66/templates/checks-agent-deployment.yaml b/charts/stackstate/stackstate-k8s-agent/1.0.66/templates/checks-agent-deployment.yaml deleted file mode 100644 index 4530fc616..000000000 --- a/charts/stackstate/stackstate-k8s-agent/1.0.66/templates/checks-agent-deployment.yaml +++ /dev/null @@ -1,182 +0,0 @@ -{{- if .Values.checksAgent.enabled }} -apiVersion: apps/v1 -kind: Deployment -metadata: - name: {{ .Release.Name }}-checks-agent - namespace: {{ .Release.Namespace }} - labels: -{{ include "stackstate-k8s-agent.labels" . | indent 4 }} - app.kubernetes.io/component: checks-agent -spec: - selector: - matchLabels: - app.kubernetes.io/component: checks-agent - app.kubernetes.io/instance: {{ .Release.Name }} - app.kubernetes.io/name: {{ include "stackstate-k8s-agent.name" . }} - replicas: {{ .Values.checksAgent.replicas }} -{{- with .Values.checksAgent.strategy }} - strategy: - {{- toYaml . | nindent 4 }} -{{- end }} - template: - metadata: - annotations: - {{- include "stackstate-k8s-agent.checksum-configs" . | nindent 8 }} - {{- include "stackstate-k8s-agent.nodeAgent.configmap.override.checksum" . | nindent 8 }} - labels: - app.kubernetes.io/component: checks-agent - app.kubernetes.io/instance: {{ .Release.Name }} - app.kubernetes.io/name: {{ include "stackstate-k8s-agent.name" . }} - spec: - {{- include "stackstate-k8s-agent.image.pullSecrets" (dict "images" (list .Values.checksAgent.image .Values.all.image) "context" $) | nindent 6 }} - {{- if .Values.all.hardening.enabled}} - terminationGracePeriodSeconds: 240 - {{- end }} - containers: - - name: {{ .Chart.Name }} - image: "{{ include "stackstate-k8s-agent.imageRegistry" . }}/{{ .Values.checksAgent.image.repository }}:{{ .Values.checksAgent.image.tag }}" - imagePullPolicy: "{{ .Values.checksAgent.image.pullPolicy }}" - {{- if .Values.all.hardening.enabled}} - lifecycle: - preStop: - exec: - command: [ "/bin/sh", "-c", "echo 'Giving slim.ai monitor time to submit data...'; sleep 120" ] - {{- end }} - env: - - name: STS_API_KEY - valueFrom: - secretKeyRef: - name: {{ include "stackstate-k8s-agent.fullname" . }} - key: sts-api-key - - name: KUBERNETES_HOSTNAME - valueFrom: - fieldRef: - fieldPath: spec.nodeName - - name: STS_HOSTNAME - value: "$(KUBERNETES_HOSTNAME)-{{ .Values.stackstate.cluster.name}}" - - name: AGENT_VERSION - value: {{ .Values.checksAgent.image.tag | quote }} - - name: LOG_LEVEL - value: {{ .Values.checksAgent.logLevel | quote }} - - name: STS_APM_ENABLED - value: "false" - - name: STS_CLUSTER_AGENT_ENABLED - value: {{ .Values.clusterAgent.enabled | quote }} - {{- if .Values.clusterAgent.enabled }} - - name: STS_CLUSTER_AGENT_KUBERNETES_SERVICE_NAME - value: {{ .Release.Name }}-cluster-agent - - name: STS_CLUSTER_AGENT_AUTH_TOKEN - valueFrom: - secretKeyRef: - name: {{ include "stackstate-k8s-agent.fullname" . }} - key: sts-cluster-auth-token - {{- end }} - - name: STS_CLUSTER_NAME - value: {{ .Values.stackstate.cluster.name | quote }} - - name: STS_SKIP_VALIDATE_CLUSTERNAME - value: "true" - - name: STS_CHECKS_TAG_CARDINALITY - value: {{ .Values.checksAgent.checksTagCardinality | quote }} - - name: STS_EXTRA_CONFIG_PROVIDERS - value: "clusterchecks" - - name: STS_HEALTH_PORT - value: "5555" - - name: STS_LEADER_ELECTION - value: "false" - - name: STS_LOG_LEVEL - value: {{ .Values.checksAgent.logLevel | quote }} - - name: STS_NETWORK_TRACING_ENABLED - value: "false" - - name: STS_PROCESS_AGENT_ENABLED - value: "false" - - name: STS_SKIP_SSL_VALIDATION - value: {{ .Values.checksAgent.skipSslValidation | quote }} - - name: STS_STS_URL - value: {{ include "stackstate-k8s-agent.stackstate.url" . }} - {{- range $key, $value := .Values.global.extraEnv.open }} - - name: {{ $key }} - value: {{ $value | quote }} - {{- end }} - {{- range $key, $value := .Values.global.extraEnv.secret }} - - name: {{ $key }} - valueFrom: - secretKeyRef: - name: {{ include "stackstate-k8s-agent.fullname" . }} - key: {{ $key }} - {{- end }} - livenessProbe: - httpGet: - path: /health - port: healthport - failureThreshold: {{ .Values.checksAgent.livenessProbe.failureThreshold }} - initialDelaySeconds: {{ .Values.checksAgent.livenessProbe.initialDelaySeconds }} - periodSeconds: {{ .Values.checksAgent.livenessProbe.periodSeconds }} - successThreshold: {{ .Values.checksAgent.livenessProbe.successThreshold }} - timeoutSeconds: {{ .Values.checksAgent.livenessProbe.timeoutSeconds }} - readinessProbe: - httpGet: - path: /health - port: healthport - failureThreshold: {{ .Values.checksAgent.readinessProbe.failureThreshold }} - initialDelaySeconds: {{ .Values.checksAgent.readinessProbe.initialDelaySeconds }} - periodSeconds: {{ .Values.checksAgent.readinessProbe.periodSeconds }} - successThreshold: {{ .Values.checksAgent.readinessProbe.successThreshold }} - timeoutSeconds: {{ .Values.checksAgent.readinessProbe.timeoutSeconds }} - ports: - - containerPort: 5555 - name: healthport - protocol: TCP - {{- if .Values.all.hardening.enabled}} - securityContext: - privileged: true - runAsUser: 0 # root - capabilities: - add: [ "ALL" ] - readOnlyRootFilesystem: false - {{- else }} - securityContext: - privileged: false - {{- end }} - {{- with .Values.checksAgent.resources }} - resources: - {{- toYaml . | nindent 12 }} - {{- end }} - volumeMounts: - - name: confd-empty-volume - mountPath: /etc/stackstate-agent/conf.d -# setting as readOnly: false because we need the ability to write data on /etc/stackstate-agent/conf.d as we enable checks to run. - readOnly: false - {{- if .Values.checksAgent.config.override }} - {{- range .Values.checksAgent.config.override }} - - name: config-override-volume - mountPath: {{ .path }}/{{ .name }} - subPath: {{ .path | replace "/" "_"}}_{{ .name }} - readOnly: true - {{- end }} - {{- end }} - {{- if .Values.checksAgent.priorityClassName }} - priorityClassName: {{ .Values.checksAgent.priorityClassName }} - {{- end }} - serviceAccountName: {{ .Release.Name }}-checks-agent - nodeSelector: - {{ template "label.os" . }}: {{ .Values.targetSystem }} - {{- with .Values.checksAgent.nodeSelector }} - {{- toYaml . | nindent 8 }} - {{- end }} - {{- with .Values.checksAgent.affinity }} - affinity: - {{- toYaml . | nindent 8 }} - {{- end }} - {{- with .Values.checksAgent.tolerations }} - tolerations: - {{- toYaml . | nindent 8 }} - {{- end }} - volumes: - - name: confd-empty-volume - emptyDir: {} - {{- if .Values.checksAgent.config.override }} - - name: config-override-volume - configMap: - name: {{ .Release.Name }}-checks-agent - {{- end }} -{{- end -}} diff --git a/charts/stackstate/stackstate-k8s-agent/1.0.66/templates/checks-agent-poddisruptionbudget.yaml b/charts/stackstate/stackstate-k8s-agent/1.0.66/templates/checks-agent-poddisruptionbudget.yaml deleted file mode 100644 index 7a9f1d8f9..000000000 --- a/charts/stackstate/stackstate-k8s-agent/1.0.66/templates/checks-agent-poddisruptionbudget.yaml +++ /dev/null @@ -1,20 +0,0 @@ -{{- if .Values.checksAgent.enabled }} -{{- if .Capabilities.APIVersions.Has "policy/v1/PodDisruptionBudget" }} -apiVersion: policy/v1 -{{- else }} -apiVersion: policy/v1beta1 -{{- end }} -kind: PodDisruptionBudget -metadata: - name: {{ .Release.Name }}-checks-agent - labels: -{{ include "stackstate-k8s-agent.labels" . | indent 4 }} - app.kubernetes.io/component: checks-agent -spec: - maxUnavailable: 1 - selector: - matchLabels: - app.kubernetes.io/component: checks-agent - app.kubernetes.io/instance: {{ .Release.Name }} - app.kubernetes.io/name: {{ include "stackstate-k8s-agent.name" . }} -{{- end -}} diff --git a/charts/stackstate/stackstate-k8s-agent/1.0.66/templates/checks-agent-serviceaccount.yaml b/charts/stackstate/stackstate-k8s-agent/1.0.66/templates/checks-agent-serviceaccount.yaml deleted file mode 100644 index 444aad220..000000000 --- a/charts/stackstate/stackstate-k8s-agent/1.0.66/templates/checks-agent-serviceaccount.yaml +++ /dev/null @@ -1,14 +0,0 @@ -{{- if .Values.checksAgent.enabled }} -apiVersion: v1 -kind: ServiceAccount -metadata: - name: {{ .Release.Name }}-checks-agent - namespace: {{ .Release.Namespace }} - labels: -{{ include "stackstate-k8s-agent.labels" . | indent 4 }} - app.kubernetes.io/component: checks-agent -{{- end -}} -{{- with .Values.checksAgent.serviceaccount.annotations }} - annotations: - {{- toYaml . | nindent 4 }} -{{- end }} diff --git a/charts/stackstate/stackstate-k8s-agent/1.0.66/templates/cluster-agent-clusterrole.yaml b/charts/stackstate/stackstate-k8s-agent/1.0.66/templates/cluster-agent-clusterrole.yaml deleted file mode 100644 index 6a7b27d18..000000000 --- a/charts/stackstate/stackstate-k8s-agent/1.0.66/templates/cluster-agent-clusterrole.yaml +++ /dev/null @@ -1,106 +0,0 @@ -{{- $kubeRes := .Values.clusterAgent.collection.kubernetesResources }} -apiVersion: rbac.authorization.k8s.io/v1 -kind: ClusterRole -metadata: - name: {{ include "stackstate-k8s-agent.fullname" . }} - labels: -{{ include "stackstate-k8s-agent.labels" . | indent 4 }} - app.kubernetes.io/component: cluster-agent -rules: -- apiGroups: - - "" - resources: - - events - - nodes - - pods - - services - {{- if $kubeRes.namespaces }} - - namespaces - {{- end }} - {{- if .Values.clusterAgent.collection.kubernetesMetrics }} - - componentstatuses - {{- end }} - {{- if $kubeRes.configmaps }} - - configmaps - {{- end }} - {{- if $kubeRes.endpoints }} - - endpoints - {{- end }} - {{- if $kubeRes.persistentvolumeclaims }} - - persistentvolumeclaims - {{- end }} - {{- if $kubeRes.persistentvolumes }} - - persistentvolumes - {{- end }} - {{- if $kubeRes.secrets }} - - secrets - {{- end }} - {{- if $kubeRes.resourcequotas }} - - resourcequotas - {{- end }} - verbs: - - get - - list - - watch -{{- if or $kubeRes.daemonsets $kubeRes.deployments $kubeRes.replicasets $kubeRes.statefulsets }} -- apiGroups: - - "apps" - resources: - {{- if $kubeRes.daemonsets }} - - daemonsets - {{- end }} - {{- if $kubeRes.deployments }} - - deployments - {{- end }} - {{- if $kubeRes.replicasets }} - - replicasets - {{- end }} - {{- if $kubeRes.statefulsets }} - - statefulsets - {{- end }} - verbs: - - get - - list - - watch -{{- end}} -{{- if $kubeRes.ingresses }} -- apiGroups: - - "extensions" - - "networking.k8s.io" - resources: - - ingresses - verbs: - - get - - list - - watch -{{- end}} -{{- if or $kubeRes.cronjobs $kubeRes.jobs }} -- apiGroups: - - "batch" - resources: - {{- if $kubeRes.cronjobs }} - - cronjobs - {{- end }} - {{- if $kubeRes.jobs }} - - jobs - {{- end }} - verbs: - - get - - list - - watch -{{- end}} -- nonResourceURLs: - - "/healthz" - - "/version" - verbs: - - get -- apiGroups: - - "storage.k8s.io" - resources: - {{- if $kubeRes.volumeattachments }} - - volumeattachments - {{- end }} - verbs: - - get - - list - - watch diff --git a/charts/stackstate/stackstate-k8s-agent/1.0.66/templates/cluster-agent-clusterrolebinding.yaml b/charts/stackstate/stackstate-k8s-agent/1.0.66/templates/cluster-agent-clusterrolebinding.yaml deleted file mode 100644 index 0b1bd37ea..000000000 --- a/charts/stackstate/stackstate-k8s-agent/1.0.66/templates/cluster-agent-clusterrolebinding.yaml +++ /dev/null @@ -1,16 +0,0 @@ -apiVersion: rbac.authorization.k8s.io/v1 -kind: ClusterRoleBinding -metadata: - name: {{ include "stackstate-k8s-agent.fullname" . }} - labels: -{{ include "stackstate-k8s-agent.labels" . | indent 4 }} - app.kubernetes.io/component: cluster-agent -roleRef: - apiGroup: rbac.authorization.k8s.io - kind: ClusterRole - name: {{ include "stackstate-k8s-agent.fullname" . }} -subjects: -- apiGroup: "" - kind: ServiceAccount - name: {{ include "stackstate-k8s-agent.fullname" . }} - namespace: {{ .Release.Namespace }} diff --git a/charts/stackstate/stackstate-k8s-agent/1.0.66/templates/cluster-agent-configmap.yaml b/charts/stackstate/stackstate-k8s-agent/1.0.66/templates/cluster-agent-configmap.yaml deleted file mode 100644 index 89273e11b..000000000 --- a/charts/stackstate/stackstate-k8s-agent/1.0.66/templates/cluster-agent-configmap.yaml +++ /dev/null @@ -1,28 +0,0 @@ -apiVersion: v1 -kind: ConfigMap -metadata: - name: {{ .Release.Name }}-cluster-agent - labels: -{{ include "stackstate-k8s-agent.labels" . | indent 4 }} - app.kubernetes.io/component: cluster-agent -data: - kubernetes_api_events_conf: | - init_config: - instances: - - collect_events: {{ .Values.clusterAgent.collection.kubernetesEvents }} - event_categories:{{ .Values.clusterAgent.config.events.categories | toYaml | nindent 10 }} - kubernetes_api_topology_conf: | - init_config: - instances: - - collection_interval: {{ .Values.clusterAgent.config.topology.collectionInterval }} - resources:{{ .Values.clusterAgent.collection.kubernetesResources | toYaml | nindent 10 }} - {{- if .Values.clusterAgent.collection.kubeStateMetrics.enabled }} - kube_state_metrics_core_conf: | - {{- include "cluster-agent-kube-state-metrics" . | nindent 6 }} - {{- end }} -{{- if .Values.clusterAgent.config.override }} -{{- range .Values.clusterAgent.config.override }} - {{ .path | replace "/" "_"}}_{{ .name }}: | -{{ .data | indent 4 -}} -{{- end -}} -{{- end -}} diff --git a/charts/stackstate/stackstate-k8s-agent/1.0.66/templates/cluster-agent-deployment.yaml b/charts/stackstate/stackstate-k8s-agent/1.0.66/templates/cluster-agent-deployment.yaml deleted file mode 100644 index 60c50803a..000000000 --- a/charts/stackstate/stackstate-k8s-agent/1.0.66/templates/cluster-agent-deployment.yaml +++ /dev/null @@ -1,164 +0,0 @@ -apiVersion: apps/v1 -kind: Deployment -metadata: - name: {{ .Release.Name }}-cluster-agent - labels: -{{ include "stackstate-k8s-agent.labels" . | indent 4 }} - app.kubernetes.io/component: cluster-agent -spec: - replicas: {{ .Values.clusterAgent.replicaCount }} - selector: - matchLabels: - app.kubernetes.io/component: cluster-agent - app.kubernetes.io/instance: {{ .Release.Name }} - app.kubernetes.io/name: {{ include "stackstate-k8s-agent.name" . }} -{{- with .Values.clusterAgent.strategy }} - strategy: - {{- toYaml . | nindent 4 }} -{{- end }} - template: - metadata: - annotations: - {{- include "stackstate-k8s-agent.checksum-configs" . | nindent 8 }} - {{- include "stackstate-k8s-agent.configmap.override.checksum" . | nindent 8 }} - labels: - app.kubernetes.io/component: cluster-agent - app.kubernetes.io/instance: {{ .Release.Name }} - app.kubernetes.io/name: {{ include "stackstate-k8s-agent.name" . }} - spec: - {{- include "stackstate-k8s-agent.image.pullSecrets" (dict "images" (list .Values.clusterAgent.image .Values.all.image) "context" $) | nindent 6 }} - {{- if .Values.clusterAgent.priorityClassName }} - priorityClassName: {{ .Values.clusterAgent.priorityClassName }} - {{- end }} - serviceAccountName: {{ include "stackstate-k8s-agent.fullname" . }} - {{- if .Values.all.hardening.enabled}} - terminationGracePeriodSeconds: 240 - {{- end }} - containers: - - name: cluster-agent - image: "{{ include "stackstate-k8s-agent.imageRegistry" . }}/{{ .Values.clusterAgent.image.repository }}:{{ .Values.clusterAgent.image.tag }}" - imagePullPolicy: "{{ .Values.clusterAgent.image.pullPolicy }}" - {{- if .Values.all.hardening.enabled}} - lifecycle: - preStop: - exec: - command: [ "/bin/sh", "-c", "echo 'Giving slim.ai monitor time to submit data...'; sleep 120" ] - {{- end }} - env: - - name: STS_API_KEY - valueFrom: - secretKeyRef: - name: {{ include "stackstate-k8s-agent.fullname" . }} - key: sts-api-key - - name: STS_CLUSTER_AGENT_AUTH_TOKEN - valueFrom: - secretKeyRef: - name: {{ include "stackstate-k8s-agent.fullname" . }} - key: sts-cluster-auth-token - - name: KUBERNETES_HOSTNAME - valueFrom: - fieldRef: - fieldPath: spec.nodeName - - name: STS_HOSTNAME - value: "$(KUBERNETES_HOSTNAME)-{{ .Values.stackstate.cluster.name}}" - - name: LOG_LEVEL - value: {{ .Values.clusterAgent.logLevel | quote }} - {{- if .Values.checksAgent.enabled }} - - name: STS_CLUSTER_CHECKS_ENABLED - value: "true" - - name: STS_EXTRA_CONFIG_PROVIDERS - value: "kube_endpoints kube_services" - - name: STS_EXTRA_LISTENERS - value: "kube_endpoints kube_services" - {{- end }} - - name: STS_CLUSTER_NAME - value: {{.Values.stackstate.cluster.name | quote }} - - name: STS_SKIP_VALIDATE_CLUSTERNAME - value: "true" - - name: STS_COLLECT_KUBERNETES_METRICS - value: {{ .Values.clusterAgent.collection.kubernetesMetrics | quote }} - - name: STS_COLLECT_KUBERNETES_TIMEOUT - value: {{ .Values.clusterAgent.collection.kubernetesTimeout | quote }} - - name: STS_COLLECT_KUBERNETES_TOPOLOGY - value: {{ .Values.clusterAgent.collection.kubernetesTopology | quote }} - - name: STS_LEADER_ELECTION - value: "true" - - name: STS_LOG_LEVEL - value: {{ .Values.clusterAgent.logLevel | quote }} - - name: STS_CLUSTER_AGENT_CMD_PORT - value: {{ .Values.clusterAgent.service.targetPort | quote }} - - name: STS_STS_URL - value: {{ include "stackstate-k8s-agent.stackstate.url" . }} - {{- if .Values.clusterAgent.config.configMap.maxDataSize }} - - name: STS_CONFIGMAP_MAX_DATASIZE - value: {{ .Values.clusterAgent.config.configMap.maxDataSize | quote }} - {{- end}} - {{- range $key, $value := .Values.global.extraEnv.open }} - - name: {{ $key }} - value: {{ $value | quote }} - {{- end }} - {{- range $key, $value := .Values.global.extraEnv.secret }} - - name: {{ $key }} - valueFrom: - secretKeyRef: - name: {{ include "stackstate-k8s-agent.fullname" . }} - key: {{ $key }} - {{- end }} - {{- if .Values.all.hardening.enabled}} - securityContext: - privileged: true - runAsUser: 0 # root - capabilities: - add: [ "ALL" ] - readOnlyRootFilesystem: false - {{- else }} - securityContext: - privileged: false - {{- end }} - {{- with .Values.clusterAgent.resources }} - resources: - {{- toYaml . | nindent 12 }} - {{- end }} - volumeMounts: - - name: logs - mountPath: /var/log/stackstate-agent - - name: config-override-volume - mountPath: /etc/stackstate-agent/conf.d/kubernetes_api_events.d/conf.yaml - subPath: kubernetes_api_events_conf - - name: config-override-volume - mountPath: /etc/stackstate-agent/conf.d/kubernetes_api_topology.d/conf.yaml - subPath: kubernetes_api_topology_conf - readOnly: true - {{- if .Values.clusterAgent.collection.kubeStateMetrics.enabled }} - - name: config-override-volume - mountPath: /etc/stackstate-agent/conf.d/kubernetes_state_core.d/conf.yaml - subPath: kube_state_metrics_core_conf - readOnly: true - {{- end }} - {{- if .Values.clusterAgent.config.override }} - {{- range .Values.clusterAgent.config.override }} - - name: config-override-volume - mountPath: {{ .path }}/{{ .name }} - subPath: {{ .path | replace "/" "_"}}_{{ .name }} - readOnly: true - {{- end }} - {{- end }} - nodeSelector: - {{ template "label.os" . }}: {{ .Values.targetSystem }} - {{- with .Values.clusterAgent.nodeSelector }} - {{- toYaml . | nindent 8 }} - {{- end }} - {{- with .Values.clusterAgent.affinity }} - affinity: - {{- toYaml . | nindent 8 }} - {{- end }} - {{- with .Values.clusterAgent.tolerations }} - tolerations: - {{- toYaml . | nindent 8 }} - {{- end }} - volumes: - - name: logs - emptyDir: {} - - name: config-override-volume - configMap: - name: {{ .Release.Name }}-cluster-agent diff --git a/charts/stackstate/stackstate-k8s-agent/1.0.66/templates/cluster-agent-poddisruptionbudget.yaml b/charts/stackstate/stackstate-k8s-agent/1.0.66/templates/cluster-agent-poddisruptionbudget.yaml deleted file mode 100644 index 652fa63d9..000000000 --- a/charts/stackstate/stackstate-k8s-agent/1.0.66/templates/cluster-agent-poddisruptionbudget.yaml +++ /dev/null @@ -1,18 +0,0 @@ -{{- if .Capabilities.APIVersions.Has "policy/v1/PodDisruptionBudget" }} -apiVersion: policy/v1 -{{- else }} -apiVersion: policy/v1beta1 -{{- end }} -kind: PodDisruptionBudget -metadata: - name: {{ include "stackstate-k8s-agent.fullname" . }} - labels: -{{ include "stackstate-k8s-agent.labels" . | indent 4 }} - app.kubernetes.io/component: cluster-agent -spec: - maxUnavailable: 1 - selector: - matchLabels: - app.kubernetes.io/component: cluster-agent - app.kubernetes.io/instance: {{ .Release.Name }} - app.kubernetes.io/name: {{ include "stackstate-k8s-agent.name" . }} diff --git a/charts/stackstate/stackstate-k8s-agent/1.0.66/templates/cluster-agent-role.yaml b/charts/stackstate/stackstate-k8s-agent/1.0.66/templates/cluster-agent-role.yaml deleted file mode 100644 index afe1594c1..000000000 --- a/charts/stackstate/stackstate-k8s-agent/1.0.66/templates/cluster-agent-role.yaml +++ /dev/null @@ -1,18 +0,0 @@ -{{- $kubeRes := .Values.clusterAgent.collection.kubernetesResources }} -apiVersion: rbac.authorization.k8s.io/v1 -kind: Role -metadata: - name: {{ include "stackstate-k8s-agent.fullname" . }} - labels: -{{ include "stackstate-k8s-agent.labels" . | indent 4 }} - app.kubernetes.io/component: cluster-agent -rules: -- apiGroups: - - "" - resources: - - configmaps - verbs: - - create - - get - - patch - - update diff --git a/charts/stackstate/stackstate-k8s-agent/1.0.66/templates/cluster-agent-rolebinding.yaml b/charts/stackstate/stackstate-k8s-agent/1.0.66/templates/cluster-agent-rolebinding.yaml deleted file mode 100644 index befaa77f2..000000000 --- a/charts/stackstate/stackstate-k8s-agent/1.0.66/templates/cluster-agent-rolebinding.yaml +++ /dev/null @@ -1,15 +0,0 @@ -apiVersion: rbac.authorization.k8s.io/v1 -kind: RoleBinding -metadata: - name: {{ include "stackstate-k8s-agent.fullname" . }} - labels: -{{ include "stackstate-k8s-agent.labels" . | indent 4 }} - app.kubernetes.io/component: cluster-agent -roleRef: - apiGroup: rbac.authorization.k8s.io - kind: Role - name: {{ include "stackstate-k8s-agent.fullname" . }} -subjects: -- apiGroup: "" - kind: ServiceAccount - name: {{ include "stackstate-k8s-agent.fullname" . }} diff --git a/charts/stackstate/stackstate-k8s-agent/1.0.66/templates/cluster-agent-service.yaml b/charts/stackstate/stackstate-k8s-agent/1.0.66/templates/cluster-agent-service.yaml deleted file mode 100644 index 93c39aaba..000000000 --- a/charts/stackstate/stackstate-k8s-agent/1.0.66/templates/cluster-agent-service.yaml +++ /dev/null @@ -1,18 +0,0 @@ -apiVersion: v1 -kind: Service -metadata: - name: {{ .Release.Name }}-cluster-agent - namespace: {{ .Release.Namespace }} - labels: -{{ include "stackstate-k8s-agent.labels" . | indent 4 }} - app.kubernetes.io/component: cluster-agent -spec: - ports: - - name: clusteragent - port: {{int .Values.clusterAgent.service.port }} - protocol: TCP - targetPort: {{int .Values.clusterAgent.service.targetPort }} - selector: - app.kubernetes.io/component: cluster-agent - app.kubernetes.io/instance: {{ .Release.Name }} - app.kubernetes.io/name: {{ include "stackstate-k8s-agent.name" . }} diff --git a/charts/stackstate/stackstate-k8s-agent/1.0.66/templates/cluster-agent-serviceaccount.yaml b/charts/stackstate/stackstate-k8s-agent/1.0.66/templates/cluster-agent-serviceaccount.yaml deleted file mode 100644 index ff7b7be35..000000000 --- a/charts/stackstate/stackstate-k8s-agent/1.0.66/templates/cluster-agent-serviceaccount.yaml +++ /dev/null @@ -1,12 +0,0 @@ -apiVersion: v1 -kind: ServiceAccount -metadata: - name: {{ include "stackstate-k8s-agent.fullname" . }} - namespace: {{ .Release.Namespace }} - labels: -{{ include "stackstate-k8s-agent.labels" . | indent 4 }} - app.kubernetes.io/component: cluster-agent -{{- with .Values.clusterAgent.serviceaccount.annotations }} - annotations: - {{- toYaml . | nindent 4 }} -{{- end }} diff --git a/charts/stackstate/stackstate-k8s-agent/1.0.66/templates/logs-agent-clusterrole.yaml b/charts/stackstate/stackstate-k8s-agent/1.0.66/templates/logs-agent-clusterrole.yaml deleted file mode 100644 index 70d70aa47..000000000 --- a/charts/stackstate/stackstate-k8s-agent/1.0.66/templates/logs-agent-clusterrole.yaml +++ /dev/null @@ -1,20 +0,0 @@ -{{- if .Values.logsAgent.enabled }} -apiVersion: rbac.authorization.k8s.io/v1 -kind: ClusterRole -metadata: - name: {{ .Release.Name }}-logs-agent - labels: -{{ include "stackstate-k8s-agent.labels" . | indent 4 }} - app.kubernetes.io/component: logs-agent -rules: -- apiGroups: # Kubelet connectivity - - "" - resources: - - nodes - - services - - pods - verbs: - - get - - watch - - list -{{- end -}} diff --git a/charts/stackstate/stackstate-k8s-agent/1.0.66/templates/logs-agent-clusterrolebinding.yaml b/charts/stackstate/stackstate-k8s-agent/1.0.66/templates/logs-agent-clusterrolebinding.yaml deleted file mode 100644 index 802c5d8c5..000000000 --- a/charts/stackstate/stackstate-k8s-agent/1.0.66/templates/logs-agent-clusterrolebinding.yaml +++ /dev/null @@ -1,18 +0,0 @@ -{{- if .Values.logsAgent.enabled }} -apiVersion: rbac.authorization.k8s.io/v1 -kind: ClusterRoleBinding -metadata: - name: {{ .Release.Name }}-logs-agent - labels: -{{ include "stackstate-k8s-agent.labels" . | indent 4 }} - app.kubernetes.io/component: logs-agent -roleRef: - apiGroup: rbac.authorization.k8s.io - kind: ClusterRole - name: {{ .Release.Name }}-logs-agent -subjects: -- apiGroup: "" - kind: ServiceAccount - name: {{ .Release.Name }}-logs-agent - namespace: {{ .Release.Namespace }} -{{- end -}} diff --git a/charts/stackstate/stackstate-k8s-agent/1.0.66/templates/logs-agent-configmap.yaml b/charts/stackstate/stackstate-k8s-agent/1.0.66/templates/logs-agent-configmap.yaml deleted file mode 100644 index c934777ef..000000000 --- a/charts/stackstate/stackstate-k8s-agent/1.0.66/templates/logs-agent-configmap.yaml +++ /dev/null @@ -1,54 +0,0 @@ -{{- if .Values.logsAgent.enabled }} -apiVersion: v1 -kind: ConfigMap -metadata: - name: {{ .Release.Name }}-logs-agent - labels: -{{ include "stackstate-k8s-agent.labels" . | indent 4 }} - app.kubernetes.io/component: logs-agent -data: - promtail.yaml: | - server: - http_listen_port: 9080 - grpc_listen_port: 0 - - clients: - - url: {{ tpl .Values.stackstate.url . }}/logs/k8s?api_key=${STS_API_KEY} - external_labels: - sts_cluster_name: {{ .Values.stackstate.cluster.name | quote }} - - positions: - filename: /tmp/positions.yaml - target_config: - sync_period: 10s - scrape_configs: - - job_name: pod-logs - kubernetes_sd_configs: - - role: pod - pipeline_stages: - - docker: {} - - cri: {} - relabel_configs: - - action: replace - source_labels: - - __meta_kubernetes_pod_name - target_label: pod_name - - action: replace - source_labels: - - __meta_kubernetes_pod_uid - target_label: pod_uid - - action: replace - source_labels: - - __meta_kubernetes_pod_container_name - target_label: container_name - # The __path__ is required by the promtail client - - replacement: /var/log/pods/*$1/*.log - separator: / - source_labels: - - __meta_kubernetes_pod_uid - - __meta_kubernetes_pod_container_name - target_label: __path__ - # Drop all remaining labels, we do not need those - - action: drop - regex: __meta_(.*) -{{- end -}} diff --git a/charts/stackstate/stackstate-k8s-agent/1.0.66/templates/logs-agent-daemonset.yaml b/charts/stackstate/stackstate-k8s-agent/1.0.66/templates/logs-agent-daemonset.yaml deleted file mode 100644 index 015cdba2a..000000000 --- a/charts/stackstate/stackstate-k8s-agent/1.0.66/templates/logs-agent-daemonset.yaml +++ /dev/null @@ -1,90 +0,0 @@ -{{- if .Values.logsAgent.enabled }} -apiVersion: apps/v1 -kind: DaemonSet -metadata: - name: {{ .Release.Name }}-logs-agent - namespace: {{ .Release.Namespace }} - labels: -{{ include "stackstate-k8s-agent.labels" . | indent 4 }} - app.kubernetes.io/component: logs-agent -spec: - selector: - matchLabels: - app.kubernetes.io/component: logs-agent - app.kubernetes.io/instance: {{ .Release.Name }} - app.kubernetes.io/name: {{ include "stackstate-k8s-agent.name" . }} -{{- with .Values.logsAgent.updateStrategy }} - updateStrategy: - {{- toYaml . | nindent 4 }} -{{- end }} - template: - metadata: - annotations: - {{- include "stackstate-k8s-agent.checksum-configs" . | nindent 8 }} - {{- include "stackstate-k8s-agent.logsAgent.configmap.override.checksum" . | nindent 8 }} - labels: - app.kubernetes.io/component: logs-agent - app.kubernetes.io/instance: {{ .Release.Name }} - app.kubernetes.io/name: {{ include "stackstate-k8s-agent.name" . }} - spec: - {{- include "stackstate-k8s-agent.image.pullSecrets" (dict "images" (list .Values.logsAgent.image .Values.all.image) "context" $) | nindent 6 }} - containers: - - name: logs-agent - image: "{{ include "stackstate-k8s-agent.imageRegistry" . }}/{{ .Values.logsAgent.image.repository }}:{{ .Values.logsAgent.image.tag }}" - args: - - -config.expand-env=true - - -config.file=/etc/promtail/promtail.yaml - imagePullPolicy: "{{ .Values.logsAgent.image.pullPolicy }}" - env: - - name: STS_API_KEY - valueFrom: - secretKeyRef: - name: {{ include "stackstate-k8s-agent.fullname" . }} - key: sts-api-key - - name: "HOSTNAME" # needed when using kubernetes_sd_configs - valueFrom: - fieldRef: - fieldPath: "spec.nodeName" - securityContext: - privileged: false - {{- with .Values.logsAgent.resources }} - resources: - {{- toYaml . | nindent 12 }} - {{- end }} - volumeMounts: - - name: logs - mountPath: /var/log - readOnly: true - - name: logs-agent-config - mountPath: /etc/promtail - readOnly: true - - name: varlibdockercontainers - mountPath: /var/lib/docker/containers - readOnly: true - {{- if .Values.logsAgent.priorityClassName }} - priorityClassName: {{ .Values.logsAgent.priorityClassName }} - {{- end }} - serviceAccountName: {{ .Release.Name }}-logs-agent - {{- with .Values.logsAgent.nodeSelector }} - nodeSelector: - {{- toYaml . | nindent 8 }} - {{- end }} - {{- with .Values.logsAgent.affinity }} - affinity: - {{- toYaml . | nindent 8 }} - {{- end }} - {{- with .Values.logsAgent.tolerations }} - tolerations: - {{- toYaml . | nindent 8 }} - {{- end }} - volumes: - - name: logs - hostPath: - path: /var/log - - name: varlibdockercontainers - hostPath: - path: /var/lib/docker/containers - - name: logs-agent-config - configMap: - name: {{ .Release.Name }}-logs-agent -{{- end -}} diff --git a/charts/stackstate/stackstate-k8s-agent/1.0.66/templates/logs-agent-serviceaccount.yaml b/charts/stackstate/stackstate-k8s-agent/1.0.66/templates/logs-agent-serviceaccount.yaml deleted file mode 100644 index e562c04e4..000000000 --- a/charts/stackstate/stackstate-k8s-agent/1.0.66/templates/logs-agent-serviceaccount.yaml +++ /dev/null @@ -1,14 +0,0 @@ -{{- if .Values.logsAgent.enabled }} -apiVersion: v1 -kind: ServiceAccount -metadata: - name: {{ .Release.Name }}-logs-agent - namespace: {{ .Release.Namespace }} - labels: -{{ include "stackstate-k8s-agent.labels" . | indent 4 }} - app.kubernetes.io/component: logs-agent -{{- with .Values.logsAgent.serviceaccount.annotations }} - annotations: - {{- toYaml . | nindent 4 }} -{{- end }} -{{- end -}} diff --git a/charts/stackstate/stackstate-k8s-agent/1.0.66/templates/node-agent-clusterrole.yaml b/charts/stackstate/stackstate-k8s-agent/1.0.66/templates/node-agent-clusterrole.yaml deleted file mode 100644 index 11a53c6ed..000000000 --- a/charts/stackstate/stackstate-k8s-agent/1.0.66/templates/node-agent-clusterrole.yaml +++ /dev/null @@ -1,18 +0,0 @@ -apiVersion: rbac.authorization.k8s.io/v1 -kind: ClusterRole -metadata: - name: {{ .Release.Name }}-node-agent - labels: -{{ include "stackstate-k8s-agent.labels" . | indent 4 }} - app.kubernetes.io/component: node-agent -rules: -- apiGroups: # Kubelet connectivity - - "" - resources: - - nodes/metrics - - nodes/proxy - - nodes/spec - - endpoints - verbs: - - get - - list diff --git a/charts/stackstate/stackstate-k8s-agent/1.0.66/templates/node-agent-clusterrolebinding.yaml b/charts/stackstate/stackstate-k8s-agent/1.0.66/templates/node-agent-clusterrolebinding.yaml deleted file mode 100644 index 8a33cb0bc..000000000 --- a/charts/stackstate/stackstate-k8s-agent/1.0.66/templates/node-agent-clusterrolebinding.yaml +++ /dev/null @@ -1,16 +0,0 @@ -apiVersion: rbac.authorization.k8s.io/v1 -kind: ClusterRoleBinding -metadata: - name: {{ .Release.Name }}-node-agent - labels: -{{ include "stackstate-k8s-agent.labels" . | indent 4 }} - app.kubernetes.io/component: node-agent -roleRef: - apiGroup: rbac.authorization.k8s.io - kind: ClusterRole - name: {{ .Release.Name }}-node-agent -subjects: -- apiGroup: "" - kind: ServiceAccount - name: {{ .Release.Name }}-node-agent - namespace: {{ .Release.Namespace }} diff --git a/charts/stackstate/stackstate-k8s-agent/1.0.66/templates/node-agent-configmap.yaml b/charts/stackstate/stackstate-k8s-agent/1.0.66/templates/node-agent-configmap.yaml deleted file mode 100644 index 8fdd99258..000000000 --- a/charts/stackstate/stackstate-k8s-agent/1.0.66/templates/node-agent-configmap.yaml +++ /dev/null @@ -1,14 +0,0 @@ -{{- if .Values.nodeAgent.config.override }} -apiVersion: v1 -kind: ConfigMap -metadata: - name: {{ .Release.Name }}-node-agent - labels: -{{ include "stackstate-k8s-agent.labels" . | indent 4 }} - app.kubernetes.io/component: node-agent -data: -{{- range .Values.nodeAgent.config.override }} - {{ .path | replace "/" "_"}}_{{ .name }}: | -{{ .data | indent 4 -}} -{{- end -}} -{{- end -}} diff --git a/charts/stackstate/stackstate-k8s-agent/1.0.66/templates/node-agent-daemonset.yaml b/charts/stackstate/stackstate-k8s-agent/1.0.66/templates/node-agent-daemonset.yaml deleted file mode 100644 index dd47d1a9e..000000000 --- a/charts/stackstate/stackstate-k8s-agent/1.0.66/templates/node-agent-daemonset.yaml +++ /dev/null @@ -1,105 +0,0 @@ ---- -apiVersion: apps/v1 -kind: DaemonSet -metadata: - name: {{ .Release.Name }}-node-agent - namespace: {{ .Release.Namespace }} - labels: -{{ include "stackstate-k8s-agent.labels" . | indent 4 }} - app.kubernetes.io/component: node-agent -spec: - selector: - matchLabels: - app.kubernetes.io/component: node-agent - app.kubernetes.io/instance: {{ .Release.Name }} - app.kubernetes.io/name: {{ include "stackstate-k8s-agent.name" . }} -{{- with .Values.nodeAgent.updateStrategy }} - updateStrategy: - {{- toYaml . | nindent 4 }} -{{- end }} - template: - metadata: - annotations: - {{- include "stackstate-k8s-agent.checksum-configs" . | nindent 8 }} - {{- include "stackstate-k8s-agent.nodeAgent.configmap.override.checksum" . | nindent 8 }} - labels: - app.kubernetes.io/component: node-agent - app.kubernetes.io/instance: {{ .Release.Name }} - app.kubernetes.io/name: {{ include "stackstate-k8s-agent.name" . }} - spec: - {{- include "stackstate-k8s-agent.image.pullSecrets" (dict "images" (list .Values.nodeAgent.containers.agent.image .Values.all.image) "context" $) | nindent 6 }} - {{- if .Values.all.hardening.enabled}} - terminationGracePeriodSeconds: 240 - {{- end }} - containers: - {{- include "container-agent" . | nindent 6 }} - {{- if .Values.nodeAgent.containers.processAgent.enabled }} - {{- include "container-process-agent" . | nindent 6 }} - {{- end }} - dnsPolicy: ClusterFirstWithHostNet - hostNetwork: true - hostPID: true - {{- if .Values.nodeAgent.priorityClassName }} - priorityClassName: {{ .Values.nodeAgent.priorityClassName }} - {{- end }} - serviceAccountName: {{ .Release.Name }}-node-agent - nodeSelector: - {{ template "label.os" . }}: {{ .Values.targetSystem }} - {{- with .Values.nodeAgent.nodeSelector }} - {{- toYaml . | nindent 8 }} - {{- end }} - {{- with .Values.nodeAgent.affinity }} - affinity: - {{- toYaml . | nindent 8 }} - {{- end }} - {{- with .Values.nodeAgent.tolerations }} - tolerations: - {{- toYaml . | nindent 8 }} - {{- end }} - volumes: - {{- if .Values.nodeAgent.containerRuntime.customSocketPath }} - - hostPath: - path: {{ .Values.nodeAgent.containerRuntime.customSocketPath }} - name: customcrisocket - {{- end }} - - hostPath: - path: /var/lib/kubelet - name: kubelet - - hostPath: - path: /var/lib/nfs - name: nfs - - hostPath: - path: /var/lib/docker/overlay2 - name: dockeroverlay2 - - hostPath: - path: /run/docker/netns - name: dockernetns - - hostPath: - path: /var/run/crio/crio.sock - name: crisocket - - hostPath: - path: /var/run/containerd/containerd.sock - name: containerdsocket - - hostPath: - path: /sys/kernel/debug - name: sys-kernel-debug - - hostPath: - path: /var/run/docker.sock - name: dockersocket - - hostPath: - path: {{ .Values.nodeAgent.containerRuntime.hostProc }} - name: procdir - - hostPath: - path: /etc - name: etcdir - - hostPath: - path: /etc/passwd - name: passwd - - hostPath: - path: /sys/fs/cgroup - name: cgroups - {{- if .Values.nodeAgent.config.override }} - - name: config-override-volume - configMap: - name: {{ .Release.Name }}-node-agent - {{- end }} diff --git a/charts/stackstate/stackstate-k8s-agent/1.0.66/templates/node-agent-podautoscaler.yaml b/charts/stackstate/stackstate-k8s-agent/1.0.66/templates/node-agent-podautoscaler.yaml deleted file mode 100644 index f3de625e9..000000000 --- a/charts/stackstate/stackstate-k8s-agent/1.0.66/templates/node-agent-podautoscaler.yaml +++ /dev/null @@ -1,35 +0,0 @@ ---- -{{- if .Values.nodeAgent.autoScalingEnabled }} -apiVersion: "autoscaling.k8s.io/v1" -kind: VerticalPodAutoscaler -metadata: - name: {{ .Release.Name }}-node-agent-vpa - namespace: {{ .Release.Namespace }} -spec: - targetRef: - apiVersion: "apps/v1" - kind: DaemonSet - name: {{ .Release.Name }}-node-agent - resourcePolicy: - containerPolicies: - - containerName: 'node-agent' - minAllowed: - cpu: {{ .Values.nodeAgent.scaling.autoscalerLimits.agent.minimum.cpu }} - memory: {{ .Values.nodeAgent.scaling.autoscalerLimits.agent.minimum.memory }} - maxAllowed: - cpu: {{ .Values.nodeAgent.scaling.autoscalerLimits.agent.maximum.cpu }} - memory: {{ .Values.nodeAgent.scaling.autoscalerLimits.agent.maximum.memory }} - controlledResources: ["cpu", "memory"] - controlledValues: RequestsAndLimits - - containerName: 'process-agent' - minAllowed: - cpu: {{ .Values.nodeAgent.scaling.autoscalerLimits.processAgent.minimum.cpu }} - memory: {{ .Values.nodeAgent.scaling.autoscalerLimits.processAgent.minimum.memory }} - maxAllowed: - cpu: {{ .Values.nodeAgent.scaling.autoscalerLimits.processAgent.maximum.cpu }} - memory: {{ .Values.nodeAgent.scaling.autoscalerLimits.processAgent.maximum.memory }} - controlledResources: ["cpu", "memory"] - controlledValues: RequestsAndLimits - updatePolicy: - updateMode: "Auto" -{{- end }} diff --git a/charts/stackstate/stackstate-k8s-agent/1.0.66/templates/node-agent-scc.yaml b/charts/stackstate/stackstate-k8s-agent/1.0.66/templates/node-agent-scc.yaml deleted file mode 100644 index 562a099c7..000000000 --- a/charts/stackstate/stackstate-k8s-agent/1.0.66/templates/node-agent-scc.yaml +++ /dev/null @@ -1,56 +0,0 @@ -{{- if .Values.nodeAgent.scc.enabled }} -allowHostDirVolumePlugin: true -# was true -allowHostIPC: true -# was true -allowHostNetwork: true -# Allow host PID for dogstatsd origin detection -allowHostPID: true -# Allow host ports for dsd / trace / logs intake -allowHostPorts: true -allowPrivilegeEscalation: true -# was true -allowPrivilegedContainer: true -# was - '*' -allowedCapabilities: [] -allowedUnsafeSysctls: -- '*' -apiVersion: security.openshift.io/v1 -defaultAddCapabilities: null -fsGroup: -# was RunAsAny - type: MustRunAs -groups: [] -kind: SecurityContextConstraints -metadata: - name: {{ .Release.Name }}-node-agent - namespace: {{ .Release.Namespace }} -priority: null -readOnlyRootFilesystem: false -requiredDropCapabilities: null -# was RunAsAny -runAsUser: - type: MustRunAsRange -# Use the `spc_t` selinux type to access the -# docker socket + proc and cgroup stats -seLinuxContext: - type: RunAsAny - seLinuxOptions: - user: "system_u" - role: "system_r" - type: "spc_t" - level: "s0" -# was - '*' -seccompProfiles: [] -supplementalGroups: - type: RunAsAny -users: -- system:serviceaccount:{{ .Release.Namespace }}:{{ .Release.Name }}-node-agent -# Allow hostPath for docker / process metrics -volumes: - - configMap - - downwardAPI - - emptyDir - - hostPath - - secret -{{- end }} diff --git a/charts/stackstate/stackstate-k8s-agent/1.0.66/templates/node-agent-service.yaml b/charts/stackstate/stackstate-k8s-agent/1.0.66/templates/node-agent-service.yaml deleted file mode 100644 index ad5ad71ce..000000000 --- a/charts/stackstate/stackstate-k8s-agent/1.0.66/templates/node-agent-service.yaml +++ /dev/null @@ -1,26 +0,0 @@ -apiVersion: v1 -kind: Service -metadata: - name: {{ .Release.Name }}-node-agent - namespace: {{ .Release.Namespace }} - labels: -{{ include "stackstate-k8s-agent.labels" . | indent 4 }} - app.kubernetes.io/component: node-agent -{{- with .Values.nodeAgent.service.annotations }} - annotations: - {{- toYaml . | nindent 4 }} -{{- end }} -spec: - type: {{ .Values.nodeAgent.service.type }} -{{- if eq .Values.nodeAgent.service.type "LoadBalancer" }} - loadBalancerSourceRanges: {{ toYaml .Values.nodeAgent.service.loadBalancerSourceRanges | nindent 4}} -{{- end }} - ports: - - name: traceport - port: 8126 - protocol: TCP - targetPort: 8126 - selector: - app.kubernetes.io/component: node-agent - app.kubernetes.io/instance: {{ .Release.Name }} - app.kubernetes.io/name: {{ include "stackstate-k8s-agent.name" . }} diff --git a/charts/stackstate/stackstate-k8s-agent/1.0.66/templates/node-agent-serviceaccount.yaml b/charts/stackstate/stackstate-k8s-agent/1.0.66/templates/node-agent-serviceaccount.yaml deleted file mode 100644 index 935fa9674..000000000 --- a/charts/stackstate/stackstate-k8s-agent/1.0.66/templates/node-agent-serviceaccount.yaml +++ /dev/null @@ -1,12 +0,0 @@ -apiVersion: v1 -kind: ServiceAccount -metadata: - name: {{ .Release.Name }}-node-agent - namespace: {{ .Release.Namespace }} - labels: -{{ include "stackstate-k8s-agent.labels" . | indent 4 }} - app.kubernetes.io/component: node-agent -{{- with .Values.nodeAgent.serviceaccount.annotations }} - annotations: - {{- toYaml . | nindent 4 }} -{{- end }} diff --git a/charts/stackstate/stackstate-k8s-agent/1.0.66/templates/openshift-logging-secret.yaml b/charts/stackstate/stackstate-k8s-agent/1.0.66/templates/openshift-logging-secret.yaml deleted file mode 100644 index df813afe2..000000000 --- a/charts/stackstate/stackstate-k8s-agent/1.0.66/templates/openshift-logging-secret.yaml +++ /dev/null @@ -1,17 +0,0 @@ -{{- if .Values.openShiftLogging.installSecret }} -apiVersion: v1 -kind: Secret -metadata: - name: {{ include "stackstate-k8s-agent.fullname" . }}-logging-secret - namespace: openshift-logging - labels: -{{ include "stackstate-k8s-agent.labels" . | indent 4 }} -type: Opaque -data: - username: {{ "apikey" | b64enc | quote }} -{{- if .Values.global.receiverApiKey }} - password: {{ .Values.global.receiverApiKey | b64enc | quote }} -{{- else }} - password: {{ .Values.stackstate.apiKey | b64enc | quote }} -{{- end }} -{{- end }} diff --git a/charts/stackstate/stackstate-k8s-agent/1.0.66/templates/pull-secret.yaml b/charts/stackstate/stackstate-k8s-agent/1.0.66/templates/pull-secret.yaml deleted file mode 100644 index 441a42a15..000000000 --- a/charts/stackstate/stackstate-k8s-agent/1.0.66/templates/pull-secret.yaml +++ /dev/null @@ -1,35 +0,0 @@ -{{- $defaultRegistry := .Values.global.imageRegistry }} -{{- $top := . }} -{{- $registryAuthMap := dict }} - -{{- range $registry, $credentials := .Values.global.imagePullCredentials }} - {{- $registryAuthDocument := dict -}} - {{- $_ := set $registryAuthDocument "username" $credentials.username }} - {{- $_ := set $registryAuthDocument "password" $credentials.password }} - {{- $authMessage := printf "%s:%s" $registryAuthDocument.username $registryAuthDocument.password | b64enc }} - {{- $_ := set $registryAuthDocument "auth" $authMessage }} - {{- if eq $registry "default" }} - {{- $registryAuthMap := set $registryAuthMap (include "stackstate-k8s-agent.imageRegistry" $top) $registryAuthDocument }} - {{ else }} - {{- $registryAuthMap := set $registryAuthMap $registry $registryAuthDocument }} - {{- end }} -{{- end }} - -{{- if .Values.all.image.pullSecretUsername }} - {{- $registryAuthDocument := dict -}} - {{- $_ := set $registryAuthDocument "username" .Values.all.image.pullSecretUsername }} - {{- $_ := set $registryAuthDocument "password" .Values.all.image.pullSecretPassword }} - {{- $authMessage := printf "%s:%s" $registryAuthDocument.username $registryAuthDocument.password | b64enc }} - {{- $_ := set $registryAuthDocument "auth" $authMessage }} - {{- $registryAuthMap := set $registryAuthMap (include "stackstate-k8s-agent.imageRegistry" $top) $registryAuthDocument }} -{{- end }} - -{{- $dockerAuthsDocuments := dict "auths" $registryAuthMap }} - -apiVersion: v1 -kind: Secret -metadata: - name: {{ include "stackstate-k8s-agent.pull-secret.name" . }} -data: - .dockerconfigjson: {{ $dockerAuthsDocuments | toJson | b64enc | quote }} -type: kubernetes.io/dockerconfigjson diff --git a/charts/stackstate/stackstate-k8s-agent/1.0.66/templates/secret.yaml b/charts/stackstate/stackstate-k8s-agent/1.0.66/templates/secret.yaml deleted file mode 100644 index 31057ccf3..000000000 --- a/charts/stackstate/stackstate-k8s-agent/1.0.66/templates/secret.yaml +++ /dev/null @@ -1,22 +0,0 @@ -apiVersion: v1 -kind: Secret -metadata: - name: {{ include "stackstate-k8s-agent.fullname" . }} - namespace: {{ .Release.Namespace }} - labels: -{{ include "stackstate-k8s-agent.labels" . | indent 4 }} -type: Opaque -data: -{{- if .Values.global.receiverApiKey }} - sts-api-key: {{ .Values.global.receiverApiKey | b64enc | quote }} -{{- else }} - sts-api-key: {{ .Values.stackstate.apiKey | b64enc | quote }} -{{- end }} -{{- if .Values.stackstate.cluster.authToken }} - sts-cluster-auth-token: {{ .Values.stackstate.cluster.authToken | b64enc | quote }} -{{- else }} - sts-cluster-auth-token: {{ randAlphaNum 32 | b64enc | quote }} -{{- end }} -{{- range $key, $value := .Values.global.extraEnv.secret }} - {{ $key }}: {{ $value | b64enc | quote }} -{{- end }} diff --git a/charts/stackstate/stackstate-k8s-agent/1.0.66/test/clusteragent_resources_test.go b/charts/stackstate/stackstate-k8s-agent/1.0.66/test/clusteragent_resources_test.go deleted file mode 100644 index 25875e871..000000000 --- a/charts/stackstate/stackstate-k8s-agent/1.0.66/test/clusteragent_resources_test.go +++ /dev/null @@ -1,145 +0,0 @@ -package test - -import ( - "regexp" - "strings" - "testing" - - v1 "k8s.io/api/rbac/v1" - - "github.com/stretchr/testify/assert" - "gitlab.com/StackVista/DevOps/helm-charts/helmtestutil" -) - -var requiredRules = []string{ - "events+get,list,watch", - "nodes+get,list,watch", - "pods+get,list,watch", - "services+get,list,watch", - "configmaps+create,get,patch,update", -} - -var optionalRules = []string{ - "namespaces+get,list,watch", - "componentstatuses+get,list,watch", - "configmaps+list,watch", // get is already required - "endpoints+get,list,watch", - "persistentvolumeclaims+get,list,watch", - "persistentvolumes+get,list,watch", - "secrets+get,list,watch", - "apps/daemonsets+get,list,watch", - "apps/deployments+get,list,watch", - "apps/replicasets+get,list,watch", - "apps/statefulsets+get,list,watch", - "extensions/ingresses+get,list,watch", - "batch/cronjobs+get,list,watch", - "batch/jobs+get,list,watch", -} - -var roleDescriptionRegexp = regexp.MustCompile(`^((?P\w+)/)?(?P\w+)\+(?P[\w,]+)`) - -type Rule struct { - Group string - ResourceName string - Verb string -} - -func assertRuleExistence(t *testing.T, rules []v1.PolicyRule, roleDescription string, shouldBePresent bool) { - match := roleDescriptionRegexp.FindStringSubmatch(roleDescription) - assert.NotNil(t, match) - - var roleRules []Rule - for _, rule := range rules { - for _, group := range rule.APIGroups { - for _, resource := range rule.Resources { - for _, verb := range rule.Verbs { - roleRules = append(roleRules, Rule{group, resource, verb}) - } - } - } - } - - resGroup := match[roleDescriptionRegexp.SubexpIndex("group")] - resName := match[roleDescriptionRegexp.SubexpIndex("name")] - verbs := strings.Split(match[roleDescriptionRegexp.SubexpIndex("verbs")], ",") - - for _, verb := range verbs { - requiredRule := Rule{resGroup, resName, verb} - found := false - for _, rule := range roleRules { - if rule == requiredRule { - found = true - break - } - } - if shouldBePresent { - assert.Truef(t, found, "Rule %v has not been found", requiredRule) - } else { - assert.Falsef(t, found, "Rule %v should not be present", requiredRule) - } - } -} - -func TestAllResourcesAreEnabled(t *testing.T) { - output := helmtestutil.RenderHelmTemplate(t, "stackstate-k8s-agent", "values/minimal.yaml") - resources := helmtestutil.NewKubernetesResources(t, output) - - assert.Contains(t, resources.ClusterRoles, "stackstate-k8s-agent") - assert.Contains(t, resources.Roles, "stackstate-k8s-agent") - rules := resources.ClusterRoles["stackstate-k8s-agent"].Rules - rules = append(rules, resources.Roles["stackstate-k8s-agent"].Rules...) - - for _, requiredRole := range requiredRules { - assertRuleExistence(t, rules, requiredRole, true) - } - // be default, everything is enabled, so all the optional roles should be present as well - for _, optionalRule := range optionalRules { - assertRuleExistence(t, rules, optionalRule, true) - } -} - -func TestMostOfResourcesAreDisabled(t *testing.T) { - output := helmtestutil.RenderHelmTemplate(t, "stackstate-k8s-agent", "values/minimal.yaml", "values/disable-all-resource.yaml") - resources := helmtestutil.NewKubernetesResources(t, output) - - assert.Contains(t, resources.ClusterRoles, "stackstate-k8s-agent") - assert.Contains(t, resources.Roles, "stackstate-k8s-agent") - rules := resources.ClusterRoles["stackstate-k8s-agent"].Rules - rules = append(rules, resources.Roles["stackstate-k8s-agent"].Rules...) - - for _, requiredRole := range requiredRules { - assertRuleExistence(t, rules, requiredRole, true) - } - - // we expect all optional resources to be removed from ClusterRole with the given values - for _, optionalRule := range optionalRules { - assertRuleExistence(t, rules, optionalRule, false) - } -} - -func TestNoClusterWideModificationRights(t *testing.T) { - output := helmtestutil.RenderHelmTemplate(t, "stackstate-k8s-agent", "values/minimal.yaml", "values/http-header-injector.yaml") - resources := helmtestutil.NewKubernetesResources(t, output) - assert.Contains(t, resources.ClusterRoles, "stackstate-k8s-agent") - illegalVerbs := []string{"create", "patch", "update", "delete"} - - for _, clusterRole := range resources.ClusterRoles { - for _, rule := range clusterRole.Rules { - for _, verb := range rule.Verbs { - assert.NotContains(t, illegalVerbs, verb, "ClusterRole %s should not have %s verb for %s resource", clusterRole.Name, verb, rule.Resources) - } - } - } -} - -func TestServicePortChange(t *testing.T) { - output := helmtestutil.RenderHelmTemplate(t, "stackstate-k8s-agent", "values/minimal.yaml", "values/clustercheck_service_port_override.yaml") - resources := helmtestutil.NewKubernetesResources(t, output) - - cluster_agent_service := resources.Services["stackstate-k8s-agent-cluster-agent"] - - port := cluster_agent_service.Spec.Ports[0] - assert.Equal(t, port.Name, "clusteragent") - assert.Equal(t, port.Port, int32(8008)) - assert.Equal(t, port.TargetPort.IntVal, int32(9009)) -} diff --git a/charts/stackstate/stackstate-k8s-agent/1.0.66/test/clustername_test.go b/charts/stackstate/stackstate-k8s-agent/1.0.66/test/clustername_test.go deleted file mode 100644 index 55090b995..000000000 --- a/charts/stackstate/stackstate-k8s-agent/1.0.66/test/clustername_test.go +++ /dev/null @@ -1,54 +0,0 @@ -package test - -import ( - "testing" - - "github.com/gruntwork-io/terratest/modules/helm" - "github.com/stretchr/testify/assert" - - "gitlab.com/StackVista/DevOps/helm-charts/helmtestutil" -) - -func TestHelmBasicRender(t *testing.T) { - output := helmtestutil.RenderHelmTemplate(t, "stackstate-k8s-agent", "values/minimal.yaml") - - // Parse all resources into their corresponding types for validation and further inspection - helmtestutil.NewKubernetesResources(t, output) -} - -func TestClusterNameValidation(t *testing.T) { - testCases := []struct { - Name string - ClusterName string - IsValid bool - }{ - {"not allowed end with special character [.]", "name.", false}, - {"not allowed end with special character [-]", "name.", false}, - {"not allowed start with special character [-]", "-name", false}, - {"not allowed start with special character [.]", ".name", false}, - {"upper case is not allowed", "Euwest1-prod.cool-company.com", false}, - {"upper case is not allowed", "euwest1-PROD.cool-company.com", false}, - {"upper case is not allowed", "euwest1-prod.cool-company.coM", false}, - {"dots and dashes are allowed in the middle", "euwest1-prod.cool-company.com", true}, - {"underscore is not allowed", "why_7", false}, - } - - for _, testCase := range testCases { - t.Run(testCase.Name, func(t *testing.T) { - output, err := helmtestutil.RenderHelmTemplateOpts( - t, "cluster-agent", - &helm.Options{ - ValuesFiles: []string{"values/minimal.yaml"}, - SetStrValues: map[string]string{ - "stackstate.cluster.name": testCase.ClusterName, - }, - }) - if testCase.IsValid { - assert.Nil(t, err) - } else { - assert.NotNil(t, err) - assert.Contains(t, output, "stackstate.cluster.name: Does not match pattern") - } - }) - } -} diff --git a/charts/stackstate/stackstate-k8s-agent/1.0.66/test/values/clustercheck_ksm_custom_url.yaml b/charts/stackstate/stackstate-k8s-agent/1.0.66/test/values/clustercheck_ksm_custom_url.yaml deleted file mode 100644 index 57b973eed..000000000 --- a/charts/stackstate/stackstate-k8s-agent/1.0.66/test/values/clustercheck_ksm_custom_url.yaml +++ /dev/null @@ -1,7 +0,0 @@ -checksAgent: - enabled: true - kubeStateMetrics: - url: http://my-custom-ksm-url.monitoring.svc.local:8080/metrics -dependencies: - kubeStateMetrics: - enabled: true diff --git a/charts/stackstate/stackstate-k8s-agent/1.0.66/test/values/clustercheck_ksm_no_override.yaml b/charts/stackstate/stackstate-k8s-agent/1.0.66/test/values/clustercheck_ksm_no_override.yaml deleted file mode 100644 index b6c817d47..000000000 --- a/charts/stackstate/stackstate-k8s-agent/1.0.66/test/values/clustercheck_ksm_no_override.yaml +++ /dev/null @@ -1,5 +0,0 @@ -checksAgent: - enabled: true -dependencies: - kubeStateMetrics: - enabled: true diff --git a/charts/stackstate/stackstate-k8s-agent/1.0.66/test/values/clustercheck_ksm_override.yaml b/charts/stackstate/stackstate-k8s-agent/1.0.66/test/values/clustercheck_ksm_override.yaml deleted file mode 100644 index 9ca201345..000000000 --- a/charts/stackstate/stackstate-k8s-agent/1.0.66/test/values/clustercheck_ksm_override.yaml +++ /dev/null @@ -1,26 +0,0 @@ -checksAgent: - enabled: true -dependencies: - kubeStateMetrics: - enabled: true -agent: - config: - override: -# agent.config.override -- Disables kubernetes_state check on regular agent pods. - - name: auto_conf.yaml - path: /etc/stackstate-agent/conf.d/kubernetes_state.d - data: | -clusterAgent: - config: - override: -# clusterAgent.config.override -- Defines kubernetes_state check for clusterchecks agents. Auto-discovery -# with ad_identifiers does not work here. Use a specific URL instead. - - name: conf.yaml - path: /etc/stackstate-agent/conf.d/kubernetes_state.d - data: | - cluster_check: true - - init_config: - - instances: - - kube_state_url: http://YOUR_KUBE_STATE_METRICS_SERVICE_NAME:8080/metrics diff --git a/charts/stackstate/stackstate-k8s-agent/1.0.66/test/values/clustercheck_no_ksm_custom_url.yaml b/charts/stackstate/stackstate-k8s-agent/1.0.66/test/values/clustercheck_no_ksm_custom_url.yaml deleted file mode 100644 index a62691878..000000000 --- a/charts/stackstate/stackstate-k8s-agent/1.0.66/test/values/clustercheck_no_ksm_custom_url.yaml +++ /dev/null @@ -1,7 +0,0 @@ -checksAgent: - enabled: true - kubeStateMetrics: - url: http://my-custom-ksm-url.monitoring.svc.local:8080/metrics -dependencies: - kubeStateMetrics: - enabled: false diff --git a/charts/stackstate/stackstate-k8s-agent/1.0.66/test/values/clustercheck_service_port_override.yaml b/charts/stackstate/stackstate-k8s-agent/1.0.66/test/values/clustercheck_service_port_override.yaml deleted file mode 100644 index c01a98fcb..000000000 --- a/charts/stackstate/stackstate-k8s-agent/1.0.66/test/values/clustercheck_service_port_override.yaml +++ /dev/null @@ -1,4 +0,0 @@ -clusterAgent: - service: - port: 8008 - targetPort: 9009 diff --git a/charts/stackstate/stackstate-k8s-agent/1.0.66/test/values/disable-all-resource.yaml b/charts/stackstate/stackstate-k8s-agent/1.0.66/test/values/disable-all-resource.yaml deleted file mode 100644 index cd33e843e..000000000 --- a/charts/stackstate/stackstate-k8s-agent/1.0.66/test/values/disable-all-resource.yaml +++ /dev/null @@ -1,17 +0,0 @@ -clusterAgent: - collection: - kubernetesMetrics: false - kubernetesResources: - namespaces: false - configmaps: false - endpoints: false - persistentvolumes: false - persistentvolumeclaims: false - secrets: false - daemonsets: false - deployments: false - replicasets: false - statefulsets: false - ingresses: false - cronjobs: false - jobs: false diff --git a/charts/stackstate/stackstate-k8s-agent/1.0.66/test/values/http-header-injector.yaml b/charts/stackstate/stackstate-k8s-agent/1.0.66/test/values/http-header-injector.yaml deleted file mode 100644 index c9392ce2d..000000000 --- a/charts/stackstate/stackstate-k8s-agent/1.0.66/test/values/http-header-injector.yaml +++ /dev/null @@ -1,8 +0,0 @@ -httpHeaderInjectorWebhook: - webhook: - tls: - mode: "provided" - provided: - caBundle: insert-ca-here - crt: insert-cert-here - key: insert-key-here diff --git a/charts/stackstate/stackstate-k8s-agent/1.0.66/test/values/minimal.yaml b/charts/stackstate/stackstate-k8s-agent/1.0.66/test/values/minimal.yaml deleted file mode 100644 index b310c9a09..000000000 --- a/charts/stackstate/stackstate-k8s-agent/1.0.66/test/values/minimal.yaml +++ /dev/null @@ -1,7 +0,0 @@ -stackstate: - apiKey: foobar - cluster: - name: some-k8s-cluster - token: some-token - - url: https://stackstate:7000/receiver diff --git a/charts/stackstate/stackstate-k8s-agent/1.0.66/values.schema.json b/charts/stackstate/stackstate-k8s-agent/1.0.66/values.schema.json deleted file mode 100644 index 2b977af3d..000000000 --- a/charts/stackstate/stackstate-k8s-agent/1.0.66/values.schema.json +++ /dev/null @@ -1,79 +0,0 @@ -{ - "$schema": "https://json-schema.org/draft/2019-09/schema", - "$id": "https://stackstate.io/example.json", - "type": "object", - "default": {}, - "title": "StackState Agent Helm chart values", - "required": [ - "stackstate", - "clusterAgent" - ], - "properties": { - "stackstate": { - "type": "object", - "required": [ - "apiKey", - "cluster", - "url" - ], - "properties": { - "apiKey": { - "type": "string" - }, - "cluster": { - "type": "object", - "required": ["name"], - "properties": { - "name": { - "type": "string", - "pattern": "^[a-z0-9]([a-z0-9\\-\\.]*[a-z0-9])$" - }, - "authToken": { - "type": "string" - } - } - }, - "url": { - "type": "string" - } - } - }, - "clusterAgent": { - "type": "object", - "required": [ - "config" - ], - "properties": { - "config": { - "type": "object", - "required": [ - "events" - ], - "properties": { - "events": { - "type": "object", - "properties": { - "categories": { - "type": "object", - "patternProperties": { - ".*": { - "type": [ - "string" - ], - "enum": [ - "Alerts", - "Activities", - "Changes", - "Others" - ] - } - } - } - } - } - } - } - } - } - } -} diff --git a/charts/stackstate/stackstate-k8s-agent/1.0.66/values.yaml b/charts/stackstate/stackstate-k8s-agent/1.0.66/values.yaml deleted file mode 100644 index b2aaaf905..000000000 --- a/charts/stackstate/stackstate-k8s-agent/1.0.66/values.yaml +++ /dev/null @@ -1,582 +0,0 @@ -##################### -# General variables # -##################### - -global: - extraEnv: - # global.extraEnv.open -- Extra open environment variables to inject into pods. - open: {} - # global.extraEnv.secret -- Extra secret environment variables to inject into pods via a `Secret` object. - secret: {} - # global.imagePullSecrets -- Secrets / credentials needed for container image registry. - imagePullSecrets: [] - # global.imagePullCredentials -- Globally define credentials for pulling images. - imagePullCredentials: {} - -# nameOverride -- Override the name of the chart. -nameOverride: "" -# fullnameOverride -- Override the fullname of the chart. -fullnameOverride: "" - -# targetSystem -- Target OS for this deployment (possible values: linux) -targetSystem: "linux" - -all: - image: - # all.image.registry -- The image registry to use. - registry: "quay.io" - hardening: - # all.hardening.enabled -- An indication of whether the containers will be evaluated for hardening at runtime - enabled: false - -nodeAgent: - # nodeAgent.autoScalingEnabled -- Enable / disable autoscaling for the node agent pods. - autoScalingEnabled: false - containerRuntime: - # nodeAgent.containerRuntime.customSocketPath -- If the container socket path does not match the default for CRI-O, Containerd or Docker, supply a custom socket path. - customSocketPath: "" - # nodeAgent.containerRuntime.customHostProc -- If the container is launched from a place where /proc is mounted differently, /proc can be changed - hostProc: /proc - - scc: - # nodeAgent.scc.enabled -- Enable / disable the installation of the SecurityContextConfiguration needed for installation on OpenShift. - enabled: false - apm: - # nodeAgent.apm.enabled -- Enable / disable the nodeAgent APM module. - enabled: true - networkTracing: - # nodeAgent.networkTracing.enabled -- Enable / disable the nodeAgent network tracing module. - enabled: true - protocolInspection: - # nodeAgent.protocolInspection.enabled -- Enable / disable the nodeAgent protocol inspection. - enabled: true - httpTracing: - enabled: true - # nodeAgent.skipSslValidation -- Set to true if self signed certificates are used. - skipSslValidation: false - # nodeAgent.skipKubeletTLSVerify -- Set to true if you want to skip kubelet tls verification. - skipKubeletTLSVerify: false - - # nodeAgent.checksTagCardinality -- low, orchestrator or high. Orchestrator level adds pod_name, high adds display_container_name - checksTagCardinality: orchestrator - - # nodeAgent.config -- - config: - # nodeAgent.config.override -- A list of objects containing three keys `name`, `path` and `data`, specifying filenames at specific paths which need to be (potentially) overridden using a mounted configmap - override: [] - - # nodeAgent.priorityClassName -- Priority class for nodeAgent pods. - priorityClassName: "" - - scaling: - autoscalerLimits: - agent: - minimum: - # nodeAgent.scaling.autoscalerLimits.agent.minimum.cpu -- Minimum CPU resource limits for main agent. - cpu: "20m" - # nodeAgent.scaling.autoscalerLimits.agent.minimum.memory -- Minimum memory resource limits for main agent. - memory: "180Mi" - maximum: - # nodeAgent.scaling.autoscalerLimits.agent.maximum.cpu -- Maximum CPU resource limits for main agent. - cpu: "200m" - # nodeAgent.scaling.autoscalerLimits.agent.maximum.memory -- Maximum memory resource limits for main agent. - memory: "450Mi" - processAgent: - minimum: - # nodeAgent.scaling.autoscalerLimits.processAgent.minimum.cpu -- Minimum CPU resource limits for process agent. - cpu: "25m" - # nodeAgent.scaling.autoscalerLimits.processAgent.minimum.memory -- Minimum memory resource limits for process agent. - memory: "100Mi" - maximum: - # nodeAgent.scaling.autoscalerLimits.processAgent.maximum.cpu -- Maximum CPU resource limits for process agent. - cpu: "200m" - # nodeAgent.scaling.autoscalerLimits.processAgent.maximum.memory -- Maximum memory resource limits for process agent. - memory: "500Mi" - - containers: - agent: - image: - # nodeAgent.containers.agent.image.repository -- Base container image repository. - repository: stackstate/stackstate-k8s-agent - # nodeAgent.containers.agent.image.tag -- Default container image tag. - tag: "edf7fca5" - # nodeAgent.containers.agent.image.pullPolicy -- Default container image pull policy. - pullPolicy: IfNotPresent - processAgent: - # nodeAgent.containers.agent.processAgent.enabled -- Enable / disable the agent process agent module. - deprecated - enabled: false - # nodeAgent.containers.agent.env -- Additional environment variables for the agent container - env: {} - # nodeAgent.containers.agent.logLevel -- Set logging verbosity, valid log levels are: trace, debug, info, warn, error, critical, and off - ## If not set, fall back to the value of agent.logLevel. - logLevel: # INFO - - resources: - limits: - # nodeAgent.containers.agent.resources.limits.cpu -- CPU resource limits. - cpu: "270m" - # nodeAgent.containers.agent.resources.limits.cpu -- Memory resource limits. - memory: "420Mi" - requests: - # nodeAgent.containers.agent.resources.requests.cpu -- CPU resource requests. - cpu: "20m" - # nodeAgent.containers.agent.resources.requests.cpu -- Memory resource requests. - memory: "180Mi" - livenessProbe: - # nodeAgent.containers.agent.livenessProbe.enabled -- Enable use of livenessProbe check. - enabled: true - # nodeAgent.containers.agent.livenessProbe.failureThreshold -- `failureThreshold` for the liveness probe. - failureThreshold: 3 - # nodeAgent.containers.agent.livenessProbe.initialDelaySeconds -- `initialDelaySeconds` for the liveness probe. - initialDelaySeconds: 15 - # nodeAgent.containers.agent.livenessProbe.periodSeconds -- `periodSeconds` for the liveness probe. - periodSeconds: 15 - # nodeAgent.containers.agent.livenessProbe.successThreshold -- `successThreshold` for the liveness probe. - successThreshold: 1 - # nodeAgent.containers.agent.livenessProbe.timeoutSeconds -- `timeoutSeconds` for the liveness probe. - timeoutSeconds: 5 - readinessProbe: - # nodeAgent.containers.agent.readinessProbe.enabled -- Enable use of readinessProbe check. - enabled: true - # nodeAgent.containers.agent.readinessProbe.failureThreshold -- `failureThreshold` for the readiness probe. - failureThreshold: 3 - # nodeAgent.containers.agent.readinessProbe.initialDelaySeconds -- `initialDelaySeconds` for the readiness probe. - initialDelaySeconds: 15 - # nodeAgent.containers.agent.readinessProbe.periodSeconds -- `periodSeconds` for the readiness probe. - periodSeconds: 15 - # nodeAgent.containers.agent.readinessProbe.successThreshold -- `successThreshold` for the readiness probe. - successThreshold: 1 - # nodeAgent.containers.agent.readinessProbe.timeoutSeconds -- `timeoutSeconds` for the readiness probe. - timeoutSeconds: 5 - - processAgent: - # nodeAgent.containers.processAgent.enabled -- Enable / disable the process agent container. - enabled: true - image: - # Override to pull the image from an alternate registry - registry: - # nodeAgent.containers.processAgent.image.repository -- Process-agent container image repository. - repository: stackstate/stackstate-k8s-process-agent - # nodeAgent.containers.processAgent.image.tag -- Default process-agent container image tag. - tag: "76e11e86" - # nodeAgent.containers.processAgent.image.pullPolicy -- Process-agent container image pull policy. - pullPolicy: IfNotPresent - # nodeAgent.containers.processAgent.env -- Additional environment variables for the process-agent container - env: {} - # nodeAgent.containers.processAgent.logLevel -- Set logging verbosity, valid log levels are: trace, debug, info, warn, error, critical, and off - ## If not set, fall back to the value of agent.logLevel. - logLevel: # INFO - - # nodeAgent.containers.processAgent.procVolumeReadOnly -- Configure whether /host/proc is read only for the process agent container - procVolumeReadOnly: true - - resources: - limits: - # nodeAgent.containers.processAgent.resources.limits.cpu -- CPU resource limits. - cpu: "125m" - # nodeAgent.containers.processAgent.resources.limits.cpu -- Memory resource limits. - memory: "400Mi" - requests: - # nodeAgent.containers.processAgent.resources.requests.cpu -- CPU resource requests. - cpu: "25m" - # nodeAgent.containers.processAgent.resources.requests.cpu -- Memory resource requests. - memory: "128Mi" - # nodeAgent.service -- The Kubernetes service for the agent - service: - # nodeAgent.service.type -- Type of Kubernetes service: ClusterIP, LoadBalancer, NodePort - type: ClusterIP - # nodeAgent.service.annotations -- Annotations for the service - annotations: {} - # nodeAgent.service.loadBalancerSourceRanges -- The IP4 CIDR allowed to reach LoadBalancer for the service. For LoadBalancer type of service only. - loadBalancerSourceRanges: ["10.0.0.0/8"] - - # nodeAgent.logLevel -- Logging level for agent processes. - logLevel: INFO - - # nodeAgent.updateStrategy -- The update strategy for the DaemonSet object. - updateStrategy: - type: RollingUpdate - rollingUpdate: - maxUnavailable: 100 - - # nodeAgent.nodeSelector -- Node labels for pod assignment. - nodeSelector: {} - - # nodeAgent.tolerations -- Toleration labels for pod assignment. - tolerations: [] - - # nodeAgent.affinity -- Affinity settings for pod assignment. - affinity: {} - - serviceaccount: - # nodeAgent.serviceaccount.annotations -- Annotations for the service account for the agent daemonset pods - annotations: {} - -processAgent: - softMemoryLimit: - # processAgent.softMemoryLimit.goMemLimit -- Soft-limit for golang heap allocation, for sanity, must be around 85% of nodeAgent.containers.processAgent.resources.limits.cpu. - goMemLimit: 340MiB - # processAgent.softMemoryLimit.httpStatsBufferSize -- Sets a maximum for the number of http stats to keep in memory between check runs, to use 40k requires around ~400Mib of memory. - httpStatsBufferSize: 40000 - # processAgent.softMemoryLimit.httpObservationsBufferSize -- Sets a maximum for the number of http observations to keep in memory between check runs, to use 40k requires around ~400Mib of memory. - httpObservationsBufferSize: 40000 - - checkIntervals: - # processAgent.checkIntervals.container -- Override the default value of the container check interval in seconds. - container: 28 - # processAgent.checkIntervals.connections -- Override the default value of the connections check interval in seconds. - connections: 30 - # processAgent.checkIntervals.process -- Override the default value of the process check interval in seconds. - process: 32 - -clusterAgent: - collection: - # clusterAgent.collection.kubernetesEvents -- Enable / disable the cluster agent events collection. - kubernetesEvents: true - # clusterAgent.collection.kubernetesMetrics -- Enable / disable the cluster agent metrics collection. - kubernetesMetrics: true - # clusterAgent.collection.kubernetesTimeout -- Default timeout (in seconds) when obtaining information from the Kubernetes API. - kubernetesTimeout: 10 - # clusterAgent.collection.kubernetesTopology -- Enable / disable the cluster agent topology collection. - kubernetesTopology: true - kubeStateMetrics: - # clusterAgent.collection.kubeStateMetrics.enabled -- Enable / disable the cluster agent kube-state-metrics collection. - enabled: true - # clusterAgent.collection.kubeStateMetrics.clusterCheck -- For large clusters where the Kubernetes State Metrics Check Core needs to be distributed on dedicated workers. - clusterCheck: false - # clusterAgent.collection.kubeStateMetrics.labelsAsTags -- Extra labels to collect from resources and to turn into StackState tag. - ## It has the following structure: - ## labelsAsTags: - ## : # can be pod, deployment, node, etc. - ## : # where is the kubernetes label and is the StackState tag - ## : - ## : - ## : - ## - ## Warning: the label must match the transformation done by kube-state-metrics, - ## for example tags.stackstate/version becomes tags_stackstate_version. - labelsAsTags: {} - # pod: - # app: app - # node: - # zone: zone - # team: team - - # clusterAgent.collection.kubeStateMetrics.annotationsAsTags -- Extra annotations to collect from resources and to turn into StackState tag. - - ## It has the following structure: - ## annotationsAsTags: - ## : # can be pod, deployment, node, etc. - ## : # where is the kubernetes annotation and is the StackState tag - ## : - ## : - ## : - ## - ## Warning: the annotation must match the transformation done by kube-state-metrics, - ## for example tags.stackstate/version becomes tags_stackstate_version. - annotationsAsTags: {} - kubernetesResources: - # clusterAgent.collection.kubernetesResources.volumeattachments -- Enable / disable collection of Volume Attachments. Used to bind Nodes to Persistent Volumes. - volumeattachments: true - # clusterAgent.collection.kubernetesResources.namespaces -- Enable / disable collection of Namespaces. - namespaces: true - # clusterAgent.collection.kubernetesResources.configmaps -- Enable / disable collection of ConfigMaps. - configmaps: true - # clusterAgent.collection.kubernetesResources.endpoints -- Enable / disable collection of Endpoints. If endpoints are disabled then StackState won't be able to connect a Service to Pods that serving it - endpoints: true - # clusterAgent.collection.kubernetesResources.persistentvolumes -- Enable / disable collection of PersistentVolumes. - persistentvolumes: true - # clusterAgent.collection.kubernetesResources.persistentvolumeclaims -- Enable / disable collection of PersistentVolumeClaims. Disabling these will not let StackState connect PersistentVolumes to pods they are attached to - persistentvolumeclaims: true - # clusterAgent.collection.kubernetesResources.secrets -- Enable / disable collection of Secrets. - secrets: true - # clusterAgent.collection.kubernetesResources.daemonsets -- Enable / disable collection of DaemonSets. - daemonsets: true - # clusterAgent.collection.kubernetesResources.deployments -- Enable / disable collection of Deployments. - deployments: true - # clusterAgent.collection.kubernetesResources.replicasets -- Enable / disable collection of ReplicaSets. - replicasets: true - # clusterAgent.collection.kubernetesResources.statefulsets -- Enable / disable collection of StatefulSets. - statefulsets: true - # clusterAgent.collection.kubernetesResources.ingresses -- Enable / disable collection of Ingresses. - ingresses: true - # clusterAgent.collection.kubernetesResources.cronjobs -- Enable / disable collection of CronJobs. - cronjobs: true - # clusterAgent.collection.kubernetesResources.jobs -- Enable / disable collection of Jobs. - jobs: true - # clusterAgent.collection.kubernetesResources.resourcequotas -- Enable / disable collection of ResourceQuotas. - resourcequotas: true - - # clusterAgent.config -- - config: - events: - # clusterAgent.config.events.categories -- Custom mapping from Kubernetes event reason to StackState event category. Categories allowed: Alerts, Activities, Changes, Others - categories: {} - topology: - # clusterAgent.config.topology.collectionInterval -- Interval for running topology collection, in seconds - collectionInterval: 90 - configMap: - # clusterAgent.config.configMap.maxDataSize -- Maximum amount of characters for the data property of a ConfigMap collected by the kubernetes topology check - maxDataSize: - # clusterAgent.config.override -- A list of objects containing three keys `name`, `path` and `data`, specifying filenames at specific paths which need to be (potentially) overridden using a mounted configmap - override: [] - - service: - # clusterAgent.service.port -- Change the Cluster Agent service port - port: 5005 - # clusterAgent.service.targetPort -- Change the Cluster Agent service targetPort - targetPort: 5005 - - # clusterAgent.enabled -- Enable / disable the cluster agent. - enabled: true - - image: - # clusterAgent.image.repository -- Base container image repository. - repository: stackstate/stackstate-k8s-cluster-agent - # clusterAgent.image.tag -- Default container image tag. - tag: "edf7fca5" - # clusterAgent.image.pullPolicy -- Default container image pull policy. - pullPolicy: IfNotPresent - - livenessProbe: - # clusterAgent.livenessProbe.enabled -- Enable use of livenessProbe check. - enabled: true - # clusterAgent.livenessProbe.failureThreshold -- `failureThreshold` for the liveness probe. - failureThreshold: 3 - # clusterAgent.livenessProbe.initialDelaySeconds -- `initialDelaySeconds` for the liveness probe. - initialDelaySeconds: 15 - # clusterAgent.livenessProbe.periodSeconds -- `periodSeconds` for the liveness probe. - periodSeconds: 15 - # clusterAgent.livenessProbe.successThreshold -- `successThreshold` for the liveness probe. - successThreshold: 1 - # clusterAgent.livenessProbe.timeoutSeconds -- `timeoutSeconds` for the liveness probe. - timeoutSeconds: 5 - - # clusterAgent.logLevel -- Logging level for stackstate-k8s-agent processes. - logLevel: INFO - - # clusterAgent.priorityClassName -- Priority class for stackstate-k8s-agent pods. - priorityClassName: "" - - readinessProbe: - # clusterAgent.readinessProbe.enabled -- Enable use of readinessProbe check. - enabled: true - # clusterAgent.readinessProbe.failureThreshold -- `failureThreshold` for the readiness probe. - failureThreshold: 3 - # clusterAgent.readinessProbe.initialDelaySeconds -- `initialDelaySeconds` for the readiness probe. - initialDelaySeconds: 15 - # clusterAgent.readinessProbe.periodSeconds -- `periodSeconds` for the readiness probe. - periodSeconds: 15 - # clusterAgent.readinessProbe.successThreshold -- `successThreshold` for the readiness probe. - successThreshold: 1 - # clusterAgent.readinessProbe.timeoutSeconds -- `timeoutSeconds` for the readiness probe. - timeoutSeconds: 5 - - # clusterAgent.replicaCount -- Number of replicas of the cluster agent to deploy. - replicaCount: 1 - - serviceaccount: - # clusterAgent.serviceaccount.annotations -- Annotations for the service account for the cluster agent pods - annotations: {} - - # clusterAgent.strategy -- The strategy for the Deployment object. - strategy: - type: RollingUpdate - # rollingUpdate: - # maxUnavailable: 1 - - resources: - limits: - # clusterAgent.resources.limits.cpu -- CPU resource limits. - cpu: "400m" - # clusterAgent.resources.limits.memory -- Memory resource limits. - memory: "800Mi" - requests: - # clusterAgent.resources.requests.cpu -- CPU resource requests. - cpu: "70m" - # clusterAgent.resources.requests.memory -- Memory resource requests. - memory: "512Mi" - - # clusterAgent.nodeSelector -- Node labels for pod assignment. - nodeSelector: {} - - # clusterAgent.tolerations -- Toleration labels for pod assignment. - tolerations: [] - - # clusterAgent.affinity -- Affinity settings for pod assignment. - affinity: {} - -openShiftLogging: - # openShiftLogging.installSecret -- Install a secret for logging on openshift - installSecret: false - -logsAgent: - # logsAgent.enabled -- Enable / disable k8s pod log collection - enabled: true - - # logsAgent.priorityClassName -- Priority class for logsAgent pods. - priorityClassName: "" - - image: - # logsAgent.image.repository -- Base container image repository. - repository: stackstate/promtail - # logsAgent.image.tag -- Default container image tag. - tag: 2.7.1-4b6ae2af - # logsAgent.image.pullPolicy -- Default container image pull policy. - pullPolicy: IfNotPresent - - resources: - limits: - # logsAgent.resources.limits.cpu -- CPU resource limits. - cpu: "1300m" - # logsAgent.resources.limits.cpu -- Memory resource limits. - memory: "192Mi" - requests: - # logsAgent.resources.requests.cpu -- CPU resource requests. - cpu: "20m" - # logsAgent.resources.requests.cpu -- Memory resource requests. - memory: "100Mi" - - # logsAgent.updateStrategy -- The update strategy for the DaemonSet object. - updateStrategy: - type: RollingUpdate - rollingUpdate: - maxUnavailable: 100 - - # logsAgent.nodeSelector -- Node labels for pod assignment. - nodeSelector: {} - - # logsAgent.tolerations -- Toleration labels for pod assignment. - tolerations: [] - - # logsAgent.affinity -- Affinity settings for pod assignment. - affinity: {} - - serviceaccount: - # logsAgent.serviceaccount.annotations -- Annotations for the service account for the daemonset pods - annotations: {} - -checksAgent: - # checksAgent.enabled -- Enable / disable runnning cluster checks in a separately deployed pod - enabled: true - scc: - # checksAgent.scc.enabled -- Enable / disable the installation of the SecurityContextConfiguration needed for installation on OpenShift - enabled: false - apm: - # checksAgent.apm.enabled -- Enable / disable the agent APM module. - enabled: true - networkTracing: - # checksAgent.networkTracing.enabled -- Enable / disable the agent network tracing module. - enabled: true - processAgent: - # checksAgent.processAgent.enabled -- Enable / disable the agent process agent module. - enabled: true - # checksAgent.skipSslValidation -- Set to true if self signed certificates are used. - skipSslValidation: false - - # nodeAgent.checksTagCardinality -- low, orchestrator or high. Orchestrator level adds pod_name, high adds display_container_name - checksTagCardinality: orchestrator - - # checksAgent.config -- - config: - # checksAgent.config.override -- A list of objects containing three keys `name`, `path` and `data`, specifying filenames at specific paths which need to be (potentially) overridden using a mounted configmap - override: [] - - image: - # checksAgent.image.repository -- Base container image repository. - repository: stackstate/stackstate-k8s-agent - # checksAgent.image.tag -- Default container image tag. - tag: "edf7fca5" - # checksAgent.image.pullPolicy -- Default container image pull policy. - pullPolicy: IfNotPresent - - livenessProbe: - # checksAgent.livenessProbe.enabled -- Enable use of livenessProbe check. - enabled: true - # checksAgent.livenessProbe.failureThreshold -- `failureThreshold` for the liveness probe. - failureThreshold: 3 - # checksAgent.livenessProbe.initialDelaySeconds -- `initialDelaySeconds` for the liveness probe. - initialDelaySeconds: 15 - # checksAgent.livenessProbe.periodSeconds -- `periodSeconds` for the liveness probe. - periodSeconds: 15 - # checksAgent.livenessProbe.successThreshold -- `successThreshold` for the liveness probe. - successThreshold: 1 - # checksAgent.livenessProbe.timeoutSeconds -- `timeoutSeconds` for the liveness probe. - timeoutSeconds: 5 - - # checksAgent.logLevel -- Logging level for clusterchecks agent processes. - logLevel: INFO - - # checksAgent.priorityClassName -- Priority class for clusterchecks agent pods. - priorityClassName: "" - - readinessProbe: - # checksAgent.readinessProbe.enabled -- Enable use of readinessProbe check. - enabled: true - # checksAgent.readinessProbe.failureThreshold -- `failureThreshold` for the readiness probe. - failureThreshold: 3 - # checksAgent.readinessProbe.initialDelaySeconds -- `initialDelaySeconds` for the readiness probe. - initialDelaySeconds: 15 - # checksAgent.readinessProbe.periodSeconds -- `periodSeconds` for the readiness probe. - periodSeconds: 15 - # checksAgent.readinessProbe.successThreshold -- `successThreshold` for the readiness probe. - successThreshold: 1 - # checksAgent.readinessProbe.timeoutSeconds -- `timeoutSeconds` for the readiness probe. - timeoutSeconds: 5 - - # checksAgent.replicas -- Number of clusterchecks agent pods to schedule - replicas: 1 - - resources: - limits: - # checksAgent.resources.limits.cpu -- CPU resource limits. - cpu: "400m" - # checksAgent.resources.limits.cpu -- Memory resource limits. - memory: "600Mi" - requests: - # checksAgent.resources.requests.cpu -- CPU resource requests. - cpu: "20m" - # checksAgent.resources.requests.cpu -- Memory resource requests. - memory: "512Mi" - - serviceaccount: - # checksAgent.serviceaccount.annotations -- Annotations for the service account for the cluster checks pods - annotations: {} - - # checksAgent.strategy -- The strategy for the Deployment object. - strategy: - type: RollingUpdate - # rollingUpdate: - # maxUnavailable: 1 - - # checksAgent.nodeSelector -- Node labels for pod assignment. - nodeSelector: {} - - # checksAgent.tolerations -- Toleration labels for pod assignment. - tolerations: [] - - # checksAgent.affinity -- Affinity settings for pod assignment. - affinity: {} - -################################## -# http-header-injector variables # -################################## - -httpHeaderInjectorWebhook: - # httpHeaderInjectorWebhook.enabled -- Enable the webhook for injection http header injection sidecar proxy - enabled: false - -######################## -# StackState variables # -######################## - -stackstate: - # stackstate.apiKey -- (string) **PROVIDE YOUR API KEY HERE** API key to be used by the StackState agent. - apiKey: - cluster: - # stackstate.cluster.name -- (string) **PROVIDE KUBERNETES CLUSTER NAME HERE** Name of the Kubernetes cluster where the agent will be installed. - name: - # stackstate.cluster.authToken -- Provide a token to enable secure communication between the agent and the cluster agent. - authToken: "" - # stackstate.url -- (string) **PROVIDE STACKSTATE URL HERE** URL of the StackState installation to receive data from the agent. - url: diff --git a/charts/stackstate/stackstate-k8s-agent/1.0.67/.helmignore b/charts/stackstate/stackstate-k8s-agent/1.0.67/.helmignore deleted file mode 100644 index 15a5c1277..000000000 --- a/charts/stackstate/stackstate-k8s-agent/1.0.67/.helmignore +++ /dev/null @@ -1,26 +0,0 @@ -# Patterns to ignore when building packages. -# This supports shell glob matching, relative path matching, and -# negation (prefixed with !). Only one pattern per line. -.DS_Store -# Common VCS dirs -.git/ -.gitignore -.bzr/ -.bzrignore -.hg/ -.hgignore -.svn/ -# Common backup files -*.swp -*.bak -*.tmp -*~ -# Various IDEs -.project -.idea/ -*.tmproj -.vscode/ -linter_values.yaml -ci/ -installation/ -logo.svg diff --git a/charts/stackstate/stackstate-k8s-agent/1.0.67/Chart.lock b/charts/stackstate/stackstate-k8s-agent/1.0.67/Chart.lock deleted file mode 100644 index ab1abbaf8..000000000 --- a/charts/stackstate/stackstate-k8s-agent/1.0.67/Chart.lock +++ /dev/null @@ -1,6 +0,0 @@ -dependencies: -- name: http-header-injector - repository: https://helm.stackstate.io - version: 0.0.8 -digest: sha256:c3b39729fb1d0b742d799b83905467fddbce2f15cf7fb65ed4806cee6a27c818 -generated: "2023-12-05T10:09:00.393174914+01:00" diff --git a/charts/stackstate/stackstate-k8s-agent/1.0.67/Chart.yaml b/charts/stackstate/stackstate-k8s-agent/1.0.67/Chart.yaml deleted file mode 100644 index 533237139..000000000 --- a/charts/stackstate/stackstate-k8s-agent/1.0.67/Chart.yaml +++ /dev/null @@ -1,25 +0,0 @@ -annotations: - catalog.cattle.io/certified: partner - catalog.cattle.io/display-name: StackState Agent - catalog.cattle.io/kube-version: '>=1.19.0-0' - catalog.cattle.io/release-name: stackstate-k8s-agent -apiVersion: v2 -appVersion: 2.19.1 -dependencies: -- alias: httpHeaderInjectorWebhook - name: http-header-injector - repository: file://./charts/http-header-injector - version: 0.0.8 -deprecated: true -description: Helm chart for the StackState Agent. -home: https://github.com/StackVista/stackstate-agent -icon: https://raw.githubusercontent.com/StackVista/helm-charts/master/stable/stackstate-k8s-agent/logo.svg -keywords: -- monitoring -- observability -- stackstate -maintainers: -- email: ops@stackstate.com - name: Stackstate -name: stackstate-k8s-agent -version: 1.0.67 diff --git a/charts/stackstate/stackstate-k8s-agent/1.0.67/README.md b/charts/stackstate/stackstate-k8s-agent/1.0.67/README.md deleted file mode 100644 index f27cd87ab..000000000 --- a/charts/stackstate/stackstate-k8s-agent/1.0.67/README.md +++ /dev/null @@ -1,248 +0,0 @@ -# stackstate-k8s-agent - -Helm chart for the StackState Agent. - -Current chart version is `1.0.67` - -**Homepage:** - -## Requirements - -| Repository | Name | Version | -|------------|------|---------| -| https://helm.stackstate.io | httpHeaderInjectorWebhook(http-header-injector) | 0.0.8 | - -## Required Values - -In order to successfully install this chart, you **must** provide the following variables: - -* `stackstate.apiKey` -* `stackstate.cluster.name` -* `stackstate.url` - -The parameter `stackstate.cluster.name` is entered when installing the Cluster Agent StackPack. - -Install them on the command line on Helm with the following command: - -```shell -helm install \ ---set-string 'stackstate.apiKey'='' \ ---set-string 'stackstate.cluster.name'='' \ ---set-string 'stackstate.url'='' \ -stackstate/stackstate-k8s-agent -``` - -## Recommended Values - -It is also recommended that you set a value for `stackstate.cluster.authToken`. If it is not provided, a value will be generated for you, but the value will change each time an upgrade is performed. - -The command for **also** installing with a set token would be: - -```shell -helm install \ ---set-string 'stackstate.apiKey'='' \ ---set-string 'stackstate.cluster.name'='' \ ---set-string 'stackstate.cluster.authToken'='' \ ---set-string 'stackstate.url'='' \ -stackstate/stackstate-k8s-agent -``` - -## Values - -| Key | Type | Default | Description | -|-----|------|---------|-------------| -| all.hardening.enabled | bool | `false` | An indication of whether the containers will be evaluated for hardening at runtime | -| all.image.registry | string | `"quay.io"` | The image registry to use. | -| checksAgent.affinity | object | `{}` | Affinity settings for pod assignment. | -| checksAgent.apm.enabled | bool | `true` | Enable / disable the agent APM module. | -| checksAgent.checksTagCardinality | string | `"orchestrator"` | | -| checksAgent.config | object | `{"override":[]}` | | -| checksAgent.config.override | list | `[]` | A list of objects containing three keys `name`, `path` and `data`, specifying filenames at specific paths which need to be (potentially) overridden using a mounted configmap | -| checksAgent.enabled | bool | `true` | Enable / disable runnning cluster checks in a separately deployed pod | -| checksAgent.image.pullPolicy | string | `"IfNotPresent"` | Default container image pull policy. | -| checksAgent.image.repository | string | `"stackstate/stackstate-k8s-agent"` | Base container image repository. | -| checksAgent.image.tag | string | `"ac39a29d"` | Default container image tag. | -| checksAgent.livenessProbe.enabled | bool | `true` | Enable use of livenessProbe check. | -| checksAgent.livenessProbe.failureThreshold | int | `3` | `failureThreshold` for the liveness probe. | -| checksAgent.livenessProbe.initialDelaySeconds | int | `15` | `initialDelaySeconds` for the liveness probe. | -| checksAgent.livenessProbe.periodSeconds | int | `15` | `periodSeconds` for the liveness probe. | -| checksAgent.livenessProbe.successThreshold | int | `1` | `successThreshold` for the liveness probe. | -| checksAgent.livenessProbe.timeoutSeconds | int | `5` | `timeoutSeconds` for the liveness probe. | -| checksAgent.logLevel | string | `"INFO"` | Logging level for clusterchecks agent processes. | -| checksAgent.networkTracing.enabled | bool | `true` | Enable / disable the agent network tracing module. | -| checksAgent.nodeSelector | object | `{}` | Node labels for pod assignment. | -| checksAgent.priorityClassName | string | `""` | Priority class for clusterchecks agent pods. | -| checksAgent.processAgent.enabled | bool | `true` | Enable / disable the agent process agent module. | -| checksAgent.readinessProbe.enabled | bool | `true` | Enable use of readinessProbe check. | -| checksAgent.readinessProbe.failureThreshold | int | `3` | `failureThreshold` for the readiness probe. | -| checksAgent.readinessProbe.initialDelaySeconds | int | `15` | `initialDelaySeconds` for the readiness probe. | -| checksAgent.readinessProbe.periodSeconds | int | `15` | `periodSeconds` for the readiness probe. | -| checksAgent.readinessProbe.successThreshold | int | `1` | `successThreshold` for the readiness probe. | -| checksAgent.readinessProbe.timeoutSeconds | int | `5` | `timeoutSeconds` for the readiness probe. | -| checksAgent.replicas | int | `1` | Number of clusterchecks agent pods to schedule | -| checksAgent.resources.limits.cpu | string | `"400m"` | Memory resource limits. | -| checksAgent.resources.limits.memory | string | `"600Mi"` | | -| checksAgent.resources.requests.cpu | string | `"20m"` | Memory resource requests. | -| checksAgent.resources.requests.memory | string | `"512Mi"` | | -| checksAgent.scc.enabled | bool | `false` | Enable / disable the installation of the SecurityContextConfiguration needed for installation on OpenShift | -| checksAgent.serviceaccount.annotations | object | `{}` | Annotations for the service account for the cluster checks pods | -| checksAgent.skipSslValidation | bool | `false` | Set to true if self signed certificates are used. | -| checksAgent.strategy | object | `{"type":"RollingUpdate"}` | The strategy for the Deployment object. | -| checksAgent.tolerations | list | `[]` | Toleration labels for pod assignment. | -| clusterAgent.affinity | object | `{}` | Affinity settings for pod assignment. | -| clusterAgent.collection.kubeStateMetrics.annotationsAsTags | object | `{}` | Extra annotations to collect from resources and to turn into StackState tag. | -| clusterAgent.collection.kubeStateMetrics.clusterCheck | bool | `false` | For large clusters where the Kubernetes State Metrics Check Core needs to be distributed on dedicated workers. | -| clusterAgent.collection.kubeStateMetrics.enabled | bool | `true` | Enable / disable the cluster agent kube-state-metrics collection. | -| clusterAgent.collection.kubeStateMetrics.labelsAsTags | object | `{}` | Extra labels to collect from resources and to turn into StackState tag. # It has the following structure: # labelsAsTags: # : # can be pod, deployment, node, etc. # : # where is the kubernetes label and is the StackState tag # : # : # : # # Warning: the label must match the transformation done by kube-state-metrics, # for example tags.stackstate/version becomes tags_stackstate_version. | -| clusterAgent.collection.kubernetesEvents | bool | `true` | Enable / disable the cluster agent events collection. | -| clusterAgent.collection.kubernetesMetrics | bool | `true` | Enable / disable the cluster agent metrics collection. | -| clusterAgent.collection.kubernetesResources.configmaps | bool | `true` | Enable / disable collection of ConfigMaps. | -| clusterAgent.collection.kubernetesResources.cronjobs | bool | `true` | Enable / disable collection of CronJobs. | -| clusterAgent.collection.kubernetesResources.daemonsets | bool | `true` | Enable / disable collection of DaemonSets. | -| clusterAgent.collection.kubernetesResources.deployments | bool | `true` | Enable / disable collection of Deployments. | -| clusterAgent.collection.kubernetesResources.endpoints | bool | `true` | Enable / disable collection of Endpoints. If endpoints are disabled then StackState won't be able to connect a Service to Pods that serving it | -| clusterAgent.collection.kubernetesResources.ingresses | bool | `true` | Enable / disable collection of Ingresses. | -| clusterAgent.collection.kubernetesResources.jobs | bool | `true` | Enable / disable collection of Jobs. | -| clusterAgent.collection.kubernetesResources.namespaces | bool | `true` | Enable / disable collection of Namespaces. | -| clusterAgent.collection.kubernetesResources.persistentvolumeclaims | bool | `true` | Enable / disable collection of PersistentVolumeClaims. Disabling these will not let StackState connect PersistentVolumes to pods they are attached to | -| clusterAgent.collection.kubernetesResources.persistentvolumes | bool | `true` | Enable / disable collection of PersistentVolumes. | -| clusterAgent.collection.kubernetesResources.replicasets | bool | `true` | Enable / disable collection of ReplicaSets. | -| clusterAgent.collection.kubernetesResources.resourcequotas | bool | `true` | Enable / disable collection of ResourceQuotas. | -| clusterAgent.collection.kubernetesResources.secrets | bool | `true` | Enable / disable collection of Secrets. | -| clusterAgent.collection.kubernetesResources.statefulsets | bool | `true` | Enable / disable collection of StatefulSets. | -| clusterAgent.collection.kubernetesResources.volumeattachments | bool | `true` | Enable / disable collection of Volume Attachments. Used to bind Nodes to Persistent Volumes. | -| clusterAgent.collection.kubernetesTimeout | int | `10` | Default timeout (in seconds) when obtaining information from the Kubernetes API. | -| clusterAgent.collection.kubernetesTopology | bool | `true` | Enable / disable the cluster agent topology collection. | -| clusterAgent.config | object | `{"configMap":{"maxDataSize":null},"events":{"categories":{}},"override":[],"topology":{"collectionInterval":90}}` | | -| clusterAgent.config.configMap.maxDataSize | string | `nil` | Maximum amount of characters for the data property of a ConfigMap collected by the kubernetes topology check | -| clusterAgent.config.events.categories | object | `{}` | Custom mapping from Kubernetes event reason to StackState event category. Categories allowed: Alerts, Activities, Changes, Others | -| clusterAgent.config.override | list | `[]` | A list of objects containing three keys `name`, `path` and `data`, specifying filenames at specific paths which need to be (potentially) overridden using a mounted configmap | -| clusterAgent.config.topology.collectionInterval | int | `90` | Interval for running topology collection, in seconds | -| clusterAgent.enabled | bool | `true` | Enable / disable the cluster agent. | -| clusterAgent.image.pullPolicy | string | `"IfNotPresent"` | Default container image pull policy. | -| clusterAgent.image.repository | string | `"stackstate/stackstate-k8s-cluster-agent"` | Base container image repository. | -| clusterAgent.image.tag | string | `"ac39a29d"` | Default container image tag. | -| clusterAgent.livenessProbe.enabled | bool | `true` | Enable use of livenessProbe check. | -| clusterAgent.livenessProbe.failureThreshold | int | `3` | `failureThreshold` for the liveness probe. | -| clusterAgent.livenessProbe.initialDelaySeconds | int | `15` | `initialDelaySeconds` for the liveness probe. | -| clusterAgent.livenessProbe.periodSeconds | int | `15` | `periodSeconds` for the liveness probe. | -| clusterAgent.livenessProbe.successThreshold | int | `1` | `successThreshold` for the liveness probe. | -| clusterAgent.livenessProbe.timeoutSeconds | int | `5` | `timeoutSeconds` for the liveness probe. | -| clusterAgent.logLevel | string | `"INFO"` | Logging level for stackstate-k8s-agent processes. | -| clusterAgent.nodeSelector | object | `{}` | Node labels for pod assignment. | -| clusterAgent.priorityClassName | string | `""` | Priority class for stackstate-k8s-agent pods. | -| clusterAgent.readinessProbe.enabled | bool | `true` | Enable use of readinessProbe check. | -| clusterAgent.readinessProbe.failureThreshold | int | `3` | `failureThreshold` for the readiness probe. | -| clusterAgent.readinessProbe.initialDelaySeconds | int | `15` | `initialDelaySeconds` for the readiness probe. | -| clusterAgent.readinessProbe.periodSeconds | int | `15` | `periodSeconds` for the readiness probe. | -| clusterAgent.readinessProbe.successThreshold | int | `1` | `successThreshold` for the readiness probe. | -| clusterAgent.readinessProbe.timeoutSeconds | int | `5` | `timeoutSeconds` for the readiness probe. | -| clusterAgent.replicaCount | int | `1` | Number of replicas of the cluster agent to deploy. | -| clusterAgent.resources.limits.cpu | string | `"400m"` | CPU resource limits. | -| clusterAgent.resources.limits.memory | string | `"800Mi"` | Memory resource limits. | -| clusterAgent.resources.requests.cpu | string | `"70m"` | CPU resource requests. | -| clusterAgent.resources.requests.memory | string | `"512Mi"` | Memory resource requests. | -| clusterAgent.service.port | int | `5005` | Change the Cluster Agent service port | -| clusterAgent.service.targetPort | int | `5005` | Change the Cluster Agent service targetPort | -| clusterAgent.serviceaccount.annotations | object | `{}` | Annotations for the service account for the cluster agent pods | -| clusterAgent.strategy | object | `{"type":"RollingUpdate"}` | The strategy for the Deployment object. | -| clusterAgent.tolerations | list | `[]` | Toleration labels for pod assignment. | -| fullnameOverride | string | `""` | Override the fullname of the chart. | -| global.extraEnv.open | object | `{}` | Extra open environment variables to inject into pods. | -| global.extraEnv.secret | object | `{}` | Extra secret environment variables to inject into pods via a `Secret` object. | -| global.imagePullCredentials | object | `{}` | Globally define credentials for pulling images. | -| global.imagePullSecrets | list | `[]` | Secrets / credentials needed for container image registry. | -| httpHeaderInjectorWebhook.enabled | bool | `false` | Enable the webhook for injection http header injection sidecar proxy | -| logsAgent.affinity | object | `{}` | Affinity settings for pod assignment. | -| logsAgent.enabled | bool | `true` | Enable / disable k8s pod log collection | -| logsAgent.image.pullPolicy | string | `"IfNotPresent"` | Default container image pull policy. | -| logsAgent.image.repository | string | `"stackstate/promtail"` | Base container image repository. | -| logsAgent.image.tag | string | `"2.7.1-4b6ae2af"` | Default container image tag. | -| logsAgent.nodeSelector | object | `{}` | Node labels for pod assignment. | -| logsAgent.priorityClassName | string | `""` | Priority class for logsAgent pods. | -| logsAgent.resources.limits.cpu | string | `"1300m"` | Memory resource limits. | -| logsAgent.resources.limits.memory | string | `"192Mi"` | | -| logsAgent.resources.requests.cpu | string | `"20m"` | Memory resource requests. | -| logsAgent.resources.requests.memory | string | `"100Mi"` | | -| logsAgent.serviceaccount.annotations | object | `{}` | Annotations for the service account for the daemonset pods | -| logsAgent.tolerations | list | `[]` | Toleration labels for pod assignment. | -| logsAgent.updateStrategy | object | `{"rollingUpdate":{"maxUnavailable":100},"type":"RollingUpdate"}` | The update strategy for the DaemonSet object. | -| nameOverride | string | `""` | Override the name of the chart. | -| nodeAgent.affinity | object | `{}` | Affinity settings for pod assignment. | -| nodeAgent.apm.enabled | bool | `true` | Enable / disable the nodeAgent APM module. | -| nodeAgent.autoScalingEnabled | bool | `false` | Enable / disable autoscaling for the node agent pods. | -| nodeAgent.checksTagCardinality | string | `"orchestrator"` | low, orchestrator or high. Orchestrator level adds pod_name, high adds display_container_name | -| nodeAgent.config | object | `{"override":[]}` | | -| nodeAgent.config.override | list | `[]` | A list of objects containing three keys `name`, `path` and `data`, specifying filenames at specific paths which need to be (potentially) overridden using a mounted configmap | -| nodeAgent.containerRuntime.customSocketPath | string | `""` | If the container socket path does not match the default for CRI-O, Containerd or Docker, supply a custom socket path. | -| nodeAgent.containerRuntime.hostProc | string | `"/proc"` | | -| nodeAgent.containers.agent.env | object | `{}` | Additional environment variables for the agent container | -| nodeAgent.containers.agent.image.pullPolicy | string | `"IfNotPresent"` | Default container image pull policy. | -| nodeAgent.containers.agent.image.repository | string | `"stackstate/stackstate-k8s-agent"` | Base container image repository. | -| nodeAgent.containers.agent.image.tag | string | `"ac39a29d"` | Default container image tag. | -| nodeAgent.containers.agent.livenessProbe.enabled | bool | `true` | Enable use of livenessProbe check. | -| nodeAgent.containers.agent.livenessProbe.failureThreshold | int | `3` | `failureThreshold` for the liveness probe. | -| nodeAgent.containers.agent.livenessProbe.initialDelaySeconds | int | `15` | `initialDelaySeconds` for the liveness probe. | -| nodeAgent.containers.agent.livenessProbe.periodSeconds | int | `15` | `periodSeconds` for the liveness probe. | -| nodeAgent.containers.agent.livenessProbe.successThreshold | int | `1` | `successThreshold` for the liveness probe. | -| nodeAgent.containers.agent.livenessProbe.timeoutSeconds | int | `5` | `timeoutSeconds` for the liveness probe. | -| nodeAgent.containers.agent.logLevel | string | `nil` | Set logging verbosity, valid log levels are: trace, debug, info, warn, error, critical, and off # If not set, fall back to the value of agent.logLevel. | -| nodeAgent.containers.agent.processAgent.enabled | bool | `false` | Enable / disable the agent process agent module. - deprecated | -| nodeAgent.containers.agent.readinessProbe.enabled | bool | `true` | Enable use of readinessProbe check. | -| nodeAgent.containers.agent.readinessProbe.failureThreshold | int | `3` | `failureThreshold` for the readiness probe. | -| nodeAgent.containers.agent.readinessProbe.initialDelaySeconds | int | `15` | `initialDelaySeconds` for the readiness probe. | -| nodeAgent.containers.agent.readinessProbe.periodSeconds | int | `15` | `periodSeconds` for the readiness probe. | -| nodeAgent.containers.agent.readinessProbe.successThreshold | int | `1` | `successThreshold` for the readiness probe. | -| nodeAgent.containers.agent.readinessProbe.timeoutSeconds | int | `5` | `timeoutSeconds` for the readiness probe. | -| nodeAgent.containers.agent.resources.limits.cpu | string | `"270m"` | Memory resource limits. | -| nodeAgent.containers.agent.resources.limits.memory | string | `"420Mi"` | | -| nodeAgent.containers.agent.resources.requests.cpu | string | `"20m"` | Memory resource requests. | -| nodeAgent.containers.agent.resources.requests.memory | string | `"180Mi"` | | -| nodeAgent.containers.processAgent.enabled | bool | `true` | Enable / disable the process agent container. | -| nodeAgent.containers.processAgent.env | object | `{}` | Additional environment variables for the process-agent container | -| nodeAgent.containers.processAgent.image.pullPolicy | string | `"IfNotPresent"` | Process-agent container image pull policy. | -| nodeAgent.containers.processAgent.image.registry | string | `nil` | | -| nodeAgent.containers.processAgent.image.repository | string | `"stackstate/stackstate-k8s-process-agent"` | Process-agent container image repository. | -| nodeAgent.containers.processAgent.image.tag | string | `"76e11e86"` | Default process-agent container image tag. | -| nodeAgent.containers.processAgent.logLevel | string | `nil` | Set logging verbosity, valid log levels are: trace, debug, info, warn, error, critical, and off # If not set, fall back to the value of agent.logLevel. | -| nodeAgent.containers.processAgent.procVolumeReadOnly | bool | `true` | Configure whether /host/proc is read only for the process agent container | -| nodeAgent.containers.processAgent.resources.limits.cpu | string | `"125m"` | Memory resource limits. | -| nodeAgent.containers.processAgent.resources.limits.memory | string | `"400Mi"` | | -| nodeAgent.containers.processAgent.resources.requests.cpu | string | `"25m"` | Memory resource requests. | -| nodeAgent.containers.processAgent.resources.requests.memory | string | `"128Mi"` | | -| nodeAgent.httpTracing.enabled | bool | `true` | | -| nodeAgent.logLevel | string | `"INFO"` | Logging level for agent processes. | -| nodeAgent.networkTracing.enabled | bool | `true` | Enable / disable the nodeAgent network tracing module. | -| nodeAgent.nodeSelector | object | `{}` | Node labels for pod assignment. | -| nodeAgent.priorityClassName | string | `""` | Priority class for nodeAgent pods. | -| nodeAgent.protocolInspection.enabled | bool | `true` | Enable / disable the nodeAgent protocol inspection. | -| nodeAgent.scaling.autoscalerLimits.agent.maximum.cpu | string | `"200m"` | Maximum CPU resource limits for main agent. | -| nodeAgent.scaling.autoscalerLimits.agent.maximum.memory | string | `"450Mi"` | Maximum memory resource limits for main agent. | -| nodeAgent.scaling.autoscalerLimits.agent.minimum.cpu | string | `"20m"` | Minimum CPU resource limits for main agent. | -| nodeAgent.scaling.autoscalerLimits.agent.minimum.memory | string | `"180Mi"` | Minimum memory resource limits for main agent. | -| nodeAgent.scaling.autoscalerLimits.processAgent.maximum.cpu | string | `"200m"` | Maximum CPU resource limits for process agent. | -| nodeAgent.scaling.autoscalerLimits.processAgent.maximum.memory | string | `"500Mi"` | Maximum memory resource limits for process agent. | -| nodeAgent.scaling.autoscalerLimits.processAgent.minimum.cpu | string | `"25m"` | Minimum CPU resource limits for process agent. | -| nodeAgent.scaling.autoscalerLimits.processAgent.minimum.memory | string | `"100Mi"` | Minimum memory resource limits for process agent. | -| nodeAgent.scc.enabled | bool | `false` | Enable / disable the installation of the SecurityContextConfiguration needed for installation on OpenShift. | -| nodeAgent.service | object | `{"annotations":{},"loadBalancerSourceRanges":["10.0.0.0/8"],"type":"ClusterIP"}` | The Kubernetes service for the agent | -| nodeAgent.service.annotations | object | `{}` | Annotations for the service | -| nodeAgent.service.loadBalancerSourceRanges | list | `["10.0.0.0/8"]` | The IP4 CIDR allowed to reach LoadBalancer for the service. For LoadBalancer type of service only. | -| nodeAgent.service.type | string | `"ClusterIP"` | Type of Kubernetes service: ClusterIP, LoadBalancer, NodePort | -| nodeAgent.serviceaccount.annotations | object | `{}` | Annotations for the service account for the agent daemonset pods | -| nodeAgent.skipKubeletTLSVerify | bool | `false` | Set to true if you want to skip kubelet tls verification. | -| nodeAgent.skipSslValidation | bool | `false` | Set to true if self signed certificates are used. | -| nodeAgent.tolerations | list | `[]` | Toleration labels for pod assignment. | -| nodeAgent.updateStrategy | object | `{"rollingUpdate":{"maxUnavailable":100},"type":"RollingUpdate"}` | The update strategy for the DaemonSet object. | -| openShiftLogging.installSecret | bool | `false` | Install a secret for logging on openshift | -| processAgent.checkIntervals.connections | int | `30` | Override the default value of the connections check interval in seconds. | -| processAgent.checkIntervals.container | int | `28` | Override the default value of the container check interval in seconds. | -| processAgent.checkIntervals.process | int | `32` | Override the default value of the process check interval in seconds. | -| processAgent.softMemoryLimit.goMemLimit | string | `"340MiB"` | Soft-limit for golang heap allocation, for sanity, must be around 85% of nodeAgent.containers.processAgent.resources.limits.cpu. | -| processAgent.softMemoryLimit.httpObservationsBufferSize | int | `40000` | Sets a maximum for the number of http observations to keep in memory between check runs, to use 40k requires around ~400Mib of memory. | -| processAgent.softMemoryLimit.httpStatsBufferSize | int | `40000` | Sets a maximum for the number of http stats to keep in memory between check runs, to use 40k requires around ~400Mib of memory. | -| stackstate.apiKey | string | `nil` | **PROVIDE YOUR API KEY HERE** API key to be used by the StackState agent. | -| stackstate.cluster.authToken | string | `""` | Provide a token to enable secure communication between the agent and the cluster agent. | -| stackstate.cluster.name | string | `nil` | **PROVIDE KUBERNETES CLUSTER NAME HERE** Name of the Kubernetes cluster where the agent will be installed. | -| stackstate.url | string | `nil` | **PROVIDE STACKSTATE URL HERE** URL of the StackState installation to receive data from the agent. | -| targetSystem | string | `"linux"` | Target OS for this deployment (possible values: linux) | diff --git a/charts/stackstate/stackstate-k8s-agent/1.0.67/README.md.gotmpl b/charts/stackstate/stackstate-k8s-agent/1.0.67/README.md.gotmpl deleted file mode 100644 index 7909e6f0d..000000000 --- a/charts/stackstate/stackstate-k8s-agent/1.0.67/README.md.gotmpl +++ /dev/null @@ -1,45 +0,0 @@ -{{ template "chart.header" . }} -{{ template "chart.description" . }} - -Current chart version is `{{ template "chart.version" . }}` - -{{ template "chart.homepageLine" . }} - -{{ template "chart.requirementsSection" . }} - -## Required Values - -In order to successfully install this chart, you **must** provide the following variables: - -* `stackstate.apiKey` -* `stackstate.cluster.name` -* `stackstate.url` - -The parameter `stackstate.cluster.name` is entered when installing the Cluster Agent StackPack. - -Install them on the command line on Helm with the following command: - -```shell -helm install \ ---set-string 'stackstate.apiKey'='' \ ---set-string 'stackstate.cluster.name'='' \ ---set-string 'stackstate.url'='' \ -stackstate/stackstate-k8s-agent -``` - -## Recommended Values - -It is also recommended that you set a value for `stackstate.cluster.authToken`. If it is not provided, a value will be generated for you, but the value will change each time an upgrade is performed. - -The command for **also** installing with a set token would be: - -```shell -helm install \ ---set-string 'stackstate.apiKey'='' \ ---set-string 'stackstate.cluster.name'='' \ ---set-string 'stackstate.cluster.authToken'='' \ ---set-string 'stackstate.url'='' \ -stackstate/stackstate-k8s-agent -``` - -{{ template "chart.valuesSection" . }} diff --git a/charts/stackstate/stackstate-k8s-agent/1.0.67/Releasing.md b/charts/stackstate/stackstate-k8s-agent/1.0.67/Releasing.md deleted file mode 100644 index bab6c2b94..000000000 --- a/charts/stackstate/stackstate-k8s-agent/1.0.67/Releasing.md +++ /dev/null @@ -1,15 +0,0 @@ -To make a new release of this helm chart, follow the following steps: - - -- Create a branch from master -- Set the latest tags for the docker images, based on the dev settings (while we do not promote to prod, the moment we promote to prod we should take those tags) from https://gitlab.com/stackvista/devops/agent-promoter/-/blob/master/config.yml. Set the value to the folowing keys: - * stackstate-k8s-cluster-agent: - * [clusterAgent.image.tag] - * stackstate-k8s-agent: - * [nodeAgent.containers.agent.image.tag] - * [checksAgent.image.tag] - * stackstate-k8s-process-agent: - * [nodeAgent.containers.processAgent.image.tag] -- Bump the version of the chart -- Merge the mr and hit the public release button on the ci pipeline -- Manually smoke-test (deploy) the newly released stackstate/stackstate-k8s-agent chart to make sure it runs diff --git a/charts/stackstate/stackstate-k8s-agent/1.0.67/app-readme.md b/charts/stackstate/stackstate-k8s-agent/1.0.67/app-readme.md deleted file mode 100644 index 8025fe1d3..000000000 --- a/charts/stackstate/stackstate-k8s-agent/1.0.67/app-readme.md +++ /dev/null @@ -1,5 +0,0 @@ -## Introduction - -StackState is a modern Application Troubleshooting and Observability solution designed for the rapid evolving engineering landscape. With specific enhancements for Kubernetes environments it empowers engineers, allowing them to remediate application issues independently in production. - -The StackState Agent auto-discovers your entire environment in minutes, assimilating topology, logs, metrics, and events and sends this of to the StackState server. By using StackState you're able to tracke all activity in your environment in real-time and over time. StackState provides instant understanding of the business impact of an issue, offering end-to-end chain observability and ensuring that you can quickly correlate any product or environmental changes to the overall health of your cloud-native implementation. diff --git a/charts/stackstate/stackstate-k8s-agent/1.0.67/charts/http-header-injector/.helmignore b/charts/stackstate/stackstate-k8s-agent/1.0.67/charts/http-header-injector/.helmignore deleted file mode 100644 index 69790771c..000000000 --- a/charts/stackstate/stackstate-k8s-agent/1.0.67/charts/http-header-injector/.helmignore +++ /dev/null @@ -1,25 +0,0 @@ -# Patterns to ignore when building packages. -# This supports shell glob matching, relative path matching, and -# negation (prefixed with !). Only one pattern per line. -.DS_Store -# Common VCS dirs -.git/ -.gitignore -.bzr/ -.bzrignore -.hg/ -.hgignore -.svn/ -# Common backup files -*.swp -*.bak -*.tmp -*~ -# Various IDEs -.project -.idea/ -*.tmproj -.vscode/ -linter_values.yaml -ci/ -installation/ diff --git a/charts/stackstate/stackstate-k8s-agent/1.0.67/charts/http-header-injector/Chart.yaml b/charts/stackstate/stackstate-k8s-agent/1.0.67/charts/http-header-injector/Chart.yaml deleted file mode 100644 index d2c911c5d..000000000 --- a/charts/stackstate/stackstate-k8s-agent/1.0.67/charts/http-header-injector/Chart.yaml +++ /dev/null @@ -1,15 +0,0 @@ -apiVersion: v2 -appVersion: 0.0.1 -description: 'Helm chart for deploying the http-header-injector sidecar, which automatically - injects x-request-id into http traffic going through the cluster for pods which - have the annotation `http-header-injector.stackstate.io/inject: enabled` is set. ' -home: https://github.com/StackVista/http-header-injector -icon: https://www.stackstate.com/wp-content/uploads/2019/02/152x152-favicon.png -keywords: -- monitoring -- stackstate -maintainers: -- email: ops@stackstate.com - name: Stackstate Lupulus Team -name: http-header-injector -version: 0.0.8 diff --git a/charts/stackstate/stackstate-k8s-agent/1.0.67/charts/http-header-injector/README.md b/charts/stackstate/stackstate-k8s-agent/1.0.67/charts/http-header-injector/README.md deleted file mode 100644 index 33e6bedf7..000000000 --- a/charts/stackstate/stackstate-k8s-agent/1.0.67/charts/http-header-injector/README.md +++ /dev/null @@ -1,54 +0,0 @@ -# http-header-injector - -![Version: 0.0.7](https://img.shields.io/badge/Version-0.0.7-informational?style=flat-square) ![AppVersion: 0.0.1](https://img.shields.io/badge/AppVersion-0.0.1-informational?style=flat-square) - -Helm chart for deploying the http-header-injector sidecar, which automatically injects x-request-id into http traffic -going through the cluster for pods which have the annotation `http-header-injector.stackstate.io/inject: enabled` is set. - -**Homepage:** - -## Maintainers - -| Name | Email | Url | -| ---- | ------ | --- | -| Stackstate Lupulus Team | | | - -## Values - -| Key | Type | Default | Description | -|-----|------|---------|-------------| -| certificatePrehook | object | `{"image":{"pullPolicy":"IfNotPresent","registry":null,"repository":"stackstate/container-tools","tag":"1.2.0"}}` | Helm prehook to setup/remove a certificate for the sidecarInjector mutationwebhook | -| certificatePrehook.image.pullPolicy | string | `"IfNotPresent"` | Policy when pulling an image | -| certificatePrehook.image.registry | string | `nil` | Registry for the docker image. | -| certificatePrehook.image.tag | string | `"1.2.0"` | The tag for the docker image | -| debug | bool | `false` | Enable debugging. This will leave leave artifacts around like the prehook jobs for further inspection | -| enabled | bool | `true` | Enable/disable the mutationwebhook | -| global.imagePullCredentials | object | `{}` | Globally define credentials for pulling images. | -| global.imagePullSecrets | list | `[]` | Globally add image pull secrets that are used. | -| global.imageRegistry | string | `nil` | Globally override the image registry that is used. Can be overridden by specific containers. Defaults to quay.io | -| images.pullSecretName | string | `nil` | | -| proxy | object | `{"image":{"pullPolicy":"IfNotPresent","registry":null,"repository":"stackstate/http-header-injector-proxy","tag":"sha-5ff79451"},"resources":{"limits":{"memory":"40Mi"},"requests":{"memory":"25Mi"}}}` | Proxy being injected into pods for rewriting http headers | -| proxy.image.pullPolicy | string | `"IfNotPresent"` | Policy when pulling an image | -| proxy.image.registry | string | `nil` | Registry for the docker image. | -| proxy.image.tag | string | `"sha-5ff79451"` | The tag for the docker image | -| proxy.resources.limits.memory | string | `"40Mi"` | Memory resource limits. | -| proxy.resources.requests.memory | string | `"25Mi"` | Memory resource requests. | -| proxyInit | object | `{"image":{"pullPolicy":"IfNotPresent","registry":null,"repository":"stackstate/http-header-injector-proxy-init","tag":"sha-5ff79451"}}` | InitContainer within pod which redirects traffic to the proxy container. | -| proxyInit.image.pullPolicy | string | `"IfNotPresent"` | Policy when pulling an image | -| proxyInit.image.registry | string | `nil` | Registry for the docker image | -| proxyInit.image.tag | string | `"sha-5ff79451"` | The tag for the docker image | -| sidecarInjector | object | `{"image":{"pullPolicy":"IfNotPresent","registry":null,"repository":"stackstate/generic-sidecar-injector","tag":"sha-9c852245"}}` | Service for injecting the proxy sidecar into pods | -| sidecarInjector.image.pullPolicy | string | `"IfNotPresent"` | Policy when pulling an image | -| sidecarInjector.image.registry | string | `nil` | Registry for the docker image. | -| sidecarInjector.image.tag | string | `"sha-9c852245"` | The tag for the docker image | -| webhook | object | `{"failurePolicy":"Ignore","tls":{"certManager":{"issuer":"","issuerKind":"ClusterIssuer","issuerNamespace":""},"mode":"generated","provided":{"caBundle":"","crt":"","key":""},"secret":{"name":""}}}` | MutationWebhook that will be installed to inject a sidecar into pods | -| webhook.failurePolicy | string | `"Ignore"` | How should the webhook fail? Best is to use Ignore, because there is a brief moment at initialization when the hook s there but the service not. Also, putting this to fail can cause the control plane be unresponsive. | -| webhook.tls.certManager.issuer | string | `""` | The issuer that is used for the webhook. Only used if you set webhook.tls.mode to "cert-manager". | -| webhook.tls.certManager.issuerKind | string | `"ClusterIssuer"` | The issuer kind that is used for the webhook, valid values are "Issuer" or "ClusterIssuer". Only used if you set webhook.tls.mode to "cert-manager". | -| webhook.tls.certManager.issuerNamespace | string | `""` | The namespace the cert-manager issuer is located in. If left empty defaults to the release's namespace that is used for the webhook. Only used if you set webhook.tls.mode to "cert-manager". | -| webhook.tls.mode | string | `"generated"` | The mode for the webhook. Can be "provided", "generated", "secret" or "cert-manager". If you want to use cert-manager, you need to install it first. NOTE: If you choose "generated", additional privileges are required to create the certificate and webhook at runtime. | -| webhook.tls.provided.caBundle | string | `""` | The caBundle that is used for the webhook. This is the certificate that is used to sign the webhook. Only used if you set webhook.tls.mode to "provided". | -| webhook.tls.provided.crt | string | `""` | The certificate that is used for the webhook. Only used if you set webhook.tls.mode to "provided". | -| webhook.tls.provided.key | string | `""` | The key that is used for the webhook. Only used if you set webhook.tls.mode to "provided". | -| webhook.tls.secret.name | string | `""` | The name of the secret containing the pre-provisioned certificate data that is used for the webhook. Only used if you set webhook.tls.mode to "secret". | - diff --git a/charts/stackstate/stackstate-k8s-agent/1.0.67/charts/http-header-injector/Readme.md.gotpl b/charts/stackstate/stackstate-k8s-agent/1.0.67/charts/http-header-injector/Readme.md.gotpl deleted file mode 100644 index 225032aa2..000000000 --- a/charts/stackstate/stackstate-k8s-agent/1.0.67/charts/http-header-injector/Readme.md.gotpl +++ /dev/null @@ -1,26 +0,0 @@ -{{ template "chart.header" . }} -{{ template "chart.description" . }} - -Current chart version is `{{ template "chart.version" . }}` - -{{ template "chart.homepageLine" . }} - -{{ template "chart.requirementsSection" . }} - -## Required Values - -No values have to be included to install this chart. After installing this chart, it becomes possible to annotate pods with -the `http-header-injector.stackstate.io/inject: enabled` annotation to make sure the sidecar provided by this chart is -activated on a pod. - -## Recommended Values - -{{ template "chart.valuesSection" . -}} - -## Install - -Install from the command line on Helm with the following command: - -```shell -helm install stackstate/http-header-injector -``` diff --git a/charts/stackstate/stackstate-k8s-agent/1.0.67/charts/http-header-injector/templates/_defines.tpl b/charts/stackstate/stackstate-k8s-agent/1.0.67/charts/http-header-injector/templates/_defines.tpl deleted file mode 100644 index a3614d755..000000000 --- a/charts/stackstate/stackstate-k8s-agent/1.0.67/charts/http-header-injector/templates/_defines.tpl +++ /dev/null @@ -1,113 +0,0 @@ -{{- define "http-header-injector.app.name" -}} -{{ .Release.Name }}-http-header-injector -{{- end -}} - -{{- define "http-header-injector.webhook-service.name" -}} -{{ .Release.Name }}-http-header-injector -{{- end -}} - -{{- define "http-header-injector.webhook-service.fqname" -}} -{{ .Release.Name }}-http-header-injector.{{ .Release.Namespace }}.svc -{{- end -}} - -{{- define "http-header-injector.cert-secret.name" -}} -{{- if eq .Values.webhook.tls.mode "secret" -}} -{{ .Values.webhook.tls.secret.name }} -{{- else -}} -{{ .Release.Name }}-http-injector-cert -{{- end -}} -{{- end -}} - -{{- define "http-header-injector.cert-clusterrole.name" -}} -{{ .Release.Name }}-http-injector-cert-cluster-role -{{- end -}} - -{{- define "http-header-injector.cert-serviceaccount.name" -}} -{{ .Release.Name }}-http-injector-cert-sa -{{- end -}} - -{{- define "http-header-injector.cert-config.name" -}} -{{ .Release.Name }}-cert-config -{{- end -}} - -{{- define "http-header-injector.mutatingwebhookconfiguration.name" -}} -{{ .Release.Name }}-http-header-injector-webhook.stackstate.io -{{- end -}} - -{{- define "http-header-injector.webhook-config.name" -}} -{{ .Release.Name }}-http-header-injector-config -{{- end -}} - -{{- define "http-header-injector.mutating-webhook.name" -}} -{{ .Release.Name }}-http-header-injector-webhook -{{- end -}} - -{{- define "http-header-injector.pull-secret.name" -}} -{{ include "http-header-injector.app.name" . }}-pull-secret -{{- end -}} - -{{/* If the issuer is located in a different namespace, it is possible to set that, else default to the release namespace */}} -{{- define "cert-manager.certificate.namespace" -}} -{{ .Values.webhook.tls.certManager.issuerNamespace | default .Release.Namespace }} -{{- end -}} - -{{- define "http-header-injector.image.registry.global" -}} - {{- if .Values.global }} - {{- .Values.global.imageRegistry | default "quay.io" -}} - {{- else -}} - quay.io - {{- end -}} -{{- end -}} - -{{- define "http-header-injector.image.registry" -}} - {{- if ((.ContainerConfig).image).registry -}} - {{- tpl .ContainerConfig.image.registry . -}} - {{- else -}} - {{- include "http-header-injector.image.registry.global" . }} - {{- end -}} -{{- end -}} - -{{- define "http-header-injector.image.pullSecrets" -}} - {{- $pullSecrets := list }} - {{- $pullSecrets = append $pullSecrets (include "http-header-injector.pull-secret.name" .) }} - {{- range .Values.global.imagePullSecrets -}} - {{- $pullSecrets = append $pullSecrets . -}} - {{- end -}} - {{- if (not (empty $pullSecrets)) -}} -imagePullSecrets: - {{- range $pullSecrets | uniq }} - - name: {{ . }} - {{- end }} - {{- end -}} -{{- end -}} - -{{- define "http-header-injector.cert-setup.container.main" }} -{{- $containerConfig := dict "ContainerConfig" .Values.certificatePrehook -}} -name: webhook-cert-setup -image: "{{ include "http-header-injector.image.registry" (merge $containerConfig .) }}/{{ .Values.certificatePrehook.image.repository }}:{{ .Values.certificatePrehook.image.tag }}" -imagePullPolicy: {{ .Values.certificatePrehook.image.pullPolicy }} -{{- with .Values.certificatePrehook.resources }} -resources: - {{- toYaml . | nindent 2 }} -{{- end }} -volumeMounts: - - name: "{{ include "http-header-injector.cert-config.name" . }}" - mountPath: /scripts - readOnly: true -command: ["/scripts/generate-cert.sh"] -{{- end }} - -{{- define "http-header-injector.cert-delete.container.main" }} -{{- $containerConfig := dict "ContainerConfig" .Values.certificatePrehook -}} -name: webhook-cert-delete -image: "{{ include "http-header-injector.image.registry" (merge $containerConfig .) }}/{{ .Values.certificatePrehook.image.repository }}:{{ .Values.certificatePrehook.image.tag }}" -imagePullPolicy: {{ .Values.certificatePrehook.image.pullPolicy }} -{{- with .Values.certificatePrehook.resources }} -resources: - {{- toYaml . | nindent 2 }} -{{- end }} -volumeMounts: - - name: "{{ include "http-header-injector.cert-config.name" . }}" - mountPath: /scripts -command: [ "/scripts/delete-cert.sh" ] -{{- end }} \ No newline at end of file diff --git a/charts/stackstate/stackstate-k8s-agent/1.0.67/charts/http-header-injector/templates/cert-hook-clusterrolbinding.yaml b/charts/stackstate/stackstate-k8s-agent/1.0.67/charts/http-header-injector/templates/cert-hook-clusterrolbinding.yaml deleted file mode 100644 index fb804f729..000000000 --- a/charts/stackstate/stackstate-k8s-agent/1.0.67/charts/http-header-injector/templates/cert-hook-clusterrolbinding.yaml +++ /dev/null @@ -1,22 +0,0 @@ -{{- if eq .Values.webhook.tls.mode "generated" }} -apiVersion: rbac.authorization.k8s.io/v1 -kind: ClusterRoleBinding -metadata: - name: "{{ include "http-header-injector.cert-serviceaccount.name" . }}" - labels: - app.kubernetes.io/component: http-header-injector-cert-hook - app.kubernetes.io/instance: {{ .Release.Name }} - app.kubernetes.io/name: {{ include "http-header-injector.app.name" . }} - annotations: - "helm.sh/hook": pre-install,pre-upgrade,post-delete,post-upgrade - "helm.sh/hook-weight": "-3" - "helm.sh/hook-delete-policy": before-hook-creation,hook-succeeded -roleRef: - apiGroup: rbac.authorization.k8s.io - kind: ClusterRole - name: "{{ include "http-header-injector.cert-clusterrole.name" . }}" -subjects: - - kind: ServiceAccount - name: "{{ include "http-header-injector.cert-serviceaccount.name" . }}" - namespace: {{ .Release.Namespace }} -{{- end }} diff --git a/charts/stackstate/stackstate-k8s-agent/1.0.67/charts/http-header-injector/templates/cert-hook-clusterrole.yaml b/charts/stackstate/stackstate-k8s-agent/1.0.67/charts/http-header-injector/templates/cert-hook-clusterrole.yaml deleted file mode 100644 index 595ae5c1b..000000000 --- a/charts/stackstate/stackstate-k8s-agent/1.0.67/charts/http-header-injector/templates/cert-hook-clusterrole.yaml +++ /dev/null @@ -1,24 +0,0 @@ -{{- if eq .Values.webhook.tls.mode "generated" }} -apiVersion: rbac.authorization.k8s.io/v1 -kind: ClusterRole -metadata: - name: "{{ include "http-header-injector.cert-clusterrole.name" . }}" - labels: - app.kubernetes.io/component: http-header-injector-cert-hook - app.kubernetes.io/instance: {{ .Release.Name }} - app.kubernetes.io/name: {{ include "http-header-injector.app.name" . }} - annotations: - "helm.sh/hook": pre-install,pre-upgrade,post-delete,post-upgrade - "helm.sh/hook-weight": "-4" - "helm.sh/hook-delete-policy": before-hook-creation,hook-succeeded -rules: - - apiGroups: [ "admissionregistration.k8s.io" ] - resources: [ "mutatingwebhookconfigurations" ] - verbs: [ "get", "create", "patch","update","delete" ] - - apiGroups: [ "" ] - resources: [ "secrets" ] - verbs: [ "create", "get", "patch","update","delete" ] - - apiGroups: [ "apps" ] - resources: [ "deployments" ] - verbs: [ "get" ] -{{- end }} diff --git a/charts/stackstate/stackstate-k8s-agent/1.0.67/charts/http-header-injector/templates/cert-hook-config.yaml b/charts/stackstate/stackstate-k8s-agent/1.0.67/charts/http-header-injector/templates/cert-hook-config.yaml deleted file mode 100644 index b0c5f22fd..000000000 --- a/charts/stackstate/stackstate-k8s-agent/1.0.67/charts/http-header-injector/templates/cert-hook-config.yaml +++ /dev/null @@ -1,152 +0,0 @@ -{{- if eq .Values.webhook.tls.mode "generated" }} -apiVersion: v1 -kind: ConfigMap -metadata: - name: "{{ include "http-header-injector.cert-config.name" . }}" - labels: - app.kubernetes.io/component: http-header-injector-cert-hook - app.kubernetes.io/instance: {{ .Release.Name }} - app.kubernetes.io/name: {{ include "http-header-injector.app.name" . }} - annotations: - "helm.sh/hook": pre-install,pre-upgrade,post-delete,post-upgrade - "helm.sh/hook-weight": "-3" - "helm.sh/hook-delete-policy": before-hook-creation,hook-succeeded -data: - generate-cert.sh: | - #!/bin/bash - - # We are going for a self-signed certificate here. We would like to use k8s CertificateSigningRequest, however, - # currently there are no out of the box signers that can sign a 'server auth' certificate, which is required for mutation webhooks. - set -ex - - SCRIPTDIR="${BASH_SOURCE%/*}" - - DIR=`mktemp -d` - - cd "$DIR" - - {{ if .Values.enabled }} - echo "Chart enabled, creating secret and webhook" - - openssl genrsa -out ca.key 2048 - - openssl req -x509 -new -nodes -key ca.key -subj "/CN={{ include "http-header-injector.webhook-service.fqname" . }}" -days 10000 -out ca.crt - - openssl genrsa -out tls.key 2048 - - openssl req -new -key tls.key -out tls.csr -config "$SCRIPTDIR/csr.conf" - - openssl x509 -req -in tls.csr -CA ca.crt -CAkey ca.key \ - -CAcreateserial -out tls.crt -days 10000 \ - -extensions v3_ext -extfile "$SCRIPTDIR/csr.conf" -sha256 - - # Create or update the secret - echo "Applying secret" - kubectl create secret tls "{{ include "http-header-injector.cert-secret.name" . }}" \ - -n "{{ .Release.Namespace }}" \ - --cert=./tls.crt \ - --key=./tls.key \ - --dry-run=client \ - -o yaml | kubectl apply -f - - - echo "Applying mutationwebhook" - caBundle=`base64 -w 0 ca.crt` - cat "$SCRIPTDIR/mutatingwebhookconfiguration.yaml" | sed "s/\\\$CA_BUNDLE/$caBundle/g" | kubectl apply -f - - {{ else }} - echo "Chart disabled, not creating secret and webhook" - {{ end }} - delete-cert.sh: | - #!/bin/bash - - set -x - - DIR="${BASH_SOURCE%/*}" - if [[ ! -d "$DIR" ]]; then DIR="$PWD"; fi - if [[ "$DIR" = "." ]]; then DIR="$PWD"; fi - - cd "$DIR" - - # Using detection of deployment hee to also make this work in post-delete. - if kubectl get deployments "{{ include "http-header-injector.app.name" . }}" -n "{{ .Release.Namespace }}"; then - echo "Chart enabled, not removing secret and mutationwebhook" - exit 0 - else - echo "Chart disabled, removing secret and mutationwebhook" - fi - - # Create or update the secret - echo "Deleting secret" - kubectl delete secret "{{ include "http-header-injector.cert-secret.name" . }}" -n "{{ .Release.Namespace }}" - - echo "Applying mutationwebhook" - kubectl delete MutatingWebhookConfiguration "{{ include "http-header-injector.mutating-webhook.name" . }}" -n "{{ .Release.Namespace }}" - - exit 0 - - csr.conf: | - [ req ] - default_bits = 2048 - prompt = no - default_md = sha256 - req_extensions = req_ext - distinguished_name = dn - - [ dn ] - C = NL - ST = Utrecht - L = Hilversum - O = StackState - OU = Dev - CN = {{ include "http-header-injector.webhook-service.fqname" . }} - - [ req_ext ] - subjectAltName = @alt_names - - [ alt_names ] - DNS.1 = {{ include "http-header-injector.webhook-service.fqname" . }} - - [ v3_ext ] - authorityKeyIdentifier=keyid,issuer:always - basicConstraints=CA:FALSE - keyUsage=keyEncipherment,dataEncipherment - extendedKeyUsage=serverAuth - subjectAltName=@alt_names - - mutatingwebhookconfiguration.yaml: | - apiVersion: admissionregistration.k8s.io/v1 - kind: MutatingWebhookConfiguration - metadata: - name: "{{ include "http-header-injector.mutating-webhook.name" . }}" - namespace: "{{ .Release.Namespace }}" - webhooks: - - clientConfig: - caBundle: "$CA_BUNDLE" - service: - name: "{{ include "http-header-injector.webhook-service.name" . }}" - path: /mutate - namespace: {{ .Release.Namespace }} - port: 8443 - # Putting failure on ignore, not doing so can crash the entire control plane if something goes wrong with the service. - failurePolicy: "{{ .Values.webhook.failurePolicy }}" - name: "{{ include "http-header-injector.mutatingwebhookconfiguration.name" . }}" - namespaceSelector: - matchExpressions: - - key: kubernetes.io/metadata.name - operator: NotIn - values: - - kube-system - - cert-manager - - {{ .Release.Namespace }} - rules: - - apiGroups: - - "" - apiVersions: - - v1 - operations: - - CREATE - resources: - - pods - sideEffects: None - admissionReviewVersions: - - v1 -{{- end }} diff --git a/charts/stackstate/stackstate-k8s-agent/1.0.67/charts/http-header-injector/templates/cert-hook-job-delete.yaml b/charts/stackstate/stackstate-k8s-agent/1.0.67/charts/http-header-injector/templates/cert-hook-job-delete.yaml deleted file mode 100644 index 1e67e5a45..000000000 --- a/charts/stackstate/stackstate-k8s-agent/1.0.67/charts/http-header-injector/templates/cert-hook-job-delete.yaml +++ /dev/null @@ -1,35 +0,0 @@ -{{- if eq .Values.webhook.tls.mode "generated" }} -apiVersion: batch/v1 -kind: Job -metadata: - name: {{ .Release.Name }}-header-injector-cert-delete - labels: - app.kubernetes.io/component: http-header-injector-cert-hook-delete - app.kubernetes.io/instance: {{ .Release.Name }} - app.kubernetes.io/name: {{ include "http-header-injector.app.name" . }} - annotations: - "helm.sh/hook": post-delete,post-upgrade - "helm.sh/hook-weight": "-2" - "helm.sh/hook-delete-policy": before-hook-creation{{- if not .Values.debug -}},hook-succeeded{{- end }} -spec: - template: - metadata: - labels: - app.kubernetes.io/component: http-header-injector-delete - app.kubernetes.io/instance: {{ .Release.Name }} - app.kubernetes.io/name: {{ include "http-header-injector.app.name" . }} - annotations: - checksum/config: {{ include (print $.Template.BasePath "/cert-hook-config.yaml") . | sha256sum }} - spec: - serviceAccountName: "{{ include "http-header-injector.cert-serviceaccount.name" . }}" - {{- include "http-header-injector.image.pullSecrets" . | nindent 6 }} - volumes: - - name: "{{ include "http-header-injector.cert-config.name" . }}" - configMap: - name: "{{ include "http-header-injector.cert-config.name" . }}" - defaultMode: 0777 - containers: - - {{ include "http-header-injector.cert-delete.container.main" . | nindent 8 }} - restartPolicy: Never - backoffLimit: 0 -{{- end }} diff --git a/charts/stackstate/stackstate-k8s-agent/1.0.67/charts/http-header-injector/templates/cert-hook-job-setup.yaml b/charts/stackstate/stackstate-k8s-agent/1.0.67/charts/http-header-injector/templates/cert-hook-job-setup.yaml deleted file mode 100644 index 19451d293..000000000 --- a/charts/stackstate/stackstate-k8s-agent/1.0.67/charts/http-header-injector/templates/cert-hook-job-setup.yaml +++ /dev/null @@ -1,35 +0,0 @@ -{{- if eq .Values.webhook.tls.mode "generated" }} -apiVersion: batch/v1 -kind: Job -metadata: - name: {{ .Release.Name }}-header-injector-cert-setup - labels: - app.kubernetes.io/component: http-header-injector-cert-hook-setup - app.kubernetes.io/instance: {{ .Release.Name }} - app.kubernetes.io/name: {{ include "http-header-injector.app.name" . }} - annotations: - "helm.sh/hook": pre-install,pre-upgrade - "helm.sh/hook-weight": "-2" - "helm.sh/hook-delete-policy": before-hook-creation{{- if not .Values.debug -}},hook-succeeded{{- end }} -spec: - template: - metadata: - labels: - app.kubernetes.io/component: http-header-injector-setup - app.kubernetes.io/instance: {{ .Release.Name }} - app.kubernetes.io/name: {{ include "http-header-injector.app.name" . }} - annotations: - checksum/config: {{ include (print $.Template.BasePath "/cert-hook-config.yaml") . | sha256sum }} - spec: - serviceAccountName: "{{ include "http-header-injector.cert-serviceaccount.name" . }}" - {{- include "http-header-injector.image.pullSecrets" . | nindent 6 }} - volumes: - - name: "{{ include "http-header-injector.cert-config.name" . }}" - configMap: - name: "{{ include "http-header-injector.cert-config.name" . }}" - defaultMode: 0777 - containers: - - {{ include "http-header-injector.cert-setup.container.main" . | nindent 8 }} - restartPolicy: Never - backoffLimit: 0 -{{- end }} diff --git a/charts/stackstate/stackstate-k8s-agent/1.0.67/charts/http-header-injector/templates/cert-hook-serviceaccount.yaml b/charts/stackstate/stackstate-k8s-agent/1.0.67/charts/http-header-injector/templates/cert-hook-serviceaccount.yaml deleted file mode 100644 index 4d6931b05..000000000 --- a/charts/stackstate/stackstate-k8s-agent/1.0.67/charts/http-header-injector/templates/cert-hook-serviceaccount.yaml +++ /dev/null @@ -1,16 +0,0 @@ -{{- if eq .Values.webhook.tls.mode "generated" }} -apiVersion: v1 -kind: ServiceAccount -metadata: - name: "{{ include "http-header-injector.cert-serviceaccount.name" . }}" - namespace: {{ .Release.Namespace }} - annotations: - "helm.sh/hook": pre-install,pre-upgrade,post-delete,post-upgrade - "helm.sh/hook-weight": "-4" - "helm.sh/hook-delete-policy": before-hook-creation,hook-succeeded - labels: - app.kubernetes.io/component: http-header-injector-cert-hook - app.kubernetes.io/instance: {{ .Release.Name }} - app.kubernetes.io/name: {{ include "http-header-injector.app.name" . }} - app: "{{ include "http-header-injector.app.name" . }}" -{{- end }} diff --git a/charts/stackstate/stackstate-k8s-agent/1.0.67/charts/http-header-injector/templates/pull-secret.yaml b/charts/stackstate/stackstate-k8s-agent/1.0.67/charts/http-header-injector/templates/pull-secret.yaml deleted file mode 100644 index 5dc48d931..000000000 --- a/charts/stackstate/stackstate-k8s-agent/1.0.67/charts/http-header-injector/templates/pull-secret.yaml +++ /dev/null @@ -1,29 +0,0 @@ -{{- $defaultRegistry := .Values.global.imageRegistry }} -{{- $top := . }} -{{- $registryAuthMap := dict }} - -{{- range $registry, $credentials := .Values.global.imagePullCredentials }} - {{- $registryAuthDocument := dict -}} - {{- $_ := set $registryAuthDocument "username" $credentials.username }} - {{- $_ := set $registryAuthDocument "password" $credentials.password }} - {{- $authMessage := printf "%s:%s" $registryAuthDocument.username $registryAuthDocument.password | b64enc }} - {{- $_ := set $registryAuthDocument "auth" $authMessage }} - {{- if eq $registry "default" }} - {{- $registryAuthMap := set $registryAuthMap (include "http-header-injector.image.registry.global" $top) $registryAuthDocument }} - {{ else }} - {{- $registryAuthMap := set $registryAuthMap $registry $registryAuthDocument }} - {{- end }} -{{- end }} -{{- $dockerAuthsDocuments := dict "auths" $registryAuthMap }} - -apiVersion: v1 -kind: Secret -metadata: - labels: - app.kubernetes.io/component: http-header-injector - app.kubernetes.io/instance: {{ .Release.Name }} - app.kubernetes.io/name: {{ include "http-header-injector.app.name" . }} - name: {{ include "http-header-injector.pull-secret.name" . }} -data: - .dockerconfigjson: {{ $dockerAuthsDocuments | toJson | b64enc | quote }} -type: kubernetes.io/dockerconfigjson \ No newline at end of file diff --git a/charts/stackstate/stackstate-k8s-agent/1.0.67/charts/http-header-injector/templates/webhook-cert-secret.yaml b/charts/stackstate/stackstate-k8s-agent/1.0.67/charts/http-header-injector/templates/webhook-cert-secret.yaml deleted file mode 100644 index ba7a216f2..000000000 --- a/charts/stackstate/stackstate-k8s-agent/1.0.67/charts/http-header-injector/templates/webhook-cert-secret.yaml +++ /dev/null @@ -1,15 +0,0 @@ -{{- if eq .Values.webhook.tls.mode "provided" }} -apiVersion: v1 -kind: Secret -metadata: - name: {{ include "http-header-injector.cert-secret.name" . }} - namespace: {{ .Release.Namespace }} - labels: - app.kubernetes.io/component: http-header-injector - app.kubernetes.io/instance: {{ .Release.Name }} - app.kubernetes.io/name: {{ include "http-header-injector.app.name" . }} -type: kubernetes.io/tls -data: - tls.crt: {{ .Values.webhook.tls.provided.crt | b64enc }} - tls.key: {{ .Values.webhook.tls.provided.key | b64enc }} -{{- end }} diff --git a/charts/stackstate/stackstate-k8s-agent/1.0.67/charts/http-header-injector/templates/webhook-certificate.yaml b/charts/stackstate/stackstate-k8s-agent/1.0.67/charts/http-header-injector/templates/webhook-certificate.yaml deleted file mode 100644 index 752132d44..000000000 --- a/charts/stackstate/stackstate-k8s-agent/1.0.67/charts/http-header-injector/templates/webhook-certificate.yaml +++ /dev/null @@ -1,20 +0,0 @@ -{{- if eq .Values.webhook.tls.mode "cert-manager" }} -apiVersion: cert-manager.io/v1 -kind: Certificate -metadata: - name: {{ include "http-header-injector.webhook-service.name" . }} - namespace: {{ include "cert-manager.certificate.namespace" . }} - labels: - app.kubernetes.io/component: http-header-injector - app.kubernetes.io/instance: {{ .Release.Name }} - app.kubernetes.io/name: {{ include "http-header-injector.app.name" . }} -spec: - secretName: {{ include "http-header-injector.cert-secret.name" . }} - issuerRef: - name: {{ .Values.webhook.tls.certManager.issuer }} - kind: {{ .Values.webhook.tls.certManager.issuerKind }} - dnsNames: - - "{{ include "http-header-injector.webhook-service.name" . }}" - - "{{ include "http-header-injector.webhook-service.name" . }}.{{ .Release.Namespace }}" - - "{{ include "http-header-injector.webhook-service.name" . }}.{{ .Release.Namespace }}.svc" -{{- end }} diff --git a/charts/stackstate/stackstate-k8s-agent/1.0.67/charts/http-header-injector/templates/webhook-config.yaml b/charts/stackstate/stackstate-k8s-agent/1.0.67/charts/http-header-injector/templates/webhook-config.yaml deleted file mode 100644 index f611a52e3..000000000 --- a/charts/stackstate/stackstate-k8s-agent/1.0.67/charts/http-header-injector/templates/webhook-config.yaml +++ /dev/null @@ -1,125 +0,0 @@ -{{- if .Values.enabled -}} -{{- $proxyContainerConfig := dict "ContainerConfig" .Values.proxy -}} -{{- $proxyInitContainerConfig := dict "ContainerConfig" .Values.proxyInit -}} -apiVersion: v1 -kind: ConfigMap -metadata: - labels: - app.kubernetes.io/component: http-header-injector - app.kubernetes.io/instance: {{ .Release.Name }} - app.kubernetes.io/name: {{ include "http-header-injector.app.name" . }} - name: {{ .Release.Name }}-http-header-injector-config -data: - sidecarconfig.yaml: | - initContainers: - - name: http-header-proxy-init - image: "{{ include "http-header-injector.image.registry" (merge $proxyInitContainerConfig .) }}/{{ .Values.proxyInit.image.repository }}:{{ .Values.proxyInit.image.tag }}" - imagePullPolicy: {{ .Values.proxyInit.image.pullPolicy }} - command: ["/init-iptables.sh"] - env: - - name: CHART_VERSION - value: "{{ .Chart.Version }}" - - name: PROXY_PORT - value: {% if index .Annotations "config.http-header-injector.stackstate.io/proxy-port" %}"{% index .Annotations "config.http-header-injector.stackstate.io/proxy-port" %}"{% else %}"7060"{% end %} - - name: PROXY_UID - value: {% if index .Annotations "config.http-header-injector.stackstate.io/proxy-uid" %}"{% index .Annotations "config.http-header-injector.stackstate.io/proxy-uid" %}"{% else %}"2103"{% end %} - - name: POD_HOST_NETWORK - value: {% .Spec.HostNetwork %} - {% if eq (index .Annotations "linkerd.io/inject") "enabled" %} - - name: LINKERD - value: true - # Reference: https://linkerd.io/2.13/reference/proxy-configuration/ - - name: LINKERD_PROXY_UID - value: {% if index .Annotations "config.linkerd.io/proxy-uid" %}"{% index .Annotations "config.linkerd.io/proxy-uid" %}"{% else %}"2102"{% end %} - # Due to https://github.com/linkerd/linkerd2/issues/10981 this is now not realy possible, still bringing in the code for future reference - - name: LINKERD_ADMIN_PORT - value: {% if index .Annotations "config.linkerd.io/admin-port" %}"{% index .Annotations "config.linkerd.io/admin-port" %}"{% else %}"4191"{% end %} - {% end %} - securityContext: - allowPrivilegeEscalation: false - capabilities: - add: - - NET_ADMIN - - NET_RAW - privileged: false - readOnlyRootFilesystem: true - runAsNonRoot: false - runAsUser: 0 - seccompProfile: - type: RuntimeDefault - volumeMounts: - # This is required for iptables to be able to run - - mountPath: /run - name: http-header-proxy-init-xtables-lock - - containers: - - name: http-header-proxy - image: "{{ include "http-header-injector.image.registry" (merge $proxyContainerConfig .) }}/{{ .Values.proxy.image.repository }}:{{ .Values.proxy.image.tag }}" - imagePullPolicy: {{ .Values.proxy.image.pullPolicy }} - env: - - name: CHART_VERSION - value: "{{ .Chart.Version }}" - - name: PORT - value: {% if index .Annotations "config.http-header-injector.stackstate.io/proxy-port" %}"{% index .Annotations "config.http-header-injector.stackstate.io/proxy-port" %}"{% else %}"7060"{% end %} - - name: DEBUG - value: {% if index .Annotations "config.http-header-injector.stackstate.io/debug" %}"{% index .Annotations "config.http-header-injector.stackstate.io/debug" %}"{% else %}"disabled"{% end %} - securityContext: - runAsUser: {% if index .Annotations "config.http-header-injector.stackstate.io/proxy-uid" %}{% index .Annotations "config.http-header-injector.stackstate.io/proxy-uid" %}{% else %}2103{% end %} - seccompProfile: - type: RuntimeDefault - {{- with .Values.proxy.resources }} - resources: - {{- toYaml . | nindent 12 }} - {{- end }} - - name: http-header-inject-debug - image: "{{ include "http-header-injector.image.registry" (merge $proxyContainerConfig .) }}/{{ .Values.proxyInit.image.repository }}:{{ .Values.proxyInit.image.tag }}" - imagePullPolicy: {{ .Values.proxyInit.image.pullPolicy }} - command: ["/bin/sh", "-c", "while echo \"Running\"; do sleep 1; done"] - securityContext: - allowPrivilegeEscalation: false - capabilities: - add: - - NET_ADMIN - - NET_RAW - privileged: false - readOnlyRootFilesystem: true - runAsNonRoot: false - runAsUser: 0 - seccompProfile: - type: RuntimeDefault - volumeMounts: - # This is required for iptables to be able to run - - mountPath: /run - name: http-header-proxy-init-xtables-lock - - volumes: - - emptyDir: {} - name: http-header-proxy-init-xtables-lock - - mutationconfig.yaml: | - mutationConfigs: - - name: "http-header-injector" - annotationNamespace: "http-header-injector.stackstate.io" - annotationTrigger: "inject" - annotationConfig: - volumeMounts: [] - initContainersBeforePodInitContainers: [ "http-header-proxy-init" ] - initContainers: [ "http-header-proxy-init" ] - containers: [ "http-header-proxy" ] - volumes: [ "http-header-proxy-init-xtables-lock" ] - volumeMounts: [ ] - # Namespaces are ignored by the mutatingwebhook - ignoreNamespaces: [ ] - - name: "http-header-injector-debug" - annotationNamespace: "http-header-injector-debug.stackstate.io" - annotationTrigger: "inject" - annotationConfig: - volumeMounts: [] - initContainersBeforePodInitContainers: [ ] - initContainers: [ ] - containers: [ "http-header-inject-debug" ] - volumes: [ "http-header-proxy-init-xtables-lock" ] - volumeMounts: [ ] - # Namespaces are ignored by the mutatingwebhook - ignoreNamespaces: [ ] - {{- end -}} \ No newline at end of file diff --git a/charts/stackstate/stackstate-k8s-agent/1.0.67/charts/http-header-injector/templates/webhook-deployment.yaml b/charts/stackstate/stackstate-k8s-agent/1.0.67/charts/http-header-injector/templates/webhook-deployment.yaml deleted file mode 100644 index e885d0e46..000000000 --- a/charts/stackstate/stackstate-k8s-agent/1.0.67/charts/http-header-injector/templates/webhook-deployment.yaml +++ /dev/null @@ -1,56 +0,0 @@ -{{- if .Values.enabled -}} -{{- $containerConfig := dict "ContainerConfig" .Values.sidecarInjector -}} -apiVersion: apps/v1 -kind: Deployment -metadata: - labels: - app.kubernetes.io/component: http-header-injector - app.kubernetes.io/instance: {{ .Release.Name }} - app.kubernetes.io/name: {{ include "http-header-injector.app.name" . }} - app: "{{ include "http-header-injector.app.name" . }}" - name: "{{ include "http-header-injector.app.name" . }}" -spec: - replicas: 1 - selector: - matchLabels: - app: "{{ include "http-header-injector.app.name" . }}" - template: - metadata: - labels: - app.kubernetes.io/component: http-header-injector - app.kubernetes.io/instance: {{ .Release.Name }} - app.kubernetes.io/name: {{ include "http-header-injector.app.name" . }} - app: "{{ include "http-header-injector.app.name" . }}" - annotations: - checksum/config: {{ include (print $.Template.BasePath "/webhook-config.yaml") . | sha256sum }} - # This is here to make sure the generic injector gets restarted and picks up a new secret that may have been generated upon upgrade. - revision: "{{ .Release.Revision }}" - name: "{{ include "http-header-injector.app.name" . }}" - spec: - {{- include "http-header-injector.image.pullSecrets" . | nindent 6 }} - volumes: - - name: "{{ include "http-header-injector.webhook-config.name" . }}" - configMap: - name: "{{ include "http-header-injector.webhook-config.name" . }}" - - name: "{{ include "http-header-injector.cert-secret.name" . }}" - secret: - secretName: "{{ include "http-header-injector.cert-secret.name" . }}" - containers: - - image: "{{ include "http-header-injector.image.registry" (merge $containerConfig .) }}/{{ .Values.sidecarInjector.image.repository }}:{{ .Values.sidecarInjector.image.tag }}" - imagePullPolicy: {{ .Values.sidecarInjector.image.pullPolicy }} - name: http-header-injector - volumeMounts: - - name: "{{ include "http-header-injector.webhook-config.name" . }}" - mountPath: /etc/webhook/config - readOnly: true - - name: "{{ include "http-header-injector.cert-secret.name" . }}" - mountPath: /etc/webhook/certs - readOnly: true - command: [ "/sidecarinjector" ] - args: - - --port=8443 - - --sidecar-config-file=/etc/webhook/config/sidecarconfig.yaml - - --mutation-config-file=/etc/webhook/config/mutationconfig.yaml - - --cert-file-path=/etc/webhook/certs/tls.crt - - --key-file-path=/etc/webhook/certs/tls.key -{{- end -}} \ No newline at end of file diff --git a/charts/stackstate/stackstate-k8s-agent/1.0.67/charts/http-header-injector/templates/webhook-mutatingwebhookconfiguration.yaml b/charts/stackstate/stackstate-k8s-agent/1.0.67/charts/http-header-injector/templates/webhook-mutatingwebhookconfiguration.yaml deleted file mode 100644 index 32d58afde..000000000 --- a/charts/stackstate/stackstate-k8s-agent/1.0.67/charts/http-header-injector/templates/webhook-mutatingwebhookconfiguration.yaml +++ /dev/null @@ -1,52 +0,0 @@ -{{- if not (eq .Values.webhook.tls.mode "generated") }} -apiVersion: admissionregistration.k8s.io/v1 -kind: MutatingWebhookConfiguration -metadata: - name: "{{ include "http-header-injector.mutating-webhook.name" . }}" - namespace: "{{ .Release.Namespace }}" - labels: - app.kubernetes.io/component: http-header-injector - app.kubernetes.io/instance: {{ .Release.Name }} - app.kubernetes.io/name: {{ include "http-header-injector.app.name" . }} - annotations: - {{- if eq .Values.webhook.tls.mode "cert-manager" }} - cert-manager.io/inject-ca-from: {{ include "cert-manager.certificate.namespace" . }}/{{ include "http-header-injector.webhook-service.name" . }} - {{- else if eq .Values.webhook.tls.mode "secret" }} - cert-manager.io/inject-ca-from-secret: {{ .Release.Namespace }}/{{ .Values.webhook.tls.secret.name | required "'webhook.tls.secret.name' is required when webhook.tls.mode is 'secret'" }} - {{- end }} -webhooks: - - clientConfig: - {{- if eq .Values.webhook.tls.mode "provided" }} - caBundle: "{{ .Values.webhook.tls.provided.caBundle | b64enc }}" - {{- else if or (eq .Values.webhook.tls.mode "cert-manager") (eq .Values.webhook.tls.mode "secret") }} - caBundle: "" - {{- end }} - service: - name: "{{ include "http-header-injector.webhook-service.name" . }}" - path: /mutate - namespace: {{ .Release.Namespace }} - port: 8443 - # Putting failure on ignore, not doing so can crash the entire control plane if something goes wrong with the service. - failurePolicy: "{{ .Values.webhook.failurePolicy }}" - name: "{{ include "http-header-injector.mutatingwebhookconfiguration.name" . }}" - namespaceSelector: - matchExpressions: - - key: kubernetes.io/metadata.name - operator: NotIn - values: - - kube-system - - cert-manager - - {{ .Release.Namespace }} - rules: - - apiGroups: - - "" - apiVersions: - - v1 - operations: - - CREATE - resources: - - pods - sideEffects: None - admissionReviewVersions: - - v1 -{{- end }} diff --git a/charts/stackstate/stackstate-k8s-agent/1.0.67/charts/http-header-injector/templates/webhook-service.yaml b/charts/stackstate/stackstate-k8s-agent/1.0.67/charts/http-header-injector/templates/webhook-service.yaml deleted file mode 100644 index 6936a5d23..000000000 --- a/charts/stackstate/stackstate-k8s-agent/1.0.67/charts/http-header-injector/templates/webhook-service.yaml +++ /dev/null @@ -1,17 +0,0 @@ -{{- if .Values.enabled -}} -apiVersion: v1 -kind: Service -metadata: - labels: - app.kubernetes.io/component: http-header-injector - app.kubernetes.io/instance: {{ .Release.Name }} - app.kubernetes.io/name: {{ include "http-header-injector.app.name" . }} - name: "{{ include "http-header-injector.webhook-service.name" . }}" -spec: - ports: - - port: 8443 - protocol: TCP - targetPort: 8443 - selector: - app: "{{ include "http-header-injector.app.name" . }}" -{{- end -}} diff --git a/charts/stackstate/stackstate-k8s-agent/1.0.67/charts/http-header-injector/values.yaml b/charts/stackstate/stackstate-k8s-agent/1.0.67/charts/http-header-injector/values.yaml deleted file mode 100644 index b7ed95b53..000000000 --- a/charts/stackstate/stackstate-k8s-agent/1.0.67/charts/http-header-injector/values.yaml +++ /dev/null @@ -1,105 +0,0 @@ -# enabled -- Enable/disable the mutationwebhook -enabled: true - -# debug -- Enable debugging. This will leave leave artifacts around like the prehook jobs for further inspection -debug: false - -global: - # global.imageRegistry -- Globally override the image registry that is used. Can be overridden by specific containers. Defaults to quay.io - imageRegistry: null - # global.imagePullSecrets -- Globally add image pull secrets that are used. - imagePullSecrets: [] - # global.imagePullCredentials -- Globally define credentials for pulling images. - imagePullCredentials: {} - -images: - pullSecretName: - -# proxy -- Proxy being injected into pods for rewriting http headers -proxy: - image: - # proxy.image.registry -- Registry for the docker image. - registry: - # proxy.image.repository - Repository for the docker image - repository: "stackstate/http-header-injector-proxy" - # proxy.image.pullPolicy -- Policy when pulling an image - pullPolicy: IfNotPresent - # proxy.image.tag -- The tag for the docker image - tag: sha-5ff79451 - - # proxy.resource -- Resources for the proxy container - resources: - requests: - # proxy.resources.requests.memory -- Memory resource requests. - memory: "25Mi" - limits: - # proxy.resources.limits.memory -- Memory resource limits. - memory: "40Mi" - -# proxyInit -- InitContainer within pod which redirects traffic to the proxy container. -proxyInit: - image: - # proxyInit.image.registry -- Registry for the docker image - registry: - # proxyInit.image.repository - Repository for the docker image - repository: "stackstate/http-header-injector-proxy-init" - # proxyInit.image.pullPolicy -- Policy when pulling an image - pullPolicy: IfNotPresent - # proxyInit.image.tag -- The tag for the docker image - tag: sha-5ff79451 - -# sidecarInjector -- Service for injecting the proxy sidecar into pods -sidecarInjector: - image: - # sidecarInjector.image.registry -- Registry for the docker image. - registry: - # sidecarInjector.image.repository - Repository for the docker image - repository: "stackstate/generic-sidecar-injector" - # sidecarInjector.image.pullPolicy -- Policy when pulling an image - pullPolicy: IfNotPresent - # sidecarInjector.image.tag -- The tag for the docker image - tag: sha-9c852245 - -# certificatePrehook -- Helm prehook to setup/remove a certificate for the sidecarInjector mutationwebhook -certificatePrehook: - image: - # certificatePrehook.image.registry -- Registry for the docker image. - registry: - # certificatePrehook.image.repository - Repository for the docker image. - repository: stackstate/container-tools - # certificatePrehook.image.pullPolicy -- Policy when pulling an image - pullPolicy: IfNotPresent - # certificatePrehook.image.tag -- The tag for the docker image - tag: 1.2.0 - resources: - limits: - cpu: "100m" - memory: "100Mi" - requests: - cpu: "100m" - memory: "100Mi" - -# webhook -- MutationWebhook that will be installed to inject a sidecar into pods -webhook: - # webhook.failurePolicy -- How should the webhook fail? Best is to use Ignore, because there is a brief moment at initialization when the hook s there but the service not. Also, putting this to fail can cause the control plane be unresponsive. - failurePolicy: Ignore - tls: - # webhook.tls.mode -- The mode for the webhook. Can be "provided", "generated", "secret" or "cert-manager". If you want to use cert-manager, you need to install it first. NOTE: If you choose "generated", additional privileges are required to create the certificate and webhook at runtime. - mode: "generated" - provided: - # webhook.tls.provided.caBundle -- The caBundle that is used for the webhook. This is the certificate that is used to sign the webhook. Only used if you set webhook.tls.mode to "provided". - caBundle: "" - # webhook.tls.provided.crt -- The certificate that is used for the webhook. Only used if you set webhook.tls.mode to "provided". - crt: "" - # webhook.tls.provided.key -- The key that is used for the webhook. Only used if you set webhook.tls.mode to "provided". - key: "" - certManager: - # webhook.tls.certManager.issuer -- The issuer that is used for the webhook. Only used if you set webhook.tls.mode to "cert-manager". - issuer: "" - # webhook.tls.certManager.issuerKind -- The issuer kind that is used for the webhook, valid values are "Issuer" or "ClusterIssuer". Only used if you set webhook.tls.mode to "cert-manager". - issuerKind: "ClusterIssuer" - # webhook.tls.certManager.issuerNamespace -- The namespace the cert-manager issuer is located in. If left empty defaults to the release's namespace that is used for the webhook. Only used if you set webhook.tls.mode to "cert-manager". - issuerNamespace: "" - secret: - # webhook.tls.secret.name -- The name of the secret containing the pre-provisioned certificate data that is used for the webhook. Only used if you set webhook.tls.mode to "secret". - name: "" diff --git a/charts/stackstate/stackstate-k8s-agent/1.0.67/questions.yml b/charts/stackstate/stackstate-k8s-agent/1.0.67/questions.yml deleted file mode 100644 index 5d6e6a011..000000000 --- a/charts/stackstate/stackstate-k8s-agent/1.0.67/questions.yml +++ /dev/null @@ -1,184 +0,0 @@ -questions: - - variable: stackstate.apiKey - label: "StackState API Key" - type: string - description: "The API key for StackState." - required: true - group: General - - variable: stackstate.url - label: "StackState URL" - type: string - description: "The URL where StackState is running." - required: true - group: General - - variable: stackstate.cluster.name - label: "StackState Cluster Name" - type: string - description: "The StackState Cluster Name given when installing the instance of the Kubernetes StackPack in StackState. This is used to identify the cluster in StackState." - required: true - group: General - - variable: all.registry.override - label: "Override Default Image Registry" - type: boolean - description: "Whether or not to override the default image registry." - default: false - group: "General" - show_subquestions_if: true - subquestions: - - variable: all.image.registry - label: "Docker Image Registry" - type: string - description: "The registry to pull the StackState Agent images from." - default: "quay.io" - - variable: global.imagePullCredentials.username - label: "Docker Image Pull Username" - type: string - description: "The username to use when pulling the StackState Agent images." - - variable: global.imagePullCredentials.password - label: "Docker Image Pull Password" - type: secret - description: "The password to use when pulling the StackState Agent images." - - variable: nodeAgent.containers.agent.resources.override - label: "Override Node Agent Resource Allocation" - type: boolean - description: "Whether or not to override the default resources." - default: "false" - group: "Node Agent" - show_subquestions_if: true - subquestions: - - variable: nodeAgent.containers.agent.resources.requests.cpu - label: "CPU Requests" - type: string - description: "The requested CPU for the Node Agent." - default: "20m" - - variable: nodeAgent.containers.agent.resources.requests.memory - label: "Memory Requests" - type: string - description: "The requested memory for the Node Agent." - default: "180Mi" - - variable: nodeAgent.containers.agent.resources.limits.cpu - label: "CPU Limit" - type: string - description: "The CPU limit for the Node Agent." - default: "270m" - - variable: nodeAgent.containers.agent.resources.limits.memory - label: "Memory Limit" - type: string - description: "The memory limit for the Node Agent." - default: "420Mi" - - variable: nodeAgent.containers.processAgent.enabled - label: "Enable Process Agent" - type: boolean - description: "Whether or not to enable the Process Agent." - default: "true" - group: "Process Agent" - - variable: nodeAgent.skipKubeletTLSVerify - label: "Skip Kubelet TLS Verify" - type: boolean - description: "Whether or not to skip TLS verification when connecting to the kubelet API." - default: "true" - group: "Process Agent" - - variable: nodeAgent.containers.processAgent.resources.override - label: "Override Process Agent Resource Allocation" - type: boolean - description: "Whether or not to override the default resources." - default: "false" - group: "Process Agent" - show_subquestions_if: true - subquestions: - - variable: nodeAgent.containers.processAgent.resources.requests.cpu - label: "CPU Requests" - type: string - description: "The requested CPU for the Process Agent." - default: "25m" - - variable: nodeAgent.containers.processAgent.resources.requests.memory - label: "Memory Requests" - type: string - description: "The requested memory for the Process Agent." - default: "128Mi" - - variable: nodeAgent.containers.processAgent.resources.limits.cpu - label: "CPU Limit" - type: string - description: "The CPU limit for the Process Agent." - default: "125m" - - variable: nodeAgent.containers.processAgent.resources.limits.memory - label: "Memory Limit" - type: string - description: "The memory limit for the Process Agent." - default: "400Mi" - - variable: clusterAgent.enabled - label: "Enable Cluster Agent" - type: boolean - description: "Whether or not to enable the Cluster Agent." - default: "true" - group: "Cluster Agent" - - variable: clusterAgent.collection.kubernetesResources.secrets - label: "Collect Secret Resources" - type: boolean - description: | - Whether or not to collect Kubernetes Secrets. - NOTE: StackState will not send the actual data of the secrets, only the metadata and a secure hash of the data. - default: "true" - group: "Cluster Agent" - - variable: clusterAgent.resources.override - label: "Override Cluster Agent Resource Allocation" - type: boolean - description: "Whether or not to override the default resources." - default: "false" - group: "Cluster Agent" - show_subquestions_if: true - subquestions: - - variable: clusterAgent.resources.requests.cpu - label: "CPU Requests" - type: string - description: "The requested CPU for the Cluster Agent." - default: "70m" - - variable: clusterAgent.resources.requests.memory - label: "Memory Requests" - type: string - description: "The requested memory for the Cluster Agent." - default: "512Mi" - - variable: clusterAgent.resources.limits.cpu - label: "CPU Limit" - type: string - description: "The CPU limit for the Cluster Agent." - default: "400m" - - variable: clusterAgent.resources.limits.memory - label: "Memory Limit" - type: string - description: "The memory limit for the Cluster Agent." - default: "800Mi" - - variable: logsAgent.enabled - label: "Enable Logs Agent" - type: boolean - description: "Whether or not to enable the Logs Agent." - default: "true" - group: "Logs Agent" - - variable: logsAgent.resources.override - label: "Override Logs Agent Resource Allocation" - type: boolean - description: "Whether or not to override the default resources." - default: "false" - group: "Logs Agent" - show_subquestions_if: true - subquestions: - - variable: logsAgent.resources.requests.cpu - label: "CPU Requests" - type: string - description: "The requested CPU for the Logs Agent." - default: "20m" - - variable: logsAgent.resources.requests.memory - label: "Memory Requests" - type: string - description: "The requested memory for the Logs Agent." - default: "100Mi" - - variable: logsAgent.resources.limits.cpu - label: "CPU Limit" - type: string - description: "The CPU limit for the Logs Agent." - default: "1300m" - - variable: logsAgent.resources.limits.memory - label: "Memory Limit" - type: string - description: "The memory limit for the Logs Agent." - default: "192Mi" diff --git a/charts/stackstate/stackstate-k8s-agent/1.0.67/templates/_cluster-agent-kube-state-metrics.yaml b/charts/stackstate/stackstate-k8s-agent/1.0.67/templates/_cluster-agent-kube-state-metrics.yaml deleted file mode 100644 index f99fbf618..000000000 --- a/charts/stackstate/stackstate-k8s-agent/1.0.67/templates/_cluster-agent-kube-state-metrics.yaml +++ /dev/null @@ -1,62 +0,0 @@ -{{- define "cluster-agent-kube-state-metrics" -}} -{{- $kubeRes := .Values.clusterAgent.collection.kubernetesResources }} -{{- if .Values.clusterAgent.collection.kubeStateMetrics.clusterCheck }} -cluster_check: true -{{- end }} -init_config: -instances: - - collectors: - - nodes - - pods - - services - {{- if $kubeRes.persistentvolumeclaims }} - - persistentvolumeclaims - {{- end }} - {{- if $kubeRes.persistentvolumes }} - - persistentvolumes - {{- end }} - {{- if $kubeRes.namespaces }} - - namespaces - {{- end }} - {{- if $kubeRes.endpoints }} - - endpoints - {{- end }} - {{- if $kubeRes.daemonsets }} - - daemonsets - {{- end }} - {{- if $kubeRes.deployments }} - - deployments - {{- end }} - {{- if $kubeRes.replicasets }} - - replicasets - {{- end }} - {{- if $kubeRes.statefulsets }} - - statefulsets - {{- end }} - {{- if $kubeRes.cronjobs }} - - cronjobs - {{- end }} - {{- if $kubeRes.jobs }} - - jobs - {{- end }} - {{- if $kubeRes.ingresses }} - - ingresses - {{- end }} - {{- if $kubeRes.secrets }} - - secrets - {{- end }} - - resourcequotas - - replicationcontrollers - - limitranges - - horizontalpodautoscalers - - poddisruptionbudgets - - storageclasses - - volumeattachments - {{- if .Values.clusterAgent.collection.kubeStateMetrics.clusterCheck }} - skip_leader_election: true - {{- end }} - labels_as_tags: - {{ .Values.clusterAgent.collection.kubeStateMetrics.labelsAsTags | toYaml | indent 8 }} - annotations_as_tags: - {{ .Values.clusterAgent.collection.kubeStateMetrics.annotationsAsTags | toYaml | indent 8 }} -{{- end -}} diff --git a/charts/stackstate/stackstate-k8s-agent/1.0.67/templates/_container-agent.yaml b/charts/stackstate/stackstate-k8s-agent/1.0.67/templates/_container-agent.yaml deleted file mode 100644 index 033ca11ec..000000000 --- a/charts/stackstate/stackstate-k8s-agent/1.0.67/templates/_container-agent.yaml +++ /dev/null @@ -1,192 +0,0 @@ -{{- define "container-agent" -}} -- name: node-agent -{{- if .Values.all.hardening.enabled}} - lifecycle: - preStop: - exec: - command: [ "/bin/sh", "-c", "echo 'Giving slim.ai monitor time to submit data...'; sleep 120" ] -{{- end }} - image: "{{ include "stackstate-k8s-agent.imageRegistry" . }}/{{ .Values.nodeAgent.containers.agent.image.repository }}:{{ .Values.nodeAgent.containers.agent.image.tag }}" - imagePullPolicy: "{{ .Values.nodeAgent.containers.agent.image.pullPolicy }}" - env: - - name: STS_API_KEY - valueFrom: - secretKeyRef: - name: {{ include "stackstate-k8s-agent.fullname" . }} - key: sts-api-key - - name: STS_KUBERNETES_KUBELET_HOST - valueFrom: - fieldRef: - fieldPath: status.hostIP - - name: KUBERNETES_HOSTNAME - valueFrom: - fieldRef: - fieldPath: spec.nodeName - - name: STS_HOSTNAME - value: "$(KUBERNETES_HOSTNAME)-{{ .Values.stackstate.cluster.name}}" - - name: AGENT_VERSION - value: {{ .Values.nodeAgent.containers.agent.image.tag | quote }} - - name: HOST_PROC - value: "/host/proc" - - name: HOST_SYS - value: "/host/sys" - - name: KUBERNETES - value: "true" - - name: STS_APM_ENABLED - value: {{ .Values.nodeAgent.apm.enabled | quote }} - - name: STS_APM_URL - value: {{ include "stackstate-k8s-agent.stackstate.url" . }} - - name: STS_CLUSTER_AGENT_ENABLED - value: {{ .Values.clusterAgent.enabled | quote }} - {{- if .Values.clusterAgent.enabled }} - - name: STS_CLUSTER_AGENT_KUBERNETES_SERVICE_NAME - value: {{ .Release.Name }}-cluster-agent - - name: STS_CLUSTER_AGENT_AUTH_TOKEN - valueFrom: - secretKeyRef: - name: {{ include "stackstate-k8s-agent.fullname" . }} - key: sts-cluster-auth-token - {{- end }} - - name: STS_CLUSTER_NAME - value: {{ .Values.stackstate.cluster.name | quote }} - - name: STS_SKIP_VALIDATE_CLUSTERNAME - value: "true" - - name: STS_CHECKS_TAG_CARDINALITY - value: {{ .Values.nodeAgent.checksTagCardinality | quote }} - {{- if .Values.checksAgent.enabled }} - - name: STS_EXTRA_CONFIG_PROVIDERS - value: "endpointschecks" - {{- end }} - - name: STS_HEALTH_PORT - value: "5555" - - name: STS_LEADER_ELECTION - value: "false" - - name: LOG_LEVEL - value: {{ .Values.nodeAgent.containers.agent.logLevel | default .Values.nodeAgent.logLevel | quote }} - - name: STS_LOG_LEVEL - value: {{ .Values.nodeAgent.containers.agent.logLevel | default .Values.nodeAgent.logLevel | quote }} - - name: STS_NETWORK_TRACING_ENABLED - value: {{ .Values.nodeAgent.networkTracing.enabled | quote }} - - name: STS_PROTOCOL_INSPECTION_ENABLED - value: {{ .Values.nodeAgent.protocolInspection.enabled | quote }} - - name: STS_PROCESS_AGENT_ENABLED - value: {{ .Values.nodeAgent.containers.agent.processAgent.enabled | quote }} - - name: STS_CONTAINER_CHECK_INTERVAL - value: {{ .Values.processAgent.checkIntervals.container | quote }} - - name: STS_CONNECTION_CHECK_INTERVAL - value: {{ .Values.processAgent.checkIntervals.connections | quote }} - - name: STS_PROCESS_CHECK_INTERVAL - value: {{ .Values.processAgent.checkIntervals.process | quote }} - - name: STS_PROCESS_AGENT_URL - value: {{ include "stackstate-k8s-agent.stackstate.url" . }} - - name: STS_SKIP_SSL_VALIDATION - value: {{ .Values.nodeAgent.skipSslValidation | quote }} - - name: STS_SKIP_KUBELET_TLS_VERIFY - value: {{ .Values.nodeAgent.skipKubeletTLSVerify | quote }} - - name: STS_STS_URL - value: {{ include "stackstate-k8s-agent.stackstate.url" . }} - {{- if .Values.nodeAgent.containerRuntime.customSocketPath }} - - name: STS_CRI_SOCKET_PATH - value: {{ .Values.nodeAgent.containerRuntime.customSocketPath }} - {{- end }} - {{- range $key, $value := .Values.nodeAgent.containers.agent.env }} - - name: {{ $key }} - value: {{ $value | quote }} - {{- end }} - {{- range $key, $value := .Values.global.extraEnv.open }} - - name: {{ $key }} - value: {{ $value | quote }} - {{- end }} - {{- range $key, $value := .Values.global.extraEnv.secret }} - - name: {{ $key }} - valueFrom: - secretKeyRef: - name: {{ include "stackstate-k8s-agent.fullname" . }} - key: {{ $key }} - {{- end }} - {{- if .Values.nodeAgent.containers.agent.livenessProbe.enabled }} - livenessProbe: - httpGet: - path: /health - port: healthport - failureThreshold: {{ .Values.nodeAgent.containers.agent.livenessProbe.failureThreshold }} - initialDelaySeconds: {{ .Values.nodeAgent.containers.agent.livenessProbe.initialDelaySeconds }} - periodSeconds: {{ .Values.nodeAgent.containers.agent.livenessProbe.periodSeconds }} - successThreshold: {{ .Values.nodeAgent.containers.agent.livenessProbe.successThreshold }} - timeoutSeconds: {{ .Values.nodeAgent.containers.agent.livenessProbe.timeoutSeconds }} - {{- end }} - {{- if .Values.nodeAgent.containers.agent.readinessProbe.enabled }} - readinessProbe: - httpGet: - path: /health - port: healthport - failureThreshold: {{ .Values.nodeAgent.containers.agent.readinessProbe.failureThreshold }} - initialDelaySeconds: {{ .Values.nodeAgent.containers.agent.readinessProbe.initialDelaySeconds }} - periodSeconds: {{ .Values.nodeAgent.containers.agent.readinessProbe.periodSeconds }} - successThreshold: {{ .Values.nodeAgent.containers.agent.readinessProbe.successThreshold }} - timeoutSeconds: {{ .Values.nodeAgent.containers.agent.readinessProbe.timeoutSeconds }} - {{- end }} - ports: - - containerPort: 8126 - name: traceport - protocol: TCP - - containerPort: 5555 - name: healthport - protocol: TCP - {{- with .Values.nodeAgent.containers.agent.resources }} - resources: - {{- toYaml . | nindent 12 }} - {{- end }} - volumeMounts: - {{- if .Values.nodeAgent.containerRuntime.customSocketPath }} - - name: customcrisocket - mountPath: {{ .Values.nodeAgent.containerRuntime.customSocketPath }} - readOnly: true - {{- end }} - - name: crisocket - mountPath: /var/run/crio/crio.sock - readOnly: true - - name: containerdsocket - mountPath: /var/run/containerd/containerd.sock - readOnly: true - - name: kubelet - mountPath: /var/lib/kubelet - readOnly: true - - name: nfs - mountPath: /var/lib/nfs - readOnly: true - - name: dockersocket - mountPath: /var/run/docker.sock - readOnly: true - - name: dockernetns - mountPath: /run/docker/netns - readOnly: true - - name: dockeroverlay2 - mountPath: /var/lib/docker/overlay2 - readOnly: true - - name: procdir - mountPath: /host/proc - readOnly: true - - name: cgroups - mountPath: /host/sys/fs/cgroup - readOnly: true - {{- if .Values.nodeAgent.config.override }} - {{- range .Values.nodeAgent.config.override }} - - name: config-override-volume - mountPath: {{ .path }}/{{ .name }} - subPath: {{ .path | replace "/" "_"}}_{{ .name }} - readOnly: true - {{- end }} - {{- end }} -{{- if .Values.all.hardening.enabled}} - securityContext: - privileged: true - runAsUser: 0 # root - capabilities: - add: [ "ALL" ] - readOnlyRootFilesystem: false -{{- else }} - securityContext: - privileged: false -{{- end }} -{{- end -}} diff --git a/charts/stackstate/stackstate-k8s-agent/1.0.67/templates/_container-process-agent.yaml b/charts/stackstate/stackstate-k8s-agent/1.0.67/templates/_container-process-agent.yaml deleted file mode 100644 index fa6ceb592..000000000 --- a/charts/stackstate/stackstate-k8s-agent/1.0.67/templates/_container-process-agent.yaml +++ /dev/null @@ -1,162 +0,0 @@ -{{- define "container-process-agent" -}} -- name: process-agent -{{ if .Values.nodeAgent.containers.processAgent.image.registry }} - image: "{{ .Values.nodeAgent.containers.processAgent.image.registry }}/{{ .Values.nodeAgent.containers.processAgent.image.repository }}:{{ .Values.nodeAgent.containers.processAgent.image.tag }}" -{{ else }} - image: "{{ include "stackstate-k8s-agent.imageRegistry" . }}/{{ .Values.nodeAgent.containers.processAgent.image.repository }}:{{ .Values.nodeAgent.containers.processAgent.image.tag }}" -{{- end }} - imagePullPolicy: "{{ .Values.nodeAgent.containers.processAgent.image.pullPolicy }}" - ports: - - containerPort: 6063 - env: - - name: STS_API_KEY - valueFrom: - secretKeyRef: - name: {{ include "stackstate-k8s-agent.fullname" . }} - key: sts-api-key - - name: STS_KUBERNETES_KUBELET_HOST - valueFrom: - fieldRef: - fieldPath: status.hostIP - - name: KUBERNETES_HOSTNAME - valueFrom: - fieldRef: - fieldPath: spec.nodeName - - name: STS_HOSTNAME - value: "$(KUBERNETES_HOSTNAME)-{{ .Values.stackstate.cluster.name}}" - - name: AGENT_VERSION - value: {{ .Values.nodeAgent.containers.processAgent.image.tag | quote }} - - name: STS_LOG_TO_CONSOLE - value: "true" - - name: HOST_PROC - value: "/host/proc" - - name: HOST_SYS - value: "/host/sys" - - name: HOST_ETC - value: "/host/etc" - - name: KUBERNETES - value: "true" - - name: STS_CLUSTER_AGENT_ENABLED - value: {{ .Values.clusterAgent.enabled | quote }} - {{- if .Values.clusterAgent.enabled }} - - name: STS_CLUSTER_AGENT_KUBERNETES_SERVICE_NAME - value: {{ .Release.Name }}-cluster-agent - - name: STS_CLUSTER_AGENT_AUTH_TOKEN - valueFrom: - secretKeyRef: - name: {{ include "stackstate-k8s-agent.fullname" . }} - key: sts-cluster-auth-token - {{- end }} - - name: STS_CLUSTER_NAME - value: {{ .Values.stackstate.cluster.name | quote }} - - name: STS_SKIP_VALIDATE_CLUSTERNAME - value: "true" - - name: LOG_LEVEL - value: {{ .Values.nodeAgent.containers.processAgent.logLevel | default .Values.nodeAgent.logLevel | quote }} - - name: STS_LOG_LEVEL - value: {{ .Values.nodeAgent.containers.processAgent.logLevel | default .Values.nodeAgent.logLevel | quote }} - - name: STS_NETWORK_TRACING_ENABLED - value: {{ .Values.nodeAgent.networkTracing.enabled | quote }} - - name: STS_PROTOCOL_INSPECTION_ENABLED - value: {{ .Values.nodeAgent.protocolInspection.enabled | quote }} - - name: STS_PROCESS_AGENT_ENABLED - value: {{ .Values.nodeAgent.containers.processAgent.enabled | quote }} - - name: STS_CONTAINER_CHECK_INTERVAL - value: {{ .Values.processAgent.checkIntervals.container | quote }} - - name: STS_CONNECTION_CHECK_INTERVAL - value: {{ .Values.processAgent.checkIntervals.connections | quote }} - - name: STS_PROCESS_CHECK_INTERVAL - value: {{ .Values.processAgent.checkIntervals.process | quote }} - - name: GOMEMLIMIT - value: {{ .Values.processAgent.softMemoryLimit.goMemLimit | quote }} - - name: STS_HTTP_STATS_BUFFER_SIZE - value: {{ .Values.processAgent.softMemoryLimit.httpStatsBufferSize | quote }} - - name: STS_HTTP_OBSERVATIONS_BUFFER_SIZE - value: {{ .Values.processAgent.softMemoryLimit.httpObservationsBufferSize | quote }} - - name: STS_PROCESS_AGENT_URL - value: {{ include "stackstate-k8s-agent.stackstate.url" . }} - - name: STS_SKIP_SSL_VALIDATION - value: {{ .Values.nodeAgent.skipSslValidation | quote }} - - name: STS_SKIP_KUBELET_TLS_VERIFY - value: {{ .Values.nodeAgent.skipKubeletTLSVerify | quote }} - - name: STS_STS_URL - value: {{ include "stackstate-k8s-agent.stackstate.url" . }} - - name: STS_HTTP_TRACING_ENABLED - value: {{ .Values.nodeAgent.httpTracing.enabled | quote }} - {{- if .Values.nodeAgent.containerRuntime.customSocketPath }} - - name: STS_CRI_SOCKET_PATH - value: {{ .Values.nodeAgent.containerRuntime.customSocketPath }} - {{- end }} - {{- range $key, $value := .Values.nodeAgent.containers.processAgent.env }} - - name: {{ $key }} - value: {{ $value | quote }} - {{- end }} - {{- range $key, $value := .Values.global.extraEnv.open }} - - name: {{ $key }} - value: {{ $value | quote }} - {{- end }} - {{- range $key, $value := .Values.global.extraEnv.secret }} - - name: {{ $key }} - valueFrom: - secretKeyRef: - name: {{ include "stackstate-k8s-agent.fullname" . }} - key: {{ $key }} - {{- end }} - {{- with .Values.nodeAgent.containers.processAgent.resources }} - resources: - {{- toYaml . | nindent 12 }} - {{- end }} - volumeMounts: - {{- if .Values.nodeAgent.containerRuntime.customSocketPath }} - - name: customcrisocket - mountPath: {{ .Values.nodeAgent.containerRuntime.customSocketPath }} - readOnly: true - {{- end }} - - name: crisocket - mountPath: /var/run/crio/crio.sock - readOnly: true - - name: containerdsocket - mountPath: /var/run/containerd/containerd.sock - readOnly: true - - name: sys-kernel-debug - mountPath: /sys/kernel/debug - # Having sys-kernel-debug as read only breaks specific monitors from receiving metrics - # readOnly: true - - name: dockersocket - mountPath: /var/run/docker.sock - readOnly: true - # The agent needs access to /etc to figure out what os it is running on. - - name: etcdir - mountPath: /host/etc - readOnly: true - - name: procdir - mountPath: /host/proc - # We have an agent option STS_DISABLE_BPF_JIT_HARDEN that write to /proc. this is a debug setting but if we want to use - # it, we have the option to make /proc writable. - readOnly: {{ .Values.nodeAgent.containers.processAgent.procVolumeReadOnly }} - - name: passwd - mountPath: /etc/passwd - readOnly: true - - name: cgroups - mountPath: /host/sys/fs/cgroup - readOnly: true - {{- if .Values.nodeAgent.config.override }} - {{- range .Values.nodeAgent.config.override }} - - name: config-override-volume - mountPath: {{ .path }}/{{ .name }} - subPath: {{ .path | replace "/" "_"}}_{{ .name }} - readOnly: true - {{- end }} - {{- end }} -{{- if .Values.all.hardening.enabled}} - securityContext: - privileged: true - runAsUser: 0 # root - capabilities: - add: [ "ALL" ] - readOnlyRootFilesystem: false -{{- else }} - securityContext: - privileged: true -{{- end }} -{{- end -}} diff --git a/charts/stackstate/stackstate-k8s-agent/1.0.67/templates/_helpers.tpl b/charts/stackstate/stackstate-k8s-agent/1.0.67/templates/_helpers.tpl deleted file mode 100644 index 09a27fd6e..000000000 --- a/charts/stackstate/stackstate-k8s-agent/1.0.67/templates/_helpers.tpl +++ /dev/null @@ -1,175 +0,0 @@ -{{/* vim: set filetype=mustache: */}} -{{/* -Expand the name of the chart. -*/}} -{{- define "stackstate-k8s-agent.name" -}} -{{- default .Chart.Name .Values.nameOverride | trunc 63 | trimSuffix "-" -}} -{{- end -}} - -{{/* -Create a default fully qualified app name. -We truncate at 63 chars because some Kubernetes name fields are limited to this (by the DNS naming spec). -If release name contains chart name it will be used as a full name. -*/}} -{{- define "stackstate-k8s-agent.fullname" -}} -{{- if .Values.fullnameOverride -}} -{{- .Values.fullnameOverride | trunc 63 | trimSuffix "-" -}} -{{- else -}} -{{- $name := default .Chart.Name .Values.nameOverride -}} -{{- if contains $name .Release.Name -}} -{{- .Release.Name | trunc 63 | trimSuffix "-" -}} -{{- else -}} -{{- printf "%s-%s" .Release.Name $name | trunc 63 | trimSuffix "-" -}} -{{- end -}} -{{- end -}} -{{- end -}} - -{{/* -Create chart name and version as used by the chart label. -*/}} -{{- define "stackstate-k8s-agent.chart" -}} -{{- printf "%s-%s" .Chart.Name .Chart.Version | replace "+" "_" | trunc 63 | trimSuffix "-" -}} -{{- end -}} - -{{/* -Common labels -*/}} -{{- define "stackstate-k8s-agent.labels" -}} -app.kubernetes.io/name: {{ include "stackstate-k8s-agent.name" . }} -helm.sh/chart: {{ include "stackstate-k8s-agent.chart" . }} -app.kubernetes.io/instance: {{ .Release.Name }} -{{- if .Chart.AppVersion }} -app.kubernetes.io/version: {{ .Chart.AppVersion | quote }} -{{- end }} -app.kubernetes.io/managed-by: {{ .Release.Service }} -{{- end -}} - -{{/* -Cluster agent checksum annotations -*/}} -{{- define "stackstate-k8s-agent.checksum-configs" }} -checksum/secret: {{ include (print $.Template.BasePath "/secret.yaml") . | sha256sum }} -{{- end }} - -{{/* -StackState URL function -*/}} -{{- define "stackstate-k8s-agent.stackstate.url" -}} -{{ tpl .Values.stackstate.url . | quote }} -{{- end }} - -{{- define "stackstate-k8s-agent.configmap.override.checksum" -}} -{{- if .Values.clusterAgent.config.override }} -checksum/override-configmap: {{ include (print $.Template.BasePath "/cluster-agent-configmap.yaml") . | sha256sum }} -{{- end }} -{{- end }} - -{{- define "stackstate-k8s-agent.nodeAgent.configmap.override.checksum" -}} -{{- if .Values.nodeAgent.config.override }} -checksum/override-configmap: {{ include (print $.Template.BasePath "/node-agent-configmap.yaml") . | sha256sum }} -{{- end }} -{{- end }} - -{{- define "stackstate-k8s-agent.logsAgent.configmap.override.checksum" -}} -checksum/override-configmap: {{ include (print $.Template.BasePath "/logs-agent-configmap.yaml") . | sha256sum }} -{{- end }} - -{{- define "stackstate-k8s-agent.checksAgent.configmap.override.checksum" -}} -{{- if .Values.checksAgent.config.override }} -checksum/override-configmap: {{ include (print $.Template.BasePath "/checks-agent-configmap.yaml") . | sha256sum }} -{{- end }} -{{- end }} - - -{{/* -Return the image registry -*/}} -{{- define "stackstate-k8s-agent.imageRegistry" -}} - {{- if .Values.global }} - {{- .Values.global.imageRegistry | default .Values.all.image.registry -}} - {{- else -}} - {{- .Values.all.image.registry -}} - {{- end -}} -{{- end -}} - -{{/* -Renders a value that contains a template. -Usage: -{{ include "stackstate-k8s-agent.tplvalue.render" ( dict "value" .Values.path.to.the.Value "context" $) }} -*/}} -{{- define "stackstate-k8s-agent.tplvalue.render" -}} - {{- if typeIs "string" .value }} - {{- tpl .value .context }} - {{- else }} - {{- tpl (.value | toYaml) .context }} - {{- end }} -{{- end -}} - -{{- define "stackstate-k8s-agent.pull-secret.name" -}} -{{ include "stackstate-k8s-agent.fullname" . }}-pull-secret -{{- end -}} - -{{/* -Return the proper Docker Image Registry Secret Names evaluating values as templates -{{ include "stackstate-k8s-agent.image.pullSecrets" ( dict "images" (list .Values.path.to.the.image1, .Values.path.to.the.image2) "context" $) }} -*/}} -{{- define "stackstate-k8s-agent.image.pullSecrets" -}} - {{- $pullSecrets := list }} - {{- $context := .context }} - {{- if $context.Values.global }} - {{- range $context.Values.global.imagePullSecrets -}} - {{/* Is plain array of strings, compatible with all bitnami charts */}} - {{- $pullSecrets = append $pullSecrets (include "stackstate-k8s-agent.tplvalue.render" (dict "value" . "context" $context)) -}} - {{- end -}} - {{- end -}} - {{- range $context.Values.imagePullSecrets -}} - {{- $pullSecrets = append $pullSecrets (include "stackstate-k8s-agent.tplvalue.render" (dict "value" .name "context" $context)) -}} - {{- end -}} - {{- range .images -}} - {{- if .pullSecretName -}} - {{- $pullSecrets = append $pullSecrets (include "stackstate-k8s-agent.tplvalue.render" (dict "value" .pullSecretName "context" $context)) -}} - {{- end -}} - {{- end -}} - {{- $pullSecrets = append $pullSecrets (include "stackstate-k8s-agent.pull-secret.name" $context) -}} - {{- if (not (empty $pullSecrets)) -}} -imagePullSecrets: - {{- range $pullSecrets | uniq }} - - name: {{ . }} - {{- end }} - {{- end }} -{{- end -}} - -{{/* -Check whether the kubernetes-state-metrics configuration is overridden. If so, return 'true' else return nothing (which is false). -{{ include "stackstate-k8s-agent.kube-state-metrics.overridden" $ }} -*/}} -{{- define "stackstate-k8s-agent.kube-state-metrics.overridden" -}} -{{- if .Values.clusterAgent.config.override }} - {{- range $i, $val := .Values.clusterAgent.config.override }} - {{- if and (eq $val.name "conf.yaml") (eq $val.path "/etc/stackstate-agent/conf.d/kubernetes_state.d") }} -true - {{- end }} - {{- end }} -{{- end }} -{{- end -}} - -{{- define "stackstate-k8s-agent.nodeAgent.kube-state-metrics.overridden" -}} -{{- if .Values.nodeAgent.config.override }} - {{- range $i, $val := .Values.nodeAgent.config.override }} - {{- if and (eq $val.name "auto_conf.yaml") (eq $val.path "/etc/stackstate-agent/conf.d/kubernetes_state.d") }} -true - {{- end }} - {{- end }} -{{- end }} -{{- end -}} - -{{/* -Return the appropriate os label -*/}} -{{- define "label.os" -}} -{{- if semverCompare "^1.14-0" .Capabilities.KubeVersion.GitVersion -}} -kubernetes.io/os -{{- else -}} -beta.kubernetes.io/os -{{- end -}} -{{- end -}} diff --git a/charts/stackstate/stackstate-k8s-agent/1.0.67/templates/checks-agent-clusterrolebinding.yaml b/charts/stackstate/stackstate-k8s-agent/1.0.67/templates/checks-agent-clusterrolebinding.yaml deleted file mode 100644 index 9db8b0bc3..000000000 --- a/charts/stackstate/stackstate-k8s-agent/1.0.67/templates/checks-agent-clusterrolebinding.yaml +++ /dev/null @@ -1,18 +0,0 @@ -{{- if .Values.checksAgent.enabled }} -apiVersion: rbac.authorization.k8s.io/v1 -kind: ClusterRoleBinding -metadata: - name: {{ .Release.Name }}-checks-agent - labels: -{{ include "stackstate-k8s-agent.labels" . | indent 4 }} - app.kubernetes.io/component: checks-agent -roleRef: - apiGroup: rbac.authorization.k8s.io - kind: ClusterRole - name: {{ .Release.Name }}-node-agent -subjects: -- apiGroup: "" - kind: ServiceAccount - name: {{ .Release.Name }}-checks-agent - namespace: {{ .Release.Namespace }} -{{- end -}} diff --git a/charts/stackstate/stackstate-k8s-agent/1.0.67/templates/checks-agent-configmap.yaml b/charts/stackstate/stackstate-k8s-agent/1.0.67/templates/checks-agent-configmap.yaml deleted file mode 100644 index faeefa1fc..000000000 --- a/charts/stackstate/stackstate-k8s-agent/1.0.67/templates/checks-agent-configmap.yaml +++ /dev/null @@ -1,14 +0,0 @@ -{{- if and .Values.checksAgent.enabled .Values.checksAgent.config.override }} -apiVersion: v1 -kind: ConfigMap -metadata: - name: {{ .Release.Name }}-checks-agent - labels: -{{ include "stackstate-k8s-agent.labels" . | indent 4 }} - app.kubernetes.io/component: checks-agent -data: -{{- range .Values.checksAgent.config.override }} - {{ .path | replace "/" "_"}}_{{ .name }}: | -{{ .data | indent 4 -}} -{{- end -}} -{{- end -}} diff --git a/charts/stackstate/stackstate-k8s-agent/1.0.67/templates/checks-agent-deployment.yaml b/charts/stackstate/stackstate-k8s-agent/1.0.67/templates/checks-agent-deployment.yaml deleted file mode 100644 index 4530fc616..000000000 --- a/charts/stackstate/stackstate-k8s-agent/1.0.67/templates/checks-agent-deployment.yaml +++ /dev/null @@ -1,182 +0,0 @@ -{{- if .Values.checksAgent.enabled }} -apiVersion: apps/v1 -kind: Deployment -metadata: - name: {{ .Release.Name }}-checks-agent - namespace: {{ .Release.Namespace }} - labels: -{{ include "stackstate-k8s-agent.labels" . | indent 4 }} - app.kubernetes.io/component: checks-agent -spec: - selector: - matchLabels: - app.kubernetes.io/component: checks-agent - app.kubernetes.io/instance: {{ .Release.Name }} - app.kubernetes.io/name: {{ include "stackstate-k8s-agent.name" . }} - replicas: {{ .Values.checksAgent.replicas }} -{{- with .Values.checksAgent.strategy }} - strategy: - {{- toYaml . | nindent 4 }} -{{- end }} - template: - metadata: - annotations: - {{- include "stackstate-k8s-agent.checksum-configs" . | nindent 8 }} - {{- include "stackstate-k8s-agent.nodeAgent.configmap.override.checksum" . | nindent 8 }} - labels: - app.kubernetes.io/component: checks-agent - app.kubernetes.io/instance: {{ .Release.Name }} - app.kubernetes.io/name: {{ include "stackstate-k8s-agent.name" . }} - spec: - {{- include "stackstate-k8s-agent.image.pullSecrets" (dict "images" (list .Values.checksAgent.image .Values.all.image) "context" $) | nindent 6 }} - {{- if .Values.all.hardening.enabled}} - terminationGracePeriodSeconds: 240 - {{- end }} - containers: - - name: {{ .Chart.Name }} - image: "{{ include "stackstate-k8s-agent.imageRegistry" . }}/{{ .Values.checksAgent.image.repository }}:{{ .Values.checksAgent.image.tag }}" - imagePullPolicy: "{{ .Values.checksAgent.image.pullPolicy }}" - {{- if .Values.all.hardening.enabled}} - lifecycle: - preStop: - exec: - command: [ "/bin/sh", "-c", "echo 'Giving slim.ai monitor time to submit data...'; sleep 120" ] - {{- end }} - env: - - name: STS_API_KEY - valueFrom: - secretKeyRef: - name: {{ include "stackstate-k8s-agent.fullname" . }} - key: sts-api-key - - name: KUBERNETES_HOSTNAME - valueFrom: - fieldRef: - fieldPath: spec.nodeName - - name: STS_HOSTNAME - value: "$(KUBERNETES_HOSTNAME)-{{ .Values.stackstate.cluster.name}}" - - name: AGENT_VERSION - value: {{ .Values.checksAgent.image.tag | quote }} - - name: LOG_LEVEL - value: {{ .Values.checksAgent.logLevel | quote }} - - name: STS_APM_ENABLED - value: "false" - - name: STS_CLUSTER_AGENT_ENABLED - value: {{ .Values.clusterAgent.enabled | quote }} - {{- if .Values.clusterAgent.enabled }} - - name: STS_CLUSTER_AGENT_KUBERNETES_SERVICE_NAME - value: {{ .Release.Name }}-cluster-agent - - name: STS_CLUSTER_AGENT_AUTH_TOKEN - valueFrom: - secretKeyRef: - name: {{ include "stackstate-k8s-agent.fullname" . }} - key: sts-cluster-auth-token - {{- end }} - - name: STS_CLUSTER_NAME - value: {{ .Values.stackstate.cluster.name | quote }} - - name: STS_SKIP_VALIDATE_CLUSTERNAME - value: "true" - - name: STS_CHECKS_TAG_CARDINALITY - value: {{ .Values.checksAgent.checksTagCardinality | quote }} - - name: STS_EXTRA_CONFIG_PROVIDERS - value: "clusterchecks" - - name: STS_HEALTH_PORT - value: "5555" - - name: STS_LEADER_ELECTION - value: "false" - - name: STS_LOG_LEVEL - value: {{ .Values.checksAgent.logLevel | quote }} - - name: STS_NETWORK_TRACING_ENABLED - value: "false" - - name: STS_PROCESS_AGENT_ENABLED - value: "false" - - name: STS_SKIP_SSL_VALIDATION - value: {{ .Values.checksAgent.skipSslValidation | quote }} - - name: STS_STS_URL - value: {{ include "stackstate-k8s-agent.stackstate.url" . }} - {{- range $key, $value := .Values.global.extraEnv.open }} - - name: {{ $key }} - value: {{ $value | quote }} - {{- end }} - {{- range $key, $value := .Values.global.extraEnv.secret }} - - name: {{ $key }} - valueFrom: - secretKeyRef: - name: {{ include "stackstate-k8s-agent.fullname" . }} - key: {{ $key }} - {{- end }} - livenessProbe: - httpGet: - path: /health - port: healthport - failureThreshold: {{ .Values.checksAgent.livenessProbe.failureThreshold }} - initialDelaySeconds: {{ .Values.checksAgent.livenessProbe.initialDelaySeconds }} - periodSeconds: {{ .Values.checksAgent.livenessProbe.periodSeconds }} - successThreshold: {{ .Values.checksAgent.livenessProbe.successThreshold }} - timeoutSeconds: {{ .Values.checksAgent.livenessProbe.timeoutSeconds }} - readinessProbe: - httpGet: - path: /health - port: healthport - failureThreshold: {{ .Values.checksAgent.readinessProbe.failureThreshold }} - initialDelaySeconds: {{ .Values.checksAgent.readinessProbe.initialDelaySeconds }} - periodSeconds: {{ .Values.checksAgent.readinessProbe.periodSeconds }} - successThreshold: {{ .Values.checksAgent.readinessProbe.successThreshold }} - timeoutSeconds: {{ .Values.checksAgent.readinessProbe.timeoutSeconds }} - ports: - - containerPort: 5555 - name: healthport - protocol: TCP - {{- if .Values.all.hardening.enabled}} - securityContext: - privileged: true - runAsUser: 0 # root - capabilities: - add: [ "ALL" ] - readOnlyRootFilesystem: false - {{- else }} - securityContext: - privileged: false - {{- end }} - {{- with .Values.checksAgent.resources }} - resources: - {{- toYaml . | nindent 12 }} - {{- end }} - volumeMounts: - - name: confd-empty-volume - mountPath: /etc/stackstate-agent/conf.d -# setting as readOnly: false because we need the ability to write data on /etc/stackstate-agent/conf.d as we enable checks to run. - readOnly: false - {{- if .Values.checksAgent.config.override }} - {{- range .Values.checksAgent.config.override }} - - name: config-override-volume - mountPath: {{ .path }}/{{ .name }} - subPath: {{ .path | replace "/" "_"}}_{{ .name }} - readOnly: true - {{- end }} - {{- end }} - {{- if .Values.checksAgent.priorityClassName }} - priorityClassName: {{ .Values.checksAgent.priorityClassName }} - {{- end }} - serviceAccountName: {{ .Release.Name }}-checks-agent - nodeSelector: - {{ template "label.os" . }}: {{ .Values.targetSystem }} - {{- with .Values.checksAgent.nodeSelector }} - {{- toYaml . | nindent 8 }} - {{- end }} - {{- with .Values.checksAgent.affinity }} - affinity: - {{- toYaml . | nindent 8 }} - {{- end }} - {{- with .Values.checksAgent.tolerations }} - tolerations: - {{- toYaml . | nindent 8 }} - {{- end }} - volumes: - - name: confd-empty-volume - emptyDir: {} - {{- if .Values.checksAgent.config.override }} - - name: config-override-volume - configMap: - name: {{ .Release.Name }}-checks-agent - {{- end }} -{{- end -}} diff --git a/charts/stackstate/stackstate-k8s-agent/1.0.67/templates/checks-agent-poddisruptionbudget.yaml b/charts/stackstate/stackstate-k8s-agent/1.0.67/templates/checks-agent-poddisruptionbudget.yaml deleted file mode 100644 index 7a9f1d8f9..000000000 --- a/charts/stackstate/stackstate-k8s-agent/1.0.67/templates/checks-agent-poddisruptionbudget.yaml +++ /dev/null @@ -1,20 +0,0 @@ -{{- if .Values.checksAgent.enabled }} -{{- if .Capabilities.APIVersions.Has "policy/v1/PodDisruptionBudget" }} -apiVersion: policy/v1 -{{- else }} -apiVersion: policy/v1beta1 -{{- end }} -kind: PodDisruptionBudget -metadata: - name: {{ .Release.Name }}-checks-agent - labels: -{{ include "stackstate-k8s-agent.labels" . | indent 4 }} - app.kubernetes.io/component: checks-agent -spec: - maxUnavailable: 1 - selector: - matchLabels: - app.kubernetes.io/component: checks-agent - app.kubernetes.io/instance: {{ .Release.Name }} - app.kubernetes.io/name: {{ include "stackstate-k8s-agent.name" . }} -{{- end -}} diff --git a/charts/stackstate/stackstate-k8s-agent/1.0.67/templates/checks-agent-serviceaccount.yaml b/charts/stackstate/stackstate-k8s-agent/1.0.67/templates/checks-agent-serviceaccount.yaml deleted file mode 100644 index 444aad220..000000000 --- a/charts/stackstate/stackstate-k8s-agent/1.0.67/templates/checks-agent-serviceaccount.yaml +++ /dev/null @@ -1,14 +0,0 @@ -{{- if .Values.checksAgent.enabled }} -apiVersion: v1 -kind: ServiceAccount -metadata: - name: {{ .Release.Name }}-checks-agent - namespace: {{ .Release.Namespace }} - labels: -{{ include "stackstate-k8s-agent.labels" . | indent 4 }} - app.kubernetes.io/component: checks-agent -{{- end -}} -{{- with .Values.checksAgent.serviceaccount.annotations }} - annotations: - {{- toYaml . | nindent 4 }} -{{- end }} diff --git a/charts/stackstate/stackstate-k8s-agent/1.0.67/templates/cluster-agent-clusterrole.yaml b/charts/stackstate/stackstate-k8s-agent/1.0.67/templates/cluster-agent-clusterrole.yaml deleted file mode 100644 index 6a7b27d18..000000000 --- a/charts/stackstate/stackstate-k8s-agent/1.0.67/templates/cluster-agent-clusterrole.yaml +++ /dev/null @@ -1,106 +0,0 @@ -{{- $kubeRes := .Values.clusterAgent.collection.kubernetesResources }} -apiVersion: rbac.authorization.k8s.io/v1 -kind: ClusterRole -metadata: - name: {{ include "stackstate-k8s-agent.fullname" . }} - labels: -{{ include "stackstate-k8s-agent.labels" . | indent 4 }} - app.kubernetes.io/component: cluster-agent -rules: -- apiGroups: - - "" - resources: - - events - - nodes - - pods - - services - {{- if $kubeRes.namespaces }} - - namespaces - {{- end }} - {{- if .Values.clusterAgent.collection.kubernetesMetrics }} - - componentstatuses - {{- end }} - {{- if $kubeRes.configmaps }} - - configmaps - {{- end }} - {{- if $kubeRes.endpoints }} - - endpoints - {{- end }} - {{- if $kubeRes.persistentvolumeclaims }} - - persistentvolumeclaims - {{- end }} - {{- if $kubeRes.persistentvolumes }} - - persistentvolumes - {{- end }} - {{- if $kubeRes.secrets }} - - secrets - {{- end }} - {{- if $kubeRes.resourcequotas }} - - resourcequotas - {{- end }} - verbs: - - get - - list - - watch -{{- if or $kubeRes.daemonsets $kubeRes.deployments $kubeRes.replicasets $kubeRes.statefulsets }} -- apiGroups: - - "apps" - resources: - {{- if $kubeRes.daemonsets }} - - daemonsets - {{- end }} - {{- if $kubeRes.deployments }} - - deployments - {{- end }} - {{- if $kubeRes.replicasets }} - - replicasets - {{- end }} - {{- if $kubeRes.statefulsets }} - - statefulsets - {{- end }} - verbs: - - get - - list - - watch -{{- end}} -{{- if $kubeRes.ingresses }} -- apiGroups: - - "extensions" - - "networking.k8s.io" - resources: - - ingresses - verbs: - - get - - list - - watch -{{- end}} -{{- if or $kubeRes.cronjobs $kubeRes.jobs }} -- apiGroups: - - "batch" - resources: - {{- if $kubeRes.cronjobs }} - - cronjobs - {{- end }} - {{- if $kubeRes.jobs }} - - jobs - {{- end }} - verbs: - - get - - list - - watch -{{- end}} -- nonResourceURLs: - - "/healthz" - - "/version" - verbs: - - get -- apiGroups: - - "storage.k8s.io" - resources: - {{- if $kubeRes.volumeattachments }} - - volumeattachments - {{- end }} - verbs: - - get - - list - - watch diff --git a/charts/stackstate/stackstate-k8s-agent/1.0.67/templates/cluster-agent-clusterrolebinding.yaml b/charts/stackstate/stackstate-k8s-agent/1.0.67/templates/cluster-agent-clusterrolebinding.yaml deleted file mode 100644 index 0b1bd37ea..000000000 --- a/charts/stackstate/stackstate-k8s-agent/1.0.67/templates/cluster-agent-clusterrolebinding.yaml +++ /dev/null @@ -1,16 +0,0 @@ -apiVersion: rbac.authorization.k8s.io/v1 -kind: ClusterRoleBinding -metadata: - name: {{ include "stackstate-k8s-agent.fullname" . }} - labels: -{{ include "stackstate-k8s-agent.labels" . | indent 4 }} - app.kubernetes.io/component: cluster-agent -roleRef: - apiGroup: rbac.authorization.k8s.io - kind: ClusterRole - name: {{ include "stackstate-k8s-agent.fullname" . }} -subjects: -- apiGroup: "" - kind: ServiceAccount - name: {{ include "stackstate-k8s-agent.fullname" . }} - namespace: {{ .Release.Namespace }} diff --git a/charts/stackstate/stackstate-k8s-agent/1.0.67/templates/cluster-agent-configmap.yaml b/charts/stackstate/stackstate-k8s-agent/1.0.67/templates/cluster-agent-configmap.yaml deleted file mode 100644 index 89273e11b..000000000 --- a/charts/stackstate/stackstate-k8s-agent/1.0.67/templates/cluster-agent-configmap.yaml +++ /dev/null @@ -1,28 +0,0 @@ -apiVersion: v1 -kind: ConfigMap -metadata: - name: {{ .Release.Name }}-cluster-agent - labels: -{{ include "stackstate-k8s-agent.labels" . | indent 4 }} - app.kubernetes.io/component: cluster-agent -data: - kubernetes_api_events_conf: | - init_config: - instances: - - collect_events: {{ .Values.clusterAgent.collection.kubernetesEvents }} - event_categories:{{ .Values.clusterAgent.config.events.categories | toYaml | nindent 10 }} - kubernetes_api_topology_conf: | - init_config: - instances: - - collection_interval: {{ .Values.clusterAgent.config.topology.collectionInterval }} - resources:{{ .Values.clusterAgent.collection.kubernetesResources | toYaml | nindent 10 }} - {{- if .Values.clusterAgent.collection.kubeStateMetrics.enabled }} - kube_state_metrics_core_conf: | - {{- include "cluster-agent-kube-state-metrics" . | nindent 6 }} - {{- end }} -{{- if .Values.clusterAgent.config.override }} -{{- range .Values.clusterAgent.config.override }} - {{ .path | replace "/" "_"}}_{{ .name }}: | -{{ .data | indent 4 -}} -{{- end -}} -{{- end -}} diff --git a/charts/stackstate/stackstate-k8s-agent/1.0.67/templates/cluster-agent-deployment.yaml b/charts/stackstate/stackstate-k8s-agent/1.0.67/templates/cluster-agent-deployment.yaml deleted file mode 100644 index 60c50803a..000000000 --- a/charts/stackstate/stackstate-k8s-agent/1.0.67/templates/cluster-agent-deployment.yaml +++ /dev/null @@ -1,164 +0,0 @@ -apiVersion: apps/v1 -kind: Deployment -metadata: - name: {{ .Release.Name }}-cluster-agent - labels: -{{ include "stackstate-k8s-agent.labels" . | indent 4 }} - app.kubernetes.io/component: cluster-agent -spec: - replicas: {{ .Values.clusterAgent.replicaCount }} - selector: - matchLabels: - app.kubernetes.io/component: cluster-agent - app.kubernetes.io/instance: {{ .Release.Name }} - app.kubernetes.io/name: {{ include "stackstate-k8s-agent.name" . }} -{{- with .Values.clusterAgent.strategy }} - strategy: - {{- toYaml . | nindent 4 }} -{{- end }} - template: - metadata: - annotations: - {{- include "stackstate-k8s-agent.checksum-configs" . | nindent 8 }} - {{- include "stackstate-k8s-agent.configmap.override.checksum" . | nindent 8 }} - labels: - app.kubernetes.io/component: cluster-agent - app.kubernetes.io/instance: {{ .Release.Name }} - app.kubernetes.io/name: {{ include "stackstate-k8s-agent.name" . }} - spec: - {{- include "stackstate-k8s-agent.image.pullSecrets" (dict "images" (list .Values.clusterAgent.image .Values.all.image) "context" $) | nindent 6 }} - {{- if .Values.clusterAgent.priorityClassName }} - priorityClassName: {{ .Values.clusterAgent.priorityClassName }} - {{- end }} - serviceAccountName: {{ include "stackstate-k8s-agent.fullname" . }} - {{- if .Values.all.hardening.enabled}} - terminationGracePeriodSeconds: 240 - {{- end }} - containers: - - name: cluster-agent - image: "{{ include "stackstate-k8s-agent.imageRegistry" . }}/{{ .Values.clusterAgent.image.repository }}:{{ .Values.clusterAgent.image.tag }}" - imagePullPolicy: "{{ .Values.clusterAgent.image.pullPolicy }}" - {{- if .Values.all.hardening.enabled}} - lifecycle: - preStop: - exec: - command: [ "/bin/sh", "-c", "echo 'Giving slim.ai monitor time to submit data...'; sleep 120" ] - {{- end }} - env: - - name: STS_API_KEY - valueFrom: - secretKeyRef: - name: {{ include "stackstate-k8s-agent.fullname" . }} - key: sts-api-key - - name: STS_CLUSTER_AGENT_AUTH_TOKEN - valueFrom: - secretKeyRef: - name: {{ include "stackstate-k8s-agent.fullname" . }} - key: sts-cluster-auth-token - - name: KUBERNETES_HOSTNAME - valueFrom: - fieldRef: - fieldPath: spec.nodeName - - name: STS_HOSTNAME - value: "$(KUBERNETES_HOSTNAME)-{{ .Values.stackstate.cluster.name}}" - - name: LOG_LEVEL - value: {{ .Values.clusterAgent.logLevel | quote }} - {{- if .Values.checksAgent.enabled }} - - name: STS_CLUSTER_CHECKS_ENABLED - value: "true" - - name: STS_EXTRA_CONFIG_PROVIDERS - value: "kube_endpoints kube_services" - - name: STS_EXTRA_LISTENERS - value: "kube_endpoints kube_services" - {{- end }} - - name: STS_CLUSTER_NAME - value: {{.Values.stackstate.cluster.name | quote }} - - name: STS_SKIP_VALIDATE_CLUSTERNAME - value: "true" - - name: STS_COLLECT_KUBERNETES_METRICS - value: {{ .Values.clusterAgent.collection.kubernetesMetrics | quote }} - - name: STS_COLLECT_KUBERNETES_TIMEOUT - value: {{ .Values.clusterAgent.collection.kubernetesTimeout | quote }} - - name: STS_COLLECT_KUBERNETES_TOPOLOGY - value: {{ .Values.clusterAgent.collection.kubernetesTopology | quote }} - - name: STS_LEADER_ELECTION - value: "true" - - name: STS_LOG_LEVEL - value: {{ .Values.clusterAgent.logLevel | quote }} - - name: STS_CLUSTER_AGENT_CMD_PORT - value: {{ .Values.clusterAgent.service.targetPort | quote }} - - name: STS_STS_URL - value: {{ include "stackstate-k8s-agent.stackstate.url" . }} - {{- if .Values.clusterAgent.config.configMap.maxDataSize }} - - name: STS_CONFIGMAP_MAX_DATASIZE - value: {{ .Values.clusterAgent.config.configMap.maxDataSize | quote }} - {{- end}} - {{- range $key, $value := .Values.global.extraEnv.open }} - - name: {{ $key }} - value: {{ $value | quote }} - {{- end }} - {{- range $key, $value := .Values.global.extraEnv.secret }} - - name: {{ $key }} - valueFrom: - secretKeyRef: - name: {{ include "stackstate-k8s-agent.fullname" . }} - key: {{ $key }} - {{- end }} - {{- if .Values.all.hardening.enabled}} - securityContext: - privileged: true - runAsUser: 0 # root - capabilities: - add: [ "ALL" ] - readOnlyRootFilesystem: false - {{- else }} - securityContext: - privileged: false - {{- end }} - {{- with .Values.clusterAgent.resources }} - resources: - {{- toYaml . | nindent 12 }} - {{- end }} - volumeMounts: - - name: logs - mountPath: /var/log/stackstate-agent - - name: config-override-volume - mountPath: /etc/stackstate-agent/conf.d/kubernetes_api_events.d/conf.yaml - subPath: kubernetes_api_events_conf - - name: config-override-volume - mountPath: /etc/stackstate-agent/conf.d/kubernetes_api_topology.d/conf.yaml - subPath: kubernetes_api_topology_conf - readOnly: true - {{- if .Values.clusterAgent.collection.kubeStateMetrics.enabled }} - - name: config-override-volume - mountPath: /etc/stackstate-agent/conf.d/kubernetes_state_core.d/conf.yaml - subPath: kube_state_metrics_core_conf - readOnly: true - {{- end }} - {{- if .Values.clusterAgent.config.override }} - {{- range .Values.clusterAgent.config.override }} - - name: config-override-volume - mountPath: {{ .path }}/{{ .name }} - subPath: {{ .path | replace "/" "_"}}_{{ .name }} - readOnly: true - {{- end }} - {{- end }} - nodeSelector: - {{ template "label.os" . }}: {{ .Values.targetSystem }} - {{- with .Values.clusterAgent.nodeSelector }} - {{- toYaml . | nindent 8 }} - {{- end }} - {{- with .Values.clusterAgent.affinity }} - affinity: - {{- toYaml . | nindent 8 }} - {{- end }} - {{- with .Values.clusterAgent.tolerations }} - tolerations: - {{- toYaml . | nindent 8 }} - {{- end }} - volumes: - - name: logs - emptyDir: {} - - name: config-override-volume - configMap: - name: {{ .Release.Name }}-cluster-agent diff --git a/charts/stackstate/stackstate-k8s-agent/1.0.67/templates/cluster-agent-poddisruptionbudget.yaml b/charts/stackstate/stackstate-k8s-agent/1.0.67/templates/cluster-agent-poddisruptionbudget.yaml deleted file mode 100644 index 652fa63d9..000000000 --- a/charts/stackstate/stackstate-k8s-agent/1.0.67/templates/cluster-agent-poddisruptionbudget.yaml +++ /dev/null @@ -1,18 +0,0 @@ -{{- if .Capabilities.APIVersions.Has "policy/v1/PodDisruptionBudget" }} -apiVersion: policy/v1 -{{- else }} -apiVersion: policy/v1beta1 -{{- end }} -kind: PodDisruptionBudget -metadata: - name: {{ include "stackstate-k8s-agent.fullname" . }} - labels: -{{ include "stackstate-k8s-agent.labels" . | indent 4 }} - app.kubernetes.io/component: cluster-agent -spec: - maxUnavailable: 1 - selector: - matchLabels: - app.kubernetes.io/component: cluster-agent - app.kubernetes.io/instance: {{ .Release.Name }} - app.kubernetes.io/name: {{ include "stackstate-k8s-agent.name" . }} diff --git a/charts/stackstate/stackstate-k8s-agent/1.0.67/templates/cluster-agent-role.yaml b/charts/stackstate/stackstate-k8s-agent/1.0.67/templates/cluster-agent-role.yaml deleted file mode 100644 index afe1594c1..000000000 --- a/charts/stackstate/stackstate-k8s-agent/1.0.67/templates/cluster-agent-role.yaml +++ /dev/null @@ -1,18 +0,0 @@ -{{- $kubeRes := .Values.clusterAgent.collection.kubernetesResources }} -apiVersion: rbac.authorization.k8s.io/v1 -kind: Role -metadata: - name: {{ include "stackstate-k8s-agent.fullname" . }} - labels: -{{ include "stackstate-k8s-agent.labels" . | indent 4 }} - app.kubernetes.io/component: cluster-agent -rules: -- apiGroups: - - "" - resources: - - configmaps - verbs: - - create - - get - - patch - - update diff --git a/charts/stackstate/stackstate-k8s-agent/1.0.67/templates/cluster-agent-rolebinding.yaml b/charts/stackstate/stackstate-k8s-agent/1.0.67/templates/cluster-agent-rolebinding.yaml deleted file mode 100644 index befaa77f2..000000000 --- a/charts/stackstate/stackstate-k8s-agent/1.0.67/templates/cluster-agent-rolebinding.yaml +++ /dev/null @@ -1,15 +0,0 @@ -apiVersion: rbac.authorization.k8s.io/v1 -kind: RoleBinding -metadata: - name: {{ include "stackstate-k8s-agent.fullname" . }} - labels: -{{ include "stackstate-k8s-agent.labels" . | indent 4 }} - app.kubernetes.io/component: cluster-agent -roleRef: - apiGroup: rbac.authorization.k8s.io - kind: Role - name: {{ include "stackstate-k8s-agent.fullname" . }} -subjects: -- apiGroup: "" - kind: ServiceAccount - name: {{ include "stackstate-k8s-agent.fullname" . }} diff --git a/charts/stackstate/stackstate-k8s-agent/1.0.67/templates/cluster-agent-service.yaml b/charts/stackstate/stackstate-k8s-agent/1.0.67/templates/cluster-agent-service.yaml deleted file mode 100644 index 93c39aaba..000000000 --- a/charts/stackstate/stackstate-k8s-agent/1.0.67/templates/cluster-agent-service.yaml +++ /dev/null @@ -1,18 +0,0 @@ -apiVersion: v1 -kind: Service -metadata: - name: {{ .Release.Name }}-cluster-agent - namespace: {{ .Release.Namespace }} - labels: -{{ include "stackstate-k8s-agent.labels" . | indent 4 }} - app.kubernetes.io/component: cluster-agent -spec: - ports: - - name: clusteragent - port: {{int .Values.clusterAgent.service.port }} - protocol: TCP - targetPort: {{int .Values.clusterAgent.service.targetPort }} - selector: - app.kubernetes.io/component: cluster-agent - app.kubernetes.io/instance: {{ .Release.Name }} - app.kubernetes.io/name: {{ include "stackstate-k8s-agent.name" . }} diff --git a/charts/stackstate/stackstate-k8s-agent/1.0.67/templates/cluster-agent-serviceaccount.yaml b/charts/stackstate/stackstate-k8s-agent/1.0.67/templates/cluster-agent-serviceaccount.yaml deleted file mode 100644 index ff7b7be35..000000000 --- a/charts/stackstate/stackstate-k8s-agent/1.0.67/templates/cluster-agent-serviceaccount.yaml +++ /dev/null @@ -1,12 +0,0 @@ -apiVersion: v1 -kind: ServiceAccount -metadata: - name: {{ include "stackstate-k8s-agent.fullname" . }} - namespace: {{ .Release.Namespace }} - labels: -{{ include "stackstate-k8s-agent.labels" . | indent 4 }} - app.kubernetes.io/component: cluster-agent -{{- with .Values.clusterAgent.serviceaccount.annotations }} - annotations: - {{- toYaml . | nindent 4 }} -{{- end }} diff --git a/charts/stackstate/stackstate-k8s-agent/1.0.67/templates/logs-agent-clusterrole.yaml b/charts/stackstate/stackstate-k8s-agent/1.0.67/templates/logs-agent-clusterrole.yaml deleted file mode 100644 index 70d70aa47..000000000 --- a/charts/stackstate/stackstate-k8s-agent/1.0.67/templates/logs-agent-clusterrole.yaml +++ /dev/null @@ -1,20 +0,0 @@ -{{- if .Values.logsAgent.enabled }} -apiVersion: rbac.authorization.k8s.io/v1 -kind: ClusterRole -metadata: - name: {{ .Release.Name }}-logs-agent - labels: -{{ include "stackstate-k8s-agent.labels" . | indent 4 }} - app.kubernetes.io/component: logs-agent -rules: -- apiGroups: # Kubelet connectivity - - "" - resources: - - nodes - - services - - pods - verbs: - - get - - watch - - list -{{- end -}} diff --git a/charts/stackstate/stackstate-k8s-agent/1.0.67/templates/logs-agent-clusterrolebinding.yaml b/charts/stackstate/stackstate-k8s-agent/1.0.67/templates/logs-agent-clusterrolebinding.yaml deleted file mode 100644 index 802c5d8c5..000000000 --- a/charts/stackstate/stackstate-k8s-agent/1.0.67/templates/logs-agent-clusterrolebinding.yaml +++ /dev/null @@ -1,18 +0,0 @@ -{{- if .Values.logsAgent.enabled }} -apiVersion: rbac.authorization.k8s.io/v1 -kind: ClusterRoleBinding -metadata: - name: {{ .Release.Name }}-logs-agent - labels: -{{ include "stackstate-k8s-agent.labels" . | indent 4 }} - app.kubernetes.io/component: logs-agent -roleRef: - apiGroup: rbac.authorization.k8s.io - kind: ClusterRole - name: {{ .Release.Name }}-logs-agent -subjects: -- apiGroup: "" - kind: ServiceAccount - name: {{ .Release.Name }}-logs-agent - namespace: {{ .Release.Namespace }} -{{- end -}} diff --git a/charts/stackstate/stackstate-k8s-agent/1.0.67/templates/logs-agent-configmap.yaml b/charts/stackstate/stackstate-k8s-agent/1.0.67/templates/logs-agent-configmap.yaml deleted file mode 100644 index c934777ef..000000000 --- a/charts/stackstate/stackstate-k8s-agent/1.0.67/templates/logs-agent-configmap.yaml +++ /dev/null @@ -1,54 +0,0 @@ -{{- if .Values.logsAgent.enabled }} -apiVersion: v1 -kind: ConfigMap -metadata: - name: {{ .Release.Name }}-logs-agent - labels: -{{ include "stackstate-k8s-agent.labels" . | indent 4 }} - app.kubernetes.io/component: logs-agent -data: - promtail.yaml: | - server: - http_listen_port: 9080 - grpc_listen_port: 0 - - clients: - - url: {{ tpl .Values.stackstate.url . }}/logs/k8s?api_key=${STS_API_KEY} - external_labels: - sts_cluster_name: {{ .Values.stackstate.cluster.name | quote }} - - positions: - filename: /tmp/positions.yaml - target_config: - sync_period: 10s - scrape_configs: - - job_name: pod-logs - kubernetes_sd_configs: - - role: pod - pipeline_stages: - - docker: {} - - cri: {} - relabel_configs: - - action: replace - source_labels: - - __meta_kubernetes_pod_name - target_label: pod_name - - action: replace - source_labels: - - __meta_kubernetes_pod_uid - target_label: pod_uid - - action: replace - source_labels: - - __meta_kubernetes_pod_container_name - target_label: container_name - # The __path__ is required by the promtail client - - replacement: /var/log/pods/*$1/*.log - separator: / - source_labels: - - __meta_kubernetes_pod_uid - - __meta_kubernetes_pod_container_name - target_label: __path__ - # Drop all remaining labels, we do not need those - - action: drop - regex: __meta_(.*) -{{- end -}} diff --git a/charts/stackstate/stackstate-k8s-agent/1.0.67/templates/logs-agent-daemonset.yaml b/charts/stackstate/stackstate-k8s-agent/1.0.67/templates/logs-agent-daemonset.yaml deleted file mode 100644 index 015cdba2a..000000000 --- a/charts/stackstate/stackstate-k8s-agent/1.0.67/templates/logs-agent-daemonset.yaml +++ /dev/null @@ -1,90 +0,0 @@ -{{- if .Values.logsAgent.enabled }} -apiVersion: apps/v1 -kind: DaemonSet -metadata: - name: {{ .Release.Name }}-logs-agent - namespace: {{ .Release.Namespace }} - labels: -{{ include "stackstate-k8s-agent.labels" . | indent 4 }} - app.kubernetes.io/component: logs-agent -spec: - selector: - matchLabels: - app.kubernetes.io/component: logs-agent - app.kubernetes.io/instance: {{ .Release.Name }} - app.kubernetes.io/name: {{ include "stackstate-k8s-agent.name" . }} -{{- with .Values.logsAgent.updateStrategy }} - updateStrategy: - {{- toYaml . | nindent 4 }} -{{- end }} - template: - metadata: - annotations: - {{- include "stackstate-k8s-agent.checksum-configs" . | nindent 8 }} - {{- include "stackstate-k8s-agent.logsAgent.configmap.override.checksum" . | nindent 8 }} - labels: - app.kubernetes.io/component: logs-agent - app.kubernetes.io/instance: {{ .Release.Name }} - app.kubernetes.io/name: {{ include "stackstate-k8s-agent.name" . }} - spec: - {{- include "stackstate-k8s-agent.image.pullSecrets" (dict "images" (list .Values.logsAgent.image .Values.all.image) "context" $) | nindent 6 }} - containers: - - name: logs-agent - image: "{{ include "stackstate-k8s-agent.imageRegistry" . }}/{{ .Values.logsAgent.image.repository }}:{{ .Values.logsAgent.image.tag }}" - args: - - -config.expand-env=true - - -config.file=/etc/promtail/promtail.yaml - imagePullPolicy: "{{ .Values.logsAgent.image.pullPolicy }}" - env: - - name: STS_API_KEY - valueFrom: - secretKeyRef: - name: {{ include "stackstate-k8s-agent.fullname" . }} - key: sts-api-key - - name: "HOSTNAME" # needed when using kubernetes_sd_configs - valueFrom: - fieldRef: - fieldPath: "spec.nodeName" - securityContext: - privileged: false - {{- with .Values.logsAgent.resources }} - resources: - {{- toYaml . | nindent 12 }} - {{- end }} - volumeMounts: - - name: logs - mountPath: /var/log - readOnly: true - - name: logs-agent-config - mountPath: /etc/promtail - readOnly: true - - name: varlibdockercontainers - mountPath: /var/lib/docker/containers - readOnly: true - {{- if .Values.logsAgent.priorityClassName }} - priorityClassName: {{ .Values.logsAgent.priorityClassName }} - {{- end }} - serviceAccountName: {{ .Release.Name }}-logs-agent - {{- with .Values.logsAgent.nodeSelector }} - nodeSelector: - {{- toYaml . | nindent 8 }} - {{- end }} - {{- with .Values.logsAgent.affinity }} - affinity: - {{- toYaml . | nindent 8 }} - {{- end }} - {{- with .Values.logsAgent.tolerations }} - tolerations: - {{- toYaml . | nindent 8 }} - {{- end }} - volumes: - - name: logs - hostPath: - path: /var/log - - name: varlibdockercontainers - hostPath: - path: /var/lib/docker/containers - - name: logs-agent-config - configMap: - name: {{ .Release.Name }}-logs-agent -{{- end -}} diff --git a/charts/stackstate/stackstate-k8s-agent/1.0.67/templates/logs-agent-serviceaccount.yaml b/charts/stackstate/stackstate-k8s-agent/1.0.67/templates/logs-agent-serviceaccount.yaml deleted file mode 100644 index e562c04e4..000000000 --- a/charts/stackstate/stackstate-k8s-agent/1.0.67/templates/logs-agent-serviceaccount.yaml +++ /dev/null @@ -1,14 +0,0 @@ -{{- if .Values.logsAgent.enabled }} -apiVersion: v1 -kind: ServiceAccount -metadata: - name: {{ .Release.Name }}-logs-agent - namespace: {{ .Release.Namespace }} - labels: -{{ include "stackstate-k8s-agent.labels" . | indent 4 }} - app.kubernetes.io/component: logs-agent -{{- with .Values.logsAgent.serviceaccount.annotations }} - annotations: - {{- toYaml . | nindent 4 }} -{{- end }} -{{- end -}} diff --git a/charts/stackstate/stackstate-k8s-agent/1.0.67/templates/node-agent-clusterrole.yaml b/charts/stackstate/stackstate-k8s-agent/1.0.67/templates/node-agent-clusterrole.yaml deleted file mode 100644 index 11a53c6ed..000000000 --- a/charts/stackstate/stackstate-k8s-agent/1.0.67/templates/node-agent-clusterrole.yaml +++ /dev/null @@ -1,18 +0,0 @@ -apiVersion: rbac.authorization.k8s.io/v1 -kind: ClusterRole -metadata: - name: {{ .Release.Name }}-node-agent - labels: -{{ include "stackstate-k8s-agent.labels" . | indent 4 }} - app.kubernetes.io/component: node-agent -rules: -- apiGroups: # Kubelet connectivity - - "" - resources: - - nodes/metrics - - nodes/proxy - - nodes/spec - - endpoints - verbs: - - get - - list diff --git a/charts/stackstate/stackstate-k8s-agent/1.0.67/templates/node-agent-clusterrolebinding.yaml b/charts/stackstate/stackstate-k8s-agent/1.0.67/templates/node-agent-clusterrolebinding.yaml deleted file mode 100644 index 8a33cb0bc..000000000 --- a/charts/stackstate/stackstate-k8s-agent/1.0.67/templates/node-agent-clusterrolebinding.yaml +++ /dev/null @@ -1,16 +0,0 @@ -apiVersion: rbac.authorization.k8s.io/v1 -kind: ClusterRoleBinding -metadata: - name: {{ .Release.Name }}-node-agent - labels: -{{ include "stackstate-k8s-agent.labels" . | indent 4 }} - app.kubernetes.io/component: node-agent -roleRef: - apiGroup: rbac.authorization.k8s.io - kind: ClusterRole - name: {{ .Release.Name }}-node-agent -subjects: -- apiGroup: "" - kind: ServiceAccount - name: {{ .Release.Name }}-node-agent - namespace: {{ .Release.Namespace }} diff --git a/charts/stackstate/stackstate-k8s-agent/1.0.67/templates/node-agent-configmap.yaml b/charts/stackstate/stackstate-k8s-agent/1.0.67/templates/node-agent-configmap.yaml deleted file mode 100644 index 8fdd99258..000000000 --- a/charts/stackstate/stackstate-k8s-agent/1.0.67/templates/node-agent-configmap.yaml +++ /dev/null @@ -1,14 +0,0 @@ -{{- if .Values.nodeAgent.config.override }} -apiVersion: v1 -kind: ConfigMap -metadata: - name: {{ .Release.Name }}-node-agent - labels: -{{ include "stackstate-k8s-agent.labels" . | indent 4 }} - app.kubernetes.io/component: node-agent -data: -{{- range .Values.nodeAgent.config.override }} - {{ .path | replace "/" "_"}}_{{ .name }}: | -{{ .data | indent 4 -}} -{{- end -}} -{{- end -}} diff --git a/charts/stackstate/stackstate-k8s-agent/1.0.67/templates/node-agent-daemonset.yaml b/charts/stackstate/stackstate-k8s-agent/1.0.67/templates/node-agent-daemonset.yaml deleted file mode 100644 index dd47d1a9e..000000000 --- a/charts/stackstate/stackstate-k8s-agent/1.0.67/templates/node-agent-daemonset.yaml +++ /dev/null @@ -1,105 +0,0 @@ ---- -apiVersion: apps/v1 -kind: DaemonSet -metadata: - name: {{ .Release.Name }}-node-agent - namespace: {{ .Release.Namespace }} - labels: -{{ include "stackstate-k8s-agent.labels" . | indent 4 }} - app.kubernetes.io/component: node-agent -spec: - selector: - matchLabels: - app.kubernetes.io/component: node-agent - app.kubernetes.io/instance: {{ .Release.Name }} - app.kubernetes.io/name: {{ include "stackstate-k8s-agent.name" . }} -{{- with .Values.nodeAgent.updateStrategy }} - updateStrategy: - {{- toYaml . | nindent 4 }} -{{- end }} - template: - metadata: - annotations: - {{- include "stackstate-k8s-agent.checksum-configs" . | nindent 8 }} - {{- include "stackstate-k8s-agent.nodeAgent.configmap.override.checksum" . | nindent 8 }} - labels: - app.kubernetes.io/component: node-agent - app.kubernetes.io/instance: {{ .Release.Name }} - app.kubernetes.io/name: {{ include "stackstate-k8s-agent.name" . }} - spec: - {{- include "stackstate-k8s-agent.image.pullSecrets" (dict "images" (list .Values.nodeAgent.containers.agent.image .Values.all.image) "context" $) | nindent 6 }} - {{- if .Values.all.hardening.enabled}} - terminationGracePeriodSeconds: 240 - {{- end }} - containers: - {{- include "container-agent" . | nindent 6 }} - {{- if .Values.nodeAgent.containers.processAgent.enabled }} - {{- include "container-process-agent" . | nindent 6 }} - {{- end }} - dnsPolicy: ClusterFirstWithHostNet - hostNetwork: true - hostPID: true - {{- if .Values.nodeAgent.priorityClassName }} - priorityClassName: {{ .Values.nodeAgent.priorityClassName }} - {{- end }} - serviceAccountName: {{ .Release.Name }}-node-agent - nodeSelector: - {{ template "label.os" . }}: {{ .Values.targetSystem }} - {{- with .Values.nodeAgent.nodeSelector }} - {{- toYaml . | nindent 8 }} - {{- end }} - {{- with .Values.nodeAgent.affinity }} - affinity: - {{- toYaml . | nindent 8 }} - {{- end }} - {{- with .Values.nodeAgent.tolerations }} - tolerations: - {{- toYaml . | nindent 8 }} - {{- end }} - volumes: - {{- if .Values.nodeAgent.containerRuntime.customSocketPath }} - - hostPath: - path: {{ .Values.nodeAgent.containerRuntime.customSocketPath }} - name: customcrisocket - {{- end }} - - hostPath: - path: /var/lib/kubelet - name: kubelet - - hostPath: - path: /var/lib/nfs - name: nfs - - hostPath: - path: /var/lib/docker/overlay2 - name: dockeroverlay2 - - hostPath: - path: /run/docker/netns - name: dockernetns - - hostPath: - path: /var/run/crio/crio.sock - name: crisocket - - hostPath: - path: /var/run/containerd/containerd.sock - name: containerdsocket - - hostPath: - path: /sys/kernel/debug - name: sys-kernel-debug - - hostPath: - path: /var/run/docker.sock - name: dockersocket - - hostPath: - path: {{ .Values.nodeAgent.containerRuntime.hostProc }} - name: procdir - - hostPath: - path: /etc - name: etcdir - - hostPath: - path: /etc/passwd - name: passwd - - hostPath: - path: /sys/fs/cgroup - name: cgroups - {{- if .Values.nodeAgent.config.override }} - - name: config-override-volume - configMap: - name: {{ .Release.Name }}-node-agent - {{- end }} diff --git a/charts/stackstate/stackstate-k8s-agent/1.0.67/templates/node-agent-podautoscaler.yaml b/charts/stackstate/stackstate-k8s-agent/1.0.67/templates/node-agent-podautoscaler.yaml deleted file mode 100644 index f3de625e9..000000000 --- a/charts/stackstate/stackstate-k8s-agent/1.0.67/templates/node-agent-podautoscaler.yaml +++ /dev/null @@ -1,35 +0,0 @@ ---- -{{- if .Values.nodeAgent.autoScalingEnabled }} -apiVersion: "autoscaling.k8s.io/v1" -kind: VerticalPodAutoscaler -metadata: - name: {{ .Release.Name }}-node-agent-vpa - namespace: {{ .Release.Namespace }} -spec: - targetRef: - apiVersion: "apps/v1" - kind: DaemonSet - name: {{ .Release.Name }}-node-agent - resourcePolicy: - containerPolicies: - - containerName: 'node-agent' - minAllowed: - cpu: {{ .Values.nodeAgent.scaling.autoscalerLimits.agent.minimum.cpu }} - memory: {{ .Values.nodeAgent.scaling.autoscalerLimits.agent.minimum.memory }} - maxAllowed: - cpu: {{ .Values.nodeAgent.scaling.autoscalerLimits.agent.maximum.cpu }} - memory: {{ .Values.nodeAgent.scaling.autoscalerLimits.agent.maximum.memory }} - controlledResources: ["cpu", "memory"] - controlledValues: RequestsAndLimits - - containerName: 'process-agent' - minAllowed: - cpu: {{ .Values.nodeAgent.scaling.autoscalerLimits.processAgent.minimum.cpu }} - memory: {{ .Values.nodeAgent.scaling.autoscalerLimits.processAgent.minimum.memory }} - maxAllowed: - cpu: {{ .Values.nodeAgent.scaling.autoscalerLimits.processAgent.maximum.cpu }} - memory: {{ .Values.nodeAgent.scaling.autoscalerLimits.processAgent.maximum.memory }} - controlledResources: ["cpu", "memory"] - controlledValues: RequestsAndLimits - updatePolicy: - updateMode: "Auto" -{{- end }} diff --git a/charts/stackstate/stackstate-k8s-agent/1.0.67/templates/node-agent-scc.yaml b/charts/stackstate/stackstate-k8s-agent/1.0.67/templates/node-agent-scc.yaml deleted file mode 100644 index 562a099c7..000000000 --- a/charts/stackstate/stackstate-k8s-agent/1.0.67/templates/node-agent-scc.yaml +++ /dev/null @@ -1,56 +0,0 @@ -{{- if .Values.nodeAgent.scc.enabled }} -allowHostDirVolumePlugin: true -# was true -allowHostIPC: true -# was true -allowHostNetwork: true -# Allow host PID for dogstatsd origin detection -allowHostPID: true -# Allow host ports for dsd / trace / logs intake -allowHostPorts: true -allowPrivilegeEscalation: true -# was true -allowPrivilegedContainer: true -# was - '*' -allowedCapabilities: [] -allowedUnsafeSysctls: -- '*' -apiVersion: security.openshift.io/v1 -defaultAddCapabilities: null -fsGroup: -# was RunAsAny - type: MustRunAs -groups: [] -kind: SecurityContextConstraints -metadata: - name: {{ .Release.Name }}-node-agent - namespace: {{ .Release.Namespace }} -priority: null -readOnlyRootFilesystem: false -requiredDropCapabilities: null -# was RunAsAny -runAsUser: - type: MustRunAsRange -# Use the `spc_t` selinux type to access the -# docker socket + proc and cgroup stats -seLinuxContext: - type: RunAsAny - seLinuxOptions: - user: "system_u" - role: "system_r" - type: "spc_t" - level: "s0" -# was - '*' -seccompProfiles: [] -supplementalGroups: - type: RunAsAny -users: -- system:serviceaccount:{{ .Release.Namespace }}:{{ .Release.Name }}-node-agent -# Allow hostPath for docker / process metrics -volumes: - - configMap - - downwardAPI - - emptyDir - - hostPath - - secret -{{- end }} diff --git a/charts/stackstate/stackstate-k8s-agent/1.0.67/templates/node-agent-service.yaml b/charts/stackstate/stackstate-k8s-agent/1.0.67/templates/node-agent-service.yaml deleted file mode 100644 index ad5ad71ce..000000000 --- a/charts/stackstate/stackstate-k8s-agent/1.0.67/templates/node-agent-service.yaml +++ /dev/null @@ -1,26 +0,0 @@ -apiVersion: v1 -kind: Service -metadata: - name: {{ .Release.Name }}-node-agent - namespace: {{ .Release.Namespace }} - labels: -{{ include "stackstate-k8s-agent.labels" . | indent 4 }} - app.kubernetes.io/component: node-agent -{{- with .Values.nodeAgent.service.annotations }} - annotations: - {{- toYaml . | nindent 4 }} -{{- end }} -spec: - type: {{ .Values.nodeAgent.service.type }} -{{- if eq .Values.nodeAgent.service.type "LoadBalancer" }} - loadBalancerSourceRanges: {{ toYaml .Values.nodeAgent.service.loadBalancerSourceRanges | nindent 4}} -{{- end }} - ports: - - name: traceport - port: 8126 - protocol: TCP - targetPort: 8126 - selector: - app.kubernetes.io/component: node-agent - app.kubernetes.io/instance: {{ .Release.Name }} - app.kubernetes.io/name: {{ include "stackstate-k8s-agent.name" . }} diff --git a/charts/stackstate/stackstate-k8s-agent/1.0.67/templates/node-agent-serviceaccount.yaml b/charts/stackstate/stackstate-k8s-agent/1.0.67/templates/node-agent-serviceaccount.yaml deleted file mode 100644 index 935fa9674..000000000 --- a/charts/stackstate/stackstate-k8s-agent/1.0.67/templates/node-agent-serviceaccount.yaml +++ /dev/null @@ -1,12 +0,0 @@ -apiVersion: v1 -kind: ServiceAccount -metadata: - name: {{ .Release.Name }}-node-agent - namespace: {{ .Release.Namespace }} - labels: -{{ include "stackstate-k8s-agent.labels" . | indent 4 }} - app.kubernetes.io/component: node-agent -{{- with .Values.nodeAgent.serviceaccount.annotations }} - annotations: - {{- toYaml . | nindent 4 }} -{{- end }} diff --git a/charts/stackstate/stackstate-k8s-agent/1.0.67/templates/openshift-logging-secret.yaml b/charts/stackstate/stackstate-k8s-agent/1.0.67/templates/openshift-logging-secret.yaml deleted file mode 100644 index df813afe2..000000000 --- a/charts/stackstate/stackstate-k8s-agent/1.0.67/templates/openshift-logging-secret.yaml +++ /dev/null @@ -1,17 +0,0 @@ -{{- if .Values.openShiftLogging.installSecret }} -apiVersion: v1 -kind: Secret -metadata: - name: {{ include "stackstate-k8s-agent.fullname" . }}-logging-secret - namespace: openshift-logging - labels: -{{ include "stackstate-k8s-agent.labels" . | indent 4 }} -type: Opaque -data: - username: {{ "apikey" | b64enc | quote }} -{{- if .Values.global.receiverApiKey }} - password: {{ .Values.global.receiverApiKey | b64enc | quote }} -{{- else }} - password: {{ .Values.stackstate.apiKey | b64enc | quote }} -{{- end }} -{{- end }} diff --git a/charts/stackstate/stackstate-k8s-agent/1.0.67/templates/pull-secret.yaml b/charts/stackstate/stackstate-k8s-agent/1.0.67/templates/pull-secret.yaml deleted file mode 100644 index 441a42a15..000000000 --- a/charts/stackstate/stackstate-k8s-agent/1.0.67/templates/pull-secret.yaml +++ /dev/null @@ -1,35 +0,0 @@ -{{- $defaultRegistry := .Values.global.imageRegistry }} -{{- $top := . }} -{{- $registryAuthMap := dict }} - -{{- range $registry, $credentials := .Values.global.imagePullCredentials }} - {{- $registryAuthDocument := dict -}} - {{- $_ := set $registryAuthDocument "username" $credentials.username }} - {{- $_ := set $registryAuthDocument "password" $credentials.password }} - {{- $authMessage := printf "%s:%s" $registryAuthDocument.username $registryAuthDocument.password | b64enc }} - {{- $_ := set $registryAuthDocument "auth" $authMessage }} - {{- if eq $registry "default" }} - {{- $registryAuthMap := set $registryAuthMap (include "stackstate-k8s-agent.imageRegistry" $top) $registryAuthDocument }} - {{ else }} - {{- $registryAuthMap := set $registryAuthMap $registry $registryAuthDocument }} - {{- end }} -{{- end }} - -{{- if .Values.all.image.pullSecretUsername }} - {{- $registryAuthDocument := dict -}} - {{- $_ := set $registryAuthDocument "username" .Values.all.image.pullSecretUsername }} - {{- $_ := set $registryAuthDocument "password" .Values.all.image.pullSecretPassword }} - {{- $authMessage := printf "%s:%s" $registryAuthDocument.username $registryAuthDocument.password | b64enc }} - {{- $_ := set $registryAuthDocument "auth" $authMessage }} - {{- $registryAuthMap := set $registryAuthMap (include "stackstate-k8s-agent.imageRegistry" $top) $registryAuthDocument }} -{{- end }} - -{{- $dockerAuthsDocuments := dict "auths" $registryAuthMap }} - -apiVersion: v1 -kind: Secret -metadata: - name: {{ include "stackstate-k8s-agent.pull-secret.name" . }} -data: - .dockerconfigjson: {{ $dockerAuthsDocuments | toJson | b64enc | quote }} -type: kubernetes.io/dockerconfigjson diff --git a/charts/stackstate/stackstate-k8s-agent/1.0.67/templates/secret.yaml b/charts/stackstate/stackstate-k8s-agent/1.0.67/templates/secret.yaml deleted file mode 100644 index 31057ccf3..000000000 --- a/charts/stackstate/stackstate-k8s-agent/1.0.67/templates/secret.yaml +++ /dev/null @@ -1,22 +0,0 @@ -apiVersion: v1 -kind: Secret -metadata: - name: {{ include "stackstate-k8s-agent.fullname" . }} - namespace: {{ .Release.Namespace }} - labels: -{{ include "stackstate-k8s-agent.labels" . | indent 4 }} -type: Opaque -data: -{{- if .Values.global.receiverApiKey }} - sts-api-key: {{ .Values.global.receiverApiKey | b64enc | quote }} -{{- else }} - sts-api-key: {{ .Values.stackstate.apiKey | b64enc | quote }} -{{- end }} -{{- if .Values.stackstate.cluster.authToken }} - sts-cluster-auth-token: {{ .Values.stackstate.cluster.authToken | b64enc | quote }} -{{- else }} - sts-cluster-auth-token: {{ randAlphaNum 32 | b64enc | quote }} -{{- end }} -{{- range $key, $value := .Values.global.extraEnv.secret }} - {{ $key }}: {{ $value | b64enc | quote }} -{{- end }} diff --git a/charts/stackstate/stackstate-k8s-agent/1.0.67/test/clusteragent_resources_test.go b/charts/stackstate/stackstate-k8s-agent/1.0.67/test/clusteragent_resources_test.go deleted file mode 100644 index 25875e871..000000000 --- a/charts/stackstate/stackstate-k8s-agent/1.0.67/test/clusteragent_resources_test.go +++ /dev/null @@ -1,145 +0,0 @@ -package test - -import ( - "regexp" - "strings" - "testing" - - v1 "k8s.io/api/rbac/v1" - - "github.com/stretchr/testify/assert" - "gitlab.com/StackVista/DevOps/helm-charts/helmtestutil" -) - -var requiredRules = []string{ - "events+get,list,watch", - "nodes+get,list,watch", - "pods+get,list,watch", - "services+get,list,watch", - "configmaps+create,get,patch,update", -} - -var optionalRules = []string{ - "namespaces+get,list,watch", - "componentstatuses+get,list,watch", - "configmaps+list,watch", // get is already required - "endpoints+get,list,watch", - "persistentvolumeclaims+get,list,watch", - "persistentvolumes+get,list,watch", - "secrets+get,list,watch", - "apps/daemonsets+get,list,watch", - "apps/deployments+get,list,watch", - "apps/replicasets+get,list,watch", - "apps/statefulsets+get,list,watch", - "extensions/ingresses+get,list,watch", - "batch/cronjobs+get,list,watch", - "batch/jobs+get,list,watch", -} - -var roleDescriptionRegexp = regexp.MustCompile(`^((?P\w+)/)?(?P\w+)\+(?P[\w,]+)`) - -type Rule struct { - Group string - ResourceName string - Verb string -} - -func assertRuleExistence(t *testing.T, rules []v1.PolicyRule, roleDescription string, shouldBePresent bool) { - match := roleDescriptionRegexp.FindStringSubmatch(roleDescription) - assert.NotNil(t, match) - - var roleRules []Rule - for _, rule := range rules { - for _, group := range rule.APIGroups { - for _, resource := range rule.Resources { - for _, verb := range rule.Verbs { - roleRules = append(roleRules, Rule{group, resource, verb}) - } - } - } - } - - resGroup := match[roleDescriptionRegexp.SubexpIndex("group")] - resName := match[roleDescriptionRegexp.SubexpIndex("name")] - verbs := strings.Split(match[roleDescriptionRegexp.SubexpIndex("verbs")], ",") - - for _, verb := range verbs { - requiredRule := Rule{resGroup, resName, verb} - found := false - for _, rule := range roleRules { - if rule == requiredRule { - found = true - break - } - } - if shouldBePresent { - assert.Truef(t, found, "Rule %v has not been found", requiredRule) - } else { - assert.Falsef(t, found, "Rule %v should not be present", requiredRule) - } - } -} - -func TestAllResourcesAreEnabled(t *testing.T) { - output := helmtestutil.RenderHelmTemplate(t, "stackstate-k8s-agent", "values/minimal.yaml") - resources := helmtestutil.NewKubernetesResources(t, output) - - assert.Contains(t, resources.ClusterRoles, "stackstate-k8s-agent") - assert.Contains(t, resources.Roles, "stackstate-k8s-agent") - rules := resources.ClusterRoles["stackstate-k8s-agent"].Rules - rules = append(rules, resources.Roles["stackstate-k8s-agent"].Rules...) - - for _, requiredRole := range requiredRules { - assertRuleExistence(t, rules, requiredRole, true) - } - // be default, everything is enabled, so all the optional roles should be present as well - for _, optionalRule := range optionalRules { - assertRuleExistence(t, rules, optionalRule, true) - } -} - -func TestMostOfResourcesAreDisabled(t *testing.T) { - output := helmtestutil.RenderHelmTemplate(t, "stackstate-k8s-agent", "values/minimal.yaml", "values/disable-all-resource.yaml") - resources := helmtestutil.NewKubernetesResources(t, output) - - assert.Contains(t, resources.ClusterRoles, "stackstate-k8s-agent") - assert.Contains(t, resources.Roles, "stackstate-k8s-agent") - rules := resources.ClusterRoles["stackstate-k8s-agent"].Rules - rules = append(rules, resources.Roles["stackstate-k8s-agent"].Rules...) - - for _, requiredRole := range requiredRules { - assertRuleExistence(t, rules, requiredRole, true) - } - - // we expect all optional resources to be removed from ClusterRole with the given values - for _, optionalRule := range optionalRules { - assertRuleExistence(t, rules, optionalRule, false) - } -} - -func TestNoClusterWideModificationRights(t *testing.T) { - output := helmtestutil.RenderHelmTemplate(t, "stackstate-k8s-agent", "values/minimal.yaml", "values/http-header-injector.yaml") - resources := helmtestutil.NewKubernetesResources(t, output) - assert.Contains(t, resources.ClusterRoles, "stackstate-k8s-agent") - illegalVerbs := []string{"create", "patch", "update", "delete"} - - for _, clusterRole := range resources.ClusterRoles { - for _, rule := range clusterRole.Rules { - for _, verb := range rule.Verbs { - assert.NotContains(t, illegalVerbs, verb, "ClusterRole %s should not have %s verb for %s resource", clusterRole.Name, verb, rule.Resources) - } - } - } -} - -func TestServicePortChange(t *testing.T) { - output := helmtestutil.RenderHelmTemplate(t, "stackstate-k8s-agent", "values/minimal.yaml", "values/clustercheck_service_port_override.yaml") - resources := helmtestutil.NewKubernetesResources(t, output) - - cluster_agent_service := resources.Services["stackstate-k8s-agent-cluster-agent"] - - port := cluster_agent_service.Spec.Ports[0] - assert.Equal(t, port.Name, "clusteragent") - assert.Equal(t, port.Port, int32(8008)) - assert.Equal(t, port.TargetPort.IntVal, int32(9009)) -} diff --git a/charts/stackstate/stackstate-k8s-agent/1.0.67/test/clustername_test.go b/charts/stackstate/stackstate-k8s-agent/1.0.67/test/clustername_test.go deleted file mode 100644 index 55090b995..000000000 --- a/charts/stackstate/stackstate-k8s-agent/1.0.67/test/clustername_test.go +++ /dev/null @@ -1,54 +0,0 @@ -package test - -import ( - "testing" - - "github.com/gruntwork-io/terratest/modules/helm" - "github.com/stretchr/testify/assert" - - "gitlab.com/StackVista/DevOps/helm-charts/helmtestutil" -) - -func TestHelmBasicRender(t *testing.T) { - output := helmtestutil.RenderHelmTemplate(t, "stackstate-k8s-agent", "values/minimal.yaml") - - // Parse all resources into their corresponding types for validation and further inspection - helmtestutil.NewKubernetesResources(t, output) -} - -func TestClusterNameValidation(t *testing.T) { - testCases := []struct { - Name string - ClusterName string - IsValid bool - }{ - {"not allowed end with special character [.]", "name.", false}, - {"not allowed end with special character [-]", "name.", false}, - {"not allowed start with special character [-]", "-name", false}, - {"not allowed start with special character [.]", ".name", false}, - {"upper case is not allowed", "Euwest1-prod.cool-company.com", false}, - {"upper case is not allowed", "euwest1-PROD.cool-company.com", false}, - {"upper case is not allowed", "euwest1-prod.cool-company.coM", false}, - {"dots and dashes are allowed in the middle", "euwest1-prod.cool-company.com", true}, - {"underscore is not allowed", "why_7", false}, - } - - for _, testCase := range testCases { - t.Run(testCase.Name, func(t *testing.T) { - output, err := helmtestutil.RenderHelmTemplateOpts( - t, "cluster-agent", - &helm.Options{ - ValuesFiles: []string{"values/minimal.yaml"}, - SetStrValues: map[string]string{ - "stackstate.cluster.name": testCase.ClusterName, - }, - }) - if testCase.IsValid { - assert.Nil(t, err) - } else { - assert.NotNil(t, err) - assert.Contains(t, output, "stackstate.cluster.name: Does not match pattern") - } - }) - } -} diff --git a/charts/stackstate/stackstate-k8s-agent/1.0.67/test/values/clustercheck_ksm_custom_url.yaml b/charts/stackstate/stackstate-k8s-agent/1.0.67/test/values/clustercheck_ksm_custom_url.yaml deleted file mode 100644 index 57b973eed..000000000 --- a/charts/stackstate/stackstate-k8s-agent/1.0.67/test/values/clustercheck_ksm_custom_url.yaml +++ /dev/null @@ -1,7 +0,0 @@ -checksAgent: - enabled: true - kubeStateMetrics: - url: http://my-custom-ksm-url.monitoring.svc.local:8080/metrics -dependencies: - kubeStateMetrics: - enabled: true diff --git a/charts/stackstate/stackstate-k8s-agent/1.0.67/test/values/clustercheck_ksm_no_override.yaml b/charts/stackstate/stackstate-k8s-agent/1.0.67/test/values/clustercheck_ksm_no_override.yaml deleted file mode 100644 index b6c817d47..000000000 --- a/charts/stackstate/stackstate-k8s-agent/1.0.67/test/values/clustercheck_ksm_no_override.yaml +++ /dev/null @@ -1,5 +0,0 @@ -checksAgent: - enabled: true -dependencies: - kubeStateMetrics: - enabled: true diff --git a/charts/stackstate/stackstate-k8s-agent/1.0.67/test/values/clustercheck_ksm_override.yaml b/charts/stackstate/stackstate-k8s-agent/1.0.67/test/values/clustercheck_ksm_override.yaml deleted file mode 100644 index 9ca201345..000000000 --- a/charts/stackstate/stackstate-k8s-agent/1.0.67/test/values/clustercheck_ksm_override.yaml +++ /dev/null @@ -1,26 +0,0 @@ -checksAgent: - enabled: true -dependencies: - kubeStateMetrics: - enabled: true -agent: - config: - override: -# agent.config.override -- Disables kubernetes_state check on regular agent pods. - - name: auto_conf.yaml - path: /etc/stackstate-agent/conf.d/kubernetes_state.d - data: | -clusterAgent: - config: - override: -# clusterAgent.config.override -- Defines kubernetes_state check for clusterchecks agents. Auto-discovery -# with ad_identifiers does not work here. Use a specific URL instead. - - name: conf.yaml - path: /etc/stackstate-agent/conf.d/kubernetes_state.d - data: | - cluster_check: true - - init_config: - - instances: - - kube_state_url: http://YOUR_KUBE_STATE_METRICS_SERVICE_NAME:8080/metrics diff --git a/charts/stackstate/stackstate-k8s-agent/1.0.67/test/values/clustercheck_no_ksm_custom_url.yaml b/charts/stackstate/stackstate-k8s-agent/1.0.67/test/values/clustercheck_no_ksm_custom_url.yaml deleted file mode 100644 index a62691878..000000000 --- a/charts/stackstate/stackstate-k8s-agent/1.0.67/test/values/clustercheck_no_ksm_custom_url.yaml +++ /dev/null @@ -1,7 +0,0 @@ -checksAgent: - enabled: true - kubeStateMetrics: - url: http://my-custom-ksm-url.monitoring.svc.local:8080/metrics -dependencies: - kubeStateMetrics: - enabled: false diff --git a/charts/stackstate/stackstate-k8s-agent/1.0.67/test/values/clustercheck_service_port_override.yaml b/charts/stackstate/stackstate-k8s-agent/1.0.67/test/values/clustercheck_service_port_override.yaml deleted file mode 100644 index c01a98fcb..000000000 --- a/charts/stackstate/stackstate-k8s-agent/1.0.67/test/values/clustercheck_service_port_override.yaml +++ /dev/null @@ -1,4 +0,0 @@ -clusterAgent: - service: - port: 8008 - targetPort: 9009 diff --git a/charts/stackstate/stackstate-k8s-agent/1.0.67/test/values/disable-all-resource.yaml b/charts/stackstate/stackstate-k8s-agent/1.0.67/test/values/disable-all-resource.yaml deleted file mode 100644 index cd33e843e..000000000 --- a/charts/stackstate/stackstate-k8s-agent/1.0.67/test/values/disable-all-resource.yaml +++ /dev/null @@ -1,17 +0,0 @@ -clusterAgent: - collection: - kubernetesMetrics: false - kubernetesResources: - namespaces: false - configmaps: false - endpoints: false - persistentvolumes: false - persistentvolumeclaims: false - secrets: false - daemonsets: false - deployments: false - replicasets: false - statefulsets: false - ingresses: false - cronjobs: false - jobs: false diff --git a/charts/stackstate/stackstate-k8s-agent/1.0.67/test/values/http-header-injector.yaml b/charts/stackstate/stackstate-k8s-agent/1.0.67/test/values/http-header-injector.yaml deleted file mode 100644 index c9392ce2d..000000000 --- a/charts/stackstate/stackstate-k8s-agent/1.0.67/test/values/http-header-injector.yaml +++ /dev/null @@ -1,8 +0,0 @@ -httpHeaderInjectorWebhook: - webhook: - tls: - mode: "provided" - provided: - caBundle: insert-ca-here - crt: insert-cert-here - key: insert-key-here diff --git a/charts/stackstate/stackstate-k8s-agent/1.0.67/test/values/minimal.yaml b/charts/stackstate/stackstate-k8s-agent/1.0.67/test/values/minimal.yaml deleted file mode 100644 index b310c9a09..000000000 --- a/charts/stackstate/stackstate-k8s-agent/1.0.67/test/values/minimal.yaml +++ /dev/null @@ -1,7 +0,0 @@ -stackstate: - apiKey: foobar - cluster: - name: some-k8s-cluster - token: some-token - - url: https://stackstate:7000/receiver diff --git a/charts/stackstate/stackstate-k8s-agent/1.0.67/values.schema.json b/charts/stackstate/stackstate-k8s-agent/1.0.67/values.schema.json deleted file mode 100644 index 2b977af3d..000000000 --- a/charts/stackstate/stackstate-k8s-agent/1.0.67/values.schema.json +++ /dev/null @@ -1,79 +0,0 @@ -{ - "$schema": "https://json-schema.org/draft/2019-09/schema", - "$id": "https://stackstate.io/example.json", - "type": "object", - "default": {}, - "title": "StackState Agent Helm chart values", - "required": [ - "stackstate", - "clusterAgent" - ], - "properties": { - "stackstate": { - "type": "object", - "required": [ - "apiKey", - "cluster", - "url" - ], - "properties": { - "apiKey": { - "type": "string" - }, - "cluster": { - "type": "object", - "required": ["name"], - "properties": { - "name": { - "type": "string", - "pattern": "^[a-z0-9]([a-z0-9\\-\\.]*[a-z0-9])$" - }, - "authToken": { - "type": "string" - } - } - }, - "url": { - "type": "string" - } - } - }, - "clusterAgent": { - "type": "object", - "required": [ - "config" - ], - "properties": { - "config": { - "type": "object", - "required": [ - "events" - ], - "properties": { - "events": { - "type": "object", - "properties": { - "categories": { - "type": "object", - "patternProperties": { - ".*": { - "type": [ - "string" - ], - "enum": [ - "Alerts", - "Activities", - "Changes", - "Others" - ] - } - } - } - } - } - } - } - } - } - } -} diff --git a/charts/stackstate/stackstate-k8s-agent/1.0.67/values.yaml b/charts/stackstate/stackstate-k8s-agent/1.0.67/values.yaml deleted file mode 100644 index 6ea724d5c..000000000 --- a/charts/stackstate/stackstate-k8s-agent/1.0.67/values.yaml +++ /dev/null @@ -1,582 +0,0 @@ -##################### -# General variables # -##################### - -global: - extraEnv: - # global.extraEnv.open -- Extra open environment variables to inject into pods. - open: {} - # global.extraEnv.secret -- Extra secret environment variables to inject into pods via a `Secret` object. - secret: {} - # global.imagePullSecrets -- Secrets / credentials needed for container image registry. - imagePullSecrets: [] - # global.imagePullCredentials -- Globally define credentials for pulling images. - imagePullCredentials: {} - -# nameOverride -- Override the name of the chart. -nameOverride: "" -# fullnameOverride -- Override the fullname of the chart. -fullnameOverride: "" - -# targetSystem -- Target OS for this deployment (possible values: linux) -targetSystem: "linux" - -all: - image: - # all.image.registry -- The image registry to use. - registry: "quay.io" - hardening: - # all.hardening.enabled -- An indication of whether the containers will be evaluated for hardening at runtime - enabled: false - -nodeAgent: - # nodeAgent.autoScalingEnabled -- Enable / disable autoscaling for the node agent pods. - autoScalingEnabled: false - containerRuntime: - # nodeAgent.containerRuntime.customSocketPath -- If the container socket path does not match the default for CRI-O, Containerd or Docker, supply a custom socket path. - customSocketPath: "" - # nodeAgent.containerRuntime.customHostProc -- If the container is launched from a place where /proc is mounted differently, /proc can be changed - hostProc: /proc - - scc: - # nodeAgent.scc.enabled -- Enable / disable the installation of the SecurityContextConfiguration needed for installation on OpenShift. - enabled: false - apm: - # nodeAgent.apm.enabled -- Enable / disable the nodeAgent APM module. - enabled: true - networkTracing: - # nodeAgent.networkTracing.enabled -- Enable / disable the nodeAgent network tracing module. - enabled: true - protocolInspection: - # nodeAgent.protocolInspection.enabled -- Enable / disable the nodeAgent protocol inspection. - enabled: true - httpTracing: - enabled: true - # nodeAgent.skipSslValidation -- Set to true if self signed certificates are used. - skipSslValidation: false - # nodeAgent.skipKubeletTLSVerify -- Set to true if you want to skip kubelet tls verification. - skipKubeletTLSVerify: false - - # nodeAgent.checksTagCardinality -- low, orchestrator or high. Orchestrator level adds pod_name, high adds display_container_name - checksTagCardinality: orchestrator - - # nodeAgent.config -- - config: - # nodeAgent.config.override -- A list of objects containing three keys `name`, `path` and `data`, specifying filenames at specific paths which need to be (potentially) overridden using a mounted configmap - override: [] - - # nodeAgent.priorityClassName -- Priority class for nodeAgent pods. - priorityClassName: "" - - scaling: - autoscalerLimits: - agent: - minimum: - # nodeAgent.scaling.autoscalerLimits.agent.minimum.cpu -- Minimum CPU resource limits for main agent. - cpu: "20m" - # nodeAgent.scaling.autoscalerLimits.agent.minimum.memory -- Minimum memory resource limits for main agent. - memory: "180Mi" - maximum: - # nodeAgent.scaling.autoscalerLimits.agent.maximum.cpu -- Maximum CPU resource limits for main agent. - cpu: "200m" - # nodeAgent.scaling.autoscalerLimits.agent.maximum.memory -- Maximum memory resource limits for main agent. - memory: "450Mi" - processAgent: - minimum: - # nodeAgent.scaling.autoscalerLimits.processAgent.minimum.cpu -- Minimum CPU resource limits for process agent. - cpu: "25m" - # nodeAgent.scaling.autoscalerLimits.processAgent.minimum.memory -- Minimum memory resource limits for process agent. - memory: "100Mi" - maximum: - # nodeAgent.scaling.autoscalerLimits.processAgent.maximum.cpu -- Maximum CPU resource limits for process agent. - cpu: "200m" - # nodeAgent.scaling.autoscalerLimits.processAgent.maximum.memory -- Maximum memory resource limits for process agent. - memory: "500Mi" - - containers: - agent: - image: - # nodeAgent.containers.agent.image.repository -- Base container image repository. - repository: stackstate/stackstate-k8s-agent - # nodeAgent.containers.agent.image.tag -- Default container image tag. - tag: "ac39a29d" - # nodeAgent.containers.agent.image.pullPolicy -- Default container image pull policy. - pullPolicy: IfNotPresent - processAgent: - # nodeAgent.containers.agent.processAgent.enabled -- Enable / disable the agent process agent module. - deprecated - enabled: false - # nodeAgent.containers.agent.env -- Additional environment variables for the agent container - env: {} - # nodeAgent.containers.agent.logLevel -- Set logging verbosity, valid log levels are: trace, debug, info, warn, error, critical, and off - ## If not set, fall back to the value of agent.logLevel. - logLevel: # INFO - - resources: - limits: - # nodeAgent.containers.agent.resources.limits.cpu -- CPU resource limits. - cpu: "270m" - # nodeAgent.containers.agent.resources.limits.cpu -- Memory resource limits. - memory: "420Mi" - requests: - # nodeAgent.containers.agent.resources.requests.cpu -- CPU resource requests. - cpu: "20m" - # nodeAgent.containers.agent.resources.requests.cpu -- Memory resource requests. - memory: "180Mi" - livenessProbe: - # nodeAgent.containers.agent.livenessProbe.enabled -- Enable use of livenessProbe check. - enabled: true - # nodeAgent.containers.agent.livenessProbe.failureThreshold -- `failureThreshold` for the liveness probe. - failureThreshold: 3 - # nodeAgent.containers.agent.livenessProbe.initialDelaySeconds -- `initialDelaySeconds` for the liveness probe. - initialDelaySeconds: 15 - # nodeAgent.containers.agent.livenessProbe.periodSeconds -- `periodSeconds` for the liveness probe. - periodSeconds: 15 - # nodeAgent.containers.agent.livenessProbe.successThreshold -- `successThreshold` for the liveness probe. - successThreshold: 1 - # nodeAgent.containers.agent.livenessProbe.timeoutSeconds -- `timeoutSeconds` for the liveness probe. - timeoutSeconds: 5 - readinessProbe: - # nodeAgent.containers.agent.readinessProbe.enabled -- Enable use of readinessProbe check. - enabled: true - # nodeAgent.containers.agent.readinessProbe.failureThreshold -- `failureThreshold` for the readiness probe. - failureThreshold: 3 - # nodeAgent.containers.agent.readinessProbe.initialDelaySeconds -- `initialDelaySeconds` for the readiness probe. - initialDelaySeconds: 15 - # nodeAgent.containers.agent.readinessProbe.periodSeconds -- `periodSeconds` for the readiness probe. - periodSeconds: 15 - # nodeAgent.containers.agent.readinessProbe.successThreshold -- `successThreshold` for the readiness probe. - successThreshold: 1 - # nodeAgent.containers.agent.readinessProbe.timeoutSeconds -- `timeoutSeconds` for the readiness probe. - timeoutSeconds: 5 - - processAgent: - # nodeAgent.containers.processAgent.enabled -- Enable / disable the process agent container. - enabled: true - image: - # Override to pull the image from an alternate registry - registry: - # nodeAgent.containers.processAgent.image.repository -- Process-agent container image repository. - repository: stackstate/stackstate-k8s-process-agent - # nodeAgent.containers.processAgent.image.tag -- Default process-agent container image tag. - tag: "76e11e86" - # nodeAgent.containers.processAgent.image.pullPolicy -- Process-agent container image pull policy. - pullPolicy: IfNotPresent - # nodeAgent.containers.processAgent.env -- Additional environment variables for the process-agent container - env: {} - # nodeAgent.containers.processAgent.logLevel -- Set logging verbosity, valid log levels are: trace, debug, info, warn, error, critical, and off - ## If not set, fall back to the value of agent.logLevel. - logLevel: # INFO - - # nodeAgent.containers.processAgent.procVolumeReadOnly -- Configure whether /host/proc is read only for the process agent container - procVolumeReadOnly: true - - resources: - limits: - # nodeAgent.containers.processAgent.resources.limits.cpu -- CPU resource limits. - cpu: "125m" - # nodeAgent.containers.processAgent.resources.limits.cpu -- Memory resource limits. - memory: "400Mi" - requests: - # nodeAgent.containers.processAgent.resources.requests.cpu -- CPU resource requests. - cpu: "25m" - # nodeAgent.containers.processAgent.resources.requests.cpu -- Memory resource requests. - memory: "128Mi" - # nodeAgent.service -- The Kubernetes service for the agent - service: - # nodeAgent.service.type -- Type of Kubernetes service: ClusterIP, LoadBalancer, NodePort - type: ClusterIP - # nodeAgent.service.annotations -- Annotations for the service - annotations: {} - # nodeAgent.service.loadBalancerSourceRanges -- The IP4 CIDR allowed to reach LoadBalancer for the service. For LoadBalancer type of service only. - loadBalancerSourceRanges: ["10.0.0.0/8"] - - # nodeAgent.logLevel -- Logging level for agent processes. - logLevel: INFO - - # nodeAgent.updateStrategy -- The update strategy for the DaemonSet object. - updateStrategy: - type: RollingUpdate - rollingUpdate: - maxUnavailable: 100 - - # nodeAgent.nodeSelector -- Node labels for pod assignment. - nodeSelector: {} - - # nodeAgent.tolerations -- Toleration labels for pod assignment. - tolerations: [] - - # nodeAgent.affinity -- Affinity settings for pod assignment. - affinity: {} - - serviceaccount: - # nodeAgent.serviceaccount.annotations -- Annotations for the service account for the agent daemonset pods - annotations: {} - -processAgent: - softMemoryLimit: - # processAgent.softMemoryLimit.goMemLimit -- Soft-limit for golang heap allocation, for sanity, must be around 85% of nodeAgent.containers.processAgent.resources.limits.cpu. - goMemLimit: 340MiB - # processAgent.softMemoryLimit.httpStatsBufferSize -- Sets a maximum for the number of http stats to keep in memory between check runs, to use 40k requires around ~400Mib of memory. - httpStatsBufferSize: 40000 - # processAgent.softMemoryLimit.httpObservationsBufferSize -- Sets a maximum for the number of http observations to keep in memory between check runs, to use 40k requires around ~400Mib of memory. - httpObservationsBufferSize: 40000 - - checkIntervals: - # processAgent.checkIntervals.container -- Override the default value of the container check interval in seconds. - container: 28 - # processAgent.checkIntervals.connections -- Override the default value of the connections check interval in seconds. - connections: 30 - # processAgent.checkIntervals.process -- Override the default value of the process check interval in seconds. - process: 32 - -clusterAgent: - collection: - # clusterAgent.collection.kubernetesEvents -- Enable / disable the cluster agent events collection. - kubernetesEvents: true - # clusterAgent.collection.kubernetesMetrics -- Enable / disable the cluster agent metrics collection. - kubernetesMetrics: true - # clusterAgent.collection.kubernetesTimeout -- Default timeout (in seconds) when obtaining information from the Kubernetes API. - kubernetesTimeout: 10 - # clusterAgent.collection.kubernetesTopology -- Enable / disable the cluster agent topology collection. - kubernetesTopology: true - kubeStateMetrics: - # clusterAgent.collection.kubeStateMetrics.enabled -- Enable / disable the cluster agent kube-state-metrics collection. - enabled: true - # clusterAgent.collection.kubeStateMetrics.clusterCheck -- For large clusters where the Kubernetes State Metrics Check Core needs to be distributed on dedicated workers. - clusterCheck: false - # clusterAgent.collection.kubeStateMetrics.labelsAsTags -- Extra labels to collect from resources and to turn into StackState tag. - ## It has the following structure: - ## labelsAsTags: - ## : # can be pod, deployment, node, etc. - ## : # where is the kubernetes label and is the StackState tag - ## : - ## : - ## : - ## - ## Warning: the label must match the transformation done by kube-state-metrics, - ## for example tags.stackstate/version becomes tags_stackstate_version. - labelsAsTags: {} - # pod: - # app: app - # node: - # zone: zone - # team: team - - # clusterAgent.collection.kubeStateMetrics.annotationsAsTags -- Extra annotations to collect from resources and to turn into StackState tag. - - ## It has the following structure: - ## annotationsAsTags: - ## : # can be pod, deployment, node, etc. - ## : # where is the kubernetes annotation and is the StackState tag - ## : - ## : - ## : - ## - ## Warning: the annotation must match the transformation done by kube-state-metrics, - ## for example tags.stackstate/version becomes tags_stackstate_version. - annotationsAsTags: {} - kubernetesResources: - # clusterAgent.collection.kubernetesResources.volumeattachments -- Enable / disable collection of Volume Attachments. Used to bind Nodes to Persistent Volumes. - volumeattachments: true - # clusterAgent.collection.kubernetesResources.namespaces -- Enable / disable collection of Namespaces. - namespaces: true - # clusterAgent.collection.kubernetesResources.configmaps -- Enable / disable collection of ConfigMaps. - configmaps: true - # clusterAgent.collection.kubernetesResources.endpoints -- Enable / disable collection of Endpoints. If endpoints are disabled then StackState won't be able to connect a Service to Pods that serving it - endpoints: true - # clusterAgent.collection.kubernetesResources.persistentvolumes -- Enable / disable collection of PersistentVolumes. - persistentvolumes: true - # clusterAgent.collection.kubernetesResources.persistentvolumeclaims -- Enable / disable collection of PersistentVolumeClaims. Disabling these will not let StackState connect PersistentVolumes to pods they are attached to - persistentvolumeclaims: true - # clusterAgent.collection.kubernetesResources.secrets -- Enable / disable collection of Secrets. - secrets: true - # clusterAgent.collection.kubernetesResources.daemonsets -- Enable / disable collection of DaemonSets. - daemonsets: true - # clusterAgent.collection.kubernetesResources.deployments -- Enable / disable collection of Deployments. - deployments: true - # clusterAgent.collection.kubernetesResources.replicasets -- Enable / disable collection of ReplicaSets. - replicasets: true - # clusterAgent.collection.kubernetesResources.statefulsets -- Enable / disable collection of StatefulSets. - statefulsets: true - # clusterAgent.collection.kubernetesResources.ingresses -- Enable / disable collection of Ingresses. - ingresses: true - # clusterAgent.collection.kubernetesResources.cronjobs -- Enable / disable collection of CronJobs. - cronjobs: true - # clusterAgent.collection.kubernetesResources.jobs -- Enable / disable collection of Jobs. - jobs: true - # clusterAgent.collection.kubernetesResources.resourcequotas -- Enable / disable collection of ResourceQuotas. - resourcequotas: true - - # clusterAgent.config -- - config: - events: - # clusterAgent.config.events.categories -- Custom mapping from Kubernetes event reason to StackState event category. Categories allowed: Alerts, Activities, Changes, Others - categories: {} - topology: - # clusterAgent.config.topology.collectionInterval -- Interval for running topology collection, in seconds - collectionInterval: 90 - configMap: - # clusterAgent.config.configMap.maxDataSize -- Maximum amount of characters for the data property of a ConfigMap collected by the kubernetes topology check - maxDataSize: - # clusterAgent.config.override -- A list of objects containing three keys `name`, `path` and `data`, specifying filenames at specific paths which need to be (potentially) overridden using a mounted configmap - override: [] - - service: - # clusterAgent.service.port -- Change the Cluster Agent service port - port: 5005 - # clusterAgent.service.targetPort -- Change the Cluster Agent service targetPort - targetPort: 5005 - - # clusterAgent.enabled -- Enable / disable the cluster agent. - enabled: true - - image: - # clusterAgent.image.repository -- Base container image repository. - repository: stackstate/stackstate-k8s-cluster-agent - # clusterAgent.image.tag -- Default container image tag. - tag: "ac39a29d" - # clusterAgent.image.pullPolicy -- Default container image pull policy. - pullPolicy: IfNotPresent - - livenessProbe: - # clusterAgent.livenessProbe.enabled -- Enable use of livenessProbe check. - enabled: true - # clusterAgent.livenessProbe.failureThreshold -- `failureThreshold` for the liveness probe. - failureThreshold: 3 - # clusterAgent.livenessProbe.initialDelaySeconds -- `initialDelaySeconds` for the liveness probe. - initialDelaySeconds: 15 - # clusterAgent.livenessProbe.periodSeconds -- `periodSeconds` for the liveness probe. - periodSeconds: 15 - # clusterAgent.livenessProbe.successThreshold -- `successThreshold` for the liveness probe. - successThreshold: 1 - # clusterAgent.livenessProbe.timeoutSeconds -- `timeoutSeconds` for the liveness probe. - timeoutSeconds: 5 - - # clusterAgent.logLevel -- Logging level for stackstate-k8s-agent processes. - logLevel: INFO - - # clusterAgent.priorityClassName -- Priority class for stackstate-k8s-agent pods. - priorityClassName: "" - - readinessProbe: - # clusterAgent.readinessProbe.enabled -- Enable use of readinessProbe check. - enabled: true - # clusterAgent.readinessProbe.failureThreshold -- `failureThreshold` for the readiness probe. - failureThreshold: 3 - # clusterAgent.readinessProbe.initialDelaySeconds -- `initialDelaySeconds` for the readiness probe. - initialDelaySeconds: 15 - # clusterAgent.readinessProbe.periodSeconds -- `periodSeconds` for the readiness probe. - periodSeconds: 15 - # clusterAgent.readinessProbe.successThreshold -- `successThreshold` for the readiness probe. - successThreshold: 1 - # clusterAgent.readinessProbe.timeoutSeconds -- `timeoutSeconds` for the readiness probe. - timeoutSeconds: 5 - - # clusterAgent.replicaCount -- Number of replicas of the cluster agent to deploy. - replicaCount: 1 - - serviceaccount: - # clusterAgent.serviceaccount.annotations -- Annotations for the service account for the cluster agent pods - annotations: {} - - # clusterAgent.strategy -- The strategy for the Deployment object. - strategy: - type: RollingUpdate - # rollingUpdate: - # maxUnavailable: 1 - - resources: - limits: - # clusterAgent.resources.limits.cpu -- CPU resource limits. - cpu: "400m" - # clusterAgent.resources.limits.memory -- Memory resource limits. - memory: "800Mi" - requests: - # clusterAgent.resources.requests.cpu -- CPU resource requests. - cpu: "70m" - # clusterAgent.resources.requests.memory -- Memory resource requests. - memory: "512Mi" - - # clusterAgent.nodeSelector -- Node labels for pod assignment. - nodeSelector: {} - - # clusterAgent.tolerations -- Toleration labels for pod assignment. - tolerations: [] - - # clusterAgent.affinity -- Affinity settings for pod assignment. - affinity: {} - -openShiftLogging: - # openShiftLogging.installSecret -- Install a secret for logging on openshift - installSecret: false - -logsAgent: - # logsAgent.enabled -- Enable / disable k8s pod log collection - enabled: true - - # logsAgent.priorityClassName -- Priority class for logsAgent pods. - priorityClassName: "" - - image: - # logsAgent.image.repository -- Base container image repository. - repository: stackstate/promtail - # logsAgent.image.tag -- Default container image tag. - tag: 2.7.1-4b6ae2af - # logsAgent.image.pullPolicy -- Default container image pull policy. - pullPolicy: IfNotPresent - - resources: - limits: - # logsAgent.resources.limits.cpu -- CPU resource limits. - cpu: "1300m" - # logsAgent.resources.limits.cpu -- Memory resource limits. - memory: "192Mi" - requests: - # logsAgent.resources.requests.cpu -- CPU resource requests. - cpu: "20m" - # logsAgent.resources.requests.cpu -- Memory resource requests. - memory: "100Mi" - - # logsAgent.updateStrategy -- The update strategy for the DaemonSet object. - updateStrategy: - type: RollingUpdate - rollingUpdate: - maxUnavailable: 100 - - # logsAgent.nodeSelector -- Node labels for pod assignment. - nodeSelector: {} - - # logsAgent.tolerations -- Toleration labels for pod assignment. - tolerations: [] - - # logsAgent.affinity -- Affinity settings for pod assignment. - affinity: {} - - serviceaccount: - # logsAgent.serviceaccount.annotations -- Annotations for the service account for the daemonset pods - annotations: {} - -checksAgent: - # checksAgent.enabled -- Enable / disable runnning cluster checks in a separately deployed pod - enabled: true - scc: - # checksAgent.scc.enabled -- Enable / disable the installation of the SecurityContextConfiguration needed for installation on OpenShift - enabled: false - apm: - # checksAgent.apm.enabled -- Enable / disable the agent APM module. - enabled: true - networkTracing: - # checksAgent.networkTracing.enabled -- Enable / disable the agent network tracing module. - enabled: true - processAgent: - # checksAgent.processAgent.enabled -- Enable / disable the agent process agent module. - enabled: true - # checksAgent.skipSslValidation -- Set to true if self signed certificates are used. - skipSslValidation: false - - # nodeAgent.checksTagCardinality -- low, orchestrator or high. Orchestrator level adds pod_name, high adds display_container_name - checksTagCardinality: orchestrator - - # checksAgent.config -- - config: - # checksAgent.config.override -- A list of objects containing three keys `name`, `path` and `data`, specifying filenames at specific paths which need to be (potentially) overridden using a mounted configmap - override: [] - - image: - # checksAgent.image.repository -- Base container image repository. - repository: stackstate/stackstate-k8s-agent - # checksAgent.image.tag -- Default container image tag. - tag: "ac39a29d" - # checksAgent.image.pullPolicy -- Default container image pull policy. - pullPolicy: IfNotPresent - - livenessProbe: - # checksAgent.livenessProbe.enabled -- Enable use of livenessProbe check. - enabled: true - # checksAgent.livenessProbe.failureThreshold -- `failureThreshold` for the liveness probe. - failureThreshold: 3 - # checksAgent.livenessProbe.initialDelaySeconds -- `initialDelaySeconds` for the liveness probe. - initialDelaySeconds: 15 - # checksAgent.livenessProbe.periodSeconds -- `periodSeconds` for the liveness probe. - periodSeconds: 15 - # checksAgent.livenessProbe.successThreshold -- `successThreshold` for the liveness probe. - successThreshold: 1 - # checksAgent.livenessProbe.timeoutSeconds -- `timeoutSeconds` for the liveness probe. - timeoutSeconds: 5 - - # checksAgent.logLevel -- Logging level for clusterchecks agent processes. - logLevel: INFO - - # checksAgent.priorityClassName -- Priority class for clusterchecks agent pods. - priorityClassName: "" - - readinessProbe: - # checksAgent.readinessProbe.enabled -- Enable use of readinessProbe check. - enabled: true - # checksAgent.readinessProbe.failureThreshold -- `failureThreshold` for the readiness probe. - failureThreshold: 3 - # checksAgent.readinessProbe.initialDelaySeconds -- `initialDelaySeconds` for the readiness probe. - initialDelaySeconds: 15 - # checksAgent.readinessProbe.periodSeconds -- `periodSeconds` for the readiness probe. - periodSeconds: 15 - # checksAgent.readinessProbe.successThreshold -- `successThreshold` for the readiness probe. - successThreshold: 1 - # checksAgent.readinessProbe.timeoutSeconds -- `timeoutSeconds` for the readiness probe. - timeoutSeconds: 5 - - # checksAgent.replicas -- Number of clusterchecks agent pods to schedule - replicas: 1 - - resources: - limits: - # checksAgent.resources.limits.cpu -- CPU resource limits. - cpu: "400m" - # checksAgent.resources.limits.cpu -- Memory resource limits. - memory: "600Mi" - requests: - # checksAgent.resources.requests.cpu -- CPU resource requests. - cpu: "20m" - # checksAgent.resources.requests.cpu -- Memory resource requests. - memory: "512Mi" - - serviceaccount: - # checksAgent.serviceaccount.annotations -- Annotations for the service account for the cluster checks pods - annotations: {} - - # checksAgent.strategy -- The strategy for the Deployment object. - strategy: - type: RollingUpdate - # rollingUpdate: - # maxUnavailable: 1 - - # checksAgent.nodeSelector -- Node labels for pod assignment. - nodeSelector: {} - - # checksAgent.tolerations -- Toleration labels for pod assignment. - tolerations: [] - - # checksAgent.affinity -- Affinity settings for pod assignment. - affinity: {} - -################################## -# http-header-injector variables # -################################## - -httpHeaderInjectorWebhook: - # httpHeaderInjectorWebhook.enabled -- Enable the webhook for injection http header injection sidecar proxy - enabled: false - -######################## -# StackState variables # -######################## - -stackstate: - # stackstate.apiKey -- (string) **PROVIDE YOUR API KEY HERE** API key to be used by the StackState agent. - apiKey: - cluster: - # stackstate.cluster.name -- (string) **PROVIDE KUBERNETES CLUSTER NAME HERE** Name of the Kubernetes cluster where the agent will be installed. - name: - # stackstate.cluster.authToken -- Provide a token to enable secure communication between the agent and the cluster agent. - authToken: "" - # stackstate.url -- (string) **PROVIDE STACKSTATE URL HERE** URL of the StackState installation to receive data from the agent. - url: diff --git a/charts/stackstate/stackstate-k8s-agent/1.0.68/.helmignore b/charts/stackstate/stackstate-k8s-agent/1.0.68/.helmignore deleted file mode 100644 index 15a5c1277..000000000 --- a/charts/stackstate/stackstate-k8s-agent/1.0.68/.helmignore +++ /dev/null @@ -1,26 +0,0 @@ -# Patterns to ignore when building packages. -# This supports shell glob matching, relative path matching, and -# negation (prefixed with !). Only one pattern per line. -.DS_Store -# Common VCS dirs -.git/ -.gitignore -.bzr/ -.bzrignore -.hg/ -.hgignore -.svn/ -# Common backup files -*.swp -*.bak -*.tmp -*~ -# Various IDEs -.project -.idea/ -*.tmproj -.vscode/ -linter_values.yaml -ci/ -installation/ -logo.svg diff --git a/charts/stackstate/stackstate-k8s-agent/1.0.68/Chart.lock b/charts/stackstate/stackstate-k8s-agent/1.0.68/Chart.lock deleted file mode 100644 index ab1abbaf8..000000000 --- a/charts/stackstate/stackstate-k8s-agent/1.0.68/Chart.lock +++ /dev/null @@ -1,6 +0,0 @@ -dependencies: -- name: http-header-injector - repository: https://helm.stackstate.io - version: 0.0.8 -digest: sha256:c3b39729fb1d0b742d799b83905467fddbce2f15cf7fb65ed4806cee6a27c818 -generated: "2023-12-05T10:09:00.393174914+01:00" diff --git a/charts/stackstate/stackstate-k8s-agent/1.0.68/Chart.yaml b/charts/stackstate/stackstate-k8s-agent/1.0.68/Chart.yaml deleted file mode 100644 index 056f6f9cf..000000000 --- a/charts/stackstate/stackstate-k8s-agent/1.0.68/Chart.yaml +++ /dev/null @@ -1,25 +0,0 @@ -annotations: - catalog.cattle.io/certified: partner - catalog.cattle.io/display-name: StackState Agent - catalog.cattle.io/kube-version: '>=1.19.0-0' - catalog.cattle.io/release-name: stackstate-k8s-agent -apiVersion: v2 -appVersion: 2.19.1 -dependencies: -- alias: httpHeaderInjectorWebhook - name: http-header-injector - repository: file://./charts/http-header-injector - version: 0.0.8 -deprecated: true -description: Helm chart for the StackState Agent. -home: https://github.com/StackVista/stackstate-agent -icon: https://raw.githubusercontent.com/StackVista/helm-charts/master/stable/stackstate-k8s-agent/logo.svg -keywords: -- monitoring -- observability -- stackstate -maintainers: -- email: ops@stackstate.com - name: Stackstate -name: stackstate-k8s-agent -version: 1.0.68 diff --git a/charts/stackstate/stackstate-k8s-agent/1.0.68/README.md b/charts/stackstate/stackstate-k8s-agent/1.0.68/README.md deleted file mode 100644 index 13a8f78a9..000000000 --- a/charts/stackstate/stackstate-k8s-agent/1.0.68/README.md +++ /dev/null @@ -1,248 +0,0 @@ -# stackstate-k8s-agent - -Helm chart for the StackState Agent. - -Current chart version is `1.0.68` - -**Homepage:** - -## Requirements - -| Repository | Name | Version | -|------------|------|---------| -| https://helm.stackstate.io | httpHeaderInjectorWebhook(http-header-injector) | 0.0.8 | - -## Required Values - -In order to successfully install this chart, you **must** provide the following variables: - -* `stackstate.apiKey` -* `stackstate.cluster.name` -* `stackstate.url` - -The parameter `stackstate.cluster.name` is entered when installing the Cluster Agent StackPack. - -Install them on the command line on Helm with the following command: - -```shell -helm install \ ---set-string 'stackstate.apiKey'='' \ ---set-string 'stackstate.cluster.name'='' \ ---set-string 'stackstate.url'='' \ -stackstate/stackstate-k8s-agent -``` - -## Recommended Values - -It is also recommended that you set a value for `stackstate.cluster.authToken`. If it is not provided, a value will be generated for you, but the value will change each time an upgrade is performed. - -The command for **also** installing with a set token would be: - -```shell -helm install \ ---set-string 'stackstate.apiKey'='' \ ---set-string 'stackstate.cluster.name'='' \ ---set-string 'stackstate.cluster.authToken'='' \ ---set-string 'stackstate.url'='' \ -stackstate/stackstate-k8s-agent -``` - -## Values - -| Key | Type | Default | Description | -|-----|------|---------|-------------| -| all.hardening.enabled | bool | `false` | An indication of whether the containers will be evaluated for hardening at runtime | -| all.image.registry | string | `"quay.io"` | The image registry to use. | -| checksAgent.affinity | object | `{}` | Affinity settings for pod assignment. | -| checksAgent.apm.enabled | bool | `true` | Enable / disable the agent APM module. | -| checksAgent.checksTagCardinality | string | `"orchestrator"` | | -| checksAgent.config | object | `{"override":[]}` | | -| checksAgent.config.override | list | `[]` | A list of objects containing three keys `name`, `path` and `data`, specifying filenames at specific paths which need to be (potentially) overridden using a mounted configmap | -| checksAgent.enabled | bool | `true` | Enable / disable runnning cluster checks in a separately deployed pod | -| checksAgent.image.pullPolicy | string | `"IfNotPresent"` | Default container image pull policy. | -| checksAgent.image.repository | string | `"stackstate/stackstate-k8s-agent"` | Base container image repository. | -| checksAgent.image.tag | string | `"ac39a29d"` | Default container image tag. | -| checksAgent.livenessProbe.enabled | bool | `true` | Enable use of livenessProbe check. | -| checksAgent.livenessProbe.failureThreshold | int | `3` | `failureThreshold` for the liveness probe. | -| checksAgent.livenessProbe.initialDelaySeconds | int | `15` | `initialDelaySeconds` for the liveness probe. | -| checksAgent.livenessProbe.periodSeconds | int | `15` | `periodSeconds` for the liveness probe. | -| checksAgent.livenessProbe.successThreshold | int | `1` | `successThreshold` for the liveness probe. | -| checksAgent.livenessProbe.timeoutSeconds | int | `5` | `timeoutSeconds` for the liveness probe. | -| checksAgent.logLevel | string | `"INFO"` | Logging level for clusterchecks agent processes. | -| checksAgent.networkTracing.enabled | bool | `true` | Enable / disable the agent network tracing module. | -| checksAgent.nodeSelector | object | `{}` | Node labels for pod assignment. | -| checksAgent.priorityClassName | string | `""` | Priority class for clusterchecks agent pods. | -| checksAgent.processAgent.enabled | bool | `true` | Enable / disable the agent process agent module. | -| checksAgent.readinessProbe.enabled | bool | `true` | Enable use of readinessProbe check. | -| checksAgent.readinessProbe.failureThreshold | int | `3` | `failureThreshold` for the readiness probe. | -| checksAgent.readinessProbe.initialDelaySeconds | int | `15` | `initialDelaySeconds` for the readiness probe. | -| checksAgent.readinessProbe.periodSeconds | int | `15` | `periodSeconds` for the readiness probe. | -| checksAgent.readinessProbe.successThreshold | int | `1` | `successThreshold` for the readiness probe. | -| checksAgent.readinessProbe.timeoutSeconds | int | `5` | `timeoutSeconds` for the readiness probe. | -| checksAgent.replicas | int | `1` | Number of clusterchecks agent pods to schedule | -| checksAgent.resources.limits.cpu | string | `"400m"` | Memory resource limits. | -| checksAgent.resources.limits.memory | string | `"600Mi"` | | -| checksAgent.resources.requests.cpu | string | `"20m"` | Memory resource requests. | -| checksAgent.resources.requests.memory | string | `"512Mi"` | | -| checksAgent.scc.enabled | bool | `false` | Enable / disable the installation of the SecurityContextConfiguration needed for installation on OpenShift | -| checksAgent.serviceaccount.annotations | object | `{}` | Annotations for the service account for the cluster checks pods | -| checksAgent.skipSslValidation | bool | `false` | Set to true if self signed certificates are used. | -| checksAgent.strategy | object | `{"type":"RollingUpdate"}` | The strategy for the Deployment object. | -| checksAgent.tolerations | list | `[]` | Toleration labels for pod assignment. | -| clusterAgent.affinity | object | `{}` | Affinity settings for pod assignment. | -| clusterAgent.collection.kubeStateMetrics.annotationsAsTags | object | `{}` | Extra annotations to collect from resources and to turn into StackState tag. | -| clusterAgent.collection.kubeStateMetrics.clusterCheck | bool | `false` | For large clusters where the Kubernetes State Metrics Check Core needs to be distributed on dedicated workers. | -| clusterAgent.collection.kubeStateMetrics.enabled | bool | `true` | Enable / disable the cluster agent kube-state-metrics collection. | -| clusterAgent.collection.kubeStateMetrics.labelsAsTags | object | `{}` | Extra labels to collect from resources and to turn into StackState tag. # It has the following structure: # labelsAsTags: # : # can be pod, deployment, node, etc. # : # where is the kubernetes label and is the StackState tag # : # : # : # # Warning: the label must match the transformation done by kube-state-metrics, # for example tags.stackstate/version becomes tags_stackstate_version. | -| clusterAgent.collection.kubernetesEvents | bool | `true` | Enable / disable the cluster agent events collection. | -| clusterAgent.collection.kubernetesMetrics | bool | `true` | Enable / disable the cluster agent metrics collection. | -| clusterAgent.collection.kubernetesResources.configmaps | bool | `true` | Enable / disable collection of ConfigMaps. | -| clusterAgent.collection.kubernetesResources.cronjobs | bool | `true` | Enable / disable collection of CronJobs. | -| clusterAgent.collection.kubernetesResources.daemonsets | bool | `true` | Enable / disable collection of DaemonSets. | -| clusterAgent.collection.kubernetesResources.deployments | bool | `true` | Enable / disable collection of Deployments. | -| clusterAgent.collection.kubernetesResources.endpoints | bool | `true` | Enable / disable collection of Endpoints. If endpoints are disabled then StackState won't be able to connect a Service to Pods that serving it | -| clusterAgent.collection.kubernetesResources.ingresses | bool | `true` | Enable / disable collection of Ingresses. | -| clusterAgent.collection.kubernetesResources.jobs | bool | `true` | Enable / disable collection of Jobs. | -| clusterAgent.collection.kubernetesResources.namespaces | bool | `true` | Enable / disable collection of Namespaces. | -| clusterAgent.collection.kubernetesResources.persistentvolumeclaims | bool | `true` | Enable / disable collection of PersistentVolumeClaims. Disabling these will not let StackState connect PersistentVolumes to pods they are attached to | -| clusterAgent.collection.kubernetesResources.persistentvolumes | bool | `true` | Enable / disable collection of PersistentVolumes. | -| clusterAgent.collection.kubernetesResources.replicasets | bool | `true` | Enable / disable collection of ReplicaSets. | -| clusterAgent.collection.kubernetesResources.resourcequotas | bool | `true` | Enable / disable collection of ResourceQuotas. | -| clusterAgent.collection.kubernetesResources.secrets | bool | `true` | Enable / disable collection of Secrets. | -| clusterAgent.collection.kubernetesResources.statefulsets | bool | `true` | Enable / disable collection of StatefulSets. | -| clusterAgent.collection.kubernetesResources.volumeattachments | bool | `true` | Enable / disable collection of Volume Attachments. Used to bind Nodes to Persistent Volumes. | -| clusterAgent.collection.kubernetesTimeout | int | `10` | Default timeout (in seconds) when obtaining information from the Kubernetes API. | -| clusterAgent.collection.kubernetesTopology | bool | `true` | Enable / disable the cluster agent topology collection. | -| clusterAgent.config | object | `{"configMap":{"maxDataSize":null},"events":{"categories":{}},"override":[],"topology":{"collectionInterval":90}}` | | -| clusterAgent.config.configMap.maxDataSize | string | `nil` | Maximum amount of characters for the data property of a ConfigMap collected by the kubernetes topology check | -| clusterAgent.config.events.categories | object | `{}` | Custom mapping from Kubernetes event reason to StackState event category. Categories allowed: Alerts, Activities, Changes, Others | -| clusterAgent.config.override | list | `[]` | A list of objects containing three keys `name`, `path` and `data`, specifying filenames at specific paths which need to be (potentially) overridden using a mounted configmap | -| clusterAgent.config.topology.collectionInterval | int | `90` | Interval for running topology collection, in seconds | -| clusterAgent.enabled | bool | `true` | Enable / disable the cluster agent. | -| clusterAgent.image.pullPolicy | string | `"IfNotPresent"` | Default container image pull policy. | -| clusterAgent.image.repository | string | `"stackstate/stackstate-k8s-cluster-agent"` | Base container image repository. | -| clusterAgent.image.tag | string | `"ac39a29d"` | Default container image tag. | -| clusterAgent.livenessProbe.enabled | bool | `true` | Enable use of livenessProbe check. | -| clusterAgent.livenessProbe.failureThreshold | int | `3` | `failureThreshold` for the liveness probe. | -| clusterAgent.livenessProbe.initialDelaySeconds | int | `15` | `initialDelaySeconds` for the liveness probe. | -| clusterAgent.livenessProbe.periodSeconds | int | `15` | `periodSeconds` for the liveness probe. | -| clusterAgent.livenessProbe.successThreshold | int | `1` | `successThreshold` for the liveness probe. | -| clusterAgent.livenessProbe.timeoutSeconds | int | `5` | `timeoutSeconds` for the liveness probe. | -| clusterAgent.logLevel | string | `"INFO"` | Logging level for stackstate-k8s-agent processes. | -| clusterAgent.nodeSelector | object | `{}` | Node labels for pod assignment. | -| clusterAgent.priorityClassName | string | `""` | Priority class for stackstate-k8s-agent pods. | -| clusterAgent.readinessProbe.enabled | bool | `true` | Enable use of readinessProbe check. | -| clusterAgent.readinessProbe.failureThreshold | int | `3` | `failureThreshold` for the readiness probe. | -| clusterAgent.readinessProbe.initialDelaySeconds | int | `15` | `initialDelaySeconds` for the readiness probe. | -| clusterAgent.readinessProbe.periodSeconds | int | `15` | `periodSeconds` for the readiness probe. | -| clusterAgent.readinessProbe.successThreshold | int | `1` | `successThreshold` for the readiness probe. | -| clusterAgent.readinessProbe.timeoutSeconds | int | `5` | `timeoutSeconds` for the readiness probe. | -| clusterAgent.replicaCount | int | `1` | Number of replicas of the cluster agent to deploy. | -| clusterAgent.resources.limits.cpu | string | `"400m"` | CPU resource limits. | -| clusterAgent.resources.limits.memory | string | `"800Mi"` | Memory resource limits. | -| clusterAgent.resources.requests.cpu | string | `"70m"` | CPU resource requests. | -| clusterAgent.resources.requests.memory | string | `"512Mi"` | Memory resource requests. | -| clusterAgent.service.port | int | `5005` | Change the Cluster Agent service port | -| clusterAgent.service.targetPort | int | `5005` | Change the Cluster Agent service targetPort | -| clusterAgent.serviceaccount.annotations | object | `{}` | Annotations for the service account for the cluster agent pods | -| clusterAgent.strategy | object | `{"type":"RollingUpdate"}` | The strategy for the Deployment object. | -| clusterAgent.tolerations | list | `[]` | Toleration labels for pod assignment. | -| fullnameOverride | string | `""` | Override the fullname of the chart. | -| global.extraEnv.open | object | `{}` | Extra open environment variables to inject into pods. | -| global.extraEnv.secret | object | `{}` | Extra secret environment variables to inject into pods via a `Secret` object. | -| global.imagePullCredentials | object | `{}` | Globally define credentials for pulling images. | -| global.imagePullSecrets | list | `[]` | Secrets / credentials needed for container image registry. | -| httpHeaderInjectorWebhook.enabled | bool | `false` | Enable the webhook for injection http header injection sidecar proxy | -| logsAgent.affinity | object | `{}` | Affinity settings for pod assignment. | -| logsAgent.enabled | bool | `true` | Enable / disable k8s pod log collection | -| logsAgent.image.pullPolicy | string | `"IfNotPresent"` | Default container image pull policy. | -| logsAgent.image.repository | string | `"stackstate/promtail"` | Base container image repository. | -| logsAgent.image.tag | string | `"2.7.1-4b6ae2af"` | Default container image tag. | -| logsAgent.nodeSelector | object | `{}` | Node labels for pod assignment. | -| logsAgent.priorityClassName | string | `""` | Priority class for logsAgent pods. | -| logsAgent.resources.limits.cpu | string | `"1300m"` | Memory resource limits. | -| logsAgent.resources.limits.memory | string | `"192Mi"` | | -| logsAgent.resources.requests.cpu | string | `"20m"` | Memory resource requests. | -| logsAgent.resources.requests.memory | string | `"100Mi"` | | -| logsAgent.serviceaccount.annotations | object | `{}` | Annotations for the service account for the daemonset pods | -| logsAgent.tolerations | list | `[]` | Toleration labels for pod assignment. | -| logsAgent.updateStrategy | object | `{"rollingUpdate":{"maxUnavailable":100},"type":"RollingUpdate"}` | The update strategy for the DaemonSet object. | -| nameOverride | string | `""` | Override the name of the chart. | -| nodeAgent.affinity | object | `{}` | Affinity settings for pod assignment. | -| nodeAgent.apm.enabled | bool | `true` | Enable / disable the nodeAgent APM module. | -| nodeAgent.autoScalingEnabled | bool | `false` | Enable / disable autoscaling for the node agent pods. | -| nodeAgent.checksTagCardinality | string | `"orchestrator"` | low, orchestrator or high. Orchestrator level adds pod_name, high adds display_container_name | -| nodeAgent.config | object | `{"override":[]}` | | -| nodeAgent.config.override | list | `[]` | A list of objects containing three keys `name`, `path` and `data`, specifying filenames at specific paths which need to be (potentially) overridden using a mounted configmap | -| nodeAgent.containerRuntime.customSocketPath | string | `""` | If the container socket path does not match the default for CRI-O, Containerd or Docker, supply a custom socket path. | -| nodeAgent.containerRuntime.hostProc | string | `"/proc"` | | -| nodeAgent.containers.agent.env | object | `{}` | Additional environment variables for the agent container | -| nodeAgent.containers.agent.image.pullPolicy | string | `"IfNotPresent"` | Default container image pull policy. | -| nodeAgent.containers.agent.image.repository | string | `"stackstate/stackstate-k8s-agent"` | Base container image repository. | -| nodeAgent.containers.agent.image.tag | string | `"ac39a29d"` | Default container image tag. | -| nodeAgent.containers.agent.livenessProbe.enabled | bool | `true` | Enable use of livenessProbe check. | -| nodeAgent.containers.agent.livenessProbe.failureThreshold | int | `3` | `failureThreshold` for the liveness probe. | -| nodeAgent.containers.agent.livenessProbe.initialDelaySeconds | int | `15` | `initialDelaySeconds` for the liveness probe. | -| nodeAgent.containers.agent.livenessProbe.periodSeconds | int | `15` | `periodSeconds` for the liveness probe. | -| nodeAgent.containers.agent.livenessProbe.successThreshold | int | `1` | `successThreshold` for the liveness probe. | -| nodeAgent.containers.agent.livenessProbe.timeoutSeconds | int | `5` | `timeoutSeconds` for the liveness probe. | -| nodeAgent.containers.agent.logLevel | string | `nil` | Set logging verbosity, valid log levels are: trace, debug, info, warn, error, critical, and off # If not set, fall back to the value of agent.logLevel. | -| nodeAgent.containers.agent.processAgent.enabled | bool | `false` | Enable / disable the agent process agent module. - deprecated | -| nodeAgent.containers.agent.readinessProbe.enabled | bool | `true` | Enable use of readinessProbe check. | -| nodeAgent.containers.agent.readinessProbe.failureThreshold | int | `3` | `failureThreshold` for the readiness probe. | -| nodeAgent.containers.agent.readinessProbe.initialDelaySeconds | int | `15` | `initialDelaySeconds` for the readiness probe. | -| nodeAgent.containers.agent.readinessProbe.periodSeconds | int | `15` | `periodSeconds` for the readiness probe. | -| nodeAgent.containers.agent.readinessProbe.successThreshold | int | `1` | `successThreshold` for the readiness probe. | -| nodeAgent.containers.agent.readinessProbe.timeoutSeconds | int | `5` | `timeoutSeconds` for the readiness probe. | -| nodeAgent.containers.agent.resources.limits.cpu | string | `"270m"` | Memory resource limits. | -| nodeAgent.containers.agent.resources.limits.memory | string | `"420Mi"` | | -| nodeAgent.containers.agent.resources.requests.cpu | string | `"20m"` | Memory resource requests. | -| nodeAgent.containers.agent.resources.requests.memory | string | `"180Mi"` | | -| nodeAgent.containers.processAgent.enabled | bool | `true` | Enable / disable the process agent container. | -| nodeAgent.containers.processAgent.env | object | `{}` | Additional environment variables for the process-agent container | -| nodeAgent.containers.processAgent.image.pullPolicy | string | `"IfNotPresent"` | Process-agent container image pull policy. | -| nodeAgent.containers.processAgent.image.registry | string | `nil` | | -| nodeAgent.containers.processAgent.image.repository | string | `"stackstate/stackstate-k8s-process-agent"` | Process-agent container image repository. | -| nodeAgent.containers.processAgent.image.tag | string | `"718e9ab3"` | Default process-agent container image tag. | -| nodeAgent.containers.processAgent.logLevel | string | `nil` | Set logging verbosity, valid log levels are: trace, debug, info, warn, error, critical, and off # If not set, fall back to the value of agent.logLevel. | -| nodeAgent.containers.processAgent.procVolumeReadOnly | bool | `true` | Configure whether /host/proc is read only for the process agent container | -| nodeAgent.containers.processAgent.resources.limits.cpu | string | `"125m"` | Memory resource limits. | -| nodeAgent.containers.processAgent.resources.limits.memory | string | `"400Mi"` | | -| nodeAgent.containers.processAgent.resources.requests.cpu | string | `"25m"` | Memory resource requests. | -| nodeAgent.containers.processAgent.resources.requests.memory | string | `"128Mi"` | | -| nodeAgent.httpTracing.enabled | bool | `true` | | -| nodeAgent.logLevel | string | `"INFO"` | Logging level for agent processes. | -| nodeAgent.networkTracing.enabled | bool | `true` | Enable / disable the nodeAgent network tracing module. | -| nodeAgent.nodeSelector | object | `{}` | Node labels for pod assignment. | -| nodeAgent.priorityClassName | string | `""` | Priority class for nodeAgent pods. | -| nodeAgent.protocolInspection.enabled | bool | `true` | Enable / disable the nodeAgent protocol inspection. | -| nodeAgent.scaling.autoscalerLimits.agent.maximum.cpu | string | `"200m"` | Maximum CPU resource limits for main agent. | -| nodeAgent.scaling.autoscalerLimits.agent.maximum.memory | string | `"450Mi"` | Maximum memory resource limits for main agent. | -| nodeAgent.scaling.autoscalerLimits.agent.minimum.cpu | string | `"20m"` | Minimum CPU resource limits for main agent. | -| nodeAgent.scaling.autoscalerLimits.agent.minimum.memory | string | `"180Mi"` | Minimum memory resource limits for main agent. | -| nodeAgent.scaling.autoscalerLimits.processAgent.maximum.cpu | string | `"200m"` | Maximum CPU resource limits for process agent. | -| nodeAgent.scaling.autoscalerLimits.processAgent.maximum.memory | string | `"500Mi"` | Maximum memory resource limits for process agent. | -| nodeAgent.scaling.autoscalerLimits.processAgent.minimum.cpu | string | `"25m"` | Minimum CPU resource limits for process agent. | -| nodeAgent.scaling.autoscalerLimits.processAgent.minimum.memory | string | `"100Mi"` | Minimum memory resource limits for process agent. | -| nodeAgent.scc.enabled | bool | `false` | Enable / disable the installation of the SecurityContextConfiguration needed for installation on OpenShift. | -| nodeAgent.service | object | `{"annotations":{},"loadBalancerSourceRanges":["10.0.0.0/8"],"type":"ClusterIP"}` | The Kubernetes service for the agent | -| nodeAgent.service.annotations | object | `{}` | Annotations for the service | -| nodeAgent.service.loadBalancerSourceRanges | list | `["10.0.0.0/8"]` | The IP4 CIDR allowed to reach LoadBalancer for the service. For LoadBalancer type of service only. | -| nodeAgent.service.type | string | `"ClusterIP"` | Type of Kubernetes service: ClusterIP, LoadBalancer, NodePort | -| nodeAgent.serviceaccount.annotations | object | `{}` | Annotations for the service account for the agent daemonset pods | -| nodeAgent.skipKubeletTLSVerify | bool | `false` | Set to true if you want to skip kubelet tls verification. | -| nodeAgent.skipSslValidation | bool | `false` | Set to true if self signed certificates are used. | -| nodeAgent.tolerations | list | `[]` | Toleration labels for pod assignment. | -| nodeAgent.updateStrategy | object | `{"rollingUpdate":{"maxUnavailable":100},"type":"RollingUpdate"}` | The update strategy for the DaemonSet object. | -| openShiftLogging.installSecret | bool | `false` | Install a secret for logging on openshift | -| processAgent.checkIntervals.connections | int | `30` | Override the default value of the connections check interval in seconds. | -| processAgent.checkIntervals.container | int | `28` | Override the default value of the container check interval in seconds. | -| processAgent.checkIntervals.process | int | `32` | Override the default value of the process check interval in seconds. | -| processAgent.softMemoryLimit.goMemLimit | string | `"340MiB"` | Soft-limit for golang heap allocation, for sanity, must be around 85% of nodeAgent.containers.processAgent.resources.limits.cpu. | -| processAgent.softMemoryLimit.httpObservationsBufferSize | int | `40000` | Sets a maximum for the number of http observations to keep in memory between check runs, to use 40k requires around ~400Mib of memory. | -| processAgent.softMemoryLimit.httpStatsBufferSize | int | `40000` | Sets a maximum for the number of http stats to keep in memory between check runs, to use 40k requires around ~400Mib of memory. | -| stackstate.apiKey | string | `nil` | **PROVIDE YOUR API KEY HERE** API key to be used by the StackState agent. | -| stackstate.cluster.authToken | string | `""` | Provide a token to enable secure communication between the agent and the cluster agent. | -| stackstate.cluster.name | string | `nil` | **PROVIDE KUBERNETES CLUSTER NAME HERE** Name of the Kubernetes cluster where the agent will be installed. | -| stackstate.url | string | `nil` | **PROVIDE STACKSTATE URL HERE** URL of the StackState installation to receive data from the agent. | -| targetSystem | string | `"linux"` | Target OS for this deployment (possible values: linux) | diff --git a/charts/stackstate/stackstate-k8s-agent/1.0.68/README.md.gotmpl b/charts/stackstate/stackstate-k8s-agent/1.0.68/README.md.gotmpl deleted file mode 100644 index 7909e6f0d..000000000 --- a/charts/stackstate/stackstate-k8s-agent/1.0.68/README.md.gotmpl +++ /dev/null @@ -1,45 +0,0 @@ -{{ template "chart.header" . }} -{{ template "chart.description" . }} - -Current chart version is `{{ template "chart.version" . }}` - -{{ template "chart.homepageLine" . }} - -{{ template "chart.requirementsSection" . }} - -## Required Values - -In order to successfully install this chart, you **must** provide the following variables: - -* `stackstate.apiKey` -* `stackstate.cluster.name` -* `stackstate.url` - -The parameter `stackstate.cluster.name` is entered when installing the Cluster Agent StackPack. - -Install them on the command line on Helm with the following command: - -```shell -helm install \ ---set-string 'stackstate.apiKey'='' \ ---set-string 'stackstate.cluster.name'='' \ ---set-string 'stackstate.url'='' \ -stackstate/stackstate-k8s-agent -``` - -## Recommended Values - -It is also recommended that you set a value for `stackstate.cluster.authToken`. If it is not provided, a value will be generated for you, but the value will change each time an upgrade is performed. - -The command for **also** installing with a set token would be: - -```shell -helm install \ ---set-string 'stackstate.apiKey'='' \ ---set-string 'stackstate.cluster.name'='' \ ---set-string 'stackstate.cluster.authToken'='' \ ---set-string 'stackstate.url'='' \ -stackstate/stackstate-k8s-agent -``` - -{{ template "chart.valuesSection" . }} diff --git a/charts/stackstate/stackstate-k8s-agent/1.0.68/Releasing.md b/charts/stackstate/stackstate-k8s-agent/1.0.68/Releasing.md deleted file mode 100644 index bab6c2b94..000000000 --- a/charts/stackstate/stackstate-k8s-agent/1.0.68/Releasing.md +++ /dev/null @@ -1,15 +0,0 @@ -To make a new release of this helm chart, follow the following steps: - - -- Create a branch from master -- Set the latest tags for the docker images, based on the dev settings (while we do not promote to prod, the moment we promote to prod we should take those tags) from https://gitlab.com/stackvista/devops/agent-promoter/-/blob/master/config.yml. Set the value to the folowing keys: - * stackstate-k8s-cluster-agent: - * [clusterAgent.image.tag] - * stackstate-k8s-agent: - * [nodeAgent.containers.agent.image.tag] - * [checksAgent.image.tag] - * stackstate-k8s-process-agent: - * [nodeAgent.containers.processAgent.image.tag] -- Bump the version of the chart -- Merge the mr and hit the public release button on the ci pipeline -- Manually smoke-test (deploy) the newly released stackstate/stackstate-k8s-agent chart to make sure it runs diff --git a/charts/stackstate/stackstate-k8s-agent/1.0.68/app-readme.md b/charts/stackstate/stackstate-k8s-agent/1.0.68/app-readme.md deleted file mode 100644 index 8025fe1d3..000000000 --- a/charts/stackstate/stackstate-k8s-agent/1.0.68/app-readme.md +++ /dev/null @@ -1,5 +0,0 @@ -## Introduction - -StackState is a modern Application Troubleshooting and Observability solution designed for the rapid evolving engineering landscape. With specific enhancements for Kubernetes environments it empowers engineers, allowing them to remediate application issues independently in production. - -The StackState Agent auto-discovers your entire environment in minutes, assimilating topology, logs, metrics, and events and sends this of to the StackState server. By using StackState you're able to tracke all activity in your environment in real-time and over time. StackState provides instant understanding of the business impact of an issue, offering end-to-end chain observability and ensuring that you can quickly correlate any product or environmental changes to the overall health of your cloud-native implementation. diff --git a/charts/stackstate/stackstate-k8s-agent/1.0.68/charts/http-header-injector/.helmignore b/charts/stackstate/stackstate-k8s-agent/1.0.68/charts/http-header-injector/.helmignore deleted file mode 100644 index 69790771c..000000000 --- a/charts/stackstate/stackstate-k8s-agent/1.0.68/charts/http-header-injector/.helmignore +++ /dev/null @@ -1,25 +0,0 @@ -# Patterns to ignore when building packages. -# This supports shell glob matching, relative path matching, and -# negation (prefixed with !). Only one pattern per line. -.DS_Store -# Common VCS dirs -.git/ -.gitignore -.bzr/ -.bzrignore -.hg/ -.hgignore -.svn/ -# Common backup files -*.swp -*.bak -*.tmp -*~ -# Various IDEs -.project -.idea/ -*.tmproj -.vscode/ -linter_values.yaml -ci/ -installation/ diff --git a/charts/stackstate/stackstate-k8s-agent/1.0.68/charts/http-header-injector/Chart.yaml b/charts/stackstate/stackstate-k8s-agent/1.0.68/charts/http-header-injector/Chart.yaml deleted file mode 100644 index d2c911c5d..000000000 --- a/charts/stackstate/stackstate-k8s-agent/1.0.68/charts/http-header-injector/Chart.yaml +++ /dev/null @@ -1,15 +0,0 @@ -apiVersion: v2 -appVersion: 0.0.1 -description: 'Helm chart for deploying the http-header-injector sidecar, which automatically - injects x-request-id into http traffic going through the cluster for pods which - have the annotation `http-header-injector.stackstate.io/inject: enabled` is set. ' -home: https://github.com/StackVista/http-header-injector -icon: https://www.stackstate.com/wp-content/uploads/2019/02/152x152-favicon.png -keywords: -- monitoring -- stackstate -maintainers: -- email: ops@stackstate.com - name: Stackstate Lupulus Team -name: http-header-injector -version: 0.0.8 diff --git a/charts/stackstate/stackstate-k8s-agent/1.0.68/charts/http-header-injector/README.md b/charts/stackstate/stackstate-k8s-agent/1.0.68/charts/http-header-injector/README.md deleted file mode 100644 index 33e6bedf7..000000000 --- a/charts/stackstate/stackstate-k8s-agent/1.0.68/charts/http-header-injector/README.md +++ /dev/null @@ -1,54 +0,0 @@ -# http-header-injector - -![Version: 0.0.7](https://img.shields.io/badge/Version-0.0.7-informational?style=flat-square) ![AppVersion: 0.0.1](https://img.shields.io/badge/AppVersion-0.0.1-informational?style=flat-square) - -Helm chart for deploying the http-header-injector sidecar, which automatically injects x-request-id into http traffic -going through the cluster for pods which have the annotation `http-header-injector.stackstate.io/inject: enabled` is set. - -**Homepage:** - -## Maintainers - -| Name | Email | Url | -| ---- | ------ | --- | -| Stackstate Lupulus Team | | | - -## Values - -| Key | Type | Default | Description | -|-----|------|---------|-------------| -| certificatePrehook | object | `{"image":{"pullPolicy":"IfNotPresent","registry":null,"repository":"stackstate/container-tools","tag":"1.2.0"}}` | Helm prehook to setup/remove a certificate for the sidecarInjector mutationwebhook | -| certificatePrehook.image.pullPolicy | string | `"IfNotPresent"` | Policy when pulling an image | -| certificatePrehook.image.registry | string | `nil` | Registry for the docker image. | -| certificatePrehook.image.tag | string | `"1.2.0"` | The tag for the docker image | -| debug | bool | `false` | Enable debugging. This will leave leave artifacts around like the prehook jobs for further inspection | -| enabled | bool | `true` | Enable/disable the mutationwebhook | -| global.imagePullCredentials | object | `{}` | Globally define credentials for pulling images. | -| global.imagePullSecrets | list | `[]` | Globally add image pull secrets that are used. | -| global.imageRegistry | string | `nil` | Globally override the image registry that is used. Can be overridden by specific containers. Defaults to quay.io | -| images.pullSecretName | string | `nil` | | -| proxy | object | `{"image":{"pullPolicy":"IfNotPresent","registry":null,"repository":"stackstate/http-header-injector-proxy","tag":"sha-5ff79451"},"resources":{"limits":{"memory":"40Mi"},"requests":{"memory":"25Mi"}}}` | Proxy being injected into pods for rewriting http headers | -| proxy.image.pullPolicy | string | `"IfNotPresent"` | Policy when pulling an image | -| proxy.image.registry | string | `nil` | Registry for the docker image. | -| proxy.image.tag | string | `"sha-5ff79451"` | The tag for the docker image | -| proxy.resources.limits.memory | string | `"40Mi"` | Memory resource limits. | -| proxy.resources.requests.memory | string | `"25Mi"` | Memory resource requests. | -| proxyInit | object | `{"image":{"pullPolicy":"IfNotPresent","registry":null,"repository":"stackstate/http-header-injector-proxy-init","tag":"sha-5ff79451"}}` | InitContainer within pod which redirects traffic to the proxy container. | -| proxyInit.image.pullPolicy | string | `"IfNotPresent"` | Policy when pulling an image | -| proxyInit.image.registry | string | `nil` | Registry for the docker image | -| proxyInit.image.tag | string | `"sha-5ff79451"` | The tag for the docker image | -| sidecarInjector | object | `{"image":{"pullPolicy":"IfNotPresent","registry":null,"repository":"stackstate/generic-sidecar-injector","tag":"sha-9c852245"}}` | Service for injecting the proxy sidecar into pods | -| sidecarInjector.image.pullPolicy | string | `"IfNotPresent"` | Policy when pulling an image | -| sidecarInjector.image.registry | string | `nil` | Registry for the docker image. | -| sidecarInjector.image.tag | string | `"sha-9c852245"` | The tag for the docker image | -| webhook | object | `{"failurePolicy":"Ignore","tls":{"certManager":{"issuer":"","issuerKind":"ClusterIssuer","issuerNamespace":""},"mode":"generated","provided":{"caBundle":"","crt":"","key":""},"secret":{"name":""}}}` | MutationWebhook that will be installed to inject a sidecar into pods | -| webhook.failurePolicy | string | `"Ignore"` | How should the webhook fail? Best is to use Ignore, because there is a brief moment at initialization when the hook s there but the service not. Also, putting this to fail can cause the control plane be unresponsive. | -| webhook.tls.certManager.issuer | string | `""` | The issuer that is used for the webhook. Only used if you set webhook.tls.mode to "cert-manager". | -| webhook.tls.certManager.issuerKind | string | `"ClusterIssuer"` | The issuer kind that is used for the webhook, valid values are "Issuer" or "ClusterIssuer". Only used if you set webhook.tls.mode to "cert-manager". | -| webhook.tls.certManager.issuerNamespace | string | `""` | The namespace the cert-manager issuer is located in. If left empty defaults to the release's namespace that is used for the webhook. Only used if you set webhook.tls.mode to "cert-manager". | -| webhook.tls.mode | string | `"generated"` | The mode for the webhook. Can be "provided", "generated", "secret" or "cert-manager". If you want to use cert-manager, you need to install it first. NOTE: If you choose "generated", additional privileges are required to create the certificate and webhook at runtime. | -| webhook.tls.provided.caBundle | string | `""` | The caBundle that is used for the webhook. This is the certificate that is used to sign the webhook. Only used if you set webhook.tls.mode to "provided". | -| webhook.tls.provided.crt | string | `""` | The certificate that is used for the webhook. Only used if you set webhook.tls.mode to "provided". | -| webhook.tls.provided.key | string | `""` | The key that is used for the webhook. Only used if you set webhook.tls.mode to "provided". | -| webhook.tls.secret.name | string | `""` | The name of the secret containing the pre-provisioned certificate data that is used for the webhook. Only used if you set webhook.tls.mode to "secret". | - diff --git a/charts/stackstate/stackstate-k8s-agent/1.0.68/charts/http-header-injector/Readme.md.gotpl b/charts/stackstate/stackstate-k8s-agent/1.0.68/charts/http-header-injector/Readme.md.gotpl deleted file mode 100644 index 225032aa2..000000000 --- a/charts/stackstate/stackstate-k8s-agent/1.0.68/charts/http-header-injector/Readme.md.gotpl +++ /dev/null @@ -1,26 +0,0 @@ -{{ template "chart.header" . }} -{{ template "chart.description" . }} - -Current chart version is `{{ template "chart.version" . }}` - -{{ template "chart.homepageLine" . }} - -{{ template "chart.requirementsSection" . }} - -## Required Values - -No values have to be included to install this chart. After installing this chart, it becomes possible to annotate pods with -the `http-header-injector.stackstate.io/inject: enabled` annotation to make sure the sidecar provided by this chart is -activated on a pod. - -## Recommended Values - -{{ template "chart.valuesSection" . -}} - -## Install - -Install from the command line on Helm with the following command: - -```shell -helm install stackstate/http-header-injector -``` diff --git a/charts/stackstate/stackstate-k8s-agent/1.0.68/charts/http-header-injector/templates/_defines.tpl b/charts/stackstate/stackstate-k8s-agent/1.0.68/charts/http-header-injector/templates/_defines.tpl deleted file mode 100644 index a3614d755..000000000 --- a/charts/stackstate/stackstate-k8s-agent/1.0.68/charts/http-header-injector/templates/_defines.tpl +++ /dev/null @@ -1,113 +0,0 @@ -{{- define "http-header-injector.app.name" -}} -{{ .Release.Name }}-http-header-injector -{{- end -}} - -{{- define "http-header-injector.webhook-service.name" -}} -{{ .Release.Name }}-http-header-injector -{{- end -}} - -{{- define "http-header-injector.webhook-service.fqname" -}} -{{ .Release.Name }}-http-header-injector.{{ .Release.Namespace }}.svc -{{- end -}} - -{{- define "http-header-injector.cert-secret.name" -}} -{{- if eq .Values.webhook.tls.mode "secret" -}} -{{ .Values.webhook.tls.secret.name }} -{{- else -}} -{{ .Release.Name }}-http-injector-cert -{{- end -}} -{{- end -}} - -{{- define "http-header-injector.cert-clusterrole.name" -}} -{{ .Release.Name }}-http-injector-cert-cluster-role -{{- end -}} - -{{- define "http-header-injector.cert-serviceaccount.name" -}} -{{ .Release.Name }}-http-injector-cert-sa -{{- end -}} - -{{- define "http-header-injector.cert-config.name" -}} -{{ .Release.Name }}-cert-config -{{- end -}} - -{{- define "http-header-injector.mutatingwebhookconfiguration.name" -}} -{{ .Release.Name }}-http-header-injector-webhook.stackstate.io -{{- end -}} - -{{- define "http-header-injector.webhook-config.name" -}} -{{ .Release.Name }}-http-header-injector-config -{{- end -}} - -{{- define "http-header-injector.mutating-webhook.name" -}} -{{ .Release.Name }}-http-header-injector-webhook -{{- end -}} - -{{- define "http-header-injector.pull-secret.name" -}} -{{ include "http-header-injector.app.name" . }}-pull-secret -{{- end -}} - -{{/* If the issuer is located in a different namespace, it is possible to set that, else default to the release namespace */}} -{{- define "cert-manager.certificate.namespace" -}} -{{ .Values.webhook.tls.certManager.issuerNamespace | default .Release.Namespace }} -{{- end -}} - -{{- define "http-header-injector.image.registry.global" -}} - {{- if .Values.global }} - {{- .Values.global.imageRegistry | default "quay.io" -}} - {{- else -}} - quay.io - {{- end -}} -{{- end -}} - -{{- define "http-header-injector.image.registry" -}} - {{- if ((.ContainerConfig).image).registry -}} - {{- tpl .ContainerConfig.image.registry . -}} - {{- else -}} - {{- include "http-header-injector.image.registry.global" . }} - {{- end -}} -{{- end -}} - -{{- define "http-header-injector.image.pullSecrets" -}} - {{- $pullSecrets := list }} - {{- $pullSecrets = append $pullSecrets (include "http-header-injector.pull-secret.name" .) }} - {{- range .Values.global.imagePullSecrets -}} - {{- $pullSecrets = append $pullSecrets . -}} - {{- end -}} - {{- if (not (empty $pullSecrets)) -}} -imagePullSecrets: - {{- range $pullSecrets | uniq }} - - name: {{ . }} - {{- end }} - {{- end -}} -{{- end -}} - -{{- define "http-header-injector.cert-setup.container.main" }} -{{- $containerConfig := dict "ContainerConfig" .Values.certificatePrehook -}} -name: webhook-cert-setup -image: "{{ include "http-header-injector.image.registry" (merge $containerConfig .) }}/{{ .Values.certificatePrehook.image.repository }}:{{ .Values.certificatePrehook.image.tag }}" -imagePullPolicy: {{ .Values.certificatePrehook.image.pullPolicy }} -{{- with .Values.certificatePrehook.resources }} -resources: - {{- toYaml . | nindent 2 }} -{{- end }} -volumeMounts: - - name: "{{ include "http-header-injector.cert-config.name" . }}" - mountPath: /scripts - readOnly: true -command: ["/scripts/generate-cert.sh"] -{{- end }} - -{{- define "http-header-injector.cert-delete.container.main" }} -{{- $containerConfig := dict "ContainerConfig" .Values.certificatePrehook -}} -name: webhook-cert-delete -image: "{{ include "http-header-injector.image.registry" (merge $containerConfig .) }}/{{ .Values.certificatePrehook.image.repository }}:{{ .Values.certificatePrehook.image.tag }}" -imagePullPolicy: {{ .Values.certificatePrehook.image.pullPolicy }} -{{- with .Values.certificatePrehook.resources }} -resources: - {{- toYaml . | nindent 2 }} -{{- end }} -volumeMounts: - - name: "{{ include "http-header-injector.cert-config.name" . }}" - mountPath: /scripts -command: [ "/scripts/delete-cert.sh" ] -{{- end }} \ No newline at end of file diff --git a/charts/stackstate/stackstate-k8s-agent/1.0.68/charts/http-header-injector/templates/cert-hook-clusterrolbinding.yaml b/charts/stackstate/stackstate-k8s-agent/1.0.68/charts/http-header-injector/templates/cert-hook-clusterrolbinding.yaml deleted file mode 100644 index fb804f729..000000000 --- a/charts/stackstate/stackstate-k8s-agent/1.0.68/charts/http-header-injector/templates/cert-hook-clusterrolbinding.yaml +++ /dev/null @@ -1,22 +0,0 @@ -{{- if eq .Values.webhook.tls.mode "generated" }} -apiVersion: rbac.authorization.k8s.io/v1 -kind: ClusterRoleBinding -metadata: - name: "{{ include "http-header-injector.cert-serviceaccount.name" . }}" - labels: - app.kubernetes.io/component: http-header-injector-cert-hook - app.kubernetes.io/instance: {{ .Release.Name }} - app.kubernetes.io/name: {{ include "http-header-injector.app.name" . }} - annotations: - "helm.sh/hook": pre-install,pre-upgrade,post-delete,post-upgrade - "helm.sh/hook-weight": "-3" - "helm.sh/hook-delete-policy": before-hook-creation,hook-succeeded -roleRef: - apiGroup: rbac.authorization.k8s.io - kind: ClusterRole - name: "{{ include "http-header-injector.cert-clusterrole.name" . }}" -subjects: - - kind: ServiceAccount - name: "{{ include "http-header-injector.cert-serviceaccount.name" . }}" - namespace: {{ .Release.Namespace }} -{{- end }} diff --git a/charts/stackstate/stackstate-k8s-agent/1.0.68/charts/http-header-injector/templates/cert-hook-clusterrole.yaml b/charts/stackstate/stackstate-k8s-agent/1.0.68/charts/http-header-injector/templates/cert-hook-clusterrole.yaml deleted file mode 100644 index 595ae5c1b..000000000 --- a/charts/stackstate/stackstate-k8s-agent/1.0.68/charts/http-header-injector/templates/cert-hook-clusterrole.yaml +++ /dev/null @@ -1,24 +0,0 @@ -{{- if eq .Values.webhook.tls.mode "generated" }} -apiVersion: rbac.authorization.k8s.io/v1 -kind: ClusterRole -metadata: - name: "{{ include "http-header-injector.cert-clusterrole.name" . }}" - labels: - app.kubernetes.io/component: http-header-injector-cert-hook - app.kubernetes.io/instance: {{ .Release.Name }} - app.kubernetes.io/name: {{ include "http-header-injector.app.name" . }} - annotations: - "helm.sh/hook": pre-install,pre-upgrade,post-delete,post-upgrade - "helm.sh/hook-weight": "-4" - "helm.sh/hook-delete-policy": before-hook-creation,hook-succeeded -rules: - - apiGroups: [ "admissionregistration.k8s.io" ] - resources: [ "mutatingwebhookconfigurations" ] - verbs: [ "get", "create", "patch","update","delete" ] - - apiGroups: [ "" ] - resources: [ "secrets" ] - verbs: [ "create", "get", "patch","update","delete" ] - - apiGroups: [ "apps" ] - resources: [ "deployments" ] - verbs: [ "get" ] -{{- end }} diff --git a/charts/stackstate/stackstate-k8s-agent/1.0.68/charts/http-header-injector/templates/cert-hook-config.yaml b/charts/stackstate/stackstate-k8s-agent/1.0.68/charts/http-header-injector/templates/cert-hook-config.yaml deleted file mode 100644 index b0c5f22fd..000000000 --- a/charts/stackstate/stackstate-k8s-agent/1.0.68/charts/http-header-injector/templates/cert-hook-config.yaml +++ /dev/null @@ -1,152 +0,0 @@ -{{- if eq .Values.webhook.tls.mode "generated" }} -apiVersion: v1 -kind: ConfigMap -metadata: - name: "{{ include "http-header-injector.cert-config.name" . }}" - labels: - app.kubernetes.io/component: http-header-injector-cert-hook - app.kubernetes.io/instance: {{ .Release.Name }} - app.kubernetes.io/name: {{ include "http-header-injector.app.name" . }} - annotations: - "helm.sh/hook": pre-install,pre-upgrade,post-delete,post-upgrade - "helm.sh/hook-weight": "-3" - "helm.sh/hook-delete-policy": before-hook-creation,hook-succeeded -data: - generate-cert.sh: | - #!/bin/bash - - # We are going for a self-signed certificate here. We would like to use k8s CertificateSigningRequest, however, - # currently there are no out of the box signers that can sign a 'server auth' certificate, which is required for mutation webhooks. - set -ex - - SCRIPTDIR="${BASH_SOURCE%/*}" - - DIR=`mktemp -d` - - cd "$DIR" - - {{ if .Values.enabled }} - echo "Chart enabled, creating secret and webhook" - - openssl genrsa -out ca.key 2048 - - openssl req -x509 -new -nodes -key ca.key -subj "/CN={{ include "http-header-injector.webhook-service.fqname" . }}" -days 10000 -out ca.crt - - openssl genrsa -out tls.key 2048 - - openssl req -new -key tls.key -out tls.csr -config "$SCRIPTDIR/csr.conf" - - openssl x509 -req -in tls.csr -CA ca.crt -CAkey ca.key \ - -CAcreateserial -out tls.crt -days 10000 \ - -extensions v3_ext -extfile "$SCRIPTDIR/csr.conf" -sha256 - - # Create or update the secret - echo "Applying secret" - kubectl create secret tls "{{ include "http-header-injector.cert-secret.name" . }}" \ - -n "{{ .Release.Namespace }}" \ - --cert=./tls.crt \ - --key=./tls.key \ - --dry-run=client \ - -o yaml | kubectl apply -f - - - echo "Applying mutationwebhook" - caBundle=`base64 -w 0 ca.crt` - cat "$SCRIPTDIR/mutatingwebhookconfiguration.yaml" | sed "s/\\\$CA_BUNDLE/$caBundle/g" | kubectl apply -f - - {{ else }} - echo "Chart disabled, not creating secret and webhook" - {{ end }} - delete-cert.sh: | - #!/bin/bash - - set -x - - DIR="${BASH_SOURCE%/*}" - if [[ ! -d "$DIR" ]]; then DIR="$PWD"; fi - if [[ "$DIR" = "." ]]; then DIR="$PWD"; fi - - cd "$DIR" - - # Using detection of deployment hee to also make this work in post-delete. - if kubectl get deployments "{{ include "http-header-injector.app.name" . }}" -n "{{ .Release.Namespace }}"; then - echo "Chart enabled, not removing secret and mutationwebhook" - exit 0 - else - echo "Chart disabled, removing secret and mutationwebhook" - fi - - # Create or update the secret - echo "Deleting secret" - kubectl delete secret "{{ include "http-header-injector.cert-secret.name" . }}" -n "{{ .Release.Namespace }}" - - echo "Applying mutationwebhook" - kubectl delete MutatingWebhookConfiguration "{{ include "http-header-injector.mutating-webhook.name" . }}" -n "{{ .Release.Namespace }}" - - exit 0 - - csr.conf: | - [ req ] - default_bits = 2048 - prompt = no - default_md = sha256 - req_extensions = req_ext - distinguished_name = dn - - [ dn ] - C = NL - ST = Utrecht - L = Hilversum - O = StackState - OU = Dev - CN = {{ include "http-header-injector.webhook-service.fqname" . }} - - [ req_ext ] - subjectAltName = @alt_names - - [ alt_names ] - DNS.1 = {{ include "http-header-injector.webhook-service.fqname" . }} - - [ v3_ext ] - authorityKeyIdentifier=keyid,issuer:always - basicConstraints=CA:FALSE - keyUsage=keyEncipherment,dataEncipherment - extendedKeyUsage=serverAuth - subjectAltName=@alt_names - - mutatingwebhookconfiguration.yaml: | - apiVersion: admissionregistration.k8s.io/v1 - kind: MutatingWebhookConfiguration - metadata: - name: "{{ include "http-header-injector.mutating-webhook.name" . }}" - namespace: "{{ .Release.Namespace }}" - webhooks: - - clientConfig: - caBundle: "$CA_BUNDLE" - service: - name: "{{ include "http-header-injector.webhook-service.name" . }}" - path: /mutate - namespace: {{ .Release.Namespace }} - port: 8443 - # Putting failure on ignore, not doing so can crash the entire control plane if something goes wrong with the service. - failurePolicy: "{{ .Values.webhook.failurePolicy }}" - name: "{{ include "http-header-injector.mutatingwebhookconfiguration.name" . }}" - namespaceSelector: - matchExpressions: - - key: kubernetes.io/metadata.name - operator: NotIn - values: - - kube-system - - cert-manager - - {{ .Release.Namespace }} - rules: - - apiGroups: - - "" - apiVersions: - - v1 - operations: - - CREATE - resources: - - pods - sideEffects: None - admissionReviewVersions: - - v1 -{{- end }} diff --git a/charts/stackstate/stackstate-k8s-agent/1.0.68/charts/http-header-injector/templates/cert-hook-job-delete.yaml b/charts/stackstate/stackstate-k8s-agent/1.0.68/charts/http-header-injector/templates/cert-hook-job-delete.yaml deleted file mode 100644 index 1e67e5a45..000000000 --- a/charts/stackstate/stackstate-k8s-agent/1.0.68/charts/http-header-injector/templates/cert-hook-job-delete.yaml +++ /dev/null @@ -1,35 +0,0 @@ -{{- if eq .Values.webhook.tls.mode "generated" }} -apiVersion: batch/v1 -kind: Job -metadata: - name: {{ .Release.Name }}-header-injector-cert-delete - labels: - app.kubernetes.io/component: http-header-injector-cert-hook-delete - app.kubernetes.io/instance: {{ .Release.Name }} - app.kubernetes.io/name: {{ include "http-header-injector.app.name" . }} - annotations: - "helm.sh/hook": post-delete,post-upgrade - "helm.sh/hook-weight": "-2" - "helm.sh/hook-delete-policy": before-hook-creation{{- if not .Values.debug -}},hook-succeeded{{- end }} -spec: - template: - metadata: - labels: - app.kubernetes.io/component: http-header-injector-delete - app.kubernetes.io/instance: {{ .Release.Name }} - app.kubernetes.io/name: {{ include "http-header-injector.app.name" . }} - annotations: - checksum/config: {{ include (print $.Template.BasePath "/cert-hook-config.yaml") . | sha256sum }} - spec: - serviceAccountName: "{{ include "http-header-injector.cert-serviceaccount.name" . }}" - {{- include "http-header-injector.image.pullSecrets" . | nindent 6 }} - volumes: - - name: "{{ include "http-header-injector.cert-config.name" . }}" - configMap: - name: "{{ include "http-header-injector.cert-config.name" . }}" - defaultMode: 0777 - containers: - - {{ include "http-header-injector.cert-delete.container.main" . | nindent 8 }} - restartPolicy: Never - backoffLimit: 0 -{{- end }} diff --git a/charts/stackstate/stackstate-k8s-agent/1.0.68/charts/http-header-injector/templates/cert-hook-job-setup.yaml b/charts/stackstate/stackstate-k8s-agent/1.0.68/charts/http-header-injector/templates/cert-hook-job-setup.yaml deleted file mode 100644 index 19451d293..000000000 --- a/charts/stackstate/stackstate-k8s-agent/1.0.68/charts/http-header-injector/templates/cert-hook-job-setup.yaml +++ /dev/null @@ -1,35 +0,0 @@ -{{- if eq .Values.webhook.tls.mode "generated" }} -apiVersion: batch/v1 -kind: Job -metadata: - name: {{ .Release.Name }}-header-injector-cert-setup - labels: - app.kubernetes.io/component: http-header-injector-cert-hook-setup - app.kubernetes.io/instance: {{ .Release.Name }} - app.kubernetes.io/name: {{ include "http-header-injector.app.name" . }} - annotations: - "helm.sh/hook": pre-install,pre-upgrade - "helm.sh/hook-weight": "-2" - "helm.sh/hook-delete-policy": before-hook-creation{{- if not .Values.debug -}},hook-succeeded{{- end }} -spec: - template: - metadata: - labels: - app.kubernetes.io/component: http-header-injector-setup - app.kubernetes.io/instance: {{ .Release.Name }} - app.kubernetes.io/name: {{ include "http-header-injector.app.name" . }} - annotations: - checksum/config: {{ include (print $.Template.BasePath "/cert-hook-config.yaml") . | sha256sum }} - spec: - serviceAccountName: "{{ include "http-header-injector.cert-serviceaccount.name" . }}" - {{- include "http-header-injector.image.pullSecrets" . | nindent 6 }} - volumes: - - name: "{{ include "http-header-injector.cert-config.name" . }}" - configMap: - name: "{{ include "http-header-injector.cert-config.name" . }}" - defaultMode: 0777 - containers: - - {{ include "http-header-injector.cert-setup.container.main" . | nindent 8 }} - restartPolicy: Never - backoffLimit: 0 -{{- end }} diff --git a/charts/stackstate/stackstate-k8s-agent/1.0.68/charts/http-header-injector/templates/cert-hook-serviceaccount.yaml b/charts/stackstate/stackstate-k8s-agent/1.0.68/charts/http-header-injector/templates/cert-hook-serviceaccount.yaml deleted file mode 100644 index 4d6931b05..000000000 --- a/charts/stackstate/stackstate-k8s-agent/1.0.68/charts/http-header-injector/templates/cert-hook-serviceaccount.yaml +++ /dev/null @@ -1,16 +0,0 @@ -{{- if eq .Values.webhook.tls.mode "generated" }} -apiVersion: v1 -kind: ServiceAccount -metadata: - name: "{{ include "http-header-injector.cert-serviceaccount.name" . }}" - namespace: {{ .Release.Namespace }} - annotations: - "helm.sh/hook": pre-install,pre-upgrade,post-delete,post-upgrade - "helm.sh/hook-weight": "-4" - "helm.sh/hook-delete-policy": before-hook-creation,hook-succeeded - labels: - app.kubernetes.io/component: http-header-injector-cert-hook - app.kubernetes.io/instance: {{ .Release.Name }} - app.kubernetes.io/name: {{ include "http-header-injector.app.name" . }} - app: "{{ include "http-header-injector.app.name" . }}" -{{- end }} diff --git a/charts/stackstate/stackstate-k8s-agent/1.0.68/charts/http-header-injector/templates/pull-secret.yaml b/charts/stackstate/stackstate-k8s-agent/1.0.68/charts/http-header-injector/templates/pull-secret.yaml deleted file mode 100644 index 5dc48d931..000000000 --- a/charts/stackstate/stackstate-k8s-agent/1.0.68/charts/http-header-injector/templates/pull-secret.yaml +++ /dev/null @@ -1,29 +0,0 @@ -{{- $defaultRegistry := .Values.global.imageRegistry }} -{{- $top := . }} -{{- $registryAuthMap := dict }} - -{{- range $registry, $credentials := .Values.global.imagePullCredentials }} - {{- $registryAuthDocument := dict -}} - {{- $_ := set $registryAuthDocument "username" $credentials.username }} - {{- $_ := set $registryAuthDocument "password" $credentials.password }} - {{- $authMessage := printf "%s:%s" $registryAuthDocument.username $registryAuthDocument.password | b64enc }} - {{- $_ := set $registryAuthDocument "auth" $authMessage }} - {{- if eq $registry "default" }} - {{- $registryAuthMap := set $registryAuthMap (include "http-header-injector.image.registry.global" $top) $registryAuthDocument }} - {{ else }} - {{- $registryAuthMap := set $registryAuthMap $registry $registryAuthDocument }} - {{- end }} -{{- end }} -{{- $dockerAuthsDocuments := dict "auths" $registryAuthMap }} - -apiVersion: v1 -kind: Secret -metadata: - labels: - app.kubernetes.io/component: http-header-injector - app.kubernetes.io/instance: {{ .Release.Name }} - app.kubernetes.io/name: {{ include "http-header-injector.app.name" . }} - name: {{ include "http-header-injector.pull-secret.name" . }} -data: - .dockerconfigjson: {{ $dockerAuthsDocuments | toJson | b64enc | quote }} -type: kubernetes.io/dockerconfigjson \ No newline at end of file diff --git a/charts/stackstate/stackstate-k8s-agent/1.0.68/charts/http-header-injector/templates/webhook-cert-secret.yaml b/charts/stackstate/stackstate-k8s-agent/1.0.68/charts/http-header-injector/templates/webhook-cert-secret.yaml deleted file mode 100644 index ba7a216f2..000000000 --- a/charts/stackstate/stackstate-k8s-agent/1.0.68/charts/http-header-injector/templates/webhook-cert-secret.yaml +++ /dev/null @@ -1,15 +0,0 @@ -{{- if eq .Values.webhook.tls.mode "provided" }} -apiVersion: v1 -kind: Secret -metadata: - name: {{ include "http-header-injector.cert-secret.name" . }} - namespace: {{ .Release.Namespace }} - labels: - app.kubernetes.io/component: http-header-injector - app.kubernetes.io/instance: {{ .Release.Name }} - app.kubernetes.io/name: {{ include "http-header-injector.app.name" . }} -type: kubernetes.io/tls -data: - tls.crt: {{ .Values.webhook.tls.provided.crt | b64enc }} - tls.key: {{ .Values.webhook.tls.provided.key | b64enc }} -{{- end }} diff --git a/charts/stackstate/stackstate-k8s-agent/1.0.68/charts/http-header-injector/templates/webhook-certificate.yaml b/charts/stackstate/stackstate-k8s-agent/1.0.68/charts/http-header-injector/templates/webhook-certificate.yaml deleted file mode 100644 index 752132d44..000000000 --- a/charts/stackstate/stackstate-k8s-agent/1.0.68/charts/http-header-injector/templates/webhook-certificate.yaml +++ /dev/null @@ -1,20 +0,0 @@ -{{- if eq .Values.webhook.tls.mode "cert-manager" }} -apiVersion: cert-manager.io/v1 -kind: Certificate -metadata: - name: {{ include "http-header-injector.webhook-service.name" . }} - namespace: {{ include "cert-manager.certificate.namespace" . }} - labels: - app.kubernetes.io/component: http-header-injector - app.kubernetes.io/instance: {{ .Release.Name }} - app.kubernetes.io/name: {{ include "http-header-injector.app.name" . }} -spec: - secretName: {{ include "http-header-injector.cert-secret.name" . }} - issuerRef: - name: {{ .Values.webhook.tls.certManager.issuer }} - kind: {{ .Values.webhook.tls.certManager.issuerKind }} - dnsNames: - - "{{ include "http-header-injector.webhook-service.name" . }}" - - "{{ include "http-header-injector.webhook-service.name" . }}.{{ .Release.Namespace }}" - - "{{ include "http-header-injector.webhook-service.name" . }}.{{ .Release.Namespace }}.svc" -{{- end }} diff --git a/charts/stackstate/stackstate-k8s-agent/1.0.68/charts/http-header-injector/templates/webhook-config.yaml b/charts/stackstate/stackstate-k8s-agent/1.0.68/charts/http-header-injector/templates/webhook-config.yaml deleted file mode 100644 index f611a52e3..000000000 --- a/charts/stackstate/stackstate-k8s-agent/1.0.68/charts/http-header-injector/templates/webhook-config.yaml +++ /dev/null @@ -1,125 +0,0 @@ -{{- if .Values.enabled -}} -{{- $proxyContainerConfig := dict "ContainerConfig" .Values.proxy -}} -{{- $proxyInitContainerConfig := dict "ContainerConfig" .Values.proxyInit -}} -apiVersion: v1 -kind: ConfigMap -metadata: - labels: - app.kubernetes.io/component: http-header-injector - app.kubernetes.io/instance: {{ .Release.Name }} - app.kubernetes.io/name: {{ include "http-header-injector.app.name" . }} - name: {{ .Release.Name }}-http-header-injector-config -data: - sidecarconfig.yaml: | - initContainers: - - name: http-header-proxy-init - image: "{{ include "http-header-injector.image.registry" (merge $proxyInitContainerConfig .) }}/{{ .Values.proxyInit.image.repository }}:{{ .Values.proxyInit.image.tag }}" - imagePullPolicy: {{ .Values.proxyInit.image.pullPolicy }} - command: ["/init-iptables.sh"] - env: - - name: CHART_VERSION - value: "{{ .Chart.Version }}" - - name: PROXY_PORT - value: {% if index .Annotations "config.http-header-injector.stackstate.io/proxy-port" %}"{% index .Annotations "config.http-header-injector.stackstate.io/proxy-port" %}"{% else %}"7060"{% end %} - - name: PROXY_UID - value: {% if index .Annotations "config.http-header-injector.stackstate.io/proxy-uid" %}"{% index .Annotations "config.http-header-injector.stackstate.io/proxy-uid" %}"{% else %}"2103"{% end %} - - name: POD_HOST_NETWORK - value: {% .Spec.HostNetwork %} - {% if eq (index .Annotations "linkerd.io/inject") "enabled" %} - - name: LINKERD - value: true - # Reference: https://linkerd.io/2.13/reference/proxy-configuration/ - - name: LINKERD_PROXY_UID - value: {% if index .Annotations "config.linkerd.io/proxy-uid" %}"{% index .Annotations "config.linkerd.io/proxy-uid" %}"{% else %}"2102"{% end %} - # Due to https://github.com/linkerd/linkerd2/issues/10981 this is now not realy possible, still bringing in the code for future reference - - name: LINKERD_ADMIN_PORT - value: {% if index .Annotations "config.linkerd.io/admin-port" %}"{% index .Annotations "config.linkerd.io/admin-port" %}"{% else %}"4191"{% end %} - {% end %} - securityContext: - allowPrivilegeEscalation: false - capabilities: - add: - - NET_ADMIN - - NET_RAW - privileged: false - readOnlyRootFilesystem: true - runAsNonRoot: false - runAsUser: 0 - seccompProfile: - type: RuntimeDefault - volumeMounts: - # This is required for iptables to be able to run - - mountPath: /run - name: http-header-proxy-init-xtables-lock - - containers: - - name: http-header-proxy - image: "{{ include "http-header-injector.image.registry" (merge $proxyContainerConfig .) }}/{{ .Values.proxy.image.repository }}:{{ .Values.proxy.image.tag }}" - imagePullPolicy: {{ .Values.proxy.image.pullPolicy }} - env: - - name: CHART_VERSION - value: "{{ .Chart.Version }}" - - name: PORT - value: {% if index .Annotations "config.http-header-injector.stackstate.io/proxy-port" %}"{% index .Annotations "config.http-header-injector.stackstate.io/proxy-port" %}"{% else %}"7060"{% end %} - - name: DEBUG - value: {% if index .Annotations "config.http-header-injector.stackstate.io/debug" %}"{% index .Annotations "config.http-header-injector.stackstate.io/debug" %}"{% else %}"disabled"{% end %} - securityContext: - runAsUser: {% if index .Annotations "config.http-header-injector.stackstate.io/proxy-uid" %}{% index .Annotations "config.http-header-injector.stackstate.io/proxy-uid" %}{% else %}2103{% end %} - seccompProfile: - type: RuntimeDefault - {{- with .Values.proxy.resources }} - resources: - {{- toYaml . | nindent 12 }} - {{- end }} - - name: http-header-inject-debug - image: "{{ include "http-header-injector.image.registry" (merge $proxyContainerConfig .) }}/{{ .Values.proxyInit.image.repository }}:{{ .Values.proxyInit.image.tag }}" - imagePullPolicy: {{ .Values.proxyInit.image.pullPolicy }} - command: ["/bin/sh", "-c", "while echo \"Running\"; do sleep 1; done"] - securityContext: - allowPrivilegeEscalation: false - capabilities: - add: - - NET_ADMIN - - NET_RAW - privileged: false - readOnlyRootFilesystem: true - runAsNonRoot: false - runAsUser: 0 - seccompProfile: - type: RuntimeDefault - volumeMounts: - # This is required for iptables to be able to run - - mountPath: /run - name: http-header-proxy-init-xtables-lock - - volumes: - - emptyDir: {} - name: http-header-proxy-init-xtables-lock - - mutationconfig.yaml: | - mutationConfigs: - - name: "http-header-injector" - annotationNamespace: "http-header-injector.stackstate.io" - annotationTrigger: "inject" - annotationConfig: - volumeMounts: [] - initContainersBeforePodInitContainers: [ "http-header-proxy-init" ] - initContainers: [ "http-header-proxy-init" ] - containers: [ "http-header-proxy" ] - volumes: [ "http-header-proxy-init-xtables-lock" ] - volumeMounts: [ ] - # Namespaces are ignored by the mutatingwebhook - ignoreNamespaces: [ ] - - name: "http-header-injector-debug" - annotationNamespace: "http-header-injector-debug.stackstate.io" - annotationTrigger: "inject" - annotationConfig: - volumeMounts: [] - initContainersBeforePodInitContainers: [ ] - initContainers: [ ] - containers: [ "http-header-inject-debug" ] - volumes: [ "http-header-proxy-init-xtables-lock" ] - volumeMounts: [ ] - # Namespaces are ignored by the mutatingwebhook - ignoreNamespaces: [ ] - {{- end -}} \ No newline at end of file diff --git a/charts/stackstate/stackstate-k8s-agent/1.0.68/charts/http-header-injector/templates/webhook-deployment.yaml b/charts/stackstate/stackstate-k8s-agent/1.0.68/charts/http-header-injector/templates/webhook-deployment.yaml deleted file mode 100644 index e885d0e46..000000000 --- a/charts/stackstate/stackstate-k8s-agent/1.0.68/charts/http-header-injector/templates/webhook-deployment.yaml +++ /dev/null @@ -1,56 +0,0 @@ -{{- if .Values.enabled -}} -{{- $containerConfig := dict "ContainerConfig" .Values.sidecarInjector -}} -apiVersion: apps/v1 -kind: Deployment -metadata: - labels: - app.kubernetes.io/component: http-header-injector - app.kubernetes.io/instance: {{ .Release.Name }} - app.kubernetes.io/name: {{ include "http-header-injector.app.name" . }} - app: "{{ include "http-header-injector.app.name" . }}" - name: "{{ include "http-header-injector.app.name" . }}" -spec: - replicas: 1 - selector: - matchLabels: - app: "{{ include "http-header-injector.app.name" . }}" - template: - metadata: - labels: - app.kubernetes.io/component: http-header-injector - app.kubernetes.io/instance: {{ .Release.Name }} - app.kubernetes.io/name: {{ include "http-header-injector.app.name" . }} - app: "{{ include "http-header-injector.app.name" . }}" - annotations: - checksum/config: {{ include (print $.Template.BasePath "/webhook-config.yaml") . | sha256sum }} - # This is here to make sure the generic injector gets restarted and picks up a new secret that may have been generated upon upgrade. - revision: "{{ .Release.Revision }}" - name: "{{ include "http-header-injector.app.name" . }}" - spec: - {{- include "http-header-injector.image.pullSecrets" . | nindent 6 }} - volumes: - - name: "{{ include "http-header-injector.webhook-config.name" . }}" - configMap: - name: "{{ include "http-header-injector.webhook-config.name" . }}" - - name: "{{ include "http-header-injector.cert-secret.name" . }}" - secret: - secretName: "{{ include "http-header-injector.cert-secret.name" . }}" - containers: - - image: "{{ include "http-header-injector.image.registry" (merge $containerConfig .) }}/{{ .Values.sidecarInjector.image.repository }}:{{ .Values.sidecarInjector.image.tag }}" - imagePullPolicy: {{ .Values.sidecarInjector.image.pullPolicy }} - name: http-header-injector - volumeMounts: - - name: "{{ include "http-header-injector.webhook-config.name" . }}" - mountPath: /etc/webhook/config - readOnly: true - - name: "{{ include "http-header-injector.cert-secret.name" . }}" - mountPath: /etc/webhook/certs - readOnly: true - command: [ "/sidecarinjector" ] - args: - - --port=8443 - - --sidecar-config-file=/etc/webhook/config/sidecarconfig.yaml - - --mutation-config-file=/etc/webhook/config/mutationconfig.yaml - - --cert-file-path=/etc/webhook/certs/tls.crt - - --key-file-path=/etc/webhook/certs/tls.key -{{- end -}} \ No newline at end of file diff --git a/charts/stackstate/stackstate-k8s-agent/1.0.68/charts/http-header-injector/templates/webhook-mutatingwebhookconfiguration.yaml b/charts/stackstate/stackstate-k8s-agent/1.0.68/charts/http-header-injector/templates/webhook-mutatingwebhookconfiguration.yaml deleted file mode 100644 index 32d58afde..000000000 --- a/charts/stackstate/stackstate-k8s-agent/1.0.68/charts/http-header-injector/templates/webhook-mutatingwebhookconfiguration.yaml +++ /dev/null @@ -1,52 +0,0 @@ -{{- if not (eq .Values.webhook.tls.mode "generated") }} -apiVersion: admissionregistration.k8s.io/v1 -kind: MutatingWebhookConfiguration -metadata: - name: "{{ include "http-header-injector.mutating-webhook.name" . }}" - namespace: "{{ .Release.Namespace }}" - labels: - app.kubernetes.io/component: http-header-injector - app.kubernetes.io/instance: {{ .Release.Name }} - app.kubernetes.io/name: {{ include "http-header-injector.app.name" . }} - annotations: - {{- if eq .Values.webhook.tls.mode "cert-manager" }} - cert-manager.io/inject-ca-from: {{ include "cert-manager.certificate.namespace" . }}/{{ include "http-header-injector.webhook-service.name" . }} - {{- else if eq .Values.webhook.tls.mode "secret" }} - cert-manager.io/inject-ca-from-secret: {{ .Release.Namespace }}/{{ .Values.webhook.tls.secret.name | required "'webhook.tls.secret.name' is required when webhook.tls.mode is 'secret'" }} - {{- end }} -webhooks: - - clientConfig: - {{- if eq .Values.webhook.tls.mode "provided" }} - caBundle: "{{ .Values.webhook.tls.provided.caBundle | b64enc }}" - {{- else if or (eq .Values.webhook.tls.mode "cert-manager") (eq .Values.webhook.tls.mode "secret") }} - caBundle: "" - {{- end }} - service: - name: "{{ include "http-header-injector.webhook-service.name" . }}" - path: /mutate - namespace: {{ .Release.Namespace }} - port: 8443 - # Putting failure on ignore, not doing so can crash the entire control plane if something goes wrong with the service. - failurePolicy: "{{ .Values.webhook.failurePolicy }}" - name: "{{ include "http-header-injector.mutatingwebhookconfiguration.name" . }}" - namespaceSelector: - matchExpressions: - - key: kubernetes.io/metadata.name - operator: NotIn - values: - - kube-system - - cert-manager - - {{ .Release.Namespace }} - rules: - - apiGroups: - - "" - apiVersions: - - v1 - operations: - - CREATE - resources: - - pods - sideEffects: None - admissionReviewVersions: - - v1 -{{- end }} diff --git a/charts/stackstate/stackstate-k8s-agent/1.0.68/charts/http-header-injector/templates/webhook-service.yaml b/charts/stackstate/stackstate-k8s-agent/1.0.68/charts/http-header-injector/templates/webhook-service.yaml deleted file mode 100644 index 6936a5d23..000000000 --- a/charts/stackstate/stackstate-k8s-agent/1.0.68/charts/http-header-injector/templates/webhook-service.yaml +++ /dev/null @@ -1,17 +0,0 @@ -{{- if .Values.enabled -}} -apiVersion: v1 -kind: Service -metadata: - labels: - app.kubernetes.io/component: http-header-injector - app.kubernetes.io/instance: {{ .Release.Name }} - app.kubernetes.io/name: {{ include "http-header-injector.app.name" . }} - name: "{{ include "http-header-injector.webhook-service.name" . }}" -spec: - ports: - - port: 8443 - protocol: TCP - targetPort: 8443 - selector: - app: "{{ include "http-header-injector.app.name" . }}" -{{- end -}} diff --git a/charts/stackstate/stackstate-k8s-agent/1.0.68/charts/http-header-injector/values.yaml b/charts/stackstate/stackstate-k8s-agent/1.0.68/charts/http-header-injector/values.yaml deleted file mode 100644 index b7ed95b53..000000000 --- a/charts/stackstate/stackstate-k8s-agent/1.0.68/charts/http-header-injector/values.yaml +++ /dev/null @@ -1,105 +0,0 @@ -# enabled -- Enable/disable the mutationwebhook -enabled: true - -# debug -- Enable debugging. This will leave leave artifacts around like the prehook jobs for further inspection -debug: false - -global: - # global.imageRegistry -- Globally override the image registry that is used. Can be overridden by specific containers. Defaults to quay.io - imageRegistry: null - # global.imagePullSecrets -- Globally add image pull secrets that are used. - imagePullSecrets: [] - # global.imagePullCredentials -- Globally define credentials for pulling images. - imagePullCredentials: {} - -images: - pullSecretName: - -# proxy -- Proxy being injected into pods for rewriting http headers -proxy: - image: - # proxy.image.registry -- Registry for the docker image. - registry: - # proxy.image.repository - Repository for the docker image - repository: "stackstate/http-header-injector-proxy" - # proxy.image.pullPolicy -- Policy when pulling an image - pullPolicy: IfNotPresent - # proxy.image.tag -- The tag for the docker image - tag: sha-5ff79451 - - # proxy.resource -- Resources for the proxy container - resources: - requests: - # proxy.resources.requests.memory -- Memory resource requests. - memory: "25Mi" - limits: - # proxy.resources.limits.memory -- Memory resource limits. - memory: "40Mi" - -# proxyInit -- InitContainer within pod which redirects traffic to the proxy container. -proxyInit: - image: - # proxyInit.image.registry -- Registry for the docker image - registry: - # proxyInit.image.repository - Repository for the docker image - repository: "stackstate/http-header-injector-proxy-init" - # proxyInit.image.pullPolicy -- Policy when pulling an image - pullPolicy: IfNotPresent - # proxyInit.image.tag -- The tag for the docker image - tag: sha-5ff79451 - -# sidecarInjector -- Service for injecting the proxy sidecar into pods -sidecarInjector: - image: - # sidecarInjector.image.registry -- Registry for the docker image. - registry: - # sidecarInjector.image.repository - Repository for the docker image - repository: "stackstate/generic-sidecar-injector" - # sidecarInjector.image.pullPolicy -- Policy when pulling an image - pullPolicy: IfNotPresent - # sidecarInjector.image.tag -- The tag for the docker image - tag: sha-9c852245 - -# certificatePrehook -- Helm prehook to setup/remove a certificate for the sidecarInjector mutationwebhook -certificatePrehook: - image: - # certificatePrehook.image.registry -- Registry for the docker image. - registry: - # certificatePrehook.image.repository - Repository for the docker image. - repository: stackstate/container-tools - # certificatePrehook.image.pullPolicy -- Policy when pulling an image - pullPolicy: IfNotPresent - # certificatePrehook.image.tag -- The tag for the docker image - tag: 1.2.0 - resources: - limits: - cpu: "100m" - memory: "100Mi" - requests: - cpu: "100m" - memory: "100Mi" - -# webhook -- MutationWebhook that will be installed to inject a sidecar into pods -webhook: - # webhook.failurePolicy -- How should the webhook fail? Best is to use Ignore, because there is a brief moment at initialization when the hook s there but the service not. Also, putting this to fail can cause the control plane be unresponsive. - failurePolicy: Ignore - tls: - # webhook.tls.mode -- The mode for the webhook. Can be "provided", "generated", "secret" or "cert-manager". If you want to use cert-manager, you need to install it first. NOTE: If you choose "generated", additional privileges are required to create the certificate and webhook at runtime. - mode: "generated" - provided: - # webhook.tls.provided.caBundle -- The caBundle that is used for the webhook. This is the certificate that is used to sign the webhook. Only used if you set webhook.tls.mode to "provided". - caBundle: "" - # webhook.tls.provided.crt -- The certificate that is used for the webhook. Only used if you set webhook.tls.mode to "provided". - crt: "" - # webhook.tls.provided.key -- The key that is used for the webhook. Only used if you set webhook.tls.mode to "provided". - key: "" - certManager: - # webhook.tls.certManager.issuer -- The issuer that is used for the webhook. Only used if you set webhook.tls.mode to "cert-manager". - issuer: "" - # webhook.tls.certManager.issuerKind -- The issuer kind that is used for the webhook, valid values are "Issuer" or "ClusterIssuer". Only used if you set webhook.tls.mode to "cert-manager". - issuerKind: "ClusterIssuer" - # webhook.tls.certManager.issuerNamespace -- The namespace the cert-manager issuer is located in. If left empty defaults to the release's namespace that is used for the webhook. Only used if you set webhook.tls.mode to "cert-manager". - issuerNamespace: "" - secret: - # webhook.tls.secret.name -- The name of the secret containing the pre-provisioned certificate data that is used for the webhook. Only used if you set webhook.tls.mode to "secret". - name: "" diff --git a/charts/stackstate/stackstate-k8s-agent/1.0.68/questions.yml b/charts/stackstate/stackstate-k8s-agent/1.0.68/questions.yml deleted file mode 100644 index 5d6e6a011..000000000 --- a/charts/stackstate/stackstate-k8s-agent/1.0.68/questions.yml +++ /dev/null @@ -1,184 +0,0 @@ -questions: - - variable: stackstate.apiKey - label: "StackState API Key" - type: string - description: "The API key for StackState." - required: true - group: General - - variable: stackstate.url - label: "StackState URL" - type: string - description: "The URL where StackState is running." - required: true - group: General - - variable: stackstate.cluster.name - label: "StackState Cluster Name" - type: string - description: "The StackState Cluster Name given when installing the instance of the Kubernetes StackPack in StackState. This is used to identify the cluster in StackState." - required: true - group: General - - variable: all.registry.override - label: "Override Default Image Registry" - type: boolean - description: "Whether or not to override the default image registry." - default: false - group: "General" - show_subquestions_if: true - subquestions: - - variable: all.image.registry - label: "Docker Image Registry" - type: string - description: "The registry to pull the StackState Agent images from." - default: "quay.io" - - variable: global.imagePullCredentials.username - label: "Docker Image Pull Username" - type: string - description: "The username to use when pulling the StackState Agent images." - - variable: global.imagePullCredentials.password - label: "Docker Image Pull Password" - type: secret - description: "The password to use when pulling the StackState Agent images." - - variable: nodeAgent.containers.agent.resources.override - label: "Override Node Agent Resource Allocation" - type: boolean - description: "Whether or not to override the default resources." - default: "false" - group: "Node Agent" - show_subquestions_if: true - subquestions: - - variable: nodeAgent.containers.agent.resources.requests.cpu - label: "CPU Requests" - type: string - description: "The requested CPU for the Node Agent." - default: "20m" - - variable: nodeAgent.containers.agent.resources.requests.memory - label: "Memory Requests" - type: string - description: "The requested memory for the Node Agent." - default: "180Mi" - - variable: nodeAgent.containers.agent.resources.limits.cpu - label: "CPU Limit" - type: string - description: "The CPU limit for the Node Agent." - default: "270m" - - variable: nodeAgent.containers.agent.resources.limits.memory - label: "Memory Limit" - type: string - description: "The memory limit for the Node Agent." - default: "420Mi" - - variable: nodeAgent.containers.processAgent.enabled - label: "Enable Process Agent" - type: boolean - description: "Whether or not to enable the Process Agent." - default: "true" - group: "Process Agent" - - variable: nodeAgent.skipKubeletTLSVerify - label: "Skip Kubelet TLS Verify" - type: boolean - description: "Whether or not to skip TLS verification when connecting to the kubelet API." - default: "true" - group: "Process Agent" - - variable: nodeAgent.containers.processAgent.resources.override - label: "Override Process Agent Resource Allocation" - type: boolean - description: "Whether or not to override the default resources." - default: "false" - group: "Process Agent" - show_subquestions_if: true - subquestions: - - variable: nodeAgent.containers.processAgent.resources.requests.cpu - label: "CPU Requests" - type: string - description: "The requested CPU for the Process Agent." - default: "25m" - - variable: nodeAgent.containers.processAgent.resources.requests.memory - label: "Memory Requests" - type: string - description: "The requested memory for the Process Agent." - default: "128Mi" - - variable: nodeAgent.containers.processAgent.resources.limits.cpu - label: "CPU Limit" - type: string - description: "The CPU limit for the Process Agent." - default: "125m" - - variable: nodeAgent.containers.processAgent.resources.limits.memory - label: "Memory Limit" - type: string - description: "The memory limit for the Process Agent." - default: "400Mi" - - variable: clusterAgent.enabled - label: "Enable Cluster Agent" - type: boolean - description: "Whether or not to enable the Cluster Agent." - default: "true" - group: "Cluster Agent" - - variable: clusterAgent.collection.kubernetesResources.secrets - label: "Collect Secret Resources" - type: boolean - description: | - Whether or not to collect Kubernetes Secrets. - NOTE: StackState will not send the actual data of the secrets, only the metadata and a secure hash of the data. - default: "true" - group: "Cluster Agent" - - variable: clusterAgent.resources.override - label: "Override Cluster Agent Resource Allocation" - type: boolean - description: "Whether or not to override the default resources." - default: "false" - group: "Cluster Agent" - show_subquestions_if: true - subquestions: - - variable: clusterAgent.resources.requests.cpu - label: "CPU Requests" - type: string - description: "The requested CPU for the Cluster Agent." - default: "70m" - - variable: clusterAgent.resources.requests.memory - label: "Memory Requests" - type: string - description: "The requested memory for the Cluster Agent." - default: "512Mi" - - variable: clusterAgent.resources.limits.cpu - label: "CPU Limit" - type: string - description: "The CPU limit for the Cluster Agent." - default: "400m" - - variable: clusterAgent.resources.limits.memory - label: "Memory Limit" - type: string - description: "The memory limit for the Cluster Agent." - default: "800Mi" - - variable: logsAgent.enabled - label: "Enable Logs Agent" - type: boolean - description: "Whether or not to enable the Logs Agent." - default: "true" - group: "Logs Agent" - - variable: logsAgent.resources.override - label: "Override Logs Agent Resource Allocation" - type: boolean - description: "Whether or not to override the default resources." - default: "false" - group: "Logs Agent" - show_subquestions_if: true - subquestions: - - variable: logsAgent.resources.requests.cpu - label: "CPU Requests" - type: string - description: "The requested CPU for the Logs Agent." - default: "20m" - - variable: logsAgent.resources.requests.memory - label: "Memory Requests" - type: string - description: "The requested memory for the Logs Agent." - default: "100Mi" - - variable: logsAgent.resources.limits.cpu - label: "CPU Limit" - type: string - description: "The CPU limit for the Logs Agent." - default: "1300m" - - variable: logsAgent.resources.limits.memory - label: "Memory Limit" - type: string - description: "The memory limit for the Logs Agent." - default: "192Mi" diff --git a/charts/stackstate/stackstate-k8s-agent/1.0.68/templates/_cluster-agent-kube-state-metrics.yaml b/charts/stackstate/stackstate-k8s-agent/1.0.68/templates/_cluster-agent-kube-state-metrics.yaml deleted file mode 100644 index f99fbf618..000000000 --- a/charts/stackstate/stackstate-k8s-agent/1.0.68/templates/_cluster-agent-kube-state-metrics.yaml +++ /dev/null @@ -1,62 +0,0 @@ -{{- define "cluster-agent-kube-state-metrics" -}} -{{- $kubeRes := .Values.clusterAgent.collection.kubernetesResources }} -{{- if .Values.clusterAgent.collection.kubeStateMetrics.clusterCheck }} -cluster_check: true -{{- end }} -init_config: -instances: - - collectors: - - nodes - - pods - - services - {{- if $kubeRes.persistentvolumeclaims }} - - persistentvolumeclaims - {{- end }} - {{- if $kubeRes.persistentvolumes }} - - persistentvolumes - {{- end }} - {{- if $kubeRes.namespaces }} - - namespaces - {{- end }} - {{- if $kubeRes.endpoints }} - - endpoints - {{- end }} - {{- if $kubeRes.daemonsets }} - - daemonsets - {{- end }} - {{- if $kubeRes.deployments }} - - deployments - {{- end }} - {{- if $kubeRes.replicasets }} - - replicasets - {{- end }} - {{- if $kubeRes.statefulsets }} - - statefulsets - {{- end }} - {{- if $kubeRes.cronjobs }} - - cronjobs - {{- end }} - {{- if $kubeRes.jobs }} - - jobs - {{- end }} - {{- if $kubeRes.ingresses }} - - ingresses - {{- end }} - {{- if $kubeRes.secrets }} - - secrets - {{- end }} - - resourcequotas - - replicationcontrollers - - limitranges - - horizontalpodautoscalers - - poddisruptionbudgets - - storageclasses - - volumeattachments - {{- if .Values.clusterAgent.collection.kubeStateMetrics.clusterCheck }} - skip_leader_election: true - {{- end }} - labels_as_tags: - {{ .Values.clusterAgent.collection.kubeStateMetrics.labelsAsTags | toYaml | indent 8 }} - annotations_as_tags: - {{ .Values.clusterAgent.collection.kubeStateMetrics.annotationsAsTags | toYaml | indent 8 }} -{{- end -}} diff --git a/charts/stackstate/stackstate-k8s-agent/1.0.68/templates/_container-agent.yaml b/charts/stackstate/stackstate-k8s-agent/1.0.68/templates/_container-agent.yaml deleted file mode 100644 index 033ca11ec..000000000 --- a/charts/stackstate/stackstate-k8s-agent/1.0.68/templates/_container-agent.yaml +++ /dev/null @@ -1,192 +0,0 @@ -{{- define "container-agent" -}} -- name: node-agent -{{- if .Values.all.hardening.enabled}} - lifecycle: - preStop: - exec: - command: [ "/bin/sh", "-c", "echo 'Giving slim.ai monitor time to submit data...'; sleep 120" ] -{{- end }} - image: "{{ include "stackstate-k8s-agent.imageRegistry" . }}/{{ .Values.nodeAgent.containers.agent.image.repository }}:{{ .Values.nodeAgent.containers.agent.image.tag }}" - imagePullPolicy: "{{ .Values.nodeAgent.containers.agent.image.pullPolicy }}" - env: - - name: STS_API_KEY - valueFrom: - secretKeyRef: - name: {{ include "stackstate-k8s-agent.fullname" . }} - key: sts-api-key - - name: STS_KUBERNETES_KUBELET_HOST - valueFrom: - fieldRef: - fieldPath: status.hostIP - - name: KUBERNETES_HOSTNAME - valueFrom: - fieldRef: - fieldPath: spec.nodeName - - name: STS_HOSTNAME - value: "$(KUBERNETES_HOSTNAME)-{{ .Values.stackstate.cluster.name}}" - - name: AGENT_VERSION - value: {{ .Values.nodeAgent.containers.agent.image.tag | quote }} - - name: HOST_PROC - value: "/host/proc" - - name: HOST_SYS - value: "/host/sys" - - name: KUBERNETES - value: "true" - - name: STS_APM_ENABLED - value: {{ .Values.nodeAgent.apm.enabled | quote }} - - name: STS_APM_URL - value: {{ include "stackstate-k8s-agent.stackstate.url" . }} - - name: STS_CLUSTER_AGENT_ENABLED - value: {{ .Values.clusterAgent.enabled | quote }} - {{- if .Values.clusterAgent.enabled }} - - name: STS_CLUSTER_AGENT_KUBERNETES_SERVICE_NAME - value: {{ .Release.Name }}-cluster-agent - - name: STS_CLUSTER_AGENT_AUTH_TOKEN - valueFrom: - secretKeyRef: - name: {{ include "stackstate-k8s-agent.fullname" . }} - key: sts-cluster-auth-token - {{- end }} - - name: STS_CLUSTER_NAME - value: {{ .Values.stackstate.cluster.name | quote }} - - name: STS_SKIP_VALIDATE_CLUSTERNAME - value: "true" - - name: STS_CHECKS_TAG_CARDINALITY - value: {{ .Values.nodeAgent.checksTagCardinality | quote }} - {{- if .Values.checksAgent.enabled }} - - name: STS_EXTRA_CONFIG_PROVIDERS - value: "endpointschecks" - {{- end }} - - name: STS_HEALTH_PORT - value: "5555" - - name: STS_LEADER_ELECTION - value: "false" - - name: LOG_LEVEL - value: {{ .Values.nodeAgent.containers.agent.logLevel | default .Values.nodeAgent.logLevel | quote }} - - name: STS_LOG_LEVEL - value: {{ .Values.nodeAgent.containers.agent.logLevel | default .Values.nodeAgent.logLevel | quote }} - - name: STS_NETWORK_TRACING_ENABLED - value: {{ .Values.nodeAgent.networkTracing.enabled | quote }} - - name: STS_PROTOCOL_INSPECTION_ENABLED - value: {{ .Values.nodeAgent.protocolInspection.enabled | quote }} - - name: STS_PROCESS_AGENT_ENABLED - value: {{ .Values.nodeAgent.containers.agent.processAgent.enabled | quote }} - - name: STS_CONTAINER_CHECK_INTERVAL - value: {{ .Values.processAgent.checkIntervals.container | quote }} - - name: STS_CONNECTION_CHECK_INTERVAL - value: {{ .Values.processAgent.checkIntervals.connections | quote }} - - name: STS_PROCESS_CHECK_INTERVAL - value: {{ .Values.processAgent.checkIntervals.process | quote }} - - name: STS_PROCESS_AGENT_URL - value: {{ include "stackstate-k8s-agent.stackstate.url" . }} - - name: STS_SKIP_SSL_VALIDATION - value: {{ .Values.nodeAgent.skipSslValidation | quote }} - - name: STS_SKIP_KUBELET_TLS_VERIFY - value: {{ .Values.nodeAgent.skipKubeletTLSVerify | quote }} - - name: STS_STS_URL - value: {{ include "stackstate-k8s-agent.stackstate.url" . }} - {{- if .Values.nodeAgent.containerRuntime.customSocketPath }} - - name: STS_CRI_SOCKET_PATH - value: {{ .Values.nodeAgent.containerRuntime.customSocketPath }} - {{- end }} - {{- range $key, $value := .Values.nodeAgent.containers.agent.env }} - - name: {{ $key }} - value: {{ $value | quote }} - {{- end }} - {{- range $key, $value := .Values.global.extraEnv.open }} - - name: {{ $key }} - value: {{ $value | quote }} - {{- end }} - {{- range $key, $value := .Values.global.extraEnv.secret }} - - name: {{ $key }} - valueFrom: - secretKeyRef: - name: {{ include "stackstate-k8s-agent.fullname" . }} - key: {{ $key }} - {{- end }} - {{- if .Values.nodeAgent.containers.agent.livenessProbe.enabled }} - livenessProbe: - httpGet: - path: /health - port: healthport - failureThreshold: {{ .Values.nodeAgent.containers.agent.livenessProbe.failureThreshold }} - initialDelaySeconds: {{ .Values.nodeAgent.containers.agent.livenessProbe.initialDelaySeconds }} - periodSeconds: {{ .Values.nodeAgent.containers.agent.livenessProbe.periodSeconds }} - successThreshold: {{ .Values.nodeAgent.containers.agent.livenessProbe.successThreshold }} - timeoutSeconds: {{ .Values.nodeAgent.containers.agent.livenessProbe.timeoutSeconds }} - {{- end }} - {{- if .Values.nodeAgent.containers.agent.readinessProbe.enabled }} - readinessProbe: - httpGet: - path: /health - port: healthport - failureThreshold: {{ .Values.nodeAgent.containers.agent.readinessProbe.failureThreshold }} - initialDelaySeconds: {{ .Values.nodeAgent.containers.agent.readinessProbe.initialDelaySeconds }} - periodSeconds: {{ .Values.nodeAgent.containers.agent.readinessProbe.periodSeconds }} - successThreshold: {{ .Values.nodeAgent.containers.agent.readinessProbe.successThreshold }} - timeoutSeconds: {{ .Values.nodeAgent.containers.agent.readinessProbe.timeoutSeconds }} - {{- end }} - ports: - - containerPort: 8126 - name: traceport - protocol: TCP - - containerPort: 5555 - name: healthport - protocol: TCP - {{- with .Values.nodeAgent.containers.agent.resources }} - resources: - {{- toYaml . | nindent 12 }} - {{- end }} - volumeMounts: - {{- if .Values.nodeAgent.containerRuntime.customSocketPath }} - - name: customcrisocket - mountPath: {{ .Values.nodeAgent.containerRuntime.customSocketPath }} - readOnly: true - {{- end }} - - name: crisocket - mountPath: /var/run/crio/crio.sock - readOnly: true - - name: containerdsocket - mountPath: /var/run/containerd/containerd.sock - readOnly: true - - name: kubelet - mountPath: /var/lib/kubelet - readOnly: true - - name: nfs - mountPath: /var/lib/nfs - readOnly: true - - name: dockersocket - mountPath: /var/run/docker.sock - readOnly: true - - name: dockernetns - mountPath: /run/docker/netns - readOnly: true - - name: dockeroverlay2 - mountPath: /var/lib/docker/overlay2 - readOnly: true - - name: procdir - mountPath: /host/proc - readOnly: true - - name: cgroups - mountPath: /host/sys/fs/cgroup - readOnly: true - {{- if .Values.nodeAgent.config.override }} - {{- range .Values.nodeAgent.config.override }} - - name: config-override-volume - mountPath: {{ .path }}/{{ .name }} - subPath: {{ .path | replace "/" "_"}}_{{ .name }} - readOnly: true - {{- end }} - {{- end }} -{{- if .Values.all.hardening.enabled}} - securityContext: - privileged: true - runAsUser: 0 # root - capabilities: - add: [ "ALL" ] - readOnlyRootFilesystem: false -{{- else }} - securityContext: - privileged: false -{{- end }} -{{- end -}} diff --git a/charts/stackstate/stackstate-k8s-agent/1.0.68/templates/_container-process-agent.yaml b/charts/stackstate/stackstate-k8s-agent/1.0.68/templates/_container-process-agent.yaml deleted file mode 100644 index fa6ceb592..000000000 --- a/charts/stackstate/stackstate-k8s-agent/1.0.68/templates/_container-process-agent.yaml +++ /dev/null @@ -1,162 +0,0 @@ -{{- define "container-process-agent" -}} -- name: process-agent -{{ if .Values.nodeAgent.containers.processAgent.image.registry }} - image: "{{ .Values.nodeAgent.containers.processAgent.image.registry }}/{{ .Values.nodeAgent.containers.processAgent.image.repository }}:{{ .Values.nodeAgent.containers.processAgent.image.tag }}" -{{ else }} - image: "{{ include "stackstate-k8s-agent.imageRegistry" . }}/{{ .Values.nodeAgent.containers.processAgent.image.repository }}:{{ .Values.nodeAgent.containers.processAgent.image.tag }}" -{{- end }} - imagePullPolicy: "{{ .Values.nodeAgent.containers.processAgent.image.pullPolicy }}" - ports: - - containerPort: 6063 - env: - - name: STS_API_KEY - valueFrom: - secretKeyRef: - name: {{ include "stackstate-k8s-agent.fullname" . }} - key: sts-api-key - - name: STS_KUBERNETES_KUBELET_HOST - valueFrom: - fieldRef: - fieldPath: status.hostIP - - name: KUBERNETES_HOSTNAME - valueFrom: - fieldRef: - fieldPath: spec.nodeName - - name: STS_HOSTNAME - value: "$(KUBERNETES_HOSTNAME)-{{ .Values.stackstate.cluster.name}}" - - name: AGENT_VERSION - value: {{ .Values.nodeAgent.containers.processAgent.image.tag | quote }} - - name: STS_LOG_TO_CONSOLE - value: "true" - - name: HOST_PROC - value: "/host/proc" - - name: HOST_SYS - value: "/host/sys" - - name: HOST_ETC - value: "/host/etc" - - name: KUBERNETES - value: "true" - - name: STS_CLUSTER_AGENT_ENABLED - value: {{ .Values.clusterAgent.enabled | quote }} - {{- if .Values.clusterAgent.enabled }} - - name: STS_CLUSTER_AGENT_KUBERNETES_SERVICE_NAME - value: {{ .Release.Name }}-cluster-agent - - name: STS_CLUSTER_AGENT_AUTH_TOKEN - valueFrom: - secretKeyRef: - name: {{ include "stackstate-k8s-agent.fullname" . }} - key: sts-cluster-auth-token - {{- end }} - - name: STS_CLUSTER_NAME - value: {{ .Values.stackstate.cluster.name | quote }} - - name: STS_SKIP_VALIDATE_CLUSTERNAME - value: "true" - - name: LOG_LEVEL - value: {{ .Values.nodeAgent.containers.processAgent.logLevel | default .Values.nodeAgent.logLevel | quote }} - - name: STS_LOG_LEVEL - value: {{ .Values.nodeAgent.containers.processAgent.logLevel | default .Values.nodeAgent.logLevel | quote }} - - name: STS_NETWORK_TRACING_ENABLED - value: {{ .Values.nodeAgent.networkTracing.enabled | quote }} - - name: STS_PROTOCOL_INSPECTION_ENABLED - value: {{ .Values.nodeAgent.protocolInspection.enabled | quote }} - - name: STS_PROCESS_AGENT_ENABLED - value: {{ .Values.nodeAgent.containers.processAgent.enabled | quote }} - - name: STS_CONTAINER_CHECK_INTERVAL - value: {{ .Values.processAgent.checkIntervals.container | quote }} - - name: STS_CONNECTION_CHECK_INTERVAL - value: {{ .Values.processAgent.checkIntervals.connections | quote }} - - name: STS_PROCESS_CHECK_INTERVAL - value: {{ .Values.processAgent.checkIntervals.process | quote }} - - name: GOMEMLIMIT - value: {{ .Values.processAgent.softMemoryLimit.goMemLimit | quote }} - - name: STS_HTTP_STATS_BUFFER_SIZE - value: {{ .Values.processAgent.softMemoryLimit.httpStatsBufferSize | quote }} - - name: STS_HTTP_OBSERVATIONS_BUFFER_SIZE - value: {{ .Values.processAgent.softMemoryLimit.httpObservationsBufferSize | quote }} - - name: STS_PROCESS_AGENT_URL - value: {{ include "stackstate-k8s-agent.stackstate.url" . }} - - name: STS_SKIP_SSL_VALIDATION - value: {{ .Values.nodeAgent.skipSslValidation | quote }} - - name: STS_SKIP_KUBELET_TLS_VERIFY - value: {{ .Values.nodeAgent.skipKubeletTLSVerify | quote }} - - name: STS_STS_URL - value: {{ include "stackstate-k8s-agent.stackstate.url" . }} - - name: STS_HTTP_TRACING_ENABLED - value: {{ .Values.nodeAgent.httpTracing.enabled | quote }} - {{- if .Values.nodeAgent.containerRuntime.customSocketPath }} - - name: STS_CRI_SOCKET_PATH - value: {{ .Values.nodeAgent.containerRuntime.customSocketPath }} - {{- end }} - {{- range $key, $value := .Values.nodeAgent.containers.processAgent.env }} - - name: {{ $key }} - value: {{ $value | quote }} - {{- end }} - {{- range $key, $value := .Values.global.extraEnv.open }} - - name: {{ $key }} - value: {{ $value | quote }} - {{- end }} - {{- range $key, $value := .Values.global.extraEnv.secret }} - - name: {{ $key }} - valueFrom: - secretKeyRef: - name: {{ include "stackstate-k8s-agent.fullname" . }} - key: {{ $key }} - {{- end }} - {{- with .Values.nodeAgent.containers.processAgent.resources }} - resources: - {{- toYaml . | nindent 12 }} - {{- end }} - volumeMounts: - {{- if .Values.nodeAgent.containerRuntime.customSocketPath }} - - name: customcrisocket - mountPath: {{ .Values.nodeAgent.containerRuntime.customSocketPath }} - readOnly: true - {{- end }} - - name: crisocket - mountPath: /var/run/crio/crio.sock - readOnly: true - - name: containerdsocket - mountPath: /var/run/containerd/containerd.sock - readOnly: true - - name: sys-kernel-debug - mountPath: /sys/kernel/debug - # Having sys-kernel-debug as read only breaks specific monitors from receiving metrics - # readOnly: true - - name: dockersocket - mountPath: /var/run/docker.sock - readOnly: true - # The agent needs access to /etc to figure out what os it is running on. - - name: etcdir - mountPath: /host/etc - readOnly: true - - name: procdir - mountPath: /host/proc - # We have an agent option STS_DISABLE_BPF_JIT_HARDEN that write to /proc. this is a debug setting but if we want to use - # it, we have the option to make /proc writable. - readOnly: {{ .Values.nodeAgent.containers.processAgent.procVolumeReadOnly }} - - name: passwd - mountPath: /etc/passwd - readOnly: true - - name: cgroups - mountPath: /host/sys/fs/cgroup - readOnly: true - {{- if .Values.nodeAgent.config.override }} - {{- range .Values.nodeAgent.config.override }} - - name: config-override-volume - mountPath: {{ .path }}/{{ .name }} - subPath: {{ .path | replace "/" "_"}}_{{ .name }} - readOnly: true - {{- end }} - {{- end }} -{{- if .Values.all.hardening.enabled}} - securityContext: - privileged: true - runAsUser: 0 # root - capabilities: - add: [ "ALL" ] - readOnlyRootFilesystem: false -{{- else }} - securityContext: - privileged: true -{{- end }} -{{- end -}} diff --git a/charts/stackstate/stackstate-k8s-agent/1.0.68/templates/_helpers.tpl b/charts/stackstate/stackstate-k8s-agent/1.0.68/templates/_helpers.tpl deleted file mode 100644 index 09a27fd6e..000000000 --- a/charts/stackstate/stackstate-k8s-agent/1.0.68/templates/_helpers.tpl +++ /dev/null @@ -1,175 +0,0 @@ -{{/* vim: set filetype=mustache: */}} -{{/* -Expand the name of the chart. -*/}} -{{- define "stackstate-k8s-agent.name" -}} -{{- default .Chart.Name .Values.nameOverride | trunc 63 | trimSuffix "-" -}} -{{- end -}} - -{{/* -Create a default fully qualified app name. -We truncate at 63 chars because some Kubernetes name fields are limited to this (by the DNS naming spec). -If release name contains chart name it will be used as a full name. -*/}} -{{- define "stackstate-k8s-agent.fullname" -}} -{{- if .Values.fullnameOverride -}} -{{- .Values.fullnameOverride | trunc 63 | trimSuffix "-" -}} -{{- else -}} -{{- $name := default .Chart.Name .Values.nameOverride -}} -{{- if contains $name .Release.Name -}} -{{- .Release.Name | trunc 63 | trimSuffix "-" -}} -{{- else -}} -{{- printf "%s-%s" .Release.Name $name | trunc 63 | trimSuffix "-" -}} -{{- end -}} -{{- end -}} -{{- end -}} - -{{/* -Create chart name and version as used by the chart label. -*/}} -{{- define "stackstate-k8s-agent.chart" -}} -{{- printf "%s-%s" .Chart.Name .Chart.Version | replace "+" "_" | trunc 63 | trimSuffix "-" -}} -{{- end -}} - -{{/* -Common labels -*/}} -{{- define "stackstate-k8s-agent.labels" -}} -app.kubernetes.io/name: {{ include "stackstate-k8s-agent.name" . }} -helm.sh/chart: {{ include "stackstate-k8s-agent.chart" . }} -app.kubernetes.io/instance: {{ .Release.Name }} -{{- if .Chart.AppVersion }} -app.kubernetes.io/version: {{ .Chart.AppVersion | quote }} -{{- end }} -app.kubernetes.io/managed-by: {{ .Release.Service }} -{{- end -}} - -{{/* -Cluster agent checksum annotations -*/}} -{{- define "stackstate-k8s-agent.checksum-configs" }} -checksum/secret: {{ include (print $.Template.BasePath "/secret.yaml") . | sha256sum }} -{{- end }} - -{{/* -StackState URL function -*/}} -{{- define "stackstate-k8s-agent.stackstate.url" -}} -{{ tpl .Values.stackstate.url . | quote }} -{{- end }} - -{{- define "stackstate-k8s-agent.configmap.override.checksum" -}} -{{- if .Values.clusterAgent.config.override }} -checksum/override-configmap: {{ include (print $.Template.BasePath "/cluster-agent-configmap.yaml") . | sha256sum }} -{{- end }} -{{- end }} - -{{- define "stackstate-k8s-agent.nodeAgent.configmap.override.checksum" -}} -{{- if .Values.nodeAgent.config.override }} -checksum/override-configmap: {{ include (print $.Template.BasePath "/node-agent-configmap.yaml") . | sha256sum }} -{{- end }} -{{- end }} - -{{- define "stackstate-k8s-agent.logsAgent.configmap.override.checksum" -}} -checksum/override-configmap: {{ include (print $.Template.BasePath "/logs-agent-configmap.yaml") . | sha256sum }} -{{- end }} - -{{- define "stackstate-k8s-agent.checksAgent.configmap.override.checksum" -}} -{{- if .Values.checksAgent.config.override }} -checksum/override-configmap: {{ include (print $.Template.BasePath "/checks-agent-configmap.yaml") . | sha256sum }} -{{- end }} -{{- end }} - - -{{/* -Return the image registry -*/}} -{{- define "stackstate-k8s-agent.imageRegistry" -}} - {{- if .Values.global }} - {{- .Values.global.imageRegistry | default .Values.all.image.registry -}} - {{- else -}} - {{- .Values.all.image.registry -}} - {{- end -}} -{{- end -}} - -{{/* -Renders a value that contains a template. -Usage: -{{ include "stackstate-k8s-agent.tplvalue.render" ( dict "value" .Values.path.to.the.Value "context" $) }} -*/}} -{{- define "stackstate-k8s-agent.tplvalue.render" -}} - {{- if typeIs "string" .value }} - {{- tpl .value .context }} - {{- else }} - {{- tpl (.value | toYaml) .context }} - {{- end }} -{{- end -}} - -{{- define "stackstate-k8s-agent.pull-secret.name" -}} -{{ include "stackstate-k8s-agent.fullname" . }}-pull-secret -{{- end -}} - -{{/* -Return the proper Docker Image Registry Secret Names evaluating values as templates -{{ include "stackstate-k8s-agent.image.pullSecrets" ( dict "images" (list .Values.path.to.the.image1, .Values.path.to.the.image2) "context" $) }} -*/}} -{{- define "stackstate-k8s-agent.image.pullSecrets" -}} - {{- $pullSecrets := list }} - {{- $context := .context }} - {{- if $context.Values.global }} - {{- range $context.Values.global.imagePullSecrets -}} - {{/* Is plain array of strings, compatible with all bitnami charts */}} - {{- $pullSecrets = append $pullSecrets (include "stackstate-k8s-agent.tplvalue.render" (dict "value" . "context" $context)) -}} - {{- end -}} - {{- end -}} - {{- range $context.Values.imagePullSecrets -}} - {{- $pullSecrets = append $pullSecrets (include "stackstate-k8s-agent.tplvalue.render" (dict "value" .name "context" $context)) -}} - {{- end -}} - {{- range .images -}} - {{- if .pullSecretName -}} - {{- $pullSecrets = append $pullSecrets (include "stackstate-k8s-agent.tplvalue.render" (dict "value" .pullSecretName "context" $context)) -}} - {{- end -}} - {{- end -}} - {{- $pullSecrets = append $pullSecrets (include "stackstate-k8s-agent.pull-secret.name" $context) -}} - {{- if (not (empty $pullSecrets)) -}} -imagePullSecrets: - {{- range $pullSecrets | uniq }} - - name: {{ . }} - {{- end }} - {{- end }} -{{- end -}} - -{{/* -Check whether the kubernetes-state-metrics configuration is overridden. If so, return 'true' else return nothing (which is false). -{{ include "stackstate-k8s-agent.kube-state-metrics.overridden" $ }} -*/}} -{{- define "stackstate-k8s-agent.kube-state-metrics.overridden" -}} -{{- if .Values.clusterAgent.config.override }} - {{- range $i, $val := .Values.clusterAgent.config.override }} - {{- if and (eq $val.name "conf.yaml") (eq $val.path "/etc/stackstate-agent/conf.d/kubernetes_state.d") }} -true - {{- end }} - {{- end }} -{{- end }} -{{- end -}} - -{{- define "stackstate-k8s-agent.nodeAgent.kube-state-metrics.overridden" -}} -{{- if .Values.nodeAgent.config.override }} - {{- range $i, $val := .Values.nodeAgent.config.override }} - {{- if and (eq $val.name "auto_conf.yaml") (eq $val.path "/etc/stackstate-agent/conf.d/kubernetes_state.d") }} -true - {{- end }} - {{- end }} -{{- end }} -{{- end -}} - -{{/* -Return the appropriate os label -*/}} -{{- define "label.os" -}} -{{- if semverCompare "^1.14-0" .Capabilities.KubeVersion.GitVersion -}} -kubernetes.io/os -{{- else -}} -beta.kubernetes.io/os -{{- end -}} -{{- end -}} diff --git a/charts/stackstate/stackstate-k8s-agent/1.0.68/templates/checks-agent-clusterrolebinding.yaml b/charts/stackstate/stackstate-k8s-agent/1.0.68/templates/checks-agent-clusterrolebinding.yaml deleted file mode 100644 index 9db8b0bc3..000000000 --- a/charts/stackstate/stackstate-k8s-agent/1.0.68/templates/checks-agent-clusterrolebinding.yaml +++ /dev/null @@ -1,18 +0,0 @@ -{{- if .Values.checksAgent.enabled }} -apiVersion: rbac.authorization.k8s.io/v1 -kind: ClusterRoleBinding -metadata: - name: {{ .Release.Name }}-checks-agent - labels: -{{ include "stackstate-k8s-agent.labels" . | indent 4 }} - app.kubernetes.io/component: checks-agent -roleRef: - apiGroup: rbac.authorization.k8s.io - kind: ClusterRole - name: {{ .Release.Name }}-node-agent -subjects: -- apiGroup: "" - kind: ServiceAccount - name: {{ .Release.Name }}-checks-agent - namespace: {{ .Release.Namespace }} -{{- end -}} diff --git a/charts/stackstate/stackstate-k8s-agent/1.0.68/templates/checks-agent-configmap.yaml b/charts/stackstate/stackstate-k8s-agent/1.0.68/templates/checks-agent-configmap.yaml deleted file mode 100644 index faeefa1fc..000000000 --- a/charts/stackstate/stackstate-k8s-agent/1.0.68/templates/checks-agent-configmap.yaml +++ /dev/null @@ -1,14 +0,0 @@ -{{- if and .Values.checksAgent.enabled .Values.checksAgent.config.override }} -apiVersion: v1 -kind: ConfigMap -metadata: - name: {{ .Release.Name }}-checks-agent - labels: -{{ include "stackstate-k8s-agent.labels" . | indent 4 }} - app.kubernetes.io/component: checks-agent -data: -{{- range .Values.checksAgent.config.override }} - {{ .path | replace "/" "_"}}_{{ .name }}: | -{{ .data | indent 4 -}} -{{- end -}} -{{- end -}} diff --git a/charts/stackstate/stackstate-k8s-agent/1.0.68/templates/checks-agent-deployment.yaml b/charts/stackstate/stackstate-k8s-agent/1.0.68/templates/checks-agent-deployment.yaml deleted file mode 100644 index 4530fc616..000000000 --- a/charts/stackstate/stackstate-k8s-agent/1.0.68/templates/checks-agent-deployment.yaml +++ /dev/null @@ -1,182 +0,0 @@ -{{- if .Values.checksAgent.enabled }} -apiVersion: apps/v1 -kind: Deployment -metadata: - name: {{ .Release.Name }}-checks-agent - namespace: {{ .Release.Namespace }} - labels: -{{ include "stackstate-k8s-agent.labels" . | indent 4 }} - app.kubernetes.io/component: checks-agent -spec: - selector: - matchLabels: - app.kubernetes.io/component: checks-agent - app.kubernetes.io/instance: {{ .Release.Name }} - app.kubernetes.io/name: {{ include "stackstate-k8s-agent.name" . }} - replicas: {{ .Values.checksAgent.replicas }} -{{- with .Values.checksAgent.strategy }} - strategy: - {{- toYaml . | nindent 4 }} -{{- end }} - template: - metadata: - annotations: - {{- include "stackstate-k8s-agent.checksum-configs" . | nindent 8 }} - {{- include "stackstate-k8s-agent.nodeAgent.configmap.override.checksum" . | nindent 8 }} - labels: - app.kubernetes.io/component: checks-agent - app.kubernetes.io/instance: {{ .Release.Name }} - app.kubernetes.io/name: {{ include "stackstate-k8s-agent.name" . }} - spec: - {{- include "stackstate-k8s-agent.image.pullSecrets" (dict "images" (list .Values.checksAgent.image .Values.all.image) "context" $) | nindent 6 }} - {{- if .Values.all.hardening.enabled}} - terminationGracePeriodSeconds: 240 - {{- end }} - containers: - - name: {{ .Chart.Name }} - image: "{{ include "stackstate-k8s-agent.imageRegistry" . }}/{{ .Values.checksAgent.image.repository }}:{{ .Values.checksAgent.image.tag }}" - imagePullPolicy: "{{ .Values.checksAgent.image.pullPolicy }}" - {{- if .Values.all.hardening.enabled}} - lifecycle: - preStop: - exec: - command: [ "/bin/sh", "-c", "echo 'Giving slim.ai monitor time to submit data...'; sleep 120" ] - {{- end }} - env: - - name: STS_API_KEY - valueFrom: - secretKeyRef: - name: {{ include "stackstate-k8s-agent.fullname" . }} - key: sts-api-key - - name: KUBERNETES_HOSTNAME - valueFrom: - fieldRef: - fieldPath: spec.nodeName - - name: STS_HOSTNAME - value: "$(KUBERNETES_HOSTNAME)-{{ .Values.stackstate.cluster.name}}" - - name: AGENT_VERSION - value: {{ .Values.checksAgent.image.tag | quote }} - - name: LOG_LEVEL - value: {{ .Values.checksAgent.logLevel | quote }} - - name: STS_APM_ENABLED - value: "false" - - name: STS_CLUSTER_AGENT_ENABLED - value: {{ .Values.clusterAgent.enabled | quote }} - {{- if .Values.clusterAgent.enabled }} - - name: STS_CLUSTER_AGENT_KUBERNETES_SERVICE_NAME - value: {{ .Release.Name }}-cluster-agent - - name: STS_CLUSTER_AGENT_AUTH_TOKEN - valueFrom: - secretKeyRef: - name: {{ include "stackstate-k8s-agent.fullname" . }} - key: sts-cluster-auth-token - {{- end }} - - name: STS_CLUSTER_NAME - value: {{ .Values.stackstate.cluster.name | quote }} - - name: STS_SKIP_VALIDATE_CLUSTERNAME - value: "true" - - name: STS_CHECKS_TAG_CARDINALITY - value: {{ .Values.checksAgent.checksTagCardinality | quote }} - - name: STS_EXTRA_CONFIG_PROVIDERS - value: "clusterchecks" - - name: STS_HEALTH_PORT - value: "5555" - - name: STS_LEADER_ELECTION - value: "false" - - name: STS_LOG_LEVEL - value: {{ .Values.checksAgent.logLevel | quote }} - - name: STS_NETWORK_TRACING_ENABLED - value: "false" - - name: STS_PROCESS_AGENT_ENABLED - value: "false" - - name: STS_SKIP_SSL_VALIDATION - value: {{ .Values.checksAgent.skipSslValidation | quote }} - - name: STS_STS_URL - value: {{ include "stackstate-k8s-agent.stackstate.url" . }} - {{- range $key, $value := .Values.global.extraEnv.open }} - - name: {{ $key }} - value: {{ $value | quote }} - {{- end }} - {{- range $key, $value := .Values.global.extraEnv.secret }} - - name: {{ $key }} - valueFrom: - secretKeyRef: - name: {{ include "stackstate-k8s-agent.fullname" . }} - key: {{ $key }} - {{- end }} - livenessProbe: - httpGet: - path: /health - port: healthport - failureThreshold: {{ .Values.checksAgent.livenessProbe.failureThreshold }} - initialDelaySeconds: {{ .Values.checksAgent.livenessProbe.initialDelaySeconds }} - periodSeconds: {{ .Values.checksAgent.livenessProbe.periodSeconds }} - successThreshold: {{ .Values.checksAgent.livenessProbe.successThreshold }} - timeoutSeconds: {{ .Values.checksAgent.livenessProbe.timeoutSeconds }} - readinessProbe: - httpGet: - path: /health - port: healthport - failureThreshold: {{ .Values.checksAgent.readinessProbe.failureThreshold }} - initialDelaySeconds: {{ .Values.checksAgent.readinessProbe.initialDelaySeconds }} - periodSeconds: {{ .Values.checksAgent.readinessProbe.periodSeconds }} - successThreshold: {{ .Values.checksAgent.readinessProbe.successThreshold }} - timeoutSeconds: {{ .Values.checksAgent.readinessProbe.timeoutSeconds }} - ports: - - containerPort: 5555 - name: healthport - protocol: TCP - {{- if .Values.all.hardening.enabled}} - securityContext: - privileged: true - runAsUser: 0 # root - capabilities: - add: [ "ALL" ] - readOnlyRootFilesystem: false - {{- else }} - securityContext: - privileged: false - {{- end }} - {{- with .Values.checksAgent.resources }} - resources: - {{- toYaml . | nindent 12 }} - {{- end }} - volumeMounts: - - name: confd-empty-volume - mountPath: /etc/stackstate-agent/conf.d -# setting as readOnly: false because we need the ability to write data on /etc/stackstate-agent/conf.d as we enable checks to run. - readOnly: false - {{- if .Values.checksAgent.config.override }} - {{- range .Values.checksAgent.config.override }} - - name: config-override-volume - mountPath: {{ .path }}/{{ .name }} - subPath: {{ .path | replace "/" "_"}}_{{ .name }} - readOnly: true - {{- end }} - {{- end }} - {{- if .Values.checksAgent.priorityClassName }} - priorityClassName: {{ .Values.checksAgent.priorityClassName }} - {{- end }} - serviceAccountName: {{ .Release.Name }}-checks-agent - nodeSelector: - {{ template "label.os" . }}: {{ .Values.targetSystem }} - {{- with .Values.checksAgent.nodeSelector }} - {{- toYaml . | nindent 8 }} - {{- end }} - {{- with .Values.checksAgent.affinity }} - affinity: - {{- toYaml . | nindent 8 }} - {{- end }} - {{- with .Values.checksAgent.tolerations }} - tolerations: - {{- toYaml . | nindent 8 }} - {{- end }} - volumes: - - name: confd-empty-volume - emptyDir: {} - {{- if .Values.checksAgent.config.override }} - - name: config-override-volume - configMap: - name: {{ .Release.Name }}-checks-agent - {{- end }} -{{- end -}} diff --git a/charts/stackstate/stackstate-k8s-agent/1.0.68/templates/checks-agent-poddisruptionbudget.yaml b/charts/stackstate/stackstate-k8s-agent/1.0.68/templates/checks-agent-poddisruptionbudget.yaml deleted file mode 100644 index 7a9f1d8f9..000000000 --- a/charts/stackstate/stackstate-k8s-agent/1.0.68/templates/checks-agent-poddisruptionbudget.yaml +++ /dev/null @@ -1,20 +0,0 @@ -{{- if .Values.checksAgent.enabled }} -{{- if .Capabilities.APIVersions.Has "policy/v1/PodDisruptionBudget" }} -apiVersion: policy/v1 -{{- else }} -apiVersion: policy/v1beta1 -{{- end }} -kind: PodDisruptionBudget -metadata: - name: {{ .Release.Name }}-checks-agent - labels: -{{ include "stackstate-k8s-agent.labels" . | indent 4 }} - app.kubernetes.io/component: checks-agent -spec: - maxUnavailable: 1 - selector: - matchLabels: - app.kubernetes.io/component: checks-agent - app.kubernetes.io/instance: {{ .Release.Name }} - app.kubernetes.io/name: {{ include "stackstate-k8s-agent.name" . }} -{{- end -}} diff --git a/charts/stackstate/stackstate-k8s-agent/1.0.68/templates/checks-agent-serviceaccount.yaml b/charts/stackstate/stackstate-k8s-agent/1.0.68/templates/checks-agent-serviceaccount.yaml deleted file mode 100644 index 444aad220..000000000 --- a/charts/stackstate/stackstate-k8s-agent/1.0.68/templates/checks-agent-serviceaccount.yaml +++ /dev/null @@ -1,14 +0,0 @@ -{{- if .Values.checksAgent.enabled }} -apiVersion: v1 -kind: ServiceAccount -metadata: - name: {{ .Release.Name }}-checks-agent - namespace: {{ .Release.Namespace }} - labels: -{{ include "stackstate-k8s-agent.labels" . | indent 4 }} - app.kubernetes.io/component: checks-agent -{{- end -}} -{{- with .Values.checksAgent.serviceaccount.annotations }} - annotations: - {{- toYaml . | nindent 4 }} -{{- end }} diff --git a/charts/stackstate/stackstate-k8s-agent/1.0.68/templates/cluster-agent-clusterrole.yaml b/charts/stackstate/stackstate-k8s-agent/1.0.68/templates/cluster-agent-clusterrole.yaml deleted file mode 100644 index 6a7b27d18..000000000 --- a/charts/stackstate/stackstate-k8s-agent/1.0.68/templates/cluster-agent-clusterrole.yaml +++ /dev/null @@ -1,106 +0,0 @@ -{{- $kubeRes := .Values.clusterAgent.collection.kubernetesResources }} -apiVersion: rbac.authorization.k8s.io/v1 -kind: ClusterRole -metadata: - name: {{ include "stackstate-k8s-agent.fullname" . }} - labels: -{{ include "stackstate-k8s-agent.labels" . | indent 4 }} - app.kubernetes.io/component: cluster-agent -rules: -- apiGroups: - - "" - resources: - - events - - nodes - - pods - - services - {{- if $kubeRes.namespaces }} - - namespaces - {{- end }} - {{- if .Values.clusterAgent.collection.kubernetesMetrics }} - - componentstatuses - {{- end }} - {{- if $kubeRes.configmaps }} - - configmaps - {{- end }} - {{- if $kubeRes.endpoints }} - - endpoints - {{- end }} - {{- if $kubeRes.persistentvolumeclaims }} - - persistentvolumeclaims - {{- end }} - {{- if $kubeRes.persistentvolumes }} - - persistentvolumes - {{- end }} - {{- if $kubeRes.secrets }} - - secrets - {{- end }} - {{- if $kubeRes.resourcequotas }} - - resourcequotas - {{- end }} - verbs: - - get - - list - - watch -{{- if or $kubeRes.daemonsets $kubeRes.deployments $kubeRes.replicasets $kubeRes.statefulsets }} -- apiGroups: - - "apps" - resources: - {{- if $kubeRes.daemonsets }} - - daemonsets - {{- end }} - {{- if $kubeRes.deployments }} - - deployments - {{- end }} - {{- if $kubeRes.replicasets }} - - replicasets - {{- end }} - {{- if $kubeRes.statefulsets }} - - statefulsets - {{- end }} - verbs: - - get - - list - - watch -{{- end}} -{{- if $kubeRes.ingresses }} -- apiGroups: - - "extensions" - - "networking.k8s.io" - resources: - - ingresses - verbs: - - get - - list - - watch -{{- end}} -{{- if or $kubeRes.cronjobs $kubeRes.jobs }} -- apiGroups: - - "batch" - resources: - {{- if $kubeRes.cronjobs }} - - cronjobs - {{- end }} - {{- if $kubeRes.jobs }} - - jobs - {{- end }} - verbs: - - get - - list - - watch -{{- end}} -- nonResourceURLs: - - "/healthz" - - "/version" - verbs: - - get -- apiGroups: - - "storage.k8s.io" - resources: - {{- if $kubeRes.volumeattachments }} - - volumeattachments - {{- end }} - verbs: - - get - - list - - watch diff --git a/charts/stackstate/stackstate-k8s-agent/1.0.68/templates/cluster-agent-clusterrolebinding.yaml b/charts/stackstate/stackstate-k8s-agent/1.0.68/templates/cluster-agent-clusterrolebinding.yaml deleted file mode 100644 index 0b1bd37ea..000000000 --- a/charts/stackstate/stackstate-k8s-agent/1.0.68/templates/cluster-agent-clusterrolebinding.yaml +++ /dev/null @@ -1,16 +0,0 @@ -apiVersion: rbac.authorization.k8s.io/v1 -kind: ClusterRoleBinding -metadata: - name: {{ include "stackstate-k8s-agent.fullname" . }} - labels: -{{ include "stackstate-k8s-agent.labels" . | indent 4 }} - app.kubernetes.io/component: cluster-agent -roleRef: - apiGroup: rbac.authorization.k8s.io - kind: ClusterRole - name: {{ include "stackstate-k8s-agent.fullname" . }} -subjects: -- apiGroup: "" - kind: ServiceAccount - name: {{ include "stackstate-k8s-agent.fullname" . }} - namespace: {{ .Release.Namespace }} diff --git a/charts/stackstate/stackstate-k8s-agent/1.0.68/templates/cluster-agent-configmap.yaml b/charts/stackstate/stackstate-k8s-agent/1.0.68/templates/cluster-agent-configmap.yaml deleted file mode 100644 index 89273e11b..000000000 --- a/charts/stackstate/stackstate-k8s-agent/1.0.68/templates/cluster-agent-configmap.yaml +++ /dev/null @@ -1,28 +0,0 @@ -apiVersion: v1 -kind: ConfigMap -metadata: - name: {{ .Release.Name }}-cluster-agent - labels: -{{ include "stackstate-k8s-agent.labels" . | indent 4 }} - app.kubernetes.io/component: cluster-agent -data: - kubernetes_api_events_conf: | - init_config: - instances: - - collect_events: {{ .Values.clusterAgent.collection.kubernetesEvents }} - event_categories:{{ .Values.clusterAgent.config.events.categories | toYaml | nindent 10 }} - kubernetes_api_topology_conf: | - init_config: - instances: - - collection_interval: {{ .Values.clusterAgent.config.topology.collectionInterval }} - resources:{{ .Values.clusterAgent.collection.kubernetesResources | toYaml | nindent 10 }} - {{- if .Values.clusterAgent.collection.kubeStateMetrics.enabled }} - kube_state_metrics_core_conf: | - {{- include "cluster-agent-kube-state-metrics" . | nindent 6 }} - {{- end }} -{{- if .Values.clusterAgent.config.override }} -{{- range .Values.clusterAgent.config.override }} - {{ .path | replace "/" "_"}}_{{ .name }}: | -{{ .data | indent 4 -}} -{{- end -}} -{{- end -}} diff --git a/charts/stackstate/stackstate-k8s-agent/1.0.68/templates/cluster-agent-deployment.yaml b/charts/stackstate/stackstate-k8s-agent/1.0.68/templates/cluster-agent-deployment.yaml deleted file mode 100644 index 60c50803a..000000000 --- a/charts/stackstate/stackstate-k8s-agent/1.0.68/templates/cluster-agent-deployment.yaml +++ /dev/null @@ -1,164 +0,0 @@ -apiVersion: apps/v1 -kind: Deployment -metadata: - name: {{ .Release.Name }}-cluster-agent - labels: -{{ include "stackstate-k8s-agent.labels" . | indent 4 }} - app.kubernetes.io/component: cluster-agent -spec: - replicas: {{ .Values.clusterAgent.replicaCount }} - selector: - matchLabels: - app.kubernetes.io/component: cluster-agent - app.kubernetes.io/instance: {{ .Release.Name }} - app.kubernetes.io/name: {{ include "stackstate-k8s-agent.name" . }} -{{- with .Values.clusterAgent.strategy }} - strategy: - {{- toYaml . | nindent 4 }} -{{- end }} - template: - metadata: - annotations: - {{- include "stackstate-k8s-agent.checksum-configs" . | nindent 8 }} - {{- include "stackstate-k8s-agent.configmap.override.checksum" . | nindent 8 }} - labels: - app.kubernetes.io/component: cluster-agent - app.kubernetes.io/instance: {{ .Release.Name }} - app.kubernetes.io/name: {{ include "stackstate-k8s-agent.name" . }} - spec: - {{- include "stackstate-k8s-agent.image.pullSecrets" (dict "images" (list .Values.clusterAgent.image .Values.all.image) "context" $) | nindent 6 }} - {{- if .Values.clusterAgent.priorityClassName }} - priorityClassName: {{ .Values.clusterAgent.priorityClassName }} - {{- end }} - serviceAccountName: {{ include "stackstate-k8s-agent.fullname" . }} - {{- if .Values.all.hardening.enabled}} - terminationGracePeriodSeconds: 240 - {{- end }} - containers: - - name: cluster-agent - image: "{{ include "stackstate-k8s-agent.imageRegistry" . }}/{{ .Values.clusterAgent.image.repository }}:{{ .Values.clusterAgent.image.tag }}" - imagePullPolicy: "{{ .Values.clusterAgent.image.pullPolicy }}" - {{- if .Values.all.hardening.enabled}} - lifecycle: - preStop: - exec: - command: [ "/bin/sh", "-c", "echo 'Giving slim.ai monitor time to submit data...'; sleep 120" ] - {{- end }} - env: - - name: STS_API_KEY - valueFrom: - secretKeyRef: - name: {{ include "stackstate-k8s-agent.fullname" . }} - key: sts-api-key - - name: STS_CLUSTER_AGENT_AUTH_TOKEN - valueFrom: - secretKeyRef: - name: {{ include "stackstate-k8s-agent.fullname" . }} - key: sts-cluster-auth-token - - name: KUBERNETES_HOSTNAME - valueFrom: - fieldRef: - fieldPath: spec.nodeName - - name: STS_HOSTNAME - value: "$(KUBERNETES_HOSTNAME)-{{ .Values.stackstate.cluster.name}}" - - name: LOG_LEVEL - value: {{ .Values.clusterAgent.logLevel | quote }} - {{- if .Values.checksAgent.enabled }} - - name: STS_CLUSTER_CHECKS_ENABLED - value: "true" - - name: STS_EXTRA_CONFIG_PROVIDERS - value: "kube_endpoints kube_services" - - name: STS_EXTRA_LISTENERS - value: "kube_endpoints kube_services" - {{- end }} - - name: STS_CLUSTER_NAME - value: {{.Values.stackstate.cluster.name | quote }} - - name: STS_SKIP_VALIDATE_CLUSTERNAME - value: "true" - - name: STS_COLLECT_KUBERNETES_METRICS - value: {{ .Values.clusterAgent.collection.kubernetesMetrics | quote }} - - name: STS_COLLECT_KUBERNETES_TIMEOUT - value: {{ .Values.clusterAgent.collection.kubernetesTimeout | quote }} - - name: STS_COLLECT_KUBERNETES_TOPOLOGY - value: {{ .Values.clusterAgent.collection.kubernetesTopology | quote }} - - name: STS_LEADER_ELECTION - value: "true" - - name: STS_LOG_LEVEL - value: {{ .Values.clusterAgent.logLevel | quote }} - - name: STS_CLUSTER_AGENT_CMD_PORT - value: {{ .Values.clusterAgent.service.targetPort | quote }} - - name: STS_STS_URL - value: {{ include "stackstate-k8s-agent.stackstate.url" . }} - {{- if .Values.clusterAgent.config.configMap.maxDataSize }} - - name: STS_CONFIGMAP_MAX_DATASIZE - value: {{ .Values.clusterAgent.config.configMap.maxDataSize | quote }} - {{- end}} - {{- range $key, $value := .Values.global.extraEnv.open }} - - name: {{ $key }} - value: {{ $value | quote }} - {{- end }} - {{- range $key, $value := .Values.global.extraEnv.secret }} - - name: {{ $key }} - valueFrom: - secretKeyRef: - name: {{ include "stackstate-k8s-agent.fullname" . }} - key: {{ $key }} - {{- end }} - {{- if .Values.all.hardening.enabled}} - securityContext: - privileged: true - runAsUser: 0 # root - capabilities: - add: [ "ALL" ] - readOnlyRootFilesystem: false - {{- else }} - securityContext: - privileged: false - {{- end }} - {{- with .Values.clusterAgent.resources }} - resources: - {{- toYaml . | nindent 12 }} - {{- end }} - volumeMounts: - - name: logs - mountPath: /var/log/stackstate-agent - - name: config-override-volume - mountPath: /etc/stackstate-agent/conf.d/kubernetes_api_events.d/conf.yaml - subPath: kubernetes_api_events_conf - - name: config-override-volume - mountPath: /etc/stackstate-agent/conf.d/kubernetes_api_topology.d/conf.yaml - subPath: kubernetes_api_topology_conf - readOnly: true - {{- if .Values.clusterAgent.collection.kubeStateMetrics.enabled }} - - name: config-override-volume - mountPath: /etc/stackstate-agent/conf.d/kubernetes_state_core.d/conf.yaml - subPath: kube_state_metrics_core_conf - readOnly: true - {{- end }} - {{- if .Values.clusterAgent.config.override }} - {{- range .Values.clusterAgent.config.override }} - - name: config-override-volume - mountPath: {{ .path }}/{{ .name }} - subPath: {{ .path | replace "/" "_"}}_{{ .name }} - readOnly: true - {{- end }} - {{- end }} - nodeSelector: - {{ template "label.os" . }}: {{ .Values.targetSystem }} - {{- with .Values.clusterAgent.nodeSelector }} - {{- toYaml . | nindent 8 }} - {{- end }} - {{- with .Values.clusterAgent.affinity }} - affinity: - {{- toYaml . | nindent 8 }} - {{- end }} - {{- with .Values.clusterAgent.tolerations }} - tolerations: - {{- toYaml . | nindent 8 }} - {{- end }} - volumes: - - name: logs - emptyDir: {} - - name: config-override-volume - configMap: - name: {{ .Release.Name }}-cluster-agent diff --git a/charts/stackstate/stackstate-k8s-agent/1.0.68/templates/cluster-agent-poddisruptionbudget.yaml b/charts/stackstate/stackstate-k8s-agent/1.0.68/templates/cluster-agent-poddisruptionbudget.yaml deleted file mode 100644 index 652fa63d9..000000000 --- a/charts/stackstate/stackstate-k8s-agent/1.0.68/templates/cluster-agent-poddisruptionbudget.yaml +++ /dev/null @@ -1,18 +0,0 @@ -{{- if .Capabilities.APIVersions.Has "policy/v1/PodDisruptionBudget" }} -apiVersion: policy/v1 -{{- else }} -apiVersion: policy/v1beta1 -{{- end }} -kind: PodDisruptionBudget -metadata: - name: {{ include "stackstate-k8s-agent.fullname" . }} - labels: -{{ include "stackstate-k8s-agent.labels" . | indent 4 }} - app.kubernetes.io/component: cluster-agent -spec: - maxUnavailable: 1 - selector: - matchLabels: - app.kubernetes.io/component: cluster-agent - app.kubernetes.io/instance: {{ .Release.Name }} - app.kubernetes.io/name: {{ include "stackstate-k8s-agent.name" . }} diff --git a/charts/stackstate/stackstate-k8s-agent/1.0.68/templates/cluster-agent-role.yaml b/charts/stackstate/stackstate-k8s-agent/1.0.68/templates/cluster-agent-role.yaml deleted file mode 100644 index afe1594c1..000000000 --- a/charts/stackstate/stackstate-k8s-agent/1.0.68/templates/cluster-agent-role.yaml +++ /dev/null @@ -1,18 +0,0 @@ -{{- $kubeRes := .Values.clusterAgent.collection.kubernetesResources }} -apiVersion: rbac.authorization.k8s.io/v1 -kind: Role -metadata: - name: {{ include "stackstate-k8s-agent.fullname" . }} - labels: -{{ include "stackstate-k8s-agent.labels" . | indent 4 }} - app.kubernetes.io/component: cluster-agent -rules: -- apiGroups: - - "" - resources: - - configmaps - verbs: - - create - - get - - patch - - update diff --git a/charts/stackstate/stackstate-k8s-agent/1.0.68/templates/cluster-agent-rolebinding.yaml b/charts/stackstate/stackstate-k8s-agent/1.0.68/templates/cluster-agent-rolebinding.yaml deleted file mode 100644 index befaa77f2..000000000 --- a/charts/stackstate/stackstate-k8s-agent/1.0.68/templates/cluster-agent-rolebinding.yaml +++ /dev/null @@ -1,15 +0,0 @@ -apiVersion: rbac.authorization.k8s.io/v1 -kind: RoleBinding -metadata: - name: {{ include "stackstate-k8s-agent.fullname" . }} - labels: -{{ include "stackstate-k8s-agent.labels" . | indent 4 }} - app.kubernetes.io/component: cluster-agent -roleRef: - apiGroup: rbac.authorization.k8s.io - kind: Role - name: {{ include "stackstate-k8s-agent.fullname" . }} -subjects: -- apiGroup: "" - kind: ServiceAccount - name: {{ include "stackstate-k8s-agent.fullname" . }} diff --git a/charts/stackstate/stackstate-k8s-agent/1.0.68/templates/cluster-agent-service.yaml b/charts/stackstate/stackstate-k8s-agent/1.0.68/templates/cluster-agent-service.yaml deleted file mode 100644 index 93c39aaba..000000000 --- a/charts/stackstate/stackstate-k8s-agent/1.0.68/templates/cluster-agent-service.yaml +++ /dev/null @@ -1,18 +0,0 @@ -apiVersion: v1 -kind: Service -metadata: - name: {{ .Release.Name }}-cluster-agent - namespace: {{ .Release.Namespace }} - labels: -{{ include "stackstate-k8s-agent.labels" . | indent 4 }} - app.kubernetes.io/component: cluster-agent -spec: - ports: - - name: clusteragent - port: {{int .Values.clusterAgent.service.port }} - protocol: TCP - targetPort: {{int .Values.clusterAgent.service.targetPort }} - selector: - app.kubernetes.io/component: cluster-agent - app.kubernetes.io/instance: {{ .Release.Name }} - app.kubernetes.io/name: {{ include "stackstate-k8s-agent.name" . }} diff --git a/charts/stackstate/stackstate-k8s-agent/1.0.68/templates/cluster-agent-serviceaccount.yaml b/charts/stackstate/stackstate-k8s-agent/1.0.68/templates/cluster-agent-serviceaccount.yaml deleted file mode 100644 index ff7b7be35..000000000 --- a/charts/stackstate/stackstate-k8s-agent/1.0.68/templates/cluster-agent-serviceaccount.yaml +++ /dev/null @@ -1,12 +0,0 @@ -apiVersion: v1 -kind: ServiceAccount -metadata: - name: {{ include "stackstate-k8s-agent.fullname" . }} - namespace: {{ .Release.Namespace }} - labels: -{{ include "stackstate-k8s-agent.labels" . | indent 4 }} - app.kubernetes.io/component: cluster-agent -{{- with .Values.clusterAgent.serviceaccount.annotations }} - annotations: - {{- toYaml . | nindent 4 }} -{{- end }} diff --git a/charts/stackstate/stackstate-k8s-agent/1.0.68/templates/logs-agent-clusterrole.yaml b/charts/stackstate/stackstate-k8s-agent/1.0.68/templates/logs-agent-clusterrole.yaml deleted file mode 100644 index 70d70aa47..000000000 --- a/charts/stackstate/stackstate-k8s-agent/1.0.68/templates/logs-agent-clusterrole.yaml +++ /dev/null @@ -1,20 +0,0 @@ -{{- if .Values.logsAgent.enabled }} -apiVersion: rbac.authorization.k8s.io/v1 -kind: ClusterRole -metadata: - name: {{ .Release.Name }}-logs-agent - labels: -{{ include "stackstate-k8s-agent.labels" . | indent 4 }} - app.kubernetes.io/component: logs-agent -rules: -- apiGroups: # Kubelet connectivity - - "" - resources: - - nodes - - services - - pods - verbs: - - get - - watch - - list -{{- end -}} diff --git a/charts/stackstate/stackstate-k8s-agent/1.0.68/templates/logs-agent-clusterrolebinding.yaml b/charts/stackstate/stackstate-k8s-agent/1.0.68/templates/logs-agent-clusterrolebinding.yaml deleted file mode 100644 index 802c5d8c5..000000000 --- a/charts/stackstate/stackstate-k8s-agent/1.0.68/templates/logs-agent-clusterrolebinding.yaml +++ /dev/null @@ -1,18 +0,0 @@ -{{- if .Values.logsAgent.enabled }} -apiVersion: rbac.authorization.k8s.io/v1 -kind: ClusterRoleBinding -metadata: - name: {{ .Release.Name }}-logs-agent - labels: -{{ include "stackstate-k8s-agent.labels" . | indent 4 }} - app.kubernetes.io/component: logs-agent -roleRef: - apiGroup: rbac.authorization.k8s.io - kind: ClusterRole - name: {{ .Release.Name }}-logs-agent -subjects: -- apiGroup: "" - kind: ServiceAccount - name: {{ .Release.Name }}-logs-agent - namespace: {{ .Release.Namespace }} -{{- end -}} diff --git a/charts/stackstate/stackstate-k8s-agent/1.0.68/templates/logs-agent-configmap.yaml b/charts/stackstate/stackstate-k8s-agent/1.0.68/templates/logs-agent-configmap.yaml deleted file mode 100644 index c934777ef..000000000 --- a/charts/stackstate/stackstate-k8s-agent/1.0.68/templates/logs-agent-configmap.yaml +++ /dev/null @@ -1,54 +0,0 @@ -{{- if .Values.logsAgent.enabled }} -apiVersion: v1 -kind: ConfigMap -metadata: - name: {{ .Release.Name }}-logs-agent - labels: -{{ include "stackstate-k8s-agent.labels" . | indent 4 }} - app.kubernetes.io/component: logs-agent -data: - promtail.yaml: | - server: - http_listen_port: 9080 - grpc_listen_port: 0 - - clients: - - url: {{ tpl .Values.stackstate.url . }}/logs/k8s?api_key=${STS_API_KEY} - external_labels: - sts_cluster_name: {{ .Values.stackstate.cluster.name | quote }} - - positions: - filename: /tmp/positions.yaml - target_config: - sync_period: 10s - scrape_configs: - - job_name: pod-logs - kubernetes_sd_configs: - - role: pod - pipeline_stages: - - docker: {} - - cri: {} - relabel_configs: - - action: replace - source_labels: - - __meta_kubernetes_pod_name - target_label: pod_name - - action: replace - source_labels: - - __meta_kubernetes_pod_uid - target_label: pod_uid - - action: replace - source_labels: - - __meta_kubernetes_pod_container_name - target_label: container_name - # The __path__ is required by the promtail client - - replacement: /var/log/pods/*$1/*.log - separator: / - source_labels: - - __meta_kubernetes_pod_uid - - __meta_kubernetes_pod_container_name - target_label: __path__ - # Drop all remaining labels, we do not need those - - action: drop - regex: __meta_(.*) -{{- end -}} diff --git a/charts/stackstate/stackstate-k8s-agent/1.0.68/templates/logs-agent-daemonset.yaml b/charts/stackstate/stackstate-k8s-agent/1.0.68/templates/logs-agent-daemonset.yaml deleted file mode 100644 index 015cdba2a..000000000 --- a/charts/stackstate/stackstate-k8s-agent/1.0.68/templates/logs-agent-daemonset.yaml +++ /dev/null @@ -1,90 +0,0 @@ -{{- if .Values.logsAgent.enabled }} -apiVersion: apps/v1 -kind: DaemonSet -metadata: - name: {{ .Release.Name }}-logs-agent - namespace: {{ .Release.Namespace }} - labels: -{{ include "stackstate-k8s-agent.labels" . | indent 4 }} - app.kubernetes.io/component: logs-agent -spec: - selector: - matchLabels: - app.kubernetes.io/component: logs-agent - app.kubernetes.io/instance: {{ .Release.Name }} - app.kubernetes.io/name: {{ include "stackstate-k8s-agent.name" . }} -{{- with .Values.logsAgent.updateStrategy }} - updateStrategy: - {{- toYaml . | nindent 4 }} -{{- end }} - template: - metadata: - annotations: - {{- include "stackstate-k8s-agent.checksum-configs" . | nindent 8 }} - {{- include "stackstate-k8s-agent.logsAgent.configmap.override.checksum" . | nindent 8 }} - labels: - app.kubernetes.io/component: logs-agent - app.kubernetes.io/instance: {{ .Release.Name }} - app.kubernetes.io/name: {{ include "stackstate-k8s-agent.name" . }} - spec: - {{- include "stackstate-k8s-agent.image.pullSecrets" (dict "images" (list .Values.logsAgent.image .Values.all.image) "context" $) | nindent 6 }} - containers: - - name: logs-agent - image: "{{ include "stackstate-k8s-agent.imageRegistry" . }}/{{ .Values.logsAgent.image.repository }}:{{ .Values.logsAgent.image.tag }}" - args: - - -config.expand-env=true - - -config.file=/etc/promtail/promtail.yaml - imagePullPolicy: "{{ .Values.logsAgent.image.pullPolicy }}" - env: - - name: STS_API_KEY - valueFrom: - secretKeyRef: - name: {{ include "stackstate-k8s-agent.fullname" . }} - key: sts-api-key - - name: "HOSTNAME" # needed when using kubernetes_sd_configs - valueFrom: - fieldRef: - fieldPath: "spec.nodeName" - securityContext: - privileged: false - {{- with .Values.logsAgent.resources }} - resources: - {{- toYaml . | nindent 12 }} - {{- end }} - volumeMounts: - - name: logs - mountPath: /var/log - readOnly: true - - name: logs-agent-config - mountPath: /etc/promtail - readOnly: true - - name: varlibdockercontainers - mountPath: /var/lib/docker/containers - readOnly: true - {{- if .Values.logsAgent.priorityClassName }} - priorityClassName: {{ .Values.logsAgent.priorityClassName }} - {{- end }} - serviceAccountName: {{ .Release.Name }}-logs-agent - {{- with .Values.logsAgent.nodeSelector }} - nodeSelector: - {{- toYaml . | nindent 8 }} - {{- end }} - {{- with .Values.logsAgent.affinity }} - affinity: - {{- toYaml . | nindent 8 }} - {{- end }} - {{- with .Values.logsAgent.tolerations }} - tolerations: - {{- toYaml . | nindent 8 }} - {{- end }} - volumes: - - name: logs - hostPath: - path: /var/log - - name: varlibdockercontainers - hostPath: - path: /var/lib/docker/containers - - name: logs-agent-config - configMap: - name: {{ .Release.Name }}-logs-agent -{{- end -}} diff --git a/charts/stackstate/stackstate-k8s-agent/1.0.68/templates/logs-agent-serviceaccount.yaml b/charts/stackstate/stackstate-k8s-agent/1.0.68/templates/logs-agent-serviceaccount.yaml deleted file mode 100644 index e562c04e4..000000000 --- a/charts/stackstate/stackstate-k8s-agent/1.0.68/templates/logs-agent-serviceaccount.yaml +++ /dev/null @@ -1,14 +0,0 @@ -{{- if .Values.logsAgent.enabled }} -apiVersion: v1 -kind: ServiceAccount -metadata: - name: {{ .Release.Name }}-logs-agent - namespace: {{ .Release.Namespace }} - labels: -{{ include "stackstate-k8s-agent.labels" . | indent 4 }} - app.kubernetes.io/component: logs-agent -{{- with .Values.logsAgent.serviceaccount.annotations }} - annotations: - {{- toYaml . | nindent 4 }} -{{- end }} -{{- end -}} diff --git a/charts/stackstate/stackstate-k8s-agent/1.0.68/templates/node-agent-clusterrole.yaml b/charts/stackstate/stackstate-k8s-agent/1.0.68/templates/node-agent-clusterrole.yaml deleted file mode 100644 index 11a53c6ed..000000000 --- a/charts/stackstate/stackstate-k8s-agent/1.0.68/templates/node-agent-clusterrole.yaml +++ /dev/null @@ -1,18 +0,0 @@ -apiVersion: rbac.authorization.k8s.io/v1 -kind: ClusterRole -metadata: - name: {{ .Release.Name }}-node-agent - labels: -{{ include "stackstate-k8s-agent.labels" . | indent 4 }} - app.kubernetes.io/component: node-agent -rules: -- apiGroups: # Kubelet connectivity - - "" - resources: - - nodes/metrics - - nodes/proxy - - nodes/spec - - endpoints - verbs: - - get - - list diff --git a/charts/stackstate/stackstate-k8s-agent/1.0.68/templates/node-agent-clusterrolebinding.yaml b/charts/stackstate/stackstate-k8s-agent/1.0.68/templates/node-agent-clusterrolebinding.yaml deleted file mode 100644 index 8a33cb0bc..000000000 --- a/charts/stackstate/stackstate-k8s-agent/1.0.68/templates/node-agent-clusterrolebinding.yaml +++ /dev/null @@ -1,16 +0,0 @@ -apiVersion: rbac.authorization.k8s.io/v1 -kind: ClusterRoleBinding -metadata: - name: {{ .Release.Name }}-node-agent - labels: -{{ include "stackstate-k8s-agent.labels" . | indent 4 }} - app.kubernetes.io/component: node-agent -roleRef: - apiGroup: rbac.authorization.k8s.io - kind: ClusterRole - name: {{ .Release.Name }}-node-agent -subjects: -- apiGroup: "" - kind: ServiceAccount - name: {{ .Release.Name }}-node-agent - namespace: {{ .Release.Namespace }} diff --git a/charts/stackstate/stackstate-k8s-agent/1.0.68/templates/node-agent-configmap.yaml b/charts/stackstate/stackstate-k8s-agent/1.0.68/templates/node-agent-configmap.yaml deleted file mode 100644 index 8fdd99258..000000000 --- a/charts/stackstate/stackstate-k8s-agent/1.0.68/templates/node-agent-configmap.yaml +++ /dev/null @@ -1,14 +0,0 @@ -{{- if .Values.nodeAgent.config.override }} -apiVersion: v1 -kind: ConfigMap -metadata: - name: {{ .Release.Name }}-node-agent - labels: -{{ include "stackstate-k8s-agent.labels" . | indent 4 }} - app.kubernetes.io/component: node-agent -data: -{{- range .Values.nodeAgent.config.override }} - {{ .path | replace "/" "_"}}_{{ .name }}: | -{{ .data | indent 4 -}} -{{- end -}} -{{- end -}} diff --git a/charts/stackstate/stackstate-k8s-agent/1.0.68/templates/node-agent-daemonset.yaml b/charts/stackstate/stackstate-k8s-agent/1.0.68/templates/node-agent-daemonset.yaml deleted file mode 100644 index dd47d1a9e..000000000 --- a/charts/stackstate/stackstate-k8s-agent/1.0.68/templates/node-agent-daemonset.yaml +++ /dev/null @@ -1,105 +0,0 @@ ---- -apiVersion: apps/v1 -kind: DaemonSet -metadata: - name: {{ .Release.Name }}-node-agent - namespace: {{ .Release.Namespace }} - labels: -{{ include "stackstate-k8s-agent.labels" . | indent 4 }} - app.kubernetes.io/component: node-agent -spec: - selector: - matchLabels: - app.kubernetes.io/component: node-agent - app.kubernetes.io/instance: {{ .Release.Name }} - app.kubernetes.io/name: {{ include "stackstate-k8s-agent.name" . }} -{{- with .Values.nodeAgent.updateStrategy }} - updateStrategy: - {{- toYaml . | nindent 4 }} -{{- end }} - template: - metadata: - annotations: - {{- include "stackstate-k8s-agent.checksum-configs" . | nindent 8 }} - {{- include "stackstate-k8s-agent.nodeAgent.configmap.override.checksum" . | nindent 8 }} - labels: - app.kubernetes.io/component: node-agent - app.kubernetes.io/instance: {{ .Release.Name }} - app.kubernetes.io/name: {{ include "stackstate-k8s-agent.name" . }} - spec: - {{- include "stackstate-k8s-agent.image.pullSecrets" (dict "images" (list .Values.nodeAgent.containers.agent.image .Values.all.image) "context" $) | nindent 6 }} - {{- if .Values.all.hardening.enabled}} - terminationGracePeriodSeconds: 240 - {{- end }} - containers: - {{- include "container-agent" . | nindent 6 }} - {{- if .Values.nodeAgent.containers.processAgent.enabled }} - {{- include "container-process-agent" . | nindent 6 }} - {{- end }} - dnsPolicy: ClusterFirstWithHostNet - hostNetwork: true - hostPID: true - {{- if .Values.nodeAgent.priorityClassName }} - priorityClassName: {{ .Values.nodeAgent.priorityClassName }} - {{- end }} - serviceAccountName: {{ .Release.Name }}-node-agent - nodeSelector: - {{ template "label.os" . }}: {{ .Values.targetSystem }} - {{- with .Values.nodeAgent.nodeSelector }} - {{- toYaml . | nindent 8 }} - {{- end }} - {{- with .Values.nodeAgent.affinity }} - affinity: - {{- toYaml . | nindent 8 }} - {{- end }} - {{- with .Values.nodeAgent.tolerations }} - tolerations: - {{- toYaml . | nindent 8 }} - {{- end }} - volumes: - {{- if .Values.nodeAgent.containerRuntime.customSocketPath }} - - hostPath: - path: {{ .Values.nodeAgent.containerRuntime.customSocketPath }} - name: customcrisocket - {{- end }} - - hostPath: - path: /var/lib/kubelet - name: kubelet - - hostPath: - path: /var/lib/nfs - name: nfs - - hostPath: - path: /var/lib/docker/overlay2 - name: dockeroverlay2 - - hostPath: - path: /run/docker/netns - name: dockernetns - - hostPath: - path: /var/run/crio/crio.sock - name: crisocket - - hostPath: - path: /var/run/containerd/containerd.sock - name: containerdsocket - - hostPath: - path: /sys/kernel/debug - name: sys-kernel-debug - - hostPath: - path: /var/run/docker.sock - name: dockersocket - - hostPath: - path: {{ .Values.nodeAgent.containerRuntime.hostProc }} - name: procdir - - hostPath: - path: /etc - name: etcdir - - hostPath: - path: /etc/passwd - name: passwd - - hostPath: - path: /sys/fs/cgroup - name: cgroups - {{- if .Values.nodeAgent.config.override }} - - name: config-override-volume - configMap: - name: {{ .Release.Name }}-node-agent - {{- end }} diff --git a/charts/stackstate/stackstate-k8s-agent/1.0.68/templates/node-agent-podautoscaler.yaml b/charts/stackstate/stackstate-k8s-agent/1.0.68/templates/node-agent-podautoscaler.yaml deleted file mode 100644 index f3de625e9..000000000 --- a/charts/stackstate/stackstate-k8s-agent/1.0.68/templates/node-agent-podautoscaler.yaml +++ /dev/null @@ -1,35 +0,0 @@ ---- -{{- if .Values.nodeAgent.autoScalingEnabled }} -apiVersion: "autoscaling.k8s.io/v1" -kind: VerticalPodAutoscaler -metadata: - name: {{ .Release.Name }}-node-agent-vpa - namespace: {{ .Release.Namespace }} -spec: - targetRef: - apiVersion: "apps/v1" - kind: DaemonSet - name: {{ .Release.Name }}-node-agent - resourcePolicy: - containerPolicies: - - containerName: 'node-agent' - minAllowed: - cpu: {{ .Values.nodeAgent.scaling.autoscalerLimits.agent.minimum.cpu }} - memory: {{ .Values.nodeAgent.scaling.autoscalerLimits.agent.minimum.memory }} - maxAllowed: - cpu: {{ .Values.nodeAgent.scaling.autoscalerLimits.agent.maximum.cpu }} - memory: {{ .Values.nodeAgent.scaling.autoscalerLimits.agent.maximum.memory }} - controlledResources: ["cpu", "memory"] - controlledValues: RequestsAndLimits - - containerName: 'process-agent' - minAllowed: - cpu: {{ .Values.nodeAgent.scaling.autoscalerLimits.processAgent.minimum.cpu }} - memory: {{ .Values.nodeAgent.scaling.autoscalerLimits.processAgent.minimum.memory }} - maxAllowed: - cpu: {{ .Values.nodeAgent.scaling.autoscalerLimits.processAgent.maximum.cpu }} - memory: {{ .Values.nodeAgent.scaling.autoscalerLimits.processAgent.maximum.memory }} - controlledResources: ["cpu", "memory"] - controlledValues: RequestsAndLimits - updatePolicy: - updateMode: "Auto" -{{- end }} diff --git a/charts/stackstate/stackstate-k8s-agent/1.0.68/templates/node-agent-scc.yaml b/charts/stackstate/stackstate-k8s-agent/1.0.68/templates/node-agent-scc.yaml deleted file mode 100644 index 562a099c7..000000000 --- a/charts/stackstate/stackstate-k8s-agent/1.0.68/templates/node-agent-scc.yaml +++ /dev/null @@ -1,56 +0,0 @@ -{{- if .Values.nodeAgent.scc.enabled }} -allowHostDirVolumePlugin: true -# was true -allowHostIPC: true -# was true -allowHostNetwork: true -# Allow host PID for dogstatsd origin detection -allowHostPID: true -# Allow host ports for dsd / trace / logs intake -allowHostPorts: true -allowPrivilegeEscalation: true -# was true -allowPrivilegedContainer: true -# was - '*' -allowedCapabilities: [] -allowedUnsafeSysctls: -- '*' -apiVersion: security.openshift.io/v1 -defaultAddCapabilities: null -fsGroup: -# was RunAsAny - type: MustRunAs -groups: [] -kind: SecurityContextConstraints -metadata: - name: {{ .Release.Name }}-node-agent - namespace: {{ .Release.Namespace }} -priority: null -readOnlyRootFilesystem: false -requiredDropCapabilities: null -# was RunAsAny -runAsUser: - type: MustRunAsRange -# Use the `spc_t` selinux type to access the -# docker socket + proc and cgroup stats -seLinuxContext: - type: RunAsAny - seLinuxOptions: - user: "system_u" - role: "system_r" - type: "spc_t" - level: "s0" -# was - '*' -seccompProfiles: [] -supplementalGroups: - type: RunAsAny -users: -- system:serviceaccount:{{ .Release.Namespace }}:{{ .Release.Name }}-node-agent -# Allow hostPath for docker / process metrics -volumes: - - configMap - - downwardAPI - - emptyDir - - hostPath - - secret -{{- end }} diff --git a/charts/stackstate/stackstate-k8s-agent/1.0.68/templates/node-agent-service.yaml b/charts/stackstate/stackstate-k8s-agent/1.0.68/templates/node-agent-service.yaml deleted file mode 100644 index ad5ad71ce..000000000 --- a/charts/stackstate/stackstate-k8s-agent/1.0.68/templates/node-agent-service.yaml +++ /dev/null @@ -1,26 +0,0 @@ -apiVersion: v1 -kind: Service -metadata: - name: {{ .Release.Name }}-node-agent - namespace: {{ .Release.Namespace }} - labels: -{{ include "stackstate-k8s-agent.labels" . | indent 4 }} - app.kubernetes.io/component: node-agent -{{- with .Values.nodeAgent.service.annotations }} - annotations: - {{- toYaml . | nindent 4 }} -{{- end }} -spec: - type: {{ .Values.nodeAgent.service.type }} -{{- if eq .Values.nodeAgent.service.type "LoadBalancer" }} - loadBalancerSourceRanges: {{ toYaml .Values.nodeAgent.service.loadBalancerSourceRanges | nindent 4}} -{{- end }} - ports: - - name: traceport - port: 8126 - protocol: TCP - targetPort: 8126 - selector: - app.kubernetes.io/component: node-agent - app.kubernetes.io/instance: {{ .Release.Name }} - app.kubernetes.io/name: {{ include "stackstate-k8s-agent.name" . }} diff --git a/charts/stackstate/stackstate-k8s-agent/1.0.68/templates/node-agent-serviceaccount.yaml b/charts/stackstate/stackstate-k8s-agent/1.0.68/templates/node-agent-serviceaccount.yaml deleted file mode 100644 index 935fa9674..000000000 --- a/charts/stackstate/stackstate-k8s-agent/1.0.68/templates/node-agent-serviceaccount.yaml +++ /dev/null @@ -1,12 +0,0 @@ -apiVersion: v1 -kind: ServiceAccount -metadata: - name: {{ .Release.Name }}-node-agent - namespace: {{ .Release.Namespace }} - labels: -{{ include "stackstate-k8s-agent.labels" . | indent 4 }} - app.kubernetes.io/component: node-agent -{{- with .Values.nodeAgent.serviceaccount.annotations }} - annotations: - {{- toYaml . | nindent 4 }} -{{- end }} diff --git a/charts/stackstate/stackstate-k8s-agent/1.0.68/templates/openshift-logging-secret.yaml b/charts/stackstate/stackstate-k8s-agent/1.0.68/templates/openshift-logging-secret.yaml deleted file mode 100644 index df813afe2..000000000 --- a/charts/stackstate/stackstate-k8s-agent/1.0.68/templates/openshift-logging-secret.yaml +++ /dev/null @@ -1,17 +0,0 @@ -{{- if .Values.openShiftLogging.installSecret }} -apiVersion: v1 -kind: Secret -metadata: - name: {{ include "stackstate-k8s-agent.fullname" . }}-logging-secret - namespace: openshift-logging - labels: -{{ include "stackstate-k8s-agent.labels" . | indent 4 }} -type: Opaque -data: - username: {{ "apikey" | b64enc | quote }} -{{- if .Values.global.receiverApiKey }} - password: {{ .Values.global.receiverApiKey | b64enc | quote }} -{{- else }} - password: {{ .Values.stackstate.apiKey | b64enc | quote }} -{{- end }} -{{- end }} diff --git a/charts/stackstate/stackstate-k8s-agent/1.0.68/templates/pull-secret.yaml b/charts/stackstate/stackstate-k8s-agent/1.0.68/templates/pull-secret.yaml deleted file mode 100644 index 441a42a15..000000000 --- a/charts/stackstate/stackstate-k8s-agent/1.0.68/templates/pull-secret.yaml +++ /dev/null @@ -1,35 +0,0 @@ -{{- $defaultRegistry := .Values.global.imageRegistry }} -{{- $top := . }} -{{- $registryAuthMap := dict }} - -{{- range $registry, $credentials := .Values.global.imagePullCredentials }} - {{- $registryAuthDocument := dict -}} - {{- $_ := set $registryAuthDocument "username" $credentials.username }} - {{- $_ := set $registryAuthDocument "password" $credentials.password }} - {{- $authMessage := printf "%s:%s" $registryAuthDocument.username $registryAuthDocument.password | b64enc }} - {{- $_ := set $registryAuthDocument "auth" $authMessage }} - {{- if eq $registry "default" }} - {{- $registryAuthMap := set $registryAuthMap (include "stackstate-k8s-agent.imageRegistry" $top) $registryAuthDocument }} - {{ else }} - {{- $registryAuthMap := set $registryAuthMap $registry $registryAuthDocument }} - {{- end }} -{{- end }} - -{{- if .Values.all.image.pullSecretUsername }} - {{- $registryAuthDocument := dict -}} - {{- $_ := set $registryAuthDocument "username" .Values.all.image.pullSecretUsername }} - {{- $_ := set $registryAuthDocument "password" .Values.all.image.pullSecretPassword }} - {{- $authMessage := printf "%s:%s" $registryAuthDocument.username $registryAuthDocument.password | b64enc }} - {{- $_ := set $registryAuthDocument "auth" $authMessage }} - {{- $registryAuthMap := set $registryAuthMap (include "stackstate-k8s-agent.imageRegistry" $top) $registryAuthDocument }} -{{- end }} - -{{- $dockerAuthsDocuments := dict "auths" $registryAuthMap }} - -apiVersion: v1 -kind: Secret -metadata: - name: {{ include "stackstate-k8s-agent.pull-secret.name" . }} -data: - .dockerconfigjson: {{ $dockerAuthsDocuments | toJson | b64enc | quote }} -type: kubernetes.io/dockerconfigjson diff --git a/charts/stackstate/stackstate-k8s-agent/1.0.68/templates/secret.yaml b/charts/stackstate/stackstate-k8s-agent/1.0.68/templates/secret.yaml deleted file mode 100644 index 31057ccf3..000000000 --- a/charts/stackstate/stackstate-k8s-agent/1.0.68/templates/secret.yaml +++ /dev/null @@ -1,22 +0,0 @@ -apiVersion: v1 -kind: Secret -metadata: - name: {{ include "stackstate-k8s-agent.fullname" . }} - namespace: {{ .Release.Namespace }} - labels: -{{ include "stackstate-k8s-agent.labels" . | indent 4 }} -type: Opaque -data: -{{- if .Values.global.receiverApiKey }} - sts-api-key: {{ .Values.global.receiverApiKey | b64enc | quote }} -{{- else }} - sts-api-key: {{ .Values.stackstate.apiKey | b64enc | quote }} -{{- end }} -{{- if .Values.stackstate.cluster.authToken }} - sts-cluster-auth-token: {{ .Values.stackstate.cluster.authToken | b64enc | quote }} -{{- else }} - sts-cluster-auth-token: {{ randAlphaNum 32 | b64enc | quote }} -{{- end }} -{{- range $key, $value := .Values.global.extraEnv.secret }} - {{ $key }}: {{ $value | b64enc | quote }} -{{- end }} diff --git a/charts/stackstate/stackstate-k8s-agent/1.0.68/test/clusteragent_resources_test.go b/charts/stackstate/stackstate-k8s-agent/1.0.68/test/clusteragent_resources_test.go deleted file mode 100644 index 25875e871..000000000 --- a/charts/stackstate/stackstate-k8s-agent/1.0.68/test/clusteragent_resources_test.go +++ /dev/null @@ -1,145 +0,0 @@ -package test - -import ( - "regexp" - "strings" - "testing" - - v1 "k8s.io/api/rbac/v1" - - "github.com/stretchr/testify/assert" - "gitlab.com/StackVista/DevOps/helm-charts/helmtestutil" -) - -var requiredRules = []string{ - "events+get,list,watch", - "nodes+get,list,watch", - "pods+get,list,watch", - "services+get,list,watch", - "configmaps+create,get,patch,update", -} - -var optionalRules = []string{ - "namespaces+get,list,watch", - "componentstatuses+get,list,watch", - "configmaps+list,watch", // get is already required - "endpoints+get,list,watch", - "persistentvolumeclaims+get,list,watch", - "persistentvolumes+get,list,watch", - "secrets+get,list,watch", - "apps/daemonsets+get,list,watch", - "apps/deployments+get,list,watch", - "apps/replicasets+get,list,watch", - "apps/statefulsets+get,list,watch", - "extensions/ingresses+get,list,watch", - "batch/cronjobs+get,list,watch", - "batch/jobs+get,list,watch", -} - -var roleDescriptionRegexp = regexp.MustCompile(`^((?P\w+)/)?(?P\w+)\+(?P[\w,]+)`) - -type Rule struct { - Group string - ResourceName string - Verb string -} - -func assertRuleExistence(t *testing.T, rules []v1.PolicyRule, roleDescription string, shouldBePresent bool) { - match := roleDescriptionRegexp.FindStringSubmatch(roleDescription) - assert.NotNil(t, match) - - var roleRules []Rule - for _, rule := range rules { - for _, group := range rule.APIGroups { - for _, resource := range rule.Resources { - for _, verb := range rule.Verbs { - roleRules = append(roleRules, Rule{group, resource, verb}) - } - } - } - } - - resGroup := match[roleDescriptionRegexp.SubexpIndex("group")] - resName := match[roleDescriptionRegexp.SubexpIndex("name")] - verbs := strings.Split(match[roleDescriptionRegexp.SubexpIndex("verbs")], ",") - - for _, verb := range verbs { - requiredRule := Rule{resGroup, resName, verb} - found := false - for _, rule := range roleRules { - if rule == requiredRule { - found = true - break - } - } - if shouldBePresent { - assert.Truef(t, found, "Rule %v has not been found", requiredRule) - } else { - assert.Falsef(t, found, "Rule %v should not be present", requiredRule) - } - } -} - -func TestAllResourcesAreEnabled(t *testing.T) { - output := helmtestutil.RenderHelmTemplate(t, "stackstate-k8s-agent", "values/minimal.yaml") - resources := helmtestutil.NewKubernetesResources(t, output) - - assert.Contains(t, resources.ClusterRoles, "stackstate-k8s-agent") - assert.Contains(t, resources.Roles, "stackstate-k8s-agent") - rules := resources.ClusterRoles["stackstate-k8s-agent"].Rules - rules = append(rules, resources.Roles["stackstate-k8s-agent"].Rules...) - - for _, requiredRole := range requiredRules { - assertRuleExistence(t, rules, requiredRole, true) - } - // be default, everything is enabled, so all the optional roles should be present as well - for _, optionalRule := range optionalRules { - assertRuleExistence(t, rules, optionalRule, true) - } -} - -func TestMostOfResourcesAreDisabled(t *testing.T) { - output := helmtestutil.RenderHelmTemplate(t, "stackstate-k8s-agent", "values/minimal.yaml", "values/disable-all-resource.yaml") - resources := helmtestutil.NewKubernetesResources(t, output) - - assert.Contains(t, resources.ClusterRoles, "stackstate-k8s-agent") - assert.Contains(t, resources.Roles, "stackstate-k8s-agent") - rules := resources.ClusterRoles["stackstate-k8s-agent"].Rules - rules = append(rules, resources.Roles["stackstate-k8s-agent"].Rules...) - - for _, requiredRole := range requiredRules { - assertRuleExistence(t, rules, requiredRole, true) - } - - // we expect all optional resources to be removed from ClusterRole with the given values - for _, optionalRule := range optionalRules { - assertRuleExistence(t, rules, optionalRule, false) - } -} - -func TestNoClusterWideModificationRights(t *testing.T) { - output := helmtestutil.RenderHelmTemplate(t, "stackstate-k8s-agent", "values/minimal.yaml", "values/http-header-injector.yaml") - resources := helmtestutil.NewKubernetesResources(t, output) - assert.Contains(t, resources.ClusterRoles, "stackstate-k8s-agent") - illegalVerbs := []string{"create", "patch", "update", "delete"} - - for _, clusterRole := range resources.ClusterRoles { - for _, rule := range clusterRole.Rules { - for _, verb := range rule.Verbs { - assert.NotContains(t, illegalVerbs, verb, "ClusterRole %s should not have %s verb for %s resource", clusterRole.Name, verb, rule.Resources) - } - } - } -} - -func TestServicePortChange(t *testing.T) { - output := helmtestutil.RenderHelmTemplate(t, "stackstate-k8s-agent", "values/minimal.yaml", "values/clustercheck_service_port_override.yaml") - resources := helmtestutil.NewKubernetesResources(t, output) - - cluster_agent_service := resources.Services["stackstate-k8s-agent-cluster-agent"] - - port := cluster_agent_service.Spec.Ports[0] - assert.Equal(t, port.Name, "clusteragent") - assert.Equal(t, port.Port, int32(8008)) - assert.Equal(t, port.TargetPort.IntVal, int32(9009)) -} diff --git a/charts/stackstate/stackstate-k8s-agent/1.0.68/test/clustername_test.go b/charts/stackstate/stackstate-k8s-agent/1.0.68/test/clustername_test.go deleted file mode 100644 index 55090b995..000000000 --- a/charts/stackstate/stackstate-k8s-agent/1.0.68/test/clustername_test.go +++ /dev/null @@ -1,54 +0,0 @@ -package test - -import ( - "testing" - - "github.com/gruntwork-io/terratest/modules/helm" - "github.com/stretchr/testify/assert" - - "gitlab.com/StackVista/DevOps/helm-charts/helmtestutil" -) - -func TestHelmBasicRender(t *testing.T) { - output := helmtestutil.RenderHelmTemplate(t, "stackstate-k8s-agent", "values/minimal.yaml") - - // Parse all resources into their corresponding types for validation and further inspection - helmtestutil.NewKubernetesResources(t, output) -} - -func TestClusterNameValidation(t *testing.T) { - testCases := []struct { - Name string - ClusterName string - IsValid bool - }{ - {"not allowed end with special character [.]", "name.", false}, - {"not allowed end with special character [-]", "name.", false}, - {"not allowed start with special character [-]", "-name", false}, - {"not allowed start with special character [.]", ".name", false}, - {"upper case is not allowed", "Euwest1-prod.cool-company.com", false}, - {"upper case is not allowed", "euwest1-PROD.cool-company.com", false}, - {"upper case is not allowed", "euwest1-prod.cool-company.coM", false}, - {"dots and dashes are allowed in the middle", "euwest1-prod.cool-company.com", true}, - {"underscore is not allowed", "why_7", false}, - } - - for _, testCase := range testCases { - t.Run(testCase.Name, func(t *testing.T) { - output, err := helmtestutil.RenderHelmTemplateOpts( - t, "cluster-agent", - &helm.Options{ - ValuesFiles: []string{"values/minimal.yaml"}, - SetStrValues: map[string]string{ - "stackstate.cluster.name": testCase.ClusterName, - }, - }) - if testCase.IsValid { - assert.Nil(t, err) - } else { - assert.NotNil(t, err) - assert.Contains(t, output, "stackstate.cluster.name: Does not match pattern") - } - }) - } -} diff --git a/charts/stackstate/stackstate-k8s-agent/1.0.68/test/values/clustercheck_ksm_custom_url.yaml b/charts/stackstate/stackstate-k8s-agent/1.0.68/test/values/clustercheck_ksm_custom_url.yaml deleted file mode 100644 index 57b973eed..000000000 --- a/charts/stackstate/stackstate-k8s-agent/1.0.68/test/values/clustercheck_ksm_custom_url.yaml +++ /dev/null @@ -1,7 +0,0 @@ -checksAgent: - enabled: true - kubeStateMetrics: - url: http://my-custom-ksm-url.monitoring.svc.local:8080/metrics -dependencies: - kubeStateMetrics: - enabled: true diff --git a/charts/stackstate/stackstate-k8s-agent/1.0.68/test/values/clustercheck_ksm_no_override.yaml b/charts/stackstate/stackstate-k8s-agent/1.0.68/test/values/clustercheck_ksm_no_override.yaml deleted file mode 100644 index b6c817d47..000000000 --- a/charts/stackstate/stackstate-k8s-agent/1.0.68/test/values/clustercheck_ksm_no_override.yaml +++ /dev/null @@ -1,5 +0,0 @@ -checksAgent: - enabled: true -dependencies: - kubeStateMetrics: - enabled: true diff --git a/charts/stackstate/stackstate-k8s-agent/1.0.68/test/values/clustercheck_ksm_override.yaml b/charts/stackstate/stackstate-k8s-agent/1.0.68/test/values/clustercheck_ksm_override.yaml deleted file mode 100644 index 9ca201345..000000000 --- a/charts/stackstate/stackstate-k8s-agent/1.0.68/test/values/clustercheck_ksm_override.yaml +++ /dev/null @@ -1,26 +0,0 @@ -checksAgent: - enabled: true -dependencies: - kubeStateMetrics: - enabled: true -agent: - config: - override: -# agent.config.override -- Disables kubernetes_state check on regular agent pods. - - name: auto_conf.yaml - path: /etc/stackstate-agent/conf.d/kubernetes_state.d - data: | -clusterAgent: - config: - override: -# clusterAgent.config.override -- Defines kubernetes_state check for clusterchecks agents. Auto-discovery -# with ad_identifiers does not work here. Use a specific URL instead. - - name: conf.yaml - path: /etc/stackstate-agent/conf.d/kubernetes_state.d - data: | - cluster_check: true - - init_config: - - instances: - - kube_state_url: http://YOUR_KUBE_STATE_METRICS_SERVICE_NAME:8080/metrics diff --git a/charts/stackstate/stackstate-k8s-agent/1.0.68/test/values/clustercheck_no_ksm_custom_url.yaml b/charts/stackstate/stackstate-k8s-agent/1.0.68/test/values/clustercheck_no_ksm_custom_url.yaml deleted file mode 100644 index a62691878..000000000 --- a/charts/stackstate/stackstate-k8s-agent/1.0.68/test/values/clustercheck_no_ksm_custom_url.yaml +++ /dev/null @@ -1,7 +0,0 @@ -checksAgent: - enabled: true - kubeStateMetrics: - url: http://my-custom-ksm-url.monitoring.svc.local:8080/metrics -dependencies: - kubeStateMetrics: - enabled: false diff --git a/charts/stackstate/stackstate-k8s-agent/1.0.68/test/values/clustercheck_service_port_override.yaml b/charts/stackstate/stackstate-k8s-agent/1.0.68/test/values/clustercheck_service_port_override.yaml deleted file mode 100644 index c01a98fcb..000000000 --- a/charts/stackstate/stackstate-k8s-agent/1.0.68/test/values/clustercheck_service_port_override.yaml +++ /dev/null @@ -1,4 +0,0 @@ -clusterAgent: - service: - port: 8008 - targetPort: 9009 diff --git a/charts/stackstate/stackstate-k8s-agent/1.0.68/test/values/disable-all-resource.yaml b/charts/stackstate/stackstate-k8s-agent/1.0.68/test/values/disable-all-resource.yaml deleted file mode 100644 index cd33e843e..000000000 --- a/charts/stackstate/stackstate-k8s-agent/1.0.68/test/values/disable-all-resource.yaml +++ /dev/null @@ -1,17 +0,0 @@ -clusterAgent: - collection: - kubernetesMetrics: false - kubernetesResources: - namespaces: false - configmaps: false - endpoints: false - persistentvolumes: false - persistentvolumeclaims: false - secrets: false - daemonsets: false - deployments: false - replicasets: false - statefulsets: false - ingresses: false - cronjobs: false - jobs: false diff --git a/charts/stackstate/stackstate-k8s-agent/1.0.68/test/values/http-header-injector.yaml b/charts/stackstate/stackstate-k8s-agent/1.0.68/test/values/http-header-injector.yaml deleted file mode 100644 index c9392ce2d..000000000 --- a/charts/stackstate/stackstate-k8s-agent/1.0.68/test/values/http-header-injector.yaml +++ /dev/null @@ -1,8 +0,0 @@ -httpHeaderInjectorWebhook: - webhook: - tls: - mode: "provided" - provided: - caBundle: insert-ca-here - crt: insert-cert-here - key: insert-key-here diff --git a/charts/stackstate/stackstate-k8s-agent/1.0.68/test/values/minimal.yaml b/charts/stackstate/stackstate-k8s-agent/1.0.68/test/values/minimal.yaml deleted file mode 100644 index b310c9a09..000000000 --- a/charts/stackstate/stackstate-k8s-agent/1.0.68/test/values/minimal.yaml +++ /dev/null @@ -1,7 +0,0 @@ -stackstate: - apiKey: foobar - cluster: - name: some-k8s-cluster - token: some-token - - url: https://stackstate:7000/receiver diff --git a/charts/stackstate/stackstate-k8s-agent/1.0.68/values.schema.json b/charts/stackstate/stackstate-k8s-agent/1.0.68/values.schema.json deleted file mode 100644 index 2b977af3d..000000000 --- a/charts/stackstate/stackstate-k8s-agent/1.0.68/values.schema.json +++ /dev/null @@ -1,79 +0,0 @@ -{ - "$schema": "https://json-schema.org/draft/2019-09/schema", - "$id": "https://stackstate.io/example.json", - "type": "object", - "default": {}, - "title": "StackState Agent Helm chart values", - "required": [ - "stackstate", - "clusterAgent" - ], - "properties": { - "stackstate": { - "type": "object", - "required": [ - "apiKey", - "cluster", - "url" - ], - "properties": { - "apiKey": { - "type": "string" - }, - "cluster": { - "type": "object", - "required": ["name"], - "properties": { - "name": { - "type": "string", - "pattern": "^[a-z0-9]([a-z0-9\\-\\.]*[a-z0-9])$" - }, - "authToken": { - "type": "string" - } - } - }, - "url": { - "type": "string" - } - } - }, - "clusterAgent": { - "type": "object", - "required": [ - "config" - ], - "properties": { - "config": { - "type": "object", - "required": [ - "events" - ], - "properties": { - "events": { - "type": "object", - "properties": { - "categories": { - "type": "object", - "patternProperties": { - ".*": { - "type": [ - "string" - ], - "enum": [ - "Alerts", - "Activities", - "Changes", - "Others" - ] - } - } - } - } - } - } - } - } - } - } -} diff --git a/charts/stackstate/stackstate-k8s-agent/1.0.68/values.yaml b/charts/stackstate/stackstate-k8s-agent/1.0.68/values.yaml deleted file mode 100644 index adf35c32c..000000000 --- a/charts/stackstate/stackstate-k8s-agent/1.0.68/values.yaml +++ /dev/null @@ -1,582 +0,0 @@ -##################### -# General variables # -##################### - -global: - extraEnv: - # global.extraEnv.open -- Extra open environment variables to inject into pods. - open: {} - # global.extraEnv.secret -- Extra secret environment variables to inject into pods via a `Secret` object. - secret: {} - # global.imagePullSecrets -- Secrets / credentials needed for container image registry. - imagePullSecrets: [] - # global.imagePullCredentials -- Globally define credentials for pulling images. - imagePullCredentials: {} - -# nameOverride -- Override the name of the chart. -nameOverride: "" -# fullnameOverride -- Override the fullname of the chart. -fullnameOverride: "" - -# targetSystem -- Target OS for this deployment (possible values: linux) -targetSystem: "linux" - -all: - image: - # all.image.registry -- The image registry to use. - registry: "quay.io" - hardening: - # all.hardening.enabled -- An indication of whether the containers will be evaluated for hardening at runtime - enabled: false - -nodeAgent: - # nodeAgent.autoScalingEnabled -- Enable / disable autoscaling for the node agent pods. - autoScalingEnabled: false - containerRuntime: - # nodeAgent.containerRuntime.customSocketPath -- If the container socket path does not match the default for CRI-O, Containerd or Docker, supply a custom socket path. - customSocketPath: "" - # nodeAgent.containerRuntime.customHostProc -- If the container is launched from a place where /proc is mounted differently, /proc can be changed - hostProc: /proc - - scc: - # nodeAgent.scc.enabled -- Enable / disable the installation of the SecurityContextConfiguration needed for installation on OpenShift. - enabled: false - apm: - # nodeAgent.apm.enabled -- Enable / disable the nodeAgent APM module. - enabled: true - networkTracing: - # nodeAgent.networkTracing.enabled -- Enable / disable the nodeAgent network tracing module. - enabled: true - protocolInspection: - # nodeAgent.protocolInspection.enabled -- Enable / disable the nodeAgent protocol inspection. - enabled: true - httpTracing: - enabled: true - # nodeAgent.skipSslValidation -- Set to true if self signed certificates are used. - skipSslValidation: false - # nodeAgent.skipKubeletTLSVerify -- Set to true if you want to skip kubelet tls verification. - skipKubeletTLSVerify: false - - # nodeAgent.checksTagCardinality -- low, orchestrator or high. Orchestrator level adds pod_name, high adds display_container_name - checksTagCardinality: orchestrator - - # nodeAgent.config -- - config: - # nodeAgent.config.override -- A list of objects containing three keys `name`, `path` and `data`, specifying filenames at specific paths which need to be (potentially) overridden using a mounted configmap - override: [] - - # nodeAgent.priorityClassName -- Priority class for nodeAgent pods. - priorityClassName: "" - - scaling: - autoscalerLimits: - agent: - minimum: - # nodeAgent.scaling.autoscalerLimits.agent.minimum.cpu -- Minimum CPU resource limits for main agent. - cpu: "20m" - # nodeAgent.scaling.autoscalerLimits.agent.minimum.memory -- Minimum memory resource limits for main agent. - memory: "180Mi" - maximum: - # nodeAgent.scaling.autoscalerLimits.agent.maximum.cpu -- Maximum CPU resource limits for main agent. - cpu: "200m" - # nodeAgent.scaling.autoscalerLimits.agent.maximum.memory -- Maximum memory resource limits for main agent. - memory: "450Mi" - processAgent: - minimum: - # nodeAgent.scaling.autoscalerLimits.processAgent.minimum.cpu -- Minimum CPU resource limits for process agent. - cpu: "25m" - # nodeAgent.scaling.autoscalerLimits.processAgent.minimum.memory -- Minimum memory resource limits for process agent. - memory: "100Mi" - maximum: - # nodeAgent.scaling.autoscalerLimits.processAgent.maximum.cpu -- Maximum CPU resource limits for process agent. - cpu: "200m" - # nodeAgent.scaling.autoscalerLimits.processAgent.maximum.memory -- Maximum memory resource limits for process agent. - memory: "500Mi" - - containers: - agent: - image: - # nodeAgent.containers.agent.image.repository -- Base container image repository. - repository: stackstate/stackstate-k8s-agent - # nodeAgent.containers.agent.image.tag -- Default container image tag. - tag: "ac39a29d" - # nodeAgent.containers.agent.image.pullPolicy -- Default container image pull policy. - pullPolicy: IfNotPresent - processAgent: - # nodeAgent.containers.agent.processAgent.enabled -- Enable / disable the agent process agent module. - deprecated - enabled: false - # nodeAgent.containers.agent.env -- Additional environment variables for the agent container - env: {} - # nodeAgent.containers.agent.logLevel -- Set logging verbosity, valid log levels are: trace, debug, info, warn, error, critical, and off - ## If not set, fall back to the value of agent.logLevel. - logLevel: # INFO - - resources: - limits: - # nodeAgent.containers.agent.resources.limits.cpu -- CPU resource limits. - cpu: "270m" - # nodeAgent.containers.agent.resources.limits.cpu -- Memory resource limits. - memory: "420Mi" - requests: - # nodeAgent.containers.agent.resources.requests.cpu -- CPU resource requests. - cpu: "20m" - # nodeAgent.containers.agent.resources.requests.cpu -- Memory resource requests. - memory: "180Mi" - livenessProbe: - # nodeAgent.containers.agent.livenessProbe.enabled -- Enable use of livenessProbe check. - enabled: true - # nodeAgent.containers.agent.livenessProbe.failureThreshold -- `failureThreshold` for the liveness probe. - failureThreshold: 3 - # nodeAgent.containers.agent.livenessProbe.initialDelaySeconds -- `initialDelaySeconds` for the liveness probe. - initialDelaySeconds: 15 - # nodeAgent.containers.agent.livenessProbe.periodSeconds -- `periodSeconds` for the liveness probe. - periodSeconds: 15 - # nodeAgent.containers.agent.livenessProbe.successThreshold -- `successThreshold` for the liveness probe. - successThreshold: 1 - # nodeAgent.containers.agent.livenessProbe.timeoutSeconds -- `timeoutSeconds` for the liveness probe. - timeoutSeconds: 5 - readinessProbe: - # nodeAgent.containers.agent.readinessProbe.enabled -- Enable use of readinessProbe check. - enabled: true - # nodeAgent.containers.agent.readinessProbe.failureThreshold -- `failureThreshold` for the readiness probe. - failureThreshold: 3 - # nodeAgent.containers.agent.readinessProbe.initialDelaySeconds -- `initialDelaySeconds` for the readiness probe. - initialDelaySeconds: 15 - # nodeAgent.containers.agent.readinessProbe.periodSeconds -- `periodSeconds` for the readiness probe. - periodSeconds: 15 - # nodeAgent.containers.agent.readinessProbe.successThreshold -- `successThreshold` for the readiness probe. - successThreshold: 1 - # nodeAgent.containers.agent.readinessProbe.timeoutSeconds -- `timeoutSeconds` for the readiness probe. - timeoutSeconds: 5 - - processAgent: - # nodeAgent.containers.processAgent.enabled -- Enable / disable the process agent container. - enabled: true - image: - # Override to pull the image from an alternate registry - registry: - # nodeAgent.containers.processAgent.image.repository -- Process-agent container image repository. - repository: stackstate/stackstate-k8s-process-agent - # nodeAgent.containers.processAgent.image.tag -- Default process-agent container image tag. - tag: "718e9ab3" - # nodeAgent.containers.processAgent.image.pullPolicy -- Process-agent container image pull policy. - pullPolicy: IfNotPresent - # nodeAgent.containers.processAgent.env -- Additional environment variables for the process-agent container - env: {} - # nodeAgent.containers.processAgent.logLevel -- Set logging verbosity, valid log levels are: trace, debug, info, warn, error, critical, and off - ## If not set, fall back to the value of agent.logLevel. - logLevel: # INFO - - # nodeAgent.containers.processAgent.procVolumeReadOnly -- Configure whether /host/proc is read only for the process agent container - procVolumeReadOnly: true - - resources: - limits: - # nodeAgent.containers.processAgent.resources.limits.cpu -- CPU resource limits. - cpu: "125m" - # nodeAgent.containers.processAgent.resources.limits.cpu -- Memory resource limits. - memory: "400Mi" - requests: - # nodeAgent.containers.processAgent.resources.requests.cpu -- CPU resource requests. - cpu: "25m" - # nodeAgent.containers.processAgent.resources.requests.cpu -- Memory resource requests. - memory: "128Mi" - # nodeAgent.service -- The Kubernetes service for the agent - service: - # nodeAgent.service.type -- Type of Kubernetes service: ClusterIP, LoadBalancer, NodePort - type: ClusterIP - # nodeAgent.service.annotations -- Annotations for the service - annotations: {} - # nodeAgent.service.loadBalancerSourceRanges -- The IP4 CIDR allowed to reach LoadBalancer for the service. For LoadBalancer type of service only. - loadBalancerSourceRanges: ["10.0.0.0/8"] - - # nodeAgent.logLevel -- Logging level for agent processes. - logLevel: INFO - - # nodeAgent.updateStrategy -- The update strategy for the DaemonSet object. - updateStrategy: - type: RollingUpdate - rollingUpdate: - maxUnavailable: 100 - - # nodeAgent.nodeSelector -- Node labels for pod assignment. - nodeSelector: {} - - # nodeAgent.tolerations -- Toleration labels for pod assignment. - tolerations: [] - - # nodeAgent.affinity -- Affinity settings for pod assignment. - affinity: {} - - serviceaccount: - # nodeAgent.serviceaccount.annotations -- Annotations for the service account for the agent daemonset pods - annotations: {} - -processAgent: - softMemoryLimit: - # processAgent.softMemoryLimit.goMemLimit -- Soft-limit for golang heap allocation, for sanity, must be around 85% of nodeAgent.containers.processAgent.resources.limits.cpu. - goMemLimit: 340MiB - # processAgent.softMemoryLimit.httpStatsBufferSize -- Sets a maximum for the number of http stats to keep in memory between check runs, to use 40k requires around ~400Mib of memory. - httpStatsBufferSize: 40000 - # processAgent.softMemoryLimit.httpObservationsBufferSize -- Sets a maximum for the number of http observations to keep in memory between check runs, to use 40k requires around ~400Mib of memory. - httpObservationsBufferSize: 40000 - - checkIntervals: - # processAgent.checkIntervals.container -- Override the default value of the container check interval in seconds. - container: 28 - # processAgent.checkIntervals.connections -- Override the default value of the connections check interval in seconds. - connections: 30 - # processAgent.checkIntervals.process -- Override the default value of the process check interval in seconds. - process: 32 - -clusterAgent: - collection: - # clusterAgent.collection.kubernetesEvents -- Enable / disable the cluster agent events collection. - kubernetesEvents: true - # clusterAgent.collection.kubernetesMetrics -- Enable / disable the cluster agent metrics collection. - kubernetesMetrics: true - # clusterAgent.collection.kubernetesTimeout -- Default timeout (in seconds) when obtaining information from the Kubernetes API. - kubernetesTimeout: 10 - # clusterAgent.collection.kubernetesTopology -- Enable / disable the cluster agent topology collection. - kubernetesTopology: true - kubeStateMetrics: - # clusterAgent.collection.kubeStateMetrics.enabled -- Enable / disable the cluster agent kube-state-metrics collection. - enabled: true - # clusterAgent.collection.kubeStateMetrics.clusterCheck -- For large clusters where the Kubernetes State Metrics Check Core needs to be distributed on dedicated workers. - clusterCheck: false - # clusterAgent.collection.kubeStateMetrics.labelsAsTags -- Extra labels to collect from resources and to turn into StackState tag. - ## It has the following structure: - ## labelsAsTags: - ## : # can be pod, deployment, node, etc. - ## : # where is the kubernetes label and is the StackState tag - ## : - ## : - ## : - ## - ## Warning: the label must match the transformation done by kube-state-metrics, - ## for example tags.stackstate/version becomes tags_stackstate_version. - labelsAsTags: {} - # pod: - # app: app - # node: - # zone: zone - # team: team - - # clusterAgent.collection.kubeStateMetrics.annotationsAsTags -- Extra annotations to collect from resources and to turn into StackState tag. - - ## It has the following structure: - ## annotationsAsTags: - ## : # can be pod, deployment, node, etc. - ## : # where is the kubernetes annotation and is the StackState tag - ## : - ## : - ## : - ## - ## Warning: the annotation must match the transformation done by kube-state-metrics, - ## for example tags.stackstate/version becomes tags_stackstate_version. - annotationsAsTags: {} - kubernetesResources: - # clusterAgent.collection.kubernetesResources.volumeattachments -- Enable / disable collection of Volume Attachments. Used to bind Nodes to Persistent Volumes. - volumeattachments: true - # clusterAgent.collection.kubernetesResources.namespaces -- Enable / disable collection of Namespaces. - namespaces: true - # clusterAgent.collection.kubernetesResources.configmaps -- Enable / disable collection of ConfigMaps. - configmaps: true - # clusterAgent.collection.kubernetesResources.endpoints -- Enable / disable collection of Endpoints. If endpoints are disabled then StackState won't be able to connect a Service to Pods that serving it - endpoints: true - # clusterAgent.collection.kubernetesResources.persistentvolumes -- Enable / disable collection of PersistentVolumes. - persistentvolumes: true - # clusterAgent.collection.kubernetesResources.persistentvolumeclaims -- Enable / disable collection of PersistentVolumeClaims. Disabling these will not let StackState connect PersistentVolumes to pods they are attached to - persistentvolumeclaims: true - # clusterAgent.collection.kubernetesResources.secrets -- Enable / disable collection of Secrets. - secrets: true - # clusterAgent.collection.kubernetesResources.daemonsets -- Enable / disable collection of DaemonSets. - daemonsets: true - # clusterAgent.collection.kubernetesResources.deployments -- Enable / disable collection of Deployments. - deployments: true - # clusterAgent.collection.kubernetesResources.replicasets -- Enable / disable collection of ReplicaSets. - replicasets: true - # clusterAgent.collection.kubernetesResources.statefulsets -- Enable / disable collection of StatefulSets. - statefulsets: true - # clusterAgent.collection.kubernetesResources.ingresses -- Enable / disable collection of Ingresses. - ingresses: true - # clusterAgent.collection.kubernetesResources.cronjobs -- Enable / disable collection of CronJobs. - cronjobs: true - # clusterAgent.collection.kubernetesResources.jobs -- Enable / disable collection of Jobs. - jobs: true - # clusterAgent.collection.kubernetesResources.resourcequotas -- Enable / disable collection of ResourceQuotas. - resourcequotas: true - - # clusterAgent.config -- - config: - events: - # clusterAgent.config.events.categories -- Custom mapping from Kubernetes event reason to StackState event category. Categories allowed: Alerts, Activities, Changes, Others - categories: {} - topology: - # clusterAgent.config.topology.collectionInterval -- Interval for running topology collection, in seconds - collectionInterval: 90 - configMap: - # clusterAgent.config.configMap.maxDataSize -- Maximum amount of characters for the data property of a ConfigMap collected by the kubernetes topology check - maxDataSize: - # clusterAgent.config.override -- A list of objects containing three keys `name`, `path` and `data`, specifying filenames at specific paths which need to be (potentially) overridden using a mounted configmap - override: [] - - service: - # clusterAgent.service.port -- Change the Cluster Agent service port - port: 5005 - # clusterAgent.service.targetPort -- Change the Cluster Agent service targetPort - targetPort: 5005 - - # clusterAgent.enabled -- Enable / disable the cluster agent. - enabled: true - - image: - # clusterAgent.image.repository -- Base container image repository. - repository: stackstate/stackstate-k8s-cluster-agent - # clusterAgent.image.tag -- Default container image tag. - tag: "ac39a29d" - # clusterAgent.image.pullPolicy -- Default container image pull policy. - pullPolicy: IfNotPresent - - livenessProbe: - # clusterAgent.livenessProbe.enabled -- Enable use of livenessProbe check. - enabled: true - # clusterAgent.livenessProbe.failureThreshold -- `failureThreshold` for the liveness probe. - failureThreshold: 3 - # clusterAgent.livenessProbe.initialDelaySeconds -- `initialDelaySeconds` for the liveness probe. - initialDelaySeconds: 15 - # clusterAgent.livenessProbe.periodSeconds -- `periodSeconds` for the liveness probe. - periodSeconds: 15 - # clusterAgent.livenessProbe.successThreshold -- `successThreshold` for the liveness probe. - successThreshold: 1 - # clusterAgent.livenessProbe.timeoutSeconds -- `timeoutSeconds` for the liveness probe. - timeoutSeconds: 5 - - # clusterAgent.logLevel -- Logging level for stackstate-k8s-agent processes. - logLevel: INFO - - # clusterAgent.priorityClassName -- Priority class for stackstate-k8s-agent pods. - priorityClassName: "" - - readinessProbe: - # clusterAgent.readinessProbe.enabled -- Enable use of readinessProbe check. - enabled: true - # clusterAgent.readinessProbe.failureThreshold -- `failureThreshold` for the readiness probe. - failureThreshold: 3 - # clusterAgent.readinessProbe.initialDelaySeconds -- `initialDelaySeconds` for the readiness probe. - initialDelaySeconds: 15 - # clusterAgent.readinessProbe.periodSeconds -- `periodSeconds` for the readiness probe. - periodSeconds: 15 - # clusterAgent.readinessProbe.successThreshold -- `successThreshold` for the readiness probe. - successThreshold: 1 - # clusterAgent.readinessProbe.timeoutSeconds -- `timeoutSeconds` for the readiness probe. - timeoutSeconds: 5 - - # clusterAgent.replicaCount -- Number of replicas of the cluster agent to deploy. - replicaCount: 1 - - serviceaccount: - # clusterAgent.serviceaccount.annotations -- Annotations for the service account for the cluster agent pods - annotations: {} - - # clusterAgent.strategy -- The strategy for the Deployment object. - strategy: - type: RollingUpdate - # rollingUpdate: - # maxUnavailable: 1 - - resources: - limits: - # clusterAgent.resources.limits.cpu -- CPU resource limits. - cpu: "400m" - # clusterAgent.resources.limits.memory -- Memory resource limits. - memory: "800Mi" - requests: - # clusterAgent.resources.requests.cpu -- CPU resource requests. - cpu: "70m" - # clusterAgent.resources.requests.memory -- Memory resource requests. - memory: "512Mi" - - # clusterAgent.nodeSelector -- Node labels for pod assignment. - nodeSelector: {} - - # clusterAgent.tolerations -- Toleration labels for pod assignment. - tolerations: [] - - # clusterAgent.affinity -- Affinity settings for pod assignment. - affinity: {} - -openShiftLogging: - # openShiftLogging.installSecret -- Install a secret for logging on openshift - installSecret: false - -logsAgent: - # logsAgent.enabled -- Enable / disable k8s pod log collection - enabled: true - - # logsAgent.priorityClassName -- Priority class for logsAgent pods. - priorityClassName: "" - - image: - # logsAgent.image.repository -- Base container image repository. - repository: stackstate/promtail - # logsAgent.image.tag -- Default container image tag. - tag: 2.7.1-4b6ae2af - # logsAgent.image.pullPolicy -- Default container image pull policy. - pullPolicy: IfNotPresent - - resources: - limits: - # logsAgent.resources.limits.cpu -- CPU resource limits. - cpu: "1300m" - # logsAgent.resources.limits.cpu -- Memory resource limits. - memory: "192Mi" - requests: - # logsAgent.resources.requests.cpu -- CPU resource requests. - cpu: "20m" - # logsAgent.resources.requests.cpu -- Memory resource requests. - memory: "100Mi" - - # logsAgent.updateStrategy -- The update strategy for the DaemonSet object. - updateStrategy: - type: RollingUpdate - rollingUpdate: - maxUnavailable: 100 - - # logsAgent.nodeSelector -- Node labels for pod assignment. - nodeSelector: {} - - # logsAgent.tolerations -- Toleration labels for pod assignment. - tolerations: [] - - # logsAgent.affinity -- Affinity settings for pod assignment. - affinity: {} - - serviceaccount: - # logsAgent.serviceaccount.annotations -- Annotations for the service account for the daemonset pods - annotations: {} - -checksAgent: - # checksAgent.enabled -- Enable / disable runnning cluster checks in a separately deployed pod - enabled: true - scc: - # checksAgent.scc.enabled -- Enable / disable the installation of the SecurityContextConfiguration needed for installation on OpenShift - enabled: false - apm: - # checksAgent.apm.enabled -- Enable / disable the agent APM module. - enabled: true - networkTracing: - # checksAgent.networkTracing.enabled -- Enable / disable the agent network tracing module. - enabled: true - processAgent: - # checksAgent.processAgent.enabled -- Enable / disable the agent process agent module. - enabled: true - # checksAgent.skipSslValidation -- Set to true if self signed certificates are used. - skipSslValidation: false - - # nodeAgent.checksTagCardinality -- low, orchestrator or high. Orchestrator level adds pod_name, high adds display_container_name - checksTagCardinality: orchestrator - - # checksAgent.config -- - config: - # checksAgent.config.override -- A list of objects containing three keys `name`, `path` and `data`, specifying filenames at specific paths which need to be (potentially) overridden using a mounted configmap - override: [] - - image: - # checksAgent.image.repository -- Base container image repository. - repository: stackstate/stackstate-k8s-agent - # checksAgent.image.tag -- Default container image tag. - tag: "ac39a29d" - # checksAgent.image.pullPolicy -- Default container image pull policy. - pullPolicy: IfNotPresent - - livenessProbe: - # checksAgent.livenessProbe.enabled -- Enable use of livenessProbe check. - enabled: true - # checksAgent.livenessProbe.failureThreshold -- `failureThreshold` for the liveness probe. - failureThreshold: 3 - # checksAgent.livenessProbe.initialDelaySeconds -- `initialDelaySeconds` for the liveness probe. - initialDelaySeconds: 15 - # checksAgent.livenessProbe.periodSeconds -- `periodSeconds` for the liveness probe. - periodSeconds: 15 - # checksAgent.livenessProbe.successThreshold -- `successThreshold` for the liveness probe. - successThreshold: 1 - # checksAgent.livenessProbe.timeoutSeconds -- `timeoutSeconds` for the liveness probe. - timeoutSeconds: 5 - - # checksAgent.logLevel -- Logging level for clusterchecks agent processes. - logLevel: INFO - - # checksAgent.priorityClassName -- Priority class for clusterchecks agent pods. - priorityClassName: "" - - readinessProbe: - # checksAgent.readinessProbe.enabled -- Enable use of readinessProbe check. - enabled: true - # checksAgent.readinessProbe.failureThreshold -- `failureThreshold` for the readiness probe. - failureThreshold: 3 - # checksAgent.readinessProbe.initialDelaySeconds -- `initialDelaySeconds` for the readiness probe. - initialDelaySeconds: 15 - # checksAgent.readinessProbe.periodSeconds -- `periodSeconds` for the readiness probe. - periodSeconds: 15 - # checksAgent.readinessProbe.successThreshold -- `successThreshold` for the readiness probe. - successThreshold: 1 - # checksAgent.readinessProbe.timeoutSeconds -- `timeoutSeconds` for the readiness probe. - timeoutSeconds: 5 - - # checksAgent.replicas -- Number of clusterchecks agent pods to schedule - replicas: 1 - - resources: - limits: - # checksAgent.resources.limits.cpu -- CPU resource limits. - cpu: "400m" - # checksAgent.resources.limits.cpu -- Memory resource limits. - memory: "600Mi" - requests: - # checksAgent.resources.requests.cpu -- CPU resource requests. - cpu: "20m" - # checksAgent.resources.requests.cpu -- Memory resource requests. - memory: "512Mi" - - serviceaccount: - # checksAgent.serviceaccount.annotations -- Annotations for the service account for the cluster checks pods - annotations: {} - - # checksAgent.strategy -- The strategy for the Deployment object. - strategy: - type: RollingUpdate - # rollingUpdate: - # maxUnavailable: 1 - - # checksAgent.nodeSelector -- Node labels for pod assignment. - nodeSelector: {} - - # checksAgent.tolerations -- Toleration labels for pod assignment. - tolerations: [] - - # checksAgent.affinity -- Affinity settings for pod assignment. - affinity: {} - -################################## -# http-header-injector variables # -################################## - -httpHeaderInjectorWebhook: - # httpHeaderInjectorWebhook.enabled -- Enable the webhook for injection http header injection sidecar proxy - enabled: false - -######################## -# StackState variables # -######################## - -stackstate: - # stackstate.apiKey -- (string) **PROVIDE YOUR API KEY HERE** API key to be used by the StackState agent. - apiKey: - cluster: - # stackstate.cluster.name -- (string) **PROVIDE KUBERNETES CLUSTER NAME HERE** Name of the Kubernetes cluster where the agent will be installed. - name: - # stackstate.cluster.authToken -- Provide a token to enable secure communication between the agent and the cluster agent. - authToken: "" - # stackstate.url -- (string) **PROVIDE STACKSTATE URL HERE** URL of the StackState installation to receive data from the agent. - url: diff --git a/charts/stackstate/stackstate-k8s-agent/1.0.70/.helmignore b/charts/stackstate/stackstate-k8s-agent/1.0.70/.helmignore deleted file mode 100644 index 15a5c1277..000000000 --- a/charts/stackstate/stackstate-k8s-agent/1.0.70/.helmignore +++ /dev/null @@ -1,26 +0,0 @@ -# Patterns to ignore when building packages. -# This supports shell glob matching, relative path matching, and -# negation (prefixed with !). Only one pattern per line. -.DS_Store -# Common VCS dirs -.git/ -.gitignore -.bzr/ -.bzrignore -.hg/ -.hgignore -.svn/ -# Common backup files -*.swp -*.bak -*.tmp -*~ -# Various IDEs -.project -.idea/ -*.tmproj -.vscode/ -linter_values.yaml -ci/ -installation/ -logo.svg diff --git a/charts/stackstate/stackstate-k8s-agent/1.0.70/Chart.lock b/charts/stackstate/stackstate-k8s-agent/1.0.70/Chart.lock deleted file mode 100644 index ab1abbaf8..000000000 --- a/charts/stackstate/stackstate-k8s-agent/1.0.70/Chart.lock +++ /dev/null @@ -1,6 +0,0 @@ -dependencies: -- name: http-header-injector - repository: https://helm.stackstate.io - version: 0.0.8 -digest: sha256:c3b39729fb1d0b742d799b83905467fddbce2f15cf7fb65ed4806cee6a27c818 -generated: "2023-12-05T10:09:00.393174914+01:00" diff --git a/charts/stackstate/stackstate-k8s-agent/1.0.70/Chart.yaml b/charts/stackstate/stackstate-k8s-agent/1.0.70/Chart.yaml deleted file mode 100644 index 09a43c80d..000000000 --- a/charts/stackstate/stackstate-k8s-agent/1.0.70/Chart.yaml +++ /dev/null @@ -1,25 +0,0 @@ -annotations: - catalog.cattle.io/certified: partner - catalog.cattle.io/display-name: StackState Agent - catalog.cattle.io/kube-version: '>=1.19.0-0' - catalog.cattle.io/release-name: stackstate-k8s-agent -apiVersion: v2 -appVersion: 2.19.1 -dependencies: -- alias: httpHeaderInjectorWebhook - name: http-header-injector - repository: file://./charts/http-header-injector - version: 0.0.8 -deprecated: true -description: Helm chart for the StackState Agent. -home: https://github.com/StackVista/stackstate-agent -icon: https://raw.githubusercontent.com/StackVista/helm-charts/master/stable/stackstate-k8s-agent/logo.svg -keywords: -- monitoring -- observability -- stackstate -maintainers: -- email: ops@stackstate.com - name: Stackstate -name: stackstate-k8s-agent -version: 1.0.70 diff --git a/charts/stackstate/stackstate-k8s-agent/1.0.70/README.md b/charts/stackstate/stackstate-k8s-agent/1.0.70/README.md deleted file mode 100644 index 0d2d27e9d..000000000 --- a/charts/stackstate/stackstate-k8s-agent/1.0.70/README.md +++ /dev/null @@ -1,248 +0,0 @@ -# stackstate-k8s-agent - -Helm chart for the StackState Agent. - -Current chart version is `1.0.70` - -**Homepage:** - -## Requirements - -| Repository | Name | Version | -|------------|------|---------| -| https://helm.stackstate.io | httpHeaderInjectorWebhook(http-header-injector) | 0.0.8 | - -## Required Values - -In order to successfully install this chart, you **must** provide the following variables: - -* `stackstate.apiKey` -* `stackstate.cluster.name` -* `stackstate.url` - -The parameter `stackstate.cluster.name` is entered when installing the Cluster Agent StackPack. - -Install them on the command line on Helm with the following command: - -```shell -helm install \ ---set-string 'stackstate.apiKey'='' \ ---set-string 'stackstate.cluster.name'='' \ ---set-string 'stackstate.url'='' \ -stackstate/stackstate-k8s-agent -``` - -## Recommended Values - -It is also recommended that you set a value for `stackstate.cluster.authToken`. If it is not provided, a value will be generated for you, but the value will change each time an upgrade is performed. - -The command for **also** installing with a set token would be: - -```shell -helm install \ ---set-string 'stackstate.apiKey'='' \ ---set-string 'stackstate.cluster.name'='' \ ---set-string 'stackstate.cluster.authToken'='' \ ---set-string 'stackstate.url'='' \ -stackstate/stackstate-k8s-agent -``` - -## Values - -| Key | Type | Default | Description | -|-----|------|---------|-------------| -| all.hardening.enabled | bool | `false` | An indication of whether the containers will be evaluated for hardening at runtime | -| all.image.registry | string | `"quay.io"` | The image registry to use. | -| checksAgent.affinity | object | `{}` | Affinity settings for pod assignment. | -| checksAgent.apm.enabled | bool | `true` | Enable / disable the agent APM module. | -| checksAgent.checksTagCardinality | string | `"orchestrator"` | | -| checksAgent.config | object | `{"override":[]}` | | -| checksAgent.config.override | list | `[]` | A list of objects containing three keys `name`, `path` and `data`, specifying filenames at specific paths which need to be (potentially) overridden using a mounted configmap | -| checksAgent.enabled | bool | `true` | Enable / disable runnning cluster checks in a separately deployed pod | -| checksAgent.image.pullPolicy | string | `"IfNotPresent"` | Default container image pull policy. | -| checksAgent.image.repository | string | `"stackstate/stackstate-k8s-agent"` | Base container image repository. | -| checksAgent.image.tag | string | `"6f4db72d"` | Default container image tag. | -| checksAgent.livenessProbe.enabled | bool | `true` | Enable use of livenessProbe check. | -| checksAgent.livenessProbe.failureThreshold | int | `3` | `failureThreshold` for the liveness probe. | -| checksAgent.livenessProbe.initialDelaySeconds | int | `15` | `initialDelaySeconds` for the liveness probe. | -| checksAgent.livenessProbe.periodSeconds | int | `15` | `periodSeconds` for the liveness probe. | -| checksAgent.livenessProbe.successThreshold | int | `1` | `successThreshold` for the liveness probe. | -| checksAgent.livenessProbe.timeoutSeconds | int | `5` | `timeoutSeconds` for the liveness probe. | -| checksAgent.logLevel | string | `"INFO"` | Logging level for clusterchecks agent processes. | -| checksAgent.networkTracing.enabled | bool | `true` | Enable / disable the agent network tracing module. | -| checksAgent.nodeSelector | object | `{}` | Node labels for pod assignment. | -| checksAgent.priorityClassName | string | `""` | Priority class for clusterchecks agent pods. | -| checksAgent.processAgent.enabled | bool | `true` | Enable / disable the agent process agent module. | -| checksAgent.readinessProbe.enabled | bool | `true` | Enable use of readinessProbe check. | -| checksAgent.readinessProbe.failureThreshold | int | `3` | `failureThreshold` for the readiness probe. | -| checksAgent.readinessProbe.initialDelaySeconds | int | `15` | `initialDelaySeconds` for the readiness probe. | -| checksAgent.readinessProbe.periodSeconds | int | `15` | `periodSeconds` for the readiness probe. | -| checksAgent.readinessProbe.successThreshold | int | `1` | `successThreshold` for the readiness probe. | -| checksAgent.readinessProbe.timeoutSeconds | int | `5` | `timeoutSeconds` for the readiness probe. | -| checksAgent.replicas | int | `1` | Number of clusterchecks agent pods to schedule | -| checksAgent.resources.limits.cpu | string | `"400m"` | Memory resource limits. | -| checksAgent.resources.limits.memory | string | `"600Mi"` | | -| checksAgent.resources.requests.cpu | string | `"20m"` | Memory resource requests. | -| checksAgent.resources.requests.memory | string | `"512Mi"` | | -| checksAgent.scc.enabled | bool | `false` | Enable / disable the installation of the SecurityContextConfiguration needed for installation on OpenShift | -| checksAgent.serviceaccount.annotations | object | `{}` | Annotations for the service account for the cluster checks pods | -| checksAgent.skipSslValidation | bool | `false` | Set to true if self signed certificates are used. | -| checksAgent.strategy | object | `{"type":"RollingUpdate"}` | The strategy for the Deployment object. | -| checksAgent.tolerations | list | `[]` | Toleration labels for pod assignment. | -| clusterAgent.affinity | object | `{}` | Affinity settings for pod assignment. | -| clusterAgent.collection.kubeStateMetrics.annotationsAsTags | object | `{}` | Extra annotations to collect from resources and to turn into StackState tag. | -| clusterAgent.collection.kubeStateMetrics.clusterCheck | bool | `false` | For large clusters where the Kubernetes State Metrics Check Core needs to be distributed on dedicated workers. | -| clusterAgent.collection.kubeStateMetrics.enabled | bool | `true` | Enable / disable the cluster agent kube-state-metrics collection. | -| clusterAgent.collection.kubeStateMetrics.labelsAsTags | object | `{}` | Extra labels to collect from resources and to turn into StackState tag. # It has the following structure: # labelsAsTags: # : # can be pod, deployment, node, etc. # : # where is the kubernetes label and is the StackState tag # : # : # : # # Warning: the label must match the transformation done by kube-state-metrics, # for example tags.stackstate/version becomes tags_stackstate_version. | -| clusterAgent.collection.kubernetesEvents | bool | `true` | Enable / disable the cluster agent events collection. | -| clusterAgent.collection.kubernetesMetrics | bool | `true` | Enable / disable the cluster agent metrics collection. | -| clusterAgent.collection.kubernetesResources.configmaps | bool | `true` | Enable / disable collection of ConfigMaps. | -| clusterAgent.collection.kubernetesResources.cronjobs | bool | `true` | Enable / disable collection of CronJobs. | -| clusterAgent.collection.kubernetesResources.daemonsets | bool | `true` | Enable / disable collection of DaemonSets. | -| clusterAgent.collection.kubernetesResources.deployments | bool | `true` | Enable / disable collection of Deployments. | -| clusterAgent.collection.kubernetesResources.endpoints | bool | `true` | Enable / disable collection of Endpoints. If endpoints are disabled then StackState won't be able to connect a Service to Pods that serving it | -| clusterAgent.collection.kubernetesResources.ingresses | bool | `true` | Enable / disable collection of Ingresses. | -| clusterAgent.collection.kubernetesResources.jobs | bool | `true` | Enable / disable collection of Jobs. | -| clusterAgent.collection.kubernetesResources.namespaces | bool | `true` | Enable / disable collection of Namespaces. | -| clusterAgent.collection.kubernetesResources.persistentvolumeclaims | bool | `true` | Enable / disable collection of PersistentVolumeClaims. Disabling these will not let StackState connect PersistentVolumes to pods they are attached to | -| clusterAgent.collection.kubernetesResources.persistentvolumes | bool | `true` | Enable / disable collection of PersistentVolumes. | -| clusterAgent.collection.kubernetesResources.replicasets | bool | `true` | Enable / disable collection of ReplicaSets. | -| clusterAgent.collection.kubernetesResources.resourcequotas | bool | `true` | Enable / disable collection of ResourceQuotas. | -| clusterAgent.collection.kubernetesResources.secrets | bool | `true` | Enable / disable collection of Secrets. | -| clusterAgent.collection.kubernetesResources.statefulsets | bool | `true` | Enable / disable collection of StatefulSets. | -| clusterAgent.collection.kubernetesResources.volumeattachments | bool | `true` | Enable / disable collection of Volume Attachments. Used to bind Nodes to Persistent Volumes. | -| clusterAgent.collection.kubernetesTimeout | int | `10` | Default timeout (in seconds) when obtaining information from the Kubernetes API. | -| clusterAgent.collection.kubernetesTopology | bool | `true` | Enable / disable the cluster agent topology collection. | -| clusterAgent.config | object | `{"configMap":{"maxDataSize":null},"events":{"categories":{}},"override":[],"topology":{"collectionInterval":90}}` | | -| clusterAgent.config.configMap.maxDataSize | string | `nil` | Maximum amount of characters for the data property of a ConfigMap collected by the kubernetes topology check | -| clusterAgent.config.events.categories | object | `{}` | Custom mapping from Kubernetes event reason to StackState event category. Categories allowed: Alerts, Activities, Changes, Others | -| clusterAgent.config.override | list | `[]` | A list of objects containing three keys `name`, `path` and `data`, specifying filenames at specific paths which need to be (potentially) overridden using a mounted configmap | -| clusterAgent.config.topology.collectionInterval | int | `90` | Interval for running topology collection, in seconds | -| clusterAgent.enabled | bool | `true` | Enable / disable the cluster agent. | -| clusterAgent.image.pullPolicy | string | `"IfNotPresent"` | Default container image pull policy. | -| clusterAgent.image.repository | string | `"stackstate/stackstate-k8s-cluster-agent"` | Base container image repository. | -| clusterAgent.image.tag | string | `"6f4db72d"` | Default container image tag. | -| clusterAgent.livenessProbe.enabled | bool | `true` | Enable use of livenessProbe check. | -| clusterAgent.livenessProbe.failureThreshold | int | `3` | `failureThreshold` for the liveness probe. | -| clusterAgent.livenessProbe.initialDelaySeconds | int | `15` | `initialDelaySeconds` for the liveness probe. | -| clusterAgent.livenessProbe.periodSeconds | int | `15` | `periodSeconds` for the liveness probe. | -| clusterAgent.livenessProbe.successThreshold | int | `1` | `successThreshold` for the liveness probe. | -| clusterAgent.livenessProbe.timeoutSeconds | int | `5` | `timeoutSeconds` for the liveness probe. | -| clusterAgent.logLevel | string | `"INFO"` | Logging level for stackstate-k8s-agent processes. | -| clusterAgent.nodeSelector | object | `{}` | Node labels for pod assignment. | -| clusterAgent.priorityClassName | string | `""` | Priority class for stackstate-k8s-agent pods. | -| clusterAgent.readinessProbe.enabled | bool | `true` | Enable use of readinessProbe check. | -| clusterAgent.readinessProbe.failureThreshold | int | `3` | `failureThreshold` for the readiness probe. | -| clusterAgent.readinessProbe.initialDelaySeconds | int | `15` | `initialDelaySeconds` for the readiness probe. | -| clusterAgent.readinessProbe.periodSeconds | int | `15` | `periodSeconds` for the readiness probe. | -| clusterAgent.readinessProbe.successThreshold | int | `1` | `successThreshold` for the readiness probe. | -| clusterAgent.readinessProbe.timeoutSeconds | int | `5` | `timeoutSeconds` for the readiness probe. | -| clusterAgent.replicaCount | int | `1` | Number of replicas of the cluster agent to deploy. | -| clusterAgent.resources.limits.cpu | string | `"400m"` | CPU resource limits. | -| clusterAgent.resources.limits.memory | string | `"800Mi"` | Memory resource limits. | -| clusterAgent.resources.requests.cpu | string | `"70m"` | CPU resource requests. | -| clusterAgent.resources.requests.memory | string | `"512Mi"` | Memory resource requests. | -| clusterAgent.service.port | int | `5005` | Change the Cluster Agent service port | -| clusterAgent.service.targetPort | int | `5005` | Change the Cluster Agent service targetPort | -| clusterAgent.serviceaccount.annotations | object | `{}` | Annotations for the service account for the cluster agent pods | -| clusterAgent.strategy | object | `{"type":"RollingUpdate"}` | The strategy for the Deployment object. | -| clusterAgent.tolerations | list | `[]` | Toleration labels for pod assignment. | -| fullnameOverride | string | `""` | Override the fullname of the chart. | -| global.extraEnv.open | object | `{}` | Extra open environment variables to inject into pods. | -| global.extraEnv.secret | object | `{}` | Extra secret environment variables to inject into pods via a `Secret` object. | -| global.imagePullCredentials | object | `{}` | Globally define credentials for pulling images. | -| global.imagePullSecrets | list | `[]` | Secrets / credentials needed for container image registry. | -| httpHeaderInjectorWebhook.enabled | bool | `false` | Enable the webhook for injection http header injection sidecar proxy | -| logsAgent.affinity | object | `{}` | Affinity settings for pod assignment. | -| logsAgent.enabled | bool | `true` | Enable / disable k8s pod log collection | -| logsAgent.image.pullPolicy | string | `"IfNotPresent"` | Default container image pull policy. | -| logsAgent.image.repository | string | `"stackstate/promtail"` | Base container image repository. | -| logsAgent.image.tag | string | `"2.7.1-4b6ae2af"` | Default container image tag. | -| logsAgent.nodeSelector | object | `{}` | Node labels for pod assignment. | -| logsAgent.priorityClassName | string | `""` | Priority class for logsAgent pods. | -| logsAgent.resources.limits.cpu | string | `"1300m"` | Memory resource limits. | -| logsAgent.resources.limits.memory | string | `"192Mi"` | | -| logsAgent.resources.requests.cpu | string | `"20m"` | Memory resource requests. | -| logsAgent.resources.requests.memory | string | `"100Mi"` | | -| logsAgent.serviceaccount.annotations | object | `{}` | Annotations for the service account for the daemonset pods | -| logsAgent.tolerations | list | `[]` | Toleration labels for pod assignment. | -| logsAgent.updateStrategy | object | `{"rollingUpdate":{"maxUnavailable":100},"type":"RollingUpdate"}` | The update strategy for the DaemonSet object. | -| nameOverride | string | `""` | Override the name of the chart. | -| nodeAgent.affinity | object | `{}` | Affinity settings for pod assignment. | -| nodeAgent.apm.enabled | bool | `true` | Enable / disable the nodeAgent APM module. | -| nodeAgent.autoScalingEnabled | bool | `false` | Enable / disable autoscaling for the node agent pods. | -| nodeAgent.checksTagCardinality | string | `"orchestrator"` | low, orchestrator or high. Orchestrator level adds pod_name, high adds display_container_name | -| nodeAgent.config | object | `{"override":[]}` | | -| nodeAgent.config.override | list | `[]` | A list of objects containing three keys `name`, `path` and `data`, specifying filenames at specific paths which need to be (potentially) overridden using a mounted configmap | -| nodeAgent.containerRuntime.customSocketPath | string | `""` | If the container socket path does not match the default for CRI-O, Containerd or Docker, supply a custom socket path. | -| nodeAgent.containerRuntime.hostProc | string | `"/proc"` | | -| nodeAgent.containers.agent.env | object | `{}` | Additional environment variables for the agent container | -| nodeAgent.containers.agent.image.pullPolicy | string | `"IfNotPresent"` | Default container image pull policy. | -| nodeAgent.containers.agent.image.repository | string | `"stackstate/stackstate-k8s-agent"` | Base container image repository. | -| nodeAgent.containers.agent.image.tag | string | `"6f4db72d"` | Default container image tag. | -| nodeAgent.containers.agent.livenessProbe.enabled | bool | `true` | Enable use of livenessProbe check. | -| nodeAgent.containers.agent.livenessProbe.failureThreshold | int | `3` | `failureThreshold` for the liveness probe. | -| nodeAgent.containers.agent.livenessProbe.initialDelaySeconds | int | `15` | `initialDelaySeconds` for the liveness probe. | -| nodeAgent.containers.agent.livenessProbe.periodSeconds | int | `15` | `periodSeconds` for the liveness probe. | -| nodeAgent.containers.agent.livenessProbe.successThreshold | int | `1` | `successThreshold` for the liveness probe. | -| nodeAgent.containers.agent.livenessProbe.timeoutSeconds | int | `5` | `timeoutSeconds` for the liveness probe. | -| nodeAgent.containers.agent.logLevel | string | `nil` | Set logging verbosity, valid log levels are: trace, debug, info, warn, error, critical, and off # If not set, fall back to the value of agent.logLevel. | -| nodeAgent.containers.agent.processAgent.enabled | bool | `false` | Enable / disable the agent process agent module. - deprecated | -| nodeAgent.containers.agent.readinessProbe.enabled | bool | `true` | Enable use of readinessProbe check. | -| nodeAgent.containers.agent.readinessProbe.failureThreshold | int | `3` | `failureThreshold` for the readiness probe. | -| nodeAgent.containers.agent.readinessProbe.initialDelaySeconds | int | `15` | `initialDelaySeconds` for the readiness probe. | -| nodeAgent.containers.agent.readinessProbe.periodSeconds | int | `15` | `periodSeconds` for the readiness probe. | -| nodeAgent.containers.agent.readinessProbe.successThreshold | int | `1` | `successThreshold` for the readiness probe. | -| nodeAgent.containers.agent.readinessProbe.timeoutSeconds | int | `5` | `timeoutSeconds` for the readiness probe. | -| nodeAgent.containers.agent.resources.limits.cpu | string | `"270m"` | Memory resource limits. | -| nodeAgent.containers.agent.resources.limits.memory | string | `"420Mi"` | | -| nodeAgent.containers.agent.resources.requests.cpu | string | `"20m"` | Memory resource requests. | -| nodeAgent.containers.agent.resources.requests.memory | string | `"180Mi"` | | -| nodeAgent.containers.processAgent.enabled | bool | `true` | Enable / disable the process agent container. | -| nodeAgent.containers.processAgent.env | object | `{}` | Additional environment variables for the process-agent container | -| nodeAgent.containers.processAgent.image.pullPolicy | string | `"IfNotPresent"` | Process-agent container image pull policy. | -| nodeAgent.containers.processAgent.image.registry | string | `nil` | | -| nodeAgent.containers.processAgent.image.repository | string | `"stackstate/stackstate-k8s-process-agent"` | Process-agent container image repository. | -| nodeAgent.containers.processAgent.image.tag | string | `"432a2730"` | Default process-agent container image tag. | -| nodeAgent.containers.processAgent.logLevel | string | `nil` | Set logging verbosity, valid log levels are: trace, debug, info, warn, error, critical, and off # If not set, fall back to the value of agent.logLevel. | -| nodeAgent.containers.processAgent.procVolumeReadOnly | bool | `true` | Configure whether /host/proc is read only for the process agent container | -| nodeAgent.containers.processAgent.resources.limits.cpu | string | `"125m"` | Memory resource limits. | -| nodeAgent.containers.processAgent.resources.limits.memory | string | `"400Mi"` | | -| nodeAgent.containers.processAgent.resources.requests.cpu | string | `"25m"` | Memory resource requests. | -| nodeAgent.containers.processAgent.resources.requests.memory | string | `"128Mi"` | | -| nodeAgent.httpTracing.enabled | bool | `true` | | -| nodeAgent.logLevel | string | `"INFO"` | Logging level for agent processes. | -| nodeAgent.networkTracing.enabled | bool | `true` | Enable / disable the nodeAgent network tracing module. | -| nodeAgent.nodeSelector | object | `{}` | Node labels for pod assignment. | -| nodeAgent.priorityClassName | string | `""` | Priority class for nodeAgent pods. | -| nodeAgent.protocolInspection.enabled | bool | `true` | Enable / disable the nodeAgent protocol inspection. | -| nodeAgent.scaling.autoscalerLimits.agent.maximum.cpu | string | `"200m"` | Maximum CPU resource limits for main agent. | -| nodeAgent.scaling.autoscalerLimits.agent.maximum.memory | string | `"450Mi"` | Maximum memory resource limits for main agent. | -| nodeAgent.scaling.autoscalerLimits.agent.minimum.cpu | string | `"20m"` | Minimum CPU resource limits for main agent. | -| nodeAgent.scaling.autoscalerLimits.agent.minimum.memory | string | `"180Mi"` | Minimum memory resource limits for main agent. | -| nodeAgent.scaling.autoscalerLimits.processAgent.maximum.cpu | string | `"200m"` | Maximum CPU resource limits for process agent. | -| nodeAgent.scaling.autoscalerLimits.processAgent.maximum.memory | string | `"500Mi"` | Maximum memory resource limits for process agent. | -| nodeAgent.scaling.autoscalerLimits.processAgent.minimum.cpu | string | `"25m"` | Minimum CPU resource limits for process agent. | -| nodeAgent.scaling.autoscalerLimits.processAgent.minimum.memory | string | `"100Mi"` | Minimum memory resource limits for process agent. | -| nodeAgent.scc.enabled | bool | `false` | Enable / disable the installation of the SecurityContextConfiguration needed for installation on OpenShift. | -| nodeAgent.service | object | `{"annotations":{},"loadBalancerSourceRanges":["10.0.0.0/8"],"type":"ClusterIP"}` | The Kubernetes service for the agent | -| nodeAgent.service.annotations | object | `{}` | Annotations for the service | -| nodeAgent.service.loadBalancerSourceRanges | list | `["10.0.0.0/8"]` | The IP4 CIDR allowed to reach LoadBalancer for the service. For LoadBalancer type of service only. | -| nodeAgent.service.type | string | `"ClusterIP"` | Type of Kubernetes service: ClusterIP, LoadBalancer, NodePort | -| nodeAgent.serviceaccount.annotations | object | `{}` | Annotations for the service account for the agent daemonset pods | -| nodeAgent.skipKubeletTLSVerify | bool | `false` | Set to true if you want to skip kubelet tls verification. | -| nodeAgent.skipSslValidation | bool | `false` | Set to true if self signed certificates are used. | -| nodeAgent.tolerations | list | `[]` | Toleration labels for pod assignment. | -| nodeAgent.updateStrategy | object | `{"rollingUpdate":{"maxUnavailable":100},"type":"RollingUpdate"}` | The update strategy for the DaemonSet object. | -| openShiftLogging.installSecret | bool | `false` | Install a secret for logging on openshift | -| processAgent.checkIntervals.connections | int | `30` | Override the default value of the connections check interval in seconds. | -| processAgent.checkIntervals.container | int | `28` | Override the default value of the container check interval in seconds. | -| processAgent.checkIntervals.process | int | `32` | Override the default value of the process check interval in seconds. | -| processAgent.softMemoryLimit.goMemLimit | string | `"340MiB"` | Soft-limit for golang heap allocation, for sanity, must be around 85% of nodeAgent.containers.processAgent.resources.limits.cpu. | -| processAgent.softMemoryLimit.httpObservationsBufferSize | int | `40000` | Sets a maximum for the number of http observations to keep in memory between check runs, to use 40k requires around ~400Mib of memory. | -| processAgent.softMemoryLimit.httpStatsBufferSize | int | `40000` | Sets a maximum for the number of http stats to keep in memory between check runs, to use 40k requires around ~400Mib of memory. | -| stackstate.apiKey | string | `nil` | **PROVIDE YOUR API KEY HERE** API key to be used by the StackState agent. | -| stackstate.cluster.authToken | string | `""` | Provide a token to enable secure communication between the agent and the cluster agent. | -| stackstate.cluster.name | string | `nil` | **PROVIDE KUBERNETES CLUSTER NAME HERE** Name of the Kubernetes cluster where the agent will be installed. | -| stackstate.url | string | `nil` | **PROVIDE STACKSTATE URL HERE** URL of the StackState installation to receive data from the agent. | -| targetSystem | string | `"linux"` | Target OS for this deployment (possible values: linux) | diff --git a/charts/stackstate/stackstate-k8s-agent/1.0.70/README.md.gotmpl b/charts/stackstate/stackstate-k8s-agent/1.0.70/README.md.gotmpl deleted file mode 100644 index 7909e6f0d..000000000 --- a/charts/stackstate/stackstate-k8s-agent/1.0.70/README.md.gotmpl +++ /dev/null @@ -1,45 +0,0 @@ -{{ template "chart.header" . }} -{{ template "chart.description" . }} - -Current chart version is `{{ template "chart.version" . }}` - -{{ template "chart.homepageLine" . }} - -{{ template "chart.requirementsSection" . }} - -## Required Values - -In order to successfully install this chart, you **must** provide the following variables: - -* `stackstate.apiKey` -* `stackstate.cluster.name` -* `stackstate.url` - -The parameter `stackstate.cluster.name` is entered when installing the Cluster Agent StackPack. - -Install them on the command line on Helm with the following command: - -```shell -helm install \ ---set-string 'stackstate.apiKey'='' \ ---set-string 'stackstate.cluster.name'='' \ ---set-string 'stackstate.url'='' \ -stackstate/stackstate-k8s-agent -``` - -## Recommended Values - -It is also recommended that you set a value for `stackstate.cluster.authToken`. If it is not provided, a value will be generated for you, but the value will change each time an upgrade is performed. - -The command for **also** installing with a set token would be: - -```shell -helm install \ ---set-string 'stackstate.apiKey'='' \ ---set-string 'stackstate.cluster.name'='' \ ---set-string 'stackstate.cluster.authToken'='' \ ---set-string 'stackstate.url'='' \ -stackstate/stackstate-k8s-agent -``` - -{{ template "chart.valuesSection" . }} diff --git a/charts/stackstate/stackstate-k8s-agent/1.0.70/Releasing.md b/charts/stackstate/stackstate-k8s-agent/1.0.70/Releasing.md deleted file mode 100644 index bab6c2b94..000000000 --- a/charts/stackstate/stackstate-k8s-agent/1.0.70/Releasing.md +++ /dev/null @@ -1,15 +0,0 @@ -To make a new release of this helm chart, follow the following steps: - - -- Create a branch from master -- Set the latest tags for the docker images, based on the dev settings (while we do not promote to prod, the moment we promote to prod we should take those tags) from https://gitlab.com/stackvista/devops/agent-promoter/-/blob/master/config.yml. Set the value to the folowing keys: - * stackstate-k8s-cluster-agent: - * [clusterAgent.image.tag] - * stackstate-k8s-agent: - * [nodeAgent.containers.agent.image.tag] - * [checksAgent.image.tag] - * stackstate-k8s-process-agent: - * [nodeAgent.containers.processAgent.image.tag] -- Bump the version of the chart -- Merge the mr and hit the public release button on the ci pipeline -- Manually smoke-test (deploy) the newly released stackstate/stackstate-k8s-agent chart to make sure it runs diff --git a/charts/stackstate/stackstate-k8s-agent/1.0.70/app-readme.md b/charts/stackstate/stackstate-k8s-agent/1.0.70/app-readme.md deleted file mode 100644 index 8025fe1d3..000000000 --- a/charts/stackstate/stackstate-k8s-agent/1.0.70/app-readme.md +++ /dev/null @@ -1,5 +0,0 @@ -## Introduction - -StackState is a modern Application Troubleshooting and Observability solution designed for the rapid evolving engineering landscape. With specific enhancements for Kubernetes environments it empowers engineers, allowing them to remediate application issues independently in production. - -The StackState Agent auto-discovers your entire environment in minutes, assimilating topology, logs, metrics, and events and sends this of to the StackState server. By using StackState you're able to tracke all activity in your environment in real-time and over time. StackState provides instant understanding of the business impact of an issue, offering end-to-end chain observability and ensuring that you can quickly correlate any product or environmental changes to the overall health of your cloud-native implementation. diff --git a/charts/stackstate/stackstate-k8s-agent/1.0.70/charts/http-header-injector/.helmignore b/charts/stackstate/stackstate-k8s-agent/1.0.70/charts/http-header-injector/.helmignore deleted file mode 100644 index 69790771c..000000000 --- a/charts/stackstate/stackstate-k8s-agent/1.0.70/charts/http-header-injector/.helmignore +++ /dev/null @@ -1,25 +0,0 @@ -# Patterns to ignore when building packages. -# This supports shell glob matching, relative path matching, and -# negation (prefixed with !). Only one pattern per line. -.DS_Store -# Common VCS dirs -.git/ -.gitignore -.bzr/ -.bzrignore -.hg/ -.hgignore -.svn/ -# Common backup files -*.swp -*.bak -*.tmp -*~ -# Various IDEs -.project -.idea/ -*.tmproj -.vscode/ -linter_values.yaml -ci/ -installation/ diff --git a/charts/stackstate/stackstate-k8s-agent/1.0.70/charts/http-header-injector/Chart.yaml b/charts/stackstate/stackstate-k8s-agent/1.0.70/charts/http-header-injector/Chart.yaml deleted file mode 100644 index d2c911c5d..000000000 --- a/charts/stackstate/stackstate-k8s-agent/1.0.70/charts/http-header-injector/Chart.yaml +++ /dev/null @@ -1,15 +0,0 @@ -apiVersion: v2 -appVersion: 0.0.1 -description: 'Helm chart for deploying the http-header-injector sidecar, which automatically - injects x-request-id into http traffic going through the cluster for pods which - have the annotation `http-header-injector.stackstate.io/inject: enabled` is set. ' -home: https://github.com/StackVista/http-header-injector -icon: https://www.stackstate.com/wp-content/uploads/2019/02/152x152-favicon.png -keywords: -- monitoring -- stackstate -maintainers: -- email: ops@stackstate.com - name: Stackstate Lupulus Team -name: http-header-injector -version: 0.0.8 diff --git a/charts/stackstate/stackstate-k8s-agent/1.0.70/charts/http-header-injector/README.md b/charts/stackstate/stackstate-k8s-agent/1.0.70/charts/http-header-injector/README.md deleted file mode 100644 index 33e6bedf7..000000000 --- a/charts/stackstate/stackstate-k8s-agent/1.0.70/charts/http-header-injector/README.md +++ /dev/null @@ -1,54 +0,0 @@ -# http-header-injector - -![Version: 0.0.7](https://img.shields.io/badge/Version-0.0.7-informational?style=flat-square) ![AppVersion: 0.0.1](https://img.shields.io/badge/AppVersion-0.0.1-informational?style=flat-square) - -Helm chart for deploying the http-header-injector sidecar, which automatically injects x-request-id into http traffic -going through the cluster for pods which have the annotation `http-header-injector.stackstate.io/inject: enabled` is set. - -**Homepage:** - -## Maintainers - -| Name | Email | Url | -| ---- | ------ | --- | -| Stackstate Lupulus Team | | | - -## Values - -| Key | Type | Default | Description | -|-----|------|---------|-------------| -| certificatePrehook | object | `{"image":{"pullPolicy":"IfNotPresent","registry":null,"repository":"stackstate/container-tools","tag":"1.2.0"}}` | Helm prehook to setup/remove a certificate for the sidecarInjector mutationwebhook | -| certificatePrehook.image.pullPolicy | string | `"IfNotPresent"` | Policy when pulling an image | -| certificatePrehook.image.registry | string | `nil` | Registry for the docker image. | -| certificatePrehook.image.tag | string | `"1.2.0"` | The tag for the docker image | -| debug | bool | `false` | Enable debugging. This will leave leave artifacts around like the prehook jobs for further inspection | -| enabled | bool | `true` | Enable/disable the mutationwebhook | -| global.imagePullCredentials | object | `{}` | Globally define credentials for pulling images. | -| global.imagePullSecrets | list | `[]` | Globally add image pull secrets that are used. | -| global.imageRegistry | string | `nil` | Globally override the image registry that is used. Can be overridden by specific containers. Defaults to quay.io | -| images.pullSecretName | string | `nil` | | -| proxy | object | `{"image":{"pullPolicy":"IfNotPresent","registry":null,"repository":"stackstate/http-header-injector-proxy","tag":"sha-5ff79451"},"resources":{"limits":{"memory":"40Mi"},"requests":{"memory":"25Mi"}}}` | Proxy being injected into pods for rewriting http headers | -| proxy.image.pullPolicy | string | `"IfNotPresent"` | Policy when pulling an image | -| proxy.image.registry | string | `nil` | Registry for the docker image. | -| proxy.image.tag | string | `"sha-5ff79451"` | The tag for the docker image | -| proxy.resources.limits.memory | string | `"40Mi"` | Memory resource limits. | -| proxy.resources.requests.memory | string | `"25Mi"` | Memory resource requests. | -| proxyInit | object | `{"image":{"pullPolicy":"IfNotPresent","registry":null,"repository":"stackstate/http-header-injector-proxy-init","tag":"sha-5ff79451"}}` | InitContainer within pod which redirects traffic to the proxy container. | -| proxyInit.image.pullPolicy | string | `"IfNotPresent"` | Policy when pulling an image | -| proxyInit.image.registry | string | `nil` | Registry for the docker image | -| proxyInit.image.tag | string | `"sha-5ff79451"` | The tag for the docker image | -| sidecarInjector | object | `{"image":{"pullPolicy":"IfNotPresent","registry":null,"repository":"stackstate/generic-sidecar-injector","tag":"sha-9c852245"}}` | Service for injecting the proxy sidecar into pods | -| sidecarInjector.image.pullPolicy | string | `"IfNotPresent"` | Policy when pulling an image | -| sidecarInjector.image.registry | string | `nil` | Registry for the docker image. | -| sidecarInjector.image.tag | string | `"sha-9c852245"` | The tag for the docker image | -| webhook | object | `{"failurePolicy":"Ignore","tls":{"certManager":{"issuer":"","issuerKind":"ClusterIssuer","issuerNamespace":""},"mode":"generated","provided":{"caBundle":"","crt":"","key":""},"secret":{"name":""}}}` | MutationWebhook that will be installed to inject a sidecar into pods | -| webhook.failurePolicy | string | `"Ignore"` | How should the webhook fail? Best is to use Ignore, because there is a brief moment at initialization when the hook s there but the service not. Also, putting this to fail can cause the control plane be unresponsive. | -| webhook.tls.certManager.issuer | string | `""` | The issuer that is used for the webhook. Only used if you set webhook.tls.mode to "cert-manager". | -| webhook.tls.certManager.issuerKind | string | `"ClusterIssuer"` | The issuer kind that is used for the webhook, valid values are "Issuer" or "ClusterIssuer". Only used if you set webhook.tls.mode to "cert-manager". | -| webhook.tls.certManager.issuerNamespace | string | `""` | The namespace the cert-manager issuer is located in. If left empty defaults to the release's namespace that is used for the webhook. Only used if you set webhook.tls.mode to "cert-manager". | -| webhook.tls.mode | string | `"generated"` | The mode for the webhook. Can be "provided", "generated", "secret" or "cert-manager". If you want to use cert-manager, you need to install it first. NOTE: If you choose "generated", additional privileges are required to create the certificate and webhook at runtime. | -| webhook.tls.provided.caBundle | string | `""` | The caBundle that is used for the webhook. This is the certificate that is used to sign the webhook. Only used if you set webhook.tls.mode to "provided". | -| webhook.tls.provided.crt | string | `""` | The certificate that is used for the webhook. Only used if you set webhook.tls.mode to "provided". | -| webhook.tls.provided.key | string | `""` | The key that is used for the webhook. Only used if you set webhook.tls.mode to "provided". | -| webhook.tls.secret.name | string | `""` | The name of the secret containing the pre-provisioned certificate data that is used for the webhook. Only used if you set webhook.tls.mode to "secret". | - diff --git a/charts/stackstate/stackstate-k8s-agent/1.0.70/charts/http-header-injector/Readme.md.gotpl b/charts/stackstate/stackstate-k8s-agent/1.0.70/charts/http-header-injector/Readme.md.gotpl deleted file mode 100644 index 225032aa2..000000000 --- a/charts/stackstate/stackstate-k8s-agent/1.0.70/charts/http-header-injector/Readme.md.gotpl +++ /dev/null @@ -1,26 +0,0 @@ -{{ template "chart.header" . }} -{{ template "chart.description" . }} - -Current chart version is `{{ template "chart.version" . }}` - -{{ template "chart.homepageLine" . }} - -{{ template "chart.requirementsSection" . }} - -## Required Values - -No values have to be included to install this chart. After installing this chart, it becomes possible to annotate pods with -the `http-header-injector.stackstate.io/inject: enabled` annotation to make sure the sidecar provided by this chart is -activated on a pod. - -## Recommended Values - -{{ template "chart.valuesSection" . -}} - -## Install - -Install from the command line on Helm with the following command: - -```shell -helm install stackstate/http-header-injector -``` diff --git a/charts/stackstate/stackstate-k8s-agent/1.0.70/charts/http-header-injector/templates/_defines.tpl b/charts/stackstate/stackstate-k8s-agent/1.0.70/charts/http-header-injector/templates/_defines.tpl deleted file mode 100644 index a3614d755..000000000 --- a/charts/stackstate/stackstate-k8s-agent/1.0.70/charts/http-header-injector/templates/_defines.tpl +++ /dev/null @@ -1,113 +0,0 @@ -{{- define "http-header-injector.app.name" -}} -{{ .Release.Name }}-http-header-injector -{{- end -}} - -{{- define "http-header-injector.webhook-service.name" -}} -{{ .Release.Name }}-http-header-injector -{{- end -}} - -{{- define "http-header-injector.webhook-service.fqname" -}} -{{ .Release.Name }}-http-header-injector.{{ .Release.Namespace }}.svc -{{- end -}} - -{{- define "http-header-injector.cert-secret.name" -}} -{{- if eq .Values.webhook.tls.mode "secret" -}} -{{ .Values.webhook.tls.secret.name }} -{{- else -}} -{{ .Release.Name }}-http-injector-cert -{{- end -}} -{{- end -}} - -{{- define "http-header-injector.cert-clusterrole.name" -}} -{{ .Release.Name }}-http-injector-cert-cluster-role -{{- end -}} - -{{- define "http-header-injector.cert-serviceaccount.name" -}} -{{ .Release.Name }}-http-injector-cert-sa -{{- end -}} - -{{- define "http-header-injector.cert-config.name" -}} -{{ .Release.Name }}-cert-config -{{- end -}} - -{{- define "http-header-injector.mutatingwebhookconfiguration.name" -}} -{{ .Release.Name }}-http-header-injector-webhook.stackstate.io -{{- end -}} - -{{- define "http-header-injector.webhook-config.name" -}} -{{ .Release.Name }}-http-header-injector-config -{{- end -}} - -{{- define "http-header-injector.mutating-webhook.name" -}} -{{ .Release.Name }}-http-header-injector-webhook -{{- end -}} - -{{- define "http-header-injector.pull-secret.name" -}} -{{ include "http-header-injector.app.name" . }}-pull-secret -{{- end -}} - -{{/* If the issuer is located in a different namespace, it is possible to set that, else default to the release namespace */}} -{{- define "cert-manager.certificate.namespace" -}} -{{ .Values.webhook.tls.certManager.issuerNamespace | default .Release.Namespace }} -{{- end -}} - -{{- define "http-header-injector.image.registry.global" -}} - {{- if .Values.global }} - {{- .Values.global.imageRegistry | default "quay.io" -}} - {{- else -}} - quay.io - {{- end -}} -{{- end -}} - -{{- define "http-header-injector.image.registry" -}} - {{- if ((.ContainerConfig).image).registry -}} - {{- tpl .ContainerConfig.image.registry . -}} - {{- else -}} - {{- include "http-header-injector.image.registry.global" . }} - {{- end -}} -{{- end -}} - -{{- define "http-header-injector.image.pullSecrets" -}} - {{- $pullSecrets := list }} - {{- $pullSecrets = append $pullSecrets (include "http-header-injector.pull-secret.name" .) }} - {{- range .Values.global.imagePullSecrets -}} - {{- $pullSecrets = append $pullSecrets . -}} - {{- end -}} - {{- if (not (empty $pullSecrets)) -}} -imagePullSecrets: - {{- range $pullSecrets | uniq }} - - name: {{ . }} - {{- end }} - {{- end -}} -{{- end -}} - -{{- define "http-header-injector.cert-setup.container.main" }} -{{- $containerConfig := dict "ContainerConfig" .Values.certificatePrehook -}} -name: webhook-cert-setup -image: "{{ include "http-header-injector.image.registry" (merge $containerConfig .) }}/{{ .Values.certificatePrehook.image.repository }}:{{ .Values.certificatePrehook.image.tag }}" -imagePullPolicy: {{ .Values.certificatePrehook.image.pullPolicy }} -{{- with .Values.certificatePrehook.resources }} -resources: - {{- toYaml . | nindent 2 }} -{{- end }} -volumeMounts: - - name: "{{ include "http-header-injector.cert-config.name" . }}" - mountPath: /scripts - readOnly: true -command: ["/scripts/generate-cert.sh"] -{{- end }} - -{{- define "http-header-injector.cert-delete.container.main" }} -{{- $containerConfig := dict "ContainerConfig" .Values.certificatePrehook -}} -name: webhook-cert-delete -image: "{{ include "http-header-injector.image.registry" (merge $containerConfig .) }}/{{ .Values.certificatePrehook.image.repository }}:{{ .Values.certificatePrehook.image.tag }}" -imagePullPolicy: {{ .Values.certificatePrehook.image.pullPolicy }} -{{- with .Values.certificatePrehook.resources }} -resources: - {{- toYaml . | nindent 2 }} -{{- end }} -volumeMounts: - - name: "{{ include "http-header-injector.cert-config.name" . }}" - mountPath: /scripts -command: [ "/scripts/delete-cert.sh" ] -{{- end }} \ No newline at end of file diff --git a/charts/stackstate/stackstate-k8s-agent/1.0.70/charts/http-header-injector/templates/cert-hook-clusterrolbinding.yaml b/charts/stackstate/stackstate-k8s-agent/1.0.70/charts/http-header-injector/templates/cert-hook-clusterrolbinding.yaml deleted file mode 100644 index fb804f729..000000000 --- a/charts/stackstate/stackstate-k8s-agent/1.0.70/charts/http-header-injector/templates/cert-hook-clusterrolbinding.yaml +++ /dev/null @@ -1,22 +0,0 @@ -{{- if eq .Values.webhook.tls.mode "generated" }} -apiVersion: rbac.authorization.k8s.io/v1 -kind: ClusterRoleBinding -metadata: - name: "{{ include "http-header-injector.cert-serviceaccount.name" . }}" - labels: - app.kubernetes.io/component: http-header-injector-cert-hook - app.kubernetes.io/instance: {{ .Release.Name }} - app.kubernetes.io/name: {{ include "http-header-injector.app.name" . }} - annotations: - "helm.sh/hook": pre-install,pre-upgrade,post-delete,post-upgrade - "helm.sh/hook-weight": "-3" - "helm.sh/hook-delete-policy": before-hook-creation,hook-succeeded -roleRef: - apiGroup: rbac.authorization.k8s.io - kind: ClusterRole - name: "{{ include "http-header-injector.cert-clusterrole.name" . }}" -subjects: - - kind: ServiceAccount - name: "{{ include "http-header-injector.cert-serviceaccount.name" . }}" - namespace: {{ .Release.Namespace }} -{{- end }} diff --git a/charts/stackstate/stackstate-k8s-agent/1.0.70/charts/http-header-injector/templates/cert-hook-clusterrole.yaml b/charts/stackstate/stackstate-k8s-agent/1.0.70/charts/http-header-injector/templates/cert-hook-clusterrole.yaml deleted file mode 100644 index 595ae5c1b..000000000 --- a/charts/stackstate/stackstate-k8s-agent/1.0.70/charts/http-header-injector/templates/cert-hook-clusterrole.yaml +++ /dev/null @@ -1,24 +0,0 @@ -{{- if eq .Values.webhook.tls.mode "generated" }} -apiVersion: rbac.authorization.k8s.io/v1 -kind: ClusterRole -metadata: - name: "{{ include "http-header-injector.cert-clusterrole.name" . }}" - labels: - app.kubernetes.io/component: http-header-injector-cert-hook - app.kubernetes.io/instance: {{ .Release.Name }} - app.kubernetes.io/name: {{ include "http-header-injector.app.name" . }} - annotations: - "helm.sh/hook": pre-install,pre-upgrade,post-delete,post-upgrade - "helm.sh/hook-weight": "-4" - "helm.sh/hook-delete-policy": before-hook-creation,hook-succeeded -rules: - - apiGroups: [ "admissionregistration.k8s.io" ] - resources: [ "mutatingwebhookconfigurations" ] - verbs: [ "get", "create", "patch","update","delete" ] - - apiGroups: [ "" ] - resources: [ "secrets" ] - verbs: [ "create", "get", "patch","update","delete" ] - - apiGroups: [ "apps" ] - resources: [ "deployments" ] - verbs: [ "get" ] -{{- end }} diff --git a/charts/stackstate/stackstate-k8s-agent/1.0.70/charts/http-header-injector/templates/cert-hook-config.yaml b/charts/stackstate/stackstate-k8s-agent/1.0.70/charts/http-header-injector/templates/cert-hook-config.yaml deleted file mode 100644 index b0c5f22fd..000000000 --- a/charts/stackstate/stackstate-k8s-agent/1.0.70/charts/http-header-injector/templates/cert-hook-config.yaml +++ /dev/null @@ -1,152 +0,0 @@ -{{- if eq .Values.webhook.tls.mode "generated" }} -apiVersion: v1 -kind: ConfigMap -metadata: - name: "{{ include "http-header-injector.cert-config.name" . }}" - labels: - app.kubernetes.io/component: http-header-injector-cert-hook - app.kubernetes.io/instance: {{ .Release.Name }} - app.kubernetes.io/name: {{ include "http-header-injector.app.name" . }} - annotations: - "helm.sh/hook": pre-install,pre-upgrade,post-delete,post-upgrade - "helm.sh/hook-weight": "-3" - "helm.sh/hook-delete-policy": before-hook-creation,hook-succeeded -data: - generate-cert.sh: | - #!/bin/bash - - # We are going for a self-signed certificate here. We would like to use k8s CertificateSigningRequest, however, - # currently there are no out of the box signers that can sign a 'server auth' certificate, which is required for mutation webhooks. - set -ex - - SCRIPTDIR="${BASH_SOURCE%/*}" - - DIR=`mktemp -d` - - cd "$DIR" - - {{ if .Values.enabled }} - echo "Chart enabled, creating secret and webhook" - - openssl genrsa -out ca.key 2048 - - openssl req -x509 -new -nodes -key ca.key -subj "/CN={{ include "http-header-injector.webhook-service.fqname" . }}" -days 10000 -out ca.crt - - openssl genrsa -out tls.key 2048 - - openssl req -new -key tls.key -out tls.csr -config "$SCRIPTDIR/csr.conf" - - openssl x509 -req -in tls.csr -CA ca.crt -CAkey ca.key \ - -CAcreateserial -out tls.crt -days 10000 \ - -extensions v3_ext -extfile "$SCRIPTDIR/csr.conf" -sha256 - - # Create or update the secret - echo "Applying secret" - kubectl create secret tls "{{ include "http-header-injector.cert-secret.name" . }}" \ - -n "{{ .Release.Namespace }}" \ - --cert=./tls.crt \ - --key=./tls.key \ - --dry-run=client \ - -o yaml | kubectl apply -f - - - echo "Applying mutationwebhook" - caBundle=`base64 -w 0 ca.crt` - cat "$SCRIPTDIR/mutatingwebhookconfiguration.yaml" | sed "s/\\\$CA_BUNDLE/$caBundle/g" | kubectl apply -f - - {{ else }} - echo "Chart disabled, not creating secret and webhook" - {{ end }} - delete-cert.sh: | - #!/bin/bash - - set -x - - DIR="${BASH_SOURCE%/*}" - if [[ ! -d "$DIR" ]]; then DIR="$PWD"; fi - if [[ "$DIR" = "." ]]; then DIR="$PWD"; fi - - cd "$DIR" - - # Using detection of deployment hee to also make this work in post-delete. - if kubectl get deployments "{{ include "http-header-injector.app.name" . }}" -n "{{ .Release.Namespace }}"; then - echo "Chart enabled, not removing secret and mutationwebhook" - exit 0 - else - echo "Chart disabled, removing secret and mutationwebhook" - fi - - # Create or update the secret - echo "Deleting secret" - kubectl delete secret "{{ include "http-header-injector.cert-secret.name" . }}" -n "{{ .Release.Namespace }}" - - echo "Applying mutationwebhook" - kubectl delete MutatingWebhookConfiguration "{{ include "http-header-injector.mutating-webhook.name" . }}" -n "{{ .Release.Namespace }}" - - exit 0 - - csr.conf: | - [ req ] - default_bits = 2048 - prompt = no - default_md = sha256 - req_extensions = req_ext - distinguished_name = dn - - [ dn ] - C = NL - ST = Utrecht - L = Hilversum - O = StackState - OU = Dev - CN = {{ include "http-header-injector.webhook-service.fqname" . }} - - [ req_ext ] - subjectAltName = @alt_names - - [ alt_names ] - DNS.1 = {{ include "http-header-injector.webhook-service.fqname" . }} - - [ v3_ext ] - authorityKeyIdentifier=keyid,issuer:always - basicConstraints=CA:FALSE - keyUsage=keyEncipherment,dataEncipherment - extendedKeyUsage=serverAuth - subjectAltName=@alt_names - - mutatingwebhookconfiguration.yaml: | - apiVersion: admissionregistration.k8s.io/v1 - kind: MutatingWebhookConfiguration - metadata: - name: "{{ include "http-header-injector.mutating-webhook.name" . }}" - namespace: "{{ .Release.Namespace }}" - webhooks: - - clientConfig: - caBundle: "$CA_BUNDLE" - service: - name: "{{ include "http-header-injector.webhook-service.name" . }}" - path: /mutate - namespace: {{ .Release.Namespace }} - port: 8443 - # Putting failure on ignore, not doing so can crash the entire control plane if something goes wrong with the service. - failurePolicy: "{{ .Values.webhook.failurePolicy }}" - name: "{{ include "http-header-injector.mutatingwebhookconfiguration.name" . }}" - namespaceSelector: - matchExpressions: - - key: kubernetes.io/metadata.name - operator: NotIn - values: - - kube-system - - cert-manager - - {{ .Release.Namespace }} - rules: - - apiGroups: - - "" - apiVersions: - - v1 - operations: - - CREATE - resources: - - pods - sideEffects: None - admissionReviewVersions: - - v1 -{{- end }} diff --git a/charts/stackstate/stackstate-k8s-agent/1.0.70/charts/http-header-injector/templates/cert-hook-job-delete.yaml b/charts/stackstate/stackstate-k8s-agent/1.0.70/charts/http-header-injector/templates/cert-hook-job-delete.yaml deleted file mode 100644 index 1e67e5a45..000000000 --- a/charts/stackstate/stackstate-k8s-agent/1.0.70/charts/http-header-injector/templates/cert-hook-job-delete.yaml +++ /dev/null @@ -1,35 +0,0 @@ -{{- if eq .Values.webhook.tls.mode "generated" }} -apiVersion: batch/v1 -kind: Job -metadata: - name: {{ .Release.Name }}-header-injector-cert-delete - labels: - app.kubernetes.io/component: http-header-injector-cert-hook-delete - app.kubernetes.io/instance: {{ .Release.Name }} - app.kubernetes.io/name: {{ include "http-header-injector.app.name" . }} - annotations: - "helm.sh/hook": post-delete,post-upgrade - "helm.sh/hook-weight": "-2" - "helm.sh/hook-delete-policy": before-hook-creation{{- if not .Values.debug -}},hook-succeeded{{- end }} -spec: - template: - metadata: - labels: - app.kubernetes.io/component: http-header-injector-delete - app.kubernetes.io/instance: {{ .Release.Name }} - app.kubernetes.io/name: {{ include "http-header-injector.app.name" . }} - annotations: - checksum/config: {{ include (print $.Template.BasePath "/cert-hook-config.yaml") . | sha256sum }} - spec: - serviceAccountName: "{{ include "http-header-injector.cert-serviceaccount.name" . }}" - {{- include "http-header-injector.image.pullSecrets" . | nindent 6 }} - volumes: - - name: "{{ include "http-header-injector.cert-config.name" . }}" - configMap: - name: "{{ include "http-header-injector.cert-config.name" . }}" - defaultMode: 0777 - containers: - - {{ include "http-header-injector.cert-delete.container.main" . | nindent 8 }} - restartPolicy: Never - backoffLimit: 0 -{{- end }} diff --git a/charts/stackstate/stackstate-k8s-agent/1.0.70/charts/http-header-injector/templates/cert-hook-job-setup.yaml b/charts/stackstate/stackstate-k8s-agent/1.0.70/charts/http-header-injector/templates/cert-hook-job-setup.yaml deleted file mode 100644 index 19451d293..000000000 --- a/charts/stackstate/stackstate-k8s-agent/1.0.70/charts/http-header-injector/templates/cert-hook-job-setup.yaml +++ /dev/null @@ -1,35 +0,0 @@ -{{- if eq .Values.webhook.tls.mode "generated" }} -apiVersion: batch/v1 -kind: Job -metadata: - name: {{ .Release.Name }}-header-injector-cert-setup - labels: - app.kubernetes.io/component: http-header-injector-cert-hook-setup - app.kubernetes.io/instance: {{ .Release.Name }} - app.kubernetes.io/name: {{ include "http-header-injector.app.name" . }} - annotations: - "helm.sh/hook": pre-install,pre-upgrade - "helm.sh/hook-weight": "-2" - "helm.sh/hook-delete-policy": before-hook-creation{{- if not .Values.debug -}},hook-succeeded{{- end }} -spec: - template: - metadata: - labels: - app.kubernetes.io/component: http-header-injector-setup - app.kubernetes.io/instance: {{ .Release.Name }} - app.kubernetes.io/name: {{ include "http-header-injector.app.name" . }} - annotations: - checksum/config: {{ include (print $.Template.BasePath "/cert-hook-config.yaml") . | sha256sum }} - spec: - serviceAccountName: "{{ include "http-header-injector.cert-serviceaccount.name" . }}" - {{- include "http-header-injector.image.pullSecrets" . | nindent 6 }} - volumes: - - name: "{{ include "http-header-injector.cert-config.name" . }}" - configMap: - name: "{{ include "http-header-injector.cert-config.name" . }}" - defaultMode: 0777 - containers: - - {{ include "http-header-injector.cert-setup.container.main" . | nindent 8 }} - restartPolicy: Never - backoffLimit: 0 -{{- end }} diff --git a/charts/stackstate/stackstate-k8s-agent/1.0.70/charts/http-header-injector/templates/cert-hook-serviceaccount.yaml b/charts/stackstate/stackstate-k8s-agent/1.0.70/charts/http-header-injector/templates/cert-hook-serviceaccount.yaml deleted file mode 100644 index 4d6931b05..000000000 --- a/charts/stackstate/stackstate-k8s-agent/1.0.70/charts/http-header-injector/templates/cert-hook-serviceaccount.yaml +++ /dev/null @@ -1,16 +0,0 @@ -{{- if eq .Values.webhook.tls.mode "generated" }} -apiVersion: v1 -kind: ServiceAccount -metadata: - name: "{{ include "http-header-injector.cert-serviceaccount.name" . }}" - namespace: {{ .Release.Namespace }} - annotations: - "helm.sh/hook": pre-install,pre-upgrade,post-delete,post-upgrade - "helm.sh/hook-weight": "-4" - "helm.sh/hook-delete-policy": before-hook-creation,hook-succeeded - labels: - app.kubernetes.io/component: http-header-injector-cert-hook - app.kubernetes.io/instance: {{ .Release.Name }} - app.kubernetes.io/name: {{ include "http-header-injector.app.name" . }} - app: "{{ include "http-header-injector.app.name" . }}" -{{- end }} diff --git a/charts/stackstate/stackstate-k8s-agent/1.0.70/charts/http-header-injector/templates/pull-secret.yaml b/charts/stackstate/stackstate-k8s-agent/1.0.70/charts/http-header-injector/templates/pull-secret.yaml deleted file mode 100644 index 5dc48d931..000000000 --- a/charts/stackstate/stackstate-k8s-agent/1.0.70/charts/http-header-injector/templates/pull-secret.yaml +++ /dev/null @@ -1,29 +0,0 @@ -{{- $defaultRegistry := .Values.global.imageRegistry }} -{{- $top := . }} -{{- $registryAuthMap := dict }} - -{{- range $registry, $credentials := .Values.global.imagePullCredentials }} - {{- $registryAuthDocument := dict -}} - {{- $_ := set $registryAuthDocument "username" $credentials.username }} - {{- $_ := set $registryAuthDocument "password" $credentials.password }} - {{- $authMessage := printf "%s:%s" $registryAuthDocument.username $registryAuthDocument.password | b64enc }} - {{- $_ := set $registryAuthDocument "auth" $authMessage }} - {{- if eq $registry "default" }} - {{- $registryAuthMap := set $registryAuthMap (include "http-header-injector.image.registry.global" $top) $registryAuthDocument }} - {{ else }} - {{- $registryAuthMap := set $registryAuthMap $registry $registryAuthDocument }} - {{- end }} -{{- end }} -{{- $dockerAuthsDocuments := dict "auths" $registryAuthMap }} - -apiVersion: v1 -kind: Secret -metadata: - labels: - app.kubernetes.io/component: http-header-injector - app.kubernetes.io/instance: {{ .Release.Name }} - app.kubernetes.io/name: {{ include "http-header-injector.app.name" . }} - name: {{ include "http-header-injector.pull-secret.name" . }} -data: - .dockerconfigjson: {{ $dockerAuthsDocuments | toJson | b64enc | quote }} -type: kubernetes.io/dockerconfigjson \ No newline at end of file diff --git a/charts/stackstate/stackstate-k8s-agent/1.0.70/charts/http-header-injector/templates/webhook-cert-secret.yaml b/charts/stackstate/stackstate-k8s-agent/1.0.70/charts/http-header-injector/templates/webhook-cert-secret.yaml deleted file mode 100644 index ba7a216f2..000000000 --- a/charts/stackstate/stackstate-k8s-agent/1.0.70/charts/http-header-injector/templates/webhook-cert-secret.yaml +++ /dev/null @@ -1,15 +0,0 @@ -{{- if eq .Values.webhook.tls.mode "provided" }} -apiVersion: v1 -kind: Secret -metadata: - name: {{ include "http-header-injector.cert-secret.name" . }} - namespace: {{ .Release.Namespace }} - labels: - app.kubernetes.io/component: http-header-injector - app.kubernetes.io/instance: {{ .Release.Name }} - app.kubernetes.io/name: {{ include "http-header-injector.app.name" . }} -type: kubernetes.io/tls -data: - tls.crt: {{ .Values.webhook.tls.provided.crt | b64enc }} - tls.key: {{ .Values.webhook.tls.provided.key | b64enc }} -{{- end }} diff --git a/charts/stackstate/stackstate-k8s-agent/1.0.70/charts/http-header-injector/templates/webhook-certificate.yaml b/charts/stackstate/stackstate-k8s-agent/1.0.70/charts/http-header-injector/templates/webhook-certificate.yaml deleted file mode 100644 index 752132d44..000000000 --- a/charts/stackstate/stackstate-k8s-agent/1.0.70/charts/http-header-injector/templates/webhook-certificate.yaml +++ /dev/null @@ -1,20 +0,0 @@ -{{- if eq .Values.webhook.tls.mode "cert-manager" }} -apiVersion: cert-manager.io/v1 -kind: Certificate -metadata: - name: {{ include "http-header-injector.webhook-service.name" . }} - namespace: {{ include "cert-manager.certificate.namespace" . }} - labels: - app.kubernetes.io/component: http-header-injector - app.kubernetes.io/instance: {{ .Release.Name }} - app.kubernetes.io/name: {{ include "http-header-injector.app.name" . }} -spec: - secretName: {{ include "http-header-injector.cert-secret.name" . }} - issuerRef: - name: {{ .Values.webhook.tls.certManager.issuer }} - kind: {{ .Values.webhook.tls.certManager.issuerKind }} - dnsNames: - - "{{ include "http-header-injector.webhook-service.name" . }}" - - "{{ include "http-header-injector.webhook-service.name" . }}.{{ .Release.Namespace }}" - - "{{ include "http-header-injector.webhook-service.name" . }}.{{ .Release.Namespace }}.svc" -{{- end }} diff --git a/charts/stackstate/stackstate-k8s-agent/1.0.70/charts/http-header-injector/templates/webhook-config.yaml b/charts/stackstate/stackstate-k8s-agent/1.0.70/charts/http-header-injector/templates/webhook-config.yaml deleted file mode 100644 index f611a52e3..000000000 --- a/charts/stackstate/stackstate-k8s-agent/1.0.70/charts/http-header-injector/templates/webhook-config.yaml +++ /dev/null @@ -1,125 +0,0 @@ -{{- if .Values.enabled -}} -{{- $proxyContainerConfig := dict "ContainerConfig" .Values.proxy -}} -{{- $proxyInitContainerConfig := dict "ContainerConfig" .Values.proxyInit -}} -apiVersion: v1 -kind: ConfigMap -metadata: - labels: - app.kubernetes.io/component: http-header-injector - app.kubernetes.io/instance: {{ .Release.Name }} - app.kubernetes.io/name: {{ include "http-header-injector.app.name" . }} - name: {{ .Release.Name }}-http-header-injector-config -data: - sidecarconfig.yaml: | - initContainers: - - name: http-header-proxy-init - image: "{{ include "http-header-injector.image.registry" (merge $proxyInitContainerConfig .) }}/{{ .Values.proxyInit.image.repository }}:{{ .Values.proxyInit.image.tag }}" - imagePullPolicy: {{ .Values.proxyInit.image.pullPolicy }} - command: ["/init-iptables.sh"] - env: - - name: CHART_VERSION - value: "{{ .Chart.Version }}" - - name: PROXY_PORT - value: {% if index .Annotations "config.http-header-injector.stackstate.io/proxy-port" %}"{% index .Annotations "config.http-header-injector.stackstate.io/proxy-port" %}"{% else %}"7060"{% end %} - - name: PROXY_UID - value: {% if index .Annotations "config.http-header-injector.stackstate.io/proxy-uid" %}"{% index .Annotations "config.http-header-injector.stackstate.io/proxy-uid" %}"{% else %}"2103"{% end %} - - name: POD_HOST_NETWORK - value: {% .Spec.HostNetwork %} - {% if eq (index .Annotations "linkerd.io/inject") "enabled" %} - - name: LINKERD - value: true - # Reference: https://linkerd.io/2.13/reference/proxy-configuration/ - - name: LINKERD_PROXY_UID - value: {% if index .Annotations "config.linkerd.io/proxy-uid" %}"{% index .Annotations "config.linkerd.io/proxy-uid" %}"{% else %}"2102"{% end %} - # Due to https://github.com/linkerd/linkerd2/issues/10981 this is now not realy possible, still bringing in the code for future reference - - name: LINKERD_ADMIN_PORT - value: {% if index .Annotations "config.linkerd.io/admin-port" %}"{% index .Annotations "config.linkerd.io/admin-port" %}"{% else %}"4191"{% end %} - {% end %} - securityContext: - allowPrivilegeEscalation: false - capabilities: - add: - - NET_ADMIN - - NET_RAW - privileged: false - readOnlyRootFilesystem: true - runAsNonRoot: false - runAsUser: 0 - seccompProfile: - type: RuntimeDefault - volumeMounts: - # This is required for iptables to be able to run - - mountPath: /run - name: http-header-proxy-init-xtables-lock - - containers: - - name: http-header-proxy - image: "{{ include "http-header-injector.image.registry" (merge $proxyContainerConfig .) }}/{{ .Values.proxy.image.repository }}:{{ .Values.proxy.image.tag }}" - imagePullPolicy: {{ .Values.proxy.image.pullPolicy }} - env: - - name: CHART_VERSION - value: "{{ .Chart.Version }}" - - name: PORT - value: {% if index .Annotations "config.http-header-injector.stackstate.io/proxy-port" %}"{% index .Annotations "config.http-header-injector.stackstate.io/proxy-port" %}"{% else %}"7060"{% end %} - - name: DEBUG - value: {% if index .Annotations "config.http-header-injector.stackstate.io/debug" %}"{% index .Annotations "config.http-header-injector.stackstate.io/debug" %}"{% else %}"disabled"{% end %} - securityContext: - runAsUser: {% if index .Annotations "config.http-header-injector.stackstate.io/proxy-uid" %}{% index .Annotations "config.http-header-injector.stackstate.io/proxy-uid" %}{% else %}2103{% end %} - seccompProfile: - type: RuntimeDefault - {{- with .Values.proxy.resources }} - resources: - {{- toYaml . | nindent 12 }} - {{- end }} - - name: http-header-inject-debug - image: "{{ include "http-header-injector.image.registry" (merge $proxyContainerConfig .) }}/{{ .Values.proxyInit.image.repository }}:{{ .Values.proxyInit.image.tag }}" - imagePullPolicy: {{ .Values.proxyInit.image.pullPolicy }} - command: ["/bin/sh", "-c", "while echo \"Running\"; do sleep 1; done"] - securityContext: - allowPrivilegeEscalation: false - capabilities: - add: - - NET_ADMIN - - NET_RAW - privileged: false - readOnlyRootFilesystem: true - runAsNonRoot: false - runAsUser: 0 - seccompProfile: - type: RuntimeDefault - volumeMounts: - # This is required for iptables to be able to run - - mountPath: /run - name: http-header-proxy-init-xtables-lock - - volumes: - - emptyDir: {} - name: http-header-proxy-init-xtables-lock - - mutationconfig.yaml: | - mutationConfigs: - - name: "http-header-injector" - annotationNamespace: "http-header-injector.stackstate.io" - annotationTrigger: "inject" - annotationConfig: - volumeMounts: [] - initContainersBeforePodInitContainers: [ "http-header-proxy-init" ] - initContainers: [ "http-header-proxy-init" ] - containers: [ "http-header-proxy" ] - volumes: [ "http-header-proxy-init-xtables-lock" ] - volumeMounts: [ ] - # Namespaces are ignored by the mutatingwebhook - ignoreNamespaces: [ ] - - name: "http-header-injector-debug" - annotationNamespace: "http-header-injector-debug.stackstate.io" - annotationTrigger: "inject" - annotationConfig: - volumeMounts: [] - initContainersBeforePodInitContainers: [ ] - initContainers: [ ] - containers: [ "http-header-inject-debug" ] - volumes: [ "http-header-proxy-init-xtables-lock" ] - volumeMounts: [ ] - # Namespaces are ignored by the mutatingwebhook - ignoreNamespaces: [ ] - {{- end -}} \ No newline at end of file diff --git a/charts/stackstate/stackstate-k8s-agent/1.0.70/charts/http-header-injector/templates/webhook-deployment.yaml b/charts/stackstate/stackstate-k8s-agent/1.0.70/charts/http-header-injector/templates/webhook-deployment.yaml deleted file mode 100644 index e885d0e46..000000000 --- a/charts/stackstate/stackstate-k8s-agent/1.0.70/charts/http-header-injector/templates/webhook-deployment.yaml +++ /dev/null @@ -1,56 +0,0 @@ -{{- if .Values.enabled -}} -{{- $containerConfig := dict "ContainerConfig" .Values.sidecarInjector -}} -apiVersion: apps/v1 -kind: Deployment -metadata: - labels: - app.kubernetes.io/component: http-header-injector - app.kubernetes.io/instance: {{ .Release.Name }} - app.kubernetes.io/name: {{ include "http-header-injector.app.name" . }} - app: "{{ include "http-header-injector.app.name" . }}" - name: "{{ include "http-header-injector.app.name" . }}" -spec: - replicas: 1 - selector: - matchLabels: - app: "{{ include "http-header-injector.app.name" . }}" - template: - metadata: - labels: - app.kubernetes.io/component: http-header-injector - app.kubernetes.io/instance: {{ .Release.Name }} - app.kubernetes.io/name: {{ include "http-header-injector.app.name" . }} - app: "{{ include "http-header-injector.app.name" . }}" - annotations: - checksum/config: {{ include (print $.Template.BasePath "/webhook-config.yaml") . | sha256sum }} - # This is here to make sure the generic injector gets restarted and picks up a new secret that may have been generated upon upgrade. - revision: "{{ .Release.Revision }}" - name: "{{ include "http-header-injector.app.name" . }}" - spec: - {{- include "http-header-injector.image.pullSecrets" . | nindent 6 }} - volumes: - - name: "{{ include "http-header-injector.webhook-config.name" . }}" - configMap: - name: "{{ include "http-header-injector.webhook-config.name" . }}" - - name: "{{ include "http-header-injector.cert-secret.name" . }}" - secret: - secretName: "{{ include "http-header-injector.cert-secret.name" . }}" - containers: - - image: "{{ include "http-header-injector.image.registry" (merge $containerConfig .) }}/{{ .Values.sidecarInjector.image.repository }}:{{ .Values.sidecarInjector.image.tag }}" - imagePullPolicy: {{ .Values.sidecarInjector.image.pullPolicy }} - name: http-header-injector - volumeMounts: - - name: "{{ include "http-header-injector.webhook-config.name" . }}" - mountPath: /etc/webhook/config - readOnly: true - - name: "{{ include "http-header-injector.cert-secret.name" . }}" - mountPath: /etc/webhook/certs - readOnly: true - command: [ "/sidecarinjector" ] - args: - - --port=8443 - - --sidecar-config-file=/etc/webhook/config/sidecarconfig.yaml - - --mutation-config-file=/etc/webhook/config/mutationconfig.yaml - - --cert-file-path=/etc/webhook/certs/tls.crt - - --key-file-path=/etc/webhook/certs/tls.key -{{- end -}} \ No newline at end of file diff --git a/charts/stackstate/stackstate-k8s-agent/1.0.70/charts/http-header-injector/templates/webhook-mutatingwebhookconfiguration.yaml b/charts/stackstate/stackstate-k8s-agent/1.0.70/charts/http-header-injector/templates/webhook-mutatingwebhookconfiguration.yaml deleted file mode 100644 index 32d58afde..000000000 --- a/charts/stackstate/stackstate-k8s-agent/1.0.70/charts/http-header-injector/templates/webhook-mutatingwebhookconfiguration.yaml +++ /dev/null @@ -1,52 +0,0 @@ -{{- if not (eq .Values.webhook.tls.mode "generated") }} -apiVersion: admissionregistration.k8s.io/v1 -kind: MutatingWebhookConfiguration -metadata: - name: "{{ include "http-header-injector.mutating-webhook.name" . }}" - namespace: "{{ .Release.Namespace }}" - labels: - app.kubernetes.io/component: http-header-injector - app.kubernetes.io/instance: {{ .Release.Name }} - app.kubernetes.io/name: {{ include "http-header-injector.app.name" . }} - annotations: - {{- if eq .Values.webhook.tls.mode "cert-manager" }} - cert-manager.io/inject-ca-from: {{ include "cert-manager.certificate.namespace" . }}/{{ include "http-header-injector.webhook-service.name" . }} - {{- else if eq .Values.webhook.tls.mode "secret" }} - cert-manager.io/inject-ca-from-secret: {{ .Release.Namespace }}/{{ .Values.webhook.tls.secret.name | required "'webhook.tls.secret.name' is required when webhook.tls.mode is 'secret'" }} - {{- end }} -webhooks: - - clientConfig: - {{- if eq .Values.webhook.tls.mode "provided" }} - caBundle: "{{ .Values.webhook.tls.provided.caBundle | b64enc }}" - {{- else if or (eq .Values.webhook.tls.mode "cert-manager") (eq .Values.webhook.tls.mode "secret") }} - caBundle: "" - {{- end }} - service: - name: "{{ include "http-header-injector.webhook-service.name" . }}" - path: /mutate - namespace: {{ .Release.Namespace }} - port: 8443 - # Putting failure on ignore, not doing so can crash the entire control plane if something goes wrong with the service. - failurePolicy: "{{ .Values.webhook.failurePolicy }}" - name: "{{ include "http-header-injector.mutatingwebhookconfiguration.name" . }}" - namespaceSelector: - matchExpressions: - - key: kubernetes.io/metadata.name - operator: NotIn - values: - - kube-system - - cert-manager - - {{ .Release.Namespace }} - rules: - - apiGroups: - - "" - apiVersions: - - v1 - operations: - - CREATE - resources: - - pods - sideEffects: None - admissionReviewVersions: - - v1 -{{- end }} diff --git a/charts/stackstate/stackstate-k8s-agent/1.0.70/charts/http-header-injector/templates/webhook-service.yaml b/charts/stackstate/stackstate-k8s-agent/1.0.70/charts/http-header-injector/templates/webhook-service.yaml deleted file mode 100644 index 6936a5d23..000000000 --- a/charts/stackstate/stackstate-k8s-agent/1.0.70/charts/http-header-injector/templates/webhook-service.yaml +++ /dev/null @@ -1,17 +0,0 @@ -{{- if .Values.enabled -}} -apiVersion: v1 -kind: Service -metadata: - labels: - app.kubernetes.io/component: http-header-injector - app.kubernetes.io/instance: {{ .Release.Name }} - app.kubernetes.io/name: {{ include "http-header-injector.app.name" . }} - name: "{{ include "http-header-injector.webhook-service.name" . }}" -spec: - ports: - - port: 8443 - protocol: TCP - targetPort: 8443 - selector: - app: "{{ include "http-header-injector.app.name" . }}" -{{- end -}} diff --git a/charts/stackstate/stackstate-k8s-agent/1.0.70/charts/http-header-injector/values.yaml b/charts/stackstate/stackstate-k8s-agent/1.0.70/charts/http-header-injector/values.yaml deleted file mode 100644 index b7ed95b53..000000000 --- a/charts/stackstate/stackstate-k8s-agent/1.0.70/charts/http-header-injector/values.yaml +++ /dev/null @@ -1,105 +0,0 @@ -# enabled -- Enable/disable the mutationwebhook -enabled: true - -# debug -- Enable debugging. This will leave leave artifacts around like the prehook jobs for further inspection -debug: false - -global: - # global.imageRegistry -- Globally override the image registry that is used. Can be overridden by specific containers. Defaults to quay.io - imageRegistry: null - # global.imagePullSecrets -- Globally add image pull secrets that are used. - imagePullSecrets: [] - # global.imagePullCredentials -- Globally define credentials for pulling images. - imagePullCredentials: {} - -images: - pullSecretName: - -# proxy -- Proxy being injected into pods for rewriting http headers -proxy: - image: - # proxy.image.registry -- Registry for the docker image. - registry: - # proxy.image.repository - Repository for the docker image - repository: "stackstate/http-header-injector-proxy" - # proxy.image.pullPolicy -- Policy when pulling an image - pullPolicy: IfNotPresent - # proxy.image.tag -- The tag for the docker image - tag: sha-5ff79451 - - # proxy.resource -- Resources for the proxy container - resources: - requests: - # proxy.resources.requests.memory -- Memory resource requests. - memory: "25Mi" - limits: - # proxy.resources.limits.memory -- Memory resource limits. - memory: "40Mi" - -# proxyInit -- InitContainer within pod which redirects traffic to the proxy container. -proxyInit: - image: - # proxyInit.image.registry -- Registry for the docker image - registry: - # proxyInit.image.repository - Repository for the docker image - repository: "stackstate/http-header-injector-proxy-init" - # proxyInit.image.pullPolicy -- Policy when pulling an image - pullPolicy: IfNotPresent - # proxyInit.image.tag -- The tag for the docker image - tag: sha-5ff79451 - -# sidecarInjector -- Service for injecting the proxy sidecar into pods -sidecarInjector: - image: - # sidecarInjector.image.registry -- Registry for the docker image. - registry: - # sidecarInjector.image.repository - Repository for the docker image - repository: "stackstate/generic-sidecar-injector" - # sidecarInjector.image.pullPolicy -- Policy when pulling an image - pullPolicy: IfNotPresent - # sidecarInjector.image.tag -- The tag for the docker image - tag: sha-9c852245 - -# certificatePrehook -- Helm prehook to setup/remove a certificate for the sidecarInjector mutationwebhook -certificatePrehook: - image: - # certificatePrehook.image.registry -- Registry for the docker image. - registry: - # certificatePrehook.image.repository - Repository for the docker image. - repository: stackstate/container-tools - # certificatePrehook.image.pullPolicy -- Policy when pulling an image - pullPolicy: IfNotPresent - # certificatePrehook.image.tag -- The tag for the docker image - tag: 1.2.0 - resources: - limits: - cpu: "100m" - memory: "100Mi" - requests: - cpu: "100m" - memory: "100Mi" - -# webhook -- MutationWebhook that will be installed to inject a sidecar into pods -webhook: - # webhook.failurePolicy -- How should the webhook fail? Best is to use Ignore, because there is a brief moment at initialization when the hook s there but the service not. Also, putting this to fail can cause the control plane be unresponsive. - failurePolicy: Ignore - tls: - # webhook.tls.mode -- The mode for the webhook. Can be "provided", "generated", "secret" or "cert-manager". If you want to use cert-manager, you need to install it first. NOTE: If you choose "generated", additional privileges are required to create the certificate and webhook at runtime. - mode: "generated" - provided: - # webhook.tls.provided.caBundle -- The caBundle that is used for the webhook. This is the certificate that is used to sign the webhook. Only used if you set webhook.tls.mode to "provided". - caBundle: "" - # webhook.tls.provided.crt -- The certificate that is used for the webhook. Only used if you set webhook.tls.mode to "provided". - crt: "" - # webhook.tls.provided.key -- The key that is used for the webhook. Only used if you set webhook.tls.mode to "provided". - key: "" - certManager: - # webhook.tls.certManager.issuer -- The issuer that is used for the webhook. Only used if you set webhook.tls.mode to "cert-manager". - issuer: "" - # webhook.tls.certManager.issuerKind -- The issuer kind that is used for the webhook, valid values are "Issuer" or "ClusterIssuer". Only used if you set webhook.tls.mode to "cert-manager". - issuerKind: "ClusterIssuer" - # webhook.tls.certManager.issuerNamespace -- The namespace the cert-manager issuer is located in. If left empty defaults to the release's namespace that is used for the webhook. Only used if you set webhook.tls.mode to "cert-manager". - issuerNamespace: "" - secret: - # webhook.tls.secret.name -- The name of the secret containing the pre-provisioned certificate data that is used for the webhook. Only used if you set webhook.tls.mode to "secret". - name: "" diff --git a/charts/stackstate/stackstate-k8s-agent/1.0.70/questions.yml b/charts/stackstate/stackstate-k8s-agent/1.0.70/questions.yml deleted file mode 100644 index 5d6e6a011..000000000 --- a/charts/stackstate/stackstate-k8s-agent/1.0.70/questions.yml +++ /dev/null @@ -1,184 +0,0 @@ -questions: - - variable: stackstate.apiKey - label: "StackState API Key" - type: string - description: "The API key for StackState." - required: true - group: General - - variable: stackstate.url - label: "StackState URL" - type: string - description: "The URL where StackState is running." - required: true - group: General - - variable: stackstate.cluster.name - label: "StackState Cluster Name" - type: string - description: "The StackState Cluster Name given when installing the instance of the Kubernetes StackPack in StackState. This is used to identify the cluster in StackState." - required: true - group: General - - variable: all.registry.override - label: "Override Default Image Registry" - type: boolean - description: "Whether or not to override the default image registry." - default: false - group: "General" - show_subquestions_if: true - subquestions: - - variable: all.image.registry - label: "Docker Image Registry" - type: string - description: "The registry to pull the StackState Agent images from." - default: "quay.io" - - variable: global.imagePullCredentials.username - label: "Docker Image Pull Username" - type: string - description: "The username to use when pulling the StackState Agent images." - - variable: global.imagePullCredentials.password - label: "Docker Image Pull Password" - type: secret - description: "The password to use when pulling the StackState Agent images." - - variable: nodeAgent.containers.agent.resources.override - label: "Override Node Agent Resource Allocation" - type: boolean - description: "Whether or not to override the default resources." - default: "false" - group: "Node Agent" - show_subquestions_if: true - subquestions: - - variable: nodeAgent.containers.agent.resources.requests.cpu - label: "CPU Requests" - type: string - description: "The requested CPU for the Node Agent." - default: "20m" - - variable: nodeAgent.containers.agent.resources.requests.memory - label: "Memory Requests" - type: string - description: "The requested memory for the Node Agent." - default: "180Mi" - - variable: nodeAgent.containers.agent.resources.limits.cpu - label: "CPU Limit" - type: string - description: "The CPU limit for the Node Agent." - default: "270m" - - variable: nodeAgent.containers.agent.resources.limits.memory - label: "Memory Limit" - type: string - description: "The memory limit for the Node Agent." - default: "420Mi" - - variable: nodeAgent.containers.processAgent.enabled - label: "Enable Process Agent" - type: boolean - description: "Whether or not to enable the Process Agent." - default: "true" - group: "Process Agent" - - variable: nodeAgent.skipKubeletTLSVerify - label: "Skip Kubelet TLS Verify" - type: boolean - description: "Whether or not to skip TLS verification when connecting to the kubelet API." - default: "true" - group: "Process Agent" - - variable: nodeAgent.containers.processAgent.resources.override - label: "Override Process Agent Resource Allocation" - type: boolean - description: "Whether or not to override the default resources." - default: "false" - group: "Process Agent" - show_subquestions_if: true - subquestions: - - variable: nodeAgent.containers.processAgent.resources.requests.cpu - label: "CPU Requests" - type: string - description: "The requested CPU for the Process Agent." - default: "25m" - - variable: nodeAgent.containers.processAgent.resources.requests.memory - label: "Memory Requests" - type: string - description: "The requested memory for the Process Agent." - default: "128Mi" - - variable: nodeAgent.containers.processAgent.resources.limits.cpu - label: "CPU Limit" - type: string - description: "The CPU limit for the Process Agent." - default: "125m" - - variable: nodeAgent.containers.processAgent.resources.limits.memory - label: "Memory Limit" - type: string - description: "The memory limit for the Process Agent." - default: "400Mi" - - variable: clusterAgent.enabled - label: "Enable Cluster Agent" - type: boolean - description: "Whether or not to enable the Cluster Agent." - default: "true" - group: "Cluster Agent" - - variable: clusterAgent.collection.kubernetesResources.secrets - label: "Collect Secret Resources" - type: boolean - description: | - Whether or not to collect Kubernetes Secrets. - NOTE: StackState will not send the actual data of the secrets, only the metadata and a secure hash of the data. - default: "true" - group: "Cluster Agent" - - variable: clusterAgent.resources.override - label: "Override Cluster Agent Resource Allocation" - type: boolean - description: "Whether or not to override the default resources." - default: "false" - group: "Cluster Agent" - show_subquestions_if: true - subquestions: - - variable: clusterAgent.resources.requests.cpu - label: "CPU Requests" - type: string - description: "The requested CPU for the Cluster Agent." - default: "70m" - - variable: clusterAgent.resources.requests.memory - label: "Memory Requests" - type: string - description: "The requested memory for the Cluster Agent." - default: "512Mi" - - variable: clusterAgent.resources.limits.cpu - label: "CPU Limit" - type: string - description: "The CPU limit for the Cluster Agent." - default: "400m" - - variable: clusterAgent.resources.limits.memory - label: "Memory Limit" - type: string - description: "The memory limit for the Cluster Agent." - default: "800Mi" - - variable: logsAgent.enabled - label: "Enable Logs Agent" - type: boolean - description: "Whether or not to enable the Logs Agent." - default: "true" - group: "Logs Agent" - - variable: logsAgent.resources.override - label: "Override Logs Agent Resource Allocation" - type: boolean - description: "Whether or not to override the default resources." - default: "false" - group: "Logs Agent" - show_subquestions_if: true - subquestions: - - variable: logsAgent.resources.requests.cpu - label: "CPU Requests" - type: string - description: "The requested CPU for the Logs Agent." - default: "20m" - - variable: logsAgent.resources.requests.memory - label: "Memory Requests" - type: string - description: "The requested memory for the Logs Agent." - default: "100Mi" - - variable: logsAgent.resources.limits.cpu - label: "CPU Limit" - type: string - description: "The CPU limit for the Logs Agent." - default: "1300m" - - variable: logsAgent.resources.limits.memory - label: "Memory Limit" - type: string - description: "The memory limit for the Logs Agent." - default: "192Mi" diff --git a/charts/stackstate/stackstate-k8s-agent/1.0.70/templates/_cluster-agent-kube-state-metrics.yaml b/charts/stackstate/stackstate-k8s-agent/1.0.70/templates/_cluster-agent-kube-state-metrics.yaml deleted file mode 100644 index f99fbf618..000000000 --- a/charts/stackstate/stackstate-k8s-agent/1.0.70/templates/_cluster-agent-kube-state-metrics.yaml +++ /dev/null @@ -1,62 +0,0 @@ -{{- define "cluster-agent-kube-state-metrics" -}} -{{- $kubeRes := .Values.clusterAgent.collection.kubernetesResources }} -{{- if .Values.clusterAgent.collection.kubeStateMetrics.clusterCheck }} -cluster_check: true -{{- end }} -init_config: -instances: - - collectors: - - nodes - - pods - - services - {{- if $kubeRes.persistentvolumeclaims }} - - persistentvolumeclaims - {{- end }} - {{- if $kubeRes.persistentvolumes }} - - persistentvolumes - {{- end }} - {{- if $kubeRes.namespaces }} - - namespaces - {{- end }} - {{- if $kubeRes.endpoints }} - - endpoints - {{- end }} - {{- if $kubeRes.daemonsets }} - - daemonsets - {{- end }} - {{- if $kubeRes.deployments }} - - deployments - {{- end }} - {{- if $kubeRes.replicasets }} - - replicasets - {{- end }} - {{- if $kubeRes.statefulsets }} - - statefulsets - {{- end }} - {{- if $kubeRes.cronjobs }} - - cronjobs - {{- end }} - {{- if $kubeRes.jobs }} - - jobs - {{- end }} - {{- if $kubeRes.ingresses }} - - ingresses - {{- end }} - {{- if $kubeRes.secrets }} - - secrets - {{- end }} - - resourcequotas - - replicationcontrollers - - limitranges - - horizontalpodautoscalers - - poddisruptionbudgets - - storageclasses - - volumeattachments - {{- if .Values.clusterAgent.collection.kubeStateMetrics.clusterCheck }} - skip_leader_election: true - {{- end }} - labels_as_tags: - {{ .Values.clusterAgent.collection.kubeStateMetrics.labelsAsTags | toYaml | indent 8 }} - annotations_as_tags: - {{ .Values.clusterAgent.collection.kubeStateMetrics.annotationsAsTags | toYaml | indent 8 }} -{{- end -}} diff --git a/charts/stackstate/stackstate-k8s-agent/1.0.70/templates/_container-agent.yaml b/charts/stackstate/stackstate-k8s-agent/1.0.70/templates/_container-agent.yaml deleted file mode 100644 index 033ca11ec..000000000 --- a/charts/stackstate/stackstate-k8s-agent/1.0.70/templates/_container-agent.yaml +++ /dev/null @@ -1,192 +0,0 @@ -{{- define "container-agent" -}} -- name: node-agent -{{- if .Values.all.hardening.enabled}} - lifecycle: - preStop: - exec: - command: [ "/bin/sh", "-c", "echo 'Giving slim.ai monitor time to submit data...'; sleep 120" ] -{{- end }} - image: "{{ include "stackstate-k8s-agent.imageRegistry" . }}/{{ .Values.nodeAgent.containers.agent.image.repository }}:{{ .Values.nodeAgent.containers.agent.image.tag }}" - imagePullPolicy: "{{ .Values.nodeAgent.containers.agent.image.pullPolicy }}" - env: - - name: STS_API_KEY - valueFrom: - secretKeyRef: - name: {{ include "stackstate-k8s-agent.fullname" . }} - key: sts-api-key - - name: STS_KUBERNETES_KUBELET_HOST - valueFrom: - fieldRef: - fieldPath: status.hostIP - - name: KUBERNETES_HOSTNAME - valueFrom: - fieldRef: - fieldPath: spec.nodeName - - name: STS_HOSTNAME - value: "$(KUBERNETES_HOSTNAME)-{{ .Values.stackstate.cluster.name}}" - - name: AGENT_VERSION - value: {{ .Values.nodeAgent.containers.agent.image.tag | quote }} - - name: HOST_PROC - value: "/host/proc" - - name: HOST_SYS - value: "/host/sys" - - name: KUBERNETES - value: "true" - - name: STS_APM_ENABLED - value: {{ .Values.nodeAgent.apm.enabled | quote }} - - name: STS_APM_URL - value: {{ include "stackstate-k8s-agent.stackstate.url" . }} - - name: STS_CLUSTER_AGENT_ENABLED - value: {{ .Values.clusterAgent.enabled | quote }} - {{- if .Values.clusterAgent.enabled }} - - name: STS_CLUSTER_AGENT_KUBERNETES_SERVICE_NAME - value: {{ .Release.Name }}-cluster-agent - - name: STS_CLUSTER_AGENT_AUTH_TOKEN - valueFrom: - secretKeyRef: - name: {{ include "stackstate-k8s-agent.fullname" . }} - key: sts-cluster-auth-token - {{- end }} - - name: STS_CLUSTER_NAME - value: {{ .Values.stackstate.cluster.name | quote }} - - name: STS_SKIP_VALIDATE_CLUSTERNAME - value: "true" - - name: STS_CHECKS_TAG_CARDINALITY - value: {{ .Values.nodeAgent.checksTagCardinality | quote }} - {{- if .Values.checksAgent.enabled }} - - name: STS_EXTRA_CONFIG_PROVIDERS - value: "endpointschecks" - {{- end }} - - name: STS_HEALTH_PORT - value: "5555" - - name: STS_LEADER_ELECTION - value: "false" - - name: LOG_LEVEL - value: {{ .Values.nodeAgent.containers.agent.logLevel | default .Values.nodeAgent.logLevel | quote }} - - name: STS_LOG_LEVEL - value: {{ .Values.nodeAgent.containers.agent.logLevel | default .Values.nodeAgent.logLevel | quote }} - - name: STS_NETWORK_TRACING_ENABLED - value: {{ .Values.nodeAgent.networkTracing.enabled | quote }} - - name: STS_PROTOCOL_INSPECTION_ENABLED - value: {{ .Values.nodeAgent.protocolInspection.enabled | quote }} - - name: STS_PROCESS_AGENT_ENABLED - value: {{ .Values.nodeAgent.containers.agent.processAgent.enabled | quote }} - - name: STS_CONTAINER_CHECK_INTERVAL - value: {{ .Values.processAgent.checkIntervals.container | quote }} - - name: STS_CONNECTION_CHECK_INTERVAL - value: {{ .Values.processAgent.checkIntervals.connections | quote }} - - name: STS_PROCESS_CHECK_INTERVAL - value: {{ .Values.processAgent.checkIntervals.process | quote }} - - name: STS_PROCESS_AGENT_URL - value: {{ include "stackstate-k8s-agent.stackstate.url" . }} - - name: STS_SKIP_SSL_VALIDATION - value: {{ .Values.nodeAgent.skipSslValidation | quote }} - - name: STS_SKIP_KUBELET_TLS_VERIFY - value: {{ .Values.nodeAgent.skipKubeletTLSVerify | quote }} - - name: STS_STS_URL - value: {{ include "stackstate-k8s-agent.stackstate.url" . }} - {{- if .Values.nodeAgent.containerRuntime.customSocketPath }} - - name: STS_CRI_SOCKET_PATH - value: {{ .Values.nodeAgent.containerRuntime.customSocketPath }} - {{- end }} - {{- range $key, $value := .Values.nodeAgent.containers.agent.env }} - - name: {{ $key }} - value: {{ $value | quote }} - {{- end }} - {{- range $key, $value := .Values.global.extraEnv.open }} - - name: {{ $key }} - value: {{ $value | quote }} - {{- end }} - {{- range $key, $value := .Values.global.extraEnv.secret }} - - name: {{ $key }} - valueFrom: - secretKeyRef: - name: {{ include "stackstate-k8s-agent.fullname" . }} - key: {{ $key }} - {{- end }} - {{- if .Values.nodeAgent.containers.agent.livenessProbe.enabled }} - livenessProbe: - httpGet: - path: /health - port: healthport - failureThreshold: {{ .Values.nodeAgent.containers.agent.livenessProbe.failureThreshold }} - initialDelaySeconds: {{ .Values.nodeAgent.containers.agent.livenessProbe.initialDelaySeconds }} - periodSeconds: {{ .Values.nodeAgent.containers.agent.livenessProbe.periodSeconds }} - successThreshold: {{ .Values.nodeAgent.containers.agent.livenessProbe.successThreshold }} - timeoutSeconds: {{ .Values.nodeAgent.containers.agent.livenessProbe.timeoutSeconds }} - {{- end }} - {{- if .Values.nodeAgent.containers.agent.readinessProbe.enabled }} - readinessProbe: - httpGet: - path: /health - port: healthport - failureThreshold: {{ .Values.nodeAgent.containers.agent.readinessProbe.failureThreshold }} - initialDelaySeconds: {{ .Values.nodeAgent.containers.agent.readinessProbe.initialDelaySeconds }} - periodSeconds: {{ .Values.nodeAgent.containers.agent.readinessProbe.periodSeconds }} - successThreshold: {{ .Values.nodeAgent.containers.agent.readinessProbe.successThreshold }} - timeoutSeconds: {{ .Values.nodeAgent.containers.agent.readinessProbe.timeoutSeconds }} - {{- end }} - ports: - - containerPort: 8126 - name: traceport - protocol: TCP - - containerPort: 5555 - name: healthport - protocol: TCP - {{- with .Values.nodeAgent.containers.agent.resources }} - resources: - {{- toYaml . | nindent 12 }} - {{- end }} - volumeMounts: - {{- if .Values.nodeAgent.containerRuntime.customSocketPath }} - - name: customcrisocket - mountPath: {{ .Values.nodeAgent.containerRuntime.customSocketPath }} - readOnly: true - {{- end }} - - name: crisocket - mountPath: /var/run/crio/crio.sock - readOnly: true - - name: containerdsocket - mountPath: /var/run/containerd/containerd.sock - readOnly: true - - name: kubelet - mountPath: /var/lib/kubelet - readOnly: true - - name: nfs - mountPath: /var/lib/nfs - readOnly: true - - name: dockersocket - mountPath: /var/run/docker.sock - readOnly: true - - name: dockernetns - mountPath: /run/docker/netns - readOnly: true - - name: dockeroverlay2 - mountPath: /var/lib/docker/overlay2 - readOnly: true - - name: procdir - mountPath: /host/proc - readOnly: true - - name: cgroups - mountPath: /host/sys/fs/cgroup - readOnly: true - {{- if .Values.nodeAgent.config.override }} - {{- range .Values.nodeAgent.config.override }} - - name: config-override-volume - mountPath: {{ .path }}/{{ .name }} - subPath: {{ .path | replace "/" "_"}}_{{ .name }} - readOnly: true - {{- end }} - {{- end }} -{{- if .Values.all.hardening.enabled}} - securityContext: - privileged: true - runAsUser: 0 # root - capabilities: - add: [ "ALL" ] - readOnlyRootFilesystem: false -{{- else }} - securityContext: - privileged: false -{{- end }} -{{- end -}} diff --git a/charts/stackstate/stackstate-k8s-agent/1.0.70/templates/_container-process-agent.yaml b/charts/stackstate/stackstate-k8s-agent/1.0.70/templates/_container-process-agent.yaml deleted file mode 100644 index fa6ceb592..000000000 --- a/charts/stackstate/stackstate-k8s-agent/1.0.70/templates/_container-process-agent.yaml +++ /dev/null @@ -1,162 +0,0 @@ -{{- define "container-process-agent" -}} -- name: process-agent -{{ if .Values.nodeAgent.containers.processAgent.image.registry }} - image: "{{ .Values.nodeAgent.containers.processAgent.image.registry }}/{{ .Values.nodeAgent.containers.processAgent.image.repository }}:{{ .Values.nodeAgent.containers.processAgent.image.tag }}" -{{ else }} - image: "{{ include "stackstate-k8s-agent.imageRegistry" . }}/{{ .Values.nodeAgent.containers.processAgent.image.repository }}:{{ .Values.nodeAgent.containers.processAgent.image.tag }}" -{{- end }} - imagePullPolicy: "{{ .Values.nodeAgent.containers.processAgent.image.pullPolicy }}" - ports: - - containerPort: 6063 - env: - - name: STS_API_KEY - valueFrom: - secretKeyRef: - name: {{ include "stackstate-k8s-agent.fullname" . }} - key: sts-api-key - - name: STS_KUBERNETES_KUBELET_HOST - valueFrom: - fieldRef: - fieldPath: status.hostIP - - name: KUBERNETES_HOSTNAME - valueFrom: - fieldRef: - fieldPath: spec.nodeName - - name: STS_HOSTNAME - value: "$(KUBERNETES_HOSTNAME)-{{ .Values.stackstate.cluster.name}}" - - name: AGENT_VERSION - value: {{ .Values.nodeAgent.containers.processAgent.image.tag | quote }} - - name: STS_LOG_TO_CONSOLE - value: "true" - - name: HOST_PROC - value: "/host/proc" - - name: HOST_SYS - value: "/host/sys" - - name: HOST_ETC - value: "/host/etc" - - name: KUBERNETES - value: "true" - - name: STS_CLUSTER_AGENT_ENABLED - value: {{ .Values.clusterAgent.enabled | quote }} - {{- if .Values.clusterAgent.enabled }} - - name: STS_CLUSTER_AGENT_KUBERNETES_SERVICE_NAME - value: {{ .Release.Name }}-cluster-agent - - name: STS_CLUSTER_AGENT_AUTH_TOKEN - valueFrom: - secretKeyRef: - name: {{ include "stackstate-k8s-agent.fullname" . }} - key: sts-cluster-auth-token - {{- end }} - - name: STS_CLUSTER_NAME - value: {{ .Values.stackstate.cluster.name | quote }} - - name: STS_SKIP_VALIDATE_CLUSTERNAME - value: "true" - - name: LOG_LEVEL - value: {{ .Values.nodeAgent.containers.processAgent.logLevel | default .Values.nodeAgent.logLevel | quote }} - - name: STS_LOG_LEVEL - value: {{ .Values.nodeAgent.containers.processAgent.logLevel | default .Values.nodeAgent.logLevel | quote }} - - name: STS_NETWORK_TRACING_ENABLED - value: {{ .Values.nodeAgent.networkTracing.enabled | quote }} - - name: STS_PROTOCOL_INSPECTION_ENABLED - value: {{ .Values.nodeAgent.protocolInspection.enabled | quote }} - - name: STS_PROCESS_AGENT_ENABLED - value: {{ .Values.nodeAgent.containers.processAgent.enabled | quote }} - - name: STS_CONTAINER_CHECK_INTERVAL - value: {{ .Values.processAgent.checkIntervals.container | quote }} - - name: STS_CONNECTION_CHECK_INTERVAL - value: {{ .Values.processAgent.checkIntervals.connections | quote }} - - name: STS_PROCESS_CHECK_INTERVAL - value: {{ .Values.processAgent.checkIntervals.process | quote }} - - name: GOMEMLIMIT - value: {{ .Values.processAgent.softMemoryLimit.goMemLimit | quote }} - - name: STS_HTTP_STATS_BUFFER_SIZE - value: {{ .Values.processAgent.softMemoryLimit.httpStatsBufferSize | quote }} - - name: STS_HTTP_OBSERVATIONS_BUFFER_SIZE - value: {{ .Values.processAgent.softMemoryLimit.httpObservationsBufferSize | quote }} - - name: STS_PROCESS_AGENT_URL - value: {{ include "stackstate-k8s-agent.stackstate.url" . }} - - name: STS_SKIP_SSL_VALIDATION - value: {{ .Values.nodeAgent.skipSslValidation | quote }} - - name: STS_SKIP_KUBELET_TLS_VERIFY - value: {{ .Values.nodeAgent.skipKubeletTLSVerify | quote }} - - name: STS_STS_URL - value: {{ include "stackstate-k8s-agent.stackstate.url" . }} - - name: STS_HTTP_TRACING_ENABLED - value: {{ .Values.nodeAgent.httpTracing.enabled | quote }} - {{- if .Values.nodeAgent.containerRuntime.customSocketPath }} - - name: STS_CRI_SOCKET_PATH - value: {{ .Values.nodeAgent.containerRuntime.customSocketPath }} - {{- end }} - {{- range $key, $value := .Values.nodeAgent.containers.processAgent.env }} - - name: {{ $key }} - value: {{ $value | quote }} - {{- end }} - {{- range $key, $value := .Values.global.extraEnv.open }} - - name: {{ $key }} - value: {{ $value | quote }} - {{- end }} - {{- range $key, $value := .Values.global.extraEnv.secret }} - - name: {{ $key }} - valueFrom: - secretKeyRef: - name: {{ include "stackstate-k8s-agent.fullname" . }} - key: {{ $key }} - {{- end }} - {{- with .Values.nodeAgent.containers.processAgent.resources }} - resources: - {{- toYaml . | nindent 12 }} - {{- end }} - volumeMounts: - {{- if .Values.nodeAgent.containerRuntime.customSocketPath }} - - name: customcrisocket - mountPath: {{ .Values.nodeAgent.containerRuntime.customSocketPath }} - readOnly: true - {{- end }} - - name: crisocket - mountPath: /var/run/crio/crio.sock - readOnly: true - - name: containerdsocket - mountPath: /var/run/containerd/containerd.sock - readOnly: true - - name: sys-kernel-debug - mountPath: /sys/kernel/debug - # Having sys-kernel-debug as read only breaks specific monitors from receiving metrics - # readOnly: true - - name: dockersocket - mountPath: /var/run/docker.sock - readOnly: true - # The agent needs access to /etc to figure out what os it is running on. - - name: etcdir - mountPath: /host/etc - readOnly: true - - name: procdir - mountPath: /host/proc - # We have an agent option STS_DISABLE_BPF_JIT_HARDEN that write to /proc. this is a debug setting but if we want to use - # it, we have the option to make /proc writable. - readOnly: {{ .Values.nodeAgent.containers.processAgent.procVolumeReadOnly }} - - name: passwd - mountPath: /etc/passwd - readOnly: true - - name: cgroups - mountPath: /host/sys/fs/cgroup - readOnly: true - {{- if .Values.nodeAgent.config.override }} - {{- range .Values.nodeAgent.config.override }} - - name: config-override-volume - mountPath: {{ .path }}/{{ .name }} - subPath: {{ .path | replace "/" "_"}}_{{ .name }} - readOnly: true - {{- end }} - {{- end }} -{{- if .Values.all.hardening.enabled}} - securityContext: - privileged: true - runAsUser: 0 # root - capabilities: - add: [ "ALL" ] - readOnlyRootFilesystem: false -{{- else }} - securityContext: - privileged: true -{{- end }} -{{- end -}} diff --git a/charts/stackstate/stackstate-k8s-agent/1.0.70/templates/_helpers.tpl b/charts/stackstate/stackstate-k8s-agent/1.0.70/templates/_helpers.tpl deleted file mode 100644 index 09a27fd6e..000000000 --- a/charts/stackstate/stackstate-k8s-agent/1.0.70/templates/_helpers.tpl +++ /dev/null @@ -1,175 +0,0 @@ -{{/* vim: set filetype=mustache: */}} -{{/* -Expand the name of the chart. -*/}} -{{- define "stackstate-k8s-agent.name" -}} -{{- default .Chart.Name .Values.nameOverride | trunc 63 | trimSuffix "-" -}} -{{- end -}} - -{{/* -Create a default fully qualified app name. -We truncate at 63 chars because some Kubernetes name fields are limited to this (by the DNS naming spec). -If release name contains chart name it will be used as a full name. -*/}} -{{- define "stackstate-k8s-agent.fullname" -}} -{{- if .Values.fullnameOverride -}} -{{- .Values.fullnameOverride | trunc 63 | trimSuffix "-" -}} -{{- else -}} -{{- $name := default .Chart.Name .Values.nameOverride -}} -{{- if contains $name .Release.Name -}} -{{- .Release.Name | trunc 63 | trimSuffix "-" -}} -{{- else -}} -{{- printf "%s-%s" .Release.Name $name | trunc 63 | trimSuffix "-" -}} -{{- end -}} -{{- end -}} -{{- end -}} - -{{/* -Create chart name and version as used by the chart label. -*/}} -{{- define "stackstate-k8s-agent.chart" -}} -{{- printf "%s-%s" .Chart.Name .Chart.Version | replace "+" "_" | trunc 63 | trimSuffix "-" -}} -{{- end -}} - -{{/* -Common labels -*/}} -{{- define "stackstate-k8s-agent.labels" -}} -app.kubernetes.io/name: {{ include "stackstate-k8s-agent.name" . }} -helm.sh/chart: {{ include "stackstate-k8s-agent.chart" . }} -app.kubernetes.io/instance: {{ .Release.Name }} -{{- if .Chart.AppVersion }} -app.kubernetes.io/version: {{ .Chart.AppVersion | quote }} -{{- end }} -app.kubernetes.io/managed-by: {{ .Release.Service }} -{{- end -}} - -{{/* -Cluster agent checksum annotations -*/}} -{{- define "stackstate-k8s-agent.checksum-configs" }} -checksum/secret: {{ include (print $.Template.BasePath "/secret.yaml") . | sha256sum }} -{{- end }} - -{{/* -StackState URL function -*/}} -{{- define "stackstate-k8s-agent.stackstate.url" -}} -{{ tpl .Values.stackstate.url . | quote }} -{{- end }} - -{{- define "stackstate-k8s-agent.configmap.override.checksum" -}} -{{- if .Values.clusterAgent.config.override }} -checksum/override-configmap: {{ include (print $.Template.BasePath "/cluster-agent-configmap.yaml") . | sha256sum }} -{{- end }} -{{- end }} - -{{- define "stackstate-k8s-agent.nodeAgent.configmap.override.checksum" -}} -{{- if .Values.nodeAgent.config.override }} -checksum/override-configmap: {{ include (print $.Template.BasePath "/node-agent-configmap.yaml") . | sha256sum }} -{{- end }} -{{- end }} - -{{- define "stackstate-k8s-agent.logsAgent.configmap.override.checksum" -}} -checksum/override-configmap: {{ include (print $.Template.BasePath "/logs-agent-configmap.yaml") . | sha256sum }} -{{- end }} - -{{- define "stackstate-k8s-agent.checksAgent.configmap.override.checksum" -}} -{{- if .Values.checksAgent.config.override }} -checksum/override-configmap: {{ include (print $.Template.BasePath "/checks-agent-configmap.yaml") . | sha256sum }} -{{- end }} -{{- end }} - - -{{/* -Return the image registry -*/}} -{{- define "stackstate-k8s-agent.imageRegistry" -}} - {{- if .Values.global }} - {{- .Values.global.imageRegistry | default .Values.all.image.registry -}} - {{- else -}} - {{- .Values.all.image.registry -}} - {{- end -}} -{{- end -}} - -{{/* -Renders a value that contains a template. -Usage: -{{ include "stackstate-k8s-agent.tplvalue.render" ( dict "value" .Values.path.to.the.Value "context" $) }} -*/}} -{{- define "stackstate-k8s-agent.tplvalue.render" -}} - {{- if typeIs "string" .value }} - {{- tpl .value .context }} - {{- else }} - {{- tpl (.value | toYaml) .context }} - {{- end }} -{{- end -}} - -{{- define "stackstate-k8s-agent.pull-secret.name" -}} -{{ include "stackstate-k8s-agent.fullname" . }}-pull-secret -{{- end -}} - -{{/* -Return the proper Docker Image Registry Secret Names evaluating values as templates -{{ include "stackstate-k8s-agent.image.pullSecrets" ( dict "images" (list .Values.path.to.the.image1, .Values.path.to.the.image2) "context" $) }} -*/}} -{{- define "stackstate-k8s-agent.image.pullSecrets" -}} - {{- $pullSecrets := list }} - {{- $context := .context }} - {{- if $context.Values.global }} - {{- range $context.Values.global.imagePullSecrets -}} - {{/* Is plain array of strings, compatible with all bitnami charts */}} - {{- $pullSecrets = append $pullSecrets (include "stackstate-k8s-agent.tplvalue.render" (dict "value" . "context" $context)) -}} - {{- end -}} - {{- end -}} - {{- range $context.Values.imagePullSecrets -}} - {{- $pullSecrets = append $pullSecrets (include "stackstate-k8s-agent.tplvalue.render" (dict "value" .name "context" $context)) -}} - {{- end -}} - {{- range .images -}} - {{- if .pullSecretName -}} - {{- $pullSecrets = append $pullSecrets (include "stackstate-k8s-agent.tplvalue.render" (dict "value" .pullSecretName "context" $context)) -}} - {{- end -}} - {{- end -}} - {{- $pullSecrets = append $pullSecrets (include "stackstate-k8s-agent.pull-secret.name" $context) -}} - {{- if (not (empty $pullSecrets)) -}} -imagePullSecrets: - {{- range $pullSecrets | uniq }} - - name: {{ . }} - {{- end }} - {{- end }} -{{- end -}} - -{{/* -Check whether the kubernetes-state-metrics configuration is overridden. If so, return 'true' else return nothing (which is false). -{{ include "stackstate-k8s-agent.kube-state-metrics.overridden" $ }} -*/}} -{{- define "stackstate-k8s-agent.kube-state-metrics.overridden" -}} -{{- if .Values.clusterAgent.config.override }} - {{- range $i, $val := .Values.clusterAgent.config.override }} - {{- if and (eq $val.name "conf.yaml") (eq $val.path "/etc/stackstate-agent/conf.d/kubernetes_state.d") }} -true - {{- end }} - {{- end }} -{{- end }} -{{- end -}} - -{{- define "stackstate-k8s-agent.nodeAgent.kube-state-metrics.overridden" -}} -{{- if .Values.nodeAgent.config.override }} - {{- range $i, $val := .Values.nodeAgent.config.override }} - {{- if and (eq $val.name "auto_conf.yaml") (eq $val.path "/etc/stackstate-agent/conf.d/kubernetes_state.d") }} -true - {{- end }} - {{- end }} -{{- end }} -{{- end -}} - -{{/* -Return the appropriate os label -*/}} -{{- define "label.os" -}} -{{- if semverCompare "^1.14-0" .Capabilities.KubeVersion.GitVersion -}} -kubernetes.io/os -{{- else -}} -beta.kubernetes.io/os -{{- end -}} -{{- end -}} diff --git a/charts/stackstate/stackstate-k8s-agent/1.0.70/templates/checks-agent-clusterrolebinding.yaml b/charts/stackstate/stackstate-k8s-agent/1.0.70/templates/checks-agent-clusterrolebinding.yaml deleted file mode 100644 index 9db8b0bc3..000000000 --- a/charts/stackstate/stackstate-k8s-agent/1.0.70/templates/checks-agent-clusterrolebinding.yaml +++ /dev/null @@ -1,18 +0,0 @@ -{{- if .Values.checksAgent.enabled }} -apiVersion: rbac.authorization.k8s.io/v1 -kind: ClusterRoleBinding -metadata: - name: {{ .Release.Name }}-checks-agent - labels: -{{ include "stackstate-k8s-agent.labels" . | indent 4 }} - app.kubernetes.io/component: checks-agent -roleRef: - apiGroup: rbac.authorization.k8s.io - kind: ClusterRole - name: {{ .Release.Name }}-node-agent -subjects: -- apiGroup: "" - kind: ServiceAccount - name: {{ .Release.Name }}-checks-agent - namespace: {{ .Release.Namespace }} -{{- end -}} diff --git a/charts/stackstate/stackstate-k8s-agent/1.0.70/templates/checks-agent-configmap.yaml b/charts/stackstate/stackstate-k8s-agent/1.0.70/templates/checks-agent-configmap.yaml deleted file mode 100644 index faeefa1fc..000000000 --- a/charts/stackstate/stackstate-k8s-agent/1.0.70/templates/checks-agent-configmap.yaml +++ /dev/null @@ -1,14 +0,0 @@ -{{- if and .Values.checksAgent.enabled .Values.checksAgent.config.override }} -apiVersion: v1 -kind: ConfigMap -metadata: - name: {{ .Release.Name }}-checks-agent - labels: -{{ include "stackstate-k8s-agent.labels" . | indent 4 }} - app.kubernetes.io/component: checks-agent -data: -{{- range .Values.checksAgent.config.override }} - {{ .path | replace "/" "_"}}_{{ .name }}: | -{{ .data | indent 4 -}} -{{- end -}} -{{- end -}} diff --git a/charts/stackstate/stackstate-k8s-agent/1.0.70/templates/checks-agent-deployment.yaml b/charts/stackstate/stackstate-k8s-agent/1.0.70/templates/checks-agent-deployment.yaml deleted file mode 100644 index 4530fc616..000000000 --- a/charts/stackstate/stackstate-k8s-agent/1.0.70/templates/checks-agent-deployment.yaml +++ /dev/null @@ -1,182 +0,0 @@ -{{- if .Values.checksAgent.enabled }} -apiVersion: apps/v1 -kind: Deployment -metadata: - name: {{ .Release.Name }}-checks-agent - namespace: {{ .Release.Namespace }} - labels: -{{ include "stackstate-k8s-agent.labels" . | indent 4 }} - app.kubernetes.io/component: checks-agent -spec: - selector: - matchLabels: - app.kubernetes.io/component: checks-agent - app.kubernetes.io/instance: {{ .Release.Name }} - app.kubernetes.io/name: {{ include "stackstate-k8s-agent.name" . }} - replicas: {{ .Values.checksAgent.replicas }} -{{- with .Values.checksAgent.strategy }} - strategy: - {{- toYaml . | nindent 4 }} -{{- end }} - template: - metadata: - annotations: - {{- include "stackstate-k8s-agent.checksum-configs" . | nindent 8 }} - {{- include "stackstate-k8s-agent.nodeAgent.configmap.override.checksum" . | nindent 8 }} - labels: - app.kubernetes.io/component: checks-agent - app.kubernetes.io/instance: {{ .Release.Name }} - app.kubernetes.io/name: {{ include "stackstate-k8s-agent.name" . }} - spec: - {{- include "stackstate-k8s-agent.image.pullSecrets" (dict "images" (list .Values.checksAgent.image .Values.all.image) "context" $) | nindent 6 }} - {{- if .Values.all.hardening.enabled}} - terminationGracePeriodSeconds: 240 - {{- end }} - containers: - - name: {{ .Chart.Name }} - image: "{{ include "stackstate-k8s-agent.imageRegistry" . }}/{{ .Values.checksAgent.image.repository }}:{{ .Values.checksAgent.image.tag }}" - imagePullPolicy: "{{ .Values.checksAgent.image.pullPolicy }}" - {{- if .Values.all.hardening.enabled}} - lifecycle: - preStop: - exec: - command: [ "/bin/sh", "-c", "echo 'Giving slim.ai monitor time to submit data...'; sleep 120" ] - {{- end }} - env: - - name: STS_API_KEY - valueFrom: - secretKeyRef: - name: {{ include "stackstate-k8s-agent.fullname" . }} - key: sts-api-key - - name: KUBERNETES_HOSTNAME - valueFrom: - fieldRef: - fieldPath: spec.nodeName - - name: STS_HOSTNAME - value: "$(KUBERNETES_HOSTNAME)-{{ .Values.stackstate.cluster.name}}" - - name: AGENT_VERSION - value: {{ .Values.checksAgent.image.tag | quote }} - - name: LOG_LEVEL - value: {{ .Values.checksAgent.logLevel | quote }} - - name: STS_APM_ENABLED - value: "false" - - name: STS_CLUSTER_AGENT_ENABLED - value: {{ .Values.clusterAgent.enabled | quote }} - {{- if .Values.clusterAgent.enabled }} - - name: STS_CLUSTER_AGENT_KUBERNETES_SERVICE_NAME - value: {{ .Release.Name }}-cluster-agent - - name: STS_CLUSTER_AGENT_AUTH_TOKEN - valueFrom: - secretKeyRef: - name: {{ include "stackstate-k8s-agent.fullname" . }} - key: sts-cluster-auth-token - {{- end }} - - name: STS_CLUSTER_NAME - value: {{ .Values.stackstate.cluster.name | quote }} - - name: STS_SKIP_VALIDATE_CLUSTERNAME - value: "true" - - name: STS_CHECKS_TAG_CARDINALITY - value: {{ .Values.checksAgent.checksTagCardinality | quote }} - - name: STS_EXTRA_CONFIG_PROVIDERS - value: "clusterchecks" - - name: STS_HEALTH_PORT - value: "5555" - - name: STS_LEADER_ELECTION - value: "false" - - name: STS_LOG_LEVEL - value: {{ .Values.checksAgent.logLevel | quote }} - - name: STS_NETWORK_TRACING_ENABLED - value: "false" - - name: STS_PROCESS_AGENT_ENABLED - value: "false" - - name: STS_SKIP_SSL_VALIDATION - value: {{ .Values.checksAgent.skipSslValidation | quote }} - - name: STS_STS_URL - value: {{ include "stackstate-k8s-agent.stackstate.url" . }} - {{- range $key, $value := .Values.global.extraEnv.open }} - - name: {{ $key }} - value: {{ $value | quote }} - {{- end }} - {{- range $key, $value := .Values.global.extraEnv.secret }} - - name: {{ $key }} - valueFrom: - secretKeyRef: - name: {{ include "stackstate-k8s-agent.fullname" . }} - key: {{ $key }} - {{- end }} - livenessProbe: - httpGet: - path: /health - port: healthport - failureThreshold: {{ .Values.checksAgent.livenessProbe.failureThreshold }} - initialDelaySeconds: {{ .Values.checksAgent.livenessProbe.initialDelaySeconds }} - periodSeconds: {{ .Values.checksAgent.livenessProbe.periodSeconds }} - successThreshold: {{ .Values.checksAgent.livenessProbe.successThreshold }} - timeoutSeconds: {{ .Values.checksAgent.livenessProbe.timeoutSeconds }} - readinessProbe: - httpGet: - path: /health - port: healthport - failureThreshold: {{ .Values.checksAgent.readinessProbe.failureThreshold }} - initialDelaySeconds: {{ .Values.checksAgent.readinessProbe.initialDelaySeconds }} - periodSeconds: {{ .Values.checksAgent.readinessProbe.periodSeconds }} - successThreshold: {{ .Values.checksAgent.readinessProbe.successThreshold }} - timeoutSeconds: {{ .Values.checksAgent.readinessProbe.timeoutSeconds }} - ports: - - containerPort: 5555 - name: healthport - protocol: TCP - {{- if .Values.all.hardening.enabled}} - securityContext: - privileged: true - runAsUser: 0 # root - capabilities: - add: [ "ALL" ] - readOnlyRootFilesystem: false - {{- else }} - securityContext: - privileged: false - {{- end }} - {{- with .Values.checksAgent.resources }} - resources: - {{- toYaml . | nindent 12 }} - {{- end }} - volumeMounts: - - name: confd-empty-volume - mountPath: /etc/stackstate-agent/conf.d -# setting as readOnly: false because we need the ability to write data on /etc/stackstate-agent/conf.d as we enable checks to run. - readOnly: false - {{- if .Values.checksAgent.config.override }} - {{- range .Values.checksAgent.config.override }} - - name: config-override-volume - mountPath: {{ .path }}/{{ .name }} - subPath: {{ .path | replace "/" "_"}}_{{ .name }} - readOnly: true - {{- end }} - {{- end }} - {{- if .Values.checksAgent.priorityClassName }} - priorityClassName: {{ .Values.checksAgent.priorityClassName }} - {{- end }} - serviceAccountName: {{ .Release.Name }}-checks-agent - nodeSelector: - {{ template "label.os" . }}: {{ .Values.targetSystem }} - {{- with .Values.checksAgent.nodeSelector }} - {{- toYaml . | nindent 8 }} - {{- end }} - {{- with .Values.checksAgent.affinity }} - affinity: - {{- toYaml . | nindent 8 }} - {{- end }} - {{- with .Values.checksAgent.tolerations }} - tolerations: - {{- toYaml . | nindent 8 }} - {{- end }} - volumes: - - name: confd-empty-volume - emptyDir: {} - {{- if .Values.checksAgent.config.override }} - - name: config-override-volume - configMap: - name: {{ .Release.Name }}-checks-agent - {{- end }} -{{- end -}} diff --git a/charts/stackstate/stackstate-k8s-agent/1.0.70/templates/checks-agent-poddisruptionbudget.yaml b/charts/stackstate/stackstate-k8s-agent/1.0.70/templates/checks-agent-poddisruptionbudget.yaml deleted file mode 100644 index 7a9f1d8f9..000000000 --- a/charts/stackstate/stackstate-k8s-agent/1.0.70/templates/checks-agent-poddisruptionbudget.yaml +++ /dev/null @@ -1,20 +0,0 @@ -{{- if .Values.checksAgent.enabled }} -{{- if .Capabilities.APIVersions.Has "policy/v1/PodDisruptionBudget" }} -apiVersion: policy/v1 -{{- else }} -apiVersion: policy/v1beta1 -{{- end }} -kind: PodDisruptionBudget -metadata: - name: {{ .Release.Name }}-checks-agent - labels: -{{ include "stackstate-k8s-agent.labels" . | indent 4 }} - app.kubernetes.io/component: checks-agent -spec: - maxUnavailable: 1 - selector: - matchLabels: - app.kubernetes.io/component: checks-agent - app.kubernetes.io/instance: {{ .Release.Name }} - app.kubernetes.io/name: {{ include "stackstate-k8s-agent.name" . }} -{{- end -}} diff --git a/charts/stackstate/stackstate-k8s-agent/1.0.70/templates/checks-agent-serviceaccount.yaml b/charts/stackstate/stackstate-k8s-agent/1.0.70/templates/checks-agent-serviceaccount.yaml deleted file mode 100644 index 444aad220..000000000 --- a/charts/stackstate/stackstate-k8s-agent/1.0.70/templates/checks-agent-serviceaccount.yaml +++ /dev/null @@ -1,14 +0,0 @@ -{{- if .Values.checksAgent.enabled }} -apiVersion: v1 -kind: ServiceAccount -metadata: - name: {{ .Release.Name }}-checks-agent - namespace: {{ .Release.Namespace }} - labels: -{{ include "stackstate-k8s-agent.labels" . | indent 4 }} - app.kubernetes.io/component: checks-agent -{{- end -}} -{{- with .Values.checksAgent.serviceaccount.annotations }} - annotations: - {{- toYaml . | nindent 4 }} -{{- end }} diff --git a/charts/stackstate/stackstate-k8s-agent/1.0.70/templates/cluster-agent-clusterrole.yaml b/charts/stackstate/stackstate-k8s-agent/1.0.70/templates/cluster-agent-clusterrole.yaml deleted file mode 100644 index 6a7b27d18..000000000 --- a/charts/stackstate/stackstate-k8s-agent/1.0.70/templates/cluster-agent-clusterrole.yaml +++ /dev/null @@ -1,106 +0,0 @@ -{{- $kubeRes := .Values.clusterAgent.collection.kubernetesResources }} -apiVersion: rbac.authorization.k8s.io/v1 -kind: ClusterRole -metadata: - name: {{ include "stackstate-k8s-agent.fullname" . }} - labels: -{{ include "stackstate-k8s-agent.labels" . | indent 4 }} - app.kubernetes.io/component: cluster-agent -rules: -- apiGroups: - - "" - resources: - - events - - nodes - - pods - - services - {{- if $kubeRes.namespaces }} - - namespaces - {{- end }} - {{- if .Values.clusterAgent.collection.kubernetesMetrics }} - - componentstatuses - {{- end }} - {{- if $kubeRes.configmaps }} - - configmaps - {{- end }} - {{- if $kubeRes.endpoints }} - - endpoints - {{- end }} - {{- if $kubeRes.persistentvolumeclaims }} - - persistentvolumeclaims - {{- end }} - {{- if $kubeRes.persistentvolumes }} - - persistentvolumes - {{- end }} - {{- if $kubeRes.secrets }} - - secrets - {{- end }} - {{- if $kubeRes.resourcequotas }} - - resourcequotas - {{- end }} - verbs: - - get - - list - - watch -{{- if or $kubeRes.daemonsets $kubeRes.deployments $kubeRes.replicasets $kubeRes.statefulsets }} -- apiGroups: - - "apps" - resources: - {{- if $kubeRes.daemonsets }} - - daemonsets - {{- end }} - {{- if $kubeRes.deployments }} - - deployments - {{- end }} - {{- if $kubeRes.replicasets }} - - replicasets - {{- end }} - {{- if $kubeRes.statefulsets }} - - statefulsets - {{- end }} - verbs: - - get - - list - - watch -{{- end}} -{{- if $kubeRes.ingresses }} -- apiGroups: - - "extensions" - - "networking.k8s.io" - resources: - - ingresses - verbs: - - get - - list - - watch -{{- end}} -{{- if or $kubeRes.cronjobs $kubeRes.jobs }} -- apiGroups: - - "batch" - resources: - {{- if $kubeRes.cronjobs }} - - cronjobs - {{- end }} - {{- if $kubeRes.jobs }} - - jobs - {{- end }} - verbs: - - get - - list - - watch -{{- end}} -- nonResourceURLs: - - "/healthz" - - "/version" - verbs: - - get -- apiGroups: - - "storage.k8s.io" - resources: - {{- if $kubeRes.volumeattachments }} - - volumeattachments - {{- end }} - verbs: - - get - - list - - watch diff --git a/charts/stackstate/stackstate-k8s-agent/1.0.70/templates/cluster-agent-clusterrolebinding.yaml b/charts/stackstate/stackstate-k8s-agent/1.0.70/templates/cluster-agent-clusterrolebinding.yaml deleted file mode 100644 index 0b1bd37ea..000000000 --- a/charts/stackstate/stackstate-k8s-agent/1.0.70/templates/cluster-agent-clusterrolebinding.yaml +++ /dev/null @@ -1,16 +0,0 @@ -apiVersion: rbac.authorization.k8s.io/v1 -kind: ClusterRoleBinding -metadata: - name: {{ include "stackstate-k8s-agent.fullname" . }} - labels: -{{ include "stackstate-k8s-agent.labels" . | indent 4 }} - app.kubernetes.io/component: cluster-agent -roleRef: - apiGroup: rbac.authorization.k8s.io - kind: ClusterRole - name: {{ include "stackstate-k8s-agent.fullname" . }} -subjects: -- apiGroup: "" - kind: ServiceAccount - name: {{ include "stackstate-k8s-agent.fullname" . }} - namespace: {{ .Release.Namespace }} diff --git a/charts/stackstate/stackstate-k8s-agent/1.0.70/templates/cluster-agent-configmap.yaml b/charts/stackstate/stackstate-k8s-agent/1.0.70/templates/cluster-agent-configmap.yaml deleted file mode 100644 index 89273e11b..000000000 --- a/charts/stackstate/stackstate-k8s-agent/1.0.70/templates/cluster-agent-configmap.yaml +++ /dev/null @@ -1,28 +0,0 @@ -apiVersion: v1 -kind: ConfigMap -metadata: - name: {{ .Release.Name }}-cluster-agent - labels: -{{ include "stackstate-k8s-agent.labels" . | indent 4 }} - app.kubernetes.io/component: cluster-agent -data: - kubernetes_api_events_conf: | - init_config: - instances: - - collect_events: {{ .Values.clusterAgent.collection.kubernetesEvents }} - event_categories:{{ .Values.clusterAgent.config.events.categories | toYaml | nindent 10 }} - kubernetes_api_topology_conf: | - init_config: - instances: - - collection_interval: {{ .Values.clusterAgent.config.topology.collectionInterval }} - resources:{{ .Values.clusterAgent.collection.kubernetesResources | toYaml | nindent 10 }} - {{- if .Values.clusterAgent.collection.kubeStateMetrics.enabled }} - kube_state_metrics_core_conf: | - {{- include "cluster-agent-kube-state-metrics" . | nindent 6 }} - {{- end }} -{{- if .Values.clusterAgent.config.override }} -{{- range .Values.clusterAgent.config.override }} - {{ .path | replace "/" "_"}}_{{ .name }}: | -{{ .data | indent 4 -}} -{{- end -}} -{{- end -}} diff --git a/charts/stackstate/stackstate-k8s-agent/1.0.70/templates/cluster-agent-deployment.yaml b/charts/stackstate/stackstate-k8s-agent/1.0.70/templates/cluster-agent-deployment.yaml deleted file mode 100644 index 60c50803a..000000000 --- a/charts/stackstate/stackstate-k8s-agent/1.0.70/templates/cluster-agent-deployment.yaml +++ /dev/null @@ -1,164 +0,0 @@ -apiVersion: apps/v1 -kind: Deployment -metadata: - name: {{ .Release.Name }}-cluster-agent - labels: -{{ include "stackstate-k8s-agent.labels" . | indent 4 }} - app.kubernetes.io/component: cluster-agent -spec: - replicas: {{ .Values.clusterAgent.replicaCount }} - selector: - matchLabels: - app.kubernetes.io/component: cluster-agent - app.kubernetes.io/instance: {{ .Release.Name }} - app.kubernetes.io/name: {{ include "stackstate-k8s-agent.name" . }} -{{- with .Values.clusterAgent.strategy }} - strategy: - {{- toYaml . | nindent 4 }} -{{- end }} - template: - metadata: - annotations: - {{- include "stackstate-k8s-agent.checksum-configs" . | nindent 8 }} - {{- include "stackstate-k8s-agent.configmap.override.checksum" . | nindent 8 }} - labels: - app.kubernetes.io/component: cluster-agent - app.kubernetes.io/instance: {{ .Release.Name }} - app.kubernetes.io/name: {{ include "stackstate-k8s-agent.name" . }} - spec: - {{- include "stackstate-k8s-agent.image.pullSecrets" (dict "images" (list .Values.clusterAgent.image .Values.all.image) "context" $) | nindent 6 }} - {{- if .Values.clusterAgent.priorityClassName }} - priorityClassName: {{ .Values.clusterAgent.priorityClassName }} - {{- end }} - serviceAccountName: {{ include "stackstate-k8s-agent.fullname" . }} - {{- if .Values.all.hardening.enabled}} - terminationGracePeriodSeconds: 240 - {{- end }} - containers: - - name: cluster-agent - image: "{{ include "stackstate-k8s-agent.imageRegistry" . }}/{{ .Values.clusterAgent.image.repository }}:{{ .Values.clusterAgent.image.tag }}" - imagePullPolicy: "{{ .Values.clusterAgent.image.pullPolicy }}" - {{- if .Values.all.hardening.enabled}} - lifecycle: - preStop: - exec: - command: [ "/bin/sh", "-c", "echo 'Giving slim.ai monitor time to submit data...'; sleep 120" ] - {{- end }} - env: - - name: STS_API_KEY - valueFrom: - secretKeyRef: - name: {{ include "stackstate-k8s-agent.fullname" . }} - key: sts-api-key - - name: STS_CLUSTER_AGENT_AUTH_TOKEN - valueFrom: - secretKeyRef: - name: {{ include "stackstate-k8s-agent.fullname" . }} - key: sts-cluster-auth-token - - name: KUBERNETES_HOSTNAME - valueFrom: - fieldRef: - fieldPath: spec.nodeName - - name: STS_HOSTNAME - value: "$(KUBERNETES_HOSTNAME)-{{ .Values.stackstate.cluster.name}}" - - name: LOG_LEVEL - value: {{ .Values.clusterAgent.logLevel | quote }} - {{- if .Values.checksAgent.enabled }} - - name: STS_CLUSTER_CHECKS_ENABLED - value: "true" - - name: STS_EXTRA_CONFIG_PROVIDERS - value: "kube_endpoints kube_services" - - name: STS_EXTRA_LISTENERS - value: "kube_endpoints kube_services" - {{- end }} - - name: STS_CLUSTER_NAME - value: {{.Values.stackstate.cluster.name | quote }} - - name: STS_SKIP_VALIDATE_CLUSTERNAME - value: "true" - - name: STS_COLLECT_KUBERNETES_METRICS - value: {{ .Values.clusterAgent.collection.kubernetesMetrics | quote }} - - name: STS_COLLECT_KUBERNETES_TIMEOUT - value: {{ .Values.clusterAgent.collection.kubernetesTimeout | quote }} - - name: STS_COLLECT_KUBERNETES_TOPOLOGY - value: {{ .Values.clusterAgent.collection.kubernetesTopology | quote }} - - name: STS_LEADER_ELECTION - value: "true" - - name: STS_LOG_LEVEL - value: {{ .Values.clusterAgent.logLevel | quote }} - - name: STS_CLUSTER_AGENT_CMD_PORT - value: {{ .Values.clusterAgent.service.targetPort | quote }} - - name: STS_STS_URL - value: {{ include "stackstate-k8s-agent.stackstate.url" . }} - {{- if .Values.clusterAgent.config.configMap.maxDataSize }} - - name: STS_CONFIGMAP_MAX_DATASIZE - value: {{ .Values.clusterAgent.config.configMap.maxDataSize | quote }} - {{- end}} - {{- range $key, $value := .Values.global.extraEnv.open }} - - name: {{ $key }} - value: {{ $value | quote }} - {{- end }} - {{- range $key, $value := .Values.global.extraEnv.secret }} - - name: {{ $key }} - valueFrom: - secretKeyRef: - name: {{ include "stackstate-k8s-agent.fullname" . }} - key: {{ $key }} - {{- end }} - {{- if .Values.all.hardening.enabled}} - securityContext: - privileged: true - runAsUser: 0 # root - capabilities: - add: [ "ALL" ] - readOnlyRootFilesystem: false - {{- else }} - securityContext: - privileged: false - {{- end }} - {{- with .Values.clusterAgent.resources }} - resources: - {{- toYaml . | nindent 12 }} - {{- end }} - volumeMounts: - - name: logs - mountPath: /var/log/stackstate-agent - - name: config-override-volume - mountPath: /etc/stackstate-agent/conf.d/kubernetes_api_events.d/conf.yaml - subPath: kubernetes_api_events_conf - - name: config-override-volume - mountPath: /etc/stackstate-agent/conf.d/kubernetes_api_topology.d/conf.yaml - subPath: kubernetes_api_topology_conf - readOnly: true - {{- if .Values.clusterAgent.collection.kubeStateMetrics.enabled }} - - name: config-override-volume - mountPath: /etc/stackstate-agent/conf.d/kubernetes_state_core.d/conf.yaml - subPath: kube_state_metrics_core_conf - readOnly: true - {{- end }} - {{- if .Values.clusterAgent.config.override }} - {{- range .Values.clusterAgent.config.override }} - - name: config-override-volume - mountPath: {{ .path }}/{{ .name }} - subPath: {{ .path | replace "/" "_"}}_{{ .name }} - readOnly: true - {{- end }} - {{- end }} - nodeSelector: - {{ template "label.os" . }}: {{ .Values.targetSystem }} - {{- with .Values.clusterAgent.nodeSelector }} - {{- toYaml . | nindent 8 }} - {{- end }} - {{- with .Values.clusterAgent.affinity }} - affinity: - {{- toYaml . | nindent 8 }} - {{- end }} - {{- with .Values.clusterAgent.tolerations }} - tolerations: - {{- toYaml . | nindent 8 }} - {{- end }} - volumes: - - name: logs - emptyDir: {} - - name: config-override-volume - configMap: - name: {{ .Release.Name }}-cluster-agent diff --git a/charts/stackstate/stackstate-k8s-agent/1.0.70/templates/cluster-agent-poddisruptionbudget.yaml b/charts/stackstate/stackstate-k8s-agent/1.0.70/templates/cluster-agent-poddisruptionbudget.yaml deleted file mode 100644 index 652fa63d9..000000000 --- a/charts/stackstate/stackstate-k8s-agent/1.0.70/templates/cluster-agent-poddisruptionbudget.yaml +++ /dev/null @@ -1,18 +0,0 @@ -{{- if .Capabilities.APIVersions.Has "policy/v1/PodDisruptionBudget" }} -apiVersion: policy/v1 -{{- else }} -apiVersion: policy/v1beta1 -{{- end }} -kind: PodDisruptionBudget -metadata: - name: {{ include "stackstate-k8s-agent.fullname" . }} - labels: -{{ include "stackstate-k8s-agent.labels" . | indent 4 }} - app.kubernetes.io/component: cluster-agent -spec: - maxUnavailable: 1 - selector: - matchLabels: - app.kubernetes.io/component: cluster-agent - app.kubernetes.io/instance: {{ .Release.Name }} - app.kubernetes.io/name: {{ include "stackstate-k8s-agent.name" . }} diff --git a/charts/stackstate/stackstate-k8s-agent/1.0.70/templates/cluster-agent-role.yaml b/charts/stackstate/stackstate-k8s-agent/1.0.70/templates/cluster-agent-role.yaml deleted file mode 100644 index afe1594c1..000000000 --- a/charts/stackstate/stackstate-k8s-agent/1.0.70/templates/cluster-agent-role.yaml +++ /dev/null @@ -1,18 +0,0 @@ -{{- $kubeRes := .Values.clusterAgent.collection.kubernetesResources }} -apiVersion: rbac.authorization.k8s.io/v1 -kind: Role -metadata: - name: {{ include "stackstate-k8s-agent.fullname" . }} - labels: -{{ include "stackstate-k8s-agent.labels" . | indent 4 }} - app.kubernetes.io/component: cluster-agent -rules: -- apiGroups: - - "" - resources: - - configmaps - verbs: - - create - - get - - patch - - update diff --git a/charts/stackstate/stackstate-k8s-agent/1.0.70/templates/cluster-agent-rolebinding.yaml b/charts/stackstate/stackstate-k8s-agent/1.0.70/templates/cluster-agent-rolebinding.yaml deleted file mode 100644 index befaa77f2..000000000 --- a/charts/stackstate/stackstate-k8s-agent/1.0.70/templates/cluster-agent-rolebinding.yaml +++ /dev/null @@ -1,15 +0,0 @@ -apiVersion: rbac.authorization.k8s.io/v1 -kind: RoleBinding -metadata: - name: {{ include "stackstate-k8s-agent.fullname" . }} - labels: -{{ include "stackstate-k8s-agent.labels" . | indent 4 }} - app.kubernetes.io/component: cluster-agent -roleRef: - apiGroup: rbac.authorization.k8s.io - kind: Role - name: {{ include "stackstate-k8s-agent.fullname" . }} -subjects: -- apiGroup: "" - kind: ServiceAccount - name: {{ include "stackstate-k8s-agent.fullname" . }} diff --git a/charts/stackstate/stackstate-k8s-agent/1.0.70/templates/cluster-agent-service.yaml b/charts/stackstate/stackstate-k8s-agent/1.0.70/templates/cluster-agent-service.yaml deleted file mode 100644 index 93c39aaba..000000000 --- a/charts/stackstate/stackstate-k8s-agent/1.0.70/templates/cluster-agent-service.yaml +++ /dev/null @@ -1,18 +0,0 @@ -apiVersion: v1 -kind: Service -metadata: - name: {{ .Release.Name }}-cluster-agent - namespace: {{ .Release.Namespace }} - labels: -{{ include "stackstate-k8s-agent.labels" . | indent 4 }} - app.kubernetes.io/component: cluster-agent -spec: - ports: - - name: clusteragent - port: {{int .Values.clusterAgent.service.port }} - protocol: TCP - targetPort: {{int .Values.clusterAgent.service.targetPort }} - selector: - app.kubernetes.io/component: cluster-agent - app.kubernetes.io/instance: {{ .Release.Name }} - app.kubernetes.io/name: {{ include "stackstate-k8s-agent.name" . }} diff --git a/charts/stackstate/stackstate-k8s-agent/1.0.70/templates/cluster-agent-serviceaccount.yaml b/charts/stackstate/stackstate-k8s-agent/1.0.70/templates/cluster-agent-serviceaccount.yaml deleted file mode 100644 index ff7b7be35..000000000 --- a/charts/stackstate/stackstate-k8s-agent/1.0.70/templates/cluster-agent-serviceaccount.yaml +++ /dev/null @@ -1,12 +0,0 @@ -apiVersion: v1 -kind: ServiceAccount -metadata: - name: {{ include "stackstate-k8s-agent.fullname" . }} - namespace: {{ .Release.Namespace }} - labels: -{{ include "stackstate-k8s-agent.labels" . | indent 4 }} - app.kubernetes.io/component: cluster-agent -{{- with .Values.clusterAgent.serviceaccount.annotations }} - annotations: - {{- toYaml . | nindent 4 }} -{{- end }} diff --git a/charts/stackstate/stackstate-k8s-agent/1.0.70/templates/logs-agent-clusterrole.yaml b/charts/stackstate/stackstate-k8s-agent/1.0.70/templates/logs-agent-clusterrole.yaml deleted file mode 100644 index 70d70aa47..000000000 --- a/charts/stackstate/stackstate-k8s-agent/1.0.70/templates/logs-agent-clusterrole.yaml +++ /dev/null @@ -1,20 +0,0 @@ -{{- if .Values.logsAgent.enabled }} -apiVersion: rbac.authorization.k8s.io/v1 -kind: ClusterRole -metadata: - name: {{ .Release.Name }}-logs-agent - labels: -{{ include "stackstate-k8s-agent.labels" . | indent 4 }} - app.kubernetes.io/component: logs-agent -rules: -- apiGroups: # Kubelet connectivity - - "" - resources: - - nodes - - services - - pods - verbs: - - get - - watch - - list -{{- end -}} diff --git a/charts/stackstate/stackstate-k8s-agent/1.0.70/templates/logs-agent-clusterrolebinding.yaml b/charts/stackstate/stackstate-k8s-agent/1.0.70/templates/logs-agent-clusterrolebinding.yaml deleted file mode 100644 index 802c5d8c5..000000000 --- a/charts/stackstate/stackstate-k8s-agent/1.0.70/templates/logs-agent-clusterrolebinding.yaml +++ /dev/null @@ -1,18 +0,0 @@ -{{- if .Values.logsAgent.enabled }} -apiVersion: rbac.authorization.k8s.io/v1 -kind: ClusterRoleBinding -metadata: - name: {{ .Release.Name }}-logs-agent - labels: -{{ include "stackstate-k8s-agent.labels" . | indent 4 }} - app.kubernetes.io/component: logs-agent -roleRef: - apiGroup: rbac.authorization.k8s.io - kind: ClusterRole - name: {{ .Release.Name }}-logs-agent -subjects: -- apiGroup: "" - kind: ServiceAccount - name: {{ .Release.Name }}-logs-agent - namespace: {{ .Release.Namespace }} -{{- end -}} diff --git a/charts/stackstate/stackstate-k8s-agent/1.0.70/templates/logs-agent-configmap.yaml b/charts/stackstate/stackstate-k8s-agent/1.0.70/templates/logs-agent-configmap.yaml deleted file mode 100644 index c934777ef..000000000 --- a/charts/stackstate/stackstate-k8s-agent/1.0.70/templates/logs-agent-configmap.yaml +++ /dev/null @@ -1,54 +0,0 @@ -{{- if .Values.logsAgent.enabled }} -apiVersion: v1 -kind: ConfigMap -metadata: - name: {{ .Release.Name }}-logs-agent - labels: -{{ include "stackstate-k8s-agent.labels" . | indent 4 }} - app.kubernetes.io/component: logs-agent -data: - promtail.yaml: | - server: - http_listen_port: 9080 - grpc_listen_port: 0 - - clients: - - url: {{ tpl .Values.stackstate.url . }}/logs/k8s?api_key=${STS_API_KEY} - external_labels: - sts_cluster_name: {{ .Values.stackstate.cluster.name | quote }} - - positions: - filename: /tmp/positions.yaml - target_config: - sync_period: 10s - scrape_configs: - - job_name: pod-logs - kubernetes_sd_configs: - - role: pod - pipeline_stages: - - docker: {} - - cri: {} - relabel_configs: - - action: replace - source_labels: - - __meta_kubernetes_pod_name - target_label: pod_name - - action: replace - source_labels: - - __meta_kubernetes_pod_uid - target_label: pod_uid - - action: replace - source_labels: - - __meta_kubernetes_pod_container_name - target_label: container_name - # The __path__ is required by the promtail client - - replacement: /var/log/pods/*$1/*.log - separator: / - source_labels: - - __meta_kubernetes_pod_uid - - __meta_kubernetes_pod_container_name - target_label: __path__ - # Drop all remaining labels, we do not need those - - action: drop - regex: __meta_(.*) -{{- end -}} diff --git a/charts/stackstate/stackstate-k8s-agent/1.0.70/templates/logs-agent-daemonset.yaml b/charts/stackstate/stackstate-k8s-agent/1.0.70/templates/logs-agent-daemonset.yaml deleted file mode 100644 index 015cdba2a..000000000 --- a/charts/stackstate/stackstate-k8s-agent/1.0.70/templates/logs-agent-daemonset.yaml +++ /dev/null @@ -1,90 +0,0 @@ -{{- if .Values.logsAgent.enabled }} -apiVersion: apps/v1 -kind: DaemonSet -metadata: - name: {{ .Release.Name }}-logs-agent - namespace: {{ .Release.Namespace }} - labels: -{{ include "stackstate-k8s-agent.labels" . | indent 4 }} - app.kubernetes.io/component: logs-agent -spec: - selector: - matchLabels: - app.kubernetes.io/component: logs-agent - app.kubernetes.io/instance: {{ .Release.Name }} - app.kubernetes.io/name: {{ include "stackstate-k8s-agent.name" . }} -{{- with .Values.logsAgent.updateStrategy }} - updateStrategy: - {{- toYaml . | nindent 4 }} -{{- end }} - template: - metadata: - annotations: - {{- include "stackstate-k8s-agent.checksum-configs" . | nindent 8 }} - {{- include "stackstate-k8s-agent.logsAgent.configmap.override.checksum" . | nindent 8 }} - labels: - app.kubernetes.io/component: logs-agent - app.kubernetes.io/instance: {{ .Release.Name }} - app.kubernetes.io/name: {{ include "stackstate-k8s-agent.name" . }} - spec: - {{- include "stackstate-k8s-agent.image.pullSecrets" (dict "images" (list .Values.logsAgent.image .Values.all.image) "context" $) | nindent 6 }} - containers: - - name: logs-agent - image: "{{ include "stackstate-k8s-agent.imageRegistry" . }}/{{ .Values.logsAgent.image.repository }}:{{ .Values.logsAgent.image.tag }}" - args: - - -config.expand-env=true - - -config.file=/etc/promtail/promtail.yaml - imagePullPolicy: "{{ .Values.logsAgent.image.pullPolicy }}" - env: - - name: STS_API_KEY - valueFrom: - secretKeyRef: - name: {{ include "stackstate-k8s-agent.fullname" . }} - key: sts-api-key - - name: "HOSTNAME" # needed when using kubernetes_sd_configs - valueFrom: - fieldRef: - fieldPath: "spec.nodeName" - securityContext: - privileged: false - {{- with .Values.logsAgent.resources }} - resources: - {{- toYaml . | nindent 12 }} - {{- end }} - volumeMounts: - - name: logs - mountPath: /var/log - readOnly: true - - name: logs-agent-config - mountPath: /etc/promtail - readOnly: true - - name: varlibdockercontainers - mountPath: /var/lib/docker/containers - readOnly: true - {{- if .Values.logsAgent.priorityClassName }} - priorityClassName: {{ .Values.logsAgent.priorityClassName }} - {{- end }} - serviceAccountName: {{ .Release.Name }}-logs-agent - {{- with .Values.logsAgent.nodeSelector }} - nodeSelector: - {{- toYaml . | nindent 8 }} - {{- end }} - {{- with .Values.logsAgent.affinity }} - affinity: - {{- toYaml . | nindent 8 }} - {{- end }} - {{- with .Values.logsAgent.tolerations }} - tolerations: - {{- toYaml . | nindent 8 }} - {{- end }} - volumes: - - name: logs - hostPath: - path: /var/log - - name: varlibdockercontainers - hostPath: - path: /var/lib/docker/containers - - name: logs-agent-config - configMap: - name: {{ .Release.Name }}-logs-agent -{{- end -}} diff --git a/charts/stackstate/stackstate-k8s-agent/1.0.70/templates/logs-agent-serviceaccount.yaml b/charts/stackstate/stackstate-k8s-agent/1.0.70/templates/logs-agent-serviceaccount.yaml deleted file mode 100644 index e562c04e4..000000000 --- a/charts/stackstate/stackstate-k8s-agent/1.0.70/templates/logs-agent-serviceaccount.yaml +++ /dev/null @@ -1,14 +0,0 @@ -{{- if .Values.logsAgent.enabled }} -apiVersion: v1 -kind: ServiceAccount -metadata: - name: {{ .Release.Name }}-logs-agent - namespace: {{ .Release.Namespace }} - labels: -{{ include "stackstate-k8s-agent.labels" . | indent 4 }} - app.kubernetes.io/component: logs-agent -{{- with .Values.logsAgent.serviceaccount.annotations }} - annotations: - {{- toYaml . | nindent 4 }} -{{- end }} -{{- end -}} diff --git a/charts/stackstate/stackstate-k8s-agent/1.0.70/templates/node-agent-clusterrole.yaml b/charts/stackstate/stackstate-k8s-agent/1.0.70/templates/node-agent-clusterrole.yaml deleted file mode 100644 index 11a53c6ed..000000000 --- a/charts/stackstate/stackstate-k8s-agent/1.0.70/templates/node-agent-clusterrole.yaml +++ /dev/null @@ -1,18 +0,0 @@ -apiVersion: rbac.authorization.k8s.io/v1 -kind: ClusterRole -metadata: - name: {{ .Release.Name }}-node-agent - labels: -{{ include "stackstate-k8s-agent.labels" . | indent 4 }} - app.kubernetes.io/component: node-agent -rules: -- apiGroups: # Kubelet connectivity - - "" - resources: - - nodes/metrics - - nodes/proxy - - nodes/spec - - endpoints - verbs: - - get - - list diff --git a/charts/stackstate/stackstate-k8s-agent/1.0.70/templates/node-agent-clusterrolebinding.yaml b/charts/stackstate/stackstate-k8s-agent/1.0.70/templates/node-agent-clusterrolebinding.yaml deleted file mode 100644 index 8a33cb0bc..000000000 --- a/charts/stackstate/stackstate-k8s-agent/1.0.70/templates/node-agent-clusterrolebinding.yaml +++ /dev/null @@ -1,16 +0,0 @@ -apiVersion: rbac.authorization.k8s.io/v1 -kind: ClusterRoleBinding -metadata: - name: {{ .Release.Name }}-node-agent - labels: -{{ include "stackstate-k8s-agent.labels" . | indent 4 }} - app.kubernetes.io/component: node-agent -roleRef: - apiGroup: rbac.authorization.k8s.io - kind: ClusterRole - name: {{ .Release.Name }}-node-agent -subjects: -- apiGroup: "" - kind: ServiceAccount - name: {{ .Release.Name }}-node-agent - namespace: {{ .Release.Namespace }} diff --git a/charts/stackstate/stackstate-k8s-agent/1.0.70/templates/node-agent-configmap.yaml b/charts/stackstate/stackstate-k8s-agent/1.0.70/templates/node-agent-configmap.yaml deleted file mode 100644 index 8fdd99258..000000000 --- a/charts/stackstate/stackstate-k8s-agent/1.0.70/templates/node-agent-configmap.yaml +++ /dev/null @@ -1,14 +0,0 @@ -{{- if .Values.nodeAgent.config.override }} -apiVersion: v1 -kind: ConfigMap -metadata: - name: {{ .Release.Name }}-node-agent - labels: -{{ include "stackstate-k8s-agent.labels" . | indent 4 }} - app.kubernetes.io/component: node-agent -data: -{{- range .Values.nodeAgent.config.override }} - {{ .path | replace "/" "_"}}_{{ .name }}: | -{{ .data | indent 4 -}} -{{- end -}} -{{- end -}} diff --git a/charts/stackstate/stackstate-k8s-agent/1.0.70/templates/node-agent-daemonset.yaml b/charts/stackstate/stackstate-k8s-agent/1.0.70/templates/node-agent-daemonset.yaml deleted file mode 100644 index dd47d1a9e..000000000 --- a/charts/stackstate/stackstate-k8s-agent/1.0.70/templates/node-agent-daemonset.yaml +++ /dev/null @@ -1,105 +0,0 @@ ---- -apiVersion: apps/v1 -kind: DaemonSet -metadata: - name: {{ .Release.Name }}-node-agent - namespace: {{ .Release.Namespace }} - labels: -{{ include "stackstate-k8s-agent.labels" . | indent 4 }} - app.kubernetes.io/component: node-agent -spec: - selector: - matchLabels: - app.kubernetes.io/component: node-agent - app.kubernetes.io/instance: {{ .Release.Name }} - app.kubernetes.io/name: {{ include "stackstate-k8s-agent.name" . }} -{{- with .Values.nodeAgent.updateStrategy }} - updateStrategy: - {{- toYaml . | nindent 4 }} -{{- end }} - template: - metadata: - annotations: - {{- include "stackstate-k8s-agent.checksum-configs" . | nindent 8 }} - {{- include "stackstate-k8s-agent.nodeAgent.configmap.override.checksum" . | nindent 8 }} - labels: - app.kubernetes.io/component: node-agent - app.kubernetes.io/instance: {{ .Release.Name }} - app.kubernetes.io/name: {{ include "stackstate-k8s-agent.name" . }} - spec: - {{- include "stackstate-k8s-agent.image.pullSecrets" (dict "images" (list .Values.nodeAgent.containers.agent.image .Values.all.image) "context" $) | nindent 6 }} - {{- if .Values.all.hardening.enabled}} - terminationGracePeriodSeconds: 240 - {{- end }} - containers: - {{- include "container-agent" . | nindent 6 }} - {{- if .Values.nodeAgent.containers.processAgent.enabled }} - {{- include "container-process-agent" . | nindent 6 }} - {{- end }} - dnsPolicy: ClusterFirstWithHostNet - hostNetwork: true - hostPID: true - {{- if .Values.nodeAgent.priorityClassName }} - priorityClassName: {{ .Values.nodeAgent.priorityClassName }} - {{- end }} - serviceAccountName: {{ .Release.Name }}-node-agent - nodeSelector: - {{ template "label.os" . }}: {{ .Values.targetSystem }} - {{- with .Values.nodeAgent.nodeSelector }} - {{- toYaml . | nindent 8 }} - {{- end }} - {{- with .Values.nodeAgent.affinity }} - affinity: - {{- toYaml . | nindent 8 }} - {{- end }} - {{- with .Values.nodeAgent.tolerations }} - tolerations: - {{- toYaml . | nindent 8 }} - {{- end }} - volumes: - {{- if .Values.nodeAgent.containerRuntime.customSocketPath }} - - hostPath: - path: {{ .Values.nodeAgent.containerRuntime.customSocketPath }} - name: customcrisocket - {{- end }} - - hostPath: - path: /var/lib/kubelet - name: kubelet - - hostPath: - path: /var/lib/nfs - name: nfs - - hostPath: - path: /var/lib/docker/overlay2 - name: dockeroverlay2 - - hostPath: - path: /run/docker/netns - name: dockernetns - - hostPath: - path: /var/run/crio/crio.sock - name: crisocket - - hostPath: - path: /var/run/containerd/containerd.sock - name: containerdsocket - - hostPath: - path: /sys/kernel/debug - name: sys-kernel-debug - - hostPath: - path: /var/run/docker.sock - name: dockersocket - - hostPath: - path: {{ .Values.nodeAgent.containerRuntime.hostProc }} - name: procdir - - hostPath: - path: /etc - name: etcdir - - hostPath: - path: /etc/passwd - name: passwd - - hostPath: - path: /sys/fs/cgroup - name: cgroups - {{- if .Values.nodeAgent.config.override }} - - name: config-override-volume - configMap: - name: {{ .Release.Name }}-node-agent - {{- end }} diff --git a/charts/stackstate/stackstate-k8s-agent/1.0.70/templates/node-agent-podautoscaler.yaml b/charts/stackstate/stackstate-k8s-agent/1.0.70/templates/node-agent-podautoscaler.yaml deleted file mode 100644 index f3de625e9..000000000 --- a/charts/stackstate/stackstate-k8s-agent/1.0.70/templates/node-agent-podautoscaler.yaml +++ /dev/null @@ -1,35 +0,0 @@ ---- -{{- if .Values.nodeAgent.autoScalingEnabled }} -apiVersion: "autoscaling.k8s.io/v1" -kind: VerticalPodAutoscaler -metadata: - name: {{ .Release.Name }}-node-agent-vpa - namespace: {{ .Release.Namespace }} -spec: - targetRef: - apiVersion: "apps/v1" - kind: DaemonSet - name: {{ .Release.Name }}-node-agent - resourcePolicy: - containerPolicies: - - containerName: 'node-agent' - minAllowed: - cpu: {{ .Values.nodeAgent.scaling.autoscalerLimits.agent.minimum.cpu }} - memory: {{ .Values.nodeAgent.scaling.autoscalerLimits.agent.minimum.memory }} - maxAllowed: - cpu: {{ .Values.nodeAgent.scaling.autoscalerLimits.agent.maximum.cpu }} - memory: {{ .Values.nodeAgent.scaling.autoscalerLimits.agent.maximum.memory }} - controlledResources: ["cpu", "memory"] - controlledValues: RequestsAndLimits - - containerName: 'process-agent' - minAllowed: - cpu: {{ .Values.nodeAgent.scaling.autoscalerLimits.processAgent.minimum.cpu }} - memory: {{ .Values.nodeAgent.scaling.autoscalerLimits.processAgent.minimum.memory }} - maxAllowed: - cpu: {{ .Values.nodeAgent.scaling.autoscalerLimits.processAgent.maximum.cpu }} - memory: {{ .Values.nodeAgent.scaling.autoscalerLimits.processAgent.maximum.memory }} - controlledResources: ["cpu", "memory"] - controlledValues: RequestsAndLimits - updatePolicy: - updateMode: "Auto" -{{- end }} diff --git a/charts/stackstate/stackstate-k8s-agent/1.0.70/templates/node-agent-scc.yaml b/charts/stackstate/stackstate-k8s-agent/1.0.70/templates/node-agent-scc.yaml deleted file mode 100644 index 562a099c7..000000000 --- a/charts/stackstate/stackstate-k8s-agent/1.0.70/templates/node-agent-scc.yaml +++ /dev/null @@ -1,56 +0,0 @@ -{{- if .Values.nodeAgent.scc.enabled }} -allowHostDirVolumePlugin: true -# was true -allowHostIPC: true -# was true -allowHostNetwork: true -# Allow host PID for dogstatsd origin detection -allowHostPID: true -# Allow host ports for dsd / trace / logs intake -allowHostPorts: true -allowPrivilegeEscalation: true -# was true -allowPrivilegedContainer: true -# was - '*' -allowedCapabilities: [] -allowedUnsafeSysctls: -- '*' -apiVersion: security.openshift.io/v1 -defaultAddCapabilities: null -fsGroup: -# was RunAsAny - type: MustRunAs -groups: [] -kind: SecurityContextConstraints -metadata: - name: {{ .Release.Name }}-node-agent - namespace: {{ .Release.Namespace }} -priority: null -readOnlyRootFilesystem: false -requiredDropCapabilities: null -# was RunAsAny -runAsUser: - type: MustRunAsRange -# Use the `spc_t` selinux type to access the -# docker socket + proc and cgroup stats -seLinuxContext: - type: RunAsAny - seLinuxOptions: - user: "system_u" - role: "system_r" - type: "spc_t" - level: "s0" -# was - '*' -seccompProfiles: [] -supplementalGroups: - type: RunAsAny -users: -- system:serviceaccount:{{ .Release.Namespace }}:{{ .Release.Name }}-node-agent -# Allow hostPath for docker / process metrics -volumes: - - configMap - - downwardAPI - - emptyDir - - hostPath - - secret -{{- end }} diff --git a/charts/stackstate/stackstate-k8s-agent/1.0.70/templates/node-agent-service.yaml b/charts/stackstate/stackstate-k8s-agent/1.0.70/templates/node-agent-service.yaml deleted file mode 100644 index ad5ad71ce..000000000 --- a/charts/stackstate/stackstate-k8s-agent/1.0.70/templates/node-agent-service.yaml +++ /dev/null @@ -1,26 +0,0 @@ -apiVersion: v1 -kind: Service -metadata: - name: {{ .Release.Name }}-node-agent - namespace: {{ .Release.Namespace }} - labels: -{{ include "stackstate-k8s-agent.labels" . | indent 4 }} - app.kubernetes.io/component: node-agent -{{- with .Values.nodeAgent.service.annotations }} - annotations: - {{- toYaml . | nindent 4 }} -{{- end }} -spec: - type: {{ .Values.nodeAgent.service.type }} -{{- if eq .Values.nodeAgent.service.type "LoadBalancer" }} - loadBalancerSourceRanges: {{ toYaml .Values.nodeAgent.service.loadBalancerSourceRanges | nindent 4}} -{{- end }} - ports: - - name: traceport - port: 8126 - protocol: TCP - targetPort: 8126 - selector: - app.kubernetes.io/component: node-agent - app.kubernetes.io/instance: {{ .Release.Name }} - app.kubernetes.io/name: {{ include "stackstate-k8s-agent.name" . }} diff --git a/charts/stackstate/stackstate-k8s-agent/1.0.70/templates/node-agent-serviceaccount.yaml b/charts/stackstate/stackstate-k8s-agent/1.0.70/templates/node-agent-serviceaccount.yaml deleted file mode 100644 index 935fa9674..000000000 --- a/charts/stackstate/stackstate-k8s-agent/1.0.70/templates/node-agent-serviceaccount.yaml +++ /dev/null @@ -1,12 +0,0 @@ -apiVersion: v1 -kind: ServiceAccount -metadata: - name: {{ .Release.Name }}-node-agent - namespace: {{ .Release.Namespace }} - labels: -{{ include "stackstate-k8s-agent.labels" . | indent 4 }} - app.kubernetes.io/component: node-agent -{{- with .Values.nodeAgent.serviceaccount.annotations }} - annotations: - {{- toYaml . | nindent 4 }} -{{- end }} diff --git a/charts/stackstate/stackstate-k8s-agent/1.0.70/templates/openshift-logging-secret.yaml b/charts/stackstate/stackstate-k8s-agent/1.0.70/templates/openshift-logging-secret.yaml deleted file mode 100644 index df813afe2..000000000 --- a/charts/stackstate/stackstate-k8s-agent/1.0.70/templates/openshift-logging-secret.yaml +++ /dev/null @@ -1,17 +0,0 @@ -{{- if .Values.openShiftLogging.installSecret }} -apiVersion: v1 -kind: Secret -metadata: - name: {{ include "stackstate-k8s-agent.fullname" . }}-logging-secret - namespace: openshift-logging - labels: -{{ include "stackstate-k8s-agent.labels" . | indent 4 }} -type: Opaque -data: - username: {{ "apikey" | b64enc | quote }} -{{- if .Values.global.receiverApiKey }} - password: {{ .Values.global.receiverApiKey | b64enc | quote }} -{{- else }} - password: {{ .Values.stackstate.apiKey | b64enc | quote }} -{{- end }} -{{- end }} diff --git a/charts/stackstate/stackstate-k8s-agent/1.0.70/templates/pull-secret.yaml b/charts/stackstate/stackstate-k8s-agent/1.0.70/templates/pull-secret.yaml deleted file mode 100644 index 441a42a15..000000000 --- a/charts/stackstate/stackstate-k8s-agent/1.0.70/templates/pull-secret.yaml +++ /dev/null @@ -1,35 +0,0 @@ -{{- $defaultRegistry := .Values.global.imageRegistry }} -{{- $top := . }} -{{- $registryAuthMap := dict }} - -{{- range $registry, $credentials := .Values.global.imagePullCredentials }} - {{- $registryAuthDocument := dict -}} - {{- $_ := set $registryAuthDocument "username" $credentials.username }} - {{- $_ := set $registryAuthDocument "password" $credentials.password }} - {{- $authMessage := printf "%s:%s" $registryAuthDocument.username $registryAuthDocument.password | b64enc }} - {{- $_ := set $registryAuthDocument "auth" $authMessage }} - {{- if eq $registry "default" }} - {{- $registryAuthMap := set $registryAuthMap (include "stackstate-k8s-agent.imageRegistry" $top) $registryAuthDocument }} - {{ else }} - {{- $registryAuthMap := set $registryAuthMap $registry $registryAuthDocument }} - {{- end }} -{{- end }} - -{{- if .Values.all.image.pullSecretUsername }} - {{- $registryAuthDocument := dict -}} - {{- $_ := set $registryAuthDocument "username" .Values.all.image.pullSecretUsername }} - {{- $_ := set $registryAuthDocument "password" .Values.all.image.pullSecretPassword }} - {{- $authMessage := printf "%s:%s" $registryAuthDocument.username $registryAuthDocument.password | b64enc }} - {{- $_ := set $registryAuthDocument "auth" $authMessage }} - {{- $registryAuthMap := set $registryAuthMap (include "stackstate-k8s-agent.imageRegistry" $top) $registryAuthDocument }} -{{- end }} - -{{- $dockerAuthsDocuments := dict "auths" $registryAuthMap }} - -apiVersion: v1 -kind: Secret -metadata: - name: {{ include "stackstate-k8s-agent.pull-secret.name" . }} -data: - .dockerconfigjson: {{ $dockerAuthsDocuments | toJson | b64enc | quote }} -type: kubernetes.io/dockerconfigjson diff --git a/charts/stackstate/stackstate-k8s-agent/1.0.70/templates/secret.yaml b/charts/stackstate/stackstate-k8s-agent/1.0.70/templates/secret.yaml deleted file mode 100644 index 31057ccf3..000000000 --- a/charts/stackstate/stackstate-k8s-agent/1.0.70/templates/secret.yaml +++ /dev/null @@ -1,22 +0,0 @@ -apiVersion: v1 -kind: Secret -metadata: - name: {{ include "stackstate-k8s-agent.fullname" . }} - namespace: {{ .Release.Namespace }} - labels: -{{ include "stackstate-k8s-agent.labels" . | indent 4 }} -type: Opaque -data: -{{- if .Values.global.receiverApiKey }} - sts-api-key: {{ .Values.global.receiverApiKey | b64enc | quote }} -{{- else }} - sts-api-key: {{ .Values.stackstate.apiKey | b64enc | quote }} -{{- end }} -{{- if .Values.stackstate.cluster.authToken }} - sts-cluster-auth-token: {{ .Values.stackstate.cluster.authToken | b64enc | quote }} -{{- else }} - sts-cluster-auth-token: {{ randAlphaNum 32 | b64enc | quote }} -{{- end }} -{{- range $key, $value := .Values.global.extraEnv.secret }} - {{ $key }}: {{ $value | b64enc | quote }} -{{- end }} diff --git a/charts/stackstate/stackstate-k8s-agent/1.0.70/test/clusteragent_resources_test.go b/charts/stackstate/stackstate-k8s-agent/1.0.70/test/clusteragent_resources_test.go deleted file mode 100644 index 25875e871..000000000 --- a/charts/stackstate/stackstate-k8s-agent/1.0.70/test/clusteragent_resources_test.go +++ /dev/null @@ -1,145 +0,0 @@ -package test - -import ( - "regexp" - "strings" - "testing" - - v1 "k8s.io/api/rbac/v1" - - "github.com/stretchr/testify/assert" - "gitlab.com/StackVista/DevOps/helm-charts/helmtestutil" -) - -var requiredRules = []string{ - "events+get,list,watch", - "nodes+get,list,watch", - "pods+get,list,watch", - "services+get,list,watch", - "configmaps+create,get,patch,update", -} - -var optionalRules = []string{ - "namespaces+get,list,watch", - "componentstatuses+get,list,watch", - "configmaps+list,watch", // get is already required - "endpoints+get,list,watch", - "persistentvolumeclaims+get,list,watch", - "persistentvolumes+get,list,watch", - "secrets+get,list,watch", - "apps/daemonsets+get,list,watch", - "apps/deployments+get,list,watch", - "apps/replicasets+get,list,watch", - "apps/statefulsets+get,list,watch", - "extensions/ingresses+get,list,watch", - "batch/cronjobs+get,list,watch", - "batch/jobs+get,list,watch", -} - -var roleDescriptionRegexp = regexp.MustCompile(`^((?P\w+)/)?(?P\w+)\+(?P[\w,]+)`) - -type Rule struct { - Group string - ResourceName string - Verb string -} - -func assertRuleExistence(t *testing.T, rules []v1.PolicyRule, roleDescription string, shouldBePresent bool) { - match := roleDescriptionRegexp.FindStringSubmatch(roleDescription) - assert.NotNil(t, match) - - var roleRules []Rule - for _, rule := range rules { - for _, group := range rule.APIGroups { - for _, resource := range rule.Resources { - for _, verb := range rule.Verbs { - roleRules = append(roleRules, Rule{group, resource, verb}) - } - } - } - } - - resGroup := match[roleDescriptionRegexp.SubexpIndex("group")] - resName := match[roleDescriptionRegexp.SubexpIndex("name")] - verbs := strings.Split(match[roleDescriptionRegexp.SubexpIndex("verbs")], ",") - - for _, verb := range verbs { - requiredRule := Rule{resGroup, resName, verb} - found := false - for _, rule := range roleRules { - if rule == requiredRule { - found = true - break - } - } - if shouldBePresent { - assert.Truef(t, found, "Rule %v has not been found", requiredRule) - } else { - assert.Falsef(t, found, "Rule %v should not be present", requiredRule) - } - } -} - -func TestAllResourcesAreEnabled(t *testing.T) { - output := helmtestutil.RenderHelmTemplate(t, "stackstate-k8s-agent", "values/minimal.yaml") - resources := helmtestutil.NewKubernetesResources(t, output) - - assert.Contains(t, resources.ClusterRoles, "stackstate-k8s-agent") - assert.Contains(t, resources.Roles, "stackstate-k8s-agent") - rules := resources.ClusterRoles["stackstate-k8s-agent"].Rules - rules = append(rules, resources.Roles["stackstate-k8s-agent"].Rules...) - - for _, requiredRole := range requiredRules { - assertRuleExistence(t, rules, requiredRole, true) - } - // be default, everything is enabled, so all the optional roles should be present as well - for _, optionalRule := range optionalRules { - assertRuleExistence(t, rules, optionalRule, true) - } -} - -func TestMostOfResourcesAreDisabled(t *testing.T) { - output := helmtestutil.RenderHelmTemplate(t, "stackstate-k8s-agent", "values/minimal.yaml", "values/disable-all-resource.yaml") - resources := helmtestutil.NewKubernetesResources(t, output) - - assert.Contains(t, resources.ClusterRoles, "stackstate-k8s-agent") - assert.Contains(t, resources.Roles, "stackstate-k8s-agent") - rules := resources.ClusterRoles["stackstate-k8s-agent"].Rules - rules = append(rules, resources.Roles["stackstate-k8s-agent"].Rules...) - - for _, requiredRole := range requiredRules { - assertRuleExistence(t, rules, requiredRole, true) - } - - // we expect all optional resources to be removed from ClusterRole with the given values - for _, optionalRule := range optionalRules { - assertRuleExistence(t, rules, optionalRule, false) - } -} - -func TestNoClusterWideModificationRights(t *testing.T) { - output := helmtestutil.RenderHelmTemplate(t, "stackstate-k8s-agent", "values/minimal.yaml", "values/http-header-injector.yaml") - resources := helmtestutil.NewKubernetesResources(t, output) - assert.Contains(t, resources.ClusterRoles, "stackstate-k8s-agent") - illegalVerbs := []string{"create", "patch", "update", "delete"} - - for _, clusterRole := range resources.ClusterRoles { - for _, rule := range clusterRole.Rules { - for _, verb := range rule.Verbs { - assert.NotContains(t, illegalVerbs, verb, "ClusterRole %s should not have %s verb for %s resource", clusterRole.Name, verb, rule.Resources) - } - } - } -} - -func TestServicePortChange(t *testing.T) { - output := helmtestutil.RenderHelmTemplate(t, "stackstate-k8s-agent", "values/minimal.yaml", "values/clustercheck_service_port_override.yaml") - resources := helmtestutil.NewKubernetesResources(t, output) - - cluster_agent_service := resources.Services["stackstate-k8s-agent-cluster-agent"] - - port := cluster_agent_service.Spec.Ports[0] - assert.Equal(t, port.Name, "clusteragent") - assert.Equal(t, port.Port, int32(8008)) - assert.Equal(t, port.TargetPort.IntVal, int32(9009)) -} diff --git a/charts/stackstate/stackstate-k8s-agent/1.0.70/test/clustername_test.go b/charts/stackstate/stackstate-k8s-agent/1.0.70/test/clustername_test.go deleted file mode 100644 index 55090b995..000000000 --- a/charts/stackstate/stackstate-k8s-agent/1.0.70/test/clustername_test.go +++ /dev/null @@ -1,54 +0,0 @@ -package test - -import ( - "testing" - - "github.com/gruntwork-io/terratest/modules/helm" - "github.com/stretchr/testify/assert" - - "gitlab.com/StackVista/DevOps/helm-charts/helmtestutil" -) - -func TestHelmBasicRender(t *testing.T) { - output := helmtestutil.RenderHelmTemplate(t, "stackstate-k8s-agent", "values/minimal.yaml") - - // Parse all resources into their corresponding types for validation and further inspection - helmtestutil.NewKubernetesResources(t, output) -} - -func TestClusterNameValidation(t *testing.T) { - testCases := []struct { - Name string - ClusterName string - IsValid bool - }{ - {"not allowed end with special character [.]", "name.", false}, - {"not allowed end with special character [-]", "name.", false}, - {"not allowed start with special character [-]", "-name", false}, - {"not allowed start with special character [.]", ".name", false}, - {"upper case is not allowed", "Euwest1-prod.cool-company.com", false}, - {"upper case is not allowed", "euwest1-PROD.cool-company.com", false}, - {"upper case is not allowed", "euwest1-prod.cool-company.coM", false}, - {"dots and dashes are allowed in the middle", "euwest1-prod.cool-company.com", true}, - {"underscore is not allowed", "why_7", false}, - } - - for _, testCase := range testCases { - t.Run(testCase.Name, func(t *testing.T) { - output, err := helmtestutil.RenderHelmTemplateOpts( - t, "cluster-agent", - &helm.Options{ - ValuesFiles: []string{"values/minimal.yaml"}, - SetStrValues: map[string]string{ - "stackstate.cluster.name": testCase.ClusterName, - }, - }) - if testCase.IsValid { - assert.Nil(t, err) - } else { - assert.NotNil(t, err) - assert.Contains(t, output, "stackstate.cluster.name: Does not match pattern") - } - }) - } -} diff --git a/charts/stackstate/stackstate-k8s-agent/1.0.70/test/values/clustercheck_ksm_custom_url.yaml b/charts/stackstate/stackstate-k8s-agent/1.0.70/test/values/clustercheck_ksm_custom_url.yaml deleted file mode 100644 index 57b973eed..000000000 --- a/charts/stackstate/stackstate-k8s-agent/1.0.70/test/values/clustercheck_ksm_custom_url.yaml +++ /dev/null @@ -1,7 +0,0 @@ -checksAgent: - enabled: true - kubeStateMetrics: - url: http://my-custom-ksm-url.monitoring.svc.local:8080/metrics -dependencies: - kubeStateMetrics: - enabled: true diff --git a/charts/stackstate/stackstate-k8s-agent/1.0.70/test/values/clustercheck_ksm_no_override.yaml b/charts/stackstate/stackstate-k8s-agent/1.0.70/test/values/clustercheck_ksm_no_override.yaml deleted file mode 100644 index b6c817d47..000000000 --- a/charts/stackstate/stackstate-k8s-agent/1.0.70/test/values/clustercheck_ksm_no_override.yaml +++ /dev/null @@ -1,5 +0,0 @@ -checksAgent: - enabled: true -dependencies: - kubeStateMetrics: - enabled: true diff --git a/charts/stackstate/stackstate-k8s-agent/1.0.70/test/values/clustercheck_ksm_override.yaml b/charts/stackstate/stackstate-k8s-agent/1.0.70/test/values/clustercheck_ksm_override.yaml deleted file mode 100644 index 9ca201345..000000000 --- a/charts/stackstate/stackstate-k8s-agent/1.0.70/test/values/clustercheck_ksm_override.yaml +++ /dev/null @@ -1,26 +0,0 @@ -checksAgent: - enabled: true -dependencies: - kubeStateMetrics: - enabled: true -agent: - config: - override: -# agent.config.override -- Disables kubernetes_state check on regular agent pods. - - name: auto_conf.yaml - path: /etc/stackstate-agent/conf.d/kubernetes_state.d - data: | -clusterAgent: - config: - override: -# clusterAgent.config.override -- Defines kubernetes_state check for clusterchecks agents. Auto-discovery -# with ad_identifiers does not work here. Use a specific URL instead. - - name: conf.yaml - path: /etc/stackstate-agent/conf.d/kubernetes_state.d - data: | - cluster_check: true - - init_config: - - instances: - - kube_state_url: http://YOUR_KUBE_STATE_METRICS_SERVICE_NAME:8080/metrics diff --git a/charts/stackstate/stackstate-k8s-agent/1.0.70/test/values/clustercheck_no_ksm_custom_url.yaml b/charts/stackstate/stackstate-k8s-agent/1.0.70/test/values/clustercheck_no_ksm_custom_url.yaml deleted file mode 100644 index a62691878..000000000 --- a/charts/stackstate/stackstate-k8s-agent/1.0.70/test/values/clustercheck_no_ksm_custom_url.yaml +++ /dev/null @@ -1,7 +0,0 @@ -checksAgent: - enabled: true - kubeStateMetrics: - url: http://my-custom-ksm-url.monitoring.svc.local:8080/metrics -dependencies: - kubeStateMetrics: - enabled: false diff --git a/charts/stackstate/stackstate-k8s-agent/1.0.70/test/values/clustercheck_service_port_override.yaml b/charts/stackstate/stackstate-k8s-agent/1.0.70/test/values/clustercheck_service_port_override.yaml deleted file mode 100644 index c01a98fcb..000000000 --- a/charts/stackstate/stackstate-k8s-agent/1.0.70/test/values/clustercheck_service_port_override.yaml +++ /dev/null @@ -1,4 +0,0 @@ -clusterAgent: - service: - port: 8008 - targetPort: 9009 diff --git a/charts/stackstate/stackstate-k8s-agent/1.0.70/test/values/disable-all-resource.yaml b/charts/stackstate/stackstate-k8s-agent/1.0.70/test/values/disable-all-resource.yaml deleted file mode 100644 index cd33e843e..000000000 --- a/charts/stackstate/stackstate-k8s-agent/1.0.70/test/values/disable-all-resource.yaml +++ /dev/null @@ -1,17 +0,0 @@ -clusterAgent: - collection: - kubernetesMetrics: false - kubernetesResources: - namespaces: false - configmaps: false - endpoints: false - persistentvolumes: false - persistentvolumeclaims: false - secrets: false - daemonsets: false - deployments: false - replicasets: false - statefulsets: false - ingresses: false - cronjobs: false - jobs: false diff --git a/charts/stackstate/stackstate-k8s-agent/1.0.70/test/values/http-header-injector.yaml b/charts/stackstate/stackstate-k8s-agent/1.0.70/test/values/http-header-injector.yaml deleted file mode 100644 index c9392ce2d..000000000 --- a/charts/stackstate/stackstate-k8s-agent/1.0.70/test/values/http-header-injector.yaml +++ /dev/null @@ -1,8 +0,0 @@ -httpHeaderInjectorWebhook: - webhook: - tls: - mode: "provided" - provided: - caBundle: insert-ca-here - crt: insert-cert-here - key: insert-key-here diff --git a/charts/stackstate/stackstate-k8s-agent/1.0.70/test/values/minimal.yaml b/charts/stackstate/stackstate-k8s-agent/1.0.70/test/values/minimal.yaml deleted file mode 100644 index b310c9a09..000000000 --- a/charts/stackstate/stackstate-k8s-agent/1.0.70/test/values/minimal.yaml +++ /dev/null @@ -1,7 +0,0 @@ -stackstate: - apiKey: foobar - cluster: - name: some-k8s-cluster - token: some-token - - url: https://stackstate:7000/receiver diff --git a/charts/stackstate/stackstate-k8s-agent/1.0.70/values.schema.json b/charts/stackstate/stackstate-k8s-agent/1.0.70/values.schema.json deleted file mode 100644 index 2b977af3d..000000000 --- a/charts/stackstate/stackstate-k8s-agent/1.0.70/values.schema.json +++ /dev/null @@ -1,79 +0,0 @@ -{ - "$schema": "https://json-schema.org/draft/2019-09/schema", - "$id": "https://stackstate.io/example.json", - "type": "object", - "default": {}, - "title": "StackState Agent Helm chart values", - "required": [ - "stackstate", - "clusterAgent" - ], - "properties": { - "stackstate": { - "type": "object", - "required": [ - "apiKey", - "cluster", - "url" - ], - "properties": { - "apiKey": { - "type": "string" - }, - "cluster": { - "type": "object", - "required": ["name"], - "properties": { - "name": { - "type": "string", - "pattern": "^[a-z0-9]([a-z0-9\\-\\.]*[a-z0-9])$" - }, - "authToken": { - "type": "string" - } - } - }, - "url": { - "type": "string" - } - } - }, - "clusterAgent": { - "type": "object", - "required": [ - "config" - ], - "properties": { - "config": { - "type": "object", - "required": [ - "events" - ], - "properties": { - "events": { - "type": "object", - "properties": { - "categories": { - "type": "object", - "patternProperties": { - ".*": { - "type": [ - "string" - ], - "enum": [ - "Alerts", - "Activities", - "Changes", - "Others" - ] - } - } - } - } - } - } - } - } - } - } -} diff --git a/charts/stackstate/stackstate-k8s-agent/1.0.70/values.yaml b/charts/stackstate/stackstate-k8s-agent/1.0.70/values.yaml deleted file mode 100644 index d90671fc0..000000000 --- a/charts/stackstate/stackstate-k8s-agent/1.0.70/values.yaml +++ /dev/null @@ -1,582 +0,0 @@ -##################### -# General variables # -##################### - -global: - extraEnv: - # global.extraEnv.open -- Extra open environment variables to inject into pods. - open: {} - # global.extraEnv.secret -- Extra secret environment variables to inject into pods via a `Secret` object. - secret: {} - # global.imagePullSecrets -- Secrets / credentials needed for container image registry. - imagePullSecrets: [] - # global.imagePullCredentials -- Globally define credentials for pulling images. - imagePullCredentials: {} - -# nameOverride -- Override the name of the chart. -nameOverride: "" -# fullnameOverride -- Override the fullname of the chart. -fullnameOverride: "" - -# targetSystem -- Target OS for this deployment (possible values: linux) -targetSystem: "linux" - -all: - image: - # all.image.registry -- The image registry to use. - registry: "quay.io" - hardening: - # all.hardening.enabled -- An indication of whether the containers will be evaluated for hardening at runtime - enabled: false - -nodeAgent: - # nodeAgent.autoScalingEnabled -- Enable / disable autoscaling for the node agent pods. - autoScalingEnabled: false - containerRuntime: - # nodeAgent.containerRuntime.customSocketPath -- If the container socket path does not match the default for CRI-O, Containerd or Docker, supply a custom socket path. - customSocketPath: "" - # nodeAgent.containerRuntime.customHostProc -- If the container is launched from a place where /proc is mounted differently, /proc can be changed - hostProc: /proc - - scc: - # nodeAgent.scc.enabled -- Enable / disable the installation of the SecurityContextConfiguration needed for installation on OpenShift. - enabled: false - apm: - # nodeAgent.apm.enabled -- Enable / disable the nodeAgent APM module. - enabled: true - networkTracing: - # nodeAgent.networkTracing.enabled -- Enable / disable the nodeAgent network tracing module. - enabled: true - protocolInspection: - # nodeAgent.protocolInspection.enabled -- Enable / disable the nodeAgent protocol inspection. - enabled: true - httpTracing: - enabled: true - # nodeAgent.skipSslValidation -- Set to true if self signed certificates are used. - skipSslValidation: false - # nodeAgent.skipKubeletTLSVerify -- Set to true if you want to skip kubelet tls verification. - skipKubeletTLSVerify: false - - # nodeAgent.checksTagCardinality -- low, orchestrator or high. Orchestrator level adds pod_name, high adds display_container_name - checksTagCardinality: orchestrator - - # nodeAgent.config -- - config: - # nodeAgent.config.override -- A list of objects containing three keys `name`, `path` and `data`, specifying filenames at specific paths which need to be (potentially) overridden using a mounted configmap - override: [] - - # nodeAgent.priorityClassName -- Priority class for nodeAgent pods. - priorityClassName: "" - - scaling: - autoscalerLimits: - agent: - minimum: - # nodeAgent.scaling.autoscalerLimits.agent.minimum.cpu -- Minimum CPU resource limits for main agent. - cpu: "20m" - # nodeAgent.scaling.autoscalerLimits.agent.minimum.memory -- Minimum memory resource limits for main agent. - memory: "180Mi" - maximum: - # nodeAgent.scaling.autoscalerLimits.agent.maximum.cpu -- Maximum CPU resource limits for main agent. - cpu: "200m" - # nodeAgent.scaling.autoscalerLimits.agent.maximum.memory -- Maximum memory resource limits for main agent. - memory: "450Mi" - processAgent: - minimum: - # nodeAgent.scaling.autoscalerLimits.processAgent.minimum.cpu -- Minimum CPU resource limits for process agent. - cpu: "25m" - # nodeAgent.scaling.autoscalerLimits.processAgent.minimum.memory -- Minimum memory resource limits for process agent. - memory: "100Mi" - maximum: - # nodeAgent.scaling.autoscalerLimits.processAgent.maximum.cpu -- Maximum CPU resource limits for process agent. - cpu: "200m" - # nodeAgent.scaling.autoscalerLimits.processAgent.maximum.memory -- Maximum memory resource limits for process agent. - memory: "500Mi" - - containers: - agent: - image: - # nodeAgent.containers.agent.image.repository -- Base container image repository. - repository: stackstate/stackstate-k8s-agent - # nodeAgent.containers.agent.image.tag -- Default container image tag. - tag: "6f4db72d" - # nodeAgent.containers.agent.image.pullPolicy -- Default container image pull policy. - pullPolicy: IfNotPresent - processAgent: - # nodeAgent.containers.agent.processAgent.enabled -- Enable / disable the agent process agent module. - deprecated - enabled: false - # nodeAgent.containers.agent.env -- Additional environment variables for the agent container - env: {} - # nodeAgent.containers.agent.logLevel -- Set logging verbosity, valid log levels are: trace, debug, info, warn, error, critical, and off - ## If not set, fall back to the value of agent.logLevel. - logLevel: # INFO - - resources: - limits: - # nodeAgent.containers.agent.resources.limits.cpu -- CPU resource limits. - cpu: "270m" - # nodeAgent.containers.agent.resources.limits.cpu -- Memory resource limits. - memory: "420Mi" - requests: - # nodeAgent.containers.agent.resources.requests.cpu -- CPU resource requests. - cpu: "20m" - # nodeAgent.containers.agent.resources.requests.cpu -- Memory resource requests. - memory: "180Mi" - livenessProbe: - # nodeAgent.containers.agent.livenessProbe.enabled -- Enable use of livenessProbe check. - enabled: true - # nodeAgent.containers.agent.livenessProbe.failureThreshold -- `failureThreshold` for the liveness probe. - failureThreshold: 3 - # nodeAgent.containers.agent.livenessProbe.initialDelaySeconds -- `initialDelaySeconds` for the liveness probe. - initialDelaySeconds: 15 - # nodeAgent.containers.agent.livenessProbe.periodSeconds -- `periodSeconds` for the liveness probe. - periodSeconds: 15 - # nodeAgent.containers.agent.livenessProbe.successThreshold -- `successThreshold` for the liveness probe. - successThreshold: 1 - # nodeAgent.containers.agent.livenessProbe.timeoutSeconds -- `timeoutSeconds` for the liveness probe. - timeoutSeconds: 5 - readinessProbe: - # nodeAgent.containers.agent.readinessProbe.enabled -- Enable use of readinessProbe check. - enabled: true - # nodeAgent.containers.agent.readinessProbe.failureThreshold -- `failureThreshold` for the readiness probe. - failureThreshold: 3 - # nodeAgent.containers.agent.readinessProbe.initialDelaySeconds -- `initialDelaySeconds` for the readiness probe. - initialDelaySeconds: 15 - # nodeAgent.containers.agent.readinessProbe.periodSeconds -- `periodSeconds` for the readiness probe. - periodSeconds: 15 - # nodeAgent.containers.agent.readinessProbe.successThreshold -- `successThreshold` for the readiness probe. - successThreshold: 1 - # nodeAgent.containers.agent.readinessProbe.timeoutSeconds -- `timeoutSeconds` for the readiness probe. - timeoutSeconds: 5 - - processAgent: - # nodeAgent.containers.processAgent.enabled -- Enable / disable the process agent container. - enabled: true - image: - # Override to pull the image from an alternate registry - registry: - # nodeAgent.containers.processAgent.image.repository -- Process-agent container image repository. - repository: stackstate/stackstate-k8s-process-agent - # nodeAgent.containers.processAgent.image.tag -- Default process-agent container image tag. - tag: "432a2730" - # nodeAgent.containers.processAgent.image.pullPolicy -- Process-agent container image pull policy. - pullPolicy: IfNotPresent - # nodeAgent.containers.processAgent.env -- Additional environment variables for the process-agent container - env: {} - # nodeAgent.containers.processAgent.logLevel -- Set logging verbosity, valid log levels are: trace, debug, info, warn, error, critical, and off - ## If not set, fall back to the value of agent.logLevel. - logLevel: # INFO - - # nodeAgent.containers.processAgent.procVolumeReadOnly -- Configure whether /host/proc is read only for the process agent container - procVolumeReadOnly: true - - resources: - limits: - # nodeAgent.containers.processAgent.resources.limits.cpu -- CPU resource limits. - cpu: "125m" - # nodeAgent.containers.processAgent.resources.limits.cpu -- Memory resource limits. - memory: "400Mi" - requests: - # nodeAgent.containers.processAgent.resources.requests.cpu -- CPU resource requests. - cpu: "25m" - # nodeAgent.containers.processAgent.resources.requests.cpu -- Memory resource requests. - memory: "128Mi" - # nodeAgent.service -- The Kubernetes service for the agent - service: - # nodeAgent.service.type -- Type of Kubernetes service: ClusterIP, LoadBalancer, NodePort - type: ClusterIP - # nodeAgent.service.annotations -- Annotations for the service - annotations: {} - # nodeAgent.service.loadBalancerSourceRanges -- The IP4 CIDR allowed to reach LoadBalancer for the service. For LoadBalancer type of service only. - loadBalancerSourceRanges: ["10.0.0.0/8"] - - # nodeAgent.logLevel -- Logging level for agent processes. - logLevel: INFO - - # nodeAgent.updateStrategy -- The update strategy for the DaemonSet object. - updateStrategy: - type: RollingUpdate - rollingUpdate: - maxUnavailable: 100 - - # nodeAgent.nodeSelector -- Node labels for pod assignment. - nodeSelector: {} - - # nodeAgent.tolerations -- Toleration labels for pod assignment. - tolerations: [] - - # nodeAgent.affinity -- Affinity settings for pod assignment. - affinity: {} - - serviceaccount: - # nodeAgent.serviceaccount.annotations -- Annotations for the service account for the agent daemonset pods - annotations: {} - -processAgent: - softMemoryLimit: - # processAgent.softMemoryLimit.goMemLimit -- Soft-limit for golang heap allocation, for sanity, must be around 85% of nodeAgent.containers.processAgent.resources.limits.cpu. - goMemLimit: 340MiB - # processAgent.softMemoryLimit.httpStatsBufferSize -- Sets a maximum for the number of http stats to keep in memory between check runs, to use 40k requires around ~400Mib of memory. - httpStatsBufferSize: 40000 - # processAgent.softMemoryLimit.httpObservationsBufferSize -- Sets a maximum for the number of http observations to keep in memory between check runs, to use 40k requires around ~400Mib of memory. - httpObservationsBufferSize: 40000 - - checkIntervals: - # processAgent.checkIntervals.container -- Override the default value of the container check interval in seconds. - container: 28 - # processAgent.checkIntervals.connections -- Override the default value of the connections check interval in seconds. - connections: 30 - # processAgent.checkIntervals.process -- Override the default value of the process check interval in seconds. - process: 32 - -clusterAgent: - collection: - # clusterAgent.collection.kubernetesEvents -- Enable / disable the cluster agent events collection. - kubernetesEvents: true - # clusterAgent.collection.kubernetesMetrics -- Enable / disable the cluster agent metrics collection. - kubernetesMetrics: true - # clusterAgent.collection.kubernetesTimeout -- Default timeout (in seconds) when obtaining information from the Kubernetes API. - kubernetesTimeout: 10 - # clusterAgent.collection.kubernetesTopology -- Enable / disable the cluster agent topology collection. - kubernetesTopology: true - kubeStateMetrics: - # clusterAgent.collection.kubeStateMetrics.enabled -- Enable / disable the cluster agent kube-state-metrics collection. - enabled: true - # clusterAgent.collection.kubeStateMetrics.clusterCheck -- For large clusters where the Kubernetes State Metrics Check Core needs to be distributed on dedicated workers. - clusterCheck: false - # clusterAgent.collection.kubeStateMetrics.labelsAsTags -- Extra labels to collect from resources and to turn into StackState tag. - ## It has the following structure: - ## labelsAsTags: - ## : # can be pod, deployment, node, etc. - ## : # where is the kubernetes label and is the StackState tag - ## : - ## : - ## : - ## - ## Warning: the label must match the transformation done by kube-state-metrics, - ## for example tags.stackstate/version becomes tags_stackstate_version. - labelsAsTags: {} - # pod: - # app: app - # node: - # zone: zone - # team: team - - # clusterAgent.collection.kubeStateMetrics.annotationsAsTags -- Extra annotations to collect from resources and to turn into StackState tag. - - ## It has the following structure: - ## annotationsAsTags: - ## : # can be pod, deployment, node, etc. - ## : # where is the kubernetes annotation and is the StackState tag - ## : - ## : - ## : - ## - ## Warning: the annotation must match the transformation done by kube-state-metrics, - ## for example tags.stackstate/version becomes tags_stackstate_version. - annotationsAsTags: {} - kubernetesResources: - # clusterAgent.collection.kubernetesResources.volumeattachments -- Enable / disable collection of Volume Attachments. Used to bind Nodes to Persistent Volumes. - volumeattachments: true - # clusterAgent.collection.kubernetesResources.namespaces -- Enable / disable collection of Namespaces. - namespaces: true - # clusterAgent.collection.kubernetesResources.configmaps -- Enable / disable collection of ConfigMaps. - configmaps: true - # clusterAgent.collection.kubernetesResources.endpoints -- Enable / disable collection of Endpoints. If endpoints are disabled then StackState won't be able to connect a Service to Pods that serving it - endpoints: true - # clusterAgent.collection.kubernetesResources.persistentvolumes -- Enable / disable collection of PersistentVolumes. - persistentvolumes: true - # clusterAgent.collection.kubernetesResources.persistentvolumeclaims -- Enable / disable collection of PersistentVolumeClaims. Disabling these will not let StackState connect PersistentVolumes to pods they are attached to - persistentvolumeclaims: true - # clusterAgent.collection.kubernetesResources.secrets -- Enable / disable collection of Secrets. - secrets: true - # clusterAgent.collection.kubernetesResources.daemonsets -- Enable / disable collection of DaemonSets. - daemonsets: true - # clusterAgent.collection.kubernetesResources.deployments -- Enable / disable collection of Deployments. - deployments: true - # clusterAgent.collection.kubernetesResources.replicasets -- Enable / disable collection of ReplicaSets. - replicasets: true - # clusterAgent.collection.kubernetesResources.statefulsets -- Enable / disable collection of StatefulSets. - statefulsets: true - # clusterAgent.collection.kubernetesResources.ingresses -- Enable / disable collection of Ingresses. - ingresses: true - # clusterAgent.collection.kubernetesResources.cronjobs -- Enable / disable collection of CronJobs. - cronjobs: true - # clusterAgent.collection.kubernetesResources.jobs -- Enable / disable collection of Jobs. - jobs: true - # clusterAgent.collection.kubernetesResources.resourcequotas -- Enable / disable collection of ResourceQuotas. - resourcequotas: true - - # clusterAgent.config -- - config: - events: - # clusterAgent.config.events.categories -- Custom mapping from Kubernetes event reason to StackState event category. Categories allowed: Alerts, Activities, Changes, Others - categories: {} - topology: - # clusterAgent.config.topology.collectionInterval -- Interval for running topology collection, in seconds - collectionInterval: 90 - configMap: - # clusterAgent.config.configMap.maxDataSize -- Maximum amount of characters for the data property of a ConfigMap collected by the kubernetes topology check - maxDataSize: - # clusterAgent.config.override -- A list of objects containing three keys `name`, `path` and `data`, specifying filenames at specific paths which need to be (potentially) overridden using a mounted configmap - override: [] - - service: - # clusterAgent.service.port -- Change the Cluster Agent service port - port: 5005 - # clusterAgent.service.targetPort -- Change the Cluster Agent service targetPort - targetPort: 5005 - - # clusterAgent.enabled -- Enable / disable the cluster agent. - enabled: true - - image: - # clusterAgent.image.repository -- Base container image repository. - repository: stackstate/stackstate-k8s-cluster-agent - # clusterAgent.image.tag -- Default container image tag. - tag: "6f4db72d" - # clusterAgent.image.pullPolicy -- Default container image pull policy. - pullPolicy: IfNotPresent - - livenessProbe: - # clusterAgent.livenessProbe.enabled -- Enable use of livenessProbe check. - enabled: true - # clusterAgent.livenessProbe.failureThreshold -- `failureThreshold` for the liveness probe. - failureThreshold: 3 - # clusterAgent.livenessProbe.initialDelaySeconds -- `initialDelaySeconds` for the liveness probe. - initialDelaySeconds: 15 - # clusterAgent.livenessProbe.periodSeconds -- `periodSeconds` for the liveness probe. - periodSeconds: 15 - # clusterAgent.livenessProbe.successThreshold -- `successThreshold` for the liveness probe. - successThreshold: 1 - # clusterAgent.livenessProbe.timeoutSeconds -- `timeoutSeconds` for the liveness probe. - timeoutSeconds: 5 - - # clusterAgent.logLevel -- Logging level for stackstate-k8s-agent processes. - logLevel: INFO - - # clusterAgent.priorityClassName -- Priority class for stackstate-k8s-agent pods. - priorityClassName: "" - - readinessProbe: - # clusterAgent.readinessProbe.enabled -- Enable use of readinessProbe check. - enabled: true - # clusterAgent.readinessProbe.failureThreshold -- `failureThreshold` for the readiness probe. - failureThreshold: 3 - # clusterAgent.readinessProbe.initialDelaySeconds -- `initialDelaySeconds` for the readiness probe. - initialDelaySeconds: 15 - # clusterAgent.readinessProbe.periodSeconds -- `periodSeconds` for the readiness probe. - periodSeconds: 15 - # clusterAgent.readinessProbe.successThreshold -- `successThreshold` for the readiness probe. - successThreshold: 1 - # clusterAgent.readinessProbe.timeoutSeconds -- `timeoutSeconds` for the readiness probe. - timeoutSeconds: 5 - - # clusterAgent.replicaCount -- Number of replicas of the cluster agent to deploy. - replicaCount: 1 - - serviceaccount: - # clusterAgent.serviceaccount.annotations -- Annotations for the service account for the cluster agent pods - annotations: {} - - # clusterAgent.strategy -- The strategy for the Deployment object. - strategy: - type: RollingUpdate - # rollingUpdate: - # maxUnavailable: 1 - - resources: - limits: - # clusterAgent.resources.limits.cpu -- CPU resource limits. - cpu: "400m" - # clusterAgent.resources.limits.memory -- Memory resource limits. - memory: "800Mi" - requests: - # clusterAgent.resources.requests.cpu -- CPU resource requests. - cpu: "70m" - # clusterAgent.resources.requests.memory -- Memory resource requests. - memory: "512Mi" - - # clusterAgent.nodeSelector -- Node labels for pod assignment. - nodeSelector: {} - - # clusterAgent.tolerations -- Toleration labels for pod assignment. - tolerations: [] - - # clusterAgent.affinity -- Affinity settings for pod assignment. - affinity: {} - -openShiftLogging: - # openShiftLogging.installSecret -- Install a secret for logging on openshift - installSecret: false - -logsAgent: - # logsAgent.enabled -- Enable / disable k8s pod log collection - enabled: true - - # logsAgent.priorityClassName -- Priority class for logsAgent pods. - priorityClassName: "" - - image: - # logsAgent.image.repository -- Base container image repository. - repository: stackstate/promtail - # logsAgent.image.tag -- Default container image tag. - tag: 2.7.1-4b6ae2af - # logsAgent.image.pullPolicy -- Default container image pull policy. - pullPolicy: IfNotPresent - - resources: - limits: - # logsAgent.resources.limits.cpu -- CPU resource limits. - cpu: "1300m" - # logsAgent.resources.limits.cpu -- Memory resource limits. - memory: "192Mi" - requests: - # logsAgent.resources.requests.cpu -- CPU resource requests. - cpu: "20m" - # logsAgent.resources.requests.cpu -- Memory resource requests. - memory: "100Mi" - - # logsAgent.updateStrategy -- The update strategy for the DaemonSet object. - updateStrategy: - type: RollingUpdate - rollingUpdate: - maxUnavailable: 100 - - # logsAgent.nodeSelector -- Node labels for pod assignment. - nodeSelector: {} - - # logsAgent.tolerations -- Toleration labels for pod assignment. - tolerations: [] - - # logsAgent.affinity -- Affinity settings for pod assignment. - affinity: {} - - serviceaccount: - # logsAgent.serviceaccount.annotations -- Annotations for the service account for the daemonset pods - annotations: {} - -checksAgent: - # checksAgent.enabled -- Enable / disable runnning cluster checks in a separately deployed pod - enabled: true - scc: - # checksAgent.scc.enabled -- Enable / disable the installation of the SecurityContextConfiguration needed for installation on OpenShift - enabled: false - apm: - # checksAgent.apm.enabled -- Enable / disable the agent APM module. - enabled: true - networkTracing: - # checksAgent.networkTracing.enabled -- Enable / disable the agent network tracing module. - enabled: true - processAgent: - # checksAgent.processAgent.enabled -- Enable / disable the agent process agent module. - enabled: true - # checksAgent.skipSslValidation -- Set to true if self signed certificates are used. - skipSslValidation: false - - # nodeAgent.checksTagCardinality -- low, orchestrator or high. Orchestrator level adds pod_name, high adds display_container_name - checksTagCardinality: orchestrator - - # checksAgent.config -- - config: - # checksAgent.config.override -- A list of objects containing three keys `name`, `path` and `data`, specifying filenames at specific paths which need to be (potentially) overridden using a mounted configmap - override: [] - - image: - # checksAgent.image.repository -- Base container image repository. - repository: stackstate/stackstate-k8s-agent - # checksAgent.image.tag -- Default container image tag. - tag: "6f4db72d" - # checksAgent.image.pullPolicy -- Default container image pull policy. - pullPolicy: IfNotPresent - - livenessProbe: - # checksAgent.livenessProbe.enabled -- Enable use of livenessProbe check. - enabled: true - # checksAgent.livenessProbe.failureThreshold -- `failureThreshold` for the liveness probe. - failureThreshold: 3 - # checksAgent.livenessProbe.initialDelaySeconds -- `initialDelaySeconds` for the liveness probe. - initialDelaySeconds: 15 - # checksAgent.livenessProbe.periodSeconds -- `periodSeconds` for the liveness probe. - periodSeconds: 15 - # checksAgent.livenessProbe.successThreshold -- `successThreshold` for the liveness probe. - successThreshold: 1 - # checksAgent.livenessProbe.timeoutSeconds -- `timeoutSeconds` for the liveness probe. - timeoutSeconds: 5 - - # checksAgent.logLevel -- Logging level for clusterchecks agent processes. - logLevel: INFO - - # checksAgent.priorityClassName -- Priority class for clusterchecks agent pods. - priorityClassName: "" - - readinessProbe: - # checksAgent.readinessProbe.enabled -- Enable use of readinessProbe check. - enabled: true - # checksAgent.readinessProbe.failureThreshold -- `failureThreshold` for the readiness probe. - failureThreshold: 3 - # checksAgent.readinessProbe.initialDelaySeconds -- `initialDelaySeconds` for the readiness probe. - initialDelaySeconds: 15 - # checksAgent.readinessProbe.periodSeconds -- `periodSeconds` for the readiness probe. - periodSeconds: 15 - # checksAgent.readinessProbe.successThreshold -- `successThreshold` for the readiness probe. - successThreshold: 1 - # checksAgent.readinessProbe.timeoutSeconds -- `timeoutSeconds` for the readiness probe. - timeoutSeconds: 5 - - # checksAgent.replicas -- Number of clusterchecks agent pods to schedule - replicas: 1 - - resources: - limits: - # checksAgent.resources.limits.cpu -- CPU resource limits. - cpu: "400m" - # checksAgent.resources.limits.cpu -- Memory resource limits. - memory: "600Mi" - requests: - # checksAgent.resources.requests.cpu -- CPU resource requests. - cpu: "20m" - # checksAgent.resources.requests.cpu -- Memory resource requests. - memory: "512Mi" - - serviceaccount: - # checksAgent.serviceaccount.annotations -- Annotations for the service account for the cluster checks pods - annotations: {} - - # checksAgent.strategy -- The strategy for the Deployment object. - strategy: - type: RollingUpdate - # rollingUpdate: - # maxUnavailable: 1 - - # checksAgent.nodeSelector -- Node labels for pod assignment. - nodeSelector: {} - - # checksAgent.tolerations -- Toleration labels for pod assignment. - tolerations: [] - - # checksAgent.affinity -- Affinity settings for pod assignment. - affinity: {} - -################################## -# http-header-injector variables # -################################## - -httpHeaderInjectorWebhook: - # httpHeaderInjectorWebhook.enabled -- Enable the webhook for injection http header injection sidecar proxy - enabled: false - -######################## -# StackState variables # -######################## - -stackstate: - # stackstate.apiKey -- (string) **PROVIDE YOUR API KEY HERE** API key to be used by the StackState agent. - apiKey: - cluster: - # stackstate.cluster.name -- (string) **PROVIDE KUBERNETES CLUSTER NAME HERE** Name of the Kubernetes cluster where the agent will be installed. - name: - # stackstate.cluster.authToken -- Provide a token to enable secure communication between the agent and the cluster agent. - authToken: "" - # stackstate.url -- (string) **PROVIDE STACKSTATE URL HERE** URL of the StackState installation to receive data from the agent. - url: diff --git a/charts/stackstate/stackstate-k8s-agent/1.0.76/.helmignore b/charts/stackstate/stackstate-k8s-agent/1.0.76/.helmignore deleted file mode 100644 index 15a5c1277..000000000 --- a/charts/stackstate/stackstate-k8s-agent/1.0.76/.helmignore +++ /dev/null @@ -1,26 +0,0 @@ -# Patterns to ignore when building packages. -# This supports shell glob matching, relative path matching, and -# negation (prefixed with !). Only one pattern per line. -.DS_Store -# Common VCS dirs -.git/ -.gitignore -.bzr/ -.bzrignore -.hg/ -.hgignore -.svn/ -# Common backup files -*.swp -*.bak -*.tmp -*~ -# Various IDEs -.project -.idea/ -*.tmproj -.vscode/ -linter_values.yaml -ci/ -installation/ -logo.svg diff --git a/charts/stackstate/stackstate-k8s-agent/1.0.76/Chart.lock b/charts/stackstate/stackstate-k8s-agent/1.0.76/Chart.lock deleted file mode 100644 index ab1abbaf8..000000000 --- a/charts/stackstate/stackstate-k8s-agent/1.0.76/Chart.lock +++ /dev/null @@ -1,6 +0,0 @@ -dependencies: -- name: http-header-injector - repository: https://helm.stackstate.io - version: 0.0.8 -digest: sha256:c3b39729fb1d0b742d799b83905467fddbce2f15cf7fb65ed4806cee6a27c818 -generated: "2023-12-05T10:09:00.393174914+01:00" diff --git a/charts/stackstate/stackstate-k8s-agent/1.0.76/Chart.yaml b/charts/stackstate/stackstate-k8s-agent/1.0.76/Chart.yaml deleted file mode 100644 index cdf5ff3c8..000000000 --- a/charts/stackstate/stackstate-k8s-agent/1.0.76/Chart.yaml +++ /dev/null @@ -1,25 +0,0 @@ -annotations: - catalog.cattle.io/certified: partner - catalog.cattle.io/display-name: StackState Agent - catalog.cattle.io/kube-version: '>=1.19.0-0' - catalog.cattle.io/release-name: stackstate-k8s-agent -apiVersion: v2 -appVersion: 3.0.0 -dependencies: -- alias: httpHeaderInjectorWebhook - name: http-header-injector - repository: file://./charts/http-header-injector - version: 0.0.8 -deprecated: true -description: Helm chart for the StackState Agent. -home: https://github.com/StackVista/stackstate-agent -icon: https://raw.githubusercontent.com/StackVista/helm-charts/master/stable/stackstate-k8s-agent/logo.svg -keywords: -- monitoring -- observability -- stackstate -maintainers: -- email: ops@stackstate.com - name: Stackstate -name: stackstate-k8s-agent -version: 1.0.76 diff --git a/charts/stackstate/stackstate-k8s-agent/1.0.76/README.md b/charts/stackstate/stackstate-k8s-agent/1.0.76/README.md deleted file mode 100644 index 27dbffafd..000000000 --- a/charts/stackstate/stackstate-k8s-agent/1.0.76/README.md +++ /dev/null @@ -1,257 +0,0 @@ -# stackstate-k8s-agent - -Helm chart for the StackState Agent. - -Current chart version is `1.0.76` - -**Homepage:** - -## Requirements - -| Repository | Name | Version | -|------------|------|---------| -| https://helm.stackstate.io | httpHeaderInjectorWebhook(http-header-injector) | 0.0.8 | - -## Required Values - -In order to successfully install this chart, you **must** provide the following variables: - -* `stackstate.apiKey` -* `stackstate.cluster.name` -* `stackstate.url` - -The parameter `stackstate.cluster.name` is entered when installing the Cluster Agent StackPack. - -Install them on the command line on Helm with the following command: - -```shell -helm install \ ---set-string 'stackstate.apiKey'='' \ ---set-string 'stackstate.cluster.name'='' \ ---set-string 'stackstate.url'='' \ -stackstate/stackstate-k8s-agent -``` - -## Recommended Values - -It is also recommended that you set a value for `stackstate.cluster.authToken`. If it is not provided, a value will be generated for you, but the value will change each time an upgrade is performed. - -The command for **also** installing with a set token would be: - -```shell -helm install \ ---set-string 'stackstate.apiKey'='' \ ---set-string 'stackstate.cluster.name'='' \ ---set-string 'stackstate.cluster.authToken'='' \ ---set-string 'stackstate.url'='' \ -stackstate/stackstate-k8s-agent -``` - -## Values - -| Key | Type | Default | Description | -|-----|------|---------|-------------| -| all.hardening.enabled | bool | `false` | An indication of whether the containers will be evaluated for hardening at runtime | -| all.image.registry | string | `"quay.io"` | The image registry to use. | -| checksAgent.affinity | object | `{}` | Affinity settings for pod assignment. | -| checksAgent.apm.enabled | bool | `true` | Enable / disable the agent APM module. | -| checksAgent.checksTagCardinality | string | `"orchestrator"` | | -| checksAgent.config | object | `{"override":[]}` | | -| checksAgent.config.override | list | `[]` | A list of objects containing three keys `name`, `path` and `data`, specifying filenames at specific paths which need to be (potentially) overridden using a mounted configmap | -| checksAgent.enabled | bool | `true` | Enable / disable runnning cluster checks in a separately deployed pod | -| checksAgent.image.pullPolicy | string | `"IfNotPresent"` | Default container image pull policy. | -| checksAgent.image.repository | string | `"stackstate/stackstate-k8s-agent"` | Base container image repository. | -| checksAgent.image.tag | string | `"3bc9e882"` | Default container image tag. | -| checksAgent.livenessProbe.enabled | bool | `true` | Enable use of livenessProbe check. | -| checksAgent.livenessProbe.failureThreshold | int | `3` | `failureThreshold` for the liveness probe. | -| checksAgent.livenessProbe.initialDelaySeconds | int | `15` | `initialDelaySeconds` for the liveness probe. | -| checksAgent.livenessProbe.periodSeconds | int | `15` | `periodSeconds` for the liveness probe. | -| checksAgent.livenessProbe.successThreshold | int | `1` | `successThreshold` for the liveness probe. | -| checksAgent.livenessProbe.timeoutSeconds | int | `5` | `timeoutSeconds` for the liveness probe. | -| checksAgent.logLevel | string | `"INFO"` | Logging level for clusterchecks agent processes. | -| checksAgent.networkTracing.enabled | bool | `true` | Enable / disable the agent network tracing module. | -| checksAgent.nodeSelector | object | `{}` | Node labels for pod assignment. | -| checksAgent.priorityClassName | string | `""` | Priority class for clusterchecks agent pods. | -| checksAgent.processAgent.enabled | bool | `true` | Enable / disable the agent process agent module. | -| checksAgent.readinessProbe.enabled | bool | `true` | Enable use of readinessProbe check. | -| checksAgent.readinessProbe.failureThreshold | int | `3` | `failureThreshold` for the readiness probe. | -| checksAgent.readinessProbe.initialDelaySeconds | int | `15` | `initialDelaySeconds` for the readiness probe. | -| checksAgent.readinessProbe.periodSeconds | int | `15` | `periodSeconds` for the readiness probe. | -| checksAgent.readinessProbe.successThreshold | int | `1` | `successThreshold` for the readiness probe. | -| checksAgent.readinessProbe.timeoutSeconds | int | `5` | `timeoutSeconds` for the readiness probe. | -| checksAgent.replicas | int | `1` | Number of clusterchecks agent pods to schedule | -| checksAgent.resources.limits.cpu | string | `"400m"` | Memory resource limits. | -| checksAgent.resources.limits.memory | string | `"600Mi"` | | -| checksAgent.resources.requests.cpu | string | `"20m"` | Memory resource requests. | -| checksAgent.resources.requests.memory | string | `"512Mi"` | | -| checksAgent.scc.enabled | bool | `false` | Enable / disable the installation of the SecurityContextConfiguration needed for installation on OpenShift | -| checksAgent.serviceaccount.annotations | object | `{}` | Annotations for the service account for the cluster checks pods | -| checksAgent.skipSslValidation | bool | `false` | Set to true if self signed certificates are used. | -| checksAgent.strategy | object | `{"type":"RollingUpdate"}` | The strategy for the Deployment object. | -| checksAgent.tolerations | list | `[]` | Toleration labels for pod assignment. | -| clusterAgent.affinity | object | `{}` | Affinity settings for pod assignment. | -| clusterAgent.collection.kubeStateMetrics.annotationsAsTags | object | `{}` | Extra annotations to collect from resources and to turn into StackState tag. | -| clusterAgent.collection.kubeStateMetrics.clusterCheck | bool | `false` | For large clusters where the Kubernetes State Metrics Check Core needs to be distributed on dedicated workers. | -| clusterAgent.collection.kubeStateMetrics.enabled | bool | `true` | Enable / disable the cluster agent kube-state-metrics collection. | -| clusterAgent.collection.kubeStateMetrics.labelsAsTags | object | `{}` | Extra labels to collect from resources and to turn into StackState tag. # It has the following structure: # labelsAsTags: # : # can be pod, deployment, node, etc. # : # where is the kubernetes label and is the StackState tag # : # : # : # # Warning: the label must match the transformation done by kube-state-metrics, # for example tags.stackstate/version becomes tags_stackstate_version. | -| clusterAgent.collection.kubernetesEvents | bool | `true` | Enable / disable the cluster agent events collection. | -| clusterAgent.collection.kubernetesMetrics | bool | `true` | Enable / disable the cluster agent metrics collection. | -| clusterAgent.collection.kubernetesResources.configmaps | bool | `true` | Enable / disable collection of ConfigMaps. | -| clusterAgent.collection.kubernetesResources.cronjobs | bool | `true` | Enable / disable collection of CronJobs. | -| clusterAgent.collection.kubernetesResources.daemonsets | bool | `true` | Enable / disable collection of DaemonSets. | -| clusterAgent.collection.kubernetesResources.deployments | bool | `true` | Enable / disable collection of Deployments. | -| clusterAgent.collection.kubernetesResources.endpoints | bool | `true` | Enable / disable collection of Endpoints. If endpoints are disabled then StackState won't be able to connect a Service to Pods that serving it | -| clusterAgent.collection.kubernetesResources.horizontalpodautoscalers | bool | `true` | Enable / disable collection of HorizontalPodAutoscalers. | -| clusterAgent.collection.kubernetesResources.ingresses | bool | `true` | Enable / disable collection of Ingresses. | -| clusterAgent.collection.kubernetesResources.jobs | bool | `true` | Enable / disable collection of Jobs. | -| clusterAgent.collection.kubernetesResources.limitranges | bool | `true` | Enable / disable collection of LimitRanges. | -| clusterAgent.collection.kubernetesResources.namespaces | bool | `true` | Enable / disable collection of Namespaces. | -| clusterAgent.collection.kubernetesResources.persistentvolumeclaims | bool | `true` | Enable / disable collection of PersistentVolumeClaims. Disabling these will not let StackState connect PersistentVolumes to pods they are attached to | -| clusterAgent.collection.kubernetesResources.persistentvolumes | bool | `true` | Enable / disable collection of PersistentVolumes. | -| clusterAgent.collection.kubernetesResources.poddisruptionbudgets | bool | `true` | Enable / disable collection of PodDisruptionBudgets. | -| clusterAgent.collection.kubernetesResources.replicasets | bool | `true` | Enable / disable collection of ReplicaSets. | -| clusterAgent.collection.kubernetesResources.replicationcontrollers | bool | `true` | Enable / disable collection of ReplicationControllers. | -| clusterAgent.collection.kubernetesResources.resourcequotas | bool | `true` | Enable / disable collection of ResourceQuotas. | -| clusterAgent.collection.kubernetesResources.secrets | bool | `true` | Enable / disable collection of Secrets. | -| clusterAgent.collection.kubernetesResources.statefulsets | bool | `true` | Enable / disable collection of StatefulSets. | -| clusterAgent.collection.kubernetesResources.storageclasses | bool | `true` | Enable / disable collection of StorageClasses. | -| clusterAgent.collection.kubernetesResources.volumeattachments | bool | `true` | Enable / disable collection of Volume Attachments. Used to bind Nodes to Persistent Volumes. | -| clusterAgent.collection.kubernetesTimeout | int | `10` | Default timeout (in seconds) when obtaining information from the Kubernetes API. | -| clusterAgent.collection.kubernetesTopology | bool | `true` | Enable / disable the cluster agent topology collection. | -| clusterAgent.config | object | `{"configMap":{"maxDataSize":null},"events":{"categories":{}},"override":[],"topology":{"collectionInterval":90}}` | | -| clusterAgent.config.configMap.maxDataSize | string | `nil` | Maximum amount of characters for the data property of a ConfigMap collected by the kubernetes topology check | -| clusterAgent.config.events.categories | object | `{}` | Custom mapping from Kubernetes event reason to StackState event category. Categories allowed: Alerts, Activities, Changes, Others | -| clusterAgent.config.override | list | `[]` | A list of objects containing three keys `name`, `path` and `data`, specifying filenames at specific paths which need to be (potentially) overridden using a mounted configmap | -| clusterAgent.config.topology.collectionInterval | int | `90` | Interval for running topology collection, in seconds | -| clusterAgent.enabled | bool | `true` | Enable / disable the cluster agent. | -| clusterAgent.image.pullPolicy | string | `"IfNotPresent"` | Default container image pull policy. | -| clusterAgent.image.repository | string | `"stackstate/stackstate-k8s-cluster-agent"` | Base container image repository. | -| clusterAgent.image.tag | string | `"3bc9e882"` | Default container image tag. | -| clusterAgent.livenessProbe.enabled | bool | `true` | Enable use of livenessProbe check. | -| clusterAgent.livenessProbe.failureThreshold | int | `3` | `failureThreshold` for the liveness probe. | -| clusterAgent.livenessProbe.initialDelaySeconds | int | `15` | `initialDelaySeconds` for the liveness probe. | -| clusterAgent.livenessProbe.periodSeconds | int | `15` | `periodSeconds` for the liveness probe. | -| clusterAgent.livenessProbe.successThreshold | int | `1` | `successThreshold` for the liveness probe. | -| clusterAgent.livenessProbe.timeoutSeconds | int | `5` | `timeoutSeconds` for the liveness probe. | -| clusterAgent.logLevel | string | `"INFO"` | Logging level for stackstate-k8s-agent processes. | -| clusterAgent.nodeSelector | object | `{}` | Node labels for pod assignment. | -| clusterAgent.priorityClassName | string | `""` | Priority class for stackstate-k8s-agent pods. | -| clusterAgent.readinessProbe.enabled | bool | `true` | Enable use of readinessProbe check. | -| clusterAgent.readinessProbe.failureThreshold | int | `3` | `failureThreshold` for the readiness probe. | -| clusterAgent.readinessProbe.initialDelaySeconds | int | `15` | `initialDelaySeconds` for the readiness probe. | -| clusterAgent.readinessProbe.periodSeconds | int | `15` | `periodSeconds` for the readiness probe. | -| clusterAgent.readinessProbe.successThreshold | int | `1` | `successThreshold` for the readiness probe. | -| clusterAgent.readinessProbe.timeoutSeconds | int | `5` | `timeoutSeconds` for the readiness probe. | -| clusterAgent.replicaCount | int | `1` | Number of replicas of the cluster agent to deploy. | -| clusterAgent.resources.limits.cpu | string | `"400m"` | CPU resource limits. | -| clusterAgent.resources.limits.memory | string | `"800Mi"` | Memory resource limits. | -| clusterAgent.resources.requests.cpu | string | `"70m"` | CPU resource requests. | -| clusterAgent.resources.requests.memory | string | `"512Mi"` | Memory resource requests. | -| clusterAgent.service.port | int | `5005` | Change the Cluster Agent service port | -| clusterAgent.service.targetPort | int | `5005` | Change the Cluster Agent service targetPort | -| clusterAgent.serviceaccount.annotations | object | `{}` | Annotations for the service account for the cluster agent pods | -| clusterAgent.skipSslValidation | bool | `false` | If true, ignores the server certificate being signed by an unknown authority. | -| clusterAgent.strategy | object | `{"type":"RollingUpdate"}` | The strategy for the Deployment object. | -| clusterAgent.tolerations | list | `[]` | Toleration labels for pod assignment. | -| fullnameOverride | string | `""` | Override the fullname of the chart. | -| global.extraEnv.open | object | `{}` | Extra open environment variables to inject into pods. | -| global.extraEnv.secret | object | `{}` | Extra secret environment variables to inject into pods via a `Secret` object. | -| global.imagePullCredentials | object | `{}` | Globally define credentials for pulling images. | -| global.imagePullSecrets | list | `[]` | Secrets / credentials needed for container image registry. | -| global.proxy.url | string | `""` | Proxy for all traffic to stackstate | -| global.skipSslValidation | bool | `false` | Enable tls validation from client | -| httpHeaderInjectorWebhook.enabled | bool | `false` | Enable the webhook for injection http header injection sidecar proxy | -| logsAgent.affinity | object | `{}` | Affinity settings for pod assignment. | -| logsAgent.enabled | bool | `true` | Enable / disable k8s pod log collection | -| logsAgent.image.pullPolicy | string | `"IfNotPresent"` | Default container image pull policy. | -| logsAgent.image.repository | string | `"stackstate/promtail"` | Base container image repository. | -| logsAgent.image.tag | string | `"2.7.1-4b6ae2af"` | Default container image tag. | -| logsAgent.nodeSelector | object | `{}` | Node labels for pod assignment. | -| logsAgent.priorityClassName | string | `""` | Priority class for logsAgent pods. | -| logsAgent.resources.limits.cpu | string | `"1300m"` | Memory resource limits. | -| logsAgent.resources.limits.memory | string | `"192Mi"` | | -| logsAgent.resources.requests.cpu | string | `"20m"` | Memory resource requests. | -| logsAgent.resources.requests.memory | string | `"100Mi"` | | -| logsAgent.serviceaccount.annotations | object | `{}` | Annotations for the service account for the daemonset pods | -| logsAgent.skipSslValidation | bool | `false` | If true, ignores the server certificate being signed by an unknown authority. | -| logsAgent.tolerations | list | `[]` | Toleration labels for pod assignment. | -| logsAgent.updateStrategy | object | `{"rollingUpdate":{"maxUnavailable":100},"type":"RollingUpdate"}` | The update strategy for the DaemonSet object. | -| nameOverride | string | `""` | Override the name of the chart. | -| nodeAgent.affinity | object | `{}` | Affinity settings for pod assignment. | -| nodeAgent.apm.enabled | bool | `true` | Enable / disable the nodeAgent APM module. | -| nodeAgent.autoScalingEnabled | bool | `false` | Enable / disable autoscaling for the node agent pods. | -| nodeAgent.checksTagCardinality | string | `"orchestrator"` | low, orchestrator or high. Orchestrator level adds pod_name, high adds display_container_name | -| nodeAgent.config | object | `{"override":[]}` | | -| nodeAgent.config.override | list | `[]` | A list of objects containing three keys `name`, `path` and `data`, specifying filenames at specific paths which need to be (potentially) overridden using a mounted configmap | -| nodeAgent.containerRuntime.customSocketPath | string | `""` | If the container socket path does not match the default for CRI-O, Containerd or Docker, supply a custom socket path. | -| nodeAgent.containerRuntime.hostProc | string | `"/proc"` | | -| nodeAgent.containers.agent.env | object | `{}` | Additional environment variables for the agent container | -| nodeAgent.containers.agent.image.pullPolicy | string | `"IfNotPresent"` | Default container image pull policy. | -| nodeAgent.containers.agent.image.repository | string | `"stackstate/stackstate-k8s-agent"` | Base container image repository. | -| nodeAgent.containers.agent.image.tag | string | `"3bc9e882"` | Default container image tag. | -| nodeAgent.containers.agent.livenessProbe.enabled | bool | `true` | Enable use of livenessProbe check. | -| nodeAgent.containers.agent.livenessProbe.failureThreshold | int | `3` | `failureThreshold` for the liveness probe. | -| nodeAgent.containers.agent.livenessProbe.initialDelaySeconds | int | `15` | `initialDelaySeconds` for the liveness probe. | -| nodeAgent.containers.agent.livenessProbe.periodSeconds | int | `15` | `periodSeconds` for the liveness probe. | -| nodeAgent.containers.agent.livenessProbe.successThreshold | int | `1` | `successThreshold` for the liveness probe. | -| nodeAgent.containers.agent.livenessProbe.timeoutSeconds | int | `5` | `timeoutSeconds` for the liveness probe. | -| nodeAgent.containers.agent.logLevel | string | `nil` | Set logging verbosity, valid log levels are: trace, debug, info, warn, error, critical, and off # If not set, fall back to the value of agent.logLevel. | -| nodeAgent.containers.agent.processAgent.enabled | bool | `false` | Enable / disable the agent process agent module. - deprecated | -| nodeAgent.containers.agent.readinessProbe.enabled | bool | `true` | Enable use of readinessProbe check. | -| nodeAgent.containers.agent.readinessProbe.failureThreshold | int | `3` | `failureThreshold` for the readiness probe. | -| nodeAgent.containers.agent.readinessProbe.initialDelaySeconds | int | `15` | `initialDelaySeconds` for the readiness probe. | -| nodeAgent.containers.agent.readinessProbe.periodSeconds | int | `15` | `periodSeconds` for the readiness probe. | -| nodeAgent.containers.agent.readinessProbe.successThreshold | int | `1` | `successThreshold` for the readiness probe. | -| nodeAgent.containers.agent.readinessProbe.timeoutSeconds | int | `5` | `timeoutSeconds` for the readiness probe. | -| nodeAgent.containers.agent.resources.limits.cpu | string | `"270m"` | Memory resource limits. | -| nodeAgent.containers.agent.resources.limits.memory | string | `"420Mi"` | | -| nodeAgent.containers.agent.resources.requests.cpu | string | `"20m"` | Memory resource requests. | -| nodeAgent.containers.agent.resources.requests.memory | string | `"180Mi"` | | -| nodeAgent.containers.processAgent.enabled | bool | `true` | Enable / disable the process agent container. | -| nodeAgent.containers.processAgent.env | object | `{}` | Additional environment variables for the process-agent container | -| nodeAgent.containers.processAgent.image.pullPolicy | string | `"IfNotPresent"` | Process-agent container image pull policy. | -| nodeAgent.containers.processAgent.image.registry | string | `nil` | | -| nodeAgent.containers.processAgent.image.repository | string | `"stackstate/stackstate-k8s-process-agent"` | Process-agent container image repository. | -| nodeAgent.containers.processAgent.image.tag | string | `"2df5d4d6"` | Default process-agent container image tag. | -| nodeAgent.containers.processAgent.logLevel | string | `nil` | Set logging verbosity, valid log levels are: trace, debug, info, warn, error, critical, and off # If not set, fall back to the value of agent.logLevel. | -| nodeAgent.containers.processAgent.procVolumeReadOnly | bool | `true` | Configure whether /host/proc is read only for the process agent container | -| nodeAgent.containers.processAgent.resources.limits.cpu | string | `"125m"` | Memory resource limits. | -| nodeAgent.containers.processAgent.resources.limits.memory | string | `"400Mi"` | | -| nodeAgent.containers.processAgent.resources.requests.cpu | string | `"25m"` | Memory resource requests. | -| nodeAgent.containers.processAgent.resources.requests.memory | string | `"128Mi"` | | -| nodeAgent.httpTracing.enabled | bool | `true` | | -| nodeAgent.logLevel | string | `"INFO"` | Logging level for agent processes. | -| nodeAgent.networkTracing.enabled | bool | `true` | Enable / disable the nodeAgent network tracing module. | -| nodeAgent.nodeSelector | object | `{}` | Node labels for pod assignment. | -| nodeAgent.priorityClassName | string | `""` | Priority class for nodeAgent pods. | -| nodeAgent.protocolInspection.enabled | bool | `true` | Enable / disable the nodeAgent protocol inspection. | -| nodeAgent.scaling.autoscalerLimits.agent.maximum.cpu | string | `"200m"` | Maximum CPU resource limits for main agent. | -| nodeAgent.scaling.autoscalerLimits.agent.maximum.memory | string | `"450Mi"` | Maximum memory resource limits for main agent. | -| nodeAgent.scaling.autoscalerLimits.agent.minimum.cpu | string | `"20m"` | Minimum CPU resource limits for main agent. | -| nodeAgent.scaling.autoscalerLimits.agent.minimum.memory | string | `"180Mi"` | Minimum memory resource limits for main agent. | -| nodeAgent.scaling.autoscalerLimits.processAgent.maximum.cpu | string | `"200m"` | Maximum CPU resource limits for process agent. | -| nodeAgent.scaling.autoscalerLimits.processAgent.maximum.memory | string | `"500Mi"` | Maximum memory resource limits for process agent. | -| nodeAgent.scaling.autoscalerLimits.processAgent.minimum.cpu | string | `"25m"` | Minimum CPU resource limits for process agent. | -| nodeAgent.scaling.autoscalerLimits.processAgent.minimum.memory | string | `"100Mi"` | Minimum memory resource limits for process agent. | -| nodeAgent.scc.enabled | bool | `false` | Enable / disable the installation of the SecurityContextConfiguration needed for installation on OpenShift. | -| nodeAgent.service | object | `{"annotations":{},"loadBalancerSourceRanges":["10.0.0.0/8"],"type":"ClusterIP"}` | The Kubernetes service for the agent | -| nodeAgent.service.annotations | object | `{}` | Annotations for the service | -| nodeAgent.service.loadBalancerSourceRanges | list | `["10.0.0.0/8"]` | The IP4 CIDR allowed to reach LoadBalancer for the service. For LoadBalancer type of service only. | -| nodeAgent.service.type | string | `"ClusterIP"` | Type of Kubernetes service: ClusterIP, LoadBalancer, NodePort | -| nodeAgent.serviceaccount.annotations | object | `{}` | Annotations for the service account for the agent daemonset pods | -| nodeAgent.skipKubeletTLSVerify | bool | `false` | Set to true if you want to skip kubelet tls verification. | -| nodeAgent.skipSslValidation | bool | `false` | Set to true if self signed certificates are used. | -| nodeAgent.tolerations | list | `[]` | Toleration labels for pod assignment. | -| nodeAgent.updateStrategy | object | `{"rollingUpdate":{"maxUnavailable":100},"type":"RollingUpdate"}` | The update strategy for the DaemonSet object. | -| openShiftLogging.installSecret | bool | `false` | Install a secret for logging on openshift | -| processAgent.checkIntervals.connections | int | `30` | Override the default value of the connections check interval in seconds. | -| processAgent.checkIntervals.container | int | `28` | Override the default value of the container check interval in seconds. | -| processAgent.checkIntervals.process | int | `32` | Override the default value of the process check interval in seconds. | -| processAgent.softMemoryLimit.goMemLimit | string | `"340MiB"` | Soft-limit for golang heap allocation, for sanity, must be around 85% of nodeAgent.containers.processAgent.resources.limits.cpu. | -| processAgent.softMemoryLimit.httpObservationsBufferSize | int | `40000` | Sets a maximum for the number of http observations to keep in memory between check runs, to use 40k requires around ~400Mib of memory. | -| processAgent.softMemoryLimit.httpStatsBufferSize | int | `40000` | Sets a maximum for the number of http stats to keep in memory between check runs, to use 40k requires around ~400Mib of memory. | -| stackstate.apiKey | string | `nil` | **PROVIDE YOUR API KEY HERE** API key to be used by the StackState agent. | -| stackstate.cluster.authToken | string | `""` | Provide a token to enable secure communication between the agent and the cluster agent. | -| stackstate.cluster.name | string | `nil` | **PROVIDE KUBERNETES CLUSTER NAME HERE** Name of the Kubernetes cluster where the agent will be installed. | -| stackstate.url | string | `nil` | **PROVIDE STACKSTATE URL HERE** URL of the StackState installation to receive data from the agent. | -| targetSystem | string | `"linux"` | Target OS for this deployment (possible values: linux) | diff --git a/charts/stackstate/stackstate-k8s-agent/1.0.76/README.md.gotmpl b/charts/stackstate/stackstate-k8s-agent/1.0.76/README.md.gotmpl deleted file mode 100644 index 7909e6f0d..000000000 --- a/charts/stackstate/stackstate-k8s-agent/1.0.76/README.md.gotmpl +++ /dev/null @@ -1,45 +0,0 @@ -{{ template "chart.header" . }} -{{ template "chart.description" . }} - -Current chart version is `{{ template "chart.version" . }}` - -{{ template "chart.homepageLine" . }} - -{{ template "chart.requirementsSection" . }} - -## Required Values - -In order to successfully install this chart, you **must** provide the following variables: - -* `stackstate.apiKey` -* `stackstate.cluster.name` -* `stackstate.url` - -The parameter `stackstate.cluster.name` is entered when installing the Cluster Agent StackPack. - -Install them on the command line on Helm with the following command: - -```shell -helm install \ ---set-string 'stackstate.apiKey'='' \ ---set-string 'stackstate.cluster.name'='' \ ---set-string 'stackstate.url'='' \ -stackstate/stackstate-k8s-agent -``` - -## Recommended Values - -It is also recommended that you set a value for `stackstate.cluster.authToken`. If it is not provided, a value will be generated for you, but the value will change each time an upgrade is performed. - -The command for **also** installing with a set token would be: - -```shell -helm install \ ---set-string 'stackstate.apiKey'='' \ ---set-string 'stackstate.cluster.name'='' \ ---set-string 'stackstate.cluster.authToken'='' \ ---set-string 'stackstate.url'='' \ -stackstate/stackstate-k8s-agent -``` - -{{ template "chart.valuesSection" . }} diff --git a/charts/stackstate/stackstate-k8s-agent/1.0.76/Releasing.md b/charts/stackstate/stackstate-k8s-agent/1.0.76/Releasing.md deleted file mode 100644 index bab6c2b94..000000000 --- a/charts/stackstate/stackstate-k8s-agent/1.0.76/Releasing.md +++ /dev/null @@ -1,15 +0,0 @@ -To make a new release of this helm chart, follow the following steps: - - -- Create a branch from master -- Set the latest tags for the docker images, based on the dev settings (while we do not promote to prod, the moment we promote to prod we should take those tags) from https://gitlab.com/stackvista/devops/agent-promoter/-/blob/master/config.yml. Set the value to the folowing keys: - * stackstate-k8s-cluster-agent: - * [clusterAgent.image.tag] - * stackstate-k8s-agent: - * [nodeAgent.containers.agent.image.tag] - * [checksAgent.image.tag] - * stackstate-k8s-process-agent: - * [nodeAgent.containers.processAgent.image.tag] -- Bump the version of the chart -- Merge the mr and hit the public release button on the ci pipeline -- Manually smoke-test (deploy) the newly released stackstate/stackstate-k8s-agent chart to make sure it runs diff --git a/charts/stackstate/stackstate-k8s-agent/1.0.76/app-readme.md b/charts/stackstate/stackstate-k8s-agent/1.0.76/app-readme.md deleted file mode 100644 index 8025fe1d3..000000000 --- a/charts/stackstate/stackstate-k8s-agent/1.0.76/app-readme.md +++ /dev/null @@ -1,5 +0,0 @@ -## Introduction - -StackState is a modern Application Troubleshooting and Observability solution designed for the rapid evolving engineering landscape. With specific enhancements for Kubernetes environments it empowers engineers, allowing them to remediate application issues independently in production. - -The StackState Agent auto-discovers your entire environment in minutes, assimilating topology, logs, metrics, and events and sends this of to the StackState server. By using StackState you're able to tracke all activity in your environment in real-time and over time. StackState provides instant understanding of the business impact of an issue, offering end-to-end chain observability and ensuring that you can quickly correlate any product or environmental changes to the overall health of your cloud-native implementation. diff --git a/charts/stackstate/stackstate-k8s-agent/1.0.76/charts/http-header-injector/.helmignore b/charts/stackstate/stackstate-k8s-agent/1.0.76/charts/http-header-injector/.helmignore deleted file mode 100644 index 69790771c..000000000 --- a/charts/stackstate/stackstate-k8s-agent/1.0.76/charts/http-header-injector/.helmignore +++ /dev/null @@ -1,25 +0,0 @@ -# Patterns to ignore when building packages. -# This supports shell glob matching, relative path matching, and -# negation (prefixed with !). Only one pattern per line. -.DS_Store -# Common VCS dirs -.git/ -.gitignore -.bzr/ -.bzrignore -.hg/ -.hgignore -.svn/ -# Common backup files -*.swp -*.bak -*.tmp -*~ -# Various IDEs -.project -.idea/ -*.tmproj -.vscode/ -linter_values.yaml -ci/ -installation/ diff --git a/charts/stackstate/stackstate-k8s-agent/1.0.76/charts/http-header-injector/Chart.yaml b/charts/stackstate/stackstate-k8s-agent/1.0.76/charts/http-header-injector/Chart.yaml deleted file mode 100644 index d2c911c5d..000000000 --- a/charts/stackstate/stackstate-k8s-agent/1.0.76/charts/http-header-injector/Chart.yaml +++ /dev/null @@ -1,15 +0,0 @@ -apiVersion: v2 -appVersion: 0.0.1 -description: 'Helm chart for deploying the http-header-injector sidecar, which automatically - injects x-request-id into http traffic going through the cluster for pods which - have the annotation `http-header-injector.stackstate.io/inject: enabled` is set. ' -home: https://github.com/StackVista/http-header-injector -icon: https://www.stackstate.com/wp-content/uploads/2019/02/152x152-favicon.png -keywords: -- monitoring -- stackstate -maintainers: -- email: ops@stackstate.com - name: Stackstate Lupulus Team -name: http-header-injector -version: 0.0.8 diff --git a/charts/stackstate/stackstate-k8s-agent/1.0.76/charts/http-header-injector/README.md b/charts/stackstate/stackstate-k8s-agent/1.0.76/charts/http-header-injector/README.md deleted file mode 100644 index 33e6bedf7..000000000 --- a/charts/stackstate/stackstate-k8s-agent/1.0.76/charts/http-header-injector/README.md +++ /dev/null @@ -1,54 +0,0 @@ -# http-header-injector - -![Version: 0.0.7](https://img.shields.io/badge/Version-0.0.7-informational?style=flat-square) ![AppVersion: 0.0.1](https://img.shields.io/badge/AppVersion-0.0.1-informational?style=flat-square) - -Helm chart for deploying the http-header-injector sidecar, which automatically injects x-request-id into http traffic -going through the cluster for pods which have the annotation `http-header-injector.stackstate.io/inject: enabled` is set. - -**Homepage:** - -## Maintainers - -| Name | Email | Url | -| ---- | ------ | --- | -| Stackstate Lupulus Team | | | - -## Values - -| Key | Type | Default | Description | -|-----|------|---------|-------------| -| certificatePrehook | object | `{"image":{"pullPolicy":"IfNotPresent","registry":null,"repository":"stackstate/container-tools","tag":"1.2.0"}}` | Helm prehook to setup/remove a certificate for the sidecarInjector mutationwebhook | -| certificatePrehook.image.pullPolicy | string | `"IfNotPresent"` | Policy when pulling an image | -| certificatePrehook.image.registry | string | `nil` | Registry for the docker image. | -| certificatePrehook.image.tag | string | `"1.2.0"` | The tag for the docker image | -| debug | bool | `false` | Enable debugging. This will leave leave artifacts around like the prehook jobs for further inspection | -| enabled | bool | `true` | Enable/disable the mutationwebhook | -| global.imagePullCredentials | object | `{}` | Globally define credentials for pulling images. | -| global.imagePullSecrets | list | `[]` | Globally add image pull secrets that are used. | -| global.imageRegistry | string | `nil` | Globally override the image registry that is used. Can be overridden by specific containers. Defaults to quay.io | -| images.pullSecretName | string | `nil` | | -| proxy | object | `{"image":{"pullPolicy":"IfNotPresent","registry":null,"repository":"stackstate/http-header-injector-proxy","tag":"sha-5ff79451"},"resources":{"limits":{"memory":"40Mi"},"requests":{"memory":"25Mi"}}}` | Proxy being injected into pods for rewriting http headers | -| proxy.image.pullPolicy | string | `"IfNotPresent"` | Policy when pulling an image | -| proxy.image.registry | string | `nil` | Registry for the docker image. | -| proxy.image.tag | string | `"sha-5ff79451"` | The tag for the docker image | -| proxy.resources.limits.memory | string | `"40Mi"` | Memory resource limits. | -| proxy.resources.requests.memory | string | `"25Mi"` | Memory resource requests. | -| proxyInit | object | `{"image":{"pullPolicy":"IfNotPresent","registry":null,"repository":"stackstate/http-header-injector-proxy-init","tag":"sha-5ff79451"}}` | InitContainer within pod which redirects traffic to the proxy container. | -| proxyInit.image.pullPolicy | string | `"IfNotPresent"` | Policy when pulling an image | -| proxyInit.image.registry | string | `nil` | Registry for the docker image | -| proxyInit.image.tag | string | `"sha-5ff79451"` | The tag for the docker image | -| sidecarInjector | object | `{"image":{"pullPolicy":"IfNotPresent","registry":null,"repository":"stackstate/generic-sidecar-injector","tag":"sha-9c852245"}}` | Service for injecting the proxy sidecar into pods | -| sidecarInjector.image.pullPolicy | string | `"IfNotPresent"` | Policy when pulling an image | -| sidecarInjector.image.registry | string | `nil` | Registry for the docker image. | -| sidecarInjector.image.tag | string | `"sha-9c852245"` | The tag for the docker image | -| webhook | object | `{"failurePolicy":"Ignore","tls":{"certManager":{"issuer":"","issuerKind":"ClusterIssuer","issuerNamespace":""},"mode":"generated","provided":{"caBundle":"","crt":"","key":""},"secret":{"name":""}}}` | MutationWebhook that will be installed to inject a sidecar into pods | -| webhook.failurePolicy | string | `"Ignore"` | How should the webhook fail? Best is to use Ignore, because there is a brief moment at initialization when the hook s there but the service not. Also, putting this to fail can cause the control plane be unresponsive. | -| webhook.tls.certManager.issuer | string | `""` | The issuer that is used for the webhook. Only used if you set webhook.tls.mode to "cert-manager". | -| webhook.tls.certManager.issuerKind | string | `"ClusterIssuer"` | The issuer kind that is used for the webhook, valid values are "Issuer" or "ClusterIssuer". Only used if you set webhook.tls.mode to "cert-manager". | -| webhook.tls.certManager.issuerNamespace | string | `""` | The namespace the cert-manager issuer is located in. If left empty defaults to the release's namespace that is used for the webhook. Only used if you set webhook.tls.mode to "cert-manager". | -| webhook.tls.mode | string | `"generated"` | The mode for the webhook. Can be "provided", "generated", "secret" or "cert-manager". If you want to use cert-manager, you need to install it first. NOTE: If you choose "generated", additional privileges are required to create the certificate and webhook at runtime. | -| webhook.tls.provided.caBundle | string | `""` | The caBundle that is used for the webhook. This is the certificate that is used to sign the webhook. Only used if you set webhook.tls.mode to "provided". | -| webhook.tls.provided.crt | string | `""` | The certificate that is used for the webhook. Only used if you set webhook.tls.mode to "provided". | -| webhook.tls.provided.key | string | `""` | The key that is used for the webhook. Only used if you set webhook.tls.mode to "provided". | -| webhook.tls.secret.name | string | `""` | The name of the secret containing the pre-provisioned certificate data that is used for the webhook. Only used if you set webhook.tls.mode to "secret". | - diff --git a/charts/stackstate/stackstate-k8s-agent/1.0.76/charts/http-header-injector/Readme.md.gotpl b/charts/stackstate/stackstate-k8s-agent/1.0.76/charts/http-header-injector/Readme.md.gotpl deleted file mode 100644 index 225032aa2..000000000 --- a/charts/stackstate/stackstate-k8s-agent/1.0.76/charts/http-header-injector/Readme.md.gotpl +++ /dev/null @@ -1,26 +0,0 @@ -{{ template "chart.header" . }} -{{ template "chart.description" . }} - -Current chart version is `{{ template "chart.version" . }}` - -{{ template "chart.homepageLine" . }} - -{{ template "chart.requirementsSection" . }} - -## Required Values - -No values have to be included to install this chart. After installing this chart, it becomes possible to annotate pods with -the `http-header-injector.stackstate.io/inject: enabled` annotation to make sure the sidecar provided by this chart is -activated on a pod. - -## Recommended Values - -{{ template "chart.valuesSection" . -}} - -## Install - -Install from the command line on Helm with the following command: - -```shell -helm install stackstate/http-header-injector -``` diff --git a/charts/stackstate/stackstate-k8s-agent/1.0.76/charts/http-header-injector/templates/_defines.tpl b/charts/stackstate/stackstate-k8s-agent/1.0.76/charts/http-header-injector/templates/_defines.tpl deleted file mode 100644 index a3614d755..000000000 --- a/charts/stackstate/stackstate-k8s-agent/1.0.76/charts/http-header-injector/templates/_defines.tpl +++ /dev/null @@ -1,113 +0,0 @@ -{{- define "http-header-injector.app.name" -}} -{{ .Release.Name }}-http-header-injector -{{- end -}} - -{{- define "http-header-injector.webhook-service.name" -}} -{{ .Release.Name }}-http-header-injector -{{- end -}} - -{{- define "http-header-injector.webhook-service.fqname" -}} -{{ .Release.Name }}-http-header-injector.{{ .Release.Namespace }}.svc -{{- end -}} - -{{- define "http-header-injector.cert-secret.name" -}} -{{- if eq .Values.webhook.tls.mode "secret" -}} -{{ .Values.webhook.tls.secret.name }} -{{- else -}} -{{ .Release.Name }}-http-injector-cert -{{- end -}} -{{- end -}} - -{{- define "http-header-injector.cert-clusterrole.name" -}} -{{ .Release.Name }}-http-injector-cert-cluster-role -{{- end -}} - -{{- define "http-header-injector.cert-serviceaccount.name" -}} -{{ .Release.Name }}-http-injector-cert-sa -{{- end -}} - -{{- define "http-header-injector.cert-config.name" -}} -{{ .Release.Name }}-cert-config -{{- end -}} - -{{- define "http-header-injector.mutatingwebhookconfiguration.name" -}} -{{ .Release.Name }}-http-header-injector-webhook.stackstate.io -{{- end -}} - -{{- define "http-header-injector.webhook-config.name" -}} -{{ .Release.Name }}-http-header-injector-config -{{- end -}} - -{{- define "http-header-injector.mutating-webhook.name" -}} -{{ .Release.Name }}-http-header-injector-webhook -{{- end -}} - -{{- define "http-header-injector.pull-secret.name" -}} -{{ include "http-header-injector.app.name" . }}-pull-secret -{{- end -}} - -{{/* If the issuer is located in a different namespace, it is possible to set that, else default to the release namespace */}} -{{- define "cert-manager.certificate.namespace" -}} -{{ .Values.webhook.tls.certManager.issuerNamespace | default .Release.Namespace }} -{{- end -}} - -{{- define "http-header-injector.image.registry.global" -}} - {{- if .Values.global }} - {{- .Values.global.imageRegistry | default "quay.io" -}} - {{- else -}} - quay.io - {{- end -}} -{{- end -}} - -{{- define "http-header-injector.image.registry" -}} - {{- if ((.ContainerConfig).image).registry -}} - {{- tpl .ContainerConfig.image.registry . -}} - {{- else -}} - {{- include "http-header-injector.image.registry.global" . }} - {{- end -}} -{{- end -}} - -{{- define "http-header-injector.image.pullSecrets" -}} - {{- $pullSecrets := list }} - {{- $pullSecrets = append $pullSecrets (include "http-header-injector.pull-secret.name" .) }} - {{- range .Values.global.imagePullSecrets -}} - {{- $pullSecrets = append $pullSecrets . -}} - {{- end -}} - {{- if (not (empty $pullSecrets)) -}} -imagePullSecrets: - {{- range $pullSecrets | uniq }} - - name: {{ . }} - {{- end }} - {{- end -}} -{{- end -}} - -{{- define "http-header-injector.cert-setup.container.main" }} -{{- $containerConfig := dict "ContainerConfig" .Values.certificatePrehook -}} -name: webhook-cert-setup -image: "{{ include "http-header-injector.image.registry" (merge $containerConfig .) }}/{{ .Values.certificatePrehook.image.repository }}:{{ .Values.certificatePrehook.image.tag }}" -imagePullPolicy: {{ .Values.certificatePrehook.image.pullPolicy }} -{{- with .Values.certificatePrehook.resources }} -resources: - {{- toYaml . | nindent 2 }} -{{- end }} -volumeMounts: - - name: "{{ include "http-header-injector.cert-config.name" . }}" - mountPath: /scripts - readOnly: true -command: ["/scripts/generate-cert.sh"] -{{- end }} - -{{- define "http-header-injector.cert-delete.container.main" }} -{{- $containerConfig := dict "ContainerConfig" .Values.certificatePrehook -}} -name: webhook-cert-delete -image: "{{ include "http-header-injector.image.registry" (merge $containerConfig .) }}/{{ .Values.certificatePrehook.image.repository }}:{{ .Values.certificatePrehook.image.tag }}" -imagePullPolicy: {{ .Values.certificatePrehook.image.pullPolicy }} -{{- with .Values.certificatePrehook.resources }} -resources: - {{- toYaml . | nindent 2 }} -{{- end }} -volumeMounts: - - name: "{{ include "http-header-injector.cert-config.name" . }}" - mountPath: /scripts -command: [ "/scripts/delete-cert.sh" ] -{{- end }} \ No newline at end of file diff --git a/charts/stackstate/stackstate-k8s-agent/1.0.76/charts/http-header-injector/templates/cert-hook-clusterrolbinding.yaml b/charts/stackstate/stackstate-k8s-agent/1.0.76/charts/http-header-injector/templates/cert-hook-clusterrolbinding.yaml deleted file mode 100644 index fb804f729..000000000 --- a/charts/stackstate/stackstate-k8s-agent/1.0.76/charts/http-header-injector/templates/cert-hook-clusterrolbinding.yaml +++ /dev/null @@ -1,22 +0,0 @@ -{{- if eq .Values.webhook.tls.mode "generated" }} -apiVersion: rbac.authorization.k8s.io/v1 -kind: ClusterRoleBinding -metadata: - name: "{{ include "http-header-injector.cert-serviceaccount.name" . }}" - labels: - app.kubernetes.io/component: http-header-injector-cert-hook - app.kubernetes.io/instance: {{ .Release.Name }} - app.kubernetes.io/name: {{ include "http-header-injector.app.name" . }} - annotations: - "helm.sh/hook": pre-install,pre-upgrade,post-delete,post-upgrade - "helm.sh/hook-weight": "-3" - "helm.sh/hook-delete-policy": before-hook-creation,hook-succeeded -roleRef: - apiGroup: rbac.authorization.k8s.io - kind: ClusterRole - name: "{{ include "http-header-injector.cert-clusterrole.name" . }}" -subjects: - - kind: ServiceAccount - name: "{{ include "http-header-injector.cert-serviceaccount.name" . }}" - namespace: {{ .Release.Namespace }} -{{- end }} diff --git a/charts/stackstate/stackstate-k8s-agent/1.0.76/charts/http-header-injector/templates/cert-hook-clusterrole.yaml b/charts/stackstate/stackstate-k8s-agent/1.0.76/charts/http-header-injector/templates/cert-hook-clusterrole.yaml deleted file mode 100644 index 595ae5c1b..000000000 --- a/charts/stackstate/stackstate-k8s-agent/1.0.76/charts/http-header-injector/templates/cert-hook-clusterrole.yaml +++ /dev/null @@ -1,24 +0,0 @@ -{{- if eq .Values.webhook.tls.mode "generated" }} -apiVersion: rbac.authorization.k8s.io/v1 -kind: ClusterRole -metadata: - name: "{{ include "http-header-injector.cert-clusterrole.name" . }}" - labels: - app.kubernetes.io/component: http-header-injector-cert-hook - app.kubernetes.io/instance: {{ .Release.Name }} - app.kubernetes.io/name: {{ include "http-header-injector.app.name" . }} - annotations: - "helm.sh/hook": pre-install,pre-upgrade,post-delete,post-upgrade - "helm.sh/hook-weight": "-4" - "helm.sh/hook-delete-policy": before-hook-creation,hook-succeeded -rules: - - apiGroups: [ "admissionregistration.k8s.io" ] - resources: [ "mutatingwebhookconfigurations" ] - verbs: [ "get", "create", "patch","update","delete" ] - - apiGroups: [ "" ] - resources: [ "secrets" ] - verbs: [ "create", "get", "patch","update","delete" ] - - apiGroups: [ "apps" ] - resources: [ "deployments" ] - verbs: [ "get" ] -{{- end }} diff --git a/charts/stackstate/stackstate-k8s-agent/1.0.76/charts/http-header-injector/templates/cert-hook-config.yaml b/charts/stackstate/stackstate-k8s-agent/1.0.76/charts/http-header-injector/templates/cert-hook-config.yaml deleted file mode 100644 index b0c5f22fd..000000000 --- a/charts/stackstate/stackstate-k8s-agent/1.0.76/charts/http-header-injector/templates/cert-hook-config.yaml +++ /dev/null @@ -1,152 +0,0 @@ -{{- if eq .Values.webhook.tls.mode "generated" }} -apiVersion: v1 -kind: ConfigMap -metadata: - name: "{{ include "http-header-injector.cert-config.name" . }}" - labels: - app.kubernetes.io/component: http-header-injector-cert-hook - app.kubernetes.io/instance: {{ .Release.Name }} - app.kubernetes.io/name: {{ include "http-header-injector.app.name" . }} - annotations: - "helm.sh/hook": pre-install,pre-upgrade,post-delete,post-upgrade - "helm.sh/hook-weight": "-3" - "helm.sh/hook-delete-policy": before-hook-creation,hook-succeeded -data: - generate-cert.sh: | - #!/bin/bash - - # We are going for a self-signed certificate here. We would like to use k8s CertificateSigningRequest, however, - # currently there are no out of the box signers that can sign a 'server auth' certificate, which is required for mutation webhooks. - set -ex - - SCRIPTDIR="${BASH_SOURCE%/*}" - - DIR=`mktemp -d` - - cd "$DIR" - - {{ if .Values.enabled }} - echo "Chart enabled, creating secret and webhook" - - openssl genrsa -out ca.key 2048 - - openssl req -x509 -new -nodes -key ca.key -subj "/CN={{ include "http-header-injector.webhook-service.fqname" . }}" -days 10000 -out ca.crt - - openssl genrsa -out tls.key 2048 - - openssl req -new -key tls.key -out tls.csr -config "$SCRIPTDIR/csr.conf" - - openssl x509 -req -in tls.csr -CA ca.crt -CAkey ca.key \ - -CAcreateserial -out tls.crt -days 10000 \ - -extensions v3_ext -extfile "$SCRIPTDIR/csr.conf" -sha256 - - # Create or update the secret - echo "Applying secret" - kubectl create secret tls "{{ include "http-header-injector.cert-secret.name" . }}" \ - -n "{{ .Release.Namespace }}" \ - --cert=./tls.crt \ - --key=./tls.key \ - --dry-run=client \ - -o yaml | kubectl apply -f - - - echo "Applying mutationwebhook" - caBundle=`base64 -w 0 ca.crt` - cat "$SCRIPTDIR/mutatingwebhookconfiguration.yaml" | sed "s/\\\$CA_BUNDLE/$caBundle/g" | kubectl apply -f - - {{ else }} - echo "Chart disabled, not creating secret and webhook" - {{ end }} - delete-cert.sh: | - #!/bin/bash - - set -x - - DIR="${BASH_SOURCE%/*}" - if [[ ! -d "$DIR" ]]; then DIR="$PWD"; fi - if [[ "$DIR" = "." ]]; then DIR="$PWD"; fi - - cd "$DIR" - - # Using detection of deployment hee to also make this work in post-delete. - if kubectl get deployments "{{ include "http-header-injector.app.name" . }}" -n "{{ .Release.Namespace }}"; then - echo "Chart enabled, not removing secret and mutationwebhook" - exit 0 - else - echo "Chart disabled, removing secret and mutationwebhook" - fi - - # Create or update the secret - echo "Deleting secret" - kubectl delete secret "{{ include "http-header-injector.cert-secret.name" . }}" -n "{{ .Release.Namespace }}" - - echo "Applying mutationwebhook" - kubectl delete MutatingWebhookConfiguration "{{ include "http-header-injector.mutating-webhook.name" . }}" -n "{{ .Release.Namespace }}" - - exit 0 - - csr.conf: | - [ req ] - default_bits = 2048 - prompt = no - default_md = sha256 - req_extensions = req_ext - distinguished_name = dn - - [ dn ] - C = NL - ST = Utrecht - L = Hilversum - O = StackState - OU = Dev - CN = {{ include "http-header-injector.webhook-service.fqname" . }} - - [ req_ext ] - subjectAltName = @alt_names - - [ alt_names ] - DNS.1 = {{ include "http-header-injector.webhook-service.fqname" . }} - - [ v3_ext ] - authorityKeyIdentifier=keyid,issuer:always - basicConstraints=CA:FALSE - keyUsage=keyEncipherment,dataEncipherment - extendedKeyUsage=serverAuth - subjectAltName=@alt_names - - mutatingwebhookconfiguration.yaml: | - apiVersion: admissionregistration.k8s.io/v1 - kind: MutatingWebhookConfiguration - metadata: - name: "{{ include "http-header-injector.mutating-webhook.name" . }}" - namespace: "{{ .Release.Namespace }}" - webhooks: - - clientConfig: - caBundle: "$CA_BUNDLE" - service: - name: "{{ include "http-header-injector.webhook-service.name" . }}" - path: /mutate - namespace: {{ .Release.Namespace }} - port: 8443 - # Putting failure on ignore, not doing so can crash the entire control plane if something goes wrong with the service. - failurePolicy: "{{ .Values.webhook.failurePolicy }}" - name: "{{ include "http-header-injector.mutatingwebhookconfiguration.name" . }}" - namespaceSelector: - matchExpressions: - - key: kubernetes.io/metadata.name - operator: NotIn - values: - - kube-system - - cert-manager - - {{ .Release.Namespace }} - rules: - - apiGroups: - - "" - apiVersions: - - v1 - operations: - - CREATE - resources: - - pods - sideEffects: None - admissionReviewVersions: - - v1 -{{- end }} diff --git a/charts/stackstate/stackstate-k8s-agent/1.0.76/charts/http-header-injector/templates/cert-hook-job-delete.yaml b/charts/stackstate/stackstate-k8s-agent/1.0.76/charts/http-header-injector/templates/cert-hook-job-delete.yaml deleted file mode 100644 index 1e67e5a45..000000000 --- a/charts/stackstate/stackstate-k8s-agent/1.0.76/charts/http-header-injector/templates/cert-hook-job-delete.yaml +++ /dev/null @@ -1,35 +0,0 @@ -{{- if eq .Values.webhook.tls.mode "generated" }} -apiVersion: batch/v1 -kind: Job -metadata: - name: {{ .Release.Name }}-header-injector-cert-delete - labels: - app.kubernetes.io/component: http-header-injector-cert-hook-delete - app.kubernetes.io/instance: {{ .Release.Name }} - app.kubernetes.io/name: {{ include "http-header-injector.app.name" . }} - annotations: - "helm.sh/hook": post-delete,post-upgrade - "helm.sh/hook-weight": "-2" - "helm.sh/hook-delete-policy": before-hook-creation{{- if not .Values.debug -}},hook-succeeded{{- end }} -spec: - template: - metadata: - labels: - app.kubernetes.io/component: http-header-injector-delete - app.kubernetes.io/instance: {{ .Release.Name }} - app.kubernetes.io/name: {{ include "http-header-injector.app.name" . }} - annotations: - checksum/config: {{ include (print $.Template.BasePath "/cert-hook-config.yaml") . | sha256sum }} - spec: - serviceAccountName: "{{ include "http-header-injector.cert-serviceaccount.name" . }}" - {{- include "http-header-injector.image.pullSecrets" . | nindent 6 }} - volumes: - - name: "{{ include "http-header-injector.cert-config.name" . }}" - configMap: - name: "{{ include "http-header-injector.cert-config.name" . }}" - defaultMode: 0777 - containers: - - {{ include "http-header-injector.cert-delete.container.main" . | nindent 8 }} - restartPolicy: Never - backoffLimit: 0 -{{- end }} diff --git a/charts/stackstate/stackstate-k8s-agent/1.0.76/charts/http-header-injector/templates/cert-hook-job-setup.yaml b/charts/stackstate/stackstate-k8s-agent/1.0.76/charts/http-header-injector/templates/cert-hook-job-setup.yaml deleted file mode 100644 index 19451d293..000000000 --- a/charts/stackstate/stackstate-k8s-agent/1.0.76/charts/http-header-injector/templates/cert-hook-job-setup.yaml +++ /dev/null @@ -1,35 +0,0 @@ -{{- if eq .Values.webhook.tls.mode "generated" }} -apiVersion: batch/v1 -kind: Job -metadata: - name: {{ .Release.Name }}-header-injector-cert-setup - labels: - app.kubernetes.io/component: http-header-injector-cert-hook-setup - app.kubernetes.io/instance: {{ .Release.Name }} - app.kubernetes.io/name: {{ include "http-header-injector.app.name" . }} - annotations: - "helm.sh/hook": pre-install,pre-upgrade - "helm.sh/hook-weight": "-2" - "helm.sh/hook-delete-policy": before-hook-creation{{- if not .Values.debug -}},hook-succeeded{{- end }} -spec: - template: - metadata: - labels: - app.kubernetes.io/component: http-header-injector-setup - app.kubernetes.io/instance: {{ .Release.Name }} - app.kubernetes.io/name: {{ include "http-header-injector.app.name" . }} - annotations: - checksum/config: {{ include (print $.Template.BasePath "/cert-hook-config.yaml") . | sha256sum }} - spec: - serviceAccountName: "{{ include "http-header-injector.cert-serviceaccount.name" . }}" - {{- include "http-header-injector.image.pullSecrets" . | nindent 6 }} - volumes: - - name: "{{ include "http-header-injector.cert-config.name" . }}" - configMap: - name: "{{ include "http-header-injector.cert-config.name" . }}" - defaultMode: 0777 - containers: - - {{ include "http-header-injector.cert-setup.container.main" . | nindent 8 }} - restartPolicy: Never - backoffLimit: 0 -{{- end }} diff --git a/charts/stackstate/stackstate-k8s-agent/1.0.76/charts/http-header-injector/templates/cert-hook-serviceaccount.yaml b/charts/stackstate/stackstate-k8s-agent/1.0.76/charts/http-header-injector/templates/cert-hook-serviceaccount.yaml deleted file mode 100644 index 4d6931b05..000000000 --- a/charts/stackstate/stackstate-k8s-agent/1.0.76/charts/http-header-injector/templates/cert-hook-serviceaccount.yaml +++ /dev/null @@ -1,16 +0,0 @@ -{{- if eq .Values.webhook.tls.mode "generated" }} -apiVersion: v1 -kind: ServiceAccount -metadata: - name: "{{ include "http-header-injector.cert-serviceaccount.name" . }}" - namespace: {{ .Release.Namespace }} - annotations: - "helm.sh/hook": pre-install,pre-upgrade,post-delete,post-upgrade - "helm.sh/hook-weight": "-4" - "helm.sh/hook-delete-policy": before-hook-creation,hook-succeeded - labels: - app.kubernetes.io/component: http-header-injector-cert-hook - app.kubernetes.io/instance: {{ .Release.Name }} - app.kubernetes.io/name: {{ include "http-header-injector.app.name" . }} - app: "{{ include "http-header-injector.app.name" . }}" -{{- end }} diff --git a/charts/stackstate/stackstate-k8s-agent/1.0.76/charts/http-header-injector/templates/pull-secret.yaml b/charts/stackstate/stackstate-k8s-agent/1.0.76/charts/http-header-injector/templates/pull-secret.yaml deleted file mode 100644 index 5dc48d931..000000000 --- a/charts/stackstate/stackstate-k8s-agent/1.0.76/charts/http-header-injector/templates/pull-secret.yaml +++ /dev/null @@ -1,29 +0,0 @@ -{{- $defaultRegistry := .Values.global.imageRegistry }} -{{- $top := . }} -{{- $registryAuthMap := dict }} - -{{- range $registry, $credentials := .Values.global.imagePullCredentials }} - {{- $registryAuthDocument := dict -}} - {{- $_ := set $registryAuthDocument "username" $credentials.username }} - {{- $_ := set $registryAuthDocument "password" $credentials.password }} - {{- $authMessage := printf "%s:%s" $registryAuthDocument.username $registryAuthDocument.password | b64enc }} - {{- $_ := set $registryAuthDocument "auth" $authMessage }} - {{- if eq $registry "default" }} - {{- $registryAuthMap := set $registryAuthMap (include "http-header-injector.image.registry.global" $top) $registryAuthDocument }} - {{ else }} - {{- $registryAuthMap := set $registryAuthMap $registry $registryAuthDocument }} - {{- end }} -{{- end }} -{{- $dockerAuthsDocuments := dict "auths" $registryAuthMap }} - -apiVersion: v1 -kind: Secret -metadata: - labels: - app.kubernetes.io/component: http-header-injector - app.kubernetes.io/instance: {{ .Release.Name }} - app.kubernetes.io/name: {{ include "http-header-injector.app.name" . }} - name: {{ include "http-header-injector.pull-secret.name" . }} -data: - .dockerconfigjson: {{ $dockerAuthsDocuments | toJson | b64enc | quote }} -type: kubernetes.io/dockerconfigjson \ No newline at end of file diff --git a/charts/stackstate/stackstate-k8s-agent/1.0.76/charts/http-header-injector/templates/webhook-cert-secret.yaml b/charts/stackstate/stackstate-k8s-agent/1.0.76/charts/http-header-injector/templates/webhook-cert-secret.yaml deleted file mode 100644 index ba7a216f2..000000000 --- a/charts/stackstate/stackstate-k8s-agent/1.0.76/charts/http-header-injector/templates/webhook-cert-secret.yaml +++ /dev/null @@ -1,15 +0,0 @@ -{{- if eq .Values.webhook.tls.mode "provided" }} -apiVersion: v1 -kind: Secret -metadata: - name: {{ include "http-header-injector.cert-secret.name" . }} - namespace: {{ .Release.Namespace }} - labels: - app.kubernetes.io/component: http-header-injector - app.kubernetes.io/instance: {{ .Release.Name }} - app.kubernetes.io/name: {{ include "http-header-injector.app.name" . }} -type: kubernetes.io/tls -data: - tls.crt: {{ .Values.webhook.tls.provided.crt | b64enc }} - tls.key: {{ .Values.webhook.tls.provided.key | b64enc }} -{{- end }} diff --git a/charts/stackstate/stackstate-k8s-agent/1.0.76/charts/http-header-injector/templates/webhook-certificate.yaml b/charts/stackstate/stackstate-k8s-agent/1.0.76/charts/http-header-injector/templates/webhook-certificate.yaml deleted file mode 100644 index 752132d44..000000000 --- a/charts/stackstate/stackstate-k8s-agent/1.0.76/charts/http-header-injector/templates/webhook-certificate.yaml +++ /dev/null @@ -1,20 +0,0 @@ -{{- if eq .Values.webhook.tls.mode "cert-manager" }} -apiVersion: cert-manager.io/v1 -kind: Certificate -metadata: - name: {{ include "http-header-injector.webhook-service.name" . }} - namespace: {{ include "cert-manager.certificate.namespace" . }} - labels: - app.kubernetes.io/component: http-header-injector - app.kubernetes.io/instance: {{ .Release.Name }} - app.kubernetes.io/name: {{ include "http-header-injector.app.name" . }} -spec: - secretName: {{ include "http-header-injector.cert-secret.name" . }} - issuerRef: - name: {{ .Values.webhook.tls.certManager.issuer }} - kind: {{ .Values.webhook.tls.certManager.issuerKind }} - dnsNames: - - "{{ include "http-header-injector.webhook-service.name" . }}" - - "{{ include "http-header-injector.webhook-service.name" . }}.{{ .Release.Namespace }}" - - "{{ include "http-header-injector.webhook-service.name" . }}.{{ .Release.Namespace }}.svc" -{{- end }} diff --git a/charts/stackstate/stackstate-k8s-agent/1.0.76/charts/http-header-injector/templates/webhook-config.yaml b/charts/stackstate/stackstate-k8s-agent/1.0.76/charts/http-header-injector/templates/webhook-config.yaml deleted file mode 100644 index f611a52e3..000000000 --- a/charts/stackstate/stackstate-k8s-agent/1.0.76/charts/http-header-injector/templates/webhook-config.yaml +++ /dev/null @@ -1,125 +0,0 @@ -{{- if .Values.enabled -}} -{{- $proxyContainerConfig := dict "ContainerConfig" .Values.proxy -}} -{{- $proxyInitContainerConfig := dict "ContainerConfig" .Values.proxyInit -}} -apiVersion: v1 -kind: ConfigMap -metadata: - labels: - app.kubernetes.io/component: http-header-injector - app.kubernetes.io/instance: {{ .Release.Name }} - app.kubernetes.io/name: {{ include "http-header-injector.app.name" . }} - name: {{ .Release.Name }}-http-header-injector-config -data: - sidecarconfig.yaml: | - initContainers: - - name: http-header-proxy-init - image: "{{ include "http-header-injector.image.registry" (merge $proxyInitContainerConfig .) }}/{{ .Values.proxyInit.image.repository }}:{{ .Values.proxyInit.image.tag }}" - imagePullPolicy: {{ .Values.proxyInit.image.pullPolicy }} - command: ["/init-iptables.sh"] - env: - - name: CHART_VERSION - value: "{{ .Chart.Version }}" - - name: PROXY_PORT - value: {% if index .Annotations "config.http-header-injector.stackstate.io/proxy-port" %}"{% index .Annotations "config.http-header-injector.stackstate.io/proxy-port" %}"{% else %}"7060"{% end %} - - name: PROXY_UID - value: {% if index .Annotations "config.http-header-injector.stackstate.io/proxy-uid" %}"{% index .Annotations "config.http-header-injector.stackstate.io/proxy-uid" %}"{% else %}"2103"{% end %} - - name: POD_HOST_NETWORK - value: {% .Spec.HostNetwork %} - {% if eq (index .Annotations "linkerd.io/inject") "enabled" %} - - name: LINKERD - value: true - # Reference: https://linkerd.io/2.13/reference/proxy-configuration/ - - name: LINKERD_PROXY_UID - value: {% if index .Annotations "config.linkerd.io/proxy-uid" %}"{% index .Annotations "config.linkerd.io/proxy-uid" %}"{% else %}"2102"{% end %} - # Due to https://github.com/linkerd/linkerd2/issues/10981 this is now not realy possible, still bringing in the code for future reference - - name: LINKERD_ADMIN_PORT - value: {% if index .Annotations "config.linkerd.io/admin-port" %}"{% index .Annotations "config.linkerd.io/admin-port" %}"{% else %}"4191"{% end %} - {% end %} - securityContext: - allowPrivilegeEscalation: false - capabilities: - add: - - NET_ADMIN - - NET_RAW - privileged: false - readOnlyRootFilesystem: true - runAsNonRoot: false - runAsUser: 0 - seccompProfile: - type: RuntimeDefault - volumeMounts: - # This is required for iptables to be able to run - - mountPath: /run - name: http-header-proxy-init-xtables-lock - - containers: - - name: http-header-proxy - image: "{{ include "http-header-injector.image.registry" (merge $proxyContainerConfig .) }}/{{ .Values.proxy.image.repository }}:{{ .Values.proxy.image.tag }}" - imagePullPolicy: {{ .Values.proxy.image.pullPolicy }} - env: - - name: CHART_VERSION - value: "{{ .Chart.Version }}" - - name: PORT - value: {% if index .Annotations "config.http-header-injector.stackstate.io/proxy-port" %}"{% index .Annotations "config.http-header-injector.stackstate.io/proxy-port" %}"{% else %}"7060"{% end %} - - name: DEBUG - value: {% if index .Annotations "config.http-header-injector.stackstate.io/debug" %}"{% index .Annotations "config.http-header-injector.stackstate.io/debug" %}"{% else %}"disabled"{% end %} - securityContext: - runAsUser: {% if index .Annotations "config.http-header-injector.stackstate.io/proxy-uid" %}{% index .Annotations "config.http-header-injector.stackstate.io/proxy-uid" %}{% else %}2103{% end %} - seccompProfile: - type: RuntimeDefault - {{- with .Values.proxy.resources }} - resources: - {{- toYaml . | nindent 12 }} - {{- end }} - - name: http-header-inject-debug - image: "{{ include "http-header-injector.image.registry" (merge $proxyContainerConfig .) }}/{{ .Values.proxyInit.image.repository }}:{{ .Values.proxyInit.image.tag }}" - imagePullPolicy: {{ .Values.proxyInit.image.pullPolicy }} - command: ["/bin/sh", "-c", "while echo \"Running\"; do sleep 1; done"] - securityContext: - allowPrivilegeEscalation: false - capabilities: - add: - - NET_ADMIN - - NET_RAW - privileged: false - readOnlyRootFilesystem: true - runAsNonRoot: false - runAsUser: 0 - seccompProfile: - type: RuntimeDefault - volumeMounts: - # This is required for iptables to be able to run - - mountPath: /run - name: http-header-proxy-init-xtables-lock - - volumes: - - emptyDir: {} - name: http-header-proxy-init-xtables-lock - - mutationconfig.yaml: | - mutationConfigs: - - name: "http-header-injector" - annotationNamespace: "http-header-injector.stackstate.io" - annotationTrigger: "inject" - annotationConfig: - volumeMounts: [] - initContainersBeforePodInitContainers: [ "http-header-proxy-init" ] - initContainers: [ "http-header-proxy-init" ] - containers: [ "http-header-proxy" ] - volumes: [ "http-header-proxy-init-xtables-lock" ] - volumeMounts: [ ] - # Namespaces are ignored by the mutatingwebhook - ignoreNamespaces: [ ] - - name: "http-header-injector-debug" - annotationNamespace: "http-header-injector-debug.stackstate.io" - annotationTrigger: "inject" - annotationConfig: - volumeMounts: [] - initContainersBeforePodInitContainers: [ ] - initContainers: [ ] - containers: [ "http-header-inject-debug" ] - volumes: [ "http-header-proxy-init-xtables-lock" ] - volumeMounts: [ ] - # Namespaces are ignored by the mutatingwebhook - ignoreNamespaces: [ ] - {{- end -}} \ No newline at end of file diff --git a/charts/stackstate/stackstate-k8s-agent/1.0.76/charts/http-header-injector/templates/webhook-deployment.yaml b/charts/stackstate/stackstate-k8s-agent/1.0.76/charts/http-header-injector/templates/webhook-deployment.yaml deleted file mode 100644 index e885d0e46..000000000 --- a/charts/stackstate/stackstate-k8s-agent/1.0.76/charts/http-header-injector/templates/webhook-deployment.yaml +++ /dev/null @@ -1,56 +0,0 @@ -{{- if .Values.enabled -}} -{{- $containerConfig := dict "ContainerConfig" .Values.sidecarInjector -}} -apiVersion: apps/v1 -kind: Deployment -metadata: - labels: - app.kubernetes.io/component: http-header-injector - app.kubernetes.io/instance: {{ .Release.Name }} - app.kubernetes.io/name: {{ include "http-header-injector.app.name" . }} - app: "{{ include "http-header-injector.app.name" . }}" - name: "{{ include "http-header-injector.app.name" . }}" -spec: - replicas: 1 - selector: - matchLabels: - app: "{{ include "http-header-injector.app.name" . }}" - template: - metadata: - labels: - app.kubernetes.io/component: http-header-injector - app.kubernetes.io/instance: {{ .Release.Name }} - app.kubernetes.io/name: {{ include "http-header-injector.app.name" . }} - app: "{{ include "http-header-injector.app.name" . }}" - annotations: - checksum/config: {{ include (print $.Template.BasePath "/webhook-config.yaml") . | sha256sum }} - # This is here to make sure the generic injector gets restarted and picks up a new secret that may have been generated upon upgrade. - revision: "{{ .Release.Revision }}" - name: "{{ include "http-header-injector.app.name" . }}" - spec: - {{- include "http-header-injector.image.pullSecrets" . | nindent 6 }} - volumes: - - name: "{{ include "http-header-injector.webhook-config.name" . }}" - configMap: - name: "{{ include "http-header-injector.webhook-config.name" . }}" - - name: "{{ include "http-header-injector.cert-secret.name" . }}" - secret: - secretName: "{{ include "http-header-injector.cert-secret.name" . }}" - containers: - - image: "{{ include "http-header-injector.image.registry" (merge $containerConfig .) }}/{{ .Values.sidecarInjector.image.repository }}:{{ .Values.sidecarInjector.image.tag }}" - imagePullPolicy: {{ .Values.sidecarInjector.image.pullPolicy }} - name: http-header-injector - volumeMounts: - - name: "{{ include "http-header-injector.webhook-config.name" . }}" - mountPath: /etc/webhook/config - readOnly: true - - name: "{{ include "http-header-injector.cert-secret.name" . }}" - mountPath: /etc/webhook/certs - readOnly: true - command: [ "/sidecarinjector" ] - args: - - --port=8443 - - --sidecar-config-file=/etc/webhook/config/sidecarconfig.yaml - - --mutation-config-file=/etc/webhook/config/mutationconfig.yaml - - --cert-file-path=/etc/webhook/certs/tls.crt - - --key-file-path=/etc/webhook/certs/tls.key -{{- end -}} \ No newline at end of file diff --git a/charts/stackstate/stackstate-k8s-agent/1.0.76/charts/http-header-injector/templates/webhook-mutatingwebhookconfiguration.yaml b/charts/stackstate/stackstate-k8s-agent/1.0.76/charts/http-header-injector/templates/webhook-mutatingwebhookconfiguration.yaml deleted file mode 100644 index 32d58afde..000000000 --- a/charts/stackstate/stackstate-k8s-agent/1.0.76/charts/http-header-injector/templates/webhook-mutatingwebhookconfiguration.yaml +++ /dev/null @@ -1,52 +0,0 @@ -{{- if not (eq .Values.webhook.tls.mode "generated") }} -apiVersion: admissionregistration.k8s.io/v1 -kind: MutatingWebhookConfiguration -metadata: - name: "{{ include "http-header-injector.mutating-webhook.name" . }}" - namespace: "{{ .Release.Namespace }}" - labels: - app.kubernetes.io/component: http-header-injector - app.kubernetes.io/instance: {{ .Release.Name }} - app.kubernetes.io/name: {{ include "http-header-injector.app.name" . }} - annotations: - {{- if eq .Values.webhook.tls.mode "cert-manager" }} - cert-manager.io/inject-ca-from: {{ include "cert-manager.certificate.namespace" . }}/{{ include "http-header-injector.webhook-service.name" . }} - {{- else if eq .Values.webhook.tls.mode "secret" }} - cert-manager.io/inject-ca-from-secret: {{ .Release.Namespace }}/{{ .Values.webhook.tls.secret.name | required "'webhook.tls.secret.name' is required when webhook.tls.mode is 'secret'" }} - {{- end }} -webhooks: - - clientConfig: - {{- if eq .Values.webhook.tls.mode "provided" }} - caBundle: "{{ .Values.webhook.tls.provided.caBundle | b64enc }}" - {{- else if or (eq .Values.webhook.tls.mode "cert-manager") (eq .Values.webhook.tls.mode "secret") }} - caBundle: "" - {{- end }} - service: - name: "{{ include "http-header-injector.webhook-service.name" . }}" - path: /mutate - namespace: {{ .Release.Namespace }} - port: 8443 - # Putting failure on ignore, not doing so can crash the entire control plane if something goes wrong with the service. - failurePolicy: "{{ .Values.webhook.failurePolicy }}" - name: "{{ include "http-header-injector.mutatingwebhookconfiguration.name" . }}" - namespaceSelector: - matchExpressions: - - key: kubernetes.io/metadata.name - operator: NotIn - values: - - kube-system - - cert-manager - - {{ .Release.Namespace }} - rules: - - apiGroups: - - "" - apiVersions: - - v1 - operations: - - CREATE - resources: - - pods - sideEffects: None - admissionReviewVersions: - - v1 -{{- end }} diff --git a/charts/stackstate/stackstate-k8s-agent/1.0.76/charts/http-header-injector/templates/webhook-service.yaml b/charts/stackstate/stackstate-k8s-agent/1.0.76/charts/http-header-injector/templates/webhook-service.yaml deleted file mode 100644 index 6936a5d23..000000000 --- a/charts/stackstate/stackstate-k8s-agent/1.0.76/charts/http-header-injector/templates/webhook-service.yaml +++ /dev/null @@ -1,17 +0,0 @@ -{{- if .Values.enabled -}} -apiVersion: v1 -kind: Service -metadata: - labels: - app.kubernetes.io/component: http-header-injector - app.kubernetes.io/instance: {{ .Release.Name }} - app.kubernetes.io/name: {{ include "http-header-injector.app.name" . }} - name: "{{ include "http-header-injector.webhook-service.name" . }}" -spec: - ports: - - port: 8443 - protocol: TCP - targetPort: 8443 - selector: - app: "{{ include "http-header-injector.app.name" . }}" -{{- end -}} diff --git a/charts/stackstate/stackstate-k8s-agent/1.0.76/charts/http-header-injector/values.yaml b/charts/stackstate/stackstate-k8s-agent/1.0.76/charts/http-header-injector/values.yaml deleted file mode 100644 index b7ed95b53..000000000 --- a/charts/stackstate/stackstate-k8s-agent/1.0.76/charts/http-header-injector/values.yaml +++ /dev/null @@ -1,105 +0,0 @@ -# enabled -- Enable/disable the mutationwebhook -enabled: true - -# debug -- Enable debugging. This will leave leave artifacts around like the prehook jobs for further inspection -debug: false - -global: - # global.imageRegistry -- Globally override the image registry that is used. Can be overridden by specific containers. Defaults to quay.io - imageRegistry: null - # global.imagePullSecrets -- Globally add image pull secrets that are used. - imagePullSecrets: [] - # global.imagePullCredentials -- Globally define credentials for pulling images. - imagePullCredentials: {} - -images: - pullSecretName: - -# proxy -- Proxy being injected into pods for rewriting http headers -proxy: - image: - # proxy.image.registry -- Registry for the docker image. - registry: - # proxy.image.repository - Repository for the docker image - repository: "stackstate/http-header-injector-proxy" - # proxy.image.pullPolicy -- Policy when pulling an image - pullPolicy: IfNotPresent - # proxy.image.tag -- The tag for the docker image - tag: sha-5ff79451 - - # proxy.resource -- Resources for the proxy container - resources: - requests: - # proxy.resources.requests.memory -- Memory resource requests. - memory: "25Mi" - limits: - # proxy.resources.limits.memory -- Memory resource limits. - memory: "40Mi" - -# proxyInit -- InitContainer within pod which redirects traffic to the proxy container. -proxyInit: - image: - # proxyInit.image.registry -- Registry for the docker image - registry: - # proxyInit.image.repository - Repository for the docker image - repository: "stackstate/http-header-injector-proxy-init" - # proxyInit.image.pullPolicy -- Policy when pulling an image - pullPolicy: IfNotPresent - # proxyInit.image.tag -- The tag for the docker image - tag: sha-5ff79451 - -# sidecarInjector -- Service for injecting the proxy sidecar into pods -sidecarInjector: - image: - # sidecarInjector.image.registry -- Registry for the docker image. - registry: - # sidecarInjector.image.repository - Repository for the docker image - repository: "stackstate/generic-sidecar-injector" - # sidecarInjector.image.pullPolicy -- Policy when pulling an image - pullPolicy: IfNotPresent - # sidecarInjector.image.tag -- The tag for the docker image - tag: sha-9c852245 - -# certificatePrehook -- Helm prehook to setup/remove a certificate for the sidecarInjector mutationwebhook -certificatePrehook: - image: - # certificatePrehook.image.registry -- Registry for the docker image. - registry: - # certificatePrehook.image.repository - Repository for the docker image. - repository: stackstate/container-tools - # certificatePrehook.image.pullPolicy -- Policy when pulling an image - pullPolicy: IfNotPresent - # certificatePrehook.image.tag -- The tag for the docker image - tag: 1.2.0 - resources: - limits: - cpu: "100m" - memory: "100Mi" - requests: - cpu: "100m" - memory: "100Mi" - -# webhook -- MutationWebhook that will be installed to inject a sidecar into pods -webhook: - # webhook.failurePolicy -- How should the webhook fail? Best is to use Ignore, because there is a brief moment at initialization when the hook s there but the service not. Also, putting this to fail can cause the control plane be unresponsive. - failurePolicy: Ignore - tls: - # webhook.tls.mode -- The mode for the webhook. Can be "provided", "generated", "secret" or "cert-manager". If you want to use cert-manager, you need to install it first. NOTE: If you choose "generated", additional privileges are required to create the certificate and webhook at runtime. - mode: "generated" - provided: - # webhook.tls.provided.caBundle -- The caBundle that is used for the webhook. This is the certificate that is used to sign the webhook. Only used if you set webhook.tls.mode to "provided". - caBundle: "" - # webhook.tls.provided.crt -- The certificate that is used for the webhook. Only used if you set webhook.tls.mode to "provided". - crt: "" - # webhook.tls.provided.key -- The key that is used for the webhook. Only used if you set webhook.tls.mode to "provided". - key: "" - certManager: - # webhook.tls.certManager.issuer -- The issuer that is used for the webhook. Only used if you set webhook.tls.mode to "cert-manager". - issuer: "" - # webhook.tls.certManager.issuerKind -- The issuer kind that is used for the webhook, valid values are "Issuer" or "ClusterIssuer". Only used if you set webhook.tls.mode to "cert-manager". - issuerKind: "ClusterIssuer" - # webhook.tls.certManager.issuerNamespace -- The namespace the cert-manager issuer is located in. If left empty defaults to the release's namespace that is used for the webhook. Only used if you set webhook.tls.mode to "cert-manager". - issuerNamespace: "" - secret: - # webhook.tls.secret.name -- The name of the secret containing the pre-provisioned certificate data that is used for the webhook. Only used if you set webhook.tls.mode to "secret". - name: "" diff --git a/charts/stackstate/stackstate-k8s-agent/1.0.76/questions.yml b/charts/stackstate/stackstate-k8s-agent/1.0.76/questions.yml deleted file mode 100644 index 5d6e6a011..000000000 --- a/charts/stackstate/stackstate-k8s-agent/1.0.76/questions.yml +++ /dev/null @@ -1,184 +0,0 @@ -questions: - - variable: stackstate.apiKey - label: "StackState API Key" - type: string - description: "The API key for StackState." - required: true - group: General - - variable: stackstate.url - label: "StackState URL" - type: string - description: "The URL where StackState is running." - required: true - group: General - - variable: stackstate.cluster.name - label: "StackState Cluster Name" - type: string - description: "The StackState Cluster Name given when installing the instance of the Kubernetes StackPack in StackState. This is used to identify the cluster in StackState." - required: true - group: General - - variable: all.registry.override - label: "Override Default Image Registry" - type: boolean - description: "Whether or not to override the default image registry." - default: false - group: "General" - show_subquestions_if: true - subquestions: - - variable: all.image.registry - label: "Docker Image Registry" - type: string - description: "The registry to pull the StackState Agent images from." - default: "quay.io" - - variable: global.imagePullCredentials.username - label: "Docker Image Pull Username" - type: string - description: "The username to use when pulling the StackState Agent images." - - variable: global.imagePullCredentials.password - label: "Docker Image Pull Password" - type: secret - description: "The password to use when pulling the StackState Agent images." - - variable: nodeAgent.containers.agent.resources.override - label: "Override Node Agent Resource Allocation" - type: boolean - description: "Whether or not to override the default resources." - default: "false" - group: "Node Agent" - show_subquestions_if: true - subquestions: - - variable: nodeAgent.containers.agent.resources.requests.cpu - label: "CPU Requests" - type: string - description: "The requested CPU for the Node Agent." - default: "20m" - - variable: nodeAgent.containers.agent.resources.requests.memory - label: "Memory Requests" - type: string - description: "The requested memory for the Node Agent." - default: "180Mi" - - variable: nodeAgent.containers.agent.resources.limits.cpu - label: "CPU Limit" - type: string - description: "The CPU limit for the Node Agent." - default: "270m" - - variable: nodeAgent.containers.agent.resources.limits.memory - label: "Memory Limit" - type: string - description: "The memory limit for the Node Agent." - default: "420Mi" - - variable: nodeAgent.containers.processAgent.enabled - label: "Enable Process Agent" - type: boolean - description: "Whether or not to enable the Process Agent." - default: "true" - group: "Process Agent" - - variable: nodeAgent.skipKubeletTLSVerify - label: "Skip Kubelet TLS Verify" - type: boolean - description: "Whether or not to skip TLS verification when connecting to the kubelet API." - default: "true" - group: "Process Agent" - - variable: nodeAgent.containers.processAgent.resources.override - label: "Override Process Agent Resource Allocation" - type: boolean - description: "Whether or not to override the default resources." - default: "false" - group: "Process Agent" - show_subquestions_if: true - subquestions: - - variable: nodeAgent.containers.processAgent.resources.requests.cpu - label: "CPU Requests" - type: string - description: "The requested CPU for the Process Agent." - default: "25m" - - variable: nodeAgent.containers.processAgent.resources.requests.memory - label: "Memory Requests" - type: string - description: "The requested memory for the Process Agent." - default: "128Mi" - - variable: nodeAgent.containers.processAgent.resources.limits.cpu - label: "CPU Limit" - type: string - description: "The CPU limit for the Process Agent." - default: "125m" - - variable: nodeAgent.containers.processAgent.resources.limits.memory - label: "Memory Limit" - type: string - description: "The memory limit for the Process Agent." - default: "400Mi" - - variable: clusterAgent.enabled - label: "Enable Cluster Agent" - type: boolean - description: "Whether or not to enable the Cluster Agent." - default: "true" - group: "Cluster Agent" - - variable: clusterAgent.collection.kubernetesResources.secrets - label: "Collect Secret Resources" - type: boolean - description: | - Whether or not to collect Kubernetes Secrets. - NOTE: StackState will not send the actual data of the secrets, only the metadata and a secure hash of the data. - default: "true" - group: "Cluster Agent" - - variable: clusterAgent.resources.override - label: "Override Cluster Agent Resource Allocation" - type: boolean - description: "Whether or not to override the default resources." - default: "false" - group: "Cluster Agent" - show_subquestions_if: true - subquestions: - - variable: clusterAgent.resources.requests.cpu - label: "CPU Requests" - type: string - description: "The requested CPU for the Cluster Agent." - default: "70m" - - variable: clusterAgent.resources.requests.memory - label: "Memory Requests" - type: string - description: "The requested memory for the Cluster Agent." - default: "512Mi" - - variable: clusterAgent.resources.limits.cpu - label: "CPU Limit" - type: string - description: "The CPU limit for the Cluster Agent." - default: "400m" - - variable: clusterAgent.resources.limits.memory - label: "Memory Limit" - type: string - description: "The memory limit for the Cluster Agent." - default: "800Mi" - - variable: logsAgent.enabled - label: "Enable Logs Agent" - type: boolean - description: "Whether or not to enable the Logs Agent." - default: "true" - group: "Logs Agent" - - variable: logsAgent.resources.override - label: "Override Logs Agent Resource Allocation" - type: boolean - description: "Whether or not to override the default resources." - default: "false" - group: "Logs Agent" - show_subquestions_if: true - subquestions: - - variable: logsAgent.resources.requests.cpu - label: "CPU Requests" - type: string - description: "The requested CPU for the Logs Agent." - default: "20m" - - variable: logsAgent.resources.requests.memory - label: "Memory Requests" - type: string - description: "The requested memory for the Logs Agent." - default: "100Mi" - - variable: logsAgent.resources.limits.cpu - label: "CPU Limit" - type: string - description: "The CPU limit for the Logs Agent." - default: "1300m" - - variable: logsAgent.resources.limits.memory - label: "Memory Limit" - type: string - description: "The memory limit for the Logs Agent." - default: "192Mi" diff --git a/charts/stackstate/stackstate-k8s-agent/1.0.76/templates/_cluster-agent-kube-state-metrics.yaml b/charts/stackstate/stackstate-k8s-agent/1.0.76/templates/_cluster-agent-kube-state-metrics.yaml deleted file mode 100644 index f99fbf618..000000000 --- a/charts/stackstate/stackstate-k8s-agent/1.0.76/templates/_cluster-agent-kube-state-metrics.yaml +++ /dev/null @@ -1,62 +0,0 @@ -{{- define "cluster-agent-kube-state-metrics" -}} -{{- $kubeRes := .Values.clusterAgent.collection.kubernetesResources }} -{{- if .Values.clusterAgent.collection.kubeStateMetrics.clusterCheck }} -cluster_check: true -{{- end }} -init_config: -instances: - - collectors: - - nodes - - pods - - services - {{- if $kubeRes.persistentvolumeclaims }} - - persistentvolumeclaims - {{- end }} - {{- if $kubeRes.persistentvolumes }} - - persistentvolumes - {{- end }} - {{- if $kubeRes.namespaces }} - - namespaces - {{- end }} - {{- if $kubeRes.endpoints }} - - endpoints - {{- end }} - {{- if $kubeRes.daemonsets }} - - daemonsets - {{- end }} - {{- if $kubeRes.deployments }} - - deployments - {{- end }} - {{- if $kubeRes.replicasets }} - - replicasets - {{- end }} - {{- if $kubeRes.statefulsets }} - - statefulsets - {{- end }} - {{- if $kubeRes.cronjobs }} - - cronjobs - {{- end }} - {{- if $kubeRes.jobs }} - - jobs - {{- end }} - {{- if $kubeRes.ingresses }} - - ingresses - {{- end }} - {{- if $kubeRes.secrets }} - - secrets - {{- end }} - - resourcequotas - - replicationcontrollers - - limitranges - - horizontalpodautoscalers - - poddisruptionbudgets - - storageclasses - - volumeattachments - {{- if .Values.clusterAgent.collection.kubeStateMetrics.clusterCheck }} - skip_leader_election: true - {{- end }} - labels_as_tags: - {{ .Values.clusterAgent.collection.kubeStateMetrics.labelsAsTags | toYaml | indent 8 }} - annotations_as_tags: - {{ .Values.clusterAgent.collection.kubeStateMetrics.annotationsAsTags | toYaml | indent 8 }} -{{- end -}} diff --git a/charts/stackstate/stackstate-k8s-agent/1.0.76/templates/_container-agent.yaml b/charts/stackstate/stackstate-k8s-agent/1.0.76/templates/_container-agent.yaml deleted file mode 100644 index ab3967c74..000000000 --- a/charts/stackstate/stackstate-k8s-agent/1.0.76/templates/_container-agent.yaml +++ /dev/null @@ -1,199 +0,0 @@ -{{- define "container-agent" -}} -- name: node-agent -{{- if .Values.all.hardening.enabled}} - lifecycle: - preStop: - exec: - command: [ "/bin/sh", "-c", "echo 'Giving slim.ai monitor time to submit data...'; sleep 120" ] -{{- end }} - image: "{{ include "stackstate-k8s-agent.imageRegistry" . }}/{{ .Values.nodeAgent.containers.agent.image.repository }}:{{ .Values.nodeAgent.containers.agent.image.tag }}" - imagePullPolicy: "{{ .Values.nodeAgent.containers.agent.image.pullPolicy }}" - env: - - name: STS_API_KEY - valueFrom: - secretKeyRef: - name: {{ include "stackstate-k8s-agent.fullname" . }} - key: sts-api-key - - name: STS_KUBERNETES_KUBELET_HOST - valueFrom: - fieldRef: - fieldPath: status.hostIP - - name: KUBERNETES_HOSTNAME - valueFrom: - fieldRef: - fieldPath: spec.nodeName - - name: STS_HOSTNAME - value: "$(KUBERNETES_HOSTNAME)-{{ .Values.stackstate.cluster.name}}" - - name: AGENT_VERSION - value: {{ .Values.nodeAgent.containers.agent.image.tag | quote }} - - name: HOST_PROC - value: "/host/proc" - - name: HOST_SYS - value: "/host/sys" - - name: KUBERNETES - value: "true" - - name: STS_APM_ENABLED - value: {{ .Values.nodeAgent.apm.enabled | quote }} - - name: STS_APM_URL - value: {{ include "stackstate-k8s-agent.stackstate.url" . }} - - name: STS_CLUSTER_AGENT_ENABLED - value: {{ .Values.clusterAgent.enabled | quote }} - {{- if .Values.clusterAgent.enabled }} - - name: STS_CLUSTER_AGENT_KUBERNETES_SERVICE_NAME - value: {{ .Release.Name }}-cluster-agent - - name: STS_CLUSTER_AGENT_AUTH_TOKEN - valueFrom: - secretKeyRef: - name: {{ include "stackstate-k8s-agent.fullname" . }} - key: sts-cluster-auth-token - {{- end }} - - name: STS_CLUSTER_NAME - value: {{ .Values.stackstate.cluster.name | quote }} - - name: STS_SKIP_VALIDATE_CLUSTERNAME - value: "true" - - name: STS_CHECKS_TAG_CARDINALITY - value: {{ .Values.nodeAgent.checksTagCardinality | quote }} - {{- if .Values.checksAgent.enabled }} - - name: STS_EXTRA_CONFIG_PROVIDERS - value: "endpointschecks" - {{- end }} - - name: STS_HEALTH_PORT - value: "5555" - - name: STS_LEADER_ELECTION - value: "false" - - name: LOG_LEVEL - value: {{ .Values.nodeAgent.containers.agent.logLevel | default .Values.nodeAgent.logLevel | quote }} - - name: STS_LOG_LEVEL - value: {{ .Values.nodeAgent.containers.agent.logLevel | default .Values.nodeAgent.logLevel | quote }} - - name: STS_NETWORK_TRACING_ENABLED - value: {{ .Values.nodeAgent.networkTracing.enabled | quote }} - - name: STS_PROTOCOL_INSPECTION_ENABLED - value: {{ .Values.nodeAgent.protocolInspection.enabled | quote }} - - name: STS_PROCESS_AGENT_ENABLED - value: {{ .Values.nodeAgent.containers.agent.processAgent.enabled | quote }} - - name: STS_CONTAINER_CHECK_INTERVAL - value: {{ .Values.processAgent.checkIntervals.container | quote }} - - name: STS_CONNECTION_CHECK_INTERVAL - value: {{ .Values.processAgent.checkIntervals.connections | quote }} - - name: STS_PROCESS_CHECK_INTERVAL - value: {{ .Values.processAgent.checkIntervals.process | quote }} - - name: STS_PROCESS_AGENT_URL - value: {{ include "stackstate-k8s-agent.stackstate.url" . }} - - - name: STS_SKIP_SSL_VALIDATION - value: {{ or .Values.global.skipSslValidation .Values.nodeAgent.skipSslValidation | quote }} - - name: STS_SKIP_KUBELET_TLS_VERIFY - value: {{ .Values.nodeAgent.skipKubeletTLSVerify | quote }} - - name: STS_STS_URL - value: {{ include "stackstate-k8s-agent.stackstate.url" . }} - {{- if .Values.nodeAgent.containerRuntime.customSocketPath }} - - name: STS_CRI_SOCKET_PATH - value: {{ .Values.nodeAgent.containerRuntime.customSocketPath }} - {{- end }} - {{- if .Values.global.proxy.url }} - - name: STS_PROXY_HTTPS - value: {{ .Values.global.proxy.url | quote }} - - name: STS_PROXY_HTTP - value: {{ .Values.global.proxy.url | quote }} - {{- end }} - {{- range $key, $value := .Values.global.extraEnv.open }} - - name: {{ $key }} - value: {{ $value | quote }} - {{- end }} - {{- range $key, $value := .Values.global.extraEnv.secret }} - - name: {{ $key }} - valueFrom: - secretKeyRef: - name: {{ include "stackstate-k8s-agent.fullname" . }} - key: {{ $key }} - {{- end }} - {{- range $key, $value := .Values.nodeAgent.containers.agent.env }} - - name: {{ $key }} - value: {{ $value | quote }} - {{- end }} - {{- if .Values.nodeAgent.containers.agent.livenessProbe.enabled }} - livenessProbe: - httpGet: - path: /health - port: healthport - failureThreshold: {{ .Values.nodeAgent.containers.agent.livenessProbe.failureThreshold }} - initialDelaySeconds: {{ .Values.nodeAgent.containers.agent.livenessProbe.initialDelaySeconds }} - periodSeconds: {{ .Values.nodeAgent.containers.agent.livenessProbe.periodSeconds }} - successThreshold: {{ .Values.nodeAgent.containers.agent.livenessProbe.successThreshold }} - timeoutSeconds: {{ .Values.nodeAgent.containers.agent.livenessProbe.timeoutSeconds }} - {{- end }} - {{- if .Values.nodeAgent.containers.agent.readinessProbe.enabled }} - readinessProbe: - httpGet: - path: /health - port: healthport - failureThreshold: {{ .Values.nodeAgent.containers.agent.readinessProbe.failureThreshold }} - initialDelaySeconds: {{ .Values.nodeAgent.containers.agent.readinessProbe.initialDelaySeconds }} - periodSeconds: {{ .Values.nodeAgent.containers.agent.readinessProbe.periodSeconds }} - successThreshold: {{ .Values.nodeAgent.containers.agent.readinessProbe.successThreshold }} - timeoutSeconds: {{ .Values.nodeAgent.containers.agent.readinessProbe.timeoutSeconds }} - {{- end }} - ports: - - containerPort: 8126 - name: traceport - protocol: TCP - - containerPort: 5555 - name: healthport - protocol: TCP - {{- with .Values.nodeAgent.containers.agent.resources }} - resources: - {{- toYaml . | nindent 12 }} - {{- end }} - volumeMounts: - {{- if .Values.nodeAgent.containerRuntime.customSocketPath }} - - name: customcrisocket - mountPath: {{ .Values.nodeAgent.containerRuntime.customSocketPath }} - readOnly: true - {{- end }} - - name: crisocket - mountPath: /var/run/crio/crio.sock - readOnly: true - - name: containerdsocket - mountPath: /var/run/containerd/containerd.sock - readOnly: true - - name: kubelet - mountPath: /var/lib/kubelet - readOnly: true - - name: nfs - mountPath: /var/lib/nfs - readOnly: true - - name: dockersocket - mountPath: /var/run/docker.sock - readOnly: true - - name: dockernetns - mountPath: /run/docker/netns - readOnly: true - - name: dockeroverlay2 - mountPath: /var/lib/docker/overlay2 - readOnly: true - - name: procdir - mountPath: /host/proc - readOnly: true - - name: cgroups - mountPath: /host/sys/fs/cgroup - readOnly: true - {{- if .Values.nodeAgent.config.override }} - {{- range .Values.nodeAgent.config.override }} - - name: config-override-volume - mountPath: {{ .path }}/{{ .name }} - subPath: {{ .path | replace "/" "_"}}_{{ .name }} - readOnly: true - {{- end }} - {{- end }} -{{- if .Values.all.hardening.enabled}} - securityContext: - privileged: true - runAsUser: 0 # root - capabilities: - add: [ "ALL" ] - readOnlyRootFilesystem: false -{{- else }} - securityContext: - privileged: false -{{- end }} -{{- end -}} diff --git a/charts/stackstate/stackstate-k8s-agent/1.0.76/templates/_container-process-agent.yaml b/charts/stackstate/stackstate-k8s-agent/1.0.76/templates/_container-process-agent.yaml deleted file mode 100644 index 367274d45..000000000 --- a/charts/stackstate/stackstate-k8s-agent/1.0.76/templates/_container-process-agent.yaml +++ /dev/null @@ -1,168 +0,0 @@ -{{- define "container-process-agent" -}} -- name: process-agent -{{ if .Values.nodeAgent.containers.processAgent.image.registry }} - image: "{{ .Values.nodeAgent.containers.processAgent.image.registry }}/{{ .Values.nodeAgent.containers.processAgent.image.repository }}:{{ .Values.nodeAgent.containers.processAgent.image.tag }}" -{{ else }} - image: "{{ include "stackstate-k8s-agent.imageRegistry" . }}/{{ .Values.nodeAgent.containers.processAgent.image.repository }}:{{ .Values.nodeAgent.containers.processAgent.image.tag }}" -{{- end }} - imagePullPolicy: "{{ .Values.nodeAgent.containers.processAgent.image.pullPolicy }}" - ports: - - containerPort: 6063 - env: - - name: STS_API_KEY - valueFrom: - secretKeyRef: - name: {{ include "stackstate-k8s-agent.fullname" . }} - key: sts-api-key - - name: STS_KUBERNETES_KUBELET_HOST - valueFrom: - fieldRef: - fieldPath: status.hostIP - - name: KUBERNETES_HOSTNAME - valueFrom: - fieldRef: - fieldPath: spec.nodeName - - name: STS_HOSTNAME - value: "$(KUBERNETES_HOSTNAME)-{{ .Values.stackstate.cluster.name}}" - - name: AGENT_VERSION - value: {{ .Values.nodeAgent.containers.processAgent.image.tag | quote }} - - name: STS_LOG_TO_CONSOLE - value: "true" - - name: HOST_PROC - value: "/host/proc" - - name: HOST_SYS - value: "/host/sys" - - name: HOST_ETC - value: "/host/etc" - - name: KUBERNETES - value: "true" - - name: STS_CLUSTER_AGENT_ENABLED - value: {{ .Values.clusterAgent.enabled | quote }} - {{- if .Values.clusterAgent.enabled }} - - name: STS_CLUSTER_AGENT_KUBERNETES_SERVICE_NAME - value: {{ .Release.Name }}-cluster-agent - - name: STS_CLUSTER_AGENT_AUTH_TOKEN - valueFrom: - secretKeyRef: - name: {{ include "stackstate-k8s-agent.fullname" . }} - key: sts-cluster-auth-token - {{- end }} - - name: STS_CLUSTER_NAME - value: {{ .Values.stackstate.cluster.name | quote }} - - name: STS_SKIP_VALIDATE_CLUSTERNAME - value: "true" - - name: LOG_LEVEL - value: {{ .Values.nodeAgent.containers.processAgent.logLevel | default .Values.nodeAgent.logLevel | quote }} - - name: STS_LOG_LEVEL - value: {{ .Values.nodeAgent.containers.processAgent.logLevel | default .Values.nodeAgent.logLevel | quote }} - - name: STS_NETWORK_TRACING_ENABLED - value: {{ .Values.nodeAgent.networkTracing.enabled | quote }} - - name: STS_PROTOCOL_INSPECTION_ENABLED - value: {{ .Values.nodeAgent.protocolInspection.enabled | quote }} - - name: STS_PROCESS_AGENT_ENABLED - value: {{ .Values.nodeAgent.containers.processAgent.enabled | quote }} - - name: STS_CONTAINER_CHECK_INTERVAL - value: {{ .Values.processAgent.checkIntervals.container | quote }} - - name: STS_CONNECTION_CHECK_INTERVAL - value: {{ .Values.processAgent.checkIntervals.connections | quote }} - - name: STS_PROCESS_CHECK_INTERVAL - value: {{ .Values.processAgent.checkIntervals.process | quote }} - - name: GOMEMLIMIT - value: {{ .Values.processAgent.softMemoryLimit.goMemLimit | quote }} - - name: STS_HTTP_STATS_BUFFER_SIZE - value: {{ .Values.processAgent.softMemoryLimit.httpStatsBufferSize | quote }} - - name: STS_HTTP_OBSERVATIONS_BUFFER_SIZE - value: {{ .Values.processAgent.softMemoryLimit.httpObservationsBufferSize | quote }} - - name: STS_PROCESS_AGENT_URL - value: {{ include "stackstate-k8s-agent.stackstate.url" . }} - - name: STS_SKIP_SSL_VALIDATION - value: {{ or .Values.global.skipSslValidation .Values.nodeAgent.skipSslValidation | quote }} - - name: STS_SKIP_KUBELET_TLS_VERIFY - value: {{ .Values.nodeAgent.skipKubeletTLSVerify | quote }} - - name: STS_STS_URL - value: {{ include "stackstate-k8s-agent.stackstate.url" . }} - - name: STS_HTTP_TRACING_ENABLED - value: {{ .Values.nodeAgent.httpTracing.enabled | quote }} - {{- if .Values.nodeAgent.containerRuntime.customSocketPath }} - - name: STS_CRI_SOCKET_PATH - value: {{ .Values.nodeAgent.containerRuntime.customSocketPath }} - {{- end }} - {{- if .Values.global.proxy.url }} - - name: STS_PROXY_HTTPS - value: {{ .Values.global.proxy.url | quote }} - - name: STS_PROXY_HTTP - value: {{ .Values.global.proxy.url | quote }} - {{- end }} - {{- range $key, $value := .Values.global.extraEnv.open }} - - name: {{ $key }} - value: {{ $value | quote }} - {{- end }} - {{- range $key, $value := .Values.global.extraEnv.secret }} - - name: {{ $key }} - valueFrom: - secretKeyRef: - name: {{ include "stackstate-k8s-agent.fullname" . }} - key: {{ $key }} - {{- end }} - {{- range $key, $value := .Values.nodeAgent.containers.processAgent.env }} - - name: {{ $key }} - value: {{ $value | quote }} - {{- end }} - {{- with .Values.nodeAgent.containers.processAgent.resources }} - resources: - {{- toYaml . | nindent 12 }} - {{- end }} - volumeMounts: - {{- if .Values.nodeAgent.containerRuntime.customSocketPath }} - - name: customcrisocket - mountPath: {{ .Values.nodeAgent.containerRuntime.customSocketPath }} - readOnly: true - {{- end }} - - name: crisocket - mountPath: /var/run/crio/crio.sock - readOnly: true - - name: containerdsocket - mountPath: /var/run/containerd/containerd.sock - readOnly: true - - name: sys-kernel-debug - mountPath: /sys/kernel/debug - # Having sys-kernel-debug as read only breaks specific monitors from receiving metrics - # readOnly: true - - name: dockersocket - mountPath: /var/run/docker.sock - readOnly: true - # The agent needs access to /etc to figure out what os it is running on. - - name: etcdir - mountPath: /host/etc - readOnly: true - - name: procdir - mountPath: /host/proc - # We have an agent option STS_DISABLE_BPF_JIT_HARDEN that write to /proc. this is a debug setting but if we want to use - # it, we have the option to make /proc writable. - readOnly: {{ .Values.nodeAgent.containers.processAgent.procVolumeReadOnly }} - - name: passwd - mountPath: /etc/passwd - readOnly: true - - name: cgroups - mountPath: /host/sys/fs/cgroup - readOnly: true - {{- if .Values.nodeAgent.config.override }} - {{- range .Values.nodeAgent.config.override }} - - name: config-override-volume - mountPath: {{ .path }}/{{ .name }} - subPath: {{ .path | replace "/" "_"}}_{{ .name }} - readOnly: true - {{- end }} - {{- end }} -{{- if .Values.all.hardening.enabled}} - securityContext: - privileged: true - runAsUser: 0 # root - capabilities: - add: [ "ALL" ] - readOnlyRootFilesystem: false -{{- else }} - securityContext: - privileged: true -{{- end }} -{{- end -}} diff --git a/charts/stackstate/stackstate-k8s-agent/1.0.76/templates/_helpers.tpl b/charts/stackstate/stackstate-k8s-agent/1.0.76/templates/_helpers.tpl deleted file mode 100644 index 09a27fd6e..000000000 --- a/charts/stackstate/stackstate-k8s-agent/1.0.76/templates/_helpers.tpl +++ /dev/null @@ -1,175 +0,0 @@ -{{/* vim: set filetype=mustache: */}} -{{/* -Expand the name of the chart. -*/}} -{{- define "stackstate-k8s-agent.name" -}} -{{- default .Chart.Name .Values.nameOverride | trunc 63 | trimSuffix "-" -}} -{{- end -}} - -{{/* -Create a default fully qualified app name. -We truncate at 63 chars because some Kubernetes name fields are limited to this (by the DNS naming spec). -If release name contains chart name it will be used as a full name. -*/}} -{{- define "stackstate-k8s-agent.fullname" -}} -{{- if .Values.fullnameOverride -}} -{{- .Values.fullnameOverride | trunc 63 | trimSuffix "-" -}} -{{- else -}} -{{- $name := default .Chart.Name .Values.nameOverride -}} -{{- if contains $name .Release.Name -}} -{{- .Release.Name | trunc 63 | trimSuffix "-" -}} -{{- else -}} -{{- printf "%s-%s" .Release.Name $name | trunc 63 | trimSuffix "-" -}} -{{- end -}} -{{- end -}} -{{- end -}} - -{{/* -Create chart name and version as used by the chart label. -*/}} -{{- define "stackstate-k8s-agent.chart" -}} -{{- printf "%s-%s" .Chart.Name .Chart.Version | replace "+" "_" | trunc 63 | trimSuffix "-" -}} -{{- end -}} - -{{/* -Common labels -*/}} -{{- define "stackstate-k8s-agent.labels" -}} -app.kubernetes.io/name: {{ include "stackstate-k8s-agent.name" . }} -helm.sh/chart: {{ include "stackstate-k8s-agent.chart" . }} -app.kubernetes.io/instance: {{ .Release.Name }} -{{- if .Chart.AppVersion }} -app.kubernetes.io/version: {{ .Chart.AppVersion | quote }} -{{- end }} -app.kubernetes.io/managed-by: {{ .Release.Service }} -{{- end -}} - -{{/* -Cluster agent checksum annotations -*/}} -{{- define "stackstate-k8s-agent.checksum-configs" }} -checksum/secret: {{ include (print $.Template.BasePath "/secret.yaml") . | sha256sum }} -{{- end }} - -{{/* -StackState URL function -*/}} -{{- define "stackstate-k8s-agent.stackstate.url" -}} -{{ tpl .Values.stackstate.url . | quote }} -{{- end }} - -{{- define "stackstate-k8s-agent.configmap.override.checksum" -}} -{{- if .Values.clusterAgent.config.override }} -checksum/override-configmap: {{ include (print $.Template.BasePath "/cluster-agent-configmap.yaml") . | sha256sum }} -{{- end }} -{{- end }} - -{{- define "stackstate-k8s-agent.nodeAgent.configmap.override.checksum" -}} -{{- if .Values.nodeAgent.config.override }} -checksum/override-configmap: {{ include (print $.Template.BasePath "/node-agent-configmap.yaml") . | sha256sum }} -{{- end }} -{{- end }} - -{{- define "stackstate-k8s-agent.logsAgent.configmap.override.checksum" -}} -checksum/override-configmap: {{ include (print $.Template.BasePath "/logs-agent-configmap.yaml") . | sha256sum }} -{{- end }} - -{{- define "stackstate-k8s-agent.checksAgent.configmap.override.checksum" -}} -{{- if .Values.checksAgent.config.override }} -checksum/override-configmap: {{ include (print $.Template.BasePath "/checks-agent-configmap.yaml") . | sha256sum }} -{{- end }} -{{- end }} - - -{{/* -Return the image registry -*/}} -{{- define "stackstate-k8s-agent.imageRegistry" -}} - {{- if .Values.global }} - {{- .Values.global.imageRegistry | default .Values.all.image.registry -}} - {{- else -}} - {{- .Values.all.image.registry -}} - {{- end -}} -{{- end -}} - -{{/* -Renders a value that contains a template. -Usage: -{{ include "stackstate-k8s-agent.tplvalue.render" ( dict "value" .Values.path.to.the.Value "context" $) }} -*/}} -{{- define "stackstate-k8s-agent.tplvalue.render" -}} - {{- if typeIs "string" .value }} - {{- tpl .value .context }} - {{- else }} - {{- tpl (.value | toYaml) .context }} - {{- end }} -{{- end -}} - -{{- define "stackstate-k8s-agent.pull-secret.name" -}} -{{ include "stackstate-k8s-agent.fullname" . }}-pull-secret -{{- end -}} - -{{/* -Return the proper Docker Image Registry Secret Names evaluating values as templates -{{ include "stackstate-k8s-agent.image.pullSecrets" ( dict "images" (list .Values.path.to.the.image1, .Values.path.to.the.image2) "context" $) }} -*/}} -{{- define "stackstate-k8s-agent.image.pullSecrets" -}} - {{- $pullSecrets := list }} - {{- $context := .context }} - {{- if $context.Values.global }} - {{- range $context.Values.global.imagePullSecrets -}} - {{/* Is plain array of strings, compatible with all bitnami charts */}} - {{- $pullSecrets = append $pullSecrets (include "stackstate-k8s-agent.tplvalue.render" (dict "value" . "context" $context)) -}} - {{- end -}} - {{- end -}} - {{- range $context.Values.imagePullSecrets -}} - {{- $pullSecrets = append $pullSecrets (include "stackstate-k8s-agent.tplvalue.render" (dict "value" .name "context" $context)) -}} - {{- end -}} - {{- range .images -}} - {{- if .pullSecretName -}} - {{- $pullSecrets = append $pullSecrets (include "stackstate-k8s-agent.tplvalue.render" (dict "value" .pullSecretName "context" $context)) -}} - {{- end -}} - {{- end -}} - {{- $pullSecrets = append $pullSecrets (include "stackstate-k8s-agent.pull-secret.name" $context) -}} - {{- if (not (empty $pullSecrets)) -}} -imagePullSecrets: - {{- range $pullSecrets | uniq }} - - name: {{ . }} - {{- end }} - {{- end }} -{{- end -}} - -{{/* -Check whether the kubernetes-state-metrics configuration is overridden. If so, return 'true' else return nothing (which is false). -{{ include "stackstate-k8s-agent.kube-state-metrics.overridden" $ }} -*/}} -{{- define "stackstate-k8s-agent.kube-state-metrics.overridden" -}} -{{- if .Values.clusterAgent.config.override }} - {{- range $i, $val := .Values.clusterAgent.config.override }} - {{- if and (eq $val.name "conf.yaml") (eq $val.path "/etc/stackstate-agent/conf.d/kubernetes_state.d") }} -true - {{- end }} - {{- end }} -{{- end }} -{{- end -}} - -{{- define "stackstate-k8s-agent.nodeAgent.kube-state-metrics.overridden" -}} -{{- if .Values.nodeAgent.config.override }} - {{- range $i, $val := .Values.nodeAgent.config.override }} - {{- if and (eq $val.name "auto_conf.yaml") (eq $val.path "/etc/stackstate-agent/conf.d/kubernetes_state.d") }} -true - {{- end }} - {{- end }} -{{- end }} -{{- end -}} - -{{/* -Return the appropriate os label -*/}} -{{- define "label.os" -}} -{{- if semverCompare "^1.14-0" .Capabilities.KubeVersion.GitVersion -}} -kubernetes.io/os -{{- else -}} -beta.kubernetes.io/os -{{- end -}} -{{- end -}} diff --git a/charts/stackstate/stackstate-k8s-agent/1.0.76/templates/checks-agent-clusterrolebinding.yaml b/charts/stackstate/stackstate-k8s-agent/1.0.76/templates/checks-agent-clusterrolebinding.yaml deleted file mode 100644 index 9db8b0bc3..000000000 --- a/charts/stackstate/stackstate-k8s-agent/1.0.76/templates/checks-agent-clusterrolebinding.yaml +++ /dev/null @@ -1,18 +0,0 @@ -{{- if .Values.checksAgent.enabled }} -apiVersion: rbac.authorization.k8s.io/v1 -kind: ClusterRoleBinding -metadata: - name: {{ .Release.Name }}-checks-agent - labels: -{{ include "stackstate-k8s-agent.labels" . | indent 4 }} - app.kubernetes.io/component: checks-agent -roleRef: - apiGroup: rbac.authorization.k8s.io - kind: ClusterRole - name: {{ .Release.Name }}-node-agent -subjects: -- apiGroup: "" - kind: ServiceAccount - name: {{ .Release.Name }}-checks-agent - namespace: {{ .Release.Namespace }} -{{- end -}} diff --git a/charts/stackstate/stackstate-k8s-agent/1.0.76/templates/checks-agent-configmap.yaml b/charts/stackstate/stackstate-k8s-agent/1.0.76/templates/checks-agent-configmap.yaml deleted file mode 100644 index faeefa1fc..000000000 --- a/charts/stackstate/stackstate-k8s-agent/1.0.76/templates/checks-agent-configmap.yaml +++ /dev/null @@ -1,14 +0,0 @@ -{{- if and .Values.checksAgent.enabled .Values.checksAgent.config.override }} -apiVersion: v1 -kind: ConfigMap -metadata: - name: {{ .Release.Name }}-checks-agent - labels: -{{ include "stackstate-k8s-agent.labels" . | indent 4 }} - app.kubernetes.io/component: checks-agent -data: -{{- range .Values.checksAgent.config.override }} - {{ .path | replace "/" "_"}}_{{ .name }}: | -{{ .data | indent 4 -}} -{{- end -}} -{{- end -}} diff --git a/charts/stackstate/stackstate-k8s-agent/1.0.76/templates/checks-agent-deployment.yaml b/charts/stackstate/stackstate-k8s-agent/1.0.76/templates/checks-agent-deployment.yaml deleted file mode 100644 index 16cf08292..000000000 --- a/charts/stackstate/stackstate-k8s-agent/1.0.76/templates/checks-agent-deployment.yaml +++ /dev/null @@ -1,188 +0,0 @@ -{{- if .Values.checksAgent.enabled }} -apiVersion: apps/v1 -kind: Deployment -metadata: - name: {{ .Release.Name }}-checks-agent - namespace: {{ .Release.Namespace }} - labels: -{{ include "stackstate-k8s-agent.labels" . | indent 4 }} - app.kubernetes.io/component: checks-agent -spec: - selector: - matchLabels: - app.kubernetes.io/component: checks-agent - app.kubernetes.io/instance: {{ .Release.Name }} - app.kubernetes.io/name: {{ include "stackstate-k8s-agent.name" . }} - replicas: {{ .Values.checksAgent.replicas }} -{{- with .Values.checksAgent.strategy }} - strategy: - {{- toYaml . | nindent 4 }} -{{- end }} - template: - metadata: - annotations: - {{- include "stackstate-k8s-agent.checksum-configs" . | nindent 8 }} - {{- include "stackstate-k8s-agent.nodeAgent.configmap.override.checksum" . | nindent 8 }} - labels: - app.kubernetes.io/component: checks-agent - app.kubernetes.io/instance: {{ .Release.Name }} - app.kubernetes.io/name: {{ include "stackstate-k8s-agent.name" . }} - spec: - {{- include "stackstate-k8s-agent.image.pullSecrets" (dict "images" (list .Values.checksAgent.image .Values.all.image) "context" $) | nindent 6 }} - {{- if .Values.all.hardening.enabled}} - terminationGracePeriodSeconds: 240 - {{- end }} - containers: - - name: {{ .Chart.Name }} - image: "{{ include "stackstate-k8s-agent.imageRegistry" . }}/{{ .Values.checksAgent.image.repository }}:{{ .Values.checksAgent.image.tag }}" - imagePullPolicy: "{{ .Values.checksAgent.image.pullPolicy }}" - {{- if .Values.all.hardening.enabled}} - lifecycle: - preStop: - exec: - command: [ "/bin/sh", "-c", "echo 'Giving slim.ai monitor time to submit data...'; sleep 120" ] - {{- end }} - env: - - name: STS_API_KEY - valueFrom: - secretKeyRef: - name: {{ include "stackstate-k8s-agent.fullname" . }} - key: sts-api-key - - name: KUBERNETES_HOSTNAME - valueFrom: - fieldRef: - fieldPath: spec.nodeName - - name: STS_HOSTNAME - value: "$(KUBERNETES_HOSTNAME)-{{ .Values.stackstate.cluster.name}}" - - name: AGENT_VERSION - value: {{ .Values.checksAgent.image.tag | quote }} - - name: LOG_LEVEL - value: {{ .Values.checksAgent.logLevel | quote }} - - name: STS_APM_ENABLED - value: "false" - - name: STS_CLUSTER_AGENT_ENABLED - value: {{ .Values.clusterAgent.enabled | quote }} - {{- if .Values.clusterAgent.enabled }} - - name: STS_CLUSTER_AGENT_KUBERNETES_SERVICE_NAME - value: {{ .Release.Name }}-cluster-agent - - name: STS_CLUSTER_AGENT_AUTH_TOKEN - valueFrom: - secretKeyRef: - name: {{ include "stackstate-k8s-agent.fullname" . }} - key: sts-cluster-auth-token - {{- end }} - - name: STS_CLUSTER_NAME - value: {{ .Values.stackstate.cluster.name | quote }} - - name: STS_SKIP_VALIDATE_CLUSTERNAME - value: "true" - - name: STS_CHECKS_TAG_CARDINALITY - value: {{ .Values.checksAgent.checksTagCardinality | quote }} - - name: STS_EXTRA_CONFIG_PROVIDERS - value: "clusterchecks" - - name: STS_HEALTH_PORT - value: "5555" - - name: STS_LEADER_ELECTION - value: "false" - - name: STS_LOG_LEVEL - value: {{ .Values.checksAgent.logLevel | quote }} - - name: STS_NETWORK_TRACING_ENABLED - value: "false" - - name: STS_PROCESS_AGENT_ENABLED - value: "false" - - name: STS_SKIP_SSL_VALIDATION - value: {{ or .Values.global.skipSslValidation .Values.checksAgent.skipSslValidation | quote }} - - name: STS_STS_URL - value: {{ include "stackstate-k8s-agent.stackstate.url" . }} - {{- if .Values.global.proxy.url }} - - name: STS_PROXY_HTTPS - value: {{ .Values.global.proxy.url | quote }} - - name: STS_PROXY_HTTP - value: {{ .Values.global.proxy.url | quote }} - {{- end }} - {{- range $key, $value := .Values.global.extraEnv.open }} - - name: {{ $key }} - value: {{ $value | quote }} - {{- end }} - {{- range $key, $value := .Values.global.extraEnv.secret }} - - name: {{ $key }} - valueFrom: - secretKeyRef: - name: {{ include "stackstate-k8s-agent.fullname" . }} - key: {{ $key }} - {{- end }} - livenessProbe: - httpGet: - path: /health - port: healthport - failureThreshold: {{ .Values.checksAgent.livenessProbe.failureThreshold }} - initialDelaySeconds: {{ .Values.checksAgent.livenessProbe.initialDelaySeconds }} - periodSeconds: {{ .Values.checksAgent.livenessProbe.periodSeconds }} - successThreshold: {{ .Values.checksAgent.livenessProbe.successThreshold }} - timeoutSeconds: {{ .Values.checksAgent.livenessProbe.timeoutSeconds }} - readinessProbe: - httpGet: - path: /health - port: healthport - failureThreshold: {{ .Values.checksAgent.readinessProbe.failureThreshold }} - initialDelaySeconds: {{ .Values.checksAgent.readinessProbe.initialDelaySeconds }} - periodSeconds: {{ .Values.checksAgent.readinessProbe.periodSeconds }} - successThreshold: {{ .Values.checksAgent.readinessProbe.successThreshold }} - timeoutSeconds: {{ .Values.checksAgent.readinessProbe.timeoutSeconds }} - ports: - - containerPort: 5555 - name: healthport - protocol: TCP - {{- if .Values.all.hardening.enabled}} - securityContext: - privileged: true - runAsUser: 0 # root - capabilities: - add: [ "ALL" ] - readOnlyRootFilesystem: false - {{- else }} - securityContext: - privileged: false - {{- end }} - {{- with .Values.checksAgent.resources }} - resources: - {{- toYaml . | nindent 12 }} - {{- end }} - volumeMounts: - - name: confd-empty-volume - mountPath: /etc/stackstate-agent/conf.d -# setting as readOnly: false because we need the ability to write data on /etc/stackstate-agent/conf.d as we enable checks to run. - readOnly: false - {{- if .Values.checksAgent.config.override }} - {{- range .Values.checksAgent.config.override }} - - name: config-override-volume - mountPath: {{ .path }}/{{ .name }} - subPath: {{ .path | replace "/" "_"}}_{{ .name }} - readOnly: true - {{- end }} - {{- end }} - {{- if .Values.checksAgent.priorityClassName }} - priorityClassName: {{ .Values.checksAgent.priorityClassName }} - {{- end }} - serviceAccountName: {{ .Release.Name }}-checks-agent - nodeSelector: - {{ template "label.os" . }}: {{ .Values.targetSystem }} - {{- with .Values.checksAgent.nodeSelector }} - {{- toYaml . | nindent 8 }} - {{- end }} - {{- with .Values.checksAgent.affinity }} - affinity: - {{- toYaml . | nindent 8 }} - {{- end }} - {{- with .Values.checksAgent.tolerations }} - tolerations: - {{- toYaml . | nindent 8 }} - {{- end }} - volumes: - - name: confd-empty-volume - emptyDir: {} - {{- if .Values.checksAgent.config.override }} - - name: config-override-volume - configMap: - name: {{ .Release.Name }}-checks-agent - {{- end }} -{{- end -}} diff --git a/charts/stackstate/stackstate-k8s-agent/1.0.76/templates/checks-agent-poddisruptionbudget.yaml b/charts/stackstate/stackstate-k8s-agent/1.0.76/templates/checks-agent-poddisruptionbudget.yaml deleted file mode 100644 index 7a9f1d8f9..000000000 --- a/charts/stackstate/stackstate-k8s-agent/1.0.76/templates/checks-agent-poddisruptionbudget.yaml +++ /dev/null @@ -1,20 +0,0 @@ -{{- if .Values.checksAgent.enabled }} -{{- if .Capabilities.APIVersions.Has "policy/v1/PodDisruptionBudget" }} -apiVersion: policy/v1 -{{- else }} -apiVersion: policy/v1beta1 -{{- end }} -kind: PodDisruptionBudget -metadata: - name: {{ .Release.Name }}-checks-agent - labels: -{{ include "stackstate-k8s-agent.labels" . | indent 4 }} - app.kubernetes.io/component: checks-agent -spec: - maxUnavailable: 1 - selector: - matchLabels: - app.kubernetes.io/component: checks-agent - app.kubernetes.io/instance: {{ .Release.Name }} - app.kubernetes.io/name: {{ include "stackstate-k8s-agent.name" . }} -{{- end -}} diff --git a/charts/stackstate/stackstate-k8s-agent/1.0.76/templates/checks-agent-serviceaccount.yaml b/charts/stackstate/stackstate-k8s-agent/1.0.76/templates/checks-agent-serviceaccount.yaml deleted file mode 100644 index 444aad220..000000000 --- a/charts/stackstate/stackstate-k8s-agent/1.0.76/templates/checks-agent-serviceaccount.yaml +++ /dev/null @@ -1,14 +0,0 @@ -{{- if .Values.checksAgent.enabled }} -apiVersion: v1 -kind: ServiceAccount -metadata: - name: {{ .Release.Name }}-checks-agent - namespace: {{ .Release.Namespace }} - labels: -{{ include "stackstate-k8s-agent.labels" . | indent 4 }} - app.kubernetes.io/component: checks-agent -{{- end -}} -{{- with .Values.checksAgent.serviceaccount.annotations }} - annotations: - {{- toYaml . | nindent 4 }} -{{- end }} diff --git a/charts/stackstate/stackstate-k8s-agent/1.0.76/templates/cluster-agent-clusterrole.yaml b/charts/stackstate/stackstate-k8s-agent/1.0.76/templates/cluster-agent-clusterrole.yaml deleted file mode 100644 index c329c77b2..000000000 --- a/charts/stackstate/stackstate-k8s-agent/1.0.76/templates/cluster-agent-clusterrole.yaml +++ /dev/null @@ -1,149 +0,0 @@ -{{- $kubeRes := .Values.clusterAgent.collection.kubernetesResources }} -apiVersion: rbac.authorization.k8s.io/v1 -kind: ClusterRole -metadata: - name: {{ include "stackstate-k8s-agent.fullname" . }} - labels: -{{ include "stackstate-k8s-agent.labels" . | indent 4 }} - app.kubernetes.io/component: cluster-agent -rules: -- apiGroups: - - "" - resources: - - events - - nodes - - pods - - services - {{- if $kubeRes.namespaces }} - - namespaces - {{- end }} - {{- if .Values.clusterAgent.collection.kubernetesMetrics }} - - componentstatuses - {{- end }} - {{- if $kubeRes.configmaps }} - - configmaps - {{- end }} - {{- if $kubeRes.endpoints }} - - endpoints - {{- end }} - {{- if $kubeRes.persistentvolumeclaims }} - - persistentvolumeclaims - {{- end }} - {{- if $kubeRes.persistentvolumes }} - - persistentvolumes - {{- end }} - {{- if $kubeRes.secrets }} - - secrets - {{- end }} - {{- if $kubeRes.resourcequotas }} - - resourcequotas - {{- end }} - verbs: - - get - - list - - watch -{{- if or $kubeRes.daemonsets $kubeRes.deployments $kubeRes.replicasets $kubeRes.statefulsets }} -- apiGroups: - - "apps" - resources: - {{- if $kubeRes.daemonsets }} - - daemonsets - {{- end }} - {{- if $kubeRes.deployments }} - - deployments - {{- end }} - {{- if $kubeRes.replicasets }} - - replicasets - {{- end }} - {{- if $kubeRes.statefulsets }} - - statefulsets - {{- end }} - verbs: - - get - - list - - watch -{{- end}} -{{- if $kubeRes.ingresses }} -- apiGroups: - - "extensions" - - "networking.k8s.io" - resources: - - ingresses - verbs: - - get - - list - - watch -{{- end}} -{{- if or $kubeRes.cronjobs $kubeRes.jobs }} -- apiGroups: - - "batch" - resources: - {{- if $kubeRes.cronjobs }} - - cronjobs - {{- end }} - {{- if $kubeRes.jobs }} - - jobs - {{- end }} - verbs: - - get - - list - - watch -{{- end}} -- nonResourceURLs: - - "/healthz" - - "/version" - verbs: - - get -- apiGroups: - - "storage.k8s.io" - resources: - {{- if $kubeRes.volumeattachments }} - - volumeattachments - {{- end }} - {{- if $kubeRes.storageclasses }} - - storageclasses - {{- end }} - verbs: - - get - - list - - watch -- apiGroups: - - "policy" - resources: - {{- if $kubeRes.poddisruptionbudgets }} - - poddisruptionbudgets - {{- end }} - verbs: - - get - - list - - watch -- apiGroups: - - "" - resources: - {{- if $kubeRes.replicationcontrollers }} - - replicationcontrollers - {{- end }} - verbs: - - get - - list - - watch -- apiGroups: - - "autoscaling" - resources: - {{- if $kubeRes.horizontalpodautoscalers }} - - horizontalpodautoscalers - {{- end }} - verbs: - - get - - list - - watch -- apiGroups: - - "" - resources: - {{- if $kubeRes.limitranges }} - - limitranges - {{- end }} - verbs: - - get - - list - - watch diff --git a/charts/stackstate/stackstate-k8s-agent/1.0.76/templates/cluster-agent-clusterrolebinding.yaml b/charts/stackstate/stackstate-k8s-agent/1.0.76/templates/cluster-agent-clusterrolebinding.yaml deleted file mode 100644 index 0b1bd37ea..000000000 --- a/charts/stackstate/stackstate-k8s-agent/1.0.76/templates/cluster-agent-clusterrolebinding.yaml +++ /dev/null @@ -1,16 +0,0 @@ -apiVersion: rbac.authorization.k8s.io/v1 -kind: ClusterRoleBinding -metadata: - name: {{ include "stackstate-k8s-agent.fullname" . }} - labels: -{{ include "stackstate-k8s-agent.labels" . | indent 4 }} - app.kubernetes.io/component: cluster-agent -roleRef: - apiGroup: rbac.authorization.k8s.io - kind: ClusterRole - name: {{ include "stackstate-k8s-agent.fullname" . }} -subjects: -- apiGroup: "" - kind: ServiceAccount - name: {{ include "stackstate-k8s-agent.fullname" . }} - namespace: {{ .Release.Namespace }} diff --git a/charts/stackstate/stackstate-k8s-agent/1.0.76/templates/cluster-agent-configmap.yaml b/charts/stackstate/stackstate-k8s-agent/1.0.76/templates/cluster-agent-configmap.yaml deleted file mode 100644 index 89273e11b..000000000 --- a/charts/stackstate/stackstate-k8s-agent/1.0.76/templates/cluster-agent-configmap.yaml +++ /dev/null @@ -1,28 +0,0 @@ -apiVersion: v1 -kind: ConfigMap -metadata: - name: {{ .Release.Name }}-cluster-agent - labels: -{{ include "stackstate-k8s-agent.labels" . | indent 4 }} - app.kubernetes.io/component: cluster-agent -data: - kubernetes_api_events_conf: | - init_config: - instances: - - collect_events: {{ .Values.clusterAgent.collection.kubernetesEvents }} - event_categories:{{ .Values.clusterAgent.config.events.categories | toYaml | nindent 10 }} - kubernetes_api_topology_conf: | - init_config: - instances: - - collection_interval: {{ .Values.clusterAgent.config.topology.collectionInterval }} - resources:{{ .Values.clusterAgent.collection.kubernetesResources | toYaml | nindent 10 }} - {{- if .Values.clusterAgent.collection.kubeStateMetrics.enabled }} - kube_state_metrics_core_conf: | - {{- include "cluster-agent-kube-state-metrics" . | nindent 6 }} - {{- end }} -{{- if .Values.clusterAgent.config.override }} -{{- range .Values.clusterAgent.config.override }} - {{ .path | replace "/" "_"}}_{{ .name }}: | -{{ .data | indent 4 -}} -{{- end -}} -{{- end -}} diff --git a/charts/stackstate/stackstate-k8s-agent/1.0.76/templates/cluster-agent-deployment.yaml b/charts/stackstate/stackstate-k8s-agent/1.0.76/templates/cluster-agent-deployment.yaml deleted file mode 100644 index 57b688831..000000000 --- a/charts/stackstate/stackstate-k8s-agent/1.0.76/templates/cluster-agent-deployment.yaml +++ /dev/null @@ -1,172 +0,0 @@ -apiVersion: apps/v1 -kind: Deployment -metadata: - name: {{ .Release.Name }}-cluster-agent - labels: -{{ include "stackstate-k8s-agent.labels" . | indent 4 }} - app.kubernetes.io/component: cluster-agent -spec: - replicas: {{ .Values.clusterAgent.replicaCount }} - selector: - matchLabels: - app.kubernetes.io/component: cluster-agent - app.kubernetes.io/instance: {{ .Release.Name }} - app.kubernetes.io/name: {{ include "stackstate-k8s-agent.name" . }} -{{- with .Values.clusterAgent.strategy }} - strategy: - {{- toYaml . | nindent 4 }} -{{- end }} - template: - metadata: - annotations: - {{- include "stackstate-k8s-agent.checksum-configs" . | nindent 8 }} - {{- include "stackstate-k8s-agent.configmap.override.checksum" . | nindent 8 }} - labels: - app.kubernetes.io/component: cluster-agent - app.kubernetes.io/instance: {{ .Release.Name }} - app.kubernetes.io/name: {{ include "stackstate-k8s-agent.name" . }} - spec: - {{- include "stackstate-k8s-agent.image.pullSecrets" (dict "images" (list .Values.clusterAgent.image .Values.all.image) "context" $) | nindent 6 }} - {{- if .Values.clusterAgent.priorityClassName }} - priorityClassName: {{ .Values.clusterAgent.priorityClassName }} - {{- end }} - serviceAccountName: {{ include "stackstate-k8s-agent.fullname" . }} - {{- if .Values.all.hardening.enabled}} - terminationGracePeriodSeconds: 240 - {{- end }} - containers: - - name: cluster-agent - image: "{{ include "stackstate-k8s-agent.imageRegistry" . }}/{{ .Values.clusterAgent.image.repository }}:{{ .Values.clusterAgent.image.tag }}" - imagePullPolicy: "{{ .Values.clusterAgent.image.pullPolicy }}" - {{- if .Values.all.hardening.enabled}} - lifecycle: - preStop: - exec: - command: [ "/bin/sh", "-c", "echo 'Giving slim.ai monitor time to submit data...'; sleep 120" ] - {{- end }} - env: - - name: STS_API_KEY - valueFrom: - secretKeyRef: - name: {{ include "stackstate-k8s-agent.fullname" . }} - key: sts-api-key - - name: STS_CLUSTER_AGENT_AUTH_TOKEN - valueFrom: - secretKeyRef: - name: {{ include "stackstate-k8s-agent.fullname" . }} - key: sts-cluster-auth-token - - name: KUBERNETES_HOSTNAME - valueFrom: - fieldRef: - fieldPath: spec.nodeName - - name: STS_HOSTNAME - value: "$(KUBERNETES_HOSTNAME)-{{ .Values.stackstate.cluster.name}}" - - name: LOG_LEVEL - value: {{ .Values.clusterAgent.logLevel | quote }} - {{- if .Values.checksAgent.enabled }} - - name: STS_CLUSTER_CHECKS_ENABLED - value: "true" - - name: STS_EXTRA_CONFIG_PROVIDERS - value: "kube_endpoints kube_services" - - name: STS_EXTRA_LISTENERS - value: "kube_endpoints kube_services" - {{- end }} - - name: STS_CLUSTER_NAME - value: {{.Values.stackstate.cluster.name | quote }} - - name: STS_SKIP_VALIDATE_CLUSTERNAME - value: "true" - - name: STS_SKIP_SSL_VALIDATION - value: {{ or .Values.global.skipSslValidation .Values.clusterAgent.skipSslValidation | quote }} - - name: STS_COLLECT_KUBERNETES_METRICS - value: {{ .Values.clusterAgent.collection.kubernetesMetrics | quote }} - - name: STS_COLLECT_KUBERNETES_TIMEOUT - value: {{ .Values.clusterAgent.collection.kubernetesTimeout | quote }} - - name: STS_COLLECT_KUBERNETES_TOPOLOGY - value: {{ .Values.clusterAgent.collection.kubernetesTopology | quote }} - - name: STS_LEADER_ELECTION - value: "true" - - name: STS_LOG_LEVEL - value: {{ .Values.clusterAgent.logLevel | quote }} - - name: STS_CLUSTER_AGENT_CMD_PORT - value: {{ .Values.clusterAgent.service.targetPort | quote }} - - name: STS_STS_URL - value: {{ include "stackstate-k8s-agent.stackstate.url" . }} - {{- if .Values.clusterAgent.config.configMap.maxDataSize }} - - name: STS_CONFIGMAP_MAX_DATASIZE - value: {{ .Values.clusterAgent.config.configMap.maxDataSize | quote }} - {{- end}} - {{- if .Values.global.proxy.url }} - - name: STS_PROXY_HTTPS - value: {{ .Values.global.proxy.url | quote }} - - name: STS_PROXY_HTTP - value: {{ .Values.global.proxy.url | quote }} - {{- end }} - {{- range $key, $value := .Values.global.extraEnv.open }} - - name: {{ $key }} - value: {{ $value | quote }} - {{- end }} - {{- range $key, $value := .Values.global.extraEnv.secret }} - - name: {{ $key }} - valueFrom: - secretKeyRef: - name: {{ include "stackstate-k8s-agent.fullname" . }} - key: {{ $key }} - {{- end }} - {{- if .Values.all.hardening.enabled}} - securityContext: - privileged: true - runAsUser: 0 # root - capabilities: - add: [ "ALL" ] - readOnlyRootFilesystem: false - {{- else }} - securityContext: - privileged: false - {{- end }} - {{- with .Values.clusterAgent.resources }} - resources: - {{- toYaml . | nindent 12 }} - {{- end }} - volumeMounts: - - name: logs - mountPath: /var/log/stackstate-agent - - name: config-override-volume - mountPath: /etc/stackstate-agent/conf.d/kubernetes_api_events.d/conf.yaml - subPath: kubernetes_api_events_conf - - name: config-override-volume - mountPath: /etc/stackstate-agent/conf.d/kubernetes_api_topology.d/conf.yaml - subPath: kubernetes_api_topology_conf - readOnly: true - {{- if .Values.clusterAgent.collection.kubeStateMetrics.enabled }} - - name: config-override-volume - mountPath: /etc/stackstate-agent/conf.d/kubernetes_state_core.d/conf.yaml - subPath: kube_state_metrics_core_conf - readOnly: true - {{- end }} - {{- if .Values.clusterAgent.config.override }} - {{- range .Values.clusterAgent.config.override }} - - name: config-override-volume - mountPath: {{ .path }}/{{ .name }} - subPath: {{ .path | replace "/" "_"}}_{{ .name }} - readOnly: true - {{- end }} - {{- end }} - nodeSelector: - {{ template "label.os" . }}: {{ .Values.targetSystem }} - {{- with .Values.clusterAgent.nodeSelector }} - {{- toYaml . | nindent 8 }} - {{- end }} - {{- with .Values.clusterAgent.affinity }} - affinity: - {{- toYaml . | nindent 8 }} - {{- end }} - {{- with .Values.clusterAgent.tolerations }} - tolerations: - {{- toYaml . | nindent 8 }} - {{- end }} - volumes: - - name: logs - emptyDir: {} - - name: config-override-volume - configMap: - name: {{ .Release.Name }}-cluster-agent diff --git a/charts/stackstate/stackstate-k8s-agent/1.0.76/templates/cluster-agent-poddisruptionbudget.yaml b/charts/stackstate/stackstate-k8s-agent/1.0.76/templates/cluster-agent-poddisruptionbudget.yaml deleted file mode 100644 index 652fa63d9..000000000 --- a/charts/stackstate/stackstate-k8s-agent/1.0.76/templates/cluster-agent-poddisruptionbudget.yaml +++ /dev/null @@ -1,18 +0,0 @@ -{{- if .Capabilities.APIVersions.Has "policy/v1/PodDisruptionBudget" }} -apiVersion: policy/v1 -{{- else }} -apiVersion: policy/v1beta1 -{{- end }} -kind: PodDisruptionBudget -metadata: - name: {{ include "stackstate-k8s-agent.fullname" . }} - labels: -{{ include "stackstate-k8s-agent.labels" . | indent 4 }} - app.kubernetes.io/component: cluster-agent -spec: - maxUnavailable: 1 - selector: - matchLabels: - app.kubernetes.io/component: cluster-agent - app.kubernetes.io/instance: {{ .Release.Name }} - app.kubernetes.io/name: {{ include "stackstate-k8s-agent.name" . }} diff --git a/charts/stackstate/stackstate-k8s-agent/1.0.76/templates/cluster-agent-role.yaml b/charts/stackstate/stackstate-k8s-agent/1.0.76/templates/cluster-agent-role.yaml deleted file mode 100644 index afe1594c1..000000000 --- a/charts/stackstate/stackstate-k8s-agent/1.0.76/templates/cluster-agent-role.yaml +++ /dev/null @@ -1,18 +0,0 @@ -{{- $kubeRes := .Values.clusterAgent.collection.kubernetesResources }} -apiVersion: rbac.authorization.k8s.io/v1 -kind: Role -metadata: - name: {{ include "stackstate-k8s-agent.fullname" . }} - labels: -{{ include "stackstate-k8s-agent.labels" . | indent 4 }} - app.kubernetes.io/component: cluster-agent -rules: -- apiGroups: - - "" - resources: - - configmaps - verbs: - - create - - get - - patch - - update diff --git a/charts/stackstate/stackstate-k8s-agent/1.0.76/templates/cluster-agent-rolebinding.yaml b/charts/stackstate/stackstate-k8s-agent/1.0.76/templates/cluster-agent-rolebinding.yaml deleted file mode 100644 index befaa77f2..000000000 --- a/charts/stackstate/stackstate-k8s-agent/1.0.76/templates/cluster-agent-rolebinding.yaml +++ /dev/null @@ -1,15 +0,0 @@ -apiVersion: rbac.authorization.k8s.io/v1 -kind: RoleBinding -metadata: - name: {{ include "stackstate-k8s-agent.fullname" . }} - labels: -{{ include "stackstate-k8s-agent.labels" . | indent 4 }} - app.kubernetes.io/component: cluster-agent -roleRef: - apiGroup: rbac.authorization.k8s.io - kind: Role - name: {{ include "stackstate-k8s-agent.fullname" . }} -subjects: -- apiGroup: "" - kind: ServiceAccount - name: {{ include "stackstate-k8s-agent.fullname" . }} diff --git a/charts/stackstate/stackstate-k8s-agent/1.0.76/templates/cluster-agent-service.yaml b/charts/stackstate/stackstate-k8s-agent/1.0.76/templates/cluster-agent-service.yaml deleted file mode 100644 index 93c39aaba..000000000 --- a/charts/stackstate/stackstate-k8s-agent/1.0.76/templates/cluster-agent-service.yaml +++ /dev/null @@ -1,18 +0,0 @@ -apiVersion: v1 -kind: Service -metadata: - name: {{ .Release.Name }}-cluster-agent - namespace: {{ .Release.Namespace }} - labels: -{{ include "stackstate-k8s-agent.labels" . | indent 4 }} - app.kubernetes.io/component: cluster-agent -spec: - ports: - - name: clusteragent - port: {{int .Values.clusterAgent.service.port }} - protocol: TCP - targetPort: {{int .Values.clusterAgent.service.targetPort }} - selector: - app.kubernetes.io/component: cluster-agent - app.kubernetes.io/instance: {{ .Release.Name }} - app.kubernetes.io/name: {{ include "stackstate-k8s-agent.name" . }} diff --git a/charts/stackstate/stackstate-k8s-agent/1.0.76/templates/cluster-agent-serviceaccount.yaml b/charts/stackstate/stackstate-k8s-agent/1.0.76/templates/cluster-agent-serviceaccount.yaml deleted file mode 100644 index ff7b7be35..000000000 --- a/charts/stackstate/stackstate-k8s-agent/1.0.76/templates/cluster-agent-serviceaccount.yaml +++ /dev/null @@ -1,12 +0,0 @@ -apiVersion: v1 -kind: ServiceAccount -metadata: - name: {{ include "stackstate-k8s-agent.fullname" . }} - namespace: {{ .Release.Namespace }} - labels: -{{ include "stackstate-k8s-agent.labels" . | indent 4 }} - app.kubernetes.io/component: cluster-agent -{{- with .Values.clusterAgent.serviceaccount.annotations }} - annotations: - {{- toYaml . | nindent 4 }} -{{- end }} diff --git a/charts/stackstate/stackstate-k8s-agent/1.0.76/templates/logs-agent-clusterrole.yaml b/charts/stackstate/stackstate-k8s-agent/1.0.76/templates/logs-agent-clusterrole.yaml deleted file mode 100644 index 70d70aa47..000000000 --- a/charts/stackstate/stackstate-k8s-agent/1.0.76/templates/logs-agent-clusterrole.yaml +++ /dev/null @@ -1,20 +0,0 @@ -{{- if .Values.logsAgent.enabled }} -apiVersion: rbac.authorization.k8s.io/v1 -kind: ClusterRole -metadata: - name: {{ .Release.Name }}-logs-agent - labels: -{{ include "stackstate-k8s-agent.labels" . | indent 4 }} - app.kubernetes.io/component: logs-agent -rules: -- apiGroups: # Kubelet connectivity - - "" - resources: - - nodes - - services - - pods - verbs: - - get - - watch - - list -{{- end -}} diff --git a/charts/stackstate/stackstate-k8s-agent/1.0.76/templates/logs-agent-clusterrolebinding.yaml b/charts/stackstate/stackstate-k8s-agent/1.0.76/templates/logs-agent-clusterrolebinding.yaml deleted file mode 100644 index 802c5d8c5..000000000 --- a/charts/stackstate/stackstate-k8s-agent/1.0.76/templates/logs-agent-clusterrolebinding.yaml +++ /dev/null @@ -1,18 +0,0 @@ -{{- if .Values.logsAgent.enabled }} -apiVersion: rbac.authorization.k8s.io/v1 -kind: ClusterRoleBinding -metadata: - name: {{ .Release.Name }}-logs-agent - labels: -{{ include "stackstate-k8s-agent.labels" . | indent 4 }} - app.kubernetes.io/component: logs-agent -roleRef: - apiGroup: rbac.authorization.k8s.io - kind: ClusterRole - name: {{ .Release.Name }}-logs-agent -subjects: -- apiGroup: "" - kind: ServiceAccount - name: {{ .Release.Name }}-logs-agent - namespace: {{ .Release.Namespace }} -{{- end -}} diff --git a/charts/stackstate/stackstate-k8s-agent/1.0.76/templates/logs-agent-configmap.yaml b/charts/stackstate/stackstate-k8s-agent/1.0.76/templates/logs-agent-configmap.yaml deleted file mode 100644 index 1f1170aaa..000000000 --- a/charts/stackstate/stackstate-k8s-agent/1.0.76/templates/logs-agent-configmap.yaml +++ /dev/null @@ -1,60 +0,0 @@ -{{- if .Values.logsAgent.enabled }} -apiVersion: v1 -kind: ConfigMap -metadata: - name: {{ .Release.Name }}-logs-agent - labels: -{{ include "stackstate-k8s-agent.labels" . | indent 4 }} - app.kubernetes.io/component: logs-agent -data: - promtail.yaml: | - server: - http_listen_port: 9080 - grpc_listen_port: 0 - - clients: - - url: {{ tpl .Values.stackstate.url . }}/logs/k8s?api_key=${STS_API_KEY} - external_labels: - sts_cluster_name: {{ .Values.stackstate.cluster.name | quote }} - {{- if .Values.global.proxy.url }} - proxy_url: {{ .Values.global.proxy.url | quote }} - {{- end }} - tls_config: - insecure_skip_verify: {{ or .Values.global.skipSslValidation .Values.logsAgent.skipSslValidation }} - - - positions: - filename: /tmp/positions.yaml - target_config: - sync_period: 10s - scrape_configs: - - job_name: pod-logs - kubernetes_sd_configs: - - role: pod - pipeline_stages: - - docker: {} - - cri: {} - relabel_configs: - - action: replace - source_labels: - - __meta_kubernetes_pod_name - target_label: pod_name - - action: replace - source_labels: - - __meta_kubernetes_pod_uid - target_label: pod_uid - - action: replace - source_labels: - - __meta_kubernetes_pod_container_name - target_label: container_name - # The __path__ is required by the promtail client - - replacement: /var/log/pods/*$1/*.log - separator: / - source_labels: - - __meta_kubernetes_pod_uid - - __meta_kubernetes_pod_container_name - target_label: __path__ - # Drop all remaining labels, we do not need those - - action: drop - regex: __meta_(.*) -{{- end -}} diff --git a/charts/stackstate/stackstate-k8s-agent/1.0.76/templates/logs-agent-daemonset.yaml b/charts/stackstate/stackstate-k8s-agent/1.0.76/templates/logs-agent-daemonset.yaml deleted file mode 100644 index 015cdba2a..000000000 --- a/charts/stackstate/stackstate-k8s-agent/1.0.76/templates/logs-agent-daemonset.yaml +++ /dev/null @@ -1,90 +0,0 @@ -{{- if .Values.logsAgent.enabled }} -apiVersion: apps/v1 -kind: DaemonSet -metadata: - name: {{ .Release.Name }}-logs-agent - namespace: {{ .Release.Namespace }} - labels: -{{ include "stackstate-k8s-agent.labels" . | indent 4 }} - app.kubernetes.io/component: logs-agent -spec: - selector: - matchLabels: - app.kubernetes.io/component: logs-agent - app.kubernetes.io/instance: {{ .Release.Name }} - app.kubernetes.io/name: {{ include "stackstate-k8s-agent.name" . }} -{{- with .Values.logsAgent.updateStrategy }} - updateStrategy: - {{- toYaml . | nindent 4 }} -{{- end }} - template: - metadata: - annotations: - {{- include "stackstate-k8s-agent.checksum-configs" . | nindent 8 }} - {{- include "stackstate-k8s-agent.logsAgent.configmap.override.checksum" . | nindent 8 }} - labels: - app.kubernetes.io/component: logs-agent - app.kubernetes.io/instance: {{ .Release.Name }} - app.kubernetes.io/name: {{ include "stackstate-k8s-agent.name" . }} - spec: - {{- include "stackstate-k8s-agent.image.pullSecrets" (dict "images" (list .Values.logsAgent.image .Values.all.image) "context" $) | nindent 6 }} - containers: - - name: logs-agent - image: "{{ include "stackstate-k8s-agent.imageRegistry" . }}/{{ .Values.logsAgent.image.repository }}:{{ .Values.logsAgent.image.tag }}" - args: - - -config.expand-env=true - - -config.file=/etc/promtail/promtail.yaml - imagePullPolicy: "{{ .Values.logsAgent.image.pullPolicy }}" - env: - - name: STS_API_KEY - valueFrom: - secretKeyRef: - name: {{ include "stackstate-k8s-agent.fullname" . }} - key: sts-api-key - - name: "HOSTNAME" # needed when using kubernetes_sd_configs - valueFrom: - fieldRef: - fieldPath: "spec.nodeName" - securityContext: - privileged: false - {{- with .Values.logsAgent.resources }} - resources: - {{- toYaml . | nindent 12 }} - {{- end }} - volumeMounts: - - name: logs - mountPath: /var/log - readOnly: true - - name: logs-agent-config - mountPath: /etc/promtail - readOnly: true - - name: varlibdockercontainers - mountPath: /var/lib/docker/containers - readOnly: true - {{- if .Values.logsAgent.priorityClassName }} - priorityClassName: {{ .Values.logsAgent.priorityClassName }} - {{- end }} - serviceAccountName: {{ .Release.Name }}-logs-agent - {{- with .Values.logsAgent.nodeSelector }} - nodeSelector: - {{- toYaml . | nindent 8 }} - {{- end }} - {{- with .Values.logsAgent.affinity }} - affinity: - {{- toYaml . | nindent 8 }} - {{- end }} - {{- with .Values.logsAgent.tolerations }} - tolerations: - {{- toYaml . | nindent 8 }} - {{- end }} - volumes: - - name: logs - hostPath: - path: /var/log - - name: varlibdockercontainers - hostPath: - path: /var/lib/docker/containers - - name: logs-agent-config - configMap: - name: {{ .Release.Name }}-logs-agent -{{- end -}} diff --git a/charts/stackstate/stackstate-k8s-agent/1.0.76/templates/logs-agent-serviceaccount.yaml b/charts/stackstate/stackstate-k8s-agent/1.0.76/templates/logs-agent-serviceaccount.yaml deleted file mode 100644 index e562c04e4..000000000 --- a/charts/stackstate/stackstate-k8s-agent/1.0.76/templates/logs-agent-serviceaccount.yaml +++ /dev/null @@ -1,14 +0,0 @@ -{{- if .Values.logsAgent.enabled }} -apiVersion: v1 -kind: ServiceAccount -metadata: - name: {{ .Release.Name }}-logs-agent - namespace: {{ .Release.Namespace }} - labels: -{{ include "stackstate-k8s-agent.labels" . | indent 4 }} - app.kubernetes.io/component: logs-agent -{{- with .Values.logsAgent.serviceaccount.annotations }} - annotations: - {{- toYaml . | nindent 4 }} -{{- end }} -{{- end -}} diff --git a/charts/stackstate/stackstate-k8s-agent/1.0.76/templates/node-agent-clusterrole.yaml b/charts/stackstate/stackstate-k8s-agent/1.0.76/templates/node-agent-clusterrole.yaml deleted file mode 100644 index 11a53c6ed..000000000 --- a/charts/stackstate/stackstate-k8s-agent/1.0.76/templates/node-agent-clusterrole.yaml +++ /dev/null @@ -1,18 +0,0 @@ -apiVersion: rbac.authorization.k8s.io/v1 -kind: ClusterRole -metadata: - name: {{ .Release.Name }}-node-agent - labels: -{{ include "stackstate-k8s-agent.labels" . | indent 4 }} - app.kubernetes.io/component: node-agent -rules: -- apiGroups: # Kubelet connectivity - - "" - resources: - - nodes/metrics - - nodes/proxy - - nodes/spec - - endpoints - verbs: - - get - - list diff --git a/charts/stackstate/stackstate-k8s-agent/1.0.76/templates/node-agent-clusterrolebinding.yaml b/charts/stackstate/stackstate-k8s-agent/1.0.76/templates/node-agent-clusterrolebinding.yaml deleted file mode 100644 index 8a33cb0bc..000000000 --- a/charts/stackstate/stackstate-k8s-agent/1.0.76/templates/node-agent-clusterrolebinding.yaml +++ /dev/null @@ -1,16 +0,0 @@ -apiVersion: rbac.authorization.k8s.io/v1 -kind: ClusterRoleBinding -metadata: - name: {{ .Release.Name }}-node-agent - labels: -{{ include "stackstate-k8s-agent.labels" . | indent 4 }} - app.kubernetes.io/component: node-agent -roleRef: - apiGroup: rbac.authorization.k8s.io - kind: ClusterRole - name: {{ .Release.Name }}-node-agent -subjects: -- apiGroup: "" - kind: ServiceAccount - name: {{ .Release.Name }}-node-agent - namespace: {{ .Release.Namespace }} diff --git a/charts/stackstate/stackstate-k8s-agent/1.0.76/templates/node-agent-configmap.yaml b/charts/stackstate/stackstate-k8s-agent/1.0.76/templates/node-agent-configmap.yaml deleted file mode 100644 index 8fdd99258..000000000 --- a/charts/stackstate/stackstate-k8s-agent/1.0.76/templates/node-agent-configmap.yaml +++ /dev/null @@ -1,14 +0,0 @@ -{{- if .Values.nodeAgent.config.override }} -apiVersion: v1 -kind: ConfigMap -metadata: - name: {{ .Release.Name }}-node-agent - labels: -{{ include "stackstate-k8s-agent.labels" . | indent 4 }} - app.kubernetes.io/component: node-agent -data: -{{- range .Values.nodeAgent.config.override }} - {{ .path | replace "/" "_"}}_{{ .name }}: | -{{ .data | indent 4 -}} -{{- end -}} -{{- end -}} diff --git a/charts/stackstate/stackstate-k8s-agent/1.0.76/templates/node-agent-daemonset.yaml b/charts/stackstate/stackstate-k8s-agent/1.0.76/templates/node-agent-daemonset.yaml deleted file mode 100644 index dd47d1a9e..000000000 --- a/charts/stackstate/stackstate-k8s-agent/1.0.76/templates/node-agent-daemonset.yaml +++ /dev/null @@ -1,105 +0,0 @@ ---- -apiVersion: apps/v1 -kind: DaemonSet -metadata: - name: {{ .Release.Name }}-node-agent - namespace: {{ .Release.Namespace }} - labels: -{{ include "stackstate-k8s-agent.labels" . | indent 4 }} - app.kubernetes.io/component: node-agent -spec: - selector: - matchLabels: - app.kubernetes.io/component: node-agent - app.kubernetes.io/instance: {{ .Release.Name }} - app.kubernetes.io/name: {{ include "stackstate-k8s-agent.name" . }} -{{- with .Values.nodeAgent.updateStrategy }} - updateStrategy: - {{- toYaml . | nindent 4 }} -{{- end }} - template: - metadata: - annotations: - {{- include "stackstate-k8s-agent.checksum-configs" . | nindent 8 }} - {{- include "stackstate-k8s-agent.nodeAgent.configmap.override.checksum" . | nindent 8 }} - labels: - app.kubernetes.io/component: node-agent - app.kubernetes.io/instance: {{ .Release.Name }} - app.kubernetes.io/name: {{ include "stackstate-k8s-agent.name" . }} - spec: - {{- include "stackstate-k8s-agent.image.pullSecrets" (dict "images" (list .Values.nodeAgent.containers.agent.image .Values.all.image) "context" $) | nindent 6 }} - {{- if .Values.all.hardening.enabled}} - terminationGracePeriodSeconds: 240 - {{- end }} - containers: - {{- include "container-agent" . | nindent 6 }} - {{- if .Values.nodeAgent.containers.processAgent.enabled }} - {{- include "container-process-agent" . | nindent 6 }} - {{- end }} - dnsPolicy: ClusterFirstWithHostNet - hostNetwork: true - hostPID: true - {{- if .Values.nodeAgent.priorityClassName }} - priorityClassName: {{ .Values.nodeAgent.priorityClassName }} - {{- end }} - serviceAccountName: {{ .Release.Name }}-node-agent - nodeSelector: - {{ template "label.os" . }}: {{ .Values.targetSystem }} - {{- with .Values.nodeAgent.nodeSelector }} - {{- toYaml . | nindent 8 }} - {{- end }} - {{- with .Values.nodeAgent.affinity }} - affinity: - {{- toYaml . | nindent 8 }} - {{- end }} - {{- with .Values.nodeAgent.tolerations }} - tolerations: - {{- toYaml . | nindent 8 }} - {{- end }} - volumes: - {{- if .Values.nodeAgent.containerRuntime.customSocketPath }} - - hostPath: - path: {{ .Values.nodeAgent.containerRuntime.customSocketPath }} - name: customcrisocket - {{- end }} - - hostPath: - path: /var/lib/kubelet - name: kubelet - - hostPath: - path: /var/lib/nfs - name: nfs - - hostPath: - path: /var/lib/docker/overlay2 - name: dockeroverlay2 - - hostPath: - path: /run/docker/netns - name: dockernetns - - hostPath: - path: /var/run/crio/crio.sock - name: crisocket - - hostPath: - path: /var/run/containerd/containerd.sock - name: containerdsocket - - hostPath: - path: /sys/kernel/debug - name: sys-kernel-debug - - hostPath: - path: /var/run/docker.sock - name: dockersocket - - hostPath: - path: {{ .Values.nodeAgent.containerRuntime.hostProc }} - name: procdir - - hostPath: - path: /etc - name: etcdir - - hostPath: - path: /etc/passwd - name: passwd - - hostPath: - path: /sys/fs/cgroup - name: cgroups - {{- if .Values.nodeAgent.config.override }} - - name: config-override-volume - configMap: - name: {{ .Release.Name }}-node-agent - {{- end }} diff --git a/charts/stackstate/stackstate-k8s-agent/1.0.76/templates/node-agent-podautoscaler.yaml b/charts/stackstate/stackstate-k8s-agent/1.0.76/templates/node-agent-podautoscaler.yaml deleted file mode 100644 index f3de625e9..000000000 --- a/charts/stackstate/stackstate-k8s-agent/1.0.76/templates/node-agent-podautoscaler.yaml +++ /dev/null @@ -1,35 +0,0 @@ ---- -{{- if .Values.nodeAgent.autoScalingEnabled }} -apiVersion: "autoscaling.k8s.io/v1" -kind: VerticalPodAutoscaler -metadata: - name: {{ .Release.Name }}-node-agent-vpa - namespace: {{ .Release.Namespace }} -spec: - targetRef: - apiVersion: "apps/v1" - kind: DaemonSet - name: {{ .Release.Name }}-node-agent - resourcePolicy: - containerPolicies: - - containerName: 'node-agent' - minAllowed: - cpu: {{ .Values.nodeAgent.scaling.autoscalerLimits.agent.minimum.cpu }} - memory: {{ .Values.nodeAgent.scaling.autoscalerLimits.agent.minimum.memory }} - maxAllowed: - cpu: {{ .Values.nodeAgent.scaling.autoscalerLimits.agent.maximum.cpu }} - memory: {{ .Values.nodeAgent.scaling.autoscalerLimits.agent.maximum.memory }} - controlledResources: ["cpu", "memory"] - controlledValues: RequestsAndLimits - - containerName: 'process-agent' - minAllowed: - cpu: {{ .Values.nodeAgent.scaling.autoscalerLimits.processAgent.minimum.cpu }} - memory: {{ .Values.nodeAgent.scaling.autoscalerLimits.processAgent.minimum.memory }} - maxAllowed: - cpu: {{ .Values.nodeAgent.scaling.autoscalerLimits.processAgent.maximum.cpu }} - memory: {{ .Values.nodeAgent.scaling.autoscalerLimits.processAgent.maximum.memory }} - controlledResources: ["cpu", "memory"] - controlledValues: RequestsAndLimits - updatePolicy: - updateMode: "Auto" -{{- end }} diff --git a/charts/stackstate/stackstate-k8s-agent/1.0.76/templates/node-agent-scc.yaml b/charts/stackstate/stackstate-k8s-agent/1.0.76/templates/node-agent-scc.yaml deleted file mode 100644 index 562a099c7..000000000 --- a/charts/stackstate/stackstate-k8s-agent/1.0.76/templates/node-agent-scc.yaml +++ /dev/null @@ -1,56 +0,0 @@ -{{- if .Values.nodeAgent.scc.enabled }} -allowHostDirVolumePlugin: true -# was true -allowHostIPC: true -# was true -allowHostNetwork: true -# Allow host PID for dogstatsd origin detection -allowHostPID: true -# Allow host ports for dsd / trace / logs intake -allowHostPorts: true -allowPrivilegeEscalation: true -# was true -allowPrivilegedContainer: true -# was - '*' -allowedCapabilities: [] -allowedUnsafeSysctls: -- '*' -apiVersion: security.openshift.io/v1 -defaultAddCapabilities: null -fsGroup: -# was RunAsAny - type: MustRunAs -groups: [] -kind: SecurityContextConstraints -metadata: - name: {{ .Release.Name }}-node-agent - namespace: {{ .Release.Namespace }} -priority: null -readOnlyRootFilesystem: false -requiredDropCapabilities: null -# was RunAsAny -runAsUser: - type: MustRunAsRange -# Use the `spc_t` selinux type to access the -# docker socket + proc and cgroup stats -seLinuxContext: - type: RunAsAny - seLinuxOptions: - user: "system_u" - role: "system_r" - type: "spc_t" - level: "s0" -# was - '*' -seccompProfiles: [] -supplementalGroups: - type: RunAsAny -users: -- system:serviceaccount:{{ .Release.Namespace }}:{{ .Release.Name }}-node-agent -# Allow hostPath for docker / process metrics -volumes: - - configMap - - downwardAPI - - emptyDir - - hostPath - - secret -{{- end }} diff --git a/charts/stackstate/stackstate-k8s-agent/1.0.76/templates/node-agent-service.yaml b/charts/stackstate/stackstate-k8s-agent/1.0.76/templates/node-agent-service.yaml deleted file mode 100644 index ad5ad71ce..000000000 --- a/charts/stackstate/stackstate-k8s-agent/1.0.76/templates/node-agent-service.yaml +++ /dev/null @@ -1,26 +0,0 @@ -apiVersion: v1 -kind: Service -metadata: - name: {{ .Release.Name }}-node-agent - namespace: {{ .Release.Namespace }} - labels: -{{ include "stackstate-k8s-agent.labels" . | indent 4 }} - app.kubernetes.io/component: node-agent -{{- with .Values.nodeAgent.service.annotations }} - annotations: - {{- toYaml . | nindent 4 }} -{{- end }} -spec: - type: {{ .Values.nodeAgent.service.type }} -{{- if eq .Values.nodeAgent.service.type "LoadBalancer" }} - loadBalancerSourceRanges: {{ toYaml .Values.nodeAgent.service.loadBalancerSourceRanges | nindent 4}} -{{- end }} - ports: - - name: traceport - port: 8126 - protocol: TCP - targetPort: 8126 - selector: - app.kubernetes.io/component: node-agent - app.kubernetes.io/instance: {{ .Release.Name }} - app.kubernetes.io/name: {{ include "stackstate-k8s-agent.name" . }} diff --git a/charts/stackstate/stackstate-k8s-agent/1.0.76/templates/node-agent-serviceaccount.yaml b/charts/stackstate/stackstate-k8s-agent/1.0.76/templates/node-agent-serviceaccount.yaml deleted file mode 100644 index 935fa9674..000000000 --- a/charts/stackstate/stackstate-k8s-agent/1.0.76/templates/node-agent-serviceaccount.yaml +++ /dev/null @@ -1,12 +0,0 @@ -apiVersion: v1 -kind: ServiceAccount -metadata: - name: {{ .Release.Name }}-node-agent - namespace: {{ .Release.Namespace }} - labels: -{{ include "stackstate-k8s-agent.labels" . | indent 4 }} - app.kubernetes.io/component: node-agent -{{- with .Values.nodeAgent.serviceaccount.annotations }} - annotations: - {{- toYaml . | nindent 4 }} -{{- end }} diff --git a/charts/stackstate/stackstate-k8s-agent/1.0.76/templates/openshift-logging-secret.yaml b/charts/stackstate/stackstate-k8s-agent/1.0.76/templates/openshift-logging-secret.yaml deleted file mode 100644 index df813afe2..000000000 --- a/charts/stackstate/stackstate-k8s-agent/1.0.76/templates/openshift-logging-secret.yaml +++ /dev/null @@ -1,17 +0,0 @@ -{{- if .Values.openShiftLogging.installSecret }} -apiVersion: v1 -kind: Secret -metadata: - name: {{ include "stackstate-k8s-agent.fullname" . }}-logging-secret - namespace: openshift-logging - labels: -{{ include "stackstate-k8s-agent.labels" . | indent 4 }} -type: Opaque -data: - username: {{ "apikey" | b64enc | quote }} -{{- if .Values.global.receiverApiKey }} - password: {{ .Values.global.receiverApiKey | b64enc | quote }} -{{- else }} - password: {{ .Values.stackstate.apiKey | b64enc | quote }} -{{- end }} -{{- end }} diff --git a/charts/stackstate/stackstate-k8s-agent/1.0.76/templates/pull-secret.yaml b/charts/stackstate/stackstate-k8s-agent/1.0.76/templates/pull-secret.yaml deleted file mode 100644 index 441a42a15..000000000 --- a/charts/stackstate/stackstate-k8s-agent/1.0.76/templates/pull-secret.yaml +++ /dev/null @@ -1,35 +0,0 @@ -{{- $defaultRegistry := .Values.global.imageRegistry }} -{{- $top := . }} -{{- $registryAuthMap := dict }} - -{{- range $registry, $credentials := .Values.global.imagePullCredentials }} - {{- $registryAuthDocument := dict -}} - {{- $_ := set $registryAuthDocument "username" $credentials.username }} - {{- $_ := set $registryAuthDocument "password" $credentials.password }} - {{- $authMessage := printf "%s:%s" $registryAuthDocument.username $registryAuthDocument.password | b64enc }} - {{- $_ := set $registryAuthDocument "auth" $authMessage }} - {{- if eq $registry "default" }} - {{- $registryAuthMap := set $registryAuthMap (include "stackstate-k8s-agent.imageRegistry" $top) $registryAuthDocument }} - {{ else }} - {{- $registryAuthMap := set $registryAuthMap $registry $registryAuthDocument }} - {{- end }} -{{- end }} - -{{- if .Values.all.image.pullSecretUsername }} - {{- $registryAuthDocument := dict -}} - {{- $_ := set $registryAuthDocument "username" .Values.all.image.pullSecretUsername }} - {{- $_ := set $registryAuthDocument "password" .Values.all.image.pullSecretPassword }} - {{- $authMessage := printf "%s:%s" $registryAuthDocument.username $registryAuthDocument.password | b64enc }} - {{- $_ := set $registryAuthDocument "auth" $authMessage }} - {{- $registryAuthMap := set $registryAuthMap (include "stackstate-k8s-agent.imageRegistry" $top) $registryAuthDocument }} -{{- end }} - -{{- $dockerAuthsDocuments := dict "auths" $registryAuthMap }} - -apiVersion: v1 -kind: Secret -metadata: - name: {{ include "stackstate-k8s-agent.pull-secret.name" . }} -data: - .dockerconfigjson: {{ $dockerAuthsDocuments | toJson | b64enc | quote }} -type: kubernetes.io/dockerconfigjson diff --git a/charts/stackstate/stackstate-k8s-agent/1.0.76/templates/secret.yaml b/charts/stackstate/stackstate-k8s-agent/1.0.76/templates/secret.yaml deleted file mode 100644 index 31057ccf3..000000000 --- a/charts/stackstate/stackstate-k8s-agent/1.0.76/templates/secret.yaml +++ /dev/null @@ -1,22 +0,0 @@ -apiVersion: v1 -kind: Secret -metadata: - name: {{ include "stackstate-k8s-agent.fullname" . }} - namespace: {{ .Release.Namespace }} - labels: -{{ include "stackstate-k8s-agent.labels" . | indent 4 }} -type: Opaque -data: -{{- if .Values.global.receiverApiKey }} - sts-api-key: {{ .Values.global.receiverApiKey | b64enc | quote }} -{{- else }} - sts-api-key: {{ .Values.stackstate.apiKey | b64enc | quote }} -{{- end }} -{{- if .Values.stackstate.cluster.authToken }} - sts-cluster-auth-token: {{ .Values.stackstate.cluster.authToken | b64enc | quote }} -{{- else }} - sts-cluster-auth-token: {{ randAlphaNum 32 | b64enc | quote }} -{{- end }} -{{- range $key, $value := .Values.global.extraEnv.secret }} - {{ $key }}: {{ $value | b64enc | quote }} -{{- end }} diff --git a/charts/stackstate/stackstate-k8s-agent/1.0.76/test/clusteragent_resources_test.go b/charts/stackstate/stackstate-k8s-agent/1.0.76/test/clusteragent_resources_test.go deleted file mode 100644 index 25875e871..000000000 --- a/charts/stackstate/stackstate-k8s-agent/1.0.76/test/clusteragent_resources_test.go +++ /dev/null @@ -1,145 +0,0 @@ -package test - -import ( - "regexp" - "strings" - "testing" - - v1 "k8s.io/api/rbac/v1" - - "github.com/stretchr/testify/assert" - "gitlab.com/StackVista/DevOps/helm-charts/helmtestutil" -) - -var requiredRules = []string{ - "events+get,list,watch", - "nodes+get,list,watch", - "pods+get,list,watch", - "services+get,list,watch", - "configmaps+create,get,patch,update", -} - -var optionalRules = []string{ - "namespaces+get,list,watch", - "componentstatuses+get,list,watch", - "configmaps+list,watch", // get is already required - "endpoints+get,list,watch", - "persistentvolumeclaims+get,list,watch", - "persistentvolumes+get,list,watch", - "secrets+get,list,watch", - "apps/daemonsets+get,list,watch", - "apps/deployments+get,list,watch", - "apps/replicasets+get,list,watch", - "apps/statefulsets+get,list,watch", - "extensions/ingresses+get,list,watch", - "batch/cronjobs+get,list,watch", - "batch/jobs+get,list,watch", -} - -var roleDescriptionRegexp = regexp.MustCompile(`^((?P\w+)/)?(?P\w+)\+(?P[\w,]+)`) - -type Rule struct { - Group string - ResourceName string - Verb string -} - -func assertRuleExistence(t *testing.T, rules []v1.PolicyRule, roleDescription string, shouldBePresent bool) { - match := roleDescriptionRegexp.FindStringSubmatch(roleDescription) - assert.NotNil(t, match) - - var roleRules []Rule - for _, rule := range rules { - for _, group := range rule.APIGroups { - for _, resource := range rule.Resources { - for _, verb := range rule.Verbs { - roleRules = append(roleRules, Rule{group, resource, verb}) - } - } - } - } - - resGroup := match[roleDescriptionRegexp.SubexpIndex("group")] - resName := match[roleDescriptionRegexp.SubexpIndex("name")] - verbs := strings.Split(match[roleDescriptionRegexp.SubexpIndex("verbs")], ",") - - for _, verb := range verbs { - requiredRule := Rule{resGroup, resName, verb} - found := false - for _, rule := range roleRules { - if rule == requiredRule { - found = true - break - } - } - if shouldBePresent { - assert.Truef(t, found, "Rule %v has not been found", requiredRule) - } else { - assert.Falsef(t, found, "Rule %v should not be present", requiredRule) - } - } -} - -func TestAllResourcesAreEnabled(t *testing.T) { - output := helmtestutil.RenderHelmTemplate(t, "stackstate-k8s-agent", "values/minimal.yaml") - resources := helmtestutil.NewKubernetesResources(t, output) - - assert.Contains(t, resources.ClusterRoles, "stackstate-k8s-agent") - assert.Contains(t, resources.Roles, "stackstate-k8s-agent") - rules := resources.ClusterRoles["stackstate-k8s-agent"].Rules - rules = append(rules, resources.Roles["stackstate-k8s-agent"].Rules...) - - for _, requiredRole := range requiredRules { - assertRuleExistence(t, rules, requiredRole, true) - } - // be default, everything is enabled, so all the optional roles should be present as well - for _, optionalRule := range optionalRules { - assertRuleExistence(t, rules, optionalRule, true) - } -} - -func TestMostOfResourcesAreDisabled(t *testing.T) { - output := helmtestutil.RenderHelmTemplate(t, "stackstate-k8s-agent", "values/minimal.yaml", "values/disable-all-resource.yaml") - resources := helmtestutil.NewKubernetesResources(t, output) - - assert.Contains(t, resources.ClusterRoles, "stackstate-k8s-agent") - assert.Contains(t, resources.Roles, "stackstate-k8s-agent") - rules := resources.ClusterRoles["stackstate-k8s-agent"].Rules - rules = append(rules, resources.Roles["stackstate-k8s-agent"].Rules...) - - for _, requiredRole := range requiredRules { - assertRuleExistence(t, rules, requiredRole, true) - } - - // we expect all optional resources to be removed from ClusterRole with the given values - for _, optionalRule := range optionalRules { - assertRuleExistence(t, rules, optionalRule, false) - } -} - -func TestNoClusterWideModificationRights(t *testing.T) { - output := helmtestutil.RenderHelmTemplate(t, "stackstate-k8s-agent", "values/minimal.yaml", "values/http-header-injector.yaml") - resources := helmtestutil.NewKubernetesResources(t, output) - assert.Contains(t, resources.ClusterRoles, "stackstate-k8s-agent") - illegalVerbs := []string{"create", "patch", "update", "delete"} - - for _, clusterRole := range resources.ClusterRoles { - for _, rule := range clusterRole.Rules { - for _, verb := range rule.Verbs { - assert.NotContains(t, illegalVerbs, verb, "ClusterRole %s should not have %s verb for %s resource", clusterRole.Name, verb, rule.Resources) - } - } - } -} - -func TestServicePortChange(t *testing.T) { - output := helmtestutil.RenderHelmTemplate(t, "stackstate-k8s-agent", "values/minimal.yaml", "values/clustercheck_service_port_override.yaml") - resources := helmtestutil.NewKubernetesResources(t, output) - - cluster_agent_service := resources.Services["stackstate-k8s-agent-cluster-agent"] - - port := cluster_agent_service.Spec.Ports[0] - assert.Equal(t, port.Name, "clusteragent") - assert.Equal(t, port.Port, int32(8008)) - assert.Equal(t, port.TargetPort.IntVal, int32(9009)) -} diff --git a/charts/stackstate/stackstate-k8s-agent/1.0.76/test/clustername_test.go b/charts/stackstate/stackstate-k8s-agent/1.0.76/test/clustername_test.go deleted file mode 100644 index 55090b995..000000000 --- a/charts/stackstate/stackstate-k8s-agent/1.0.76/test/clustername_test.go +++ /dev/null @@ -1,54 +0,0 @@ -package test - -import ( - "testing" - - "github.com/gruntwork-io/terratest/modules/helm" - "github.com/stretchr/testify/assert" - - "gitlab.com/StackVista/DevOps/helm-charts/helmtestutil" -) - -func TestHelmBasicRender(t *testing.T) { - output := helmtestutil.RenderHelmTemplate(t, "stackstate-k8s-agent", "values/minimal.yaml") - - // Parse all resources into their corresponding types for validation and further inspection - helmtestutil.NewKubernetesResources(t, output) -} - -func TestClusterNameValidation(t *testing.T) { - testCases := []struct { - Name string - ClusterName string - IsValid bool - }{ - {"not allowed end with special character [.]", "name.", false}, - {"not allowed end with special character [-]", "name.", false}, - {"not allowed start with special character [-]", "-name", false}, - {"not allowed start with special character [.]", ".name", false}, - {"upper case is not allowed", "Euwest1-prod.cool-company.com", false}, - {"upper case is not allowed", "euwest1-PROD.cool-company.com", false}, - {"upper case is not allowed", "euwest1-prod.cool-company.coM", false}, - {"dots and dashes are allowed in the middle", "euwest1-prod.cool-company.com", true}, - {"underscore is not allowed", "why_7", false}, - } - - for _, testCase := range testCases { - t.Run(testCase.Name, func(t *testing.T) { - output, err := helmtestutil.RenderHelmTemplateOpts( - t, "cluster-agent", - &helm.Options{ - ValuesFiles: []string{"values/minimal.yaml"}, - SetStrValues: map[string]string{ - "stackstate.cluster.name": testCase.ClusterName, - }, - }) - if testCase.IsValid { - assert.Nil(t, err) - } else { - assert.NotNil(t, err) - assert.Contains(t, output, "stackstate.cluster.name: Does not match pattern") - } - }) - } -} diff --git a/charts/stackstate/stackstate-k8s-agent/1.0.76/test/values/clustercheck_ksm_custom_url.yaml b/charts/stackstate/stackstate-k8s-agent/1.0.76/test/values/clustercheck_ksm_custom_url.yaml deleted file mode 100644 index 57b973eed..000000000 --- a/charts/stackstate/stackstate-k8s-agent/1.0.76/test/values/clustercheck_ksm_custom_url.yaml +++ /dev/null @@ -1,7 +0,0 @@ -checksAgent: - enabled: true - kubeStateMetrics: - url: http://my-custom-ksm-url.monitoring.svc.local:8080/metrics -dependencies: - kubeStateMetrics: - enabled: true diff --git a/charts/stackstate/stackstate-k8s-agent/1.0.76/test/values/clustercheck_ksm_no_override.yaml b/charts/stackstate/stackstate-k8s-agent/1.0.76/test/values/clustercheck_ksm_no_override.yaml deleted file mode 100644 index b6c817d47..000000000 --- a/charts/stackstate/stackstate-k8s-agent/1.0.76/test/values/clustercheck_ksm_no_override.yaml +++ /dev/null @@ -1,5 +0,0 @@ -checksAgent: - enabled: true -dependencies: - kubeStateMetrics: - enabled: true diff --git a/charts/stackstate/stackstate-k8s-agent/1.0.76/test/values/clustercheck_ksm_override.yaml b/charts/stackstate/stackstate-k8s-agent/1.0.76/test/values/clustercheck_ksm_override.yaml deleted file mode 100644 index 9ca201345..000000000 --- a/charts/stackstate/stackstate-k8s-agent/1.0.76/test/values/clustercheck_ksm_override.yaml +++ /dev/null @@ -1,26 +0,0 @@ -checksAgent: - enabled: true -dependencies: - kubeStateMetrics: - enabled: true -agent: - config: - override: -# agent.config.override -- Disables kubernetes_state check on regular agent pods. - - name: auto_conf.yaml - path: /etc/stackstate-agent/conf.d/kubernetes_state.d - data: | -clusterAgent: - config: - override: -# clusterAgent.config.override -- Defines kubernetes_state check for clusterchecks agents. Auto-discovery -# with ad_identifiers does not work here. Use a specific URL instead. - - name: conf.yaml - path: /etc/stackstate-agent/conf.d/kubernetes_state.d - data: | - cluster_check: true - - init_config: - - instances: - - kube_state_url: http://YOUR_KUBE_STATE_METRICS_SERVICE_NAME:8080/metrics diff --git a/charts/stackstate/stackstate-k8s-agent/1.0.76/test/values/clustercheck_no_ksm_custom_url.yaml b/charts/stackstate/stackstate-k8s-agent/1.0.76/test/values/clustercheck_no_ksm_custom_url.yaml deleted file mode 100644 index a62691878..000000000 --- a/charts/stackstate/stackstate-k8s-agent/1.0.76/test/values/clustercheck_no_ksm_custom_url.yaml +++ /dev/null @@ -1,7 +0,0 @@ -checksAgent: - enabled: true - kubeStateMetrics: - url: http://my-custom-ksm-url.monitoring.svc.local:8080/metrics -dependencies: - kubeStateMetrics: - enabled: false diff --git a/charts/stackstate/stackstate-k8s-agent/1.0.76/test/values/clustercheck_service_port_override.yaml b/charts/stackstate/stackstate-k8s-agent/1.0.76/test/values/clustercheck_service_port_override.yaml deleted file mode 100644 index c01a98fcb..000000000 --- a/charts/stackstate/stackstate-k8s-agent/1.0.76/test/values/clustercheck_service_port_override.yaml +++ /dev/null @@ -1,4 +0,0 @@ -clusterAgent: - service: - port: 8008 - targetPort: 9009 diff --git a/charts/stackstate/stackstate-k8s-agent/1.0.76/test/values/disable-all-resource.yaml b/charts/stackstate/stackstate-k8s-agent/1.0.76/test/values/disable-all-resource.yaml deleted file mode 100644 index cd33e843e..000000000 --- a/charts/stackstate/stackstate-k8s-agent/1.0.76/test/values/disable-all-resource.yaml +++ /dev/null @@ -1,17 +0,0 @@ -clusterAgent: - collection: - kubernetesMetrics: false - kubernetesResources: - namespaces: false - configmaps: false - endpoints: false - persistentvolumes: false - persistentvolumeclaims: false - secrets: false - daemonsets: false - deployments: false - replicasets: false - statefulsets: false - ingresses: false - cronjobs: false - jobs: false diff --git a/charts/stackstate/stackstate-k8s-agent/1.0.76/test/values/http-header-injector.yaml b/charts/stackstate/stackstate-k8s-agent/1.0.76/test/values/http-header-injector.yaml deleted file mode 100644 index c9392ce2d..000000000 --- a/charts/stackstate/stackstate-k8s-agent/1.0.76/test/values/http-header-injector.yaml +++ /dev/null @@ -1,8 +0,0 @@ -httpHeaderInjectorWebhook: - webhook: - tls: - mode: "provided" - provided: - caBundle: insert-ca-here - crt: insert-cert-here - key: insert-key-here diff --git a/charts/stackstate/stackstate-k8s-agent/1.0.76/test/values/minimal.yaml b/charts/stackstate/stackstate-k8s-agent/1.0.76/test/values/minimal.yaml deleted file mode 100644 index b310c9a09..000000000 --- a/charts/stackstate/stackstate-k8s-agent/1.0.76/test/values/minimal.yaml +++ /dev/null @@ -1,7 +0,0 @@ -stackstate: - apiKey: foobar - cluster: - name: some-k8s-cluster - token: some-token - - url: https://stackstate:7000/receiver diff --git a/charts/stackstate/stackstate-k8s-agent/1.0.76/values.schema.json b/charts/stackstate/stackstate-k8s-agent/1.0.76/values.schema.json deleted file mode 100644 index 2b977af3d..000000000 --- a/charts/stackstate/stackstate-k8s-agent/1.0.76/values.schema.json +++ /dev/null @@ -1,79 +0,0 @@ -{ - "$schema": "https://json-schema.org/draft/2019-09/schema", - "$id": "https://stackstate.io/example.json", - "type": "object", - "default": {}, - "title": "StackState Agent Helm chart values", - "required": [ - "stackstate", - "clusterAgent" - ], - "properties": { - "stackstate": { - "type": "object", - "required": [ - "apiKey", - "cluster", - "url" - ], - "properties": { - "apiKey": { - "type": "string" - }, - "cluster": { - "type": "object", - "required": ["name"], - "properties": { - "name": { - "type": "string", - "pattern": "^[a-z0-9]([a-z0-9\\-\\.]*[a-z0-9])$" - }, - "authToken": { - "type": "string" - } - } - }, - "url": { - "type": "string" - } - } - }, - "clusterAgent": { - "type": "object", - "required": [ - "config" - ], - "properties": { - "config": { - "type": "object", - "required": [ - "events" - ], - "properties": { - "events": { - "type": "object", - "properties": { - "categories": { - "type": "object", - "patternProperties": { - ".*": { - "type": [ - "string" - ], - "enum": [ - "Alerts", - "Activities", - "Changes", - "Others" - ] - } - } - } - } - } - } - } - } - } - } -} diff --git a/charts/stackstate/stackstate-k8s-agent/1.0.76/values.yaml b/charts/stackstate/stackstate-k8s-agent/1.0.76/values.yaml deleted file mode 100644 index a5e1ce39d..000000000 --- a/charts/stackstate/stackstate-k8s-agent/1.0.76/values.yaml +++ /dev/null @@ -1,603 +0,0 @@ -##################### -# General variables # -##################### - -global: - extraEnv: - # global.extraEnv.open -- Extra open environment variables to inject into pods. - open: {} - # global.extraEnv.secret -- Extra secret environment variables to inject into pods via a `Secret` object. - secret: {} - # global.imagePullSecrets -- Secrets / credentials needed for container image registry. - imagePullSecrets: [] - # global.imagePullCredentials -- Globally define credentials for pulling images. - imagePullCredentials: {} - proxy: - # global.proxy.url -- Proxy for all traffic to stackstate - url: "" - # global.skipSslValidation -- Enable tls validation from client - skipSslValidation: false - -# nameOverride -- Override the name of the chart. -nameOverride: "" -# fullnameOverride -- Override the fullname of the chart. -fullnameOverride: "" - -# targetSystem -- Target OS for this deployment (possible values: linux) -targetSystem: "linux" - -all: - image: - # all.image.registry -- The image registry to use. - registry: "quay.io" - hardening: - # all.hardening.enabled -- An indication of whether the containers will be evaluated for hardening at runtime - enabled: false - -nodeAgent: - # nodeAgent.autoScalingEnabled -- Enable / disable autoscaling for the node agent pods. - autoScalingEnabled: false - containerRuntime: - # nodeAgent.containerRuntime.customSocketPath -- If the container socket path does not match the default for CRI-O, Containerd or Docker, supply a custom socket path. - customSocketPath: "" - # nodeAgent.containerRuntime.customHostProc -- If the container is launched from a place where /proc is mounted differently, /proc can be changed - hostProc: /proc - - scc: - # nodeAgent.scc.enabled -- Enable / disable the installation of the SecurityContextConfiguration needed for installation on OpenShift. - enabled: false - apm: - # nodeAgent.apm.enabled -- Enable / disable the nodeAgent APM module. - enabled: true - networkTracing: - # nodeAgent.networkTracing.enabled -- Enable / disable the nodeAgent network tracing module. - enabled: true - protocolInspection: - # nodeAgent.protocolInspection.enabled -- Enable / disable the nodeAgent protocol inspection. - enabled: true - httpTracing: - enabled: true - # nodeAgent.skipSslValidation -- Set to true if self signed certificates are used. - skipSslValidation: false - # nodeAgent.skipKubeletTLSVerify -- Set to true if you want to skip kubelet tls verification. - skipKubeletTLSVerify: false - - # nodeAgent.checksTagCardinality -- low, orchestrator or high. Orchestrator level adds pod_name, high adds display_container_name - checksTagCardinality: orchestrator - - # nodeAgent.config -- - config: - # nodeAgent.config.override -- A list of objects containing three keys `name`, `path` and `data`, specifying filenames at specific paths which need to be (potentially) overridden using a mounted configmap - override: [] - - # nodeAgent.priorityClassName -- Priority class for nodeAgent pods. - priorityClassName: "" - - scaling: - autoscalerLimits: - agent: - minimum: - # nodeAgent.scaling.autoscalerLimits.agent.minimum.cpu -- Minimum CPU resource limits for main agent. - cpu: "20m" - # nodeAgent.scaling.autoscalerLimits.agent.minimum.memory -- Minimum memory resource limits for main agent. - memory: "180Mi" - maximum: - # nodeAgent.scaling.autoscalerLimits.agent.maximum.cpu -- Maximum CPU resource limits for main agent. - cpu: "200m" - # nodeAgent.scaling.autoscalerLimits.agent.maximum.memory -- Maximum memory resource limits for main agent. - memory: "450Mi" - processAgent: - minimum: - # nodeAgent.scaling.autoscalerLimits.processAgent.minimum.cpu -- Minimum CPU resource limits for process agent. - cpu: "25m" - # nodeAgent.scaling.autoscalerLimits.processAgent.minimum.memory -- Minimum memory resource limits for process agent. - memory: "100Mi" - maximum: - # nodeAgent.scaling.autoscalerLimits.processAgent.maximum.cpu -- Maximum CPU resource limits for process agent. - cpu: "200m" - # nodeAgent.scaling.autoscalerLimits.processAgent.maximum.memory -- Maximum memory resource limits for process agent. - memory: "500Mi" - - containers: - agent: - image: - # nodeAgent.containers.agent.image.repository -- Base container image repository. - repository: stackstate/stackstate-k8s-agent - # nodeAgent.containers.agent.image.tag -- Default container image tag. - tag: "3bc9e882" - # nodeAgent.containers.agent.image.pullPolicy -- Default container image pull policy. - pullPolicy: IfNotPresent - processAgent: - # nodeAgent.containers.agent.processAgent.enabled -- Enable / disable the agent process agent module. - deprecated - enabled: false - # nodeAgent.containers.agent.env -- Additional environment variables for the agent container - env: {} - # nodeAgent.containers.agent.logLevel -- Set logging verbosity, valid log levels are: trace, debug, info, warn, error, critical, and off - ## If not set, fall back to the value of agent.logLevel. - logLevel: # INFO - - resources: - limits: - # nodeAgent.containers.agent.resources.limits.cpu -- CPU resource limits. - cpu: "270m" - # nodeAgent.containers.agent.resources.limits.cpu -- Memory resource limits. - memory: "420Mi" - requests: - # nodeAgent.containers.agent.resources.requests.cpu -- CPU resource requests. - cpu: "20m" - # nodeAgent.containers.agent.resources.requests.cpu -- Memory resource requests. - memory: "180Mi" - livenessProbe: - # nodeAgent.containers.agent.livenessProbe.enabled -- Enable use of livenessProbe check. - enabled: true - # nodeAgent.containers.agent.livenessProbe.failureThreshold -- `failureThreshold` for the liveness probe. - failureThreshold: 3 - # nodeAgent.containers.agent.livenessProbe.initialDelaySeconds -- `initialDelaySeconds` for the liveness probe. - initialDelaySeconds: 15 - # nodeAgent.containers.agent.livenessProbe.periodSeconds -- `periodSeconds` for the liveness probe. - periodSeconds: 15 - # nodeAgent.containers.agent.livenessProbe.successThreshold -- `successThreshold` for the liveness probe. - successThreshold: 1 - # nodeAgent.containers.agent.livenessProbe.timeoutSeconds -- `timeoutSeconds` for the liveness probe. - timeoutSeconds: 5 - readinessProbe: - # nodeAgent.containers.agent.readinessProbe.enabled -- Enable use of readinessProbe check. - enabled: true - # nodeAgent.containers.agent.readinessProbe.failureThreshold -- `failureThreshold` for the readiness probe. - failureThreshold: 3 - # nodeAgent.containers.agent.readinessProbe.initialDelaySeconds -- `initialDelaySeconds` for the readiness probe. - initialDelaySeconds: 15 - # nodeAgent.containers.agent.readinessProbe.periodSeconds -- `periodSeconds` for the readiness probe. - periodSeconds: 15 - # nodeAgent.containers.agent.readinessProbe.successThreshold -- `successThreshold` for the readiness probe. - successThreshold: 1 - # nodeAgent.containers.agent.readinessProbe.timeoutSeconds -- `timeoutSeconds` for the readiness probe. - timeoutSeconds: 5 - - processAgent: - # nodeAgent.containers.processAgent.enabled -- Enable / disable the process agent container. - enabled: true - image: - # Override to pull the image from an alternate registry - registry: - # nodeAgent.containers.processAgent.image.repository -- Process-agent container image repository. - repository: stackstate/stackstate-k8s-process-agent - # nodeAgent.containers.processAgent.image.tag -- Default process-agent container image tag. - tag: "2df5d4d6" - # nodeAgent.containers.processAgent.image.pullPolicy -- Process-agent container image pull policy. - pullPolicy: IfNotPresent - # nodeAgent.containers.processAgent.env -- Additional environment variables for the process-agent container - env: {} - # nodeAgent.containers.processAgent.logLevel -- Set logging verbosity, valid log levels are: trace, debug, info, warn, error, critical, and off - ## If not set, fall back to the value of agent.logLevel. - logLevel: # INFO - - # nodeAgent.containers.processAgent.procVolumeReadOnly -- Configure whether /host/proc is read only for the process agent container - procVolumeReadOnly: true - - resources: - limits: - # nodeAgent.containers.processAgent.resources.limits.cpu -- CPU resource limits. - cpu: "125m" - # nodeAgent.containers.processAgent.resources.limits.cpu -- Memory resource limits. - memory: "400Mi" - requests: - # nodeAgent.containers.processAgent.resources.requests.cpu -- CPU resource requests. - cpu: "25m" - # nodeAgent.containers.processAgent.resources.requests.cpu -- Memory resource requests. - memory: "128Mi" - # nodeAgent.service -- The Kubernetes service for the agent - service: - # nodeAgent.service.type -- Type of Kubernetes service: ClusterIP, LoadBalancer, NodePort - type: ClusterIP - # nodeAgent.service.annotations -- Annotations for the service - annotations: {} - # nodeAgent.service.loadBalancerSourceRanges -- The IP4 CIDR allowed to reach LoadBalancer for the service. For LoadBalancer type of service only. - loadBalancerSourceRanges: ["10.0.0.0/8"] - - # nodeAgent.logLevel -- Logging level for agent processes. - logLevel: INFO - - # nodeAgent.updateStrategy -- The update strategy for the DaemonSet object. - updateStrategy: - type: RollingUpdate - rollingUpdate: - maxUnavailable: 100 - - # nodeAgent.nodeSelector -- Node labels for pod assignment. - nodeSelector: {} - - # nodeAgent.tolerations -- Toleration labels for pod assignment. - tolerations: [] - - # nodeAgent.affinity -- Affinity settings for pod assignment. - affinity: {} - - serviceaccount: - # nodeAgent.serviceaccount.annotations -- Annotations for the service account for the agent daemonset pods - annotations: {} - -processAgent: - softMemoryLimit: - # processAgent.softMemoryLimit.goMemLimit -- Soft-limit for golang heap allocation, for sanity, must be around 85% of nodeAgent.containers.processAgent.resources.limits.cpu. - goMemLimit: 340MiB - # processAgent.softMemoryLimit.httpStatsBufferSize -- Sets a maximum for the number of http stats to keep in memory between check runs, to use 40k requires around ~400Mib of memory. - httpStatsBufferSize: 40000 - # processAgent.softMemoryLimit.httpObservationsBufferSize -- Sets a maximum for the number of http observations to keep in memory between check runs, to use 40k requires around ~400Mib of memory. - httpObservationsBufferSize: 40000 - - checkIntervals: - # processAgent.checkIntervals.container -- Override the default value of the container check interval in seconds. - container: 28 - # processAgent.checkIntervals.connections -- Override the default value of the connections check interval in seconds. - connections: 30 - # processAgent.checkIntervals.process -- Override the default value of the process check interval in seconds. - process: 32 - -clusterAgent: - collection: - # clusterAgent.collection.kubernetesEvents -- Enable / disable the cluster agent events collection. - kubernetesEvents: true - # clusterAgent.collection.kubernetesMetrics -- Enable / disable the cluster agent metrics collection. - kubernetesMetrics: true - # clusterAgent.collection.kubernetesTimeout -- Default timeout (in seconds) when obtaining information from the Kubernetes API. - kubernetesTimeout: 10 - # clusterAgent.collection.kubernetesTopology -- Enable / disable the cluster agent topology collection. - kubernetesTopology: true - kubeStateMetrics: - # clusterAgent.collection.kubeStateMetrics.enabled -- Enable / disable the cluster agent kube-state-metrics collection. - enabled: true - # clusterAgent.collection.kubeStateMetrics.clusterCheck -- For large clusters where the Kubernetes State Metrics Check Core needs to be distributed on dedicated workers. - clusterCheck: false - # clusterAgent.collection.kubeStateMetrics.labelsAsTags -- Extra labels to collect from resources and to turn into StackState tag. - ## It has the following structure: - ## labelsAsTags: - ## : # can be pod, deployment, node, etc. - ## : # where is the kubernetes label and is the StackState tag - ## : - ## : - ## : - ## - ## Warning: the label must match the transformation done by kube-state-metrics, - ## for example tags.stackstate/version becomes tags_stackstate_version. - labelsAsTags: {} - # pod: - # app: app - # node: - # zone: zone - # team: team - - # clusterAgent.collection.kubeStateMetrics.annotationsAsTags -- Extra annotations to collect from resources and to turn into StackState tag. - - ## It has the following structure: - ## annotationsAsTags: - ## : # can be pod, deployment, node, etc. - ## : # where is the kubernetes annotation and is the StackState tag - ## : - ## : - ## : - ## - ## Warning: the annotation must match the transformation done by kube-state-metrics, - ## for example tags.stackstate/version becomes tags_stackstate_version. - annotationsAsTags: {} - kubernetesResources: - # clusterAgent.collection.kubernetesResources.limitranges -- Enable / disable collection of LimitRanges. - limitranges: true - # clusterAgent.collection.kubernetesResources.horizontalpodautoscalers -- Enable / disable collection of HorizontalPodAutoscalers. - horizontalpodautoscalers: true - # clusterAgent.collection.kubernetesResources.replicationcontrollers -- Enable / disable collection of ReplicationControllers. - replicationcontrollers: true - # clusterAgent.collection.kubernetesResources.poddisruptionbudgets -- Enable / disable collection of PodDisruptionBudgets. - poddisruptionbudgets: true - # clusterAgent.collection.kubernetesResources.storageclasses -- Enable / disable collection of StorageClasses. - storageclasses: true - # clusterAgent.collection.kubernetesResources.volumeattachments -- Enable / disable collection of Volume Attachments. Used to bind Nodes to Persistent Volumes. - volumeattachments: true - # clusterAgent.collection.kubernetesResources.namespaces -- Enable / disable collection of Namespaces. - namespaces: true - # clusterAgent.collection.kubernetesResources.configmaps -- Enable / disable collection of ConfigMaps. - configmaps: true - # clusterAgent.collection.kubernetesResources.endpoints -- Enable / disable collection of Endpoints. If endpoints are disabled then StackState won't be able to connect a Service to Pods that serving it - endpoints: true - # clusterAgent.collection.kubernetesResources.persistentvolumes -- Enable / disable collection of PersistentVolumes. - persistentvolumes: true - # clusterAgent.collection.kubernetesResources.persistentvolumeclaims -- Enable / disable collection of PersistentVolumeClaims. Disabling these will not let StackState connect PersistentVolumes to pods they are attached to - persistentvolumeclaims: true - # clusterAgent.collection.kubernetesResources.secrets -- Enable / disable collection of Secrets. - secrets: true - # clusterAgent.collection.kubernetesResources.daemonsets -- Enable / disable collection of DaemonSets. - daemonsets: true - # clusterAgent.collection.kubernetesResources.deployments -- Enable / disable collection of Deployments. - deployments: true - # clusterAgent.collection.kubernetesResources.replicasets -- Enable / disable collection of ReplicaSets. - replicasets: true - # clusterAgent.collection.kubernetesResources.statefulsets -- Enable / disable collection of StatefulSets. - statefulsets: true - # clusterAgent.collection.kubernetesResources.ingresses -- Enable / disable collection of Ingresses. - ingresses: true - # clusterAgent.collection.kubernetesResources.cronjobs -- Enable / disable collection of CronJobs. - cronjobs: true - # clusterAgent.collection.kubernetesResources.jobs -- Enable / disable collection of Jobs. - jobs: true - # clusterAgent.collection.kubernetesResources.resourcequotas -- Enable / disable collection of ResourceQuotas. - resourcequotas: true - - # clusterAgent.config -- - config: - events: - # clusterAgent.config.events.categories -- Custom mapping from Kubernetes event reason to StackState event category. Categories allowed: Alerts, Activities, Changes, Others - categories: {} - topology: - # clusterAgent.config.topology.collectionInterval -- Interval for running topology collection, in seconds - collectionInterval: 90 - configMap: - # clusterAgent.config.configMap.maxDataSize -- Maximum amount of characters for the data property of a ConfigMap collected by the kubernetes topology check - maxDataSize: - # clusterAgent.config.override -- A list of objects containing three keys `name`, `path` and `data`, specifying filenames at specific paths which need to be (potentially) overridden using a mounted configmap - override: [] - - service: - # clusterAgent.service.port -- Change the Cluster Agent service port - port: 5005 - # clusterAgent.service.targetPort -- Change the Cluster Agent service targetPort - targetPort: 5005 - - # clusterAgent.enabled -- Enable / disable the cluster agent. - enabled: true - - # clusterAgent.skipSslValidation -- If true, ignores the server certificate being signed by an unknown authority. - skipSslValidation: false - - image: - # clusterAgent.image.repository -- Base container image repository. - repository: stackstate/stackstate-k8s-cluster-agent - # clusterAgent.image.tag -- Default container image tag. - tag: "3bc9e882" - # clusterAgent.image.pullPolicy -- Default container image pull policy. - pullPolicy: IfNotPresent - - livenessProbe: - # clusterAgent.livenessProbe.enabled -- Enable use of livenessProbe check. - enabled: true - # clusterAgent.livenessProbe.failureThreshold -- `failureThreshold` for the liveness probe. - failureThreshold: 3 - # clusterAgent.livenessProbe.initialDelaySeconds -- `initialDelaySeconds` for the liveness probe. - initialDelaySeconds: 15 - # clusterAgent.livenessProbe.periodSeconds -- `periodSeconds` for the liveness probe. - periodSeconds: 15 - # clusterAgent.livenessProbe.successThreshold -- `successThreshold` for the liveness probe. - successThreshold: 1 - # clusterAgent.livenessProbe.timeoutSeconds -- `timeoutSeconds` for the liveness probe. - timeoutSeconds: 5 - - # clusterAgent.logLevel -- Logging level for stackstate-k8s-agent processes. - logLevel: INFO - - # clusterAgent.priorityClassName -- Priority class for stackstate-k8s-agent pods. - priorityClassName: "" - - readinessProbe: - # clusterAgent.readinessProbe.enabled -- Enable use of readinessProbe check. - enabled: true - # clusterAgent.readinessProbe.failureThreshold -- `failureThreshold` for the readiness probe. - failureThreshold: 3 - # clusterAgent.readinessProbe.initialDelaySeconds -- `initialDelaySeconds` for the readiness probe. - initialDelaySeconds: 15 - # clusterAgent.readinessProbe.periodSeconds -- `periodSeconds` for the readiness probe. - periodSeconds: 15 - # clusterAgent.readinessProbe.successThreshold -- `successThreshold` for the readiness probe. - successThreshold: 1 - # clusterAgent.readinessProbe.timeoutSeconds -- `timeoutSeconds` for the readiness probe. - timeoutSeconds: 5 - - # clusterAgent.replicaCount -- Number of replicas of the cluster agent to deploy. - replicaCount: 1 - - serviceaccount: - # clusterAgent.serviceaccount.annotations -- Annotations for the service account for the cluster agent pods - annotations: {} - - # clusterAgent.strategy -- The strategy for the Deployment object. - strategy: - type: RollingUpdate - # rollingUpdate: - # maxUnavailable: 1 - - resources: - limits: - # clusterAgent.resources.limits.cpu -- CPU resource limits. - cpu: "400m" - # clusterAgent.resources.limits.memory -- Memory resource limits. - memory: "800Mi" - requests: - # clusterAgent.resources.requests.cpu -- CPU resource requests. - cpu: "70m" - # clusterAgent.resources.requests.memory -- Memory resource requests. - memory: "512Mi" - - # clusterAgent.nodeSelector -- Node labels for pod assignment. - nodeSelector: {} - - # clusterAgent.tolerations -- Toleration labels for pod assignment. - tolerations: [] - - # clusterAgent.affinity -- Affinity settings for pod assignment. - affinity: {} - -openShiftLogging: - # openShiftLogging.installSecret -- Install a secret for logging on openshift - installSecret: false - -logsAgent: - # logsAgent.enabled -- Enable / disable k8s pod log collection - enabled: true - - # logsAgent.skipSslValidation -- If true, ignores the server certificate being signed by an unknown authority. - skipSslValidation: false - - # logsAgent.priorityClassName -- Priority class for logsAgent pods. - priorityClassName: "" - - image: - # logsAgent.image.repository -- Base container image repository. - repository: stackstate/promtail - # logsAgent.image.tag -- Default container image tag. - tag: 2.7.1-4b6ae2af - # logsAgent.image.pullPolicy -- Default container image pull policy. - pullPolicy: IfNotPresent - - resources: - limits: - # logsAgent.resources.limits.cpu -- CPU resource limits. - cpu: "1300m" - # logsAgent.resources.limits.cpu -- Memory resource limits. - memory: "192Mi" - requests: - # logsAgent.resources.requests.cpu -- CPU resource requests. - cpu: "20m" - # logsAgent.resources.requests.cpu -- Memory resource requests. - memory: "100Mi" - - # logsAgent.updateStrategy -- The update strategy for the DaemonSet object. - updateStrategy: - type: RollingUpdate - rollingUpdate: - maxUnavailable: 100 - - # logsAgent.nodeSelector -- Node labels for pod assignment. - nodeSelector: {} - - # logsAgent.tolerations -- Toleration labels for pod assignment. - tolerations: [] - - # logsAgent.affinity -- Affinity settings for pod assignment. - affinity: {} - - serviceaccount: - # logsAgent.serviceaccount.annotations -- Annotations for the service account for the daemonset pods - annotations: {} - -checksAgent: - # checksAgent.enabled -- Enable / disable runnning cluster checks in a separately deployed pod - enabled: true - scc: - # checksAgent.scc.enabled -- Enable / disable the installation of the SecurityContextConfiguration needed for installation on OpenShift - enabled: false - apm: - # checksAgent.apm.enabled -- Enable / disable the agent APM module. - enabled: true - networkTracing: - # checksAgent.networkTracing.enabled -- Enable / disable the agent network tracing module. - enabled: true - processAgent: - # checksAgent.processAgent.enabled -- Enable / disable the agent process agent module. - enabled: true - # checksAgent.skipSslValidation -- Set to true if self signed certificates are used. - skipSslValidation: false - - # nodeAgent.checksTagCardinality -- low, orchestrator or high. Orchestrator level adds pod_name, high adds display_container_name - checksTagCardinality: orchestrator - - # checksAgent.config -- - config: - # checksAgent.config.override -- A list of objects containing three keys `name`, `path` and `data`, specifying filenames at specific paths which need to be (potentially) overridden using a mounted configmap - override: [] - - image: - # checksAgent.image.repository -- Base container image repository. - repository: stackstate/stackstate-k8s-agent - # checksAgent.image.tag -- Default container image tag. - tag: "3bc9e882" - # checksAgent.image.pullPolicy -- Default container image pull policy. - pullPolicy: IfNotPresent - - livenessProbe: - # checksAgent.livenessProbe.enabled -- Enable use of livenessProbe check. - enabled: true - # checksAgent.livenessProbe.failureThreshold -- `failureThreshold` for the liveness probe. - failureThreshold: 3 - # checksAgent.livenessProbe.initialDelaySeconds -- `initialDelaySeconds` for the liveness probe. - initialDelaySeconds: 15 - # checksAgent.livenessProbe.periodSeconds -- `periodSeconds` for the liveness probe. - periodSeconds: 15 - # checksAgent.livenessProbe.successThreshold -- `successThreshold` for the liveness probe. - successThreshold: 1 - # checksAgent.livenessProbe.timeoutSeconds -- `timeoutSeconds` for the liveness probe. - timeoutSeconds: 5 - - # checksAgent.logLevel -- Logging level for clusterchecks agent processes. - logLevel: INFO - - # checksAgent.priorityClassName -- Priority class for clusterchecks agent pods. - priorityClassName: "" - - readinessProbe: - # checksAgent.readinessProbe.enabled -- Enable use of readinessProbe check. - enabled: true - # checksAgent.readinessProbe.failureThreshold -- `failureThreshold` for the readiness probe. - failureThreshold: 3 - # checksAgent.readinessProbe.initialDelaySeconds -- `initialDelaySeconds` for the readiness probe. - initialDelaySeconds: 15 - # checksAgent.readinessProbe.periodSeconds -- `periodSeconds` for the readiness probe. - periodSeconds: 15 - # checksAgent.readinessProbe.successThreshold -- `successThreshold` for the readiness probe. - successThreshold: 1 - # checksAgent.readinessProbe.timeoutSeconds -- `timeoutSeconds` for the readiness probe. - timeoutSeconds: 5 - - # checksAgent.replicas -- Number of clusterchecks agent pods to schedule - replicas: 1 - - resources: - limits: - # checksAgent.resources.limits.cpu -- CPU resource limits. - cpu: "400m" - # checksAgent.resources.limits.cpu -- Memory resource limits. - memory: "600Mi" - requests: - # checksAgent.resources.requests.cpu -- CPU resource requests. - cpu: "20m" - # checksAgent.resources.requests.cpu -- Memory resource requests. - memory: "512Mi" - - serviceaccount: - # checksAgent.serviceaccount.annotations -- Annotations for the service account for the cluster checks pods - annotations: {} - - # checksAgent.strategy -- The strategy for the Deployment object. - strategy: - type: RollingUpdate - # rollingUpdate: - # maxUnavailable: 1 - - # checksAgent.nodeSelector -- Node labels for pod assignment. - nodeSelector: {} - - # checksAgent.tolerations -- Toleration labels for pod assignment. - tolerations: [] - - # checksAgent.affinity -- Affinity settings for pod assignment. - affinity: {} - -################################## -# http-header-injector variables # -################################## - -httpHeaderInjectorWebhook: - # httpHeaderInjectorWebhook.enabled -- Enable the webhook for injection http header injection sidecar proxy - enabled: false - -######################## -# StackState variables # -######################## - -stackstate: - # stackstate.apiKey -- (string) **PROVIDE YOUR API KEY HERE** API key to be used by the StackState agent. - apiKey: - cluster: - # stackstate.cluster.name -- (string) **PROVIDE KUBERNETES CLUSTER NAME HERE** Name of the Kubernetes cluster where the agent will be installed. - name: - # stackstate.cluster.authToken -- Provide a token to enable secure communication between the agent and the cluster agent. - authToken: "" - # stackstate.url -- (string) **PROVIDE STACKSTATE URL HERE** URL of the StackState installation to receive data from the agent. - url: diff --git a/charts/stackstate/stackstate-k8s-agent/1.0.78/.helmignore b/charts/stackstate/stackstate-k8s-agent/1.0.78/.helmignore deleted file mode 100644 index 15a5c1277..000000000 --- a/charts/stackstate/stackstate-k8s-agent/1.0.78/.helmignore +++ /dev/null @@ -1,26 +0,0 @@ -# Patterns to ignore when building packages. -# This supports shell glob matching, relative path matching, and -# negation (prefixed with !). Only one pattern per line. -.DS_Store -# Common VCS dirs -.git/ -.gitignore -.bzr/ -.bzrignore -.hg/ -.hgignore -.svn/ -# Common backup files -*.swp -*.bak -*.tmp -*~ -# Various IDEs -.project -.idea/ -*.tmproj -.vscode/ -linter_values.yaml -ci/ -installation/ -logo.svg diff --git a/charts/stackstate/stackstate-k8s-agent/1.0.78/Chart.lock b/charts/stackstate/stackstate-k8s-agent/1.0.78/Chart.lock deleted file mode 100644 index ab1abbaf8..000000000 --- a/charts/stackstate/stackstate-k8s-agent/1.0.78/Chart.lock +++ /dev/null @@ -1,6 +0,0 @@ -dependencies: -- name: http-header-injector - repository: https://helm.stackstate.io - version: 0.0.8 -digest: sha256:c3b39729fb1d0b742d799b83905467fddbce2f15cf7fb65ed4806cee6a27c818 -generated: "2023-12-05T10:09:00.393174914+01:00" diff --git a/charts/stackstate/stackstate-k8s-agent/1.0.78/Chart.yaml b/charts/stackstate/stackstate-k8s-agent/1.0.78/Chart.yaml deleted file mode 100644 index 505140801..000000000 --- a/charts/stackstate/stackstate-k8s-agent/1.0.78/Chart.yaml +++ /dev/null @@ -1,25 +0,0 @@ -annotations: - catalog.cattle.io/certified: partner - catalog.cattle.io/display-name: StackState Agent - catalog.cattle.io/kube-version: '>=1.19.0-0' - catalog.cattle.io/release-name: stackstate-k8s-agent -apiVersion: v2 -appVersion: 3.0.0 -dependencies: -- alias: httpHeaderInjectorWebhook - name: http-header-injector - repository: file://./charts/http-header-injector - version: 0.0.8 -deprecated: true -description: Helm chart for the StackState Agent. -home: https://github.com/StackVista/stackstate-agent -icon: https://raw.githubusercontent.com/StackVista/helm-charts/master/stable/stackstate-k8s-agent/logo.svg -keywords: -- monitoring -- observability -- stackstate -maintainers: -- email: ops@stackstate.com - name: Stackstate -name: stackstate-k8s-agent -version: 1.0.78 diff --git a/charts/stackstate/stackstate-k8s-agent/1.0.78/README.md b/charts/stackstate/stackstate-k8s-agent/1.0.78/README.md deleted file mode 100644 index 754d27ac3..000000000 --- a/charts/stackstate/stackstate-k8s-agent/1.0.78/README.md +++ /dev/null @@ -1,257 +0,0 @@ -# stackstate-k8s-agent - -Helm chart for the StackState Agent. - -Current chart version is `1.0.78` - -**Homepage:** - -## Requirements - -| Repository | Name | Version | -|------------|------|---------| -| https://helm.stackstate.io | httpHeaderInjectorWebhook(http-header-injector) | 0.0.8 | - -## Required Values - -In order to successfully install this chart, you **must** provide the following variables: - -* `stackstate.apiKey` -* `stackstate.cluster.name` -* `stackstate.url` - -The parameter `stackstate.cluster.name` is entered when installing the Cluster Agent StackPack. - -Install them on the command line on Helm with the following command: - -```shell -helm install \ ---set-string 'stackstate.apiKey'='' \ ---set-string 'stackstate.cluster.name'='' \ ---set-string 'stackstate.url'='' \ -stackstate/stackstate-k8s-agent -``` - -## Recommended Values - -It is also recommended that you set a value for `stackstate.cluster.authToken`. If it is not provided, a value will be generated for you, but the value will change each time an upgrade is performed. - -The command for **also** installing with a set token would be: - -```shell -helm install \ ---set-string 'stackstate.apiKey'='' \ ---set-string 'stackstate.cluster.name'='' \ ---set-string 'stackstate.cluster.authToken'='' \ ---set-string 'stackstate.url'='' \ -stackstate/stackstate-k8s-agent -``` - -## Values - -| Key | Type | Default | Description | -|-----|------|---------|-------------| -| all.hardening.enabled | bool | `false` | An indication of whether the containers will be evaluated for hardening at runtime | -| all.image.registry | string | `"quay.io"` | The image registry to use. | -| checksAgent.affinity | object | `{}` | Affinity settings for pod assignment. | -| checksAgent.apm.enabled | bool | `true` | Enable / disable the agent APM module. | -| checksAgent.checksTagCardinality | string | `"orchestrator"` | | -| checksAgent.config | object | `{"override":[]}` | | -| checksAgent.config.override | list | `[]` | A list of objects containing three keys `name`, `path` and `data`, specifying filenames at specific paths which need to be (potentially) overridden using a mounted configmap | -| checksAgent.enabled | bool | `true` | Enable / disable runnning cluster checks in a separately deployed pod | -| checksAgent.image.pullPolicy | string | `"IfNotPresent"` | Default container image pull policy. | -| checksAgent.image.repository | string | `"stackstate/stackstate-k8s-agent"` | Base container image repository. | -| checksAgent.image.tag | string | `"80ded79e"` | Default container image tag. | -| checksAgent.livenessProbe.enabled | bool | `true` | Enable use of livenessProbe check. | -| checksAgent.livenessProbe.failureThreshold | int | `3` | `failureThreshold` for the liveness probe. | -| checksAgent.livenessProbe.initialDelaySeconds | int | `15` | `initialDelaySeconds` for the liveness probe. | -| checksAgent.livenessProbe.periodSeconds | int | `15` | `periodSeconds` for the liveness probe. | -| checksAgent.livenessProbe.successThreshold | int | `1` | `successThreshold` for the liveness probe. | -| checksAgent.livenessProbe.timeoutSeconds | int | `5` | `timeoutSeconds` for the liveness probe. | -| checksAgent.logLevel | string | `"INFO"` | Logging level for clusterchecks agent processes. | -| checksAgent.networkTracing.enabled | bool | `true` | Enable / disable the agent network tracing module. | -| checksAgent.nodeSelector | object | `{}` | Node labels for pod assignment. | -| checksAgent.priorityClassName | string | `""` | Priority class for clusterchecks agent pods. | -| checksAgent.processAgent.enabled | bool | `true` | Enable / disable the agent process agent module. | -| checksAgent.readinessProbe.enabled | bool | `true` | Enable use of readinessProbe check. | -| checksAgent.readinessProbe.failureThreshold | int | `3` | `failureThreshold` for the readiness probe. | -| checksAgent.readinessProbe.initialDelaySeconds | int | `15` | `initialDelaySeconds` for the readiness probe. | -| checksAgent.readinessProbe.periodSeconds | int | `15` | `periodSeconds` for the readiness probe. | -| checksAgent.readinessProbe.successThreshold | int | `1` | `successThreshold` for the readiness probe. | -| checksAgent.readinessProbe.timeoutSeconds | int | `5` | `timeoutSeconds` for the readiness probe. | -| checksAgent.replicas | int | `1` | Number of clusterchecks agent pods to schedule | -| checksAgent.resources.limits.cpu | string | `"400m"` | Memory resource limits. | -| checksAgent.resources.limits.memory | string | `"600Mi"` | | -| checksAgent.resources.requests.cpu | string | `"20m"` | Memory resource requests. | -| checksAgent.resources.requests.memory | string | `"512Mi"` | | -| checksAgent.scc.enabled | bool | `false` | Enable / disable the installation of the SecurityContextConfiguration needed for installation on OpenShift | -| checksAgent.serviceaccount.annotations | object | `{}` | Annotations for the service account for the cluster checks pods | -| checksAgent.skipSslValidation | bool | `false` | Set to true if self signed certificates are used. | -| checksAgent.strategy | object | `{"type":"RollingUpdate"}` | The strategy for the Deployment object. | -| checksAgent.tolerations | list | `[]` | Toleration labels for pod assignment. | -| clusterAgent.affinity | object | `{}` | Affinity settings for pod assignment. | -| clusterAgent.collection.kubeStateMetrics.annotationsAsTags | object | `{}` | Extra annotations to collect from resources and to turn into StackState tag. | -| clusterAgent.collection.kubeStateMetrics.clusterCheck | bool | `false` | For large clusters where the Kubernetes State Metrics Check Core needs to be distributed on dedicated workers. | -| clusterAgent.collection.kubeStateMetrics.enabled | bool | `true` | Enable / disable the cluster agent kube-state-metrics collection. | -| clusterAgent.collection.kubeStateMetrics.labelsAsTags | object | `{}` | Extra labels to collect from resources and to turn into StackState tag. # It has the following structure: # labelsAsTags: # : # can be pod, deployment, node, etc. # : # where is the kubernetes label and is the StackState tag # : # : # : # # Warning: the label must match the transformation done by kube-state-metrics, # for example tags.stackstate/version becomes tags_stackstate_version. | -| clusterAgent.collection.kubernetesEvents | bool | `true` | Enable / disable the cluster agent events collection. | -| clusterAgent.collection.kubernetesMetrics | bool | `true` | Enable / disable the cluster agent metrics collection. | -| clusterAgent.collection.kubernetesResources.configmaps | bool | `true` | Enable / disable collection of ConfigMaps. | -| clusterAgent.collection.kubernetesResources.cronjobs | bool | `true` | Enable / disable collection of CronJobs. | -| clusterAgent.collection.kubernetesResources.daemonsets | bool | `true` | Enable / disable collection of DaemonSets. | -| clusterAgent.collection.kubernetesResources.deployments | bool | `true` | Enable / disable collection of Deployments. | -| clusterAgent.collection.kubernetesResources.endpoints | bool | `true` | Enable / disable collection of Endpoints. If endpoints are disabled then StackState won't be able to connect a Service to Pods that serving it | -| clusterAgent.collection.kubernetesResources.horizontalpodautoscalers | bool | `true` | Enable / disable collection of HorizontalPodAutoscalers. | -| clusterAgent.collection.kubernetesResources.ingresses | bool | `true` | Enable / disable collection of Ingresses. | -| clusterAgent.collection.kubernetesResources.jobs | bool | `true` | Enable / disable collection of Jobs. | -| clusterAgent.collection.kubernetesResources.limitranges | bool | `true` | Enable / disable collection of LimitRanges. | -| clusterAgent.collection.kubernetesResources.namespaces | bool | `true` | Enable / disable collection of Namespaces. | -| clusterAgent.collection.kubernetesResources.persistentvolumeclaims | bool | `true` | Enable / disable collection of PersistentVolumeClaims. Disabling these will not let StackState connect PersistentVolumes to pods they are attached to | -| clusterAgent.collection.kubernetesResources.persistentvolumes | bool | `true` | Enable / disable collection of PersistentVolumes. | -| clusterAgent.collection.kubernetesResources.poddisruptionbudgets | bool | `true` | Enable / disable collection of PodDisruptionBudgets. | -| clusterAgent.collection.kubernetesResources.replicasets | bool | `true` | Enable / disable collection of ReplicaSets. | -| clusterAgent.collection.kubernetesResources.replicationcontrollers | bool | `true` | Enable / disable collection of ReplicationControllers. | -| clusterAgent.collection.kubernetesResources.resourcequotas | bool | `true` | Enable / disable collection of ResourceQuotas. | -| clusterAgent.collection.kubernetesResources.secrets | bool | `true` | Enable / disable collection of Secrets. | -| clusterAgent.collection.kubernetesResources.statefulsets | bool | `true` | Enable / disable collection of StatefulSets. | -| clusterAgent.collection.kubernetesResources.storageclasses | bool | `true` | Enable / disable collection of StorageClasses. | -| clusterAgent.collection.kubernetesResources.volumeattachments | bool | `true` | Enable / disable collection of Volume Attachments. Used to bind Nodes to Persistent Volumes. | -| clusterAgent.collection.kubernetesTimeout | int | `10` | Default timeout (in seconds) when obtaining information from the Kubernetes API. | -| clusterAgent.collection.kubernetesTopology | bool | `true` | Enable / disable the cluster agent topology collection. | -| clusterAgent.config | object | `{"configMap":{"maxDataSize":null},"events":{"categories":{}},"override":[],"topology":{"collectionInterval":90}}` | | -| clusterAgent.config.configMap.maxDataSize | string | `nil` | Maximum amount of characters for the data property of a ConfigMap collected by the kubernetes topology check | -| clusterAgent.config.events.categories | object | `{}` | Custom mapping from Kubernetes event reason to StackState event category. Categories allowed: Alerts, Activities, Changes, Others | -| clusterAgent.config.override | list | `[]` | A list of objects containing three keys `name`, `path` and `data`, specifying filenames at specific paths which need to be (potentially) overridden using a mounted configmap | -| clusterAgent.config.topology.collectionInterval | int | `90` | Interval for running topology collection, in seconds | -| clusterAgent.enabled | bool | `true` | Enable / disable the cluster agent. | -| clusterAgent.image.pullPolicy | string | `"IfNotPresent"` | Default container image pull policy. | -| clusterAgent.image.repository | string | `"stackstate/stackstate-k8s-cluster-agent"` | Base container image repository. | -| clusterAgent.image.tag | string | `"80ded79e"` | Default container image tag. | -| clusterAgent.livenessProbe.enabled | bool | `true` | Enable use of livenessProbe check. | -| clusterAgent.livenessProbe.failureThreshold | int | `3` | `failureThreshold` for the liveness probe. | -| clusterAgent.livenessProbe.initialDelaySeconds | int | `15` | `initialDelaySeconds` for the liveness probe. | -| clusterAgent.livenessProbe.periodSeconds | int | `15` | `periodSeconds` for the liveness probe. | -| clusterAgent.livenessProbe.successThreshold | int | `1` | `successThreshold` for the liveness probe. | -| clusterAgent.livenessProbe.timeoutSeconds | int | `5` | `timeoutSeconds` for the liveness probe. | -| clusterAgent.logLevel | string | `"INFO"` | Logging level for stackstate-k8s-agent processes. | -| clusterAgent.nodeSelector | object | `{}` | Node labels for pod assignment. | -| clusterAgent.priorityClassName | string | `""` | Priority class for stackstate-k8s-agent pods. | -| clusterAgent.readinessProbe.enabled | bool | `true` | Enable use of readinessProbe check. | -| clusterAgent.readinessProbe.failureThreshold | int | `3` | `failureThreshold` for the readiness probe. | -| clusterAgent.readinessProbe.initialDelaySeconds | int | `15` | `initialDelaySeconds` for the readiness probe. | -| clusterAgent.readinessProbe.periodSeconds | int | `15` | `periodSeconds` for the readiness probe. | -| clusterAgent.readinessProbe.successThreshold | int | `1` | `successThreshold` for the readiness probe. | -| clusterAgent.readinessProbe.timeoutSeconds | int | `5` | `timeoutSeconds` for the readiness probe. | -| clusterAgent.replicaCount | int | `1` | Number of replicas of the cluster agent to deploy. | -| clusterAgent.resources.limits.cpu | string | `"400m"` | CPU resource limits. | -| clusterAgent.resources.limits.memory | string | `"800Mi"` | Memory resource limits. | -| clusterAgent.resources.requests.cpu | string | `"70m"` | CPU resource requests. | -| clusterAgent.resources.requests.memory | string | `"512Mi"` | Memory resource requests. | -| clusterAgent.service.port | int | `5005` | Change the Cluster Agent service port | -| clusterAgent.service.targetPort | int | `5005` | Change the Cluster Agent service targetPort | -| clusterAgent.serviceaccount.annotations | object | `{}` | Annotations for the service account for the cluster agent pods | -| clusterAgent.skipSslValidation | bool | `false` | If true, ignores the server certificate being signed by an unknown authority. | -| clusterAgent.strategy | object | `{"type":"RollingUpdate"}` | The strategy for the Deployment object. | -| clusterAgent.tolerations | list | `[]` | Toleration labels for pod assignment. | -| fullnameOverride | string | `""` | Override the fullname of the chart. | -| global.extraEnv.open | object | `{}` | Extra open environment variables to inject into pods. | -| global.extraEnv.secret | object | `{}` | Extra secret environment variables to inject into pods via a `Secret` object. | -| global.imagePullCredentials | object | `{}` | Globally define credentials for pulling images. | -| global.imagePullSecrets | list | `[]` | Secrets / credentials needed for container image registry. | -| global.proxy.url | string | `""` | Proxy for all traffic to stackstate | -| global.skipSslValidation | bool | `false` | Enable tls validation from client | -| httpHeaderInjectorWebhook.enabled | bool | `false` | Enable the webhook for injection http header injection sidecar proxy | -| logsAgent.affinity | object | `{}` | Affinity settings for pod assignment. | -| logsAgent.enabled | bool | `true` | Enable / disable k8s pod log collection | -| logsAgent.image.pullPolicy | string | `"IfNotPresent"` | Default container image pull policy. | -| logsAgent.image.repository | string | `"stackstate/promtail"` | Base container image repository. | -| logsAgent.image.tag | string | `"2.7.1-4b6ae2af"` | Default container image tag. | -| logsAgent.nodeSelector | object | `{}` | Node labels for pod assignment. | -| logsAgent.priorityClassName | string | `""` | Priority class for logsAgent pods. | -| logsAgent.resources.limits.cpu | string | `"1300m"` | Memory resource limits. | -| logsAgent.resources.limits.memory | string | `"192Mi"` | | -| logsAgent.resources.requests.cpu | string | `"20m"` | Memory resource requests. | -| logsAgent.resources.requests.memory | string | `"100Mi"` | | -| logsAgent.serviceaccount.annotations | object | `{}` | Annotations for the service account for the daemonset pods | -| logsAgent.skipSslValidation | bool | `false` | If true, ignores the server certificate being signed by an unknown authority. | -| logsAgent.tolerations | list | `[]` | Toleration labels for pod assignment. | -| logsAgent.updateStrategy | object | `{"rollingUpdate":{"maxUnavailable":100},"type":"RollingUpdate"}` | The update strategy for the DaemonSet object. | -| nameOverride | string | `""` | Override the name of the chart. | -| nodeAgent.affinity | object | `{}` | Affinity settings for pod assignment. | -| nodeAgent.apm.enabled | bool | `true` | Enable / disable the nodeAgent APM module. | -| nodeAgent.autoScalingEnabled | bool | `false` | Enable / disable autoscaling for the node agent pods. | -| nodeAgent.checksTagCardinality | string | `"orchestrator"` | low, orchestrator or high. Orchestrator level adds pod_name, high adds display_container_name | -| nodeAgent.config | object | `{"override":[]}` | | -| nodeAgent.config.override | list | `[]` | A list of objects containing three keys `name`, `path` and `data`, specifying filenames at specific paths which need to be (potentially) overridden using a mounted configmap | -| nodeAgent.containerRuntime.customSocketPath | string | `""` | If the container socket path does not match the default for CRI-O, Containerd or Docker, supply a custom socket path. | -| nodeAgent.containerRuntime.hostProc | string | `"/proc"` | | -| nodeAgent.containers.agent.env | object | `{}` | Additional environment variables for the agent container | -| nodeAgent.containers.agent.image.pullPolicy | string | `"IfNotPresent"` | Default container image pull policy. | -| nodeAgent.containers.agent.image.repository | string | `"stackstate/stackstate-k8s-agent"` | Base container image repository. | -| nodeAgent.containers.agent.image.tag | string | `"80ded79e"` | Default container image tag. | -| nodeAgent.containers.agent.livenessProbe.enabled | bool | `true` | Enable use of livenessProbe check. | -| nodeAgent.containers.agent.livenessProbe.failureThreshold | int | `3` | `failureThreshold` for the liveness probe. | -| nodeAgent.containers.agent.livenessProbe.initialDelaySeconds | int | `15` | `initialDelaySeconds` for the liveness probe. | -| nodeAgent.containers.agent.livenessProbe.periodSeconds | int | `15` | `periodSeconds` for the liveness probe. | -| nodeAgent.containers.agent.livenessProbe.successThreshold | int | `1` | `successThreshold` for the liveness probe. | -| nodeAgent.containers.agent.livenessProbe.timeoutSeconds | int | `5` | `timeoutSeconds` for the liveness probe. | -| nodeAgent.containers.agent.logLevel | string | `nil` | Set logging verbosity, valid log levels are: trace, debug, info, warn, error, critical, and off # If not set, fall back to the value of agent.logLevel. | -| nodeAgent.containers.agent.processAgent.enabled | bool | `false` | Enable / disable the agent process agent module. - deprecated | -| nodeAgent.containers.agent.readinessProbe.enabled | bool | `true` | Enable use of readinessProbe check. | -| nodeAgent.containers.agent.readinessProbe.failureThreshold | int | `3` | `failureThreshold` for the readiness probe. | -| nodeAgent.containers.agent.readinessProbe.initialDelaySeconds | int | `15` | `initialDelaySeconds` for the readiness probe. | -| nodeAgent.containers.agent.readinessProbe.periodSeconds | int | `15` | `periodSeconds` for the readiness probe. | -| nodeAgent.containers.agent.readinessProbe.successThreshold | int | `1` | `successThreshold` for the readiness probe. | -| nodeAgent.containers.agent.readinessProbe.timeoutSeconds | int | `5` | `timeoutSeconds` for the readiness probe. | -| nodeAgent.containers.agent.resources.limits.cpu | string | `"270m"` | Memory resource limits. | -| nodeAgent.containers.agent.resources.limits.memory | string | `"420Mi"` | | -| nodeAgent.containers.agent.resources.requests.cpu | string | `"20m"` | Memory resource requests. | -| nodeAgent.containers.agent.resources.requests.memory | string | `"180Mi"` | | -| nodeAgent.containers.processAgent.enabled | bool | `true` | Enable / disable the process agent container. | -| nodeAgent.containers.processAgent.env | object | `{}` | Additional environment variables for the process-agent container | -| nodeAgent.containers.processAgent.image.pullPolicy | string | `"IfNotPresent"` | Process-agent container image pull policy. | -| nodeAgent.containers.processAgent.image.registry | string | `nil` | | -| nodeAgent.containers.processAgent.image.repository | string | `"stackstate/stackstate-k8s-process-agent"` | Process-agent container image repository. | -| nodeAgent.containers.processAgent.image.tag | string | `"ae5d42d2"` | Default process-agent container image tag. | -| nodeAgent.containers.processAgent.logLevel | string | `nil` | Set logging verbosity, valid log levels are: trace, debug, info, warn, error, critical, and off # If not set, fall back to the value of agent.logLevel. | -| nodeAgent.containers.processAgent.procVolumeReadOnly | bool | `true` | Configure whether /host/proc is read only for the process agent container | -| nodeAgent.containers.processAgent.resources.limits.cpu | string | `"125m"` | Memory resource limits. | -| nodeAgent.containers.processAgent.resources.limits.memory | string | `"400Mi"` | | -| nodeAgent.containers.processAgent.resources.requests.cpu | string | `"25m"` | Memory resource requests. | -| nodeAgent.containers.processAgent.resources.requests.memory | string | `"128Mi"` | | -| nodeAgent.httpTracing.enabled | bool | `true` | | -| nodeAgent.logLevel | string | `"INFO"` | Logging level for agent processes. | -| nodeAgent.networkTracing.enabled | bool | `true` | Enable / disable the nodeAgent network tracing module. | -| nodeAgent.nodeSelector | object | `{}` | Node labels for pod assignment. | -| nodeAgent.priorityClassName | string | `""` | Priority class for nodeAgent pods. | -| nodeAgent.protocolInspection.enabled | bool | `true` | Enable / disable the nodeAgent protocol inspection. | -| nodeAgent.scaling.autoscalerLimits.agent.maximum.cpu | string | `"200m"` | Maximum CPU resource limits for main agent. | -| nodeAgent.scaling.autoscalerLimits.agent.maximum.memory | string | `"450Mi"` | Maximum memory resource limits for main agent. | -| nodeAgent.scaling.autoscalerLimits.agent.minimum.cpu | string | `"20m"` | Minimum CPU resource limits for main agent. | -| nodeAgent.scaling.autoscalerLimits.agent.minimum.memory | string | `"180Mi"` | Minimum memory resource limits for main agent. | -| nodeAgent.scaling.autoscalerLimits.processAgent.maximum.cpu | string | `"200m"` | Maximum CPU resource limits for process agent. | -| nodeAgent.scaling.autoscalerLimits.processAgent.maximum.memory | string | `"500Mi"` | Maximum memory resource limits for process agent. | -| nodeAgent.scaling.autoscalerLimits.processAgent.minimum.cpu | string | `"25m"` | Minimum CPU resource limits for process agent. | -| nodeAgent.scaling.autoscalerLimits.processAgent.minimum.memory | string | `"100Mi"` | Minimum memory resource limits for process agent. | -| nodeAgent.scc.enabled | bool | `false` | Enable / disable the installation of the SecurityContextConfiguration needed for installation on OpenShift. | -| nodeAgent.service | object | `{"annotations":{},"loadBalancerSourceRanges":["10.0.0.0/8"],"type":"ClusterIP"}` | The Kubernetes service for the agent | -| nodeAgent.service.annotations | object | `{}` | Annotations for the service | -| nodeAgent.service.loadBalancerSourceRanges | list | `["10.0.0.0/8"]` | The IP4 CIDR allowed to reach LoadBalancer for the service. For LoadBalancer type of service only. | -| nodeAgent.service.type | string | `"ClusterIP"` | Type of Kubernetes service: ClusterIP, LoadBalancer, NodePort | -| nodeAgent.serviceaccount.annotations | object | `{}` | Annotations for the service account for the agent daemonset pods | -| nodeAgent.skipKubeletTLSVerify | bool | `false` | Set to true if you want to skip kubelet tls verification. | -| nodeAgent.skipSslValidation | bool | `false` | Set to true if self signed certificates are used. | -| nodeAgent.tolerations | list | `[]` | Toleration labels for pod assignment. | -| nodeAgent.updateStrategy | object | `{"rollingUpdate":{"maxUnavailable":100},"type":"RollingUpdate"}` | The update strategy for the DaemonSet object. | -| openShiftLogging.installSecret | bool | `false` | Install a secret for logging on openshift | -| processAgent.checkIntervals.connections | int | `30` | Override the default value of the connections check interval in seconds. | -| processAgent.checkIntervals.container | int | `28` | Override the default value of the container check interval in seconds. | -| processAgent.checkIntervals.process | int | `32` | Override the default value of the process check interval in seconds. | -| processAgent.softMemoryLimit.goMemLimit | string | `"340MiB"` | Soft-limit for golang heap allocation, for sanity, must be around 85% of nodeAgent.containers.processAgent.resources.limits.cpu. | -| processAgent.softMemoryLimit.httpObservationsBufferSize | int | `40000` | Sets a maximum for the number of http observations to keep in memory between check runs, to use 40k requires around ~400Mib of memory. | -| processAgent.softMemoryLimit.httpStatsBufferSize | int | `40000` | Sets a maximum for the number of http stats to keep in memory between check runs, to use 40k requires around ~400Mib of memory. | -| stackstate.apiKey | string | `nil` | **PROVIDE YOUR API KEY HERE** API key to be used by the StackState agent. | -| stackstate.cluster.authToken | string | `""` | Provide a token to enable secure communication between the agent and the cluster agent. | -| stackstate.cluster.name | string | `nil` | **PROVIDE KUBERNETES CLUSTER NAME HERE** Name of the Kubernetes cluster where the agent will be installed. | -| stackstate.url | string | `nil` | **PROVIDE STACKSTATE URL HERE** URL of the StackState installation to receive data from the agent. | -| targetSystem | string | `"linux"` | Target OS for this deployment (possible values: linux) | diff --git a/charts/stackstate/stackstate-k8s-agent/1.0.78/README.md.gotmpl b/charts/stackstate/stackstate-k8s-agent/1.0.78/README.md.gotmpl deleted file mode 100644 index 7909e6f0d..000000000 --- a/charts/stackstate/stackstate-k8s-agent/1.0.78/README.md.gotmpl +++ /dev/null @@ -1,45 +0,0 @@ -{{ template "chart.header" . }} -{{ template "chart.description" . }} - -Current chart version is `{{ template "chart.version" . }}` - -{{ template "chart.homepageLine" . }} - -{{ template "chart.requirementsSection" . }} - -## Required Values - -In order to successfully install this chart, you **must** provide the following variables: - -* `stackstate.apiKey` -* `stackstate.cluster.name` -* `stackstate.url` - -The parameter `stackstate.cluster.name` is entered when installing the Cluster Agent StackPack. - -Install them on the command line on Helm with the following command: - -```shell -helm install \ ---set-string 'stackstate.apiKey'='' \ ---set-string 'stackstate.cluster.name'='' \ ---set-string 'stackstate.url'='' \ -stackstate/stackstate-k8s-agent -``` - -## Recommended Values - -It is also recommended that you set a value for `stackstate.cluster.authToken`. If it is not provided, a value will be generated for you, but the value will change each time an upgrade is performed. - -The command for **also** installing with a set token would be: - -```shell -helm install \ ---set-string 'stackstate.apiKey'='' \ ---set-string 'stackstate.cluster.name'='' \ ---set-string 'stackstate.cluster.authToken'='' \ ---set-string 'stackstate.url'='' \ -stackstate/stackstate-k8s-agent -``` - -{{ template "chart.valuesSection" . }} diff --git a/charts/stackstate/stackstate-k8s-agent/1.0.78/Releasing.md b/charts/stackstate/stackstate-k8s-agent/1.0.78/Releasing.md deleted file mode 100644 index bab6c2b94..000000000 --- a/charts/stackstate/stackstate-k8s-agent/1.0.78/Releasing.md +++ /dev/null @@ -1,15 +0,0 @@ -To make a new release of this helm chart, follow the following steps: - - -- Create a branch from master -- Set the latest tags for the docker images, based on the dev settings (while we do not promote to prod, the moment we promote to prod we should take those tags) from https://gitlab.com/stackvista/devops/agent-promoter/-/blob/master/config.yml. Set the value to the folowing keys: - * stackstate-k8s-cluster-agent: - * [clusterAgent.image.tag] - * stackstate-k8s-agent: - * [nodeAgent.containers.agent.image.tag] - * [checksAgent.image.tag] - * stackstate-k8s-process-agent: - * [nodeAgent.containers.processAgent.image.tag] -- Bump the version of the chart -- Merge the mr and hit the public release button on the ci pipeline -- Manually smoke-test (deploy) the newly released stackstate/stackstate-k8s-agent chart to make sure it runs diff --git a/charts/stackstate/stackstate-k8s-agent/1.0.78/app-readme.md b/charts/stackstate/stackstate-k8s-agent/1.0.78/app-readme.md deleted file mode 100644 index 8025fe1d3..000000000 --- a/charts/stackstate/stackstate-k8s-agent/1.0.78/app-readme.md +++ /dev/null @@ -1,5 +0,0 @@ -## Introduction - -StackState is a modern Application Troubleshooting and Observability solution designed for the rapid evolving engineering landscape. With specific enhancements for Kubernetes environments it empowers engineers, allowing them to remediate application issues independently in production. - -The StackState Agent auto-discovers your entire environment in minutes, assimilating topology, logs, metrics, and events and sends this of to the StackState server. By using StackState you're able to tracke all activity in your environment in real-time and over time. StackState provides instant understanding of the business impact of an issue, offering end-to-end chain observability and ensuring that you can quickly correlate any product or environmental changes to the overall health of your cloud-native implementation. diff --git a/charts/stackstate/stackstate-k8s-agent/1.0.78/charts/http-header-injector/.helmignore b/charts/stackstate/stackstate-k8s-agent/1.0.78/charts/http-header-injector/.helmignore deleted file mode 100644 index 69790771c..000000000 --- a/charts/stackstate/stackstate-k8s-agent/1.0.78/charts/http-header-injector/.helmignore +++ /dev/null @@ -1,25 +0,0 @@ -# Patterns to ignore when building packages. -# This supports shell glob matching, relative path matching, and -# negation (prefixed with !). Only one pattern per line. -.DS_Store -# Common VCS dirs -.git/ -.gitignore -.bzr/ -.bzrignore -.hg/ -.hgignore -.svn/ -# Common backup files -*.swp -*.bak -*.tmp -*~ -# Various IDEs -.project -.idea/ -*.tmproj -.vscode/ -linter_values.yaml -ci/ -installation/ diff --git a/charts/stackstate/stackstate-k8s-agent/1.0.78/charts/http-header-injector/Chart.yaml b/charts/stackstate/stackstate-k8s-agent/1.0.78/charts/http-header-injector/Chart.yaml deleted file mode 100644 index d2c911c5d..000000000 --- a/charts/stackstate/stackstate-k8s-agent/1.0.78/charts/http-header-injector/Chart.yaml +++ /dev/null @@ -1,15 +0,0 @@ -apiVersion: v2 -appVersion: 0.0.1 -description: 'Helm chart for deploying the http-header-injector sidecar, which automatically - injects x-request-id into http traffic going through the cluster for pods which - have the annotation `http-header-injector.stackstate.io/inject: enabled` is set. ' -home: https://github.com/StackVista/http-header-injector -icon: https://www.stackstate.com/wp-content/uploads/2019/02/152x152-favicon.png -keywords: -- monitoring -- stackstate -maintainers: -- email: ops@stackstate.com - name: Stackstate Lupulus Team -name: http-header-injector -version: 0.0.8 diff --git a/charts/stackstate/stackstate-k8s-agent/1.0.78/charts/http-header-injector/README.md b/charts/stackstate/stackstate-k8s-agent/1.0.78/charts/http-header-injector/README.md deleted file mode 100644 index 33e6bedf7..000000000 --- a/charts/stackstate/stackstate-k8s-agent/1.0.78/charts/http-header-injector/README.md +++ /dev/null @@ -1,54 +0,0 @@ -# http-header-injector - -![Version: 0.0.7](https://img.shields.io/badge/Version-0.0.7-informational?style=flat-square) ![AppVersion: 0.0.1](https://img.shields.io/badge/AppVersion-0.0.1-informational?style=flat-square) - -Helm chart for deploying the http-header-injector sidecar, which automatically injects x-request-id into http traffic -going through the cluster for pods which have the annotation `http-header-injector.stackstate.io/inject: enabled` is set. - -**Homepage:** - -## Maintainers - -| Name | Email | Url | -| ---- | ------ | --- | -| Stackstate Lupulus Team | | | - -## Values - -| Key | Type | Default | Description | -|-----|------|---------|-------------| -| certificatePrehook | object | `{"image":{"pullPolicy":"IfNotPresent","registry":null,"repository":"stackstate/container-tools","tag":"1.2.0"}}` | Helm prehook to setup/remove a certificate for the sidecarInjector mutationwebhook | -| certificatePrehook.image.pullPolicy | string | `"IfNotPresent"` | Policy when pulling an image | -| certificatePrehook.image.registry | string | `nil` | Registry for the docker image. | -| certificatePrehook.image.tag | string | `"1.2.0"` | The tag for the docker image | -| debug | bool | `false` | Enable debugging. This will leave leave artifacts around like the prehook jobs for further inspection | -| enabled | bool | `true` | Enable/disable the mutationwebhook | -| global.imagePullCredentials | object | `{}` | Globally define credentials for pulling images. | -| global.imagePullSecrets | list | `[]` | Globally add image pull secrets that are used. | -| global.imageRegistry | string | `nil` | Globally override the image registry that is used. Can be overridden by specific containers. Defaults to quay.io | -| images.pullSecretName | string | `nil` | | -| proxy | object | `{"image":{"pullPolicy":"IfNotPresent","registry":null,"repository":"stackstate/http-header-injector-proxy","tag":"sha-5ff79451"},"resources":{"limits":{"memory":"40Mi"},"requests":{"memory":"25Mi"}}}` | Proxy being injected into pods for rewriting http headers | -| proxy.image.pullPolicy | string | `"IfNotPresent"` | Policy when pulling an image | -| proxy.image.registry | string | `nil` | Registry for the docker image. | -| proxy.image.tag | string | `"sha-5ff79451"` | The tag for the docker image | -| proxy.resources.limits.memory | string | `"40Mi"` | Memory resource limits. | -| proxy.resources.requests.memory | string | `"25Mi"` | Memory resource requests. | -| proxyInit | object | `{"image":{"pullPolicy":"IfNotPresent","registry":null,"repository":"stackstate/http-header-injector-proxy-init","tag":"sha-5ff79451"}}` | InitContainer within pod which redirects traffic to the proxy container. | -| proxyInit.image.pullPolicy | string | `"IfNotPresent"` | Policy when pulling an image | -| proxyInit.image.registry | string | `nil` | Registry for the docker image | -| proxyInit.image.tag | string | `"sha-5ff79451"` | The tag for the docker image | -| sidecarInjector | object | `{"image":{"pullPolicy":"IfNotPresent","registry":null,"repository":"stackstate/generic-sidecar-injector","tag":"sha-9c852245"}}` | Service for injecting the proxy sidecar into pods | -| sidecarInjector.image.pullPolicy | string | `"IfNotPresent"` | Policy when pulling an image | -| sidecarInjector.image.registry | string | `nil` | Registry for the docker image. | -| sidecarInjector.image.tag | string | `"sha-9c852245"` | The tag for the docker image | -| webhook | object | `{"failurePolicy":"Ignore","tls":{"certManager":{"issuer":"","issuerKind":"ClusterIssuer","issuerNamespace":""},"mode":"generated","provided":{"caBundle":"","crt":"","key":""},"secret":{"name":""}}}` | MutationWebhook that will be installed to inject a sidecar into pods | -| webhook.failurePolicy | string | `"Ignore"` | How should the webhook fail? Best is to use Ignore, because there is a brief moment at initialization when the hook s there but the service not. Also, putting this to fail can cause the control plane be unresponsive. | -| webhook.tls.certManager.issuer | string | `""` | The issuer that is used for the webhook. Only used if you set webhook.tls.mode to "cert-manager". | -| webhook.tls.certManager.issuerKind | string | `"ClusterIssuer"` | The issuer kind that is used for the webhook, valid values are "Issuer" or "ClusterIssuer". Only used if you set webhook.tls.mode to "cert-manager". | -| webhook.tls.certManager.issuerNamespace | string | `""` | The namespace the cert-manager issuer is located in. If left empty defaults to the release's namespace that is used for the webhook. Only used if you set webhook.tls.mode to "cert-manager". | -| webhook.tls.mode | string | `"generated"` | The mode for the webhook. Can be "provided", "generated", "secret" or "cert-manager". If you want to use cert-manager, you need to install it first. NOTE: If you choose "generated", additional privileges are required to create the certificate and webhook at runtime. | -| webhook.tls.provided.caBundle | string | `""` | The caBundle that is used for the webhook. This is the certificate that is used to sign the webhook. Only used if you set webhook.tls.mode to "provided". | -| webhook.tls.provided.crt | string | `""` | The certificate that is used for the webhook. Only used if you set webhook.tls.mode to "provided". | -| webhook.tls.provided.key | string | `""` | The key that is used for the webhook. Only used if you set webhook.tls.mode to "provided". | -| webhook.tls.secret.name | string | `""` | The name of the secret containing the pre-provisioned certificate data that is used for the webhook. Only used if you set webhook.tls.mode to "secret". | - diff --git a/charts/stackstate/stackstate-k8s-agent/1.0.78/charts/http-header-injector/Readme.md.gotpl b/charts/stackstate/stackstate-k8s-agent/1.0.78/charts/http-header-injector/Readme.md.gotpl deleted file mode 100644 index 225032aa2..000000000 --- a/charts/stackstate/stackstate-k8s-agent/1.0.78/charts/http-header-injector/Readme.md.gotpl +++ /dev/null @@ -1,26 +0,0 @@ -{{ template "chart.header" . }} -{{ template "chart.description" . }} - -Current chart version is `{{ template "chart.version" . }}` - -{{ template "chart.homepageLine" . }} - -{{ template "chart.requirementsSection" . }} - -## Required Values - -No values have to be included to install this chart. After installing this chart, it becomes possible to annotate pods with -the `http-header-injector.stackstate.io/inject: enabled` annotation to make sure the sidecar provided by this chart is -activated on a pod. - -## Recommended Values - -{{ template "chart.valuesSection" . -}} - -## Install - -Install from the command line on Helm with the following command: - -```shell -helm install stackstate/http-header-injector -``` diff --git a/charts/stackstate/stackstate-k8s-agent/1.0.78/charts/http-header-injector/templates/_defines.tpl b/charts/stackstate/stackstate-k8s-agent/1.0.78/charts/http-header-injector/templates/_defines.tpl deleted file mode 100644 index a3614d755..000000000 --- a/charts/stackstate/stackstate-k8s-agent/1.0.78/charts/http-header-injector/templates/_defines.tpl +++ /dev/null @@ -1,113 +0,0 @@ -{{- define "http-header-injector.app.name" -}} -{{ .Release.Name }}-http-header-injector -{{- end -}} - -{{- define "http-header-injector.webhook-service.name" -}} -{{ .Release.Name }}-http-header-injector -{{- end -}} - -{{- define "http-header-injector.webhook-service.fqname" -}} -{{ .Release.Name }}-http-header-injector.{{ .Release.Namespace }}.svc -{{- end -}} - -{{- define "http-header-injector.cert-secret.name" -}} -{{- if eq .Values.webhook.tls.mode "secret" -}} -{{ .Values.webhook.tls.secret.name }} -{{- else -}} -{{ .Release.Name }}-http-injector-cert -{{- end -}} -{{- end -}} - -{{- define "http-header-injector.cert-clusterrole.name" -}} -{{ .Release.Name }}-http-injector-cert-cluster-role -{{- end -}} - -{{- define "http-header-injector.cert-serviceaccount.name" -}} -{{ .Release.Name }}-http-injector-cert-sa -{{- end -}} - -{{- define "http-header-injector.cert-config.name" -}} -{{ .Release.Name }}-cert-config -{{- end -}} - -{{- define "http-header-injector.mutatingwebhookconfiguration.name" -}} -{{ .Release.Name }}-http-header-injector-webhook.stackstate.io -{{- end -}} - -{{- define "http-header-injector.webhook-config.name" -}} -{{ .Release.Name }}-http-header-injector-config -{{- end -}} - -{{- define "http-header-injector.mutating-webhook.name" -}} -{{ .Release.Name }}-http-header-injector-webhook -{{- end -}} - -{{- define "http-header-injector.pull-secret.name" -}} -{{ include "http-header-injector.app.name" . }}-pull-secret -{{- end -}} - -{{/* If the issuer is located in a different namespace, it is possible to set that, else default to the release namespace */}} -{{- define "cert-manager.certificate.namespace" -}} -{{ .Values.webhook.tls.certManager.issuerNamespace | default .Release.Namespace }} -{{- end -}} - -{{- define "http-header-injector.image.registry.global" -}} - {{- if .Values.global }} - {{- .Values.global.imageRegistry | default "quay.io" -}} - {{- else -}} - quay.io - {{- end -}} -{{- end -}} - -{{- define "http-header-injector.image.registry" -}} - {{- if ((.ContainerConfig).image).registry -}} - {{- tpl .ContainerConfig.image.registry . -}} - {{- else -}} - {{- include "http-header-injector.image.registry.global" . }} - {{- end -}} -{{- end -}} - -{{- define "http-header-injector.image.pullSecrets" -}} - {{- $pullSecrets := list }} - {{- $pullSecrets = append $pullSecrets (include "http-header-injector.pull-secret.name" .) }} - {{- range .Values.global.imagePullSecrets -}} - {{- $pullSecrets = append $pullSecrets . -}} - {{- end -}} - {{- if (not (empty $pullSecrets)) -}} -imagePullSecrets: - {{- range $pullSecrets | uniq }} - - name: {{ . }} - {{- end }} - {{- end -}} -{{- end -}} - -{{- define "http-header-injector.cert-setup.container.main" }} -{{- $containerConfig := dict "ContainerConfig" .Values.certificatePrehook -}} -name: webhook-cert-setup -image: "{{ include "http-header-injector.image.registry" (merge $containerConfig .) }}/{{ .Values.certificatePrehook.image.repository }}:{{ .Values.certificatePrehook.image.tag }}" -imagePullPolicy: {{ .Values.certificatePrehook.image.pullPolicy }} -{{- with .Values.certificatePrehook.resources }} -resources: - {{- toYaml . | nindent 2 }} -{{- end }} -volumeMounts: - - name: "{{ include "http-header-injector.cert-config.name" . }}" - mountPath: /scripts - readOnly: true -command: ["/scripts/generate-cert.sh"] -{{- end }} - -{{- define "http-header-injector.cert-delete.container.main" }} -{{- $containerConfig := dict "ContainerConfig" .Values.certificatePrehook -}} -name: webhook-cert-delete -image: "{{ include "http-header-injector.image.registry" (merge $containerConfig .) }}/{{ .Values.certificatePrehook.image.repository }}:{{ .Values.certificatePrehook.image.tag }}" -imagePullPolicy: {{ .Values.certificatePrehook.image.pullPolicy }} -{{- with .Values.certificatePrehook.resources }} -resources: - {{- toYaml . | nindent 2 }} -{{- end }} -volumeMounts: - - name: "{{ include "http-header-injector.cert-config.name" . }}" - mountPath: /scripts -command: [ "/scripts/delete-cert.sh" ] -{{- end }} \ No newline at end of file diff --git a/charts/stackstate/stackstate-k8s-agent/1.0.78/charts/http-header-injector/templates/cert-hook-clusterrolbinding.yaml b/charts/stackstate/stackstate-k8s-agent/1.0.78/charts/http-header-injector/templates/cert-hook-clusterrolbinding.yaml deleted file mode 100644 index fb804f729..000000000 --- a/charts/stackstate/stackstate-k8s-agent/1.0.78/charts/http-header-injector/templates/cert-hook-clusterrolbinding.yaml +++ /dev/null @@ -1,22 +0,0 @@ -{{- if eq .Values.webhook.tls.mode "generated" }} -apiVersion: rbac.authorization.k8s.io/v1 -kind: ClusterRoleBinding -metadata: - name: "{{ include "http-header-injector.cert-serviceaccount.name" . }}" - labels: - app.kubernetes.io/component: http-header-injector-cert-hook - app.kubernetes.io/instance: {{ .Release.Name }} - app.kubernetes.io/name: {{ include "http-header-injector.app.name" . }} - annotations: - "helm.sh/hook": pre-install,pre-upgrade,post-delete,post-upgrade - "helm.sh/hook-weight": "-3" - "helm.sh/hook-delete-policy": before-hook-creation,hook-succeeded -roleRef: - apiGroup: rbac.authorization.k8s.io - kind: ClusterRole - name: "{{ include "http-header-injector.cert-clusterrole.name" . }}" -subjects: - - kind: ServiceAccount - name: "{{ include "http-header-injector.cert-serviceaccount.name" . }}" - namespace: {{ .Release.Namespace }} -{{- end }} diff --git a/charts/stackstate/stackstate-k8s-agent/1.0.78/charts/http-header-injector/templates/cert-hook-clusterrole.yaml b/charts/stackstate/stackstate-k8s-agent/1.0.78/charts/http-header-injector/templates/cert-hook-clusterrole.yaml deleted file mode 100644 index 595ae5c1b..000000000 --- a/charts/stackstate/stackstate-k8s-agent/1.0.78/charts/http-header-injector/templates/cert-hook-clusterrole.yaml +++ /dev/null @@ -1,24 +0,0 @@ -{{- if eq .Values.webhook.tls.mode "generated" }} -apiVersion: rbac.authorization.k8s.io/v1 -kind: ClusterRole -metadata: - name: "{{ include "http-header-injector.cert-clusterrole.name" . }}" - labels: - app.kubernetes.io/component: http-header-injector-cert-hook - app.kubernetes.io/instance: {{ .Release.Name }} - app.kubernetes.io/name: {{ include "http-header-injector.app.name" . }} - annotations: - "helm.sh/hook": pre-install,pre-upgrade,post-delete,post-upgrade - "helm.sh/hook-weight": "-4" - "helm.sh/hook-delete-policy": before-hook-creation,hook-succeeded -rules: - - apiGroups: [ "admissionregistration.k8s.io" ] - resources: [ "mutatingwebhookconfigurations" ] - verbs: [ "get", "create", "patch","update","delete" ] - - apiGroups: [ "" ] - resources: [ "secrets" ] - verbs: [ "create", "get", "patch","update","delete" ] - - apiGroups: [ "apps" ] - resources: [ "deployments" ] - verbs: [ "get" ] -{{- end }} diff --git a/charts/stackstate/stackstate-k8s-agent/1.0.78/charts/http-header-injector/templates/cert-hook-config.yaml b/charts/stackstate/stackstate-k8s-agent/1.0.78/charts/http-header-injector/templates/cert-hook-config.yaml deleted file mode 100644 index b0c5f22fd..000000000 --- a/charts/stackstate/stackstate-k8s-agent/1.0.78/charts/http-header-injector/templates/cert-hook-config.yaml +++ /dev/null @@ -1,152 +0,0 @@ -{{- if eq .Values.webhook.tls.mode "generated" }} -apiVersion: v1 -kind: ConfigMap -metadata: - name: "{{ include "http-header-injector.cert-config.name" . }}" - labels: - app.kubernetes.io/component: http-header-injector-cert-hook - app.kubernetes.io/instance: {{ .Release.Name }} - app.kubernetes.io/name: {{ include "http-header-injector.app.name" . }} - annotations: - "helm.sh/hook": pre-install,pre-upgrade,post-delete,post-upgrade - "helm.sh/hook-weight": "-3" - "helm.sh/hook-delete-policy": before-hook-creation,hook-succeeded -data: - generate-cert.sh: | - #!/bin/bash - - # We are going for a self-signed certificate here. We would like to use k8s CertificateSigningRequest, however, - # currently there are no out of the box signers that can sign a 'server auth' certificate, which is required for mutation webhooks. - set -ex - - SCRIPTDIR="${BASH_SOURCE%/*}" - - DIR=`mktemp -d` - - cd "$DIR" - - {{ if .Values.enabled }} - echo "Chart enabled, creating secret and webhook" - - openssl genrsa -out ca.key 2048 - - openssl req -x509 -new -nodes -key ca.key -subj "/CN={{ include "http-header-injector.webhook-service.fqname" . }}" -days 10000 -out ca.crt - - openssl genrsa -out tls.key 2048 - - openssl req -new -key tls.key -out tls.csr -config "$SCRIPTDIR/csr.conf" - - openssl x509 -req -in tls.csr -CA ca.crt -CAkey ca.key \ - -CAcreateserial -out tls.crt -days 10000 \ - -extensions v3_ext -extfile "$SCRIPTDIR/csr.conf" -sha256 - - # Create or update the secret - echo "Applying secret" - kubectl create secret tls "{{ include "http-header-injector.cert-secret.name" . }}" \ - -n "{{ .Release.Namespace }}" \ - --cert=./tls.crt \ - --key=./tls.key \ - --dry-run=client \ - -o yaml | kubectl apply -f - - - echo "Applying mutationwebhook" - caBundle=`base64 -w 0 ca.crt` - cat "$SCRIPTDIR/mutatingwebhookconfiguration.yaml" | sed "s/\\\$CA_BUNDLE/$caBundle/g" | kubectl apply -f - - {{ else }} - echo "Chart disabled, not creating secret and webhook" - {{ end }} - delete-cert.sh: | - #!/bin/bash - - set -x - - DIR="${BASH_SOURCE%/*}" - if [[ ! -d "$DIR" ]]; then DIR="$PWD"; fi - if [[ "$DIR" = "." ]]; then DIR="$PWD"; fi - - cd "$DIR" - - # Using detection of deployment hee to also make this work in post-delete. - if kubectl get deployments "{{ include "http-header-injector.app.name" . }}" -n "{{ .Release.Namespace }}"; then - echo "Chart enabled, not removing secret and mutationwebhook" - exit 0 - else - echo "Chart disabled, removing secret and mutationwebhook" - fi - - # Create or update the secret - echo "Deleting secret" - kubectl delete secret "{{ include "http-header-injector.cert-secret.name" . }}" -n "{{ .Release.Namespace }}" - - echo "Applying mutationwebhook" - kubectl delete MutatingWebhookConfiguration "{{ include "http-header-injector.mutating-webhook.name" . }}" -n "{{ .Release.Namespace }}" - - exit 0 - - csr.conf: | - [ req ] - default_bits = 2048 - prompt = no - default_md = sha256 - req_extensions = req_ext - distinguished_name = dn - - [ dn ] - C = NL - ST = Utrecht - L = Hilversum - O = StackState - OU = Dev - CN = {{ include "http-header-injector.webhook-service.fqname" . }} - - [ req_ext ] - subjectAltName = @alt_names - - [ alt_names ] - DNS.1 = {{ include "http-header-injector.webhook-service.fqname" . }} - - [ v3_ext ] - authorityKeyIdentifier=keyid,issuer:always - basicConstraints=CA:FALSE - keyUsage=keyEncipherment,dataEncipherment - extendedKeyUsage=serverAuth - subjectAltName=@alt_names - - mutatingwebhookconfiguration.yaml: | - apiVersion: admissionregistration.k8s.io/v1 - kind: MutatingWebhookConfiguration - metadata: - name: "{{ include "http-header-injector.mutating-webhook.name" . }}" - namespace: "{{ .Release.Namespace }}" - webhooks: - - clientConfig: - caBundle: "$CA_BUNDLE" - service: - name: "{{ include "http-header-injector.webhook-service.name" . }}" - path: /mutate - namespace: {{ .Release.Namespace }} - port: 8443 - # Putting failure on ignore, not doing so can crash the entire control plane if something goes wrong with the service. - failurePolicy: "{{ .Values.webhook.failurePolicy }}" - name: "{{ include "http-header-injector.mutatingwebhookconfiguration.name" . }}" - namespaceSelector: - matchExpressions: - - key: kubernetes.io/metadata.name - operator: NotIn - values: - - kube-system - - cert-manager - - {{ .Release.Namespace }} - rules: - - apiGroups: - - "" - apiVersions: - - v1 - operations: - - CREATE - resources: - - pods - sideEffects: None - admissionReviewVersions: - - v1 -{{- end }} diff --git a/charts/stackstate/stackstate-k8s-agent/1.0.78/charts/http-header-injector/templates/cert-hook-job-delete.yaml b/charts/stackstate/stackstate-k8s-agent/1.0.78/charts/http-header-injector/templates/cert-hook-job-delete.yaml deleted file mode 100644 index 1e67e5a45..000000000 --- a/charts/stackstate/stackstate-k8s-agent/1.0.78/charts/http-header-injector/templates/cert-hook-job-delete.yaml +++ /dev/null @@ -1,35 +0,0 @@ -{{- if eq .Values.webhook.tls.mode "generated" }} -apiVersion: batch/v1 -kind: Job -metadata: - name: {{ .Release.Name }}-header-injector-cert-delete - labels: - app.kubernetes.io/component: http-header-injector-cert-hook-delete - app.kubernetes.io/instance: {{ .Release.Name }} - app.kubernetes.io/name: {{ include "http-header-injector.app.name" . }} - annotations: - "helm.sh/hook": post-delete,post-upgrade - "helm.sh/hook-weight": "-2" - "helm.sh/hook-delete-policy": before-hook-creation{{- if not .Values.debug -}},hook-succeeded{{- end }} -spec: - template: - metadata: - labels: - app.kubernetes.io/component: http-header-injector-delete - app.kubernetes.io/instance: {{ .Release.Name }} - app.kubernetes.io/name: {{ include "http-header-injector.app.name" . }} - annotations: - checksum/config: {{ include (print $.Template.BasePath "/cert-hook-config.yaml") . | sha256sum }} - spec: - serviceAccountName: "{{ include "http-header-injector.cert-serviceaccount.name" . }}" - {{- include "http-header-injector.image.pullSecrets" . | nindent 6 }} - volumes: - - name: "{{ include "http-header-injector.cert-config.name" . }}" - configMap: - name: "{{ include "http-header-injector.cert-config.name" . }}" - defaultMode: 0777 - containers: - - {{ include "http-header-injector.cert-delete.container.main" . | nindent 8 }} - restartPolicy: Never - backoffLimit: 0 -{{- end }} diff --git a/charts/stackstate/stackstate-k8s-agent/1.0.78/charts/http-header-injector/templates/cert-hook-job-setup.yaml b/charts/stackstate/stackstate-k8s-agent/1.0.78/charts/http-header-injector/templates/cert-hook-job-setup.yaml deleted file mode 100644 index 19451d293..000000000 --- a/charts/stackstate/stackstate-k8s-agent/1.0.78/charts/http-header-injector/templates/cert-hook-job-setup.yaml +++ /dev/null @@ -1,35 +0,0 @@ -{{- if eq .Values.webhook.tls.mode "generated" }} -apiVersion: batch/v1 -kind: Job -metadata: - name: {{ .Release.Name }}-header-injector-cert-setup - labels: - app.kubernetes.io/component: http-header-injector-cert-hook-setup - app.kubernetes.io/instance: {{ .Release.Name }} - app.kubernetes.io/name: {{ include "http-header-injector.app.name" . }} - annotations: - "helm.sh/hook": pre-install,pre-upgrade - "helm.sh/hook-weight": "-2" - "helm.sh/hook-delete-policy": before-hook-creation{{- if not .Values.debug -}},hook-succeeded{{- end }} -spec: - template: - metadata: - labels: - app.kubernetes.io/component: http-header-injector-setup - app.kubernetes.io/instance: {{ .Release.Name }} - app.kubernetes.io/name: {{ include "http-header-injector.app.name" . }} - annotations: - checksum/config: {{ include (print $.Template.BasePath "/cert-hook-config.yaml") . | sha256sum }} - spec: - serviceAccountName: "{{ include "http-header-injector.cert-serviceaccount.name" . }}" - {{- include "http-header-injector.image.pullSecrets" . | nindent 6 }} - volumes: - - name: "{{ include "http-header-injector.cert-config.name" . }}" - configMap: - name: "{{ include "http-header-injector.cert-config.name" . }}" - defaultMode: 0777 - containers: - - {{ include "http-header-injector.cert-setup.container.main" . | nindent 8 }} - restartPolicy: Never - backoffLimit: 0 -{{- end }} diff --git a/charts/stackstate/stackstate-k8s-agent/1.0.78/charts/http-header-injector/templates/cert-hook-serviceaccount.yaml b/charts/stackstate/stackstate-k8s-agent/1.0.78/charts/http-header-injector/templates/cert-hook-serviceaccount.yaml deleted file mode 100644 index 4d6931b05..000000000 --- a/charts/stackstate/stackstate-k8s-agent/1.0.78/charts/http-header-injector/templates/cert-hook-serviceaccount.yaml +++ /dev/null @@ -1,16 +0,0 @@ -{{- if eq .Values.webhook.tls.mode "generated" }} -apiVersion: v1 -kind: ServiceAccount -metadata: - name: "{{ include "http-header-injector.cert-serviceaccount.name" . }}" - namespace: {{ .Release.Namespace }} - annotations: - "helm.sh/hook": pre-install,pre-upgrade,post-delete,post-upgrade - "helm.sh/hook-weight": "-4" - "helm.sh/hook-delete-policy": before-hook-creation,hook-succeeded - labels: - app.kubernetes.io/component: http-header-injector-cert-hook - app.kubernetes.io/instance: {{ .Release.Name }} - app.kubernetes.io/name: {{ include "http-header-injector.app.name" . }} - app: "{{ include "http-header-injector.app.name" . }}" -{{- end }} diff --git a/charts/stackstate/stackstate-k8s-agent/1.0.78/charts/http-header-injector/templates/pull-secret.yaml b/charts/stackstate/stackstate-k8s-agent/1.0.78/charts/http-header-injector/templates/pull-secret.yaml deleted file mode 100644 index 5dc48d931..000000000 --- a/charts/stackstate/stackstate-k8s-agent/1.0.78/charts/http-header-injector/templates/pull-secret.yaml +++ /dev/null @@ -1,29 +0,0 @@ -{{- $defaultRegistry := .Values.global.imageRegistry }} -{{- $top := . }} -{{- $registryAuthMap := dict }} - -{{- range $registry, $credentials := .Values.global.imagePullCredentials }} - {{- $registryAuthDocument := dict -}} - {{- $_ := set $registryAuthDocument "username" $credentials.username }} - {{- $_ := set $registryAuthDocument "password" $credentials.password }} - {{- $authMessage := printf "%s:%s" $registryAuthDocument.username $registryAuthDocument.password | b64enc }} - {{- $_ := set $registryAuthDocument "auth" $authMessage }} - {{- if eq $registry "default" }} - {{- $registryAuthMap := set $registryAuthMap (include "http-header-injector.image.registry.global" $top) $registryAuthDocument }} - {{ else }} - {{- $registryAuthMap := set $registryAuthMap $registry $registryAuthDocument }} - {{- end }} -{{- end }} -{{- $dockerAuthsDocuments := dict "auths" $registryAuthMap }} - -apiVersion: v1 -kind: Secret -metadata: - labels: - app.kubernetes.io/component: http-header-injector - app.kubernetes.io/instance: {{ .Release.Name }} - app.kubernetes.io/name: {{ include "http-header-injector.app.name" . }} - name: {{ include "http-header-injector.pull-secret.name" . }} -data: - .dockerconfigjson: {{ $dockerAuthsDocuments | toJson | b64enc | quote }} -type: kubernetes.io/dockerconfigjson \ No newline at end of file diff --git a/charts/stackstate/stackstate-k8s-agent/1.0.78/charts/http-header-injector/templates/webhook-cert-secret.yaml b/charts/stackstate/stackstate-k8s-agent/1.0.78/charts/http-header-injector/templates/webhook-cert-secret.yaml deleted file mode 100644 index ba7a216f2..000000000 --- a/charts/stackstate/stackstate-k8s-agent/1.0.78/charts/http-header-injector/templates/webhook-cert-secret.yaml +++ /dev/null @@ -1,15 +0,0 @@ -{{- if eq .Values.webhook.tls.mode "provided" }} -apiVersion: v1 -kind: Secret -metadata: - name: {{ include "http-header-injector.cert-secret.name" . }} - namespace: {{ .Release.Namespace }} - labels: - app.kubernetes.io/component: http-header-injector - app.kubernetes.io/instance: {{ .Release.Name }} - app.kubernetes.io/name: {{ include "http-header-injector.app.name" . }} -type: kubernetes.io/tls -data: - tls.crt: {{ .Values.webhook.tls.provided.crt | b64enc }} - tls.key: {{ .Values.webhook.tls.provided.key | b64enc }} -{{- end }} diff --git a/charts/stackstate/stackstate-k8s-agent/1.0.78/charts/http-header-injector/templates/webhook-certificate.yaml b/charts/stackstate/stackstate-k8s-agent/1.0.78/charts/http-header-injector/templates/webhook-certificate.yaml deleted file mode 100644 index 752132d44..000000000 --- a/charts/stackstate/stackstate-k8s-agent/1.0.78/charts/http-header-injector/templates/webhook-certificate.yaml +++ /dev/null @@ -1,20 +0,0 @@ -{{- if eq .Values.webhook.tls.mode "cert-manager" }} -apiVersion: cert-manager.io/v1 -kind: Certificate -metadata: - name: {{ include "http-header-injector.webhook-service.name" . }} - namespace: {{ include "cert-manager.certificate.namespace" . }} - labels: - app.kubernetes.io/component: http-header-injector - app.kubernetes.io/instance: {{ .Release.Name }} - app.kubernetes.io/name: {{ include "http-header-injector.app.name" . }} -spec: - secretName: {{ include "http-header-injector.cert-secret.name" . }} - issuerRef: - name: {{ .Values.webhook.tls.certManager.issuer }} - kind: {{ .Values.webhook.tls.certManager.issuerKind }} - dnsNames: - - "{{ include "http-header-injector.webhook-service.name" . }}" - - "{{ include "http-header-injector.webhook-service.name" . }}.{{ .Release.Namespace }}" - - "{{ include "http-header-injector.webhook-service.name" . }}.{{ .Release.Namespace }}.svc" -{{- end }} diff --git a/charts/stackstate/stackstate-k8s-agent/1.0.78/charts/http-header-injector/templates/webhook-config.yaml b/charts/stackstate/stackstate-k8s-agent/1.0.78/charts/http-header-injector/templates/webhook-config.yaml deleted file mode 100644 index f611a52e3..000000000 --- a/charts/stackstate/stackstate-k8s-agent/1.0.78/charts/http-header-injector/templates/webhook-config.yaml +++ /dev/null @@ -1,125 +0,0 @@ -{{- if .Values.enabled -}} -{{- $proxyContainerConfig := dict "ContainerConfig" .Values.proxy -}} -{{- $proxyInitContainerConfig := dict "ContainerConfig" .Values.proxyInit -}} -apiVersion: v1 -kind: ConfigMap -metadata: - labels: - app.kubernetes.io/component: http-header-injector - app.kubernetes.io/instance: {{ .Release.Name }} - app.kubernetes.io/name: {{ include "http-header-injector.app.name" . }} - name: {{ .Release.Name }}-http-header-injector-config -data: - sidecarconfig.yaml: | - initContainers: - - name: http-header-proxy-init - image: "{{ include "http-header-injector.image.registry" (merge $proxyInitContainerConfig .) }}/{{ .Values.proxyInit.image.repository }}:{{ .Values.proxyInit.image.tag }}" - imagePullPolicy: {{ .Values.proxyInit.image.pullPolicy }} - command: ["/init-iptables.sh"] - env: - - name: CHART_VERSION - value: "{{ .Chart.Version }}" - - name: PROXY_PORT - value: {% if index .Annotations "config.http-header-injector.stackstate.io/proxy-port" %}"{% index .Annotations "config.http-header-injector.stackstate.io/proxy-port" %}"{% else %}"7060"{% end %} - - name: PROXY_UID - value: {% if index .Annotations "config.http-header-injector.stackstate.io/proxy-uid" %}"{% index .Annotations "config.http-header-injector.stackstate.io/proxy-uid" %}"{% else %}"2103"{% end %} - - name: POD_HOST_NETWORK - value: {% .Spec.HostNetwork %} - {% if eq (index .Annotations "linkerd.io/inject") "enabled" %} - - name: LINKERD - value: true - # Reference: https://linkerd.io/2.13/reference/proxy-configuration/ - - name: LINKERD_PROXY_UID - value: {% if index .Annotations "config.linkerd.io/proxy-uid" %}"{% index .Annotations "config.linkerd.io/proxy-uid" %}"{% else %}"2102"{% end %} - # Due to https://github.com/linkerd/linkerd2/issues/10981 this is now not realy possible, still bringing in the code for future reference - - name: LINKERD_ADMIN_PORT - value: {% if index .Annotations "config.linkerd.io/admin-port" %}"{% index .Annotations "config.linkerd.io/admin-port" %}"{% else %}"4191"{% end %} - {% end %} - securityContext: - allowPrivilegeEscalation: false - capabilities: - add: - - NET_ADMIN - - NET_RAW - privileged: false - readOnlyRootFilesystem: true - runAsNonRoot: false - runAsUser: 0 - seccompProfile: - type: RuntimeDefault - volumeMounts: - # This is required for iptables to be able to run - - mountPath: /run - name: http-header-proxy-init-xtables-lock - - containers: - - name: http-header-proxy - image: "{{ include "http-header-injector.image.registry" (merge $proxyContainerConfig .) }}/{{ .Values.proxy.image.repository }}:{{ .Values.proxy.image.tag }}" - imagePullPolicy: {{ .Values.proxy.image.pullPolicy }} - env: - - name: CHART_VERSION - value: "{{ .Chart.Version }}" - - name: PORT - value: {% if index .Annotations "config.http-header-injector.stackstate.io/proxy-port" %}"{% index .Annotations "config.http-header-injector.stackstate.io/proxy-port" %}"{% else %}"7060"{% end %} - - name: DEBUG - value: {% if index .Annotations "config.http-header-injector.stackstate.io/debug" %}"{% index .Annotations "config.http-header-injector.stackstate.io/debug" %}"{% else %}"disabled"{% end %} - securityContext: - runAsUser: {% if index .Annotations "config.http-header-injector.stackstate.io/proxy-uid" %}{% index .Annotations "config.http-header-injector.stackstate.io/proxy-uid" %}{% else %}2103{% end %} - seccompProfile: - type: RuntimeDefault - {{- with .Values.proxy.resources }} - resources: - {{- toYaml . | nindent 12 }} - {{- end }} - - name: http-header-inject-debug - image: "{{ include "http-header-injector.image.registry" (merge $proxyContainerConfig .) }}/{{ .Values.proxyInit.image.repository }}:{{ .Values.proxyInit.image.tag }}" - imagePullPolicy: {{ .Values.proxyInit.image.pullPolicy }} - command: ["/bin/sh", "-c", "while echo \"Running\"; do sleep 1; done"] - securityContext: - allowPrivilegeEscalation: false - capabilities: - add: - - NET_ADMIN - - NET_RAW - privileged: false - readOnlyRootFilesystem: true - runAsNonRoot: false - runAsUser: 0 - seccompProfile: - type: RuntimeDefault - volumeMounts: - # This is required for iptables to be able to run - - mountPath: /run - name: http-header-proxy-init-xtables-lock - - volumes: - - emptyDir: {} - name: http-header-proxy-init-xtables-lock - - mutationconfig.yaml: | - mutationConfigs: - - name: "http-header-injector" - annotationNamespace: "http-header-injector.stackstate.io" - annotationTrigger: "inject" - annotationConfig: - volumeMounts: [] - initContainersBeforePodInitContainers: [ "http-header-proxy-init" ] - initContainers: [ "http-header-proxy-init" ] - containers: [ "http-header-proxy" ] - volumes: [ "http-header-proxy-init-xtables-lock" ] - volumeMounts: [ ] - # Namespaces are ignored by the mutatingwebhook - ignoreNamespaces: [ ] - - name: "http-header-injector-debug" - annotationNamespace: "http-header-injector-debug.stackstate.io" - annotationTrigger: "inject" - annotationConfig: - volumeMounts: [] - initContainersBeforePodInitContainers: [ ] - initContainers: [ ] - containers: [ "http-header-inject-debug" ] - volumes: [ "http-header-proxy-init-xtables-lock" ] - volumeMounts: [ ] - # Namespaces are ignored by the mutatingwebhook - ignoreNamespaces: [ ] - {{- end -}} \ No newline at end of file diff --git a/charts/stackstate/stackstate-k8s-agent/1.0.78/charts/http-header-injector/templates/webhook-deployment.yaml b/charts/stackstate/stackstate-k8s-agent/1.0.78/charts/http-header-injector/templates/webhook-deployment.yaml deleted file mode 100644 index e885d0e46..000000000 --- a/charts/stackstate/stackstate-k8s-agent/1.0.78/charts/http-header-injector/templates/webhook-deployment.yaml +++ /dev/null @@ -1,56 +0,0 @@ -{{- if .Values.enabled -}} -{{- $containerConfig := dict "ContainerConfig" .Values.sidecarInjector -}} -apiVersion: apps/v1 -kind: Deployment -metadata: - labels: - app.kubernetes.io/component: http-header-injector - app.kubernetes.io/instance: {{ .Release.Name }} - app.kubernetes.io/name: {{ include "http-header-injector.app.name" . }} - app: "{{ include "http-header-injector.app.name" . }}" - name: "{{ include "http-header-injector.app.name" . }}" -spec: - replicas: 1 - selector: - matchLabels: - app: "{{ include "http-header-injector.app.name" . }}" - template: - metadata: - labels: - app.kubernetes.io/component: http-header-injector - app.kubernetes.io/instance: {{ .Release.Name }} - app.kubernetes.io/name: {{ include "http-header-injector.app.name" . }} - app: "{{ include "http-header-injector.app.name" . }}" - annotations: - checksum/config: {{ include (print $.Template.BasePath "/webhook-config.yaml") . | sha256sum }} - # This is here to make sure the generic injector gets restarted and picks up a new secret that may have been generated upon upgrade. - revision: "{{ .Release.Revision }}" - name: "{{ include "http-header-injector.app.name" . }}" - spec: - {{- include "http-header-injector.image.pullSecrets" . | nindent 6 }} - volumes: - - name: "{{ include "http-header-injector.webhook-config.name" . }}" - configMap: - name: "{{ include "http-header-injector.webhook-config.name" . }}" - - name: "{{ include "http-header-injector.cert-secret.name" . }}" - secret: - secretName: "{{ include "http-header-injector.cert-secret.name" . }}" - containers: - - image: "{{ include "http-header-injector.image.registry" (merge $containerConfig .) }}/{{ .Values.sidecarInjector.image.repository }}:{{ .Values.sidecarInjector.image.tag }}" - imagePullPolicy: {{ .Values.sidecarInjector.image.pullPolicy }} - name: http-header-injector - volumeMounts: - - name: "{{ include "http-header-injector.webhook-config.name" . }}" - mountPath: /etc/webhook/config - readOnly: true - - name: "{{ include "http-header-injector.cert-secret.name" . }}" - mountPath: /etc/webhook/certs - readOnly: true - command: [ "/sidecarinjector" ] - args: - - --port=8443 - - --sidecar-config-file=/etc/webhook/config/sidecarconfig.yaml - - --mutation-config-file=/etc/webhook/config/mutationconfig.yaml - - --cert-file-path=/etc/webhook/certs/tls.crt - - --key-file-path=/etc/webhook/certs/tls.key -{{- end -}} \ No newline at end of file diff --git a/charts/stackstate/stackstate-k8s-agent/1.0.78/charts/http-header-injector/templates/webhook-mutatingwebhookconfiguration.yaml b/charts/stackstate/stackstate-k8s-agent/1.0.78/charts/http-header-injector/templates/webhook-mutatingwebhookconfiguration.yaml deleted file mode 100644 index 32d58afde..000000000 --- a/charts/stackstate/stackstate-k8s-agent/1.0.78/charts/http-header-injector/templates/webhook-mutatingwebhookconfiguration.yaml +++ /dev/null @@ -1,52 +0,0 @@ -{{- if not (eq .Values.webhook.tls.mode "generated") }} -apiVersion: admissionregistration.k8s.io/v1 -kind: MutatingWebhookConfiguration -metadata: - name: "{{ include "http-header-injector.mutating-webhook.name" . }}" - namespace: "{{ .Release.Namespace }}" - labels: - app.kubernetes.io/component: http-header-injector - app.kubernetes.io/instance: {{ .Release.Name }} - app.kubernetes.io/name: {{ include "http-header-injector.app.name" . }} - annotations: - {{- if eq .Values.webhook.tls.mode "cert-manager" }} - cert-manager.io/inject-ca-from: {{ include "cert-manager.certificate.namespace" . }}/{{ include "http-header-injector.webhook-service.name" . }} - {{- else if eq .Values.webhook.tls.mode "secret" }} - cert-manager.io/inject-ca-from-secret: {{ .Release.Namespace }}/{{ .Values.webhook.tls.secret.name | required "'webhook.tls.secret.name' is required when webhook.tls.mode is 'secret'" }} - {{- end }} -webhooks: - - clientConfig: - {{- if eq .Values.webhook.tls.mode "provided" }} - caBundle: "{{ .Values.webhook.tls.provided.caBundle | b64enc }}" - {{- else if or (eq .Values.webhook.tls.mode "cert-manager") (eq .Values.webhook.tls.mode "secret") }} - caBundle: "" - {{- end }} - service: - name: "{{ include "http-header-injector.webhook-service.name" . }}" - path: /mutate - namespace: {{ .Release.Namespace }} - port: 8443 - # Putting failure on ignore, not doing so can crash the entire control plane if something goes wrong with the service. - failurePolicy: "{{ .Values.webhook.failurePolicy }}" - name: "{{ include "http-header-injector.mutatingwebhookconfiguration.name" . }}" - namespaceSelector: - matchExpressions: - - key: kubernetes.io/metadata.name - operator: NotIn - values: - - kube-system - - cert-manager - - {{ .Release.Namespace }} - rules: - - apiGroups: - - "" - apiVersions: - - v1 - operations: - - CREATE - resources: - - pods - sideEffects: None - admissionReviewVersions: - - v1 -{{- end }} diff --git a/charts/stackstate/stackstate-k8s-agent/1.0.78/charts/http-header-injector/templates/webhook-service.yaml b/charts/stackstate/stackstate-k8s-agent/1.0.78/charts/http-header-injector/templates/webhook-service.yaml deleted file mode 100644 index 6936a5d23..000000000 --- a/charts/stackstate/stackstate-k8s-agent/1.0.78/charts/http-header-injector/templates/webhook-service.yaml +++ /dev/null @@ -1,17 +0,0 @@ -{{- if .Values.enabled -}} -apiVersion: v1 -kind: Service -metadata: - labels: - app.kubernetes.io/component: http-header-injector - app.kubernetes.io/instance: {{ .Release.Name }} - app.kubernetes.io/name: {{ include "http-header-injector.app.name" . }} - name: "{{ include "http-header-injector.webhook-service.name" . }}" -spec: - ports: - - port: 8443 - protocol: TCP - targetPort: 8443 - selector: - app: "{{ include "http-header-injector.app.name" . }}" -{{- end -}} diff --git a/charts/stackstate/stackstate-k8s-agent/1.0.78/charts/http-header-injector/values.yaml b/charts/stackstate/stackstate-k8s-agent/1.0.78/charts/http-header-injector/values.yaml deleted file mode 100644 index b7ed95b53..000000000 --- a/charts/stackstate/stackstate-k8s-agent/1.0.78/charts/http-header-injector/values.yaml +++ /dev/null @@ -1,105 +0,0 @@ -# enabled -- Enable/disable the mutationwebhook -enabled: true - -# debug -- Enable debugging. This will leave leave artifacts around like the prehook jobs for further inspection -debug: false - -global: - # global.imageRegistry -- Globally override the image registry that is used. Can be overridden by specific containers. Defaults to quay.io - imageRegistry: null - # global.imagePullSecrets -- Globally add image pull secrets that are used. - imagePullSecrets: [] - # global.imagePullCredentials -- Globally define credentials for pulling images. - imagePullCredentials: {} - -images: - pullSecretName: - -# proxy -- Proxy being injected into pods for rewriting http headers -proxy: - image: - # proxy.image.registry -- Registry for the docker image. - registry: - # proxy.image.repository - Repository for the docker image - repository: "stackstate/http-header-injector-proxy" - # proxy.image.pullPolicy -- Policy when pulling an image - pullPolicy: IfNotPresent - # proxy.image.tag -- The tag for the docker image - tag: sha-5ff79451 - - # proxy.resource -- Resources for the proxy container - resources: - requests: - # proxy.resources.requests.memory -- Memory resource requests. - memory: "25Mi" - limits: - # proxy.resources.limits.memory -- Memory resource limits. - memory: "40Mi" - -# proxyInit -- InitContainer within pod which redirects traffic to the proxy container. -proxyInit: - image: - # proxyInit.image.registry -- Registry for the docker image - registry: - # proxyInit.image.repository - Repository for the docker image - repository: "stackstate/http-header-injector-proxy-init" - # proxyInit.image.pullPolicy -- Policy when pulling an image - pullPolicy: IfNotPresent - # proxyInit.image.tag -- The tag for the docker image - tag: sha-5ff79451 - -# sidecarInjector -- Service for injecting the proxy sidecar into pods -sidecarInjector: - image: - # sidecarInjector.image.registry -- Registry for the docker image. - registry: - # sidecarInjector.image.repository - Repository for the docker image - repository: "stackstate/generic-sidecar-injector" - # sidecarInjector.image.pullPolicy -- Policy when pulling an image - pullPolicy: IfNotPresent - # sidecarInjector.image.tag -- The tag for the docker image - tag: sha-9c852245 - -# certificatePrehook -- Helm prehook to setup/remove a certificate for the sidecarInjector mutationwebhook -certificatePrehook: - image: - # certificatePrehook.image.registry -- Registry for the docker image. - registry: - # certificatePrehook.image.repository - Repository for the docker image. - repository: stackstate/container-tools - # certificatePrehook.image.pullPolicy -- Policy when pulling an image - pullPolicy: IfNotPresent - # certificatePrehook.image.tag -- The tag for the docker image - tag: 1.2.0 - resources: - limits: - cpu: "100m" - memory: "100Mi" - requests: - cpu: "100m" - memory: "100Mi" - -# webhook -- MutationWebhook that will be installed to inject a sidecar into pods -webhook: - # webhook.failurePolicy -- How should the webhook fail? Best is to use Ignore, because there is a brief moment at initialization when the hook s there but the service not. Also, putting this to fail can cause the control plane be unresponsive. - failurePolicy: Ignore - tls: - # webhook.tls.mode -- The mode for the webhook. Can be "provided", "generated", "secret" or "cert-manager". If you want to use cert-manager, you need to install it first. NOTE: If you choose "generated", additional privileges are required to create the certificate and webhook at runtime. - mode: "generated" - provided: - # webhook.tls.provided.caBundle -- The caBundle that is used for the webhook. This is the certificate that is used to sign the webhook. Only used if you set webhook.tls.mode to "provided". - caBundle: "" - # webhook.tls.provided.crt -- The certificate that is used for the webhook. Only used if you set webhook.tls.mode to "provided". - crt: "" - # webhook.tls.provided.key -- The key that is used for the webhook. Only used if you set webhook.tls.mode to "provided". - key: "" - certManager: - # webhook.tls.certManager.issuer -- The issuer that is used for the webhook. Only used if you set webhook.tls.mode to "cert-manager". - issuer: "" - # webhook.tls.certManager.issuerKind -- The issuer kind that is used for the webhook, valid values are "Issuer" or "ClusterIssuer". Only used if you set webhook.tls.mode to "cert-manager". - issuerKind: "ClusterIssuer" - # webhook.tls.certManager.issuerNamespace -- The namespace the cert-manager issuer is located in. If left empty defaults to the release's namespace that is used for the webhook. Only used if you set webhook.tls.mode to "cert-manager". - issuerNamespace: "" - secret: - # webhook.tls.secret.name -- The name of the secret containing the pre-provisioned certificate data that is used for the webhook. Only used if you set webhook.tls.mode to "secret". - name: "" diff --git a/charts/stackstate/stackstate-k8s-agent/1.0.78/questions.yml b/charts/stackstate/stackstate-k8s-agent/1.0.78/questions.yml deleted file mode 100644 index 5d6e6a011..000000000 --- a/charts/stackstate/stackstate-k8s-agent/1.0.78/questions.yml +++ /dev/null @@ -1,184 +0,0 @@ -questions: - - variable: stackstate.apiKey - label: "StackState API Key" - type: string - description: "The API key for StackState." - required: true - group: General - - variable: stackstate.url - label: "StackState URL" - type: string - description: "The URL where StackState is running." - required: true - group: General - - variable: stackstate.cluster.name - label: "StackState Cluster Name" - type: string - description: "The StackState Cluster Name given when installing the instance of the Kubernetes StackPack in StackState. This is used to identify the cluster in StackState." - required: true - group: General - - variable: all.registry.override - label: "Override Default Image Registry" - type: boolean - description: "Whether or not to override the default image registry." - default: false - group: "General" - show_subquestions_if: true - subquestions: - - variable: all.image.registry - label: "Docker Image Registry" - type: string - description: "The registry to pull the StackState Agent images from." - default: "quay.io" - - variable: global.imagePullCredentials.username - label: "Docker Image Pull Username" - type: string - description: "The username to use when pulling the StackState Agent images." - - variable: global.imagePullCredentials.password - label: "Docker Image Pull Password" - type: secret - description: "The password to use when pulling the StackState Agent images." - - variable: nodeAgent.containers.agent.resources.override - label: "Override Node Agent Resource Allocation" - type: boolean - description: "Whether or not to override the default resources." - default: "false" - group: "Node Agent" - show_subquestions_if: true - subquestions: - - variable: nodeAgent.containers.agent.resources.requests.cpu - label: "CPU Requests" - type: string - description: "The requested CPU for the Node Agent." - default: "20m" - - variable: nodeAgent.containers.agent.resources.requests.memory - label: "Memory Requests" - type: string - description: "The requested memory for the Node Agent." - default: "180Mi" - - variable: nodeAgent.containers.agent.resources.limits.cpu - label: "CPU Limit" - type: string - description: "The CPU limit for the Node Agent." - default: "270m" - - variable: nodeAgent.containers.agent.resources.limits.memory - label: "Memory Limit" - type: string - description: "The memory limit for the Node Agent." - default: "420Mi" - - variable: nodeAgent.containers.processAgent.enabled - label: "Enable Process Agent" - type: boolean - description: "Whether or not to enable the Process Agent." - default: "true" - group: "Process Agent" - - variable: nodeAgent.skipKubeletTLSVerify - label: "Skip Kubelet TLS Verify" - type: boolean - description: "Whether or not to skip TLS verification when connecting to the kubelet API." - default: "true" - group: "Process Agent" - - variable: nodeAgent.containers.processAgent.resources.override - label: "Override Process Agent Resource Allocation" - type: boolean - description: "Whether or not to override the default resources." - default: "false" - group: "Process Agent" - show_subquestions_if: true - subquestions: - - variable: nodeAgent.containers.processAgent.resources.requests.cpu - label: "CPU Requests" - type: string - description: "The requested CPU for the Process Agent." - default: "25m" - - variable: nodeAgent.containers.processAgent.resources.requests.memory - label: "Memory Requests" - type: string - description: "The requested memory for the Process Agent." - default: "128Mi" - - variable: nodeAgent.containers.processAgent.resources.limits.cpu - label: "CPU Limit" - type: string - description: "The CPU limit for the Process Agent." - default: "125m" - - variable: nodeAgent.containers.processAgent.resources.limits.memory - label: "Memory Limit" - type: string - description: "The memory limit for the Process Agent." - default: "400Mi" - - variable: clusterAgent.enabled - label: "Enable Cluster Agent" - type: boolean - description: "Whether or not to enable the Cluster Agent." - default: "true" - group: "Cluster Agent" - - variable: clusterAgent.collection.kubernetesResources.secrets - label: "Collect Secret Resources" - type: boolean - description: | - Whether or not to collect Kubernetes Secrets. - NOTE: StackState will not send the actual data of the secrets, only the metadata and a secure hash of the data. - default: "true" - group: "Cluster Agent" - - variable: clusterAgent.resources.override - label: "Override Cluster Agent Resource Allocation" - type: boolean - description: "Whether or not to override the default resources." - default: "false" - group: "Cluster Agent" - show_subquestions_if: true - subquestions: - - variable: clusterAgent.resources.requests.cpu - label: "CPU Requests" - type: string - description: "The requested CPU for the Cluster Agent." - default: "70m" - - variable: clusterAgent.resources.requests.memory - label: "Memory Requests" - type: string - description: "The requested memory for the Cluster Agent." - default: "512Mi" - - variable: clusterAgent.resources.limits.cpu - label: "CPU Limit" - type: string - description: "The CPU limit for the Cluster Agent." - default: "400m" - - variable: clusterAgent.resources.limits.memory - label: "Memory Limit" - type: string - description: "The memory limit for the Cluster Agent." - default: "800Mi" - - variable: logsAgent.enabled - label: "Enable Logs Agent" - type: boolean - description: "Whether or not to enable the Logs Agent." - default: "true" - group: "Logs Agent" - - variable: logsAgent.resources.override - label: "Override Logs Agent Resource Allocation" - type: boolean - description: "Whether or not to override the default resources." - default: "false" - group: "Logs Agent" - show_subquestions_if: true - subquestions: - - variable: logsAgent.resources.requests.cpu - label: "CPU Requests" - type: string - description: "The requested CPU for the Logs Agent." - default: "20m" - - variable: logsAgent.resources.requests.memory - label: "Memory Requests" - type: string - description: "The requested memory for the Logs Agent." - default: "100Mi" - - variable: logsAgent.resources.limits.cpu - label: "CPU Limit" - type: string - description: "The CPU limit for the Logs Agent." - default: "1300m" - - variable: logsAgent.resources.limits.memory - label: "Memory Limit" - type: string - description: "The memory limit for the Logs Agent." - default: "192Mi" diff --git a/charts/stackstate/stackstate-k8s-agent/1.0.78/templates/_cluster-agent-kube-state-metrics.yaml b/charts/stackstate/stackstate-k8s-agent/1.0.78/templates/_cluster-agent-kube-state-metrics.yaml deleted file mode 100644 index f99fbf618..000000000 --- a/charts/stackstate/stackstate-k8s-agent/1.0.78/templates/_cluster-agent-kube-state-metrics.yaml +++ /dev/null @@ -1,62 +0,0 @@ -{{- define "cluster-agent-kube-state-metrics" -}} -{{- $kubeRes := .Values.clusterAgent.collection.kubernetesResources }} -{{- if .Values.clusterAgent.collection.kubeStateMetrics.clusterCheck }} -cluster_check: true -{{- end }} -init_config: -instances: - - collectors: - - nodes - - pods - - services - {{- if $kubeRes.persistentvolumeclaims }} - - persistentvolumeclaims - {{- end }} - {{- if $kubeRes.persistentvolumes }} - - persistentvolumes - {{- end }} - {{- if $kubeRes.namespaces }} - - namespaces - {{- end }} - {{- if $kubeRes.endpoints }} - - endpoints - {{- end }} - {{- if $kubeRes.daemonsets }} - - daemonsets - {{- end }} - {{- if $kubeRes.deployments }} - - deployments - {{- end }} - {{- if $kubeRes.replicasets }} - - replicasets - {{- end }} - {{- if $kubeRes.statefulsets }} - - statefulsets - {{- end }} - {{- if $kubeRes.cronjobs }} - - cronjobs - {{- end }} - {{- if $kubeRes.jobs }} - - jobs - {{- end }} - {{- if $kubeRes.ingresses }} - - ingresses - {{- end }} - {{- if $kubeRes.secrets }} - - secrets - {{- end }} - - resourcequotas - - replicationcontrollers - - limitranges - - horizontalpodautoscalers - - poddisruptionbudgets - - storageclasses - - volumeattachments - {{- if .Values.clusterAgent.collection.kubeStateMetrics.clusterCheck }} - skip_leader_election: true - {{- end }} - labels_as_tags: - {{ .Values.clusterAgent.collection.kubeStateMetrics.labelsAsTags | toYaml | indent 8 }} - annotations_as_tags: - {{ .Values.clusterAgent.collection.kubeStateMetrics.annotationsAsTags | toYaml | indent 8 }} -{{- end -}} diff --git a/charts/stackstate/stackstate-k8s-agent/1.0.78/templates/_container-agent.yaml b/charts/stackstate/stackstate-k8s-agent/1.0.78/templates/_container-agent.yaml deleted file mode 100644 index ab3967c74..000000000 --- a/charts/stackstate/stackstate-k8s-agent/1.0.78/templates/_container-agent.yaml +++ /dev/null @@ -1,199 +0,0 @@ -{{- define "container-agent" -}} -- name: node-agent -{{- if .Values.all.hardening.enabled}} - lifecycle: - preStop: - exec: - command: [ "/bin/sh", "-c", "echo 'Giving slim.ai monitor time to submit data...'; sleep 120" ] -{{- end }} - image: "{{ include "stackstate-k8s-agent.imageRegistry" . }}/{{ .Values.nodeAgent.containers.agent.image.repository }}:{{ .Values.nodeAgent.containers.agent.image.tag }}" - imagePullPolicy: "{{ .Values.nodeAgent.containers.agent.image.pullPolicy }}" - env: - - name: STS_API_KEY - valueFrom: - secretKeyRef: - name: {{ include "stackstate-k8s-agent.fullname" . }} - key: sts-api-key - - name: STS_KUBERNETES_KUBELET_HOST - valueFrom: - fieldRef: - fieldPath: status.hostIP - - name: KUBERNETES_HOSTNAME - valueFrom: - fieldRef: - fieldPath: spec.nodeName - - name: STS_HOSTNAME - value: "$(KUBERNETES_HOSTNAME)-{{ .Values.stackstate.cluster.name}}" - - name: AGENT_VERSION - value: {{ .Values.nodeAgent.containers.agent.image.tag | quote }} - - name: HOST_PROC - value: "/host/proc" - - name: HOST_SYS - value: "/host/sys" - - name: KUBERNETES - value: "true" - - name: STS_APM_ENABLED - value: {{ .Values.nodeAgent.apm.enabled | quote }} - - name: STS_APM_URL - value: {{ include "stackstate-k8s-agent.stackstate.url" . }} - - name: STS_CLUSTER_AGENT_ENABLED - value: {{ .Values.clusterAgent.enabled | quote }} - {{- if .Values.clusterAgent.enabled }} - - name: STS_CLUSTER_AGENT_KUBERNETES_SERVICE_NAME - value: {{ .Release.Name }}-cluster-agent - - name: STS_CLUSTER_AGENT_AUTH_TOKEN - valueFrom: - secretKeyRef: - name: {{ include "stackstate-k8s-agent.fullname" . }} - key: sts-cluster-auth-token - {{- end }} - - name: STS_CLUSTER_NAME - value: {{ .Values.stackstate.cluster.name | quote }} - - name: STS_SKIP_VALIDATE_CLUSTERNAME - value: "true" - - name: STS_CHECKS_TAG_CARDINALITY - value: {{ .Values.nodeAgent.checksTagCardinality | quote }} - {{- if .Values.checksAgent.enabled }} - - name: STS_EXTRA_CONFIG_PROVIDERS - value: "endpointschecks" - {{- end }} - - name: STS_HEALTH_PORT - value: "5555" - - name: STS_LEADER_ELECTION - value: "false" - - name: LOG_LEVEL - value: {{ .Values.nodeAgent.containers.agent.logLevel | default .Values.nodeAgent.logLevel | quote }} - - name: STS_LOG_LEVEL - value: {{ .Values.nodeAgent.containers.agent.logLevel | default .Values.nodeAgent.logLevel | quote }} - - name: STS_NETWORK_TRACING_ENABLED - value: {{ .Values.nodeAgent.networkTracing.enabled | quote }} - - name: STS_PROTOCOL_INSPECTION_ENABLED - value: {{ .Values.nodeAgent.protocolInspection.enabled | quote }} - - name: STS_PROCESS_AGENT_ENABLED - value: {{ .Values.nodeAgent.containers.agent.processAgent.enabled | quote }} - - name: STS_CONTAINER_CHECK_INTERVAL - value: {{ .Values.processAgent.checkIntervals.container | quote }} - - name: STS_CONNECTION_CHECK_INTERVAL - value: {{ .Values.processAgent.checkIntervals.connections | quote }} - - name: STS_PROCESS_CHECK_INTERVAL - value: {{ .Values.processAgent.checkIntervals.process | quote }} - - name: STS_PROCESS_AGENT_URL - value: {{ include "stackstate-k8s-agent.stackstate.url" . }} - - - name: STS_SKIP_SSL_VALIDATION - value: {{ or .Values.global.skipSslValidation .Values.nodeAgent.skipSslValidation | quote }} - - name: STS_SKIP_KUBELET_TLS_VERIFY - value: {{ .Values.nodeAgent.skipKubeletTLSVerify | quote }} - - name: STS_STS_URL - value: {{ include "stackstate-k8s-agent.stackstate.url" . }} - {{- if .Values.nodeAgent.containerRuntime.customSocketPath }} - - name: STS_CRI_SOCKET_PATH - value: {{ .Values.nodeAgent.containerRuntime.customSocketPath }} - {{- end }} - {{- if .Values.global.proxy.url }} - - name: STS_PROXY_HTTPS - value: {{ .Values.global.proxy.url | quote }} - - name: STS_PROXY_HTTP - value: {{ .Values.global.proxy.url | quote }} - {{- end }} - {{- range $key, $value := .Values.global.extraEnv.open }} - - name: {{ $key }} - value: {{ $value | quote }} - {{- end }} - {{- range $key, $value := .Values.global.extraEnv.secret }} - - name: {{ $key }} - valueFrom: - secretKeyRef: - name: {{ include "stackstate-k8s-agent.fullname" . }} - key: {{ $key }} - {{- end }} - {{- range $key, $value := .Values.nodeAgent.containers.agent.env }} - - name: {{ $key }} - value: {{ $value | quote }} - {{- end }} - {{- if .Values.nodeAgent.containers.agent.livenessProbe.enabled }} - livenessProbe: - httpGet: - path: /health - port: healthport - failureThreshold: {{ .Values.nodeAgent.containers.agent.livenessProbe.failureThreshold }} - initialDelaySeconds: {{ .Values.nodeAgent.containers.agent.livenessProbe.initialDelaySeconds }} - periodSeconds: {{ .Values.nodeAgent.containers.agent.livenessProbe.periodSeconds }} - successThreshold: {{ .Values.nodeAgent.containers.agent.livenessProbe.successThreshold }} - timeoutSeconds: {{ .Values.nodeAgent.containers.agent.livenessProbe.timeoutSeconds }} - {{- end }} - {{- if .Values.nodeAgent.containers.agent.readinessProbe.enabled }} - readinessProbe: - httpGet: - path: /health - port: healthport - failureThreshold: {{ .Values.nodeAgent.containers.agent.readinessProbe.failureThreshold }} - initialDelaySeconds: {{ .Values.nodeAgent.containers.agent.readinessProbe.initialDelaySeconds }} - periodSeconds: {{ .Values.nodeAgent.containers.agent.readinessProbe.periodSeconds }} - successThreshold: {{ .Values.nodeAgent.containers.agent.readinessProbe.successThreshold }} - timeoutSeconds: {{ .Values.nodeAgent.containers.agent.readinessProbe.timeoutSeconds }} - {{- end }} - ports: - - containerPort: 8126 - name: traceport - protocol: TCP - - containerPort: 5555 - name: healthport - protocol: TCP - {{- with .Values.nodeAgent.containers.agent.resources }} - resources: - {{- toYaml . | nindent 12 }} - {{- end }} - volumeMounts: - {{- if .Values.nodeAgent.containerRuntime.customSocketPath }} - - name: customcrisocket - mountPath: {{ .Values.nodeAgent.containerRuntime.customSocketPath }} - readOnly: true - {{- end }} - - name: crisocket - mountPath: /var/run/crio/crio.sock - readOnly: true - - name: containerdsocket - mountPath: /var/run/containerd/containerd.sock - readOnly: true - - name: kubelet - mountPath: /var/lib/kubelet - readOnly: true - - name: nfs - mountPath: /var/lib/nfs - readOnly: true - - name: dockersocket - mountPath: /var/run/docker.sock - readOnly: true - - name: dockernetns - mountPath: /run/docker/netns - readOnly: true - - name: dockeroverlay2 - mountPath: /var/lib/docker/overlay2 - readOnly: true - - name: procdir - mountPath: /host/proc - readOnly: true - - name: cgroups - mountPath: /host/sys/fs/cgroup - readOnly: true - {{- if .Values.nodeAgent.config.override }} - {{- range .Values.nodeAgent.config.override }} - - name: config-override-volume - mountPath: {{ .path }}/{{ .name }} - subPath: {{ .path | replace "/" "_"}}_{{ .name }} - readOnly: true - {{- end }} - {{- end }} -{{- if .Values.all.hardening.enabled}} - securityContext: - privileged: true - runAsUser: 0 # root - capabilities: - add: [ "ALL" ] - readOnlyRootFilesystem: false -{{- else }} - securityContext: - privileged: false -{{- end }} -{{- end -}} diff --git a/charts/stackstate/stackstate-k8s-agent/1.0.78/templates/_container-process-agent.yaml b/charts/stackstate/stackstate-k8s-agent/1.0.78/templates/_container-process-agent.yaml deleted file mode 100644 index 367274d45..000000000 --- a/charts/stackstate/stackstate-k8s-agent/1.0.78/templates/_container-process-agent.yaml +++ /dev/null @@ -1,168 +0,0 @@ -{{- define "container-process-agent" -}} -- name: process-agent -{{ if .Values.nodeAgent.containers.processAgent.image.registry }} - image: "{{ .Values.nodeAgent.containers.processAgent.image.registry }}/{{ .Values.nodeAgent.containers.processAgent.image.repository }}:{{ .Values.nodeAgent.containers.processAgent.image.tag }}" -{{ else }} - image: "{{ include "stackstate-k8s-agent.imageRegistry" . }}/{{ .Values.nodeAgent.containers.processAgent.image.repository }}:{{ .Values.nodeAgent.containers.processAgent.image.tag }}" -{{- end }} - imagePullPolicy: "{{ .Values.nodeAgent.containers.processAgent.image.pullPolicy }}" - ports: - - containerPort: 6063 - env: - - name: STS_API_KEY - valueFrom: - secretKeyRef: - name: {{ include "stackstate-k8s-agent.fullname" . }} - key: sts-api-key - - name: STS_KUBERNETES_KUBELET_HOST - valueFrom: - fieldRef: - fieldPath: status.hostIP - - name: KUBERNETES_HOSTNAME - valueFrom: - fieldRef: - fieldPath: spec.nodeName - - name: STS_HOSTNAME - value: "$(KUBERNETES_HOSTNAME)-{{ .Values.stackstate.cluster.name}}" - - name: AGENT_VERSION - value: {{ .Values.nodeAgent.containers.processAgent.image.tag | quote }} - - name: STS_LOG_TO_CONSOLE - value: "true" - - name: HOST_PROC - value: "/host/proc" - - name: HOST_SYS - value: "/host/sys" - - name: HOST_ETC - value: "/host/etc" - - name: KUBERNETES - value: "true" - - name: STS_CLUSTER_AGENT_ENABLED - value: {{ .Values.clusterAgent.enabled | quote }} - {{- if .Values.clusterAgent.enabled }} - - name: STS_CLUSTER_AGENT_KUBERNETES_SERVICE_NAME - value: {{ .Release.Name }}-cluster-agent - - name: STS_CLUSTER_AGENT_AUTH_TOKEN - valueFrom: - secretKeyRef: - name: {{ include "stackstate-k8s-agent.fullname" . }} - key: sts-cluster-auth-token - {{- end }} - - name: STS_CLUSTER_NAME - value: {{ .Values.stackstate.cluster.name | quote }} - - name: STS_SKIP_VALIDATE_CLUSTERNAME - value: "true" - - name: LOG_LEVEL - value: {{ .Values.nodeAgent.containers.processAgent.logLevel | default .Values.nodeAgent.logLevel | quote }} - - name: STS_LOG_LEVEL - value: {{ .Values.nodeAgent.containers.processAgent.logLevel | default .Values.nodeAgent.logLevel | quote }} - - name: STS_NETWORK_TRACING_ENABLED - value: {{ .Values.nodeAgent.networkTracing.enabled | quote }} - - name: STS_PROTOCOL_INSPECTION_ENABLED - value: {{ .Values.nodeAgent.protocolInspection.enabled | quote }} - - name: STS_PROCESS_AGENT_ENABLED - value: {{ .Values.nodeAgent.containers.processAgent.enabled | quote }} - - name: STS_CONTAINER_CHECK_INTERVAL - value: {{ .Values.processAgent.checkIntervals.container | quote }} - - name: STS_CONNECTION_CHECK_INTERVAL - value: {{ .Values.processAgent.checkIntervals.connections | quote }} - - name: STS_PROCESS_CHECK_INTERVAL - value: {{ .Values.processAgent.checkIntervals.process | quote }} - - name: GOMEMLIMIT - value: {{ .Values.processAgent.softMemoryLimit.goMemLimit | quote }} - - name: STS_HTTP_STATS_BUFFER_SIZE - value: {{ .Values.processAgent.softMemoryLimit.httpStatsBufferSize | quote }} - - name: STS_HTTP_OBSERVATIONS_BUFFER_SIZE - value: {{ .Values.processAgent.softMemoryLimit.httpObservationsBufferSize | quote }} - - name: STS_PROCESS_AGENT_URL - value: {{ include "stackstate-k8s-agent.stackstate.url" . }} - - name: STS_SKIP_SSL_VALIDATION - value: {{ or .Values.global.skipSslValidation .Values.nodeAgent.skipSslValidation | quote }} - - name: STS_SKIP_KUBELET_TLS_VERIFY - value: {{ .Values.nodeAgent.skipKubeletTLSVerify | quote }} - - name: STS_STS_URL - value: {{ include "stackstate-k8s-agent.stackstate.url" . }} - - name: STS_HTTP_TRACING_ENABLED - value: {{ .Values.nodeAgent.httpTracing.enabled | quote }} - {{- if .Values.nodeAgent.containerRuntime.customSocketPath }} - - name: STS_CRI_SOCKET_PATH - value: {{ .Values.nodeAgent.containerRuntime.customSocketPath }} - {{- end }} - {{- if .Values.global.proxy.url }} - - name: STS_PROXY_HTTPS - value: {{ .Values.global.proxy.url | quote }} - - name: STS_PROXY_HTTP - value: {{ .Values.global.proxy.url | quote }} - {{- end }} - {{- range $key, $value := .Values.global.extraEnv.open }} - - name: {{ $key }} - value: {{ $value | quote }} - {{- end }} - {{- range $key, $value := .Values.global.extraEnv.secret }} - - name: {{ $key }} - valueFrom: - secretKeyRef: - name: {{ include "stackstate-k8s-agent.fullname" . }} - key: {{ $key }} - {{- end }} - {{- range $key, $value := .Values.nodeAgent.containers.processAgent.env }} - - name: {{ $key }} - value: {{ $value | quote }} - {{- end }} - {{- with .Values.nodeAgent.containers.processAgent.resources }} - resources: - {{- toYaml . | nindent 12 }} - {{- end }} - volumeMounts: - {{- if .Values.nodeAgent.containerRuntime.customSocketPath }} - - name: customcrisocket - mountPath: {{ .Values.nodeAgent.containerRuntime.customSocketPath }} - readOnly: true - {{- end }} - - name: crisocket - mountPath: /var/run/crio/crio.sock - readOnly: true - - name: containerdsocket - mountPath: /var/run/containerd/containerd.sock - readOnly: true - - name: sys-kernel-debug - mountPath: /sys/kernel/debug - # Having sys-kernel-debug as read only breaks specific monitors from receiving metrics - # readOnly: true - - name: dockersocket - mountPath: /var/run/docker.sock - readOnly: true - # The agent needs access to /etc to figure out what os it is running on. - - name: etcdir - mountPath: /host/etc - readOnly: true - - name: procdir - mountPath: /host/proc - # We have an agent option STS_DISABLE_BPF_JIT_HARDEN that write to /proc. this is a debug setting but if we want to use - # it, we have the option to make /proc writable. - readOnly: {{ .Values.nodeAgent.containers.processAgent.procVolumeReadOnly }} - - name: passwd - mountPath: /etc/passwd - readOnly: true - - name: cgroups - mountPath: /host/sys/fs/cgroup - readOnly: true - {{- if .Values.nodeAgent.config.override }} - {{- range .Values.nodeAgent.config.override }} - - name: config-override-volume - mountPath: {{ .path }}/{{ .name }} - subPath: {{ .path | replace "/" "_"}}_{{ .name }} - readOnly: true - {{- end }} - {{- end }} -{{- if .Values.all.hardening.enabled}} - securityContext: - privileged: true - runAsUser: 0 # root - capabilities: - add: [ "ALL" ] - readOnlyRootFilesystem: false -{{- else }} - securityContext: - privileged: true -{{- end }} -{{- end -}} diff --git a/charts/stackstate/stackstate-k8s-agent/1.0.78/templates/_helpers.tpl b/charts/stackstate/stackstate-k8s-agent/1.0.78/templates/_helpers.tpl deleted file mode 100644 index 09a27fd6e..000000000 --- a/charts/stackstate/stackstate-k8s-agent/1.0.78/templates/_helpers.tpl +++ /dev/null @@ -1,175 +0,0 @@ -{{/* vim: set filetype=mustache: */}} -{{/* -Expand the name of the chart. -*/}} -{{- define "stackstate-k8s-agent.name" -}} -{{- default .Chart.Name .Values.nameOverride | trunc 63 | trimSuffix "-" -}} -{{- end -}} - -{{/* -Create a default fully qualified app name. -We truncate at 63 chars because some Kubernetes name fields are limited to this (by the DNS naming spec). -If release name contains chart name it will be used as a full name. -*/}} -{{- define "stackstate-k8s-agent.fullname" -}} -{{- if .Values.fullnameOverride -}} -{{- .Values.fullnameOverride | trunc 63 | trimSuffix "-" -}} -{{- else -}} -{{- $name := default .Chart.Name .Values.nameOverride -}} -{{- if contains $name .Release.Name -}} -{{- .Release.Name | trunc 63 | trimSuffix "-" -}} -{{- else -}} -{{- printf "%s-%s" .Release.Name $name | trunc 63 | trimSuffix "-" -}} -{{- end -}} -{{- end -}} -{{- end -}} - -{{/* -Create chart name and version as used by the chart label. -*/}} -{{- define "stackstate-k8s-agent.chart" -}} -{{- printf "%s-%s" .Chart.Name .Chart.Version | replace "+" "_" | trunc 63 | trimSuffix "-" -}} -{{- end -}} - -{{/* -Common labels -*/}} -{{- define "stackstate-k8s-agent.labels" -}} -app.kubernetes.io/name: {{ include "stackstate-k8s-agent.name" . }} -helm.sh/chart: {{ include "stackstate-k8s-agent.chart" . }} -app.kubernetes.io/instance: {{ .Release.Name }} -{{- if .Chart.AppVersion }} -app.kubernetes.io/version: {{ .Chart.AppVersion | quote }} -{{- end }} -app.kubernetes.io/managed-by: {{ .Release.Service }} -{{- end -}} - -{{/* -Cluster agent checksum annotations -*/}} -{{- define "stackstate-k8s-agent.checksum-configs" }} -checksum/secret: {{ include (print $.Template.BasePath "/secret.yaml") . | sha256sum }} -{{- end }} - -{{/* -StackState URL function -*/}} -{{- define "stackstate-k8s-agent.stackstate.url" -}} -{{ tpl .Values.stackstate.url . | quote }} -{{- end }} - -{{- define "stackstate-k8s-agent.configmap.override.checksum" -}} -{{- if .Values.clusterAgent.config.override }} -checksum/override-configmap: {{ include (print $.Template.BasePath "/cluster-agent-configmap.yaml") . | sha256sum }} -{{- end }} -{{- end }} - -{{- define "stackstate-k8s-agent.nodeAgent.configmap.override.checksum" -}} -{{- if .Values.nodeAgent.config.override }} -checksum/override-configmap: {{ include (print $.Template.BasePath "/node-agent-configmap.yaml") . | sha256sum }} -{{- end }} -{{- end }} - -{{- define "stackstate-k8s-agent.logsAgent.configmap.override.checksum" -}} -checksum/override-configmap: {{ include (print $.Template.BasePath "/logs-agent-configmap.yaml") . | sha256sum }} -{{- end }} - -{{- define "stackstate-k8s-agent.checksAgent.configmap.override.checksum" -}} -{{- if .Values.checksAgent.config.override }} -checksum/override-configmap: {{ include (print $.Template.BasePath "/checks-agent-configmap.yaml") . | sha256sum }} -{{- end }} -{{- end }} - - -{{/* -Return the image registry -*/}} -{{- define "stackstate-k8s-agent.imageRegistry" -}} - {{- if .Values.global }} - {{- .Values.global.imageRegistry | default .Values.all.image.registry -}} - {{- else -}} - {{- .Values.all.image.registry -}} - {{- end -}} -{{- end -}} - -{{/* -Renders a value that contains a template. -Usage: -{{ include "stackstate-k8s-agent.tplvalue.render" ( dict "value" .Values.path.to.the.Value "context" $) }} -*/}} -{{- define "stackstate-k8s-agent.tplvalue.render" -}} - {{- if typeIs "string" .value }} - {{- tpl .value .context }} - {{- else }} - {{- tpl (.value | toYaml) .context }} - {{- end }} -{{- end -}} - -{{- define "stackstate-k8s-agent.pull-secret.name" -}} -{{ include "stackstate-k8s-agent.fullname" . }}-pull-secret -{{- end -}} - -{{/* -Return the proper Docker Image Registry Secret Names evaluating values as templates -{{ include "stackstate-k8s-agent.image.pullSecrets" ( dict "images" (list .Values.path.to.the.image1, .Values.path.to.the.image2) "context" $) }} -*/}} -{{- define "stackstate-k8s-agent.image.pullSecrets" -}} - {{- $pullSecrets := list }} - {{- $context := .context }} - {{- if $context.Values.global }} - {{- range $context.Values.global.imagePullSecrets -}} - {{/* Is plain array of strings, compatible with all bitnami charts */}} - {{- $pullSecrets = append $pullSecrets (include "stackstate-k8s-agent.tplvalue.render" (dict "value" . "context" $context)) -}} - {{- end -}} - {{- end -}} - {{- range $context.Values.imagePullSecrets -}} - {{- $pullSecrets = append $pullSecrets (include "stackstate-k8s-agent.tplvalue.render" (dict "value" .name "context" $context)) -}} - {{- end -}} - {{- range .images -}} - {{- if .pullSecretName -}} - {{- $pullSecrets = append $pullSecrets (include "stackstate-k8s-agent.tplvalue.render" (dict "value" .pullSecretName "context" $context)) -}} - {{- end -}} - {{- end -}} - {{- $pullSecrets = append $pullSecrets (include "stackstate-k8s-agent.pull-secret.name" $context) -}} - {{- if (not (empty $pullSecrets)) -}} -imagePullSecrets: - {{- range $pullSecrets | uniq }} - - name: {{ . }} - {{- end }} - {{- end }} -{{- end -}} - -{{/* -Check whether the kubernetes-state-metrics configuration is overridden. If so, return 'true' else return nothing (which is false). -{{ include "stackstate-k8s-agent.kube-state-metrics.overridden" $ }} -*/}} -{{- define "stackstate-k8s-agent.kube-state-metrics.overridden" -}} -{{- if .Values.clusterAgent.config.override }} - {{- range $i, $val := .Values.clusterAgent.config.override }} - {{- if and (eq $val.name "conf.yaml") (eq $val.path "/etc/stackstate-agent/conf.d/kubernetes_state.d") }} -true - {{- end }} - {{- end }} -{{- end }} -{{- end -}} - -{{- define "stackstate-k8s-agent.nodeAgent.kube-state-metrics.overridden" -}} -{{- if .Values.nodeAgent.config.override }} - {{- range $i, $val := .Values.nodeAgent.config.override }} - {{- if and (eq $val.name "auto_conf.yaml") (eq $val.path "/etc/stackstate-agent/conf.d/kubernetes_state.d") }} -true - {{- end }} - {{- end }} -{{- end }} -{{- end -}} - -{{/* -Return the appropriate os label -*/}} -{{- define "label.os" -}} -{{- if semverCompare "^1.14-0" .Capabilities.KubeVersion.GitVersion -}} -kubernetes.io/os -{{- else -}} -beta.kubernetes.io/os -{{- end -}} -{{- end -}} diff --git a/charts/stackstate/stackstate-k8s-agent/1.0.78/templates/checks-agent-clusterrolebinding.yaml b/charts/stackstate/stackstate-k8s-agent/1.0.78/templates/checks-agent-clusterrolebinding.yaml deleted file mode 100644 index 9db8b0bc3..000000000 --- a/charts/stackstate/stackstate-k8s-agent/1.0.78/templates/checks-agent-clusterrolebinding.yaml +++ /dev/null @@ -1,18 +0,0 @@ -{{- if .Values.checksAgent.enabled }} -apiVersion: rbac.authorization.k8s.io/v1 -kind: ClusterRoleBinding -metadata: - name: {{ .Release.Name }}-checks-agent - labels: -{{ include "stackstate-k8s-agent.labels" . | indent 4 }} - app.kubernetes.io/component: checks-agent -roleRef: - apiGroup: rbac.authorization.k8s.io - kind: ClusterRole - name: {{ .Release.Name }}-node-agent -subjects: -- apiGroup: "" - kind: ServiceAccount - name: {{ .Release.Name }}-checks-agent - namespace: {{ .Release.Namespace }} -{{- end -}} diff --git a/charts/stackstate/stackstate-k8s-agent/1.0.78/templates/checks-agent-configmap.yaml b/charts/stackstate/stackstate-k8s-agent/1.0.78/templates/checks-agent-configmap.yaml deleted file mode 100644 index faeefa1fc..000000000 --- a/charts/stackstate/stackstate-k8s-agent/1.0.78/templates/checks-agent-configmap.yaml +++ /dev/null @@ -1,14 +0,0 @@ -{{- if and .Values.checksAgent.enabled .Values.checksAgent.config.override }} -apiVersion: v1 -kind: ConfigMap -metadata: - name: {{ .Release.Name }}-checks-agent - labels: -{{ include "stackstate-k8s-agent.labels" . | indent 4 }} - app.kubernetes.io/component: checks-agent -data: -{{- range .Values.checksAgent.config.override }} - {{ .path | replace "/" "_"}}_{{ .name }}: | -{{ .data | indent 4 -}} -{{- end -}} -{{- end -}} diff --git a/charts/stackstate/stackstate-k8s-agent/1.0.78/templates/checks-agent-deployment.yaml b/charts/stackstate/stackstate-k8s-agent/1.0.78/templates/checks-agent-deployment.yaml deleted file mode 100644 index 16cf08292..000000000 --- a/charts/stackstate/stackstate-k8s-agent/1.0.78/templates/checks-agent-deployment.yaml +++ /dev/null @@ -1,188 +0,0 @@ -{{- if .Values.checksAgent.enabled }} -apiVersion: apps/v1 -kind: Deployment -metadata: - name: {{ .Release.Name }}-checks-agent - namespace: {{ .Release.Namespace }} - labels: -{{ include "stackstate-k8s-agent.labels" . | indent 4 }} - app.kubernetes.io/component: checks-agent -spec: - selector: - matchLabels: - app.kubernetes.io/component: checks-agent - app.kubernetes.io/instance: {{ .Release.Name }} - app.kubernetes.io/name: {{ include "stackstate-k8s-agent.name" . }} - replicas: {{ .Values.checksAgent.replicas }} -{{- with .Values.checksAgent.strategy }} - strategy: - {{- toYaml . | nindent 4 }} -{{- end }} - template: - metadata: - annotations: - {{- include "stackstate-k8s-agent.checksum-configs" . | nindent 8 }} - {{- include "stackstate-k8s-agent.nodeAgent.configmap.override.checksum" . | nindent 8 }} - labels: - app.kubernetes.io/component: checks-agent - app.kubernetes.io/instance: {{ .Release.Name }} - app.kubernetes.io/name: {{ include "stackstate-k8s-agent.name" . }} - spec: - {{- include "stackstate-k8s-agent.image.pullSecrets" (dict "images" (list .Values.checksAgent.image .Values.all.image) "context" $) | nindent 6 }} - {{- if .Values.all.hardening.enabled}} - terminationGracePeriodSeconds: 240 - {{- end }} - containers: - - name: {{ .Chart.Name }} - image: "{{ include "stackstate-k8s-agent.imageRegistry" . }}/{{ .Values.checksAgent.image.repository }}:{{ .Values.checksAgent.image.tag }}" - imagePullPolicy: "{{ .Values.checksAgent.image.pullPolicy }}" - {{- if .Values.all.hardening.enabled}} - lifecycle: - preStop: - exec: - command: [ "/bin/sh", "-c", "echo 'Giving slim.ai monitor time to submit data...'; sleep 120" ] - {{- end }} - env: - - name: STS_API_KEY - valueFrom: - secretKeyRef: - name: {{ include "stackstate-k8s-agent.fullname" . }} - key: sts-api-key - - name: KUBERNETES_HOSTNAME - valueFrom: - fieldRef: - fieldPath: spec.nodeName - - name: STS_HOSTNAME - value: "$(KUBERNETES_HOSTNAME)-{{ .Values.stackstate.cluster.name}}" - - name: AGENT_VERSION - value: {{ .Values.checksAgent.image.tag | quote }} - - name: LOG_LEVEL - value: {{ .Values.checksAgent.logLevel | quote }} - - name: STS_APM_ENABLED - value: "false" - - name: STS_CLUSTER_AGENT_ENABLED - value: {{ .Values.clusterAgent.enabled | quote }} - {{- if .Values.clusterAgent.enabled }} - - name: STS_CLUSTER_AGENT_KUBERNETES_SERVICE_NAME - value: {{ .Release.Name }}-cluster-agent - - name: STS_CLUSTER_AGENT_AUTH_TOKEN - valueFrom: - secretKeyRef: - name: {{ include "stackstate-k8s-agent.fullname" . }} - key: sts-cluster-auth-token - {{- end }} - - name: STS_CLUSTER_NAME - value: {{ .Values.stackstate.cluster.name | quote }} - - name: STS_SKIP_VALIDATE_CLUSTERNAME - value: "true" - - name: STS_CHECKS_TAG_CARDINALITY - value: {{ .Values.checksAgent.checksTagCardinality | quote }} - - name: STS_EXTRA_CONFIG_PROVIDERS - value: "clusterchecks" - - name: STS_HEALTH_PORT - value: "5555" - - name: STS_LEADER_ELECTION - value: "false" - - name: STS_LOG_LEVEL - value: {{ .Values.checksAgent.logLevel | quote }} - - name: STS_NETWORK_TRACING_ENABLED - value: "false" - - name: STS_PROCESS_AGENT_ENABLED - value: "false" - - name: STS_SKIP_SSL_VALIDATION - value: {{ or .Values.global.skipSslValidation .Values.checksAgent.skipSslValidation | quote }} - - name: STS_STS_URL - value: {{ include "stackstate-k8s-agent.stackstate.url" . }} - {{- if .Values.global.proxy.url }} - - name: STS_PROXY_HTTPS - value: {{ .Values.global.proxy.url | quote }} - - name: STS_PROXY_HTTP - value: {{ .Values.global.proxy.url | quote }} - {{- end }} - {{- range $key, $value := .Values.global.extraEnv.open }} - - name: {{ $key }} - value: {{ $value | quote }} - {{- end }} - {{- range $key, $value := .Values.global.extraEnv.secret }} - - name: {{ $key }} - valueFrom: - secretKeyRef: - name: {{ include "stackstate-k8s-agent.fullname" . }} - key: {{ $key }} - {{- end }} - livenessProbe: - httpGet: - path: /health - port: healthport - failureThreshold: {{ .Values.checksAgent.livenessProbe.failureThreshold }} - initialDelaySeconds: {{ .Values.checksAgent.livenessProbe.initialDelaySeconds }} - periodSeconds: {{ .Values.checksAgent.livenessProbe.periodSeconds }} - successThreshold: {{ .Values.checksAgent.livenessProbe.successThreshold }} - timeoutSeconds: {{ .Values.checksAgent.livenessProbe.timeoutSeconds }} - readinessProbe: - httpGet: - path: /health - port: healthport - failureThreshold: {{ .Values.checksAgent.readinessProbe.failureThreshold }} - initialDelaySeconds: {{ .Values.checksAgent.readinessProbe.initialDelaySeconds }} - periodSeconds: {{ .Values.checksAgent.readinessProbe.periodSeconds }} - successThreshold: {{ .Values.checksAgent.readinessProbe.successThreshold }} - timeoutSeconds: {{ .Values.checksAgent.readinessProbe.timeoutSeconds }} - ports: - - containerPort: 5555 - name: healthport - protocol: TCP - {{- if .Values.all.hardening.enabled}} - securityContext: - privileged: true - runAsUser: 0 # root - capabilities: - add: [ "ALL" ] - readOnlyRootFilesystem: false - {{- else }} - securityContext: - privileged: false - {{- end }} - {{- with .Values.checksAgent.resources }} - resources: - {{- toYaml . | nindent 12 }} - {{- end }} - volumeMounts: - - name: confd-empty-volume - mountPath: /etc/stackstate-agent/conf.d -# setting as readOnly: false because we need the ability to write data on /etc/stackstate-agent/conf.d as we enable checks to run. - readOnly: false - {{- if .Values.checksAgent.config.override }} - {{- range .Values.checksAgent.config.override }} - - name: config-override-volume - mountPath: {{ .path }}/{{ .name }} - subPath: {{ .path | replace "/" "_"}}_{{ .name }} - readOnly: true - {{- end }} - {{- end }} - {{- if .Values.checksAgent.priorityClassName }} - priorityClassName: {{ .Values.checksAgent.priorityClassName }} - {{- end }} - serviceAccountName: {{ .Release.Name }}-checks-agent - nodeSelector: - {{ template "label.os" . }}: {{ .Values.targetSystem }} - {{- with .Values.checksAgent.nodeSelector }} - {{- toYaml . | nindent 8 }} - {{- end }} - {{- with .Values.checksAgent.affinity }} - affinity: - {{- toYaml . | nindent 8 }} - {{- end }} - {{- with .Values.checksAgent.tolerations }} - tolerations: - {{- toYaml . | nindent 8 }} - {{- end }} - volumes: - - name: confd-empty-volume - emptyDir: {} - {{- if .Values.checksAgent.config.override }} - - name: config-override-volume - configMap: - name: {{ .Release.Name }}-checks-agent - {{- end }} -{{- end -}} diff --git a/charts/stackstate/stackstate-k8s-agent/1.0.78/templates/checks-agent-poddisruptionbudget.yaml b/charts/stackstate/stackstate-k8s-agent/1.0.78/templates/checks-agent-poddisruptionbudget.yaml deleted file mode 100644 index 7a9f1d8f9..000000000 --- a/charts/stackstate/stackstate-k8s-agent/1.0.78/templates/checks-agent-poddisruptionbudget.yaml +++ /dev/null @@ -1,20 +0,0 @@ -{{- if .Values.checksAgent.enabled }} -{{- if .Capabilities.APIVersions.Has "policy/v1/PodDisruptionBudget" }} -apiVersion: policy/v1 -{{- else }} -apiVersion: policy/v1beta1 -{{- end }} -kind: PodDisruptionBudget -metadata: - name: {{ .Release.Name }}-checks-agent - labels: -{{ include "stackstate-k8s-agent.labels" . | indent 4 }} - app.kubernetes.io/component: checks-agent -spec: - maxUnavailable: 1 - selector: - matchLabels: - app.kubernetes.io/component: checks-agent - app.kubernetes.io/instance: {{ .Release.Name }} - app.kubernetes.io/name: {{ include "stackstate-k8s-agent.name" . }} -{{- end -}} diff --git a/charts/stackstate/stackstate-k8s-agent/1.0.78/templates/checks-agent-serviceaccount.yaml b/charts/stackstate/stackstate-k8s-agent/1.0.78/templates/checks-agent-serviceaccount.yaml deleted file mode 100644 index 444aad220..000000000 --- a/charts/stackstate/stackstate-k8s-agent/1.0.78/templates/checks-agent-serviceaccount.yaml +++ /dev/null @@ -1,14 +0,0 @@ -{{- if .Values.checksAgent.enabled }} -apiVersion: v1 -kind: ServiceAccount -metadata: - name: {{ .Release.Name }}-checks-agent - namespace: {{ .Release.Namespace }} - labels: -{{ include "stackstate-k8s-agent.labels" . | indent 4 }} - app.kubernetes.io/component: checks-agent -{{- end -}} -{{- with .Values.checksAgent.serviceaccount.annotations }} - annotations: - {{- toYaml . | nindent 4 }} -{{- end }} diff --git a/charts/stackstate/stackstate-k8s-agent/1.0.78/templates/cluster-agent-clusterrole.yaml b/charts/stackstate/stackstate-k8s-agent/1.0.78/templates/cluster-agent-clusterrole.yaml deleted file mode 100644 index c329c77b2..000000000 --- a/charts/stackstate/stackstate-k8s-agent/1.0.78/templates/cluster-agent-clusterrole.yaml +++ /dev/null @@ -1,149 +0,0 @@ -{{- $kubeRes := .Values.clusterAgent.collection.kubernetesResources }} -apiVersion: rbac.authorization.k8s.io/v1 -kind: ClusterRole -metadata: - name: {{ include "stackstate-k8s-agent.fullname" . }} - labels: -{{ include "stackstate-k8s-agent.labels" . | indent 4 }} - app.kubernetes.io/component: cluster-agent -rules: -- apiGroups: - - "" - resources: - - events - - nodes - - pods - - services - {{- if $kubeRes.namespaces }} - - namespaces - {{- end }} - {{- if .Values.clusterAgent.collection.kubernetesMetrics }} - - componentstatuses - {{- end }} - {{- if $kubeRes.configmaps }} - - configmaps - {{- end }} - {{- if $kubeRes.endpoints }} - - endpoints - {{- end }} - {{- if $kubeRes.persistentvolumeclaims }} - - persistentvolumeclaims - {{- end }} - {{- if $kubeRes.persistentvolumes }} - - persistentvolumes - {{- end }} - {{- if $kubeRes.secrets }} - - secrets - {{- end }} - {{- if $kubeRes.resourcequotas }} - - resourcequotas - {{- end }} - verbs: - - get - - list - - watch -{{- if or $kubeRes.daemonsets $kubeRes.deployments $kubeRes.replicasets $kubeRes.statefulsets }} -- apiGroups: - - "apps" - resources: - {{- if $kubeRes.daemonsets }} - - daemonsets - {{- end }} - {{- if $kubeRes.deployments }} - - deployments - {{- end }} - {{- if $kubeRes.replicasets }} - - replicasets - {{- end }} - {{- if $kubeRes.statefulsets }} - - statefulsets - {{- end }} - verbs: - - get - - list - - watch -{{- end}} -{{- if $kubeRes.ingresses }} -- apiGroups: - - "extensions" - - "networking.k8s.io" - resources: - - ingresses - verbs: - - get - - list - - watch -{{- end}} -{{- if or $kubeRes.cronjobs $kubeRes.jobs }} -- apiGroups: - - "batch" - resources: - {{- if $kubeRes.cronjobs }} - - cronjobs - {{- end }} - {{- if $kubeRes.jobs }} - - jobs - {{- end }} - verbs: - - get - - list - - watch -{{- end}} -- nonResourceURLs: - - "/healthz" - - "/version" - verbs: - - get -- apiGroups: - - "storage.k8s.io" - resources: - {{- if $kubeRes.volumeattachments }} - - volumeattachments - {{- end }} - {{- if $kubeRes.storageclasses }} - - storageclasses - {{- end }} - verbs: - - get - - list - - watch -- apiGroups: - - "policy" - resources: - {{- if $kubeRes.poddisruptionbudgets }} - - poddisruptionbudgets - {{- end }} - verbs: - - get - - list - - watch -- apiGroups: - - "" - resources: - {{- if $kubeRes.replicationcontrollers }} - - replicationcontrollers - {{- end }} - verbs: - - get - - list - - watch -- apiGroups: - - "autoscaling" - resources: - {{- if $kubeRes.horizontalpodautoscalers }} - - horizontalpodautoscalers - {{- end }} - verbs: - - get - - list - - watch -- apiGroups: - - "" - resources: - {{- if $kubeRes.limitranges }} - - limitranges - {{- end }} - verbs: - - get - - list - - watch diff --git a/charts/stackstate/stackstate-k8s-agent/1.0.78/templates/cluster-agent-clusterrolebinding.yaml b/charts/stackstate/stackstate-k8s-agent/1.0.78/templates/cluster-agent-clusterrolebinding.yaml deleted file mode 100644 index 0b1bd37ea..000000000 --- a/charts/stackstate/stackstate-k8s-agent/1.0.78/templates/cluster-agent-clusterrolebinding.yaml +++ /dev/null @@ -1,16 +0,0 @@ -apiVersion: rbac.authorization.k8s.io/v1 -kind: ClusterRoleBinding -metadata: - name: {{ include "stackstate-k8s-agent.fullname" . }} - labels: -{{ include "stackstate-k8s-agent.labels" . | indent 4 }} - app.kubernetes.io/component: cluster-agent -roleRef: - apiGroup: rbac.authorization.k8s.io - kind: ClusterRole - name: {{ include "stackstate-k8s-agent.fullname" . }} -subjects: -- apiGroup: "" - kind: ServiceAccount - name: {{ include "stackstate-k8s-agent.fullname" . }} - namespace: {{ .Release.Namespace }} diff --git a/charts/stackstate/stackstate-k8s-agent/1.0.78/templates/cluster-agent-configmap.yaml b/charts/stackstate/stackstate-k8s-agent/1.0.78/templates/cluster-agent-configmap.yaml deleted file mode 100644 index 89273e11b..000000000 --- a/charts/stackstate/stackstate-k8s-agent/1.0.78/templates/cluster-agent-configmap.yaml +++ /dev/null @@ -1,28 +0,0 @@ -apiVersion: v1 -kind: ConfigMap -metadata: - name: {{ .Release.Name }}-cluster-agent - labels: -{{ include "stackstate-k8s-agent.labels" . | indent 4 }} - app.kubernetes.io/component: cluster-agent -data: - kubernetes_api_events_conf: | - init_config: - instances: - - collect_events: {{ .Values.clusterAgent.collection.kubernetesEvents }} - event_categories:{{ .Values.clusterAgent.config.events.categories | toYaml | nindent 10 }} - kubernetes_api_topology_conf: | - init_config: - instances: - - collection_interval: {{ .Values.clusterAgent.config.topology.collectionInterval }} - resources:{{ .Values.clusterAgent.collection.kubernetesResources | toYaml | nindent 10 }} - {{- if .Values.clusterAgent.collection.kubeStateMetrics.enabled }} - kube_state_metrics_core_conf: | - {{- include "cluster-agent-kube-state-metrics" . | nindent 6 }} - {{- end }} -{{- if .Values.clusterAgent.config.override }} -{{- range .Values.clusterAgent.config.override }} - {{ .path | replace "/" "_"}}_{{ .name }}: | -{{ .data | indent 4 -}} -{{- end -}} -{{- end -}} diff --git a/charts/stackstate/stackstate-k8s-agent/1.0.78/templates/cluster-agent-deployment.yaml b/charts/stackstate/stackstate-k8s-agent/1.0.78/templates/cluster-agent-deployment.yaml deleted file mode 100644 index 57b688831..000000000 --- a/charts/stackstate/stackstate-k8s-agent/1.0.78/templates/cluster-agent-deployment.yaml +++ /dev/null @@ -1,172 +0,0 @@ -apiVersion: apps/v1 -kind: Deployment -metadata: - name: {{ .Release.Name }}-cluster-agent - labels: -{{ include "stackstate-k8s-agent.labels" . | indent 4 }} - app.kubernetes.io/component: cluster-agent -spec: - replicas: {{ .Values.clusterAgent.replicaCount }} - selector: - matchLabels: - app.kubernetes.io/component: cluster-agent - app.kubernetes.io/instance: {{ .Release.Name }} - app.kubernetes.io/name: {{ include "stackstate-k8s-agent.name" . }} -{{- with .Values.clusterAgent.strategy }} - strategy: - {{- toYaml . | nindent 4 }} -{{- end }} - template: - metadata: - annotations: - {{- include "stackstate-k8s-agent.checksum-configs" . | nindent 8 }} - {{- include "stackstate-k8s-agent.configmap.override.checksum" . | nindent 8 }} - labels: - app.kubernetes.io/component: cluster-agent - app.kubernetes.io/instance: {{ .Release.Name }} - app.kubernetes.io/name: {{ include "stackstate-k8s-agent.name" . }} - spec: - {{- include "stackstate-k8s-agent.image.pullSecrets" (dict "images" (list .Values.clusterAgent.image .Values.all.image) "context" $) | nindent 6 }} - {{- if .Values.clusterAgent.priorityClassName }} - priorityClassName: {{ .Values.clusterAgent.priorityClassName }} - {{- end }} - serviceAccountName: {{ include "stackstate-k8s-agent.fullname" . }} - {{- if .Values.all.hardening.enabled}} - terminationGracePeriodSeconds: 240 - {{- end }} - containers: - - name: cluster-agent - image: "{{ include "stackstate-k8s-agent.imageRegistry" . }}/{{ .Values.clusterAgent.image.repository }}:{{ .Values.clusterAgent.image.tag }}" - imagePullPolicy: "{{ .Values.clusterAgent.image.pullPolicy }}" - {{- if .Values.all.hardening.enabled}} - lifecycle: - preStop: - exec: - command: [ "/bin/sh", "-c", "echo 'Giving slim.ai monitor time to submit data...'; sleep 120" ] - {{- end }} - env: - - name: STS_API_KEY - valueFrom: - secretKeyRef: - name: {{ include "stackstate-k8s-agent.fullname" . }} - key: sts-api-key - - name: STS_CLUSTER_AGENT_AUTH_TOKEN - valueFrom: - secretKeyRef: - name: {{ include "stackstate-k8s-agent.fullname" . }} - key: sts-cluster-auth-token - - name: KUBERNETES_HOSTNAME - valueFrom: - fieldRef: - fieldPath: spec.nodeName - - name: STS_HOSTNAME - value: "$(KUBERNETES_HOSTNAME)-{{ .Values.stackstate.cluster.name}}" - - name: LOG_LEVEL - value: {{ .Values.clusterAgent.logLevel | quote }} - {{- if .Values.checksAgent.enabled }} - - name: STS_CLUSTER_CHECKS_ENABLED - value: "true" - - name: STS_EXTRA_CONFIG_PROVIDERS - value: "kube_endpoints kube_services" - - name: STS_EXTRA_LISTENERS - value: "kube_endpoints kube_services" - {{- end }} - - name: STS_CLUSTER_NAME - value: {{.Values.stackstate.cluster.name | quote }} - - name: STS_SKIP_VALIDATE_CLUSTERNAME - value: "true" - - name: STS_SKIP_SSL_VALIDATION - value: {{ or .Values.global.skipSslValidation .Values.clusterAgent.skipSslValidation | quote }} - - name: STS_COLLECT_KUBERNETES_METRICS - value: {{ .Values.clusterAgent.collection.kubernetesMetrics | quote }} - - name: STS_COLLECT_KUBERNETES_TIMEOUT - value: {{ .Values.clusterAgent.collection.kubernetesTimeout | quote }} - - name: STS_COLLECT_KUBERNETES_TOPOLOGY - value: {{ .Values.clusterAgent.collection.kubernetesTopology | quote }} - - name: STS_LEADER_ELECTION - value: "true" - - name: STS_LOG_LEVEL - value: {{ .Values.clusterAgent.logLevel | quote }} - - name: STS_CLUSTER_AGENT_CMD_PORT - value: {{ .Values.clusterAgent.service.targetPort | quote }} - - name: STS_STS_URL - value: {{ include "stackstate-k8s-agent.stackstate.url" . }} - {{- if .Values.clusterAgent.config.configMap.maxDataSize }} - - name: STS_CONFIGMAP_MAX_DATASIZE - value: {{ .Values.clusterAgent.config.configMap.maxDataSize | quote }} - {{- end}} - {{- if .Values.global.proxy.url }} - - name: STS_PROXY_HTTPS - value: {{ .Values.global.proxy.url | quote }} - - name: STS_PROXY_HTTP - value: {{ .Values.global.proxy.url | quote }} - {{- end }} - {{- range $key, $value := .Values.global.extraEnv.open }} - - name: {{ $key }} - value: {{ $value | quote }} - {{- end }} - {{- range $key, $value := .Values.global.extraEnv.secret }} - - name: {{ $key }} - valueFrom: - secretKeyRef: - name: {{ include "stackstate-k8s-agent.fullname" . }} - key: {{ $key }} - {{- end }} - {{- if .Values.all.hardening.enabled}} - securityContext: - privileged: true - runAsUser: 0 # root - capabilities: - add: [ "ALL" ] - readOnlyRootFilesystem: false - {{- else }} - securityContext: - privileged: false - {{- end }} - {{- with .Values.clusterAgent.resources }} - resources: - {{- toYaml . | nindent 12 }} - {{- end }} - volumeMounts: - - name: logs - mountPath: /var/log/stackstate-agent - - name: config-override-volume - mountPath: /etc/stackstate-agent/conf.d/kubernetes_api_events.d/conf.yaml - subPath: kubernetes_api_events_conf - - name: config-override-volume - mountPath: /etc/stackstate-agent/conf.d/kubernetes_api_topology.d/conf.yaml - subPath: kubernetes_api_topology_conf - readOnly: true - {{- if .Values.clusterAgent.collection.kubeStateMetrics.enabled }} - - name: config-override-volume - mountPath: /etc/stackstate-agent/conf.d/kubernetes_state_core.d/conf.yaml - subPath: kube_state_metrics_core_conf - readOnly: true - {{- end }} - {{- if .Values.clusterAgent.config.override }} - {{- range .Values.clusterAgent.config.override }} - - name: config-override-volume - mountPath: {{ .path }}/{{ .name }} - subPath: {{ .path | replace "/" "_"}}_{{ .name }} - readOnly: true - {{- end }} - {{- end }} - nodeSelector: - {{ template "label.os" . }}: {{ .Values.targetSystem }} - {{- with .Values.clusterAgent.nodeSelector }} - {{- toYaml . | nindent 8 }} - {{- end }} - {{- with .Values.clusterAgent.affinity }} - affinity: - {{- toYaml . | nindent 8 }} - {{- end }} - {{- with .Values.clusterAgent.tolerations }} - tolerations: - {{- toYaml . | nindent 8 }} - {{- end }} - volumes: - - name: logs - emptyDir: {} - - name: config-override-volume - configMap: - name: {{ .Release.Name }}-cluster-agent diff --git a/charts/stackstate/stackstate-k8s-agent/1.0.78/templates/cluster-agent-poddisruptionbudget.yaml b/charts/stackstate/stackstate-k8s-agent/1.0.78/templates/cluster-agent-poddisruptionbudget.yaml deleted file mode 100644 index 652fa63d9..000000000 --- a/charts/stackstate/stackstate-k8s-agent/1.0.78/templates/cluster-agent-poddisruptionbudget.yaml +++ /dev/null @@ -1,18 +0,0 @@ -{{- if .Capabilities.APIVersions.Has "policy/v1/PodDisruptionBudget" }} -apiVersion: policy/v1 -{{- else }} -apiVersion: policy/v1beta1 -{{- end }} -kind: PodDisruptionBudget -metadata: - name: {{ include "stackstate-k8s-agent.fullname" . }} - labels: -{{ include "stackstate-k8s-agent.labels" . | indent 4 }} - app.kubernetes.io/component: cluster-agent -spec: - maxUnavailable: 1 - selector: - matchLabels: - app.kubernetes.io/component: cluster-agent - app.kubernetes.io/instance: {{ .Release.Name }} - app.kubernetes.io/name: {{ include "stackstate-k8s-agent.name" . }} diff --git a/charts/stackstate/stackstate-k8s-agent/1.0.78/templates/cluster-agent-role.yaml b/charts/stackstate/stackstate-k8s-agent/1.0.78/templates/cluster-agent-role.yaml deleted file mode 100644 index afe1594c1..000000000 --- a/charts/stackstate/stackstate-k8s-agent/1.0.78/templates/cluster-agent-role.yaml +++ /dev/null @@ -1,18 +0,0 @@ -{{- $kubeRes := .Values.clusterAgent.collection.kubernetesResources }} -apiVersion: rbac.authorization.k8s.io/v1 -kind: Role -metadata: - name: {{ include "stackstate-k8s-agent.fullname" . }} - labels: -{{ include "stackstate-k8s-agent.labels" . | indent 4 }} - app.kubernetes.io/component: cluster-agent -rules: -- apiGroups: - - "" - resources: - - configmaps - verbs: - - create - - get - - patch - - update diff --git a/charts/stackstate/stackstate-k8s-agent/1.0.78/templates/cluster-agent-rolebinding.yaml b/charts/stackstate/stackstate-k8s-agent/1.0.78/templates/cluster-agent-rolebinding.yaml deleted file mode 100644 index befaa77f2..000000000 --- a/charts/stackstate/stackstate-k8s-agent/1.0.78/templates/cluster-agent-rolebinding.yaml +++ /dev/null @@ -1,15 +0,0 @@ -apiVersion: rbac.authorization.k8s.io/v1 -kind: RoleBinding -metadata: - name: {{ include "stackstate-k8s-agent.fullname" . }} - labels: -{{ include "stackstate-k8s-agent.labels" . | indent 4 }} - app.kubernetes.io/component: cluster-agent -roleRef: - apiGroup: rbac.authorization.k8s.io - kind: Role - name: {{ include "stackstate-k8s-agent.fullname" . }} -subjects: -- apiGroup: "" - kind: ServiceAccount - name: {{ include "stackstate-k8s-agent.fullname" . }} diff --git a/charts/stackstate/stackstate-k8s-agent/1.0.78/templates/cluster-agent-service.yaml b/charts/stackstate/stackstate-k8s-agent/1.0.78/templates/cluster-agent-service.yaml deleted file mode 100644 index 93c39aaba..000000000 --- a/charts/stackstate/stackstate-k8s-agent/1.0.78/templates/cluster-agent-service.yaml +++ /dev/null @@ -1,18 +0,0 @@ -apiVersion: v1 -kind: Service -metadata: - name: {{ .Release.Name }}-cluster-agent - namespace: {{ .Release.Namespace }} - labels: -{{ include "stackstate-k8s-agent.labels" . | indent 4 }} - app.kubernetes.io/component: cluster-agent -spec: - ports: - - name: clusteragent - port: {{int .Values.clusterAgent.service.port }} - protocol: TCP - targetPort: {{int .Values.clusterAgent.service.targetPort }} - selector: - app.kubernetes.io/component: cluster-agent - app.kubernetes.io/instance: {{ .Release.Name }} - app.kubernetes.io/name: {{ include "stackstate-k8s-agent.name" . }} diff --git a/charts/stackstate/stackstate-k8s-agent/1.0.78/templates/cluster-agent-serviceaccount.yaml b/charts/stackstate/stackstate-k8s-agent/1.0.78/templates/cluster-agent-serviceaccount.yaml deleted file mode 100644 index ff7b7be35..000000000 --- a/charts/stackstate/stackstate-k8s-agent/1.0.78/templates/cluster-agent-serviceaccount.yaml +++ /dev/null @@ -1,12 +0,0 @@ -apiVersion: v1 -kind: ServiceAccount -metadata: - name: {{ include "stackstate-k8s-agent.fullname" . }} - namespace: {{ .Release.Namespace }} - labels: -{{ include "stackstate-k8s-agent.labels" . | indent 4 }} - app.kubernetes.io/component: cluster-agent -{{- with .Values.clusterAgent.serviceaccount.annotations }} - annotations: - {{- toYaml . | nindent 4 }} -{{- end }} diff --git a/charts/stackstate/stackstate-k8s-agent/1.0.78/templates/logs-agent-clusterrole.yaml b/charts/stackstate/stackstate-k8s-agent/1.0.78/templates/logs-agent-clusterrole.yaml deleted file mode 100644 index 70d70aa47..000000000 --- a/charts/stackstate/stackstate-k8s-agent/1.0.78/templates/logs-agent-clusterrole.yaml +++ /dev/null @@ -1,20 +0,0 @@ -{{- if .Values.logsAgent.enabled }} -apiVersion: rbac.authorization.k8s.io/v1 -kind: ClusterRole -metadata: - name: {{ .Release.Name }}-logs-agent - labels: -{{ include "stackstate-k8s-agent.labels" . | indent 4 }} - app.kubernetes.io/component: logs-agent -rules: -- apiGroups: # Kubelet connectivity - - "" - resources: - - nodes - - services - - pods - verbs: - - get - - watch - - list -{{- end -}} diff --git a/charts/stackstate/stackstate-k8s-agent/1.0.78/templates/logs-agent-clusterrolebinding.yaml b/charts/stackstate/stackstate-k8s-agent/1.0.78/templates/logs-agent-clusterrolebinding.yaml deleted file mode 100644 index 802c5d8c5..000000000 --- a/charts/stackstate/stackstate-k8s-agent/1.0.78/templates/logs-agent-clusterrolebinding.yaml +++ /dev/null @@ -1,18 +0,0 @@ -{{- if .Values.logsAgent.enabled }} -apiVersion: rbac.authorization.k8s.io/v1 -kind: ClusterRoleBinding -metadata: - name: {{ .Release.Name }}-logs-agent - labels: -{{ include "stackstate-k8s-agent.labels" . | indent 4 }} - app.kubernetes.io/component: logs-agent -roleRef: - apiGroup: rbac.authorization.k8s.io - kind: ClusterRole - name: {{ .Release.Name }}-logs-agent -subjects: -- apiGroup: "" - kind: ServiceAccount - name: {{ .Release.Name }}-logs-agent - namespace: {{ .Release.Namespace }} -{{- end -}} diff --git a/charts/stackstate/stackstate-k8s-agent/1.0.78/templates/logs-agent-configmap.yaml b/charts/stackstate/stackstate-k8s-agent/1.0.78/templates/logs-agent-configmap.yaml deleted file mode 100644 index 1f1170aaa..000000000 --- a/charts/stackstate/stackstate-k8s-agent/1.0.78/templates/logs-agent-configmap.yaml +++ /dev/null @@ -1,60 +0,0 @@ -{{- if .Values.logsAgent.enabled }} -apiVersion: v1 -kind: ConfigMap -metadata: - name: {{ .Release.Name }}-logs-agent - labels: -{{ include "stackstate-k8s-agent.labels" . | indent 4 }} - app.kubernetes.io/component: logs-agent -data: - promtail.yaml: | - server: - http_listen_port: 9080 - grpc_listen_port: 0 - - clients: - - url: {{ tpl .Values.stackstate.url . }}/logs/k8s?api_key=${STS_API_KEY} - external_labels: - sts_cluster_name: {{ .Values.stackstate.cluster.name | quote }} - {{- if .Values.global.proxy.url }} - proxy_url: {{ .Values.global.proxy.url | quote }} - {{- end }} - tls_config: - insecure_skip_verify: {{ or .Values.global.skipSslValidation .Values.logsAgent.skipSslValidation }} - - - positions: - filename: /tmp/positions.yaml - target_config: - sync_period: 10s - scrape_configs: - - job_name: pod-logs - kubernetes_sd_configs: - - role: pod - pipeline_stages: - - docker: {} - - cri: {} - relabel_configs: - - action: replace - source_labels: - - __meta_kubernetes_pod_name - target_label: pod_name - - action: replace - source_labels: - - __meta_kubernetes_pod_uid - target_label: pod_uid - - action: replace - source_labels: - - __meta_kubernetes_pod_container_name - target_label: container_name - # The __path__ is required by the promtail client - - replacement: /var/log/pods/*$1/*.log - separator: / - source_labels: - - __meta_kubernetes_pod_uid - - __meta_kubernetes_pod_container_name - target_label: __path__ - # Drop all remaining labels, we do not need those - - action: drop - regex: __meta_(.*) -{{- end -}} diff --git a/charts/stackstate/stackstate-k8s-agent/1.0.78/templates/logs-agent-daemonset.yaml b/charts/stackstate/stackstate-k8s-agent/1.0.78/templates/logs-agent-daemonset.yaml deleted file mode 100644 index 015cdba2a..000000000 --- a/charts/stackstate/stackstate-k8s-agent/1.0.78/templates/logs-agent-daemonset.yaml +++ /dev/null @@ -1,90 +0,0 @@ -{{- if .Values.logsAgent.enabled }} -apiVersion: apps/v1 -kind: DaemonSet -metadata: - name: {{ .Release.Name }}-logs-agent - namespace: {{ .Release.Namespace }} - labels: -{{ include "stackstate-k8s-agent.labels" . | indent 4 }} - app.kubernetes.io/component: logs-agent -spec: - selector: - matchLabels: - app.kubernetes.io/component: logs-agent - app.kubernetes.io/instance: {{ .Release.Name }} - app.kubernetes.io/name: {{ include "stackstate-k8s-agent.name" . }} -{{- with .Values.logsAgent.updateStrategy }} - updateStrategy: - {{- toYaml . | nindent 4 }} -{{- end }} - template: - metadata: - annotations: - {{- include "stackstate-k8s-agent.checksum-configs" . | nindent 8 }} - {{- include "stackstate-k8s-agent.logsAgent.configmap.override.checksum" . | nindent 8 }} - labels: - app.kubernetes.io/component: logs-agent - app.kubernetes.io/instance: {{ .Release.Name }} - app.kubernetes.io/name: {{ include "stackstate-k8s-agent.name" . }} - spec: - {{- include "stackstate-k8s-agent.image.pullSecrets" (dict "images" (list .Values.logsAgent.image .Values.all.image) "context" $) | nindent 6 }} - containers: - - name: logs-agent - image: "{{ include "stackstate-k8s-agent.imageRegistry" . }}/{{ .Values.logsAgent.image.repository }}:{{ .Values.logsAgent.image.tag }}" - args: - - -config.expand-env=true - - -config.file=/etc/promtail/promtail.yaml - imagePullPolicy: "{{ .Values.logsAgent.image.pullPolicy }}" - env: - - name: STS_API_KEY - valueFrom: - secretKeyRef: - name: {{ include "stackstate-k8s-agent.fullname" . }} - key: sts-api-key - - name: "HOSTNAME" # needed when using kubernetes_sd_configs - valueFrom: - fieldRef: - fieldPath: "spec.nodeName" - securityContext: - privileged: false - {{- with .Values.logsAgent.resources }} - resources: - {{- toYaml . | nindent 12 }} - {{- end }} - volumeMounts: - - name: logs - mountPath: /var/log - readOnly: true - - name: logs-agent-config - mountPath: /etc/promtail - readOnly: true - - name: varlibdockercontainers - mountPath: /var/lib/docker/containers - readOnly: true - {{- if .Values.logsAgent.priorityClassName }} - priorityClassName: {{ .Values.logsAgent.priorityClassName }} - {{- end }} - serviceAccountName: {{ .Release.Name }}-logs-agent - {{- with .Values.logsAgent.nodeSelector }} - nodeSelector: - {{- toYaml . | nindent 8 }} - {{- end }} - {{- with .Values.logsAgent.affinity }} - affinity: - {{- toYaml . | nindent 8 }} - {{- end }} - {{- with .Values.logsAgent.tolerations }} - tolerations: - {{- toYaml . | nindent 8 }} - {{- end }} - volumes: - - name: logs - hostPath: - path: /var/log - - name: varlibdockercontainers - hostPath: - path: /var/lib/docker/containers - - name: logs-agent-config - configMap: - name: {{ .Release.Name }}-logs-agent -{{- end -}} diff --git a/charts/stackstate/stackstate-k8s-agent/1.0.78/templates/logs-agent-serviceaccount.yaml b/charts/stackstate/stackstate-k8s-agent/1.0.78/templates/logs-agent-serviceaccount.yaml deleted file mode 100644 index e562c04e4..000000000 --- a/charts/stackstate/stackstate-k8s-agent/1.0.78/templates/logs-agent-serviceaccount.yaml +++ /dev/null @@ -1,14 +0,0 @@ -{{- if .Values.logsAgent.enabled }} -apiVersion: v1 -kind: ServiceAccount -metadata: - name: {{ .Release.Name }}-logs-agent - namespace: {{ .Release.Namespace }} - labels: -{{ include "stackstate-k8s-agent.labels" . | indent 4 }} - app.kubernetes.io/component: logs-agent -{{- with .Values.logsAgent.serviceaccount.annotations }} - annotations: - {{- toYaml . | nindent 4 }} -{{- end }} -{{- end -}} diff --git a/charts/stackstate/stackstate-k8s-agent/1.0.78/templates/node-agent-clusterrole.yaml b/charts/stackstate/stackstate-k8s-agent/1.0.78/templates/node-agent-clusterrole.yaml deleted file mode 100644 index 11a53c6ed..000000000 --- a/charts/stackstate/stackstate-k8s-agent/1.0.78/templates/node-agent-clusterrole.yaml +++ /dev/null @@ -1,18 +0,0 @@ -apiVersion: rbac.authorization.k8s.io/v1 -kind: ClusterRole -metadata: - name: {{ .Release.Name }}-node-agent - labels: -{{ include "stackstate-k8s-agent.labels" . | indent 4 }} - app.kubernetes.io/component: node-agent -rules: -- apiGroups: # Kubelet connectivity - - "" - resources: - - nodes/metrics - - nodes/proxy - - nodes/spec - - endpoints - verbs: - - get - - list diff --git a/charts/stackstate/stackstate-k8s-agent/1.0.78/templates/node-agent-clusterrolebinding.yaml b/charts/stackstate/stackstate-k8s-agent/1.0.78/templates/node-agent-clusterrolebinding.yaml deleted file mode 100644 index 8a33cb0bc..000000000 --- a/charts/stackstate/stackstate-k8s-agent/1.0.78/templates/node-agent-clusterrolebinding.yaml +++ /dev/null @@ -1,16 +0,0 @@ -apiVersion: rbac.authorization.k8s.io/v1 -kind: ClusterRoleBinding -metadata: - name: {{ .Release.Name }}-node-agent - labels: -{{ include "stackstate-k8s-agent.labels" . | indent 4 }} - app.kubernetes.io/component: node-agent -roleRef: - apiGroup: rbac.authorization.k8s.io - kind: ClusterRole - name: {{ .Release.Name }}-node-agent -subjects: -- apiGroup: "" - kind: ServiceAccount - name: {{ .Release.Name }}-node-agent - namespace: {{ .Release.Namespace }} diff --git a/charts/stackstate/stackstate-k8s-agent/1.0.78/templates/node-agent-configmap.yaml b/charts/stackstate/stackstate-k8s-agent/1.0.78/templates/node-agent-configmap.yaml deleted file mode 100644 index 8fdd99258..000000000 --- a/charts/stackstate/stackstate-k8s-agent/1.0.78/templates/node-agent-configmap.yaml +++ /dev/null @@ -1,14 +0,0 @@ -{{- if .Values.nodeAgent.config.override }} -apiVersion: v1 -kind: ConfigMap -metadata: - name: {{ .Release.Name }}-node-agent - labels: -{{ include "stackstate-k8s-agent.labels" . | indent 4 }} - app.kubernetes.io/component: node-agent -data: -{{- range .Values.nodeAgent.config.override }} - {{ .path | replace "/" "_"}}_{{ .name }}: | -{{ .data | indent 4 -}} -{{- end -}} -{{- end -}} diff --git a/charts/stackstate/stackstate-k8s-agent/1.0.78/templates/node-agent-daemonset.yaml b/charts/stackstate/stackstate-k8s-agent/1.0.78/templates/node-agent-daemonset.yaml deleted file mode 100644 index dd47d1a9e..000000000 --- a/charts/stackstate/stackstate-k8s-agent/1.0.78/templates/node-agent-daemonset.yaml +++ /dev/null @@ -1,105 +0,0 @@ ---- -apiVersion: apps/v1 -kind: DaemonSet -metadata: - name: {{ .Release.Name }}-node-agent - namespace: {{ .Release.Namespace }} - labels: -{{ include "stackstate-k8s-agent.labels" . | indent 4 }} - app.kubernetes.io/component: node-agent -spec: - selector: - matchLabels: - app.kubernetes.io/component: node-agent - app.kubernetes.io/instance: {{ .Release.Name }} - app.kubernetes.io/name: {{ include "stackstate-k8s-agent.name" . }} -{{- with .Values.nodeAgent.updateStrategy }} - updateStrategy: - {{- toYaml . | nindent 4 }} -{{- end }} - template: - metadata: - annotations: - {{- include "stackstate-k8s-agent.checksum-configs" . | nindent 8 }} - {{- include "stackstate-k8s-agent.nodeAgent.configmap.override.checksum" . | nindent 8 }} - labels: - app.kubernetes.io/component: node-agent - app.kubernetes.io/instance: {{ .Release.Name }} - app.kubernetes.io/name: {{ include "stackstate-k8s-agent.name" . }} - spec: - {{- include "stackstate-k8s-agent.image.pullSecrets" (dict "images" (list .Values.nodeAgent.containers.agent.image .Values.all.image) "context" $) | nindent 6 }} - {{- if .Values.all.hardening.enabled}} - terminationGracePeriodSeconds: 240 - {{- end }} - containers: - {{- include "container-agent" . | nindent 6 }} - {{- if .Values.nodeAgent.containers.processAgent.enabled }} - {{- include "container-process-agent" . | nindent 6 }} - {{- end }} - dnsPolicy: ClusterFirstWithHostNet - hostNetwork: true - hostPID: true - {{- if .Values.nodeAgent.priorityClassName }} - priorityClassName: {{ .Values.nodeAgent.priorityClassName }} - {{- end }} - serviceAccountName: {{ .Release.Name }}-node-agent - nodeSelector: - {{ template "label.os" . }}: {{ .Values.targetSystem }} - {{- with .Values.nodeAgent.nodeSelector }} - {{- toYaml . | nindent 8 }} - {{- end }} - {{- with .Values.nodeAgent.affinity }} - affinity: - {{- toYaml . | nindent 8 }} - {{- end }} - {{- with .Values.nodeAgent.tolerations }} - tolerations: - {{- toYaml . | nindent 8 }} - {{- end }} - volumes: - {{- if .Values.nodeAgent.containerRuntime.customSocketPath }} - - hostPath: - path: {{ .Values.nodeAgent.containerRuntime.customSocketPath }} - name: customcrisocket - {{- end }} - - hostPath: - path: /var/lib/kubelet - name: kubelet - - hostPath: - path: /var/lib/nfs - name: nfs - - hostPath: - path: /var/lib/docker/overlay2 - name: dockeroverlay2 - - hostPath: - path: /run/docker/netns - name: dockernetns - - hostPath: - path: /var/run/crio/crio.sock - name: crisocket - - hostPath: - path: /var/run/containerd/containerd.sock - name: containerdsocket - - hostPath: - path: /sys/kernel/debug - name: sys-kernel-debug - - hostPath: - path: /var/run/docker.sock - name: dockersocket - - hostPath: - path: {{ .Values.nodeAgent.containerRuntime.hostProc }} - name: procdir - - hostPath: - path: /etc - name: etcdir - - hostPath: - path: /etc/passwd - name: passwd - - hostPath: - path: /sys/fs/cgroup - name: cgroups - {{- if .Values.nodeAgent.config.override }} - - name: config-override-volume - configMap: - name: {{ .Release.Name }}-node-agent - {{- end }} diff --git a/charts/stackstate/stackstate-k8s-agent/1.0.78/templates/node-agent-podautoscaler.yaml b/charts/stackstate/stackstate-k8s-agent/1.0.78/templates/node-agent-podautoscaler.yaml deleted file mode 100644 index f3de625e9..000000000 --- a/charts/stackstate/stackstate-k8s-agent/1.0.78/templates/node-agent-podautoscaler.yaml +++ /dev/null @@ -1,35 +0,0 @@ ---- -{{- if .Values.nodeAgent.autoScalingEnabled }} -apiVersion: "autoscaling.k8s.io/v1" -kind: VerticalPodAutoscaler -metadata: - name: {{ .Release.Name }}-node-agent-vpa - namespace: {{ .Release.Namespace }} -spec: - targetRef: - apiVersion: "apps/v1" - kind: DaemonSet - name: {{ .Release.Name }}-node-agent - resourcePolicy: - containerPolicies: - - containerName: 'node-agent' - minAllowed: - cpu: {{ .Values.nodeAgent.scaling.autoscalerLimits.agent.minimum.cpu }} - memory: {{ .Values.nodeAgent.scaling.autoscalerLimits.agent.minimum.memory }} - maxAllowed: - cpu: {{ .Values.nodeAgent.scaling.autoscalerLimits.agent.maximum.cpu }} - memory: {{ .Values.nodeAgent.scaling.autoscalerLimits.agent.maximum.memory }} - controlledResources: ["cpu", "memory"] - controlledValues: RequestsAndLimits - - containerName: 'process-agent' - minAllowed: - cpu: {{ .Values.nodeAgent.scaling.autoscalerLimits.processAgent.minimum.cpu }} - memory: {{ .Values.nodeAgent.scaling.autoscalerLimits.processAgent.minimum.memory }} - maxAllowed: - cpu: {{ .Values.nodeAgent.scaling.autoscalerLimits.processAgent.maximum.cpu }} - memory: {{ .Values.nodeAgent.scaling.autoscalerLimits.processAgent.maximum.memory }} - controlledResources: ["cpu", "memory"] - controlledValues: RequestsAndLimits - updatePolicy: - updateMode: "Auto" -{{- end }} diff --git a/charts/stackstate/stackstate-k8s-agent/1.0.78/templates/node-agent-scc.yaml b/charts/stackstate/stackstate-k8s-agent/1.0.78/templates/node-agent-scc.yaml deleted file mode 100644 index 562a099c7..000000000 --- a/charts/stackstate/stackstate-k8s-agent/1.0.78/templates/node-agent-scc.yaml +++ /dev/null @@ -1,56 +0,0 @@ -{{- if .Values.nodeAgent.scc.enabled }} -allowHostDirVolumePlugin: true -# was true -allowHostIPC: true -# was true -allowHostNetwork: true -# Allow host PID for dogstatsd origin detection -allowHostPID: true -# Allow host ports for dsd / trace / logs intake -allowHostPorts: true -allowPrivilegeEscalation: true -# was true -allowPrivilegedContainer: true -# was - '*' -allowedCapabilities: [] -allowedUnsafeSysctls: -- '*' -apiVersion: security.openshift.io/v1 -defaultAddCapabilities: null -fsGroup: -# was RunAsAny - type: MustRunAs -groups: [] -kind: SecurityContextConstraints -metadata: - name: {{ .Release.Name }}-node-agent - namespace: {{ .Release.Namespace }} -priority: null -readOnlyRootFilesystem: false -requiredDropCapabilities: null -# was RunAsAny -runAsUser: - type: MustRunAsRange -# Use the `spc_t` selinux type to access the -# docker socket + proc and cgroup stats -seLinuxContext: - type: RunAsAny - seLinuxOptions: - user: "system_u" - role: "system_r" - type: "spc_t" - level: "s0" -# was - '*' -seccompProfiles: [] -supplementalGroups: - type: RunAsAny -users: -- system:serviceaccount:{{ .Release.Namespace }}:{{ .Release.Name }}-node-agent -# Allow hostPath for docker / process metrics -volumes: - - configMap - - downwardAPI - - emptyDir - - hostPath - - secret -{{- end }} diff --git a/charts/stackstate/stackstate-k8s-agent/1.0.78/templates/node-agent-service.yaml b/charts/stackstate/stackstate-k8s-agent/1.0.78/templates/node-agent-service.yaml deleted file mode 100644 index ad5ad71ce..000000000 --- a/charts/stackstate/stackstate-k8s-agent/1.0.78/templates/node-agent-service.yaml +++ /dev/null @@ -1,26 +0,0 @@ -apiVersion: v1 -kind: Service -metadata: - name: {{ .Release.Name }}-node-agent - namespace: {{ .Release.Namespace }} - labels: -{{ include "stackstate-k8s-agent.labels" . | indent 4 }} - app.kubernetes.io/component: node-agent -{{- with .Values.nodeAgent.service.annotations }} - annotations: - {{- toYaml . | nindent 4 }} -{{- end }} -spec: - type: {{ .Values.nodeAgent.service.type }} -{{- if eq .Values.nodeAgent.service.type "LoadBalancer" }} - loadBalancerSourceRanges: {{ toYaml .Values.nodeAgent.service.loadBalancerSourceRanges | nindent 4}} -{{- end }} - ports: - - name: traceport - port: 8126 - protocol: TCP - targetPort: 8126 - selector: - app.kubernetes.io/component: node-agent - app.kubernetes.io/instance: {{ .Release.Name }} - app.kubernetes.io/name: {{ include "stackstate-k8s-agent.name" . }} diff --git a/charts/stackstate/stackstate-k8s-agent/1.0.78/templates/node-agent-serviceaccount.yaml b/charts/stackstate/stackstate-k8s-agent/1.0.78/templates/node-agent-serviceaccount.yaml deleted file mode 100644 index 935fa9674..000000000 --- a/charts/stackstate/stackstate-k8s-agent/1.0.78/templates/node-agent-serviceaccount.yaml +++ /dev/null @@ -1,12 +0,0 @@ -apiVersion: v1 -kind: ServiceAccount -metadata: - name: {{ .Release.Name }}-node-agent - namespace: {{ .Release.Namespace }} - labels: -{{ include "stackstate-k8s-agent.labels" . | indent 4 }} - app.kubernetes.io/component: node-agent -{{- with .Values.nodeAgent.serviceaccount.annotations }} - annotations: - {{- toYaml . | nindent 4 }} -{{- end }} diff --git a/charts/stackstate/stackstate-k8s-agent/1.0.78/templates/openshift-logging-secret.yaml b/charts/stackstate/stackstate-k8s-agent/1.0.78/templates/openshift-logging-secret.yaml deleted file mode 100644 index df813afe2..000000000 --- a/charts/stackstate/stackstate-k8s-agent/1.0.78/templates/openshift-logging-secret.yaml +++ /dev/null @@ -1,17 +0,0 @@ -{{- if .Values.openShiftLogging.installSecret }} -apiVersion: v1 -kind: Secret -metadata: - name: {{ include "stackstate-k8s-agent.fullname" . }}-logging-secret - namespace: openshift-logging - labels: -{{ include "stackstate-k8s-agent.labels" . | indent 4 }} -type: Opaque -data: - username: {{ "apikey" | b64enc | quote }} -{{- if .Values.global.receiverApiKey }} - password: {{ .Values.global.receiverApiKey | b64enc | quote }} -{{- else }} - password: {{ .Values.stackstate.apiKey | b64enc | quote }} -{{- end }} -{{- end }} diff --git a/charts/stackstate/stackstate-k8s-agent/1.0.78/templates/pull-secret.yaml b/charts/stackstate/stackstate-k8s-agent/1.0.78/templates/pull-secret.yaml deleted file mode 100644 index 441a42a15..000000000 --- a/charts/stackstate/stackstate-k8s-agent/1.0.78/templates/pull-secret.yaml +++ /dev/null @@ -1,35 +0,0 @@ -{{- $defaultRegistry := .Values.global.imageRegistry }} -{{- $top := . }} -{{- $registryAuthMap := dict }} - -{{- range $registry, $credentials := .Values.global.imagePullCredentials }} - {{- $registryAuthDocument := dict -}} - {{- $_ := set $registryAuthDocument "username" $credentials.username }} - {{- $_ := set $registryAuthDocument "password" $credentials.password }} - {{- $authMessage := printf "%s:%s" $registryAuthDocument.username $registryAuthDocument.password | b64enc }} - {{- $_ := set $registryAuthDocument "auth" $authMessage }} - {{- if eq $registry "default" }} - {{- $registryAuthMap := set $registryAuthMap (include "stackstate-k8s-agent.imageRegistry" $top) $registryAuthDocument }} - {{ else }} - {{- $registryAuthMap := set $registryAuthMap $registry $registryAuthDocument }} - {{- end }} -{{- end }} - -{{- if .Values.all.image.pullSecretUsername }} - {{- $registryAuthDocument := dict -}} - {{- $_ := set $registryAuthDocument "username" .Values.all.image.pullSecretUsername }} - {{- $_ := set $registryAuthDocument "password" .Values.all.image.pullSecretPassword }} - {{- $authMessage := printf "%s:%s" $registryAuthDocument.username $registryAuthDocument.password | b64enc }} - {{- $_ := set $registryAuthDocument "auth" $authMessage }} - {{- $registryAuthMap := set $registryAuthMap (include "stackstate-k8s-agent.imageRegistry" $top) $registryAuthDocument }} -{{- end }} - -{{- $dockerAuthsDocuments := dict "auths" $registryAuthMap }} - -apiVersion: v1 -kind: Secret -metadata: - name: {{ include "stackstate-k8s-agent.pull-secret.name" . }} -data: - .dockerconfigjson: {{ $dockerAuthsDocuments | toJson | b64enc | quote }} -type: kubernetes.io/dockerconfigjson diff --git a/charts/stackstate/stackstate-k8s-agent/1.0.78/templates/secret.yaml b/charts/stackstate/stackstate-k8s-agent/1.0.78/templates/secret.yaml deleted file mode 100644 index 31057ccf3..000000000 --- a/charts/stackstate/stackstate-k8s-agent/1.0.78/templates/secret.yaml +++ /dev/null @@ -1,22 +0,0 @@ -apiVersion: v1 -kind: Secret -metadata: - name: {{ include "stackstate-k8s-agent.fullname" . }} - namespace: {{ .Release.Namespace }} - labels: -{{ include "stackstate-k8s-agent.labels" . | indent 4 }} -type: Opaque -data: -{{- if .Values.global.receiverApiKey }} - sts-api-key: {{ .Values.global.receiverApiKey | b64enc | quote }} -{{- else }} - sts-api-key: {{ .Values.stackstate.apiKey | b64enc | quote }} -{{- end }} -{{- if .Values.stackstate.cluster.authToken }} - sts-cluster-auth-token: {{ .Values.stackstate.cluster.authToken | b64enc | quote }} -{{- else }} - sts-cluster-auth-token: {{ randAlphaNum 32 | b64enc | quote }} -{{- end }} -{{- range $key, $value := .Values.global.extraEnv.secret }} - {{ $key }}: {{ $value | b64enc | quote }} -{{- end }} diff --git a/charts/stackstate/stackstate-k8s-agent/1.0.78/test/clusteragent_resources_test.go b/charts/stackstate/stackstate-k8s-agent/1.0.78/test/clusteragent_resources_test.go deleted file mode 100644 index 25875e871..000000000 --- a/charts/stackstate/stackstate-k8s-agent/1.0.78/test/clusteragent_resources_test.go +++ /dev/null @@ -1,145 +0,0 @@ -package test - -import ( - "regexp" - "strings" - "testing" - - v1 "k8s.io/api/rbac/v1" - - "github.com/stretchr/testify/assert" - "gitlab.com/StackVista/DevOps/helm-charts/helmtestutil" -) - -var requiredRules = []string{ - "events+get,list,watch", - "nodes+get,list,watch", - "pods+get,list,watch", - "services+get,list,watch", - "configmaps+create,get,patch,update", -} - -var optionalRules = []string{ - "namespaces+get,list,watch", - "componentstatuses+get,list,watch", - "configmaps+list,watch", // get is already required - "endpoints+get,list,watch", - "persistentvolumeclaims+get,list,watch", - "persistentvolumes+get,list,watch", - "secrets+get,list,watch", - "apps/daemonsets+get,list,watch", - "apps/deployments+get,list,watch", - "apps/replicasets+get,list,watch", - "apps/statefulsets+get,list,watch", - "extensions/ingresses+get,list,watch", - "batch/cronjobs+get,list,watch", - "batch/jobs+get,list,watch", -} - -var roleDescriptionRegexp = regexp.MustCompile(`^((?P\w+)/)?(?P\w+)\+(?P[\w,]+)`) - -type Rule struct { - Group string - ResourceName string - Verb string -} - -func assertRuleExistence(t *testing.T, rules []v1.PolicyRule, roleDescription string, shouldBePresent bool) { - match := roleDescriptionRegexp.FindStringSubmatch(roleDescription) - assert.NotNil(t, match) - - var roleRules []Rule - for _, rule := range rules { - for _, group := range rule.APIGroups { - for _, resource := range rule.Resources { - for _, verb := range rule.Verbs { - roleRules = append(roleRules, Rule{group, resource, verb}) - } - } - } - } - - resGroup := match[roleDescriptionRegexp.SubexpIndex("group")] - resName := match[roleDescriptionRegexp.SubexpIndex("name")] - verbs := strings.Split(match[roleDescriptionRegexp.SubexpIndex("verbs")], ",") - - for _, verb := range verbs { - requiredRule := Rule{resGroup, resName, verb} - found := false - for _, rule := range roleRules { - if rule == requiredRule { - found = true - break - } - } - if shouldBePresent { - assert.Truef(t, found, "Rule %v has not been found", requiredRule) - } else { - assert.Falsef(t, found, "Rule %v should not be present", requiredRule) - } - } -} - -func TestAllResourcesAreEnabled(t *testing.T) { - output := helmtestutil.RenderHelmTemplate(t, "stackstate-k8s-agent", "values/minimal.yaml") - resources := helmtestutil.NewKubernetesResources(t, output) - - assert.Contains(t, resources.ClusterRoles, "stackstate-k8s-agent") - assert.Contains(t, resources.Roles, "stackstate-k8s-agent") - rules := resources.ClusterRoles["stackstate-k8s-agent"].Rules - rules = append(rules, resources.Roles["stackstate-k8s-agent"].Rules...) - - for _, requiredRole := range requiredRules { - assertRuleExistence(t, rules, requiredRole, true) - } - // be default, everything is enabled, so all the optional roles should be present as well - for _, optionalRule := range optionalRules { - assertRuleExistence(t, rules, optionalRule, true) - } -} - -func TestMostOfResourcesAreDisabled(t *testing.T) { - output := helmtestutil.RenderHelmTemplate(t, "stackstate-k8s-agent", "values/minimal.yaml", "values/disable-all-resource.yaml") - resources := helmtestutil.NewKubernetesResources(t, output) - - assert.Contains(t, resources.ClusterRoles, "stackstate-k8s-agent") - assert.Contains(t, resources.Roles, "stackstate-k8s-agent") - rules := resources.ClusterRoles["stackstate-k8s-agent"].Rules - rules = append(rules, resources.Roles["stackstate-k8s-agent"].Rules...) - - for _, requiredRole := range requiredRules { - assertRuleExistence(t, rules, requiredRole, true) - } - - // we expect all optional resources to be removed from ClusterRole with the given values - for _, optionalRule := range optionalRules { - assertRuleExistence(t, rules, optionalRule, false) - } -} - -func TestNoClusterWideModificationRights(t *testing.T) { - output := helmtestutil.RenderHelmTemplate(t, "stackstate-k8s-agent", "values/minimal.yaml", "values/http-header-injector.yaml") - resources := helmtestutil.NewKubernetesResources(t, output) - assert.Contains(t, resources.ClusterRoles, "stackstate-k8s-agent") - illegalVerbs := []string{"create", "patch", "update", "delete"} - - for _, clusterRole := range resources.ClusterRoles { - for _, rule := range clusterRole.Rules { - for _, verb := range rule.Verbs { - assert.NotContains(t, illegalVerbs, verb, "ClusterRole %s should not have %s verb for %s resource", clusterRole.Name, verb, rule.Resources) - } - } - } -} - -func TestServicePortChange(t *testing.T) { - output := helmtestutil.RenderHelmTemplate(t, "stackstate-k8s-agent", "values/minimal.yaml", "values/clustercheck_service_port_override.yaml") - resources := helmtestutil.NewKubernetesResources(t, output) - - cluster_agent_service := resources.Services["stackstate-k8s-agent-cluster-agent"] - - port := cluster_agent_service.Spec.Ports[0] - assert.Equal(t, port.Name, "clusteragent") - assert.Equal(t, port.Port, int32(8008)) - assert.Equal(t, port.TargetPort.IntVal, int32(9009)) -} diff --git a/charts/stackstate/stackstate-k8s-agent/1.0.78/test/clustername_test.go b/charts/stackstate/stackstate-k8s-agent/1.0.78/test/clustername_test.go deleted file mode 100644 index 55090b995..000000000 --- a/charts/stackstate/stackstate-k8s-agent/1.0.78/test/clustername_test.go +++ /dev/null @@ -1,54 +0,0 @@ -package test - -import ( - "testing" - - "github.com/gruntwork-io/terratest/modules/helm" - "github.com/stretchr/testify/assert" - - "gitlab.com/StackVista/DevOps/helm-charts/helmtestutil" -) - -func TestHelmBasicRender(t *testing.T) { - output := helmtestutil.RenderHelmTemplate(t, "stackstate-k8s-agent", "values/minimal.yaml") - - // Parse all resources into their corresponding types for validation and further inspection - helmtestutil.NewKubernetesResources(t, output) -} - -func TestClusterNameValidation(t *testing.T) { - testCases := []struct { - Name string - ClusterName string - IsValid bool - }{ - {"not allowed end with special character [.]", "name.", false}, - {"not allowed end with special character [-]", "name.", false}, - {"not allowed start with special character [-]", "-name", false}, - {"not allowed start with special character [.]", ".name", false}, - {"upper case is not allowed", "Euwest1-prod.cool-company.com", false}, - {"upper case is not allowed", "euwest1-PROD.cool-company.com", false}, - {"upper case is not allowed", "euwest1-prod.cool-company.coM", false}, - {"dots and dashes are allowed in the middle", "euwest1-prod.cool-company.com", true}, - {"underscore is not allowed", "why_7", false}, - } - - for _, testCase := range testCases { - t.Run(testCase.Name, func(t *testing.T) { - output, err := helmtestutil.RenderHelmTemplateOpts( - t, "cluster-agent", - &helm.Options{ - ValuesFiles: []string{"values/minimal.yaml"}, - SetStrValues: map[string]string{ - "stackstate.cluster.name": testCase.ClusterName, - }, - }) - if testCase.IsValid { - assert.Nil(t, err) - } else { - assert.NotNil(t, err) - assert.Contains(t, output, "stackstate.cluster.name: Does not match pattern") - } - }) - } -} diff --git a/charts/stackstate/stackstate-k8s-agent/1.0.78/test/values/clustercheck_ksm_custom_url.yaml b/charts/stackstate/stackstate-k8s-agent/1.0.78/test/values/clustercheck_ksm_custom_url.yaml deleted file mode 100644 index 57b973eed..000000000 --- a/charts/stackstate/stackstate-k8s-agent/1.0.78/test/values/clustercheck_ksm_custom_url.yaml +++ /dev/null @@ -1,7 +0,0 @@ -checksAgent: - enabled: true - kubeStateMetrics: - url: http://my-custom-ksm-url.monitoring.svc.local:8080/metrics -dependencies: - kubeStateMetrics: - enabled: true diff --git a/charts/stackstate/stackstate-k8s-agent/1.0.78/test/values/clustercheck_ksm_no_override.yaml b/charts/stackstate/stackstate-k8s-agent/1.0.78/test/values/clustercheck_ksm_no_override.yaml deleted file mode 100644 index b6c817d47..000000000 --- a/charts/stackstate/stackstate-k8s-agent/1.0.78/test/values/clustercheck_ksm_no_override.yaml +++ /dev/null @@ -1,5 +0,0 @@ -checksAgent: - enabled: true -dependencies: - kubeStateMetrics: - enabled: true diff --git a/charts/stackstate/stackstate-k8s-agent/1.0.78/test/values/clustercheck_ksm_override.yaml b/charts/stackstate/stackstate-k8s-agent/1.0.78/test/values/clustercheck_ksm_override.yaml deleted file mode 100644 index 9ca201345..000000000 --- a/charts/stackstate/stackstate-k8s-agent/1.0.78/test/values/clustercheck_ksm_override.yaml +++ /dev/null @@ -1,26 +0,0 @@ -checksAgent: - enabled: true -dependencies: - kubeStateMetrics: - enabled: true -agent: - config: - override: -# agent.config.override -- Disables kubernetes_state check on regular agent pods. - - name: auto_conf.yaml - path: /etc/stackstate-agent/conf.d/kubernetes_state.d - data: | -clusterAgent: - config: - override: -# clusterAgent.config.override -- Defines kubernetes_state check for clusterchecks agents. Auto-discovery -# with ad_identifiers does not work here. Use a specific URL instead. - - name: conf.yaml - path: /etc/stackstate-agent/conf.d/kubernetes_state.d - data: | - cluster_check: true - - init_config: - - instances: - - kube_state_url: http://YOUR_KUBE_STATE_METRICS_SERVICE_NAME:8080/metrics diff --git a/charts/stackstate/stackstate-k8s-agent/1.0.78/test/values/clustercheck_no_ksm_custom_url.yaml b/charts/stackstate/stackstate-k8s-agent/1.0.78/test/values/clustercheck_no_ksm_custom_url.yaml deleted file mode 100644 index a62691878..000000000 --- a/charts/stackstate/stackstate-k8s-agent/1.0.78/test/values/clustercheck_no_ksm_custom_url.yaml +++ /dev/null @@ -1,7 +0,0 @@ -checksAgent: - enabled: true - kubeStateMetrics: - url: http://my-custom-ksm-url.monitoring.svc.local:8080/metrics -dependencies: - kubeStateMetrics: - enabled: false diff --git a/charts/stackstate/stackstate-k8s-agent/1.0.78/test/values/clustercheck_service_port_override.yaml b/charts/stackstate/stackstate-k8s-agent/1.0.78/test/values/clustercheck_service_port_override.yaml deleted file mode 100644 index c01a98fcb..000000000 --- a/charts/stackstate/stackstate-k8s-agent/1.0.78/test/values/clustercheck_service_port_override.yaml +++ /dev/null @@ -1,4 +0,0 @@ -clusterAgent: - service: - port: 8008 - targetPort: 9009 diff --git a/charts/stackstate/stackstate-k8s-agent/1.0.78/test/values/disable-all-resource.yaml b/charts/stackstate/stackstate-k8s-agent/1.0.78/test/values/disable-all-resource.yaml deleted file mode 100644 index cd33e843e..000000000 --- a/charts/stackstate/stackstate-k8s-agent/1.0.78/test/values/disable-all-resource.yaml +++ /dev/null @@ -1,17 +0,0 @@ -clusterAgent: - collection: - kubernetesMetrics: false - kubernetesResources: - namespaces: false - configmaps: false - endpoints: false - persistentvolumes: false - persistentvolumeclaims: false - secrets: false - daemonsets: false - deployments: false - replicasets: false - statefulsets: false - ingresses: false - cronjobs: false - jobs: false diff --git a/charts/stackstate/stackstate-k8s-agent/1.0.78/test/values/http-header-injector.yaml b/charts/stackstate/stackstate-k8s-agent/1.0.78/test/values/http-header-injector.yaml deleted file mode 100644 index c9392ce2d..000000000 --- a/charts/stackstate/stackstate-k8s-agent/1.0.78/test/values/http-header-injector.yaml +++ /dev/null @@ -1,8 +0,0 @@ -httpHeaderInjectorWebhook: - webhook: - tls: - mode: "provided" - provided: - caBundle: insert-ca-here - crt: insert-cert-here - key: insert-key-here diff --git a/charts/stackstate/stackstate-k8s-agent/1.0.78/test/values/minimal.yaml b/charts/stackstate/stackstate-k8s-agent/1.0.78/test/values/minimal.yaml deleted file mode 100644 index b310c9a09..000000000 --- a/charts/stackstate/stackstate-k8s-agent/1.0.78/test/values/minimal.yaml +++ /dev/null @@ -1,7 +0,0 @@ -stackstate: - apiKey: foobar - cluster: - name: some-k8s-cluster - token: some-token - - url: https://stackstate:7000/receiver diff --git a/charts/stackstate/stackstate-k8s-agent/1.0.78/values.schema.json b/charts/stackstate/stackstate-k8s-agent/1.0.78/values.schema.json deleted file mode 100644 index 2b977af3d..000000000 --- a/charts/stackstate/stackstate-k8s-agent/1.0.78/values.schema.json +++ /dev/null @@ -1,79 +0,0 @@ -{ - "$schema": "https://json-schema.org/draft/2019-09/schema", - "$id": "https://stackstate.io/example.json", - "type": "object", - "default": {}, - "title": "StackState Agent Helm chart values", - "required": [ - "stackstate", - "clusterAgent" - ], - "properties": { - "stackstate": { - "type": "object", - "required": [ - "apiKey", - "cluster", - "url" - ], - "properties": { - "apiKey": { - "type": "string" - }, - "cluster": { - "type": "object", - "required": ["name"], - "properties": { - "name": { - "type": "string", - "pattern": "^[a-z0-9]([a-z0-9\\-\\.]*[a-z0-9])$" - }, - "authToken": { - "type": "string" - } - } - }, - "url": { - "type": "string" - } - } - }, - "clusterAgent": { - "type": "object", - "required": [ - "config" - ], - "properties": { - "config": { - "type": "object", - "required": [ - "events" - ], - "properties": { - "events": { - "type": "object", - "properties": { - "categories": { - "type": "object", - "patternProperties": { - ".*": { - "type": [ - "string" - ], - "enum": [ - "Alerts", - "Activities", - "Changes", - "Others" - ] - } - } - } - } - } - } - } - } - } - } -} diff --git a/charts/stackstate/stackstate-k8s-agent/1.0.78/values.yaml b/charts/stackstate/stackstate-k8s-agent/1.0.78/values.yaml deleted file mode 100644 index 3bc6eb4c7..000000000 --- a/charts/stackstate/stackstate-k8s-agent/1.0.78/values.yaml +++ /dev/null @@ -1,603 +0,0 @@ -##################### -# General variables # -##################### - -global: - extraEnv: - # global.extraEnv.open -- Extra open environment variables to inject into pods. - open: {} - # global.extraEnv.secret -- Extra secret environment variables to inject into pods via a `Secret` object. - secret: {} - # global.imagePullSecrets -- Secrets / credentials needed for container image registry. - imagePullSecrets: [] - # global.imagePullCredentials -- Globally define credentials for pulling images. - imagePullCredentials: {} - proxy: - # global.proxy.url -- Proxy for all traffic to stackstate - url: "" - # global.skipSslValidation -- Enable tls validation from client - skipSslValidation: false - -# nameOverride -- Override the name of the chart. -nameOverride: "" -# fullnameOverride -- Override the fullname of the chart. -fullnameOverride: "" - -# targetSystem -- Target OS for this deployment (possible values: linux) -targetSystem: "linux" - -all: - image: - # all.image.registry -- The image registry to use. - registry: "quay.io" - hardening: - # all.hardening.enabled -- An indication of whether the containers will be evaluated for hardening at runtime - enabled: false - -nodeAgent: - # nodeAgent.autoScalingEnabled -- Enable / disable autoscaling for the node agent pods. - autoScalingEnabled: false - containerRuntime: - # nodeAgent.containerRuntime.customSocketPath -- If the container socket path does not match the default for CRI-O, Containerd or Docker, supply a custom socket path. - customSocketPath: "" - # nodeAgent.containerRuntime.customHostProc -- If the container is launched from a place where /proc is mounted differently, /proc can be changed - hostProc: /proc - - scc: - # nodeAgent.scc.enabled -- Enable / disable the installation of the SecurityContextConfiguration needed for installation on OpenShift. - enabled: false - apm: - # nodeAgent.apm.enabled -- Enable / disable the nodeAgent APM module. - enabled: true - networkTracing: - # nodeAgent.networkTracing.enabled -- Enable / disable the nodeAgent network tracing module. - enabled: true - protocolInspection: - # nodeAgent.protocolInspection.enabled -- Enable / disable the nodeAgent protocol inspection. - enabled: true - httpTracing: - enabled: true - # nodeAgent.skipSslValidation -- Set to true if self signed certificates are used. - skipSslValidation: false - # nodeAgent.skipKubeletTLSVerify -- Set to true if you want to skip kubelet tls verification. - skipKubeletTLSVerify: false - - # nodeAgent.checksTagCardinality -- low, orchestrator or high. Orchestrator level adds pod_name, high adds display_container_name - checksTagCardinality: orchestrator - - # nodeAgent.config -- - config: - # nodeAgent.config.override -- A list of objects containing three keys `name`, `path` and `data`, specifying filenames at specific paths which need to be (potentially) overridden using a mounted configmap - override: [] - - # nodeAgent.priorityClassName -- Priority class for nodeAgent pods. - priorityClassName: "" - - scaling: - autoscalerLimits: - agent: - minimum: - # nodeAgent.scaling.autoscalerLimits.agent.minimum.cpu -- Minimum CPU resource limits for main agent. - cpu: "20m" - # nodeAgent.scaling.autoscalerLimits.agent.minimum.memory -- Minimum memory resource limits for main agent. - memory: "180Mi" - maximum: - # nodeAgent.scaling.autoscalerLimits.agent.maximum.cpu -- Maximum CPU resource limits for main agent. - cpu: "200m" - # nodeAgent.scaling.autoscalerLimits.agent.maximum.memory -- Maximum memory resource limits for main agent. - memory: "450Mi" - processAgent: - minimum: - # nodeAgent.scaling.autoscalerLimits.processAgent.minimum.cpu -- Minimum CPU resource limits for process agent. - cpu: "25m" - # nodeAgent.scaling.autoscalerLimits.processAgent.minimum.memory -- Minimum memory resource limits for process agent. - memory: "100Mi" - maximum: - # nodeAgent.scaling.autoscalerLimits.processAgent.maximum.cpu -- Maximum CPU resource limits for process agent. - cpu: "200m" - # nodeAgent.scaling.autoscalerLimits.processAgent.maximum.memory -- Maximum memory resource limits for process agent. - memory: "500Mi" - - containers: - agent: - image: - # nodeAgent.containers.agent.image.repository -- Base container image repository. - repository: stackstate/stackstate-k8s-agent - # nodeAgent.containers.agent.image.tag -- Default container image tag. - tag: "80ded79e" - # nodeAgent.containers.agent.image.pullPolicy -- Default container image pull policy. - pullPolicy: IfNotPresent - processAgent: - # nodeAgent.containers.agent.processAgent.enabled -- Enable / disable the agent process agent module. - deprecated - enabled: false - # nodeAgent.containers.agent.env -- Additional environment variables for the agent container - env: {} - # nodeAgent.containers.agent.logLevel -- Set logging verbosity, valid log levels are: trace, debug, info, warn, error, critical, and off - ## If not set, fall back to the value of agent.logLevel. - logLevel: # INFO - - resources: - limits: - # nodeAgent.containers.agent.resources.limits.cpu -- CPU resource limits. - cpu: "270m" - # nodeAgent.containers.agent.resources.limits.cpu -- Memory resource limits. - memory: "420Mi" - requests: - # nodeAgent.containers.agent.resources.requests.cpu -- CPU resource requests. - cpu: "20m" - # nodeAgent.containers.agent.resources.requests.cpu -- Memory resource requests. - memory: "180Mi" - livenessProbe: - # nodeAgent.containers.agent.livenessProbe.enabled -- Enable use of livenessProbe check. - enabled: true - # nodeAgent.containers.agent.livenessProbe.failureThreshold -- `failureThreshold` for the liveness probe. - failureThreshold: 3 - # nodeAgent.containers.agent.livenessProbe.initialDelaySeconds -- `initialDelaySeconds` for the liveness probe. - initialDelaySeconds: 15 - # nodeAgent.containers.agent.livenessProbe.periodSeconds -- `periodSeconds` for the liveness probe. - periodSeconds: 15 - # nodeAgent.containers.agent.livenessProbe.successThreshold -- `successThreshold` for the liveness probe. - successThreshold: 1 - # nodeAgent.containers.agent.livenessProbe.timeoutSeconds -- `timeoutSeconds` for the liveness probe. - timeoutSeconds: 5 - readinessProbe: - # nodeAgent.containers.agent.readinessProbe.enabled -- Enable use of readinessProbe check. - enabled: true - # nodeAgent.containers.agent.readinessProbe.failureThreshold -- `failureThreshold` for the readiness probe. - failureThreshold: 3 - # nodeAgent.containers.agent.readinessProbe.initialDelaySeconds -- `initialDelaySeconds` for the readiness probe. - initialDelaySeconds: 15 - # nodeAgent.containers.agent.readinessProbe.periodSeconds -- `periodSeconds` for the readiness probe. - periodSeconds: 15 - # nodeAgent.containers.agent.readinessProbe.successThreshold -- `successThreshold` for the readiness probe. - successThreshold: 1 - # nodeAgent.containers.agent.readinessProbe.timeoutSeconds -- `timeoutSeconds` for the readiness probe. - timeoutSeconds: 5 - - processAgent: - # nodeAgent.containers.processAgent.enabled -- Enable / disable the process agent container. - enabled: true - image: - # Override to pull the image from an alternate registry - registry: - # nodeAgent.containers.processAgent.image.repository -- Process-agent container image repository. - repository: stackstate/stackstate-k8s-process-agent - # nodeAgent.containers.processAgent.image.tag -- Default process-agent container image tag. - tag: "ae5d42d2" - # nodeAgent.containers.processAgent.image.pullPolicy -- Process-agent container image pull policy. - pullPolicy: IfNotPresent - # nodeAgent.containers.processAgent.env -- Additional environment variables for the process-agent container - env: {} - # nodeAgent.containers.processAgent.logLevel -- Set logging verbosity, valid log levels are: trace, debug, info, warn, error, critical, and off - ## If not set, fall back to the value of agent.logLevel. - logLevel: # INFO - - # nodeAgent.containers.processAgent.procVolumeReadOnly -- Configure whether /host/proc is read only for the process agent container - procVolumeReadOnly: true - - resources: - limits: - # nodeAgent.containers.processAgent.resources.limits.cpu -- CPU resource limits. - cpu: "125m" - # nodeAgent.containers.processAgent.resources.limits.cpu -- Memory resource limits. - memory: "400Mi" - requests: - # nodeAgent.containers.processAgent.resources.requests.cpu -- CPU resource requests. - cpu: "25m" - # nodeAgent.containers.processAgent.resources.requests.cpu -- Memory resource requests. - memory: "128Mi" - # nodeAgent.service -- The Kubernetes service for the agent - service: - # nodeAgent.service.type -- Type of Kubernetes service: ClusterIP, LoadBalancer, NodePort - type: ClusterIP - # nodeAgent.service.annotations -- Annotations for the service - annotations: {} - # nodeAgent.service.loadBalancerSourceRanges -- The IP4 CIDR allowed to reach LoadBalancer for the service. For LoadBalancer type of service only. - loadBalancerSourceRanges: ["10.0.0.0/8"] - - # nodeAgent.logLevel -- Logging level for agent processes. - logLevel: INFO - - # nodeAgent.updateStrategy -- The update strategy for the DaemonSet object. - updateStrategy: - type: RollingUpdate - rollingUpdate: - maxUnavailable: 100 - - # nodeAgent.nodeSelector -- Node labels for pod assignment. - nodeSelector: {} - - # nodeAgent.tolerations -- Toleration labels for pod assignment. - tolerations: [] - - # nodeAgent.affinity -- Affinity settings for pod assignment. - affinity: {} - - serviceaccount: - # nodeAgent.serviceaccount.annotations -- Annotations for the service account for the agent daemonset pods - annotations: {} - -processAgent: - softMemoryLimit: - # processAgent.softMemoryLimit.goMemLimit -- Soft-limit for golang heap allocation, for sanity, must be around 85% of nodeAgent.containers.processAgent.resources.limits.cpu. - goMemLimit: 340MiB - # processAgent.softMemoryLimit.httpStatsBufferSize -- Sets a maximum for the number of http stats to keep in memory between check runs, to use 40k requires around ~400Mib of memory. - httpStatsBufferSize: 40000 - # processAgent.softMemoryLimit.httpObservationsBufferSize -- Sets a maximum for the number of http observations to keep in memory between check runs, to use 40k requires around ~400Mib of memory. - httpObservationsBufferSize: 40000 - - checkIntervals: - # processAgent.checkIntervals.container -- Override the default value of the container check interval in seconds. - container: 28 - # processAgent.checkIntervals.connections -- Override the default value of the connections check interval in seconds. - connections: 30 - # processAgent.checkIntervals.process -- Override the default value of the process check interval in seconds. - process: 32 - -clusterAgent: - collection: - # clusterAgent.collection.kubernetesEvents -- Enable / disable the cluster agent events collection. - kubernetesEvents: true - # clusterAgent.collection.kubernetesMetrics -- Enable / disable the cluster agent metrics collection. - kubernetesMetrics: true - # clusterAgent.collection.kubernetesTimeout -- Default timeout (in seconds) when obtaining information from the Kubernetes API. - kubernetesTimeout: 10 - # clusterAgent.collection.kubernetesTopology -- Enable / disable the cluster agent topology collection. - kubernetesTopology: true - kubeStateMetrics: - # clusterAgent.collection.kubeStateMetrics.enabled -- Enable / disable the cluster agent kube-state-metrics collection. - enabled: true - # clusterAgent.collection.kubeStateMetrics.clusterCheck -- For large clusters where the Kubernetes State Metrics Check Core needs to be distributed on dedicated workers. - clusterCheck: false - # clusterAgent.collection.kubeStateMetrics.labelsAsTags -- Extra labels to collect from resources and to turn into StackState tag. - ## It has the following structure: - ## labelsAsTags: - ## : # can be pod, deployment, node, etc. - ## : # where is the kubernetes label and is the StackState tag - ## : - ## : - ## : - ## - ## Warning: the label must match the transformation done by kube-state-metrics, - ## for example tags.stackstate/version becomes tags_stackstate_version. - labelsAsTags: {} - # pod: - # app: app - # node: - # zone: zone - # team: team - - # clusterAgent.collection.kubeStateMetrics.annotationsAsTags -- Extra annotations to collect from resources and to turn into StackState tag. - - ## It has the following structure: - ## annotationsAsTags: - ## : # can be pod, deployment, node, etc. - ## : # where is the kubernetes annotation and is the StackState tag - ## : - ## : - ## : - ## - ## Warning: the annotation must match the transformation done by kube-state-metrics, - ## for example tags.stackstate/version becomes tags_stackstate_version. - annotationsAsTags: {} - kubernetesResources: - # clusterAgent.collection.kubernetesResources.limitranges -- Enable / disable collection of LimitRanges. - limitranges: true - # clusterAgent.collection.kubernetesResources.horizontalpodautoscalers -- Enable / disable collection of HorizontalPodAutoscalers. - horizontalpodautoscalers: true - # clusterAgent.collection.kubernetesResources.replicationcontrollers -- Enable / disable collection of ReplicationControllers. - replicationcontrollers: true - # clusterAgent.collection.kubernetesResources.poddisruptionbudgets -- Enable / disable collection of PodDisruptionBudgets. - poddisruptionbudgets: true - # clusterAgent.collection.kubernetesResources.storageclasses -- Enable / disable collection of StorageClasses. - storageclasses: true - # clusterAgent.collection.kubernetesResources.volumeattachments -- Enable / disable collection of Volume Attachments. Used to bind Nodes to Persistent Volumes. - volumeattachments: true - # clusterAgent.collection.kubernetesResources.namespaces -- Enable / disable collection of Namespaces. - namespaces: true - # clusterAgent.collection.kubernetesResources.configmaps -- Enable / disable collection of ConfigMaps. - configmaps: true - # clusterAgent.collection.kubernetesResources.endpoints -- Enable / disable collection of Endpoints. If endpoints are disabled then StackState won't be able to connect a Service to Pods that serving it - endpoints: true - # clusterAgent.collection.kubernetesResources.persistentvolumes -- Enable / disable collection of PersistentVolumes. - persistentvolumes: true - # clusterAgent.collection.kubernetesResources.persistentvolumeclaims -- Enable / disable collection of PersistentVolumeClaims. Disabling these will not let StackState connect PersistentVolumes to pods they are attached to - persistentvolumeclaims: true - # clusterAgent.collection.kubernetesResources.secrets -- Enable / disable collection of Secrets. - secrets: true - # clusterAgent.collection.kubernetesResources.daemonsets -- Enable / disable collection of DaemonSets. - daemonsets: true - # clusterAgent.collection.kubernetesResources.deployments -- Enable / disable collection of Deployments. - deployments: true - # clusterAgent.collection.kubernetesResources.replicasets -- Enable / disable collection of ReplicaSets. - replicasets: true - # clusterAgent.collection.kubernetesResources.statefulsets -- Enable / disable collection of StatefulSets. - statefulsets: true - # clusterAgent.collection.kubernetesResources.ingresses -- Enable / disable collection of Ingresses. - ingresses: true - # clusterAgent.collection.kubernetesResources.cronjobs -- Enable / disable collection of CronJobs. - cronjobs: true - # clusterAgent.collection.kubernetesResources.jobs -- Enable / disable collection of Jobs. - jobs: true - # clusterAgent.collection.kubernetesResources.resourcequotas -- Enable / disable collection of ResourceQuotas. - resourcequotas: true - - # clusterAgent.config -- - config: - events: - # clusterAgent.config.events.categories -- Custom mapping from Kubernetes event reason to StackState event category. Categories allowed: Alerts, Activities, Changes, Others - categories: {} - topology: - # clusterAgent.config.topology.collectionInterval -- Interval for running topology collection, in seconds - collectionInterval: 90 - configMap: - # clusterAgent.config.configMap.maxDataSize -- Maximum amount of characters for the data property of a ConfigMap collected by the kubernetes topology check - maxDataSize: - # clusterAgent.config.override -- A list of objects containing three keys `name`, `path` and `data`, specifying filenames at specific paths which need to be (potentially) overridden using a mounted configmap - override: [] - - service: - # clusterAgent.service.port -- Change the Cluster Agent service port - port: 5005 - # clusterAgent.service.targetPort -- Change the Cluster Agent service targetPort - targetPort: 5005 - - # clusterAgent.enabled -- Enable / disable the cluster agent. - enabled: true - - # clusterAgent.skipSslValidation -- If true, ignores the server certificate being signed by an unknown authority. - skipSslValidation: false - - image: - # clusterAgent.image.repository -- Base container image repository. - repository: stackstate/stackstate-k8s-cluster-agent - # clusterAgent.image.tag -- Default container image tag. - tag: "80ded79e" - # clusterAgent.image.pullPolicy -- Default container image pull policy. - pullPolicy: IfNotPresent - - livenessProbe: - # clusterAgent.livenessProbe.enabled -- Enable use of livenessProbe check. - enabled: true - # clusterAgent.livenessProbe.failureThreshold -- `failureThreshold` for the liveness probe. - failureThreshold: 3 - # clusterAgent.livenessProbe.initialDelaySeconds -- `initialDelaySeconds` for the liveness probe. - initialDelaySeconds: 15 - # clusterAgent.livenessProbe.periodSeconds -- `periodSeconds` for the liveness probe. - periodSeconds: 15 - # clusterAgent.livenessProbe.successThreshold -- `successThreshold` for the liveness probe. - successThreshold: 1 - # clusterAgent.livenessProbe.timeoutSeconds -- `timeoutSeconds` for the liveness probe. - timeoutSeconds: 5 - - # clusterAgent.logLevel -- Logging level for stackstate-k8s-agent processes. - logLevel: INFO - - # clusterAgent.priorityClassName -- Priority class for stackstate-k8s-agent pods. - priorityClassName: "" - - readinessProbe: - # clusterAgent.readinessProbe.enabled -- Enable use of readinessProbe check. - enabled: true - # clusterAgent.readinessProbe.failureThreshold -- `failureThreshold` for the readiness probe. - failureThreshold: 3 - # clusterAgent.readinessProbe.initialDelaySeconds -- `initialDelaySeconds` for the readiness probe. - initialDelaySeconds: 15 - # clusterAgent.readinessProbe.periodSeconds -- `periodSeconds` for the readiness probe. - periodSeconds: 15 - # clusterAgent.readinessProbe.successThreshold -- `successThreshold` for the readiness probe. - successThreshold: 1 - # clusterAgent.readinessProbe.timeoutSeconds -- `timeoutSeconds` for the readiness probe. - timeoutSeconds: 5 - - # clusterAgent.replicaCount -- Number of replicas of the cluster agent to deploy. - replicaCount: 1 - - serviceaccount: - # clusterAgent.serviceaccount.annotations -- Annotations for the service account for the cluster agent pods - annotations: {} - - # clusterAgent.strategy -- The strategy for the Deployment object. - strategy: - type: RollingUpdate - # rollingUpdate: - # maxUnavailable: 1 - - resources: - limits: - # clusterAgent.resources.limits.cpu -- CPU resource limits. - cpu: "400m" - # clusterAgent.resources.limits.memory -- Memory resource limits. - memory: "800Mi" - requests: - # clusterAgent.resources.requests.cpu -- CPU resource requests. - cpu: "70m" - # clusterAgent.resources.requests.memory -- Memory resource requests. - memory: "512Mi" - - # clusterAgent.nodeSelector -- Node labels for pod assignment. - nodeSelector: {} - - # clusterAgent.tolerations -- Toleration labels for pod assignment. - tolerations: [] - - # clusterAgent.affinity -- Affinity settings for pod assignment. - affinity: {} - -openShiftLogging: - # openShiftLogging.installSecret -- Install a secret for logging on openshift - installSecret: false - -logsAgent: - # logsAgent.enabled -- Enable / disable k8s pod log collection - enabled: true - - # logsAgent.skipSslValidation -- If true, ignores the server certificate being signed by an unknown authority. - skipSslValidation: false - - # logsAgent.priorityClassName -- Priority class for logsAgent pods. - priorityClassName: "" - - image: - # logsAgent.image.repository -- Base container image repository. - repository: stackstate/promtail - # logsAgent.image.tag -- Default container image tag. - tag: 2.7.1-4b6ae2af - # logsAgent.image.pullPolicy -- Default container image pull policy. - pullPolicy: IfNotPresent - - resources: - limits: - # logsAgent.resources.limits.cpu -- CPU resource limits. - cpu: "1300m" - # logsAgent.resources.limits.cpu -- Memory resource limits. - memory: "192Mi" - requests: - # logsAgent.resources.requests.cpu -- CPU resource requests. - cpu: "20m" - # logsAgent.resources.requests.cpu -- Memory resource requests. - memory: "100Mi" - - # logsAgent.updateStrategy -- The update strategy for the DaemonSet object. - updateStrategy: - type: RollingUpdate - rollingUpdate: - maxUnavailable: 100 - - # logsAgent.nodeSelector -- Node labels for pod assignment. - nodeSelector: {} - - # logsAgent.tolerations -- Toleration labels for pod assignment. - tolerations: [] - - # logsAgent.affinity -- Affinity settings for pod assignment. - affinity: {} - - serviceaccount: - # logsAgent.serviceaccount.annotations -- Annotations for the service account for the daemonset pods - annotations: {} - -checksAgent: - # checksAgent.enabled -- Enable / disable runnning cluster checks in a separately deployed pod - enabled: true - scc: - # checksAgent.scc.enabled -- Enable / disable the installation of the SecurityContextConfiguration needed for installation on OpenShift - enabled: false - apm: - # checksAgent.apm.enabled -- Enable / disable the agent APM module. - enabled: true - networkTracing: - # checksAgent.networkTracing.enabled -- Enable / disable the agent network tracing module. - enabled: true - processAgent: - # checksAgent.processAgent.enabled -- Enable / disable the agent process agent module. - enabled: true - # checksAgent.skipSslValidation -- Set to true if self signed certificates are used. - skipSslValidation: false - - # nodeAgent.checksTagCardinality -- low, orchestrator or high. Orchestrator level adds pod_name, high adds display_container_name - checksTagCardinality: orchestrator - - # checksAgent.config -- - config: - # checksAgent.config.override -- A list of objects containing three keys `name`, `path` and `data`, specifying filenames at specific paths which need to be (potentially) overridden using a mounted configmap - override: [] - - image: - # checksAgent.image.repository -- Base container image repository. - repository: stackstate/stackstate-k8s-agent - # checksAgent.image.tag -- Default container image tag. - tag: "80ded79e" - # checksAgent.image.pullPolicy -- Default container image pull policy. - pullPolicy: IfNotPresent - - livenessProbe: - # checksAgent.livenessProbe.enabled -- Enable use of livenessProbe check. - enabled: true - # checksAgent.livenessProbe.failureThreshold -- `failureThreshold` for the liveness probe. - failureThreshold: 3 - # checksAgent.livenessProbe.initialDelaySeconds -- `initialDelaySeconds` for the liveness probe. - initialDelaySeconds: 15 - # checksAgent.livenessProbe.periodSeconds -- `periodSeconds` for the liveness probe. - periodSeconds: 15 - # checksAgent.livenessProbe.successThreshold -- `successThreshold` for the liveness probe. - successThreshold: 1 - # checksAgent.livenessProbe.timeoutSeconds -- `timeoutSeconds` for the liveness probe. - timeoutSeconds: 5 - - # checksAgent.logLevel -- Logging level for clusterchecks agent processes. - logLevel: INFO - - # checksAgent.priorityClassName -- Priority class for clusterchecks agent pods. - priorityClassName: "" - - readinessProbe: - # checksAgent.readinessProbe.enabled -- Enable use of readinessProbe check. - enabled: true - # checksAgent.readinessProbe.failureThreshold -- `failureThreshold` for the readiness probe. - failureThreshold: 3 - # checksAgent.readinessProbe.initialDelaySeconds -- `initialDelaySeconds` for the readiness probe. - initialDelaySeconds: 15 - # checksAgent.readinessProbe.periodSeconds -- `periodSeconds` for the readiness probe. - periodSeconds: 15 - # checksAgent.readinessProbe.successThreshold -- `successThreshold` for the readiness probe. - successThreshold: 1 - # checksAgent.readinessProbe.timeoutSeconds -- `timeoutSeconds` for the readiness probe. - timeoutSeconds: 5 - - # checksAgent.replicas -- Number of clusterchecks agent pods to schedule - replicas: 1 - - resources: - limits: - # checksAgent.resources.limits.cpu -- CPU resource limits. - cpu: "400m" - # checksAgent.resources.limits.cpu -- Memory resource limits. - memory: "600Mi" - requests: - # checksAgent.resources.requests.cpu -- CPU resource requests. - cpu: "20m" - # checksAgent.resources.requests.cpu -- Memory resource requests. - memory: "512Mi" - - serviceaccount: - # checksAgent.serviceaccount.annotations -- Annotations for the service account for the cluster checks pods - annotations: {} - - # checksAgent.strategy -- The strategy for the Deployment object. - strategy: - type: RollingUpdate - # rollingUpdate: - # maxUnavailable: 1 - - # checksAgent.nodeSelector -- Node labels for pod assignment. - nodeSelector: {} - - # checksAgent.tolerations -- Toleration labels for pod assignment. - tolerations: [] - - # checksAgent.affinity -- Affinity settings for pod assignment. - affinity: {} - -################################## -# http-header-injector variables # -################################## - -httpHeaderInjectorWebhook: - # httpHeaderInjectorWebhook.enabled -- Enable the webhook for injection http header injection sidecar proxy - enabled: false - -######################## -# StackState variables # -######################## - -stackstate: - # stackstate.apiKey -- (string) **PROVIDE YOUR API KEY HERE** API key to be used by the StackState agent. - apiKey: - cluster: - # stackstate.cluster.name -- (string) **PROVIDE KUBERNETES CLUSTER NAME HERE** Name of the Kubernetes cluster where the agent will be installed. - name: - # stackstate.cluster.authToken -- Provide a token to enable secure communication between the agent and the cluster agent. - authToken: "" - # stackstate.url -- (string) **PROVIDE STACKSTATE URL HERE** URL of the StackState installation to receive data from the agent. - url: diff --git a/charts/stackstate/stackstate-k8s-agent/1.0.81/.helmignore b/charts/stackstate/stackstate-k8s-agent/1.0.81/.helmignore deleted file mode 100644 index 15a5c1277..000000000 --- a/charts/stackstate/stackstate-k8s-agent/1.0.81/.helmignore +++ /dev/null @@ -1,26 +0,0 @@ -# Patterns to ignore when building packages. -# This supports shell glob matching, relative path matching, and -# negation (prefixed with !). Only one pattern per line. -.DS_Store -# Common VCS dirs -.git/ -.gitignore -.bzr/ -.bzrignore -.hg/ -.hgignore -.svn/ -# Common backup files -*.swp -*.bak -*.tmp -*~ -# Various IDEs -.project -.idea/ -*.tmproj -.vscode/ -linter_values.yaml -ci/ -installation/ -logo.svg diff --git a/charts/stackstate/stackstate-k8s-agent/1.0.81/Chart.lock b/charts/stackstate/stackstate-k8s-agent/1.0.81/Chart.lock deleted file mode 100644 index efa285da7..000000000 --- a/charts/stackstate/stackstate-k8s-agent/1.0.81/Chart.lock +++ /dev/null @@ -1,6 +0,0 @@ -dependencies: -- name: http-header-injector - repository: https://helm.stackstate.io - version: 0.0.9 -digest: sha256:3e6e797647f1a191cc110e50315da79418ec0474d3422539c128d9e78300aa18 -generated: "2024-04-12T17:25:28.399574934+02:00" diff --git a/charts/stackstate/stackstate-k8s-agent/1.0.81/Chart.yaml b/charts/stackstate/stackstate-k8s-agent/1.0.81/Chart.yaml deleted file mode 100644 index 2a4287f44..000000000 --- a/charts/stackstate/stackstate-k8s-agent/1.0.81/Chart.yaml +++ /dev/null @@ -1,25 +0,0 @@ -annotations: - catalog.cattle.io/certified: partner - catalog.cattle.io/display-name: StackState Agent - catalog.cattle.io/kube-version: '>=1.19.0-0' - catalog.cattle.io/release-name: stackstate-k8s-agent -apiVersion: v2 -appVersion: 3.0.0 -dependencies: -- alias: httpHeaderInjectorWebhook - name: http-header-injector - repository: file://./charts/http-header-injector - version: 0.0.9 -deprecated: true -description: Helm chart for the StackState Agent. -home: https://github.com/StackVista/stackstate-agent -icon: https://raw.githubusercontent.com/StackVista/helm-charts/master/stable/stackstate-k8s-agent/logo.svg -keywords: -- monitoring -- observability -- stackstate -maintainers: -- email: ops@stackstate.com - name: Stackstate -name: stackstate-k8s-agent -version: 1.0.81 diff --git a/charts/stackstate/stackstate-k8s-agent/1.0.81/README.md b/charts/stackstate/stackstate-k8s-agent/1.0.81/README.md deleted file mode 100644 index bce7009b6..000000000 --- a/charts/stackstate/stackstate-k8s-agent/1.0.81/README.md +++ /dev/null @@ -1,263 +0,0 @@ -# stackstate-k8s-agent - -Helm chart for the StackState Agent. - -Current chart version is `1.0.81` - -**Homepage:** - -## Requirements - -| Repository | Name | Version | -|------------|------|---------| -| https://helm.stackstate.io | httpHeaderInjectorWebhook(http-header-injector) | 0.0.9 | - -## Required Values - -In order to successfully install this chart, you **must** provide the following variables: - -* `stackstate.apiKey` -* `stackstate.cluster.name` -* `stackstate.url` - -The parameter `stackstate.cluster.name` is entered when installing the Cluster Agent StackPack. - -Install them on the command line on Helm with the following command: - -```shell -helm install \ ---set-string 'stackstate.apiKey'='' \ ---set-string 'stackstate.cluster.name'='' \ ---set-string 'stackstate.url'='' \ -stackstate/stackstate-k8s-agent -``` - -## Recommended Values - -It is also recommended that you set a value for `stackstate.cluster.authToken`. If it is not provided, a value will be generated for you, but the value will change each time an upgrade is performed. - -The command for **also** installing with a set token would be: - -```shell -helm install \ ---set-string 'stackstate.apiKey'='' \ ---set-string 'stackstate.cluster.name'='' \ ---set-string 'stackstate.cluster.authToken'='' \ ---set-string 'stackstate.url'='' \ -stackstate/stackstate-k8s-agent -``` - -## Values - -| Key | Type | Default | Description | -|-----|------|---------|-------------| -| all.hardening.enabled | bool | `false` | An indication of whether the containers will be evaluated for hardening at runtime | -| all.image.registry | string | `"quay.io"` | The image registry to use. | -| checksAgent.affinity | object | `{}` | Affinity settings for pod assignment. | -| checksAgent.apm.enabled | bool | `true` | Enable / disable the agent APM module. | -| checksAgent.checksTagCardinality | string | `"orchestrator"` | | -| checksAgent.config | object | `{"override":[]}` | | -| checksAgent.config.override | list | `[]` | A list of objects containing three keys `name`, `path` and `data`, specifying filenames at specific paths which need to be (potentially) overridden using a mounted configmap | -| checksAgent.enabled | bool | `true` | Enable / disable runnning cluster checks in a separately deployed pod | -| checksAgent.image.pullPolicy | string | `"IfNotPresent"` | Default container image pull policy. | -| checksAgent.image.repository | string | `"stackstate/stackstate-k8s-agent"` | Base container image repository. | -| checksAgent.image.tag | string | `"7983b3be"` | Default container image tag. | -| checksAgent.livenessProbe.enabled | bool | `true` | Enable use of livenessProbe check. | -| checksAgent.livenessProbe.failureThreshold | int | `3` | `failureThreshold` for the liveness probe. | -| checksAgent.livenessProbe.initialDelaySeconds | int | `15` | `initialDelaySeconds` for the liveness probe. | -| checksAgent.livenessProbe.periodSeconds | int | `15` | `periodSeconds` for the liveness probe. | -| checksAgent.livenessProbe.successThreshold | int | `1` | `successThreshold` for the liveness probe. | -| checksAgent.livenessProbe.timeoutSeconds | int | `5` | `timeoutSeconds` for the liveness probe. | -| checksAgent.logLevel | string | `"INFO"` | Logging level for clusterchecks agent processes. | -| checksAgent.networkTracing.enabled | bool | `true` | Enable / disable the agent network tracing module. | -| checksAgent.nodeSelector | object | `{}` | Node labels for pod assignment. | -| checksAgent.priorityClassName | string | `""` | Priority class for clusterchecks agent pods. | -| checksAgent.processAgent.enabled | bool | `true` | Enable / disable the agent process agent module. | -| checksAgent.readinessProbe.enabled | bool | `true` | Enable use of readinessProbe check. | -| checksAgent.readinessProbe.failureThreshold | int | `3` | `failureThreshold` for the readiness probe. | -| checksAgent.readinessProbe.initialDelaySeconds | int | `15` | `initialDelaySeconds` for the readiness probe. | -| checksAgent.readinessProbe.periodSeconds | int | `15` | `periodSeconds` for the readiness probe. | -| checksAgent.readinessProbe.successThreshold | int | `1` | `successThreshold` for the readiness probe. | -| checksAgent.readinessProbe.timeoutSeconds | int | `5` | `timeoutSeconds` for the readiness probe. | -| checksAgent.replicas | int | `1` | Number of clusterchecks agent pods to schedule | -| checksAgent.resources.limits.cpu | string | `"400m"` | Memory resource limits. | -| checksAgent.resources.limits.memory | string | `"600Mi"` | | -| checksAgent.resources.requests.cpu | string | `"20m"` | Memory resource requests. | -| checksAgent.resources.requests.memory | string | `"512Mi"` | | -| checksAgent.scc.enabled | bool | `false` | Enable / disable the installation of the SecurityContextConfiguration needed for installation on OpenShift | -| checksAgent.serviceaccount.annotations | object | `{}` | Annotations for the service account for the cluster checks pods | -| checksAgent.skipSslValidation | bool | `false` | Set to true if self signed certificates are used. | -| checksAgent.strategy | object | `{"type":"RollingUpdate"}` | The strategy for the Deployment object. | -| checksAgent.tolerations | list | `[]` | Toleration labels for pod assignment. | -| clusterAgent.affinity | object | `{}` | Affinity settings for pod assignment. | -| clusterAgent.collection.kubeStateMetrics.annotationsAsTags | object | `{}` | Extra annotations to collect from resources and to turn into StackState tag. | -| clusterAgent.collection.kubeStateMetrics.clusterCheck | bool | `false` | For large clusters where the Kubernetes State Metrics Check Core needs to be distributed on dedicated workers. | -| clusterAgent.collection.kubeStateMetrics.enabled | bool | `true` | Enable / disable the cluster agent kube-state-metrics collection. | -| clusterAgent.collection.kubeStateMetrics.labelsAsTags | object | `{}` | Extra labels to collect from resources and to turn into StackState tag. # It has the following structure: # labelsAsTags: # : # can be pod, deployment, node, etc. # : # where is the kubernetes label and is the StackState tag # : # : # : # # Warning: the label must match the transformation done by kube-state-metrics, # for example tags.stackstate/version becomes tags_stackstate_version. | -| clusterAgent.collection.kubernetesEvents | bool | `true` | Enable / disable the cluster agent events collection. | -| clusterAgent.collection.kubernetesMetrics | bool | `true` | Enable / disable the cluster agent metrics collection. | -| clusterAgent.collection.kubernetesResources.configmaps | bool | `true` | Enable / disable collection of ConfigMaps. | -| clusterAgent.collection.kubernetesResources.cronjobs | bool | `true` | Enable / disable collection of CronJobs. | -| clusterAgent.collection.kubernetesResources.daemonsets | bool | `true` | Enable / disable collection of DaemonSets. | -| clusterAgent.collection.kubernetesResources.deployments | bool | `true` | Enable / disable collection of Deployments. | -| clusterAgent.collection.kubernetesResources.endpoints | bool | `true` | Enable / disable collection of Endpoints. If endpoints are disabled then StackState won't be able to connect a Service to Pods that serving it | -| clusterAgent.collection.kubernetesResources.horizontalpodautoscalers | bool | `true` | Enable / disable collection of HorizontalPodAutoscalers. | -| clusterAgent.collection.kubernetesResources.ingresses | bool | `true` | Enable / disable collection of Ingresses. | -| clusterAgent.collection.kubernetesResources.jobs | bool | `true` | Enable / disable collection of Jobs. | -| clusterAgent.collection.kubernetesResources.limitranges | bool | `true` | Enable / disable collection of LimitRanges. | -| clusterAgent.collection.kubernetesResources.namespaces | bool | `true` | Enable / disable collection of Namespaces. | -| clusterAgent.collection.kubernetesResources.persistentvolumeclaims | bool | `true` | Enable / disable collection of PersistentVolumeClaims. Disabling these will not let StackState connect PersistentVolumes to pods they are attached to | -| clusterAgent.collection.kubernetesResources.persistentvolumes | bool | `true` | Enable / disable collection of PersistentVolumes. | -| clusterAgent.collection.kubernetesResources.poddisruptionbudgets | bool | `true` | Enable / disable collection of PodDisruptionBudgets. | -| clusterAgent.collection.kubernetesResources.replicasets | bool | `true` | Enable / disable collection of ReplicaSets. | -| clusterAgent.collection.kubernetesResources.replicationcontrollers | bool | `true` | Enable / disable collection of ReplicationControllers. | -| clusterAgent.collection.kubernetesResources.resourcequotas | bool | `true` | Enable / disable collection of ResourceQuotas. | -| clusterAgent.collection.kubernetesResources.secrets | bool | `true` | Enable / disable collection of Secrets. | -| clusterAgent.collection.kubernetesResources.statefulsets | bool | `true` | Enable / disable collection of StatefulSets. | -| clusterAgent.collection.kubernetesResources.storageclasses | bool | `true` | Enable / disable collection of StorageClasses. | -| clusterAgent.collection.kubernetesResources.volumeattachments | bool | `true` | Enable / disable collection of Volume Attachments. Used to bind Nodes to Persistent Volumes. | -| clusterAgent.collection.kubernetesTimeout | int | `10` | Default timeout (in seconds) when obtaining information from the Kubernetes API. | -| clusterAgent.collection.kubernetesTopology | bool | `true` | Enable / disable the cluster agent topology collection. | -| clusterAgent.config | object | `{"configMap":{"maxDataSize":null},"events":{"categories":{}},"override":[],"topology":{"collectionInterval":90}}` | | -| clusterAgent.config.configMap.maxDataSize | string | `nil` | Maximum amount of characters for the data property of a ConfigMap collected by the kubernetes topology check | -| clusterAgent.config.events.categories | object | `{}` | Custom mapping from Kubernetes event reason to StackState event category. Categories allowed: Alerts, Activities, Changes, Others | -| clusterAgent.config.override | list | `[]` | A list of objects containing three keys `name`, `path` and `data`, specifying filenames at specific paths which need to be (potentially) overridden using a mounted configmap | -| clusterAgent.config.topology.collectionInterval | int | `90` | Interval for running topology collection, in seconds | -| clusterAgent.enabled | bool | `true` | Enable / disable the cluster agent. | -| clusterAgent.image.pullPolicy | string | `"IfNotPresent"` | Default container image pull policy. | -| clusterAgent.image.repository | string | `"stackstate/stackstate-k8s-cluster-agent"` | Base container image repository. | -| clusterAgent.image.tag | string | `"7983b3be"` | Default container image tag. | -| clusterAgent.livenessProbe.enabled | bool | `true` | Enable use of livenessProbe check. | -| clusterAgent.livenessProbe.failureThreshold | int | `3` | `failureThreshold` for the liveness probe. | -| clusterAgent.livenessProbe.initialDelaySeconds | int | `15` | `initialDelaySeconds` for the liveness probe. | -| clusterAgent.livenessProbe.periodSeconds | int | `15` | `periodSeconds` for the liveness probe. | -| clusterAgent.livenessProbe.successThreshold | int | `1` | `successThreshold` for the liveness probe. | -| clusterAgent.livenessProbe.timeoutSeconds | int | `5` | `timeoutSeconds` for the liveness probe. | -| clusterAgent.logLevel | string | `"INFO"` | Logging level for stackstate-k8s-agent processes. | -| clusterAgent.nodeSelector | object | `{}` | Node labels for pod assignment. | -| clusterAgent.priorityClassName | string | `""` | Priority class for stackstate-k8s-agent pods. | -| clusterAgent.readinessProbe.enabled | bool | `true` | Enable use of readinessProbe check. | -| clusterAgent.readinessProbe.failureThreshold | int | `3` | `failureThreshold` for the readiness probe. | -| clusterAgent.readinessProbe.initialDelaySeconds | int | `15` | `initialDelaySeconds` for the readiness probe. | -| clusterAgent.readinessProbe.periodSeconds | int | `15` | `periodSeconds` for the readiness probe. | -| clusterAgent.readinessProbe.successThreshold | int | `1` | `successThreshold` for the readiness probe. | -| clusterAgent.readinessProbe.timeoutSeconds | int | `5` | `timeoutSeconds` for the readiness probe. | -| clusterAgent.replicaCount | int | `1` | Number of replicas of the cluster agent to deploy. | -| clusterAgent.resources.limits.cpu | string | `"400m"` | CPU resource limits. | -| clusterAgent.resources.limits.memory | string | `"800Mi"` | Memory resource limits. | -| clusterAgent.resources.requests.cpu | string | `"70m"` | CPU resource requests. | -| clusterAgent.resources.requests.memory | string | `"512Mi"` | Memory resource requests. | -| clusterAgent.service.port | int | `5005` | Change the Cluster Agent service port | -| clusterAgent.service.targetPort | int | `5005` | Change the Cluster Agent service targetPort | -| clusterAgent.serviceaccount.annotations | object | `{}` | Annotations for the service account for the cluster agent pods | -| clusterAgent.skipSslValidation | bool | `false` | If true, ignores the server certificate being signed by an unknown authority. | -| clusterAgent.strategy | object | `{"type":"RollingUpdate"}` | The strategy for the Deployment object. | -| clusterAgent.tolerations | list | `[]` | Toleration labels for pod assignment. | -| fullnameOverride | string | `""` | Override the fullname of the chart. | -| global.extraAnnotations | object | `{}` | Extra annotations added ta all resources created by the helm chart | -| global.extraEnv.open | object | `{}` | Extra open environment variables to inject into pods. | -| global.extraEnv.secret | object | `{}` | Extra secret environment variables to inject into pods via a `Secret` object. | -| global.extraLabels | object | `{}` | Extra labels added ta all resources created by the helm chart | -| global.imagePullCredentials | object | `{}` | Globally define credentials for pulling images. | -| global.imagePullSecrets | list | `[]` | Secrets / credentials needed for container image registry. | -| global.proxy.url | string | `""` | Proxy for all traffic to stackstate | -| global.skipSslValidation | bool | `false` | Enable tls validation from client | -| httpHeaderInjectorWebhook.enabled | bool | `false` | Enable the webhook for injection http header injection sidecar proxy | -| logsAgent.affinity | object | `{}` | Affinity settings for pod assignment. | -| logsAgent.enabled | bool | `true` | Enable / disable k8s pod log collection | -| logsAgent.image.pullPolicy | string | `"IfNotPresent"` | Default container image pull policy. | -| logsAgent.image.repository | string | `"stackstate/promtail"` | Base container image repository. | -| logsAgent.image.tag | string | `"2.7.1-4b6ae2af"` | Default container image tag. | -| logsAgent.nodeSelector | object | `{}` | Node labels for pod assignment. | -| logsAgent.priorityClassName | string | `""` | Priority class for logsAgent pods. | -| logsAgent.resources.limits.cpu | string | `"1300m"` | Memory resource limits. | -| logsAgent.resources.limits.memory | string | `"192Mi"` | | -| logsAgent.resources.requests.cpu | string | `"20m"` | Memory resource requests. | -| logsAgent.resources.requests.memory | string | `"100Mi"` | | -| logsAgent.serviceaccount.annotations | object | `{}` | Annotations for the service account for the daemonset pods | -| logsAgent.skipSslValidation | bool | `false` | If true, ignores the server certificate being signed by an unknown authority. | -| logsAgent.tolerations | list | `[]` | Toleration labels for pod assignment. | -| logsAgent.updateStrategy | object | `{"rollingUpdate":{"maxUnavailable":100},"type":"RollingUpdate"}` | The update strategy for the DaemonSet object. | -| nameOverride | string | `""` | Override the name of the chart. | -| nodeAgent.affinity | object | `{}` | Affinity settings for pod assignment. | -| nodeAgent.apm.enabled | bool | `true` | Enable / disable the nodeAgent APM module. | -| nodeAgent.autoScalingEnabled | bool | `false` | Enable / disable autoscaling for the node agent pods. | -| nodeAgent.checksTagCardinality | string | `"orchestrator"` | low, orchestrator or high. Orchestrator level adds pod_name, high adds display_container_name | -| nodeAgent.config | object | `{"override":[]}` | | -| nodeAgent.config.override | list | `[]` | A list of objects containing three keys `name`, `path` and `data`, specifying filenames at specific paths which need to be (potentially) overridden using a mounted configmap | -| nodeAgent.containerRuntime.customSocketPath | string | `""` | If the container socket path does not match the default for CRI-O, Containerd or Docker, supply a custom socket path. | -| nodeAgent.containerRuntime.hostProc | string | `"/proc"` | | -| nodeAgent.containers.agent.env | object | `{}` | Additional environment variables for the agent container | -| nodeAgent.containers.agent.image.pullPolicy | string | `"IfNotPresent"` | Default container image pull policy. | -| nodeAgent.containers.agent.image.repository | string | `"stackstate/stackstate-k8s-agent"` | Base container image repository. | -| nodeAgent.containers.agent.image.tag | string | `"7983b3be"` | Default container image tag. | -| nodeAgent.containers.agent.livenessProbe.enabled | bool | `true` | Enable use of livenessProbe check. | -| nodeAgent.containers.agent.livenessProbe.failureThreshold | int | `3` | `failureThreshold` for the liveness probe. | -| nodeAgent.containers.agent.livenessProbe.initialDelaySeconds | int | `15` | `initialDelaySeconds` for the liveness probe. | -| nodeAgent.containers.agent.livenessProbe.periodSeconds | int | `15` | `periodSeconds` for the liveness probe. | -| nodeAgent.containers.agent.livenessProbe.successThreshold | int | `1` | `successThreshold` for the liveness probe. | -| nodeAgent.containers.agent.livenessProbe.timeoutSeconds | int | `5` | `timeoutSeconds` for the liveness probe. | -| nodeAgent.containers.agent.logLevel | string | `nil` | Set logging verbosity, valid log levels are: trace, debug, info, warn, error, critical, and off # If not set, fall back to the value of agent.logLevel. | -| nodeAgent.containers.agent.processAgent.enabled | bool | `false` | Enable / disable the agent process agent module. - deprecated | -| nodeAgent.containers.agent.readinessProbe.enabled | bool | `true` | Enable use of readinessProbe check. | -| nodeAgent.containers.agent.readinessProbe.failureThreshold | int | `3` | `failureThreshold` for the readiness probe. | -| nodeAgent.containers.agent.readinessProbe.initialDelaySeconds | int | `15` | `initialDelaySeconds` for the readiness probe. | -| nodeAgent.containers.agent.readinessProbe.periodSeconds | int | `15` | `periodSeconds` for the readiness probe. | -| nodeAgent.containers.agent.readinessProbe.successThreshold | int | `1` | `successThreshold` for the readiness probe. | -| nodeAgent.containers.agent.readinessProbe.timeoutSeconds | int | `5` | `timeoutSeconds` for the readiness probe. | -| nodeAgent.containers.agent.resources.limits.cpu | string | `"270m"` | Memory resource limits. | -| nodeAgent.containers.agent.resources.limits.memory | string | `"420Mi"` | | -| nodeAgent.containers.agent.resources.requests.cpu | string | `"20m"` | Memory resource requests. | -| nodeAgent.containers.agent.resources.requests.memory | string | `"180Mi"` | | -| nodeAgent.containers.processAgent.enabled | bool | `true` | Enable / disable the process agent container. | -| nodeAgent.containers.processAgent.env | object | `{}` | Additional environment variables for the process-agent container | -| nodeAgent.containers.processAgent.image.pullPolicy | string | `"IfNotPresent"` | Process-agent container image pull policy. | -| nodeAgent.containers.processAgent.image.registry | string | `nil` | | -| nodeAgent.containers.processAgent.image.repository | string | `"stackstate/stackstate-k8s-process-agent"` | Process-agent container image repository. | -| nodeAgent.containers.processAgent.image.tag | string | `"ae5d42d2"` | Default process-agent container image tag. | -| nodeAgent.containers.processAgent.logLevel | string | `nil` | Set logging verbosity, valid log levels are: trace, debug, info, warn, error, critical, and off # If not set, fall back to the value of agent.logLevel. | -| nodeAgent.containers.processAgent.procVolumeReadOnly | bool | `true` | Configure whether /host/proc is read only for the process agent container | -| nodeAgent.containers.processAgent.resources.limits.cpu | string | `"125m"` | Memory resource limits. | -| nodeAgent.containers.processAgent.resources.limits.memory | string | `"400Mi"` | | -| nodeAgent.containers.processAgent.resources.requests.cpu | string | `"25m"` | Memory resource requests. | -| nodeAgent.containers.processAgent.resources.requests.memory | string | `"128Mi"` | | -| nodeAgent.httpTracing.enabled | bool | `true` | | -| nodeAgent.logLevel | string | `"INFO"` | Logging level for agent processes. | -| nodeAgent.networkTracing.enabled | bool | `true` | Enable / disable the nodeAgent network tracing module. | -| nodeAgent.nodeSelector | object | `{}` | Node labels for pod assignment. | -| nodeAgent.priorityClassName | string | `""` | Priority class for nodeAgent pods. | -| nodeAgent.protocolInspection.enabled | bool | `true` | Enable / disable the nodeAgent protocol inspection. | -| nodeAgent.scaling.autoscalerLimits.agent.maximum.cpu | string | `"200m"` | Maximum CPU resource limits for main agent. | -| nodeAgent.scaling.autoscalerLimits.agent.maximum.memory | string | `"450Mi"` | Maximum memory resource limits for main agent. | -| nodeAgent.scaling.autoscalerLimits.agent.minimum.cpu | string | `"20m"` | Minimum CPU resource limits for main agent. | -| nodeAgent.scaling.autoscalerLimits.agent.minimum.memory | string | `"180Mi"` | Minimum memory resource limits for main agent. | -| nodeAgent.scaling.autoscalerLimits.processAgent.maximum.cpu | string | `"200m"` | Maximum CPU resource limits for process agent. | -| nodeAgent.scaling.autoscalerLimits.processAgent.maximum.memory | string | `"500Mi"` | Maximum memory resource limits for process agent. | -| nodeAgent.scaling.autoscalerLimits.processAgent.minimum.cpu | string | `"25m"` | Minimum CPU resource limits for process agent. | -| nodeAgent.scaling.autoscalerLimits.processAgent.minimum.memory | string | `"100Mi"` | Minimum memory resource limits for process agent. | -| nodeAgent.scc.enabled | bool | `false` | Enable / disable the installation of the SecurityContextConfiguration needed for installation on OpenShift. | -| nodeAgent.service | object | `{"annotations":{},"loadBalancerSourceRanges":["10.0.0.0/8"],"type":"ClusterIP"}` | The Kubernetes service for the agent | -| nodeAgent.service.annotations | object | `{}` | Annotations for the service | -| nodeAgent.service.loadBalancerSourceRanges | list | `["10.0.0.0/8"]` | The IP4 CIDR allowed to reach LoadBalancer for the service. For LoadBalancer type of service only. | -| nodeAgent.service.type | string | `"ClusterIP"` | Type of Kubernetes service: ClusterIP, LoadBalancer, NodePort | -| nodeAgent.serviceaccount.annotations | object | `{}` | Annotations for the service account for the agent daemonset pods | -| nodeAgent.skipKubeletTLSVerify | bool | `false` | Set to true if you want to skip kubelet tls verification. | -| nodeAgent.skipSslValidation | bool | `false` | Set to true if self signed certificates are used. | -| nodeAgent.tolerations | list | `[]` | Toleration labels for pod assignment. | -| nodeAgent.updateStrategy | object | `{"rollingUpdate":{"maxUnavailable":100},"type":"RollingUpdate"}` | The update strategy for the DaemonSet object. | -| openShiftLogging.installSecret | bool | `false` | Install a secret for logging on openshift | -| processAgent.checkIntervals.connections | int | `30` | Override the default value of the connections check interval in seconds. | -| processAgent.checkIntervals.container | int | `28` | Override the default value of the container check interval in seconds. | -| processAgent.checkIntervals.process | int | `32` | Override the default value of the process check interval in seconds. | -| processAgent.softMemoryLimit.goMemLimit | string | `"340MiB"` | Soft-limit for golang heap allocation, for sanity, must be around 85% of nodeAgent.containers.processAgent.resources.limits.cpu. | -| processAgent.softMemoryLimit.httpObservationsBufferSize | int | `40000` | Sets a maximum for the number of http observations to keep in memory between check runs, to use 40k requires around ~400Mib of memory. | -| processAgent.softMemoryLimit.httpStatsBufferSize | int | `40000` | Sets a maximum for the number of http stats to keep in memory between check runs, to use 40k requires around ~400Mib of memory. | -| stackstate.apiKey | string | `nil` | **PROVIDE YOUR API KEY HERE** API key to be used by the StackState agent. | -| stackstate.cluster.authToken | string | `""` | Provide a token to enable secure communication between the agent and the cluster agent. | -| stackstate.cluster.name | string | `nil` | **PROVIDE KUBERNETES CLUSTER NAME HERE** Name of the Kubernetes cluster where the agent will be installed. | -| stackstate.customApiKeySecretKey | string | `"sts-api-key"` | Key in the secret containing the receiver API key. | -| stackstate.customClusterAuthTokenSecretKey | string | `"sts-cluster-auth-token"` | Key in the secret containing the cluster auth token. | -| stackstate.customSecretName | string | `""` | Name of the secret containing the receiver API key. | -| stackstate.manageOwnSecrets | bool | `false` | Set to true if you don't want this helm chart to create secrets for you. | -| stackstate.url | string | `nil` | **PROVIDE STACKSTATE URL HERE** URL of the StackState installation to receive data from the agent. | -| targetSystem | string | `"linux"` | Target OS for this deployment (possible values: linux) | diff --git a/charts/stackstate/stackstate-k8s-agent/1.0.81/README.md.gotmpl b/charts/stackstate/stackstate-k8s-agent/1.0.81/README.md.gotmpl deleted file mode 100644 index 7909e6f0d..000000000 --- a/charts/stackstate/stackstate-k8s-agent/1.0.81/README.md.gotmpl +++ /dev/null @@ -1,45 +0,0 @@ -{{ template "chart.header" . }} -{{ template "chart.description" . }} - -Current chart version is `{{ template "chart.version" . }}` - -{{ template "chart.homepageLine" . }} - -{{ template "chart.requirementsSection" . }} - -## Required Values - -In order to successfully install this chart, you **must** provide the following variables: - -* `stackstate.apiKey` -* `stackstate.cluster.name` -* `stackstate.url` - -The parameter `stackstate.cluster.name` is entered when installing the Cluster Agent StackPack. - -Install them on the command line on Helm with the following command: - -```shell -helm install \ ---set-string 'stackstate.apiKey'='' \ ---set-string 'stackstate.cluster.name'='' \ ---set-string 'stackstate.url'='' \ -stackstate/stackstate-k8s-agent -``` - -## Recommended Values - -It is also recommended that you set a value for `stackstate.cluster.authToken`. If it is not provided, a value will be generated for you, but the value will change each time an upgrade is performed. - -The command for **also** installing with a set token would be: - -```shell -helm install \ ---set-string 'stackstate.apiKey'='' \ ---set-string 'stackstate.cluster.name'='' \ ---set-string 'stackstate.cluster.authToken'='' \ ---set-string 'stackstate.url'='' \ -stackstate/stackstate-k8s-agent -``` - -{{ template "chart.valuesSection" . }} diff --git a/charts/stackstate/stackstate-k8s-agent/1.0.81/Releasing.md b/charts/stackstate/stackstate-k8s-agent/1.0.81/Releasing.md deleted file mode 100644 index bab6c2b94..000000000 --- a/charts/stackstate/stackstate-k8s-agent/1.0.81/Releasing.md +++ /dev/null @@ -1,15 +0,0 @@ -To make a new release of this helm chart, follow the following steps: - - -- Create a branch from master -- Set the latest tags for the docker images, based on the dev settings (while we do not promote to prod, the moment we promote to prod we should take those tags) from https://gitlab.com/stackvista/devops/agent-promoter/-/blob/master/config.yml. Set the value to the folowing keys: - * stackstate-k8s-cluster-agent: - * [clusterAgent.image.tag] - * stackstate-k8s-agent: - * [nodeAgent.containers.agent.image.tag] - * [checksAgent.image.tag] - * stackstate-k8s-process-agent: - * [nodeAgent.containers.processAgent.image.tag] -- Bump the version of the chart -- Merge the mr and hit the public release button on the ci pipeline -- Manually smoke-test (deploy) the newly released stackstate/stackstate-k8s-agent chart to make sure it runs diff --git a/charts/stackstate/stackstate-k8s-agent/1.0.81/app-readme.md b/charts/stackstate/stackstate-k8s-agent/1.0.81/app-readme.md deleted file mode 100644 index 8025fe1d3..000000000 --- a/charts/stackstate/stackstate-k8s-agent/1.0.81/app-readme.md +++ /dev/null @@ -1,5 +0,0 @@ -## Introduction - -StackState is a modern Application Troubleshooting and Observability solution designed for the rapid evolving engineering landscape. With specific enhancements for Kubernetes environments it empowers engineers, allowing them to remediate application issues independently in production. - -The StackState Agent auto-discovers your entire environment in minutes, assimilating topology, logs, metrics, and events and sends this of to the StackState server. By using StackState you're able to tracke all activity in your environment in real-time and over time. StackState provides instant understanding of the business impact of an issue, offering end-to-end chain observability and ensuring that you can quickly correlate any product or environmental changes to the overall health of your cloud-native implementation. diff --git a/charts/stackstate/stackstate-k8s-agent/1.0.81/charts/http-header-injector/.helmignore b/charts/stackstate/stackstate-k8s-agent/1.0.81/charts/http-header-injector/.helmignore deleted file mode 100644 index 69790771c..000000000 --- a/charts/stackstate/stackstate-k8s-agent/1.0.81/charts/http-header-injector/.helmignore +++ /dev/null @@ -1,25 +0,0 @@ -# Patterns to ignore when building packages. -# This supports shell glob matching, relative path matching, and -# negation (prefixed with !). Only one pattern per line. -.DS_Store -# Common VCS dirs -.git/ -.gitignore -.bzr/ -.bzrignore -.hg/ -.hgignore -.svn/ -# Common backup files -*.swp -*.bak -*.tmp -*~ -# Various IDEs -.project -.idea/ -*.tmproj -.vscode/ -linter_values.yaml -ci/ -installation/ diff --git a/charts/stackstate/stackstate-k8s-agent/1.0.81/charts/http-header-injector/Chart.yaml b/charts/stackstate/stackstate-k8s-agent/1.0.81/charts/http-header-injector/Chart.yaml deleted file mode 100644 index 030e80924..000000000 --- a/charts/stackstate/stackstate-k8s-agent/1.0.81/charts/http-header-injector/Chart.yaml +++ /dev/null @@ -1,15 +0,0 @@ -apiVersion: v2 -appVersion: 0.0.1 -description: 'Helm chart for deploying the http-header-injector sidecar, which automatically - injects x-request-id into http traffic going through the cluster for pods which - have the annotation `http-header-injector.stackstate.io/inject: enabled` is set. ' -home: https://github.com/StackVista/http-header-injector -icon: https://www.stackstate.com/wp-content/uploads/2019/02/152x152-favicon.png -keywords: -- monitoring -- stackstate -maintainers: -- email: ops@stackstate.com - name: Stackstate Lupulus Team -name: http-header-injector -version: 0.0.9 diff --git a/charts/stackstate/stackstate-k8s-agent/1.0.81/charts/http-header-injector/README.md b/charts/stackstate/stackstate-k8s-agent/1.0.81/charts/http-header-injector/README.md deleted file mode 100644 index 1ee6fa3b1..000000000 --- a/charts/stackstate/stackstate-k8s-agent/1.0.81/charts/http-header-injector/README.md +++ /dev/null @@ -1,56 +0,0 @@ -# http-header-injector - -![Version: 0.0.9](https://img.shields.io/badge/Version-0.0.9-informational?style=flat-square) ![AppVersion: 0.0.1](https://img.shields.io/badge/AppVersion-0.0.1-informational?style=flat-square) - -Helm chart for deploying the http-header-injector sidecar, which automatically injects x-request-id into http traffic -going through the cluster for pods which have the annotation `http-header-injector.stackstate.io/inject: enabled` is set. - -**Homepage:** - -## Maintainers - -| Name | Email | Url | -| ---- | ------ | --- | -| Stackstate Lupulus Team | | | - -## Values - -| Key | Type | Default | Description | -|-----|------|---------|-------------| -| certificatePrehook | object | `{"image":{"pullPolicy":"IfNotPresent","registry":null,"repository":"stackstate/container-tools","tag":"1.2.0"},"resources":{"limits":{"cpu":"100m","memory":"100Mi"},"requests":{"cpu":"100m","memory":"100Mi"}}}` | Helm prehook to setup/remove a certificate for the sidecarInjector mutationwebhook | -| certificatePrehook.image.pullPolicy | string | `"IfNotPresent"` | Policy when pulling an image | -| certificatePrehook.image.registry | string | `nil` | Registry for the docker image. | -| certificatePrehook.image.tag | string | `"1.2.0"` | The tag for the docker image | -| debug | bool | `false` | Enable debugging. This will leave leave artifacts around like the prehook jobs for further inspection | -| enabled | bool | `true` | Enable/disable the mutationwebhook | -| global.extraAnnotations | object | `{}` | Extra annotations added ta all resources created by the helm chart | -| global.extraLabels | object | `{}` | Extra labels added ta all resources created by the helm chart | -| global.imagePullCredentials | object | `{}` | Globally define credentials for pulling images. | -| global.imagePullSecrets | list | `[]` | Globally add image pull secrets that are used. | -| global.imageRegistry | string | `nil` | Globally override the image registry that is used. Can be overridden by specific containers. Defaults to quay.io | -| images.pullSecretName | string | `nil` | | -| proxy | object | `{"image":{"pullPolicy":"IfNotPresent","registry":null,"repository":"stackstate/http-header-injector-proxy","tag":"sha-5ff79451"},"resources":{"limits":{"memory":"40Mi"},"requests":{"memory":"25Mi"}}}` | Proxy being injected into pods for rewriting http headers | -| proxy.image.pullPolicy | string | `"IfNotPresent"` | Policy when pulling an image | -| proxy.image.registry | string | `nil` | Registry for the docker image. | -| proxy.image.tag | string | `"sha-5ff79451"` | The tag for the docker image | -| proxy.resources.limits.memory | string | `"40Mi"` | Memory resource limits. | -| proxy.resources.requests.memory | string | `"25Mi"` | Memory resource requests. | -| proxyInit | object | `{"image":{"pullPolicy":"IfNotPresent","registry":null,"repository":"stackstate/http-header-injector-proxy-init","tag":"sha-5ff79451"}}` | InitContainer within pod which redirects traffic to the proxy container. | -| proxyInit.image.pullPolicy | string | `"IfNotPresent"` | Policy when pulling an image | -| proxyInit.image.registry | string | `nil` | Registry for the docker image | -| proxyInit.image.tag | string | `"sha-5ff79451"` | The tag for the docker image | -| sidecarInjector | object | `{"image":{"pullPolicy":"IfNotPresent","registry":null,"repository":"stackstate/generic-sidecar-injector","tag":"sha-9c852245"}}` | Service for injecting the proxy sidecar into pods | -| sidecarInjector.image.pullPolicy | string | `"IfNotPresent"` | Policy when pulling an image | -| sidecarInjector.image.registry | string | `nil` | Registry for the docker image. | -| sidecarInjector.image.tag | string | `"sha-9c852245"` | The tag for the docker image | -| webhook | object | `{"failurePolicy":"Ignore","tls":{"certManager":{"issuer":"","issuerKind":"ClusterIssuer","issuerNamespace":""},"mode":"generated","provided":{"caBundle":"","crt":"","key":""},"secret":{"name":""}}}` | MutationWebhook that will be installed to inject a sidecar into pods | -| webhook.failurePolicy | string | `"Ignore"` | How should the webhook fail? Best is to use Ignore, because there is a brief moment at initialization when the hook s there but the service not. Also, putting this to fail can cause the control plane be unresponsive. | -| webhook.tls.certManager.issuer | string | `""` | The issuer that is used for the webhook. Only used if you set webhook.tls.mode to "cert-manager". | -| webhook.tls.certManager.issuerKind | string | `"ClusterIssuer"` | The issuer kind that is used for the webhook, valid values are "Issuer" or "ClusterIssuer". Only used if you set webhook.tls.mode to "cert-manager". | -| webhook.tls.certManager.issuerNamespace | string | `""` | The namespace the cert-manager issuer is located in. If left empty defaults to the release's namespace that is used for the webhook. Only used if you set webhook.tls.mode to "cert-manager". | -| webhook.tls.mode | string | `"generated"` | The mode for the webhook. Can be "provided", "generated", "secret" or "cert-manager". If you want to use cert-manager, you need to install it first. NOTE: If you choose "generated", additional privileges are required to create the certificate and webhook at runtime. | -| webhook.tls.provided.caBundle | string | `""` | The caBundle that is used for the webhook. This is the certificate that is used to sign the webhook. Only used if you set webhook.tls.mode to "provided". | -| webhook.tls.provided.crt | string | `""` | The certificate that is used for the webhook. Only used if you set webhook.tls.mode to "provided". | -| webhook.tls.provided.key | string | `""` | The key that is used for the webhook. Only used if you set webhook.tls.mode to "provided". | -| webhook.tls.secret.name | string | `""` | The name of the secret containing the pre-provisioned certificate data that is used for the webhook. Only used if you set webhook.tls.mode to "secret". | - diff --git a/charts/stackstate/stackstate-k8s-agent/1.0.81/charts/http-header-injector/Readme.md.gotpl b/charts/stackstate/stackstate-k8s-agent/1.0.81/charts/http-header-injector/Readme.md.gotpl deleted file mode 100644 index 225032aa2..000000000 --- a/charts/stackstate/stackstate-k8s-agent/1.0.81/charts/http-header-injector/Readme.md.gotpl +++ /dev/null @@ -1,26 +0,0 @@ -{{ template "chart.header" . }} -{{ template "chart.description" . }} - -Current chart version is `{{ template "chart.version" . }}` - -{{ template "chart.homepageLine" . }} - -{{ template "chart.requirementsSection" . }} - -## Required Values - -No values have to be included to install this chart. After installing this chart, it becomes possible to annotate pods with -the `http-header-injector.stackstate.io/inject: enabled` annotation to make sure the sidecar provided by this chart is -activated on a pod. - -## Recommended Values - -{{ template "chart.valuesSection" . -}} - -## Install - -Install from the command line on Helm with the following command: - -```shell -helm install stackstate/http-header-injector -``` diff --git a/charts/stackstate/stackstate-k8s-agent/1.0.81/charts/http-header-injector/templates/_defines.tpl b/charts/stackstate/stackstate-k8s-agent/1.0.81/charts/http-header-injector/templates/_defines.tpl deleted file mode 100644 index ee6b7320e..000000000 --- a/charts/stackstate/stackstate-k8s-agent/1.0.81/charts/http-header-injector/templates/_defines.tpl +++ /dev/null @@ -1,131 +0,0 @@ -{{- define "http-header-injector.app.name" -}} -{{ .Release.Name }}-http-header-injector -{{- end -}} - -{{- define "http-header-injector.webhook-service.name" -}} -{{ .Release.Name }}-http-header-injector -{{- end -}} - -{{- define "http-header-injector.webhook-service.fqname" -}} -{{ .Release.Name }}-http-header-injector.{{ .Release.Namespace }}.svc -{{- end -}} - -{{- define "http-header-injector.cert-secret.name" -}} -{{- if eq .Values.webhook.tls.mode "secret" -}} -{{ .Values.webhook.tls.secret.name }} -{{- else -}} -{{ .Release.Name }}-http-injector-cert -{{- end -}} -{{- end -}} - -{{- define "http-header-injector.cert-clusterrole.name" -}} -{{ .Release.Name }}-http-injector-cert-cluster-role -{{- end -}} - -{{- define "http-header-injector.cert-serviceaccount.name" -}} -{{ .Release.Name }}-http-injector-cert-sa -{{- end -}} - -{{- define "http-header-injector.cert-config.name" -}} -{{ .Release.Name }}-cert-config -{{- end -}} - -{{- define "http-header-injector.mutatingwebhookconfiguration.name" -}} -{{ .Release.Name }}-http-header-injector-webhook.stackstate.io -{{- end -}} - -{{- define "http-header-injector.webhook-config.name" -}} -{{ .Release.Name }}-http-header-injector-config -{{- end -}} - -{{- define "http-header-injector.mutating-webhook.name" -}} -{{ .Release.Name }}-http-header-injector-webhook -{{- end -}} - -{{- define "http-header-injector.pull-secret.name" -}} -{{ include "http-header-injector.app.name" . }}-pull-secret -{{- end -}} - -{{/* If the issuer is located in a different namespace, it is possible to set that, else default to the release namespace */}} -{{- define "cert-manager.certificate.namespace" -}} -{{ .Values.webhook.tls.certManager.issuerNamespace | default .Release.Namespace }} -{{- end -}} - -{{- define "http-header-injector.image.registry.global" -}} - {{- if .Values.global }} - {{- .Values.global.imageRegistry | default "quay.io" -}} - {{- else -}} - quay.io - {{- end -}} -{{- end -}} - -{{- define "http-header-injector.image.registry" -}} - {{- if ((.ContainerConfig).image).registry -}} - {{- tpl .ContainerConfig.image.registry . -}} - {{- else -}} - {{- include "http-header-injector.image.registry.global" . }} - {{- end -}} -{{- end -}} - -{{- define "http-header-injector.image.pullSecrets" -}} - {{- $pullSecrets := list }} - {{- $pullSecrets = append $pullSecrets (include "http-header-injector.pull-secret.name" .) }} - {{- range .Values.global.imagePullSecrets -}} - {{- $pullSecrets = append $pullSecrets . -}} - {{- end -}} - {{- if (not (empty $pullSecrets)) -}} -imagePullSecrets: - {{- range $pullSecrets | uniq }} - - name: {{ . }} - {{- end }} - {{- end -}} -{{- end -}} - -{{- define "http-header-injector.cert-setup.container.main" }} -{{- $containerConfig := dict "ContainerConfig" .Values.certificatePrehook -}} -name: webhook-cert-setup -image: "{{ include "http-header-injector.image.registry" (merge $containerConfig .) }}/{{ .Values.certificatePrehook.image.repository }}:{{ .Values.certificatePrehook.image.tag }}" -imagePullPolicy: {{ .Values.certificatePrehook.image.pullPolicy }} -{{- with .Values.certificatePrehook.resources }} -resources: - {{- toYaml . | nindent 2 }} -{{- end }} -volumeMounts: - - name: "{{ include "http-header-injector.cert-config.name" . }}" - mountPath: /scripts - readOnly: true -command: ["/scripts/generate-cert.sh"] -{{- end }} - -{{- define "http-header-injector.cert-delete.container.main" }} -{{- $containerConfig := dict "ContainerConfig" .Values.certificatePrehook -}} -name: webhook-cert-delete -image: "{{ include "http-header-injector.image.registry" (merge $containerConfig .) }}/{{ .Values.certificatePrehook.image.repository }}:{{ .Values.certificatePrehook.image.tag }}" -imagePullPolicy: {{ .Values.certificatePrehook.image.pullPolicy }} -{{- with .Values.certificatePrehook.resources }} -resources: - {{- toYaml . | nindent 2 }} -{{- end }} -volumeMounts: - - name: "{{ include "http-header-injector.cert-config.name" . }}" - mountPath: /scripts -command: [ "/scripts/delete-cert.sh" ] -{{- end }} - -{{/* -Returns a YAML with extra annotations. -*/}} -{{- define "http-header-injector.global.extraAnnotations" -}} -{{- with .Values.global.extraAnnotations }} -{{- toYaml . }} -{{- end }} -{{- end -}} - -{{/* -Returns a YAML with extra labels. -*/}} -{{- define "http-header-injector.global.extraLabels" -}} -{{- with .Values.global.extraLabels }} -{{- toYaml . }} -{{- end }} -{{- end -}} \ No newline at end of file diff --git a/charts/stackstate/stackstate-k8s-agent/1.0.81/charts/http-header-injector/templates/cert-hook-clusterrolbinding.yaml b/charts/stackstate/stackstate-k8s-agent/1.0.81/charts/http-header-injector/templates/cert-hook-clusterrolbinding.yaml deleted file mode 100644 index fc0c01258..000000000 --- a/charts/stackstate/stackstate-k8s-agent/1.0.81/charts/http-header-injector/templates/cert-hook-clusterrolbinding.yaml +++ /dev/null @@ -1,24 +0,0 @@ -{{- if eq .Values.webhook.tls.mode "generated" }} -apiVersion: rbac.authorization.k8s.io/v1 -kind: ClusterRoleBinding -metadata: - name: "{{ include "http-header-injector.cert-serviceaccount.name" . }}" - labels: - app.kubernetes.io/component: http-header-injector-cert-hook - app.kubernetes.io/instance: {{ .Release.Name }} - app.kubernetes.io/name: {{ include "http-header-injector.app.name" . }} -{{ include "http-header-injector.global.extraLabels" . | indent 4 }} - annotations: - "helm.sh/hook": pre-install,pre-upgrade,post-delete,post-upgrade - "helm.sh/hook-weight": "-3" - "helm.sh/hook-delete-policy": before-hook-creation,hook-succeeded -{{ include "http-header-injector.global.extraAnnotations" . | indent 4 }} -roleRef: - apiGroup: rbac.authorization.k8s.io - kind: ClusterRole - name: "{{ include "http-header-injector.cert-clusterrole.name" . }}" -subjects: - - kind: ServiceAccount - name: "{{ include "http-header-injector.cert-serviceaccount.name" . }}" - namespace: {{ .Release.Namespace }} -{{- end }} diff --git a/charts/stackstate/stackstate-k8s-agent/1.0.81/charts/http-header-injector/templates/cert-hook-clusterrole.yaml b/charts/stackstate/stackstate-k8s-agent/1.0.81/charts/http-header-injector/templates/cert-hook-clusterrole.yaml deleted file mode 100644 index afab838b3..000000000 --- a/charts/stackstate/stackstate-k8s-agent/1.0.81/charts/http-header-injector/templates/cert-hook-clusterrole.yaml +++ /dev/null @@ -1,26 +0,0 @@ -{{- if eq .Values.webhook.tls.mode "generated" }} -apiVersion: rbac.authorization.k8s.io/v1 -kind: ClusterRole -metadata: - name: "{{ include "http-header-injector.cert-clusterrole.name" . }}" - labels: - app.kubernetes.io/component: http-header-injector-cert-hook - app.kubernetes.io/instance: {{ .Release.Name }} - app.kubernetes.io/name: {{ include "http-header-injector.app.name" . }} -{{ include "http-header-injector.global.extraLabels" . | indent 4 }} - annotations: - "helm.sh/hook": pre-install,pre-upgrade,post-delete,post-upgrade - "helm.sh/hook-weight": "-4" - "helm.sh/hook-delete-policy": before-hook-creation,hook-succeeded -{{ include "http-header-injector.global.extraAnnotations" . | indent 4 }} -rules: - - apiGroups: [ "admissionregistration.k8s.io" ] - resources: [ "mutatingwebhookconfigurations" ] - verbs: [ "get", "create", "patch","update","delete" ] - - apiGroups: [ "" ] - resources: [ "secrets" ] - verbs: [ "create", "get", "patch","update","delete" ] - - apiGroups: [ "apps" ] - resources: [ "deployments" ] - verbs: [ "get" ] -{{- end }} diff --git a/charts/stackstate/stackstate-k8s-agent/1.0.81/charts/http-header-injector/templates/cert-hook-config.yaml b/charts/stackstate/stackstate-k8s-agent/1.0.81/charts/http-header-injector/templates/cert-hook-config.yaml deleted file mode 100644 index a22bdf4fb..000000000 --- a/charts/stackstate/stackstate-k8s-agent/1.0.81/charts/http-header-injector/templates/cert-hook-config.yaml +++ /dev/null @@ -1,158 +0,0 @@ -{{- if eq .Values.webhook.tls.mode "generated" }} -apiVersion: v1 -kind: ConfigMap -metadata: - name: "{{ include "http-header-injector.cert-config.name" . }}" - labels: - app.kubernetes.io/component: http-header-injector-cert-hook - app.kubernetes.io/instance: {{ .Release.Name }} - app.kubernetes.io/name: {{ include "http-header-injector.app.name" . }} -{{ include "http-header-injector.global.extraLabels" . | indent 4 }} - annotations: - "helm.sh/hook": pre-install,pre-upgrade,post-delete,post-upgrade - "helm.sh/hook-weight": "-3" - "helm.sh/hook-delete-policy": before-hook-creation,hook-succeeded -{{ include "http-header-injector.global.extraAnnotations" . | indent 4 }} -data: - generate-cert.sh: | - #!/bin/bash - - # We are going for a self-signed certificate here. We would like to use k8s CertificateSigningRequest, however, - # currently there are no out of the box signers that can sign a 'server auth' certificate, which is required for mutation webhooks. - set -ex - - SCRIPTDIR="${BASH_SOURCE%/*}" - - DIR=`mktemp -d` - - cd "$DIR" - - {{ if .Values.enabled }} - echo "Chart enabled, creating secret and webhook" - - openssl genrsa -out ca.key 2048 - - openssl req -x509 -new -nodes -key ca.key -subj "/CN={{ include "http-header-injector.webhook-service.fqname" . }}" -days 10000 -out ca.crt - - openssl genrsa -out tls.key 2048 - - openssl req -new -key tls.key -out tls.csr -config "$SCRIPTDIR/csr.conf" - - openssl x509 -req -in tls.csr -CA ca.crt -CAkey ca.key \ - -CAcreateserial -out tls.crt -days 10000 \ - -extensions v3_ext -extfile "$SCRIPTDIR/csr.conf" -sha256 - - # Create or update the secret - echo "Applying secret" - kubectl create secret tls "{{ include "http-header-injector.cert-secret.name" . }}" \ - -n "{{ .Release.Namespace }}" \ - --cert=./tls.crt \ - --key=./tls.key \ - --dry-run=client \ - -o yaml | kubectl apply -f - - - echo "Applying mutationwebhook" - caBundle=`base64 -w 0 ca.crt` - cat "$SCRIPTDIR/mutatingwebhookconfiguration.yaml" | sed "s/\\\$CA_BUNDLE/$caBundle/g" | kubectl apply -f - - {{ else }} - echo "Chart disabled, not creating secret and webhook" - {{ end }} - delete-cert.sh: | - #!/bin/bash - - set -x - - DIR="${BASH_SOURCE%/*}" - if [[ ! -d "$DIR" ]]; then DIR="$PWD"; fi - if [[ "$DIR" = "." ]]; then DIR="$PWD"; fi - - cd "$DIR" - - # Using detection of deployment hee to also make this work in post-delete. - if kubectl get deployments "{{ include "http-header-injector.app.name" . }}" -n "{{ .Release.Namespace }}"; then - echo "Chart enabled, not removing secret and mutationwebhook" - exit 0 - else - echo "Chart disabled, removing secret and mutationwebhook" - fi - - # Create or update the secret - echo "Deleting secret" - kubectl delete secret "{{ include "http-header-injector.cert-secret.name" . }}" -n "{{ .Release.Namespace }}" - - echo "Applying mutationwebhook" - kubectl delete MutatingWebhookConfiguration "{{ include "http-header-injector.mutating-webhook.name" . }}" -n "{{ .Release.Namespace }}" - - exit 0 - - csr.conf: | - [ req ] - default_bits = 2048 - prompt = no - default_md = sha256 - req_extensions = req_ext - distinguished_name = dn - - [ dn ] - C = NL - ST = Utrecht - L = Hilversum - O = StackState - OU = Dev - CN = {{ include "http-header-injector.webhook-service.fqname" . }} - - [ req_ext ] - subjectAltName = @alt_names - - [ alt_names ] - DNS.1 = {{ include "http-header-injector.webhook-service.fqname" . }} - - [ v3_ext ] - authorityKeyIdentifier=keyid,issuer:always - basicConstraints=CA:FALSE - keyUsage=keyEncipherment,dataEncipherment - extendedKeyUsage=serverAuth - subjectAltName=@alt_names - - mutatingwebhookconfiguration.yaml: | - apiVersion: admissionregistration.k8s.io/v1 - kind: MutatingWebhookConfiguration - metadata: - name: "{{ include "http-header-injector.mutating-webhook.name" . }}" - namespace: "{{ .Release.Namespace }}" - labels: -{{ include "http-header-injector.global.extraLabels" . | indent 8 }} - annotations: -{{ include "http-header-injector.global.extraAnnotations" . | indent 8 }} - webhooks: - - clientConfig: - caBundle: "$CA_BUNDLE" - service: - name: "{{ include "http-header-injector.webhook-service.name" . }}" - path: /mutate - namespace: {{ .Release.Namespace }} - port: 8443 - # Putting failure on ignore, not doing so can crash the entire control plane if something goes wrong with the service. - failurePolicy: "{{ .Values.webhook.failurePolicy }}" - name: "{{ include "http-header-injector.mutatingwebhookconfiguration.name" . }}" - namespaceSelector: - matchExpressions: - - key: kubernetes.io/metadata.name - operator: NotIn - values: - - kube-system - - cert-manager - - {{ .Release.Namespace }} - rules: - - apiGroups: - - "" - apiVersions: - - v1 - operations: - - CREATE - resources: - - pods - sideEffects: None - admissionReviewVersions: - - v1 -{{- end }} diff --git a/charts/stackstate/stackstate-k8s-agent/1.0.81/charts/http-header-injector/templates/cert-hook-job-delete.yaml b/charts/stackstate/stackstate-k8s-agent/1.0.81/charts/http-header-injector/templates/cert-hook-job-delete.yaml deleted file mode 100644 index 6f72ce247..000000000 --- a/charts/stackstate/stackstate-k8s-agent/1.0.81/charts/http-header-injector/templates/cert-hook-job-delete.yaml +++ /dev/null @@ -1,39 +0,0 @@ -{{- if eq .Values.webhook.tls.mode "generated" }} -apiVersion: batch/v1 -kind: Job -metadata: - name: {{ .Release.Name }}-header-injector-cert-delete - labels: - app.kubernetes.io/component: http-header-injector-cert-hook-delete - app.kubernetes.io/instance: {{ .Release.Name }} - app.kubernetes.io/name: {{ include "http-header-injector.app.name" . }} -{{ include "http-header-injector.global.extraLabels" . | indent 4 }} - annotations: - "helm.sh/hook": post-delete,post-upgrade - "helm.sh/hook-weight": "-2" - "helm.sh/hook-delete-policy": before-hook-creation{{- if not .Values.debug -}},hook-succeeded{{- end }} -{{ include "http-header-injector.global.extraAnnotations" . | indent 4 }} -spec: - template: - metadata: - labels: - app.kubernetes.io/component: http-header-injector-delete - app.kubernetes.io/instance: {{ .Release.Name }} - app.kubernetes.io/name: {{ include "http-header-injector.app.name" . }} -{{ include "http-header-injector.global.extraLabels" . | indent 8 }} - annotations: - checksum/config: {{ include (print $.Template.BasePath "/cert-hook-config.yaml") . | sha256sum }} -{{ include "http-header-injector.global.extraAnnotations" . | indent 8 }} - spec: - serviceAccountName: "{{ include "http-header-injector.cert-serviceaccount.name" . }}" - {{- include "http-header-injector.image.pullSecrets" . | nindent 6 }} - volumes: - - name: "{{ include "http-header-injector.cert-config.name" . }}" - configMap: - name: "{{ include "http-header-injector.cert-config.name" . }}" - defaultMode: 0777 - containers: - - {{ include "http-header-injector.cert-delete.container.main" . | nindent 8 }} - restartPolicy: Never - backoffLimit: 0 -{{- end }} diff --git a/charts/stackstate/stackstate-k8s-agent/1.0.81/charts/http-header-injector/templates/cert-hook-job-setup.yaml b/charts/stackstate/stackstate-k8s-agent/1.0.81/charts/http-header-injector/templates/cert-hook-job-setup.yaml deleted file mode 100644 index cc1c89631..000000000 --- a/charts/stackstate/stackstate-k8s-agent/1.0.81/charts/http-header-injector/templates/cert-hook-job-setup.yaml +++ /dev/null @@ -1,39 +0,0 @@ -{{- if eq .Values.webhook.tls.mode "generated" }} -apiVersion: batch/v1 -kind: Job -metadata: - name: {{ .Release.Name }}-header-injector-cert-setup - labels: - app.kubernetes.io/component: http-header-injector-cert-hook-setup - app.kubernetes.io/instance: {{ .Release.Name }} - app.kubernetes.io/name: {{ include "http-header-injector.app.name" . }} -{{ include "http-header-injector.global.extraLabels" . | indent 4 }} - annotations: - "helm.sh/hook": pre-install,pre-upgrade - "helm.sh/hook-weight": "-2" - "helm.sh/hook-delete-policy": before-hook-creation{{- if not .Values.debug -}},hook-succeeded{{- end }} -{{ include "http-header-injector.global.extraAnnotations" . | indent 4 }} -spec: - template: - metadata: - labels: - app.kubernetes.io/component: http-header-injector-setup - app.kubernetes.io/instance: {{ .Release.Name }} - app.kubernetes.io/name: {{ include "http-header-injector.app.name" . }} -{{ include "http-header-injector.global.extraLabels" . | indent 8 }} - annotations: - checksum/config: {{ include (print $.Template.BasePath "/cert-hook-config.yaml") . | sha256sum }} -{{ include "http-header-injector.global.extraAnnotations" . | indent 8 }} - spec: - serviceAccountName: "{{ include "http-header-injector.cert-serviceaccount.name" . }}" - {{- include "http-header-injector.image.pullSecrets" . | nindent 6 }} - volumes: - - name: "{{ include "http-header-injector.cert-config.name" . }}" - configMap: - name: "{{ include "http-header-injector.cert-config.name" . }}" - defaultMode: 0777 - containers: - - {{ include "http-header-injector.cert-setup.container.main" . | nindent 8 }} - restartPolicy: Never - backoffLimit: 0 -{{- end }} diff --git a/charts/stackstate/stackstate-k8s-agent/1.0.81/charts/http-header-injector/templates/cert-hook-serviceaccount.yaml b/charts/stackstate/stackstate-k8s-agent/1.0.81/charts/http-header-injector/templates/cert-hook-serviceaccount.yaml deleted file mode 100644 index 29b26df95..000000000 --- a/charts/stackstate/stackstate-k8s-agent/1.0.81/charts/http-header-injector/templates/cert-hook-serviceaccount.yaml +++ /dev/null @@ -1,18 +0,0 @@ -{{- if eq .Values.webhook.tls.mode "generated" }} -apiVersion: v1 -kind: ServiceAccount -metadata: - name: "{{ include "http-header-injector.cert-serviceaccount.name" . }}" - namespace: {{ .Release.Namespace }} - annotations: - "helm.sh/hook": pre-install,pre-upgrade,post-delete,post-upgrade - "helm.sh/hook-weight": "-4" - "helm.sh/hook-delete-policy": before-hook-creation,hook-succeeded -{{ include "http-header-injector.global.extraAnnotations" . | indent 4 }} - labels: - app.kubernetes.io/component: http-header-injector-cert-hook - app.kubernetes.io/instance: {{ .Release.Name }} - app.kubernetes.io/name: {{ include "http-header-injector.app.name" . }} - app: "{{ include "http-header-injector.app.name" . }}" -{{ include "http-header-injector.global.extraLabels" . | indent 4 }} -{{- end }} diff --git a/charts/stackstate/stackstate-k8s-agent/1.0.81/charts/http-header-injector/templates/pull-secret.yaml b/charts/stackstate/stackstate-k8s-agent/1.0.81/charts/http-header-injector/templates/pull-secret.yaml deleted file mode 100644 index 80b4ee404..000000000 --- a/charts/stackstate/stackstate-k8s-agent/1.0.81/charts/http-header-injector/templates/pull-secret.yaml +++ /dev/null @@ -1,32 +0,0 @@ -{{- $defaultRegistry := .Values.global.imageRegistry }} -{{- $top := . }} -{{- $registryAuthMap := dict }} - -{{- range $registry, $credentials := .Values.global.imagePullCredentials }} - {{- $registryAuthDocument := dict -}} - {{- $_ := set $registryAuthDocument "username" $credentials.username }} - {{- $_ := set $registryAuthDocument "password" $credentials.password }} - {{- $authMessage := printf "%s:%s" $registryAuthDocument.username $registryAuthDocument.password | b64enc }} - {{- $_ := set $registryAuthDocument "auth" $authMessage }} - {{- if eq $registry "default" }} - {{- $registryAuthMap := set $registryAuthMap (include "http-header-injector.image.registry.global" $top) $registryAuthDocument }} - {{ else }} - {{- $registryAuthMap := set $registryAuthMap $registry $registryAuthDocument }} - {{- end }} -{{- end }} -{{- $dockerAuthsDocuments := dict "auths" $registryAuthMap }} - -apiVersion: v1 -kind: Secret -metadata: - labels: - app.kubernetes.io/component: http-header-injector - app.kubernetes.io/instance: {{ .Release.Name }} - app.kubernetes.io/name: {{ include "http-header-injector.app.name" . }} -{{ include "http-header-injector.global.extraLabels" . | indent 4 }} - annotations: -{{ include "http-header-injector.global.extraAnnotations" . | indent 4 }} - name: {{ include "http-header-injector.pull-secret.name" . }} -data: - .dockerconfigjson: {{ $dockerAuthsDocuments | toJson | b64enc | quote }} -type: kubernetes.io/dockerconfigjson \ No newline at end of file diff --git a/charts/stackstate/stackstate-k8s-agent/1.0.81/charts/http-header-injector/templates/webhook-cert-secret.yaml b/charts/stackstate/stackstate-k8s-agent/1.0.81/charts/http-header-injector/templates/webhook-cert-secret.yaml deleted file mode 100644 index f571ca86b..000000000 --- a/charts/stackstate/stackstate-k8s-agent/1.0.81/charts/http-header-injector/templates/webhook-cert-secret.yaml +++ /dev/null @@ -1,18 +0,0 @@ -{{- if eq .Values.webhook.tls.mode "provided" }} -apiVersion: v1 -kind: Secret -metadata: - name: {{ include "http-header-injector.cert-secret.name" . }} - namespace: {{ .Release.Namespace }} - labels: - app.kubernetes.io/component: http-header-injector - app.kubernetes.io/instance: {{ .Release.Name }} - app.kubernetes.io/name: {{ include "http-header-injector.app.name" . }} -{{ include "http-header-injector.global.extraLabels" . | indent 4 }} - annotations: -{{ include "http-header-injector.global.extraAnnotations" . | indent 4 }} -type: kubernetes.io/tls -data: - tls.crt: {{ .Values.webhook.tls.provided.crt | b64enc }} - tls.key: {{ .Values.webhook.tls.provided.key | b64enc }} -{{- end }} diff --git a/charts/stackstate/stackstate-k8s-agent/1.0.81/charts/http-header-injector/templates/webhook-certificate.yaml b/charts/stackstate/stackstate-k8s-agent/1.0.81/charts/http-header-injector/templates/webhook-certificate.yaml deleted file mode 100644 index a68c7c5f6..000000000 --- a/charts/stackstate/stackstate-k8s-agent/1.0.81/charts/http-header-injector/templates/webhook-certificate.yaml +++ /dev/null @@ -1,23 +0,0 @@ -{{- if eq .Values.webhook.tls.mode "cert-manager" }} -apiVersion: cert-manager.io/v1 -kind: Certificate -metadata: - name: {{ include "http-header-injector.webhook-service.name" . }} - namespace: {{ include "cert-manager.certificate.namespace" . }} - labels: - app.kubernetes.io/component: http-header-injector - app.kubernetes.io/instance: {{ .Release.Name }} - app.kubernetes.io/name: {{ include "http-header-injector.app.name" . }} -{{ include "http-header-injector.global.extraLabels" . | indent 4 }} - annotations: -{{ include "http-header-injector.global.extraAnnotations" . | indent 4 }} -spec: - secretName: {{ include "http-header-injector.cert-secret.name" . }} - issuerRef: - name: {{ .Values.webhook.tls.certManager.issuer }} - kind: {{ .Values.webhook.tls.certManager.issuerKind }} - dnsNames: - - "{{ include "http-header-injector.webhook-service.name" . }}" - - "{{ include "http-header-injector.webhook-service.name" . }}.{{ .Release.Namespace }}" - - "{{ include "http-header-injector.webhook-service.name" . }}.{{ .Release.Namespace }}.svc" -{{- end }} diff --git a/charts/stackstate/stackstate-k8s-agent/1.0.81/charts/http-header-injector/templates/webhook-config.yaml b/charts/stackstate/stackstate-k8s-agent/1.0.81/charts/http-header-injector/templates/webhook-config.yaml deleted file mode 100644 index 20b38ce96..000000000 --- a/charts/stackstate/stackstate-k8s-agent/1.0.81/charts/http-header-injector/templates/webhook-config.yaml +++ /dev/null @@ -1,128 +0,0 @@ -{{- if .Values.enabled -}} -{{- $proxyContainerConfig := dict "ContainerConfig" .Values.proxy -}} -{{- $proxyInitContainerConfig := dict "ContainerConfig" .Values.proxyInit -}} -apiVersion: v1 -kind: ConfigMap -metadata: - labels: - app.kubernetes.io/component: http-header-injector - app.kubernetes.io/instance: {{ .Release.Name }} - app.kubernetes.io/name: {{ include "http-header-injector.app.name" . }} -{{ include "http-header-injector.global.extraLabels" . | indent 4 }} - annotations: -{{ include "http-header-injector.global.extraAnnotations" . | indent 4 }} - name: {{ .Release.Name }}-http-header-injector-config -data: - sidecarconfig.yaml: | - initContainers: - - name: http-header-proxy-init - image: "{{ include "http-header-injector.image.registry" (merge $proxyInitContainerConfig .) }}/{{ .Values.proxyInit.image.repository }}:{{ .Values.proxyInit.image.tag }}" - imagePullPolicy: {{ .Values.proxyInit.image.pullPolicy }} - command: ["/init-iptables.sh"] - env: - - name: CHART_VERSION - value: "{{ .Chart.Version }}" - - name: PROXY_PORT - value: {% if index .Annotations "config.http-header-injector.stackstate.io/proxy-port" %}"{% index .Annotations "config.http-header-injector.stackstate.io/proxy-port" %}"{% else %}"7060"{% end %} - - name: PROXY_UID - value: {% if index .Annotations "config.http-header-injector.stackstate.io/proxy-uid" %}"{% index .Annotations "config.http-header-injector.stackstate.io/proxy-uid" %}"{% else %}"2103"{% end %} - - name: POD_HOST_NETWORK - value: {% .Spec.HostNetwork %} - {% if eq (index .Annotations "linkerd.io/inject") "enabled" %} - - name: LINKERD - value: true - # Reference: https://linkerd.io/2.13/reference/proxy-configuration/ - - name: LINKERD_PROXY_UID - value: {% if index .Annotations "config.linkerd.io/proxy-uid" %}"{% index .Annotations "config.linkerd.io/proxy-uid" %}"{% else %}"2102"{% end %} - # Due to https://github.com/linkerd/linkerd2/issues/10981 this is now not realy possible, still bringing in the code for future reference - - name: LINKERD_ADMIN_PORT - value: {% if index .Annotations "config.linkerd.io/admin-port" %}"{% index .Annotations "config.linkerd.io/admin-port" %}"{% else %}"4191"{% end %} - {% end %} - securityContext: - allowPrivilegeEscalation: false - capabilities: - add: - - NET_ADMIN - - NET_RAW - privileged: false - readOnlyRootFilesystem: true - runAsNonRoot: false - runAsUser: 0 - seccompProfile: - type: RuntimeDefault - volumeMounts: - # This is required for iptables to be able to run - - mountPath: /run - name: http-header-proxy-init-xtables-lock - - containers: - - name: http-header-proxy - image: "{{ include "http-header-injector.image.registry" (merge $proxyContainerConfig .) }}/{{ .Values.proxy.image.repository }}:{{ .Values.proxy.image.tag }}" - imagePullPolicy: {{ .Values.proxy.image.pullPolicy }} - env: - - name: CHART_VERSION - value: "{{ .Chart.Version }}" - - name: PORT - value: {% if index .Annotations "config.http-header-injector.stackstate.io/proxy-port" %}"{% index .Annotations "config.http-header-injector.stackstate.io/proxy-port" %}"{% else %}"7060"{% end %} - - name: DEBUG - value: {% if index .Annotations "config.http-header-injector.stackstate.io/debug" %}"{% index .Annotations "config.http-header-injector.stackstate.io/debug" %}"{% else %}"disabled"{% end %} - securityContext: - runAsUser: {% if index .Annotations "config.http-header-injector.stackstate.io/proxy-uid" %}{% index .Annotations "config.http-header-injector.stackstate.io/proxy-uid" %}{% else %}2103{% end %} - seccompProfile: - type: RuntimeDefault - {{- with .Values.proxy.resources }} - resources: - {{- toYaml . | nindent 12 }} - {{- end }} - - name: http-header-inject-debug - image: "{{ include "http-header-injector.image.registry" (merge $proxyContainerConfig .) }}/{{ .Values.proxyInit.image.repository }}:{{ .Values.proxyInit.image.tag }}" - imagePullPolicy: {{ .Values.proxyInit.image.pullPolicy }} - command: ["/bin/sh", "-c", "while echo \"Running\"; do sleep 1; done"] - securityContext: - allowPrivilegeEscalation: false - capabilities: - add: - - NET_ADMIN - - NET_RAW - privileged: false - readOnlyRootFilesystem: true - runAsNonRoot: false - runAsUser: 0 - seccompProfile: - type: RuntimeDefault - volumeMounts: - # This is required for iptables to be able to run - - mountPath: /run - name: http-header-proxy-init-xtables-lock - - volumes: - - emptyDir: {} - name: http-header-proxy-init-xtables-lock - - mutationconfig.yaml: | - mutationConfigs: - - name: "http-header-injector" - annotationNamespace: "http-header-injector.stackstate.io" - annotationTrigger: "inject" - annotationConfig: - volumeMounts: [] - initContainersBeforePodInitContainers: [ "http-header-proxy-init" ] - initContainers: [ "http-header-proxy-init" ] - containers: [ "http-header-proxy" ] - volumes: [ "http-header-proxy-init-xtables-lock" ] - volumeMounts: [ ] - # Namespaces are ignored by the mutatingwebhook - ignoreNamespaces: [ ] - - name: "http-header-injector-debug" - annotationNamespace: "http-header-injector-debug.stackstate.io" - annotationTrigger: "inject" - annotationConfig: - volumeMounts: [] - initContainersBeforePodInitContainers: [ ] - initContainers: [ ] - containers: [ "http-header-inject-debug" ] - volumes: [ "http-header-proxy-init-xtables-lock" ] - volumeMounts: [ ] - # Namespaces are ignored by the mutatingwebhook - ignoreNamespaces: [ ] - {{- end -}} \ No newline at end of file diff --git a/charts/stackstate/stackstate-k8s-agent/1.0.81/charts/http-header-injector/templates/webhook-deployment.yaml b/charts/stackstate/stackstate-k8s-agent/1.0.81/charts/http-header-injector/templates/webhook-deployment.yaml deleted file mode 100644 index 8af6ff51a..000000000 --- a/charts/stackstate/stackstate-k8s-agent/1.0.81/charts/http-header-injector/templates/webhook-deployment.yaml +++ /dev/null @@ -1,61 +0,0 @@ -{{- if .Values.enabled -}} -{{- $containerConfig := dict "ContainerConfig" .Values.sidecarInjector -}} -apiVersion: apps/v1 -kind: Deployment -metadata: - labels: - app.kubernetes.io/component: http-header-injector - app.kubernetes.io/instance: {{ .Release.Name }} - app.kubernetes.io/name: {{ include "http-header-injector.app.name" . }} - app: "{{ include "http-header-injector.app.name" . }}" -{{ include "http-header-injector.global.extraLabels" . | indent 4 }} - annotations: -{{ include "http-header-injector.global.extraAnnotations" . | indent 4 }} - name: "{{ include "http-header-injector.app.name" . }}" -spec: - replicas: 1 - selector: - matchLabels: - app: "{{ include "http-header-injector.app.name" . }}" - template: - metadata: - labels: - app.kubernetes.io/component: http-header-injector - app.kubernetes.io/instance: {{ .Release.Name }} - app.kubernetes.io/name: {{ include "http-header-injector.app.name" . }} - app: "{{ include "http-header-injector.app.name" . }}" -{{ include "http-header-injector.global.extraLabels" . | indent 8 }} - annotations: - checksum/config: {{ include (print $.Template.BasePath "/webhook-config.yaml") . | sha256sum }} - # This is here to make sure the generic injector gets restarted and picks up a new secret that may have been generated upon upgrade. - revision: "{{ .Release.Revision }}" -{{ include "http-header-injector.global.extraAnnotations" . | indent 8 }} - name: "{{ include "http-header-injector.app.name" . }}" - spec: - {{- include "http-header-injector.image.pullSecrets" . | nindent 6 }} - volumes: - - name: "{{ include "http-header-injector.webhook-config.name" . }}" - configMap: - name: "{{ include "http-header-injector.webhook-config.name" . }}" - - name: "{{ include "http-header-injector.cert-secret.name" . }}" - secret: - secretName: "{{ include "http-header-injector.cert-secret.name" . }}" - containers: - - image: "{{ include "http-header-injector.image.registry" (merge $containerConfig .) }}/{{ .Values.sidecarInjector.image.repository }}:{{ .Values.sidecarInjector.image.tag }}" - imagePullPolicy: {{ .Values.sidecarInjector.image.pullPolicy }} - name: http-header-injector - volumeMounts: - - name: "{{ include "http-header-injector.webhook-config.name" . }}" - mountPath: /etc/webhook/config - readOnly: true - - name: "{{ include "http-header-injector.cert-secret.name" . }}" - mountPath: /etc/webhook/certs - readOnly: true - command: [ "/sidecarinjector" ] - args: - - --port=8443 - - --sidecar-config-file=/etc/webhook/config/sidecarconfig.yaml - - --mutation-config-file=/etc/webhook/config/mutationconfig.yaml - - --cert-file-path=/etc/webhook/certs/tls.crt - - --key-file-path=/etc/webhook/certs/tls.key -{{- end -}} \ No newline at end of file diff --git a/charts/stackstate/stackstate-k8s-agent/1.0.81/charts/http-header-injector/templates/webhook-mutatingwebhookconfiguration.yaml b/charts/stackstate/stackstate-k8s-agent/1.0.81/charts/http-header-injector/templates/webhook-mutatingwebhookconfiguration.yaml deleted file mode 100644 index de0acc1df..000000000 --- a/charts/stackstate/stackstate-k8s-agent/1.0.81/charts/http-header-injector/templates/webhook-mutatingwebhookconfiguration.yaml +++ /dev/null @@ -1,54 +0,0 @@ -{{- if not (eq .Values.webhook.tls.mode "generated") }} -apiVersion: admissionregistration.k8s.io/v1 -kind: MutatingWebhookConfiguration -metadata: - name: "{{ include "http-header-injector.mutating-webhook.name" . }}" - namespace: "{{ .Release.Namespace }}" - labels: - app.kubernetes.io/component: http-header-injector - app.kubernetes.io/instance: {{ .Release.Name }} - app.kubernetes.io/name: {{ include "http-header-injector.app.name" . }} -{{ include "http-header-injector.global.extraLabels" . | indent 4 }} - annotations: - {{- if eq .Values.webhook.tls.mode "cert-manager" }} - cert-manager.io/inject-ca-from: {{ include "cert-manager.certificate.namespace" . }}/{{ include "http-header-injector.webhook-service.name" . }} - {{- else if eq .Values.webhook.tls.mode "secret" }} - cert-manager.io/inject-ca-from-secret: {{ .Release.Namespace }}/{{ .Values.webhook.tls.secret.name | required "'webhook.tls.secret.name' is required when webhook.tls.mode is 'secret'" }} - {{- end }} -{{ include "http-header-injector.global.extraAnnotations" . | indent 4 }} -webhooks: - - clientConfig: - {{- if eq .Values.webhook.tls.mode "provided" }} - caBundle: "{{ .Values.webhook.tls.provided.caBundle | b64enc }}" - {{- else if or (eq .Values.webhook.tls.mode "cert-manager") (eq .Values.webhook.tls.mode "secret") }} - caBundle: "" - {{- end }} - service: - name: "{{ include "http-header-injector.webhook-service.name" . }}" - path: /mutate - namespace: {{ .Release.Namespace }} - port: 8443 - # Putting failure on ignore, not doing so can crash the entire control plane if something goes wrong with the service. - failurePolicy: "{{ .Values.webhook.failurePolicy }}" - name: "{{ include "http-header-injector.mutatingwebhookconfiguration.name" . }}" - namespaceSelector: - matchExpressions: - - key: kubernetes.io/metadata.name - operator: NotIn - values: - - kube-system - - cert-manager - - {{ .Release.Namespace }} - rules: - - apiGroups: - - "" - apiVersions: - - v1 - operations: - - CREATE - resources: - - pods - sideEffects: None - admissionReviewVersions: - - v1 -{{- end }} diff --git a/charts/stackstate/stackstate-k8s-agent/1.0.81/charts/http-header-injector/templates/webhook-service.yaml b/charts/stackstate/stackstate-k8s-agent/1.0.81/charts/http-header-injector/templates/webhook-service.yaml deleted file mode 100644 index 55abdb022..000000000 --- a/charts/stackstate/stackstate-k8s-agent/1.0.81/charts/http-header-injector/templates/webhook-service.yaml +++ /dev/null @@ -1,20 +0,0 @@ -{{- if .Values.enabled -}} -apiVersion: v1 -kind: Service -metadata: - labels: - app.kubernetes.io/component: http-header-injector - app.kubernetes.io/instance: {{ .Release.Name }} - app.kubernetes.io/name: {{ include "http-header-injector.app.name" . }} -{{ include "http-header-injector.global.extraLabels" . | indent 4 }} - annotations: -{{ include "http-header-injector.global.extraAnnotations" . | indent 4 }} - name: "{{ include "http-header-injector.webhook-service.name" . }}" -spec: - ports: - - port: 8443 - protocol: TCP - targetPort: 8443 - selector: - app: "{{ include "http-header-injector.app.name" . }}" -{{- end -}} diff --git a/charts/stackstate/stackstate-k8s-agent/1.0.81/charts/http-header-injector/values.yaml b/charts/stackstate/stackstate-k8s-agent/1.0.81/charts/http-header-injector/values.yaml deleted file mode 100644 index 86c31b323..000000000 --- a/charts/stackstate/stackstate-k8s-agent/1.0.81/charts/http-header-injector/values.yaml +++ /dev/null @@ -1,110 +0,0 @@ -# enabled -- Enable/disable the mutationwebhook -enabled: true - -# debug -- Enable debugging. This will leave leave artifacts around like the prehook jobs for further inspection -debug: false - -global: - # global.imageRegistry -- Globally override the image registry that is used. Can be overridden by specific containers. Defaults to quay.io - imageRegistry: null - # global.imagePullSecrets -- Globally add image pull secrets that are used. - imagePullSecrets: [] - # global.imagePullCredentials -- Globally define credentials for pulling images. - imagePullCredentials: {} - - # global.extraLabels -- Extra labels added ta all resources created by the helm chart - extraLabels: {} - # global.extraAnnotations -- Extra annotations added ta all resources created by the helm chart - extraAnnotations: {} - -images: - pullSecretName: - -# proxy -- Proxy being injected into pods for rewriting http headers -proxy: - image: - # proxy.image.registry -- Registry for the docker image. - registry: - # proxy.image.repository - Repository for the docker image - repository: "stackstate/http-header-injector-proxy" - # proxy.image.pullPolicy -- Policy when pulling an image - pullPolicy: IfNotPresent - # proxy.image.tag -- The tag for the docker image - tag: sha-5ff79451 - - # proxy.resource -- Resources for the proxy container - resources: - requests: - # proxy.resources.requests.memory -- Memory resource requests. - memory: "25Mi" - limits: - # proxy.resources.limits.memory -- Memory resource limits. - memory: "40Mi" - -# proxyInit -- InitContainer within pod which redirects traffic to the proxy container. -proxyInit: - image: - # proxyInit.image.registry -- Registry for the docker image - registry: - # proxyInit.image.repository - Repository for the docker image - repository: "stackstate/http-header-injector-proxy-init" - # proxyInit.image.pullPolicy -- Policy when pulling an image - pullPolicy: IfNotPresent - # proxyInit.image.tag -- The tag for the docker image - tag: sha-5ff79451 - -# sidecarInjector -- Service for injecting the proxy sidecar into pods -sidecarInjector: - image: - # sidecarInjector.image.registry -- Registry for the docker image. - registry: - # sidecarInjector.image.repository - Repository for the docker image - repository: "stackstate/generic-sidecar-injector" - # sidecarInjector.image.pullPolicy -- Policy when pulling an image - pullPolicy: IfNotPresent - # sidecarInjector.image.tag -- The tag for the docker image - tag: sha-9c852245 - -# certificatePrehook -- Helm prehook to setup/remove a certificate for the sidecarInjector mutationwebhook -certificatePrehook: - image: - # certificatePrehook.image.registry -- Registry for the docker image. - registry: - # certificatePrehook.image.repository - Repository for the docker image. - repository: stackstate/container-tools - # certificatePrehook.image.pullPolicy -- Policy when pulling an image - pullPolicy: IfNotPresent - # certificatePrehook.image.tag -- The tag for the docker image - tag: 1.2.0 - resources: - limits: - cpu: "100m" - memory: "100Mi" - requests: - cpu: "100m" - memory: "100Mi" - -# webhook -- MutationWebhook that will be installed to inject a sidecar into pods -webhook: - # webhook.failurePolicy -- How should the webhook fail? Best is to use Ignore, because there is a brief moment at initialization when the hook s there but the service not. Also, putting this to fail can cause the control plane be unresponsive. - failurePolicy: Ignore - tls: - # webhook.tls.mode -- The mode for the webhook. Can be "provided", "generated", "secret" or "cert-manager". If you want to use cert-manager, you need to install it first. NOTE: If you choose "generated", additional privileges are required to create the certificate and webhook at runtime. - mode: "generated" - provided: - # webhook.tls.provided.caBundle -- The caBundle that is used for the webhook. This is the certificate that is used to sign the webhook. Only used if you set webhook.tls.mode to "provided". - caBundle: "" - # webhook.tls.provided.crt -- The certificate that is used for the webhook. Only used if you set webhook.tls.mode to "provided". - crt: "" - # webhook.tls.provided.key -- The key that is used for the webhook. Only used if you set webhook.tls.mode to "provided". - key: "" - certManager: - # webhook.tls.certManager.issuer -- The issuer that is used for the webhook. Only used if you set webhook.tls.mode to "cert-manager". - issuer: "" - # webhook.tls.certManager.issuerKind -- The issuer kind that is used for the webhook, valid values are "Issuer" or "ClusterIssuer". Only used if you set webhook.tls.mode to "cert-manager". - issuerKind: "ClusterIssuer" - # webhook.tls.certManager.issuerNamespace -- The namespace the cert-manager issuer is located in. If left empty defaults to the release's namespace that is used for the webhook. Only used if you set webhook.tls.mode to "cert-manager". - issuerNamespace: "" - secret: - # webhook.tls.secret.name -- The name of the secret containing the pre-provisioned certificate data that is used for the webhook. Only used if you set webhook.tls.mode to "secret". - name: "" diff --git a/charts/stackstate/stackstate-k8s-agent/1.0.81/questions.yml b/charts/stackstate/stackstate-k8s-agent/1.0.81/questions.yml deleted file mode 100644 index 5d6e6a011..000000000 --- a/charts/stackstate/stackstate-k8s-agent/1.0.81/questions.yml +++ /dev/null @@ -1,184 +0,0 @@ -questions: - - variable: stackstate.apiKey - label: "StackState API Key" - type: string - description: "The API key for StackState." - required: true - group: General - - variable: stackstate.url - label: "StackState URL" - type: string - description: "The URL where StackState is running." - required: true - group: General - - variable: stackstate.cluster.name - label: "StackState Cluster Name" - type: string - description: "The StackState Cluster Name given when installing the instance of the Kubernetes StackPack in StackState. This is used to identify the cluster in StackState." - required: true - group: General - - variable: all.registry.override - label: "Override Default Image Registry" - type: boolean - description: "Whether or not to override the default image registry." - default: false - group: "General" - show_subquestions_if: true - subquestions: - - variable: all.image.registry - label: "Docker Image Registry" - type: string - description: "The registry to pull the StackState Agent images from." - default: "quay.io" - - variable: global.imagePullCredentials.username - label: "Docker Image Pull Username" - type: string - description: "The username to use when pulling the StackState Agent images." - - variable: global.imagePullCredentials.password - label: "Docker Image Pull Password" - type: secret - description: "The password to use when pulling the StackState Agent images." - - variable: nodeAgent.containers.agent.resources.override - label: "Override Node Agent Resource Allocation" - type: boolean - description: "Whether or not to override the default resources." - default: "false" - group: "Node Agent" - show_subquestions_if: true - subquestions: - - variable: nodeAgent.containers.agent.resources.requests.cpu - label: "CPU Requests" - type: string - description: "The requested CPU for the Node Agent." - default: "20m" - - variable: nodeAgent.containers.agent.resources.requests.memory - label: "Memory Requests" - type: string - description: "The requested memory for the Node Agent." - default: "180Mi" - - variable: nodeAgent.containers.agent.resources.limits.cpu - label: "CPU Limit" - type: string - description: "The CPU limit for the Node Agent." - default: "270m" - - variable: nodeAgent.containers.agent.resources.limits.memory - label: "Memory Limit" - type: string - description: "The memory limit for the Node Agent." - default: "420Mi" - - variable: nodeAgent.containers.processAgent.enabled - label: "Enable Process Agent" - type: boolean - description: "Whether or not to enable the Process Agent." - default: "true" - group: "Process Agent" - - variable: nodeAgent.skipKubeletTLSVerify - label: "Skip Kubelet TLS Verify" - type: boolean - description: "Whether or not to skip TLS verification when connecting to the kubelet API." - default: "true" - group: "Process Agent" - - variable: nodeAgent.containers.processAgent.resources.override - label: "Override Process Agent Resource Allocation" - type: boolean - description: "Whether or not to override the default resources." - default: "false" - group: "Process Agent" - show_subquestions_if: true - subquestions: - - variable: nodeAgent.containers.processAgent.resources.requests.cpu - label: "CPU Requests" - type: string - description: "The requested CPU for the Process Agent." - default: "25m" - - variable: nodeAgent.containers.processAgent.resources.requests.memory - label: "Memory Requests" - type: string - description: "The requested memory for the Process Agent." - default: "128Mi" - - variable: nodeAgent.containers.processAgent.resources.limits.cpu - label: "CPU Limit" - type: string - description: "The CPU limit for the Process Agent." - default: "125m" - - variable: nodeAgent.containers.processAgent.resources.limits.memory - label: "Memory Limit" - type: string - description: "The memory limit for the Process Agent." - default: "400Mi" - - variable: clusterAgent.enabled - label: "Enable Cluster Agent" - type: boolean - description: "Whether or not to enable the Cluster Agent." - default: "true" - group: "Cluster Agent" - - variable: clusterAgent.collection.kubernetesResources.secrets - label: "Collect Secret Resources" - type: boolean - description: | - Whether or not to collect Kubernetes Secrets. - NOTE: StackState will not send the actual data of the secrets, only the metadata and a secure hash of the data. - default: "true" - group: "Cluster Agent" - - variable: clusterAgent.resources.override - label: "Override Cluster Agent Resource Allocation" - type: boolean - description: "Whether or not to override the default resources." - default: "false" - group: "Cluster Agent" - show_subquestions_if: true - subquestions: - - variable: clusterAgent.resources.requests.cpu - label: "CPU Requests" - type: string - description: "The requested CPU for the Cluster Agent." - default: "70m" - - variable: clusterAgent.resources.requests.memory - label: "Memory Requests" - type: string - description: "The requested memory for the Cluster Agent." - default: "512Mi" - - variable: clusterAgent.resources.limits.cpu - label: "CPU Limit" - type: string - description: "The CPU limit for the Cluster Agent." - default: "400m" - - variable: clusterAgent.resources.limits.memory - label: "Memory Limit" - type: string - description: "The memory limit for the Cluster Agent." - default: "800Mi" - - variable: logsAgent.enabled - label: "Enable Logs Agent" - type: boolean - description: "Whether or not to enable the Logs Agent." - default: "true" - group: "Logs Agent" - - variable: logsAgent.resources.override - label: "Override Logs Agent Resource Allocation" - type: boolean - description: "Whether or not to override the default resources." - default: "false" - group: "Logs Agent" - show_subquestions_if: true - subquestions: - - variable: logsAgent.resources.requests.cpu - label: "CPU Requests" - type: string - description: "The requested CPU for the Logs Agent." - default: "20m" - - variable: logsAgent.resources.requests.memory - label: "Memory Requests" - type: string - description: "The requested memory for the Logs Agent." - default: "100Mi" - - variable: logsAgent.resources.limits.cpu - label: "CPU Limit" - type: string - description: "The CPU limit for the Logs Agent." - default: "1300m" - - variable: logsAgent.resources.limits.memory - label: "Memory Limit" - type: string - description: "The memory limit for the Logs Agent." - default: "192Mi" diff --git a/charts/stackstate/stackstate-k8s-agent/1.0.81/templates/_cluster-agent-kube-state-metrics.yaml b/charts/stackstate/stackstate-k8s-agent/1.0.81/templates/_cluster-agent-kube-state-metrics.yaml deleted file mode 100644 index f99fbf618..000000000 --- a/charts/stackstate/stackstate-k8s-agent/1.0.81/templates/_cluster-agent-kube-state-metrics.yaml +++ /dev/null @@ -1,62 +0,0 @@ -{{- define "cluster-agent-kube-state-metrics" -}} -{{- $kubeRes := .Values.clusterAgent.collection.kubernetesResources }} -{{- if .Values.clusterAgent.collection.kubeStateMetrics.clusterCheck }} -cluster_check: true -{{- end }} -init_config: -instances: - - collectors: - - nodes - - pods - - services - {{- if $kubeRes.persistentvolumeclaims }} - - persistentvolumeclaims - {{- end }} - {{- if $kubeRes.persistentvolumes }} - - persistentvolumes - {{- end }} - {{- if $kubeRes.namespaces }} - - namespaces - {{- end }} - {{- if $kubeRes.endpoints }} - - endpoints - {{- end }} - {{- if $kubeRes.daemonsets }} - - daemonsets - {{- end }} - {{- if $kubeRes.deployments }} - - deployments - {{- end }} - {{- if $kubeRes.replicasets }} - - replicasets - {{- end }} - {{- if $kubeRes.statefulsets }} - - statefulsets - {{- end }} - {{- if $kubeRes.cronjobs }} - - cronjobs - {{- end }} - {{- if $kubeRes.jobs }} - - jobs - {{- end }} - {{- if $kubeRes.ingresses }} - - ingresses - {{- end }} - {{- if $kubeRes.secrets }} - - secrets - {{- end }} - - resourcequotas - - replicationcontrollers - - limitranges - - horizontalpodautoscalers - - poddisruptionbudgets - - storageclasses - - volumeattachments - {{- if .Values.clusterAgent.collection.kubeStateMetrics.clusterCheck }} - skip_leader_election: true - {{- end }} - labels_as_tags: - {{ .Values.clusterAgent.collection.kubeStateMetrics.labelsAsTags | toYaml | indent 8 }} - annotations_as_tags: - {{ .Values.clusterAgent.collection.kubeStateMetrics.annotationsAsTags | toYaml | indent 8 }} -{{- end -}} diff --git a/charts/stackstate/stackstate-k8s-agent/1.0.81/templates/_container-agent.yaml b/charts/stackstate/stackstate-k8s-agent/1.0.81/templates/_container-agent.yaml deleted file mode 100644 index 09f9591c6..000000000 --- a/charts/stackstate/stackstate-k8s-agent/1.0.81/templates/_container-agent.yaml +++ /dev/null @@ -1,191 +0,0 @@ -{{- define "container-agent" -}} -- name: node-agent -{{- if .Values.all.hardening.enabled}} - lifecycle: - preStop: - exec: - command: [ "/bin/sh", "-c", "echo 'Giving slim.ai monitor time to submit data...'; sleep 120" ] -{{- end }} - image: "{{ include "stackstate-k8s-agent.imageRegistry" . }}/{{ .Values.nodeAgent.containers.agent.image.repository }}:{{ .Values.nodeAgent.containers.agent.image.tag }}" - imagePullPolicy: "{{ .Values.nodeAgent.containers.agent.image.pullPolicy }}" - env: - {{ include "stackstate-k8s-agent.apiKeyEnv" . | nindent 4 }} - - name: STS_KUBERNETES_KUBELET_HOST - valueFrom: - fieldRef: - fieldPath: status.hostIP - - name: KUBERNETES_HOSTNAME - valueFrom: - fieldRef: - fieldPath: spec.nodeName - - name: STS_HOSTNAME - value: "$(KUBERNETES_HOSTNAME)-{{ .Values.stackstate.cluster.name}}" - - name: AGENT_VERSION - value: {{ .Values.nodeAgent.containers.agent.image.tag | quote }} - - name: HOST_PROC - value: "/host/proc" - - name: HOST_SYS - value: "/host/sys" - - name: KUBERNETES - value: "true" - - name: STS_APM_ENABLED - value: {{ .Values.nodeAgent.apm.enabled | quote }} - - name: STS_APM_URL - value: {{ include "stackstate-k8s-agent.stackstate.url" . }} - - name: STS_CLUSTER_AGENT_ENABLED - value: {{ .Values.clusterAgent.enabled | quote }} - {{- if .Values.clusterAgent.enabled }} - - name: STS_CLUSTER_AGENT_KUBERNETES_SERVICE_NAME - value: {{ .Release.Name }}-cluster-agent - {{ include "stackstate-k8s-agent.clusterAgentAuthTokenEnv" . | nindent 4 }} - {{- end }} - - name: STS_CLUSTER_NAME - value: {{ .Values.stackstate.cluster.name | quote }} - - name: STS_SKIP_VALIDATE_CLUSTERNAME - value: "true" - - name: STS_CHECKS_TAG_CARDINALITY - value: {{ .Values.nodeAgent.checksTagCardinality | quote }} - {{- if .Values.checksAgent.enabled }} - - name: STS_EXTRA_CONFIG_PROVIDERS - value: "endpointschecks" - {{- end }} - - name: STS_HEALTH_PORT - value: "5555" - - name: STS_LEADER_ELECTION - value: "false" - - name: LOG_LEVEL - value: {{ .Values.nodeAgent.containers.agent.logLevel | default .Values.nodeAgent.logLevel | quote }} - - name: STS_LOG_LEVEL - value: {{ .Values.nodeAgent.containers.agent.logLevel | default .Values.nodeAgent.logLevel | quote }} - - name: STS_NETWORK_TRACING_ENABLED - value: {{ .Values.nodeAgent.networkTracing.enabled | quote }} - - name: STS_PROTOCOL_INSPECTION_ENABLED - value: {{ .Values.nodeAgent.protocolInspection.enabled | quote }} - - name: STS_PROCESS_AGENT_ENABLED - value: {{ .Values.nodeAgent.containers.agent.processAgent.enabled | quote }} - - name: STS_CONTAINER_CHECK_INTERVAL - value: {{ .Values.processAgent.checkIntervals.container | quote }} - - name: STS_CONNECTION_CHECK_INTERVAL - value: {{ .Values.processAgent.checkIntervals.connections | quote }} - - name: STS_PROCESS_CHECK_INTERVAL - value: {{ .Values.processAgent.checkIntervals.process | quote }} - - name: STS_PROCESS_AGENT_URL - value: {{ include "stackstate-k8s-agent.stackstate.url" . }} - - - name: STS_SKIP_SSL_VALIDATION - value: {{ or .Values.global.skipSslValidation .Values.nodeAgent.skipSslValidation | quote }} - - name: STS_SKIP_KUBELET_TLS_VERIFY - value: {{ .Values.nodeAgent.skipKubeletTLSVerify | quote }} - - name: STS_STS_URL - value: {{ include "stackstate-k8s-agent.stackstate.url" . }} - {{- if .Values.nodeAgent.containerRuntime.customSocketPath }} - - name: STS_CRI_SOCKET_PATH - value: {{ .Values.nodeAgent.containerRuntime.customSocketPath }} - {{- end }} - {{- if .Values.global.proxy.url }} - - name: STS_PROXY_HTTPS - value: {{ .Values.global.proxy.url | quote }} - - name: STS_PROXY_HTTP - value: {{ .Values.global.proxy.url | quote }} - {{- end }} - {{- range $key, $value := .Values.global.extraEnv.open }} - - name: {{ $key }} - value: {{ $value | quote }} - {{- end }} - {{- range $key, $value := .Values.global.extraEnv.secret }} - - name: {{ $key }} - valueFrom: - secretKeyRef: - name: {{ include "stackstate-k8s-agent.fullname" . }} - key: {{ $key }} - {{- end }} - {{- range $key, $value := .Values.nodeAgent.containers.agent.env }} - - name: {{ $key }} - value: {{ $value | quote }} - {{- end }} - {{- if .Values.nodeAgent.containers.agent.livenessProbe.enabled }} - livenessProbe: - httpGet: - path: /health - port: healthport - failureThreshold: {{ .Values.nodeAgent.containers.agent.livenessProbe.failureThreshold }} - initialDelaySeconds: {{ .Values.nodeAgent.containers.agent.livenessProbe.initialDelaySeconds }} - periodSeconds: {{ .Values.nodeAgent.containers.agent.livenessProbe.periodSeconds }} - successThreshold: {{ .Values.nodeAgent.containers.agent.livenessProbe.successThreshold }} - timeoutSeconds: {{ .Values.nodeAgent.containers.agent.livenessProbe.timeoutSeconds }} - {{- end }} - {{- if .Values.nodeAgent.containers.agent.readinessProbe.enabled }} - readinessProbe: - httpGet: - path: /health - port: healthport - failureThreshold: {{ .Values.nodeAgent.containers.agent.readinessProbe.failureThreshold }} - initialDelaySeconds: {{ .Values.nodeAgent.containers.agent.readinessProbe.initialDelaySeconds }} - periodSeconds: {{ .Values.nodeAgent.containers.agent.readinessProbe.periodSeconds }} - successThreshold: {{ .Values.nodeAgent.containers.agent.readinessProbe.successThreshold }} - timeoutSeconds: {{ .Values.nodeAgent.containers.agent.readinessProbe.timeoutSeconds }} - {{- end }} - ports: - - containerPort: 8126 - name: traceport - protocol: TCP - - containerPort: 5555 - name: healthport - protocol: TCP - {{- with .Values.nodeAgent.containers.agent.resources }} - resources: - {{- toYaml . | nindent 12 }} - {{- end }} - volumeMounts: - {{- if .Values.nodeAgent.containerRuntime.customSocketPath }} - - name: customcrisocket - mountPath: {{ .Values.nodeAgent.containerRuntime.customSocketPath }} - readOnly: true - {{- end }} - - name: crisocket - mountPath: /var/run/crio/crio.sock - readOnly: true - - name: containerdsocket - mountPath: /var/run/containerd/containerd.sock - readOnly: true - - name: kubelet - mountPath: /var/lib/kubelet - readOnly: true - - name: nfs - mountPath: /var/lib/nfs - readOnly: true - - name: dockersocket - mountPath: /var/run/docker.sock - readOnly: true - - name: dockernetns - mountPath: /run/docker/netns - readOnly: true - - name: dockeroverlay2 - mountPath: /var/lib/docker/overlay2 - readOnly: true - - name: procdir - mountPath: /host/proc - readOnly: true - - name: cgroups - mountPath: /host/sys/fs/cgroup - readOnly: true - {{- if .Values.nodeAgent.config.override }} - {{- range .Values.nodeAgent.config.override }} - - name: config-override-volume - mountPath: {{ .path }}/{{ .name }} - subPath: {{ .path | replace "/" "_"}}_{{ .name }} - readOnly: true - {{- end }} - {{- end }} -{{- if .Values.all.hardening.enabled}} - securityContext: - privileged: true - runAsUser: 0 # root - capabilities: - add: [ "ALL" ] - readOnlyRootFilesystem: false -{{- else }} - securityContext: - privileged: false -{{- end }} -{{- end -}} diff --git a/charts/stackstate/stackstate-k8s-agent/1.0.81/templates/_container-process-agent.yaml b/charts/stackstate/stackstate-k8s-agent/1.0.81/templates/_container-process-agent.yaml deleted file mode 100644 index 893f11581..000000000 --- a/charts/stackstate/stackstate-k8s-agent/1.0.81/templates/_container-process-agent.yaml +++ /dev/null @@ -1,160 +0,0 @@ -{{- define "container-process-agent" -}} -- name: process-agent -{{ if .Values.nodeAgent.containers.processAgent.image.registry }} - image: "{{ .Values.nodeAgent.containers.processAgent.image.registry }}/{{ .Values.nodeAgent.containers.processAgent.image.repository }}:{{ .Values.nodeAgent.containers.processAgent.image.tag }}" -{{ else }} - image: "{{ include "stackstate-k8s-agent.imageRegistry" . }}/{{ .Values.nodeAgent.containers.processAgent.image.repository }}:{{ .Values.nodeAgent.containers.processAgent.image.tag }}" -{{- end }} - imagePullPolicy: "{{ .Values.nodeAgent.containers.processAgent.image.pullPolicy }}" - ports: - - containerPort: 6063 - env: - {{ include "stackstate-k8s-agent.apiKeyEnv" . | nindent 4 }} - - name: STS_KUBERNETES_KUBELET_HOST - valueFrom: - fieldRef: - fieldPath: status.hostIP - - name: KUBERNETES_HOSTNAME - valueFrom: - fieldRef: - fieldPath: spec.nodeName - - name: STS_HOSTNAME - value: "$(KUBERNETES_HOSTNAME)-{{ .Values.stackstate.cluster.name}}" - - name: AGENT_VERSION - value: {{ .Values.nodeAgent.containers.processAgent.image.tag | quote }} - - name: STS_LOG_TO_CONSOLE - value: "true" - - name: HOST_PROC - value: "/host/proc" - - name: HOST_SYS - value: "/host/sys" - - name: HOST_ETC - value: "/host/etc" - - name: KUBERNETES - value: "true" - - name: STS_CLUSTER_AGENT_ENABLED - value: {{ .Values.clusterAgent.enabled | quote }} - {{- if .Values.clusterAgent.enabled }} - - name: STS_CLUSTER_AGENT_KUBERNETES_SERVICE_NAME - value: {{ .Release.Name }}-cluster-agent - {{ include "stackstate-k8s-agent.clusterAgentAuthTokenEnv" . | nindent 4 }} - {{- end }} - - name: STS_CLUSTER_NAME - value: {{ .Values.stackstate.cluster.name | quote }} - - name: STS_SKIP_VALIDATE_CLUSTERNAME - value: "true" - - name: LOG_LEVEL - value: {{ .Values.nodeAgent.containers.processAgent.logLevel | default .Values.nodeAgent.logLevel | quote }} - - name: STS_LOG_LEVEL - value: {{ .Values.nodeAgent.containers.processAgent.logLevel | default .Values.nodeAgent.logLevel | quote }} - - name: STS_NETWORK_TRACING_ENABLED - value: {{ .Values.nodeAgent.networkTracing.enabled | quote }} - - name: STS_PROTOCOL_INSPECTION_ENABLED - value: {{ .Values.nodeAgent.protocolInspection.enabled | quote }} - - name: STS_PROCESS_AGENT_ENABLED - value: {{ .Values.nodeAgent.containers.processAgent.enabled | quote }} - - name: STS_CONTAINER_CHECK_INTERVAL - value: {{ .Values.processAgent.checkIntervals.container | quote }} - - name: STS_CONNECTION_CHECK_INTERVAL - value: {{ .Values.processAgent.checkIntervals.connections | quote }} - - name: STS_PROCESS_CHECK_INTERVAL - value: {{ .Values.processAgent.checkIntervals.process | quote }} - - name: GOMEMLIMIT - value: {{ .Values.processAgent.softMemoryLimit.goMemLimit | quote }} - - name: STS_HTTP_STATS_BUFFER_SIZE - value: {{ .Values.processAgent.softMemoryLimit.httpStatsBufferSize | quote }} - - name: STS_HTTP_OBSERVATIONS_BUFFER_SIZE - value: {{ .Values.processAgent.softMemoryLimit.httpObservationsBufferSize | quote }} - - name: STS_PROCESS_AGENT_URL - value: {{ include "stackstate-k8s-agent.stackstate.url" . }} - - name: STS_SKIP_SSL_VALIDATION - value: {{ or .Values.global.skipSslValidation .Values.nodeAgent.skipSslValidation | quote }} - - name: STS_SKIP_KUBELET_TLS_VERIFY - value: {{ .Values.nodeAgent.skipKubeletTLSVerify | quote }} - - name: STS_STS_URL - value: {{ include "stackstate-k8s-agent.stackstate.url" . }} - - name: STS_HTTP_TRACING_ENABLED - value: {{ .Values.nodeAgent.httpTracing.enabled | quote }} - {{- if .Values.nodeAgent.containerRuntime.customSocketPath }} - - name: STS_CRI_SOCKET_PATH - value: {{ .Values.nodeAgent.containerRuntime.customSocketPath }} - {{- end }} - {{- if .Values.global.proxy.url }} - - name: STS_PROXY_HTTPS - value: {{ .Values.global.proxy.url | quote }} - - name: STS_PROXY_HTTP - value: {{ .Values.global.proxy.url | quote }} - {{- end }} - {{- range $key, $value := .Values.global.extraEnv.open }} - - name: {{ $key }} - value: {{ $value | quote }} - {{- end }} - {{- range $key, $value := .Values.global.extraEnv.secret }} - - name: {{ $key }} - valueFrom: - secretKeyRef: - name: {{ include "stackstate-k8s-agent.fullname" . }} - key: {{ $key }} - {{- end }} - {{- range $key, $value := .Values.nodeAgent.containers.processAgent.env }} - - name: {{ $key }} - value: {{ $value | quote }} - {{- end }} - {{- with .Values.nodeAgent.containers.processAgent.resources }} - resources: - {{- toYaml . | nindent 12 }} - {{- end }} - volumeMounts: - {{- if .Values.nodeAgent.containerRuntime.customSocketPath }} - - name: customcrisocket - mountPath: {{ .Values.nodeAgent.containerRuntime.customSocketPath }} - readOnly: true - {{- end }} - - name: crisocket - mountPath: /var/run/crio/crio.sock - readOnly: true - - name: containerdsocket - mountPath: /var/run/containerd/containerd.sock - readOnly: true - - name: sys-kernel-debug - mountPath: /sys/kernel/debug - # Having sys-kernel-debug as read only breaks specific monitors from receiving metrics - # readOnly: true - - name: dockersocket - mountPath: /var/run/docker.sock - readOnly: true - # The agent needs access to /etc to figure out what os it is running on. - - name: etcdir - mountPath: /host/etc - readOnly: true - - name: procdir - mountPath: /host/proc - # We have an agent option STS_DISABLE_BPF_JIT_HARDEN that write to /proc. this is a debug setting but if we want to use - # it, we have the option to make /proc writable. - readOnly: {{ .Values.nodeAgent.containers.processAgent.procVolumeReadOnly }} - - name: passwd - mountPath: /etc/passwd - readOnly: true - - name: cgroups - mountPath: /host/sys/fs/cgroup - readOnly: true - {{- if .Values.nodeAgent.config.override }} - {{- range .Values.nodeAgent.config.override }} - - name: config-override-volume - mountPath: {{ .path }}/{{ .name }} - subPath: {{ .path | replace "/" "_"}}_{{ .name }} - readOnly: true - {{- end }} - {{- end }} -{{- if .Values.all.hardening.enabled}} - securityContext: - privileged: true - runAsUser: 0 # root - capabilities: - add: [ "ALL" ] - readOnlyRootFilesystem: false -{{- else }} - securityContext: - privileged: true -{{- end }} -{{- end -}} diff --git a/charts/stackstate/stackstate-k8s-agent/1.0.81/templates/_helpers.tpl b/charts/stackstate/stackstate-k8s-agent/1.0.81/templates/_helpers.tpl deleted file mode 100644 index 3c51bc308..000000000 --- a/charts/stackstate/stackstate-k8s-agent/1.0.81/templates/_helpers.tpl +++ /dev/null @@ -1,219 +0,0 @@ -{{/* vim: set filetype=mustache: */}} -{{/* -Expand the name of the chart. -*/}} -{{- define "stackstate-k8s-agent.name" -}} -{{- default .Chart.Name .Values.nameOverride | trunc 63 | trimSuffix "-" -}} -{{- end -}} - -{{/* -Create a default fully qualified app name. -We truncate at 63 chars because some Kubernetes name fields are limited to this (by the DNS naming spec). -If release name contains chart name it will be used as a full name. -*/}} -{{- define "stackstate-k8s-agent.fullname" -}} -{{- if .Values.fullnameOverride -}} -{{- .Values.fullnameOverride | trunc 63 | trimSuffix "-" -}} -{{- else -}} -{{- $name := default .Chart.Name .Values.nameOverride -}} -{{- if contains $name .Release.Name -}} -{{- .Release.Name | trunc 63 | trimSuffix "-" -}} -{{- else -}} -{{- printf "%s-%s" .Release.Name $name | trunc 63 | trimSuffix "-" -}} -{{- end -}} -{{- end -}} -{{- end -}} - -{{/* -Create chart name and version as used by the chart label. -*/}} -{{- define "stackstate-k8s-agent.chart" -}} -{{- printf "%s-%s" .Chart.Name .Chart.Version | replace "+" "_" | trunc 63 | trimSuffix "-" -}} -{{- end -}} - -{{/* -Common labels -*/}} -{{- define "stackstate-k8s-agent.labels" -}} -app.kubernetes.io/name: {{ include "stackstate-k8s-agent.name" . }} -helm.sh/chart: {{ include "stackstate-k8s-agent.chart" . }} -app.kubernetes.io/instance: {{ .Release.Name }} -{{- if .Chart.AppVersion }} -app.kubernetes.io/version: {{ .Chart.AppVersion | quote }} -{{- end }} -app.kubernetes.io/managed-by: {{ .Release.Service }} -{{- end -}} - -{{/* -Cluster agent checksum annotations -*/}} -{{- define "stackstate-k8s-agent.checksum-configs" }} -checksum/secret: {{ include (print $.Template.BasePath "/secret.yaml") . | sha256sum }} -{{- end }} - -{{/* -StackState URL function -*/}} -{{- define "stackstate-k8s-agent.stackstate.url" -}} -{{ tpl .Values.stackstate.url . | quote }} -{{- end }} - -{{- define "stackstate-k8s-agent.configmap.override.checksum" -}} -{{- if .Values.clusterAgent.config.override }} -checksum/override-configmap: {{ include (print $.Template.BasePath "/cluster-agent-configmap.yaml") . | sha256sum }} -{{- end }} -{{- end }} - -{{- define "stackstate-k8s-agent.nodeAgent.configmap.override.checksum" -}} -{{- if .Values.nodeAgent.config.override }} -checksum/override-configmap: {{ include (print $.Template.BasePath "/node-agent-configmap.yaml") . | sha256sum }} -{{- end }} -{{- end }} - -{{- define "stackstate-k8s-agent.logsAgent.configmap.override.checksum" -}} -checksum/override-configmap: {{ include (print $.Template.BasePath "/logs-agent-configmap.yaml") . | sha256sum }} -{{- end }} - -{{- define "stackstate-k8s-agent.checksAgent.configmap.override.checksum" -}} -{{- if .Values.checksAgent.config.override }} -checksum/override-configmap: {{ include (print $.Template.BasePath "/checks-agent-configmap.yaml") . | sha256sum }} -{{- end }} -{{- end }} - - -{{/* -Return the image registry -*/}} -{{- define "stackstate-k8s-agent.imageRegistry" -}} - {{- if .Values.global }} - {{- .Values.global.imageRegistry | default .Values.all.image.registry -}} - {{- else -}} - {{- .Values.all.image.registry -}} - {{- end -}} -{{- end -}} - -{{/* -Renders a value that contains a template. -Usage: -{{ include "stackstate-k8s-agent.tplvalue.render" ( dict "value" .Values.path.to.the.Value "context" $) }} -*/}} -{{- define "stackstate-k8s-agent.tplvalue.render" -}} - {{- if typeIs "string" .value }} - {{- tpl .value .context }} - {{- else }} - {{- tpl (.value | toYaml) .context }} - {{- end }} -{{- end -}} - -{{- define "stackstate-k8s-agent.pull-secret.name" -}} -{{ include "stackstate-k8s-agent.fullname" . }}-pull-secret -{{- end -}} - -{{/* -Return the proper Docker Image Registry Secret Names evaluating values as templates -{{ include "stackstate-k8s-agent.image.pullSecrets" ( dict "images" (list .Values.path.to.the.image1, .Values.path.to.the.image2) "context" $) }} -*/}} -{{- define "stackstate-k8s-agent.image.pullSecrets" -}} - {{- $pullSecrets := list }} - {{- $context := .context }} - {{- if $context.Values.global }} - {{- range $context.Values.global.imagePullSecrets -}} - {{/* Is plain array of strings, compatible with all bitnami charts */}} - {{- $pullSecrets = append $pullSecrets (include "stackstate-k8s-agent.tplvalue.render" (dict "value" . "context" $context)) -}} - {{- end -}} - {{- end -}} - {{- range $context.Values.imagePullSecrets -}} - {{- $pullSecrets = append $pullSecrets (include "stackstate-k8s-agent.tplvalue.render" (dict "value" .name "context" $context)) -}} - {{- end -}} - {{- range .images -}} - {{- if .pullSecretName -}} - {{- $pullSecrets = append $pullSecrets (include "stackstate-k8s-agent.tplvalue.render" (dict "value" .pullSecretName "context" $context)) -}} - {{- end -}} - {{- end -}} - {{- $pullSecrets = append $pullSecrets (include "stackstate-k8s-agent.pull-secret.name" $context) -}} - {{- if (not (empty $pullSecrets)) -}} -imagePullSecrets: - {{- range $pullSecrets | uniq }} - - name: {{ . }} - {{- end }} - {{- end }} -{{- end -}} - -{{/* -Check whether the kubernetes-state-metrics configuration is overridden. If so, return 'true' else return nothing (which is false). -{{ include "stackstate-k8s-agent.kube-state-metrics.overridden" $ }} -*/}} -{{- define "stackstate-k8s-agent.kube-state-metrics.overridden" -}} -{{- if .Values.clusterAgent.config.override }} - {{- range $i, $val := .Values.clusterAgent.config.override }} - {{- if and (eq $val.name "conf.yaml") (eq $val.path "/etc/stackstate-agent/conf.d/kubernetes_state.d") }} -true - {{- end }} - {{- end }} -{{- end }} -{{- end -}} - -{{- define "stackstate-k8s-agent.nodeAgent.kube-state-metrics.overridden" -}} -{{- if .Values.nodeAgent.config.override }} - {{- range $i, $val := .Values.nodeAgent.config.override }} - {{- if and (eq $val.name "auto_conf.yaml") (eq $val.path "/etc/stackstate-agent/conf.d/kubernetes_state.d") }} -true - {{- end }} - {{- end }} -{{- end }} -{{- end -}} - -{{/* -Return the appropriate os label -*/}} -{{- define "label.os" -}} -{{- if semverCompare "^1.14-0" .Capabilities.KubeVersion.GitVersion -}} -kubernetes.io/os -{{- else -}} -beta.kubernetes.io/os -{{- end -}} -{{- end -}} - -{{/* -Returns a YAML with extra annotations -*/}} -{{- define "stackstate-k8s-agent.global.extraAnnotations" -}} -{{- with .Values.global.extraAnnotations }} -{{- toYaml . }} -{{- end }} -{{- end -}} - -{{/* -Returns a YAML with extra labels -*/}} -{{- define "stackstate-k8s-agent.global.extraLabels" -}} -{{- with .Values.global.extraLabels }} -{{- toYaml . }} -{{- end }} -{{- end -}} - -{{- define "stackstate-k8s-agent.apiKeyEnv" -}} -- name: STS_API_KEY - valueFrom: - secretKeyRef: -{{- if not .Values.stackstate.manageOwnSecrets }} - name: {{ include "stackstate-k8s-agent.fullname" . }} - key: sts-api-key -{{- else }} - name: {{ .Values.stackstate.customSecretName | quote }} - key: {{ .Values.stackstate.customApiKeySecretKey | quote }} -{{- end }} -{{- end -}} - -{{- define "stackstate-k8s-agent.clusterAgentAuthTokenEnv" -}} -- name: STS_CLUSTER_AGENT_AUTH_TOKEN - valueFrom: - secretKeyRef: -{{- if not .Values.stackstate.manageOwnSecrets }} - name: {{ include "stackstate-k8s-agent.fullname" . }} - key: sts-cluster-auth-token -{{- else }} - name: {{ .Values.stackstate.customSecretName | quote }} - key: {{ .Values.stackstate.customClusterAuthTokenSecretKey | quote }} -{{- end }} -{{- end -}} diff --git a/charts/stackstate/stackstate-k8s-agent/1.0.81/templates/checks-agent-clusterrolebinding.yaml b/charts/stackstate/stackstate-k8s-agent/1.0.81/templates/checks-agent-clusterrolebinding.yaml deleted file mode 100644 index 4fd0eadbc..000000000 --- a/charts/stackstate/stackstate-k8s-agent/1.0.81/templates/checks-agent-clusterrolebinding.yaml +++ /dev/null @@ -1,21 +0,0 @@ -{{- if .Values.checksAgent.enabled }} -apiVersion: rbac.authorization.k8s.io/v1 -kind: ClusterRoleBinding -metadata: - name: {{ .Release.Name }}-checks-agent - labels: -{{ include "stackstate-k8s-agent.labels" . | indent 4 }} -{{ include "stackstate-k8s-agent.global.extraLabels" . | indent 4 }} - app.kubernetes.io/component: checks-agent - annotations: -{{ include "stackstate-k8s-agent.global.extraAnnotations" . | indent 4 }} -roleRef: - apiGroup: rbac.authorization.k8s.io - kind: ClusterRole - name: {{ .Release.Name }}-node-agent -subjects: -- apiGroup: "" - kind: ServiceAccount - name: {{ .Release.Name }}-checks-agent - namespace: {{ .Release.Namespace }} -{{- end -}} diff --git a/charts/stackstate/stackstate-k8s-agent/1.0.81/templates/checks-agent-configmap.yaml b/charts/stackstate/stackstate-k8s-agent/1.0.81/templates/checks-agent-configmap.yaml deleted file mode 100644 index 54a1abf2f..000000000 --- a/charts/stackstate/stackstate-k8s-agent/1.0.81/templates/checks-agent-configmap.yaml +++ /dev/null @@ -1,17 +0,0 @@ -{{- if and .Values.checksAgent.enabled .Values.checksAgent.config.override }} -apiVersion: v1 -kind: ConfigMap -metadata: - name: {{ .Release.Name }}-checks-agent - labels: -{{ include "stackstate-k8s-agent.labels" . | indent 4 }} -{{ include "stackstate-k8s-agent.global.extraLabels" . | indent 4 }} - app.kubernetes.io/component: checks-agent - annotations: -{{ include "stackstate-k8s-agent.global.extraAnnotations" . | indent 4 }} -data: -{{- range .Values.checksAgent.config.override }} - {{ .path | replace "/" "_"}}_{{ .name }}: | -{{ .data | indent 4 -}} -{{- end -}} -{{- end -}} diff --git a/charts/stackstate/stackstate-k8s-agent/1.0.81/templates/checks-agent-deployment.yaml b/charts/stackstate/stackstate-k8s-agent/1.0.81/templates/checks-agent-deployment.yaml deleted file mode 100644 index 37a0b1a1d..000000000 --- a/charts/stackstate/stackstate-k8s-agent/1.0.81/templates/checks-agent-deployment.yaml +++ /dev/null @@ -1,185 +0,0 @@ -{{- if .Values.checksAgent.enabled }} -apiVersion: apps/v1 -kind: Deployment -metadata: - name: {{ .Release.Name }}-checks-agent - namespace: {{ .Release.Namespace }} - labels: -{{ include "stackstate-k8s-agent.labels" . | indent 4 }} -{{ include "stackstate-k8s-agent.global.extraLabels" . | indent 4 }} - app.kubernetes.io/component: checks-agent - annotations: -{{ include "stackstate-k8s-agent.global.extraAnnotations" . | indent 4 }} -spec: - selector: - matchLabels: - app.kubernetes.io/component: checks-agent - app.kubernetes.io/instance: {{ .Release.Name }} - app.kubernetes.io/name: {{ include "stackstate-k8s-agent.name" . }} - replicas: {{ .Values.checksAgent.replicas }} -{{- with .Values.checksAgent.strategy }} - strategy: - {{- toYaml . | nindent 4 }} -{{- end }} - template: - metadata: - annotations: - {{- include "stackstate-k8s-agent.checksum-configs" . | nindent 8 }} - {{- include "stackstate-k8s-agent.nodeAgent.configmap.override.checksum" . | nindent 8 }} -{{ include "stackstate-k8s-agent.global.extraAnnotations" . | indent 8 }} - labels: - app.kubernetes.io/component: checks-agent - app.kubernetes.io/instance: {{ .Release.Name }} - app.kubernetes.io/name: {{ include "stackstate-k8s-agent.name" . }} -{{ include "stackstate-k8s-agent.global.extraLabels" . | indent 8 }} - spec: - {{- include "stackstate-k8s-agent.image.pullSecrets" (dict "images" (list .Values.checksAgent.image .Values.all.image) "context" $) | nindent 6 }} - {{- if .Values.all.hardening.enabled}} - terminationGracePeriodSeconds: 240 - {{- end }} - containers: - - name: {{ .Chart.Name }} - image: "{{ include "stackstate-k8s-agent.imageRegistry" . }}/{{ .Values.checksAgent.image.repository }}:{{ .Values.checksAgent.image.tag }}" - imagePullPolicy: "{{ .Values.checksAgent.image.pullPolicy }}" - {{- if .Values.all.hardening.enabled}} - lifecycle: - preStop: - exec: - command: [ "/bin/sh", "-c", "echo 'Giving slim.ai monitor time to submit data...'; sleep 120" ] - {{- end }} - env: - {{ include "stackstate-k8s-agent.apiKeyEnv" . | nindent 10 }} - - name: KUBERNETES_HOSTNAME - valueFrom: - fieldRef: - fieldPath: spec.nodeName - - name: STS_HOSTNAME - value: "$(KUBERNETES_HOSTNAME)-{{ .Values.stackstate.cluster.name}}" - - name: AGENT_VERSION - value: {{ .Values.checksAgent.image.tag | quote }} - - name: LOG_LEVEL - value: {{ .Values.checksAgent.logLevel | quote }} - - name: STS_APM_ENABLED - value: "false" - - name: STS_CLUSTER_AGENT_ENABLED - value: {{ .Values.clusterAgent.enabled | quote }} - {{- if .Values.clusterAgent.enabled }} - - name: STS_CLUSTER_AGENT_KUBERNETES_SERVICE_NAME - value: {{ .Release.Name }}-cluster-agent - {{ include "stackstate-k8s-agent.clusterAgentAuthTokenEnv" . | nindent 10 }} - {{- end }} - - name: STS_CLUSTER_NAME - value: {{ .Values.stackstate.cluster.name | quote }} - - name: STS_SKIP_VALIDATE_CLUSTERNAME - value: "true" - - name: STS_CHECKS_TAG_CARDINALITY - value: {{ .Values.checksAgent.checksTagCardinality | quote }} - - name: STS_EXTRA_CONFIG_PROVIDERS - value: "clusterchecks" - - name: STS_HEALTH_PORT - value: "5555" - - name: STS_LEADER_ELECTION - value: "false" - - name: STS_LOG_LEVEL - value: {{ .Values.checksAgent.logLevel | quote }} - - name: STS_NETWORK_TRACING_ENABLED - value: "false" - - name: STS_PROCESS_AGENT_ENABLED - value: "false" - - name: STS_SKIP_SSL_VALIDATION - value: {{ or .Values.global.skipSslValidation .Values.checksAgent.skipSslValidation | quote }} - - name: STS_STS_URL - value: {{ include "stackstate-k8s-agent.stackstate.url" . }} - {{- if .Values.global.proxy.url }} - - name: STS_PROXY_HTTPS - value: {{ .Values.global.proxy.url | quote }} - - name: STS_PROXY_HTTP - value: {{ .Values.global.proxy.url | quote }} - {{- end }} - {{- range $key, $value := .Values.global.extraEnv.open }} - - name: {{ $key }} - value: {{ $value | quote }} - {{- end }} - {{- range $key, $value := .Values.global.extraEnv.secret }} - - name: {{ $key }} - valueFrom: - secretKeyRef: - name: {{ include "stackstate-k8s-agent.fullname" . }} - key: {{ $key }} - {{- end }} - livenessProbe: - httpGet: - path: /health - port: healthport - failureThreshold: {{ .Values.checksAgent.livenessProbe.failureThreshold }} - initialDelaySeconds: {{ .Values.checksAgent.livenessProbe.initialDelaySeconds }} - periodSeconds: {{ .Values.checksAgent.livenessProbe.periodSeconds }} - successThreshold: {{ .Values.checksAgent.livenessProbe.successThreshold }} - timeoutSeconds: {{ .Values.checksAgent.livenessProbe.timeoutSeconds }} - readinessProbe: - httpGet: - path: /health - port: healthport - failureThreshold: {{ .Values.checksAgent.readinessProbe.failureThreshold }} - initialDelaySeconds: {{ .Values.checksAgent.readinessProbe.initialDelaySeconds }} - periodSeconds: {{ .Values.checksAgent.readinessProbe.periodSeconds }} - successThreshold: {{ .Values.checksAgent.readinessProbe.successThreshold }} - timeoutSeconds: {{ .Values.checksAgent.readinessProbe.timeoutSeconds }} - ports: - - containerPort: 5555 - name: healthport - protocol: TCP - {{- if .Values.all.hardening.enabled}} - securityContext: - privileged: true - runAsUser: 0 # root - capabilities: - add: [ "ALL" ] - readOnlyRootFilesystem: false - {{- else }} - securityContext: - privileged: false - {{- end }} - {{- with .Values.checksAgent.resources }} - resources: - {{- toYaml . | nindent 12 }} - {{- end }} - volumeMounts: - - name: confd-empty-volume - mountPath: /etc/stackstate-agent/conf.d -# setting as readOnly: false because we need the ability to write data on /etc/stackstate-agent/conf.d as we enable checks to run. - readOnly: false - {{- if .Values.checksAgent.config.override }} - {{- range .Values.checksAgent.config.override }} - - name: config-override-volume - mountPath: {{ .path }}/{{ .name }} - subPath: {{ .path | replace "/" "_"}}_{{ .name }} - readOnly: true - {{- end }} - {{- end }} - {{- if .Values.checksAgent.priorityClassName }} - priorityClassName: {{ .Values.checksAgent.priorityClassName }} - {{- end }} - serviceAccountName: {{ .Release.Name }}-checks-agent - nodeSelector: - {{ template "label.os" . }}: {{ .Values.targetSystem }} - {{- with .Values.checksAgent.nodeSelector }} - {{- toYaml . | nindent 8 }} - {{- end }} - {{- with .Values.checksAgent.affinity }} - affinity: - {{- toYaml . | nindent 8 }} - {{- end }} - {{- with .Values.checksAgent.tolerations }} - tolerations: - {{- toYaml . | nindent 8 }} - {{- end }} - volumes: - - name: confd-empty-volume - emptyDir: {} - {{- if .Values.checksAgent.config.override }} - - name: config-override-volume - configMap: - name: {{ .Release.Name }}-checks-agent - {{- end }} -{{- end -}} diff --git a/charts/stackstate/stackstate-k8s-agent/1.0.81/templates/checks-agent-poddisruptionbudget.yaml b/charts/stackstate/stackstate-k8s-agent/1.0.81/templates/checks-agent-poddisruptionbudget.yaml deleted file mode 100644 index 19d3924ea..000000000 --- a/charts/stackstate/stackstate-k8s-agent/1.0.81/templates/checks-agent-poddisruptionbudget.yaml +++ /dev/null @@ -1,23 +0,0 @@ -{{- if .Values.checksAgent.enabled }} -{{- if .Capabilities.APIVersions.Has "policy/v1/PodDisruptionBudget" }} -apiVersion: policy/v1 -{{- else }} -apiVersion: policy/v1beta1 -{{- end }} -kind: PodDisruptionBudget -metadata: - name: {{ .Release.Name }}-checks-agent - labels: -{{ include "stackstate-k8s-agent.labels" . | indent 4 }} -{{ include "stackstate-k8s-agent.global.extraLabels" . | indent 4 }} - app.kubernetes.io/component: checks-agent - annotations: -{{ include "stackstate-k8s-agent.global.extraAnnotations" . | indent 4 }} -spec: - maxUnavailable: 1 - selector: - matchLabels: - app.kubernetes.io/component: checks-agent - app.kubernetes.io/instance: {{ .Release.Name }} - app.kubernetes.io/name: {{ include "stackstate-k8s-agent.name" . }} -{{- end -}} diff --git a/charts/stackstate/stackstate-k8s-agent/1.0.81/templates/checks-agent-serviceaccount.yaml b/charts/stackstate/stackstate-k8s-agent/1.0.81/templates/checks-agent-serviceaccount.yaml deleted file mode 100644 index a90a43589..000000000 --- a/charts/stackstate/stackstate-k8s-agent/1.0.81/templates/checks-agent-serviceaccount.yaml +++ /dev/null @@ -1,16 +0,0 @@ -{{- if .Values.checksAgent.enabled }} -apiVersion: v1 -kind: ServiceAccount -metadata: - name: {{ .Release.Name }}-checks-agent - namespace: {{ .Release.Namespace }} - labels: -{{ include "stackstate-k8s-agent.labels" . | indent 4 }} -{{ include "stackstate-k8s-agent.global.extraLabels" . | indent 4 }} - app.kubernetes.io/component: checks-agent - annotations: -{{ include "stackstate-k8s-agent.global.extraAnnotations" . | indent 4 }} -{{- with .Values.checksAgent.serviceaccount.annotations }} - {{- toYaml . | nindent 4 }} -{{- end }} -{{- end -}} diff --git a/charts/stackstate/stackstate-k8s-agent/1.0.81/templates/cluster-agent-clusterrole.yaml b/charts/stackstate/stackstate-k8s-agent/1.0.81/templates/cluster-agent-clusterrole.yaml deleted file mode 100644 index 021a43ebd..000000000 --- a/charts/stackstate/stackstate-k8s-agent/1.0.81/templates/cluster-agent-clusterrole.yaml +++ /dev/null @@ -1,152 +0,0 @@ -{{- $kubeRes := .Values.clusterAgent.collection.kubernetesResources }} -apiVersion: rbac.authorization.k8s.io/v1 -kind: ClusterRole -metadata: - name: {{ include "stackstate-k8s-agent.fullname" . }} - labels: -{{ include "stackstate-k8s-agent.labels" . | indent 4 }} -{{ include "stackstate-k8s-agent.global.extraLabels" . | indent 4 }} - app.kubernetes.io/component: cluster-agent - annotations: -{{ include "stackstate-k8s-agent.global.extraAnnotations" . | indent 4 }} -rules: -- apiGroups: - - "" - resources: - - events - - nodes - - pods - - services - {{- if $kubeRes.namespaces }} - - namespaces - {{- end }} - {{- if .Values.clusterAgent.collection.kubernetesMetrics }} - - componentstatuses - {{- end }} - {{- if $kubeRes.configmaps }} - - configmaps - {{- end }} - {{- if $kubeRes.endpoints }} - - endpoints - {{- end }} - {{- if $kubeRes.persistentvolumeclaims }} - - persistentvolumeclaims - {{- end }} - {{- if $kubeRes.persistentvolumes }} - - persistentvolumes - {{- end }} - {{- if $kubeRes.secrets }} - - secrets - {{- end }} - {{- if $kubeRes.resourcequotas }} - - resourcequotas - {{- end }} - verbs: - - get - - list - - watch -{{- if or $kubeRes.daemonsets $kubeRes.deployments $kubeRes.replicasets $kubeRes.statefulsets }} -- apiGroups: - - "apps" - resources: - {{- if $kubeRes.daemonsets }} - - daemonsets - {{- end }} - {{- if $kubeRes.deployments }} - - deployments - {{- end }} - {{- if $kubeRes.replicasets }} - - replicasets - {{- end }} - {{- if $kubeRes.statefulsets }} - - statefulsets - {{- end }} - verbs: - - get - - list - - watch -{{- end}} -{{- if $kubeRes.ingresses }} -- apiGroups: - - "extensions" - - "networking.k8s.io" - resources: - - ingresses - verbs: - - get - - list - - watch -{{- end}} -{{- if or $kubeRes.cronjobs $kubeRes.jobs }} -- apiGroups: - - "batch" - resources: - {{- if $kubeRes.cronjobs }} - - cronjobs - {{- end }} - {{- if $kubeRes.jobs }} - - jobs - {{- end }} - verbs: - - get - - list - - watch -{{- end}} -- nonResourceURLs: - - "/healthz" - - "/version" - verbs: - - get -- apiGroups: - - "storage.k8s.io" - resources: - {{- if $kubeRes.volumeattachments }} - - volumeattachments - {{- end }} - {{- if $kubeRes.storageclasses }} - - storageclasses - {{- end }} - verbs: - - get - - list - - watch -- apiGroups: - - "policy" - resources: - {{- if $kubeRes.poddisruptionbudgets }} - - poddisruptionbudgets - {{- end }} - verbs: - - get - - list - - watch -- apiGroups: - - "" - resources: - {{- if $kubeRes.replicationcontrollers }} - - replicationcontrollers - {{- end }} - verbs: - - get - - list - - watch -- apiGroups: - - "autoscaling" - resources: - {{- if $kubeRes.horizontalpodautoscalers }} - - horizontalpodautoscalers - {{- end }} - verbs: - - get - - list - - watch -- apiGroups: - - "" - resources: - {{- if $kubeRes.limitranges }} - - limitranges - {{- end }} - verbs: - - get - - list - - watch diff --git a/charts/stackstate/stackstate-k8s-agent/1.0.81/templates/cluster-agent-clusterrolebinding.yaml b/charts/stackstate/stackstate-k8s-agent/1.0.81/templates/cluster-agent-clusterrolebinding.yaml deleted file mode 100644 index 207613dd9..000000000 --- a/charts/stackstate/stackstate-k8s-agent/1.0.81/templates/cluster-agent-clusterrolebinding.yaml +++ /dev/null @@ -1,19 +0,0 @@ -apiVersion: rbac.authorization.k8s.io/v1 -kind: ClusterRoleBinding -metadata: - name: {{ include "stackstate-k8s-agent.fullname" . }} - labels: -{{ include "stackstate-k8s-agent.labels" . | indent 4 }} -{{ include "stackstate-k8s-agent.global.extraLabels" . | indent 4 }} - app.kubernetes.io/component: cluster-agent - annotations: -{{ include "stackstate-k8s-agent.global.extraAnnotations" . | indent 4 }} -roleRef: - apiGroup: rbac.authorization.k8s.io - kind: ClusterRole - name: {{ include "stackstate-k8s-agent.fullname" . }} -subjects: -- apiGroup: "" - kind: ServiceAccount - name: {{ include "stackstate-k8s-agent.fullname" . }} - namespace: {{ .Release.Namespace }} diff --git a/charts/stackstate/stackstate-k8s-agent/1.0.81/templates/cluster-agent-configmap.yaml b/charts/stackstate/stackstate-k8s-agent/1.0.81/templates/cluster-agent-configmap.yaml deleted file mode 100644 index 37d10217f..000000000 --- a/charts/stackstate/stackstate-k8s-agent/1.0.81/templates/cluster-agent-configmap.yaml +++ /dev/null @@ -1,31 +0,0 @@ -apiVersion: v1 -kind: ConfigMap -metadata: - name: {{ .Release.Name }}-cluster-agent - labels: -{{ include "stackstate-k8s-agent.labels" . | indent 4 }} -{{ include "stackstate-k8s-agent.global.extraLabels" . | indent 4 }} - app.kubernetes.io/component: cluster-agent - annotations: -{{ include "stackstate-k8s-agent.global.extraAnnotations" . | indent 4 }} -data: - kubernetes_api_events_conf: | - init_config: - instances: - - collect_events: {{ .Values.clusterAgent.collection.kubernetesEvents }} - event_categories:{{ .Values.clusterAgent.config.events.categories | toYaml | nindent 10 }} - kubernetes_api_topology_conf: | - init_config: - instances: - - collection_interval: {{ .Values.clusterAgent.config.topology.collectionInterval }} - resources:{{ .Values.clusterAgent.collection.kubernetesResources | toYaml | nindent 10 }} - {{- if .Values.clusterAgent.collection.kubeStateMetrics.enabled }} - kube_state_metrics_core_conf: | - {{- include "cluster-agent-kube-state-metrics" . | nindent 6 }} - {{- end }} -{{- if .Values.clusterAgent.config.override }} -{{- range .Values.clusterAgent.config.override }} - {{ .path | replace "/" "_"}}_{{ .name }}: | -{{ .data | indent 4 -}} -{{- end -}} -{{- end -}} diff --git a/charts/stackstate/stackstate-k8s-agent/1.0.81/templates/cluster-agent-deployment.yaml b/charts/stackstate/stackstate-k8s-agent/1.0.81/templates/cluster-agent-deployment.yaml deleted file mode 100644 index 51025a670..000000000 --- a/charts/stackstate/stackstate-k8s-agent/1.0.81/templates/cluster-agent-deployment.yaml +++ /dev/null @@ -1,169 +0,0 @@ -apiVersion: apps/v1 -kind: Deployment -metadata: - name: {{ .Release.Name }}-cluster-agent - labels: -{{ include "stackstate-k8s-agent.labels" . | indent 4 }} -{{ include "stackstate-k8s-agent.global.extraLabels" . | indent 4 }} - app.kubernetes.io/component: cluster-agent - annotations: -{{ include "stackstate-k8s-agent.global.extraAnnotations" . | indent 4 }} -spec: - replicas: {{ .Values.clusterAgent.replicaCount }} - selector: - matchLabels: - app.kubernetes.io/component: cluster-agent - app.kubernetes.io/instance: {{ .Release.Name }} - app.kubernetes.io/name: {{ include "stackstate-k8s-agent.name" . }} -{{- with .Values.clusterAgent.strategy }} - strategy: - {{- toYaml . | nindent 4 }} -{{- end }} - template: - metadata: - annotations: - {{- include "stackstate-k8s-agent.checksum-configs" . | nindent 8 }} - {{- include "stackstate-k8s-agent.configmap.override.checksum" . | nindent 8 }} -{{ include "stackstate-k8s-agent.global.extraAnnotations" . | indent 8 }} - labels: - app.kubernetes.io/component: cluster-agent - app.kubernetes.io/instance: {{ .Release.Name }} - app.kubernetes.io/name: {{ include "stackstate-k8s-agent.name" . }} -{{ include "stackstate-k8s-agent.global.extraLabels" . | indent 8 }} - spec: - {{- include "stackstate-k8s-agent.image.pullSecrets" (dict "images" (list .Values.clusterAgent.image .Values.all.image) "context" $) | nindent 6 }} - {{- if .Values.clusterAgent.priorityClassName }} - priorityClassName: {{ .Values.clusterAgent.priorityClassName }} - {{- end }} - serviceAccountName: {{ include "stackstate-k8s-agent.fullname" . }} - {{- if .Values.all.hardening.enabled}} - terminationGracePeriodSeconds: 240 - {{- end }} - containers: - - name: cluster-agent - image: "{{ include "stackstate-k8s-agent.imageRegistry" . }}/{{ .Values.clusterAgent.image.repository }}:{{ .Values.clusterAgent.image.tag }}" - imagePullPolicy: "{{ .Values.clusterAgent.image.pullPolicy }}" - {{- if .Values.all.hardening.enabled}} - lifecycle: - preStop: - exec: - command: [ "/bin/sh", "-c", "echo 'Giving slim.ai monitor time to submit data...'; sleep 120" ] - {{- end }} - env: - {{ include "stackstate-k8s-agent.apiKeyEnv" . | nindent 10 }} - {{ include "stackstate-k8s-agent.clusterAgentAuthTokenEnv" . | nindent 10 }} - - name: KUBERNETES_HOSTNAME - valueFrom: - fieldRef: - fieldPath: spec.nodeName - - name: STS_HOSTNAME - value: "$(KUBERNETES_HOSTNAME)-{{ .Values.stackstate.cluster.name}}" - - name: LOG_LEVEL - value: {{ .Values.clusterAgent.logLevel | quote }} - {{- if .Values.checksAgent.enabled }} - - name: STS_CLUSTER_CHECKS_ENABLED - value: "true" - - name: STS_EXTRA_CONFIG_PROVIDERS - value: "kube_endpoints kube_services" - - name: STS_EXTRA_LISTENERS - value: "kube_endpoints kube_services" - {{- end }} - - name: STS_CLUSTER_NAME - value: {{.Values.stackstate.cluster.name | quote }} - - name: STS_SKIP_VALIDATE_CLUSTERNAME - value: "true" - - name: STS_SKIP_SSL_VALIDATION - value: {{ or .Values.global.skipSslValidation .Values.clusterAgent.skipSslValidation | quote }} - - name: STS_COLLECT_KUBERNETES_METRICS - value: {{ .Values.clusterAgent.collection.kubernetesMetrics | quote }} - - name: STS_COLLECT_KUBERNETES_TIMEOUT - value: {{ .Values.clusterAgent.collection.kubernetesTimeout | quote }} - - name: STS_COLLECT_KUBERNETES_TOPOLOGY - value: {{ .Values.clusterAgent.collection.kubernetesTopology | quote }} - - name: STS_LEADER_ELECTION - value: "true" - - name: STS_LOG_LEVEL - value: {{ .Values.clusterAgent.logLevel | quote }} - - name: STS_CLUSTER_AGENT_CMD_PORT - value: {{ .Values.clusterAgent.service.targetPort | quote }} - - name: STS_STS_URL - value: {{ include "stackstate-k8s-agent.stackstate.url" . }} - {{- if .Values.clusterAgent.config.configMap.maxDataSize }} - - name: STS_CONFIGMAP_MAX_DATASIZE - value: {{ .Values.clusterAgent.config.configMap.maxDataSize | quote }} - {{- end}} - {{- if .Values.global.proxy.url }} - - name: STS_PROXY_HTTPS - value: {{ .Values.global.proxy.url | quote }} - - name: STS_PROXY_HTTP - value: {{ .Values.global.proxy.url | quote }} - {{- end }} - {{- range $key, $value := .Values.global.extraEnv.open }} - - name: {{ $key }} - value: {{ $value | quote }} - {{- end }} - {{- range $key, $value := .Values.global.extraEnv.secret }} - - name: {{ $key }} - valueFrom: - secretKeyRef: - name: {{ include "stackstate-k8s-agent.fullname" . }} - key: {{ $key }} - {{- end }} - {{- if .Values.all.hardening.enabled}} - securityContext: - privileged: true - runAsUser: 0 # root - capabilities: - add: [ "ALL" ] - readOnlyRootFilesystem: false - {{- else }} - securityContext: - privileged: false - {{- end }} - {{- with .Values.clusterAgent.resources }} - resources: - {{- toYaml . | nindent 12 }} - {{- end }} - volumeMounts: - - name: logs - mountPath: /var/log/stackstate-agent - - name: config-override-volume - mountPath: /etc/stackstate-agent/conf.d/kubernetes_api_events.d/conf.yaml - subPath: kubernetes_api_events_conf - - name: config-override-volume - mountPath: /etc/stackstate-agent/conf.d/kubernetes_api_topology.d/conf.yaml - subPath: kubernetes_api_topology_conf - readOnly: true - {{- if .Values.clusterAgent.collection.kubeStateMetrics.enabled }} - - name: config-override-volume - mountPath: /etc/stackstate-agent/conf.d/kubernetes_state_core.d/conf.yaml - subPath: kube_state_metrics_core_conf - readOnly: true - {{- end }} - {{- if .Values.clusterAgent.config.override }} - {{- range .Values.clusterAgent.config.override }} - - name: config-override-volume - mountPath: {{ .path }}/{{ .name }} - subPath: {{ .path | replace "/" "_"}}_{{ .name }} - readOnly: true - {{- end }} - {{- end }} - nodeSelector: - {{ template "label.os" . }}: {{ .Values.targetSystem }} - {{- with .Values.clusterAgent.nodeSelector }} - {{- toYaml . | nindent 8 }} - {{- end }} - {{- with .Values.clusterAgent.affinity }} - affinity: - {{- toYaml . | nindent 8 }} - {{- end }} - {{- with .Values.clusterAgent.tolerations }} - tolerations: - {{- toYaml . | nindent 8 }} - {{- end }} - volumes: - - name: logs - emptyDir: {} - - name: config-override-volume - configMap: - name: {{ .Release.Name }}-cluster-agent diff --git a/charts/stackstate/stackstate-k8s-agent/1.0.81/templates/cluster-agent-poddisruptionbudget.yaml b/charts/stackstate/stackstate-k8s-agent/1.0.81/templates/cluster-agent-poddisruptionbudget.yaml deleted file mode 100644 index 64a265b7d..000000000 --- a/charts/stackstate/stackstate-k8s-agent/1.0.81/templates/cluster-agent-poddisruptionbudget.yaml +++ /dev/null @@ -1,21 +0,0 @@ -{{- if .Capabilities.APIVersions.Has "policy/v1/PodDisruptionBudget" }} -apiVersion: policy/v1 -{{- else }} -apiVersion: policy/v1beta1 -{{- end }} -kind: PodDisruptionBudget -metadata: - name: {{ include "stackstate-k8s-agent.fullname" . }} - labels: -{{ include "stackstate-k8s-agent.labels" . | indent 4 }} -{{ include "stackstate-k8s-agent.global.extraLabels" . | indent 4 }} - app.kubernetes.io/component: cluster-agent - annotations: -{{ include "stackstate-k8s-agent.global.extraAnnotations" . | indent 4 }} -spec: - maxUnavailable: 1 - selector: - matchLabels: - app.kubernetes.io/component: cluster-agent - app.kubernetes.io/instance: {{ .Release.Name }} - app.kubernetes.io/name: {{ include "stackstate-k8s-agent.name" . }} diff --git a/charts/stackstate/stackstate-k8s-agent/1.0.81/templates/cluster-agent-role.yaml b/charts/stackstate/stackstate-k8s-agent/1.0.81/templates/cluster-agent-role.yaml deleted file mode 100644 index eabc5bde3..000000000 --- a/charts/stackstate/stackstate-k8s-agent/1.0.81/templates/cluster-agent-role.yaml +++ /dev/null @@ -1,21 +0,0 @@ -{{- $kubeRes := .Values.clusterAgent.collection.kubernetesResources }} -apiVersion: rbac.authorization.k8s.io/v1 -kind: Role -metadata: - name: {{ include "stackstate-k8s-agent.fullname" . }} - labels: -{{ include "stackstate-k8s-agent.labels" . | indent 4 }} -{{ include "stackstate-k8s-agent.global.extraLabels" . | indent 4 }} - app.kubernetes.io/component: cluster-agent - annotations: -{{ include "stackstate-k8s-agent.global.extraAnnotations" . | indent 4 }} -rules: -- apiGroups: - - "" - resources: - - configmaps - verbs: - - create - - get - - patch - - update diff --git a/charts/stackstate/stackstate-k8s-agent/1.0.81/templates/cluster-agent-rolebinding.yaml b/charts/stackstate/stackstate-k8s-agent/1.0.81/templates/cluster-agent-rolebinding.yaml deleted file mode 100644 index adabad45e..000000000 --- a/charts/stackstate/stackstate-k8s-agent/1.0.81/templates/cluster-agent-rolebinding.yaml +++ /dev/null @@ -1,18 +0,0 @@ -apiVersion: rbac.authorization.k8s.io/v1 -kind: RoleBinding -metadata: - name: {{ include "stackstate-k8s-agent.fullname" . }} - labels: -{{ include "stackstate-k8s-agent.labels" . | indent 4 }} -{{ include "stackstate-k8s-agent.global.extraLabels" . | indent 4 }} - app.kubernetes.io/component: cluster-agent - annotations: -{{ include "stackstate-k8s-agent.global.extraAnnotations" . | indent 4 }} -roleRef: - apiGroup: rbac.authorization.k8s.io - kind: Role - name: {{ include "stackstate-k8s-agent.fullname" . }} -subjects: -- apiGroup: "" - kind: ServiceAccount - name: {{ include "stackstate-k8s-agent.fullname" . }} diff --git a/charts/stackstate/stackstate-k8s-agent/1.0.81/templates/cluster-agent-service.yaml b/charts/stackstate/stackstate-k8s-agent/1.0.81/templates/cluster-agent-service.yaml deleted file mode 100644 index 8b687e8f7..000000000 --- a/charts/stackstate/stackstate-k8s-agent/1.0.81/templates/cluster-agent-service.yaml +++ /dev/null @@ -1,21 +0,0 @@ -apiVersion: v1 -kind: Service -metadata: - name: {{ .Release.Name }}-cluster-agent - namespace: {{ .Release.Namespace }} - labels: -{{ include "stackstate-k8s-agent.labels" . | indent 4 }} -{{ include "stackstate-k8s-agent.global.extraLabels" . | indent 4 }} - app.kubernetes.io/component: cluster-agent - annotations: -{{ include "stackstate-k8s-agent.global.extraAnnotations" . | indent 4 }} -spec: - ports: - - name: clusteragent - port: {{int .Values.clusterAgent.service.port }} - protocol: TCP - targetPort: {{int .Values.clusterAgent.service.targetPort }} - selector: - app.kubernetes.io/component: cluster-agent - app.kubernetes.io/instance: {{ .Release.Name }} - app.kubernetes.io/name: {{ include "stackstate-k8s-agent.name" . }} diff --git a/charts/stackstate/stackstate-k8s-agent/1.0.81/templates/cluster-agent-serviceaccount.yaml b/charts/stackstate/stackstate-k8s-agent/1.0.81/templates/cluster-agent-serviceaccount.yaml deleted file mode 100644 index 6cbc89699..000000000 --- a/charts/stackstate/stackstate-k8s-agent/1.0.81/templates/cluster-agent-serviceaccount.yaml +++ /dev/null @@ -1,14 +0,0 @@ -apiVersion: v1 -kind: ServiceAccount -metadata: - name: {{ include "stackstate-k8s-agent.fullname" . }} - namespace: {{ .Release.Namespace }} - labels: -{{ include "stackstate-k8s-agent.labels" . | indent 4 }} -{{ include "stackstate-k8s-agent.global.extraLabels" . | indent 4 }} - app.kubernetes.io/component: cluster-agent - annotations: -{{ include "stackstate-k8s-agent.global.extraAnnotations" . | indent 4 }} -{{- with .Values.clusterAgent.serviceaccount.annotations }} - {{- toYaml . | nindent 4 }} -{{- end }} diff --git a/charts/stackstate/stackstate-k8s-agent/1.0.81/templates/logs-agent-clusterrole.yaml b/charts/stackstate/stackstate-k8s-agent/1.0.81/templates/logs-agent-clusterrole.yaml deleted file mode 100644 index da6cd59dd..000000000 --- a/charts/stackstate/stackstate-k8s-agent/1.0.81/templates/logs-agent-clusterrole.yaml +++ /dev/null @@ -1,23 +0,0 @@ -{{- if .Values.logsAgent.enabled }} -apiVersion: rbac.authorization.k8s.io/v1 -kind: ClusterRole -metadata: - name: {{ .Release.Name }}-logs-agent - labels: -{{ include "stackstate-k8s-agent.labels" . | indent 4 }} -{{ include "stackstate-k8s-agent.global.extraLabels" . | indent 4 }} - app.kubernetes.io/component: logs-agent - annotations: -{{ include "stackstate-k8s-agent.global.extraAnnotations" . | indent 4 }} -rules: -- apiGroups: # Kubelet connectivity - - "" - resources: - - nodes - - services - - pods - verbs: - - get - - watch - - list -{{- end -}} diff --git a/charts/stackstate/stackstate-k8s-agent/1.0.81/templates/logs-agent-clusterrolebinding.yaml b/charts/stackstate/stackstate-k8s-agent/1.0.81/templates/logs-agent-clusterrolebinding.yaml deleted file mode 100644 index 1f6e7cfcf..000000000 --- a/charts/stackstate/stackstate-k8s-agent/1.0.81/templates/logs-agent-clusterrolebinding.yaml +++ /dev/null @@ -1,21 +0,0 @@ -{{- if .Values.logsAgent.enabled }} -apiVersion: rbac.authorization.k8s.io/v1 -kind: ClusterRoleBinding -metadata: - name: {{ .Release.Name }}-logs-agent - labels: -{{ include "stackstate-k8s-agent.labels" . | indent 4 }} -{{ include "stackstate-k8s-agent.global.extraLabels" . | indent 4 }} - app.kubernetes.io/component: logs-agent - annotations: -{{ include "stackstate-k8s-agent.global.extraAnnotations" . | indent 4 }} -roleRef: - apiGroup: rbac.authorization.k8s.io - kind: ClusterRole - name: {{ .Release.Name }}-logs-agent -subjects: -- apiGroup: "" - kind: ServiceAccount - name: {{ .Release.Name }}-logs-agent - namespace: {{ .Release.Namespace }} -{{- end -}} diff --git a/charts/stackstate/stackstate-k8s-agent/1.0.81/templates/logs-agent-configmap.yaml b/charts/stackstate/stackstate-k8s-agent/1.0.81/templates/logs-agent-configmap.yaml deleted file mode 100644 index ff9440a4b..000000000 --- a/charts/stackstate/stackstate-k8s-agent/1.0.81/templates/logs-agent-configmap.yaml +++ /dev/null @@ -1,63 +0,0 @@ -{{- if .Values.logsAgent.enabled }} -apiVersion: v1 -kind: ConfigMap -metadata: - name: {{ .Release.Name }}-logs-agent - labels: -{{ include "stackstate-k8s-agent.labels" . | indent 4 }} -{{ include "stackstate-k8s-agent.global.extraLabels" . | indent 4 }} - app.kubernetes.io/component: logs-agent - annotations: -{{ include "stackstate-k8s-agent.global.extraAnnotations" . | indent 4 }} -data: - promtail.yaml: | - server: - http_listen_port: 9080 - grpc_listen_port: 0 - - clients: - - url: {{ tpl .Values.stackstate.url . }}/logs/k8s?api_key=${STS_API_KEY} - external_labels: - sts_cluster_name: {{ .Values.stackstate.cluster.name | quote }} - {{- if .Values.global.proxy.url }} - proxy_url: {{ .Values.global.proxy.url | quote }} - {{- end }} - tls_config: - insecure_skip_verify: {{ or .Values.global.skipSslValidation .Values.logsAgent.skipSslValidation }} - - - positions: - filename: /tmp/positions.yaml - target_config: - sync_period: 10s - scrape_configs: - - job_name: pod-logs - kubernetes_sd_configs: - - role: pod - pipeline_stages: - - docker: {} - - cri: {} - relabel_configs: - - action: replace - source_labels: - - __meta_kubernetes_pod_name - target_label: pod_name - - action: replace - source_labels: - - __meta_kubernetes_pod_uid - target_label: pod_uid - - action: replace - source_labels: - - __meta_kubernetes_pod_container_name - target_label: container_name - # The __path__ is required by the promtail client - - replacement: /var/log/pods/*$1/*.log - separator: / - source_labels: - - __meta_kubernetes_pod_uid - - __meta_kubernetes_pod_container_name - target_label: __path__ - # Drop all remaining labels, we do not need those - - action: drop - regex: __meta_(.*) -{{- end -}} diff --git a/charts/stackstate/stackstate-k8s-agent/1.0.81/templates/logs-agent-daemonset.yaml b/charts/stackstate/stackstate-k8s-agent/1.0.81/templates/logs-agent-daemonset.yaml deleted file mode 100644 index 23cfce31f..000000000 --- a/charts/stackstate/stackstate-k8s-agent/1.0.81/templates/logs-agent-daemonset.yaml +++ /dev/null @@ -1,91 +0,0 @@ -{{- if .Values.logsAgent.enabled }} -apiVersion: apps/v1 -kind: DaemonSet -metadata: - name: {{ .Release.Name }}-logs-agent - namespace: {{ .Release.Namespace }} - labels: -{{ include "stackstate-k8s-agent.labels" . | indent 4 }} -{{ include "stackstate-k8s-agent.global.extraLabels" . | indent 4 }} - app.kubernetes.io/component: logs-agent - annotations: -{{ include "stackstate-k8s-agent.global.extraAnnotations" . | indent 4 }} -spec: - selector: - matchLabels: - app.kubernetes.io/component: logs-agent - app.kubernetes.io/instance: {{ .Release.Name }} - app.kubernetes.io/name: {{ include "stackstate-k8s-agent.name" . }} -{{- with .Values.logsAgent.updateStrategy }} - updateStrategy: - {{- toYaml . | nindent 4 }} -{{- end }} - template: - metadata: - annotations: - {{- include "stackstate-k8s-agent.checksum-configs" . | nindent 8 }} - {{- include "stackstate-k8s-agent.logsAgent.configmap.override.checksum" . | nindent 8 }} -{{ include "stackstate-k8s-agent.global.extraAnnotations" . | indent 8 }} - labels: - app.kubernetes.io/component: logs-agent - app.kubernetes.io/instance: {{ .Release.Name }} - app.kubernetes.io/name: {{ include "stackstate-k8s-agent.name" . }} -{{ include "stackstate-k8s-agent.global.extraLabels" . | indent 8 }} - spec: - {{- include "stackstate-k8s-agent.image.pullSecrets" (dict "images" (list .Values.logsAgent.image .Values.all.image) "context" $) | nindent 6 }} - containers: - - name: logs-agent - image: "{{ include "stackstate-k8s-agent.imageRegistry" . }}/{{ .Values.logsAgent.image.repository }}:{{ .Values.logsAgent.image.tag }}" - args: - - -config.expand-env=true - - -config.file=/etc/promtail/promtail.yaml - imagePullPolicy: "{{ .Values.logsAgent.image.pullPolicy }}" - env: - {{ include "stackstate-k8s-agent.apiKeyEnv" . | nindent 10 }} - - name: "HOSTNAME" # needed when using kubernetes_sd_configs - valueFrom: - fieldRef: - fieldPath: "spec.nodeName" - securityContext: - privileged: false - {{- with .Values.logsAgent.resources }} - resources: - {{- toYaml . | nindent 12 }} - {{- end }} - volumeMounts: - - name: logs - mountPath: /var/log - readOnly: true - - name: logs-agent-config - mountPath: /etc/promtail - readOnly: true - - name: varlibdockercontainers - mountPath: /var/lib/docker/containers - readOnly: true - {{- if .Values.logsAgent.priorityClassName }} - priorityClassName: {{ .Values.logsAgent.priorityClassName }} - {{- end }} - serviceAccountName: {{ .Release.Name }}-logs-agent - {{- with .Values.logsAgent.nodeSelector }} - nodeSelector: - {{- toYaml . | nindent 8 }} - {{- end }} - {{- with .Values.logsAgent.affinity }} - affinity: - {{- toYaml . | nindent 8 }} - {{- end }} - {{- with .Values.logsAgent.tolerations }} - tolerations: - {{- toYaml . | nindent 8 }} - {{- end }} - volumes: - - name: logs - hostPath: - path: /var/log - - name: varlibdockercontainers - hostPath: - path: /var/lib/docker/containers - - name: logs-agent-config - configMap: - name: {{ .Release.Name }}-logs-agent -{{- end -}} diff --git a/charts/stackstate/stackstate-k8s-agent/1.0.81/templates/logs-agent-serviceaccount.yaml b/charts/stackstate/stackstate-k8s-agent/1.0.81/templates/logs-agent-serviceaccount.yaml deleted file mode 100644 index 91cfdb137..000000000 --- a/charts/stackstate/stackstate-k8s-agent/1.0.81/templates/logs-agent-serviceaccount.yaml +++ /dev/null @@ -1,16 +0,0 @@ -{{- if .Values.logsAgent.enabled }} -apiVersion: v1 -kind: ServiceAccount -metadata: - name: {{ .Release.Name }}-logs-agent - namespace: {{ .Release.Namespace }} - labels: -{{ include "stackstate-k8s-agent.labels" . | indent 4 }} -{{ include "stackstate-k8s-agent.global.extraLabels" . | indent 4 }} - app.kubernetes.io/component: logs-agent - annotations: -{{ include "stackstate-k8s-agent.global.extraAnnotations" . | indent 4 }} -{{- with .Values.logsAgent.serviceaccount.annotations }} - {{- toYaml . | nindent 4 }} -{{- end }} -{{- end -}} diff --git a/charts/stackstate/stackstate-k8s-agent/1.0.81/templates/node-agent-clusterrole.yaml b/charts/stackstate/stackstate-k8s-agent/1.0.81/templates/node-agent-clusterrole.yaml deleted file mode 100644 index 1ded16cc2..000000000 --- a/charts/stackstate/stackstate-k8s-agent/1.0.81/templates/node-agent-clusterrole.yaml +++ /dev/null @@ -1,21 +0,0 @@ -apiVersion: rbac.authorization.k8s.io/v1 -kind: ClusterRole -metadata: - name: {{ .Release.Name }}-node-agent - labels: -{{ include "stackstate-k8s-agent.labels" . | indent 4 }} -{{ include "stackstate-k8s-agent.global.extraLabels" . | indent 4 }} - app.kubernetes.io/component: node-agent - annotations: -{{ include "stackstate-k8s-agent.global.extraAnnotations" . | indent 4 }} -rules: -- apiGroups: # Kubelet connectivity - - "" - resources: - - nodes/metrics - - nodes/proxy - - nodes/spec - - endpoints - verbs: - - get - - list diff --git a/charts/stackstate/stackstate-k8s-agent/1.0.81/templates/node-agent-clusterrolebinding.yaml b/charts/stackstate/stackstate-k8s-agent/1.0.81/templates/node-agent-clusterrolebinding.yaml deleted file mode 100644 index b3f033ebb..000000000 --- a/charts/stackstate/stackstate-k8s-agent/1.0.81/templates/node-agent-clusterrolebinding.yaml +++ /dev/null @@ -1,19 +0,0 @@ -apiVersion: rbac.authorization.k8s.io/v1 -kind: ClusterRoleBinding -metadata: - name: {{ .Release.Name }}-node-agent - labels: -{{ include "stackstate-k8s-agent.labels" . | indent 4 }} -{{ include "stackstate-k8s-agent.global.extraLabels" . | indent 4 }} - app.kubernetes.io/component: node-agent - annotations: -{{ include "stackstate-k8s-agent.global.extraAnnotations" . | indent 4 }} -roleRef: - apiGroup: rbac.authorization.k8s.io - kind: ClusterRole - name: {{ .Release.Name }}-node-agent -subjects: -- apiGroup: "" - kind: ServiceAccount - name: {{ .Release.Name }}-node-agent - namespace: {{ .Release.Namespace }} diff --git a/charts/stackstate/stackstate-k8s-agent/1.0.81/templates/node-agent-configmap.yaml b/charts/stackstate/stackstate-k8s-agent/1.0.81/templates/node-agent-configmap.yaml deleted file mode 100644 index 8f6b2ed3a..000000000 --- a/charts/stackstate/stackstate-k8s-agent/1.0.81/templates/node-agent-configmap.yaml +++ /dev/null @@ -1,17 +0,0 @@ -{{- if .Values.nodeAgent.config.override }} -apiVersion: v1 -kind: ConfigMap -metadata: - name: {{ .Release.Name }}-node-agent - labels: -{{ include "stackstate-k8s-agent.labels" . | indent 4 }} -{{ include "stackstate-k8s-agent.global.extraLabels" . | indent 4 }} - app.kubernetes.io/component: node-agent - annotations: -{{ include "stackstate-k8s-agent.global.extraAnnotations" . | indent 4 }} -data: -{{- range .Values.nodeAgent.config.override }} - {{ .path | replace "/" "_"}}_{{ .name }}: | -{{ .data | indent 4 -}} -{{- end -}} -{{- end -}} diff --git a/charts/stackstate/stackstate-k8s-agent/1.0.81/templates/node-agent-daemonset.yaml b/charts/stackstate/stackstate-k8s-agent/1.0.81/templates/node-agent-daemonset.yaml deleted file mode 100644 index 4c8dbdd5a..000000000 --- a/charts/stackstate/stackstate-k8s-agent/1.0.81/templates/node-agent-daemonset.yaml +++ /dev/null @@ -1,110 +0,0 @@ ---- -apiVersion: apps/v1 -kind: DaemonSet -metadata: - name: {{ .Release.Name }}-node-agent - namespace: {{ .Release.Namespace }} - labels: -{{ include "stackstate-k8s-agent.labels" . | indent 4 }} -{{ include "stackstate-k8s-agent.global.extraLabels" . | indent 4 }} - app.kubernetes.io/component: node-agent - annotations: -{{ include "stackstate-k8s-agent.global.extraAnnotations" . | indent 4 }} -spec: - selector: - matchLabels: - app.kubernetes.io/component: node-agent - app.kubernetes.io/instance: {{ .Release.Name }} - app.kubernetes.io/name: {{ include "stackstate-k8s-agent.name" . }} -{{- with .Values.nodeAgent.updateStrategy }} - updateStrategy: - {{- toYaml . | nindent 4 }} -{{- end }} - template: - metadata: - annotations: - {{- include "stackstate-k8s-agent.checksum-configs" . | nindent 8 }} - {{- include "stackstate-k8s-agent.nodeAgent.configmap.override.checksum" . | nindent 8 }} -{{ include "stackstate-k8s-agent.global.extraAnnotations" . | indent 8 }} - labels: - app.kubernetes.io/component: node-agent - app.kubernetes.io/instance: {{ .Release.Name }} - app.kubernetes.io/name: {{ include "stackstate-k8s-agent.name" . }} -{{ include "stackstate-k8s-agent.global.extraLabels" . | indent 8 }} - spec: - {{- include "stackstate-k8s-agent.image.pullSecrets" (dict "images" (list .Values.nodeAgent.containers.agent.image .Values.all.image) "context" $) | nindent 6 }} - {{- if .Values.all.hardening.enabled}} - terminationGracePeriodSeconds: 240 - {{- end }} - containers: - {{- include "container-agent" . | nindent 6 }} - {{- if .Values.nodeAgent.containers.processAgent.enabled }} - {{- include "container-process-agent" . | nindent 6 }} - {{- end }} - dnsPolicy: ClusterFirstWithHostNet - hostNetwork: true - hostPID: true - {{- if .Values.nodeAgent.priorityClassName }} - priorityClassName: {{ .Values.nodeAgent.priorityClassName }} - {{- end }} - serviceAccountName: {{ .Release.Name }}-node-agent - nodeSelector: - {{ template "label.os" . }}: {{ .Values.targetSystem }} - {{- with .Values.nodeAgent.nodeSelector }} - {{- toYaml . | nindent 8 }} - {{- end }} - {{- with .Values.nodeAgent.affinity }} - affinity: - {{- toYaml . | nindent 8 }} - {{- end }} - {{- with .Values.nodeAgent.tolerations }} - tolerations: - {{- toYaml . | nindent 8 }} - {{- end }} - volumes: - {{- if .Values.nodeAgent.containerRuntime.customSocketPath }} - - hostPath: - path: {{ .Values.nodeAgent.containerRuntime.customSocketPath }} - name: customcrisocket - {{- end }} - - hostPath: - path: /var/lib/kubelet - name: kubelet - - hostPath: - path: /var/lib/nfs - name: nfs - - hostPath: - path: /var/lib/docker/overlay2 - name: dockeroverlay2 - - hostPath: - path: /run/docker/netns - name: dockernetns - - hostPath: - path: /var/run/crio/crio.sock - name: crisocket - - hostPath: - path: /var/run/containerd/containerd.sock - name: containerdsocket - - hostPath: - path: /sys/kernel/debug - name: sys-kernel-debug - - hostPath: - path: /var/run/docker.sock - name: dockersocket - - hostPath: - path: {{ .Values.nodeAgent.containerRuntime.hostProc }} - name: procdir - - hostPath: - path: /etc - name: etcdir - - hostPath: - path: /etc/passwd - name: passwd - - hostPath: - path: /sys/fs/cgroup - name: cgroups - {{- if .Values.nodeAgent.config.override }} - - name: config-override-volume - configMap: - name: {{ .Release.Name }}-node-agent - {{- end }} diff --git a/charts/stackstate/stackstate-k8s-agent/1.0.81/templates/node-agent-podautoscaler.yaml b/charts/stackstate/stackstate-k8s-agent/1.0.81/templates/node-agent-podautoscaler.yaml deleted file mode 100644 index 38298d414..000000000 --- a/charts/stackstate/stackstate-k8s-agent/1.0.81/templates/node-agent-podautoscaler.yaml +++ /dev/null @@ -1,39 +0,0 @@ ---- -{{- if .Values.nodeAgent.autoScalingEnabled }} -apiVersion: "autoscaling.k8s.io/v1" -kind: VerticalPodAutoscaler -metadata: - name: {{ .Release.Name }}-node-agent-vpa - namespace: {{ .Release.Namespace }} - labels: -{{ include "stackstate-k8s-agent.global.extraLabels" . | indent 4 }} - annotations: -{{ include "stackstate-k8s-agent.global.extraAnnotations" . | indent 4 }} -spec: - targetRef: - apiVersion: "apps/v1" - kind: DaemonSet - name: {{ .Release.Name }}-node-agent - resourcePolicy: - containerPolicies: - - containerName: 'node-agent' - minAllowed: - cpu: {{ .Values.nodeAgent.scaling.autoscalerLimits.agent.minimum.cpu }} - memory: {{ .Values.nodeAgent.scaling.autoscalerLimits.agent.minimum.memory }} - maxAllowed: - cpu: {{ .Values.nodeAgent.scaling.autoscalerLimits.agent.maximum.cpu }} - memory: {{ .Values.nodeAgent.scaling.autoscalerLimits.agent.maximum.memory }} - controlledResources: ["cpu", "memory"] - controlledValues: RequestsAndLimits - - containerName: 'process-agent' - minAllowed: - cpu: {{ .Values.nodeAgent.scaling.autoscalerLimits.processAgent.minimum.cpu }} - memory: {{ .Values.nodeAgent.scaling.autoscalerLimits.processAgent.minimum.memory }} - maxAllowed: - cpu: {{ .Values.nodeAgent.scaling.autoscalerLimits.processAgent.maximum.cpu }} - memory: {{ .Values.nodeAgent.scaling.autoscalerLimits.processAgent.maximum.memory }} - controlledResources: ["cpu", "memory"] - controlledValues: RequestsAndLimits - updatePolicy: - updateMode: "Auto" -{{- end }} diff --git a/charts/stackstate/stackstate-k8s-agent/1.0.81/templates/node-agent-scc.yaml b/charts/stackstate/stackstate-k8s-agent/1.0.81/templates/node-agent-scc.yaml deleted file mode 100644 index a09da78c1..000000000 --- a/charts/stackstate/stackstate-k8s-agent/1.0.81/templates/node-agent-scc.yaml +++ /dev/null @@ -1,60 +0,0 @@ -{{- if .Values.nodeAgent.scc.enabled }} -allowHostDirVolumePlugin: true -# was true -allowHostIPC: true -# was true -allowHostNetwork: true -# Allow host PID for dogstatsd origin detection -allowHostPID: true -# Allow host ports for dsd / trace / logs intake -allowHostPorts: true -allowPrivilegeEscalation: true -# was true -allowPrivilegedContainer: true -# was - '*' -allowedCapabilities: [] -allowedUnsafeSysctls: -- '*' -apiVersion: security.openshift.io/v1 -defaultAddCapabilities: null -fsGroup: -# was RunAsAny - type: MustRunAs -groups: [] -kind: SecurityContextConstraints -metadata: - name: {{ .Release.Name }}-node-agent - namespace: {{ .Release.Namespace }} - labels: -{{ include "stackstate-k8s-agent.global.extraLabels" . | indent 4 }} - annotations: -{{ include "stackstate-k8s-agent.global.extraAnnotations" . | indent 4 }} -priority: null -readOnlyRootFilesystem: false -requiredDropCapabilities: null -# was RunAsAny -runAsUser: - type: MustRunAsRange -# Use the `spc_t` selinux type to access the -# docker socket + proc and cgroup stats -seLinuxContext: - type: RunAsAny - seLinuxOptions: - user: "system_u" - role: "system_r" - type: "spc_t" - level: "s0" -# was - '*' -seccompProfiles: [] -supplementalGroups: - type: RunAsAny -users: -- system:serviceaccount:{{ .Release.Namespace }}:{{ .Release.Name }}-node-agent -# Allow hostPath for docker / process metrics -volumes: - - configMap - - downwardAPI - - emptyDir - - hostPath - - secret -{{- end }} diff --git a/charts/stackstate/stackstate-k8s-agent/1.0.81/templates/node-agent-service.yaml b/charts/stackstate/stackstate-k8s-agent/1.0.81/templates/node-agent-service.yaml deleted file mode 100644 index 0b6cd6ec0..000000000 --- a/charts/stackstate/stackstate-k8s-agent/1.0.81/templates/node-agent-service.yaml +++ /dev/null @@ -1,28 +0,0 @@ -apiVersion: v1 -kind: Service -metadata: - name: {{ .Release.Name }}-node-agent - namespace: {{ .Release.Namespace }} - labels: -{{ include "stackstate-k8s-agent.labels" . | indent 4 }} -{{ include "stackstate-k8s-agent.global.extraLabels" . | indent 4 }} - app.kubernetes.io/component: node-agent - annotations: -{{ include "stackstate-k8s-agent.global.extraAnnotations" . | indent 4 }} -{{- with .Values.nodeAgent.service.annotations }} - {{- toYaml . | nindent 4 }} -{{- end }} -spec: - type: {{ .Values.nodeAgent.service.type }} -{{- if eq .Values.nodeAgent.service.type "LoadBalancer" }} - loadBalancerSourceRanges: {{ toYaml .Values.nodeAgent.service.loadBalancerSourceRanges | nindent 4}} -{{- end }} - ports: - - name: traceport - port: 8126 - protocol: TCP - targetPort: 8126 - selector: - app.kubernetes.io/component: node-agent - app.kubernetes.io/instance: {{ .Release.Name }} - app.kubernetes.io/name: {{ include "stackstate-k8s-agent.name" . }} diff --git a/charts/stackstate/stackstate-k8s-agent/1.0.81/templates/node-agent-serviceaccount.yaml b/charts/stackstate/stackstate-k8s-agent/1.0.81/templates/node-agent-serviceaccount.yaml deleted file mode 100644 index 803d184ef..000000000 --- a/charts/stackstate/stackstate-k8s-agent/1.0.81/templates/node-agent-serviceaccount.yaml +++ /dev/null @@ -1,14 +0,0 @@ -apiVersion: v1 -kind: ServiceAccount -metadata: - name: {{ .Release.Name }}-node-agent - namespace: {{ .Release.Namespace }} - labels: -{{ include "stackstate-k8s-agent.labels" . | indent 4 }} -{{ include "stackstate-k8s-agent.global.extraLabels" . | indent 4 }} - app.kubernetes.io/component: node-agent - annotations: -{{ include "stackstate-k8s-agent.global.extraAnnotations" . | indent 4 }} -{{- with .Values.nodeAgent.serviceaccount.annotations }} - {{- toYaml . | nindent 4 }} -{{- end }} diff --git a/charts/stackstate/stackstate-k8s-agent/1.0.81/templates/openshift-logging-secret.yaml b/charts/stackstate/stackstate-k8s-agent/1.0.81/templates/openshift-logging-secret.yaml deleted file mode 100644 index ed0707f1f..000000000 --- a/charts/stackstate/stackstate-k8s-agent/1.0.81/templates/openshift-logging-secret.yaml +++ /dev/null @@ -1,22 +0,0 @@ -{{- if not .Values.stackstate.manageOwnSecrets }} -{{- if .Values.openShiftLogging.installSecret }} -apiVersion: v1 -kind: Secret -metadata: - name: {{ include "stackstate-k8s-agent.fullname" . }}-logging-secret - namespace: openshift-logging - labels: -{{ include "stackstate-k8s-agent.labels" . | indent 4 }} -{{ include "stackstate-k8s-agent.global.extraLabels" . | indent 4 }} - annotations: -{{ include "stackstate-k8s-agent.global.extraAnnotations" . | indent 4 }} -type: Opaque -data: - username: {{ "apikey" | b64enc | quote }} -{{- if .Values.global.receiverApiKey }} - password: {{ .Values.global.receiverApiKey | b64enc | quote }} -{{- else }} - password: {{ .Values.stackstate.apiKey | b64enc | quote }} -{{- end }} -{{- end }} -{{- end }} diff --git a/charts/stackstate/stackstate-k8s-agent/1.0.81/templates/pull-secret.yaml b/charts/stackstate/stackstate-k8s-agent/1.0.81/templates/pull-secret.yaml deleted file mode 100644 index 916941665..000000000 --- a/charts/stackstate/stackstate-k8s-agent/1.0.81/templates/pull-secret.yaml +++ /dev/null @@ -1,39 +0,0 @@ -{{- $defaultRegistry := .Values.global.imageRegistry }} -{{- $top := . }} -{{- $registryAuthMap := dict }} - -{{- range $registry, $credentials := .Values.global.imagePullCredentials }} - {{- $registryAuthDocument := dict -}} - {{- $_ := set $registryAuthDocument "username" $credentials.username }} - {{- $_ := set $registryAuthDocument "password" $credentials.password }} - {{- $authMessage := printf "%s:%s" $registryAuthDocument.username $registryAuthDocument.password | b64enc }} - {{- $_ := set $registryAuthDocument "auth" $authMessage }} - {{- if eq $registry "default" }} - {{- $registryAuthMap := set $registryAuthMap (include "stackstate-k8s-agent.imageRegistry" $top) $registryAuthDocument }} - {{ else }} - {{- $registryAuthMap := set $registryAuthMap $registry $registryAuthDocument }} - {{- end }} -{{- end }} - -{{- if .Values.all.image.pullSecretUsername }} - {{- $registryAuthDocument := dict -}} - {{- $_ := set $registryAuthDocument "username" .Values.all.image.pullSecretUsername }} - {{- $_ := set $registryAuthDocument "password" .Values.all.image.pullSecretPassword }} - {{- $authMessage := printf "%s:%s" $registryAuthDocument.username $registryAuthDocument.password | b64enc }} - {{- $_ := set $registryAuthDocument "auth" $authMessage }} - {{- $registryAuthMap := set $registryAuthMap (include "stackstate-k8s-agent.imageRegistry" $top) $registryAuthDocument }} -{{- end }} - -{{- $dockerAuthsDocuments := dict "auths" $registryAuthMap }} - -apiVersion: v1 -kind: Secret -metadata: - name: {{ include "stackstate-k8s-agent.pull-secret.name" . }} - labels: -{{ include "stackstate-k8s-agent.global.extraLabels" . | indent 4 }} - annotations: -{{ include "stackstate-k8s-agent.global.extraAnnotations" . | indent 4 }} -data: - .dockerconfigjson: {{ $dockerAuthsDocuments | toJson | b64enc | quote }} -type: kubernetes.io/dockerconfigjson diff --git a/charts/stackstate/stackstate-k8s-agent/1.0.81/templates/secret.yaml b/charts/stackstate/stackstate-k8s-agent/1.0.81/templates/secret.yaml deleted file mode 100644 index 5e0f5f74c..000000000 --- a/charts/stackstate/stackstate-k8s-agent/1.0.81/templates/secret.yaml +++ /dev/null @@ -1,27 +0,0 @@ -{{- if not .Values.stackstate.manageOwnSecrets }} -apiVersion: v1 -kind: Secret -metadata: - name: {{ include "stackstate-k8s-agent.fullname" . }} - namespace: {{ .Release.Namespace }} - labels: -{{ include "stackstate-k8s-agent.labels" . | indent 4 }} -{{ include "stackstate-k8s-agent.global.extraLabels" . | indent 4 }} - annotations: -{{ include "stackstate-k8s-agent.global.extraAnnotations" . | indent 4 }} -type: Opaque -data: -{{- if .Values.global.receiverApiKey }} - sts-api-key: {{ .Values.global.receiverApiKey | b64enc | quote }} -{{- else }} - sts-api-key: {{ .Values.stackstate.apiKey | b64enc | quote }} -{{- end }} -{{- if .Values.stackstate.cluster.authToken }} - sts-cluster-auth-token: {{ .Values.stackstate.cluster.authToken | b64enc | quote }} -{{- else }} - sts-cluster-auth-token: {{ randAlphaNum 32 | b64enc | quote }} -{{- end }} -{{- range $key, $value := .Values.global.extraEnv.secret }} - {{ $key }}: {{ $value | b64enc | quote }} -{{- end }} -{{- end }} diff --git a/charts/stackstate/stackstate-k8s-agent/1.0.81/test/clusteragent_resources_test.go b/charts/stackstate/stackstate-k8s-agent/1.0.81/test/clusteragent_resources_test.go deleted file mode 100644 index 25875e871..000000000 --- a/charts/stackstate/stackstate-k8s-agent/1.0.81/test/clusteragent_resources_test.go +++ /dev/null @@ -1,145 +0,0 @@ -package test - -import ( - "regexp" - "strings" - "testing" - - v1 "k8s.io/api/rbac/v1" - - "github.com/stretchr/testify/assert" - "gitlab.com/StackVista/DevOps/helm-charts/helmtestutil" -) - -var requiredRules = []string{ - "events+get,list,watch", - "nodes+get,list,watch", - "pods+get,list,watch", - "services+get,list,watch", - "configmaps+create,get,patch,update", -} - -var optionalRules = []string{ - "namespaces+get,list,watch", - "componentstatuses+get,list,watch", - "configmaps+list,watch", // get is already required - "endpoints+get,list,watch", - "persistentvolumeclaims+get,list,watch", - "persistentvolumes+get,list,watch", - "secrets+get,list,watch", - "apps/daemonsets+get,list,watch", - "apps/deployments+get,list,watch", - "apps/replicasets+get,list,watch", - "apps/statefulsets+get,list,watch", - "extensions/ingresses+get,list,watch", - "batch/cronjobs+get,list,watch", - "batch/jobs+get,list,watch", -} - -var roleDescriptionRegexp = regexp.MustCompile(`^((?P\w+)/)?(?P\w+)\+(?P[\w,]+)`) - -type Rule struct { - Group string - ResourceName string - Verb string -} - -func assertRuleExistence(t *testing.T, rules []v1.PolicyRule, roleDescription string, shouldBePresent bool) { - match := roleDescriptionRegexp.FindStringSubmatch(roleDescription) - assert.NotNil(t, match) - - var roleRules []Rule - for _, rule := range rules { - for _, group := range rule.APIGroups { - for _, resource := range rule.Resources { - for _, verb := range rule.Verbs { - roleRules = append(roleRules, Rule{group, resource, verb}) - } - } - } - } - - resGroup := match[roleDescriptionRegexp.SubexpIndex("group")] - resName := match[roleDescriptionRegexp.SubexpIndex("name")] - verbs := strings.Split(match[roleDescriptionRegexp.SubexpIndex("verbs")], ",") - - for _, verb := range verbs { - requiredRule := Rule{resGroup, resName, verb} - found := false - for _, rule := range roleRules { - if rule == requiredRule { - found = true - break - } - } - if shouldBePresent { - assert.Truef(t, found, "Rule %v has not been found", requiredRule) - } else { - assert.Falsef(t, found, "Rule %v should not be present", requiredRule) - } - } -} - -func TestAllResourcesAreEnabled(t *testing.T) { - output := helmtestutil.RenderHelmTemplate(t, "stackstate-k8s-agent", "values/minimal.yaml") - resources := helmtestutil.NewKubernetesResources(t, output) - - assert.Contains(t, resources.ClusterRoles, "stackstate-k8s-agent") - assert.Contains(t, resources.Roles, "stackstate-k8s-agent") - rules := resources.ClusterRoles["stackstate-k8s-agent"].Rules - rules = append(rules, resources.Roles["stackstate-k8s-agent"].Rules...) - - for _, requiredRole := range requiredRules { - assertRuleExistence(t, rules, requiredRole, true) - } - // be default, everything is enabled, so all the optional roles should be present as well - for _, optionalRule := range optionalRules { - assertRuleExistence(t, rules, optionalRule, true) - } -} - -func TestMostOfResourcesAreDisabled(t *testing.T) { - output := helmtestutil.RenderHelmTemplate(t, "stackstate-k8s-agent", "values/minimal.yaml", "values/disable-all-resource.yaml") - resources := helmtestutil.NewKubernetesResources(t, output) - - assert.Contains(t, resources.ClusterRoles, "stackstate-k8s-agent") - assert.Contains(t, resources.Roles, "stackstate-k8s-agent") - rules := resources.ClusterRoles["stackstate-k8s-agent"].Rules - rules = append(rules, resources.Roles["stackstate-k8s-agent"].Rules...) - - for _, requiredRole := range requiredRules { - assertRuleExistence(t, rules, requiredRole, true) - } - - // we expect all optional resources to be removed from ClusterRole with the given values - for _, optionalRule := range optionalRules { - assertRuleExistence(t, rules, optionalRule, false) - } -} - -func TestNoClusterWideModificationRights(t *testing.T) { - output := helmtestutil.RenderHelmTemplate(t, "stackstate-k8s-agent", "values/minimal.yaml", "values/http-header-injector.yaml") - resources := helmtestutil.NewKubernetesResources(t, output) - assert.Contains(t, resources.ClusterRoles, "stackstate-k8s-agent") - illegalVerbs := []string{"create", "patch", "update", "delete"} - - for _, clusterRole := range resources.ClusterRoles { - for _, rule := range clusterRole.Rules { - for _, verb := range rule.Verbs { - assert.NotContains(t, illegalVerbs, verb, "ClusterRole %s should not have %s verb for %s resource", clusterRole.Name, verb, rule.Resources) - } - } - } -} - -func TestServicePortChange(t *testing.T) { - output := helmtestutil.RenderHelmTemplate(t, "stackstate-k8s-agent", "values/minimal.yaml", "values/clustercheck_service_port_override.yaml") - resources := helmtestutil.NewKubernetesResources(t, output) - - cluster_agent_service := resources.Services["stackstate-k8s-agent-cluster-agent"] - - port := cluster_agent_service.Spec.Ports[0] - assert.Equal(t, port.Name, "clusteragent") - assert.Equal(t, port.Port, int32(8008)) - assert.Equal(t, port.TargetPort.IntVal, int32(9009)) -} diff --git a/charts/stackstate/stackstate-k8s-agent/1.0.81/test/clustername_test.go b/charts/stackstate/stackstate-k8s-agent/1.0.81/test/clustername_test.go deleted file mode 100644 index 55090b995..000000000 --- a/charts/stackstate/stackstate-k8s-agent/1.0.81/test/clustername_test.go +++ /dev/null @@ -1,54 +0,0 @@ -package test - -import ( - "testing" - - "github.com/gruntwork-io/terratest/modules/helm" - "github.com/stretchr/testify/assert" - - "gitlab.com/StackVista/DevOps/helm-charts/helmtestutil" -) - -func TestHelmBasicRender(t *testing.T) { - output := helmtestutil.RenderHelmTemplate(t, "stackstate-k8s-agent", "values/minimal.yaml") - - // Parse all resources into their corresponding types for validation and further inspection - helmtestutil.NewKubernetesResources(t, output) -} - -func TestClusterNameValidation(t *testing.T) { - testCases := []struct { - Name string - ClusterName string - IsValid bool - }{ - {"not allowed end with special character [.]", "name.", false}, - {"not allowed end with special character [-]", "name.", false}, - {"not allowed start with special character [-]", "-name", false}, - {"not allowed start with special character [.]", ".name", false}, - {"upper case is not allowed", "Euwest1-prod.cool-company.com", false}, - {"upper case is not allowed", "euwest1-PROD.cool-company.com", false}, - {"upper case is not allowed", "euwest1-prod.cool-company.coM", false}, - {"dots and dashes are allowed in the middle", "euwest1-prod.cool-company.com", true}, - {"underscore is not allowed", "why_7", false}, - } - - for _, testCase := range testCases { - t.Run(testCase.Name, func(t *testing.T) { - output, err := helmtestutil.RenderHelmTemplateOpts( - t, "cluster-agent", - &helm.Options{ - ValuesFiles: []string{"values/minimal.yaml"}, - SetStrValues: map[string]string{ - "stackstate.cluster.name": testCase.ClusterName, - }, - }) - if testCase.IsValid { - assert.Nil(t, err) - } else { - assert.NotNil(t, err) - assert.Contains(t, output, "stackstate.cluster.name: Does not match pattern") - } - }) - } -} diff --git a/charts/stackstate/stackstate-k8s-agent/1.0.81/test/values/clustercheck_ksm_custom_url.yaml b/charts/stackstate/stackstate-k8s-agent/1.0.81/test/values/clustercheck_ksm_custom_url.yaml deleted file mode 100644 index 57b973eed..000000000 --- a/charts/stackstate/stackstate-k8s-agent/1.0.81/test/values/clustercheck_ksm_custom_url.yaml +++ /dev/null @@ -1,7 +0,0 @@ -checksAgent: - enabled: true - kubeStateMetrics: - url: http://my-custom-ksm-url.monitoring.svc.local:8080/metrics -dependencies: - kubeStateMetrics: - enabled: true diff --git a/charts/stackstate/stackstate-k8s-agent/1.0.81/test/values/clustercheck_ksm_no_override.yaml b/charts/stackstate/stackstate-k8s-agent/1.0.81/test/values/clustercheck_ksm_no_override.yaml deleted file mode 100644 index b6c817d47..000000000 --- a/charts/stackstate/stackstate-k8s-agent/1.0.81/test/values/clustercheck_ksm_no_override.yaml +++ /dev/null @@ -1,5 +0,0 @@ -checksAgent: - enabled: true -dependencies: - kubeStateMetrics: - enabled: true diff --git a/charts/stackstate/stackstate-k8s-agent/1.0.81/test/values/clustercheck_ksm_override.yaml b/charts/stackstate/stackstate-k8s-agent/1.0.81/test/values/clustercheck_ksm_override.yaml deleted file mode 100644 index 9ca201345..000000000 --- a/charts/stackstate/stackstate-k8s-agent/1.0.81/test/values/clustercheck_ksm_override.yaml +++ /dev/null @@ -1,26 +0,0 @@ -checksAgent: - enabled: true -dependencies: - kubeStateMetrics: - enabled: true -agent: - config: - override: -# agent.config.override -- Disables kubernetes_state check on regular agent pods. - - name: auto_conf.yaml - path: /etc/stackstate-agent/conf.d/kubernetes_state.d - data: | -clusterAgent: - config: - override: -# clusterAgent.config.override -- Defines kubernetes_state check for clusterchecks agents. Auto-discovery -# with ad_identifiers does not work here. Use a specific URL instead. - - name: conf.yaml - path: /etc/stackstate-agent/conf.d/kubernetes_state.d - data: | - cluster_check: true - - init_config: - - instances: - - kube_state_url: http://YOUR_KUBE_STATE_METRICS_SERVICE_NAME:8080/metrics diff --git a/charts/stackstate/stackstate-k8s-agent/1.0.81/test/values/clustercheck_no_ksm_custom_url.yaml b/charts/stackstate/stackstate-k8s-agent/1.0.81/test/values/clustercheck_no_ksm_custom_url.yaml deleted file mode 100644 index a62691878..000000000 --- a/charts/stackstate/stackstate-k8s-agent/1.0.81/test/values/clustercheck_no_ksm_custom_url.yaml +++ /dev/null @@ -1,7 +0,0 @@ -checksAgent: - enabled: true - kubeStateMetrics: - url: http://my-custom-ksm-url.monitoring.svc.local:8080/metrics -dependencies: - kubeStateMetrics: - enabled: false diff --git a/charts/stackstate/stackstate-k8s-agent/1.0.81/test/values/clustercheck_service_port_override.yaml b/charts/stackstate/stackstate-k8s-agent/1.0.81/test/values/clustercheck_service_port_override.yaml deleted file mode 100644 index c01a98fcb..000000000 --- a/charts/stackstate/stackstate-k8s-agent/1.0.81/test/values/clustercheck_service_port_override.yaml +++ /dev/null @@ -1,4 +0,0 @@ -clusterAgent: - service: - port: 8008 - targetPort: 9009 diff --git a/charts/stackstate/stackstate-k8s-agent/1.0.81/test/values/disable-all-resource.yaml b/charts/stackstate/stackstate-k8s-agent/1.0.81/test/values/disable-all-resource.yaml deleted file mode 100644 index cd33e843e..000000000 --- a/charts/stackstate/stackstate-k8s-agent/1.0.81/test/values/disable-all-resource.yaml +++ /dev/null @@ -1,17 +0,0 @@ -clusterAgent: - collection: - kubernetesMetrics: false - kubernetesResources: - namespaces: false - configmaps: false - endpoints: false - persistentvolumes: false - persistentvolumeclaims: false - secrets: false - daemonsets: false - deployments: false - replicasets: false - statefulsets: false - ingresses: false - cronjobs: false - jobs: false diff --git a/charts/stackstate/stackstate-k8s-agent/1.0.81/test/values/http-header-injector.yaml b/charts/stackstate/stackstate-k8s-agent/1.0.81/test/values/http-header-injector.yaml deleted file mode 100644 index c9392ce2d..000000000 --- a/charts/stackstate/stackstate-k8s-agent/1.0.81/test/values/http-header-injector.yaml +++ /dev/null @@ -1,8 +0,0 @@ -httpHeaderInjectorWebhook: - webhook: - tls: - mode: "provided" - provided: - caBundle: insert-ca-here - crt: insert-cert-here - key: insert-key-here diff --git a/charts/stackstate/stackstate-k8s-agent/1.0.81/test/values/minimal.yaml b/charts/stackstate/stackstate-k8s-agent/1.0.81/test/values/minimal.yaml deleted file mode 100644 index b310c9a09..000000000 --- a/charts/stackstate/stackstate-k8s-agent/1.0.81/test/values/minimal.yaml +++ /dev/null @@ -1,7 +0,0 @@ -stackstate: - apiKey: foobar - cluster: - name: some-k8s-cluster - token: some-token - - url: https://stackstate:7000/receiver diff --git a/charts/stackstate/stackstate-k8s-agent/1.0.81/values.schema.json b/charts/stackstate/stackstate-k8s-agent/1.0.81/values.schema.json deleted file mode 100644 index 57d36a9f3..000000000 --- a/charts/stackstate/stackstate-k8s-agent/1.0.81/values.schema.json +++ /dev/null @@ -1,78 +0,0 @@ -{ - "$schema": "https://json-schema.org/draft/2019-09/schema", - "$id": "https://stackstate.io/example.json", - "type": "object", - "default": {}, - "title": "StackState Agent Helm chart values", - "required": [ - "stackstate", - "clusterAgent" - ], - "properties": { - "stackstate": { - "type": "object", - "required": [ - "cluster", - "url" - ], - "properties": { - "apiKey": { - "type": "string" - }, - "cluster": { - "type": "object", - "required": ["name"], - "properties": { - "name": { - "type": "string", - "pattern": "^[a-z0-9]([a-z0-9\\-\\.]*[a-z0-9])$" - }, - "authToken": { - "type": "string" - } - } - }, - "url": { - "type": "string" - } - } - }, - "clusterAgent": { - "type": "object", - "required": [ - "config" - ], - "properties": { - "config": { - "type": "object", - "required": [ - "events" - ], - "properties": { - "events": { - "type": "object", - "properties": { - "categories": { - "type": "object", - "patternProperties": { - ".*": { - "type": [ - "string" - ], - "enum": [ - "Alerts", - "Activities", - "Changes", - "Others" - ] - } - } - } - } - } - } - } - } - } - } -} diff --git a/charts/stackstate/stackstate-k8s-agent/1.0.81/values.yaml b/charts/stackstate/stackstate-k8s-agent/1.0.81/values.yaml deleted file mode 100644 index 4c9ad67df..000000000 --- a/charts/stackstate/stackstate-k8s-agent/1.0.81/values.yaml +++ /dev/null @@ -1,616 +0,0 @@ -##################### -# General variables # -##################### - -global: - extraEnv: - # global.extraEnv.open -- Extra open environment variables to inject into pods. - open: {} - # global.extraEnv.secret -- Extra secret environment variables to inject into pods via a `Secret` object. - secret: {} - # global.imagePullSecrets -- Secrets / credentials needed for container image registry. - imagePullSecrets: [] - # global.imagePullCredentials -- Globally define credentials for pulling images. - imagePullCredentials: {} - proxy: - # global.proxy.url -- Proxy for all traffic to stackstate - url: "" - # global.skipSslValidation -- Enable tls validation from client - skipSslValidation: false - - # global.extraLabels -- Extra labels added ta all resources created by the helm chart - extraLabels: {} - # global.extraAnnotations -- Extra annotations added ta all resources created by the helm chart - extraAnnotations: {} - -# nameOverride -- Override the name of the chart. -nameOverride: "" -# fullnameOverride -- Override the fullname of the chart. -fullnameOverride: "" - -# targetSystem -- Target OS for this deployment (possible values: linux) -targetSystem: "linux" - -all: - image: - # all.image.registry -- The image registry to use. - registry: "quay.io" - hardening: - # all.hardening.enabled -- An indication of whether the containers will be evaluated for hardening at runtime - enabled: false - -nodeAgent: - # nodeAgent.autoScalingEnabled -- Enable / disable autoscaling for the node agent pods. - autoScalingEnabled: false - containerRuntime: - # nodeAgent.containerRuntime.customSocketPath -- If the container socket path does not match the default for CRI-O, Containerd or Docker, supply a custom socket path. - customSocketPath: "" - # nodeAgent.containerRuntime.customHostProc -- If the container is launched from a place where /proc is mounted differently, /proc can be changed - hostProc: /proc - - scc: - # nodeAgent.scc.enabled -- Enable / disable the installation of the SecurityContextConfiguration needed for installation on OpenShift. - enabled: false - apm: - # nodeAgent.apm.enabled -- Enable / disable the nodeAgent APM module. - enabled: true - networkTracing: - # nodeAgent.networkTracing.enabled -- Enable / disable the nodeAgent network tracing module. - enabled: true - protocolInspection: - # nodeAgent.protocolInspection.enabled -- Enable / disable the nodeAgent protocol inspection. - enabled: true - httpTracing: - enabled: true - # nodeAgent.skipSslValidation -- Set to true if self signed certificates are used. - skipSslValidation: false - # nodeAgent.skipKubeletTLSVerify -- Set to true if you want to skip kubelet tls verification. - skipKubeletTLSVerify: false - - # nodeAgent.checksTagCardinality -- low, orchestrator or high. Orchestrator level adds pod_name, high adds display_container_name - checksTagCardinality: orchestrator - - # nodeAgent.config -- - config: - # nodeAgent.config.override -- A list of objects containing three keys `name`, `path` and `data`, specifying filenames at specific paths which need to be (potentially) overridden using a mounted configmap - override: [] - - # nodeAgent.priorityClassName -- Priority class for nodeAgent pods. - priorityClassName: "" - - scaling: - autoscalerLimits: - agent: - minimum: - # nodeAgent.scaling.autoscalerLimits.agent.minimum.cpu -- Minimum CPU resource limits for main agent. - cpu: "20m" - # nodeAgent.scaling.autoscalerLimits.agent.minimum.memory -- Minimum memory resource limits for main agent. - memory: "180Mi" - maximum: - # nodeAgent.scaling.autoscalerLimits.agent.maximum.cpu -- Maximum CPU resource limits for main agent. - cpu: "200m" - # nodeAgent.scaling.autoscalerLimits.agent.maximum.memory -- Maximum memory resource limits for main agent. - memory: "450Mi" - processAgent: - minimum: - # nodeAgent.scaling.autoscalerLimits.processAgent.minimum.cpu -- Minimum CPU resource limits for process agent. - cpu: "25m" - # nodeAgent.scaling.autoscalerLimits.processAgent.minimum.memory -- Minimum memory resource limits for process agent. - memory: "100Mi" - maximum: - # nodeAgent.scaling.autoscalerLimits.processAgent.maximum.cpu -- Maximum CPU resource limits for process agent. - cpu: "200m" - # nodeAgent.scaling.autoscalerLimits.processAgent.maximum.memory -- Maximum memory resource limits for process agent. - memory: "500Mi" - - containers: - agent: - image: - # nodeAgent.containers.agent.image.repository -- Base container image repository. - repository: stackstate/stackstate-k8s-agent - # nodeAgent.containers.agent.image.tag -- Default container image tag. - tag: "7983b3be" - # nodeAgent.containers.agent.image.pullPolicy -- Default container image pull policy. - pullPolicy: IfNotPresent - processAgent: - # nodeAgent.containers.agent.processAgent.enabled -- Enable / disable the agent process agent module. - deprecated - enabled: false - # nodeAgent.containers.agent.env -- Additional environment variables for the agent container - env: {} - # nodeAgent.containers.agent.logLevel -- Set logging verbosity, valid log levels are: trace, debug, info, warn, error, critical, and off - ## If not set, fall back to the value of agent.logLevel. - logLevel: # INFO - - resources: - limits: - # nodeAgent.containers.agent.resources.limits.cpu -- CPU resource limits. - cpu: "270m" - # nodeAgent.containers.agent.resources.limits.cpu -- Memory resource limits. - memory: "420Mi" - requests: - # nodeAgent.containers.agent.resources.requests.cpu -- CPU resource requests. - cpu: "20m" - # nodeAgent.containers.agent.resources.requests.cpu -- Memory resource requests. - memory: "180Mi" - livenessProbe: - # nodeAgent.containers.agent.livenessProbe.enabled -- Enable use of livenessProbe check. - enabled: true - # nodeAgent.containers.agent.livenessProbe.failureThreshold -- `failureThreshold` for the liveness probe. - failureThreshold: 3 - # nodeAgent.containers.agent.livenessProbe.initialDelaySeconds -- `initialDelaySeconds` for the liveness probe. - initialDelaySeconds: 15 - # nodeAgent.containers.agent.livenessProbe.periodSeconds -- `periodSeconds` for the liveness probe. - periodSeconds: 15 - # nodeAgent.containers.agent.livenessProbe.successThreshold -- `successThreshold` for the liveness probe. - successThreshold: 1 - # nodeAgent.containers.agent.livenessProbe.timeoutSeconds -- `timeoutSeconds` for the liveness probe. - timeoutSeconds: 5 - readinessProbe: - # nodeAgent.containers.agent.readinessProbe.enabled -- Enable use of readinessProbe check. - enabled: true - # nodeAgent.containers.agent.readinessProbe.failureThreshold -- `failureThreshold` for the readiness probe. - failureThreshold: 3 - # nodeAgent.containers.agent.readinessProbe.initialDelaySeconds -- `initialDelaySeconds` for the readiness probe. - initialDelaySeconds: 15 - # nodeAgent.containers.agent.readinessProbe.periodSeconds -- `periodSeconds` for the readiness probe. - periodSeconds: 15 - # nodeAgent.containers.agent.readinessProbe.successThreshold -- `successThreshold` for the readiness probe. - successThreshold: 1 - # nodeAgent.containers.agent.readinessProbe.timeoutSeconds -- `timeoutSeconds` for the readiness probe. - timeoutSeconds: 5 - - processAgent: - # nodeAgent.containers.processAgent.enabled -- Enable / disable the process agent container. - enabled: true - image: - # Override to pull the image from an alternate registry - registry: - # nodeAgent.containers.processAgent.image.repository -- Process-agent container image repository. - repository: stackstate/stackstate-k8s-process-agent - # nodeAgent.containers.processAgent.image.tag -- Default process-agent container image tag. - tag: "ae5d42d2" - # nodeAgent.containers.processAgent.image.pullPolicy -- Process-agent container image pull policy. - pullPolicy: IfNotPresent - # nodeAgent.containers.processAgent.env -- Additional environment variables for the process-agent container - env: {} - # nodeAgent.containers.processAgent.logLevel -- Set logging verbosity, valid log levels are: trace, debug, info, warn, error, critical, and off - ## If not set, fall back to the value of agent.logLevel. - logLevel: # INFO - - # nodeAgent.containers.processAgent.procVolumeReadOnly -- Configure whether /host/proc is read only for the process agent container - procVolumeReadOnly: true - - resources: - limits: - # nodeAgent.containers.processAgent.resources.limits.cpu -- CPU resource limits. - cpu: "125m" - # nodeAgent.containers.processAgent.resources.limits.cpu -- Memory resource limits. - memory: "400Mi" - requests: - # nodeAgent.containers.processAgent.resources.requests.cpu -- CPU resource requests. - cpu: "25m" - # nodeAgent.containers.processAgent.resources.requests.cpu -- Memory resource requests. - memory: "128Mi" - # nodeAgent.service -- The Kubernetes service for the agent - service: - # nodeAgent.service.type -- Type of Kubernetes service: ClusterIP, LoadBalancer, NodePort - type: ClusterIP - # nodeAgent.service.annotations -- Annotations for the service - annotations: {} - # nodeAgent.service.loadBalancerSourceRanges -- The IP4 CIDR allowed to reach LoadBalancer for the service. For LoadBalancer type of service only. - loadBalancerSourceRanges: ["10.0.0.0/8"] - - # nodeAgent.logLevel -- Logging level for agent processes. - logLevel: INFO - - # nodeAgent.updateStrategy -- The update strategy for the DaemonSet object. - updateStrategy: - type: RollingUpdate - rollingUpdate: - maxUnavailable: 100 - - # nodeAgent.nodeSelector -- Node labels for pod assignment. - nodeSelector: {} - - # nodeAgent.tolerations -- Toleration labels for pod assignment. - tolerations: [] - - # nodeAgent.affinity -- Affinity settings for pod assignment. - affinity: {} - - serviceaccount: - # nodeAgent.serviceaccount.annotations -- Annotations for the service account for the agent daemonset pods - annotations: {} - -processAgent: - softMemoryLimit: - # processAgent.softMemoryLimit.goMemLimit -- Soft-limit for golang heap allocation, for sanity, must be around 85% of nodeAgent.containers.processAgent.resources.limits.cpu. - goMemLimit: 340MiB - # processAgent.softMemoryLimit.httpStatsBufferSize -- Sets a maximum for the number of http stats to keep in memory between check runs, to use 40k requires around ~400Mib of memory. - httpStatsBufferSize: 40000 - # processAgent.softMemoryLimit.httpObservationsBufferSize -- Sets a maximum for the number of http observations to keep in memory between check runs, to use 40k requires around ~400Mib of memory. - httpObservationsBufferSize: 40000 - - checkIntervals: - # processAgent.checkIntervals.container -- Override the default value of the container check interval in seconds. - container: 28 - # processAgent.checkIntervals.connections -- Override the default value of the connections check interval in seconds. - connections: 30 - # processAgent.checkIntervals.process -- Override the default value of the process check interval in seconds. - process: 32 - -clusterAgent: - collection: - # clusterAgent.collection.kubernetesEvents -- Enable / disable the cluster agent events collection. - kubernetesEvents: true - # clusterAgent.collection.kubernetesMetrics -- Enable / disable the cluster agent metrics collection. - kubernetesMetrics: true - # clusterAgent.collection.kubernetesTimeout -- Default timeout (in seconds) when obtaining information from the Kubernetes API. - kubernetesTimeout: 10 - # clusterAgent.collection.kubernetesTopology -- Enable / disable the cluster agent topology collection. - kubernetesTopology: true - kubeStateMetrics: - # clusterAgent.collection.kubeStateMetrics.enabled -- Enable / disable the cluster agent kube-state-metrics collection. - enabled: true - # clusterAgent.collection.kubeStateMetrics.clusterCheck -- For large clusters where the Kubernetes State Metrics Check Core needs to be distributed on dedicated workers. - clusterCheck: false - # clusterAgent.collection.kubeStateMetrics.labelsAsTags -- Extra labels to collect from resources and to turn into StackState tag. - ## It has the following structure: - ## labelsAsTags: - ## : # can be pod, deployment, node, etc. - ## : # where is the kubernetes label and is the StackState tag - ## : - ## : - ## : - ## - ## Warning: the label must match the transformation done by kube-state-metrics, - ## for example tags.stackstate/version becomes tags_stackstate_version. - labelsAsTags: {} - # pod: - # app: app - # node: - # zone: zone - # team: team - - # clusterAgent.collection.kubeStateMetrics.annotationsAsTags -- Extra annotations to collect from resources and to turn into StackState tag. - - ## It has the following structure: - ## annotationsAsTags: - ## : # can be pod, deployment, node, etc. - ## : # where is the kubernetes annotation and is the StackState tag - ## : - ## : - ## : - ## - ## Warning: the annotation must match the transformation done by kube-state-metrics, - ## for example tags.stackstate/version becomes tags_stackstate_version. - annotationsAsTags: {} - kubernetesResources: - # clusterAgent.collection.kubernetesResources.limitranges -- Enable / disable collection of LimitRanges. - limitranges: true - # clusterAgent.collection.kubernetesResources.horizontalpodautoscalers -- Enable / disable collection of HorizontalPodAutoscalers. - horizontalpodautoscalers: true - # clusterAgent.collection.kubernetesResources.replicationcontrollers -- Enable / disable collection of ReplicationControllers. - replicationcontrollers: true - # clusterAgent.collection.kubernetesResources.poddisruptionbudgets -- Enable / disable collection of PodDisruptionBudgets. - poddisruptionbudgets: true - # clusterAgent.collection.kubernetesResources.storageclasses -- Enable / disable collection of StorageClasses. - storageclasses: true - # clusterAgent.collection.kubernetesResources.volumeattachments -- Enable / disable collection of Volume Attachments. Used to bind Nodes to Persistent Volumes. - volumeattachments: true - # clusterAgent.collection.kubernetesResources.namespaces -- Enable / disable collection of Namespaces. - namespaces: true - # clusterAgent.collection.kubernetesResources.configmaps -- Enable / disable collection of ConfigMaps. - configmaps: true - # clusterAgent.collection.kubernetesResources.endpoints -- Enable / disable collection of Endpoints. If endpoints are disabled then StackState won't be able to connect a Service to Pods that serving it - endpoints: true - # clusterAgent.collection.kubernetesResources.persistentvolumes -- Enable / disable collection of PersistentVolumes. - persistentvolumes: true - # clusterAgent.collection.kubernetesResources.persistentvolumeclaims -- Enable / disable collection of PersistentVolumeClaims. Disabling these will not let StackState connect PersistentVolumes to pods they are attached to - persistentvolumeclaims: true - # clusterAgent.collection.kubernetesResources.secrets -- Enable / disable collection of Secrets. - secrets: true - # clusterAgent.collection.kubernetesResources.daemonsets -- Enable / disable collection of DaemonSets. - daemonsets: true - # clusterAgent.collection.kubernetesResources.deployments -- Enable / disable collection of Deployments. - deployments: true - # clusterAgent.collection.kubernetesResources.replicasets -- Enable / disable collection of ReplicaSets. - replicasets: true - # clusterAgent.collection.kubernetesResources.statefulsets -- Enable / disable collection of StatefulSets. - statefulsets: true - # clusterAgent.collection.kubernetesResources.ingresses -- Enable / disable collection of Ingresses. - ingresses: true - # clusterAgent.collection.kubernetesResources.cronjobs -- Enable / disable collection of CronJobs. - cronjobs: true - # clusterAgent.collection.kubernetesResources.jobs -- Enable / disable collection of Jobs. - jobs: true - # clusterAgent.collection.kubernetesResources.resourcequotas -- Enable / disable collection of ResourceQuotas. - resourcequotas: true - - # clusterAgent.config -- - config: - events: - # clusterAgent.config.events.categories -- Custom mapping from Kubernetes event reason to StackState event category. Categories allowed: Alerts, Activities, Changes, Others - categories: {} - topology: - # clusterAgent.config.topology.collectionInterval -- Interval for running topology collection, in seconds - collectionInterval: 90 - configMap: - # clusterAgent.config.configMap.maxDataSize -- Maximum amount of characters for the data property of a ConfigMap collected by the kubernetes topology check - maxDataSize: - # clusterAgent.config.override -- A list of objects containing three keys `name`, `path` and `data`, specifying filenames at specific paths which need to be (potentially) overridden using a mounted configmap - override: [] - - service: - # clusterAgent.service.port -- Change the Cluster Agent service port - port: 5005 - # clusterAgent.service.targetPort -- Change the Cluster Agent service targetPort - targetPort: 5005 - - # clusterAgent.enabled -- Enable / disable the cluster agent. - enabled: true - - # clusterAgent.skipSslValidation -- If true, ignores the server certificate being signed by an unknown authority. - skipSslValidation: false - - image: - # clusterAgent.image.repository -- Base container image repository. - repository: stackstate/stackstate-k8s-cluster-agent - # clusterAgent.image.tag -- Default container image tag. - tag: "7983b3be" - # clusterAgent.image.pullPolicy -- Default container image pull policy. - pullPolicy: IfNotPresent - - livenessProbe: - # clusterAgent.livenessProbe.enabled -- Enable use of livenessProbe check. - enabled: true - # clusterAgent.livenessProbe.failureThreshold -- `failureThreshold` for the liveness probe. - failureThreshold: 3 - # clusterAgent.livenessProbe.initialDelaySeconds -- `initialDelaySeconds` for the liveness probe. - initialDelaySeconds: 15 - # clusterAgent.livenessProbe.periodSeconds -- `periodSeconds` for the liveness probe. - periodSeconds: 15 - # clusterAgent.livenessProbe.successThreshold -- `successThreshold` for the liveness probe. - successThreshold: 1 - # clusterAgent.livenessProbe.timeoutSeconds -- `timeoutSeconds` for the liveness probe. - timeoutSeconds: 5 - - # clusterAgent.logLevel -- Logging level for stackstate-k8s-agent processes. - logLevel: INFO - - # clusterAgent.priorityClassName -- Priority class for stackstate-k8s-agent pods. - priorityClassName: "" - - readinessProbe: - # clusterAgent.readinessProbe.enabled -- Enable use of readinessProbe check. - enabled: true - # clusterAgent.readinessProbe.failureThreshold -- `failureThreshold` for the readiness probe. - failureThreshold: 3 - # clusterAgent.readinessProbe.initialDelaySeconds -- `initialDelaySeconds` for the readiness probe. - initialDelaySeconds: 15 - # clusterAgent.readinessProbe.periodSeconds -- `periodSeconds` for the readiness probe. - periodSeconds: 15 - # clusterAgent.readinessProbe.successThreshold -- `successThreshold` for the readiness probe. - successThreshold: 1 - # clusterAgent.readinessProbe.timeoutSeconds -- `timeoutSeconds` for the readiness probe. - timeoutSeconds: 5 - - # clusterAgent.replicaCount -- Number of replicas of the cluster agent to deploy. - replicaCount: 1 - - serviceaccount: - # clusterAgent.serviceaccount.annotations -- Annotations for the service account for the cluster agent pods - annotations: {} - - # clusterAgent.strategy -- The strategy for the Deployment object. - strategy: - type: RollingUpdate - # rollingUpdate: - # maxUnavailable: 1 - - resources: - limits: - # clusterAgent.resources.limits.cpu -- CPU resource limits. - cpu: "400m" - # clusterAgent.resources.limits.memory -- Memory resource limits. - memory: "800Mi" - requests: - # clusterAgent.resources.requests.cpu -- CPU resource requests. - cpu: "70m" - # clusterAgent.resources.requests.memory -- Memory resource requests. - memory: "512Mi" - - # clusterAgent.nodeSelector -- Node labels for pod assignment. - nodeSelector: {} - - # clusterAgent.tolerations -- Toleration labels for pod assignment. - tolerations: [] - - # clusterAgent.affinity -- Affinity settings for pod assignment. - affinity: {} - -openShiftLogging: - # openShiftLogging.installSecret -- Install a secret for logging on openshift - installSecret: false - -logsAgent: - # logsAgent.enabled -- Enable / disable k8s pod log collection - enabled: true - - # logsAgent.skipSslValidation -- If true, ignores the server certificate being signed by an unknown authority. - skipSslValidation: false - - # logsAgent.priorityClassName -- Priority class for logsAgent pods. - priorityClassName: "" - - image: - # logsAgent.image.repository -- Base container image repository. - repository: stackstate/promtail - # logsAgent.image.tag -- Default container image tag. - tag: 2.7.1-4b6ae2af - # logsAgent.image.pullPolicy -- Default container image pull policy. - pullPolicy: IfNotPresent - - resources: - limits: - # logsAgent.resources.limits.cpu -- CPU resource limits. - cpu: "1300m" - # logsAgent.resources.limits.cpu -- Memory resource limits. - memory: "192Mi" - requests: - # logsAgent.resources.requests.cpu -- CPU resource requests. - cpu: "20m" - # logsAgent.resources.requests.cpu -- Memory resource requests. - memory: "100Mi" - - # logsAgent.updateStrategy -- The update strategy for the DaemonSet object. - updateStrategy: - type: RollingUpdate - rollingUpdate: - maxUnavailable: 100 - - # logsAgent.nodeSelector -- Node labels for pod assignment. - nodeSelector: {} - - # logsAgent.tolerations -- Toleration labels for pod assignment. - tolerations: [] - - # logsAgent.affinity -- Affinity settings for pod assignment. - affinity: {} - - serviceaccount: - # logsAgent.serviceaccount.annotations -- Annotations for the service account for the daemonset pods - annotations: {} - -checksAgent: - # checksAgent.enabled -- Enable / disable runnning cluster checks in a separately deployed pod - enabled: true - scc: - # checksAgent.scc.enabled -- Enable / disable the installation of the SecurityContextConfiguration needed for installation on OpenShift - enabled: false - apm: - # checksAgent.apm.enabled -- Enable / disable the agent APM module. - enabled: true - networkTracing: - # checksAgent.networkTracing.enabled -- Enable / disable the agent network tracing module. - enabled: true - processAgent: - # checksAgent.processAgent.enabled -- Enable / disable the agent process agent module. - enabled: true - # checksAgent.skipSslValidation -- Set to true if self signed certificates are used. - skipSslValidation: false - - # nodeAgent.checksTagCardinality -- low, orchestrator or high. Orchestrator level adds pod_name, high adds display_container_name - checksTagCardinality: orchestrator - - # checksAgent.config -- - config: - # checksAgent.config.override -- A list of objects containing three keys `name`, `path` and `data`, specifying filenames at specific paths which need to be (potentially) overridden using a mounted configmap - override: [] - - image: - # checksAgent.image.repository -- Base container image repository. - repository: stackstate/stackstate-k8s-agent - # checksAgent.image.tag -- Default container image tag. - tag: "7983b3be" - # checksAgent.image.pullPolicy -- Default container image pull policy. - pullPolicy: IfNotPresent - - livenessProbe: - # checksAgent.livenessProbe.enabled -- Enable use of livenessProbe check. - enabled: true - # checksAgent.livenessProbe.failureThreshold -- `failureThreshold` for the liveness probe. - failureThreshold: 3 - # checksAgent.livenessProbe.initialDelaySeconds -- `initialDelaySeconds` for the liveness probe. - initialDelaySeconds: 15 - # checksAgent.livenessProbe.periodSeconds -- `periodSeconds` for the liveness probe. - periodSeconds: 15 - # checksAgent.livenessProbe.successThreshold -- `successThreshold` for the liveness probe. - successThreshold: 1 - # checksAgent.livenessProbe.timeoutSeconds -- `timeoutSeconds` for the liveness probe. - timeoutSeconds: 5 - - # checksAgent.logLevel -- Logging level for clusterchecks agent processes. - logLevel: INFO - - # checksAgent.priorityClassName -- Priority class for clusterchecks agent pods. - priorityClassName: "" - - readinessProbe: - # checksAgent.readinessProbe.enabled -- Enable use of readinessProbe check. - enabled: true - # checksAgent.readinessProbe.failureThreshold -- `failureThreshold` for the readiness probe. - failureThreshold: 3 - # checksAgent.readinessProbe.initialDelaySeconds -- `initialDelaySeconds` for the readiness probe. - initialDelaySeconds: 15 - # checksAgent.readinessProbe.periodSeconds -- `periodSeconds` for the readiness probe. - periodSeconds: 15 - # checksAgent.readinessProbe.successThreshold -- `successThreshold` for the readiness probe. - successThreshold: 1 - # checksAgent.readinessProbe.timeoutSeconds -- `timeoutSeconds` for the readiness probe. - timeoutSeconds: 5 - - # checksAgent.replicas -- Number of clusterchecks agent pods to schedule - replicas: 1 - - resources: - limits: - # checksAgent.resources.limits.cpu -- CPU resource limits. - cpu: "400m" - # checksAgent.resources.limits.cpu -- Memory resource limits. - memory: "600Mi" - requests: - # checksAgent.resources.requests.cpu -- CPU resource requests. - cpu: "20m" - # checksAgent.resources.requests.cpu -- Memory resource requests. - memory: "512Mi" - - serviceaccount: - # checksAgent.serviceaccount.annotations -- Annotations for the service account for the cluster checks pods - annotations: {} - - # checksAgent.strategy -- The strategy for the Deployment object. - strategy: - type: RollingUpdate - # rollingUpdate: - # maxUnavailable: 1 - - # checksAgent.nodeSelector -- Node labels for pod assignment. - nodeSelector: {} - - # checksAgent.tolerations -- Toleration labels for pod assignment. - tolerations: [] - - # checksAgent.affinity -- Affinity settings for pod assignment. - affinity: {} - -################################## -# http-header-injector variables # -################################## - -httpHeaderInjectorWebhook: - # httpHeaderInjectorWebhook.enabled -- Enable the webhook for injection http header injection sidecar proxy - enabled: false - -######################## -# StackState variables # -######################## - -stackstate: - # stackstate.manageOwnSecrets -- Set to true if you don't want this helm chart to create secrets for you. - manageOwnSecrets: false - # stackstate.customSecretName -- Name of the secret containing the receiver API key. - customSecretName: "" - # stackstate.customApiKeySecretKey -- Key in the secret containing the receiver API key. - customApiKeySecretKey: "sts-api-key" - # stackstate.customClusterAuthTokenSecretKey -- Key in the secret containing the cluster auth token. - customClusterAuthTokenSecretKey: "sts-cluster-auth-token" - # stackstate.apiKey -- (string) **PROVIDE YOUR API KEY HERE** API key to be used by the StackState agent. - apiKey: - cluster: - # stackstate.cluster.name -- (string) **PROVIDE KUBERNETES CLUSTER NAME HERE** Name of the Kubernetes cluster where the agent will be installed. - name: - # stackstate.cluster.authToken -- Provide a token to enable secure communication between the agent and the cluster agent. - authToken: "" - # stackstate.url -- (string) **PROVIDE STACKSTATE URL HERE** URL of the StackState installation to receive data from the agent. - url: diff --git a/charts/stackstate/stackstate-k8s-agent/1.0.82/.helmignore b/charts/stackstate/stackstate-k8s-agent/1.0.82/.helmignore deleted file mode 100644 index 15a5c1277..000000000 --- a/charts/stackstate/stackstate-k8s-agent/1.0.82/.helmignore +++ /dev/null @@ -1,26 +0,0 @@ -# Patterns to ignore when building packages. -# This supports shell glob matching, relative path matching, and -# negation (prefixed with !). Only one pattern per line. -.DS_Store -# Common VCS dirs -.git/ -.gitignore -.bzr/ -.bzrignore -.hg/ -.hgignore -.svn/ -# Common backup files -*.swp -*.bak -*.tmp -*~ -# Various IDEs -.project -.idea/ -*.tmproj -.vscode/ -linter_values.yaml -ci/ -installation/ -logo.svg diff --git a/charts/stackstate/stackstate-k8s-agent/1.0.82/Chart.lock b/charts/stackstate/stackstate-k8s-agent/1.0.82/Chart.lock deleted file mode 100644 index efa285da7..000000000 --- a/charts/stackstate/stackstate-k8s-agent/1.0.82/Chart.lock +++ /dev/null @@ -1,6 +0,0 @@ -dependencies: -- name: http-header-injector - repository: https://helm.stackstate.io - version: 0.0.9 -digest: sha256:3e6e797647f1a191cc110e50315da79418ec0474d3422539c128d9e78300aa18 -generated: "2024-04-12T17:25:28.399574934+02:00" diff --git a/charts/stackstate/stackstate-k8s-agent/1.0.82/Chart.yaml b/charts/stackstate/stackstate-k8s-agent/1.0.82/Chart.yaml deleted file mode 100644 index 0bc9afb13..000000000 --- a/charts/stackstate/stackstate-k8s-agent/1.0.82/Chart.yaml +++ /dev/null @@ -1,25 +0,0 @@ -annotations: - catalog.cattle.io/certified: partner - catalog.cattle.io/display-name: StackState Agent - catalog.cattle.io/kube-version: '>=1.19.0-0' - catalog.cattle.io/release-name: stackstate-k8s-agent -apiVersion: v2 -appVersion: 3.0.0 -dependencies: -- alias: httpHeaderInjectorWebhook - name: http-header-injector - repository: file://./charts/http-header-injector - version: 0.0.9 -deprecated: true -description: Helm chart for the StackState Agent. -home: https://github.com/StackVista/stackstate-agent -icon: https://raw.githubusercontent.com/StackVista/helm-charts/master/stable/stackstate-k8s-agent/logo.svg -keywords: -- monitoring -- observability -- stackstate -maintainers: -- email: ops@stackstate.com - name: Stackstate -name: stackstate-k8s-agent -version: 1.0.82 diff --git a/charts/stackstate/stackstate-k8s-agent/1.0.82/README.md b/charts/stackstate/stackstate-k8s-agent/1.0.82/README.md deleted file mode 100644 index 7ba2440ee..000000000 --- a/charts/stackstate/stackstate-k8s-agent/1.0.82/README.md +++ /dev/null @@ -1,263 +0,0 @@ -# stackstate-k8s-agent - -Helm chart for the StackState Agent. - -Current chart version is `1.0.82` - -**Homepage:** - -## Requirements - -| Repository | Name | Version | -|------------|------|---------| -| https://helm.stackstate.io | httpHeaderInjectorWebhook(http-header-injector) | 0.0.9 | - -## Required Values - -In order to successfully install this chart, you **must** provide the following variables: - -* `stackstate.apiKey` -* `stackstate.cluster.name` -* `stackstate.url` - -The parameter `stackstate.cluster.name` is entered when installing the Cluster Agent StackPack. - -Install them on the command line on Helm with the following command: - -```shell -helm install \ ---set-string 'stackstate.apiKey'='' \ ---set-string 'stackstate.cluster.name'='' \ ---set-string 'stackstate.url'='' \ -stackstate/stackstate-k8s-agent -``` - -## Recommended Values - -It is also recommended that you set a value for `stackstate.cluster.authToken`. If it is not provided, a value will be generated for you, but the value will change each time an upgrade is performed. - -The command for **also** installing with a set token would be: - -```shell -helm install \ ---set-string 'stackstate.apiKey'='' \ ---set-string 'stackstate.cluster.name'='' \ ---set-string 'stackstate.cluster.authToken'='' \ ---set-string 'stackstate.url'='' \ -stackstate/stackstate-k8s-agent -``` - -## Values - -| Key | Type | Default | Description | -|-----|------|---------|-------------| -| all.hardening.enabled | bool | `false` | An indication of whether the containers will be evaluated for hardening at runtime | -| all.image.registry | string | `"quay.io"` | The image registry to use. | -| checksAgent.affinity | object | `{}` | Affinity settings for pod assignment. | -| checksAgent.apm.enabled | bool | `true` | Enable / disable the agent APM module. | -| checksAgent.checksTagCardinality | string | `"orchestrator"` | | -| checksAgent.config | object | `{"override":[]}` | | -| checksAgent.config.override | list | `[]` | A list of objects containing three keys `name`, `path` and `data`, specifying filenames at specific paths which need to be (potentially) overridden using a mounted configmap | -| checksAgent.enabled | bool | `true` | Enable / disable runnning cluster checks in a separately deployed pod | -| checksAgent.image.pullPolicy | string | `"IfNotPresent"` | Default container image pull policy. | -| checksAgent.image.repository | string | `"stackstate/stackstate-k8s-agent"` | Base container image repository. | -| checksAgent.image.tag | string | `"44638ef5"` | Default container image tag. | -| checksAgent.livenessProbe.enabled | bool | `true` | Enable use of livenessProbe check. | -| checksAgent.livenessProbe.failureThreshold | int | `3` | `failureThreshold` for the liveness probe. | -| checksAgent.livenessProbe.initialDelaySeconds | int | `15` | `initialDelaySeconds` for the liveness probe. | -| checksAgent.livenessProbe.periodSeconds | int | `15` | `periodSeconds` for the liveness probe. | -| checksAgent.livenessProbe.successThreshold | int | `1` | `successThreshold` for the liveness probe. | -| checksAgent.livenessProbe.timeoutSeconds | int | `5` | `timeoutSeconds` for the liveness probe. | -| checksAgent.logLevel | string | `"INFO"` | Logging level for clusterchecks agent processes. | -| checksAgent.networkTracing.enabled | bool | `true` | Enable / disable the agent network tracing module. | -| checksAgent.nodeSelector | object | `{}` | Node labels for pod assignment. | -| checksAgent.priorityClassName | string | `""` | Priority class for clusterchecks agent pods. | -| checksAgent.processAgent.enabled | bool | `true` | Enable / disable the agent process agent module. | -| checksAgent.readinessProbe.enabled | bool | `true` | Enable use of readinessProbe check. | -| checksAgent.readinessProbe.failureThreshold | int | `3` | `failureThreshold` for the readiness probe. | -| checksAgent.readinessProbe.initialDelaySeconds | int | `15` | `initialDelaySeconds` for the readiness probe. | -| checksAgent.readinessProbe.periodSeconds | int | `15` | `periodSeconds` for the readiness probe. | -| checksAgent.readinessProbe.successThreshold | int | `1` | `successThreshold` for the readiness probe. | -| checksAgent.readinessProbe.timeoutSeconds | int | `5` | `timeoutSeconds` for the readiness probe. | -| checksAgent.replicas | int | `1` | Number of clusterchecks agent pods to schedule | -| checksAgent.resources.limits.cpu | string | `"400m"` | Memory resource limits. | -| checksAgent.resources.limits.memory | string | `"600Mi"` | | -| checksAgent.resources.requests.cpu | string | `"20m"` | Memory resource requests. | -| checksAgent.resources.requests.memory | string | `"512Mi"` | | -| checksAgent.scc.enabled | bool | `false` | Enable / disable the installation of the SecurityContextConfiguration needed for installation on OpenShift | -| checksAgent.serviceaccount.annotations | object | `{}` | Annotations for the service account for the cluster checks pods | -| checksAgent.skipSslValidation | bool | `false` | Set to true if self signed certificates are used. | -| checksAgent.strategy | object | `{"type":"RollingUpdate"}` | The strategy for the Deployment object. | -| checksAgent.tolerations | list | `[]` | Toleration labels for pod assignment. | -| clusterAgent.affinity | object | `{}` | Affinity settings for pod assignment. | -| clusterAgent.collection.kubeStateMetrics.annotationsAsTags | object | `{}` | Extra annotations to collect from resources and to turn into StackState tag. | -| clusterAgent.collection.kubeStateMetrics.clusterCheck | bool | `false` | For large clusters where the Kubernetes State Metrics Check Core needs to be distributed on dedicated workers. | -| clusterAgent.collection.kubeStateMetrics.enabled | bool | `true` | Enable / disable the cluster agent kube-state-metrics collection. | -| clusterAgent.collection.kubeStateMetrics.labelsAsTags | object | `{}` | Extra labels to collect from resources and to turn into StackState tag. # It has the following structure: # labelsAsTags: # : # can be pod, deployment, node, etc. # : # where is the kubernetes label and is the StackState tag # : # : # : # # Warning: the label must match the transformation done by kube-state-metrics, # for example tags.stackstate/version becomes tags_stackstate_version. | -| clusterAgent.collection.kubernetesEvents | bool | `true` | Enable / disable the cluster agent events collection. | -| clusterAgent.collection.kubernetesMetrics | bool | `true` | Enable / disable the cluster agent metrics collection. | -| clusterAgent.collection.kubernetesResources.configmaps | bool | `true` | Enable / disable collection of ConfigMaps. | -| clusterAgent.collection.kubernetesResources.cronjobs | bool | `true` | Enable / disable collection of CronJobs. | -| clusterAgent.collection.kubernetesResources.daemonsets | bool | `true` | Enable / disable collection of DaemonSets. | -| clusterAgent.collection.kubernetesResources.deployments | bool | `true` | Enable / disable collection of Deployments. | -| clusterAgent.collection.kubernetesResources.endpoints | bool | `true` | Enable / disable collection of Endpoints. If endpoints are disabled then StackState won't be able to connect a Service to Pods that serving it | -| clusterAgent.collection.kubernetesResources.horizontalpodautoscalers | bool | `true` | Enable / disable collection of HorizontalPodAutoscalers. | -| clusterAgent.collection.kubernetesResources.ingresses | bool | `true` | Enable / disable collection of Ingresses. | -| clusterAgent.collection.kubernetesResources.jobs | bool | `true` | Enable / disable collection of Jobs. | -| clusterAgent.collection.kubernetesResources.limitranges | bool | `true` | Enable / disable collection of LimitRanges. | -| clusterAgent.collection.kubernetesResources.namespaces | bool | `true` | Enable / disable collection of Namespaces. | -| clusterAgent.collection.kubernetesResources.persistentvolumeclaims | bool | `true` | Enable / disable collection of PersistentVolumeClaims. Disabling these will not let StackState connect PersistentVolumes to pods they are attached to | -| clusterAgent.collection.kubernetesResources.persistentvolumes | bool | `true` | Enable / disable collection of PersistentVolumes. | -| clusterAgent.collection.kubernetesResources.poddisruptionbudgets | bool | `true` | Enable / disable collection of PodDisruptionBudgets. | -| clusterAgent.collection.kubernetesResources.replicasets | bool | `true` | Enable / disable collection of ReplicaSets. | -| clusterAgent.collection.kubernetesResources.replicationcontrollers | bool | `true` | Enable / disable collection of ReplicationControllers. | -| clusterAgent.collection.kubernetesResources.resourcequotas | bool | `true` | Enable / disable collection of ResourceQuotas. | -| clusterAgent.collection.kubernetesResources.secrets | bool | `true` | Enable / disable collection of Secrets. | -| clusterAgent.collection.kubernetesResources.statefulsets | bool | `true` | Enable / disable collection of StatefulSets. | -| clusterAgent.collection.kubernetesResources.storageclasses | bool | `true` | Enable / disable collection of StorageClasses. | -| clusterAgent.collection.kubernetesResources.volumeattachments | bool | `true` | Enable / disable collection of Volume Attachments. Used to bind Nodes to Persistent Volumes. | -| clusterAgent.collection.kubernetesTimeout | int | `10` | Default timeout (in seconds) when obtaining information from the Kubernetes API. | -| clusterAgent.collection.kubernetesTopology | bool | `true` | Enable / disable the cluster agent topology collection. | -| clusterAgent.config | object | `{"configMap":{"maxDataSize":null},"events":{"categories":{}},"override":[],"topology":{"collectionInterval":90}}` | | -| clusterAgent.config.configMap.maxDataSize | string | `nil` | Maximum amount of characters for the data property of a ConfigMap collected by the kubernetes topology check | -| clusterAgent.config.events.categories | object | `{}` | Custom mapping from Kubernetes event reason to StackState event category. Categories allowed: Alerts, Activities, Changes, Others | -| clusterAgent.config.override | list | `[]` | A list of objects containing three keys `name`, `path` and `data`, specifying filenames at specific paths which need to be (potentially) overridden using a mounted configmap | -| clusterAgent.config.topology.collectionInterval | int | `90` | Interval for running topology collection, in seconds | -| clusterAgent.enabled | bool | `true` | Enable / disable the cluster agent. | -| clusterAgent.image.pullPolicy | string | `"IfNotPresent"` | Default container image pull policy. | -| clusterAgent.image.repository | string | `"stackstate/stackstate-k8s-cluster-agent"` | Base container image repository. | -| clusterAgent.image.tag | string | `"44638ef5"` | Default container image tag. | -| clusterAgent.livenessProbe.enabled | bool | `true` | Enable use of livenessProbe check. | -| clusterAgent.livenessProbe.failureThreshold | int | `3` | `failureThreshold` for the liveness probe. | -| clusterAgent.livenessProbe.initialDelaySeconds | int | `15` | `initialDelaySeconds` for the liveness probe. | -| clusterAgent.livenessProbe.periodSeconds | int | `15` | `periodSeconds` for the liveness probe. | -| clusterAgent.livenessProbe.successThreshold | int | `1` | `successThreshold` for the liveness probe. | -| clusterAgent.livenessProbe.timeoutSeconds | int | `5` | `timeoutSeconds` for the liveness probe. | -| clusterAgent.logLevel | string | `"INFO"` | Logging level for stackstate-k8s-agent processes. | -| clusterAgent.nodeSelector | object | `{}` | Node labels for pod assignment. | -| clusterAgent.priorityClassName | string | `""` | Priority class for stackstate-k8s-agent pods. | -| clusterAgent.readinessProbe.enabled | bool | `true` | Enable use of readinessProbe check. | -| clusterAgent.readinessProbe.failureThreshold | int | `3` | `failureThreshold` for the readiness probe. | -| clusterAgent.readinessProbe.initialDelaySeconds | int | `15` | `initialDelaySeconds` for the readiness probe. | -| clusterAgent.readinessProbe.periodSeconds | int | `15` | `periodSeconds` for the readiness probe. | -| clusterAgent.readinessProbe.successThreshold | int | `1` | `successThreshold` for the readiness probe. | -| clusterAgent.readinessProbe.timeoutSeconds | int | `5` | `timeoutSeconds` for the readiness probe. | -| clusterAgent.replicaCount | int | `1` | Number of replicas of the cluster agent to deploy. | -| clusterAgent.resources.limits.cpu | string | `"400m"` | CPU resource limits. | -| clusterAgent.resources.limits.memory | string | `"800Mi"` | Memory resource limits. | -| clusterAgent.resources.requests.cpu | string | `"70m"` | CPU resource requests. | -| clusterAgent.resources.requests.memory | string | `"512Mi"` | Memory resource requests. | -| clusterAgent.service.port | int | `5005` | Change the Cluster Agent service port | -| clusterAgent.service.targetPort | int | `5005` | Change the Cluster Agent service targetPort | -| clusterAgent.serviceaccount.annotations | object | `{}` | Annotations for the service account for the cluster agent pods | -| clusterAgent.skipSslValidation | bool | `false` | If true, ignores the server certificate being signed by an unknown authority. | -| clusterAgent.strategy | object | `{"type":"RollingUpdate"}` | The strategy for the Deployment object. | -| clusterAgent.tolerations | list | `[]` | Toleration labels for pod assignment. | -| fullnameOverride | string | `""` | Override the fullname of the chart. | -| global.extraAnnotations | object | `{}` | Extra annotations added ta all resources created by the helm chart | -| global.extraEnv.open | object | `{}` | Extra open environment variables to inject into pods. | -| global.extraEnv.secret | object | `{}` | Extra secret environment variables to inject into pods via a `Secret` object. | -| global.extraLabels | object | `{}` | Extra labels added ta all resources created by the helm chart | -| global.imagePullCredentials | object | `{}` | Globally define credentials for pulling images. | -| global.imagePullSecrets | list | `[]` | Secrets / credentials needed for container image registry. | -| global.proxy.url | string | `""` | Proxy for all traffic to stackstate | -| global.skipSslValidation | bool | `false` | Enable tls validation from client | -| httpHeaderInjectorWebhook.enabled | bool | `false` | Enable the webhook for injection http header injection sidecar proxy | -| logsAgent.affinity | object | `{}` | Affinity settings for pod assignment. | -| logsAgent.enabled | bool | `true` | Enable / disable k8s pod log collection | -| logsAgent.image.pullPolicy | string | `"IfNotPresent"` | Default container image pull policy. | -| logsAgent.image.repository | string | `"stackstate/promtail"` | Base container image repository. | -| logsAgent.image.tag | string | `"2.7.1-4b6ae2af"` | Default container image tag. | -| logsAgent.nodeSelector | object | `{}` | Node labels for pod assignment. | -| logsAgent.priorityClassName | string | `""` | Priority class for logsAgent pods. | -| logsAgent.resources.limits.cpu | string | `"1300m"` | Memory resource limits. | -| logsAgent.resources.limits.memory | string | `"192Mi"` | | -| logsAgent.resources.requests.cpu | string | `"20m"` | Memory resource requests. | -| logsAgent.resources.requests.memory | string | `"100Mi"` | | -| logsAgent.serviceaccount.annotations | object | `{}` | Annotations for the service account for the daemonset pods | -| logsAgent.skipSslValidation | bool | `false` | If true, ignores the server certificate being signed by an unknown authority. | -| logsAgent.tolerations | list | `[]` | Toleration labels for pod assignment. | -| logsAgent.updateStrategy | object | `{"rollingUpdate":{"maxUnavailable":100},"type":"RollingUpdate"}` | The update strategy for the DaemonSet object. | -| nameOverride | string | `""` | Override the name of the chart. | -| nodeAgent.affinity | object | `{}` | Affinity settings for pod assignment. | -| nodeAgent.apm.enabled | bool | `true` | Enable / disable the nodeAgent APM module. | -| nodeAgent.autoScalingEnabled | bool | `false` | Enable / disable autoscaling for the node agent pods. | -| nodeAgent.checksTagCardinality | string | `"orchestrator"` | low, orchestrator or high. Orchestrator level adds pod_name, high adds display_container_name | -| nodeAgent.config | object | `{"override":[]}` | | -| nodeAgent.config.override | list | `[]` | A list of objects containing three keys `name`, `path` and `data`, specifying filenames at specific paths which need to be (potentially) overridden using a mounted configmap | -| nodeAgent.containerRuntime.customSocketPath | string | `""` | If the container socket path does not match the default for CRI-O, Containerd or Docker, supply a custom socket path. | -| nodeAgent.containerRuntime.hostProc | string | `"/proc"` | | -| nodeAgent.containers.agent.env | object | `{}` | Additional environment variables for the agent container | -| nodeAgent.containers.agent.image.pullPolicy | string | `"IfNotPresent"` | Default container image pull policy. | -| nodeAgent.containers.agent.image.repository | string | `"stackstate/stackstate-k8s-agent"` | Base container image repository. | -| nodeAgent.containers.agent.image.tag | string | `"44638ef5"` | Default container image tag. | -| nodeAgent.containers.agent.livenessProbe.enabled | bool | `true` | Enable use of livenessProbe check. | -| nodeAgent.containers.agent.livenessProbe.failureThreshold | int | `3` | `failureThreshold` for the liveness probe. | -| nodeAgent.containers.agent.livenessProbe.initialDelaySeconds | int | `15` | `initialDelaySeconds` for the liveness probe. | -| nodeAgent.containers.agent.livenessProbe.periodSeconds | int | `15` | `periodSeconds` for the liveness probe. | -| nodeAgent.containers.agent.livenessProbe.successThreshold | int | `1` | `successThreshold` for the liveness probe. | -| nodeAgent.containers.agent.livenessProbe.timeoutSeconds | int | `5` | `timeoutSeconds` for the liveness probe. | -| nodeAgent.containers.agent.logLevel | string | `nil` | Set logging verbosity, valid log levels are: trace, debug, info, warn, error, critical, and off # If not set, fall back to the value of agent.logLevel. | -| nodeAgent.containers.agent.processAgent.enabled | bool | `false` | Enable / disable the agent process agent module. - deprecated | -| nodeAgent.containers.agent.readinessProbe.enabled | bool | `true` | Enable use of readinessProbe check. | -| nodeAgent.containers.agent.readinessProbe.failureThreshold | int | `3` | `failureThreshold` for the readiness probe. | -| nodeAgent.containers.agent.readinessProbe.initialDelaySeconds | int | `15` | `initialDelaySeconds` for the readiness probe. | -| nodeAgent.containers.agent.readinessProbe.periodSeconds | int | `15` | `periodSeconds` for the readiness probe. | -| nodeAgent.containers.agent.readinessProbe.successThreshold | int | `1` | `successThreshold` for the readiness probe. | -| nodeAgent.containers.agent.readinessProbe.timeoutSeconds | int | `5` | `timeoutSeconds` for the readiness probe. | -| nodeAgent.containers.agent.resources.limits.cpu | string | `"270m"` | Memory resource limits. | -| nodeAgent.containers.agent.resources.limits.memory | string | `"420Mi"` | | -| nodeAgent.containers.agent.resources.requests.cpu | string | `"20m"` | Memory resource requests. | -| nodeAgent.containers.agent.resources.requests.memory | string | `"180Mi"` | | -| nodeAgent.containers.processAgent.enabled | bool | `true` | Enable / disable the process agent container. | -| nodeAgent.containers.processAgent.env | object | `{}` | Additional environment variables for the process-agent container | -| nodeAgent.containers.processAgent.image.pullPolicy | string | `"IfNotPresent"` | Process-agent container image pull policy. | -| nodeAgent.containers.processAgent.image.registry | string | `nil` | | -| nodeAgent.containers.processAgent.image.repository | string | `"stackstate/stackstate-k8s-process-agent"` | Process-agent container image repository. | -| nodeAgent.containers.processAgent.image.tag | string | `"ae5d42d2"` | Default process-agent container image tag. | -| nodeAgent.containers.processAgent.logLevel | string | `nil` | Set logging verbosity, valid log levels are: trace, debug, info, warn, error, critical, and off # If not set, fall back to the value of agent.logLevel. | -| nodeAgent.containers.processAgent.procVolumeReadOnly | bool | `true` | Configure whether /host/proc is read only for the process agent container | -| nodeAgent.containers.processAgent.resources.limits.cpu | string | `"125m"` | Memory resource limits. | -| nodeAgent.containers.processAgent.resources.limits.memory | string | `"400Mi"` | | -| nodeAgent.containers.processAgent.resources.requests.cpu | string | `"25m"` | Memory resource requests. | -| nodeAgent.containers.processAgent.resources.requests.memory | string | `"128Mi"` | | -| nodeAgent.httpTracing.enabled | bool | `true` | | -| nodeAgent.logLevel | string | `"INFO"` | Logging level for agent processes. | -| nodeAgent.networkTracing.enabled | bool | `true` | Enable / disable the nodeAgent network tracing module. | -| nodeAgent.nodeSelector | object | `{}` | Node labels for pod assignment. | -| nodeAgent.priorityClassName | string | `""` | Priority class for nodeAgent pods. | -| nodeAgent.protocolInspection.enabled | bool | `true` | Enable / disable the nodeAgent protocol inspection. | -| nodeAgent.scaling.autoscalerLimits.agent.maximum.cpu | string | `"200m"` | Maximum CPU resource limits for main agent. | -| nodeAgent.scaling.autoscalerLimits.agent.maximum.memory | string | `"450Mi"` | Maximum memory resource limits for main agent. | -| nodeAgent.scaling.autoscalerLimits.agent.minimum.cpu | string | `"20m"` | Minimum CPU resource limits for main agent. | -| nodeAgent.scaling.autoscalerLimits.agent.minimum.memory | string | `"180Mi"` | Minimum memory resource limits for main agent. | -| nodeAgent.scaling.autoscalerLimits.processAgent.maximum.cpu | string | `"200m"` | Maximum CPU resource limits for process agent. | -| nodeAgent.scaling.autoscalerLimits.processAgent.maximum.memory | string | `"500Mi"` | Maximum memory resource limits for process agent. | -| nodeAgent.scaling.autoscalerLimits.processAgent.minimum.cpu | string | `"25m"` | Minimum CPU resource limits for process agent. | -| nodeAgent.scaling.autoscalerLimits.processAgent.minimum.memory | string | `"100Mi"` | Minimum memory resource limits for process agent. | -| nodeAgent.scc.enabled | bool | `false` | Enable / disable the installation of the SecurityContextConfiguration needed for installation on OpenShift. | -| nodeAgent.service | object | `{"annotations":{},"loadBalancerSourceRanges":["10.0.0.0/8"],"type":"ClusterIP"}` | The Kubernetes service for the agent | -| nodeAgent.service.annotations | object | `{}` | Annotations for the service | -| nodeAgent.service.loadBalancerSourceRanges | list | `["10.0.0.0/8"]` | The IP4 CIDR allowed to reach LoadBalancer for the service. For LoadBalancer type of service only. | -| nodeAgent.service.type | string | `"ClusterIP"` | Type of Kubernetes service: ClusterIP, LoadBalancer, NodePort | -| nodeAgent.serviceaccount.annotations | object | `{}` | Annotations for the service account for the agent daemonset pods | -| nodeAgent.skipKubeletTLSVerify | bool | `false` | Set to true if you want to skip kubelet tls verification. | -| nodeAgent.skipSslValidation | bool | `false` | Set to true if self signed certificates are used. | -| nodeAgent.tolerations | list | `[]` | Toleration labels for pod assignment. | -| nodeAgent.updateStrategy | object | `{"rollingUpdate":{"maxUnavailable":100},"type":"RollingUpdate"}` | The update strategy for the DaemonSet object. | -| openShiftLogging.installSecret | bool | `false` | Install a secret for logging on openshift | -| processAgent.checkIntervals.connections | int | `30` | Override the default value of the connections check interval in seconds. | -| processAgent.checkIntervals.container | int | `28` | Override the default value of the container check interval in seconds. | -| processAgent.checkIntervals.process | int | `32` | Override the default value of the process check interval in seconds. | -| processAgent.softMemoryLimit.goMemLimit | string | `"340MiB"` | Soft-limit for golang heap allocation, for sanity, must be around 85% of nodeAgent.containers.processAgent.resources.limits.cpu. | -| processAgent.softMemoryLimit.httpObservationsBufferSize | int | `40000` | Sets a maximum for the number of http observations to keep in memory between check runs, to use 40k requires around ~400Mib of memory. | -| processAgent.softMemoryLimit.httpStatsBufferSize | int | `40000` | Sets a maximum for the number of http stats to keep in memory between check runs, to use 40k requires around ~400Mib of memory. | -| stackstate.apiKey | string | `nil` | **PROVIDE YOUR API KEY HERE** API key to be used by the StackState agent. | -| stackstate.cluster.authToken | string | `""` | Provide a token to enable secure communication between the agent and the cluster agent. | -| stackstate.cluster.name | string | `nil` | **PROVIDE KUBERNETES CLUSTER NAME HERE** Name of the Kubernetes cluster where the agent will be installed. | -| stackstate.customApiKeySecretKey | string | `"sts-api-key"` | Key in the secret containing the receiver API key. | -| stackstate.customClusterAuthTokenSecretKey | string | `"sts-cluster-auth-token"` | Key in the secret containing the cluster auth token. | -| stackstate.customSecretName | string | `""` | Name of the secret containing the receiver API key. | -| stackstate.manageOwnSecrets | bool | `false` | Set to true if you don't want this helm chart to create secrets for you. | -| stackstate.url | string | `nil` | **PROVIDE STACKSTATE URL HERE** URL of the StackState installation to receive data from the agent. | -| targetSystem | string | `"linux"` | Target OS for this deployment (possible values: linux) | diff --git a/charts/stackstate/stackstate-k8s-agent/1.0.82/README.md.gotmpl b/charts/stackstate/stackstate-k8s-agent/1.0.82/README.md.gotmpl deleted file mode 100644 index 7909e6f0d..000000000 --- a/charts/stackstate/stackstate-k8s-agent/1.0.82/README.md.gotmpl +++ /dev/null @@ -1,45 +0,0 @@ -{{ template "chart.header" . }} -{{ template "chart.description" . }} - -Current chart version is `{{ template "chart.version" . }}` - -{{ template "chart.homepageLine" . }} - -{{ template "chart.requirementsSection" . }} - -## Required Values - -In order to successfully install this chart, you **must** provide the following variables: - -* `stackstate.apiKey` -* `stackstate.cluster.name` -* `stackstate.url` - -The parameter `stackstate.cluster.name` is entered when installing the Cluster Agent StackPack. - -Install them on the command line on Helm with the following command: - -```shell -helm install \ ---set-string 'stackstate.apiKey'='' \ ---set-string 'stackstate.cluster.name'='' \ ---set-string 'stackstate.url'='' \ -stackstate/stackstate-k8s-agent -``` - -## Recommended Values - -It is also recommended that you set a value for `stackstate.cluster.authToken`. If it is not provided, a value will be generated for you, but the value will change each time an upgrade is performed. - -The command for **also** installing with a set token would be: - -```shell -helm install \ ---set-string 'stackstate.apiKey'='' \ ---set-string 'stackstate.cluster.name'='' \ ---set-string 'stackstate.cluster.authToken'='' \ ---set-string 'stackstate.url'='' \ -stackstate/stackstate-k8s-agent -``` - -{{ template "chart.valuesSection" . }} diff --git a/charts/stackstate/stackstate-k8s-agent/1.0.82/Releasing.md b/charts/stackstate/stackstate-k8s-agent/1.0.82/Releasing.md deleted file mode 100644 index bab6c2b94..000000000 --- a/charts/stackstate/stackstate-k8s-agent/1.0.82/Releasing.md +++ /dev/null @@ -1,15 +0,0 @@ -To make a new release of this helm chart, follow the following steps: - - -- Create a branch from master -- Set the latest tags for the docker images, based on the dev settings (while we do not promote to prod, the moment we promote to prod we should take those tags) from https://gitlab.com/stackvista/devops/agent-promoter/-/blob/master/config.yml. Set the value to the folowing keys: - * stackstate-k8s-cluster-agent: - * [clusterAgent.image.tag] - * stackstate-k8s-agent: - * [nodeAgent.containers.agent.image.tag] - * [checksAgent.image.tag] - * stackstate-k8s-process-agent: - * [nodeAgent.containers.processAgent.image.tag] -- Bump the version of the chart -- Merge the mr and hit the public release button on the ci pipeline -- Manually smoke-test (deploy) the newly released stackstate/stackstate-k8s-agent chart to make sure it runs diff --git a/charts/stackstate/stackstate-k8s-agent/1.0.82/app-readme.md b/charts/stackstate/stackstate-k8s-agent/1.0.82/app-readme.md deleted file mode 100644 index 8025fe1d3..000000000 --- a/charts/stackstate/stackstate-k8s-agent/1.0.82/app-readme.md +++ /dev/null @@ -1,5 +0,0 @@ -## Introduction - -StackState is a modern Application Troubleshooting and Observability solution designed for the rapid evolving engineering landscape. With specific enhancements for Kubernetes environments it empowers engineers, allowing them to remediate application issues independently in production. - -The StackState Agent auto-discovers your entire environment in minutes, assimilating topology, logs, metrics, and events and sends this of to the StackState server. By using StackState you're able to tracke all activity in your environment in real-time and over time. StackState provides instant understanding of the business impact of an issue, offering end-to-end chain observability and ensuring that you can quickly correlate any product or environmental changes to the overall health of your cloud-native implementation. diff --git a/charts/stackstate/stackstate-k8s-agent/1.0.82/charts/http-header-injector/.helmignore b/charts/stackstate/stackstate-k8s-agent/1.0.82/charts/http-header-injector/.helmignore deleted file mode 100644 index 69790771c..000000000 --- a/charts/stackstate/stackstate-k8s-agent/1.0.82/charts/http-header-injector/.helmignore +++ /dev/null @@ -1,25 +0,0 @@ -# Patterns to ignore when building packages. -# This supports shell glob matching, relative path matching, and -# negation (prefixed with !). Only one pattern per line. -.DS_Store -# Common VCS dirs -.git/ -.gitignore -.bzr/ -.bzrignore -.hg/ -.hgignore -.svn/ -# Common backup files -*.swp -*.bak -*.tmp -*~ -# Various IDEs -.project -.idea/ -*.tmproj -.vscode/ -linter_values.yaml -ci/ -installation/ diff --git a/charts/stackstate/stackstate-k8s-agent/1.0.82/charts/http-header-injector/Chart.yaml b/charts/stackstate/stackstate-k8s-agent/1.0.82/charts/http-header-injector/Chart.yaml deleted file mode 100644 index 030e80924..000000000 --- a/charts/stackstate/stackstate-k8s-agent/1.0.82/charts/http-header-injector/Chart.yaml +++ /dev/null @@ -1,15 +0,0 @@ -apiVersion: v2 -appVersion: 0.0.1 -description: 'Helm chart for deploying the http-header-injector sidecar, which automatically - injects x-request-id into http traffic going through the cluster for pods which - have the annotation `http-header-injector.stackstate.io/inject: enabled` is set. ' -home: https://github.com/StackVista/http-header-injector -icon: https://www.stackstate.com/wp-content/uploads/2019/02/152x152-favicon.png -keywords: -- monitoring -- stackstate -maintainers: -- email: ops@stackstate.com - name: Stackstate Lupulus Team -name: http-header-injector -version: 0.0.9 diff --git a/charts/stackstate/stackstate-k8s-agent/1.0.82/charts/http-header-injector/README.md b/charts/stackstate/stackstate-k8s-agent/1.0.82/charts/http-header-injector/README.md deleted file mode 100644 index 1ee6fa3b1..000000000 --- a/charts/stackstate/stackstate-k8s-agent/1.0.82/charts/http-header-injector/README.md +++ /dev/null @@ -1,56 +0,0 @@ -# http-header-injector - -![Version: 0.0.9](https://img.shields.io/badge/Version-0.0.9-informational?style=flat-square) ![AppVersion: 0.0.1](https://img.shields.io/badge/AppVersion-0.0.1-informational?style=flat-square) - -Helm chart for deploying the http-header-injector sidecar, which automatically injects x-request-id into http traffic -going through the cluster for pods which have the annotation `http-header-injector.stackstate.io/inject: enabled` is set. - -**Homepage:** - -## Maintainers - -| Name | Email | Url | -| ---- | ------ | --- | -| Stackstate Lupulus Team | | | - -## Values - -| Key | Type | Default | Description | -|-----|------|---------|-------------| -| certificatePrehook | object | `{"image":{"pullPolicy":"IfNotPresent","registry":null,"repository":"stackstate/container-tools","tag":"1.2.0"},"resources":{"limits":{"cpu":"100m","memory":"100Mi"},"requests":{"cpu":"100m","memory":"100Mi"}}}` | Helm prehook to setup/remove a certificate for the sidecarInjector mutationwebhook | -| certificatePrehook.image.pullPolicy | string | `"IfNotPresent"` | Policy when pulling an image | -| certificatePrehook.image.registry | string | `nil` | Registry for the docker image. | -| certificatePrehook.image.tag | string | `"1.2.0"` | The tag for the docker image | -| debug | bool | `false` | Enable debugging. This will leave leave artifacts around like the prehook jobs for further inspection | -| enabled | bool | `true` | Enable/disable the mutationwebhook | -| global.extraAnnotations | object | `{}` | Extra annotations added ta all resources created by the helm chart | -| global.extraLabels | object | `{}` | Extra labels added ta all resources created by the helm chart | -| global.imagePullCredentials | object | `{}` | Globally define credentials for pulling images. | -| global.imagePullSecrets | list | `[]` | Globally add image pull secrets that are used. | -| global.imageRegistry | string | `nil` | Globally override the image registry that is used. Can be overridden by specific containers. Defaults to quay.io | -| images.pullSecretName | string | `nil` | | -| proxy | object | `{"image":{"pullPolicy":"IfNotPresent","registry":null,"repository":"stackstate/http-header-injector-proxy","tag":"sha-5ff79451"},"resources":{"limits":{"memory":"40Mi"},"requests":{"memory":"25Mi"}}}` | Proxy being injected into pods for rewriting http headers | -| proxy.image.pullPolicy | string | `"IfNotPresent"` | Policy when pulling an image | -| proxy.image.registry | string | `nil` | Registry for the docker image. | -| proxy.image.tag | string | `"sha-5ff79451"` | The tag for the docker image | -| proxy.resources.limits.memory | string | `"40Mi"` | Memory resource limits. | -| proxy.resources.requests.memory | string | `"25Mi"` | Memory resource requests. | -| proxyInit | object | `{"image":{"pullPolicy":"IfNotPresent","registry":null,"repository":"stackstate/http-header-injector-proxy-init","tag":"sha-5ff79451"}}` | InitContainer within pod which redirects traffic to the proxy container. | -| proxyInit.image.pullPolicy | string | `"IfNotPresent"` | Policy when pulling an image | -| proxyInit.image.registry | string | `nil` | Registry for the docker image | -| proxyInit.image.tag | string | `"sha-5ff79451"` | The tag for the docker image | -| sidecarInjector | object | `{"image":{"pullPolicy":"IfNotPresent","registry":null,"repository":"stackstate/generic-sidecar-injector","tag":"sha-9c852245"}}` | Service for injecting the proxy sidecar into pods | -| sidecarInjector.image.pullPolicy | string | `"IfNotPresent"` | Policy when pulling an image | -| sidecarInjector.image.registry | string | `nil` | Registry for the docker image. | -| sidecarInjector.image.tag | string | `"sha-9c852245"` | The tag for the docker image | -| webhook | object | `{"failurePolicy":"Ignore","tls":{"certManager":{"issuer":"","issuerKind":"ClusterIssuer","issuerNamespace":""},"mode":"generated","provided":{"caBundle":"","crt":"","key":""},"secret":{"name":""}}}` | MutationWebhook that will be installed to inject a sidecar into pods | -| webhook.failurePolicy | string | `"Ignore"` | How should the webhook fail? Best is to use Ignore, because there is a brief moment at initialization when the hook s there but the service not. Also, putting this to fail can cause the control plane be unresponsive. | -| webhook.tls.certManager.issuer | string | `""` | The issuer that is used for the webhook. Only used if you set webhook.tls.mode to "cert-manager". | -| webhook.tls.certManager.issuerKind | string | `"ClusterIssuer"` | The issuer kind that is used for the webhook, valid values are "Issuer" or "ClusterIssuer". Only used if you set webhook.tls.mode to "cert-manager". | -| webhook.tls.certManager.issuerNamespace | string | `""` | The namespace the cert-manager issuer is located in. If left empty defaults to the release's namespace that is used for the webhook. Only used if you set webhook.tls.mode to "cert-manager". | -| webhook.tls.mode | string | `"generated"` | The mode for the webhook. Can be "provided", "generated", "secret" or "cert-manager". If you want to use cert-manager, you need to install it first. NOTE: If you choose "generated", additional privileges are required to create the certificate and webhook at runtime. | -| webhook.tls.provided.caBundle | string | `""` | The caBundle that is used for the webhook. This is the certificate that is used to sign the webhook. Only used if you set webhook.tls.mode to "provided". | -| webhook.tls.provided.crt | string | `""` | The certificate that is used for the webhook. Only used if you set webhook.tls.mode to "provided". | -| webhook.tls.provided.key | string | `""` | The key that is used for the webhook. Only used if you set webhook.tls.mode to "provided". | -| webhook.tls.secret.name | string | `""` | The name of the secret containing the pre-provisioned certificate data that is used for the webhook. Only used if you set webhook.tls.mode to "secret". | - diff --git a/charts/stackstate/stackstate-k8s-agent/1.0.82/charts/http-header-injector/Readme.md.gotpl b/charts/stackstate/stackstate-k8s-agent/1.0.82/charts/http-header-injector/Readme.md.gotpl deleted file mode 100644 index 225032aa2..000000000 --- a/charts/stackstate/stackstate-k8s-agent/1.0.82/charts/http-header-injector/Readme.md.gotpl +++ /dev/null @@ -1,26 +0,0 @@ -{{ template "chart.header" . }} -{{ template "chart.description" . }} - -Current chart version is `{{ template "chart.version" . }}` - -{{ template "chart.homepageLine" . }} - -{{ template "chart.requirementsSection" . }} - -## Required Values - -No values have to be included to install this chart. After installing this chart, it becomes possible to annotate pods with -the `http-header-injector.stackstate.io/inject: enabled` annotation to make sure the sidecar provided by this chart is -activated on a pod. - -## Recommended Values - -{{ template "chart.valuesSection" . -}} - -## Install - -Install from the command line on Helm with the following command: - -```shell -helm install stackstate/http-header-injector -``` diff --git a/charts/stackstate/stackstate-k8s-agent/1.0.82/charts/http-header-injector/templates/_defines.tpl b/charts/stackstate/stackstate-k8s-agent/1.0.82/charts/http-header-injector/templates/_defines.tpl deleted file mode 100644 index ee6b7320e..000000000 --- a/charts/stackstate/stackstate-k8s-agent/1.0.82/charts/http-header-injector/templates/_defines.tpl +++ /dev/null @@ -1,131 +0,0 @@ -{{- define "http-header-injector.app.name" -}} -{{ .Release.Name }}-http-header-injector -{{- end -}} - -{{- define "http-header-injector.webhook-service.name" -}} -{{ .Release.Name }}-http-header-injector -{{- end -}} - -{{- define "http-header-injector.webhook-service.fqname" -}} -{{ .Release.Name }}-http-header-injector.{{ .Release.Namespace }}.svc -{{- end -}} - -{{- define "http-header-injector.cert-secret.name" -}} -{{- if eq .Values.webhook.tls.mode "secret" -}} -{{ .Values.webhook.tls.secret.name }} -{{- else -}} -{{ .Release.Name }}-http-injector-cert -{{- end -}} -{{- end -}} - -{{- define "http-header-injector.cert-clusterrole.name" -}} -{{ .Release.Name }}-http-injector-cert-cluster-role -{{- end -}} - -{{- define "http-header-injector.cert-serviceaccount.name" -}} -{{ .Release.Name }}-http-injector-cert-sa -{{- end -}} - -{{- define "http-header-injector.cert-config.name" -}} -{{ .Release.Name }}-cert-config -{{- end -}} - -{{- define "http-header-injector.mutatingwebhookconfiguration.name" -}} -{{ .Release.Name }}-http-header-injector-webhook.stackstate.io -{{- end -}} - -{{- define "http-header-injector.webhook-config.name" -}} -{{ .Release.Name }}-http-header-injector-config -{{- end -}} - -{{- define "http-header-injector.mutating-webhook.name" -}} -{{ .Release.Name }}-http-header-injector-webhook -{{- end -}} - -{{- define "http-header-injector.pull-secret.name" -}} -{{ include "http-header-injector.app.name" . }}-pull-secret -{{- end -}} - -{{/* If the issuer is located in a different namespace, it is possible to set that, else default to the release namespace */}} -{{- define "cert-manager.certificate.namespace" -}} -{{ .Values.webhook.tls.certManager.issuerNamespace | default .Release.Namespace }} -{{- end -}} - -{{- define "http-header-injector.image.registry.global" -}} - {{- if .Values.global }} - {{- .Values.global.imageRegistry | default "quay.io" -}} - {{- else -}} - quay.io - {{- end -}} -{{- end -}} - -{{- define "http-header-injector.image.registry" -}} - {{- if ((.ContainerConfig).image).registry -}} - {{- tpl .ContainerConfig.image.registry . -}} - {{- else -}} - {{- include "http-header-injector.image.registry.global" . }} - {{- end -}} -{{- end -}} - -{{- define "http-header-injector.image.pullSecrets" -}} - {{- $pullSecrets := list }} - {{- $pullSecrets = append $pullSecrets (include "http-header-injector.pull-secret.name" .) }} - {{- range .Values.global.imagePullSecrets -}} - {{- $pullSecrets = append $pullSecrets . -}} - {{- end -}} - {{- if (not (empty $pullSecrets)) -}} -imagePullSecrets: - {{- range $pullSecrets | uniq }} - - name: {{ . }} - {{- end }} - {{- end -}} -{{- end -}} - -{{- define "http-header-injector.cert-setup.container.main" }} -{{- $containerConfig := dict "ContainerConfig" .Values.certificatePrehook -}} -name: webhook-cert-setup -image: "{{ include "http-header-injector.image.registry" (merge $containerConfig .) }}/{{ .Values.certificatePrehook.image.repository }}:{{ .Values.certificatePrehook.image.tag }}" -imagePullPolicy: {{ .Values.certificatePrehook.image.pullPolicy }} -{{- with .Values.certificatePrehook.resources }} -resources: - {{- toYaml . | nindent 2 }} -{{- end }} -volumeMounts: - - name: "{{ include "http-header-injector.cert-config.name" . }}" - mountPath: /scripts - readOnly: true -command: ["/scripts/generate-cert.sh"] -{{- end }} - -{{- define "http-header-injector.cert-delete.container.main" }} -{{- $containerConfig := dict "ContainerConfig" .Values.certificatePrehook -}} -name: webhook-cert-delete -image: "{{ include "http-header-injector.image.registry" (merge $containerConfig .) }}/{{ .Values.certificatePrehook.image.repository }}:{{ .Values.certificatePrehook.image.tag }}" -imagePullPolicy: {{ .Values.certificatePrehook.image.pullPolicy }} -{{- with .Values.certificatePrehook.resources }} -resources: - {{- toYaml . | nindent 2 }} -{{- end }} -volumeMounts: - - name: "{{ include "http-header-injector.cert-config.name" . }}" - mountPath: /scripts -command: [ "/scripts/delete-cert.sh" ] -{{- end }} - -{{/* -Returns a YAML with extra annotations. -*/}} -{{- define "http-header-injector.global.extraAnnotations" -}} -{{- with .Values.global.extraAnnotations }} -{{- toYaml . }} -{{- end }} -{{- end -}} - -{{/* -Returns a YAML with extra labels. -*/}} -{{- define "http-header-injector.global.extraLabels" -}} -{{- with .Values.global.extraLabels }} -{{- toYaml . }} -{{- end }} -{{- end -}} \ No newline at end of file diff --git a/charts/stackstate/stackstate-k8s-agent/1.0.82/charts/http-header-injector/templates/cert-hook-clusterrolbinding.yaml b/charts/stackstate/stackstate-k8s-agent/1.0.82/charts/http-header-injector/templates/cert-hook-clusterrolbinding.yaml deleted file mode 100644 index fc0c01258..000000000 --- a/charts/stackstate/stackstate-k8s-agent/1.0.82/charts/http-header-injector/templates/cert-hook-clusterrolbinding.yaml +++ /dev/null @@ -1,24 +0,0 @@ -{{- if eq .Values.webhook.tls.mode "generated" }} -apiVersion: rbac.authorization.k8s.io/v1 -kind: ClusterRoleBinding -metadata: - name: "{{ include "http-header-injector.cert-serviceaccount.name" . }}" - labels: - app.kubernetes.io/component: http-header-injector-cert-hook - app.kubernetes.io/instance: {{ .Release.Name }} - app.kubernetes.io/name: {{ include "http-header-injector.app.name" . }} -{{ include "http-header-injector.global.extraLabels" . | indent 4 }} - annotations: - "helm.sh/hook": pre-install,pre-upgrade,post-delete,post-upgrade - "helm.sh/hook-weight": "-3" - "helm.sh/hook-delete-policy": before-hook-creation,hook-succeeded -{{ include "http-header-injector.global.extraAnnotations" . | indent 4 }} -roleRef: - apiGroup: rbac.authorization.k8s.io - kind: ClusterRole - name: "{{ include "http-header-injector.cert-clusterrole.name" . }}" -subjects: - - kind: ServiceAccount - name: "{{ include "http-header-injector.cert-serviceaccount.name" . }}" - namespace: {{ .Release.Namespace }} -{{- end }} diff --git a/charts/stackstate/stackstate-k8s-agent/1.0.82/charts/http-header-injector/templates/cert-hook-clusterrole.yaml b/charts/stackstate/stackstate-k8s-agent/1.0.82/charts/http-header-injector/templates/cert-hook-clusterrole.yaml deleted file mode 100644 index afab838b3..000000000 --- a/charts/stackstate/stackstate-k8s-agent/1.0.82/charts/http-header-injector/templates/cert-hook-clusterrole.yaml +++ /dev/null @@ -1,26 +0,0 @@ -{{- if eq .Values.webhook.tls.mode "generated" }} -apiVersion: rbac.authorization.k8s.io/v1 -kind: ClusterRole -metadata: - name: "{{ include "http-header-injector.cert-clusterrole.name" . }}" - labels: - app.kubernetes.io/component: http-header-injector-cert-hook - app.kubernetes.io/instance: {{ .Release.Name }} - app.kubernetes.io/name: {{ include "http-header-injector.app.name" . }} -{{ include "http-header-injector.global.extraLabels" . | indent 4 }} - annotations: - "helm.sh/hook": pre-install,pre-upgrade,post-delete,post-upgrade - "helm.sh/hook-weight": "-4" - "helm.sh/hook-delete-policy": before-hook-creation,hook-succeeded -{{ include "http-header-injector.global.extraAnnotations" . | indent 4 }} -rules: - - apiGroups: [ "admissionregistration.k8s.io" ] - resources: [ "mutatingwebhookconfigurations" ] - verbs: [ "get", "create", "patch","update","delete" ] - - apiGroups: [ "" ] - resources: [ "secrets" ] - verbs: [ "create", "get", "patch","update","delete" ] - - apiGroups: [ "apps" ] - resources: [ "deployments" ] - verbs: [ "get" ] -{{- end }} diff --git a/charts/stackstate/stackstate-k8s-agent/1.0.82/charts/http-header-injector/templates/cert-hook-config.yaml b/charts/stackstate/stackstate-k8s-agent/1.0.82/charts/http-header-injector/templates/cert-hook-config.yaml deleted file mode 100644 index a22bdf4fb..000000000 --- a/charts/stackstate/stackstate-k8s-agent/1.0.82/charts/http-header-injector/templates/cert-hook-config.yaml +++ /dev/null @@ -1,158 +0,0 @@ -{{- if eq .Values.webhook.tls.mode "generated" }} -apiVersion: v1 -kind: ConfigMap -metadata: - name: "{{ include "http-header-injector.cert-config.name" . }}" - labels: - app.kubernetes.io/component: http-header-injector-cert-hook - app.kubernetes.io/instance: {{ .Release.Name }} - app.kubernetes.io/name: {{ include "http-header-injector.app.name" . }} -{{ include "http-header-injector.global.extraLabels" . | indent 4 }} - annotations: - "helm.sh/hook": pre-install,pre-upgrade,post-delete,post-upgrade - "helm.sh/hook-weight": "-3" - "helm.sh/hook-delete-policy": before-hook-creation,hook-succeeded -{{ include "http-header-injector.global.extraAnnotations" . | indent 4 }} -data: - generate-cert.sh: | - #!/bin/bash - - # We are going for a self-signed certificate here. We would like to use k8s CertificateSigningRequest, however, - # currently there are no out of the box signers that can sign a 'server auth' certificate, which is required for mutation webhooks. - set -ex - - SCRIPTDIR="${BASH_SOURCE%/*}" - - DIR=`mktemp -d` - - cd "$DIR" - - {{ if .Values.enabled }} - echo "Chart enabled, creating secret and webhook" - - openssl genrsa -out ca.key 2048 - - openssl req -x509 -new -nodes -key ca.key -subj "/CN={{ include "http-header-injector.webhook-service.fqname" . }}" -days 10000 -out ca.crt - - openssl genrsa -out tls.key 2048 - - openssl req -new -key tls.key -out tls.csr -config "$SCRIPTDIR/csr.conf" - - openssl x509 -req -in tls.csr -CA ca.crt -CAkey ca.key \ - -CAcreateserial -out tls.crt -days 10000 \ - -extensions v3_ext -extfile "$SCRIPTDIR/csr.conf" -sha256 - - # Create or update the secret - echo "Applying secret" - kubectl create secret tls "{{ include "http-header-injector.cert-secret.name" . }}" \ - -n "{{ .Release.Namespace }}" \ - --cert=./tls.crt \ - --key=./tls.key \ - --dry-run=client \ - -o yaml | kubectl apply -f - - - echo "Applying mutationwebhook" - caBundle=`base64 -w 0 ca.crt` - cat "$SCRIPTDIR/mutatingwebhookconfiguration.yaml" | sed "s/\\\$CA_BUNDLE/$caBundle/g" | kubectl apply -f - - {{ else }} - echo "Chart disabled, not creating secret and webhook" - {{ end }} - delete-cert.sh: | - #!/bin/bash - - set -x - - DIR="${BASH_SOURCE%/*}" - if [[ ! -d "$DIR" ]]; then DIR="$PWD"; fi - if [[ "$DIR" = "." ]]; then DIR="$PWD"; fi - - cd "$DIR" - - # Using detection of deployment hee to also make this work in post-delete. - if kubectl get deployments "{{ include "http-header-injector.app.name" . }}" -n "{{ .Release.Namespace }}"; then - echo "Chart enabled, not removing secret and mutationwebhook" - exit 0 - else - echo "Chart disabled, removing secret and mutationwebhook" - fi - - # Create or update the secret - echo "Deleting secret" - kubectl delete secret "{{ include "http-header-injector.cert-secret.name" . }}" -n "{{ .Release.Namespace }}" - - echo "Applying mutationwebhook" - kubectl delete MutatingWebhookConfiguration "{{ include "http-header-injector.mutating-webhook.name" . }}" -n "{{ .Release.Namespace }}" - - exit 0 - - csr.conf: | - [ req ] - default_bits = 2048 - prompt = no - default_md = sha256 - req_extensions = req_ext - distinguished_name = dn - - [ dn ] - C = NL - ST = Utrecht - L = Hilversum - O = StackState - OU = Dev - CN = {{ include "http-header-injector.webhook-service.fqname" . }} - - [ req_ext ] - subjectAltName = @alt_names - - [ alt_names ] - DNS.1 = {{ include "http-header-injector.webhook-service.fqname" . }} - - [ v3_ext ] - authorityKeyIdentifier=keyid,issuer:always - basicConstraints=CA:FALSE - keyUsage=keyEncipherment,dataEncipherment - extendedKeyUsage=serverAuth - subjectAltName=@alt_names - - mutatingwebhookconfiguration.yaml: | - apiVersion: admissionregistration.k8s.io/v1 - kind: MutatingWebhookConfiguration - metadata: - name: "{{ include "http-header-injector.mutating-webhook.name" . }}" - namespace: "{{ .Release.Namespace }}" - labels: -{{ include "http-header-injector.global.extraLabels" . | indent 8 }} - annotations: -{{ include "http-header-injector.global.extraAnnotations" . | indent 8 }} - webhooks: - - clientConfig: - caBundle: "$CA_BUNDLE" - service: - name: "{{ include "http-header-injector.webhook-service.name" . }}" - path: /mutate - namespace: {{ .Release.Namespace }} - port: 8443 - # Putting failure on ignore, not doing so can crash the entire control plane if something goes wrong with the service. - failurePolicy: "{{ .Values.webhook.failurePolicy }}" - name: "{{ include "http-header-injector.mutatingwebhookconfiguration.name" . }}" - namespaceSelector: - matchExpressions: - - key: kubernetes.io/metadata.name - operator: NotIn - values: - - kube-system - - cert-manager - - {{ .Release.Namespace }} - rules: - - apiGroups: - - "" - apiVersions: - - v1 - operations: - - CREATE - resources: - - pods - sideEffects: None - admissionReviewVersions: - - v1 -{{- end }} diff --git a/charts/stackstate/stackstate-k8s-agent/1.0.82/charts/http-header-injector/templates/cert-hook-job-delete.yaml b/charts/stackstate/stackstate-k8s-agent/1.0.82/charts/http-header-injector/templates/cert-hook-job-delete.yaml deleted file mode 100644 index 6f72ce247..000000000 --- a/charts/stackstate/stackstate-k8s-agent/1.0.82/charts/http-header-injector/templates/cert-hook-job-delete.yaml +++ /dev/null @@ -1,39 +0,0 @@ -{{- if eq .Values.webhook.tls.mode "generated" }} -apiVersion: batch/v1 -kind: Job -metadata: - name: {{ .Release.Name }}-header-injector-cert-delete - labels: - app.kubernetes.io/component: http-header-injector-cert-hook-delete - app.kubernetes.io/instance: {{ .Release.Name }} - app.kubernetes.io/name: {{ include "http-header-injector.app.name" . }} -{{ include "http-header-injector.global.extraLabels" . | indent 4 }} - annotations: - "helm.sh/hook": post-delete,post-upgrade - "helm.sh/hook-weight": "-2" - "helm.sh/hook-delete-policy": before-hook-creation{{- if not .Values.debug -}},hook-succeeded{{- end }} -{{ include "http-header-injector.global.extraAnnotations" . | indent 4 }} -spec: - template: - metadata: - labels: - app.kubernetes.io/component: http-header-injector-delete - app.kubernetes.io/instance: {{ .Release.Name }} - app.kubernetes.io/name: {{ include "http-header-injector.app.name" . }} -{{ include "http-header-injector.global.extraLabels" . | indent 8 }} - annotations: - checksum/config: {{ include (print $.Template.BasePath "/cert-hook-config.yaml") . | sha256sum }} -{{ include "http-header-injector.global.extraAnnotations" . | indent 8 }} - spec: - serviceAccountName: "{{ include "http-header-injector.cert-serviceaccount.name" . }}" - {{- include "http-header-injector.image.pullSecrets" . | nindent 6 }} - volumes: - - name: "{{ include "http-header-injector.cert-config.name" . }}" - configMap: - name: "{{ include "http-header-injector.cert-config.name" . }}" - defaultMode: 0777 - containers: - - {{ include "http-header-injector.cert-delete.container.main" . | nindent 8 }} - restartPolicy: Never - backoffLimit: 0 -{{- end }} diff --git a/charts/stackstate/stackstate-k8s-agent/1.0.82/charts/http-header-injector/templates/cert-hook-job-setup.yaml b/charts/stackstate/stackstate-k8s-agent/1.0.82/charts/http-header-injector/templates/cert-hook-job-setup.yaml deleted file mode 100644 index cc1c89631..000000000 --- a/charts/stackstate/stackstate-k8s-agent/1.0.82/charts/http-header-injector/templates/cert-hook-job-setup.yaml +++ /dev/null @@ -1,39 +0,0 @@ -{{- if eq .Values.webhook.tls.mode "generated" }} -apiVersion: batch/v1 -kind: Job -metadata: - name: {{ .Release.Name }}-header-injector-cert-setup - labels: - app.kubernetes.io/component: http-header-injector-cert-hook-setup - app.kubernetes.io/instance: {{ .Release.Name }} - app.kubernetes.io/name: {{ include "http-header-injector.app.name" . }} -{{ include "http-header-injector.global.extraLabels" . | indent 4 }} - annotations: - "helm.sh/hook": pre-install,pre-upgrade - "helm.sh/hook-weight": "-2" - "helm.sh/hook-delete-policy": before-hook-creation{{- if not .Values.debug -}},hook-succeeded{{- end }} -{{ include "http-header-injector.global.extraAnnotations" . | indent 4 }} -spec: - template: - metadata: - labels: - app.kubernetes.io/component: http-header-injector-setup - app.kubernetes.io/instance: {{ .Release.Name }} - app.kubernetes.io/name: {{ include "http-header-injector.app.name" . }} -{{ include "http-header-injector.global.extraLabels" . | indent 8 }} - annotations: - checksum/config: {{ include (print $.Template.BasePath "/cert-hook-config.yaml") . | sha256sum }} -{{ include "http-header-injector.global.extraAnnotations" . | indent 8 }} - spec: - serviceAccountName: "{{ include "http-header-injector.cert-serviceaccount.name" . }}" - {{- include "http-header-injector.image.pullSecrets" . | nindent 6 }} - volumes: - - name: "{{ include "http-header-injector.cert-config.name" . }}" - configMap: - name: "{{ include "http-header-injector.cert-config.name" . }}" - defaultMode: 0777 - containers: - - {{ include "http-header-injector.cert-setup.container.main" . | nindent 8 }} - restartPolicy: Never - backoffLimit: 0 -{{- end }} diff --git a/charts/stackstate/stackstate-k8s-agent/1.0.82/charts/http-header-injector/templates/cert-hook-serviceaccount.yaml b/charts/stackstate/stackstate-k8s-agent/1.0.82/charts/http-header-injector/templates/cert-hook-serviceaccount.yaml deleted file mode 100644 index 29b26df95..000000000 --- a/charts/stackstate/stackstate-k8s-agent/1.0.82/charts/http-header-injector/templates/cert-hook-serviceaccount.yaml +++ /dev/null @@ -1,18 +0,0 @@ -{{- if eq .Values.webhook.tls.mode "generated" }} -apiVersion: v1 -kind: ServiceAccount -metadata: - name: "{{ include "http-header-injector.cert-serviceaccount.name" . }}" - namespace: {{ .Release.Namespace }} - annotations: - "helm.sh/hook": pre-install,pre-upgrade,post-delete,post-upgrade - "helm.sh/hook-weight": "-4" - "helm.sh/hook-delete-policy": before-hook-creation,hook-succeeded -{{ include "http-header-injector.global.extraAnnotations" . | indent 4 }} - labels: - app.kubernetes.io/component: http-header-injector-cert-hook - app.kubernetes.io/instance: {{ .Release.Name }} - app.kubernetes.io/name: {{ include "http-header-injector.app.name" . }} - app: "{{ include "http-header-injector.app.name" . }}" -{{ include "http-header-injector.global.extraLabels" . | indent 4 }} -{{- end }} diff --git a/charts/stackstate/stackstate-k8s-agent/1.0.82/charts/http-header-injector/templates/pull-secret.yaml b/charts/stackstate/stackstate-k8s-agent/1.0.82/charts/http-header-injector/templates/pull-secret.yaml deleted file mode 100644 index 80b4ee404..000000000 --- a/charts/stackstate/stackstate-k8s-agent/1.0.82/charts/http-header-injector/templates/pull-secret.yaml +++ /dev/null @@ -1,32 +0,0 @@ -{{- $defaultRegistry := .Values.global.imageRegistry }} -{{- $top := . }} -{{- $registryAuthMap := dict }} - -{{- range $registry, $credentials := .Values.global.imagePullCredentials }} - {{- $registryAuthDocument := dict -}} - {{- $_ := set $registryAuthDocument "username" $credentials.username }} - {{- $_ := set $registryAuthDocument "password" $credentials.password }} - {{- $authMessage := printf "%s:%s" $registryAuthDocument.username $registryAuthDocument.password | b64enc }} - {{- $_ := set $registryAuthDocument "auth" $authMessage }} - {{- if eq $registry "default" }} - {{- $registryAuthMap := set $registryAuthMap (include "http-header-injector.image.registry.global" $top) $registryAuthDocument }} - {{ else }} - {{- $registryAuthMap := set $registryAuthMap $registry $registryAuthDocument }} - {{- end }} -{{- end }} -{{- $dockerAuthsDocuments := dict "auths" $registryAuthMap }} - -apiVersion: v1 -kind: Secret -metadata: - labels: - app.kubernetes.io/component: http-header-injector - app.kubernetes.io/instance: {{ .Release.Name }} - app.kubernetes.io/name: {{ include "http-header-injector.app.name" . }} -{{ include "http-header-injector.global.extraLabels" . | indent 4 }} - annotations: -{{ include "http-header-injector.global.extraAnnotations" . | indent 4 }} - name: {{ include "http-header-injector.pull-secret.name" . }} -data: - .dockerconfigjson: {{ $dockerAuthsDocuments | toJson | b64enc | quote }} -type: kubernetes.io/dockerconfigjson \ No newline at end of file diff --git a/charts/stackstate/stackstate-k8s-agent/1.0.82/charts/http-header-injector/templates/webhook-cert-secret.yaml b/charts/stackstate/stackstate-k8s-agent/1.0.82/charts/http-header-injector/templates/webhook-cert-secret.yaml deleted file mode 100644 index f571ca86b..000000000 --- a/charts/stackstate/stackstate-k8s-agent/1.0.82/charts/http-header-injector/templates/webhook-cert-secret.yaml +++ /dev/null @@ -1,18 +0,0 @@ -{{- if eq .Values.webhook.tls.mode "provided" }} -apiVersion: v1 -kind: Secret -metadata: - name: {{ include "http-header-injector.cert-secret.name" . }} - namespace: {{ .Release.Namespace }} - labels: - app.kubernetes.io/component: http-header-injector - app.kubernetes.io/instance: {{ .Release.Name }} - app.kubernetes.io/name: {{ include "http-header-injector.app.name" . }} -{{ include "http-header-injector.global.extraLabels" . | indent 4 }} - annotations: -{{ include "http-header-injector.global.extraAnnotations" . | indent 4 }} -type: kubernetes.io/tls -data: - tls.crt: {{ .Values.webhook.tls.provided.crt | b64enc }} - tls.key: {{ .Values.webhook.tls.provided.key | b64enc }} -{{- end }} diff --git a/charts/stackstate/stackstate-k8s-agent/1.0.82/charts/http-header-injector/templates/webhook-certificate.yaml b/charts/stackstate/stackstate-k8s-agent/1.0.82/charts/http-header-injector/templates/webhook-certificate.yaml deleted file mode 100644 index a68c7c5f6..000000000 --- a/charts/stackstate/stackstate-k8s-agent/1.0.82/charts/http-header-injector/templates/webhook-certificate.yaml +++ /dev/null @@ -1,23 +0,0 @@ -{{- if eq .Values.webhook.tls.mode "cert-manager" }} -apiVersion: cert-manager.io/v1 -kind: Certificate -metadata: - name: {{ include "http-header-injector.webhook-service.name" . }} - namespace: {{ include "cert-manager.certificate.namespace" . }} - labels: - app.kubernetes.io/component: http-header-injector - app.kubernetes.io/instance: {{ .Release.Name }} - app.kubernetes.io/name: {{ include "http-header-injector.app.name" . }} -{{ include "http-header-injector.global.extraLabels" . | indent 4 }} - annotations: -{{ include "http-header-injector.global.extraAnnotations" . | indent 4 }} -spec: - secretName: {{ include "http-header-injector.cert-secret.name" . }} - issuerRef: - name: {{ .Values.webhook.tls.certManager.issuer }} - kind: {{ .Values.webhook.tls.certManager.issuerKind }} - dnsNames: - - "{{ include "http-header-injector.webhook-service.name" . }}" - - "{{ include "http-header-injector.webhook-service.name" . }}.{{ .Release.Namespace }}" - - "{{ include "http-header-injector.webhook-service.name" . }}.{{ .Release.Namespace }}.svc" -{{- end }} diff --git a/charts/stackstate/stackstate-k8s-agent/1.0.82/charts/http-header-injector/templates/webhook-config.yaml b/charts/stackstate/stackstate-k8s-agent/1.0.82/charts/http-header-injector/templates/webhook-config.yaml deleted file mode 100644 index 20b38ce96..000000000 --- a/charts/stackstate/stackstate-k8s-agent/1.0.82/charts/http-header-injector/templates/webhook-config.yaml +++ /dev/null @@ -1,128 +0,0 @@ -{{- if .Values.enabled -}} -{{- $proxyContainerConfig := dict "ContainerConfig" .Values.proxy -}} -{{- $proxyInitContainerConfig := dict "ContainerConfig" .Values.proxyInit -}} -apiVersion: v1 -kind: ConfigMap -metadata: - labels: - app.kubernetes.io/component: http-header-injector - app.kubernetes.io/instance: {{ .Release.Name }} - app.kubernetes.io/name: {{ include "http-header-injector.app.name" . }} -{{ include "http-header-injector.global.extraLabels" . | indent 4 }} - annotations: -{{ include "http-header-injector.global.extraAnnotations" . | indent 4 }} - name: {{ .Release.Name }}-http-header-injector-config -data: - sidecarconfig.yaml: | - initContainers: - - name: http-header-proxy-init - image: "{{ include "http-header-injector.image.registry" (merge $proxyInitContainerConfig .) }}/{{ .Values.proxyInit.image.repository }}:{{ .Values.proxyInit.image.tag }}" - imagePullPolicy: {{ .Values.proxyInit.image.pullPolicy }} - command: ["/init-iptables.sh"] - env: - - name: CHART_VERSION - value: "{{ .Chart.Version }}" - - name: PROXY_PORT - value: {% if index .Annotations "config.http-header-injector.stackstate.io/proxy-port" %}"{% index .Annotations "config.http-header-injector.stackstate.io/proxy-port" %}"{% else %}"7060"{% end %} - - name: PROXY_UID - value: {% if index .Annotations "config.http-header-injector.stackstate.io/proxy-uid" %}"{% index .Annotations "config.http-header-injector.stackstate.io/proxy-uid" %}"{% else %}"2103"{% end %} - - name: POD_HOST_NETWORK - value: {% .Spec.HostNetwork %} - {% if eq (index .Annotations "linkerd.io/inject") "enabled" %} - - name: LINKERD - value: true - # Reference: https://linkerd.io/2.13/reference/proxy-configuration/ - - name: LINKERD_PROXY_UID - value: {% if index .Annotations "config.linkerd.io/proxy-uid" %}"{% index .Annotations "config.linkerd.io/proxy-uid" %}"{% else %}"2102"{% end %} - # Due to https://github.com/linkerd/linkerd2/issues/10981 this is now not realy possible, still bringing in the code for future reference - - name: LINKERD_ADMIN_PORT - value: {% if index .Annotations "config.linkerd.io/admin-port" %}"{% index .Annotations "config.linkerd.io/admin-port" %}"{% else %}"4191"{% end %} - {% end %} - securityContext: - allowPrivilegeEscalation: false - capabilities: - add: - - NET_ADMIN - - NET_RAW - privileged: false - readOnlyRootFilesystem: true - runAsNonRoot: false - runAsUser: 0 - seccompProfile: - type: RuntimeDefault - volumeMounts: - # This is required for iptables to be able to run - - mountPath: /run - name: http-header-proxy-init-xtables-lock - - containers: - - name: http-header-proxy - image: "{{ include "http-header-injector.image.registry" (merge $proxyContainerConfig .) }}/{{ .Values.proxy.image.repository }}:{{ .Values.proxy.image.tag }}" - imagePullPolicy: {{ .Values.proxy.image.pullPolicy }} - env: - - name: CHART_VERSION - value: "{{ .Chart.Version }}" - - name: PORT - value: {% if index .Annotations "config.http-header-injector.stackstate.io/proxy-port" %}"{% index .Annotations "config.http-header-injector.stackstate.io/proxy-port" %}"{% else %}"7060"{% end %} - - name: DEBUG - value: {% if index .Annotations "config.http-header-injector.stackstate.io/debug" %}"{% index .Annotations "config.http-header-injector.stackstate.io/debug" %}"{% else %}"disabled"{% end %} - securityContext: - runAsUser: {% if index .Annotations "config.http-header-injector.stackstate.io/proxy-uid" %}{% index .Annotations "config.http-header-injector.stackstate.io/proxy-uid" %}{% else %}2103{% end %} - seccompProfile: - type: RuntimeDefault - {{- with .Values.proxy.resources }} - resources: - {{- toYaml . | nindent 12 }} - {{- end }} - - name: http-header-inject-debug - image: "{{ include "http-header-injector.image.registry" (merge $proxyContainerConfig .) }}/{{ .Values.proxyInit.image.repository }}:{{ .Values.proxyInit.image.tag }}" - imagePullPolicy: {{ .Values.proxyInit.image.pullPolicy }} - command: ["/bin/sh", "-c", "while echo \"Running\"; do sleep 1; done"] - securityContext: - allowPrivilegeEscalation: false - capabilities: - add: - - NET_ADMIN - - NET_RAW - privileged: false - readOnlyRootFilesystem: true - runAsNonRoot: false - runAsUser: 0 - seccompProfile: - type: RuntimeDefault - volumeMounts: - # This is required for iptables to be able to run - - mountPath: /run - name: http-header-proxy-init-xtables-lock - - volumes: - - emptyDir: {} - name: http-header-proxy-init-xtables-lock - - mutationconfig.yaml: | - mutationConfigs: - - name: "http-header-injector" - annotationNamespace: "http-header-injector.stackstate.io" - annotationTrigger: "inject" - annotationConfig: - volumeMounts: [] - initContainersBeforePodInitContainers: [ "http-header-proxy-init" ] - initContainers: [ "http-header-proxy-init" ] - containers: [ "http-header-proxy" ] - volumes: [ "http-header-proxy-init-xtables-lock" ] - volumeMounts: [ ] - # Namespaces are ignored by the mutatingwebhook - ignoreNamespaces: [ ] - - name: "http-header-injector-debug" - annotationNamespace: "http-header-injector-debug.stackstate.io" - annotationTrigger: "inject" - annotationConfig: - volumeMounts: [] - initContainersBeforePodInitContainers: [ ] - initContainers: [ ] - containers: [ "http-header-inject-debug" ] - volumes: [ "http-header-proxy-init-xtables-lock" ] - volumeMounts: [ ] - # Namespaces are ignored by the mutatingwebhook - ignoreNamespaces: [ ] - {{- end -}} \ No newline at end of file diff --git a/charts/stackstate/stackstate-k8s-agent/1.0.82/charts/http-header-injector/templates/webhook-deployment.yaml b/charts/stackstate/stackstate-k8s-agent/1.0.82/charts/http-header-injector/templates/webhook-deployment.yaml deleted file mode 100644 index 8af6ff51a..000000000 --- a/charts/stackstate/stackstate-k8s-agent/1.0.82/charts/http-header-injector/templates/webhook-deployment.yaml +++ /dev/null @@ -1,61 +0,0 @@ -{{- if .Values.enabled -}} -{{- $containerConfig := dict "ContainerConfig" .Values.sidecarInjector -}} -apiVersion: apps/v1 -kind: Deployment -metadata: - labels: - app.kubernetes.io/component: http-header-injector - app.kubernetes.io/instance: {{ .Release.Name }} - app.kubernetes.io/name: {{ include "http-header-injector.app.name" . }} - app: "{{ include "http-header-injector.app.name" . }}" -{{ include "http-header-injector.global.extraLabels" . | indent 4 }} - annotations: -{{ include "http-header-injector.global.extraAnnotations" . | indent 4 }} - name: "{{ include "http-header-injector.app.name" . }}" -spec: - replicas: 1 - selector: - matchLabels: - app: "{{ include "http-header-injector.app.name" . }}" - template: - metadata: - labels: - app.kubernetes.io/component: http-header-injector - app.kubernetes.io/instance: {{ .Release.Name }} - app.kubernetes.io/name: {{ include "http-header-injector.app.name" . }} - app: "{{ include "http-header-injector.app.name" . }}" -{{ include "http-header-injector.global.extraLabels" . | indent 8 }} - annotations: - checksum/config: {{ include (print $.Template.BasePath "/webhook-config.yaml") . | sha256sum }} - # This is here to make sure the generic injector gets restarted and picks up a new secret that may have been generated upon upgrade. - revision: "{{ .Release.Revision }}" -{{ include "http-header-injector.global.extraAnnotations" . | indent 8 }} - name: "{{ include "http-header-injector.app.name" . }}" - spec: - {{- include "http-header-injector.image.pullSecrets" . | nindent 6 }} - volumes: - - name: "{{ include "http-header-injector.webhook-config.name" . }}" - configMap: - name: "{{ include "http-header-injector.webhook-config.name" . }}" - - name: "{{ include "http-header-injector.cert-secret.name" . }}" - secret: - secretName: "{{ include "http-header-injector.cert-secret.name" . }}" - containers: - - image: "{{ include "http-header-injector.image.registry" (merge $containerConfig .) }}/{{ .Values.sidecarInjector.image.repository }}:{{ .Values.sidecarInjector.image.tag }}" - imagePullPolicy: {{ .Values.sidecarInjector.image.pullPolicy }} - name: http-header-injector - volumeMounts: - - name: "{{ include "http-header-injector.webhook-config.name" . }}" - mountPath: /etc/webhook/config - readOnly: true - - name: "{{ include "http-header-injector.cert-secret.name" . }}" - mountPath: /etc/webhook/certs - readOnly: true - command: [ "/sidecarinjector" ] - args: - - --port=8443 - - --sidecar-config-file=/etc/webhook/config/sidecarconfig.yaml - - --mutation-config-file=/etc/webhook/config/mutationconfig.yaml - - --cert-file-path=/etc/webhook/certs/tls.crt - - --key-file-path=/etc/webhook/certs/tls.key -{{- end -}} \ No newline at end of file diff --git a/charts/stackstate/stackstate-k8s-agent/1.0.82/charts/http-header-injector/templates/webhook-mutatingwebhookconfiguration.yaml b/charts/stackstate/stackstate-k8s-agent/1.0.82/charts/http-header-injector/templates/webhook-mutatingwebhookconfiguration.yaml deleted file mode 100644 index de0acc1df..000000000 --- a/charts/stackstate/stackstate-k8s-agent/1.0.82/charts/http-header-injector/templates/webhook-mutatingwebhookconfiguration.yaml +++ /dev/null @@ -1,54 +0,0 @@ -{{- if not (eq .Values.webhook.tls.mode "generated") }} -apiVersion: admissionregistration.k8s.io/v1 -kind: MutatingWebhookConfiguration -metadata: - name: "{{ include "http-header-injector.mutating-webhook.name" . }}" - namespace: "{{ .Release.Namespace }}" - labels: - app.kubernetes.io/component: http-header-injector - app.kubernetes.io/instance: {{ .Release.Name }} - app.kubernetes.io/name: {{ include "http-header-injector.app.name" . }} -{{ include "http-header-injector.global.extraLabels" . | indent 4 }} - annotations: - {{- if eq .Values.webhook.tls.mode "cert-manager" }} - cert-manager.io/inject-ca-from: {{ include "cert-manager.certificate.namespace" . }}/{{ include "http-header-injector.webhook-service.name" . }} - {{- else if eq .Values.webhook.tls.mode "secret" }} - cert-manager.io/inject-ca-from-secret: {{ .Release.Namespace }}/{{ .Values.webhook.tls.secret.name | required "'webhook.tls.secret.name' is required when webhook.tls.mode is 'secret'" }} - {{- end }} -{{ include "http-header-injector.global.extraAnnotations" . | indent 4 }} -webhooks: - - clientConfig: - {{- if eq .Values.webhook.tls.mode "provided" }} - caBundle: "{{ .Values.webhook.tls.provided.caBundle | b64enc }}" - {{- else if or (eq .Values.webhook.tls.mode "cert-manager") (eq .Values.webhook.tls.mode "secret") }} - caBundle: "" - {{- end }} - service: - name: "{{ include "http-header-injector.webhook-service.name" . }}" - path: /mutate - namespace: {{ .Release.Namespace }} - port: 8443 - # Putting failure on ignore, not doing so can crash the entire control plane if something goes wrong with the service. - failurePolicy: "{{ .Values.webhook.failurePolicy }}" - name: "{{ include "http-header-injector.mutatingwebhookconfiguration.name" . }}" - namespaceSelector: - matchExpressions: - - key: kubernetes.io/metadata.name - operator: NotIn - values: - - kube-system - - cert-manager - - {{ .Release.Namespace }} - rules: - - apiGroups: - - "" - apiVersions: - - v1 - operations: - - CREATE - resources: - - pods - sideEffects: None - admissionReviewVersions: - - v1 -{{- end }} diff --git a/charts/stackstate/stackstate-k8s-agent/1.0.82/charts/http-header-injector/templates/webhook-service.yaml b/charts/stackstate/stackstate-k8s-agent/1.0.82/charts/http-header-injector/templates/webhook-service.yaml deleted file mode 100644 index 55abdb022..000000000 --- a/charts/stackstate/stackstate-k8s-agent/1.0.82/charts/http-header-injector/templates/webhook-service.yaml +++ /dev/null @@ -1,20 +0,0 @@ -{{- if .Values.enabled -}} -apiVersion: v1 -kind: Service -metadata: - labels: - app.kubernetes.io/component: http-header-injector - app.kubernetes.io/instance: {{ .Release.Name }} - app.kubernetes.io/name: {{ include "http-header-injector.app.name" . }} -{{ include "http-header-injector.global.extraLabels" . | indent 4 }} - annotations: -{{ include "http-header-injector.global.extraAnnotations" . | indent 4 }} - name: "{{ include "http-header-injector.webhook-service.name" . }}" -spec: - ports: - - port: 8443 - protocol: TCP - targetPort: 8443 - selector: - app: "{{ include "http-header-injector.app.name" . }}" -{{- end -}} diff --git a/charts/stackstate/stackstate-k8s-agent/1.0.82/charts/http-header-injector/values.yaml b/charts/stackstate/stackstate-k8s-agent/1.0.82/charts/http-header-injector/values.yaml deleted file mode 100644 index 86c31b323..000000000 --- a/charts/stackstate/stackstate-k8s-agent/1.0.82/charts/http-header-injector/values.yaml +++ /dev/null @@ -1,110 +0,0 @@ -# enabled -- Enable/disable the mutationwebhook -enabled: true - -# debug -- Enable debugging. This will leave leave artifacts around like the prehook jobs for further inspection -debug: false - -global: - # global.imageRegistry -- Globally override the image registry that is used. Can be overridden by specific containers. Defaults to quay.io - imageRegistry: null - # global.imagePullSecrets -- Globally add image pull secrets that are used. - imagePullSecrets: [] - # global.imagePullCredentials -- Globally define credentials for pulling images. - imagePullCredentials: {} - - # global.extraLabels -- Extra labels added ta all resources created by the helm chart - extraLabels: {} - # global.extraAnnotations -- Extra annotations added ta all resources created by the helm chart - extraAnnotations: {} - -images: - pullSecretName: - -# proxy -- Proxy being injected into pods for rewriting http headers -proxy: - image: - # proxy.image.registry -- Registry for the docker image. - registry: - # proxy.image.repository - Repository for the docker image - repository: "stackstate/http-header-injector-proxy" - # proxy.image.pullPolicy -- Policy when pulling an image - pullPolicy: IfNotPresent - # proxy.image.tag -- The tag for the docker image - tag: sha-5ff79451 - - # proxy.resource -- Resources for the proxy container - resources: - requests: - # proxy.resources.requests.memory -- Memory resource requests. - memory: "25Mi" - limits: - # proxy.resources.limits.memory -- Memory resource limits. - memory: "40Mi" - -# proxyInit -- InitContainer within pod which redirects traffic to the proxy container. -proxyInit: - image: - # proxyInit.image.registry -- Registry for the docker image - registry: - # proxyInit.image.repository - Repository for the docker image - repository: "stackstate/http-header-injector-proxy-init" - # proxyInit.image.pullPolicy -- Policy when pulling an image - pullPolicy: IfNotPresent - # proxyInit.image.tag -- The tag for the docker image - tag: sha-5ff79451 - -# sidecarInjector -- Service for injecting the proxy sidecar into pods -sidecarInjector: - image: - # sidecarInjector.image.registry -- Registry for the docker image. - registry: - # sidecarInjector.image.repository - Repository for the docker image - repository: "stackstate/generic-sidecar-injector" - # sidecarInjector.image.pullPolicy -- Policy when pulling an image - pullPolicy: IfNotPresent - # sidecarInjector.image.tag -- The tag for the docker image - tag: sha-9c852245 - -# certificatePrehook -- Helm prehook to setup/remove a certificate for the sidecarInjector mutationwebhook -certificatePrehook: - image: - # certificatePrehook.image.registry -- Registry for the docker image. - registry: - # certificatePrehook.image.repository - Repository for the docker image. - repository: stackstate/container-tools - # certificatePrehook.image.pullPolicy -- Policy when pulling an image - pullPolicy: IfNotPresent - # certificatePrehook.image.tag -- The tag for the docker image - tag: 1.2.0 - resources: - limits: - cpu: "100m" - memory: "100Mi" - requests: - cpu: "100m" - memory: "100Mi" - -# webhook -- MutationWebhook that will be installed to inject a sidecar into pods -webhook: - # webhook.failurePolicy -- How should the webhook fail? Best is to use Ignore, because there is a brief moment at initialization when the hook s there but the service not. Also, putting this to fail can cause the control plane be unresponsive. - failurePolicy: Ignore - tls: - # webhook.tls.mode -- The mode for the webhook. Can be "provided", "generated", "secret" or "cert-manager". If you want to use cert-manager, you need to install it first. NOTE: If you choose "generated", additional privileges are required to create the certificate and webhook at runtime. - mode: "generated" - provided: - # webhook.tls.provided.caBundle -- The caBundle that is used for the webhook. This is the certificate that is used to sign the webhook. Only used if you set webhook.tls.mode to "provided". - caBundle: "" - # webhook.tls.provided.crt -- The certificate that is used for the webhook. Only used if you set webhook.tls.mode to "provided". - crt: "" - # webhook.tls.provided.key -- The key that is used for the webhook. Only used if you set webhook.tls.mode to "provided". - key: "" - certManager: - # webhook.tls.certManager.issuer -- The issuer that is used for the webhook. Only used if you set webhook.tls.mode to "cert-manager". - issuer: "" - # webhook.tls.certManager.issuerKind -- The issuer kind that is used for the webhook, valid values are "Issuer" or "ClusterIssuer". Only used if you set webhook.tls.mode to "cert-manager". - issuerKind: "ClusterIssuer" - # webhook.tls.certManager.issuerNamespace -- The namespace the cert-manager issuer is located in. If left empty defaults to the release's namespace that is used for the webhook. Only used if you set webhook.tls.mode to "cert-manager". - issuerNamespace: "" - secret: - # webhook.tls.secret.name -- The name of the secret containing the pre-provisioned certificate data that is used for the webhook. Only used if you set webhook.tls.mode to "secret". - name: "" diff --git a/charts/stackstate/stackstate-k8s-agent/1.0.82/questions.yml b/charts/stackstate/stackstate-k8s-agent/1.0.82/questions.yml deleted file mode 100644 index 5d6e6a011..000000000 --- a/charts/stackstate/stackstate-k8s-agent/1.0.82/questions.yml +++ /dev/null @@ -1,184 +0,0 @@ -questions: - - variable: stackstate.apiKey - label: "StackState API Key" - type: string - description: "The API key for StackState." - required: true - group: General - - variable: stackstate.url - label: "StackState URL" - type: string - description: "The URL where StackState is running." - required: true - group: General - - variable: stackstate.cluster.name - label: "StackState Cluster Name" - type: string - description: "The StackState Cluster Name given when installing the instance of the Kubernetes StackPack in StackState. This is used to identify the cluster in StackState." - required: true - group: General - - variable: all.registry.override - label: "Override Default Image Registry" - type: boolean - description: "Whether or not to override the default image registry." - default: false - group: "General" - show_subquestions_if: true - subquestions: - - variable: all.image.registry - label: "Docker Image Registry" - type: string - description: "The registry to pull the StackState Agent images from." - default: "quay.io" - - variable: global.imagePullCredentials.username - label: "Docker Image Pull Username" - type: string - description: "The username to use when pulling the StackState Agent images." - - variable: global.imagePullCredentials.password - label: "Docker Image Pull Password" - type: secret - description: "The password to use when pulling the StackState Agent images." - - variable: nodeAgent.containers.agent.resources.override - label: "Override Node Agent Resource Allocation" - type: boolean - description: "Whether or not to override the default resources." - default: "false" - group: "Node Agent" - show_subquestions_if: true - subquestions: - - variable: nodeAgent.containers.agent.resources.requests.cpu - label: "CPU Requests" - type: string - description: "The requested CPU for the Node Agent." - default: "20m" - - variable: nodeAgent.containers.agent.resources.requests.memory - label: "Memory Requests" - type: string - description: "The requested memory for the Node Agent." - default: "180Mi" - - variable: nodeAgent.containers.agent.resources.limits.cpu - label: "CPU Limit" - type: string - description: "The CPU limit for the Node Agent." - default: "270m" - - variable: nodeAgent.containers.agent.resources.limits.memory - label: "Memory Limit" - type: string - description: "The memory limit for the Node Agent." - default: "420Mi" - - variable: nodeAgent.containers.processAgent.enabled - label: "Enable Process Agent" - type: boolean - description: "Whether or not to enable the Process Agent." - default: "true" - group: "Process Agent" - - variable: nodeAgent.skipKubeletTLSVerify - label: "Skip Kubelet TLS Verify" - type: boolean - description: "Whether or not to skip TLS verification when connecting to the kubelet API." - default: "true" - group: "Process Agent" - - variable: nodeAgent.containers.processAgent.resources.override - label: "Override Process Agent Resource Allocation" - type: boolean - description: "Whether or not to override the default resources." - default: "false" - group: "Process Agent" - show_subquestions_if: true - subquestions: - - variable: nodeAgent.containers.processAgent.resources.requests.cpu - label: "CPU Requests" - type: string - description: "The requested CPU for the Process Agent." - default: "25m" - - variable: nodeAgent.containers.processAgent.resources.requests.memory - label: "Memory Requests" - type: string - description: "The requested memory for the Process Agent." - default: "128Mi" - - variable: nodeAgent.containers.processAgent.resources.limits.cpu - label: "CPU Limit" - type: string - description: "The CPU limit for the Process Agent." - default: "125m" - - variable: nodeAgent.containers.processAgent.resources.limits.memory - label: "Memory Limit" - type: string - description: "The memory limit for the Process Agent." - default: "400Mi" - - variable: clusterAgent.enabled - label: "Enable Cluster Agent" - type: boolean - description: "Whether or not to enable the Cluster Agent." - default: "true" - group: "Cluster Agent" - - variable: clusterAgent.collection.kubernetesResources.secrets - label: "Collect Secret Resources" - type: boolean - description: | - Whether or not to collect Kubernetes Secrets. - NOTE: StackState will not send the actual data of the secrets, only the metadata and a secure hash of the data. - default: "true" - group: "Cluster Agent" - - variable: clusterAgent.resources.override - label: "Override Cluster Agent Resource Allocation" - type: boolean - description: "Whether or not to override the default resources." - default: "false" - group: "Cluster Agent" - show_subquestions_if: true - subquestions: - - variable: clusterAgent.resources.requests.cpu - label: "CPU Requests" - type: string - description: "The requested CPU for the Cluster Agent." - default: "70m" - - variable: clusterAgent.resources.requests.memory - label: "Memory Requests" - type: string - description: "The requested memory for the Cluster Agent." - default: "512Mi" - - variable: clusterAgent.resources.limits.cpu - label: "CPU Limit" - type: string - description: "The CPU limit for the Cluster Agent." - default: "400m" - - variable: clusterAgent.resources.limits.memory - label: "Memory Limit" - type: string - description: "The memory limit for the Cluster Agent." - default: "800Mi" - - variable: logsAgent.enabled - label: "Enable Logs Agent" - type: boolean - description: "Whether or not to enable the Logs Agent." - default: "true" - group: "Logs Agent" - - variable: logsAgent.resources.override - label: "Override Logs Agent Resource Allocation" - type: boolean - description: "Whether or not to override the default resources." - default: "false" - group: "Logs Agent" - show_subquestions_if: true - subquestions: - - variable: logsAgent.resources.requests.cpu - label: "CPU Requests" - type: string - description: "The requested CPU for the Logs Agent." - default: "20m" - - variable: logsAgent.resources.requests.memory - label: "Memory Requests" - type: string - description: "The requested memory for the Logs Agent." - default: "100Mi" - - variable: logsAgent.resources.limits.cpu - label: "CPU Limit" - type: string - description: "The CPU limit for the Logs Agent." - default: "1300m" - - variable: logsAgent.resources.limits.memory - label: "Memory Limit" - type: string - description: "The memory limit for the Logs Agent." - default: "192Mi" diff --git a/charts/stackstate/stackstate-k8s-agent/1.0.82/templates/_cluster-agent-kube-state-metrics.yaml b/charts/stackstate/stackstate-k8s-agent/1.0.82/templates/_cluster-agent-kube-state-metrics.yaml deleted file mode 100644 index f99fbf618..000000000 --- a/charts/stackstate/stackstate-k8s-agent/1.0.82/templates/_cluster-agent-kube-state-metrics.yaml +++ /dev/null @@ -1,62 +0,0 @@ -{{- define "cluster-agent-kube-state-metrics" -}} -{{- $kubeRes := .Values.clusterAgent.collection.kubernetesResources }} -{{- if .Values.clusterAgent.collection.kubeStateMetrics.clusterCheck }} -cluster_check: true -{{- end }} -init_config: -instances: - - collectors: - - nodes - - pods - - services - {{- if $kubeRes.persistentvolumeclaims }} - - persistentvolumeclaims - {{- end }} - {{- if $kubeRes.persistentvolumes }} - - persistentvolumes - {{- end }} - {{- if $kubeRes.namespaces }} - - namespaces - {{- end }} - {{- if $kubeRes.endpoints }} - - endpoints - {{- end }} - {{- if $kubeRes.daemonsets }} - - daemonsets - {{- end }} - {{- if $kubeRes.deployments }} - - deployments - {{- end }} - {{- if $kubeRes.replicasets }} - - replicasets - {{- end }} - {{- if $kubeRes.statefulsets }} - - statefulsets - {{- end }} - {{- if $kubeRes.cronjobs }} - - cronjobs - {{- end }} - {{- if $kubeRes.jobs }} - - jobs - {{- end }} - {{- if $kubeRes.ingresses }} - - ingresses - {{- end }} - {{- if $kubeRes.secrets }} - - secrets - {{- end }} - - resourcequotas - - replicationcontrollers - - limitranges - - horizontalpodautoscalers - - poddisruptionbudgets - - storageclasses - - volumeattachments - {{- if .Values.clusterAgent.collection.kubeStateMetrics.clusterCheck }} - skip_leader_election: true - {{- end }} - labels_as_tags: - {{ .Values.clusterAgent.collection.kubeStateMetrics.labelsAsTags | toYaml | indent 8 }} - annotations_as_tags: - {{ .Values.clusterAgent.collection.kubeStateMetrics.annotationsAsTags | toYaml | indent 8 }} -{{- end -}} diff --git a/charts/stackstate/stackstate-k8s-agent/1.0.82/templates/_container-agent.yaml b/charts/stackstate/stackstate-k8s-agent/1.0.82/templates/_container-agent.yaml deleted file mode 100644 index 09f9591c6..000000000 --- a/charts/stackstate/stackstate-k8s-agent/1.0.82/templates/_container-agent.yaml +++ /dev/null @@ -1,191 +0,0 @@ -{{- define "container-agent" -}} -- name: node-agent -{{- if .Values.all.hardening.enabled}} - lifecycle: - preStop: - exec: - command: [ "/bin/sh", "-c", "echo 'Giving slim.ai monitor time to submit data...'; sleep 120" ] -{{- end }} - image: "{{ include "stackstate-k8s-agent.imageRegistry" . }}/{{ .Values.nodeAgent.containers.agent.image.repository }}:{{ .Values.nodeAgent.containers.agent.image.tag }}" - imagePullPolicy: "{{ .Values.nodeAgent.containers.agent.image.pullPolicy }}" - env: - {{ include "stackstate-k8s-agent.apiKeyEnv" . | nindent 4 }} - - name: STS_KUBERNETES_KUBELET_HOST - valueFrom: - fieldRef: - fieldPath: status.hostIP - - name: KUBERNETES_HOSTNAME - valueFrom: - fieldRef: - fieldPath: spec.nodeName - - name: STS_HOSTNAME - value: "$(KUBERNETES_HOSTNAME)-{{ .Values.stackstate.cluster.name}}" - - name: AGENT_VERSION - value: {{ .Values.nodeAgent.containers.agent.image.tag | quote }} - - name: HOST_PROC - value: "/host/proc" - - name: HOST_SYS - value: "/host/sys" - - name: KUBERNETES - value: "true" - - name: STS_APM_ENABLED - value: {{ .Values.nodeAgent.apm.enabled | quote }} - - name: STS_APM_URL - value: {{ include "stackstate-k8s-agent.stackstate.url" . }} - - name: STS_CLUSTER_AGENT_ENABLED - value: {{ .Values.clusterAgent.enabled | quote }} - {{- if .Values.clusterAgent.enabled }} - - name: STS_CLUSTER_AGENT_KUBERNETES_SERVICE_NAME - value: {{ .Release.Name }}-cluster-agent - {{ include "stackstate-k8s-agent.clusterAgentAuthTokenEnv" . | nindent 4 }} - {{- end }} - - name: STS_CLUSTER_NAME - value: {{ .Values.stackstate.cluster.name | quote }} - - name: STS_SKIP_VALIDATE_CLUSTERNAME - value: "true" - - name: STS_CHECKS_TAG_CARDINALITY - value: {{ .Values.nodeAgent.checksTagCardinality | quote }} - {{- if .Values.checksAgent.enabled }} - - name: STS_EXTRA_CONFIG_PROVIDERS - value: "endpointschecks" - {{- end }} - - name: STS_HEALTH_PORT - value: "5555" - - name: STS_LEADER_ELECTION - value: "false" - - name: LOG_LEVEL - value: {{ .Values.nodeAgent.containers.agent.logLevel | default .Values.nodeAgent.logLevel | quote }} - - name: STS_LOG_LEVEL - value: {{ .Values.nodeAgent.containers.agent.logLevel | default .Values.nodeAgent.logLevel | quote }} - - name: STS_NETWORK_TRACING_ENABLED - value: {{ .Values.nodeAgent.networkTracing.enabled | quote }} - - name: STS_PROTOCOL_INSPECTION_ENABLED - value: {{ .Values.nodeAgent.protocolInspection.enabled | quote }} - - name: STS_PROCESS_AGENT_ENABLED - value: {{ .Values.nodeAgent.containers.agent.processAgent.enabled | quote }} - - name: STS_CONTAINER_CHECK_INTERVAL - value: {{ .Values.processAgent.checkIntervals.container | quote }} - - name: STS_CONNECTION_CHECK_INTERVAL - value: {{ .Values.processAgent.checkIntervals.connections | quote }} - - name: STS_PROCESS_CHECK_INTERVAL - value: {{ .Values.processAgent.checkIntervals.process | quote }} - - name: STS_PROCESS_AGENT_URL - value: {{ include "stackstate-k8s-agent.stackstate.url" . }} - - - name: STS_SKIP_SSL_VALIDATION - value: {{ or .Values.global.skipSslValidation .Values.nodeAgent.skipSslValidation | quote }} - - name: STS_SKIP_KUBELET_TLS_VERIFY - value: {{ .Values.nodeAgent.skipKubeletTLSVerify | quote }} - - name: STS_STS_URL - value: {{ include "stackstate-k8s-agent.stackstate.url" . }} - {{- if .Values.nodeAgent.containerRuntime.customSocketPath }} - - name: STS_CRI_SOCKET_PATH - value: {{ .Values.nodeAgent.containerRuntime.customSocketPath }} - {{- end }} - {{- if .Values.global.proxy.url }} - - name: STS_PROXY_HTTPS - value: {{ .Values.global.proxy.url | quote }} - - name: STS_PROXY_HTTP - value: {{ .Values.global.proxy.url | quote }} - {{- end }} - {{- range $key, $value := .Values.global.extraEnv.open }} - - name: {{ $key }} - value: {{ $value | quote }} - {{- end }} - {{- range $key, $value := .Values.global.extraEnv.secret }} - - name: {{ $key }} - valueFrom: - secretKeyRef: - name: {{ include "stackstate-k8s-agent.fullname" . }} - key: {{ $key }} - {{- end }} - {{- range $key, $value := .Values.nodeAgent.containers.agent.env }} - - name: {{ $key }} - value: {{ $value | quote }} - {{- end }} - {{- if .Values.nodeAgent.containers.agent.livenessProbe.enabled }} - livenessProbe: - httpGet: - path: /health - port: healthport - failureThreshold: {{ .Values.nodeAgent.containers.agent.livenessProbe.failureThreshold }} - initialDelaySeconds: {{ .Values.nodeAgent.containers.agent.livenessProbe.initialDelaySeconds }} - periodSeconds: {{ .Values.nodeAgent.containers.agent.livenessProbe.periodSeconds }} - successThreshold: {{ .Values.nodeAgent.containers.agent.livenessProbe.successThreshold }} - timeoutSeconds: {{ .Values.nodeAgent.containers.agent.livenessProbe.timeoutSeconds }} - {{- end }} - {{- if .Values.nodeAgent.containers.agent.readinessProbe.enabled }} - readinessProbe: - httpGet: - path: /health - port: healthport - failureThreshold: {{ .Values.nodeAgent.containers.agent.readinessProbe.failureThreshold }} - initialDelaySeconds: {{ .Values.nodeAgent.containers.agent.readinessProbe.initialDelaySeconds }} - periodSeconds: {{ .Values.nodeAgent.containers.agent.readinessProbe.periodSeconds }} - successThreshold: {{ .Values.nodeAgent.containers.agent.readinessProbe.successThreshold }} - timeoutSeconds: {{ .Values.nodeAgent.containers.agent.readinessProbe.timeoutSeconds }} - {{- end }} - ports: - - containerPort: 8126 - name: traceport - protocol: TCP - - containerPort: 5555 - name: healthport - protocol: TCP - {{- with .Values.nodeAgent.containers.agent.resources }} - resources: - {{- toYaml . | nindent 12 }} - {{- end }} - volumeMounts: - {{- if .Values.nodeAgent.containerRuntime.customSocketPath }} - - name: customcrisocket - mountPath: {{ .Values.nodeAgent.containerRuntime.customSocketPath }} - readOnly: true - {{- end }} - - name: crisocket - mountPath: /var/run/crio/crio.sock - readOnly: true - - name: containerdsocket - mountPath: /var/run/containerd/containerd.sock - readOnly: true - - name: kubelet - mountPath: /var/lib/kubelet - readOnly: true - - name: nfs - mountPath: /var/lib/nfs - readOnly: true - - name: dockersocket - mountPath: /var/run/docker.sock - readOnly: true - - name: dockernetns - mountPath: /run/docker/netns - readOnly: true - - name: dockeroverlay2 - mountPath: /var/lib/docker/overlay2 - readOnly: true - - name: procdir - mountPath: /host/proc - readOnly: true - - name: cgroups - mountPath: /host/sys/fs/cgroup - readOnly: true - {{- if .Values.nodeAgent.config.override }} - {{- range .Values.nodeAgent.config.override }} - - name: config-override-volume - mountPath: {{ .path }}/{{ .name }} - subPath: {{ .path | replace "/" "_"}}_{{ .name }} - readOnly: true - {{- end }} - {{- end }} -{{- if .Values.all.hardening.enabled}} - securityContext: - privileged: true - runAsUser: 0 # root - capabilities: - add: [ "ALL" ] - readOnlyRootFilesystem: false -{{- else }} - securityContext: - privileged: false -{{- end }} -{{- end -}} diff --git a/charts/stackstate/stackstate-k8s-agent/1.0.82/templates/_container-process-agent.yaml b/charts/stackstate/stackstate-k8s-agent/1.0.82/templates/_container-process-agent.yaml deleted file mode 100644 index 893f11581..000000000 --- a/charts/stackstate/stackstate-k8s-agent/1.0.82/templates/_container-process-agent.yaml +++ /dev/null @@ -1,160 +0,0 @@ -{{- define "container-process-agent" -}} -- name: process-agent -{{ if .Values.nodeAgent.containers.processAgent.image.registry }} - image: "{{ .Values.nodeAgent.containers.processAgent.image.registry }}/{{ .Values.nodeAgent.containers.processAgent.image.repository }}:{{ .Values.nodeAgent.containers.processAgent.image.tag }}" -{{ else }} - image: "{{ include "stackstate-k8s-agent.imageRegistry" . }}/{{ .Values.nodeAgent.containers.processAgent.image.repository }}:{{ .Values.nodeAgent.containers.processAgent.image.tag }}" -{{- end }} - imagePullPolicy: "{{ .Values.nodeAgent.containers.processAgent.image.pullPolicy }}" - ports: - - containerPort: 6063 - env: - {{ include "stackstate-k8s-agent.apiKeyEnv" . | nindent 4 }} - - name: STS_KUBERNETES_KUBELET_HOST - valueFrom: - fieldRef: - fieldPath: status.hostIP - - name: KUBERNETES_HOSTNAME - valueFrom: - fieldRef: - fieldPath: spec.nodeName - - name: STS_HOSTNAME - value: "$(KUBERNETES_HOSTNAME)-{{ .Values.stackstate.cluster.name}}" - - name: AGENT_VERSION - value: {{ .Values.nodeAgent.containers.processAgent.image.tag | quote }} - - name: STS_LOG_TO_CONSOLE - value: "true" - - name: HOST_PROC - value: "/host/proc" - - name: HOST_SYS - value: "/host/sys" - - name: HOST_ETC - value: "/host/etc" - - name: KUBERNETES - value: "true" - - name: STS_CLUSTER_AGENT_ENABLED - value: {{ .Values.clusterAgent.enabled | quote }} - {{- if .Values.clusterAgent.enabled }} - - name: STS_CLUSTER_AGENT_KUBERNETES_SERVICE_NAME - value: {{ .Release.Name }}-cluster-agent - {{ include "stackstate-k8s-agent.clusterAgentAuthTokenEnv" . | nindent 4 }} - {{- end }} - - name: STS_CLUSTER_NAME - value: {{ .Values.stackstate.cluster.name | quote }} - - name: STS_SKIP_VALIDATE_CLUSTERNAME - value: "true" - - name: LOG_LEVEL - value: {{ .Values.nodeAgent.containers.processAgent.logLevel | default .Values.nodeAgent.logLevel | quote }} - - name: STS_LOG_LEVEL - value: {{ .Values.nodeAgent.containers.processAgent.logLevel | default .Values.nodeAgent.logLevel | quote }} - - name: STS_NETWORK_TRACING_ENABLED - value: {{ .Values.nodeAgent.networkTracing.enabled | quote }} - - name: STS_PROTOCOL_INSPECTION_ENABLED - value: {{ .Values.nodeAgent.protocolInspection.enabled | quote }} - - name: STS_PROCESS_AGENT_ENABLED - value: {{ .Values.nodeAgent.containers.processAgent.enabled | quote }} - - name: STS_CONTAINER_CHECK_INTERVAL - value: {{ .Values.processAgent.checkIntervals.container | quote }} - - name: STS_CONNECTION_CHECK_INTERVAL - value: {{ .Values.processAgent.checkIntervals.connections | quote }} - - name: STS_PROCESS_CHECK_INTERVAL - value: {{ .Values.processAgent.checkIntervals.process | quote }} - - name: GOMEMLIMIT - value: {{ .Values.processAgent.softMemoryLimit.goMemLimit | quote }} - - name: STS_HTTP_STATS_BUFFER_SIZE - value: {{ .Values.processAgent.softMemoryLimit.httpStatsBufferSize | quote }} - - name: STS_HTTP_OBSERVATIONS_BUFFER_SIZE - value: {{ .Values.processAgent.softMemoryLimit.httpObservationsBufferSize | quote }} - - name: STS_PROCESS_AGENT_URL - value: {{ include "stackstate-k8s-agent.stackstate.url" . }} - - name: STS_SKIP_SSL_VALIDATION - value: {{ or .Values.global.skipSslValidation .Values.nodeAgent.skipSslValidation | quote }} - - name: STS_SKIP_KUBELET_TLS_VERIFY - value: {{ .Values.nodeAgent.skipKubeletTLSVerify | quote }} - - name: STS_STS_URL - value: {{ include "stackstate-k8s-agent.stackstate.url" . }} - - name: STS_HTTP_TRACING_ENABLED - value: {{ .Values.nodeAgent.httpTracing.enabled | quote }} - {{- if .Values.nodeAgent.containerRuntime.customSocketPath }} - - name: STS_CRI_SOCKET_PATH - value: {{ .Values.nodeAgent.containerRuntime.customSocketPath }} - {{- end }} - {{- if .Values.global.proxy.url }} - - name: STS_PROXY_HTTPS - value: {{ .Values.global.proxy.url | quote }} - - name: STS_PROXY_HTTP - value: {{ .Values.global.proxy.url | quote }} - {{- end }} - {{- range $key, $value := .Values.global.extraEnv.open }} - - name: {{ $key }} - value: {{ $value | quote }} - {{- end }} - {{- range $key, $value := .Values.global.extraEnv.secret }} - - name: {{ $key }} - valueFrom: - secretKeyRef: - name: {{ include "stackstate-k8s-agent.fullname" . }} - key: {{ $key }} - {{- end }} - {{- range $key, $value := .Values.nodeAgent.containers.processAgent.env }} - - name: {{ $key }} - value: {{ $value | quote }} - {{- end }} - {{- with .Values.nodeAgent.containers.processAgent.resources }} - resources: - {{- toYaml . | nindent 12 }} - {{- end }} - volumeMounts: - {{- if .Values.nodeAgent.containerRuntime.customSocketPath }} - - name: customcrisocket - mountPath: {{ .Values.nodeAgent.containerRuntime.customSocketPath }} - readOnly: true - {{- end }} - - name: crisocket - mountPath: /var/run/crio/crio.sock - readOnly: true - - name: containerdsocket - mountPath: /var/run/containerd/containerd.sock - readOnly: true - - name: sys-kernel-debug - mountPath: /sys/kernel/debug - # Having sys-kernel-debug as read only breaks specific monitors from receiving metrics - # readOnly: true - - name: dockersocket - mountPath: /var/run/docker.sock - readOnly: true - # The agent needs access to /etc to figure out what os it is running on. - - name: etcdir - mountPath: /host/etc - readOnly: true - - name: procdir - mountPath: /host/proc - # We have an agent option STS_DISABLE_BPF_JIT_HARDEN that write to /proc. this is a debug setting but if we want to use - # it, we have the option to make /proc writable. - readOnly: {{ .Values.nodeAgent.containers.processAgent.procVolumeReadOnly }} - - name: passwd - mountPath: /etc/passwd - readOnly: true - - name: cgroups - mountPath: /host/sys/fs/cgroup - readOnly: true - {{- if .Values.nodeAgent.config.override }} - {{- range .Values.nodeAgent.config.override }} - - name: config-override-volume - mountPath: {{ .path }}/{{ .name }} - subPath: {{ .path | replace "/" "_"}}_{{ .name }} - readOnly: true - {{- end }} - {{- end }} -{{- if .Values.all.hardening.enabled}} - securityContext: - privileged: true - runAsUser: 0 # root - capabilities: - add: [ "ALL" ] - readOnlyRootFilesystem: false -{{- else }} - securityContext: - privileged: true -{{- end }} -{{- end -}} diff --git a/charts/stackstate/stackstate-k8s-agent/1.0.82/templates/_helpers.tpl b/charts/stackstate/stackstate-k8s-agent/1.0.82/templates/_helpers.tpl deleted file mode 100644 index 3c51bc308..000000000 --- a/charts/stackstate/stackstate-k8s-agent/1.0.82/templates/_helpers.tpl +++ /dev/null @@ -1,219 +0,0 @@ -{{/* vim: set filetype=mustache: */}} -{{/* -Expand the name of the chart. -*/}} -{{- define "stackstate-k8s-agent.name" -}} -{{- default .Chart.Name .Values.nameOverride | trunc 63 | trimSuffix "-" -}} -{{- end -}} - -{{/* -Create a default fully qualified app name. -We truncate at 63 chars because some Kubernetes name fields are limited to this (by the DNS naming spec). -If release name contains chart name it will be used as a full name. -*/}} -{{- define "stackstate-k8s-agent.fullname" -}} -{{- if .Values.fullnameOverride -}} -{{- .Values.fullnameOverride | trunc 63 | trimSuffix "-" -}} -{{- else -}} -{{- $name := default .Chart.Name .Values.nameOverride -}} -{{- if contains $name .Release.Name -}} -{{- .Release.Name | trunc 63 | trimSuffix "-" -}} -{{- else -}} -{{- printf "%s-%s" .Release.Name $name | trunc 63 | trimSuffix "-" -}} -{{- end -}} -{{- end -}} -{{- end -}} - -{{/* -Create chart name and version as used by the chart label. -*/}} -{{- define "stackstate-k8s-agent.chart" -}} -{{- printf "%s-%s" .Chart.Name .Chart.Version | replace "+" "_" | trunc 63 | trimSuffix "-" -}} -{{- end -}} - -{{/* -Common labels -*/}} -{{- define "stackstate-k8s-agent.labels" -}} -app.kubernetes.io/name: {{ include "stackstate-k8s-agent.name" . }} -helm.sh/chart: {{ include "stackstate-k8s-agent.chart" . }} -app.kubernetes.io/instance: {{ .Release.Name }} -{{- if .Chart.AppVersion }} -app.kubernetes.io/version: {{ .Chart.AppVersion | quote }} -{{- end }} -app.kubernetes.io/managed-by: {{ .Release.Service }} -{{- end -}} - -{{/* -Cluster agent checksum annotations -*/}} -{{- define "stackstate-k8s-agent.checksum-configs" }} -checksum/secret: {{ include (print $.Template.BasePath "/secret.yaml") . | sha256sum }} -{{- end }} - -{{/* -StackState URL function -*/}} -{{- define "stackstate-k8s-agent.stackstate.url" -}} -{{ tpl .Values.stackstate.url . | quote }} -{{- end }} - -{{- define "stackstate-k8s-agent.configmap.override.checksum" -}} -{{- if .Values.clusterAgent.config.override }} -checksum/override-configmap: {{ include (print $.Template.BasePath "/cluster-agent-configmap.yaml") . | sha256sum }} -{{- end }} -{{- end }} - -{{- define "stackstate-k8s-agent.nodeAgent.configmap.override.checksum" -}} -{{- if .Values.nodeAgent.config.override }} -checksum/override-configmap: {{ include (print $.Template.BasePath "/node-agent-configmap.yaml") . | sha256sum }} -{{- end }} -{{- end }} - -{{- define "stackstate-k8s-agent.logsAgent.configmap.override.checksum" -}} -checksum/override-configmap: {{ include (print $.Template.BasePath "/logs-agent-configmap.yaml") . | sha256sum }} -{{- end }} - -{{- define "stackstate-k8s-agent.checksAgent.configmap.override.checksum" -}} -{{- if .Values.checksAgent.config.override }} -checksum/override-configmap: {{ include (print $.Template.BasePath "/checks-agent-configmap.yaml") . | sha256sum }} -{{- end }} -{{- end }} - - -{{/* -Return the image registry -*/}} -{{- define "stackstate-k8s-agent.imageRegistry" -}} - {{- if .Values.global }} - {{- .Values.global.imageRegistry | default .Values.all.image.registry -}} - {{- else -}} - {{- .Values.all.image.registry -}} - {{- end -}} -{{- end -}} - -{{/* -Renders a value that contains a template. -Usage: -{{ include "stackstate-k8s-agent.tplvalue.render" ( dict "value" .Values.path.to.the.Value "context" $) }} -*/}} -{{- define "stackstate-k8s-agent.tplvalue.render" -}} - {{- if typeIs "string" .value }} - {{- tpl .value .context }} - {{- else }} - {{- tpl (.value | toYaml) .context }} - {{- end }} -{{- end -}} - -{{- define "stackstate-k8s-agent.pull-secret.name" -}} -{{ include "stackstate-k8s-agent.fullname" . }}-pull-secret -{{- end -}} - -{{/* -Return the proper Docker Image Registry Secret Names evaluating values as templates -{{ include "stackstate-k8s-agent.image.pullSecrets" ( dict "images" (list .Values.path.to.the.image1, .Values.path.to.the.image2) "context" $) }} -*/}} -{{- define "stackstate-k8s-agent.image.pullSecrets" -}} - {{- $pullSecrets := list }} - {{- $context := .context }} - {{- if $context.Values.global }} - {{- range $context.Values.global.imagePullSecrets -}} - {{/* Is plain array of strings, compatible with all bitnami charts */}} - {{- $pullSecrets = append $pullSecrets (include "stackstate-k8s-agent.tplvalue.render" (dict "value" . "context" $context)) -}} - {{- end -}} - {{- end -}} - {{- range $context.Values.imagePullSecrets -}} - {{- $pullSecrets = append $pullSecrets (include "stackstate-k8s-agent.tplvalue.render" (dict "value" .name "context" $context)) -}} - {{- end -}} - {{- range .images -}} - {{- if .pullSecretName -}} - {{- $pullSecrets = append $pullSecrets (include "stackstate-k8s-agent.tplvalue.render" (dict "value" .pullSecretName "context" $context)) -}} - {{- end -}} - {{- end -}} - {{- $pullSecrets = append $pullSecrets (include "stackstate-k8s-agent.pull-secret.name" $context) -}} - {{- if (not (empty $pullSecrets)) -}} -imagePullSecrets: - {{- range $pullSecrets | uniq }} - - name: {{ . }} - {{- end }} - {{- end }} -{{- end -}} - -{{/* -Check whether the kubernetes-state-metrics configuration is overridden. If so, return 'true' else return nothing (which is false). -{{ include "stackstate-k8s-agent.kube-state-metrics.overridden" $ }} -*/}} -{{- define "stackstate-k8s-agent.kube-state-metrics.overridden" -}} -{{- if .Values.clusterAgent.config.override }} - {{- range $i, $val := .Values.clusterAgent.config.override }} - {{- if and (eq $val.name "conf.yaml") (eq $val.path "/etc/stackstate-agent/conf.d/kubernetes_state.d") }} -true - {{- end }} - {{- end }} -{{- end }} -{{- end -}} - -{{- define "stackstate-k8s-agent.nodeAgent.kube-state-metrics.overridden" -}} -{{- if .Values.nodeAgent.config.override }} - {{- range $i, $val := .Values.nodeAgent.config.override }} - {{- if and (eq $val.name "auto_conf.yaml") (eq $val.path "/etc/stackstate-agent/conf.d/kubernetes_state.d") }} -true - {{- end }} - {{- end }} -{{- end }} -{{- end -}} - -{{/* -Return the appropriate os label -*/}} -{{- define "label.os" -}} -{{- if semverCompare "^1.14-0" .Capabilities.KubeVersion.GitVersion -}} -kubernetes.io/os -{{- else -}} -beta.kubernetes.io/os -{{- end -}} -{{- end -}} - -{{/* -Returns a YAML with extra annotations -*/}} -{{- define "stackstate-k8s-agent.global.extraAnnotations" -}} -{{- with .Values.global.extraAnnotations }} -{{- toYaml . }} -{{- end }} -{{- end -}} - -{{/* -Returns a YAML with extra labels -*/}} -{{- define "stackstate-k8s-agent.global.extraLabels" -}} -{{- with .Values.global.extraLabels }} -{{- toYaml . }} -{{- end }} -{{- end -}} - -{{- define "stackstate-k8s-agent.apiKeyEnv" -}} -- name: STS_API_KEY - valueFrom: - secretKeyRef: -{{- if not .Values.stackstate.manageOwnSecrets }} - name: {{ include "stackstate-k8s-agent.fullname" . }} - key: sts-api-key -{{- else }} - name: {{ .Values.stackstate.customSecretName | quote }} - key: {{ .Values.stackstate.customApiKeySecretKey | quote }} -{{- end }} -{{- end -}} - -{{- define "stackstate-k8s-agent.clusterAgentAuthTokenEnv" -}} -- name: STS_CLUSTER_AGENT_AUTH_TOKEN - valueFrom: - secretKeyRef: -{{- if not .Values.stackstate.manageOwnSecrets }} - name: {{ include "stackstate-k8s-agent.fullname" . }} - key: sts-cluster-auth-token -{{- else }} - name: {{ .Values.stackstate.customSecretName | quote }} - key: {{ .Values.stackstate.customClusterAuthTokenSecretKey | quote }} -{{- end }} -{{- end -}} diff --git a/charts/stackstate/stackstate-k8s-agent/1.0.82/templates/checks-agent-clusterrolebinding.yaml b/charts/stackstate/stackstate-k8s-agent/1.0.82/templates/checks-agent-clusterrolebinding.yaml deleted file mode 100644 index 4fd0eadbc..000000000 --- a/charts/stackstate/stackstate-k8s-agent/1.0.82/templates/checks-agent-clusterrolebinding.yaml +++ /dev/null @@ -1,21 +0,0 @@ -{{- if .Values.checksAgent.enabled }} -apiVersion: rbac.authorization.k8s.io/v1 -kind: ClusterRoleBinding -metadata: - name: {{ .Release.Name }}-checks-agent - labels: -{{ include "stackstate-k8s-agent.labels" . | indent 4 }} -{{ include "stackstate-k8s-agent.global.extraLabels" . | indent 4 }} - app.kubernetes.io/component: checks-agent - annotations: -{{ include "stackstate-k8s-agent.global.extraAnnotations" . | indent 4 }} -roleRef: - apiGroup: rbac.authorization.k8s.io - kind: ClusterRole - name: {{ .Release.Name }}-node-agent -subjects: -- apiGroup: "" - kind: ServiceAccount - name: {{ .Release.Name }}-checks-agent - namespace: {{ .Release.Namespace }} -{{- end -}} diff --git a/charts/stackstate/stackstate-k8s-agent/1.0.82/templates/checks-agent-configmap.yaml b/charts/stackstate/stackstate-k8s-agent/1.0.82/templates/checks-agent-configmap.yaml deleted file mode 100644 index 54a1abf2f..000000000 --- a/charts/stackstate/stackstate-k8s-agent/1.0.82/templates/checks-agent-configmap.yaml +++ /dev/null @@ -1,17 +0,0 @@ -{{- if and .Values.checksAgent.enabled .Values.checksAgent.config.override }} -apiVersion: v1 -kind: ConfigMap -metadata: - name: {{ .Release.Name }}-checks-agent - labels: -{{ include "stackstate-k8s-agent.labels" . | indent 4 }} -{{ include "stackstate-k8s-agent.global.extraLabels" . | indent 4 }} - app.kubernetes.io/component: checks-agent - annotations: -{{ include "stackstate-k8s-agent.global.extraAnnotations" . | indent 4 }} -data: -{{- range .Values.checksAgent.config.override }} - {{ .path | replace "/" "_"}}_{{ .name }}: | -{{ .data | indent 4 -}} -{{- end -}} -{{- end -}} diff --git a/charts/stackstate/stackstate-k8s-agent/1.0.82/templates/checks-agent-deployment.yaml b/charts/stackstate/stackstate-k8s-agent/1.0.82/templates/checks-agent-deployment.yaml deleted file mode 100644 index 37a0b1a1d..000000000 --- a/charts/stackstate/stackstate-k8s-agent/1.0.82/templates/checks-agent-deployment.yaml +++ /dev/null @@ -1,185 +0,0 @@ -{{- if .Values.checksAgent.enabled }} -apiVersion: apps/v1 -kind: Deployment -metadata: - name: {{ .Release.Name }}-checks-agent - namespace: {{ .Release.Namespace }} - labels: -{{ include "stackstate-k8s-agent.labels" . | indent 4 }} -{{ include "stackstate-k8s-agent.global.extraLabels" . | indent 4 }} - app.kubernetes.io/component: checks-agent - annotations: -{{ include "stackstate-k8s-agent.global.extraAnnotations" . | indent 4 }} -spec: - selector: - matchLabels: - app.kubernetes.io/component: checks-agent - app.kubernetes.io/instance: {{ .Release.Name }} - app.kubernetes.io/name: {{ include "stackstate-k8s-agent.name" . }} - replicas: {{ .Values.checksAgent.replicas }} -{{- with .Values.checksAgent.strategy }} - strategy: - {{- toYaml . | nindent 4 }} -{{- end }} - template: - metadata: - annotations: - {{- include "stackstate-k8s-agent.checksum-configs" . | nindent 8 }} - {{- include "stackstate-k8s-agent.nodeAgent.configmap.override.checksum" . | nindent 8 }} -{{ include "stackstate-k8s-agent.global.extraAnnotations" . | indent 8 }} - labels: - app.kubernetes.io/component: checks-agent - app.kubernetes.io/instance: {{ .Release.Name }} - app.kubernetes.io/name: {{ include "stackstate-k8s-agent.name" . }} -{{ include "stackstate-k8s-agent.global.extraLabels" . | indent 8 }} - spec: - {{- include "stackstate-k8s-agent.image.pullSecrets" (dict "images" (list .Values.checksAgent.image .Values.all.image) "context" $) | nindent 6 }} - {{- if .Values.all.hardening.enabled}} - terminationGracePeriodSeconds: 240 - {{- end }} - containers: - - name: {{ .Chart.Name }} - image: "{{ include "stackstate-k8s-agent.imageRegistry" . }}/{{ .Values.checksAgent.image.repository }}:{{ .Values.checksAgent.image.tag }}" - imagePullPolicy: "{{ .Values.checksAgent.image.pullPolicy }}" - {{- if .Values.all.hardening.enabled}} - lifecycle: - preStop: - exec: - command: [ "/bin/sh", "-c", "echo 'Giving slim.ai monitor time to submit data...'; sleep 120" ] - {{- end }} - env: - {{ include "stackstate-k8s-agent.apiKeyEnv" . | nindent 10 }} - - name: KUBERNETES_HOSTNAME - valueFrom: - fieldRef: - fieldPath: spec.nodeName - - name: STS_HOSTNAME - value: "$(KUBERNETES_HOSTNAME)-{{ .Values.stackstate.cluster.name}}" - - name: AGENT_VERSION - value: {{ .Values.checksAgent.image.tag | quote }} - - name: LOG_LEVEL - value: {{ .Values.checksAgent.logLevel | quote }} - - name: STS_APM_ENABLED - value: "false" - - name: STS_CLUSTER_AGENT_ENABLED - value: {{ .Values.clusterAgent.enabled | quote }} - {{- if .Values.clusterAgent.enabled }} - - name: STS_CLUSTER_AGENT_KUBERNETES_SERVICE_NAME - value: {{ .Release.Name }}-cluster-agent - {{ include "stackstate-k8s-agent.clusterAgentAuthTokenEnv" . | nindent 10 }} - {{- end }} - - name: STS_CLUSTER_NAME - value: {{ .Values.stackstate.cluster.name | quote }} - - name: STS_SKIP_VALIDATE_CLUSTERNAME - value: "true" - - name: STS_CHECKS_TAG_CARDINALITY - value: {{ .Values.checksAgent.checksTagCardinality | quote }} - - name: STS_EXTRA_CONFIG_PROVIDERS - value: "clusterchecks" - - name: STS_HEALTH_PORT - value: "5555" - - name: STS_LEADER_ELECTION - value: "false" - - name: STS_LOG_LEVEL - value: {{ .Values.checksAgent.logLevel | quote }} - - name: STS_NETWORK_TRACING_ENABLED - value: "false" - - name: STS_PROCESS_AGENT_ENABLED - value: "false" - - name: STS_SKIP_SSL_VALIDATION - value: {{ or .Values.global.skipSslValidation .Values.checksAgent.skipSslValidation | quote }} - - name: STS_STS_URL - value: {{ include "stackstate-k8s-agent.stackstate.url" . }} - {{- if .Values.global.proxy.url }} - - name: STS_PROXY_HTTPS - value: {{ .Values.global.proxy.url | quote }} - - name: STS_PROXY_HTTP - value: {{ .Values.global.proxy.url | quote }} - {{- end }} - {{- range $key, $value := .Values.global.extraEnv.open }} - - name: {{ $key }} - value: {{ $value | quote }} - {{- end }} - {{- range $key, $value := .Values.global.extraEnv.secret }} - - name: {{ $key }} - valueFrom: - secretKeyRef: - name: {{ include "stackstate-k8s-agent.fullname" . }} - key: {{ $key }} - {{- end }} - livenessProbe: - httpGet: - path: /health - port: healthport - failureThreshold: {{ .Values.checksAgent.livenessProbe.failureThreshold }} - initialDelaySeconds: {{ .Values.checksAgent.livenessProbe.initialDelaySeconds }} - periodSeconds: {{ .Values.checksAgent.livenessProbe.periodSeconds }} - successThreshold: {{ .Values.checksAgent.livenessProbe.successThreshold }} - timeoutSeconds: {{ .Values.checksAgent.livenessProbe.timeoutSeconds }} - readinessProbe: - httpGet: - path: /health - port: healthport - failureThreshold: {{ .Values.checksAgent.readinessProbe.failureThreshold }} - initialDelaySeconds: {{ .Values.checksAgent.readinessProbe.initialDelaySeconds }} - periodSeconds: {{ .Values.checksAgent.readinessProbe.periodSeconds }} - successThreshold: {{ .Values.checksAgent.readinessProbe.successThreshold }} - timeoutSeconds: {{ .Values.checksAgent.readinessProbe.timeoutSeconds }} - ports: - - containerPort: 5555 - name: healthport - protocol: TCP - {{- if .Values.all.hardening.enabled}} - securityContext: - privileged: true - runAsUser: 0 # root - capabilities: - add: [ "ALL" ] - readOnlyRootFilesystem: false - {{- else }} - securityContext: - privileged: false - {{- end }} - {{- with .Values.checksAgent.resources }} - resources: - {{- toYaml . | nindent 12 }} - {{- end }} - volumeMounts: - - name: confd-empty-volume - mountPath: /etc/stackstate-agent/conf.d -# setting as readOnly: false because we need the ability to write data on /etc/stackstate-agent/conf.d as we enable checks to run. - readOnly: false - {{- if .Values.checksAgent.config.override }} - {{- range .Values.checksAgent.config.override }} - - name: config-override-volume - mountPath: {{ .path }}/{{ .name }} - subPath: {{ .path | replace "/" "_"}}_{{ .name }} - readOnly: true - {{- end }} - {{- end }} - {{- if .Values.checksAgent.priorityClassName }} - priorityClassName: {{ .Values.checksAgent.priorityClassName }} - {{- end }} - serviceAccountName: {{ .Release.Name }}-checks-agent - nodeSelector: - {{ template "label.os" . }}: {{ .Values.targetSystem }} - {{- with .Values.checksAgent.nodeSelector }} - {{- toYaml . | nindent 8 }} - {{- end }} - {{- with .Values.checksAgent.affinity }} - affinity: - {{- toYaml . | nindent 8 }} - {{- end }} - {{- with .Values.checksAgent.tolerations }} - tolerations: - {{- toYaml . | nindent 8 }} - {{- end }} - volumes: - - name: confd-empty-volume - emptyDir: {} - {{- if .Values.checksAgent.config.override }} - - name: config-override-volume - configMap: - name: {{ .Release.Name }}-checks-agent - {{- end }} -{{- end -}} diff --git a/charts/stackstate/stackstate-k8s-agent/1.0.82/templates/checks-agent-poddisruptionbudget.yaml b/charts/stackstate/stackstate-k8s-agent/1.0.82/templates/checks-agent-poddisruptionbudget.yaml deleted file mode 100644 index 19d3924ea..000000000 --- a/charts/stackstate/stackstate-k8s-agent/1.0.82/templates/checks-agent-poddisruptionbudget.yaml +++ /dev/null @@ -1,23 +0,0 @@ -{{- if .Values.checksAgent.enabled }} -{{- if .Capabilities.APIVersions.Has "policy/v1/PodDisruptionBudget" }} -apiVersion: policy/v1 -{{- else }} -apiVersion: policy/v1beta1 -{{- end }} -kind: PodDisruptionBudget -metadata: - name: {{ .Release.Name }}-checks-agent - labels: -{{ include "stackstate-k8s-agent.labels" . | indent 4 }} -{{ include "stackstate-k8s-agent.global.extraLabels" . | indent 4 }} - app.kubernetes.io/component: checks-agent - annotations: -{{ include "stackstate-k8s-agent.global.extraAnnotations" . | indent 4 }} -spec: - maxUnavailable: 1 - selector: - matchLabels: - app.kubernetes.io/component: checks-agent - app.kubernetes.io/instance: {{ .Release.Name }} - app.kubernetes.io/name: {{ include "stackstate-k8s-agent.name" . }} -{{- end -}} diff --git a/charts/stackstate/stackstate-k8s-agent/1.0.82/templates/checks-agent-serviceaccount.yaml b/charts/stackstate/stackstate-k8s-agent/1.0.82/templates/checks-agent-serviceaccount.yaml deleted file mode 100644 index a90a43589..000000000 --- a/charts/stackstate/stackstate-k8s-agent/1.0.82/templates/checks-agent-serviceaccount.yaml +++ /dev/null @@ -1,16 +0,0 @@ -{{- if .Values.checksAgent.enabled }} -apiVersion: v1 -kind: ServiceAccount -metadata: - name: {{ .Release.Name }}-checks-agent - namespace: {{ .Release.Namespace }} - labels: -{{ include "stackstate-k8s-agent.labels" . | indent 4 }} -{{ include "stackstate-k8s-agent.global.extraLabels" . | indent 4 }} - app.kubernetes.io/component: checks-agent - annotations: -{{ include "stackstate-k8s-agent.global.extraAnnotations" . | indent 4 }} -{{- with .Values.checksAgent.serviceaccount.annotations }} - {{- toYaml . | nindent 4 }} -{{- end }} -{{- end -}} diff --git a/charts/stackstate/stackstate-k8s-agent/1.0.82/templates/cluster-agent-clusterrole.yaml b/charts/stackstate/stackstate-k8s-agent/1.0.82/templates/cluster-agent-clusterrole.yaml deleted file mode 100644 index 021a43ebd..000000000 --- a/charts/stackstate/stackstate-k8s-agent/1.0.82/templates/cluster-agent-clusterrole.yaml +++ /dev/null @@ -1,152 +0,0 @@ -{{- $kubeRes := .Values.clusterAgent.collection.kubernetesResources }} -apiVersion: rbac.authorization.k8s.io/v1 -kind: ClusterRole -metadata: - name: {{ include "stackstate-k8s-agent.fullname" . }} - labels: -{{ include "stackstate-k8s-agent.labels" . | indent 4 }} -{{ include "stackstate-k8s-agent.global.extraLabels" . | indent 4 }} - app.kubernetes.io/component: cluster-agent - annotations: -{{ include "stackstate-k8s-agent.global.extraAnnotations" . | indent 4 }} -rules: -- apiGroups: - - "" - resources: - - events - - nodes - - pods - - services - {{- if $kubeRes.namespaces }} - - namespaces - {{- end }} - {{- if .Values.clusterAgent.collection.kubernetesMetrics }} - - componentstatuses - {{- end }} - {{- if $kubeRes.configmaps }} - - configmaps - {{- end }} - {{- if $kubeRes.endpoints }} - - endpoints - {{- end }} - {{- if $kubeRes.persistentvolumeclaims }} - - persistentvolumeclaims - {{- end }} - {{- if $kubeRes.persistentvolumes }} - - persistentvolumes - {{- end }} - {{- if $kubeRes.secrets }} - - secrets - {{- end }} - {{- if $kubeRes.resourcequotas }} - - resourcequotas - {{- end }} - verbs: - - get - - list - - watch -{{- if or $kubeRes.daemonsets $kubeRes.deployments $kubeRes.replicasets $kubeRes.statefulsets }} -- apiGroups: - - "apps" - resources: - {{- if $kubeRes.daemonsets }} - - daemonsets - {{- end }} - {{- if $kubeRes.deployments }} - - deployments - {{- end }} - {{- if $kubeRes.replicasets }} - - replicasets - {{- end }} - {{- if $kubeRes.statefulsets }} - - statefulsets - {{- end }} - verbs: - - get - - list - - watch -{{- end}} -{{- if $kubeRes.ingresses }} -- apiGroups: - - "extensions" - - "networking.k8s.io" - resources: - - ingresses - verbs: - - get - - list - - watch -{{- end}} -{{- if or $kubeRes.cronjobs $kubeRes.jobs }} -- apiGroups: - - "batch" - resources: - {{- if $kubeRes.cronjobs }} - - cronjobs - {{- end }} - {{- if $kubeRes.jobs }} - - jobs - {{- end }} - verbs: - - get - - list - - watch -{{- end}} -- nonResourceURLs: - - "/healthz" - - "/version" - verbs: - - get -- apiGroups: - - "storage.k8s.io" - resources: - {{- if $kubeRes.volumeattachments }} - - volumeattachments - {{- end }} - {{- if $kubeRes.storageclasses }} - - storageclasses - {{- end }} - verbs: - - get - - list - - watch -- apiGroups: - - "policy" - resources: - {{- if $kubeRes.poddisruptionbudgets }} - - poddisruptionbudgets - {{- end }} - verbs: - - get - - list - - watch -- apiGroups: - - "" - resources: - {{- if $kubeRes.replicationcontrollers }} - - replicationcontrollers - {{- end }} - verbs: - - get - - list - - watch -- apiGroups: - - "autoscaling" - resources: - {{- if $kubeRes.horizontalpodautoscalers }} - - horizontalpodautoscalers - {{- end }} - verbs: - - get - - list - - watch -- apiGroups: - - "" - resources: - {{- if $kubeRes.limitranges }} - - limitranges - {{- end }} - verbs: - - get - - list - - watch diff --git a/charts/stackstate/stackstate-k8s-agent/1.0.82/templates/cluster-agent-clusterrolebinding.yaml b/charts/stackstate/stackstate-k8s-agent/1.0.82/templates/cluster-agent-clusterrolebinding.yaml deleted file mode 100644 index 207613dd9..000000000 --- a/charts/stackstate/stackstate-k8s-agent/1.0.82/templates/cluster-agent-clusterrolebinding.yaml +++ /dev/null @@ -1,19 +0,0 @@ -apiVersion: rbac.authorization.k8s.io/v1 -kind: ClusterRoleBinding -metadata: - name: {{ include "stackstate-k8s-agent.fullname" . }} - labels: -{{ include "stackstate-k8s-agent.labels" . | indent 4 }} -{{ include "stackstate-k8s-agent.global.extraLabels" . | indent 4 }} - app.kubernetes.io/component: cluster-agent - annotations: -{{ include "stackstate-k8s-agent.global.extraAnnotations" . | indent 4 }} -roleRef: - apiGroup: rbac.authorization.k8s.io - kind: ClusterRole - name: {{ include "stackstate-k8s-agent.fullname" . }} -subjects: -- apiGroup: "" - kind: ServiceAccount - name: {{ include "stackstate-k8s-agent.fullname" . }} - namespace: {{ .Release.Namespace }} diff --git a/charts/stackstate/stackstate-k8s-agent/1.0.82/templates/cluster-agent-configmap.yaml b/charts/stackstate/stackstate-k8s-agent/1.0.82/templates/cluster-agent-configmap.yaml deleted file mode 100644 index 37d10217f..000000000 --- a/charts/stackstate/stackstate-k8s-agent/1.0.82/templates/cluster-agent-configmap.yaml +++ /dev/null @@ -1,31 +0,0 @@ -apiVersion: v1 -kind: ConfigMap -metadata: - name: {{ .Release.Name }}-cluster-agent - labels: -{{ include "stackstate-k8s-agent.labels" . | indent 4 }} -{{ include "stackstate-k8s-agent.global.extraLabels" . | indent 4 }} - app.kubernetes.io/component: cluster-agent - annotations: -{{ include "stackstate-k8s-agent.global.extraAnnotations" . | indent 4 }} -data: - kubernetes_api_events_conf: | - init_config: - instances: - - collect_events: {{ .Values.clusterAgent.collection.kubernetesEvents }} - event_categories:{{ .Values.clusterAgent.config.events.categories | toYaml | nindent 10 }} - kubernetes_api_topology_conf: | - init_config: - instances: - - collection_interval: {{ .Values.clusterAgent.config.topology.collectionInterval }} - resources:{{ .Values.clusterAgent.collection.kubernetesResources | toYaml | nindent 10 }} - {{- if .Values.clusterAgent.collection.kubeStateMetrics.enabled }} - kube_state_metrics_core_conf: | - {{- include "cluster-agent-kube-state-metrics" . | nindent 6 }} - {{- end }} -{{- if .Values.clusterAgent.config.override }} -{{- range .Values.clusterAgent.config.override }} - {{ .path | replace "/" "_"}}_{{ .name }}: | -{{ .data | indent 4 -}} -{{- end -}} -{{- end -}} diff --git a/charts/stackstate/stackstate-k8s-agent/1.0.82/templates/cluster-agent-deployment.yaml b/charts/stackstate/stackstate-k8s-agent/1.0.82/templates/cluster-agent-deployment.yaml deleted file mode 100644 index 51025a670..000000000 --- a/charts/stackstate/stackstate-k8s-agent/1.0.82/templates/cluster-agent-deployment.yaml +++ /dev/null @@ -1,169 +0,0 @@ -apiVersion: apps/v1 -kind: Deployment -metadata: - name: {{ .Release.Name }}-cluster-agent - labels: -{{ include "stackstate-k8s-agent.labels" . | indent 4 }} -{{ include "stackstate-k8s-agent.global.extraLabels" . | indent 4 }} - app.kubernetes.io/component: cluster-agent - annotations: -{{ include "stackstate-k8s-agent.global.extraAnnotations" . | indent 4 }} -spec: - replicas: {{ .Values.clusterAgent.replicaCount }} - selector: - matchLabels: - app.kubernetes.io/component: cluster-agent - app.kubernetes.io/instance: {{ .Release.Name }} - app.kubernetes.io/name: {{ include "stackstate-k8s-agent.name" . }} -{{- with .Values.clusterAgent.strategy }} - strategy: - {{- toYaml . | nindent 4 }} -{{- end }} - template: - metadata: - annotations: - {{- include "stackstate-k8s-agent.checksum-configs" . | nindent 8 }} - {{- include "stackstate-k8s-agent.configmap.override.checksum" . | nindent 8 }} -{{ include "stackstate-k8s-agent.global.extraAnnotations" . | indent 8 }} - labels: - app.kubernetes.io/component: cluster-agent - app.kubernetes.io/instance: {{ .Release.Name }} - app.kubernetes.io/name: {{ include "stackstate-k8s-agent.name" . }} -{{ include "stackstate-k8s-agent.global.extraLabels" . | indent 8 }} - spec: - {{- include "stackstate-k8s-agent.image.pullSecrets" (dict "images" (list .Values.clusterAgent.image .Values.all.image) "context" $) | nindent 6 }} - {{- if .Values.clusterAgent.priorityClassName }} - priorityClassName: {{ .Values.clusterAgent.priorityClassName }} - {{- end }} - serviceAccountName: {{ include "stackstate-k8s-agent.fullname" . }} - {{- if .Values.all.hardening.enabled}} - terminationGracePeriodSeconds: 240 - {{- end }} - containers: - - name: cluster-agent - image: "{{ include "stackstate-k8s-agent.imageRegistry" . }}/{{ .Values.clusterAgent.image.repository }}:{{ .Values.clusterAgent.image.tag }}" - imagePullPolicy: "{{ .Values.clusterAgent.image.pullPolicy }}" - {{- if .Values.all.hardening.enabled}} - lifecycle: - preStop: - exec: - command: [ "/bin/sh", "-c", "echo 'Giving slim.ai monitor time to submit data...'; sleep 120" ] - {{- end }} - env: - {{ include "stackstate-k8s-agent.apiKeyEnv" . | nindent 10 }} - {{ include "stackstate-k8s-agent.clusterAgentAuthTokenEnv" . | nindent 10 }} - - name: KUBERNETES_HOSTNAME - valueFrom: - fieldRef: - fieldPath: spec.nodeName - - name: STS_HOSTNAME - value: "$(KUBERNETES_HOSTNAME)-{{ .Values.stackstate.cluster.name}}" - - name: LOG_LEVEL - value: {{ .Values.clusterAgent.logLevel | quote }} - {{- if .Values.checksAgent.enabled }} - - name: STS_CLUSTER_CHECKS_ENABLED - value: "true" - - name: STS_EXTRA_CONFIG_PROVIDERS - value: "kube_endpoints kube_services" - - name: STS_EXTRA_LISTENERS - value: "kube_endpoints kube_services" - {{- end }} - - name: STS_CLUSTER_NAME - value: {{.Values.stackstate.cluster.name | quote }} - - name: STS_SKIP_VALIDATE_CLUSTERNAME - value: "true" - - name: STS_SKIP_SSL_VALIDATION - value: {{ or .Values.global.skipSslValidation .Values.clusterAgent.skipSslValidation | quote }} - - name: STS_COLLECT_KUBERNETES_METRICS - value: {{ .Values.clusterAgent.collection.kubernetesMetrics | quote }} - - name: STS_COLLECT_KUBERNETES_TIMEOUT - value: {{ .Values.clusterAgent.collection.kubernetesTimeout | quote }} - - name: STS_COLLECT_KUBERNETES_TOPOLOGY - value: {{ .Values.clusterAgent.collection.kubernetesTopology | quote }} - - name: STS_LEADER_ELECTION - value: "true" - - name: STS_LOG_LEVEL - value: {{ .Values.clusterAgent.logLevel | quote }} - - name: STS_CLUSTER_AGENT_CMD_PORT - value: {{ .Values.clusterAgent.service.targetPort | quote }} - - name: STS_STS_URL - value: {{ include "stackstate-k8s-agent.stackstate.url" . }} - {{- if .Values.clusterAgent.config.configMap.maxDataSize }} - - name: STS_CONFIGMAP_MAX_DATASIZE - value: {{ .Values.clusterAgent.config.configMap.maxDataSize | quote }} - {{- end}} - {{- if .Values.global.proxy.url }} - - name: STS_PROXY_HTTPS - value: {{ .Values.global.proxy.url | quote }} - - name: STS_PROXY_HTTP - value: {{ .Values.global.proxy.url | quote }} - {{- end }} - {{- range $key, $value := .Values.global.extraEnv.open }} - - name: {{ $key }} - value: {{ $value | quote }} - {{- end }} - {{- range $key, $value := .Values.global.extraEnv.secret }} - - name: {{ $key }} - valueFrom: - secretKeyRef: - name: {{ include "stackstate-k8s-agent.fullname" . }} - key: {{ $key }} - {{- end }} - {{- if .Values.all.hardening.enabled}} - securityContext: - privileged: true - runAsUser: 0 # root - capabilities: - add: [ "ALL" ] - readOnlyRootFilesystem: false - {{- else }} - securityContext: - privileged: false - {{- end }} - {{- with .Values.clusterAgent.resources }} - resources: - {{- toYaml . | nindent 12 }} - {{- end }} - volumeMounts: - - name: logs - mountPath: /var/log/stackstate-agent - - name: config-override-volume - mountPath: /etc/stackstate-agent/conf.d/kubernetes_api_events.d/conf.yaml - subPath: kubernetes_api_events_conf - - name: config-override-volume - mountPath: /etc/stackstate-agent/conf.d/kubernetes_api_topology.d/conf.yaml - subPath: kubernetes_api_topology_conf - readOnly: true - {{- if .Values.clusterAgent.collection.kubeStateMetrics.enabled }} - - name: config-override-volume - mountPath: /etc/stackstate-agent/conf.d/kubernetes_state_core.d/conf.yaml - subPath: kube_state_metrics_core_conf - readOnly: true - {{- end }} - {{- if .Values.clusterAgent.config.override }} - {{- range .Values.clusterAgent.config.override }} - - name: config-override-volume - mountPath: {{ .path }}/{{ .name }} - subPath: {{ .path | replace "/" "_"}}_{{ .name }} - readOnly: true - {{- end }} - {{- end }} - nodeSelector: - {{ template "label.os" . }}: {{ .Values.targetSystem }} - {{- with .Values.clusterAgent.nodeSelector }} - {{- toYaml . | nindent 8 }} - {{- end }} - {{- with .Values.clusterAgent.affinity }} - affinity: - {{- toYaml . | nindent 8 }} - {{- end }} - {{- with .Values.clusterAgent.tolerations }} - tolerations: - {{- toYaml . | nindent 8 }} - {{- end }} - volumes: - - name: logs - emptyDir: {} - - name: config-override-volume - configMap: - name: {{ .Release.Name }}-cluster-agent diff --git a/charts/stackstate/stackstate-k8s-agent/1.0.82/templates/cluster-agent-poddisruptionbudget.yaml b/charts/stackstate/stackstate-k8s-agent/1.0.82/templates/cluster-agent-poddisruptionbudget.yaml deleted file mode 100644 index 64a265b7d..000000000 --- a/charts/stackstate/stackstate-k8s-agent/1.0.82/templates/cluster-agent-poddisruptionbudget.yaml +++ /dev/null @@ -1,21 +0,0 @@ -{{- if .Capabilities.APIVersions.Has "policy/v1/PodDisruptionBudget" }} -apiVersion: policy/v1 -{{- else }} -apiVersion: policy/v1beta1 -{{- end }} -kind: PodDisruptionBudget -metadata: - name: {{ include "stackstate-k8s-agent.fullname" . }} - labels: -{{ include "stackstate-k8s-agent.labels" . | indent 4 }} -{{ include "stackstate-k8s-agent.global.extraLabels" . | indent 4 }} - app.kubernetes.io/component: cluster-agent - annotations: -{{ include "stackstate-k8s-agent.global.extraAnnotations" . | indent 4 }} -spec: - maxUnavailable: 1 - selector: - matchLabels: - app.kubernetes.io/component: cluster-agent - app.kubernetes.io/instance: {{ .Release.Name }} - app.kubernetes.io/name: {{ include "stackstate-k8s-agent.name" . }} diff --git a/charts/stackstate/stackstate-k8s-agent/1.0.82/templates/cluster-agent-role.yaml b/charts/stackstate/stackstate-k8s-agent/1.0.82/templates/cluster-agent-role.yaml deleted file mode 100644 index eabc5bde3..000000000 --- a/charts/stackstate/stackstate-k8s-agent/1.0.82/templates/cluster-agent-role.yaml +++ /dev/null @@ -1,21 +0,0 @@ -{{- $kubeRes := .Values.clusterAgent.collection.kubernetesResources }} -apiVersion: rbac.authorization.k8s.io/v1 -kind: Role -metadata: - name: {{ include "stackstate-k8s-agent.fullname" . }} - labels: -{{ include "stackstate-k8s-agent.labels" . | indent 4 }} -{{ include "stackstate-k8s-agent.global.extraLabels" . | indent 4 }} - app.kubernetes.io/component: cluster-agent - annotations: -{{ include "stackstate-k8s-agent.global.extraAnnotations" . | indent 4 }} -rules: -- apiGroups: - - "" - resources: - - configmaps - verbs: - - create - - get - - patch - - update diff --git a/charts/stackstate/stackstate-k8s-agent/1.0.82/templates/cluster-agent-rolebinding.yaml b/charts/stackstate/stackstate-k8s-agent/1.0.82/templates/cluster-agent-rolebinding.yaml deleted file mode 100644 index adabad45e..000000000 --- a/charts/stackstate/stackstate-k8s-agent/1.0.82/templates/cluster-agent-rolebinding.yaml +++ /dev/null @@ -1,18 +0,0 @@ -apiVersion: rbac.authorization.k8s.io/v1 -kind: RoleBinding -metadata: - name: {{ include "stackstate-k8s-agent.fullname" . }} - labels: -{{ include "stackstate-k8s-agent.labels" . | indent 4 }} -{{ include "stackstate-k8s-agent.global.extraLabels" . | indent 4 }} - app.kubernetes.io/component: cluster-agent - annotations: -{{ include "stackstate-k8s-agent.global.extraAnnotations" . | indent 4 }} -roleRef: - apiGroup: rbac.authorization.k8s.io - kind: Role - name: {{ include "stackstate-k8s-agent.fullname" . }} -subjects: -- apiGroup: "" - kind: ServiceAccount - name: {{ include "stackstate-k8s-agent.fullname" . }} diff --git a/charts/stackstate/stackstate-k8s-agent/1.0.82/templates/cluster-agent-service.yaml b/charts/stackstate/stackstate-k8s-agent/1.0.82/templates/cluster-agent-service.yaml deleted file mode 100644 index 8b687e8f7..000000000 --- a/charts/stackstate/stackstate-k8s-agent/1.0.82/templates/cluster-agent-service.yaml +++ /dev/null @@ -1,21 +0,0 @@ -apiVersion: v1 -kind: Service -metadata: - name: {{ .Release.Name }}-cluster-agent - namespace: {{ .Release.Namespace }} - labels: -{{ include "stackstate-k8s-agent.labels" . | indent 4 }} -{{ include "stackstate-k8s-agent.global.extraLabels" . | indent 4 }} - app.kubernetes.io/component: cluster-agent - annotations: -{{ include "stackstate-k8s-agent.global.extraAnnotations" . | indent 4 }} -spec: - ports: - - name: clusteragent - port: {{int .Values.clusterAgent.service.port }} - protocol: TCP - targetPort: {{int .Values.clusterAgent.service.targetPort }} - selector: - app.kubernetes.io/component: cluster-agent - app.kubernetes.io/instance: {{ .Release.Name }} - app.kubernetes.io/name: {{ include "stackstate-k8s-agent.name" . }} diff --git a/charts/stackstate/stackstate-k8s-agent/1.0.82/templates/cluster-agent-serviceaccount.yaml b/charts/stackstate/stackstate-k8s-agent/1.0.82/templates/cluster-agent-serviceaccount.yaml deleted file mode 100644 index 6cbc89699..000000000 --- a/charts/stackstate/stackstate-k8s-agent/1.0.82/templates/cluster-agent-serviceaccount.yaml +++ /dev/null @@ -1,14 +0,0 @@ -apiVersion: v1 -kind: ServiceAccount -metadata: - name: {{ include "stackstate-k8s-agent.fullname" . }} - namespace: {{ .Release.Namespace }} - labels: -{{ include "stackstate-k8s-agent.labels" . | indent 4 }} -{{ include "stackstate-k8s-agent.global.extraLabels" . | indent 4 }} - app.kubernetes.io/component: cluster-agent - annotations: -{{ include "stackstate-k8s-agent.global.extraAnnotations" . | indent 4 }} -{{- with .Values.clusterAgent.serviceaccount.annotations }} - {{- toYaml . | nindent 4 }} -{{- end }} diff --git a/charts/stackstate/stackstate-k8s-agent/1.0.82/templates/logs-agent-clusterrole.yaml b/charts/stackstate/stackstate-k8s-agent/1.0.82/templates/logs-agent-clusterrole.yaml deleted file mode 100644 index da6cd59dd..000000000 --- a/charts/stackstate/stackstate-k8s-agent/1.0.82/templates/logs-agent-clusterrole.yaml +++ /dev/null @@ -1,23 +0,0 @@ -{{- if .Values.logsAgent.enabled }} -apiVersion: rbac.authorization.k8s.io/v1 -kind: ClusterRole -metadata: - name: {{ .Release.Name }}-logs-agent - labels: -{{ include "stackstate-k8s-agent.labels" . | indent 4 }} -{{ include "stackstate-k8s-agent.global.extraLabels" . | indent 4 }} - app.kubernetes.io/component: logs-agent - annotations: -{{ include "stackstate-k8s-agent.global.extraAnnotations" . | indent 4 }} -rules: -- apiGroups: # Kubelet connectivity - - "" - resources: - - nodes - - services - - pods - verbs: - - get - - watch - - list -{{- end -}} diff --git a/charts/stackstate/stackstate-k8s-agent/1.0.82/templates/logs-agent-clusterrolebinding.yaml b/charts/stackstate/stackstate-k8s-agent/1.0.82/templates/logs-agent-clusterrolebinding.yaml deleted file mode 100644 index 1f6e7cfcf..000000000 --- a/charts/stackstate/stackstate-k8s-agent/1.0.82/templates/logs-agent-clusterrolebinding.yaml +++ /dev/null @@ -1,21 +0,0 @@ -{{- if .Values.logsAgent.enabled }} -apiVersion: rbac.authorization.k8s.io/v1 -kind: ClusterRoleBinding -metadata: - name: {{ .Release.Name }}-logs-agent - labels: -{{ include "stackstate-k8s-agent.labels" . | indent 4 }} -{{ include "stackstate-k8s-agent.global.extraLabels" . | indent 4 }} - app.kubernetes.io/component: logs-agent - annotations: -{{ include "stackstate-k8s-agent.global.extraAnnotations" . | indent 4 }} -roleRef: - apiGroup: rbac.authorization.k8s.io - kind: ClusterRole - name: {{ .Release.Name }}-logs-agent -subjects: -- apiGroup: "" - kind: ServiceAccount - name: {{ .Release.Name }}-logs-agent - namespace: {{ .Release.Namespace }} -{{- end -}} diff --git a/charts/stackstate/stackstate-k8s-agent/1.0.82/templates/logs-agent-configmap.yaml b/charts/stackstate/stackstate-k8s-agent/1.0.82/templates/logs-agent-configmap.yaml deleted file mode 100644 index ff9440a4b..000000000 --- a/charts/stackstate/stackstate-k8s-agent/1.0.82/templates/logs-agent-configmap.yaml +++ /dev/null @@ -1,63 +0,0 @@ -{{- if .Values.logsAgent.enabled }} -apiVersion: v1 -kind: ConfigMap -metadata: - name: {{ .Release.Name }}-logs-agent - labels: -{{ include "stackstate-k8s-agent.labels" . | indent 4 }} -{{ include "stackstate-k8s-agent.global.extraLabels" . | indent 4 }} - app.kubernetes.io/component: logs-agent - annotations: -{{ include "stackstate-k8s-agent.global.extraAnnotations" . | indent 4 }} -data: - promtail.yaml: | - server: - http_listen_port: 9080 - grpc_listen_port: 0 - - clients: - - url: {{ tpl .Values.stackstate.url . }}/logs/k8s?api_key=${STS_API_KEY} - external_labels: - sts_cluster_name: {{ .Values.stackstate.cluster.name | quote }} - {{- if .Values.global.proxy.url }} - proxy_url: {{ .Values.global.proxy.url | quote }} - {{- end }} - tls_config: - insecure_skip_verify: {{ or .Values.global.skipSslValidation .Values.logsAgent.skipSslValidation }} - - - positions: - filename: /tmp/positions.yaml - target_config: - sync_period: 10s - scrape_configs: - - job_name: pod-logs - kubernetes_sd_configs: - - role: pod - pipeline_stages: - - docker: {} - - cri: {} - relabel_configs: - - action: replace - source_labels: - - __meta_kubernetes_pod_name - target_label: pod_name - - action: replace - source_labels: - - __meta_kubernetes_pod_uid - target_label: pod_uid - - action: replace - source_labels: - - __meta_kubernetes_pod_container_name - target_label: container_name - # The __path__ is required by the promtail client - - replacement: /var/log/pods/*$1/*.log - separator: / - source_labels: - - __meta_kubernetes_pod_uid - - __meta_kubernetes_pod_container_name - target_label: __path__ - # Drop all remaining labels, we do not need those - - action: drop - regex: __meta_(.*) -{{- end -}} diff --git a/charts/stackstate/stackstate-k8s-agent/1.0.82/templates/logs-agent-daemonset.yaml b/charts/stackstate/stackstate-k8s-agent/1.0.82/templates/logs-agent-daemonset.yaml deleted file mode 100644 index 23cfce31f..000000000 --- a/charts/stackstate/stackstate-k8s-agent/1.0.82/templates/logs-agent-daemonset.yaml +++ /dev/null @@ -1,91 +0,0 @@ -{{- if .Values.logsAgent.enabled }} -apiVersion: apps/v1 -kind: DaemonSet -metadata: - name: {{ .Release.Name }}-logs-agent - namespace: {{ .Release.Namespace }} - labels: -{{ include "stackstate-k8s-agent.labels" . | indent 4 }} -{{ include "stackstate-k8s-agent.global.extraLabels" . | indent 4 }} - app.kubernetes.io/component: logs-agent - annotations: -{{ include "stackstate-k8s-agent.global.extraAnnotations" . | indent 4 }} -spec: - selector: - matchLabels: - app.kubernetes.io/component: logs-agent - app.kubernetes.io/instance: {{ .Release.Name }} - app.kubernetes.io/name: {{ include "stackstate-k8s-agent.name" . }} -{{- with .Values.logsAgent.updateStrategy }} - updateStrategy: - {{- toYaml . | nindent 4 }} -{{- end }} - template: - metadata: - annotations: - {{- include "stackstate-k8s-agent.checksum-configs" . | nindent 8 }} - {{- include "stackstate-k8s-agent.logsAgent.configmap.override.checksum" . | nindent 8 }} -{{ include "stackstate-k8s-agent.global.extraAnnotations" . | indent 8 }} - labels: - app.kubernetes.io/component: logs-agent - app.kubernetes.io/instance: {{ .Release.Name }} - app.kubernetes.io/name: {{ include "stackstate-k8s-agent.name" . }} -{{ include "stackstate-k8s-agent.global.extraLabels" . | indent 8 }} - spec: - {{- include "stackstate-k8s-agent.image.pullSecrets" (dict "images" (list .Values.logsAgent.image .Values.all.image) "context" $) | nindent 6 }} - containers: - - name: logs-agent - image: "{{ include "stackstate-k8s-agent.imageRegistry" . }}/{{ .Values.logsAgent.image.repository }}:{{ .Values.logsAgent.image.tag }}" - args: - - -config.expand-env=true - - -config.file=/etc/promtail/promtail.yaml - imagePullPolicy: "{{ .Values.logsAgent.image.pullPolicy }}" - env: - {{ include "stackstate-k8s-agent.apiKeyEnv" . | nindent 10 }} - - name: "HOSTNAME" # needed when using kubernetes_sd_configs - valueFrom: - fieldRef: - fieldPath: "spec.nodeName" - securityContext: - privileged: false - {{- with .Values.logsAgent.resources }} - resources: - {{- toYaml . | nindent 12 }} - {{- end }} - volumeMounts: - - name: logs - mountPath: /var/log - readOnly: true - - name: logs-agent-config - mountPath: /etc/promtail - readOnly: true - - name: varlibdockercontainers - mountPath: /var/lib/docker/containers - readOnly: true - {{- if .Values.logsAgent.priorityClassName }} - priorityClassName: {{ .Values.logsAgent.priorityClassName }} - {{- end }} - serviceAccountName: {{ .Release.Name }}-logs-agent - {{- with .Values.logsAgent.nodeSelector }} - nodeSelector: - {{- toYaml . | nindent 8 }} - {{- end }} - {{- with .Values.logsAgent.affinity }} - affinity: - {{- toYaml . | nindent 8 }} - {{- end }} - {{- with .Values.logsAgent.tolerations }} - tolerations: - {{- toYaml . | nindent 8 }} - {{- end }} - volumes: - - name: logs - hostPath: - path: /var/log - - name: varlibdockercontainers - hostPath: - path: /var/lib/docker/containers - - name: logs-agent-config - configMap: - name: {{ .Release.Name }}-logs-agent -{{- end -}} diff --git a/charts/stackstate/stackstate-k8s-agent/1.0.82/templates/logs-agent-serviceaccount.yaml b/charts/stackstate/stackstate-k8s-agent/1.0.82/templates/logs-agent-serviceaccount.yaml deleted file mode 100644 index 91cfdb137..000000000 --- a/charts/stackstate/stackstate-k8s-agent/1.0.82/templates/logs-agent-serviceaccount.yaml +++ /dev/null @@ -1,16 +0,0 @@ -{{- if .Values.logsAgent.enabled }} -apiVersion: v1 -kind: ServiceAccount -metadata: - name: {{ .Release.Name }}-logs-agent - namespace: {{ .Release.Namespace }} - labels: -{{ include "stackstate-k8s-agent.labels" . | indent 4 }} -{{ include "stackstate-k8s-agent.global.extraLabels" . | indent 4 }} - app.kubernetes.io/component: logs-agent - annotations: -{{ include "stackstate-k8s-agent.global.extraAnnotations" . | indent 4 }} -{{- with .Values.logsAgent.serviceaccount.annotations }} - {{- toYaml . | nindent 4 }} -{{- end }} -{{- end -}} diff --git a/charts/stackstate/stackstate-k8s-agent/1.0.82/templates/node-agent-clusterrole.yaml b/charts/stackstate/stackstate-k8s-agent/1.0.82/templates/node-agent-clusterrole.yaml deleted file mode 100644 index 1ded16cc2..000000000 --- a/charts/stackstate/stackstate-k8s-agent/1.0.82/templates/node-agent-clusterrole.yaml +++ /dev/null @@ -1,21 +0,0 @@ -apiVersion: rbac.authorization.k8s.io/v1 -kind: ClusterRole -metadata: - name: {{ .Release.Name }}-node-agent - labels: -{{ include "stackstate-k8s-agent.labels" . | indent 4 }} -{{ include "stackstate-k8s-agent.global.extraLabels" . | indent 4 }} - app.kubernetes.io/component: node-agent - annotations: -{{ include "stackstate-k8s-agent.global.extraAnnotations" . | indent 4 }} -rules: -- apiGroups: # Kubelet connectivity - - "" - resources: - - nodes/metrics - - nodes/proxy - - nodes/spec - - endpoints - verbs: - - get - - list diff --git a/charts/stackstate/stackstate-k8s-agent/1.0.82/templates/node-agent-clusterrolebinding.yaml b/charts/stackstate/stackstate-k8s-agent/1.0.82/templates/node-agent-clusterrolebinding.yaml deleted file mode 100644 index b3f033ebb..000000000 --- a/charts/stackstate/stackstate-k8s-agent/1.0.82/templates/node-agent-clusterrolebinding.yaml +++ /dev/null @@ -1,19 +0,0 @@ -apiVersion: rbac.authorization.k8s.io/v1 -kind: ClusterRoleBinding -metadata: - name: {{ .Release.Name }}-node-agent - labels: -{{ include "stackstate-k8s-agent.labels" . | indent 4 }} -{{ include "stackstate-k8s-agent.global.extraLabels" . | indent 4 }} - app.kubernetes.io/component: node-agent - annotations: -{{ include "stackstate-k8s-agent.global.extraAnnotations" . | indent 4 }} -roleRef: - apiGroup: rbac.authorization.k8s.io - kind: ClusterRole - name: {{ .Release.Name }}-node-agent -subjects: -- apiGroup: "" - kind: ServiceAccount - name: {{ .Release.Name }}-node-agent - namespace: {{ .Release.Namespace }} diff --git a/charts/stackstate/stackstate-k8s-agent/1.0.82/templates/node-agent-configmap.yaml b/charts/stackstate/stackstate-k8s-agent/1.0.82/templates/node-agent-configmap.yaml deleted file mode 100644 index 8f6b2ed3a..000000000 --- a/charts/stackstate/stackstate-k8s-agent/1.0.82/templates/node-agent-configmap.yaml +++ /dev/null @@ -1,17 +0,0 @@ -{{- if .Values.nodeAgent.config.override }} -apiVersion: v1 -kind: ConfigMap -metadata: - name: {{ .Release.Name }}-node-agent - labels: -{{ include "stackstate-k8s-agent.labels" . | indent 4 }} -{{ include "stackstate-k8s-agent.global.extraLabels" . | indent 4 }} - app.kubernetes.io/component: node-agent - annotations: -{{ include "stackstate-k8s-agent.global.extraAnnotations" . | indent 4 }} -data: -{{- range .Values.nodeAgent.config.override }} - {{ .path | replace "/" "_"}}_{{ .name }}: | -{{ .data | indent 4 -}} -{{- end -}} -{{- end -}} diff --git a/charts/stackstate/stackstate-k8s-agent/1.0.82/templates/node-agent-daemonset.yaml b/charts/stackstate/stackstate-k8s-agent/1.0.82/templates/node-agent-daemonset.yaml deleted file mode 100644 index 4c8dbdd5a..000000000 --- a/charts/stackstate/stackstate-k8s-agent/1.0.82/templates/node-agent-daemonset.yaml +++ /dev/null @@ -1,110 +0,0 @@ ---- -apiVersion: apps/v1 -kind: DaemonSet -metadata: - name: {{ .Release.Name }}-node-agent - namespace: {{ .Release.Namespace }} - labels: -{{ include "stackstate-k8s-agent.labels" . | indent 4 }} -{{ include "stackstate-k8s-agent.global.extraLabels" . | indent 4 }} - app.kubernetes.io/component: node-agent - annotations: -{{ include "stackstate-k8s-agent.global.extraAnnotations" . | indent 4 }} -spec: - selector: - matchLabels: - app.kubernetes.io/component: node-agent - app.kubernetes.io/instance: {{ .Release.Name }} - app.kubernetes.io/name: {{ include "stackstate-k8s-agent.name" . }} -{{- with .Values.nodeAgent.updateStrategy }} - updateStrategy: - {{- toYaml . | nindent 4 }} -{{- end }} - template: - metadata: - annotations: - {{- include "stackstate-k8s-agent.checksum-configs" . | nindent 8 }} - {{- include "stackstate-k8s-agent.nodeAgent.configmap.override.checksum" . | nindent 8 }} -{{ include "stackstate-k8s-agent.global.extraAnnotations" . | indent 8 }} - labels: - app.kubernetes.io/component: node-agent - app.kubernetes.io/instance: {{ .Release.Name }} - app.kubernetes.io/name: {{ include "stackstate-k8s-agent.name" . }} -{{ include "stackstate-k8s-agent.global.extraLabels" . | indent 8 }} - spec: - {{- include "stackstate-k8s-agent.image.pullSecrets" (dict "images" (list .Values.nodeAgent.containers.agent.image .Values.all.image) "context" $) | nindent 6 }} - {{- if .Values.all.hardening.enabled}} - terminationGracePeriodSeconds: 240 - {{- end }} - containers: - {{- include "container-agent" . | nindent 6 }} - {{- if .Values.nodeAgent.containers.processAgent.enabled }} - {{- include "container-process-agent" . | nindent 6 }} - {{- end }} - dnsPolicy: ClusterFirstWithHostNet - hostNetwork: true - hostPID: true - {{- if .Values.nodeAgent.priorityClassName }} - priorityClassName: {{ .Values.nodeAgent.priorityClassName }} - {{- end }} - serviceAccountName: {{ .Release.Name }}-node-agent - nodeSelector: - {{ template "label.os" . }}: {{ .Values.targetSystem }} - {{- with .Values.nodeAgent.nodeSelector }} - {{- toYaml . | nindent 8 }} - {{- end }} - {{- with .Values.nodeAgent.affinity }} - affinity: - {{- toYaml . | nindent 8 }} - {{- end }} - {{- with .Values.nodeAgent.tolerations }} - tolerations: - {{- toYaml . | nindent 8 }} - {{- end }} - volumes: - {{- if .Values.nodeAgent.containerRuntime.customSocketPath }} - - hostPath: - path: {{ .Values.nodeAgent.containerRuntime.customSocketPath }} - name: customcrisocket - {{- end }} - - hostPath: - path: /var/lib/kubelet - name: kubelet - - hostPath: - path: /var/lib/nfs - name: nfs - - hostPath: - path: /var/lib/docker/overlay2 - name: dockeroverlay2 - - hostPath: - path: /run/docker/netns - name: dockernetns - - hostPath: - path: /var/run/crio/crio.sock - name: crisocket - - hostPath: - path: /var/run/containerd/containerd.sock - name: containerdsocket - - hostPath: - path: /sys/kernel/debug - name: sys-kernel-debug - - hostPath: - path: /var/run/docker.sock - name: dockersocket - - hostPath: - path: {{ .Values.nodeAgent.containerRuntime.hostProc }} - name: procdir - - hostPath: - path: /etc - name: etcdir - - hostPath: - path: /etc/passwd - name: passwd - - hostPath: - path: /sys/fs/cgroup - name: cgroups - {{- if .Values.nodeAgent.config.override }} - - name: config-override-volume - configMap: - name: {{ .Release.Name }}-node-agent - {{- end }} diff --git a/charts/stackstate/stackstate-k8s-agent/1.0.82/templates/node-agent-podautoscaler.yaml b/charts/stackstate/stackstate-k8s-agent/1.0.82/templates/node-agent-podautoscaler.yaml deleted file mode 100644 index 38298d414..000000000 --- a/charts/stackstate/stackstate-k8s-agent/1.0.82/templates/node-agent-podautoscaler.yaml +++ /dev/null @@ -1,39 +0,0 @@ ---- -{{- if .Values.nodeAgent.autoScalingEnabled }} -apiVersion: "autoscaling.k8s.io/v1" -kind: VerticalPodAutoscaler -metadata: - name: {{ .Release.Name }}-node-agent-vpa - namespace: {{ .Release.Namespace }} - labels: -{{ include "stackstate-k8s-agent.global.extraLabels" . | indent 4 }} - annotations: -{{ include "stackstate-k8s-agent.global.extraAnnotations" . | indent 4 }} -spec: - targetRef: - apiVersion: "apps/v1" - kind: DaemonSet - name: {{ .Release.Name }}-node-agent - resourcePolicy: - containerPolicies: - - containerName: 'node-agent' - minAllowed: - cpu: {{ .Values.nodeAgent.scaling.autoscalerLimits.agent.minimum.cpu }} - memory: {{ .Values.nodeAgent.scaling.autoscalerLimits.agent.minimum.memory }} - maxAllowed: - cpu: {{ .Values.nodeAgent.scaling.autoscalerLimits.agent.maximum.cpu }} - memory: {{ .Values.nodeAgent.scaling.autoscalerLimits.agent.maximum.memory }} - controlledResources: ["cpu", "memory"] - controlledValues: RequestsAndLimits - - containerName: 'process-agent' - minAllowed: - cpu: {{ .Values.nodeAgent.scaling.autoscalerLimits.processAgent.minimum.cpu }} - memory: {{ .Values.nodeAgent.scaling.autoscalerLimits.processAgent.minimum.memory }} - maxAllowed: - cpu: {{ .Values.nodeAgent.scaling.autoscalerLimits.processAgent.maximum.cpu }} - memory: {{ .Values.nodeAgent.scaling.autoscalerLimits.processAgent.maximum.memory }} - controlledResources: ["cpu", "memory"] - controlledValues: RequestsAndLimits - updatePolicy: - updateMode: "Auto" -{{- end }} diff --git a/charts/stackstate/stackstate-k8s-agent/1.0.82/templates/node-agent-scc.yaml b/charts/stackstate/stackstate-k8s-agent/1.0.82/templates/node-agent-scc.yaml deleted file mode 100644 index a09da78c1..000000000 --- a/charts/stackstate/stackstate-k8s-agent/1.0.82/templates/node-agent-scc.yaml +++ /dev/null @@ -1,60 +0,0 @@ -{{- if .Values.nodeAgent.scc.enabled }} -allowHostDirVolumePlugin: true -# was true -allowHostIPC: true -# was true -allowHostNetwork: true -# Allow host PID for dogstatsd origin detection -allowHostPID: true -# Allow host ports for dsd / trace / logs intake -allowHostPorts: true -allowPrivilegeEscalation: true -# was true -allowPrivilegedContainer: true -# was - '*' -allowedCapabilities: [] -allowedUnsafeSysctls: -- '*' -apiVersion: security.openshift.io/v1 -defaultAddCapabilities: null -fsGroup: -# was RunAsAny - type: MustRunAs -groups: [] -kind: SecurityContextConstraints -metadata: - name: {{ .Release.Name }}-node-agent - namespace: {{ .Release.Namespace }} - labels: -{{ include "stackstate-k8s-agent.global.extraLabels" . | indent 4 }} - annotations: -{{ include "stackstate-k8s-agent.global.extraAnnotations" . | indent 4 }} -priority: null -readOnlyRootFilesystem: false -requiredDropCapabilities: null -# was RunAsAny -runAsUser: - type: MustRunAsRange -# Use the `spc_t` selinux type to access the -# docker socket + proc and cgroup stats -seLinuxContext: - type: RunAsAny - seLinuxOptions: - user: "system_u" - role: "system_r" - type: "spc_t" - level: "s0" -# was - '*' -seccompProfiles: [] -supplementalGroups: - type: RunAsAny -users: -- system:serviceaccount:{{ .Release.Namespace }}:{{ .Release.Name }}-node-agent -# Allow hostPath for docker / process metrics -volumes: - - configMap - - downwardAPI - - emptyDir - - hostPath - - secret -{{- end }} diff --git a/charts/stackstate/stackstate-k8s-agent/1.0.82/templates/node-agent-service.yaml b/charts/stackstate/stackstate-k8s-agent/1.0.82/templates/node-agent-service.yaml deleted file mode 100644 index 0b6cd6ec0..000000000 --- a/charts/stackstate/stackstate-k8s-agent/1.0.82/templates/node-agent-service.yaml +++ /dev/null @@ -1,28 +0,0 @@ -apiVersion: v1 -kind: Service -metadata: - name: {{ .Release.Name }}-node-agent - namespace: {{ .Release.Namespace }} - labels: -{{ include "stackstate-k8s-agent.labels" . | indent 4 }} -{{ include "stackstate-k8s-agent.global.extraLabels" . | indent 4 }} - app.kubernetes.io/component: node-agent - annotations: -{{ include "stackstate-k8s-agent.global.extraAnnotations" . | indent 4 }} -{{- with .Values.nodeAgent.service.annotations }} - {{- toYaml . | nindent 4 }} -{{- end }} -spec: - type: {{ .Values.nodeAgent.service.type }} -{{- if eq .Values.nodeAgent.service.type "LoadBalancer" }} - loadBalancerSourceRanges: {{ toYaml .Values.nodeAgent.service.loadBalancerSourceRanges | nindent 4}} -{{- end }} - ports: - - name: traceport - port: 8126 - protocol: TCP - targetPort: 8126 - selector: - app.kubernetes.io/component: node-agent - app.kubernetes.io/instance: {{ .Release.Name }} - app.kubernetes.io/name: {{ include "stackstate-k8s-agent.name" . }} diff --git a/charts/stackstate/stackstate-k8s-agent/1.0.82/templates/node-agent-serviceaccount.yaml b/charts/stackstate/stackstate-k8s-agent/1.0.82/templates/node-agent-serviceaccount.yaml deleted file mode 100644 index 803d184ef..000000000 --- a/charts/stackstate/stackstate-k8s-agent/1.0.82/templates/node-agent-serviceaccount.yaml +++ /dev/null @@ -1,14 +0,0 @@ -apiVersion: v1 -kind: ServiceAccount -metadata: - name: {{ .Release.Name }}-node-agent - namespace: {{ .Release.Namespace }} - labels: -{{ include "stackstate-k8s-agent.labels" . | indent 4 }} -{{ include "stackstate-k8s-agent.global.extraLabels" . | indent 4 }} - app.kubernetes.io/component: node-agent - annotations: -{{ include "stackstate-k8s-agent.global.extraAnnotations" . | indent 4 }} -{{- with .Values.nodeAgent.serviceaccount.annotations }} - {{- toYaml . | nindent 4 }} -{{- end }} diff --git a/charts/stackstate/stackstate-k8s-agent/1.0.82/templates/openshift-logging-secret.yaml b/charts/stackstate/stackstate-k8s-agent/1.0.82/templates/openshift-logging-secret.yaml deleted file mode 100644 index ed0707f1f..000000000 --- a/charts/stackstate/stackstate-k8s-agent/1.0.82/templates/openshift-logging-secret.yaml +++ /dev/null @@ -1,22 +0,0 @@ -{{- if not .Values.stackstate.manageOwnSecrets }} -{{- if .Values.openShiftLogging.installSecret }} -apiVersion: v1 -kind: Secret -metadata: - name: {{ include "stackstate-k8s-agent.fullname" . }}-logging-secret - namespace: openshift-logging - labels: -{{ include "stackstate-k8s-agent.labels" . | indent 4 }} -{{ include "stackstate-k8s-agent.global.extraLabels" . | indent 4 }} - annotations: -{{ include "stackstate-k8s-agent.global.extraAnnotations" . | indent 4 }} -type: Opaque -data: - username: {{ "apikey" | b64enc | quote }} -{{- if .Values.global.receiverApiKey }} - password: {{ .Values.global.receiverApiKey | b64enc | quote }} -{{- else }} - password: {{ .Values.stackstate.apiKey | b64enc | quote }} -{{- end }} -{{- end }} -{{- end }} diff --git a/charts/stackstate/stackstate-k8s-agent/1.0.82/templates/pull-secret.yaml b/charts/stackstate/stackstate-k8s-agent/1.0.82/templates/pull-secret.yaml deleted file mode 100644 index 916941665..000000000 --- a/charts/stackstate/stackstate-k8s-agent/1.0.82/templates/pull-secret.yaml +++ /dev/null @@ -1,39 +0,0 @@ -{{- $defaultRegistry := .Values.global.imageRegistry }} -{{- $top := . }} -{{- $registryAuthMap := dict }} - -{{- range $registry, $credentials := .Values.global.imagePullCredentials }} - {{- $registryAuthDocument := dict -}} - {{- $_ := set $registryAuthDocument "username" $credentials.username }} - {{- $_ := set $registryAuthDocument "password" $credentials.password }} - {{- $authMessage := printf "%s:%s" $registryAuthDocument.username $registryAuthDocument.password | b64enc }} - {{- $_ := set $registryAuthDocument "auth" $authMessage }} - {{- if eq $registry "default" }} - {{- $registryAuthMap := set $registryAuthMap (include "stackstate-k8s-agent.imageRegistry" $top) $registryAuthDocument }} - {{ else }} - {{- $registryAuthMap := set $registryAuthMap $registry $registryAuthDocument }} - {{- end }} -{{- end }} - -{{- if .Values.all.image.pullSecretUsername }} - {{- $registryAuthDocument := dict -}} - {{- $_ := set $registryAuthDocument "username" .Values.all.image.pullSecretUsername }} - {{- $_ := set $registryAuthDocument "password" .Values.all.image.pullSecretPassword }} - {{- $authMessage := printf "%s:%s" $registryAuthDocument.username $registryAuthDocument.password | b64enc }} - {{- $_ := set $registryAuthDocument "auth" $authMessage }} - {{- $registryAuthMap := set $registryAuthMap (include "stackstate-k8s-agent.imageRegistry" $top) $registryAuthDocument }} -{{- end }} - -{{- $dockerAuthsDocuments := dict "auths" $registryAuthMap }} - -apiVersion: v1 -kind: Secret -metadata: - name: {{ include "stackstate-k8s-agent.pull-secret.name" . }} - labels: -{{ include "stackstate-k8s-agent.global.extraLabels" . | indent 4 }} - annotations: -{{ include "stackstate-k8s-agent.global.extraAnnotations" . | indent 4 }} -data: - .dockerconfigjson: {{ $dockerAuthsDocuments | toJson | b64enc | quote }} -type: kubernetes.io/dockerconfigjson diff --git a/charts/stackstate/stackstate-k8s-agent/1.0.82/templates/secret.yaml b/charts/stackstate/stackstate-k8s-agent/1.0.82/templates/secret.yaml deleted file mode 100644 index 5e0f5f74c..000000000 --- a/charts/stackstate/stackstate-k8s-agent/1.0.82/templates/secret.yaml +++ /dev/null @@ -1,27 +0,0 @@ -{{- if not .Values.stackstate.manageOwnSecrets }} -apiVersion: v1 -kind: Secret -metadata: - name: {{ include "stackstate-k8s-agent.fullname" . }} - namespace: {{ .Release.Namespace }} - labels: -{{ include "stackstate-k8s-agent.labels" . | indent 4 }} -{{ include "stackstate-k8s-agent.global.extraLabels" . | indent 4 }} - annotations: -{{ include "stackstate-k8s-agent.global.extraAnnotations" . | indent 4 }} -type: Opaque -data: -{{- if .Values.global.receiverApiKey }} - sts-api-key: {{ .Values.global.receiverApiKey | b64enc | quote }} -{{- else }} - sts-api-key: {{ .Values.stackstate.apiKey | b64enc | quote }} -{{- end }} -{{- if .Values.stackstate.cluster.authToken }} - sts-cluster-auth-token: {{ .Values.stackstate.cluster.authToken | b64enc | quote }} -{{- else }} - sts-cluster-auth-token: {{ randAlphaNum 32 | b64enc | quote }} -{{- end }} -{{- range $key, $value := .Values.global.extraEnv.secret }} - {{ $key }}: {{ $value | b64enc | quote }} -{{- end }} -{{- end }} diff --git a/charts/stackstate/stackstate-k8s-agent/1.0.82/test/clusteragent_resources_test.go b/charts/stackstate/stackstate-k8s-agent/1.0.82/test/clusteragent_resources_test.go deleted file mode 100644 index 25875e871..000000000 --- a/charts/stackstate/stackstate-k8s-agent/1.0.82/test/clusteragent_resources_test.go +++ /dev/null @@ -1,145 +0,0 @@ -package test - -import ( - "regexp" - "strings" - "testing" - - v1 "k8s.io/api/rbac/v1" - - "github.com/stretchr/testify/assert" - "gitlab.com/StackVista/DevOps/helm-charts/helmtestutil" -) - -var requiredRules = []string{ - "events+get,list,watch", - "nodes+get,list,watch", - "pods+get,list,watch", - "services+get,list,watch", - "configmaps+create,get,patch,update", -} - -var optionalRules = []string{ - "namespaces+get,list,watch", - "componentstatuses+get,list,watch", - "configmaps+list,watch", // get is already required - "endpoints+get,list,watch", - "persistentvolumeclaims+get,list,watch", - "persistentvolumes+get,list,watch", - "secrets+get,list,watch", - "apps/daemonsets+get,list,watch", - "apps/deployments+get,list,watch", - "apps/replicasets+get,list,watch", - "apps/statefulsets+get,list,watch", - "extensions/ingresses+get,list,watch", - "batch/cronjobs+get,list,watch", - "batch/jobs+get,list,watch", -} - -var roleDescriptionRegexp = regexp.MustCompile(`^((?P\w+)/)?(?P\w+)\+(?P[\w,]+)`) - -type Rule struct { - Group string - ResourceName string - Verb string -} - -func assertRuleExistence(t *testing.T, rules []v1.PolicyRule, roleDescription string, shouldBePresent bool) { - match := roleDescriptionRegexp.FindStringSubmatch(roleDescription) - assert.NotNil(t, match) - - var roleRules []Rule - for _, rule := range rules { - for _, group := range rule.APIGroups { - for _, resource := range rule.Resources { - for _, verb := range rule.Verbs { - roleRules = append(roleRules, Rule{group, resource, verb}) - } - } - } - } - - resGroup := match[roleDescriptionRegexp.SubexpIndex("group")] - resName := match[roleDescriptionRegexp.SubexpIndex("name")] - verbs := strings.Split(match[roleDescriptionRegexp.SubexpIndex("verbs")], ",") - - for _, verb := range verbs { - requiredRule := Rule{resGroup, resName, verb} - found := false - for _, rule := range roleRules { - if rule == requiredRule { - found = true - break - } - } - if shouldBePresent { - assert.Truef(t, found, "Rule %v has not been found", requiredRule) - } else { - assert.Falsef(t, found, "Rule %v should not be present", requiredRule) - } - } -} - -func TestAllResourcesAreEnabled(t *testing.T) { - output := helmtestutil.RenderHelmTemplate(t, "stackstate-k8s-agent", "values/minimal.yaml") - resources := helmtestutil.NewKubernetesResources(t, output) - - assert.Contains(t, resources.ClusterRoles, "stackstate-k8s-agent") - assert.Contains(t, resources.Roles, "stackstate-k8s-agent") - rules := resources.ClusterRoles["stackstate-k8s-agent"].Rules - rules = append(rules, resources.Roles["stackstate-k8s-agent"].Rules...) - - for _, requiredRole := range requiredRules { - assertRuleExistence(t, rules, requiredRole, true) - } - // be default, everything is enabled, so all the optional roles should be present as well - for _, optionalRule := range optionalRules { - assertRuleExistence(t, rules, optionalRule, true) - } -} - -func TestMostOfResourcesAreDisabled(t *testing.T) { - output := helmtestutil.RenderHelmTemplate(t, "stackstate-k8s-agent", "values/minimal.yaml", "values/disable-all-resource.yaml") - resources := helmtestutil.NewKubernetesResources(t, output) - - assert.Contains(t, resources.ClusterRoles, "stackstate-k8s-agent") - assert.Contains(t, resources.Roles, "stackstate-k8s-agent") - rules := resources.ClusterRoles["stackstate-k8s-agent"].Rules - rules = append(rules, resources.Roles["stackstate-k8s-agent"].Rules...) - - for _, requiredRole := range requiredRules { - assertRuleExistence(t, rules, requiredRole, true) - } - - // we expect all optional resources to be removed from ClusterRole with the given values - for _, optionalRule := range optionalRules { - assertRuleExistence(t, rules, optionalRule, false) - } -} - -func TestNoClusterWideModificationRights(t *testing.T) { - output := helmtestutil.RenderHelmTemplate(t, "stackstate-k8s-agent", "values/minimal.yaml", "values/http-header-injector.yaml") - resources := helmtestutil.NewKubernetesResources(t, output) - assert.Contains(t, resources.ClusterRoles, "stackstate-k8s-agent") - illegalVerbs := []string{"create", "patch", "update", "delete"} - - for _, clusterRole := range resources.ClusterRoles { - for _, rule := range clusterRole.Rules { - for _, verb := range rule.Verbs { - assert.NotContains(t, illegalVerbs, verb, "ClusterRole %s should not have %s verb for %s resource", clusterRole.Name, verb, rule.Resources) - } - } - } -} - -func TestServicePortChange(t *testing.T) { - output := helmtestutil.RenderHelmTemplate(t, "stackstate-k8s-agent", "values/minimal.yaml", "values/clustercheck_service_port_override.yaml") - resources := helmtestutil.NewKubernetesResources(t, output) - - cluster_agent_service := resources.Services["stackstate-k8s-agent-cluster-agent"] - - port := cluster_agent_service.Spec.Ports[0] - assert.Equal(t, port.Name, "clusteragent") - assert.Equal(t, port.Port, int32(8008)) - assert.Equal(t, port.TargetPort.IntVal, int32(9009)) -} diff --git a/charts/stackstate/stackstate-k8s-agent/1.0.82/test/clustername_test.go b/charts/stackstate/stackstate-k8s-agent/1.0.82/test/clustername_test.go deleted file mode 100644 index 55090b995..000000000 --- a/charts/stackstate/stackstate-k8s-agent/1.0.82/test/clustername_test.go +++ /dev/null @@ -1,54 +0,0 @@ -package test - -import ( - "testing" - - "github.com/gruntwork-io/terratest/modules/helm" - "github.com/stretchr/testify/assert" - - "gitlab.com/StackVista/DevOps/helm-charts/helmtestutil" -) - -func TestHelmBasicRender(t *testing.T) { - output := helmtestutil.RenderHelmTemplate(t, "stackstate-k8s-agent", "values/minimal.yaml") - - // Parse all resources into their corresponding types for validation and further inspection - helmtestutil.NewKubernetesResources(t, output) -} - -func TestClusterNameValidation(t *testing.T) { - testCases := []struct { - Name string - ClusterName string - IsValid bool - }{ - {"not allowed end with special character [.]", "name.", false}, - {"not allowed end with special character [-]", "name.", false}, - {"not allowed start with special character [-]", "-name", false}, - {"not allowed start with special character [.]", ".name", false}, - {"upper case is not allowed", "Euwest1-prod.cool-company.com", false}, - {"upper case is not allowed", "euwest1-PROD.cool-company.com", false}, - {"upper case is not allowed", "euwest1-prod.cool-company.coM", false}, - {"dots and dashes are allowed in the middle", "euwest1-prod.cool-company.com", true}, - {"underscore is not allowed", "why_7", false}, - } - - for _, testCase := range testCases { - t.Run(testCase.Name, func(t *testing.T) { - output, err := helmtestutil.RenderHelmTemplateOpts( - t, "cluster-agent", - &helm.Options{ - ValuesFiles: []string{"values/minimal.yaml"}, - SetStrValues: map[string]string{ - "stackstate.cluster.name": testCase.ClusterName, - }, - }) - if testCase.IsValid { - assert.Nil(t, err) - } else { - assert.NotNil(t, err) - assert.Contains(t, output, "stackstate.cluster.name: Does not match pattern") - } - }) - } -} diff --git a/charts/stackstate/stackstate-k8s-agent/1.0.82/test/values/clustercheck_ksm_custom_url.yaml b/charts/stackstate/stackstate-k8s-agent/1.0.82/test/values/clustercheck_ksm_custom_url.yaml deleted file mode 100644 index 57b973eed..000000000 --- a/charts/stackstate/stackstate-k8s-agent/1.0.82/test/values/clustercheck_ksm_custom_url.yaml +++ /dev/null @@ -1,7 +0,0 @@ -checksAgent: - enabled: true - kubeStateMetrics: - url: http://my-custom-ksm-url.monitoring.svc.local:8080/metrics -dependencies: - kubeStateMetrics: - enabled: true diff --git a/charts/stackstate/stackstate-k8s-agent/1.0.82/test/values/clustercheck_ksm_no_override.yaml b/charts/stackstate/stackstate-k8s-agent/1.0.82/test/values/clustercheck_ksm_no_override.yaml deleted file mode 100644 index b6c817d47..000000000 --- a/charts/stackstate/stackstate-k8s-agent/1.0.82/test/values/clustercheck_ksm_no_override.yaml +++ /dev/null @@ -1,5 +0,0 @@ -checksAgent: - enabled: true -dependencies: - kubeStateMetrics: - enabled: true diff --git a/charts/stackstate/stackstate-k8s-agent/1.0.82/test/values/clustercheck_ksm_override.yaml b/charts/stackstate/stackstate-k8s-agent/1.0.82/test/values/clustercheck_ksm_override.yaml deleted file mode 100644 index 9ca201345..000000000 --- a/charts/stackstate/stackstate-k8s-agent/1.0.82/test/values/clustercheck_ksm_override.yaml +++ /dev/null @@ -1,26 +0,0 @@ -checksAgent: - enabled: true -dependencies: - kubeStateMetrics: - enabled: true -agent: - config: - override: -# agent.config.override -- Disables kubernetes_state check on regular agent pods. - - name: auto_conf.yaml - path: /etc/stackstate-agent/conf.d/kubernetes_state.d - data: | -clusterAgent: - config: - override: -# clusterAgent.config.override -- Defines kubernetes_state check for clusterchecks agents. Auto-discovery -# with ad_identifiers does not work here. Use a specific URL instead. - - name: conf.yaml - path: /etc/stackstate-agent/conf.d/kubernetes_state.d - data: | - cluster_check: true - - init_config: - - instances: - - kube_state_url: http://YOUR_KUBE_STATE_METRICS_SERVICE_NAME:8080/metrics diff --git a/charts/stackstate/stackstate-k8s-agent/1.0.82/test/values/clustercheck_no_ksm_custom_url.yaml b/charts/stackstate/stackstate-k8s-agent/1.0.82/test/values/clustercheck_no_ksm_custom_url.yaml deleted file mode 100644 index a62691878..000000000 --- a/charts/stackstate/stackstate-k8s-agent/1.0.82/test/values/clustercheck_no_ksm_custom_url.yaml +++ /dev/null @@ -1,7 +0,0 @@ -checksAgent: - enabled: true - kubeStateMetrics: - url: http://my-custom-ksm-url.monitoring.svc.local:8080/metrics -dependencies: - kubeStateMetrics: - enabled: false diff --git a/charts/stackstate/stackstate-k8s-agent/1.0.82/test/values/clustercheck_service_port_override.yaml b/charts/stackstate/stackstate-k8s-agent/1.0.82/test/values/clustercheck_service_port_override.yaml deleted file mode 100644 index c01a98fcb..000000000 --- a/charts/stackstate/stackstate-k8s-agent/1.0.82/test/values/clustercheck_service_port_override.yaml +++ /dev/null @@ -1,4 +0,0 @@ -clusterAgent: - service: - port: 8008 - targetPort: 9009 diff --git a/charts/stackstate/stackstate-k8s-agent/1.0.82/test/values/disable-all-resource.yaml b/charts/stackstate/stackstate-k8s-agent/1.0.82/test/values/disable-all-resource.yaml deleted file mode 100644 index cd33e843e..000000000 --- a/charts/stackstate/stackstate-k8s-agent/1.0.82/test/values/disable-all-resource.yaml +++ /dev/null @@ -1,17 +0,0 @@ -clusterAgent: - collection: - kubernetesMetrics: false - kubernetesResources: - namespaces: false - configmaps: false - endpoints: false - persistentvolumes: false - persistentvolumeclaims: false - secrets: false - daemonsets: false - deployments: false - replicasets: false - statefulsets: false - ingresses: false - cronjobs: false - jobs: false diff --git a/charts/stackstate/stackstate-k8s-agent/1.0.82/test/values/http-header-injector.yaml b/charts/stackstate/stackstate-k8s-agent/1.0.82/test/values/http-header-injector.yaml deleted file mode 100644 index c9392ce2d..000000000 --- a/charts/stackstate/stackstate-k8s-agent/1.0.82/test/values/http-header-injector.yaml +++ /dev/null @@ -1,8 +0,0 @@ -httpHeaderInjectorWebhook: - webhook: - tls: - mode: "provided" - provided: - caBundle: insert-ca-here - crt: insert-cert-here - key: insert-key-here diff --git a/charts/stackstate/stackstate-k8s-agent/1.0.82/test/values/minimal.yaml b/charts/stackstate/stackstate-k8s-agent/1.0.82/test/values/minimal.yaml deleted file mode 100644 index b310c9a09..000000000 --- a/charts/stackstate/stackstate-k8s-agent/1.0.82/test/values/minimal.yaml +++ /dev/null @@ -1,7 +0,0 @@ -stackstate: - apiKey: foobar - cluster: - name: some-k8s-cluster - token: some-token - - url: https://stackstate:7000/receiver diff --git a/charts/stackstate/stackstate-k8s-agent/1.0.82/values.schema.json b/charts/stackstate/stackstate-k8s-agent/1.0.82/values.schema.json deleted file mode 100644 index 57d36a9f3..000000000 --- a/charts/stackstate/stackstate-k8s-agent/1.0.82/values.schema.json +++ /dev/null @@ -1,78 +0,0 @@ -{ - "$schema": "https://json-schema.org/draft/2019-09/schema", - "$id": "https://stackstate.io/example.json", - "type": "object", - "default": {}, - "title": "StackState Agent Helm chart values", - "required": [ - "stackstate", - "clusterAgent" - ], - "properties": { - "stackstate": { - "type": "object", - "required": [ - "cluster", - "url" - ], - "properties": { - "apiKey": { - "type": "string" - }, - "cluster": { - "type": "object", - "required": ["name"], - "properties": { - "name": { - "type": "string", - "pattern": "^[a-z0-9]([a-z0-9\\-\\.]*[a-z0-9])$" - }, - "authToken": { - "type": "string" - } - } - }, - "url": { - "type": "string" - } - } - }, - "clusterAgent": { - "type": "object", - "required": [ - "config" - ], - "properties": { - "config": { - "type": "object", - "required": [ - "events" - ], - "properties": { - "events": { - "type": "object", - "properties": { - "categories": { - "type": "object", - "patternProperties": { - ".*": { - "type": [ - "string" - ], - "enum": [ - "Alerts", - "Activities", - "Changes", - "Others" - ] - } - } - } - } - } - } - } - } - } - } -} diff --git a/charts/stackstate/stackstate-k8s-agent/1.0.82/values.yaml b/charts/stackstate/stackstate-k8s-agent/1.0.82/values.yaml deleted file mode 100644 index 67a0bf05f..000000000 --- a/charts/stackstate/stackstate-k8s-agent/1.0.82/values.yaml +++ /dev/null @@ -1,616 +0,0 @@ -##################### -# General variables # -##################### - -global: - extraEnv: - # global.extraEnv.open -- Extra open environment variables to inject into pods. - open: {} - # global.extraEnv.secret -- Extra secret environment variables to inject into pods via a `Secret` object. - secret: {} - # global.imagePullSecrets -- Secrets / credentials needed for container image registry. - imagePullSecrets: [] - # global.imagePullCredentials -- Globally define credentials for pulling images. - imagePullCredentials: {} - proxy: - # global.proxy.url -- Proxy for all traffic to stackstate - url: "" - # global.skipSslValidation -- Enable tls validation from client - skipSslValidation: false - - # global.extraLabels -- Extra labels added ta all resources created by the helm chart - extraLabels: {} - # global.extraAnnotations -- Extra annotations added ta all resources created by the helm chart - extraAnnotations: {} - -# nameOverride -- Override the name of the chart. -nameOverride: "" -# fullnameOverride -- Override the fullname of the chart. -fullnameOverride: "" - -# targetSystem -- Target OS for this deployment (possible values: linux) -targetSystem: "linux" - -all: - image: - # all.image.registry -- The image registry to use. - registry: "quay.io" - hardening: - # all.hardening.enabled -- An indication of whether the containers will be evaluated for hardening at runtime - enabled: false - -nodeAgent: - # nodeAgent.autoScalingEnabled -- Enable / disable autoscaling for the node agent pods. - autoScalingEnabled: false - containerRuntime: - # nodeAgent.containerRuntime.customSocketPath -- If the container socket path does not match the default for CRI-O, Containerd or Docker, supply a custom socket path. - customSocketPath: "" - # nodeAgent.containerRuntime.customHostProc -- If the container is launched from a place where /proc is mounted differently, /proc can be changed - hostProc: /proc - - scc: - # nodeAgent.scc.enabled -- Enable / disable the installation of the SecurityContextConfiguration needed for installation on OpenShift. - enabled: false - apm: - # nodeAgent.apm.enabled -- Enable / disable the nodeAgent APM module. - enabled: true - networkTracing: - # nodeAgent.networkTracing.enabled -- Enable / disable the nodeAgent network tracing module. - enabled: true - protocolInspection: - # nodeAgent.protocolInspection.enabled -- Enable / disable the nodeAgent protocol inspection. - enabled: true - httpTracing: - enabled: true - # nodeAgent.skipSslValidation -- Set to true if self signed certificates are used. - skipSslValidation: false - # nodeAgent.skipKubeletTLSVerify -- Set to true if you want to skip kubelet tls verification. - skipKubeletTLSVerify: false - - # nodeAgent.checksTagCardinality -- low, orchestrator or high. Orchestrator level adds pod_name, high adds display_container_name - checksTagCardinality: orchestrator - - # nodeAgent.config -- - config: - # nodeAgent.config.override -- A list of objects containing three keys `name`, `path` and `data`, specifying filenames at specific paths which need to be (potentially) overridden using a mounted configmap - override: [] - - # nodeAgent.priorityClassName -- Priority class for nodeAgent pods. - priorityClassName: "" - - scaling: - autoscalerLimits: - agent: - minimum: - # nodeAgent.scaling.autoscalerLimits.agent.minimum.cpu -- Minimum CPU resource limits for main agent. - cpu: "20m" - # nodeAgent.scaling.autoscalerLimits.agent.minimum.memory -- Minimum memory resource limits for main agent. - memory: "180Mi" - maximum: - # nodeAgent.scaling.autoscalerLimits.agent.maximum.cpu -- Maximum CPU resource limits for main agent. - cpu: "200m" - # nodeAgent.scaling.autoscalerLimits.agent.maximum.memory -- Maximum memory resource limits for main agent. - memory: "450Mi" - processAgent: - minimum: - # nodeAgent.scaling.autoscalerLimits.processAgent.minimum.cpu -- Minimum CPU resource limits for process agent. - cpu: "25m" - # nodeAgent.scaling.autoscalerLimits.processAgent.minimum.memory -- Minimum memory resource limits for process agent. - memory: "100Mi" - maximum: - # nodeAgent.scaling.autoscalerLimits.processAgent.maximum.cpu -- Maximum CPU resource limits for process agent. - cpu: "200m" - # nodeAgent.scaling.autoscalerLimits.processAgent.maximum.memory -- Maximum memory resource limits for process agent. - memory: "500Mi" - - containers: - agent: - image: - # nodeAgent.containers.agent.image.repository -- Base container image repository. - repository: stackstate/stackstate-k8s-agent - # nodeAgent.containers.agent.image.tag -- Default container image tag. - tag: "44638ef5" - # nodeAgent.containers.agent.image.pullPolicy -- Default container image pull policy. - pullPolicy: IfNotPresent - processAgent: - # nodeAgent.containers.agent.processAgent.enabled -- Enable / disable the agent process agent module. - deprecated - enabled: false - # nodeAgent.containers.agent.env -- Additional environment variables for the agent container - env: {} - # nodeAgent.containers.agent.logLevel -- Set logging verbosity, valid log levels are: trace, debug, info, warn, error, critical, and off - ## If not set, fall back to the value of agent.logLevel. - logLevel: # INFO - - resources: - limits: - # nodeAgent.containers.agent.resources.limits.cpu -- CPU resource limits. - cpu: "270m" - # nodeAgent.containers.agent.resources.limits.cpu -- Memory resource limits. - memory: "420Mi" - requests: - # nodeAgent.containers.agent.resources.requests.cpu -- CPU resource requests. - cpu: "20m" - # nodeAgent.containers.agent.resources.requests.cpu -- Memory resource requests. - memory: "180Mi" - livenessProbe: - # nodeAgent.containers.agent.livenessProbe.enabled -- Enable use of livenessProbe check. - enabled: true - # nodeAgent.containers.agent.livenessProbe.failureThreshold -- `failureThreshold` for the liveness probe. - failureThreshold: 3 - # nodeAgent.containers.agent.livenessProbe.initialDelaySeconds -- `initialDelaySeconds` for the liveness probe. - initialDelaySeconds: 15 - # nodeAgent.containers.agent.livenessProbe.periodSeconds -- `periodSeconds` for the liveness probe. - periodSeconds: 15 - # nodeAgent.containers.agent.livenessProbe.successThreshold -- `successThreshold` for the liveness probe. - successThreshold: 1 - # nodeAgent.containers.agent.livenessProbe.timeoutSeconds -- `timeoutSeconds` for the liveness probe. - timeoutSeconds: 5 - readinessProbe: - # nodeAgent.containers.agent.readinessProbe.enabled -- Enable use of readinessProbe check. - enabled: true - # nodeAgent.containers.agent.readinessProbe.failureThreshold -- `failureThreshold` for the readiness probe. - failureThreshold: 3 - # nodeAgent.containers.agent.readinessProbe.initialDelaySeconds -- `initialDelaySeconds` for the readiness probe. - initialDelaySeconds: 15 - # nodeAgent.containers.agent.readinessProbe.periodSeconds -- `periodSeconds` for the readiness probe. - periodSeconds: 15 - # nodeAgent.containers.agent.readinessProbe.successThreshold -- `successThreshold` for the readiness probe. - successThreshold: 1 - # nodeAgent.containers.agent.readinessProbe.timeoutSeconds -- `timeoutSeconds` for the readiness probe. - timeoutSeconds: 5 - - processAgent: - # nodeAgent.containers.processAgent.enabled -- Enable / disable the process agent container. - enabled: true - image: - # Override to pull the image from an alternate registry - registry: - # nodeAgent.containers.processAgent.image.repository -- Process-agent container image repository. - repository: stackstate/stackstate-k8s-process-agent - # nodeAgent.containers.processAgent.image.tag -- Default process-agent container image tag. - tag: "ae5d42d2" - # nodeAgent.containers.processAgent.image.pullPolicy -- Process-agent container image pull policy. - pullPolicy: IfNotPresent - # nodeAgent.containers.processAgent.env -- Additional environment variables for the process-agent container - env: {} - # nodeAgent.containers.processAgent.logLevel -- Set logging verbosity, valid log levels are: trace, debug, info, warn, error, critical, and off - ## If not set, fall back to the value of agent.logLevel. - logLevel: # INFO - - # nodeAgent.containers.processAgent.procVolumeReadOnly -- Configure whether /host/proc is read only for the process agent container - procVolumeReadOnly: true - - resources: - limits: - # nodeAgent.containers.processAgent.resources.limits.cpu -- CPU resource limits. - cpu: "125m" - # nodeAgent.containers.processAgent.resources.limits.cpu -- Memory resource limits. - memory: "400Mi" - requests: - # nodeAgent.containers.processAgent.resources.requests.cpu -- CPU resource requests. - cpu: "25m" - # nodeAgent.containers.processAgent.resources.requests.cpu -- Memory resource requests. - memory: "128Mi" - # nodeAgent.service -- The Kubernetes service for the agent - service: - # nodeAgent.service.type -- Type of Kubernetes service: ClusterIP, LoadBalancer, NodePort - type: ClusterIP - # nodeAgent.service.annotations -- Annotations for the service - annotations: {} - # nodeAgent.service.loadBalancerSourceRanges -- The IP4 CIDR allowed to reach LoadBalancer for the service. For LoadBalancer type of service only. - loadBalancerSourceRanges: ["10.0.0.0/8"] - - # nodeAgent.logLevel -- Logging level for agent processes. - logLevel: INFO - - # nodeAgent.updateStrategy -- The update strategy for the DaemonSet object. - updateStrategy: - type: RollingUpdate - rollingUpdate: - maxUnavailable: 100 - - # nodeAgent.nodeSelector -- Node labels for pod assignment. - nodeSelector: {} - - # nodeAgent.tolerations -- Toleration labels for pod assignment. - tolerations: [] - - # nodeAgent.affinity -- Affinity settings for pod assignment. - affinity: {} - - serviceaccount: - # nodeAgent.serviceaccount.annotations -- Annotations for the service account for the agent daemonset pods - annotations: {} - -processAgent: - softMemoryLimit: - # processAgent.softMemoryLimit.goMemLimit -- Soft-limit for golang heap allocation, for sanity, must be around 85% of nodeAgent.containers.processAgent.resources.limits.cpu. - goMemLimit: 340MiB - # processAgent.softMemoryLimit.httpStatsBufferSize -- Sets a maximum for the number of http stats to keep in memory between check runs, to use 40k requires around ~400Mib of memory. - httpStatsBufferSize: 40000 - # processAgent.softMemoryLimit.httpObservationsBufferSize -- Sets a maximum for the number of http observations to keep in memory between check runs, to use 40k requires around ~400Mib of memory. - httpObservationsBufferSize: 40000 - - checkIntervals: - # processAgent.checkIntervals.container -- Override the default value of the container check interval in seconds. - container: 28 - # processAgent.checkIntervals.connections -- Override the default value of the connections check interval in seconds. - connections: 30 - # processAgent.checkIntervals.process -- Override the default value of the process check interval in seconds. - process: 32 - -clusterAgent: - collection: - # clusterAgent.collection.kubernetesEvents -- Enable / disable the cluster agent events collection. - kubernetesEvents: true - # clusterAgent.collection.kubernetesMetrics -- Enable / disable the cluster agent metrics collection. - kubernetesMetrics: true - # clusterAgent.collection.kubernetesTimeout -- Default timeout (in seconds) when obtaining information from the Kubernetes API. - kubernetesTimeout: 10 - # clusterAgent.collection.kubernetesTopology -- Enable / disable the cluster agent topology collection. - kubernetesTopology: true - kubeStateMetrics: - # clusterAgent.collection.kubeStateMetrics.enabled -- Enable / disable the cluster agent kube-state-metrics collection. - enabled: true - # clusterAgent.collection.kubeStateMetrics.clusterCheck -- For large clusters where the Kubernetes State Metrics Check Core needs to be distributed on dedicated workers. - clusterCheck: false - # clusterAgent.collection.kubeStateMetrics.labelsAsTags -- Extra labels to collect from resources and to turn into StackState tag. - ## It has the following structure: - ## labelsAsTags: - ## : # can be pod, deployment, node, etc. - ## : # where is the kubernetes label and is the StackState tag - ## : - ## : - ## : - ## - ## Warning: the label must match the transformation done by kube-state-metrics, - ## for example tags.stackstate/version becomes tags_stackstate_version. - labelsAsTags: {} - # pod: - # app: app - # node: - # zone: zone - # team: team - - # clusterAgent.collection.kubeStateMetrics.annotationsAsTags -- Extra annotations to collect from resources and to turn into StackState tag. - - ## It has the following structure: - ## annotationsAsTags: - ## : # can be pod, deployment, node, etc. - ## : # where is the kubernetes annotation and is the StackState tag - ## : - ## : - ## : - ## - ## Warning: the annotation must match the transformation done by kube-state-metrics, - ## for example tags.stackstate/version becomes tags_stackstate_version. - annotationsAsTags: {} - kubernetesResources: - # clusterAgent.collection.kubernetesResources.limitranges -- Enable / disable collection of LimitRanges. - limitranges: true - # clusterAgent.collection.kubernetesResources.horizontalpodautoscalers -- Enable / disable collection of HorizontalPodAutoscalers. - horizontalpodautoscalers: true - # clusterAgent.collection.kubernetesResources.replicationcontrollers -- Enable / disable collection of ReplicationControllers. - replicationcontrollers: true - # clusterAgent.collection.kubernetesResources.poddisruptionbudgets -- Enable / disable collection of PodDisruptionBudgets. - poddisruptionbudgets: true - # clusterAgent.collection.kubernetesResources.storageclasses -- Enable / disable collection of StorageClasses. - storageclasses: true - # clusterAgent.collection.kubernetesResources.volumeattachments -- Enable / disable collection of Volume Attachments. Used to bind Nodes to Persistent Volumes. - volumeattachments: true - # clusterAgent.collection.kubernetesResources.namespaces -- Enable / disable collection of Namespaces. - namespaces: true - # clusterAgent.collection.kubernetesResources.configmaps -- Enable / disable collection of ConfigMaps. - configmaps: true - # clusterAgent.collection.kubernetesResources.endpoints -- Enable / disable collection of Endpoints. If endpoints are disabled then StackState won't be able to connect a Service to Pods that serving it - endpoints: true - # clusterAgent.collection.kubernetesResources.persistentvolumes -- Enable / disable collection of PersistentVolumes. - persistentvolumes: true - # clusterAgent.collection.kubernetesResources.persistentvolumeclaims -- Enable / disable collection of PersistentVolumeClaims. Disabling these will not let StackState connect PersistentVolumes to pods they are attached to - persistentvolumeclaims: true - # clusterAgent.collection.kubernetesResources.secrets -- Enable / disable collection of Secrets. - secrets: true - # clusterAgent.collection.kubernetesResources.daemonsets -- Enable / disable collection of DaemonSets. - daemonsets: true - # clusterAgent.collection.kubernetesResources.deployments -- Enable / disable collection of Deployments. - deployments: true - # clusterAgent.collection.kubernetesResources.replicasets -- Enable / disable collection of ReplicaSets. - replicasets: true - # clusterAgent.collection.kubernetesResources.statefulsets -- Enable / disable collection of StatefulSets. - statefulsets: true - # clusterAgent.collection.kubernetesResources.ingresses -- Enable / disable collection of Ingresses. - ingresses: true - # clusterAgent.collection.kubernetesResources.cronjobs -- Enable / disable collection of CronJobs. - cronjobs: true - # clusterAgent.collection.kubernetesResources.jobs -- Enable / disable collection of Jobs. - jobs: true - # clusterAgent.collection.kubernetesResources.resourcequotas -- Enable / disable collection of ResourceQuotas. - resourcequotas: true - - # clusterAgent.config -- - config: - events: - # clusterAgent.config.events.categories -- Custom mapping from Kubernetes event reason to StackState event category. Categories allowed: Alerts, Activities, Changes, Others - categories: {} - topology: - # clusterAgent.config.topology.collectionInterval -- Interval for running topology collection, in seconds - collectionInterval: 90 - configMap: - # clusterAgent.config.configMap.maxDataSize -- Maximum amount of characters for the data property of a ConfigMap collected by the kubernetes topology check - maxDataSize: - # clusterAgent.config.override -- A list of objects containing three keys `name`, `path` and `data`, specifying filenames at specific paths which need to be (potentially) overridden using a mounted configmap - override: [] - - service: - # clusterAgent.service.port -- Change the Cluster Agent service port - port: 5005 - # clusterAgent.service.targetPort -- Change the Cluster Agent service targetPort - targetPort: 5005 - - # clusterAgent.enabled -- Enable / disable the cluster agent. - enabled: true - - # clusterAgent.skipSslValidation -- If true, ignores the server certificate being signed by an unknown authority. - skipSslValidation: false - - image: - # clusterAgent.image.repository -- Base container image repository. - repository: stackstate/stackstate-k8s-cluster-agent - # clusterAgent.image.tag -- Default container image tag. - tag: "44638ef5" - # clusterAgent.image.pullPolicy -- Default container image pull policy. - pullPolicy: IfNotPresent - - livenessProbe: - # clusterAgent.livenessProbe.enabled -- Enable use of livenessProbe check. - enabled: true - # clusterAgent.livenessProbe.failureThreshold -- `failureThreshold` for the liveness probe. - failureThreshold: 3 - # clusterAgent.livenessProbe.initialDelaySeconds -- `initialDelaySeconds` for the liveness probe. - initialDelaySeconds: 15 - # clusterAgent.livenessProbe.periodSeconds -- `periodSeconds` for the liveness probe. - periodSeconds: 15 - # clusterAgent.livenessProbe.successThreshold -- `successThreshold` for the liveness probe. - successThreshold: 1 - # clusterAgent.livenessProbe.timeoutSeconds -- `timeoutSeconds` for the liveness probe. - timeoutSeconds: 5 - - # clusterAgent.logLevel -- Logging level for stackstate-k8s-agent processes. - logLevel: INFO - - # clusterAgent.priorityClassName -- Priority class for stackstate-k8s-agent pods. - priorityClassName: "" - - readinessProbe: - # clusterAgent.readinessProbe.enabled -- Enable use of readinessProbe check. - enabled: true - # clusterAgent.readinessProbe.failureThreshold -- `failureThreshold` for the readiness probe. - failureThreshold: 3 - # clusterAgent.readinessProbe.initialDelaySeconds -- `initialDelaySeconds` for the readiness probe. - initialDelaySeconds: 15 - # clusterAgent.readinessProbe.periodSeconds -- `periodSeconds` for the readiness probe. - periodSeconds: 15 - # clusterAgent.readinessProbe.successThreshold -- `successThreshold` for the readiness probe. - successThreshold: 1 - # clusterAgent.readinessProbe.timeoutSeconds -- `timeoutSeconds` for the readiness probe. - timeoutSeconds: 5 - - # clusterAgent.replicaCount -- Number of replicas of the cluster agent to deploy. - replicaCount: 1 - - serviceaccount: - # clusterAgent.serviceaccount.annotations -- Annotations for the service account for the cluster agent pods - annotations: {} - - # clusterAgent.strategy -- The strategy for the Deployment object. - strategy: - type: RollingUpdate - # rollingUpdate: - # maxUnavailable: 1 - - resources: - limits: - # clusterAgent.resources.limits.cpu -- CPU resource limits. - cpu: "400m" - # clusterAgent.resources.limits.memory -- Memory resource limits. - memory: "800Mi" - requests: - # clusterAgent.resources.requests.cpu -- CPU resource requests. - cpu: "70m" - # clusterAgent.resources.requests.memory -- Memory resource requests. - memory: "512Mi" - - # clusterAgent.nodeSelector -- Node labels for pod assignment. - nodeSelector: {} - - # clusterAgent.tolerations -- Toleration labels for pod assignment. - tolerations: [] - - # clusterAgent.affinity -- Affinity settings for pod assignment. - affinity: {} - -openShiftLogging: - # openShiftLogging.installSecret -- Install a secret for logging on openshift - installSecret: false - -logsAgent: - # logsAgent.enabled -- Enable / disable k8s pod log collection - enabled: true - - # logsAgent.skipSslValidation -- If true, ignores the server certificate being signed by an unknown authority. - skipSslValidation: false - - # logsAgent.priorityClassName -- Priority class for logsAgent pods. - priorityClassName: "" - - image: - # logsAgent.image.repository -- Base container image repository. - repository: stackstate/promtail - # logsAgent.image.tag -- Default container image tag. - tag: 2.7.1-4b6ae2af - # logsAgent.image.pullPolicy -- Default container image pull policy. - pullPolicy: IfNotPresent - - resources: - limits: - # logsAgent.resources.limits.cpu -- CPU resource limits. - cpu: "1300m" - # logsAgent.resources.limits.cpu -- Memory resource limits. - memory: "192Mi" - requests: - # logsAgent.resources.requests.cpu -- CPU resource requests. - cpu: "20m" - # logsAgent.resources.requests.cpu -- Memory resource requests. - memory: "100Mi" - - # logsAgent.updateStrategy -- The update strategy for the DaemonSet object. - updateStrategy: - type: RollingUpdate - rollingUpdate: - maxUnavailable: 100 - - # logsAgent.nodeSelector -- Node labels for pod assignment. - nodeSelector: {} - - # logsAgent.tolerations -- Toleration labels for pod assignment. - tolerations: [] - - # logsAgent.affinity -- Affinity settings for pod assignment. - affinity: {} - - serviceaccount: - # logsAgent.serviceaccount.annotations -- Annotations for the service account for the daemonset pods - annotations: {} - -checksAgent: - # checksAgent.enabled -- Enable / disable runnning cluster checks in a separately deployed pod - enabled: true - scc: - # checksAgent.scc.enabled -- Enable / disable the installation of the SecurityContextConfiguration needed for installation on OpenShift - enabled: false - apm: - # checksAgent.apm.enabled -- Enable / disable the agent APM module. - enabled: true - networkTracing: - # checksAgent.networkTracing.enabled -- Enable / disable the agent network tracing module. - enabled: true - processAgent: - # checksAgent.processAgent.enabled -- Enable / disable the agent process agent module. - enabled: true - # checksAgent.skipSslValidation -- Set to true if self signed certificates are used. - skipSslValidation: false - - # nodeAgent.checksTagCardinality -- low, orchestrator or high. Orchestrator level adds pod_name, high adds display_container_name - checksTagCardinality: orchestrator - - # checksAgent.config -- - config: - # checksAgent.config.override -- A list of objects containing three keys `name`, `path` and `data`, specifying filenames at specific paths which need to be (potentially) overridden using a mounted configmap - override: [] - - image: - # checksAgent.image.repository -- Base container image repository. - repository: stackstate/stackstate-k8s-agent - # checksAgent.image.tag -- Default container image tag. - tag: "44638ef5" - # checksAgent.image.pullPolicy -- Default container image pull policy. - pullPolicy: IfNotPresent - - livenessProbe: - # checksAgent.livenessProbe.enabled -- Enable use of livenessProbe check. - enabled: true - # checksAgent.livenessProbe.failureThreshold -- `failureThreshold` for the liveness probe. - failureThreshold: 3 - # checksAgent.livenessProbe.initialDelaySeconds -- `initialDelaySeconds` for the liveness probe. - initialDelaySeconds: 15 - # checksAgent.livenessProbe.periodSeconds -- `periodSeconds` for the liveness probe. - periodSeconds: 15 - # checksAgent.livenessProbe.successThreshold -- `successThreshold` for the liveness probe. - successThreshold: 1 - # checksAgent.livenessProbe.timeoutSeconds -- `timeoutSeconds` for the liveness probe. - timeoutSeconds: 5 - - # checksAgent.logLevel -- Logging level for clusterchecks agent processes. - logLevel: INFO - - # checksAgent.priorityClassName -- Priority class for clusterchecks agent pods. - priorityClassName: "" - - readinessProbe: - # checksAgent.readinessProbe.enabled -- Enable use of readinessProbe check. - enabled: true - # checksAgent.readinessProbe.failureThreshold -- `failureThreshold` for the readiness probe. - failureThreshold: 3 - # checksAgent.readinessProbe.initialDelaySeconds -- `initialDelaySeconds` for the readiness probe. - initialDelaySeconds: 15 - # checksAgent.readinessProbe.periodSeconds -- `periodSeconds` for the readiness probe. - periodSeconds: 15 - # checksAgent.readinessProbe.successThreshold -- `successThreshold` for the readiness probe. - successThreshold: 1 - # checksAgent.readinessProbe.timeoutSeconds -- `timeoutSeconds` for the readiness probe. - timeoutSeconds: 5 - - # checksAgent.replicas -- Number of clusterchecks agent pods to schedule - replicas: 1 - - resources: - limits: - # checksAgent.resources.limits.cpu -- CPU resource limits. - cpu: "400m" - # checksAgent.resources.limits.cpu -- Memory resource limits. - memory: "600Mi" - requests: - # checksAgent.resources.requests.cpu -- CPU resource requests. - cpu: "20m" - # checksAgent.resources.requests.cpu -- Memory resource requests. - memory: "512Mi" - - serviceaccount: - # checksAgent.serviceaccount.annotations -- Annotations for the service account for the cluster checks pods - annotations: {} - - # checksAgent.strategy -- The strategy for the Deployment object. - strategy: - type: RollingUpdate - # rollingUpdate: - # maxUnavailable: 1 - - # checksAgent.nodeSelector -- Node labels for pod assignment. - nodeSelector: {} - - # checksAgent.tolerations -- Toleration labels for pod assignment. - tolerations: [] - - # checksAgent.affinity -- Affinity settings for pod assignment. - affinity: {} - -################################## -# http-header-injector variables # -################################## - -httpHeaderInjectorWebhook: - # httpHeaderInjectorWebhook.enabled -- Enable the webhook for injection http header injection sidecar proxy - enabled: false - -######################## -# StackState variables # -######################## - -stackstate: - # stackstate.manageOwnSecrets -- Set to true if you don't want this helm chart to create secrets for you. - manageOwnSecrets: false - # stackstate.customSecretName -- Name of the secret containing the receiver API key. - customSecretName: "" - # stackstate.customApiKeySecretKey -- Key in the secret containing the receiver API key. - customApiKeySecretKey: "sts-api-key" - # stackstate.customClusterAuthTokenSecretKey -- Key in the secret containing the cluster auth token. - customClusterAuthTokenSecretKey: "sts-cluster-auth-token" - # stackstate.apiKey -- (string) **PROVIDE YOUR API KEY HERE** API key to be used by the StackState agent. - apiKey: - cluster: - # stackstate.cluster.name -- (string) **PROVIDE KUBERNETES CLUSTER NAME HERE** Name of the Kubernetes cluster where the agent will be installed. - name: - # stackstate.cluster.authToken -- Provide a token to enable secure communication between the agent and the cluster agent. - authToken: "" - # stackstate.url -- (string) **PROVIDE STACKSTATE URL HERE** URL of the StackState installation to receive data from the agent. - url: diff --git a/charts/stackstate/stackstate-k8s-agent/1.0.84/.helmignore b/charts/stackstate/stackstate-k8s-agent/1.0.84/.helmignore deleted file mode 100644 index 15a5c1277..000000000 --- a/charts/stackstate/stackstate-k8s-agent/1.0.84/.helmignore +++ /dev/null @@ -1,26 +0,0 @@ -# Patterns to ignore when building packages. -# This supports shell glob matching, relative path matching, and -# negation (prefixed with !). Only one pattern per line. -.DS_Store -# Common VCS dirs -.git/ -.gitignore -.bzr/ -.bzrignore -.hg/ -.hgignore -.svn/ -# Common backup files -*.swp -*.bak -*.tmp -*~ -# Various IDEs -.project -.idea/ -*.tmproj -.vscode/ -linter_values.yaml -ci/ -installation/ -logo.svg diff --git a/charts/stackstate/stackstate-k8s-agent/1.0.84/Chart.lock b/charts/stackstate/stackstate-k8s-agent/1.0.84/Chart.lock deleted file mode 100644 index b911d54da..000000000 --- a/charts/stackstate/stackstate-k8s-agent/1.0.84/Chart.lock +++ /dev/null @@ -1,6 +0,0 @@ -dependencies: -- name: http-header-injector - repository: https://helm.stackstate.io - version: 0.0.10 -digest: sha256:50177fdb00e83f6103245f9fd9ac6178e2509f7987fecfd91c8f3ce50e485b63 -generated: "2024-05-17T10:25:02.376538+02:00" diff --git a/charts/stackstate/stackstate-k8s-agent/1.0.84/Chart.yaml b/charts/stackstate/stackstate-k8s-agent/1.0.84/Chart.yaml deleted file mode 100644 index f51cf1bb5..000000000 --- a/charts/stackstate/stackstate-k8s-agent/1.0.84/Chart.yaml +++ /dev/null @@ -1,25 +0,0 @@ -annotations: - catalog.cattle.io/certified: partner - catalog.cattle.io/display-name: StackState Agent - catalog.cattle.io/kube-version: '>=1.19.0-0' - catalog.cattle.io/release-name: stackstate-k8s-agent -apiVersion: v2 -appVersion: 3.0.0 -dependencies: -- alias: httpHeaderInjectorWebhook - name: http-header-injector - repository: file://./charts/http-header-injector - version: 0.0.10 -deprecated: true -description: Helm chart for the StackState Agent. -home: https://github.com/StackVista/stackstate-agent -icon: https://raw.githubusercontent.com/StackVista/helm-charts/master/stable/stackstate-k8s-agent/logo.svg -keywords: -- monitoring -- observability -- stackstate -maintainers: -- email: ops@stackstate.com - name: Stackstate -name: stackstate-k8s-agent -version: 1.0.84 diff --git a/charts/stackstate/stackstate-k8s-agent/1.0.84/README.md b/charts/stackstate/stackstate-k8s-agent/1.0.84/README.md deleted file mode 100644 index 395c0f13b..000000000 --- a/charts/stackstate/stackstate-k8s-agent/1.0.84/README.md +++ /dev/null @@ -1,263 +0,0 @@ -# stackstate-k8s-agent - -Helm chart for the StackState Agent. - -Current chart version is `1.0.84` - -**Homepage:** - -## Requirements - -| Repository | Name | Version | -|------------|------|---------| -| https://helm.stackstate.io | httpHeaderInjectorWebhook(http-header-injector) | 0.0.10 | - -## Required Values - -In order to successfully install this chart, you **must** provide the following variables: - -* `stackstate.apiKey` -* `stackstate.cluster.name` -* `stackstate.url` - -The parameter `stackstate.cluster.name` is entered when installing the Cluster Agent StackPack. - -Install them on the command line on Helm with the following command: - -```shell -helm install \ ---set-string 'stackstate.apiKey'='' \ ---set-string 'stackstate.cluster.name'='' \ ---set-string 'stackstate.url'='' \ -stackstate/stackstate-k8s-agent -``` - -## Recommended Values - -It is also recommended that you set a value for `stackstate.cluster.authToken`. If it is not provided, a value will be generated for you, but the value will change each time an upgrade is performed. - -The command for **also** installing with a set token would be: - -```shell -helm install \ ---set-string 'stackstate.apiKey'='' \ ---set-string 'stackstate.cluster.name'='' \ ---set-string 'stackstate.cluster.authToken'='' \ ---set-string 'stackstate.url'='' \ -stackstate/stackstate-k8s-agent -``` - -## Values - -| Key | Type | Default | Description | -|-----|------|---------|-------------| -| all.hardening.enabled | bool | `false` | An indication of whether the containers will be evaluated for hardening at runtime | -| all.image.registry | string | `"quay.io"` | The image registry to use. | -| checksAgent.affinity | object | `{}` | Affinity settings for pod assignment. | -| checksAgent.apm.enabled | bool | `true` | Enable / disable the agent APM module. | -| checksAgent.checksTagCardinality | string | `"orchestrator"` | | -| checksAgent.config | object | `{"override":[]}` | | -| checksAgent.config.override | list | `[]` | A list of objects containing three keys `name`, `path` and `data`, specifying filenames at specific paths which need to be (potentially) overridden using a mounted configmap | -| checksAgent.enabled | bool | `true` | Enable / disable runnning cluster checks in a separately deployed pod | -| checksAgent.image.pullPolicy | string | `"IfNotPresent"` | Default container image pull policy. | -| checksAgent.image.repository | string | `"stackstate/stackstate-k8s-agent"` | Base container image repository. | -| checksAgent.image.tag | string | `"44638ef5"` | Default container image tag. | -| checksAgent.livenessProbe.enabled | bool | `true` | Enable use of livenessProbe check. | -| checksAgent.livenessProbe.failureThreshold | int | `3` | `failureThreshold` for the liveness probe. | -| checksAgent.livenessProbe.initialDelaySeconds | int | `15` | `initialDelaySeconds` for the liveness probe. | -| checksAgent.livenessProbe.periodSeconds | int | `15` | `periodSeconds` for the liveness probe. | -| checksAgent.livenessProbe.successThreshold | int | `1` | `successThreshold` for the liveness probe. | -| checksAgent.livenessProbe.timeoutSeconds | int | `5` | `timeoutSeconds` for the liveness probe. | -| checksAgent.logLevel | string | `"INFO"` | Logging level for clusterchecks agent processes. | -| checksAgent.networkTracing.enabled | bool | `true` | Enable / disable the agent network tracing module. | -| checksAgent.nodeSelector | object | `{}` | Node labels for pod assignment. | -| checksAgent.priorityClassName | string | `""` | Priority class for clusterchecks agent pods. | -| checksAgent.processAgent.enabled | bool | `true` | Enable / disable the agent process agent module. | -| checksAgent.readinessProbe.enabled | bool | `true` | Enable use of readinessProbe check. | -| checksAgent.readinessProbe.failureThreshold | int | `3` | `failureThreshold` for the readiness probe. | -| checksAgent.readinessProbe.initialDelaySeconds | int | `15` | `initialDelaySeconds` for the readiness probe. | -| checksAgent.readinessProbe.periodSeconds | int | `15` | `periodSeconds` for the readiness probe. | -| checksAgent.readinessProbe.successThreshold | int | `1` | `successThreshold` for the readiness probe. | -| checksAgent.readinessProbe.timeoutSeconds | int | `5` | `timeoutSeconds` for the readiness probe. | -| checksAgent.replicas | int | `1` | Number of clusterchecks agent pods to schedule | -| checksAgent.resources.limits.cpu | string | `"400m"` | Memory resource limits. | -| checksAgent.resources.limits.memory | string | `"600Mi"` | | -| checksAgent.resources.requests.cpu | string | `"20m"` | Memory resource requests. | -| checksAgent.resources.requests.memory | string | `"512Mi"` | | -| checksAgent.scc.enabled | bool | `false` | Enable / disable the installation of the SecurityContextConfiguration needed for installation on OpenShift | -| checksAgent.serviceaccount.annotations | object | `{}` | Annotations for the service account for the cluster checks pods | -| checksAgent.skipSslValidation | bool | `false` | Set to true if self signed certificates are used. | -| checksAgent.strategy | object | `{"type":"RollingUpdate"}` | The strategy for the Deployment object. | -| checksAgent.tolerations | list | `[]` | Toleration labels for pod assignment. | -| clusterAgent.affinity | object | `{}` | Affinity settings for pod assignment. | -| clusterAgent.collection.kubeStateMetrics.annotationsAsTags | object | `{}` | Extra annotations to collect from resources and to turn into StackState tag. | -| clusterAgent.collection.kubeStateMetrics.clusterCheck | bool | `false` | For large clusters where the Kubernetes State Metrics Check Core needs to be distributed on dedicated workers. | -| clusterAgent.collection.kubeStateMetrics.enabled | bool | `true` | Enable / disable the cluster agent kube-state-metrics collection. | -| clusterAgent.collection.kubeStateMetrics.labelsAsTags | object | `{}` | Extra labels to collect from resources and to turn into StackState tag. # It has the following structure: # labelsAsTags: # : # can be pod, deployment, node, etc. # : # where is the kubernetes label and is the StackState tag # : # : # : # # Warning: the label must match the transformation done by kube-state-metrics, # for example tags.stackstate/version becomes tags_stackstate_version. | -| clusterAgent.collection.kubernetesEvents | bool | `true` | Enable / disable the cluster agent events collection. | -| clusterAgent.collection.kubernetesMetrics | bool | `true` | Enable / disable the cluster agent metrics collection. | -| clusterAgent.collection.kubernetesResources.configmaps | bool | `true` | Enable / disable collection of ConfigMaps. | -| clusterAgent.collection.kubernetesResources.cronjobs | bool | `true` | Enable / disable collection of CronJobs. | -| clusterAgent.collection.kubernetesResources.daemonsets | bool | `true` | Enable / disable collection of DaemonSets. | -| clusterAgent.collection.kubernetesResources.deployments | bool | `true` | Enable / disable collection of Deployments. | -| clusterAgent.collection.kubernetesResources.endpoints | bool | `true` | Enable / disable collection of Endpoints. If endpoints are disabled then StackState won't be able to connect a Service to Pods that serving it | -| clusterAgent.collection.kubernetesResources.horizontalpodautoscalers | bool | `true` | Enable / disable collection of HorizontalPodAutoscalers. | -| clusterAgent.collection.kubernetesResources.ingresses | bool | `true` | Enable / disable collection of Ingresses. | -| clusterAgent.collection.kubernetesResources.jobs | bool | `true` | Enable / disable collection of Jobs. | -| clusterAgent.collection.kubernetesResources.limitranges | bool | `true` | Enable / disable collection of LimitRanges. | -| clusterAgent.collection.kubernetesResources.namespaces | bool | `true` | Enable / disable collection of Namespaces. | -| clusterAgent.collection.kubernetesResources.persistentvolumeclaims | bool | `true` | Enable / disable collection of PersistentVolumeClaims. Disabling these will not let StackState connect PersistentVolumes to pods they are attached to | -| clusterAgent.collection.kubernetesResources.persistentvolumes | bool | `true` | Enable / disable collection of PersistentVolumes. | -| clusterAgent.collection.kubernetesResources.poddisruptionbudgets | bool | `true` | Enable / disable collection of PodDisruptionBudgets. | -| clusterAgent.collection.kubernetesResources.replicasets | bool | `true` | Enable / disable collection of ReplicaSets. | -| clusterAgent.collection.kubernetesResources.replicationcontrollers | bool | `true` | Enable / disable collection of ReplicationControllers. | -| clusterAgent.collection.kubernetesResources.resourcequotas | bool | `true` | Enable / disable collection of ResourceQuotas. | -| clusterAgent.collection.kubernetesResources.secrets | bool | `true` | Enable / disable collection of Secrets. | -| clusterAgent.collection.kubernetesResources.statefulsets | bool | `true` | Enable / disable collection of StatefulSets. | -| clusterAgent.collection.kubernetesResources.storageclasses | bool | `true` | Enable / disable collection of StorageClasses. | -| clusterAgent.collection.kubernetesResources.volumeattachments | bool | `true` | Enable / disable collection of Volume Attachments. Used to bind Nodes to Persistent Volumes. | -| clusterAgent.collection.kubernetesTimeout | int | `10` | Default timeout (in seconds) when obtaining information from the Kubernetes API. | -| clusterAgent.collection.kubernetesTopology | bool | `true` | Enable / disable the cluster agent topology collection. | -| clusterAgent.config | object | `{"configMap":{"maxDataSize":null},"events":{"categories":{}},"override":[],"topology":{"collectionInterval":90}}` | | -| clusterAgent.config.configMap.maxDataSize | string | `nil` | Maximum amount of characters for the data property of a ConfigMap collected by the kubernetes topology check | -| clusterAgent.config.events.categories | object | `{}` | Custom mapping from Kubernetes event reason to StackState event category. Categories allowed: Alerts, Activities, Changes, Others | -| clusterAgent.config.override | list | `[]` | A list of objects containing three keys `name`, `path` and `data`, specifying filenames at specific paths which need to be (potentially) overridden using a mounted configmap | -| clusterAgent.config.topology.collectionInterval | int | `90` | Interval for running topology collection, in seconds | -| clusterAgent.enabled | bool | `true` | Enable / disable the cluster agent. | -| clusterAgent.image.pullPolicy | string | `"IfNotPresent"` | Default container image pull policy. | -| clusterAgent.image.repository | string | `"stackstate/stackstate-k8s-cluster-agent"` | Base container image repository. | -| clusterAgent.image.tag | string | `"44638ef5"` | Default container image tag. | -| clusterAgent.livenessProbe.enabled | bool | `true` | Enable use of livenessProbe check. | -| clusterAgent.livenessProbe.failureThreshold | int | `3` | `failureThreshold` for the liveness probe. | -| clusterAgent.livenessProbe.initialDelaySeconds | int | `15` | `initialDelaySeconds` for the liveness probe. | -| clusterAgent.livenessProbe.periodSeconds | int | `15` | `periodSeconds` for the liveness probe. | -| clusterAgent.livenessProbe.successThreshold | int | `1` | `successThreshold` for the liveness probe. | -| clusterAgent.livenessProbe.timeoutSeconds | int | `5` | `timeoutSeconds` for the liveness probe. | -| clusterAgent.logLevel | string | `"INFO"` | Logging level for stackstate-k8s-agent processes. | -| clusterAgent.nodeSelector | object | `{}` | Node labels for pod assignment. | -| clusterAgent.priorityClassName | string | `""` | Priority class for stackstate-k8s-agent pods. | -| clusterAgent.readinessProbe.enabled | bool | `true` | Enable use of readinessProbe check. | -| clusterAgent.readinessProbe.failureThreshold | int | `3` | `failureThreshold` for the readiness probe. | -| clusterAgent.readinessProbe.initialDelaySeconds | int | `15` | `initialDelaySeconds` for the readiness probe. | -| clusterAgent.readinessProbe.periodSeconds | int | `15` | `periodSeconds` for the readiness probe. | -| clusterAgent.readinessProbe.successThreshold | int | `1` | `successThreshold` for the readiness probe. | -| clusterAgent.readinessProbe.timeoutSeconds | int | `5` | `timeoutSeconds` for the readiness probe. | -| clusterAgent.replicaCount | int | `1` | Number of replicas of the cluster agent to deploy. | -| clusterAgent.resources.limits.cpu | string | `"400m"` | CPU resource limits. | -| clusterAgent.resources.limits.memory | string | `"800Mi"` | Memory resource limits. | -| clusterAgent.resources.requests.cpu | string | `"70m"` | CPU resource requests. | -| clusterAgent.resources.requests.memory | string | `"512Mi"` | Memory resource requests. | -| clusterAgent.service.port | int | `5005` | Change the Cluster Agent service port | -| clusterAgent.service.targetPort | int | `5005` | Change the Cluster Agent service targetPort | -| clusterAgent.serviceaccount.annotations | object | `{}` | Annotations for the service account for the cluster agent pods | -| clusterAgent.skipSslValidation | bool | `false` | If true, ignores the server certificate being signed by an unknown authority. | -| clusterAgent.strategy | object | `{"type":"RollingUpdate"}` | The strategy for the Deployment object. | -| clusterAgent.tolerations | list | `[]` | Toleration labels for pod assignment. | -| fullnameOverride | string | `""` | Override the fullname of the chart. | -| global.extraAnnotations | object | `{}` | Extra annotations added ta all resources created by the helm chart | -| global.extraEnv.open | object | `{}` | Extra open environment variables to inject into pods. | -| global.extraEnv.secret | object | `{}` | Extra secret environment variables to inject into pods via a `Secret` object. | -| global.extraLabels | object | `{}` | Extra labels added ta all resources created by the helm chart | -| global.imagePullCredentials | object | `{}` | Globally define credentials for pulling images. | -| global.imagePullSecrets | list | `[]` | Secrets / credentials needed for container image registry. | -| global.proxy.url | string | `""` | Proxy for all traffic to stackstate | -| global.skipSslValidation | bool | `false` | Enable tls validation from client | -| httpHeaderInjectorWebhook.enabled | bool | `false` | Enable the webhook for injection http header injection sidecar proxy | -| logsAgent.affinity | object | `{}` | Affinity settings for pod assignment. | -| logsAgent.enabled | bool | `true` | Enable / disable k8s pod log collection | -| logsAgent.image.pullPolicy | string | `"IfNotPresent"` | Default container image pull policy. | -| logsAgent.image.repository | string | `"stackstate/promtail"` | Base container image repository. | -| logsAgent.image.tag | string | `"2.9.8-5b179aee"` | Default container image tag. | -| logsAgent.nodeSelector | object | `{}` | Node labels for pod assignment. | -| logsAgent.priorityClassName | string | `""` | Priority class for logsAgent pods. | -| logsAgent.resources.limits.cpu | string | `"1300m"` | Memory resource limits. | -| logsAgent.resources.limits.memory | string | `"192Mi"` | | -| logsAgent.resources.requests.cpu | string | `"20m"` | Memory resource requests. | -| logsAgent.resources.requests.memory | string | `"100Mi"` | | -| logsAgent.serviceaccount.annotations | object | `{}` | Annotations for the service account for the daemonset pods | -| logsAgent.skipSslValidation | bool | `false` | If true, ignores the server certificate being signed by an unknown authority. | -| logsAgent.tolerations | list | `[]` | Toleration labels for pod assignment. | -| logsAgent.updateStrategy | object | `{"rollingUpdate":{"maxUnavailable":100},"type":"RollingUpdate"}` | The update strategy for the DaemonSet object. | -| nameOverride | string | `""` | Override the name of the chart. | -| nodeAgent.affinity | object | `{}` | Affinity settings for pod assignment. | -| nodeAgent.apm.enabled | bool | `true` | Enable / disable the nodeAgent APM module. | -| nodeAgent.autoScalingEnabled | bool | `false` | Enable / disable autoscaling for the node agent pods. | -| nodeAgent.checksTagCardinality | string | `"orchestrator"` | low, orchestrator or high. Orchestrator level adds pod_name, high adds display_container_name | -| nodeAgent.config | object | `{"override":[]}` | | -| nodeAgent.config.override | list | `[]` | A list of objects containing three keys `name`, `path` and `data`, specifying filenames at specific paths which need to be (potentially) overridden using a mounted configmap | -| nodeAgent.containerRuntime.customSocketPath | string | `""` | If the container socket path does not match the default for CRI-O, Containerd or Docker, supply a custom socket path. | -| nodeAgent.containerRuntime.hostProc | string | `"/proc"` | | -| nodeAgent.containers.agent.env | object | `{}` | Additional environment variables for the agent container | -| nodeAgent.containers.agent.image.pullPolicy | string | `"IfNotPresent"` | Default container image pull policy. | -| nodeAgent.containers.agent.image.repository | string | `"stackstate/stackstate-k8s-agent"` | Base container image repository. | -| nodeAgent.containers.agent.image.tag | string | `"44638ef5"` | Default container image tag. | -| nodeAgent.containers.agent.livenessProbe.enabled | bool | `true` | Enable use of livenessProbe check. | -| nodeAgent.containers.agent.livenessProbe.failureThreshold | int | `3` | `failureThreshold` for the liveness probe. | -| nodeAgent.containers.agent.livenessProbe.initialDelaySeconds | int | `15` | `initialDelaySeconds` for the liveness probe. | -| nodeAgent.containers.agent.livenessProbe.periodSeconds | int | `15` | `periodSeconds` for the liveness probe. | -| nodeAgent.containers.agent.livenessProbe.successThreshold | int | `1` | `successThreshold` for the liveness probe. | -| nodeAgent.containers.agent.livenessProbe.timeoutSeconds | int | `5` | `timeoutSeconds` for the liveness probe. | -| nodeAgent.containers.agent.logLevel | string | `nil` | Set logging verbosity, valid log levels are: trace, debug, info, warn, error, critical, and off # If not set, fall back to the value of agent.logLevel. | -| nodeAgent.containers.agent.processAgent.enabled | bool | `false` | Enable / disable the agent process agent module. - deprecated | -| nodeAgent.containers.agent.readinessProbe.enabled | bool | `true` | Enable use of readinessProbe check. | -| nodeAgent.containers.agent.readinessProbe.failureThreshold | int | `3` | `failureThreshold` for the readiness probe. | -| nodeAgent.containers.agent.readinessProbe.initialDelaySeconds | int | `15` | `initialDelaySeconds` for the readiness probe. | -| nodeAgent.containers.agent.readinessProbe.periodSeconds | int | `15` | `periodSeconds` for the readiness probe. | -| nodeAgent.containers.agent.readinessProbe.successThreshold | int | `1` | `successThreshold` for the readiness probe. | -| nodeAgent.containers.agent.readinessProbe.timeoutSeconds | int | `5` | `timeoutSeconds` for the readiness probe. | -| nodeAgent.containers.agent.resources.limits.cpu | string | `"270m"` | Memory resource limits. | -| nodeAgent.containers.agent.resources.limits.memory | string | `"420Mi"` | | -| nodeAgent.containers.agent.resources.requests.cpu | string | `"20m"` | Memory resource requests. | -| nodeAgent.containers.agent.resources.requests.memory | string | `"180Mi"` | | -| nodeAgent.containers.processAgent.enabled | bool | `true` | Enable / disable the process agent container. | -| nodeAgent.containers.processAgent.env | object | `{}` | Additional environment variables for the process-agent container | -| nodeAgent.containers.processAgent.image.pullPolicy | string | `"IfNotPresent"` | Process-agent container image pull policy. | -| nodeAgent.containers.processAgent.image.registry | string | `nil` | | -| nodeAgent.containers.processAgent.image.repository | string | `"stackstate/stackstate-k8s-process-agent"` | Process-agent container image repository. | -| nodeAgent.containers.processAgent.image.tag | string | `"ae5d42d2"` | Default process-agent container image tag. | -| nodeAgent.containers.processAgent.logLevel | string | `nil` | Set logging verbosity, valid log levels are: trace, debug, info, warn, error, critical, and off # If not set, fall back to the value of agent.logLevel. | -| nodeAgent.containers.processAgent.procVolumeReadOnly | bool | `true` | Configure whether /host/proc is read only for the process agent container | -| nodeAgent.containers.processAgent.resources.limits.cpu | string | `"125m"` | Memory resource limits. | -| nodeAgent.containers.processAgent.resources.limits.memory | string | `"400Mi"` | | -| nodeAgent.containers.processAgent.resources.requests.cpu | string | `"25m"` | Memory resource requests. | -| nodeAgent.containers.processAgent.resources.requests.memory | string | `"128Mi"` | | -| nodeAgent.httpTracing.enabled | bool | `true` | | -| nodeAgent.logLevel | string | `"INFO"` | Logging level for agent processes. | -| nodeAgent.networkTracing.enabled | bool | `true` | Enable / disable the nodeAgent network tracing module. | -| nodeAgent.nodeSelector | object | `{}` | Node labels for pod assignment. | -| nodeAgent.priorityClassName | string | `""` | Priority class for nodeAgent pods. | -| nodeAgent.protocolInspection.enabled | bool | `true` | Enable / disable the nodeAgent protocol inspection. | -| nodeAgent.scaling.autoscalerLimits.agent.maximum.cpu | string | `"200m"` | Maximum CPU resource limits for main agent. | -| nodeAgent.scaling.autoscalerLimits.agent.maximum.memory | string | `"450Mi"` | Maximum memory resource limits for main agent. | -| nodeAgent.scaling.autoscalerLimits.agent.minimum.cpu | string | `"20m"` | Minimum CPU resource limits for main agent. | -| nodeAgent.scaling.autoscalerLimits.agent.minimum.memory | string | `"180Mi"` | Minimum memory resource limits for main agent. | -| nodeAgent.scaling.autoscalerLimits.processAgent.maximum.cpu | string | `"200m"` | Maximum CPU resource limits for process agent. | -| nodeAgent.scaling.autoscalerLimits.processAgent.maximum.memory | string | `"500Mi"` | Maximum memory resource limits for process agent. | -| nodeAgent.scaling.autoscalerLimits.processAgent.minimum.cpu | string | `"25m"` | Minimum CPU resource limits for process agent. | -| nodeAgent.scaling.autoscalerLimits.processAgent.minimum.memory | string | `"100Mi"` | Minimum memory resource limits for process agent. | -| nodeAgent.scc.enabled | bool | `false` | Enable / disable the installation of the SecurityContextConfiguration needed for installation on OpenShift. | -| nodeAgent.service | object | `{"annotations":{},"loadBalancerSourceRanges":["10.0.0.0/8"],"type":"ClusterIP"}` | The Kubernetes service for the agent | -| nodeAgent.service.annotations | object | `{}` | Annotations for the service | -| nodeAgent.service.loadBalancerSourceRanges | list | `["10.0.0.0/8"]` | The IP4 CIDR allowed to reach LoadBalancer for the service. For LoadBalancer type of service only. | -| nodeAgent.service.type | string | `"ClusterIP"` | Type of Kubernetes service: ClusterIP, LoadBalancer, NodePort | -| nodeAgent.serviceaccount.annotations | object | `{}` | Annotations for the service account for the agent daemonset pods | -| nodeAgent.skipKubeletTLSVerify | bool | `false` | Set to true if you want to skip kubelet tls verification. | -| nodeAgent.skipSslValidation | bool | `false` | Set to true if self signed certificates are used. | -| nodeAgent.tolerations | list | `[]` | Toleration labels for pod assignment. | -| nodeAgent.updateStrategy | object | `{"rollingUpdate":{"maxUnavailable":100},"type":"RollingUpdate"}` | The update strategy for the DaemonSet object. | -| openShiftLogging.installSecret | bool | `false` | Install a secret for logging on openshift | -| processAgent.checkIntervals.connections | int | `30` | Override the default value of the connections check interval in seconds. | -| processAgent.checkIntervals.container | int | `28` | Override the default value of the container check interval in seconds. | -| processAgent.checkIntervals.process | int | `32` | Override the default value of the process check interval in seconds. | -| processAgent.softMemoryLimit.goMemLimit | string | `"340MiB"` | Soft-limit for golang heap allocation, for sanity, must be around 85% of nodeAgent.containers.processAgent.resources.limits.cpu. | -| processAgent.softMemoryLimit.httpObservationsBufferSize | int | `40000` | Sets a maximum for the number of http observations to keep in memory between check runs, to use 40k requires around ~400Mib of memory. | -| processAgent.softMemoryLimit.httpStatsBufferSize | int | `40000` | Sets a maximum for the number of http stats to keep in memory between check runs, to use 40k requires around ~400Mib of memory. | -| stackstate.apiKey | string | `nil` | **PROVIDE YOUR API KEY HERE** API key to be used by the StackState agent. | -| stackstate.cluster.authToken | string | `""` | Provide a token to enable secure communication between the agent and the cluster agent. | -| stackstate.cluster.name | string | `nil` | **PROVIDE KUBERNETES CLUSTER NAME HERE** Name of the Kubernetes cluster where the agent will be installed. | -| stackstate.customApiKeySecretKey | string | `"sts-api-key"` | Key in the secret containing the receiver API key. | -| stackstate.customClusterAuthTokenSecretKey | string | `"sts-cluster-auth-token"` | Key in the secret containing the cluster auth token. | -| stackstate.customSecretName | string | `""` | Name of the secret containing the receiver API key. | -| stackstate.manageOwnSecrets | bool | `false` | Set to true if you don't want this helm chart to create secrets for you. | -| stackstate.url | string | `nil` | **PROVIDE STACKSTATE URL HERE** URL of the StackState installation to receive data from the agent. | -| targetSystem | string | `"linux"` | Target OS for this deployment (possible values: linux) | diff --git a/charts/stackstate/stackstate-k8s-agent/1.0.84/README.md.gotmpl b/charts/stackstate/stackstate-k8s-agent/1.0.84/README.md.gotmpl deleted file mode 100644 index 7909e6f0d..000000000 --- a/charts/stackstate/stackstate-k8s-agent/1.0.84/README.md.gotmpl +++ /dev/null @@ -1,45 +0,0 @@ -{{ template "chart.header" . }} -{{ template "chart.description" . }} - -Current chart version is `{{ template "chart.version" . }}` - -{{ template "chart.homepageLine" . }} - -{{ template "chart.requirementsSection" . }} - -## Required Values - -In order to successfully install this chart, you **must** provide the following variables: - -* `stackstate.apiKey` -* `stackstate.cluster.name` -* `stackstate.url` - -The parameter `stackstate.cluster.name` is entered when installing the Cluster Agent StackPack. - -Install them on the command line on Helm with the following command: - -```shell -helm install \ ---set-string 'stackstate.apiKey'='' \ ---set-string 'stackstate.cluster.name'='' \ ---set-string 'stackstate.url'='' \ -stackstate/stackstate-k8s-agent -``` - -## Recommended Values - -It is also recommended that you set a value for `stackstate.cluster.authToken`. If it is not provided, a value will be generated for you, but the value will change each time an upgrade is performed. - -The command for **also** installing with a set token would be: - -```shell -helm install \ ---set-string 'stackstate.apiKey'='' \ ---set-string 'stackstate.cluster.name'='' \ ---set-string 'stackstate.cluster.authToken'='' \ ---set-string 'stackstate.url'='' \ -stackstate/stackstate-k8s-agent -``` - -{{ template "chart.valuesSection" . }} diff --git a/charts/stackstate/stackstate-k8s-agent/1.0.84/Releasing.md b/charts/stackstate/stackstate-k8s-agent/1.0.84/Releasing.md deleted file mode 100644 index bab6c2b94..000000000 --- a/charts/stackstate/stackstate-k8s-agent/1.0.84/Releasing.md +++ /dev/null @@ -1,15 +0,0 @@ -To make a new release of this helm chart, follow the following steps: - - -- Create a branch from master -- Set the latest tags for the docker images, based on the dev settings (while we do not promote to prod, the moment we promote to prod we should take those tags) from https://gitlab.com/stackvista/devops/agent-promoter/-/blob/master/config.yml. Set the value to the folowing keys: - * stackstate-k8s-cluster-agent: - * [clusterAgent.image.tag] - * stackstate-k8s-agent: - * [nodeAgent.containers.agent.image.tag] - * [checksAgent.image.tag] - * stackstate-k8s-process-agent: - * [nodeAgent.containers.processAgent.image.tag] -- Bump the version of the chart -- Merge the mr and hit the public release button on the ci pipeline -- Manually smoke-test (deploy) the newly released stackstate/stackstate-k8s-agent chart to make sure it runs diff --git a/charts/stackstate/stackstate-k8s-agent/1.0.84/app-readme.md b/charts/stackstate/stackstate-k8s-agent/1.0.84/app-readme.md deleted file mode 100644 index 8025fe1d3..000000000 --- a/charts/stackstate/stackstate-k8s-agent/1.0.84/app-readme.md +++ /dev/null @@ -1,5 +0,0 @@ -## Introduction - -StackState is a modern Application Troubleshooting and Observability solution designed for the rapid evolving engineering landscape. With specific enhancements for Kubernetes environments it empowers engineers, allowing them to remediate application issues independently in production. - -The StackState Agent auto-discovers your entire environment in minutes, assimilating topology, logs, metrics, and events and sends this of to the StackState server. By using StackState you're able to tracke all activity in your environment in real-time and over time. StackState provides instant understanding of the business impact of an issue, offering end-to-end chain observability and ensuring that you can quickly correlate any product or environmental changes to the overall health of your cloud-native implementation. diff --git a/charts/stackstate/stackstate-k8s-agent/1.0.84/charts/http-header-injector/.helmignore b/charts/stackstate/stackstate-k8s-agent/1.0.84/charts/http-header-injector/.helmignore deleted file mode 100644 index 69790771c..000000000 --- a/charts/stackstate/stackstate-k8s-agent/1.0.84/charts/http-header-injector/.helmignore +++ /dev/null @@ -1,25 +0,0 @@ -# Patterns to ignore when building packages. -# This supports shell glob matching, relative path matching, and -# negation (prefixed with !). Only one pattern per line. -.DS_Store -# Common VCS dirs -.git/ -.gitignore -.bzr/ -.bzrignore -.hg/ -.hgignore -.svn/ -# Common backup files -*.swp -*.bak -*.tmp -*~ -# Various IDEs -.project -.idea/ -*.tmproj -.vscode/ -linter_values.yaml -ci/ -installation/ diff --git a/charts/stackstate/stackstate-k8s-agent/1.0.84/charts/http-header-injector/Chart.yaml b/charts/stackstate/stackstate-k8s-agent/1.0.84/charts/http-header-injector/Chart.yaml deleted file mode 100644 index 842d1f557..000000000 --- a/charts/stackstate/stackstate-k8s-agent/1.0.84/charts/http-header-injector/Chart.yaml +++ /dev/null @@ -1,15 +0,0 @@ -apiVersion: v2 -appVersion: 0.0.1 -description: 'Helm chart for deploying the http-header-injector sidecar, which automatically - injects x-request-id into http traffic going through the cluster for pods which - have the annotation `http-header-injector.stackstate.io/inject: enabled` is set. ' -home: https://github.com/StackVista/http-header-injector -icon: https://www.stackstate.com/wp-content/uploads/2019/02/152x152-favicon.png -keywords: -- monitoring -- stackstate -maintainers: -- email: ops@stackstate.com - name: Stackstate Lupulus Team -name: http-header-injector -version: 0.0.10 diff --git a/charts/stackstate/stackstate-k8s-agent/1.0.84/charts/http-header-injector/README.md b/charts/stackstate/stackstate-k8s-agent/1.0.84/charts/http-header-injector/README.md deleted file mode 100644 index 1ee6fa3b1..000000000 --- a/charts/stackstate/stackstate-k8s-agent/1.0.84/charts/http-header-injector/README.md +++ /dev/null @@ -1,56 +0,0 @@ -# http-header-injector - -![Version: 0.0.9](https://img.shields.io/badge/Version-0.0.9-informational?style=flat-square) ![AppVersion: 0.0.1](https://img.shields.io/badge/AppVersion-0.0.1-informational?style=flat-square) - -Helm chart for deploying the http-header-injector sidecar, which automatically injects x-request-id into http traffic -going through the cluster for pods which have the annotation `http-header-injector.stackstate.io/inject: enabled` is set. - -**Homepage:** - -## Maintainers - -| Name | Email | Url | -| ---- | ------ | --- | -| Stackstate Lupulus Team | | | - -## Values - -| Key | Type | Default | Description | -|-----|------|---------|-------------| -| certificatePrehook | object | `{"image":{"pullPolicy":"IfNotPresent","registry":null,"repository":"stackstate/container-tools","tag":"1.2.0"},"resources":{"limits":{"cpu":"100m","memory":"100Mi"},"requests":{"cpu":"100m","memory":"100Mi"}}}` | Helm prehook to setup/remove a certificate for the sidecarInjector mutationwebhook | -| certificatePrehook.image.pullPolicy | string | `"IfNotPresent"` | Policy when pulling an image | -| certificatePrehook.image.registry | string | `nil` | Registry for the docker image. | -| certificatePrehook.image.tag | string | `"1.2.0"` | The tag for the docker image | -| debug | bool | `false` | Enable debugging. This will leave leave artifacts around like the prehook jobs for further inspection | -| enabled | bool | `true` | Enable/disable the mutationwebhook | -| global.extraAnnotations | object | `{}` | Extra annotations added ta all resources created by the helm chart | -| global.extraLabels | object | `{}` | Extra labels added ta all resources created by the helm chart | -| global.imagePullCredentials | object | `{}` | Globally define credentials for pulling images. | -| global.imagePullSecrets | list | `[]` | Globally add image pull secrets that are used. | -| global.imageRegistry | string | `nil` | Globally override the image registry that is used. Can be overridden by specific containers. Defaults to quay.io | -| images.pullSecretName | string | `nil` | | -| proxy | object | `{"image":{"pullPolicy":"IfNotPresent","registry":null,"repository":"stackstate/http-header-injector-proxy","tag":"sha-5ff79451"},"resources":{"limits":{"memory":"40Mi"},"requests":{"memory":"25Mi"}}}` | Proxy being injected into pods for rewriting http headers | -| proxy.image.pullPolicy | string | `"IfNotPresent"` | Policy when pulling an image | -| proxy.image.registry | string | `nil` | Registry for the docker image. | -| proxy.image.tag | string | `"sha-5ff79451"` | The tag for the docker image | -| proxy.resources.limits.memory | string | `"40Mi"` | Memory resource limits. | -| proxy.resources.requests.memory | string | `"25Mi"` | Memory resource requests. | -| proxyInit | object | `{"image":{"pullPolicy":"IfNotPresent","registry":null,"repository":"stackstate/http-header-injector-proxy-init","tag":"sha-5ff79451"}}` | InitContainer within pod which redirects traffic to the proxy container. | -| proxyInit.image.pullPolicy | string | `"IfNotPresent"` | Policy when pulling an image | -| proxyInit.image.registry | string | `nil` | Registry for the docker image | -| proxyInit.image.tag | string | `"sha-5ff79451"` | The tag for the docker image | -| sidecarInjector | object | `{"image":{"pullPolicy":"IfNotPresent","registry":null,"repository":"stackstate/generic-sidecar-injector","tag":"sha-9c852245"}}` | Service for injecting the proxy sidecar into pods | -| sidecarInjector.image.pullPolicy | string | `"IfNotPresent"` | Policy when pulling an image | -| sidecarInjector.image.registry | string | `nil` | Registry for the docker image. | -| sidecarInjector.image.tag | string | `"sha-9c852245"` | The tag for the docker image | -| webhook | object | `{"failurePolicy":"Ignore","tls":{"certManager":{"issuer":"","issuerKind":"ClusterIssuer","issuerNamespace":""},"mode":"generated","provided":{"caBundle":"","crt":"","key":""},"secret":{"name":""}}}` | MutationWebhook that will be installed to inject a sidecar into pods | -| webhook.failurePolicy | string | `"Ignore"` | How should the webhook fail? Best is to use Ignore, because there is a brief moment at initialization when the hook s there but the service not. Also, putting this to fail can cause the control plane be unresponsive. | -| webhook.tls.certManager.issuer | string | `""` | The issuer that is used for the webhook. Only used if you set webhook.tls.mode to "cert-manager". | -| webhook.tls.certManager.issuerKind | string | `"ClusterIssuer"` | The issuer kind that is used for the webhook, valid values are "Issuer" or "ClusterIssuer". Only used if you set webhook.tls.mode to "cert-manager". | -| webhook.tls.certManager.issuerNamespace | string | `""` | The namespace the cert-manager issuer is located in. If left empty defaults to the release's namespace that is used for the webhook. Only used if you set webhook.tls.mode to "cert-manager". | -| webhook.tls.mode | string | `"generated"` | The mode for the webhook. Can be "provided", "generated", "secret" or "cert-manager". If you want to use cert-manager, you need to install it first. NOTE: If you choose "generated", additional privileges are required to create the certificate and webhook at runtime. | -| webhook.tls.provided.caBundle | string | `""` | The caBundle that is used for the webhook. This is the certificate that is used to sign the webhook. Only used if you set webhook.tls.mode to "provided". | -| webhook.tls.provided.crt | string | `""` | The certificate that is used for the webhook. Only used if you set webhook.tls.mode to "provided". | -| webhook.tls.provided.key | string | `""` | The key that is used for the webhook. Only used if you set webhook.tls.mode to "provided". | -| webhook.tls.secret.name | string | `""` | The name of the secret containing the pre-provisioned certificate data that is used for the webhook. Only used if you set webhook.tls.mode to "secret". | - diff --git a/charts/stackstate/stackstate-k8s-agent/1.0.84/charts/http-header-injector/Readme.md.gotpl b/charts/stackstate/stackstate-k8s-agent/1.0.84/charts/http-header-injector/Readme.md.gotpl deleted file mode 100644 index 225032aa2..000000000 --- a/charts/stackstate/stackstate-k8s-agent/1.0.84/charts/http-header-injector/Readme.md.gotpl +++ /dev/null @@ -1,26 +0,0 @@ -{{ template "chart.header" . }} -{{ template "chart.description" . }} - -Current chart version is `{{ template "chart.version" . }}` - -{{ template "chart.homepageLine" . }} - -{{ template "chart.requirementsSection" . }} - -## Required Values - -No values have to be included to install this chart. After installing this chart, it becomes possible to annotate pods with -the `http-header-injector.stackstate.io/inject: enabled` annotation to make sure the sidecar provided by this chart is -activated on a pod. - -## Recommended Values - -{{ template "chart.valuesSection" . -}} - -## Install - -Install from the command line on Helm with the following command: - -```shell -helm install stackstate/http-header-injector -``` diff --git a/charts/stackstate/stackstate-k8s-agent/1.0.84/charts/http-header-injector/templates/_defines.tpl b/charts/stackstate/stackstate-k8s-agent/1.0.84/charts/http-header-injector/templates/_defines.tpl deleted file mode 100644 index ee6b7320e..000000000 --- a/charts/stackstate/stackstate-k8s-agent/1.0.84/charts/http-header-injector/templates/_defines.tpl +++ /dev/null @@ -1,131 +0,0 @@ -{{- define "http-header-injector.app.name" -}} -{{ .Release.Name }}-http-header-injector -{{- end -}} - -{{- define "http-header-injector.webhook-service.name" -}} -{{ .Release.Name }}-http-header-injector -{{- end -}} - -{{- define "http-header-injector.webhook-service.fqname" -}} -{{ .Release.Name }}-http-header-injector.{{ .Release.Namespace }}.svc -{{- end -}} - -{{- define "http-header-injector.cert-secret.name" -}} -{{- if eq .Values.webhook.tls.mode "secret" -}} -{{ .Values.webhook.tls.secret.name }} -{{- else -}} -{{ .Release.Name }}-http-injector-cert -{{- end -}} -{{- end -}} - -{{- define "http-header-injector.cert-clusterrole.name" -}} -{{ .Release.Name }}-http-injector-cert-cluster-role -{{- end -}} - -{{- define "http-header-injector.cert-serviceaccount.name" -}} -{{ .Release.Name }}-http-injector-cert-sa -{{- end -}} - -{{- define "http-header-injector.cert-config.name" -}} -{{ .Release.Name }}-cert-config -{{- end -}} - -{{- define "http-header-injector.mutatingwebhookconfiguration.name" -}} -{{ .Release.Name }}-http-header-injector-webhook.stackstate.io -{{- end -}} - -{{- define "http-header-injector.webhook-config.name" -}} -{{ .Release.Name }}-http-header-injector-config -{{- end -}} - -{{- define "http-header-injector.mutating-webhook.name" -}} -{{ .Release.Name }}-http-header-injector-webhook -{{- end -}} - -{{- define "http-header-injector.pull-secret.name" -}} -{{ include "http-header-injector.app.name" . }}-pull-secret -{{- end -}} - -{{/* If the issuer is located in a different namespace, it is possible to set that, else default to the release namespace */}} -{{- define "cert-manager.certificate.namespace" -}} -{{ .Values.webhook.tls.certManager.issuerNamespace | default .Release.Namespace }} -{{- end -}} - -{{- define "http-header-injector.image.registry.global" -}} - {{- if .Values.global }} - {{- .Values.global.imageRegistry | default "quay.io" -}} - {{- else -}} - quay.io - {{- end -}} -{{- end -}} - -{{- define "http-header-injector.image.registry" -}} - {{- if ((.ContainerConfig).image).registry -}} - {{- tpl .ContainerConfig.image.registry . -}} - {{- else -}} - {{- include "http-header-injector.image.registry.global" . }} - {{- end -}} -{{- end -}} - -{{- define "http-header-injector.image.pullSecrets" -}} - {{- $pullSecrets := list }} - {{- $pullSecrets = append $pullSecrets (include "http-header-injector.pull-secret.name" .) }} - {{- range .Values.global.imagePullSecrets -}} - {{- $pullSecrets = append $pullSecrets . -}} - {{- end -}} - {{- if (not (empty $pullSecrets)) -}} -imagePullSecrets: - {{- range $pullSecrets | uniq }} - - name: {{ . }} - {{- end }} - {{- end -}} -{{- end -}} - -{{- define "http-header-injector.cert-setup.container.main" }} -{{- $containerConfig := dict "ContainerConfig" .Values.certificatePrehook -}} -name: webhook-cert-setup -image: "{{ include "http-header-injector.image.registry" (merge $containerConfig .) }}/{{ .Values.certificatePrehook.image.repository }}:{{ .Values.certificatePrehook.image.tag }}" -imagePullPolicy: {{ .Values.certificatePrehook.image.pullPolicy }} -{{- with .Values.certificatePrehook.resources }} -resources: - {{- toYaml . | nindent 2 }} -{{- end }} -volumeMounts: - - name: "{{ include "http-header-injector.cert-config.name" . }}" - mountPath: /scripts - readOnly: true -command: ["/scripts/generate-cert.sh"] -{{- end }} - -{{- define "http-header-injector.cert-delete.container.main" }} -{{- $containerConfig := dict "ContainerConfig" .Values.certificatePrehook -}} -name: webhook-cert-delete -image: "{{ include "http-header-injector.image.registry" (merge $containerConfig .) }}/{{ .Values.certificatePrehook.image.repository }}:{{ .Values.certificatePrehook.image.tag }}" -imagePullPolicy: {{ .Values.certificatePrehook.image.pullPolicy }} -{{- with .Values.certificatePrehook.resources }} -resources: - {{- toYaml . | nindent 2 }} -{{- end }} -volumeMounts: - - name: "{{ include "http-header-injector.cert-config.name" . }}" - mountPath: /scripts -command: [ "/scripts/delete-cert.sh" ] -{{- end }} - -{{/* -Returns a YAML with extra annotations. -*/}} -{{- define "http-header-injector.global.extraAnnotations" -}} -{{- with .Values.global.extraAnnotations }} -{{- toYaml . }} -{{- end }} -{{- end -}} - -{{/* -Returns a YAML with extra labels. -*/}} -{{- define "http-header-injector.global.extraLabels" -}} -{{- with .Values.global.extraLabels }} -{{- toYaml . }} -{{- end }} -{{- end -}} \ No newline at end of file diff --git a/charts/stackstate/stackstate-k8s-agent/1.0.84/charts/http-header-injector/templates/cert-hook-clusterrolbinding.yaml b/charts/stackstate/stackstate-k8s-agent/1.0.84/charts/http-header-injector/templates/cert-hook-clusterrolbinding.yaml deleted file mode 100644 index fc0c01258..000000000 --- a/charts/stackstate/stackstate-k8s-agent/1.0.84/charts/http-header-injector/templates/cert-hook-clusterrolbinding.yaml +++ /dev/null @@ -1,24 +0,0 @@ -{{- if eq .Values.webhook.tls.mode "generated" }} -apiVersion: rbac.authorization.k8s.io/v1 -kind: ClusterRoleBinding -metadata: - name: "{{ include "http-header-injector.cert-serviceaccount.name" . }}" - labels: - app.kubernetes.io/component: http-header-injector-cert-hook - app.kubernetes.io/instance: {{ .Release.Name }} - app.kubernetes.io/name: {{ include "http-header-injector.app.name" . }} -{{ include "http-header-injector.global.extraLabels" . | indent 4 }} - annotations: - "helm.sh/hook": pre-install,pre-upgrade,post-delete,post-upgrade - "helm.sh/hook-weight": "-3" - "helm.sh/hook-delete-policy": before-hook-creation,hook-succeeded -{{ include "http-header-injector.global.extraAnnotations" . | indent 4 }} -roleRef: - apiGroup: rbac.authorization.k8s.io - kind: ClusterRole - name: "{{ include "http-header-injector.cert-clusterrole.name" . }}" -subjects: - - kind: ServiceAccount - name: "{{ include "http-header-injector.cert-serviceaccount.name" . }}" - namespace: {{ .Release.Namespace }} -{{- end }} diff --git a/charts/stackstate/stackstate-k8s-agent/1.0.84/charts/http-header-injector/templates/cert-hook-clusterrole.yaml b/charts/stackstate/stackstate-k8s-agent/1.0.84/charts/http-header-injector/templates/cert-hook-clusterrole.yaml deleted file mode 100644 index afab838b3..000000000 --- a/charts/stackstate/stackstate-k8s-agent/1.0.84/charts/http-header-injector/templates/cert-hook-clusterrole.yaml +++ /dev/null @@ -1,26 +0,0 @@ -{{- if eq .Values.webhook.tls.mode "generated" }} -apiVersion: rbac.authorization.k8s.io/v1 -kind: ClusterRole -metadata: - name: "{{ include "http-header-injector.cert-clusterrole.name" . }}" - labels: - app.kubernetes.io/component: http-header-injector-cert-hook - app.kubernetes.io/instance: {{ .Release.Name }} - app.kubernetes.io/name: {{ include "http-header-injector.app.name" . }} -{{ include "http-header-injector.global.extraLabels" . | indent 4 }} - annotations: - "helm.sh/hook": pre-install,pre-upgrade,post-delete,post-upgrade - "helm.sh/hook-weight": "-4" - "helm.sh/hook-delete-policy": before-hook-creation,hook-succeeded -{{ include "http-header-injector.global.extraAnnotations" . | indent 4 }} -rules: - - apiGroups: [ "admissionregistration.k8s.io" ] - resources: [ "mutatingwebhookconfigurations" ] - verbs: [ "get", "create", "patch","update","delete" ] - - apiGroups: [ "" ] - resources: [ "secrets" ] - verbs: [ "create", "get", "patch","update","delete" ] - - apiGroups: [ "apps" ] - resources: [ "deployments" ] - verbs: [ "get" ] -{{- end }} diff --git a/charts/stackstate/stackstate-k8s-agent/1.0.84/charts/http-header-injector/templates/cert-hook-config.yaml b/charts/stackstate/stackstate-k8s-agent/1.0.84/charts/http-header-injector/templates/cert-hook-config.yaml deleted file mode 100644 index a22bdf4fb..000000000 --- a/charts/stackstate/stackstate-k8s-agent/1.0.84/charts/http-header-injector/templates/cert-hook-config.yaml +++ /dev/null @@ -1,158 +0,0 @@ -{{- if eq .Values.webhook.tls.mode "generated" }} -apiVersion: v1 -kind: ConfigMap -metadata: - name: "{{ include "http-header-injector.cert-config.name" . }}" - labels: - app.kubernetes.io/component: http-header-injector-cert-hook - app.kubernetes.io/instance: {{ .Release.Name }} - app.kubernetes.io/name: {{ include "http-header-injector.app.name" . }} -{{ include "http-header-injector.global.extraLabels" . | indent 4 }} - annotations: - "helm.sh/hook": pre-install,pre-upgrade,post-delete,post-upgrade - "helm.sh/hook-weight": "-3" - "helm.sh/hook-delete-policy": before-hook-creation,hook-succeeded -{{ include "http-header-injector.global.extraAnnotations" . | indent 4 }} -data: - generate-cert.sh: | - #!/bin/bash - - # We are going for a self-signed certificate here. We would like to use k8s CertificateSigningRequest, however, - # currently there are no out of the box signers that can sign a 'server auth' certificate, which is required for mutation webhooks. - set -ex - - SCRIPTDIR="${BASH_SOURCE%/*}" - - DIR=`mktemp -d` - - cd "$DIR" - - {{ if .Values.enabled }} - echo "Chart enabled, creating secret and webhook" - - openssl genrsa -out ca.key 2048 - - openssl req -x509 -new -nodes -key ca.key -subj "/CN={{ include "http-header-injector.webhook-service.fqname" . }}" -days 10000 -out ca.crt - - openssl genrsa -out tls.key 2048 - - openssl req -new -key tls.key -out tls.csr -config "$SCRIPTDIR/csr.conf" - - openssl x509 -req -in tls.csr -CA ca.crt -CAkey ca.key \ - -CAcreateserial -out tls.crt -days 10000 \ - -extensions v3_ext -extfile "$SCRIPTDIR/csr.conf" -sha256 - - # Create or update the secret - echo "Applying secret" - kubectl create secret tls "{{ include "http-header-injector.cert-secret.name" . }}" \ - -n "{{ .Release.Namespace }}" \ - --cert=./tls.crt \ - --key=./tls.key \ - --dry-run=client \ - -o yaml | kubectl apply -f - - - echo "Applying mutationwebhook" - caBundle=`base64 -w 0 ca.crt` - cat "$SCRIPTDIR/mutatingwebhookconfiguration.yaml" | sed "s/\\\$CA_BUNDLE/$caBundle/g" | kubectl apply -f - - {{ else }} - echo "Chart disabled, not creating secret and webhook" - {{ end }} - delete-cert.sh: | - #!/bin/bash - - set -x - - DIR="${BASH_SOURCE%/*}" - if [[ ! -d "$DIR" ]]; then DIR="$PWD"; fi - if [[ "$DIR" = "." ]]; then DIR="$PWD"; fi - - cd "$DIR" - - # Using detection of deployment hee to also make this work in post-delete. - if kubectl get deployments "{{ include "http-header-injector.app.name" . }}" -n "{{ .Release.Namespace }}"; then - echo "Chart enabled, not removing secret and mutationwebhook" - exit 0 - else - echo "Chart disabled, removing secret and mutationwebhook" - fi - - # Create or update the secret - echo "Deleting secret" - kubectl delete secret "{{ include "http-header-injector.cert-secret.name" . }}" -n "{{ .Release.Namespace }}" - - echo "Applying mutationwebhook" - kubectl delete MutatingWebhookConfiguration "{{ include "http-header-injector.mutating-webhook.name" . }}" -n "{{ .Release.Namespace }}" - - exit 0 - - csr.conf: | - [ req ] - default_bits = 2048 - prompt = no - default_md = sha256 - req_extensions = req_ext - distinguished_name = dn - - [ dn ] - C = NL - ST = Utrecht - L = Hilversum - O = StackState - OU = Dev - CN = {{ include "http-header-injector.webhook-service.fqname" . }} - - [ req_ext ] - subjectAltName = @alt_names - - [ alt_names ] - DNS.1 = {{ include "http-header-injector.webhook-service.fqname" . }} - - [ v3_ext ] - authorityKeyIdentifier=keyid,issuer:always - basicConstraints=CA:FALSE - keyUsage=keyEncipherment,dataEncipherment - extendedKeyUsage=serverAuth - subjectAltName=@alt_names - - mutatingwebhookconfiguration.yaml: | - apiVersion: admissionregistration.k8s.io/v1 - kind: MutatingWebhookConfiguration - metadata: - name: "{{ include "http-header-injector.mutating-webhook.name" . }}" - namespace: "{{ .Release.Namespace }}" - labels: -{{ include "http-header-injector.global.extraLabels" . | indent 8 }} - annotations: -{{ include "http-header-injector.global.extraAnnotations" . | indent 8 }} - webhooks: - - clientConfig: - caBundle: "$CA_BUNDLE" - service: - name: "{{ include "http-header-injector.webhook-service.name" . }}" - path: /mutate - namespace: {{ .Release.Namespace }} - port: 8443 - # Putting failure on ignore, not doing so can crash the entire control plane if something goes wrong with the service. - failurePolicy: "{{ .Values.webhook.failurePolicy }}" - name: "{{ include "http-header-injector.mutatingwebhookconfiguration.name" . }}" - namespaceSelector: - matchExpressions: - - key: kubernetes.io/metadata.name - operator: NotIn - values: - - kube-system - - cert-manager - - {{ .Release.Namespace }} - rules: - - apiGroups: - - "" - apiVersions: - - v1 - operations: - - CREATE - resources: - - pods - sideEffects: None - admissionReviewVersions: - - v1 -{{- end }} diff --git a/charts/stackstate/stackstate-k8s-agent/1.0.84/charts/http-header-injector/templates/cert-hook-job-delete.yaml b/charts/stackstate/stackstate-k8s-agent/1.0.84/charts/http-header-injector/templates/cert-hook-job-delete.yaml deleted file mode 100644 index 6f72ce247..000000000 --- a/charts/stackstate/stackstate-k8s-agent/1.0.84/charts/http-header-injector/templates/cert-hook-job-delete.yaml +++ /dev/null @@ -1,39 +0,0 @@ -{{- if eq .Values.webhook.tls.mode "generated" }} -apiVersion: batch/v1 -kind: Job -metadata: - name: {{ .Release.Name }}-header-injector-cert-delete - labels: - app.kubernetes.io/component: http-header-injector-cert-hook-delete - app.kubernetes.io/instance: {{ .Release.Name }} - app.kubernetes.io/name: {{ include "http-header-injector.app.name" . }} -{{ include "http-header-injector.global.extraLabels" . | indent 4 }} - annotations: - "helm.sh/hook": post-delete,post-upgrade - "helm.sh/hook-weight": "-2" - "helm.sh/hook-delete-policy": before-hook-creation{{- if not .Values.debug -}},hook-succeeded{{- end }} -{{ include "http-header-injector.global.extraAnnotations" . | indent 4 }} -spec: - template: - metadata: - labels: - app.kubernetes.io/component: http-header-injector-delete - app.kubernetes.io/instance: {{ .Release.Name }} - app.kubernetes.io/name: {{ include "http-header-injector.app.name" . }} -{{ include "http-header-injector.global.extraLabels" . | indent 8 }} - annotations: - checksum/config: {{ include (print $.Template.BasePath "/cert-hook-config.yaml") . | sha256sum }} -{{ include "http-header-injector.global.extraAnnotations" . | indent 8 }} - spec: - serviceAccountName: "{{ include "http-header-injector.cert-serviceaccount.name" . }}" - {{- include "http-header-injector.image.pullSecrets" . | nindent 6 }} - volumes: - - name: "{{ include "http-header-injector.cert-config.name" . }}" - configMap: - name: "{{ include "http-header-injector.cert-config.name" . }}" - defaultMode: 0777 - containers: - - {{ include "http-header-injector.cert-delete.container.main" . | nindent 8 }} - restartPolicy: Never - backoffLimit: 0 -{{- end }} diff --git a/charts/stackstate/stackstate-k8s-agent/1.0.84/charts/http-header-injector/templates/cert-hook-job-setup.yaml b/charts/stackstate/stackstate-k8s-agent/1.0.84/charts/http-header-injector/templates/cert-hook-job-setup.yaml deleted file mode 100644 index cc1c89631..000000000 --- a/charts/stackstate/stackstate-k8s-agent/1.0.84/charts/http-header-injector/templates/cert-hook-job-setup.yaml +++ /dev/null @@ -1,39 +0,0 @@ -{{- if eq .Values.webhook.tls.mode "generated" }} -apiVersion: batch/v1 -kind: Job -metadata: - name: {{ .Release.Name }}-header-injector-cert-setup - labels: - app.kubernetes.io/component: http-header-injector-cert-hook-setup - app.kubernetes.io/instance: {{ .Release.Name }} - app.kubernetes.io/name: {{ include "http-header-injector.app.name" . }} -{{ include "http-header-injector.global.extraLabels" . | indent 4 }} - annotations: - "helm.sh/hook": pre-install,pre-upgrade - "helm.sh/hook-weight": "-2" - "helm.sh/hook-delete-policy": before-hook-creation{{- if not .Values.debug -}},hook-succeeded{{- end }} -{{ include "http-header-injector.global.extraAnnotations" . | indent 4 }} -spec: - template: - metadata: - labels: - app.kubernetes.io/component: http-header-injector-setup - app.kubernetes.io/instance: {{ .Release.Name }} - app.kubernetes.io/name: {{ include "http-header-injector.app.name" . }} -{{ include "http-header-injector.global.extraLabels" . | indent 8 }} - annotations: - checksum/config: {{ include (print $.Template.BasePath "/cert-hook-config.yaml") . | sha256sum }} -{{ include "http-header-injector.global.extraAnnotations" . | indent 8 }} - spec: - serviceAccountName: "{{ include "http-header-injector.cert-serviceaccount.name" . }}" - {{- include "http-header-injector.image.pullSecrets" . | nindent 6 }} - volumes: - - name: "{{ include "http-header-injector.cert-config.name" . }}" - configMap: - name: "{{ include "http-header-injector.cert-config.name" . }}" - defaultMode: 0777 - containers: - - {{ include "http-header-injector.cert-setup.container.main" . | nindent 8 }} - restartPolicy: Never - backoffLimit: 0 -{{- end }} diff --git a/charts/stackstate/stackstate-k8s-agent/1.0.84/charts/http-header-injector/templates/cert-hook-serviceaccount.yaml b/charts/stackstate/stackstate-k8s-agent/1.0.84/charts/http-header-injector/templates/cert-hook-serviceaccount.yaml deleted file mode 100644 index 29b26df95..000000000 --- a/charts/stackstate/stackstate-k8s-agent/1.0.84/charts/http-header-injector/templates/cert-hook-serviceaccount.yaml +++ /dev/null @@ -1,18 +0,0 @@ -{{- if eq .Values.webhook.tls.mode "generated" }} -apiVersion: v1 -kind: ServiceAccount -metadata: - name: "{{ include "http-header-injector.cert-serviceaccount.name" . }}" - namespace: {{ .Release.Namespace }} - annotations: - "helm.sh/hook": pre-install,pre-upgrade,post-delete,post-upgrade - "helm.sh/hook-weight": "-4" - "helm.sh/hook-delete-policy": before-hook-creation,hook-succeeded -{{ include "http-header-injector.global.extraAnnotations" . | indent 4 }} - labels: - app.kubernetes.io/component: http-header-injector-cert-hook - app.kubernetes.io/instance: {{ .Release.Name }} - app.kubernetes.io/name: {{ include "http-header-injector.app.name" . }} - app: "{{ include "http-header-injector.app.name" . }}" -{{ include "http-header-injector.global.extraLabels" . | indent 4 }} -{{- end }} diff --git a/charts/stackstate/stackstate-k8s-agent/1.0.84/charts/http-header-injector/templates/pull-secret.yaml b/charts/stackstate/stackstate-k8s-agent/1.0.84/charts/http-header-injector/templates/pull-secret.yaml deleted file mode 100644 index 80b4ee404..000000000 --- a/charts/stackstate/stackstate-k8s-agent/1.0.84/charts/http-header-injector/templates/pull-secret.yaml +++ /dev/null @@ -1,32 +0,0 @@ -{{- $defaultRegistry := .Values.global.imageRegistry }} -{{- $top := . }} -{{- $registryAuthMap := dict }} - -{{- range $registry, $credentials := .Values.global.imagePullCredentials }} - {{- $registryAuthDocument := dict -}} - {{- $_ := set $registryAuthDocument "username" $credentials.username }} - {{- $_ := set $registryAuthDocument "password" $credentials.password }} - {{- $authMessage := printf "%s:%s" $registryAuthDocument.username $registryAuthDocument.password | b64enc }} - {{- $_ := set $registryAuthDocument "auth" $authMessage }} - {{- if eq $registry "default" }} - {{- $registryAuthMap := set $registryAuthMap (include "http-header-injector.image.registry.global" $top) $registryAuthDocument }} - {{ else }} - {{- $registryAuthMap := set $registryAuthMap $registry $registryAuthDocument }} - {{- end }} -{{- end }} -{{- $dockerAuthsDocuments := dict "auths" $registryAuthMap }} - -apiVersion: v1 -kind: Secret -metadata: - labels: - app.kubernetes.io/component: http-header-injector - app.kubernetes.io/instance: {{ .Release.Name }} - app.kubernetes.io/name: {{ include "http-header-injector.app.name" . }} -{{ include "http-header-injector.global.extraLabels" . | indent 4 }} - annotations: -{{ include "http-header-injector.global.extraAnnotations" . | indent 4 }} - name: {{ include "http-header-injector.pull-secret.name" . }} -data: - .dockerconfigjson: {{ $dockerAuthsDocuments | toJson | b64enc | quote }} -type: kubernetes.io/dockerconfigjson \ No newline at end of file diff --git a/charts/stackstate/stackstate-k8s-agent/1.0.84/charts/http-header-injector/templates/webhook-cert-secret.yaml b/charts/stackstate/stackstate-k8s-agent/1.0.84/charts/http-header-injector/templates/webhook-cert-secret.yaml deleted file mode 100644 index f571ca86b..000000000 --- a/charts/stackstate/stackstate-k8s-agent/1.0.84/charts/http-header-injector/templates/webhook-cert-secret.yaml +++ /dev/null @@ -1,18 +0,0 @@ -{{- if eq .Values.webhook.tls.mode "provided" }} -apiVersion: v1 -kind: Secret -metadata: - name: {{ include "http-header-injector.cert-secret.name" . }} - namespace: {{ .Release.Namespace }} - labels: - app.kubernetes.io/component: http-header-injector - app.kubernetes.io/instance: {{ .Release.Name }} - app.kubernetes.io/name: {{ include "http-header-injector.app.name" . }} -{{ include "http-header-injector.global.extraLabels" . | indent 4 }} - annotations: -{{ include "http-header-injector.global.extraAnnotations" . | indent 4 }} -type: kubernetes.io/tls -data: - tls.crt: {{ .Values.webhook.tls.provided.crt | b64enc }} - tls.key: {{ .Values.webhook.tls.provided.key | b64enc }} -{{- end }} diff --git a/charts/stackstate/stackstate-k8s-agent/1.0.84/charts/http-header-injector/templates/webhook-certificate.yaml b/charts/stackstate/stackstate-k8s-agent/1.0.84/charts/http-header-injector/templates/webhook-certificate.yaml deleted file mode 100644 index a68c7c5f6..000000000 --- a/charts/stackstate/stackstate-k8s-agent/1.0.84/charts/http-header-injector/templates/webhook-certificate.yaml +++ /dev/null @@ -1,23 +0,0 @@ -{{- if eq .Values.webhook.tls.mode "cert-manager" }} -apiVersion: cert-manager.io/v1 -kind: Certificate -metadata: - name: {{ include "http-header-injector.webhook-service.name" . }} - namespace: {{ include "cert-manager.certificate.namespace" . }} - labels: - app.kubernetes.io/component: http-header-injector - app.kubernetes.io/instance: {{ .Release.Name }} - app.kubernetes.io/name: {{ include "http-header-injector.app.name" . }} -{{ include "http-header-injector.global.extraLabels" . | indent 4 }} - annotations: -{{ include "http-header-injector.global.extraAnnotations" . | indent 4 }} -spec: - secretName: {{ include "http-header-injector.cert-secret.name" . }} - issuerRef: - name: {{ .Values.webhook.tls.certManager.issuer }} - kind: {{ .Values.webhook.tls.certManager.issuerKind }} - dnsNames: - - "{{ include "http-header-injector.webhook-service.name" . }}" - - "{{ include "http-header-injector.webhook-service.name" . }}.{{ .Release.Namespace }}" - - "{{ include "http-header-injector.webhook-service.name" . }}.{{ .Release.Namespace }}.svc" -{{- end }} diff --git a/charts/stackstate/stackstate-k8s-agent/1.0.84/charts/http-header-injector/templates/webhook-config.yaml b/charts/stackstate/stackstate-k8s-agent/1.0.84/charts/http-header-injector/templates/webhook-config.yaml deleted file mode 100644 index 20b38ce96..000000000 --- a/charts/stackstate/stackstate-k8s-agent/1.0.84/charts/http-header-injector/templates/webhook-config.yaml +++ /dev/null @@ -1,128 +0,0 @@ -{{- if .Values.enabled -}} -{{- $proxyContainerConfig := dict "ContainerConfig" .Values.proxy -}} -{{- $proxyInitContainerConfig := dict "ContainerConfig" .Values.proxyInit -}} -apiVersion: v1 -kind: ConfigMap -metadata: - labels: - app.kubernetes.io/component: http-header-injector - app.kubernetes.io/instance: {{ .Release.Name }} - app.kubernetes.io/name: {{ include "http-header-injector.app.name" . }} -{{ include "http-header-injector.global.extraLabels" . | indent 4 }} - annotations: -{{ include "http-header-injector.global.extraAnnotations" . | indent 4 }} - name: {{ .Release.Name }}-http-header-injector-config -data: - sidecarconfig.yaml: | - initContainers: - - name: http-header-proxy-init - image: "{{ include "http-header-injector.image.registry" (merge $proxyInitContainerConfig .) }}/{{ .Values.proxyInit.image.repository }}:{{ .Values.proxyInit.image.tag }}" - imagePullPolicy: {{ .Values.proxyInit.image.pullPolicy }} - command: ["/init-iptables.sh"] - env: - - name: CHART_VERSION - value: "{{ .Chart.Version }}" - - name: PROXY_PORT - value: {% if index .Annotations "config.http-header-injector.stackstate.io/proxy-port" %}"{% index .Annotations "config.http-header-injector.stackstate.io/proxy-port" %}"{% else %}"7060"{% end %} - - name: PROXY_UID - value: {% if index .Annotations "config.http-header-injector.stackstate.io/proxy-uid" %}"{% index .Annotations "config.http-header-injector.stackstate.io/proxy-uid" %}"{% else %}"2103"{% end %} - - name: POD_HOST_NETWORK - value: {% .Spec.HostNetwork %} - {% if eq (index .Annotations "linkerd.io/inject") "enabled" %} - - name: LINKERD - value: true - # Reference: https://linkerd.io/2.13/reference/proxy-configuration/ - - name: LINKERD_PROXY_UID - value: {% if index .Annotations "config.linkerd.io/proxy-uid" %}"{% index .Annotations "config.linkerd.io/proxy-uid" %}"{% else %}"2102"{% end %} - # Due to https://github.com/linkerd/linkerd2/issues/10981 this is now not realy possible, still bringing in the code for future reference - - name: LINKERD_ADMIN_PORT - value: {% if index .Annotations "config.linkerd.io/admin-port" %}"{% index .Annotations "config.linkerd.io/admin-port" %}"{% else %}"4191"{% end %} - {% end %} - securityContext: - allowPrivilegeEscalation: false - capabilities: - add: - - NET_ADMIN - - NET_RAW - privileged: false - readOnlyRootFilesystem: true - runAsNonRoot: false - runAsUser: 0 - seccompProfile: - type: RuntimeDefault - volumeMounts: - # This is required for iptables to be able to run - - mountPath: /run - name: http-header-proxy-init-xtables-lock - - containers: - - name: http-header-proxy - image: "{{ include "http-header-injector.image.registry" (merge $proxyContainerConfig .) }}/{{ .Values.proxy.image.repository }}:{{ .Values.proxy.image.tag }}" - imagePullPolicy: {{ .Values.proxy.image.pullPolicy }} - env: - - name: CHART_VERSION - value: "{{ .Chart.Version }}" - - name: PORT - value: {% if index .Annotations "config.http-header-injector.stackstate.io/proxy-port" %}"{% index .Annotations "config.http-header-injector.stackstate.io/proxy-port" %}"{% else %}"7060"{% end %} - - name: DEBUG - value: {% if index .Annotations "config.http-header-injector.stackstate.io/debug" %}"{% index .Annotations "config.http-header-injector.stackstate.io/debug" %}"{% else %}"disabled"{% end %} - securityContext: - runAsUser: {% if index .Annotations "config.http-header-injector.stackstate.io/proxy-uid" %}{% index .Annotations "config.http-header-injector.stackstate.io/proxy-uid" %}{% else %}2103{% end %} - seccompProfile: - type: RuntimeDefault - {{- with .Values.proxy.resources }} - resources: - {{- toYaml . | nindent 12 }} - {{- end }} - - name: http-header-inject-debug - image: "{{ include "http-header-injector.image.registry" (merge $proxyContainerConfig .) }}/{{ .Values.proxyInit.image.repository }}:{{ .Values.proxyInit.image.tag }}" - imagePullPolicy: {{ .Values.proxyInit.image.pullPolicy }} - command: ["/bin/sh", "-c", "while echo \"Running\"; do sleep 1; done"] - securityContext: - allowPrivilegeEscalation: false - capabilities: - add: - - NET_ADMIN - - NET_RAW - privileged: false - readOnlyRootFilesystem: true - runAsNonRoot: false - runAsUser: 0 - seccompProfile: - type: RuntimeDefault - volumeMounts: - # This is required for iptables to be able to run - - mountPath: /run - name: http-header-proxy-init-xtables-lock - - volumes: - - emptyDir: {} - name: http-header-proxy-init-xtables-lock - - mutationconfig.yaml: | - mutationConfigs: - - name: "http-header-injector" - annotationNamespace: "http-header-injector.stackstate.io" - annotationTrigger: "inject" - annotationConfig: - volumeMounts: [] - initContainersBeforePodInitContainers: [ "http-header-proxy-init" ] - initContainers: [ "http-header-proxy-init" ] - containers: [ "http-header-proxy" ] - volumes: [ "http-header-proxy-init-xtables-lock" ] - volumeMounts: [ ] - # Namespaces are ignored by the mutatingwebhook - ignoreNamespaces: [ ] - - name: "http-header-injector-debug" - annotationNamespace: "http-header-injector-debug.stackstate.io" - annotationTrigger: "inject" - annotationConfig: - volumeMounts: [] - initContainersBeforePodInitContainers: [ ] - initContainers: [ ] - containers: [ "http-header-inject-debug" ] - volumes: [ "http-header-proxy-init-xtables-lock" ] - volumeMounts: [ ] - # Namespaces are ignored by the mutatingwebhook - ignoreNamespaces: [ ] - {{- end -}} \ No newline at end of file diff --git a/charts/stackstate/stackstate-k8s-agent/1.0.84/charts/http-header-injector/templates/webhook-deployment.yaml b/charts/stackstate/stackstate-k8s-agent/1.0.84/charts/http-header-injector/templates/webhook-deployment.yaml deleted file mode 100644 index 8af6ff51a..000000000 --- a/charts/stackstate/stackstate-k8s-agent/1.0.84/charts/http-header-injector/templates/webhook-deployment.yaml +++ /dev/null @@ -1,61 +0,0 @@ -{{- if .Values.enabled -}} -{{- $containerConfig := dict "ContainerConfig" .Values.sidecarInjector -}} -apiVersion: apps/v1 -kind: Deployment -metadata: - labels: - app.kubernetes.io/component: http-header-injector - app.kubernetes.io/instance: {{ .Release.Name }} - app.kubernetes.io/name: {{ include "http-header-injector.app.name" . }} - app: "{{ include "http-header-injector.app.name" . }}" -{{ include "http-header-injector.global.extraLabels" . | indent 4 }} - annotations: -{{ include "http-header-injector.global.extraAnnotations" . | indent 4 }} - name: "{{ include "http-header-injector.app.name" . }}" -spec: - replicas: 1 - selector: - matchLabels: - app: "{{ include "http-header-injector.app.name" . }}" - template: - metadata: - labels: - app.kubernetes.io/component: http-header-injector - app.kubernetes.io/instance: {{ .Release.Name }} - app.kubernetes.io/name: {{ include "http-header-injector.app.name" . }} - app: "{{ include "http-header-injector.app.name" . }}" -{{ include "http-header-injector.global.extraLabels" . | indent 8 }} - annotations: - checksum/config: {{ include (print $.Template.BasePath "/webhook-config.yaml") . | sha256sum }} - # This is here to make sure the generic injector gets restarted and picks up a new secret that may have been generated upon upgrade. - revision: "{{ .Release.Revision }}" -{{ include "http-header-injector.global.extraAnnotations" . | indent 8 }} - name: "{{ include "http-header-injector.app.name" . }}" - spec: - {{- include "http-header-injector.image.pullSecrets" . | nindent 6 }} - volumes: - - name: "{{ include "http-header-injector.webhook-config.name" . }}" - configMap: - name: "{{ include "http-header-injector.webhook-config.name" . }}" - - name: "{{ include "http-header-injector.cert-secret.name" . }}" - secret: - secretName: "{{ include "http-header-injector.cert-secret.name" . }}" - containers: - - image: "{{ include "http-header-injector.image.registry" (merge $containerConfig .) }}/{{ .Values.sidecarInjector.image.repository }}:{{ .Values.sidecarInjector.image.tag }}" - imagePullPolicy: {{ .Values.sidecarInjector.image.pullPolicy }} - name: http-header-injector - volumeMounts: - - name: "{{ include "http-header-injector.webhook-config.name" . }}" - mountPath: /etc/webhook/config - readOnly: true - - name: "{{ include "http-header-injector.cert-secret.name" . }}" - mountPath: /etc/webhook/certs - readOnly: true - command: [ "/sidecarinjector" ] - args: - - --port=8443 - - --sidecar-config-file=/etc/webhook/config/sidecarconfig.yaml - - --mutation-config-file=/etc/webhook/config/mutationconfig.yaml - - --cert-file-path=/etc/webhook/certs/tls.crt - - --key-file-path=/etc/webhook/certs/tls.key -{{- end -}} \ No newline at end of file diff --git a/charts/stackstate/stackstate-k8s-agent/1.0.84/charts/http-header-injector/templates/webhook-mutatingwebhookconfiguration.yaml b/charts/stackstate/stackstate-k8s-agent/1.0.84/charts/http-header-injector/templates/webhook-mutatingwebhookconfiguration.yaml deleted file mode 100644 index de0acc1df..000000000 --- a/charts/stackstate/stackstate-k8s-agent/1.0.84/charts/http-header-injector/templates/webhook-mutatingwebhookconfiguration.yaml +++ /dev/null @@ -1,54 +0,0 @@ -{{- if not (eq .Values.webhook.tls.mode "generated") }} -apiVersion: admissionregistration.k8s.io/v1 -kind: MutatingWebhookConfiguration -metadata: - name: "{{ include "http-header-injector.mutating-webhook.name" . }}" - namespace: "{{ .Release.Namespace }}" - labels: - app.kubernetes.io/component: http-header-injector - app.kubernetes.io/instance: {{ .Release.Name }} - app.kubernetes.io/name: {{ include "http-header-injector.app.name" . }} -{{ include "http-header-injector.global.extraLabels" . | indent 4 }} - annotations: - {{- if eq .Values.webhook.tls.mode "cert-manager" }} - cert-manager.io/inject-ca-from: {{ include "cert-manager.certificate.namespace" . }}/{{ include "http-header-injector.webhook-service.name" . }} - {{- else if eq .Values.webhook.tls.mode "secret" }} - cert-manager.io/inject-ca-from-secret: {{ .Release.Namespace }}/{{ .Values.webhook.tls.secret.name | required "'webhook.tls.secret.name' is required when webhook.tls.mode is 'secret'" }} - {{- end }} -{{ include "http-header-injector.global.extraAnnotations" . | indent 4 }} -webhooks: - - clientConfig: - {{- if eq .Values.webhook.tls.mode "provided" }} - caBundle: "{{ .Values.webhook.tls.provided.caBundle | b64enc }}" - {{- else if or (eq .Values.webhook.tls.mode "cert-manager") (eq .Values.webhook.tls.mode "secret") }} - caBundle: "" - {{- end }} - service: - name: "{{ include "http-header-injector.webhook-service.name" . }}" - path: /mutate - namespace: {{ .Release.Namespace }} - port: 8443 - # Putting failure on ignore, not doing so can crash the entire control plane if something goes wrong with the service. - failurePolicy: "{{ .Values.webhook.failurePolicy }}" - name: "{{ include "http-header-injector.mutatingwebhookconfiguration.name" . }}" - namespaceSelector: - matchExpressions: - - key: kubernetes.io/metadata.name - operator: NotIn - values: - - kube-system - - cert-manager - - {{ .Release.Namespace }} - rules: - - apiGroups: - - "" - apiVersions: - - v1 - operations: - - CREATE - resources: - - pods - sideEffects: None - admissionReviewVersions: - - v1 -{{- end }} diff --git a/charts/stackstate/stackstate-k8s-agent/1.0.84/charts/http-header-injector/templates/webhook-service.yaml b/charts/stackstate/stackstate-k8s-agent/1.0.84/charts/http-header-injector/templates/webhook-service.yaml deleted file mode 100644 index 55abdb022..000000000 --- a/charts/stackstate/stackstate-k8s-agent/1.0.84/charts/http-header-injector/templates/webhook-service.yaml +++ /dev/null @@ -1,20 +0,0 @@ -{{- if .Values.enabled -}} -apiVersion: v1 -kind: Service -metadata: - labels: - app.kubernetes.io/component: http-header-injector - app.kubernetes.io/instance: {{ .Release.Name }} - app.kubernetes.io/name: {{ include "http-header-injector.app.name" . }} -{{ include "http-header-injector.global.extraLabels" . | indent 4 }} - annotations: -{{ include "http-header-injector.global.extraAnnotations" . | indent 4 }} - name: "{{ include "http-header-injector.webhook-service.name" . }}" -spec: - ports: - - port: 8443 - protocol: TCP - targetPort: 8443 - selector: - app: "{{ include "http-header-injector.app.name" . }}" -{{- end -}} diff --git a/charts/stackstate/stackstate-k8s-agent/1.0.84/charts/http-header-injector/values.yaml b/charts/stackstate/stackstate-k8s-agent/1.0.84/charts/http-header-injector/values.yaml deleted file mode 100644 index edfc1081b..000000000 --- a/charts/stackstate/stackstate-k8s-agent/1.0.84/charts/http-header-injector/values.yaml +++ /dev/null @@ -1,110 +0,0 @@ -# enabled -- Enable/disable the mutationwebhook -enabled: true - -# debug -- Enable debugging. This will leave leave artifacts around like the prehook jobs for further inspection -debug: false - -global: - # global.imageRegistry -- Globally override the image registry that is used. Can be overridden by specific containers. Defaults to quay.io - imageRegistry: null - # global.imagePullSecrets -- Globally add image pull secrets that are used. - imagePullSecrets: [] - # global.imagePullCredentials -- Globally define credentials for pulling images. - imagePullCredentials: {} - - # global.extraLabels -- Extra labels added ta all resources created by the helm chart - extraLabels: {} - # global.extraAnnotations -- Extra annotations added ta all resources created by the helm chart - extraAnnotations: {} - -images: - pullSecretName: - -# proxy -- Proxy being injected into pods for rewriting http headers -proxy: - image: - # proxy.image.registry -- Registry for the docker image. - registry: - # proxy.image.repository - Repository for the docker image - repository: "stackstate/http-header-injector-proxy" - # proxy.image.pullPolicy -- Policy when pulling an image - pullPolicy: IfNotPresent - # proxy.image.tag -- The tag for the docker image - tag: sha-5ff79451 - - # proxy.resource -- Resources for the proxy container - resources: - requests: - # proxy.resources.requests.memory -- Memory resource requests. - memory: "25Mi" - limits: - # proxy.resources.limits.memory -- Memory resource limits. - memory: "40Mi" - -# proxyInit -- InitContainer within pod which redirects traffic to the proxy container. -proxyInit: - image: - # proxyInit.image.registry -- Registry for the docker image - registry: - # proxyInit.image.repository - Repository for the docker image - repository: "stackstate/http-header-injector-proxy-init" - # proxyInit.image.pullPolicy -- Policy when pulling an image - pullPolicy: IfNotPresent - # proxyInit.image.tag -- The tag for the docker image - tag: sha-5ff79451 - -# sidecarInjector -- Service for injecting the proxy sidecar into pods -sidecarInjector: - image: - # sidecarInjector.image.registry -- Registry for the docker image. - registry: - # sidecarInjector.image.repository - Repository for the docker image - repository: "stackstate/generic-sidecar-injector" - # sidecarInjector.image.pullPolicy -- Policy when pulling an image - pullPolicy: IfNotPresent - # sidecarInjector.image.tag -- The tag for the docker image - tag: sha-9c852245 - -# certificatePrehook -- Helm prehook to setup/remove a certificate for the sidecarInjector mutationwebhook -certificatePrehook: - image: - # certificatePrehook.image.registry -- Registry for the docker image. - registry: - # certificatePrehook.image.repository - Repository for the docker image. - repository: stackstate/container-tools - # certificatePrehook.image.pullPolicy -- Policy when pulling an image - pullPolicy: IfNotPresent - # certificatePrehook.image.tag -- The tag for the docker image - tag: 1.4.0 - resources: - limits: - cpu: "100m" - memory: "100Mi" - requests: - cpu: "100m" - memory: "100Mi" - -# webhook -- MutationWebhook that will be installed to inject a sidecar into pods -webhook: - # webhook.failurePolicy -- How should the webhook fail? Best is to use Ignore, because there is a brief moment at initialization when the hook s there but the service not. Also, putting this to fail can cause the control plane be unresponsive. - failurePolicy: Ignore - tls: - # webhook.tls.mode -- The mode for the webhook. Can be "provided", "generated", "secret" or "cert-manager". If you want to use cert-manager, you need to install it first. NOTE: If you choose "generated", additional privileges are required to create the certificate and webhook at runtime. - mode: "generated" - provided: - # webhook.tls.provided.caBundle -- The caBundle that is used for the webhook. This is the certificate that is used to sign the webhook. Only used if you set webhook.tls.mode to "provided". - caBundle: "" - # webhook.tls.provided.crt -- The certificate that is used for the webhook. Only used if you set webhook.tls.mode to "provided". - crt: "" - # webhook.tls.provided.key -- The key that is used for the webhook. Only used if you set webhook.tls.mode to "provided". - key: "" - certManager: - # webhook.tls.certManager.issuer -- The issuer that is used for the webhook. Only used if you set webhook.tls.mode to "cert-manager". - issuer: "" - # webhook.tls.certManager.issuerKind -- The issuer kind that is used for the webhook, valid values are "Issuer" or "ClusterIssuer". Only used if you set webhook.tls.mode to "cert-manager". - issuerKind: "ClusterIssuer" - # webhook.tls.certManager.issuerNamespace -- The namespace the cert-manager issuer is located in. If left empty defaults to the release's namespace that is used for the webhook. Only used if you set webhook.tls.mode to "cert-manager". - issuerNamespace: "" - secret: - # webhook.tls.secret.name -- The name of the secret containing the pre-provisioned certificate data that is used for the webhook. Only used if you set webhook.tls.mode to "secret". - name: "" diff --git a/charts/stackstate/stackstate-k8s-agent/1.0.84/questions.yml b/charts/stackstate/stackstate-k8s-agent/1.0.84/questions.yml deleted file mode 100644 index 5d6e6a011..000000000 --- a/charts/stackstate/stackstate-k8s-agent/1.0.84/questions.yml +++ /dev/null @@ -1,184 +0,0 @@ -questions: - - variable: stackstate.apiKey - label: "StackState API Key" - type: string - description: "The API key for StackState." - required: true - group: General - - variable: stackstate.url - label: "StackState URL" - type: string - description: "The URL where StackState is running." - required: true - group: General - - variable: stackstate.cluster.name - label: "StackState Cluster Name" - type: string - description: "The StackState Cluster Name given when installing the instance of the Kubernetes StackPack in StackState. This is used to identify the cluster in StackState." - required: true - group: General - - variable: all.registry.override - label: "Override Default Image Registry" - type: boolean - description: "Whether or not to override the default image registry." - default: false - group: "General" - show_subquestions_if: true - subquestions: - - variable: all.image.registry - label: "Docker Image Registry" - type: string - description: "The registry to pull the StackState Agent images from." - default: "quay.io" - - variable: global.imagePullCredentials.username - label: "Docker Image Pull Username" - type: string - description: "The username to use when pulling the StackState Agent images." - - variable: global.imagePullCredentials.password - label: "Docker Image Pull Password" - type: secret - description: "The password to use when pulling the StackState Agent images." - - variable: nodeAgent.containers.agent.resources.override - label: "Override Node Agent Resource Allocation" - type: boolean - description: "Whether or not to override the default resources." - default: "false" - group: "Node Agent" - show_subquestions_if: true - subquestions: - - variable: nodeAgent.containers.agent.resources.requests.cpu - label: "CPU Requests" - type: string - description: "The requested CPU for the Node Agent." - default: "20m" - - variable: nodeAgent.containers.agent.resources.requests.memory - label: "Memory Requests" - type: string - description: "The requested memory for the Node Agent." - default: "180Mi" - - variable: nodeAgent.containers.agent.resources.limits.cpu - label: "CPU Limit" - type: string - description: "The CPU limit for the Node Agent." - default: "270m" - - variable: nodeAgent.containers.agent.resources.limits.memory - label: "Memory Limit" - type: string - description: "The memory limit for the Node Agent." - default: "420Mi" - - variable: nodeAgent.containers.processAgent.enabled - label: "Enable Process Agent" - type: boolean - description: "Whether or not to enable the Process Agent." - default: "true" - group: "Process Agent" - - variable: nodeAgent.skipKubeletTLSVerify - label: "Skip Kubelet TLS Verify" - type: boolean - description: "Whether or not to skip TLS verification when connecting to the kubelet API." - default: "true" - group: "Process Agent" - - variable: nodeAgent.containers.processAgent.resources.override - label: "Override Process Agent Resource Allocation" - type: boolean - description: "Whether or not to override the default resources." - default: "false" - group: "Process Agent" - show_subquestions_if: true - subquestions: - - variable: nodeAgent.containers.processAgent.resources.requests.cpu - label: "CPU Requests" - type: string - description: "The requested CPU for the Process Agent." - default: "25m" - - variable: nodeAgent.containers.processAgent.resources.requests.memory - label: "Memory Requests" - type: string - description: "The requested memory for the Process Agent." - default: "128Mi" - - variable: nodeAgent.containers.processAgent.resources.limits.cpu - label: "CPU Limit" - type: string - description: "The CPU limit for the Process Agent." - default: "125m" - - variable: nodeAgent.containers.processAgent.resources.limits.memory - label: "Memory Limit" - type: string - description: "The memory limit for the Process Agent." - default: "400Mi" - - variable: clusterAgent.enabled - label: "Enable Cluster Agent" - type: boolean - description: "Whether or not to enable the Cluster Agent." - default: "true" - group: "Cluster Agent" - - variable: clusterAgent.collection.kubernetesResources.secrets - label: "Collect Secret Resources" - type: boolean - description: | - Whether or not to collect Kubernetes Secrets. - NOTE: StackState will not send the actual data of the secrets, only the metadata and a secure hash of the data. - default: "true" - group: "Cluster Agent" - - variable: clusterAgent.resources.override - label: "Override Cluster Agent Resource Allocation" - type: boolean - description: "Whether or not to override the default resources." - default: "false" - group: "Cluster Agent" - show_subquestions_if: true - subquestions: - - variable: clusterAgent.resources.requests.cpu - label: "CPU Requests" - type: string - description: "The requested CPU for the Cluster Agent." - default: "70m" - - variable: clusterAgent.resources.requests.memory - label: "Memory Requests" - type: string - description: "The requested memory for the Cluster Agent." - default: "512Mi" - - variable: clusterAgent.resources.limits.cpu - label: "CPU Limit" - type: string - description: "The CPU limit for the Cluster Agent." - default: "400m" - - variable: clusterAgent.resources.limits.memory - label: "Memory Limit" - type: string - description: "The memory limit for the Cluster Agent." - default: "800Mi" - - variable: logsAgent.enabled - label: "Enable Logs Agent" - type: boolean - description: "Whether or not to enable the Logs Agent." - default: "true" - group: "Logs Agent" - - variable: logsAgent.resources.override - label: "Override Logs Agent Resource Allocation" - type: boolean - description: "Whether or not to override the default resources." - default: "false" - group: "Logs Agent" - show_subquestions_if: true - subquestions: - - variable: logsAgent.resources.requests.cpu - label: "CPU Requests" - type: string - description: "The requested CPU for the Logs Agent." - default: "20m" - - variable: logsAgent.resources.requests.memory - label: "Memory Requests" - type: string - description: "The requested memory for the Logs Agent." - default: "100Mi" - - variable: logsAgent.resources.limits.cpu - label: "CPU Limit" - type: string - description: "The CPU limit for the Logs Agent." - default: "1300m" - - variable: logsAgent.resources.limits.memory - label: "Memory Limit" - type: string - description: "The memory limit for the Logs Agent." - default: "192Mi" diff --git a/charts/stackstate/stackstate-k8s-agent/1.0.84/templates/_cluster-agent-kube-state-metrics.yaml b/charts/stackstate/stackstate-k8s-agent/1.0.84/templates/_cluster-agent-kube-state-metrics.yaml deleted file mode 100644 index f99fbf618..000000000 --- a/charts/stackstate/stackstate-k8s-agent/1.0.84/templates/_cluster-agent-kube-state-metrics.yaml +++ /dev/null @@ -1,62 +0,0 @@ -{{- define "cluster-agent-kube-state-metrics" -}} -{{- $kubeRes := .Values.clusterAgent.collection.kubernetesResources }} -{{- if .Values.clusterAgent.collection.kubeStateMetrics.clusterCheck }} -cluster_check: true -{{- end }} -init_config: -instances: - - collectors: - - nodes - - pods - - services - {{- if $kubeRes.persistentvolumeclaims }} - - persistentvolumeclaims - {{- end }} - {{- if $kubeRes.persistentvolumes }} - - persistentvolumes - {{- end }} - {{- if $kubeRes.namespaces }} - - namespaces - {{- end }} - {{- if $kubeRes.endpoints }} - - endpoints - {{- end }} - {{- if $kubeRes.daemonsets }} - - daemonsets - {{- end }} - {{- if $kubeRes.deployments }} - - deployments - {{- end }} - {{- if $kubeRes.replicasets }} - - replicasets - {{- end }} - {{- if $kubeRes.statefulsets }} - - statefulsets - {{- end }} - {{- if $kubeRes.cronjobs }} - - cronjobs - {{- end }} - {{- if $kubeRes.jobs }} - - jobs - {{- end }} - {{- if $kubeRes.ingresses }} - - ingresses - {{- end }} - {{- if $kubeRes.secrets }} - - secrets - {{- end }} - - resourcequotas - - replicationcontrollers - - limitranges - - horizontalpodautoscalers - - poddisruptionbudgets - - storageclasses - - volumeattachments - {{- if .Values.clusterAgent.collection.kubeStateMetrics.clusterCheck }} - skip_leader_election: true - {{- end }} - labels_as_tags: - {{ .Values.clusterAgent.collection.kubeStateMetrics.labelsAsTags | toYaml | indent 8 }} - annotations_as_tags: - {{ .Values.clusterAgent.collection.kubeStateMetrics.annotationsAsTags | toYaml | indent 8 }} -{{- end -}} diff --git a/charts/stackstate/stackstate-k8s-agent/1.0.84/templates/_container-agent.yaml b/charts/stackstate/stackstate-k8s-agent/1.0.84/templates/_container-agent.yaml deleted file mode 100644 index 09f9591c6..000000000 --- a/charts/stackstate/stackstate-k8s-agent/1.0.84/templates/_container-agent.yaml +++ /dev/null @@ -1,191 +0,0 @@ -{{- define "container-agent" -}} -- name: node-agent -{{- if .Values.all.hardening.enabled}} - lifecycle: - preStop: - exec: - command: [ "/bin/sh", "-c", "echo 'Giving slim.ai monitor time to submit data...'; sleep 120" ] -{{- end }} - image: "{{ include "stackstate-k8s-agent.imageRegistry" . }}/{{ .Values.nodeAgent.containers.agent.image.repository }}:{{ .Values.nodeAgent.containers.agent.image.tag }}" - imagePullPolicy: "{{ .Values.nodeAgent.containers.agent.image.pullPolicy }}" - env: - {{ include "stackstate-k8s-agent.apiKeyEnv" . | nindent 4 }} - - name: STS_KUBERNETES_KUBELET_HOST - valueFrom: - fieldRef: - fieldPath: status.hostIP - - name: KUBERNETES_HOSTNAME - valueFrom: - fieldRef: - fieldPath: spec.nodeName - - name: STS_HOSTNAME - value: "$(KUBERNETES_HOSTNAME)-{{ .Values.stackstate.cluster.name}}" - - name: AGENT_VERSION - value: {{ .Values.nodeAgent.containers.agent.image.tag | quote }} - - name: HOST_PROC - value: "/host/proc" - - name: HOST_SYS - value: "/host/sys" - - name: KUBERNETES - value: "true" - - name: STS_APM_ENABLED - value: {{ .Values.nodeAgent.apm.enabled | quote }} - - name: STS_APM_URL - value: {{ include "stackstate-k8s-agent.stackstate.url" . }} - - name: STS_CLUSTER_AGENT_ENABLED - value: {{ .Values.clusterAgent.enabled | quote }} - {{- if .Values.clusterAgent.enabled }} - - name: STS_CLUSTER_AGENT_KUBERNETES_SERVICE_NAME - value: {{ .Release.Name }}-cluster-agent - {{ include "stackstate-k8s-agent.clusterAgentAuthTokenEnv" . | nindent 4 }} - {{- end }} - - name: STS_CLUSTER_NAME - value: {{ .Values.stackstate.cluster.name | quote }} - - name: STS_SKIP_VALIDATE_CLUSTERNAME - value: "true" - - name: STS_CHECKS_TAG_CARDINALITY - value: {{ .Values.nodeAgent.checksTagCardinality | quote }} - {{- if .Values.checksAgent.enabled }} - - name: STS_EXTRA_CONFIG_PROVIDERS - value: "endpointschecks" - {{- end }} - - name: STS_HEALTH_PORT - value: "5555" - - name: STS_LEADER_ELECTION - value: "false" - - name: LOG_LEVEL - value: {{ .Values.nodeAgent.containers.agent.logLevel | default .Values.nodeAgent.logLevel | quote }} - - name: STS_LOG_LEVEL - value: {{ .Values.nodeAgent.containers.agent.logLevel | default .Values.nodeAgent.logLevel | quote }} - - name: STS_NETWORK_TRACING_ENABLED - value: {{ .Values.nodeAgent.networkTracing.enabled | quote }} - - name: STS_PROTOCOL_INSPECTION_ENABLED - value: {{ .Values.nodeAgent.protocolInspection.enabled | quote }} - - name: STS_PROCESS_AGENT_ENABLED - value: {{ .Values.nodeAgent.containers.agent.processAgent.enabled | quote }} - - name: STS_CONTAINER_CHECK_INTERVAL - value: {{ .Values.processAgent.checkIntervals.container | quote }} - - name: STS_CONNECTION_CHECK_INTERVAL - value: {{ .Values.processAgent.checkIntervals.connections | quote }} - - name: STS_PROCESS_CHECK_INTERVAL - value: {{ .Values.processAgent.checkIntervals.process | quote }} - - name: STS_PROCESS_AGENT_URL - value: {{ include "stackstate-k8s-agent.stackstate.url" . }} - - - name: STS_SKIP_SSL_VALIDATION - value: {{ or .Values.global.skipSslValidation .Values.nodeAgent.skipSslValidation | quote }} - - name: STS_SKIP_KUBELET_TLS_VERIFY - value: {{ .Values.nodeAgent.skipKubeletTLSVerify | quote }} - - name: STS_STS_URL - value: {{ include "stackstate-k8s-agent.stackstate.url" . }} - {{- if .Values.nodeAgent.containerRuntime.customSocketPath }} - - name: STS_CRI_SOCKET_PATH - value: {{ .Values.nodeAgent.containerRuntime.customSocketPath }} - {{- end }} - {{- if .Values.global.proxy.url }} - - name: STS_PROXY_HTTPS - value: {{ .Values.global.proxy.url | quote }} - - name: STS_PROXY_HTTP - value: {{ .Values.global.proxy.url | quote }} - {{- end }} - {{- range $key, $value := .Values.global.extraEnv.open }} - - name: {{ $key }} - value: {{ $value | quote }} - {{- end }} - {{- range $key, $value := .Values.global.extraEnv.secret }} - - name: {{ $key }} - valueFrom: - secretKeyRef: - name: {{ include "stackstate-k8s-agent.fullname" . }} - key: {{ $key }} - {{- end }} - {{- range $key, $value := .Values.nodeAgent.containers.agent.env }} - - name: {{ $key }} - value: {{ $value | quote }} - {{- end }} - {{- if .Values.nodeAgent.containers.agent.livenessProbe.enabled }} - livenessProbe: - httpGet: - path: /health - port: healthport - failureThreshold: {{ .Values.nodeAgent.containers.agent.livenessProbe.failureThreshold }} - initialDelaySeconds: {{ .Values.nodeAgent.containers.agent.livenessProbe.initialDelaySeconds }} - periodSeconds: {{ .Values.nodeAgent.containers.agent.livenessProbe.periodSeconds }} - successThreshold: {{ .Values.nodeAgent.containers.agent.livenessProbe.successThreshold }} - timeoutSeconds: {{ .Values.nodeAgent.containers.agent.livenessProbe.timeoutSeconds }} - {{- end }} - {{- if .Values.nodeAgent.containers.agent.readinessProbe.enabled }} - readinessProbe: - httpGet: - path: /health - port: healthport - failureThreshold: {{ .Values.nodeAgent.containers.agent.readinessProbe.failureThreshold }} - initialDelaySeconds: {{ .Values.nodeAgent.containers.agent.readinessProbe.initialDelaySeconds }} - periodSeconds: {{ .Values.nodeAgent.containers.agent.readinessProbe.periodSeconds }} - successThreshold: {{ .Values.nodeAgent.containers.agent.readinessProbe.successThreshold }} - timeoutSeconds: {{ .Values.nodeAgent.containers.agent.readinessProbe.timeoutSeconds }} - {{- end }} - ports: - - containerPort: 8126 - name: traceport - protocol: TCP - - containerPort: 5555 - name: healthport - protocol: TCP - {{- with .Values.nodeAgent.containers.agent.resources }} - resources: - {{- toYaml . | nindent 12 }} - {{- end }} - volumeMounts: - {{- if .Values.nodeAgent.containerRuntime.customSocketPath }} - - name: customcrisocket - mountPath: {{ .Values.nodeAgent.containerRuntime.customSocketPath }} - readOnly: true - {{- end }} - - name: crisocket - mountPath: /var/run/crio/crio.sock - readOnly: true - - name: containerdsocket - mountPath: /var/run/containerd/containerd.sock - readOnly: true - - name: kubelet - mountPath: /var/lib/kubelet - readOnly: true - - name: nfs - mountPath: /var/lib/nfs - readOnly: true - - name: dockersocket - mountPath: /var/run/docker.sock - readOnly: true - - name: dockernetns - mountPath: /run/docker/netns - readOnly: true - - name: dockeroverlay2 - mountPath: /var/lib/docker/overlay2 - readOnly: true - - name: procdir - mountPath: /host/proc - readOnly: true - - name: cgroups - mountPath: /host/sys/fs/cgroup - readOnly: true - {{- if .Values.nodeAgent.config.override }} - {{- range .Values.nodeAgent.config.override }} - - name: config-override-volume - mountPath: {{ .path }}/{{ .name }} - subPath: {{ .path | replace "/" "_"}}_{{ .name }} - readOnly: true - {{- end }} - {{- end }} -{{- if .Values.all.hardening.enabled}} - securityContext: - privileged: true - runAsUser: 0 # root - capabilities: - add: [ "ALL" ] - readOnlyRootFilesystem: false -{{- else }} - securityContext: - privileged: false -{{- end }} -{{- end -}} diff --git a/charts/stackstate/stackstate-k8s-agent/1.0.84/templates/_container-process-agent.yaml b/charts/stackstate/stackstate-k8s-agent/1.0.84/templates/_container-process-agent.yaml deleted file mode 100644 index 893f11581..000000000 --- a/charts/stackstate/stackstate-k8s-agent/1.0.84/templates/_container-process-agent.yaml +++ /dev/null @@ -1,160 +0,0 @@ -{{- define "container-process-agent" -}} -- name: process-agent -{{ if .Values.nodeAgent.containers.processAgent.image.registry }} - image: "{{ .Values.nodeAgent.containers.processAgent.image.registry }}/{{ .Values.nodeAgent.containers.processAgent.image.repository }}:{{ .Values.nodeAgent.containers.processAgent.image.tag }}" -{{ else }} - image: "{{ include "stackstate-k8s-agent.imageRegistry" . }}/{{ .Values.nodeAgent.containers.processAgent.image.repository }}:{{ .Values.nodeAgent.containers.processAgent.image.tag }}" -{{- end }} - imagePullPolicy: "{{ .Values.nodeAgent.containers.processAgent.image.pullPolicy }}" - ports: - - containerPort: 6063 - env: - {{ include "stackstate-k8s-agent.apiKeyEnv" . | nindent 4 }} - - name: STS_KUBERNETES_KUBELET_HOST - valueFrom: - fieldRef: - fieldPath: status.hostIP - - name: KUBERNETES_HOSTNAME - valueFrom: - fieldRef: - fieldPath: spec.nodeName - - name: STS_HOSTNAME - value: "$(KUBERNETES_HOSTNAME)-{{ .Values.stackstate.cluster.name}}" - - name: AGENT_VERSION - value: {{ .Values.nodeAgent.containers.processAgent.image.tag | quote }} - - name: STS_LOG_TO_CONSOLE - value: "true" - - name: HOST_PROC - value: "/host/proc" - - name: HOST_SYS - value: "/host/sys" - - name: HOST_ETC - value: "/host/etc" - - name: KUBERNETES - value: "true" - - name: STS_CLUSTER_AGENT_ENABLED - value: {{ .Values.clusterAgent.enabled | quote }} - {{- if .Values.clusterAgent.enabled }} - - name: STS_CLUSTER_AGENT_KUBERNETES_SERVICE_NAME - value: {{ .Release.Name }}-cluster-agent - {{ include "stackstate-k8s-agent.clusterAgentAuthTokenEnv" . | nindent 4 }} - {{- end }} - - name: STS_CLUSTER_NAME - value: {{ .Values.stackstate.cluster.name | quote }} - - name: STS_SKIP_VALIDATE_CLUSTERNAME - value: "true" - - name: LOG_LEVEL - value: {{ .Values.nodeAgent.containers.processAgent.logLevel | default .Values.nodeAgent.logLevel | quote }} - - name: STS_LOG_LEVEL - value: {{ .Values.nodeAgent.containers.processAgent.logLevel | default .Values.nodeAgent.logLevel | quote }} - - name: STS_NETWORK_TRACING_ENABLED - value: {{ .Values.nodeAgent.networkTracing.enabled | quote }} - - name: STS_PROTOCOL_INSPECTION_ENABLED - value: {{ .Values.nodeAgent.protocolInspection.enabled | quote }} - - name: STS_PROCESS_AGENT_ENABLED - value: {{ .Values.nodeAgent.containers.processAgent.enabled | quote }} - - name: STS_CONTAINER_CHECK_INTERVAL - value: {{ .Values.processAgent.checkIntervals.container | quote }} - - name: STS_CONNECTION_CHECK_INTERVAL - value: {{ .Values.processAgent.checkIntervals.connections | quote }} - - name: STS_PROCESS_CHECK_INTERVAL - value: {{ .Values.processAgent.checkIntervals.process | quote }} - - name: GOMEMLIMIT - value: {{ .Values.processAgent.softMemoryLimit.goMemLimit | quote }} - - name: STS_HTTP_STATS_BUFFER_SIZE - value: {{ .Values.processAgent.softMemoryLimit.httpStatsBufferSize | quote }} - - name: STS_HTTP_OBSERVATIONS_BUFFER_SIZE - value: {{ .Values.processAgent.softMemoryLimit.httpObservationsBufferSize | quote }} - - name: STS_PROCESS_AGENT_URL - value: {{ include "stackstate-k8s-agent.stackstate.url" . }} - - name: STS_SKIP_SSL_VALIDATION - value: {{ or .Values.global.skipSslValidation .Values.nodeAgent.skipSslValidation | quote }} - - name: STS_SKIP_KUBELET_TLS_VERIFY - value: {{ .Values.nodeAgent.skipKubeletTLSVerify | quote }} - - name: STS_STS_URL - value: {{ include "stackstate-k8s-agent.stackstate.url" . }} - - name: STS_HTTP_TRACING_ENABLED - value: {{ .Values.nodeAgent.httpTracing.enabled | quote }} - {{- if .Values.nodeAgent.containerRuntime.customSocketPath }} - - name: STS_CRI_SOCKET_PATH - value: {{ .Values.nodeAgent.containerRuntime.customSocketPath }} - {{- end }} - {{- if .Values.global.proxy.url }} - - name: STS_PROXY_HTTPS - value: {{ .Values.global.proxy.url | quote }} - - name: STS_PROXY_HTTP - value: {{ .Values.global.proxy.url | quote }} - {{- end }} - {{- range $key, $value := .Values.global.extraEnv.open }} - - name: {{ $key }} - value: {{ $value | quote }} - {{- end }} - {{- range $key, $value := .Values.global.extraEnv.secret }} - - name: {{ $key }} - valueFrom: - secretKeyRef: - name: {{ include "stackstate-k8s-agent.fullname" . }} - key: {{ $key }} - {{- end }} - {{- range $key, $value := .Values.nodeAgent.containers.processAgent.env }} - - name: {{ $key }} - value: {{ $value | quote }} - {{- end }} - {{- with .Values.nodeAgent.containers.processAgent.resources }} - resources: - {{- toYaml . | nindent 12 }} - {{- end }} - volumeMounts: - {{- if .Values.nodeAgent.containerRuntime.customSocketPath }} - - name: customcrisocket - mountPath: {{ .Values.nodeAgent.containerRuntime.customSocketPath }} - readOnly: true - {{- end }} - - name: crisocket - mountPath: /var/run/crio/crio.sock - readOnly: true - - name: containerdsocket - mountPath: /var/run/containerd/containerd.sock - readOnly: true - - name: sys-kernel-debug - mountPath: /sys/kernel/debug - # Having sys-kernel-debug as read only breaks specific monitors from receiving metrics - # readOnly: true - - name: dockersocket - mountPath: /var/run/docker.sock - readOnly: true - # The agent needs access to /etc to figure out what os it is running on. - - name: etcdir - mountPath: /host/etc - readOnly: true - - name: procdir - mountPath: /host/proc - # We have an agent option STS_DISABLE_BPF_JIT_HARDEN that write to /proc. this is a debug setting but if we want to use - # it, we have the option to make /proc writable. - readOnly: {{ .Values.nodeAgent.containers.processAgent.procVolumeReadOnly }} - - name: passwd - mountPath: /etc/passwd - readOnly: true - - name: cgroups - mountPath: /host/sys/fs/cgroup - readOnly: true - {{- if .Values.nodeAgent.config.override }} - {{- range .Values.nodeAgent.config.override }} - - name: config-override-volume - mountPath: {{ .path }}/{{ .name }} - subPath: {{ .path | replace "/" "_"}}_{{ .name }} - readOnly: true - {{- end }} - {{- end }} -{{- if .Values.all.hardening.enabled}} - securityContext: - privileged: true - runAsUser: 0 # root - capabilities: - add: [ "ALL" ] - readOnlyRootFilesystem: false -{{- else }} - securityContext: - privileged: true -{{- end }} -{{- end -}} diff --git a/charts/stackstate/stackstate-k8s-agent/1.0.84/templates/_helpers.tpl b/charts/stackstate/stackstate-k8s-agent/1.0.84/templates/_helpers.tpl deleted file mode 100644 index 3c51bc308..000000000 --- a/charts/stackstate/stackstate-k8s-agent/1.0.84/templates/_helpers.tpl +++ /dev/null @@ -1,219 +0,0 @@ -{{/* vim: set filetype=mustache: */}} -{{/* -Expand the name of the chart. -*/}} -{{- define "stackstate-k8s-agent.name" -}} -{{- default .Chart.Name .Values.nameOverride | trunc 63 | trimSuffix "-" -}} -{{- end -}} - -{{/* -Create a default fully qualified app name. -We truncate at 63 chars because some Kubernetes name fields are limited to this (by the DNS naming spec). -If release name contains chart name it will be used as a full name. -*/}} -{{- define "stackstate-k8s-agent.fullname" -}} -{{- if .Values.fullnameOverride -}} -{{- .Values.fullnameOverride | trunc 63 | trimSuffix "-" -}} -{{- else -}} -{{- $name := default .Chart.Name .Values.nameOverride -}} -{{- if contains $name .Release.Name -}} -{{- .Release.Name | trunc 63 | trimSuffix "-" -}} -{{- else -}} -{{- printf "%s-%s" .Release.Name $name | trunc 63 | trimSuffix "-" -}} -{{- end -}} -{{- end -}} -{{- end -}} - -{{/* -Create chart name and version as used by the chart label. -*/}} -{{- define "stackstate-k8s-agent.chart" -}} -{{- printf "%s-%s" .Chart.Name .Chart.Version | replace "+" "_" | trunc 63 | trimSuffix "-" -}} -{{- end -}} - -{{/* -Common labels -*/}} -{{- define "stackstate-k8s-agent.labels" -}} -app.kubernetes.io/name: {{ include "stackstate-k8s-agent.name" . }} -helm.sh/chart: {{ include "stackstate-k8s-agent.chart" . }} -app.kubernetes.io/instance: {{ .Release.Name }} -{{- if .Chart.AppVersion }} -app.kubernetes.io/version: {{ .Chart.AppVersion | quote }} -{{- end }} -app.kubernetes.io/managed-by: {{ .Release.Service }} -{{- end -}} - -{{/* -Cluster agent checksum annotations -*/}} -{{- define "stackstate-k8s-agent.checksum-configs" }} -checksum/secret: {{ include (print $.Template.BasePath "/secret.yaml") . | sha256sum }} -{{- end }} - -{{/* -StackState URL function -*/}} -{{- define "stackstate-k8s-agent.stackstate.url" -}} -{{ tpl .Values.stackstate.url . | quote }} -{{- end }} - -{{- define "stackstate-k8s-agent.configmap.override.checksum" -}} -{{- if .Values.clusterAgent.config.override }} -checksum/override-configmap: {{ include (print $.Template.BasePath "/cluster-agent-configmap.yaml") . | sha256sum }} -{{- end }} -{{- end }} - -{{- define "stackstate-k8s-agent.nodeAgent.configmap.override.checksum" -}} -{{- if .Values.nodeAgent.config.override }} -checksum/override-configmap: {{ include (print $.Template.BasePath "/node-agent-configmap.yaml") . | sha256sum }} -{{- end }} -{{- end }} - -{{- define "stackstate-k8s-agent.logsAgent.configmap.override.checksum" -}} -checksum/override-configmap: {{ include (print $.Template.BasePath "/logs-agent-configmap.yaml") . | sha256sum }} -{{- end }} - -{{- define "stackstate-k8s-agent.checksAgent.configmap.override.checksum" -}} -{{- if .Values.checksAgent.config.override }} -checksum/override-configmap: {{ include (print $.Template.BasePath "/checks-agent-configmap.yaml") . | sha256sum }} -{{- end }} -{{- end }} - - -{{/* -Return the image registry -*/}} -{{- define "stackstate-k8s-agent.imageRegistry" -}} - {{- if .Values.global }} - {{- .Values.global.imageRegistry | default .Values.all.image.registry -}} - {{- else -}} - {{- .Values.all.image.registry -}} - {{- end -}} -{{- end -}} - -{{/* -Renders a value that contains a template. -Usage: -{{ include "stackstate-k8s-agent.tplvalue.render" ( dict "value" .Values.path.to.the.Value "context" $) }} -*/}} -{{- define "stackstate-k8s-agent.tplvalue.render" -}} - {{- if typeIs "string" .value }} - {{- tpl .value .context }} - {{- else }} - {{- tpl (.value | toYaml) .context }} - {{- end }} -{{- end -}} - -{{- define "stackstate-k8s-agent.pull-secret.name" -}} -{{ include "stackstate-k8s-agent.fullname" . }}-pull-secret -{{- end -}} - -{{/* -Return the proper Docker Image Registry Secret Names evaluating values as templates -{{ include "stackstate-k8s-agent.image.pullSecrets" ( dict "images" (list .Values.path.to.the.image1, .Values.path.to.the.image2) "context" $) }} -*/}} -{{- define "stackstate-k8s-agent.image.pullSecrets" -}} - {{- $pullSecrets := list }} - {{- $context := .context }} - {{- if $context.Values.global }} - {{- range $context.Values.global.imagePullSecrets -}} - {{/* Is plain array of strings, compatible with all bitnami charts */}} - {{- $pullSecrets = append $pullSecrets (include "stackstate-k8s-agent.tplvalue.render" (dict "value" . "context" $context)) -}} - {{- end -}} - {{- end -}} - {{- range $context.Values.imagePullSecrets -}} - {{- $pullSecrets = append $pullSecrets (include "stackstate-k8s-agent.tplvalue.render" (dict "value" .name "context" $context)) -}} - {{- end -}} - {{- range .images -}} - {{- if .pullSecretName -}} - {{- $pullSecrets = append $pullSecrets (include "stackstate-k8s-agent.tplvalue.render" (dict "value" .pullSecretName "context" $context)) -}} - {{- end -}} - {{- end -}} - {{- $pullSecrets = append $pullSecrets (include "stackstate-k8s-agent.pull-secret.name" $context) -}} - {{- if (not (empty $pullSecrets)) -}} -imagePullSecrets: - {{- range $pullSecrets | uniq }} - - name: {{ . }} - {{- end }} - {{- end }} -{{- end -}} - -{{/* -Check whether the kubernetes-state-metrics configuration is overridden. If so, return 'true' else return nothing (which is false). -{{ include "stackstate-k8s-agent.kube-state-metrics.overridden" $ }} -*/}} -{{- define "stackstate-k8s-agent.kube-state-metrics.overridden" -}} -{{- if .Values.clusterAgent.config.override }} - {{- range $i, $val := .Values.clusterAgent.config.override }} - {{- if and (eq $val.name "conf.yaml") (eq $val.path "/etc/stackstate-agent/conf.d/kubernetes_state.d") }} -true - {{- end }} - {{- end }} -{{- end }} -{{- end -}} - -{{- define "stackstate-k8s-agent.nodeAgent.kube-state-metrics.overridden" -}} -{{- if .Values.nodeAgent.config.override }} - {{- range $i, $val := .Values.nodeAgent.config.override }} - {{- if and (eq $val.name "auto_conf.yaml") (eq $val.path "/etc/stackstate-agent/conf.d/kubernetes_state.d") }} -true - {{- end }} - {{- end }} -{{- end }} -{{- end -}} - -{{/* -Return the appropriate os label -*/}} -{{- define "label.os" -}} -{{- if semverCompare "^1.14-0" .Capabilities.KubeVersion.GitVersion -}} -kubernetes.io/os -{{- else -}} -beta.kubernetes.io/os -{{- end -}} -{{- end -}} - -{{/* -Returns a YAML with extra annotations -*/}} -{{- define "stackstate-k8s-agent.global.extraAnnotations" -}} -{{- with .Values.global.extraAnnotations }} -{{- toYaml . }} -{{- end }} -{{- end -}} - -{{/* -Returns a YAML with extra labels -*/}} -{{- define "stackstate-k8s-agent.global.extraLabels" -}} -{{- with .Values.global.extraLabels }} -{{- toYaml . }} -{{- end }} -{{- end -}} - -{{- define "stackstate-k8s-agent.apiKeyEnv" -}} -- name: STS_API_KEY - valueFrom: - secretKeyRef: -{{- if not .Values.stackstate.manageOwnSecrets }} - name: {{ include "stackstate-k8s-agent.fullname" . }} - key: sts-api-key -{{- else }} - name: {{ .Values.stackstate.customSecretName | quote }} - key: {{ .Values.stackstate.customApiKeySecretKey | quote }} -{{- end }} -{{- end -}} - -{{- define "stackstate-k8s-agent.clusterAgentAuthTokenEnv" -}} -- name: STS_CLUSTER_AGENT_AUTH_TOKEN - valueFrom: - secretKeyRef: -{{- if not .Values.stackstate.manageOwnSecrets }} - name: {{ include "stackstate-k8s-agent.fullname" . }} - key: sts-cluster-auth-token -{{- else }} - name: {{ .Values.stackstate.customSecretName | quote }} - key: {{ .Values.stackstate.customClusterAuthTokenSecretKey | quote }} -{{- end }} -{{- end -}} diff --git a/charts/stackstate/stackstate-k8s-agent/1.0.84/templates/checks-agent-clusterrolebinding.yaml b/charts/stackstate/stackstate-k8s-agent/1.0.84/templates/checks-agent-clusterrolebinding.yaml deleted file mode 100644 index 4fd0eadbc..000000000 --- a/charts/stackstate/stackstate-k8s-agent/1.0.84/templates/checks-agent-clusterrolebinding.yaml +++ /dev/null @@ -1,21 +0,0 @@ -{{- if .Values.checksAgent.enabled }} -apiVersion: rbac.authorization.k8s.io/v1 -kind: ClusterRoleBinding -metadata: - name: {{ .Release.Name }}-checks-agent - labels: -{{ include "stackstate-k8s-agent.labels" . | indent 4 }} -{{ include "stackstate-k8s-agent.global.extraLabels" . | indent 4 }} - app.kubernetes.io/component: checks-agent - annotations: -{{ include "stackstate-k8s-agent.global.extraAnnotations" . | indent 4 }} -roleRef: - apiGroup: rbac.authorization.k8s.io - kind: ClusterRole - name: {{ .Release.Name }}-node-agent -subjects: -- apiGroup: "" - kind: ServiceAccount - name: {{ .Release.Name }}-checks-agent - namespace: {{ .Release.Namespace }} -{{- end -}} diff --git a/charts/stackstate/stackstate-k8s-agent/1.0.84/templates/checks-agent-configmap.yaml b/charts/stackstate/stackstate-k8s-agent/1.0.84/templates/checks-agent-configmap.yaml deleted file mode 100644 index 54a1abf2f..000000000 --- a/charts/stackstate/stackstate-k8s-agent/1.0.84/templates/checks-agent-configmap.yaml +++ /dev/null @@ -1,17 +0,0 @@ -{{- if and .Values.checksAgent.enabled .Values.checksAgent.config.override }} -apiVersion: v1 -kind: ConfigMap -metadata: - name: {{ .Release.Name }}-checks-agent - labels: -{{ include "stackstate-k8s-agent.labels" . | indent 4 }} -{{ include "stackstate-k8s-agent.global.extraLabels" . | indent 4 }} - app.kubernetes.io/component: checks-agent - annotations: -{{ include "stackstate-k8s-agent.global.extraAnnotations" . | indent 4 }} -data: -{{- range .Values.checksAgent.config.override }} - {{ .path | replace "/" "_"}}_{{ .name }}: | -{{ .data | indent 4 -}} -{{- end -}} -{{- end -}} diff --git a/charts/stackstate/stackstate-k8s-agent/1.0.84/templates/checks-agent-deployment.yaml b/charts/stackstate/stackstate-k8s-agent/1.0.84/templates/checks-agent-deployment.yaml deleted file mode 100644 index 37a0b1a1d..000000000 --- a/charts/stackstate/stackstate-k8s-agent/1.0.84/templates/checks-agent-deployment.yaml +++ /dev/null @@ -1,185 +0,0 @@ -{{- if .Values.checksAgent.enabled }} -apiVersion: apps/v1 -kind: Deployment -metadata: - name: {{ .Release.Name }}-checks-agent - namespace: {{ .Release.Namespace }} - labels: -{{ include "stackstate-k8s-agent.labels" . | indent 4 }} -{{ include "stackstate-k8s-agent.global.extraLabels" . | indent 4 }} - app.kubernetes.io/component: checks-agent - annotations: -{{ include "stackstate-k8s-agent.global.extraAnnotations" . | indent 4 }} -spec: - selector: - matchLabels: - app.kubernetes.io/component: checks-agent - app.kubernetes.io/instance: {{ .Release.Name }} - app.kubernetes.io/name: {{ include "stackstate-k8s-agent.name" . }} - replicas: {{ .Values.checksAgent.replicas }} -{{- with .Values.checksAgent.strategy }} - strategy: - {{- toYaml . | nindent 4 }} -{{- end }} - template: - metadata: - annotations: - {{- include "stackstate-k8s-agent.checksum-configs" . | nindent 8 }} - {{- include "stackstate-k8s-agent.nodeAgent.configmap.override.checksum" . | nindent 8 }} -{{ include "stackstate-k8s-agent.global.extraAnnotations" . | indent 8 }} - labels: - app.kubernetes.io/component: checks-agent - app.kubernetes.io/instance: {{ .Release.Name }} - app.kubernetes.io/name: {{ include "stackstate-k8s-agent.name" . }} -{{ include "stackstate-k8s-agent.global.extraLabels" . | indent 8 }} - spec: - {{- include "stackstate-k8s-agent.image.pullSecrets" (dict "images" (list .Values.checksAgent.image .Values.all.image) "context" $) | nindent 6 }} - {{- if .Values.all.hardening.enabled}} - terminationGracePeriodSeconds: 240 - {{- end }} - containers: - - name: {{ .Chart.Name }} - image: "{{ include "stackstate-k8s-agent.imageRegistry" . }}/{{ .Values.checksAgent.image.repository }}:{{ .Values.checksAgent.image.tag }}" - imagePullPolicy: "{{ .Values.checksAgent.image.pullPolicy }}" - {{- if .Values.all.hardening.enabled}} - lifecycle: - preStop: - exec: - command: [ "/bin/sh", "-c", "echo 'Giving slim.ai monitor time to submit data...'; sleep 120" ] - {{- end }} - env: - {{ include "stackstate-k8s-agent.apiKeyEnv" . | nindent 10 }} - - name: KUBERNETES_HOSTNAME - valueFrom: - fieldRef: - fieldPath: spec.nodeName - - name: STS_HOSTNAME - value: "$(KUBERNETES_HOSTNAME)-{{ .Values.stackstate.cluster.name}}" - - name: AGENT_VERSION - value: {{ .Values.checksAgent.image.tag | quote }} - - name: LOG_LEVEL - value: {{ .Values.checksAgent.logLevel | quote }} - - name: STS_APM_ENABLED - value: "false" - - name: STS_CLUSTER_AGENT_ENABLED - value: {{ .Values.clusterAgent.enabled | quote }} - {{- if .Values.clusterAgent.enabled }} - - name: STS_CLUSTER_AGENT_KUBERNETES_SERVICE_NAME - value: {{ .Release.Name }}-cluster-agent - {{ include "stackstate-k8s-agent.clusterAgentAuthTokenEnv" . | nindent 10 }} - {{- end }} - - name: STS_CLUSTER_NAME - value: {{ .Values.stackstate.cluster.name | quote }} - - name: STS_SKIP_VALIDATE_CLUSTERNAME - value: "true" - - name: STS_CHECKS_TAG_CARDINALITY - value: {{ .Values.checksAgent.checksTagCardinality | quote }} - - name: STS_EXTRA_CONFIG_PROVIDERS - value: "clusterchecks" - - name: STS_HEALTH_PORT - value: "5555" - - name: STS_LEADER_ELECTION - value: "false" - - name: STS_LOG_LEVEL - value: {{ .Values.checksAgent.logLevel | quote }} - - name: STS_NETWORK_TRACING_ENABLED - value: "false" - - name: STS_PROCESS_AGENT_ENABLED - value: "false" - - name: STS_SKIP_SSL_VALIDATION - value: {{ or .Values.global.skipSslValidation .Values.checksAgent.skipSslValidation | quote }} - - name: STS_STS_URL - value: {{ include "stackstate-k8s-agent.stackstate.url" . }} - {{- if .Values.global.proxy.url }} - - name: STS_PROXY_HTTPS - value: {{ .Values.global.proxy.url | quote }} - - name: STS_PROXY_HTTP - value: {{ .Values.global.proxy.url | quote }} - {{- end }} - {{- range $key, $value := .Values.global.extraEnv.open }} - - name: {{ $key }} - value: {{ $value | quote }} - {{- end }} - {{- range $key, $value := .Values.global.extraEnv.secret }} - - name: {{ $key }} - valueFrom: - secretKeyRef: - name: {{ include "stackstate-k8s-agent.fullname" . }} - key: {{ $key }} - {{- end }} - livenessProbe: - httpGet: - path: /health - port: healthport - failureThreshold: {{ .Values.checksAgent.livenessProbe.failureThreshold }} - initialDelaySeconds: {{ .Values.checksAgent.livenessProbe.initialDelaySeconds }} - periodSeconds: {{ .Values.checksAgent.livenessProbe.periodSeconds }} - successThreshold: {{ .Values.checksAgent.livenessProbe.successThreshold }} - timeoutSeconds: {{ .Values.checksAgent.livenessProbe.timeoutSeconds }} - readinessProbe: - httpGet: - path: /health - port: healthport - failureThreshold: {{ .Values.checksAgent.readinessProbe.failureThreshold }} - initialDelaySeconds: {{ .Values.checksAgent.readinessProbe.initialDelaySeconds }} - periodSeconds: {{ .Values.checksAgent.readinessProbe.periodSeconds }} - successThreshold: {{ .Values.checksAgent.readinessProbe.successThreshold }} - timeoutSeconds: {{ .Values.checksAgent.readinessProbe.timeoutSeconds }} - ports: - - containerPort: 5555 - name: healthport - protocol: TCP - {{- if .Values.all.hardening.enabled}} - securityContext: - privileged: true - runAsUser: 0 # root - capabilities: - add: [ "ALL" ] - readOnlyRootFilesystem: false - {{- else }} - securityContext: - privileged: false - {{- end }} - {{- with .Values.checksAgent.resources }} - resources: - {{- toYaml . | nindent 12 }} - {{- end }} - volumeMounts: - - name: confd-empty-volume - mountPath: /etc/stackstate-agent/conf.d -# setting as readOnly: false because we need the ability to write data on /etc/stackstate-agent/conf.d as we enable checks to run. - readOnly: false - {{- if .Values.checksAgent.config.override }} - {{- range .Values.checksAgent.config.override }} - - name: config-override-volume - mountPath: {{ .path }}/{{ .name }} - subPath: {{ .path | replace "/" "_"}}_{{ .name }} - readOnly: true - {{- end }} - {{- end }} - {{- if .Values.checksAgent.priorityClassName }} - priorityClassName: {{ .Values.checksAgent.priorityClassName }} - {{- end }} - serviceAccountName: {{ .Release.Name }}-checks-agent - nodeSelector: - {{ template "label.os" . }}: {{ .Values.targetSystem }} - {{- with .Values.checksAgent.nodeSelector }} - {{- toYaml . | nindent 8 }} - {{- end }} - {{- with .Values.checksAgent.affinity }} - affinity: - {{- toYaml . | nindent 8 }} - {{- end }} - {{- with .Values.checksAgent.tolerations }} - tolerations: - {{- toYaml . | nindent 8 }} - {{- end }} - volumes: - - name: confd-empty-volume - emptyDir: {} - {{- if .Values.checksAgent.config.override }} - - name: config-override-volume - configMap: - name: {{ .Release.Name }}-checks-agent - {{- end }} -{{- end -}} diff --git a/charts/stackstate/stackstate-k8s-agent/1.0.84/templates/checks-agent-poddisruptionbudget.yaml b/charts/stackstate/stackstate-k8s-agent/1.0.84/templates/checks-agent-poddisruptionbudget.yaml deleted file mode 100644 index 19d3924ea..000000000 --- a/charts/stackstate/stackstate-k8s-agent/1.0.84/templates/checks-agent-poddisruptionbudget.yaml +++ /dev/null @@ -1,23 +0,0 @@ -{{- if .Values.checksAgent.enabled }} -{{- if .Capabilities.APIVersions.Has "policy/v1/PodDisruptionBudget" }} -apiVersion: policy/v1 -{{- else }} -apiVersion: policy/v1beta1 -{{- end }} -kind: PodDisruptionBudget -metadata: - name: {{ .Release.Name }}-checks-agent - labels: -{{ include "stackstate-k8s-agent.labels" . | indent 4 }} -{{ include "stackstate-k8s-agent.global.extraLabels" . | indent 4 }} - app.kubernetes.io/component: checks-agent - annotations: -{{ include "stackstate-k8s-agent.global.extraAnnotations" . | indent 4 }} -spec: - maxUnavailable: 1 - selector: - matchLabels: - app.kubernetes.io/component: checks-agent - app.kubernetes.io/instance: {{ .Release.Name }} - app.kubernetes.io/name: {{ include "stackstate-k8s-agent.name" . }} -{{- end -}} diff --git a/charts/stackstate/stackstate-k8s-agent/1.0.84/templates/checks-agent-serviceaccount.yaml b/charts/stackstate/stackstate-k8s-agent/1.0.84/templates/checks-agent-serviceaccount.yaml deleted file mode 100644 index a90a43589..000000000 --- a/charts/stackstate/stackstate-k8s-agent/1.0.84/templates/checks-agent-serviceaccount.yaml +++ /dev/null @@ -1,16 +0,0 @@ -{{- if .Values.checksAgent.enabled }} -apiVersion: v1 -kind: ServiceAccount -metadata: - name: {{ .Release.Name }}-checks-agent - namespace: {{ .Release.Namespace }} - labels: -{{ include "stackstate-k8s-agent.labels" . | indent 4 }} -{{ include "stackstate-k8s-agent.global.extraLabels" . | indent 4 }} - app.kubernetes.io/component: checks-agent - annotations: -{{ include "stackstate-k8s-agent.global.extraAnnotations" . | indent 4 }} -{{- with .Values.checksAgent.serviceaccount.annotations }} - {{- toYaml . | nindent 4 }} -{{- end }} -{{- end -}} diff --git a/charts/stackstate/stackstate-k8s-agent/1.0.84/templates/cluster-agent-clusterrole.yaml b/charts/stackstate/stackstate-k8s-agent/1.0.84/templates/cluster-agent-clusterrole.yaml deleted file mode 100644 index 021a43ebd..000000000 --- a/charts/stackstate/stackstate-k8s-agent/1.0.84/templates/cluster-agent-clusterrole.yaml +++ /dev/null @@ -1,152 +0,0 @@ -{{- $kubeRes := .Values.clusterAgent.collection.kubernetesResources }} -apiVersion: rbac.authorization.k8s.io/v1 -kind: ClusterRole -metadata: - name: {{ include "stackstate-k8s-agent.fullname" . }} - labels: -{{ include "stackstate-k8s-agent.labels" . | indent 4 }} -{{ include "stackstate-k8s-agent.global.extraLabels" . | indent 4 }} - app.kubernetes.io/component: cluster-agent - annotations: -{{ include "stackstate-k8s-agent.global.extraAnnotations" . | indent 4 }} -rules: -- apiGroups: - - "" - resources: - - events - - nodes - - pods - - services - {{- if $kubeRes.namespaces }} - - namespaces - {{- end }} - {{- if .Values.clusterAgent.collection.kubernetesMetrics }} - - componentstatuses - {{- end }} - {{- if $kubeRes.configmaps }} - - configmaps - {{- end }} - {{- if $kubeRes.endpoints }} - - endpoints - {{- end }} - {{- if $kubeRes.persistentvolumeclaims }} - - persistentvolumeclaims - {{- end }} - {{- if $kubeRes.persistentvolumes }} - - persistentvolumes - {{- end }} - {{- if $kubeRes.secrets }} - - secrets - {{- end }} - {{- if $kubeRes.resourcequotas }} - - resourcequotas - {{- end }} - verbs: - - get - - list - - watch -{{- if or $kubeRes.daemonsets $kubeRes.deployments $kubeRes.replicasets $kubeRes.statefulsets }} -- apiGroups: - - "apps" - resources: - {{- if $kubeRes.daemonsets }} - - daemonsets - {{- end }} - {{- if $kubeRes.deployments }} - - deployments - {{- end }} - {{- if $kubeRes.replicasets }} - - replicasets - {{- end }} - {{- if $kubeRes.statefulsets }} - - statefulsets - {{- end }} - verbs: - - get - - list - - watch -{{- end}} -{{- if $kubeRes.ingresses }} -- apiGroups: - - "extensions" - - "networking.k8s.io" - resources: - - ingresses - verbs: - - get - - list - - watch -{{- end}} -{{- if or $kubeRes.cronjobs $kubeRes.jobs }} -- apiGroups: - - "batch" - resources: - {{- if $kubeRes.cronjobs }} - - cronjobs - {{- end }} - {{- if $kubeRes.jobs }} - - jobs - {{- end }} - verbs: - - get - - list - - watch -{{- end}} -- nonResourceURLs: - - "/healthz" - - "/version" - verbs: - - get -- apiGroups: - - "storage.k8s.io" - resources: - {{- if $kubeRes.volumeattachments }} - - volumeattachments - {{- end }} - {{- if $kubeRes.storageclasses }} - - storageclasses - {{- end }} - verbs: - - get - - list - - watch -- apiGroups: - - "policy" - resources: - {{- if $kubeRes.poddisruptionbudgets }} - - poddisruptionbudgets - {{- end }} - verbs: - - get - - list - - watch -- apiGroups: - - "" - resources: - {{- if $kubeRes.replicationcontrollers }} - - replicationcontrollers - {{- end }} - verbs: - - get - - list - - watch -- apiGroups: - - "autoscaling" - resources: - {{- if $kubeRes.horizontalpodautoscalers }} - - horizontalpodautoscalers - {{- end }} - verbs: - - get - - list - - watch -- apiGroups: - - "" - resources: - {{- if $kubeRes.limitranges }} - - limitranges - {{- end }} - verbs: - - get - - list - - watch diff --git a/charts/stackstate/stackstate-k8s-agent/1.0.84/templates/cluster-agent-clusterrolebinding.yaml b/charts/stackstate/stackstate-k8s-agent/1.0.84/templates/cluster-agent-clusterrolebinding.yaml deleted file mode 100644 index 207613dd9..000000000 --- a/charts/stackstate/stackstate-k8s-agent/1.0.84/templates/cluster-agent-clusterrolebinding.yaml +++ /dev/null @@ -1,19 +0,0 @@ -apiVersion: rbac.authorization.k8s.io/v1 -kind: ClusterRoleBinding -metadata: - name: {{ include "stackstate-k8s-agent.fullname" . }} - labels: -{{ include "stackstate-k8s-agent.labels" . | indent 4 }} -{{ include "stackstate-k8s-agent.global.extraLabels" . | indent 4 }} - app.kubernetes.io/component: cluster-agent - annotations: -{{ include "stackstate-k8s-agent.global.extraAnnotations" . | indent 4 }} -roleRef: - apiGroup: rbac.authorization.k8s.io - kind: ClusterRole - name: {{ include "stackstate-k8s-agent.fullname" . }} -subjects: -- apiGroup: "" - kind: ServiceAccount - name: {{ include "stackstate-k8s-agent.fullname" . }} - namespace: {{ .Release.Namespace }} diff --git a/charts/stackstate/stackstate-k8s-agent/1.0.84/templates/cluster-agent-configmap.yaml b/charts/stackstate/stackstate-k8s-agent/1.0.84/templates/cluster-agent-configmap.yaml deleted file mode 100644 index 37d10217f..000000000 --- a/charts/stackstate/stackstate-k8s-agent/1.0.84/templates/cluster-agent-configmap.yaml +++ /dev/null @@ -1,31 +0,0 @@ -apiVersion: v1 -kind: ConfigMap -metadata: - name: {{ .Release.Name }}-cluster-agent - labels: -{{ include "stackstate-k8s-agent.labels" . | indent 4 }} -{{ include "stackstate-k8s-agent.global.extraLabels" . | indent 4 }} - app.kubernetes.io/component: cluster-agent - annotations: -{{ include "stackstate-k8s-agent.global.extraAnnotations" . | indent 4 }} -data: - kubernetes_api_events_conf: | - init_config: - instances: - - collect_events: {{ .Values.clusterAgent.collection.kubernetesEvents }} - event_categories:{{ .Values.clusterAgent.config.events.categories | toYaml | nindent 10 }} - kubernetes_api_topology_conf: | - init_config: - instances: - - collection_interval: {{ .Values.clusterAgent.config.topology.collectionInterval }} - resources:{{ .Values.clusterAgent.collection.kubernetesResources | toYaml | nindent 10 }} - {{- if .Values.clusterAgent.collection.kubeStateMetrics.enabled }} - kube_state_metrics_core_conf: | - {{- include "cluster-agent-kube-state-metrics" . | nindent 6 }} - {{- end }} -{{- if .Values.clusterAgent.config.override }} -{{- range .Values.clusterAgent.config.override }} - {{ .path | replace "/" "_"}}_{{ .name }}: | -{{ .data | indent 4 -}} -{{- end -}} -{{- end -}} diff --git a/charts/stackstate/stackstate-k8s-agent/1.0.84/templates/cluster-agent-deployment.yaml b/charts/stackstate/stackstate-k8s-agent/1.0.84/templates/cluster-agent-deployment.yaml deleted file mode 100644 index 51025a670..000000000 --- a/charts/stackstate/stackstate-k8s-agent/1.0.84/templates/cluster-agent-deployment.yaml +++ /dev/null @@ -1,169 +0,0 @@ -apiVersion: apps/v1 -kind: Deployment -metadata: - name: {{ .Release.Name }}-cluster-agent - labels: -{{ include "stackstate-k8s-agent.labels" . | indent 4 }} -{{ include "stackstate-k8s-agent.global.extraLabels" . | indent 4 }} - app.kubernetes.io/component: cluster-agent - annotations: -{{ include "stackstate-k8s-agent.global.extraAnnotations" . | indent 4 }} -spec: - replicas: {{ .Values.clusterAgent.replicaCount }} - selector: - matchLabels: - app.kubernetes.io/component: cluster-agent - app.kubernetes.io/instance: {{ .Release.Name }} - app.kubernetes.io/name: {{ include "stackstate-k8s-agent.name" . }} -{{- with .Values.clusterAgent.strategy }} - strategy: - {{- toYaml . | nindent 4 }} -{{- end }} - template: - metadata: - annotations: - {{- include "stackstate-k8s-agent.checksum-configs" . | nindent 8 }} - {{- include "stackstate-k8s-agent.configmap.override.checksum" . | nindent 8 }} -{{ include "stackstate-k8s-agent.global.extraAnnotations" . | indent 8 }} - labels: - app.kubernetes.io/component: cluster-agent - app.kubernetes.io/instance: {{ .Release.Name }} - app.kubernetes.io/name: {{ include "stackstate-k8s-agent.name" . }} -{{ include "stackstate-k8s-agent.global.extraLabels" . | indent 8 }} - spec: - {{- include "stackstate-k8s-agent.image.pullSecrets" (dict "images" (list .Values.clusterAgent.image .Values.all.image) "context" $) | nindent 6 }} - {{- if .Values.clusterAgent.priorityClassName }} - priorityClassName: {{ .Values.clusterAgent.priorityClassName }} - {{- end }} - serviceAccountName: {{ include "stackstate-k8s-agent.fullname" . }} - {{- if .Values.all.hardening.enabled}} - terminationGracePeriodSeconds: 240 - {{- end }} - containers: - - name: cluster-agent - image: "{{ include "stackstate-k8s-agent.imageRegistry" . }}/{{ .Values.clusterAgent.image.repository }}:{{ .Values.clusterAgent.image.tag }}" - imagePullPolicy: "{{ .Values.clusterAgent.image.pullPolicy }}" - {{- if .Values.all.hardening.enabled}} - lifecycle: - preStop: - exec: - command: [ "/bin/sh", "-c", "echo 'Giving slim.ai monitor time to submit data...'; sleep 120" ] - {{- end }} - env: - {{ include "stackstate-k8s-agent.apiKeyEnv" . | nindent 10 }} - {{ include "stackstate-k8s-agent.clusterAgentAuthTokenEnv" . | nindent 10 }} - - name: KUBERNETES_HOSTNAME - valueFrom: - fieldRef: - fieldPath: spec.nodeName - - name: STS_HOSTNAME - value: "$(KUBERNETES_HOSTNAME)-{{ .Values.stackstate.cluster.name}}" - - name: LOG_LEVEL - value: {{ .Values.clusterAgent.logLevel | quote }} - {{- if .Values.checksAgent.enabled }} - - name: STS_CLUSTER_CHECKS_ENABLED - value: "true" - - name: STS_EXTRA_CONFIG_PROVIDERS - value: "kube_endpoints kube_services" - - name: STS_EXTRA_LISTENERS - value: "kube_endpoints kube_services" - {{- end }} - - name: STS_CLUSTER_NAME - value: {{.Values.stackstate.cluster.name | quote }} - - name: STS_SKIP_VALIDATE_CLUSTERNAME - value: "true" - - name: STS_SKIP_SSL_VALIDATION - value: {{ or .Values.global.skipSslValidation .Values.clusterAgent.skipSslValidation | quote }} - - name: STS_COLLECT_KUBERNETES_METRICS - value: {{ .Values.clusterAgent.collection.kubernetesMetrics | quote }} - - name: STS_COLLECT_KUBERNETES_TIMEOUT - value: {{ .Values.clusterAgent.collection.kubernetesTimeout | quote }} - - name: STS_COLLECT_KUBERNETES_TOPOLOGY - value: {{ .Values.clusterAgent.collection.kubernetesTopology | quote }} - - name: STS_LEADER_ELECTION - value: "true" - - name: STS_LOG_LEVEL - value: {{ .Values.clusterAgent.logLevel | quote }} - - name: STS_CLUSTER_AGENT_CMD_PORT - value: {{ .Values.clusterAgent.service.targetPort | quote }} - - name: STS_STS_URL - value: {{ include "stackstate-k8s-agent.stackstate.url" . }} - {{- if .Values.clusterAgent.config.configMap.maxDataSize }} - - name: STS_CONFIGMAP_MAX_DATASIZE - value: {{ .Values.clusterAgent.config.configMap.maxDataSize | quote }} - {{- end}} - {{- if .Values.global.proxy.url }} - - name: STS_PROXY_HTTPS - value: {{ .Values.global.proxy.url | quote }} - - name: STS_PROXY_HTTP - value: {{ .Values.global.proxy.url | quote }} - {{- end }} - {{- range $key, $value := .Values.global.extraEnv.open }} - - name: {{ $key }} - value: {{ $value | quote }} - {{- end }} - {{- range $key, $value := .Values.global.extraEnv.secret }} - - name: {{ $key }} - valueFrom: - secretKeyRef: - name: {{ include "stackstate-k8s-agent.fullname" . }} - key: {{ $key }} - {{- end }} - {{- if .Values.all.hardening.enabled}} - securityContext: - privileged: true - runAsUser: 0 # root - capabilities: - add: [ "ALL" ] - readOnlyRootFilesystem: false - {{- else }} - securityContext: - privileged: false - {{- end }} - {{- with .Values.clusterAgent.resources }} - resources: - {{- toYaml . | nindent 12 }} - {{- end }} - volumeMounts: - - name: logs - mountPath: /var/log/stackstate-agent - - name: config-override-volume - mountPath: /etc/stackstate-agent/conf.d/kubernetes_api_events.d/conf.yaml - subPath: kubernetes_api_events_conf - - name: config-override-volume - mountPath: /etc/stackstate-agent/conf.d/kubernetes_api_topology.d/conf.yaml - subPath: kubernetes_api_topology_conf - readOnly: true - {{- if .Values.clusterAgent.collection.kubeStateMetrics.enabled }} - - name: config-override-volume - mountPath: /etc/stackstate-agent/conf.d/kubernetes_state_core.d/conf.yaml - subPath: kube_state_metrics_core_conf - readOnly: true - {{- end }} - {{- if .Values.clusterAgent.config.override }} - {{- range .Values.clusterAgent.config.override }} - - name: config-override-volume - mountPath: {{ .path }}/{{ .name }} - subPath: {{ .path | replace "/" "_"}}_{{ .name }} - readOnly: true - {{- end }} - {{- end }} - nodeSelector: - {{ template "label.os" . }}: {{ .Values.targetSystem }} - {{- with .Values.clusterAgent.nodeSelector }} - {{- toYaml . | nindent 8 }} - {{- end }} - {{- with .Values.clusterAgent.affinity }} - affinity: - {{- toYaml . | nindent 8 }} - {{- end }} - {{- with .Values.clusterAgent.tolerations }} - tolerations: - {{- toYaml . | nindent 8 }} - {{- end }} - volumes: - - name: logs - emptyDir: {} - - name: config-override-volume - configMap: - name: {{ .Release.Name }}-cluster-agent diff --git a/charts/stackstate/stackstate-k8s-agent/1.0.84/templates/cluster-agent-poddisruptionbudget.yaml b/charts/stackstate/stackstate-k8s-agent/1.0.84/templates/cluster-agent-poddisruptionbudget.yaml deleted file mode 100644 index 64a265b7d..000000000 --- a/charts/stackstate/stackstate-k8s-agent/1.0.84/templates/cluster-agent-poddisruptionbudget.yaml +++ /dev/null @@ -1,21 +0,0 @@ -{{- if .Capabilities.APIVersions.Has "policy/v1/PodDisruptionBudget" }} -apiVersion: policy/v1 -{{- else }} -apiVersion: policy/v1beta1 -{{- end }} -kind: PodDisruptionBudget -metadata: - name: {{ include "stackstate-k8s-agent.fullname" . }} - labels: -{{ include "stackstate-k8s-agent.labels" . | indent 4 }} -{{ include "stackstate-k8s-agent.global.extraLabels" . | indent 4 }} - app.kubernetes.io/component: cluster-agent - annotations: -{{ include "stackstate-k8s-agent.global.extraAnnotations" . | indent 4 }} -spec: - maxUnavailable: 1 - selector: - matchLabels: - app.kubernetes.io/component: cluster-agent - app.kubernetes.io/instance: {{ .Release.Name }} - app.kubernetes.io/name: {{ include "stackstate-k8s-agent.name" . }} diff --git a/charts/stackstate/stackstate-k8s-agent/1.0.84/templates/cluster-agent-role.yaml b/charts/stackstate/stackstate-k8s-agent/1.0.84/templates/cluster-agent-role.yaml deleted file mode 100644 index eabc5bde3..000000000 --- a/charts/stackstate/stackstate-k8s-agent/1.0.84/templates/cluster-agent-role.yaml +++ /dev/null @@ -1,21 +0,0 @@ -{{- $kubeRes := .Values.clusterAgent.collection.kubernetesResources }} -apiVersion: rbac.authorization.k8s.io/v1 -kind: Role -metadata: - name: {{ include "stackstate-k8s-agent.fullname" . }} - labels: -{{ include "stackstate-k8s-agent.labels" . | indent 4 }} -{{ include "stackstate-k8s-agent.global.extraLabels" . | indent 4 }} - app.kubernetes.io/component: cluster-agent - annotations: -{{ include "stackstate-k8s-agent.global.extraAnnotations" . | indent 4 }} -rules: -- apiGroups: - - "" - resources: - - configmaps - verbs: - - create - - get - - patch - - update diff --git a/charts/stackstate/stackstate-k8s-agent/1.0.84/templates/cluster-agent-rolebinding.yaml b/charts/stackstate/stackstate-k8s-agent/1.0.84/templates/cluster-agent-rolebinding.yaml deleted file mode 100644 index adabad45e..000000000 --- a/charts/stackstate/stackstate-k8s-agent/1.0.84/templates/cluster-agent-rolebinding.yaml +++ /dev/null @@ -1,18 +0,0 @@ -apiVersion: rbac.authorization.k8s.io/v1 -kind: RoleBinding -metadata: - name: {{ include "stackstate-k8s-agent.fullname" . }} - labels: -{{ include "stackstate-k8s-agent.labels" . | indent 4 }} -{{ include "stackstate-k8s-agent.global.extraLabels" . | indent 4 }} - app.kubernetes.io/component: cluster-agent - annotations: -{{ include "stackstate-k8s-agent.global.extraAnnotations" . | indent 4 }} -roleRef: - apiGroup: rbac.authorization.k8s.io - kind: Role - name: {{ include "stackstate-k8s-agent.fullname" . }} -subjects: -- apiGroup: "" - kind: ServiceAccount - name: {{ include "stackstate-k8s-agent.fullname" . }} diff --git a/charts/stackstate/stackstate-k8s-agent/1.0.84/templates/cluster-agent-service.yaml b/charts/stackstate/stackstate-k8s-agent/1.0.84/templates/cluster-agent-service.yaml deleted file mode 100644 index 8b687e8f7..000000000 --- a/charts/stackstate/stackstate-k8s-agent/1.0.84/templates/cluster-agent-service.yaml +++ /dev/null @@ -1,21 +0,0 @@ -apiVersion: v1 -kind: Service -metadata: - name: {{ .Release.Name }}-cluster-agent - namespace: {{ .Release.Namespace }} - labels: -{{ include "stackstate-k8s-agent.labels" . | indent 4 }} -{{ include "stackstate-k8s-agent.global.extraLabels" . | indent 4 }} - app.kubernetes.io/component: cluster-agent - annotations: -{{ include "stackstate-k8s-agent.global.extraAnnotations" . | indent 4 }} -spec: - ports: - - name: clusteragent - port: {{int .Values.clusterAgent.service.port }} - protocol: TCP - targetPort: {{int .Values.clusterAgent.service.targetPort }} - selector: - app.kubernetes.io/component: cluster-agent - app.kubernetes.io/instance: {{ .Release.Name }} - app.kubernetes.io/name: {{ include "stackstate-k8s-agent.name" . }} diff --git a/charts/stackstate/stackstate-k8s-agent/1.0.84/templates/cluster-agent-serviceaccount.yaml b/charts/stackstate/stackstate-k8s-agent/1.0.84/templates/cluster-agent-serviceaccount.yaml deleted file mode 100644 index 6cbc89699..000000000 --- a/charts/stackstate/stackstate-k8s-agent/1.0.84/templates/cluster-agent-serviceaccount.yaml +++ /dev/null @@ -1,14 +0,0 @@ -apiVersion: v1 -kind: ServiceAccount -metadata: - name: {{ include "stackstate-k8s-agent.fullname" . }} - namespace: {{ .Release.Namespace }} - labels: -{{ include "stackstate-k8s-agent.labels" . | indent 4 }} -{{ include "stackstate-k8s-agent.global.extraLabels" . | indent 4 }} - app.kubernetes.io/component: cluster-agent - annotations: -{{ include "stackstate-k8s-agent.global.extraAnnotations" . | indent 4 }} -{{- with .Values.clusterAgent.serviceaccount.annotations }} - {{- toYaml . | nindent 4 }} -{{- end }} diff --git a/charts/stackstate/stackstate-k8s-agent/1.0.84/templates/logs-agent-clusterrole.yaml b/charts/stackstate/stackstate-k8s-agent/1.0.84/templates/logs-agent-clusterrole.yaml deleted file mode 100644 index da6cd59dd..000000000 --- a/charts/stackstate/stackstate-k8s-agent/1.0.84/templates/logs-agent-clusterrole.yaml +++ /dev/null @@ -1,23 +0,0 @@ -{{- if .Values.logsAgent.enabled }} -apiVersion: rbac.authorization.k8s.io/v1 -kind: ClusterRole -metadata: - name: {{ .Release.Name }}-logs-agent - labels: -{{ include "stackstate-k8s-agent.labels" . | indent 4 }} -{{ include "stackstate-k8s-agent.global.extraLabels" . | indent 4 }} - app.kubernetes.io/component: logs-agent - annotations: -{{ include "stackstate-k8s-agent.global.extraAnnotations" . | indent 4 }} -rules: -- apiGroups: # Kubelet connectivity - - "" - resources: - - nodes - - services - - pods - verbs: - - get - - watch - - list -{{- end -}} diff --git a/charts/stackstate/stackstate-k8s-agent/1.0.84/templates/logs-agent-clusterrolebinding.yaml b/charts/stackstate/stackstate-k8s-agent/1.0.84/templates/logs-agent-clusterrolebinding.yaml deleted file mode 100644 index 1f6e7cfcf..000000000 --- a/charts/stackstate/stackstate-k8s-agent/1.0.84/templates/logs-agent-clusterrolebinding.yaml +++ /dev/null @@ -1,21 +0,0 @@ -{{- if .Values.logsAgent.enabled }} -apiVersion: rbac.authorization.k8s.io/v1 -kind: ClusterRoleBinding -metadata: - name: {{ .Release.Name }}-logs-agent - labels: -{{ include "stackstate-k8s-agent.labels" . | indent 4 }} -{{ include "stackstate-k8s-agent.global.extraLabels" . | indent 4 }} - app.kubernetes.io/component: logs-agent - annotations: -{{ include "stackstate-k8s-agent.global.extraAnnotations" . | indent 4 }} -roleRef: - apiGroup: rbac.authorization.k8s.io - kind: ClusterRole - name: {{ .Release.Name }}-logs-agent -subjects: -- apiGroup: "" - kind: ServiceAccount - name: {{ .Release.Name }}-logs-agent - namespace: {{ .Release.Namespace }} -{{- end -}} diff --git a/charts/stackstate/stackstate-k8s-agent/1.0.84/templates/logs-agent-configmap.yaml b/charts/stackstate/stackstate-k8s-agent/1.0.84/templates/logs-agent-configmap.yaml deleted file mode 100644 index ff9440a4b..000000000 --- a/charts/stackstate/stackstate-k8s-agent/1.0.84/templates/logs-agent-configmap.yaml +++ /dev/null @@ -1,63 +0,0 @@ -{{- if .Values.logsAgent.enabled }} -apiVersion: v1 -kind: ConfigMap -metadata: - name: {{ .Release.Name }}-logs-agent - labels: -{{ include "stackstate-k8s-agent.labels" . | indent 4 }} -{{ include "stackstate-k8s-agent.global.extraLabels" . | indent 4 }} - app.kubernetes.io/component: logs-agent - annotations: -{{ include "stackstate-k8s-agent.global.extraAnnotations" . | indent 4 }} -data: - promtail.yaml: | - server: - http_listen_port: 9080 - grpc_listen_port: 0 - - clients: - - url: {{ tpl .Values.stackstate.url . }}/logs/k8s?api_key=${STS_API_KEY} - external_labels: - sts_cluster_name: {{ .Values.stackstate.cluster.name | quote }} - {{- if .Values.global.proxy.url }} - proxy_url: {{ .Values.global.proxy.url | quote }} - {{- end }} - tls_config: - insecure_skip_verify: {{ or .Values.global.skipSslValidation .Values.logsAgent.skipSslValidation }} - - - positions: - filename: /tmp/positions.yaml - target_config: - sync_period: 10s - scrape_configs: - - job_name: pod-logs - kubernetes_sd_configs: - - role: pod - pipeline_stages: - - docker: {} - - cri: {} - relabel_configs: - - action: replace - source_labels: - - __meta_kubernetes_pod_name - target_label: pod_name - - action: replace - source_labels: - - __meta_kubernetes_pod_uid - target_label: pod_uid - - action: replace - source_labels: - - __meta_kubernetes_pod_container_name - target_label: container_name - # The __path__ is required by the promtail client - - replacement: /var/log/pods/*$1/*.log - separator: / - source_labels: - - __meta_kubernetes_pod_uid - - __meta_kubernetes_pod_container_name - target_label: __path__ - # Drop all remaining labels, we do not need those - - action: drop - regex: __meta_(.*) -{{- end -}} diff --git a/charts/stackstate/stackstate-k8s-agent/1.0.84/templates/logs-agent-daemonset.yaml b/charts/stackstate/stackstate-k8s-agent/1.0.84/templates/logs-agent-daemonset.yaml deleted file mode 100644 index 23cfce31f..000000000 --- a/charts/stackstate/stackstate-k8s-agent/1.0.84/templates/logs-agent-daemonset.yaml +++ /dev/null @@ -1,91 +0,0 @@ -{{- if .Values.logsAgent.enabled }} -apiVersion: apps/v1 -kind: DaemonSet -metadata: - name: {{ .Release.Name }}-logs-agent - namespace: {{ .Release.Namespace }} - labels: -{{ include "stackstate-k8s-agent.labels" . | indent 4 }} -{{ include "stackstate-k8s-agent.global.extraLabels" . | indent 4 }} - app.kubernetes.io/component: logs-agent - annotations: -{{ include "stackstate-k8s-agent.global.extraAnnotations" . | indent 4 }} -spec: - selector: - matchLabels: - app.kubernetes.io/component: logs-agent - app.kubernetes.io/instance: {{ .Release.Name }} - app.kubernetes.io/name: {{ include "stackstate-k8s-agent.name" . }} -{{- with .Values.logsAgent.updateStrategy }} - updateStrategy: - {{- toYaml . | nindent 4 }} -{{- end }} - template: - metadata: - annotations: - {{- include "stackstate-k8s-agent.checksum-configs" . | nindent 8 }} - {{- include "stackstate-k8s-agent.logsAgent.configmap.override.checksum" . | nindent 8 }} -{{ include "stackstate-k8s-agent.global.extraAnnotations" . | indent 8 }} - labels: - app.kubernetes.io/component: logs-agent - app.kubernetes.io/instance: {{ .Release.Name }} - app.kubernetes.io/name: {{ include "stackstate-k8s-agent.name" . }} -{{ include "stackstate-k8s-agent.global.extraLabels" . | indent 8 }} - spec: - {{- include "stackstate-k8s-agent.image.pullSecrets" (dict "images" (list .Values.logsAgent.image .Values.all.image) "context" $) | nindent 6 }} - containers: - - name: logs-agent - image: "{{ include "stackstate-k8s-agent.imageRegistry" . }}/{{ .Values.logsAgent.image.repository }}:{{ .Values.logsAgent.image.tag }}" - args: - - -config.expand-env=true - - -config.file=/etc/promtail/promtail.yaml - imagePullPolicy: "{{ .Values.logsAgent.image.pullPolicy }}" - env: - {{ include "stackstate-k8s-agent.apiKeyEnv" . | nindent 10 }} - - name: "HOSTNAME" # needed when using kubernetes_sd_configs - valueFrom: - fieldRef: - fieldPath: "spec.nodeName" - securityContext: - privileged: false - {{- with .Values.logsAgent.resources }} - resources: - {{- toYaml . | nindent 12 }} - {{- end }} - volumeMounts: - - name: logs - mountPath: /var/log - readOnly: true - - name: logs-agent-config - mountPath: /etc/promtail - readOnly: true - - name: varlibdockercontainers - mountPath: /var/lib/docker/containers - readOnly: true - {{- if .Values.logsAgent.priorityClassName }} - priorityClassName: {{ .Values.logsAgent.priorityClassName }} - {{- end }} - serviceAccountName: {{ .Release.Name }}-logs-agent - {{- with .Values.logsAgent.nodeSelector }} - nodeSelector: - {{- toYaml . | nindent 8 }} - {{- end }} - {{- with .Values.logsAgent.affinity }} - affinity: - {{- toYaml . | nindent 8 }} - {{- end }} - {{- with .Values.logsAgent.tolerations }} - tolerations: - {{- toYaml . | nindent 8 }} - {{- end }} - volumes: - - name: logs - hostPath: - path: /var/log - - name: varlibdockercontainers - hostPath: - path: /var/lib/docker/containers - - name: logs-agent-config - configMap: - name: {{ .Release.Name }}-logs-agent -{{- end -}} diff --git a/charts/stackstate/stackstate-k8s-agent/1.0.84/templates/logs-agent-serviceaccount.yaml b/charts/stackstate/stackstate-k8s-agent/1.0.84/templates/logs-agent-serviceaccount.yaml deleted file mode 100644 index 91cfdb137..000000000 --- a/charts/stackstate/stackstate-k8s-agent/1.0.84/templates/logs-agent-serviceaccount.yaml +++ /dev/null @@ -1,16 +0,0 @@ -{{- if .Values.logsAgent.enabled }} -apiVersion: v1 -kind: ServiceAccount -metadata: - name: {{ .Release.Name }}-logs-agent - namespace: {{ .Release.Namespace }} - labels: -{{ include "stackstate-k8s-agent.labels" . | indent 4 }} -{{ include "stackstate-k8s-agent.global.extraLabels" . | indent 4 }} - app.kubernetes.io/component: logs-agent - annotations: -{{ include "stackstate-k8s-agent.global.extraAnnotations" . | indent 4 }} -{{- with .Values.logsAgent.serviceaccount.annotations }} - {{- toYaml . | nindent 4 }} -{{- end }} -{{- end -}} diff --git a/charts/stackstate/stackstate-k8s-agent/1.0.84/templates/node-agent-clusterrole.yaml b/charts/stackstate/stackstate-k8s-agent/1.0.84/templates/node-agent-clusterrole.yaml deleted file mode 100644 index 1ded16cc2..000000000 --- a/charts/stackstate/stackstate-k8s-agent/1.0.84/templates/node-agent-clusterrole.yaml +++ /dev/null @@ -1,21 +0,0 @@ -apiVersion: rbac.authorization.k8s.io/v1 -kind: ClusterRole -metadata: - name: {{ .Release.Name }}-node-agent - labels: -{{ include "stackstate-k8s-agent.labels" . | indent 4 }} -{{ include "stackstate-k8s-agent.global.extraLabels" . | indent 4 }} - app.kubernetes.io/component: node-agent - annotations: -{{ include "stackstate-k8s-agent.global.extraAnnotations" . | indent 4 }} -rules: -- apiGroups: # Kubelet connectivity - - "" - resources: - - nodes/metrics - - nodes/proxy - - nodes/spec - - endpoints - verbs: - - get - - list diff --git a/charts/stackstate/stackstate-k8s-agent/1.0.84/templates/node-agent-clusterrolebinding.yaml b/charts/stackstate/stackstate-k8s-agent/1.0.84/templates/node-agent-clusterrolebinding.yaml deleted file mode 100644 index b3f033ebb..000000000 --- a/charts/stackstate/stackstate-k8s-agent/1.0.84/templates/node-agent-clusterrolebinding.yaml +++ /dev/null @@ -1,19 +0,0 @@ -apiVersion: rbac.authorization.k8s.io/v1 -kind: ClusterRoleBinding -metadata: - name: {{ .Release.Name }}-node-agent - labels: -{{ include "stackstate-k8s-agent.labels" . | indent 4 }} -{{ include "stackstate-k8s-agent.global.extraLabels" . | indent 4 }} - app.kubernetes.io/component: node-agent - annotations: -{{ include "stackstate-k8s-agent.global.extraAnnotations" . | indent 4 }} -roleRef: - apiGroup: rbac.authorization.k8s.io - kind: ClusterRole - name: {{ .Release.Name }}-node-agent -subjects: -- apiGroup: "" - kind: ServiceAccount - name: {{ .Release.Name }}-node-agent - namespace: {{ .Release.Namespace }} diff --git a/charts/stackstate/stackstate-k8s-agent/1.0.84/templates/node-agent-configmap.yaml b/charts/stackstate/stackstate-k8s-agent/1.0.84/templates/node-agent-configmap.yaml deleted file mode 100644 index 8f6b2ed3a..000000000 --- a/charts/stackstate/stackstate-k8s-agent/1.0.84/templates/node-agent-configmap.yaml +++ /dev/null @@ -1,17 +0,0 @@ -{{- if .Values.nodeAgent.config.override }} -apiVersion: v1 -kind: ConfigMap -metadata: - name: {{ .Release.Name }}-node-agent - labels: -{{ include "stackstate-k8s-agent.labels" . | indent 4 }} -{{ include "stackstate-k8s-agent.global.extraLabels" . | indent 4 }} - app.kubernetes.io/component: node-agent - annotations: -{{ include "stackstate-k8s-agent.global.extraAnnotations" . | indent 4 }} -data: -{{- range .Values.nodeAgent.config.override }} - {{ .path | replace "/" "_"}}_{{ .name }}: | -{{ .data | indent 4 -}} -{{- end -}} -{{- end -}} diff --git a/charts/stackstate/stackstate-k8s-agent/1.0.84/templates/node-agent-daemonset.yaml b/charts/stackstate/stackstate-k8s-agent/1.0.84/templates/node-agent-daemonset.yaml deleted file mode 100644 index 4c8dbdd5a..000000000 --- a/charts/stackstate/stackstate-k8s-agent/1.0.84/templates/node-agent-daemonset.yaml +++ /dev/null @@ -1,110 +0,0 @@ ---- -apiVersion: apps/v1 -kind: DaemonSet -metadata: - name: {{ .Release.Name }}-node-agent - namespace: {{ .Release.Namespace }} - labels: -{{ include "stackstate-k8s-agent.labels" . | indent 4 }} -{{ include "stackstate-k8s-agent.global.extraLabels" . | indent 4 }} - app.kubernetes.io/component: node-agent - annotations: -{{ include "stackstate-k8s-agent.global.extraAnnotations" . | indent 4 }} -spec: - selector: - matchLabels: - app.kubernetes.io/component: node-agent - app.kubernetes.io/instance: {{ .Release.Name }} - app.kubernetes.io/name: {{ include "stackstate-k8s-agent.name" . }} -{{- with .Values.nodeAgent.updateStrategy }} - updateStrategy: - {{- toYaml . | nindent 4 }} -{{- end }} - template: - metadata: - annotations: - {{- include "stackstate-k8s-agent.checksum-configs" . | nindent 8 }} - {{- include "stackstate-k8s-agent.nodeAgent.configmap.override.checksum" . | nindent 8 }} -{{ include "stackstate-k8s-agent.global.extraAnnotations" . | indent 8 }} - labels: - app.kubernetes.io/component: node-agent - app.kubernetes.io/instance: {{ .Release.Name }} - app.kubernetes.io/name: {{ include "stackstate-k8s-agent.name" . }} -{{ include "stackstate-k8s-agent.global.extraLabels" . | indent 8 }} - spec: - {{- include "stackstate-k8s-agent.image.pullSecrets" (dict "images" (list .Values.nodeAgent.containers.agent.image .Values.all.image) "context" $) | nindent 6 }} - {{- if .Values.all.hardening.enabled}} - terminationGracePeriodSeconds: 240 - {{- end }} - containers: - {{- include "container-agent" . | nindent 6 }} - {{- if .Values.nodeAgent.containers.processAgent.enabled }} - {{- include "container-process-agent" . | nindent 6 }} - {{- end }} - dnsPolicy: ClusterFirstWithHostNet - hostNetwork: true - hostPID: true - {{- if .Values.nodeAgent.priorityClassName }} - priorityClassName: {{ .Values.nodeAgent.priorityClassName }} - {{- end }} - serviceAccountName: {{ .Release.Name }}-node-agent - nodeSelector: - {{ template "label.os" . }}: {{ .Values.targetSystem }} - {{- with .Values.nodeAgent.nodeSelector }} - {{- toYaml . | nindent 8 }} - {{- end }} - {{- with .Values.nodeAgent.affinity }} - affinity: - {{- toYaml . | nindent 8 }} - {{- end }} - {{- with .Values.nodeAgent.tolerations }} - tolerations: - {{- toYaml . | nindent 8 }} - {{- end }} - volumes: - {{- if .Values.nodeAgent.containerRuntime.customSocketPath }} - - hostPath: - path: {{ .Values.nodeAgent.containerRuntime.customSocketPath }} - name: customcrisocket - {{- end }} - - hostPath: - path: /var/lib/kubelet - name: kubelet - - hostPath: - path: /var/lib/nfs - name: nfs - - hostPath: - path: /var/lib/docker/overlay2 - name: dockeroverlay2 - - hostPath: - path: /run/docker/netns - name: dockernetns - - hostPath: - path: /var/run/crio/crio.sock - name: crisocket - - hostPath: - path: /var/run/containerd/containerd.sock - name: containerdsocket - - hostPath: - path: /sys/kernel/debug - name: sys-kernel-debug - - hostPath: - path: /var/run/docker.sock - name: dockersocket - - hostPath: - path: {{ .Values.nodeAgent.containerRuntime.hostProc }} - name: procdir - - hostPath: - path: /etc - name: etcdir - - hostPath: - path: /etc/passwd - name: passwd - - hostPath: - path: /sys/fs/cgroup - name: cgroups - {{- if .Values.nodeAgent.config.override }} - - name: config-override-volume - configMap: - name: {{ .Release.Name }}-node-agent - {{- end }} diff --git a/charts/stackstate/stackstate-k8s-agent/1.0.84/templates/node-agent-podautoscaler.yaml b/charts/stackstate/stackstate-k8s-agent/1.0.84/templates/node-agent-podautoscaler.yaml deleted file mode 100644 index 38298d414..000000000 --- a/charts/stackstate/stackstate-k8s-agent/1.0.84/templates/node-agent-podautoscaler.yaml +++ /dev/null @@ -1,39 +0,0 @@ ---- -{{- if .Values.nodeAgent.autoScalingEnabled }} -apiVersion: "autoscaling.k8s.io/v1" -kind: VerticalPodAutoscaler -metadata: - name: {{ .Release.Name }}-node-agent-vpa - namespace: {{ .Release.Namespace }} - labels: -{{ include "stackstate-k8s-agent.global.extraLabels" . | indent 4 }} - annotations: -{{ include "stackstate-k8s-agent.global.extraAnnotations" . | indent 4 }} -spec: - targetRef: - apiVersion: "apps/v1" - kind: DaemonSet - name: {{ .Release.Name }}-node-agent - resourcePolicy: - containerPolicies: - - containerName: 'node-agent' - minAllowed: - cpu: {{ .Values.nodeAgent.scaling.autoscalerLimits.agent.minimum.cpu }} - memory: {{ .Values.nodeAgent.scaling.autoscalerLimits.agent.minimum.memory }} - maxAllowed: - cpu: {{ .Values.nodeAgent.scaling.autoscalerLimits.agent.maximum.cpu }} - memory: {{ .Values.nodeAgent.scaling.autoscalerLimits.agent.maximum.memory }} - controlledResources: ["cpu", "memory"] - controlledValues: RequestsAndLimits - - containerName: 'process-agent' - minAllowed: - cpu: {{ .Values.nodeAgent.scaling.autoscalerLimits.processAgent.minimum.cpu }} - memory: {{ .Values.nodeAgent.scaling.autoscalerLimits.processAgent.minimum.memory }} - maxAllowed: - cpu: {{ .Values.nodeAgent.scaling.autoscalerLimits.processAgent.maximum.cpu }} - memory: {{ .Values.nodeAgent.scaling.autoscalerLimits.processAgent.maximum.memory }} - controlledResources: ["cpu", "memory"] - controlledValues: RequestsAndLimits - updatePolicy: - updateMode: "Auto" -{{- end }} diff --git a/charts/stackstate/stackstate-k8s-agent/1.0.84/templates/node-agent-scc.yaml b/charts/stackstate/stackstate-k8s-agent/1.0.84/templates/node-agent-scc.yaml deleted file mode 100644 index a09da78c1..000000000 --- a/charts/stackstate/stackstate-k8s-agent/1.0.84/templates/node-agent-scc.yaml +++ /dev/null @@ -1,60 +0,0 @@ -{{- if .Values.nodeAgent.scc.enabled }} -allowHostDirVolumePlugin: true -# was true -allowHostIPC: true -# was true -allowHostNetwork: true -# Allow host PID for dogstatsd origin detection -allowHostPID: true -# Allow host ports for dsd / trace / logs intake -allowHostPorts: true -allowPrivilegeEscalation: true -# was true -allowPrivilegedContainer: true -# was - '*' -allowedCapabilities: [] -allowedUnsafeSysctls: -- '*' -apiVersion: security.openshift.io/v1 -defaultAddCapabilities: null -fsGroup: -# was RunAsAny - type: MustRunAs -groups: [] -kind: SecurityContextConstraints -metadata: - name: {{ .Release.Name }}-node-agent - namespace: {{ .Release.Namespace }} - labels: -{{ include "stackstate-k8s-agent.global.extraLabels" . | indent 4 }} - annotations: -{{ include "stackstate-k8s-agent.global.extraAnnotations" . | indent 4 }} -priority: null -readOnlyRootFilesystem: false -requiredDropCapabilities: null -# was RunAsAny -runAsUser: - type: MustRunAsRange -# Use the `spc_t` selinux type to access the -# docker socket + proc and cgroup stats -seLinuxContext: - type: RunAsAny - seLinuxOptions: - user: "system_u" - role: "system_r" - type: "spc_t" - level: "s0" -# was - '*' -seccompProfiles: [] -supplementalGroups: - type: RunAsAny -users: -- system:serviceaccount:{{ .Release.Namespace }}:{{ .Release.Name }}-node-agent -# Allow hostPath for docker / process metrics -volumes: - - configMap - - downwardAPI - - emptyDir - - hostPath - - secret -{{- end }} diff --git a/charts/stackstate/stackstate-k8s-agent/1.0.84/templates/node-agent-service.yaml b/charts/stackstate/stackstate-k8s-agent/1.0.84/templates/node-agent-service.yaml deleted file mode 100644 index 0b6cd6ec0..000000000 --- a/charts/stackstate/stackstate-k8s-agent/1.0.84/templates/node-agent-service.yaml +++ /dev/null @@ -1,28 +0,0 @@ -apiVersion: v1 -kind: Service -metadata: - name: {{ .Release.Name }}-node-agent - namespace: {{ .Release.Namespace }} - labels: -{{ include "stackstate-k8s-agent.labels" . | indent 4 }} -{{ include "stackstate-k8s-agent.global.extraLabels" . | indent 4 }} - app.kubernetes.io/component: node-agent - annotations: -{{ include "stackstate-k8s-agent.global.extraAnnotations" . | indent 4 }} -{{- with .Values.nodeAgent.service.annotations }} - {{- toYaml . | nindent 4 }} -{{- end }} -spec: - type: {{ .Values.nodeAgent.service.type }} -{{- if eq .Values.nodeAgent.service.type "LoadBalancer" }} - loadBalancerSourceRanges: {{ toYaml .Values.nodeAgent.service.loadBalancerSourceRanges | nindent 4}} -{{- end }} - ports: - - name: traceport - port: 8126 - protocol: TCP - targetPort: 8126 - selector: - app.kubernetes.io/component: node-agent - app.kubernetes.io/instance: {{ .Release.Name }} - app.kubernetes.io/name: {{ include "stackstate-k8s-agent.name" . }} diff --git a/charts/stackstate/stackstate-k8s-agent/1.0.84/templates/node-agent-serviceaccount.yaml b/charts/stackstate/stackstate-k8s-agent/1.0.84/templates/node-agent-serviceaccount.yaml deleted file mode 100644 index 803d184ef..000000000 --- a/charts/stackstate/stackstate-k8s-agent/1.0.84/templates/node-agent-serviceaccount.yaml +++ /dev/null @@ -1,14 +0,0 @@ -apiVersion: v1 -kind: ServiceAccount -metadata: - name: {{ .Release.Name }}-node-agent - namespace: {{ .Release.Namespace }} - labels: -{{ include "stackstate-k8s-agent.labels" . | indent 4 }} -{{ include "stackstate-k8s-agent.global.extraLabels" . | indent 4 }} - app.kubernetes.io/component: node-agent - annotations: -{{ include "stackstate-k8s-agent.global.extraAnnotations" . | indent 4 }} -{{- with .Values.nodeAgent.serviceaccount.annotations }} - {{- toYaml . | nindent 4 }} -{{- end }} diff --git a/charts/stackstate/stackstate-k8s-agent/1.0.84/templates/openshift-logging-secret.yaml b/charts/stackstate/stackstate-k8s-agent/1.0.84/templates/openshift-logging-secret.yaml deleted file mode 100644 index ed0707f1f..000000000 --- a/charts/stackstate/stackstate-k8s-agent/1.0.84/templates/openshift-logging-secret.yaml +++ /dev/null @@ -1,22 +0,0 @@ -{{- if not .Values.stackstate.manageOwnSecrets }} -{{- if .Values.openShiftLogging.installSecret }} -apiVersion: v1 -kind: Secret -metadata: - name: {{ include "stackstate-k8s-agent.fullname" . }}-logging-secret - namespace: openshift-logging - labels: -{{ include "stackstate-k8s-agent.labels" . | indent 4 }} -{{ include "stackstate-k8s-agent.global.extraLabels" . | indent 4 }} - annotations: -{{ include "stackstate-k8s-agent.global.extraAnnotations" . | indent 4 }} -type: Opaque -data: - username: {{ "apikey" | b64enc | quote }} -{{- if .Values.global.receiverApiKey }} - password: {{ .Values.global.receiverApiKey | b64enc | quote }} -{{- else }} - password: {{ .Values.stackstate.apiKey | b64enc | quote }} -{{- end }} -{{- end }} -{{- end }} diff --git a/charts/stackstate/stackstate-k8s-agent/1.0.84/templates/pull-secret.yaml b/charts/stackstate/stackstate-k8s-agent/1.0.84/templates/pull-secret.yaml deleted file mode 100644 index 916941665..000000000 --- a/charts/stackstate/stackstate-k8s-agent/1.0.84/templates/pull-secret.yaml +++ /dev/null @@ -1,39 +0,0 @@ -{{- $defaultRegistry := .Values.global.imageRegistry }} -{{- $top := . }} -{{- $registryAuthMap := dict }} - -{{- range $registry, $credentials := .Values.global.imagePullCredentials }} - {{- $registryAuthDocument := dict -}} - {{- $_ := set $registryAuthDocument "username" $credentials.username }} - {{- $_ := set $registryAuthDocument "password" $credentials.password }} - {{- $authMessage := printf "%s:%s" $registryAuthDocument.username $registryAuthDocument.password | b64enc }} - {{- $_ := set $registryAuthDocument "auth" $authMessage }} - {{- if eq $registry "default" }} - {{- $registryAuthMap := set $registryAuthMap (include "stackstate-k8s-agent.imageRegistry" $top) $registryAuthDocument }} - {{ else }} - {{- $registryAuthMap := set $registryAuthMap $registry $registryAuthDocument }} - {{- end }} -{{- end }} - -{{- if .Values.all.image.pullSecretUsername }} - {{- $registryAuthDocument := dict -}} - {{- $_ := set $registryAuthDocument "username" .Values.all.image.pullSecretUsername }} - {{- $_ := set $registryAuthDocument "password" .Values.all.image.pullSecretPassword }} - {{- $authMessage := printf "%s:%s" $registryAuthDocument.username $registryAuthDocument.password | b64enc }} - {{- $_ := set $registryAuthDocument "auth" $authMessage }} - {{- $registryAuthMap := set $registryAuthMap (include "stackstate-k8s-agent.imageRegistry" $top) $registryAuthDocument }} -{{- end }} - -{{- $dockerAuthsDocuments := dict "auths" $registryAuthMap }} - -apiVersion: v1 -kind: Secret -metadata: - name: {{ include "stackstate-k8s-agent.pull-secret.name" . }} - labels: -{{ include "stackstate-k8s-agent.global.extraLabels" . | indent 4 }} - annotations: -{{ include "stackstate-k8s-agent.global.extraAnnotations" . | indent 4 }} -data: - .dockerconfigjson: {{ $dockerAuthsDocuments | toJson | b64enc | quote }} -type: kubernetes.io/dockerconfigjson diff --git a/charts/stackstate/stackstate-k8s-agent/1.0.84/templates/secret.yaml b/charts/stackstate/stackstate-k8s-agent/1.0.84/templates/secret.yaml deleted file mode 100644 index 5e0f5f74c..000000000 --- a/charts/stackstate/stackstate-k8s-agent/1.0.84/templates/secret.yaml +++ /dev/null @@ -1,27 +0,0 @@ -{{- if not .Values.stackstate.manageOwnSecrets }} -apiVersion: v1 -kind: Secret -metadata: - name: {{ include "stackstate-k8s-agent.fullname" . }} - namespace: {{ .Release.Namespace }} - labels: -{{ include "stackstate-k8s-agent.labels" . | indent 4 }} -{{ include "stackstate-k8s-agent.global.extraLabels" . | indent 4 }} - annotations: -{{ include "stackstate-k8s-agent.global.extraAnnotations" . | indent 4 }} -type: Opaque -data: -{{- if .Values.global.receiverApiKey }} - sts-api-key: {{ .Values.global.receiverApiKey | b64enc | quote }} -{{- else }} - sts-api-key: {{ .Values.stackstate.apiKey | b64enc | quote }} -{{- end }} -{{- if .Values.stackstate.cluster.authToken }} - sts-cluster-auth-token: {{ .Values.stackstate.cluster.authToken | b64enc | quote }} -{{- else }} - sts-cluster-auth-token: {{ randAlphaNum 32 | b64enc | quote }} -{{- end }} -{{- range $key, $value := .Values.global.extraEnv.secret }} - {{ $key }}: {{ $value | b64enc | quote }} -{{- end }} -{{- end }} diff --git a/charts/stackstate/stackstate-k8s-agent/1.0.84/test/clusteragent_resources_test.go b/charts/stackstate/stackstate-k8s-agent/1.0.84/test/clusteragent_resources_test.go deleted file mode 100644 index 25875e871..000000000 --- a/charts/stackstate/stackstate-k8s-agent/1.0.84/test/clusteragent_resources_test.go +++ /dev/null @@ -1,145 +0,0 @@ -package test - -import ( - "regexp" - "strings" - "testing" - - v1 "k8s.io/api/rbac/v1" - - "github.com/stretchr/testify/assert" - "gitlab.com/StackVista/DevOps/helm-charts/helmtestutil" -) - -var requiredRules = []string{ - "events+get,list,watch", - "nodes+get,list,watch", - "pods+get,list,watch", - "services+get,list,watch", - "configmaps+create,get,patch,update", -} - -var optionalRules = []string{ - "namespaces+get,list,watch", - "componentstatuses+get,list,watch", - "configmaps+list,watch", // get is already required - "endpoints+get,list,watch", - "persistentvolumeclaims+get,list,watch", - "persistentvolumes+get,list,watch", - "secrets+get,list,watch", - "apps/daemonsets+get,list,watch", - "apps/deployments+get,list,watch", - "apps/replicasets+get,list,watch", - "apps/statefulsets+get,list,watch", - "extensions/ingresses+get,list,watch", - "batch/cronjobs+get,list,watch", - "batch/jobs+get,list,watch", -} - -var roleDescriptionRegexp = regexp.MustCompile(`^((?P\w+)/)?(?P\w+)\+(?P[\w,]+)`) - -type Rule struct { - Group string - ResourceName string - Verb string -} - -func assertRuleExistence(t *testing.T, rules []v1.PolicyRule, roleDescription string, shouldBePresent bool) { - match := roleDescriptionRegexp.FindStringSubmatch(roleDescription) - assert.NotNil(t, match) - - var roleRules []Rule - for _, rule := range rules { - for _, group := range rule.APIGroups { - for _, resource := range rule.Resources { - for _, verb := range rule.Verbs { - roleRules = append(roleRules, Rule{group, resource, verb}) - } - } - } - } - - resGroup := match[roleDescriptionRegexp.SubexpIndex("group")] - resName := match[roleDescriptionRegexp.SubexpIndex("name")] - verbs := strings.Split(match[roleDescriptionRegexp.SubexpIndex("verbs")], ",") - - for _, verb := range verbs { - requiredRule := Rule{resGroup, resName, verb} - found := false - for _, rule := range roleRules { - if rule == requiredRule { - found = true - break - } - } - if shouldBePresent { - assert.Truef(t, found, "Rule %v has not been found", requiredRule) - } else { - assert.Falsef(t, found, "Rule %v should not be present", requiredRule) - } - } -} - -func TestAllResourcesAreEnabled(t *testing.T) { - output := helmtestutil.RenderHelmTemplate(t, "stackstate-k8s-agent", "values/minimal.yaml") - resources := helmtestutil.NewKubernetesResources(t, output) - - assert.Contains(t, resources.ClusterRoles, "stackstate-k8s-agent") - assert.Contains(t, resources.Roles, "stackstate-k8s-agent") - rules := resources.ClusterRoles["stackstate-k8s-agent"].Rules - rules = append(rules, resources.Roles["stackstate-k8s-agent"].Rules...) - - for _, requiredRole := range requiredRules { - assertRuleExistence(t, rules, requiredRole, true) - } - // be default, everything is enabled, so all the optional roles should be present as well - for _, optionalRule := range optionalRules { - assertRuleExistence(t, rules, optionalRule, true) - } -} - -func TestMostOfResourcesAreDisabled(t *testing.T) { - output := helmtestutil.RenderHelmTemplate(t, "stackstate-k8s-agent", "values/minimal.yaml", "values/disable-all-resource.yaml") - resources := helmtestutil.NewKubernetesResources(t, output) - - assert.Contains(t, resources.ClusterRoles, "stackstate-k8s-agent") - assert.Contains(t, resources.Roles, "stackstate-k8s-agent") - rules := resources.ClusterRoles["stackstate-k8s-agent"].Rules - rules = append(rules, resources.Roles["stackstate-k8s-agent"].Rules...) - - for _, requiredRole := range requiredRules { - assertRuleExistence(t, rules, requiredRole, true) - } - - // we expect all optional resources to be removed from ClusterRole with the given values - for _, optionalRule := range optionalRules { - assertRuleExistence(t, rules, optionalRule, false) - } -} - -func TestNoClusterWideModificationRights(t *testing.T) { - output := helmtestutil.RenderHelmTemplate(t, "stackstate-k8s-agent", "values/minimal.yaml", "values/http-header-injector.yaml") - resources := helmtestutil.NewKubernetesResources(t, output) - assert.Contains(t, resources.ClusterRoles, "stackstate-k8s-agent") - illegalVerbs := []string{"create", "patch", "update", "delete"} - - for _, clusterRole := range resources.ClusterRoles { - for _, rule := range clusterRole.Rules { - for _, verb := range rule.Verbs { - assert.NotContains(t, illegalVerbs, verb, "ClusterRole %s should not have %s verb for %s resource", clusterRole.Name, verb, rule.Resources) - } - } - } -} - -func TestServicePortChange(t *testing.T) { - output := helmtestutil.RenderHelmTemplate(t, "stackstate-k8s-agent", "values/minimal.yaml", "values/clustercheck_service_port_override.yaml") - resources := helmtestutil.NewKubernetesResources(t, output) - - cluster_agent_service := resources.Services["stackstate-k8s-agent-cluster-agent"] - - port := cluster_agent_service.Spec.Ports[0] - assert.Equal(t, port.Name, "clusteragent") - assert.Equal(t, port.Port, int32(8008)) - assert.Equal(t, port.TargetPort.IntVal, int32(9009)) -} diff --git a/charts/stackstate/stackstate-k8s-agent/1.0.84/test/clustername_test.go b/charts/stackstate/stackstate-k8s-agent/1.0.84/test/clustername_test.go deleted file mode 100644 index 55090b995..000000000 --- a/charts/stackstate/stackstate-k8s-agent/1.0.84/test/clustername_test.go +++ /dev/null @@ -1,54 +0,0 @@ -package test - -import ( - "testing" - - "github.com/gruntwork-io/terratest/modules/helm" - "github.com/stretchr/testify/assert" - - "gitlab.com/StackVista/DevOps/helm-charts/helmtestutil" -) - -func TestHelmBasicRender(t *testing.T) { - output := helmtestutil.RenderHelmTemplate(t, "stackstate-k8s-agent", "values/minimal.yaml") - - // Parse all resources into their corresponding types for validation and further inspection - helmtestutil.NewKubernetesResources(t, output) -} - -func TestClusterNameValidation(t *testing.T) { - testCases := []struct { - Name string - ClusterName string - IsValid bool - }{ - {"not allowed end with special character [.]", "name.", false}, - {"not allowed end with special character [-]", "name.", false}, - {"not allowed start with special character [-]", "-name", false}, - {"not allowed start with special character [.]", ".name", false}, - {"upper case is not allowed", "Euwest1-prod.cool-company.com", false}, - {"upper case is not allowed", "euwest1-PROD.cool-company.com", false}, - {"upper case is not allowed", "euwest1-prod.cool-company.coM", false}, - {"dots and dashes are allowed in the middle", "euwest1-prod.cool-company.com", true}, - {"underscore is not allowed", "why_7", false}, - } - - for _, testCase := range testCases { - t.Run(testCase.Name, func(t *testing.T) { - output, err := helmtestutil.RenderHelmTemplateOpts( - t, "cluster-agent", - &helm.Options{ - ValuesFiles: []string{"values/minimal.yaml"}, - SetStrValues: map[string]string{ - "stackstate.cluster.name": testCase.ClusterName, - }, - }) - if testCase.IsValid { - assert.Nil(t, err) - } else { - assert.NotNil(t, err) - assert.Contains(t, output, "stackstate.cluster.name: Does not match pattern") - } - }) - } -} diff --git a/charts/stackstate/stackstate-k8s-agent/1.0.84/test/values/clustercheck_ksm_custom_url.yaml b/charts/stackstate/stackstate-k8s-agent/1.0.84/test/values/clustercheck_ksm_custom_url.yaml deleted file mode 100644 index 57b973eed..000000000 --- a/charts/stackstate/stackstate-k8s-agent/1.0.84/test/values/clustercheck_ksm_custom_url.yaml +++ /dev/null @@ -1,7 +0,0 @@ -checksAgent: - enabled: true - kubeStateMetrics: - url: http://my-custom-ksm-url.monitoring.svc.local:8080/metrics -dependencies: - kubeStateMetrics: - enabled: true diff --git a/charts/stackstate/stackstate-k8s-agent/1.0.84/test/values/clustercheck_ksm_no_override.yaml b/charts/stackstate/stackstate-k8s-agent/1.0.84/test/values/clustercheck_ksm_no_override.yaml deleted file mode 100644 index b6c817d47..000000000 --- a/charts/stackstate/stackstate-k8s-agent/1.0.84/test/values/clustercheck_ksm_no_override.yaml +++ /dev/null @@ -1,5 +0,0 @@ -checksAgent: - enabled: true -dependencies: - kubeStateMetrics: - enabled: true diff --git a/charts/stackstate/stackstate-k8s-agent/1.0.84/test/values/clustercheck_ksm_override.yaml b/charts/stackstate/stackstate-k8s-agent/1.0.84/test/values/clustercheck_ksm_override.yaml deleted file mode 100644 index 9ca201345..000000000 --- a/charts/stackstate/stackstate-k8s-agent/1.0.84/test/values/clustercheck_ksm_override.yaml +++ /dev/null @@ -1,26 +0,0 @@ -checksAgent: - enabled: true -dependencies: - kubeStateMetrics: - enabled: true -agent: - config: - override: -# agent.config.override -- Disables kubernetes_state check on regular agent pods. - - name: auto_conf.yaml - path: /etc/stackstate-agent/conf.d/kubernetes_state.d - data: | -clusterAgent: - config: - override: -# clusterAgent.config.override -- Defines kubernetes_state check for clusterchecks agents. Auto-discovery -# with ad_identifiers does not work here. Use a specific URL instead. - - name: conf.yaml - path: /etc/stackstate-agent/conf.d/kubernetes_state.d - data: | - cluster_check: true - - init_config: - - instances: - - kube_state_url: http://YOUR_KUBE_STATE_METRICS_SERVICE_NAME:8080/metrics diff --git a/charts/stackstate/stackstate-k8s-agent/1.0.84/test/values/clustercheck_no_ksm_custom_url.yaml b/charts/stackstate/stackstate-k8s-agent/1.0.84/test/values/clustercheck_no_ksm_custom_url.yaml deleted file mode 100644 index a62691878..000000000 --- a/charts/stackstate/stackstate-k8s-agent/1.0.84/test/values/clustercheck_no_ksm_custom_url.yaml +++ /dev/null @@ -1,7 +0,0 @@ -checksAgent: - enabled: true - kubeStateMetrics: - url: http://my-custom-ksm-url.monitoring.svc.local:8080/metrics -dependencies: - kubeStateMetrics: - enabled: false diff --git a/charts/stackstate/stackstate-k8s-agent/1.0.84/test/values/clustercheck_service_port_override.yaml b/charts/stackstate/stackstate-k8s-agent/1.0.84/test/values/clustercheck_service_port_override.yaml deleted file mode 100644 index c01a98fcb..000000000 --- a/charts/stackstate/stackstate-k8s-agent/1.0.84/test/values/clustercheck_service_port_override.yaml +++ /dev/null @@ -1,4 +0,0 @@ -clusterAgent: - service: - port: 8008 - targetPort: 9009 diff --git a/charts/stackstate/stackstate-k8s-agent/1.0.84/test/values/disable-all-resource.yaml b/charts/stackstate/stackstate-k8s-agent/1.0.84/test/values/disable-all-resource.yaml deleted file mode 100644 index cd33e843e..000000000 --- a/charts/stackstate/stackstate-k8s-agent/1.0.84/test/values/disable-all-resource.yaml +++ /dev/null @@ -1,17 +0,0 @@ -clusterAgent: - collection: - kubernetesMetrics: false - kubernetesResources: - namespaces: false - configmaps: false - endpoints: false - persistentvolumes: false - persistentvolumeclaims: false - secrets: false - daemonsets: false - deployments: false - replicasets: false - statefulsets: false - ingresses: false - cronjobs: false - jobs: false diff --git a/charts/stackstate/stackstate-k8s-agent/1.0.84/test/values/http-header-injector.yaml b/charts/stackstate/stackstate-k8s-agent/1.0.84/test/values/http-header-injector.yaml deleted file mode 100644 index c9392ce2d..000000000 --- a/charts/stackstate/stackstate-k8s-agent/1.0.84/test/values/http-header-injector.yaml +++ /dev/null @@ -1,8 +0,0 @@ -httpHeaderInjectorWebhook: - webhook: - tls: - mode: "provided" - provided: - caBundle: insert-ca-here - crt: insert-cert-here - key: insert-key-here diff --git a/charts/stackstate/stackstate-k8s-agent/1.0.84/test/values/minimal.yaml b/charts/stackstate/stackstate-k8s-agent/1.0.84/test/values/minimal.yaml deleted file mode 100644 index b310c9a09..000000000 --- a/charts/stackstate/stackstate-k8s-agent/1.0.84/test/values/minimal.yaml +++ /dev/null @@ -1,7 +0,0 @@ -stackstate: - apiKey: foobar - cluster: - name: some-k8s-cluster - token: some-token - - url: https://stackstate:7000/receiver diff --git a/charts/stackstate/stackstate-k8s-agent/1.0.84/values.schema.json b/charts/stackstate/stackstate-k8s-agent/1.0.84/values.schema.json deleted file mode 100644 index 57d36a9f3..000000000 --- a/charts/stackstate/stackstate-k8s-agent/1.0.84/values.schema.json +++ /dev/null @@ -1,78 +0,0 @@ -{ - "$schema": "https://json-schema.org/draft/2019-09/schema", - "$id": "https://stackstate.io/example.json", - "type": "object", - "default": {}, - "title": "StackState Agent Helm chart values", - "required": [ - "stackstate", - "clusterAgent" - ], - "properties": { - "stackstate": { - "type": "object", - "required": [ - "cluster", - "url" - ], - "properties": { - "apiKey": { - "type": "string" - }, - "cluster": { - "type": "object", - "required": ["name"], - "properties": { - "name": { - "type": "string", - "pattern": "^[a-z0-9]([a-z0-9\\-\\.]*[a-z0-9])$" - }, - "authToken": { - "type": "string" - } - } - }, - "url": { - "type": "string" - } - } - }, - "clusterAgent": { - "type": "object", - "required": [ - "config" - ], - "properties": { - "config": { - "type": "object", - "required": [ - "events" - ], - "properties": { - "events": { - "type": "object", - "properties": { - "categories": { - "type": "object", - "patternProperties": { - ".*": { - "type": [ - "string" - ], - "enum": [ - "Alerts", - "Activities", - "Changes", - "Others" - ] - } - } - } - } - } - } - } - } - } - } -} diff --git a/charts/stackstate/stackstate-k8s-agent/1.0.84/values.yaml b/charts/stackstate/stackstate-k8s-agent/1.0.84/values.yaml deleted file mode 100644 index 29bc5785a..000000000 --- a/charts/stackstate/stackstate-k8s-agent/1.0.84/values.yaml +++ /dev/null @@ -1,616 +0,0 @@ -##################### -# General variables # -##################### - -global: - extraEnv: - # global.extraEnv.open -- Extra open environment variables to inject into pods. - open: {} - # global.extraEnv.secret -- Extra secret environment variables to inject into pods via a `Secret` object. - secret: {} - # global.imagePullSecrets -- Secrets / credentials needed for container image registry. - imagePullSecrets: [] - # global.imagePullCredentials -- Globally define credentials for pulling images. - imagePullCredentials: {} - proxy: - # global.proxy.url -- Proxy for all traffic to stackstate - url: "" - # global.skipSslValidation -- Enable tls validation from client - skipSslValidation: false - - # global.extraLabels -- Extra labels added ta all resources created by the helm chart - extraLabels: {} - # global.extraAnnotations -- Extra annotations added ta all resources created by the helm chart - extraAnnotations: {} - -# nameOverride -- Override the name of the chart. -nameOverride: "" -# fullnameOverride -- Override the fullname of the chart. -fullnameOverride: "" - -# targetSystem -- Target OS for this deployment (possible values: linux) -targetSystem: "linux" - -all: - image: - # all.image.registry -- The image registry to use. - registry: "quay.io" - hardening: - # all.hardening.enabled -- An indication of whether the containers will be evaluated for hardening at runtime - enabled: false - -nodeAgent: - # nodeAgent.autoScalingEnabled -- Enable / disable autoscaling for the node agent pods. - autoScalingEnabled: false - containerRuntime: - # nodeAgent.containerRuntime.customSocketPath -- If the container socket path does not match the default for CRI-O, Containerd or Docker, supply a custom socket path. - customSocketPath: "" - # nodeAgent.containerRuntime.customHostProc -- If the container is launched from a place where /proc is mounted differently, /proc can be changed - hostProc: /proc - - scc: - # nodeAgent.scc.enabled -- Enable / disable the installation of the SecurityContextConfiguration needed for installation on OpenShift. - enabled: false - apm: - # nodeAgent.apm.enabled -- Enable / disable the nodeAgent APM module. - enabled: true - networkTracing: - # nodeAgent.networkTracing.enabled -- Enable / disable the nodeAgent network tracing module. - enabled: true - protocolInspection: - # nodeAgent.protocolInspection.enabled -- Enable / disable the nodeAgent protocol inspection. - enabled: true - httpTracing: - enabled: true - # nodeAgent.skipSslValidation -- Set to true if self signed certificates are used. - skipSslValidation: false - # nodeAgent.skipKubeletTLSVerify -- Set to true if you want to skip kubelet tls verification. - skipKubeletTLSVerify: false - - # nodeAgent.checksTagCardinality -- low, orchestrator or high. Orchestrator level adds pod_name, high adds display_container_name - checksTagCardinality: orchestrator - - # nodeAgent.config -- - config: - # nodeAgent.config.override -- A list of objects containing three keys `name`, `path` and `data`, specifying filenames at specific paths which need to be (potentially) overridden using a mounted configmap - override: [] - - # nodeAgent.priorityClassName -- Priority class for nodeAgent pods. - priorityClassName: "" - - scaling: - autoscalerLimits: - agent: - minimum: - # nodeAgent.scaling.autoscalerLimits.agent.minimum.cpu -- Minimum CPU resource limits for main agent. - cpu: "20m" - # nodeAgent.scaling.autoscalerLimits.agent.minimum.memory -- Minimum memory resource limits for main agent. - memory: "180Mi" - maximum: - # nodeAgent.scaling.autoscalerLimits.agent.maximum.cpu -- Maximum CPU resource limits for main agent. - cpu: "200m" - # nodeAgent.scaling.autoscalerLimits.agent.maximum.memory -- Maximum memory resource limits for main agent. - memory: "450Mi" - processAgent: - minimum: - # nodeAgent.scaling.autoscalerLimits.processAgent.minimum.cpu -- Minimum CPU resource limits for process agent. - cpu: "25m" - # nodeAgent.scaling.autoscalerLimits.processAgent.minimum.memory -- Minimum memory resource limits for process agent. - memory: "100Mi" - maximum: - # nodeAgent.scaling.autoscalerLimits.processAgent.maximum.cpu -- Maximum CPU resource limits for process agent. - cpu: "200m" - # nodeAgent.scaling.autoscalerLimits.processAgent.maximum.memory -- Maximum memory resource limits for process agent. - memory: "500Mi" - - containers: - agent: - image: - # nodeAgent.containers.agent.image.repository -- Base container image repository. - repository: stackstate/stackstate-k8s-agent - # nodeAgent.containers.agent.image.tag -- Default container image tag. - tag: "44638ef5" - # nodeAgent.containers.agent.image.pullPolicy -- Default container image pull policy. - pullPolicy: IfNotPresent - processAgent: - # nodeAgent.containers.agent.processAgent.enabled -- Enable / disable the agent process agent module. - deprecated - enabled: false - # nodeAgent.containers.agent.env -- Additional environment variables for the agent container - env: {} - # nodeAgent.containers.agent.logLevel -- Set logging verbosity, valid log levels are: trace, debug, info, warn, error, critical, and off - ## If not set, fall back to the value of agent.logLevel. - logLevel: # INFO - - resources: - limits: - # nodeAgent.containers.agent.resources.limits.cpu -- CPU resource limits. - cpu: "270m" - # nodeAgent.containers.agent.resources.limits.cpu -- Memory resource limits. - memory: "420Mi" - requests: - # nodeAgent.containers.agent.resources.requests.cpu -- CPU resource requests. - cpu: "20m" - # nodeAgent.containers.agent.resources.requests.cpu -- Memory resource requests. - memory: "180Mi" - livenessProbe: - # nodeAgent.containers.agent.livenessProbe.enabled -- Enable use of livenessProbe check. - enabled: true - # nodeAgent.containers.agent.livenessProbe.failureThreshold -- `failureThreshold` for the liveness probe. - failureThreshold: 3 - # nodeAgent.containers.agent.livenessProbe.initialDelaySeconds -- `initialDelaySeconds` for the liveness probe. - initialDelaySeconds: 15 - # nodeAgent.containers.agent.livenessProbe.periodSeconds -- `periodSeconds` for the liveness probe. - periodSeconds: 15 - # nodeAgent.containers.agent.livenessProbe.successThreshold -- `successThreshold` for the liveness probe. - successThreshold: 1 - # nodeAgent.containers.agent.livenessProbe.timeoutSeconds -- `timeoutSeconds` for the liveness probe. - timeoutSeconds: 5 - readinessProbe: - # nodeAgent.containers.agent.readinessProbe.enabled -- Enable use of readinessProbe check. - enabled: true - # nodeAgent.containers.agent.readinessProbe.failureThreshold -- `failureThreshold` for the readiness probe. - failureThreshold: 3 - # nodeAgent.containers.agent.readinessProbe.initialDelaySeconds -- `initialDelaySeconds` for the readiness probe. - initialDelaySeconds: 15 - # nodeAgent.containers.agent.readinessProbe.periodSeconds -- `periodSeconds` for the readiness probe. - periodSeconds: 15 - # nodeAgent.containers.agent.readinessProbe.successThreshold -- `successThreshold` for the readiness probe. - successThreshold: 1 - # nodeAgent.containers.agent.readinessProbe.timeoutSeconds -- `timeoutSeconds` for the readiness probe. - timeoutSeconds: 5 - - processAgent: - # nodeAgent.containers.processAgent.enabled -- Enable / disable the process agent container. - enabled: true - image: - # Override to pull the image from an alternate registry - registry: - # nodeAgent.containers.processAgent.image.repository -- Process-agent container image repository. - repository: stackstate/stackstate-k8s-process-agent - # nodeAgent.containers.processAgent.image.tag -- Default process-agent container image tag. - tag: "ae5d42d2" - # nodeAgent.containers.processAgent.image.pullPolicy -- Process-agent container image pull policy. - pullPolicy: IfNotPresent - # nodeAgent.containers.processAgent.env -- Additional environment variables for the process-agent container - env: {} - # nodeAgent.containers.processAgent.logLevel -- Set logging verbosity, valid log levels are: trace, debug, info, warn, error, critical, and off - ## If not set, fall back to the value of agent.logLevel. - logLevel: # INFO - - # nodeAgent.containers.processAgent.procVolumeReadOnly -- Configure whether /host/proc is read only for the process agent container - procVolumeReadOnly: true - - resources: - limits: - # nodeAgent.containers.processAgent.resources.limits.cpu -- CPU resource limits. - cpu: "125m" - # nodeAgent.containers.processAgent.resources.limits.cpu -- Memory resource limits. - memory: "400Mi" - requests: - # nodeAgent.containers.processAgent.resources.requests.cpu -- CPU resource requests. - cpu: "25m" - # nodeAgent.containers.processAgent.resources.requests.cpu -- Memory resource requests. - memory: "128Mi" - # nodeAgent.service -- The Kubernetes service for the agent - service: - # nodeAgent.service.type -- Type of Kubernetes service: ClusterIP, LoadBalancer, NodePort - type: ClusterIP - # nodeAgent.service.annotations -- Annotations for the service - annotations: {} - # nodeAgent.service.loadBalancerSourceRanges -- The IP4 CIDR allowed to reach LoadBalancer for the service. For LoadBalancer type of service only. - loadBalancerSourceRanges: ["10.0.0.0/8"] - - # nodeAgent.logLevel -- Logging level for agent processes. - logLevel: INFO - - # nodeAgent.updateStrategy -- The update strategy for the DaemonSet object. - updateStrategy: - type: RollingUpdate - rollingUpdate: - maxUnavailable: 100 - - # nodeAgent.nodeSelector -- Node labels for pod assignment. - nodeSelector: {} - - # nodeAgent.tolerations -- Toleration labels for pod assignment. - tolerations: [] - - # nodeAgent.affinity -- Affinity settings for pod assignment. - affinity: {} - - serviceaccount: - # nodeAgent.serviceaccount.annotations -- Annotations for the service account for the agent daemonset pods - annotations: {} - -processAgent: - softMemoryLimit: - # processAgent.softMemoryLimit.goMemLimit -- Soft-limit for golang heap allocation, for sanity, must be around 85% of nodeAgent.containers.processAgent.resources.limits.cpu. - goMemLimit: 340MiB - # processAgent.softMemoryLimit.httpStatsBufferSize -- Sets a maximum for the number of http stats to keep in memory between check runs, to use 40k requires around ~400Mib of memory. - httpStatsBufferSize: 40000 - # processAgent.softMemoryLimit.httpObservationsBufferSize -- Sets a maximum for the number of http observations to keep in memory between check runs, to use 40k requires around ~400Mib of memory. - httpObservationsBufferSize: 40000 - - checkIntervals: - # processAgent.checkIntervals.container -- Override the default value of the container check interval in seconds. - container: 28 - # processAgent.checkIntervals.connections -- Override the default value of the connections check interval in seconds. - connections: 30 - # processAgent.checkIntervals.process -- Override the default value of the process check interval in seconds. - process: 32 - -clusterAgent: - collection: - # clusterAgent.collection.kubernetesEvents -- Enable / disable the cluster agent events collection. - kubernetesEvents: true - # clusterAgent.collection.kubernetesMetrics -- Enable / disable the cluster agent metrics collection. - kubernetesMetrics: true - # clusterAgent.collection.kubernetesTimeout -- Default timeout (in seconds) when obtaining information from the Kubernetes API. - kubernetesTimeout: 10 - # clusterAgent.collection.kubernetesTopology -- Enable / disable the cluster agent topology collection. - kubernetesTopology: true - kubeStateMetrics: - # clusterAgent.collection.kubeStateMetrics.enabled -- Enable / disable the cluster agent kube-state-metrics collection. - enabled: true - # clusterAgent.collection.kubeStateMetrics.clusterCheck -- For large clusters where the Kubernetes State Metrics Check Core needs to be distributed on dedicated workers. - clusterCheck: false - # clusterAgent.collection.kubeStateMetrics.labelsAsTags -- Extra labels to collect from resources and to turn into StackState tag. - ## It has the following structure: - ## labelsAsTags: - ## : # can be pod, deployment, node, etc. - ## : # where is the kubernetes label and is the StackState tag - ## : - ## : - ## : - ## - ## Warning: the label must match the transformation done by kube-state-metrics, - ## for example tags.stackstate/version becomes tags_stackstate_version. - labelsAsTags: {} - # pod: - # app: app - # node: - # zone: zone - # team: team - - # clusterAgent.collection.kubeStateMetrics.annotationsAsTags -- Extra annotations to collect from resources and to turn into StackState tag. - - ## It has the following structure: - ## annotationsAsTags: - ## : # can be pod, deployment, node, etc. - ## : # where is the kubernetes annotation and is the StackState tag - ## : - ## : - ## : - ## - ## Warning: the annotation must match the transformation done by kube-state-metrics, - ## for example tags.stackstate/version becomes tags_stackstate_version. - annotationsAsTags: {} - kubernetesResources: - # clusterAgent.collection.kubernetesResources.limitranges -- Enable / disable collection of LimitRanges. - limitranges: true - # clusterAgent.collection.kubernetesResources.horizontalpodautoscalers -- Enable / disable collection of HorizontalPodAutoscalers. - horizontalpodautoscalers: true - # clusterAgent.collection.kubernetesResources.replicationcontrollers -- Enable / disable collection of ReplicationControllers. - replicationcontrollers: true - # clusterAgent.collection.kubernetesResources.poddisruptionbudgets -- Enable / disable collection of PodDisruptionBudgets. - poddisruptionbudgets: true - # clusterAgent.collection.kubernetesResources.storageclasses -- Enable / disable collection of StorageClasses. - storageclasses: true - # clusterAgent.collection.kubernetesResources.volumeattachments -- Enable / disable collection of Volume Attachments. Used to bind Nodes to Persistent Volumes. - volumeattachments: true - # clusterAgent.collection.kubernetesResources.namespaces -- Enable / disable collection of Namespaces. - namespaces: true - # clusterAgent.collection.kubernetesResources.configmaps -- Enable / disable collection of ConfigMaps. - configmaps: true - # clusterAgent.collection.kubernetesResources.endpoints -- Enable / disable collection of Endpoints. If endpoints are disabled then StackState won't be able to connect a Service to Pods that serving it - endpoints: true - # clusterAgent.collection.kubernetesResources.persistentvolumes -- Enable / disable collection of PersistentVolumes. - persistentvolumes: true - # clusterAgent.collection.kubernetesResources.persistentvolumeclaims -- Enable / disable collection of PersistentVolumeClaims. Disabling these will not let StackState connect PersistentVolumes to pods they are attached to - persistentvolumeclaims: true - # clusterAgent.collection.kubernetesResources.secrets -- Enable / disable collection of Secrets. - secrets: true - # clusterAgent.collection.kubernetesResources.daemonsets -- Enable / disable collection of DaemonSets. - daemonsets: true - # clusterAgent.collection.kubernetesResources.deployments -- Enable / disable collection of Deployments. - deployments: true - # clusterAgent.collection.kubernetesResources.replicasets -- Enable / disable collection of ReplicaSets. - replicasets: true - # clusterAgent.collection.kubernetesResources.statefulsets -- Enable / disable collection of StatefulSets. - statefulsets: true - # clusterAgent.collection.kubernetesResources.ingresses -- Enable / disable collection of Ingresses. - ingresses: true - # clusterAgent.collection.kubernetesResources.cronjobs -- Enable / disable collection of CronJobs. - cronjobs: true - # clusterAgent.collection.kubernetesResources.jobs -- Enable / disable collection of Jobs. - jobs: true - # clusterAgent.collection.kubernetesResources.resourcequotas -- Enable / disable collection of ResourceQuotas. - resourcequotas: true - - # clusterAgent.config -- - config: - events: - # clusterAgent.config.events.categories -- Custom mapping from Kubernetes event reason to StackState event category. Categories allowed: Alerts, Activities, Changes, Others - categories: {} - topology: - # clusterAgent.config.topology.collectionInterval -- Interval for running topology collection, in seconds - collectionInterval: 90 - configMap: - # clusterAgent.config.configMap.maxDataSize -- Maximum amount of characters for the data property of a ConfigMap collected by the kubernetes topology check - maxDataSize: - # clusterAgent.config.override -- A list of objects containing three keys `name`, `path` and `data`, specifying filenames at specific paths which need to be (potentially) overridden using a mounted configmap - override: [] - - service: - # clusterAgent.service.port -- Change the Cluster Agent service port - port: 5005 - # clusterAgent.service.targetPort -- Change the Cluster Agent service targetPort - targetPort: 5005 - - # clusterAgent.enabled -- Enable / disable the cluster agent. - enabled: true - - # clusterAgent.skipSslValidation -- If true, ignores the server certificate being signed by an unknown authority. - skipSslValidation: false - - image: - # clusterAgent.image.repository -- Base container image repository. - repository: stackstate/stackstate-k8s-cluster-agent - # clusterAgent.image.tag -- Default container image tag. - tag: "44638ef5" - # clusterAgent.image.pullPolicy -- Default container image pull policy. - pullPolicy: IfNotPresent - - livenessProbe: - # clusterAgent.livenessProbe.enabled -- Enable use of livenessProbe check. - enabled: true - # clusterAgent.livenessProbe.failureThreshold -- `failureThreshold` for the liveness probe. - failureThreshold: 3 - # clusterAgent.livenessProbe.initialDelaySeconds -- `initialDelaySeconds` for the liveness probe. - initialDelaySeconds: 15 - # clusterAgent.livenessProbe.periodSeconds -- `periodSeconds` for the liveness probe. - periodSeconds: 15 - # clusterAgent.livenessProbe.successThreshold -- `successThreshold` for the liveness probe. - successThreshold: 1 - # clusterAgent.livenessProbe.timeoutSeconds -- `timeoutSeconds` for the liveness probe. - timeoutSeconds: 5 - - # clusterAgent.logLevel -- Logging level for stackstate-k8s-agent processes. - logLevel: INFO - - # clusterAgent.priorityClassName -- Priority class for stackstate-k8s-agent pods. - priorityClassName: "" - - readinessProbe: - # clusterAgent.readinessProbe.enabled -- Enable use of readinessProbe check. - enabled: true - # clusterAgent.readinessProbe.failureThreshold -- `failureThreshold` for the readiness probe. - failureThreshold: 3 - # clusterAgent.readinessProbe.initialDelaySeconds -- `initialDelaySeconds` for the readiness probe. - initialDelaySeconds: 15 - # clusterAgent.readinessProbe.periodSeconds -- `periodSeconds` for the readiness probe. - periodSeconds: 15 - # clusterAgent.readinessProbe.successThreshold -- `successThreshold` for the readiness probe. - successThreshold: 1 - # clusterAgent.readinessProbe.timeoutSeconds -- `timeoutSeconds` for the readiness probe. - timeoutSeconds: 5 - - # clusterAgent.replicaCount -- Number of replicas of the cluster agent to deploy. - replicaCount: 1 - - serviceaccount: - # clusterAgent.serviceaccount.annotations -- Annotations for the service account for the cluster agent pods - annotations: {} - - # clusterAgent.strategy -- The strategy for the Deployment object. - strategy: - type: RollingUpdate - # rollingUpdate: - # maxUnavailable: 1 - - resources: - limits: - # clusterAgent.resources.limits.cpu -- CPU resource limits. - cpu: "400m" - # clusterAgent.resources.limits.memory -- Memory resource limits. - memory: "800Mi" - requests: - # clusterAgent.resources.requests.cpu -- CPU resource requests. - cpu: "70m" - # clusterAgent.resources.requests.memory -- Memory resource requests. - memory: "512Mi" - - # clusterAgent.nodeSelector -- Node labels for pod assignment. - nodeSelector: {} - - # clusterAgent.tolerations -- Toleration labels for pod assignment. - tolerations: [] - - # clusterAgent.affinity -- Affinity settings for pod assignment. - affinity: {} - -openShiftLogging: - # openShiftLogging.installSecret -- Install a secret for logging on openshift - installSecret: false - -logsAgent: - # logsAgent.enabled -- Enable / disable k8s pod log collection - enabled: true - - # logsAgent.skipSslValidation -- If true, ignores the server certificate being signed by an unknown authority. - skipSslValidation: false - - # logsAgent.priorityClassName -- Priority class for logsAgent pods. - priorityClassName: "" - - image: - # logsAgent.image.repository -- Base container image repository. - repository: stackstate/promtail - # logsAgent.image.tag -- Default container image tag. - tag: 2.9.8-5b179aee - # logsAgent.image.pullPolicy -- Default container image pull policy. - pullPolicy: IfNotPresent - - resources: - limits: - # logsAgent.resources.limits.cpu -- CPU resource limits. - cpu: "1300m" - # logsAgent.resources.limits.cpu -- Memory resource limits. - memory: "192Mi" - requests: - # logsAgent.resources.requests.cpu -- CPU resource requests. - cpu: "20m" - # logsAgent.resources.requests.cpu -- Memory resource requests. - memory: "100Mi" - - # logsAgent.updateStrategy -- The update strategy for the DaemonSet object. - updateStrategy: - type: RollingUpdate - rollingUpdate: - maxUnavailable: 100 - - # logsAgent.nodeSelector -- Node labels for pod assignment. - nodeSelector: {} - - # logsAgent.tolerations -- Toleration labels for pod assignment. - tolerations: [] - - # logsAgent.affinity -- Affinity settings for pod assignment. - affinity: {} - - serviceaccount: - # logsAgent.serviceaccount.annotations -- Annotations for the service account for the daemonset pods - annotations: {} - -checksAgent: - # checksAgent.enabled -- Enable / disable runnning cluster checks in a separately deployed pod - enabled: true - scc: - # checksAgent.scc.enabled -- Enable / disable the installation of the SecurityContextConfiguration needed for installation on OpenShift - enabled: false - apm: - # checksAgent.apm.enabled -- Enable / disable the agent APM module. - enabled: true - networkTracing: - # checksAgent.networkTracing.enabled -- Enable / disable the agent network tracing module. - enabled: true - processAgent: - # checksAgent.processAgent.enabled -- Enable / disable the agent process agent module. - enabled: true - # checksAgent.skipSslValidation -- Set to true if self signed certificates are used. - skipSslValidation: false - - # nodeAgent.checksTagCardinality -- low, orchestrator or high. Orchestrator level adds pod_name, high adds display_container_name - checksTagCardinality: orchestrator - - # checksAgent.config -- - config: - # checksAgent.config.override -- A list of objects containing three keys `name`, `path` and `data`, specifying filenames at specific paths which need to be (potentially) overridden using a mounted configmap - override: [] - - image: - # checksAgent.image.repository -- Base container image repository. - repository: stackstate/stackstate-k8s-agent - # checksAgent.image.tag -- Default container image tag. - tag: "44638ef5" - # checksAgent.image.pullPolicy -- Default container image pull policy. - pullPolicy: IfNotPresent - - livenessProbe: - # checksAgent.livenessProbe.enabled -- Enable use of livenessProbe check. - enabled: true - # checksAgent.livenessProbe.failureThreshold -- `failureThreshold` for the liveness probe. - failureThreshold: 3 - # checksAgent.livenessProbe.initialDelaySeconds -- `initialDelaySeconds` for the liveness probe. - initialDelaySeconds: 15 - # checksAgent.livenessProbe.periodSeconds -- `periodSeconds` for the liveness probe. - periodSeconds: 15 - # checksAgent.livenessProbe.successThreshold -- `successThreshold` for the liveness probe. - successThreshold: 1 - # checksAgent.livenessProbe.timeoutSeconds -- `timeoutSeconds` for the liveness probe. - timeoutSeconds: 5 - - # checksAgent.logLevel -- Logging level for clusterchecks agent processes. - logLevel: INFO - - # checksAgent.priorityClassName -- Priority class for clusterchecks agent pods. - priorityClassName: "" - - readinessProbe: - # checksAgent.readinessProbe.enabled -- Enable use of readinessProbe check. - enabled: true - # checksAgent.readinessProbe.failureThreshold -- `failureThreshold` for the readiness probe. - failureThreshold: 3 - # checksAgent.readinessProbe.initialDelaySeconds -- `initialDelaySeconds` for the readiness probe. - initialDelaySeconds: 15 - # checksAgent.readinessProbe.periodSeconds -- `periodSeconds` for the readiness probe. - periodSeconds: 15 - # checksAgent.readinessProbe.successThreshold -- `successThreshold` for the readiness probe. - successThreshold: 1 - # checksAgent.readinessProbe.timeoutSeconds -- `timeoutSeconds` for the readiness probe. - timeoutSeconds: 5 - - # checksAgent.replicas -- Number of clusterchecks agent pods to schedule - replicas: 1 - - resources: - limits: - # checksAgent.resources.limits.cpu -- CPU resource limits. - cpu: "400m" - # checksAgent.resources.limits.cpu -- Memory resource limits. - memory: "600Mi" - requests: - # checksAgent.resources.requests.cpu -- CPU resource requests. - cpu: "20m" - # checksAgent.resources.requests.cpu -- Memory resource requests. - memory: "512Mi" - - serviceaccount: - # checksAgent.serviceaccount.annotations -- Annotations for the service account for the cluster checks pods - annotations: {} - - # checksAgent.strategy -- The strategy for the Deployment object. - strategy: - type: RollingUpdate - # rollingUpdate: - # maxUnavailable: 1 - - # checksAgent.nodeSelector -- Node labels for pod assignment. - nodeSelector: {} - - # checksAgent.tolerations -- Toleration labels for pod assignment. - tolerations: [] - - # checksAgent.affinity -- Affinity settings for pod assignment. - affinity: {} - -################################## -# http-header-injector variables # -################################## - -httpHeaderInjectorWebhook: - # httpHeaderInjectorWebhook.enabled -- Enable the webhook for injection http header injection sidecar proxy - enabled: false - -######################## -# StackState variables # -######################## - -stackstate: - # stackstate.manageOwnSecrets -- Set to true if you don't want this helm chart to create secrets for you. - manageOwnSecrets: false - # stackstate.customSecretName -- Name of the secret containing the receiver API key. - customSecretName: "" - # stackstate.customApiKeySecretKey -- Key in the secret containing the receiver API key. - customApiKeySecretKey: "sts-api-key" - # stackstate.customClusterAuthTokenSecretKey -- Key in the secret containing the cluster auth token. - customClusterAuthTokenSecretKey: "sts-cluster-auth-token" - # stackstate.apiKey -- (string) **PROVIDE YOUR API KEY HERE** API key to be used by the StackState agent. - apiKey: - cluster: - # stackstate.cluster.name -- (string) **PROVIDE KUBERNETES CLUSTER NAME HERE** Name of the Kubernetes cluster where the agent will be installed. - name: - # stackstate.cluster.authToken -- Provide a token to enable secure communication between the agent and the cluster agent. - authToken: "" - # stackstate.url -- (string) **PROVIDE STACKSTATE URL HERE** URL of the StackState installation to receive data from the agent. - url: diff --git a/charts/stackstate/stackstate-k8s-agent/1.0.86/.helmignore b/charts/stackstate/stackstate-k8s-agent/1.0.86/.helmignore deleted file mode 100644 index 15a5c1277..000000000 --- a/charts/stackstate/stackstate-k8s-agent/1.0.86/.helmignore +++ /dev/null @@ -1,26 +0,0 @@ -# Patterns to ignore when building packages. -# This supports shell glob matching, relative path matching, and -# negation (prefixed with !). Only one pattern per line. -.DS_Store -# Common VCS dirs -.git/ -.gitignore -.bzr/ -.bzrignore -.hg/ -.hgignore -.svn/ -# Common backup files -*.swp -*.bak -*.tmp -*~ -# Various IDEs -.project -.idea/ -*.tmproj -.vscode/ -linter_values.yaml -ci/ -installation/ -logo.svg diff --git a/charts/stackstate/stackstate-k8s-agent/1.0.86/Chart.lock b/charts/stackstate/stackstate-k8s-agent/1.0.86/Chart.lock deleted file mode 100644 index a8df83f13..000000000 --- a/charts/stackstate/stackstate-k8s-agent/1.0.86/Chart.lock +++ /dev/null @@ -1,6 +0,0 @@ -dependencies: -- name: http-header-injector - repository: https://helm.stackstate.io - version: 0.0.11 -digest: sha256:ae5ad7c3176f89b71aabef7cd75f99394750f4fffb9905b86fb45c345595c24c -generated: "2024-05-30T13:30:45.346757+02:00" diff --git a/charts/stackstate/stackstate-k8s-agent/1.0.86/Chart.yaml b/charts/stackstate/stackstate-k8s-agent/1.0.86/Chart.yaml deleted file mode 100644 index aa269e92d..000000000 --- a/charts/stackstate/stackstate-k8s-agent/1.0.86/Chart.yaml +++ /dev/null @@ -1,25 +0,0 @@ -annotations: - catalog.cattle.io/certified: partner - catalog.cattle.io/display-name: StackState Agent - catalog.cattle.io/kube-version: '>=1.19.0-0' - catalog.cattle.io/release-name: stackstate-k8s-agent -apiVersion: v2 -appVersion: 3.0.0 -dependencies: -- alias: httpHeaderInjectorWebhook - name: http-header-injector - repository: file://./charts/http-header-injector - version: 0.0.11 -deprecated: true -description: Helm chart for the StackState Agent. -home: https://github.com/StackVista/stackstate-agent -icon: https://raw.githubusercontent.com/StackVista/helm-charts/master/stable/stackstate-k8s-agent/logo.svg -keywords: -- monitoring -- observability -- stackstate -maintainers: -- email: ops@stackstate.com - name: Stackstate -name: stackstate-k8s-agent -version: 1.0.86 diff --git a/charts/stackstate/stackstate-k8s-agent/1.0.86/README.md b/charts/stackstate/stackstate-k8s-agent/1.0.86/README.md deleted file mode 100644 index 96fe4df5a..000000000 --- a/charts/stackstate/stackstate-k8s-agent/1.0.86/README.md +++ /dev/null @@ -1,263 +0,0 @@ -# stackstate-k8s-agent - -Helm chart for the StackState Agent. - -Current chart version is `1.0.86` - -**Homepage:** - -## Requirements - -| Repository | Name | Version | -|------------|------|---------| -| https://helm.stackstate.io | httpHeaderInjectorWebhook(http-header-injector) | 0.0.11 | - -## Required Values - -In order to successfully install this chart, you **must** provide the following variables: - -* `stackstate.apiKey` -* `stackstate.cluster.name` -* `stackstate.url` - -The parameter `stackstate.cluster.name` is entered when installing the Cluster Agent StackPack. - -Install them on the command line on Helm with the following command: - -```shell -helm install \ ---set-string 'stackstate.apiKey'='' \ ---set-string 'stackstate.cluster.name'='' \ ---set-string 'stackstate.url'='' \ -stackstate/stackstate-k8s-agent -``` - -## Recommended Values - -It is also recommended that you set a value for `stackstate.cluster.authToken`. If it is not provided, a value will be generated for you, but the value will change each time an upgrade is performed. - -The command for **also** installing with a set token would be: - -```shell -helm install \ ---set-string 'stackstate.apiKey'='' \ ---set-string 'stackstate.cluster.name'='' \ ---set-string 'stackstate.cluster.authToken'='' \ ---set-string 'stackstate.url'='' \ -stackstate/stackstate-k8s-agent -``` - -## Values - -| Key | Type | Default | Description | -|-----|------|---------|-------------| -| all.hardening.enabled | bool | `false` | An indication of whether the containers will be evaluated for hardening at runtime | -| all.image.registry | string | `"quay.io"` | The image registry to use. | -| checksAgent.affinity | object | `{}` | Affinity settings for pod assignment. | -| checksAgent.apm.enabled | bool | `true` | Enable / disable the agent APM module. | -| checksAgent.checksTagCardinality | string | `"orchestrator"` | | -| checksAgent.config | object | `{"override":[]}` | | -| checksAgent.config.override | list | `[]` | A list of objects containing three keys `name`, `path` and `data`, specifying filenames at specific paths which need to be (potentially) overridden using a mounted configmap | -| checksAgent.enabled | bool | `true` | Enable / disable runnning cluster checks in a separately deployed pod | -| checksAgent.image.pullPolicy | string | `"IfNotPresent"` | Default container image pull policy. | -| checksAgent.image.repository | string | `"stackstate/stackstate-k8s-agent"` | Base container image repository. | -| checksAgent.image.tag | string | `"bdf94804"` | Default container image tag. | -| checksAgent.livenessProbe.enabled | bool | `true` | Enable use of livenessProbe check. | -| checksAgent.livenessProbe.failureThreshold | int | `3` | `failureThreshold` for the liveness probe. | -| checksAgent.livenessProbe.initialDelaySeconds | int | `15` | `initialDelaySeconds` for the liveness probe. | -| checksAgent.livenessProbe.periodSeconds | int | `15` | `periodSeconds` for the liveness probe. | -| checksAgent.livenessProbe.successThreshold | int | `1` | `successThreshold` for the liveness probe. | -| checksAgent.livenessProbe.timeoutSeconds | int | `5` | `timeoutSeconds` for the liveness probe. | -| checksAgent.logLevel | string | `"INFO"` | Logging level for clusterchecks agent processes. | -| checksAgent.networkTracing.enabled | bool | `true` | Enable / disable the agent network tracing module. | -| checksAgent.nodeSelector | object | `{}` | Node labels for pod assignment. | -| checksAgent.priorityClassName | string | `""` | Priority class for clusterchecks agent pods. | -| checksAgent.processAgent.enabled | bool | `true` | Enable / disable the agent process agent module. | -| checksAgent.readinessProbe.enabled | bool | `true` | Enable use of readinessProbe check. | -| checksAgent.readinessProbe.failureThreshold | int | `3` | `failureThreshold` for the readiness probe. | -| checksAgent.readinessProbe.initialDelaySeconds | int | `15` | `initialDelaySeconds` for the readiness probe. | -| checksAgent.readinessProbe.periodSeconds | int | `15` | `periodSeconds` for the readiness probe. | -| checksAgent.readinessProbe.successThreshold | int | `1` | `successThreshold` for the readiness probe. | -| checksAgent.readinessProbe.timeoutSeconds | int | `5` | `timeoutSeconds` for the readiness probe. | -| checksAgent.replicas | int | `1` | Number of clusterchecks agent pods to schedule | -| checksAgent.resources.limits.cpu | string | `"400m"` | Memory resource limits. | -| checksAgent.resources.limits.memory | string | `"600Mi"` | | -| checksAgent.resources.requests.cpu | string | `"20m"` | Memory resource requests. | -| checksAgent.resources.requests.memory | string | `"512Mi"` | | -| checksAgent.scc.enabled | bool | `false` | Enable / disable the installation of the SecurityContextConfiguration needed for installation on OpenShift | -| checksAgent.serviceaccount.annotations | object | `{}` | Annotations for the service account for the cluster checks pods | -| checksAgent.skipSslValidation | bool | `false` | Set to true if self signed certificates are used. | -| checksAgent.strategy | object | `{"type":"RollingUpdate"}` | The strategy for the Deployment object. | -| checksAgent.tolerations | list | `[]` | Toleration labels for pod assignment. | -| clusterAgent.affinity | object | `{}` | Affinity settings for pod assignment. | -| clusterAgent.collection.kubeStateMetrics.annotationsAsTags | object | `{}` | Extra annotations to collect from resources and to turn into StackState tag. | -| clusterAgent.collection.kubeStateMetrics.clusterCheck | bool | `false` | For large clusters where the Kubernetes State Metrics Check Core needs to be distributed on dedicated workers. | -| clusterAgent.collection.kubeStateMetrics.enabled | bool | `true` | Enable / disable the cluster agent kube-state-metrics collection. | -| clusterAgent.collection.kubeStateMetrics.labelsAsTags | object | `{}` | Extra labels to collect from resources and to turn into StackState tag. # It has the following structure: # labelsAsTags: # : # can be pod, deployment, node, etc. # : # where is the kubernetes label and is the StackState tag # : # : # : # # Warning: the label must match the transformation done by kube-state-metrics, # for example tags.stackstate/version becomes tags_stackstate_version. | -| clusterAgent.collection.kubernetesEvents | bool | `true` | Enable / disable the cluster agent events collection. | -| clusterAgent.collection.kubernetesMetrics | bool | `true` | Enable / disable the cluster agent metrics collection. | -| clusterAgent.collection.kubernetesResources.configmaps | bool | `true` | Enable / disable collection of ConfigMaps. | -| clusterAgent.collection.kubernetesResources.cronjobs | bool | `true` | Enable / disable collection of CronJobs. | -| clusterAgent.collection.kubernetesResources.daemonsets | bool | `true` | Enable / disable collection of DaemonSets. | -| clusterAgent.collection.kubernetesResources.deployments | bool | `true` | Enable / disable collection of Deployments. | -| clusterAgent.collection.kubernetesResources.endpoints | bool | `true` | Enable / disable collection of Endpoints. If endpoints are disabled then StackState won't be able to connect a Service to Pods that serving it | -| clusterAgent.collection.kubernetesResources.horizontalpodautoscalers | bool | `true` | Enable / disable collection of HorizontalPodAutoscalers. | -| clusterAgent.collection.kubernetesResources.ingresses | bool | `true` | Enable / disable collection of Ingresses. | -| clusterAgent.collection.kubernetesResources.jobs | bool | `true` | Enable / disable collection of Jobs. | -| clusterAgent.collection.kubernetesResources.limitranges | bool | `true` | Enable / disable collection of LimitRanges. | -| clusterAgent.collection.kubernetesResources.namespaces | bool | `true` | Enable / disable collection of Namespaces. | -| clusterAgent.collection.kubernetesResources.persistentvolumeclaims | bool | `true` | Enable / disable collection of PersistentVolumeClaims. Disabling these will not let StackState connect PersistentVolumes to pods they are attached to | -| clusterAgent.collection.kubernetesResources.persistentvolumes | bool | `true` | Enable / disable collection of PersistentVolumes. | -| clusterAgent.collection.kubernetesResources.poddisruptionbudgets | bool | `true` | Enable / disable collection of PodDisruptionBudgets. | -| clusterAgent.collection.kubernetesResources.replicasets | bool | `true` | Enable / disable collection of ReplicaSets. | -| clusterAgent.collection.kubernetesResources.replicationcontrollers | bool | `true` | Enable / disable collection of ReplicationControllers. | -| clusterAgent.collection.kubernetesResources.resourcequotas | bool | `true` | Enable / disable collection of ResourceQuotas. | -| clusterAgent.collection.kubernetesResources.secrets | bool | `true` | Enable / disable collection of Secrets. | -| clusterAgent.collection.kubernetesResources.statefulsets | bool | `true` | Enable / disable collection of StatefulSets. | -| clusterAgent.collection.kubernetesResources.storageclasses | bool | `true` | Enable / disable collection of StorageClasses. | -| clusterAgent.collection.kubernetesResources.volumeattachments | bool | `true` | Enable / disable collection of Volume Attachments. Used to bind Nodes to Persistent Volumes. | -| clusterAgent.collection.kubernetesTimeout | int | `10` | Default timeout (in seconds) when obtaining information from the Kubernetes API. | -| clusterAgent.collection.kubernetesTopology | bool | `true` | Enable / disable the cluster agent topology collection. | -| clusterAgent.config | object | `{"configMap":{"maxDataSize":null},"events":{"categories":{}},"override":[],"topology":{"collectionInterval":90}}` | | -| clusterAgent.config.configMap.maxDataSize | string | `nil` | Maximum amount of characters for the data property of a ConfigMap collected by the kubernetes topology check | -| clusterAgent.config.events.categories | object | `{}` | Custom mapping from Kubernetes event reason to StackState event category. Categories allowed: Alerts, Activities, Changes, Others | -| clusterAgent.config.override | list | `[]` | A list of objects containing three keys `name`, `path` and `data`, specifying filenames at specific paths which need to be (potentially) overridden using a mounted configmap | -| clusterAgent.config.topology.collectionInterval | int | `90` | Interval for running topology collection, in seconds | -| clusterAgent.enabled | bool | `true` | Enable / disable the cluster agent. | -| clusterAgent.image.pullPolicy | string | `"IfNotPresent"` | Default container image pull policy. | -| clusterAgent.image.repository | string | `"stackstate/stackstate-k8s-cluster-agent"` | Base container image repository. | -| clusterAgent.image.tag | string | `"bdf94804"` | Default container image tag. | -| clusterAgent.livenessProbe.enabled | bool | `true` | Enable use of livenessProbe check. | -| clusterAgent.livenessProbe.failureThreshold | int | `3` | `failureThreshold` for the liveness probe. | -| clusterAgent.livenessProbe.initialDelaySeconds | int | `15` | `initialDelaySeconds` for the liveness probe. | -| clusterAgent.livenessProbe.periodSeconds | int | `15` | `periodSeconds` for the liveness probe. | -| clusterAgent.livenessProbe.successThreshold | int | `1` | `successThreshold` for the liveness probe. | -| clusterAgent.livenessProbe.timeoutSeconds | int | `5` | `timeoutSeconds` for the liveness probe. | -| clusterAgent.logLevel | string | `"INFO"` | Logging level for stackstate-k8s-agent processes. | -| clusterAgent.nodeSelector | object | `{}` | Node labels for pod assignment. | -| clusterAgent.priorityClassName | string | `""` | Priority class for stackstate-k8s-agent pods. | -| clusterAgent.readinessProbe.enabled | bool | `true` | Enable use of readinessProbe check. | -| clusterAgent.readinessProbe.failureThreshold | int | `3` | `failureThreshold` for the readiness probe. | -| clusterAgent.readinessProbe.initialDelaySeconds | int | `15` | `initialDelaySeconds` for the readiness probe. | -| clusterAgent.readinessProbe.periodSeconds | int | `15` | `periodSeconds` for the readiness probe. | -| clusterAgent.readinessProbe.successThreshold | int | `1` | `successThreshold` for the readiness probe. | -| clusterAgent.readinessProbe.timeoutSeconds | int | `5` | `timeoutSeconds` for the readiness probe. | -| clusterAgent.replicaCount | int | `1` | Number of replicas of the cluster agent to deploy. | -| clusterAgent.resources.limits.cpu | string | `"400m"` | CPU resource limits. | -| clusterAgent.resources.limits.memory | string | `"800Mi"` | Memory resource limits. | -| clusterAgent.resources.requests.cpu | string | `"70m"` | CPU resource requests. | -| clusterAgent.resources.requests.memory | string | `"512Mi"` | Memory resource requests. | -| clusterAgent.service.port | int | `5005` | Change the Cluster Agent service port | -| clusterAgent.service.targetPort | int | `5005` | Change the Cluster Agent service targetPort | -| clusterAgent.serviceaccount.annotations | object | `{}` | Annotations for the service account for the cluster agent pods | -| clusterAgent.skipSslValidation | bool | `false` | If true, ignores the server certificate being signed by an unknown authority. | -| clusterAgent.strategy | object | `{"type":"RollingUpdate"}` | The strategy for the Deployment object. | -| clusterAgent.tolerations | list | `[]` | Toleration labels for pod assignment. | -| fullnameOverride | string | `""` | Override the fullname of the chart. | -| global.extraAnnotations | object | `{}` | Extra annotations added ta all resources created by the helm chart | -| global.extraEnv.open | object | `{}` | Extra open environment variables to inject into pods. | -| global.extraEnv.secret | object | `{}` | Extra secret environment variables to inject into pods via a `Secret` object. | -| global.extraLabels | object | `{}` | Extra labels added ta all resources created by the helm chart | -| global.imagePullCredentials | object | `{}` | Globally define credentials for pulling images. | -| global.imagePullSecrets | list | `[]` | Secrets / credentials needed for container image registry. | -| global.proxy.url | string | `""` | Proxy for all traffic to stackstate | -| global.skipSslValidation | bool | `false` | Enable tls validation from client | -| httpHeaderInjectorWebhook.enabled | bool | `false` | Enable the webhook for injection http header injection sidecar proxy | -| logsAgent.affinity | object | `{}` | Affinity settings for pod assignment. | -| logsAgent.enabled | bool | `true` | Enable / disable k8s pod log collection | -| logsAgent.image.pullPolicy | string | `"IfNotPresent"` | Default container image pull policy. | -| logsAgent.image.repository | string | `"stackstate/promtail"` | Base container image repository. | -| logsAgent.image.tag | string | `"2.9.8-5b179aee"` | Default container image tag. | -| logsAgent.nodeSelector | object | `{}` | Node labels for pod assignment. | -| logsAgent.priorityClassName | string | `""` | Priority class for logsAgent pods. | -| logsAgent.resources.limits.cpu | string | `"1300m"` | Memory resource limits. | -| logsAgent.resources.limits.memory | string | `"192Mi"` | | -| logsAgent.resources.requests.cpu | string | `"20m"` | Memory resource requests. | -| logsAgent.resources.requests.memory | string | `"100Mi"` | | -| logsAgent.serviceaccount.annotations | object | `{}` | Annotations for the service account for the daemonset pods | -| logsAgent.skipSslValidation | bool | `false` | If true, ignores the server certificate being signed by an unknown authority. | -| logsAgent.tolerations | list | `[]` | Toleration labels for pod assignment. | -| logsAgent.updateStrategy | object | `{"rollingUpdate":{"maxUnavailable":100},"type":"RollingUpdate"}` | The update strategy for the DaemonSet object. | -| nameOverride | string | `""` | Override the name of the chart. | -| nodeAgent.affinity | object | `{}` | Affinity settings for pod assignment. | -| nodeAgent.apm.enabled | bool | `true` | Enable / disable the nodeAgent APM module. | -| nodeAgent.autoScalingEnabled | bool | `false` | Enable / disable autoscaling for the node agent pods. | -| nodeAgent.checksTagCardinality | string | `"orchestrator"` | low, orchestrator or high. Orchestrator level adds pod_name, high adds display_container_name | -| nodeAgent.config | object | `{"override":[]}` | | -| nodeAgent.config.override | list | `[]` | A list of objects containing three keys `name`, `path` and `data`, specifying filenames at specific paths which need to be (potentially) overridden using a mounted configmap | -| nodeAgent.containerRuntime.customSocketPath | string | `""` | If the container socket path does not match the default for CRI-O, Containerd or Docker, supply a custom socket path. | -| nodeAgent.containerRuntime.hostProc | string | `"/proc"` | | -| nodeAgent.containers.agent.env | object | `{}` | Additional environment variables for the agent container | -| nodeAgent.containers.agent.image.pullPolicy | string | `"IfNotPresent"` | Default container image pull policy. | -| nodeAgent.containers.agent.image.repository | string | `"stackstate/stackstate-k8s-agent"` | Base container image repository. | -| nodeAgent.containers.agent.image.tag | string | `"bdf94804"` | Default container image tag. | -| nodeAgent.containers.agent.livenessProbe.enabled | bool | `true` | Enable use of livenessProbe check. | -| nodeAgent.containers.agent.livenessProbe.failureThreshold | int | `3` | `failureThreshold` for the liveness probe. | -| nodeAgent.containers.agent.livenessProbe.initialDelaySeconds | int | `15` | `initialDelaySeconds` for the liveness probe. | -| nodeAgent.containers.agent.livenessProbe.periodSeconds | int | `15` | `periodSeconds` for the liveness probe. | -| nodeAgent.containers.agent.livenessProbe.successThreshold | int | `1` | `successThreshold` for the liveness probe. | -| nodeAgent.containers.agent.livenessProbe.timeoutSeconds | int | `5` | `timeoutSeconds` for the liveness probe. | -| nodeAgent.containers.agent.logLevel | string | `nil` | Set logging verbosity, valid log levels are: trace, debug, info, warn, error, critical, and off # If not set, fall back to the value of agent.logLevel. | -| nodeAgent.containers.agent.processAgent.enabled | bool | `false` | Enable / disable the agent process agent module. - deprecated | -| nodeAgent.containers.agent.readinessProbe.enabled | bool | `true` | Enable use of readinessProbe check. | -| nodeAgent.containers.agent.readinessProbe.failureThreshold | int | `3` | `failureThreshold` for the readiness probe. | -| nodeAgent.containers.agent.readinessProbe.initialDelaySeconds | int | `15` | `initialDelaySeconds` for the readiness probe. | -| nodeAgent.containers.agent.readinessProbe.periodSeconds | int | `15` | `periodSeconds` for the readiness probe. | -| nodeAgent.containers.agent.readinessProbe.successThreshold | int | `1` | `successThreshold` for the readiness probe. | -| nodeAgent.containers.agent.readinessProbe.timeoutSeconds | int | `5` | `timeoutSeconds` for the readiness probe. | -| nodeAgent.containers.agent.resources.limits.cpu | string | `"270m"` | Memory resource limits. | -| nodeAgent.containers.agent.resources.limits.memory | string | `"420Mi"` | | -| nodeAgent.containers.agent.resources.requests.cpu | string | `"20m"` | Memory resource requests. | -| nodeAgent.containers.agent.resources.requests.memory | string | `"180Mi"` | | -| nodeAgent.containers.processAgent.enabled | bool | `true` | Enable / disable the process agent container. | -| nodeAgent.containers.processAgent.env | object | `{}` | Additional environment variables for the process-agent container | -| nodeAgent.containers.processAgent.image.pullPolicy | string | `"IfNotPresent"` | Process-agent container image pull policy. | -| nodeAgent.containers.processAgent.image.registry | string | `nil` | | -| nodeAgent.containers.processAgent.image.repository | string | `"stackstate/stackstate-k8s-process-agent"` | Process-agent container image repository. | -| nodeAgent.containers.processAgent.image.tag | string | `"ae5d42d2"` | Default process-agent container image tag. | -| nodeAgent.containers.processAgent.logLevel | string | `nil` | Set logging verbosity, valid log levels are: trace, debug, info, warn, error, critical, and off # If not set, fall back to the value of agent.logLevel. | -| nodeAgent.containers.processAgent.procVolumeReadOnly | bool | `true` | Configure whether /host/proc is read only for the process agent container | -| nodeAgent.containers.processAgent.resources.limits.cpu | string | `"125m"` | Memory resource limits. | -| nodeAgent.containers.processAgent.resources.limits.memory | string | `"400Mi"` | | -| nodeAgent.containers.processAgent.resources.requests.cpu | string | `"25m"` | Memory resource requests. | -| nodeAgent.containers.processAgent.resources.requests.memory | string | `"128Mi"` | | -| nodeAgent.httpTracing.enabled | bool | `true` | | -| nodeAgent.logLevel | string | `"INFO"` | Logging level for agent processes. | -| nodeAgent.networkTracing.enabled | bool | `true` | Enable / disable the nodeAgent network tracing module. | -| nodeAgent.nodeSelector | object | `{}` | Node labels for pod assignment. | -| nodeAgent.priorityClassName | string | `""` | Priority class for nodeAgent pods. | -| nodeAgent.protocolInspection.enabled | bool | `true` | Enable / disable the nodeAgent protocol inspection. | -| nodeAgent.scaling.autoscalerLimits.agent.maximum.cpu | string | `"200m"` | Maximum CPU resource limits for main agent. | -| nodeAgent.scaling.autoscalerLimits.agent.maximum.memory | string | `"450Mi"` | Maximum memory resource limits for main agent. | -| nodeAgent.scaling.autoscalerLimits.agent.minimum.cpu | string | `"20m"` | Minimum CPU resource limits for main agent. | -| nodeAgent.scaling.autoscalerLimits.agent.minimum.memory | string | `"180Mi"` | Minimum memory resource limits for main agent. | -| nodeAgent.scaling.autoscalerLimits.processAgent.maximum.cpu | string | `"200m"` | Maximum CPU resource limits for process agent. | -| nodeAgent.scaling.autoscalerLimits.processAgent.maximum.memory | string | `"500Mi"` | Maximum memory resource limits for process agent. | -| nodeAgent.scaling.autoscalerLimits.processAgent.minimum.cpu | string | `"25m"` | Minimum CPU resource limits for process agent. | -| nodeAgent.scaling.autoscalerLimits.processAgent.minimum.memory | string | `"100Mi"` | Minimum memory resource limits for process agent. | -| nodeAgent.scc.enabled | bool | `false` | Enable / disable the installation of the SecurityContextConfiguration needed for installation on OpenShift. | -| nodeAgent.service | object | `{"annotations":{},"loadBalancerSourceRanges":["10.0.0.0/8"],"type":"ClusterIP"}` | The Kubernetes service for the agent | -| nodeAgent.service.annotations | object | `{}` | Annotations for the service | -| nodeAgent.service.loadBalancerSourceRanges | list | `["10.0.0.0/8"]` | The IP4 CIDR allowed to reach LoadBalancer for the service. For LoadBalancer type of service only. | -| nodeAgent.service.type | string | `"ClusterIP"` | Type of Kubernetes service: ClusterIP, LoadBalancer, NodePort | -| nodeAgent.serviceaccount.annotations | object | `{}` | Annotations for the service account for the agent daemonset pods | -| nodeAgent.skipKubeletTLSVerify | bool | `false` | Set to true if you want to skip kubelet tls verification. | -| nodeAgent.skipSslValidation | bool | `false` | Set to true if self signed certificates are used. | -| nodeAgent.tolerations | list | `[]` | Toleration labels for pod assignment. | -| nodeAgent.updateStrategy | object | `{"rollingUpdate":{"maxUnavailable":100},"type":"RollingUpdate"}` | The update strategy for the DaemonSet object. | -| openShiftLogging.installSecret | bool | `false` | Install a secret for logging on openshift | -| processAgent.checkIntervals.connections | int | `30` | Override the default value of the connections check interval in seconds. | -| processAgent.checkIntervals.container | int | `28` | Override the default value of the container check interval in seconds. | -| processAgent.checkIntervals.process | int | `32` | Override the default value of the process check interval in seconds. | -| processAgent.softMemoryLimit.goMemLimit | string | `"340MiB"` | Soft-limit for golang heap allocation, for sanity, must be around 85% of nodeAgent.containers.processAgent.resources.limits.cpu. | -| processAgent.softMemoryLimit.httpObservationsBufferSize | int | `40000` | Sets a maximum for the number of http observations to keep in memory between check runs, to use 40k requires around ~400Mib of memory. | -| processAgent.softMemoryLimit.httpStatsBufferSize | int | `40000` | Sets a maximum for the number of http stats to keep in memory between check runs, to use 40k requires around ~400Mib of memory. | -| stackstate.apiKey | string | `nil` | **PROVIDE YOUR API KEY HERE** API key to be used by the StackState agent. | -| stackstate.cluster.authToken | string | `""` | Provide a token to enable secure communication between the agent and the cluster agent. | -| stackstate.cluster.name | string | `nil` | **PROVIDE KUBERNETES CLUSTER NAME HERE** Name of the Kubernetes cluster where the agent will be installed. | -| stackstate.customApiKeySecretKey | string | `"sts-api-key"` | Key in the secret containing the receiver API key. | -| stackstate.customClusterAuthTokenSecretKey | string | `"sts-cluster-auth-token"` | Key in the secret containing the cluster auth token. | -| stackstate.customSecretName | string | `""` | Name of the secret containing the receiver API key. | -| stackstate.manageOwnSecrets | bool | `false` | Set to true if you don't want this helm chart to create secrets for you. | -| stackstate.url | string | `nil` | **PROVIDE STACKSTATE URL HERE** URL of the StackState installation to receive data from the agent. | -| targetSystem | string | `"linux"` | Target OS for this deployment (possible values: linux) | diff --git a/charts/stackstate/stackstate-k8s-agent/1.0.86/README.md.gotmpl b/charts/stackstate/stackstate-k8s-agent/1.0.86/README.md.gotmpl deleted file mode 100644 index 7909e6f0d..000000000 --- a/charts/stackstate/stackstate-k8s-agent/1.0.86/README.md.gotmpl +++ /dev/null @@ -1,45 +0,0 @@ -{{ template "chart.header" . }} -{{ template "chart.description" . }} - -Current chart version is `{{ template "chart.version" . }}` - -{{ template "chart.homepageLine" . }} - -{{ template "chart.requirementsSection" . }} - -## Required Values - -In order to successfully install this chart, you **must** provide the following variables: - -* `stackstate.apiKey` -* `stackstate.cluster.name` -* `stackstate.url` - -The parameter `stackstate.cluster.name` is entered when installing the Cluster Agent StackPack. - -Install them on the command line on Helm with the following command: - -```shell -helm install \ ---set-string 'stackstate.apiKey'='' \ ---set-string 'stackstate.cluster.name'='' \ ---set-string 'stackstate.url'='' \ -stackstate/stackstate-k8s-agent -``` - -## Recommended Values - -It is also recommended that you set a value for `stackstate.cluster.authToken`. If it is not provided, a value will be generated for you, but the value will change each time an upgrade is performed. - -The command for **also** installing with a set token would be: - -```shell -helm install \ ---set-string 'stackstate.apiKey'='' \ ---set-string 'stackstate.cluster.name'='' \ ---set-string 'stackstate.cluster.authToken'='' \ ---set-string 'stackstate.url'='' \ -stackstate/stackstate-k8s-agent -``` - -{{ template "chart.valuesSection" . }} diff --git a/charts/stackstate/stackstate-k8s-agent/1.0.86/Releasing.md b/charts/stackstate/stackstate-k8s-agent/1.0.86/Releasing.md deleted file mode 100644 index bab6c2b94..000000000 --- a/charts/stackstate/stackstate-k8s-agent/1.0.86/Releasing.md +++ /dev/null @@ -1,15 +0,0 @@ -To make a new release of this helm chart, follow the following steps: - - -- Create a branch from master -- Set the latest tags for the docker images, based on the dev settings (while we do not promote to prod, the moment we promote to prod we should take those tags) from https://gitlab.com/stackvista/devops/agent-promoter/-/blob/master/config.yml. Set the value to the folowing keys: - * stackstate-k8s-cluster-agent: - * [clusterAgent.image.tag] - * stackstate-k8s-agent: - * [nodeAgent.containers.agent.image.tag] - * [checksAgent.image.tag] - * stackstate-k8s-process-agent: - * [nodeAgent.containers.processAgent.image.tag] -- Bump the version of the chart -- Merge the mr and hit the public release button on the ci pipeline -- Manually smoke-test (deploy) the newly released stackstate/stackstate-k8s-agent chart to make sure it runs diff --git a/charts/stackstate/stackstate-k8s-agent/1.0.86/app-readme.md b/charts/stackstate/stackstate-k8s-agent/1.0.86/app-readme.md deleted file mode 100644 index 8025fe1d3..000000000 --- a/charts/stackstate/stackstate-k8s-agent/1.0.86/app-readme.md +++ /dev/null @@ -1,5 +0,0 @@ -## Introduction - -StackState is a modern Application Troubleshooting and Observability solution designed for the rapid evolving engineering landscape. With specific enhancements for Kubernetes environments it empowers engineers, allowing them to remediate application issues independently in production. - -The StackState Agent auto-discovers your entire environment in minutes, assimilating topology, logs, metrics, and events and sends this of to the StackState server. By using StackState you're able to tracke all activity in your environment in real-time and over time. StackState provides instant understanding of the business impact of an issue, offering end-to-end chain observability and ensuring that you can quickly correlate any product or environmental changes to the overall health of your cloud-native implementation. diff --git a/charts/stackstate/stackstate-k8s-agent/1.0.86/charts/http-header-injector/.helmignore b/charts/stackstate/stackstate-k8s-agent/1.0.86/charts/http-header-injector/.helmignore deleted file mode 100644 index 69790771c..000000000 --- a/charts/stackstate/stackstate-k8s-agent/1.0.86/charts/http-header-injector/.helmignore +++ /dev/null @@ -1,25 +0,0 @@ -# Patterns to ignore when building packages. -# This supports shell glob matching, relative path matching, and -# negation (prefixed with !). Only one pattern per line. -.DS_Store -# Common VCS dirs -.git/ -.gitignore -.bzr/ -.bzrignore -.hg/ -.hgignore -.svn/ -# Common backup files -*.swp -*.bak -*.tmp -*~ -# Various IDEs -.project -.idea/ -*.tmproj -.vscode/ -linter_values.yaml -ci/ -installation/ diff --git a/charts/stackstate/stackstate-k8s-agent/1.0.86/charts/http-header-injector/Chart.yaml b/charts/stackstate/stackstate-k8s-agent/1.0.86/charts/http-header-injector/Chart.yaml deleted file mode 100644 index ff28ae8da..000000000 --- a/charts/stackstate/stackstate-k8s-agent/1.0.86/charts/http-header-injector/Chart.yaml +++ /dev/null @@ -1,15 +0,0 @@ -apiVersion: v2 -appVersion: 0.0.1 -description: 'Helm chart for deploying the http-header-injector sidecar, which automatically - injects x-request-id into http traffic going through the cluster for pods which - have the annotation `http-header-injector.stackstate.io/inject: enabled` is set. ' -home: https://github.com/StackVista/http-header-injector -icon: https://www.stackstate.com/wp-content/uploads/2019/02/152x152-favicon.png -keywords: -- monitoring -- stackstate -maintainers: -- email: ops@stackstate.com - name: Stackstate Lupulus Team -name: http-header-injector -version: 0.0.11 diff --git a/charts/stackstate/stackstate-k8s-agent/1.0.86/charts/http-header-injector/README.md b/charts/stackstate/stackstate-k8s-agent/1.0.86/charts/http-header-injector/README.md deleted file mode 100644 index 840ff5240..000000000 --- a/charts/stackstate/stackstate-k8s-agent/1.0.86/charts/http-header-injector/README.md +++ /dev/null @@ -1,56 +0,0 @@ -# http-header-injector - -![Version: 0.0.11](https://img.shields.io/badge/Version-0.0.11-informational?style=flat-square) ![AppVersion: 0.0.1](https://img.shields.io/badge/AppVersion-0.0.1-informational?style=flat-square) - -Helm chart for deploying the http-header-injector sidecar, which automatically injects x-request-id into http traffic -going through the cluster for pods which have the annotation `http-header-injector.stackstate.io/inject: enabled` is set. - -**Homepage:** - -## Maintainers - -| Name | Email | Url | -| ---- | ------ | --- | -| Stackstate Lupulus Team | | | - -## Values - -| Key | Type | Default | Description | -|-----|------|---------|-------------| -| certificatePrehook | object | `{"image":{"pullPolicy":"IfNotPresent","registry":null,"repository":"stackstate/container-tools","tag":"1.4.0"},"resources":{"limits":{"cpu":"100m","memory":"200Mi"},"requests":{"cpu":"100m","memory":"200Mi"}}}` | Helm prehook to setup/remove a certificate for the sidecarInjector mutationwebhook | -| certificatePrehook.image.pullPolicy | string | `"IfNotPresent"` | Policy when pulling an image | -| certificatePrehook.image.registry | string | `nil` | Registry for the docker image. | -| certificatePrehook.image.tag | string | `"1.4.0"` | The tag for the docker image | -| debug | bool | `false` | Enable debugging. This will leave leave artifacts around like the prehook jobs for further inspection | -| enabled | bool | `true` | Enable/disable the mutationwebhook | -| global.extraAnnotations | object | `{}` | Extra annotations added ta all resources created by the helm chart | -| global.extraLabels | object | `{}` | Extra labels added ta all resources created by the helm chart | -| global.imagePullCredentials | object | `{}` | Globally define credentials for pulling images. | -| global.imagePullSecrets | list | `[]` | Globally add image pull secrets that are used. | -| global.imageRegistry | string | `nil` | Globally override the image registry that is used. Can be overridden by specific containers. Defaults to quay.io | -| images.pullSecretName | string | `nil` | | -| proxy | object | `{"image":{"pullPolicy":"IfNotPresent","registry":null,"repository":"stackstate/http-header-injector-proxy","tag":"sha-5ff79451"},"resources":{"limits":{"memory":"40Mi"},"requests":{"memory":"25Mi"}}}` | Proxy being injected into pods for rewriting http headers | -| proxy.image.pullPolicy | string | `"IfNotPresent"` | Policy when pulling an image | -| proxy.image.registry | string | `nil` | Registry for the docker image. | -| proxy.image.tag | string | `"sha-5ff79451"` | The tag for the docker image | -| proxy.resources.limits.memory | string | `"40Mi"` | Memory resource limits. | -| proxy.resources.requests.memory | string | `"25Mi"` | Memory resource requests. | -| proxyInit | object | `{"image":{"pullPolicy":"IfNotPresent","registry":null,"repository":"stackstate/http-header-injector-proxy-init","tag":"sha-5ff79451"}}` | InitContainer within pod which redirects traffic to the proxy container. | -| proxyInit.image.pullPolicy | string | `"IfNotPresent"` | Policy when pulling an image | -| proxyInit.image.registry | string | `nil` | Registry for the docker image | -| proxyInit.image.tag | string | `"sha-5ff79451"` | The tag for the docker image | -| sidecarInjector | object | `{"image":{"pullPolicy":"IfNotPresent","registry":null,"repository":"stackstate/generic-sidecar-injector","tag":"sha-9c852245"}}` | Service for injecting the proxy sidecar into pods | -| sidecarInjector.image.pullPolicy | string | `"IfNotPresent"` | Policy when pulling an image | -| sidecarInjector.image.registry | string | `nil` | Registry for the docker image. | -| sidecarInjector.image.tag | string | `"sha-9c852245"` | The tag for the docker image | -| webhook | object | `{"failurePolicy":"Ignore","tls":{"certManager":{"issuer":"","issuerKind":"ClusterIssuer","issuerNamespace":""},"mode":"generated","provided":{"caBundle":"","crt":"","key":""},"secret":{"name":""}}}` | MutationWebhook that will be installed to inject a sidecar into pods | -| webhook.failurePolicy | string | `"Ignore"` | How should the webhook fail? Best is to use Ignore, because there is a brief moment at initialization when the hook s there but the service not. Also, putting this to fail can cause the control plane be unresponsive. | -| webhook.tls.certManager.issuer | string | `""` | The issuer that is used for the webhook. Only used if you set webhook.tls.mode to "cert-manager". | -| webhook.tls.certManager.issuerKind | string | `"ClusterIssuer"` | The issuer kind that is used for the webhook, valid values are "Issuer" or "ClusterIssuer". Only used if you set webhook.tls.mode to "cert-manager". | -| webhook.tls.certManager.issuerNamespace | string | `""` | The namespace the cert-manager issuer is located in. If left empty defaults to the release's namespace that is used for the webhook. Only used if you set webhook.tls.mode to "cert-manager". | -| webhook.tls.mode | string | `"generated"` | The mode for the webhook. Can be "provided", "generated", "secret" or "cert-manager". If you want to use cert-manager, you need to install it first. NOTE: If you choose "generated", additional privileges are required to create the certificate and webhook at runtime. | -| webhook.tls.provided.caBundle | string | `""` | The caBundle that is used for the webhook. This is the certificate that is used to sign the webhook. Only used if you set webhook.tls.mode to "provided". | -| webhook.tls.provided.crt | string | `""` | The certificate that is used for the webhook. Only used if you set webhook.tls.mode to "provided". | -| webhook.tls.provided.key | string | `""` | The key that is used for the webhook. Only used if you set webhook.tls.mode to "provided". | -| webhook.tls.secret.name | string | `""` | The name of the secret containing the pre-provisioned certificate data that is used for the webhook. Only used if you set webhook.tls.mode to "secret". | - diff --git a/charts/stackstate/stackstate-k8s-agent/1.0.86/charts/http-header-injector/Readme.md.gotpl b/charts/stackstate/stackstate-k8s-agent/1.0.86/charts/http-header-injector/Readme.md.gotpl deleted file mode 100644 index 225032aa2..000000000 --- a/charts/stackstate/stackstate-k8s-agent/1.0.86/charts/http-header-injector/Readme.md.gotpl +++ /dev/null @@ -1,26 +0,0 @@ -{{ template "chart.header" . }} -{{ template "chart.description" . }} - -Current chart version is `{{ template "chart.version" . }}` - -{{ template "chart.homepageLine" . }} - -{{ template "chart.requirementsSection" . }} - -## Required Values - -No values have to be included to install this chart. After installing this chart, it becomes possible to annotate pods with -the `http-header-injector.stackstate.io/inject: enabled` annotation to make sure the sidecar provided by this chart is -activated on a pod. - -## Recommended Values - -{{ template "chart.valuesSection" . -}} - -## Install - -Install from the command line on Helm with the following command: - -```shell -helm install stackstate/http-header-injector -``` diff --git a/charts/stackstate/stackstate-k8s-agent/1.0.86/charts/http-header-injector/templates/_defines.tpl b/charts/stackstate/stackstate-k8s-agent/1.0.86/charts/http-header-injector/templates/_defines.tpl deleted file mode 100644 index ee6b7320e..000000000 --- a/charts/stackstate/stackstate-k8s-agent/1.0.86/charts/http-header-injector/templates/_defines.tpl +++ /dev/null @@ -1,131 +0,0 @@ -{{- define "http-header-injector.app.name" -}} -{{ .Release.Name }}-http-header-injector -{{- end -}} - -{{- define "http-header-injector.webhook-service.name" -}} -{{ .Release.Name }}-http-header-injector -{{- end -}} - -{{- define "http-header-injector.webhook-service.fqname" -}} -{{ .Release.Name }}-http-header-injector.{{ .Release.Namespace }}.svc -{{- end -}} - -{{- define "http-header-injector.cert-secret.name" -}} -{{- if eq .Values.webhook.tls.mode "secret" -}} -{{ .Values.webhook.tls.secret.name }} -{{- else -}} -{{ .Release.Name }}-http-injector-cert -{{- end -}} -{{- end -}} - -{{- define "http-header-injector.cert-clusterrole.name" -}} -{{ .Release.Name }}-http-injector-cert-cluster-role -{{- end -}} - -{{- define "http-header-injector.cert-serviceaccount.name" -}} -{{ .Release.Name }}-http-injector-cert-sa -{{- end -}} - -{{- define "http-header-injector.cert-config.name" -}} -{{ .Release.Name }}-cert-config -{{- end -}} - -{{- define "http-header-injector.mutatingwebhookconfiguration.name" -}} -{{ .Release.Name }}-http-header-injector-webhook.stackstate.io -{{- end -}} - -{{- define "http-header-injector.webhook-config.name" -}} -{{ .Release.Name }}-http-header-injector-config -{{- end -}} - -{{- define "http-header-injector.mutating-webhook.name" -}} -{{ .Release.Name }}-http-header-injector-webhook -{{- end -}} - -{{- define "http-header-injector.pull-secret.name" -}} -{{ include "http-header-injector.app.name" . }}-pull-secret -{{- end -}} - -{{/* If the issuer is located in a different namespace, it is possible to set that, else default to the release namespace */}} -{{- define "cert-manager.certificate.namespace" -}} -{{ .Values.webhook.tls.certManager.issuerNamespace | default .Release.Namespace }} -{{- end -}} - -{{- define "http-header-injector.image.registry.global" -}} - {{- if .Values.global }} - {{- .Values.global.imageRegistry | default "quay.io" -}} - {{- else -}} - quay.io - {{- end -}} -{{- end -}} - -{{- define "http-header-injector.image.registry" -}} - {{- if ((.ContainerConfig).image).registry -}} - {{- tpl .ContainerConfig.image.registry . -}} - {{- else -}} - {{- include "http-header-injector.image.registry.global" . }} - {{- end -}} -{{- end -}} - -{{- define "http-header-injector.image.pullSecrets" -}} - {{- $pullSecrets := list }} - {{- $pullSecrets = append $pullSecrets (include "http-header-injector.pull-secret.name" .) }} - {{- range .Values.global.imagePullSecrets -}} - {{- $pullSecrets = append $pullSecrets . -}} - {{- end -}} - {{- if (not (empty $pullSecrets)) -}} -imagePullSecrets: - {{- range $pullSecrets | uniq }} - - name: {{ . }} - {{- end }} - {{- end -}} -{{- end -}} - -{{- define "http-header-injector.cert-setup.container.main" }} -{{- $containerConfig := dict "ContainerConfig" .Values.certificatePrehook -}} -name: webhook-cert-setup -image: "{{ include "http-header-injector.image.registry" (merge $containerConfig .) }}/{{ .Values.certificatePrehook.image.repository }}:{{ .Values.certificatePrehook.image.tag }}" -imagePullPolicy: {{ .Values.certificatePrehook.image.pullPolicy }} -{{- with .Values.certificatePrehook.resources }} -resources: - {{- toYaml . | nindent 2 }} -{{- end }} -volumeMounts: - - name: "{{ include "http-header-injector.cert-config.name" . }}" - mountPath: /scripts - readOnly: true -command: ["/scripts/generate-cert.sh"] -{{- end }} - -{{- define "http-header-injector.cert-delete.container.main" }} -{{- $containerConfig := dict "ContainerConfig" .Values.certificatePrehook -}} -name: webhook-cert-delete -image: "{{ include "http-header-injector.image.registry" (merge $containerConfig .) }}/{{ .Values.certificatePrehook.image.repository }}:{{ .Values.certificatePrehook.image.tag }}" -imagePullPolicy: {{ .Values.certificatePrehook.image.pullPolicy }} -{{- with .Values.certificatePrehook.resources }} -resources: - {{- toYaml . | nindent 2 }} -{{- end }} -volumeMounts: - - name: "{{ include "http-header-injector.cert-config.name" . }}" - mountPath: /scripts -command: [ "/scripts/delete-cert.sh" ] -{{- end }} - -{{/* -Returns a YAML with extra annotations. -*/}} -{{- define "http-header-injector.global.extraAnnotations" -}} -{{- with .Values.global.extraAnnotations }} -{{- toYaml . }} -{{- end }} -{{- end -}} - -{{/* -Returns a YAML with extra labels. -*/}} -{{- define "http-header-injector.global.extraLabels" -}} -{{- with .Values.global.extraLabels }} -{{- toYaml . }} -{{- end }} -{{- end -}} \ No newline at end of file diff --git a/charts/stackstate/stackstate-k8s-agent/1.0.86/charts/http-header-injector/templates/cert-hook-clusterrolbinding.yaml b/charts/stackstate/stackstate-k8s-agent/1.0.86/charts/http-header-injector/templates/cert-hook-clusterrolbinding.yaml deleted file mode 100644 index fc0c01258..000000000 --- a/charts/stackstate/stackstate-k8s-agent/1.0.86/charts/http-header-injector/templates/cert-hook-clusterrolbinding.yaml +++ /dev/null @@ -1,24 +0,0 @@ -{{- if eq .Values.webhook.tls.mode "generated" }} -apiVersion: rbac.authorization.k8s.io/v1 -kind: ClusterRoleBinding -metadata: - name: "{{ include "http-header-injector.cert-serviceaccount.name" . }}" - labels: - app.kubernetes.io/component: http-header-injector-cert-hook - app.kubernetes.io/instance: {{ .Release.Name }} - app.kubernetes.io/name: {{ include "http-header-injector.app.name" . }} -{{ include "http-header-injector.global.extraLabels" . | indent 4 }} - annotations: - "helm.sh/hook": pre-install,pre-upgrade,post-delete,post-upgrade - "helm.sh/hook-weight": "-3" - "helm.sh/hook-delete-policy": before-hook-creation,hook-succeeded -{{ include "http-header-injector.global.extraAnnotations" . | indent 4 }} -roleRef: - apiGroup: rbac.authorization.k8s.io - kind: ClusterRole - name: "{{ include "http-header-injector.cert-clusterrole.name" . }}" -subjects: - - kind: ServiceAccount - name: "{{ include "http-header-injector.cert-serviceaccount.name" . }}" - namespace: {{ .Release.Namespace }} -{{- end }} diff --git a/charts/stackstate/stackstate-k8s-agent/1.0.86/charts/http-header-injector/templates/cert-hook-clusterrole.yaml b/charts/stackstate/stackstate-k8s-agent/1.0.86/charts/http-header-injector/templates/cert-hook-clusterrole.yaml deleted file mode 100644 index afab838b3..000000000 --- a/charts/stackstate/stackstate-k8s-agent/1.0.86/charts/http-header-injector/templates/cert-hook-clusterrole.yaml +++ /dev/null @@ -1,26 +0,0 @@ -{{- if eq .Values.webhook.tls.mode "generated" }} -apiVersion: rbac.authorization.k8s.io/v1 -kind: ClusterRole -metadata: - name: "{{ include "http-header-injector.cert-clusterrole.name" . }}" - labels: - app.kubernetes.io/component: http-header-injector-cert-hook - app.kubernetes.io/instance: {{ .Release.Name }} - app.kubernetes.io/name: {{ include "http-header-injector.app.name" . }} -{{ include "http-header-injector.global.extraLabels" . | indent 4 }} - annotations: - "helm.sh/hook": pre-install,pre-upgrade,post-delete,post-upgrade - "helm.sh/hook-weight": "-4" - "helm.sh/hook-delete-policy": before-hook-creation,hook-succeeded -{{ include "http-header-injector.global.extraAnnotations" . | indent 4 }} -rules: - - apiGroups: [ "admissionregistration.k8s.io" ] - resources: [ "mutatingwebhookconfigurations" ] - verbs: [ "get", "create", "patch","update","delete" ] - - apiGroups: [ "" ] - resources: [ "secrets" ] - verbs: [ "create", "get", "patch","update","delete" ] - - apiGroups: [ "apps" ] - resources: [ "deployments" ] - verbs: [ "get" ] -{{- end }} diff --git a/charts/stackstate/stackstate-k8s-agent/1.0.86/charts/http-header-injector/templates/cert-hook-config.yaml b/charts/stackstate/stackstate-k8s-agent/1.0.86/charts/http-header-injector/templates/cert-hook-config.yaml deleted file mode 100644 index a22bdf4fb..000000000 --- a/charts/stackstate/stackstate-k8s-agent/1.0.86/charts/http-header-injector/templates/cert-hook-config.yaml +++ /dev/null @@ -1,158 +0,0 @@ -{{- if eq .Values.webhook.tls.mode "generated" }} -apiVersion: v1 -kind: ConfigMap -metadata: - name: "{{ include "http-header-injector.cert-config.name" . }}" - labels: - app.kubernetes.io/component: http-header-injector-cert-hook - app.kubernetes.io/instance: {{ .Release.Name }} - app.kubernetes.io/name: {{ include "http-header-injector.app.name" . }} -{{ include "http-header-injector.global.extraLabels" . | indent 4 }} - annotations: - "helm.sh/hook": pre-install,pre-upgrade,post-delete,post-upgrade - "helm.sh/hook-weight": "-3" - "helm.sh/hook-delete-policy": before-hook-creation,hook-succeeded -{{ include "http-header-injector.global.extraAnnotations" . | indent 4 }} -data: - generate-cert.sh: | - #!/bin/bash - - # We are going for a self-signed certificate here. We would like to use k8s CertificateSigningRequest, however, - # currently there are no out of the box signers that can sign a 'server auth' certificate, which is required for mutation webhooks. - set -ex - - SCRIPTDIR="${BASH_SOURCE%/*}" - - DIR=`mktemp -d` - - cd "$DIR" - - {{ if .Values.enabled }} - echo "Chart enabled, creating secret and webhook" - - openssl genrsa -out ca.key 2048 - - openssl req -x509 -new -nodes -key ca.key -subj "/CN={{ include "http-header-injector.webhook-service.fqname" . }}" -days 10000 -out ca.crt - - openssl genrsa -out tls.key 2048 - - openssl req -new -key tls.key -out tls.csr -config "$SCRIPTDIR/csr.conf" - - openssl x509 -req -in tls.csr -CA ca.crt -CAkey ca.key \ - -CAcreateserial -out tls.crt -days 10000 \ - -extensions v3_ext -extfile "$SCRIPTDIR/csr.conf" -sha256 - - # Create or update the secret - echo "Applying secret" - kubectl create secret tls "{{ include "http-header-injector.cert-secret.name" . }}" \ - -n "{{ .Release.Namespace }}" \ - --cert=./tls.crt \ - --key=./tls.key \ - --dry-run=client \ - -o yaml | kubectl apply -f - - - echo "Applying mutationwebhook" - caBundle=`base64 -w 0 ca.crt` - cat "$SCRIPTDIR/mutatingwebhookconfiguration.yaml" | sed "s/\\\$CA_BUNDLE/$caBundle/g" | kubectl apply -f - - {{ else }} - echo "Chart disabled, not creating secret and webhook" - {{ end }} - delete-cert.sh: | - #!/bin/bash - - set -x - - DIR="${BASH_SOURCE%/*}" - if [[ ! -d "$DIR" ]]; then DIR="$PWD"; fi - if [[ "$DIR" = "." ]]; then DIR="$PWD"; fi - - cd "$DIR" - - # Using detection of deployment hee to also make this work in post-delete. - if kubectl get deployments "{{ include "http-header-injector.app.name" . }}" -n "{{ .Release.Namespace }}"; then - echo "Chart enabled, not removing secret and mutationwebhook" - exit 0 - else - echo "Chart disabled, removing secret and mutationwebhook" - fi - - # Create or update the secret - echo "Deleting secret" - kubectl delete secret "{{ include "http-header-injector.cert-secret.name" . }}" -n "{{ .Release.Namespace }}" - - echo "Applying mutationwebhook" - kubectl delete MutatingWebhookConfiguration "{{ include "http-header-injector.mutating-webhook.name" . }}" -n "{{ .Release.Namespace }}" - - exit 0 - - csr.conf: | - [ req ] - default_bits = 2048 - prompt = no - default_md = sha256 - req_extensions = req_ext - distinguished_name = dn - - [ dn ] - C = NL - ST = Utrecht - L = Hilversum - O = StackState - OU = Dev - CN = {{ include "http-header-injector.webhook-service.fqname" . }} - - [ req_ext ] - subjectAltName = @alt_names - - [ alt_names ] - DNS.1 = {{ include "http-header-injector.webhook-service.fqname" . }} - - [ v3_ext ] - authorityKeyIdentifier=keyid,issuer:always - basicConstraints=CA:FALSE - keyUsage=keyEncipherment,dataEncipherment - extendedKeyUsage=serverAuth - subjectAltName=@alt_names - - mutatingwebhookconfiguration.yaml: | - apiVersion: admissionregistration.k8s.io/v1 - kind: MutatingWebhookConfiguration - metadata: - name: "{{ include "http-header-injector.mutating-webhook.name" . }}" - namespace: "{{ .Release.Namespace }}" - labels: -{{ include "http-header-injector.global.extraLabels" . | indent 8 }} - annotations: -{{ include "http-header-injector.global.extraAnnotations" . | indent 8 }} - webhooks: - - clientConfig: - caBundle: "$CA_BUNDLE" - service: - name: "{{ include "http-header-injector.webhook-service.name" . }}" - path: /mutate - namespace: {{ .Release.Namespace }} - port: 8443 - # Putting failure on ignore, not doing so can crash the entire control plane if something goes wrong with the service. - failurePolicy: "{{ .Values.webhook.failurePolicy }}" - name: "{{ include "http-header-injector.mutatingwebhookconfiguration.name" . }}" - namespaceSelector: - matchExpressions: - - key: kubernetes.io/metadata.name - operator: NotIn - values: - - kube-system - - cert-manager - - {{ .Release.Namespace }} - rules: - - apiGroups: - - "" - apiVersions: - - v1 - operations: - - CREATE - resources: - - pods - sideEffects: None - admissionReviewVersions: - - v1 -{{- end }} diff --git a/charts/stackstate/stackstate-k8s-agent/1.0.86/charts/http-header-injector/templates/cert-hook-job-delete.yaml b/charts/stackstate/stackstate-k8s-agent/1.0.86/charts/http-header-injector/templates/cert-hook-job-delete.yaml deleted file mode 100644 index 6f72ce247..000000000 --- a/charts/stackstate/stackstate-k8s-agent/1.0.86/charts/http-header-injector/templates/cert-hook-job-delete.yaml +++ /dev/null @@ -1,39 +0,0 @@ -{{- if eq .Values.webhook.tls.mode "generated" }} -apiVersion: batch/v1 -kind: Job -metadata: - name: {{ .Release.Name }}-header-injector-cert-delete - labels: - app.kubernetes.io/component: http-header-injector-cert-hook-delete - app.kubernetes.io/instance: {{ .Release.Name }} - app.kubernetes.io/name: {{ include "http-header-injector.app.name" . }} -{{ include "http-header-injector.global.extraLabels" . | indent 4 }} - annotations: - "helm.sh/hook": post-delete,post-upgrade - "helm.sh/hook-weight": "-2" - "helm.sh/hook-delete-policy": before-hook-creation{{- if not .Values.debug -}},hook-succeeded{{- end }} -{{ include "http-header-injector.global.extraAnnotations" . | indent 4 }} -spec: - template: - metadata: - labels: - app.kubernetes.io/component: http-header-injector-delete - app.kubernetes.io/instance: {{ .Release.Name }} - app.kubernetes.io/name: {{ include "http-header-injector.app.name" . }} -{{ include "http-header-injector.global.extraLabels" . | indent 8 }} - annotations: - checksum/config: {{ include (print $.Template.BasePath "/cert-hook-config.yaml") . | sha256sum }} -{{ include "http-header-injector.global.extraAnnotations" . | indent 8 }} - spec: - serviceAccountName: "{{ include "http-header-injector.cert-serviceaccount.name" . }}" - {{- include "http-header-injector.image.pullSecrets" . | nindent 6 }} - volumes: - - name: "{{ include "http-header-injector.cert-config.name" . }}" - configMap: - name: "{{ include "http-header-injector.cert-config.name" . }}" - defaultMode: 0777 - containers: - - {{ include "http-header-injector.cert-delete.container.main" . | nindent 8 }} - restartPolicy: Never - backoffLimit: 0 -{{- end }} diff --git a/charts/stackstate/stackstate-k8s-agent/1.0.86/charts/http-header-injector/templates/cert-hook-job-setup.yaml b/charts/stackstate/stackstate-k8s-agent/1.0.86/charts/http-header-injector/templates/cert-hook-job-setup.yaml deleted file mode 100644 index cc1c89631..000000000 --- a/charts/stackstate/stackstate-k8s-agent/1.0.86/charts/http-header-injector/templates/cert-hook-job-setup.yaml +++ /dev/null @@ -1,39 +0,0 @@ -{{- if eq .Values.webhook.tls.mode "generated" }} -apiVersion: batch/v1 -kind: Job -metadata: - name: {{ .Release.Name }}-header-injector-cert-setup - labels: - app.kubernetes.io/component: http-header-injector-cert-hook-setup - app.kubernetes.io/instance: {{ .Release.Name }} - app.kubernetes.io/name: {{ include "http-header-injector.app.name" . }} -{{ include "http-header-injector.global.extraLabels" . | indent 4 }} - annotations: - "helm.sh/hook": pre-install,pre-upgrade - "helm.sh/hook-weight": "-2" - "helm.sh/hook-delete-policy": before-hook-creation{{- if not .Values.debug -}},hook-succeeded{{- end }} -{{ include "http-header-injector.global.extraAnnotations" . | indent 4 }} -spec: - template: - metadata: - labels: - app.kubernetes.io/component: http-header-injector-setup - app.kubernetes.io/instance: {{ .Release.Name }} - app.kubernetes.io/name: {{ include "http-header-injector.app.name" . }} -{{ include "http-header-injector.global.extraLabels" . | indent 8 }} - annotations: - checksum/config: {{ include (print $.Template.BasePath "/cert-hook-config.yaml") . | sha256sum }} -{{ include "http-header-injector.global.extraAnnotations" . | indent 8 }} - spec: - serviceAccountName: "{{ include "http-header-injector.cert-serviceaccount.name" . }}" - {{- include "http-header-injector.image.pullSecrets" . | nindent 6 }} - volumes: - - name: "{{ include "http-header-injector.cert-config.name" . }}" - configMap: - name: "{{ include "http-header-injector.cert-config.name" . }}" - defaultMode: 0777 - containers: - - {{ include "http-header-injector.cert-setup.container.main" . | nindent 8 }} - restartPolicy: Never - backoffLimit: 0 -{{- end }} diff --git a/charts/stackstate/stackstate-k8s-agent/1.0.86/charts/http-header-injector/templates/cert-hook-serviceaccount.yaml b/charts/stackstate/stackstate-k8s-agent/1.0.86/charts/http-header-injector/templates/cert-hook-serviceaccount.yaml deleted file mode 100644 index 29b26df95..000000000 --- a/charts/stackstate/stackstate-k8s-agent/1.0.86/charts/http-header-injector/templates/cert-hook-serviceaccount.yaml +++ /dev/null @@ -1,18 +0,0 @@ -{{- if eq .Values.webhook.tls.mode "generated" }} -apiVersion: v1 -kind: ServiceAccount -metadata: - name: "{{ include "http-header-injector.cert-serviceaccount.name" . }}" - namespace: {{ .Release.Namespace }} - annotations: - "helm.sh/hook": pre-install,pre-upgrade,post-delete,post-upgrade - "helm.sh/hook-weight": "-4" - "helm.sh/hook-delete-policy": before-hook-creation,hook-succeeded -{{ include "http-header-injector.global.extraAnnotations" . | indent 4 }} - labels: - app.kubernetes.io/component: http-header-injector-cert-hook - app.kubernetes.io/instance: {{ .Release.Name }} - app.kubernetes.io/name: {{ include "http-header-injector.app.name" . }} - app: "{{ include "http-header-injector.app.name" . }}" -{{ include "http-header-injector.global.extraLabels" . | indent 4 }} -{{- end }} diff --git a/charts/stackstate/stackstate-k8s-agent/1.0.86/charts/http-header-injector/templates/pull-secret.yaml b/charts/stackstate/stackstate-k8s-agent/1.0.86/charts/http-header-injector/templates/pull-secret.yaml deleted file mode 100644 index 80b4ee404..000000000 --- a/charts/stackstate/stackstate-k8s-agent/1.0.86/charts/http-header-injector/templates/pull-secret.yaml +++ /dev/null @@ -1,32 +0,0 @@ -{{- $defaultRegistry := .Values.global.imageRegistry }} -{{- $top := . }} -{{- $registryAuthMap := dict }} - -{{- range $registry, $credentials := .Values.global.imagePullCredentials }} - {{- $registryAuthDocument := dict -}} - {{- $_ := set $registryAuthDocument "username" $credentials.username }} - {{- $_ := set $registryAuthDocument "password" $credentials.password }} - {{- $authMessage := printf "%s:%s" $registryAuthDocument.username $registryAuthDocument.password | b64enc }} - {{- $_ := set $registryAuthDocument "auth" $authMessage }} - {{- if eq $registry "default" }} - {{- $registryAuthMap := set $registryAuthMap (include "http-header-injector.image.registry.global" $top) $registryAuthDocument }} - {{ else }} - {{- $registryAuthMap := set $registryAuthMap $registry $registryAuthDocument }} - {{- end }} -{{- end }} -{{- $dockerAuthsDocuments := dict "auths" $registryAuthMap }} - -apiVersion: v1 -kind: Secret -metadata: - labels: - app.kubernetes.io/component: http-header-injector - app.kubernetes.io/instance: {{ .Release.Name }} - app.kubernetes.io/name: {{ include "http-header-injector.app.name" . }} -{{ include "http-header-injector.global.extraLabels" . | indent 4 }} - annotations: -{{ include "http-header-injector.global.extraAnnotations" . | indent 4 }} - name: {{ include "http-header-injector.pull-secret.name" . }} -data: - .dockerconfigjson: {{ $dockerAuthsDocuments | toJson | b64enc | quote }} -type: kubernetes.io/dockerconfigjson \ No newline at end of file diff --git a/charts/stackstate/stackstate-k8s-agent/1.0.86/charts/http-header-injector/templates/webhook-cert-secret.yaml b/charts/stackstate/stackstate-k8s-agent/1.0.86/charts/http-header-injector/templates/webhook-cert-secret.yaml deleted file mode 100644 index f571ca86b..000000000 --- a/charts/stackstate/stackstate-k8s-agent/1.0.86/charts/http-header-injector/templates/webhook-cert-secret.yaml +++ /dev/null @@ -1,18 +0,0 @@ -{{- if eq .Values.webhook.tls.mode "provided" }} -apiVersion: v1 -kind: Secret -metadata: - name: {{ include "http-header-injector.cert-secret.name" . }} - namespace: {{ .Release.Namespace }} - labels: - app.kubernetes.io/component: http-header-injector - app.kubernetes.io/instance: {{ .Release.Name }} - app.kubernetes.io/name: {{ include "http-header-injector.app.name" . }} -{{ include "http-header-injector.global.extraLabels" . | indent 4 }} - annotations: -{{ include "http-header-injector.global.extraAnnotations" . | indent 4 }} -type: kubernetes.io/tls -data: - tls.crt: {{ .Values.webhook.tls.provided.crt | b64enc }} - tls.key: {{ .Values.webhook.tls.provided.key | b64enc }} -{{- end }} diff --git a/charts/stackstate/stackstate-k8s-agent/1.0.86/charts/http-header-injector/templates/webhook-certificate.yaml b/charts/stackstate/stackstate-k8s-agent/1.0.86/charts/http-header-injector/templates/webhook-certificate.yaml deleted file mode 100644 index a68c7c5f6..000000000 --- a/charts/stackstate/stackstate-k8s-agent/1.0.86/charts/http-header-injector/templates/webhook-certificate.yaml +++ /dev/null @@ -1,23 +0,0 @@ -{{- if eq .Values.webhook.tls.mode "cert-manager" }} -apiVersion: cert-manager.io/v1 -kind: Certificate -metadata: - name: {{ include "http-header-injector.webhook-service.name" . }} - namespace: {{ include "cert-manager.certificate.namespace" . }} - labels: - app.kubernetes.io/component: http-header-injector - app.kubernetes.io/instance: {{ .Release.Name }} - app.kubernetes.io/name: {{ include "http-header-injector.app.name" . }} -{{ include "http-header-injector.global.extraLabels" . | indent 4 }} - annotations: -{{ include "http-header-injector.global.extraAnnotations" . | indent 4 }} -spec: - secretName: {{ include "http-header-injector.cert-secret.name" . }} - issuerRef: - name: {{ .Values.webhook.tls.certManager.issuer }} - kind: {{ .Values.webhook.tls.certManager.issuerKind }} - dnsNames: - - "{{ include "http-header-injector.webhook-service.name" . }}" - - "{{ include "http-header-injector.webhook-service.name" . }}.{{ .Release.Namespace }}" - - "{{ include "http-header-injector.webhook-service.name" . }}.{{ .Release.Namespace }}.svc" -{{- end }} diff --git a/charts/stackstate/stackstate-k8s-agent/1.0.86/charts/http-header-injector/templates/webhook-config.yaml b/charts/stackstate/stackstate-k8s-agent/1.0.86/charts/http-header-injector/templates/webhook-config.yaml deleted file mode 100644 index 20b38ce96..000000000 --- a/charts/stackstate/stackstate-k8s-agent/1.0.86/charts/http-header-injector/templates/webhook-config.yaml +++ /dev/null @@ -1,128 +0,0 @@ -{{- if .Values.enabled -}} -{{- $proxyContainerConfig := dict "ContainerConfig" .Values.proxy -}} -{{- $proxyInitContainerConfig := dict "ContainerConfig" .Values.proxyInit -}} -apiVersion: v1 -kind: ConfigMap -metadata: - labels: - app.kubernetes.io/component: http-header-injector - app.kubernetes.io/instance: {{ .Release.Name }} - app.kubernetes.io/name: {{ include "http-header-injector.app.name" . }} -{{ include "http-header-injector.global.extraLabels" . | indent 4 }} - annotations: -{{ include "http-header-injector.global.extraAnnotations" . | indent 4 }} - name: {{ .Release.Name }}-http-header-injector-config -data: - sidecarconfig.yaml: | - initContainers: - - name: http-header-proxy-init - image: "{{ include "http-header-injector.image.registry" (merge $proxyInitContainerConfig .) }}/{{ .Values.proxyInit.image.repository }}:{{ .Values.proxyInit.image.tag }}" - imagePullPolicy: {{ .Values.proxyInit.image.pullPolicy }} - command: ["/init-iptables.sh"] - env: - - name: CHART_VERSION - value: "{{ .Chart.Version }}" - - name: PROXY_PORT - value: {% if index .Annotations "config.http-header-injector.stackstate.io/proxy-port" %}"{% index .Annotations "config.http-header-injector.stackstate.io/proxy-port" %}"{% else %}"7060"{% end %} - - name: PROXY_UID - value: {% if index .Annotations "config.http-header-injector.stackstate.io/proxy-uid" %}"{% index .Annotations "config.http-header-injector.stackstate.io/proxy-uid" %}"{% else %}"2103"{% end %} - - name: POD_HOST_NETWORK - value: {% .Spec.HostNetwork %} - {% if eq (index .Annotations "linkerd.io/inject") "enabled" %} - - name: LINKERD - value: true - # Reference: https://linkerd.io/2.13/reference/proxy-configuration/ - - name: LINKERD_PROXY_UID - value: {% if index .Annotations "config.linkerd.io/proxy-uid" %}"{% index .Annotations "config.linkerd.io/proxy-uid" %}"{% else %}"2102"{% end %} - # Due to https://github.com/linkerd/linkerd2/issues/10981 this is now not realy possible, still bringing in the code for future reference - - name: LINKERD_ADMIN_PORT - value: {% if index .Annotations "config.linkerd.io/admin-port" %}"{% index .Annotations "config.linkerd.io/admin-port" %}"{% else %}"4191"{% end %} - {% end %} - securityContext: - allowPrivilegeEscalation: false - capabilities: - add: - - NET_ADMIN - - NET_RAW - privileged: false - readOnlyRootFilesystem: true - runAsNonRoot: false - runAsUser: 0 - seccompProfile: - type: RuntimeDefault - volumeMounts: - # This is required for iptables to be able to run - - mountPath: /run - name: http-header-proxy-init-xtables-lock - - containers: - - name: http-header-proxy - image: "{{ include "http-header-injector.image.registry" (merge $proxyContainerConfig .) }}/{{ .Values.proxy.image.repository }}:{{ .Values.proxy.image.tag }}" - imagePullPolicy: {{ .Values.proxy.image.pullPolicy }} - env: - - name: CHART_VERSION - value: "{{ .Chart.Version }}" - - name: PORT - value: {% if index .Annotations "config.http-header-injector.stackstate.io/proxy-port" %}"{% index .Annotations "config.http-header-injector.stackstate.io/proxy-port" %}"{% else %}"7060"{% end %} - - name: DEBUG - value: {% if index .Annotations "config.http-header-injector.stackstate.io/debug" %}"{% index .Annotations "config.http-header-injector.stackstate.io/debug" %}"{% else %}"disabled"{% end %} - securityContext: - runAsUser: {% if index .Annotations "config.http-header-injector.stackstate.io/proxy-uid" %}{% index .Annotations "config.http-header-injector.stackstate.io/proxy-uid" %}{% else %}2103{% end %} - seccompProfile: - type: RuntimeDefault - {{- with .Values.proxy.resources }} - resources: - {{- toYaml . | nindent 12 }} - {{- end }} - - name: http-header-inject-debug - image: "{{ include "http-header-injector.image.registry" (merge $proxyContainerConfig .) }}/{{ .Values.proxyInit.image.repository }}:{{ .Values.proxyInit.image.tag }}" - imagePullPolicy: {{ .Values.proxyInit.image.pullPolicy }} - command: ["/bin/sh", "-c", "while echo \"Running\"; do sleep 1; done"] - securityContext: - allowPrivilegeEscalation: false - capabilities: - add: - - NET_ADMIN - - NET_RAW - privileged: false - readOnlyRootFilesystem: true - runAsNonRoot: false - runAsUser: 0 - seccompProfile: - type: RuntimeDefault - volumeMounts: - # This is required for iptables to be able to run - - mountPath: /run - name: http-header-proxy-init-xtables-lock - - volumes: - - emptyDir: {} - name: http-header-proxy-init-xtables-lock - - mutationconfig.yaml: | - mutationConfigs: - - name: "http-header-injector" - annotationNamespace: "http-header-injector.stackstate.io" - annotationTrigger: "inject" - annotationConfig: - volumeMounts: [] - initContainersBeforePodInitContainers: [ "http-header-proxy-init" ] - initContainers: [ "http-header-proxy-init" ] - containers: [ "http-header-proxy" ] - volumes: [ "http-header-proxy-init-xtables-lock" ] - volumeMounts: [ ] - # Namespaces are ignored by the mutatingwebhook - ignoreNamespaces: [ ] - - name: "http-header-injector-debug" - annotationNamespace: "http-header-injector-debug.stackstate.io" - annotationTrigger: "inject" - annotationConfig: - volumeMounts: [] - initContainersBeforePodInitContainers: [ ] - initContainers: [ ] - containers: [ "http-header-inject-debug" ] - volumes: [ "http-header-proxy-init-xtables-lock" ] - volumeMounts: [ ] - # Namespaces are ignored by the mutatingwebhook - ignoreNamespaces: [ ] - {{- end -}} \ No newline at end of file diff --git a/charts/stackstate/stackstate-k8s-agent/1.0.86/charts/http-header-injector/templates/webhook-deployment.yaml b/charts/stackstate/stackstate-k8s-agent/1.0.86/charts/http-header-injector/templates/webhook-deployment.yaml deleted file mode 100644 index 8af6ff51a..000000000 --- a/charts/stackstate/stackstate-k8s-agent/1.0.86/charts/http-header-injector/templates/webhook-deployment.yaml +++ /dev/null @@ -1,61 +0,0 @@ -{{- if .Values.enabled -}} -{{- $containerConfig := dict "ContainerConfig" .Values.sidecarInjector -}} -apiVersion: apps/v1 -kind: Deployment -metadata: - labels: - app.kubernetes.io/component: http-header-injector - app.kubernetes.io/instance: {{ .Release.Name }} - app.kubernetes.io/name: {{ include "http-header-injector.app.name" . }} - app: "{{ include "http-header-injector.app.name" . }}" -{{ include "http-header-injector.global.extraLabels" . | indent 4 }} - annotations: -{{ include "http-header-injector.global.extraAnnotations" . | indent 4 }} - name: "{{ include "http-header-injector.app.name" . }}" -spec: - replicas: 1 - selector: - matchLabels: - app: "{{ include "http-header-injector.app.name" . }}" - template: - metadata: - labels: - app.kubernetes.io/component: http-header-injector - app.kubernetes.io/instance: {{ .Release.Name }} - app.kubernetes.io/name: {{ include "http-header-injector.app.name" . }} - app: "{{ include "http-header-injector.app.name" . }}" -{{ include "http-header-injector.global.extraLabels" . | indent 8 }} - annotations: - checksum/config: {{ include (print $.Template.BasePath "/webhook-config.yaml") . | sha256sum }} - # This is here to make sure the generic injector gets restarted and picks up a new secret that may have been generated upon upgrade. - revision: "{{ .Release.Revision }}" -{{ include "http-header-injector.global.extraAnnotations" . | indent 8 }} - name: "{{ include "http-header-injector.app.name" . }}" - spec: - {{- include "http-header-injector.image.pullSecrets" . | nindent 6 }} - volumes: - - name: "{{ include "http-header-injector.webhook-config.name" . }}" - configMap: - name: "{{ include "http-header-injector.webhook-config.name" . }}" - - name: "{{ include "http-header-injector.cert-secret.name" . }}" - secret: - secretName: "{{ include "http-header-injector.cert-secret.name" . }}" - containers: - - image: "{{ include "http-header-injector.image.registry" (merge $containerConfig .) }}/{{ .Values.sidecarInjector.image.repository }}:{{ .Values.sidecarInjector.image.tag }}" - imagePullPolicy: {{ .Values.sidecarInjector.image.pullPolicy }} - name: http-header-injector - volumeMounts: - - name: "{{ include "http-header-injector.webhook-config.name" . }}" - mountPath: /etc/webhook/config - readOnly: true - - name: "{{ include "http-header-injector.cert-secret.name" . }}" - mountPath: /etc/webhook/certs - readOnly: true - command: [ "/sidecarinjector" ] - args: - - --port=8443 - - --sidecar-config-file=/etc/webhook/config/sidecarconfig.yaml - - --mutation-config-file=/etc/webhook/config/mutationconfig.yaml - - --cert-file-path=/etc/webhook/certs/tls.crt - - --key-file-path=/etc/webhook/certs/tls.key -{{- end -}} \ No newline at end of file diff --git a/charts/stackstate/stackstate-k8s-agent/1.0.86/charts/http-header-injector/templates/webhook-mutatingwebhookconfiguration.yaml b/charts/stackstate/stackstate-k8s-agent/1.0.86/charts/http-header-injector/templates/webhook-mutatingwebhookconfiguration.yaml deleted file mode 100644 index de0acc1df..000000000 --- a/charts/stackstate/stackstate-k8s-agent/1.0.86/charts/http-header-injector/templates/webhook-mutatingwebhookconfiguration.yaml +++ /dev/null @@ -1,54 +0,0 @@ -{{- if not (eq .Values.webhook.tls.mode "generated") }} -apiVersion: admissionregistration.k8s.io/v1 -kind: MutatingWebhookConfiguration -metadata: - name: "{{ include "http-header-injector.mutating-webhook.name" . }}" - namespace: "{{ .Release.Namespace }}" - labels: - app.kubernetes.io/component: http-header-injector - app.kubernetes.io/instance: {{ .Release.Name }} - app.kubernetes.io/name: {{ include "http-header-injector.app.name" . }} -{{ include "http-header-injector.global.extraLabels" . | indent 4 }} - annotations: - {{- if eq .Values.webhook.tls.mode "cert-manager" }} - cert-manager.io/inject-ca-from: {{ include "cert-manager.certificate.namespace" . }}/{{ include "http-header-injector.webhook-service.name" . }} - {{- else if eq .Values.webhook.tls.mode "secret" }} - cert-manager.io/inject-ca-from-secret: {{ .Release.Namespace }}/{{ .Values.webhook.tls.secret.name | required "'webhook.tls.secret.name' is required when webhook.tls.mode is 'secret'" }} - {{- end }} -{{ include "http-header-injector.global.extraAnnotations" . | indent 4 }} -webhooks: - - clientConfig: - {{- if eq .Values.webhook.tls.mode "provided" }} - caBundle: "{{ .Values.webhook.tls.provided.caBundle | b64enc }}" - {{- else if or (eq .Values.webhook.tls.mode "cert-manager") (eq .Values.webhook.tls.mode "secret") }} - caBundle: "" - {{- end }} - service: - name: "{{ include "http-header-injector.webhook-service.name" . }}" - path: /mutate - namespace: {{ .Release.Namespace }} - port: 8443 - # Putting failure on ignore, not doing so can crash the entire control plane if something goes wrong with the service. - failurePolicy: "{{ .Values.webhook.failurePolicy }}" - name: "{{ include "http-header-injector.mutatingwebhookconfiguration.name" . }}" - namespaceSelector: - matchExpressions: - - key: kubernetes.io/metadata.name - operator: NotIn - values: - - kube-system - - cert-manager - - {{ .Release.Namespace }} - rules: - - apiGroups: - - "" - apiVersions: - - v1 - operations: - - CREATE - resources: - - pods - sideEffects: None - admissionReviewVersions: - - v1 -{{- end }} diff --git a/charts/stackstate/stackstate-k8s-agent/1.0.86/charts/http-header-injector/templates/webhook-service.yaml b/charts/stackstate/stackstate-k8s-agent/1.0.86/charts/http-header-injector/templates/webhook-service.yaml deleted file mode 100644 index 55abdb022..000000000 --- a/charts/stackstate/stackstate-k8s-agent/1.0.86/charts/http-header-injector/templates/webhook-service.yaml +++ /dev/null @@ -1,20 +0,0 @@ -{{- if .Values.enabled -}} -apiVersion: v1 -kind: Service -metadata: - labels: - app.kubernetes.io/component: http-header-injector - app.kubernetes.io/instance: {{ .Release.Name }} - app.kubernetes.io/name: {{ include "http-header-injector.app.name" . }} -{{ include "http-header-injector.global.extraLabels" . | indent 4 }} - annotations: -{{ include "http-header-injector.global.extraAnnotations" . | indent 4 }} - name: "{{ include "http-header-injector.webhook-service.name" . }}" -spec: - ports: - - port: 8443 - protocol: TCP - targetPort: 8443 - selector: - app: "{{ include "http-header-injector.app.name" . }}" -{{- end -}} diff --git a/charts/stackstate/stackstate-k8s-agent/1.0.86/charts/http-header-injector/values.yaml b/charts/stackstate/stackstate-k8s-agent/1.0.86/charts/http-header-injector/values.yaml deleted file mode 100644 index a1b4be2fc..000000000 --- a/charts/stackstate/stackstate-k8s-agent/1.0.86/charts/http-header-injector/values.yaml +++ /dev/null @@ -1,110 +0,0 @@ -# enabled -- Enable/disable the mutationwebhook -enabled: true - -# debug -- Enable debugging. This will leave leave artifacts around like the prehook jobs for further inspection -debug: false - -global: - # global.imageRegistry -- Globally override the image registry that is used. Can be overridden by specific containers. Defaults to quay.io - imageRegistry: null - # global.imagePullSecrets -- Globally add image pull secrets that are used. - imagePullSecrets: [] - # global.imagePullCredentials -- Globally define credentials for pulling images. - imagePullCredentials: {} - - # global.extraLabels -- Extra labels added ta all resources created by the helm chart - extraLabels: {} - # global.extraAnnotations -- Extra annotations added ta all resources created by the helm chart - extraAnnotations: {} - -images: - pullSecretName: - -# proxy -- Proxy being injected into pods for rewriting http headers -proxy: - image: - # proxy.image.registry -- Registry for the docker image. - registry: - # proxy.image.repository - Repository for the docker image - repository: "stackstate/http-header-injector-proxy" - # proxy.image.pullPolicy -- Policy when pulling an image - pullPolicy: IfNotPresent - # proxy.image.tag -- The tag for the docker image - tag: sha-5ff79451 - - # proxy.resource -- Resources for the proxy container - resources: - requests: - # proxy.resources.requests.memory -- Memory resource requests. - memory: "25Mi" - limits: - # proxy.resources.limits.memory -- Memory resource limits. - memory: "40Mi" - -# proxyInit -- InitContainer within pod which redirects traffic to the proxy container. -proxyInit: - image: - # proxyInit.image.registry -- Registry for the docker image - registry: - # proxyInit.image.repository - Repository for the docker image - repository: "stackstate/http-header-injector-proxy-init" - # proxyInit.image.pullPolicy -- Policy when pulling an image - pullPolicy: IfNotPresent - # proxyInit.image.tag -- The tag for the docker image - tag: sha-5ff79451 - -# sidecarInjector -- Service for injecting the proxy sidecar into pods -sidecarInjector: - image: - # sidecarInjector.image.registry -- Registry for the docker image. - registry: - # sidecarInjector.image.repository - Repository for the docker image - repository: "stackstate/generic-sidecar-injector" - # sidecarInjector.image.pullPolicy -- Policy when pulling an image - pullPolicy: IfNotPresent - # sidecarInjector.image.tag -- The tag for the docker image - tag: sha-9c852245 - -# certificatePrehook -- Helm prehook to setup/remove a certificate for the sidecarInjector mutationwebhook -certificatePrehook: - image: - # certificatePrehook.image.registry -- Registry for the docker image. - registry: - # certificatePrehook.image.repository - Repository for the docker image. - repository: stackstate/container-tools - # certificatePrehook.image.pullPolicy -- Policy when pulling an image - pullPolicy: IfNotPresent - # certificatePrehook.image.tag -- The tag for the docker image - tag: 1.4.0 - resources: - limits: - cpu: "100m" - memory: "200Mi" - requests: - cpu: "100m" - memory: "200Mi" - -# webhook -- MutationWebhook that will be installed to inject a sidecar into pods -webhook: - # webhook.failurePolicy -- How should the webhook fail? Best is to use Ignore, because there is a brief moment at initialization when the hook s there but the service not. Also, putting this to fail can cause the control plane be unresponsive. - failurePolicy: Ignore - tls: - # webhook.tls.mode -- The mode for the webhook. Can be "provided", "generated", "secret" or "cert-manager". If you want to use cert-manager, you need to install it first. NOTE: If you choose "generated", additional privileges are required to create the certificate and webhook at runtime. - mode: "generated" - provided: - # webhook.tls.provided.caBundle -- The caBundle that is used for the webhook. This is the certificate that is used to sign the webhook. Only used if you set webhook.tls.mode to "provided". - caBundle: "" - # webhook.tls.provided.crt -- The certificate that is used for the webhook. Only used if you set webhook.tls.mode to "provided". - crt: "" - # webhook.tls.provided.key -- The key that is used for the webhook. Only used if you set webhook.tls.mode to "provided". - key: "" - certManager: - # webhook.tls.certManager.issuer -- The issuer that is used for the webhook. Only used if you set webhook.tls.mode to "cert-manager". - issuer: "" - # webhook.tls.certManager.issuerKind -- The issuer kind that is used for the webhook, valid values are "Issuer" or "ClusterIssuer". Only used if you set webhook.tls.mode to "cert-manager". - issuerKind: "ClusterIssuer" - # webhook.tls.certManager.issuerNamespace -- The namespace the cert-manager issuer is located in. If left empty defaults to the release's namespace that is used for the webhook. Only used if you set webhook.tls.mode to "cert-manager". - issuerNamespace: "" - secret: - # webhook.tls.secret.name -- The name of the secret containing the pre-provisioned certificate data that is used for the webhook. Only used if you set webhook.tls.mode to "secret". - name: "" diff --git a/charts/stackstate/stackstate-k8s-agent/1.0.86/questions.yml b/charts/stackstate/stackstate-k8s-agent/1.0.86/questions.yml deleted file mode 100644 index 5d6e6a011..000000000 --- a/charts/stackstate/stackstate-k8s-agent/1.0.86/questions.yml +++ /dev/null @@ -1,184 +0,0 @@ -questions: - - variable: stackstate.apiKey - label: "StackState API Key" - type: string - description: "The API key for StackState." - required: true - group: General - - variable: stackstate.url - label: "StackState URL" - type: string - description: "The URL where StackState is running." - required: true - group: General - - variable: stackstate.cluster.name - label: "StackState Cluster Name" - type: string - description: "The StackState Cluster Name given when installing the instance of the Kubernetes StackPack in StackState. This is used to identify the cluster in StackState." - required: true - group: General - - variable: all.registry.override - label: "Override Default Image Registry" - type: boolean - description: "Whether or not to override the default image registry." - default: false - group: "General" - show_subquestions_if: true - subquestions: - - variable: all.image.registry - label: "Docker Image Registry" - type: string - description: "The registry to pull the StackState Agent images from." - default: "quay.io" - - variable: global.imagePullCredentials.username - label: "Docker Image Pull Username" - type: string - description: "The username to use when pulling the StackState Agent images." - - variable: global.imagePullCredentials.password - label: "Docker Image Pull Password" - type: secret - description: "The password to use when pulling the StackState Agent images." - - variable: nodeAgent.containers.agent.resources.override - label: "Override Node Agent Resource Allocation" - type: boolean - description: "Whether or not to override the default resources." - default: "false" - group: "Node Agent" - show_subquestions_if: true - subquestions: - - variable: nodeAgent.containers.agent.resources.requests.cpu - label: "CPU Requests" - type: string - description: "The requested CPU for the Node Agent." - default: "20m" - - variable: nodeAgent.containers.agent.resources.requests.memory - label: "Memory Requests" - type: string - description: "The requested memory for the Node Agent." - default: "180Mi" - - variable: nodeAgent.containers.agent.resources.limits.cpu - label: "CPU Limit" - type: string - description: "The CPU limit for the Node Agent." - default: "270m" - - variable: nodeAgent.containers.agent.resources.limits.memory - label: "Memory Limit" - type: string - description: "The memory limit for the Node Agent." - default: "420Mi" - - variable: nodeAgent.containers.processAgent.enabled - label: "Enable Process Agent" - type: boolean - description: "Whether or not to enable the Process Agent." - default: "true" - group: "Process Agent" - - variable: nodeAgent.skipKubeletTLSVerify - label: "Skip Kubelet TLS Verify" - type: boolean - description: "Whether or not to skip TLS verification when connecting to the kubelet API." - default: "true" - group: "Process Agent" - - variable: nodeAgent.containers.processAgent.resources.override - label: "Override Process Agent Resource Allocation" - type: boolean - description: "Whether or not to override the default resources." - default: "false" - group: "Process Agent" - show_subquestions_if: true - subquestions: - - variable: nodeAgent.containers.processAgent.resources.requests.cpu - label: "CPU Requests" - type: string - description: "The requested CPU for the Process Agent." - default: "25m" - - variable: nodeAgent.containers.processAgent.resources.requests.memory - label: "Memory Requests" - type: string - description: "The requested memory for the Process Agent." - default: "128Mi" - - variable: nodeAgent.containers.processAgent.resources.limits.cpu - label: "CPU Limit" - type: string - description: "The CPU limit for the Process Agent." - default: "125m" - - variable: nodeAgent.containers.processAgent.resources.limits.memory - label: "Memory Limit" - type: string - description: "The memory limit for the Process Agent." - default: "400Mi" - - variable: clusterAgent.enabled - label: "Enable Cluster Agent" - type: boolean - description: "Whether or not to enable the Cluster Agent." - default: "true" - group: "Cluster Agent" - - variable: clusterAgent.collection.kubernetesResources.secrets - label: "Collect Secret Resources" - type: boolean - description: | - Whether or not to collect Kubernetes Secrets. - NOTE: StackState will not send the actual data of the secrets, only the metadata and a secure hash of the data. - default: "true" - group: "Cluster Agent" - - variable: clusterAgent.resources.override - label: "Override Cluster Agent Resource Allocation" - type: boolean - description: "Whether or not to override the default resources." - default: "false" - group: "Cluster Agent" - show_subquestions_if: true - subquestions: - - variable: clusterAgent.resources.requests.cpu - label: "CPU Requests" - type: string - description: "The requested CPU for the Cluster Agent." - default: "70m" - - variable: clusterAgent.resources.requests.memory - label: "Memory Requests" - type: string - description: "The requested memory for the Cluster Agent." - default: "512Mi" - - variable: clusterAgent.resources.limits.cpu - label: "CPU Limit" - type: string - description: "The CPU limit for the Cluster Agent." - default: "400m" - - variable: clusterAgent.resources.limits.memory - label: "Memory Limit" - type: string - description: "The memory limit for the Cluster Agent." - default: "800Mi" - - variable: logsAgent.enabled - label: "Enable Logs Agent" - type: boolean - description: "Whether or not to enable the Logs Agent." - default: "true" - group: "Logs Agent" - - variable: logsAgent.resources.override - label: "Override Logs Agent Resource Allocation" - type: boolean - description: "Whether or not to override the default resources." - default: "false" - group: "Logs Agent" - show_subquestions_if: true - subquestions: - - variable: logsAgent.resources.requests.cpu - label: "CPU Requests" - type: string - description: "The requested CPU for the Logs Agent." - default: "20m" - - variable: logsAgent.resources.requests.memory - label: "Memory Requests" - type: string - description: "The requested memory for the Logs Agent." - default: "100Mi" - - variable: logsAgent.resources.limits.cpu - label: "CPU Limit" - type: string - description: "The CPU limit for the Logs Agent." - default: "1300m" - - variable: logsAgent.resources.limits.memory - label: "Memory Limit" - type: string - description: "The memory limit for the Logs Agent." - default: "192Mi" diff --git a/charts/stackstate/stackstate-k8s-agent/1.0.86/templates/_cluster-agent-kube-state-metrics.yaml b/charts/stackstate/stackstate-k8s-agent/1.0.86/templates/_cluster-agent-kube-state-metrics.yaml deleted file mode 100644 index f99fbf618..000000000 --- a/charts/stackstate/stackstate-k8s-agent/1.0.86/templates/_cluster-agent-kube-state-metrics.yaml +++ /dev/null @@ -1,62 +0,0 @@ -{{- define "cluster-agent-kube-state-metrics" -}} -{{- $kubeRes := .Values.clusterAgent.collection.kubernetesResources }} -{{- if .Values.clusterAgent.collection.kubeStateMetrics.clusterCheck }} -cluster_check: true -{{- end }} -init_config: -instances: - - collectors: - - nodes - - pods - - services - {{- if $kubeRes.persistentvolumeclaims }} - - persistentvolumeclaims - {{- end }} - {{- if $kubeRes.persistentvolumes }} - - persistentvolumes - {{- end }} - {{- if $kubeRes.namespaces }} - - namespaces - {{- end }} - {{- if $kubeRes.endpoints }} - - endpoints - {{- end }} - {{- if $kubeRes.daemonsets }} - - daemonsets - {{- end }} - {{- if $kubeRes.deployments }} - - deployments - {{- end }} - {{- if $kubeRes.replicasets }} - - replicasets - {{- end }} - {{- if $kubeRes.statefulsets }} - - statefulsets - {{- end }} - {{- if $kubeRes.cronjobs }} - - cronjobs - {{- end }} - {{- if $kubeRes.jobs }} - - jobs - {{- end }} - {{- if $kubeRes.ingresses }} - - ingresses - {{- end }} - {{- if $kubeRes.secrets }} - - secrets - {{- end }} - - resourcequotas - - replicationcontrollers - - limitranges - - horizontalpodautoscalers - - poddisruptionbudgets - - storageclasses - - volumeattachments - {{- if .Values.clusterAgent.collection.kubeStateMetrics.clusterCheck }} - skip_leader_election: true - {{- end }} - labels_as_tags: - {{ .Values.clusterAgent.collection.kubeStateMetrics.labelsAsTags | toYaml | indent 8 }} - annotations_as_tags: - {{ .Values.clusterAgent.collection.kubeStateMetrics.annotationsAsTags | toYaml | indent 8 }} -{{- end -}} diff --git a/charts/stackstate/stackstate-k8s-agent/1.0.86/templates/_container-agent.yaml b/charts/stackstate/stackstate-k8s-agent/1.0.86/templates/_container-agent.yaml deleted file mode 100644 index 09f9591c6..000000000 --- a/charts/stackstate/stackstate-k8s-agent/1.0.86/templates/_container-agent.yaml +++ /dev/null @@ -1,191 +0,0 @@ -{{- define "container-agent" -}} -- name: node-agent -{{- if .Values.all.hardening.enabled}} - lifecycle: - preStop: - exec: - command: [ "/bin/sh", "-c", "echo 'Giving slim.ai monitor time to submit data...'; sleep 120" ] -{{- end }} - image: "{{ include "stackstate-k8s-agent.imageRegistry" . }}/{{ .Values.nodeAgent.containers.agent.image.repository }}:{{ .Values.nodeAgent.containers.agent.image.tag }}" - imagePullPolicy: "{{ .Values.nodeAgent.containers.agent.image.pullPolicy }}" - env: - {{ include "stackstate-k8s-agent.apiKeyEnv" . | nindent 4 }} - - name: STS_KUBERNETES_KUBELET_HOST - valueFrom: - fieldRef: - fieldPath: status.hostIP - - name: KUBERNETES_HOSTNAME - valueFrom: - fieldRef: - fieldPath: spec.nodeName - - name: STS_HOSTNAME - value: "$(KUBERNETES_HOSTNAME)-{{ .Values.stackstate.cluster.name}}" - - name: AGENT_VERSION - value: {{ .Values.nodeAgent.containers.agent.image.tag | quote }} - - name: HOST_PROC - value: "/host/proc" - - name: HOST_SYS - value: "/host/sys" - - name: KUBERNETES - value: "true" - - name: STS_APM_ENABLED - value: {{ .Values.nodeAgent.apm.enabled | quote }} - - name: STS_APM_URL - value: {{ include "stackstate-k8s-agent.stackstate.url" . }} - - name: STS_CLUSTER_AGENT_ENABLED - value: {{ .Values.clusterAgent.enabled | quote }} - {{- if .Values.clusterAgent.enabled }} - - name: STS_CLUSTER_AGENT_KUBERNETES_SERVICE_NAME - value: {{ .Release.Name }}-cluster-agent - {{ include "stackstate-k8s-agent.clusterAgentAuthTokenEnv" . | nindent 4 }} - {{- end }} - - name: STS_CLUSTER_NAME - value: {{ .Values.stackstate.cluster.name | quote }} - - name: STS_SKIP_VALIDATE_CLUSTERNAME - value: "true" - - name: STS_CHECKS_TAG_CARDINALITY - value: {{ .Values.nodeAgent.checksTagCardinality | quote }} - {{- if .Values.checksAgent.enabled }} - - name: STS_EXTRA_CONFIG_PROVIDERS - value: "endpointschecks" - {{- end }} - - name: STS_HEALTH_PORT - value: "5555" - - name: STS_LEADER_ELECTION - value: "false" - - name: LOG_LEVEL - value: {{ .Values.nodeAgent.containers.agent.logLevel | default .Values.nodeAgent.logLevel | quote }} - - name: STS_LOG_LEVEL - value: {{ .Values.nodeAgent.containers.agent.logLevel | default .Values.nodeAgent.logLevel | quote }} - - name: STS_NETWORK_TRACING_ENABLED - value: {{ .Values.nodeAgent.networkTracing.enabled | quote }} - - name: STS_PROTOCOL_INSPECTION_ENABLED - value: {{ .Values.nodeAgent.protocolInspection.enabled | quote }} - - name: STS_PROCESS_AGENT_ENABLED - value: {{ .Values.nodeAgent.containers.agent.processAgent.enabled | quote }} - - name: STS_CONTAINER_CHECK_INTERVAL - value: {{ .Values.processAgent.checkIntervals.container | quote }} - - name: STS_CONNECTION_CHECK_INTERVAL - value: {{ .Values.processAgent.checkIntervals.connections | quote }} - - name: STS_PROCESS_CHECK_INTERVAL - value: {{ .Values.processAgent.checkIntervals.process | quote }} - - name: STS_PROCESS_AGENT_URL - value: {{ include "stackstate-k8s-agent.stackstate.url" . }} - - - name: STS_SKIP_SSL_VALIDATION - value: {{ or .Values.global.skipSslValidation .Values.nodeAgent.skipSslValidation | quote }} - - name: STS_SKIP_KUBELET_TLS_VERIFY - value: {{ .Values.nodeAgent.skipKubeletTLSVerify | quote }} - - name: STS_STS_URL - value: {{ include "stackstate-k8s-agent.stackstate.url" . }} - {{- if .Values.nodeAgent.containerRuntime.customSocketPath }} - - name: STS_CRI_SOCKET_PATH - value: {{ .Values.nodeAgent.containerRuntime.customSocketPath }} - {{- end }} - {{- if .Values.global.proxy.url }} - - name: STS_PROXY_HTTPS - value: {{ .Values.global.proxy.url | quote }} - - name: STS_PROXY_HTTP - value: {{ .Values.global.proxy.url | quote }} - {{- end }} - {{- range $key, $value := .Values.global.extraEnv.open }} - - name: {{ $key }} - value: {{ $value | quote }} - {{- end }} - {{- range $key, $value := .Values.global.extraEnv.secret }} - - name: {{ $key }} - valueFrom: - secretKeyRef: - name: {{ include "stackstate-k8s-agent.fullname" . }} - key: {{ $key }} - {{- end }} - {{- range $key, $value := .Values.nodeAgent.containers.agent.env }} - - name: {{ $key }} - value: {{ $value | quote }} - {{- end }} - {{- if .Values.nodeAgent.containers.agent.livenessProbe.enabled }} - livenessProbe: - httpGet: - path: /health - port: healthport - failureThreshold: {{ .Values.nodeAgent.containers.agent.livenessProbe.failureThreshold }} - initialDelaySeconds: {{ .Values.nodeAgent.containers.agent.livenessProbe.initialDelaySeconds }} - periodSeconds: {{ .Values.nodeAgent.containers.agent.livenessProbe.periodSeconds }} - successThreshold: {{ .Values.nodeAgent.containers.agent.livenessProbe.successThreshold }} - timeoutSeconds: {{ .Values.nodeAgent.containers.agent.livenessProbe.timeoutSeconds }} - {{- end }} - {{- if .Values.nodeAgent.containers.agent.readinessProbe.enabled }} - readinessProbe: - httpGet: - path: /health - port: healthport - failureThreshold: {{ .Values.nodeAgent.containers.agent.readinessProbe.failureThreshold }} - initialDelaySeconds: {{ .Values.nodeAgent.containers.agent.readinessProbe.initialDelaySeconds }} - periodSeconds: {{ .Values.nodeAgent.containers.agent.readinessProbe.periodSeconds }} - successThreshold: {{ .Values.nodeAgent.containers.agent.readinessProbe.successThreshold }} - timeoutSeconds: {{ .Values.nodeAgent.containers.agent.readinessProbe.timeoutSeconds }} - {{- end }} - ports: - - containerPort: 8126 - name: traceport - protocol: TCP - - containerPort: 5555 - name: healthport - protocol: TCP - {{- with .Values.nodeAgent.containers.agent.resources }} - resources: - {{- toYaml . | nindent 12 }} - {{- end }} - volumeMounts: - {{- if .Values.nodeAgent.containerRuntime.customSocketPath }} - - name: customcrisocket - mountPath: {{ .Values.nodeAgent.containerRuntime.customSocketPath }} - readOnly: true - {{- end }} - - name: crisocket - mountPath: /var/run/crio/crio.sock - readOnly: true - - name: containerdsocket - mountPath: /var/run/containerd/containerd.sock - readOnly: true - - name: kubelet - mountPath: /var/lib/kubelet - readOnly: true - - name: nfs - mountPath: /var/lib/nfs - readOnly: true - - name: dockersocket - mountPath: /var/run/docker.sock - readOnly: true - - name: dockernetns - mountPath: /run/docker/netns - readOnly: true - - name: dockeroverlay2 - mountPath: /var/lib/docker/overlay2 - readOnly: true - - name: procdir - mountPath: /host/proc - readOnly: true - - name: cgroups - mountPath: /host/sys/fs/cgroup - readOnly: true - {{- if .Values.nodeAgent.config.override }} - {{- range .Values.nodeAgent.config.override }} - - name: config-override-volume - mountPath: {{ .path }}/{{ .name }} - subPath: {{ .path | replace "/" "_"}}_{{ .name }} - readOnly: true - {{- end }} - {{- end }} -{{- if .Values.all.hardening.enabled}} - securityContext: - privileged: true - runAsUser: 0 # root - capabilities: - add: [ "ALL" ] - readOnlyRootFilesystem: false -{{- else }} - securityContext: - privileged: false -{{- end }} -{{- end -}} diff --git a/charts/stackstate/stackstate-k8s-agent/1.0.86/templates/_container-process-agent.yaml b/charts/stackstate/stackstate-k8s-agent/1.0.86/templates/_container-process-agent.yaml deleted file mode 100644 index 893f11581..000000000 --- a/charts/stackstate/stackstate-k8s-agent/1.0.86/templates/_container-process-agent.yaml +++ /dev/null @@ -1,160 +0,0 @@ -{{- define "container-process-agent" -}} -- name: process-agent -{{ if .Values.nodeAgent.containers.processAgent.image.registry }} - image: "{{ .Values.nodeAgent.containers.processAgent.image.registry }}/{{ .Values.nodeAgent.containers.processAgent.image.repository }}:{{ .Values.nodeAgent.containers.processAgent.image.tag }}" -{{ else }} - image: "{{ include "stackstate-k8s-agent.imageRegistry" . }}/{{ .Values.nodeAgent.containers.processAgent.image.repository }}:{{ .Values.nodeAgent.containers.processAgent.image.tag }}" -{{- end }} - imagePullPolicy: "{{ .Values.nodeAgent.containers.processAgent.image.pullPolicy }}" - ports: - - containerPort: 6063 - env: - {{ include "stackstate-k8s-agent.apiKeyEnv" . | nindent 4 }} - - name: STS_KUBERNETES_KUBELET_HOST - valueFrom: - fieldRef: - fieldPath: status.hostIP - - name: KUBERNETES_HOSTNAME - valueFrom: - fieldRef: - fieldPath: spec.nodeName - - name: STS_HOSTNAME - value: "$(KUBERNETES_HOSTNAME)-{{ .Values.stackstate.cluster.name}}" - - name: AGENT_VERSION - value: {{ .Values.nodeAgent.containers.processAgent.image.tag | quote }} - - name: STS_LOG_TO_CONSOLE - value: "true" - - name: HOST_PROC - value: "/host/proc" - - name: HOST_SYS - value: "/host/sys" - - name: HOST_ETC - value: "/host/etc" - - name: KUBERNETES - value: "true" - - name: STS_CLUSTER_AGENT_ENABLED - value: {{ .Values.clusterAgent.enabled | quote }} - {{- if .Values.clusterAgent.enabled }} - - name: STS_CLUSTER_AGENT_KUBERNETES_SERVICE_NAME - value: {{ .Release.Name }}-cluster-agent - {{ include "stackstate-k8s-agent.clusterAgentAuthTokenEnv" . | nindent 4 }} - {{- end }} - - name: STS_CLUSTER_NAME - value: {{ .Values.stackstate.cluster.name | quote }} - - name: STS_SKIP_VALIDATE_CLUSTERNAME - value: "true" - - name: LOG_LEVEL - value: {{ .Values.nodeAgent.containers.processAgent.logLevel | default .Values.nodeAgent.logLevel | quote }} - - name: STS_LOG_LEVEL - value: {{ .Values.nodeAgent.containers.processAgent.logLevel | default .Values.nodeAgent.logLevel | quote }} - - name: STS_NETWORK_TRACING_ENABLED - value: {{ .Values.nodeAgent.networkTracing.enabled | quote }} - - name: STS_PROTOCOL_INSPECTION_ENABLED - value: {{ .Values.nodeAgent.protocolInspection.enabled | quote }} - - name: STS_PROCESS_AGENT_ENABLED - value: {{ .Values.nodeAgent.containers.processAgent.enabled | quote }} - - name: STS_CONTAINER_CHECK_INTERVAL - value: {{ .Values.processAgent.checkIntervals.container | quote }} - - name: STS_CONNECTION_CHECK_INTERVAL - value: {{ .Values.processAgent.checkIntervals.connections | quote }} - - name: STS_PROCESS_CHECK_INTERVAL - value: {{ .Values.processAgent.checkIntervals.process | quote }} - - name: GOMEMLIMIT - value: {{ .Values.processAgent.softMemoryLimit.goMemLimit | quote }} - - name: STS_HTTP_STATS_BUFFER_SIZE - value: {{ .Values.processAgent.softMemoryLimit.httpStatsBufferSize | quote }} - - name: STS_HTTP_OBSERVATIONS_BUFFER_SIZE - value: {{ .Values.processAgent.softMemoryLimit.httpObservationsBufferSize | quote }} - - name: STS_PROCESS_AGENT_URL - value: {{ include "stackstate-k8s-agent.stackstate.url" . }} - - name: STS_SKIP_SSL_VALIDATION - value: {{ or .Values.global.skipSslValidation .Values.nodeAgent.skipSslValidation | quote }} - - name: STS_SKIP_KUBELET_TLS_VERIFY - value: {{ .Values.nodeAgent.skipKubeletTLSVerify | quote }} - - name: STS_STS_URL - value: {{ include "stackstate-k8s-agent.stackstate.url" . }} - - name: STS_HTTP_TRACING_ENABLED - value: {{ .Values.nodeAgent.httpTracing.enabled | quote }} - {{- if .Values.nodeAgent.containerRuntime.customSocketPath }} - - name: STS_CRI_SOCKET_PATH - value: {{ .Values.nodeAgent.containerRuntime.customSocketPath }} - {{- end }} - {{- if .Values.global.proxy.url }} - - name: STS_PROXY_HTTPS - value: {{ .Values.global.proxy.url | quote }} - - name: STS_PROXY_HTTP - value: {{ .Values.global.proxy.url | quote }} - {{- end }} - {{- range $key, $value := .Values.global.extraEnv.open }} - - name: {{ $key }} - value: {{ $value | quote }} - {{- end }} - {{- range $key, $value := .Values.global.extraEnv.secret }} - - name: {{ $key }} - valueFrom: - secretKeyRef: - name: {{ include "stackstate-k8s-agent.fullname" . }} - key: {{ $key }} - {{- end }} - {{- range $key, $value := .Values.nodeAgent.containers.processAgent.env }} - - name: {{ $key }} - value: {{ $value | quote }} - {{- end }} - {{- with .Values.nodeAgent.containers.processAgent.resources }} - resources: - {{- toYaml . | nindent 12 }} - {{- end }} - volumeMounts: - {{- if .Values.nodeAgent.containerRuntime.customSocketPath }} - - name: customcrisocket - mountPath: {{ .Values.nodeAgent.containerRuntime.customSocketPath }} - readOnly: true - {{- end }} - - name: crisocket - mountPath: /var/run/crio/crio.sock - readOnly: true - - name: containerdsocket - mountPath: /var/run/containerd/containerd.sock - readOnly: true - - name: sys-kernel-debug - mountPath: /sys/kernel/debug - # Having sys-kernel-debug as read only breaks specific monitors from receiving metrics - # readOnly: true - - name: dockersocket - mountPath: /var/run/docker.sock - readOnly: true - # The agent needs access to /etc to figure out what os it is running on. - - name: etcdir - mountPath: /host/etc - readOnly: true - - name: procdir - mountPath: /host/proc - # We have an agent option STS_DISABLE_BPF_JIT_HARDEN that write to /proc. this is a debug setting but if we want to use - # it, we have the option to make /proc writable. - readOnly: {{ .Values.nodeAgent.containers.processAgent.procVolumeReadOnly }} - - name: passwd - mountPath: /etc/passwd - readOnly: true - - name: cgroups - mountPath: /host/sys/fs/cgroup - readOnly: true - {{- if .Values.nodeAgent.config.override }} - {{- range .Values.nodeAgent.config.override }} - - name: config-override-volume - mountPath: {{ .path }}/{{ .name }} - subPath: {{ .path | replace "/" "_"}}_{{ .name }} - readOnly: true - {{- end }} - {{- end }} -{{- if .Values.all.hardening.enabled}} - securityContext: - privileged: true - runAsUser: 0 # root - capabilities: - add: [ "ALL" ] - readOnlyRootFilesystem: false -{{- else }} - securityContext: - privileged: true -{{- end }} -{{- end -}} diff --git a/charts/stackstate/stackstate-k8s-agent/1.0.86/templates/_helpers.tpl b/charts/stackstate/stackstate-k8s-agent/1.0.86/templates/_helpers.tpl deleted file mode 100644 index 3c51bc308..000000000 --- a/charts/stackstate/stackstate-k8s-agent/1.0.86/templates/_helpers.tpl +++ /dev/null @@ -1,219 +0,0 @@ -{{/* vim: set filetype=mustache: */}} -{{/* -Expand the name of the chart. -*/}} -{{- define "stackstate-k8s-agent.name" -}} -{{- default .Chart.Name .Values.nameOverride | trunc 63 | trimSuffix "-" -}} -{{- end -}} - -{{/* -Create a default fully qualified app name. -We truncate at 63 chars because some Kubernetes name fields are limited to this (by the DNS naming spec). -If release name contains chart name it will be used as a full name. -*/}} -{{- define "stackstate-k8s-agent.fullname" -}} -{{- if .Values.fullnameOverride -}} -{{- .Values.fullnameOverride | trunc 63 | trimSuffix "-" -}} -{{- else -}} -{{- $name := default .Chart.Name .Values.nameOverride -}} -{{- if contains $name .Release.Name -}} -{{- .Release.Name | trunc 63 | trimSuffix "-" -}} -{{- else -}} -{{- printf "%s-%s" .Release.Name $name | trunc 63 | trimSuffix "-" -}} -{{- end -}} -{{- end -}} -{{- end -}} - -{{/* -Create chart name and version as used by the chart label. -*/}} -{{- define "stackstate-k8s-agent.chart" -}} -{{- printf "%s-%s" .Chart.Name .Chart.Version | replace "+" "_" | trunc 63 | trimSuffix "-" -}} -{{- end -}} - -{{/* -Common labels -*/}} -{{- define "stackstate-k8s-agent.labels" -}} -app.kubernetes.io/name: {{ include "stackstate-k8s-agent.name" . }} -helm.sh/chart: {{ include "stackstate-k8s-agent.chart" . }} -app.kubernetes.io/instance: {{ .Release.Name }} -{{- if .Chart.AppVersion }} -app.kubernetes.io/version: {{ .Chart.AppVersion | quote }} -{{- end }} -app.kubernetes.io/managed-by: {{ .Release.Service }} -{{- end -}} - -{{/* -Cluster agent checksum annotations -*/}} -{{- define "stackstate-k8s-agent.checksum-configs" }} -checksum/secret: {{ include (print $.Template.BasePath "/secret.yaml") . | sha256sum }} -{{- end }} - -{{/* -StackState URL function -*/}} -{{- define "stackstate-k8s-agent.stackstate.url" -}} -{{ tpl .Values.stackstate.url . | quote }} -{{- end }} - -{{- define "stackstate-k8s-agent.configmap.override.checksum" -}} -{{- if .Values.clusterAgent.config.override }} -checksum/override-configmap: {{ include (print $.Template.BasePath "/cluster-agent-configmap.yaml") . | sha256sum }} -{{- end }} -{{- end }} - -{{- define "stackstate-k8s-agent.nodeAgent.configmap.override.checksum" -}} -{{- if .Values.nodeAgent.config.override }} -checksum/override-configmap: {{ include (print $.Template.BasePath "/node-agent-configmap.yaml") . | sha256sum }} -{{- end }} -{{- end }} - -{{- define "stackstate-k8s-agent.logsAgent.configmap.override.checksum" -}} -checksum/override-configmap: {{ include (print $.Template.BasePath "/logs-agent-configmap.yaml") . | sha256sum }} -{{- end }} - -{{- define "stackstate-k8s-agent.checksAgent.configmap.override.checksum" -}} -{{- if .Values.checksAgent.config.override }} -checksum/override-configmap: {{ include (print $.Template.BasePath "/checks-agent-configmap.yaml") . | sha256sum }} -{{- end }} -{{- end }} - - -{{/* -Return the image registry -*/}} -{{- define "stackstate-k8s-agent.imageRegistry" -}} - {{- if .Values.global }} - {{- .Values.global.imageRegistry | default .Values.all.image.registry -}} - {{- else -}} - {{- .Values.all.image.registry -}} - {{- end -}} -{{- end -}} - -{{/* -Renders a value that contains a template. -Usage: -{{ include "stackstate-k8s-agent.tplvalue.render" ( dict "value" .Values.path.to.the.Value "context" $) }} -*/}} -{{- define "stackstate-k8s-agent.tplvalue.render" -}} - {{- if typeIs "string" .value }} - {{- tpl .value .context }} - {{- else }} - {{- tpl (.value | toYaml) .context }} - {{- end }} -{{- end -}} - -{{- define "stackstate-k8s-agent.pull-secret.name" -}} -{{ include "stackstate-k8s-agent.fullname" . }}-pull-secret -{{- end -}} - -{{/* -Return the proper Docker Image Registry Secret Names evaluating values as templates -{{ include "stackstate-k8s-agent.image.pullSecrets" ( dict "images" (list .Values.path.to.the.image1, .Values.path.to.the.image2) "context" $) }} -*/}} -{{- define "stackstate-k8s-agent.image.pullSecrets" -}} - {{- $pullSecrets := list }} - {{- $context := .context }} - {{- if $context.Values.global }} - {{- range $context.Values.global.imagePullSecrets -}} - {{/* Is plain array of strings, compatible with all bitnami charts */}} - {{- $pullSecrets = append $pullSecrets (include "stackstate-k8s-agent.tplvalue.render" (dict "value" . "context" $context)) -}} - {{- end -}} - {{- end -}} - {{- range $context.Values.imagePullSecrets -}} - {{- $pullSecrets = append $pullSecrets (include "stackstate-k8s-agent.tplvalue.render" (dict "value" .name "context" $context)) -}} - {{- end -}} - {{- range .images -}} - {{- if .pullSecretName -}} - {{- $pullSecrets = append $pullSecrets (include "stackstate-k8s-agent.tplvalue.render" (dict "value" .pullSecretName "context" $context)) -}} - {{- end -}} - {{- end -}} - {{- $pullSecrets = append $pullSecrets (include "stackstate-k8s-agent.pull-secret.name" $context) -}} - {{- if (not (empty $pullSecrets)) -}} -imagePullSecrets: - {{- range $pullSecrets | uniq }} - - name: {{ . }} - {{- end }} - {{- end }} -{{- end -}} - -{{/* -Check whether the kubernetes-state-metrics configuration is overridden. If so, return 'true' else return nothing (which is false). -{{ include "stackstate-k8s-agent.kube-state-metrics.overridden" $ }} -*/}} -{{- define "stackstate-k8s-agent.kube-state-metrics.overridden" -}} -{{- if .Values.clusterAgent.config.override }} - {{- range $i, $val := .Values.clusterAgent.config.override }} - {{- if and (eq $val.name "conf.yaml") (eq $val.path "/etc/stackstate-agent/conf.d/kubernetes_state.d") }} -true - {{- end }} - {{- end }} -{{- end }} -{{- end -}} - -{{- define "stackstate-k8s-agent.nodeAgent.kube-state-metrics.overridden" -}} -{{- if .Values.nodeAgent.config.override }} - {{- range $i, $val := .Values.nodeAgent.config.override }} - {{- if and (eq $val.name "auto_conf.yaml") (eq $val.path "/etc/stackstate-agent/conf.d/kubernetes_state.d") }} -true - {{- end }} - {{- end }} -{{- end }} -{{- end -}} - -{{/* -Return the appropriate os label -*/}} -{{- define "label.os" -}} -{{- if semverCompare "^1.14-0" .Capabilities.KubeVersion.GitVersion -}} -kubernetes.io/os -{{- else -}} -beta.kubernetes.io/os -{{- end -}} -{{- end -}} - -{{/* -Returns a YAML with extra annotations -*/}} -{{- define "stackstate-k8s-agent.global.extraAnnotations" -}} -{{- with .Values.global.extraAnnotations }} -{{- toYaml . }} -{{- end }} -{{- end -}} - -{{/* -Returns a YAML with extra labels -*/}} -{{- define "stackstate-k8s-agent.global.extraLabels" -}} -{{- with .Values.global.extraLabels }} -{{- toYaml . }} -{{- end }} -{{- end -}} - -{{- define "stackstate-k8s-agent.apiKeyEnv" -}} -- name: STS_API_KEY - valueFrom: - secretKeyRef: -{{- if not .Values.stackstate.manageOwnSecrets }} - name: {{ include "stackstate-k8s-agent.fullname" . }} - key: sts-api-key -{{- else }} - name: {{ .Values.stackstate.customSecretName | quote }} - key: {{ .Values.stackstate.customApiKeySecretKey | quote }} -{{- end }} -{{- end -}} - -{{- define "stackstate-k8s-agent.clusterAgentAuthTokenEnv" -}} -- name: STS_CLUSTER_AGENT_AUTH_TOKEN - valueFrom: - secretKeyRef: -{{- if not .Values.stackstate.manageOwnSecrets }} - name: {{ include "stackstate-k8s-agent.fullname" . }} - key: sts-cluster-auth-token -{{- else }} - name: {{ .Values.stackstate.customSecretName | quote }} - key: {{ .Values.stackstate.customClusterAuthTokenSecretKey | quote }} -{{- end }} -{{- end -}} diff --git a/charts/stackstate/stackstate-k8s-agent/1.0.86/templates/checks-agent-clusterrolebinding.yaml b/charts/stackstate/stackstate-k8s-agent/1.0.86/templates/checks-agent-clusterrolebinding.yaml deleted file mode 100644 index 4fd0eadbc..000000000 --- a/charts/stackstate/stackstate-k8s-agent/1.0.86/templates/checks-agent-clusterrolebinding.yaml +++ /dev/null @@ -1,21 +0,0 @@ -{{- if .Values.checksAgent.enabled }} -apiVersion: rbac.authorization.k8s.io/v1 -kind: ClusterRoleBinding -metadata: - name: {{ .Release.Name }}-checks-agent - labels: -{{ include "stackstate-k8s-agent.labels" . | indent 4 }} -{{ include "stackstate-k8s-agent.global.extraLabels" . | indent 4 }} - app.kubernetes.io/component: checks-agent - annotations: -{{ include "stackstate-k8s-agent.global.extraAnnotations" . | indent 4 }} -roleRef: - apiGroup: rbac.authorization.k8s.io - kind: ClusterRole - name: {{ .Release.Name }}-node-agent -subjects: -- apiGroup: "" - kind: ServiceAccount - name: {{ .Release.Name }}-checks-agent - namespace: {{ .Release.Namespace }} -{{- end -}} diff --git a/charts/stackstate/stackstate-k8s-agent/1.0.86/templates/checks-agent-configmap.yaml b/charts/stackstate/stackstate-k8s-agent/1.0.86/templates/checks-agent-configmap.yaml deleted file mode 100644 index 54a1abf2f..000000000 --- a/charts/stackstate/stackstate-k8s-agent/1.0.86/templates/checks-agent-configmap.yaml +++ /dev/null @@ -1,17 +0,0 @@ -{{- if and .Values.checksAgent.enabled .Values.checksAgent.config.override }} -apiVersion: v1 -kind: ConfigMap -metadata: - name: {{ .Release.Name }}-checks-agent - labels: -{{ include "stackstate-k8s-agent.labels" . | indent 4 }} -{{ include "stackstate-k8s-agent.global.extraLabels" . | indent 4 }} - app.kubernetes.io/component: checks-agent - annotations: -{{ include "stackstate-k8s-agent.global.extraAnnotations" . | indent 4 }} -data: -{{- range .Values.checksAgent.config.override }} - {{ .path | replace "/" "_"}}_{{ .name }}: | -{{ .data | indent 4 -}} -{{- end -}} -{{- end -}} diff --git a/charts/stackstate/stackstate-k8s-agent/1.0.86/templates/checks-agent-deployment.yaml b/charts/stackstate/stackstate-k8s-agent/1.0.86/templates/checks-agent-deployment.yaml deleted file mode 100644 index 37a0b1a1d..000000000 --- a/charts/stackstate/stackstate-k8s-agent/1.0.86/templates/checks-agent-deployment.yaml +++ /dev/null @@ -1,185 +0,0 @@ -{{- if .Values.checksAgent.enabled }} -apiVersion: apps/v1 -kind: Deployment -metadata: - name: {{ .Release.Name }}-checks-agent - namespace: {{ .Release.Namespace }} - labels: -{{ include "stackstate-k8s-agent.labels" . | indent 4 }} -{{ include "stackstate-k8s-agent.global.extraLabels" . | indent 4 }} - app.kubernetes.io/component: checks-agent - annotations: -{{ include "stackstate-k8s-agent.global.extraAnnotations" . | indent 4 }} -spec: - selector: - matchLabels: - app.kubernetes.io/component: checks-agent - app.kubernetes.io/instance: {{ .Release.Name }} - app.kubernetes.io/name: {{ include "stackstate-k8s-agent.name" . }} - replicas: {{ .Values.checksAgent.replicas }} -{{- with .Values.checksAgent.strategy }} - strategy: - {{- toYaml . | nindent 4 }} -{{- end }} - template: - metadata: - annotations: - {{- include "stackstate-k8s-agent.checksum-configs" . | nindent 8 }} - {{- include "stackstate-k8s-agent.nodeAgent.configmap.override.checksum" . | nindent 8 }} -{{ include "stackstate-k8s-agent.global.extraAnnotations" . | indent 8 }} - labels: - app.kubernetes.io/component: checks-agent - app.kubernetes.io/instance: {{ .Release.Name }} - app.kubernetes.io/name: {{ include "stackstate-k8s-agent.name" . }} -{{ include "stackstate-k8s-agent.global.extraLabels" . | indent 8 }} - spec: - {{- include "stackstate-k8s-agent.image.pullSecrets" (dict "images" (list .Values.checksAgent.image .Values.all.image) "context" $) | nindent 6 }} - {{- if .Values.all.hardening.enabled}} - terminationGracePeriodSeconds: 240 - {{- end }} - containers: - - name: {{ .Chart.Name }} - image: "{{ include "stackstate-k8s-agent.imageRegistry" . }}/{{ .Values.checksAgent.image.repository }}:{{ .Values.checksAgent.image.tag }}" - imagePullPolicy: "{{ .Values.checksAgent.image.pullPolicy }}" - {{- if .Values.all.hardening.enabled}} - lifecycle: - preStop: - exec: - command: [ "/bin/sh", "-c", "echo 'Giving slim.ai monitor time to submit data...'; sleep 120" ] - {{- end }} - env: - {{ include "stackstate-k8s-agent.apiKeyEnv" . | nindent 10 }} - - name: KUBERNETES_HOSTNAME - valueFrom: - fieldRef: - fieldPath: spec.nodeName - - name: STS_HOSTNAME - value: "$(KUBERNETES_HOSTNAME)-{{ .Values.stackstate.cluster.name}}" - - name: AGENT_VERSION - value: {{ .Values.checksAgent.image.tag | quote }} - - name: LOG_LEVEL - value: {{ .Values.checksAgent.logLevel | quote }} - - name: STS_APM_ENABLED - value: "false" - - name: STS_CLUSTER_AGENT_ENABLED - value: {{ .Values.clusterAgent.enabled | quote }} - {{- if .Values.clusterAgent.enabled }} - - name: STS_CLUSTER_AGENT_KUBERNETES_SERVICE_NAME - value: {{ .Release.Name }}-cluster-agent - {{ include "stackstate-k8s-agent.clusterAgentAuthTokenEnv" . | nindent 10 }} - {{- end }} - - name: STS_CLUSTER_NAME - value: {{ .Values.stackstate.cluster.name | quote }} - - name: STS_SKIP_VALIDATE_CLUSTERNAME - value: "true" - - name: STS_CHECKS_TAG_CARDINALITY - value: {{ .Values.checksAgent.checksTagCardinality | quote }} - - name: STS_EXTRA_CONFIG_PROVIDERS - value: "clusterchecks" - - name: STS_HEALTH_PORT - value: "5555" - - name: STS_LEADER_ELECTION - value: "false" - - name: STS_LOG_LEVEL - value: {{ .Values.checksAgent.logLevel | quote }} - - name: STS_NETWORK_TRACING_ENABLED - value: "false" - - name: STS_PROCESS_AGENT_ENABLED - value: "false" - - name: STS_SKIP_SSL_VALIDATION - value: {{ or .Values.global.skipSslValidation .Values.checksAgent.skipSslValidation | quote }} - - name: STS_STS_URL - value: {{ include "stackstate-k8s-agent.stackstate.url" . }} - {{- if .Values.global.proxy.url }} - - name: STS_PROXY_HTTPS - value: {{ .Values.global.proxy.url | quote }} - - name: STS_PROXY_HTTP - value: {{ .Values.global.proxy.url | quote }} - {{- end }} - {{- range $key, $value := .Values.global.extraEnv.open }} - - name: {{ $key }} - value: {{ $value | quote }} - {{- end }} - {{- range $key, $value := .Values.global.extraEnv.secret }} - - name: {{ $key }} - valueFrom: - secretKeyRef: - name: {{ include "stackstate-k8s-agent.fullname" . }} - key: {{ $key }} - {{- end }} - livenessProbe: - httpGet: - path: /health - port: healthport - failureThreshold: {{ .Values.checksAgent.livenessProbe.failureThreshold }} - initialDelaySeconds: {{ .Values.checksAgent.livenessProbe.initialDelaySeconds }} - periodSeconds: {{ .Values.checksAgent.livenessProbe.periodSeconds }} - successThreshold: {{ .Values.checksAgent.livenessProbe.successThreshold }} - timeoutSeconds: {{ .Values.checksAgent.livenessProbe.timeoutSeconds }} - readinessProbe: - httpGet: - path: /health - port: healthport - failureThreshold: {{ .Values.checksAgent.readinessProbe.failureThreshold }} - initialDelaySeconds: {{ .Values.checksAgent.readinessProbe.initialDelaySeconds }} - periodSeconds: {{ .Values.checksAgent.readinessProbe.periodSeconds }} - successThreshold: {{ .Values.checksAgent.readinessProbe.successThreshold }} - timeoutSeconds: {{ .Values.checksAgent.readinessProbe.timeoutSeconds }} - ports: - - containerPort: 5555 - name: healthport - protocol: TCP - {{- if .Values.all.hardening.enabled}} - securityContext: - privileged: true - runAsUser: 0 # root - capabilities: - add: [ "ALL" ] - readOnlyRootFilesystem: false - {{- else }} - securityContext: - privileged: false - {{- end }} - {{- with .Values.checksAgent.resources }} - resources: - {{- toYaml . | nindent 12 }} - {{- end }} - volumeMounts: - - name: confd-empty-volume - mountPath: /etc/stackstate-agent/conf.d -# setting as readOnly: false because we need the ability to write data on /etc/stackstate-agent/conf.d as we enable checks to run. - readOnly: false - {{- if .Values.checksAgent.config.override }} - {{- range .Values.checksAgent.config.override }} - - name: config-override-volume - mountPath: {{ .path }}/{{ .name }} - subPath: {{ .path | replace "/" "_"}}_{{ .name }} - readOnly: true - {{- end }} - {{- end }} - {{- if .Values.checksAgent.priorityClassName }} - priorityClassName: {{ .Values.checksAgent.priorityClassName }} - {{- end }} - serviceAccountName: {{ .Release.Name }}-checks-agent - nodeSelector: - {{ template "label.os" . }}: {{ .Values.targetSystem }} - {{- with .Values.checksAgent.nodeSelector }} - {{- toYaml . | nindent 8 }} - {{- end }} - {{- with .Values.checksAgent.affinity }} - affinity: - {{- toYaml . | nindent 8 }} - {{- end }} - {{- with .Values.checksAgent.tolerations }} - tolerations: - {{- toYaml . | nindent 8 }} - {{- end }} - volumes: - - name: confd-empty-volume - emptyDir: {} - {{- if .Values.checksAgent.config.override }} - - name: config-override-volume - configMap: - name: {{ .Release.Name }}-checks-agent - {{- end }} -{{- end -}} diff --git a/charts/stackstate/stackstate-k8s-agent/1.0.86/templates/checks-agent-poddisruptionbudget.yaml b/charts/stackstate/stackstate-k8s-agent/1.0.86/templates/checks-agent-poddisruptionbudget.yaml deleted file mode 100644 index 19d3924ea..000000000 --- a/charts/stackstate/stackstate-k8s-agent/1.0.86/templates/checks-agent-poddisruptionbudget.yaml +++ /dev/null @@ -1,23 +0,0 @@ -{{- if .Values.checksAgent.enabled }} -{{- if .Capabilities.APIVersions.Has "policy/v1/PodDisruptionBudget" }} -apiVersion: policy/v1 -{{- else }} -apiVersion: policy/v1beta1 -{{- end }} -kind: PodDisruptionBudget -metadata: - name: {{ .Release.Name }}-checks-agent - labels: -{{ include "stackstate-k8s-agent.labels" . | indent 4 }} -{{ include "stackstate-k8s-agent.global.extraLabels" . | indent 4 }} - app.kubernetes.io/component: checks-agent - annotations: -{{ include "stackstate-k8s-agent.global.extraAnnotations" . | indent 4 }} -spec: - maxUnavailable: 1 - selector: - matchLabels: - app.kubernetes.io/component: checks-agent - app.kubernetes.io/instance: {{ .Release.Name }} - app.kubernetes.io/name: {{ include "stackstate-k8s-agent.name" . }} -{{- end -}} diff --git a/charts/stackstate/stackstate-k8s-agent/1.0.86/templates/checks-agent-serviceaccount.yaml b/charts/stackstate/stackstate-k8s-agent/1.0.86/templates/checks-agent-serviceaccount.yaml deleted file mode 100644 index a90a43589..000000000 --- a/charts/stackstate/stackstate-k8s-agent/1.0.86/templates/checks-agent-serviceaccount.yaml +++ /dev/null @@ -1,16 +0,0 @@ -{{- if .Values.checksAgent.enabled }} -apiVersion: v1 -kind: ServiceAccount -metadata: - name: {{ .Release.Name }}-checks-agent - namespace: {{ .Release.Namespace }} - labels: -{{ include "stackstate-k8s-agent.labels" . | indent 4 }} -{{ include "stackstate-k8s-agent.global.extraLabels" . | indent 4 }} - app.kubernetes.io/component: checks-agent - annotations: -{{ include "stackstate-k8s-agent.global.extraAnnotations" . | indent 4 }} -{{- with .Values.checksAgent.serviceaccount.annotations }} - {{- toYaml . | nindent 4 }} -{{- end }} -{{- end -}} diff --git a/charts/stackstate/stackstate-k8s-agent/1.0.86/templates/cluster-agent-clusterrole.yaml b/charts/stackstate/stackstate-k8s-agent/1.0.86/templates/cluster-agent-clusterrole.yaml deleted file mode 100644 index 021a43ebd..000000000 --- a/charts/stackstate/stackstate-k8s-agent/1.0.86/templates/cluster-agent-clusterrole.yaml +++ /dev/null @@ -1,152 +0,0 @@ -{{- $kubeRes := .Values.clusterAgent.collection.kubernetesResources }} -apiVersion: rbac.authorization.k8s.io/v1 -kind: ClusterRole -metadata: - name: {{ include "stackstate-k8s-agent.fullname" . }} - labels: -{{ include "stackstate-k8s-agent.labels" . | indent 4 }} -{{ include "stackstate-k8s-agent.global.extraLabels" . | indent 4 }} - app.kubernetes.io/component: cluster-agent - annotations: -{{ include "stackstate-k8s-agent.global.extraAnnotations" . | indent 4 }} -rules: -- apiGroups: - - "" - resources: - - events - - nodes - - pods - - services - {{- if $kubeRes.namespaces }} - - namespaces - {{- end }} - {{- if .Values.clusterAgent.collection.kubernetesMetrics }} - - componentstatuses - {{- end }} - {{- if $kubeRes.configmaps }} - - configmaps - {{- end }} - {{- if $kubeRes.endpoints }} - - endpoints - {{- end }} - {{- if $kubeRes.persistentvolumeclaims }} - - persistentvolumeclaims - {{- end }} - {{- if $kubeRes.persistentvolumes }} - - persistentvolumes - {{- end }} - {{- if $kubeRes.secrets }} - - secrets - {{- end }} - {{- if $kubeRes.resourcequotas }} - - resourcequotas - {{- end }} - verbs: - - get - - list - - watch -{{- if or $kubeRes.daemonsets $kubeRes.deployments $kubeRes.replicasets $kubeRes.statefulsets }} -- apiGroups: - - "apps" - resources: - {{- if $kubeRes.daemonsets }} - - daemonsets - {{- end }} - {{- if $kubeRes.deployments }} - - deployments - {{- end }} - {{- if $kubeRes.replicasets }} - - replicasets - {{- end }} - {{- if $kubeRes.statefulsets }} - - statefulsets - {{- end }} - verbs: - - get - - list - - watch -{{- end}} -{{- if $kubeRes.ingresses }} -- apiGroups: - - "extensions" - - "networking.k8s.io" - resources: - - ingresses - verbs: - - get - - list - - watch -{{- end}} -{{- if or $kubeRes.cronjobs $kubeRes.jobs }} -- apiGroups: - - "batch" - resources: - {{- if $kubeRes.cronjobs }} - - cronjobs - {{- end }} - {{- if $kubeRes.jobs }} - - jobs - {{- end }} - verbs: - - get - - list - - watch -{{- end}} -- nonResourceURLs: - - "/healthz" - - "/version" - verbs: - - get -- apiGroups: - - "storage.k8s.io" - resources: - {{- if $kubeRes.volumeattachments }} - - volumeattachments - {{- end }} - {{- if $kubeRes.storageclasses }} - - storageclasses - {{- end }} - verbs: - - get - - list - - watch -- apiGroups: - - "policy" - resources: - {{- if $kubeRes.poddisruptionbudgets }} - - poddisruptionbudgets - {{- end }} - verbs: - - get - - list - - watch -- apiGroups: - - "" - resources: - {{- if $kubeRes.replicationcontrollers }} - - replicationcontrollers - {{- end }} - verbs: - - get - - list - - watch -- apiGroups: - - "autoscaling" - resources: - {{- if $kubeRes.horizontalpodautoscalers }} - - horizontalpodautoscalers - {{- end }} - verbs: - - get - - list - - watch -- apiGroups: - - "" - resources: - {{- if $kubeRes.limitranges }} - - limitranges - {{- end }} - verbs: - - get - - list - - watch diff --git a/charts/stackstate/stackstate-k8s-agent/1.0.86/templates/cluster-agent-clusterrolebinding.yaml b/charts/stackstate/stackstate-k8s-agent/1.0.86/templates/cluster-agent-clusterrolebinding.yaml deleted file mode 100644 index 207613dd9..000000000 --- a/charts/stackstate/stackstate-k8s-agent/1.0.86/templates/cluster-agent-clusterrolebinding.yaml +++ /dev/null @@ -1,19 +0,0 @@ -apiVersion: rbac.authorization.k8s.io/v1 -kind: ClusterRoleBinding -metadata: - name: {{ include "stackstate-k8s-agent.fullname" . }} - labels: -{{ include "stackstate-k8s-agent.labels" . | indent 4 }} -{{ include "stackstate-k8s-agent.global.extraLabels" . | indent 4 }} - app.kubernetes.io/component: cluster-agent - annotations: -{{ include "stackstate-k8s-agent.global.extraAnnotations" . | indent 4 }} -roleRef: - apiGroup: rbac.authorization.k8s.io - kind: ClusterRole - name: {{ include "stackstate-k8s-agent.fullname" . }} -subjects: -- apiGroup: "" - kind: ServiceAccount - name: {{ include "stackstate-k8s-agent.fullname" . }} - namespace: {{ .Release.Namespace }} diff --git a/charts/stackstate/stackstate-k8s-agent/1.0.86/templates/cluster-agent-configmap.yaml b/charts/stackstate/stackstate-k8s-agent/1.0.86/templates/cluster-agent-configmap.yaml deleted file mode 100644 index 37d10217f..000000000 --- a/charts/stackstate/stackstate-k8s-agent/1.0.86/templates/cluster-agent-configmap.yaml +++ /dev/null @@ -1,31 +0,0 @@ -apiVersion: v1 -kind: ConfigMap -metadata: - name: {{ .Release.Name }}-cluster-agent - labels: -{{ include "stackstate-k8s-agent.labels" . | indent 4 }} -{{ include "stackstate-k8s-agent.global.extraLabels" . | indent 4 }} - app.kubernetes.io/component: cluster-agent - annotations: -{{ include "stackstate-k8s-agent.global.extraAnnotations" . | indent 4 }} -data: - kubernetes_api_events_conf: | - init_config: - instances: - - collect_events: {{ .Values.clusterAgent.collection.kubernetesEvents }} - event_categories:{{ .Values.clusterAgent.config.events.categories | toYaml | nindent 10 }} - kubernetes_api_topology_conf: | - init_config: - instances: - - collection_interval: {{ .Values.clusterAgent.config.topology.collectionInterval }} - resources:{{ .Values.clusterAgent.collection.kubernetesResources | toYaml | nindent 10 }} - {{- if .Values.clusterAgent.collection.kubeStateMetrics.enabled }} - kube_state_metrics_core_conf: | - {{- include "cluster-agent-kube-state-metrics" . | nindent 6 }} - {{- end }} -{{- if .Values.clusterAgent.config.override }} -{{- range .Values.clusterAgent.config.override }} - {{ .path | replace "/" "_"}}_{{ .name }}: | -{{ .data | indent 4 -}} -{{- end -}} -{{- end -}} diff --git a/charts/stackstate/stackstate-k8s-agent/1.0.86/templates/cluster-agent-deployment.yaml b/charts/stackstate/stackstate-k8s-agent/1.0.86/templates/cluster-agent-deployment.yaml deleted file mode 100644 index 51025a670..000000000 --- a/charts/stackstate/stackstate-k8s-agent/1.0.86/templates/cluster-agent-deployment.yaml +++ /dev/null @@ -1,169 +0,0 @@ -apiVersion: apps/v1 -kind: Deployment -metadata: - name: {{ .Release.Name }}-cluster-agent - labels: -{{ include "stackstate-k8s-agent.labels" . | indent 4 }} -{{ include "stackstate-k8s-agent.global.extraLabels" . | indent 4 }} - app.kubernetes.io/component: cluster-agent - annotations: -{{ include "stackstate-k8s-agent.global.extraAnnotations" . | indent 4 }} -spec: - replicas: {{ .Values.clusterAgent.replicaCount }} - selector: - matchLabels: - app.kubernetes.io/component: cluster-agent - app.kubernetes.io/instance: {{ .Release.Name }} - app.kubernetes.io/name: {{ include "stackstate-k8s-agent.name" . }} -{{- with .Values.clusterAgent.strategy }} - strategy: - {{- toYaml . | nindent 4 }} -{{- end }} - template: - metadata: - annotations: - {{- include "stackstate-k8s-agent.checksum-configs" . | nindent 8 }} - {{- include "stackstate-k8s-agent.configmap.override.checksum" . | nindent 8 }} -{{ include "stackstate-k8s-agent.global.extraAnnotations" . | indent 8 }} - labels: - app.kubernetes.io/component: cluster-agent - app.kubernetes.io/instance: {{ .Release.Name }} - app.kubernetes.io/name: {{ include "stackstate-k8s-agent.name" . }} -{{ include "stackstate-k8s-agent.global.extraLabels" . | indent 8 }} - spec: - {{- include "stackstate-k8s-agent.image.pullSecrets" (dict "images" (list .Values.clusterAgent.image .Values.all.image) "context" $) | nindent 6 }} - {{- if .Values.clusterAgent.priorityClassName }} - priorityClassName: {{ .Values.clusterAgent.priorityClassName }} - {{- end }} - serviceAccountName: {{ include "stackstate-k8s-agent.fullname" . }} - {{- if .Values.all.hardening.enabled}} - terminationGracePeriodSeconds: 240 - {{- end }} - containers: - - name: cluster-agent - image: "{{ include "stackstate-k8s-agent.imageRegistry" . }}/{{ .Values.clusterAgent.image.repository }}:{{ .Values.clusterAgent.image.tag }}" - imagePullPolicy: "{{ .Values.clusterAgent.image.pullPolicy }}" - {{- if .Values.all.hardening.enabled}} - lifecycle: - preStop: - exec: - command: [ "/bin/sh", "-c", "echo 'Giving slim.ai monitor time to submit data...'; sleep 120" ] - {{- end }} - env: - {{ include "stackstate-k8s-agent.apiKeyEnv" . | nindent 10 }} - {{ include "stackstate-k8s-agent.clusterAgentAuthTokenEnv" . | nindent 10 }} - - name: KUBERNETES_HOSTNAME - valueFrom: - fieldRef: - fieldPath: spec.nodeName - - name: STS_HOSTNAME - value: "$(KUBERNETES_HOSTNAME)-{{ .Values.stackstate.cluster.name}}" - - name: LOG_LEVEL - value: {{ .Values.clusterAgent.logLevel | quote }} - {{- if .Values.checksAgent.enabled }} - - name: STS_CLUSTER_CHECKS_ENABLED - value: "true" - - name: STS_EXTRA_CONFIG_PROVIDERS - value: "kube_endpoints kube_services" - - name: STS_EXTRA_LISTENERS - value: "kube_endpoints kube_services" - {{- end }} - - name: STS_CLUSTER_NAME - value: {{.Values.stackstate.cluster.name | quote }} - - name: STS_SKIP_VALIDATE_CLUSTERNAME - value: "true" - - name: STS_SKIP_SSL_VALIDATION - value: {{ or .Values.global.skipSslValidation .Values.clusterAgent.skipSslValidation | quote }} - - name: STS_COLLECT_KUBERNETES_METRICS - value: {{ .Values.clusterAgent.collection.kubernetesMetrics | quote }} - - name: STS_COLLECT_KUBERNETES_TIMEOUT - value: {{ .Values.clusterAgent.collection.kubernetesTimeout | quote }} - - name: STS_COLLECT_KUBERNETES_TOPOLOGY - value: {{ .Values.clusterAgent.collection.kubernetesTopology | quote }} - - name: STS_LEADER_ELECTION - value: "true" - - name: STS_LOG_LEVEL - value: {{ .Values.clusterAgent.logLevel | quote }} - - name: STS_CLUSTER_AGENT_CMD_PORT - value: {{ .Values.clusterAgent.service.targetPort | quote }} - - name: STS_STS_URL - value: {{ include "stackstate-k8s-agent.stackstate.url" . }} - {{- if .Values.clusterAgent.config.configMap.maxDataSize }} - - name: STS_CONFIGMAP_MAX_DATASIZE - value: {{ .Values.clusterAgent.config.configMap.maxDataSize | quote }} - {{- end}} - {{- if .Values.global.proxy.url }} - - name: STS_PROXY_HTTPS - value: {{ .Values.global.proxy.url | quote }} - - name: STS_PROXY_HTTP - value: {{ .Values.global.proxy.url | quote }} - {{- end }} - {{- range $key, $value := .Values.global.extraEnv.open }} - - name: {{ $key }} - value: {{ $value | quote }} - {{- end }} - {{- range $key, $value := .Values.global.extraEnv.secret }} - - name: {{ $key }} - valueFrom: - secretKeyRef: - name: {{ include "stackstate-k8s-agent.fullname" . }} - key: {{ $key }} - {{- end }} - {{- if .Values.all.hardening.enabled}} - securityContext: - privileged: true - runAsUser: 0 # root - capabilities: - add: [ "ALL" ] - readOnlyRootFilesystem: false - {{- else }} - securityContext: - privileged: false - {{- end }} - {{- with .Values.clusterAgent.resources }} - resources: - {{- toYaml . | nindent 12 }} - {{- end }} - volumeMounts: - - name: logs - mountPath: /var/log/stackstate-agent - - name: config-override-volume - mountPath: /etc/stackstate-agent/conf.d/kubernetes_api_events.d/conf.yaml - subPath: kubernetes_api_events_conf - - name: config-override-volume - mountPath: /etc/stackstate-agent/conf.d/kubernetes_api_topology.d/conf.yaml - subPath: kubernetes_api_topology_conf - readOnly: true - {{- if .Values.clusterAgent.collection.kubeStateMetrics.enabled }} - - name: config-override-volume - mountPath: /etc/stackstate-agent/conf.d/kubernetes_state_core.d/conf.yaml - subPath: kube_state_metrics_core_conf - readOnly: true - {{- end }} - {{- if .Values.clusterAgent.config.override }} - {{- range .Values.clusterAgent.config.override }} - - name: config-override-volume - mountPath: {{ .path }}/{{ .name }} - subPath: {{ .path | replace "/" "_"}}_{{ .name }} - readOnly: true - {{- end }} - {{- end }} - nodeSelector: - {{ template "label.os" . }}: {{ .Values.targetSystem }} - {{- with .Values.clusterAgent.nodeSelector }} - {{- toYaml . | nindent 8 }} - {{- end }} - {{- with .Values.clusterAgent.affinity }} - affinity: - {{- toYaml . | nindent 8 }} - {{- end }} - {{- with .Values.clusterAgent.tolerations }} - tolerations: - {{- toYaml . | nindent 8 }} - {{- end }} - volumes: - - name: logs - emptyDir: {} - - name: config-override-volume - configMap: - name: {{ .Release.Name }}-cluster-agent diff --git a/charts/stackstate/stackstate-k8s-agent/1.0.86/templates/cluster-agent-poddisruptionbudget.yaml b/charts/stackstate/stackstate-k8s-agent/1.0.86/templates/cluster-agent-poddisruptionbudget.yaml deleted file mode 100644 index 64a265b7d..000000000 --- a/charts/stackstate/stackstate-k8s-agent/1.0.86/templates/cluster-agent-poddisruptionbudget.yaml +++ /dev/null @@ -1,21 +0,0 @@ -{{- if .Capabilities.APIVersions.Has "policy/v1/PodDisruptionBudget" }} -apiVersion: policy/v1 -{{- else }} -apiVersion: policy/v1beta1 -{{- end }} -kind: PodDisruptionBudget -metadata: - name: {{ include "stackstate-k8s-agent.fullname" . }} - labels: -{{ include "stackstate-k8s-agent.labels" . | indent 4 }} -{{ include "stackstate-k8s-agent.global.extraLabels" . | indent 4 }} - app.kubernetes.io/component: cluster-agent - annotations: -{{ include "stackstate-k8s-agent.global.extraAnnotations" . | indent 4 }} -spec: - maxUnavailable: 1 - selector: - matchLabels: - app.kubernetes.io/component: cluster-agent - app.kubernetes.io/instance: {{ .Release.Name }} - app.kubernetes.io/name: {{ include "stackstate-k8s-agent.name" . }} diff --git a/charts/stackstate/stackstate-k8s-agent/1.0.86/templates/cluster-agent-role.yaml b/charts/stackstate/stackstate-k8s-agent/1.0.86/templates/cluster-agent-role.yaml deleted file mode 100644 index eabc5bde3..000000000 --- a/charts/stackstate/stackstate-k8s-agent/1.0.86/templates/cluster-agent-role.yaml +++ /dev/null @@ -1,21 +0,0 @@ -{{- $kubeRes := .Values.clusterAgent.collection.kubernetesResources }} -apiVersion: rbac.authorization.k8s.io/v1 -kind: Role -metadata: - name: {{ include "stackstate-k8s-agent.fullname" . }} - labels: -{{ include "stackstate-k8s-agent.labels" . | indent 4 }} -{{ include "stackstate-k8s-agent.global.extraLabels" . | indent 4 }} - app.kubernetes.io/component: cluster-agent - annotations: -{{ include "stackstate-k8s-agent.global.extraAnnotations" . | indent 4 }} -rules: -- apiGroups: - - "" - resources: - - configmaps - verbs: - - create - - get - - patch - - update diff --git a/charts/stackstate/stackstate-k8s-agent/1.0.86/templates/cluster-agent-rolebinding.yaml b/charts/stackstate/stackstate-k8s-agent/1.0.86/templates/cluster-agent-rolebinding.yaml deleted file mode 100644 index adabad45e..000000000 --- a/charts/stackstate/stackstate-k8s-agent/1.0.86/templates/cluster-agent-rolebinding.yaml +++ /dev/null @@ -1,18 +0,0 @@ -apiVersion: rbac.authorization.k8s.io/v1 -kind: RoleBinding -metadata: - name: {{ include "stackstate-k8s-agent.fullname" . }} - labels: -{{ include "stackstate-k8s-agent.labels" . | indent 4 }} -{{ include "stackstate-k8s-agent.global.extraLabels" . | indent 4 }} - app.kubernetes.io/component: cluster-agent - annotations: -{{ include "stackstate-k8s-agent.global.extraAnnotations" . | indent 4 }} -roleRef: - apiGroup: rbac.authorization.k8s.io - kind: Role - name: {{ include "stackstate-k8s-agent.fullname" . }} -subjects: -- apiGroup: "" - kind: ServiceAccount - name: {{ include "stackstate-k8s-agent.fullname" . }} diff --git a/charts/stackstate/stackstate-k8s-agent/1.0.86/templates/cluster-agent-service.yaml b/charts/stackstate/stackstate-k8s-agent/1.0.86/templates/cluster-agent-service.yaml deleted file mode 100644 index 8b687e8f7..000000000 --- a/charts/stackstate/stackstate-k8s-agent/1.0.86/templates/cluster-agent-service.yaml +++ /dev/null @@ -1,21 +0,0 @@ -apiVersion: v1 -kind: Service -metadata: - name: {{ .Release.Name }}-cluster-agent - namespace: {{ .Release.Namespace }} - labels: -{{ include "stackstate-k8s-agent.labels" . | indent 4 }} -{{ include "stackstate-k8s-agent.global.extraLabels" . | indent 4 }} - app.kubernetes.io/component: cluster-agent - annotations: -{{ include "stackstate-k8s-agent.global.extraAnnotations" . | indent 4 }} -spec: - ports: - - name: clusteragent - port: {{int .Values.clusterAgent.service.port }} - protocol: TCP - targetPort: {{int .Values.clusterAgent.service.targetPort }} - selector: - app.kubernetes.io/component: cluster-agent - app.kubernetes.io/instance: {{ .Release.Name }} - app.kubernetes.io/name: {{ include "stackstate-k8s-agent.name" . }} diff --git a/charts/stackstate/stackstate-k8s-agent/1.0.86/templates/cluster-agent-serviceaccount.yaml b/charts/stackstate/stackstate-k8s-agent/1.0.86/templates/cluster-agent-serviceaccount.yaml deleted file mode 100644 index 6cbc89699..000000000 --- a/charts/stackstate/stackstate-k8s-agent/1.0.86/templates/cluster-agent-serviceaccount.yaml +++ /dev/null @@ -1,14 +0,0 @@ -apiVersion: v1 -kind: ServiceAccount -metadata: - name: {{ include "stackstate-k8s-agent.fullname" . }} - namespace: {{ .Release.Namespace }} - labels: -{{ include "stackstate-k8s-agent.labels" . | indent 4 }} -{{ include "stackstate-k8s-agent.global.extraLabels" . | indent 4 }} - app.kubernetes.io/component: cluster-agent - annotations: -{{ include "stackstate-k8s-agent.global.extraAnnotations" . | indent 4 }} -{{- with .Values.clusterAgent.serviceaccount.annotations }} - {{- toYaml . | nindent 4 }} -{{- end }} diff --git a/charts/stackstate/stackstate-k8s-agent/1.0.86/templates/logs-agent-clusterrole.yaml b/charts/stackstate/stackstate-k8s-agent/1.0.86/templates/logs-agent-clusterrole.yaml deleted file mode 100644 index da6cd59dd..000000000 --- a/charts/stackstate/stackstate-k8s-agent/1.0.86/templates/logs-agent-clusterrole.yaml +++ /dev/null @@ -1,23 +0,0 @@ -{{- if .Values.logsAgent.enabled }} -apiVersion: rbac.authorization.k8s.io/v1 -kind: ClusterRole -metadata: - name: {{ .Release.Name }}-logs-agent - labels: -{{ include "stackstate-k8s-agent.labels" . | indent 4 }} -{{ include "stackstate-k8s-agent.global.extraLabels" . | indent 4 }} - app.kubernetes.io/component: logs-agent - annotations: -{{ include "stackstate-k8s-agent.global.extraAnnotations" . | indent 4 }} -rules: -- apiGroups: # Kubelet connectivity - - "" - resources: - - nodes - - services - - pods - verbs: - - get - - watch - - list -{{- end -}} diff --git a/charts/stackstate/stackstate-k8s-agent/1.0.86/templates/logs-agent-clusterrolebinding.yaml b/charts/stackstate/stackstate-k8s-agent/1.0.86/templates/logs-agent-clusterrolebinding.yaml deleted file mode 100644 index 1f6e7cfcf..000000000 --- a/charts/stackstate/stackstate-k8s-agent/1.0.86/templates/logs-agent-clusterrolebinding.yaml +++ /dev/null @@ -1,21 +0,0 @@ -{{- if .Values.logsAgent.enabled }} -apiVersion: rbac.authorization.k8s.io/v1 -kind: ClusterRoleBinding -metadata: - name: {{ .Release.Name }}-logs-agent - labels: -{{ include "stackstate-k8s-agent.labels" . | indent 4 }} -{{ include "stackstate-k8s-agent.global.extraLabels" . | indent 4 }} - app.kubernetes.io/component: logs-agent - annotations: -{{ include "stackstate-k8s-agent.global.extraAnnotations" . | indent 4 }} -roleRef: - apiGroup: rbac.authorization.k8s.io - kind: ClusterRole - name: {{ .Release.Name }}-logs-agent -subjects: -- apiGroup: "" - kind: ServiceAccount - name: {{ .Release.Name }}-logs-agent - namespace: {{ .Release.Namespace }} -{{- end -}} diff --git a/charts/stackstate/stackstate-k8s-agent/1.0.86/templates/logs-agent-configmap.yaml b/charts/stackstate/stackstate-k8s-agent/1.0.86/templates/logs-agent-configmap.yaml deleted file mode 100644 index ff9440a4b..000000000 --- a/charts/stackstate/stackstate-k8s-agent/1.0.86/templates/logs-agent-configmap.yaml +++ /dev/null @@ -1,63 +0,0 @@ -{{- if .Values.logsAgent.enabled }} -apiVersion: v1 -kind: ConfigMap -metadata: - name: {{ .Release.Name }}-logs-agent - labels: -{{ include "stackstate-k8s-agent.labels" . | indent 4 }} -{{ include "stackstate-k8s-agent.global.extraLabels" . | indent 4 }} - app.kubernetes.io/component: logs-agent - annotations: -{{ include "stackstate-k8s-agent.global.extraAnnotations" . | indent 4 }} -data: - promtail.yaml: | - server: - http_listen_port: 9080 - grpc_listen_port: 0 - - clients: - - url: {{ tpl .Values.stackstate.url . }}/logs/k8s?api_key=${STS_API_KEY} - external_labels: - sts_cluster_name: {{ .Values.stackstate.cluster.name | quote }} - {{- if .Values.global.proxy.url }} - proxy_url: {{ .Values.global.proxy.url | quote }} - {{- end }} - tls_config: - insecure_skip_verify: {{ or .Values.global.skipSslValidation .Values.logsAgent.skipSslValidation }} - - - positions: - filename: /tmp/positions.yaml - target_config: - sync_period: 10s - scrape_configs: - - job_name: pod-logs - kubernetes_sd_configs: - - role: pod - pipeline_stages: - - docker: {} - - cri: {} - relabel_configs: - - action: replace - source_labels: - - __meta_kubernetes_pod_name - target_label: pod_name - - action: replace - source_labels: - - __meta_kubernetes_pod_uid - target_label: pod_uid - - action: replace - source_labels: - - __meta_kubernetes_pod_container_name - target_label: container_name - # The __path__ is required by the promtail client - - replacement: /var/log/pods/*$1/*.log - separator: / - source_labels: - - __meta_kubernetes_pod_uid - - __meta_kubernetes_pod_container_name - target_label: __path__ - # Drop all remaining labels, we do not need those - - action: drop - regex: __meta_(.*) -{{- end -}} diff --git a/charts/stackstate/stackstate-k8s-agent/1.0.86/templates/logs-agent-daemonset.yaml b/charts/stackstate/stackstate-k8s-agent/1.0.86/templates/logs-agent-daemonset.yaml deleted file mode 100644 index 23cfce31f..000000000 --- a/charts/stackstate/stackstate-k8s-agent/1.0.86/templates/logs-agent-daemonset.yaml +++ /dev/null @@ -1,91 +0,0 @@ -{{- if .Values.logsAgent.enabled }} -apiVersion: apps/v1 -kind: DaemonSet -metadata: - name: {{ .Release.Name }}-logs-agent - namespace: {{ .Release.Namespace }} - labels: -{{ include "stackstate-k8s-agent.labels" . | indent 4 }} -{{ include "stackstate-k8s-agent.global.extraLabels" . | indent 4 }} - app.kubernetes.io/component: logs-agent - annotations: -{{ include "stackstate-k8s-agent.global.extraAnnotations" . | indent 4 }} -spec: - selector: - matchLabels: - app.kubernetes.io/component: logs-agent - app.kubernetes.io/instance: {{ .Release.Name }} - app.kubernetes.io/name: {{ include "stackstate-k8s-agent.name" . }} -{{- with .Values.logsAgent.updateStrategy }} - updateStrategy: - {{- toYaml . | nindent 4 }} -{{- end }} - template: - metadata: - annotations: - {{- include "stackstate-k8s-agent.checksum-configs" . | nindent 8 }} - {{- include "stackstate-k8s-agent.logsAgent.configmap.override.checksum" . | nindent 8 }} -{{ include "stackstate-k8s-agent.global.extraAnnotations" . | indent 8 }} - labels: - app.kubernetes.io/component: logs-agent - app.kubernetes.io/instance: {{ .Release.Name }} - app.kubernetes.io/name: {{ include "stackstate-k8s-agent.name" . }} -{{ include "stackstate-k8s-agent.global.extraLabels" . | indent 8 }} - spec: - {{- include "stackstate-k8s-agent.image.pullSecrets" (dict "images" (list .Values.logsAgent.image .Values.all.image) "context" $) | nindent 6 }} - containers: - - name: logs-agent - image: "{{ include "stackstate-k8s-agent.imageRegistry" . }}/{{ .Values.logsAgent.image.repository }}:{{ .Values.logsAgent.image.tag }}" - args: - - -config.expand-env=true - - -config.file=/etc/promtail/promtail.yaml - imagePullPolicy: "{{ .Values.logsAgent.image.pullPolicy }}" - env: - {{ include "stackstate-k8s-agent.apiKeyEnv" . | nindent 10 }} - - name: "HOSTNAME" # needed when using kubernetes_sd_configs - valueFrom: - fieldRef: - fieldPath: "spec.nodeName" - securityContext: - privileged: false - {{- with .Values.logsAgent.resources }} - resources: - {{- toYaml . | nindent 12 }} - {{- end }} - volumeMounts: - - name: logs - mountPath: /var/log - readOnly: true - - name: logs-agent-config - mountPath: /etc/promtail - readOnly: true - - name: varlibdockercontainers - mountPath: /var/lib/docker/containers - readOnly: true - {{- if .Values.logsAgent.priorityClassName }} - priorityClassName: {{ .Values.logsAgent.priorityClassName }} - {{- end }} - serviceAccountName: {{ .Release.Name }}-logs-agent - {{- with .Values.logsAgent.nodeSelector }} - nodeSelector: - {{- toYaml . | nindent 8 }} - {{- end }} - {{- with .Values.logsAgent.affinity }} - affinity: - {{- toYaml . | nindent 8 }} - {{- end }} - {{- with .Values.logsAgent.tolerations }} - tolerations: - {{- toYaml . | nindent 8 }} - {{- end }} - volumes: - - name: logs - hostPath: - path: /var/log - - name: varlibdockercontainers - hostPath: - path: /var/lib/docker/containers - - name: logs-agent-config - configMap: - name: {{ .Release.Name }}-logs-agent -{{- end -}} diff --git a/charts/stackstate/stackstate-k8s-agent/1.0.86/templates/logs-agent-serviceaccount.yaml b/charts/stackstate/stackstate-k8s-agent/1.0.86/templates/logs-agent-serviceaccount.yaml deleted file mode 100644 index 91cfdb137..000000000 --- a/charts/stackstate/stackstate-k8s-agent/1.0.86/templates/logs-agent-serviceaccount.yaml +++ /dev/null @@ -1,16 +0,0 @@ -{{- if .Values.logsAgent.enabled }} -apiVersion: v1 -kind: ServiceAccount -metadata: - name: {{ .Release.Name }}-logs-agent - namespace: {{ .Release.Namespace }} - labels: -{{ include "stackstate-k8s-agent.labels" . | indent 4 }} -{{ include "stackstate-k8s-agent.global.extraLabels" . | indent 4 }} - app.kubernetes.io/component: logs-agent - annotations: -{{ include "stackstate-k8s-agent.global.extraAnnotations" . | indent 4 }} -{{- with .Values.logsAgent.serviceaccount.annotations }} - {{- toYaml . | nindent 4 }} -{{- end }} -{{- end -}} diff --git a/charts/stackstate/stackstate-k8s-agent/1.0.86/templates/node-agent-clusterrole.yaml b/charts/stackstate/stackstate-k8s-agent/1.0.86/templates/node-agent-clusterrole.yaml deleted file mode 100644 index 1ded16cc2..000000000 --- a/charts/stackstate/stackstate-k8s-agent/1.0.86/templates/node-agent-clusterrole.yaml +++ /dev/null @@ -1,21 +0,0 @@ -apiVersion: rbac.authorization.k8s.io/v1 -kind: ClusterRole -metadata: - name: {{ .Release.Name }}-node-agent - labels: -{{ include "stackstate-k8s-agent.labels" . | indent 4 }} -{{ include "stackstate-k8s-agent.global.extraLabels" . | indent 4 }} - app.kubernetes.io/component: node-agent - annotations: -{{ include "stackstate-k8s-agent.global.extraAnnotations" . | indent 4 }} -rules: -- apiGroups: # Kubelet connectivity - - "" - resources: - - nodes/metrics - - nodes/proxy - - nodes/spec - - endpoints - verbs: - - get - - list diff --git a/charts/stackstate/stackstate-k8s-agent/1.0.86/templates/node-agent-clusterrolebinding.yaml b/charts/stackstate/stackstate-k8s-agent/1.0.86/templates/node-agent-clusterrolebinding.yaml deleted file mode 100644 index b3f033ebb..000000000 --- a/charts/stackstate/stackstate-k8s-agent/1.0.86/templates/node-agent-clusterrolebinding.yaml +++ /dev/null @@ -1,19 +0,0 @@ -apiVersion: rbac.authorization.k8s.io/v1 -kind: ClusterRoleBinding -metadata: - name: {{ .Release.Name }}-node-agent - labels: -{{ include "stackstate-k8s-agent.labels" . | indent 4 }} -{{ include "stackstate-k8s-agent.global.extraLabels" . | indent 4 }} - app.kubernetes.io/component: node-agent - annotations: -{{ include "stackstate-k8s-agent.global.extraAnnotations" . | indent 4 }} -roleRef: - apiGroup: rbac.authorization.k8s.io - kind: ClusterRole - name: {{ .Release.Name }}-node-agent -subjects: -- apiGroup: "" - kind: ServiceAccount - name: {{ .Release.Name }}-node-agent - namespace: {{ .Release.Namespace }} diff --git a/charts/stackstate/stackstate-k8s-agent/1.0.86/templates/node-agent-configmap.yaml b/charts/stackstate/stackstate-k8s-agent/1.0.86/templates/node-agent-configmap.yaml deleted file mode 100644 index 8f6b2ed3a..000000000 --- a/charts/stackstate/stackstate-k8s-agent/1.0.86/templates/node-agent-configmap.yaml +++ /dev/null @@ -1,17 +0,0 @@ -{{- if .Values.nodeAgent.config.override }} -apiVersion: v1 -kind: ConfigMap -metadata: - name: {{ .Release.Name }}-node-agent - labels: -{{ include "stackstate-k8s-agent.labels" . | indent 4 }} -{{ include "stackstate-k8s-agent.global.extraLabels" . | indent 4 }} - app.kubernetes.io/component: node-agent - annotations: -{{ include "stackstate-k8s-agent.global.extraAnnotations" . | indent 4 }} -data: -{{- range .Values.nodeAgent.config.override }} - {{ .path | replace "/" "_"}}_{{ .name }}: | -{{ .data | indent 4 -}} -{{- end -}} -{{- end -}} diff --git a/charts/stackstate/stackstate-k8s-agent/1.0.86/templates/node-agent-daemonset.yaml b/charts/stackstate/stackstate-k8s-agent/1.0.86/templates/node-agent-daemonset.yaml deleted file mode 100644 index 4c8dbdd5a..000000000 --- a/charts/stackstate/stackstate-k8s-agent/1.0.86/templates/node-agent-daemonset.yaml +++ /dev/null @@ -1,110 +0,0 @@ ---- -apiVersion: apps/v1 -kind: DaemonSet -metadata: - name: {{ .Release.Name }}-node-agent - namespace: {{ .Release.Namespace }} - labels: -{{ include "stackstate-k8s-agent.labels" . | indent 4 }} -{{ include "stackstate-k8s-agent.global.extraLabels" . | indent 4 }} - app.kubernetes.io/component: node-agent - annotations: -{{ include "stackstate-k8s-agent.global.extraAnnotations" . | indent 4 }} -spec: - selector: - matchLabels: - app.kubernetes.io/component: node-agent - app.kubernetes.io/instance: {{ .Release.Name }} - app.kubernetes.io/name: {{ include "stackstate-k8s-agent.name" . }} -{{- with .Values.nodeAgent.updateStrategy }} - updateStrategy: - {{- toYaml . | nindent 4 }} -{{- end }} - template: - metadata: - annotations: - {{- include "stackstate-k8s-agent.checksum-configs" . | nindent 8 }} - {{- include "stackstate-k8s-agent.nodeAgent.configmap.override.checksum" . | nindent 8 }} -{{ include "stackstate-k8s-agent.global.extraAnnotations" . | indent 8 }} - labels: - app.kubernetes.io/component: node-agent - app.kubernetes.io/instance: {{ .Release.Name }} - app.kubernetes.io/name: {{ include "stackstate-k8s-agent.name" . }} -{{ include "stackstate-k8s-agent.global.extraLabels" . | indent 8 }} - spec: - {{- include "stackstate-k8s-agent.image.pullSecrets" (dict "images" (list .Values.nodeAgent.containers.agent.image .Values.all.image) "context" $) | nindent 6 }} - {{- if .Values.all.hardening.enabled}} - terminationGracePeriodSeconds: 240 - {{- end }} - containers: - {{- include "container-agent" . | nindent 6 }} - {{- if .Values.nodeAgent.containers.processAgent.enabled }} - {{- include "container-process-agent" . | nindent 6 }} - {{- end }} - dnsPolicy: ClusterFirstWithHostNet - hostNetwork: true - hostPID: true - {{- if .Values.nodeAgent.priorityClassName }} - priorityClassName: {{ .Values.nodeAgent.priorityClassName }} - {{- end }} - serviceAccountName: {{ .Release.Name }}-node-agent - nodeSelector: - {{ template "label.os" . }}: {{ .Values.targetSystem }} - {{- with .Values.nodeAgent.nodeSelector }} - {{- toYaml . | nindent 8 }} - {{- end }} - {{- with .Values.nodeAgent.affinity }} - affinity: - {{- toYaml . | nindent 8 }} - {{- end }} - {{- with .Values.nodeAgent.tolerations }} - tolerations: - {{- toYaml . | nindent 8 }} - {{- end }} - volumes: - {{- if .Values.nodeAgent.containerRuntime.customSocketPath }} - - hostPath: - path: {{ .Values.nodeAgent.containerRuntime.customSocketPath }} - name: customcrisocket - {{- end }} - - hostPath: - path: /var/lib/kubelet - name: kubelet - - hostPath: - path: /var/lib/nfs - name: nfs - - hostPath: - path: /var/lib/docker/overlay2 - name: dockeroverlay2 - - hostPath: - path: /run/docker/netns - name: dockernetns - - hostPath: - path: /var/run/crio/crio.sock - name: crisocket - - hostPath: - path: /var/run/containerd/containerd.sock - name: containerdsocket - - hostPath: - path: /sys/kernel/debug - name: sys-kernel-debug - - hostPath: - path: /var/run/docker.sock - name: dockersocket - - hostPath: - path: {{ .Values.nodeAgent.containerRuntime.hostProc }} - name: procdir - - hostPath: - path: /etc - name: etcdir - - hostPath: - path: /etc/passwd - name: passwd - - hostPath: - path: /sys/fs/cgroup - name: cgroups - {{- if .Values.nodeAgent.config.override }} - - name: config-override-volume - configMap: - name: {{ .Release.Name }}-node-agent - {{- end }} diff --git a/charts/stackstate/stackstate-k8s-agent/1.0.86/templates/node-agent-podautoscaler.yaml b/charts/stackstate/stackstate-k8s-agent/1.0.86/templates/node-agent-podautoscaler.yaml deleted file mode 100644 index 38298d414..000000000 --- a/charts/stackstate/stackstate-k8s-agent/1.0.86/templates/node-agent-podautoscaler.yaml +++ /dev/null @@ -1,39 +0,0 @@ ---- -{{- if .Values.nodeAgent.autoScalingEnabled }} -apiVersion: "autoscaling.k8s.io/v1" -kind: VerticalPodAutoscaler -metadata: - name: {{ .Release.Name }}-node-agent-vpa - namespace: {{ .Release.Namespace }} - labels: -{{ include "stackstate-k8s-agent.global.extraLabels" . | indent 4 }} - annotations: -{{ include "stackstate-k8s-agent.global.extraAnnotations" . | indent 4 }} -spec: - targetRef: - apiVersion: "apps/v1" - kind: DaemonSet - name: {{ .Release.Name }}-node-agent - resourcePolicy: - containerPolicies: - - containerName: 'node-agent' - minAllowed: - cpu: {{ .Values.nodeAgent.scaling.autoscalerLimits.agent.minimum.cpu }} - memory: {{ .Values.nodeAgent.scaling.autoscalerLimits.agent.minimum.memory }} - maxAllowed: - cpu: {{ .Values.nodeAgent.scaling.autoscalerLimits.agent.maximum.cpu }} - memory: {{ .Values.nodeAgent.scaling.autoscalerLimits.agent.maximum.memory }} - controlledResources: ["cpu", "memory"] - controlledValues: RequestsAndLimits - - containerName: 'process-agent' - minAllowed: - cpu: {{ .Values.nodeAgent.scaling.autoscalerLimits.processAgent.minimum.cpu }} - memory: {{ .Values.nodeAgent.scaling.autoscalerLimits.processAgent.minimum.memory }} - maxAllowed: - cpu: {{ .Values.nodeAgent.scaling.autoscalerLimits.processAgent.maximum.cpu }} - memory: {{ .Values.nodeAgent.scaling.autoscalerLimits.processAgent.maximum.memory }} - controlledResources: ["cpu", "memory"] - controlledValues: RequestsAndLimits - updatePolicy: - updateMode: "Auto" -{{- end }} diff --git a/charts/stackstate/stackstate-k8s-agent/1.0.86/templates/node-agent-scc.yaml b/charts/stackstate/stackstate-k8s-agent/1.0.86/templates/node-agent-scc.yaml deleted file mode 100644 index a09da78c1..000000000 --- a/charts/stackstate/stackstate-k8s-agent/1.0.86/templates/node-agent-scc.yaml +++ /dev/null @@ -1,60 +0,0 @@ -{{- if .Values.nodeAgent.scc.enabled }} -allowHostDirVolumePlugin: true -# was true -allowHostIPC: true -# was true -allowHostNetwork: true -# Allow host PID for dogstatsd origin detection -allowHostPID: true -# Allow host ports for dsd / trace / logs intake -allowHostPorts: true -allowPrivilegeEscalation: true -# was true -allowPrivilegedContainer: true -# was - '*' -allowedCapabilities: [] -allowedUnsafeSysctls: -- '*' -apiVersion: security.openshift.io/v1 -defaultAddCapabilities: null -fsGroup: -# was RunAsAny - type: MustRunAs -groups: [] -kind: SecurityContextConstraints -metadata: - name: {{ .Release.Name }}-node-agent - namespace: {{ .Release.Namespace }} - labels: -{{ include "stackstate-k8s-agent.global.extraLabels" . | indent 4 }} - annotations: -{{ include "stackstate-k8s-agent.global.extraAnnotations" . | indent 4 }} -priority: null -readOnlyRootFilesystem: false -requiredDropCapabilities: null -# was RunAsAny -runAsUser: - type: MustRunAsRange -# Use the `spc_t` selinux type to access the -# docker socket + proc and cgroup stats -seLinuxContext: - type: RunAsAny - seLinuxOptions: - user: "system_u" - role: "system_r" - type: "spc_t" - level: "s0" -# was - '*' -seccompProfiles: [] -supplementalGroups: - type: RunAsAny -users: -- system:serviceaccount:{{ .Release.Namespace }}:{{ .Release.Name }}-node-agent -# Allow hostPath for docker / process metrics -volumes: - - configMap - - downwardAPI - - emptyDir - - hostPath - - secret -{{- end }} diff --git a/charts/stackstate/stackstate-k8s-agent/1.0.86/templates/node-agent-service.yaml b/charts/stackstate/stackstate-k8s-agent/1.0.86/templates/node-agent-service.yaml deleted file mode 100644 index 0b6cd6ec0..000000000 --- a/charts/stackstate/stackstate-k8s-agent/1.0.86/templates/node-agent-service.yaml +++ /dev/null @@ -1,28 +0,0 @@ -apiVersion: v1 -kind: Service -metadata: - name: {{ .Release.Name }}-node-agent - namespace: {{ .Release.Namespace }} - labels: -{{ include "stackstate-k8s-agent.labels" . | indent 4 }} -{{ include "stackstate-k8s-agent.global.extraLabels" . | indent 4 }} - app.kubernetes.io/component: node-agent - annotations: -{{ include "stackstate-k8s-agent.global.extraAnnotations" . | indent 4 }} -{{- with .Values.nodeAgent.service.annotations }} - {{- toYaml . | nindent 4 }} -{{- end }} -spec: - type: {{ .Values.nodeAgent.service.type }} -{{- if eq .Values.nodeAgent.service.type "LoadBalancer" }} - loadBalancerSourceRanges: {{ toYaml .Values.nodeAgent.service.loadBalancerSourceRanges | nindent 4}} -{{- end }} - ports: - - name: traceport - port: 8126 - protocol: TCP - targetPort: 8126 - selector: - app.kubernetes.io/component: node-agent - app.kubernetes.io/instance: {{ .Release.Name }} - app.kubernetes.io/name: {{ include "stackstate-k8s-agent.name" . }} diff --git a/charts/stackstate/stackstate-k8s-agent/1.0.86/templates/node-agent-serviceaccount.yaml b/charts/stackstate/stackstate-k8s-agent/1.0.86/templates/node-agent-serviceaccount.yaml deleted file mode 100644 index 803d184ef..000000000 --- a/charts/stackstate/stackstate-k8s-agent/1.0.86/templates/node-agent-serviceaccount.yaml +++ /dev/null @@ -1,14 +0,0 @@ -apiVersion: v1 -kind: ServiceAccount -metadata: - name: {{ .Release.Name }}-node-agent - namespace: {{ .Release.Namespace }} - labels: -{{ include "stackstate-k8s-agent.labels" . | indent 4 }} -{{ include "stackstate-k8s-agent.global.extraLabels" . | indent 4 }} - app.kubernetes.io/component: node-agent - annotations: -{{ include "stackstate-k8s-agent.global.extraAnnotations" . | indent 4 }} -{{- with .Values.nodeAgent.serviceaccount.annotations }} - {{- toYaml . | nindent 4 }} -{{- end }} diff --git a/charts/stackstate/stackstate-k8s-agent/1.0.86/templates/openshift-logging-secret.yaml b/charts/stackstate/stackstate-k8s-agent/1.0.86/templates/openshift-logging-secret.yaml deleted file mode 100644 index ed0707f1f..000000000 --- a/charts/stackstate/stackstate-k8s-agent/1.0.86/templates/openshift-logging-secret.yaml +++ /dev/null @@ -1,22 +0,0 @@ -{{- if not .Values.stackstate.manageOwnSecrets }} -{{- if .Values.openShiftLogging.installSecret }} -apiVersion: v1 -kind: Secret -metadata: - name: {{ include "stackstate-k8s-agent.fullname" . }}-logging-secret - namespace: openshift-logging - labels: -{{ include "stackstate-k8s-agent.labels" . | indent 4 }} -{{ include "stackstate-k8s-agent.global.extraLabels" . | indent 4 }} - annotations: -{{ include "stackstate-k8s-agent.global.extraAnnotations" . | indent 4 }} -type: Opaque -data: - username: {{ "apikey" | b64enc | quote }} -{{- if .Values.global.receiverApiKey }} - password: {{ .Values.global.receiverApiKey | b64enc | quote }} -{{- else }} - password: {{ .Values.stackstate.apiKey | b64enc | quote }} -{{- end }} -{{- end }} -{{- end }} diff --git a/charts/stackstate/stackstate-k8s-agent/1.0.86/templates/pull-secret.yaml b/charts/stackstate/stackstate-k8s-agent/1.0.86/templates/pull-secret.yaml deleted file mode 100644 index 916941665..000000000 --- a/charts/stackstate/stackstate-k8s-agent/1.0.86/templates/pull-secret.yaml +++ /dev/null @@ -1,39 +0,0 @@ -{{- $defaultRegistry := .Values.global.imageRegistry }} -{{- $top := . }} -{{- $registryAuthMap := dict }} - -{{- range $registry, $credentials := .Values.global.imagePullCredentials }} - {{- $registryAuthDocument := dict -}} - {{- $_ := set $registryAuthDocument "username" $credentials.username }} - {{- $_ := set $registryAuthDocument "password" $credentials.password }} - {{- $authMessage := printf "%s:%s" $registryAuthDocument.username $registryAuthDocument.password | b64enc }} - {{- $_ := set $registryAuthDocument "auth" $authMessage }} - {{- if eq $registry "default" }} - {{- $registryAuthMap := set $registryAuthMap (include "stackstate-k8s-agent.imageRegistry" $top) $registryAuthDocument }} - {{ else }} - {{- $registryAuthMap := set $registryAuthMap $registry $registryAuthDocument }} - {{- end }} -{{- end }} - -{{- if .Values.all.image.pullSecretUsername }} - {{- $registryAuthDocument := dict -}} - {{- $_ := set $registryAuthDocument "username" .Values.all.image.pullSecretUsername }} - {{- $_ := set $registryAuthDocument "password" .Values.all.image.pullSecretPassword }} - {{- $authMessage := printf "%s:%s" $registryAuthDocument.username $registryAuthDocument.password | b64enc }} - {{- $_ := set $registryAuthDocument "auth" $authMessage }} - {{- $registryAuthMap := set $registryAuthMap (include "stackstate-k8s-agent.imageRegistry" $top) $registryAuthDocument }} -{{- end }} - -{{- $dockerAuthsDocuments := dict "auths" $registryAuthMap }} - -apiVersion: v1 -kind: Secret -metadata: - name: {{ include "stackstate-k8s-agent.pull-secret.name" . }} - labels: -{{ include "stackstate-k8s-agent.global.extraLabels" . | indent 4 }} - annotations: -{{ include "stackstate-k8s-agent.global.extraAnnotations" . | indent 4 }} -data: - .dockerconfigjson: {{ $dockerAuthsDocuments | toJson | b64enc | quote }} -type: kubernetes.io/dockerconfigjson diff --git a/charts/stackstate/stackstate-k8s-agent/1.0.86/templates/secret.yaml b/charts/stackstate/stackstate-k8s-agent/1.0.86/templates/secret.yaml deleted file mode 100644 index 5e0f5f74c..000000000 --- a/charts/stackstate/stackstate-k8s-agent/1.0.86/templates/secret.yaml +++ /dev/null @@ -1,27 +0,0 @@ -{{- if not .Values.stackstate.manageOwnSecrets }} -apiVersion: v1 -kind: Secret -metadata: - name: {{ include "stackstate-k8s-agent.fullname" . }} - namespace: {{ .Release.Namespace }} - labels: -{{ include "stackstate-k8s-agent.labels" . | indent 4 }} -{{ include "stackstate-k8s-agent.global.extraLabels" . | indent 4 }} - annotations: -{{ include "stackstate-k8s-agent.global.extraAnnotations" . | indent 4 }} -type: Opaque -data: -{{- if .Values.global.receiverApiKey }} - sts-api-key: {{ .Values.global.receiverApiKey | b64enc | quote }} -{{- else }} - sts-api-key: {{ .Values.stackstate.apiKey | b64enc | quote }} -{{- end }} -{{- if .Values.stackstate.cluster.authToken }} - sts-cluster-auth-token: {{ .Values.stackstate.cluster.authToken | b64enc | quote }} -{{- else }} - sts-cluster-auth-token: {{ randAlphaNum 32 | b64enc | quote }} -{{- end }} -{{- range $key, $value := .Values.global.extraEnv.secret }} - {{ $key }}: {{ $value | b64enc | quote }} -{{- end }} -{{- end }} diff --git a/charts/stackstate/stackstate-k8s-agent/1.0.86/test/clusteragent_resources_test.go b/charts/stackstate/stackstate-k8s-agent/1.0.86/test/clusteragent_resources_test.go deleted file mode 100644 index 25875e871..000000000 --- a/charts/stackstate/stackstate-k8s-agent/1.0.86/test/clusteragent_resources_test.go +++ /dev/null @@ -1,145 +0,0 @@ -package test - -import ( - "regexp" - "strings" - "testing" - - v1 "k8s.io/api/rbac/v1" - - "github.com/stretchr/testify/assert" - "gitlab.com/StackVista/DevOps/helm-charts/helmtestutil" -) - -var requiredRules = []string{ - "events+get,list,watch", - "nodes+get,list,watch", - "pods+get,list,watch", - "services+get,list,watch", - "configmaps+create,get,patch,update", -} - -var optionalRules = []string{ - "namespaces+get,list,watch", - "componentstatuses+get,list,watch", - "configmaps+list,watch", // get is already required - "endpoints+get,list,watch", - "persistentvolumeclaims+get,list,watch", - "persistentvolumes+get,list,watch", - "secrets+get,list,watch", - "apps/daemonsets+get,list,watch", - "apps/deployments+get,list,watch", - "apps/replicasets+get,list,watch", - "apps/statefulsets+get,list,watch", - "extensions/ingresses+get,list,watch", - "batch/cronjobs+get,list,watch", - "batch/jobs+get,list,watch", -} - -var roleDescriptionRegexp = regexp.MustCompile(`^((?P\w+)/)?(?P\w+)\+(?P[\w,]+)`) - -type Rule struct { - Group string - ResourceName string - Verb string -} - -func assertRuleExistence(t *testing.T, rules []v1.PolicyRule, roleDescription string, shouldBePresent bool) { - match := roleDescriptionRegexp.FindStringSubmatch(roleDescription) - assert.NotNil(t, match) - - var roleRules []Rule - for _, rule := range rules { - for _, group := range rule.APIGroups { - for _, resource := range rule.Resources { - for _, verb := range rule.Verbs { - roleRules = append(roleRules, Rule{group, resource, verb}) - } - } - } - } - - resGroup := match[roleDescriptionRegexp.SubexpIndex("group")] - resName := match[roleDescriptionRegexp.SubexpIndex("name")] - verbs := strings.Split(match[roleDescriptionRegexp.SubexpIndex("verbs")], ",") - - for _, verb := range verbs { - requiredRule := Rule{resGroup, resName, verb} - found := false - for _, rule := range roleRules { - if rule == requiredRule { - found = true - break - } - } - if shouldBePresent { - assert.Truef(t, found, "Rule %v has not been found", requiredRule) - } else { - assert.Falsef(t, found, "Rule %v should not be present", requiredRule) - } - } -} - -func TestAllResourcesAreEnabled(t *testing.T) { - output := helmtestutil.RenderHelmTemplate(t, "stackstate-k8s-agent", "values/minimal.yaml") - resources := helmtestutil.NewKubernetesResources(t, output) - - assert.Contains(t, resources.ClusterRoles, "stackstate-k8s-agent") - assert.Contains(t, resources.Roles, "stackstate-k8s-agent") - rules := resources.ClusterRoles["stackstate-k8s-agent"].Rules - rules = append(rules, resources.Roles["stackstate-k8s-agent"].Rules...) - - for _, requiredRole := range requiredRules { - assertRuleExistence(t, rules, requiredRole, true) - } - // be default, everything is enabled, so all the optional roles should be present as well - for _, optionalRule := range optionalRules { - assertRuleExistence(t, rules, optionalRule, true) - } -} - -func TestMostOfResourcesAreDisabled(t *testing.T) { - output := helmtestutil.RenderHelmTemplate(t, "stackstate-k8s-agent", "values/minimal.yaml", "values/disable-all-resource.yaml") - resources := helmtestutil.NewKubernetesResources(t, output) - - assert.Contains(t, resources.ClusterRoles, "stackstate-k8s-agent") - assert.Contains(t, resources.Roles, "stackstate-k8s-agent") - rules := resources.ClusterRoles["stackstate-k8s-agent"].Rules - rules = append(rules, resources.Roles["stackstate-k8s-agent"].Rules...) - - for _, requiredRole := range requiredRules { - assertRuleExistence(t, rules, requiredRole, true) - } - - // we expect all optional resources to be removed from ClusterRole with the given values - for _, optionalRule := range optionalRules { - assertRuleExistence(t, rules, optionalRule, false) - } -} - -func TestNoClusterWideModificationRights(t *testing.T) { - output := helmtestutil.RenderHelmTemplate(t, "stackstate-k8s-agent", "values/minimal.yaml", "values/http-header-injector.yaml") - resources := helmtestutil.NewKubernetesResources(t, output) - assert.Contains(t, resources.ClusterRoles, "stackstate-k8s-agent") - illegalVerbs := []string{"create", "patch", "update", "delete"} - - for _, clusterRole := range resources.ClusterRoles { - for _, rule := range clusterRole.Rules { - for _, verb := range rule.Verbs { - assert.NotContains(t, illegalVerbs, verb, "ClusterRole %s should not have %s verb for %s resource", clusterRole.Name, verb, rule.Resources) - } - } - } -} - -func TestServicePortChange(t *testing.T) { - output := helmtestutil.RenderHelmTemplate(t, "stackstate-k8s-agent", "values/minimal.yaml", "values/clustercheck_service_port_override.yaml") - resources := helmtestutil.NewKubernetesResources(t, output) - - cluster_agent_service := resources.Services["stackstate-k8s-agent-cluster-agent"] - - port := cluster_agent_service.Spec.Ports[0] - assert.Equal(t, port.Name, "clusteragent") - assert.Equal(t, port.Port, int32(8008)) - assert.Equal(t, port.TargetPort.IntVal, int32(9009)) -} diff --git a/charts/stackstate/stackstate-k8s-agent/1.0.86/test/clustername_test.go b/charts/stackstate/stackstate-k8s-agent/1.0.86/test/clustername_test.go deleted file mode 100644 index 55090b995..000000000 --- a/charts/stackstate/stackstate-k8s-agent/1.0.86/test/clustername_test.go +++ /dev/null @@ -1,54 +0,0 @@ -package test - -import ( - "testing" - - "github.com/gruntwork-io/terratest/modules/helm" - "github.com/stretchr/testify/assert" - - "gitlab.com/StackVista/DevOps/helm-charts/helmtestutil" -) - -func TestHelmBasicRender(t *testing.T) { - output := helmtestutil.RenderHelmTemplate(t, "stackstate-k8s-agent", "values/minimal.yaml") - - // Parse all resources into their corresponding types for validation and further inspection - helmtestutil.NewKubernetesResources(t, output) -} - -func TestClusterNameValidation(t *testing.T) { - testCases := []struct { - Name string - ClusterName string - IsValid bool - }{ - {"not allowed end with special character [.]", "name.", false}, - {"not allowed end with special character [-]", "name.", false}, - {"not allowed start with special character [-]", "-name", false}, - {"not allowed start with special character [.]", ".name", false}, - {"upper case is not allowed", "Euwest1-prod.cool-company.com", false}, - {"upper case is not allowed", "euwest1-PROD.cool-company.com", false}, - {"upper case is not allowed", "euwest1-prod.cool-company.coM", false}, - {"dots and dashes are allowed in the middle", "euwest1-prod.cool-company.com", true}, - {"underscore is not allowed", "why_7", false}, - } - - for _, testCase := range testCases { - t.Run(testCase.Name, func(t *testing.T) { - output, err := helmtestutil.RenderHelmTemplateOpts( - t, "cluster-agent", - &helm.Options{ - ValuesFiles: []string{"values/minimal.yaml"}, - SetStrValues: map[string]string{ - "stackstate.cluster.name": testCase.ClusterName, - }, - }) - if testCase.IsValid { - assert.Nil(t, err) - } else { - assert.NotNil(t, err) - assert.Contains(t, output, "stackstate.cluster.name: Does not match pattern") - } - }) - } -} diff --git a/charts/stackstate/stackstate-k8s-agent/1.0.86/test/values/clustercheck_ksm_custom_url.yaml b/charts/stackstate/stackstate-k8s-agent/1.0.86/test/values/clustercheck_ksm_custom_url.yaml deleted file mode 100644 index 57b973eed..000000000 --- a/charts/stackstate/stackstate-k8s-agent/1.0.86/test/values/clustercheck_ksm_custom_url.yaml +++ /dev/null @@ -1,7 +0,0 @@ -checksAgent: - enabled: true - kubeStateMetrics: - url: http://my-custom-ksm-url.monitoring.svc.local:8080/metrics -dependencies: - kubeStateMetrics: - enabled: true diff --git a/charts/stackstate/stackstate-k8s-agent/1.0.86/test/values/clustercheck_ksm_no_override.yaml b/charts/stackstate/stackstate-k8s-agent/1.0.86/test/values/clustercheck_ksm_no_override.yaml deleted file mode 100644 index b6c817d47..000000000 --- a/charts/stackstate/stackstate-k8s-agent/1.0.86/test/values/clustercheck_ksm_no_override.yaml +++ /dev/null @@ -1,5 +0,0 @@ -checksAgent: - enabled: true -dependencies: - kubeStateMetrics: - enabled: true diff --git a/charts/stackstate/stackstate-k8s-agent/1.0.86/test/values/clustercheck_ksm_override.yaml b/charts/stackstate/stackstate-k8s-agent/1.0.86/test/values/clustercheck_ksm_override.yaml deleted file mode 100644 index 9ca201345..000000000 --- a/charts/stackstate/stackstate-k8s-agent/1.0.86/test/values/clustercheck_ksm_override.yaml +++ /dev/null @@ -1,26 +0,0 @@ -checksAgent: - enabled: true -dependencies: - kubeStateMetrics: - enabled: true -agent: - config: - override: -# agent.config.override -- Disables kubernetes_state check on regular agent pods. - - name: auto_conf.yaml - path: /etc/stackstate-agent/conf.d/kubernetes_state.d - data: | -clusterAgent: - config: - override: -# clusterAgent.config.override -- Defines kubernetes_state check for clusterchecks agents. Auto-discovery -# with ad_identifiers does not work here. Use a specific URL instead. - - name: conf.yaml - path: /etc/stackstate-agent/conf.d/kubernetes_state.d - data: | - cluster_check: true - - init_config: - - instances: - - kube_state_url: http://YOUR_KUBE_STATE_METRICS_SERVICE_NAME:8080/metrics diff --git a/charts/stackstate/stackstate-k8s-agent/1.0.86/test/values/clustercheck_no_ksm_custom_url.yaml b/charts/stackstate/stackstate-k8s-agent/1.0.86/test/values/clustercheck_no_ksm_custom_url.yaml deleted file mode 100644 index a62691878..000000000 --- a/charts/stackstate/stackstate-k8s-agent/1.0.86/test/values/clustercheck_no_ksm_custom_url.yaml +++ /dev/null @@ -1,7 +0,0 @@ -checksAgent: - enabled: true - kubeStateMetrics: - url: http://my-custom-ksm-url.monitoring.svc.local:8080/metrics -dependencies: - kubeStateMetrics: - enabled: false diff --git a/charts/stackstate/stackstate-k8s-agent/1.0.86/test/values/clustercheck_service_port_override.yaml b/charts/stackstate/stackstate-k8s-agent/1.0.86/test/values/clustercheck_service_port_override.yaml deleted file mode 100644 index c01a98fcb..000000000 --- a/charts/stackstate/stackstate-k8s-agent/1.0.86/test/values/clustercheck_service_port_override.yaml +++ /dev/null @@ -1,4 +0,0 @@ -clusterAgent: - service: - port: 8008 - targetPort: 9009 diff --git a/charts/stackstate/stackstate-k8s-agent/1.0.86/test/values/disable-all-resource.yaml b/charts/stackstate/stackstate-k8s-agent/1.0.86/test/values/disable-all-resource.yaml deleted file mode 100644 index cd33e843e..000000000 --- a/charts/stackstate/stackstate-k8s-agent/1.0.86/test/values/disable-all-resource.yaml +++ /dev/null @@ -1,17 +0,0 @@ -clusterAgent: - collection: - kubernetesMetrics: false - kubernetesResources: - namespaces: false - configmaps: false - endpoints: false - persistentvolumes: false - persistentvolumeclaims: false - secrets: false - daemonsets: false - deployments: false - replicasets: false - statefulsets: false - ingresses: false - cronjobs: false - jobs: false diff --git a/charts/stackstate/stackstate-k8s-agent/1.0.86/test/values/http-header-injector.yaml b/charts/stackstate/stackstate-k8s-agent/1.0.86/test/values/http-header-injector.yaml deleted file mode 100644 index c9392ce2d..000000000 --- a/charts/stackstate/stackstate-k8s-agent/1.0.86/test/values/http-header-injector.yaml +++ /dev/null @@ -1,8 +0,0 @@ -httpHeaderInjectorWebhook: - webhook: - tls: - mode: "provided" - provided: - caBundle: insert-ca-here - crt: insert-cert-here - key: insert-key-here diff --git a/charts/stackstate/stackstate-k8s-agent/1.0.86/test/values/minimal.yaml b/charts/stackstate/stackstate-k8s-agent/1.0.86/test/values/minimal.yaml deleted file mode 100644 index b310c9a09..000000000 --- a/charts/stackstate/stackstate-k8s-agent/1.0.86/test/values/minimal.yaml +++ /dev/null @@ -1,7 +0,0 @@ -stackstate: - apiKey: foobar - cluster: - name: some-k8s-cluster - token: some-token - - url: https://stackstate:7000/receiver diff --git a/charts/stackstate/stackstate-k8s-agent/1.0.86/values.schema.json b/charts/stackstate/stackstate-k8s-agent/1.0.86/values.schema.json deleted file mode 100644 index 57d36a9f3..000000000 --- a/charts/stackstate/stackstate-k8s-agent/1.0.86/values.schema.json +++ /dev/null @@ -1,78 +0,0 @@ -{ - "$schema": "https://json-schema.org/draft/2019-09/schema", - "$id": "https://stackstate.io/example.json", - "type": "object", - "default": {}, - "title": "StackState Agent Helm chart values", - "required": [ - "stackstate", - "clusterAgent" - ], - "properties": { - "stackstate": { - "type": "object", - "required": [ - "cluster", - "url" - ], - "properties": { - "apiKey": { - "type": "string" - }, - "cluster": { - "type": "object", - "required": ["name"], - "properties": { - "name": { - "type": "string", - "pattern": "^[a-z0-9]([a-z0-9\\-\\.]*[a-z0-9])$" - }, - "authToken": { - "type": "string" - } - } - }, - "url": { - "type": "string" - } - } - }, - "clusterAgent": { - "type": "object", - "required": [ - "config" - ], - "properties": { - "config": { - "type": "object", - "required": [ - "events" - ], - "properties": { - "events": { - "type": "object", - "properties": { - "categories": { - "type": "object", - "patternProperties": { - ".*": { - "type": [ - "string" - ], - "enum": [ - "Alerts", - "Activities", - "Changes", - "Others" - ] - } - } - } - } - } - } - } - } - } - } -} diff --git a/charts/stackstate/stackstate-k8s-agent/1.0.86/values.yaml b/charts/stackstate/stackstate-k8s-agent/1.0.86/values.yaml deleted file mode 100644 index 50f1c4228..000000000 --- a/charts/stackstate/stackstate-k8s-agent/1.0.86/values.yaml +++ /dev/null @@ -1,616 +0,0 @@ -##################### -# General variables # -##################### - -global: - extraEnv: - # global.extraEnv.open -- Extra open environment variables to inject into pods. - open: {} - # global.extraEnv.secret -- Extra secret environment variables to inject into pods via a `Secret` object. - secret: {} - # global.imagePullSecrets -- Secrets / credentials needed for container image registry. - imagePullSecrets: [] - # global.imagePullCredentials -- Globally define credentials for pulling images. - imagePullCredentials: {} - proxy: - # global.proxy.url -- Proxy for all traffic to stackstate - url: "" - # global.skipSslValidation -- Enable tls validation from client - skipSslValidation: false - - # global.extraLabels -- Extra labels added ta all resources created by the helm chart - extraLabels: {} - # global.extraAnnotations -- Extra annotations added ta all resources created by the helm chart - extraAnnotations: {} - -# nameOverride -- Override the name of the chart. -nameOverride: "" -# fullnameOverride -- Override the fullname of the chart. -fullnameOverride: "" - -# targetSystem -- Target OS for this deployment (possible values: linux) -targetSystem: "linux" - -all: - image: - # all.image.registry -- The image registry to use. - registry: "quay.io" - hardening: - # all.hardening.enabled -- An indication of whether the containers will be evaluated for hardening at runtime - enabled: false - -nodeAgent: - # nodeAgent.autoScalingEnabled -- Enable / disable autoscaling for the node agent pods. - autoScalingEnabled: false - containerRuntime: - # nodeAgent.containerRuntime.customSocketPath -- If the container socket path does not match the default for CRI-O, Containerd or Docker, supply a custom socket path. - customSocketPath: "" - # nodeAgent.containerRuntime.customHostProc -- If the container is launched from a place where /proc is mounted differently, /proc can be changed - hostProc: /proc - - scc: - # nodeAgent.scc.enabled -- Enable / disable the installation of the SecurityContextConfiguration needed for installation on OpenShift. - enabled: false - apm: - # nodeAgent.apm.enabled -- Enable / disable the nodeAgent APM module. - enabled: true - networkTracing: - # nodeAgent.networkTracing.enabled -- Enable / disable the nodeAgent network tracing module. - enabled: true - protocolInspection: - # nodeAgent.protocolInspection.enabled -- Enable / disable the nodeAgent protocol inspection. - enabled: true - httpTracing: - enabled: true - # nodeAgent.skipSslValidation -- Set to true if self signed certificates are used. - skipSslValidation: false - # nodeAgent.skipKubeletTLSVerify -- Set to true if you want to skip kubelet tls verification. - skipKubeletTLSVerify: false - - # nodeAgent.checksTagCardinality -- low, orchestrator or high. Orchestrator level adds pod_name, high adds display_container_name - checksTagCardinality: orchestrator - - # nodeAgent.config -- - config: - # nodeAgent.config.override -- A list of objects containing three keys `name`, `path` and `data`, specifying filenames at specific paths which need to be (potentially) overridden using a mounted configmap - override: [] - - # nodeAgent.priorityClassName -- Priority class for nodeAgent pods. - priorityClassName: "" - - scaling: - autoscalerLimits: - agent: - minimum: - # nodeAgent.scaling.autoscalerLimits.agent.minimum.cpu -- Minimum CPU resource limits for main agent. - cpu: "20m" - # nodeAgent.scaling.autoscalerLimits.agent.minimum.memory -- Minimum memory resource limits for main agent. - memory: "180Mi" - maximum: - # nodeAgent.scaling.autoscalerLimits.agent.maximum.cpu -- Maximum CPU resource limits for main agent. - cpu: "200m" - # nodeAgent.scaling.autoscalerLimits.agent.maximum.memory -- Maximum memory resource limits for main agent. - memory: "450Mi" - processAgent: - minimum: - # nodeAgent.scaling.autoscalerLimits.processAgent.minimum.cpu -- Minimum CPU resource limits for process agent. - cpu: "25m" - # nodeAgent.scaling.autoscalerLimits.processAgent.minimum.memory -- Minimum memory resource limits for process agent. - memory: "100Mi" - maximum: - # nodeAgent.scaling.autoscalerLimits.processAgent.maximum.cpu -- Maximum CPU resource limits for process agent. - cpu: "200m" - # nodeAgent.scaling.autoscalerLimits.processAgent.maximum.memory -- Maximum memory resource limits for process agent. - memory: "500Mi" - - containers: - agent: - image: - # nodeAgent.containers.agent.image.repository -- Base container image repository. - repository: stackstate/stackstate-k8s-agent - # nodeAgent.containers.agent.image.tag -- Default container image tag. - tag: "bdf94804" - # nodeAgent.containers.agent.image.pullPolicy -- Default container image pull policy. - pullPolicy: IfNotPresent - processAgent: - # nodeAgent.containers.agent.processAgent.enabled -- Enable / disable the agent process agent module. - deprecated - enabled: false - # nodeAgent.containers.agent.env -- Additional environment variables for the agent container - env: {} - # nodeAgent.containers.agent.logLevel -- Set logging verbosity, valid log levels are: trace, debug, info, warn, error, critical, and off - ## If not set, fall back to the value of agent.logLevel. - logLevel: # INFO - - resources: - limits: - # nodeAgent.containers.agent.resources.limits.cpu -- CPU resource limits. - cpu: "270m" - # nodeAgent.containers.agent.resources.limits.cpu -- Memory resource limits. - memory: "420Mi" - requests: - # nodeAgent.containers.agent.resources.requests.cpu -- CPU resource requests. - cpu: "20m" - # nodeAgent.containers.agent.resources.requests.cpu -- Memory resource requests. - memory: "180Mi" - livenessProbe: - # nodeAgent.containers.agent.livenessProbe.enabled -- Enable use of livenessProbe check. - enabled: true - # nodeAgent.containers.agent.livenessProbe.failureThreshold -- `failureThreshold` for the liveness probe. - failureThreshold: 3 - # nodeAgent.containers.agent.livenessProbe.initialDelaySeconds -- `initialDelaySeconds` for the liveness probe. - initialDelaySeconds: 15 - # nodeAgent.containers.agent.livenessProbe.periodSeconds -- `periodSeconds` for the liveness probe. - periodSeconds: 15 - # nodeAgent.containers.agent.livenessProbe.successThreshold -- `successThreshold` for the liveness probe. - successThreshold: 1 - # nodeAgent.containers.agent.livenessProbe.timeoutSeconds -- `timeoutSeconds` for the liveness probe. - timeoutSeconds: 5 - readinessProbe: - # nodeAgent.containers.agent.readinessProbe.enabled -- Enable use of readinessProbe check. - enabled: true - # nodeAgent.containers.agent.readinessProbe.failureThreshold -- `failureThreshold` for the readiness probe. - failureThreshold: 3 - # nodeAgent.containers.agent.readinessProbe.initialDelaySeconds -- `initialDelaySeconds` for the readiness probe. - initialDelaySeconds: 15 - # nodeAgent.containers.agent.readinessProbe.periodSeconds -- `periodSeconds` for the readiness probe. - periodSeconds: 15 - # nodeAgent.containers.agent.readinessProbe.successThreshold -- `successThreshold` for the readiness probe. - successThreshold: 1 - # nodeAgent.containers.agent.readinessProbe.timeoutSeconds -- `timeoutSeconds` for the readiness probe. - timeoutSeconds: 5 - - processAgent: - # nodeAgent.containers.processAgent.enabled -- Enable / disable the process agent container. - enabled: true - image: - # Override to pull the image from an alternate registry - registry: - # nodeAgent.containers.processAgent.image.repository -- Process-agent container image repository. - repository: stackstate/stackstate-k8s-process-agent - # nodeAgent.containers.processAgent.image.tag -- Default process-agent container image tag. - tag: "ae5d42d2" - # nodeAgent.containers.processAgent.image.pullPolicy -- Process-agent container image pull policy. - pullPolicy: IfNotPresent - # nodeAgent.containers.processAgent.env -- Additional environment variables for the process-agent container - env: {} - # nodeAgent.containers.processAgent.logLevel -- Set logging verbosity, valid log levels are: trace, debug, info, warn, error, critical, and off - ## If not set, fall back to the value of agent.logLevel. - logLevel: # INFO - - # nodeAgent.containers.processAgent.procVolumeReadOnly -- Configure whether /host/proc is read only for the process agent container - procVolumeReadOnly: true - - resources: - limits: - # nodeAgent.containers.processAgent.resources.limits.cpu -- CPU resource limits. - cpu: "125m" - # nodeAgent.containers.processAgent.resources.limits.cpu -- Memory resource limits. - memory: "400Mi" - requests: - # nodeAgent.containers.processAgent.resources.requests.cpu -- CPU resource requests. - cpu: "25m" - # nodeAgent.containers.processAgent.resources.requests.cpu -- Memory resource requests. - memory: "128Mi" - # nodeAgent.service -- The Kubernetes service for the agent - service: - # nodeAgent.service.type -- Type of Kubernetes service: ClusterIP, LoadBalancer, NodePort - type: ClusterIP - # nodeAgent.service.annotations -- Annotations for the service - annotations: {} - # nodeAgent.service.loadBalancerSourceRanges -- The IP4 CIDR allowed to reach LoadBalancer for the service. For LoadBalancer type of service only. - loadBalancerSourceRanges: ["10.0.0.0/8"] - - # nodeAgent.logLevel -- Logging level for agent processes. - logLevel: INFO - - # nodeAgent.updateStrategy -- The update strategy for the DaemonSet object. - updateStrategy: - type: RollingUpdate - rollingUpdate: - maxUnavailable: 100 - - # nodeAgent.nodeSelector -- Node labels for pod assignment. - nodeSelector: {} - - # nodeAgent.tolerations -- Toleration labels for pod assignment. - tolerations: [] - - # nodeAgent.affinity -- Affinity settings for pod assignment. - affinity: {} - - serviceaccount: - # nodeAgent.serviceaccount.annotations -- Annotations for the service account for the agent daemonset pods - annotations: {} - -processAgent: - softMemoryLimit: - # processAgent.softMemoryLimit.goMemLimit -- Soft-limit for golang heap allocation, for sanity, must be around 85% of nodeAgent.containers.processAgent.resources.limits.cpu. - goMemLimit: 340MiB - # processAgent.softMemoryLimit.httpStatsBufferSize -- Sets a maximum for the number of http stats to keep in memory between check runs, to use 40k requires around ~400Mib of memory. - httpStatsBufferSize: 40000 - # processAgent.softMemoryLimit.httpObservationsBufferSize -- Sets a maximum for the number of http observations to keep in memory between check runs, to use 40k requires around ~400Mib of memory. - httpObservationsBufferSize: 40000 - - checkIntervals: - # processAgent.checkIntervals.container -- Override the default value of the container check interval in seconds. - container: 28 - # processAgent.checkIntervals.connections -- Override the default value of the connections check interval in seconds. - connections: 30 - # processAgent.checkIntervals.process -- Override the default value of the process check interval in seconds. - process: 32 - -clusterAgent: - collection: - # clusterAgent.collection.kubernetesEvents -- Enable / disable the cluster agent events collection. - kubernetesEvents: true - # clusterAgent.collection.kubernetesMetrics -- Enable / disable the cluster agent metrics collection. - kubernetesMetrics: true - # clusterAgent.collection.kubernetesTimeout -- Default timeout (in seconds) when obtaining information from the Kubernetes API. - kubernetesTimeout: 10 - # clusterAgent.collection.kubernetesTopology -- Enable / disable the cluster agent topology collection. - kubernetesTopology: true - kubeStateMetrics: - # clusterAgent.collection.kubeStateMetrics.enabled -- Enable / disable the cluster agent kube-state-metrics collection. - enabled: true - # clusterAgent.collection.kubeStateMetrics.clusterCheck -- For large clusters where the Kubernetes State Metrics Check Core needs to be distributed on dedicated workers. - clusterCheck: false - # clusterAgent.collection.kubeStateMetrics.labelsAsTags -- Extra labels to collect from resources and to turn into StackState tag. - ## It has the following structure: - ## labelsAsTags: - ## : # can be pod, deployment, node, etc. - ## : # where is the kubernetes label and is the StackState tag - ## : - ## : - ## : - ## - ## Warning: the label must match the transformation done by kube-state-metrics, - ## for example tags.stackstate/version becomes tags_stackstate_version. - labelsAsTags: {} - # pod: - # app: app - # node: - # zone: zone - # team: team - - # clusterAgent.collection.kubeStateMetrics.annotationsAsTags -- Extra annotations to collect from resources and to turn into StackState tag. - - ## It has the following structure: - ## annotationsAsTags: - ## : # can be pod, deployment, node, etc. - ## : # where is the kubernetes annotation and is the StackState tag - ## : - ## : - ## : - ## - ## Warning: the annotation must match the transformation done by kube-state-metrics, - ## for example tags.stackstate/version becomes tags_stackstate_version. - annotationsAsTags: {} - kubernetesResources: - # clusterAgent.collection.kubernetesResources.limitranges -- Enable / disable collection of LimitRanges. - limitranges: true - # clusterAgent.collection.kubernetesResources.horizontalpodautoscalers -- Enable / disable collection of HorizontalPodAutoscalers. - horizontalpodautoscalers: true - # clusterAgent.collection.kubernetesResources.replicationcontrollers -- Enable / disable collection of ReplicationControllers. - replicationcontrollers: true - # clusterAgent.collection.kubernetesResources.poddisruptionbudgets -- Enable / disable collection of PodDisruptionBudgets. - poddisruptionbudgets: true - # clusterAgent.collection.kubernetesResources.storageclasses -- Enable / disable collection of StorageClasses. - storageclasses: true - # clusterAgent.collection.kubernetesResources.volumeattachments -- Enable / disable collection of Volume Attachments. Used to bind Nodes to Persistent Volumes. - volumeattachments: true - # clusterAgent.collection.kubernetesResources.namespaces -- Enable / disable collection of Namespaces. - namespaces: true - # clusterAgent.collection.kubernetesResources.configmaps -- Enable / disable collection of ConfigMaps. - configmaps: true - # clusterAgent.collection.kubernetesResources.endpoints -- Enable / disable collection of Endpoints. If endpoints are disabled then StackState won't be able to connect a Service to Pods that serving it - endpoints: true - # clusterAgent.collection.kubernetesResources.persistentvolumes -- Enable / disable collection of PersistentVolumes. - persistentvolumes: true - # clusterAgent.collection.kubernetesResources.persistentvolumeclaims -- Enable / disable collection of PersistentVolumeClaims. Disabling these will not let StackState connect PersistentVolumes to pods they are attached to - persistentvolumeclaims: true - # clusterAgent.collection.kubernetesResources.secrets -- Enable / disable collection of Secrets. - secrets: true - # clusterAgent.collection.kubernetesResources.daemonsets -- Enable / disable collection of DaemonSets. - daemonsets: true - # clusterAgent.collection.kubernetesResources.deployments -- Enable / disable collection of Deployments. - deployments: true - # clusterAgent.collection.kubernetesResources.replicasets -- Enable / disable collection of ReplicaSets. - replicasets: true - # clusterAgent.collection.kubernetesResources.statefulsets -- Enable / disable collection of StatefulSets. - statefulsets: true - # clusterAgent.collection.kubernetesResources.ingresses -- Enable / disable collection of Ingresses. - ingresses: true - # clusterAgent.collection.kubernetesResources.cronjobs -- Enable / disable collection of CronJobs. - cronjobs: true - # clusterAgent.collection.kubernetesResources.jobs -- Enable / disable collection of Jobs. - jobs: true - # clusterAgent.collection.kubernetesResources.resourcequotas -- Enable / disable collection of ResourceQuotas. - resourcequotas: true - - # clusterAgent.config -- - config: - events: - # clusterAgent.config.events.categories -- Custom mapping from Kubernetes event reason to StackState event category. Categories allowed: Alerts, Activities, Changes, Others - categories: {} - topology: - # clusterAgent.config.topology.collectionInterval -- Interval for running topology collection, in seconds - collectionInterval: 90 - configMap: - # clusterAgent.config.configMap.maxDataSize -- Maximum amount of characters for the data property of a ConfigMap collected by the kubernetes topology check - maxDataSize: - # clusterAgent.config.override -- A list of objects containing three keys `name`, `path` and `data`, specifying filenames at specific paths which need to be (potentially) overridden using a mounted configmap - override: [] - - service: - # clusterAgent.service.port -- Change the Cluster Agent service port - port: 5005 - # clusterAgent.service.targetPort -- Change the Cluster Agent service targetPort - targetPort: 5005 - - # clusterAgent.enabled -- Enable / disable the cluster agent. - enabled: true - - # clusterAgent.skipSslValidation -- If true, ignores the server certificate being signed by an unknown authority. - skipSslValidation: false - - image: - # clusterAgent.image.repository -- Base container image repository. - repository: stackstate/stackstate-k8s-cluster-agent - # clusterAgent.image.tag -- Default container image tag. - tag: "bdf94804" - # clusterAgent.image.pullPolicy -- Default container image pull policy. - pullPolicy: IfNotPresent - - livenessProbe: - # clusterAgent.livenessProbe.enabled -- Enable use of livenessProbe check. - enabled: true - # clusterAgent.livenessProbe.failureThreshold -- `failureThreshold` for the liveness probe. - failureThreshold: 3 - # clusterAgent.livenessProbe.initialDelaySeconds -- `initialDelaySeconds` for the liveness probe. - initialDelaySeconds: 15 - # clusterAgent.livenessProbe.periodSeconds -- `periodSeconds` for the liveness probe. - periodSeconds: 15 - # clusterAgent.livenessProbe.successThreshold -- `successThreshold` for the liveness probe. - successThreshold: 1 - # clusterAgent.livenessProbe.timeoutSeconds -- `timeoutSeconds` for the liveness probe. - timeoutSeconds: 5 - - # clusterAgent.logLevel -- Logging level for stackstate-k8s-agent processes. - logLevel: INFO - - # clusterAgent.priorityClassName -- Priority class for stackstate-k8s-agent pods. - priorityClassName: "" - - readinessProbe: - # clusterAgent.readinessProbe.enabled -- Enable use of readinessProbe check. - enabled: true - # clusterAgent.readinessProbe.failureThreshold -- `failureThreshold` for the readiness probe. - failureThreshold: 3 - # clusterAgent.readinessProbe.initialDelaySeconds -- `initialDelaySeconds` for the readiness probe. - initialDelaySeconds: 15 - # clusterAgent.readinessProbe.periodSeconds -- `periodSeconds` for the readiness probe. - periodSeconds: 15 - # clusterAgent.readinessProbe.successThreshold -- `successThreshold` for the readiness probe. - successThreshold: 1 - # clusterAgent.readinessProbe.timeoutSeconds -- `timeoutSeconds` for the readiness probe. - timeoutSeconds: 5 - - # clusterAgent.replicaCount -- Number of replicas of the cluster agent to deploy. - replicaCount: 1 - - serviceaccount: - # clusterAgent.serviceaccount.annotations -- Annotations for the service account for the cluster agent pods - annotations: {} - - # clusterAgent.strategy -- The strategy for the Deployment object. - strategy: - type: RollingUpdate - # rollingUpdate: - # maxUnavailable: 1 - - resources: - limits: - # clusterAgent.resources.limits.cpu -- CPU resource limits. - cpu: "400m" - # clusterAgent.resources.limits.memory -- Memory resource limits. - memory: "800Mi" - requests: - # clusterAgent.resources.requests.cpu -- CPU resource requests. - cpu: "70m" - # clusterAgent.resources.requests.memory -- Memory resource requests. - memory: "512Mi" - - # clusterAgent.nodeSelector -- Node labels for pod assignment. - nodeSelector: {} - - # clusterAgent.tolerations -- Toleration labels for pod assignment. - tolerations: [] - - # clusterAgent.affinity -- Affinity settings for pod assignment. - affinity: {} - -openShiftLogging: - # openShiftLogging.installSecret -- Install a secret for logging on openshift - installSecret: false - -logsAgent: - # logsAgent.enabled -- Enable / disable k8s pod log collection - enabled: true - - # logsAgent.skipSslValidation -- If true, ignores the server certificate being signed by an unknown authority. - skipSslValidation: false - - # logsAgent.priorityClassName -- Priority class for logsAgent pods. - priorityClassName: "" - - image: - # logsAgent.image.repository -- Base container image repository. - repository: stackstate/promtail - # logsAgent.image.tag -- Default container image tag. - tag: 2.9.8-5b179aee - # logsAgent.image.pullPolicy -- Default container image pull policy. - pullPolicy: IfNotPresent - - resources: - limits: - # logsAgent.resources.limits.cpu -- CPU resource limits. - cpu: "1300m" - # logsAgent.resources.limits.cpu -- Memory resource limits. - memory: "192Mi" - requests: - # logsAgent.resources.requests.cpu -- CPU resource requests. - cpu: "20m" - # logsAgent.resources.requests.cpu -- Memory resource requests. - memory: "100Mi" - - # logsAgent.updateStrategy -- The update strategy for the DaemonSet object. - updateStrategy: - type: RollingUpdate - rollingUpdate: - maxUnavailable: 100 - - # logsAgent.nodeSelector -- Node labels for pod assignment. - nodeSelector: {} - - # logsAgent.tolerations -- Toleration labels for pod assignment. - tolerations: [] - - # logsAgent.affinity -- Affinity settings for pod assignment. - affinity: {} - - serviceaccount: - # logsAgent.serviceaccount.annotations -- Annotations for the service account for the daemonset pods - annotations: {} - -checksAgent: - # checksAgent.enabled -- Enable / disable runnning cluster checks in a separately deployed pod - enabled: true - scc: - # checksAgent.scc.enabled -- Enable / disable the installation of the SecurityContextConfiguration needed for installation on OpenShift - enabled: false - apm: - # checksAgent.apm.enabled -- Enable / disable the agent APM module. - enabled: true - networkTracing: - # checksAgent.networkTracing.enabled -- Enable / disable the agent network tracing module. - enabled: true - processAgent: - # checksAgent.processAgent.enabled -- Enable / disable the agent process agent module. - enabled: true - # checksAgent.skipSslValidation -- Set to true if self signed certificates are used. - skipSslValidation: false - - # nodeAgent.checksTagCardinality -- low, orchestrator or high. Orchestrator level adds pod_name, high adds display_container_name - checksTagCardinality: orchestrator - - # checksAgent.config -- - config: - # checksAgent.config.override -- A list of objects containing three keys `name`, `path` and `data`, specifying filenames at specific paths which need to be (potentially) overridden using a mounted configmap - override: [] - - image: - # checksAgent.image.repository -- Base container image repository. - repository: stackstate/stackstate-k8s-agent - # checksAgent.image.tag -- Default container image tag. - tag: "bdf94804" - # checksAgent.image.pullPolicy -- Default container image pull policy. - pullPolicy: IfNotPresent - - livenessProbe: - # checksAgent.livenessProbe.enabled -- Enable use of livenessProbe check. - enabled: true - # checksAgent.livenessProbe.failureThreshold -- `failureThreshold` for the liveness probe. - failureThreshold: 3 - # checksAgent.livenessProbe.initialDelaySeconds -- `initialDelaySeconds` for the liveness probe. - initialDelaySeconds: 15 - # checksAgent.livenessProbe.periodSeconds -- `periodSeconds` for the liveness probe. - periodSeconds: 15 - # checksAgent.livenessProbe.successThreshold -- `successThreshold` for the liveness probe. - successThreshold: 1 - # checksAgent.livenessProbe.timeoutSeconds -- `timeoutSeconds` for the liveness probe. - timeoutSeconds: 5 - - # checksAgent.logLevel -- Logging level for clusterchecks agent processes. - logLevel: INFO - - # checksAgent.priorityClassName -- Priority class for clusterchecks agent pods. - priorityClassName: "" - - readinessProbe: - # checksAgent.readinessProbe.enabled -- Enable use of readinessProbe check. - enabled: true - # checksAgent.readinessProbe.failureThreshold -- `failureThreshold` for the readiness probe. - failureThreshold: 3 - # checksAgent.readinessProbe.initialDelaySeconds -- `initialDelaySeconds` for the readiness probe. - initialDelaySeconds: 15 - # checksAgent.readinessProbe.periodSeconds -- `periodSeconds` for the readiness probe. - periodSeconds: 15 - # checksAgent.readinessProbe.successThreshold -- `successThreshold` for the readiness probe. - successThreshold: 1 - # checksAgent.readinessProbe.timeoutSeconds -- `timeoutSeconds` for the readiness probe. - timeoutSeconds: 5 - - # checksAgent.replicas -- Number of clusterchecks agent pods to schedule - replicas: 1 - - resources: - limits: - # checksAgent.resources.limits.cpu -- CPU resource limits. - cpu: "400m" - # checksAgent.resources.limits.cpu -- Memory resource limits. - memory: "600Mi" - requests: - # checksAgent.resources.requests.cpu -- CPU resource requests. - cpu: "20m" - # checksAgent.resources.requests.cpu -- Memory resource requests. - memory: "512Mi" - - serviceaccount: - # checksAgent.serviceaccount.annotations -- Annotations for the service account for the cluster checks pods - annotations: {} - - # checksAgent.strategy -- The strategy for the Deployment object. - strategy: - type: RollingUpdate - # rollingUpdate: - # maxUnavailable: 1 - - # checksAgent.nodeSelector -- Node labels for pod assignment. - nodeSelector: {} - - # checksAgent.tolerations -- Toleration labels for pod assignment. - tolerations: [] - - # checksAgent.affinity -- Affinity settings for pod assignment. - affinity: {} - -################################## -# http-header-injector variables # -################################## - -httpHeaderInjectorWebhook: - # httpHeaderInjectorWebhook.enabled -- Enable the webhook for injection http header injection sidecar proxy - enabled: false - -######################## -# StackState variables # -######################## - -stackstate: - # stackstate.manageOwnSecrets -- Set to true if you don't want this helm chart to create secrets for you. - manageOwnSecrets: false - # stackstate.customSecretName -- Name of the secret containing the receiver API key. - customSecretName: "" - # stackstate.customApiKeySecretKey -- Key in the secret containing the receiver API key. - customApiKeySecretKey: "sts-api-key" - # stackstate.customClusterAuthTokenSecretKey -- Key in the secret containing the cluster auth token. - customClusterAuthTokenSecretKey: "sts-cluster-auth-token" - # stackstate.apiKey -- (string) **PROVIDE YOUR API KEY HERE** API key to be used by the StackState agent. - apiKey: - cluster: - # stackstate.cluster.name -- (string) **PROVIDE KUBERNETES CLUSTER NAME HERE** Name of the Kubernetes cluster where the agent will be installed. - name: - # stackstate.cluster.authToken -- Provide a token to enable secure communication between the agent and the cluster agent. - authToken: "" - # stackstate.url -- (string) **PROVIDE STACKSTATE URL HERE** URL of the StackState installation to receive data from the agent. - url: diff --git a/charts/stackstate/stackstate-k8s-agent/1.0.87/.helmignore b/charts/stackstate/stackstate-k8s-agent/1.0.87/.helmignore deleted file mode 100644 index 15a5c1277..000000000 --- a/charts/stackstate/stackstate-k8s-agent/1.0.87/.helmignore +++ /dev/null @@ -1,26 +0,0 @@ -# Patterns to ignore when building packages. -# This supports shell glob matching, relative path matching, and -# negation (prefixed with !). Only one pattern per line. -.DS_Store -# Common VCS dirs -.git/ -.gitignore -.bzr/ -.bzrignore -.hg/ -.hgignore -.svn/ -# Common backup files -*.swp -*.bak -*.tmp -*~ -# Various IDEs -.project -.idea/ -*.tmproj -.vscode/ -linter_values.yaml -ci/ -installation/ -logo.svg diff --git a/charts/stackstate/stackstate-k8s-agent/1.0.87/Chart.lock b/charts/stackstate/stackstate-k8s-agent/1.0.87/Chart.lock deleted file mode 100644 index a8df83f13..000000000 --- a/charts/stackstate/stackstate-k8s-agent/1.0.87/Chart.lock +++ /dev/null @@ -1,6 +0,0 @@ -dependencies: -- name: http-header-injector - repository: https://helm.stackstate.io - version: 0.0.11 -digest: sha256:ae5ad7c3176f89b71aabef7cd75f99394750f4fffb9905b86fb45c345595c24c -generated: "2024-05-30T13:30:45.346757+02:00" diff --git a/charts/stackstate/stackstate-k8s-agent/1.0.87/Chart.yaml b/charts/stackstate/stackstate-k8s-agent/1.0.87/Chart.yaml deleted file mode 100644 index 599556552..000000000 --- a/charts/stackstate/stackstate-k8s-agent/1.0.87/Chart.yaml +++ /dev/null @@ -1,25 +0,0 @@ -annotations: - catalog.cattle.io/certified: partner - catalog.cattle.io/display-name: StackState Agent - catalog.cattle.io/kube-version: '>=1.19.0-0' - catalog.cattle.io/release-name: stackstate-k8s-agent -apiVersion: v2 -appVersion: 3.0.0 -dependencies: -- alias: httpHeaderInjectorWebhook - name: http-header-injector - repository: file://./charts/http-header-injector - version: 0.0.11 -deprecated: true -description: Helm chart for the StackState Agent. -home: https://github.com/StackVista/stackstate-agent -icon: https://raw.githubusercontent.com/StackVista/helm-charts/master/stable/stackstate-k8s-agent/logo.svg -keywords: -- monitoring -- observability -- stackstate -maintainers: -- email: ops@stackstate.com - name: Stackstate -name: stackstate-k8s-agent -version: 1.0.87 diff --git a/charts/stackstate/stackstate-k8s-agent/1.0.87/README.md b/charts/stackstate/stackstate-k8s-agent/1.0.87/README.md deleted file mode 100644 index a508d8c47..000000000 --- a/charts/stackstate/stackstate-k8s-agent/1.0.87/README.md +++ /dev/null @@ -1,263 +0,0 @@ -# stackstate-k8s-agent - -Helm chart for the StackState Agent. - -Current chart version is `1.0.87` - -**Homepage:** - -## Requirements - -| Repository | Name | Version | -|------------|------|---------| -| https://helm.stackstate.io | httpHeaderInjectorWebhook(http-header-injector) | 0.0.11 | - -## Required Values - -In order to successfully install this chart, you **must** provide the following variables: - -* `stackstate.apiKey` -* `stackstate.cluster.name` -* `stackstate.url` - -The parameter `stackstate.cluster.name` is entered when installing the Cluster Agent StackPack. - -Install them on the command line on Helm with the following command: - -```shell -helm install \ ---set-string 'stackstate.apiKey'='' \ ---set-string 'stackstate.cluster.name'='' \ ---set-string 'stackstate.url'='' \ -stackstate/stackstate-k8s-agent -``` - -## Recommended Values - -It is also recommended that you set a value for `stackstate.cluster.authToken`. If it is not provided, a value will be generated for you, but the value will change each time an upgrade is performed. - -The command for **also** installing with a set token would be: - -```shell -helm install \ ---set-string 'stackstate.apiKey'='' \ ---set-string 'stackstate.cluster.name'='' \ ---set-string 'stackstate.cluster.authToken'='' \ ---set-string 'stackstate.url'='' \ -stackstate/stackstate-k8s-agent -``` - -## Values - -| Key | Type | Default | Description | -|-----|------|---------|-------------| -| all.hardening.enabled | bool | `false` | An indication of whether the containers will be evaluated for hardening at runtime | -| all.image.registry | string | `"quay.io"` | The image registry to use. | -| checksAgent.affinity | object | `{}` | Affinity settings for pod assignment. | -| checksAgent.apm.enabled | bool | `true` | Enable / disable the agent APM module. | -| checksAgent.checksTagCardinality | string | `"orchestrator"` | | -| checksAgent.config | object | `{"override":[]}` | | -| checksAgent.config.override | list | `[]` | A list of objects containing three keys `name`, `path` and `data`, specifying filenames at specific paths which need to be (potentially) overridden using a mounted configmap | -| checksAgent.enabled | bool | `true` | Enable / disable runnning cluster checks in a separately deployed pod | -| checksAgent.image.pullPolicy | string | `"IfNotPresent"` | Default container image pull policy. | -| checksAgent.image.repository | string | `"stackstate/stackstate-k8s-agent"` | Base container image repository. | -| checksAgent.image.tag | string | `"4f42573a"` | Default container image tag. | -| checksAgent.livenessProbe.enabled | bool | `true` | Enable use of livenessProbe check. | -| checksAgent.livenessProbe.failureThreshold | int | `3` | `failureThreshold` for the liveness probe. | -| checksAgent.livenessProbe.initialDelaySeconds | int | `15` | `initialDelaySeconds` for the liveness probe. | -| checksAgent.livenessProbe.periodSeconds | int | `15` | `periodSeconds` for the liveness probe. | -| checksAgent.livenessProbe.successThreshold | int | `1` | `successThreshold` for the liveness probe. | -| checksAgent.livenessProbe.timeoutSeconds | int | `5` | `timeoutSeconds` for the liveness probe. | -| checksAgent.logLevel | string | `"INFO"` | Logging level for clusterchecks agent processes. | -| checksAgent.networkTracing.enabled | bool | `true` | Enable / disable the agent network tracing module. | -| checksAgent.nodeSelector | object | `{}` | Node labels for pod assignment. | -| checksAgent.priorityClassName | string | `""` | Priority class for clusterchecks agent pods. | -| checksAgent.processAgent.enabled | bool | `true` | Enable / disable the agent process agent module. | -| checksAgent.readinessProbe.enabled | bool | `true` | Enable use of readinessProbe check. | -| checksAgent.readinessProbe.failureThreshold | int | `3` | `failureThreshold` for the readiness probe. | -| checksAgent.readinessProbe.initialDelaySeconds | int | `15` | `initialDelaySeconds` for the readiness probe. | -| checksAgent.readinessProbe.periodSeconds | int | `15` | `periodSeconds` for the readiness probe. | -| checksAgent.readinessProbe.successThreshold | int | `1` | `successThreshold` for the readiness probe. | -| checksAgent.readinessProbe.timeoutSeconds | int | `5` | `timeoutSeconds` for the readiness probe. | -| checksAgent.replicas | int | `1` | Number of clusterchecks agent pods to schedule | -| checksAgent.resources.limits.cpu | string | `"400m"` | Memory resource limits. | -| checksAgent.resources.limits.memory | string | `"600Mi"` | | -| checksAgent.resources.requests.cpu | string | `"20m"` | Memory resource requests. | -| checksAgent.resources.requests.memory | string | `"512Mi"` | | -| checksAgent.scc.enabled | bool | `false` | Enable / disable the installation of the SecurityContextConfiguration needed for installation on OpenShift | -| checksAgent.serviceaccount.annotations | object | `{}` | Annotations for the service account for the cluster checks pods | -| checksAgent.skipSslValidation | bool | `false` | Set to true if self signed certificates are used. | -| checksAgent.strategy | object | `{"type":"RollingUpdate"}` | The strategy for the Deployment object. | -| checksAgent.tolerations | list | `[]` | Toleration labels for pod assignment. | -| clusterAgent.affinity | object | `{}` | Affinity settings for pod assignment. | -| clusterAgent.collection.kubeStateMetrics.annotationsAsTags | object | `{}` | Extra annotations to collect from resources and to turn into StackState tag. | -| clusterAgent.collection.kubeStateMetrics.clusterCheck | bool | `false` | For large clusters where the Kubernetes State Metrics Check Core needs to be distributed on dedicated workers. | -| clusterAgent.collection.kubeStateMetrics.enabled | bool | `true` | Enable / disable the cluster agent kube-state-metrics collection. | -| clusterAgent.collection.kubeStateMetrics.labelsAsTags | object | `{}` | Extra labels to collect from resources and to turn into StackState tag. # It has the following structure: # labelsAsTags: # : # can be pod, deployment, node, etc. # : # where is the kubernetes label and is the StackState tag # : # : # : # # Warning: the label must match the transformation done by kube-state-metrics, # for example tags.stackstate/version becomes tags_stackstate_version. | -| clusterAgent.collection.kubernetesEvents | bool | `true` | Enable / disable the cluster agent events collection. | -| clusterAgent.collection.kubernetesMetrics | bool | `true` | Enable / disable the cluster agent metrics collection. | -| clusterAgent.collection.kubernetesResources.configmaps | bool | `true` | Enable / disable collection of ConfigMaps. | -| clusterAgent.collection.kubernetesResources.cronjobs | bool | `true` | Enable / disable collection of CronJobs. | -| clusterAgent.collection.kubernetesResources.daemonsets | bool | `true` | Enable / disable collection of DaemonSets. | -| clusterAgent.collection.kubernetesResources.deployments | bool | `true` | Enable / disable collection of Deployments. | -| clusterAgent.collection.kubernetesResources.endpoints | bool | `true` | Enable / disable collection of Endpoints. If endpoints are disabled then StackState won't be able to connect a Service to Pods that serving it | -| clusterAgent.collection.kubernetesResources.horizontalpodautoscalers | bool | `true` | Enable / disable collection of HorizontalPodAutoscalers. | -| clusterAgent.collection.kubernetesResources.ingresses | bool | `true` | Enable / disable collection of Ingresses. | -| clusterAgent.collection.kubernetesResources.jobs | bool | `true` | Enable / disable collection of Jobs. | -| clusterAgent.collection.kubernetesResources.limitranges | bool | `true` | Enable / disable collection of LimitRanges. | -| clusterAgent.collection.kubernetesResources.namespaces | bool | `true` | Enable / disable collection of Namespaces. | -| clusterAgent.collection.kubernetesResources.persistentvolumeclaims | bool | `true` | Enable / disable collection of PersistentVolumeClaims. Disabling these will not let StackState connect PersistentVolumes to pods they are attached to | -| clusterAgent.collection.kubernetesResources.persistentvolumes | bool | `true` | Enable / disable collection of PersistentVolumes. | -| clusterAgent.collection.kubernetesResources.poddisruptionbudgets | bool | `true` | Enable / disable collection of PodDisruptionBudgets. | -| clusterAgent.collection.kubernetesResources.replicasets | bool | `true` | Enable / disable collection of ReplicaSets. | -| clusterAgent.collection.kubernetesResources.replicationcontrollers | bool | `true` | Enable / disable collection of ReplicationControllers. | -| clusterAgent.collection.kubernetesResources.resourcequotas | bool | `true` | Enable / disable collection of ResourceQuotas. | -| clusterAgent.collection.kubernetesResources.secrets | bool | `true` | Enable / disable collection of Secrets. | -| clusterAgent.collection.kubernetesResources.statefulsets | bool | `true` | Enable / disable collection of StatefulSets. | -| clusterAgent.collection.kubernetesResources.storageclasses | bool | `true` | Enable / disable collection of StorageClasses. | -| clusterAgent.collection.kubernetesResources.volumeattachments | bool | `true` | Enable / disable collection of Volume Attachments. Used to bind Nodes to Persistent Volumes. | -| clusterAgent.collection.kubernetesTimeout | int | `10` | Default timeout (in seconds) when obtaining information from the Kubernetes API. | -| clusterAgent.collection.kubernetesTopology | bool | `true` | Enable / disable the cluster agent topology collection. | -| clusterAgent.config | object | `{"configMap":{"maxDataSize":null},"events":{"categories":{}},"override":[],"topology":{"collectionInterval":90}}` | | -| clusterAgent.config.configMap.maxDataSize | string | `nil` | Maximum amount of characters for the data property of a ConfigMap collected by the kubernetes topology check | -| clusterAgent.config.events.categories | object | `{}` | Custom mapping from Kubernetes event reason to StackState event category. Categories allowed: Alerts, Activities, Changes, Others | -| clusterAgent.config.override | list | `[]` | A list of objects containing three keys `name`, `path` and `data`, specifying filenames at specific paths which need to be (potentially) overridden using a mounted configmap | -| clusterAgent.config.topology.collectionInterval | int | `90` | Interval for running topology collection, in seconds | -| clusterAgent.enabled | bool | `true` | Enable / disable the cluster agent. | -| clusterAgent.image.pullPolicy | string | `"IfNotPresent"` | Default container image pull policy. | -| clusterAgent.image.repository | string | `"stackstate/stackstate-k8s-cluster-agent"` | Base container image repository. | -| clusterAgent.image.tag | string | `"4f42573a"` | Default container image tag. | -| clusterAgent.livenessProbe.enabled | bool | `true` | Enable use of livenessProbe check. | -| clusterAgent.livenessProbe.failureThreshold | int | `3` | `failureThreshold` for the liveness probe. | -| clusterAgent.livenessProbe.initialDelaySeconds | int | `15` | `initialDelaySeconds` for the liveness probe. | -| clusterAgent.livenessProbe.periodSeconds | int | `15` | `periodSeconds` for the liveness probe. | -| clusterAgent.livenessProbe.successThreshold | int | `1` | `successThreshold` for the liveness probe. | -| clusterAgent.livenessProbe.timeoutSeconds | int | `5` | `timeoutSeconds` for the liveness probe. | -| clusterAgent.logLevel | string | `"INFO"` | Logging level for stackstate-k8s-agent processes. | -| clusterAgent.nodeSelector | object | `{}` | Node labels for pod assignment. | -| clusterAgent.priorityClassName | string | `""` | Priority class for stackstate-k8s-agent pods. | -| clusterAgent.readinessProbe.enabled | bool | `true` | Enable use of readinessProbe check. | -| clusterAgent.readinessProbe.failureThreshold | int | `3` | `failureThreshold` for the readiness probe. | -| clusterAgent.readinessProbe.initialDelaySeconds | int | `15` | `initialDelaySeconds` for the readiness probe. | -| clusterAgent.readinessProbe.periodSeconds | int | `15` | `periodSeconds` for the readiness probe. | -| clusterAgent.readinessProbe.successThreshold | int | `1` | `successThreshold` for the readiness probe. | -| clusterAgent.readinessProbe.timeoutSeconds | int | `5` | `timeoutSeconds` for the readiness probe. | -| clusterAgent.replicaCount | int | `1` | Number of replicas of the cluster agent to deploy. | -| clusterAgent.resources.limits.cpu | string | `"400m"` | CPU resource limits. | -| clusterAgent.resources.limits.memory | string | `"800Mi"` | Memory resource limits. | -| clusterAgent.resources.requests.cpu | string | `"70m"` | CPU resource requests. | -| clusterAgent.resources.requests.memory | string | `"512Mi"` | Memory resource requests. | -| clusterAgent.service.port | int | `5005` | Change the Cluster Agent service port | -| clusterAgent.service.targetPort | int | `5005` | Change the Cluster Agent service targetPort | -| clusterAgent.serviceaccount.annotations | object | `{}` | Annotations for the service account for the cluster agent pods | -| clusterAgent.skipSslValidation | bool | `false` | If true, ignores the server certificate being signed by an unknown authority. | -| clusterAgent.strategy | object | `{"type":"RollingUpdate"}` | The strategy for the Deployment object. | -| clusterAgent.tolerations | list | `[]` | Toleration labels for pod assignment. | -| fullnameOverride | string | `""` | Override the fullname of the chart. | -| global.extraAnnotations | object | `{}` | Extra annotations added ta all resources created by the helm chart | -| global.extraEnv.open | object | `{}` | Extra open environment variables to inject into pods. | -| global.extraEnv.secret | object | `{}` | Extra secret environment variables to inject into pods via a `Secret` object. | -| global.extraLabels | object | `{}` | Extra labels added ta all resources created by the helm chart | -| global.imagePullCredentials | object | `{}` | Globally define credentials for pulling images. | -| global.imagePullSecrets | list | `[]` | Secrets / credentials needed for container image registry. | -| global.proxy.url | string | `""` | Proxy for all traffic to stackstate | -| global.skipSslValidation | bool | `false` | Enable tls validation from client | -| httpHeaderInjectorWebhook.enabled | bool | `false` | Enable the webhook for injection http header injection sidecar proxy | -| logsAgent.affinity | object | `{}` | Affinity settings for pod assignment. | -| logsAgent.enabled | bool | `true` | Enable / disable k8s pod log collection | -| logsAgent.image.pullPolicy | string | `"IfNotPresent"` | Default container image pull policy. | -| logsAgent.image.repository | string | `"stackstate/promtail"` | Base container image repository. | -| logsAgent.image.tag | string | `"2.9.8-5b179aee"` | Default container image tag. | -| logsAgent.nodeSelector | object | `{}` | Node labels for pod assignment. | -| logsAgent.priorityClassName | string | `""` | Priority class for logsAgent pods. | -| logsAgent.resources.limits.cpu | string | `"1300m"` | Memory resource limits. | -| logsAgent.resources.limits.memory | string | `"192Mi"` | | -| logsAgent.resources.requests.cpu | string | `"20m"` | Memory resource requests. | -| logsAgent.resources.requests.memory | string | `"100Mi"` | | -| logsAgent.serviceaccount.annotations | object | `{}` | Annotations for the service account for the daemonset pods | -| logsAgent.skipSslValidation | bool | `false` | If true, ignores the server certificate being signed by an unknown authority. | -| logsAgent.tolerations | list | `[]` | Toleration labels for pod assignment. | -| logsAgent.updateStrategy | object | `{"rollingUpdate":{"maxUnavailable":100},"type":"RollingUpdate"}` | The update strategy for the DaemonSet object. | -| nameOverride | string | `""` | Override the name of the chart. | -| nodeAgent.affinity | object | `{}` | Affinity settings for pod assignment. | -| nodeAgent.apm.enabled | bool | `true` | Enable / disable the nodeAgent APM module. | -| nodeAgent.autoScalingEnabled | bool | `false` | Enable / disable autoscaling for the node agent pods. | -| nodeAgent.checksTagCardinality | string | `"orchestrator"` | low, orchestrator or high. Orchestrator level adds pod_name, high adds display_container_name | -| nodeAgent.config | object | `{"override":[]}` | | -| nodeAgent.config.override | list | `[]` | A list of objects containing three keys `name`, `path` and `data`, specifying filenames at specific paths which need to be (potentially) overridden using a mounted configmap | -| nodeAgent.containerRuntime.customSocketPath | string | `""` | If the container socket path does not match the default for CRI-O, Containerd or Docker, supply a custom socket path. | -| nodeAgent.containerRuntime.hostProc | string | `"/proc"` | | -| nodeAgent.containers.agent.env | object | `{}` | Additional environment variables for the agent container | -| nodeAgent.containers.agent.image.pullPolicy | string | `"IfNotPresent"` | Default container image pull policy. | -| nodeAgent.containers.agent.image.repository | string | `"stackstate/stackstate-k8s-agent"` | Base container image repository. | -| nodeAgent.containers.agent.image.tag | string | `"4f42573a"` | Default container image tag. | -| nodeAgent.containers.agent.livenessProbe.enabled | bool | `true` | Enable use of livenessProbe check. | -| nodeAgent.containers.agent.livenessProbe.failureThreshold | int | `3` | `failureThreshold` for the liveness probe. | -| nodeAgent.containers.agent.livenessProbe.initialDelaySeconds | int | `15` | `initialDelaySeconds` for the liveness probe. | -| nodeAgent.containers.agent.livenessProbe.periodSeconds | int | `15` | `periodSeconds` for the liveness probe. | -| nodeAgent.containers.agent.livenessProbe.successThreshold | int | `1` | `successThreshold` for the liveness probe. | -| nodeAgent.containers.agent.livenessProbe.timeoutSeconds | int | `5` | `timeoutSeconds` for the liveness probe. | -| nodeAgent.containers.agent.logLevel | string | `nil` | Set logging verbosity, valid log levels are: trace, debug, info, warn, error, critical, and off # If not set, fall back to the value of agent.logLevel. | -| nodeAgent.containers.agent.processAgent.enabled | bool | `false` | Enable / disable the agent process agent module. - deprecated | -| nodeAgent.containers.agent.readinessProbe.enabled | bool | `true` | Enable use of readinessProbe check. | -| nodeAgent.containers.agent.readinessProbe.failureThreshold | int | `3` | `failureThreshold` for the readiness probe. | -| nodeAgent.containers.agent.readinessProbe.initialDelaySeconds | int | `15` | `initialDelaySeconds` for the readiness probe. | -| nodeAgent.containers.agent.readinessProbe.periodSeconds | int | `15` | `periodSeconds` for the readiness probe. | -| nodeAgent.containers.agent.readinessProbe.successThreshold | int | `1` | `successThreshold` for the readiness probe. | -| nodeAgent.containers.agent.readinessProbe.timeoutSeconds | int | `5` | `timeoutSeconds` for the readiness probe. | -| nodeAgent.containers.agent.resources.limits.cpu | string | `"270m"` | Memory resource limits. | -| nodeAgent.containers.agent.resources.limits.memory | string | `"420Mi"` | | -| nodeAgent.containers.agent.resources.requests.cpu | string | `"20m"` | Memory resource requests. | -| nodeAgent.containers.agent.resources.requests.memory | string | `"180Mi"` | | -| nodeAgent.containers.processAgent.enabled | bool | `true` | Enable / disable the process agent container. | -| nodeAgent.containers.processAgent.env | object | `{}` | Additional environment variables for the process-agent container | -| nodeAgent.containers.processAgent.image.pullPolicy | string | `"IfNotPresent"` | Process-agent container image pull policy. | -| nodeAgent.containers.processAgent.image.registry | string | `nil` | | -| nodeAgent.containers.processAgent.image.repository | string | `"stackstate/stackstate-k8s-process-agent"` | Process-agent container image repository. | -| nodeAgent.containers.processAgent.image.tag | string | `"ae5d42d2"` | Default process-agent container image tag. | -| nodeAgent.containers.processAgent.logLevel | string | `nil` | Set logging verbosity, valid log levels are: trace, debug, info, warn, error, critical, and off # If not set, fall back to the value of agent.logLevel. | -| nodeAgent.containers.processAgent.procVolumeReadOnly | bool | `true` | Configure whether /host/proc is read only for the process agent container | -| nodeAgent.containers.processAgent.resources.limits.cpu | string | `"125m"` | Memory resource limits. | -| nodeAgent.containers.processAgent.resources.limits.memory | string | `"400Mi"` | | -| nodeAgent.containers.processAgent.resources.requests.cpu | string | `"25m"` | Memory resource requests. | -| nodeAgent.containers.processAgent.resources.requests.memory | string | `"128Mi"` | | -| nodeAgent.httpTracing.enabled | bool | `true` | | -| nodeAgent.logLevel | string | `"INFO"` | Logging level for agent processes. | -| nodeAgent.networkTracing.enabled | bool | `true` | Enable / disable the nodeAgent network tracing module. | -| nodeAgent.nodeSelector | object | `{}` | Node labels for pod assignment. | -| nodeAgent.priorityClassName | string | `""` | Priority class for nodeAgent pods. | -| nodeAgent.protocolInspection.enabled | bool | `true` | Enable / disable the nodeAgent protocol inspection. | -| nodeAgent.scaling.autoscalerLimits.agent.maximum.cpu | string | `"200m"` | Maximum CPU resource limits for main agent. | -| nodeAgent.scaling.autoscalerLimits.agent.maximum.memory | string | `"450Mi"` | Maximum memory resource limits for main agent. | -| nodeAgent.scaling.autoscalerLimits.agent.minimum.cpu | string | `"20m"` | Minimum CPU resource limits for main agent. | -| nodeAgent.scaling.autoscalerLimits.agent.minimum.memory | string | `"180Mi"` | Minimum memory resource limits for main agent. | -| nodeAgent.scaling.autoscalerLimits.processAgent.maximum.cpu | string | `"200m"` | Maximum CPU resource limits for process agent. | -| nodeAgent.scaling.autoscalerLimits.processAgent.maximum.memory | string | `"500Mi"` | Maximum memory resource limits for process agent. | -| nodeAgent.scaling.autoscalerLimits.processAgent.minimum.cpu | string | `"25m"` | Minimum CPU resource limits for process agent. | -| nodeAgent.scaling.autoscalerLimits.processAgent.minimum.memory | string | `"100Mi"` | Minimum memory resource limits for process agent. | -| nodeAgent.scc.enabled | bool | `false` | Enable / disable the installation of the SecurityContextConfiguration needed for installation on OpenShift. | -| nodeAgent.service | object | `{"annotations":{},"loadBalancerSourceRanges":["10.0.0.0/8"],"type":"ClusterIP"}` | The Kubernetes service for the agent | -| nodeAgent.service.annotations | object | `{}` | Annotations for the service | -| nodeAgent.service.loadBalancerSourceRanges | list | `["10.0.0.0/8"]` | The IP4 CIDR allowed to reach LoadBalancer for the service. For LoadBalancer type of service only. | -| nodeAgent.service.type | string | `"ClusterIP"` | Type of Kubernetes service: ClusterIP, LoadBalancer, NodePort | -| nodeAgent.serviceaccount.annotations | object | `{}` | Annotations for the service account for the agent daemonset pods | -| nodeAgent.skipKubeletTLSVerify | bool | `false` | Set to true if you want to skip kubelet tls verification. | -| nodeAgent.skipSslValidation | bool | `false` | Set to true if self signed certificates are used. | -| nodeAgent.tolerations | list | `[]` | Toleration labels for pod assignment. | -| nodeAgent.updateStrategy | object | `{"rollingUpdate":{"maxUnavailable":100},"type":"RollingUpdate"}` | The update strategy for the DaemonSet object. | -| openShiftLogging.installSecret | bool | `false` | Install a secret for logging on openshift | -| processAgent.checkIntervals.connections | int | `30` | Override the default value of the connections check interval in seconds. | -| processAgent.checkIntervals.container | int | `28` | Override the default value of the container check interval in seconds. | -| processAgent.checkIntervals.process | int | `32` | Override the default value of the process check interval in seconds. | -| processAgent.softMemoryLimit.goMemLimit | string | `"340MiB"` | Soft-limit for golang heap allocation, for sanity, must be around 85% of nodeAgent.containers.processAgent.resources.limits.cpu. | -| processAgent.softMemoryLimit.httpObservationsBufferSize | int | `40000` | Sets a maximum for the number of http observations to keep in memory between check runs, to use 40k requires around ~400Mib of memory. | -| processAgent.softMemoryLimit.httpStatsBufferSize | int | `40000` | Sets a maximum for the number of http stats to keep in memory between check runs, to use 40k requires around ~400Mib of memory. | -| stackstate.apiKey | string | `nil` | **PROVIDE YOUR API KEY HERE** API key to be used by the StackState agent. | -| stackstate.cluster.authToken | string | `""` | Provide a token to enable secure communication between the agent and the cluster agent. | -| stackstate.cluster.name | string | `nil` | **PROVIDE KUBERNETES CLUSTER NAME HERE** Name of the Kubernetes cluster where the agent will be installed. | -| stackstate.customApiKeySecretKey | string | `"sts-api-key"` | Key in the secret containing the receiver API key. | -| stackstate.customClusterAuthTokenSecretKey | string | `"sts-cluster-auth-token"` | Key in the secret containing the cluster auth token. | -| stackstate.customSecretName | string | `""` | Name of the secret containing the receiver API key. | -| stackstate.manageOwnSecrets | bool | `false` | Set to true if you don't want this helm chart to create secrets for you. | -| stackstate.url | string | `nil` | **PROVIDE STACKSTATE URL HERE** URL of the StackState installation to receive data from the agent. | -| targetSystem | string | `"linux"` | Target OS for this deployment (possible values: linux) | diff --git a/charts/stackstate/stackstate-k8s-agent/1.0.87/README.md.gotmpl b/charts/stackstate/stackstate-k8s-agent/1.0.87/README.md.gotmpl deleted file mode 100644 index 7909e6f0d..000000000 --- a/charts/stackstate/stackstate-k8s-agent/1.0.87/README.md.gotmpl +++ /dev/null @@ -1,45 +0,0 @@ -{{ template "chart.header" . }} -{{ template "chart.description" . }} - -Current chart version is `{{ template "chart.version" . }}` - -{{ template "chart.homepageLine" . }} - -{{ template "chart.requirementsSection" . }} - -## Required Values - -In order to successfully install this chart, you **must** provide the following variables: - -* `stackstate.apiKey` -* `stackstate.cluster.name` -* `stackstate.url` - -The parameter `stackstate.cluster.name` is entered when installing the Cluster Agent StackPack. - -Install them on the command line on Helm with the following command: - -```shell -helm install \ ---set-string 'stackstate.apiKey'='' \ ---set-string 'stackstate.cluster.name'='' \ ---set-string 'stackstate.url'='' \ -stackstate/stackstate-k8s-agent -``` - -## Recommended Values - -It is also recommended that you set a value for `stackstate.cluster.authToken`. If it is not provided, a value will be generated for you, but the value will change each time an upgrade is performed. - -The command for **also** installing with a set token would be: - -```shell -helm install \ ---set-string 'stackstate.apiKey'='' \ ---set-string 'stackstate.cluster.name'='' \ ---set-string 'stackstate.cluster.authToken'='' \ ---set-string 'stackstate.url'='' \ -stackstate/stackstate-k8s-agent -``` - -{{ template "chart.valuesSection" . }} diff --git a/charts/stackstate/stackstate-k8s-agent/1.0.87/Releasing.md b/charts/stackstate/stackstate-k8s-agent/1.0.87/Releasing.md deleted file mode 100644 index bab6c2b94..000000000 --- a/charts/stackstate/stackstate-k8s-agent/1.0.87/Releasing.md +++ /dev/null @@ -1,15 +0,0 @@ -To make a new release of this helm chart, follow the following steps: - - -- Create a branch from master -- Set the latest tags for the docker images, based on the dev settings (while we do not promote to prod, the moment we promote to prod we should take those tags) from https://gitlab.com/stackvista/devops/agent-promoter/-/blob/master/config.yml. Set the value to the folowing keys: - * stackstate-k8s-cluster-agent: - * [clusterAgent.image.tag] - * stackstate-k8s-agent: - * [nodeAgent.containers.agent.image.tag] - * [checksAgent.image.tag] - * stackstate-k8s-process-agent: - * [nodeAgent.containers.processAgent.image.tag] -- Bump the version of the chart -- Merge the mr and hit the public release button on the ci pipeline -- Manually smoke-test (deploy) the newly released stackstate/stackstate-k8s-agent chart to make sure it runs diff --git a/charts/stackstate/stackstate-k8s-agent/1.0.87/app-readme.md b/charts/stackstate/stackstate-k8s-agent/1.0.87/app-readme.md deleted file mode 100644 index 8025fe1d3..000000000 --- a/charts/stackstate/stackstate-k8s-agent/1.0.87/app-readme.md +++ /dev/null @@ -1,5 +0,0 @@ -## Introduction - -StackState is a modern Application Troubleshooting and Observability solution designed for the rapid evolving engineering landscape. With specific enhancements for Kubernetes environments it empowers engineers, allowing them to remediate application issues independently in production. - -The StackState Agent auto-discovers your entire environment in minutes, assimilating topology, logs, metrics, and events and sends this of to the StackState server. By using StackState you're able to tracke all activity in your environment in real-time and over time. StackState provides instant understanding of the business impact of an issue, offering end-to-end chain observability and ensuring that you can quickly correlate any product or environmental changes to the overall health of your cloud-native implementation. diff --git a/charts/stackstate/stackstate-k8s-agent/1.0.87/charts/http-header-injector/.helmignore b/charts/stackstate/stackstate-k8s-agent/1.0.87/charts/http-header-injector/.helmignore deleted file mode 100644 index 69790771c..000000000 --- a/charts/stackstate/stackstate-k8s-agent/1.0.87/charts/http-header-injector/.helmignore +++ /dev/null @@ -1,25 +0,0 @@ -# Patterns to ignore when building packages. -# This supports shell glob matching, relative path matching, and -# negation (prefixed with !). Only one pattern per line. -.DS_Store -# Common VCS dirs -.git/ -.gitignore -.bzr/ -.bzrignore -.hg/ -.hgignore -.svn/ -# Common backup files -*.swp -*.bak -*.tmp -*~ -# Various IDEs -.project -.idea/ -*.tmproj -.vscode/ -linter_values.yaml -ci/ -installation/ diff --git a/charts/stackstate/stackstate-k8s-agent/1.0.87/charts/http-header-injector/Chart.yaml b/charts/stackstate/stackstate-k8s-agent/1.0.87/charts/http-header-injector/Chart.yaml deleted file mode 100644 index ff28ae8da..000000000 --- a/charts/stackstate/stackstate-k8s-agent/1.0.87/charts/http-header-injector/Chart.yaml +++ /dev/null @@ -1,15 +0,0 @@ -apiVersion: v2 -appVersion: 0.0.1 -description: 'Helm chart for deploying the http-header-injector sidecar, which automatically - injects x-request-id into http traffic going through the cluster for pods which - have the annotation `http-header-injector.stackstate.io/inject: enabled` is set. ' -home: https://github.com/StackVista/http-header-injector -icon: https://www.stackstate.com/wp-content/uploads/2019/02/152x152-favicon.png -keywords: -- monitoring -- stackstate -maintainers: -- email: ops@stackstate.com - name: Stackstate Lupulus Team -name: http-header-injector -version: 0.0.11 diff --git a/charts/stackstate/stackstate-k8s-agent/1.0.87/charts/http-header-injector/README.md b/charts/stackstate/stackstate-k8s-agent/1.0.87/charts/http-header-injector/README.md deleted file mode 100644 index 840ff5240..000000000 --- a/charts/stackstate/stackstate-k8s-agent/1.0.87/charts/http-header-injector/README.md +++ /dev/null @@ -1,56 +0,0 @@ -# http-header-injector - -![Version: 0.0.11](https://img.shields.io/badge/Version-0.0.11-informational?style=flat-square) ![AppVersion: 0.0.1](https://img.shields.io/badge/AppVersion-0.0.1-informational?style=flat-square) - -Helm chart for deploying the http-header-injector sidecar, which automatically injects x-request-id into http traffic -going through the cluster for pods which have the annotation `http-header-injector.stackstate.io/inject: enabled` is set. - -**Homepage:** - -## Maintainers - -| Name | Email | Url | -| ---- | ------ | --- | -| Stackstate Lupulus Team | | | - -## Values - -| Key | Type | Default | Description | -|-----|------|---------|-------------| -| certificatePrehook | object | `{"image":{"pullPolicy":"IfNotPresent","registry":null,"repository":"stackstate/container-tools","tag":"1.4.0"},"resources":{"limits":{"cpu":"100m","memory":"200Mi"},"requests":{"cpu":"100m","memory":"200Mi"}}}` | Helm prehook to setup/remove a certificate for the sidecarInjector mutationwebhook | -| certificatePrehook.image.pullPolicy | string | `"IfNotPresent"` | Policy when pulling an image | -| certificatePrehook.image.registry | string | `nil` | Registry for the docker image. | -| certificatePrehook.image.tag | string | `"1.4.0"` | The tag for the docker image | -| debug | bool | `false` | Enable debugging. This will leave leave artifacts around like the prehook jobs for further inspection | -| enabled | bool | `true` | Enable/disable the mutationwebhook | -| global.extraAnnotations | object | `{}` | Extra annotations added ta all resources created by the helm chart | -| global.extraLabels | object | `{}` | Extra labels added ta all resources created by the helm chart | -| global.imagePullCredentials | object | `{}` | Globally define credentials for pulling images. | -| global.imagePullSecrets | list | `[]` | Globally add image pull secrets that are used. | -| global.imageRegistry | string | `nil` | Globally override the image registry that is used. Can be overridden by specific containers. Defaults to quay.io | -| images.pullSecretName | string | `nil` | | -| proxy | object | `{"image":{"pullPolicy":"IfNotPresent","registry":null,"repository":"stackstate/http-header-injector-proxy","tag":"sha-5ff79451"},"resources":{"limits":{"memory":"40Mi"},"requests":{"memory":"25Mi"}}}` | Proxy being injected into pods for rewriting http headers | -| proxy.image.pullPolicy | string | `"IfNotPresent"` | Policy when pulling an image | -| proxy.image.registry | string | `nil` | Registry for the docker image. | -| proxy.image.tag | string | `"sha-5ff79451"` | The tag for the docker image | -| proxy.resources.limits.memory | string | `"40Mi"` | Memory resource limits. | -| proxy.resources.requests.memory | string | `"25Mi"` | Memory resource requests. | -| proxyInit | object | `{"image":{"pullPolicy":"IfNotPresent","registry":null,"repository":"stackstate/http-header-injector-proxy-init","tag":"sha-5ff79451"}}` | InitContainer within pod which redirects traffic to the proxy container. | -| proxyInit.image.pullPolicy | string | `"IfNotPresent"` | Policy when pulling an image | -| proxyInit.image.registry | string | `nil` | Registry for the docker image | -| proxyInit.image.tag | string | `"sha-5ff79451"` | The tag for the docker image | -| sidecarInjector | object | `{"image":{"pullPolicy":"IfNotPresent","registry":null,"repository":"stackstate/generic-sidecar-injector","tag":"sha-9c852245"}}` | Service for injecting the proxy sidecar into pods | -| sidecarInjector.image.pullPolicy | string | `"IfNotPresent"` | Policy when pulling an image | -| sidecarInjector.image.registry | string | `nil` | Registry for the docker image. | -| sidecarInjector.image.tag | string | `"sha-9c852245"` | The tag for the docker image | -| webhook | object | `{"failurePolicy":"Ignore","tls":{"certManager":{"issuer":"","issuerKind":"ClusterIssuer","issuerNamespace":""},"mode":"generated","provided":{"caBundle":"","crt":"","key":""},"secret":{"name":""}}}` | MutationWebhook that will be installed to inject a sidecar into pods | -| webhook.failurePolicy | string | `"Ignore"` | How should the webhook fail? Best is to use Ignore, because there is a brief moment at initialization when the hook s there but the service not. Also, putting this to fail can cause the control plane be unresponsive. | -| webhook.tls.certManager.issuer | string | `""` | The issuer that is used for the webhook. Only used if you set webhook.tls.mode to "cert-manager". | -| webhook.tls.certManager.issuerKind | string | `"ClusterIssuer"` | The issuer kind that is used for the webhook, valid values are "Issuer" or "ClusterIssuer". Only used if you set webhook.tls.mode to "cert-manager". | -| webhook.tls.certManager.issuerNamespace | string | `""` | The namespace the cert-manager issuer is located in. If left empty defaults to the release's namespace that is used for the webhook. Only used if you set webhook.tls.mode to "cert-manager". | -| webhook.tls.mode | string | `"generated"` | The mode for the webhook. Can be "provided", "generated", "secret" or "cert-manager". If you want to use cert-manager, you need to install it first. NOTE: If you choose "generated", additional privileges are required to create the certificate and webhook at runtime. | -| webhook.tls.provided.caBundle | string | `""` | The caBundle that is used for the webhook. This is the certificate that is used to sign the webhook. Only used if you set webhook.tls.mode to "provided". | -| webhook.tls.provided.crt | string | `""` | The certificate that is used for the webhook. Only used if you set webhook.tls.mode to "provided". | -| webhook.tls.provided.key | string | `""` | The key that is used for the webhook. Only used if you set webhook.tls.mode to "provided". | -| webhook.tls.secret.name | string | `""` | The name of the secret containing the pre-provisioned certificate data that is used for the webhook. Only used if you set webhook.tls.mode to "secret". | - diff --git a/charts/stackstate/stackstate-k8s-agent/1.0.87/charts/http-header-injector/Readme.md.gotpl b/charts/stackstate/stackstate-k8s-agent/1.0.87/charts/http-header-injector/Readme.md.gotpl deleted file mode 100644 index 225032aa2..000000000 --- a/charts/stackstate/stackstate-k8s-agent/1.0.87/charts/http-header-injector/Readme.md.gotpl +++ /dev/null @@ -1,26 +0,0 @@ -{{ template "chart.header" . }} -{{ template "chart.description" . }} - -Current chart version is `{{ template "chart.version" . }}` - -{{ template "chart.homepageLine" . }} - -{{ template "chart.requirementsSection" . }} - -## Required Values - -No values have to be included to install this chart. After installing this chart, it becomes possible to annotate pods with -the `http-header-injector.stackstate.io/inject: enabled` annotation to make sure the sidecar provided by this chart is -activated on a pod. - -## Recommended Values - -{{ template "chart.valuesSection" . -}} - -## Install - -Install from the command line on Helm with the following command: - -```shell -helm install stackstate/http-header-injector -``` diff --git a/charts/stackstate/stackstate-k8s-agent/1.0.87/charts/http-header-injector/templates/_defines.tpl b/charts/stackstate/stackstate-k8s-agent/1.0.87/charts/http-header-injector/templates/_defines.tpl deleted file mode 100644 index ee6b7320e..000000000 --- a/charts/stackstate/stackstate-k8s-agent/1.0.87/charts/http-header-injector/templates/_defines.tpl +++ /dev/null @@ -1,131 +0,0 @@ -{{- define "http-header-injector.app.name" -}} -{{ .Release.Name }}-http-header-injector -{{- end -}} - -{{- define "http-header-injector.webhook-service.name" -}} -{{ .Release.Name }}-http-header-injector -{{- end -}} - -{{- define "http-header-injector.webhook-service.fqname" -}} -{{ .Release.Name }}-http-header-injector.{{ .Release.Namespace }}.svc -{{- end -}} - -{{- define "http-header-injector.cert-secret.name" -}} -{{- if eq .Values.webhook.tls.mode "secret" -}} -{{ .Values.webhook.tls.secret.name }} -{{- else -}} -{{ .Release.Name }}-http-injector-cert -{{- end -}} -{{- end -}} - -{{- define "http-header-injector.cert-clusterrole.name" -}} -{{ .Release.Name }}-http-injector-cert-cluster-role -{{- end -}} - -{{- define "http-header-injector.cert-serviceaccount.name" -}} -{{ .Release.Name }}-http-injector-cert-sa -{{- end -}} - -{{- define "http-header-injector.cert-config.name" -}} -{{ .Release.Name }}-cert-config -{{- end -}} - -{{- define "http-header-injector.mutatingwebhookconfiguration.name" -}} -{{ .Release.Name }}-http-header-injector-webhook.stackstate.io -{{- end -}} - -{{- define "http-header-injector.webhook-config.name" -}} -{{ .Release.Name }}-http-header-injector-config -{{- end -}} - -{{- define "http-header-injector.mutating-webhook.name" -}} -{{ .Release.Name }}-http-header-injector-webhook -{{- end -}} - -{{- define "http-header-injector.pull-secret.name" -}} -{{ include "http-header-injector.app.name" . }}-pull-secret -{{- end -}} - -{{/* If the issuer is located in a different namespace, it is possible to set that, else default to the release namespace */}} -{{- define "cert-manager.certificate.namespace" -}} -{{ .Values.webhook.tls.certManager.issuerNamespace | default .Release.Namespace }} -{{- end -}} - -{{- define "http-header-injector.image.registry.global" -}} - {{- if .Values.global }} - {{- .Values.global.imageRegistry | default "quay.io" -}} - {{- else -}} - quay.io - {{- end -}} -{{- end -}} - -{{- define "http-header-injector.image.registry" -}} - {{- if ((.ContainerConfig).image).registry -}} - {{- tpl .ContainerConfig.image.registry . -}} - {{- else -}} - {{- include "http-header-injector.image.registry.global" . }} - {{- end -}} -{{- end -}} - -{{- define "http-header-injector.image.pullSecrets" -}} - {{- $pullSecrets := list }} - {{- $pullSecrets = append $pullSecrets (include "http-header-injector.pull-secret.name" .) }} - {{- range .Values.global.imagePullSecrets -}} - {{- $pullSecrets = append $pullSecrets . -}} - {{- end -}} - {{- if (not (empty $pullSecrets)) -}} -imagePullSecrets: - {{- range $pullSecrets | uniq }} - - name: {{ . }} - {{- end }} - {{- end -}} -{{- end -}} - -{{- define "http-header-injector.cert-setup.container.main" }} -{{- $containerConfig := dict "ContainerConfig" .Values.certificatePrehook -}} -name: webhook-cert-setup -image: "{{ include "http-header-injector.image.registry" (merge $containerConfig .) }}/{{ .Values.certificatePrehook.image.repository }}:{{ .Values.certificatePrehook.image.tag }}" -imagePullPolicy: {{ .Values.certificatePrehook.image.pullPolicy }} -{{- with .Values.certificatePrehook.resources }} -resources: - {{- toYaml . | nindent 2 }} -{{- end }} -volumeMounts: - - name: "{{ include "http-header-injector.cert-config.name" . }}" - mountPath: /scripts - readOnly: true -command: ["/scripts/generate-cert.sh"] -{{- end }} - -{{- define "http-header-injector.cert-delete.container.main" }} -{{- $containerConfig := dict "ContainerConfig" .Values.certificatePrehook -}} -name: webhook-cert-delete -image: "{{ include "http-header-injector.image.registry" (merge $containerConfig .) }}/{{ .Values.certificatePrehook.image.repository }}:{{ .Values.certificatePrehook.image.tag }}" -imagePullPolicy: {{ .Values.certificatePrehook.image.pullPolicy }} -{{- with .Values.certificatePrehook.resources }} -resources: - {{- toYaml . | nindent 2 }} -{{- end }} -volumeMounts: - - name: "{{ include "http-header-injector.cert-config.name" . }}" - mountPath: /scripts -command: [ "/scripts/delete-cert.sh" ] -{{- end }} - -{{/* -Returns a YAML with extra annotations. -*/}} -{{- define "http-header-injector.global.extraAnnotations" -}} -{{- with .Values.global.extraAnnotations }} -{{- toYaml . }} -{{- end }} -{{- end -}} - -{{/* -Returns a YAML with extra labels. -*/}} -{{- define "http-header-injector.global.extraLabels" -}} -{{- with .Values.global.extraLabels }} -{{- toYaml . }} -{{- end }} -{{- end -}} \ No newline at end of file diff --git a/charts/stackstate/stackstate-k8s-agent/1.0.87/charts/http-header-injector/templates/cert-hook-clusterrolbinding.yaml b/charts/stackstate/stackstate-k8s-agent/1.0.87/charts/http-header-injector/templates/cert-hook-clusterrolbinding.yaml deleted file mode 100644 index fc0c01258..000000000 --- a/charts/stackstate/stackstate-k8s-agent/1.0.87/charts/http-header-injector/templates/cert-hook-clusterrolbinding.yaml +++ /dev/null @@ -1,24 +0,0 @@ -{{- if eq .Values.webhook.tls.mode "generated" }} -apiVersion: rbac.authorization.k8s.io/v1 -kind: ClusterRoleBinding -metadata: - name: "{{ include "http-header-injector.cert-serviceaccount.name" . }}" - labels: - app.kubernetes.io/component: http-header-injector-cert-hook - app.kubernetes.io/instance: {{ .Release.Name }} - app.kubernetes.io/name: {{ include "http-header-injector.app.name" . }} -{{ include "http-header-injector.global.extraLabels" . | indent 4 }} - annotations: - "helm.sh/hook": pre-install,pre-upgrade,post-delete,post-upgrade - "helm.sh/hook-weight": "-3" - "helm.sh/hook-delete-policy": before-hook-creation,hook-succeeded -{{ include "http-header-injector.global.extraAnnotations" . | indent 4 }} -roleRef: - apiGroup: rbac.authorization.k8s.io - kind: ClusterRole - name: "{{ include "http-header-injector.cert-clusterrole.name" . }}" -subjects: - - kind: ServiceAccount - name: "{{ include "http-header-injector.cert-serviceaccount.name" . }}" - namespace: {{ .Release.Namespace }} -{{- end }} diff --git a/charts/stackstate/stackstate-k8s-agent/1.0.87/charts/http-header-injector/templates/cert-hook-clusterrole.yaml b/charts/stackstate/stackstate-k8s-agent/1.0.87/charts/http-header-injector/templates/cert-hook-clusterrole.yaml deleted file mode 100644 index afab838b3..000000000 --- a/charts/stackstate/stackstate-k8s-agent/1.0.87/charts/http-header-injector/templates/cert-hook-clusterrole.yaml +++ /dev/null @@ -1,26 +0,0 @@ -{{- if eq .Values.webhook.tls.mode "generated" }} -apiVersion: rbac.authorization.k8s.io/v1 -kind: ClusterRole -metadata: - name: "{{ include "http-header-injector.cert-clusterrole.name" . }}" - labels: - app.kubernetes.io/component: http-header-injector-cert-hook - app.kubernetes.io/instance: {{ .Release.Name }} - app.kubernetes.io/name: {{ include "http-header-injector.app.name" . }} -{{ include "http-header-injector.global.extraLabels" . | indent 4 }} - annotations: - "helm.sh/hook": pre-install,pre-upgrade,post-delete,post-upgrade - "helm.sh/hook-weight": "-4" - "helm.sh/hook-delete-policy": before-hook-creation,hook-succeeded -{{ include "http-header-injector.global.extraAnnotations" . | indent 4 }} -rules: - - apiGroups: [ "admissionregistration.k8s.io" ] - resources: [ "mutatingwebhookconfigurations" ] - verbs: [ "get", "create", "patch","update","delete" ] - - apiGroups: [ "" ] - resources: [ "secrets" ] - verbs: [ "create", "get", "patch","update","delete" ] - - apiGroups: [ "apps" ] - resources: [ "deployments" ] - verbs: [ "get" ] -{{- end }} diff --git a/charts/stackstate/stackstate-k8s-agent/1.0.87/charts/http-header-injector/templates/cert-hook-config.yaml b/charts/stackstate/stackstate-k8s-agent/1.0.87/charts/http-header-injector/templates/cert-hook-config.yaml deleted file mode 100644 index a22bdf4fb..000000000 --- a/charts/stackstate/stackstate-k8s-agent/1.0.87/charts/http-header-injector/templates/cert-hook-config.yaml +++ /dev/null @@ -1,158 +0,0 @@ -{{- if eq .Values.webhook.tls.mode "generated" }} -apiVersion: v1 -kind: ConfigMap -metadata: - name: "{{ include "http-header-injector.cert-config.name" . }}" - labels: - app.kubernetes.io/component: http-header-injector-cert-hook - app.kubernetes.io/instance: {{ .Release.Name }} - app.kubernetes.io/name: {{ include "http-header-injector.app.name" . }} -{{ include "http-header-injector.global.extraLabels" . | indent 4 }} - annotations: - "helm.sh/hook": pre-install,pre-upgrade,post-delete,post-upgrade - "helm.sh/hook-weight": "-3" - "helm.sh/hook-delete-policy": before-hook-creation,hook-succeeded -{{ include "http-header-injector.global.extraAnnotations" . | indent 4 }} -data: - generate-cert.sh: | - #!/bin/bash - - # We are going for a self-signed certificate here. We would like to use k8s CertificateSigningRequest, however, - # currently there are no out of the box signers that can sign a 'server auth' certificate, which is required for mutation webhooks. - set -ex - - SCRIPTDIR="${BASH_SOURCE%/*}" - - DIR=`mktemp -d` - - cd "$DIR" - - {{ if .Values.enabled }} - echo "Chart enabled, creating secret and webhook" - - openssl genrsa -out ca.key 2048 - - openssl req -x509 -new -nodes -key ca.key -subj "/CN={{ include "http-header-injector.webhook-service.fqname" . }}" -days 10000 -out ca.crt - - openssl genrsa -out tls.key 2048 - - openssl req -new -key tls.key -out tls.csr -config "$SCRIPTDIR/csr.conf" - - openssl x509 -req -in tls.csr -CA ca.crt -CAkey ca.key \ - -CAcreateserial -out tls.crt -days 10000 \ - -extensions v3_ext -extfile "$SCRIPTDIR/csr.conf" -sha256 - - # Create or update the secret - echo "Applying secret" - kubectl create secret tls "{{ include "http-header-injector.cert-secret.name" . }}" \ - -n "{{ .Release.Namespace }}" \ - --cert=./tls.crt \ - --key=./tls.key \ - --dry-run=client \ - -o yaml | kubectl apply -f - - - echo "Applying mutationwebhook" - caBundle=`base64 -w 0 ca.crt` - cat "$SCRIPTDIR/mutatingwebhookconfiguration.yaml" | sed "s/\\\$CA_BUNDLE/$caBundle/g" | kubectl apply -f - - {{ else }} - echo "Chart disabled, not creating secret and webhook" - {{ end }} - delete-cert.sh: | - #!/bin/bash - - set -x - - DIR="${BASH_SOURCE%/*}" - if [[ ! -d "$DIR" ]]; then DIR="$PWD"; fi - if [[ "$DIR" = "." ]]; then DIR="$PWD"; fi - - cd "$DIR" - - # Using detection of deployment hee to also make this work in post-delete. - if kubectl get deployments "{{ include "http-header-injector.app.name" . }}" -n "{{ .Release.Namespace }}"; then - echo "Chart enabled, not removing secret and mutationwebhook" - exit 0 - else - echo "Chart disabled, removing secret and mutationwebhook" - fi - - # Create or update the secret - echo "Deleting secret" - kubectl delete secret "{{ include "http-header-injector.cert-secret.name" . }}" -n "{{ .Release.Namespace }}" - - echo "Applying mutationwebhook" - kubectl delete MutatingWebhookConfiguration "{{ include "http-header-injector.mutating-webhook.name" . }}" -n "{{ .Release.Namespace }}" - - exit 0 - - csr.conf: | - [ req ] - default_bits = 2048 - prompt = no - default_md = sha256 - req_extensions = req_ext - distinguished_name = dn - - [ dn ] - C = NL - ST = Utrecht - L = Hilversum - O = StackState - OU = Dev - CN = {{ include "http-header-injector.webhook-service.fqname" . }} - - [ req_ext ] - subjectAltName = @alt_names - - [ alt_names ] - DNS.1 = {{ include "http-header-injector.webhook-service.fqname" . }} - - [ v3_ext ] - authorityKeyIdentifier=keyid,issuer:always - basicConstraints=CA:FALSE - keyUsage=keyEncipherment,dataEncipherment - extendedKeyUsage=serverAuth - subjectAltName=@alt_names - - mutatingwebhookconfiguration.yaml: | - apiVersion: admissionregistration.k8s.io/v1 - kind: MutatingWebhookConfiguration - metadata: - name: "{{ include "http-header-injector.mutating-webhook.name" . }}" - namespace: "{{ .Release.Namespace }}" - labels: -{{ include "http-header-injector.global.extraLabels" . | indent 8 }} - annotations: -{{ include "http-header-injector.global.extraAnnotations" . | indent 8 }} - webhooks: - - clientConfig: - caBundle: "$CA_BUNDLE" - service: - name: "{{ include "http-header-injector.webhook-service.name" . }}" - path: /mutate - namespace: {{ .Release.Namespace }} - port: 8443 - # Putting failure on ignore, not doing so can crash the entire control plane if something goes wrong with the service. - failurePolicy: "{{ .Values.webhook.failurePolicy }}" - name: "{{ include "http-header-injector.mutatingwebhookconfiguration.name" . }}" - namespaceSelector: - matchExpressions: - - key: kubernetes.io/metadata.name - operator: NotIn - values: - - kube-system - - cert-manager - - {{ .Release.Namespace }} - rules: - - apiGroups: - - "" - apiVersions: - - v1 - operations: - - CREATE - resources: - - pods - sideEffects: None - admissionReviewVersions: - - v1 -{{- end }} diff --git a/charts/stackstate/stackstate-k8s-agent/1.0.87/charts/http-header-injector/templates/cert-hook-job-delete.yaml b/charts/stackstate/stackstate-k8s-agent/1.0.87/charts/http-header-injector/templates/cert-hook-job-delete.yaml deleted file mode 100644 index 6f72ce247..000000000 --- a/charts/stackstate/stackstate-k8s-agent/1.0.87/charts/http-header-injector/templates/cert-hook-job-delete.yaml +++ /dev/null @@ -1,39 +0,0 @@ -{{- if eq .Values.webhook.tls.mode "generated" }} -apiVersion: batch/v1 -kind: Job -metadata: - name: {{ .Release.Name }}-header-injector-cert-delete - labels: - app.kubernetes.io/component: http-header-injector-cert-hook-delete - app.kubernetes.io/instance: {{ .Release.Name }} - app.kubernetes.io/name: {{ include "http-header-injector.app.name" . }} -{{ include "http-header-injector.global.extraLabels" . | indent 4 }} - annotations: - "helm.sh/hook": post-delete,post-upgrade - "helm.sh/hook-weight": "-2" - "helm.sh/hook-delete-policy": before-hook-creation{{- if not .Values.debug -}},hook-succeeded{{- end }} -{{ include "http-header-injector.global.extraAnnotations" . | indent 4 }} -spec: - template: - metadata: - labels: - app.kubernetes.io/component: http-header-injector-delete - app.kubernetes.io/instance: {{ .Release.Name }} - app.kubernetes.io/name: {{ include "http-header-injector.app.name" . }} -{{ include "http-header-injector.global.extraLabels" . | indent 8 }} - annotations: - checksum/config: {{ include (print $.Template.BasePath "/cert-hook-config.yaml") . | sha256sum }} -{{ include "http-header-injector.global.extraAnnotations" . | indent 8 }} - spec: - serviceAccountName: "{{ include "http-header-injector.cert-serviceaccount.name" . }}" - {{- include "http-header-injector.image.pullSecrets" . | nindent 6 }} - volumes: - - name: "{{ include "http-header-injector.cert-config.name" . }}" - configMap: - name: "{{ include "http-header-injector.cert-config.name" . }}" - defaultMode: 0777 - containers: - - {{ include "http-header-injector.cert-delete.container.main" . | nindent 8 }} - restartPolicy: Never - backoffLimit: 0 -{{- end }} diff --git a/charts/stackstate/stackstate-k8s-agent/1.0.87/charts/http-header-injector/templates/cert-hook-job-setup.yaml b/charts/stackstate/stackstate-k8s-agent/1.0.87/charts/http-header-injector/templates/cert-hook-job-setup.yaml deleted file mode 100644 index cc1c89631..000000000 --- a/charts/stackstate/stackstate-k8s-agent/1.0.87/charts/http-header-injector/templates/cert-hook-job-setup.yaml +++ /dev/null @@ -1,39 +0,0 @@ -{{- if eq .Values.webhook.tls.mode "generated" }} -apiVersion: batch/v1 -kind: Job -metadata: - name: {{ .Release.Name }}-header-injector-cert-setup - labels: - app.kubernetes.io/component: http-header-injector-cert-hook-setup - app.kubernetes.io/instance: {{ .Release.Name }} - app.kubernetes.io/name: {{ include "http-header-injector.app.name" . }} -{{ include "http-header-injector.global.extraLabels" . | indent 4 }} - annotations: - "helm.sh/hook": pre-install,pre-upgrade - "helm.sh/hook-weight": "-2" - "helm.sh/hook-delete-policy": before-hook-creation{{- if not .Values.debug -}},hook-succeeded{{- end }} -{{ include "http-header-injector.global.extraAnnotations" . | indent 4 }} -spec: - template: - metadata: - labels: - app.kubernetes.io/component: http-header-injector-setup - app.kubernetes.io/instance: {{ .Release.Name }} - app.kubernetes.io/name: {{ include "http-header-injector.app.name" . }} -{{ include "http-header-injector.global.extraLabels" . | indent 8 }} - annotations: - checksum/config: {{ include (print $.Template.BasePath "/cert-hook-config.yaml") . | sha256sum }} -{{ include "http-header-injector.global.extraAnnotations" . | indent 8 }} - spec: - serviceAccountName: "{{ include "http-header-injector.cert-serviceaccount.name" . }}" - {{- include "http-header-injector.image.pullSecrets" . | nindent 6 }} - volumes: - - name: "{{ include "http-header-injector.cert-config.name" . }}" - configMap: - name: "{{ include "http-header-injector.cert-config.name" . }}" - defaultMode: 0777 - containers: - - {{ include "http-header-injector.cert-setup.container.main" . | nindent 8 }} - restartPolicy: Never - backoffLimit: 0 -{{- end }} diff --git a/charts/stackstate/stackstate-k8s-agent/1.0.87/charts/http-header-injector/templates/cert-hook-serviceaccount.yaml b/charts/stackstate/stackstate-k8s-agent/1.0.87/charts/http-header-injector/templates/cert-hook-serviceaccount.yaml deleted file mode 100644 index 29b26df95..000000000 --- a/charts/stackstate/stackstate-k8s-agent/1.0.87/charts/http-header-injector/templates/cert-hook-serviceaccount.yaml +++ /dev/null @@ -1,18 +0,0 @@ -{{- if eq .Values.webhook.tls.mode "generated" }} -apiVersion: v1 -kind: ServiceAccount -metadata: - name: "{{ include "http-header-injector.cert-serviceaccount.name" . }}" - namespace: {{ .Release.Namespace }} - annotations: - "helm.sh/hook": pre-install,pre-upgrade,post-delete,post-upgrade - "helm.sh/hook-weight": "-4" - "helm.sh/hook-delete-policy": before-hook-creation,hook-succeeded -{{ include "http-header-injector.global.extraAnnotations" . | indent 4 }} - labels: - app.kubernetes.io/component: http-header-injector-cert-hook - app.kubernetes.io/instance: {{ .Release.Name }} - app.kubernetes.io/name: {{ include "http-header-injector.app.name" . }} - app: "{{ include "http-header-injector.app.name" . }}" -{{ include "http-header-injector.global.extraLabels" . | indent 4 }} -{{- end }} diff --git a/charts/stackstate/stackstate-k8s-agent/1.0.87/charts/http-header-injector/templates/pull-secret.yaml b/charts/stackstate/stackstate-k8s-agent/1.0.87/charts/http-header-injector/templates/pull-secret.yaml deleted file mode 100644 index 80b4ee404..000000000 --- a/charts/stackstate/stackstate-k8s-agent/1.0.87/charts/http-header-injector/templates/pull-secret.yaml +++ /dev/null @@ -1,32 +0,0 @@ -{{- $defaultRegistry := .Values.global.imageRegistry }} -{{- $top := . }} -{{- $registryAuthMap := dict }} - -{{- range $registry, $credentials := .Values.global.imagePullCredentials }} - {{- $registryAuthDocument := dict -}} - {{- $_ := set $registryAuthDocument "username" $credentials.username }} - {{- $_ := set $registryAuthDocument "password" $credentials.password }} - {{- $authMessage := printf "%s:%s" $registryAuthDocument.username $registryAuthDocument.password | b64enc }} - {{- $_ := set $registryAuthDocument "auth" $authMessage }} - {{- if eq $registry "default" }} - {{- $registryAuthMap := set $registryAuthMap (include "http-header-injector.image.registry.global" $top) $registryAuthDocument }} - {{ else }} - {{- $registryAuthMap := set $registryAuthMap $registry $registryAuthDocument }} - {{- end }} -{{- end }} -{{- $dockerAuthsDocuments := dict "auths" $registryAuthMap }} - -apiVersion: v1 -kind: Secret -metadata: - labels: - app.kubernetes.io/component: http-header-injector - app.kubernetes.io/instance: {{ .Release.Name }} - app.kubernetes.io/name: {{ include "http-header-injector.app.name" . }} -{{ include "http-header-injector.global.extraLabels" . | indent 4 }} - annotations: -{{ include "http-header-injector.global.extraAnnotations" . | indent 4 }} - name: {{ include "http-header-injector.pull-secret.name" . }} -data: - .dockerconfigjson: {{ $dockerAuthsDocuments | toJson | b64enc | quote }} -type: kubernetes.io/dockerconfigjson \ No newline at end of file diff --git a/charts/stackstate/stackstate-k8s-agent/1.0.87/charts/http-header-injector/templates/webhook-cert-secret.yaml b/charts/stackstate/stackstate-k8s-agent/1.0.87/charts/http-header-injector/templates/webhook-cert-secret.yaml deleted file mode 100644 index f571ca86b..000000000 --- a/charts/stackstate/stackstate-k8s-agent/1.0.87/charts/http-header-injector/templates/webhook-cert-secret.yaml +++ /dev/null @@ -1,18 +0,0 @@ -{{- if eq .Values.webhook.tls.mode "provided" }} -apiVersion: v1 -kind: Secret -metadata: - name: {{ include "http-header-injector.cert-secret.name" . }} - namespace: {{ .Release.Namespace }} - labels: - app.kubernetes.io/component: http-header-injector - app.kubernetes.io/instance: {{ .Release.Name }} - app.kubernetes.io/name: {{ include "http-header-injector.app.name" . }} -{{ include "http-header-injector.global.extraLabels" . | indent 4 }} - annotations: -{{ include "http-header-injector.global.extraAnnotations" . | indent 4 }} -type: kubernetes.io/tls -data: - tls.crt: {{ .Values.webhook.tls.provided.crt | b64enc }} - tls.key: {{ .Values.webhook.tls.provided.key | b64enc }} -{{- end }} diff --git a/charts/stackstate/stackstate-k8s-agent/1.0.87/charts/http-header-injector/templates/webhook-certificate.yaml b/charts/stackstate/stackstate-k8s-agent/1.0.87/charts/http-header-injector/templates/webhook-certificate.yaml deleted file mode 100644 index a68c7c5f6..000000000 --- a/charts/stackstate/stackstate-k8s-agent/1.0.87/charts/http-header-injector/templates/webhook-certificate.yaml +++ /dev/null @@ -1,23 +0,0 @@ -{{- if eq .Values.webhook.tls.mode "cert-manager" }} -apiVersion: cert-manager.io/v1 -kind: Certificate -metadata: - name: {{ include "http-header-injector.webhook-service.name" . }} - namespace: {{ include "cert-manager.certificate.namespace" . }} - labels: - app.kubernetes.io/component: http-header-injector - app.kubernetes.io/instance: {{ .Release.Name }} - app.kubernetes.io/name: {{ include "http-header-injector.app.name" . }} -{{ include "http-header-injector.global.extraLabels" . | indent 4 }} - annotations: -{{ include "http-header-injector.global.extraAnnotations" . | indent 4 }} -spec: - secretName: {{ include "http-header-injector.cert-secret.name" . }} - issuerRef: - name: {{ .Values.webhook.tls.certManager.issuer }} - kind: {{ .Values.webhook.tls.certManager.issuerKind }} - dnsNames: - - "{{ include "http-header-injector.webhook-service.name" . }}" - - "{{ include "http-header-injector.webhook-service.name" . }}.{{ .Release.Namespace }}" - - "{{ include "http-header-injector.webhook-service.name" . }}.{{ .Release.Namespace }}.svc" -{{- end }} diff --git a/charts/stackstate/stackstate-k8s-agent/1.0.87/charts/http-header-injector/templates/webhook-config.yaml b/charts/stackstate/stackstate-k8s-agent/1.0.87/charts/http-header-injector/templates/webhook-config.yaml deleted file mode 100644 index 20b38ce96..000000000 --- a/charts/stackstate/stackstate-k8s-agent/1.0.87/charts/http-header-injector/templates/webhook-config.yaml +++ /dev/null @@ -1,128 +0,0 @@ -{{- if .Values.enabled -}} -{{- $proxyContainerConfig := dict "ContainerConfig" .Values.proxy -}} -{{- $proxyInitContainerConfig := dict "ContainerConfig" .Values.proxyInit -}} -apiVersion: v1 -kind: ConfigMap -metadata: - labels: - app.kubernetes.io/component: http-header-injector - app.kubernetes.io/instance: {{ .Release.Name }} - app.kubernetes.io/name: {{ include "http-header-injector.app.name" . }} -{{ include "http-header-injector.global.extraLabels" . | indent 4 }} - annotations: -{{ include "http-header-injector.global.extraAnnotations" . | indent 4 }} - name: {{ .Release.Name }}-http-header-injector-config -data: - sidecarconfig.yaml: | - initContainers: - - name: http-header-proxy-init - image: "{{ include "http-header-injector.image.registry" (merge $proxyInitContainerConfig .) }}/{{ .Values.proxyInit.image.repository }}:{{ .Values.proxyInit.image.tag }}" - imagePullPolicy: {{ .Values.proxyInit.image.pullPolicy }} - command: ["/init-iptables.sh"] - env: - - name: CHART_VERSION - value: "{{ .Chart.Version }}" - - name: PROXY_PORT - value: {% if index .Annotations "config.http-header-injector.stackstate.io/proxy-port" %}"{% index .Annotations "config.http-header-injector.stackstate.io/proxy-port" %}"{% else %}"7060"{% end %} - - name: PROXY_UID - value: {% if index .Annotations "config.http-header-injector.stackstate.io/proxy-uid" %}"{% index .Annotations "config.http-header-injector.stackstate.io/proxy-uid" %}"{% else %}"2103"{% end %} - - name: POD_HOST_NETWORK - value: {% .Spec.HostNetwork %} - {% if eq (index .Annotations "linkerd.io/inject") "enabled" %} - - name: LINKERD - value: true - # Reference: https://linkerd.io/2.13/reference/proxy-configuration/ - - name: LINKERD_PROXY_UID - value: {% if index .Annotations "config.linkerd.io/proxy-uid" %}"{% index .Annotations "config.linkerd.io/proxy-uid" %}"{% else %}"2102"{% end %} - # Due to https://github.com/linkerd/linkerd2/issues/10981 this is now not realy possible, still bringing in the code for future reference - - name: LINKERD_ADMIN_PORT - value: {% if index .Annotations "config.linkerd.io/admin-port" %}"{% index .Annotations "config.linkerd.io/admin-port" %}"{% else %}"4191"{% end %} - {% end %} - securityContext: - allowPrivilegeEscalation: false - capabilities: - add: - - NET_ADMIN - - NET_RAW - privileged: false - readOnlyRootFilesystem: true - runAsNonRoot: false - runAsUser: 0 - seccompProfile: - type: RuntimeDefault - volumeMounts: - # This is required for iptables to be able to run - - mountPath: /run - name: http-header-proxy-init-xtables-lock - - containers: - - name: http-header-proxy - image: "{{ include "http-header-injector.image.registry" (merge $proxyContainerConfig .) }}/{{ .Values.proxy.image.repository }}:{{ .Values.proxy.image.tag }}" - imagePullPolicy: {{ .Values.proxy.image.pullPolicy }} - env: - - name: CHART_VERSION - value: "{{ .Chart.Version }}" - - name: PORT - value: {% if index .Annotations "config.http-header-injector.stackstate.io/proxy-port" %}"{% index .Annotations "config.http-header-injector.stackstate.io/proxy-port" %}"{% else %}"7060"{% end %} - - name: DEBUG - value: {% if index .Annotations "config.http-header-injector.stackstate.io/debug" %}"{% index .Annotations "config.http-header-injector.stackstate.io/debug" %}"{% else %}"disabled"{% end %} - securityContext: - runAsUser: {% if index .Annotations "config.http-header-injector.stackstate.io/proxy-uid" %}{% index .Annotations "config.http-header-injector.stackstate.io/proxy-uid" %}{% else %}2103{% end %} - seccompProfile: - type: RuntimeDefault - {{- with .Values.proxy.resources }} - resources: - {{- toYaml . | nindent 12 }} - {{- end }} - - name: http-header-inject-debug - image: "{{ include "http-header-injector.image.registry" (merge $proxyContainerConfig .) }}/{{ .Values.proxyInit.image.repository }}:{{ .Values.proxyInit.image.tag }}" - imagePullPolicy: {{ .Values.proxyInit.image.pullPolicy }} - command: ["/bin/sh", "-c", "while echo \"Running\"; do sleep 1; done"] - securityContext: - allowPrivilegeEscalation: false - capabilities: - add: - - NET_ADMIN - - NET_RAW - privileged: false - readOnlyRootFilesystem: true - runAsNonRoot: false - runAsUser: 0 - seccompProfile: - type: RuntimeDefault - volumeMounts: - # This is required for iptables to be able to run - - mountPath: /run - name: http-header-proxy-init-xtables-lock - - volumes: - - emptyDir: {} - name: http-header-proxy-init-xtables-lock - - mutationconfig.yaml: | - mutationConfigs: - - name: "http-header-injector" - annotationNamespace: "http-header-injector.stackstate.io" - annotationTrigger: "inject" - annotationConfig: - volumeMounts: [] - initContainersBeforePodInitContainers: [ "http-header-proxy-init" ] - initContainers: [ "http-header-proxy-init" ] - containers: [ "http-header-proxy" ] - volumes: [ "http-header-proxy-init-xtables-lock" ] - volumeMounts: [ ] - # Namespaces are ignored by the mutatingwebhook - ignoreNamespaces: [ ] - - name: "http-header-injector-debug" - annotationNamespace: "http-header-injector-debug.stackstate.io" - annotationTrigger: "inject" - annotationConfig: - volumeMounts: [] - initContainersBeforePodInitContainers: [ ] - initContainers: [ ] - containers: [ "http-header-inject-debug" ] - volumes: [ "http-header-proxy-init-xtables-lock" ] - volumeMounts: [ ] - # Namespaces are ignored by the mutatingwebhook - ignoreNamespaces: [ ] - {{- end -}} \ No newline at end of file diff --git a/charts/stackstate/stackstate-k8s-agent/1.0.87/charts/http-header-injector/templates/webhook-deployment.yaml b/charts/stackstate/stackstate-k8s-agent/1.0.87/charts/http-header-injector/templates/webhook-deployment.yaml deleted file mode 100644 index 8af6ff51a..000000000 --- a/charts/stackstate/stackstate-k8s-agent/1.0.87/charts/http-header-injector/templates/webhook-deployment.yaml +++ /dev/null @@ -1,61 +0,0 @@ -{{- if .Values.enabled -}} -{{- $containerConfig := dict "ContainerConfig" .Values.sidecarInjector -}} -apiVersion: apps/v1 -kind: Deployment -metadata: - labels: - app.kubernetes.io/component: http-header-injector - app.kubernetes.io/instance: {{ .Release.Name }} - app.kubernetes.io/name: {{ include "http-header-injector.app.name" . }} - app: "{{ include "http-header-injector.app.name" . }}" -{{ include "http-header-injector.global.extraLabels" . | indent 4 }} - annotations: -{{ include "http-header-injector.global.extraAnnotations" . | indent 4 }} - name: "{{ include "http-header-injector.app.name" . }}" -spec: - replicas: 1 - selector: - matchLabels: - app: "{{ include "http-header-injector.app.name" . }}" - template: - metadata: - labels: - app.kubernetes.io/component: http-header-injector - app.kubernetes.io/instance: {{ .Release.Name }} - app.kubernetes.io/name: {{ include "http-header-injector.app.name" . }} - app: "{{ include "http-header-injector.app.name" . }}" -{{ include "http-header-injector.global.extraLabels" . | indent 8 }} - annotations: - checksum/config: {{ include (print $.Template.BasePath "/webhook-config.yaml") . | sha256sum }} - # This is here to make sure the generic injector gets restarted and picks up a new secret that may have been generated upon upgrade. - revision: "{{ .Release.Revision }}" -{{ include "http-header-injector.global.extraAnnotations" . | indent 8 }} - name: "{{ include "http-header-injector.app.name" . }}" - spec: - {{- include "http-header-injector.image.pullSecrets" . | nindent 6 }} - volumes: - - name: "{{ include "http-header-injector.webhook-config.name" . }}" - configMap: - name: "{{ include "http-header-injector.webhook-config.name" . }}" - - name: "{{ include "http-header-injector.cert-secret.name" . }}" - secret: - secretName: "{{ include "http-header-injector.cert-secret.name" . }}" - containers: - - image: "{{ include "http-header-injector.image.registry" (merge $containerConfig .) }}/{{ .Values.sidecarInjector.image.repository }}:{{ .Values.sidecarInjector.image.tag }}" - imagePullPolicy: {{ .Values.sidecarInjector.image.pullPolicy }} - name: http-header-injector - volumeMounts: - - name: "{{ include "http-header-injector.webhook-config.name" . }}" - mountPath: /etc/webhook/config - readOnly: true - - name: "{{ include "http-header-injector.cert-secret.name" . }}" - mountPath: /etc/webhook/certs - readOnly: true - command: [ "/sidecarinjector" ] - args: - - --port=8443 - - --sidecar-config-file=/etc/webhook/config/sidecarconfig.yaml - - --mutation-config-file=/etc/webhook/config/mutationconfig.yaml - - --cert-file-path=/etc/webhook/certs/tls.crt - - --key-file-path=/etc/webhook/certs/tls.key -{{- end -}} \ No newline at end of file diff --git a/charts/stackstate/stackstate-k8s-agent/1.0.87/charts/http-header-injector/templates/webhook-mutatingwebhookconfiguration.yaml b/charts/stackstate/stackstate-k8s-agent/1.0.87/charts/http-header-injector/templates/webhook-mutatingwebhookconfiguration.yaml deleted file mode 100644 index de0acc1df..000000000 --- a/charts/stackstate/stackstate-k8s-agent/1.0.87/charts/http-header-injector/templates/webhook-mutatingwebhookconfiguration.yaml +++ /dev/null @@ -1,54 +0,0 @@ -{{- if not (eq .Values.webhook.tls.mode "generated") }} -apiVersion: admissionregistration.k8s.io/v1 -kind: MutatingWebhookConfiguration -metadata: - name: "{{ include "http-header-injector.mutating-webhook.name" . }}" - namespace: "{{ .Release.Namespace }}" - labels: - app.kubernetes.io/component: http-header-injector - app.kubernetes.io/instance: {{ .Release.Name }} - app.kubernetes.io/name: {{ include "http-header-injector.app.name" . }} -{{ include "http-header-injector.global.extraLabels" . | indent 4 }} - annotations: - {{- if eq .Values.webhook.tls.mode "cert-manager" }} - cert-manager.io/inject-ca-from: {{ include "cert-manager.certificate.namespace" . }}/{{ include "http-header-injector.webhook-service.name" . }} - {{- else if eq .Values.webhook.tls.mode "secret" }} - cert-manager.io/inject-ca-from-secret: {{ .Release.Namespace }}/{{ .Values.webhook.tls.secret.name | required "'webhook.tls.secret.name' is required when webhook.tls.mode is 'secret'" }} - {{- end }} -{{ include "http-header-injector.global.extraAnnotations" . | indent 4 }} -webhooks: - - clientConfig: - {{- if eq .Values.webhook.tls.mode "provided" }} - caBundle: "{{ .Values.webhook.tls.provided.caBundle | b64enc }}" - {{- else if or (eq .Values.webhook.tls.mode "cert-manager") (eq .Values.webhook.tls.mode "secret") }} - caBundle: "" - {{- end }} - service: - name: "{{ include "http-header-injector.webhook-service.name" . }}" - path: /mutate - namespace: {{ .Release.Namespace }} - port: 8443 - # Putting failure on ignore, not doing so can crash the entire control plane if something goes wrong with the service. - failurePolicy: "{{ .Values.webhook.failurePolicy }}" - name: "{{ include "http-header-injector.mutatingwebhookconfiguration.name" . }}" - namespaceSelector: - matchExpressions: - - key: kubernetes.io/metadata.name - operator: NotIn - values: - - kube-system - - cert-manager - - {{ .Release.Namespace }} - rules: - - apiGroups: - - "" - apiVersions: - - v1 - operations: - - CREATE - resources: - - pods - sideEffects: None - admissionReviewVersions: - - v1 -{{- end }} diff --git a/charts/stackstate/stackstate-k8s-agent/1.0.87/charts/http-header-injector/templates/webhook-service.yaml b/charts/stackstate/stackstate-k8s-agent/1.0.87/charts/http-header-injector/templates/webhook-service.yaml deleted file mode 100644 index 55abdb022..000000000 --- a/charts/stackstate/stackstate-k8s-agent/1.0.87/charts/http-header-injector/templates/webhook-service.yaml +++ /dev/null @@ -1,20 +0,0 @@ -{{- if .Values.enabled -}} -apiVersion: v1 -kind: Service -metadata: - labels: - app.kubernetes.io/component: http-header-injector - app.kubernetes.io/instance: {{ .Release.Name }} - app.kubernetes.io/name: {{ include "http-header-injector.app.name" . }} -{{ include "http-header-injector.global.extraLabels" . | indent 4 }} - annotations: -{{ include "http-header-injector.global.extraAnnotations" . | indent 4 }} - name: "{{ include "http-header-injector.webhook-service.name" . }}" -spec: - ports: - - port: 8443 - protocol: TCP - targetPort: 8443 - selector: - app: "{{ include "http-header-injector.app.name" . }}" -{{- end -}} diff --git a/charts/stackstate/stackstate-k8s-agent/1.0.87/charts/http-header-injector/values.yaml b/charts/stackstate/stackstate-k8s-agent/1.0.87/charts/http-header-injector/values.yaml deleted file mode 100644 index a1b4be2fc..000000000 --- a/charts/stackstate/stackstate-k8s-agent/1.0.87/charts/http-header-injector/values.yaml +++ /dev/null @@ -1,110 +0,0 @@ -# enabled -- Enable/disable the mutationwebhook -enabled: true - -# debug -- Enable debugging. This will leave leave artifacts around like the prehook jobs for further inspection -debug: false - -global: - # global.imageRegistry -- Globally override the image registry that is used. Can be overridden by specific containers. Defaults to quay.io - imageRegistry: null - # global.imagePullSecrets -- Globally add image pull secrets that are used. - imagePullSecrets: [] - # global.imagePullCredentials -- Globally define credentials for pulling images. - imagePullCredentials: {} - - # global.extraLabels -- Extra labels added ta all resources created by the helm chart - extraLabels: {} - # global.extraAnnotations -- Extra annotations added ta all resources created by the helm chart - extraAnnotations: {} - -images: - pullSecretName: - -# proxy -- Proxy being injected into pods for rewriting http headers -proxy: - image: - # proxy.image.registry -- Registry for the docker image. - registry: - # proxy.image.repository - Repository for the docker image - repository: "stackstate/http-header-injector-proxy" - # proxy.image.pullPolicy -- Policy when pulling an image - pullPolicy: IfNotPresent - # proxy.image.tag -- The tag for the docker image - tag: sha-5ff79451 - - # proxy.resource -- Resources for the proxy container - resources: - requests: - # proxy.resources.requests.memory -- Memory resource requests. - memory: "25Mi" - limits: - # proxy.resources.limits.memory -- Memory resource limits. - memory: "40Mi" - -# proxyInit -- InitContainer within pod which redirects traffic to the proxy container. -proxyInit: - image: - # proxyInit.image.registry -- Registry for the docker image - registry: - # proxyInit.image.repository - Repository for the docker image - repository: "stackstate/http-header-injector-proxy-init" - # proxyInit.image.pullPolicy -- Policy when pulling an image - pullPolicy: IfNotPresent - # proxyInit.image.tag -- The tag for the docker image - tag: sha-5ff79451 - -# sidecarInjector -- Service for injecting the proxy sidecar into pods -sidecarInjector: - image: - # sidecarInjector.image.registry -- Registry for the docker image. - registry: - # sidecarInjector.image.repository - Repository for the docker image - repository: "stackstate/generic-sidecar-injector" - # sidecarInjector.image.pullPolicy -- Policy when pulling an image - pullPolicy: IfNotPresent - # sidecarInjector.image.tag -- The tag for the docker image - tag: sha-9c852245 - -# certificatePrehook -- Helm prehook to setup/remove a certificate for the sidecarInjector mutationwebhook -certificatePrehook: - image: - # certificatePrehook.image.registry -- Registry for the docker image. - registry: - # certificatePrehook.image.repository - Repository for the docker image. - repository: stackstate/container-tools - # certificatePrehook.image.pullPolicy -- Policy when pulling an image - pullPolicy: IfNotPresent - # certificatePrehook.image.tag -- The tag for the docker image - tag: 1.4.0 - resources: - limits: - cpu: "100m" - memory: "200Mi" - requests: - cpu: "100m" - memory: "200Mi" - -# webhook -- MutationWebhook that will be installed to inject a sidecar into pods -webhook: - # webhook.failurePolicy -- How should the webhook fail? Best is to use Ignore, because there is a brief moment at initialization when the hook s there but the service not. Also, putting this to fail can cause the control plane be unresponsive. - failurePolicy: Ignore - tls: - # webhook.tls.mode -- The mode for the webhook. Can be "provided", "generated", "secret" or "cert-manager". If you want to use cert-manager, you need to install it first. NOTE: If you choose "generated", additional privileges are required to create the certificate and webhook at runtime. - mode: "generated" - provided: - # webhook.tls.provided.caBundle -- The caBundle that is used for the webhook. This is the certificate that is used to sign the webhook. Only used if you set webhook.tls.mode to "provided". - caBundle: "" - # webhook.tls.provided.crt -- The certificate that is used for the webhook. Only used if you set webhook.tls.mode to "provided". - crt: "" - # webhook.tls.provided.key -- The key that is used for the webhook. Only used if you set webhook.tls.mode to "provided". - key: "" - certManager: - # webhook.tls.certManager.issuer -- The issuer that is used for the webhook. Only used if you set webhook.tls.mode to "cert-manager". - issuer: "" - # webhook.tls.certManager.issuerKind -- The issuer kind that is used for the webhook, valid values are "Issuer" or "ClusterIssuer". Only used if you set webhook.tls.mode to "cert-manager". - issuerKind: "ClusterIssuer" - # webhook.tls.certManager.issuerNamespace -- The namespace the cert-manager issuer is located in. If left empty defaults to the release's namespace that is used for the webhook. Only used if you set webhook.tls.mode to "cert-manager". - issuerNamespace: "" - secret: - # webhook.tls.secret.name -- The name of the secret containing the pre-provisioned certificate data that is used for the webhook. Only used if you set webhook.tls.mode to "secret". - name: "" diff --git a/charts/stackstate/stackstate-k8s-agent/1.0.87/questions.yml b/charts/stackstate/stackstate-k8s-agent/1.0.87/questions.yml deleted file mode 100644 index 5d6e6a011..000000000 --- a/charts/stackstate/stackstate-k8s-agent/1.0.87/questions.yml +++ /dev/null @@ -1,184 +0,0 @@ -questions: - - variable: stackstate.apiKey - label: "StackState API Key" - type: string - description: "The API key for StackState." - required: true - group: General - - variable: stackstate.url - label: "StackState URL" - type: string - description: "The URL where StackState is running." - required: true - group: General - - variable: stackstate.cluster.name - label: "StackState Cluster Name" - type: string - description: "The StackState Cluster Name given when installing the instance of the Kubernetes StackPack in StackState. This is used to identify the cluster in StackState." - required: true - group: General - - variable: all.registry.override - label: "Override Default Image Registry" - type: boolean - description: "Whether or not to override the default image registry." - default: false - group: "General" - show_subquestions_if: true - subquestions: - - variable: all.image.registry - label: "Docker Image Registry" - type: string - description: "The registry to pull the StackState Agent images from." - default: "quay.io" - - variable: global.imagePullCredentials.username - label: "Docker Image Pull Username" - type: string - description: "The username to use when pulling the StackState Agent images." - - variable: global.imagePullCredentials.password - label: "Docker Image Pull Password" - type: secret - description: "The password to use when pulling the StackState Agent images." - - variable: nodeAgent.containers.agent.resources.override - label: "Override Node Agent Resource Allocation" - type: boolean - description: "Whether or not to override the default resources." - default: "false" - group: "Node Agent" - show_subquestions_if: true - subquestions: - - variable: nodeAgent.containers.agent.resources.requests.cpu - label: "CPU Requests" - type: string - description: "The requested CPU for the Node Agent." - default: "20m" - - variable: nodeAgent.containers.agent.resources.requests.memory - label: "Memory Requests" - type: string - description: "The requested memory for the Node Agent." - default: "180Mi" - - variable: nodeAgent.containers.agent.resources.limits.cpu - label: "CPU Limit" - type: string - description: "The CPU limit for the Node Agent." - default: "270m" - - variable: nodeAgent.containers.agent.resources.limits.memory - label: "Memory Limit" - type: string - description: "The memory limit for the Node Agent." - default: "420Mi" - - variable: nodeAgent.containers.processAgent.enabled - label: "Enable Process Agent" - type: boolean - description: "Whether or not to enable the Process Agent." - default: "true" - group: "Process Agent" - - variable: nodeAgent.skipKubeletTLSVerify - label: "Skip Kubelet TLS Verify" - type: boolean - description: "Whether or not to skip TLS verification when connecting to the kubelet API." - default: "true" - group: "Process Agent" - - variable: nodeAgent.containers.processAgent.resources.override - label: "Override Process Agent Resource Allocation" - type: boolean - description: "Whether or not to override the default resources." - default: "false" - group: "Process Agent" - show_subquestions_if: true - subquestions: - - variable: nodeAgent.containers.processAgent.resources.requests.cpu - label: "CPU Requests" - type: string - description: "The requested CPU for the Process Agent." - default: "25m" - - variable: nodeAgent.containers.processAgent.resources.requests.memory - label: "Memory Requests" - type: string - description: "The requested memory for the Process Agent." - default: "128Mi" - - variable: nodeAgent.containers.processAgent.resources.limits.cpu - label: "CPU Limit" - type: string - description: "The CPU limit for the Process Agent." - default: "125m" - - variable: nodeAgent.containers.processAgent.resources.limits.memory - label: "Memory Limit" - type: string - description: "The memory limit for the Process Agent." - default: "400Mi" - - variable: clusterAgent.enabled - label: "Enable Cluster Agent" - type: boolean - description: "Whether or not to enable the Cluster Agent." - default: "true" - group: "Cluster Agent" - - variable: clusterAgent.collection.kubernetesResources.secrets - label: "Collect Secret Resources" - type: boolean - description: | - Whether or not to collect Kubernetes Secrets. - NOTE: StackState will not send the actual data of the secrets, only the metadata and a secure hash of the data. - default: "true" - group: "Cluster Agent" - - variable: clusterAgent.resources.override - label: "Override Cluster Agent Resource Allocation" - type: boolean - description: "Whether or not to override the default resources." - default: "false" - group: "Cluster Agent" - show_subquestions_if: true - subquestions: - - variable: clusterAgent.resources.requests.cpu - label: "CPU Requests" - type: string - description: "The requested CPU for the Cluster Agent." - default: "70m" - - variable: clusterAgent.resources.requests.memory - label: "Memory Requests" - type: string - description: "The requested memory for the Cluster Agent." - default: "512Mi" - - variable: clusterAgent.resources.limits.cpu - label: "CPU Limit" - type: string - description: "The CPU limit for the Cluster Agent." - default: "400m" - - variable: clusterAgent.resources.limits.memory - label: "Memory Limit" - type: string - description: "The memory limit for the Cluster Agent." - default: "800Mi" - - variable: logsAgent.enabled - label: "Enable Logs Agent" - type: boolean - description: "Whether or not to enable the Logs Agent." - default: "true" - group: "Logs Agent" - - variable: logsAgent.resources.override - label: "Override Logs Agent Resource Allocation" - type: boolean - description: "Whether or not to override the default resources." - default: "false" - group: "Logs Agent" - show_subquestions_if: true - subquestions: - - variable: logsAgent.resources.requests.cpu - label: "CPU Requests" - type: string - description: "The requested CPU for the Logs Agent." - default: "20m" - - variable: logsAgent.resources.requests.memory - label: "Memory Requests" - type: string - description: "The requested memory for the Logs Agent." - default: "100Mi" - - variable: logsAgent.resources.limits.cpu - label: "CPU Limit" - type: string - description: "The CPU limit for the Logs Agent." - default: "1300m" - - variable: logsAgent.resources.limits.memory - label: "Memory Limit" - type: string - description: "The memory limit for the Logs Agent." - default: "192Mi" diff --git a/charts/stackstate/stackstate-k8s-agent/1.0.87/templates/_cluster-agent-kube-state-metrics.yaml b/charts/stackstate/stackstate-k8s-agent/1.0.87/templates/_cluster-agent-kube-state-metrics.yaml deleted file mode 100644 index f99fbf618..000000000 --- a/charts/stackstate/stackstate-k8s-agent/1.0.87/templates/_cluster-agent-kube-state-metrics.yaml +++ /dev/null @@ -1,62 +0,0 @@ -{{- define "cluster-agent-kube-state-metrics" -}} -{{- $kubeRes := .Values.clusterAgent.collection.kubernetesResources }} -{{- if .Values.clusterAgent.collection.kubeStateMetrics.clusterCheck }} -cluster_check: true -{{- end }} -init_config: -instances: - - collectors: - - nodes - - pods - - services - {{- if $kubeRes.persistentvolumeclaims }} - - persistentvolumeclaims - {{- end }} - {{- if $kubeRes.persistentvolumes }} - - persistentvolumes - {{- end }} - {{- if $kubeRes.namespaces }} - - namespaces - {{- end }} - {{- if $kubeRes.endpoints }} - - endpoints - {{- end }} - {{- if $kubeRes.daemonsets }} - - daemonsets - {{- end }} - {{- if $kubeRes.deployments }} - - deployments - {{- end }} - {{- if $kubeRes.replicasets }} - - replicasets - {{- end }} - {{- if $kubeRes.statefulsets }} - - statefulsets - {{- end }} - {{- if $kubeRes.cronjobs }} - - cronjobs - {{- end }} - {{- if $kubeRes.jobs }} - - jobs - {{- end }} - {{- if $kubeRes.ingresses }} - - ingresses - {{- end }} - {{- if $kubeRes.secrets }} - - secrets - {{- end }} - - resourcequotas - - replicationcontrollers - - limitranges - - horizontalpodautoscalers - - poddisruptionbudgets - - storageclasses - - volumeattachments - {{- if .Values.clusterAgent.collection.kubeStateMetrics.clusterCheck }} - skip_leader_election: true - {{- end }} - labels_as_tags: - {{ .Values.clusterAgent.collection.kubeStateMetrics.labelsAsTags | toYaml | indent 8 }} - annotations_as_tags: - {{ .Values.clusterAgent.collection.kubeStateMetrics.annotationsAsTags | toYaml | indent 8 }} -{{- end -}} diff --git a/charts/stackstate/stackstate-k8s-agent/1.0.87/templates/_container-agent.yaml b/charts/stackstate/stackstate-k8s-agent/1.0.87/templates/_container-agent.yaml deleted file mode 100644 index 09f9591c6..000000000 --- a/charts/stackstate/stackstate-k8s-agent/1.0.87/templates/_container-agent.yaml +++ /dev/null @@ -1,191 +0,0 @@ -{{- define "container-agent" -}} -- name: node-agent -{{- if .Values.all.hardening.enabled}} - lifecycle: - preStop: - exec: - command: [ "/bin/sh", "-c", "echo 'Giving slim.ai monitor time to submit data...'; sleep 120" ] -{{- end }} - image: "{{ include "stackstate-k8s-agent.imageRegistry" . }}/{{ .Values.nodeAgent.containers.agent.image.repository }}:{{ .Values.nodeAgent.containers.agent.image.tag }}" - imagePullPolicy: "{{ .Values.nodeAgent.containers.agent.image.pullPolicy }}" - env: - {{ include "stackstate-k8s-agent.apiKeyEnv" . | nindent 4 }} - - name: STS_KUBERNETES_KUBELET_HOST - valueFrom: - fieldRef: - fieldPath: status.hostIP - - name: KUBERNETES_HOSTNAME - valueFrom: - fieldRef: - fieldPath: spec.nodeName - - name: STS_HOSTNAME - value: "$(KUBERNETES_HOSTNAME)-{{ .Values.stackstate.cluster.name}}" - - name: AGENT_VERSION - value: {{ .Values.nodeAgent.containers.agent.image.tag | quote }} - - name: HOST_PROC - value: "/host/proc" - - name: HOST_SYS - value: "/host/sys" - - name: KUBERNETES - value: "true" - - name: STS_APM_ENABLED - value: {{ .Values.nodeAgent.apm.enabled | quote }} - - name: STS_APM_URL - value: {{ include "stackstate-k8s-agent.stackstate.url" . }} - - name: STS_CLUSTER_AGENT_ENABLED - value: {{ .Values.clusterAgent.enabled | quote }} - {{- if .Values.clusterAgent.enabled }} - - name: STS_CLUSTER_AGENT_KUBERNETES_SERVICE_NAME - value: {{ .Release.Name }}-cluster-agent - {{ include "stackstate-k8s-agent.clusterAgentAuthTokenEnv" . | nindent 4 }} - {{- end }} - - name: STS_CLUSTER_NAME - value: {{ .Values.stackstate.cluster.name | quote }} - - name: STS_SKIP_VALIDATE_CLUSTERNAME - value: "true" - - name: STS_CHECKS_TAG_CARDINALITY - value: {{ .Values.nodeAgent.checksTagCardinality | quote }} - {{- if .Values.checksAgent.enabled }} - - name: STS_EXTRA_CONFIG_PROVIDERS - value: "endpointschecks" - {{- end }} - - name: STS_HEALTH_PORT - value: "5555" - - name: STS_LEADER_ELECTION - value: "false" - - name: LOG_LEVEL - value: {{ .Values.nodeAgent.containers.agent.logLevel | default .Values.nodeAgent.logLevel | quote }} - - name: STS_LOG_LEVEL - value: {{ .Values.nodeAgent.containers.agent.logLevel | default .Values.nodeAgent.logLevel | quote }} - - name: STS_NETWORK_TRACING_ENABLED - value: {{ .Values.nodeAgent.networkTracing.enabled | quote }} - - name: STS_PROTOCOL_INSPECTION_ENABLED - value: {{ .Values.nodeAgent.protocolInspection.enabled | quote }} - - name: STS_PROCESS_AGENT_ENABLED - value: {{ .Values.nodeAgent.containers.agent.processAgent.enabled | quote }} - - name: STS_CONTAINER_CHECK_INTERVAL - value: {{ .Values.processAgent.checkIntervals.container | quote }} - - name: STS_CONNECTION_CHECK_INTERVAL - value: {{ .Values.processAgent.checkIntervals.connections | quote }} - - name: STS_PROCESS_CHECK_INTERVAL - value: {{ .Values.processAgent.checkIntervals.process | quote }} - - name: STS_PROCESS_AGENT_URL - value: {{ include "stackstate-k8s-agent.stackstate.url" . }} - - - name: STS_SKIP_SSL_VALIDATION - value: {{ or .Values.global.skipSslValidation .Values.nodeAgent.skipSslValidation | quote }} - - name: STS_SKIP_KUBELET_TLS_VERIFY - value: {{ .Values.nodeAgent.skipKubeletTLSVerify | quote }} - - name: STS_STS_URL - value: {{ include "stackstate-k8s-agent.stackstate.url" . }} - {{- if .Values.nodeAgent.containerRuntime.customSocketPath }} - - name: STS_CRI_SOCKET_PATH - value: {{ .Values.nodeAgent.containerRuntime.customSocketPath }} - {{- end }} - {{- if .Values.global.proxy.url }} - - name: STS_PROXY_HTTPS - value: {{ .Values.global.proxy.url | quote }} - - name: STS_PROXY_HTTP - value: {{ .Values.global.proxy.url | quote }} - {{- end }} - {{- range $key, $value := .Values.global.extraEnv.open }} - - name: {{ $key }} - value: {{ $value | quote }} - {{- end }} - {{- range $key, $value := .Values.global.extraEnv.secret }} - - name: {{ $key }} - valueFrom: - secretKeyRef: - name: {{ include "stackstate-k8s-agent.fullname" . }} - key: {{ $key }} - {{- end }} - {{- range $key, $value := .Values.nodeAgent.containers.agent.env }} - - name: {{ $key }} - value: {{ $value | quote }} - {{- end }} - {{- if .Values.nodeAgent.containers.agent.livenessProbe.enabled }} - livenessProbe: - httpGet: - path: /health - port: healthport - failureThreshold: {{ .Values.nodeAgent.containers.agent.livenessProbe.failureThreshold }} - initialDelaySeconds: {{ .Values.nodeAgent.containers.agent.livenessProbe.initialDelaySeconds }} - periodSeconds: {{ .Values.nodeAgent.containers.agent.livenessProbe.periodSeconds }} - successThreshold: {{ .Values.nodeAgent.containers.agent.livenessProbe.successThreshold }} - timeoutSeconds: {{ .Values.nodeAgent.containers.agent.livenessProbe.timeoutSeconds }} - {{- end }} - {{- if .Values.nodeAgent.containers.agent.readinessProbe.enabled }} - readinessProbe: - httpGet: - path: /health - port: healthport - failureThreshold: {{ .Values.nodeAgent.containers.agent.readinessProbe.failureThreshold }} - initialDelaySeconds: {{ .Values.nodeAgent.containers.agent.readinessProbe.initialDelaySeconds }} - periodSeconds: {{ .Values.nodeAgent.containers.agent.readinessProbe.periodSeconds }} - successThreshold: {{ .Values.nodeAgent.containers.agent.readinessProbe.successThreshold }} - timeoutSeconds: {{ .Values.nodeAgent.containers.agent.readinessProbe.timeoutSeconds }} - {{- end }} - ports: - - containerPort: 8126 - name: traceport - protocol: TCP - - containerPort: 5555 - name: healthport - protocol: TCP - {{- with .Values.nodeAgent.containers.agent.resources }} - resources: - {{- toYaml . | nindent 12 }} - {{- end }} - volumeMounts: - {{- if .Values.nodeAgent.containerRuntime.customSocketPath }} - - name: customcrisocket - mountPath: {{ .Values.nodeAgent.containerRuntime.customSocketPath }} - readOnly: true - {{- end }} - - name: crisocket - mountPath: /var/run/crio/crio.sock - readOnly: true - - name: containerdsocket - mountPath: /var/run/containerd/containerd.sock - readOnly: true - - name: kubelet - mountPath: /var/lib/kubelet - readOnly: true - - name: nfs - mountPath: /var/lib/nfs - readOnly: true - - name: dockersocket - mountPath: /var/run/docker.sock - readOnly: true - - name: dockernetns - mountPath: /run/docker/netns - readOnly: true - - name: dockeroverlay2 - mountPath: /var/lib/docker/overlay2 - readOnly: true - - name: procdir - mountPath: /host/proc - readOnly: true - - name: cgroups - mountPath: /host/sys/fs/cgroup - readOnly: true - {{- if .Values.nodeAgent.config.override }} - {{- range .Values.nodeAgent.config.override }} - - name: config-override-volume - mountPath: {{ .path }}/{{ .name }} - subPath: {{ .path | replace "/" "_"}}_{{ .name }} - readOnly: true - {{- end }} - {{- end }} -{{- if .Values.all.hardening.enabled}} - securityContext: - privileged: true - runAsUser: 0 # root - capabilities: - add: [ "ALL" ] - readOnlyRootFilesystem: false -{{- else }} - securityContext: - privileged: false -{{- end }} -{{- end -}} diff --git a/charts/stackstate/stackstate-k8s-agent/1.0.87/templates/_container-process-agent.yaml b/charts/stackstate/stackstate-k8s-agent/1.0.87/templates/_container-process-agent.yaml deleted file mode 100644 index 893f11581..000000000 --- a/charts/stackstate/stackstate-k8s-agent/1.0.87/templates/_container-process-agent.yaml +++ /dev/null @@ -1,160 +0,0 @@ -{{- define "container-process-agent" -}} -- name: process-agent -{{ if .Values.nodeAgent.containers.processAgent.image.registry }} - image: "{{ .Values.nodeAgent.containers.processAgent.image.registry }}/{{ .Values.nodeAgent.containers.processAgent.image.repository }}:{{ .Values.nodeAgent.containers.processAgent.image.tag }}" -{{ else }} - image: "{{ include "stackstate-k8s-agent.imageRegistry" . }}/{{ .Values.nodeAgent.containers.processAgent.image.repository }}:{{ .Values.nodeAgent.containers.processAgent.image.tag }}" -{{- end }} - imagePullPolicy: "{{ .Values.nodeAgent.containers.processAgent.image.pullPolicy }}" - ports: - - containerPort: 6063 - env: - {{ include "stackstate-k8s-agent.apiKeyEnv" . | nindent 4 }} - - name: STS_KUBERNETES_KUBELET_HOST - valueFrom: - fieldRef: - fieldPath: status.hostIP - - name: KUBERNETES_HOSTNAME - valueFrom: - fieldRef: - fieldPath: spec.nodeName - - name: STS_HOSTNAME - value: "$(KUBERNETES_HOSTNAME)-{{ .Values.stackstate.cluster.name}}" - - name: AGENT_VERSION - value: {{ .Values.nodeAgent.containers.processAgent.image.tag | quote }} - - name: STS_LOG_TO_CONSOLE - value: "true" - - name: HOST_PROC - value: "/host/proc" - - name: HOST_SYS - value: "/host/sys" - - name: HOST_ETC - value: "/host/etc" - - name: KUBERNETES - value: "true" - - name: STS_CLUSTER_AGENT_ENABLED - value: {{ .Values.clusterAgent.enabled | quote }} - {{- if .Values.clusterAgent.enabled }} - - name: STS_CLUSTER_AGENT_KUBERNETES_SERVICE_NAME - value: {{ .Release.Name }}-cluster-agent - {{ include "stackstate-k8s-agent.clusterAgentAuthTokenEnv" . | nindent 4 }} - {{- end }} - - name: STS_CLUSTER_NAME - value: {{ .Values.stackstate.cluster.name | quote }} - - name: STS_SKIP_VALIDATE_CLUSTERNAME - value: "true" - - name: LOG_LEVEL - value: {{ .Values.nodeAgent.containers.processAgent.logLevel | default .Values.nodeAgent.logLevel | quote }} - - name: STS_LOG_LEVEL - value: {{ .Values.nodeAgent.containers.processAgent.logLevel | default .Values.nodeAgent.logLevel | quote }} - - name: STS_NETWORK_TRACING_ENABLED - value: {{ .Values.nodeAgent.networkTracing.enabled | quote }} - - name: STS_PROTOCOL_INSPECTION_ENABLED - value: {{ .Values.nodeAgent.protocolInspection.enabled | quote }} - - name: STS_PROCESS_AGENT_ENABLED - value: {{ .Values.nodeAgent.containers.processAgent.enabled | quote }} - - name: STS_CONTAINER_CHECK_INTERVAL - value: {{ .Values.processAgent.checkIntervals.container | quote }} - - name: STS_CONNECTION_CHECK_INTERVAL - value: {{ .Values.processAgent.checkIntervals.connections | quote }} - - name: STS_PROCESS_CHECK_INTERVAL - value: {{ .Values.processAgent.checkIntervals.process | quote }} - - name: GOMEMLIMIT - value: {{ .Values.processAgent.softMemoryLimit.goMemLimit | quote }} - - name: STS_HTTP_STATS_BUFFER_SIZE - value: {{ .Values.processAgent.softMemoryLimit.httpStatsBufferSize | quote }} - - name: STS_HTTP_OBSERVATIONS_BUFFER_SIZE - value: {{ .Values.processAgent.softMemoryLimit.httpObservationsBufferSize | quote }} - - name: STS_PROCESS_AGENT_URL - value: {{ include "stackstate-k8s-agent.stackstate.url" . }} - - name: STS_SKIP_SSL_VALIDATION - value: {{ or .Values.global.skipSslValidation .Values.nodeAgent.skipSslValidation | quote }} - - name: STS_SKIP_KUBELET_TLS_VERIFY - value: {{ .Values.nodeAgent.skipKubeletTLSVerify | quote }} - - name: STS_STS_URL - value: {{ include "stackstate-k8s-agent.stackstate.url" . }} - - name: STS_HTTP_TRACING_ENABLED - value: {{ .Values.nodeAgent.httpTracing.enabled | quote }} - {{- if .Values.nodeAgent.containerRuntime.customSocketPath }} - - name: STS_CRI_SOCKET_PATH - value: {{ .Values.nodeAgent.containerRuntime.customSocketPath }} - {{- end }} - {{- if .Values.global.proxy.url }} - - name: STS_PROXY_HTTPS - value: {{ .Values.global.proxy.url | quote }} - - name: STS_PROXY_HTTP - value: {{ .Values.global.proxy.url | quote }} - {{- end }} - {{- range $key, $value := .Values.global.extraEnv.open }} - - name: {{ $key }} - value: {{ $value | quote }} - {{- end }} - {{- range $key, $value := .Values.global.extraEnv.secret }} - - name: {{ $key }} - valueFrom: - secretKeyRef: - name: {{ include "stackstate-k8s-agent.fullname" . }} - key: {{ $key }} - {{- end }} - {{- range $key, $value := .Values.nodeAgent.containers.processAgent.env }} - - name: {{ $key }} - value: {{ $value | quote }} - {{- end }} - {{- with .Values.nodeAgent.containers.processAgent.resources }} - resources: - {{- toYaml . | nindent 12 }} - {{- end }} - volumeMounts: - {{- if .Values.nodeAgent.containerRuntime.customSocketPath }} - - name: customcrisocket - mountPath: {{ .Values.nodeAgent.containerRuntime.customSocketPath }} - readOnly: true - {{- end }} - - name: crisocket - mountPath: /var/run/crio/crio.sock - readOnly: true - - name: containerdsocket - mountPath: /var/run/containerd/containerd.sock - readOnly: true - - name: sys-kernel-debug - mountPath: /sys/kernel/debug - # Having sys-kernel-debug as read only breaks specific monitors from receiving metrics - # readOnly: true - - name: dockersocket - mountPath: /var/run/docker.sock - readOnly: true - # The agent needs access to /etc to figure out what os it is running on. - - name: etcdir - mountPath: /host/etc - readOnly: true - - name: procdir - mountPath: /host/proc - # We have an agent option STS_DISABLE_BPF_JIT_HARDEN that write to /proc. this is a debug setting but if we want to use - # it, we have the option to make /proc writable. - readOnly: {{ .Values.nodeAgent.containers.processAgent.procVolumeReadOnly }} - - name: passwd - mountPath: /etc/passwd - readOnly: true - - name: cgroups - mountPath: /host/sys/fs/cgroup - readOnly: true - {{- if .Values.nodeAgent.config.override }} - {{- range .Values.nodeAgent.config.override }} - - name: config-override-volume - mountPath: {{ .path }}/{{ .name }} - subPath: {{ .path | replace "/" "_"}}_{{ .name }} - readOnly: true - {{- end }} - {{- end }} -{{- if .Values.all.hardening.enabled}} - securityContext: - privileged: true - runAsUser: 0 # root - capabilities: - add: [ "ALL" ] - readOnlyRootFilesystem: false -{{- else }} - securityContext: - privileged: true -{{- end }} -{{- end -}} diff --git a/charts/stackstate/stackstate-k8s-agent/1.0.87/templates/_helpers.tpl b/charts/stackstate/stackstate-k8s-agent/1.0.87/templates/_helpers.tpl deleted file mode 100644 index 3c51bc308..000000000 --- a/charts/stackstate/stackstate-k8s-agent/1.0.87/templates/_helpers.tpl +++ /dev/null @@ -1,219 +0,0 @@ -{{/* vim: set filetype=mustache: */}} -{{/* -Expand the name of the chart. -*/}} -{{- define "stackstate-k8s-agent.name" -}} -{{- default .Chart.Name .Values.nameOverride | trunc 63 | trimSuffix "-" -}} -{{- end -}} - -{{/* -Create a default fully qualified app name. -We truncate at 63 chars because some Kubernetes name fields are limited to this (by the DNS naming spec). -If release name contains chart name it will be used as a full name. -*/}} -{{- define "stackstate-k8s-agent.fullname" -}} -{{- if .Values.fullnameOverride -}} -{{- .Values.fullnameOverride | trunc 63 | trimSuffix "-" -}} -{{- else -}} -{{- $name := default .Chart.Name .Values.nameOverride -}} -{{- if contains $name .Release.Name -}} -{{- .Release.Name | trunc 63 | trimSuffix "-" -}} -{{- else -}} -{{- printf "%s-%s" .Release.Name $name | trunc 63 | trimSuffix "-" -}} -{{- end -}} -{{- end -}} -{{- end -}} - -{{/* -Create chart name and version as used by the chart label. -*/}} -{{- define "stackstate-k8s-agent.chart" -}} -{{- printf "%s-%s" .Chart.Name .Chart.Version | replace "+" "_" | trunc 63 | trimSuffix "-" -}} -{{- end -}} - -{{/* -Common labels -*/}} -{{- define "stackstate-k8s-agent.labels" -}} -app.kubernetes.io/name: {{ include "stackstate-k8s-agent.name" . }} -helm.sh/chart: {{ include "stackstate-k8s-agent.chart" . }} -app.kubernetes.io/instance: {{ .Release.Name }} -{{- if .Chart.AppVersion }} -app.kubernetes.io/version: {{ .Chart.AppVersion | quote }} -{{- end }} -app.kubernetes.io/managed-by: {{ .Release.Service }} -{{- end -}} - -{{/* -Cluster agent checksum annotations -*/}} -{{- define "stackstate-k8s-agent.checksum-configs" }} -checksum/secret: {{ include (print $.Template.BasePath "/secret.yaml") . | sha256sum }} -{{- end }} - -{{/* -StackState URL function -*/}} -{{- define "stackstate-k8s-agent.stackstate.url" -}} -{{ tpl .Values.stackstate.url . | quote }} -{{- end }} - -{{- define "stackstate-k8s-agent.configmap.override.checksum" -}} -{{- if .Values.clusterAgent.config.override }} -checksum/override-configmap: {{ include (print $.Template.BasePath "/cluster-agent-configmap.yaml") . | sha256sum }} -{{- end }} -{{- end }} - -{{- define "stackstate-k8s-agent.nodeAgent.configmap.override.checksum" -}} -{{- if .Values.nodeAgent.config.override }} -checksum/override-configmap: {{ include (print $.Template.BasePath "/node-agent-configmap.yaml") . | sha256sum }} -{{- end }} -{{- end }} - -{{- define "stackstate-k8s-agent.logsAgent.configmap.override.checksum" -}} -checksum/override-configmap: {{ include (print $.Template.BasePath "/logs-agent-configmap.yaml") . | sha256sum }} -{{- end }} - -{{- define "stackstate-k8s-agent.checksAgent.configmap.override.checksum" -}} -{{- if .Values.checksAgent.config.override }} -checksum/override-configmap: {{ include (print $.Template.BasePath "/checks-agent-configmap.yaml") . | sha256sum }} -{{- end }} -{{- end }} - - -{{/* -Return the image registry -*/}} -{{- define "stackstate-k8s-agent.imageRegistry" -}} - {{- if .Values.global }} - {{- .Values.global.imageRegistry | default .Values.all.image.registry -}} - {{- else -}} - {{- .Values.all.image.registry -}} - {{- end -}} -{{- end -}} - -{{/* -Renders a value that contains a template. -Usage: -{{ include "stackstate-k8s-agent.tplvalue.render" ( dict "value" .Values.path.to.the.Value "context" $) }} -*/}} -{{- define "stackstate-k8s-agent.tplvalue.render" -}} - {{- if typeIs "string" .value }} - {{- tpl .value .context }} - {{- else }} - {{- tpl (.value | toYaml) .context }} - {{- end }} -{{- end -}} - -{{- define "stackstate-k8s-agent.pull-secret.name" -}} -{{ include "stackstate-k8s-agent.fullname" . }}-pull-secret -{{- end -}} - -{{/* -Return the proper Docker Image Registry Secret Names evaluating values as templates -{{ include "stackstate-k8s-agent.image.pullSecrets" ( dict "images" (list .Values.path.to.the.image1, .Values.path.to.the.image2) "context" $) }} -*/}} -{{- define "stackstate-k8s-agent.image.pullSecrets" -}} - {{- $pullSecrets := list }} - {{- $context := .context }} - {{- if $context.Values.global }} - {{- range $context.Values.global.imagePullSecrets -}} - {{/* Is plain array of strings, compatible with all bitnami charts */}} - {{- $pullSecrets = append $pullSecrets (include "stackstate-k8s-agent.tplvalue.render" (dict "value" . "context" $context)) -}} - {{- end -}} - {{- end -}} - {{- range $context.Values.imagePullSecrets -}} - {{- $pullSecrets = append $pullSecrets (include "stackstate-k8s-agent.tplvalue.render" (dict "value" .name "context" $context)) -}} - {{- end -}} - {{- range .images -}} - {{- if .pullSecretName -}} - {{- $pullSecrets = append $pullSecrets (include "stackstate-k8s-agent.tplvalue.render" (dict "value" .pullSecretName "context" $context)) -}} - {{- end -}} - {{- end -}} - {{- $pullSecrets = append $pullSecrets (include "stackstate-k8s-agent.pull-secret.name" $context) -}} - {{- if (not (empty $pullSecrets)) -}} -imagePullSecrets: - {{- range $pullSecrets | uniq }} - - name: {{ . }} - {{- end }} - {{- end }} -{{- end -}} - -{{/* -Check whether the kubernetes-state-metrics configuration is overridden. If so, return 'true' else return nothing (which is false). -{{ include "stackstate-k8s-agent.kube-state-metrics.overridden" $ }} -*/}} -{{- define "stackstate-k8s-agent.kube-state-metrics.overridden" -}} -{{- if .Values.clusterAgent.config.override }} - {{- range $i, $val := .Values.clusterAgent.config.override }} - {{- if and (eq $val.name "conf.yaml") (eq $val.path "/etc/stackstate-agent/conf.d/kubernetes_state.d") }} -true - {{- end }} - {{- end }} -{{- end }} -{{- end -}} - -{{- define "stackstate-k8s-agent.nodeAgent.kube-state-metrics.overridden" -}} -{{- if .Values.nodeAgent.config.override }} - {{- range $i, $val := .Values.nodeAgent.config.override }} - {{- if and (eq $val.name "auto_conf.yaml") (eq $val.path "/etc/stackstate-agent/conf.d/kubernetes_state.d") }} -true - {{- end }} - {{- end }} -{{- end }} -{{- end -}} - -{{/* -Return the appropriate os label -*/}} -{{- define "label.os" -}} -{{- if semverCompare "^1.14-0" .Capabilities.KubeVersion.GitVersion -}} -kubernetes.io/os -{{- else -}} -beta.kubernetes.io/os -{{- end -}} -{{- end -}} - -{{/* -Returns a YAML with extra annotations -*/}} -{{- define "stackstate-k8s-agent.global.extraAnnotations" -}} -{{- with .Values.global.extraAnnotations }} -{{- toYaml . }} -{{- end }} -{{- end -}} - -{{/* -Returns a YAML with extra labels -*/}} -{{- define "stackstate-k8s-agent.global.extraLabels" -}} -{{- with .Values.global.extraLabels }} -{{- toYaml . }} -{{- end }} -{{- end -}} - -{{- define "stackstate-k8s-agent.apiKeyEnv" -}} -- name: STS_API_KEY - valueFrom: - secretKeyRef: -{{- if not .Values.stackstate.manageOwnSecrets }} - name: {{ include "stackstate-k8s-agent.fullname" . }} - key: sts-api-key -{{- else }} - name: {{ .Values.stackstate.customSecretName | quote }} - key: {{ .Values.stackstate.customApiKeySecretKey | quote }} -{{- end }} -{{- end -}} - -{{- define "stackstate-k8s-agent.clusterAgentAuthTokenEnv" -}} -- name: STS_CLUSTER_AGENT_AUTH_TOKEN - valueFrom: - secretKeyRef: -{{- if not .Values.stackstate.manageOwnSecrets }} - name: {{ include "stackstate-k8s-agent.fullname" . }} - key: sts-cluster-auth-token -{{- else }} - name: {{ .Values.stackstate.customSecretName | quote }} - key: {{ .Values.stackstate.customClusterAuthTokenSecretKey | quote }} -{{- end }} -{{- end -}} diff --git a/charts/stackstate/stackstate-k8s-agent/1.0.87/templates/checks-agent-clusterrolebinding.yaml b/charts/stackstate/stackstate-k8s-agent/1.0.87/templates/checks-agent-clusterrolebinding.yaml deleted file mode 100644 index 4fd0eadbc..000000000 --- a/charts/stackstate/stackstate-k8s-agent/1.0.87/templates/checks-agent-clusterrolebinding.yaml +++ /dev/null @@ -1,21 +0,0 @@ -{{- if .Values.checksAgent.enabled }} -apiVersion: rbac.authorization.k8s.io/v1 -kind: ClusterRoleBinding -metadata: - name: {{ .Release.Name }}-checks-agent - labels: -{{ include "stackstate-k8s-agent.labels" . | indent 4 }} -{{ include "stackstate-k8s-agent.global.extraLabels" . | indent 4 }} - app.kubernetes.io/component: checks-agent - annotations: -{{ include "stackstate-k8s-agent.global.extraAnnotations" . | indent 4 }} -roleRef: - apiGroup: rbac.authorization.k8s.io - kind: ClusterRole - name: {{ .Release.Name }}-node-agent -subjects: -- apiGroup: "" - kind: ServiceAccount - name: {{ .Release.Name }}-checks-agent - namespace: {{ .Release.Namespace }} -{{- end -}} diff --git a/charts/stackstate/stackstate-k8s-agent/1.0.87/templates/checks-agent-configmap.yaml b/charts/stackstate/stackstate-k8s-agent/1.0.87/templates/checks-agent-configmap.yaml deleted file mode 100644 index 54a1abf2f..000000000 --- a/charts/stackstate/stackstate-k8s-agent/1.0.87/templates/checks-agent-configmap.yaml +++ /dev/null @@ -1,17 +0,0 @@ -{{- if and .Values.checksAgent.enabled .Values.checksAgent.config.override }} -apiVersion: v1 -kind: ConfigMap -metadata: - name: {{ .Release.Name }}-checks-agent - labels: -{{ include "stackstate-k8s-agent.labels" . | indent 4 }} -{{ include "stackstate-k8s-agent.global.extraLabels" . | indent 4 }} - app.kubernetes.io/component: checks-agent - annotations: -{{ include "stackstate-k8s-agent.global.extraAnnotations" . | indent 4 }} -data: -{{- range .Values.checksAgent.config.override }} - {{ .path | replace "/" "_"}}_{{ .name }}: | -{{ .data | indent 4 -}} -{{- end -}} -{{- end -}} diff --git a/charts/stackstate/stackstate-k8s-agent/1.0.87/templates/checks-agent-deployment.yaml b/charts/stackstate/stackstate-k8s-agent/1.0.87/templates/checks-agent-deployment.yaml deleted file mode 100644 index 37a0b1a1d..000000000 --- a/charts/stackstate/stackstate-k8s-agent/1.0.87/templates/checks-agent-deployment.yaml +++ /dev/null @@ -1,185 +0,0 @@ -{{- if .Values.checksAgent.enabled }} -apiVersion: apps/v1 -kind: Deployment -metadata: - name: {{ .Release.Name }}-checks-agent - namespace: {{ .Release.Namespace }} - labels: -{{ include "stackstate-k8s-agent.labels" . | indent 4 }} -{{ include "stackstate-k8s-agent.global.extraLabels" . | indent 4 }} - app.kubernetes.io/component: checks-agent - annotations: -{{ include "stackstate-k8s-agent.global.extraAnnotations" . | indent 4 }} -spec: - selector: - matchLabels: - app.kubernetes.io/component: checks-agent - app.kubernetes.io/instance: {{ .Release.Name }} - app.kubernetes.io/name: {{ include "stackstate-k8s-agent.name" . }} - replicas: {{ .Values.checksAgent.replicas }} -{{- with .Values.checksAgent.strategy }} - strategy: - {{- toYaml . | nindent 4 }} -{{- end }} - template: - metadata: - annotations: - {{- include "stackstate-k8s-agent.checksum-configs" . | nindent 8 }} - {{- include "stackstate-k8s-agent.nodeAgent.configmap.override.checksum" . | nindent 8 }} -{{ include "stackstate-k8s-agent.global.extraAnnotations" . | indent 8 }} - labels: - app.kubernetes.io/component: checks-agent - app.kubernetes.io/instance: {{ .Release.Name }} - app.kubernetes.io/name: {{ include "stackstate-k8s-agent.name" . }} -{{ include "stackstate-k8s-agent.global.extraLabels" . | indent 8 }} - spec: - {{- include "stackstate-k8s-agent.image.pullSecrets" (dict "images" (list .Values.checksAgent.image .Values.all.image) "context" $) | nindent 6 }} - {{- if .Values.all.hardening.enabled}} - terminationGracePeriodSeconds: 240 - {{- end }} - containers: - - name: {{ .Chart.Name }} - image: "{{ include "stackstate-k8s-agent.imageRegistry" . }}/{{ .Values.checksAgent.image.repository }}:{{ .Values.checksAgent.image.tag }}" - imagePullPolicy: "{{ .Values.checksAgent.image.pullPolicy }}" - {{- if .Values.all.hardening.enabled}} - lifecycle: - preStop: - exec: - command: [ "/bin/sh", "-c", "echo 'Giving slim.ai monitor time to submit data...'; sleep 120" ] - {{- end }} - env: - {{ include "stackstate-k8s-agent.apiKeyEnv" . | nindent 10 }} - - name: KUBERNETES_HOSTNAME - valueFrom: - fieldRef: - fieldPath: spec.nodeName - - name: STS_HOSTNAME - value: "$(KUBERNETES_HOSTNAME)-{{ .Values.stackstate.cluster.name}}" - - name: AGENT_VERSION - value: {{ .Values.checksAgent.image.tag | quote }} - - name: LOG_LEVEL - value: {{ .Values.checksAgent.logLevel | quote }} - - name: STS_APM_ENABLED - value: "false" - - name: STS_CLUSTER_AGENT_ENABLED - value: {{ .Values.clusterAgent.enabled | quote }} - {{- if .Values.clusterAgent.enabled }} - - name: STS_CLUSTER_AGENT_KUBERNETES_SERVICE_NAME - value: {{ .Release.Name }}-cluster-agent - {{ include "stackstate-k8s-agent.clusterAgentAuthTokenEnv" . | nindent 10 }} - {{- end }} - - name: STS_CLUSTER_NAME - value: {{ .Values.stackstate.cluster.name | quote }} - - name: STS_SKIP_VALIDATE_CLUSTERNAME - value: "true" - - name: STS_CHECKS_TAG_CARDINALITY - value: {{ .Values.checksAgent.checksTagCardinality | quote }} - - name: STS_EXTRA_CONFIG_PROVIDERS - value: "clusterchecks" - - name: STS_HEALTH_PORT - value: "5555" - - name: STS_LEADER_ELECTION - value: "false" - - name: STS_LOG_LEVEL - value: {{ .Values.checksAgent.logLevel | quote }} - - name: STS_NETWORK_TRACING_ENABLED - value: "false" - - name: STS_PROCESS_AGENT_ENABLED - value: "false" - - name: STS_SKIP_SSL_VALIDATION - value: {{ or .Values.global.skipSslValidation .Values.checksAgent.skipSslValidation | quote }} - - name: STS_STS_URL - value: {{ include "stackstate-k8s-agent.stackstate.url" . }} - {{- if .Values.global.proxy.url }} - - name: STS_PROXY_HTTPS - value: {{ .Values.global.proxy.url | quote }} - - name: STS_PROXY_HTTP - value: {{ .Values.global.proxy.url | quote }} - {{- end }} - {{- range $key, $value := .Values.global.extraEnv.open }} - - name: {{ $key }} - value: {{ $value | quote }} - {{- end }} - {{- range $key, $value := .Values.global.extraEnv.secret }} - - name: {{ $key }} - valueFrom: - secretKeyRef: - name: {{ include "stackstate-k8s-agent.fullname" . }} - key: {{ $key }} - {{- end }} - livenessProbe: - httpGet: - path: /health - port: healthport - failureThreshold: {{ .Values.checksAgent.livenessProbe.failureThreshold }} - initialDelaySeconds: {{ .Values.checksAgent.livenessProbe.initialDelaySeconds }} - periodSeconds: {{ .Values.checksAgent.livenessProbe.periodSeconds }} - successThreshold: {{ .Values.checksAgent.livenessProbe.successThreshold }} - timeoutSeconds: {{ .Values.checksAgent.livenessProbe.timeoutSeconds }} - readinessProbe: - httpGet: - path: /health - port: healthport - failureThreshold: {{ .Values.checksAgent.readinessProbe.failureThreshold }} - initialDelaySeconds: {{ .Values.checksAgent.readinessProbe.initialDelaySeconds }} - periodSeconds: {{ .Values.checksAgent.readinessProbe.periodSeconds }} - successThreshold: {{ .Values.checksAgent.readinessProbe.successThreshold }} - timeoutSeconds: {{ .Values.checksAgent.readinessProbe.timeoutSeconds }} - ports: - - containerPort: 5555 - name: healthport - protocol: TCP - {{- if .Values.all.hardening.enabled}} - securityContext: - privileged: true - runAsUser: 0 # root - capabilities: - add: [ "ALL" ] - readOnlyRootFilesystem: false - {{- else }} - securityContext: - privileged: false - {{- end }} - {{- with .Values.checksAgent.resources }} - resources: - {{- toYaml . | nindent 12 }} - {{- end }} - volumeMounts: - - name: confd-empty-volume - mountPath: /etc/stackstate-agent/conf.d -# setting as readOnly: false because we need the ability to write data on /etc/stackstate-agent/conf.d as we enable checks to run. - readOnly: false - {{- if .Values.checksAgent.config.override }} - {{- range .Values.checksAgent.config.override }} - - name: config-override-volume - mountPath: {{ .path }}/{{ .name }} - subPath: {{ .path | replace "/" "_"}}_{{ .name }} - readOnly: true - {{- end }} - {{- end }} - {{- if .Values.checksAgent.priorityClassName }} - priorityClassName: {{ .Values.checksAgent.priorityClassName }} - {{- end }} - serviceAccountName: {{ .Release.Name }}-checks-agent - nodeSelector: - {{ template "label.os" . }}: {{ .Values.targetSystem }} - {{- with .Values.checksAgent.nodeSelector }} - {{- toYaml . | nindent 8 }} - {{- end }} - {{- with .Values.checksAgent.affinity }} - affinity: - {{- toYaml . | nindent 8 }} - {{- end }} - {{- with .Values.checksAgent.tolerations }} - tolerations: - {{- toYaml . | nindent 8 }} - {{- end }} - volumes: - - name: confd-empty-volume - emptyDir: {} - {{- if .Values.checksAgent.config.override }} - - name: config-override-volume - configMap: - name: {{ .Release.Name }}-checks-agent - {{- end }} -{{- end -}} diff --git a/charts/stackstate/stackstate-k8s-agent/1.0.87/templates/checks-agent-poddisruptionbudget.yaml b/charts/stackstate/stackstate-k8s-agent/1.0.87/templates/checks-agent-poddisruptionbudget.yaml deleted file mode 100644 index 19d3924ea..000000000 --- a/charts/stackstate/stackstate-k8s-agent/1.0.87/templates/checks-agent-poddisruptionbudget.yaml +++ /dev/null @@ -1,23 +0,0 @@ -{{- if .Values.checksAgent.enabled }} -{{- if .Capabilities.APIVersions.Has "policy/v1/PodDisruptionBudget" }} -apiVersion: policy/v1 -{{- else }} -apiVersion: policy/v1beta1 -{{- end }} -kind: PodDisruptionBudget -metadata: - name: {{ .Release.Name }}-checks-agent - labels: -{{ include "stackstate-k8s-agent.labels" . | indent 4 }} -{{ include "stackstate-k8s-agent.global.extraLabels" . | indent 4 }} - app.kubernetes.io/component: checks-agent - annotations: -{{ include "stackstate-k8s-agent.global.extraAnnotations" . | indent 4 }} -spec: - maxUnavailable: 1 - selector: - matchLabels: - app.kubernetes.io/component: checks-agent - app.kubernetes.io/instance: {{ .Release.Name }} - app.kubernetes.io/name: {{ include "stackstate-k8s-agent.name" . }} -{{- end -}} diff --git a/charts/stackstate/stackstate-k8s-agent/1.0.87/templates/checks-agent-serviceaccount.yaml b/charts/stackstate/stackstate-k8s-agent/1.0.87/templates/checks-agent-serviceaccount.yaml deleted file mode 100644 index a90a43589..000000000 --- a/charts/stackstate/stackstate-k8s-agent/1.0.87/templates/checks-agent-serviceaccount.yaml +++ /dev/null @@ -1,16 +0,0 @@ -{{- if .Values.checksAgent.enabled }} -apiVersion: v1 -kind: ServiceAccount -metadata: - name: {{ .Release.Name }}-checks-agent - namespace: {{ .Release.Namespace }} - labels: -{{ include "stackstate-k8s-agent.labels" . | indent 4 }} -{{ include "stackstate-k8s-agent.global.extraLabels" . | indent 4 }} - app.kubernetes.io/component: checks-agent - annotations: -{{ include "stackstate-k8s-agent.global.extraAnnotations" . | indent 4 }} -{{- with .Values.checksAgent.serviceaccount.annotations }} - {{- toYaml . | nindent 4 }} -{{- end }} -{{- end -}} diff --git a/charts/stackstate/stackstate-k8s-agent/1.0.87/templates/cluster-agent-clusterrole.yaml b/charts/stackstate/stackstate-k8s-agent/1.0.87/templates/cluster-agent-clusterrole.yaml deleted file mode 100644 index 021a43ebd..000000000 --- a/charts/stackstate/stackstate-k8s-agent/1.0.87/templates/cluster-agent-clusterrole.yaml +++ /dev/null @@ -1,152 +0,0 @@ -{{- $kubeRes := .Values.clusterAgent.collection.kubernetesResources }} -apiVersion: rbac.authorization.k8s.io/v1 -kind: ClusterRole -metadata: - name: {{ include "stackstate-k8s-agent.fullname" . }} - labels: -{{ include "stackstate-k8s-agent.labels" . | indent 4 }} -{{ include "stackstate-k8s-agent.global.extraLabels" . | indent 4 }} - app.kubernetes.io/component: cluster-agent - annotations: -{{ include "stackstate-k8s-agent.global.extraAnnotations" . | indent 4 }} -rules: -- apiGroups: - - "" - resources: - - events - - nodes - - pods - - services - {{- if $kubeRes.namespaces }} - - namespaces - {{- end }} - {{- if .Values.clusterAgent.collection.kubernetesMetrics }} - - componentstatuses - {{- end }} - {{- if $kubeRes.configmaps }} - - configmaps - {{- end }} - {{- if $kubeRes.endpoints }} - - endpoints - {{- end }} - {{- if $kubeRes.persistentvolumeclaims }} - - persistentvolumeclaims - {{- end }} - {{- if $kubeRes.persistentvolumes }} - - persistentvolumes - {{- end }} - {{- if $kubeRes.secrets }} - - secrets - {{- end }} - {{- if $kubeRes.resourcequotas }} - - resourcequotas - {{- end }} - verbs: - - get - - list - - watch -{{- if or $kubeRes.daemonsets $kubeRes.deployments $kubeRes.replicasets $kubeRes.statefulsets }} -- apiGroups: - - "apps" - resources: - {{- if $kubeRes.daemonsets }} - - daemonsets - {{- end }} - {{- if $kubeRes.deployments }} - - deployments - {{- end }} - {{- if $kubeRes.replicasets }} - - replicasets - {{- end }} - {{- if $kubeRes.statefulsets }} - - statefulsets - {{- end }} - verbs: - - get - - list - - watch -{{- end}} -{{- if $kubeRes.ingresses }} -- apiGroups: - - "extensions" - - "networking.k8s.io" - resources: - - ingresses - verbs: - - get - - list - - watch -{{- end}} -{{- if or $kubeRes.cronjobs $kubeRes.jobs }} -- apiGroups: - - "batch" - resources: - {{- if $kubeRes.cronjobs }} - - cronjobs - {{- end }} - {{- if $kubeRes.jobs }} - - jobs - {{- end }} - verbs: - - get - - list - - watch -{{- end}} -- nonResourceURLs: - - "/healthz" - - "/version" - verbs: - - get -- apiGroups: - - "storage.k8s.io" - resources: - {{- if $kubeRes.volumeattachments }} - - volumeattachments - {{- end }} - {{- if $kubeRes.storageclasses }} - - storageclasses - {{- end }} - verbs: - - get - - list - - watch -- apiGroups: - - "policy" - resources: - {{- if $kubeRes.poddisruptionbudgets }} - - poddisruptionbudgets - {{- end }} - verbs: - - get - - list - - watch -- apiGroups: - - "" - resources: - {{- if $kubeRes.replicationcontrollers }} - - replicationcontrollers - {{- end }} - verbs: - - get - - list - - watch -- apiGroups: - - "autoscaling" - resources: - {{- if $kubeRes.horizontalpodautoscalers }} - - horizontalpodautoscalers - {{- end }} - verbs: - - get - - list - - watch -- apiGroups: - - "" - resources: - {{- if $kubeRes.limitranges }} - - limitranges - {{- end }} - verbs: - - get - - list - - watch diff --git a/charts/stackstate/stackstate-k8s-agent/1.0.87/templates/cluster-agent-clusterrolebinding.yaml b/charts/stackstate/stackstate-k8s-agent/1.0.87/templates/cluster-agent-clusterrolebinding.yaml deleted file mode 100644 index 207613dd9..000000000 --- a/charts/stackstate/stackstate-k8s-agent/1.0.87/templates/cluster-agent-clusterrolebinding.yaml +++ /dev/null @@ -1,19 +0,0 @@ -apiVersion: rbac.authorization.k8s.io/v1 -kind: ClusterRoleBinding -metadata: - name: {{ include "stackstate-k8s-agent.fullname" . }} - labels: -{{ include "stackstate-k8s-agent.labels" . | indent 4 }} -{{ include "stackstate-k8s-agent.global.extraLabels" . | indent 4 }} - app.kubernetes.io/component: cluster-agent - annotations: -{{ include "stackstate-k8s-agent.global.extraAnnotations" . | indent 4 }} -roleRef: - apiGroup: rbac.authorization.k8s.io - kind: ClusterRole - name: {{ include "stackstate-k8s-agent.fullname" . }} -subjects: -- apiGroup: "" - kind: ServiceAccount - name: {{ include "stackstate-k8s-agent.fullname" . }} - namespace: {{ .Release.Namespace }} diff --git a/charts/stackstate/stackstate-k8s-agent/1.0.87/templates/cluster-agent-configmap.yaml b/charts/stackstate/stackstate-k8s-agent/1.0.87/templates/cluster-agent-configmap.yaml deleted file mode 100644 index 37d10217f..000000000 --- a/charts/stackstate/stackstate-k8s-agent/1.0.87/templates/cluster-agent-configmap.yaml +++ /dev/null @@ -1,31 +0,0 @@ -apiVersion: v1 -kind: ConfigMap -metadata: - name: {{ .Release.Name }}-cluster-agent - labels: -{{ include "stackstate-k8s-agent.labels" . | indent 4 }} -{{ include "stackstate-k8s-agent.global.extraLabels" . | indent 4 }} - app.kubernetes.io/component: cluster-agent - annotations: -{{ include "stackstate-k8s-agent.global.extraAnnotations" . | indent 4 }} -data: - kubernetes_api_events_conf: | - init_config: - instances: - - collect_events: {{ .Values.clusterAgent.collection.kubernetesEvents }} - event_categories:{{ .Values.clusterAgent.config.events.categories | toYaml | nindent 10 }} - kubernetes_api_topology_conf: | - init_config: - instances: - - collection_interval: {{ .Values.clusterAgent.config.topology.collectionInterval }} - resources:{{ .Values.clusterAgent.collection.kubernetesResources | toYaml | nindent 10 }} - {{- if .Values.clusterAgent.collection.kubeStateMetrics.enabled }} - kube_state_metrics_core_conf: | - {{- include "cluster-agent-kube-state-metrics" . | nindent 6 }} - {{- end }} -{{- if .Values.clusterAgent.config.override }} -{{- range .Values.clusterAgent.config.override }} - {{ .path | replace "/" "_"}}_{{ .name }}: | -{{ .data | indent 4 -}} -{{- end -}} -{{- end -}} diff --git a/charts/stackstate/stackstate-k8s-agent/1.0.87/templates/cluster-agent-deployment.yaml b/charts/stackstate/stackstate-k8s-agent/1.0.87/templates/cluster-agent-deployment.yaml deleted file mode 100644 index 51025a670..000000000 --- a/charts/stackstate/stackstate-k8s-agent/1.0.87/templates/cluster-agent-deployment.yaml +++ /dev/null @@ -1,169 +0,0 @@ -apiVersion: apps/v1 -kind: Deployment -metadata: - name: {{ .Release.Name }}-cluster-agent - labels: -{{ include "stackstate-k8s-agent.labels" . | indent 4 }} -{{ include "stackstate-k8s-agent.global.extraLabels" . | indent 4 }} - app.kubernetes.io/component: cluster-agent - annotations: -{{ include "stackstate-k8s-agent.global.extraAnnotations" . | indent 4 }} -spec: - replicas: {{ .Values.clusterAgent.replicaCount }} - selector: - matchLabels: - app.kubernetes.io/component: cluster-agent - app.kubernetes.io/instance: {{ .Release.Name }} - app.kubernetes.io/name: {{ include "stackstate-k8s-agent.name" . }} -{{- with .Values.clusterAgent.strategy }} - strategy: - {{- toYaml . | nindent 4 }} -{{- end }} - template: - metadata: - annotations: - {{- include "stackstate-k8s-agent.checksum-configs" . | nindent 8 }} - {{- include "stackstate-k8s-agent.configmap.override.checksum" . | nindent 8 }} -{{ include "stackstate-k8s-agent.global.extraAnnotations" . | indent 8 }} - labels: - app.kubernetes.io/component: cluster-agent - app.kubernetes.io/instance: {{ .Release.Name }} - app.kubernetes.io/name: {{ include "stackstate-k8s-agent.name" . }} -{{ include "stackstate-k8s-agent.global.extraLabels" . | indent 8 }} - spec: - {{- include "stackstate-k8s-agent.image.pullSecrets" (dict "images" (list .Values.clusterAgent.image .Values.all.image) "context" $) | nindent 6 }} - {{- if .Values.clusterAgent.priorityClassName }} - priorityClassName: {{ .Values.clusterAgent.priorityClassName }} - {{- end }} - serviceAccountName: {{ include "stackstate-k8s-agent.fullname" . }} - {{- if .Values.all.hardening.enabled}} - terminationGracePeriodSeconds: 240 - {{- end }} - containers: - - name: cluster-agent - image: "{{ include "stackstate-k8s-agent.imageRegistry" . }}/{{ .Values.clusterAgent.image.repository }}:{{ .Values.clusterAgent.image.tag }}" - imagePullPolicy: "{{ .Values.clusterAgent.image.pullPolicy }}" - {{- if .Values.all.hardening.enabled}} - lifecycle: - preStop: - exec: - command: [ "/bin/sh", "-c", "echo 'Giving slim.ai monitor time to submit data...'; sleep 120" ] - {{- end }} - env: - {{ include "stackstate-k8s-agent.apiKeyEnv" . | nindent 10 }} - {{ include "stackstate-k8s-agent.clusterAgentAuthTokenEnv" . | nindent 10 }} - - name: KUBERNETES_HOSTNAME - valueFrom: - fieldRef: - fieldPath: spec.nodeName - - name: STS_HOSTNAME - value: "$(KUBERNETES_HOSTNAME)-{{ .Values.stackstate.cluster.name}}" - - name: LOG_LEVEL - value: {{ .Values.clusterAgent.logLevel | quote }} - {{- if .Values.checksAgent.enabled }} - - name: STS_CLUSTER_CHECKS_ENABLED - value: "true" - - name: STS_EXTRA_CONFIG_PROVIDERS - value: "kube_endpoints kube_services" - - name: STS_EXTRA_LISTENERS - value: "kube_endpoints kube_services" - {{- end }} - - name: STS_CLUSTER_NAME - value: {{.Values.stackstate.cluster.name | quote }} - - name: STS_SKIP_VALIDATE_CLUSTERNAME - value: "true" - - name: STS_SKIP_SSL_VALIDATION - value: {{ or .Values.global.skipSslValidation .Values.clusterAgent.skipSslValidation | quote }} - - name: STS_COLLECT_KUBERNETES_METRICS - value: {{ .Values.clusterAgent.collection.kubernetesMetrics | quote }} - - name: STS_COLLECT_KUBERNETES_TIMEOUT - value: {{ .Values.clusterAgent.collection.kubernetesTimeout | quote }} - - name: STS_COLLECT_KUBERNETES_TOPOLOGY - value: {{ .Values.clusterAgent.collection.kubernetesTopology | quote }} - - name: STS_LEADER_ELECTION - value: "true" - - name: STS_LOG_LEVEL - value: {{ .Values.clusterAgent.logLevel | quote }} - - name: STS_CLUSTER_AGENT_CMD_PORT - value: {{ .Values.clusterAgent.service.targetPort | quote }} - - name: STS_STS_URL - value: {{ include "stackstate-k8s-agent.stackstate.url" . }} - {{- if .Values.clusterAgent.config.configMap.maxDataSize }} - - name: STS_CONFIGMAP_MAX_DATASIZE - value: {{ .Values.clusterAgent.config.configMap.maxDataSize | quote }} - {{- end}} - {{- if .Values.global.proxy.url }} - - name: STS_PROXY_HTTPS - value: {{ .Values.global.proxy.url | quote }} - - name: STS_PROXY_HTTP - value: {{ .Values.global.proxy.url | quote }} - {{- end }} - {{- range $key, $value := .Values.global.extraEnv.open }} - - name: {{ $key }} - value: {{ $value | quote }} - {{- end }} - {{- range $key, $value := .Values.global.extraEnv.secret }} - - name: {{ $key }} - valueFrom: - secretKeyRef: - name: {{ include "stackstate-k8s-agent.fullname" . }} - key: {{ $key }} - {{- end }} - {{- if .Values.all.hardening.enabled}} - securityContext: - privileged: true - runAsUser: 0 # root - capabilities: - add: [ "ALL" ] - readOnlyRootFilesystem: false - {{- else }} - securityContext: - privileged: false - {{- end }} - {{- with .Values.clusterAgent.resources }} - resources: - {{- toYaml . | nindent 12 }} - {{- end }} - volumeMounts: - - name: logs - mountPath: /var/log/stackstate-agent - - name: config-override-volume - mountPath: /etc/stackstate-agent/conf.d/kubernetes_api_events.d/conf.yaml - subPath: kubernetes_api_events_conf - - name: config-override-volume - mountPath: /etc/stackstate-agent/conf.d/kubernetes_api_topology.d/conf.yaml - subPath: kubernetes_api_topology_conf - readOnly: true - {{- if .Values.clusterAgent.collection.kubeStateMetrics.enabled }} - - name: config-override-volume - mountPath: /etc/stackstate-agent/conf.d/kubernetes_state_core.d/conf.yaml - subPath: kube_state_metrics_core_conf - readOnly: true - {{- end }} - {{- if .Values.clusterAgent.config.override }} - {{- range .Values.clusterAgent.config.override }} - - name: config-override-volume - mountPath: {{ .path }}/{{ .name }} - subPath: {{ .path | replace "/" "_"}}_{{ .name }} - readOnly: true - {{- end }} - {{- end }} - nodeSelector: - {{ template "label.os" . }}: {{ .Values.targetSystem }} - {{- with .Values.clusterAgent.nodeSelector }} - {{- toYaml . | nindent 8 }} - {{- end }} - {{- with .Values.clusterAgent.affinity }} - affinity: - {{- toYaml . | nindent 8 }} - {{- end }} - {{- with .Values.clusterAgent.tolerations }} - tolerations: - {{- toYaml . | nindent 8 }} - {{- end }} - volumes: - - name: logs - emptyDir: {} - - name: config-override-volume - configMap: - name: {{ .Release.Name }}-cluster-agent diff --git a/charts/stackstate/stackstate-k8s-agent/1.0.87/templates/cluster-agent-poddisruptionbudget.yaml b/charts/stackstate/stackstate-k8s-agent/1.0.87/templates/cluster-agent-poddisruptionbudget.yaml deleted file mode 100644 index 64a265b7d..000000000 --- a/charts/stackstate/stackstate-k8s-agent/1.0.87/templates/cluster-agent-poddisruptionbudget.yaml +++ /dev/null @@ -1,21 +0,0 @@ -{{- if .Capabilities.APIVersions.Has "policy/v1/PodDisruptionBudget" }} -apiVersion: policy/v1 -{{- else }} -apiVersion: policy/v1beta1 -{{- end }} -kind: PodDisruptionBudget -metadata: - name: {{ include "stackstate-k8s-agent.fullname" . }} - labels: -{{ include "stackstate-k8s-agent.labels" . | indent 4 }} -{{ include "stackstate-k8s-agent.global.extraLabels" . | indent 4 }} - app.kubernetes.io/component: cluster-agent - annotations: -{{ include "stackstate-k8s-agent.global.extraAnnotations" . | indent 4 }} -spec: - maxUnavailable: 1 - selector: - matchLabels: - app.kubernetes.io/component: cluster-agent - app.kubernetes.io/instance: {{ .Release.Name }} - app.kubernetes.io/name: {{ include "stackstate-k8s-agent.name" . }} diff --git a/charts/stackstate/stackstate-k8s-agent/1.0.87/templates/cluster-agent-role.yaml b/charts/stackstate/stackstate-k8s-agent/1.0.87/templates/cluster-agent-role.yaml deleted file mode 100644 index eabc5bde3..000000000 --- a/charts/stackstate/stackstate-k8s-agent/1.0.87/templates/cluster-agent-role.yaml +++ /dev/null @@ -1,21 +0,0 @@ -{{- $kubeRes := .Values.clusterAgent.collection.kubernetesResources }} -apiVersion: rbac.authorization.k8s.io/v1 -kind: Role -metadata: - name: {{ include "stackstate-k8s-agent.fullname" . }} - labels: -{{ include "stackstate-k8s-agent.labels" . | indent 4 }} -{{ include "stackstate-k8s-agent.global.extraLabels" . | indent 4 }} - app.kubernetes.io/component: cluster-agent - annotations: -{{ include "stackstate-k8s-agent.global.extraAnnotations" . | indent 4 }} -rules: -- apiGroups: - - "" - resources: - - configmaps - verbs: - - create - - get - - patch - - update diff --git a/charts/stackstate/stackstate-k8s-agent/1.0.87/templates/cluster-agent-rolebinding.yaml b/charts/stackstate/stackstate-k8s-agent/1.0.87/templates/cluster-agent-rolebinding.yaml deleted file mode 100644 index adabad45e..000000000 --- a/charts/stackstate/stackstate-k8s-agent/1.0.87/templates/cluster-agent-rolebinding.yaml +++ /dev/null @@ -1,18 +0,0 @@ -apiVersion: rbac.authorization.k8s.io/v1 -kind: RoleBinding -metadata: - name: {{ include "stackstate-k8s-agent.fullname" . }} - labels: -{{ include "stackstate-k8s-agent.labels" . | indent 4 }} -{{ include "stackstate-k8s-agent.global.extraLabels" . | indent 4 }} - app.kubernetes.io/component: cluster-agent - annotations: -{{ include "stackstate-k8s-agent.global.extraAnnotations" . | indent 4 }} -roleRef: - apiGroup: rbac.authorization.k8s.io - kind: Role - name: {{ include "stackstate-k8s-agent.fullname" . }} -subjects: -- apiGroup: "" - kind: ServiceAccount - name: {{ include "stackstate-k8s-agent.fullname" . }} diff --git a/charts/stackstate/stackstate-k8s-agent/1.0.87/templates/cluster-agent-service.yaml b/charts/stackstate/stackstate-k8s-agent/1.0.87/templates/cluster-agent-service.yaml deleted file mode 100644 index 8b687e8f7..000000000 --- a/charts/stackstate/stackstate-k8s-agent/1.0.87/templates/cluster-agent-service.yaml +++ /dev/null @@ -1,21 +0,0 @@ -apiVersion: v1 -kind: Service -metadata: - name: {{ .Release.Name }}-cluster-agent - namespace: {{ .Release.Namespace }} - labels: -{{ include "stackstate-k8s-agent.labels" . | indent 4 }} -{{ include "stackstate-k8s-agent.global.extraLabels" . | indent 4 }} - app.kubernetes.io/component: cluster-agent - annotations: -{{ include "stackstate-k8s-agent.global.extraAnnotations" . | indent 4 }} -spec: - ports: - - name: clusteragent - port: {{int .Values.clusterAgent.service.port }} - protocol: TCP - targetPort: {{int .Values.clusterAgent.service.targetPort }} - selector: - app.kubernetes.io/component: cluster-agent - app.kubernetes.io/instance: {{ .Release.Name }} - app.kubernetes.io/name: {{ include "stackstate-k8s-agent.name" . }} diff --git a/charts/stackstate/stackstate-k8s-agent/1.0.87/templates/cluster-agent-serviceaccount.yaml b/charts/stackstate/stackstate-k8s-agent/1.0.87/templates/cluster-agent-serviceaccount.yaml deleted file mode 100644 index 6cbc89699..000000000 --- a/charts/stackstate/stackstate-k8s-agent/1.0.87/templates/cluster-agent-serviceaccount.yaml +++ /dev/null @@ -1,14 +0,0 @@ -apiVersion: v1 -kind: ServiceAccount -metadata: - name: {{ include "stackstate-k8s-agent.fullname" . }} - namespace: {{ .Release.Namespace }} - labels: -{{ include "stackstate-k8s-agent.labels" . | indent 4 }} -{{ include "stackstate-k8s-agent.global.extraLabels" . | indent 4 }} - app.kubernetes.io/component: cluster-agent - annotations: -{{ include "stackstate-k8s-agent.global.extraAnnotations" . | indent 4 }} -{{- with .Values.clusterAgent.serviceaccount.annotations }} - {{- toYaml . | nindent 4 }} -{{- end }} diff --git a/charts/stackstate/stackstate-k8s-agent/1.0.87/templates/logs-agent-clusterrole.yaml b/charts/stackstate/stackstate-k8s-agent/1.0.87/templates/logs-agent-clusterrole.yaml deleted file mode 100644 index da6cd59dd..000000000 --- a/charts/stackstate/stackstate-k8s-agent/1.0.87/templates/logs-agent-clusterrole.yaml +++ /dev/null @@ -1,23 +0,0 @@ -{{- if .Values.logsAgent.enabled }} -apiVersion: rbac.authorization.k8s.io/v1 -kind: ClusterRole -metadata: - name: {{ .Release.Name }}-logs-agent - labels: -{{ include "stackstate-k8s-agent.labels" . | indent 4 }} -{{ include "stackstate-k8s-agent.global.extraLabels" . | indent 4 }} - app.kubernetes.io/component: logs-agent - annotations: -{{ include "stackstate-k8s-agent.global.extraAnnotations" . | indent 4 }} -rules: -- apiGroups: # Kubelet connectivity - - "" - resources: - - nodes - - services - - pods - verbs: - - get - - watch - - list -{{- end -}} diff --git a/charts/stackstate/stackstate-k8s-agent/1.0.87/templates/logs-agent-clusterrolebinding.yaml b/charts/stackstate/stackstate-k8s-agent/1.0.87/templates/logs-agent-clusterrolebinding.yaml deleted file mode 100644 index 1f6e7cfcf..000000000 --- a/charts/stackstate/stackstate-k8s-agent/1.0.87/templates/logs-agent-clusterrolebinding.yaml +++ /dev/null @@ -1,21 +0,0 @@ -{{- if .Values.logsAgent.enabled }} -apiVersion: rbac.authorization.k8s.io/v1 -kind: ClusterRoleBinding -metadata: - name: {{ .Release.Name }}-logs-agent - labels: -{{ include "stackstate-k8s-agent.labels" . | indent 4 }} -{{ include "stackstate-k8s-agent.global.extraLabels" . | indent 4 }} - app.kubernetes.io/component: logs-agent - annotations: -{{ include "stackstate-k8s-agent.global.extraAnnotations" . | indent 4 }} -roleRef: - apiGroup: rbac.authorization.k8s.io - kind: ClusterRole - name: {{ .Release.Name }}-logs-agent -subjects: -- apiGroup: "" - kind: ServiceAccount - name: {{ .Release.Name }}-logs-agent - namespace: {{ .Release.Namespace }} -{{- end -}} diff --git a/charts/stackstate/stackstate-k8s-agent/1.0.87/templates/logs-agent-configmap.yaml b/charts/stackstate/stackstate-k8s-agent/1.0.87/templates/logs-agent-configmap.yaml deleted file mode 100644 index ff9440a4b..000000000 --- a/charts/stackstate/stackstate-k8s-agent/1.0.87/templates/logs-agent-configmap.yaml +++ /dev/null @@ -1,63 +0,0 @@ -{{- if .Values.logsAgent.enabled }} -apiVersion: v1 -kind: ConfigMap -metadata: - name: {{ .Release.Name }}-logs-agent - labels: -{{ include "stackstate-k8s-agent.labels" . | indent 4 }} -{{ include "stackstate-k8s-agent.global.extraLabels" . | indent 4 }} - app.kubernetes.io/component: logs-agent - annotations: -{{ include "stackstate-k8s-agent.global.extraAnnotations" . | indent 4 }} -data: - promtail.yaml: | - server: - http_listen_port: 9080 - grpc_listen_port: 0 - - clients: - - url: {{ tpl .Values.stackstate.url . }}/logs/k8s?api_key=${STS_API_KEY} - external_labels: - sts_cluster_name: {{ .Values.stackstate.cluster.name | quote }} - {{- if .Values.global.proxy.url }} - proxy_url: {{ .Values.global.proxy.url | quote }} - {{- end }} - tls_config: - insecure_skip_verify: {{ or .Values.global.skipSslValidation .Values.logsAgent.skipSslValidation }} - - - positions: - filename: /tmp/positions.yaml - target_config: - sync_period: 10s - scrape_configs: - - job_name: pod-logs - kubernetes_sd_configs: - - role: pod - pipeline_stages: - - docker: {} - - cri: {} - relabel_configs: - - action: replace - source_labels: - - __meta_kubernetes_pod_name - target_label: pod_name - - action: replace - source_labels: - - __meta_kubernetes_pod_uid - target_label: pod_uid - - action: replace - source_labels: - - __meta_kubernetes_pod_container_name - target_label: container_name - # The __path__ is required by the promtail client - - replacement: /var/log/pods/*$1/*.log - separator: / - source_labels: - - __meta_kubernetes_pod_uid - - __meta_kubernetes_pod_container_name - target_label: __path__ - # Drop all remaining labels, we do not need those - - action: drop - regex: __meta_(.*) -{{- end -}} diff --git a/charts/stackstate/stackstate-k8s-agent/1.0.87/templates/logs-agent-daemonset.yaml b/charts/stackstate/stackstate-k8s-agent/1.0.87/templates/logs-agent-daemonset.yaml deleted file mode 100644 index 23cfce31f..000000000 --- a/charts/stackstate/stackstate-k8s-agent/1.0.87/templates/logs-agent-daemonset.yaml +++ /dev/null @@ -1,91 +0,0 @@ -{{- if .Values.logsAgent.enabled }} -apiVersion: apps/v1 -kind: DaemonSet -metadata: - name: {{ .Release.Name }}-logs-agent - namespace: {{ .Release.Namespace }} - labels: -{{ include "stackstate-k8s-agent.labels" . | indent 4 }} -{{ include "stackstate-k8s-agent.global.extraLabels" . | indent 4 }} - app.kubernetes.io/component: logs-agent - annotations: -{{ include "stackstate-k8s-agent.global.extraAnnotations" . | indent 4 }} -spec: - selector: - matchLabels: - app.kubernetes.io/component: logs-agent - app.kubernetes.io/instance: {{ .Release.Name }} - app.kubernetes.io/name: {{ include "stackstate-k8s-agent.name" . }} -{{- with .Values.logsAgent.updateStrategy }} - updateStrategy: - {{- toYaml . | nindent 4 }} -{{- end }} - template: - metadata: - annotations: - {{- include "stackstate-k8s-agent.checksum-configs" . | nindent 8 }} - {{- include "stackstate-k8s-agent.logsAgent.configmap.override.checksum" . | nindent 8 }} -{{ include "stackstate-k8s-agent.global.extraAnnotations" . | indent 8 }} - labels: - app.kubernetes.io/component: logs-agent - app.kubernetes.io/instance: {{ .Release.Name }} - app.kubernetes.io/name: {{ include "stackstate-k8s-agent.name" . }} -{{ include "stackstate-k8s-agent.global.extraLabels" . | indent 8 }} - spec: - {{- include "stackstate-k8s-agent.image.pullSecrets" (dict "images" (list .Values.logsAgent.image .Values.all.image) "context" $) | nindent 6 }} - containers: - - name: logs-agent - image: "{{ include "stackstate-k8s-agent.imageRegistry" . }}/{{ .Values.logsAgent.image.repository }}:{{ .Values.logsAgent.image.tag }}" - args: - - -config.expand-env=true - - -config.file=/etc/promtail/promtail.yaml - imagePullPolicy: "{{ .Values.logsAgent.image.pullPolicy }}" - env: - {{ include "stackstate-k8s-agent.apiKeyEnv" . | nindent 10 }} - - name: "HOSTNAME" # needed when using kubernetes_sd_configs - valueFrom: - fieldRef: - fieldPath: "spec.nodeName" - securityContext: - privileged: false - {{- with .Values.logsAgent.resources }} - resources: - {{- toYaml . | nindent 12 }} - {{- end }} - volumeMounts: - - name: logs - mountPath: /var/log - readOnly: true - - name: logs-agent-config - mountPath: /etc/promtail - readOnly: true - - name: varlibdockercontainers - mountPath: /var/lib/docker/containers - readOnly: true - {{- if .Values.logsAgent.priorityClassName }} - priorityClassName: {{ .Values.logsAgent.priorityClassName }} - {{- end }} - serviceAccountName: {{ .Release.Name }}-logs-agent - {{- with .Values.logsAgent.nodeSelector }} - nodeSelector: - {{- toYaml . | nindent 8 }} - {{- end }} - {{- with .Values.logsAgent.affinity }} - affinity: - {{- toYaml . | nindent 8 }} - {{- end }} - {{- with .Values.logsAgent.tolerations }} - tolerations: - {{- toYaml . | nindent 8 }} - {{- end }} - volumes: - - name: logs - hostPath: - path: /var/log - - name: varlibdockercontainers - hostPath: - path: /var/lib/docker/containers - - name: logs-agent-config - configMap: - name: {{ .Release.Name }}-logs-agent -{{- end -}} diff --git a/charts/stackstate/stackstate-k8s-agent/1.0.87/templates/logs-agent-serviceaccount.yaml b/charts/stackstate/stackstate-k8s-agent/1.0.87/templates/logs-agent-serviceaccount.yaml deleted file mode 100644 index 91cfdb137..000000000 --- a/charts/stackstate/stackstate-k8s-agent/1.0.87/templates/logs-agent-serviceaccount.yaml +++ /dev/null @@ -1,16 +0,0 @@ -{{- if .Values.logsAgent.enabled }} -apiVersion: v1 -kind: ServiceAccount -metadata: - name: {{ .Release.Name }}-logs-agent - namespace: {{ .Release.Namespace }} - labels: -{{ include "stackstate-k8s-agent.labels" . | indent 4 }} -{{ include "stackstate-k8s-agent.global.extraLabels" . | indent 4 }} - app.kubernetes.io/component: logs-agent - annotations: -{{ include "stackstate-k8s-agent.global.extraAnnotations" . | indent 4 }} -{{- with .Values.logsAgent.serviceaccount.annotations }} - {{- toYaml . | nindent 4 }} -{{- end }} -{{- end -}} diff --git a/charts/stackstate/stackstate-k8s-agent/1.0.87/templates/node-agent-clusterrole.yaml b/charts/stackstate/stackstate-k8s-agent/1.0.87/templates/node-agent-clusterrole.yaml deleted file mode 100644 index 1ded16cc2..000000000 --- a/charts/stackstate/stackstate-k8s-agent/1.0.87/templates/node-agent-clusterrole.yaml +++ /dev/null @@ -1,21 +0,0 @@ -apiVersion: rbac.authorization.k8s.io/v1 -kind: ClusterRole -metadata: - name: {{ .Release.Name }}-node-agent - labels: -{{ include "stackstate-k8s-agent.labels" . | indent 4 }} -{{ include "stackstate-k8s-agent.global.extraLabels" . | indent 4 }} - app.kubernetes.io/component: node-agent - annotations: -{{ include "stackstate-k8s-agent.global.extraAnnotations" . | indent 4 }} -rules: -- apiGroups: # Kubelet connectivity - - "" - resources: - - nodes/metrics - - nodes/proxy - - nodes/spec - - endpoints - verbs: - - get - - list diff --git a/charts/stackstate/stackstate-k8s-agent/1.0.87/templates/node-agent-clusterrolebinding.yaml b/charts/stackstate/stackstate-k8s-agent/1.0.87/templates/node-agent-clusterrolebinding.yaml deleted file mode 100644 index b3f033ebb..000000000 --- a/charts/stackstate/stackstate-k8s-agent/1.0.87/templates/node-agent-clusterrolebinding.yaml +++ /dev/null @@ -1,19 +0,0 @@ -apiVersion: rbac.authorization.k8s.io/v1 -kind: ClusterRoleBinding -metadata: - name: {{ .Release.Name }}-node-agent - labels: -{{ include "stackstate-k8s-agent.labels" . | indent 4 }} -{{ include "stackstate-k8s-agent.global.extraLabels" . | indent 4 }} - app.kubernetes.io/component: node-agent - annotations: -{{ include "stackstate-k8s-agent.global.extraAnnotations" . | indent 4 }} -roleRef: - apiGroup: rbac.authorization.k8s.io - kind: ClusterRole - name: {{ .Release.Name }}-node-agent -subjects: -- apiGroup: "" - kind: ServiceAccount - name: {{ .Release.Name }}-node-agent - namespace: {{ .Release.Namespace }} diff --git a/charts/stackstate/stackstate-k8s-agent/1.0.87/templates/node-agent-configmap.yaml b/charts/stackstate/stackstate-k8s-agent/1.0.87/templates/node-agent-configmap.yaml deleted file mode 100644 index 8f6b2ed3a..000000000 --- a/charts/stackstate/stackstate-k8s-agent/1.0.87/templates/node-agent-configmap.yaml +++ /dev/null @@ -1,17 +0,0 @@ -{{- if .Values.nodeAgent.config.override }} -apiVersion: v1 -kind: ConfigMap -metadata: - name: {{ .Release.Name }}-node-agent - labels: -{{ include "stackstate-k8s-agent.labels" . | indent 4 }} -{{ include "stackstate-k8s-agent.global.extraLabels" . | indent 4 }} - app.kubernetes.io/component: node-agent - annotations: -{{ include "stackstate-k8s-agent.global.extraAnnotations" . | indent 4 }} -data: -{{- range .Values.nodeAgent.config.override }} - {{ .path | replace "/" "_"}}_{{ .name }}: | -{{ .data | indent 4 -}} -{{- end -}} -{{- end -}} diff --git a/charts/stackstate/stackstate-k8s-agent/1.0.87/templates/node-agent-daemonset.yaml b/charts/stackstate/stackstate-k8s-agent/1.0.87/templates/node-agent-daemonset.yaml deleted file mode 100644 index 4c8dbdd5a..000000000 --- a/charts/stackstate/stackstate-k8s-agent/1.0.87/templates/node-agent-daemonset.yaml +++ /dev/null @@ -1,110 +0,0 @@ ---- -apiVersion: apps/v1 -kind: DaemonSet -metadata: - name: {{ .Release.Name }}-node-agent - namespace: {{ .Release.Namespace }} - labels: -{{ include "stackstate-k8s-agent.labels" . | indent 4 }} -{{ include "stackstate-k8s-agent.global.extraLabels" . | indent 4 }} - app.kubernetes.io/component: node-agent - annotations: -{{ include "stackstate-k8s-agent.global.extraAnnotations" . | indent 4 }} -spec: - selector: - matchLabels: - app.kubernetes.io/component: node-agent - app.kubernetes.io/instance: {{ .Release.Name }} - app.kubernetes.io/name: {{ include "stackstate-k8s-agent.name" . }} -{{- with .Values.nodeAgent.updateStrategy }} - updateStrategy: - {{- toYaml . | nindent 4 }} -{{- end }} - template: - metadata: - annotations: - {{- include "stackstate-k8s-agent.checksum-configs" . | nindent 8 }} - {{- include "stackstate-k8s-agent.nodeAgent.configmap.override.checksum" . | nindent 8 }} -{{ include "stackstate-k8s-agent.global.extraAnnotations" . | indent 8 }} - labels: - app.kubernetes.io/component: node-agent - app.kubernetes.io/instance: {{ .Release.Name }} - app.kubernetes.io/name: {{ include "stackstate-k8s-agent.name" . }} -{{ include "stackstate-k8s-agent.global.extraLabels" . | indent 8 }} - spec: - {{- include "stackstate-k8s-agent.image.pullSecrets" (dict "images" (list .Values.nodeAgent.containers.agent.image .Values.all.image) "context" $) | nindent 6 }} - {{- if .Values.all.hardening.enabled}} - terminationGracePeriodSeconds: 240 - {{- end }} - containers: - {{- include "container-agent" . | nindent 6 }} - {{- if .Values.nodeAgent.containers.processAgent.enabled }} - {{- include "container-process-agent" . | nindent 6 }} - {{- end }} - dnsPolicy: ClusterFirstWithHostNet - hostNetwork: true - hostPID: true - {{- if .Values.nodeAgent.priorityClassName }} - priorityClassName: {{ .Values.nodeAgent.priorityClassName }} - {{- end }} - serviceAccountName: {{ .Release.Name }}-node-agent - nodeSelector: - {{ template "label.os" . }}: {{ .Values.targetSystem }} - {{- with .Values.nodeAgent.nodeSelector }} - {{- toYaml . | nindent 8 }} - {{- end }} - {{- with .Values.nodeAgent.affinity }} - affinity: - {{- toYaml . | nindent 8 }} - {{- end }} - {{- with .Values.nodeAgent.tolerations }} - tolerations: - {{- toYaml . | nindent 8 }} - {{- end }} - volumes: - {{- if .Values.nodeAgent.containerRuntime.customSocketPath }} - - hostPath: - path: {{ .Values.nodeAgent.containerRuntime.customSocketPath }} - name: customcrisocket - {{- end }} - - hostPath: - path: /var/lib/kubelet - name: kubelet - - hostPath: - path: /var/lib/nfs - name: nfs - - hostPath: - path: /var/lib/docker/overlay2 - name: dockeroverlay2 - - hostPath: - path: /run/docker/netns - name: dockernetns - - hostPath: - path: /var/run/crio/crio.sock - name: crisocket - - hostPath: - path: /var/run/containerd/containerd.sock - name: containerdsocket - - hostPath: - path: /sys/kernel/debug - name: sys-kernel-debug - - hostPath: - path: /var/run/docker.sock - name: dockersocket - - hostPath: - path: {{ .Values.nodeAgent.containerRuntime.hostProc }} - name: procdir - - hostPath: - path: /etc - name: etcdir - - hostPath: - path: /etc/passwd - name: passwd - - hostPath: - path: /sys/fs/cgroup - name: cgroups - {{- if .Values.nodeAgent.config.override }} - - name: config-override-volume - configMap: - name: {{ .Release.Name }}-node-agent - {{- end }} diff --git a/charts/stackstate/stackstate-k8s-agent/1.0.87/templates/node-agent-podautoscaler.yaml b/charts/stackstate/stackstate-k8s-agent/1.0.87/templates/node-agent-podautoscaler.yaml deleted file mode 100644 index 38298d414..000000000 --- a/charts/stackstate/stackstate-k8s-agent/1.0.87/templates/node-agent-podautoscaler.yaml +++ /dev/null @@ -1,39 +0,0 @@ ---- -{{- if .Values.nodeAgent.autoScalingEnabled }} -apiVersion: "autoscaling.k8s.io/v1" -kind: VerticalPodAutoscaler -metadata: - name: {{ .Release.Name }}-node-agent-vpa - namespace: {{ .Release.Namespace }} - labels: -{{ include "stackstate-k8s-agent.global.extraLabels" . | indent 4 }} - annotations: -{{ include "stackstate-k8s-agent.global.extraAnnotations" . | indent 4 }} -spec: - targetRef: - apiVersion: "apps/v1" - kind: DaemonSet - name: {{ .Release.Name }}-node-agent - resourcePolicy: - containerPolicies: - - containerName: 'node-agent' - minAllowed: - cpu: {{ .Values.nodeAgent.scaling.autoscalerLimits.agent.minimum.cpu }} - memory: {{ .Values.nodeAgent.scaling.autoscalerLimits.agent.minimum.memory }} - maxAllowed: - cpu: {{ .Values.nodeAgent.scaling.autoscalerLimits.agent.maximum.cpu }} - memory: {{ .Values.nodeAgent.scaling.autoscalerLimits.agent.maximum.memory }} - controlledResources: ["cpu", "memory"] - controlledValues: RequestsAndLimits - - containerName: 'process-agent' - minAllowed: - cpu: {{ .Values.nodeAgent.scaling.autoscalerLimits.processAgent.minimum.cpu }} - memory: {{ .Values.nodeAgent.scaling.autoscalerLimits.processAgent.minimum.memory }} - maxAllowed: - cpu: {{ .Values.nodeAgent.scaling.autoscalerLimits.processAgent.maximum.cpu }} - memory: {{ .Values.nodeAgent.scaling.autoscalerLimits.processAgent.maximum.memory }} - controlledResources: ["cpu", "memory"] - controlledValues: RequestsAndLimits - updatePolicy: - updateMode: "Auto" -{{- end }} diff --git a/charts/stackstate/stackstate-k8s-agent/1.0.87/templates/node-agent-scc.yaml b/charts/stackstate/stackstate-k8s-agent/1.0.87/templates/node-agent-scc.yaml deleted file mode 100644 index a09da78c1..000000000 --- a/charts/stackstate/stackstate-k8s-agent/1.0.87/templates/node-agent-scc.yaml +++ /dev/null @@ -1,60 +0,0 @@ -{{- if .Values.nodeAgent.scc.enabled }} -allowHostDirVolumePlugin: true -# was true -allowHostIPC: true -# was true -allowHostNetwork: true -# Allow host PID for dogstatsd origin detection -allowHostPID: true -# Allow host ports for dsd / trace / logs intake -allowHostPorts: true -allowPrivilegeEscalation: true -# was true -allowPrivilegedContainer: true -# was - '*' -allowedCapabilities: [] -allowedUnsafeSysctls: -- '*' -apiVersion: security.openshift.io/v1 -defaultAddCapabilities: null -fsGroup: -# was RunAsAny - type: MustRunAs -groups: [] -kind: SecurityContextConstraints -metadata: - name: {{ .Release.Name }}-node-agent - namespace: {{ .Release.Namespace }} - labels: -{{ include "stackstate-k8s-agent.global.extraLabels" . | indent 4 }} - annotations: -{{ include "stackstate-k8s-agent.global.extraAnnotations" . | indent 4 }} -priority: null -readOnlyRootFilesystem: false -requiredDropCapabilities: null -# was RunAsAny -runAsUser: - type: MustRunAsRange -# Use the `spc_t` selinux type to access the -# docker socket + proc and cgroup stats -seLinuxContext: - type: RunAsAny - seLinuxOptions: - user: "system_u" - role: "system_r" - type: "spc_t" - level: "s0" -# was - '*' -seccompProfiles: [] -supplementalGroups: - type: RunAsAny -users: -- system:serviceaccount:{{ .Release.Namespace }}:{{ .Release.Name }}-node-agent -# Allow hostPath for docker / process metrics -volumes: - - configMap - - downwardAPI - - emptyDir - - hostPath - - secret -{{- end }} diff --git a/charts/stackstate/stackstate-k8s-agent/1.0.87/templates/node-agent-service.yaml b/charts/stackstate/stackstate-k8s-agent/1.0.87/templates/node-agent-service.yaml deleted file mode 100644 index 0b6cd6ec0..000000000 --- a/charts/stackstate/stackstate-k8s-agent/1.0.87/templates/node-agent-service.yaml +++ /dev/null @@ -1,28 +0,0 @@ -apiVersion: v1 -kind: Service -metadata: - name: {{ .Release.Name }}-node-agent - namespace: {{ .Release.Namespace }} - labels: -{{ include "stackstate-k8s-agent.labels" . | indent 4 }} -{{ include "stackstate-k8s-agent.global.extraLabels" . | indent 4 }} - app.kubernetes.io/component: node-agent - annotations: -{{ include "stackstate-k8s-agent.global.extraAnnotations" . | indent 4 }} -{{- with .Values.nodeAgent.service.annotations }} - {{- toYaml . | nindent 4 }} -{{- end }} -spec: - type: {{ .Values.nodeAgent.service.type }} -{{- if eq .Values.nodeAgent.service.type "LoadBalancer" }} - loadBalancerSourceRanges: {{ toYaml .Values.nodeAgent.service.loadBalancerSourceRanges | nindent 4}} -{{- end }} - ports: - - name: traceport - port: 8126 - protocol: TCP - targetPort: 8126 - selector: - app.kubernetes.io/component: node-agent - app.kubernetes.io/instance: {{ .Release.Name }} - app.kubernetes.io/name: {{ include "stackstate-k8s-agent.name" . }} diff --git a/charts/stackstate/stackstate-k8s-agent/1.0.87/templates/node-agent-serviceaccount.yaml b/charts/stackstate/stackstate-k8s-agent/1.0.87/templates/node-agent-serviceaccount.yaml deleted file mode 100644 index 803d184ef..000000000 --- a/charts/stackstate/stackstate-k8s-agent/1.0.87/templates/node-agent-serviceaccount.yaml +++ /dev/null @@ -1,14 +0,0 @@ -apiVersion: v1 -kind: ServiceAccount -metadata: - name: {{ .Release.Name }}-node-agent - namespace: {{ .Release.Namespace }} - labels: -{{ include "stackstate-k8s-agent.labels" . | indent 4 }} -{{ include "stackstate-k8s-agent.global.extraLabels" . | indent 4 }} - app.kubernetes.io/component: node-agent - annotations: -{{ include "stackstate-k8s-agent.global.extraAnnotations" . | indent 4 }} -{{- with .Values.nodeAgent.serviceaccount.annotations }} - {{- toYaml . | nindent 4 }} -{{- end }} diff --git a/charts/stackstate/stackstate-k8s-agent/1.0.87/templates/openshift-logging-secret.yaml b/charts/stackstate/stackstate-k8s-agent/1.0.87/templates/openshift-logging-secret.yaml deleted file mode 100644 index ed0707f1f..000000000 --- a/charts/stackstate/stackstate-k8s-agent/1.0.87/templates/openshift-logging-secret.yaml +++ /dev/null @@ -1,22 +0,0 @@ -{{- if not .Values.stackstate.manageOwnSecrets }} -{{- if .Values.openShiftLogging.installSecret }} -apiVersion: v1 -kind: Secret -metadata: - name: {{ include "stackstate-k8s-agent.fullname" . }}-logging-secret - namespace: openshift-logging - labels: -{{ include "stackstate-k8s-agent.labels" . | indent 4 }} -{{ include "stackstate-k8s-agent.global.extraLabels" . | indent 4 }} - annotations: -{{ include "stackstate-k8s-agent.global.extraAnnotations" . | indent 4 }} -type: Opaque -data: - username: {{ "apikey" | b64enc | quote }} -{{- if .Values.global.receiverApiKey }} - password: {{ .Values.global.receiverApiKey | b64enc | quote }} -{{- else }} - password: {{ .Values.stackstate.apiKey | b64enc | quote }} -{{- end }} -{{- end }} -{{- end }} diff --git a/charts/stackstate/stackstate-k8s-agent/1.0.87/templates/pull-secret.yaml b/charts/stackstate/stackstate-k8s-agent/1.0.87/templates/pull-secret.yaml deleted file mode 100644 index 916941665..000000000 --- a/charts/stackstate/stackstate-k8s-agent/1.0.87/templates/pull-secret.yaml +++ /dev/null @@ -1,39 +0,0 @@ -{{- $defaultRegistry := .Values.global.imageRegistry }} -{{- $top := . }} -{{- $registryAuthMap := dict }} - -{{- range $registry, $credentials := .Values.global.imagePullCredentials }} - {{- $registryAuthDocument := dict -}} - {{- $_ := set $registryAuthDocument "username" $credentials.username }} - {{- $_ := set $registryAuthDocument "password" $credentials.password }} - {{- $authMessage := printf "%s:%s" $registryAuthDocument.username $registryAuthDocument.password | b64enc }} - {{- $_ := set $registryAuthDocument "auth" $authMessage }} - {{- if eq $registry "default" }} - {{- $registryAuthMap := set $registryAuthMap (include "stackstate-k8s-agent.imageRegistry" $top) $registryAuthDocument }} - {{ else }} - {{- $registryAuthMap := set $registryAuthMap $registry $registryAuthDocument }} - {{- end }} -{{- end }} - -{{- if .Values.all.image.pullSecretUsername }} - {{- $registryAuthDocument := dict -}} - {{- $_ := set $registryAuthDocument "username" .Values.all.image.pullSecretUsername }} - {{- $_ := set $registryAuthDocument "password" .Values.all.image.pullSecretPassword }} - {{- $authMessage := printf "%s:%s" $registryAuthDocument.username $registryAuthDocument.password | b64enc }} - {{- $_ := set $registryAuthDocument "auth" $authMessage }} - {{- $registryAuthMap := set $registryAuthMap (include "stackstate-k8s-agent.imageRegistry" $top) $registryAuthDocument }} -{{- end }} - -{{- $dockerAuthsDocuments := dict "auths" $registryAuthMap }} - -apiVersion: v1 -kind: Secret -metadata: - name: {{ include "stackstate-k8s-agent.pull-secret.name" . }} - labels: -{{ include "stackstate-k8s-agent.global.extraLabels" . | indent 4 }} - annotations: -{{ include "stackstate-k8s-agent.global.extraAnnotations" . | indent 4 }} -data: - .dockerconfigjson: {{ $dockerAuthsDocuments | toJson | b64enc | quote }} -type: kubernetes.io/dockerconfigjson diff --git a/charts/stackstate/stackstate-k8s-agent/1.0.87/templates/secret.yaml b/charts/stackstate/stackstate-k8s-agent/1.0.87/templates/secret.yaml deleted file mode 100644 index 5e0f5f74c..000000000 --- a/charts/stackstate/stackstate-k8s-agent/1.0.87/templates/secret.yaml +++ /dev/null @@ -1,27 +0,0 @@ -{{- if not .Values.stackstate.manageOwnSecrets }} -apiVersion: v1 -kind: Secret -metadata: - name: {{ include "stackstate-k8s-agent.fullname" . }} - namespace: {{ .Release.Namespace }} - labels: -{{ include "stackstate-k8s-agent.labels" . | indent 4 }} -{{ include "stackstate-k8s-agent.global.extraLabels" . | indent 4 }} - annotations: -{{ include "stackstate-k8s-agent.global.extraAnnotations" . | indent 4 }} -type: Opaque -data: -{{- if .Values.global.receiverApiKey }} - sts-api-key: {{ .Values.global.receiverApiKey | b64enc | quote }} -{{- else }} - sts-api-key: {{ .Values.stackstate.apiKey | b64enc | quote }} -{{- end }} -{{- if .Values.stackstate.cluster.authToken }} - sts-cluster-auth-token: {{ .Values.stackstate.cluster.authToken | b64enc | quote }} -{{- else }} - sts-cluster-auth-token: {{ randAlphaNum 32 | b64enc | quote }} -{{- end }} -{{- range $key, $value := .Values.global.extraEnv.secret }} - {{ $key }}: {{ $value | b64enc | quote }} -{{- end }} -{{- end }} diff --git a/charts/stackstate/stackstate-k8s-agent/1.0.87/test/clusteragent_resources_test.go b/charts/stackstate/stackstate-k8s-agent/1.0.87/test/clusteragent_resources_test.go deleted file mode 100644 index 25875e871..000000000 --- a/charts/stackstate/stackstate-k8s-agent/1.0.87/test/clusteragent_resources_test.go +++ /dev/null @@ -1,145 +0,0 @@ -package test - -import ( - "regexp" - "strings" - "testing" - - v1 "k8s.io/api/rbac/v1" - - "github.com/stretchr/testify/assert" - "gitlab.com/StackVista/DevOps/helm-charts/helmtestutil" -) - -var requiredRules = []string{ - "events+get,list,watch", - "nodes+get,list,watch", - "pods+get,list,watch", - "services+get,list,watch", - "configmaps+create,get,patch,update", -} - -var optionalRules = []string{ - "namespaces+get,list,watch", - "componentstatuses+get,list,watch", - "configmaps+list,watch", // get is already required - "endpoints+get,list,watch", - "persistentvolumeclaims+get,list,watch", - "persistentvolumes+get,list,watch", - "secrets+get,list,watch", - "apps/daemonsets+get,list,watch", - "apps/deployments+get,list,watch", - "apps/replicasets+get,list,watch", - "apps/statefulsets+get,list,watch", - "extensions/ingresses+get,list,watch", - "batch/cronjobs+get,list,watch", - "batch/jobs+get,list,watch", -} - -var roleDescriptionRegexp = regexp.MustCompile(`^((?P\w+)/)?(?P\w+)\+(?P[\w,]+)`) - -type Rule struct { - Group string - ResourceName string - Verb string -} - -func assertRuleExistence(t *testing.T, rules []v1.PolicyRule, roleDescription string, shouldBePresent bool) { - match := roleDescriptionRegexp.FindStringSubmatch(roleDescription) - assert.NotNil(t, match) - - var roleRules []Rule - for _, rule := range rules { - for _, group := range rule.APIGroups { - for _, resource := range rule.Resources { - for _, verb := range rule.Verbs { - roleRules = append(roleRules, Rule{group, resource, verb}) - } - } - } - } - - resGroup := match[roleDescriptionRegexp.SubexpIndex("group")] - resName := match[roleDescriptionRegexp.SubexpIndex("name")] - verbs := strings.Split(match[roleDescriptionRegexp.SubexpIndex("verbs")], ",") - - for _, verb := range verbs { - requiredRule := Rule{resGroup, resName, verb} - found := false - for _, rule := range roleRules { - if rule == requiredRule { - found = true - break - } - } - if shouldBePresent { - assert.Truef(t, found, "Rule %v has not been found", requiredRule) - } else { - assert.Falsef(t, found, "Rule %v should not be present", requiredRule) - } - } -} - -func TestAllResourcesAreEnabled(t *testing.T) { - output := helmtestutil.RenderHelmTemplate(t, "stackstate-k8s-agent", "values/minimal.yaml") - resources := helmtestutil.NewKubernetesResources(t, output) - - assert.Contains(t, resources.ClusterRoles, "stackstate-k8s-agent") - assert.Contains(t, resources.Roles, "stackstate-k8s-agent") - rules := resources.ClusterRoles["stackstate-k8s-agent"].Rules - rules = append(rules, resources.Roles["stackstate-k8s-agent"].Rules...) - - for _, requiredRole := range requiredRules { - assertRuleExistence(t, rules, requiredRole, true) - } - // be default, everything is enabled, so all the optional roles should be present as well - for _, optionalRule := range optionalRules { - assertRuleExistence(t, rules, optionalRule, true) - } -} - -func TestMostOfResourcesAreDisabled(t *testing.T) { - output := helmtestutil.RenderHelmTemplate(t, "stackstate-k8s-agent", "values/minimal.yaml", "values/disable-all-resource.yaml") - resources := helmtestutil.NewKubernetesResources(t, output) - - assert.Contains(t, resources.ClusterRoles, "stackstate-k8s-agent") - assert.Contains(t, resources.Roles, "stackstate-k8s-agent") - rules := resources.ClusterRoles["stackstate-k8s-agent"].Rules - rules = append(rules, resources.Roles["stackstate-k8s-agent"].Rules...) - - for _, requiredRole := range requiredRules { - assertRuleExistence(t, rules, requiredRole, true) - } - - // we expect all optional resources to be removed from ClusterRole with the given values - for _, optionalRule := range optionalRules { - assertRuleExistence(t, rules, optionalRule, false) - } -} - -func TestNoClusterWideModificationRights(t *testing.T) { - output := helmtestutil.RenderHelmTemplate(t, "stackstate-k8s-agent", "values/minimal.yaml", "values/http-header-injector.yaml") - resources := helmtestutil.NewKubernetesResources(t, output) - assert.Contains(t, resources.ClusterRoles, "stackstate-k8s-agent") - illegalVerbs := []string{"create", "patch", "update", "delete"} - - for _, clusterRole := range resources.ClusterRoles { - for _, rule := range clusterRole.Rules { - for _, verb := range rule.Verbs { - assert.NotContains(t, illegalVerbs, verb, "ClusterRole %s should not have %s verb for %s resource", clusterRole.Name, verb, rule.Resources) - } - } - } -} - -func TestServicePortChange(t *testing.T) { - output := helmtestutil.RenderHelmTemplate(t, "stackstate-k8s-agent", "values/minimal.yaml", "values/clustercheck_service_port_override.yaml") - resources := helmtestutil.NewKubernetesResources(t, output) - - cluster_agent_service := resources.Services["stackstate-k8s-agent-cluster-agent"] - - port := cluster_agent_service.Spec.Ports[0] - assert.Equal(t, port.Name, "clusteragent") - assert.Equal(t, port.Port, int32(8008)) - assert.Equal(t, port.TargetPort.IntVal, int32(9009)) -} diff --git a/charts/stackstate/stackstate-k8s-agent/1.0.87/test/clustername_test.go b/charts/stackstate/stackstate-k8s-agent/1.0.87/test/clustername_test.go deleted file mode 100644 index 55090b995..000000000 --- a/charts/stackstate/stackstate-k8s-agent/1.0.87/test/clustername_test.go +++ /dev/null @@ -1,54 +0,0 @@ -package test - -import ( - "testing" - - "github.com/gruntwork-io/terratest/modules/helm" - "github.com/stretchr/testify/assert" - - "gitlab.com/StackVista/DevOps/helm-charts/helmtestutil" -) - -func TestHelmBasicRender(t *testing.T) { - output := helmtestutil.RenderHelmTemplate(t, "stackstate-k8s-agent", "values/minimal.yaml") - - // Parse all resources into their corresponding types for validation and further inspection - helmtestutil.NewKubernetesResources(t, output) -} - -func TestClusterNameValidation(t *testing.T) { - testCases := []struct { - Name string - ClusterName string - IsValid bool - }{ - {"not allowed end with special character [.]", "name.", false}, - {"not allowed end with special character [-]", "name.", false}, - {"not allowed start with special character [-]", "-name", false}, - {"not allowed start with special character [.]", ".name", false}, - {"upper case is not allowed", "Euwest1-prod.cool-company.com", false}, - {"upper case is not allowed", "euwest1-PROD.cool-company.com", false}, - {"upper case is not allowed", "euwest1-prod.cool-company.coM", false}, - {"dots and dashes are allowed in the middle", "euwest1-prod.cool-company.com", true}, - {"underscore is not allowed", "why_7", false}, - } - - for _, testCase := range testCases { - t.Run(testCase.Name, func(t *testing.T) { - output, err := helmtestutil.RenderHelmTemplateOpts( - t, "cluster-agent", - &helm.Options{ - ValuesFiles: []string{"values/minimal.yaml"}, - SetStrValues: map[string]string{ - "stackstate.cluster.name": testCase.ClusterName, - }, - }) - if testCase.IsValid { - assert.Nil(t, err) - } else { - assert.NotNil(t, err) - assert.Contains(t, output, "stackstate.cluster.name: Does not match pattern") - } - }) - } -} diff --git a/charts/stackstate/stackstate-k8s-agent/1.0.87/test/values/clustercheck_ksm_custom_url.yaml b/charts/stackstate/stackstate-k8s-agent/1.0.87/test/values/clustercheck_ksm_custom_url.yaml deleted file mode 100644 index 57b973eed..000000000 --- a/charts/stackstate/stackstate-k8s-agent/1.0.87/test/values/clustercheck_ksm_custom_url.yaml +++ /dev/null @@ -1,7 +0,0 @@ -checksAgent: - enabled: true - kubeStateMetrics: - url: http://my-custom-ksm-url.monitoring.svc.local:8080/metrics -dependencies: - kubeStateMetrics: - enabled: true diff --git a/charts/stackstate/stackstate-k8s-agent/1.0.87/test/values/clustercheck_ksm_no_override.yaml b/charts/stackstate/stackstate-k8s-agent/1.0.87/test/values/clustercheck_ksm_no_override.yaml deleted file mode 100644 index b6c817d47..000000000 --- a/charts/stackstate/stackstate-k8s-agent/1.0.87/test/values/clustercheck_ksm_no_override.yaml +++ /dev/null @@ -1,5 +0,0 @@ -checksAgent: - enabled: true -dependencies: - kubeStateMetrics: - enabled: true diff --git a/charts/stackstate/stackstate-k8s-agent/1.0.87/test/values/clustercheck_ksm_override.yaml b/charts/stackstate/stackstate-k8s-agent/1.0.87/test/values/clustercheck_ksm_override.yaml deleted file mode 100644 index 9ca201345..000000000 --- a/charts/stackstate/stackstate-k8s-agent/1.0.87/test/values/clustercheck_ksm_override.yaml +++ /dev/null @@ -1,26 +0,0 @@ -checksAgent: - enabled: true -dependencies: - kubeStateMetrics: - enabled: true -agent: - config: - override: -# agent.config.override -- Disables kubernetes_state check on regular agent pods. - - name: auto_conf.yaml - path: /etc/stackstate-agent/conf.d/kubernetes_state.d - data: | -clusterAgent: - config: - override: -# clusterAgent.config.override -- Defines kubernetes_state check for clusterchecks agents. Auto-discovery -# with ad_identifiers does not work here. Use a specific URL instead. - - name: conf.yaml - path: /etc/stackstate-agent/conf.d/kubernetes_state.d - data: | - cluster_check: true - - init_config: - - instances: - - kube_state_url: http://YOUR_KUBE_STATE_METRICS_SERVICE_NAME:8080/metrics diff --git a/charts/stackstate/stackstate-k8s-agent/1.0.87/test/values/clustercheck_no_ksm_custom_url.yaml b/charts/stackstate/stackstate-k8s-agent/1.0.87/test/values/clustercheck_no_ksm_custom_url.yaml deleted file mode 100644 index a62691878..000000000 --- a/charts/stackstate/stackstate-k8s-agent/1.0.87/test/values/clustercheck_no_ksm_custom_url.yaml +++ /dev/null @@ -1,7 +0,0 @@ -checksAgent: - enabled: true - kubeStateMetrics: - url: http://my-custom-ksm-url.monitoring.svc.local:8080/metrics -dependencies: - kubeStateMetrics: - enabled: false diff --git a/charts/stackstate/stackstate-k8s-agent/1.0.87/test/values/clustercheck_service_port_override.yaml b/charts/stackstate/stackstate-k8s-agent/1.0.87/test/values/clustercheck_service_port_override.yaml deleted file mode 100644 index c01a98fcb..000000000 --- a/charts/stackstate/stackstate-k8s-agent/1.0.87/test/values/clustercheck_service_port_override.yaml +++ /dev/null @@ -1,4 +0,0 @@ -clusterAgent: - service: - port: 8008 - targetPort: 9009 diff --git a/charts/stackstate/stackstate-k8s-agent/1.0.87/test/values/disable-all-resource.yaml b/charts/stackstate/stackstate-k8s-agent/1.0.87/test/values/disable-all-resource.yaml deleted file mode 100644 index cd33e843e..000000000 --- a/charts/stackstate/stackstate-k8s-agent/1.0.87/test/values/disable-all-resource.yaml +++ /dev/null @@ -1,17 +0,0 @@ -clusterAgent: - collection: - kubernetesMetrics: false - kubernetesResources: - namespaces: false - configmaps: false - endpoints: false - persistentvolumes: false - persistentvolumeclaims: false - secrets: false - daemonsets: false - deployments: false - replicasets: false - statefulsets: false - ingresses: false - cronjobs: false - jobs: false diff --git a/charts/stackstate/stackstate-k8s-agent/1.0.87/test/values/http-header-injector.yaml b/charts/stackstate/stackstate-k8s-agent/1.0.87/test/values/http-header-injector.yaml deleted file mode 100644 index c9392ce2d..000000000 --- a/charts/stackstate/stackstate-k8s-agent/1.0.87/test/values/http-header-injector.yaml +++ /dev/null @@ -1,8 +0,0 @@ -httpHeaderInjectorWebhook: - webhook: - tls: - mode: "provided" - provided: - caBundle: insert-ca-here - crt: insert-cert-here - key: insert-key-here diff --git a/charts/stackstate/stackstate-k8s-agent/1.0.87/test/values/minimal.yaml b/charts/stackstate/stackstate-k8s-agent/1.0.87/test/values/minimal.yaml deleted file mode 100644 index b310c9a09..000000000 --- a/charts/stackstate/stackstate-k8s-agent/1.0.87/test/values/minimal.yaml +++ /dev/null @@ -1,7 +0,0 @@ -stackstate: - apiKey: foobar - cluster: - name: some-k8s-cluster - token: some-token - - url: https://stackstate:7000/receiver diff --git a/charts/stackstate/stackstate-k8s-agent/1.0.87/values.schema.json b/charts/stackstate/stackstate-k8s-agent/1.0.87/values.schema.json deleted file mode 100644 index 57d36a9f3..000000000 --- a/charts/stackstate/stackstate-k8s-agent/1.0.87/values.schema.json +++ /dev/null @@ -1,78 +0,0 @@ -{ - "$schema": "https://json-schema.org/draft/2019-09/schema", - "$id": "https://stackstate.io/example.json", - "type": "object", - "default": {}, - "title": "StackState Agent Helm chart values", - "required": [ - "stackstate", - "clusterAgent" - ], - "properties": { - "stackstate": { - "type": "object", - "required": [ - "cluster", - "url" - ], - "properties": { - "apiKey": { - "type": "string" - }, - "cluster": { - "type": "object", - "required": ["name"], - "properties": { - "name": { - "type": "string", - "pattern": "^[a-z0-9]([a-z0-9\\-\\.]*[a-z0-9])$" - }, - "authToken": { - "type": "string" - } - } - }, - "url": { - "type": "string" - } - } - }, - "clusterAgent": { - "type": "object", - "required": [ - "config" - ], - "properties": { - "config": { - "type": "object", - "required": [ - "events" - ], - "properties": { - "events": { - "type": "object", - "properties": { - "categories": { - "type": "object", - "patternProperties": { - ".*": { - "type": [ - "string" - ], - "enum": [ - "Alerts", - "Activities", - "Changes", - "Others" - ] - } - } - } - } - } - } - } - } - } - } -} diff --git a/charts/stackstate/stackstate-k8s-agent/1.0.87/values.yaml b/charts/stackstate/stackstate-k8s-agent/1.0.87/values.yaml deleted file mode 100644 index d5cde44e5..000000000 --- a/charts/stackstate/stackstate-k8s-agent/1.0.87/values.yaml +++ /dev/null @@ -1,616 +0,0 @@ -##################### -# General variables # -##################### - -global: - extraEnv: - # global.extraEnv.open -- Extra open environment variables to inject into pods. - open: {} - # global.extraEnv.secret -- Extra secret environment variables to inject into pods via a `Secret` object. - secret: {} - # global.imagePullSecrets -- Secrets / credentials needed for container image registry. - imagePullSecrets: [] - # global.imagePullCredentials -- Globally define credentials for pulling images. - imagePullCredentials: {} - proxy: - # global.proxy.url -- Proxy for all traffic to stackstate - url: "" - # global.skipSslValidation -- Enable tls validation from client - skipSslValidation: false - - # global.extraLabels -- Extra labels added ta all resources created by the helm chart - extraLabels: {} - # global.extraAnnotations -- Extra annotations added ta all resources created by the helm chart - extraAnnotations: {} - -# nameOverride -- Override the name of the chart. -nameOverride: "" -# fullnameOverride -- Override the fullname of the chart. -fullnameOverride: "" - -# targetSystem -- Target OS for this deployment (possible values: linux) -targetSystem: "linux" - -all: - image: - # all.image.registry -- The image registry to use. - registry: "quay.io" - hardening: - # all.hardening.enabled -- An indication of whether the containers will be evaluated for hardening at runtime - enabled: false - -nodeAgent: - # nodeAgent.autoScalingEnabled -- Enable / disable autoscaling for the node agent pods. - autoScalingEnabled: false - containerRuntime: - # nodeAgent.containerRuntime.customSocketPath -- If the container socket path does not match the default for CRI-O, Containerd or Docker, supply a custom socket path. - customSocketPath: "" - # nodeAgent.containerRuntime.customHostProc -- If the container is launched from a place where /proc is mounted differently, /proc can be changed - hostProc: /proc - - scc: - # nodeAgent.scc.enabled -- Enable / disable the installation of the SecurityContextConfiguration needed for installation on OpenShift. - enabled: false - apm: - # nodeAgent.apm.enabled -- Enable / disable the nodeAgent APM module. - enabled: true - networkTracing: - # nodeAgent.networkTracing.enabled -- Enable / disable the nodeAgent network tracing module. - enabled: true - protocolInspection: - # nodeAgent.protocolInspection.enabled -- Enable / disable the nodeAgent protocol inspection. - enabled: true - httpTracing: - enabled: true - # nodeAgent.skipSslValidation -- Set to true if self signed certificates are used. - skipSslValidation: false - # nodeAgent.skipKubeletTLSVerify -- Set to true if you want to skip kubelet tls verification. - skipKubeletTLSVerify: false - - # nodeAgent.checksTagCardinality -- low, orchestrator or high. Orchestrator level adds pod_name, high adds display_container_name - checksTagCardinality: orchestrator - - # nodeAgent.config -- - config: - # nodeAgent.config.override -- A list of objects containing three keys `name`, `path` and `data`, specifying filenames at specific paths which need to be (potentially) overridden using a mounted configmap - override: [] - - # nodeAgent.priorityClassName -- Priority class for nodeAgent pods. - priorityClassName: "" - - scaling: - autoscalerLimits: - agent: - minimum: - # nodeAgent.scaling.autoscalerLimits.agent.minimum.cpu -- Minimum CPU resource limits for main agent. - cpu: "20m" - # nodeAgent.scaling.autoscalerLimits.agent.minimum.memory -- Minimum memory resource limits for main agent. - memory: "180Mi" - maximum: - # nodeAgent.scaling.autoscalerLimits.agent.maximum.cpu -- Maximum CPU resource limits for main agent. - cpu: "200m" - # nodeAgent.scaling.autoscalerLimits.agent.maximum.memory -- Maximum memory resource limits for main agent. - memory: "450Mi" - processAgent: - minimum: - # nodeAgent.scaling.autoscalerLimits.processAgent.minimum.cpu -- Minimum CPU resource limits for process agent. - cpu: "25m" - # nodeAgent.scaling.autoscalerLimits.processAgent.minimum.memory -- Minimum memory resource limits for process agent. - memory: "100Mi" - maximum: - # nodeAgent.scaling.autoscalerLimits.processAgent.maximum.cpu -- Maximum CPU resource limits for process agent. - cpu: "200m" - # nodeAgent.scaling.autoscalerLimits.processAgent.maximum.memory -- Maximum memory resource limits for process agent. - memory: "500Mi" - - containers: - agent: - image: - # nodeAgent.containers.agent.image.repository -- Base container image repository. - repository: stackstate/stackstate-k8s-agent - # nodeAgent.containers.agent.image.tag -- Default container image tag. - tag: "4f42573a" - # nodeAgent.containers.agent.image.pullPolicy -- Default container image pull policy. - pullPolicy: IfNotPresent - processAgent: - # nodeAgent.containers.agent.processAgent.enabled -- Enable / disable the agent process agent module. - deprecated - enabled: false - # nodeAgent.containers.agent.env -- Additional environment variables for the agent container - env: {} - # nodeAgent.containers.agent.logLevel -- Set logging verbosity, valid log levels are: trace, debug, info, warn, error, critical, and off - ## If not set, fall back to the value of agent.logLevel. - logLevel: # INFO - - resources: - limits: - # nodeAgent.containers.agent.resources.limits.cpu -- CPU resource limits. - cpu: "270m" - # nodeAgent.containers.agent.resources.limits.cpu -- Memory resource limits. - memory: "420Mi" - requests: - # nodeAgent.containers.agent.resources.requests.cpu -- CPU resource requests. - cpu: "20m" - # nodeAgent.containers.agent.resources.requests.cpu -- Memory resource requests. - memory: "180Mi" - livenessProbe: - # nodeAgent.containers.agent.livenessProbe.enabled -- Enable use of livenessProbe check. - enabled: true - # nodeAgent.containers.agent.livenessProbe.failureThreshold -- `failureThreshold` for the liveness probe. - failureThreshold: 3 - # nodeAgent.containers.agent.livenessProbe.initialDelaySeconds -- `initialDelaySeconds` for the liveness probe. - initialDelaySeconds: 15 - # nodeAgent.containers.agent.livenessProbe.periodSeconds -- `periodSeconds` for the liveness probe. - periodSeconds: 15 - # nodeAgent.containers.agent.livenessProbe.successThreshold -- `successThreshold` for the liveness probe. - successThreshold: 1 - # nodeAgent.containers.agent.livenessProbe.timeoutSeconds -- `timeoutSeconds` for the liveness probe. - timeoutSeconds: 5 - readinessProbe: - # nodeAgent.containers.agent.readinessProbe.enabled -- Enable use of readinessProbe check. - enabled: true - # nodeAgent.containers.agent.readinessProbe.failureThreshold -- `failureThreshold` for the readiness probe. - failureThreshold: 3 - # nodeAgent.containers.agent.readinessProbe.initialDelaySeconds -- `initialDelaySeconds` for the readiness probe. - initialDelaySeconds: 15 - # nodeAgent.containers.agent.readinessProbe.periodSeconds -- `periodSeconds` for the readiness probe. - periodSeconds: 15 - # nodeAgent.containers.agent.readinessProbe.successThreshold -- `successThreshold` for the readiness probe. - successThreshold: 1 - # nodeAgent.containers.agent.readinessProbe.timeoutSeconds -- `timeoutSeconds` for the readiness probe. - timeoutSeconds: 5 - - processAgent: - # nodeAgent.containers.processAgent.enabled -- Enable / disable the process agent container. - enabled: true - image: - # Override to pull the image from an alternate registry - registry: - # nodeAgent.containers.processAgent.image.repository -- Process-agent container image repository. - repository: stackstate/stackstate-k8s-process-agent - # nodeAgent.containers.processAgent.image.tag -- Default process-agent container image tag. - tag: "ae5d42d2" - # nodeAgent.containers.processAgent.image.pullPolicy -- Process-agent container image pull policy. - pullPolicy: IfNotPresent - # nodeAgent.containers.processAgent.env -- Additional environment variables for the process-agent container - env: {} - # nodeAgent.containers.processAgent.logLevel -- Set logging verbosity, valid log levels are: trace, debug, info, warn, error, critical, and off - ## If not set, fall back to the value of agent.logLevel. - logLevel: # INFO - - # nodeAgent.containers.processAgent.procVolumeReadOnly -- Configure whether /host/proc is read only for the process agent container - procVolumeReadOnly: true - - resources: - limits: - # nodeAgent.containers.processAgent.resources.limits.cpu -- CPU resource limits. - cpu: "125m" - # nodeAgent.containers.processAgent.resources.limits.cpu -- Memory resource limits. - memory: "400Mi" - requests: - # nodeAgent.containers.processAgent.resources.requests.cpu -- CPU resource requests. - cpu: "25m" - # nodeAgent.containers.processAgent.resources.requests.cpu -- Memory resource requests. - memory: "128Mi" - # nodeAgent.service -- The Kubernetes service for the agent - service: - # nodeAgent.service.type -- Type of Kubernetes service: ClusterIP, LoadBalancer, NodePort - type: ClusterIP - # nodeAgent.service.annotations -- Annotations for the service - annotations: {} - # nodeAgent.service.loadBalancerSourceRanges -- The IP4 CIDR allowed to reach LoadBalancer for the service. For LoadBalancer type of service only. - loadBalancerSourceRanges: ["10.0.0.0/8"] - - # nodeAgent.logLevel -- Logging level for agent processes. - logLevel: INFO - - # nodeAgent.updateStrategy -- The update strategy for the DaemonSet object. - updateStrategy: - type: RollingUpdate - rollingUpdate: - maxUnavailable: 100 - - # nodeAgent.nodeSelector -- Node labels for pod assignment. - nodeSelector: {} - - # nodeAgent.tolerations -- Toleration labels for pod assignment. - tolerations: [] - - # nodeAgent.affinity -- Affinity settings for pod assignment. - affinity: {} - - serviceaccount: - # nodeAgent.serviceaccount.annotations -- Annotations for the service account for the agent daemonset pods - annotations: {} - -processAgent: - softMemoryLimit: - # processAgent.softMemoryLimit.goMemLimit -- Soft-limit for golang heap allocation, for sanity, must be around 85% of nodeAgent.containers.processAgent.resources.limits.cpu. - goMemLimit: 340MiB - # processAgent.softMemoryLimit.httpStatsBufferSize -- Sets a maximum for the number of http stats to keep in memory between check runs, to use 40k requires around ~400Mib of memory. - httpStatsBufferSize: 40000 - # processAgent.softMemoryLimit.httpObservationsBufferSize -- Sets a maximum for the number of http observations to keep in memory between check runs, to use 40k requires around ~400Mib of memory. - httpObservationsBufferSize: 40000 - - checkIntervals: - # processAgent.checkIntervals.container -- Override the default value of the container check interval in seconds. - container: 28 - # processAgent.checkIntervals.connections -- Override the default value of the connections check interval in seconds. - connections: 30 - # processAgent.checkIntervals.process -- Override the default value of the process check interval in seconds. - process: 32 - -clusterAgent: - collection: - # clusterAgent.collection.kubernetesEvents -- Enable / disable the cluster agent events collection. - kubernetesEvents: true - # clusterAgent.collection.kubernetesMetrics -- Enable / disable the cluster agent metrics collection. - kubernetesMetrics: true - # clusterAgent.collection.kubernetesTimeout -- Default timeout (in seconds) when obtaining information from the Kubernetes API. - kubernetesTimeout: 10 - # clusterAgent.collection.kubernetesTopology -- Enable / disable the cluster agent topology collection. - kubernetesTopology: true - kubeStateMetrics: - # clusterAgent.collection.kubeStateMetrics.enabled -- Enable / disable the cluster agent kube-state-metrics collection. - enabled: true - # clusterAgent.collection.kubeStateMetrics.clusterCheck -- For large clusters where the Kubernetes State Metrics Check Core needs to be distributed on dedicated workers. - clusterCheck: false - # clusterAgent.collection.kubeStateMetrics.labelsAsTags -- Extra labels to collect from resources and to turn into StackState tag. - ## It has the following structure: - ## labelsAsTags: - ## : # can be pod, deployment, node, etc. - ## : # where is the kubernetes label and is the StackState tag - ## : - ## : - ## : - ## - ## Warning: the label must match the transformation done by kube-state-metrics, - ## for example tags.stackstate/version becomes tags_stackstate_version. - labelsAsTags: {} - # pod: - # app: app - # node: - # zone: zone - # team: team - - # clusterAgent.collection.kubeStateMetrics.annotationsAsTags -- Extra annotations to collect from resources and to turn into StackState tag. - - ## It has the following structure: - ## annotationsAsTags: - ## : # can be pod, deployment, node, etc. - ## : # where is the kubernetes annotation and is the StackState tag - ## : - ## : - ## : - ## - ## Warning: the annotation must match the transformation done by kube-state-metrics, - ## for example tags.stackstate/version becomes tags_stackstate_version. - annotationsAsTags: {} - kubernetesResources: - # clusterAgent.collection.kubernetesResources.limitranges -- Enable / disable collection of LimitRanges. - limitranges: true - # clusterAgent.collection.kubernetesResources.horizontalpodautoscalers -- Enable / disable collection of HorizontalPodAutoscalers. - horizontalpodautoscalers: true - # clusterAgent.collection.kubernetesResources.replicationcontrollers -- Enable / disable collection of ReplicationControllers. - replicationcontrollers: true - # clusterAgent.collection.kubernetesResources.poddisruptionbudgets -- Enable / disable collection of PodDisruptionBudgets. - poddisruptionbudgets: true - # clusterAgent.collection.kubernetesResources.storageclasses -- Enable / disable collection of StorageClasses. - storageclasses: true - # clusterAgent.collection.kubernetesResources.volumeattachments -- Enable / disable collection of Volume Attachments. Used to bind Nodes to Persistent Volumes. - volumeattachments: true - # clusterAgent.collection.kubernetesResources.namespaces -- Enable / disable collection of Namespaces. - namespaces: true - # clusterAgent.collection.kubernetesResources.configmaps -- Enable / disable collection of ConfigMaps. - configmaps: true - # clusterAgent.collection.kubernetesResources.endpoints -- Enable / disable collection of Endpoints. If endpoints are disabled then StackState won't be able to connect a Service to Pods that serving it - endpoints: true - # clusterAgent.collection.kubernetesResources.persistentvolumes -- Enable / disable collection of PersistentVolumes. - persistentvolumes: true - # clusterAgent.collection.kubernetesResources.persistentvolumeclaims -- Enable / disable collection of PersistentVolumeClaims. Disabling these will not let StackState connect PersistentVolumes to pods they are attached to - persistentvolumeclaims: true - # clusterAgent.collection.kubernetesResources.secrets -- Enable / disable collection of Secrets. - secrets: true - # clusterAgent.collection.kubernetesResources.daemonsets -- Enable / disable collection of DaemonSets. - daemonsets: true - # clusterAgent.collection.kubernetesResources.deployments -- Enable / disable collection of Deployments. - deployments: true - # clusterAgent.collection.kubernetesResources.replicasets -- Enable / disable collection of ReplicaSets. - replicasets: true - # clusterAgent.collection.kubernetesResources.statefulsets -- Enable / disable collection of StatefulSets. - statefulsets: true - # clusterAgent.collection.kubernetesResources.ingresses -- Enable / disable collection of Ingresses. - ingresses: true - # clusterAgent.collection.kubernetesResources.cronjobs -- Enable / disable collection of CronJobs. - cronjobs: true - # clusterAgent.collection.kubernetesResources.jobs -- Enable / disable collection of Jobs. - jobs: true - # clusterAgent.collection.kubernetesResources.resourcequotas -- Enable / disable collection of ResourceQuotas. - resourcequotas: true - - # clusterAgent.config -- - config: - events: - # clusterAgent.config.events.categories -- Custom mapping from Kubernetes event reason to StackState event category. Categories allowed: Alerts, Activities, Changes, Others - categories: {} - topology: - # clusterAgent.config.topology.collectionInterval -- Interval for running topology collection, in seconds - collectionInterval: 90 - configMap: - # clusterAgent.config.configMap.maxDataSize -- Maximum amount of characters for the data property of a ConfigMap collected by the kubernetes topology check - maxDataSize: - # clusterAgent.config.override -- A list of objects containing three keys `name`, `path` and `data`, specifying filenames at specific paths which need to be (potentially) overridden using a mounted configmap - override: [] - - service: - # clusterAgent.service.port -- Change the Cluster Agent service port - port: 5005 - # clusterAgent.service.targetPort -- Change the Cluster Agent service targetPort - targetPort: 5005 - - # clusterAgent.enabled -- Enable / disable the cluster agent. - enabled: true - - # clusterAgent.skipSslValidation -- If true, ignores the server certificate being signed by an unknown authority. - skipSslValidation: false - - image: - # clusterAgent.image.repository -- Base container image repository. - repository: stackstate/stackstate-k8s-cluster-agent - # clusterAgent.image.tag -- Default container image tag. - tag: "4f42573a" - # clusterAgent.image.pullPolicy -- Default container image pull policy. - pullPolicy: IfNotPresent - - livenessProbe: - # clusterAgent.livenessProbe.enabled -- Enable use of livenessProbe check. - enabled: true - # clusterAgent.livenessProbe.failureThreshold -- `failureThreshold` for the liveness probe. - failureThreshold: 3 - # clusterAgent.livenessProbe.initialDelaySeconds -- `initialDelaySeconds` for the liveness probe. - initialDelaySeconds: 15 - # clusterAgent.livenessProbe.periodSeconds -- `periodSeconds` for the liveness probe. - periodSeconds: 15 - # clusterAgent.livenessProbe.successThreshold -- `successThreshold` for the liveness probe. - successThreshold: 1 - # clusterAgent.livenessProbe.timeoutSeconds -- `timeoutSeconds` for the liveness probe. - timeoutSeconds: 5 - - # clusterAgent.logLevel -- Logging level for stackstate-k8s-agent processes. - logLevel: INFO - - # clusterAgent.priorityClassName -- Priority class for stackstate-k8s-agent pods. - priorityClassName: "" - - readinessProbe: - # clusterAgent.readinessProbe.enabled -- Enable use of readinessProbe check. - enabled: true - # clusterAgent.readinessProbe.failureThreshold -- `failureThreshold` for the readiness probe. - failureThreshold: 3 - # clusterAgent.readinessProbe.initialDelaySeconds -- `initialDelaySeconds` for the readiness probe. - initialDelaySeconds: 15 - # clusterAgent.readinessProbe.periodSeconds -- `periodSeconds` for the readiness probe. - periodSeconds: 15 - # clusterAgent.readinessProbe.successThreshold -- `successThreshold` for the readiness probe. - successThreshold: 1 - # clusterAgent.readinessProbe.timeoutSeconds -- `timeoutSeconds` for the readiness probe. - timeoutSeconds: 5 - - # clusterAgent.replicaCount -- Number of replicas of the cluster agent to deploy. - replicaCount: 1 - - serviceaccount: - # clusterAgent.serviceaccount.annotations -- Annotations for the service account for the cluster agent pods - annotations: {} - - # clusterAgent.strategy -- The strategy for the Deployment object. - strategy: - type: RollingUpdate - # rollingUpdate: - # maxUnavailable: 1 - - resources: - limits: - # clusterAgent.resources.limits.cpu -- CPU resource limits. - cpu: "400m" - # clusterAgent.resources.limits.memory -- Memory resource limits. - memory: "800Mi" - requests: - # clusterAgent.resources.requests.cpu -- CPU resource requests. - cpu: "70m" - # clusterAgent.resources.requests.memory -- Memory resource requests. - memory: "512Mi" - - # clusterAgent.nodeSelector -- Node labels for pod assignment. - nodeSelector: {} - - # clusterAgent.tolerations -- Toleration labels for pod assignment. - tolerations: [] - - # clusterAgent.affinity -- Affinity settings for pod assignment. - affinity: {} - -openShiftLogging: - # openShiftLogging.installSecret -- Install a secret for logging on openshift - installSecret: false - -logsAgent: - # logsAgent.enabled -- Enable / disable k8s pod log collection - enabled: true - - # logsAgent.skipSslValidation -- If true, ignores the server certificate being signed by an unknown authority. - skipSslValidation: false - - # logsAgent.priorityClassName -- Priority class for logsAgent pods. - priorityClassName: "" - - image: - # logsAgent.image.repository -- Base container image repository. - repository: stackstate/promtail - # logsAgent.image.tag -- Default container image tag. - tag: 2.9.8-5b179aee - # logsAgent.image.pullPolicy -- Default container image pull policy. - pullPolicy: IfNotPresent - - resources: - limits: - # logsAgent.resources.limits.cpu -- CPU resource limits. - cpu: "1300m" - # logsAgent.resources.limits.cpu -- Memory resource limits. - memory: "192Mi" - requests: - # logsAgent.resources.requests.cpu -- CPU resource requests. - cpu: "20m" - # logsAgent.resources.requests.cpu -- Memory resource requests. - memory: "100Mi" - - # logsAgent.updateStrategy -- The update strategy for the DaemonSet object. - updateStrategy: - type: RollingUpdate - rollingUpdate: - maxUnavailable: 100 - - # logsAgent.nodeSelector -- Node labels for pod assignment. - nodeSelector: {} - - # logsAgent.tolerations -- Toleration labels for pod assignment. - tolerations: [] - - # logsAgent.affinity -- Affinity settings for pod assignment. - affinity: {} - - serviceaccount: - # logsAgent.serviceaccount.annotations -- Annotations for the service account for the daemonset pods - annotations: {} - -checksAgent: - # checksAgent.enabled -- Enable / disable runnning cluster checks in a separately deployed pod - enabled: true - scc: - # checksAgent.scc.enabled -- Enable / disable the installation of the SecurityContextConfiguration needed for installation on OpenShift - enabled: false - apm: - # checksAgent.apm.enabled -- Enable / disable the agent APM module. - enabled: true - networkTracing: - # checksAgent.networkTracing.enabled -- Enable / disable the agent network tracing module. - enabled: true - processAgent: - # checksAgent.processAgent.enabled -- Enable / disable the agent process agent module. - enabled: true - # checksAgent.skipSslValidation -- Set to true if self signed certificates are used. - skipSslValidation: false - - # nodeAgent.checksTagCardinality -- low, orchestrator or high. Orchestrator level adds pod_name, high adds display_container_name - checksTagCardinality: orchestrator - - # checksAgent.config -- - config: - # checksAgent.config.override -- A list of objects containing three keys `name`, `path` and `data`, specifying filenames at specific paths which need to be (potentially) overridden using a mounted configmap - override: [] - - image: - # checksAgent.image.repository -- Base container image repository. - repository: stackstate/stackstate-k8s-agent - # checksAgent.image.tag -- Default container image tag. - tag: "4f42573a" - # checksAgent.image.pullPolicy -- Default container image pull policy. - pullPolicy: IfNotPresent - - livenessProbe: - # checksAgent.livenessProbe.enabled -- Enable use of livenessProbe check. - enabled: true - # checksAgent.livenessProbe.failureThreshold -- `failureThreshold` for the liveness probe. - failureThreshold: 3 - # checksAgent.livenessProbe.initialDelaySeconds -- `initialDelaySeconds` for the liveness probe. - initialDelaySeconds: 15 - # checksAgent.livenessProbe.periodSeconds -- `periodSeconds` for the liveness probe. - periodSeconds: 15 - # checksAgent.livenessProbe.successThreshold -- `successThreshold` for the liveness probe. - successThreshold: 1 - # checksAgent.livenessProbe.timeoutSeconds -- `timeoutSeconds` for the liveness probe. - timeoutSeconds: 5 - - # checksAgent.logLevel -- Logging level for clusterchecks agent processes. - logLevel: INFO - - # checksAgent.priorityClassName -- Priority class for clusterchecks agent pods. - priorityClassName: "" - - readinessProbe: - # checksAgent.readinessProbe.enabled -- Enable use of readinessProbe check. - enabled: true - # checksAgent.readinessProbe.failureThreshold -- `failureThreshold` for the readiness probe. - failureThreshold: 3 - # checksAgent.readinessProbe.initialDelaySeconds -- `initialDelaySeconds` for the readiness probe. - initialDelaySeconds: 15 - # checksAgent.readinessProbe.periodSeconds -- `periodSeconds` for the readiness probe. - periodSeconds: 15 - # checksAgent.readinessProbe.successThreshold -- `successThreshold` for the readiness probe. - successThreshold: 1 - # checksAgent.readinessProbe.timeoutSeconds -- `timeoutSeconds` for the readiness probe. - timeoutSeconds: 5 - - # checksAgent.replicas -- Number of clusterchecks agent pods to schedule - replicas: 1 - - resources: - limits: - # checksAgent.resources.limits.cpu -- CPU resource limits. - cpu: "400m" - # checksAgent.resources.limits.cpu -- Memory resource limits. - memory: "600Mi" - requests: - # checksAgent.resources.requests.cpu -- CPU resource requests. - cpu: "20m" - # checksAgent.resources.requests.cpu -- Memory resource requests. - memory: "512Mi" - - serviceaccount: - # checksAgent.serviceaccount.annotations -- Annotations for the service account for the cluster checks pods - annotations: {} - - # checksAgent.strategy -- The strategy for the Deployment object. - strategy: - type: RollingUpdate - # rollingUpdate: - # maxUnavailable: 1 - - # checksAgent.nodeSelector -- Node labels for pod assignment. - nodeSelector: {} - - # checksAgent.tolerations -- Toleration labels for pod assignment. - tolerations: [] - - # checksAgent.affinity -- Affinity settings for pod assignment. - affinity: {} - -################################## -# http-header-injector variables # -################################## - -httpHeaderInjectorWebhook: - # httpHeaderInjectorWebhook.enabled -- Enable the webhook for injection http header injection sidecar proxy - enabled: false - -######################## -# StackState variables # -######################## - -stackstate: - # stackstate.manageOwnSecrets -- Set to true if you don't want this helm chart to create secrets for you. - manageOwnSecrets: false - # stackstate.customSecretName -- Name of the secret containing the receiver API key. - customSecretName: "" - # stackstate.customApiKeySecretKey -- Key in the secret containing the receiver API key. - customApiKeySecretKey: "sts-api-key" - # stackstate.customClusterAuthTokenSecretKey -- Key in the secret containing the cluster auth token. - customClusterAuthTokenSecretKey: "sts-cluster-auth-token" - # stackstate.apiKey -- (string) **PROVIDE YOUR API KEY HERE** API key to be used by the StackState agent. - apiKey: - cluster: - # stackstate.cluster.name -- (string) **PROVIDE KUBERNETES CLUSTER NAME HERE** Name of the Kubernetes cluster where the agent will be installed. - name: - # stackstate.cluster.authToken -- Provide a token to enable secure communication between the agent and the cluster agent. - authToken: "" - # stackstate.url -- (string) **PROVIDE STACKSTATE URL HERE** URL of the StackState installation to receive data from the agent. - url: diff --git a/charts/stackstate/stackstate-k8s-agent/1.0.88/.helmignore b/charts/stackstate/stackstate-k8s-agent/1.0.88/.helmignore deleted file mode 100644 index 15a5c1277..000000000 --- a/charts/stackstate/stackstate-k8s-agent/1.0.88/.helmignore +++ /dev/null @@ -1,26 +0,0 @@ -# Patterns to ignore when building packages. -# This supports shell glob matching, relative path matching, and -# negation (prefixed with !). Only one pattern per line. -.DS_Store -# Common VCS dirs -.git/ -.gitignore -.bzr/ -.bzrignore -.hg/ -.hgignore -.svn/ -# Common backup files -*.swp -*.bak -*.tmp -*~ -# Various IDEs -.project -.idea/ -*.tmproj -.vscode/ -linter_values.yaml -ci/ -installation/ -logo.svg diff --git a/charts/stackstate/stackstate-k8s-agent/1.0.88/Chart.lock b/charts/stackstate/stackstate-k8s-agent/1.0.88/Chart.lock deleted file mode 100644 index a8df83f13..000000000 --- a/charts/stackstate/stackstate-k8s-agent/1.0.88/Chart.lock +++ /dev/null @@ -1,6 +0,0 @@ -dependencies: -- name: http-header-injector - repository: https://helm.stackstate.io - version: 0.0.11 -digest: sha256:ae5ad7c3176f89b71aabef7cd75f99394750f4fffb9905b86fb45c345595c24c -generated: "2024-05-30T13:30:45.346757+02:00" diff --git a/charts/stackstate/stackstate-k8s-agent/1.0.88/Chart.yaml b/charts/stackstate/stackstate-k8s-agent/1.0.88/Chart.yaml deleted file mode 100644 index 1c3f4e4fe..000000000 --- a/charts/stackstate/stackstate-k8s-agent/1.0.88/Chart.yaml +++ /dev/null @@ -1,25 +0,0 @@ -annotations: - catalog.cattle.io/certified: partner - catalog.cattle.io/display-name: StackState Agent - catalog.cattle.io/kube-version: '>=1.19.0-0' - catalog.cattle.io/release-name: stackstate-k8s-agent -apiVersion: v2 -appVersion: 3.0.0 -dependencies: -- alias: httpHeaderInjectorWebhook - name: http-header-injector - repository: file://./charts/http-header-injector - version: 0.0.11 -deprecated: true -description: Helm chart for the StackState Agent. -home: https://github.com/StackVista/stackstate-agent -icon: https://raw.githubusercontent.com/StackVista/helm-charts/master/stable/stackstate-k8s-agent/logo.svg -keywords: -- monitoring -- observability -- stackstate -maintainers: -- email: ops@stackstate.com - name: Stackstate -name: stackstate-k8s-agent -version: 1.0.88 diff --git a/charts/stackstate/stackstate-k8s-agent/1.0.88/README.md b/charts/stackstate/stackstate-k8s-agent/1.0.88/README.md deleted file mode 100644 index 9baccc001..000000000 --- a/charts/stackstate/stackstate-k8s-agent/1.0.88/README.md +++ /dev/null @@ -1,263 +0,0 @@ -# stackstate-k8s-agent - -Helm chart for the StackState Agent. - -Current chart version is `1.0.88` - -**Homepage:** - -## Requirements - -| Repository | Name | Version | -|------------|------|---------| -| https://helm.stackstate.io | httpHeaderInjectorWebhook(http-header-injector) | 0.0.11 | - -## Required Values - -In order to successfully install this chart, you **must** provide the following variables: - -* `stackstate.apiKey` -* `stackstate.cluster.name` -* `stackstate.url` - -The parameter `stackstate.cluster.name` is entered when installing the Cluster Agent StackPack. - -Install them on the command line on Helm with the following command: - -```shell -helm install \ ---set-string 'stackstate.apiKey'='' \ ---set-string 'stackstate.cluster.name'='' \ ---set-string 'stackstate.url'='' \ -stackstate/stackstate-k8s-agent -``` - -## Recommended Values - -It is also recommended that you set a value for `stackstate.cluster.authToken`. If it is not provided, a value will be generated for you, but the value will change each time an upgrade is performed. - -The command for **also** installing with a set token would be: - -```shell -helm install \ ---set-string 'stackstate.apiKey'='' \ ---set-string 'stackstate.cluster.name'='' \ ---set-string 'stackstate.cluster.authToken'='' \ ---set-string 'stackstate.url'='' \ -stackstate/stackstate-k8s-agent -``` - -## Values - -| Key | Type | Default | Description | -|-----|------|---------|-------------| -| all.hardening.enabled | bool | `false` | An indication of whether the containers will be evaluated for hardening at runtime | -| all.image.registry | string | `"quay.io"` | The image registry to use. | -| checksAgent.affinity | object | `{}` | Affinity settings for pod assignment. | -| checksAgent.apm.enabled | bool | `true` | Enable / disable the agent APM module. | -| checksAgent.checksTagCardinality | string | `"orchestrator"` | | -| checksAgent.config | object | `{"override":[]}` | | -| checksAgent.config.override | list | `[]` | A list of objects containing three keys `name`, `path` and `data`, specifying filenames at specific paths which need to be (potentially) overridden using a mounted configmap | -| checksAgent.enabled | bool | `true` | Enable / disable runnning cluster checks in a separately deployed pod | -| checksAgent.image.pullPolicy | string | `"IfNotPresent"` | Default container image pull policy. | -| checksAgent.image.repository | string | `"stackstate/stackstate-k8s-agent"` | Base container image repository. | -| checksAgent.image.tag | string | `"6e5ef78f"` | Default container image tag. | -| checksAgent.livenessProbe.enabled | bool | `true` | Enable use of livenessProbe check. | -| checksAgent.livenessProbe.failureThreshold | int | `3` | `failureThreshold` for the liveness probe. | -| checksAgent.livenessProbe.initialDelaySeconds | int | `15` | `initialDelaySeconds` for the liveness probe. | -| checksAgent.livenessProbe.periodSeconds | int | `15` | `periodSeconds` for the liveness probe. | -| checksAgent.livenessProbe.successThreshold | int | `1` | `successThreshold` for the liveness probe. | -| checksAgent.livenessProbe.timeoutSeconds | int | `5` | `timeoutSeconds` for the liveness probe. | -| checksAgent.logLevel | string | `"INFO"` | Logging level for clusterchecks agent processes. | -| checksAgent.networkTracing.enabled | bool | `true` | Enable / disable the agent network tracing module. | -| checksAgent.nodeSelector | object | `{}` | Node labels for pod assignment. | -| checksAgent.priorityClassName | string | `""` | Priority class for clusterchecks agent pods. | -| checksAgent.processAgent.enabled | bool | `true` | Enable / disable the agent process agent module. | -| checksAgent.readinessProbe.enabled | bool | `true` | Enable use of readinessProbe check. | -| checksAgent.readinessProbe.failureThreshold | int | `3` | `failureThreshold` for the readiness probe. | -| checksAgent.readinessProbe.initialDelaySeconds | int | `15` | `initialDelaySeconds` for the readiness probe. | -| checksAgent.readinessProbe.periodSeconds | int | `15` | `periodSeconds` for the readiness probe. | -| checksAgent.readinessProbe.successThreshold | int | `1` | `successThreshold` for the readiness probe. | -| checksAgent.readinessProbe.timeoutSeconds | int | `5` | `timeoutSeconds` for the readiness probe. | -| checksAgent.replicas | int | `1` | Number of clusterchecks agent pods to schedule | -| checksAgent.resources.limits.cpu | string | `"400m"` | Memory resource limits. | -| checksAgent.resources.limits.memory | string | `"600Mi"` | | -| checksAgent.resources.requests.cpu | string | `"20m"` | Memory resource requests. | -| checksAgent.resources.requests.memory | string | `"512Mi"` | | -| checksAgent.scc.enabled | bool | `false` | Enable / disable the installation of the SecurityContextConfiguration needed for installation on OpenShift | -| checksAgent.serviceaccount.annotations | object | `{}` | Annotations for the service account for the cluster checks pods | -| checksAgent.skipSslValidation | bool | `false` | Set to true if self signed certificates are used. | -| checksAgent.strategy | object | `{"type":"RollingUpdate"}` | The strategy for the Deployment object. | -| checksAgent.tolerations | list | `[]` | Toleration labels for pod assignment. | -| clusterAgent.affinity | object | `{}` | Affinity settings for pod assignment. | -| clusterAgent.collection.kubeStateMetrics.annotationsAsTags | object | `{}` | Extra annotations to collect from resources and to turn into StackState tag. | -| clusterAgent.collection.kubeStateMetrics.clusterCheck | bool | `false` | For large clusters where the Kubernetes State Metrics Check Core needs to be distributed on dedicated workers. | -| clusterAgent.collection.kubeStateMetrics.enabled | bool | `true` | Enable / disable the cluster agent kube-state-metrics collection. | -| clusterAgent.collection.kubeStateMetrics.labelsAsTags | object | `{}` | Extra labels to collect from resources and to turn into StackState tag. # It has the following structure: # labelsAsTags: # : # can be pod, deployment, node, etc. # : # where is the kubernetes label and is the StackState tag # : # : # : # # Warning: the label must match the transformation done by kube-state-metrics, # for example tags.stackstate/version becomes tags_stackstate_version. | -| clusterAgent.collection.kubernetesEvents | bool | `true` | Enable / disable the cluster agent events collection. | -| clusterAgent.collection.kubernetesMetrics | bool | `true` | Enable / disable the cluster agent metrics collection. | -| clusterAgent.collection.kubernetesResources.configmaps | bool | `true` | Enable / disable collection of ConfigMaps. | -| clusterAgent.collection.kubernetesResources.cronjobs | bool | `true` | Enable / disable collection of CronJobs. | -| clusterAgent.collection.kubernetesResources.daemonsets | bool | `true` | Enable / disable collection of DaemonSets. | -| clusterAgent.collection.kubernetesResources.deployments | bool | `true` | Enable / disable collection of Deployments. | -| clusterAgent.collection.kubernetesResources.endpoints | bool | `true` | Enable / disable collection of Endpoints. If endpoints are disabled then StackState won't be able to connect a Service to Pods that serving it | -| clusterAgent.collection.kubernetesResources.horizontalpodautoscalers | bool | `true` | Enable / disable collection of HorizontalPodAutoscalers. | -| clusterAgent.collection.kubernetesResources.ingresses | bool | `true` | Enable / disable collection of Ingresses. | -| clusterAgent.collection.kubernetesResources.jobs | bool | `true` | Enable / disable collection of Jobs. | -| clusterAgent.collection.kubernetesResources.limitranges | bool | `true` | Enable / disable collection of LimitRanges. | -| clusterAgent.collection.kubernetesResources.namespaces | bool | `true` | Enable / disable collection of Namespaces. | -| clusterAgent.collection.kubernetesResources.persistentvolumeclaims | bool | `true` | Enable / disable collection of PersistentVolumeClaims. Disabling these will not let StackState connect PersistentVolumes to pods they are attached to | -| clusterAgent.collection.kubernetesResources.persistentvolumes | bool | `true` | Enable / disable collection of PersistentVolumes. | -| clusterAgent.collection.kubernetesResources.poddisruptionbudgets | bool | `true` | Enable / disable collection of PodDisruptionBudgets. | -| clusterAgent.collection.kubernetesResources.replicasets | bool | `true` | Enable / disable collection of ReplicaSets. | -| clusterAgent.collection.kubernetesResources.replicationcontrollers | bool | `true` | Enable / disable collection of ReplicationControllers. | -| clusterAgent.collection.kubernetesResources.resourcequotas | bool | `true` | Enable / disable collection of ResourceQuotas. | -| clusterAgent.collection.kubernetesResources.secrets | bool | `true` | Enable / disable collection of Secrets. | -| clusterAgent.collection.kubernetesResources.statefulsets | bool | `true` | Enable / disable collection of StatefulSets. | -| clusterAgent.collection.kubernetesResources.storageclasses | bool | `true` | Enable / disable collection of StorageClasses. | -| clusterAgent.collection.kubernetesResources.volumeattachments | bool | `true` | Enable / disable collection of Volume Attachments. Used to bind Nodes to Persistent Volumes. | -| clusterAgent.collection.kubernetesTimeout | int | `10` | Default timeout (in seconds) when obtaining information from the Kubernetes API. | -| clusterAgent.collection.kubernetesTopology | bool | `true` | Enable / disable the cluster agent topology collection. | -| clusterAgent.config | object | `{"configMap":{"maxDataSize":null},"events":{"categories":{}},"override":[],"topology":{"collectionInterval":90}}` | | -| clusterAgent.config.configMap.maxDataSize | string | `nil` | Maximum amount of characters for the data property of a ConfigMap collected by the kubernetes topology check | -| clusterAgent.config.events.categories | object | `{}` | Custom mapping from Kubernetes event reason to StackState event category. Categories allowed: Alerts, Activities, Changes, Others | -| clusterAgent.config.override | list | `[]` | A list of objects containing three keys `name`, `path` and `data`, specifying filenames at specific paths which need to be (potentially) overridden using a mounted configmap | -| clusterAgent.config.topology.collectionInterval | int | `90` | Interval for running topology collection, in seconds | -| clusterAgent.enabled | bool | `true` | Enable / disable the cluster agent. | -| clusterAgent.image.pullPolicy | string | `"IfNotPresent"` | Default container image pull policy. | -| clusterAgent.image.repository | string | `"stackstate/stackstate-k8s-cluster-agent"` | Base container image repository. | -| clusterAgent.image.tag | string | `"6e5ef78f"` | Default container image tag. | -| clusterAgent.livenessProbe.enabled | bool | `true` | Enable use of livenessProbe check. | -| clusterAgent.livenessProbe.failureThreshold | int | `3` | `failureThreshold` for the liveness probe. | -| clusterAgent.livenessProbe.initialDelaySeconds | int | `15` | `initialDelaySeconds` for the liveness probe. | -| clusterAgent.livenessProbe.periodSeconds | int | `15` | `periodSeconds` for the liveness probe. | -| clusterAgent.livenessProbe.successThreshold | int | `1` | `successThreshold` for the liveness probe. | -| clusterAgent.livenessProbe.timeoutSeconds | int | `5` | `timeoutSeconds` for the liveness probe. | -| clusterAgent.logLevel | string | `"INFO"` | Logging level for stackstate-k8s-agent processes. | -| clusterAgent.nodeSelector | object | `{}` | Node labels for pod assignment. | -| clusterAgent.priorityClassName | string | `""` | Priority class for stackstate-k8s-agent pods. | -| clusterAgent.readinessProbe.enabled | bool | `true` | Enable use of readinessProbe check. | -| clusterAgent.readinessProbe.failureThreshold | int | `3` | `failureThreshold` for the readiness probe. | -| clusterAgent.readinessProbe.initialDelaySeconds | int | `15` | `initialDelaySeconds` for the readiness probe. | -| clusterAgent.readinessProbe.periodSeconds | int | `15` | `periodSeconds` for the readiness probe. | -| clusterAgent.readinessProbe.successThreshold | int | `1` | `successThreshold` for the readiness probe. | -| clusterAgent.readinessProbe.timeoutSeconds | int | `5` | `timeoutSeconds` for the readiness probe. | -| clusterAgent.replicaCount | int | `1` | Number of replicas of the cluster agent to deploy. | -| clusterAgent.resources.limits.cpu | string | `"400m"` | CPU resource limits. | -| clusterAgent.resources.limits.memory | string | `"800Mi"` | Memory resource limits. | -| clusterAgent.resources.requests.cpu | string | `"70m"` | CPU resource requests. | -| clusterAgent.resources.requests.memory | string | `"512Mi"` | Memory resource requests. | -| clusterAgent.service.port | int | `5005` | Change the Cluster Agent service port | -| clusterAgent.service.targetPort | int | `5005` | Change the Cluster Agent service targetPort | -| clusterAgent.serviceaccount.annotations | object | `{}` | Annotations for the service account for the cluster agent pods | -| clusterAgent.skipSslValidation | bool | `false` | If true, ignores the server certificate being signed by an unknown authority. | -| clusterAgent.strategy | object | `{"type":"RollingUpdate"}` | The strategy for the Deployment object. | -| clusterAgent.tolerations | list | `[]` | Toleration labels for pod assignment. | -| fullnameOverride | string | `""` | Override the fullname of the chart. | -| global.extraAnnotations | object | `{}` | Extra annotations added ta all resources created by the helm chart | -| global.extraEnv.open | object | `{}` | Extra open environment variables to inject into pods. | -| global.extraEnv.secret | object | `{}` | Extra secret environment variables to inject into pods via a `Secret` object. | -| global.extraLabels | object | `{}` | Extra labels added ta all resources created by the helm chart | -| global.imagePullCredentials | object | `{}` | Globally define credentials for pulling images. | -| global.imagePullSecrets | list | `[]` | Secrets / credentials needed for container image registry. | -| global.proxy.url | string | `""` | Proxy for all traffic to stackstate | -| global.skipSslValidation | bool | `false` | Enable tls validation from client | -| httpHeaderInjectorWebhook.enabled | bool | `false` | Enable the webhook for injection http header injection sidecar proxy | -| logsAgent.affinity | object | `{}` | Affinity settings for pod assignment. | -| logsAgent.enabled | bool | `true` | Enable / disable k8s pod log collection | -| logsAgent.image.pullPolicy | string | `"IfNotPresent"` | Default container image pull policy. | -| logsAgent.image.repository | string | `"stackstate/promtail"` | Base container image repository. | -| logsAgent.image.tag | string | `"2.9.8-5b179aee"` | Default container image tag. | -| logsAgent.nodeSelector | object | `{}` | Node labels for pod assignment. | -| logsAgent.priorityClassName | string | `""` | Priority class for logsAgent pods. | -| logsAgent.resources.limits.cpu | string | `"1300m"` | Memory resource limits. | -| logsAgent.resources.limits.memory | string | `"192Mi"` | | -| logsAgent.resources.requests.cpu | string | `"20m"` | Memory resource requests. | -| logsAgent.resources.requests.memory | string | `"100Mi"` | | -| logsAgent.serviceaccount.annotations | object | `{}` | Annotations for the service account for the daemonset pods | -| logsAgent.skipSslValidation | bool | `false` | If true, ignores the server certificate being signed by an unknown authority. | -| logsAgent.tolerations | list | `[]` | Toleration labels for pod assignment. | -| logsAgent.updateStrategy | object | `{"rollingUpdate":{"maxUnavailable":100},"type":"RollingUpdate"}` | The update strategy for the DaemonSet object. | -| nameOverride | string | `""` | Override the name of the chart. | -| nodeAgent.affinity | object | `{}` | Affinity settings for pod assignment. | -| nodeAgent.apm.enabled | bool | `true` | Enable / disable the nodeAgent APM module. | -| nodeAgent.autoScalingEnabled | bool | `false` | Enable / disable autoscaling for the node agent pods. | -| nodeAgent.checksTagCardinality | string | `"orchestrator"` | low, orchestrator or high. Orchestrator level adds pod_name, high adds display_container_name | -| nodeAgent.config | object | `{"override":[]}` | | -| nodeAgent.config.override | list | `[]` | A list of objects containing three keys `name`, `path` and `data`, specifying filenames at specific paths which need to be (potentially) overridden using a mounted configmap | -| nodeAgent.containerRuntime.customSocketPath | string | `""` | If the container socket path does not match the default for CRI-O, Containerd or Docker, supply a custom socket path. | -| nodeAgent.containerRuntime.hostProc | string | `"/proc"` | | -| nodeAgent.containers.agent.env | object | `{}` | Additional environment variables for the agent container | -| nodeAgent.containers.agent.image.pullPolicy | string | `"IfNotPresent"` | Default container image pull policy. | -| nodeAgent.containers.agent.image.repository | string | `"stackstate/stackstate-k8s-agent"` | Base container image repository. | -| nodeAgent.containers.agent.image.tag | string | `"6e5ef78f"` | Default container image tag. | -| nodeAgent.containers.agent.livenessProbe.enabled | bool | `true` | Enable use of livenessProbe check. | -| nodeAgent.containers.agent.livenessProbe.failureThreshold | int | `3` | `failureThreshold` for the liveness probe. | -| nodeAgent.containers.agent.livenessProbe.initialDelaySeconds | int | `15` | `initialDelaySeconds` for the liveness probe. | -| nodeAgent.containers.agent.livenessProbe.periodSeconds | int | `15` | `periodSeconds` for the liveness probe. | -| nodeAgent.containers.agent.livenessProbe.successThreshold | int | `1` | `successThreshold` for the liveness probe. | -| nodeAgent.containers.agent.livenessProbe.timeoutSeconds | int | `5` | `timeoutSeconds` for the liveness probe. | -| nodeAgent.containers.agent.logLevel | string | `nil` | Set logging verbosity, valid log levels are: trace, debug, info, warn, error, critical, and off # If not set, fall back to the value of agent.logLevel. | -| nodeAgent.containers.agent.processAgent.enabled | bool | `false` | Enable / disable the agent process agent module. - deprecated | -| nodeAgent.containers.agent.readinessProbe.enabled | bool | `true` | Enable use of readinessProbe check. | -| nodeAgent.containers.agent.readinessProbe.failureThreshold | int | `3` | `failureThreshold` for the readiness probe. | -| nodeAgent.containers.agent.readinessProbe.initialDelaySeconds | int | `15` | `initialDelaySeconds` for the readiness probe. | -| nodeAgent.containers.agent.readinessProbe.periodSeconds | int | `15` | `periodSeconds` for the readiness probe. | -| nodeAgent.containers.agent.readinessProbe.successThreshold | int | `1` | `successThreshold` for the readiness probe. | -| nodeAgent.containers.agent.readinessProbe.timeoutSeconds | int | `5` | `timeoutSeconds` for the readiness probe. | -| nodeAgent.containers.agent.resources.limits.cpu | string | `"270m"` | Memory resource limits. | -| nodeAgent.containers.agent.resources.limits.memory | string | `"420Mi"` | | -| nodeAgent.containers.agent.resources.requests.cpu | string | `"20m"` | Memory resource requests. | -| nodeAgent.containers.agent.resources.requests.memory | string | `"180Mi"` | | -| nodeAgent.containers.processAgent.enabled | bool | `true` | Enable / disable the process agent container. | -| nodeAgent.containers.processAgent.env | object | `{}` | Additional environment variables for the process-agent container | -| nodeAgent.containers.processAgent.image.pullPolicy | string | `"IfNotPresent"` | Process-agent container image pull policy. | -| nodeAgent.containers.processAgent.image.registry | string | `nil` | | -| nodeAgent.containers.processAgent.image.repository | string | `"stackstate/stackstate-k8s-process-agent"` | Process-agent container image repository. | -| nodeAgent.containers.processAgent.image.tag | string | `"22891642"` | Default process-agent container image tag. | -| nodeAgent.containers.processAgent.logLevel | string | `nil` | Set logging verbosity, valid log levels are: trace, debug, info, warn, error, critical, and off # If not set, fall back to the value of agent.logLevel. | -| nodeAgent.containers.processAgent.procVolumeReadOnly | bool | `true` | Configure whether /host/proc is read only for the process agent container | -| nodeAgent.containers.processAgent.resources.limits.cpu | string | `"125m"` | Memory resource limits. | -| nodeAgent.containers.processAgent.resources.limits.memory | string | `"400Mi"` | | -| nodeAgent.containers.processAgent.resources.requests.cpu | string | `"25m"` | Memory resource requests. | -| nodeAgent.containers.processAgent.resources.requests.memory | string | `"128Mi"` | | -| nodeAgent.httpTracing.enabled | bool | `true` | | -| nodeAgent.logLevel | string | `"INFO"` | Logging level for agent processes. | -| nodeAgent.networkTracing.enabled | bool | `true` | Enable / disable the nodeAgent network tracing module. | -| nodeAgent.nodeSelector | object | `{}` | Node labels for pod assignment. | -| nodeAgent.priorityClassName | string | `""` | Priority class for nodeAgent pods. | -| nodeAgent.protocolInspection.enabled | bool | `true` | Enable / disable the nodeAgent protocol inspection. | -| nodeAgent.scaling.autoscalerLimits.agent.maximum.cpu | string | `"200m"` | Maximum CPU resource limits for main agent. | -| nodeAgent.scaling.autoscalerLimits.agent.maximum.memory | string | `"450Mi"` | Maximum memory resource limits for main agent. | -| nodeAgent.scaling.autoscalerLimits.agent.minimum.cpu | string | `"20m"` | Minimum CPU resource limits for main agent. | -| nodeAgent.scaling.autoscalerLimits.agent.minimum.memory | string | `"180Mi"` | Minimum memory resource limits for main agent. | -| nodeAgent.scaling.autoscalerLimits.processAgent.maximum.cpu | string | `"200m"` | Maximum CPU resource limits for process agent. | -| nodeAgent.scaling.autoscalerLimits.processAgent.maximum.memory | string | `"500Mi"` | Maximum memory resource limits for process agent. | -| nodeAgent.scaling.autoscalerLimits.processAgent.minimum.cpu | string | `"25m"` | Minimum CPU resource limits for process agent. | -| nodeAgent.scaling.autoscalerLimits.processAgent.minimum.memory | string | `"100Mi"` | Minimum memory resource limits for process agent. | -| nodeAgent.scc.enabled | bool | `false` | Enable / disable the installation of the SecurityContextConfiguration needed for installation on OpenShift. | -| nodeAgent.service | object | `{"annotations":{},"loadBalancerSourceRanges":["10.0.0.0/8"],"type":"ClusterIP"}` | The Kubernetes service for the agent | -| nodeAgent.service.annotations | object | `{}` | Annotations for the service | -| nodeAgent.service.loadBalancerSourceRanges | list | `["10.0.0.0/8"]` | The IP4 CIDR allowed to reach LoadBalancer for the service. For LoadBalancer type of service only. | -| nodeAgent.service.type | string | `"ClusterIP"` | Type of Kubernetes service: ClusterIP, LoadBalancer, NodePort | -| nodeAgent.serviceaccount.annotations | object | `{}` | Annotations for the service account for the agent daemonset pods | -| nodeAgent.skipKubeletTLSVerify | bool | `false` | Set to true if you want to skip kubelet tls verification. | -| nodeAgent.skipSslValidation | bool | `false` | Set to true if self signed certificates are used. | -| nodeAgent.tolerations | list | `[]` | Toleration labels for pod assignment. | -| nodeAgent.updateStrategy | object | `{"rollingUpdate":{"maxUnavailable":100},"type":"RollingUpdate"}` | The update strategy for the DaemonSet object. | -| openShiftLogging.installSecret | bool | `false` | Install a secret for logging on openshift | -| processAgent.checkIntervals.connections | int | `30` | Override the default value of the connections check interval in seconds. | -| processAgent.checkIntervals.container | int | `28` | Override the default value of the container check interval in seconds. | -| processAgent.checkIntervals.process | int | `32` | Override the default value of the process check interval in seconds. | -| processAgent.softMemoryLimit.goMemLimit | string | `"340MiB"` | Soft-limit for golang heap allocation, for sanity, must be around 85% of nodeAgent.containers.processAgent.resources.limits.cpu. | -| processAgent.softMemoryLimit.httpObservationsBufferSize | int | `40000` | Sets a maximum for the number of http observations to keep in memory between check runs, to use 40k requires around ~400Mib of memory. | -| processAgent.softMemoryLimit.httpStatsBufferSize | int | `40000` | Sets a maximum for the number of http stats to keep in memory between check runs, to use 40k requires around ~400Mib of memory. | -| stackstate.apiKey | string | `nil` | **PROVIDE YOUR API KEY HERE** API key to be used by the StackState agent. | -| stackstate.cluster.authToken | string | `""` | Provide a token to enable secure communication between the agent and the cluster agent. | -| stackstate.cluster.name | string | `nil` | **PROVIDE KUBERNETES CLUSTER NAME HERE** Name of the Kubernetes cluster where the agent will be installed. | -| stackstate.customApiKeySecretKey | string | `"sts-api-key"` | Key in the secret containing the receiver API key. | -| stackstate.customClusterAuthTokenSecretKey | string | `"sts-cluster-auth-token"` | Key in the secret containing the cluster auth token. | -| stackstate.customSecretName | string | `""` | Name of the secret containing the receiver API key. | -| stackstate.manageOwnSecrets | bool | `false` | Set to true if you don't want this helm chart to create secrets for you. | -| stackstate.url | string | `nil` | **PROVIDE STACKSTATE URL HERE** URL of the StackState installation to receive data from the agent. | -| targetSystem | string | `"linux"` | Target OS for this deployment (possible values: linux) | diff --git a/charts/stackstate/stackstate-k8s-agent/1.0.88/README.md.gotmpl b/charts/stackstate/stackstate-k8s-agent/1.0.88/README.md.gotmpl deleted file mode 100644 index 7909e6f0d..000000000 --- a/charts/stackstate/stackstate-k8s-agent/1.0.88/README.md.gotmpl +++ /dev/null @@ -1,45 +0,0 @@ -{{ template "chart.header" . }} -{{ template "chart.description" . }} - -Current chart version is `{{ template "chart.version" . }}` - -{{ template "chart.homepageLine" . }} - -{{ template "chart.requirementsSection" . }} - -## Required Values - -In order to successfully install this chart, you **must** provide the following variables: - -* `stackstate.apiKey` -* `stackstate.cluster.name` -* `stackstate.url` - -The parameter `stackstate.cluster.name` is entered when installing the Cluster Agent StackPack. - -Install them on the command line on Helm with the following command: - -```shell -helm install \ ---set-string 'stackstate.apiKey'='' \ ---set-string 'stackstate.cluster.name'='' \ ---set-string 'stackstate.url'='' \ -stackstate/stackstate-k8s-agent -``` - -## Recommended Values - -It is also recommended that you set a value for `stackstate.cluster.authToken`. If it is not provided, a value will be generated for you, but the value will change each time an upgrade is performed. - -The command for **also** installing with a set token would be: - -```shell -helm install \ ---set-string 'stackstate.apiKey'='' \ ---set-string 'stackstate.cluster.name'='' \ ---set-string 'stackstate.cluster.authToken'='' \ ---set-string 'stackstate.url'='' \ -stackstate/stackstate-k8s-agent -``` - -{{ template "chart.valuesSection" . }} diff --git a/charts/stackstate/stackstate-k8s-agent/1.0.88/Releasing.md b/charts/stackstate/stackstate-k8s-agent/1.0.88/Releasing.md deleted file mode 100644 index bab6c2b94..000000000 --- a/charts/stackstate/stackstate-k8s-agent/1.0.88/Releasing.md +++ /dev/null @@ -1,15 +0,0 @@ -To make a new release of this helm chart, follow the following steps: - - -- Create a branch from master -- Set the latest tags for the docker images, based on the dev settings (while we do not promote to prod, the moment we promote to prod we should take those tags) from https://gitlab.com/stackvista/devops/agent-promoter/-/blob/master/config.yml. Set the value to the folowing keys: - * stackstate-k8s-cluster-agent: - * [clusterAgent.image.tag] - * stackstate-k8s-agent: - * [nodeAgent.containers.agent.image.tag] - * [checksAgent.image.tag] - * stackstate-k8s-process-agent: - * [nodeAgent.containers.processAgent.image.tag] -- Bump the version of the chart -- Merge the mr and hit the public release button on the ci pipeline -- Manually smoke-test (deploy) the newly released stackstate/stackstate-k8s-agent chart to make sure it runs diff --git a/charts/stackstate/stackstate-k8s-agent/1.0.88/app-readme.md b/charts/stackstate/stackstate-k8s-agent/1.0.88/app-readme.md deleted file mode 100644 index 8025fe1d3..000000000 --- a/charts/stackstate/stackstate-k8s-agent/1.0.88/app-readme.md +++ /dev/null @@ -1,5 +0,0 @@ -## Introduction - -StackState is a modern Application Troubleshooting and Observability solution designed for the rapid evolving engineering landscape. With specific enhancements for Kubernetes environments it empowers engineers, allowing them to remediate application issues independently in production. - -The StackState Agent auto-discovers your entire environment in minutes, assimilating topology, logs, metrics, and events and sends this of to the StackState server. By using StackState you're able to tracke all activity in your environment in real-time and over time. StackState provides instant understanding of the business impact of an issue, offering end-to-end chain observability and ensuring that you can quickly correlate any product or environmental changes to the overall health of your cloud-native implementation. diff --git a/charts/stackstate/stackstate-k8s-agent/1.0.88/charts/http-header-injector/.helmignore b/charts/stackstate/stackstate-k8s-agent/1.0.88/charts/http-header-injector/.helmignore deleted file mode 100644 index 69790771c..000000000 --- a/charts/stackstate/stackstate-k8s-agent/1.0.88/charts/http-header-injector/.helmignore +++ /dev/null @@ -1,25 +0,0 @@ -# Patterns to ignore when building packages. -# This supports shell glob matching, relative path matching, and -# negation (prefixed with !). Only one pattern per line. -.DS_Store -# Common VCS dirs -.git/ -.gitignore -.bzr/ -.bzrignore -.hg/ -.hgignore -.svn/ -# Common backup files -*.swp -*.bak -*.tmp -*~ -# Various IDEs -.project -.idea/ -*.tmproj -.vscode/ -linter_values.yaml -ci/ -installation/ diff --git a/charts/stackstate/stackstate-k8s-agent/1.0.88/charts/http-header-injector/Chart.yaml b/charts/stackstate/stackstate-k8s-agent/1.0.88/charts/http-header-injector/Chart.yaml deleted file mode 100644 index ff28ae8da..000000000 --- a/charts/stackstate/stackstate-k8s-agent/1.0.88/charts/http-header-injector/Chart.yaml +++ /dev/null @@ -1,15 +0,0 @@ -apiVersion: v2 -appVersion: 0.0.1 -description: 'Helm chart for deploying the http-header-injector sidecar, which automatically - injects x-request-id into http traffic going through the cluster for pods which - have the annotation `http-header-injector.stackstate.io/inject: enabled` is set. ' -home: https://github.com/StackVista/http-header-injector -icon: https://www.stackstate.com/wp-content/uploads/2019/02/152x152-favicon.png -keywords: -- monitoring -- stackstate -maintainers: -- email: ops@stackstate.com - name: Stackstate Lupulus Team -name: http-header-injector -version: 0.0.11 diff --git a/charts/stackstate/stackstate-k8s-agent/1.0.88/charts/http-header-injector/README.md b/charts/stackstate/stackstate-k8s-agent/1.0.88/charts/http-header-injector/README.md deleted file mode 100644 index 840ff5240..000000000 --- a/charts/stackstate/stackstate-k8s-agent/1.0.88/charts/http-header-injector/README.md +++ /dev/null @@ -1,56 +0,0 @@ -# http-header-injector - -![Version: 0.0.11](https://img.shields.io/badge/Version-0.0.11-informational?style=flat-square) ![AppVersion: 0.0.1](https://img.shields.io/badge/AppVersion-0.0.1-informational?style=flat-square) - -Helm chart for deploying the http-header-injector sidecar, which automatically injects x-request-id into http traffic -going through the cluster for pods which have the annotation `http-header-injector.stackstate.io/inject: enabled` is set. - -**Homepage:** - -## Maintainers - -| Name | Email | Url | -| ---- | ------ | --- | -| Stackstate Lupulus Team | | | - -## Values - -| Key | Type | Default | Description | -|-----|------|---------|-------------| -| certificatePrehook | object | `{"image":{"pullPolicy":"IfNotPresent","registry":null,"repository":"stackstate/container-tools","tag":"1.4.0"},"resources":{"limits":{"cpu":"100m","memory":"200Mi"},"requests":{"cpu":"100m","memory":"200Mi"}}}` | Helm prehook to setup/remove a certificate for the sidecarInjector mutationwebhook | -| certificatePrehook.image.pullPolicy | string | `"IfNotPresent"` | Policy when pulling an image | -| certificatePrehook.image.registry | string | `nil` | Registry for the docker image. | -| certificatePrehook.image.tag | string | `"1.4.0"` | The tag for the docker image | -| debug | bool | `false` | Enable debugging. This will leave leave artifacts around like the prehook jobs for further inspection | -| enabled | bool | `true` | Enable/disable the mutationwebhook | -| global.extraAnnotations | object | `{}` | Extra annotations added ta all resources created by the helm chart | -| global.extraLabels | object | `{}` | Extra labels added ta all resources created by the helm chart | -| global.imagePullCredentials | object | `{}` | Globally define credentials for pulling images. | -| global.imagePullSecrets | list | `[]` | Globally add image pull secrets that are used. | -| global.imageRegistry | string | `nil` | Globally override the image registry that is used. Can be overridden by specific containers. Defaults to quay.io | -| images.pullSecretName | string | `nil` | | -| proxy | object | `{"image":{"pullPolicy":"IfNotPresent","registry":null,"repository":"stackstate/http-header-injector-proxy","tag":"sha-5ff79451"},"resources":{"limits":{"memory":"40Mi"},"requests":{"memory":"25Mi"}}}` | Proxy being injected into pods for rewriting http headers | -| proxy.image.pullPolicy | string | `"IfNotPresent"` | Policy when pulling an image | -| proxy.image.registry | string | `nil` | Registry for the docker image. | -| proxy.image.tag | string | `"sha-5ff79451"` | The tag for the docker image | -| proxy.resources.limits.memory | string | `"40Mi"` | Memory resource limits. | -| proxy.resources.requests.memory | string | `"25Mi"` | Memory resource requests. | -| proxyInit | object | `{"image":{"pullPolicy":"IfNotPresent","registry":null,"repository":"stackstate/http-header-injector-proxy-init","tag":"sha-5ff79451"}}` | InitContainer within pod which redirects traffic to the proxy container. | -| proxyInit.image.pullPolicy | string | `"IfNotPresent"` | Policy when pulling an image | -| proxyInit.image.registry | string | `nil` | Registry for the docker image | -| proxyInit.image.tag | string | `"sha-5ff79451"` | The tag for the docker image | -| sidecarInjector | object | `{"image":{"pullPolicy":"IfNotPresent","registry":null,"repository":"stackstate/generic-sidecar-injector","tag":"sha-9c852245"}}` | Service for injecting the proxy sidecar into pods | -| sidecarInjector.image.pullPolicy | string | `"IfNotPresent"` | Policy when pulling an image | -| sidecarInjector.image.registry | string | `nil` | Registry for the docker image. | -| sidecarInjector.image.tag | string | `"sha-9c852245"` | The tag for the docker image | -| webhook | object | `{"failurePolicy":"Ignore","tls":{"certManager":{"issuer":"","issuerKind":"ClusterIssuer","issuerNamespace":""},"mode":"generated","provided":{"caBundle":"","crt":"","key":""},"secret":{"name":""}}}` | MutationWebhook that will be installed to inject a sidecar into pods | -| webhook.failurePolicy | string | `"Ignore"` | How should the webhook fail? Best is to use Ignore, because there is a brief moment at initialization when the hook s there but the service not. Also, putting this to fail can cause the control plane be unresponsive. | -| webhook.tls.certManager.issuer | string | `""` | The issuer that is used for the webhook. Only used if you set webhook.tls.mode to "cert-manager". | -| webhook.tls.certManager.issuerKind | string | `"ClusterIssuer"` | The issuer kind that is used for the webhook, valid values are "Issuer" or "ClusterIssuer". Only used if you set webhook.tls.mode to "cert-manager". | -| webhook.tls.certManager.issuerNamespace | string | `""` | The namespace the cert-manager issuer is located in. If left empty defaults to the release's namespace that is used for the webhook. Only used if you set webhook.tls.mode to "cert-manager". | -| webhook.tls.mode | string | `"generated"` | The mode for the webhook. Can be "provided", "generated", "secret" or "cert-manager". If you want to use cert-manager, you need to install it first. NOTE: If you choose "generated", additional privileges are required to create the certificate and webhook at runtime. | -| webhook.tls.provided.caBundle | string | `""` | The caBundle that is used for the webhook. This is the certificate that is used to sign the webhook. Only used if you set webhook.tls.mode to "provided". | -| webhook.tls.provided.crt | string | `""` | The certificate that is used for the webhook. Only used if you set webhook.tls.mode to "provided". | -| webhook.tls.provided.key | string | `""` | The key that is used for the webhook. Only used if you set webhook.tls.mode to "provided". | -| webhook.tls.secret.name | string | `""` | The name of the secret containing the pre-provisioned certificate data that is used for the webhook. Only used if you set webhook.tls.mode to "secret". | - diff --git a/charts/stackstate/stackstate-k8s-agent/1.0.88/charts/http-header-injector/Readme.md.gotpl b/charts/stackstate/stackstate-k8s-agent/1.0.88/charts/http-header-injector/Readme.md.gotpl deleted file mode 100644 index 225032aa2..000000000 --- a/charts/stackstate/stackstate-k8s-agent/1.0.88/charts/http-header-injector/Readme.md.gotpl +++ /dev/null @@ -1,26 +0,0 @@ -{{ template "chart.header" . }} -{{ template "chart.description" . }} - -Current chart version is `{{ template "chart.version" . }}` - -{{ template "chart.homepageLine" . }} - -{{ template "chart.requirementsSection" . }} - -## Required Values - -No values have to be included to install this chart. After installing this chart, it becomes possible to annotate pods with -the `http-header-injector.stackstate.io/inject: enabled` annotation to make sure the sidecar provided by this chart is -activated on a pod. - -## Recommended Values - -{{ template "chart.valuesSection" . -}} - -## Install - -Install from the command line on Helm with the following command: - -```shell -helm install stackstate/http-header-injector -``` diff --git a/charts/stackstate/stackstate-k8s-agent/1.0.88/charts/http-header-injector/templates/_defines.tpl b/charts/stackstate/stackstate-k8s-agent/1.0.88/charts/http-header-injector/templates/_defines.tpl deleted file mode 100644 index ee6b7320e..000000000 --- a/charts/stackstate/stackstate-k8s-agent/1.0.88/charts/http-header-injector/templates/_defines.tpl +++ /dev/null @@ -1,131 +0,0 @@ -{{- define "http-header-injector.app.name" -}} -{{ .Release.Name }}-http-header-injector -{{- end -}} - -{{- define "http-header-injector.webhook-service.name" -}} -{{ .Release.Name }}-http-header-injector -{{- end -}} - -{{- define "http-header-injector.webhook-service.fqname" -}} -{{ .Release.Name }}-http-header-injector.{{ .Release.Namespace }}.svc -{{- end -}} - -{{- define "http-header-injector.cert-secret.name" -}} -{{- if eq .Values.webhook.tls.mode "secret" -}} -{{ .Values.webhook.tls.secret.name }} -{{- else -}} -{{ .Release.Name }}-http-injector-cert -{{- end -}} -{{- end -}} - -{{- define "http-header-injector.cert-clusterrole.name" -}} -{{ .Release.Name }}-http-injector-cert-cluster-role -{{- end -}} - -{{- define "http-header-injector.cert-serviceaccount.name" -}} -{{ .Release.Name }}-http-injector-cert-sa -{{- end -}} - -{{- define "http-header-injector.cert-config.name" -}} -{{ .Release.Name }}-cert-config -{{- end -}} - -{{- define "http-header-injector.mutatingwebhookconfiguration.name" -}} -{{ .Release.Name }}-http-header-injector-webhook.stackstate.io -{{- end -}} - -{{- define "http-header-injector.webhook-config.name" -}} -{{ .Release.Name }}-http-header-injector-config -{{- end -}} - -{{- define "http-header-injector.mutating-webhook.name" -}} -{{ .Release.Name }}-http-header-injector-webhook -{{- end -}} - -{{- define "http-header-injector.pull-secret.name" -}} -{{ include "http-header-injector.app.name" . }}-pull-secret -{{- end -}} - -{{/* If the issuer is located in a different namespace, it is possible to set that, else default to the release namespace */}} -{{- define "cert-manager.certificate.namespace" -}} -{{ .Values.webhook.tls.certManager.issuerNamespace | default .Release.Namespace }} -{{- end -}} - -{{- define "http-header-injector.image.registry.global" -}} - {{- if .Values.global }} - {{- .Values.global.imageRegistry | default "quay.io" -}} - {{- else -}} - quay.io - {{- end -}} -{{- end -}} - -{{- define "http-header-injector.image.registry" -}} - {{- if ((.ContainerConfig).image).registry -}} - {{- tpl .ContainerConfig.image.registry . -}} - {{- else -}} - {{- include "http-header-injector.image.registry.global" . }} - {{- end -}} -{{- end -}} - -{{- define "http-header-injector.image.pullSecrets" -}} - {{- $pullSecrets := list }} - {{- $pullSecrets = append $pullSecrets (include "http-header-injector.pull-secret.name" .) }} - {{- range .Values.global.imagePullSecrets -}} - {{- $pullSecrets = append $pullSecrets . -}} - {{- end -}} - {{- if (not (empty $pullSecrets)) -}} -imagePullSecrets: - {{- range $pullSecrets | uniq }} - - name: {{ . }} - {{- end }} - {{- end -}} -{{- end -}} - -{{- define "http-header-injector.cert-setup.container.main" }} -{{- $containerConfig := dict "ContainerConfig" .Values.certificatePrehook -}} -name: webhook-cert-setup -image: "{{ include "http-header-injector.image.registry" (merge $containerConfig .) }}/{{ .Values.certificatePrehook.image.repository }}:{{ .Values.certificatePrehook.image.tag }}" -imagePullPolicy: {{ .Values.certificatePrehook.image.pullPolicy }} -{{- with .Values.certificatePrehook.resources }} -resources: - {{- toYaml . | nindent 2 }} -{{- end }} -volumeMounts: - - name: "{{ include "http-header-injector.cert-config.name" . }}" - mountPath: /scripts - readOnly: true -command: ["/scripts/generate-cert.sh"] -{{- end }} - -{{- define "http-header-injector.cert-delete.container.main" }} -{{- $containerConfig := dict "ContainerConfig" .Values.certificatePrehook -}} -name: webhook-cert-delete -image: "{{ include "http-header-injector.image.registry" (merge $containerConfig .) }}/{{ .Values.certificatePrehook.image.repository }}:{{ .Values.certificatePrehook.image.tag }}" -imagePullPolicy: {{ .Values.certificatePrehook.image.pullPolicy }} -{{- with .Values.certificatePrehook.resources }} -resources: - {{- toYaml . | nindent 2 }} -{{- end }} -volumeMounts: - - name: "{{ include "http-header-injector.cert-config.name" . }}" - mountPath: /scripts -command: [ "/scripts/delete-cert.sh" ] -{{- end }} - -{{/* -Returns a YAML with extra annotations. -*/}} -{{- define "http-header-injector.global.extraAnnotations" -}} -{{- with .Values.global.extraAnnotations }} -{{- toYaml . }} -{{- end }} -{{- end -}} - -{{/* -Returns a YAML with extra labels. -*/}} -{{- define "http-header-injector.global.extraLabels" -}} -{{- with .Values.global.extraLabels }} -{{- toYaml . }} -{{- end }} -{{- end -}} \ No newline at end of file diff --git a/charts/stackstate/stackstate-k8s-agent/1.0.88/charts/http-header-injector/templates/cert-hook-clusterrolbinding.yaml b/charts/stackstate/stackstate-k8s-agent/1.0.88/charts/http-header-injector/templates/cert-hook-clusterrolbinding.yaml deleted file mode 100644 index fc0c01258..000000000 --- a/charts/stackstate/stackstate-k8s-agent/1.0.88/charts/http-header-injector/templates/cert-hook-clusterrolbinding.yaml +++ /dev/null @@ -1,24 +0,0 @@ -{{- if eq .Values.webhook.tls.mode "generated" }} -apiVersion: rbac.authorization.k8s.io/v1 -kind: ClusterRoleBinding -metadata: - name: "{{ include "http-header-injector.cert-serviceaccount.name" . }}" - labels: - app.kubernetes.io/component: http-header-injector-cert-hook - app.kubernetes.io/instance: {{ .Release.Name }} - app.kubernetes.io/name: {{ include "http-header-injector.app.name" . }} -{{ include "http-header-injector.global.extraLabels" . | indent 4 }} - annotations: - "helm.sh/hook": pre-install,pre-upgrade,post-delete,post-upgrade - "helm.sh/hook-weight": "-3" - "helm.sh/hook-delete-policy": before-hook-creation,hook-succeeded -{{ include "http-header-injector.global.extraAnnotations" . | indent 4 }} -roleRef: - apiGroup: rbac.authorization.k8s.io - kind: ClusterRole - name: "{{ include "http-header-injector.cert-clusterrole.name" . }}" -subjects: - - kind: ServiceAccount - name: "{{ include "http-header-injector.cert-serviceaccount.name" . }}" - namespace: {{ .Release.Namespace }} -{{- end }} diff --git a/charts/stackstate/stackstate-k8s-agent/1.0.88/charts/http-header-injector/templates/cert-hook-clusterrole.yaml b/charts/stackstate/stackstate-k8s-agent/1.0.88/charts/http-header-injector/templates/cert-hook-clusterrole.yaml deleted file mode 100644 index afab838b3..000000000 --- a/charts/stackstate/stackstate-k8s-agent/1.0.88/charts/http-header-injector/templates/cert-hook-clusterrole.yaml +++ /dev/null @@ -1,26 +0,0 @@ -{{- if eq .Values.webhook.tls.mode "generated" }} -apiVersion: rbac.authorization.k8s.io/v1 -kind: ClusterRole -metadata: - name: "{{ include "http-header-injector.cert-clusterrole.name" . }}" - labels: - app.kubernetes.io/component: http-header-injector-cert-hook - app.kubernetes.io/instance: {{ .Release.Name }} - app.kubernetes.io/name: {{ include "http-header-injector.app.name" . }} -{{ include "http-header-injector.global.extraLabels" . | indent 4 }} - annotations: - "helm.sh/hook": pre-install,pre-upgrade,post-delete,post-upgrade - "helm.sh/hook-weight": "-4" - "helm.sh/hook-delete-policy": before-hook-creation,hook-succeeded -{{ include "http-header-injector.global.extraAnnotations" . | indent 4 }} -rules: - - apiGroups: [ "admissionregistration.k8s.io" ] - resources: [ "mutatingwebhookconfigurations" ] - verbs: [ "get", "create", "patch","update","delete" ] - - apiGroups: [ "" ] - resources: [ "secrets" ] - verbs: [ "create", "get", "patch","update","delete" ] - - apiGroups: [ "apps" ] - resources: [ "deployments" ] - verbs: [ "get" ] -{{- end }} diff --git a/charts/stackstate/stackstate-k8s-agent/1.0.88/charts/http-header-injector/templates/cert-hook-config.yaml b/charts/stackstate/stackstate-k8s-agent/1.0.88/charts/http-header-injector/templates/cert-hook-config.yaml deleted file mode 100644 index a22bdf4fb..000000000 --- a/charts/stackstate/stackstate-k8s-agent/1.0.88/charts/http-header-injector/templates/cert-hook-config.yaml +++ /dev/null @@ -1,158 +0,0 @@ -{{- if eq .Values.webhook.tls.mode "generated" }} -apiVersion: v1 -kind: ConfigMap -metadata: - name: "{{ include "http-header-injector.cert-config.name" . }}" - labels: - app.kubernetes.io/component: http-header-injector-cert-hook - app.kubernetes.io/instance: {{ .Release.Name }} - app.kubernetes.io/name: {{ include "http-header-injector.app.name" . }} -{{ include "http-header-injector.global.extraLabels" . | indent 4 }} - annotations: - "helm.sh/hook": pre-install,pre-upgrade,post-delete,post-upgrade - "helm.sh/hook-weight": "-3" - "helm.sh/hook-delete-policy": before-hook-creation,hook-succeeded -{{ include "http-header-injector.global.extraAnnotations" . | indent 4 }} -data: - generate-cert.sh: | - #!/bin/bash - - # We are going for a self-signed certificate here. We would like to use k8s CertificateSigningRequest, however, - # currently there are no out of the box signers that can sign a 'server auth' certificate, which is required for mutation webhooks. - set -ex - - SCRIPTDIR="${BASH_SOURCE%/*}" - - DIR=`mktemp -d` - - cd "$DIR" - - {{ if .Values.enabled }} - echo "Chart enabled, creating secret and webhook" - - openssl genrsa -out ca.key 2048 - - openssl req -x509 -new -nodes -key ca.key -subj "/CN={{ include "http-header-injector.webhook-service.fqname" . }}" -days 10000 -out ca.crt - - openssl genrsa -out tls.key 2048 - - openssl req -new -key tls.key -out tls.csr -config "$SCRIPTDIR/csr.conf" - - openssl x509 -req -in tls.csr -CA ca.crt -CAkey ca.key \ - -CAcreateserial -out tls.crt -days 10000 \ - -extensions v3_ext -extfile "$SCRIPTDIR/csr.conf" -sha256 - - # Create or update the secret - echo "Applying secret" - kubectl create secret tls "{{ include "http-header-injector.cert-secret.name" . }}" \ - -n "{{ .Release.Namespace }}" \ - --cert=./tls.crt \ - --key=./tls.key \ - --dry-run=client \ - -o yaml | kubectl apply -f - - - echo "Applying mutationwebhook" - caBundle=`base64 -w 0 ca.crt` - cat "$SCRIPTDIR/mutatingwebhookconfiguration.yaml" | sed "s/\\\$CA_BUNDLE/$caBundle/g" | kubectl apply -f - - {{ else }} - echo "Chart disabled, not creating secret and webhook" - {{ end }} - delete-cert.sh: | - #!/bin/bash - - set -x - - DIR="${BASH_SOURCE%/*}" - if [[ ! -d "$DIR" ]]; then DIR="$PWD"; fi - if [[ "$DIR" = "." ]]; then DIR="$PWD"; fi - - cd "$DIR" - - # Using detection of deployment hee to also make this work in post-delete. - if kubectl get deployments "{{ include "http-header-injector.app.name" . }}" -n "{{ .Release.Namespace }}"; then - echo "Chart enabled, not removing secret and mutationwebhook" - exit 0 - else - echo "Chart disabled, removing secret and mutationwebhook" - fi - - # Create or update the secret - echo "Deleting secret" - kubectl delete secret "{{ include "http-header-injector.cert-secret.name" . }}" -n "{{ .Release.Namespace }}" - - echo "Applying mutationwebhook" - kubectl delete MutatingWebhookConfiguration "{{ include "http-header-injector.mutating-webhook.name" . }}" -n "{{ .Release.Namespace }}" - - exit 0 - - csr.conf: | - [ req ] - default_bits = 2048 - prompt = no - default_md = sha256 - req_extensions = req_ext - distinguished_name = dn - - [ dn ] - C = NL - ST = Utrecht - L = Hilversum - O = StackState - OU = Dev - CN = {{ include "http-header-injector.webhook-service.fqname" . }} - - [ req_ext ] - subjectAltName = @alt_names - - [ alt_names ] - DNS.1 = {{ include "http-header-injector.webhook-service.fqname" . }} - - [ v3_ext ] - authorityKeyIdentifier=keyid,issuer:always - basicConstraints=CA:FALSE - keyUsage=keyEncipherment,dataEncipherment - extendedKeyUsage=serverAuth - subjectAltName=@alt_names - - mutatingwebhookconfiguration.yaml: | - apiVersion: admissionregistration.k8s.io/v1 - kind: MutatingWebhookConfiguration - metadata: - name: "{{ include "http-header-injector.mutating-webhook.name" . }}" - namespace: "{{ .Release.Namespace }}" - labels: -{{ include "http-header-injector.global.extraLabels" . | indent 8 }} - annotations: -{{ include "http-header-injector.global.extraAnnotations" . | indent 8 }} - webhooks: - - clientConfig: - caBundle: "$CA_BUNDLE" - service: - name: "{{ include "http-header-injector.webhook-service.name" . }}" - path: /mutate - namespace: {{ .Release.Namespace }} - port: 8443 - # Putting failure on ignore, not doing so can crash the entire control plane if something goes wrong with the service. - failurePolicy: "{{ .Values.webhook.failurePolicy }}" - name: "{{ include "http-header-injector.mutatingwebhookconfiguration.name" . }}" - namespaceSelector: - matchExpressions: - - key: kubernetes.io/metadata.name - operator: NotIn - values: - - kube-system - - cert-manager - - {{ .Release.Namespace }} - rules: - - apiGroups: - - "" - apiVersions: - - v1 - operations: - - CREATE - resources: - - pods - sideEffects: None - admissionReviewVersions: - - v1 -{{- end }} diff --git a/charts/stackstate/stackstate-k8s-agent/1.0.88/charts/http-header-injector/templates/cert-hook-job-delete.yaml b/charts/stackstate/stackstate-k8s-agent/1.0.88/charts/http-header-injector/templates/cert-hook-job-delete.yaml deleted file mode 100644 index 6f72ce247..000000000 --- a/charts/stackstate/stackstate-k8s-agent/1.0.88/charts/http-header-injector/templates/cert-hook-job-delete.yaml +++ /dev/null @@ -1,39 +0,0 @@ -{{- if eq .Values.webhook.tls.mode "generated" }} -apiVersion: batch/v1 -kind: Job -metadata: - name: {{ .Release.Name }}-header-injector-cert-delete - labels: - app.kubernetes.io/component: http-header-injector-cert-hook-delete - app.kubernetes.io/instance: {{ .Release.Name }} - app.kubernetes.io/name: {{ include "http-header-injector.app.name" . }} -{{ include "http-header-injector.global.extraLabels" . | indent 4 }} - annotations: - "helm.sh/hook": post-delete,post-upgrade - "helm.sh/hook-weight": "-2" - "helm.sh/hook-delete-policy": before-hook-creation{{- if not .Values.debug -}},hook-succeeded{{- end }} -{{ include "http-header-injector.global.extraAnnotations" . | indent 4 }} -spec: - template: - metadata: - labels: - app.kubernetes.io/component: http-header-injector-delete - app.kubernetes.io/instance: {{ .Release.Name }} - app.kubernetes.io/name: {{ include "http-header-injector.app.name" . }} -{{ include "http-header-injector.global.extraLabels" . | indent 8 }} - annotations: - checksum/config: {{ include (print $.Template.BasePath "/cert-hook-config.yaml") . | sha256sum }} -{{ include "http-header-injector.global.extraAnnotations" . | indent 8 }} - spec: - serviceAccountName: "{{ include "http-header-injector.cert-serviceaccount.name" . }}" - {{- include "http-header-injector.image.pullSecrets" . | nindent 6 }} - volumes: - - name: "{{ include "http-header-injector.cert-config.name" . }}" - configMap: - name: "{{ include "http-header-injector.cert-config.name" . }}" - defaultMode: 0777 - containers: - - {{ include "http-header-injector.cert-delete.container.main" . | nindent 8 }} - restartPolicy: Never - backoffLimit: 0 -{{- end }} diff --git a/charts/stackstate/stackstate-k8s-agent/1.0.88/charts/http-header-injector/templates/cert-hook-job-setup.yaml b/charts/stackstate/stackstate-k8s-agent/1.0.88/charts/http-header-injector/templates/cert-hook-job-setup.yaml deleted file mode 100644 index cc1c89631..000000000 --- a/charts/stackstate/stackstate-k8s-agent/1.0.88/charts/http-header-injector/templates/cert-hook-job-setup.yaml +++ /dev/null @@ -1,39 +0,0 @@ -{{- if eq .Values.webhook.tls.mode "generated" }} -apiVersion: batch/v1 -kind: Job -metadata: - name: {{ .Release.Name }}-header-injector-cert-setup - labels: - app.kubernetes.io/component: http-header-injector-cert-hook-setup - app.kubernetes.io/instance: {{ .Release.Name }} - app.kubernetes.io/name: {{ include "http-header-injector.app.name" . }} -{{ include "http-header-injector.global.extraLabels" . | indent 4 }} - annotations: - "helm.sh/hook": pre-install,pre-upgrade - "helm.sh/hook-weight": "-2" - "helm.sh/hook-delete-policy": before-hook-creation{{- if not .Values.debug -}},hook-succeeded{{- end }} -{{ include "http-header-injector.global.extraAnnotations" . | indent 4 }} -spec: - template: - metadata: - labels: - app.kubernetes.io/component: http-header-injector-setup - app.kubernetes.io/instance: {{ .Release.Name }} - app.kubernetes.io/name: {{ include "http-header-injector.app.name" . }} -{{ include "http-header-injector.global.extraLabels" . | indent 8 }} - annotations: - checksum/config: {{ include (print $.Template.BasePath "/cert-hook-config.yaml") . | sha256sum }} -{{ include "http-header-injector.global.extraAnnotations" . | indent 8 }} - spec: - serviceAccountName: "{{ include "http-header-injector.cert-serviceaccount.name" . }}" - {{- include "http-header-injector.image.pullSecrets" . | nindent 6 }} - volumes: - - name: "{{ include "http-header-injector.cert-config.name" . }}" - configMap: - name: "{{ include "http-header-injector.cert-config.name" . }}" - defaultMode: 0777 - containers: - - {{ include "http-header-injector.cert-setup.container.main" . | nindent 8 }} - restartPolicy: Never - backoffLimit: 0 -{{- end }} diff --git a/charts/stackstate/stackstate-k8s-agent/1.0.88/charts/http-header-injector/templates/cert-hook-serviceaccount.yaml b/charts/stackstate/stackstate-k8s-agent/1.0.88/charts/http-header-injector/templates/cert-hook-serviceaccount.yaml deleted file mode 100644 index 29b26df95..000000000 --- a/charts/stackstate/stackstate-k8s-agent/1.0.88/charts/http-header-injector/templates/cert-hook-serviceaccount.yaml +++ /dev/null @@ -1,18 +0,0 @@ -{{- if eq .Values.webhook.tls.mode "generated" }} -apiVersion: v1 -kind: ServiceAccount -metadata: - name: "{{ include "http-header-injector.cert-serviceaccount.name" . }}" - namespace: {{ .Release.Namespace }} - annotations: - "helm.sh/hook": pre-install,pre-upgrade,post-delete,post-upgrade - "helm.sh/hook-weight": "-4" - "helm.sh/hook-delete-policy": before-hook-creation,hook-succeeded -{{ include "http-header-injector.global.extraAnnotations" . | indent 4 }} - labels: - app.kubernetes.io/component: http-header-injector-cert-hook - app.kubernetes.io/instance: {{ .Release.Name }} - app.kubernetes.io/name: {{ include "http-header-injector.app.name" . }} - app: "{{ include "http-header-injector.app.name" . }}" -{{ include "http-header-injector.global.extraLabels" . | indent 4 }} -{{- end }} diff --git a/charts/stackstate/stackstate-k8s-agent/1.0.88/charts/http-header-injector/templates/pull-secret.yaml b/charts/stackstate/stackstate-k8s-agent/1.0.88/charts/http-header-injector/templates/pull-secret.yaml deleted file mode 100644 index 80b4ee404..000000000 --- a/charts/stackstate/stackstate-k8s-agent/1.0.88/charts/http-header-injector/templates/pull-secret.yaml +++ /dev/null @@ -1,32 +0,0 @@ -{{- $defaultRegistry := .Values.global.imageRegistry }} -{{- $top := . }} -{{- $registryAuthMap := dict }} - -{{- range $registry, $credentials := .Values.global.imagePullCredentials }} - {{- $registryAuthDocument := dict -}} - {{- $_ := set $registryAuthDocument "username" $credentials.username }} - {{- $_ := set $registryAuthDocument "password" $credentials.password }} - {{- $authMessage := printf "%s:%s" $registryAuthDocument.username $registryAuthDocument.password | b64enc }} - {{- $_ := set $registryAuthDocument "auth" $authMessage }} - {{- if eq $registry "default" }} - {{- $registryAuthMap := set $registryAuthMap (include "http-header-injector.image.registry.global" $top) $registryAuthDocument }} - {{ else }} - {{- $registryAuthMap := set $registryAuthMap $registry $registryAuthDocument }} - {{- end }} -{{- end }} -{{- $dockerAuthsDocuments := dict "auths" $registryAuthMap }} - -apiVersion: v1 -kind: Secret -metadata: - labels: - app.kubernetes.io/component: http-header-injector - app.kubernetes.io/instance: {{ .Release.Name }} - app.kubernetes.io/name: {{ include "http-header-injector.app.name" . }} -{{ include "http-header-injector.global.extraLabels" . | indent 4 }} - annotations: -{{ include "http-header-injector.global.extraAnnotations" . | indent 4 }} - name: {{ include "http-header-injector.pull-secret.name" . }} -data: - .dockerconfigjson: {{ $dockerAuthsDocuments | toJson | b64enc | quote }} -type: kubernetes.io/dockerconfigjson \ No newline at end of file diff --git a/charts/stackstate/stackstate-k8s-agent/1.0.88/charts/http-header-injector/templates/webhook-cert-secret.yaml b/charts/stackstate/stackstate-k8s-agent/1.0.88/charts/http-header-injector/templates/webhook-cert-secret.yaml deleted file mode 100644 index f571ca86b..000000000 --- a/charts/stackstate/stackstate-k8s-agent/1.0.88/charts/http-header-injector/templates/webhook-cert-secret.yaml +++ /dev/null @@ -1,18 +0,0 @@ -{{- if eq .Values.webhook.tls.mode "provided" }} -apiVersion: v1 -kind: Secret -metadata: - name: {{ include "http-header-injector.cert-secret.name" . }} - namespace: {{ .Release.Namespace }} - labels: - app.kubernetes.io/component: http-header-injector - app.kubernetes.io/instance: {{ .Release.Name }} - app.kubernetes.io/name: {{ include "http-header-injector.app.name" . }} -{{ include "http-header-injector.global.extraLabels" . | indent 4 }} - annotations: -{{ include "http-header-injector.global.extraAnnotations" . | indent 4 }} -type: kubernetes.io/tls -data: - tls.crt: {{ .Values.webhook.tls.provided.crt | b64enc }} - tls.key: {{ .Values.webhook.tls.provided.key | b64enc }} -{{- end }} diff --git a/charts/stackstate/stackstate-k8s-agent/1.0.88/charts/http-header-injector/templates/webhook-certificate.yaml b/charts/stackstate/stackstate-k8s-agent/1.0.88/charts/http-header-injector/templates/webhook-certificate.yaml deleted file mode 100644 index a68c7c5f6..000000000 --- a/charts/stackstate/stackstate-k8s-agent/1.0.88/charts/http-header-injector/templates/webhook-certificate.yaml +++ /dev/null @@ -1,23 +0,0 @@ -{{- if eq .Values.webhook.tls.mode "cert-manager" }} -apiVersion: cert-manager.io/v1 -kind: Certificate -metadata: - name: {{ include "http-header-injector.webhook-service.name" . }} - namespace: {{ include "cert-manager.certificate.namespace" . }} - labels: - app.kubernetes.io/component: http-header-injector - app.kubernetes.io/instance: {{ .Release.Name }} - app.kubernetes.io/name: {{ include "http-header-injector.app.name" . }} -{{ include "http-header-injector.global.extraLabels" . | indent 4 }} - annotations: -{{ include "http-header-injector.global.extraAnnotations" . | indent 4 }} -spec: - secretName: {{ include "http-header-injector.cert-secret.name" . }} - issuerRef: - name: {{ .Values.webhook.tls.certManager.issuer }} - kind: {{ .Values.webhook.tls.certManager.issuerKind }} - dnsNames: - - "{{ include "http-header-injector.webhook-service.name" . }}" - - "{{ include "http-header-injector.webhook-service.name" . }}.{{ .Release.Namespace }}" - - "{{ include "http-header-injector.webhook-service.name" . }}.{{ .Release.Namespace }}.svc" -{{- end }} diff --git a/charts/stackstate/stackstate-k8s-agent/1.0.88/charts/http-header-injector/templates/webhook-config.yaml b/charts/stackstate/stackstate-k8s-agent/1.0.88/charts/http-header-injector/templates/webhook-config.yaml deleted file mode 100644 index 20b38ce96..000000000 --- a/charts/stackstate/stackstate-k8s-agent/1.0.88/charts/http-header-injector/templates/webhook-config.yaml +++ /dev/null @@ -1,128 +0,0 @@ -{{- if .Values.enabled -}} -{{- $proxyContainerConfig := dict "ContainerConfig" .Values.proxy -}} -{{- $proxyInitContainerConfig := dict "ContainerConfig" .Values.proxyInit -}} -apiVersion: v1 -kind: ConfigMap -metadata: - labels: - app.kubernetes.io/component: http-header-injector - app.kubernetes.io/instance: {{ .Release.Name }} - app.kubernetes.io/name: {{ include "http-header-injector.app.name" . }} -{{ include "http-header-injector.global.extraLabels" . | indent 4 }} - annotations: -{{ include "http-header-injector.global.extraAnnotations" . | indent 4 }} - name: {{ .Release.Name }}-http-header-injector-config -data: - sidecarconfig.yaml: | - initContainers: - - name: http-header-proxy-init - image: "{{ include "http-header-injector.image.registry" (merge $proxyInitContainerConfig .) }}/{{ .Values.proxyInit.image.repository }}:{{ .Values.proxyInit.image.tag }}" - imagePullPolicy: {{ .Values.proxyInit.image.pullPolicy }} - command: ["/init-iptables.sh"] - env: - - name: CHART_VERSION - value: "{{ .Chart.Version }}" - - name: PROXY_PORT - value: {% if index .Annotations "config.http-header-injector.stackstate.io/proxy-port" %}"{% index .Annotations "config.http-header-injector.stackstate.io/proxy-port" %}"{% else %}"7060"{% end %} - - name: PROXY_UID - value: {% if index .Annotations "config.http-header-injector.stackstate.io/proxy-uid" %}"{% index .Annotations "config.http-header-injector.stackstate.io/proxy-uid" %}"{% else %}"2103"{% end %} - - name: POD_HOST_NETWORK - value: {% .Spec.HostNetwork %} - {% if eq (index .Annotations "linkerd.io/inject") "enabled" %} - - name: LINKERD - value: true - # Reference: https://linkerd.io/2.13/reference/proxy-configuration/ - - name: LINKERD_PROXY_UID - value: {% if index .Annotations "config.linkerd.io/proxy-uid" %}"{% index .Annotations "config.linkerd.io/proxy-uid" %}"{% else %}"2102"{% end %} - # Due to https://github.com/linkerd/linkerd2/issues/10981 this is now not realy possible, still bringing in the code for future reference - - name: LINKERD_ADMIN_PORT - value: {% if index .Annotations "config.linkerd.io/admin-port" %}"{% index .Annotations "config.linkerd.io/admin-port" %}"{% else %}"4191"{% end %} - {% end %} - securityContext: - allowPrivilegeEscalation: false - capabilities: - add: - - NET_ADMIN - - NET_RAW - privileged: false - readOnlyRootFilesystem: true - runAsNonRoot: false - runAsUser: 0 - seccompProfile: - type: RuntimeDefault - volumeMounts: - # This is required for iptables to be able to run - - mountPath: /run - name: http-header-proxy-init-xtables-lock - - containers: - - name: http-header-proxy - image: "{{ include "http-header-injector.image.registry" (merge $proxyContainerConfig .) }}/{{ .Values.proxy.image.repository }}:{{ .Values.proxy.image.tag }}" - imagePullPolicy: {{ .Values.proxy.image.pullPolicy }} - env: - - name: CHART_VERSION - value: "{{ .Chart.Version }}" - - name: PORT - value: {% if index .Annotations "config.http-header-injector.stackstate.io/proxy-port" %}"{% index .Annotations "config.http-header-injector.stackstate.io/proxy-port" %}"{% else %}"7060"{% end %} - - name: DEBUG - value: {% if index .Annotations "config.http-header-injector.stackstate.io/debug" %}"{% index .Annotations "config.http-header-injector.stackstate.io/debug" %}"{% else %}"disabled"{% end %} - securityContext: - runAsUser: {% if index .Annotations "config.http-header-injector.stackstate.io/proxy-uid" %}{% index .Annotations "config.http-header-injector.stackstate.io/proxy-uid" %}{% else %}2103{% end %} - seccompProfile: - type: RuntimeDefault - {{- with .Values.proxy.resources }} - resources: - {{- toYaml . | nindent 12 }} - {{- end }} - - name: http-header-inject-debug - image: "{{ include "http-header-injector.image.registry" (merge $proxyContainerConfig .) }}/{{ .Values.proxyInit.image.repository }}:{{ .Values.proxyInit.image.tag }}" - imagePullPolicy: {{ .Values.proxyInit.image.pullPolicy }} - command: ["/bin/sh", "-c", "while echo \"Running\"; do sleep 1; done"] - securityContext: - allowPrivilegeEscalation: false - capabilities: - add: - - NET_ADMIN - - NET_RAW - privileged: false - readOnlyRootFilesystem: true - runAsNonRoot: false - runAsUser: 0 - seccompProfile: - type: RuntimeDefault - volumeMounts: - # This is required for iptables to be able to run - - mountPath: /run - name: http-header-proxy-init-xtables-lock - - volumes: - - emptyDir: {} - name: http-header-proxy-init-xtables-lock - - mutationconfig.yaml: | - mutationConfigs: - - name: "http-header-injector" - annotationNamespace: "http-header-injector.stackstate.io" - annotationTrigger: "inject" - annotationConfig: - volumeMounts: [] - initContainersBeforePodInitContainers: [ "http-header-proxy-init" ] - initContainers: [ "http-header-proxy-init" ] - containers: [ "http-header-proxy" ] - volumes: [ "http-header-proxy-init-xtables-lock" ] - volumeMounts: [ ] - # Namespaces are ignored by the mutatingwebhook - ignoreNamespaces: [ ] - - name: "http-header-injector-debug" - annotationNamespace: "http-header-injector-debug.stackstate.io" - annotationTrigger: "inject" - annotationConfig: - volumeMounts: [] - initContainersBeforePodInitContainers: [ ] - initContainers: [ ] - containers: [ "http-header-inject-debug" ] - volumes: [ "http-header-proxy-init-xtables-lock" ] - volumeMounts: [ ] - # Namespaces are ignored by the mutatingwebhook - ignoreNamespaces: [ ] - {{- end -}} \ No newline at end of file diff --git a/charts/stackstate/stackstate-k8s-agent/1.0.88/charts/http-header-injector/templates/webhook-deployment.yaml b/charts/stackstate/stackstate-k8s-agent/1.0.88/charts/http-header-injector/templates/webhook-deployment.yaml deleted file mode 100644 index 8af6ff51a..000000000 --- a/charts/stackstate/stackstate-k8s-agent/1.0.88/charts/http-header-injector/templates/webhook-deployment.yaml +++ /dev/null @@ -1,61 +0,0 @@ -{{- if .Values.enabled -}} -{{- $containerConfig := dict "ContainerConfig" .Values.sidecarInjector -}} -apiVersion: apps/v1 -kind: Deployment -metadata: - labels: - app.kubernetes.io/component: http-header-injector - app.kubernetes.io/instance: {{ .Release.Name }} - app.kubernetes.io/name: {{ include "http-header-injector.app.name" . }} - app: "{{ include "http-header-injector.app.name" . }}" -{{ include "http-header-injector.global.extraLabels" . | indent 4 }} - annotations: -{{ include "http-header-injector.global.extraAnnotations" . | indent 4 }} - name: "{{ include "http-header-injector.app.name" . }}" -spec: - replicas: 1 - selector: - matchLabels: - app: "{{ include "http-header-injector.app.name" . }}" - template: - metadata: - labels: - app.kubernetes.io/component: http-header-injector - app.kubernetes.io/instance: {{ .Release.Name }} - app.kubernetes.io/name: {{ include "http-header-injector.app.name" . }} - app: "{{ include "http-header-injector.app.name" . }}" -{{ include "http-header-injector.global.extraLabels" . | indent 8 }} - annotations: - checksum/config: {{ include (print $.Template.BasePath "/webhook-config.yaml") . | sha256sum }} - # This is here to make sure the generic injector gets restarted and picks up a new secret that may have been generated upon upgrade. - revision: "{{ .Release.Revision }}" -{{ include "http-header-injector.global.extraAnnotations" . | indent 8 }} - name: "{{ include "http-header-injector.app.name" . }}" - spec: - {{- include "http-header-injector.image.pullSecrets" . | nindent 6 }} - volumes: - - name: "{{ include "http-header-injector.webhook-config.name" . }}" - configMap: - name: "{{ include "http-header-injector.webhook-config.name" . }}" - - name: "{{ include "http-header-injector.cert-secret.name" . }}" - secret: - secretName: "{{ include "http-header-injector.cert-secret.name" . }}" - containers: - - image: "{{ include "http-header-injector.image.registry" (merge $containerConfig .) }}/{{ .Values.sidecarInjector.image.repository }}:{{ .Values.sidecarInjector.image.tag }}" - imagePullPolicy: {{ .Values.sidecarInjector.image.pullPolicy }} - name: http-header-injector - volumeMounts: - - name: "{{ include "http-header-injector.webhook-config.name" . }}" - mountPath: /etc/webhook/config - readOnly: true - - name: "{{ include "http-header-injector.cert-secret.name" . }}" - mountPath: /etc/webhook/certs - readOnly: true - command: [ "/sidecarinjector" ] - args: - - --port=8443 - - --sidecar-config-file=/etc/webhook/config/sidecarconfig.yaml - - --mutation-config-file=/etc/webhook/config/mutationconfig.yaml - - --cert-file-path=/etc/webhook/certs/tls.crt - - --key-file-path=/etc/webhook/certs/tls.key -{{- end -}} \ No newline at end of file diff --git a/charts/stackstate/stackstate-k8s-agent/1.0.88/charts/http-header-injector/templates/webhook-mutatingwebhookconfiguration.yaml b/charts/stackstate/stackstate-k8s-agent/1.0.88/charts/http-header-injector/templates/webhook-mutatingwebhookconfiguration.yaml deleted file mode 100644 index de0acc1df..000000000 --- a/charts/stackstate/stackstate-k8s-agent/1.0.88/charts/http-header-injector/templates/webhook-mutatingwebhookconfiguration.yaml +++ /dev/null @@ -1,54 +0,0 @@ -{{- if not (eq .Values.webhook.tls.mode "generated") }} -apiVersion: admissionregistration.k8s.io/v1 -kind: MutatingWebhookConfiguration -metadata: - name: "{{ include "http-header-injector.mutating-webhook.name" . }}" - namespace: "{{ .Release.Namespace }}" - labels: - app.kubernetes.io/component: http-header-injector - app.kubernetes.io/instance: {{ .Release.Name }} - app.kubernetes.io/name: {{ include "http-header-injector.app.name" . }} -{{ include "http-header-injector.global.extraLabels" . | indent 4 }} - annotations: - {{- if eq .Values.webhook.tls.mode "cert-manager" }} - cert-manager.io/inject-ca-from: {{ include "cert-manager.certificate.namespace" . }}/{{ include "http-header-injector.webhook-service.name" . }} - {{- else if eq .Values.webhook.tls.mode "secret" }} - cert-manager.io/inject-ca-from-secret: {{ .Release.Namespace }}/{{ .Values.webhook.tls.secret.name | required "'webhook.tls.secret.name' is required when webhook.tls.mode is 'secret'" }} - {{- end }} -{{ include "http-header-injector.global.extraAnnotations" . | indent 4 }} -webhooks: - - clientConfig: - {{- if eq .Values.webhook.tls.mode "provided" }} - caBundle: "{{ .Values.webhook.tls.provided.caBundle | b64enc }}" - {{- else if or (eq .Values.webhook.tls.mode "cert-manager") (eq .Values.webhook.tls.mode "secret") }} - caBundle: "" - {{- end }} - service: - name: "{{ include "http-header-injector.webhook-service.name" . }}" - path: /mutate - namespace: {{ .Release.Namespace }} - port: 8443 - # Putting failure on ignore, not doing so can crash the entire control plane if something goes wrong with the service. - failurePolicy: "{{ .Values.webhook.failurePolicy }}" - name: "{{ include "http-header-injector.mutatingwebhookconfiguration.name" . }}" - namespaceSelector: - matchExpressions: - - key: kubernetes.io/metadata.name - operator: NotIn - values: - - kube-system - - cert-manager - - {{ .Release.Namespace }} - rules: - - apiGroups: - - "" - apiVersions: - - v1 - operations: - - CREATE - resources: - - pods - sideEffects: None - admissionReviewVersions: - - v1 -{{- end }} diff --git a/charts/stackstate/stackstate-k8s-agent/1.0.88/charts/http-header-injector/templates/webhook-service.yaml b/charts/stackstate/stackstate-k8s-agent/1.0.88/charts/http-header-injector/templates/webhook-service.yaml deleted file mode 100644 index 55abdb022..000000000 --- a/charts/stackstate/stackstate-k8s-agent/1.0.88/charts/http-header-injector/templates/webhook-service.yaml +++ /dev/null @@ -1,20 +0,0 @@ -{{- if .Values.enabled -}} -apiVersion: v1 -kind: Service -metadata: - labels: - app.kubernetes.io/component: http-header-injector - app.kubernetes.io/instance: {{ .Release.Name }} - app.kubernetes.io/name: {{ include "http-header-injector.app.name" . }} -{{ include "http-header-injector.global.extraLabels" . | indent 4 }} - annotations: -{{ include "http-header-injector.global.extraAnnotations" . | indent 4 }} - name: "{{ include "http-header-injector.webhook-service.name" . }}" -spec: - ports: - - port: 8443 - protocol: TCP - targetPort: 8443 - selector: - app: "{{ include "http-header-injector.app.name" . }}" -{{- end -}} diff --git a/charts/stackstate/stackstate-k8s-agent/1.0.88/charts/http-header-injector/values.yaml b/charts/stackstate/stackstate-k8s-agent/1.0.88/charts/http-header-injector/values.yaml deleted file mode 100644 index a1b4be2fc..000000000 --- a/charts/stackstate/stackstate-k8s-agent/1.0.88/charts/http-header-injector/values.yaml +++ /dev/null @@ -1,110 +0,0 @@ -# enabled -- Enable/disable the mutationwebhook -enabled: true - -# debug -- Enable debugging. This will leave leave artifacts around like the prehook jobs for further inspection -debug: false - -global: - # global.imageRegistry -- Globally override the image registry that is used. Can be overridden by specific containers. Defaults to quay.io - imageRegistry: null - # global.imagePullSecrets -- Globally add image pull secrets that are used. - imagePullSecrets: [] - # global.imagePullCredentials -- Globally define credentials for pulling images. - imagePullCredentials: {} - - # global.extraLabels -- Extra labels added ta all resources created by the helm chart - extraLabels: {} - # global.extraAnnotations -- Extra annotations added ta all resources created by the helm chart - extraAnnotations: {} - -images: - pullSecretName: - -# proxy -- Proxy being injected into pods for rewriting http headers -proxy: - image: - # proxy.image.registry -- Registry for the docker image. - registry: - # proxy.image.repository - Repository for the docker image - repository: "stackstate/http-header-injector-proxy" - # proxy.image.pullPolicy -- Policy when pulling an image - pullPolicy: IfNotPresent - # proxy.image.tag -- The tag for the docker image - tag: sha-5ff79451 - - # proxy.resource -- Resources for the proxy container - resources: - requests: - # proxy.resources.requests.memory -- Memory resource requests. - memory: "25Mi" - limits: - # proxy.resources.limits.memory -- Memory resource limits. - memory: "40Mi" - -# proxyInit -- InitContainer within pod which redirects traffic to the proxy container. -proxyInit: - image: - # proxyInit.image.registry -- Registry for the docker image - registry: - # proxyInit.image.repository - Repository for the docker image - repository: "stackstate/http-header-injector-proxy-init" - # proxyInit.image.pullPolicy -- Policy when pulling an image - pullPolicy: IfNotPresent - # proxyInit.image.tag -- The tag for the docker image - tag: sha-5ff79451 - -# sidecarInjector -- Service for injecting the proxy sidecar into pods -sidecarInjector: - image: - # sidecarInjector.image.registry -- Registry for the docker image. - registry: - # sidecarInjector.image.repository - Repository for the docker image - repository: "stackstate/generic-sidecar-injector" - # sidecarInjector.image.pullPolicy -- Policy when pulling an image - pullPolicy: IfNotPresent - # sidecarInjector.image.tag -- The tag for the docker image - tag: sha-9c852245 - -# certificatePrehook -- Helm prehook to setup/remove a certificate for the sidecarInjector mutationwebhook -certificatePrehook: - image: - # certificatePrehook.image.registry -- Registry for the docker image. - registry: - # certificatePrehook.image.repository - Repository for the docker image. - repository: stackstate/container-tools - # certificatePrehook.image.pullPolicy -- Policy when pulling an image - pullPolicy: IfNotPresent - # certificatePrehook.image.tag -- The tag for the docker image - tag: 1.4.0 - resources: - limits: - cpu: "100m" - memory: "200Mi" - requests: - cpu: "100m" - memory: "200Mi" - -# webhook -- MutationWebhook that will be installed to inject a sidecar into pods -webhook: - # webhook.failurePolicy -- How should the webhook fail? Best is to use Ignore, because there is a brief moment at initialization when the hook s there but the service not. Also, putting this to fail can cause the control plane be unresponsive. - failurePolicy: Ignore - tls: - # webhook.tls.mode -- The mode for the webhook. Can be "provided", "generated", "secret" or "cert-manager". If you want to use cert-manager, you need to install it first. NOTE: If you choose "generated", additional privileges are required to create the certificate and webhook at runtime. - mode: "generated" - provided: - # webhook.tls.provided.caBundle -- The caBundle that is used for the webhook. This is the certificate that is used to sign the webhook. Only used if you set webhook.tls.mode to "provided". - caBundle: "" - # webhook.tls.provided.crt -- The certificate that is used for the webhook. Only used if you set webhook.tls.mode to "provided". - crt: "" - # webhook.tls.provided.key -- The key that is used for the webhook. Only used if you set webhook.tls.mode to "provided". - key: "" - certManager: - # webhook.tls.certManager.issuer -- The issuer that is used for the webhook. Only used if you set webhook.tls.mode to "cert-manager". - issuer: "" - # webhook.tls.certManager.issuerKind -- The issuer kind that is used for the webhook, valid values are "Issuer" or "ClusterIssuer". Only used if you set webhook.tls.mode to "cert-manager". - issuerKind: "ClusterIssuer" - # webhook.tls.certManager.issuerNamespace -- The namespace the cert-manager issuer is located in. If left empty defaults to the release's namespace that is used for the webhook. Only used if you set webhook.tls.mode to "cert-manager". - issuerNamespace: "" - secret: - # webhook.tls.secret.name -- The name of the secret containing the pre-provisioned certificate data that is used for the webhook. Only used if you set webhook.tls.mode to "secret". - name: "" diff --git a/charts/stackstate/stackstate-k8s-agent/1.0.88/questions.yml b/charts/stackstate/stackstate-k8s-agent/1.0.88/questions.yml deleted file mode 100644 index 5d6e6a011..000000000 --- a/charts/stackstate/stackstate-k8s-agent/1.0.88/questions.yml +++ /dev/null @@ -1,184 +0,0 @@ -questions: - - variable: stackstate.apiKey - label: "StackState API Key" - type: string - description: "The API key for StackState." - required: true - group: General - - variable: stackstate.url - label: "StackState URL" - type: string - description: "The URL where StackState is running." - required: true - group: General - - variable: stackstate.cluster.name - label: "StackState Cluster Name" - type: string - description: "The StackState Cluster Name given when installing the instance of the Kubernetes StackPack in StackState. This is used to identify the cluster in StackState." - required: true - group: General - - variable: all.registry.override - label: "Override Default Image Registry" - type: boolean - description: "Whether or not to override the default image registry." - default: false - group: "General" - show_subquestions_if: true - subquestions: - - variable: all.image.registry - label: "Docker Image Registry" - type: string - description: "The registry to pull the StackState Agent images from." - default: "quay.io" - - variable: global.imagePullCredentials.username - label: "Docker Image Pull Username" - type: string - description: "The username to use when pulling the StackState Agent images." - - variable: global.imagePullCredentials.password - label: "Docker Image Pull Password" - type: secret - description: "The password to use when pulling the StackState Agent images." - - variable: nodeAgent.containers.agent.resources.override - label: "Override Node Agent Resource Allocation" - type: boolean - description: "Whether or not to override the default resources." - default: "false" - group: "Node Agent" - show_subquestions_if: true - subquestions: - - variable: nodeAgent.containers.agent.resources.requests.cpu - label: "CPU Requests" - type: string - description: "The requested CPU for the Node Agent." - default: "20m" - - variable: nodeAgent.containers.agent.resources.requests.memory - label: "Memory Requests" - type: string - description: "The requested memory for the Node Agent." - default: "180Mi" - - variable: nodeAgent.containers.agent.resources.limits.cpu - label: "CPU Limit" - type: string - description: "The CPU limit for the Node Agent." - default: "270m" - - variable: nodeAgent.containers.agent.resources.limits.memory - label: "Memory Limit" - type: string - description: "The memory limit for the Node Agent." - default: "420Mi" - - variable: nodeAgent.containers.processAgent.enabled - label: "Enable Process Agent" - type: boolean - description: "Whether or not to enable the Process Agent." - default: "true" - group: "Process Agent" - - variable: nodeAgent.skipKubeletTLSVerify - label: "Skip Kubelet TLS Verify" - type: boolean - description: "Whether or not to skip TLS verification when connecting to the kubelet API." - default: "true" - group: "Process Agent" - - variable: nodeAgent.containers.processAgent.resources.override - label: "Override Process Agent Resource Allocation" - type: boolean - description: "Whether or not to override the default resources." - default: "false" - group: "Process Agent" - show_subquestions_if: true - subquestions: - - variable: nodeAgent.containers.processAgent.resources.requests.cpu - label: "CPU Requests" - type: string - description: "The requested CPU for the Process Agent." - default: "25m" - - variable: nodeAgent.containers.processAgent.resources.requests.memory - label: "Memory Requests" - type: string - description: "The requested memory for the Process Agent." - default: "128Mi" - - variable: nodeAgent.containers.processAgent.resources.limits.cpu - label: "CPU Limit" - type: string - description: "The CPU limit for the Process Agent." - default: "125m" - - variable: nodeAgent.containers.processAgent.resources.limits.memory - label: "Memory Limit" - type: string - description: "The memory limit for the Process Agent." - default: "400Mi" - - variable: clusterAgent.enabled - label: "Enable Cluster Agent" - type: boolean - description: "Whether or not to enable the Cluster Agent." - default: "true" - group: "Cluster Agent" - - variable: clusterAgent.collection.kubernetesResources.secrets - label: "Collect Secret Resources" - type: boolean - description: | - Whether or not to collect Kubernetes Secrets. - NOTE: StackState will not send the actual data of the secrets, only the metadata and a secure hash of the data. - default: "true" - group: "Cluster Agent" - - variable: clusterAgent.resources.override - label: "Override Cluster Agent Resource Allocation" - type: boolean - description: "Whether or not to override the default resources." - default: "false" - group: "Cluster Agent" - show_subquestions_if: true - subquestions: - - variable: clusterAgent.resources.requests.cpu - label: "CPU Requests" - type: string - description: "The requested CPU for the Cluster Agent." - default: "70m" - - variable: clusterAgent.resources.requests.memory - label: "Memory Requests" - type: string - description: "The requested memory for the Cluster Agent." - default: "512Mi" - - variable: clusterAgent.resources.limits.cpu - label: "CPU Limit" - type: string - description: "The CPU limit for the Cluster Agent." - default: "400m" - - variable: clusterAgent.resources.limits.memory - label: "Memory Limit" - type: string - description: "The memory limit for the Cluster Agent." - default: "800Mi" - - variable: logsAgent.enabled - label: "Enable Logs Agent" - type: boolean - description: "Whether or not to enable the Logs Agent." - default: "true" - group: "Logs Agent" - - variable: logsAgent.resources.override - label: "Override Logs Agent Resource Allocation" - type: boolean - description: "Whether or not to override the default resources." - default: "false" - group: "Logs Agent" - show_subquestions_if: true - subquestions: - - variable: logsAgent.resources.requests.cpu - label: "CPU Requests" - type: string - description: "The requested CPU for the Logs Agent." - default: "20m" - - variable: logsAgent.resources.requests.memory - label: "Memory Requests" - type: string - description: "The requested memory for the Logs Agent." - default: "100Mi" - - variable: logsAgent.resources.limits.cpu - label: "CPU Limit" - type: string - description: "The CPU limit for the Logs Agent." - default: "1300m" - - variable: logsAgent.resources.limits.memory - label: "Memory Limit" - type: string - description: "The memory limit for the Logs Agent." - default: "192Mi" diff --git a/charts/stackstate/stackstate-k8s-agent/1.0.88/templates/_cluster-agent-kube-state-metrics.yaml b/charts/stackstate/stackstate-k8s-agent/1.0.88/templates/_cluster-agent-kube-state-metrics.yaml deleted file mode 100644 index f99fbf618..000000000 --- a/charts/stackstate/stackstate-k8s-agent/1.0.88/templates/_cluster-agent-kube-state-metrics.yaml +++ /dev/null @@ -1,62 +0,0 @@ -{{- define "cluster-agent-kube-state-metrics" -}} -{{- $kubeRes := .Values.clusterAgent.collection.kubernetesResources }} -{{- if .Values.clusterAgent.collection.kubeStateMetrics.clusterCheck }} -cluster_check: true -{{- end }} -init_config: -instances: - - collectors: - - nodes - - pods - - services - {{- if $kubeRes.persistentvolumeclaims }} - - persistentvolumeclaims - {{- end }} - {{- if $kubeRes.persistentvolumes }} - - persistentvolumes - {{- end }} - {{- if $kubeRes.namespaces }} - - namespaces - {{- end }} - {{- if $kubeRes.endpoints }} - - endpoints - {{- end }} - {{- if $kubeRes.daemonsets }} - - daemonsets - {{- end }} - {{- if $kubeRes.deployments }} - - deployments - {{- end }} - {{- if $kubeRes.replicasets }} - - replicasets - {{- end }} - {{- if $kubeRes.statefulsets }} - - statefulsets - {{- end }} - {{- if $kubeRes.cronjobs }} - - cronjobs - {{- end }} - {{- if $kubeRes.jobs }} - - jobs - {{- end }} - {{- if $kubeRes.ingresses }} - - ingresses - {{- end }} - {{- if $kubeRes.secrets }} - - secrets - {{- end }} - - resourcequotas - - replicationcontrollers - - limitranges - - horizontalpodautoscalers - - poddisruptionbudgets - - storageclasses - - volumeattachments - {{- if .Values.clusterAgent.collection.kubeStateMetrics.clusterCheck }} - skip_leader_election: true - {{- end }} - labels_as_tags: - {{ .Values.clusterAgent.collection.kubeStateMetrics.labelsAsTags | toYaml | indent 8 }} - annotations_as_tags: - {{ .Values.clusterAgent.collection.kubeStateMetrics.annotationsAsTags | toYaml | indent 8 }} -{{- end -}} diff --git a/charts/stackstate/stackstate-k8s-agent/1.0.88/templates/_container-agent.yaml b/charts/stackstate/stackstate-k8s-agent/1.0.88/templates/_container-agent.yaml deleted file mode 100644 index 09f9591c6..000000000 --- a/charts/stackstate/stackstate-k8s-agent/1.0.88/templates/_container-agent.yaml +++ /dev/null @@ -1,191 +0,0 @@ -{{- define "container-agent" -}} -- name: node-agent -{{- if .Values.all.hardening.enabled}} - lifecycle: - preStop: - exec: - command: [ "/bin/sh", "-c", "echo 'Giving slim.ai monitor time to submit data...'; sleep 120" ] -{{- end }} - image: "{{ include "stackstate-k8s-agent.imageRegistry" . }}/{{ .Values.nodeAgent.containers.agent.image.repository }}:{{ .Values.nodeAgent.containers.agent.image.tag }}" - imagePullPolicy: "{{ .Values.nodeAgent.containers.agent.image.pullPolicy }}" - env: - {{ include "stackstate-k8s-agent.apiKeyEnv" . | nindent 4 }} - - name: STS_KUBERNETES_KUBELET_HOST - valueFrom: - fieldRef: - fieldPath: status.hostIP - - name: KUBERNETES_HOSTNAME - valueFrom: - fieldRef: - fieldPath: spec.nodeName - - name: STS_HOSTNAME - value: "$(KUBERNETES_HOSTNAME)-{{ .Values.stackstate.cluster.name}}" - - name: AGENT_VERSION - value: {{ .Values.nodeAgent.containers.agent.image.tag | quote }} - - name: HOST_PROC - value: "/host/proc" - - name: HOST_SYS - value: "/host/sys" - - name: KUBERNETES - value: "true" - - name: STS_APM_ENABLED - value: {{ .Values.nodeAgent.apm.enabled | quote }} - - name: STS_APM_URL - value: {{ include "stackstate-k8s-agent.stackstate.url" . }} - - name: STS_CLUSTER_AGENT_ENABLED - value: {{ .Values.clusterAgent.enabled | quote }} - {{- if .Values.clusterAgent.enabled }} - - name: STS_CLUSTER_AGENT_KUBERNETES_SERVICE_NAME - value: {{ .Release.Name }}-cluster-agent - {{ include "stackstate-k8s-agent.clusterAgentAuthTokenEnv" . | nindent 4 }} - {{- end }} - - name: STS_CLUSTER_NAME - value: {{ .Values.stackstate.cluster.name | quote }} - - name: STS_SKIP_VALIDATE_CLUSTERNAME - value: "true" - - name: STS_CHECKS_TAG_CARDINALITY - value: {{ .Values.nodeAgent.checksTagCardinality | quote }} - {{- if .Values.checksAgent.enabled }} - - name: STS_EXTRA_CONFIG_PROVIDERS - value: "endpointschecks" - {{- end }} - - name: STS_HEALTH_PORT - value: "5555" - - name: STS_LEADER_ELECTION - value: "false" - - name: LOG_LEVEL - value: {{ .Values.nodeAgent.containers.agent.logLevel | default .Values.nodeAgent.logLevel | quote }} - - name: STS_LOG_LEVEL - value: {{ .Values.nodeAgent.containers.agent.logLevel | default .Values.nodeAgent.logLevel | quote }} - - name: STS_NETWORK_TRACING_ENABLED - value: {{ .Values.nodeAgent.networkTracing.enabled | quote }} - - name: STS_PROTOCOL_INSPECTION_ENABLED - value: {{ .Values.nodeAgent.protocolInspection.enabled | quote }} - - name: STS_PROCESS_AGENT_ENABLED - value: {{ .Values.nodeAgent.containers.agent.processAgent.enabled | quote }} - - name: STS_CONTAINER_CHECK_INTERVAL - value: {{ .Values.processAgent.checkIntervals.container | quote }} - - name: STS_CONNECTION_CHECK_INTERVAL - value: {{ .Values.processAgent.checkIntervals.connections | quote }} - - name: STS_PROCESS_CHECK_INTERVAL - value: {{ .Values.processAgent.checkIntervals.process | quote }} - - name: STS_PROCESS_AGENT_URL - value: {{ include "stackstate-k8s-agent.stackstate.url" . }} - - - name: STS_SKIP_SSL_VALIDATION - value: {{ or .Values.global.skipSslValidation .Values.nodeAgent.skipSslValidation | quote }} - - name: STS_SKIP_KUBELET_TLS_VERIFY - value: {{ .Values.nodeAgent.skipKubeletTLSVerify | quote }} - - name: STS_STS_URL - value: {{ include "stackstate-k8s-agent.stackstate.url" . }} - {{- if .Values.nodeAgent.containerRuntime.customSocketPath }} - - name: STS_CRI_SOCKET_PATH - value: {{ .Values.nodeAgent.containerRuntime.customSocketPath }} - {{- end }} - {{- if .Values.global.proxy.url }} - - name: STS_PROXY_HTTPS - value: {{ .Values.global.proxy.url | quote }} - - name: STS_PROXY_HTTP - value: {{ .Values.global.proxy.url | quote }} - {{- end }} - {{- range $key, $value := .Values.global.extraEnv.open }} - - name: {{ $key }} - value: {{ $value | quote }} - {{- end }} - {{- range $key, $value := .Values.global.extraEnv.secret }} - - name: {{ $key }} - valueFrom: - secretKeyRef: - name: {{ include "stackstate-k8s-agent.fullname" . }} - key: {{ $key }} - {{- end }} - {{- range $key, $value := .Values.nodeAgent.containers.agent.env }} - - name: {{ $key }} - value: {{ $value | quote }} - {{- end }} - {{- if .Values.nodeAgent.containers.agent.livenessProbe.enabled }} - livenessProbe: - httpGet: - path: /health - port: healthport - failureThreshold: {{ .Values.nodeAgent.containers.agent.livenessProbe.failureThreshold }} - initialDelaySeconds: {{ .Values.nodeAgent.containers.agent.livenessProbe.initialDelaySeconds }} - periodSeconds: {{ .Values.nodeAgent.containers.agent.livenessProbe.periodSeconds }} - successThreshold: {{ .Values.nodeAgent.containers.agent.livenessProbe.successThreshold }} - timeoutSeconds: {{ .Values.nodeAgent.containers.agent.livenessProbe.timeoutSeconds }} - {{- end }} - {{- if .Values.nodeAgent.containers.agent.readinessProbe.enabled }} - readinessProbe: - httpGet: - path: /health - port: healthport - failureThreshold: {{ .Values.nodeAgent.containers.agent.readinessProbe.failureThreshold }} - initialDelaySeconds: {{ .Values.nodeAgent.containers.agent.readinessProbe.initialDelaySeconds }} - periodSeconds: {{ .Values.nodeAgent.containers.agent.readinessProbe.periodSeconds }} - successThreshold: {{ .Values.nodeAgent.containers.agent.readinessProbe.successThreshold }} - timeoutSeconds: {{ .Values.nodeAgent.containers.agent.readinessProbe.timeoutSeconds }} - {{- end }} - ports: - - containerPort: 8126 - name: traceport - protocol: TCP - - containerPort: 5555 - name: healthport - protocol: TCP - {{- with .Values.nodeAgent.containers.agent.resources }} - resources: - {{- toYaml . | nindent 12 }} - {{- end }} - volumeMounts: - {{- if .Values.nodeAgent.containerRuntime.customSocketPath }} - - name: customcrisocket - mountPath: {{ .Values.nodeAgent.containerRuntime.customSocketPath }} - readOnly: true - {{- end }} - - name: crisocket - mountPath: /var/run/crio/crio.sock - readOnly: true - - name: containerdsocket - mountPath: /var/run/containerd/containerd.sock - readOnly: true - - name: kubelet - mountPath: /var/lib/kubelet - readOnly: true - - name: nfs - mountPath: /var/lib/nfs - readOnly: true - - name: dockersocket - mountPath: /var/run/docker.sock - readOnly: true - - name: dockernetns - mountPath: /run/docker/netns - readOnly: true - - name: dockeroverlay2 - mountPath: /var/lib/docker/overlay2 - readOnly: true - - name: procdir - mountPath: /host/proc - readOnly: true - - name: cgroups - mountPath: /host/sys/fs/cgroup - readOnly: true - {{- if .Values.nodeAgent.config.override }} - {{- range .Values.nodeAgent.config.override }} - - name: config-override-volume - mountPath: {{ .path }}/{{ .name }} - subPath: {{ .path | replace "/" "_"}}_{{ .name }} - readOnly: true - {{- end }} - {{- end }} -{{- if .Values.all.hardening.enabled}} - securityContext: - privileged: true - runAsUser: 0 # root - capabilities: - add: [ "ALL" ] - readOnlyRootFilesystem: false -{{- else }} - securityContext: - privileged: false -{{- end }} -{{- end -}} diff --git a/charts/stackstate/stackstate-k8s-agent/1.0.88/templates/_container-process-agent.yaml b/charts/stackstate/stackstate-k8s-agent/1.0.88/templates/_container-process-agent.yaml deleted file mode 100644 index 893f11581..000000000 --- a/charts/stackstate/stackstate-k8s-agent/1.0.88/templates/_container-process-agent.yaml +++ /dev/null @@ -1,160 +0,0 @@ -{{- define "container-process-agent" -}} -- name: process-agent -{{ if .Values.nodeAgent.containers.processAgent.image.registry }} - image: "{{ .Values.nodeAgent.containers.processAgent.image.registry }}/{{ .Values.nodeAgent.containers.processAgent.image.repository }}:{{ .Values.nodeAgent.containers.processAgent.image.tag }}" -{{ else }} - image: "{{ include "stackstate-k8s-agent.imageRegistry" . }}/{{ .Values.nodeAgent.containers.processAgent.image.repository }}:{{ .Values.nodeAgent.containers.processAgent.image.tag }}" -{{- end }} - imagePullPolicy: "{{ .Values.nodeAgent.containers.processAgent.image.pullPolicy }}" - ports: - - containerPort: 6063 - env: - {{ include "stackstate-k8s-agent.apiKeyEnv" . | nindent 4 }} - - name: STS_KUBERNETES_KUBELET_HOST - valueFrom: - fieldRef: - fieldPath: status.hostIP - - name: KUBERNETES_HOSTNAME - valueFrom: - fieldRef: - fieldPath: spec.nodeName - - name: STS_HOSTNAME - value: "$(KUBERNETES_HOSTNAME)-{{ .Values.stackstate.cluster.name}}" - - name: AGENT_VERSION - value: {{ .Values.nodeAgent.containers.processAgent.image.tag | quote }} - - name: STS_LOG_TO_CONSOLE - value: "true" - - name: HOST_PROC - value: "/host/proc" - - name: HOST_SYS - value: "/host/sys" - - name: HOST_ETC - value: "/host/etc" - - name: KUBERNETES - value: "true" - - name: STS_CLUSTER_AGENT_ENABLED - value: {{ .Values.clusterAgent.enabled | quote }} - {{- if .Values.clusterAgent.enabled }} - - name: STS_CLUSTER_AGENT_KUBERNETES_SERVICE_NAME - value: {{ .Release.Name }}-cluster-agent - {{ include "stackstate-k8s-agent.clusterAgentAuthTokenEnv" . | nindent 4 }} - {{- end }} - - name: STS_CLUSTER_NAME - value: {{ .Values.stackstate.cluster.name | quote }} - - name: STS_SKIP_VALIDATE_CLUSTERNAME - value: "true" - - name: LOG_LEVEL - value: {{ .Values.nodeAgent.containers.processAgent.logLevel | default .Values.nodeAgent.logLevel | quote }} - - name: STS_LOG_LEVEL - value: {{ .Values.nodeAgent.containers.processAgent.logLevel | default .Values.nodeAgent.logLevel | quote }} - - name: STS_NETWORK_TRACING_ENABLED - value: {{ .Values.nodeAgent.networkTracing.enabled | quote }} - - name: STS_PROTOCOL_INSPECTION_ENABLED - value: {{ .Values.nodeAgent.protocolInspection.enabled | quote }} - - name: STS_PROCESS_AGENT_ENABLED - value: {{ .Values.nodeAgent.containers.processAgent.enabled | quote }} - - name: STS_CONTAINER_CHECK_INTERVAL - value: {{ .Values.processAgent.checkIntervals.container | quote }} - - name: STS_CONNECTION_CHECK_INTERVAL - value: {{ .Values.processAgent.checkIntervals.connections | quote }} - - name: STS_PROCESS_CHECK_INTERVAL - value: {{ .Values.processAgent.checkIntervals.process | quote }} - - name: GOMEMLIMIT - value: {{ .Values.processAgent.softMemoryLimit.goMemLimit | quote }} - - name: STS_HTTP_STATS_BUFFER_SIZE - value: {{ .Values.processAgent.softMemoryLimit.httpStatsBufferSize | quote }} - - name: STS_HTTP_OBSERVATIONS_BUFFER_SIZE - value: {{ .Values.processAgent.softMemoryLimit.httpObservationsBufferSize | quote }} - - name: STS_PROCESS_AGENT_URL - value: {{ include "stackstate-k8s-agent.stackstate.url" . }} - - name: STS_SKIP_SSL_VALIDATION - value: {{ or .Values.global.skipSslValidation .Values.nodeAgent.skipSslValidation | quote }} - - name: STS_SKIP_KUBELET_TLS_VERIFY - value: {{ .Values.nodeAgent.skipKubeletTLSVerify | quote }} - - name: STS_STS_URL - value: {{ include "stackstate-k8s-agent.stackstate.url" . }} - - name: STS_HTTP_TRACING_ENABLED - value: {{ .Values.nodeAgent.httpTracing.enabled | quote }} - {{- if .Values.nodeAgent.containerRuntime.customSocketPath }} - - name: STS_CRI_SOCKET_PATH - value: {{ .Values.nodeAgent.containerRuntime.customSocketPath }} - {{- end }} - {{- if .Values.global.proxy.url }} - - name: STS_PROXY_HTTPS - value: {{ .Values.global.proxy.url | quote }} - - name: STS_PROXY_HTTP - value: {{ .Values.global.proxy.url | quote }} - {{- end }} - {{- range $key, $value := .Values.global.extraEnv.open }} - - name: {{ $key }} - value: {{ $value | quote }} - {{- end }} - {{- range $key, $value := .Values.global.extraEnv.secret }} - - name: {{ $key }} - valueFrom: - secretKeyRef: - name: {{ include "stackstate-k8s-agent.fullname" . }} - key: {{ $key }} - {{- end }} - {{- range $key, $value := .Values.nodeAgent.containers.processAgent.env }} - - name: {{ $key }} - value: {{ $value | quote }} - {{- end }} - {{- with .Values.nodeAgent.containers.processAgent.resources }} - resources: - {{- toYaml . | nindent 12 }} - {{- end }} - volumeMounts: - {{- if .Values.nodeAgent.containerRuntime.customSocketPath }} - - name: customcrisocket - mountPath: {{ .Values.nodeAgent.containerRuntime.customSocketPath }} - readOnly: true - {{- end }} - - name: crisocket - mountPath: /var/run/crio/crio.sock - readOnly: true - - name: containerdsocket - mountPath: /var/run/containerd/containerd.sock - readOnly: true - - name: sys-kernel-debug - mountPath: /sys/kernel/debug - # Having sys-kernel-debug as read only breaks specific monitors from receiving metrics - # readOnly: true - - name: dockersocket - mountPath: /var/run/docker.sock - readOnly: true - # The agent needs access to /etc to figure out what os it is running on. - - name: etcdir - mountPath: /host/etc - readOnly: true - - name: procdir - mountPath: /host/proc - # We have an agent option STS_DISABLE_BPF_JIT_HARDEN that write to /proc. this is a debug setting but if we want to use - # it, we have the option to make /proc writable. - readOnly: {{ .Values.nodeAgent.containers.processAgent.procVolumeReadOnly }} - - name: passwd - mountPath: /etc/passwd - readOnly: true - - name: cgroups - mountPath: /host/sys/fs/cgroup - readOnly: true - {{- if .Values.nodeAgent.config.override }} - {{- range .Values.nodeAgent.config.override }} - - name: config-override-volume - mountPath: {{ .path }}/{{ .name }} - subPath: {{ .path | replace "/" "_"}}_{{ .name }} - readOnly: true - {{- end }} - {{- end }} -{{- if .Values.all.hardening.enabled}} - securityContext: - privileged: true - runAsUser: 0 # root - capabilities: - add: [ "ALL" ] - readOnlyRootFilesystem: false -{{- else }} - securityContext: - privileged: true -{{- end }} -{{- end -}} diff --git a/charts/stackstate/stackstate-k8s-agent/1.0.88/templates/_helpers.tpl b/charts/stackstate/stackstate-k8s-agent/1.0.88/templates/_helpers.tpl deleted file mode 100644 index 3c51bc308..000000000 --- a/charts/stackstate/stackstate-k8s-agent/1.0.88/templates/_helpers.tpl +++ /dev/null @@ -1,219 +0,0 @@ -{{/* vim: set filetype=mustache: */}} -{{/* -Expand the name of the chart. -*/}} -{{- define "stackstate-k8s-agent.name" -}} -{{- default .Chart.Name .Values.nameOverride | trunc 63 | trimSuffix "-" -}} -{{- end -}} - -{{/* -Create a default fully qualified app name. -We truncate at 63 chars because some Kubernetes name fields are limited to this (by the DNS naming spec). -If release name contains chart name it will be used as a full name. -*/}} -{{- define "stackstate-k8s-agent.fullname" -}} -{{- if .Values.fullnameOverride -}} -{{- .Values.fullnameOverride | trunc 63 | trimSuffix "-" -}} -{{- else -}} -{{- $name := default .Chart.Name .Values.nameOverride -}} -{{- if contains $name .Release.Name -}} -{{- .Release.Name | trunc 63 | trimSuffix "-" -}} -{{- else -}} -{{- printf "%s-%s" .Release.Name $name | trunc 63 | trimSuffix "-" -}} -{{- end -}} -{{- end -}} -{{- end -}} - -{{/* -Create chart name and version as used by the chart label. -*/}} -{{- define "stackstate-k8s-agent.chart" -}} -{{- printf "%s-%s" .Chart.Name .Chart.Version | replace "+" "_" | trunc 63 | trimSuffix "-" -}} -{{- end -}} - -{{/* -Common labels -*/}} -{{- define "stackstate-k8s-agent.labels" -}} -app.kubernetes.io/name: {{ include "stackstate-k8s-agent.name" . }} -helm.sh/chart: {{ include "stackstate-k8s-agent.chart" . }} -app.kubernetes.io/instance: {{ .Release.Name }} -{{- if .Chart.AppVersion }} -app.kubernetes.io/version: {{ .Chart.AppVersion | quote }} -{{- end }} -app.kubernetes.io/managed-by: {{ .Release.Service }} -{{- end -}} - -{{/* -Cluster agent checksum annotations -*/}} -{{- define "stackstate-k8s-agent.checksum-configs" }} -checksum/secret: {{ include (print $.Template.BasePath "/secret.yaml") . | sha256sum }} -{{- end }} - -{{/* -StackState URL function -*/}} -{{- define "stackstate-k8s-agent.stackstate.url" -}} -{{ tpl .Values.stackstate.url . | quote }} -{{- end }} - -{{- define "stackstate-k8s-agent.configmap.override.checksum" -}} -{{- if .Values.clusterAgent.config.override }} -checksum/override-configmap: {{ include (print $.Template.BasePath "/cluster-agent-configmap.yaml") . | sha256sum }} -{{- end }} -{{- end }} - -{{- define "stackstate-k8s-agent.nodeAgent.configmap.override.checksum" -}} -{{- if .Values.nodeAgent.config.override }} -checksum/override-configmap: {{ include (print $.Template.BasePath "/node-agent-configmap.yaml") . | sha256sum }} -{{- end }} -{{- end }} - -{{- define "stackstate-k8s-agent.logsAgent.configmap.override.checksum" -}} -checksum/override-configmap: {{ include (print $.Template.BasePath "/logs-agent-configmap.yaml") . | sha256sum }} -{{- end }} - -{{- define "stackstate-k8s-agent.checksAgent.configmap.override.checksum" -}} -{{- if .Values.checksAgent.config.override }} -checksum/override-configmap: {{ include (print $.Template.BasePath "/checks-agent-configmap.yaml") . | sha256sum }} -{{- end }} -{{- end }} - - -{{/* -Return the image registry -*/}} -{{- define "stackstate-k8s-agent.imageRegistry" -}} - {{- if .Values.global }} - {{- .Values.global.imageRegistry | default .Values.all.image.registry -}} - {{- else -}} - {{- .Values.all.image.registry -}} - {{- end -}} -{{- end -}} - -{{/* -Renders a value that contains a template. -Usage: -{{ include "stackstate-k8s-agent.tplvalue.render" ( dict "value" .Values.path.to.the.Value "context" $) }} -*/}} -{{- define "stackstate-k8s-agent.tplvalue.render" -}} - {{- if typeIs "string" .value }} - {{- tpl .value .context }} - {{- else }} - {{- tpl (.value | toYaml) .context }} - {{- end }} -{{- end -}} - -{{- define "stackstate-k8s-agent.pull-secret.name" -}} -{{ include "stackstate-k8s-agent.fullname" . }}-pull-secret -{{- end -}} - -{{/* -Return the proper Docker Image Registry Secret Names evaluating values as templates -{{ include "stackstate-k8s-agent.image.pullSecrets" ( dict "images" (list .Values.path.to.the.image1, .Values.path.to.the.image2) "context" $) }} -*/}} -{{- define "stackstate-k8s-agent.image.pullSecrets" -}} - {{- $pullSecrets := list }} - {{- $context := .context }} - {{- if $context.Values.global }} - {{- range $context.Values.global.imagePullSecrets -}} - {{/* Is plain array of strings, compatible with all bitnami charts */}} - {{- $pullSecrets = append $pullSecrets (include "stackstate-k8s-agent.tplvalue.render" (dict "value" . "context" $context)) -}} - {{- end -}} - {{- end -}} - {{- range $context.Values.imagePullSecrets -}} - {{- $pullSecrets = append $pullSecrets (include "stackstate-k8s-agent.tplvalue.render" (dict "value" .name "context" $context)) -}} - {{- end -}} - {{- range .images -}} - {{- if .pullSecretName -}} - {{- $pullSecrets = append $pullSecrets (include "stackstate-k8s-agent.tplvalue.render" (dict "value" .pullSecretName "context" $context)) -}} - {{- end -}} - {{- end -}} - {{- $pullSecrets = append $pullSecrets (include "stackstate-k8s-agent.pull-secret.name" $context) -}} - {{- if (not (empty $pullSecrets)) -}} -imagePullSecrets: - {{- range $pullSecrets | uniq }} - - name: {{ . }} - {{- end }} - {{- end }} -{{- end -}} - -{{/* -Check whether the kubernetes-state-metrics configuration is overridden. If so, return 'true' else return nothing (which is false). -{{ include "stackstate-k8s-agent.kube-state-metrics.overridden" $ }} -*/}} -{{- define "stackstate-k8s-agent.kube-state-metrics.overridden" -}} -{{- if .Values.clusterAgent.config.override }} - {{- range $i, $val := .Values.clusterAgent.config.override }} - {{- if and (eq $val.name "conf.yaml") (eq $val.path "/etc/stackstate-agent/conf.d/kubernetes_state.d") }} -true - {{- end }} - {{- end }} -{{- end }} -{{- end -}} - -{{- define "stackstate-k8s-agent.nodeAgent.kube-state-metrics.overridden" -}} -{{- if .Values.nodeAgent.config.override }} - {{- range $i, $val := .Values.nodeAgent.config.override }} - {{- if and (eq $val.name "auto_conf.yaml") (eq $val.path "/etc/stackstate-agent/conf.d/kubernetes_state.d") }} -true - {{- end }} - {{- end }} -{{- end }} -{{- end -}} - -{{/* -Return the appropriate os label -*/}} -{{- define "label.os" -}} -{{- if semverCompare "^1.14-0" .Capabilities.KubeVersion.GitVersion -}} -kubernetes.io/os -{{- else -}} -beta.kubernetes.io/os -{{- end -}} -{{- end -}} - -{{/* -Returns a YAML with extra annotations -*/}} -{{- define "stackstate-k8s-agent.global.extraAnnotations" -}} -{{- with .Values.global.extraAnnotations }} -{{- toYaml . }} -{{- end }} -{{- end -}} - -{{/* -Returns a YAML with extra labels -*/}} -{{- define "stackstate-k8s-agent.global.extraLabels" -}} -{{- with .Values.global.extraLabels }} -{{- toYaml . }} -{{- end }} -{{- end -}} - -{{- define "stackstate-k8s-agent.apiKeyEnv" -}} -- name: STS_API_KEY - valueFrom: - secretKeyRef: -{{- if not .Values.stackstate.manageOwnSecrets }} - name: {{ include "stackstate-k8s-agent.fullname" . }} - key: sts-api-key -{{- else }} - name: {{ .Values.stackstate.customSecretName | quote }} - key: {{ .Values.stackstate.customApiKeySecretKey | quote }} -{{- end }} -{{- end -}} - -{{- define "stackstate-k8s-agent.clusterAgentAuthTokenEnv" -}} -- name: STS_CLUSTER_AGENT_AUTH_TOKEN - valueFrom: - secretKeyRef: -{{- if not .Values.stackstate.manageOwnSecrets }} - name: {{ include "stackstate-k8s-agent.fullname" . }} - key: sts-cluster-auth-token -{{- else }} - name: {{ .Values.stackstate.customSecretName | quote }} - key: {{ .Values.stackstate.customClusterAuthTokenSecretKey | quote }} -{{- end }} -{{- end -}} diff --git a/charts/stackstate/stackstate-k8s-agent/1.0.88/templates/checks-agent-clusterrolebinding.yaml b/charts/stackstate/stackstate-k8s-agent/1.0.88/templates/checks-agent-clusterrolebinding.yaml deleted file mode 100644 index 4fd0eadbc..000000000 --- a/charts/stackstate/stackstate-k8s-agent/1.0.88/templates/checks-agent-clusterrolebinding.yaml +++ /dev/null @@ -1,21 +0,0 @@ -{{- if .Values.checksAgent.enabled }} -apiVersion: rbac.authorization.k8s.io/v1 -kind: ClusterRoleBinding -metadata: - name: {{ .Release.Name }}-checks-agent - labels: -{{ include "stackstate-k8s-agent.labels" . | indent 4 }} -{{ include "stackstate-k8s-agent.global.extraLabels" . | indent 4 }} - app.kubernetes.io/component: checks-agent - annotations: -{{ include "stackstate-k8s-agent.global.extraAnnotations" . | indent 4 }} -roleRef: - apiGroup: rbac.authorization.k8s.io - kind: ClusterRole - name: {{ .Release.Name }}-node-agent -subjects: -- apiGroup: "" - kind: ServiceAccount - name: {{ .Release.Name }}-checks-agent - namespace: {{ .Release.Namespace }} -{{- end -}} diff --git a/charts/stackstate/stackstate-k8s-agent/1.0.88/templates/checks-agent-configmap.yaml b/charts/stackstate/stackstate-k8s-agent/1.0.88/templates/checks-agent-configmap.yaml deleted file mode 100644 index 54a1abf2f..000000000 --- a/charts/stackstate/stackstate-k8s-agent/1.0.88/templates/checks-agent-configmap.yaml +++ /dev/null @@ -1,17 +0,0 @@ -{{- if and .Values.checksAgent.enabled .Values.checksAgent.config.override }} -apiVersion: v1 -kind: ConfigMap -metadata: - name: {{ .Release.Name }}-checks-agent - labels: -{{ include "stackstate-k8s-agent.labels" . | indent 4 }} -{{ include "stackstate-k8s-agent.global.extraLabels" . | indent 4 }} - app.kubernetes.io/component: checks-agent - annotations: -{{ include "stackstate-k8s-agent.global.extraAnnotations" . | indent 4 }} -data: -{{- range .Values.checksAgent.config.override }} - {{ .path | replace "/" "_"}}_{{ .name }}: | -{{ .data | indent 4 -}} -{{- end -}} -{{- end -}} diff --git a/charts/stackstate/stackstate-k8s-agent/1.0.88/templates/checks-agent-deployment.yaml b/charts/stackstate/stackstate-k8s-agent/1.0.88/templates/checks-agent-deployment.yaml deleted file mode 100644 index 37a0b1a1d..000000000 --- a/charts/stackstate/stackstate-k8s-agent/1.0.88/templates/checks-agent-deployment.yaml +++ /dev/null @@ -1,185 +0,0 @@ -{{- if .Values.checksAgent.enabled }} -apiVersion: apps/v1 -kind: Deployment -metadata: - name: {{ .Release.Name }}-checks-agent - namespace: {{ .Release.Namespace }} - labels: -{{ include "stackstate-k8s-agent.labels" . | indent 4 }} -{{ include "stackstate-k8s-agent.global.extraLabels" . | indent 4 }} - app.kubernetes.io/component: checks-agent - annotations: -{{ include "stackstate-k8s-agent.global.extraAnnotations" . | indent 4 }} -spec: - selector: - matchLabels: - app.kubernetes.io/component: checks-agent - app.kubernetes.io/instance: {{ .Release.Name }} - app.kubernetes.io/name: {{ include "stackstate-k8s-agent.name" . }} - replicas: {{ .Values.checksAgent.replicas }} -{{- with .Values.checksAgent.strategy }} - strategy: - {{- toYaml . | nindent 4 }} -{{- end }} - template: - metadata: - annotations: - {{- include "stackstate-k8s-agent.checksum-configs" . | nindent 8 }} - {{- include "stackstate-k8s-agent.nodeAgent.configmap.override.checksum" . | nindent 8 }} -{{ include "stackstate-k8s-agent.global.extraAnnotations" . | indent 8 }} - labels: - app.kubernetes.io/component: checks-agent - app.kubernetes.io/instance: {{ .Release.Name }} - app.kubernetes.io/name: {{ include "stackstate-k8s-agent.name" . }} -{{ include "stackstate-k8s-agent.global.extraLabels" . | indent 8 }} - spec: - {{- include "stackstate-k8s-agent.image.pullSecrets" (dict "images" (list .Values.checksAgent.image .Values.all.image) "context" $) | nindent 6 }} - {{- if .Values.all.hardening.enabled}} - terminationGracePeriodSeconds: 240 - {{- end }} - containers: - - name: {{ .Chart.Name }} - image: "{{ include "stackstate-k8s-agent.imageRegistry" . }}/{{ .Values.checksAgent.image.repository }}:{{ .Values.checksAgent.image.tag }}" - imagePullPolicy: "{{ .Values.checksAgent.image.pullPolicy }}" - {{- if .Values.all.hardening.enabled}} - lifecycle: - preStop: - exec: - command: [ "/bin/sh", "-c", "echo 'Giving slim.ai monitor time to submit data...'; sleep 120" ] - {{- end }} - env: - {{ include "stackstate-k8s-agent.apiKeyEnv" . | nindent 10 }} - - name: KUBERNETES_HOSTNAME - valueFrom: - fieldRef: - fieldPath: spec.nodeName - - name: STS_HOSTNAME - value: "$(KUBERNETES_HOSTNAME)-{{ .Values.stackstate.cluster.name}}" - - name: AGENT_VERSION - value: {{ .Values.checksAgent.image.tag | quote }} - - name: LOG_LEVEL - value: {{ .Values.checksAgent.logLevel | quote }} - - name: STS_APM_ENABLED - value: "false" - - name: STS_CLUSTER_AGENT_ENABLED - value: {{ .Values.clusterAgent.enabled | quote }} - {{- if .Values.clusterAgent.enabled }} - - name: STS_CLUSTER_AGENT_KUBERNETES_SERVICE_NAME - value: {{ .Release.Name }}-cluster-agent - {{ include "stackstate-k8s-agent.clusterAgentAuthTokenEnv" . | nindent 10 }} - {{- end }} - - name: STS_CLUSTER_NAME - value: {{ .Values.stackstate.cluster.name | quote }} - - name: STS_SKIP_VALIDATE_CLUSTERNAME - value: "true" - - name: STS_CHECKS_TAG_CARDINALITY - value: {{ .Values.checksAgent.checksTagCardinality | quote }} - - name: STS_EXTRA_CONFIG_PROVIDERS - value: "clusterchecks" - - name: STS_HEALTH_PORT - value: "5555" - - name: STS_LEADER_ELECTION - value: "false" - - name: STS_LOG_LEVEL - value: {{ .Values.checksAgent.logLevel | quote }} - - name: STS_NETWORK_TRACING_ENABLED - value: "false" - - name: STS_PROCESS_AGENT_ENABLED - value: "false" - - name: STS_SKIP_SSL_VALIDATION - value: {{ or .Values.global.skipSslValidation .Values.checksAgent.skipSslValidation | quote }} - - name: STS_STS_URL - value: {{ include "stackstate-k8s-agent.stackstate.url" . }} - {{- if .Values.global.proxy.url }} - - name: STS_PROXY_HTTPS - value: {{ .Values.global.proxy.url | quote }} - - name: STS_PROXY_HTTP - value: {{ .Values.global.proxy.url | quote }} - {{- end }} - {{- range $key, $value := .Values.global.extraEnv.open }} - - name: {{ $key }} - value: {{ $value | quote }} - {{- end }} - {{- range $key, $value := .Values.global.extraEnv.secret }} - - name: {{ $key }} - valueFrom: - secretKeyRef: - name: {{ include "stackstate-k8s-agent.fullname" . }} - key: {{ $key }} - {{- end }} - livenessProbe: - httpGet: - path: /health - port: healthport - failureThreshold: {{ .Values.checksAgent.livenessProbe.failureThreshold }} - initialDelaySeconds: {{ .Values.checksAgent.livenessProbe.initialDelaySeconds }} - periodSeconds: {{ .Values.checksAgent.livenessProbe.periodSeconds }} - successThreshold: {{ .Values.checksAgent.livenessProbe.successThreshold }} - timeoutSeconds: {{ .Values.checksAgent.livenessProbe.timeoutSeconds }} - readinessProbe: - httpGet: - path: /health - port: healthport - failureThreshold: {{ .Values.checksAgent.readinessProbe.failureThreshold }} - initialDelaySeconds: {{ .Values.checksAgent.readinessProbe.initialDelaySeconds }} - periodSeconds: {{ .Values.checksAgent.readinessProbe.periodSeconds }} - successThreshold: {{ .Values.checksAgent.readinessProbe.successThreshold }} - timeoutSeconds: {{ .Values.checksAgent.readinessProbe.timeoutSeconds }} - ports: - - containerPort: 5555 - name: healthport - protocol: TCP - {{- if .Values.all.hardening.enabled}} - securityContext: - privileged: true - runAsUser: 0 # root - capabilities: - add: [ "ALL" ] - readOnlyRootFilesystem: false - {{- else }} - securityContext: - privileged: false - {{- end }} - {{- with .Values.checksAgent.resources }} - resources: - {{- toYaml . | nindent 12 }} - {{- end }} - volumeMounts: - - name: confd-empty-volume - mountPath: /etc/stackstate-agent/conf.d -# setting as readOnly: false because we need the ability to write data on /etc/stackstate-agent/conf.d as we enable checks to run. - readOnly: false - {{- if .Values.checksAgent.config.override }} - {{- range .Values.checksAgent.config.override }} - - name: config-override-volume - mountPath: {{ .path }}/{{ .name }} - subPath: {{ .path | replace "/" "_"}}_{{ .name }} - readOnly: true - {{- end }} - {{- end }} - {{- if .Values.checksAgent.priorityClassName }} - priorityClassName: {{ .Values.checksAgent.priorityClassName }} - {{- end }} - serviceAccountName: {{ .Release.Name }}-checks-agent - nodeSelector: - {{ template "label.os" . }}: {{ .Values.targetSystem }} - {{- with .Values.checksAgent.nodeSelector }} - {{- toYaml . | nindent 8 }} - {{- end }} - {{- with .Values.checksAgent.affinity }} - affinity: - {{- toYaml . | nindent 8 }} - {{- end }} - {{- with .Values.checksAgent.tolerations }} - tolerations: - {{- toYaml . | nindent 8 }} - {{- end }} - volumes: - - name: confd-empty-volume - emptyDir: {} - {{- if .Values.checksAgent.config.override }} - - name: config-override-volume - configMap: - name: {{ .Release.Name }}-checks-agent - {{- end }} -{{- end -}} diff --git a/charts/stackstate/stackstate-k8s-agent/1.0.88/templates/checks-agent-poddisruptionbudget.yaml b/charts/stackstate/stackstate-k8s-agent/1.0.88/templates/checks-agent-poddisruptionbudget.yaml deleted file mode 100644 index 19d3924ea..000000000 --- a/charts/stackstate/stackstate-k8s-agent/1.0.88/templates/checks-agent-poddisruptionbudget.yaml +++ /dev/null @@ -1,23 +0,0 @@ -{{- if .Values.checksAgent.enabled }} -{{- if .Capabilities.APIVersions.Has "policy/v1/PodDisruptionBudget" }} -apiVersion: policy/v1 -{{- else }} -apiVersion: policy/v1beta1 -{{- end }} -kind: PodDisruptionBudget -metadata: - name: {{ .Release.Name }}-checks-agent - labels: -{{ include "stackstate-k8s-agent.labels" . | indent 4 }} -{{ include "stackstate-k8s-agent.global.extraLabels" . | indent 4 }} - app.kubernetes.io/component: checks-agent - annotations: -{{ include "stackstate-k8s-agent.global.extraAnnotations" . | indent 4 }} -spec: - maxUnavailable: 1 - selector: - matchLabels: - app.kubernetes.io/component: checks-agent - app.kubernetes.io/instance: {{ .Release.Name }} - app.kubernetes.io/name: {{ include "stackstate-k8s-agent.name" . }} -{{- end -}} diff --git a/charts/stackstate/stackstate-k8s-agent/1.0.88/templates/checks-agent-serviceaccount.yaml b/charts/stackstate/stackstate-k8s-agent/1.0.88/templates/checks-agent-serviceaccount.yaml deleted file mode 100644 index a90a43589..000000000 --- a/charts/stackstate/stackstate-k8s-agent/1.0.88/templates/checks-agent-serviceaccount.yaml +++ /dev/null @@ -1,16 +0,0 @@ -{{- if .Values.checksAgent.enabled }} -apiVersion: v1 -kind: ServiceAccount -metadata: - name: {{ .Release.Name }}-checks-agent - namespace: {{ .Release.Namespace }} - labels: -{{ include "stackstate-k8s-agent.labels" . | indent 4 }} -{{ include "stackstate-k8s-agent.global.extraLabels" . | indent 4 }} - app.kubernetes.io/component: checks-agent - annotations: -{{ include "stackstate-k8s-agent.global.extraAnnotations" . | indent 4 }} -{{- with .Values.checksAgent.serviceaccount.annotations }} - {{- toYaml . | nindent 4 }} -{{- end }} -{{- end -}} diff --git a/charts/stackstate/stackstate-k8s-agent/1.0.88/templates/cluster-agent-clusterrole.yaml b/charts/stackstate/stackstate-k8s-agent/1.0.88/templates/cluster-agent-clusterrole.yaml deleted file mode 100644 index 021a43ebd..000000000 --- a/charts/stackstate/stackstate-k8s-agent/1.0.88/templates/cluster-agent-clusterrole.yaml +++ /dev/null @@ -1,152 +0,0 @@ -{{- $kubeRes := .Values.clusterAgent.collection.kubernetesResources }} -apiVersion: rbac.authorization.k8s.io/v1 -kind: ClusterRole -metadata: - name: {{ include "stackstate-k8s-agent.fullname" . }} - labels: -{{ include "stackstate-k8s-agent.labels" . | indent 4 }} -{{ include "stackstate-k8s-agent.global.extraLabels" . | indent 4 }} - app.kubernetes.io/component: cluster-agent - annotations: -{{ include "stackstate-k8s-agent.global.extraAnnotations" . | indent 4 }} -rules: -- apiGroups: - - "" - resources: - - events - - nodes - - pods - - services - {{- if $kubeRes.namespaces }} - - namespaces - {{- end }} - {{- if .Values.clusterAgent.collection.kubernetesMetrics }} - - componentstatuses - {{- end }} - {{- if $kubeRes.configmaps }} - - configmaps - {{- end }} - {{- if $kubeRes.endpoints }} - - endpoints - {{- end }} - {{- if $kubeRes.persistentvolumeclaims }} - - persistentvolumeclaims - {{- end }} - {{- if $kubeRes.persistentvolumes }} - - persistentvolumes - {{- end }} - {{- if $kubeRes.secrets }} - - secrets - {{- end }} - {{- if $kubeRes.resourcequotas }} - - resourcequotas - {{- end }} - verbs: - - get - - list - - watch -{{- if or $kubeRes.daemonsets $kubeRes.deployments $kubeRes.replicasets $kubeRes.statefulsets }} -- apiGroups: - - "apps" - resources: - {{- if $kubeRes.daemonsets }} - - daemonsets - {{- end }} - {{- if $kubeRes.deployments }} - - deployments - {{- end }} - {{- if $kubeRes.replicasets }} - - replicasets - {{- end }} - {{- if $kubeRes.statefulsets }} - - statefulsets - {{- end }} - verbs: - - get - - list - - watch -{{- end}} -{{- if $kubeRes.ingresses }} -- apiGroups: - - "extensions" - - "networking.k8s.io" - resources: - - ingresses - verbs: - - get - - list - - watch -{{- end}} -{{- if or $kubeRes.cronjobs $kubeRes.jobs }} -- apiGroups: - - "batch" - resources: - {{- if $kubeRes.cronjobs }} - - cronjobs - {{- end }} - {{- if $kubeRes.jobs }} - - jobs - {{- end }} - verbs: - - get - - list - - watch -{{- end}} -- nonResourceURLs: - - "/healthz" - - "/version" - verbs: - - get -- apiGroups: - - "storage.k8s.io" - resources: - {{- if $kubeRes.volumeattachments }} - - volumeattachments - {{- end }} - {{- if $kubeRes.storageclasses }} - - storageclasses - {{- end }} - verbs: - - get - - list - - watch -- apiGroups: - - "policy" - resources: - {{- if $kubeRes.poddisruptionbudgets }} - - poddisruptionbudgets - {{- end }} - verbs: - - get - - list - - watch -- apiGroups: - - "" - resources: - {{- if $kubeRes.replicationcontrollers }} - - replicationcontrollers - {{- end }} - verbs: - - get - - list - - watch -- apiGroups: - - "autoscaling" - resources: - {{- if $kubeRes.horizontalpodautoscalers }} - - horizontalpodautoscalers - {{- end }} - verbs: - - get - - list - - watch -- apiGroups: - - "" - resources: - {{- if $kubeRes.limitranges }} - - limitranges - {{- end }} - verbs: - - get - - list - - watch diff --git a/charts/stackstate/stackstate-k8s-agent/1.0.88/templates/cluster-agent-clusterrolebinding.yaml b/charts/stackstate/stackstate-k8s-agent/1.0.88/templates/cluster-agent-clusterrolebinding.yaml deleted file mode 100644 index 207613dd9..000000000 --- a/charts/stackstate/stackstate-k8s-agent/1.0.88/templates/cluster-agent-clusterrolebinding.yaml +++ /dev/null @@ -1,19 +0,0 @@ -apiVersion: rbac.authorization.k8s.io/v1 -kind: ClusterRoleBinding -metadata: - name: {{ include "stackstate-k8s-agent.fullname" . }} - labels: -{{ include "stackstate-k8s-agent.labels" . | indent 4 }} -{{ include "stackstate-k8s-agent.global.extraLabels" . | indent 4 }} - app.kubernetes.io/component: cluster-agent - annotations: -{{ include "stackstate-k8s-agent.global.extraAnnotations" . | indent 4 }} -roleRef: - apiGroup: rbac.authorization.k8s.io - kind: ClusterRole - name: {{ include "stackstate-k8s-agent.fullname" . }} -subjects: -- apiGroup: "" - kind: ServiceAccount - name: {{ include "stackstate-k8s-agent.fullname" . }} - namespace: {{ .Release.Namespace }} diff --git a/charts/stackstate/stackstate-k8s-agent/1.0.88/templates/cluster-agent-configmap.yaml b/charts/stackstate/stackstate-k8s-agent/1.0.88/templates/cluster-agent-configmap.yaml deleted file mode 100644 index 37d10217f..000000000 --- a/charts/stackstate/stackstate-k8s-agent/1.0.88/templates/cluster-agent-configmap.yaml +++ /dev/null @@ -1,31 +0,0 @@ -apiVersion: v1 -kind: ConfigMap -metadata: - name: {{ .Release.Name }}-cluster-agent - labels: -{{ include "stackstate-k8s-agent.labels" . | indent 4 }} -{{ include "stackstate-k8s-agent.global.extraLabels" . | indent 4 }} - app.kubernetes.io/component: cluster-agent - annotations: -{{ include "stackstate-k8s-agent.global.extraAnnotations" . | indent 4 }} -data: - kubernetes_api_events_conf: | - init_config: - instances: - - collect_events: {{ .Values.clusterAgent.collection.kubernetesEvents }} - event_categories:{{ .Values.clusterAgent.config.events.categories | toYaml | nindent 10 }} - kubernetes_api_topology_conf: | - init_config: - instances: - - collection_interval: {{ .Values.clusterAgent.config.topology.collectionInterval }} - resources:{{ .Values.clusterAgent.collection.kubernetesResources | toYaml | nindent 10 }} - {{- if .Values.clusterAgent.collection.kubeStateMetrics.enabled }} - kube_state_metrics_core_conf: | - {{- include "cluster-agent-kube-state-metrics" . | nindent 6 }} - {{- end }} -{{- if .Values.clusterAgent.config.override }} -{{- range .Values.clusterAgent.config.override }} - {{ .path | replace "/" "_"}}_{{ .name }}: | -{{ .data | indent 4 -}} -{{- end -}} -{{- end -}} diff --git a/charts/stackstate/stackstate-k8s-agent/1.0.88/templates/cluster-agent-deployment.yaml b/charts/stackstate/stackstate-k8s-agent/1.0.88/templates/cluster-agent-deployment.yaml deleted file mode 100644 index 51025a670..000000000 --- a/charts/stackstate/stackstate-k8s-agent/1.0.88/templates/cluster-agent-deployment.yaml +++ /dev/null @@ -1,169 +0,0 @@ -apiVersion: apps/v1 -kind: Deployment -metadata: - name: {{ .Release.Name }}-cluster-agent - labels: -{{ include "stackstate-k8s-agent.labels" . | indent 4 }} -{{ include "stackstate-k8s-agent.global.extraLabels" . | indent 4 }} - app.kubernetes.io/component: cluster-agent - annotations: -{{ include "stackstate-k8s-agent.global.extraAnnotations" . | indent 4 }} -spec: - replicas: {{ .Values.clusterAgent.replicaCount }} - selector: - matchLabels: - app.kubernetes.io/component: cluster-agent - app.kubernetes.io/instance: {{ .Release.Name }} - app.kubernetes.io/name: {{ include "stackstate-k8s-agent.name" . }} -{{- with .Values.clusterAgent.strategy }} - strategy: - {{- toYaml . | nindent 4 }} -{{- end }} - template: - metadata: - annotations: - {{- include "stackstate-k8s-agent.checksum-configs" . | nindent 8 }} - {{- include "stackstate-k8s-agent.configmap.override.checksum" . | nindent 8 }} -{{ include "stackstate-k8s-agent.global.extraAnnotations" . | indent 8 }} - labels: - app.kubernetes.io/component: cluster-agent - app.kubernetes.io/instance: {{ .Release.Name }} - app.kubernetes.io/name: {{ include "stackstate-k8s-agent.name" . }} -{{ include "stackstate-k8s-agent.global.extraLabels" . | indent 8 }} - spec: - {{- include "stackstate-k8s-agent.image.pullSecrets" (dict "images" (list .Values.clusterAgent.image .Values.all.image) "context" $) | nindent 6 }} - {{- if .Values.clusterAgent.priorityClassName }} - priorityClassName: {{ .Values.clusterAgent.priorityClassName }} - {{- end }} - serviceAccountName: {{ include "stackstate-k8s-agent.fullname" . }} - {{- if .Values.all.hardening.enabled}} - terminationGracePeriodSeconds: 240 - {{- end }} - containers: - - name: cluster-agent - image: "{{ include "stackstate-k8s-agent.imageRegistry" . }}/{{ .Values.clusterAgent.image.repository }}:{{ .Values.clusterAgent.image.tag }}" - imagePullPolicy: "{{ .Values.clusterAgent.image.pullPolicy }}" - {{- if .Values.all.hardening.enabled}} - lifecycle: - preStop: - exec: - command: [ "/bin/sh", "-c", "echo 'Giving slim.ai monitor time to submit data...'; sleep 120" ] - {{- end }} - env: - {{ include "stackstate-k8s-agent.apiKeyEnv" . | nindent 10 }} - {{ include "stackstate-k8s-agent.clusterAgentAuthTokenEnv" . | nindent 10 }} - - name: KUBERNETES_HOSTNAME - valueFrom: - fieldRef: - fieldPath: spec.nodeName - - name: STS_HOSTNAME - value: "$(KUBERNETES_HOSTNAME)-{{ .Values.stackstate.cluster.name}}" - - name: LOG_LEVEL - value: {{ .Values.clusterAgent.logLevel | quote }} - {{- if .Values.checksAgent.enabled }} - - name: STS_CLUSTER_CHECKS_ENABLED - value: "true" - - name: STS_EXTRA_CONFIG_PROVIDERS - value: "kube_endpoints kube_services" - - name: STS_EXTRA_LISTENERS - value: "kube_endpoints kube_services" - {{- end }} - - name: STS_CLUSTER_NAME - value: {{.Values.stackstate.cluster.name | quote }} - - name: STS_SKIP_VALIDATE_CLUSTERNAME - value: "true" - - name: STS_SKIP_SSL_VALIDATION - value: {{ or .Values.global.skipSslValidation .Values.clusterAgent.skipSslValidation | quote }} - - name: STS_COLLECT_KUBERNETES_METRICS - value: {{ .Values.clusterAgent.collection.kubernetesMetrics | quote }} - - name: STS_COLLECT_KUBERNETES_TIMEOUT - value: {{ .Values.clusterAgent.collection.kubernetesTimeout | quote }} - - name: STS_COLLECT_KUBERNETES_TOPOLOGY - value: {{ .Values.clusterAgent.collection.kubernetesTopology | quote }} - - name: STS_LEADER_ELECTION - value: "true" - - name: STS_LOG_LEVEL - value: {{ .Values.clusterAgent.logLevel | quote }} - - name: STS_CLUSTER_AGENT_CMD_PORT - value: {{ .Values.clusterAgent.service.targetPort | quote }} - - name: STS_STS_URL - value: {{ include "stackstate-k8s-agent.stackstate.url" . }} - {{- if .Values.clusterAgent.config.configMap.maxDataSize }} - - name: STS_CONFIGMAP_MAX_DATASIZE - value: {{ .Values.clusterAgent.config.configMap.maxDataSize | quote }} - {{- end}} - {{- if .Values.global.proxy.url }} - - name: STS_PROXY_HTTPS - value: {{ .Values.global.proxy.url | quote }} - - name: STS_PROXY_HTTP - value: {{ .Values.global.proxy.url | quote }} - {{- end }} - {{- range $key, $value := .Values.global.extraEnv.open }} - - name: {{ $key }} - value: {{ $value | quote }} - {{- end }} - {{- range $key, $value := .Values.global.extraEnv.secret }} - - name: {{ $key }} - valueFrom: - secretKeyRef: - name: {{ include "stackstate-k8s-agent.fullname" . }} - key: {{ $key }} - {{- end }} - {{- if .Values.all.hardening.enabled}} - securityContext: - privileged: true - runAsUser: 0 # root - capabilities: - add: [ "ALL" ] - readOnlyRootFilesystem: false - {{- else }} - securityContext: - privileged: false - {{- end }} - {{- with .Values.clusterAgent.resources }} - resources: - {{- toYaml . | nindent 12 }} - {{- end }} - volumeMounts: - - name: logs - mountPath: /var/log/stackstate-agent - - name: config-override-volume - mountPath: /etc/stackstate-agent/conf.d/kubernetes_api_events.d/conf.yaml - subPath: kubernetes_api_events_conf - - name: config-override-volume - mountPath: /etc/stackstate-agent/conf.d/kubernetes_api_topology.d/conf.yaml - subPath: kubernetes_api_topology_conf - readOnly: true - {{- if .Values.clusterAgent.collection.kubeStateMetrics.enabled }} - - name: config-override-volume - mountPath: /etc/stackstate-agent/conf.d/kubernetes_state_core.d/conf.yaml - subPath: kube_state_metrics_core_conf - readOnly: true - {{- end }} - {{- if .Values.clusterAgent.config.override }} - {{- range .Values.clusterAgent.config.override }} - - name: config-override-volume - mountPath: {{ .path }}/{{ .name }} - subPath: {{ .path | replace "/" "_"}}_{{ .name }} - readOnly: true - {{- end }} - {{- end }} - nodeSelector: - {{ template "label.os" . }}: {{ .Values.targetSystem }} - {{- with .Values.clusterAgent.nodeSelector }} - {{- toYaml . | nindent 8 }} - {{- end }} - {{- with .Values.clusterAgent.affinity }} - affinity: - {{- toYaml . | nindent 8 }} - {{- end }} - {{- with .Values.clusterAgent.tolerations }} - tolerations: - {{- toYaml . | nindent 8 }} - {{- end }} - volumes: - - name: logs - emptyDir: {} - - name: config-override-volume - configMap: - name: {{ .Release.Name }}-cluster-agent diff --git a/charts/stackstate/stackstate-k8s-agent/1.0.88/templates/cluster-agent-poddisruptionbudget.yaml b/charts/stackstate/stackstate-k8s-agent/1.0.88/templates/cluster-agent-poddisruptionbudget.yaml deleted file mode 100644 index 64a265b7d..000000000 --- a/charts/stackstate/stackstate-k8s-agent/1.0.88/templates/cluster-agent-poddisruptionbudget.yaml +++ /dev/null @@ -1,21 +0,0 @@ -{{- if .Capabilities.APIVersions.Has "policy/v1/PodDisruptionBudget" }} -apiVersion: policy/v1 -{{- else }} -apiVersion: policy/v1beta1 -{{- end }} -kind: PodDisruptionBudget -metadata: - name: {{ include "stackstate-k8s-agent.fullname" . }} - labels: -{{ include "stackstate-k8s-agent.labels" . | indent 4 }} -{{ include "stackstate-k8s-agent.global.extraLabels" . | indent 4 }} - app.kubernetes.io/component: cluster-agent - annotations: -{{ include "stackstate-k8s-agent.global.extraAnnotations" . | indent 4 }} -spec: - maxUnavailable: 1 - selector: - matchLabels: - app.kubernetes.io/component: cluster-agent - app.kubernetes.io/instance: {{ .Release.Name }} - app.kubernetes.io/name: {{ include "stackstate-k8s-agent.name" . }} diff --git a/charts/stackstate/stackstate-k8s-agent/1.0.88/templates/cluster-agent-role.yaml b/charts/stackstate/stackstate-k8s-agent/1.0.88/templates/cluster-agent-role.yaml deleted file mode 100644 index eabc5bde3..000000000 --- a/charts/stackstate/stackstate-k8s-agent/1.0.88/templates/cluster-agent-role.yaml +++ /dev/null @@ -1,21 +0,0 @@ -{{- $kubeRes := .Values.clusterAgent.collection.kubernetesResources }} -apiVersion: rbac.authorization.k8s.io/v1 -kind: Role -metadata: - name: {{ include "stackstate-k8s-agent.fullname" . }} - labels: -{{ include "stackstate-k8s-agent.labels" . | indent 4 }} -{{ include "stackstate-k8s-agent.global.extraLabels" . | indent 4 }} - app.kubernetes.io/component: cluster-agent - annotations: -{{ include "stackstate-k8s-agent.global.extraAnnotations" . | indent 4 }} -rules: -- apiGroups: - - "" - resources: - - configmaps - verbs: - - create - - get - - patch - - update diff --git a/charts/stackstate/stackstate-k8s-agent/1.0.88/templates/cluster-agent-rolebinding.yaml b/charts/stackstate/stackstate-k8s-agent/1.0.88/templates/cluster-agent-rolebinding.yaml deleted file mode 100644 index adabad45e..000000000 --- a/charts/stackstate/stackstate-k8s-agent/1.0.88/templates/cluster-agent-rolebinding.yaml +++ /dev/null @@ -1,18 +0,0 @@ -apiVersion: rbac.authorization.k8s.io/v1 -kind: RoleBinding -metadata: - name: {{ include "stackstate-k8s-agent.fullname" . }} - labels: -{{ include "stackstate-k8s-agent.labels" . | indent 4 }} -{{ include "stackstate-k8s-agent.global.extraLabels" . | indent 4 }} - app.kubernetes.io/component: cluster-agent - annotations: -{{ include "stackstate-k8s-agent.global.extraAnnotations" . | indent 4 }} -roleRef: - apiGroup: rbac.authorization.k8s.io - kind: Role - name: {{ include "stackstate-k8s-agent.fullname" . }} -subjects: -- apiGroup: "" - kind: ServiceAccount - name: {{ include "stackstate-k8s-agent.fullname" . }} diff --git a/charts/stackstate/stackstate-k8s-agent/1.0.88/templates/cluster-agent-service.yaml b/charts/stackstate/stackstate-k8s-agent/1.0.88/templates/cluster-agent-service.yaml deleted file mode 100644 index 8b687e8f7..000000000 --- a/charts/stackstate/stackstate-k8s-agent/1.0.88/templates/cluster-agent-service.yaml +++ /dev/null @@ -1,21 +0,0 @@ -apiVersion: v1 -kind: Service -metadata: - name: {{ .Release.Name }}-cluster-agent - namespace: {{ .Release.Namespace }} - labels: -{{ include "stackstate-k8s-agent.labels" . | indent 4 }} -{{ include "stackstate-k8s-agent.global.extraLabels" . | indent 4 }} - app.kubernetes.io/component: cluster-agent - annotations: -{{ include "stackstate-k8s-agent.global.extraAnnotations" . | indent 4 }} -spec: - ports: - - name: clusteragent - port: {{int .Values.clusterAgent.service.port }} - protocol: TCP - targetPort: {{int .Values.clusterAgent.service.targetPort }} - selector: - app.kubernetes.io/component: cluster-agent - app.kubernetes.io/instance: {{ .Release.Name }} - app.kubernetes.io/name: {{ include "stackstate-k8s-agent.name" . }} diff --git a/charts/stackstate/stackstate-k8s-agent/1.0.88/templates/cluster-agent-serviceaccount.yaml b/charts/stackstate/stackstate-k8s-agent/1.0.88/templates/cluster-agent-serviceaccount.yaml deleted file mode 100644 index 6cbc89699..000000000 --- a/charts/stackstate/stackstate-k8s-agent/1.0.88/templates/cluster-agent-serviceaccount.yaml +++ /dev/null @@ -1,14 +0,0 @@ -apiVersion: v1 -kind: ServiceAccount -metadata: - name: {{ include "stackstate-k8s-agent.fullname" . }} - namespace: {{ .Release.Namespace }} - labels: -{{ include "stackstate-k8s-agent.labels" . | indent 4 }} -{{ include "stackstate-k8s-agent.global.extraLabels" . | indent 4 }} - app.kubernetes.io/component: cluster-agent - annotations: -{{ include "stackstate-k8s-agent.global.extraAnnotations" . | indent 4 }} -{{- with .Values.clusterAgent.serviceaccount.annotations }} - {{- toYaml . | nindent 4 }} -{{- end }} diff --git a/charts/stackstate/stackstate-k8s-agent/1.0.88/templates/logs-agent-clusterrole.yaml b/charts/stackstate/stackstate-k8s-agent/1.0.88/templates/logs-agent-clusterrole.yaml deleted file mode 100644 index da6cd59dd..000000000 --- a/charts/stackstate/stackstate-k8s-agent/1.0.88/templates/logs-agent-clusterrole.yaml +++ /dev/null @@ -1,23 +0,0 @@ -{{- if .Values.logsAgent.enabled }} -apiVersion: rbac.authorization.k8s.io/v1 -kind: ClusterRole -metadata: - name: {{ .Release.Name }}-logs-agent - labels: -{{ include "stackstate-k8s-agent.labels" . | indent 4 }} -{{ include "stackstate-k8s-agent.global.extraLabels" . | indent 4 }} - app.kubernetes.io/component: logs-agent - annotations: -{{ include "stackstate-k8s-agent.global.extraAnnotations" . | indent 4 }} -rules: -- apiGroups: # Kubelet connectivity - - "" - resources: - - nodes - - services - - pods - verbs: - - get - - watch - - list -{{- end -}} diff --git a/charts/stackstate/stackstate-k8s-agent/1.0.88/templates/logs-agent-clusterrolebinding.yaml b/charts/stackstate/stackstate-k8s-agent/1.0.88/templates/logs-agent-clusterrolebinding.yaml deleted file mode 100644 index 1f6e7cfcf..000000000 --- a/charts/stackstate/stackstate-k8s-agent/1.0.88/templates/logs-agent-clusterrolebinding.yaml +++ /dev/null @@ -1,21 +0,0 @@ -{{- if .Values.logsAgent.enabled }} -apiVersion: rbac.authorization.k8s.io/v1 -kind: ClusterRoleBinding -metadata: - name: {{ .Release.Name }}-logs-agent - labels: -{{ include "stackstate-k8s-agent.labels" . | indent 4 }} -{{ include "stackstate-k8s-agent.global.extraLabels" . | indent 4 }} - app.kubernetes.io/component: logs-agent - annotations: -{{ include "stackstate-k8s-agent.global.extraAnnotations" . | indent 4 }} -roleRef: - apiGroup: rbac.authorization.k8s.io - kind: ClusterRole - name: {{ .Release.Name }}-logs-agent -subjects: -- apiGroup: "" - kind: ServiceAccount - name: {{ .Release.Name }}-logs-agent - namespace: {{ .Release.Namespace }} -{{- end -}} diff --git a/charts/stackstate/stackstate-k8s-agent/1.0.88/templates/logs-agent-configmap.yaml b/charts/stackstate/stackstate-k8s-agent/1.0.88/templates/logs-agent-configmap.yaml deleted file mode 100644 index ff9440a4b..000000000 --- a/charts/stackstate/stackstate-k8s-agent/1.0.88/templates/logs-agent-configmap.yaml +++ /dev/null @@ -1,63 +0,0 @@ -{{- if .Values.logsAgent.enabled }} -apiVersion: v1 -kind: ConfigMap -metadata: - name: {{ .Release.Name }}-logs-agent - labels: -{{ include "stackstate-k8s-agent.labels" . | indent 4 }} -{{ include "stackstate-k8s-agent.global.extraLabels" . | indent 4 }} - app.kubernetes.io/component: logs-agent - annotations: -{{ include "stackstate-k8s-agent.global.extraAnnotations" . | indent 4 }} -data: - promtail.yaml: | - server: - http_listen_port: 9080 - grpc_listen_port: 0 - - clients: - - url: {{ tpl .Values.stackstate.url . }}/logs/k8s?api_key=${STS_API_KEY} - external_labels: - sts_cluster_name: {{ .Values.stackstate.cluster.name | quote }} - {{- if .Values.global.proxy.url }} - proxy_url: {{ .Values.global.proxy.url | quote }} - {{- end }} - tls_config: - insecure_skip_verify: {{ or .Values.global.skipSslValidation .Values.logsAgent.skipSslValidation }} - - - positions: - filename: /tmp/positions.yaml - target_config: - sync_period: 10s - scrape_configs: - - job_name: pod-logs - kubernetes_sd_configs: - - role: pod - pipeline_stages: - - docker: {} - - cri: {} - relabel_configs: - - action: replace - source_labels: - - __meta_kubernetes_pod_name - target_label: pod_name - - action: replace - source_labels: - - __meta_kubernetes_pod_uid - target_label: pod_uid - - action: replace - source_labels: - - __meta_kubernetes_pod_container_name - target_label: container_name - # The __path__ is required by the promtail client - - replacement: /var/log/pods/*$1/*.log - separator: / - source_labels: - - __meta_kubernetes_pod_uid - - __meta_kubernetes_pod_container_name - target_label: __path__ - # Drop all remaining labels, we do not need those - - action: drop - regex: __meta_(.*) -{{- end -}} diff --git a/charts/stackstate/stackstate-k8s-agent/1.0.88/templates/logs-agent-daemonset.yaml b/charts/stackstate/stackstate-k8s-agent/1.0.88/templates/logs-agent-daemonset.yaml deleted file mode 100644 index 23cfce31f..000000000 --- a/charts/stackstate/stackstate-k8s-agent/1.0.88/templates/logs-agent-daemonset.yaml +++ /dev/null @@ -1,91 +0,0 @@ -{{- if .Values.logsAgent.enabled }} -apiVersion: apps/v1 -kind: DaemonSet -metadata: - name: {{ .Release.Name }}-logs-agent - namespace: {{ .Release.Namespace }} - labels: -{{ include "stackstate-k8s-agent.labels" . | indent 4 }} -{{ include "stackstate-k8s-agent.global.extraLabels" . | indent 4 }} - app.kubernetes.io/component: logs-agent - annotations: -{{ include "stackstate-k8s-agent.global.extraAnnotations" . | indent 4 }} -spec: - selector: - matchLabels: - app.kubernetes.io/component: logs-agent - app.kubernetes.io/instance: {{ .Release.Name }} - app.kubernetes.io/name: {{ include "stackstate-k8s-agent.name" . }} -{{- with .Values.logsAgent.updateStrategy }} - updateStrategy: - {{- toYaml . | nindent 4 }} -{{- end }} - template: - metadata: - annotations: - {{- include "stackstate-k8s-agent.checksum-configs" . | nindent 8 }} - {{- include "stackstate-k8s-agent.logsAgent.configmap.override.checksum" . | nindent 8 }} -{{ include "stackstate-k8s-agent.global.extraAnnotations" . | indent 8 }} - labels: - app.kubernetes.io/component: logs-agent - app.kubernetes.io/instance: {{ .Release.Name }} - app.kubernetes.io/name: {{ include "stackstate-k8s-agent.name" . }} -{{ include "stackstate-k8s-agent.global.extraLabels" . | indent 8 }} - spec: - {{- include "stackstate-k8s-agent.image.pullSecrets" (dict "images" (list .Values.logsAgent.image .Values.all.image) "context" $) | nindent 6 }} - containers: - - name: logs-agent - image: "{{ include "stackstate-k8s-agent.imageRegistry" . }}/{{ .Values.logsAgent.image.repository }}:{{ .Values.logsAgent.image.tag }}" - args: - - -config.expand-env=true - - -config.file=/etc/promtail/promtail.yaml - imagePullPolicy: "{{ .Values.logsAgent.image.pullPolicy }}" - env: - {{ include "stackstate-k8s-agent.apiKeyEnv" . | nindent 10 }} - - name: "HOSTNAME" # needed when using kubernetes_sd_configs - valueFrom: - fieldRef: - fieldPath: "spec.nodeName" - securityContext: - privileged: false - {{- with .Values.logsAgent.resources }} - resources: - {{- toYaml . | nindent 12 }} - {{- end }} - volumeMounts: - - name: logs - mountPath: /var/log - readOnly: true - - name: logs-agent-config - mountPath: /etc/promtail - readOnly: true - - name: varlibdockercontainers - mountPath: /var/lib/docker/containers - readOnly: true - {{- if .Values.logsAgent.priorityClassName }} - priorityClassName: {{ .Values.logsAgent.priorityClassName }} - {{- end }} - serviceAccountName: {{ .Release.Name }}-logs-agent - {{- with .Values.logsAgent.nodeSelector }} - nodeSelector: - {{- toYaml . | nindent 8 }} - {{- end }} - {{- with .Values.logsAgent.affinity }} - affinity: - {{- toYaml . | nindent 8 }} - {{- end }} - {{- with .Values.logsAgent.tolerations }} - tolerations: - {{- toYaml . | nindent 8 }} - {{- end }} - volumes: - - name: logs - hostPath: - path: /var/log - - name: varlibdockercontainers - hostPath: - path: /var/lib/docker/containers - - name: logs-agent-config - configMap: - name: {{ .Release.Name }}-logs-agent -{{- end -}} diff --git a/charts/stackstate/stackstate-k8s-agent/1.0.88/templates/logs-agent-serviceaccount.yaml b/charts/stackstate/stackstate-k8s-agent/1.0.88/templates/logs-agent-serviceaccount.yaml deleted file mode 100644 index 91cfdb137..000000000 --- a/charts/stackstate/stackstate-k8s-agent/1.0.88/templates/logs-agent-serviceaccount.yaml +++ /dev/null @@ -1,16 +0,0 @@ -{{- if .Values.logsAgent.enabled }} -apiVersion: v1 -kind: ServiceAccount -metadata: - name: {{ .Release.Name }}-logs-agent - namespace: {{ .Release.Namespace }} - labels: -{{ include "stackstate-k8s-agent.labels" . | indent 4 }} -{{ include "stackstate-k8s-agent.global.extraLabels" . | indent 4 }} - app.kubernetes.io/component: logs-agent - annotations: -{{ include "stackstate-k8s-agent.global.extraAnnotations" . | indent 4 }} -{{- with .Values.logsAgent.serviceaccount.annotations }} - {{- toYaml . | nindent 4 }} -{{- end }} -{{- end -}} diff --git a/charts/stackstate/stackstate-k8s-agent/1.0.88/templates/node-agent-clusterrole.yaml b/charts/stackstate/stackstate-k8s-agent/1.0.88/templates/node-agent-clusterrole.yaml deleted file mode 100644 index 1ded16cc2..000000000 --- a/charts/stackstate/stackstate-k8s-agent/1.0.88/templates/node-agent-clusterrole.yaml +++ /dev/null @@ -1,21 +0,0 @@ -apiVersion: rbac.authorization.k8s.io/v1 -kind: ClusterRole -metadata: - name: {{ .Release.Name }}-node-agent - labels: -{{ include "stackstate-k8s-agent.labels" . | indent 4 }} -{{ include "stackstate-k8s-agent.global.extraLabels" . | indent 4 }} - app.kubernetes.io/component: node-agent - annotations: -{{ include "stackstate-k8s-agent.global.extraAnnotations" . | indent 4 }} -rules: -- apiGroups: # Kubelet connectivity - - "" - resources: - - nodes/metrics - - nodes/proxy - - nodes/spec - - endpoints - verbs: - - get - - list diff --git a/charts/stackstate/stackstate-k8s-agent/1.0.88/templates/node-agent-clusterrolebinding.yaml b/charts/stackstate/stackstate-k8s-agent/1.0.88/templates/node-agent-clusterrolebinding.yaml deleted file mode 100644 index b3f033ebb..000000000 --- a/charts/stackstate/stackstate-k8s-agent/1.0.88/templates/node-agent-clusterrolebinding.yaml +++ /dev/null @@ -1,19 +0,0 @@ -apiVersion: rbac.authorization.k8s.io/v1 -kind: ClusterRoleBinding -metadata: - name: {{ .Release.Name }}-node-agent - labels: -{{ include "stackstate-k8s-agent.labels" . | indent 4 }} -{{ include "stackstate-k8s-agent.global.extraLabels" . | indent 4 }} - app.kubernetes.io/component: node-agent - annotations: -{{ include "stackstate-k8s-agent.global.extraAnnotations" . | indent 4 }} -roleRef: - apiGroup: rbac.authorization.k8s.io - kind: ClusterRole - name: {{ .Release.Name }}-node-agent -subjects: -- apiGroup: "" - kind: ServiceAccount - name: {{ .Release.Name }}-node-agent - namespace: {{ .Release.Namespace }} diff --git a/charts/stackstate/stackstate-k8s-agent/1.0.88/templates/node-agent-configmap.yaml b/charts/stackstate/stackstate-k8s-agent/1.0.88/templates/node-agent-configmap.yaml deleted file mode 100644 index 8f6b2ed3a..000000000 --- a/charts/stackstate/stackstate-k8s-agent/1.0.88/templates/node-agent-configmap.yaml +++ /dev/null @@ -1,17 +0,0 @@ -{{- if .Values.nodeAgent.config.override }} -apiVersion: v1 -kind: ConfigMap -metadata: - name: {{ .Release.Name }}-node-agent - labels: -{{ include "stackstate-k8s-agent.labels" . | indent 4 }} -{{ include "stackstate-k8s-agent.global.extraLabels" . | indent 4 }} - app.kubernetes.io/component: node-agent - annotations: -{{ include "stackstate-k8s-agent.global.extraAnnotations" . | indent 4 }} -data: -{{- range .Values.nodeAgent.config.override }} - {{ .path | replace "/" "_"}}_{{ .name }}: | -{{ .data | indent 4 -}} -{{- end -}} -{{- end -}} diff --git a/charts/stackstate/stackstate-k8s-agent/1.0.88/templates/node-agent-daemonset.yaml b/charts/stackstate/stackstate-k8s-agent/1.0.88/templates/node-agent-daemonset.yaml deleted file mode 100644 index 4c8dbdd5a..000000000 --- a/charts/stackstate/stackstate-k8s-agent/1.0.88/templates/node-agent-daemonset.yaml +++ /dev/null @@ -1,110 +0,0 @@ ---- -apiVersion: apps/v1 -kind: DaemonSet -metadata: - name: {{ .Release.Name }}-node-agent - namespace: {{ .Release.Namespace }} - labels: -{{ include "stackstate-k8s-agent.labels" . | indent 4 }} -{{ include "stackstate-k8s-agent.global.extraLabels" . | indent 4 }} - app.kubernetes.io/component: node-agent - annotations: -{{ include "stackstate-k8s-agent.global.extraAnnotations" . | indent 4 }} -spec: - selector: - matchLabels: - app.kubernetes.io/component: node-agent - app.kubernetes.io/instance: {{ .Release.Name }} - app.kubernetes.io/name: {{ include "stackstate-k8s-agent.name" . }} -{{- with .Values.nodeAgent.updateStrategy }} - updateStrategy: - {{- toYaml . | nindent 4 }} -{{- end }} - template: - metadata: - annotations: - {{- include "stackstate-k8s-agent.checksum-configs" . | nindent 8 }} - {{- include "stackstate-k8s-agent.nodeAgent.configmap.override.checksum" . | nindent 8 }} -{{ include "stackstate-k8s-agent.global.extraAnnotations" . | indent 8 }} - labels: - app.kubernetes.io/component: node-agent - app.kubernetes.io/instance: {{ .Release.Name }} - app.kubernetes.io/name: {{ include "stackstate-k8s-agent.name" . }} -{{ include "stackstate-k8s-agent.global.extraLabels" . | indent 8 }} - spec: - {{- include "stackstate-k8s-agent.image.pullSecrets" (dict "images" (list .Values.nodeAgent.containers.agent.image .Values.all.image) "context" $) | nindent 6 }} - {{- if .Values.all.hardening.enabled}} - terminationGracePeriodSeconds: 240 - {{- end }} - containers: - {{- include "container-agent" . | nindent 6 }} - {{- if .Values.nodeAgent.containers.processAgent.enabled }} - {{- include "container-process-agent" . | nindent 6 }} - {{- end }} - dnsPolicy: ClusterFirstWithHostNet - hostNetwork: true - hostPID: true - {{- if .Values.nodeAgent.priorityClassName }} - priorityClassName: {{ .Values.nodeAgent.priorityClassName }} - {{- end }} - serviceAccountName: {{ .Release.Name }}-node-agent - nodeSelector: - {{ template "label.os" . }}: {{ .Values.targetSystem }} - {{- with .Values.nodeAgent.nodeSelector }} - {{- toYaml . | nindent 8 }} - {{- end }} - {{- with .Values.nodeAgent.affinity }} - affinity: - {{- toYaml . | nindent 8 }} - {{- end }} - {{- with .Values.nodeAgent.tolerations }} - tolerations: - {{- toYaml . | nindent 8 }} - {{- end }} - volumes: - {{- if .Values.nodeAgent.containerRuntime.customSocketPath }} - - hostPath: - path: {{ .Values.nodeAgent.containerRuntime.customSocketPath }} - name: customcrisocket - {{- end }} - - hostPath: - path: /var/lib/kubelet - name: kubelet - - hostPath: - path: /var/lib/nfs - name: nfs - - hostPath: - path: /var/lib/docker/overlay2 - name: dockeroverlay2 - - hostPath: - path: /run/docker/netns - name: dockernetns - - hostPath: - path: /var/run/crio/crio.sock - name: crisocket - - hostPath: - path: /var/run/containerd/containerd.sock - name: containerdsocket - - hostPath: - path: /sys/kernel/debug - name: sys-kernel-debug - - hostPath: - path: /var/run/docker.sock - name: dockersocket - - hostPath: - path: {{ .Values.nodeAgent.containerRuntime.hostProc }} - name: procdir - - hostPath: - path: /etc - name: etcdir - - hostPath: - path: /etc/passwd - name: passwd - - hostPath: - path: /sys/fs/cgroup - name: cgroups - {{- if .Values.nodeAgent.config.override }} - - name: config-override-volume - configMap: - name: {{ .Release.Name }}-node-agent - {{- end }} diff --git a/charts/stackstate/stackstate-k8s-agent/1.0.88/templates/node-agent-podautoscaler.yaml b/charts/stackstate/stackstate-k8s-agent/1.0.88/templates/node-agent-podautoscaler.yaml deleted file mode 100644 index 38298d414..000000000 --- a/charts/stackstate/stackstate-k8s-agent/1.0.88/templates/node-agent-podautoscaler.yaml +++ /dev/null @@ -1,39 +0,0 @@ ---- -{{- if .Values.nodeAgent.autoScalingEnabled }} -apiVersion: "autoscaling.k8s.io/v1" -kind: VerticalPodAutoscaler -metadata: - name: {{ .Release.Name }}-node-agent-vpa - namespace: {{ .Release.Namespace }} - labels: -{{ include "stackstate-k8s-agent.global.extraLabels" . | indent 4 }} - annotations: -{{ include "stackstate-k8s-agent.global.extraAnnotations" . | indent 4 }} -spec: - targetRef: - apiVersion: "apps/v1" - kind: DaemonSet - name: {{ .Release.Name }}-node-agent - resourcePolicy: - containerPolicies: - - containerName: 'node-agent' - minAllowed: - cpu: {{ .Values.nodeAgent.scaling.autoscalerLimits.agent.minimum.cpu }} - memory: {{ .Values.nodeAgent.scaling.autoscalerLimits.agent.minimum.memory }} - maxAllowed: - cpu: {{ .Values.nodeAgent.scaling.autoscalerLimits.agent.maximum.cpu }} - memory: {{ .Values.nodeAgent.scaling.autoscalerLimits.agent.maximum.memory }} - controlledResources: ["cpu", "memory"] - controlledValues: RequestsAndLimits - - containerName: 'process-agent' - minAllowed: - cpu: {{ .Values.nodeAgent.scaling.autoscalerLimits.processAgent.minimum.cpu }} - memory: {{ .Values.nodeAgent.scaling.autoscalerLimits.processAgent.minimum.memory }} - maxAllowed: - cpu: {{ .Values.nodeAgent.scaling.autoscalerLimits.processAgent.maximum.cpu }} - memory: {{ .Values.nodeAgent.scaling.autoscalerLimits.processAgent.maximum.memory }} - controlledResources: ["cpu", "memory"] - controlledValues: RequestsAndLimits - updatePolicy: - updateMode: "Auto" -{{- end }} diff --git a/charts/stackstate/stackstate-k8s-agent/1.0.88/templates/node-agent-scc.yaml b/charts/stackstate/stackstate-k8s-agent/1.0.88/templates/node-agent-scc.yaml deleted file mode 100644 index a09da78c1..000000000 --- a/charts/stackstate/stackstate-k8s-agent/1.0.88/templates/node-agent-scc.yaml +++ /dev/null @@ -1,60 +0,0 @@ -{{- if .Values.nodeAgent.scc.enabled }} -allowHostDirVolumePlugin: true -# was true -allowHostIPC: true -# was true -allowHostNetwork: true -# Allow host PID for dogstatsd origin detection -allowHostPID: true -# Allow host ports for dsd / trace / logs intake -allowHostPorts: true -allowPrivilegeEscalation: true -# was true -allowPrivilegedContainer: true -# was - '*' -allowedCapabilities: [] -allowedUnsafeSysctls: -- '*' -apiVersion: security.openshift.io/v1 -defaultAddCapabilities: null -fsGroup: -# was RunAsAny - type: MustRunAs -groups: [] -kind: SecurityContextConstraints -metadata: - name: {{ .Release.Name }}-node-agent - namespace: {{ .Release.Namespace }} - labels: -{{ include "stackstate-k8s-agent.global.extraLabels" . | indent 4 }} - annotations: -{{ include "stackstate-k8s-agent.global.extraAnnotations" . | indent 4 }} -priority: null -readOnlyRootFilesystem: false -requiredDropCapabilities: null -# was RunAsAny -runAsUser: - type: MustRunAsRange -# Use the `spc_t` selinux type to access the -# docker socket + proc and cgroup stats -seLinuxContext: - type: RunAsAny - seLinuxOptions: - user: "system_u" - role: "system_r" - type: "spc_t" - level: "s0" -# was - '*' -seccompProfiles: [] -supplementalGroups: - type: RunAsAny -users: -- system:serviceaccount:{{ .Release.Namespace }}:{{ .Release.Name }}-node-agent -# Allow hostPath for docker / process metrics -volumes: - - configMap - - downwardAPI - - emptyDir - - hostPath - - secret -{{- end }} diff --git a/charts/stackstate/stackstate-k8s-agent/1.0.88/templates/node-agent-service.yaml b/charts/stackstate/stackstate-k8s-agent/1.0.88/templates/node-agent-service.yaml deleted file mode 100644 index 0b6cd6ec0..000000000 --- a/charts/stackstate/stackstate-k8s-agent/1.0.88/templates/node-agent-service.yaml +++ /dev/null @@ -1,28 +0,0 @@ -apiVersion: v1 -kind: Service -metadata: - name: {{ .Release.Name }}-node-agent - namespace: {{ .Release.Namespace }} - labels: -{{ include "stackstate-k8s-agent.labels" . | indent 4 }} -{{ include "stackstate-k8s-agent.global.extraLabels" . | indent 4 }} - app.kubernetes.io/component: node-agent - annotations: -{{ include "stackstate-k8s-agent.global.extraAnnotations" . | indent 4 }} -{{- with .Values.nodeAgent.service.annotations }} - {{- toYaml . | nindent 4 }} -{{- end }} -spec: - type: {{ .Values.nodeAgent.service.type }} -{{- if eq .Values.nodeAgent.service.type "LoadBalancer" }} - loadBalancerSourceRanges: {{ toYaml .Values.nodeAgent.service.loadBalancerSourceRanges | nindent 4}} -{{- end }} - ports: - - name: traceport - port: 8126 - protocol: TCP - targetPort: 8126 - selector: - app.kubernetes.io/component: node-agent - app.kubernetes.io/instance: {{ .Release.Name }} - app.kubernetes.io/name: {{ include "stackstate-k8s-agent.name" . }} diff --git a/charts/stackstate/stackstate-k8s-agent/1.0.88/templates/node-agent-serviceaccount.yaml b/charts/stackstate/stackstate-k8s-agent/1.0.88/templates/node-agent-serviceaccount.yaml deleted file mode 100644 index 803d184ef..000000000 --- a/charts/stackstate/stackstate-k8s-agent/1.0.88/templates/node-agent-serviceaccount.yaml +++ /dev/null @@ -1,14 +0,0 @@ -apiVersion: v1 -kind: ServiceAccount -metadata: - name: {{ .Release.Name }}-node-agent - namespace: {{ .Release.Namespace }} - labels: -{{ include "stackstate-k8s-agent.labels" . | indent 4 }} -{{ include "stackstate-k8s-agent.global.extraLabels" . | indent 4 }} - app.kubernetes.io/component: node-agent - annotations: -{{ include "stackstate-k8s-agent.global.extraAnnotations" . | indent 4 }} -{{- with .Values.nodeAgent.serviceaccount.annotations }} - {{- toYaml . | nindent 4 }} -{{- end }} diff --git a/charts/stackstate/stackstate-k8s-agent/1.0.88/templates/openshift-logging-secret.yaml b/charts/stackstate/stackstate-k8s-agent/1.0.88/templates/openshift-logging-secret.yaml deleted file mode 100644 index ed0707f1f..000000000 --- a/charts/stackstate/stackstate-k8s-agent/1.0.88/templates/openshift-logging-secret.yaml +++ /dev/null @@ -1,22 +0,0 @@ -{{- if not .Values.stackstate.manageOwnSecrets }} -{{- if .Values.openShiftLogging.installSecret }} -apiVersion: v1 -kind: Secret -metadata: - name: {{ include "stackstate-k8s-agent.fullname" . }}-logging-secret - namespace: openshift-logging - labels: -{{ include "stackstate-k8s-agent.labels" . | indent 4 }} -{{ include "stackstate-k8s-agent.global.extraLabels" . | indent 4 }} - annotations: -{{ include "stackstate-k8s-agent.global.extraAnnotations" . | indent 4 }} -type: Opaque -data: - username: {{ "apikey" | b64enc | quote }} -{{- if .Values.global.receiverApiKey }} - password: {{ .Values.global.receiverApiKey | b64enc | quote }} -{{- else }} - password: {{ .Values.stackstate.apiKey | b64enc | quote }} -{{- end }} -{{- end }} -{{- end }} diff --git a/charts/stackstate/stackstate-k8s-agent/1.0.88/templates/pull-secret.yaml b/charts/stackstate/stackstate-k8s-agent/1.0.88/templates/pull-secret.yaml deleted file mode 100644 index 916941665..000000000 --- a/charts/stackstate/stackstate-k8s-agent/1.0.88/templates/pull-secret.yaml +++ /dev/null @@ -1,39 +0,0 @@ -{{- $defaultRegistry := .Values.global.imageRegistry }} -{{- $top := . }} -{{- $registryAuthMap := dict }} - -{{- range $registry, $credentials := .Values.global.imagePullCredentials }} - {{- $registryAuthDocument := dict -}} - {{- $_ := set $registryAuthDocument "username" $credentials.username }} - {{- $_ := set $registryAuthDocument "password" $credentials.password }} - {{- $authMessage := printf "%s:%s" $registryAuthDocument.username $registryAuthDocument.password | b64enc }} - {{- $_ := set $registryAuthDocument "auth" $authMessage }} - {{- if eq $registry "default" }} - {{- $registryAuthMap := set $registryAuthMap (include "stackstate-k8s-agent.imageRegistry" $top) $registryAuthDocument }} - {{ else }} - {{- $registryAuthMap := set $registryAuthMap $registry $registryAuthDocument }} - {{- end }} -{{- end }} - -{{- if .Values.all.image.pullSecretUsername }} - {{- $registryAuthDocument := dict -}} - {{- $_ := set $registryAuthDocument "username" .Values.all.image.pullSecretUsername }} - {{- $_ := set $registryAuthDocument "password" .Values.all.image.pullSecretPassword }} - {{- $authMessage := printf "%s:%s" $registryAuthDocument.username $registryAuthDocument.password | b64enc }} - {{- $_ := set $registryAuthDocument "auth" $authMessage }} - {{- $registryAuthMap := set $registryAuthMap (include "stackstate-k8s-agent.imageRegistry" $top) $registryAuthDocument }} -{{- end }} - -{{- $dockerAuthsDocuments := dict "auths" $registryAuthMap }} - -apiVersion: v1 -kind: Secret -metadata: - name: {{ include "stackstate-k8s-agent.pull-secret.name" . }} - labels: -{{ include "stackstate-k8s-agent.global.extraLabels" . | indent 4 }} - annotations: -{{ include "stackstate-k8s-agent.global.extraAnnotations" . | indent 4 }} -data: - .dockerconfigjson: {{ $dockerAuthsDocuments | toJson | b64enc | quote }} -type: kubernetes.io/dockerconfigjson diff --git a/charts/stackstate/stackstate-k8s-agent/1.0.88/templates/secret.yaml b/charts/stackstate/stackstate-k8s-agent/1.0.88/templates/secret.yaml deleted file mode 100644 index 5e0f5f74c..000000000 --- a/charts/stackstate/stackstate-k8s-agent/1.0.88/templates/secret.yaml +++ /dev/null @@ -1,27 +0,0 @@ -{{- if not .Values.stackstate.manageOwnSecrets }} -apiVersion: v1 -kind: Secret -metadata: - name: {{ include "stackstate-k8s-agent.fullname" . }} - namespace: {{ .Release.Namespace }} - labels: -{{ include "stackstate-k8s-agent.labels" . | indent 4 }} -{{ include "stackstate-k8s-agent.global.extraLabels" . | indent 4 }} - annotations: -{{ include "stackstate-k8s-agent.global.extraAnnotations" . | indent 4 }} -type: Opaque -data: -{{- if .Values.global.receiverApiKey }} - sts-api-key: {{ .Values.global.receiverApiKey | b64enc | quote }} -{{- else }} - sts-api-key: {{ .Values.stackstate.apiKey | b64enc | quote }} -{{- end }} -{{- if .Values.stackstate.cluster.authToken }} - sts-cluster-auth-token: {{ .Values.stackstate.cluster.authToken | b64enc | quote }} -{{- else }} - sts-cluster-auth-token: {{ randAlphaNum 32 | b64enc | quote }} -{{- end }} -{{- range $key, $value := .Values.global.extraEnv.secret }} - {{ $key }}: {{ $value | b64enc | quote }} -{{- end }} -{{- end }} diff --git a/charts/stackstate/stackstate-k8s-agent/1.0.88/test/clusteragent_resources_test.go b/charts/stackstate/stackstate-k8s-agent/1.0.88/test/clusteragent_resources_test.go deleted file mode 100644 index 25875e871..000000000 --- a/charts/stackstate/stackstate-k8s-agent/1.0.88/test/clusteragent_resources_test.go +++ /dev/null @@ -1,145 +0,0 @@ -package test - -import ( - "regexp" - "strings" - "testing" - - v1 "k8s.io/api/rbac/v1" - - "github.com/stretchr/testify/assert" - "gitlab.com/StackVista/DevOps/helm-charts/helmtestutil" -) - -var requiredRules = []string{ - "events+get,list,watch", - "nodes+get,list,watch", - "pods+get,list,watch", - "services+get,list,watch", - "configmaps+create,get,patch,update", -} - -var optionalRules = []string{ - "namespaces+get,list,watch", - "componentstatuses+get,list,watch", - "configmaps+list,watch", // get is already required - "endpoints+get,list,watch", - "persistentvolumeclaims+get,list,watch", - "persistentvolumes+get,list,watch", - "secrets+get,list,watch", - "apps/daemonsets+get,list,watch", - "apps/deployments+get,list,watch", - "apps/replicasets+get,list,watch", - "apps/statefulsets+get,list,watch", - "extensions/ingresses+get,list,watch", - "batch/cronjobs+get,list,watch", - "batch/jobs+get,list,watch", -} - -var roleDescriptionRegexp = regexp.MustCompile(`^((?P\w+)/)?(?P\w+)\+(?P[\w,]+)`) - -type Rule struct { - Group string - ResourceName string - Verb string -} - -func assertRuleExistence(t *testing.T, rules []v1.PolicyRule, roleDescription string, shouldBePresent bool) { - match := roleDescriptionRegexp.FindStringSubmatch(roleDescription) - assert.NotNil(t, match) - - var roleRules []Rule - for _, rule := range rules { - for _, group := range rule.APIGroups { - for _, resource := range rule.Resources { - for _, verb := range rule.Verbs { - roleRules = append(roleRules, Rule{group, resource, verb}) - } - } - } - } - - resGroup := match[roleDescriptionRegexp.SubexpIndex("group")] - resName := match[roleDescriptionRegexp.SubexpIndex("name")] - verbs := strings.Split(match[roleDescriptionRegexp.SubexpIndex("verbs")], ",") - - for _, verb := range verbs { - requiredRule := Rule{resGroup, resName, verb} - found := false - for _, rule := range roleRules { - if rule == requiredRule { - found = true - break - } - } - if shouldBePresent { - assert.Truef(t, found, "Rule %v has not been found", requiredRule) - } else { - assert.Falsef(t, found, "Rule %v should not be present", requiredRule) - } - } -} - -func TestAllResourcesAreEnabled(t *testing.T) { - output := helmtestutil.RenderHelmTemplate(t, "stackstate-k8s-agent", "values/minimal.yaml") - resources := helmtestutil.NewKubernetesResources(t, output) - - assert.Contains(t, resources.ClusterRoles, "stackstate-k8s-agent") - assert.Contains(t, resources.Roles, "stackstate-k8s-agent") - rules := resources.ClusterRoles["stackstate-k8s-agent"].Rules - rules = append(rules, resources.Roles["stackstate-k8s-agent"].Rules...) - - for _, requiredRole := range requiredRules { - assertRuleExistence(t, rules, requiredRole, true) - } - // be default, everything is enabled, so all the optional roles should be present as well - for _, optionalRule := range optionalRules { - assertRuleExistence(t, rules, optionalRule, true) - } -} - -func TestMostOfResourcesAreDisabled(t *testing.T) { - output := helmtestutil.RenderHelmTemplate(t, "stackstate-k8s-agent", "values/minimal.yaml", "values/disable-all-resource.yaml") - resources := helmtestutil.NewKubernetesResources(t, output) - - assert.Contains(t, resources.ClusterRoles, "stackstate-k8s-agent") - assert.Contains(t, resources.Roles, "stackstate-k8s-agent") - rules := resources.ClusterRoles["stackstate-k8s-agent"].Rules - rules = append(rules, resources.Roles["stackstate-k8s-agent"].Rules...) - - for _, requiredRole := range requiredRules { - assertRuleExistence(t, rules, requiredRole, true) - } - - // we expect all optional resources to be removed from ClusterRole with the given values - for _, optionalRule := range optionalRules { - assertRuleExistence(t, rules, optionalRule, false) - } -} - -func TestNoClusterWideModificationRights(t *testing.T) { - output := helmtestutil.RenderHelmTemplate(t, "stackstate-k8s-agent", "values/minimal.yaml", "values/http-header-injector.yaml") - resources := helmtestutil.NewKubernetesResources(t, output) - assert.Contains(t, resources.ClusterRoles, "stackstate-k8s-agent") - illegalVerbs := []string{"create", "patch", "update", "delete"} - - for _, clusterRole := range resources.ClusterRoles { - for _, rule := range clusterRole.Rules { - for _, verb := range rule.Verbs { - assert.NotContains(t, illegalVerbs, verb, "ClusterRole %s should not have %s verb for %s resource", clusterRole.Name, verb, rule.Resources) - } - } - } -} - -func TestServicePortChange(t *testing.T) { - output := helmtestutil.RenderHelmTemplate(t, "stackstate-k8s-agent", "values/minimal.yaml", "values/clustercheck_service_port_override.yaml") - resources := helmtestutil.NewKubernetesResources(t, output) - - cluster_agent_service := resources.Services["stackstate-k8s-agent-cluster-agent"] - - port := cluster_agent_service.Spec.Ports[0] - assert.Equal(t, port.Name, "clusteragent") - assert.Equal(t, port.Port, int32(8008)) - assert.Equal(t, port.TargetPort.IntVal, int32(9009)) -} diff --git a/charts/stackstate/stackstate-k8s-agent/1.0.88/test/clustername_test.go b/charts/stackstate/stackstate-k8s-agent/1.0.88/test/clustername_test.go deleted file mode 100644 index 55090b995..000000000 --- a/charts/stackstate/stackstate-k8s-agent/1.0.88/test/clustername_test.go +++ /dev/null @@ -1,54 +0,0 @@ -package test - -import ( - "testing" - - "github.com/gruntwork-io/terratest/modules/helm" - "github.com/stretchr/testify/assert" - - "gitlab.com/StackVista/DevOps/helm-charts/helmtestutil" -) - -func TestHelmBasicRender(t *testing.T) { - output := helmtestutil.RenderHelmTemplate(t, "stackstate-k8s-agent", "values/minimal.yaml") - - // Parse all resources into their corresponding types for validation and further inspection - helmtestutil.NewKubernetesResources(t, output) -} - -func TestClusterNameValidation(t *testing.T) { - testCases := []struct { - Name string - ClusterName string - IsValid bool - }{ - {"not allowed end with special character [.]", "name.", false}, - {"not allowed end with special character [-]", "name.", false}, - {"not allowed start with special character [-]", "-name", false}, - {"not allowed start with special character [.]", ".name", false}, - {"upper case is not allowed", "Euwest1-prod.cool-company.com", false}, - {"upper case is not allowed", "euwest1-PROD.cool-company.com", false}, - {"upper case is not allowed", "euwest1-prod.cool-company.coM", false}, - {"dots and dashes are allowed in the middle", "euwest1-prod.cool-company.com", true}, - {"underscore is not allowed", "why_7", false}, - } - - for _, testCase := range testCases { - t.Run(testCase.Name, func(t *testing.T) { - output, err := helmtestutil.RenderHelmTemplateOpts( - t, "cluster-agent", - &helm.Options{ - ValuesFiles: []string{"values/minimal.yaml"}, - SetStrValues: map[string]string{ - "stackstate.cluster.name": testCase.ClusterName, - }, - }) - if testCase.IsValid { - assert.Nil(t, err) - } else { - assert.NotNil(t, err) - assert.Contains(t, output, "stackstate.cluster.name: Does not match pattern") - } - }) - } -} diff --git a/charts/stackstate/stackstate-k8s-agent/1.0.88/test/values/clustercheck_ksm_custom_url.yaml b/charts/stackstate/stackstate-k8s-agent/1.0.88/test/values/clustercheck_ksm_custom_url.yaml deleted file mode 100644 index 57b973eed..000000000 --- a/charts/stackstate/stackstate-k8s-agent/1.0.88/test/values/clustercheck_ksm_custom_url.yaml +++ /dev/null @@ -1,7 +0,0 @@ -checksAgent: - enabled: true - kubeStateMetrics: - url: http://my-custom-ksm-url.monitoring.svc.local:8080/metrics -dependencies: - kubeStateMetrics: - enabled: true diff --git a/charts/stackstate/stackstate-k8s-agent/1.0.88/test/values/clustercheck_ksm_no_override.yaml b/charts/stackstate/stackstate-k8s-agent/1.0.88/test/values/clustercheck_ksm_no_override.yaml deleted file mode 100644 index b6c817d47..000000000 --- a/charts/stackstate/stackstate-k8s-agent/1.0.88/test/values/clustercheck_ksm_no_override.yaml +++ /dev/null @@ -1,5 +0,0 @@ -checksAgent: - enabled: true -dependencies: - kubeStateMetrics: - enabled: true diff --git a/charts/stackstate/stackstate-k8s-agent/1.0.88/test/values/clustercheck_ksm_override.yaml b/charts/stackstate/stackstate-k8s-agent/1.0.88/test/values/clustercheck_ksm_override.yaml deleted file mode 100644 index 9ca201345..000000000 --- a/charts/stackstate/stackstate-k8s-agent/1.0.88/test/values/clustercheck_ksm_override.yaml +++ /dev/null @@ -1,26 +0,0 @@ -checksAgent: - enabled: true -dependencies: - kubeStateMetrics: - enabled: true -agent: - config: - override: -# agent.config.override -- Disables kubernetes_state check on regular agent pods. - - name: auto_conf.yaml - path: /etc/stackstate-agent/conf.d/kubernetes_state.d - data: | -clusterAgent: - config: - override: -# clusterAgent.config.override -- Defines kubernetes_state check for clusterchecks agents. Auto-discovery -# with ad_identifiers does not work here. Use a specific URL instead. - - name: conf.yaml - path: /etc/stackstate-agent/conf.d/kubernetes_state.d - data: | - cluster_check: true - - init_config: - - instances: - - kube_state_url: http://YOUR_KUBE_STATE_METRICS_SERVICE_NAME:8080/metrics diff --git a/charts/stackstate/stackstate-k8s-agent/1.0.88/test/values/clustercheck_no_ksm_custom_url.yaml b/charts/stackstate/stackstate-k8s-agent/1.0.88/test/values/clustercheck_no_ksm_custom_url.yaml deleted file mode 100644 index a62691878..000000000 --- a/charts/stackstate/stackstate-k8s-agent/1.0.88/test/values/clustercheck_no_ksm_custom_url.yaml +++ /dev/null @@ -1,7 +0,0 @@ -checksAgent: - enabled: true - kubeStateMetrics: - url: http://my-custom-ksm-url.monitoring.svc.local:8080/metrics -dependencies: - kubeStateMetrics: - enabled: false diff --git a/charts/stackstate/stackstate-k8s-agent/1.0.88/test/values/clustercheck_service_port_override.yaml b/charts/stackstate/stackstate-k8s-agent/1.0.88/test/values/clustercheck_service_port_override.yaml deleted file mode 100644 index c01a98fcb..000000000 --- a/charts/stackstate/stackstate-k8s-agent/1.0.88/test/values/clustercheck_service_port_override.yaml +++ /dev/null @@ -1,4 +0,0 @@ -clusterAgent: - service: - port: 8008 - targetPort: 9009 diff --git a/charts/stackstate/stackstate-k8s-agent/1.0.88/test/values/disable-all-resource.yaml b/charts/stackstate/stackstate-k8s-agent/1.0.88/test/values/disable-all-resource.yaml deleted file mode 100644 index cd33e843e..000000000 --- a/charts/stackstate/stackstate-k8s-agent/1.0.88/test/values/disable-all-resource.yaml +++ /dev/null @@ -1,17 +0,0 @@ -clusterAgent: - collection: - kubernetesMetrics: false - kubernetesResources: - namespaces: false - configmaps: false - endpoints: false - persistentvolumes: false - persistentvolumeclaims: false - secrets: false - daemonsets: false - deployments: false - replicasets: false - statefulsets: false - ingresses: false - cronjobs: false - jobs: false diff --git a/charts/stackstate/stackstate-k8s-agent/1.0.88/test/values/http-header-injector.yaml b/charts/stackstate/stackstate-k8s-agent/1.0.88/test/values/http-header-injector.yaml deleted file mode 100644 index c9392ce2d..000000000 --- a/charts/stackstate/stackstate-k8s-agent/1.0.88/test/values/http-header-injector.yaml +++ /dev/null @@ -1,8 +0,0 @@ -httpHeaderInjectorWebhook: - webhook: - tls: - mode: "provided" - provided: - caBundle: insert-ca-here - crt: insert-cert-here - key: insert-key-here diff --git a/charts/stackstate/stackstate-k8s-agent/1.0.88/test/values/minimal.yaml b/charts/stackstate/stackstate-k8s-agent/1.0.88/test/values/minimal.yaml deleted file mode 100644 index b310c9a09..000000000 --- a/charts/stackstate/stackstate-k8s-agent/1.0.88/test/values/minimal.yaml +++ /dev/null @@ -1,7 +0,0 @@ -stackstate: - apiKey: foobar - cluster: - name: some-k8s-cluster - token: some-token - - url: https://stackstate:7000/receiver diff --git a/charts/stackstate/stackstate-k8s-agent/1.0.88/values.schema.json b/charts/stackstate/stackstate-k8s-agent/1.0.88/values.schema.json deleted file mode 100644 index 57d36a9f3..000000000 --- a/charts/stackstate/stackstate-k8s-agent/1.0.88/values.schema.json +++ /dev/null @@ -1,78 +0,0 @@ -{ - "$schema": "https://json-schema.org/draft/2019-09/schema", - "$id": "https://stackstate.io/example.json", - "type": "object", - "default": {}, - "title": "StackState Agent Helm chart values", - "required": [ - "stackstate", - "clusterAgent" - ], - "properties": { - "stackstate": { - "type": "object", - "required": [ - "cluster", - "url" - ], - "properties": { - "apiKey": { - "type": "string" - }, - "cluster": { - "type": "object", - "required": ["name"], - "properties": { - "name": { - "type": "string", - "pattern": "^[a-z0-9]([a-z0-9\\-\\.]*[a-z0-9])$" - }, - "authToken": { - "type": "string" - } - } - }, - "url": { - "type": "string" - } - } - }, - "clusterAgent": { - "type": "object", - "required": [ - "config" - ], - "properties": { - "config": { - "type": "object", - "required": [ - "events" - ], - "properties": { - "events": { - "type": "object", - "properties": { - "categories": { - "type": "object", - "patternProperties": { - ".*": { - "type": [ - "string" - ], - "enum": [ - "Alerts", - "Activities", - "Changes", - "Others" - ] - } - } - } - } - } - } - } - } - } - } -} diff --git a/charts/stackstate/stackstate-k8s-agent/1.0.88/values.yaml b/charts/stackstate/stackstate-k8s-agent/1.0.88/values.yaml deleted file mode 100644 index f71ba2e33..000000000 --- a/charts/stackstate/stackstate-k8s-agent/1.0.88/values.yaml +++ /dev/null @@ -1,616 +0,0 @@ -##################### -# General variables # -##################### - -global: - extraEnv: - # global.extraEnv.open -- Extra open environment variables to inject into pods. - open: {} - # global.extraEnv.secret -- Extra secret environment variables to inject into pods via a `Secret` object. - secret: {} - # global.imagePullSecrets -- Secrets / credentials needed for container image registry. - imagePullSecrets: [] - # global.imagePullCredentials -- Globally define credentials for pulling images. - imagePullCredentials: {} - proxy: - # global.proxy.url -- Proxy for all traffic to stackstate - url: "" - # global.skipSslValidation -- Enable tls validation from client - skipSslValidation: false - - # global.extraLabels -- Extra labels added ta all resources created by the helm chart - extraLabels: {} - # global.extraAnnotations -- Extra annotations added ta all resources created by the helm chart - extraAnnotations: {} - -# nameOverride -- Override the name of the chart. -nameOverride: "" -# fullnameOverride -- Override the fullname of the chart. -fullnameOverride: "" - -# targetSystem -- Target OS for this deployment (possible values: linux) -targetSystem: "linux" - -all: - image: - # all.image.registry -- The image registry to use. - registry: "quay.io" - hardening: - # all.hardening.enabled -- An indication of whether the containers will be evaluated for hardening at runtime - enabled: false - -nodeAgent: - # nodeAgent.autoScalingEnabled -- Enable / disable autoscaling for the node agent pods. - autoScalingEnabled: false - containerRuntime: - # nodeAgent.containerRuntime.customSocketPath -- If the container socket path does not match the default for CRI-O, Containerd or Docker, supply a custom socket path. - customSocketPath: "" - # nodeAgent.containerRuntime.customHostProc -- If the container is launched from a place where /proc is mounted differently, /proc can be changed - hostProc: /proc - - scc: - # nodeAgent.scc.enabled -- Enable / disable the installation of the SecurityContextConfiguration needed for installation on OpenShift. - enabled: false - apm: - # nodeAgent.apm.enabled -- Enable / disable the nodeAgent APM module. - enabled: true - networkTracing: - # nodeAgent.networkTracing.enabled -- Enable / disable the nodeAgent network tracing module. - enabled: true - protocolInspection: - # nodeAgent.protocolInspection.enabled -- Enable / disable the nodeAgent protocol inspection. - enabled: true - httpTracing: - enabled: true - # nodeAgent.skipSslValidation -- Set to true if self signed certificates are used. - skipSslValidation: false - # nodeAgent.skipKubeletTLSVerify -- Set to true if you want to skip kubelet tls verification. - skipKubeletTLSVerify: false - - # nodeAgent.checksTagCardinality -- low, orchestrator or high. Orchestrator level adds pod_name, high adds display_container_name - checksTagCardinality: orchestrator - - # nodeAgent.config -- - config: - # nodeAgent.config.override -- A list of objects containing three keys `name`, `path` and `data`, specifying filenames at specific paths which need to be (potentially) overridden using a mounted configmap - override: [] - - # nodeAgent.priorityClassName -- Priority class for nodeAgent pods. - priorityClassName: "" - - scaling: - autoscalerLimits: - agent: - minimum: - # nodeAgent.scaling.autoscalerLimits.agent.minimum.cpu -- Minimum CPU resource limits for main agent. - cpu: "20m" - # nodeAgent.scaling.autoscalerLimits.agent.minimum.memory -- Minimum memory resource limits for main agent. - memory: "180Mi" - maximum: - # nodeAgent.scaling.autoscalerLimits.agent.maximum.cpu -- Maximum CPU resource limits for main agent. - cpu: "200m" - # nodeAgent.scaling.autoscalerLimits.agent.maximum.memory -- Maximum memory resource limits for main agent. - memory: "450Mi" - processAgent: - minimum: - # nodeAgent.scaling.autoscalerLimits.processAgent.minimum.cpu -- Minimum CPU resource limits for process agent. - cpu: "25m" - # nodeAgent.scaling.autoscalerLimits.processAgent.minimum.memory -- Minimum memory resource limits for process agent. - memory: "100Mi" - maximum: - # nodeAgent.scaling.autoscalerLimits.processAgent.maximum.cpu -- Maximum CPU resource limits for process agent. - cpu: "200m" - # nodeAgent.scaling.autoscalerLimits.processAgent.maximum.memory -- Maximum memory resource limits for process agent. - memory: "500Mi" - - containers: - agent: - image: - # nodeAgent.containers.agent.image.repository -- Base container image repository. - repository: stackstate/stackstate-k8s-agent - # nodeAgent.containers.agent.image.tag -- Default container image tag. - tag: "6e5ef78f" - # nodeAgent.containers.agent.image.pullPolicy -- Default container image pull policy. - pullPolicy: IfNotPresent - processAgent: - # nodeAgent.containers.agent.processAgent.enabled -- Enable / disable the agent process agent module. - deprecated - enabled: false - # nodeAgent.containers.agent.env -- Additional environment variables for the agent container - env: {} - # nodeAgent.containers.agent.logLevel -- Set logging verbosity, valid log levels are: trace, debug, info, warn, error, critical, and off - ## If not set, fall back to the value of agent.logLevel. - logLevel: # INFO - - resources: - limits: - # nodeAgent.containers.agent.resources.limits.cpu -- CPU resource limits. - cpu: "270m" - # nodeAgent.containers.agent.resources.limits.cpu -- Memory resource limits. - memory: "420Mi" - requests: - # nodeAgent.containers.agent.resources.requests.cpu -- CPU resource requests. - cpu: "20m" - # nodeAgent.containers.agent.resources.requests.cpu -- Memory resource requests. - memory: "180Mi" - livenessProbe: - # nodeAgent.containers.agent.livenessProbe.enabled -- Enable use of livenessProbe check. - enabled: true - # nodeAgent.containers.agent.livenessProbe.failureThreshold -- `failureThreshold` for the liveness probe. - failureThreshold: 3 - # nodeAgent.containers.agent.livenessProbe.initialDelaySeconds -- `initialDelaySeconds` for the liveness probe. - initialDelaySeconds: 15 - # nodeAgent.containers.agent.livenessProbe.periodSeconds -- `periodSeconds` for the liveness probe. - periodSeconds: 15 - # nodeAgent.containers.agent.livenessProbe.successThreshold -- `successThreshold` for the liveness probe. - successThreshold: 1 - # nodeAgent.containers.agent.livenessProbe.timeoutSeconds -- `timeoutSeconds` for the liveness probe. - timeoutSeconds: 5 - readinessProbe: - # nodeAgent.containers.agent.readinessProbe.enabled -- Enable use of readinessProbe check. - enabled: true - # nodeAgent.containers.agent.readinessProbe.failureThreshold -- `failureThreshold` for the readiness probe. - failureThreshold: 3 - # nodeAgent.containers.agent.readinessProbe.initialDelaySeconds -- `initialDelaySeconds` for the readiness probe. - initialDelaySeconds: 15 - # nodeAgent.containers.agent.readinessProbe.periodSeconds -- `periodSeconds` for the readiness probe. - periodSeconds: 15 - # nodeAgent.containers.agent.readinessProbe.successThreshold -- `successThreshold` for the readiness probe. - successThreshold: 1 - # nodeAgent.containers.agent.readinessProbe.timeoutSeconds -- `timeoutSeconds` for the readiness probe. - timeoutSeconds: 5 - - processAgent: - # nodeAgent.containers.processAgent.enabled -- Enable / disable the process agent container. - enabled: true - image: - # Override to pull the image from an alternate registry - registry: - # nodeAgent.containers.processAgent.image.repository -- Process-agent container image repository. - repository: stackstate/stackstate-k8s-process-agent - # nodeAgent.containers.processAgent.image.tag -- Default process-agent container image tag. - tag: "22891642" - # nodeAgent.containers.processAgent.image.pullPolicy -- Process-agent container image pull policy. - pullPolicy: IfNotPresent - # nodeAgent.containers.processAgent.env -- Additional environment variables for the process-agent container - env: {} - # nodeAgent.containers.processAgent.logLevel -- Set logging verbosity, valid log levels are: trace, debug, info, warn, error, critical, and off - ## If not set, fall back to the value of agent.logLevel. - logLevel: # INFO - - # nodeAgent.containers.processAgent.procVolumeReadOnly -- Configure whether /host/proc is read only for the process agent container - procVolumeReadOnly: true - - resources: - limits: - # nodeAgent.containers.processAgent.resources.limits.cpu -- CPU resource limits. - cpu: "125m" - # nodeAgent.containers.processAgent.resources.limits.cpu -- Memory resource limits. - memory: "400Mi" - requests: - # nodeAgent.containers.processAgent.resources.requests.cpu -- CPU resource requests. - cpu: "25m" - # nodeAgent.containers.processAgent.resources.requests.cpu -- Memory resource requests. - memory: "128Mi" - # nodeAgent.service -- The Kubernetes service for the agent - service: - # nodeAgent.service.type -- Type of Kubernetes service: ClusterIP, LoadBalancer, NodePort - type: ClusterIP - # nodeAgent.service.annotations -- Annotations for the service - annotations: {} - # nodeAgent.service.loadBalancerSourceRanges -- The IP4 CIDR allowed to reach LoadBalancer for the service. For LoadBalancer type of service only. - loadBalancerSourceRanges: ["10.0.0.0/8"] - - # nodeAgent.logLevel -- Logging level for agent processes. - logLevel: INFO - - # nodeAgent.updateStrategy -- The update strategy for the DaemonSet object. - updateStrategy: - type: RollingUpdate - rollingUpdate: - maxUnavailable: 100 - - # nodeAgent.nodeSelector -- Node labels for pod assignment. - nodeSelector: {} - - # nodeAgent.tolerations -- Toleration labels for pod assignment. - tolerations: [] - - # nodeAgent.affinity -- Affinity settings for pod assignment. - affinity: {} - - serviceaccount: - # nodeAgent.serviceaccount.annotations -- Annotations for the service account for the agent daemonset pods - annotations: {} - -processAgent: - softMemoryLimit: - # processAgent.softMemoryLimit.goMemLimit -- Soft-limit for golang heap allocation, for sanity, must be around 85% of nodeAgent.containers.processAgent.resources.limits.cpu. - goMemLimit: 340MiB - # processAgent.softMemoryLimit.httpStatsBufferSize -- Sets a maximum for the number of http stats to keep in memory between check runs, to use 40k requires around ~400Mib of memory. - httpStatsBufferSize: 40000 - # processAgent.softMemoryLimit.httpObservationsBufferSize -- Sets a maximum for the number of http observations to keep in memory between check runs, to use 40k requires around ~400Mib of memory. - httpObservationsBufferSize: 40000 - - checkIntervals: - # processAgent.checkIntervals.container -- Override the default value of the container check interval in seconds. - container: 28 - # processAgent.checkIntervals.connections -- Override the default value of the connections check interval in seconds. - connections: 30 - # processAgent.checkIntervals.process -- Override the default value of the process check interval in seconds. - process: 32 - -clusterAgent: - collection: - # clusterAgent.collection.kubernetesEvents -- Enable / disable the cluster agent events collection. - kubernetesEvents: true - # clusterAgent.collection.kubernetesMetrics -- Enable / disable the cluster agent metrics collection. - kubernetesMetrics: true - # clusterAgent.collection.kubernetesTimeout -- Default timeout (in seconds) when obtaining information from the Kubernetes API. - kubernetesTimeout: 10 - # clusterAgent.collection.kubernetesTopology -- Enable / disable the cluster agent topology collection. - kubernetesTopology: true - kubeStateMetrics: - # clusterAgent.collection.kubeStateMetrics.enabled -- Enable / disable the cluster agent kube-state-metrics collection. - enabled: true - # clusterAgent.collection.kubeStateMetrics.clusterCheck -- For large clusters where the Kubernetes State Metrics Check Core needs to be distributed on dedicated workers. - clusterCheck: false - # clusterAgent.collection.kubeStateMetrics.labelsAsTags -- Extra labels to collect from resources and to turn into StackState tag. - ## It has the following structure: - ## labelsAsTags: - ## : # can be pod, deployment, node, etc. - ## : # where is the kubernetes label and is the StackState tag - ## : - ## : - ## : - ## - ## Warning: the label must match the transformation done by kube-state-metrics, - ## for example tags.stackstate/version becomes tags_stackstate_version. - labelsAsTags: {} - # pod: - # app: app - # node: - # zone: zone - # team: team - - # clusterAgent.collection.kubeStateMetrics.annotationsAsTags -- Extra annotations to collect from resources and to turn into StackState tag. - - ## It has the following structure: - ## annotationsAsTags: - ## : # can be pod, deployment, node, etc. - ## : # where is the kubernetes annotation and is the StackState tag - ## : - ## : - ## : - ## - ## Warning: the annotation must match the transformation done by kube-state-metrics, - ## for example tags.stackstate/version becomes tags_stackstate_version. - annotationsAsTags: {} - kubernetesResources: - # clusterAgent.collection.kubernetesResources.limitranges -- Enable / disable collection of LimitRanges. - limitranges: true - # clusterAgent.collection.kubernetesResources.horizontalpodautoscalers -- Enable / disable collection of HorizontalPodAutoscalers. - horizontalpodautoscalers: true - # clusterAgent.collection.kubernetesResources.replicationcontrollers -- Enable / disable collection of ReplicationControllers. - replicationcontrollers: true - # clusterAgent.collection.kubernetesResources.poddisruptionbudgets -- Enable / disable collection of PodDisruptionBudgets. - poddisruptionbudgets: true - # clusterAgent.collection.kubernetesResources.storageclasses -- Enable / disable collection of StorageClasses. - storageclasses: true - # clusterAgent.collection.kubernetesResources.volumeattachments -- Enable / disable collection of Volume Attachments. Used to bind Nodes to Persistent Volumes. - volumeattachments: true - # clusterAgent.collection.kubernetesResources.namespaces -- Enable / disable collection of Namespaces. - namespaces: true - # clusterAgent.collection.kubernetesResources.configmaps -- Enable / disable collection of ConfigMaps. - configmaps: true - # clusterAgent.collection.kubernetesResources.endpoints -- Enable / disable collection of Endpoints. If endpoints are disabled then StackState won't be able to connect a Service to Pods that serving it - endpoints: true - # clusterAgent.collection.kubernetesResources.persistentvolumes -- Enable / disable collection of PersistentVolumes. - persistentvolumes: true - # clusterAgent.collection.kubernetesResources.persistentvolumeclaims -- Enable / disable collection of PersistentVolumeClaims. Disabling these will not let StackState connect PersistentVolumes to pods they are attached to - persistentvolumeclaims: true - # clusterAgent.collection.kubernetesResources.secrets -- Enable / disable collection of Secrets. - secrets: true - # clusterAgent.collection.kubernetesResources.daemonsets -- Enable / disable collection of DaemonSets. - daemonsets: true - # clusterAgent.collection.kubernetesResources.deployments -- Enable / disable collection of Deployments. - deployments: true - # clusterAgent.collection.kubernetesResources.replicasets -- Enable / disable collection of ReplicaSets. - replicasets: true - # clusterAgent.collection.kubernetesResources.statefulsets -- Enable / disable collection of StatefulSets. - statefulsets: true - # clusterAgent.collection.kubernetesResources.ingresses -- Enable / disable collection of Ingresses. - ingresses: true - # clusterAgent.collection.kubernetesResources.cronjobs -- Enable / disable collection of CronJobs. - cronjobs: true - # clusterAgent.collection.kubernetesResources.jobs -- Enable / disable collection of Jobs. - jobs: true - # clusterAgent.collection.kubernetesResources.resourcequotas -- Enable / disable collection of ResourceQuotas. - resourcequotas: true - - # clusterAgent.config -- - config: - events: - # clusterAgent.config.events.categories -- Custom mapping from Kubernetes event reason to StackState event category. Categories allowed: Alerts, Activities, Changes, Others - categories: {} - topology: - # clusterAgent.config.topology.collectionInterval -- Interval for running topology collection, in seconds - collectionInterval: 90 - configMap: - # clusterAgent.config.configMap.maxDataSize -- Maximum amount of characters for the data property of a ConfigMap collected by the kubernetes topology check - maxDataSize: - # clusterAgent.config.override -- A list of objects containing three keys `name`, `path` and `data`, specifying filenames at specific paths which need to be (potentially) overridden using a mounted configmap - override: [] - - service: - # clusterAgent.service.port -- Change the Cluster Agent service port - port: 5005 - # clusterAgent.service.targetPort -- Change the Cluster Agent service targetPort - targetPort: 5005 - - # clusterAgent.enabled -- Enable / disable the cluster agent. - enabled: true - - # clusterAgent.skipSslValidation -- If true, ignores the server certificate being signed by an unknown authority. - skipSslValidation: false - - image: - # clusterAgent.image.repository -- Base container image repository. - repository: stackstate/stackstate-k8s-cluster-agent - # clusterAgent.image.tag -- Default container image tag. - tag: "6e5ef78f" - # clusterAgent.image.pullPolicy -- Default container image pull policy. - pullPolicy: IfNotPresent - - livenessProbe: - # clusterAgent.livenessProbe.enabled -- Enable use of livenessProbe check. - enabled: true - # clusterAgent.livenessProbe.failureThreshold -- `failureThreshold` for the liveness probe. - failureThreshold: 3 - # clusterAgent.livenessProbe.initialDelaySeconds -- `initialDelaySeconds` for the liveness probe. - initialDelaySeconds: 15 - # clusterAgent.livenessProbe.periodSeconds -- `periodSeconds` for the liveness probe. - periodSeconds: 15 - # clusterAgent.livenessProbe.successThreshold -- `successThreshold` for the liveness probe. - successThreshold: 1 - # clusterAgent.livenessProbe.timeoutSeconds -- `timeoutSeconds` for the liveness probe. - timeoutSeconds: 5 - - # clusterAgent.logLevel -- Logging level for stackstate-k8s-agent processes. - logLevel: INFO - - # clusterAgent.priorityClassName -- Priority class for stackstate-k8s-agent pods. - priorityClassName: "" - - readinessProbe: - # clusterAgent.readinessProbe.enabled -- Enable use of readinessProbe check. - enabled: true - # clusterAgent.readinessProbe.failureThreshold -- `failureThreshold` for the readiness probe. - failureThreshold: 3 - # clusterAgent.readinessProbe.initialDelaySeconds -- `initialDelaySeconds` for the readiness probe. - initialDelaySeconds: 15 - # clusterAgent.readinessProbe.periodSeconds -- `periodSeconds` for the readiness probe. - periodSeconds: 15 - # clusterAgent.readinessProbe.successThreshold -- `successThreshold` for the readiness probe. - successThreshold: 1 - # clusterAgent.readinessProbe.timeoutSeconds -- `timeoutSeconds` for the readiness probe. - timeoutSeconds: 5 - - # clusterAgent.replicaCount -- Number of replicas of the cluster agent to deploy. - replicaCount: 1 - - serviceaccount: - # clusterAgent.serviceaccount.annotations -- Annotations for the service account for the cluster agent pods - annotations: {} - - # clusterAgent.strategy -- The strategy for the Deployment object. - strategy: - type: RollingUpdate - # rollingUpdate: - # maxUnavailable: 1 - - resources: - limits: - # clusterAgent.resources.limits.cpu -- CPU resource limits. - cpu: "400m" - # clusterAgent.resources.limits.memory -- Memory resource limits. - memory: "800Mi" - requests: - # clusterAgent.resources.requests.cpu -- CPU resource requests. - cpu: "70m" - # clusterAgent.resources.requests.memory -- Memory resource requests. - memory: "512Mi" - - # clusterAgent.nodeSelector -- Node labels for pod assignment. - nodeSelector: {} - - # clusterAgent.tolerations -- Toleration labels for pod assignment. - tolerations: [] - - # clusterAgent.affinity -- Affinity settings for pod assignment. - affinity: {} - -openShiftLogging: - # openShiftLogging.installSecret -- Install a secret for logging on openshift - installSecret: false - -logsAgent: - # logsAgent.enabled -- Enable / disable k8s pod log collection - enabled: true - - # logsAgent.skipSslValidation -- If true, ignores the server certificate being signed by an unknown authority. - skipSslValidation: false - - # logsAgent.priorityClassName -- Priority class for logsAgent pods. - priorityClassName: "" - - image: - # logsAgent.image.repository -- Base container image repository. - repository: stackstate/promtail - # logsAgent.image.tag -- Default container image tag. - tag: 2.9.8-5b179aee - # logsAgent.image.pullPolicy -- Default container image pull policy. - pullPolicy: IfNotPresent - - resources: - limits: - # logsAgent.resources.limits.cpu -- CPU resource limits. - cpu: "1300m" - # logsAgent.resources.limits.cpu -- Memory resource limits. - memory: "192Mi" - requests: - # logsAgent.resources.requests.cpu -- CPU resource requests. - cpu: "20m" - # logsAgent.resources.requests.cpu -- Memory resource requests. - memory: "100Mi" - - # logsAgent.updateStrategy -- The update strategy for the DaemonSet object. - updateStrategy: - type: RollingUpdate - rollingUpdate: - maxUnavailable: 100 - - # logsAgent.nodeSelector -- Node labels for pod assignment. - nodeSelector: {} - - # logsAgent.tolerations -- Toleration labels for pod assignment. - tolerations: [] - - # logsAgent.affinity -- Affinity settings for pod assignment. - affinity: {} - - serviceaccount: - # logsAgent.serviceaccount.annotations -- Annotations for the service account for the daemonset pods - annotations: {} - -checksAgent: - # checksAgent.enabled -- Enable / disable runnning cluster checks in a separately deployed pod - enabled: true - scc: - # checksAgent.scc.enabled -- Enable / disable the installation of the SecurityContextConfiguration needed for installation on OpenShift - enabled: false - apm: - # checksAgent.apm.enabled -- Enable / disable the agent APM module. - enabled: true - networkTracing: - # checksAgent.networkTracing.enabled -- Enable / disable the agent network tracing module. - enabled: true - processAgent: - # checksAgent.processAgent.enabled -- Enable / disable the agent process agent module. - enabled: true - # checksAgent.skipSslValidation -- Set to true if self signed certificates are used. - skipSslValidation: false - - # nodeAgent.checksTagCardinality -- low, orchestrator or high. Orchestrator level adds pod_name, high adds display_container_name - checksTagCardinality: orchestrator - - # checksAgent.config -- - config: - # checksAgent.config.override -- A list of objects containing three keys `name`, `path` and `data`, specifying filenames at specific paths which need to be (potentially) overridden using a mounted configmap - override: [] - - image: - # checksAgent.image.repository -- Base container image repository. - repository: stackstate/stackstate-k8s-agent - # checksAgent.image.tag -- Default container image tag. - tag: "6e5ef78f" - # checksAgent.image.pullPolicy -- Default container image pull policy. - pullPolicy: IfNotPresent - - livenessProbe: - # checksAgent.livenessProbe.enabled -- Enable use of livenessProbe check. - enabled: true - # checksAgent.livenessProbe.failureThreshold -- `failureThreshold` for the liveness probe. - failureThreshold: 3 - # checksAgent.livenessProbe.initialDelaySeconds -- `initialDelaySeconds` for the liveness probe. - initialDelaySeconds: 15 - # checksAgent.livenessProbe.periodSeconds -- `periodSeconds` for the liveness probe. - periodSeconds: 15 - # checksAgent.livenessProbe.successThreshold -- `successThreshold` for the liveness probe. - successThreshold: 1 - # checksAgent.livenessProbe.timeoutSeconds -- `timeoutSeconds` for the liveness probe. - timeoutSeconds: 5 - - # checksAgent.logLevel -- Logging level for clusterchecks agent processes. - logLevel: INFO - - # checksAgent.priorityClassName -- Priority class for clusterchecks agent pods. - priorityClassName: "" - - readinessProbe: - # checksAgent.readinessProbe.enabled -- Enable use of readinessProbe check. - enabled: true - # checksAgent.readinessProbe.failureThreshold -- `failureThreshold` for the readiness probe. - failureThreshold: 3 - # checksAgent.readinessProbe.initialDelaySeconds -- `initialDelaySeconds` for the readiness probe. - initialDelaySeconds: 15 - # checksAgent.readinessProbe.periodSeconds -- `periodSeconds` for the readiness probe. - periodSeconds: 15 - # checksAgent.readinessProbe.successThreshold -- `successThreshold` for the readiness probe. - successThreshold: 1 - # checksAgent.readinessProbe.timeoutSeconds -- `timeoutSeconds` for the readiness probe. - timeoutSeconds: 5 - - # checksAgent.replicas -- Number of clusterchecks agent pods to schedule - replicas: 1 - - resources: - limits: - # checksAgent.resources.limits.cpu -- CPU resource limits. - cpu: "400m" - # checksAgent.resources.limits.cpu -- Memory resource limits. - memory: "600Mi" - requests: - # checksAgent.resources.requests.cpu -- CPU resource requests. - cpu: "20m" - # checksAgent.resources.requests.cpu -- Memory resource requests. - memory: "512Mi" - - serviceaccount: - # checksAgent.serviceaccount.annotations -- Annotations for the service account for the cluster checks pods - annotations: {} - - # checksAgent.strategy -- The strategy for the Deployment object. - strategy: - type: RollingUpdate - # rollingUpdate: - # maxUnavailable: 1 - - # checksAgent.nodeSelector -- Node labels for pod assignment. - nodeSelector: {} - - # checksAgent.tolerations -- Toleration labels for pod assignment. - tolerations: [] - - # checksAgent.affinity -- Affinity settings for pod assignment. - affinity: {} - -################################## -# http-header-injector variables # -################################## - -httpHeaderInjectorWebhook: - # httpHeaderInjectorWebhook.enabled -- Enable the webhook for injection http header injection sidecar proxy - enabled: false - -######################## -# StackState variables # -######################## - -stackstate: - # stackstate.manageOwnSecrets -- Set to true if you don't want this helm chart to create secrets for you. - manageOwnSecrets: false - # stackstate.customSecretName -- Name of the secret containing the receiver API key. - customSecretName: "" - # stackstate.customApiKeySecretKey -- Key in the secret containing the receiver API key. - customApiKeySecretKey: "sts-api-key" - # stackstate.customClusterAuthTokenSecretKey -- Key in the secret containing the cluster auth token. - customClusterAuthTokenSecretKey: "sts-cluster-auth-token" - # stackstate.apiKey -- (string) **PROVIDE YOUR API KEY HERE** API key to be used by the StackState agent. - apiKey: - cluster: - # stackstate.cluster.name -- (string) **PROVIDE KUBERNETES CLUSTER NAME HERE** Name of the Kubernetes cluster where the agent will be installed. - name: - # stackstate.cluster.authToken -- Provide a token to enable secure communication between the agent and the cluster agent. - authToken: "" - # stackstate.url -- (string) **PROVIDE STACKSTATE URL HERE** URL of the StackState installation to receive data from the agent. - url: diff --git a/charts/stackstate/stackstate-k8s-agent/1.0.89/.helmignore b/charts/stackstate/stackstate-k8s-agent/1.0.89/.helmignore deleted file mode 100644 index 15a5c1277..000000000 --- a/charts/stackstate/stackstate-k8s-agent/1.0.89/.helmignore +++ /dev/null @@ -1,26 +0,0 @@ -# Patterns to ignore when building packages. -# This supports shell glob matching, relative path matching, and -# negation (prefixed with !). Only one pattern per line. -.DS_Store -# Common VCS dirs -.git/ -.gitignore -.bzr/ -.bzrignore -.hg/ -.hgignore -.svn/ -# Common backup files -*.swp -*.bak -*.tmp -*~ -# Various IDEs -.project -.idea/ -*.tmproj -.vscode/ -linter_values.yaml -ci/ -installation/ -logo.svg diff --git a/charts/stackstate/stackstate-k8s-agent/1.0.89/Chart.lock b/charts/stackstate/stackstate-k8s-agent/1.0.89/Chart.lock deleted file mode 100644 index a8df83f13..000000000 --- a/charts/stackstate/stackstate-k8s-agent/1.0.89/Chart.lock +++ /dev/null @@ -1,6 +0,0 @@ -dependencies: -- name: http-header-injector - repository: https://helm.stackstate.io - version: 0.0.11 -digest: sha256:ae5ad7c3176f89b71aabef7cd75f99394750f4fffb9905b86fb45c345595c24c -generated: "2024-05-30T13:30:45.346757+02:00" diff --git a/charts/stackstate/stackstate-k8s-agent/1.0.89/Chart.yaml b/charts/stackstate/stackstate-k8s-agent/1.0.89/Chart.yaml deleted file mode 100644 index abf4ce139..000000000 --- a/charts/stackstate/stackstate-k8s-agent/1.0.89/Chart.yaml +++ /dev/null @@ -1,26 +0,0 @@ -annotations: - catalog.cattle.io/certified: partner - catalog.cattle.io/display-name: StackState Agent - catalog.cattle.io/kube-version: '>=1.19.0-0' - catalog.cattle.io/release-name: stackstate-k8s-agent -apiVersion: v2 -appVersion: 3.0.0 -dependencies: -- alias: httpHeaderInjectorWebhook - name: http-header-injector - repository: file://./charts/http-header-injector - version: 0.0.11 -deprecated: true -description: Helm chart for the StackState Agent. -home: https://github.com/StackVista/stackstate-agent -icon: file://assets/icons/stackstate-k8s-agent.svg -keywords: -- monitoring -- observability -- stackstate -kubeVersion: '>=1.19.0-0' -maintainers: -- email: ops@stackstate.com - name: Stackstate -name: stackstate-k8s-agent -version: 1.0.89 diff --git a/charts/stackstate/stackstate-k8s-agent/1.0.89/README.md b/charts/stackstate/stackstate-k8s-agent/1.0.89/README.md deleted file mode 100644 index c54026b59..000000000 --- a/charts/stackstate/stackstate-k8s-agent/1.0.89/README.md +++ /dev/null @@ -1,263 +0,0 @@ -# stackstate-k8s-agent - -Helm chart for the StackState Agent. - -Current chart version is `1.0.89` - -**Homepage:** - -## Requirements - -| Repository | Name | Version | -|------------|------|---------| -| https://helm.stackstate.io | httpHeaderInjectorWebhook(http-header-injector) | 0.0.11 | - -## Required Values - -In order to successfully install this chart, you **must** provide the following variables: - -* `stackstate.apiKey` -* `stackstate.cluster.name` -* `stackstate.url` - -The parameter `stackstate.cluster.name` is entered when installing the Cluster Agent StackPack. - -Install them on the command line on Helm with the following command: - -```shell -helm install \ ---set-string 'stackstate.apiKey'='' \ ---set-string 'stackstate.cluster.name'='' \ ---set-string 'stackstate.url'='' \ -stackstate/stackstate-k8s-agent -``` - -## Recommended Values - -It is also recommended that you set a value for `stackstate.cluster.authToken`. If it is not provided, a value will be generated for you, but the value will change each time an upgrade is performed. - -The command for **also** installing with a set token would be: - -```shell -helm install \ ---set-string 'stackstate.apiKey'='' \ ---set-string 'stackstate.cluster.name'='' \ ---set-string 'stackstate.cluster.authToken'='' \ ---set-string 'stackstate.url'='' \ -stackstate/stackstate-k8s-agent -``` - -## Values - -| Key | Type | Default | Description | -|-----|------|---------|-------------| -| all.hardening.enabled | bool | `false` | An indication of whether the containers will be evaluated for hardening at runtime | -| all.image.registry | string | `"quay.io"` | The image registry to use. | -| checksAgent.affinity | object | `{}` | Affinity settings for pod assignment. | -| checksAgent.apm.enabled | bool | `true` | Enable / disable the agent APM module. | -| checksAgent.checksTagCardinality | string | `"orchestrator"` | | -| checksAgent.config | object | `{"override":[]}` | | -| checksAgent.config.override | list | `[]` | A list of objects containing three keys `name`, `path` and `data`, specifying filenames at specific paths which need to be (potentially) overridden using a mounted configmap | -| checksAgent.enabled | bool | `true` | Enable / disable runnning cluster checks in a separately deployed pod | -| checksAgent.image.pullPolicy | string | `"IfNotPresent"` | Default container image pull policy. | -| checksAgent.image.repository | string | `"stackstate/stackstate-k8s-agent"` | Base container image repository. | -| checksAgent.image.tag | string | `"1e287e80"` | Default container image tag. | -| checksAgent.livenessProbe.enabled | bool | `true` | Enable use of livenessProbe check. | -| checksAgent.livenessProbe.failureThreshold | int | `3` | `failureThreshold` for the liveness probe. | -| checksAgent.livenessProbe.initialDelaySeconds | int | `15` | `initialDelaySeconds` for the liveness probe. | -| checksAgent.livenessProbe.periodSeconds | int | `15` | `periodSeconds` for the liveness probe. | -| checksAgent.livenessProbe.successThreshold | int | `1` | `successThreshold` for the liveness probe. | -| checksAgent.livenessProbe.timeoutSeconds | int | `5` | `timeoutSeconds` for the liveness probe. | -| checksAgent.logLevel | string | `"INFO"` | Logging level for clusterchecks agent processes. | -| checksAgent.networkTracing.enabled | bool | `true` | Enable / disable the agent network tracing module. | -| checksAgent.nodeSelector | object | `{}` | Node labels for pod assignment. | -| checksAgent.priorityClassName | string | `""` | Priority class for clusterchecks agent pods. | -| checksAgent.processAgent.enabled | bool | `true` | Enable / disable the agent process agent module. | -| checksAgent.readinessProbe.enabled | bool | `true` | Enable use of readinessProbe check. | -| checksAgent.readinessProbe.failureThreshold | int | `3` | `failureThreshold` for the readiness probe. | -| checksAgent.readinessProbe.initialDelaySeconds | int | `15` | `initialDelaySeconds` for the readiness probe. | -| checksAgent.readinessProbe.periodSeconds | int | `15` | `periodSeconds` for the readiness probe. | -| checksAgent.readinessProbe.successThreshold | int | `1` | `successThreshold` for the readiness probe. | -| checksAgent.readinessProbe.timeoutSeconds | int | `5` | `timeoutSeconds` for the readiness probe. | -| checksAgent.replicas | int | `1` | Number of clusterchecks agent pods to schedule | -| checksAgent.resources.limits.cpu | string | `"400m"` | Memory resource limits. | -| checksAgent.resources.limits.memory | string | `"600Mi"` | | -| checksAgent.resources.requests.cpu | string | `"20m"` | Memory resource requests. | -| checksAgent.resources.requests.memory | string | `"512Mi"` | | -| checksAgent.scc.enabled | bool | `false` | Enable / disable the installation of the SecurityContextConfiguration needed for installation on OpenShift | -| checksAgent.serviceaccount.annotations | object | `{}` | Annotations for the service account for the cluster checks pods | -| checksAgent.skipSslValidation | bool | `false` | Set to true if self signed certificates are used. | -| checksAgent.strategy | object | `{"type":"RollingUpdate"}` | The strategy for the Deployment object. | -| checksAgent.tolerations | list | `[]` | Toleration labels for pod assignment. | -| clusterAgent.affinity | object | `{}` | Affinity settings for pod assignment. | -| clusterAgent.collection.kubeStateMetrics.annotationsAsTags | object | `{}` | Extra annotations to collect from resources and to turn into StackState tag. | -| clusterAgent.collection.kubeStateMetrics.clusterCheck | bool | `false` | For large clusters where the Kubernetes State Metrics Check Core needs to be distributed on dedicated workers. | -| clusterAgent.collection.kubeStateMetrics.enabled | bool | `true` | Enable / disable the cluster agent kube-state-metrics collection. | -| clusterAgent.collection.kubeStateMetrics.labelsAsTags | object | `{}` | Extra labels to collect from resources and to turn into StackState tag. # It has the following structure: # labelsAsTags: # : # can be pod, deployment, node, etc. # : # where is the kubernetes label and is the StackState tag # : # : # : # # Warning: the label must match the transformation done by kube-state-metrics, # for example tags.stackstate/version becomes tags_stackstate_version. | -| clusterAgent.collection.kubernetesEvents | bool | `true` | Enable / disable the cluster agent events collection. | -| clusterAgent.collection.kubernetesMetrics | bool | `true` | Enable / disable the cluster agent metrics collection. | -| clusterAgent.collection.kubernetesResources.configmaps | bool | `true` | Enable / disable collection of ConfigMaps. | -| clusterAgent.collection.kubernetesResources.cronjobs | bool | `true` | Enable / disable collection of CronJobs. | -| clusterAgent.collection.kubernetesResources.daemonsets | bool | `true` | Enable / disable collection of DaemonSets. | -| clusterAgent.collection.kubernetesResources.deployments | bool | `true` | Enable / disable collection of Deployments. | -| clusterAgent.collection.kubernetesResources.endpoints | bool | `true` | Enable / disable collection of Endpoints. If endpoints are disabled then StackState won't be able to connect a Service to Pods that serving it | -| clusterAgent.collection.kubernetesResources.horizontalpodautoscalers | bool | `true` | Enable / disable collection of HorizontalPodAutoscalers. | -| clusterAgent.collection.kubernetesResources.ingresses | bool | `true` | Enable / disable collection of Ingresses. | -| clusterAgent.collection.kubernetesResources.jobs | bool | `true` | Enable / disable collection of Jobs. | -| clusterAgent.collection.kubernetesResources.limitranges | bool | `true` | Enable / disable collection of LimitRanges. | -| clusterAgent.collection.kubernetesResources.namespaces | bool | `true` | Enable / disable collection of Namespaces. | -| clusterAgent.collection.kubernetesResources.persistentvolumeclaims | bool | `true` | Enable / disable collection of PersistentVolumeClaims. Disabling these will not let StackState connect PersistentVolumes to pods they are attached to | -| clusterAgent.collection.kubernetesResources.persistentvolumes | bool | `true` | Enable / disable collection of PersistentVolumes. | -| clusterAgent.collection.kubernetesResources.poddisruptionbudgets | bool | `true` | Enable / disable collection of PodDisruptionBudgets. | -| clusterAgent.collection.kubernetesResources.replicasets | bool | `true` | Enable / disable collection of ReplicaSets. | -| clusterAgent.collection.kubernetesResources.replicationcontrollers | bool | `true` | Enable / disable collection of ReplicationControllers. | -| clusterAgent.collection.kubernetesResources.resourcequotas | bool | `true` | Enable / disable collection of ResourceQuotas. | -| clusterAgent.collection.kubernetesResources.secrets | bool | `true` | Enable / disable collection of Secrets. | -| clusterAgent.collection.kubernetesResources.statefulsets | bool | `true` | Enable / disable collection of StatefulSets. | -| clusterAgent.collection.kubernetesResources.storageclasses | bool | `true` | Enable / disable collection of StorageClasses. | -| clusterAgent.collection.kubernetesResources.volumeattachments | bool | `true` | Enable / disable collection of Volume Attachments. Used to bind Nodes to Persistent Volumes. | -| clusterAgent.collection.kubernetesTimeout | int | `10` | Default timeout (in seconds) when obtaining information from the Kubernetes API. | -| clusterAgent.collection.kubernetesTopology | bool | `true` | Enable / disable the cluster agent topology collection. | -| clusterAgent.config | object | `{"configMap":{"maxDataSize":null},"events":{"categories":{}},"override":[],"topology":{"collectionInterval":90}}` | | -| clusterAgent.config.configMap.maxDataSize | string | `nil` | Maximum amount of characters for the data property of a ConfigMap collected by the kubernetes topology check | -| clusterAgent.config.events.categories | object | `{}` | Custom mapping from Kubernetes event reason to StackState event category. Categories allowed: Alerts, Activities, Changes, Others | -| clusterAgent.config.override | list | `[]` | A list of objects containing three keys `name`, `path` and `data`, specifying filenames at specific paths which need to be (potentially) overridden using a mounted configmap | -| clusterAgent.config.topology.collectionInterval | int | `90` | Interval for running topology collection, in seconds | -| clusterAgent.enabled | bool | `true` | Enable / disable the cluster agent. | -| clusterAgent.image.pullPolicy | string | `"IfNotPresent"` | Default container image pull policy. | -| clusterAgent.image.repository | string | `"stackstate/stackstate-k8s-cluster-agent"` | Base container image repository. | -| clusterAgent.image.tag | string | `"1e287e80"` | Default container image tag. | -| clusterAgent.livenessProbe.enabled | bool | `true` | Enable use of livenessProbe check. | -| clusterAgent.livenessProbe.failureThreshold | int | `3` | `failureThreshold` for the liveness probe. | -| clusterAgent.livenessProbe.initialDelaySeconds | int | `15` | `initialDelaySeconds` for the liveness probe. | -| clusterAgent.livenessProbe.periodSeconds | int | `15` | `periodSeconds` for the liveness probe. | -| clusterAgent.livenessProbe.successThreshold | int | `1` | `successThreshold` for the liveness probe. | -| clusterAgent.livenessProbe.timeoutSeconds | int | `5` | `timeoutSeconds` for the liveness probe. | -| clusterAgent.logLevel | string | `"INFO"` | Logging level for stackstate-k8s-agent processes. | -| clusterAgent.nodeSelector | object | `{}` | Node labels for pod assignment. | -| clusterAgent.priorityClassName | string | `""` | Priority class for stackstate-k8s-agent pods. | -| clusterAgent.readinessProbe.enabled | bool | `true` | Enable use of readinessProbe check. | -| clusterAgent.readinessProbe.failureThreshold | int | `3` | `failureThreshold` for the readiness probe. | -| clusterAgent.readinessProbe.initialDelaySeconds | int | `15` | `initialDelaySeconds` for the readiness probe. | -| clusterAgent.readinessProbe.periodSeconds | int | `15` | `periodSeconds` for the readiness probe. | -| clusterAgent.readinessProbe.successThreshold | int | `1` | `successThreshold` for the readiness probe. | -| clusterAgent.readinessProbe.timeoutSeconds | int | `5` | `timeoutSeconds` for the readiness probe. | -| clusterAgent.replicaCount | int | `1` | Number of replicas of the cluster agent to deploy. | -| clusterAgent.resources.limits.cpu | string | `"400m"` | CPU resource limits. | -| clusterAgent.resources.limits.memory | string | `"800Mi"` | Memory resource limits. | -| clusterAgent.resources.requests.cpu | string | `"70m"` | CPU resource requests. | -| clusterAgent.resources.requests.memory | string | `"512Mi"` | Memory resource requests. | -| clusterAgent.service.port | int | `5005` | Change the Cluster Agent service port | -| clusterAgent.service.targetPort | int | `5005` | Change the Cluster Agent service targetPort | -| clusterAgent.serviceaccount.annotations | object | `{}` | Annotations for the service account for the cluster agent pods | -| clusterAgent.skipSslValidation | bool | `false` | If true, ignores the server certificate being signed by an unknown authority. | -| clusterAgent.strategy | object | `{"type":"RollingUpdate"}` | The strategy for the Deployment object. | -| clusterAgent.tolerations | list | `[]` | Toleration labels for pod assignment. | -| fullnameOverride | string | `""` | Override the fullname of the chart. | -| global.extraAnnotations | object | `{}` | Extra annotations added ta all resources created by the helm chart | -| global.extraEnv.open | object | `{}` | Extra open environment variables to inject into pods. | -| global.extraEnv.secret | object | `{}` | Extra secret environment variables to inject into pods via a `Secret` object. | -| global.extraLabels | object | `{}` | Extra labels added ta all resources created by the helm chart | -| global.imagePullCredentials | object | `{}` | Globally define credentials for pulling images. | -| global.imagePullSecrets | list | `[]` | Secrets / credentials needed for container image registry. | -| global.proxy.url | string | `""` | Proxy for all traffic to stackstate | -| global.skipSslValidation | bool | `false` | Enable tls validation from client | -| httpHeaderInjectorWebhook.enabled | bool | `false` | Enable the webhook for injection http header injection sidecar proxy | -| logsAgent.affinity | object | `{}` | Affinity settings for pod assignment. | -| logsAgent.enabled | bool | `true` | Enable / disable k8s pod log collection | -| logsAgent.image.pullPolicy | string | `"IfNotPresent"` | Default container image pull policy. | -| logsAgent.image.repository | string | `"stackstate/promtail"` | Base container image repository. | -| logsAgent.image.tag | string | `"2.9.8-5b179aee"` | Default container image tag. | -| logsAgent.nodeSelector | object | `{}` | Node labels for pod assignment. | -| logsAgent.priorityClassName | string | `""` | Priority class for logsAgent pods. | -| logsAgent.resources.limits.cpu | string | `"1300m"` | Memory resource limits. | -| logsAgent.resources.limits.memory | string | `"192Mi"` | | -| logsAgent.resources.requests.cpu | string | `"20m"` | Memory resource requests. | -| logsAgent.resources.requests.memory | string | `"100Mi"` | | -| logsAgent.serviceaccount.annotations | object | `{}` | Annotations for the service account for the daemonset pods | -| logsAgent.skipSslValidation | bool | `false` | If true, ignores the server certificate being signed by an unknown authority. | -| logsAgent.tolerations | list | `[]` | Toleration labels for pod assignment. | -| logsAgent.updateStrategy | object | `{"rollingUpdate":{"maxUnavailable":100},"type":"RollingUpdate"}` | The update strategy for the DaemonSet object. | -| nameOverride | string | `""` | Override the name of the chart. | -| nodeAgent.affinity | object | `{}` | Affinity settings for pod assignment. | -| nodeAgent.apm.enabled | bool | `true` | Enable / disable the nodeAgent APM module. | -| nodeAgent.autoScalingEnabled | bool | `false` | Enable / disable autoscaling for the node agent pods. | -| nodeAgent.checksTagCardinality | string | `"orchestrator"` | low, orchestrator or high. Orchestrator level adds pod_name, high adds display_container_name | -| nodeAgent.config | object | `{"override":[]}` | | -| nodeAgent.config.override | list | `[]` | A list of objects containing three keys `name`, `path` and `data`, specifying filenames at specific paths which need to be (potentially) overridden using a mounted configmap | -| nodeAgent.containerRuntime.customSocketPath | string | `""` | If the container socket path does not match the default for CRI-O, Containerd or Docker, supply a custom socket path. | -| nodeAgent.containerRuntime.hostProc | string | `"/proc"` | | -| nodeAgent.containers.agent.env | object | `{}` | Additional environment variables for the agent container | -| nodeAgent.containers.agent.image.pullPolicy | string | `"IfNotPresent"` | Default container image pull policy. | -| nodeAgent.containers.agent.image.repository | string | `"stackstate/stackstate-k8s-agent"` | Base container image repository. | -| nodeAgent.containers.agent.image.tag | string | `"1e287e80"` | Default container image tag. | -| nodeAgent.containers.agent.livenessProbe.enabled | bool | `true` | Enable use of livenessProbe check. | -| nodeAgent.containers.agent.livenessProbe.failureThreshold | int | `3` | `failureThreshold` for the liveness probe. | -| nodeAgent.containers.agent.livenessProbe.initialDelaySeconds | int | `15` | `initialDelaySeconds` for the liveness probe. | -| nodeAgent.containers.agent.livenessProbe.periodSeconds | int | `15` | `periodSeconds` for the liveness probe. | -| nodeAgent.containers.agent.livenessProbe.successThreshold | int | `1` | `successThreshold` for the liveness probe. | -| nodeAgent.containers.agent.livenessProbe.timeoutSeconds | int | `5` | `timeoutSeconds` for the liveness probe. | -| nodeAgent.containers.agent.logLevel | string | `nil` | Set logging verbosity, valid log levels are: trace, debug, info, warn, error, critical, and off # If not set, fall back to the value of agent.logLevel. | -| nodeAgent.containers.agent.processAgent.enabled | bool | `false` | Enable / disable the agent process agent module. - deprecated | -| nodeAgent.containers.agent.readinessProbe.enabled | bool | `true` | Enable use of readinessProbe check. | -| nodeAgent.containers.agent.readinessProbe.failureThreshold | int | `3` | `failureThreshold` for the readiness probe. | -| nodeAgent.containers.agent.readinessProbe.initialDelaySeconds | int | `15` | `initialDelaySeconds` for the readiness probe. | -| nodeAgent.containers.agent.readinessProbe.periodSeconds | int | `15` | `periodSeconds` for the readiness probe. | -| nodeAgent.containers.agent.readinessProbe.successThreshold | int | `1` | `successThreshold` for the readiness probe. | -| nodeAgent.containers.agent.readinessProbe.timeoutSeconds | int | `5` | `timeoutSeconds` for the readiness probe. | -| nodeAgent.containers.agent.resources.limits.cpu | string | `"270m"` | Memory resource limits. | -| nodeAgent.containers.agent.resources.limits.memory | string | `"420Mi"` | | -| nodeAgent.containers.agent.resources.requests.cpu | string | `"20m"` | Memory resource requests. | -| nodeAgent.containers.agent.resources.requests.memory | string | `"180Mi"` | | -| nodeAgent.containers.processAgent.enabled | bool | `true` | Enable / disable the process agent container. | -| nodeAgent.containers.processAgent.env | object | `{}` | Additional environment variables for the process-agent container | -| nodeAgent.containers.processAgent.image.pullPolicy | string | `"IfNotPresent"` | Process-agent container image pull policy. | -| nodeAgent.containers.processAgent.image.registry | string | `nil` | | -| nodeAgent.containers.processAgent.image.repository | string | `"stackstate/stackstate-k8s-process-agent"` | Process-agent container image repository. | -| nodeAgent.containers.processAgent.image.tag | string | `"a0e29732"` | Default process-agent container image tag. | -| nodeAgent.containers.processAgent.logLevel | string | `nil` | Set logging verbosity, valid log levels are: trace, debug, info, warn, error, critical, and off # If not set, fall back to the value of agent.logLevel. | -| nodeAgent.containers.processAgent.procVolumeReadOnly | bool | `true` | Configure whether /host/proc is read only for the process agent container | -| nodeAgent.containers.processAgent.resources.limits.cpu | string | `"125m"` | Memory resource limits. | -| nodeAgent.containers.processAgent.resources.limits.memory | string | `"400Mi"` | | -| nodeAgent.containers.processAgent.resources.requests.cpu | string | `"25m"` | Memory resource requests. | -| nodeAgent.containers.processAgent.resources.requests.memory | string | `"128Mi"` | | -| nodeAgent.httpTracing.enabled | bool | `true` | | -| nodeAgent.logLevel | string | `"INFO"` | Logging level for agent processes. | -| nodeAgent.networkTracing.enabled | bool | `true` | Enable / disable the nodeAgent network tracing module. | -| nodeAgent.nodeSelector | object | `{}` | Node labels for pod assignment. | -| nodeAgent.priorityClassName | string | `""` | Priority class for nodeAgent pods. | -| nodeAgent.protocolInspection.enabled | bool | `true` | Enable / disable the nodeAgent protocol inspection. | -| nodeAgent.scaling.autoscalerLimits.agent.maximum.cpu | string | `"200m"` | Maximum CPU resource limits for main agent. | -| nodeAgent.scaling.autoscalerLimits.agent.maximum.memory | string | `"450Mi"` | Maximum memory resource limits for main agent. | -| nodeAgent.scaling.autoscalerLimits.agent.minimum.cpu | string | `"20m"` | Minimum CPU resource limits for main agent. | -| nodeAgent.scaling.autoscalerLimits.agent.minimum.memory | string | `"180Mi"` | Minimum memory resource limits for main agent. | -| nodeAgent.scaling.autoscalerLimits.processAgent.maximum.cpu | string | `"200m"` | Maximum CPU resource limits for process agent. | -| nodeAgent.scaling.autoscalerLimits.processAgent.maximum.memory | string | `"500Mi"` | Maximum memory resource limits for process agent. | -| nodeAgent.scaling.autoscalerLimits.processAgent.minimum.cpu | string | `"25m"` | Minimum CPU resource limits for process agent. | -| nodeAgent.scaling.autoscalerLimits.processAgent.minimum.memory | string | `"100Mi"` | Minimum memory resource limits for process agent. | -| nodeAgent.scc.enabled | bool | `false` | Enable / disable the installation of the SecurityContextConfiguration needed for installation on OpenShift. | -| nodeAgent.service | object | `{"annotations":{},"loadBalancerSourceRanges":["10.0.0.0/8"],"type":"ClusterIP"}` | The Kubernetes service for the agent | -| nodeAgent.service.annotations | object | `{}` | Annotations for the service | -| nodeAgent.service.loadBalancerSourceRanges | list | `["10.0.0.0/8"]` | The IP4 CIDR allowed to reach LoadBalancer for the service. For LoadBalancer type of service only. | -| nodeAgent.service.type | string | `"ClusterIP"` | Type of Kubernetes service: ClusterIP, LoadBalancer, NodePort | -| nodeAgent.serviceaccount.annotations | object | `{}` | Annotations for the service account for the agent daemonset pods | -| nodeAgent.skipKubeletTLSVerify | bool | `false` | Set to true if you want to skip kubelet tls verification. | -| nodeAgent.skipSslValidation | bool | `false` | Set to true if self signed certificates are used. | -| nodeAgent.tolerations | list | `[]` | Toleration labels for pod assignment. | -| nodeAgent.updateStrategy | object | `{"rollingUpdate":{"maxUnavailable":100},"type":"RollingUpdate"}` | The update strategy for the DaemonSet object. | -| openShiftLogging.installSecret | bool | `false` | Install a secret for logging on openshift | -| processAgent.checkIntervals.connections | int | `30` | Override the default value of the connections check interval in seconds. | -| processAgent.checkIntervals.container | int | `28` | Override the default value of the container check interval in seconds. | -| processAgent.checkIntervals.process | int | `32` | Override the default value of the process check interval in seconds. | -| processAgent.softMemoryLimit.goMemLimit | string | `"340MiB"` | Soft-limit for golang heap allocation, for sanity, must be around 85% of nodeAgent.containers.processAgent.resources.limits.cpu. | -| processAgent.softMemoryLimit.httpObservationsBufferSize | int | `40000` | Sets a maximum for the number of http observations to keep in memory between check runs, to use 40k requires around ~400Mib of memory. | -| processAgent.softMemoryLimit.httpStatsBufferSize | int | `40000` | Sets a maximum for the number of http stats to keep in memory between check runs, to use 40k requires around ~400Mib of memory. | -| stackstate.apiKey | string | `nil` | **PROVIDE YOUR API KEY HERE** API key to be used by the StackState agent. | -| stackstate.cluster.authToken | string | `""` | Provide a token to enable secure communication between the agent and the cluster agent. | -| stackstate.cluster.name | string | `nil` | **PROVIDE KUBERNETES CLUSTER NAME HERE** Name of the Kubernetes cluster where the agent will be installed. | -| stackstate.customApiKeySecretKey | string | `"sts-api-key"` | Key in the secret containing the receiver API key. | -| stackstate.customClusterAuthTokenSecretKey | string | `"sts-cluster-auth-token"` | Key in the secret containing the cluster auth token. | -| stackstate.customSecretName | string | `""` | Name of the secret containing the receiver API key. | -| stackstate.manageOwnSecrets | bool | `false` | Set to true if you don't want this helm chart to create secrets for you. | -| stackstate.url | string | `nil` | **PROVIDE STACKSTATE URL HERE** URL of the StackState installation to receive data from the agent. | -| targetSystem | string | `"linux"` | Target OS for this deployment (possible values: linux) | diff --git a/charts/stackstate/stackstate-k8s-agent/1.0.89/README.md.gotmpl b/charts/stackstate/stackstate-k8s-agent/1.0.89/README.md.gotmpl deleted file mode 100644 index 7909e6f0d..000000000 --- a/charts/stackstate/stackstate-k8s-agent/1.0.89/README.md.gotmpl +++ /dev/null @@ -1,45 +0,0 @@ -{{ template "chart.header" . }} -{{ template "chart.description" . }} - -Current chart version is `{{ template "chart.version" . }}` - -{{ template "chart.homepageLine" . }} - -{{ template "chart.requirementsSection" . }} - -## Required Values - -In order to successfully install this chart, you **must** provide the following variables: - -* `stackstate.apiKey` -* `stackstate.cluster.name` -* `stackstate.url` - -The parameter `stackstate.cluster.name` is entered when installing the Cluster Agent StackPack. - -Install them on the command line on Helm with the following command: - -```shell -helm install \ ---set-string 'stackstate.apiKey'='' \ ---set-string 'stackstate.cluster.name'='' \ ---set-string 'stackstate.url'='' \ -stackstate/stackstate-k8s-agent -``` - -## Recommended Values - -It is also recommended that you set a value for `stackstate.cluster.authToken`. If it is not provided, a value will be generated for you, but the value will change each time an upgrade is performed. - -The command for **also** installing with a set token would be: - -```shell -helm install \ ---set-string 'stackstate.apiKey'='' \ ---set-string 'stackstate.cluster.name'='' \ ---set-string 'stackstate.cluster.authToken'='' \ ---set-string 'stackstate.url'='' \ -stackstate/stackstate-k8s-agent -``` - -{{ template "chart.valuesSection" . }} diff --git a/charts/stackstate/stackstate-k8s-agent/1.0.89/Releasing.md b/charts/stackstate/stackstate-k8s-agent/1.0.89/Releasing.md deleted file mode 100644 index bab6c2b94..000000000 --- a/charts/stackstate/stackstate-k8s-agent/1.0.89/Releasing.md +++ /dev/null @@ -1,15 +0,0 @@ -To make a new release of this helm chart, follow the following steps: - - -- Create a branch from master -- Set the latest tags for the docker images, based on the dev settings (while we do not promote to prod, the moment we promote to prod we should take those tags) from https://gitlab.com/stackvista/devops/agent-promoter/-/blob/master/config.yml. Set the value to the folowing keys: - * stackstate-k8s-cluster-agent: - * [clusterAgent.image.tag] - * stackstate-k8s-agent: - * [nodeAgent.containers.agent.image.tag] - * [checksAgent.image.tag] - * stackstate-k8s-process-agent: - * [nodeAgent.containers.processAgent.image.tag] -- Bump the version of the chart -- Merge the mr and hit the public release button on the ci pipeline -- Manually smoke-test (deploy) the newly released stackstate/stackstate-k8s-agent chart to make sure it runs diff --git a/charts/stackstate/stackstate-k8s-agent/1.0.89/app-readme.md b/charts/stackstate/stackstate-k8s-agent/1.0.89/app-readme.md deleted file mode 100644 index 8025fe1d3..000000000 --- a/charts/stackstate/stackstate-k8s-agent/1.0.89/app-readme.md +++ /dev/null @@ -1,5 +0,0 @@ -## Introduction - -StackState is a modern Application Troubleshooting and Observability solution designed for the rapid evolving engineering landscape. With specific enhancements for Kubernetes environments it empowers engineers, allowing them to remediate application issues independently in production. - -The StackState Agent auto-discovers your entire environment in minutes, assimilating topology, logs, metrics, and events and sends this of to the StackState server. By using StackState you're able to tracke all activity in your environment in real-time and over time. StackState provides instant understanding of the business impact of an issue, offering end-to-end chain observability and ensuring that you can quickly correlate any product or environmental changes to the overall health of your cloud-native implementation. diff --git a/charts/stackstate/stackstate-k8s-agent/1.0.89/charts/http-header-injector/.helmignore b/charts/stackstate/stackstate-k8s-agent/1.0.89/charts/http-header-injector/.helmignore deleted file mode 100644 index 69790771c..000000000 --- a/charts/stackstate/stackstate-k8s-agent/1.0.89/charts/http-header-injector/.helmignore +++ /dev/null @@ -1,25 +0,0 @@ -# Patterns to ignore when building packages. -# This supports shell glob matching, relative path matching, and -# negation (prefixed with !). Only one pattern per line. -.DS_Store -# Common VCS dirs -.git/ -.gitignore -.bzr/ -.bzrignore -.hg/ -.hgignore -.svn/ -# Common backup files -*.swp -*.bak -*.tmp -*~ -# Various IDEs -.project -.idea/ -*.tmproj -.vscode/ -linter_values.yaml -ci/ -installation/ diff --git a/charts/stackstate/stackstate-k8s-agent/1.0.89/charts/http-header-injector/Chart.yaml b/charts/stackstate/stackstate-k8s-agent/1.0.89/charts/http-header-injector/Chart.yaml deleted file mode 100644 index ff28ae8da..000000000 --- a/charts/stackstate/stackstate-k8s-agent/1.0.89/charts/http-header-injector/Chart.yaml +++ /dev/null @@ -1,15 +0,0 @@ -apiVersion: v2 -appVersion: 0.0.1 -description: 'Helm chart for deploying the http-header-injector sidecar, which automatically - injects x-request-id into http traffic going through the cluster for pods which - have the annotation `http-header-injector.stackstate.io/inject: enabled` is set. ' -home: https://github.com/StackVista/http-header-injector -icon: https://www.stackstate.com/wp-content/uploads/2019/02/152x152-favicon.png -keywords: -- monitoring -- stackstate -maintainers: -- email: ops@stackstate.com - name: Stackstate Lupulus Team -name: http-header-injector -version: 0.0.11 diff --git a/charts/stackstate/stackstate-k8s-agent/1.0.89/charts/http-header-injector/README.md b/charts/stackstate/stackstate-k8s-agent/1.0.89/charts/http-header-injector/README.md deleted file mode 100644 index 840ff5240..000000000 --- a/charts/stackstate/stackstate-k8s-agent/1.0.89/charts/http-header-injector/README.md +++ /dev/null @@ -1,56 +0,0 @@ -# http-header-injector - -![Version: 0.0.11](https://img.shields.io/badge/Version-0.0.11-informational?style=flat-square) ![AppVersion: 0.0.1](https://img.shields.io/badge/AppVersion-0.0.1-informational?style=flat-square) - -Helm chart for deploying the http-header-injector sidecar, which automatically injects x-request-id into http traffic -going through the cluster for pods which have the annotation `http-header-injector.stackstate.io/inject: enabled` is set. - -**Homepage:** - -## Maintainers - -| Name | Email | Url | -| ---- | ------ | --- | -| Stackstate Lupulus Team | | | - -## Values - -| Key | Type | Default | Description | -|-----|------|---------|-------------| -| certificatePrehook | object | `{"image":{"pullPolicy":"IfNotPresent","registry":null,"repository":"stackstate/container-tools","tag":"1.4.0"},"resources":{"limits":{"cpu":"100m","memory":"200Mi"},"requests":{"cpu":"100m","memory":"200Mi"}}}` | Helm prehook to setup/remove a certificate for the sidecarInjector mutationwebhook | -| certificatePrehook.image.pullPolicy | string | `"IfNotPresent"` | Policy when pulling an image | -| certificatePrehook.image.registry | string | `nil` | Registry for the docker image. | -| certificatePrehook.image.tag | string | `"1.4.0"` | The tag for the docker image | -| debug | bool | `false` | Enable debugging. This will leave leave artifacts around like the prehook jobs for further inspection | -| enabled | bool | `true` | Enable/disable the mutationwebhook | -| global.extraAnnotations | object | `{}` | Extra annotations added ta all resources created by the helm chart | -| global.extraLabels | object | `{}` | Extra labels added ta all resources created by the helm chart | -| global.imagePullCredentials | object | `{}` | Globally define credentials for pulling images. | -| global.imagePullSecrets | list | `[]` | Globally add image pull secrets that are used. | -| global.imageRegistry | string | `nil` | Globally override the image registry that is used. Can be overridden by specific containers. Defaults to quay.io | -| images.pullSecretName | string | `nil` | | -| proxy | object | `{"image":{"pullPolicy":"IfNotPresent","registry":null,"repository":"stackstate/http-header-injector-proxy","tag":"sha-5ff79451"},"resources":{"limits":{"memory":"40Mi"},"requests":{"memory":"25Mi"}}}` | Proxy being injected into pods for rewriting http headers | -| proxy.image.pullPolicy | string | `"IfNotPresent"` | Policy when pulling an image | -| proxy.image.registry | string | `nil` | Registry for the docker image. | -| proxy.image.tag | string | `"sha-5ff79451"` | The tag for the docker image | -| proxy.resources.limits.memory | string | `"40Mi"` | Memory resource limits. | -| proxy.resources.requests.memory | string | `"25Mi"` | Memory resource requests. | -| proxyInit | object | `{"image":{"pullPolicy":"IfNotPresent","registry":null,"repository":"stackstate/http-header-injector-proxy-init","tag":"sha-5ff79451"}}` | InitContainer within pod which redirects traffic to the proxy container. | -| proxyInit.image.pullPolicy | string | `"IfNotPresent"` | Policy when pulling an image | -| proxyInit.image.registry | string | `nil` | Registry for the docker image | -| proxyInit.image.tag | string | `"sha-5ff79451"` | The tag for the docker image | -| sidecarInjector | object | `{"image":{"pullPolicy":"IfNotPresent","registry":null,"repository":"stackstate/generic-sidecar-injector","tag":"sha-9c852245"}}` | Service for injecting the proxy sidecar into pods | -| sidecarInjector.image.pullPolicy | string | `"IfNotPresent"` | Policy when pulling an image | -| sidecarInjector.image.registry | string | `nil` | Registry for the docker image. | -| sidecarInjector.image.tag | string | `"sha-9c852245"` | The tag for the docker image | -| webhook | object | `{"failurePolicy":"Ignore","tls":{"certManager":{"issuer":"","issuerKind":"ClusterIssuer","issuerNamespace":""},"mode":"generated","provided":{"caBundle":"","crt":"","key":""},"secret":{"name":""}}}` | MutationWebhook that will be installed to inject a sidecar into pods | -| webhook.failurePolicy | string | `"Ignore"` | How should the webhook fail? Best is to use Ignore, because there is a brief moment at initialization when the hook s there but the service not. Also, putting this to fail can cause the control plane be unresponsive. | -| webhook.tls.certManager.issuer | string | `""` | The issuer that is used for the webhook. Only used if you set webhook.tls.mode to "cert-manager". | -| webhook.tls.certManager.issuerKind | string | `"ClusterIssuer"` | The issuer kind that is used for the webhook, valid values are "Issuer" or "ClusterIssuer". Only used if you set webhook.tls.mode to "cert-manager". | -| webhook.tls.certManager.issuerNamespace | string | `""` | The namespace the cert-manager issuer is located in. If left empty defaults to the release's namespace that is used for the webhook. Only used if you set webhook.tls.mode to "cert-manager". | -| webhook.tls.mode | string | `"generated"` | The mode for the webhook. Can be "provided", "generated", "secret" or "cert-manager". If you want to use cert-manager, you need to install it first. NOTE: If you choose "generated", additional privileges are required to create the certificate and webhook at runtime. | -| webhook.tls.provided.caBundle | string | `""` | The caBundle that is used for the webhook. This is the certificate that is used to sign the webhook. Only used if you set webhook.tls.mode to "provided". | -| webhook.tls.provided.crt | string | `""` | The certificate that is used for the webhook. Only used if you set webhook.tls.mode to "provided". | -| webhook.tls.provided.key | string | `""` | The key that is used for the webhook. Only used if you set webhook.tls.mode to "provided". | -| webhook.tls.secret.name | string | `""` | The name of the secret containing the pre-provisioned certificate data that is used for the webhook. Only used if you set webhook.tls.mode to "secret". | - diff --git a/charts/stackstate/stackstate-k8s-agent/1.0.89/charts/http-header-injector/Readme.md.gotpl b/charts/stackstate/stackstate-k8s-agent/1.0.89/charts/http-header-injector/Readme.md.gotpl deleted file mode 100644 index 225032aa2..000000000 --- a/charts/stackstate/stackstate-k8s-agent/1.0.89/charts/http-header-injector/Readme.md.gotpl +++ /dev/null @@ -1,26 +0,0 @@ -{{ template "chart.header" . }} -{{ template "chart.description" . }} - -Current chart version is `{{ template "chart.version" . }}` - -{{ template "chart.homepageLine" . }} - -{{ template "chart.requirementsSection" . }} - -## Required Values - -No values have to be included to install this chart. After installing this chart, it becomes possible to annotate pods with -the `http-header-injector.stackstate.io/inject: enabled` annotation to make sure the sidecar provided by this chart is -activated on a pod. - -## Recommended Values - -{{ template "chart.valuesSection" . -}} - -## Install - -Install from the command line on Helm with the following command: - -```shell -helm install stackstate/http-header-injector -``` diff --git a/charts/stackstate/stackstate-k8s-agent/1.0.89/charts/http-header-injector/templates/_defines.tpl b/charts/stackstate/stackstate-k8s-agent/1.0.89/charts/http-header-injector/templates/_defines.tpl deleted file mode 100644 index ee6b7320e..000000000 --- a/charts/stackstate/stackstate-k8s-agent/1.0.89/charts/http-header-injector/templates/_defines.tpl +++ /dev/null @@ -1,131 +0,0 @@ -{{- define "http-header-injector.app.name" -}} -{{ .Release.Name }}-http-header-injector -{{- end -}} - -{{- define "http-header-injector.webhook-service.name" -}} -{{ .Release.Name }}-http-header-injector -{{- end -}} - -{{- define "http-header-injector.webhook-service.fqname" -}} -{{ .Release.Name }}-http-header-injector.{{ .Release.Namespace }}.svc -{{- end -}} - -{{- define "http-header-injector.cert-secret.name" -}} -{{- if eq .Values.webhook.tls.mode "secret" -}} -{{ .Values.webhook.tls.secret.name }} -{{- else -}} -{{ .Release.Name }}-http-injector-cert -{{- end -}} -{{- end -}} - -{{- define "http-header-injector.cert-clusterrole.name" -}} -{{ .Release.Name }}-http-injector-cert-cluster-role -{{- end -}} - -{{- define "http-header-injector.cert-serviceaccount.name" -}} -{{ .Release.Name }}-http-injector-cert-sa -{{- end -}} - -{{- define "http-header-injector.cert-config.name" -}} -{{ .Release.Name }}-cert-config -{{- end -}} - -{{- define "http-header-injector.mutatingwebhookconfiguration.name" -}} -{{ .Release.Name }}-http-header-injector-webhook.stackstate.io -{{- end -}} - -{{- define "http-header-injector.webhook-config.name" -}} -{{ .Release.Name }}-http-header-injector-config -{{- end -}} - -{{- define "http-header-injector.mutating-webhook.name" -}} -{{ .Release.Name }}-http-header-injector-webhook -{{- end -}} - -{{- define "http-header-injector.pull-secret.name" -}} -{{ include "http-header-injector.app.name" . }}-pull-secret -{{- end -}} - -{{/* If the issuer is located in a different namespace, it is possible to set that, else default to the release namespace */}} -{{- define "cert-manager.certificate.namespace" -}} -{{ .Values.webhook.tls.certManager.issuerNamespace | default .Release.Namespace }} -{{- end -}} - -{{- define "http-header-injector.image.registry.global" -}} - {{- if .Values.global }} - {{- .Values.global.imageRegistry | default "quay.io" -}} - {{- else -}} - quay.io - {{- end -}} -{{- end -}} - -{{- define "http-header-injector.image.registry" -}} - {{- if ((.ContainerConfig).image).registry -}} - {{- tpl .ContainerConfig.image.registry . -}} - {{- else -}} - {{- include "http-header-injector.image.registry.global" . }} - {{- end -}} -{{- end -}} - -{{- define "http-header-injector.image.pullSecrets" -}} - {{- $pullSecrets := list }} - {{- $pullSecrets = append $pullSecrets (include "http-header-injector.pull-secret.name" .) }} - {{- range .Values.global.imagePullSecrets -}} - {{- $pullSecrets = append $pullSecrets . -}} - {{- end -}} - {{- if (not (empty $pullSecrets)) -}} -imagePullSecrets: - {{- range $pullSecrets | uniq }} - - name: {{ . }} - {{- end }} - {{- end -}} -{{- end -}} - -{{- define "http-header-injector.cert-setup.container.main" }} -{{- $containerConfig := dict "ContainerConfig" .Values.certificatePrehook -}} -name: webhook-cert-setup -image: "{{ include "http-header-injector.image.registry" (merge $containerConfig .) }}/{{ .Values.certificatePrehook.image.repository }}:{{ .Values.certificatePrehook.image.tag }}" -imagePullPolicy: {{ .Values.certificatePrehook.image.pullPolicy }} -{{- with .Values.certificatePrehook.resources }} -resources: - {{- toYaml . | nindent 2 }} -{{- end }} -volumeMounts: - - name: "{{ include "http-header-injector.cert-config.name" . }}" - mountPath: /scripts - readOnly: true -command: ["/scripts/generate-cert.sh"] -{{- end }} - -{{- define "http-header-injector.cert-delete.container.main" }} -{{- $containerConfig := dict "ContainerConfig" .Values.certificatePrehook -}} -name: webhook-cert-delete -image: "{{ include "http-header-injector.image.registry" (merge $containerConfig .) }}/{{ .Values.certificatePrehook.image.repository }}:{{ .Values.certificatePrehook.image.tag }}" -imagePullPolicy: {{ .Values.certificatePrehook.image.pullPolicy }} -{{- with .Values.certificatePrehook.resources }} -resources: - {{- toYaml . | nindent 2 }} -{{- end }} -volumeMounts: - - name: "{{ include "http-header-injector.cert-config.name" . }}" - mountPath: /scripts -command: [ "/scripts/delete-cert.sh" ] -{{- end }} - -{{/* -Returns a YAML with extra annotations. -*/}} -{{- define "http-header-injector.global.extraAnnotations" -}} -{{- with .Values.global.extraAnnotations }} -{{- toYaml . }} -{{- end }} -{{- end -}} - -{{/* -Returns a YAML with extra labels. -*/}} -{{- define "http-header-injector.global.extraLabels" -}} -{{- with .Values.global.extraLabels }} -{{- toYaml . }} -{{- end }} -{{- end -}} \ No newline at end of file diff --git a/charts/stackstate/stackstate-k8s-agent/1.0.89/charts/http-header-injector/templates/cert-hook-clusterrolbinding.yaml b/charts/stackstate/stackstate-k8s-agent/1.0.89/charts/http-header-injector/templates/cert-hook-clusterrolbinding.yaml deleted file mode 100644 index fc0c01258..000000000 --- a/charts/stackstate/stackstate-k8s-agent/1.0.89/charts/http-header-injector/templates/cert-hook-clusterrolbinding.yaml +++ /dev/null @@ -1,24 +0,0 @@ -{{- if eq .Values.webhook.tls.mode "generated" }} -apiVersion: rbac.authorization.k8s.io/v1 -kind: ClusterRoleBinding -metadata: - name: "{{ include "http-header-injector.cert-serviceaccount.name" . }}" - labels: - app.kubernetes.io/component: http-header-injector-cert-hook - app.kubernetes.io/instance: {{ .Release.Name }} - app.kubernetes.io/name: {{ include "http-header-injector.app.name" . }} -{{ include "http-header-injector.global.extraLabels" . | indent 4 }} - annotations: - "helm.sh/hook": pre-install,pre-upgrade,post-delete,post-upgrade - "helm.sh/hook-weight": "-3" - "helm.sh/hook-delete-policy": before-hook-creation,hook-succeeded -{{ include "http-header-injector.global.extraAnnotations" . | indent 4 }} -roleRef: - apiGroup: rbac.authorization.k8s.io - kind: ClusterRole - name: "{{ include "http-header-injector.cert-clusterrole.name" . }}" -subjects: - - kind: ServiceAccount - name: "{{ include "http-header-injector.cert-serviceaccount.name" . }}" - namespace: {{ .Release.Namespace }} -{{- end }} diff --git a/charts/stackstate/stackstate-k8s-agent/1.0.89/charts/http-header-injector/templates/cert-hook-clusterrole.yaml b/charts/stackstate/stackstate-k8s-agent/1.0.89/charts/http-header-injector/templates/cert-hook-clusterrole.yaml deleted file mode 100644 index afab838b3..000000000 --- a/charts/stackstate/stackstate-k8s-agent/1.0.89/charts/http-header-injector/templates/cert-hook-clusterrole.yaml +++ /dev/null @@ -1,26 +0,0 @@ -{{- if eq .Values.webhook.tls.mode "generated" }} -apiVersion: rbac.authorization.k8s.io/v1 -kind: ClusterRole -metadata: - name: "{{ include "http-header-injector.cert-clusterrole.name" . }}" - labels: - app.kubernetes.io/component: http-header-injector-cert-hook - app.kubernetes.io/instance: {{ .Release.Name }} - app.kubernetes.io/name: {{ include "http-header-injector.app.name" . }} -{{ include "http-header-injector.global.extraLabels" . | indent 4 }} - annotations: - "helm.sh/hook": pre-install,pre-upgrade,post-delete,post-upgrade - "helm.sh/hook-weight": "-4" - "helm.sh/hook-delete-policy": before-hook-creation,hook-succeeded -{{ include "http-header-injector.global.extraAnnotations" . | indent 4 }} -rules: - - apiGroups: [ "admissionregistration.k8s.io" ] - resources: [ "mutatingwebhookconfigurations" ] - verbs: [ "get", "create", "patch","update","delete" ] - - apiGroups: [ "" ] - resources: [ "secrets" ] - verbs: [ "create", "get", "patch","update","delete" ] - - apiGroups: [ "apps" ] - resources: [ "deployments" ] - verbs: [ "get" ] -{{- end }} diff --git a/charts/stackstate/stackstate-k8s-agent/1.0.89/charts/http-header-injector/templates/cert-hook-config.yaml b/charts/stackstate/stackstate-k8s-agent/1.0.89/charts/http-header-injector/templates/cert-hook-config.yaml deleted file mode 100644 index a22bdf4fb..000000000 --- a/charts/stackstate/stackstate-k8s-agent/1.0.89/charts/http-header-injector/templates/cert-hook-config.yaml +++ /dev/null @@ -1,158 +0,0 @@ -{{- if eq .Values.webhook.tls.mode "generated" }} -apiVersion: v1 -kind: ConfigMap -metadata: - name: "{{ include "http-header-injector.cert-config.name" . }}" - labels: - app.kubernetes.io/component: http-header-injector-cert-hook - app.kubernetes.io/instance: {{ .Release.Name }} - app.kubernetes.io/name: {{ include "http-header-injector.app.name" . }} -{{ include "http-header-injector.global.extraLabels" . | indent 4 }} - annotations: - "helm.sh/hook": pre-install,pre-upgrade,post-delete,post-upgrade - "helm.sh/hook-weight": "-3" - "helm.sh/hook-delete-policy": before-hook-creation,hook-succeeded -{{ include "http-header-injector.global.extraAnnotations" . | indent 4 }} -data: - generate-cert.sh: | - #!/bin/bash - - # We are going for a self-signed certificate here. We would like to use k8s CertificateSigningRequest, however, - # currently there are no out of the box signers that can sign a 'server auth' certificate, which is required for mutation webhooks. - set -ex - - SCRIPTDIR="${BASH_SOURCE%/*}" - - DIR=`mktemp -d` - - cd "$DIR" - - {{ if .Values.enabled }} - echo "Chart enabled, creating secret and webhook" - - openssl genrsa -out ca.key 2048 - - openssl req -x509 -new -nodes -key ca.key -subj "/CN={{ include "http-header-injector.webhook-service.fqname" . }}" -days 10000 -out ca.crt - - openssl genrsa -out tls.key 2048 - - openssl req -new -key tls.key -out tls.csr -config "$SCRIPTDIR/csr.conf" - - openssl x509 -req -in tls.csr -CA ca.crt -CAkey ca.key \ - -CAcreateserial -out tls.crt -days 10000 \ - -extensions v3_ext -extfile "$SCRIPTDIR/csr.conf" -sha256 - - # Create or update the secret - echo "Applying secret" - kubectl create secret tls "{{ include "http-header-injector.cert-secret.name" . }}" \ - -n "{{ .Release.Namespace }}" \ - --cert=./tls.crt \ - --key=./tls.key \ - --dry-run=client \ - -o yaml | kubectl apply -f - - - echo "Applying mutationwebhook" - caBundle=`base64 -w 0 ca.crt` - cat "$SCRIPTDIR/mutatingwebhookconfiguration.yaml" | sed "s/\\\$CA_BUNDLE/$caBundle/g" | kubectl apply -f - - {{ else }} - echo "Chart disabled, not creating secret and webhook" - {{ end }} - delete-cert.sh: | - #!/bin/bash - - set -x - - DIR="${BASH_SOURCE%/*}" - if [[ ! -d "$DIR" ]]; then DIR="$PWD"; fi - if [[ "$DIR" = "." ]]; then DIR="$PWD"; fi - - cd "$DIR" - - # Using detection of deployment hee to also make this work in post-delete. - if kubectl get deployments "{{ include "http-header-injector.app.name" . }}" -n "{{ .Release.Namespace }}"; then - echo "Chart enabled, not removing secret and mutationwebhook" - exit 0 - else - echo "Chart disabled, removing secret and mutationwebhook" - fi - - # Create or update the secret - echo "Deleting secret" - kubectl delete secret "{{ include "http-header-injector.cert-secret.name" . }}" -n "{{ .Release.Namespace }}" - - echo "Applying mutationwebhook" - kubectl delete MutatingWebhookConfiguration "{{ include "http-header-injector.mutating-webhook.name" . }}" -n "{{ .Release.Namespace }}" - - exit 0 - - csr.conf: | - [ req ] - default_bits = 2048 - prompt = no - default_md = sha256 - req_extensions = req_ext - distinguished_name = dn - - [ dn ] - C = NL - ST = Utrecht - L = Hilversum - O = StackState - OU = Dev - CN = {{ include "http-header-injector.webhook-service.fqname" . }} - - [ req_ext ] - subjectAltName = @alt_names - - [ alt_names ] - DNS.1 = {{ include "http-header-injector.webhook-service.fqname" . }} - - [ v3_ext ] - authorityKeyIdentifier=keyid,issuer:always - basicConstraints=CA:FALSE - keyUsage=keyEncipherment,dataEncipherment - extendedKeyUsage=serverAuth - subjectAltName=@alt_names - - mutatingwebhookconfiguration.yaml: | - apiVersion: admissionregistration.k8s.io/v1 - kind: MutatingWebhookConfiguration - metadata: - name: "{{ include "http-header-injector.mutating-webhook.name" . }}" - namespace: "{{ .Release.Namespace }}" - labels: -{{ include "http-header-injector.global.extraLabels" . | indent 8 }} - annotations: -{{ include "http-header-injector.global.extraAnnotations" . | indent 8 }} - webhooks: - - clientConfig: - caBundle: "$CA_BUNDLE" - service: - name: "{{ include "http-header-injector.webhook-service.name" . }}" - path: /mutate - namespace: {{ .Release.Namespace }} - port: 8443 - # Putting failure on ignore, not doing so can crash the entire control plane if something goes wrong with the service. - failurePolicy: "{{ .Values.webhook.failurePolicy }}" - name: "{{ include "http-header-injector.mutatingwebhookconfiguration.name" . }}" - namespaceSelector: - matchExpressions: - - key: kubernetes.io/metadata.name - operator: NotIn - values: - - kube-system - - cert-manager - - {{ .Release.Namespace }} - rules: - - apiGroups: - - "" - apiVersions: - - v1 - operations: - - CREATE - resources: - - pods - sideEffects: None - admissionReviewVersions: - - v1 -{{- end }} diff --git a/charts/stackstate/stackstate-k8s-agent/1.0.89/charts/http-header-injector/templates/cert-hook-job-delete.yaml b/charts/stackstate/stackstate-k8s-agent/1.0.89/charts/http-header-injector/templates/cert-hook-job-delete.yaml deleted file mode 100644 index 6f72ce247..000000000 --- a/charts/stackstate/stackstate-k8s-agent/1.0.89/charts/http-header-injector/templates/cert-hook-job-delete.yaml +++ /dev/null @@ -1,39 +0,0 @@ -{{- if eq .Values.webhook.tls.mode "generated" }} -apiVersion: batch/v1 -kind: Job -metadata: - name: {{ .Release.Name }}-header-injector-cert-delete - labels: - app.kubernetes.io/component: http-header-injector-cert-hook-delete - app.kubernetes.io/instance: {{ .Release.Name }} - app.kubernetes.io/name: {{ include "http-header-injector.app.name" . }} -{{ include "http-header-injector.global.extraLabels" . | indent 4 }} - annotations: - "helm.sh/hook": post-delete,post-upgrade - "helm.sh/hook-weight": "-2" - "helm.sh/hook-delete-policy": before-hook-creation{{- if not .Values.debug -}},hook-succeeded{{- end }} -{{ include "http-header-injector.global.extraAnnotations" . | indent 4 }} -spec: - template: - metadata: - labels: - app.kubernetes.io/component: http-header-injector-delete - app.kubernetes.io/instance: {{ .Release.Name }} - app.kubernetes.io/name: {{ include "http-header-injector.app.name" . }} -{{ include "http-header-injector.global.extraLabels" . | indent 8 }} - annotations: - checksum/config: {{ include (print $.Template.BasePath "/cert-hook-config.yaml") . | sha256sum }} -{{ include "http-header-injector.global.extraAnnotations" . | indent 8 }} - spec: - serviceAccountName: "{{ include "http-header-injector.cert-serviceaccount.name" . }}" - {{- include "http-header-injector.image.pullSecrets" . | nindent 6 }} - volumes: - - name: "{{ include "http-header-injector.cert-config.name" . }}" - configMap: - name: "{{ include "http-header-injector.cert-config.name" . }}" - defaultMode: 0777 - containers: - - {{ include "http-header-injector.cert-delete.container.main" . | nindent 8 }} - restartPolicy: Never - backoffLimit: 0 -{{- end }} diff --git a/charts/stackstate/stackstate-k8s-agent/1.0.89/charts/http-header-injector/templates/cert-hook-job-setup.yaml b/charts/stackstate/stackstate-k8s-agent/1.0.89/charts/http-header-injector/templates/cert-hook-job-setup.yaml deleted file mode 100644 index cc1c89631..000000000 --- a/charts/stackstate/stackstate-k8s-agent/1.0.89/charts/http-header-injector/templates/cert-hook-job-setup.yaml +++ /dev/null @@ -1,39 +0,0 @@ -{{- if eq .Values.webhook.tls.mode "generated" }} -apiVersion: batch/v1 -kind: Job -metadata: - name: {{ .Release.Name }}-header-injector-cert-setup - labels: - app.kubernetes.io/component: http-header-injector-cert-hook-setup - app.kubernetes.io/instance: {{ .Release.Name }} - app.kubernetes.io/name: {{ include "http-header-injector.app.name" . }} -{{ include "http-header-injector.global.extraLabels" . | indent 4 }} - annotations: - "helm.sh/hook": pre-install,pre-upgrade - "helm.sh/hook-weight": "-2" - "helm.sh/hook-delete-policy": before-hook-creation{{- if not .Values.debug -}},hook-succeeded{{- end }} -{{ include "http-header-injector.global.extraAnnotations" . | indent 4 }} -spec: - template: - metadata: - labels: - app.kubernetes.io/component: http-header-injector-setup - app.kubernetes.io/instance: {{ .Release.Name }} - app.kubernetes.io/name: {{ include "http-header-injector.app.name" . }} -{{ include "http-header-injector.global.extraLabels" . | indent 8 }} - annotations: - checksum/config: {{ include (print $.Template.BasePath "/cert-hook-config.yaml") . | sha256sum }} -{{ include "http-header-injector.global.extraAnnotations" . | indent 8 }} - spec: - serviceAccountName: "{{ include "http-header-injector.cert-serviceaccount.name" . }}" - {{- include "http-header-injector.image.pullSecrets" . | nindent 6 }} - volumes: - - name: "{{ include "http-header-injector.cert-config.name" . }}" - configMap: - name: "{{ include "http-header-injector.cert-config.name" . }}" - defaultMode: 0777 - containers: - - {{ include "http-header-injector.cert-setup.container.main" . | nindent 8 }} - restartPolicy: Never - backoffLimit: 0 -{{- end }} diff --git a/charts/stackstate/stackstate-k8s-agent/1.0.89/charts/http-header-injector/templates/cert-hook-serviceaccount.yaml b/charts/stackstate/stackstate-k8s-agent/1.0.89/charts/http-header-injector/templates/cert-hook-serviceaccount.yaml deleted file mode 100644 index 29b26df95..000000000 --- a/charts/stackstate/stackstate-k8s-agent/1.0.89/charts/http-header-injector/templates/cert-hook-serviceaccount.yaml +++ /dev/null @@ -1,18 +0,0 @@ -{{- if eq .Values.webhook.tls.mode "generated" }} -apiVersion: v1 -kind: ServiceAccount -metadata: - name: "{{ include "http-header-injector.cert-serviceaccount.name" . }}" - namespace: {{ .Release.Namespace }} - annotations: - "helm.sh/hook": pre-install,pre-upgrade,post-delete,post-upgrade - "helm.sh/hook-weight": "-4" - "helm.sh/hook-delete-policy": before-hook-creation,hook-succeeded -{{ include "http-header-injector.global.extraAnnotations" . | indent 4 }} - labels: - app.kubernetes.io/component: http-header-injector-cert-hook - app.kubernetes.io/instance: {{ .Release.Name }} - app.kubernetes.io/name: {{ include "http-header-injector.app.name" . }} - app: "{{ include "http-header-injector.app.name" . }}" -{{ include "http-header-injector.global.extraLabels" . | indent 4 }} -{{- end }} diff --git a/charts/stackstate/stackstate-k8s-agent/1.0.89/charts/http-header-injector/templates/pull-secret.yaml b/charts/stackstate/stackstate-k8s-agent/1.0.89/charts/http-header-injector/templates/pull-secret.yaml deleted file mode 100644 index 80b4ee404..000000000 --- a/charts/stackstate/stackstate-k8s-agent/1.0.89/charts/http-header-injector/templates/pull-secret.yaml +++ /dev/null @@ -1,32 +0,0 @@ -{{- $defaultRegistry := .Values.global.imageRegistry }} -{{- $top := . }} -{{- $registryAuthMap := dict }} - -{{- range $registry, $credentials := .Values.global.imagePullCredentials }} - {{- $registryAuthDocument := dict -}} - {{- $_ := set $registryAuthDocument "username" $credentials.username }} - {{- $_ := set $registryAuthDocument "password" $credentials.password }} - {{- $authMessage := printf "%s:%s" $registryAuthDocument.username $registryAuthDocument.password | b64enc }} - {{- $_ := set $registryAuthDocument "auth" $authMessage }} - {{- if eq $registry "default" }} - {{- $registryAuthMap := set $registryAuthMap (include "http-header-injector.image.registry.global" $top) $registryAuthDocument }} - {{ else }} - {{- $registryAuthMap := set $registryAuthMap $registry $registryAuthDocument }} - {{- end }} -{{- end }} -{{- $dockerAuthsDocuments := dict "auths" $registryAuthMap }} - -apiVersion: v1 -kind: Secret -metadata: - labels: - app.kubernetes.io/component: http-header-injector - app.kubernetes.io/instance: {{ .Release.Name }} - app.kubernetes.io/name: {{ include "http-header-injector.app.name" . }} -{{ include "http-header-injector.global.extraLabels" . | indent 4 }} - annotations: -{{ include "http-header-injector.global.extraAnnotations" . | indent 4 }} - name: {{ include "http-header-injector.pull-secret.name" . }} -data: - .dockerconfigjson: {{ $dockerAuthsDocuments | toJson | b64enc | quote }} -type: kubernetes.io/dockerconfigjson \ No newline at end of file diff --git a/charts/stackstate/stackstate-k8s-agent/1.0.89/charts/http-header-injector/templates/webhook-cert-secret.yaml b/charts/stackstate/stackstate-k8s-agent/1.0.89/charts/http-header-injector/templates/webhook-cert-secret.yaml deleted file mode 100644 index f571ca86b..000000000 --- a/charts/stackstate/stackstate-k8s-agent/1.0.89/charts/http-header-injector/templates/webhook-cert-secret.yaml +++ /dev/null @@ -1,18 +0,0 @@ -{{- if eq .Values.webhook.tls.mode "provided" }} -apiVersion: v1 -kind: Secret -metadata: - name: {{ include "http-header-injector.cert-secret.name" . }} - namespace: {{ .Release.Namespace }} - labels: - app.kubernetes.io/component: http-header-injector - app.kubernetes.io/instance: {{ .Release.Name }} - app.kubernetes.io/name: {{ include "http-header-injector.app.name" . }} -{{ include "http-header-injector.global.extraLabels" . | indent 4 }} - annotations: -{{ include "http-header-injector.global.extraAnnotations" . | indent 4 }} -type: kubernetes.io/tls -data: - tls.crt: {{ .Values.webhook.tls.provided.crt | b64enc }} - tls.key: {{ .Values.webhook.tls.provided.key | b64enc }} -{{- end }} diff --git a/charts/stackstate/stackstate-k8s-agent/1.0.89/charts/http-header-injector/templates/webhook-certificate.yaml b/charts/stackstate/stackstate-k8s-agent/1.0.89/charts/http-header-injector/templates/webhook-certificate.yaml deleted file mode 100644 index a68c7c5f6..000000000 --- a/charts/stackstate/stackstate-k8s-agent/1.0.89/charts/http-header-injector/templates/webhook-certificate.yaml +++ /dev/null @@ -1,23 +0,0 @@ -{{- if eq .Values.webhook.tls.mode "cert-manager" }} -apiVersion: cert-manager.io/v1 -kind: Certificate -metadata: - name: {{ include "http-header-injector.webhook-service.name" . }} - namespace: {{ include "cert-manager.certificate.namespace" . }} - labels: - app.kubernetes.io/component: http-header-injector - app.kubernetes.io/instance: {{ .Release.Name }} - app.kubernetes.io/name: {{ include "http-header-injector.app.name" . }} -{{ include "http-header-injector.global.extraLabels" . | indent 4 }} - annotations: -{{ include "http-header-injector.global.extraAnnotations" . | indent 4 }} -spec: - secretName: {{ include "http-header-injector.cert-secret.name" . }} - issuerRef: - name: {{ .Values.webhook.tls.certManager.issuer }} - kind: {{ .Values.webhook.tls.certManager.issuerKind }} - dnsNames: - - "{{ include "http-header-injector.webhook-service.name" . }}" - - "{{ include "http-header-injector.webhook-service.name" . }}.{{ .Release.Namespace }}" - - "{{ include "http-header-injector.webhook-service.name" . }}.{{ .Release.Namespace }}.svc" -{{- end }} diff --git a/charts/stackstate/stackstate-k8s-agent/1.0.89/charts/http-header-injector/templates/webhook-config.yaml b/charts/stackstate/stackstate-k8s-agent/1.0.89/charts/http-header-injector/templates/webhook-config.yaml deleted file mode 100644 index 20b38ce96..000000000 --- a/charts/stackstate/stackstate-k8s-agent/1.0.89/charts/http-header-injector/templates/webhook-config.yaml +++ /dev/null @@ -1,128 +0,0 @@ -{{- if .Values.enabled -}} -{{- $proxyContainerConfig := dict "ContainerConfig" .Values.proxy -}} -{{- $proxyInitContainerConfig := dict "ContainerConfig" .Values.proxyInit -}} -apiVersion: v1 -kind: ConfigMap -metadata: - labels: - app.kubernetes.io/component: http-header-injector - app.kubernetes.io/instance: {{ .Release.Name }} - app.kubernetes.io/name: {{ include "http-header-injector.app.name" . }} -{{ include "http-header-injector.global.extraLabels" . | indent 4 }} - annotations: -{{ include "http-header-injector.global.extraAnnotations" . | indent 4 }} - name: {{ .Release.Name }}-http-header-injector-config -data: - sidecarconfig.yaml: | - initContainers: - - name: http-header-proxy-init - image: "{{ include "http-header-injector.image.registry" (merge $proxyInitContainerConfig .) }}/{{ .Values.proxyInit.image.repository }}:{{ .Values.proxyInit.image.tag }}" - imagePullPolicy: {{ .Values.proxyInit.image.pullPolicy }} - command: ["/init-iptables.sh"] - env: - - name: CHART_VERSION - value: "{{ .Chart.Version }}" - - name: PROXY_PORT - value: {% if index .Annotations "config.http-header-injector.stackstate.io/proxy-port" %}"{% index .Annotations "config.http-header-injector.stackstate.io/proxy-port" %}"{% else %}"7060"{% end %} - - name: PROXY_UID - value: {% if index .Annotations "config.http-header-injector.stackstate.io/proxy-uid" %}"{% index .Annotations "config.http-header-injector.stackstate.io/proxy-uid" %}"{% else %}"2103"{% end %} - - name: POD_HOST_NETWORK - value: {% .Spec.HostNetwork %} - {% if eq (index .Annotations "linkerd.io/inject") "enabled" %} - - name: LINKERD - value: true - # Reference: https://linkerd.io/2.13/reference/proxy-configuration/ - - name: LINKERD_PROXY_UID - value: {% if index .Annotations "config.linkerd.io/proxy-uid" %}"{% index .Annotations "config.linkerd.io/proxy-uid" %}"{% else %}"2102"{% end %} - # Due to https://github.com/linkerd/linkerd2/issues/10981 this is now not realy possible, still bringing in the code for future reference - - name: LINKERD_ADMIN_PORT - value: {% if index .Annotations "config.linkerd.io/admin-port" %}"{% index .Annotations "config.linkerd.io/admin-port" %}"{% else %}"4191"{% end %} - {% end %} - securityContext: - allowPrivilegeEscalation: false - capabilities: - add: - - NET_ADMIN - - NET_RAW - privileged: false - readOnlyRootFilesystem: true - runAsNonRoot: false - runAsUser: 0 - seccompProfile: - type: RuntimeDefault - volumeMounts: - # This is required for iptables to be able to run - - mountPath: /run - name: http-header-proxy-init-xtables-lock - - containers: - - name: http-header-proxy - image: "{{ include "http-header-injector.image.registry" (merge $proxyContainerConfig .) }}/{{ .Values.proxy.image.repository }}:{{ .Values.proxy.image.tag }}" - imagePullPolicy: {{ .Values.proxy.image.pullPolicy }} - env: - - name: CHART_VERSION - value: "{{ .Chart.Version }}" - - name: PORT - value: {% if index .Annotations "config.http-header-injector.stackstate.io/proxy-port" %}"{% index .Annotations "config.http-header-injector.stackstate.io/proxy-port" %}"{% else %}"7060"{% end %} - - name: DEBUG - value: {% if index .Annotations "config.http-header-injector.stackstate.io/debug" %}"{% index .Annotations "config.http-header-injector.stackstate.io/debug" %}"{% else %}"disabled"{% end %} - securityContext: - runAsUser: {% if index .Annotations "config.http-header-injector.stackstate.io/proxy-uid" %}{% index .Annotations "config.http-header-injector.stackstate.io/proxy-uid" %}{% else %}2103{% end %} - seccompProfile: - type: RuntimeDefault - {{- with .Values.proxy.resources }} - resources: - {{- toYaml . | nindent 12 }} - {{- end }} - - name: http-header-inject-debug - image: "{{ include "http-header-injector.image.registry" (merge $proxyContainerConfig .) }}/{{ .Values.proxyInit.image.repository }}:{{ .Values.proxyInit.image.tag }}" - imagePullPolicy: {{ .Values.proxyInit.image.pullPolicy }} - command: ["/bin/sh", "-c", "while echo \"Running\"; do sleep 1; done"] - securityContext: - allowPrivilegeEscalation: false - capabilities: - add: - - NET_ADMIN - - NET_RAW - privileged: false - readOnlyRootFilesystem: true - runAsNonRoot: false - runAsUser: 0 - seccompProfile: - type: RuntimeDefault - volumeMounts: - # This is required for iptables to be able to run - - mountPath: /run - name: http-header-proxy-init-xtables-lock - - volumes: - - emptyDir: {} - name: http-header-proxy-init-xtables-lock - - mutationconfig.yaml: | - mutationConfigs: - - name: "http-header-injector" - annotationNamespace: "http-header-injector.stackstate.io" - annotationTrigger: "inject" - annotationConfig: - volumeMounts: [] - initContainersBeforePodInitContainers: [ "http-header-proxy-init" ] - initContainers: [ "http-header-proxy-init" ] - containers: [ "http-header-proxy" ] - volumes: [ "http-header-proxy-init-xtables-lock" ] - volumeMounts: [ ] - # Namespaces are ignored by the mutatingwebhook - ignoreNamespaces: [ ] - - name: "http-header-injector-debug" - annotationNamespace: "http-header-injector-debug.stackstate.io" - annotationTrigger: "inject" - annotationConfig: - volumeMounts: [] - initContainersBeforePodInitContainers: [ ] - initContainers: [ ] - containers: [ "http-header-inject-debug" ] - volumes: [ "http-header-proxy-init-xtables-lock" ] - volumeMounts: [ ] - # Namespaces are ignored by the mutatingwebhook - ignoreNamespaces: [ ] - {{- end -}} \ No newline at end of file diff --git a/charts/stackstate/stackstate-k8s-agent/1.0.89/charts/http-header-injector/templates/webhook-deployment.yaml b/charts/stackstate/stackstate-k8s-agent/1.0.89/charts/http-header-injector/templates/webhook-deployment.yaml deleted file mode 100644 index 8af6ff51a..000000000 --- a/charts/stackstate/stackstate-k8s-agent/1.0.89/charts/http-header-injector/templates/webhook-deployment.yaml +++ /dev/null @@ -1,61 +0,0 @@ -{{- if .Values.enabled -}} -{{- $containerConfig := dict "ContainerConfig" .Values.sidecarInjector -}} -apiVersion: apps/v1 -kind: Deployment -metadata: - labels: - app.kubernetes.io/component: http-header-injector - app.kubernetes.io/instance: {{ .Release.Name }} - app.kubernetes.io/name: {{ include "http-header-injector.app.name" . }} - app: "{{ include "http-header-injector.app.name" . }}" -{{ include "http-header-injector.global.extraLabels" . | indent 4 }} - annotations: -{{ include "http-header-injector.global.extraAnnotations" . | indent 4 }} - name: "{{ include "http-header-injector.app.name" . }}" -spec: - replicas: 1 - selector: - matchLabels: - app: "{{ include "http-header-injector.app.name" . }}" - template: - metadata: - labels: - app.kubernetes.io/component: http-header-injector - app.kubernetes.io/instance: {{ .Release.Name }} - app.kubernetes.io/name: {{ include "http-header-injector.app.name" . }} - app: "{{ include "http-header-injector.app.name" . }}" -{{ include "http-header-injector.global.extraLabels" . | indent 8 }} - annotations: - checksum/config: {{ include (print $.Template.BasePath "/webhook-config.yaml") . | sha256sum }} - # This is here to make sure the generic injector gets restarted and picks up a new secret that may have been generated upon upgrade. - revision: "{{ .Release.Revision }}" -{{ include "http-header-injector.global.extraAnnotations" . | indent 8 }} - name: "{{ include "http-header-injector.app.name" . }}" - spec: - {{- include "http-header-injector.image.pullSecrets" . | nindent 6 }} - volumes: - - name: "{{ include "http-header-injector.webhook-config.name" . }}" - configMap: - name: "{{ include "http-header-injector.webhook-config.name" . }}" - - name: "{{ include "http-header-injector.cert-secret.name" . }}" - secret: - secretName: "{{ include "http-header-injector.cert-secret.name" . }}" - containers: - - image: "{{ include "http-header-injector.image.registry" (merge $containerConfig .) }}/{{ .Values.sidecarInjector.image.repository }}:{{ .Values.sidecarInjector.image.tag }}" - imagePullPolicy: {{ .Values.sidecarInjector.image.pullPolicy }} - name: http-header-injector - volumeMounts: - - name: "{{ include "http-header-injector.webhook-config.name" . }}" - mountPath: /etc/webhook/config - readOnly: true - - name: "{{ include "http-header-injector.cert-secret.name" . }}" - mountPath: /etc/webhook/certs - readOnly: true - command: [ "/sidecarinjector" ] - args: - - --port=8443 - - --sidecar-config-file=/etc/webhook/config/sidecarconfig.yaml - - --mutation-config-file=/etc/webhook/config/mutationconfig.yaml - - --cert-file-path=/etc/webhook/certs/tls.crt - - --key-file-path=/etc/webhook/certs/tls.key -{{- end -}} \ No newline at end of file diff --git a/charts/stackstate/stackstate-k8s-agent/1.0.89/charts/http-header-injector/templates/webhook-mutatingwebhookconfiguration.yaml b/charts/stackstate/stackstate-k8s-agent/1.0.89/charts/http-header-injector/templates/webhook-mutatingwebhookconfiguration.yaml deleted file mode 100644 index de0acc1df..000000000 --- a/charts/stackstate/stackstate-k8s-agent/1.0.89/charts/http-header-injector/templates/webhook-mutatingwebhookconfiguration.yaml +++ /dev/null @@ -1,54 +0,0 @@ -{{- if not (eq .Values.webhook.tls.mode "generated") }} -apiVersion: admissionregistration.k8s.io/v1 -kind: MutatingWebhookConfiguration -metadata: - name: "{{ include "http-header-injector.mutating-webhook.name" . }}" - namespace: "{{ .Release.Namespace }}" - labels: - app.kubernetes.io/component: http-header-injector - app.kubernetes.io/instance: {{ .Release.Name }} - app.kubernetes.io/name: {{ include "http-header-injector.app.name" . }} -{{ include "http-header-injector.global.extraLabels" . | indent 4 }} - annotations: - {{- if eq .Values.webhook.tls.mode "cert-manager" }} - cert-manager.io/inject-ca-from: {{ include "cert-manager.certificate.namespace" . }}/{{ include "http-header-injector.webhook-service.name" . }} - {{- else if eq .Values.webhook.tls.mode "secret" }} - cert-manager.io/inject-ca-from-secret: {{ .Release.Namespace }}/{{ .Values.webhook.tls.secret.name | required "'webhook.tls.secret.name' is required when webhook.tls.mode is 'secret'" }} - {{- end }} -{{ include "http-header-injector.global.extraAnnotations" . | indent 4 }} -webhooks: - - clientConfig: - {{- if eq .Values.webhook.tls.mode "provided" }} - caBundle: "{{ .Values.webhook.tls.provided.caBundle | b64enc }}" - {{- else if or (eq .Values.webhook.tls.mode "cert-manager") (eq .Values.webhook.tls.mode "secret") }} - caBundle: "" - {{- end }} - service: - name: "{{ include "http-header-injector.webhook-service.name" . }}" - path: /mutate - namespace: {{ .Release.Namespace }} - port: 8443 - # Putting failure on ignore, not doing so can crash the entire control plane if something goes wrong with the service. - failurePolicy: "{{ .Values.webhook.failurePolicy }}" - name: "{{ include "http-header-injector.mutatingwebhookconfiguration.name" . }}" - namespaceSelector: - matchExpressions: - - key: kubernetes.io/metadata.name - operator: NotIn - values: - - kube-system - - cert-manager - - {{ .Release.Namespace }} - rules: - - apiGroups: - - "" - apiVersions: - - v1 - operations: - - CREATE - resources: - - pods - sideEffects: None - admissionReviewVersions: - - v1 -{{- end }} diff --git a/charts/stackstate/stackstate-k8s-agent/1.0.89/charts/http-header-injector/templates/webhook-service.yaml b/charts/stackstate/stackstate-k8s-agent/1.0.89/charts/http-header-injector/templates/webhook-service.yaml deleted file mode 100644 index 55abdb022..000000000 --- a/charts/stackstate/stackstate-k8s-agent/1.0.89/charts/http-header-injector/templates/webhook-service.yaml +++ /dev/null @@ -1,20 +0,0 @@ -{{- if .Values.enabled -}} -apiVersion: v1 -kind: Service -metadata: - labels: - app.kubernetes.io/component: http-header-injector - app.kubernetes.io/instance: {{ .Release.Name }} - app.kubernetes.io/name: {{ include "http-header-injector.app.name" . }} -{{ include "http-header-injector.global.extraLabels" . | indent 4 }} - annotations: -{{ include "http-header-injector.global.extraAnnotations" . | indent 4 }} - name: "{{ include "http-header-injector.webhook-service.name" . }}" -spec: - ports: - - port: 8443 - protocol: TCP - targetPort: 8443 - selector: - app: "{{ include "http-header-injector.app.name" . }}" -{{- end -}} diff --git a/charts/stackstate/stackstate-k8s-agent/1.0.89/charts/http-header-injector/values.yaml b/charts/stackstate/stackstate-k8s-agent/1.0.89/charts/http-header-injector/values.yaml deleted file mode 100644 index a1b4be2fc..000000000 --- a/charts/stackstate/stackstate-k8s-agent/1.0.89/charts/http-header-injector/values.yaml +++ /dev/null @@ -1,110 +0,0 @@ -# enabled -- Enable/disable the mutationwebhook -enabled: true - -# debug -- Enable debugging. This will leave leave artifacts around like the prehook jobs for further inspection -debug: false - -global: - # global.imageRegistry -- Globally override the image registry that is used. Can be overridden by specific containers. Defaults to quay.io - imageRegistry: null - # global.imagePullSecrets -- Globally add image pull secrets that are used. - imagePullSecrets: [] - # global.imagePullCredentials -- Globally define credentials for pulling images. - imagePullCredentials: {} - - # global.extraLabels -- Extra labels added ta all resources created by the helm chart - extraLabels: {} - # global.extraAnnotations -- Extra annotations added ta all resources created by the helm chart - extraAnnotations: {} - -images: - pullSecretName: - -# proxy -- Proxy being injected into pods for rewriting http headers -proxy: - image: - # proxy.image.registry -- Registry for the docker image. - registry: - # proxy.image.repository - Repository for the docker image - repository: "stackstate/http-header-injector-proxy" - # proxy.image.pullPolicy -- Policy when pulling an image - pullPolicy: IfNotPresent - # proxy.image.tag -- The tag for the docker image - tag: sha-5ff79451 - - # proxy.resource -- Resources for the proxy container - resources: - requests: - # proxy.resources.requests.memory -- Memory resource requests. - memory: "25Mi" - limits: - # proxy.resources.limits.memory -- Memory resource limits. - memory: "40Mi" - -# proxyInit -- InitContainer within pod which redirects traffic to the proxy container. -proxyInit: - image: - # proxyInit.image.registry -- Registry for the docker image - registry: - # proxyInit.image.repository - Repository for the docker image - repository: "stackstate/http-header-injector-proxy-init" - # proxyInit.image.pullPolicy -- Policy when pulling an image - pullPolicy: IfNotPresent - # proxyInit.image.tag -- The tag for the docker image - tag: sha-5ff79451 - -# sidecarInjector -- Service for injecting the proxy sidecar into pods -sidecarInjector: - image: - # sidecarInjector.image.registry -- Registry for the docker image. - registry: - # sidecarInjector.image.repository - Repository for the docker image - repository: "stackstate/generic-sidecar-injector" - # sidecarInjector.image.pullPolicy -- Policy when pulling an image - pullPolicy: IfNotPresent - # sidecarInjector.image.tag -- The tag for the docker image - tag: sha-9c852245 - -# certificatePrehook -- Helm prehook to setup/remove a certificate for the sidecarInjector mutationwebhook -certificatePrehook: - image: - # certificatePrehook.image.registry -- Registry for the docker image. - registry: - # certificatePrehook.image.repository - Repository for the docker image. - repository: stackstate/container-tools - # certificatePrehook.image.pullPolicy -- Policy when pulling an image - pullPolicy: IfNotPresent - # certificatePrehook.image.tag -- The tag for the docker image - tag: 1.4.0 - resources: - limits: - cpu: "100m" - memory: "200Mi" - requests: - cpu: "100m" - memory: "200Mi" - -# webhook -- MutationWebhook that will be installed to inject a sidecar into pods -webhook: - # webhook.failurePolicy -- How should the webhook fail? Best is to use Ignore, because there is a brief moment at initialization when the hook s there but the service not. Also, putting this to fail can cause the control plane be unresponsive. - failurePolicy: Ignore - tls: - # webhook.tls.mode -- The mode for the webhook. Can be "provided", "generated", "secret" or "cert-manager". If you want to use cert-manager, you need to install it first. NOTE: If you choose "generated", additional privileges are required to create the certificate and webhook at runtime. - mode: "generated" - provided: - # webhook.tls.provided.caBundle -- The caBundle that is used for the webhook. This is the certificate that is used to sign the webhook. Only used if you set webhook.tls.mode to "provided". - caBundle: "" - # webhook.tls.provided.crt -- The certificate that is used for the webhook. Only used if you set webhook.tls.mode to "provided". - crt: "" - # webhook.tls.provided.key -- The key that is used for the webhook. Only used if you set webhook.tls.mode to "provided". - key: "" - certManager: - # webhook.tls.certManager.issuer -- The issuer that is used for the webhook. Only used if you set webhook.tls.mode to "cert-manager". - issuer: "" - # webhook.tls.certManager.issuerKind -- The issuer kind that is used for the webhook, valid values are "Issuer" or "ClusterIssuer". Only used if you set webhook.tls.mode to "cert-manager". - issuerKind: "ClusterIssuer" - # webhook.tls.certManager.issuerNamespace -- The namespace the cert-manager issuer is located in. If left empty defaults to the release's namespace that is used for the webhook. Only used if you set webhook.tls.mode to "cert-manager". - issuerNamespace: "" - secret: - # webhook.tls.secret.name -- The name of the secret containing the pre-provisioned certificate data that is used for the webhook. Only used if you set webhook.tls.mode to "secret". - name: "" diff --git a/charts/stackstate/stackstate-k8s-agent/1.0.89/questions.yml b/charts/stackstate/stackstate-k8s-agent/1.0.89/questions.yml deleted file mode 100644 index 5d6e6a011..000000000 --- a/charts/stackstate/stackstate-k8s-agent/1.0.89/questions.yml +++ /dev/null @@ -1,184 +0,0 @@ -questions: - - variable: stackstate.apiKey - label: "StackState API Key" - type: string - description: "The API key for StackState." - required: true - group: General - - variable: stackstate.url - label: "StackState URL" - type: string - description: "The URL where StackState is running." - required: true - group: General - - variable: stackstate.cluster.name - label: "StackState Cluster Name" - type: string - description: "The StackState Cluster Name given when installing the instance of the Kubernetes StackPack in StackState. This is used to identify the cluster in StackState." - required: true - group: General - - variable: all.registry.override - label: "Override Default Image Registry" - type: boolean - description: "Whether or not to override the default image registry." - default: false - group: "General" - show_subquestions_if: true - subquestions: - - variable: all.image.registry - label: "Docker Image Registry" - type: string - description: "The registry to pull the StackState Agent images from." - default: "quay.io" - - variable: global.imagePullCredentials.username - label: "Docker Image Pull Username" - type: string - description: "The username to use when pulling the StackState Agent images." - - variable: global.imagePullCredentials.password - label: "Docker Image Pull Password" - type: secret - description: "The password to use when pulling the StackState Agent images." - - variable: nodeAgent.containers.agent.resources.override - label: "Override Node Agent Resource Allocation" - type: boolean - description: "Whether or not to override the default resources." - default: "false" - group: "Node Agent" - show_subquestions_if: true - subquestions: - - variable: nodeAgent.containers.agent.resources.requests.cpu - label: "CPU Requests" - type: string - description: "The requested CPU for the Node Agent." - default: "20m" - - variable: nodeAgent.containers.agent.resources.requests.memory - label: "Memory Requests" - type: string - description: "The requested memory for the Node Agent." - default: "180Mi" - - variable: nodeAgent.containers.agent.resources.limits.cpu - label: "CPU Limit" - type: string - description: "The CPU limit for the Node Agent." - default: "270m" - - variable: nodeAgent.containers.agent.resources.limits.memory - label: "Memory Limit" - type: string - description: "The memory limit for the Node Agent." - default: "420Mi" - - variable: nodeAgent.containers.processAgent.enabled - label: "Enable Process Agent" - type: boolean - description: "Whether or not to enable the Process Agent." - default: "true" - group: "Process Agent" - - variable: nodeAgent.skipKubeletTLSVerify - label: "Skip Kubelet TLS Verify" - type: boolean - description: "Whether or not to skip TLS verification when connecting to the kubelet API." - default: "true" - group: "Process Agent" - - variable: nodeAgent.containers.processAgent.resources.override - label: "Override Process Agent Resource Allocation" - type: boolean - description: "Whether or not to override the default resources." - default: "false" - group: "Process Agent" - show_subquestions_if: true - subquestions: - - variable: nodeAgent.containers.processAgent.resources.requests.cpu - label: "CPU Requests" - type: string - description: "The requested CPU for the Process Agent." - default: "25m" - - variable: nodeAgent.containers.processAgent.resources.requests.memory - label: "Memory Requests" - type: string - description: "The requested memory for the Process Agent." - default: "128Mi" - - variable: nodeAgent.containers.processAgent.resources.limits.cpu - label: "CPU Limit" - type: string - description: "The CPU limit for the Process Agent." - default: "125m" - - variable: nodeAgent.containers.processAgent.resources.limits.memory - label: "Memory Limit" - type: string - description: "The memory limit for the Process Agent." - default: "400Mi" - - variable: clusterAgent.enabled - label: "Enable Cluster Agent" - type: boolean - description: "Whether or not to enable the Cluster Agent." - default: "true" - group: "Cluster Agent" - - variable: clusterAgent.collection.kubernetesResources.secrets - label: "Collect Secret Resources" - type: boolean - description: | - Whether or not to collect Kubernetes Secrets. - NOTE: StackState will not send the actual data of the secrets, only the metadata and a secure hash of the data. - default: "true" - group: "Cluster Agent" - - variable: clusterAgent.resources.override - label: "Override Cluster Agent Resource Allocation" - type: boolean - description: "Whether or not to override the default resources." - default: "false" - group: "Cluster Agent" - show_subquestions_if: true - subquestions: - - variable: clusterAgent.resources.requests.cpu - label: "CPU Requests" - type: string - description: "The requested CPU for the Cluster Agent." - default: "70m" - - variable: clusterAgent.resources.requests.memory - label: "Memory Requests" - type: string - description: "The requested memory for the Cluster Agent." - default: "512Mi" - - variable: clusterAgent.resources.limits.cpu - label: "CPU Limit" - type: string - description: "The CPU limit for the Cluster Agent." - default: "400m" - - variable: clusterAgent.resources.limits.memory - label: "Memory Limit" - type: string - description: "The memory limit for the Cluster Agent." - default: "800Mi" - - variable: logsAgent.enabled - label: "Enable Logs Agent" - type: boolean - description: "Whether or not to enable the Logs Agent." - default: "true" - group: "Logs Agent" - - variable: logsAgent.resources.override - label: "Override Logs Agent Resource Allocation" - type: boolean - description: "Whether or not to override the default resources." - default: "false" - group: "Logs Agent" - show_subquestions_if: true - subquestions: - - variable: logsAgent.resources.requests.cpu - label: "CPU Requests" - type: string - description: "The requested CPU for the Logs Agent." - default: "20m" - - variable: logsAgent.resources.requests.memory - label: "Memory Requests" - type: string - description: "The requested memory for the Logs Agent." - default: "100Mi" - - variable: logsAgent.resources.limits.cpu - label: "CPU Limit" - type: string - description: "The CPU limit for the Logs Agent." - default: "1300m" - - variable: logsAgent.resources.limits.memory - label: "Memory Limit" - type: string - description: "The memory limit for the Logs Agent." - default: "192Mi" diff --git a/charts/stackstate/stackstate-k8s-agent/1.0.89/templates/_cluster-agent-kube-state-metrics.yaml b/charts/stackstate/stackstate-k8s-agent/1.0.89/templates/_cluster-agent-kube-state-metrics.yaml deleted file mode 100644 index f99fbf618..000000000 --- a/charts/stackstate/stackstate-k8s-agent/1.0.89/templates/_cluster-agent-kube-state-metrics.yaml +++ /dev/null @@ -1,62 +0,0 @@ -{{- define "cluster-agent-kube-state-metrics" -}} -{{- $kubeRes := .Values.clusterAgent.collection.kubernetesResources }} -{{- if .Values.clusterAgent.collection.kubeStateMetrics.clusterCheck }} -cluster_check: true -{{- end }} -init_config: -instances: - - collectors: - - nodes - - pods - - services - {{- if $kubeRes.persistentvolumeclaims }} - - persistentvolumeclaims - {{- end }} - {{- if $kubeRes.persistentvolumes }} - - persistentvolumes - {{- end }} - {{- if $kubeRes.namespaces }} - - namespaces - {{- end }} - {{- if $kubeRes.endpoints }} - - endpoints - {{- end }} - {{- if $kubeRes.daemonsets }} - - daemonsets - {{- end }} - {{- if $kubeRes.deployments }} - - deployments - {{- end }} - {{- if $kubeRes.replicasets }} - - replicasets - {{- end }} - {{- if $kubeRes.statefulsets }} - - statefulsets - {{- end }} - {{- if $kubeRes.cronjobs }} - - cronjobs - {{- end }} - {{- if $kubeRes.jobs }} - - jobs - {{- end }} - {{- if $kubeRes.ingresses }} - - ingresses - {{- end }} - {{- if $kubeRes.secrets }} - - secrets - {{- end }} - - resourcequotas - - replicationcontrollers - - limitranges - - horizontalpodautoscalers - - poddisruptionbudgets - - storageclasses - - volumeattachments - {{- if .Values.clusterAgent.collection.kubeStateMetrics.clusterCheck }} - skip_leader_election: true - {{- end }} - labels_as_tags: - {{ .Values.clusterAgent.collection.kubeStateMetrics.labelsAsTags | toYaml | indent 8 }} - annotations_as_tags: - {{ .Values.clusterAgent.collection.kubeStateMetrics.annotationsAsTags | toYaml | indent 8 }} -{{- end -}} diff --git a/charts/stackstate/stackstate-k8s-agent/1.0.89/templates/_container-agent.yaml b/charts/stackstate/stackstate-k8s-agent/1.0.89/templates/_container-agent.yaml deleted file mode 100644 index 09f9591c6..000000000 --- a/charts/stackstate/stackstate-k8s-agent/1.0.89/templates/_container-agent.yaml +++ /dev/null @@ -1,191 +0,0 @@ -{{- define "container-agent" -}} -- name: node-agent -{{- if .Values.all.hardening.enabled}} - lifecycle: - preStop: - exec: - command: [ "/bin/sh", "-c", "echo 'Giving slim.ai monitor time to submit data...'; sleep 120" ] -{{- end }} - image: "{{ include "stackstate-k8s-agent.imageRegistry" . }}/{{ .Values.nodeAgent.containers.agent.image.repository }}:{{ .Values.nodeAgent.containers.agent.image.tag }}" - imagePullPolicy: "{{ .Values.nodeAgent.containers.agent.image.pullPolicy }}" - env: - {{ include "stackstate-k8s-agent.apiKeyEnv" . | nindent 4 }} - - name: STS_KUBERNETES_KUBELET_HOST - valueFrom: - fieldRef: - fieldPath: status.hostIP - - name: KUBERNETES_HOSTNAME - valueFrom: - fieldRef: - fieldPath: spec.nodeName - - name: STS_HOSTNAME - value: "$(KUBERNETES_HOSTNAME)-{{ .Values.stackstate.cluster.name}}" - - name: AGENT_VERSION - value: {{ .Values.nodeAgent.containers.agent.image.tag | quote }} - - name: HOST_PROC - value: "/host/proc" - - name: HOST_SYS - value: "/host/sys" - - name: KUBERNETES - value: "true" - - name: STS_APM_ENABLED - value: {{ .Values.nodeAgent.apm.enabled | quote }} - - name: STS_APM_URL - value: {{ include "stackstate-k8s-agent.stackstate.url" . }} - - name: STS_CLUSTER_AGENT_ENABLED - value: {{ .Values.clusterAgent.enabled | quote }} - {{- if .Values.clusterAgent.enabled }} - - name: STS_CLUSTER_AGENT_KUBERNETES_SERVICE_NAME - value: {{ .Release.Name }}-cluster-agent - {{ include "stackstate-k8s-agent.clusterAgentAuthTokenEnv" . | nindent 4 }} - {{- end }} - - name: STS_CLUSTER_NAME - value: {{ .Values.stackstate.cluster.name | quote }} - - name: STS_SKIP_VALIDATE_CLUSTERNAME - value: "true" - - name: STS_CHECKS_TAG_CARDINALITY - value: {{ .Values.nodeAgent.checksTagCardinality | quote }} - {{- if .Values.checksAgent.enabled }} - - name: STS_EXTRA_CONFIG_PROVIDERS - value: "endpointschecks" - {{- end }} - - name: STS_HEALTH_PORT - value: "5555" - - name: STS_LEADER_ELECTION - value: "false" - - name: LOG_LEVEL - value: {{ .Values.nodeAgent.containers.agent.logLevel | default .Values.nodeAgent.logLevel | quote }} - - name: STS_LOG_LEVEL - value: {{ .Values.nodeAgent.containers.agent.logLevel | default .Values.nodeAgent.logLevel | quote }} - - name: STS_NETWORK_TRACING_ENABLED - value: {{ .Values.nodeAgent.networkTracing.enabled | quote }} - - name: STS_PROTOCOL_INSPECTION_ENABLED - value: {{ .Values.nodeAgent.protocolInspection.enabled | quote }} - - name: STS_PROCESS_AGENT_ENABLED - value: {{ .Values.nodeAgent.containers.agent.processAgent.enabled | quote }} - - name: STS_CONTAINER_CHECK_INTERVAL - value: {{ .Values.processAgent.checkIntervals.container | quote }} - - name: STS_CONNECTION_CHECK_INTERVAL - value: {{ .Values.processAgent.checkIntervals.connections | quote }} - - name: STS_PROCESS_CHECK_INTERVAL - value: {{ .Values.processAgent.checkIntervals.process | quote }} - - name: STS_PROCESS_AGENT_URL - value: {{ include "stackstate-k8s-agent.stackstate.url" . }} - - - name: STS_SKIP_SSL_VALIDATION - value: {{ or .Values.global.skipSslValidation .Values.nodeAgent.skipSslValidation | quote }} - - name: STS_SKIP_KUBELET_TLS_VERIFY - value: {{ .Values.nodeAgent.skipKubeletTLSVerify | quote }} - - name: STS_STS_URL - value: {{ include "stackstate-k8s-agent.stackstate.url" . }} - {{- if .Values.nodeAgent.containerRuntime.customSocketPath }} - - name: STS_CRI_SOCKET_PATH - value: {{ .Values.nodeAgent.containerRuntime.customSocketPath }} - {{- end }} - {{- if .Values.global.proxy.url }} - - name: STS_PROXY_HTTPS - value: {{ .Values.global.proxy.url | quote }} - - name: STS_PROXY_HTTP - value: {{ .Values.global.proxy.url | quote }} - {{- end }} - {{- range $key, $value := .Values.global.extraEnv.open }} - - name: {{ $key }} - value: {{ $value | quote }} - {{- end }} - {{- range $key, $value := .Values.global.extraEnv.secret }} - - name: {{ $key }} - valueFrom: - secretKeyRef: - name: {{ include "stackstate-k8s-agent.fullname" . }} - key: {{ $key }} - {{- end }} - {{- range $key, $value := .Values.nodeAgent.containers.agent.env }} - - name: {{ $key }} - value: {{ $value | quote }} - {{- end }} - {{- if .Values.nodeAgent.containers.agent.livenessProbe.enabled }} - livenessProbe: - httpGet: - path: /health - port: healthport - failureThreshold: {{ .Values.nodeAgent.containers.agent.livenessProbe.failureThreshold }} - initialDelaySeconds: {{ .Values.nodeAgent.containers.agent.livenessProbe.initialDelaySeconds }} - periodSeconds: {{ .Values.nodeAgent.containers.agent.livenessProbe.periodSeconds }} - successThreshold: {{ .Values.nodeAgent.containers.agent.livenessProbe.successThreshold }} - timeoutSeconds: {{ .Values.nodeAgent.containers.agent.livenessProbe.timeoutSeconds }} - {{- end }} - {{- if .Values.nodeAgent.containers.agent.readinessProbe.enabled }} - readinessProbe: - httpGet: - path: /health - port: healthport - failureThreshold: {{ .Values.nodeAgent.containers.agent.readinessProbe.failureThreshold }} - initialDelaySeconds: {{ .Values.nodeAgent.containers.agent.readinessProbe.initialDelaySeconds }} - periodSeconds: {{ .Values.nodeAgent.containers.agent.readinessProbe.periodSeconds }} - successThreshold: {{ .Values.nodeAgent.containers.agent.readinessProbe.successThreshold }} - timeoutSeconds: {{ .Values.nodeAgent.containers.agent.readinessProbe.timeoutSeconds }} - {{- end }} - ports: - - containerPort: 8126 - name: traceport - protocol: TCP - - containerPort: 5555 - name: healthport - protocol: TCP - {{- with .Values.nodeAgent.containers.agent.resources }} - resources: - {{- toYaml . | nindent 12 }} - {{- end }} - volumeMounts: - {{- if .Values.nodeAgent.containerRuntime.customSocketPath }} - - name: customcrisocket - mountPath: {{ .Values.nodeAgent.containerRuntime.customSocketPath }} - readOnly: true - {{- end }} - - name: crisocket - mountPath: /var/run/crio/crio.sock - readOnly: true - - name: containerdsocket - mountPath: /var/run/containerd/containerd.sock - readOnly: true - - name: kubelet - mountPath: /var/lib/kubelet - readOnly: true - - name: nfs - mountPath: /var/lib/nfs - readOnly: true - - name: dockersocket - mountPath: /var/run/docker.sock - readOnly: true - - name: dockernetns - mountPath: /run/docker/netns - readOnly: true - - name: dockeroverlay2 - mountPath: /var/lib/docker/overlay2 - readOnly: true - - name: procdir - mountPath: /host/proc - readOnly: true - - name: cgroups - mountPath: /host/sys/fs/cgroup - readOnly: true - {{- if .Values.nodeAgent.config.override }} - {{- range .Values.nodeAgent.config.override }} - - name: config-override-volume - mountPath: {{ .path }}/{{ .name }} - subPath: {{ .path | replace "/" "_"}}_{{ .name }} - readOnly: true - {{- end }} - {{- end }} -{{- if .Values.all.hardening.enabled}} - securityContext: - privileged: true - runAsUser: 0 # root - capabilities: - add: [ "ALL" ] - readOnlyRootFilesystem: false -{{- else }} - securityContext: - privileged: false -{{- end }} -{{- end -}} diff --git a/charts/stackstate/stackstate-k8s-agent/1.0.89/templates/_container-process-agent.yaml b/charts/stackstate/stackstate-k8s-agent/1.0.89/templates/_container-process-agent.yaml deleted file mode 100644 index 893f11581..000000000 --- a/charts/stackstate/stackstate-k8s-agent/1.0.89/templates/_container-process-agent.yaml +++ /dev/null @@ -1,160 +0,0 @@ -{{- define "container-process-agent" -}} -- name: process-agent -{{ if .Values.nodeAgent.containers.processAgent.image.registry }} - image: "{{ .Values.nodeAgent.containers.processAgent.image.registry }}/{{ .Values.nodeAgent.containers.processAgent.image.repository }}:{{ .Values.nodeAgent.containers.processAgent.image.tag }}" -{{ else }} - image: "{{ include "stackstate-k8s-agent.imageRegistry" . }}/{{ .Values.nodeAgent.containers.processAgent.image.repository }}:{{ .Values.nodeAgent.containers.processAgent.image.tag }}" -{{- end }} - imagePullPolicy: "{{ .Values.nodeAgent.containers.processAgent.image.pullPolicy }}" - ports: - - containerPort: 6063 - env: - {{ include "stackstate-k8s-agent.apiKeyEnv" . | nindent 4 }} - - name: STS_KUBERNETES_KUBELET_HOST - valueFrom: - fieldRef: - fieldPath: status.hostIP - - name: KUBERNETES_HOSTNAME - valueFrom: - fieldRef: - fieldPath: spec.nodeName - - name: STS_HOSTNAME - value: "$(KUBERNETES_HOSTNAME)-{{ .Values.stackstate.cluster.name}}" - - name: AGENT_VERSION - value: {{ .Values.nodeAgent.containers.processAgent.image.tag | quote }} - - name: STS_LOG_TO_CONSOLE - value: "true" - - name: HOST_PROC - value: "/host/proc" - - name: HOST_SYS - value: "/host/sys" - - name: HOST_ETC - value: "/host/etc" - - name: KUBERNETES - value: "true" - - name: STS_CLUSTER_AGENT_ENABLED - value: {{ .Values.clusterAgent.enabled | quote }} - {{- if .Values.clusterAgent.enabled }} - - name: STS_CLUSTER_AGENT_KUBERNETES_SERVICE_NAME - value: {{ .Release.Name }}-cluster-agent - {{ include "stackstate-k8s-agent.clusterAgentAuthTokenEnv" . | nindent 4 }} - {{- end }} - - name: STS_CLUSTER_NAME - value: {{ .Values.stackstate.cluster.name | quote }} - - name: STS_SKIP_VALIDATE_CLUSTERNAME - value: "true" - - name: LOG_LEVEL - value: {{ .Values.nodeAgent.containers.processAgent.logLevel | default .Values.nodeAgent.logLevel | quote }} - - name: STS_LOG_LEVEL - value: {{ .Values.nodeAgent.containers.processAgent.logLevel | default .Values.nodeAgent.logLevel | quote }} - - name: STS_NETWORK_TRACING_ENABLED - value: {{ .Values.nodeAgent.networkTracing.enabled | quote }} - - name: STS_PROTOCOL_INSPECTION_ENABLED - value: {{ .Values.nodeAgent.protocolInspection.enabled | quote }} - - name: STS_PROCESS_AGENT_ENABLED - value: {{ .Values.nodeAgent.containers.processAgent.enabled | quote }} - - name: STS_CONTAINER_CHECK_INTERVAL - value: {{ .Values.processAgent.checkIntervals.container | quote }} - - name: STS_CONNECTION_CHECK_INTERVAL - value: {{ .Values.processAgent.checkIntervals.connections | quote }} - - name: STS_PROCESS_CHECK_INTERVAL - value: {{ .Values.processAgent.checkIntervals.process | quote }} - - name: GOMEMLIMIT - value: {{ .Values.processAgent.softMemoryLimit.goMemLimit | quote }} - - name: STS_HTTP_STATS_BUFFER_SIZE - value: {{ .Values.processAgent.softMemoryLimit.httpStatsBufferSize | quote }} - - name: STS_HTTP_OBSERVATIONS_BUFFER_SIZE - value: {{ .Values.processAgent.softMemoryLimit.httpObservationsBufferSize | quote }} - - name: STS_PROCESS_AGENT_URL - value: {{ include "stackstate-k8s-agent.stackstate.url" . }} - - name: STS_SKIP_SSL_VALIDATION - value: {{ or .Values.global.skipSslValidation .Values.nodeAgent.skipSslValidation | quote }} - - name: STS_SKIP_KUBELET_TLS_VERIFY - value: {{ .Values.nodeAgent.skipKubeletTLSVerify | quote }} - - name: STS_STS_URL - value: {{ include "stackstate-k8s-agent.stackstate.url" . }} - - name: STS_HTTP_TRACING_ENABLED - value: {{ .Values.nodeAgent.httpTracing.enabled | quote }} - {{- if .Values.nodeAgent.containerRuntime.customSocketPath }} - - name: STS_CRI_SOCKET_PATH - value: {{ .Values.nodeAgent.containerRuntime.customSocketPath }} - {{- end }} - {{- if .Values.global.proxy.url }} - - name: STS_PROXY_HTTPS - value: {{ .Values.global.proxy.url | quote }} - - name: STS_PROXY_HTTP - value: {{ .Values.global.proxy.url | quote }} - {{- end }} - {{- range $key, $value := .Values.global.extraEnv.open }} - - name: {{ $key }} - value: {{ $value | quote }} - {{- end }} - {{- range $key, $value := .Values.global.extraEnv.secret }} - - name: {{ $key }} - valueFrom: - secretKeyRef: - name: {{ include "stackstate-k8s-agent.fullname" . }} - key: {{ $key }} - {{- end }} - {{- range $key, $value := .Values.nodeAgent.containers.processAgent.env }} - - name: {{ $key }} - value: {{ $value | quote }} - {{- end }} - {{- with .Values.nodeAgent.containers.processAgent.resources }} - resources: - {{- toYaml . | nindent 12 }} - {{- end }} - volumeMounts: - {{- if .Values.nodeAgent.containerRuntime.customSocketPath }} - - name: customcrisocket - mountPath: {{ .Values.nodeAgent.containerRuntime.customSocketPath }} - readOnly: true - {{- end }} - - name: crisocket - mountPath: /var/run/crio/crio.sock - readOnly: true - - name: containerdsocket - mountPath: /var/run/containerd/containerd.sock - readOnly: true - - name: sys-kernel-debug - mountPath: /sys/kernel/debug - # Having sys-kernel-debug as read only breaks specific monitors from receiving metrics - # readOnly: true - - name: dockersocket - mountPath: /var/run/docker.sock - readOnly: true - # The agent needs access to /etc to figure out what os it is running on. - - name: etcdir - mountPath: /host/etc - readOnly: true - - name: procdir - mountPath: /host/proc - # We have an agent option STS_DISABLE_BPF_JIT_HARDEN that write to /proc. this is a debug setting but if we want to use - # it, we have the option to make /proc writable. - readOnly: {{ .Values.nodeAgent.containers.processAgent.procVolumeReadOnly }} - - name: passwd - mountPath: /etc/passwd - readOnly: true - - name: cgroups - mountPath: /host/sys/fs/cgroup - readOnly: true - {{- if .Values.nodeAgent.config.override }} - {{- range .Values.nodeAgent.config.override }} - - name: config-override-volume - mountPath: {{ .path }}/{{ .name }} - subPath: {{ .path | replace "/" "_"}}_{{ .name }} - readOnly: true - {{- end }} - {{- end }} -{{- if .Values.all.hardening.enabled}} - securityContext: - privileged: true - runAsUser: 0 # root - capabilities: - add: [ "ALL" ] - readOnlyRootFilesystem: false -{{- else }} - securityContext: - privileged: true -{{- end }} -{{- end -}} diff --git a/charts/stackstate/stackstate-k8s-agent/1.0.89/templates/_helpers.tpl b/charts/stackstate/stackstate-k8s-agent/1.0.89/templates/_helpers.tpl deleted file mode 100644 index 3c51bc308..000000000 --- a/charts/stackstate/stackstate-k8s-agent/1.0.89/templates/_helpers.tpl +++ /dev/null @@ -1,219 +0,0 @@ -{{/* vim: set filetype=mustache: */}} -{{/* -Expand the name of the chart. -*/}} -{{- define "stackstate-k8s-agent.name" -}} -{{- default .Chart.Name .Values.nameOverride | trunc 63 | trimSuffix "-" -}} -{{- end -}} - -{{/* -Create a default fully qualified app name. -We truncate at 63 chars because some Kubernetes name fields are limited to this (by the DNS naming spec). -If release name contains chart name it will be used as a full name. -*/}} -{{- define "stackstate-k8s-agent.fullname" -}} -{{- if .Values.fullnameOverride -}} -{{- .Values.fullnameOverride | trunc 63 | trimSuffix "-" -}} -{{- else -}} -{{- $name := default .Chart.Name .Values.nameOverride -}} -{{- if contains $name .Release.Name -}} -{{- .Release.Name | trunc 63 | trimSuffix "-" -}} -{{- else -}} -{{- printf "%s-%s" .Release.Name $name | trunc 63 | trimSuffix "-" -}} -{{- end -}} -{{- end -}} -{{- end -}} - -{{/* -Create chart name and version as used by the chart label. -*/}} -{{- define "stackstate-k8s-agent.chart" -}} -{{- printf "%s-%s" .Chart.Name .Chart.Version | replace "+" "_" | trunc 63 | trimSuffix "-" -}} -{{- end -}} - -{{/* -Common labels -*/}} -{{- define "stackstate-k8s-agent.labels" -}} -app.kubernetes.io/name: {{ include "stackstate-k8s-agent.name" . }} -helm.sh/chart: {{ include "stackstate-k8s-agent.chart" . }} -app.kubernetes.io/instance: {{ .Release.Name }} -{{- if .Chart.AppVersion }} -app.kubernetes.io/version: {{ .Chart.AppVersion | quote }} -{{- end }} -app.kubernetes.io/managed-by: {{ .Release.Service }} -{{- end -}} - -{{/* -Cluster agent checksum annotations -*/}} -{{- define "stackstate-k8s-agent.checksum-configs" }} -checksum/secret: {{ include (print $.Template.BasePath "/secret.yaml") . | sha256sum }} -{{- end }} - -{{/* -StackState URL function -*/}} -{{- define "stackstate-k8s-agent.stackstate.url" -}} -{{ tpl .Values.stackstate.url . | quote }} -{{- end }} - -{{- define "stackstate-k8s-agent.configmap.override.checksum" -}} -{{- if .Values.clusterAgent.config.override }} -checksum/override-configmap: {{ include (print $.Template.BasePath "/cluster-agent-configmap.yaml") . | sha256sum }} -{{- end }} -{{- end }} - -{{- define "stackstate-k8s-agent.nodeAgent.configmap.override.checksum" -}} -{{- if .Values.nodeAgent.config.override }} -checksum/override-configmap: {{ include (print $.Template.BasePath "/node-agent-configmap.yaml") . | sha256sum }} -{{- end }} -{{- end }} - -{{- define "stackstate-k8s-agent.logsAgent.configmap.override.checksum" -}} -checksum/override-configmap: {{ include (print $.Template.BasePath "/logs-agent-configmap.yaml") . | sha256sum }} -{{- end }} - -{{- define "stackstate-k8s-agent.checksAgent.configmap.override.checksum" -}} -{{- if .Values.checksAgent.config.override }} -checksum/override-configmap: {{ include (print $.Template.BasePath "/checks-agent-configmap.yaml") . | sha256sum }} -{{- end }} -{{- end }} - - -{{/* -Return the image registry -*/}} -{{- define "stackstate-k8s-agent.imageRegistry" -}} - {{- if .Values.global }} - {{- .Values.global.imageRegistry | default .Values.all.image.registry -}} - {{- else -}} - {{- .Values.all.image.registry -}} - {{- end -}} -{{- end -}} - -{{/* -Renders a value that contains a template. -Usage: -{{ include "stackstate-k8s-agent.tplvalue.render" ( dict "value" .Values.path.to.the.Value "context" $) }} -*/}} -{{- define "stackstate-k8s-agent.tplvalue.render" -}} - {{- if typeIs "string" .value }} - {{- tpl .value .context }} - {{- else }} - {{- tpl (.value | toYaml) .context }} - {{- end }} -{{- end -}} - -{{- define "stackstate-k8s-agent.pull-secret.name" -}} -{{ include "stackstate-k8s-agent.fullname" . }}-pull-secret -{{- end -}} - -{{/* -Return the proper Docker Image Registry Secret Names evaluating values as templates -{{ include "stackstate-k8s-agent.image.pullSecrets" ( dict "images" (list .Values.path.to.the.image1, .Values.path.to.the.image2) "context" $) }} -*/}} -{{- define "stackstate-k8s-agent.image.pullSecrets" -}} - {{- $pullSecrets := list }} - {{- $context := .context }} - {{- if $context.Values.global }} - {{- range $context.Values.global.imagePullSecrets -}} - {{/* Is plain array of strings, compatible with all bitnami charts */}} - {{- $pullSecrets = append $pullSecrets (include "stackstate-k8s-agent.tplvalue.render" (dict "value" . "context" $context)) -}} - {{- end -}} - {{- end -}} - {{- range $context.Values.imagePullSecrets -}} - {{- $pullSecrets = append $pullSecrets (include "stackstate-k8s-agent.tplvalue.render" (dict "value" .name "context" $context)) -}} - {{- end -}} - {{- range .images -}} - {{- if .pullSecretName -}} - {{- $pullSecrets = append $pullSecrets (include "stackstate-k8s-agent.tplvalue.render" (dict "value" .pullSecretName "context" $context)) -}} - {{- end -}} - {{- end -}} - {{- $pullSecrets = append $pullSecrets (include "stackstate-k8s-agent.pull-secret.name" $context) -}} - {{- if (not (empty $pullSecrets)) -}} -imagePullSecrets: - {{- range $pullSecrets | uniq }} - - name: {{ . }} - {{- end }} - {{- end }} -{{- end -}} - -{{/* -Check whether the kubernetes-state-metrics configuration is overridden. If so, return 'true' else return nothing (which is false). -{{ include "stackstate-k8s-agent.kube-state-metrics.overridden" $ }} -*/}} -{{- define "stackstate-k8s-agent.kube-state-metrics.overridden" -}} -{{- if .Values.clusterAgent.config.override }} - {{- range $i, $val := .Values.clusterAgent.config.override }} - {{- if and (eq $val.name "conf.yaml") (eq $val.path "/etc/stackstate-agent/conf.d/kubernetes_state.d") }} -true - {{- end }} - {{- end }} -{{- end }} -{{- end -}} - -{{- define "stackstate-k8s-agent.nodeAgent.kube-state-metrics.overridden" -}} -{{- if .Values.nodeAgent.config.override }} - {{- range $i, $val := .Values.nodeAgent.config.override }} - {{- if and (eq $val.name "auto_conf.yaml") (eq $val.path "/etc/stackstate-agent/conf.d/kubernetes_state.d") }} -true - {{- end }} - {{- end }} -{{- end }} -{{- end -}} - -{{/* -Return the appropriate os label -*/}} -{{- define "label.os" -}} -{{- if semverCompare "^1.14-0" .Capabilities.KubeVersion.GitVersion -}} -kubernetes.io/os -{{- else -}} -beta.kubernetes.io/os -{{- end -}} -{{- end -}} - -{{/* -Returns a YAML with extra annotations -*/}} -{{- define "stackstate-k8s-agent.global.extraAnnotations" -}} -{{- with .Values.global.extraAnnotations }} -{{- toYaml . }} -{{- end }} -{{- end -}} - -{{/* -Returns a YAML with extra labels -*/}} -{{- define "stackstate-k8s-agent.global.extraLabels" -}} -{{- with .Values.global.extraLabels }} -{{- toYaml . }} -{{- end }} -{{- end -}} - -{{- define "stackstate-k8s-agent.apiKeyEnv" -}} -- name: STS_API_KEY - valueFrom: - secretKeyRef: -{{- if not .Values.stackstate.manageOwnSecrets }} - name: {{ include "stackstate-k8s-agent.fullname" . }} - key: sts-api-key -{{- else }} - name: {{ .Values.stackstate.customSecretName | quote }} - key: {{ .Values.stackstate.customApiKeySecretKey | quote }} -{{- end }} -{{- end -}} - -{{- define "stackstate-k8s-agent.clusterAgentAuthTokenEnv" -}} -- name: STS_CLUSTER_AGENT_AUTH_TOKEN - valueFrom: - secretKeyRef: -{{- if not .Values.stackstate.manageOwnSecrets }} - name: {{ include "stackstate-k8s-agent.fullname" . }} - key: sts-cluster-auth-token -{{- else }} - name: {{ .Values.stackstate.customSecretName | quote }} - key: {{ .Values.stackstate.customClusterAuthTokenSecretKey | quote }} -{{- end }} -{{- end -}} diff --git a/charts/stackstate/stackstate-k8s-agent/1.0.89/templates/checks-agent-clusterrolebinding.yaml b/charts/stackstate/stackstate-k8s-agent/1.0.89/templates/checks-agent-clusterrolebinding.yaml deleted file mode 100644 index 4fd0eadbc..000000000 --- a/charts/stackstate/stackstate-k8s-agent/1.0.89/templates/checks-agent-clusterrolebinding.yaml +++ /dev/null @@ -1,21 +0,0 @@ -{{- if .Values.checksAgent.enabled }} -apiVersion: rbac.authorization.k8s.io/v1 -kind: ClusterRoleBinding -metadata: - name: {{ .Release.Name }}-checks-agent - labels: -{{ include "stackstate-k8s-agent.labels" . | indent 4 }} -{{ include "stackstate-k8s-agent.global.extraLabels" . | indent 4 }} - app.kubernetes.io/component: checks-agent - annotations: -{{ include "stackstate-k8s-agent.global.extraAnnotations" . | indent 4 }} -roleRef: - apiGroup: rbac.authorization.k8s.io - kind: ClusterRole - name: {{ .Release.Name }}-node-agent -subjects: -- apiGroup: "" - kind: ServiceAccount - name: {{ .Release.Name }}-checks-agent - namespace: {{ .Release.Namespace }} -{{- end -}} diff --git a/charts/stackstate/stackstate-k8s-agent/1.0.89/templates/checks-agent-configmap.yaml b/charts/stackstate/stackstate-k8s-agent/1.0.89/templates/checks-agent-configmap.yaml deleted file mode 100644 index 54a1abf2f..000000000 --- a/charts/stackstate/stackstate-k8s-agent/1.0.89/templates/checks-agent-configmap.yaml +++ /dev/null @@ -1,17 +0,0 @@ -{{- if and .Values.checksAgent.enabled .Values.checksAgent.config.override }} -apiVersion: v1 -kind: ConfigMap -metadata: - name: {{ .Release.Name }}-checks-agent - labels: -{{ include "stackstate-k8s-agent.labels" . | indent 4 }} -{{ include "stackstate-k8s-agent.global.extraLabels" . | indent 4 }} - app.kubernetes.io/component: checks-agent - annotations: -{{ include "stackstate-k8s-agent.global.extraAnnotations" . | indent 4 }} -data: -{{- range .Values.checksAgent.config.override }} - {{ .path | replace "/" "_"}}_{{ .name }}: | -{{ .data | indent 4 -}} -{{- end -}} -{{- end -}} diff --git a/charts/stackstate/stackstate-k8s-agent/1.0.89/templates/checks-agent-deployment.yaml b/charts/stackstate/stackstate-k8s-agent/1.0.89/templates/checks-agent-deployment.yaml deleted file mode 100644 index 37a0b1a1d..000000000 --- a/charts/stackstate/stackstate-k8s-agent/1.0.89/templates/checks-agent-deployment.yaml +++ /dev/null @@ -1,185 +0,0 @@ -{{- if .Values.checksAgent.enabled }} -apiVersion: apps/v1 -kind: Deployment -metadata: - name: {{ .Release.Name }}-checks-agent - namespace: {{ .Release.Namespace }} - labels: -{{ include "stackstate-k8s-agent.labels" . | indent 4 }} -{{ include "stackstate-k8s-agent.global.extraLabels" . | indent 4 }} - app.kubernetes.io/component: checks-agent - annotations: -{{ include "stackstate-k8s-agent.global.extraAnnotations" . | indent 4 }} -spec: - selector: - matchLabels: - app.kubernetes.io/component: checks-agent - app.kubernetes.io/instance: {{ .Release.Name }} - app.kubernetes.io/name: {{ include "stackstate-k8s-agent.name" . }} - replicas: {{ .Values.checksAgent.replicas }} -{{- with .Values.checksAgent.strategy }} - strategy: - {{- toYaml . | nindent 4 }} -{{- end }} - template: - metadata: - annotations: - {{- include "stackstate-k8s-agent.checksum-configs" . | nindent 8 }} - {{- include "stackstate-k8s-agent.nodeAgent.configmap.override.checksum" . | nindent 8 }} -{{ include "stackstate-k8s-agent.global.extraAnnotations" . | indent 8 }} - labels: - app.kubernetes.io/component: checks-agent - app.kubernetes.io/instance: {{ .Release.Name }} - app.kubernetes.io/name: {{ include "stackstate-k8s-agent.name" . }} -{{ include "stackstate-k8s-agent.global.extraLabels" . | indent 8 }} - spec: - {{- include "stackstate-k8s-agent.image.pullSecrets" (dict "images" (list .Values.checksAgent.image .Values.all.image) "context" $) | nindent 6 }} - {{- if .Values.all.hardening.enabled}} - terminationGracePeriodSeconds: 240 - {{- end }} - containers: - - name: {{ .Chart.Name }} - image: "{{ include "stackstate-k8s-agent.imageRegistry" . }}/{{ .Values.checksAgent.image.repository }}:{{ .Values.checksAgent.image.tag }}" - imagePullPolicy: "{{ .Values.checksAgent.image.pullPolicy }}" - {{- if .Values.all.hardening.enabled}} - lifecycle: - preStop: - exec: - command: [ "/bin/sh", "-c", "echo 'Giving slim.ai monitor time to submit data...'; sleep 120" ] - {{- end }} - env: - {{ include "stackstate-k8s-agent.apiKeyEnv" . | nindent 10 }} - - name: KUBERNETES_HOSTNAME - valueFrom: - fieldRef: - fieldPath: spec.nodeName - - name: STS_HOSTNAME - value: "$(KUBERNETES_HOSTNAME)-{{ .Values.stackstate.cluster.name}}" - - name: AGENT_VERSION - value: {{ .Values.checksAgent.image.tag | quote }} - - name: LOG_LEVEL - value: {{ .Values.checksAgent.logLevel | quote }} - - name: STS_APM_ENABLED - value: "false" - - name: STS_CLUSTER_AGENT_ENABLED - value: {{ .Values.clusterAgent.enabled | quote }} - {{- if .Values.clusterAgent.enabled }} - - name: STS_CLUSTER_AGENT_KUBERNETES_SERVICE_NAME - value: {{ .Release.Name }}-cluster-agent - {{ include "stackstate-k8s-agent.clusterAgentAuthTokenEnv" . | nindent 10 }} - {{- end }} - - name: STS_CLUSTER_NAME - value: {{ .Values.stackstate.cluster.name | quote }} - - name: STS_SKIP_VALIDATE_CLUSTERNAME - value: "true" - - name: STS_CHECKS_TAG_CARDINALITY - value: {{ .Values.checksAgent.checksTagCardinality | quote }} - - name: STS_EXTRA_CONFIG_PROVIDERS - value: "clusterchecks" - - name: STS_HEALTH_PORT - value: "5555" - - name: STS_LEADER_ELECTION - value: "false" - - name: STS_LOG_LEVEL - value: {{ .Values.checksAgent.logLevel | quote }} - - name: STS_NETWORK_TRACING_ENABLED - value: "false" - - name: STS_PROCESS_AGENT_ENABLED - value: "false" - - name: STS_SKIP_SSL_VALIDATION - value: {{ or .Values.global.skipSslValidation .Values.checksAgent.skipSslValidation | quote }} - - name: STS_STS_URL - value: {{ include "stackstate-k8s-agent.stackstate.url" . }} - {{- if .Values.global.proxy.url }} - - name: STS_PROXY_HTTPS - value: {{ .Values.global.proxy.url | quote }} - - name: STS_PROXY_HTTP - value: {{ .Values.global.proxy.url | quote }} - {{- end }} - {{- range $key, $value := .Values.global.extraEnv.open }} - - name: {{ $key }} - value: {{ $value | quote }} - {{- end }} - {{- range $key, $value := .Values.global.extraEnv.secret }} - - name: {{ $key }} - valueFrom: - secretKeyRef: - name: {{ include "stackstate-k8s-agent.fullname" . }} - key: {{ $key }} - {{- end }} - livenessProbe: - httpGet: - path: /health - port: healthport - failureThreshold: {{ .Values.checksAgent.livenessProbe.failureThreshold }} - initialDelaySeconds: {{ .Values.checksAgent.livenessProbe.initialDelaySeconds }} - periodSeconds: {{ .Values.checksAgent.livenessProbe.periodSeconds }} - successThreshold: {{ .Values.checksAgent.livenessProbe.successThreshold }} - timeoutSeconds: {{ .Values.checksAgent.livenessProbe.timeoutSeconds }} - readinessProbe: - httpGet: - path: /health - port: healthport - failureThreshold: {{ .Values.checksAgent.readinessProbe.failureThreshold }} - initialDelaySeconds: {{ .Values.checksAgent.readinessProbe.initialDelaySeconds }} - periodSeconds: {{ .Values.checksAgent.readinessProbe.periodSeconds }} - successThreshold: {{ .Values.checksAgent.readinessProbe.successThreshold }} - timeoutSeconds: {{ .Values.checksAgent.readinessProbe.timeoutSeconds }} - ports: - - containerPort: 5555 - name: healthport - protocol: TCP - {{- if .Values.all.hardening.enabled}} - securityContext: - privileged: true - runAsUser: 0 # root - capabilities: - add: [ "ALL" ] - readOnlyRootFilesystem: false - {{- else }} - securityContext: - privileged: false - {{- end }} - {{- with .Values.checksAgent.resources }} - resources: - {{- toYaml . | nindent 12 }} - {{- end }} - volumeMounts: - - name: confd-empty-volume - mountPath: /etc/stackstate-agent/conf.d -# setting as readOnly: false because we need the ability to write data on /etc/stackstate-agent/conf.d as we enable checks to run. - readOnly: false - {{- if .Values.checksAgent.config.override }} - {{- range .Values.checksAgent.config.override }} - - name: config-override-volume - mountPath: {{ .path }}/{{ .name }} - subPath: {{ .path | replace "/" "_"}}_{{ .name }} - readOnly: true - {{- end }} - {{- end }} - {{- if .Values.checksAgent.priorityClassName }} - priorityClassName: {{ .Values.checksAgent.priorityClassName }} - {{- end }} - serviceAccountName: {{ .Release.Name }}-checks-agent - nodeSelector: - {{ template "label.os" . }}: {{ .Values.targetSystem }} - {{- with .Values.checksAgent.nodeSelector }} - {{- toYaml . | nindent 8 }} - {{- end }} - {{- with .Values.checksAgent.affinity }} - affinity: - {{- toYaml . | nindent 8 }} - {{- end }} - {{- with .Values.checksAgent.tolerations }} - tolerations: - {{- toYaml . | nindent 8 }} - {{- end }} - volumes: - - name: confd-empty-volume - emptyDir: {} - {{- if .Values.checksAgent.config.override }} - - name: config-override-volume - configMap: - name: {{ .Release.Name }}-checks-agent - {{- end }} -{{- end -}} diff --git a/charts/stackstate/stackstate-k8s-agent/1.0.89/templates/checks-agent-poddisruptionbudget.yaml b/charts/stackstate/stackstate-k8s-agent/1.0.89/templates/checks-agent-poddisruptionbudget.yaml deleted file mode 100644 index 19d3924ea..000000000 --- a/charts/stackstate/stackstate-k8s-agent/1.0.89/templates/checks-agent-poddisruptionbudget.yaml +++ /dev/null @@ -1,23 +0,0 @@ -{{- if .Values.checksAgent.enabled }} -{{- if .Capabilities.APIVersions.Has "policy/v1/PodDisruptionBudget" }} -apiVersion: policy/v1 -{{- else }} -apiVersion: policy/v1beta1 -{{- end }} -kind: PodDisruptionBudget -metadata: - name: {{ .Release.Name }}-checks-agent - labels: -{{ include "stackstate-k8s-agent.labels" . | indent 4 }} -{{ include "stackstate-k8s-agent.global.extraLabels" . | indent 4 }} - app.kubernetes.io/component: checks-agent - annotations: -{{ include "stackstate-k8s-agent.global.extraAnnotations" . | indent 4 }} -spec: - maxUnavailable: 1 - selector: - matchLabels: - app.kubernetes.io/component: checks-agent - app.kubernetes.io/instance: {{ .Release.Name }} - app.kubernetes.io/name: {{ include "stackstate-k8s-agent.name" . }} -{{- end -}} diff --git a/charts/stackstate/stackstate-k8s-agent/1.0.89/templates/checks-agent-serviceaccount.yaml b/charts/stackstate/stackstate-k8s-agent/1.0.89/templates/checks-agent-serviceaccount.yaml deleted file mode 100644 index a90a43589..000000000 --- a/charts/stackstate/stackstate-k8s-agent/1.0.89/templates/checks-agent-serviceaccount.yaml +++ /dev/null @@ -1,16 +0,0 @@ -{{- if .Values.checksAgent.enabled }} -apiVersion: v1 -kind: ServiceAccount -metadata: - name: {{ .Release.Name }}-checks-agent - namespace: {{ .Release.Namespace }} - labels: -{{ include "stackstate-k8s-agent.labels" . | indent 4 }} -{{ include "stackstate-k8s-agent.global.extraLabels" . | indent 4 }} - app.kubernetes.io/component: checks-agent - annotations: -{{ include "stackstate-k8s-agent.global.extraAnnotations" . | indent 4 }} -{{- with .Values.checksAgent.serviceaccount.annotations }} - {{- toYaml . | nindent 4 }} -{{- end }} -{{- end -}} diff --git a/charts/stackstate/stackstate-k8s-agent/1.0.89/templates/cluster-agent-clusterrole.yaml b/charts/stackstate/stackstate-k8s-agent/1.0.89/templates/cluster-agent-clusterrole.yaml deleted file mode 100644 index 021a43ebd..000000000 --- a/charts/stackstate/stackstate-k8s-agent/1.0.89/templates/cluster-agent-clusterrole.yaml +++ /dev/null @@ -1,152 +0,0 @@ -{{- $kubeRes := .Values.clusterAgent.collection.kubernetesResources }} -apiVersion: rbac.authorization.k8s.io/v1 -kind: ClusterRole -metadata: - name: {{ include "stackstate-k8s-agent.fullname" . }} - labels: -{{ include "stackstate-k8s-agent.labels" . | indent 4 }} -{{ include "stackstate-k8s-agent.global.extraLabels" . | indent 4 }} - app.kubernetes.io/component: cluster-agent - annotations: -{{ include "stackstate-k8s-agent.global.extraAnnotations" . | indent 4 }} -rules: -- apiGroups: - - "" - resources: - - events - - nodes - - pods - - services - {{- if $kubeRes.namespaces }} - - namespaces - {{- end }} - {{- if .Values.clusterAgent.collection.kubernetesMetrics }} - - componentstatuses - {{- end }} - {{- if $kubeRes.configmaps }} - - configmaps - {{- end }} - {{- if $kubeRes.endpoints }} - - endpoints - {{- end }} - {{- if $kubeRes.persistentvolumeclaims }} - - persistentvolumeclaims - {{- end }} - {{- if $kubeRes.persistentvolumes }} - - persistentvolumes - {{- end }} - {{- if $kubeRes.secrets }} - - secrets - {{- end }} - {{- if $kubeRes.resourcequotas }} - - resourcequotas - {{- end }} - verbs: - - get - - list - - watch -{{- if or $kubeRes.daemonsets $kubeRes.deployments $kubeRes.replicasets $kubeRes.statefulsets }} -- apiGroups: - - "apps" - resources: - {{- if $kubeRes.daemonsets }} - - daemonsets - {{- end }} - {{- if $kubeRes.deployments }} - - deployments - {{- end }} - {{- if $kubeRes.replicasets }} - - replicasets - {{- end }} - {{- if $kubeRes.statefulsets }} - - statefulsets - {{- end }} - verbs: - - get - - list - - watch -{{- end}} -{{- if $kubeRes.ingresses }} -- apiGroups: - - "extensions" - - "networking.k8s.io" - resources: - - ingresses - verbs: - - get - - list - - watch -{{- end}} -{{- if or $kubeRes.cronjobs $kubeRes.jobs }} -- apiGroups: - - "batch" - resources: - {{- if $kubeRes.cronjobs }} - - cronjobs - {{- end }} - {{- if $kubeRes.jobs }} - - jobs - {{- end }} - verbs: - - get - - list - - watch -{{- end}} -- nonResourceURLs: - - "/healthz" - - "/version" - verbs: - - get -- apiGroups: - - "storage.k8s.io" - resources: - {{- if $kubeRes.volumeattachments }} - - volumeattachments - {{- end }} - {{- if $kubeRes.storageclasses }} - - storageclasses - {{- end }} - verbs: - - get - - list - - watch -- apiGroups: - - "policy" - resources: - {{- if $kubeRes.poddisruptionbudgets }} - - poddisruptionbudgets - {{- end }} - verbs: - - get - - list - - watch -- apiGroups: - - "" - resources: - {{- if $kubeRes.replicationcontrollers }} - - replicationcontrollers - {{- end }} - verbs: - - get - - list - - watch -- apiGroups: - - "autoscaling" - resources: - {{- if $kubeRes.horizontalpodautoscalers }} - - horizontalpodautoscalers - {{- end }} - verbs: - - get - - list - - watch -- apiGroups: - - "" - resources: - {{- if $kubeRes.limitranges }} - - limitranges - {{- end }} - verbs: - - get - - list - - watch diff --git a/charts/stackstate/stackstate-k8s-agent/1.0.89/templates/cluster-agent-clusterrolebinding.yaml b/charts/stackstate/stackstate-k8s-agent/1.0.89/templates/cluster-agent-clusterrolebinding.yaml deleted file mode 100644 index 207613dd9..000000000 --- a/charts/stackstate/stackstate-k8s-agent/1.0.89/templates/cluster-agent-clusterrolebinding.yaml +++ /dev/null @@ -1,19 +0,0 @@ -apiVersion: rbac.authorization.k8s.io/v1 -kind: ClusterRoleBinding -metadata: - name: {{ include "stackstate-k8s-agent.fullname" . }} - labels: -{{ include "stackstate-k8s-agent.labels" . | indent 4 }} -{{ include "stackstate-k8s-agent.global.extraLabels" . | indent 4 }} - app.kubernetes.io/component: cluster-agent - annotations: -{{ include "stackstate-k8s-agent.global.extraAnnotations" . | indent 4 }} -roleRef: - apiGroup: rbac.authorization.k8s.io - kind: ClusterRole - name: {{ include "stackstate-k8s-agent.fullname" . }} -subjects: -- apiGroup: "" - kind: ServiceAccount - name: {{ include "stackstate-k8s-agent.fullname" . }} - namespace: {{ .Release.Namespace }} diff --git a/charts/stackstate/stackstate-k8s-agent/1.0.89/templates/cluster-agent-configmap.yaml b/charts/stackstate/stackstate-k8s-agent/1.0.89/templates/cluster-agent-configmap.yaml deleted file mode 100644 index 37d10217f..000000000 --- a/charts/stackstate/stackstate-k8s-agent/1.0.89/templates/cluster-agent-configmap.yaml +++ /dev/null @@ -1,31 +0,0 @@ -apiVersion: v1 -kind: ConfigMap -metadata: - name: {{ .Release.Name }}-cluster-agent - labels: -{{ include "stackstate-k8s-agent.labels" . | indent 4 }} -{{ include "stackstate-k8s-agent.global.extraLabels" . | indent 4 }} - app.kubernetes.io/component: cluster-agent - annotations: -{{ include "stackstate-k8s-agent.global.extraAnnotations" . | indent 4 }} -data: - kubernetes_api_events_conf: | - init_config: - instances: - - collect_events: {{ .Values.clusterAgent.collection.kubernetesEvents }} - event_categories:{{ .Values.clusterAgent.config.events.categories | toYaml | nindent 10 }} - kubernetes_api_topology_conf: | - init_config: - instances: - - collection_interval: {{ .Values.clusterAgent.config.topology.collectionInterval }} - resources:{{ .Values.clusterAgent.collection.kubernetesResources | toYaml | nindent 10 }} - {{- if .Values.clusterAgent.collection.kubeStateMetrics.enabled }} - kube_state_metrics_core_conf: | - {{- include "cluster-agent-kube-state-metrics" . | nindent 6 }} - {{- end }} -{{- if .Values.clusterAgent.config.override }} -{{- range .Values.clusterAgent.config.override }} - {{ .path | replace "/" "_"}}_{{ .name }}: | -{{ .data | indent 4 -}} -{{- end -}} -{{- end -}} diff --git a/charts/stackstate/stackstate-k8s-agent/1.0.89/templates/cluster-agent-deployment.yaml b/charts/stackstate/stackstate-k8s-agent/1.0.89/templates/cluster-agent-deployment.yaml deleted file mode 100644 index 51025a670..000000000 --- a/charts/stackstate/stackstate-k8s-agent/1.0.89/templates/cluster-agent-deployment.yaml +++ /dev/null @@ -1,169 +0,0 @@ -apiVersion: apps/v1 -kind: Deployment -metadata: - name: {{ .Release.Name }}-cluster-agent - labels: -{{ include "stackstate-k8s-agent.labels" . | indent 4 }} -{{ include "stackstate-k8s-agent.global.extraLabels" . | indent 4 }} - app.kubernetes.io/component: cluster-agent - annotations: -{{ include "stackstate-k8s-agent.global.extraAnnotations" . | indent 4 }} -spec: - replicas: {{ .Values.clusterAgent.replicaCount }} - selector: - matchLabels: - app.kubernetes.io/component: cluster-agent - app.kubernetes.io/instance: {{ .Release.Name }} - app.kubernetes.io/name: {{ include "stackstate-k8s-agent.name" . }} -{{- with .Values.clusterAgent.strategy }} - strategy: - {{- toYaml . | nindent 4 }} -{{- end }} - template: - metadata: - annotations: - {{- include "stackstate-k8s-agent.checksum-configs" . | nindent 8 }} - {{- include "stackstate-k8s-agent.configmap.override.checksum" . | nindent 8 }} -{{ include "stackstate-k8s-agent.global.extraAnnotations" . | indent 8 }} - labels: - app.kubernetes.io/component: cluster-agent - app.kubernetes.io/instance: {{ .Release.Name }} - app.kubernetes.io/name: {{ include "stackstate-k8s-agent.name" . }} -{{ include "stackstate-k8s-agent.global.extraLabels" . | indent 8 }} - spec: - {{- include "stackstate-k8s-agent.image.pullSecrets" (dict "images" (list .Values.clusterAgent.image .Values.all.image) "context" $) | nindent 6 }} - {{- if .Values.clusterAgent.priorityClassName }} - priorityClassName: {{ .Values.clusterAgent.priorityClassName }} - {{- end }} - serviceAccountName: {{ include "stackstate-k8s-agent.fullname" . }} - {{- if .Values.all.hardening.enabled}} - terminationGracePeriodSeconds: 240 - {{- end }} - containers: - - name: cluster-agent - image: "{{ include "stackstate-k8s-agent.imageRegistry" . }}/{{ .Values.clusterAgent.image.repository }}:{{ .Values.clusterAgent.image.tag }}" - imagePullPolicy: "{{ .Values.clusterAgent.image.pullPolicy }}" - {{- if .Values.all.hardening.enabled}} - lifecycle: - preStop: - exec: - command: [ "/bin/sh", "-c", "echo 'Giving slim.ai monitor time to submit data...'; sleep 120" ] - {{- end }} - env: - {{ include "stackstate-k8s-agent.apiKeyEnv" . | nindent 10 }} - {{ include "stackstate-k8s-agent.clusterAgentAuthTokenEnv" . | nindent 10 }} - - name: KUBERNETES_HOSTNAME - valueFrom: - fieldRef: - fieldPath: spec.nodeName - - name: STS_HOSTNAME - value: "$(KUBERNETES_HOSTNAME)-{{ .Values.stackstate.cluster.name}}" - - name: LOG_LEVEL - value: {{ .Values.clusterAgent.logLevel | quote }} - {{- if .Values.checksAgent.enabled }} - - name: STS_CLUSTER_CHECKS_ENABLED - value: "true" - - name: STS_EXTRA_CONFIG_PROVIDERS - value: "kube_endpoints kube_services" - - name: STS_EXTRA_LISTENERS - value: "kube_endpoints kube_services" - {{- end }} - - name: STS_CLUSTER_NAME - value: {{.Values.stackstate.cluster.name | quote }} - - name: STS_SKIP_VALIDATE_CLUSTERNAME - value: "true" - - name: STS_SKIP_SSL_VALIDATION - value: {{ or .Values.global.skipSslValidation .Values.clusterAgent.skipSslValidation | quote }} - - name: STS_COLLECT_KUBERNETES_METRICS - value: {{ .Values.clusterAgent.collection.kubernetesMetrics | quote }} - - name: STS_COLLECT_KUBERNETES_TIMEOUT - value: {{ .Values.clusterAgent.collection.kubernetesTimeout | quote }} - - name: STS_COLLECT_KUBERNETES_TOPOLOGY - value: {{ .Values.clusterAgent.collection.kubernetesTopology | quote }} - - name: STS_LEADER_ELECTION - value: "true" - - name: STS_LOG_LEVEL - value: {{ .Values.clusterAgent.logLevel | quote }} - - name: STS_CLUSTER_AGENT_CMD_PORT - value: {{ .Values.clusterAgent.service.targetPort | quote }} - - name: STS_STS_URL - value: {{ include "stackstate-k8s-agent.stackstate.url" . }} - {{- if .Values.clusterAgent.config.configMap.maxDataSize }} - - name: STS_CONFIGMAP_MAX_DATASIZE - value: {{ .Values.clusterAgent.config.configMap.maxDataSize | quote }} - {{- end}} - {{- if .Values.global.proxy.url }} - - name: STS_PROXY_HTTPS - value: {{ .Values.global.proxy.url | quote }} - - name: STS_PROXY_HTTP - value: {{ .Values.global.proxy.url | quote }} - {{- end }} - {{- range $key, $value := .Values.global.extraEnv.open }} - - name: {{ $key }} - value: {{ $value | quote }} - {{- end }} - {{- range $key, $value := .Values.global.extraEnv.secret }} - - name: {{ $key }} - valueFrom: - secretKeyRef: - name: {{ include "stackstate-k8s-agent.fullname" . }} - key: {{ $key }} - {{- end }} - {{- if .Values.all.hardening.enabled}} - securityContext: - privileged: true - runAsUser: 0 # root - capabilities: - add: [ "ALL" ] - readOnlyRootFilesystem: false - {{- else }} - securityContext: - privileged: false - {{- end }} - {{- with .Values.clusterAgent.resources }} - resources: - {{- toYaml . | nindent 12 }} - {{- end }} - volumeMounts: - - name: logs - mountPath: /var/log/stackstate-agent - - name: config-override-volume - mountPath: /etc/stackstate-agent/conf.d/kubernetes_api_events.d/conf.yaml - subPath: kubernetes_api_events_conf - - name: config-override-volume - mountPath: /etc/stackstate-agent/conf.d/kubernetes_api_topology.d/conf.yaml - subPath: kubernetes_api_topology_conf - readOnly: true - {{- if .Values.clusterAgent.collection.kubeStateMetrics.enabled }} - - name: config-override-volume - mountPath: /etc/stackstate-agent/conf.d/kubernetes_state_core.d/conf.yaml - subPath: kube_state_metrics_core_conf - readOnly: true - {{- end }} - {{- if .Values.clusterAgent.config.override }} - {{- range .Values.clusterAgent.config.override }} - - name: config-override-volume - mountPath: {{ .path }}/{{ .name }} - subPath: {{ .path | replace "/" "_"}}_{{ .name }} - readOnly: true - {{- end }} - {{- end }} - nodeSelector: - {{ template "label.os" . }}: {{ .Values.targetSystem }} - {{- with .Values.clusterAgent.nodeSelector }} - {{- toYaml . | nindent 8 }} - {{- end }} - {{- with .Values.clusterAgent.affinity }} - affinity: - {{- toYaml . | nindent 8 }} - {{- end }} - {{- with .Values.clusterAgent.tolerations }} - tolerations: - {{- toYaml . | nindent 8 }} - {{- end }} - volumes: - - name: logs - emptyDir: {} - - name: config-override-volume - configMap: - name: {{ .Release.Name }}-cluster-agent diff --git a/charts/stackstate/stackstate-k8s-agent/1.0.89/templates/cluster-agent-poddisruptionbudget.yaml b/charts/stackstate/stackstate-k8s-agent/1.0.89/templates/cluster-agent-poddisruptionbudget.yaml deleted file mode 100644 index 64a265b7d..000000000 --- a/charts/stackstate/stackstate-k8s-agent/1.0.89/templates/cluster-agent-poddisruptionbudget.yaml +++ /dev/null @@ -1,21 +0,0 @@ -{{- if .Capabilities.APIVersions.Has "policy/v1/PodDisruptionBudget" }} -apiVersion: policy/v1 -{{- else }} -apiVersion: policy/v1beta1 -{{- end }} -kind: PodDisruptionBudget -metadata: - name: {{ include "stackstate-k8s-agent.fullname" . }} - labels: -{{ include "stackstate-k8s-agent.labels" . | indent 4 }} -{{ include "stackstate-k8s-agent.global.extraLabels" . | indent 4 }} - app.kubernetes.io/component: cluster-agent - annotations: -{{ include "stackstate-k8s-agent.global.extraAnnotations" . | indent 4 }} -spec: - maxUnavailable: 1 - selector: - matchLabels: - app.kubernetes.io/component: cluster-agent - app.kubernetes.io/instance: {{ .Release.Name }} - app.kubernetes.io/name: {{ include "stackstate-k8s-agent.name" . }} diff --git a/charts/stackstate/stackstate-k8s-agent/1.0.89/templates/cluster-agent-role.yaml b/charts/stackstate/stackstate-k8s-agent/1.0.89/templates/cluster-agent-role.yaml deleted file mode 100644 index eabc5bde3..000000000 --- a/charts/stackstate/stackstate-k8s-agent/1.0.89/templates/cluster-agent-role.yaml +++ /dev/null @@ -1,21 +0,0 @@ -{{- $kubeRes := .Values.clusterAgent.collection.kubernetesResources }} -apiVersion: rbac.authorization.k8s.io/v1 -kind: Role -metadata: - name: {{ include "stackstate-k8s-agent.fullname" . }} - labels: -{{ include "stackstate-k8s-agent.labels" . | indent 4 }} -{{ include "stackstate-k8s-agent.global.extraLabels" . | indent 4 }} - app.kubernetes.io/component: cluster-agent - annotations: -{{ include "stackstate-k8s-agent.global.extraAnnotations" . | indent 4 }} -rules: -- apiGroups: - - "" - resources: - - configmaps - verbs: - - create - - get - - patch - - update diff --git a/charts/stackstate/stackstate-k8s-agent/1.0.89/templates/cluster-agent-rolebinding.yaml b/charts/stackstate/stackstate-k8s-agent/1.0.89/templates/cluster-agent-rolebinding.yaml deleted file mode 100644 index adabad45e..000000000 --- a/charts/stackstate/stackstate-k8s-agent/1.0.89/templates/cluster-agent-rolebinding.yaml +++ /dev/null @@ -1,18 +0,0 @@ -apiVersion: rbac.authorization.k8s.io/v1 -kind: RoleBinding -metadata: - name: {{ include "stackstate-k8s-agent.fullname" . }} - labels: -{{ include "stackstate-k8s-agent.labels" . | indent 4 }} -{{ include "stackstate-k8s-agent.global.extraLabels" . | indent 4 }} - app.kubernetes.io/component: cluster-agent - annotations: -{{ include "stackstate-k8s-agent.global.extraAnnotations" . | indent 4 }} -roleRef: - apiGroup: rbac.authorization.k8s.io - kind: Role - name: {{ include "stackstate-k8s-agent.fullname" . }} -subjects: -- apiGroup: "" - kind: ServiceAccount - name: {{ include "stackstate-k8s-agent.fullname" . }} diff --git a/charts/stackstate/stackstate-k8s-agent/1.0.89/templates/cluster-agent-service.yaml b/charts/stackstate/stackstate-k8s-agent/1.0.89/templates/cluster-agent-service.yaml deleted file mode 100644 index 8b687e8f7..000000000 --- a/charts/stackstate/stackstate-k8s-agent/1.0.89/templates/cluster-agent-service.yaml +++ /dev/null @@ -1,21 +0,0 @@ -apiVersion: v1 -kind: Service -metadata: - name: {{ .Release.Name }}-cluster-agent - namespace: {{ .Release.Namespace }} - labels: -{{ include "stackstate-k8s-agent.labels" . | indent 4 }} -{{ include "stackstate-k8s-agent.global.extraLabels" . | indent 4 }} - app.kubernetes.io/component: cluster-agent - annotations: -{{ include "stackstate-k8s-agent.global.extraAnnotations" . | indent 4 }} -spec: - ports: - - name: clusteragent - port: {{int .Values.clusterAgent.service.port }} - protocol: TCP - targetPort: {{int .Values.clusterAgent.service.targetPort }} - selector: - app.kubernetes.io/component: cluster-agent - app.kubernetes.io/instance: {{ .Release.Name }} - app.kubernetes.io/name: {{ include "stackstate-k8s-agent.name" . }} diff --git a/charts/stackstate/stackstate-k8s-agent/1.0.89/templates/cluster-agent-serviceaccount.yaml b/charts/stackstate/stackstate-k8s-agent/1.0.89/templates/cluster-agent-serviceaccount.yaml deleted file mode 100644 index 6cbc89699..000000000 --- a/charts/stackstate/stackstate-k8s-agent/1.0.89/templates/cluster-agent-serviceaccount.yaml +++ /dev/null @@ -1,14 +0,0 @@ -apiVersion: v1 -kind: ServiceAccount -metadata: - name: {{ include "stackstate-k8s-agent.fullname" . }} - namespace: {{ .Release.Namespace }} - labels: -{{ include "stackstate-k8s-agent.labels" . | indent 4 }} -{{ include "stackstate-k8s-agent.global.extraLabels" . | indent 4 }} - app.kubernetes.io/component: cluster-agent - annotations: -{{ include "stackstate-k8s-agent.global.extraAnnotations" . | indent 4 }} -{{- with .Values.clusterAgent.serviceaccount.annotations }} - {{- toYaml . | nindent 4 }} -{{- end }} diff --git a/charts/stackstate/stackstate-k8s-agent/1.0.89/templates/logs-agent-clusterrole.yaml b/charts/stackstate/stackstate-k8s-agent/1.0.89/templates/logs-agent-clusterrole.yaml deleted file mode 100644 index da6cd59dd..000000000 --- a/charts/stackstate/stackstate-k8s-agent/1.0.89/templates/logs-agent-clusterrole.yaml +++ /dev/null @@ -1,23 +0,0 @@ -{{- if .Values.logsAgent.enabled }} -apiVersion: rbac.authorization.k8s.io/v1 -kind: ClusterRole -metadata: - name: {{ .Release.Name }}-logs-agent - labels: -{{ include "stackstate-k8s-agent.labels" . | indent 4 }} -{{ include "stackstate-k8s-agent.global.extraLabels" . | indent 4 }} - app.kubernetes.io/component: logs-agent - annotations: -{{ include "stackstate-k8s-agent.global.extraAnnotations" . | indent 4 }} -rules: -- apiGroups: # Kubelet connectivity - - "" - resources: - - nodes - - services - - pods - verbs: - - get - - watch - - list -{{- end -}} diff --git a/charts/stackstate/stackstate-k8s-agent/1.0.89/templates/logs-agent-clusterrolebinding.yaml b/charts/stackstate/stackstate-k8s-agent/1.0.89/templates/logs-agent-clusterrolebinding.yaml deleted file mode 100644 index 1f6e7cfcf..000000000 --- a/charts/stackstate/stackstate-k8s-agent/1.0.89/templates/logs-agent-clusterrolebinding.yaml +++ /dev/null @@ -1,21 +0,0 @@ -{{- if .Values.logsAgent.enabled }} -apiVersion: rbac.authorization.k8s.io/v1 -kind: ClusterRoleBinding -metadata: - name: {{ .Release.Name }}-logs-agent - labels: -{{ include "stackstate-k8s-agent.labels" . | indent 4 }} -{{ include "stackstate-k8s-agent.global.extraLabels" . | indent 4 }} - app.kubernetes.io/component: logs-agent - annotations: -{{ include "stackstate-k8s-agent.global.extraAnnotations" . | indent 4 }} -roleRef: - apiGroup: rbac.authorization.k8s.io - kind: ClusterRole - name: {{ .Release.Name }}-logs-agent -subjects: -- apiGroup: "" - kind: ServiceAccount - name: {{ .Release.Name }}-logs-agent - namespace: {{ .Release.Namespace }} -{{- end -}} diff --git a/charts/stackstate/stackstate-k8s-agent/1.0.89/templates/logs-agent-configmap.yaml b/charts/stackstate/stackstate-k8s-agent/1.0.89/templates/logs-agent-configmap.yaml deleted file mode 100644 index ff9440a4b..000000000 --- a/charts/stackstate/stackstate-k8s-agent/1.0.89/templates/logs-agent-configmap.yaml +++ /dev/null @@ -1,63 +0,0 @@ -{{- if .Values.logsAgent.enabled }} -apiVersion: v1 -kind: ConfigMap -metadata: - name: {{ .Release.Name }}-logs-agent - labels: -{{ include "stackstate-k8s-agent.labels" . | indent 4 }} -{{ include "stackstate-k8s-agent.global.extraLabels" . | indent 4 }} - app.kubernetes.io/component: logs-agent - annotations: -{{ include "stackstate-k8s-agent.global.extraAnnotations" . | indent 4 }} -data: - promtail.yaml: | - server: - http_listen_port: 9080 - grpc_listen_port: 0 - - clients: - - url: {{ tpl .Values.stackstate.url . }}/logs/k8s?api_key=${STS_API_KEY} - external_labels: - sts_cluster_name: {{ .Values.stackstate.cluster.name | quote }} - {{- if .Values.global.proxy.url }} - proxy_url: {{ .Values.global.proxy.url | quote }} - {{- end }} - tls_config: - insecure_skip_verify: {{ or .Values.global.skipSslValidation .Values.logsAgent.skipSslValidation }} - - - positions: - filename: /tmp/positions.yaml - target_config: - sync_period: 10s - scrape_configs: - - job_name: pod-logs - kubernetes_sd_configs: - - role: pod - pipeline_stages: - - docker: {} - - cri: {} - relabel_configs: - - action: replace - source_labels: - - __meta_kubernetes_pod_name - target_label: pod_name - - action: replace - source_labels: - - __meta_kubernetes_pod_uid - target_label: pod_uid - - action: replace - source_labels: - - __meta_kubernetes_pod_container_name - target_label: container_name - # The __path__ is required by the promtail client - - replacement: /var/log/pods/*$1/*.log - separator: / - source_labels: - - __meta_kubernetes_pod_uid - - __meta_kubernetes_pod_container_name - target_label: __path__ - # Drop all remaining labels, we do not need those - - action: drop - regex: __meta_(.*) -{{- end -}} diff --git a/charts/stackstate/stackstate-k8s-agent/1.0.89/templates/logs-agent-daemonset.yaml b/charts/stackstate/stackstate-k8s-agent/1.0.89/templates/logs-agent-daemonset.yaml deleted file mode 100644 index 23cfce31f..000000000 --- a/charts/stackstate/stackstate-k8s-agent/1.0.89/templates/logs-agent-daemonset.yaml +++ /dev/null @@ -1,91 +0,0 @@ -{{- if .Values.logsAgent.enabled }} -apiVersion: apps/v1 -kind: DaemonSet -metadata: - name: {{ .Release.Name }}-logs-agent - namespace: {{ .Release.Namespace }} - labels: -{{ include "stackstate-k8s-agent.labels" . | indent 4 }} -{{ include "stackstate-k8s-agent.global.extraLabels" . | indent 4 }} - app.kubernetes.io/component: logs-agent - annotations: -{{ include "stackstate-k8s-agent.global.extraAnnotations" . | indent 4 }} -spec: - selector: - matchLabels: - app.kubernetes.io/component: logs-agent - app.kubernetes.io/instance: {{ .Release.Name }} - app.kubernetes.io/name: {{ include "stackstate-k8s-agent.name" . }} -{{- with .Values.logsAgent.updateStrategy }} - updateStrategy: - {{- toYaml . | nindent 4 }} -{{- end }} - template: - metadata: - annotations: - {{- include "stackstate-k8s-agent.checksum-configs" . | nindent 8 }} - {{- include "stackstate-k8s-agent.logsAgent.configmap.override.checksum" . | nindent 8 }} -{{ include "stackstate-k8s-agent.global.extraAnnotations" . | indent 8 }} - labels: - app.kubernetes.io/component: logs-agent - app.kubernetes.io/instance: {{ .Release.Name }} - app.kubernetes.io/name: {{ include "stackstate-k8s-agent.name" . }} -{{ include "stackstate-k8s-agent.global.extraLabels" . | indent 8 }} - spec: - {{- include "stackstate-k8s-agent.image.pullSecrets" (dict "images" (list .Values.logsAgent.image .Values.all.image) "context" $) | nindent 6 }} - containers: - - name: logs-agent - image: "{{ include "stackstate-k8s-agent.imageRegistry" . }}/{{ .Values.logsAgent.image.repository }}:{{ .Values.logsAgent.image.tag }}" - args: - - -config.expand-env=true - - -config.file=/etc/promtail/promtail.yaml - imagePullPolicy: "{{ .Values.logsAgent.image.pullPolicy }}" - env: - {{ include "stackstate-k8s-agent.apiKeyEnv" . | nindent 10 }} - - name: "HOSTNAME" # needed when using kubernetes_sd_configs - valueFrom: - fieldRef: - fieldPath: "spec.nodeName" - securityContext: - privileged: false - {{- with .Values.logsAgent.resources }} - resources: - {{- toYaml . | nindent 12 }} - {{- end }} - volumeMounts: - - name: logs - mountPath: /var/log - readOnly: true - - name: logs-agent-config - mountPath: /etc/promtail - readOnly: true - - name: varlibdockercontainers - mountPath: /var/lib/docker/containers - readOnly: true - {{- if .Values.logsAgent.priorityClassName }} - priorityClassName: {{ .Values.logsAgent.priorityClassName }} - {{- end }} - serviceAccountName: {{ .Release.Name }}-logs-agent - {{- with .Values.logsAgent.nodeSelector }} - nodeSelector: - {{- toYaml . | nindent 8 }} - {{- end }} - {{- with .Values.logsAgent.affinity }} - affinity: - {{- toYaml . | nindent 8 }} - {{- end }} - {{- with .Values.logsAgent.tolerations }} - tolerations: - {{- toYaml . | nindent 8 }} - {{- end }} - volumes: - - name: logs - hostPath: - path: /var/log - - name: varlibdockercontainers - hostPath: - path: /var/lib/docker/containers - - name: logs-agent-config - configMap: - name: {{ .Release.Name }}-logs-agent -{{- end -}} diff --git a/charts/stackstate/stackstate-k8s-agent/1.0.89/templates/logs-agent-serviceaccount.yaml b/charts/stackstate/stackstate-k8s-agent/1.0.89/templates/logs-agent-serviceaccount.yaml deleted file mode 100644 index 91cfdb137..000000000 --- a/charts/stackstate/stackstate-k8s-agent/1.0.89/templates/logs-agent-serviceaccount.yaml +++ /dev/null @@ -1,16 +0,0 @@ -{{- if .Values.logsAgent.enabled }} -apiVersion: v1 -kind: ServiceAccount -metadata: - name: {{ .Release.Name }}-logs-agent - namespace: {{ .Release.Namespace }} - labels: -{{ include "stackstate-k8s-agent.labels" . | indent 4 }} -{{ include "stackstate-k8s-agent.global.extraLabels" . | indent 4 }} - app.kubernetes.io/component: logs-agent - annotations: -{{ include "stackstate-k8s-agent.global.extraAnnotations" . | indent 4 }} -{{- with .Values.logsAgent.serviceaccount.annotations }} - {{- toYaml . | nindent 4 }} -{{- end }} -{{- end -}} diff --git a/charts/stackstate/stackstate-k8s-agent/1.0.89/templates/node-agent-clusterrole.yaml b/charts/stackstate/stackstate-k8s-agent/1.0.89/templates/node-agent-clusterrole.yaml deleted file mode 100644 index 1ded16cc2..000000000 --- a/charts/stackstate/stackstate-k8s-agent/1.0.89/templates/node-agent-clusterrole.yaml +++ /dev/null @@ -1,21 +0,0 @@ -apiVersion: rbac.authorization.k8s.io/v1 -kind: ClusterRole -metadata: - name: {{ .Release.Name }}-node-agent - labels: -{{ include "stackstate-k8s-agent.labels" . | indent 4 }} -{{ include "stackstate-k8s-agent.global.extraLabels" . | indent 4 }} - app.kubernetes.io/component: node-agent - annotations: -{{ include "stackstate-k8s-agent.global.extraAnnotations" . | indent 4 }} -rules: -- apiGroups: # Kubelet connectivity - - "" - resources: - - nodes/metrics - - nodes/proxy - - nodes/spec - - endpoints - verbs: - - get - - list diff --git a/charts/stackstate/stackstate-k8s-agent/1.0.89/templates/node-agent-clusterrolebinding.yaml b/charts/stackstate/stackstate-k8s-agent/1.0.89/templates/node-agent-clusterrolebinding.yaml deleted file mode 100644 index b3f033ebb..000000000 --- a/charts/stackstate/stackstate-k8s-agent/1.0.89/templates/node-agent-clusterrolebinding.yaml +++ /dev/null @@ -1,19 +0,0 @@ -apiVersion: rbac.authorization.k8s.io/v1 -kind: ClusterRoleBinding -metadata: - name: {{ .Release.Name }}-node-agent - labels: -{{ include "stackstate-k8s-agent.labels" . | indent 4 }} -{{ include "stackstate-k8s-agent.global.extraLabels" . | indent 4 }} - app.kubernetes.io/component: node-agent - annotations: -{{ include "stackstate-k8s-agent.global.extraAnnotations" . | indent 4 }} -roleRef: - apiGroup: rbac.authorization.k8s.io - kind: ClusterRole - name: {{ .Release.Name }}-node-agent -subjects: -- apiGroup: "" - kind: ServiceAccount - name: {{ .Release.Name }}-node-agent - namespace: {{ .Release.Namespace }} diff --git a/charts/stackstate/stackstate-k8s-agent/1.0.89/templates/node-agent-configmap.yaml b/charts/stackstate/stackstate-k8s-agent/1.0.89/templates/node-agent-configmap.yaml deleted file mode 100644 index 8f6b2ed3a..000000000 --- a/charts/stackstate/stackstate-k8s-agent/1.0.89/templates/node-agent-configmap.yaml +++ /dev/null @@ -1,17 +0,0 @@ -{{- if .Values.nodeAgent.config.override }} -apiVersion: v1 -kind: ConfigMap -metadata: - name: {{ .Release.Name }}-node-agent - labels: -{{ include "stackstate-k8s-agent.labels" . | indent 4 }} -{{ include "stackstate-k8s-agent.global.extraLabels" . | indent 4 }} - app.kubernetes.io/component: node-agent - annotations: -{{ include "stackstate-k8s-agent.global.extraAnnotations" . | indent 4 }} -data: -{{- range .Values.nodeAgent.config.override }} - {{ .path | replace "/" "_"}}_{{ .name }}: | -{{ .data | indent 4 -}} -{{- end -}} -{{- end -}} diff --git a/charts/stackstate/stackstate-k8s-agent/1.0.89/templates/node-agent-daemonset.yaml b/charts/stackstate/stackstate-k8s-agent/1.0.89/templates/node-agent-daemonset.yaml deleted file mode 100644 index 4c8dbdd5a..000000000 --- a/charts/stackstate/stackstate-k8s-agent/1.0.89/templates/node-agent-daemonset.yaml +++ /dev/null @@ -1,110 +0,0 @@ ---- -apiVersion: apps/v1 -kind: DaemonSet -metadata: - name: {{ .Release.Name }}-node-agent - namespace: {{ .Release.Namespace }} - labels: -{{ include "stackstate-k8s-agent.labels" . | indent 4 }} -{{ include "stackstate-k8s-agent.global.extraLabels" . | indent 4 }} - app.kubernetes.io/component: node-agent - annotations: -{{ include "stackstate-k8s-agent.global.extraAnnotations" . | indent 4 }} -spec: - selector: - matchLabels: - app.kubernetes.io/component: node-agent - app.kubernetes.io/instance: {{ .Release.Name }} - app.kubernetes.io/name: {{ include "stackstate-k8s-agent.name" . }} -{{- with .Values.nodeAgent.updateStrategy }} - updateStrategy: - {{- toYaml . | nindent 4 }} -{{- end }} - template: - metadata: - annotations: - {{- include "stackstate-k8s-agent.checksum-configs" . | nindent 8 }} - {{- include "stackstate-k8s-agent.nodeAgent.configmap.override.checksum" . | nindent 8 }} -{{ include "stackstate-k8s-agent.global.extraAnnotations" . | indent 8 }} - labels: - app.kubernetes.io/component: node-agent - app.kubernetes.io/instance: {{ .Release.Name }} - app.kubernetes.io/name: {{ include "stackstate-k8s-agent.name" . }} -{{ include "stackstate-k8s-agent.global.extraLabels" . | indent 8 }} - spec: - {{- include "stackstate-k8s-agent.image.pullSecrets" (dict "images" (list .Values.nodeAgent.containers.agent.image .Values.all.image) "context" $) | nindent 6 }} - {{- if .Values.all.hardening.enabled}} - terminationGracePeriodSeconds: 240 - {{- end }} - containers: - {{- include "container-agent" . | nindent 6 }} - {{- if .Values.nodeAgent.containers.processAgent.enabled }} - {{- include "container-process-agent" . | nindent 6 }} - {{- end }} - dnsPolicy: ClusterFirstWithHostNet - hostNetwork: true - hostPID: true - {{- if .Values.nodeAgent.priorityClassName }} - priorityClassName: {{ .Values.nodeAgent.priorityClassName }} - {{- end }} - serviceAccountName: {{ .Release.Name }}-node-agent - nodeSelector: - {{ template "label.os" . }}: {{ .Values.targetSystem }} - {{- with .Values.nodeAgent.nodeSelector }} - {{- toYaml . | nindent 8 }} - {{- end }} - {{- with .Values.nodeAgent.affinity }} - affinity: - {{- toYaml . | nindent 8 }} - {{- end }} - {{- with .Values.nodeAgent.tolerations }} - tolerations: - {{- toYaml . | nindent 8 }} - {{- end }} - volumes: - {{- if .Values.nodeAgent.containerRuntime.customSocketPath }} - - hostPath: - path: {{ .Values.nodeAgent.containerRuntime.customSocketPath }} - name: customcrisocket - {{- end }} - - hostPath: - path: /var/lib/kubelet - name: kubelet - - hostPath: - path: /var/lib/nfs - name: nfs - - hostPath: - path: /var/lib/docker/overlay2 - name: dockeroverlay2 - - hostPath: - path: /run/docker/netns - name: dockernetns - - hostPath: - path: /var/run/crio/crio.sock - name: crisocket - - hostPath: - path: /var/run/containerd/containerd.sock - name: containerdsocket - - hostPath: - path: /sys/kernel/debug - name: sys-kernel-debug - - hostPath: - path: /var/run/docker.sock - name: dockersocket - - hostPath: - path: {{ .Values.nodeAgent.containerRuntime.hostProc }} - name: procdir - - hostPath: - path: /etc - name: etcdir - - hostPath: - path: /etc/passwd - name: passwd - - hostPath: - path: /sys/fs/cgroup - name: cgroups - {{- if .Values.nodeAgent.config.override }} - - name: config-override-volume - configMap: - name: {{ .Release.Name }}-node-agent - {{- end }} diff --git a/charts/stackstate/stackstate-k8s-agent/1.0.89/templates/node-agent-podautoscaler.yaml b/charts/stackstate/stackstate-k8s-agent/1.0.89/templates/node-agent-podautoscaler.yaml deleted file mode 100644 index 38298d414..000000000 --- a/charts/stackstate/stackstate-k8s-agent/1.0.89/templates/node-agent-podautoscaler.yaml +++ /dev/null @@ -1,39 +0,0 @@ ---- -{{- if .Values.nodeAgent.autoScalingEnabled }} -apiVersion: "autoscaling.k8s.io/v1" -kind: VerticalPodAutoscaler -metadata: - name: {{ .Release.Name }}-node-agent-vpa - namespace: {{ .Release.Namespace }} - labels: -{{ include "stackstate-k8s-agent.global.extraLabels" . | indent 4 }} - annotations: -{{ include "stackstate-k8s-agent.global.extraAnnotations" . | indent 4 }} -spec: - targetRef: - apiVersion: "apps/v1" - kind: DaemonSet - name: {{ .Release.Name }}-node-agent - resourcePolicy: - containerPolicies: - - containerName: 'node-agent' - minAllowed: - cpu: {{ .Values.nodeAgent.scaling.autoscalerLimits.agent.minimum.cpu }} - memory: {{ .Values.nodeAgent.scaling.autoscalerLimits.agent.minimum.memory }} - maxAllowed: - cpu: {{ .Values.nodeAgent.scaling.autoscalerLimits.agent.maximum.cpu }} - memory: {{ .Values.nodeAgent.scaling.autoscalerLimits.agent.maximum.memory }} - controlledResources: ["cpu", "memory"] - controlledValues: RequestsAndLimits - - containerName: 'process-agent' - minAllowed: - cpu: {{ .Values.nodeAgent.scaling.autoscalerLimits.processAgent.minimum.cpu }} - memory: {{ .Values.nodeAgent.scaling.autoscalerLimits.processAgent.minimum.memory }} - maxAllowed: - cpu: {{ .Values.nodeAgent.scaling.autoscalerLimits.processAgent.maximum.cpu }} - memory: {{ .Values.nodeAgent.scaling.autoscalerLimits.processAgent.maximum.memory }} - controlledResources: ["cpu", "memory"] - controlledValues: RequestsAndLimits - updatePolicy: - updateMode: "Auto" -{{- end }} diff --git a/charts/stackstate/stackstate-k8s-agent/1.0.89/templates/node-agent-scc.yaml b/charts/stackstate/stackstate-k8s-agent/1.0.89/templates/node-agent-scc.yaml deleted file mode 100644 index a09da78c1..000000000 --- a/charts/stackstate/stackstate-k8s-agent/1.0.89/templates/node-agent-scc.yaml +++ /dev/null @@ -1,60 +0,0 @@ -{{- if .Values.nodeAgent.scc.enabled }} -allowHostDirVolumePlugin: true -# was true -allowHostIPC: true -# was true -allowHostNetwork: true -# Allow host PID for dogstatsd origin detection -allowHostPID: true -# Allow host ports for dsd / trace / logs intake -allowHostPorts: true -allowPrivilegeEscalation: true -# was true -allowPrivilegedContainer: true -# was - '*' -allowedCapabilities: [] -allowedUnsafeSysctls: -- '*' -apiVersion: security.openshift.io/v1 -defaultAddCapabilities: null -fsGroup: -# was RunAsAny - type: MustRunAs -groups: [] -kind: SecurityContextConstraints -metadata: - name: {{ .Release.Name }}-node-agent - namespace: {{ .Release.Namespace }} - labels: -{{ include "stackstate-k8s-agent.global.extraLabels" . | indent 4 }} - annotations: -{{ include "stackstate-k8s-agent.global.extraAnnotations" . | indent 4 }} -priority: null -readOnlyRootFilesystem: false -requiredDropCapabilities: null -# was RunAsAny -runAsUser: - type: MustRunAsRange -# Use the `spc_t` selinux type to access the -# docker socket + proc and cgroup stats -seLinuxContext: - type: RunAsAny - seLinuxOptions: - user: "system_u" - role: "system_r" - type: "spc_t" - level: "s0" -# was - '*' -seccompProfiles: [] -supplementalGroups: - type: RunAsAny -users: -- system:serviceaccount:{{ .Release.Namespace }}:{{ .Release.Name }}-node-agent -# Allow hostPath for docker / process metrics -volumes: - - configMap - - downwardAPI - - emptyDir - - hostPath - - secret -{{- end }} diff --git a/charts/stackstate/stackstate-k8s-agent/1.0.89/templates/node-agent-service.yaml b/charts/stackstate/stackstate-k8s-agent/1.0.89/templates/node-agent-service.yaml deleted file mode 100644 index 0b6cd6ec0..000000000 --- a/charts/stackstate/stackstate-k8s-agent/1.0.89/templates/node-agent-service.yaml +++ /dev/null @@ -1,28 +0,0 @@ -apiVersion: v1 -kind: Service -metadata: - name: {{ .Release.Name }}-node-agent - namespace: {{ .Release.Namespace }} - labels: -{{ include "stackstate-k8s-agent.labels" . | indent 4 }} -{{ include "stackstate-k8s-agent.global.extraLabels" . | indent 4 }} - app.kubernetes.io/component: node-agent - annotations: -{{ include "stackstate-k8s-agent.global.extraAnnotations" . | indent 4 }} -{{- with .Values.nodeAgent.service.annotations }} - {{- toYaml . | nindent 4 }} -{{- end }} -spec: - type: {{ .Values.nodeAgent.service.type }} -{{- if eq .Values.nodeAgent.service.type "LoadBalancer" }} - loadBalancerSourceRanges: {{ toYaml .Values.nodeAgent.service.loadBalancerSourceRanges | nindent 4}} -{{- end }} - ports: - - name: traceport - port: 8126 - protocol: TCP - targetPort: 8126 - selector: - app.kubernetes.io/component: node-agent - app.kubernetes.io/instance: {{ .Release.Name }} - app.kubernetes.io/name: {{ include "stackstate-k8s-agent.name" . }} diff --git a/charts/stackstate/stackstate-k8s-agent/1.0.89/templates/node-agent-serviceaccount.yaml b/charts/stackstate/stackstate-k8s-agent/1.0.89/templates/node-agent-serviceaccount.yaml deleted file mode 100644 index 803d184ef..000000000 --- a/charts/stackstate/stackstate-k8s-agent/1.0.89/templates/node-agent-serviceaccount.yaml +++ /dev/null @@ -1,14 +0,0 @@ -apiVersion: v1 -kind: ServiceAccount -metadata: - name: {{ .Release.Name }}-node-agent - namespace: {{ .Release.Namespace }} - labels: -{{ include "stackstate-k8s-agent.labels" . | indent 4 }} -{{ include "stackstate-k8s-agent.global.extraLabels" . | indent 4 }} - app.kubernetes.io/component: node-agent - annotations: -{{ include "stackstate-k8s-agent.global.extraAnnotations" . | indent 4 }} -{{- with .Values.nodeAgent.serviceaccount.annotations }} - {{- toYaml . | nindent 4 }} -{{- end }} diff --git a/charts/stackstate/stackstate-k8s-agent/1.0.89/templates/openshift-logging-secret.yaml b/charts/stackstate/stackstate-k8s-agent/1.0.89/templates/openshift-logging-secret.yaml deleted file mode 100644 index ed0707f1f..000000000 --- a/charts/stackstate/stackstate-k8s-agent/1.0.89/templates/openshift-logging-secret.yaml +++ /dev/null @@ -1,22 +0,0 @@ -{{- if not .Values.stackstate.manageOwnSecrets }} -{{- if .Values.openShiftLogging.installSecret }} -apiVersion: v1 -kind: Secret -metadata: - name: {{ include "stackstate-k8s-agent.fullname" . }}-logging-secret - namespace: openshift-logging - labels: -{{ include "stackstate-k8s-agent.labels" . | indent 4 }} -{{ include "stackstate-k8s-agent.global.extraLabels" . | indent 4 }} - annotations: -{{ include "stackstate-k8s-agent.global.extraAnnotations" . | indent 4 }} -type: Opaque -data: - username: {{ "apikey" | b64enc | quote }} -{{- if .Values.global.receiverApiKey }} - password: {{ .Values.global.receiverApiKey | b64enc | quote }} -{{- else }} - password: {{ .Values.stackstate.apiKey | b64enc | quote }} -{{- end }} -{{- end }} -{{- end }} diff --git a/charts/stackstate/stackstate-k8s-agent/1.0.89/templates/pull-secret.yaml b/charts/stackstate/stackstate-k8s-agent/1.0.89/templates/pull-secret.yaml deleted file mode 100644 index 916941665..000000000 --- a/charts/stackstate/stackstate-k8s-agent/1.0.89/templates/pull-secret.yaml +++ /dev/null @@ -1,39 +0,0 @@ -{{- $defaultRegistry := .Values.global.imageRegistry }} -{{- $top := . }} -{{- $registryAuthMap := dict }} - -{{- range $registry, $credentials := .Values.global.imagePullCredentials }} - {{- $registryAuthDocument := dict -}} - {{- $_ := set $registryAuthDocument "username" $credentials.username }} - {{- $_ := set $registryAuthDocument "password" $credentials.password }} - {{- $authMessage := printf "%s:%s" $registryAuthDocument.username $registryAuthDocument.password | b64enc }} - {{- $_ := set $registryAuthDocument "auth" $authMessage }} - {{- if eq $registry "default" }} - {{- $registryAuthMap := set $registryAuthMap (include "stackstate-k8s-agent.imageRegistry" $top) $registryAuthDocument }} - {{ else }} - {{- $registryAuthMap := set $registryAuthMap $registry $registryAuthDocument }} - {{- end }} -{{- end }} - -{{- if .Values.all.image.pullSecretUsername }} - {{- $registryAuthDocument := dict -}} - {{- $_ := set $registryAuthDocument "username" .Values.all.image.pullSecretUsername }} - {{- $_ := set $registryAuthDocument "password" .Values.all.image.pullSecretPassword }} - {{- $authMessage := printf "%s:%s" $registryAuthDocument.username $registryAuthDocument.password | b64enc }} - {{- $_ := set $registryAuthDocument "auth" $authMessage }} - {{- $registryAuthMap := set $registryAuthMap (include "stackstate-k8s-agent.imageRegistry" $top) $registryAuthDocument }} -{{- end }} - -{{- $dockerAuthsDocuments := dict "auths" $registryAuthMap }} - -apiVersion: v1 -kind: Secret -metadata: - name: {{ include "stackstate-k8s-agent.pull-secret.name" . }} - labels: -{{ include "stackstate-k8s-agent.global.extraLabels" . | indent 4 }} - annotations: -{{ include "stackstate-k8s-agent.global.extraAnnotations" . | indent 4 }} -data: - .dockerconfigjson: {{ $dockerAuthsDocuments | toJson | b64enc | quote }} -type: kubernetes.io/dockerconfigjson diff --git a/charts/stackstate/stackstate-k8s-agent/1.0.89/templates/secret.yaml b/charts/stackstate/stackstate-k8s-agent/1.0.89/templates/secret.yaml deleted file mode 100644 index 5e0f5f74c..000000000 --- a/charts/stackstate/stackstate-k8s-agent/1.0.89/templates/secret.yaml +++ /dev/null @@ -1,27 +0,0 @@ -{{- if not .Values.stackstate.manageOwnSecrets }} -apiVersion: v1 -kind: Secret -metadata: - name: {{ include "stackstate-k8s-agent.fullname" . }} - namespace: {{ .Release.Namespace }} - labels: -{{ include "stackstate-k8s-agent.labels" . | indent 4 }} -{{ include "stackstate-k8s-agent.global.extraLabels" . | indent 4 }} - annotations: -{{ include "stackstate-k8s-agent.global.extraAnnotations" . | indent 4 }} -type: Opaque -data: -{{- if .Values.global.receiverApiKey }} - sts-api-key: {{ .Values.global.receiverApiKey | b64enc | quote }} -{{- else }} - sts-api-key: {{ .Values.stackstate.apiKey | b64enc | quote }} -{{- end }} -{{- if .Values.stackstate.cluster.authToken }} - sts-cluster-auth-token: {{ .Values.stackstate.cluster.authToken | b64enc | quote }} -{{- else }} - sts-cluster-auth-token: {{ randAlphaNum 32 | b64enc | quote }} -{{- end }} -{{- range $key, $value := .Values.global.extraEnv.secret }} - {{ $key }}: {{ $value | b64enc | quote }} -{{- end }} -{{- end }} diff --git a/charts/stackstate/stackstate-k8s-agent/1.0.89/test/clusteragent_resources_test.go b/charts/stackstate/stackstate-k8s-agent/1.0.89/test/clusteragent_resources_test.go deleted file mode 100644 index 25875e871..000000000 --- a/charts/stackstate/stackstate-k8s-agent/1.0.89/test/clusteragent_resources_test.go +++ /dev/null @@ -1,145 +0,0 @@ -package test - -import ( - "regexp" - "strings" - "testing" - - v1 "k8s.io/api/rbac/v1" - - "github.com/stretchr/testify/assert" - "gitlab.com/StackVista/DevOps/helm-charts/helmtestutil" -) - -var requiredRules = []string{ - "events+get,list,watch", - "nodes+get,list,watch", - "pods+get,list,watch", - "services+get,list,watch", - "configmaps+create,get,patch,update", -} - -var optionalRules = []string{ - "namespaces+get,list,watch", - "componentstatuses+get,list,watch", - "configmaps+list,watch", // get is already required - "endpoints+get,list,watch", - "persistentvolumeclaims+get,list,watch", - "persistentvolumes+get,list,watch", - "secrets+get,list,watch", - "apps/daemonsets+get,list,watch", - "apps/deployments+get,list,watch", - "apps/replicasets+get,list,watch", - "apps/statefulsets+get,list,watch", - "extensions/ingresses+get,list,watch", - "batch/cronjobs+get,list,watch", - "batch/jobs+get,list,watch", -} - -var roleDescriptionRegexp = regexp.MustCompile(`^((?P\w+)/)?(?P\w+)\+(?P[\w,]+)`) - -type Rule struct { - Group string - ResourceName string - Verb string -} - -func assertRuleExistence(t *testing.T, rules []v1.PolicyRule, roleDescription string, shouldBePresent bool) { - match := roleDescriptionRegexp.FindStringSubmatch(roleDescription) - assert.NotNil(t, match) - - var roleRules []Rule - for _, rule := range rules { - for _, group := range rule.APIGroups { - for _, resource := range rule.Resources { - for _, verb := range rule.Verbs { - roleRules = append(roleRules, Rule{group, resource, verb}) - } - } - } - } - - resGroup := match[roleDescriptionRegexp.SubexpIndex("group")] - resName := match[roleDescriptionRegexp.SubexpIndex("name")] - verbs := strings.Split(match[roleDescriptionRegexp.SubexpIndex("verbs")], ",") - - for _, verb := range verbs { - requiredRule := Rule{resGroup, resName, verb} - found := false - for _, rule := range roleRules { - if rule == requiredRule { - found = true - break - } - } - if shouldBePresent { - assert.Truef(t, found, "Rule %v has not been found", requiredRule) - } else { - assert.Falsef(t, found, "Rule %v should not be present", requiredRule) - } - } -} - -func TestAllResourcesAreEnabled(t *testing.T) { - output := helmtestutil.RenderHelmTemplate(t, "stackstate-k8s-agent", "values/minimal.yaml") - resources := helmtestutil.NewKubernetesResources(t, output) - - assert.Contains(t, resources.ClusterRoles, "stackstate-k8s-agent") - assert.Contains(t, resources.Roles, "stackstate-k8s-agent") - rules := resources.ClusterRoles["stackstate-k8s-agent"].Rules - rules = append(rules, resources.Roles["stackstate-k8s-agent"].Rules...) - - for _, requiredRole := range requiredRules { - assertRuleExistence(t, rules, requiredRole, true) - } - // be default, everything is enabled, so all the optional roles should be present as well - for _, optionalRule := range optionalRules { - assertRuleExistence(t, rules, optionalRule, true) - } -} - -func TestMostOfResourcesAreDisabled(t *testing.T) { - output := helmtestutil.RenderHelmTemplate(t, "stackstate-k8s-agent", "values/minimal.yaml", "values/disable-all-resource.yaml") - resources := helmtestutil.NewKubernetesResources(t, output) - - assert.Contains(t, resources.ClusterRoles, "stackstate-k8s-agent") - assert.Contains(t, resources.Roles, "stackstate-k8s-agent") - rules := resources.ClusterRoles["stackstate-k8s-agent"].Rules - rules = append(rules, resources.Roles["stackstate-k8s-agent"].Rules...) - - for _, requiredRole := range requiredRules { - assertRuleExistence(t, rules, requiredRole, true) - } - - // we expect all optional resources to be removed from ClusterRole with the given values - for _, optionalRule := range optionalRules { - assertRuleExistence(t, rules, optionalRule, false) - } -} - -func TestNoClusterWideModificationRights(t *testing.T) { - output := helmtestutil.RenderHelmTemplate(t, "stackstate-k8s-agent", "values/minimal.yaml", "values/http-header-injector.yaml") - resources := helmtestutil.NewKubernetesResources(t, output) - assert.Contains(t, resources.ClusterRoles, "stackstate-k8s-agent") - illegalVerbs := []string{"create", "patch", "update", "delete"} - - for _, clusterRole := range resources.ClusterRoles { - for _, rule := range clusterRole.Rules { - for _, verb := range rule.Verbs { - assert.NotContains(t, illegalVerbs, verb, "ClusterRole %s should not have %s verb for %s resource", clusterRole.Name, verb, rule.Resources) - } - } - } -} - -func TestServicePortChange(t *testing.T) { - output := helmtestutil.RenderHelmTemplate(t, "stackstate-k8s-agent", "values/minimal.yaml", "values/clustercheck_service_port_override.yaml") - resources := helmtestutil.NewKubernetesResources(t, output) - - cluster_agent_service := resources.Services["stackstate-k8s-agent-cluster-agent"] - - port := cluster_agent_service.Spec.Ports[0] - assert.Equal(t, port.Name, "clusteragent") - assert.Equal(t, port.Port, int32(8008)) - assert.Equal(t, port.TargetPort.IntVal, int32(9009)) -} diff --git a/charts/stackstate/stackstate-k8s-agent/1.0.89/test/clustername_test.go b/charts/stackstate/stackstate-k8s-agent/1.0.89/test/clustername_test.go deleted file mode 100644 index 55090b995..000000000 --- a/charts/stackstate/stackstate-k8s-agent/1.0.89/test/clustername_test.go +++ /dev/null @@ -1,54 +0,0 @@ -package test - -import ( - "testing" - - "github.com/gruntwork-io/terratest/modules/helm" - "github.com/stretchr/testify/assert" - - "gitlab.com/StackVista/DevOps/helm-charts/helmtestutil" -) - -func TestHelmBasicRender(t *testing.T) { - output := helmtestutil.RenderHelmTemplate(t, "stackstate-k8s-agent", "values/minimal.yaml") - - // Parse all resources into their corresponding types for validation and further inspection - helmtestutil.NewKubernetesResources(t, output) -} - -func TestClusterNameValidation(t *testing.T) { - testCases := []struct { - Name string - ClusterName string - IsValid bool - }{ - {"not allowed end with special character [.]", "name.", false}, - {"not allowed end with special character [-]", "name.", false}, - {"not allowed start with special character [-]", "-name", false}, - {"not allowed start with special character [.]", ".name", false}, - {"upper case is not allowed", "Euwest1-prod.cool-company.com", false}, - {"upper case is not allowed", "euwest1-PROD.cool-company.com", false}, - {"upper case is not allowed", "euwest1-prod.cool-company.coM", false}, - {"dots and dashes are allowed in the middle", "euwest1-prod.cool-company.com", true}, - {"underscore is not allowed", "why_7", false}, - } - - for _, testCase := range testCases { - t.Run(testCase.Name, func(t *testing.T) { - output, err := helmtestutil.RenderHelmTemplateOpts( - t, "cluster-agent", - &helm.Options{ - ValuesFiles: []string{"values/minimal.yaml"}, - SetStrValues: map[string]string{ - "stackstate.cluster.name": testCase.ClusterName, - }, - }) - if testCase.IsValid { - assert.Nil(t, err) - } else { - assert.NotNil(t, err) - assert.Contains(t, output, "stackstate.cluster.name: Does not match pattern") - } - }) - } -} diff --git a/charts/stackstate/stackstate-k8s-agent/1.0.89/test/values/clustercheck_ksm_custom_url.yaml b/charts/stackstate/stackstate-k8s-agent/1.0.89/test/values/clustercheck_ksm_custom_url.yaml deleted file mode 100644 index 57b973eed..000000000 --- a/charts/stackstate/stackstate-k8s-agent/1.0.89/test/values/clustercheck_ksm_custom_url.yaml +++ /dev/null @@ -1,7 +0,0 @@ -checksAgent: - enabled: true - kubeStateMetrics: - url: http://my-custom-ksm-url.monitoring.svc.local:8080/metrics -dependencies: - kubeStateMetrics: - enabled: true diff --git a/charts/stackstate/stackstate-k8s-agent/1.0.89/test/values/clustercheck_ksm_no_override.yaml b/charts/stackstate/stackstate-k8s-agent/1.0.89/test/values/clustercheck_ksm_no_override.yaml deleted file mode 100644 index b6c817d47..000000000 --- a/charts/stackstate/stackstate-k8s-agent/1.0.89/test/values/clustercheck_ksm_no_override.yaml +++ /dev/null @@ -1,5 +0,0 @@ -checksAgent: - enabled: true -dependencies: - kubeStateMetrics: - enabled: true diff --git a/charts/stackstate/stackstate-k8s-agent/1.0.89/test/values/clustercheck_ksm_override.yaml b/charts/stackstate/stackstate-k8s-agent/1.0.89/test/values/clustercheck_ksm_override.yaml deleted file mode 100644 index 9ca201345..000000000 --- a/charts/stackstate/stackstate-k8s-agent/1.0.89/test/values/clustercheck_ksm_override.yaml +++ /dev/null @@ -1,26 +0,0 @@ -checksAgent: - enabled: true -dependencies: - kubeStateMetrics: - enabled: true -agent: - config: - override: -# agent.config.override -- Disables kubernetes_state check on regular agent pods. - - name: auto_conf.yaml - path: /etc/stackstate-agent/conf.d/kubernetes_state.d - data: | -clusterAgent: - config: - override: -# clusterAgent.config.override -- Defines kubernetes_state check for clusterchecks agents. Auto-discovery -# with ad_identifiers does not work here. Use a specific URL instead. - - name: conf.yaml - path: /etc/stackstate-agent/conf.d/kubernetes_state.d - data: | - cluster_check: true - - init_config: - - instances: - - kube_state_url: http://YOUR_KUBE_STATE_METRICS_SERVICE_NAME:8080/metrics diff --git a/charts/stackstate/stackstate-k8s-agent/1.0.89/test/values/clustercheck_no_ksm_custom_url.yaml b/charts/stackstate/stackstate-k8s-agent/1.0.89/test/values/clustercheck_no_ksm_custom_url.yaml deleted file mode 100644 index a62691878..000000000 --- a/charts/stackstate/stackstate-k8s-agent/1.0.89/test/values/clustercheck_no_ksm_custom_url.yaml +++ /dev/null @@ -1,7 +0,0 @@ -checksAgent: - enabled: true - kubeStateMetrics: - url: http://my-custom-ksm-url.monitoring.svc.local:8080/metrics -dependencies: - kubeStateMetrics: - enabled: false diff --git a/charts/stackstate/stackstate-k8s-agent/1.0.89/test/values/clustercheck_service_port_override.yaml b/charts/stackstate/stackstate-k8s-agent/1.0.89/test/values/clustercheck_service_port_override.yaml deleted file mode 100644 index c01a98fcb..000000000 --- a/charts/stackstate/stackstate-k8s-agent/1.0.89/test/values/clustercheck_service_port_override.yaml +++ /dev/null @@ -1,4 +0,0 @@ -clusterAgent: - service: - port: 8008 - targetPort: 9009 diff --git a/charts/stackstate/stackstate-k8s-agent/1.0.89/test/values/disable-all-resource.yaml b/charts/stackstate/stackstate-k8s-agent/1.0.89/test/values/disable-all-resource.yaml deleted file mode 100644 index cd33e843e..000000000 --- a/charts/stackstate/stackstate-k8s-agent/1.0.89/test/values/disable-all-resource.yaml +++ /dev/null @@ -1,17 +0,0 @@ -clusterAgent: - collection: - kubernetesMetrics: false - kubernetesResources: - namespaces: false - configmaps: false - endpoints: false - persistentvolumes: false - persistentvolumeclaims: false - secrets: false - daemonsets: false - deployments: false - replicasets: false - statefulsets: false - ingresses: false - cronjobs: false - jobs: false diff --git a/charts/stackstate/stackstate-k8s-agent/1.0.89/test/values/http-header-injector.yaml b/charts/stackstate/stackstate-k8s-agent/1.0.89/test/values/http-header-injector.yaml deleted file mode 100644 index c9392ce2d..000000000 --- a/charts/stackstate/stackstate-k8s-agent/1.0.89/test/values/http-header-injector.yaml +++ /dev/null @@ -1,8 +0,0 @@ -httpHeaderInjectorWebhook: - webhook: - tls: - mode: "provided" - provided: - caBundle: insert-ca-here - crt: insert-cert-here - key: insert-key-here diff --git a/charts/stackstate/stackstate-k8s-agent/1.0.89/test/values/minimal.yaml b/charts/stackstate/stackstate-k8s-agent/1.0.89/test/values/minimal.yaml deleted file mode 100644 index b310c9a09..000000000 --- a/charts/stackstate/stackstate-k8s-agent/1.0.89/test/values/minimal.yaml +++ /dev/null @@ -1,7 +0,0 @@ -stackstate: - apiKey: foobar - cluster: - name: some-k8s-cluster - token: some-token - - url: https://stackstate:7000/receiver diff --git a/charts/stackstate/stackstate-k8s-agent/1.0.89/values.schema.json b/charts/stackstate/stackstate-k8s-agent/1.0.89/values.schema.json deleted file mode 100644 index 57d36a9f3..000000000 --- a/charts/stackstate/stackstate-k8s-agent/1.0.89/values.schema.json +++ /dev/null @@ -1,78 +0,0 @@ -{ - "$schema": "https://json-schema.org/draft/2019-09/schema", - "$id": "https://stackstate.io/example.json", - "type": "object", - "default": {}, - "title": "StackState Agent Helm chart values", - "required": [ - "stackstate", - "clusterAgent" - ], - "properties": { - "stackstate": { - "type": "object", - "required": [ - "cluster", - "url" - ], - "properties": { - "apiKey": { - "type": "string" - }, - "cluster": { - "type": "object", - "required": ["name"], - "properties": { - "name": { - "type": "string", - "pattern": "^[a-z0-9]([a-z0-9\\-\\.]*[a-z0-9])$" - }, - "authToken": { - "type": "string" - } - } - }, - "url": { - "type": "string" - } - } - }, - "clusterAgent": { - "type": "object", - "required": [ - "config" - ], - "properties": { - "config": { - "type": "object", - "required": [ - "events" - ], - "properties": { - "events": { - "type": "object", - "properties": { - "categories": { - "type": "object", - "patternProperties": { - ".*": { - "type": [ - "string" - ], - "enum": [ - "Alerts", - "Activities", - "Changes", - "Others" - ] - } - } - } - } - } - } - } - } - } - } -} diff --git a/charts/stackstate/stackstate-k8s-agent/1.0.89/values.yaml b/charts/stackstate/stackstate-k8s-agent/1.0.89/values.yaml deleted file mode 100644 index da23741f9..000000000 --- a/charts/stackstate/stackstate-k8s-agent/1.0.89/values.yaml +++ /dev/null @@ -1,616 +0,0 @@ -##################### -# General variables # -##################### - -global: - extraEnv: - # global.extraEnv.open -- Extra open environment variables to inject into pods. - open: {} - # global.extraEnv.secret -- Extra secret environment variables to inject into pods via a `Secret` object. - secret: {} - # global.imagePullSecrets -- Secrets / credentials needed for container image registry. - imagePullSecrets: [] - # global.imagePullCredentials -- Globally define credentials for pulling images. - imagePullCredentials: {} - proxy: - # global.proxy.url -- Proxy for all traffic to stackstate - url: "" - # global.skipSslValidation -- Enable tls validation from client - skipSslValidation: false - - # global.extraLabels -- Extra labels added ta all resources created by the helm chart - extraLabels: {} - # global.extraAnnotations -- Extra annotations added ta all resources created by the helm chart - extraAnnotations: {} - -# nameOverride -- Override the name of the chart. -nameOverride: "" -# fullnameOverride -- Override the fullname of the chart. -fullnameOverride: "" - -# targetSystem -- Target OS for this deployment (possible values: linux) -targetSystem: "linux" - -all: - image: - # all.image.registry -- The image registry to use. - registry: "quay.io" - hardening: - # all.hardening.enabled -- An indication of whether the containers will be evaluated for hardening at runtime - enabled: false - -nodeAgent: - # nodeAgent.autoScalingEnabled -- Enable / disable autoscaling for the node agent pods. - autoScalingEnabled: false - containerRuntime: - # nodeAgent.containerRuntime.customSocketPath -- If the container socket path does not match the default for CRI-O, Containerd or Docker, supply a custom socket path. - customSocketPath: "" - # nodeAgent.containerRuntime.customHostProc -- If the container is launched from a place where /proc is mounted differently, /proc can be changed - hostProc: /proc - - scc: - # nodeAgent.scc.enabled -- Enable / disable the installation of the SecurityContextConfiguration needed for installation on OpenShift. - enabled: false - apm: - # nodeAgent.apm.enabled -- Enable / disable the nodeAgent APM module. - enabled: true - networkTracing: - # nodeAgent.networkTracing.enabled -- Enable / disable the nodeAgent network tracing module. - enabled: true - protocolInspection: - # nodeAgent.protocolInspection.enabled -- Enable / disable the nodeAgent protocol inspection. - enabled: true - httpTracing: - enabled: true - # nodeAgent.skipSslValidation -- Set to true if self signed certificates are used. - skipSslValidation: false - # nodeAgent.skipKubeletTLSVerify -- Set to true if you want to skip kubelet tls verification. - skipKubeletTLSVerify: false - - # nodeAgent.checksTagCardinality -- low, orchestrator or high. Orchestrator level adds pod_name, high adds display_container_name - checksTagCardinality: orchestrator - - # nodeAgent.config -- - config: - # nodeAgent.config.override -- A list of objects containing three keys `name`, `path` and `data`, specifying filenames at specific paths which need to be (potentially) overridden using a mounted configmap - override: [] - - # nodeAgent.priorityClassName -- Priority class for nodeAgent pods. - priorityClassName: "" - - scaling: - autoscalerLimits: - agent: - minimum: - # nodeAgent.scaling.autoscalerLimits.agent.minimum.cpu -- Minimum CPU resource limits for main agent. - cpu: "20m" - # nodeAgent.scaling.autoscalerLimits.agent.minimum.memory -- Minimum memory resource limits for main agent. - memory: "180Mi" - maximum: - # nodeAgent.scaling.autoscalerLimits.agent.maximum.cpu -- Maximum CPU resource limits for main agent. - cpu: "200m" - # nodeAgent.scaling.autoscalerLimits.agent.maximum.memory -- Maximum memory resource limits for main agent. - memory: "450Mi" - processAgent: - minimum: - # nodeAgent.scaling.autoscalerLimits.processAgent.minimum.cpu -- Minimum CPU resource limits for process agent. - cpu: "25m" - # nodeAgent.scaling.autoscalerLimits.processAgent.minimum.memory -- Minimum memory resource limits for process agent. - memory: "100Mi" - maximum: - # nodeAgent.scaling.autoscalerLimits.processAgent.maximum.cpu -- Maximum CPU resource limits for process agent. - cpu: "200m" - # nodeAgent.scaling.autoscalerLimits.processAgent.maximum.memory -- Maximum memory resource limits for process agent. - memory: "500Mi" - - containers: - agent: - image: - # nodeAgent.containers.agent.image.repository -- Base container image repository. - repository: stackstate/stackstate-k8s-agent - # nodeAgent.containers.agent.image.tag -- Default container image tag. - tag: "1e287e80" - # nodeAgent.containers.agent.image.pullPolicy -- Default container image pull policy. - pullPolicy: IfNotPresent - processAgent: - # nodeAgent.containers.agent.processAgent.enabled -- Enable / disable the agent process agent module. - deprecated - enabled: false - # nodeAgent.containers.agent.env -- Additional environment variables for the agent container - env: {} - # nodeAgent.containers.agent.logLevel -- Set logging verbosity, valid log levels are: trace, debug, info, warn, error, critical, and off - ## If not set, fall back to the value of agent.logLevel. - logLevel: # INFO - - resources: - limits: - # nodeAgent.containers.agent.resources.limits.cpu -- CPU resource limits. - cpu: "270m" - # nodeAgent.containers.agent.resources.limits.cpu -- Memory resource limits. - memory: "420Mi" - requests: - # nodeAgent.containers.agent.resources.requests.cpu -- CPU resource requests. - cpu: "20m" - # nodeAgent.containers.agent.resources.requests.cpu -- Memory resource requests. - memory: "180Mi" - livenessProbe: - # nodeAgent.containers.agent.livenessProbe.enabled -- Enable use of livenessProbe check. - enabled: true - # nodeAgent.containers.agent.livenessProbe.failureThreshold -- `failureThreshold` for the liveness probe. - failureThreshold: 3 - # nodeAgent.containers.agent.livenessProbe.initialDelaySeconds -- `initialDelaySeconds` for the liveness probe. - initialDelaySeconds: 15 - # nodeAgent.containers.agent.livenessProbe.periodSeconds -- `periodSeconds` for the liveness probe. - periodSeconds: 15 - # nodeAgent.containers.agent.livenessProbe.successThreshold -- `successThreshold` for the liveness probe. - successThreshold: 1 - # nodeAgent.containers.agent.livenessProbe.timeoutSeconds -- `timeoutSeconds` for the liveness probe. - timeoutSeconds: 5 - readinessProbe: - # nodeAgent.containers.agent.readinessProbe.enabled -- Enable use of readinessProbe check. - enabled: true - # nodeAgent.containers.agent.readinessProbe.failureThreshold -- `failureThreshold` for the readiness probe. - failureThreshold: 3 - # nodeAgent.containers.agent.readinessProbe.initialDelaySeconds -- `initialDelaySeconds` for the readiness probe. - initialDelaySeconds: 15 - # nodeAgent.containers.agent.readinessProbe.periodSeconds -- `periodSeconds` for the readiness probe. - periodSeconds: 15 - # nodeAgent.containers.agent.readinessProbe.successThreshold -- `successThreshold` for the readiness probe. - successThreshold: 1 - # nodeAgent.containers.agent.readinessProbe.timeoutSeconds -- `timeoutSeconds` for the readiness probe. - timeoutSeconds: 5 - - processAgent: - # nodeAgent.containers.processAgent.enabled -- Enable / disable the process agent container. - enabled: true - image: - # Override to pull the image from an alternate registry - registry: - # nodeAgent.containers.processAgent.image.repository -- Process-agent container image repository. - repository: stackstate/stackstate-k8s-process-agent - # nodeAgent.containers.processAgent.image.tag -- Default process-agent container image tag. - tag: "a0e29732" - # nodeAgent.containers.processAgent.image.pullPolicy -- Process-agent container image pull policy. - pullPolicy: IfNotPresent - # nodeAgent.containers.processAgent.env -- Additional environment variables for the process-agent container - env: {} - # nodeAgent.containers.processAgent.logLevel -- Set logging verbosity, valid log levels are: trace, debug, info, warn, error, critical, and off - ## If not set, fall back to the value of agent.logLevel. - logLevel: # INFO - - # nodeAgent.containers.processAgent.procVolumeReadOnly -- Configure whether /host/proc is read only for the process agent container - procVolumeReadOnly: true - - resources: - limits: - # nodeAgent.containers.processAgent.resources.limits.cpu -- CPU resource limits. - cpu: "125m" - # nodeAgent.containers.processAgent.resources.limits.cpu -- Memory resource limits. - memory: "400Mi" - requests: - # nodeAgent.containers.processAgent.resources.requests.cpu -- CPU resource requests. - cpu: "25m" - # nodeAgent.containers.processAgent.resources.requests.cpu -- Memory resource requests. - memory: "128Mi" - # nodeAgent.service -- The Kubernetes service for the agent - service: - # nodeAgent.service.type -- Type of Kubernetes service: ClusterIP, LoadBalancer, NodePort - type: ClusterIP - # nodeAgent.service.annotations -- Annotations for the service - annotations: {} - # nodeAgent.service.loadBalancerSourceRanges -- The IP4 CIDR allowed to reach LoadBalancer for the service. For LoadBalancer type of service only. - loadBalancerSourceRanges: ["10.0.0.0/8"] - - # nodeAgent.logLevel -- Logging level for agent processes. - logLevel: INFO - - # nodeAgent.updateStrategy -- The update strategy for the DaemonSet object. - updateStrategy: - type: RollingUpdate - rollingUpdate: - maxUnavailable: 100 - - # nodeAgent.nodeSelector -- Node labels for pod assignment. - nodeSelector: {} - - # nodeAgent.tolerations -- Toleration labels for pod assignment. - tolerations: [] - - # nodeAgent.affinity -- Affinity settings for pod assignment. - affinity: {} - - serviceaccount: - # nodeAgent.serviceaccount.annotations -- Annotations for the service account for the agent daemonset pods - annotations: {} - -processAgent: - softMemoryLimit: - # processAgent.softMemoryLimit.goMemLimit -- Soft-limit for golang heap allocation, for sanity, must be around 85% of nodeAgent.containers.processAgent.resources.limits.cpu. - goMemLimit: 340MiB - # processAgent.softMemoryLimit.httpStatsBufferSize -- Sets a maximum for the number of http stats to keep in memory between check runs, to use 40k requires around ~400Mib of memory. - httpStatsBufferSize: 40000 - # processAgent.softMemoryLimit.httpObservationsBufferSize -- Sets a maximum for the number of http observations to keep in memory between check runs, to use 40k requires around ~400Mib of memory. - httpObservationsBufferSize: 40000 - - checkIntervals: - # processAgent.checkIntervals.container -- Override the default value of the container check interval in seconds. - container: 28 - # processAgent.checkIntervals.connections -- Override the default value of the connections check interval in seconds. - connections: 30 - # processAgent.checkIntervals.process -- Override the default value of the process check interval in seconds. - process: 32 - -clusterAgent: - collection: - # clusterAgent.collection.kubernetesEvents -- Enable / disable the cluster agent events collection. - kubernetesEvents: true - # clusterAgent.collection.kubernetesMetrics -- Enable / disable the cluster agent metrics collection. - kubernetesMetrics: true - # clusterAgent.collection.kubernetesTimeout -- Default timeout (in seconds) when obtaining information from the Kubernetes API. - kubernetesTimeout: 10 - # clusterAgent.collection.kubernetesTopology -- Enable / disable the cluster agent topology collection. - kubernetesTopology: true - kubeStateMetrics: - # clusterAgent.collection.kubeStateMetrics.enabled -- Enable / disable the cluster agent kube-state-metrics collection. - enabled: true - # clusterAgent.collection.kubeStateMetrics.clusterCheck -- For large clusters where the Kubernetes State Metrics Check Core needs to be distributed on dedicated workers. - clusterCheck: false - # clusterAgent.collection.kubeStateMetrics.labelsAsTags -- Extra labels to collect from resources and to turn into StackState tag. - ## It has the following structure: - ## labelsAsTags: - ## : # can be pod, deployment, node, etc. - ## : # where is the kubernetes label and is the StackState tag - ## : - ## : - ## : - ## - ## Warning: the label must match the transformation done by kube-state-metrics, - ## for example tags.stackstate/version becomes tags_stackstate_version. - labelsAsTags: {} - # pod: - # app: app - # node: - # zone: zone - # team: team - - # clusterAgent.collection.kubeStateMetrics.annotationsAsTags -- Extra annotations to collect from resources and to turn into StackState tag. - - ## It has the following structure: - ## annotationsAsTags: - ## : # can be pod, deployment, node, etc. - ## : # where is the kubernetes annotation and is the StackState tag - ## : - ## : - ## : - ## - ## Warning: the annotation must match the transformation done by kube-state-metrics, - ## for example tags.stackstate/version becomes tags_stackstate_version. - annotationsAsTags: {} - kubernetesResources: - # clusterAgent.collection.kubernetesResources.limitranges -- Enable / disable collection of LimitRanges. - limitranges: true - # clusterAgent.collection.kubernetesResources.horizontalpodautoscalers -- Enable / disable collection of HorizontalPodAutoscalers. - horizontalpodautoscalers: true - # clusterAgent.collection.kubernetesResources.replicationcontrollers -- Enable / disable collection of ReplicationControllers. - replicationcontrollers: true - # clusterAgent.collection.kubernetesResources.poddisruptionbudgets -- Enable / disable collection of PodDisruptionBudgets. - poddisruptionbudgets: true - # clusterAgent.collection.kubernetesResources.storageclasses -- Enable / disable collection of StorageClasses. - storageclasses: true - # clusterAgent.collection.kubernetesResources.volumeattachments -- Enable / disable collection of Volume Attachments. Used to bind Nodes to Persistent Volumes. - volumeattachments: true - # clusterAgent.collection.kubernetesResources.namespaces -- Enable / disable collection of Namespaces. - namespaces: true - # clusterAgent.collection.kubernetesResources.configmaps -- Enable / disable collection of ConfigMaps. - configmaps: true - # clusterAgent.collection.kubernetesResources.endpoints -- Enable / disable collection of Endpoints. If endpoints are disabled then StackState won't be able to connect a Service to Pods that serving it - endpoints: true - # clusterAgent.collection.kubernetesResources.persistentvolumes -- Enable / disable collection of PersistentVolumes. - persistentvolumes: true - # clusterAgent.collection.kubernetesResources.persistentvolumeclaims -- Enable / disable collection of PersistentVolumeClaims. Disabling these will not let StackState connect PersistentVolumes to pods they are attached to - persistentvolumeclaims: true - # clusterAgent.collection.kubernetesResources.secrets -- Enable / disable collection of Secrets. - secrets: true - # clusterAgent.collection.kubernetesResources.daemonsets -- Enable / disable collection of DaemonSets. - daemonsets: true - # clusterAgent.collection.kubernetesResources.deployments -- Enable / disable collection of Deployments. - deployments: true - # clusterAgent.collection.kubernetesResources.replicasets -- Enable / disable collection of ReplicaSets. - replicasets: true - # clusterAgent.collection.kubernetesResources.statefulsets -- Enable / disable collection of StatefulSets. - statefulsets: true - # clusterAgent.collection.kubernetesResources.ingresses -- Enable / disable collection of Ingresses. - ingresses: true - # clusterAgent.collection.kubernetesResources.cronjobs -- Enable / disable collection of CronJobs. - cronjobs: true - # clusterAgent.collection.kubernetesResources.jobs -- Enable / disable collection of Jobs. - jobs: true - # clusterAgent.collection.kubernetesResources.resourcequotas -- Enable / disable collection of ResourceQuotas. - resourcequotas: true - - # clusterAgent.config -- - config: - events: - # clusterAgent.config.events.categories -- Custom mapping from Kubernetes event reason to StackState event category. Categories allowed: Alerts, Activities, Changes, Others - categories: {} - topology: - # clusterAgent.config.topology.collectionInterval -- Interval for running topology collection, in seconds - collectionInterval: 90 - configMap: - # clusterAgent.config.configMap.maxDataSize -- Maximum amount of characters for the data property of a ConfigMap collected by the kubernetes topology check - maxDataSize: - # clusterAgent.config.override -- A list of objects containing three keys `name`, `path` and `data`, specifying filenames at specific paths which need to be (potentially) overridden using a mounted configmap - override: [] - - service: - # clusterAgent.service.port -- Change the Cluster Agent service port - port: 5005 - # clusterAgent.service.targetPort -- Change the Cluster Agent service targetPort - targetPort: 5005 - - # clusterAgent.enabled -- Enable / disable the cluster agent. - enabled: true - - # clusterAgent.skipSslValidation -- If true, ignores the server certificate being signed by an unknown authority. - skipSslValidation: false - - image: - # clusterAgent.image.repository -- Base container image repository. - repository: stackstate/stackstate-k8s-cluster-agent - # clusterAgent.image.tag -- Default container image tag. - tag: "1e287e80" - # clusterAgent.image.pullPolicy -- Default container image pull policy. - pullPolicy: IfNotPresent - - livenessProbe: - # clusterAgent.livenessProbe.enabled -- Enable use of livenessProbe check. - enabled: true - # clusterAgent.livenessProbe.failureThreshold -- `failureThreshold` for the liveness probe. - failureThreshold: 3 - # clusterAgent.livenessProbe.initialDelaySeconds -- `initialDelaySeconds` for the liveness probe. - initialDelaySeconds: 15 - # clusterAgent.livenessProbe.periodSeconds -- `periodSeconds` for the liveness probe. - periodSeconds: 15 - # clusterAgent.livenessProbe.successThreshold -- `successThreshold` for the liveness probe. - successThreshold: 1 - # clusterAgent.livenessProbe.timeoutSeconds -- `timeoutSeconds` for the liveness probe. - timeoutSeconds: 5 - - # clusterAgent.logLevel -- Logging level for stackstate-k8s-agent processes. - logLevel: INFO - - # clusterAgent.priorityClassName -- Priority class for stackstate-k8s-agent pods. - priorityClassName: "" - - readinessProbe: - # clusterAgent.readinessProbe.enabled -- Enable use of readinessProbe check. - enabled: true - # clusterAgent.readinessProbe.failureThreshold -- `failureThreshold` for the readiness probe. - failureThreshold: 3 - # clusterAgent.readinessProbe.initialDelaySeconds -- `initialDelaySeconds` for the readiness probe. - initialDelaySeconds: 15 - # clusterAgent.readinessProbe.periodSeconds -- `periodSeconds` for the readiness probe. - periodSeconds: 15 - # clusterAgent.readinessProbe.successThreshold -- `successThreshold` for the readiness probe. - successThreshold: 1 - # clusterAgent.readinessProbe.timeoutSeconds -- `timeoutSeconds` for the readiness probe. - timeoutSeconds: 5 - - # clusterAgent.replicaCount -- Number of replicas of the cluster agent to deploy. - replicaCount: 1 - - serviceaccount: - # clusterAgent.serviceaccount.annotations -- Annotations for the service account for the cluster agent pods - annotations: {} - - # clusterAgent.strategy -- The strategy for the Deployment object. - strategy: - type: RollingUpdate - # rollingUpdate: - # maxUnavailable: 1 - - resources: - limits: - # clusterAgent.resources.limits.cpu -- CPU resource limits. - cpu: "400m" - # clusterAgent.resources.limits.memory -- Memory resource limits. - memory: "800Mi" - requests: - # clusterAgent.resources.requests.cpu -- CPU resource requests. - cpu: "70m" - # clusterAgent.resources.requests.memory -- Memory resource requests. - memory: "512Mi" - - # clusterAgent.nodeSelector -- Node labels for pod assignment. - nodeSelector: {} - - # clusterAgent.tolerations -- Toleration labels for pod assignment. - tolerations: [] - - # clusterAgent.affinity -- Affinity settings for pod assignment. - affinity: {} - -openShiftLogging: - # openShiftLogging.installSecret -- Install a secret for logging on openshift - installSecret: false - -logsAgent: - # logsAgent.enabled -- Enable / disable k8s pod log collection - enabled: true - - # logsAgent.skipSslValidation -- If true, ignores the server certificate being signed by an unknown authority. - skipSslValidation: false - - # logsAgent.priorityClassName -- Priority class for logsAgent pods. - priorityClassName: "" - - image: - # logsAgent.image.repository -- Base container image repository. - repository: stackstate/promtail - # logsAgent.image.tag -- Default container image tag. - tag: 2.9.8-5b179aee - # logsAgent.image.pullPolicy -- Default container image pull policy. - pullPolicy: IfNotPresent - - resources: - limits: - # logsAgent.resources.limits.cpu -- CPU resource limits. - cpu: "1300m" - # logsAgent.resources.limits.cpu -- Memory resource limits. - memory: "192Mi" - requests: - # logsAgent.resources.requests.cpu -- CPU resource requests. - cpu: "20m" - # logsAgent.resources.requests.cpu -- Memory resource requests. - memory: "100Mi" - - # logsAgent.updateStrategy -- The update strategy for the DaemonSet object. - updateStrategy: - type: RollingUpdate - rollingUpdate: - maxUnavailable: 100 - - # logsAgent.nodeSelector -- Node labels for pod assignment. - nodeSelector: {} - - # logsAgent.tolerations -- Toleration labels for pod assignment. - tolerations: [] - - # logsAgent.affinity -- Affinity settings for pod assignment. - affinity: {} - - serviceaccount: - # logsAgent.serviceaccount.annotations -- Annotations for the service account for the daemonset pods - annotations: {} - -checksAgent: - # checksAgent.enabled -- Enable / disable runnning cluster checks in a separately deployed pod - enabled: true - scc: - # checksAgent.scc.enabled -- Enable / disable the installation of the SecurityContextConfiguration needed for installation on OpenShift - enabled: false - apm: - # checksAgent.apm.enabled -- Enable / disable the agent APM module. - enabled: true - networkTracing: - # checksAgent.networkTracing.enabled -- Enable / disable the agent network tracing module. - enabled: true - processAgent: - # checksAgent.processAgent.enabled -- Enable / disable the agent process agent module. - enabled: true - # checksAgent.skipSslValidation -- Set to true if self signed certificates are used. - skipSslValidation: false - - # nodeAgent.checksTagCardinality -- low, orchestrator or high. Orchestrator level adds pod_name, high adds display_container_name - checksTagCardinality: orchestrator - - # checksAgent.config -- - config: - # checksAgent.config.override -- A list of objects containing three keys `name`, `path` and `data`, specifying filenames at specific paths which need to be (potentially) overridden using a mounted configmap - override: [] - - image: - # checksAgent.image.repository -- Base container image repository. - repository: stackstate/stackstate-k8s-agent - # checksAgent.image.tag -- Default container image tag. - tag: "1e287e80" - # checksAgent.image.pullPolicy -- Default container image pull policy. - pullPolicy: IfNotPresent - - livenessProbe: - # checksAgent.livenessProbe.enabled -- Enable use of livenessProbe check. - enabled: true - # checksAgent.livenessProbe.failureThreshold -- `failureThreshold` for the liveness probe. - failureThreshold: 3 - # checksAgent.livenessProbe.initialDelaySeconds -- `initialDelaySeconds` for the liveness probe. - initialDelaySeconds: 15 - # checksAgent.livenessProbe.periodSeconds -- `periodSeconds` for the liveness probe. - periodSeconds: 15 - # checksAgent.livenessProbe.successThreshold -- `successThreshold` for the liveness probe. - successThreshold: 1 - # checksAgent.livenessProbe.timeoutSeconds -- `timeoutSeconds` for the liveness probe. - timeoutSeconds: 5 - - # checksAgent.logLevel -- Logging level for clusterchecks agent processes. - logLevel: INFO - - # checksAgent.priorityClassName -- Priority class for clusterchecks agent pods. - priorityClassName: "" - - readinessProbe: - # checksAgent.readinessProbe.enabled -- Enable use of readinessProbe check. - enabled: true - # checksAgent.readinessProbe.failureThreshold -- `failureThreshold` for the readiness probe. - failureThreshold: 3 - # checksAgent.readinessProbe.initialDelaySeconds -- `initialDelaySeconds` for the readiness probe. - initialDelaySeconds: 15 - # checksAgent.readinessProbe.periodSeconds -- `periodSeconds` for the readiness probe. - periodSeconds: 15 - # checksAgent.readinessProbe.successThreshold -- `successThreshold` for the readiness probe. - successThreshold: 1 - # checksAgent.readinessProbe.timeoutSeconds -- `timeoutSeconds` for the readiness probe. - timeoutSeconds: 5 - - # checksAgent.replicas -- Number of clusterchecks agent pods to schedule - replicas: 1 - - resources: - limits: - # checksAgent.resources.limits.cpu -- CPU resource limits. - cpu: "400m" - # checksAgent.resources.limits.cpu -- Memory resource limits. - memory: "600Mi" - requests: - # checksAgent.resources.requests.cpu -- CPU resource requests. - cpu: "20m" - # checksAgent.resources.requests.cpu -- Memory resource requests. - memory: "512Mi" - - serviceaccount: - # checksAgent.serviceaccount.annotations -- Annotations for the service account for the cluster checks pods - annotations: {} - - # checksAgent.strategy -- The strategy for the Deployment object. - strategy: - type: RollingUpdate - # rollingUpdate: - # maxUnavailable: 1 - - # checksAgent.nodeSelector -- Node labels for pod assignment. - nodeSelector: {} - - # checksAgent.tolerations -- Toleration labels for pod assignment. - tolerations: [] - - # checksAgent.affinity -- Affinity settings for pod assignment. - affinity: {} - -################################## -# http-header-injector variables # -################################## - -httpHeaderInjectorWebhook: - # httpHeaderInjectorWebhook.enabled -- Enable the webhook for injection http header injection sidecar proxy - enabled: false - -######################## -# StackState variables # -######################## - -stackstate: - # stackstate.manageOwnSecrets -- Set to true if you don't want this helm chart to create secrets for you. - manageOwnSecrets: false - # stackstate.customSecretName -- Name of the secret containing the receiver API key. - customSecretName: "" - # stackstate.customApiKeySecretKey -- Key in the secret containing the receiver API key. - customApiKeySecretKey: "sts-api-key" - # stackstate.customClusterAuthTokenSecretKey -- Key in the secret containing the cluster auth token. - customClusterAuthTokenSecretKey: "sts-cluster-auth-token" - # stackstate.apiKey -- (string) **PROVIDE YOUR API KEY HERE** API key to be used by the StackState agent. - apiKey: - cluster: - # stackstate.cluster.name -- (string) **PROVIDE KUBERNETES CLUSTER NAME HERE** Name of the Kubernetes cluster where the agent will be installed. - name: - # stackstate.cluster.authToken -- Provide a token to enable secure communication between the agent and the cluster agent. - authToken: "" - # stackstate.url -- (string) **PROVIDE STACKSTATE URL HERE** URL of the StackState installation to receive data from the agent. - url: diff --git a/charts/stackstate/stackstate-k8s-agent/1.0.90/.helmignore b/charts/stackstate/stackstate-k8s-agent/1.0.90/.helmignore deleted file mode 100644 index 15a5c1277..000000000 --- a/charts/stackstate/stackstate-k8s-agent/1.0.90/.helmignore +++ /dev/null @@ -1,26 +0,0 @@ -# Patterns to ignore when building packages. -# This supports shell glob matching, relative path matching, and -# negation (prefixed with !). Only one pattern per line. -.DS_Store -# Common VCS dirs -.git/ -.gitignore -.bzr/ -.bzrignore -.hg/ -.hgignore -.svn/ -# Common backup files -*.swp -*.bak -*.tmp -*~ -# Various IDEs -.project -.idea/ -*.tmproj -.vscode/ -linter_values.yaml -ci/ -installation/ -logo.svg diff --git a/charts/stackstate/stackstate-k8s-agent/1.0.90/Chart.lock b/charts/stackstate/stackstate-k8s-agent/1.0.90/Chart.lock deleted file mode 100644 index a8df83f13..000000000 --- a/charts/stackstate/stackstate-k8s-agent/1.0.90/Chart.lock +++ /dev/null @@ -1,6 +0,0 @@ -dependencies: -- name: http-header-injector - repository: https://helm.stackstate.io - version: 0.0.11 -digest: sha256:ae5ad7c3176f89b71aabef7cd75f99394750f4fffb9905b86fb45c345595c24c -generated: "2024-05-30T13:30:45.346757+02:00" diff --git a/charts/stackstate/stackstate-k8s-agent/1.0.90/Chart.yaml b/charts/stackstate/stackstate-k8s-agent/1.0.90/Chart.yaml deleted file mode 100644 index 158e9c2d7..000000000 --- a/charts/stackstate/stackstate-k8s-agent/1.0.90/Chart.yaml +++ /dev/null @@ -1,26 +0,0 @@ -annotations: - catalog.cattle.io/certified: partner - catalog.cattle.io/display-name: StackState Agent - catalog.cattle.io/kube-version: '>=1.19.0-0' - catalog.cattle.io/release-name: stackstate-k8s-agent -apiVersion: v2 -appVersion: 3.0.0 -dependencies: -- alias: httpHeaderInjectorWebhook - name: http-header-injector - repository: file://./charts/http-header-injector - version: 0.0.11 -deprecated: true -description: Helm chart for the StackState Agent. -home: https://github.com/StackVista/stackstate-agent -icon: file://assets/icons/stackstate-k8s-agent.svg -keywords: -- monitoring -- observability -- stackstate -kubeVersion: '>=1.19.0-0' -maintainers: -- email: ops@stackstate.com - name: Stackstate -name: stackstate-k8s-agent -version: 1.0.90 diff --git a/charts/stackstate/stackstate-k8s-agent/1.0.90/README.md b/charts/stackstate/stackstate-k8s-agent/1.0.90/README.md deleted file mode 100644 index f71691eb3..000000000 --- a/charts/stackstate/stackstate-k8s-agent/1.0.90/README.md +++ /dev/null @@ -1,263 +0,0 @@ -# stackstate-k8s-agent - -Helm chart for the StackState Agent. - -Current chart version is `1.0.90` - -**Homepage:** - -## Requirements - -| Repository | Name | Version | -|------------|------|---------| -| https://helm.stackstate.io | httpHeaderInjectorWebhook(http-header-injector) | 0.0.11 | - -## Required Values - -In order to successfully install this chart, you **must** provide the following variables: - -* `stackstate.apiKey` -* `stackstate.cluster.name` -* `stackstate.url` - -The parameter `stackstate.cluster.name` is entered when installing the Cluster Agent StackPack. - -Install them on the command line on Helm with the following command: - -```shell -helm install \ ---set-string 'stackstate.apiKey'='' \ ---set-string 'stackstate.cluster.name'='' \ ---set-string 'stackstate.url'='' \ -stackstate/stackstate-k8s-agent -``` - -## Recommended Values - -It is also recommended that you set a value for `stackstate.cluster.authToken`. If it is not provided, a value will be generated for you, but the value will change each time an upgrade is performed. - -The command for **also** installing with a set token would be: - -```shell -helm install \ ---set-string 'stackstate.apiKey'='' \ ---set-string 'stackstate.cluster.name'='' \ ---set-string 'stackstate.cluster.authToken'='' \ ---set-string 'stackstate.url'='' \ -stackstate/stackstate-k8s-agent -``` - -## Values - -| Key | Type | Default | Description | -|-----|------|---------|-------------| -| all.hardening.enabled | bool | `false` | An indication of whether the containers will be evaluated for hardening at runtime | -| all.image.registry | string | `"quay.io"` | The image registry to use. | -| checksAgent.affinity | object | `{}` | Affinity settings for pod assignment. | -| checksAgent.apm.enabled | bool | `true` | Enable / disable the agent APM module. | -| checksAgent.checksTagCardinality | string | `"orchestrator"` | | -| checksAgent.config | object | `{"override":[]}` | | -| checksAgent.config.override | list | `[]` | A list of objects containing three keys `name`, `path` and `data`, specifying filenames at specific paths which need to be (potentially) overridden using a mounted configmap | -| checksAgent.enabled | bool | `true` | Enable / disable runnning cluster checks in a separately deployed pod | -| checksAgent.image.pullPolicy | string | `"IfNotPresent"` | Default container image pull policy. | -| checksAgent.image.repository | string | `"stackstate/stackstate-k8s-agent"` | Base container image repository. | -| checksAgent.image.tag | string | `"98a3fa1c"` | Default container image tag. | -| checksAgent.livenessProbe.enabled | bool | `true` | Enable use of livenessProbe check. | -| checksAgent.livenessProbe.failureThreshold | int | `3` | `failureThreshold` for the liveness probe. | -| checksAgent.livenessProbe.initialDelaySeconds | int | `15` | `initialDelaySeconds` for the liveness probe. | -| checksAgent.livenessProbe.periodSeconds | int | `15` | `periodSeconds` for the liveness probe. | -| checksAgent.livenessProbe.successThreshold | int | `1` | `successThreshold` for the liveness probe. | -| checksAgent.livenessProbe.timeoutSeconds | int | `5` | `timeoutSeconds` for the liveness probe. | -| checksAgent.logLevel | string | `"INFO"` | Logging level for clusterchecks agent processes. | -| checksAgent.networkTracing.enabled | bool | `true` | Enable / disable the agent network tracing module. | -| checksAgent.nodeSelector | object | `{}` | Node labels for pod assignment. | -| checksAgent.priorityClassName | string | `""` | Priority class for clusterchecks agent pods. | -| checksAgent.processAgent.enabled | bool | `true` | Enable / disable the agent process agent module. | -| checksAgent.readinessProbe.enabled | bool | `true` | Enable use of readinessProbe check. | -| checksAgent.readinessProbe.failureThreshold | int | `3` | `failureThreshold` for the readiness probe. | -| checksAgent.readinessProbe.initialDelaySeconds | int | `15` | `initialDelaySeconds` for the readiness probe. | -| checksAgent.readinessProbe.periodSeconds | int | `15` | `periodSeconds` for the readiness probe. | -| checksAgent.readinessProbe.successThreshold | int | `1` | `successThreshold` for the readiness probe. | -| checksAgent.readinessProbe.timeoutSeconds | int | `5` | `timeoutSeconds` for the readiness probe. | -| checksAgent.replicas | int | `1` | Number of clusterchecks agent pods to schedule | -| checksAgent.resources.limits.cpu | string | `"400m"` | Memory resource limits. | -| checksAgent.resources.limits.memory | string | `"600Mi"` | | -| checksAgent.resources.requests.cpu | string | `"20m"` | Memory resource requests. | -| checksAgent.resources.requests.memory | string | `"512Mi"` | | -| checksAgent.scc.enabled | bool | `false` | Enable / disable the installation of the SecurityContextConfiguration needed for installation on OpenShift | -| checksAgent.serviceaccount.annotations | object | `{}` | Annotations for the service account for the cluster checks pods | -| checksAgent.skipSslValidation | bool | `false` | Set to true if self signed certificates are used. | -| checksAgent.strategy | object | `{"type":"RollingUpdate"}` | The strategy for the Deployment object. | -| checksAgent.tolerations | list | `[]` | Toleration labels for pod assignment. | -| clusterAgent.affinity | object | `{}` | Affinity settings for pod assignment. | -| clusterAgent.collection.kubeStateMetrics.annotationsAsTags | object | `{}` | Extra annotations to collect from resources and to turn into StackState tag. | -| clusterAgent.collection.kubeStateMetrics.clusterCheck | bool | `false` | For large clusters where the Kubernetes State Metrics Check Core needs to be distributed on dedicated workers. | -| clusterAgent.collection.kubeStateMetrics.enabled | bool | `true` | Enable / disable the cluster agent kube-state-metrics collection. | -| clusterAgent.collection.kubeStateMetrics.labelsAsTags | object | `{}` | Extra labels to collect from resources and to turn into StackState tag. # It has the following structure: # labelsAsTags: # : # can be pod, deployment, node, etc. # : # where is the kubernetes label and is the StackState tag # : # : # : # # Warning: the label must match the transformation done by kube-state-metrics, # for example tags.stackstate/version becomes tags_stackstate_version. | -| clusterAgent.collection.kubernetesEvents | bool | `true` | Enable / disable the cluster agent events collection. | -| clusterAgent.collection.kubernetesMetrics | bool | `true` | Enable / disable the cluster agent metrics collection. | -| clusterAgent.collection.kubernetesResources.configmaps | bool | `true` | Enable / disable collection of ConfigMaps. | -| clusterAgent.collection.kubernetesResources.cronjobs | bool | `true` | Enable / disable collection of CronJobs. | -| clusterAgent.collection.kubernetesResources.daemonsets | bool | `true` | Enable / disable collection of DaemonSets. | -| clusterAgent.collection.kubernetesResources.deployments | bool | `true` | Enable / disable collection of Deployments. | -| clusterAgent.collection.kubernetesResources.endpoints | bool | `true` | Enable / disable collection of Endpoints. If endpoints are disabled then StackState won't be able to connect a Service to Pods that serving it | -| clusterAgent.collection.kubernetesResources.horizontalpodautoscalers | bool | `true` | Enable / disable collection of HorizontalPodAutoscalers. | -| clusterAgent.collection.kubernetesResources.ingresses | bool | `true` | Enable / disable collection of Ingresses. | -| clusterAgent.collection.kubernetesResources.jobs | bool | `true` | Enable / disable collection of Jobs. | -| clusterAgent.collection.kubernetesResources.limitranges | bool | `true` | Enable / disable collection of LimitRanges. | -| clusterAgent.collection.kubernetesResources.namespaces | bool | `true` | Enable / disable collection of Namespaces. | -| clusterAgent.collection.kubernetesResources.persistentvolumeclaims | bool | `true` | Enable / disable collection of PersistentVolumeClaims. Disabling these will not let StackState connect PersistentVolumes to pods they are attached to | -| clusterAgent.collection.kubernetesResources.persistentvolumes | bool | `true` | Enable / disable collection of PersistentVolumes. | -| clusterAgent.collection.kubernetesResources.poddisruptionbudgets | bool | `true` | Enable / disable collection of PodDisruptionBudgets. | -| clusterAgent.collection.kubernetesResources.replicasets | bool | `true` | Enable / disable collection of ReplicaSets. | -| clusterAgent.collection.kubernetesResources.replicationcontrollers | bool | `true` | Enable / disable collection of ReplicationControllers. | -| clusterAgent.collection.kubernetesResources.resourcequotas | bool | `true` | Enable / disable collection of ResourceQuotas. | -| clusterAgent.collection.kubernetesResources.secrets | bool | `true` | Enable / disable collection of Secrets. | -| clusterAgent.collection.kubernetesResources.statefulsets | bool | `true` | Enable / disable collection of StatefulSets. | -| clusterAgent.collection.kubernetesResources.storageclasses | bool | `true` | Enable / disable collection of StorageClasses. | -| clusterAgent.collection.kubernetesResources.volumeattachments | bool | `true` | Enable / disable collection of Volume Attachments. Used to bind Nodes to Persistent Volumes. | -| clusterAgent.collection.kubernetesTimeout | int | `10` | Default timeout (in seconds) when obtaining information from the Kubernetes API. | -| clusterAgent.collection.kubernetesTopology | bool | `true` | Enable / disable the cluster agent topology collection. | -| clusterAgent.config | object | `{"configMap":{"maxDataSize":null},"events":{"categories":{}},"override":[],"topology":{"collectionInterval":90}}` | | -| clusterAgent.config.configMap.maxDataSize | string | `nil` | Maximum amount of characters for the data property of a ConfigMap collected by the kubernetes topology check | -| clusterAgent.config.events.categories | object | `{}` | Custom mapping from Kubernetes event reason to StackState event category. Categories allowed: Alerts, Activities, Changes, Others | -| clusterAgent.config.override | list | `[]` | A list of objects containing three keys `name`, `path` and `data`, specifying filenames at specific paths which need to be (potentially) overridden using a mounted configmap | -| clusterAgent.config.topology.collectionInterval | int | `90` | Interval for running topology collection, in seconds | -| clusterAgent.enabled | bool | `true` | Enable / disable the cluster agent. | -| clusterAgent.image.pullPolicy | string | `"IfNotPresent"` | Default container image pull policy. | -| clusterAgent.image.repository | string | `"stackstate/stackstate-k8s-cluster-agent"` | Base container image repository. | -| clusterAgent.image.tag | string | `"98a3fa1c"` | Default container image tag. | -| clusterAgent.livenessProbe.enabled | bool | `true` | Enable use of livenessProbe check. | -| clusterAgent.livenessProbe.failureThreshold | int | `3` | `failureThreshold` for the liveness probe. | -| clusterAgent.livenessProbe.initialDelaySeconds | int | `15` | `initialDelaySeconds` for the liveness probe. | -| clusterAgent.livenessProbe.periodSeconds | int | `15` | `periodSeconds` for the liveness probe. | -| clusterAgent.livenessProbe.successThreshold | int | `1` | `successThreshold` for the liveness probe. | -| clusterAgent.livenessProbe.timeoutSeconds | int | `5` | `timeoutSeconds` for the liveness probe. | -| clusterAgent.logLevel | string | `"INFO"` | Logging level for stackstate-k8s-agent processes. | -| clusterAgent.nodeSelector | object | `{}` | Node labels for pod assignment. | -| clusterAgent.priorityClassName | string | `""` | Priority class for stackstate-k8s-agent pods. | -| clusterAgent.readinessProbe.enabled | bool | `true` | Enable use of readinessProbe check. | -| clusterAgent.readinessProbe.failureThreshold | int | `3` | `failureThreshold` for the readiness probe. | -| clusterAgent.readinessProbe.initialDelaySeconds | int | `15` | `initialDelaySeconds` for the readiness probe. | -| clusterAgent.readinessProbe.periodSeconds | int | `15` | `periodSeconds` for the readiness probe. | -| clusterAgent.readinessProbe.successThreshold | int | `1` | `successThreshold` for the readiness probe. | -| clusterAgent.readinessProbe.timeoutSeconds | int | `5` | `timeoutSeconds` for the readiness probe. | -| clusterAgent.replicaCount | int | `1` | Number of replicas of the cluster agent to deploy. | -| clusterAgent.resources.limits.cpu | string | `"400m"` | CPU resource limits. | -| clusterAgent.resources.limits.memory | string | `"800Mi"` | Memory resource limits. | -| clusterAgent.resources.requests.cpu | string | `"70m"` | CPU resource requests. | -| clusterAgent.resources.requests.memory | string | `"512Mi"` | Memory resource requests. | -| clusterAgent.service.port | int | `5005` | Change the Cluster Agent service port | -| clusterAgent.service.targetPort | int | `5005` | Change the Cluster Agent service targetPort | -| clusterAgent.serviceaccount.annotations | object | `{}` | Annotations for the service account for the cluster agent pods | -| clusterAgent.skipSslValidation | bool | `false` | If true, ignores the server certificate being signed by an unknown authority. | -| clusterAgent.strategy | object | `{"type":"RollingUpdate"}` | The strategy for the Deployment object. | -| clusterAgent.tolerations | list | `[]` | Toleration labels for pod assignment. | -| fullnameOverride | string | `""` | Override the fullname of the chart. | -| global.extraAnnotations | object | `{}` | Extra annotations added ta all resources created by the helm chart | -| global.extraEnv.open | object | `{}` | Extra open environment variables to inject into pods. | -| global.extraEnv.secret | object | `{}` | Extra secret environment variables to inject into pods via a `Secret` object. | -| global.extraLabels | object | `{}` | Extra labels added ta all resources created by the helm chart | -| global.imagePullCredentials | object | `{}` | Globally define credentials for pulling images. | -| global.imagePullSecrets | list | `[]` | Secrets / credentials needed for container image registry. | -| global.proxy.url | string | `""` | Proxy for all traffic to stackstate | -| global.skipSslValidation | bool | `false` | Enable tls validation from client | -| httpHeaderInjectorWebhook.enabled | bool | `false` | Enable the webhook for injection http header injection sidecar proxy | -| logsAgent.affinity | object | `{}` | Affinity settings for pod assignment. | -| logsAgent.enabled | bool | `true` | Enable / disable k8s pod log collection | -| logsAgent.image.pullPolicy | string | `"IfNotPresent"` | Default container image pull policy. | -| logsAgent.image.repository | string | `"stackstate/promtail"` | Base container image repository. | -| logsAgent.image.tag | string | `"2.9.8-5b179aee"` | Default container image tag. | -| logsAgent.nodeSelector | object | `{}` | Node labels for pod assignment. | -| logsAgent.priorityClassName | string | `""` | Priority class for logsAgent pods. | -| logsAgent.resources.limits.cpu | string | `"1300m"` | Memory resource limits. | -| logsAgent.resources.limits.memory | string | `"192Mi"` | | -| logsAgent.resources.requests.cpu | string | `"20m"` | Memory resource requests. | -| logsAgent.resources.requests.memory | string | `"100Mi"` | | -| logsAgent.serviceaccount.annotations | object | `{}` | Annotations for the service account for the daemonset pods | -| logsAgent.skipSslValidation | bool | `false` | If true, ignores the server certificate being signed by an unknown authority. | -| logsAgent.tolerations | list | `[]` | Toleration labels for pod assignment. | -| logsAgent.updateStrategy | object | `{"rollingUpdate":{"maxUnavailable":100},"type":"RollingUpdate"}` | The update strategy for the DaemonSet object. | -| nameOverride | string | `""` | Override the name of the chart. | -| nodeAgent.affinity | object | `{}` | Affinity settings for pod assignment. | -| nodeAgent.apm.enabled | bool | `true` | Enable / disable the nodeAgent APM module. | -| nodeAgent.autoScalingEnabled | bool | `false` | Enable / disable autoscaling for the node agent pods. | -| nodeAgent.checksTagCardinality | string | `"orchestrator"` | low, orchestrator or high. Orchestrator level adds pod_name, high adds display_container_name | -| nodeAgent.config | object | `{"override":[]}` | | -| nodeAgent.config.override | list | `[]` | A list of objects containing three keys `name`, `path` and `data`, specifying filenames at specific paths which need to be (potentially) overridden using a mounted configmap | -| nodeAgent.containerRuntime.customSocketPath | string | `""` | If the container socket path does not match the default for CRI-O, Containerd or Docker, supply a custom socket path. | -| nodeAgent.containerRuntime.hostProc | string | `"/proc"` | | -| nodeAgent.containers.agent.env | object | `{}` | Additional environment variables for the agent container | -| nodeAgent.containers.agent.image.pullPolicy | string | `"IfNotPresent"` | Default container image pull policy. | -| nodeAgent.containers.agent.image.repository | string | `"stackstate/stackstate-k8s-agent"` | Base container image repository. | -| nodeAgent.containers.agent.image.tag | string | `"98a3fa1c"` | Default container image tag. | -| nodeAgent.containers.agent.livenessProbe.enabled | bool | `true` | Enable use of livenessProbe check. | -| nodeAgent.containers.agent.livenessProbe.failureThreshold | int | `3` | `failureThreshold` for the liveness probe. | -| nodeAgent.containers.agent.livenessProbe.initialDelaySeconds | int | `15` | `initialDelaySeconds` for the liveness probe. | -| nodeAgent.containers.agent.livenessProbe.periodSeconds | int | `15` | `periodSeconds` for the liveness probe. | -| nodeAgent.containers.agent.livenessProbe.successThreshold | int | `1` | `successThreshold` for the liveness probe. | -| nodeAgent.containers.agent.livenessProbe.timeoutSeconds | int | `5` | `timeoutSeconds` for the liveness probe. | -| nodeAgent.containers.agent.logLevel | string | `nil` | Set logging verbosity, valid log levels are: trace, debug, info, warn, error, critical, and off # If not set, fall back to the value of agent.logLevel. | -| nodeAgent.containers.agent.processAgent.enabled | bool | `false` | Enable / disable the agent process agent module. - deprecated | -| nodeAgent.containers.agent.readinessProbe.enabled | bool | `true` | Enable use of readinessProbe check. | -| nodeAgent.containers.agent.readinessProbe.failureThreshold | int | `3` | `failureThreshold` for the readiness probe. | -| nodeAgent.containers.agent.readinessProbe.initialDelaySeconds | int | `15` | `initialDelaySeconds` for the readiness probe. | -| nodeAgent.containers.agent.readinessProbe.periodSeconds | int | `15` | `periodSeconds` for the readiness probe. | -| nodeAgent.containers.agent.readinessProbe.successThreshold | int | `1` | `successThreshold` for the readiness probe. | -| nodeAgent.containers.agent.readinessProbe.timeoutSeconds | int | `5` | `timeoutSeconds` for the readiness probe. | -| nodeAgent.containers.agent.resources.limits.cpu | string | `"270m"` | Memory resource limits. | -| nodeAgent.containers.agent.resources.limits.memory | string | `"420Mi"` | | -| nodeAgent.containers.agent.resources.requests.cpu | string | `"20m"` | Memory resource requests. | -| nodeAgent.containers.agent.resources.requests.memory | string | `"180Mi"` | | -| nodeAgent.containers.processAgent.enabled | bool | `true` | Enable / disable the process agent container. | -| nodeAgent.containers.processAgent.env | object | `{}` | Additional environment variables for the process-agent container | -| nodeAgent.containers.processAgent.image.pullPolicy | string | `"IfNotPresent"` | Process-agent container image pull policy. | -| nodeAgent.containers.processAgent.image.registry | string | `nil` | | -| nodeAgent.containers.processAgent.image.repository | string | `"stackstate/stackstate-k8s-process-agent"` | Process-agent container image repository. | -| nodeAgent.containers.processAgent.image.tag | string | `"a0e29732"` | Default process-agent container image tag. | -| nodeAgent.containers.processAgent.logLevel | string | `nil` | Set logging verbosity, valid log levels are: trace, debug, info, warn, error, critical, and off # If not set, fall back to the value of agent.logLevel. | -| nodeAgent.containers.processAgent.procVolumeReadOnly | bool | `true` | Configure whether /host/proc is read only for the process agent container | -| nodeAgent.containers.processAgent.resources.limits.cpu | string | `"125m"` | Memory resource limits. | -| nodeAgent.containers.processAgent.resources.limits.memory | string | `"400Mi"` | | -| nodeAgent.containers.processAgent.resources.requests.cpu | string | `"25m"` | Memory resource requests. | -| nodeAgent.containers.processAgent.resources.requests.memory | string | `"128Mi"` | | -| nodeAgent.httpTracing.enabled | bool | `true` | | -| nodeAgent.logLevel | string | `"INFO"` | Logging level for agent processes. | -| nodeAgent.networkTracing.enabled | bool | `true` | Enable / disable the nodeAgent network tracing module. | -| nodeAgent.nodeSelector | object | `{}` | Node labels for pod assignment. | -| nodeAgent.priorityClassName | string | `""` | Priority class for nodeAgent pods. | -| nodeAgent.protocolInspection.enabled | bool | `true` | Enable / disable the nodeAgent protocol inspection. | -| nodeAgent.scaling.autoscalerLimits.agent.maximum.cpu | string | `"200m"` | Maximum CPU resource limits for main agent. | -| nodeAgent.scaling.autoscalerLimits.agent.maximum.memory | string | `"450Mi"` | Maximum memory resource limits for main agent. | -| nodeAgent.scaling.autoscalerLimits.agent.minimum.cpu | string | `"20m"` | Minimum CPU resource limits for main agent. | -| nodeAgent.scaling.autoscalerLimits.agent.minimum.memory | string | `"180Mi"` | Minimum memory resource limits for main agent. | -| nodeAgent.scaling.autoscalerLimits.processAgent.maximum.cpu | string | `"200m"` | Maximum CPU resource limits for process agent. | -| nodeAgent.scaling.autoscalerLimits.processAgent.maximum.memory | string | `"500Mi"` | Maximum memory resource limits for process agent. | -| nodeAgent.scaling.autoscalerLimits.processAgent.minimum.cpu | string | `"25m"` | Minimum CPU resource limits for process agent. | -| nodeAgent.scaling.autoscalerLimits.processAgent.minimum.memory | string | `"100Mi"` | Minimum memory resource limits for process agent. | -| nodeAgent.scc.enabled | bool | `false` | Enable / disable the installation of the SecurityContextConfiguration needed for installation on OpenShift. | -| nodeAgent.service | object | `{"annotations":{},"loadBalancerSourceRanges":["10.0.0.0/8"],"type":"ClusterIP"}` | The Kubernetes service for the agent | -| nodeAgent.service.annotations | object | `{}` | Annotations for the service | -| nodeAgent.service.loadBalancerSourceRanges | list | `["10.0.0.0/8"]` | The IP4 CIDR allowed to reach LoadBalancer for the service. For LoadBalancer type of service only. | -| nodeAgent.service.type | string | `"ClusterIP"` | Type of Kubernetes service: ClusterIP, LoadBalancer, NodePort | -| nodeAgent.serviceaccount.annotations | object | `{}` | Annotations for the service account for the agent daemonset pods | -| nodeAgent.skipKubeletTLSVerify | bool | `false` | Set to true if you want to skip kubelet tls verification. | -| nodeAgent.skipSslValidation | bool | `false` | Set to true if self signed certificates are used. | -| nodeAgent.tolerations | list | `[]` | Toleration labels for pod assignment. | -| nodeAgent.updateStrategy | object | `{"rollingUpdate":{"maxUnavailable":100},"type":"RollingUpdate"}` | The update strategy for the DaemonSet object. | -| openShiftLogging.installSecret | bool | `false` | Install a secret for logging on openshift | -| processAgent.checkIntervals.connections | int | `30` | Override the default value of the connections check interval in seconds. | -| processAgent.checkIntervals.container | int | `28` | Override the default value of the container check interval in seconds. | -| processAgent.checkIntervals.process | int | `32` | Override the default value of the process check interval in seconds. | -| processAgent.softMemoryLimit.goMemLimit | string | `"340MiB"` | Soft-limit for golang heap allocation, for sanity, must be around 85% of nodeAgent.containers.processAgent.resources.limits.cpu. | -| processAgent.softMemoryLimit.httpObservationsBufferSize | int | `40000` | Sets a maximum for the number of http observations to keep in memory between check runs, to use 40k requires around ~400Mib of memory. | -| processAgent.softMemoryLimit.httpStatsBufferSize | int | `40000` | Sets a maximum for the number of http stats to keep in memory between check runs, to use 40k requires around ~400Mib of memory. | -| stackstate.apiKey | string | `nil` | **PROVIDE YOUR API KEY HERE** API key to be used by the StackState agent. | -| stackstate.cluster.authToken | string | `""` | Provide a token to enable secure communication between the agent and the cluster agent. | -| stackstate.cluster.name | string | `nil` | **PROVIDE KUBERNETES CLUSTER NAME HERE** Name of the Kubernetes cluster where the agent will be installed. | -| stackstate.customApiKeySecretKey | string | `"sts-api-key"` | Key in the secret containing the receiver API key. | -| stackstate.customClusterAuthTokenSecretKey | string | `"sts-cluster-auth-token"` | Key in the secret containing the cluster auth token. | -| stackstate.customSecretName | string | `""` | Name of the secret containing the receiver API key. | -| stackstate.manageOwnSecrets | bool | `false` | Set to true if you don't want this helm chart to create secrets for you. | -| stackstate.url | string | `nil` | **PROVIDE STACKSTATE URL HERE** URL of the StackState installation to receive data from the agent. | -| targetSystem | string | `"linux"` | Target OS for this deployment (possible values: linux) | diff --git a/charts/stackstate/stackstate-k8s-agent/1.0.90/README.md.gotmpl b/charts/stackstate/stackstate-k8s-agent/1.0.90/README.md.gotmpl deleted file mode 100644 index 7909e6f0d..000000000 --- a/charts/stackstate/stackstate-k8s-agent/1.0.90/README.md.gotmpl +++ /dev/null @@ -1,45 +0,0 @@ -{{ template "chart.header" . }} -{{ template "chart.description" . }} - -Current chart version is `{{ template "chart.version" . }}` - -{{ template "chart.homepageLine" . }} - -{{ template "chart.requirementsSection" . }} - -## Required Values - -In order to successfully install this chart, you **must** provide the following variables: - -* `stackstate.apiKey` -* `stackstate.cluster.name` -* `stackstate.url` - -The parameter `stackstate.cluster.name` is entered when installing the Cluster Agent StackPack. - -Install them on the command line on Helm with the following command: - -```shell -helm install \ ---set-string 'stackstate.apiKey'='' \ ---set-string 'stackstate.cluster.name'='' \ ---set-string 'stackstate.url'='' \ -stackstate/stackstate-k8s-agent -``` - -## Recommended Values - -It is also recommended that you set a value for `stackstate.cluster.authToken`. If it is not provided, a value will be generated for you, but the value will change each time an upgrade is performed. - -The command for **also** installing with a set token would be: - -```shell -helm install \ ---set-string 'stackstate.apiKey'='' \ ---set-string 'stackstate.cluster.name'='' \ ---set-string 'stackstate.cluster.authToken'='' \ ---set-string 'stackstate.url'='' \ -stackstate/stackstate-k8s-agent -``` - -{{ template "chart.valuesSection" . }} diff --git a/charts/stackstate/stackstate-k8s-agent/1.0.90/Releasing.md b/charts/stackstate/stackstate-k8s-agent/1.0.90/Releasing.md deleted file mode 100644 index bab6c2b94..000000000 --- a/charts/stackstate/stackstate-k8s-agent/1.0.90/Releasing.md +++ /dev/null @@ -1,15 +0,0 @@ -To make a new release of this helm chart, follow the following steps: - - -- Create a branch from master -- Set the latest tags for the docker images, based on the dev settings (while we do not promote to prod, the moment we promote to prod we should take those tags) from https://gitlab.com/stackvista/devops/agent-promoter/-/blob/master/config.yml. Set the value to the folowing keys: - * stackstate-k8s-cluster-agent: - * [clusterAgent.image.tag] - * stackstate-k8s-agent: - * [nodeAgent.containers.agent.image.tag] - * [checksAgent.image.tag] - * stackstate-k8s-process-agent: - * [nodeAgent.containers.processAgent.image.tag] -- Bump the version of the chart -- Merge the mr and hit the public release button on the ci pipeline -- Manually smoke-test (deploy) the newly released stackstate/stackstate-k8s-agent chart to make sure it runs diff --git a/charts/stackstate/stackstate-k8s-agent/1.0.90/app-readme.md b/charts/stackstate/stackstate-k8s-agent/1.0.90/app-readme.md deleted file mode 100644 index 8025fe1d3..000000000 --- a/charts/stackstate/stackstate-k8s-agent/1.0.90/app-readme.md +++ /dev/null @@ -1,5 +0,0 @@ -## Introduction - -StackState is a modern Application Troubleshooting and Observability solution designed for the rapid evolving engineering landscape. With specific enhancements for Kubernetes environments it empowers engineers, allowing them to remediate application issues independently in production. - -The StackState Agent auto-discovers your entire environment in minutes, assimilating topology, logs, metrics, and events and sends this of to the StackState server. By using StackState you're able to tracke all activity in your environment in real-time and over time. StackState provides instant understanding of the business impact of an issue, offering end-to-end chain observability and ensuring that you can quickly correlate any product or environmental changes to the overall health of your cloud-native implementation. diff --git a/charts/stackstate/stackstate-k8s-agent/1.0.90/charts/http-header-injector/.helmignore b/charts/stackstate/stackstate-k8s-agent/1.0.90/charts/http-header-injector/.helmignore deleted file mode 100644 index 69790771c..000000000 --- a/charts/stackstate/stackstate-k8s-agent/1.0.90/charts/http-header-injector/.helmignore +++ /dev/null @@ -1,25 +0,0 @@ -# Patterns to ignore when building packages. -# This supports shell glob matching, relative path matching, and -# negation (prefixed with !). Only one pattern per line. -.DS_Store -# Common VCS dirs -.git/ -.gitignore -.bzr/ -.bzrignore -.hg/ -.hgignore -.svn/ -# Common backup files -*.swp -*.bak -*.tmp -*~ -# Various IDEs -.project -.idea/ -*.tmproj -.vscode/ -linter_values.yaml -ci/ -installation/ diff --git a/charts/stackstate/stackstate-k8s-agent/1.0.90/charts/http-header-injector/Chart.yaml b/charts/stackstate/stackstate-k8s-agent/1.0.90/charts/http-header-injector/Chart.yaml deleted file mode 100644 index ff28ae8da..000000000 --- a/charts/stackstate/stackstate-k8s-agent/1.0.90/charts/http-header-injector/Chart.yaml +++ /dev/null @@ -1,15 +0,0 @@ -apiVersion: v2 -appVersion: 0.0.1 -description: 'Helm chart for deploying the http-header-injector sidecar, which automatically - injects x-request-id into http traffic going through the cluster for pods which - have the annotation `http-header-injector.stackstate.io/inject: enabled` is set. ' -home: https://github.com/StackVista/http-header-injector -icon: https://www.stackstate.com/wp-content/uploads/2019/02/152x152-favicon.png -keywords: -- monitoring -- stackstate -maintainers: -- email: ops@stackstate.com - name: Stackstate Lupulus Team -name: http-header-injector -version: 0.0.11 diff --git a/charts/stackstate/stackstate-k8s-agent/1.0.90/charts/http-header-injector/README.md b/charts/stackstate/stackstate-k8s-agent/1.0.90/charts/http-header-injector/README.md deleted file mode 100644 index 840ff5240..000000000 --- a/charts/stackstate/stackstate-k8s-agent/1.0.90/charts/http-header-injector/README.md +++ /dev/null @@ -1,56 +0,0 @@ -# http-header-injector - -![Version: 0.0.11](https://img.shields.io/badge/Version-0.0.11-informational?style=flat-square) ![AppVersion: 0.0.1](https://img.shields.io/badge/AppVersion-0.0.1-informational?style=flat-square) - -Helm chart for deploying the http-header-injector sidecar, which automatically injects x-request-id into http traffic -going through the cluster for pods which have the annotation `http-header-injector.stackstate.io/inject: enabled` is set. - -**Homepage:** - -## Maintainers - -| Name | Email | Url | -| ---- | ------ | --- | -| Stackstate Lupulus Team | | | - -## Values - -| Key | Type | Default | Description | -|-----|------|---------|-------------| -| certificatePrehook | object | `{"image":{"pullPolicy":"IfNotPresent","registry":null,"repository":"stackstate/container-tools","tag":"1.4.0"},"resources":{"limits":{"cpu":"100m","memory":"200Mi"},"requests":{"cpu":"100m","memory":"200Mi"}}}` | Helm prehook to setup/remove a certificate for the sidecarInjector mutationwebhook | -| certificatePrehook.image.pullPolicy | string | `"IfNotPresent"` | Policy when pulling an image | -| certificatePrehook.image.registry | string | `nil` | Registry for the docker image. | -| certificatePrehook.image.tag | string | `"1.4.0"` | The tag for the docker image | -| debug | bool | `false` | Enable debugging. This will leave leave artifacts around like the prehook jobs for further inspection | -| enabled | bool | `true` | Enable/disable the mutationwebhook | -| global.extraAnnotations | object | `{}` | Extra annotations added ta all resources created by the helm chart | -| global.extraLabels | object | `{}` | Extra labels added ta all resources created by the helm chart | -| global.imagePullCredentials | object | `{}` | Globally define credentials for pulling images. | -| global.imagePullSecrets | list | `[]` | Globally add image pull secrets that are used. | -| global.imageRegistry | string | `nil` | Globally override the image registry that is used. Can be overridden by specific containers. Defaults to quay.io | -| images.pullSecretName | string | `nil` | | -| proxy | object | `{"image":{"pullPolicy":"IfNotPresent","registry":null,"repository":"stackstate/http-header-injector-proxy","tag":"sha-5ff79451"},"resources":{"limits":{"memory":"40Mi"},"requests":{"memory":"25Mi"}}}` | Proxy being injected into pods for rewriting http headers | -| proxy.image.pullPolicy | string | `"IfNotPresent"` | Policy when pulling an image | -| proxy.image.registry | string | `nil` | Registry for the docker image. | -| proxy.image.tag | string | `"sha-5ff79451"` | The tag for the docker image | -| proxy.resources.limits.memory | string | `"40Mi"` | Memory resource limits. | -| proxy.resources.requests.memory | string | `"25Mi"` | Memory resource requests. | -| proxyInit | object | `{"image":{"pullPolicy":"IfNotPresent","registry":null,"repository":"stackstate/http-header-injector-proxy-init","tag":"sha-5ff79451"}}` | InitContainer within pod which redirects traffic to the proxy container. | -| proxyInit.image.pullPolicy | string | `"IfNotPresent"` | Policy when pulling an image | -| proxyInit.image.registry | string | `nil` | Registry for the docker image | -| proxyInit.image.tag | string | `"sha-5ff79451"` | The tag for the docker image | -| sidecarInjector | object | `{"image":{"pullPolicy":"IfNotPresent","registry":null,"repository":"stackstate/generic-sidecar-injector","tag":"sha-9c852245"}}` | Service for injecting the proxy sidecar into pods | -| sidecarInjector.image.pullPolicy | string | `"IfNotPresent"` | Policy when pulling an image | -| sidecarInjector.image.registry | string | `nil` | Registry for the docker image. | -| sidecarInjector.image.tag | string | `"sha-9c852245"` | The tag for the docker image | -| webhook | object | `{"failurePolicy":"Ignore","tls":{"certManager":{"issuer":"","issuerKind":"ClusterIssuer","issuerNamespace":""},"mode":"generated","provided":{"caBundle":"","crt":"","key":""},"secret":{"name":""}}}` | MutationWebhook that will be installed to inject a sidecar into pods | -| webhook.failurePolicy | string | `"Ignore"` | How should the webhook fail? Best is to use Ignore, because there is a brief moment at initialization when the hook s there but the service not. Also, putting this to fail can cause the control plane be unresponsive. | -| webhook.tls.certManager.issuer | string | `""` | The issuer that is used for the webhook. Only used if you set webhook.tls.mode to "cert-manager". | -| webhook.tls.certManager.issuerKind | string | `"ClusterIssuer"` | The issuer kind that is used for the webhook, valid values are "Issuer" or "ClusterIssuer". Only used if you set webhook.tls.mode to "cert-manager". | -| webhook.tls.certManager.issuerNamespace | string | `""` | The namespace the cert-manager issuer is located in. If left empty defaults to the release's namespace that is used for the webhook. Only used if you set webhook.tls.mode to "cert-manager". | -| webhook.tls.mode | string | `"generated"` | The mode for the webhook. Can be "provided", "generated", "secret" or "cert-manager". If you want to use cert-manager, you need to install it first. NOTE: If you choose "generated", additional privileges are required to create the certificate and webhook at runtime. | -| webhook.tls.provided.caBundle | string | `""` | The caBundle that is used for the webhook. This is the certificate that is used to sign the webhook. Only used if you set webhook.tls.mode to "provided". | -| webhook.tls.provided.crt | string | `""` | The certificate that is used for the webhook. Only used if you set webhook.tls.mode to "provided". | -| webhook.tls.provided.key | string | `""` | The key that is used for the webhook. Only used if you set webhook.tls.mode to "provided". | -| webhook.tls.secret.name | string | `""` | The name of the secret containing the pre-provisioned certificate data that is used for the webhook. Only used if you set webhook.tls.mode to "secret". | - diff --git a/charts/stackstate/stackstate-k8s-agent/1.0.90/charts/http-header-injector/Readme.md.gotpl b/charts/stackstate/stackstate-k8s-agent/1.0.90/charts/http-header-injector/Readme.md.gotpl deleted file mode 100644 index 225032aa2..000000000 --- a/charts/stackstate/stackstate-k8s-agent/1.0.90/charts/http-header-injector/Readme.md.gotpl +++ /dev/null @@ -1,26 +0,0 @@ -{{ template "chart.header" . }} -{{ template "chart.description" . }} - -Current chart version is `{{ template "chart.version" . }}` - -{{ template "chart.homepageLine" . }} - -{{ template "chart.requirementsSection" . }} - -## Required Values - -No values have to be included to install this chart. After installing this chart, it becomes possible to annotate pods with -the `http-header-injector.stackstate.io/inject: enabled` annotation to make sure the sidecar provided by this chart is -activated on a pod. - -## Recommended Values - -{{ template "chart.valuesSection" . -}} - -## Install - -Install from the command line on Helm with the following command: - -```shell -helm install stackstate/http-header-injector -``` diff --git a/charts/stackstate/stackstate-k8s-agent/1.0.90/charts/http-header-injector/templates/_defines.tpl b/charts/stackstate/stackstate-k8s-agent/1.0.90/charts/http-header-injector/templates/_defines.tpl deleted file mode 100644 index ee6b7320e..000000000 --- a/charts/stackstate/stackstate-k8s-agent/1.0.90/charts/http-header-injector/templates/_defines.tpl +++ /dev/null @@ -1,131 +0,0 @@ -{{- define "http-header-injector.app.name" -}} -{{ .Release.Name }}-http-header-injector -{{- end -}} - -{{- define "http-header-injector.webhook-service.name" -}} -{{ .Release.Name }}-http-header-injector -{{- end -}} - -{{- define "http-header-injector.webhook-service.fqname" -}} -{{ .Release.Name }}-http-header-injector.{{ .Release.Namespace }}.svc -{{- end -}} - -{{- define "http-header-injector.cert-secret.name" -}} -{{- if eq .Values.webhook.tls.mode "secret" -}} -{{ .Values.webhook.tls.secret.name }} -{{- else -}} -{{ .Release.Name }}-http-injector-cert -{{- end -}} -{{- end -}} - -{{- define "http-header-injector.cert-clusterrole.name" -}} -{{ .Release.Name }}-http-injector-cert-cluster-role -{{- end -}} - -{{- define "http-header-injector.cert-serviceaccount.name" -}} -{{ .Release.Name }}-http-injector-cert-sa -{{- end -}} - -{{- define "http-header-injector.cert-config.name" -}} -{{ .Release.Name }}-cert-config -{{- end -}} - -{{- define "http-header-injector.mutatingwebhookconfiguration.name" -}} -{{ .Release.Name }}-http-header-injector-webhook.stackstate.io -{{- end -}} - -{{- define "http-header-injector.webhook-config.name" -}} -{{ .Release.Name }}-http-header-injector-config -{{- end -}} - -{{- define "http-header-injector.mutating-webhook.name" -}} -{{ .Release.Name }}-http-header-injector-webhook -{{- end -}} - -{{- define "http-header-injector.pull-secret.name" -}} -{{ include "http-header-injector.app.name" . }}-pull-secret -{{- end -}} - -{{/* If the issuer is located in a different namespace, it is possible to set that, else default to the release namespace */}} -{{- define "cert-manager.certificate.namespace" -}} -{{ .Values.webhook.tls.certManager.issuerNamespace | default .Release.Namespace }} -{{- end -}} - -{{- define "http-header-injector.image.registry.global" -}} - {{- if .Values.global }} - {{- .Values.global.imageRegistry | default "quay.io" -}} - {{- else -}} - quay.io - {{- end -}} -{{- end -}} - -{{- define "http-header-injector.image.registry" -}} - {{- if ((.ContainerConfig).image).registry -}} - {{- tpl .ContainerConfig.image.registry . -}} - {{- else -}} - {{- include "http-header-injector.image.registry.global" . }} - {{- end -}} -{{- end -}} - -{{- define "http-header-injector.image.pullSecrets" -}} - {{- $pullSecrets := list }} - {{- $pullSecrets = append $pullSecrets (include "http-header-injector.pull-secret.name" .) }} - {{- range .Values.global.imagePullSecrets -}} - {{- $pullSecrets = append $pullSecrets . -}} - {{- end -}} - {{- if (not (empty $pullSecrets)) -}} -imagePullSecrets: - {{- range $pullSecrets | uniq }} - - name: {{ . }} - {{- end }} - {{- end -}} -{{- end -}} - -{{- define "http-header-injector.cert-setup.container.main" }} -{{- $containerConfig := dict "ContainerConfig" .Values.certificatePrehook -}} -name: webhook-cert-setup -image: "{{ include "http-header-injector.image.registry" (merge $containerConfig .) }}/{{ .Values.certificatePrehook.image.repository }}:{{ .Values.certificatePrehook.image.tag }}" -imagePullPolicy: {{ .Values.certificatePrehook.image.pullPolicy }} -{{- with .Values.certificatePrehook.resources }} -resources: - {{- toYaml . | nindent 2 }} -{{- end }} -volumeMounts: - - name: "{{ include "http-header-injector.cert-config.name" . }}" - mountPath: /scripts - readOnly: true -command: ["/scripts/generate-cert.sh"] -{{- end }} - -{{- define "http-header-injector.cert-delete.container.main" }} -{{- $containerConfig := dict "ContainerConfig" .Values.certificatePrehook -}} -name: webhook-cert-delete -image: "{{ include "http-header-injector.image.registry" (merge $containerConfig .) }}/{{ .Values.certificatePrehook.image.repository }}:{{ .Values.certificatePrehook.image.tag }}" -imagePullPolicy: {{ .Values.certificatePrehook.image.pullPolicy }} -{{- with .Values.certificatePrehook.resources }} -resources: - {{- toYaml . | nindent 2 }} -{{- end }} -volumeMounts: - - name: "{{ include "http-header-injector.cert-config.name" . }}" - mountPath: /scripts -command: [ "/scripts/delete-cert.sh" ] -{{- end }} - -{{/* -Returns a YAML with extra annotations. -*/}} -{{- define "http-header-injector.global.extraAnnotations" -}} -{{- with .Values.global.extraAnnotations }} -{{- toYaml . }} -{{- end }} -{{- end -}} - -{{/* -Returns a YAML with extra labels. -*/}} -{{- define "http-header-injector.global.extraLabels" -}} -{{- with .Values.global.extraLabels }} -{{- toYaml . }} -{{- end }} -{{- end -}} \ No newline at end of file diff --git a/charts/stackstate/stackstate-k8s-agent/1.0.90/charts/http-header-injector/templates/cert-hook-clusterrolbinding.yaml b/charts/stackstate/stackstate-k8s-agent/1.0.90/charts/http-header-injector/templates/cert-hook-clusterrolbinding.yaml deleted file mode 100644 index fc0c01258..000000000 --- a/charts/stackstate/stackstate-k8s-agent/1.0.90/charts/http-header-injector/templates/cert-hook-clusterrolbinding.yaml +++ /dev/null @@ -1,24 +0,0 @@ -{{- if eq .Values.webhook.tls.mode "generated" }} -apiVersion: rbac.authorization.k8s.io/v1 -kind: ClusterRoleBinding -metadata: - name: "{{ include "http-header-injector.cert-serviceaccount.name" . }}" - labels: - app.kubernetes.io/component: http-header-injector-cert-hook - app.kubernetes.io/instance: {{ .Release.Name }} - app.kubernetes.io/name: {{ include "http-header-injector.app.name" . }} -{{ include "http-header-injector.global.extraLabels" . | indent 4 }} - annotations: - "helm.sh/hook": pre-install,pre-upgrade,post-delete,post-upgrade - "helm.sh/hook-weight": "-3" - "helm.sh/hook-delete-policy": before-hook-creation,hook-succeeded -{{ include "http-header-injector.global.extraAnnotations" . | indent 4 }} -roleRef: - apiGroup: rbac.authorization.k8s.io - kind: ClusterRole - name: "{{ include "http-header-injector.cert-clusterrole.name" . }}" -subjects: - - kind: ServiceAccount - name: "{{ include "http-header-injector.cert-serviceaccount.name" . }}" - namespace: {{ .Release.Namespace }} -{{- end }} diff --git a/charts/stackstate/stackstate-k8s-agent/1.0.90/charts/http-header-injector/templates/cert-hook-clusterrole.yaml b/charts/stackstate/stackstate-k8s-agent/1.0.90/charts/http-header-injector/templates/cert-hook-clusterrole.yaml deleted file mode 100644 index afab838b3..000000000 --- a/charts/stackstate/stackstate-k8s-agent/1.0.90/charts/http-header-injector/templates/cert-hook-clusterrole.yaml +++ /dev/null @@ -1,26 +0,0 @@ -{{- if eq .Values.webhook.tls.mode "generated" }} -apiVersion: rbac.authorization.k8s.io/v1 -kind: ClusterRole -metadata: - name: "{{ include "http-header-injector.cert-clusterrole.name" . }}" - labels: - app.kubernetes.io/component: http-header-injector-cert-hook - app.kubernetes.io/instance: {{ .Release.Name }} - app.kubernetes.io/name: {{ include "http-header-injector.app.name" . }} -{{ include "http-header-injector.global.extraLabels" . | indent 4 }} - annotations: - "helm.sh/hook": pre-install,pre-upgrade,post-delete,post-upgrade - "helm.sh/hook-weight": "-4" - "helm.sh/hook-delete-policy": before-hook-creation,hook-succeeded -{{ include "http-header-injector.global.extraAnnotations" . | indent 4 }} -rules: - - apiGroups: [ "admissionregistration.k8s.io" ] - resources: [ "mutatingwebhookconfigurations" ] - verbs: [ "get", "create", "patch","update","delete" ] - - apiGroups: [ "" ] - resources: [ "secrets" ] - verbs: [ "create", "get", "patch","update","delete" ] - - apiGroups: [ "apps" ] - resources: [ "deployments" ] - verbs: [ "get" ] -{{- end }} diff --git a/charts/stackstate/stackstate-k8s-agent/1.0.90/charts/http-header-injector/templates/cert-hook-config.yaml b/charts/stackstate/stackstate-k8s-agent/1.0.90/charts/http-header-injector/templates/cert-hook-config.yaml deleted file mode 100644 index a22bdf4fb..000000000 --- a/charts/stackstate/stackstate-k8s-agent/1.0.90/charts/http-header-injector/templates/cert-hook-config.yaml +++ /dev/null @@ -1,158 +0,0 @@ -{{- if eq .Values.webhook.tls.mode "generated" }} -apiVersion: v1 -kind: ConfigMap -metadata: - name: "{{ include "http-header-injector.cert-config.name" . }}" - labels: - app.kubernetes.io/component: http-header-injector-cert-hook - app.kubernetes.io/instance: {{ .Release.Name }} - app.kubernetes.io/name: {{ include "http-header-injector.app.name" . }} -{{ include "http-header-injector.global.extraLabels" . | indent 4 }} - annotations: - "helm.sh/hook": pre-install,pre-upgrade,post-delete,post-upgrade - "helm.sh/hook-weight": "-3" - "helm.sh/hook-delete-policy": before-hook-creation,hook-succeeded -{{ include "http-header-injector.global.extraAnnotations" . | indent 4 }} -data: - generate-cert.sh: | - #!/bin/bash - - # We are going for a self-signed certificate here. We would like to use k8s CertificateSigningRequest, however, - # currently there are no out of the box signers that can sign a 'server auth' certificate, which is required for mutation webhooks. - set -ex - - SCRIPTDIR="${BASH_SOURCE%/*}" - - DIR=`mktemp -d` - - cd "$DIR" - - {{ if .Values.enabled }} - echo "Chart enabled, creating secret and webhook" - - openssl genrsa -out ca.key 2048 - - openssl req -x509 -new -nodes -key ca.key -subj "/CN={{ include "http-header-injector.webhook-service.fqname" . }}" -days 10000 -out ca.crt - - openssl genrsa -out tls.key 2048 - - openssl req -new -key tls.key -out tls.csr -config "$SCRIPTDIR/csr.conf" - - openssl x509 -req -in tls.csr -CA ca.crt -CAkey ca.key \ - -CAcreateserial -out tls.crt -days 10000 \ - -extensions v3_ext -extfile "$SCRIPTDIR/csr.conf" -sha256 - - # Create or update the secret - echo "Applying secret" - kubectl create secret tls "{{ include "http-header-injector.cert-secret.name" . }}" \ - -n "{{ .Release.Namespace }}" \ - --cert=./tls.crt \ - --key=./tls.key \ - --dry-run=client \ - -o yaml | kubectl apply -f - - - echo "Applying mutationwebhook" - caBundle=`base64 -w 0 ca.crt` - cat "$SCRIPTDIR/mutatingwebhookconfiguration.yaml" | sed "s/\\\$CA_BUNDLE/$caBundle/g" | kubectl apply -f - - {{ else }} - echo "Chart disabled, not creating secret and webhook" - {{ end }} - delete-cert.sh: | - #!/bin/bash - - set -x - - DIR="${BASH_SOURCE%/*}" - if [[ ! -d "$DIR" ]]; then DIR="$PWD"; fi - if [[ "$DIR" = "." ]]; then DIR="$PWD"; fi - - cd "$DIR" - - # Using detection of deployment hee to also make this work in post-delete. - if kubectl get deployments "{{ include "http-header-injector.app.name" . }}" -n "{{ .Release.Namespace }}"; then - echo "Chart enabled, not removing secret and mutationwebhook" - exit 0 - else - echo "Chart disabled, removing secret and mutationwebhook" - fi - - # Create or update the secret - echo "Deleting secret" - kubectl delete secret "{{ include "http-header-injector.cert-secret.name" . }}" -n "{{ .Release.Namespace }}" - - echo "Applying mutationwebhook" - kubectl delete MutatingWebhookConfiguration "{{ include "http-header-injector.mutating-webhook.name" . }}" -n "{{ .Release.Namespace }}" - - exit 0 - - csr.conf: | - [ req ] - default_bits = 2048 - prompt = no - default_md = sha256 - req_extensions = req_ext - distinguished_name = dn - - [ dn ] - C = NL - ST = Utrecht - L = Hilversum - O = StackState - OU = Dev - CN = {{ include "http-header-injector.webhook-service.fqname" . }} - - [ req_ext ] - subjectAltName = @alt_names - - [ alt_names ] - DNS.1 = {{ include "http-header-injector.webhook-service.fqname" . }} - - [ v3_ext ] - authorityKeyIdentifier=keyid,issuer:always - basicConstraints=CA:FALSE - keyUsage=keyEncipherment,dataEncipherment - extendedKeyUsage=serverAuth - subjectAltName=@alt_names - - mutatingwebhookconfiguration.yaml: | - apiVersion: admissionregistration.k8s.io/v1 - kind: MutatingWebhookConfiguration - metadata: - name: "{{ include "http-header-injector.mutating-webhook.name" . }}" - namespace: "{{ .Release.Namespace }}" - labels: -{{ include "http-header-injector.global.extraLabels" . | indent 8 }} - annotations: -{{ include "http-header-injector.global.extraAnnotations" . | indent 8 }} - webhooks: - - clientConfig: - caBundle: "$CA_BUNDLE" - service: - name: "{{ include "http-header-injector.webhook-service.name" . }}" - path: /mutate - namespace: {{ .Release.Namespace }} - port: 8443 - # Putting failure on ignore, not doing so can crash the entire control plane if something goes wrong with the service. - failurePolicy: "{{ .Values.webhook.failurePolicy }}" - name: "{{ include "http-header-injector.mutatingwebhookconfiguration.name" . }}" - namespaceSelector: - matchExpressions: - - key: kubernetes.io/metadata.name - operator: NotIn - values: - - kube-system - - cert-manager - - {{ .Release.Namespace }} - rules: - - apiGroups: - - "" - apiVersions: - - v1 - operations: - - CREATE - resources: - - pods - sideEffects: None - admissionReviewVersions: - - v1 -{{- end }} diff --git a/charts/stackstate/stackstate-k8s-agent/1.0.90/charts/http-header-injector/templates/cert-hook-job-delete.yaml b/charts/stackstate/stackstate-k8s-agent/1.0.90/charts/http-header-injector/templates/cert-hook-job-delete.yaml deleted file mode 100644 index 6f72ce247..000000000 --- a/charts/stackstate/stackstate-k8s-agent/1.0.90/charts/http-header-injector/templates/cert-hook-job-delete.yaml +++ /dev/null @@ -1,39 +0,0 @@ -{{- if eq .Values.webhook.tls.mode "generated" }} -apiVersion: batch/v1 -kind: Job -metadata: - name: {{ .Release.Name }}-header-injector-cert-delete - labels: - app.kubernetes.io/component: http-header-injector-cert-hook-delete - app.kubernetes.io/instance: {{ .Release.Name }} - app.kubernetes.io/name: {{ include "http-header-injector.app.name" . }} -{{ include "http-header-injector.global.extraLabels" . | indent 4 }} - annotations: - "helm.sh/hook": post-delete,post-upgrade - "helm.sh/hook-weight": "-2" - "helm.sh/hook-delete-policy": before-hook-creation{{- if not .Values.debug -}},hook-succeeded{{- end }} -{{ include "http-header-injector.global.extraAnnotations" . | indent 4 }} -spec: - template: - metadata: - labels: - app.kubernetes.io/component: http-header-injector-delete - app.kubernetes.io/instance: {{ .Release.Name }} - app.kubernetes.io/name: {{ include "http-header-injector.app.name" . }} -{{ include "http-header-injector.global.extraLabels" . | indent 8 }} - annotations: - checksum/config: {{ include (print $.Template.BasePath "/cert-hook-config.yaml") . | sha256sum }} -{{ include "http-header-injector.global.extraAnnotations" . | indent 8 }} - spec: - serviceAccountName: "{{ include "http-header-injector.cert-serviceaccount.name" . }}" - {{- include "http-header-injector.image.pullSecrets" . | nindent 6 }} - volumes: - - name: "{{ include "http-header-injector.cert-config.name" . }}" - configMap: - name: "{{ include "http-header-injector.cert-config.name" . }}" - defaultMode: 0777 - containers: - - {{ include "http-header-injector.cert-delete.container.main" . | nindent 8 }} - restartPolicy: Never - backoffLimit: 0 -{{- end }} diff --git a/charts/stackstate/stackstate-k8s-agent/1.0.90/charts/http-header-injector/templates/cert-hook-job-setup.yaml b/charts/stackstate/stackstate-k8s-agent/1.0.90/charts/http-header-injector/templates/cert-hook-job-setup.yaml deleted file mode 100644 index cc1c89631..000000000 --- a/charts/stackstate/stackstate-k8s-agent/1.0.90/charts/http-header-injector/templates/cert-hook-job-setup.yaml +++ /dev/null @@ -1,39 +0,0 @@ -{{- if eq .Values.webhook.tls.mode "generated" }} -apiVersion: batch/v1 -kind: Job -metadata: - name: {{ .Release.Name }}-header-injector-cert-setup - labels: - app.kubernetes.io/component: http-header-injector-cert-hook-setup - app.kubernetes.io/instance: {{ .Release.Name }} - app.kubernetes.io/name: {{ include "http-header-injector.app.name" . }} -{{ include "http-header-injector.global.extraLabels" . | indent 4 }} - annotations: - "helm.sh/hook": pre-install,pre-upgrade - "helm.sh/hook-weight": "-2" - "helm.sh/hook-delete-policy": before-hook-creation{{- if not .Values.debug -}},hook-succeeded{{- end }} -{{ include "http-header-injector.global.extraAnnotations" . | indent 4 }} -spec: - template: - metadata: - labels: - app.kubernetes.io/component: http-header-injector-setup - app.kubernetes.io/instance: {{ .Release.Name }} - app.kubernetes.io/name: {{ include "http-header-injector.app.name" . }} -{{ include "http-header-injector.global.extraLabels" . | indent 8 }} - annotations: - checksum/config: {{ include (print $.Template.BasePath "/cert-hook-config.yaml") . | sha256sum }} -{{ include "http-header-injector.global.extraAnnotations" . | indent 8 }} - spec: - serviceAccountName: "{{ include "http-header-injector.cert-serviceaccount.name" . }}" - {{- include "http-header-injector.image.pullSecrets" . | nindent 6 }} - volumes: - - name: "{{ include "http-header-injector.cert-config.name" . }}" - configMap: - name: "{{ include "http-header-injector.cert-config.name" . }}" - defaultMode: 0777 - containers: - - {{ include "http-header-injector.cert-setup.container.main" . | nindent 8 }} - restartPolicy: Never - backoffLimit: 0 -{{- end }} diff --git a/charts/stackstate/stackstate-k8s-agent/1.0.90/charts/http-header-injector/templates/cert-hook-serviceaccount.yaml b/charts/stackstate/stackstate-k8s-agent/1.0.90/charts/http-header-injector/templates/cert-hook-serviceaccount.yaml deleted file mode 100644 index 29b26df95..000000000 --- a/charts/stackstate/stackstate-k8s-agent/1.0.90/charts/http-header-injector/templates/cert-hook-serviceaccount.yaml +++ /dev/null @@ -1,18 +0,0 @@ -{{- if eq .Values.webhook.tls.mode "generated" }} -apiVersion: v1 -kind: ServiceAccount -metadata: - name: "{{ include "http-header-injector.cert-serviceaccount.name" . }}" - namespace: {{ .Release.Namespace }} - annotations: - "helm.sh/hook": pre-install,pre-upgrade,post-delete,post-upgrade - "helm.sh/hook-weight": "-4" - "helm.sh/hook-delete-policy": before-hook-creation,hook-succeeded -{{ include "http-header-injector.global.extraAnnotations" . | indent 4 }} - labels: - app.kubernetes.io/component: http-header-injector-cert-hook - app.kubernetes.io/instance: {{ .Release.Name }} - app.kubernetes.io/name: {{ include "http-header-injector.app.name" . }} - app: "{{ include "http-header-injector.app.name" . }}" -{{ include "http-header-injector.global.extraLabels" . | indent 4 }} -{{- end }} diff --git a/charts/stackstate/stackstate-k8s-agent/1.0.90/charts/http-header-injector/templates/pull-secret.yaml b/charts/stackstate/stackstate-k8s-agent/1.0.90/charts/http-header-injector/templates/pull-secret.yaml deleted file mode 100644 index 80b4ee404..000000000 --- a/charts/stackstate/stackstate-k8s-agent/1.0.90/charts/http-header-injector/templates/pull-secret.yaml +++ /dev/null @@ -1,32 +0,0 @@ -{{- $defaultRegistry := .Values.global.imageRegistry }} -{{- $top := . }} -{{- $registryAuthMap := dict }} - -{{- range $registry, $credentials := .Values.global.imagePullCredentials }} - {{- $registryAuthDocument := dict -}} - {{- $_ := set $registryAuthDocument "username" $credentials.username }} - {{- $_ := set $registryAuthDocument "password" $credentials.password }} - {{- $authMessage := printf "%s:%s" $registryAuthDocument.username $registryAuthDocument.password | b64enc }} - {{- $_ := set $registryAuthDocument "auth" $authMessage }} - {{- if eq $registry "default" }} - {{- $registryAuthMap := set $registryAuthMap (include "http-header-injector.image.registry.global" $top) $registryAuthDocument }} - {{ else }} - {{- $registryAuthMap := set $registryAuthMap $registry $registryAuthDocument }} - {{- end }} -{{- end }} -{{- $dockerAuthsDocuments := dict "auths" $registryAuthMap }} - -apiVersion: v1 -kind: Secret -metadata: - labels: - app.kubernetes.io/component: http-header-injector - app.kubernetes.io/instance: {{ .Release.Name }} - app.kubernetes.io/name: {{ include "http-header-injector.app.name" . }} -{{ include "http-header-injector.global.extraLabels" . | indent 4 }} - annotations: -{{ include "http-header-injector.global.extraAnnotations" . | indent 4 }} - name: {{ include "http-header-injector.pull-secret.name" . }} -data: - .dockerconfigjson: {{ $dockerAuthsDocuments | toJson | b64enc | quote }} -type: kubernetes.io/dockerconfigjson \ No newline at end of file diff --git a/charts/stackstate/stackstate-k8s-agent/1.0.90/charts/http-header-injector/templates/webhook-cert-secret.yaml b/charts/stackstate/stackstate-k8s-agent/1.0.90/charts/http-header-injector/templates/webhook-cert-secret.yaml deleted file mode 100644 index f571ca86b..000000000 --- a/charts/stackstate/stackstate-k8s-agent/1.0.90/charts/http-header-injector/templates/webhook-cert-secret.yaml +++ /dev/null @@ -1,18 +0,0 @@ -{{- if eq .Values.webhook.tls.mode "provided" }} -apiVersion: v1 -kind: Secret -metadata: - name: {{ include "http-header-injector.cert-secret.name" . }} - namespace: {{ .Release.Namespace }} - labels: - app.kubernetes.io/component: http-header-injector - app.kubernetes.io/instance: {{ .Release.Name }} - app.kubernetes.io/name: {{ include "http-header-injector.app.name" . }} -{{ include "http-header-injector.global.extraLabels" . | indent 4 }} - annotations: -{{ include "http-header-injector.global.extraAnnotations" . | indent 4 }} -type: kubernetes.io/tls -data: - tls.crt: {{ .Values.webhook.tls.provided.crt | b64enc }} - tls.key: {{ .Values.webhook.tls.provided.key | b64enc }} -{{- end }} diff --git a/charts/stackstate/stackstate-k8s-agent/1.0.90/charts/http-header-injector/templates/webhook-certificate.yaml b/charts/stackstate/stackstate-k8s-agent/1.0.90/charts/http-header-injector/templates/webhook-certificate.yaml deleted file mode 100644 index a68c7c5f6..000000000 --- a/charts/stackstate/stackstate-k8s-agent/1.0.90/charts/http-header-injector/templates/webhook-certificate.yaml +++ /dev/null @@ -1,23 +0,0 @@ -{{- if eq .Values.webhook.tls.mode "cert-manager" }} -apiVersion: cert-manager.io/v1 -kind: Certificate -metadata: - name: {{ include "http-header-injector.webhook-service.name" . }} - namespace: {{ include "cert-manager.certificate.namespace" . }} - labels: - app.kubernetes.io/component: http-header-injector - app.kubernetes.io/instance: {{ .Release.Name }} - app.kubernetes.io/name: {{ include "http-header-injector.app.name" . }} -{{ include "http-header-injector.global.extraLabels" . | indent 4 }} - annotations: -{{ include "http-header-injector.global.extraAnnotations" . | indent 4 }} -spec: - secretName: {{ include "http-header-injector.cert-secret.name" . }} - issuerRef: - name: {{ .Values.webhook.tls.certManager.issuer }} - kind: {{ .Values.webhook.tls.certManager.issuerKind }} - dnsNames: - - "{{ include "http-header-injector.webhook-service.name" . }}" - - "{{ include "http-header-injector.webhook-service.name" . }}.{{ .Release.Namespace }}" - - "{{ include "http-header-injector.webhook-service.name" . }}.{{ .Release.Namespace }}.svc" -{{- end }} diff --git a/charts/stackstate/stackstate-k8s-agent/1.0.90/charts/http-header-injector/templates/webhook-config.yaml b/charts/stackstate/stackstate-k8s-agent/1.0.90/charts/http-header-injector/templates/webhook-config.yaml deleted file mode 100644 index 20b38ce96..000000000 --- a/charts/stackstate/stackstate-k8s-agent/1.0.90/charts/http-header-injector/templates/webhook-config.yaml +++ /dev/null @@ -1,128 +0,0 @@ -{{- if .Values.enabled -}} -{{- $proxyContainerConfig := dict "ContainerConfig" .Values.proxy -}} -{{- $proxyInitContainerConfig := dict "ContainerConfig" .Values.proxyInit -}} -apiVersion: v1 -kind: ConfigMap -metadata: - labels: - app.kubernetes.io/component: http-header-injector - app.kubernetes.io/instance: {{ .Release.Name }} - app.kubernetes.io/name: {{ include "http-header-injector.app.name" . }} -{{ include "http-header-injector.global.extraLabels" . | indent 4 }} - annotations: -{{ include "http-header-injector.global.extraAnnotations" . | indent 4 }} - name: {{ .Release.Name }}-http-header-injector-config -data: - sidecarconfig.yaml: | - initContainers: - - name: http-header-proxy-init - image: "{{ include "http-header-injector.image.registry" (merge $proxyInitContainerConfig .) }}/{{ .Values.proxyInit.image.repository }}:{{ .Values.proxyInit.image.tag }}" - imagePullPolicy: {{ .Values.proxyInit.image.pullPolicy }} - command: ["/init-iptables.sh"] - env: - - name: CHART_VERSION - value: "{{ .Chart.Version }}" - - name: PROXY_PORT - value: {% if index .Annotations "config.http-header-injector.stackstate.io/proxy-port" %}"{% index .Annotations "config.http-header-injector.stackstate.io/proxy-port" %}"{% else %}"7060"{% end %} - - name: PROXY_UID - value: {% if index .Annotations "config.http-header-injector.stackstate.io/proxy-uid" %}"{% index .Annotations "config.http-header-injector.stackstate.io/proxy-uid" %}"{% else %}"2103"{% end %} - - name: POD_HOST_NETWORK - value: {% .Spec.HostNetwork %} - {% if eq (index .Annotations "linkerd.io/inject") "enabled" %} - - name: LINKERD - value: true - # Reference: https://linkerd.io/2.13/reference/proxy-configuration/ - - name: LINKERD_PROXY_UID - value: {% if index .Annotations "config.linkerd.io/proxy-uid" %}"{% index .Annotations "config.linkerd.io/proxy-uid" %}"{% else %}"2102"{% end %} - # Due to https://github.com/linkerd/linkerd2/issues/10981 this is now not realy possible, still bringing in the code for future reference - - name: LINKERD_ADMIN_PORT - value: {% if index .Annotations "config.linkerd.io/admin-port" %}"{% index .Annotations "config.linkerd.io/admin-port" %}"{% else %}"4191"{% end %} - {% end %} - securityContext: - allowPrivilegeEscalation: false - capabilities: - add: - - NET_ADMIN - - NET_RAW - privileged: false - readOnlyRootFilesystem: true - runAsNonRoot: false - runAsUser: 0 - seccompProfile: - type: RuntimeDefault - volumeMounts: - # This is required for iptables to be able to run - - mountPath: /run - name: http-header-proxy-init-xtables-lock - - containers: - - name: http-header-proxy - image: "{{ include "http-header-injector.image.registry" (merge $proxyContainerConfig .) }}/{{ .Values.proxy.image.repository }}:{{ .Values.proxy.image.tag }}" - imagePullPolicy: {{ .Values.proxy.image.pullPolicy }} - env: - - name: CHART_VERSION - value: "{{ .Chart.Version }}" - - name: PORT - value: {% if index .Annotations "config.http-header-injector.stackstate.io/proxy-port" %}"{% index .Annotations "config.http-header-injector.stackstate.io/proxy-port" %}"{% else %}"7060"{% end %} - - name: DEBUG - value: {% if index .Annotations "config.http-header-injector.stackstate.io/debug" %}"{% index .Annotations "config.http-header-injector.stackstate.io/debug" %}"{% else %}"disabled"{% end %} - securityContext: - runAsUser: {% if index .Annotations "config.http-header-injector.stackstate.io/proxy-uid" %}{% index .Annotations "config.http-header-injector.stackstate.io/proxy-uid" %}{% else %}2103{% end %} - seccompProfile: - type: RuntimeDefault - {{- with .Values.proxy.resources }} - resources: - {{- toYaml . | nindent 12 }} - {{- end }} - - name: http-header-inject-debug - image: "{{ include "http-header-injector.image.registry" (merge $proxyContainerConfig .) }}/{{ .Values.proxyInit.image.repository }}:{{ .Values.proxyInit.image.tag }}" - imagePullPolicy: {{ .Values.proxyInit.image.pullPolicy }} - command: ["/bin/sh", "-c", "while echo \"Running\"; do sleep 1; done"] - securityContext: - allowPrivilegeEscalation: false - capabilities: - add: - - NET_ADMIN - - NET_RAW - privileged: false - readOnlyRootFilesystem: true - runAsNonRoot: false - runAsUser: 0 - seccompProfile: - type: RuntimeDefault - volumeMounts: - # This is required for iptables to be able to run - - mountPath: /run - name: http-header-proxy-init-xtables-lock - - volumes: - - emptyDir: {} - name: http-header-proxy-init-xtables-lock - - mutationconfig.yaml: | - mutationConfigs: - - name: "http-header-injector" - annotationNamespace: "http-header-injector.stackstate.io" - annotationTrigger: "inject" - annotationConfig: - volumeMounts: [] - initContainersBeforePodInitContainers: [ "http-header-proxy-init" ] - initContainers: [ "http-header-proxy-init" ] - containers: [ "http-header-proxy" ] - volumes: [ "http-header-proxy-init-xtables-lock" ] - volumeMounts: [ ] - # Namespaces are ignored by the mutatingwebhook - ignoreNamespaces: [ ] - - name: "http-header-injector-debug" - annotationNamespace: "http-header-injector-debug.stackstate.io" - annotationTrigger: "inject" - annotationConfig: - volumeMounts: [] - initContainersBeforePodInitContainers: [ ] - initContainers: [ ] - containers: [ "http-header-inject-debug" ] - volumes: [ "http-header-proxy-init-xtables-lock" ] - volumeMounts: [ ] - # Namespaces are ignored by the mutatingwebhook - ignoreNamespaces: [ ] - {{- end -}} \ No newline at end of file diff --git a/charts/stackstate/stackstate-k8s-agent/1.0.90/charts/http-header-injector/templates/webhook-deployment.yaml b/charts/stackstate/stackstate-k8s-agent/1.0.90/charts/http-header-injector/templates/webhook-deployment.yaml deleted file mode 100644 index 8af6ff51a..000000000 --- a/charts/stackstate/stackstate-k8s-agent/1.0.90/charts/http-header-injector/templates/webhook-deployment.yaml +++ /dev/null @@ -1,61 +0,0 @@ -{{- if .Values.enabled -}} -{{- $containerConfig := dict "ContainerConfig" .Values.sidecarInjector -}} -apiVersion: apps/v1 -kind: Deployment -metadata: - labels: - app.kubernetes.io/component: http-header-injector - app.kubernetes.io/instance: {{ .Release.Name }} - app.kubernetes.io/name: {{ include "http-header-injector.app.name" . }} - app: "{{ include "http-header-injector.app.name" . }}" -{{ include "http-header-injector.global.extraLabels" . | indent 4 }} - annotations: -{{ include "http-header-injector.global.extraAnnotations" . | indent 4 }} - name: "{{ include "http-header-injector.app.name" . }}" -spec: - replicas: 1 - selector: - matchLabels: - app: "{{ include "http-header-injector.app.name" . }}" - template: - metadata: - labels: - app.kubernetes.io/component: http-header-injector - app.kubernetes.io/instance: {{ .Release.Name }} - app.kubernetes.io/name: {{ include "http-header-injector.app.name" . }} - app: "{{ include "http-header-injector.app.name" . }}" -{{ include "http-header-injector.global.extraLabels" . | indent 8 }} - annotations: - checksum/config: {{ include (print $.Template.BasePath "/webhook-config.yaml") . | sha256sum }} - # This is here to make sure the generic injector gets restarted and picks up a new secret that may have been generated upon upgrade. - revision: "{{ .Release.Revision }}" -{{ include "http-header-injector.global.extraAnnotations" . | indent 8 }} - name: "{{ include "http-header-injector.app.name" . }}" - spec: - {{- include "http-header-injector.image.pullSecrets" . | nindent 6 }} - volumes: - - name: "{{ include "http-header-injector.webhook-config.name" . }}" - configMap: - name: "{{ include "http-header-injector.webhook-config.name" . }}" - - name: "{{ include "http-header-injector.cert-secret.name" . }}" - secret: - secretName: "{{ include "http-header-injector.cert-secret.name" . }}" - containers: - - image: "{{ include "http-header-injector.image.registry" (merge $containerConfig .) }}/{{ .Values.sidecarInjector.image.repository }}:{{ .Values.sidecarInjector.image.tag }}" - imagePullPolicy: {{ .Values.sidecarInjector.image.pullPolicy }} - name: http-header-injector - volumeMounts: - - name: "{{ include "http-header-injector.webhook-config.name" . }}" - mountPath: /etc/webhook/config - readOnly: true - - name: "{{ include "http-header-injector.cert-secret.name" . }}" - mountPath: /etc/webhook/certs - readOnly: true - command: [ "/sidecarinjector" ] - args: - - --port=8443 - - --sidecar-config-file=/etc/webhook/config/sidecarconfig.yaml - - --mutation-config-file=/etc/webhook/config/mutationconfig.yaml - - --cert-file-path=/etc/webhook/certs/tls.crt - - --key-file-path=/etc/webhook/certs/tls.key -{{- end -}} \ No newline at end of file diff --git a/charts/stackstate/stackstate-k8s-agent/1.0.90/charts/http-header-injector/templates/webhook-mutatingwebhookconfiguration.yaml b/charts/stackstate/stackstate-k8s-agent/1.0.90/charts/http-header-injector/templates/webhook-mutatingwebhookconfiguration.yaml deleted file mode 100644 index de0acc1df..000000000 --- a/charts/stackstate/stackstate-k8s-agent/1.0.90/charts/http-header-injector/templates/webhook-mutatingwebhookconfiguration.yaml +++ /dev/null @@ -1,54 +0,0 @@ -{{- if not (eq .Values.webhook.tls.mode "generated") }} -apiVersion: admissionregistration.k8s.io/v1 -kind: MutatingWebhookConfiguration -metadata: - name: "{{ include "http-header-injector.mutating-webhook.name" . }}" - namespace: "{{ .Release.Namespace }}" - labels: - app.kubernetes.io/component: http-header-injector - app.kubernetes.io/instance: {{ .Release.Name }} - app.kubernetes.io/name: {{ include "http-header-injector.app.name" . }} -{{ include "http-header-injector.global.extraLabels" . | indent 4 }} - annotations: - {{- if eq .Values.webhook.tls.mode "cert-manager" }} - cert-manager.io/inject-ca-from: {{ include "cert-manager.certificate.namespace" . }}/{{ include "http-header-injector.webhook-service.name" . }} - {{- else if eq .Values.webhook.tls.mode "secret" }} - cert-manager.io/inject-ca-from-secret: {{ .Release.Namespace }}/{{ .Values.webhook.tls.secret.name | required "'webhook.tls.secret.name' is required when webhook.tls.mode is 'secret'" }} - {{- end }} -{{ include "http-header-injector.global.extraAnnotations" . | indent 4 }} -webhooks: - - clientConfig: - {{- if eq .Values.webhook.tls.mode "provided" }} - caBundle: "{{ .Values.webhook.tls.provided.caBundle | b64enc }}" - {{- else if or (eq .Values.webhook.tls.mode "cert-manager") (eq .Values.webhook.tls.mode "secret") }} - caBundle: "" - {{- end }} - service: - name: "{{ include "http-header-injector.webhook-service.name" . }}" - path: /mutate - namespace: {{ .Release.Namespace }} - port: 8443 - # Putting failure on ignore, not doing so can crash the entire control plane if something goes wrong with the service. - failurePolicy: "{{ .Values.webhook.failurePolicy }}" - name: "{{ include "http-header-injector.mutatingwebhookconfiguration.name" . }}" - namespaceSelector: - matchExpressions: - - key: kubernetes.io/metadata.name - operator: NotIn - values: - - kube-system - - cert-manager - - {{ .Release.Namespace }} - rules: - - apiGroups: - - "" - apiVersions: - - v1 - operations: - - CREATE - resources: - - pods - sideEffects: None - admissionReviewVersions: - - v1 -{{- end }} diff --git a/charts/stackstate/stackstate-k8s-agent/1.0.90/charts/http-header-injector/templates/webhook-service.yaml b/charts/stackstate/stackstate-k8s-agent/1.0.90/charts/http-header-injector/templates/webhook-service.yaml deleted file mode 100644 index 55abdb022..000000000 --- a/charts/stackstate/stackstate-k8s-agent/1.0.90/charts/http-header-injector/templates/webhook-service.yaml +++ /dev/null @@ -1,20 +0,0 @@ -{{- if .Values.enabled -}} -apiVersion: v1 -kind: Service -metadata: - labels: - app.kubernetes.io/component: http-header-injector - app.kubernetes.io/instance: {{ .Release.Name }} - app.kubernetes.io/name: {{ include "http-header-injector.app.name" . }} -{{ include "http-header-injector.global.extraLabels" . | indent 4 }} - annotations: -{{ include "http-header-injector.global.extraAnnotations" . | indent 4 }} - name: "{{ include "http-header-injector.webhook-service.name" . }}" -spec: - ports: - - port: 8443 - protocol: TCP - targetPort: 8443 - selector: - app: "{{ include "http-header-injector.app.name" . }}" -{{- end -}} diff --git a/charts/stackstate/stackstate-k8s-agent/1.0.90/charts/http-header-injector/values.yaml b/charts/stackstate/stackstate-k8s-agent/1.0.90/charts/http-header-injector/values.yaml deleted file mode 100644 index a1b4be2fc..000000000 --- a/charts/stackstate/stackstate-k8s-agent/1.0.90/charts/http-header-injector/values.yaml +++ /dev/null @@ -1,110 +0,0 @@ -# enabled -- Enable/disable the mutationwebhook -enabled: true - -# debug -- Enable debugging. This will leave leave artifacts around like the prehook jobs for further inspection -debug: false - -global: - # global.imageRegistry -- Globally override the image registry that is used. Can be overridden by specific containers. Defaults to quay.io - imageRegistry: null - # global.imagePullSecrets -- Globally add image pull secrets that are used. - imagePullSecrets: [] - # global.imagePullCredentials -- Globally define credentials for pulling images. - imagePullCredentials: {} - - # global.extraLabels -- Extra labels added ta all resources created by the helm chart - extraLabels: {} - # global.extraAnnotations -- Extra annotations added ta all resources created by the helm chart - extraAnnotations: {} - -images: - pullSecretName: - -# proxy -- Proxy being injected into pods for rewriting http headers -proxy: - image: - # proxy.image.registry -- Registry for the docker image. - registry: - # proxy.image.repository - Repository for the docker image - repository: "stackstate/http-header-injector-proxy" - # proxy.image.pullPolicy -- Policy when pulling an image - pullPolicy: IfNotPresent - # proxy.image.tag -- The tag for the docker image - tag: sha-5ff79451 - - # proxy.resource -- Resources for the proxy container - resources: - requests: - # proxy.resources.requests.memory -- Memory resource requests. - memory: "25Mi" - limits: - # proxy.resources.limits.memory -- Memory resource limits. - memory: "40Mi" - -# proxyInit -- InitContainer within pod which redirects traffic to the proxy container. -proxyInit: - image: - # proxyInit.image.registry -- Registry for the docker image - registry: - # proxyInit.image.repository - Repository for the docker image - repository: "stackstate/http-header-injector-proxy-init" - # proxyInit.image.pullPolicy -- Policy when pulling an image - pullPolicy: IfNotPresent - # proxyInit.image.tag -- The tag for the docker image - tag: sha-5ff79451 - -# sidecarInjector -- Service for injecting the proxy sidecar into pods -sidecarInjector: - image: - # sidecarInjector.image.registry -- Registry for the docker image. - registry: - # sidecarInjector.image.repository - Repository for the docker image - repository: "stackstate/generic-sidecar-injector" - # sidecarInjector.image.pullPolicy -- Policy when pulling an image - pullPolicy: IfNotPresent - # sidecarInjector.image.tag -- The tag for the docker image - tag: sha-9c852245 - -# certificatePrehook -- Helm prehook to setup/remove a certificate for the sidecarInjector mutationwebhook -certificatePrehook: - image: - # certificatePrehook.image.registry -- Registry for the docker image. - registry: - # certificatePrehook.image.repository - Repository for the docker image. - repository: stackstate/container-tools - # certificatePrehook.image.pullPolicy -- Policy when pulling an image - pullPolicy: IfNotPresent - # certificatePrehook.image.tag -- The tag for the docker image - tag: 1.4.0 - resources: - limits: - cpu: "100m" - memory: "200Mi" - requests: - cpu: "100m" - memory: "200Mi" - -# webhook -- MutationWebhook that will be installed to inject a sidecar into pods -webhook: - # webhook.failurePolicy -- How should the webhook fail? Best is to use Ignore, because there is a brief moment at initialization when the hook s there but the service not. Also, putting this to fail can cause the control plane be unresponsive. - failurePolicy: Ignore - tls: - # webhook.tls.mode -- The mode for the webhook. Can be "provided", "generated", "secret" or "cert-manager". If you want to use cert-manager, you need to install it first. NOTE: If you choose "generated", additional privileges are required to create the certificate and webhook at runtime. - mode: "generated" - provided: - # webhook.tls.provided.caBundle -- The caBundle that is used for the webhook. This is the certificate that is used to sign the webhook. Only used if you set webhook.tls.mode to "provided". - caBundle: "" - # webhook.tls.provided.crt -- The certificate that is used for the webhook. Only used if you set webhook.tls.mode to "provided". - crt: "" - # webhook.tls.provided.key -- The key that is used for the webhook. Only used if you set webhook.tls.mode to "provided". - key: "" - certManager: - # webhook.tls.certManager.issuer -- The issuer that is used for the webhook. Only used if you set webhook.tls.mode to "cert-manager". - issuer: "" - # webhook.tls.certManager.issuerKind -- The issuer kind that is used for the webhook, valid values are "Issuer" or "ClusterIssuer". Only used if you set webhook.tls.mode to "cert-manager". - issuerKind: "ClusterIssuer" - # webhook.tls.certManager.issuerNamespace -- The namespace the cert-manager issuer is located in. If left empty defaults to the release's namespace that is used for the webhook. Only used if you set webhook.tls.mode to "cert-manager". - issuerNamespace: "" - secret: - # webhook.tls.secret.name -- The name of the secret containing the pre-provisioned certificate data that is used for the webhook. Only used if you set webhook.tls.mode to "secret". - name: "" diff --git a/charts/stackstate/stackstate-k8s-agent/1.0.90/questions.yml b/charts/stackstate/stackstate-k8s-agent/1.0.90/questions.yml deleted file mode 100644 index 5d6e6a011..000000000 --- a/charts/stackstate/stackstate-k8s-agent/1.0.90/questions.yml +++ /dev/null @@ -1,184 +0,0 @@ -questions: - - variable: stackstate.apiKey - label: "StackState API Key" - type: string - description: "The API key for StackState." - required: true - group: General - - variable: stackstate.url - label: "StackState URL" - type: string - description: "The URL where StackState is running." - required: true - group: General - - variable: stackstate.cluster.name - label: "StackState Cluster Name" - type: string - description: "The StackState Cluster Name given when installing the instance of the Kubernetes StackPack in StackState. This is used to identify the cluster in StackState." - required: true - group: General - - variable: all.registry.override - label: "Override Default Image Registry" - type: boolean - description: "Whether or not to override the default image registry." - default: false - group: "General" - show_subquestions_if: true - subquestions: - - variable: all.image.registry - label: "Docker Image Registry" - type: string - description: "The registry to pull the StackState Agent images from." - default: "quay.io" - - variable: global.imagePullCredentials.username - label: "Docker Image Pull Username" - type: string - description: "The username to use when pulling the StackState Agent images." - - variable: global.imagePullCredentials.password - label: "Docker Image Pull Password" - type: secret - description: "The password to use when pulling the StackState Agent images." - - variable: nodeAgent.containers.agent.resources.override - label: "Override Node Agent Resource Allocation" - type: boolean - description: "Whether or not to override the default resources." - default: "false" - group: "Node Agent" - show_subquestions_if: true - subquestions: - - variable: nodeAgent.containers.agent.resources.requests.cpu - label: "CPU Requests" - type: string - description: "The requested CPU for the Node Agent." - default: "20m" - - variable: nodeAgent.containers.agent.resources.requests.memory - label: "Memory Requests" - type: string - description: "The requested memory for the Node Agent." - default: "180Mi" - - variable: nodeAgent.containers.agent.resources.limits.cpu - label: "CPU Limit" - type: string - description: "The CPU limit for the Node Agent." - default: "270m" - - variable: nodeAgent.containers.agent.resources.limits.memory - label: "Memory Limit" - type: string - description: "The memory limit for the Node Agent." - default: "420Mi" - - variable: nodeAgent.containers.processAgent.enabled - label: "Enable Process Agent" - type: boolean - description: "Whether or not to enable the Process Agent." - default: "true" - group: "Process Agent" - - variable: nodeAgent.skipKubeletTLSVerify - label: "Skip Kubelet TLS Verify" - type: boolean - description: "Whether or not to skip TLS verification when connecting to the kubelet API." - default: "true" - group: "Process Agent" - - variable: nodeAgent.containers.processAgent.resources.override - label: "Override Process Agent Resource Allocation" - type: boolean - description: "Whether or not to override the default resources." - default: "false" - group: "Process Agent" - show_subquestions_if: true - subquestions: - - variable: nodeAgent.containers.processAgent.resources.requests.cpu - label: "CPU Requests" - type: string - description: "The requested CPU for the Process Agent." - default: "25m" - - variable: nodeAgent.containers.processAgent.resources.requests.memory - label: "Memory Requests" - type: string - description: "The requested memory for the Process Agent." - default: "128Mi" - - variable: nodeAgent.containers.processAgent.resources.limits.cpu - label: "CPU Limit" - type: string - description: "The CPU limit for the Process Agent." - default: "125m" - - variable: nodeAgent.containers.processAgent.resources.limits.memory - label: "Memory Limit" - type: string - description: "The memory limit for the Process Agent." - default: "400Mi" - - variable: clusterAgent.enabled - label: "Enable Cluster Agent" - type: boolean - description: "Whether or not to enable the Cluster Agent." - default: "true" - group: "Cluster Agent" - - variable: clusterAgent.collection.kubernetesResources.secrets - label: "Collect Secret Resources" - type: boolean - description: | - Whether or not to collect Kubernetes Secrets. - NOTE: StackState will not send the actual data of the secrets, only the metadata and a secure hash of the data. - default: "true" - group: "Cluster Agent" - - variable: clusterAgent.resources.override - label: "Override Cluster Agent Resource Allocation" - type: boolean - description: "Whether or not to override the default resources." - default: "false" - group: "Cluster Agent" - show_subquestions_if: true - subquestions: - - variable: clusterAgent.resources.requests.cpu - label: "CPU Requests" - type: string - description: "The requested CPU for the Cluster Agent." - default: "70m" - - variable: clusterAgent.resources.requests.memory - label: "Memory Requests" - type: string - description: "The requested memory for the Cluster Agent." - default: "512Mi" - - variable: clusterAgent.resources.limits.cpu - label: "CPU Limit" - type: string - description: "The CPU limit for the Cluster Agent." - default: "400m" - - variable: clusterAgent.resources.limits.memory - label: "Memory Limit" - type: string - description: "The memory limit for the Cluster Agent." - default: "800Mi" - - variable: logsAgent.enabled - label: "Enable Logs Agent" - type: boolean - description: "Whether or not to enable the Logs Agent." - default: "true" - group: "Logs Agent" - - variable: logsAgent.resources.override - label: "Override Logs Agent Resource Allocation" - type: boolean - description: "Whether or not to override the default resources." - default: "false" - group: "Logs Agent" - show_subquestions_if: true - subquestions: - - variable: logsAgent.resources.requests.cpu - label: "CPU Requests" - type: string - description: "The requested CPU for the Logs Agent." - default: "20m" - - variable: logsAgent.resources.requests.memory - label: "Memory Requests" - type: string - description: "The requested memory for the Logs Agent." - default: "100Mi" - - variable: logsAgent.resources.limits.cpu - label: "CPU Limit" - type: string - description: "The CPU limit for the Logs Agent." - default: "1300m" - - variable: logsAgent.resources.limits.memory - label: "Memory Limit" - type: string - description: "The memory limit for the Logs Agent." - default: "192Mi" diff --git a/charts/stackstate/stackstate-k8s-agent/1.0.90/templates/_cluster-agent-kube-state-metrics.yaml b/charts/stackstate/stackstate-k8s-agent/1.0.90/templates/_cluster-agent-kube-state-metrics.yaml deleted file mode 100644 index f99fbf618..000000000 --- a/charts/stackstate/stackstate-k8s-agent/1.0.90/templates/_cluster-agent-kube-state-metrics.yaml +++ /dev/null @@ -1,62 +0,0 @@ -{{- define "cluster-agent-kube-state-metrics" -}} -{{- $kubeRes := .Values.clusterAgent.collection.kubernetesResources }} -{{- if .Values.clusterAgent.collection.kubeStateMetrics.clusterCheck }} -cluster_check: true -{{- end }} -init_config: -instances: - - collectors: - - nodes - - pods - - services - {{- if $kubeRes.persistentvolumeclaims }} - - persistentvolumeclaims - {{- end }} - {{- if $kubeRes.persistentvolumes }} - - persistentvolumes - {{- end }} - {{- if $kubeRes.namespaces }} - - namespaces - {{- end }} - {{- if $kubeRes.endpoints }} - - endpoints - {{- end }} - {{- if $kubeRes.daemonsets }} - - daemonsets - {{- end }} - {{- if $kubeRes.deployments }} - - deployments - {{- end }} - {{- if $kubeRes.replicasets }} - - replicasets - {{- end }} - {{- if $kubeRes.statefulsets }} - - statefulsets - {{- end }} - {{- if $kubeRes.cronjobs }} - - cronjobs - {{- end }} - {{- if $kubeRes.jobs }} - - jobs - {{- end }} - {{- if $kubeRes.ingresses }} - - ingresses - {{- end }} - {{- if $kubeRes.secrets }} - - secrets - {{- end }} - - resourcequotas - - replicationcontrollers - - limitranges - - horizontalpodautoscalers - - poddisruptionbudgets - - storageclasses - - volumeattachments - {{- if .Values.clusterAgent.collection.kubeStateMetrics.clusterCheck }} - skip_leader_election: true - {{- end }} - labels_as_tags: - {{ .Values.clusterAgent.collection.kubeStateMetrics.labelsAsTags | toYaml | indent 8 }} - annotations_as_tags: - {{ .Values.clusterAgent.collection.kubeStateMetrics.annotationsAsTags | toYaml | indent 8 }} -{{- end -}} diff --git a/charts/stackstate/stackstate-k8s-agent/1.0.90/templates/_container-agent.yaml b/charts/stackstate/stackstate-k8s-agent/1.0.90/templates/_container-agent.yaml deleted file mode 100644 index 09f9591c6..000000000 --- a/charts/stackstate/stackstate-k8s-agent/1.0.90/templates/_container-agent.yaml +++ /dev/null @@ -1,191 +0,0 @@ -{{- define "container-agent" -}} -- name: node-agent -{{- if .Values.all.hardening.enabled}} - lifecycle: - preStop: - exec: - command: [ "/bin/sh", "-c", "echo 'Giving slim.ai monitor time to submit data...'; sleep 120" ] -{{- end }} - image: "{{ include "stackstate-k8s-agent.imageRegistry" . }}/{{ .Values.nodeAgent.containers.agent.image.repository }}:{{ .Values.nodeAgent.containers.agent.image.tag }}" - imagePullPolicy: "{{ .Values.nodeAgent.containers.agent.image.pullPolicy }}" - env: - {{ include "stackstate-k8s-agent.apiKeyEnv" . | nindent 4 }} - - name: STS_KUBERNETES_KUBELET_HOST - valueFrom: - fieldRef: - fieldPath: status.hostIP - - name: KUBERNETES_HOSTNAME - valueFrom: - fieldRef: - fieldPath: spec.nodeName - - name: STS_HOSTNAME - value: "$(KUBERNETES_HOSTNAME)-{{ .Values.stackstate.cluster.name}}" - - name: AGENT_VERSION - value: {{ .Values.nodeAgent.containers.agent.image.tag | quote }} - - name: HOST_PROC - value: "/host/proc" - - name: HOST_SYS - value: "/host/sys" - - name: KUBERNETES - value: "true" - - name: STS_APM_ENABLED - value: {{ .Values.nodeAgent.apm.enabled | quote }} - - name: STS_APM_URL - value: {{ include "stackstate-k8s-agent.stackstate.url" . }} - - name: STS_CLUSTER_AGENT_ENABLED - value: {{ .Values.clusterAgent.enabled | quote }} - {{- if .Values.clusterAgent.enabled }} - - name: STS_CLUSTER_AGENT_KUBERNETES_SERVICE_NAME - value: {{ .Release.Name }}-cluster-agent - {{ include "stackstate-k8s-agent.clusterAgentAuthTokenEnv" . | nindent 4 }} - {{- end }} - - name: STS_CLUSTER_NAME - value: {{ .Values.stackstate.cluster.name | quote }} - - name: STS_SKIP_VALIDATE_CLUSTERNAME - value: "true" - - name: STS_CHECKS_TAG_CARDINALITY - value: {{ .Values.nodeAgent.checksTagCardinality | quote }} - {{- if .Values.checksAgent.enabled }} - - name: STS_EXTRA_CONFIG_PROVIDERS - value: "endpointschecks" - {{- end }} - - name: STS_HEALTH_PORT - value: "5555" - - name: STS_LEADER_ELECTION - value: "false" - - name: LOG_LEVEL - value: {{ .Values.nodeAgent.containers.agent.logLevel | default .Values.nodeAgent.logLevel | quote }} - - name: STS_LOG_LEVEL - value: {{ .Values.nodeAgent.containers.agent.logLevel | default .Values.nodeAgent.logLevel | quote }} - - name: STS_NETWORK_TRACING_ENABLED - value: {{ .Values.nodeAgent.networkTracing.enabled | quote }} - - name: STS_PROTOCOL_INSPECTION_ENABLED - value: {{ .Values.nodeAgent.protocolInspection.enabled | quote }} - - name: STS_PROCESS_AGENT_ENABLED - value: {{ .Values.nodeAgent.containers.agent.processAgent.enabled | quote }} - - name: STS_CONTAINER_CHECK_INTERVAL - value: {{ .Values.processAgent.checkIntervals.container | quote }} - - name: STS_CONNECTION_CHECK_INTERVAL - value: {{ .Values.processAgent.checkIntervals.connections | quote }} - - name: STS_PROCESS_CHECK_INTERVAL - value: {{ .Values.processAgent.checkIntervals.process | quote }} - - name: STS_PROCESS_AGENT_URL - value: {{ include "stackstate-k8s-agent.stackstate.url" . }} - - - name: STS_SKIP_SSL_VALIDATION - value: {{ or .Values.global.skipSslValidation .Values.nodeAgent.skipSslValidation | quote }} - - name: STS_SKIP_KUBELET_TLS_VERIFY - value: {{ .Values.nodeAgent.skipKubeletTLSVerify | quote }} - - name: STS_STS_URL - value: {{ include "stackstate-k8s-agent.stackstate.url" . }} - {{- if .Values.nodeAgent.containerRuntime.customSocketPath }} - - name: STS_CRI_SOCKET_PATH - value: {{ .Values.nodeAgent.containerRuntime.customSocketPath }} - {{- end }} - {{- if .Values.global.proxy.url }} - - name: STS_PROXY_HTTPS - value: {{ .Values.global.proxy.url | quote }} - - name: STS_PROXY_HTTP - value: {{ .Values.global.proxy.url | quote }} - {{- end }} - {{- range $key, $value := .Values.global.extraEnv.open }} - - name: {{ $key }} - value: {{ $value | quote }} - {{- end }} - {{- range $key, $value := .Values.global.extraEnv.secret }} - - name: {{ $key }} - valueFrom: - secretKeyRef: - name: {{ include "stackstate-k8s-agent.fullname" . }} - key: {{ $key }} - {{- end }} - {{- range $key, $value := .Values.nodeAgent.containers.agent.env }} - - name: {{ $key }} - value: {{ $value | quote }} - {{- end }} - {{- if .Values.nodeAgent.containers.agent.livenessProbe.enabled }} - livenessProbe: - httpGet: - path: /health - port: healthport - failureThreshold: {{ .Values.nodeAgent.containers.agent.livenessProbe.failureThreshold }} - initialDelaySeconds: {{ .Values.nodeAgent.containers.agent.livenessProbe.initialDelaySeconds }} - periodSeconds: {{ .Values.nodeAgent.containers.agent.livenessProbe.periodSeconds }} - successThreshold: {{ .Values.nodeAgent.containers.agent.livenessProbe.successThreshold }} - timeoutSeconds: {{ .Values.nodeAgent.containers.agent.livenessProbe.timeoutSeconds }} - {{- end }} - {{- if .Values.nodeAgent.containers.agent.readinessProbe.enabled }} - readinessProbe: - httpGet: - path: /health - port: healthport - failureThreshold: {{ .Values.nodeAgent.containers.agent.readinessProbe.failureThreshold }} - initialDelaySeconds: {{ .Values.nodeAgent.containers.agent.readinessProbe.initialDelaySeconds }} - periodSeconds: {{ .Values.nodeAgent.containers.agent.readinessProbe.periodSeconds }} - successThreshold: {{ .Values.nodeAgent.containers.agent.readinessProbe.successThreshold }} - timeoutSeconds: {{ .Values.nodeAgent.containers.agent.readinessProbe.timeoutSeconds }} - {{- end }} - ports: - - containerPort: 8126 - name: traceport - protocol: TCP - - containerPort: 5555 - name: healthport - protocol: TCP - {{- with .Values.nodeAgent.containers.agent.resources }} - resources: - {{- toYaml . | nindent 12 }} - {{- end }} - volumeMounts: - {{- if .Values.nodeAgent.containerRuntime.customSocketPath }} - - name: customcrisocket - mountPath: {{ .Values.nodeAgent.containerRuntime.customSocketPath }} - readOnly: true - {{- end }} - - name: crisocket - mountPath: /var/run/crio/crio.sock - readOnly: true - - name: containerdsocket - mountPath: /var/run/containerd/containerd.sock - readOnly: true - - name: kubelet - mountPath: /var/lib/kubelet - readOnly: true - - name: nfs - mountPath: /var/lib/nfs - readOnly: true - - name: dockersocket - mountPath: /var/run/docker.sock - readOnly: true - - name: dockernetns - mountPath: /run/docker/netns - readOnly: true - - name: dockeroverlay2 - mountPath: /var/lib/docker/overlay2 - readOnly: true - - name: procdir - mountPath: /host/proc - readOnly: true - - name: cgroups - mountPath: /host/sys/fs/cgroup - readOnly: true - {{- if .Values.nodeAgent.config.override }} - {{- range .Values.nodeAgent.config.override }} - - name: config-override-volume - mountPath: {{ .path }}/{{ .name }} - subPath: {{ .path | replace "/" "_"}}_{{ .name }} - readOnly: true - {{- end }} - {{- end }} -{{- if .Values.all.hardening.enabled}} - securityContext: - privileged: true - runAsUser: 0 # root - capabilities: - add: [ "ALL" ] - readOnlyRootFilesystem: false -{{- else }} - securityContext: - privileged: false -{{- end }} -{{- end -}} diff --git a/charts/stackstate/stackstate-k8s-agent/1.0.90/templates/_container-process-agent.yaml b/charts/stackstate/stackstate-k8s-agent/1.0.90/templates/_container-process-agent.yaml deleted file mode 100644 index 893f11581..000000000 --- a/charts/stackstate/stackstate-k8s-agent/1.0.90/templates/_container-process-agent.yaml +++ /dev/null @@ -1,160 +0,0 @@ -{{- define "container-process-agent" -}} -- name: process-agent -{{ if .Values.nodeAgent.containers.processAgent.image.registry }} - image: "{{ .Values.nodeAgent.containers.processAgent.image.registry }}/{{ .Values.nodeAgent.containers.processAgent.image.repository }}:{{ .Values.nodeAgent.containers.processAgent.image.tag }}" -{{ else }} - image: "{{ include "stackstate-k8s-agent.imageRegistry" . }}/{{ .Values.nodeAgent.containers.processAgent.image.repository }}:{{ .Values.nodeAgent.containers.processAgent.image.tag }}" -{{- end }} - imagePullPolicy: "{{ .Values.nodeAgent.containers.processAgent.image.pullPolicy }}" - ports: - - containerPort: 6063 - env: - {{ include "stackstate-k8s-agent.apiKeyEnv" . | nindent 4 }} - - name: STS_KUBERNETES_KUBELET_HOST - valueFrom: - fieldRef: - fieldPath: status.hostIP - - name: KUBERNETES_HOSTNAME - valueFrom: - fieldRef: - fieldPath: spec.nodeName - - name: STS_HOSTNAME - value: "$(KUBERNETES_HOSTNAME)-{{ .Values.stackstate.cluster.name}}" - - name: AGENT_VERSION - value: {{ .Values.nodeAgent.containers.processAgent.image.tag | quote }} - - name: STS_LOG_TO_CONSOLE - value: "true" - - name: HOST_PROC - value: "/host/proc" - - name: HOST_SYS - value: "/host/sys" - - name: HOST_ETC - value: "/host/etc" - - name: KUBERNETES - value: "true" - - name: STS_CLUSTER_AGENT_ENABLED - value: {{ .Values.clusterAgent.enabled | quote }} - {{- if .Values.clusterAgent.enabled }} - - name: STS_CLUSTER_AGENT_KUBERNETES_SERVICE_NAME - value: {{ .Release.Name }}-cluster-agent - {{ include "stackstate-k8s-agent.clusterAgentAuthTokenEnv" . | nindent 4 }} - {{- end }} - - name: STS_CLUSTER_NAME - value: {{ .Values.stackstate.cluster.name | quote }} - - name: STS_SKIP_VALIDATE_CLUSTERNAME - value: "true" - - name: LOG_LEVEL - value: {{ .Values.nodeAgent.containers.processAgent.logLevel | default .Values.nodeAgent.logLevel | quote }} - - name: STS_LOG_LEVEL - value: {{ .Values.nodeAgent.containers.processAgent.logLevel | default .Values.nodeAgent.logLevel | quote }} - - name: STS_NETWORK_TRACING_ENABLED - value: {{ .Values.nodeAgent.networkTracing.enabled | quote }} - - name: STS_PROTOCOL_INSPECTION_ENABLED - value: {{ .Values.nodeAgent.protocolInspection.enabled | quote }} - - name: STS_PROCESS_AGENT_ENABLED - value: {{ .Values.nodeAgent.containers.processAgent.enabled | quote }} - - name: STS_CONTAINER_CHECK_INTERVAL - value: {{ .Values.processAgent.checkIntervals.container | quote }} - - name: STS_CONNECTION_CHECK_INTERVAL - value: {{ .Values.processAgent.checkIntervals.connections | quote }} - - name: STS_PROCESS_CHECK_INTERVAL - value: {{ .Values.processAgent.checkIntervals.process | quote }} - - name: GOMEMLIMIT - value: {{ .Values.processAgent.softMemoryLimit.goMemLimit | quote }} - - name: STS_HTTP_STATS_BUFFER_SIZE - value: {{ .Values.processAgent.softMemoryLimit.httpStatsBufferSize | quote }} - - name: STS_HTTP_OBSERVATIONS_BUFFER_SIZE - value: {{ .Values.processAgent.softMemoryLimit.httpObservationsBufferSize | quote }} - - name: STS_PROCESS_AGENT_URL - value: {{ include "stackstate-k8s-agent.stackstate.url" . }} - - name: STS_SKIP_SSL_VALIDATION - value: {{ or .Values.global.skipSslValidation .Values.nodeAgent.skipSslValidation | quote }} - - name: STS_SKIP_KUBELET_TLS_VERIFY - value: {{ .Values.nodeAgent.skipKubeletTLSVerify | quote }} - - name: STS_STS_URL - value: {{ include "stackstate-k8s-agent.stackstate.url" . }} - - name: STS_HTTP_TRACING_ENABLED - value: {{ .Values.nodeAgent.httpTracing.enabled | quote }} - {{- if .Values.nodeAgent.containerRuntime.customSocketPath }} - - name: STS_CRI_SOCKET_PATH - value: {{ .Values.nodeAgent.containerRuntime.customSocketPath }} - {{- end }} - {{- if .Values.global.proxy.url }} - - name: STS_PROXY_HTTPS - value: {{ .Values.global.proxy.url | quote }} - - name: STS_PROXY_HTTP - value: {{ .Values.global.proxy.url | quote }} - {{- end }} - {{- range $key, $value := .Values.global.extraEnv.open }} - - name: {{ $key }} - value: {{ $value | quote }} - {{- end }} - {{- range $key, $value := .Values.global.extraEnv.secret }} - - name: {{ $key }} - valueFrom: - secretKeyRef: - name: {{ include "stackstate-k8s-agent.fullname" . }} - key: {{ $key }} - {{- end }} - {{- range $key, $value := .Values.nodeAgent.containers.processAgent.env }} - - name: {{ $key }} - value: {{ $value | quote }} - {{- end }} - {{- with .Values.nodeAgent.containers.processAgent.resources }} - resources: - {{- toYaml . | nindent 12 }} - {{- end }} - volumeMounts: - {{- if .Values.nodeAgent.containerRuntime.customSocketPath }} - - name: customcrisocket - mountPath: {{ .Values.nodeAgent.containerRuntime.customSocketPath }} - readOnly: true - {{- end }} - - name: crisocket - mountPath: /var/run/crio/crio.sock - readOnly: true - - name: containerdsocket - mountPath: /var/run/containerd/containerd.sock - readOnly: true - - name: sys-kernel-debug - mountPath: /sys/kernel/debug - # Having sys-kernel-debug as read only breaks specific monitors from receiving metrics - # readOnly: true - - name: dockersocket - mountPath: /var/run/docker.sock - readOnly: true - # The agent needs access to /etc to figure out what os it is running on. - - name: etcdir - mountPath: /host/etc - readOnly: true - - name: procdir - mountPath: /host/proc - # We have an agent option STS_DISABLE_BPF_JIT_HARDEN that write to /proc. this is a debug setting but if we want to use - # it, we have the option to make /proc writable. - readOnly: {{ .Values.nodeAgent.containers.processAgent.procVolumeReadOnly }} - - name: passwd - mountPath: /etc/passwd - readOnly: true - - name: cgroups - mountPath: /host/sys/fs/cgroup - readOnly: true - {{- if .Values.nodeAgent.config.override }} - {{- range .Values.nodeAgent.config.override }} - - name: config-override-volume - mountPath: {{ .path }}/{{ .name }} - subPath: {{ .path | replace "/" "_"}}_{{ .name }} - readOnly: true - {{- end }} - {{- end }} -{{- if .Values.all.hardening.enabled}} - securityContext: - privileged: true - runAsUser: 0 # root - capabilities: - add: [ "ALL" ] - readOnlyRootFilesystem: false -{{- else }} - securityContext: - privileged: true -{{- end }} -{{- end -}} diff --git a/charts/stackstate/stackstate-k8s-agent/1.0.90/templates/_helpers.tpl b/charts/stackstate/stackstate-k8s-agent/1.0.90/templates/_helpers.tpl deleted file mode 100644 index 3c51bc308..000000000 --- a/charts/stackstate/stackstate-k8s-agent/1.0.90/templates/_helpers.tpl +++ /dev/null @@ -1,219 +0,0 @@ -{{/* vim: set filetype=mustache: */}} -{{/* -Expand the name of the chart. -*/}} -{{- define "stackstate-k8s-agent.name" -}} -{{- default .Chart.Name .Values.nameOverride | trunc 63 | trimSuffix "-" -}} -{{- end -}} - -{{/* -Create a default fully qualified app name. -We truncate at 63 chars because some Kubernetes name fields are limited to this (by the DNS naming spec). -If release name contains chart name it will be used as a full name. -*/}} -{{- define "stackstate-k8s-agent.fullname" -}} -{{- if .Values.fullnameOverride -}} -{{- .Values.fullnameOverride | trunc 63 | trimSuffix "-" -}} -{{- else -}} -{{- $name := default .Chart.Name .Values.nameOverride -}} -{{- if contains $name .Release.Name -}} -{{- .Release.Name | trunc 63 | trimSuffix "-" -}} -{{- else -}} -{{- printf "%s-%s" .Release.Name $name | trunc 63 | trimSuffix "-" -}} -{{- end -}} -{{- end -}} -{{- end -}} - -{{/* -Create chart name and version as used by the chart label. -*/}} -{{- define "stackstate-k8s-agent.chart" -}} -{{- printf "%s-%s" .Chart.Name .Chart.Version | replace "+" "_" | trunc 63 | trimSuffix "-" -}} -{{- end -}} - -{{/* -Common labels -*/}} -{{- define "stackstate-k8s-agent.labels" -}} -app.kubernetes.io/name: {{ include "stackstate-k8s-agent.name" . }} -helm.sh/chart: {{ include "stackstate-k8s-agent.chart" . }} -app.kubernetes.io/instance: {{ .Release.Name }} -{{- if .Chart.AppVersion }} -app.kubernetes.io/version: {{ .Chart.AppVersion | quote }} -{{- end }} -app.kubernetes.io/managed-by: {{ .Release.Service }} -{{- end -}} - -{{/* -Cluster agent checksum annotations -*/}} -{{- define "stackstate-k8s-agent.checksum-configs" }} -checksum/secret: {{ include (print $.Template.BasePath "/secret.yaml") . | sha256sum }} -{{- end }} - -{{/* -StackState URL function -*/}} -{{- define "stackstate-k8s-agent.stackstate.url" -}} -{{ tpl .Values.stackstate.url . | quote }} -{{- end }} - -{{- define "stackstate-k8s-agent.configmap.override.checksum" -}} -{{- if .Values.clusterAgent.config.override }} -checksum/override-configmap: {{ include (print $.Template.BasePath "/cluster-agent-configmap.yaml") . | sha256sum }} -{{- end }} -{{- end }} - -{{- define "stackstate-k8s-agent.nodeAgent.configmap.override.checksum" -}} -{{- if .Values.nodeAgent.config.override }} -checksum/override-configmap: {{ include (print $.Template.BasePath "/node-agent-configmap.yaml") . | sha256sum }} -{{- end }} -{{- end }} - -{{- define "stackstate-k8s-agent.logsAgent.configmap.override.checksum" -}} -checksum/override-configmap: {{ include (print $.Template.BasePath "/logs-agent-configmap.yaml") . | sha256sum }} -{{- end }} - -{{- define "stackstate-k8s-agent.checksAgent.configmap.override.checksum" -}} -{{- if .Values.checksAgent.config.override }} -checksum/override-configmap: {{ include (print $.Template.BasePath "/checks-agent-configmap.yaml") . | sha256sum }} -{{- end }} -{{- end }} - - -{{/* -Return the image registry -*/}} -{{- define "stackstate-k8s-agent.imageRegistry" -}} - {{- if .Values.global }} - {{- .Values.global.imageRegistry | default .Values.all.image.registry -}} - {{- else -}} - {{- .Values.all.image.registry -}} - {{- end -}} -{{- end -}} - -{{/* -Renders a value that contains a template. -Usage: -{{ include "stackstate-k8s-agent.tplvalue.render" ( dict "value" .Values.path.to.the.Value "context" $) }} -*/}} -{{- define "stackstate-k8s-agent.tplvalue.render" -}} - {{- if typeIs "string" .value }} - {{- tpl .value .context }} - {{- else }} - {{- tpl (.value | toYaml) .context }} - {{- end }} -{{- end -}} - -{{- define "stackstate-k8s-agent.pull-secret.name" -}} -{{ include "stackstate-k8s-agent.fullname" . }}-pull-secret -{{- end -}} - -{{/* -Return the proper Docker Image Registry Secret Names evaluating values as templates -{{ include "stackstate-k8s-agent.image.pullSecrets" ( dict "images" (list .Values.path.to.the.image1, .Values.path.to.the.image2) "context" $) }} -*/}} -{{- define "stackstate-k8s-agent.image.pullSecrets" -}} - {{- $pullSecrets := list }} - {{- $context := .context }} - {{- if $context.Values.global }} - {{- range $context.Values.global.imagePullSecrets -}} - {{/* Is plain array of strings, compatible with all bitnami charts */}} - {{- $pullSecrets = append $pullSecrets (include "stackstate-k8s-agent.tplvalue.render" (dict "value" . "context" $context)) -}} - {{- end -}} - {{- end -}} - {{- range $context.Values.imagePullSecrets -}} - {{- $pullSecrets = append $pullSecrets (include "stackstate-k8s-agent.tplvalue.render" (dict "value" .name "context" $context)) -}} - {{- end -}} - {{- range .images -}} - {{- if .pullSecretName -}} - {{- $pullSecrets = append $pullSecrets (include "stackstate-k8s-agent.tplvalue.render" (dict "value" .pullSecretName "context" $context)) -}} - {{- end -}} - {{- end -}} - {{- $pullSecrets = append $pullSecrets (include "stackstate-k8s-agent.pull-secret.name" $context) -}} - {{- if (not (empty $pullSecrets)) -}} -imagePullSecrets: - {{- range $pullSecrets | uniq }} - - name: {{ . }} - {{- end }} - {{- end }} -{{- end -}} - -{{/* -Check whether the kubernetes-state-metrics configuration is overridden. If so, return 'true' else return nothing (which is false). -{{ include "stackstate-k8s-agent.kube-state-metrics.overridden" $ }} -*/}} -{{- define "stackstate-k8s-agent.kube-state-metrics.overridden" -}} -{{- if .Values.clusterAgent.config.override }} - {{- range $i, $val := .Values.clusterAgent.config.override }} - {{- if and (eq $val.name "conf.yaml") (eq $val.path "/etc/stackstate-agent/conf.d/kubernetes_state.d") }} -true - {{- end }} - {{- end }} -{{- end }} -{{- end -}} - -{{- define "stackstate-k8s-agent.nodeAgent.kube-state-metrics.overridden" -}} -{{- if .Values.nodeAgent.config.override }} - {{- range $i, $val := .Values.nodeAgent.config.override }} - {{- if and (eq $val.name "auto_conf.yaml") (eq $val.path "/etc/stackstate-agent/conf.d/kubernetes_state.d") }} -true - {{- end }} - {{- end }} -{{- end }} -{{- end -}} - -{{/* -Return the appropriate os label -*/}} -{{- define "label.os" -}} -{{- if semverCompare "^1.14-0" .Capabilities.KubeVersion.GitVersion -}} -kubernetes.io/os -{{- else -}} -beta.kubernetes.io/os -{{- end -}} -{{- end -}} - -{{/* -Returns a YAML with extra annotations -*/}} -{{- define "stackstate-k8s-agent.global.extraAnnotations" -}} -{{- with .Values.global.extraAnnotations }} -{{- toYaml . }} -{{- end }} -{{- end -}} - -{{/* -Returns a YAML with extra labels -*/}} -{{- define "stackstate-k8s-agent.global.extraLabels" -}} -{{- with .Values.global.extraLabels }} -{{- toYaml . }} -{{- end }} -{{- end -}} - -{{- define "stackstate-k8s-agent.apiKeyEnv" -}} -- name: STS_API_KEY - valueFrom: - secretKeyRef: -{{- if not .Values.stackstate.manageOwnSecrets }} - name: {{ include "stackstate-k8s-agent.fullname" . }} - key: sts-api-key -{{- else }} - name: {{ .Values.stackstate.customSecretName | quote }} - key: {{ .Values.stackstate.customApiKeySecretKey | quote }} -{{- end }} -{{- end -}} - -{{- define "stackstate-k8s-agent.clusterAgentAuthTokenEnv" -}} -- name: STS_CLUSTER_AGENT_AUTH_TOKEN - valueFrom: - secretKeyRef: -{{- if not .Values.stackstate.manageOwnSecrets }} - name: {{ include "stackstate-k8s-agent.fullname" . }} - key: sts-cluster-auth-token -{{- else }} - name: {{ .Values.stackstate.customSecretName | quote }} - key: {{ .Values.stackstate.customClusterAuthTokenSecretKey | quote }} -{{- end }} -{{- end -}} diff --git a/charts/stackstate/stackstate-k8s-agent/1.0.90/templates/checks-agent-clusterrolebinding.yaml b/charts/stackstate/stackstate-k8s-agent/1.0.90/templates/checks-agent-clusterrolebinding.yaml deleted file mode 100644 index 4fd0eadbc..000000000 --- a/charts/stackstate/stackstate-k8s-agent/1.0.90/templates/checks-agent-clusterrolebinding.yaml +++ /dev/null @@ -1,21 +0,0 @@ -{{- if .Values.checksAgent.enabled }} -apiVersion: rbac.authorization.k8s.io/v1 -kind: ClusterRoleBinding -metadata: - name: {{ .Release.Name }}-checks-agent - labels: -{{ include "stackstate-k8s-agent.labels" . | indent 4 }} -{{ include "stackstate-k8s-agent.global.extraLabels" . | indent 4 }} - app.kubernetes.io/component: checks-agent - annotations: -{{ include "stackstate-k8s-agent.global.extraAnnotations" . | indent 4 }} -roleRef: - apiGroup: rbac.authorization.k8s.io - kind: ClusterRole - name: {{ .Release.Name }}-node-agent -subjects: -- apiGroup: "" - kind: ServiceAccount - name: {{ .Release.Name }}-checks-agent - namespace: {{ .Release.Namespace }} -{{- end -}} diff --git a/charts/stackstate/stackstate-k8s-agent/1.0.90/templates/checks-agent-configmap.yaml b/charts/stackstate/stackstate-k8s-agent/1.0.90/templates/checks-agent-configmap.yaml deleted file mode 100644 index 54a1abf2f..000000000 --- a/charts/stackstate/stackstate-k8s-agent/1.0.90/templates/checks-agent-configmap.yaml +++ /dev/null @@ -1,17 +0,0 @@ -{{- if and .Values.checksAgent.enabled .Values.checksAgent.config.override }} -apiVersion: v1 -kind: ConfigMap -metadata: - name: {{ .Release.Name }}-checks-agent - labels: -{{ include "stackstate-k8s-agent.labels" . | indent 4 }} -{{ include "stackstate-k8s-agent.global.extraLabels" . | indent 4 }} - app.kubernetes.io/component: checks-agent - annotations: -{{ include "stackstate-k8s-agent.global.extraAnnotations" . | indent 4 }} -data: -{{- range .Values.checksAgent.config.override }} - {{ .path | replace "/" "_"}}_{{ .name }}: | -{{ .data | indent 4 -}} -{{- end -}} -{{- end -}} diff --git a/charts/stackstate/stackstate-k8s-agent/1.0.90/templates/checks-agent-deployment.yaml b/charts/stackstate/stackstate-k8s-agent/1.0.90/templates/checks-agent-deployment.yaml deleted file mode 100644 index 37a0b1a1d..000000000 --- a/charts/stackstate/stackstate-k8s-agent/1.0.90/templates/checks-agent-deployment.yaml +++ /dev/null @@ -1,185 +0,0 @@ -{{- if .Values.checksAgent.enabled }} -apiVersion: apps/v1 -kind: Deployment -metadata: - name: {{ .Release.Name }}-checks-agent - namespace: {{ .Release.Namespace }} - labels: -{{ include "stackstate-k8s-agent.labels" . | indent 4 }} -{{ include "stackstate-k8s-agent.global.extraLabels" . | indent 4 }} - app.kubernetes.io/component: checks-agent - annotations: -{{ include "stackstate-k8s-agent.global.extraAnnotations" . | indent 4 }} -spec: - selector: - matchLabels: - app.kubernetes.io/component: checks-agent - app.kubernetes.io/instance: {{ .Release.Name }} - app.kubernetes.io/name: {{ include "stackstate-k8s-agent.name" . }} - replicas: {{ .Values.checksAgent.replicas }} -{{- with .Values.checksAgent.strategy }} - strategy: - {{- toYaml . | nindent 4 }} -{{- end }} - template: - metadata: - annotations: - {{- include "stackstate-k8s-agent.checksum-configs" . | nindent 8 }} - {{- include "stackstate-k8s-agent.nodeAgent.configmap.override.checksum" . | nindent 8 }} -{{ include "stackstate-k8s-agent.global.extraAnnotations" . | indent 8 }} - labels: - app.kubernetes.io/component: checks-agent - app.kubernetes.io/instance: {{ .Release.Name }} - app.kubernetes.io/name: {{ include "stackstate-k8s-agent.name" . }} -{{ include "stackstate-k8s-agent.global.extraLabels" . | indent 8 }} - spec: - {{- include "stackstate-k8s-agent.image.pullSecrets" (dict "images" (list .Values.checksAgent.image .Values.all.image) "context" $) | nindent 6 }} - {{- if .Values.all.hardening.enabled}} - terminationGracePeriodSeconds: 240 - {{- end }} - containers: - - name: {{ .Chart.Name }} - image: "{{ include "stackstate-k8s-agent.imageRegistry" . }}/{{ .Values.checksAgent.image.repository }}:{{ .Values.checksAgent.image.tag }}" - imagePullPolicy: "{{ .Values.checksAgent.image.pullPolicy }}" - {{- if .Values.all.hardening.enabled}} - lifecycle: - preStop: - exec: - command: [ "/bin/sh", "-c", "echo 'Giving slim.ai monitor time to submit data...'; sleep 120" ] - {{- end }} - env: - {{ include "stackstate-k8s-agent.apiKeyEnv" . | nindent 10 }} - - name: KUBERNETES_HOSTNAME - valueFrom: - fieldRef: - fieldPath: spec.nodeName - - name: STS_HOSTNAME - value: "$(KUBERNETES_HOSTNAME)-{{ .Values.stackstate.cluster.name}}" - - name: AGENT_VERSION - value: {{ .Values.checksAgent.image.tag | quote }} - - name: LOG_LEVEL - value: {{ .Values.checksAgent.logLevel | quote }} - - name: STS_APM_ENABLED - value: "false" - - name: STS_CLUSTER_AGENT_ENABLED - value: {{ .Values.clusterAgent.enabled | quote }} - {{- if .Values.clusterAgent.enabled }} - - name: STS_CLUSTER_AGENT_KUBERNETES_SERVICE_NAME - value: {{ .Release.Name }}-cluster-agent - {{ include "stackstate-k8s-agent.clusterAgentAuthTokenEnv" . | nindent 10 }} - {{- end }} - - name: STS_CLUSTER_NAME - value: {{ .Values.stackstate.cluster.name | quote }} - - name: STS_SKIP_VALIDATE_CLUSTERNAME - value: "true" - - name: STS_CHECKS_TAG_CARDINALITY - value: {{ .Values.checksAgent.checksTagCardinality | quote }} - - name: STS_EXTRA_CONFIG_PROVIDERS - value: "clusterchecks" - - name: STS_HEALTH_PORT - value: "5555" - - name: STS_LEADER_ELECTION - value: "false" - - name: STS_LOG_LEVEL - value: {{ .Values.checksAgent.logLevel | quote }} - - name: STS_NETWORK_TRACING_ENABLED - value: "false" - - name: STS_PROCESS_AGENT_ENABLED - value: "false" - - name: STS_SKIP_SSL_VALIDATION - value: {{ or .Values.global.skipSslValidation .Values.checksAgent.skipSslValidation | quote }} - - name: STS_STS_URL - value: {{ include "stackstate-k8s-agent.stackstate.url" . }} - {{- if .Values.global.proxy.url }} - - name: STS_PROXY_HTTPS - value: {{ .Values.global.proxy.url | quote }} - - name: STS_PROXY_HTTP - value: {{ .Values.global.proxy.url | quote }} - {{- end }} - {{- range $key, $value := .Values.global.extraEnv.open }} - - name: {{ $key }} - value: {{ $value | quote }} - {{- end }} - {{- range $key, $value := .Values.global.extraEnv.secret }} - - name: {{ $key }} - valueFrom: - secretKeyRef: - name: {{ include "stackstate-k8s-agent.fullname" . }} - key: {{ $key }} - {{- end }} - livenessProbe: - httpGet: - path: /health - port: healthport - failureThreshold: {{ .Values.checksAgent.livenessProbe.failureThreshold }} - initialDelaySeconds: {{ .Values.checksAgent.livenessProbe.initialDelaySeconds }} - periodSeconds: {{ .Values.checksAgent.livenessProbe.periodSeconds }} - successThreshold: {{ .Values.checksAgent.livenessProbe.successThreshold }} - timeoutSeconds: {{ .Values.checksAgent.livenessProbe.timeoutSeconds }} - readinessProbe: - httpGet: - path: /health - port: healthport - failureThreshold: {{ .Values.checksAgent.readinessProbe.failureThreshold }} - initialDelaySeconds: {{ .Values.checksAgent.readinessProbe.initialDelaySeconds }} - periodSeconds: {{ .Values.checksAgent.readinessProbe.periodSeconds }} - successThreshold: {{ .Values.checksAgent.readinessProbe.successThreshold }} - timeoutSeconds: {{ .Values.checksAgent.readinessProbe.timeoutSeconds }} - ports: - - containerPort: 5555 - name: healthport - protocol: TCP - {{- if .Values.all.hardening.enabled}} - securityContext: - privileged: true - runAsUser: 0 # root - capabilities: - add: [ "ALL" ] - readOnlyRootFilesystem: false - {{- else }} - securityContext: - privileged: false - {{- end }} - {{- with .Values.checksAgent.resources }} - resources: - {{- toYaml . | nindent 12 }} - {{- end }} - volumeMounts: - - name: confd-empty-volume - mountPath: /etc/stackstate-agent/conf.d -# setting as readOnly: false because we need the ability to write data on /etc/stackstate-agent/conf.d as we enable checks to run. - readOnly: false - {{- if .Values.checksAgent.config.override }} - {{- range .Values.checksAgent.config.override }} - - name: config-override-volume - mountPath: {{ .path }}/{{ .name }} - subPath: {{ .path | replace "/" "_"}}_{{ .name }} - readOnly: true - {{- end }} - {{- end }} - {{- if .Values.checksAgent.priorityClassName }} - priorityClassName: {{ .Values.checksAgent.priorityClassName }} - {{- end }} - serviceAccountName: {{ .Release.Name }}-checks-agent - nodeSelector: - {{ template "label.os" . }}: {{ .Values.targetSystem }} - {{- with .Values.checksAgent.nodeSelector }} - {{- toYaml . | nindent 8 }} - {{- end }} - {{- with .Values.checksAgent.affinity }} - affinity: - {{- toYaml . | nindent 8 }} - {{- end }} - {{- with .Values.checksAgent.tolerations }} - tolerations: - {{- toYaml . | nindent 8 }} - {{- end }} - volumes: - - name: confd-empty-volume - emptyDir: {} - {{- if .Values.checksAgent.config.override }} - - name: config-override-volume - configMap: - name: {{ .Release.Name }}-checks-agent - {{- end }} -{{- end -}} diff --git a/charts/stackstate/stackstate-k8s-agent/1.0.90/templates/checks-agent-poddisruptionbudget.yaml b/charts/stackstate/stackstate-k8s-agent/1.0.90/templates/checks-agent-poddisruptionbudget.yaml deleted file mode 100644 index 19d3924ea..000000000 --- a/charts/stackstate/stackstate-k8s-agent/1.0.90/templates/checks-agent-poddisruptionbudget.yaml +++ /dev/null @@ -1,23 +0,0 @@ -{{- if .Values.checksAgent.enabled }} -{{- if .Capabilities.APIVersions.Has "policy/v1/PodDisruptionBudget" }} -apiVersion: policy/v1 -{{- else }} -apiVersion: policy/v1beta1 -{{- end }} -kind: PodDisruptionBudget -metadata: - name: {{ .Release.Name }}-checks-agent - labels: -{{ include "stackstate-k8s-agent.labels" . | indent 4 }} -{{ include "stackstate-k8s-agent.global.extraLabels" . | indent 4 }} - app.kubernetes.io/component: checks-agent - annotations: -{{ include "stackstate-k8s-agent.global.extraAnnotations" . | indent 4 }} -spec: - maxUnavailable: 1 - selector: - matchLabels: - app.kubernetes.io/component: checks-agent - app.kubernetes.io/instance: {{ .Release.Name }} - app.kubernetes.io/name: {{ include "stackstate-k8s-agent.name" . }} -{{- end -}} diff --git a/charts/stackstate/stackstate-k8s-agent/1.0.90/templates/checks-agent-serviceaccount.yaml b/charts/stackstate/stackstate-k8s-agent/1.0.90/templates/checks-agent-serviceaccount.yaml deleted file mode 100644 index a90a43589..000000000 --- a/charts/stackstate/stackstate-k8s-agent/1.0.90/templates/checks-agent-serviceaccount.yaml +++ /dev/null @@ -1,16 +0,0 @@ -{{- if .Values.checksAgent.enabled }} -apiVersion: v1 -kind: ServiceAccount -metadata: - name: {{ .Release.Name }}-checks-agent - namespace: {{ .Release.Namespace }} - labels: -{{ include "stackstate-k8s-agent.labels" . | indent 4 }} -{{ include "stackstate-k8s-agent.global.extraLabels" . | indent 4 }} - app.kubernetes.io/component: checks-agent - annotations: -{{ include "stackstate-k8s-agent.global.extraAnnotations" . | indent 4 }} -{{- with .Values.checksAgent.serviceaccount.annotations }} - {{- toYaml . | nindent 4 }} -{{- end }} -{{- end -}} diff --git a/charts/stackstate/stackstate-k8s-agent/1.0.90/templates/cluster-agent-clusterrole.yaml b/charts/stackstate/stackstate-k8s-agent/1.0.90/templates/cluster-agent-clusterrole.yaml deleted file mode 100644 index 021a43ebd..000000000 --- a/charts/stackstate/stackstate-k8s-agent/1.0.90/templates/cluster-agent-clusterrole.yaml +++ /dev/null @@ -1,152 +0,0 @@ -{{- $kubeRes := .Values.clusterAgent.collection.kubernetesResources }} -apiVersion: rbac.authorization.k8s.io/v1 -kind: ClusterRole -metadata: - name: {{ include "stackstate-k8s-agent.fullname" . }} - labels: -{{ include "stackstate-k8s-agent.labels" . | indent 4 }} -{{ include "stackstate-k8s-agent.global.extraLabels" . | indent 4 }} - app.kubernetes.io/component: cluster-agent - annotations: -{{ include "stackstate-k8s-agent.global.extraAnnotations" . | indent 4 }} -rules: -- apiGroups: - - "" - resources: - - events - - nodes - - pods - - services - {{- if $kubeRes.namespaces }} - - namespaces - {{- end }} - {{- if .Values.clusterAgent.collection.kubernetesMetrics }} - - componentstatuses - {{- end }} - {{- if $kubeRes.configmaps }} - - configmaps - {{- end }} - {{- if $kubeRes.endpoints }} - - endpoints - {{- end }} - {{- if $kubeRes.persistentvolumeclaims }} - - persistentvolumeclaims - {{- end }} - {{- if $kubeRes.persistentvolumes }} - - persistentvolumes - {{- end }} - {{- if $kubeRes.secrets }} - - secrets - {{- end }} - {{- if $kubeRes.resourcequotas }} - - resourcequotas - {{- end }} - verbs: - - get - - list - - watch -{{- if or $kubeRes.daemonsets $kubeRes.deployments $kubeRes.replicasets $kubeRes.statefulsets }} -- apiGroups: - - "apps" - resources: - {{- if $kubeRes.daemonsets }} - - daemonsets - {{- end }} - {{- if $kubeRes.deployments }} - - deployments - {{- end }} - {{- if $kubeRes.replicasets }} - - replicasets - {{- end }} - {{- if $kubeRes.statefulsets }} - - statefulsets - {{- end }} - verbs: - - get - - list - - watch -{{- end}} -{{- if $kubeRes.ingresses }} -- apiGroups: - - "extensions" - - "networking.k8s.io" - resources: - - ingresses - verbs: - - get - - list - - watch -{{- end}} -{{- if or $kubeRes.cronjobs $kubeRes.jobs }} -- apiGroups: - - "batch" - resources: - {{- if $kubeRes.cronjobs }} - - cronjobs - {{- end }} - {{- if $kubeRes.jobs }} - - jobs - {{- end }} - verbs: - - get - - list - - watch -{{- end}} -- nonResourceURLs: - - "/healthz" - - "/version" - verbs: - - get -- apiGroups: - - "storage.k8s.io" - resources: - {{- if $kubeRes.volumeattachments }} - - volumeattachments - {{- end }} - {{- if $kubeRes.storageclasses }} - - storageclasses - {{- end }} - verbs: - - get - - list - - watch -- apiGroups: - - "policy" - resources: - {{- if $kubeRes.poddisruptionbudgets }} - - poddisruptionbudgets - {{- end }} - verbs: - - get - - list - - watch -- apiGroups: - - "" - resources: - {{- if $kubeRes.replicationcontrollers }} - - replicationcontrollers - {{- end }} - verbs: - - get - - list - - watch -- apiGroups: - - "autoscaling" - resources: - {{- if $kubeRes.horizontalpodautoscalers }} - - horizontalpodautoscalers - {{- end }} - verbs: - - get - - list - - watch -- apiGroups: - - "" - resources: - {{- if $kubeRes.limitranges }} - - limitranges - {{- end }} - verbs: - - get - - list - - watch diff --git a/charts/stackstate/stackstate-k8s-agent/1.0.90/templates/cluster-agent-clusterrolebinding.yaml b/charts/stackstate/stackstate-k8s-agent/1.0.90/templates/cluster-agent-clusterrolebinding.yaml deleted file mode 100644 index 207613dd9..000000000 --- a/charts/stackstate/stackstate-k8s-agent/1.0.90/templates/cluster-agent-clusterrolebinding.yaml +++ /dev/null @@ -1,19 +0,0 @@ -apiVersion: rbac.authorization.k8s.io/v1 -kind: ClusterRoleBinding -metadata: - name: {{ include "stackstate-k8s-agent.fullname" . }} - labels: -{{ include "stackstate-k8s-agent.labels" . | indent 4 }} -{{ include "stackstate-k8s-agent.global.extraLabels" . | indent 4 }} - app.kubernetes.io/component: cluster-agent - annotations: -{{ include "stackstate-k8s-agent.global.extraAnnotations" . | indent 4 }} -roleRef: - apiGroup: rbac.authorization.k8s.io - kind: ClusterRole - name: {{ include "stackstate-k8s-agent.fullname" . }} -subjects: -- apiGroup: "" - kind: ServiceAccount - name: {{ include "stackstate-k8s-agent.fullname" . }} - namespace: {{ .Release.Namespace }} diff --git a/charts/stackstate/stackstate-k8s-agent/1.0.90/templates/cluster-agent-configmap.yaml b/charts/stackstate/stackstate-k8s-agent/1.0.90/templates/cluster-agent-configmap.yaml deleted file mode 100644 index 37d10217f..000000000 --- a/charts/stackstate/stackstate-k8s-agent/1.0.90/templates/cluster-agent-configmap.yaml +++ /dev/null @@ -1,31 +0,0 @@ -apiVersion: v1 -kind: ConfigMap -metadata: - name: {{ .Release.Name }}-cluster-agent - labels: -{{ include "stackstate-k8s-agent.labels" . | indent 4 }} -{{ include "stackstate-k8s-agent.global.extraLabels" . | indent 4 }} - app.kubernetes.io/component: cluster-agent - annotations: -{{ include "stackstate-k8s-agent.global.extraAnnotations" . | indent 4 }} -data: - kubernetes_api_events_conf: | - init_config: - instances: - - collect_events: {{ .Values.clusterAgent.collection.kubernetesEvents }} - event_categories:{{ .Values.clusterAgent.config.events.categories | toYaml | nindent 10 }} - kubernetes_api_topology_conf: | - init_config: - instances: - - collection_interval: {{ .Values.clusterAgent.config.topology.collectionInterval }} - resources:{{ .Values.clusterAgent.collection.kubernetesResources | toYaml | nindent 10 }} - {{- if .Values.clusterAgent.collection.kubeStateMetrics.enabled }} - kube_state_metrics_core_conf: | - {{- include "cluster-agent-kube-state-metrics" . | nindent 6 }} - {{- end }} -{{- if .Values.clusterAgent.config.override }} -{{- range .Values.clusterAgent.config.override }} - {{ .path | replace "/" "_"}}_{{ .name }}: | -{{ .data | indent 4 -}} -{{- end -}} -{{- end -}} diff --git a/charts/stackstate/stackstate-k8s-agent/1.0.90/templates/cluster-agent-deployment.yaml b/charts/stackstate/stackstate-k8s-agent/1.0.90/templates/cluster-agent-deployment.yaml deleted file mode 100644 index 51025a670..000000000 --- a/charts/stackstate/stackstate-k8s-agent/1.0.90/templates/cluster-agent-deployment.yaml +++ /dev/null @@ -1,169 +0,0 @@ -apiVersion: apps/v1 -kind: Deployment -metadata: - name: {{ .Release.Name }}-cluster-agent - labels: -{{ include "stackstate-k8s-agent.labels" . | indent 4 }} -{{ include "stackstate-k8s-agent.global.extraLabels" . | indent 4 }} - app.kubernetes.io/component: cluster-agent - annotations: -{{ include "stackstate-k8s-agent.global.extraAnnotations" . | indent 4 }} -spec: - replicas: {{ .Values.clusterAgent.replicaCount }} - selector: - matchLabels: - app.kubernetes.io/component: cluster-agent - app.kubernetes.io/instance: {{ .Release.Name }} - app.kubernetes.io/name: {{ include "stackstate-k8s-agent.name" . }} -{{- with .Values.clusterAgent.strategy }} - strategy: - {{- toYaml . | nindent 4 }} -{{- end }} - template: - metadata: - annotations: - {{- include "stackstate-k8s-agent.checksum-configs" . | nindent 8 }} - {{- include "stackstate-k8s-agent.configmap.override.checksum" . | nindent 8 }} -{{ include "stackstate-k8s-agent.global.extraAnnotations" . | indent 8 }} - labels: - app.kubernetes.io/component: cluster-agent - app.kubernetes.io/instance: {{ .Release.Name }} - app.kubernetes.io/name: {{ include "stackstate-k8s-agent.name" . }} -{{ include "stackstate-k8s-agent.global.extraLabels" . | indent 8 }} - spec: - {{- include "stackstate-k8s-agent.image.pullSecrets" (dict "images" (list .Values.clusterAgent.image .Values.all.image) "context" $) | nindent 6 }} - {{- if .Values.clusterAgent.priorityClassName }} - priorityClassName: {{ .Values.clusterAgent.priorityClassName }} - {{- end }} - serviceAccountName: {{ include "stackstate-k8s-agent.fullname" . }} - {{- if .Values.all.hardening.enabled}} - terminationGracePeriodSeconds: 240 - {{- end }} - containers: - - name: cluster-agent - image: "{{ include "stackstate-k8s-agent.imageRegistry" . }}/{{ .Values.clusterAgent.image.repository }}:{{ .Values.clusterAgent.image.tag }}" - imagePullPolicy: "{{ .Values.clusterAgent.image.pullPolicy }}" - {{- if .Values.all.hardening.enabled}} - lifecycle: - preStop: - exec: - command: [ "/bin/sh", "-c", "echo 'Giving slim.ai monitor time to submit data...'; sleep 120" ] - {{- end }} - env: - {{ include "stackstate-k8s-agent.apiKeyEnv" . | nindent 10 }} - {{ include "stackstate-k8s-agent.clusterAgentAuthTokenEnv" . | nindent 10 }} - - name: KUBERNETES_HOSTNAME - valueFrom: - fieldRef: - fieldPath: spec.nodeName - - name: STS_HOSTNAME - value: "$(KUBERNETES_HOSTNAME)-{{ .Values.stackstate.cluster.name}}" - - name: LOG_LEVEL - value: {{ .Values.clusterAgent.logLevel | quote }} - {{- if .Values.checksAgent.enabled }} - - name: STS_CLUSTER_CHECKS_ENABLED - value: "true" - - name: STS_EXTRA_CONFIG_PROVIDERS - value: "kube_endpoints kube_services" - - name: STS_EXTRA_LISTENERS - value: "kube_endpoints kube_services" - {{- end }} - - name: STS_CLUSTER_NAME - value: {{.Values.stackstate.cluster.name | quote }} - - name: STS_SKIP_VALIDATE_CLUSTERNAME - value: "true" - - name: STS_SKIP_SSL_VALIDATION - value: {{ or .Values.global.skipSslValidation .Values.clusterAgent.skipSslValidation | quote }} - - name: STS_COLLECT_KUBERNETES_METRICS - value: {{ .Values.clusterAgent.collection.kubernetesMetrics | quote }} - - name: STS_COLLECT_KUBERNETES_TIMEOUT - value: {{ .Values.clusterAgent.collection.kubernetesTimeout | quote }} - - name: STS_COLLECT_KUBERNETES_TOPOLOGY - value: {{ .Values.clusterAgent.collection.kubernetesTopology | quote }} - - name: STS_LEADER_ELECTION - value: "true" - - name: STS_LOG_LEVEL - value: {{ .Values.clusterAgent.logLevel | quote }} - - name: STS_CLUSTER_AGENT_CMD_PORT - value: {{ .Values.clusterAgent.service.targetPort | quote }} - - name: STS_STS_URL - value: {{ include "stackstate-k8s-agent.stackstate.url" . }} - {{- if .Values.clusterAgent.config.configMap.maxDataSize }} - - name: STS_CONFIGMAP_MAX_DATASIZE - value: {{ .Values.clusterAgent.config.configMap.maxDataSize | quote }} - {{- end}} - {{- if .Values.global.proxy.url }} - - name: STS_PROXY_HTTPS - value: {{ .Values.global.proxy.url | quote }} - - name: STS_PROXY_HTTP - value: {{ .Values.global.proxy.url | quote }} - {{- end }} - {{- range $key, $value := .Values.global.extraEnv.open }} - - name: {{ $key }} - value: {{ $value | quote }} - {{- end }} - {{- range $key, $value := .Values.global.extraEnv.secret }} - - name: {{ $key }} - valueFrom: - secretKeyRef: - name: {{ include "stackstate-k8s-agent.fullname" . }} - key: {{ $key }} - {{- end }} - {{- if .Values.all.hardening.enabled}} - securityContext: - privileged: true - runAsUser: 0 # root - capabilities: - add: [ "ALL" ] - readOnlyRootFilesystem: false - {{- else }} - securityContext: - privileged: false - {{- end }} - {{- with .Values.clusterAgent.resources }} - resources: - {{- toYaml . | nindent 12 }} - {{- end }} - volumeMounts: - - name: logs - mountPath: /var/log/stackstate-agent - - name: config-override-volume - mountPath: /etc/stackstate-agent/conf.d/kubernetes_api_events.d/conf.yaml - subPath: kubernetes_api_events_conf - - name: config-override-volume - mountPath: /etc/stackstate-agent/conf.d/kubernetes_api_topology.d/conf.yaml - subPath: kubernetes_api_topology_conf - readOnly: true - {{- if .Values.clusterAgent.collection.kubeStateMetrics.enabled }} - - name: config-override-volume - mountPath: /etc/stackstate-agent/conf.d/kubernetes_state_core.d/conf.yaml - subPath: kube_state_metrics_core_conf - readOnly: true - {{- end }} - {{- if .Values.clusterAgent.config.override }} - {{- range .Values.clusterAgent.config.override }} - - name: config-override-volume - mountPath: {{ .path }}/{{ .name }} - subPath: {{ .path | replace "/" "_"}}_{{ .name }} - readOnly: true - {{- end }} - {{- end }} - nodeSelector: - {{ template "label.os" . }}: {{ .Values.targetSystem }} - {{- with .Values.clusterAgent.nodeSelector }} - {{- toYaml . | nindent 8 }} - {{- end }} - {{- with .Values.clusterAgent.affinity }} - affinity: - {{- toYaml . | nindent 8 }} - {{- end }} - {{- with .Values.clusterAgent.tolerations }} - tolerations: - {{- toYaml . | nindent 8 }} - {{- end }} - volumes: - - name: logs - emptyDir: {} - - name: config-override-volume - configMap: - name: {{ .Release.Name }}-cluster-agent diff --git a/charts/stackstate/stackstate-k8s-agent/1.0.90/templates/cluster-agent-poddisruptionbudget.yaml b/charts/stackstate/stackstate-k8s-agent/1.0.90/templates/cluster-agent-poddisruptionbudget.yaml deleted file mode 100644 index 64a265b7d..000000000 --- a/charts/stackstate/stackstate-k8s-agent/1.0.90/templates/cluster-agent-poddisruptionbudget.yaml +++ /dev/null @@ -1,21 +0,0 @@ -{{- if .Capabilities.APIVersions.Has "policy/v1/PodDisruptionBudget" }} -apiVersion: policy/v1 -{{- else }} -apiVersion: policy/v1beta1 -{{- end }} -kind: PodDisruptionBudget -metadata: - name: {{ include "stackstate-k8s-agent.fullname" . }} - labels: -{{ include "stackstate-k8s-agent.labels" . | indent 4 }} -{{ include "stackstate-k8s-agent.global.extraLabels" . | indent 4 }} - app.kubernetes.io/component: cluster-agent - annotations: -{{ include "stackstate-k8s-agent.global.extraAnnotations" . | indent 4 }} -spec: - maxUnavailable: 1 - selector: - matchLabels: - app.kubernetes.io/component: cluster-agent - app.kubernetes.io/instance: {{ .Release.Name }} - app.kubernetes.io/name: {{ include "stackstate-k8s-agent.name" . }} diff --git a/charts/stackstate/stackstate-k8s-agent/1.0.90/templates/cluster-agent-role.yaml b/charts/stackstate/stackstate-k8s-agent/1.0.90/templates/cluster-agent-role.yaml deleted file mode 100644 index eabc5bde3..000000000 --- a/charts/stackstate/stackstate-k8s-agent/1.0.90/templates/cluster-agent-role.yaml +++ /dev/null @@ -1,21 +0,0 @@ -{{- $kubeRes := .Values.clusterAgent.collection.kubernetesResources }} -apiVersion: rbac.authorization.k8s.io/v1 -kind: Role -metadata: - name: {{ include "stackstate-k8s-agent.fullname" . }} - labels: -{{ include "stackstate-k8s-agent.labels" . | indent 4 }} -{{ include "stackstate-k8s-agent.global.extraLabels" . | indent 4 }} - app.kubernetes.io/component: cluster-agent - annotations: -{{ include "stackstate-k8s-agent.global.extraAnnotations" . | indent 4 }} -rules: -- apiGroups: - - "" - resources: - - configmaps - verbs: - - create - - get - - patch - - update diff --git a/charts/stackstate/stackstate-k8s-agent/1.0.90/templates/cluster-agent-rolebinding.yaml b/charts/stackstate/stackstate-k8s-agent/1.0.90/templates/cluster-agent-rolebinding.yaml deleted file mode 100644 index adabad45e..000000000 --- a/charts/stackstate/stackstate-k8s-agent/1.0.90/templates/cluster-agent-rolebinding.yaml +++ /dev/null @@ -1,18 +0,0 @@ -apiVersion: rbac.authorization.k8s.io/v1 -kind: RoleBinding -metadata: - name: {{ include "stackstate-k8s-agent.fullname" . }} - labels: -{{ include "stackstate-k8s-agent.labels" . | indent 4 }} -{{ include "stackstate-k8s-agent.global.extraLabels" . | indent 4 }} - app.kubernetes.io/component: cluster-agent - annotations: -{{ include "stackstate-k8s-agent.global.extraAnnotations" . | indent 4 }} -roleRef: - apiGroup: rbac.authorization.k8s.io - kind: Role - name: {{ include "stackstate-k8s-agent.fullname" . }} -subjects: -- apiGroup: "" - kind: ServiceAccount - name: {{ include "stackstate-k8s-agent.fullname" . }} diff --git a/charts/stackstate/stackstate-k8s-agent/1.0.90/templates/cluster-agent-service.yaml b/charts/stackstate/stackstate-k8s-agent/1.0.90/templates/cluster-agent-service.yaml deleted file mode 100644 index 8b687e8f7..000000000 --- a/charts/stackstate/stackstate-k8s-agent/1.0.90/templates/cluster-agent-service.yaml +++ /dev/null @@ -1,21 +0,0 @@ -apiVersion: v1 -kind: Service -metadata: - name: {{ .Release.Name }}-cluster-agent - namespace: {{ .Release.Namespace }} - labels: -{{ include "stackstate-k8s-agent.labels" . | indent 4 }} -{{ include "stackstate-k8s-agent.global.extraLabels" . | indent 4 }} - app.kubernetes.io/component: cluster-agent - annotations: -{{ include "stackstate-k8s-agent.global.extraAnnotations" . | indent 4 }} -spec: - ports: - - name: clusteragent - port: {{int .Values.clusterAgent.service.port }} - protocol: TCP - targetPort: {{int .Values.clusterAgent.service.targetPort }} - selector: - app.kubernetes.io/component: cluster-agent - app.kubernetes.io/instance: {{ .Release.Name }} - app.kubernetes.io/name: {{ include "stackstate-k8s-agent.name" . }} diff --git a/charts/stackstate/stackstate-k8s-agent/1.0.90/templates/cluster-agent-serviceaccount.yaml b/charts/stackstate/stackstate-k8s-agent/1.0.90/templates/cluster-agent-serviceaccount.yaml deleted file mode 100644 index 6cbc89699..000000000 --- a/charts/stackstate/stackstate-k8s-agent/1.0.90/templates/cluster-agent-serviceaccount.yaml +++ /dev/null @@ -1,14 +0,0 @@ -apiVersion: v1 -kind: ServiceAccount -metadata: - name: {{ include "stackstate-k8s-agent.fullname" . }} - namespace: {{ .Release.Namespace }} - labels: -{{ include "stackstate-k8s-agent.labels" . | indent 4 }} -{{ include "stackstate-k8s-agent.global.extraLabels" . | indent 4 }} - app.kubernetes.io/component: cluster-agent - annotations: -{{ include "stackstate-k8s-agent.global.extraAnnotations" . | indent 4 }} -{{- with .Values.clusterAgent.serviceaccount.annotations }} - {{- toYaml . | nindent 4 }} -{{- end }} diff --git a/charts/stackstate/stackstate-k8s-agent/1.0.90/templates/logs-agent-clusterrole.yaml b/charts/stackstate/stackstate-k8s-agent/1.0.90/templates/logs-agent-clusterrole.yaml deleted file mode 100644 index da6cd59dd..000000000 --- a/charts/stackstate/stackstate-k8s-agent/1.0.90/templates/logs-agent-clusterrole.yaml +++ /dev/null @@ -1,23 +0,0 @@ -{{- if .Values.logsAgent.enabled }} -apiVersion: rbac.authorization.k8s.io/v1 -kind: ClusterRole -metadata: - name: {{ .Release.Name }}-logs-agent - labels: -{{ include "stackstate-k8s-agent.labels" . | indent 4 }} -{{ include "stackstate-k8s-agent.global.extraLabels" . | indent 4 }} - app.kubernetes.io/component: logs-agent - annotations: -{{ include "stackstate-k8s-agent.global.extraAnnotations" . | indent 4 }} -rules: -- apiGroups: # Kubelet connectivity - - "" - resources: - - nodes - - services - - pods - verbs: - - get - - watch - - list -{{- end -}} diff --git a/charts/stackstate/stackstate-k8s-agent/1.0.90/templates/logs-agent-clusterrolebinding.yaml b/charts/stackstate/stackstate-k8s-agent/1.0.90/templates/logs-agent-clusterrolebinding.yaml deleted file mode 100644 index 1f6e7cfcf..000000000 --- a/charts/stackstate/stackstate-k8s-agent/1.0.90/templates/logs-agent-clusterrolebinding.yaml +++ /dev/null @@ -1,21 +0,0 @@ -{{- if .Values.logsAgent.enabled }} -apiVersion: rbac.authorization.k8s.io/v1 -kind: ClusterRoleBinding -metadata: - name: {{ .Release.Name }}-logs-agent - labels: -{{ include "stackstate-k8s-agent.labels" . | indent 4 }} -{{ include "stackstate-k8s-agent.global.extraLabels" . | indent 4 }} - app.kubernetes.io/component: logs-agent - annotations: -{{ include "stackstate-k8s-agent.global.extraAnnotations" . | indent 4 }} -roleRef: - apiGroup: rbac.authorization.k8s.io - kind: ClusterRole - name: {{ .Release.Name }}-logs-agent -subjects: -- apiGroup: "" - kind: ServiceAccount - name: {{ .Release.Name }}-logs-agent - namespace: {{ .Release.Namespace }} -{{- end -}} diff --git a/charts/stackstate/stackstate-k8s-agent/1.0.90/templates/logs-agent-configmap.yaml b/charts/stackstate/stackstate-k8s-agent/1.0.90/templates/logs-agent-configmap.yaml deleted file mode 100644 index ff9440a4b..000000000 --- a/charts/stackstate/stackstate-k8s-agent/1.0.90/templates/logs-agent-configmap.yaml +++ /dev/null @@ -1,63 +0,0 @@ -{{- if .Values.logsAgent.enabled }} -apiVersion: v1 -kind: ConfigMap -metadata: - name: {{ .Release.Name }}-logs-agent - labels: -{{ include "stackstate-k8s-agent.labels" . | indent 4 }} -{{ include "stackstate-k8s-agent.global.extraLabels" . | indent 4 }} - app.kubernetes.io/component: logs-agent - annotations: -{{ include "stackstate-k8s-agent.global.extraAnnotations" . | indent 4 }} -data: - promtail.yaml: | - server: - http_listen_port: 9080 - grpc_listen_port: 0 - - clients: - - url: {{ tpl .Values.stackstate.url . }}/logs/k8s?api_key=${STS_API_KEY} - external_labels: - sts_cluster_name: {{ .Values.stackstate.cluster.name | quote }} - {{- if .Values.global.proxy.url }} - proxy_url: {{ .Values.global.proxy.url | quote }} - {{- end }} - tls_config: - insecure_skip_verify: {{ or .Values.global.skipSslValidation .Values.logsAgent.skipSslValidation }} - - - positions: - filename: /tmp/positions.yaml - target_config: - sync_period: 10s - scrape_configs: - - job_name: pod-logs - kubernetes_sd_configs: - - role: pod - pipeline_stages: - - docker: {} - - cri: {} - relabel_configs: - - action: replace - source_labels: - - __meta_kubernetes_pod_name - target_label: pod_name - - action: replace - source_labels: - - __meta_kubernetes_pod_uid - target_label: pod_uid - - action: replace - source_labels: - - __meta_kubernetes_pod_container_name - target_label: container_name - # The __path__ is required by the promtail client - - replacement: /var/log/pods/*$1/*.log - separator: / - source_labels: - - __meta_kubernetes_pod_uid - - __meta_kubernetes_pod_container_name - target_label: __path__ - # Drop all remaining labels, we do not need those - - action: drop - regex: __meta_(.*) -{{- end -}} diff --git a/charts/stackstate/stackstate-k8s-agent/1.0.90/templates/logs-agent-daemonset.yaml b/charts/stackstate/stackstate-k8s-agent/1.0.90/templates/logs-agent-daemonset.yaml deleted file mode 100644 index 23cfce31f..000000000 --- a/charts/stackstate/stackstate-k8s-agent/1.0.90/templates/logs-agent-daemonset.yaml +++ /dev/null @@ -1,91 +0,0 @@ -{{- if .Values.logsAgent.enabled }} -apiVersion: apps/v1 -kind: DaemonSet -metadata: - name: {{ .Release.Name }}-logs-agent - namespace: {{ .Release.Namespace }} - labels: -{{ include "stackstate-k8s-agent.labels" . | indent 4 }} -{{ include "stackstate-k8s-agent.global.extraLabels" . | indent 4 }} - app.kubernetes.io/component: logs-agent - annotations: -{{ include "stackstate-k8s-agent.global.extraAnnotations" . | indent 4 }} -spec: - selector: - matchLabels: - app.kubernetes.io/component: logs-agent - app.kubernetes.io/instance: {{ .Release.Name }} - app.kubernetes.io/name: {{ include "stackstate-k8s-agent.name" . }} -{{- with .Values.logsAgent.updateStrategy }} - updateStrategy: - {{- toYaml . | nindent 4 }} -{{- end }} - template: - metadata: - annotations: - {{- include "stackstate-k8s-agent.checksum-configs" . | nindent 8 }} - {{- include "stackstate-k8s-agent.logsAgent.configmap.override.checksum" . | nindent 8 }} -{{ include "stackstate-k8s-agent.global.extraAnnotations" . | indent 8 }} - labels: - app.kubernetes.io/component: logs-agent - app.kubernetes.io/instance: {{ .Release.Name }} - app.kubernetes.io/name: {{ include "stackstate-k8s-agent.name" . }} -{{ include "stackstate-k8s-agent.global.extraLabels" . | indent 8 }} - spec: - {{- include "stackstate-k8s-agent.image.pullSecrets" (dict "images" (list .Values.logsAgent.image .Values.all.image) "context" $) | nindent 6 }} - containers: - - name: logs-agent - image: "{{ include "stackstate-k8s-agent.imageRegistry" . }}/{{ .Values.logsAgent.image.repository }}:{{ .Values.logsAgent.image.tag }}" - args: - - -config.expand-env=true - - -config.file=/etc/promtail/promtail.yaml - imagePullPolicy: "{{ .Values.logsAgent.image.pullPolicy }}" - env: - {{ include "stackstate-k8s-agent.apiKeyEnv" . | nindent 10 }} - - name: "HOSTNAME" # needed when using kubernetes_sd_configs - valueFrom: - fieldRef: - fieldPath: "spec.nodeName" - securityContext: - privileged: false - {{- with .Values.logsAgent.resources }} - resources: - {{- toYaml . | nindent 12 }} - {{- end }} - volumeMounts: - - name: logs - mountPath: /var/log - readOnly: true - - name: logs-agent-config - mountPath: /etc/promtail - readOnly: true - - name: varlibdockercontainers - mountPath: /var/lib/docker/containers - readOnly: true - {{- if .Values.logsAgent.priorityClassName }} - priorityClassName: {{ .Values.logsAgent.priorityClassName }} - {{- end }} - serviceAccountName: {{ .Release.Name }}-logs-agent - {{- with .Values.logsAgent.nodeSelector }} - nodeSelector: - {{- toYaml . | nindent 8 }} - {{- end }} - {{- with .Values.logsAgent.affinity }} - affinity: - {{- toYaml . | nindent 8 }} - {{- end }} - {{- with .Values.logsAgent.tolerations }} - tolerations: - {{- toYaml . | nindent 8 }} - {{- end }} - volumes: - - name: logs - hostPath: - path: /var/log - - name: varlibdockercontainers - hostPath: - path: /var/lib/docker/containers - - name: logs-agent-config - configMap: - name: {{ .Release.Name }}-logs-agent -{{- end -}} diff --git a/charts/stackstate/stackstate-k8s-agent/1.0.90/templates/logs-agent-serviceaccount.yaml b/charts/stackstate/stackstate-k8s-agent/1.0.90/templates/logs-agent-serviceaccount.yaml deleted file mode 100644 index 91cfdb137..000000000 --- a/charts/stackstate/stackstate-k8s-agent/1.0.90/templates/logs-agent-serviceaccount.yaml +++ /dev/null @@ -1,16 +0,0 @@ -{{- if .Values.logsAgent.enabled }} -apiVersion: v1 -kind: ServiceAccount -metadata: - name: {{ .Release.Name }}-logs-agent - namespace: {{ .Release.Namespace }} - labels: -{{ include "stackstate-k8s-agent.labels" . | indent 4 }} -{{ include "stackstate-k8s-agent.global.extraLabels" . | indent 4 }} - app.kubernetes.io/component: logs-agent - annotations: -{{ include "stackstate-k8s-agent.global.extraAnnotations" . | indent 4 }} -{{- with .Values.logsAgent.serviceaccount.annotations }} - {{- toYaml . | nindent 4 }} -{{- end }} -{{- end -}} diff --git a/charts/stackstate/stackstate-k8s-agent/1.0.90/templates/node-agent-clusterrole.yaml b/charts/stackstate/stackstate-k8s-agent/1.0.90/templates/node-agent-clusterrole.yaml deleted file mode 100644 index 1ded16cc2..000000000 --- a/charts/stackstate/stackstate-k8s-agent/1.0.90/templates/node-agent-clusterrole.yaml +++ /dev/null @@ -1,21 +0,0 @@ -apiVersion: rbac.authorization.k8s.io/v1 -kind: ClusterRole -metadata: - name: {{ .Release.Name }}-node-agent - labels: -{{ include "stackstate-k8s-agent.labels" . | indent 4 }} -{{ include "stackstate-k8s-agent.global.extraLabels" . | indent 4 }} - app.kubernetes.io/component: node-agent - annotations: -{{ include "stackstate-k8s-agent.global.extraAnnotations" . | indent 4 }} -rules: -- apiGroups: # Kubelet connectivity - - "" - resources: - - nodes/metrics - - nodes/proxy - - nodes/spec - - endpoints - verbs: - - get - - list diff --git a/charts/stackstate/stackstate-k8s-agent/1.0.90/templates/node-agent-clusterrolebinding.yaml b/charts/stackstate/stackstate-k8s-agent/1.0.90/templates/node-agent-clusterrolebinding.yaml deleted file mode 100644 index b3f033ebb..000000000 --- a/charts/stackstate/stackstate-k8s-agent/1.0.90/templates/node-agent-clusterrolebinding.yaml +++ /dev/null @@ -1,19 +0,0 @@ -apiVersion: rbac.authorization.k8s.io/v1 -kind: ClusterRoleBinding -metadata: - name: {{ .Release.Name }}-node-agent - labels: -{{ include "stackstate-k8s-agent.labels" . | indent 4 }} -{{ include "stackstate-k8s-agent.global.extraLabels" . | indent 4 }} - app.kubernetes.io/component: node-agent - annotations: -{{ include "stackstate-k8s-agent.global.extraAnnotations" . | indent 4 }} -roleRef: - apiGroup: rbac.authorization.k8s.io - kind: ClusterRole - name: {{ .Release.Name }}-node-agent -subjects: -- apiGroup: "" - kind: ServiceAccount - name: {{ .Release.Name }}-node-agent - namespace: {{ .Release.Namespace }} diff --git a/charts/stackstate/stackstate-k8s-agent/1.0.90/templates/node-agent-configmap.yaml b/charts/stackstate/stackstate-k8s-agent/1.0.90/templates/node-agent-configmap.yaml deleted file mode 100644 index 8f6b2ed3a..000000000 --- a/charts/stackstate/stackstate-k8s-agent/1.0.90/templates/node-agent-configmap.yaml +++ /dev/null @@ -1,17 +0,0 @@ -{{- if .Values.nodeAgent.config.override }} -apiVersion: v1 -kind: ConfigMap -metadata: - name: {{ .Release.Name }}-node-agent - labels: -{{ include "stackstate-k8s-agent.labels" . | indent 4 }} -{{ include "stackstate-k8s-agent.global.extraLabels" . | indent 4 }} - app.kubernetes.io/component: node-agent - annotations: -{{ include "stackstate-k8s-agent.global.extraAnnotations" . | indent 4 }} -data: -{{- range .Values.nodeAgent.config.override }} - {{ .path | replace "/" "_"}}_{{ .name }}: | -{{ .data | indent 4 -}} -{{- end -}} -{{- end -}} diff --git a/charts/stackstate/stackstate-k8s-agent/1.0.90/templates/node-agent-daemonset.yaml b/charts/stackstate/stackstate-k8s-agent/1.0.90/templates/node-agent-daemonset.yaml deleted file mode 100644 index 4c8dbdd5a..000000000 --- a/charts/stackstate/stackstate-k8s-agent/1.0.90/templates/node-agent-daemonset.yaml +++ /dev/null @@ -1,110 +0,0 @@ ---- -apiVersion: apps/v1 -kind: DaemonSet -metadata: - name: {{ .Release.Name }}-node-agent - namespace: {{ .Release.Namespace }} - labels: -{{ include "stackstate-k8s-agent.labels" . | indent 4 }} -{{ include "stackstate-k8s-agent.global.extraLabels" . | indent 4 }} - app.kubernetes.io/component: node-agent - annotations: -{{ include "stackstate-k8s-agent.global.extraAnnotations" . | indent 4 }} -spec: - selector: - matchLabels: - app.kubernetes.io/component: node-agent - app.kubernetes.io/instance: {{ .Release.Name }} - app.kubernetes.io/name: {{ include "stackstate-k8s-agent.name" . }} -{{- with .Values.nodeAgent.updateStrategy }} - updateStrategy: - {{- toYaml . | nindent 4 }} -{{- end }} - template: - metadata: - annotations: - {{- include "stackstate-k8s-agent.checksum-configs" . | nindent 8 }} - {{- include "stackstate-k8s-agent.nodeAgent.configmap.override.checksum" . | nindent 8 }} -{{ include "stackstate-k8s-agent.global.extraAnnotations" . | indent 8 }} - labels: - app.kubernetes.io/component: node-agent - app.kubernetes.io/instance: {{ .Release.Name }} - app.kubernetes.io/name: {{ include "stackstate-k8s-agent.name" . }} -{{ include "stackstate-k8s-agent.global.extraLabels" . | indent 8 }} - spec: - {{- include "stackstate-k8s-agent.image.pullSecrets" (dict "images" (list .Values.nodeAgent.containers.agent.image .Values.all.image) "context" $) | nindent 6 }} - {{- if .Values.all.hardening.enabled}} - terminationGracePeriodSeconds: 240 - {{- end }} - containers: - {{- include "container-agent" . | nindent 6 }} - {{- if .Values.nodeAgent.containers.processAgent.enabled }} - {{- include "container-process-agent" . | nindent 6 }} - {{- end }} - dnsPolicy: ClusterFirstWithHostNet - hostNetwork: true - hostPID: true - {{- if .Values.nodeAgent.priorityClassName }} - priorityClassName: {{ .Values.nodeAgent.priorityClassName }} - {{- end }} - serviceAccountName: {{ .Release.Name }}-node-agent - nodeSelector: - {{ template "label.os" . }}: {{ .Values.targetSystem }} - {{- with .Values.nodeAgent.nodeSelector }} - {{- toYaml . | nindent 8 }} - {{- end }} - {{- with .Values.nodeAgent.affinity }} - affinity: - {{- toYaml . | nindent 8 }} - {{- end }} - {{- with .Values.nodeAgent.tolerations }} - tolerations: - {{- toYaml . | nindent 8 }} - {{- end }} - volumes: - {{- if .Values.nodeAgent.containerRuntime.customSocketPath }} - - hostPath: - path: {{ .Values.nodeAgent.containerRuntime.customSocketPath }} - name: customcrisocket - {{- end }} - - hostPath: - path: /var/lib/kubelet - name: kubelet - - hostPath: - path: /var/lib/nfs - name: nfs - - hostPath: - path: /var/lib/docker/overlay2 - name: dockeroverlay2 - - hostPath: - path: /run/docker/netns - name: dockernetns - - hostPath: - path: /var/run/crio/crio.sock - name: crisocket - - hostPath: - path: /var/run/containerd/containerd.sock - name: containerdsocket - - hostPath: - path: /sys/kernel/debug - name: sys-kernel-debug - - hostPath: - path: /var/run/docker.sock - name: dockersocket - - hostPath: - path: {{ .Values.nodeAgent.containerRuntime.hostProc }} - name: procdir - - hostPath: - path: /etc - name: etcdir - - hostPath: - path: /etc/passwd - name: passwd - - hostPath: - path: /sys/fs/cgroup - name: cgroups - {{- if .Values.nodeAgent.config.override }} - - name: config-override-volume - configMap: - name: {{ .Release.Name }}-node-agent - {{- end }} diff --git a/charts/stackstate/stackstate-k8s-agent/1.0.90/templates/node-agent-podautoscaler.yaml b/charts/stackstate/stackstate-k8s-agent/1.0.90/templates/node-agent-podautoscaler.yaml deleted file mode 100644 index 38298d414..000000000 --- a/charts/stackstate/stackstate-k8s-agent/1.0.90/templates/node-agent-podautoscaler.yaml +++ /dev/null @@ -1,39 +0,0 @@ ---- -{{- if .Values.nodeAgent.autoScalingEnabled }} -apiVersion: "autoscaling.k8s.io/v1" -kind: VerticalPodAutoscaler -metadata: - name: {{ .Release.Name }}-node-agent-vpa - namespace: {{ .Release.Namespace }} - labels: -{{ include "stackstate-k8s-agent.global.extraLabels" . | indent 4 }} - annotations: -{{ include "stackstate-k8s-agent.global.extraAnnotations" . | indent 4 }} -spec: - targetRef: - apiVersion: "apps/v1" - kind: DaemonSet - name: {{ .Release.Name }}-node-agent - resourcePolicy: - containerPolicies: - - containerName: 'node-agent' - minAllowed: - cpu: {{ .Values.nodeAgent.scaling.autoscalerLimits.agent.minimum.cpu }} - memory: {{ .Values.nodeAgent.scaling.autoscalerLimits.agent.minimum.memory }} - maxAllowed: - cpu: {{ .Values.nodeAgent.scaling.autoscalerLimits.agent.maximum.cpu }} - memory: {{ .Values.nodeAgent.scaling.autoscalerLimits.agent.maximum.memory }} - controlledResources: ["cpu", "memory"] - controlledValues: RequestsAndLimits - - containerName: 'process-agent' - minAllowed: - cpu: {{ .Values.nodeAgent.scaling.autoscalerLimits.processAgent.minimum.cpu }} - memory: {{ .Values.nodeAgent.scaling.autoscalerLimits.processAgent.minimum.memory }} - maxAllowed: - cpu: {{ .Values.nodeAgent.scaling.autoscalerLimits.processAgent.maximum.cpu }} - memory: {{ .Values.nodeAgent.scaling.autoscalerLimits.processAgent.maximum.memory }} - controlledResources: ["cpu", "memory"] - controlledValues: RequestsAndLimits - updatePolicy: - updateMode: "Auto" -{{- end }} diff --git a/charts/stackstate/stackstate-k8s-agent/1.0.90/templates/node-agent-scc.yaml b/charts/stackstate/stackstate-k8s-agent/1.0.90/templates/node-agent-scc.yaml deleted file mode 100644 index a09da78c1..000000000 --- a/charts/stackstate/stackstate-k8s-agent/1.0.90/templates/node-agent-scc.yaml +++ /dev/null @@ -1,60 +0,0 @@ -{{- if .Values.nodeAgent.scc.enabled }} -allowHostDirVolumePlugin: true -# was true -allowHostIPC: true -# was true -allowHostNetwork: true -# Allow host PID for dogstatsd origin detection -allowHostPID: true -# Allow host ports for dsd / trace / logs intake -allowHostPorts: true -allowPrivilegeEscalation: true -# was true -allowPrivilegedContainer: true -# was - '*' -allowedCapabilities: [] -allowedUnsafeSysctls: -- '*' -apiVersion: security.openshift.io/v1 -defaultAddCapabilities: null -fsGroup: -# was RunAsAny - type: MustRunAs -groups: [] -kind: SecurityContextConstraints -metadata: - name: {{ .Release.Name }}-node-agent - namespace: {{ .Release.Namespace }} - labels: -{{ include "stackstate-k8s-agent.global.extraLabels" . | indent 4 }} - annotations: -{{ include "stackstate-k8s-agent.global.extraAnnotations" . | indent 4 }} -priority: null -readOnlyRootFilesystem: false -requiredDropCapabilities: null -# was RunAsAny -runAsUser: - type: MustRunAsRange -# Use the `spc_t` selinux type to access the -# docker socket + proc and cgroup stats -seLinuxContext: - type: RunAsAny - seLinuxOptions: - user: "system_u" - role: "system_r" - type: "spc_t" - level: "s0" -# was - '*' -seccompProfiles: [] -supplementalGroups: - type: RunAsAny -users: -- system:serviceaccount:{{ .Release.Namespace }}:{{ .Release.Name }}-node-agent -# Allow hostPath for docker / process metrics -volumes: - - configMap - - downwardAPI - - emptyDir - - hostPath - - secret -{{- end }} diff --git a/charts/stackstate/stackstate-k8s-agent/1.0.90/templates/node-agent-service.yaml b/charts/stackstate/stackstate-k8s-agent/1.0.90/templates/node-agent-service.yaml deleted file mode 100644 index 0b6cd6ec0..000000000 --- a/charts/stackstate/stackstate-k8s-agent/1.0.90/templates/node-agent-service.yaml +++ /dev/null @@ -1,28 +0,0 @@ -apiVersion: v1 -kind: Service -metadata: - name: {{ .Release.Name }}-node-agent - namespace: {{ .Release.Namespace }} - labels: -{{ include "stackstate-k8s-agent.labels" . | indent 4 }} -{{ include "stackstate-k8s-agent.global.extraLabels" . | indent 4 }} - app.kubernetes.io/component: node-agent - annotations: -{{ include "stackstate-k8s-agent.global.extraAnnotations" . | indent 4 }} -{{- with .Values.nodeAgent.service.annotations }} - {{- toYaml . | nindent 4 }} -{{- end }} -spec: - type: {{ .Values.nodeAgent.service.type }} -{{- if eq .Values.nodeAgent.service.type "LoadBalancer" }} - loadBalancerSourceRanges: {{ toYaml .Values.nodeAgent.service.loadBalancerSourceRanges | nindent 4}} -{{- end }} - ports: - - name: traceport - port: 8126 - protocol: TCP - targetPort: 8126 - selector: - app.kubernetes.io/component: node-agent - app.kubernetes.io/instance: {{ .Release.Name }} - app.kubernetes.io/name: {{ include "stackstate-k8s-agent.name" . }} diff --git a/charts/stackstate/stackstate-k8s-agent/1.0.90/templates/node-agent-serviceaccount.yaml b/charts/stackstate/stackstate-k8s-agent/1.0.90/templates/node-agent-serviceaccount.yaml deleted file mode 100644 index 803d184ef..000000000 --- a/charts/stackstate/stackstate-k8s-agent/1.0.90/templates/node-agent-serviceaccount.yaml +++ /dev/null @@ -1,14 +0,0 @@ -apiVersion: v1 -kind: ServiceAccount -metadata: - name: {{ .Release.Name }}-node-agent - namespace: {{ .Release.Namespace }} - labels: -{{ include "stackstate-k8s-agent.labels" . | indent 4 }} -{{ include "stackstate-k8s-agent.global.extraLabels" . | indent 4 }} - app.kubernetes.io/component: node-agent - annotations: -{{ include "stackstate-k8s-agent.global.extraAnnotations" . | indent 4 }} -{{- with .Values.nodeAgent.serviceaccount.annotations }} - {{- toYaml . | nindent 4 }} -{{- end }} diff --git a/charts/stackstate/stackstate-k8s-agent/1.0.90/templates/openshift-logging-secret.yaml b/charts/stackstate/stackstate-k8s-agent/1.0.90/templates/openshift-logging-secret.yaml deleted file mode 100644 index ed0707f1f..000000000 --- a/charts/stackstate/stackstate-k8s-agent/1.0.90/templates/openshift-logging-secret.yaml +++ /dev/null @@ -1,22 +0,0 @@ -{{- if not .Values.stackstate.manageOwnSecrets }} -{{- if .Values.openShiftLogging.installSecret }} -apiVersion: v1 -kind: Secret -metadata: - name: {{ include "stackstate-k8s-agent.fullname" . }}-logging-secret - namespace: openshift-logging - labels: -{{ include "stackstate-k8s-agent.labels" . | indent 4 }} -{{ include "stackstate-k8s-agent.global.extraLabels" . | indent 4 }} - annotations: -{{ include "stackstate-k8s-agent.global.extraAnnotations" . | indent 4 }} -type: Opaque -data: - username: {{ "apikey" | b64enc | quote }} -{{- if .Values.global.receiverApiKey }} - password: {{ .Values.global.receiverApiKey | b64enc | quote }} -{{- else }} - password: {{ .Values.stackstate.apiKey | b64enc | quote }} -{{- end }} -{{- end }} -{{- end }} diff --git a/charts/stackstate/stackstate-k8s-agent/1.0.90/templates/pull-secret.yaml b/charts/stackstate/stackstate-k8s-agent/1.0.90/templates/pull-secret.yaml deleted file mode 100644 index 916941665..000000000 --- a/charts/stackstate/stackstate-k8s-agent/1.0.90/templates/pull-secret.yaml +++ /dev/null @@ -1,39 +0,0 @@ -{{- $defaultRegistry := .Values.global.imageRegistry }} -{{- $top := . }} -{{- $registryAuthMap := dict }} - -{{- range $registry, $credentials := .Values.global.imagePullCredentials }} - {{- $registryAuthDocument := dict -}} - {{- $_ := set $registryAuthDocument "username" $credentials.username }} - {{- $_ := set $registryAuthDocument "password" $credentials.password }} - {{- $authMessage := printf "%s:%s" $registryAuthDocument.username $registryAuthDocument.password | b64enc }} - {{- $_ := set $registryAuthDocument "auth" $authMessage }} - {{- if eq $registry "default" }} - {{- $registryAuthMap := set $registryAuthMap (include "stackstate-k8s-agent.imageRegistry" $top) $registryAuthDocument }} - {{ else }} - {{- $registryAuthMap := set $registryAuthMap $registry $registryAuthDocument }} - {{- end }} -{{- end }} - -{{- if .Values.all.image.pullSecretUsername }} - {{- $registryAuthDocument := dict -}} - {{- $_ := set $registryAuthDocument "username" .Values.all.image.pullSecretUsername }} - {{- $_ := set $registryAuthDocument "password" .Values.all.image.pullSecretPassword }} - {{- $authMessage := printf "%s:%s" $registryAuthDocument.username $registryAuthDocument.password | b64enc }} - {{- $_ := set $registryAuthDocument "auth" $authMessage }} - {{- $registryAuthMap := set $registryAuthMap (include "stackstate-k8s-agent.imageRegistry" $top) $registryAuthDocument }} -{{- end }} - -{{- $dockerAuthsDocuments := dict "auths" $registryAuthMap }} - -apiVersion: v1 -kind: Secret -metadata: - name: {{ include "stackstate-k8s-agent.pull-secret.name" . }} - labels: -{{ include "stackstate-k8s-agent.global.extraLabels" . | indent 4 }} - annotations: -{{ include "stackstate-k8s-agent.global.extraAnnotations" . | indent 4 }} -data: - .dockerconfigjson: {{ $dockerAuthsDocuments | toJson | b64enc | quote }} -type: kubernetes.io/dockerconfigjson diff --git a/charts/stackstate/stackstate-k8s-agent/1.0.90/templates/secret.yaml b/charts/stackstate/stackstate-k8s-agent/1.0.90/templates/secret.yaml deleted file mode 100644 index 5e0f5f74c..000000000 --- a/charts/stackstate/stackstate-k8s-agent/1.0.90/templates/secret.yaml +++ /dev/null @@ -1,27 +0,0 @@ -{{- if not .Values.stackstate.manageOwnSecrets }} -apiVersion: v1 -kind: Secret -metadata: - name: {{ include "stackstate-k8s-agent.fullname" . }} - namespace: {{ .Release.Namespace }} - labels: -{{ include "stackstate-k8s-agent.labels" . | indent 4 }} -{{ include "stackstate-k8s-agent.global.extraLabels" . | indent 4 }} - annotations: -{{ include "stackstate-k8s-agent.global.extraAnnotations" . | indent 4 }} -type: Opaque -data: -{{- if .Values.global.receiverApiKey }} - sts-api-key: {{ .Values.global.receiverApiKey | b64enc | quote }} -{{- else }} - sts-api-key: {{ .Values.stackstate.apiKey | b64enc | quote }} -{{- end }} -{{- if .Values.stackstate.cluster.authToken }} - sts-cluster-auth-token: {{ .Values.stackstate.cluster.authToken | b64enc | quote }} -{{- else }} - sts-cluster-auth-token: {{ randAlphaNum 32 | b64enc | quote }} -{{- end }} -{{- range $key, $value := .Values.global.extraEnv.secret }} - {{ $key }}: {{ $value | b64enc | quote }} -{{- end }} -{{- end }} diff --git a/charts/stackstate/stackstate-k8s-agent/1.0.90/test/clusteragent_resources_test.go b/charts/stackstate/stackstate-k8s-agent/1.0.90/test/clusteragent_resources_test.go deleted file mode 100644 index 25875e871..000000000 --- a/charts/stackstate/stackstate-k8s-agent/1.0.90/test/clusteragent_resources_test.go +++ /dev/null @@ -1,145 +0,0 @@ -package test - -import ( - "regexp" - "strings" - "testing" - - v1 "k8s.io/api/rbac/v1" - - "github.com/stretchr/testify/assert" - "gitlab.com/StackVista/DevOps/helm-charts/helmtestutil" -) - -var requiredRules = []string{ - "events+get,list,watch", - "nodes+get,list,watch", - "pods+get,list,watch", - "services+get,list,watch", - "configmaps+create,get,patch,update", -} - -var optionalRules = []string{ - "namespaces+get,list,watch", - "componentstatuses+get,list,watch", - "configmaps+list,watch", // get is already required - "endpoints+get,list,watch", - "persistentvolumeclaims+get,list,watch", - "persistentvolumes+get,list,watch", - "secrets+get,list,watch", - "apps/daemonsets+get,list,watch", - "apps/deployments+get,list,watch", - "apps/replicasets+get,list,watch", - "apps/statefulsets+get,list,watch", - "extensions/ingresses+get,list,watch", - "batch/cronjobs+get,list,watch", - "batch/jobs+get,list,watch", -} - -var roleDescriptionRegexp = regexp.MustCompile(`^((?P\w+)/)?(?P\w+)\+(?P[\w,]+)`) - -type Rule struct { - Group string - ResourceName string - Verb string -} - -func assertRuleExistence(t *testing.T, rules []v1.PolicyRule, roleDescription string, shouldBePresent bool) { - match := roleDescriptionRegexp.FindStringSubmatch(roleDescription) - assert.NotNil(t, match) - - var roleRules []Rule - for _, rule := range rules { - for _, group := range rule.APIGroups { - for _, resource := range rule.Resources { - for _, verb := range rule.Verbs { - roleRules = append(roleRules, Rule{group, resource, verb}) - } - } - } - } - - resGroup := match[roleDescriptionRegexp.SubexpIndex("group")] - resName := match[roleDescriptionRegexp.SubexpIndex("name")] - verbs := strings.Split(match[roleDescriptionRegexp.SubexpIndex("verbs")], ",") - - for _, verb := range verbs { - requiredRule := Rule{resGroup, resName, verb} - found := false - for _, rule := range roleRules { - if rule == requiredRule { - found = true - break - } - } - if shouldBePresent { - assert.Truef(t, found, "Rule %v has not been found", requiredRule) - } else { - assert.Falsef(t, found, "Rule %v should not be present", requiredRule) - } - } -} - -func TestAllResourcesAreEnabled(t *testing.T) { - output := helmtestutil.RenderHelmTemplate(t, "stackstate-k8s-agent", "values/minimal.yaml") - resources := helmtestutil.NewKubernetesResources(t, output) - - assert.Contains(t, resources.ClusterRoles, "stackstate-k8s-agent") - assert.Contains(t, resources.Roles, "stackstate-k8s-agent") - rules := resources.ClusterRoles["stackstate-k8s-agent"].Rules - rules = append(rules, resources.Roles["stackstate-k8s-agent"].Rules...) - - for _, requiredRole := range requiredRules { - assertRuleExistence(t, rules, requiredRole, true) - } - // be default, everything is enabled, so all the optional roles should be present as well - for _, optionalRule := range optionalRules { - assertRuleExistence(t, rules, optionalRule, true) - } -} - -func TestMostOfResourcesAreDisabled(t *testing.T) { - output := helmtestutil.RenderHelmTemplate(t, "stackstate-k8s-agent", "values/minimal.yaml", "values/disable-all-resource.yaml") - resources := helmtestutil.NewKubernetesResources(t, output) - - assert.Contains(t, resources.ClusterRoles, "stackstate-k8s-agent") - assert.Contains(t, resources.Roles, "stackstate-k8s-agent") - rules := resources.ClusterRoles["stackstate-k8s-agent"].Rules - rules = append(rules, resources.Roles["stackstate-k8s-agent"].Rules...) - - for _, requiredRole := range requiredRules { - assertRuleExistence(t, rules, requiredRole, true) - } - - // we expect all optional resources to be removed from ClusterRole with the given values - for _, optionalRule := range optionalRules { - assertRuleExistence(t, rules, optionalRule, false) - } -} - -func TestNoClusterWideModificationRights(t *testing.T) { - output := helmtestutil.RenderHelmTemplate(t, "stackstate-k8s-agent", "values/minimal.yaml", "values/http-header-injector.yaml") - resources := helmtestutil.NewKubernetesResources(t, output) - assert.Contains(t, resources.ClusterRoles, "stackstate-k8s-agent") - illegalVerbs := []string{"create", "patch", "update", "delete"} - - for _, clusterRole := range resources.ClusterRoles { - for _, rule := range clusterRole.Rules { - for _, verb := range rule.Verbs { - assert.NotContains(t, illegalVerbs, verb, "ClusterRole %s should not have %s verb for %s resource", clusterRole.Name, verb, rule.Resources) - } - } - } -} - -func TestServicePortChange(t *testing.T) { - output := helmtestutil.RenderHelmTemplate(t, "stackstate-k8s-agent", "values/minimal.yaml", "values/clustercheck_service_port_override.yaml") - resources := helmtestutil.NewKubernetesResources(t, output) - - cluster_agent_service := resources.Services["stackstate-k8s-agent-cluster-agent"] - - port := cluster_agent_service.Spec.Ports[0] - assert.Equal(t, port.Name, "clusteragent") - assert.Equal(t, port.Port, int32(8008)) - assert.Equal(t, port.TargetPort.IntVal, int32(9009)) -} diff --git a/charts/stackstate/stackstate-k8s-agent/1.0.90/test/clustername_test.go b/charts/stackstate/stackstate-k8s-agent/1.0.90/test/clustername_test.go deleted file mode 100644 index 55090b995..000000000 --- a/charts/stackstate/stackstate-k8s-agent/1.0.90/test/clustername_test.go +++ /dev/null @@ -1,54 +0,0 @@ -package test - -import ( - "testing" - - "github.com/gruntwork-io/terratest/modules/helm" - "github.com/stretchr/testify/assert" - - "gitlab.com/StackVista/DevOps/helm-charts/helmtestutil" -) - -func TestHelmBasicRender(t *testing.T) { - output := helmtestutil.RenderHelmTemplate(t, "stackstate-k8s-agent", "values/minimal.yaml") - - // Parse all resources into their corresponding types for validation and further inspection - helmtestutil.NewKubernetesResources(t, output) -} - -func TestClusterNameValidation(t *testing.T) { - testCases := []struct { - Name string - ClusterName string - IsValid bool - }{ - {"not allowed end with special character [.]", "name.", false}, - {"not allowed end with special character [-]", "name.", false}, - {"not allowed start with special character [-]", "-name", false}, - {"not allowed start with special character [.]", ".name", false}, - {"upper case is not allowed", "Euwest1-prod.cool-company.com", false}, - {"upper case is not allowed", "euwest1-PROD.cool-company.com", false}, - {"upper case is not allowed", "euwest1-prod.cool-company.coM", false}, - {"dots and dashes are allowed in the middle", "euwest1-prod.cool-company.com", true}, - {"underscore is not allowed", "why_7", false}, - } - - for _, testCase := range testCases { - t.Run(testCase.Name, func(t *testing.T) { - output, err := helmtestutil.RenderHelmTemplateOpts( - t, "cluster-agent", - &helm.Options{ - ValuesFiles: []string{"values/minimal.yaml"}, - SetStrValues: map[string]string{ - "stackstate.cluster.name": testCase.ClusterName, - }, - }) - if testCase.IsValid { - assert.Nil(t, err) - } else { - assert.NotNil(t, err) - assert.Contains(t, output, "stackstate.cluster.name: Does not match pattern") - } - }) - } -} diff --git a/charts/stackstate/stackstate-k8s-agent/1.0.90/test/values/clustercheck_ksm_custom_url.yaml b/charts/stackstate/stackstate-k8s-agent/1.0.90/test/values/clustercheck_ksm_custom_url.yaml deleted file mode 100644 index 57b973eed..000000000 --- a/charts/stackstate/stackstate-k8s-agent/1.0.90/test/values/clustercheck_ksm_custom_url.yaml +++ /dev/null @@ -1,7 +0,0 @@ -checksAgent: - enabled: true - kubeStateMetrics: - url: http://my-custom-ksm-url.monitoring.svc.local:8080/metrics -dependencies: - kubeStateMetrics: - enabled: true diff --git a/charts/stackstate/stackstate-k8s-agent/1.0.90/test/values/clustercheck_ksm_no_override.yaml b/charts/stackstate/stackstate-k8s-agent/1.0.90/test/values/clustercheck_ksm_no_override.yaml deleted file mode 100644 index b6c817d47..000000000 --- a/charts/stackstate/stackstate-k8s-agent/1.0.90/test/values/clustercheck_ksm_no_override.yaml +++ /dev/null @@ -1,5 +0,0 @@ -checksAgent: - enabled: true -dependencies: - kubeStateMetrics: - enabled: true diff --git a/charts/stackstate/stackstate-k8s-agent/1.0.90/test/values/clustercheck_ksm_override.yaml b/charts/stackstate/stackstate-k8s-agent/1.0.90/test/values/clustercheck_ksm_override.yaml deleted file mode 100644 index 9ca201345..000000000 --- a/charts/stackstate/stackstate-k8s-agent/1.0.90/test/values/clustercheck_ksm_override.yaml +++ /dev/null @@ -1,26 +0,0 @@ -checksAgent: - enabled: true -dependencies: - kubeStateMetrics: - enabled: true -agent: - config: - override: -# agent.config.override -- Disables kubernetes_state check on regular agent pods. - - name: auto_conf.yaml - path: /etc/stackstate-agent/conf.d/kubernetes_state.d - data: | -clusterAgent: - config: - override: -# clusterAgent.config.override -- Defines kubernetes_state check for clusterchecks agents. Auto-discovery -# with ad_identifiers does not work here. Use a specific URL instead. - - name: conf.yaml - path: /etc/stackstate-agent/conf.d/kubernetes_state.d - data: | - cluster_check: true - - init_config: - - instances: - - kube_state_url: http://YOUR_KUBE_STATE_METRICS_SERVICE_NAME:8080/metrics diff --git a/charts/stackstate/stackstate-k8s-agent/1.0.90/test/values/clustercheck_no_ksm_custom_url.yaml b/charts/stackstate/stackstate-k8s-agent/1.0.90/test/values/clustercheck_no_ksm_custom_url.yaml deleted file mode 100644 index a62691878..000000000 --- a/charts/stackstate/stackstate-k8s-agent/1.0.90/test/values/clustercheck_no_ksm_custom_url.yaml +++ /dev/null @@ -1,7 +0,0 @@ -checksAgent: - enabled: true - kubeStateMetrics: - url: http://my-custom-ksm-url.monitoring.svc.local:8080/metrics -dependencies: - kubeStateMetrics: - enabled: false diff --git a/charts/stackstate/stackstate-k8s-agent/1.0.90/test/values/clustercheck_service_port_override.yaml b/charts/stackstate/stackstate-k8s-agent/1.0.90/test/values/clustercheck_service_port_override.yaml deleted file mode 100644 index c01a98fcb..000000000 --- a/charts/stackstate/stackstate-k8s-agent/1.0.90/test/values/clustercheck_service_port_override.yaml +++ /dev/null @@ -1,4 +0,0 @@ -clusterAgent: - service: - port: 8008 - targetPort: 9009 diff --git a/charts/stackstate/stackstate-k8s-agent/1.0.90/test/values/disable-all-resource.yaml b/charts/stackstate/stackstate-k8s-agent/1.0.90/test/values/disable-all-resource.yaml deleted file mode 100644 index cd33e843e..000000000 --- a/charts/stackstate/stackstate-k8s-agent/1.0.90/test/values/disable-all-resource.yaml +++ /dev/null @@ -1,17 +0,0 @@ -clusterAgent: - collection: - kubernetesMetrics: false - kubernetesResources: - namespaces: false - configmaps: false - endpoints: false - persistentvolumes: false - persistentvolumeclaims: false - secrets: false - daemonsets: false - deployments: false - replicasets: false - statefulsets: false - ingresses: false - cronjobs: false - jobs: false diff --git a/charts/stackstate/stackstate-k8s-agent/1.0.90/test/values/http-header-injector.yaml b/charts/stackstate/stackstate-k8s-agent/1.0.90/test/values/http-header-injector.yaml deleted file mode 100644 index c9392ce2d..000000000 --- a/charts/stackstate/stackstate-k8s-agent/1.0.90/test/values/http-header-injector.yaml +++ /dev/null @@ -1,8 +0,0 @@ -httpHeaderInjectorWebhook: - webhook: - tls: - mode: "provided" - provided: - caBundle: insert-ca-here - crt: insert-cert-here - key: insert-key-here diff --git a/charts/stackstate/stackstate-k8s-agent/1.0.90/test/values/minimal.yaml b/charts/stackstate/stackstate-k8s-agent/1.0.90/test/values/minimal.yaml deleted file mode 100644 index b310c9a09..000000000 --- a/charts/stackstate/stackstate-k8s-agent/1.0.90/test/values/minimal.yaml +++ /dev/null @@ -1,7 +0,0 @@ -stackstate: - apiKey: foobar - cluster: - name: some-k8s-cluster - token: some-token - - url: https://stackstate:7000/receiver diff --git a/charts/stackstate/stackstate-k8s-agent/1.0.90/values.schema.json b/charts/stackstate/stackstate-k8s-agent/1.0.90/values.schema.json deleted file mode 100644 index 57d36a9f3..000000000 --- a/charts/stackstate/stackstate-k8s-agent/1.0.90/values.schema.json +++ /dev/null @@ -1,78 +0,0 @@ -{ - "$schema": "https://json-schema.org/draft/2019-09/schema", - "$id": "https://stackstate.io/example.json", - "type": "object", - "default": {}, - "title": "StackState Agent Helm chart values", - "required": [ - "stackstate", - "clusterAgent" - ], - "properties": { - "stackstate": { - "type": "object", - "required": [ - "cluster", - "url" - ], - "properties": { - "apiKey": { - "type": "string" - }, - "cluster": { - "type": "object", - "required": ["name"], - "properties": { - "name": { - "type": "string", - "pattern": "^[a-z0-9]([a-z0-9\\-\\.]*[a-z0-9])$" - }, - "authToken": { - "type": "string" - } - } - }, - "url": { - "type": "string" - } - } - }, - "clusterAgent": { - "type": "object", - "required": [ - "config" - ], - "properties": { - "config": { - "type": "object", - "required": [ - "events" - ], - "properties": { - "events": { - "type": "object", - "properties": { - "categories": { - "type": "object", - "patternProperties": { - ".*": { - "type": [ - "string" - ], - "enum": [ - "Alerts", - "Activities", - "Changes", - "Others" - ] - } - } - } - } - } - } - } - } - } - } -} diff --git a/charts/stackstate/stackstate-k8s-agent/1.0.90/values.yaml b/charts/stackstate/stackstate-k8s-agent/1.0.90/values.yaml deleted file mode 100644 index a45f071db..000000000 --- a/charts/stackstate/stackstate-k8s-agent/1.0.90/values.yaml +++ /dev/null @@ -1,616 +0,0 @@ -##################### -# General variables # -##################### - -global: - extraEnv: - # global.extraEnv.open -- Extra open environment variables to inject into pods. - open: {} - # global.extraEnv.secret -- Extra secret environment variables to inject into pods via a `Secret` object. - secret: {} - # global.imagePullSecrets -- Secrets / credentials needed for container image registry. - imagePullSecrets: [] - # global.imagePullCredentials -- Globally define credentials for pulling images. - imagePullCredentials: {} - proxy: - # global.proxy.url -- Proxy for all traffic to stackstate - url: "" - # global.skipSslValidation -- Enable tls validation from client - skipSslValidation: false - - # global.extraLabels -- Extra labels added ta all resources created by the helm chart - extraLabels: {} - # global.extraAnnotations -- Extra annotations added ta all resources created by the helm chart - extraAnnotations: {} - -# nameOverride -- Override the name of the chart. -nameOverride: "" -# fullnameOverride -- Override the fullname of the chart. -fullnameOverride: "" - -# targetSystem -- Target OS for this deployment (possible values: linux) -targetSystem: "linux" - -all: - image: - # all.image.registry -- The image registry to use. - registry: "quay.io" - hardening: - # all.hardening.enabled -- An indication of whether the containers will be evaluated for hardening at runtime - enabled: false - -nodeAgent: - # nodeAgent.autoScalingEnabled -- Enable / disable autoscaling for the node agent pods. - autoScalingEnabled: false - containerRuntime: - # nodeAgent.containerRuntime.customSocketPath -- If the container socket path does not match the default for CRI-O, Containerd or Docker, supply a custom socket path. - customSocketPath: "" - # nodeAgent.containerRuntime.customHostProc -- If the container is launched from a place where /proc is mounted differently, /proc can be changed - hostProc: /proc - - scc: - # nodeAgent.scc.enabled -- Enable / disable the installation of the SecurityContextConfiguration needed for installation on OpenShift. - enabled: false - apm: - # nodeAgent.apm.enabled -- Enable / disable the nodeAgent APM module. - enabled: true - networkTracing: - # nodeAgent.networkTracing.enabled -- Enable / disable the nodeAgent network tracing module. - enabled: true - protocolInspection: - # nodeAgent.protocolInspection.enabled -- Enable / disable the nodeAgent protocol inspection. - enabled: true - httpTracing: - enabled: true - # nodeAgent.skipSslValidation -- Set to true if self signed certificates are used. - skipSslValidation: false - # nodeAgent.skipKubeletTLSVerify -- Set to true if you want to skip kubelet tls verification. - skipKubeletTLSVerify: false - - # nodeAgent.checksTagCardinality -- low, orchestrator or high. Orchestrator level adds pod_name, high adds display_container_name - checksTagCardinality: orchestrator - - # nodeAgent.config -- - config: - # nodeAgent.config.override -- A list of objects containing three keys `name`, `path` and `data`, specifying filenames at specific paths which need to be (potentially) overridden using a mounted configmap - override: [] - - # nodeAgent.priorityClassName -- Priority class for nodeAgent pods. - priorityClassName: "" - - scaling: - autoscalerLimits: - agent: - minimum: - # nodeAgent.scaling.autoscalerLimits.agent.minimum.cpu -- Minimum CPU resource limits for main agent. - cpu: "20m" - # nodeAgent.scaling.autoscalerLimits.agent.minimum.memory -- Minimum memory resource limits for main agent. - memory: "180Mi" - maximum: - # nodeAgent.scaling.autoscalerLimits.agent.maximum.cpu -- Maximum CPU resource limits for main agent. - cpu: "200m" - # nodeAgent.scaling.autoscalerLimits.agent.maximum.memory -- Maximum memory resource limits for main agent. - memory: "450Mi" - processAgent: - minimum: - # nodeAgent.scaling.autoscalerLimits.processAgent.minimum.cpu -- Minimum CPU resource limits for process agent. - cpu: "25m" - # nodeAgent.scaling.autoscalerLimits.processAgent.minimum.memory -- Minimum memory resource limits for process agent. - memory: "100Mi" - maximum: - # nodeAgent.scaling.autoscalerLimits.processAgent.maximum.cpu -- Maximum CPU resource limits for process agent. - cpu: "200m" - # nodeAgent.scaling.autoscalerLimits.processAgent.maximum.memory -- Maximum memory resource limits for process agent. - memory: "500Mi" - - containers: - agent: - image: - # nodeAgent.containers.agent.image.repository -- Base container image repository. - repository: stackstate/stackstate-k8s-agent - # nodeAgent.containers.agent.image.tag -- Default container image tag. - tag: "98a3fa1c" - # nodeAgent.containers.agent.image.pullPolicy -- Default container image pull policy. - pullPolicy: IfNotPresent - processAgent: - # nodeAgent.containers.agent.processAgent.enabled -- Enable / disable the agent process agent module. - deprecated - enabled: false - # nodeAgent.containers.agent.env -- Additional environment variables for the agent container - env: {} - # nodeAgent.containers.agent.logLevel -- Set logging verbosity, valid log levels are: trace, debug, info, warn, error, critical, and off - ## If not set, fall back to the value of agent.logLevel. - logLevel: # INFO - - resources: - limits: - # nodeAgent.containers.agent.resources.limits.cpu -- CPU resource limits. - cpu: "270m" - # nodeAgent.containers.agent.resources.limits.cpu -- Memory resource limits. - memory: "420Mi" - requests: - # nodeAgent.containers.agent.resources.requests.cpu -- CPU resource requests. - cpu: "20m" - # nodeAgent.containers.agent.resources.requests.cpu -- Memory resource requests. - memory: "180Mi" - livenessProbe: - # nodeAgent.containers.agent.livenessProbe.enabled -- Enable use of livenessProbe check. - enabled: true - # nodeAgent.containers.agent.livenessProbe.failureThreshold -- `failureThreshold` for the liveness probe. - failureThreshold: 3 - # nodeAgent.containers.agent.livenessProbe.initialDelaySeconds -- `initialDelaySeconds` for the liveness probe. - initialDelaySeconds: 15 - # nodeAgent.containers.agent.livenessProbe.periodSeconds -- `periodSeconds` for the liveness probe. - periodSeconds: 15 - # nodeAgent.containers.agent.livenessProbe.successThreshold -- `successThreshold` for the liveness probe. - successThreshold: 1 - # nodeAgent.containers.agent.livenessProbe.timeoutSeconds -- `timeoutSeconds` for the liveness probe. - timeoutSeconds: 5 - readinessProbe: - # nodeAgent.containers.agent.readinessProbe.enabled -- Enable use of readinessProbe check. - enabled: true - # nodeAgent.containers.agent.readinessProbe.failureThreshold -- `failureThreshold` for the readiness probe. - failureThreshold: 3 - # nodeAgent.containers.agent.readinessProbe.initialDelaySeconds -- `initialDelaySeconds` for the readiness probe. - initialDelaySeconds: 15 - # nodeAgent.containers.agent.readinessProbe.periodSeconds -- `periodSeconds` for the readiness probe. - periodSeconds: 15 - # nodeAgent.containers.agent.readinessProbe.successThreshold -- `successThreshold` for the readiness probe. - successThreshold: 1 - # nodeAgent.containers.agent.readinessProbe.timeoutSeconds -- `timeoutSeconds` for the readiness probe. - timeoutSeconds: 5 - - processAgent: - # nodeAgent.containers.processAgent.enabled -- Enable / disable the process agent container. - enabled: true - image: - # Override to pull the image from an alternate registry - registry: - # nodeAgent.containers.processAgent.image.repository -- Process-agent container image repository. - repository: stackstate/stackstate-k8s-process-agent - # nodeAgent.containers.processAgent.image.tag -- Default process-agent container image tag. - tag: "a0e29732" - # nodeAgent.containers.processAgent.image.pullPolicy -- Process-agent container image pull policy. - pullPolicy: IfNotPresent - # nodeAgent.containers.processAgent.env -- Additional environment variables for the process-agent container - env: {} - # nodeAgent.containers.processAgent.logLevel -- Set logging verbosity, valid log levels are: trace, debug, info, warn, error, critical, and off - ## If not set, fall back to the value of agent.logLevel. - logLevel: # INFO - - # nodeAgent.containers.processAgent.procVolumeReadOnly -- Configure whether /host/proc is read only for the process agent container - procVolumeReadOnly: true - - resources: - limits: - # nodeAgent.containers.processAgent.resources.limits.cpu -- CPU resource limits. - cpu: "125m" - # nodeAgent.containers.processAgent.resources.limits.cpu -- Memory resource limits. - memory: "400Mi" - requests: - # nodeAgent.containers.processAgent.resources.requests.cpu -- CPU resource requests. - cpu: "25m" - # nodeAgent.containers.processAgent.resources.requests.cpu -- Memory resource requests. - memory: "128Mi" - # nodeAgent.service -- The Kubernetes service for the agent - service: - # nodeAgent.service.type -- Type of Kubernetes service: ClusterIP, LoadBalancer, NodePort - type: ClusterIP - # nodeAgent.service.annotations -- Annotations for the service - annotations: {} - # nodeAgent.service.loadBalancerSourceRanges -- The IP4 CIDR allowed to reach LoadBalancer for the service. For LoadBalancer type of service only. - loadBalancerSourceRanges: ["10.0.0.0/8"] - - # nodeAgent.logLevel -- Logging level for agent processes. - logLevel: INFO - - # nodeAgent.updateStrategy -- The update strategy for the DaemonSet object. - updateStrategy: - type: RollingUpdate - rollingUpdate: - maxUnavailable: 100 - - # nodeAgent.nodeSelector -- Node labels for pod assignment. - nodeSelector: {} - - # nodeAgent.tolerations -- Toleration labels for pod assignment. - tolerations: [] - - # nodeAgent.affinity -- Affinity settings for pod assignment. - affinity: {} - - serviceaccount: - # nodeAgent.serviceaccount.annotations -- Annotations for the service account for the agent daemonset pods - annotations: {} - -processAgent: - softMemoryLimit: - # processAgent.softMemoryLimit.goMemLimit -- Soft-limit for golang heap allocation, for sanity, must be around 85% of nodeAgent.containers.processAgent.resources.limits.cpu. - goMemLimit: 340MiB - # processAgent.softMemoryLimit.httpStatsBufferSize -- Sets a maximum for the number of http stats to keep in memory between check runs, to use 40k requires around ~400Mib of memory. - httpStatsBufferSize: 40000 - # processAgent.softMemoryLimit.httpObservationsBufferSize -- Sets a maximum for the number of http observations to keep in memory between check runs, to use 40k requires around ~400Mib of memory. - httpObservationsBufferSize: 40000 - - checkIntervals: - # processAgent.checkIntervals.container -- Override the default value of the container check interval in seconds. - container: 28 - # processAgent.checkIntervals.connections -- Override the default value of the connections check interval in seconds. - connections: 30 - # processAgent.checkIntervals.process -- Override the default value of the process check interval in seconds. - process: 32 - -clusterAgent: - collection: - # clusterAgent.collection.kubernetesEvents -- Enable / disable the cluster agent events collection. - kubernetesEvents: true - # clusterAgent.collection.kubernetesMetrics -- Enable / disable the cluster agent metrics collection. - kubernetesMetrics: true - # clusterAgent.collection.kubernetesTimeout -- Default timeout (in seconds) when obtaining information from the Kubernetes API. - kubernetesTimeout: 10 - # clusterAgent.collection.kubernetesTopology -- Enable / disable the cluster agent topology collection. - kubernetesTopology: true - kubeStateMetrics: - # clusterAgent.collection.kubeStateMetrics.enabled -- Enable / disable the cluster agent kube-state-metrics collection. - enabled: true - # clusterAgent.collection.kubeStateMetrics.clusterCheck -- For large clusters where the Kubernetes State Metrics Check Core needs to be distributed on dedicated workers. - clusterCheck: false - # clusterAgent.collection.kubeStateMetrics.labelsAsTags -- Extra labels to collect from resources and to turn into StackState tag. - ## It has the following structure: - ## labelsAsTags: - ## : # can be pod, deployment, node, etc. - ## : # where is the kubernetes label and is the StackState tag - ## : - ## : - ## : - ## - ## Warning: the label must match the transformation done by kube-state-metrics, - ## for example tags.stackstate/version becomes tags_stackstate_version. - labelsAsTags: {} - # pod: - # app: app - # node: - # zone: zone - # team: team - - # clusterAgent.collection.kubeStateMetrics.annotationsAsTags -- Extra annotations to collect from resources and to turn into StackState tag. - - ## It has the following structure: - ## annotationsAsTags: - ## : # can be pod, deployment, node, etc. - ## : # where is the kubernetes annotation and is the StackState tag - ## : - ## : - ## : - ## - ## Warning: the annotation must match the transformation done by kube-state-metrics, - ## for example tags.stackstate/version becomes tags_stackstate_version. - annotationsAsTags: {} - kubernetesResources: - # clusterAgent.collection.kubernetesResources.limitranges -- Enable / disable collection of LimitRanges. - limitranges: true - # clusterAgent.collection.kubernetesResources.horizontalpodautoscalers -- Enable / disable collection of HorizontalPodAutoscalers. - horizontalpodautoscalers: true - # clusterAgent.collection.kubernetesResources.replicationcontrollers -- Enable / disable collection of ReplicationControllers. - replicationcontrollers: true - # clusterAgent.collection.kubernetesResources.poddisruptionbudgets -- Enable / disable collection of PodDisruptionBudgets. - poddisruptionbudgets: true - # clusterAgent.collection.kubernetesResources.storageclasses -- Enable / disable collection of StorageClasses. - storageclasses: true - # clusterAgent.collection.kubernetesResources.volumeattachments -- Enable / disable collection of Volume Attachments. Used to bind Nodes to Persistent Volumes. - volumeattachments: true - # clusterAgent.collection.kubernetesResources.namespaces -- Enable / disable collection of Namespaces. - namespaces: true - # clusterAgent.collection.kubernetesResources.configmaps -- Enable / disable collection of ConfigMaps. - configmaps: true - # clusterAgent.collection.kubernetesResources.endpoints -- Enable / disable collection of Endpoints. If endpoints are disabled then StackState won't be able to connect a Service to Pods that serving it - endpoints: true - # clusterAgent.collection.kubernetesResources.persistentvolumes -- Enable / disable collection of PersistentVolumes. - persistentvolumes: true - # clusterAgent.collection.kubernetesResources.persistentvolumeclaims -- Enable / disable collection of PersistentVolumeClaims. Disabling these will not let StackState connect PersistentVolumes to pods they are attached to - persistentvolumeclaims: true - # clusterAgent.collection.kubernetesResources.secrets -- Enable / disable collection of Secrets. - secrets: true - # clusterAgent.collection.kubernetesResources.daemonsets -- Enable / disable collection of DaemonSets. - daemonsets: true - # clusterAgent.collection.kubernetesResources.deployments -- Enable / disable collection of Deployments. - deployments: true - # clusterAgent.collection.kubernetesResources.replicasets -- Enable / disable collection of ReplicaSets. - replicasets: true - # clusterAgent.collection.kubernetesResources.statefulsets -- Enable / disable collection of StatefulSets. - statefulsets: true - # clusterAgent.collection.kubernetesResources.ingresses -- Enable / disable collection of Ingresses. - ingresses: true - # clusterAgent.collection.kubernetesResources.cronjobs -- Enable / disable collection of CronJobs. - cronjobs: true - # clusterAgent.collection.kubernetesResources.jobs -- Enable / disable collection of Jobs. - jobs: true - # clusterAgent.collection.kubernetesResources.resourcequotas -- Enable / disable collection of ResourceQuotas. - resourcequotas: true - - # clusterAgent.config -- - config: - events: - # clusterAgent.config.events.categories -- Custom mapping from Kubernetes event reason to StackState event category. Categories allowed: Alerts, Activities, Changes, Others - categories: {} - topology: - # clusterAgent.config.topology.collectionInterval -- Interval for running topology collection, in seconds - collectionInterval: 90 - configMap: - # clusterAgent.config.configMap.maxDataSize -- Maximum amount of characters for the data property of a ConfigMap collected by the kubernetes topology check - maxDataSize: - # clusterAgent.config.override -- A list of objects containing three keys `name`, `path` and `data`, specifying filenames at specific paths which need to be (potentially) overridden using a mounted configmap - override: [] - - service: - # clusterAgent.service.port -- Change the Cluster Agent service port - port: 5005 - # clusterAgent.service.targetPort -- Change the Cluster Agent service targetPort - targetPort: 5005 - - # clusterAgent.enabled -- Enable / disable the cluster agent. - enabled: true - - # clusterAgent.skipSslValidation -- If true, ignores the server certificate being signed by an unknown authority. - skipSslValidation: false - - image: - # clusterAgent.image.repository -- Base container image repository. - repository: stackstate/stackstate-k8s-cluster-agent - # clusterAgent.image.tag -- Default container image tag. - tag: "98a3fa1c" - # clusterAgent.image.pullPolicy -- Default container image pull policy. - pullPolicy: IfNotPresent - - livenessProbe: - # clusterAgent.livenessProbe.enabled -- Enable use of livenessProbe check. - enabled: true - # clusterAgent.livenessProbe.failureThreshold -- `failureThreshold` for the liveness probe. - failureThreshold: 3 - # clusterAgent.livenessProbe.initialDelaySeconds -- `initialDelaySeconds` for the liveness probe. - initialDelaySeconds: 15 - # clusterAgent.livenessProbe.periodSeconds -- `periodSeconds` for the liveness probe. - periodSeconds: 15 - # clusterAgent.livenessProbe.successThreshold -- `successThreshold` for the liveness probe. - successThreshold: 1 - # clusterAgent.livenessProbe.timeoutSeconds -- `timeoutSeconds` for the liveness probe. - timeoutSeconds: 5 - - # clusterAgent.logLevel -- Logging level for stackstate-k8s-agent processes. - logLevel: INFO - - # clusterAgent.priorityClassName -- Priority class for stackstate-k8s-agent pods. - priorityClassName: "" - - readinessProbe: - # clusterAgent.readinessProbe.enabled -- Enable use of readinessProbe check. - enabled: true - # clusterAgent.readinessProbe.failureThreshold -- `failureThreshold` for the readiness probe. - failureThreshold: 3 - # clusterAgent.readinessProbe.initialDelaySeconds -- `initialDelaySeconds` for the readiness probe. - initialDelaySeconds: 15 - # clusterAgent.readinessProbe.periodSeconds -- `periodSeconds` for the readiness probe. - periodSeconds: 15 - # clusterAgent.readinessProbe.successThreshold -- `successThreshold` for the readiness probe. - successThreshold: 1 - # clusterAgent.readinessProbe.timeoutSeconds -- `timeoutSeconds` for the readiness probe. - timeoutSeconds: 5 - - # clusterAgent.replicaCount -- Number of replicas of the cluster agent to deploy. - replicaCount: 1 - - serviceaccount: - # clusterAgent.serviceaccount.annotations -- Annotations for the service account for the cluster agent pods - annotations: {} - - # clusterAgent.strategy -- The strategy for the Deployment object. - strategy: - type: RollingUpdate - # rollingUpdate: - # maxUnavailable: 1 - - resources: - limits: - # clusterAgent.resources.limits.cpu -- CPU resource limits. - cpu: "400m" - # clusterAgent.resources.limits.memory -- Memory resource limits. - memory: "800Mi" - requests: - # clusterAgent.resources.requests.cpu -- CPU resource requests. - cpu: "70m" - # clusterAgent.resources.requests.memory -- Memory resource requests. - memory: "512Mi" - - # clusterAgent.nodeSelector -- Node labels for pod assignment. - nodeSelector: {} - - # clusterAgent.tolerations -- Toleration labels for pod assignment. - tolerations: [] - - # clusterAgent.affinity -- Affinity settings for pod assignment. - affinity: {} - -openShiftLogging: - # openShiftLogging.installSecret -- Install a secret for logging on openshift - installSecret: false - -logsAgent: - # logsAgent.enabled -- Enable / disable k8s pod log collection - enabled: true - - # logsAgent.skipSslValidation -- If true, ignores the server certificate being signed by an unknown authority. - skipSslValidation: false - - # logsAgent.priorityClassName -- Priority class for logsAgent pods. - priorityClassName: "" - - image: - # logsAgent.image.repository -- Base container image repository. - repository: stackstate/promtail - # logsAgent.image.tag -- Default container image tag. - tag: 2.9.8-5b179aee - # logsAgent.image.pullPolicy -- Default container image pull policy. - pullPolicy: IfNotPresent - - resources: - limits: - # logsAgent.resources.limits.cpu -- CPU resource limits. - cpu: "1300m" - # logsAgent.resources.limits.cpu -- Memory resource limits. - memory: "192Mi" - requests: - # logsAgent.resources.requests.cpu -- CPU resource requests. - cpu: "20m" - # logsAgent.resources.requests.cpu -- Memory resource requests. - memory: "100Mi" - - # logsAgent.updateStrategy -- The update strategy for the DaemonSet object. - updateStrategy: - type: RollingUpdate - rollingUpdate: - maxUnavailable: 100 - - # logsAgent.nodeSelector -- Node labels for pod assignment. - nodeSelector: {} - - # logsAgent.tolerations -- Toleration labels for pod assignment. - tolerations: [] - - # logsAgent.affinity -- Affinity settings for pod assignment. - affinity: {} - - serviceaccount: - # logsAgent.serviceaccount.annotations -- Annotations for the service account for the daemonset pods - annotations: {} - -checksAgent: - # checksAgent.enabled -- Enable / disable runnning cluster checks in a separately deployed pod - enabled: true - scc: - # checksAgent.scc.enabled -- Enable / disable the installation of the SecurityContextConfiguration needed for installation on OpenShift - enabled: false - apm: - # checksAgent.apm.enabled -- Enable / disable the agent APM module. - enabled: true - networkTracing: - # checksAgent.networkTracing.enabled -- Enable / disable the agent network tracing module. - enabled: true - processAgent: - # checksAgent.processAgent.enabled -- Enable / disable the agent process agent module. - enabled: true - # checksAgent.skipSslValidation -- Set to true if self signed certificates are used. - skipSslValidation: false - - # nodeAgent.checksTagCardinality -- low, orchestrator or high. Orchestrator level adds pod_name, high adds display_container_name - checksTagCardinality: orchestrator - - # checksAgent.config -- - config: - # checksAgent.config.override -- A list of objects containing three keys `name`, `path` and `data`, specifying filenames at specific paths which need to be (potentially) overridden using a mounted configmap - override: [] - - image: - # checksAgent.image.repository -- Base container image repository. - repository: stackstate/stackstate-k8s-agent - # checksAgent.image.tag -- Default container image tag. - tag: "98a3fa1c" - # checksAgent.image.pullPolicy -- Default container image pull policy. - pullPolicy: IfNotPresent - - livenessProbe: - # checksAgent.livenessProbe.enabled -- Enable use of livenessProbe check. - enabled: true - # checksAgent.livenessProbe.failureThreshold -- `failureThreshold` for the liveness probe. - failureThreshold: 3 - # checksAgent.livenessProbe.initialDelaySeconds -- `initialDelaySeconds` for the liveness probe. - initialDelaySeconds: 15 - # checksAgent.livenessProbe.periodSeconds -- `periodSeconds` for the liveness probe. - periodSeconds: 15 - # checksAgent.livenessProbe.successThreshold -- `successThreshold` for the liveness probe. - successThreshold: 1 - # checksAgent.livenessProbe.timeoutSeconds -- `timeoutSeconds` for the liveness probe. - timeoutSeconds: 5 - - # checksAgent.logLevel -- Logging level for clusterchecks agent processes. - logLevel: INFO - - # checksAgent.priorityClassName -- Priority class for clusterchecks agent pods. - priorityClassName: "" - - readinessProbe: - # checksAgent.readinessProbe.enabled -- Enable use of readinessProbe check. - enabled: true - # checksAgent.readinessProbe.failureThreshold -- `failureThreshold` for the readiness probe. - failureThreshold: 3 - # checksAgent.readinessProbe.initialDelaySeconds -- `initialDelaySeconds` for the readiness probe. - initialDelaySeconds: 15 - # checksAgent.readinessProbe.periodSeconds -- `periodSeconds` for the readiness probe. - periodSeconds: 15 - # checksAgent.readinessProbe.successThreshold -- `successThreshold` for the readiness probe. - successThreshold: 1 - # checksAgent.readinessProbe.timeoutSeconds -- `timeoutSeconds` for the readiness probe. - timeoutSeconds: 5 - - # checksAgent.replicas -- Number of clusterchecks agent pods to schedule - replicas: 1 - - resources: - limits: - # checksAgent.resources.limits.cpu -- CPU resource limits. - cpu: "400m" - # checksAgent.resources.limits.cpu -- Memory resource limits. - memory: "600Mi" - requests: - # checksAgent.resources.requests.cpu -- CPU resource requests. - cpu: "20m" - # checksAgent.resources.requests.cpu -- Memory resource requests. - memory: "512Mi" - - serviceaccount: - # checksAgent.serviceaccount.annotations -- Annotations for the service account for the cluster checks pods - annotations: {} - - # checksAgent.strategy -- The strategy for the Deployment object. - strategy: - type: RollingUpdate - # rollingUpdate: - # maxUnavailable: 1 - - # checksAgent.nodeSelector -- Node labels for pod assignment. - nodeSelector: {} - - # checksAgent.tolerations -- Toleration labels for pod assignment. - tolerations: [] - - # checksAgent.affinity -- Affinity settings for pod assignment. - affinity: {} - -################################## -# http-header-injector variables # -################################## - -httpHeaderInjectorWebhook: - # httpHeaderInjectorWebhook.enabled -- Enable the webhook for injection http header injection sidecar proxy - enabled: false - -######################## -# StackState variables # -######################## - -stackstate: - # stackstate.manageOwnSecrets -- Set to true if you don't want this helm chart to create secrets for you. - manageOwnSecrets: false - # stackstate.customSecretName -- Name of the secret containing the receiver API key. - customSecretName: "" - # stackstate.customApiKeySecretKey -- Key in the secret containing the receiver API key. - customApiKeySecretKey: "sts-api-key" - # stackstate.customClusterAuthTokenSecretKey -- Key in the secret containing the cluster auth token. - customClusterAuthTokenSecretKey: "sts-cluster-auth-token" - # stackstate.apiKey -- (string) **PROVIDE YOUR API KEY HERE** API key to be used by the StackState agent. - apiKey: - cluster: - # stackstate.cluster.name -- (string) **PROVIDE KUBERNETES CLUSTER NAME HERE** Name of the Kubernetes cluster where the agent will be installed. - name: - # stackstate.cluster.authToken -- Provide a token to enable secure communication between the agent and the cluster agent. - authToken: "" - # stackstate.url -- (string) **PROVIDE STACKSTATE URL HERE** URL of the StackState installation to receive data from the agent. - url: diff --git a/charts/stackstate/stackstate-k8s-agent/1.0.93/.helmignore b/charts/stackstate/stackstate-k8s-agent/1.0.93/.helmignore deleted file mode 100644 index 15a5c1277..000000000 --- a/charts/stackstate/stackstate-k8s-agent/1.0.93/.helmignore +++ /dev/null @@ -1,26 +0,0 @@ -# Patterns to ignore when building packages. -# This supports shell glob matching, relative path matching, and -# negation (prefixed with !). Only one pattern per line. -.DS_Store -# Common VCS dirs -.git/ -.gitignore -.bzr/ -.bzrignore -.hg/ -.hgignore -.svn/ -# Common backup files -*.swp -*.bak -*.tmp -*~ -# Various IDEs -.project -.idea/ -*.tmproj -.vscode/ -linter_values.yaml -ci/ -installation/ -logo.svg diff --git a/charts/stackstate/stackstate-k8s-agent/1.0.93/Chart.lock b/charts/stackstate/stackstate-k8s-agent/1.0.93/Chart.lock deleted file mode 100644 index a8df83f13..000000000 --- a/charts/stackstate/stackstate-k8s-agent/1.0.93/Chart.lock +++ /dev/null @@ -1,6 +0,0 @@ -dependencies: -- name: http-header-injector - repository: https://helm.stackstate.io - version: 0.0.11 -digest: sha256:ae5ad7c3176f89b71aabef7cd75f99394750f4fffb9905b86fb45c345595c24c -generated: "2024-05-30T13:30:45.346757+02:00" diff --git a/charts/stackstate/stackstate-k8s-agent/1.0.93/Chart.yaml b/charts/stackstate/stackstate-k8s-agent/1.0.93/Chart.yaml deleted file mode 100644 index b41ce6b2b..000000000 --- a/charts/stackstate/stackstate-k8s-agent/1.0.93/Chart.yaml +++ /dev/null @@ -1,26 +0,0 @@ -annotations: - catalog.cattle.io/certified: partner - catalog.cattle.io/display-name: StackState Agent - catalog.cattle.io/kube-version: '>=1.19.0-0' - catalog.cattle.io/release-name: stackstate-k8s-agent -apiVersion: v2 -appVersion: 3.0.0 -dependencies: -- alias: httpHeaderInjectorWebhook - name: http-header-injector - repository: file://./charts/http-header-injector - version: 0.0.11 -deprecated: true -description: Helm chart for the StackState Agent. -home: https://github.com/StackVista/stackstate-agent -icon: file://assets/icons/stackstate-k8s-agent.svg -keywords: -- monitoring -- observability -- stackstate -kubeVersion: '>=1.19.0-0' -maintainers: -- email: ops@stackstate.com - name: Stackstate -name: stackstate-k8s-agent -version: 1.0.93 diff --git a/charts/stackstate/stackstate-k8s-agent/1.0.93/README.md b/charts/stackstate/stackstate-k8s-agent/1.0.93/README.md deleted file mode 100644 index 491913ca9..000000000 --- a/charts/stackstate/stackstate-k8s-agent/1.0.93/README.md +++ /dev/null @@ -1,263 +0,0 @@ -# stackstate-k8s-agent - -Helm chart for the StackState Agent. - -Current chart version is `1.0.93` - -**Homepage:** - -## Requirements - -| Repository | Name | Version | -|------------|------|---------| -| https://helm.stackstate.io | httpHeaderInjectorWebhook(http-header-injector) | 0.0.11 | - -## Required Values - -In order to successfully install this chart, you **must** provide the following variables: - -* `stackstate.apiKey` -* `stackstate.cluster.name` -* `stackstate.url` - -The parameter `stackstate.cluster.name` is entered when installing the Cluster Agent StackPack. - -Install them on the command line on Helm with the following command: - -```shell -helm install \ ---set-string 'stackstate.apiKey'='' \ ---set-string 'stackstate.cluster.name'='' \ ---set-string 'stackstate.url'='' \ -stackstate/stackstate-k8s-agent -``` - -## Recommended Values - -It is also recommended that you set a value for `stackstate.cluster.authToken`. If it is not provided, a value will be generated for you, but the value will change each time an upgrade is performed. - -The command for **also** installing with a set token would be: - -```shell -helm install \ ---set-string 'stackstate.apiKey'='' \ ---set-string 'stackstate.cluster.name'='' \ ---set-string 'stackstate.cluster.authToken'='' \ ---set-string 'stackstate.url'='' \ -stackstate/stackstate-k8s-agent -``` - -## Values - -| Key | Type | Default | Description | -|-----|------|---------|-------------| -| all.hardening.enabled | bool | `false` | An indication of whether the containers will be evaluated for hardening at runtime | -| all.image.registry | string | `"quay.io"` | The image registry to use. | -| checksAgent.affinity | object | `{}` | Affinity settings for pod assignment. | -| checksAgent.apm.enabled | bool | `true` | Enable / disable the agent APM module. | -| checksAgent.checksTagCardinality | string | `"orchestrator"` | | -| checksAgent.config | object | `{"override":[]}` | | -| checksAgent.config.override | list | `[]` | A list of objects containing three keys `name`, `path` and `data`, specifying filenames at specific paths which need to be (potentially) overridden using a mounted configmap | -| checksAgent.enabled | bool | `true` | Enable / disable runnning cluster checks in a separately deployed pod | -| checksAgent.image.pullPolicy | string | `"IfNotPresent"` | Default container image pull policy. | -| checksAgent.image.repository | string | `"stackstate/stackstate-k8s-agent"` | Base container image repository. | -| checksAgent.image.tag | string | `"10e27026"` | Default container image tag. | -| checksAgent.livenessProbe.enabled | bool | `true` | Enable use of livenessProbe check. | -| checksAgent.livenessProbe.failureThreshold | int | `3` | `failureThreshold` for the liveness probe. | -| checksAgent.livenessProbe.initialDelaySeconds | int | `15` | `initialDelaySeconds` for the liveness probe. | -| checksAgent.livenessProbe.periodSeconds | int | `15` | `periodSeconds` for the liveness probe. | -| checksAgent.livenessProbe.successThreshold | int | `1` | `successThreshold` for the liveness probe. | -| checksAgent.livenessProbe.timeoutSeconds | int | `5` | `timeoutSeconds` for the liveness probe. | -| checksAgent.logLevel | string | `"INFO"` | Logging level for clusterchecks agent processes. | -| checksAgent.networkTracing.enabled | bool | `true` | Enable / disable the agent network tracing module. | -| checksAgent.nodeSelector | object | `{}` | Node labels for pod assignment. | -| checksAgent.priorityClassName | string | `""` | Priority class for clusterchecks agent pods. | -| checksAgent.processAgent.enabled | bool | `true` | Enable / disable the agent process agent module. | -| checksAgent.readinessProbe.enabled | bool | `true` | Enable use of readinessProbe check. | -| checksAgent.readinessProbe.failureThreshold | int | `3` | `failureThreshold` for the readiness probe. | -| checksAgent.readinessProbe.initialDelaySeconds | int | `15` | `initialDelaySeconds` for the readiness probe. | -| checksAgent.readinessProbe.periodSeconds | int | `15` | `periodSeconds` for the readiness probe. | -| checksAgent.readinessProbe.successThreshold | int | `1` | `successThreshold` for the readiness probe. | -| checksAgent.readinessProbe.timeoutSeconds | int | `5` | `timeoutSeconds` for the readiness probe. | -| checksAgent.replicas | int | `1` | Number of clusterchecks agent pods to schedule | -| checksAgent.resources.limits.cpu | string | `"400m"` | CPU resource limits. | -| checksAgent.resources.limits.memory | string | `"600Mi"` | Memory resource limits. | -| checksAgent.resources.requests.cpu | string | `"20m"` | CPU resource requests. | -| checksAgent.resources.requests.memory | string | `"512Mi"` | Memory resource requests. | -| checksAgent.scc.enabled | bool | `false` | Enable / disable the installation of the SecurityContextConfiguration needed for installation on OpenShift | -| checksAgent.serviceaccount.annotations | object | `{}` | Annotations for the service account for the cluster checks pods | -| checksAgent.skipSslValidation | bool | `false` | Set to true if self signed certificates are used. | -| checksAgent.strategy | object | `{"type":"RollingUpdate"}` | The strategy for the Deployment object. | -| checksAgent.tolerations | list | `[]` | Toleration labels for pod assignment. | -| clusterAgent.affinity | object | `{}` | Affinity settings for pod assignment. | -| clusterAgent.collection.kubeStateMetrics.annotationsAsTags | object | `{}` | Extra annotations to collect from resources and to turn into StackState tag. | -| clusterAgent.collection.kubeStateMetrics.clusterCheck | bool | `false` | For large clusters where the Kubernetes State Metrics Check Core needs to be distributed on dedicated workers. | -| clusterAgent.collection.kubeStateMetrics.enabled | bool | `true` | Enable / disable the cluster agent kube-state-metrics collection. | -| clusterAgent.collection.kubeStateMetrics.labelsAsTags | object | `{}` | Extra labels to collect from resources and to turn into StackState tag. # It has the following structure: # labelsAsTags: # : # can be pod, deployment, node, etc. # : # where is the kubernetes label and is the StackState tag # : # : # : # # Warning: the label must match the transformation done by kube-state-metrics, # for example tags.stackstate/version becomes tags_stackstate_version. | -| clusterAgent.collection.kubernetesEvents | bool | `true` | Enable / disable the cluster agent events collection. | -| clusterAgent.collection.kubernetesMetrics | bool | `true` | Enable / disable the cluster agent metrics collection. | -| clusterAgent.collection.kubernetesResources.configmaps | bool | `true` | Enable / disable collection of ConfigMaps. | -| clusterAgent.collection.kubernetesResources.cronjobs | bool | `true` | Enable / disable collection of CronJobs. | -| clusterAgent.collection.kubernetesResources.daemonsets | bool | `true` | Enable / disable collection of DaemonSets. | -| clusterAgent.collection.kubernetesResources.deployments | bool | `true` | Enable / disable collection of Deployments. | -| clusterAgent.collection.kubernetesResources.endpoints | bool | `true` | Enable / disable collection of Endpoints. If endpoints are disabled then StackState won't be able to connect a Service to Pods that serving it | -| clusterAgent.collection.kubernetesResources.horizontalpodautoscalers | bool | `true` | Enable / disable collection of HorizontalPodAutoscalers. | -| clusterAgent.collection.kubernetesResources.ingresses | bool | `true` | Enable / disable collection of Ingresses. | -| clusterAgent.collection.kubernetesResources.jobs | bool | `true` | Enable / disable collection of Jobs. | -| clusterAgent.collection.kubernetesResources.limitranges | bool | `true` | Enable / disable collection of LimitRanges. | -| clusterAgent.collection.kubernetesResources.namespaces | bool | `true` | Enable / disable collection of Namespaces. | -| clusterAgent.collection.kubernetesResources.persistentvolumeclaims | bool | `true` | Enable / disable collection of PersistentVolumeClaims. Disabling these will not let StackState connect PersistentVolumes to pods they are attached to | -| clusterAgent.collection.kubernetesResources.persistentvolumes | bool | `true` | Enable / disable collection of PersistentVolumes. | -| clusterAgent.collection.kubernetesResources.poddisruptionbudgets | bool | `true` | Enable / disable collection of PodDisruptionBudgets. | -| clusterAgent.collection.kubernetesResources.replicasets | bool | `true` | Enable / disable collection of ReplicaSets. | -| clusterAgent.collection.kubernetesResources.replicationcontrollers | bool | `true` | Enable / disable collection of ReplicationControllers. | -| clusterAgent.collection.kubernetesResources.resourcequotas | bool | `true` | Enable / disable collection of ResourceQuotas. | -| clusterAgent.collection.kubernetesResources.secrets | bool | `true` | Enable / disable collection of Secrets. | -| clusterAgent.collection.kubernetesResources.statefulsets | bool | `true` | Enable / disable collection of StatefulSets. | -| clusterAgent.collection.kubernetesResources.storageclasses | bool | `true` | Enable / disable collection of StorageClasses. | -| clusterAgent.collection.kubernetesResources.volumeattachments | bool | `true` | Enable / disable collection of Volume Attachments. Used to bind Nodes to Persistent Volumes. | -| clusterAgent.collection.kubernetesTimeout | int | `10` | Default timeout (in seconds) when obtaining information from the Kubernetes API. | -| clusterAgent.collection.kubernetesTopology | bool | `true` | Enable / disable the cluster agent topology collection. | -| clusterAgent.config | object | `{"configMap":{"maxDataSize":null},"events":{"categories":{}},"override":[],"topology":{"collectionInterval":90}}` | | -| clusterAgent.config.configMap.maxDataSize | string | `nil` | Maximum amount of characters for the data property of a ConfigMap collected by the kubernetes topology check | -| clusterAgent.config.events.categories | object | `{}` | Custom mapping from Kubernetes event reason to StackState event category. Categories allowed: Alerts, Activities, Changes, Others | -| clusterAgent.config.override | list | `[]` | A list of objects containing three keys `name`, `path` and `data`, specifying filenames at specific paths which need to be (potentially) overridden using a mounted configmap | -| clusterAgent.config.topology.collectionInterval | int | `90` | Interval for running topology collection, in seconds | -| clusterAgent.enabled | bool | `true` | Enable / disable the cluster agent. | -| clusterAgent.image.pullPolicy | string | `"IfNotPresent"` | Default container image pull policy. | -| clusterAgent.image.repository | string | `"stackstate/stackstate-k8s-cluster-agent"` | Base container image repository. | -| clusterAgent.image.tag | string | `"10e27026"` | Default container image tag. | -| clusterAgent.livenessProbe.enabled | bool | `true` | Enable use of livenessProbe check. | -| clusterAgent.livenessProbe.failureThreshold | int | `3` | `failureThreshold` for the liveness probe. | -| clusterAgent.livenessProbe.initialDelaySeconds | int | `15` | `initialDelaySeconds` for the liveness probe. | -| clusterAgent.livenessProbe.periodSeconds | int | `15` | `periodSeconds` for the liveness probe. | -| clusterAgent.livenessProbe.successThreshold | int | `1` | `successThreshold` for the liveness probe. | -| clusterAgent.livenessProbe.timeoutSeconds | int | `5` | `timeoutSeconds` for the liveness probe. | -| clusterAgent.logLevel | string | `"INFO"` | Logging level for stackstate-k8s-agent processes. | -| clusterAgent.nodeSelector | object | `{}` | Node labels for pod assignment. | -| clusterAgent.priorityClassName | string | `""` | Priority class for stackstate-k8s-agent pods. | -| clusterAgent.readinessProbe.enabled | bool | `true` | Enable use of readinessProbe check. | -| clusterAgent.readinessProbe.failureThreshold | int | `3` | `failureThreshold` for the readiness probe. | -| clusterAgent.readinessProbe.initialDelaySeconds | int | `15` | `initialDelaySeconds` for the readiness probe. | -| clusterAgent.readinessProbe.periodSeconds | int | `15` | `periodSeconds` for the readiness probe. | -| clusterAgent.readinessProbe.successThreshold | int | `1` | `successThreshold` for the readiness probe. | -| clusterAgent.readinessProbe.timeoutSeconds | int | `5` | `timeoutSeconds` for the readiness probe. | -| clusterAgent.replicaCount | int | `1` | Number of replicas of the cluster agent to deploy. | -| clusterAgent.resources.limits.cpu | string | `"400m"` | CPU resource limits. | -| clusterAgent.resources.limits.memory | string | `"800Mi"` | Memory resource limits. | -| clusterAgent.resources.requests.cpu | string | `"70m"` | CPU resource requests. | -| clusterAgent.resources.requests.memory | string | `"512Mi"` | Memory resource requests. | -| clusterAgent.service.port | int | `5005` | Change the Cluster Agent service port | -| clusterAgent.service.targetPort | int | `5005` | Change the Cluster Agent service targetPort | -| clusterAgent.serviceaccount.annotations | object | `{}` | Annotations for the service account for the cluster agent pods | -| clusterAgent.skipSslValidation | bool | `false` | If true, ignores the server certificate being signed by an unknown authority. | -| clusterAgent.strategy | object | `{"type":"RollingUpdate"}` | The strategy for the Deployment object. | -| clusterAgent.tolerations | list | `[]` | Toleration labels for pod assignment. | -| fullnameOverride | string | `""` | Override the fullname of the chart. | -| global.extraAnnotations | object | `{}` | Extra annotations added ta all resources created by the helm chart | -| global.extraEnv.open | object | `{}` | Extra open environment variables to inject into pods. | -| global.extraEnv.secret | object | `{}` | Extra secret environment variables to inject into pods via a `Secret` object. | -| global.extraLabels | object | `{}` | Extra labels added ta all resources created by the helm chart | -| global.imagePullCredentials | object | `{}` | Globally define credentials for pulling images. | -| global.imagePullSecrets | list | `[]` | Secrets / credentials needed for container image registry. | -| global.proxy.url | string | `""` | Proxy for all traffic to stackstate | -| global.skipSslValidation | bool | `false` | Enable tls validation from client | -| httpHeaderInjectorWebhook.enabled | bool | `false` | Enable the webhook for injection http header injection sidecar proxy | -| logsAgent.affinity | object | `{}` | Affinity settings for pod assignment. | -| logsAgent.enabled | bool | `true` | Enable / disable k8s pod log collection | -| logsAgent.image.pullPolicy | string | `"IfNotPresent"` | Default container image pull policy. | -| logsAgent.image.repository | string | `"stackstate/promtail"` | Base container image repository. | -| logsAgent.image.tag | string | `"2.9.8-5b179aee"` | Default container image tag. | -| logsAgent.nodeSelector | object | `{}` | Node labels for pod assignment. | -| logsAgent.priorityClassName | string | `""` | Priority class for logsAgent pods. | -| logsAgent.resources.limits.cpu | string | `"1300m"` | CPU resource limits. | -| logsAgent.resources.limits.memory | string | `"192Mi"` | Memory resource limits. | -| logsAgent.resources.requests.cpu | string | `"20m"` | CPU resource requests. | -| logsAgent.resources.requests.memory | string | `"100Mi"` | Memory resource requests. | -| logsAgent.serviceaccount.annotations | object | `{}` | Annotations for the service account for the daemonset pods | -| logsAgent.skipSslValidation | bool | `false` | If true, ignores the server certificate being signed by an unknown authority. | -| logsAgent.tolerations | list | `[]` | Toleration labels for pod assignment. | -| logsAgent.updateStrategy | object | `{"rollingUpdate":{"maxUnavailable":100},"type":"RollingUpdate"}` | The update strategy for the DaemonSet object. | -| nameOverride | string | `""` | Override the name of the chart. | -| nodeAgent.affinity | object | `{}` | Affinity settings for pod assignment. | -| nodeAgent.apm.enabled | bool | `true` | Enable / disable the nodeAgent APM module. | -| nodeAgent.autoScalingEnabled | bool | `false` | Enable / disable autoscaling for the node agent pods. | -| nodeAgent.checksTagCardinality | string | `"orchestrator"` | low, orchestrator or high. Orchestrator level adds pod_name, high adds display_container_name | -| nodeAgent.config | object | `{"override":[]}` | | -| nodeAgent.config.override | list | `[]` | A list of objects containing three keys `name`, `path` and `data`, specifying filenames at specific paths which need to be (potentially) overridden using a mounted configmap | -| nodeAgent.containerRuntime.customSocketPath | string | `""` | If the container socket path does not match the default for CRI-O, Containerd or Docker, supply a custom socket path. | -| nodeAgent.containerRuntime.hostProc | string | `"/proc"` | | -| nodeAgent.containers.agent.env | object | `{}` | Additional environment variables for the agent container | -| nodeAgent.containers.agent.image.pullPolicy | string | `"IfNotPresent"` | Default container image pull policy. | -| nodeAgent.containers.agent.image.repository | string | `"stackstate/stackstate-k8s-agent"` | Base container image repository. | -| nodeAgent.containers.agent.image.tag | string | `"10e27026"` | Default container image tag. | -| nodeAgent.containers.agent.livenessProbe.enabled | bool | `true` | Enable use of livenessProbe check. | -| nodeAgent.containers.agent.livenessProbe.failureThreshold | int | `3` | `failureThreshold` for the liveness probe. | -| nodeAgent.containers.agent.livenessProbe.initialDelaySeconds | int | `15` | `initialDelaySeconds` for the liveness probe. | -| nodeAgent.containers.agent.livenessProbe.periodSeconds | int | `15` | `periodSeconds` for the liveness probe. | -| nodeAgent.containers.agent.livenessProbe.successThreshold | int | `1` | `successThreshold` for the liveness probe. | -| nodeAgent.containers.agent.livenessProbe.timeoutSeconds | int | `5` | `timeoutSeconds` for the liveness probe. | -| nodeAgent.containers.agent.logLevel | string | `nil` | Set logging verbosity, valid log levels are: trace, debug, info, warn, error, critical, and off # If not set, fall back to the value of agent.logLevel. | -| nodeAgent.containers.agent.processAgent.enabled | bool | `false` | Enable / disable the agent process agent module. - deprecated | -| nodeAgent.containers.agent.readinessProbe.enabled | bool | `true` | Enable use of readinessProbe check. | -| nodeAgent.containers.agent.readinessProbe.failureThreshold | int | `3` | `failureThreshold` for the readiness probe. | -| nodeAgent.containers.agent.readinessProbe.initialDelaySeconds | int | `15` | `initialDelaySeconds` for the readiness probe. | -| nodeAgent.containers.agent.readinessProbe.periodSeconds | int | `15` | `periodSeconds` for the readiness probe. | -| nodeAgent.containers.agent.readinessProbe.successThreshold | int | `1` | `successThreshold` for the readiness probe. | -| nodeAgent.containers.agent.readinessProbe.timeoutSeconds | int | `5` | `timeoutSeconds` for the readiness probe. | -| nodeAgent.containers.agent.resources.limits.cpu | string | `"270m"` | CPU resource limits. | -| nodeAgent.containers.agent.resources.limits.memory | string | `"420Mi"` | Memory resource limits. | -| nodeAgent.containers.agent.resources.requests.cpu | string | `"20m"` | CPU resource requests. | -| nodeAgent.containers.agent.resources.requests.memory | string | `"180Mi"` | Memory resource requests. | -| nodeAgent.containers.processAgent.enabled | bool | `true` | Enable / disable the process agent container. | -| nodeAgent.containers.processAgent.env | object | `{}` | Additional environment variables for the process-agent container | -| nodeAgent.containers.processAgent.image.pullPolicy | string | `"IfNotPresent"` | Process-agent container image pull policy. | -| nodeAgent.containers.processAgent.image.registry | string | `nil` | | -| nodeAgent.containers.processAgent.image.repository | string | `"stackstate/stackstate-k8s-process-agent"` | Process-agent container image repository. | -| nodeAgent.containers.processAgent.image.tag | string | `"d1c2415d"` | Default process-agent container image tag. | -| nodeAgent.containers.processAgent.logLevel | string | `nil` | Set logging verbosity, valid log levels are: trace, debug, info, warn, error, critical, and off # If not set, fall back to the value of agent.logLevel. | -| nodeAgent.containers.processAgent.procVolumeReadOnly | bool | `true` | Configure whether /host/proc is read only for the process agent container | -| nodeAgent.containers.processAgent.resources.limits.cpu | string | `"125m"` | CPU resource limits. | -| nodeAgent.containers.processAgent.resources.limits.memory | string | `"400Mi"` | Memory resource limits. | -| nodeAgent.containers.processAgent.resources.requests.cpu | string | `"25m"` | CPU resource requests. | -| nodeAgent.containers.processAgent.resources.requests.memory | string | `"128Mi"` | Memory resource requests. | -| nodeAgent.httpTracing.enabled | bool | `true` | | -| nodeAgent.logLevel | string | `"INFO"` | Logging level for agent processes. | -| nodeAgent.networkTracing.enabled | bool | `true` | Enable / disable the nodeAgent network tracing module. | -| nodeAgent.nodeSelector | object | `{}` | Node labels for pod assignment. | -| nodeAgent.priorityClassName | string | `""` | Priority class for nodeAgent pods. | -| nodeAgent.protocolInspection.enabled | bool | `true` | Enable / disable the nodeAgent protocol inspection. | -| nodeAgent.scaling.autoscalerLimits.agent.maximum.cpu | string | `"200m"` | Maximum CPU resource limits for main agent. | -| nodeAgent.scaling.autoscalerLimits.agent.maximum.memory | string | `"450Mi"` | Maximum memory resource limits for main agent. | -| nodeAgent.scaling.autoscalerLimits.agent.minimum.cpu | string | `"20m"` | Minimum CPU resource limits for main agent. | -| nodeAgent.scaling.autoscalerLimits.agent.minimum.memory | string | `"180Mi"` | Minimum memory resource limits for main agent. | -| nodeAgent.scaling.autoscalerLimits.processAgent.maximum.cpu | string | `"200m"` | Maximum CPU resource limits for process agent. | -| nodeAgent.scaling.autoscalerLimits.processAgent.maximum.memory | string | `"500Mi"` | Maximum memory resource limits for process agent. | -| nodeAgent.scaling.autoscalerLimits.processAgent.minimum.cpu | string | `"25m"` | Minimum CPU resource limits for process agent. | -| nodeAgent.scaling.autoscalerLimits.processAgent.minimum.memory | string | `"100Mi"` | Minimum memory resource limits for process agent. | -| nodeAgent.scc.enabled | bool | `false` | Enable / disable the installation of the SecurityContextConfiguration needed for installation on OpenShift. | -| nodeAgent.service | object | `{"annotations":{},"loadBalancerSourceRanges":["10.0.0.0/8"],"type":"ClusterIP"}` | The Kubernetes service for the agent | -| nodeAgent.service.annotations | object | `{}` | Annotations for the service | -| nodeAgent.service.loadBalancerSourceRanges | list | `["10.0.0.0/8"]` | The IP4 CIDR allowed to reach LoadBalancer for the service. For LoadBalancer type of service only. | -| nodeAgent.service.type | string | `"ClusterIP"` | Type of Kubernetes service: ClusterIP, LoadBalancer, NodePort | -| nodeAgent.serviceaccount.annotations | object | `{}` | Annotations for the service account for the agent daemonset pods | -| nodeAgent.skipKubeletTLSVerify | bool | `false` | Set to true if you want to skip kubelet tls verification. | -| nodeAgent.skipSslValidation | bool | `false` | Set to true if self signed certificates are used. | -| nodeAgent.tolerations | list | `[]` | Toleration labels for pod assignment. | -| nodeAgent.updateStrategy | object | `{"rollingUpdate":{"maxUnavailable":100},"type":"RollingUpdate"}` | The update strategy for the DaemonSet object. | -| openShiftLogging.installSecret | bool | `false` | Install a secret for logging on openshift | -| processAgent.checkIntervals.connections | int | `30` | Override the default value of the connections check interval in seconds. | -| processAgent.checkIntervals.container | int | `28` | Override the default value of the container check interval in seconds. | -| processAgent.checkIntervals.process | int | `32` | Override the default value of the process check interval in seconds. | -| processAgent.softMemoryLimit.goMemLimit | string | `"340MiB"` | Soft-limit for golang heap allocation, for sanity, must be around 85% of nodeAgent.containers.processAgent.resources.limits.cpu. | -| processAgent.softMemoryLimit.httpObservationsBufferSize | int | `40000` | Sets a maximum for the number of http observations to keep in memory between check runs, to use 40k requires around ~400Mib of memory. | -| processAgent.softMemoryLimit.httpStatsBufferSize | int | `40000` | Sets a maximum for the number of http stats to keep in memory between check runs, to use 40k requires around ~400Mib of memory. | -| stackstate.apiKey | string | `nil` | **PROVIDE YOUR API KEY HERE** API key to be used by the StackState agent. | -| stackstate.cluster.authToken | string | `""` | Provide a token to enable secure communication between the agent and the cluster agent. | -| stackstate.cluster.name | string | `nil` | **PROVIDE KUBERNETES CLUSTER NAME HERE** Name of the Kubernetes cluster where the agent will be installed. | -| stackstate.customApiKeySecretKey | string | `"sts-api-key"` | Key in the secret containing the receiver API key. | -| stackstate.customClusterAuthTokenSecretKey | string | `"sts-cluster-auth-token"` | Key in the secret containing the cluster auth token. | -| stackstate.customSecretName | string | `""` | Name of the secret containing the receiver API key. | -| stackstate.manageOwnSecrets | bool | `false` | Set to true if you don't want this helm chart to create secrets for you. | -| stackstate.url | string | `nil` | **PROVIDE STACKSTATE URL HERE** URL of the StackState installation to receive data from the agent. | -| targetSystem | string | `"linux"` | Target OS for this deployment (possible values: linux) | diff --git a/charts/stackstate/stackstate-k8s-agent/1.0.93/README.md.gotmpl b/charts/stackstate/stackstate-k8s-agent/1.0.93/README.md.gotmpl deleted file mode 100644 index 7909e6f0d..000000000 --- a/charts/stackstate/stackstate-k8s-agent/1.0.93/README.md.gotmpl +++ /dev/null @@ -1,45 +0,0 @@ -{{ template "chart.header" . }} -{{ template "chart.description" . }} - -Current chart version is `{{ template "chart.version" . }}` - -{{ template "chart.homepageLine" . }} - -{{ template "chart.requirementsSection" . }} - -## Required Values - -In order to successfully install this chart, you **must** provide the following variables: - -* `stackstate.apiKey` -* `stackstate.cluster.name` -* `stackstate.url` - -The parameter `stackstate.cluster.name` is entered when installing the Cluster Agent StackPack. - -Install them on the command line on Helm with the following command: - -```shell -helm install \ ---set-string 'stackstate.apiKey'='' \ ---set-string 'stackstate.cluster.name'='' \ ---set-string 'stackstate.url'='' \ -stackstate/stackstate-k8s-agent -``` - -## Recommended Values - -It is also recommended that you set a value for `stackstate.cluster.authToken`. If it is not provided, a value will be generated for you, but the value will change each time an upgrade is performed. - -The command for **also** installing with a set token would be: - -```shell -helm install \ ---set-string 'stackstate.apiKey'='' \ ---set-string 'stackstate.cluster.name'='' \ ---set-string 'stackstate.cluster.authToken'='' \ ---set-string 'stackstate.url'='' \ -stackstate/stackstate-k8s-agent -``` - -{{ template "chart.valuesSection" . }} diff --git a/charts/stackstate/stackstate-k8s-agent/1.0.93/Releasing.md b/charts/stackstate/stackstate-k8s-agent/1.0.93/Releasing.md deleted file mode 100644 index bab6c2b94..000000000 --- a/charts/stackstate/stackstate-k8s-agent/1.0.93/Releasing.md +++ /dev/null @@ -1,15 +0,0 @@ -To make a new release of this helm chart, follow the following steps: - - -- Create a branch from master -- Set the latest tags for the docker images, based on the dev settings (while we do not promote to prod, the moment we promote to prod we should take those tags) from https://gitlab.com/stackvista/devops/agent-promoter/-/blob/master/config.yml. Set the value to the folowing keys: - * stackstate-k8s-cluster-agent: - * [clusterAgent.image.tag] - * stackstate-k8s-agent: - * [nodeAgent.containers.agent.image.tag] - * [checksAgent.image.tag] - * stackstate-k8s-process-agent: - * [nodeAgent.containers.processAgent.image.tag] -- Bump the version of the chart -- Merge the mr and hit the public release button on the ci pipeline -- Manually smoke-test (deploy) the newly released stackstate/stackstate-k8s-agent chart to make sure it runs diff --git a/charts/stackstate/stackstate-k8s-agent/1.0.93/app-readme.md b/charts/stackstate/stackstate-k8s-agent/1.0.93/app-readme.md deleted file mode 100644 index 8025fe1d3..000000000 --- a/charts/stackstate/stackstate-k8s-agent/1.0.93/app-readme.md +++ /dev/null @@ -1,5 +0,0 @@ -## Introduction - -StackState is a modern Application Troubleshooting and Observability solution designed for the rapid evolving engineering landscape. With specific enhancements for Kubernetes environments it empowers engineers, allowing them to remediate application issues independently in production. - -The StackState Agent auto-discovers your entire environment in minutes, assimilating topology, logs, metrics, and events and sends this of to the StackState server. By using StackState you're able to tracke all activity in your environment in real-time and over time. StackState provides instant understanding of the business impact of an issue, offering end-to-end chain observability and ensuring that you can quickly correlate any product or environmental changes to the overall health of your cloud-native implementation. diff --git a/charts/stackstate/stackstate-k8s-agent/1.0.93/charts/http-header-injector/.helmignore b/charts/stackstate/stackstate-k8s-agent/1.0.93/charts/http-header-injector/.helmignore deleted file mode 100644 index 69790771c..000000000 --- a/charts/stackstate/stackstate-k8s-agent/1.0.93/charts/http-header-injector/.helmignore +++ /dev/null @@ -1,25 +0,0 @@ -# Patterns to ignore when building packages. -# This supports shell glob matching, relative path matching, and -# negation (prefixed with !). Only one pattern per line. -.DS_Store -# Common VCS dirs -.git/ -.gitignore -.bzr/ -.bzrignore -.hg/ -.hgignore -.svn/ -# Common backup files -*.swp -*.bak -*.tmp -*~ -# Various IDEs -.project -.idea/ -*.tmproj -.vscode/ -linter_values.yaml -ci/ -installation/ diff --git a/charts/stackstate/stackstate-k8s-agent/1.0.93/charts/http-header-injector/Chart.yaml b/charts/stackstate/stackstate-k8s-agent/1.0.93/charts/http-header-injector/Chart.yaml deleted file mode 100644 index ff28ae8da..000000000 --- a/charts/stackstate/stackstate-k8s-agent/1.0.93/charts/http-header-injector/Chart.yaml +++ /dev/null @@ -1,15 +0,0 @@ -apiVersion: v2 -appVersion: 0.0.1 -description: 'Helm chart for deploying the http-header-injector sidecar, which automatically - injects x-request-id into http traffic going through the cluster for pods which - have the annotation `http-header-injector.stackstate.io/inject: enabled` is set. ' -home: https://github.com/StackVista/http-header-injector -icon: https://www.stackstate.com/wp-content/uploads/2019/02/152x152-favicon.png -keywords: -- monitoring -- stackstate -maintainers: -- email: ops@stackstate.com - name: Stackstate Lupulus Team -name: http-header-injector -version: 0.0.11 diff --git a/charts/stackstate/stackstate-k8s-agent/1.0.93/charts/http-header-injector/README.md b/charts/stackstate/stackstate-k8s-agent/1.0.93/charts/http-header-injector/README.md deleted file mode 100644 index 840ff5240..000000000 --- a/charts/stackstate/stackstate-k8s-agent/1.0.93/charts/http-header-injector/README.md +++ /dev/null @@ -1,56 +0,0 @@ -# http-header-injector - -![Version: 0.0.11](https://img.shields.io/badge/Version-0.0.11-informational?style=flat-square) ![AppVersion: 0.0.1](https://img.shields.io/badge/AppVersion-0.0.1-informational?style=flat-square) - -Helm chart for deploying the http-header-injector sidecar, which automatically injects x-request-id into http traffic -going through the cluster for pods which have the annotation `http-header-injector.stackstate.io/inject: enabled` is set. - -**Homepage:** - -## Maintainers - -| Name | Email | Url | -| ---- | ------ | --- | -| Stackstate Lupulus Team | | | - -## Values - -| Key | Type | Default | Description | -|-----|------|---------|-------------| -| certificatePrehook | object | `{"image":{"pullPolicy":"IfNotPresent","registry":null,"repository":"stackstate/container-tools","tag":"1.4.0"},"resources":{"limits":{"cpu":"100m","memory":"200Mi"},"requests":{"cpu":"100m","memory":"200Mi"}}}` | Helm prehook to setup/remove a certificate for the sidecarInjector mutationwebhook | -| certificatePrehook.image.pullPolicy | string | `"IfNotPresent"` | Policy when pulling an image | -| certificatePrehook.image.registry | string | `nil` | Registry for the docker image. | -| certificatePrehook.image.tag | string | `"1.4.0"` | The tag for the docker image | -| debug | bool | `false` | Enable debugging. This will leave leave artifacts around like the prehook jobs for further inspection | -| enabled | bool | `true` | Enable/disable the mutationwebhook | -| global.extraAnnotations | object | `{}` | Extra annotations added ta all resources created by the helm chart | -| global.extraLabels | object | `{}` | Extra labels added ta all resources created by the helm chart | -| global.imagePullCredentials | object | `{}` | Globally define credentials for pulling images. | -| global.imagePullSecrets | list | `[]` | Globally add image pull secrets that are used. | -| global.imageRegistry | string | `nil` | Globally override the image registry that is used. Can be overridden by specific containers. Defaults to quay.io | -| images.pullSecretName | string | `nil` | | -| proxy | object | `{"image":{"pullPolicy":"IfNotPresent","registry":null,"repository":"stackstate/http-header-injector-proxy","tag":"sha-5ff79451"},"resources":{"limits":{"memory":"40Mi"},"requests":{"memory":"25Mi"}}}` | Proxy being injected into pods for rewriting http headers | -| proxy.image.pullPolicy | string | `"IfNotPresent"` | Policy when pulling an image | -| proxy.image.registry | string | `nil` | Registry for the docker image. | -| proxy.image.tag | string | `"sha-5ff79451"` | The tag for the docker image | -| proxy.resources.limits.memory | string | `"40Mi"` | Memory resource limits. | -| proxy.resources.requests.memory | string | `"25Mi"` | Memory resource requests. | -| proxyInit | object | `{"image":{"pullPolicy":"IfNotPresent","registry":null,"repository":"stackstate/http-header-injector-proxy-init","tag":"sha-5ff79451"}}` | InitContainer within pod which redirects traffic to the proxy container. | -| proxyInit.image.pullPolicy | string | `"IfNotPresent"` | Policy when pulling an image | -| proxyInit.image.registry | string | `nil` | Registry for the docker image | -| proxyInit.image.tag | string | `"sha-5ff79451"` | The tag for the docker image | -| sidecarInjector | object | `{"image":{"pullPolicy":"IfNotPresent","registry":null,"repository":"stackstate/generic-sidecar-injector","tag":"sha-9c852245"}}` | Service for injecting the proxy sidecar into pods | -| sidecarInjector.image.pullPolicy | string | `"IfNotPresent"` | Policy when pulling an image | -| sidecarInjector.image.registry | string | `nil` | Registry for the docker image. | -| sidecarInjector.image.tag | string | `"sha-9c852245"` | The tag for the docker image | -| webhook | object | `{"failurePolicy":"Ignore","tls":{"certManager":{"issuer":"","issuerKind":"ClusterIssuer","issuerNamespace":""},"mode":"generated","provided":{"caBundle":"","crt":"","key":""},"secret":{"name":""}}}` | MutationWebhook that will be installed to inject a sidecar into pods | -| webhook.failurePolicy | string | `"Ignore"` | How should the webhook fail? Best is to use Ignore, because there is a brief moment at initialization when the hook s there but the service not. Also, putting this to fail can cause the control plane be unresponsive. | -| webhook.tls.certManager.issuer | string | `""` | The issuer that is used for the webhook. Only used if you set webhook.tls.mode to "cert-manager". | -| webhook.tls.certManager.issuerKind | string | `"ClusterIssuer"` | The issuer kind that is used for the webhook, valid values are "Issuer" or "ClusterIssuer". Only used if you set webhook.tls.mode to "cert-manager". | -| webhook.tls.certManager.issuerNamespace | string | `""` | The namespace the cert-manager issuer is located in. If left empty defaults to the release's namespace that is used for the webhook. Only used if you set webhook.tls.mode to "cert-manager". | -| webhook.tls.mode | string | `"generated"` | The mode for the webhook. Can be "provided", "generated", "secret" or "cert-manager". If you want to use cert-manager, you need to install it first. NOTE: If you choose "generated", additional privileges are required to create the certificate and webhook at runtime. | -| webhook.tls.provided.caBundle | string | `""` | The caBundle that is used for the webhook. This is the certificate that is used to sign the webhook. Only used if you set webhook.tls.mode to "provided". | -| webhook.tls.provided.crt | string | `""` | The certificate that is used for the webhook. Only used if you set webhook.tls.mode to "provided". | -| webhook.tls.provided.key | string | `""` | The key that is used for the webhook. Only used if you set webhook.tls.mode to "provided". | -| webhook.tls.secret.name | string | `""` | The name of the secret containing the pre-provisioned certificate data that is used for the webhook. Only used if you set webhook.tls.mode to "secret". | - diff --git a/charts/stackstate/stackstate-k8s-agent/1.0.93/charts/http-header-injector/Readme.md.gotpl b/charts/stackstate/stackstate-k8s-agent/1.0.93/charts/http-header-injector/Readme.md.gotpl deleted file mode 100644 index 225032aa2..000000000 --- a/charts/stackstate/stackstate-k8s-agent/1.0.93/charts/http-header-injector/Readme.md.gotpl +++ /dev/null @@ -1,26 +0,0 @@ -{{ template "chart.header" . }} -{{ template "chart.description" . }} - -Current chart version is `{{ template "chart.version" . }}` - -{{ template "chart.homepageLine" . }} - -{{ template "chart.requirementsSection" . }} - -## Required Values - -No values have to be included to install this chart. After installing this chart, it becomes possible to annotate pods with -the `http-header-injector.stackstate.io/inject: enabled` annotation to make sure the sidecar provided by this chart is -activated on a pod. - -## Recommended Values - -{{ template "chart.valuesSection" . -}} - -## Install - -Install from the command line on Helm with the following command: - -```shell -helm install stackstate/http-header-injector -``` diff --git a/charts/stackstate/stackstate-k8s-agent/1.0.93/charts/http-header-injector/templates/_defines.tpl b/charts/stackstate/stackstate-k8s-agent/1.0.93/charts/http-header-injector/templates/_defines.tpl deleted file mode 100644 index ee6b7320e..000000000 --- a/charts/stackstate/stackstate-k8s-agent/1.0.93/charts/http-header-injector/templates/_defines.tpl +++ /dev/null @@ -1,131 +0,0 @@ -{{- define "http-header-injector.app.name" -}} -{{ .Release.Name }}-http-header-injector -{{- end -}} - -{{- define "http-header-injector.webhook-service.name" -}} -{{ .Release.Name }}-http-header-injector -{{- end -}} - -{{- define "http-header-injector.webhook-service.fqname" -}} -{{ .Release.Name }}-http-header-injector.{{ .Release.Namespace }}.svc -{{- end -}} - -{{- define "http-header-injector.cert-secret.name" -}} -{{- if eq .Values.webhook.tls.mode "secret" -}} -{{ .Values.webhook.tls.secret.name }} -{{- else -}} -{{ .Release.Name }}-http-injector-cert -{{- end -}} -{{- end -}} - -{{- define "http-header-injector.cert-clusterrole.name" -}} -{{ .Release.Name }}-http-injector-cert-cluster-role -{{- end -}} - -{{- define "http-header-injector.cert-serviceaccount.name" -}} -{{ .Release.Name }}-http-injector-cert-sa -{{- end -}} - -{{- define "http-header-injector.cert-config.name" -}} -{{ .Release.Name }}-cert-config -{{- end -}} - -{{- define "http-header-injector.mutatingwebhookconfiguration.name" -}} -{{ .Release.Name }}-http-header-injector-webhook.stackstate.io -{{- end -}} - -{{- define "http-header-injector.webhook-config.name" -}} -{{ .Release.Name }}-http-header-injector-config -{{- end -}} - -{{- define "http-header-injector.mutating-webhook.name" -}} -{{ .Release.Name }}-http-header-injector-webhook -{{- end -}} - -{{- define "http-header-injector.pull-secret.name" -}} -{{ include "http-header-injector.app.name" . }}-pull-secret -{{- end -}} - -{{/* If the issuer is located in a different namespace, it is possible to set that, else default to the release namespace */}} -{{- define "cert-manager.certificate.namespace" -}} -{{ .Values.webhook.tls.certManager.issuerNamespace | default .Release.Namespace }} -{{- end -}} - -{{- define "http-header-injector.image.registry.global" -}} - {{- if .Values.global }} - {{- .Values.global.imageRegistry | default "quay.io" -}} - {{- else -}} - quay.io - {{- end -}} -{{- end -}} - -{{- define "http-header-injector.image.registry" -}} - {{- if ((.ContainerConfig).image).registry -}} - {{- tpl .ContainerConfig.image.registry . -}} - {{- else -}} - {{- include "http-header-injector.image.registry.global" . }} - {{- end -}} -{{- end -}} - -{{- define "http-header-injector.image.pullSecrets" -}} - {{- $pullSecrets := list }} - {{- $pullSecrets = append $pullSecrets (include "http-header-injector.pull-secret.name" .) }} - {{- range .Values.global.imagePullSecrets -}} - {{- $pullSecrets = append $pullSecrets . -}} - {{- end -}} - {{- if (not (empty $pullSecrets)) -}} -imagePullSecrets: - {{- range $pullSecrets | uniq }} - - name: {{ . }} - {{- end }} - {{- end -}} -{{- end -}} - -{{- define "http-header-injector.cert-setup.container.main" }} -{{- $containerConfig := dict "ContainerConfig" .Values.certificatePrehook -}} -name: webhook-cert-setup -image: "{{ include "http-header-injector.image.registry" (merge $containerConfig .) }}/{{ .Values.certificatePrehook.image.repository }}:{{ .Values.certificatePrehook.image.tag }}" -imagePullPolicy: {{ .Values.certificatePrehook.image.pullPolicy }} -{{- with .Values.certificatePrehook.resources }} -resources: - {{- toYaml . | nindent 2 }} -{{- end }} -volumeMounts: - - name: "{{ include "http-header-injector.cert-config.name" . }}" - mountPath: /scripts - readOnly: true -command: ["/scripts/generate-cert.sh"] -{{- end }} - -{{- define "http-header-injector.cert-delete.container.main" }} -{{- $containerConfig := dict "ContainerConfig" .Values.certificatePrehook -}} -name: webhook-cert-delete -image: "{{ include "http-header-injector.image.registry" (merge $containerConfig .) }}/{{ .Values.certificatePrehook.image.repository }}:{{ .Values.certificatePrehook.image.tag }}" -imagePullPolicy: {{ .Values.certificatePrehook.image.pullPolicy }} -{{- with .Values.certificatePrehook.resources }} -resources: - {{- toYaml . | nindent 2 }} -{{- end }} -volumeMounts: - - name: "{{ include "http-header-injector.cert-config.name" . }}" - mountPath: /scripts -command: [ "/scripts/delete-cert.sh" ] -{{- end }} - -{{/* -Returns a YAML with extra annotations. -*/}} -{{- define "http-header-injector.global.extraAnnotations" -}} -{{- with .Values.global.extraAnnotations }} -{{- toYaml . }} -{{- end }} -{{- end -}} - -{{/* -Returns a YAML with extra labels. -*/}} -{{- define "http-header-injector.global.extraLabels" -}} -{{- with .Values.global.extraLabels }} -{{- toYaml . }} -{{- end }} -{{- end -}} \ No newline at end of file diff --git a/charts/stackstate/stackstate-k8s-agent/1.0.93/charts/http-header-injector/templates/cert-hook-clusterrolbinding.yaml b/charts/stackstate/stackstate-k8s-agent/1.0.93/charts/http-header-injector/templates/cert-hook-clusterrolbinding.yaml deleted file mode 100644 index fc0c01258..000000000 --- a/charts/stackstate/stackstate-k8s-agent/1.0.93/charts/http-header-injector/templates/cert-hook-clusterrolbinding.yaml +++ /dev/null @@ -1,24 +0,0 @@ -{{- if eq .Values.webhook.tls.mode "generated" }} -apiVersion: rbac.authorization.k8s.io/v1 -kind: ClusterRoleBinding -metadata: - name: "{{ include "http-header-injector.cert-serviceaccount.name" . }}" - labels: - app.kubernetes.io/component: http-header-injector-cert-hook - app.kubernetes.io/instance: {{ .Release.Name }} - app.kubernetes.io/name: {{ include "http-header-injector.app.name" . }} -{{ include "http-header-injector.global.extraLabels" . | indent 4 }} - annotations: - "helm.sh/hook": pre-install,pre-upgrade,post-delete,post-upgrade - "helm.sh/hook-weight": "-3" - "helm.sh/hook-delete-policy": before-hook-creation,hook-succeeded -{{ include "http-header-injector.global.extraAnnotations" . | indent 4 }} -roleRef: - apiGroup: rbac.authorization.k8s.io - kind: ClusterRole - name: "{{ include "http-header-injector.cert-clusterrole.name" . }}" -subjects: - - kind: ServiceAccount - name: "{{ include "http-header-injector.cert-serviceaccount.name" . }}" - namespace: {{ .Release.Namespace }} -{{- end }} diff --git a/charts/stackstate/stackstate-k8s-agent/1.0.93/charts/http-header-injector/templates/cert-hook-clusterrole.yaml b/charts/stackstate/stackstate-k8s-agent/1.0.93/charts/http-header-injector/templates/cert-hook-clusterrole.yaml deleted file mode 100644 index afab838b3..000000000 --- a/charts/stackstate/stackstate-k8s-agent/1.0.93/charts/http-header-injector/templates/cert-hook-clusterrole.yaml +++ /dev/null @@ -1,26 +0,0 @@ -{{- if eq .Values.webhook.tls.mode "generated" }} -apiVersion: rbac.authorization.k8s.io/v1 -kind: ClusterRole -metadata: - name: "{{ include "http-header-injector.cert-clusterrole.name" . }}" - labels: - app.kubernetes.io/component: http-header-injector-cert-hook - app.kubernetes.io/instance: {{ .Release.Name }} - app.kubernetes.io/name: {{ include "http-header-injector.app.name" . }} -{{ include "http-header-injector.global.extraLabels" . | indent 4 }} - annotations: - "helm.sh/hook": pre-install,pre-upgrade,post-delete,post-upgrade - "helm.sh/hook-weight": "-4" - "helm.sh/hook-delete-policy": before-hook-creation,hook-succeeded -{{ include "http-header-injector.global.extraAnnotations" . | indent 4 }} -rules: - - apiGroups: [ "admissionregistration.k8s.io" ] - resources: [ "mutatingwebhookconfigurations" ] - verbs: [ "get", "create", "patch","update","delete" ] - - apiGroups: [ "" ] - resources: [ "secrets" ] - verbs: [ "create", "get", "patch","update","delete" ] - - apiGroups: [ "apps" ] - resources: [ "deployments" ] - verbs: [ "get" ] -{{- end }} diff --git a/charts/stackstate/stackstate-k8s-agent/1.0.93/charts/http-header-injector/templates/cert-hook-config.yaml b/charts/stackstate/stackstate-k8s-agent/1.0.93/charts/http-header-injector/templates/cert-hook-config.yaml deleted file mode 100644 index a22bdf4fb..000000000 --- a/charts/stackstate/stackstate-k8s-agent/1.0.93/charts/http-header-injector/templates/cert-hook-config.yaml +++ /dev/null @@ -1,158 +0,0 @@ -{{- if eq .Values.webhook.tls.mode "generated" }} -apiVersion: v1 -kind: ConfigMap -metadata: - name: "{{ include "http-header-injector.cert-config.name" . }}" - labels: - app.kubernetes.io/component: http-header-injector-cert-hook - app.kubernetes.io/instance: {{ .Release.Name }} - app.kubernetes.io/name: {{ include "http-header-injector.app.name" . }} -{{ include "http-header-injector.global.extraLabels" . | indent 4 }} - annotations: - "helm.sh/hook": pre-install,pre-upgrade,post-delete,post-upgrade - "helm.sh/hook-weight": "-3" - "helm.sh/hook-delete-policy": before-hook-creation,hook-succeeded -{{ include "http-header-injector.global.extraAnnotations" . | indent 4 }} -data: - generate-cert.sh: | - #!/bin/bash - - # We are going for a self-signed certificate here. We would like to use k8s CertificateSigningRequest, however, - # currently there are no out of the box signers that can sign a 'server auth' certificate, which is required for mutation webhooks. - set -ex - - SCRIPTDIR="${BASH_SOURCE%/*}" - - DIR=`mktemp -d` - - cd "$DIR" - - {{ if .Values.enabled }} - echo "Chart enabled, creating secret and webhook" - - openssl genrsa -out ca.key 2048 - - openssl req -x509 -new -nodes -key ca.key -subj "/CN={{ include "http-header-injector.webhook-service.fqname" . }}" -days 10000 -out ca.crt - - openssl genrsa -out tls.key 2048 - - openssl req -new -key tls.key -out tls.csr -config "$SCRIPTDIR/csr.conf" - - openssl x509 -req -in tls.csr -CA ca.crt -CAkey ca.key \ - -CAcreateserial -out tls.crt -days 10000 \ - -extensions v3_ext -extfile "$SCRIPTDIR/csr.conf" -sha256 - - # Create or update the secret - echo "Applying secret" - kubectl create secret tls "{{ include "http-header-injector.cert-secret.name" . }}" \ - -n "{{ .Release.Namespace }}" \ - --cert=./tls.crt \ - --key=./tls.key \ - --dry-run=client \ - -o yaml | kubectl apply -f - - - echo "Applying mutationwebhook" - caBundle=`base64 -w 0 ca.crt` - cat "$SCRIPTDIR/mutatingwebhookconfiguration.yaml" | sed "s/\\\$CA_BUNDLE/$caBundle/g" | kubectl apply -f - - {{ else }} - echo "Chart disabled, not creating secret and webhook" - {{ end }} - delete-cert.sh: | - #!/bin/bash - - set -x - - DIR="${BASH_SOURCE%/*}" - if [[ ! -d "$DIR" ]]; then DIR="$PWD"; fi - if [[ "$DIR" = "." ]]; then DIR="$PWD"; fi - - cd "$DIR" - - # Using detection of deployment hee to also make this work in post-delete. - if kubectl get deployments "{{ include "http-header-injector.app.name" . }}" -n "{{ .Release.Namespace }}"; then - echo "Chart enabled, not removing secret and mutationwebhook" - exit 0 - else - echo "Chart disabled, removing secret and mutationwebhook" - fi - - # Create or update the secret - echo "Deleting secret" - kubectl delete secret "{{ include "http-header-injector.cert-secret.name" . }}" -n "{{ .Release.Namespace }}" - - echo "Applying mutationwebhook" - kubectl delete MutatingWebhookConfiguration "{{ include "http-header-injector.mutating-webhook.name" . }}" -n "{{ .Release.Namespace }}" - - exit 0 - - csr.conf: | - [ req ] - default_bits = 2048 - prompt = no - default_md = sha256 - req_extensions = req_ext - distinguished_name = dn - - [ dn ] - C = NL - ST = Utrecht - L = Hilversum - O = StackState - OU = Dev - CN = {{ include "http-header-injector.webhook-service.fqname" . }} - - [ req_ext ] - subjectAltName = @alt_names - - [ alt_names ] - DNS.1 = {{ include "http-header-injector.webhook-service.fqname" . }} - - [ v3_ext ] - authorityKeyIdentifier=keyid,issuer:always - basicConstraints=CA:FALSE - keyUsage=keyEncipherment,dataEncipherment - extendedKeyUsage=serverAuth - subjectAltName=@alt_names - - mutatingwebhookconfiguration.yaml: | - apiVersion: admissionregistration.k8s.io/v1 - kind: MutatingWebhookConfiguration - metadata: - name: "{{ include "http-header-injector.mutating-webhook.name" . }}" - namespace: "{{ .Release.Namespace }}" - labels: -{{ include "http-header-injector.global.extraLabels" . | indent 8 }} - annotations: -{{ include "http-header-injector.global.extraAnnotations" . | indent 8 }} - webhooks: - - clientConfig: - caBundle: "$CA_BUNDLE" - service: - name: "{{ include "http-header-injector.webhook-service.name" . }}" - path: /mutate - namespace: {{ .Release.Namespace }} - port: 8443 - # Putting failure on ignore, not doing so can crash the entire control plane if something goes wrong with the service. - failurePolicy: "{{ .Values.webhook.failurePolicy }}" - name: "{{ include "http-header-injector.mutatingwebhookconfiguration.name" . }}" - namespaceSelector: - matchExpressions: - - key: kubernetes.io/metadata.name - operator: NotIn - values: - - kube-system - - cert-manager - - {{ .Release.Namespace }} - rules: - - apiGroups: - - "" - apiVersions: - - v1 - operations: - - CREATE - resources: - - pods - sideEffects: None - admissionReviewVersions: - - v1 -{{- end }} diff --git a/charts/stackstate/stackstate-k8s-agent/1.0.93/charts/http-header-injector/templates/cert-hook-job-delete.yaml b/charts/stackstate/stackstate-k8s-agent/1.0.93/charts/http-header-injector/templates/cert-hook-job-delete.yaml deleted file mode 100644 index 6f72ce247..000000000 --- a/charts/stackstate/stackstate-k8s-agent/1.0.93/charts/http-header-injector/templates/cert-hook-job-delete.yaml +++ /dev/null @@ -1,39 +0,0 @@ -{{- if eq .Values.webhook.tls.mode "generated" }} -apiVersion: batch/v1 -kind: Job -metadata: - name: {{ .Release.Name }}-header-injector-cert-delete - labels: - app.kubernetes.io/component: http-header-injector-cert-hook-delete - app.kubernetes.io/instance: {{ .Release.Name }} - app.kubernetes.io/name: {{ include "http-header-injector.app.name" . }} -{{ include "http-header-injector.global.extraLabels" . | indent 4 }} - annotations: - "helm.sh/hook": post-delete,post-upgrade - "helm.sh/hook-weight": "-2" - "helm.sh/hook-delete-policy": before-hook-creation{{- if not .Values.debug -}},hook-succeeded{{- end }} -{{ include "http-header-injector.global.extraAnnotations" . | indent 4 }} -spec: - template: - metadata: - labels: - app.kubernetes.io/component: http-header-injector-delete - app.kubernetes.io/instance: {{ .Release.Name }} - app.kubernetes.io/name: {{ include "http-header-injector.app.name" . }} -{{ include "http-header-injector.global.extraLabels" . | indent 8 }} - annotations: - checksum/config: {{ include (print $.Template.BasePath "/cert-hook-config.yaml") . | sha256sum }} -{{ include "http-header-injector.global.extraAnnotations" . | indent 8 }} - spec: - serviceAccountName: "{{ include "http-header-injector.cert-serviceaccount.name" . }}" - {{- include "http-header-injector.image.pullSecrets" . | nindent 6 }} - volumes: - - name: "{{ include "http-header-injector.cert-config.name" . }}" - configMap: - name: "{{ include "http-header-injector.cert-config.name" . }}" - defaultMode: 0777 - containers: - - {{ include "http-header-injector.cert-delete.container.main" . | nindent 8 }} - restartPolicy: Never - backoffLimit: 0 -{{- end }} diff --git a/charts/stackstate/stackstate-k8s-agent/1.0.93/charts/http-header-injector/templates/cert-hook-job-setup.yaml b/charts/stackstate/stackstate-k8s-agent/1.0.93/charts/http-header-injector/templates/cert-hook-job-setup.yaml deleted file mode 100644 index cc1c89631..000000000 --- a/charts/stackstate/stackstate-k8s-agent/1.0.93/charts/http-header-injector/templates/cert-hook-job-setup.yaml +++ /dev/null @@ -1,39 +0,0 @@ -{{- if eq .Values.webhook.tls.mode "generated" }} -apiVersion: batch/v1 -kind: Job -metadata: - name: {{ .Release.Name }}-header-injector-cert-setup - labels: - app.kubernetes.io/component: http-header-injector-cert-hook-setup - app.kubernetes.io/instance: {{ .Release.Name }} - app.kubernetes.io/name: {{ include "http-header-injector.app.name" . }} -{{ include "http-header-injector.global.extraLabels" . | indent 4 }} - annotations: - "helm.sh/hook": pre-install,pre-upgrade - "helm.sh/hook-weight": "-2" - "helm.sh/hook-delete-policy": before-hook-creation{{- if not .Values.debug -}},hook-succeeded{{- end }} -{{ include "http-header-injector.global.extraAnnotations" . | indent 4 }} -spec: - template: - metadata: - labels: - app.kubernetes.io/component: http-header-injector-setup - app.kubernetes.io/instance: {{ .Release.Name }} - app.kubernetes.io/name: {{ include "http-header-injector.app.name" . }} -{{ include "http-header-injector.global.extraLabels" . | indent 8 }} - annotations: - checksum/config: {{ include (print $.Template.BasePath "/cert-hook-config.yaml") . | sha256sum }} -{{ include "http-header-injector.global.extraAnnotations" . | indent 8 }} - spec: - serviceAccountName: "{{ include "http-header-injector.cert-serviceaccount.name" . }}" - {{- include "http-header-injector.image.pullSecrets" . | nindent 6 }} - volumes: - - name: "{{ include "http-header-injector.cert-config.name" . }}" - configMap: - name: "{{ include "http-header-injector.cert-config.name" . }}" - defaultMode: 0777 - containers: - - {{ include "http-header-injector.cert-setup.container.main" . | nindent 8 }} - restartPolicy: Never - backoffLimit: 0 -{{- end }} diff --git a/charts/stackstate/stackstate-k8s-agent/1.0.93/charts/http-header-injector/templates/cert-hook-serviceaccount.yaml b/charts/stackstate/stackstate-k8s-agent/1.0.93/charts/http-header-injector/templates/cert-hook-serviceaccount.yaml deleted file mode 100644 index 29b26df95..000000000 --- a/charts/stackstate/stackstate-k8s-agent/1.0.93/charts/http-header-injector/templates/cert-hook-serviceaccount.yaml +++ /dev/null @@ -1,18 +0,0 @@ -{{- if eq .Values.webhook.tls.mode "generated" }} -apiVersion: v1 -kind: ServiceAccount -metadata: - name: "{{ include "http-header-injector.cert-serviceaccount.name" . }}" - namespace: {{ .Release.Namespace }} - annotations: - "helm.sh/hook": pre-install,pre-upgrade,post-delete,post-upgrade - "helm.sh/hook-weight": "-4" - "helm.sh/hook-delete-policy": before-hook-creation,hook-succeeded -{{ include "http-header-injector.global.extraAnnotations" . | indent 4 }} - labels: - app.kubernetes.io/component: http-header-injector-cert-hook - app.kubernetes.io/instance: {{ .Release.Name }} - app.kubernetes.io/name: {{ include "http-header-injector.app.name" . }} - app: "{{ include "http-header-injector.app.name" . }}" -{{ include "http-header-injector.global.extraLabels" . | indent 4 }} -{{- end }} diff --git a/charts/stackstate/stackstate-k8s-agent/1.0.93/charts/http-header-injector/templates/pull-secret.yaml b/charts/stackstate/stackstate-k8s-agent/1.0.93/charts/http-header-injector/templates/pull-secret.yaml deleted file mode 100644 index 80b4ee404..000000000 --- a/charts/stackstate/stackstate-k8s-agent/1.0.93/charts/http-header-injector/templates/pull-secret.yaml +++ /dev/null @@ -1,32 +0,0 @@ -{{- $defaultRegistry := .Values.global.imageRegistry }} -{{- $top := . }} -{{- $registryAuthMap := dict }} - -{{- range $registry, $credentials := .Values.global.imagePullCredentials }} - {{- $registryAuthDocument := dict -}} - {{- $_ := set $registryAuthDocument "username" $credentials.username }} - {{- $_ := set $registryAuthDocument "password" $credentials.password }} - {{- $authMessage := printf "%s:%s" $registryAuthDocument.username $registryAuthDocument.password | b64enc }} - {{- $_ := set $registryAuthDocument "auth" $authMessage }} - {{- if eq $registry "default" }} - {{- $registryAuthMap := set $registryAuthMap (include "http-header-injector.image.registry.global" $top) $registryAuthDocument }} - {{ else }} - {{- $registryAuthMap := set $registryAuthMap $registry $registryAuthDocument }} - {{- end }} -{{- end }} -{{- $dockerAuthsDocuments := dict "auths" $registryAuthMap }} - -apiVersion: v1 -kind: Secret -metadata: - labels: - app.kubernetes.io/component: http-header-injector - app.kubernetes.io/instance: {{ .Release.Name }} - app.kubernetes.io/name: {{ include "http-header-injector.app.name" . }} -{{ include "http-header-injector.global.extraLabels" . | indent 4 }} - annotations: -{{ include "http-header-injector.global.extraAnnotations" . | indent 4 }} - name: {{ include "http-header-injector.pull-secret.name" . }} -data: - .dockerconfigjson: {{ $dockerAuthsDocuments | toJson | b64enc | quote }} -type: kubernetes.io/dockerconfigjson \ No newline at end of file diff --git a/charts/stackstate/stackstate-k8s-agent/1.0.93/charts/http-header-injector/templates/webhook-cert-secret.yaml b/charts/stackstate/stackstate-k8s-agent/1.0.93/charts/http-header-injector/templates/webhook-cert-secret.yaml deleted file mode 100644 index f571ca86b..000000000 --- a/charts/stackstate/stackstate-k8s-agent/1.0.93/charts/http-header-injector/templates/webhook-cert-secret.yaml +++ /dev/null @@ -1,18 +0,0 @@ -{{- if eq .Values.webhook.tls.mode "provided" }} -apiVersion: v1 -kind: Secret -metadata: - name: {{ include "http-header-injector.cert-secret.name" . }} - namespace: {{ .Release.Namespace }} - labels: - app.kubernetes.io/component: http-header-injector - app.kubernetes.io/instance: {{ .Release.Name }} - app.kubernetes.io/name: {{ include "http-header-injector.app.name" . }} -{{ include "http-header-injector.global.extraLabels" . | indent 4 }} - annotations: -{{ include "http-header-injector.global.extraAnnotations" . | indent 4 }} -type: kubernetes.io/tls -data: - tls.crt: {{ .Values.webhook.tls.provided.crt | b64enc }} - tls.key: {{ .Values.webhook.tls.provided.key | b64enc }} -{{- end }} diff --git a/charts/stackstate/stackstate-k8s-agent/1.0.93/charts/http-header-injector/templates/webhook-certificate.yaml b/charts/stackstate/stackstate-k8s-agent/1.0.93/charts/http-header-injector/templates/webhook-certificate.yaml deleted file mode 100644 index a68c7c5f6..000000000 --- a/charts/stackstate/stackstate-k8s-agent/1.0.93/charts/http-header-injector/templates/webhook-certificate.yaml +++ /dev/null @@ -1,23 +0,0 @@ -{{- if eq .Values.webhook.tls.mode "cert-manager" }} -apiVersion: cert-manager.io/v1 -kind: Certificate -metadata: - name: {{ include "http-header-injector.webhook-service.name" . }} - namespace: {{ include "cert-manager.certificate.namespace" . }} - labels: - app.kubernetes.io/component: http-header-injector - app.kubernetes.io/instance: {{ .Release.Name }} - app.kubernetes.io/name: {{ include "http-header-injector.app.name" . }} -{{ include "http-header-injector.global.extraLabels" . | indent 4 }} - annotations: -{{ include "http-header-injector.global.extraAnnotations" . | indent 4 }} -spec: - secretName: {{ include "http-header-injector.cert-secret.name" . }} - issuerRef: - name: {{ .Values.webhook.tls.certManager.issuer }} - kind: {{ .Values.webhook.tls.certManager.issuerKind }} - dnsNames: - - "{{ include "http-header-injector.webhook-service.name" . }}" - - "{{ include "http-header-injector.webhook-service.name" . }}.{{ .Release.Namespace }}" - - "{{ include "http-header-injector.webhook-service.name" . }}.{{ .Release.Namespace }}.svc" -{{- end }} diff --git a/charts/stackstate/stackstate-k8s-agent/1.0.93/charts/http-header-injector/templates/webhook-config.yaml b/charts/stackstate/stackstate-k8s-agent/1.0.93/charts/http-header-injector/templates/webhook-config.yaml deleted file mode 100644 index 20b38ce96..000000000 --- a/charts/stackstate/stackstate-k8s-agent/1.0.93/charts/http-header-injector/templates/webhook-config.yaml +++ /dev/null @@ -1,128 +0,0 @@ -{{- if .Values.enabled -}} -{{- $proxyContainerConfig := dict "ContainerConfig" .Values.proxy -}} -{{- $proxyInitContainerConfig := dict "ContainerConfig" .Values.proxyInit -}} -apiVersion: v1 -kind: ConfigMap -metadata: - labels: - app.kubernetes.io/component: http-header-injector - app.kubernetes.io/instance: {{ .Release.Name }} - app.kubernetes.io/name: {{ include "http-header-injector.app.name" . }} -{{ include "http-header-injector.global.extraLabels" . | indent 4 }} - annotations: -{{ include "http-header-injector.global.extraAnnotations" . | indent 4 }} - name: {{ .Release.Name }}-http-header-injector-config -data: - sidecarconfig.yaml: | - initContainers: - - name: http-header-proxy-init - image: "{{ include "http-header-injector.image.registry" (merge $proxyInitContainerConfig .) }}/{{ .Values.proxyInit.image.repository }}:{{ .Values.proxyInit.image.tag }}" - imagePullPolicy: {{ .Values.proxyInit.image.pullPolicy }} - command: ["/init-iptables.sh"] - env: - - name: CHART_VERSION - value: "{{ .Chart.Version }}" - - name: PROXY_PORT - value: {% if index .Annotations "config.http-header-injector.stackstate.io/proxy-port" %}"{% index .Annotations "config.http-header-injector.stackstate.io/proxy-port" %}"{% else %}"7060"{% end %} - - name: PROXY_UID - value: {% if index .Annotations "config.http-header-injector.stackstate.io/proxy-uid" %}"{% index .Annotations "config.http-header-injector.stackstate.io/proxy-uid" %}"{% else %}"2103"{% end %} - - name: POD_HOST_NETWORK - value: {% .Spec.HostNetwork %} - {% if eq (index .Annotations "linkerd.io/inject") "enabled" %} - - name: LINKERD - value: true - # Reference: https://linkerd.io/2.13/reference/proxy-configuration/ - - name: LINKERD_PROXY_UID - value: {% if index .Annotations "config.linkerd.io/proxy-uid" %}"{% index .Annotations "config.linkerd.io/proxy-uid" %}"{% else %}"2102"{% end %} - # Due to https://github.com/linkerd/linkerd2/issues/10981 this is now not realy possible, still bringing in the code for future reference - - name: LINKERD_ADMIN_PORT - value: {% if index .Annotations "config.linkerd.io/admin-port" %}"{% index .Annotations "config.linkerd.io/admin-port" %}"{% else %}"4191"{% end %} - {% end %} - securityContext: - allowPrivilegeEscalation: false - capabilities: - add: - - NET_ADMIN - - NET_RAW - privileged: false - readOnlyRootFilesystem: true - runAsNonRoot: false - runAsUser: 0 - seccompProfile: - type: RuntimeDefault - volumeMounts: - # This is required for iptables to be able to run - - mountPath: /run - name: http-header-proxy-init-xtables-lock - - containers: - - name: http-header-proxy - image: "{{ include "http-header-injector.image.registry" (merge $proxyContainerConfig .) }}/{{ .Values.proxy.image.repository }}:{{ .Values.proxy.image.tag }}" - imagePullPolicy: {{ .Values.proxy.image.pullPolicy }} - env: - - name: CHART_VERSION - value: "{{ .Chart.Version }}" - - name: PORT - value: {% if index .Annotations "config.http-header-injector.stackstate.io/proxy-port" %}"{% index .Annotations "config.http-header-injector.stackstate.io/proxy-port" %}"{% else %}"7060"{% end %} - - name: DEBUG - value: {% if index .Annotations "config.http-header-injector.stackstate.io/debug" %}"{% index .Annotations "config.http-header-injector.stackstate.io/debug" %}"{% else %}"disabled"{% end %} - securityContext: - runAsUser: {% if index .Annotations "config.http-header-injector.stackstate.io/proxy-uid" %}{% index .Annotations "config.http-header-injector.stackstate.io/proxy-uid" %}{% else %}2103{% end %} - seccompProfile: - type: RuntimeDefault - {{- with .Values.proxy.resources }} - resources: - {{- toYaml . | nindent 12 }} - {{- end }} - - name: http-header-inject-debug - image: "{{ include "http-header-injector.image.registry" (merge $proxyContainerConfig .) }}/{{ .Values.proxyInit.image.repository }}:{{ .Values.proxyInit.image.tag }}" - imagePullPolicy: {{ .Values.proxyInit.image.pullPolicy }} - command: ["/bin/sh", "-c", "while echo \"Running\"; do sleep 1; done"] - securityContext: - allowPrivilegeEscalation: false - capabilities: - add: - - NET_ADMIN - - NET_RAW - privileged: false - readOnlyRootFilesystem: true - runAsNonRoot: false - runAsUser: 0 - seccompProfile: - type: RuntimeDefault - volumeMounts: - # This is required for iptables to be able to run - - mountPath: /run - name: http-header-proxy-init-xtables-lock - - volumes: - - emptyDir: {} - name: http-header-proxy-init-xtables-lock - - mutationconfig.yaml: | - mutationConfigs: - - name: "http-header-injector" - annotationNamespace: "http-header-injector.stackstate.io" - annotationTrigger: "inject" - annotationConfig: - volumeMounts: [] - initContainersBeforePodInitContainers: [ "http-header-proxy-init" ] - initContainers: [ "http-header-proxy-init" ] - containers: [ "http-header-proxy" ] - volumes: [ "http-header-proxy-init-xtables-lock" ] - volumeMounts: [ ] - # Namespaces are ignored by the mutatingwebhook - ignoreNamespaces: [ ] - - name: "http-header-injector-debug" - annotationNamespace: "http-header-injector-debug.stackstate.io" - annotationTrigger: "inject" - annotationConfig: - volumeMounts: [] - initContainersBeforePodInitContainers: [ ] - initContainers: [ ] - containers: [ "http-header-inject-debug" ] - volumes: [ "http-header-proxy-init-xtables-lock" ] - volumeMounts: [ ] - # Namespaces are ignored by the mutatingwebhook - ignoreNamespaces: [ ] - {{- end -}} \ No newline at end of file diff --git a/charts/stackstate/stackstate-k8s-agent/1.0.93/charts/http-header-injector/templates/webhook-deployment.yaml b/charts/stackstate/stackstate-k8s-agent/1.0.93/charts/http-header-injector/templates/webhook-deployment.yaml deleted file mode 100644 index 8af6ff51a..000000000 --- a/charts/stackstate/stackstate-k8s-agent/1.0.93/charts/http-header-injector/templates/webhook-deployment.yaml +++ /dev/null @@ -1,61 +0,0 @@ -{{- if .Values.enabled -}} -{{- $containerConfig := dict "ContainerConfig" .Values.sidecarInjector -}} -apiVersion: apps/v1 -kind: Deployment -metadata: - labels: - app.kubernetes.io/component: http-header-injector - app.kubernetes.io/instance: {{ .Release.Name }} - app.kubernetes.io/name: {{ include "http-header-injector.app.name" . }} - app: "{{ include "http-header-injector.app.name" . }}" -{{ include "http-header-injector.global.extraLabels" . | indent 4 }} - annotations: -{{ include "http-header-injector.global.extraAnnotations" . | indent 4 }} - name: "{{ include "http-header-injector.app.name" . }}" -spec: - replicas: 1 - selector: - matchLabels: - app: "{{ include "http-header-injector.app.name" . }}" - template: - metadata: - labels: - app.kubernetes.io/component: http-header-injector - app.kubernetes.io/instance: {{ .Release.Name }} - app.kubernetes.io/name: {{ include "http-header-injector.app.name" . }} - app: "{{ include "http-header-injector.app.name" . }}" -{{ include "http-header-injector.global.extraLabels" . | indent 8 }} - annotations: - checksum/config: {{ include (print $.Template.BasePath "/webhook-config.yaml") . | sha256sum }} - # This is here to make sure the generic injector gets restarted and picks up a new secret that may have been generated upon upgrade. - revision: "{{ .Release.Revision }}" -{{ include "http-header-injector.global.extraAnnotations" . | indent 8 }} - name: "{{ include "http-header-injector.app.name" . }}" - spec: - {{- include "http-header-injector.image.pullSecrets" . | nindent 6 }} - volumes: - - name: "{{ include "http-header-injector.webhook-config.name" . }}" - configMap: - name: "{{ include "http-header-injector.webhook-config.name" . }}" - - name: "{{ include "http-header-injector.cert-secret.name" . }}" - secret: - secretName: "{{ include "http-header-injector.cert-secret.name" . }}" - containers: - - image: "{{ include "http-header-injector.image.registry" (merge $containerConfig .) }}/{{ .Values.sidecarInjector.image.repository }}:{{ .Values.sidecarInjector.image.tag }}" - imagePullPolicy: {{ .Values.sidecarInjector.image.pullPolicy }} - name: http-header-injector - volumeMounts: - - name: "{{ include "http-header-injector.webhook-config.name" . }}" - mountPath: /etc/webhook/config - readOnly: true - - name: "{{ include "http-header-injector.cert-secret.name" . }}" - mountPath: /etc/webhook/certs - readOnly: true - command: [ "/sidecarinjector" ] - args: - - --port=8443 - - --sidecar-config-file=/etc/webhook/config/sidecarconfig.yaml - - --mutation-config-file=/etc/webhook/config/mutationconfig.yaml - - --cert-file-path=/etc/webhook/certs/tls.crt - - --key-file-path=/etc/webhook/certs/tls.key -{{- end -}} \ No newline at end of file diff --git a/charts/stackstate/stackstate-k8s-agent/1.0.93/charts/http-header-injector/templates/webhook-mutatingwebhookconfiguration.yaml b/charts/stackstate/stackstate-k8s-agent/1.0.93/charts/http-header-injector/templates/webhook-mutatingwebhookconfiguration.yaml deleted file mode 100644 index de0acc1df..000000000 --- a/charts/stackstate/stackstate-k8s-agent/1.0.93/charts/http-header-injector/templates/webhook-mutatingwebhookconfiguration.yaml +++ /dev/null @@ -1,54 +0,0 @@ -{{- if not (eq .Values.webhook.tls.mode "generated") }} -apiVersion: admissionregistration.k8s.io/v1 -kind: MutatingWebhookConfiguration -metadata: - name: "{{ include "http-header-injector.mutating-webhook.name" . }}" - namespace: "{{ .Release.Namespace }}" - labels: - app.kubernetes.io/component: http-header-injector - app.kubernetes.io/instance: {{ .Release.Name }} - app.kubernetes.io/name: {{ include "http-header-injector.app.name" . }} -{{ include "http-header-injector.global.extraLabels" . | indent 4 }} - annotations: - {{- if eq .Values.webhook.tls.mode "cert-manager" }} - cert-manager.io/inject-ca-from: {{ include "cert-manager.certificate.namespace" . }}/{{ include "http-header-injector.webhook-service.name" . }} - {{- else if eq .Values.webhook.tls.mode "secret" }} - cert-manager.io/inject-ca-from-secret: {{ .Release.Namespace }}/{{ .Values.webhook.tls.secret.name | required "'webhook.tls.secret.name' is required when webhook.tls.mode is 'secret'" }} - {{- end }} -{{ include "http-header-injector.global.extraAnnotations" . | indent 4 }} -webhooks: - - clientConfig: - {{- if eq .Values.webhook.tls.mode "provided" }} - caBundle: "{{ .Values.webhook.tls.provided.caBundle | b64enc }}" - {{- else if or (eq .Values.webhook.tls.mode "cert-manager") (eq .Values.webhook.tls.mode "secret") }} - caBundle: "" - {{- end }} - service: - name: "{{ include "http-header-injector.webhook-service.name" . }}" - path: /mutate - namespace: {{ .Release.Namespace }} - port: 8443 - # Putting failure on ignore, not doing so can crash the entire control plane if something goes wrong with the service. - failurePolicy: "{{ .Values.webhook.failurePolicy }}" - name: "{{ include "http-header-injector.mutatingwebhookconfiguration.name" . }}" - namespaceSelector: - matchExpressions: - - key: kubernetes.io/metadata.name - operator: NotIn - values: - - kube-system - - cert-manager - - {{ .Release.Namespace }} - rules: - - apiGroups: - - "" - apiVersions: - - v1 - operations: - - CREATE - resources: - - pods - sideEffects: None - admissionReviewVersions: - - v1 -{{- end }} diff --git a/charts/stackstate/stackstate-k8s-agent/1.0.93/charts/http-header-injector/templates/webhook-service.yaml b/charts/stackstate/stackstate-k8s-agent/1.0.93/charts/http-header-injector/templates/webhook-service.yaml deleted file mode 100644 index 55abdb022..000000000 --- a/charts/stackstate/stackstate-k8s-agent/1.0.93/charts/http-header-injector/templates/webhook-service.yaml +++ /dev/null @@ -1,20 +0,0 @@ -{{- if .Values.enabled -}} -apiVersion: v1 -kind: Service -metadata: - labels: - app.kubernetes.io/component: http-header-injector - app.kubernetes.io/instance: {{ .Release.Name }} - app.kubernetes.io/name: {{ include "http-header-injector.app.name" . }} -{{ include "http-header-injector.global.extraLabels" . | indent 4 }} - annotations: -{{ include "http-header-injector.global.extraAnnotations" . | indent 4 }} - name: "{{ include "http-header-injector.webhook-service.name" . }}" -spec: - ports: - - port: 8443 - protocol: TCP - targetPort: 8443 - selector: - app: "{{ include "http-header-injector.app.name" . }}" -{{- end -}} diff --git a/charts/stackstate/stackstate-k8s-agent/1.0.93/charts/http-header-injector/values.yaml b/charts/stackstate/stackstate-k8s-agent/1.0.93/charts/http-header-injector/values.yaml deleted file mode 100644 index a1b4be2fc..000000000 --- a/charts/stackstate/stackstate-k8s-agent/1.0.93/charts/http-header-injector/values.yaml +++ /dev/null @@ -1,110 +0,0 @@ -# enabled -- Enable/disable the mutationwebhook -enabled: true - -# debug -- Enable debugging. This will leave leave artifacts around like the prehook jobs for further inspection -debug: false - -global: - # global.imageRegistry -- Globally override the image registry that is used. Can be overridden by specific containers. Defaults to quay.io - imageRegistry: null - # global.imagePullSecrets -- Globally add image pull secrets that are used. - imagePullSecrets: [] - # global.imagePullCredentials -- Globally define credentials for pulling images. - imagePullCredentials: {} - - # global.extraLabels -- Extra labels added ta all resources created by the helm chart - extraLabels: {} - # global.extraAnnotations -- Extra annotations added ta all resources created by the helm chart - extraAnnotations: {} - -images: - pullSecretName: - -# proxy -- Proxy being injected into pods for rewriting http headers -proxy: - image: - # proxy.image.registry -- Registry for the docker image. - registry: - # proxy.image.repository - Repository for the docker image - repository: "stackstate/http-header-injector-proxy" - # proxy.image.pullPolicy -- Policy when pulling an image - pullPolicy: IfNotPresent - # proxy.image.tag -- The tag for the docker image - tag: sha-5ff79451 - - # proxy.resource -- Resources for the proxy container - resources: - requests: - # proxy.resources.requests.memory -- Memory resource requests. - memory: "25Mi" - limits: - # proxy.resources.limits.memory -- Memory resource limits. - memory: "40Mi" - -# proxyInit -- InitContainer within pod which redirects traffic to the proxy container. -proxyInit: - image: - # proxyInit.image.registry -- Registry for the docker image - registry: - # proxyInit.image.repository - Repository for the docker image - repository: "stackstate/http-header-injector-proxy-init" - # proxyInit.image.pullPolicy -- Policy when pulling an image - pullPolicy: IfNotPresent - # proxyInit.image.tag -- The tag for the docker image - tag: sha-5ff79451 - -# sidecarInjector -- Service for injecting the proxy sidecar into pods -sidecarInjector: - image: - # sidecarInjector.image.registry -- Registry for the docker image. - registry: - # sidecarInjector.image.repository - Repository for the docker image - repository: "stackstate/generic-sidecar-injector" - # sidecarInjector.image.pullPolicy -- Policy when pulling an image - pullPolicy: IfNotPresent - # sidecarInjector.image.tag -- The tag for the docker image - tag: sha-9c852245 - -# certificatePrehook -- Helm prehook to setup/remove a certificate for the sidecarInjector mutationwebhook -certificatePrehook: - image: - # certificatePrehook.image.registry -- Registry for the docker image. - registry: - # certificatePrehook.image.repository - Repository for the docker image. - repository: stackstate/container-tools - # certificatePrehook.image.pullPolicy -- Policy when pulling an image - pullPolicy: IfNotPresent - # certificatePrehook.image.tag -- The tag for the docker image - tag: 1.4.0 - resources: - limits: - cpu: "100m" - memory: "200Mi" - requests: - cpu: "100m" - memory: "200Mi" - -# webhook -- MutationWebhook that will be installed to inject a sidecar into pods -webhook: - # webhook.failurePolicy -- How should the webhook fail? Best is to use Ignore, because there is a brief moment at initialization when the hook s there but the service not. Also, putting this to fail can cause the control plane be unresponsive. - failurePolicy: Ignore - tls: - # webhook.tls.mode -- The mode for the webhook. Can be "provided", "generated", "secret" or "cert-manager". If you want to use cert-manager, you need to install it first. NOTE: If you choose "generated", additional privileges are required to create the certificate and webhook at runtime. - mode: "generated" - provided: - # webhook.tls.provided.caBundle -- The caBundle that is used for the webhook. This is the certificate that is used to sign the webhook. Only used if you set webhook.tls.mode to "provided". - caBundle: "" - # webhook.tls.provided.crt -- The certificate that is used for the webhook. Only used if you set webhook.tls.mode to "provided". - crt: "" - # webhook.tls.provided.key -- The key that is used for the webhook. Only used if you set webhook.tls.mode to "provided". - key: "" - certManager: - # webhook.tls.certManager.issuer -- The issuer that is used for the webhook. Only used if you set webhook.tls.mode to "cert-manager". - issuer: "" - # webhook.tls.certManager.issuerKind -- The issuer kind that is used for the webhook, valid values are "Issuer" or "ClusterIssuer". Only used if you set webhook.tls.mode to "cert-manager". - issuerKind: "ClusterIssuer" - # webhook.tls.certManager.issuerNamespace -- The namespace the cert-manager issuer is located in. If left empty defaults to the release's namespace that is used for the webhook. Only used if you set webhook.tls.mode to "cert-manager". - issuerNamespace: "" - secret: - # webhook.tls.secret.name -- The name of the secret containing the pre-provisioned certificate data that is used for the webhook. Only used if you set webhook.tls.mode to "secret". - name: "" diff --git a/charts/stackstate/stackstate-k8s-agent/1.0.93/questions.yml b/charts/stackstate/stackstate-k8s-agent/1.0.93/questions.yml deleted file mode 100644 index 5d6e6a011..000000000 --- a/charts/stackstate/stackstate-k8s-agent/1.0.93/questions.yml +++ /dev/null @@ -1,184 +0,0 @@ -questions: - - variable: stackstate.apiKey - label: "StackState API Key" - type: string - description: "The API key for StackState." - required: true - group: General - - variable: stackstate.url - label: "StackState URL" - type: string - description: "The URL where StackState is running." - required: true - group: General - - variable: stackstate.cluster.name - label: "StackState Cluster Name" - type: string - description: "The StackState Cluster Name given when installing the instance of the Kubernetes StackPack in StackState. This is used to identify the cluster in StackState." - required: true - group: General - - variable: all.registry.override - label: "Override Default Image Registry" - type: boolean - description: "Whether or not to override the default image registry." - default: false - group: "General" - show_subquestions_if: true - subquestions: - - variable: all.image.registry - label: "Docker Image Registry" - type: string - description: "The registry to pull the StackState Agent images from." - default: "quay.io" - - variable: global.imagePullCredentials.username - label: "Docker Image Pull Username" - type: string - description: "The username to use when pulling the StackState Agent images." - - variable: global.imagePullCredentials.password - label: "Docker Image Pull Password" - type: secret - description: "The password to use when pulling the StackState Agent images." - - variable: nodeAgent.containers.agent.resources.override - label: "Override Node Agent Resource Allocation" - type: boolean - description: "Whether or not to override the default resources." - default: "false" - group: "Node Agent" - show_subquestions_if: true - subquestions: - - variable: nodeAgent.containers.agent.resources.requests.cpu - label: "CPU Requests" - type: string - description: "The requested CPU for the Node Agent." - default: "20m" - - variable: nodeAgent.containers.agent.resources.requests.memory - label: "Memory Requests" - type: string - description: "The requested memory for the Node Agent." - default: "180Mi" - - variable: nodeAgent.containers.agent.resources.limits.cpu - label: "CPU Limit" - type: string - description: "The CPU limit for the Node Agent." - default: "270m" - - variable: nodeAgent.containers.agent.resources.limits.memory - label: "Memory Limit" - type: string - description: "The memory limit for the Node Agent." - default: "420Mi" - - variable: nodeAgent.containers.processAgent.enabled - label: "Enable Process Agent" - type: boolean - description: "Whether or not to enable the Process Agent." - default: "true" - group: "Process Agent" - - variable: nodeAgent.skipKubeletTLSVerify - label: "Skip Kubelet TLS Verify" - type: boolean - description: "Whether or not to skip TLS verification when connecting to the kubelet API." - default: "true" - group: "Process Agent" - - variable: nodeAgent.containers.processAgent.resources.override - label: "Override Process Agent Resource Allocation" - type: boolean - description: "Whether or not to override the default resources." - default: "false" - group: "Process Agent" - show_subquestions_if: true - subquestions: - - variable: nodeAgent.containers.processAgent.resources.requests.cpu - label: "CPU Requests" - type: string - description: "The requested CPU for the Process Agent." - default: "25m" - - variable: nodeAgent.containers.processAgent.resources.requests.memory - label: "Memory Requests" - type: string - description: "The requested memory for the Process Agent." - default: "128Mi" - - variable: nodeAgent.containers.processAgent.resources.limits.cpu - label: "CPU Limit" - type: string - description: "The CPU limit for the Process Agent." - default: "125m" - - variable: nodeAgent.containers.processAgent.resources.limits.memory - label: "Memory Limit" - type: string - description: "The memory limit for the Process Agent." - default: "400Mi" - - variable: clusterAgent.enabled - label: "Enable Cluster Agent" - type: boolean - description: "Whether or not to enable the Cluster Agent." - default: "true" - group: "Cluster Agent" - - variable: clusterAgent.collection.kubernetesResources.secrets - label: "Collect Secret Resources" - type: boolean - description: | - Whether or not to collect Kubernetes Secrets. - NOTE: StackState will not send the actual data of the secrets, only the metadata and a secure hash of the data. - default: "true" - group: "Cluster Agent" - - variable: clusterAgent.resources.override - label: "Override Cluster Agent Resource Allocation" - type: boolean - description: "Whether or not to override the default resources." - default: "false" - group: "Cluster Agent" - show_subquestions_if: true - subquestions: - - variable: clusterAgent.resources.requests.cpu - label: "CPU Requests" - type: string - description: "The requested CPU for the Cluster Agent." - default: "70m" - - variable: clusterAgent.resources.requests.memory - label: "Memory Requests" - type: string - description: "The requested memory for the Cluster Agent." - default: "512Mi" - - variable: clusterAgent.resources.limits.cpu - label: "CPU Limit" - type: string - description: "The CPU limit for the Cluster Agent." - default: "400m" - - variable: clusterAgent.resources.limits.memory - label: "Memory Limit" - type: string - description: "The memory limit for the Cluster Agent." - default: "800Mi" - - variable: logsAgent.enabled - label: "Enable Logs Agent" - type: boolean - description: "Whether or not to enable the Logs Agent." - default: "true" - group: "Logs Agent" - - variable: logsAgent.resources.override - label: "Override Logs Agent Resource Allocation" - type: boolean - description: "Whether or not to override the default resources." - default: "false" - group: "Logs Agent" - show_subquestions_if: true - subquestions: - - variable: logsAgent.resources.requests.cpu - label: "CPU Requests" - type: string - description: "The requested CPU for the Logs Agent." - default: "20m" - - variable: logsAgent.resources.requests.memory - label: "Memory Requests" - type: string - description: "The requested memory for the Logs Agent." - default: "100Mi" - - variable: logsAgent.resources.limits.cpu - label: "CPU Limit" - type: string - description: "The CPU limit for the Logs Agent." - default: "1300m" - - variable: logsAgent.resources.limits.memory - label: "Memory Limit" - type: string - description: "The memory limit for the Logs Agent." - default: "192Mi" diff --git a/charts/stackstate/stackstate-k8s-agent/1.0.93/templates/_cluster-agent-kube-state-metrics.yaml b/charts/stackstate/stackstate-k8s-agent/1.0.93/templates/_cluster-agent-kube-state-metrics.yaml deleted file mode 100644 index f99fbf618..000000000 --- a/charts/stackstate/stackstate-k8s-agent/1.0.93/templates/_cluster-agent-kube-state-metrics.yaml +++ /dev/null @@ -1,62 +0,0 @@ -{{- define "cluster-agent-kube-state-metrics" -}} -{{- $kubeRes := .Values.clusterAgent.collection.kubernetesResources }} -{{- if .Values.clusterAgent.collection.kubeStateMetrics.clusterCheck }} -cluster_check: true -{{- end }} -init_config: -instances: - - collectors: - - nodes - - pods - - services - {{- if $kubeRes.persistentvolumeclaims }} - - persistentvolumeclaims - {{- end }} - {{- if $kubeRes.persistentvolumes }} - - persistentvolumes - {{- end }} - {{- if $kubeRes.namespaces }} - - namespaces - {{- end }} - {{- if $kubeRes.endpoints }} - - endpoints - {{- end }} - {{- if $kubeRes.daemonsets }} - - daemonsets - {{- end }} - {{- if $kubeRes.deployments }} - - deployments - {{- end }} - {{- if $kubeRes.replicasets }} - - replicasets - {{- end }} - {{- if $kubeRes.statefulsets }} - - statefulsets - {{- end }} - {{- if $kubeRes.cronjobs }} - - cronjobs - {{- end }} - {{- if $kubeRes.jobs }} - - jobs - {{- end }} - {{- if $kubeRes.ingresses }} - - ingresses - {{- end }} - {{- if $kubeRes.secrets }} - - secrets - {{- end }} - - resourcequotas - - replicationcontrollers - - limitranges - - horizontalpodautoscalers - - poddisruptionbudgets - - storageclasses - - volumeattachments - {{- if .Values.clusterAgent.collection.kubeStateMetrics.clusterCheck }} - skip_leader_election: true - {{- end }} - labels_as_tags: - {{ .Values.clusterAgent.collection.kubeStateMetrics.labelsAsTags | toYaml | indent 8 }} - annotations_as_tags: - {{ .Values.clusterAgent.collection.kubeStateMetrics.annotationsAsTags | toYaml | indent 8 }} -{{- end -}} diff --git a/charts/stackstate/stackstate-k8s-agent/1.0.93/templates/_container-agent.yaml b/charts/stackstate/stackstate-k8s-agent/1.0.93/templates/_container-agent.yaml deleted file mode 100644 index 09f9591c6..000000000 --- a/charts/stackstate/stackstate-k8s-agent/1.0.93/templates/_container-agent.yaml +++ /dev/null @@ -1,191 +0,0 @@ -{{- define "container-agent" -}} -- name: node-agent -{{- if .Values.all.hardening.enabled}} - lifecycle: - preStop: - exec: - command: [ "/bin/sh", "-c", "echo 'Giving slim.ai monitor time to submit data...'; sleep 120" ] -{{- end }} - image: "{{ include "stackstate-k8s-agent.imageRegistry" . }}/{{ .Values.nodeAgent.containers.agent.image.repository }}:{{ .Values.nodeAgent.containers.agent.image.tag }}" - imagePullPolicy: "{{ .Values.nodeAgent.containers.agent.image.pullPolicy }}" - env: - {{ include "stackstate-k8s-agent.apiKeyEnv" . | nindent 4 }} - - name: STS_KUBERNETES_KUBELET_HOST - valueFrom: - fieldRef: - fieldPath: status.hostIP - - name: KUBERNETES_HOSTNAME - valueFrom: - fieldRef: - fieldPath: spec.nodeName - - name: STS_HOSTNAME - value: "$(KUBERNETES_HOSTNAME)-{{ .Values.stackstate.cluster.name}}" - - name: AGENT_VERSION - value: {{ .Values.nodeAgent.containers.agent.image.tag | quote }} - - name: HOST_PROC - value: "/host/proc" - - name: HOST_SYS - value: "/host/sys" - - name: KUBERNETES - value: "true" - - name: STS_APM_ENABLED - value: {{ .Values.nodeAgent.apm.enabled | quote }} - - name: STS_APM_URL - value: {{ include "stackstate-k8s-agent.stackstate.url" . }} - - name: STS_CLUSTER_AGENT_ENABLED - value: {{ .Values.clusterAgent.enabled | quote }} - {{- if .Values.clusterAgent.enabled }} - - name: STS_CLUSTER_AGENT_KUBERNETES_SERVICE_NAME - value: {{ .Release.Name }}-cluster-agent - {{ include "stackstate-k8s-agent.clusterAgentAuthTokenEnv" . | nindent 4 }} - {{- end }} - - name: STS_CLUSTER_NAME - value: {{ .Values.stackstate.cluster.name | quote }} - - name: STS_SKIP_VALIDATE_CLUSTERNAME - value: "true" - - name: STS_CHECKS_TAG_CARDINALITY - value: {{ .Values.nodeAgent.checksTagCardinality | quote }} - {{- if .Values.checksAgent.enabled }} - - name: STS_EXTRA_CONFIG_PROVIDERS - value: "endpointschecks" - {{- end }} - - name: STS_HEALTH_PORT - value: "5555" - - name: STS_LEADER_ELECTION - value: "false" - - name: LOG_LEVEL - value: {{ .Values.nodeAgent.containers.agent.logLevel | default .Values.nodeAgent.logLevel | quote }} - - name: STS_LOG_LEVEL - value: {{ .Values.nodeAgent.containers.agent.logLevel | default .Values.nodeAgent.logLevel | quote }} - - name: STS_NETWORK_TRACING_ENABLED - value: {{ .Values.nodeAgent.networkTracing.enabled | quote }} - - name: STS_PROTOCOL_INSPECTION_ENABLED - value: {{ .Values.nodeAgent.protocolInspection.enabled | quote }} - - name: STS_PROCESS_AGENT_ENABLED - value: {{ .Values.nodeAgent.containers.agent.processAgent.enabled | quote }} - - name: STS_CONTAINER_CHECK_INTERVAL - value: {{ .Values.processAgent.checkIntervals.container | quote }} - - name: STS_CONNECTION_CHECK_INTERVAL - value: {{ .Values.processAgent.checkIntervals.connections | quote }} - - name: STS_PROCESS_CHECK_INTERVAL - value: {{ .Values.processAgent.checkIntervals.process | quote }} - - name: STS_PROCESS_AGENT_URL - value: {{ include "stackstate-k8s-agent.stackstate.url" . }} - - - name: STS_SKIP_SSL_VALIDATION - value: {{ or .Values.global.skipSslValidation .Values.nodeAgent.skipSslValidation | quote }} - - name: STS_SKIP_KUBELET_TLS_VERIFY - value: {{ .Values.nodeAgent.skipKubeletTLSVerify | quote }} - - name: STS_STS_URL - value: {{ include "stackstate-k8s-agent.stackstate.url" . }} - {{- if .Values.nodeAgent.containerRuntime.customSocketPath }} - - name: STS_CRI_SOCKET_PATH - value: {{ .Values.nodeAgent.containerRuntime.customSocketPath }} - {{- end }} - {{- if .Values.global.proxy.url }} - - name: STS_PROXY_HTTPS - value: {{ .Values.global.proxy.url | quote }} - - name: STS_PROXY_HTTP - value: {{ .Values.global.proxy.url | quote }} - {{- end }} - {{- range $key, $value := .Values.global.extraEnv.open }} - - name: {{ $key }} - value: {{ $value | quote }} - {{- end }} - {{- range $key, $value := .Values.global.extraEnv.secret }} - - name: {{ $key }} - valueFrom: - secretKeyRef: - name: {{ include "stackstate-k8s-agent.fullname" . }} - key: {{ $key }} - {{- end }} - {{- range $key, $value := .Values.nodeAgent.containers.agent.env }} - - name: {{ $key }} - value: {{ $value | quote }} - {{- end }} - {{- if .Values.nodeAgent.containers.agent.livenessProbe.enabled }} - livenessProbe: - httpGet: - path: /health - port: healthport - failureThreshold: {{ .Values.nodeAgent.containers.agent.livenessProbe.failureThreshold }} - initialDelaySeconds: {{ .Values.nodeAgent.containers.agent.livenessProbe.initialDelaySeconds }} - periodSeconds: {{ .Values.nodeAgent.containers.agent.livenessProbe.periodSeconds }} - successThreshold: {{ .Values.nodeAgent.containers.agent.livenessProbe.successThreshold }} - timeoutSeconds: {{ .Values.nodeAgent.containers.agent.livenessProbe.timeoutSeconds }} - {{- end }} - {{- if .Values.nodeAgent.containers.agent.readinessProbe.enabled }} - readinessProbe: - httpGet: - path: /health - port: healthport - failureThreshold: {{ .Values.nodeAgent.containers.agent.readinessProbe.failureThreshold }} - initialDelaySeconds: {{ .Values.nodeAgent.containers.agent.readinessProbe.initialDelaySeconds }} - periodSeconds: {{ .Values.nodeAgent.containers.agent.readinessProbe.periodSeconds }} - successThreshold: {{ .Values.nodeAgent.containers.agent.readinessProbe.successThreshold }} - timeoutSeconds: {{ .Values.nodeAgent.containers.agent.readinessProbe.timeoutSeconds }} - {{- end }} - ports: - - containerPort: 8126 - name: traceport - protocol: TCP - - containerPort: 5555 - name: healthport - protocol: TCP - {{- with .Values.nodeAgent.containers.agent.resources }} - resources: - {{- toYaml . | nindent 12 }} - {{- end }} - volumeMounts: - {{- if .Values.nodeAgent.containerRuntime.customSocketPath }} - - name: customcrisocket - mountPath: {{ .Values.nodeAgent.containerRuntime.customSocketPath }} - readOnly: true - {{- end }} - - name: crisocket - mountPath: /var/run/crio/crio.sock - readOnly: true - - name: containerdsocket - mountPath: /var/run/containerd/containerd.sock - readOnly: true - - name: kubelet - mountPath: /var/lib/kubelet - readOnly: true - - name: nfs - mountPath: /var/lib/nfs - readOnly: true - - name: dockersocket - mountPath: /var/run/docker.sock - readOnly: true - - name: dockernetns - mountPath: /run/docker/netns - readOnly: true - - name: dockeroverlay2 - mountPath: /var/lib/docker/overlay2 - readOnly: true - - name: procdir - mountPath: /host/proc - readOnly: true - - name: cgroups - mountPath: /host/sys/fs/cgroup - readOnly: true - {{- if .Values.nodeAgent.config.override }} - {{- range .Values.nodeAgent.config.override }} - - name: config-override-volume - mountPath: {{ .path }}/{{ .name }} - subPath: {{ .path | replace "/" "_"}}_{{ .name }} - readOnly: true - {{- end }} - {{- end }} -{{- if .Values.all.hardening.enabled}} - securityContext: - privileged: true - runAsUser: 0 # root - capabilities: - add: [ "ALL" ] - readOnlyRootFilesystem: false -{{- else }} - securityContext: - privileged: false -{{- end }} -{{- end -}} diff --git a/charts/stackstate/stackstate-k8s-agent/1.0.93/templates/_container-process-agent.yaml b/charts/stackstate/stackstate-k8s-agent/1.0.93/templates/_container-process-agent.yaml deleted file mode 100644 index 893f11581..000000000 --- a/charts/stackstate/stackstate-k8s-agent/1.0.93/templates/_container-process-agent.yaml +++ /dev/null @@ -1,160 +0,0 @@ -{{- define "container-process-agent" -}} -- name: process-agent -{{ if .Values.nodeAgent.containers.processAgent.image.registry }} - image: "{{ .Values.nodeAgent.containers.processAgent.image.registry }}/{{ .Values.nodeAgent.containers.processAgent.image.repository }}:{{ .Values.nodeAgent.containers.processAgent.image.tag }}" -{{ else }} - image: "{{ include "stackstate-k8s-agent.imageRegistry" . }}/{{ .Values.nodeAgent.containers.processAgent.image.repository }}:{{ .Values.nodeAgent.containers.processAgent.image.tag }}" -{{- end }} - imagePullPolicy: "{{ .Values.nodeAgent.containers.processAgent.image.pullPolicy }}" - ports: - - containerPort: 6063 - env: - {{ include "stackstate-k8s-agent.apiKeyEnv" . | nindent 4 }} - - name: STS_KUBERNETES_KUBELET_HOST - valueFrom: - fieldRef: - fieldPath: status.hostIP - - name: KUBERNETES_HOSTNAME - valueFrom: - fieldRef: - fieldPath: spec.nodeName - - name: STS_HOSTNAME - value: "$(KUBERNETES_HOSTNAME)-{{ .Values.stackstate.cluster.name}}" - - name: AGENT_VERSION - value: {{ .Values.nodeAgent.containers.processAgent.image.tag | quote }} - - name: STS_LOG_TO_CONSOLE - value: "true" - - name: HOST_PROC - value: "/host/proc" - - name: HOST_SYS - value: "/host/sys" - - name: HOST_ETC - value: "/host/etc" - - name: KUBERNETES - value: "true" - - name: STS_CLUSTER_AGENT_ENABLED - value: {{ .Values.clusterAgent.enabled | quote }} - {{- if .Values.clusterAgent.enabled }} - - name: STS_CLUSTER_AGENT_KUBERNETES_SERVICE_NAME - value: {{ .Release.Name }}-cluster-agent - {{ include "stackstate-k8s-agent.clusterAgentAuthTokenEnv" . | nindent 4 }} - {{- end }} - - name: STS_CLUSTER_NAME - value: {{ .Values.stackstate.cluster.name | quote }} - - name: STS_SKIP_VALIDATE_CLUSTERNAME - value: "true" - - name: LOG_LEVEL - value: {{ .Values.nodeAgent.containers.processAgent.logLevel | default .Values.nodeAgent.logLevel | quote }} - - name: STS_LOG_LEVEL - value: {{ .Values.nodeAgent.containers.processAgent.logLevel | default .Values.nodeAgent.logLevel | quote }} - - name: STS_NETWORK_TRACING_ENABLED - value: {{ .Values.nodeAgent.networkTracing.enabled | quote }} - - name: STS_PROTOCOL_INSPECTION_ENABLED - value: {{ .Values.nodeAgent.protocolInspection.enabled | quote }} - - name: STS_PROCESS_AGENT_ENABLED - value: {{ .Values.nodeAgent.containers.processAgent.enabled | quote }} - - name: STS_CONTAINER_CHECK_INTERVAL - value: {{ .Values.processAgent.checkIntervals.container | quote }} - - name: STS_CONNECTION_CHECK_INTERVAL - value: {{ .Values.processAgent.checkIntervals.connections | quote }} - - name: STS_PROCESS_CHECK_INTERVAL - value: {{ .Values.processAgent.checkIntervals.process | quote }} - - name: GOMEMLIMIT - value: {{ .Values.processAgent.softMemoryLimit.goMemLimit | quote }} - - name: STS_HTTP_STATS_BUFFER_SIZE - value: {{ .Values.processAgent.softMemoryLimit.httpStatsBufferSize | quote }} - - name: STS_HTTP_OBSERVATIONS_BUFFER_SIZE - value: {{ .Values.processAgent.softMemoryLimit.httpObservationsBufferSize | quote }} - - name: STS_PROCESS_AGENT_URL - value: {{ include "stackstate-k8s-agent.stackstate.url" . }} - - name: STS_SKIP_SSL_VALIDATION - value: {{ or .Values.global.skipSslValidation .Values.nodeAgent.skipSslValidation | quote }} - - name: STS_SKIP_KUBELET_TLS_VERIFY - value: {{ .Values.nodeAgent.skipKubeletTLSVerify | quote }} - - name: STS_STS_URL - value: {{ include "stackstate-k8s-agent.stackstate.url" . }} - - name: STS_HTTP_TRACING_ENABLED - value: {{ .Values.nodeAgent.httpTracing.enabled | quote }} - {{- if .Values.nodeAgent.containerRuntime.customSocketPath }} - - name: STS_CRI_SOCKET_PATH - value: {{ .Values.nodeAgent.containerRuntime.customSocketPath }} - {{- end }} - {{- if .Values.global.proxy.url }} - - name: STS_PROXY_HTTPS - value: {{ .Values.global.proxy.url | quote }} - - name: STS_PROXY_HTTP - value: {{ .Values.global.proxy.url | quote }} - {{- end }} - {{- range $key, $value := .Values.global.extraEnv.open }} - - name: {{ $key }} - value: {{ $value | quote }} - {{- end }} - {{- range $key, $value := .Values.global.extraEnv.secret }} - - name: {{ $key }} - valueFrom: - secretKeyRef: - name: {{ include "stackstate-k8s-agent.fullname" . }} - key: {{ $key }} - {{- end }} - {{- range $key, $value := .Values.nodeAgent.containers.processAgent.env }} - - name: {{ $key }} - value: {{ $value | quote }} - {{- end }} - {{- with .Values.nodeAgent.containers.processAgent.resources }} - resources: - {{- toYaml . | nindent 12 }} - {{- end }} - volumeMounts: - {{- if .Values.nodeAgent.containerRuntime.customSocketPath }} - - name: customcrisocket - mountPath: {{ .Values.nodeAgent.containerRuntime.customSocketPath }} - readOnly: true - {{- end }} - - name: crisocket - mountPath: /var/run/crio/crio.sock - readOnly: true - - name: containerdsocket - mountPath: /var/run/containerd/containerd.sock - readOnly: true - - name: sys-kernel-debug - mountPath: /sys/kernel/debug - # Having sys-kernel-debug as read only breaks specific monitors from receiving metrics - # readOnly: true - - name: dockersocket - mountPath: /var/run/docker.sock - readOnly: true - # The agent needs access to /etc to figure out what os it is running on. - - name: etcdir - mountPath: /host/etc - readOnly: true - - name: procdir - mountPath: /host/proc - # We have an agent option STS_DISABLE_BPF_JIT_HARDEN that write to /proc. this is a debug setting but if we want to use - # it, we have the option to make /proc writable. - readOnly: {{ .Values.nodeAgent.containers.processAgent.procVolumeReadOnly }} - - name: passwd - mountPath: /etc/passwd - readOnly: true - - name: cgroups - mountPath: /host/sys/fs/cgroup - readOnly: true - {{- if .Values.nodeAgent.config.override }} - {{- range .Values.nodeAgent.config.override }} - - name: config-override-volume - mountPath: {{ .path }}/{{ .name }} - subPath: {{ .path | replace "/" "_"}}_{{ .name }} - readOnly: true - {{- end }} - {{- end }} -{{- if .Values.all.hardening.enabled}} - securityContext: - privileged: true - runAsUser: 0 # root - capabilities: - add: [ "ALL" ] - readOnlyRootFilesystem: false -{{- else }} - securityContext: - privileged: true -{{- end }} -{{- end -}} diff --git a/charts/stackstate/stackstate-k8s-agent/1.0.93/templates/_helpers.tpl b/charts/stackstate/stackstate-k8s-agent/1.0.93/templates/_helpers.tpl deleted file mode 100644 index 3c51bc308..000000000 --- a/charts/stackstate/stackstate-k8s-agent/1.0.93/templates/_helpers.tpl +++ /dev/null @@ -1,219 +0,0 @@ -{{/* vim: set filetype=mustache: */}} -{{/* -Expand the name of the chart. -*/}} -{{- define "stackstate-k8s-agent.name" -}} -{{- default .Chart.Name .Values.nameOverride | trunc 63 | trimSuffix "-" -}} -{{- end -}} - -{{/* -Create a default fully qualified app name. -We truncate at 63 chars because some Kubernetes name fields are limited to this (by the DNS naming spec). -If release name contains chart name it will be used as a full name. -*/}} -{{- define "stackstate-k8s-agent.fullname" -}} -{{- if .Values.fullnameOverride -}} -{{- .Values.fullnameOverride | trunc 63 | trimSuffix "-" -}} -{{- else -}} -{{- $name := default .Chart.Name .Values.nameOverride -}} -{{- if contains $name .Release.Name -}} -{{- .Release.Name | trunc 63 | trimSuffix "-" -}} -{{- else -}} -{{- printf "%s-%s" .Release.Name $name | trunc 63 | trimSuffix "-" -}} -{{- end -}} -{{- end -}} -{{- end -}} - -{{/* -Create chart name and version as used by the chart label. -*/}} -{{- define "stackstate-k8s-agent.chart" -}} -{{- printf "%s-%s" .Chart.Name .Chart.Version | replace "+" "_" | trunc 63 | trimSuffix "-" -}} -{{- end -}} - -{{/* -Common labels -*/}} -{{- define "stackstate-k8s-agent.labels" -}} -app.kubernetes.io/name: {{ include "stackstate-k8s-agent.name" . }} -helm.sh/chart: {{ include "stackstate-k8s-agent.chart" . }} -app.kubernetes.io/instance: {{ .Release.Name }} -{{- if .Chart.AppVersion }} -app.kubernetes.io/version: {{ .Chart.AppVersion | quote }} -{{- end }} -app.kubernetes.io/managed-by: {{ .Release.Service }} -{{- end -}} - -{{/* -Cluster agent checksum annotations -*/}} -{{- define "stackstate-k8s-agent.checksum-configs" }} -checksum/secret: {{ include (print $.Template.BasePath "/secret.yaml") . | sha256sum }} -{{- end }} - -{{/* -StackState URL function -*/}} -{{- define "stackstate-k8s-agent.stackstate.url" -}} -{{ tpl .Values.stackstate.url . | quote }} -{{- end }} - -{{- define "stackstate-k8s-agent.configmap.override.checksum" -}} -{{- if .Values.clusterAgent.config.override }} -checksum/override-configmap: {{ include (print $.Template.BasePath "/cluster-agent-configmap.yaml") . | sha256sum }} -{{- end }} -{{- end }} - -{{- define "stackstate-k8s-agent.nodeAgent.configmap.override.checksum" -}} -{{- if .Values.nodeAgent.config.override }} -checksum/override-configmap: {{ include (print $.Template.BasePath "/node-agent-configmap.yaml") . | sha256sum }} -{{- end }} -{{- end }} - -{{- define "stackstate-k8s-agent.logsAgent.configmap.override.checksum" -}} -checksum/override-configmap: {{ include (print $.Template.BasePath "/logs-agent-configmap.yaml") . | sha256sum }} -{{- end }} - -{{- define "stackstate-k8s-agent.checksAgent.configmap.override.checksum" -}} -{{- if .Values.checksAgent.config.override }} -checksum/override-configmap: {{ include (print $.Template.BasePath "/checks-agent-configmap.yaml") . | sha256sum }} -{{- end }} -{{- end }} - - -{{/* -Return the image registry -*/}} -{{- define "stackstate-k8s-agent.imageRegistry" -}} - {{- if .Values.global }} - {{- .Values.global.imageRegistry | default .Values.all.image.registry -}} - {{- else -}} - {{- .Values.all.image.registry -}} - {{- end -}} -{{- end -}} - -{{/* -Renders a value that contains a template. -Usage: -{{ include "stackstate-k8s-agent.tplvalue.render" ( dict "value" .Values.path.to.the.Value "context" $) }} -*/}} -{{- define "stackstate-k8s-agent.tplvalue.render" -}} - {{- if typeIs "string" .value }} - {{- tpl .value .context }} - {{- else }} - {{- tpl (.value | toYaml) .context }} - {{- end }} -{{- end -}} - -{{- define "stackstate-k8s-agent.pull-secret.name" -}} -{{ include "stackstate-k8s-agent.fullname" . }}-pull-secret -{{- end -}} - -{{/* -Return the proper Docker Image Registry Secret Names evaluating values as templates -{{ include "stackstate-k8s-agent.image.pullSecrets" ( dict "images" (list .Values.path.to.the.image1, .Values.path.to.the.image2) "context" $) }} -*/}} -{{- define "stackstate-k8s-agent.image.pullSecrets" -}} - {{- $pullSecrets := list }} - {{- $context := .context }} - {{- if $context.Values.global }} - {{- range $context.Values.global.imagePullSecrets -}} - {{/* Is plain array of strings, compatible with all bitnami charts */}} - {{- $pullSecrets = append $pullSecrets (include "stackstate-k8s-agent.tplvalue.render" (dict "value" . "context" $context)) -}} - {{- end -}} - {{- end -}} - {{- range $context.Values.imagePullSecrets -}} - {{- $pullSecrets = append $pullSecrets (include "stackstate-k8s-agent.tplvalue.render" (dict "value" .name "context" $context)) -}} - {{- end -}} - {{- range .images -}} - {{- if .pullSecretName -}} - {{- $pullSecrets = append $pullSecrets (include "stackstate-k8s-agent.tplvalue.render" (dict "value" .pullSecretName "context" $context)) -}} - {{- end -}} - {{- end -}} - {{- $pullSecrets = append $pullSecrets (include "stackstate-k8s-agent.pull-secret.name" $context) -}} - {{- if (not (empty $pullSecrets)) -}} -imagePullSecrets: - {{- range $pullSecrets | uniq }} - - name: {{ . }} - {{- end }} - {{- end }} -{{- end -}} - -{{/* -Check whether the kubernetes-state-metrics configuration is overridden. If so, return 'true' else return nothing (which is false). -{{ include "stackstate-k8s-agent.kube-state-metrics.overridden" $ }} -*/}} -{{- define "stackstate-k8s-agent.kube-state-metrics.overridden" -}} -{{- if .Values.clusterAgent.config.override }} - {{- range $i, $val := .Values.clusterAgent.config.override }} - {{- if and (eq $val.name "conf.yaml") (eq $val.path "/etc/stackstate-agent/conf.d/kubernetes_state.d") }} -true - {{- end }} - {{- end }} -{{- end }} -{{- end -}} - -{{- define "stackstate-k8s-agent.nodeAgent.kube-state-metrics.overridden" -}} -{{- if .Values.nodeAgent.config.override }} - {{- range $i, $val := .Values.nodeAgent.config.override }} - {{- if and (eq $val.name "auto_conf.yaml") (eq $val.path "/etc/stackstate-agent/conf.d/kubernetes_state.d") }} -true - {{- end }} - {{- end }} -{{- end }} -{{- end -}} - -{{/* -Return the appropriate os label -*/}} -{{- define "label.os" -}} -{{- if semverCompare "^1.14-0" .Capabilities.KubeVersion.GitVersion -}} -kubernetes.io/os -{{- else -}} -beta.kubernetes.io/os -{{- end -}} -{{- end -}} - -{{/* -Returns a YAML with extra annotations -*/}} -{{- define "stackstate-k8s-agent.global.extraAnnotations" -}} -{{- with .Values.global.extraAnnotations }} -{{- toYaml . }} -{{- end }} -{{- end -}} - -{{/* -Returns a YAML with extra labels -*/}} -{{- define "stackstate-k8s-agent.global.extraLabels" -}} -{{- with .Values.global.extraLabels }} -{{- toYaml . }} -{{- end }} -{{- end -}} - -{{- define "stackstate-k8s-agent.apiKeyEnv" -}} -- name: STS_API_KEY - valueFrom: - secretKeyRef: -{{- if not .Values.stackstate.manageOwnSecrets }} - name: {{ include "stackstate-k8s-agent.fullname" . }} - key: sts-api-key -{{- else }} - name: {{ .Values.stackstate.customSecretName | quote }} - key: {{ .Values.stackstate.customApiKeySecretKey | quote }} -{{- end }} -{{- end -}} - -{{- define "stackstate-k8s-agent.clusterAgentAuthTokenEnv" -}} -- name: STS_CLUSTER_AGENT_AUTH_TOKEN - valueFrom: - secretKeyRef: -{{- if not .Values.stackstate.manageOwnSecrets }} - name: {{ include "stackstate-k8s-agent.fullname" . }} - key: sts-cluster-auth-token -{{- else }} - name: {{ .Values.stackstate.customSecretName | quote }} - key: {{ .Values.stackstate.customClusterAuthTokenSecretKey | quote }} -{{- end }} -{{- end -}} diff --git a/charts/stackstate/stackstate-k8s-agent/1.0.93/templates/checks-agent-clusterrolebinding.yaml b/charts/stackstate/stackstate-k8s-agent/1.0.93/templates/checks-agent-clusterrolebinding.yaml deleted file mode 100644 index 4fd0eadbc..000000000 --- a/charts/stackstate/stackstate-k8s-agent/1.0.93/templates/checks-agent-clusterrolebinding.yaml +++ /dev/null @@ -1,21 +0,0 @@ -{{- if .Values.checksAgent.enabled }} -apiVersion: rbac.authorization.k8s.io/v1 -kind: ClusterRoleBinding -metadata: - name: {{ .Release.Name }}-checks-agent - labels: -{{ include "stackstate-k8s-agent.labels" . | indent 4 }} -{{ include "stackstate-k8s-agent.global.extraLabels" . | indent 4 }} - app.kubernetes.io/component: checks-agent - annotations: -{{ include "stackstate-k8s-agent.global.extraAnnotations" . | indent 4 }} -roleRef: - apiGroup: rbac.authorization.k8s.io - kind: ClusterRole - name: {{ .Release.Name }}-node-agent -subjects: -- apiGroup: "" - kind: ServiceAccount - name: {{ .Release.Name }}-checks-agent - namespace: {{ .Release.Namespace }} -{{- end -}} diff --git a/charts/stackstate/stackstate-k8s-agent/1.0.93/templates/checks-agent-configmap.yaml b/charts/stackstate/stackstate-k8s-agent/1.0.93/templates/checks-agent-configmap.yaml deleted file mode 100644 index 54a1abf2f..000000000 --- a/charts/stackstate/stackstate-k8s-agent/1.0.93/templates/checks-agent-configmap.yaml +++ /dev/null @@ -1,17 +0,0 @@ -{{- if and .Values.checksAgent.enabled .Values.checksAgent.config.override }} -apiVersion: v1 -kind: ConfigMap -metadata: - name: {{ .Release.Name }}-checks-agent - labels: -{{ include "stackstate-k8s-agent.labels" . | indent 4 }} -{{ include "stackstate-k8s-agent.global.extraLabels" . | indent 4 }} - app.kubernetes.io/component: checks-agent - annotations: -{{ include "stackstate-k8s-agent.global.extraAnnotations" . | indent 4 }} -data: -{{- range .Values.checksAgent.config.override }} - {{ .path | replace "/" "_"}}_{{ .name }}: | -{{ .data | indent 4 -}} -{{- end -}} -{{- end -}} diff --git a/charts/stackstate/stackstate-k8s-agent/1.0.93/templates/checks-agent-deployment.yaml b/charts/stackstate/stackstate-k8s-agent/1.0.93/templates/checks-agent-deployment.yaml deleted file mode 100644 index 37a0b1a1d..000000000 --- a/charts/stackstate/stackstate-k8s-agent/1.0.93/templates/checks-agent-deployment.yaml +++ /dev/null @@ -1,185 +0,0 @@ -{{- if .Values.checksAgent.enabled }} -apiVersion: apps/v1 -kind: Deployment -metadata: - name: {{ .Release.Name }}-checks-agent - namespace: {{ .Release.Namespace }} - labels: -{{ include "stackstate-k8s-agent.labels" . | indent 4 }} -{{ include "stackstate-k8s-agent.global.extraLabels" . | indent 4 }} - app.kubernetes.io/component: checks-agent - annotations: -{{ include "stackstate-k8s-agent.global.extraAnnotations" . | indent 4 }} -spec: - selector: - matchLabels: - app.kubernetes.io/component: checks-agent - app.kubernetes.io/instance: {{ .Release.Name }} - app.kubernetes.io/name: {{ include "stackstate-k8s-agent.name" . }} - replicas: {{ .Values.checksAgent.replicas }} -{{- with .Values.checksAgent.strategy }} - strategy: - {{- toYaml . | nindent 4 }} -{{- end }} - template: - metadata: - annotations: - {{- include "stackstate-k8s-agent.checksum-configs" . | nindent 8 }} - {{- include "stackstate-k8s-agent.nodeAgent.configmap.override.checksum" . | nindent 8 }} -{{ include "stackstate-k8s-agent.global.extraAnnotations" . | indent 8 }} - labels: - app.kubernetes.io/component: checks-agent - app.kubernetes.io/instance: {{ .Release.Name }} - app.kubernetes.io/name: {{ include "stackstate-k8s-agent.name" . }} -{{ include "stackstate-k8s-agent.global.extraLabels" . | indent 8 }} - spec: - {{- include "stackstate-k8s-agent.image.pullSecrets" (dict "images" (list .Values.checksAgent.image .Values.all.image) "context" $) | nindent 6 }} - {{- if .Values.all.hardening.enabled}} - terminationGracePeriodSeconds: 240 - {{- end }} - containers: - - name: {{ .Chart.Name }} - image: "{{ include "stackstate-k8s-agent.imageRegistry" . }}/{{ .Values.checksAgent.image.repository }}:{{ .Values.checksAgent.image.tag }}" - imagePullPolicy: "{{ .Values.checksAgent.image.pullPolicy }}" - {{- if .Values.all.hardening.enabled}} - lifecycle: - preStop: - exec: - command: [ "/bin/sh", "-c", "echo 'Giving slim.ai monitor time to submit data...'; sleep 120" ] - {{- end }} - env: - {{ include "stackstate-k8s-agent.apiKeyEnv" . | nindent 10 }} - - name: KUBERNETES_HOSTNAME - valueFrom: - fieldRef: - fieldPath: spec.nodeName - - name: STS_HOSTNAME - value: "$(KUBERNETES_HOSTNAME)-{{ .Values.stackstate.cluster.name}}" - - name: AGENT_VERSION - value: {{ .Values.checksAgent.image.tag | quote }} - - name: LOG_LEVEL - value: {{ .Values.checksAgent.logLevel | quote }} - - name: STS_APM_ENABLED - value: "false" - - name: STS_CLUSTER_AGENT_ENABLED - value: {{ .Values.clusterAgent.enabled | quote }} - {{- if .Values.clusterAgent.enabled }} - - name: STS_CLUSTER_AGENT_KUBERNETES_SERVICE_NAME - value: {{ .Release.Name }}-cluster-agent - {{ include "stackstate-k8s-agent.clusterAgentAuthTokenEnv" . | nindent 10 }} - {{- end }} - - name: STS_CLUSTER_NAME - value: {{ .Values.stackstate.cluster.name | quote }} - - name: STS_SKIP_VALIDATE_CLUSTERNAME - value: "true" - - name: STS_CHECKS_TAG_CARDINALITY - value: {{ .Values.checksAgent.checksTagCardinality | quote }} - - name: STS_EXTRA_CONFIG_PROVIDERS - value: "clusterchecks" - - name: STS_HEALTH_PORT - value: "5555" - - name: STS_LEADER_ELECTION - value: "false" - - name: STS_LOG_LEVEL - value: {{ .Values.checksAgent.logLevel | quote }} - - name: STS_NETWORK_TRACING_ENABLED - value: "false" - - name: STS_PROCESS_AGENT_ENABLED - value: "false" - - name: STS_SKIP_SSL_VALIDATION - value: {{ or .Values.global.skipSslValidation .Values.checksAgent.skipSslValidation | quote }} - - name: STS_STS_URL - value: {{ include "stackstate-k8s-agent.stackstate.url" . }} - {{- if .Values.global.proxy.url }} - - name: STS_PROXY_HTTPS - value: {{ .Values.global.proxy.url | quote }} - - name: STS_PROXY_HTTP - value: {{ .Values.global.proxy.url | quote }} - {{- end }} - {{- range $key, $value := .Values.global.extraEnv.open }} - - name: {{ $key }} - value: {{ $value | quote }} - {{- end }} - {{- range $key, $value := .Values.global.extraEnv.secret }} - - name: {{ $key }} - valueFrom: - secretKeyRef: - name: {{ include "stackstate-k8s-agent.fullname" . }} - key: {{ $key }} - {{- end }} - livenessProbe: - httpGet: - path: /health - port: healthport - failureThreshold: {{ .Values.checksAgent.livenessProbe.failureThreshold }} - initialDelaySeconds: {{ .Values.checksAgent.livenessProbe.initialDelaySeconds }} - periodSeconds: {{ .Values.checksAgent.livenessProbe.periodSeconds }} - successThreshold: {{ .Values.checksAgent.livenessProbe.successThreshold }} - timeoutSeconds: {{ .Values.checksAgent.livenessProbe.timeoutSeconds }} - readinessProbe: - httpGet: - path: /health - port: healthport - failureThreshold: {{ .Values.checksAgent.readinessProbe.failureThreshold }} - initialDelaySeconds: {{ .Values.checksAgent.readinessProbe.initialDelaySeconds }} - periodSeconds: {{ .Values.checksAgent.readinessProbe.periodSeconds }} - successThreshold: {{ .Values.checksAgent.readinessProbe.successThreshold }} - timeoutSeconds: {{ .Values.checksAgent.readinessProbe.timeoutSeconds }} - ports: - - containerPort: 5555 - name: healthport - protocol: TCP - {{- if .Values.all.hardening.enabled}} - securityContext: - privileged: true - runAsUser: 0 # root - capabilities: - add: [ "ALL" ] - readOnlyRootFilesystem: false - {{- else }} - securityContext: - privileged: false - {{- end }} - {{- with .Values.checksAgent.resources }} - resources: - {{- toYaml . | nindent 12 }} - {{- end }} - volumeMounts: - - name: confd-empty-volume - mountPath: /etc/stackstate-agent/conf.d -# setting as readOnly: false because we need the ability to write data on /etc/stackstate-agent/conf.d as we enable checks to run. - readOnly: false - {{- if .Values.checksAgent.config.override }} - {{- range .Values.checksAgent.config.override }} - - name: config-override-volume - mountPath: {{ .path }}/{{ .name }} - subPath: {{ .path | replace "/" "_"}}_{{ .name }} - readOnly: true - {{- end }} - {{- end }} - {{- if .Values.checksAgent.priorityClassName }} - priorityClassName: {{ .Values.checksAgent.priorityClassName }} - {{- end }} - serviceAccountName: {{ .Release.Name }}-checks-agent - nodeSelector: - {{ template "label.os" . }}: {{ .Values.targetSystem }} - {{- with .Values.checksAgent.nodeSelector }} - {{- toYaml . | nindent 8 }} - {{- end }} - {{- with .Values.checksAgent.affinity }} - affinity: - {{- toYaml . | nindent 8 }} - {{- end }} - {{- with .Values.checksAgent.tolerations }} - tolerations: - {{- toYaml . | nindent 8 }} - {{- end }} - volumes: - - name: confd-empty-volume - emptyDir: {} - {{- if .Values.checksAgent.config.override }} - - name: config-override-volume - configMap: - name: {{ .Release.Name }}-checks-agent - {{- end }} -{{- end -}} diff --git a/charts/stackstate/stackstate-k8s-agent/1.0.93/templates/checks-agent-poddisruptionbudget.yaml b/charts/stackstate/stackstate-k8s-agent/1.0.93/templates/checks-agent-poddisruptionbudget.yaml deleted file mode 100644 index 19d3924ea..000000000 --- a/charts/stackstate/stackstate-k8s-agent/1.0.93/templates/checks-agent-poddisruptionbudget.yaml +++ /dev/null @@ -1,23 +0,0 @@ -{{- if .Values.checksAgent.enabled }} -{{- if .Capabilities.APIVersions.Has "policy/v1/PodDisruptionBudget" }} -apiVersion: policy/v1 -{{- else }} -apiVersion: policy/v1beta1 -{{- end }} -kind: PodDisruptionBudget -metadata: - name: {{ .Release.Name }}-checks-agent - labels: -{{ include "stackstate-k8s-agent.labels" . | indent 4 }} -{{ include "stackstate-k8s-agent.global.extraLabels" . | indent 4 }} - app.kubernetes.io/component: checks-agent - annotations: -{{ include "stackstate-k8s-agent.global.extraAnnotations" . | indent 4 }} -spec: - maxUnavailable: 1 - selector: - matchLabels: - app.kubernetes.io/component: checks-agent - app.kubernetes.io/instance: {{ .Release.Name }} - app.kubernetes.io/name: {{ include "stackstate-k8s-agent.name" . }} -{{- end -}} diff --git a/charts/stackstate/stackstate-k8s-agent/1.0.93/templates/checks-agent-serviceaccount.yaml b/charts/stackstate/stackstate-k8s-agent/1.0.93/templates/checks-agent-serviceaccount.yaml deleted file mode 100644 index a90a43589..000000000 --- a/charts/stackstate/stackstate-k8s-agent/1.0.93/templates/checks-agent-serviceaccount.yaml +++ /dev/null @@ -1,16 +0,0 @@ -{{- if .Values.checksAgent.enabled }} -apiVersion: v1 -kind: ServiceAccount -metadata: - name: {{ .Release.Name }}-checks-agent - namespace: {{ .Release.Namespace }} - labels: -{{ include "stackstate-k8s-agent.labels" . | indent 4 }} -{{ include "stackstate-k8s-agent.global.extraLabels" . | indent 4 }} - app.kubernetes.io/component: checks-agent - annotations: -{{ include "stackstate-k8s-agent.global.extraAnnotations" . | indent 4 }} -{{- with .Values.checksAgent.serviceaccount.annotations }} - {{- toYaml . | nindent 4 }} -{{- end }} -{{- end -}} diff --git a/charts/stackstate/stackstate-k8s-agent/1.0.93/templates/cluster-agent-clusterrole.yaml b/charts/stackstate/stackstate-k8s-agent/1.0.93/templates/cluster-agent-clusterrole.yaml deleted file mode 100644 index 021a43ebd..000000000 --- a/charts/stackstate/stackstate-k8s-agent/1.0.93/templates/cluster-agent-clusterrole.yaml +++ /dev/null @@ -1,152 +0,0 @@ -{{- $kubeRes := .Values.clusterAgent.collection.kubernetesResources }} -apiVersion: rbac.authorization.k8s.io/v1 -kind: ClusterRole -metadata: - name: {{ include "stackstate-k8s-agent.fullname" . }} - labels: -{{ include "stackstate-k8s-agent.labels" . | indent 4 }} -{{ include "stackstate-k8s-agent.global.extraLabels" . | indent 4 }} - app.kubernetes.io/component: cluster-agent - annotations: -{{ include "stackstate-k8s-agent.global.extraAnnotations" . | indent 4 }} -rules: -- apiGroups: - - "" - resources: - - events - - nodes - - pods - - services - {{- if $kubeRes.namespaces }} - - namespaces - {{- end }} - {{- if .Values.clusterAgent.collection.kubernetesMetrics }} - - componentstatuses - {{- end }} - {{- if $kubeRes.configmaps }} - - configmaps - {{- end }} - {{- if $kubeRes.endpoints }} - - endpoints - {{- end }} - {{- if $kubeRes.persistentvolumeclaims }} - - persistentvolumeclaims - {{- end }} - {{- if $kubeRes.persistentvolumes }} - - persistentvolumes - {{- end }} - {{- if $kubeRes.secrets }} - - secrets - {{- end }} - {{- if $kubeRes.resourcequotas }} - - resourcequotas - {{- end }} - verbs: - - get - - list - - watch -{{- if or $kubeRes.daemonsets $kubeRes.deployments $kubeRes.replicasets $kubeRes.statefulsets }} -- apiGroups: - - "apps" - resources: - {{- if $kubeRes.daemonsets }} - - daemonsets - {{- end }} - {{- if $kubeRes.deployments }} - - deployments - {{- end }} - {{- if $kubeRes.replicasets }} - - replicasets - {{- end }} - {{- if $kubeRes.statefulsets }} - - statefulsets - {{- end }} - verbs: - - get - - list - - watch -{{- end}} -{{- if $kubeRes.ingresses }} -- apiGroups: - - "extensions" - - "networking.k8s.io" - resources: - - ingresses - verbs: - - get - - list - - watch -{{- end}} -{{- if or $kubeRes.cronjobs $kubeRes.jobs }} -- apiGroups: - - "batch" - resources: - {{- if $kubeRes.cronjobs }} - - cronjobs - {{- end }} - {{- if $kubeRes.jobs }} - - jobs - {{- end }} - verbs: - - get - - list - - watch -{{- end}} -- nonResourceURLs: - - "/healthz" - - "/version" - verbs: - - get -- apiGroups: - - "storage.k8s.io" - resources: - {{- if $kubeRes.volumeattachments }} - - volumeattachments - {{- end }} - {{- if $kubeRes.storageclasses }} - - storageclasses - {{- end }} - verbs: - - get - - list - - watch -- apiGroups: - - "policy" - resources: - {{- if $kubeRes.poddisruptionbudgets }} - - poddisruptionbudgets - {{- end }} - verbs: - - get - - list - - watch -- apiGroups: - - "" - resources: - {{- if $kubeRes.replicationcontrollers }} - - replicationcontrollers - {{- end }} - verbs: - - get - - list - - watch -- apiGroups: - - "autoscaling" - resources: - {{- if $kubeRes.horizontalpodautoscalers }} - - horizontalpodautoscalers - {{- end }} - verbs: - - get - - list - - watch -- apiGroups: - - "" - resources: - {{- if $kubeRes.limitranges }} - - limitranges - {{- end }} - verbs: - - get - - list - - watch diff --git a/charts/stackstate/stackstate-k8s-agent/1.0.93/templates/cluster-agent-clusterrolebinding.yaml b/charts/stackstate/stackstate-k8s-agent/1.0.93/templates/cluster-agent-clusterrolebinding.yaml deleted file mode 100644 index 207613dd9..000000000 --- a/charts/stackstate/stackstate-k8s-agent/1.0.93/templates/cluster-agent-clusterrolebinding.yaml +++ /dev/null @@ -1,19 +0,0 @@ -apiVersion: rbac.authorization.k8s.io/v1 -kind: ClusterRoleBinding -metadata: - name: {{ include "stackstate-k8s-agent.fullname" . }} - labels: -{{ include "stackstate-k8s-agent.labels" . | indent 4 }} -{{ include "stackstate-k8s-agent.global.extraLabels" . | indent 4 }} - app.kubernetes.io/component: cluster-agent - annotations: -{{ include "stackstate-k8s-agent.global.extraAnnotations" . | indent 4 }} -roleRef: - apiGroup: rbac.authorization.k8s.io - kind: ClusterRole - name: {{ include "stackstate-k8s-agent.fullname" . }} -subjects: -- apiGroup: "" - kind: ServiceAccount - name: {{ include "stackstate-k8s-agent.fullname" . }} - namespace: {{ .Release.Namespace }} diff --git a/charts/stackstate/stackstate-k8s-agent/1.0.93/templates/cluster-agent-configmap.yaml b/charts/stackstate/stackstate-k8s-agent/1.0.93/templates/cluster-agent-configmap.yaml deleted file mode 100644 index 37d10217f..000000000 --- a/charts/stackstate/stackstate-k8s-agent/1.0.93/templates/cluster-agent-configmap.yaml +++ /dev/null @@ -1,31 +0,0 @@ -apiVersion: v1 -kind: ConfigMap -metadata: - name: {{ .Release.Name }}-cluster-agent - labels: -{{ include "stackstate-k8s-agent.labels" . | indent 4 }} -{{ include "stackstate-k8s-agent.global.extraLabels" . | indent 4 }} - app.kubernetes.io/component: cluster-agent - annotations: -{{ include "stackstate-k8s-agent.global.extraAnnotations" . | indent 4 }} -data: - kubernetes_api_events_conf: | - init_config: - instances: - - collect_events: {{ .Values.clusterAgent.collection.kubernetesEvents }} - event_categories:{{ .Values.clusterAgent.config.events.categories | toYaml | nindent 10 }} - kubernetes_api_topology_conf: | - init_config: - instances: - - collection_interval: {{ .Values.clusterAgent.config.topology.collectionInterval }} - resources:{{ .Values.clusterAgent.collection.kubernetesResources | toYaml | nindent 10 }} - {{- if .Values.clusterAgent.collection.kubeStateMetrics.enabled }} - kube_state_metrics_core_conf: | - {{- include "cluster-agent-kube-state-metrics" . | nindent 6 }} - {{- end }} -{{- if .Values.clusterAgent.config.override }} -{{- range .Values.clusterAgent.config.override }} - {{ .path | replace "/" "_"}}_{{ .name }}: | -{{ .data | indent 4 -}} -{{- end -}} -{{- end -}} diff --git a/charts/stackstate/stackstate-k8s-agent/1.0.93/templates/cluster-agent-deployment.yaml b/charts/stackstate/stackstate-k8s-agent/1.0.93/templates/cluster-agent-deployment.yaml deleted file mode 100644 index 51025a670..000000000 --- a/charts/stackstate/stackstate-k8s-agent/1.0.93/templates/cluster-agent-deployment.yaml +++ /dev/null @@ -1,169 +0,0 @@ -apiVersion: apps/v1 -kind: Deployment -metadata: - name: {{ .Release.Name }}-cluster-agent - labels: -{{ include "stackstate-k8s-agent.labels" . | indent 4 }} -{{ include "stackstate-k8s-agent.global.extraLabels" . | indent 4 }} - app.kubernetes.io/component: cluster-agent - annotations: -{{ include "stackstate-k8s-agent.global.extraAnnotations" . | indent 4 }} -spec: - replicas: {{ .Values.clusterAgent.replicaCount }} - selector: - matchLabels: - app.kubernetes.io/component: cluster-agent - app.kubernetes.io/instance: {{ .Release.Name }} - app.kubernetes.io/name: {{ include "stackstate-k8s-agent.name" . }} -{{- with .Values.clusterAgent.strategy }} - strategy: - {{- toYaml . | nindent 4 }} -{{- end }} - template: - metadata: - annotations: - {{- include "stackstate-k8s-agent.checksum-configs" . | nindent 8 }} - {{- include "stackstate-k8s-agent.configmap.override.checksum" . | nindent 8 }} -{{ include "stackstate-k8s-agent.global.extraAnnotations" . | indent 8 }} - labels: - app.kubernetes.io/component: cluster-agent - app.kubernetes.io/instance: {{ .Release.Name }} - app.kubernetes.io/name: {{ include "stackstate-k8s-agent.name" . }} -{{ include "stackstate-k8s-agent.global.extraLabels" . | indent 8 }} - spec: - {{- include "stackstate-k8s-agent.image.pullSecrets" (dict "images" (list .Values.clusterAgent.image .Values.all.image) "context" $) | nindent 6 }} - {{- if .Values.clusterAgent.priorityClassName }} - priorityClassName: {{ .Values.clusterAgent.priorityClassName }} - {{- end }} - serviceAccountName: {{ include "stackstate-k8s-agent.fullname" . }} - {{- if .Values.all.hardening.enabled}} - terminationGracePeriodSeconds: 240 - {{- end }} - containers: - - name: cluster-agent - image: "{{ include "stackstate-k8s-agent.imageRegistry" . }}/{{ .Values.clusterAgent.image.repository }}:{{ .Values.clusterAgent.image.tag }}" - imagePullPolicy: "{{ .Values.clusterAgent.image.pullPolicy }}" - {{- if .Values.all.hardening.enabled}} - lifecycle: - preStop: - exec: - command: [ "/bin/sh", "-c", "echo 'Giving slim.ai monitor time to submit data...'; sleep 120" ] - {{- end }} - env: - {{ include "stackstate-k8s-agent.apiKeyEnv" . | nindent 10 }} - {{ include "stackstate-k8s-agent.clusterAgentAuthTokenEnv" . | nindent 10 }} - - name: KUBERNETES_HOSTNAME - valueFrom: - fieldRef: - fieldPath: spec.nodeName - - name: STS_HOSTNAME - value: "$(KUBERNETES_HOSTNAME)-{{ .Values.stackstate.cluster.name}}" - - name: LOG_LEVEL - value: {{ .Values.clusterAgent.logLevel | quote }} - {{- if .Values.checksAgent.enabled }} - - name: STS_CLUSTER_CHECKS_ENABLED - value: "true" - - name: STS_EXTRA_CONFIG_PROVIDERS - value: "kube_endpoints kube_services" - - name: STS_EXTRA_LISTENERS - value: "kube_endpoints kube_services" - {{- end }} - - name: STS_CLUSTER_NAME - value: {{.Values.stackstate.cluster.name | quote }} - - name: STS_SKIP_VALIDATE_CLUSTERNAME - value: "true" - - name: STS_SKIP_SSL_VALIDATION - value: {{ or .Values.global.skipSslValidation .Values.clusterAgent.skipSslValidation | quote }} - - name: STS_COLLECT_KUBERNETES_METRICS - value: {{ .Values.clusterAgent.collection.kubernetesMetrics | quote }} - - name: STS_COLLECT_KUBERNETES_TIMEOUT - value: {{ .Values.clusterAgent.collection.kubernetesTimeout | quote }} - - name: STS_COLLECT_KUBERNETES_TOPOLOGY - value: {{ .Values.clusterAgent.collection.kubernetesTopology | quote }} - - name: STS_LEADER_ELECTION - value: "true" - - name: STS_LOG_LEVEL - value: {{ .Values.clusterAgent.logLevel | quote }} - - name: STS_CLUSTER_AGENT_CMD_PORT - value: {{ .Values.clusterAgent.service.targetPort | quote }} - - name: STS_STS_URL - value: {{ include "stackstate-k8s-agent.stackstate.url" . }} - {{- if .Values.clusterAgent.config.configMap.maxDataSize }} - - name: STS_CONFIGMAP_MAX_DATASIZE - value: {{ .Values.clusterAgent.config.configMap.maxDataSize | quote }} - {{- end}} - {{- if .Values.global.proxy.url }} - - name: STS_PROXY_HTTPS - value: {{ .Values.global.proxy.url | quote }} - - name: STS_PROXY_HTTP - value: {{ .Values.global.proxy.url | quote }} - {{- end }} - {{- range $key, $value := .Values.global.extraEnv.open }} - - name: {{ $key }} - value: {{ $value | quote }} - {{- end }} - {{- range $key, $value := .Values.global.extraEnv.secret }} - - name: {{ $key }} - valueFrom: - secretKeyRef: - name: {{ include "stackstate-k8s-agent.fullname" . }} - key: {{ $key }} - {{- end }} - {{- if .Values.all.hardening.enabled}} - securityContext: - privileged: true - runAsUser: 0 # root - capabilities: - add: [ "ALL" ] - readOnlyRootFilesystem: false - {{- else }} - securityContext: - privileged: false - {{- end }} - {{- with .Values.clusterAgent.resources }} - resources: - {{- toYaml . | nindent 12 }} - {{- end }} - volumeMounts: - - name: logs - mountPath: /var/log/stackstate-agent - - name: config-override-volume - mountPath: /etc/stackstate-agent/conf.d/kubernetes_api_events.d/conf.yaml - subPath: kubernetes_api_events_conf - - name: config-override-volume - mountPath: /etc/stackstate-agent/conf.d/kubernetes_api_topology.d/conf.yaml - subPath: kubernetes_api_topology_conf - readOnly: true - {{- if .Values.clusterAgent.collection.kubeStateMetrics.enabled }} - - name: config-override-volume - mountPath: /etc/stackstate-agent/conf.d/kubernetes_state_core.d/conf.yaml - subPath: kube_state_metrics_core_conf - readOnly: true - {{- end }} - {{- if .Values.clusterAgent.config.override }} - {{- range .Values.clusterAgent.config.override }} - - name: config-override-volume - mountPath: {{ .path }}/{{ .name }} - subPath: {{ .path | replace "/" "_"}}_{{ .name }} - readOnly: true - {{- end }} - {{- end }} - nodeSelector: - {{ template "label.os" . }}: {{ .Values.targetSystem }} - {{- with .Values.clusterAgent.nodeSelector }} - {{- toYaml . | nindent 8 }} - {{- end }} - {{- with .Values.clusterAgent.affinity }} - affinity: - {{- toYaml . | nindent 8 }} - {{- end }} - {{- with .Values.clusterAgent.tolerations }} - tolerations: - {{- toYaml . | nindent 8 }} - {{- end }} - volumes: - - name: logs - emptyDir: {} - - name: config-override-volume - configMap: - name: {{ .Release.Name }}-cluster-agent diff --git a/charts/stackstate/stackstate-k8s-agent/1.0.93/templates/cluster-agent-poddisruptionbudget.yaml b/charts/stackstate/stackstate-k8s-agent/1.0.93/templates/cluster-agent-poddisruptionbudget.yaml deleted file mode 100644 index 64a265b7d..000000000 --- a/charts/stackstate/stackstate-k8s-agent/1.0.93/templates/cluster-agent-poddisruptionbudget.yaml +++ /dev/null @@ -1,21 +0,0 @@ -{{- if .Capabilities.APIVersions.Has "policy/v1/PodDisruptionBudget" }} -apiVersion: policy/v1 -{{- else }} -apiVersion: policy/v1beta1 -{{- end }} -kind: PodDisruptionBudget -metadata: - name: {{ include "stackstate-k8s-agent.fullname" . }} - labels: -{{ include "stackstate-k8s-agent.labels" . | indent 4 }} -{{ include "stackstate-k8s-agent.global.extraLabels" . | indent 4 }} - app.kubernetes.io/component: cluster-agent - annotations: -{{ include "stackstate-k8s-agent.global.extraAnnotations" . | indent 4 }} -spec: - maxUnavailable: 1 - selector: - matchLabels: - app.kubernetes.io/component: cluster-agent - app.kubernetes.io/instance: {{ .Release.Name }} - app.kubernetes.io/name: {{ include "stackstate-k8s-agent.name" . }} diff --git a/charts/stackstate/stackstate-k8s-agent/1.0.93/templates/cluster-agent-role.yaml b/charts/stackstate/stackstate-k8s-agent/1.0.93/templates/cluster-agent-role.yaml deleted file mode 100644 index eabc5bde3..000000000 --- a/charts/stackstate/stackstate-k8s-agent/1.0.93/templates/cluster-agent-role.yaml +++ /dev/null @@ -1,21 +0,0 @@ -{{- $kubeRes := .Values.clusterAgent.collection.kubernetesResources }} -apiVersion: rbac.authorization.k8s.io/v1 -kind: Role -metadata: - name: {{ include "stackstate-k8s-agent.fullname" . }} - labels: -{{ include "stackstate-k8s-agent.labels" . | indent 4 }} -{{ include "stackstate-k8s-agent.global.extraLabels" . | indent 4 }} - app.kubernetes.io/component: cluster-agent - annotations: -{{ include "stackstate-k8s-agent.global.extraAnnotations" . | indent 4 }} -rules: -- apiGroups: - - "" - resources: - - configmaps - verbs: - - create - - get - - patch - - update diff --git a/charts/stackstate/stackstate-k8s-agent/1.0.93/templates/cluster-agent-rolebinding.yaml b/charts/stackstate/stackstate-k8s-agent/1.0.93/templates/cluster-agent-rolebinding.yaml deleted file mode 100644 index adabad45e..000000000 --- a/charts/stackstate/stackstate-k8s-agent/1.0.93/templates/cluster-agent-rolebinding.yaml +++ /dev/null @@ -1,18 +0,0 @@ -apiVersion: rbac.authorization.k8s.io/v1 -kind: RoleBinding -metadata: - name: {{ include "stackstate-k8s-agent.fullname" . }} - labels: -{{ include "stackstate-k8s-agent.labels" . | indent 4 }} -{{ include "stackstate-k8s-agent.global.extraLabels" . | indent 4 }} - app.kubernetes.io/component: cluster-agent - annotations: -{{ include "stackstate-k8s-agent.global.extraAnnotations" . | indent 4 }} -roleRef: - apiGroup: rbac.authorization.k8s.io - kind: Role - name: {{ include "stackstate-k8s-agent.fullname" . }} -subjects: -- apiGroup: "" - kind: ServiceAccount - name: {{ include "stackstate-k8s-agent.fullname" . }} diff --git a/charts/stackstate/stackstate-k8s-agent/1.0.93/templates/cluster-agent-service.yaml b/charts/stackstate/stackstate-k8s-agent/1.0.93/templates/cluster-agent-service.yaml deleted file mode 100644 index 8b687e8f7..000000000 --- a/charts/stackstate/stackstate-k8s-agent/1.0.93/templates/cluster-agent-service.yaml +++ /dev/null @@ -1,21 +0,0 @@ -apiVersion: v1 -kind: Service -metadata: - name: {{ .Release.Name }}-cluster-agent - namespace: {{ .Release.Namespace }} - labels: -{{ include "stackstate-k8s-agent.labels" . | indent 4 }} -{{ include "stackstate-k8s-agent.global.extraLabels" . | indent 4 }} - app.kubernetes.io/component: cluster-agent - annotations: -{{ include "stackstate-k8s-agent.global.extraAnnotations" . | indent 4 }} -spec: - ports: - - name: clusteragent - port: {{int .Values.clusterAgent.service.port }} - protocol: TCP - targetPort: {{int .Values.clusterAgent.service.targetPort }} - selector: - app.kubernetes.io/component: cluster-agent - app.kubernetes.io/instance: {{ .Release.Name }} - app.kubernetes.io/name: {{ include "stackstate-k8s-agent.name" . }} diff --git a/charts/stackstate/stackstate-k8s-agent/1.0.93/templates/cluster-agent-serviceaccount.yaml b/charts/stackstate/stackstate-k8s-agent/1.0.93/templates/cluster-agent-serviceaccount.yaml deleted file mode 100644 index 6cbc89699..000000000 --- a/charts/stackstate/stackstate-k8s-agent/1.0.93/templates/cluster-agent-serviceaccount.yaml +++ /dev/null @@ -1,14 +0,0 @@ -apiVersion: v1 -kind: ServiceAccount -metadata: - name: {{ include "stackstate-k8s-agent.fullname" . }} - namespace: {{ .Release.Namespace }} - labels: -{{ include "stackstate-k8s-agent.labels" . | indent 4 }} -{{ include "stackstate-k8s-agent.global.extraLabels" . | indent 4 }} - app.kubernetes.io/component: cluster-agent - annotations: -{{ include "stackstate-k8s-agent.global.extraAnnotations" . | indent 4 }} -{{- with .Values.clusterAgent.serviceaccount.annotations }} - {{- toYaml . | nindent 4 }} -{{- end }} diff --git a/charts/stackstate/stackstate-k8s-agent/1.0.93/templates/logs-agent-clusterrole.yaml b/charts/stackstate/stackstate-k8s-agent/1.0.93/templates/logs-agent-clusterrole.yaml deleted file mode 100644 index da6cd59dd..000000000 --- a/charts/stackstate/stackstate-k8s-agent/1.0.93/templates/logs-agent-clusterrole.yaml +++ /dev/null @@ -1,23 +0,0 @@ -{{- if .Values.logsAgent.enabled }} -apiVersion: rbac.authorization.k8s.io/v1 -kind: ClusterRole -metadata: - name: {{ .Release.Name }}-logs-agent - labels: -{{ include "stackstate-k8s-agent.labels" . | indent 4 }} -{{ include "stackstate-k8s-agent.global.extraLabels" . | indent 4 }} - app.kubernetes.io/component: logs-agent - annotations: -{{ include "stackstate-k8s-agent.global.extraAnnotations" . | indent 4 }} -rules: -- apiGroups: # Kubelet connectivity - - "" - resources: - - nodes - - services - - pods - verbs: - - get - - watch - - list -{{- end -}} diff --git a/charts/stackstate/stackstate-k8s-agent/1.0.93/templates/logs-agent-clusterrolebinding.yaml b/charts/stackstate/stackstate-k8s-agent/1.0.93/templates/logs-agent-clusterrolebinding.yaml deleted file mode 100644 index 1f6e7cfcf..000000000 --- a/charts/stackstate/stackstate-k8s-agent/1.0.93/templates/logs-agent-clusterrolebinding.yaml +++ /dev/null @@ -1,21 +0,0 @@ -{{- if .Values.logsAgent.enabled }} -apiVersion: rbac.authorization.k8s.io/v1 -kind: ClusterRoleBinding -metadata: - name: {{ .Release.Name }}-logs-agent - labels: -{{ include "stackstate-k8s-agent.labels" . | indent 4 }} -{{ include "stackstate-k8s-agent.global.extraLabels" . | indent 4 }} - app.kubernetes.io/component: logs-agent - annotations: -{{ include "stackstate-k8s-agent.global.extraAnnotations" . | indent 4 }} -roleRef: - apiGroup: rbac.authorization.k8s.io - kind: ClusterRole - name: {{ .Release.Name }}-logs-agent -subjects: -- apiGroup: "" - kind: ServiceAccount - name: {{ .Release.Name }}-logs-agent - namespace: {{ .Release.Namespace }} -{{- end -}} diff --git a/charts/stackstate/stackstate-k8s-agent/1.0.93/templates/logs-agent-configmap.yaml b/charts/stackstate/stackstate-k8s-agent/1.0.93/templates/logs-agent-configmap.yaml deleted file mode 100644 index ff9440a4b..000000000 --- a/charts/stackstate/stackstate-k8s-agent/1.0.93/templates/logs-agent-configmap.yaml +++ /dev/null @@ -1,63 +0,0 @@ -{{- if .Values.logsAgent.enabled }} -apiVersion: v1 -kind: ConfigMap -metadata: - name: {{ .Release.Name }}-logs-agent - labels: -{{ include "stackstate-k8s-agent.labels" . | indent 4 }} -{{ include "stackstate-k8s-agent.global.extraLabels" . | indent 4 }} - app.kubernetes.io/component: logs-agent - annotations: -{{ include "stackstate-k8s-agent.global.extraAnnotations" . | indent 4 }} -data: - promtail.yaml: | - server: - http_listen_port: 9080 - grpc_listen_port: 0 - - clients: - - url: {{ tpl .Values.stackstate.url . }}/logs/k8s?api_key=${STS_API_KEY} - external_labels: - sts_cluster_name: {{ .Values.stackstate.cluster.name | quote }} - {{- if .Values.global.proxy.url }} - proxy_url: {{ .Values.global.proxy.url | quote }} - {{- end }} - tls_config: - insecure_skip_verify: {{ or .Values.global.skipSslValidation .Values.logsAgent.skipSslValidation }} - - - positions: - filename: /tmp/positions.yaml - target_config: - sync_period: 10s - scrape_configs: - - job_name: pod-logs - kubernetes_sd_configs: - - role: pod - pipeline_stages: - - docker: {} - - cri: {} - relabel_configs: - - action: replace - source_labels: - - __meta_kubernetes_pod_name - target_label: pod_name - - action: replace - source_labels: - - __meta_kubernetes_pod_uid - target_label: pod_uid - - action: replace - source_labels: - - __meta_kubernetes_pod_container_name - target_label: container_name - # The __path__ is required by the promtail client - - replacement: /var/log/pods/*$1/*.log - separator: / - source_labels: - - __meta_kubernetes_pod_uid - - __meta_kubernetes_pod_container_name - target_label: __path__ - # Drop all remaining labels, we do not need those - - action: drop - regex: __meta_(.*) -{{- end -}} diff --git a/charts/stackstate/stackstate-k8s-agent/1.0.93/templates/logs-agent-daemonset.yaml b/charts/stackstate/stackstate-k8s-agent/1.0.93/templates/logs-agent-daemonset.yaml deleted file mode 100644 index 23cfce31f..000000000 --- a/charts/stackstate/stackstate-k8s-agent/1.0.93/templates/logs-agent-daemonset.yaml +++ /dev/null @@ -1,91 +0,0 @@ -{{- if .Values.logsAgent.enabled }} -apiVersion: apps/v1 -kind: DaemonSet -metadata: - name: {{ .Release.Name }}-logs-agent - namespace: {{ .Release.Namespace }} - labels: -{{ include "stackstate-k8s-agent.labels" . | indent 4 }} -{{ include "stackstate-k8s-agent.global.extraLabels" . | indent 4 }} - app.kubernetes.io/component: logs-agent - annotations: -{{ include "stackstate-k8s-agent.global.extraAnnotations" . | indent 4 }} -spec: - selector: - matchLabels: - app.kubernetes.io/component: logs-agent - app.kubernetes.io/instance: {{ .Release.Name }} - app.kubernetes.io/name: {{ include "stackstate-k8s-agent.name" . }} -{{- with .Values.logsAgent.updateStrategy }} - updateStrategy: - {{- toYaml . | nindent 4 }} -{{- end }} - template: - metadata: - annotations: - {{- include "stackstate-k8s-agent.checksum-configs" . | nindent 8 }} - {{- include "stackstate-k8s-agent.logsAgent.configmap.override.checksum" . | nindent 8 }} -{{ include "stackstate-k8s-agent.global.extraAnnotations" . | indent 8 }} - labels: - app.kubernetes.io/component: logs-agent - app.kubernetes.io/instance: {{ .Release.Name }} - app.kubernetes.io/name: {{ include "stackstate-k8s-agent.name" . }} -{{ include "stackstate-k8s-agent.global.extraLabels" . | indent 8 }} - spec: - {{- include "stackstate-k8s-agent.image.pullSecrets" (dict "images" (list .Values.logsAgent.image .Values.all.image) "context" $) | nindent 6 }} - containers: - - name: logs-agent - image: "{{ include "stackstate-k8s-agent.imageRegistry" . }}/{{ .Values.logsAgent.image.repository }}:{{ .Values.logsAgent.image.tag }}" - args: - - -config.expand-env=true - - -config.file=/etc/promtail/promtail.yaml - imagePullPolicy: "{{ .Values.logsAgent.image.pullPolicy }}" - env: - {{ include "stackstate-k8s-agent.apiKeyEnv" . | nindent 10 }} - - name: "HOSTNAME" # needed when using kubernetes_sd_configs - valueFrom: - fieldRef: - fieldPath: "spec.nodeName" - securityContext: - privileged: false - {{- with .Values.logsAgent.resources }} - resources: - {{- toYaml . | nindent 12 }} - {{- end }} - volumeMounts: - - name: logs - mountPath: /var/log - readOnly: true - - name: logs-agent-config - mountPath: /etc/promtail - readOnly: true - - name: varlibdockercontainers - mountPath: /var/lib/docker/containers - readOnly: true - {{- if .Values.logsAgent.priorityClassName }} - priorityClassName: {{ .Values.logsAgent.priorityClassName }} - {{- end }} - serviceAccountName: {{ .Release.Name }}-logs-agent - {{- with .Values.logsAgent.nodeSelector }} - nodeSelector: - {{- toYaml . | nindent 8 }} - {{- end }} - {{- with .Values.logsAgent.affinity }} - affinity: - {{- toYaml . | nindent 8 }} - {{- end }} - {{- with .Values.logsAgent.tolerations }} - tolerations: - {{- toYaml . | nindent 8 }} - {{- end }} - volumes: - - name: logs - hostPath: - path: /var/log - - name: varlibdockercontainers - hostPath: - path: /var/lib/docker/containers - - name: logs-agent-config - configMap: - name: {{ .Release.Name }}-logs-agent -{{- end -}} diff --git a/charts/stackstate/stackstate-k8s-agent/1.0.93/templates/logs-agent-serviceaccount.yaml b/charts/stackstate/stackstate-k8s-agent/1.0.93/templates/logs-agent-serviceaccount.yaml deleted file mode 100644 index 91cfdb137..000000000 --- a/charts/stackstate/stackstate-k8s-agent/1.0.93/templates/logs-agent-serviceaccount.yaml +++ /dev/null @@ -1,16 +0,0 @@ -{{- if .Values.logsAgent.enabled }} -apiVersion: v1 -kind: ServiceAccount -metadata: - name: {{ .Release.Name }}-logs-agent - namespace: {{ .Release.Namespace }} - labels: -{{ include "stackstate-k8s-agent.labels" . | indent 4 }} -{{ include "stackstate-k8s-agent.global.extraLabels" . | indent 4 }} - app.kubernetes.io/component: logs-agent - annotations: -{{ include "stackstate-k8s-agent.global.extraAnnotations" . | indent 4 }} -{{- with .Values.logsAgent.serviceaccount.annotations }} - {{- toYaml . | nindent 4 }} -{{- end }} -{{- end -}} diff --git a/charts/stackstate/stackstate-k8s-agent/1.0.93/templates/node-agent-clusterrole.yaml b/charts/stackstate/stackstate-k8s-agent/1.0.93/templates/node-agent-clusterrole.yaml deleted file mode 100644 index 1ded16cc2..000000000 --- a/charts/stackstate/stackstate-k8s-agent/1.0.93/templates/node-agent-clusterrole.yaml +++ /dev/null @@ -1,21 +0,0 @@ -apiVersion: rbac.authorization.k8s.io/v1 -kind: ClusterRole -metadata: - name: {{ .Release.Name }}-node-agent - labels: -{{ include "stackstate-k8s-agent.labels" . | indent 4 }} -{{ include "stackstate-k8s-agent.global.extraLabels" . | indent 4 }} - app.kubernetes.io/component: node-agent - annotations: -{{ include "stackstate-k8s-agent.global.extraAnnotations" . | indent 4 }} -rules: -- apiGroups: # Kubelet connectivity - - "" - resources: - - nodes/metrics - - nodes/proxy - - nodes/spec - - endpoints - verbs: - - get - - list diff --git a/charts/stackstate/stackstate-k8s-agent/1.0.93/templates/node-agent-clusterrolebinding.yaml b/charts/stackstate/stackstate-k8s-agent/1.0.93/templates/node-agent-clusterrolebinding.yaml deleted file mode 100644 index b3f033ebb..000000000 --- a/charts/stackstate/stackstate-k8s-agent/1.0.93/templates/node-agent-clusterrolebinding.yaml +++ /dev/null @@ -1,19 +0,0 @@ -apiVersion: rbac.authorization.k8s.io/v1 -kind: ClusterRoleBinding -metadata: - name: {{ .Release.Name }}-node-agent - labels: -{{ include "stackstate-k8s-agent.labels" . | indent 4 }} -{{ include "stackstate-k8s-agent.global.extraLabels" . | indent 4 }} - app.kubernetes.io/component: node-agent - annotations: -{{ include "stackstate-k8s-agent.global.extraAnnotations" . | indent 4 }} -roleRef: - apiGroup: rbac.authorization.k8s.io - kind: ClusterRole - name: {{ .Release.Name }}-node-agent -subjects: -- apiGroup: "" - kind: ServiceAccount - name: {{ .Release.Name }}-node-agent - namespace: {{ .Release.Namespace }} diff --git a/charts/stackstate/stackstate-k8s-agent/1.0.93/templates/node-agent-configmap.yaml b/charts/stackstate/stackstate-k8s-agent/1.0.93/templates/node-agent-configmap.yaml deleted file mode 100644 index 8f6b2ed3a..000000000 --- a/charts/stackstate/stackstate-k8s-agent/1.0.93/templates/node-agent-configmap.yaml +++ /dev/null @@ -1,17 +0,0 @@ -{{- if .Values.nodeAgent.config.override }} -apiVersion: v1 -kind: ConfigMap -metadata: - name: {{ .Release.Name }}-node-agent - labels: -{{ include "stackstate-k8s-agent.labels" . | indent 4 }} -{{ include "stackstate-k8s-agent.global.extraLabels" . | indent 4 }} - app.kubernetes.io/component: node-agent - annotations: -{{ include "stackstate-k8s-agent.global.extraAnnotations" . | indent 4 }} -data: -{{- range .Values.nodeAgent.config.override }} - {{ .path | replace "/" "_"}}_{{ .name }}: | -{{ .data | indent 4 -}} -{{- end -}} -{{- end -}} diff --git a/charts/stackstate/stackstate-k8s-agent/1.0.93/templates/node-agent-daemonset.yaml b/charts/stackstate/stackstate-k8s-agent/1.0.93/templates/node-agent-daemonset.yaml deleted file mode 100644 index 4c8dbdd5a..000000000 --- a/charts/stackstate/stackstate-k8s-agent/1.0.93/templates/node-agent-daemonset.yaml +++ /dev/null @@ -1,110 +0,0 @@ ---- -apiVersion: apps/v1 -kind: DaemonSet -metadata: - name: {{ .Release.Name }}-node-agent - namespace: {{ .Release.Namespace }} - labels: -{{ include "stackstate-k8s-agent.labels" . | indent 4 }} -{{ include "stackstate-k8s-agent.global.extraLabels" . | indent 4 }} - app.kubernetes.io/component: node-agent - annotations: -{{ include "stackstate-k8s-agent.global.extraAnnotations" . | indent 4 }} -spec: - selector: - matchLabels: - app.kubernetes.io/component: node-agent - app.kubernetes.io/instance: {{ .Release.Name }} - app.kubernetes.io/name: {{ include "stackstate-k8s-agent.name" . }} -{{- with .Values.nodeAgent.updateStrategy }} - updateStrategy: - {{- toYaml . | nindent 4 }} -{{- end }} - template: - metadata: - annotations: - {{- include "stackstate-k8s-agent.checksum-configs" . | nindent 8 }} - {{- include "stackstate-k8s-agent.nodeAgent.configmap.override.checksum" . | nindent 8 }} -{{ include "stackstate-k8s-agent.global.extraAnnotations" . | indent 8 }} - labels: - app.kubernetes.io/component: node-agent - app.kubernetes.io/instance: {{ .Release.Name }} - app.kubernetes.io/name: {{ include "stackstate-k8s-agent.name" . }} -{{ include "stackstate-k8s-agent.global.extraLabels" . | indent 8 }} - spec: - {{- include "stackstate-k8s-agent.image.pullSecrets" (dict "images" (list .Values.nodeAgent.containers.agent.image .Values.all.image) "context" $) | nindent 6 }} - {{- if .Values.all.hardening.enabled}} - terminationGracePeriodSeconds: 240 - {{- end }} - containers: - {{- include "container-agent" . | nindent 6 }} - {{- if .Values.nodeAgent.containers.processAgent.enabled }} - {{- include "container-process-agent" . | nindent 6 }} - {{- end }} - dnsPolicy: ClusterFirstWithHostNet - hostNetwork: true - hostPID: true - {{- if .Values.nodeAgent.priorityClassName }} - priorityClassName: {{ .Values.nodeAgent.priorityClassName }} - {{- end }} - serviceAccountName: {{ .Release.Name }}-node-agent - nodeSelector: - {{ template "label.os" . }}: {{ .Values.targetSystem }} - {{- with .Values.nodeAgent.nodeSelector }} - {{- toYaml . | nindent 8 }} - {{- end }} - {{- with .Values.nodeAgent.affinity }} - affinity: - {{- toYaml . | nindent 8 }} - {{- end }} - {{- with .Values.nodeAgent.tolerations }} - tolerations: - {{- toYaml . | nindent 8 }} - {{- end }} - volumes: - {{- if .Values.nodeAgent.containerRuntime.customSocketPath }} - - hostPath: - path: {{ .Values.nodeAgent.containerRuntime.customSocketPath }} - name: customcrisocket - {{- end }} - - hostPath: - path: /var/lib/kubelet - name: kubelet - - hostPath: - path: /var/lib/nfs - name: nfs - - hostPath: - path: /var/lib/docker/overlay2 - name: dockeroverlay2 - - hostPath: - path: /run/docker/netns - name: dockernetns - - hostPath: - path: /var/run/crio/crio.sock - name: crisocket - - hostPath: - path: /var/run/containerd/containerd.sock - name: containerdsocket - - hostPath: - path: /sys/kernel/debug - name: sys-kernel-debug - - hostPath: - path: /var/run/docker.sock - name: dockersocket - - hostPath: - path: {{ .Values.nodeAgent.containerRuntime.hostProc }} - name: procdir - - hostPath: - path: /etc - name: etcdir - - hostPath: - path: /etc/passwd - name: passwd - - hostPath: - path: /sys/fs/cgroup - name: cgroups - {{- if .Values.nodeAgent.config.override }} - - name: config-override-volume - configMap: - name: {{ .Release.Name }}-node-agent - {{- end }} diff --git a/charts/stackstate/stackstate-k8s-agent/1.0.93/templates/node-agent-podautoscaler.yaml b/charts/stackstate/stackstate-k8s-agent/1.0.93/templates/node-agent-podautoscaler.yaml deleted file mode 100644 index 38298d414..000000000 --- a/charts/stackstate/stackstate-k8s-agent/1.0.93/templates/node-agent-podautoscaler.yaml +++ /dev/null @@ -1,39 +0,0 @@ ---- -{{- if .Values.nodeAgent.autoScalingEnabled }} -apiVersion: "autoscaling.k8s.io/v1" -kind: VerticalPodAutoscaler -metadata: - name: {{ .Release.Name }}-node-agent-vpa - namespace: {{ .Release.Namespace }} - labels: -{{ include "stackstate-k8s-agent.global.extraLabels" . | indent 4 }} - annotations: -{{ include "stackstate-k8s-agent.global.extraAnnotations" . | indent 4 }} -spec: - targetRef: - apiVersion: "apps/v1" - kind: DaemonSet - name: {{ .Release.Name }}-node-agent - resourcePolicy: - containerPolicies: - - containerName: 'node-agent' - minAllowed: - cpu: {{ .Values.nodeAgent.scaling.autoscalerLimits.agent.minimum.cpu }} - memory: {{ .Values.nodeAgent.scaling.autoscalerLimits.agent.minimum.memory }} - maxAllowed: - cpu: {{ .Values.nodeAgent.scaling.autoscalerLimits.agent.maximum.cpu }} - memory: {{ .Values.nodeAgent.scaling.autoscalerLimits.agent.maximum.memory }} - controlledResources: ["cpu", "memory"] - controlledValues: RequestsAndLimits - - containerName: 'process-agent' - minAllowed: - cpu: {{ .Values.nodeAgent.scaling.autoscalerLimits.processAgent.minimum.cpu }} - memory: {{ .Values.nodeAgent.scaling.autoscalerLimits.processAgent.minimum.memory }} - maxAllowed: - cpu: {{ .Values.nodeAgent.scaling.autoscalerLimits.processAgent.maximum.cpu }} - memory: {{ .Values.nodeAgent.scaling.autoscalerLimits.processAgent.maximum.memory }} - controlledResources: ["cpu", "memory"] - controlledValues: RequestsAndLimits - updatePolicy: - updateMode: "Auto" -{{- end }} diff --git a/charts/stackstate/stackstate-k8s-agent/1.0.93/templates/node-agent-scc.yaml b/charts/stackstate/stackstate-k8s-agent/1.0.93/templates/node-agent-scc.yaml deleted file mode 100644 index a09da78c1..000000000 --- a/charts/stackstate/stackstate-k8s-agent/1.0.93/templates/node-agent-scc.yaml +++ /dev/null @@ -1,60 +0,0 @@ -{{- if .Values.nodeAgent.scc.enabled }} -allowHostDirVolumePlugin: true -# was true -allowHostIPC: true -# was true -allowHostNetwork: true -# Allow host PID for dogstatsd origin detection -allowHostPID: true -# Allow host ports for dsd / trace / logs intake -allowHostPorts: true -allowPrivilegeEscalation: true -# was true -allowPrivilegedContainer: true -# was - '*' -allowedCapabilities: [] -allowedUnsafeSysctls: -- '*' -apiVersion: security.openshift.io/v1 -defaultAddCapabilities: null -fsGroup: -# was RunAsAny - type: MustRunAs -groups: [] -kind: SecurityContextConstraints -metadata: - name: {{ .Release.Name }}-node-agent - namespace: {{ .Release.Namespace }} - labels: -{{ include "stackstate-k8s-agent.global.extraLabels" . | indent 4 }} - annotations: -{{ include "stackstate-k8s-agent.global.extraAnnotations" . | indent 4 }} -priority: null -readOnlyRootFilesystem: false -requiredDropCapabilities: null -# was RunAsAny -runAsUser: - type: MustRunAsRange -# Use the `spc_t` selinux type to access the -# docker socket + proc and cgroup stats -seLinuxContext: - type: RunAsAny - seLinuxOptions: - user: "system_u" - role: "system_r" - type: "spc_t" - level: "s0" -# was - '*' -seccompProfiles: [] -supplementalGroups: - type: RunAsAny -users: -- system:serviceaccount:{{ .Release.Namespace }}:{{ .Release.Name }}-node-agent -# Allow hostPath for docker / process metrics -volumes: - - configMap - - downwardAPI - - emptyDir - - hostPath - - secret -{{- end }} diff --git a/charts/stackstate/stackstate-k8s-agent/1.0.93/templates/node-agent-service.yaml b/charts/stackstate/stackstate-k8s-agent/1.0.93/templates/node-agent-service.yaml deleted file mode 100644 index 0b6cd6ec0..000000000 --- a/charts/stackstate/stackstate-k8s-agent/1.0.93/templates/node-agent-service.yaml +++ /dev/null @@ -1,28 +0,0 @@ -apiVersion: v1 -kind: Service -metadata: - name: {{ .Release.Name }}-node-agent - namespace: {{ .Release.Namespace }} - labels: -{{ include "stackstate-k8s-agent.labels" . | indent 4 }} -{{ include "stackstate-k8s-agent.global.extraLabels" . | indent 4 }} - app.kubernetes.io/component: node-agent - annotations: -{{ include "stackstate-k8s-agent.global.extraAnnotations" . | indent 4 }} -{{- with .Values.nodeAgent.service.annotations }} - {{- toYaml . | nindent 4 }} -{{- end }} -spec: - type: {{ .Values.nodeAgent.service.type }} -{{- if eq .Values.nodeAgent.service.type "LoadBalancer" }} - loadBalancerSourceRanges: {{ toYaml .Values.nodeAgent.service.loadBalancerSourceRanges | nindent 4}} -{{- end }} - ports: - - name: traceport - port: 8126 - protocol: TCP - targetPort: 8126 - selector: - app.kubernetes.io/component: node-agent - app.kubernetes.io/instance: {{ .Release.Name }} - app.kubernetes.io/name: {{ include "stackstate-k8s-agent.name" . }} diff --git a/charts/stackstate/stackstate-k8s-agent/1.0.93/templates/node-agent-serviceaccount.yaml b/charts/stackstate/stackstate-k8s-agent/1.0.93/templates/node-agent-serviceaccount.yaml deleted file mode 100644 index 803d184ef..000000000 --- a/charts/stackstate/stackstate-k8s-agent/1.0.93/templates/node-agent-serviceaccount.yaml +++ /dev/null @@ -1,14 +0,0 @@ -apiVersion: v1 -kind: ServiceAccount -metadata: - name: {{ .Release.Name }}-node-agent - namespace: {{ .Release.Namespace }} - labels: -{{ include "stackstate-k8s-agent.labels" . | indent 4 }} -{{ include "stackstate-k8s-agent.global.extraLabels" . | indent 4 }} - app.kubernetes.io/component: node-agent - annotations: -{{ include "stackstate-k8s-agent.global.extraAnnotations" . | indent 4 }} -{{- with .Values.nodeAgent.serviceaccount.annotations }} - {{- toYaml . | nindent 4 }} -{{- end }} diff --git a/charts/stackstate/stackstate-k8s-agent/1.0.93/templates/openshift-logging-secret.yaml b/charts/stackstate/stackstate-k8s-agent/1.0.93/templates/openshift-logging-secret.yaml deleted file mode 100644 index ed0707f1f..000000000 --- a/charts/stackstate/stackstate-k8s-agent/1.0.93/templates/openshift-logging-secret.yaml +++ /dev/null @@ -1,22 +0,0 @@ -{{- if not .Values.stackstate.manageOwnSecrets }} -{{- if .Values.openShiftLogging.installSecret }} -apiVersion: v1 -kind: Secret -metadata: - name: {{ include "stackstate-k8s-agent.fullname" . }}-logging-secret - namespace: openshift-logging - labels: -{{ include "stackstate-k8s-agent.labels" . | indent 4 }} -{{ include "stackstate-k8s-agent.global.extraLabels" . | indent 4 }} - annotations: -{{ include "stackstate-k8s-agent.global.extraAnnotations" . | indent 4 }} -type: Opaque -data: - username: {{ "apikey" | b64enc | quote }} -{{- if .Values.global.receiverApiKey }} - password: {{ .Values.global.receiverApiKey | b64enc | quote }} -{{- else }} - password: {{ .Values.stackstate.apiKey | b64enc | quote }} -{{- end }} -{{- end }} -{{- end }} diff --git a/charts/stackstate/stackstate-k8s-agent/1.0.93/templates/pull-secret.yaml b/charts/stackstate/stackstate-k8s-agent/1.0.93/templates/pull-secret.yaml deleted file mode 100644 index 916941665..000000000 --- a/charts/stackstate/stackstate-k8s-agent/1.0.93/templates/pull-secret.yaml +++ /dev/null @@ -1,39 +0,0 @@ -{{- $defaultRegistry := .Values.global.imageRegistry }} -{{- $top := . }} -{{- $registryAuthMap := dict }} - -{{- range $registry, $credentials := .Values.global.imagePullCredentials }} - {{- $registryAuthDocument := dict -}} - {{- $_ := set $registryAuthDocument "username" $credentials.username }} - {{- $_ := set $registryAuthDocument "password" $credentials.password }} - {{- $authMessage := printf "%s:%s" $registryAuthDocument.username $registryAuthDocument.password | b64enc }} - {{- $_ := set $registryAuthDocument "auth" $authMessage }} - {{- if eq $registry "default" }} - {{- $registryAuthMap := set $registryAuthMap (include "stackstate-k8s-agent.imageRegistry" $top) $registryAuthDocument }} - {{ else }} - {{- $registryAuthMap := set $registryAuthMap $registry $registryAuthDocument }} - {{- end }} -{{- end }} - -{{- if .Values.all.image.pullSecretUsername }} - {{- $registryAuthDocument := dict -}} - {{- $_ := set $registryAuthDocument "username" .Values.all.image.pullSecretUsername }} - {{- $_ := set $registryAuthDocument "password" .Values.all.image.pullSecretPassword }} - {{- $authMessage := printf "%s:%s" $registryAuthDocument.username $registryAuthDocument.password | b64enc }} - {{- $_ := set $registryAuthDocument "auth" $authMessage }} - {{- $registryAuthMap := set $registryAuthMap (include "stackstate-k8s-agent.imageRegistry" $top) $registryAuthDocument }} -{{- end }} - -{{- $dockerAuthsDocuments := dict "auths" $registryAuthMap }} - -apiVersion: v1 -kind: Secret -metadata: - name: {{ include "stackstate-k8s-agent.pull-secret.name" . }} - labels: -{{ include "stackstate-k8s-agent.global.extraLabels" . | indent 4 }} - annotations: -{{ include "stackstate-k8s-agent.global.extraAnnotations" . | indent 4 }} -data: - .dockerconfigjson: {{ $dockerAuthsDocuments | toJson | b64enc | quote }} -type: kubernetes.io/dockerconfigjson diff --git a/charts/stackstate/stackstate-k8s-agent/1.0.93/templates/secret.yaml b/charts/stackstate/stackstate-k8s-agent/1.0.93/templates/secret.yaml deleted file mode 100644 index 5e0f5f74c..000000000 --- a/charts/stackstate/stackstate-k8s-agent/1.0.93/templates/secret.yaml +++ /dev/null @@ -1,27 +0,0 @@ -{{- if not .Values.stackstate.manageOwnSecrets }} -apiVersion: v1 -kind: Secret -metadata: - name: {{ include "stackstate-k8s-agent.fullname" . }} - namespace: {{ .Release.Namespace }} - labels: -{{ include "stackstate-k8s-agent.labels" . | indent 4 }} -{{ include "stackstate-k8s-agent.global.extraLabels" . | indent 4 }} - annotations: -{{ include "stackstate-k8s-agent.global.extraAnnotations" . | indent 4 }} -type: Opaque -data: -{{- if .Values.global.receiverApiKey }} - sts-api-key: {{ .Values.global.receiverApiKey | b64enc | quote }} -{{- else }} - sts-api-key: {{ .Values.stackstate.apiKey | b64enc | quote }} -{{- end }} -{{- if .Values.stackstate.cluster.authToken }} - sts-cluster-auth-token: {{ .Values.stackstate.cluster.authToken | b64enc | quote }} -{{- else }} - sts-cluster-auth-token: {{ randAlphaNum 32 | b64enc | quote }} -{{- end }} -{{- range $key, $value := .Values.global.extraEnv.secret }} - {{ $key }}: {{ $value | b64enc | quote }} -{{- end }} -{{- end }} diff --git a/charts/stackstate/stackstate-k8s-agent/1.0.93/test/clusteragent_resources_test.go b/charts/stackstate/stackstate-k8s-agent/1.0.93/test/clusteragent_resources_test.go deleted file mode 100644 index 25875e871..000000000 --- a/charts/stackstate/stackstate-k8s-agent/1.0.93/test/clusteragent_resources_test.go +++ /dev/null @@ -1,145 +0,0 @@ -package test - -import ( - "regexp" - "strings" - "testing" - - v1 "k8s.io/api/rbac/v1" - - "github.com/stretchr/testify/assert" - "gitlab.com/StackVista/DevOps/helm-charts/helmtestutil" -) - -var requiredRules = []string{ - "events+get,list,watch", - "nodes+get,list,watch", - "pods+get,list,watch", - "services+get,list,watch", - "configmaps+create,get,patch,update", -} - -var optionalRules = []string{ - "namespaces+get,list,watch", - "componentstatuses+get,list,watch", - "configmaps+list,watch", // get is already required - "endpoints+get,list,watch", - "persistentvolumeclaims+get,list,watch", - "persistentvolumes+get,list,watch", - "secrets+get,list,watch", - "apps/daemonsets+get,list,watch", - "apps/deployments+get,list,watch", - "apps/replicasets+get,list,watch", - "apps/statefulsets+get,list,watch", - "extensions/ingresses+get,list,watch", - "batch/cronjobs+get,list,watch", - "batch/jobs+get,list,watch", -} - -var roleDescriptionRegexp = regexp.MustCompile(`^((?P\w+)/)?(?P\w+)\+(?P[\w,]+)`) - -type Rule struct { - Group string - ResourceName string - Verb string -} - -func assertRuleExistence(t *testing.T, rules []v1.PolicyRule, roleDescription string, shouldBePresent bool) { - match := roleDescriptionRegexp.FindStringSubmatch(roleDescription) - assert.NotNil(t, match) - - var roleRules []Rule - for _, rule := range rules { - for _, group := range rule.APIGroups { - for _, resource := range rule.Resources { - for _, verb := range rule.Verbs { - roleRules = append(roleRules, Rule{group, resource, verb}) - } - } - } - } - - resGroup := match[roleDescriptionRegexp.SubexpIndex("group")] - resName := match[roleDescriptionRegexp.SubexpIndex("name")] - verbs := strings.Split(match[roleDescriptionRegexp.SubexpIndex("verbs")], ",") - - for _, verb := range verbs { - requiredRule := Rule{resGroup, resName, verb} - found := false - for _, rule := range roleRules { - if rule == requiredRule { - found = true - break - } - } - if shouldBePresent { - assert.Truef(t, found, "Rule %v has not been found", requiredRule) - } else { - assert.Falsef(t, found, "Rule %v should not be present", requiredRule) - } - } -} - -func TestAllResourcesAreEnabled(t *testing.T) { - output := helmtestutil.RenderHelmTemplate(t, "stackstate-k8s-agent", "values/minimal.yaml") - resources := helmtestutil.NewKubernetesResources(t, output) - - assert.Contains(t, resources.ClusterRoles, "stackstate-k8s-agent") - assert.Contains(t, resources.Roles, "stackstate-k8s-agent") - rules := resources.ClusterRoles["stackstate-k8s-agent"].Rules - rules = append(rules, resources.Roles["stackstate-k8s-agent"].Rules...) - - for _, requiredRole := range requiredRules { - assertRuleExistence(t, rules, requiredRole, true) - } - // be default, everything is enabled, so all the optional roles should be present as well - for _, optionalRule := range optionalRules { - assertRuleExistence(t, rules, optionalRule, true) - } -} - -func TestMostOfResourcesAreDisabled(t *testing.T) { - output := helmtestutil.RenderHelmTemplate(t, "stackstate-k8s-agent", "values/minimal.yaml", "values/disable-all-resource.yaml") - resources := helmtestutil.NewKubernetesResources(t, output) - - assert.Contains(t, resources.ClusterRoles, "stackstate-k8s-agent") - assert.Contains(t, resources.Roles, "stackstate-k8s-agent") - rules := resources.ClusterRoles["stackstate-k8s-agent"].Rules - rules = append(rules, resources.Roles["stackstate-k8s-agent"].Rules...) - - for _, requiredRole := range requiredRules { - assertRuleExistence(t, rules, requiredRole, true) - } - - // we expect all optional resources to be removed from ClusterRole with the given values - for _, optionalRule := range optionalRules { - assertRuleExistence(t, rules, optionalRule, false) - } -} - -func TestNoClusterWideModificationRights(t *testing.T) { - output := helmtestutil.RenderHelmTemplate(t, "stackstate-k8s-agent", "values/minimal.yaml", "values/http-header-injector.yaml") - resources := helmtestutil.NewKubernetesResources(t, output) - assert.Contains(t, resources.ClusterRoles, "stackstate-k8s-agent") - illegalVerbs := []string{"create", "patch", "update", "delete"} - - for _, clusterRole := range resources.ClusterRoles { - for _, rule := range clusterRole.Rules { - for _, verb := range rule.Verbs { - assert.NotContains(t, illegalVerbs, verb, "ClusterRole %s should not have %s verb for %s resource", clusterRole.Name, verb, rule.Resources) - } - } - } -} - -func TestServicePortChange(t *testing.T) { - output := helmtestutil.RenderHelmTemplate(t, "stackstate-k8s-agent", "values/minimal.yaml", "values/clustercheck_service_port_override.yaml") - resources := helmtestutil.NewKubernetesResources(t, output) - - cluster_agent_service := resources.Services["stackstate-k8s-agent-cluster-agent"] - - port := cluster_agent_service.Spec.Ports[0] - assert.Equal(t, port.Name, "clusteragent") - assert.Equal(t, port.Port, int32(8008)) - assert.Equal(t, port.TargetPort.IntVal, int32(9009)) -} diff --git a/charts/stackstate/stackstate-k8s-agent/1.0.93/test/clustername_test.go b/charts/stackstate/stackstate-k8s-agent/1.0.93/test/clustername_test.go deleted file mode 100644 index 55090b995..000000000 --- a/charts/stackstate/stackstate-k8s-agent/1.0.93/test/clustername_test.go +++ /dev/null @@ -1,54 +0,0 @@ -package test - -import ( - "testing" - - "github.com/gruntwork-io/terratest/modules/helm" - "github.com/stretchr/testify/assert" - - "gitlab.com/StackVista/DevOps/helm-charts/helmtestutil" -) - -func TestHelmBasicRender(t *testing.T) { - output := helmtestutil.RenderHelmTemplate(t, "stackstate-k8s-agent", "values/minimal.yaml") - - // Parse all resources into their corresponding types for validation and further inspection - helmtestutil.NewKubernetesResources(t, output) -} - -func TestClusterNameValidation(t *testing.T) { - testCases := []struct { - Name string - ClusterName string - IsValid bool - }{ - {"not allowed end with special character [.]", "name.", false}, - {"not allowed end with special character [-]", "name.", false}, - {"not allowed start with special character [-]", "-name", false}, - {"not allowed start with special character [.]", ".name", false}, - {"upper case is not allowed", "Euwest1-prod.cool-company.com", false}, - {"upper case is not allowed", "euwest1-PROD.cool-company.com", false}, - {"upper case is not allowed", "euwest1-prod.cool-company.coM", false}, - {"dots and dashes are allowed in the middle", "euwest1-prod.cool-company.com", true}, - {"underscore is not allowed", "why_7", false}, - } - - for _, testCase := range testCases { - t.Run(testCase.Name, func(t *testing.T) { - output, err := helmtestutil.RenderHelmTemplateOpts( - t, "cluster-agent", - &helm.Options{ - ValuesFiles: []string{"values/minimal.yaml"}, - SetStrValues: map[string]string{ - "stackstate.cluster.name": testCase.ClusterName, - }, - }) - if testCase.IsValid { - assert.Nil(t, err) - } else { - assert.NotNil(t, err) - assert.Contains(t, output, "stackstate.cluster.name: Does not match pattern") - } - }) - } -} diff --git a/charts/stackstate/stackstate-k8s-agent/1.0.93/test/values/clustercheck_ksm_custom_url.yaml b/charts/stackstate/stackstate-k8s-agent/1.0.93/test/values/clustercheck_ksm_custom_url.yaml deleted file mode 100644 index 57b973eed..000000000 --- a/charts/stackstate/stackstate-k8s-agent/1.0.93/test/values/clustercheck_ksm_custom_url.yaml +++ /dev/null @@ -1,7 +0,0 @@ -checksAgent: - enabled: true - kubeStateMetrics: - url: http://my-custom-ksm-url.monitoring.svc.local:8080/metrics -dependencies: - kubeStateMetrics: - enabled: true diff --git a/charts/stackstate/stackstate-k8s-agent/1.0.93/test/values/clustercheck_ksm_no_override.yaml b/charts/stackstate/stackstate-k8s-agent/1.0.93/test/values/clustercheck_ksm_no_override.yaml deleted file mode 100644 index b6c817d47..000000000 --- a/charts/stackstate/stackstate-k8s-agent/1.0.93/test/values/clustercheck_ksm_no_override.yaml +++ /dev/null @@ -1,5 +0,0 @@ -checksAgent: - enabled: true -dependencies: - kubeStateMetrics: - enabled: true diff --git a/charts/stackstate/stackstate-k8s-agent/1.0.93/test/values/clustercheck_ksm_override.yaml b/charts/stackstate/stackstate-k8s-agent/1.0.93/test/values/clustercheck_ksm_override.yaml deleted file mode 100644 index 9ca201345..000000000 --- a/charts/stackstate/stackstate-k8s-agent/1.0.93/test/values/clustercheck_ksm_override.yaml +++ /dev/null @@ -1,26 +0,0 @@ -checksAgent: - enabled: true -dependencies: - kubeStateMetrics: - enabled: true -agent: - config: - override: -# agent.config.override -- Disables kubernetes_state check on regular agent pods. - - name: auto_conf.yaml - path: /etc/stackstate-agent/conf.d/kubernetes_state.d - data: | -clusterAgent: - config: - override: -# clusterAgent.config.override -- Defines kubernetes_state check for clusterchecks agents. Auto-discovery -# with ad_identifiers does not work here. Use a specific URL instead. - - name: conf.yaml - path: /etc/stackstate-agent/conf.d/kubernetes_state.d - data: | - cluster_check: true - - init_config: - - instances: - - kube_state_url: http://YOUR_KUBE_STATE_METRICS_SERVICE_NAME:8080/metrics diff --git a/charts/stackstate/stackstate-k8s-agent/1.0.93/test/values/clustercheck_no_ksm_custom_url.yaml b/charts/stackstate/stackstate-k8s-agent/1.0.93/test/values/clustercheck_no_ksm_custom_url.yaml deleted file mode 100644 index a62691878..000000000 --- a/charts/stackstate/stackstate-k8s-agent/1.0.93/test/values/clustercheck_no_ksm_custom_url.yaml +++ /dev/null @@ -1,7 +0,0 @@ -checksAgent: - enabled: true - kubeStateMetrics: - url: http://my-custom-ksm-url.monitoring.svc.local:8080/metrics -dependencies: - kubeStateMetrics: - enabled: false diff --git a/charts/stackstate/stackstate-k8s-agent/1.0.93/test/values/clustercheck_service_port_override.yaml b/charts/stackstate/stackstate-k8s-agent/1.0.93/test/values/clustercheck_service_port_override.yaml deleted file mode 100644 index c01a98fcb..000000000 --- a/charts/stackstate/stackstate-k8s-agent/1.0.93/test/values/clustercheck_service_port_override.yaml +++ /dev/null @@ -1,4 +0,0 @@ -clusterAgent: - service: - port: 8008 - targetPort: 9009 diff --git a/charts/stackstate/stackstate-k8s-agent/1.0.93/test/values/disable-all-resource.yaml b/charts/stackstate/stackstate-k8s-agent/1.0.93/test/values/disable-all-resource.yaml deleted file mode 100644 index cd33e843e..000000000 --- a/charts/stackstate/stackstate-k8s-agent/1.0.93/test/values/disable-all-resource.yaml +++ /dev/null @@ -1,17 +0,0 @@ -clusterAgent: - collection: - kubernetesMetrics: false - kubernetesResources: - namespaces: false - configmaps: false - endpoints: false - persistentvolumes: false - persistentvolumeclaims: false - secrets: false - daemonsets: false - deployments: false - replicasets: false - statefulsets: false - ingresses: false - cronjobs: false - jobs: false diff --git a/charts/stackstate/stackstate-k8s-agent/1.0.93/test/values/http-header-injector.yaml b/charts/stackstate/stackstate-k8s-agent/1.0.93/test/values/http-header-injector.yaml deleted file mode 100644 index c9392ce2d..000000000 --- a/charts/stackstate/stackstate-k8s-agent/1.0.93/test/values/http-header-injector.yaml +++ /dev/null @@ -1,8 +0,0 @@ -httpHeaderInjectorWebhook: - webhook: - tls: - mode: "provided" - provided: - caBundle: insert-ca-here - crt: insert-cert-here - key: insert-key-here diff --git a/charts/stackstate/stackstate-k8s-agent/1.0.93/test/values/minimal.yaml b/charts/stackstate/stackstate-k8s-agent/1.0.93/test/values/minimal.yaml deleted file mode 100644 index b310c9a09..000000000 --- a/charts/stackstate/stackstate-k8s-agent/1.0.93/test/values/minimal.yaml +++ /dev/null @@ -1,7 +0,0 @@ -stackstate: - apiKey: foobar - cluster: - name: some-k8s-cluster - token: some-token - - url: https://stackstate:7000/receiver diff --git a/charts/stackstate/stackstate-k8s-agent/1.0.93/values.schema.json b/charts/stackstate/stackstate-k8s-agent/1.0.93/values.schema.json deleted file mode 100644 index 57d36a9f3..000000000 --- a/charts/stackstate/stackstate-k8s-agent/1.0.93/values.schema.json +++ /dev/null @@ -1,78 +0,0 @@ -{ - "$schema": "https://json-schema.org/draft/2019-09/schema", - "$id": "https://stackstate.io/example.json", - "type": "object", - "default": {}, - "title": "StackState Agent Helm chart values", - "required": [ - "stackstate", - "clusterAgent" - ], - "properties": { - "stackstate": { - "type": "object", - "required": [ - "cluster", - "url" - ], - "properties": { - "apiKey": { - "type": "string" - }, - "cluster": { - "type": "object", - "required": ["name"], - "properties": { - "name": { - "type": "string", - "pattern": "^[a-z0-9]([a-z0-9\\-\\.]*[a-z0-9])$" - }, - "authToken": { - "type": "string" - } - } - }, - "url": { - "type": "string" - } - } - }, - "clusterAgent": { - "type": "object", - "required": [ - "config" - ], - "properties": { - "config": { - "type": "object", - "required": [ - "events" - ], - "properties": { - "events": { - "type": "object", - "properties": { - "categories": { - "type": "object", - "patternProperties": { - ".*": { - "type": [ - "string" - ], - "enum": [ - "Alerts", - "Activities", - "Changes", - "Others" - ] - } - } - } - } - } - } - } - } - } - } -} diff --git a/charts/stackstate/stackstate-k8s-agent/1.0.93/values.yaml b/charts/stackstate/stackstate-k8s-agent/1.0.93/values.yaml deleted file mode 100644 index d86d5d316..000000000 --- a/charts/stackstate/stackstate-k8s-agent/1.0.93/values.yaml +++ /dev/null @@ -1,616 +0,0 @@ -##################### -# General variables # -##################### - -global: - extraEnv: - # global.extraEnv.open -- Extra open environment variables to inject into pods. - open: {} - # global.extraEnv.secret -- Extra secret environment variables to inject into pods via a `Secret` object. - secret: {} - # global.imagePullSecrets -- Secrets / credentials needed for container image registry. - imagePullSecrets: [] - # global.imagePullCredentials -- Globally define credentials for pulling images. - imagePullCredentials: {} - proxy: - # global.proxy.url -- Proxy for all traffic to stackstate - url: "" - # global.skipSslValidation -- Enable tls validation from client - skipSslValidation: false - - # global.extraLabels -- Extra labels added ta all resources created by the helm chart - extraLabels: {} - # global.extraAnnotations -- Extra annotations added ta all resources created by the helm chart - extraAnnotations: {} - -# nameOverride -- Override the name of the chart. -nameOverride: "" -# fullnameOverride -- Override the fullname of the chart. -fullnameOverride: "" - -# targetSystem -- Target OS for this deployment (possible values: linux) -targetSystem: "linux" - -all: - image: - # all.image.registry -- The image registry to use. - registry: "quay.io" - hardening: - # all.hardening.enabled -- An indication of whether the containers will be evaluated for hardening at runtime - enabled: false - -nodeAgent: - # nodeAgent.autoScalingEnabled -- Enable / disable autoscaling for the node agent pods. - autoScalingEnabled: false - containerRuntime: - # nodeAgent.containerRuntime.customSocketPath -- If the container socket path does not match the default for CRI-O, Containerd or Docker, supply a custom socket path. - customSocketPath: "" - # nodeAgent.containerRuntime.customHostProc -- If the container is launched from a place where /proc is mounted differently, /proc can be changed - hostProc: /proc - - scc: - # nodeAgent.scc.enabled -- Enable / disable the installation of the SecurityContextConfiguration needed for installation on OpenShift. - enabled: false - apm: - # nodeAgent.apm.enabled -- Enable / disable the nodeAgent APM module. - enabled: true - networkTracing: - # nodeAgent.networkTracing.enabled -- Enable / disable the nodeAgent network tracing module. - enabled: true - protocolInspection: - # nodeAgent.protocolInspection.enabled -- Enable / disable the nodeAgent protocol inspection. - enabled: true - httpTracing: - enabled: true - # nodeAgent.skipSslValidation -- Set to true if self signed certificates are used. - skipSslValidation: false - # nodeAgent.skipKubeletTLSVerify -- Set to true if you want to skip kubelet tls verification. - skipKubeletTLSVerify: false - - # nodeAgent.checksTagCardinality -- low, orchestrator or high. Orchestrator level adds pod_name, high adds display_container_name - checksTagCardinality: orchestrator - - # nodeAgent.config -- - config: - # nodeAgent.config.override -- A list of objects containing three keys `name`, `path` and `data`, specifying filenames at specific paths which need to be (potentially) overridden using a mounted configmap - override: [] - - # nodeAgent.priorityClassName -- Priority class for nodeAgent pods. - priorityClassName: "" - - scaling: - autoscalerLimits: - agent: - minimum: - # nodeAgent.scaling.autoscalerLimits.agent.minimum.cpu -- Minimum CPU resource limits for main agent. - cpu: "20m" - # nodeAgent.scaling.autoscalerLimits.agent.minimum.memory -- Minimum memory resource limits for main agent. - memory: "180Mi" - maximum: - # nodeAgent.scaling.autoscalerLimits.agent.maximum.cpu -- Maximum CPU resource limits for main agent. - cpu: "200m" - # nodeAgent.scaling.autoscalerLimits.agent.maximum.memory -- Maximum memory resource limits for main agent. - memory: "450Mi" - processAgent: - minimum: - # nodeAgent.scaling.autoscalerLimits.processAgent.minimum.cpu -- Minimum CPU resource limits for process agent. - cpu: "25m" - # nodeAgent.scaling.autoscalerLimits.processAgent.minimum.memory -- Minimum memory resource limits for process agent. - memory: "100Mi" - maximum: - # nodeAgent.scaling.autoscalerLimits.processAgent.maximum.cpu -- Maximum CPU resource limits for process agent. - cpu: "200m" - # nodeAgent.scaling.autoscalerLimits.processAgent.maximum.memory -- Maximum memory resource limits for process agent. - memory: "500Mi" - - containers: - agent: - image: - # nodeAgent.containers.agent.image.repository -- Base container image repository. - repository: stackstate/stackstate-k8s-agent - # nodeAgent.containers.agent.image.tag -- Default container image tag. - tag: "10e27026" - # nodeAgent.containers.agent.image.pullPolicy -- Default container image pull policy. - pullPolicy: IfNotPresent - processAgent: - # nodeAgent.containers.agent.processAgent.enabled -- Enable / disable the agent process agent module. - deprecated - enabled: false - # nodeAgent.containers.agent.env -- Additional environment variables for the agent container - env: {} - # nodeAgent.containers.agent.logLevel -- Set logging verbosity, valid log levels are: trace, debug, info, warn, error, critical, and off - ## If not set, fall back to the value of agent.logLevel. - logLevel: # INFO - - resources: - limits: - # nodeAgent.containers.agent.resources.limits.cpu -- CPU resource limits. - cpu: "270m" - # nodeAgent.containers.agent.resources.limits.memory -- Memory resource limits. - memory: "420Mi" - requests: - # nodeAgent.containers.agent.resources.requests.cpu -- CPU resource requests. - cpu: "20m" - # nodeAgent.containers.agent.resources.requests.memory -- Memory resource requests. - memory: "180Mi" - livenessProbe: - # nodeAgent.containers.agent.livenessProbe.enabled -- Enable use of livenessProbe check. - enabled: true - # nodeAgent.containers.agent.livenessProbe.failureThreshold -- `failureThreshold` for the liveness probe. - failureThreshold: 3 - # nodeAgent.containers.agent.livenessProbe.initialDelaySeconds -- `initialDelaySeconds` for the liveness probe. - initialDelaySeconds: 15 - # nodeAgent.containers.agent.livenessProbe.periodSeconds -- `periodSeconds` for the liveness probe. - periodSeconds: 15 - # nodeAgent.containers.agent.livenessProbe.successThreshold -- `successThreshold` for the liveness probe. - successThreshold: 1 - # nodeAgent.containers.agent.livenessProbe.timeoutSeconds -- `timeoutSeconds` for the liveness probe. - timeoutSeconds: 5 - readinessProbe: - # nodeAgent.containers.agent.readinessProbe.enabled -- Enable use of readinessProbe check. - enabled: true - # nodeAgent.containers.agent.readinessProbe.failureThreshold -- `failureThreshold` for the readiness probe. - failureThreshold: 3 - # nodeAgent.containers.agent.readinessProbe.initialDelaySeconds -- `initialDelaySeconds` for the readiness probe. - initialDelaySeconds: 15 - # nodeAgent.containers.agent.readinessProbe.periodSeconds -- `periodSeconds` for the readiness probe. - periodSeconds: 15 - # nodeAgent.containers.agent.readinessProbe.successThreshold -- `successThreshold` for the readiness probe. - successThreshold: 1 - # nodeAgent.containers.agent.readinessProbe.timeoutSeconds -- `timeoutSeconds` for the readiness probe. - timeoutSeconds: 5 - - processAgent: - # nodeAgent.containers.processAgent.enabled -- Enable / disable the process agent container. - enabled: true - image: - # Override to pull the image from an alternate registry - registry: - # nodeAgent.containers.processAgent.image.repository -- Process-agent container image repository. - repository: stackstate/stackstate-k8s-process-agent - # nodeAgent.containers.processAgent.image.tag -- Default process-agent container image tag. - tag: "d1c2415d" - # nodeAgent.containers.processAgent.image.pullPolicy -- Process-agent container image pull policy. - pullPolicy: IfNotPresent - # nodeAgent.containers.processAgent.env -- Additional environment variables for the process-agent container - env: {} - # nodeAgent.containers.processAgent.logLevel -- Set logging verbosity, valid log levels are: trace, debug, info, warn, error, critical, and off - ## If not set, fall back to the value of agent.logLevel. - logLevel: # INFO - - # nodeAgent.containers.processAgent.procVolumeReadOnly -- Configure whether /host/proc is read only for the process agent container - procVolumeReadOnly: true - - resources: - limits: - # nodeAgent.containers.processAgent.resources.limits.cpu -- CPU resource limits. - cpu: "125m" - # nodeAgent.containers.processAgent.resources.limits.memory -- Memory resource limits. - memory: "400Mi" - requests: - # nodeAgent.containers.processAgent.resources.requests.cpu -- CPU resource requests. - cpu: "25m" - # nodeAgent.containers.processAgent.resources.requests.memory -- Memory resource requests. - memory: "128Mi" - # nodeAgent.service -- The Kubernetes service for the agent - service: - # nodeAgent.service.type -- Type of Kubernetes service: ClusterIP, LoadBalancer, NodePort - type: ClusterIP - # nodeAgent.service.annotations -- Annotations for the service - annotations: {} - # nodeAgent.service.loadBalancerSourceRanges -- The IP4 CIDR allowed to reach LoadBalancer for the service. For LoadBalancer type of service only. - loadBalancerSourceRanges: ["10.0.0.0/8"] - - # nodeAgent.logLevel -- Logging level for agent processes. - logLevel: INFO - - # nodeAgent.updateStrategy -- The update strategy for the DaemonSet object. - updateStrategy: - type: RollingUpdate - rollingUpdate: - maxUnavailable: 100 - - # nodeAgent.nodeSelector -- Node labels for pod assignment. - nodeSelector: {} - - # nodeAgent.tolerations -- Toleration labels for pod assignment. - tolerations: [] - - # nodeAgent.affinity -- Affinity settings for pod assignment. - affinity: {} - - serviceaccount: - # nodeAgent.serviceaccount.annotations -- Annotations for the service account for the agent daemonset pods - annotations: {} - -processAgent: - softMemoryLimit: - # processAgent.softMemoryLimit.goMemLimit -- Soft-limit for golang heap allocation, for sanity, must be around 85% of nodeAgent.containers.processAgent.resources.limits.cpu. - goMemLimit: 340MiB - # processAgent.softMemoryLimit.httpStatsBufferSize -- Sets a maximum for the number of http stats to keep in memory between check runs, to use 40k requires around ~400Mib of memory. - httpStatsBufferSize: 40000 - # processAgent.softMemoryLimit.httpObservationsBufferSize -- Sets a maximum for the number of http observations to keep in memory between check runs, to use 40k requires around ~400Mib of memory. - httpObservationsBufferSize: 40000 - - checkIntervals: - # processAgent.checkIntervals.container -- Override the default value of the container check interval in seconds. - container: 28 - # processAgent.checkIntervals.connections -- Override the default value of the connections check interval in seconds. - connections: 30 - # processAgent.checkIntervals.process -- Override the default value of the process check interval in seconds. - process: 32 - -clusterAgent: - collection: - # clusterAgent.collection.kubernetesEvents -- Enable / disable the cluster agent events collection. - kubernetesEvents: true - # clusterAgent.collection.kubernetesMetrics -- Enable / disable the cluster agent metrics collection. - kubernetesMetrics: true - # clusterAgent.collection.kubernetesTimeout -- Default timeout (in seconds) when obtaining information from the Kubernetes API. - kubernetesTimeout: 10 - # clusterAgent.collection.kubernetesTopology -- Enable / disable the cluster agent topology collection. - kubernetesTopology: true - kubeStateMetrics: - # clusterAgent.collection.kubeStateMetrics.enabled -- Enable / disable the cluster agent kube-state-metrics collection. - enabled: true - # clusterAgent.collection.kubeStateMetrics.clusterCheck -- For large clusters where the Kubernetes State Metrics Check Core needs to be distributed on dedicated workers. - clusterCheck: false - # clusterAgent.collection.kubeStateMetrics.labelsAsTags -- Extra labels to collect from resources and to turn into StackState tag. - ## It has the following structure: - ## labelsAsTags: - ## : # can be pod, deployment, node, etc. - ## : # where is the kubernetes label and is the StackState tag - ## : - ## : - ## : - ## - ## Warning: the label must match the transformation done by kube-state-metrics, - ## for example tags.stackstate/version becomes tags_stackstate_version. - labelsAsTags: {} - # pod: - # app: app - # node: - # zone: zone - # team: team - - # clusterAgent.collection.kubeStateMetrics.annotationsAsTags -- Extra annotations to collect from resources and to turn into StackState tag. - - ## It has the following structure: - ## annotationsAsTags: - ## : # can be pod, deployment, node, etc. - ## : # where is the kubernetes annotation and is the StackState tag - ## : - ## : - ## : - ## - ## Warning: the annotation must match the transformation done by kube-state-metrics, - ## for example tags.stackstate/version becomes tags_stackstate_version. - annotationsAsTags: {} - kubernetesResources: - # clusterAgent.collection.kubernetesResources.limitranges -- Enable / disable collection of LimitRanges. - limitranges: true - # clusterAgent.collection.kubernetesResources.horizontalpodautoscalers -- Enable / disable collection of HorizontalPodAutoscalers. - horizontalpodautoscalers: true - # clusterAgent.collection.kubernetesResources.replicationcontrollers -- Enable / disable collection of ReplicationControllers. - replicationcontrollers: true - # clusterAgent.collection.kubernetesResources.poddisruptionbudgets -- Enable / disable collection of PodDisruptionBudgets. - poddisruptionbudgets: true - # clusterAgent.collection.kubernetesResources.storageclasses -- Enable / disable collection of StorageClasses. - storageclasses: true - # clusterAgent.collection.kubernetesResources.volumeattachments -- Enable / disable collection of Volume Attachments. Used to bind Nodes to Persistent Volumes. - volumeattachments: true - # clusterAgent.collection.kubernetesResources.namespaces -- Enable / disable collection of Namespaces. - namespaces: true - # clusterAgent.collection.kubernetesResources.configmaps -- Enable / disable collection of ConfigMaps. - configmaps: true - # clusterAgent.collection.kubernetesResources.endpoints -- Enable / disable collection of Endpoints. If endpoints are disabled then StackState won't be able to connect a Service to Pods that serving it - endpoints: true - # clusterAgent.collection.kubernetesResources.persistentvolumes -- Enable / disable collection of PersistentVolumes. - persistentvolumes: true - # clusterAgent.collection.kubernetesResources.persistentvolumeclaims -- Enable / disable collection of PersistentVolumeClaims. Disabling these will not let StackState connect PersistentVolumes to pods they are attached to - persistentvolumeclaims: true - # clusterAgent.collection.kubernetesResources.secrets -- Enable / disable collection of Secrets. - secrets: true - # clusterAgent.collection.kubernetesResources.daemonsets -- Enable / disable collection of DaemonSets. - daemonsets: true - # clusterAgent.collection.kubernetesResources.deployments -- Enable / disable collection of Deployments. - deployments: true - # clusterAgent.collection.kubernetesResources.replicasets -- Enable / disable collection of ReplicaSets. - replicasets: true - # clusterAgent.collection.kubernetesResources.statefulsets -- Enable / disable collection of StatefulSets. - statefulsets: true - # clusterAgent.collection.kubernetesResources.ingresses -- Enable / disable collection of Ingresses. - ingresses: true - # clusterAgent.collection.kubernetesResources.cronjobs -- Enable / disable collection of CronJobs. - cronjobs: true - # clusterAgent.collection.kubernetesResources.jobs -- Enable / disable collection of Jobs. - jobs: true - # clusterAgent.collection.kubernetesResources.resourcequotas -- Enable / disable collection of ResourceQuotas. - resourcequotas: true - - # clusterAgent.config -- - config: - events: - # clusterAgent.config.events.categories -- Custom mapping from Kubernetes event reason to StackState event category. Categories allowed: Alerts, Activities, Changes, Others - categories: {} - topology: - # clusterAgent.config.topology.collectionInterval -- Interval for running topology collection, in seconds - collectionInterval: 90 - configMap: - # clusterAgent.config.configMap.maxDataSize -- Maximum amount of characters for the data property of a ConfigMap collected by the kubernetes topology check - maxDataSize: - # clusterAgent.config.override -- A list of objects containing three keys `name`, `path` and `data`, specifying filenames at specific paths which need to be (potentially) overridden using a mounted configmap - override: [] - - service: - # clusterAgent.service.port -- Change the Cluster Agent service port - port: 5005 - # clusterAgent.service.targetPort -- Change the Cluster Agent service targetPort - targetPort: 5005 - - # clusterAgent.enabled -- Enable / disable the cluster agent. - enabled: true - - # clusterAgent.skipSslValidation -- If true, ignores the server certificate being signed by an unknown authority. - skipSslValidation: false - - image: - # clusterAgent.image.repository -- Base container image repository. - repository: stackstate/stackstate-k8s-cluster-agent - # clusterAgent.image.tag -- Default container image tag. - tag: "10e27026" - # clusterAgent.image.pullPolicy -- Default container image pull policy. - pullPolicy: IfNotPresent - - livenessProbe: - # clusterAgent.livenessProbe.enabled -- Enable use of livenessProbe check. - enabled: true - # clusterAgent.livenessProbe.failureThreshold -- `failureThreshold` for the liveness probe. - failureThreshold: 3 - # clusterAgent.livenessProbe.initialDelaySeconds -- `initialDelaySeconds` for the liveness probe. - initialDelaySeconds: 15 - # clusterAgent.livenessProbe.periodSeconds -- `periodSeconds` for the liveness probe. - periodSeconds: 15 - # clusterAgent.livenessProbe.successThreshold -- `successThreshold` for the liveness probe. - successThreshold: 1 - # clusterAgent.livenessProbe.timeoutSeconds -- `timeoutSeconds` for the liveness probe. - timeoutSeconds: 5 - - # clusterAgent.logLevel -- Logging level for stackstate-k8s-agent processes. - logLevel: INFO - - # clusterAgent.priorityClassName -- Priority class for stackstate-k8s-agent pods. - priorityClassName: "" - - readinessProbe: - # clusterAgent.readinessProbe.enabled -- Enable use of readinessProbe check. - enabled: true - # clusterAgent.readinessProbe.failureThreshold -- `failureThreshold` for the readiness probe. - failureThreshold: 3 - # clusterAgent.readinessProbe.initialDelaySeconds -- `initialDelaySeconds` for the readiness probe. - initialDelaySeconds: 15 - # clusterAgent.readinessProbe.periodSeconds -- `periodSeconds` for the readiness probe. - periodSeconds: 15 - # clusterAgent.readinessProbe.successThreshold -- `successThreshold` for the readiness probe. - successThreshold: 1 - # clusterAgent.readinessProbe.timeoutSeconds -- `timeoutSeconds` for the readiness probe. - timeoutSeconds: 5 - - # clusterAgent.replicaCount -- Number of replicas of the cluster agent to deploy. - replicaCount: 1 - - serviceaccount: - # clusterAgent.serviceaccount.annotations -- Annotations for the service account for the cluster agent pods - annotations: {} - - # clusterAgent.strategy -- The strategy for the Deployment object. - strategy: - type: RollingUpdate - # rollingUpdate: - # maxUnavailable: 1 - - resources: - limits: - # clusterAgent.resources.limits.cpu -- CPU resource limits. - cpu: "400m" - # clusterAgent.resources.limits.memory -- Memory resource limits. - memory: "800Mi" - requests: - # clusterAgent.resources.requests.cpu -- CPU resource requests. - cpu: "70m" - # clusterAgent.resources.requests.memory -- Memory resource requests. - memory: "512Mi" - - # clusterAgent.nodeSelector -- Node labels for pod assignment. - nodeSelector: {} - - # clusterAgent.tolerations -- Toleration labels for pod assignment. - tolerations: [] - - # clusterAgent.affinity -- Affinity settings for pod assignment. - affinity: {} - -openShiftLogging: - # openShiftLogging.installSecret -- Install a secret for logging on openshift - installSecret: false - -logsAgent: - # logsAgent.enabled -- Enable / disable k8s pod log collection - enabled: true - - # logsAgent.skipSslValidation -- If true, ignores the server certificate being signed by an unknown authority. - skipSslValidation: false - - # logsAgent.priorityClassName -- Priority class for logsAgent pods. - priorityClassName: "" - - image: - # logsAgent.image.repository -- Base container image repository. - repository: stackstate/promtail - # logsAgent.image.tag -- Default container image tag. - tag: 2.9.8-5b179aee - # logsAgent.image.pullPolicy -- Default container image pull policy. - pullPolicy: IfNotPresent - - resources: - limits: - # logsAgent.resources.limits.cpu -- CPU resource limits. - cpu: "1300m" - # logsAgent.resources.limits.memory -- Memory resource limits. - memory: "192Mi" - requests: - # logsAgent.resources.requests.cpu -- CPU resource requests. - cpu: "20m" - # logsAgent.resources.requests.memory -- Memory resource requests. - memory: "100Mi" - - # logsAgent.updateStrategy -- The update strategy for the DaemonSet object. - updateStrategy: - type: RollingUpdate - rollingUpdate: - maxUnavailable: 100 - - # logsAgent.nodeSelector -- Node labels for pod assignment. - nodeSelector: {} - - # logsAgent.tolerations -- Toleration labels for pod assignment. - tolerations: [] - - # logsAgent.affinity -- Affinity settings for pod assignment. - affinity: {} - - serviceaccount: - # logsAgent.serviceaccount.annotations -- Annotations for the service account for the daemonset pods - annotations: {} - -checksAgent: - # checksAgent.enabled -- Enable / disable runnning cluster checks in a separately deployed pod - enabled: true - scc: - # checksAgent.scc.enabled -- Enable / disable the installation of the SecurityContextConfiguration needed for installation on OpenShift - enabled: false - apm: - # checksAgent.apm.enabled -- Enable / disable the agent APM module. - enabled: true - networkTracing: - # checksAgent.networkTracing.enabled -- Enable / disable the agent network tracing module. - enabled: true - processAgent: - # checksAgent.processAgent.enabled -- Enable / disable the agent process agent module. - enabled: true - # checksAgent.skipSslValidation -- Set to true if self signed certificates are used. - skipSslValidation: false - - # nodeAgent.checksTagCardinality -- low, orchestrator or high. Orchestrator level adds pod_name, high adds display_container_name - checksTagCardinality: orchestrator - - # checksAgent.config -- - config: - # checksAgent.config.override -- A list of objects containing three keys `name`, `path` and `data`, specifying filenames at specific paths which need to be (potentially) overridden using a mounted configmap - override: [] - - image: - # checksAgent.image.repository -- Base container image repository. - repository: stackstate/stackstate-k8s-agent - # checksAgent.image.tag -- Default container image tag. - tag: "10e27026" - # checksAgent.image.pullPolicy -- Default container image pull policy. - pullPolicy: IfNotPresent - - livenessProbe: - # checksAgent.livenessProbe.enabled -- Enable use of livenessProbe check. - enabled: true - # checksAgent.livenessProbe.failureThreshold -- `failureThreshold` for the liveness probe. - failureThreshold: 3 - # checksAgent.livenessProbe.initialDelaySeconds -- `initialDelaySeconds` for the liveness probe. - initialDelaySeconds: 15 - # checksAgent.livenessProbe.periodSeconds -- `periodSeconds` for the liveness probe. - periodSeconds: 15 - # checksAgent.livenessProbe.successThreshold -- `successThreshold` for the liveness probe. - successThreshold: 1 - # checksAgent.livenessProbe.timeoutSeconds -- `timeoutSeconds` for the liveness probe. - timeoutSeconds: 5 - - # checksAgent.logLevel -- Logging level for clusterchecks agent processes. - logLevel: INFO - - # checksAgent.priorityClassName -- Priority class for clusterchecks agent pods. - priorityClassName: "" - - readinessProbe: - # checksAgent.readinessProbe.enabled -- Enable use of readinessProbe check. - enabled: true - # checksAgent.readinessProbe.failureThreshold -- `failureThreshold` for the readiness probe. - failureThreshold: 3 - # checksAgent.readinessProbe.initialDelaySeconds -- `initialDelaySeconds` for the readiness probe. - initialDelaySeconds: 15 - # checksAgent.readinessProbe.periodSeconds -- `periodSeconds` for the readiness probe. - periodSeconds: 15 - # checksAgent.readinessProbe.successThreshold -- `successThreshold` for the readiness probe. - successThreshold: 1 - # checksAgent.readinessProbe.timeoutSeconds -- `timeoutSeconds` for the readiness probe. - timeoutSeconds: 5 - - # checksAgent.replicas -- Number of clusterchecks agent pods to schedule - replicas: 1 - - resources: - limits: - # checksAgent.resources.limits.cpu -- CPU resource limits. - cpu: "400m" - # checksAgent.resources.limits.memory -- Memory resource limits. - memory: "600Mi" - requests: - # checksAgent.resources.requests.cpu -- CPU resource requests. - cpu: "20m" - # checksAgent.resources.requests.memory -- Memory resource requests. - memory: "512Mi" - - serviceaccount: - # checksAgent.serviceaccount.annotations -- Annotations for the service account for the cluster checks pods - annotations: {} - - # checksAgent.strategy -- The strategy for the Deployment object. - strategy: - type: RollingUpdate - # rollingUpdate: - # maxUnavailable: 1 - - # checksAgent.nodeSelector -- Node labels for pod assignment. - nodeSelector: {} - - # checksAgent.tolerations -- Toleration labels for pod assignment. - tolerations: [] - - # checksAgent.affinity -- Affinity settings for pod assignment. - affinity: {} - -################################## -# http-header-injector variables # -################################## - -httpHeaderInjectorWebhook: - # httpHeaderInjectorWebhook.enabled -- Enable the webhook for injection http header injection sidecar proxy - enabled: false - -######################## -# StackState variables # -######################## - -stackstate: - # stackstate.manageOwnSecrets -- Set to true if you don't want this helm chart to create secrets for you. - manageOwnSecrets: false - # stackstate.customSecretName -- Name of the secret containing the receiver API key. - customSecretName: "" - # stackstate.customApiKeySecretKey -- Key in the secret containing the receiver API key. - customApiKeySecretKey: "sts-api-key" - # stackstate.customClusterAuthTokenSecretKey -- Key in the secret containing the cluster auth token. - customClusterAuthTokenSecretKey: "sts-cluster-auth-token" - # stackstate.apiKey -- (string) **PROVIDE YOUR API KEY HERE** API key to be used by the StackState agent. - apiKey: - cluster: - # stackstate.cluster.name -- (string) **PROVIDE KUBERNETES CLUSTER NAME HERE** Name of the Kubernetes cluster where the agent will be installed. - name: - # stackstate.cluster.authToken -- Provide a token to enable secure communication between the agent and the cluster agent. - authToken: "" - # stackstate.url -- (string) **PROVIDE STACKSTATE URL HERE** URL of the StackState installation to receive data from the agent. - url: diff --git a/charts/stackstate/stackstate-k8s-agent/1.0.95/.helmignore b/charts/stackstate/stackstate-k8s-agent/1.0.95/.helmignore deleted file mode 100644 index 15a5c1277..000000000 --- a/charts/stackstate/stackstate-k8s-agent/1.0.95/.helmignore +++ /dev/null @@ -1,26 +0,0 @@ -# Patterns to ignore when building packages. -# This supports shell glob matching, relative path matching, and -# negation (prefixed with !). Only one pattern per line. -.DS_Store -# Common VCS dirs -.git/ -.gitignore -.bzr/ -.bzrignore -.hg/ -.hgignore -.svn/ -# Common backup files -*.swp -*.bak -*.tmp -*~ -# Various IDEs -.project -.idea/ -*.tmproj -.vscode/ -linter_values.yaml -ci/ -installation/ -logo.svg diff --git a/charts/stackstate/stackstate-k8s-agent/1.0.95/Chart.lock b/charts/stackstate/stackstate-k8s-agent/1.0.95/Chart.lock deleted file mode 100644 index a8df83f13..000000000 --- a/charts/stackstate/stackstate-k8s-agent/1.0.95/Chart.lock +++ /dev/null @@ -1,6 +0,0 @@ -dependencies: -- name: http-header-injector - repository: https://helm.stackstate.io - version: 0.0.11 -digest: sha256:ae5ad7c3176f89b71aabef7cd75f99394750f4fffb9905b86fb45c345595c24c -generated: "2024-05-30T13:30:45.346757+02:00" diff --git a/charts/stackstate/stackstate-k8s-agent/1.0.95/Chart.yaml b/charts/stackstate/stackstate-k8s-agent/1.0.95/Chart.yaml deleted file mode 100644 index 44e8aad3e..000000000 --- a/charts/stackstate/stackstate-k8s-agent/1.0.95/Chart.yaml +++ /dev/null @@ -1,26 +0,0 @@ -annotations: - catalog.cattle.io/certified: partner - catalog.cattle.io/display-name: StackState Agent - catalog.cattle.io/kube-version: '>=1.19.0-0' - catalog.cattle.io/release-name: stackstate-k8s-agent -apiVersion: v2 -appVersion: 3.0.0 -dependencies: -- alias: httpHeaderInjectorWebhook - name: http-header-injector - repository: file://./charts/http-header-injector - version: 0.0.11 -deprecated: true -description: Helm chart for the StackState Agent. -home: https://github.com/StackVista/stackstate-agent -icon: file://assets/icons/stackstate-k8s-agent.svg -keywords: -- monitoring -- observability -- stackstate -kubeVersion: '>=1.19.0-0' -maintainers: -- email: ops@stackstate.com - name: Stackstate -name: stackstate-k8s-agent -version: 1.0.95 diff --git a/charts/stackstate/stackstate-k8s-agent/1.0.95/README.md b/charts/stackstate/stackstate-k8s-agent/1.0.95/README.md deleted file mode 100644 index 2776d5774..000000000 --- a/charts/stackstate/stackstate-k8s-agent/1.0.95/README.md +++ /dev/null @@ -1,263 +0,0 @@ -# stackstate-k8s-agent - -Helm chart for the StackState Agent. - -Current chart version is `1.0.95` - -**Homepage:** - -## Requirements - -| Repository | Name | Version | -|------------|------|---------| -| https://helm.stackstate.io | httpHeaderInjectorWebhook(http-header-injector) | 0.0.11 | - -## Required Values - -In order to successfully install this chart, you **must** provide the following variables: - -* `stackstate.apiKey` -* `stackstate.cluster.name` -* `stackstate.url` - -The parameter `stackstate.cluster.name` is entered when installing the Cluster Agent StackPack. - -Install them on the command line on Helm with the following command: - -```shell -helm install \ ---set-string 'stackstate.apiKey'='' \ ---set-string 'stackstate.cluster.name'='' \ ---set-string 'stackstate.url'='' \ -stackstate/stackstate-k8s-agent -``` - -## Recommended Values - -It is also recommended that you set a value for `stackstate.cluster.authToken`. If it is not provided, a value will be generated for you, but the value will change each time an upgrade is performed. - -The command for **also** installing with a set token would be: - -```shell -helm install \ ---set-string 'stackstate.apiKey'='' \ ---set-string 'stackstate.cluster.name'='' \ ---set-string 'stackstate.cluster.authToken'='' \ ---set-string 'stackstate.url'='' \ -stackstate/stackstate-k8s-agent -``` - -## Values - -| Key | Type | Default | Description | -|-----|------|---------|-------------| -| all.hardening.enabled | bool | `false` | An indication of whether the containers will be evaluated for hardening at runtime | -| all.image.registry | string | `"quay.io"` | The image registry to use. | -| checksAgent.affinity | object | `{}` | Affinity settings for pod assignment. | -| checksAgent.apm.enabled | bool | `true` | Enable / disable the agent APM module. | -| checksAgent.checksTagCardinality | string | `"orchestrator"` | | -| checksAgent.config | object | `{"override":[]}` | | -| checksAgent.config.override | list | `[]` | A list of objects containing three keys `name`, `path` and `data`, specifying filenames at specific paths which need to be (potentially) overridden using a mounted configmap | -| checksAgent.enabled | bool | `true` | Enable / disable runnning cluster checks in a separately deployed pod | -| checksAgent.image.pullPolicy | string | `"IfNotPresent"` | Default container image pull policy. | -| checksAgent.image.repository | string | `"stackstate/stackstate-k8s-agent"` | Base container image repository. | -| checksAgent.image.tag | string | `"10e27026"` | Default container image tag. | -| checksAgent.livenessProbe.enabled | bool | `true` | Enable use of livenessProbe check. | -| checksAgent.livenessProbe.failureThreshold | int | `3` | `failureThreshold` for the liveness probe. | -| checksAgent.livenessProbe.initialDelaySeconds | int | `15` | `initialDelaySeconds` for the liveness probe. | -| checksAgent.livenessProbe.periodSeconds | int | `15` | `periodSeconds` for the liveness probe. | -| checksAgent.livenessProbe.successThreshold | int | `1` | `successThreshold` for the liveness probe. | -| checksAgent.livenessProbe.timeoutSeconds | int | `5` | `timeoutSeconds` for the liveness probe. | -| checksAgent.logLevel | string | `"INFO"` | Logging level for clusterchecks agent processes. | -| checksAgent.networkTracing.enabled | bool | `true` | Enable / disable the agent network tracing module. | -| checksAgent.nodeSelector | object | `{}` | Node labels for pod assignment. | -| checksAgent.priorityClassName | string | `""` | Priority class for clusterchecks agent pods. | -| checksAgent.processAgent.enabled | bool | `true` | Enable / disable the agent process agent module. | -| checksAgent.readinessProbe.enabled | bool | `true` | Enable use of readinessProbe check. | -| checksAgent.readinessProbe.failureThreshold | int | `3` | `failureThreshold` for the readiness probe. | -| checksAgent.readinessProbe.initialDelaySeconds | int | `15` | `initialDelaySeconds` for the readiness probe. | -| checksAgent.readinessProbe.periodSeconds | int | `15` | `periodSeconds` for the readiness probe. | -| checksAgent.readinessProbe.successThreshold | int | `1` | `successThreshold` for the readiness probe. | -| checksAgent.readinessProbe.timeoutSeconds | int | `5` | `timeoutSeconds` for the readiness probe. | -| checksAgent.replicas | int | `1` | Number of clusterchecks agent pods to schedule | -| checksAgent.resources.limits.cpu | string | `"400m"` | CPU resource limits. | -| checksAgent.resources.limits.memory | string | `"600Mi"` | Memory resource limits. | -| checksAgent.resources.requests.cpu | string | `"20m"` | CPU resource requests. | -| checksAgent.resources.requests.memory | string | `"512Mi"` | Memory resource requests. | -| checksAgent.scc.enabled | bool | `false` | Enable / disable the installation of the SecurityContextConfiguration needed for installation on OpenShift | -| checksAgent.serviceaccount.annotations | object | `{}` | Annotations for the service account for the cluster checks pods | -| checksAgent.skipSslValidation | bool | `false` | Set to true if self signed certificates are used. | -| checksAgent.strategy | object | `{"type":"RollingUpdate"}` | The strategy for the Deployment object. | -| checksAgent.tolerations | list | `[]` | Toleration labels for pod assignment. | -| clusterAgent.affinity | object | `{}` | Affinity settings for pod assignment. | -| clusterAgent.collection.kubeStateMetrics.annotationsAsTags | object | `{}` | Extra annotations to collect from resources and to turn into StackState tag. | -| clusterAgent.collection.kubeStateMetrics.clusterCheck | bool | `false` | For large clusters where the Kubernetes State Metrics Check Core needs to be distributed on dedicated workers. | -| clusterAgent.collection.kubeStateMetrics.enabled | bool | `true` | Enable / disable the cluster agent kube-state-metrics collection. | -| clusterAgent.collection.kubeStateMetrics.labelsAsTags | object | `{}` | Extra labels to collect from resources and to turn into StackState tag. # It has the following structure: # labelsAsTags: # : # can be pod, deployment, node, etc. # : # where is the kubernetes label and is the StackState tag # : # : # : # # Warning: the label must match the transformation done by kube-state-metrics, # for example tags.stackstate/version becomes tags_stackstate_version. | -| clusterAgent.collection.kubernetesEvents | bool | `true` | Enable / disable the cluster agent events collection. | -| clusterAgent.collection.kubernetesMetrics | bool | `true` | Enable / disable the cluster agent metrics collection. | -| clusterAgent.collection.kubernetesResources.configmaps | bool | `true` | Enable / disable collection of ConfigMaps. | -| clusterAgent.collection.kubernetesResources.cronjobs | bool | `true` | Enable / disable collection of CronJobs. | -| clusterAgent.collection.kubernetesResources.daemonsets | bool | `true` | Enable / disable collection of DaemonSets. | -| clusterAgent.collection.kubernetesResources.deployments | bool | `true` | Enable / disable collection of Deployments. | -| clusterAgent.collection.kubernetesResources.endpoints | bool | `true` | Enable / disable collection of Endpoints. If endpoints are disabled then StackState won't be able to connect a Service to Pods that serving it | -| clusterAgent.collection.kubernetesResources.horizontalpodautoscalers | bool | `true` | Enable / disable collection of HorizontalPodAutoscalers. | -| clusterAgent.collection.kubernetesResources.ingresses | bool | `true` | Enable / disable collection of Ingresses. | -| clusterAgent.collection.kubernetesResources.jobs | bool | `true` | Enable / disable collection of Jobs. | -| clusterAgent.collection.kubernetesResources.limitranges | bool | `true` | Enable / disable collection of LimitRanges. | -| clusterAgent.collection.kubernetesResources.namespaces | bool | `true` | Enable / disable collection of Namespaces. | -| clusterAgent.collection.kubernetesResources.persistentvolumeclaims | bool | `true` | Enable / disable collection of PersistentVolumeClaims. Disabling these will not let StackState connect PersistentVolumes to pods they are attached to | -| clusterAgent.collection.kubernetesResources.persistentvolumes | bool | `true` | Enable / disable collection of PersistentVolumes. | -| clusterAgent.collection.kubernetesResources.poddisruptionbudgets | bool | `true` | Enable / disable collection of PodDisruptionBudgets. | -| clusterAgent.collection.kubernetesResources.replicasets | bool | `true` | Enable / disable collection of ReplicaSets. | -| clusterAgent.collection.kubernetesResources.replicationcontrollers | bool | `true` | Enable / disable collection of ReplicationControllers. | -| clusterAgent.collection.kubernetesResources.resourcequotas | bool | `true` | Enable / disable collection of ResourceQuotas. | -| clusterAgent.collection.kubernetesResources.secrets | bool | `true` | Enable / disable collection of Secrets. | -| clusterAgent.collection.kubernetesResources.statefulsets | bool | `true` | Enable / disable collection of StatefulSets. | -| clusterAgent.collection.kubernetesResources.storageclasses | bool | `true` | Enable / disable collection of StorageClasses. | -| clusterAgent.collection.kubernetesResources.volumeattachments | bool | `true` | Enable / disable collection of Volume Attachments. Used to bind Nodes to Persistent Volumes. | -| clusterAgent.collection.kubernetesTimeout | int | `10` | Default timeout (in seconds) when obtaining information from the Kubernetes API. | -| clusterAgent.collection.kubernetesTopology | bool | `true` | Enable / disable the cluster agent topology collection. | -| clusterAgent.config | object | `{"configMap":{"maxDataSize":null},"events":{"categories":{}},"override":[],"topology":{"collectionInterval":90}}` | | -| clusterAgent.config.configMap.maxDataSize | string | `nil` | Maximum amount of characters for the data property of a ConfigMap collected by the kubernetes topology check | -| clusterAgent.config.events.categories | object | `{}` | Custom mapping from Kubernetes event reason to StackState event category. Categories allowed: Alerts, Activities, Changes, Others | -| clusterAgent.config.override | list | `[]` | A list of objects containing three keys `name`, `path` and `data`, specifying filenames at specific paths which need to be (potentially) overridden using a mounted configmap | -| clusterAgent.config.topology.collectionInterval | int | `90` | Interval for running topology collection, in seconds | -| clusterAgent.enabled | bool | `true` | Enable / disable the cluster agent. | -| clusterAgent.image.pullPolicy | string | `"IfNotPresent"` | Default container image pull policy. | -| clusterAgent.image.repository | string | `"stackstate/stackstate-k8s-cluster-agent"` | Base container image repository. | -| clusterAgent.image.tag | string | `"10e27026"` | Default container image tag. | -| clusterAgent.livenessProbe.enabled | bool | `true` | Enable use of livenessProbe check. | -| clusterAgent.livenessProbe.failureThreshold | int | `3` | `failureThreshold` for the liveness probe. | -| clusterAgent.livenessProbe.initialDelaySeconds | int | `15` | `initialDelaySeconds` for the liveness probe. | -| clusterAgent.livenessProbe.periodSeconds | int | `15` | `periodSeconds` for the liveness probe. | -| clusterAgent.livenessProbe.successThreshold | int | `1` | `successThreshold` for the liveness probe. | -| clusterAgent.livenessProbe.timeoutSeconds | int | `5` | `timeoutSeconds` for the liveness probe. | -| clusterAgent.logLevel | string | `"INFO"` | Logging level for stackstate-k8s-agent processes. | -| clusterAgent.nodeSelector | object | `{}` | Node labels for pod assignment. | -| clusterAgent.priorityClassName | string | `""` | Priority class for stackstate-k8s-agent pods. | -| clusterAgent.readinessProbe.enabled | bool | `true` | Enable use of readinessProbe check. | -| clusterAgent.readinessProbe.failureThreshold | int | `3` | `failureThreshold` for the readiness probe. | -| clusterAgent.readinessProbe.initialDelaySeconds | int | `15` | `initialDelaySeconds` for the readiness probe. | -| clusterAgent.readinessProbe.periodSeconds | int | `15` | `periodSeconds` for the readiness probe. | -| clusterAgent.readinessProbe.successThreshold | int | `1` | `successThreshold` for the readiness probe. | -| clusterAgent.readinessProbe.timeoutSeconds | int | `5` | `timeoutSeconds` for the readiness probe. | -| clusterAgent.replicaCount | int | `1` | Number of replicas of the cluster agent to deploy. | -| clusterAgent.resources.limits.cpu | string | `"400m"` | CPU resource limits. | -| clusterAgent.resources.limits.memory | string | `"800Mi"` | Memory resource limits. | -| clusterAgent.resources.requests.cpu | string | `"70m"` | CPU resource requests. | -| clusterAgent.resources.requests.memory | string | `"512Mi"` | Memory resource requests. | -| clusterAgent.service.port | int | `5005` | Change the Cluster Agent service port | -| clusterAgent.service.targetPort | int | `5005` | Change the Cluster Agent service targetPort | -| clusterAgent.serviceaccount.annotations | object | `{}` | Annotations for the service account for the cluster agent pods | -| clusterAgent.skipSslValidation | bool | `false` | If true, ignores the server certificate being signed by an unknown authority. | -| clusterAgent.strategy | object | `{"type":"RollingUpdate"}` | The strategy for the Deployment object. | -| clusterAgent.tolerations | list | `[]` | Toleration labels for pod assignment. | -| fullnameOverride | string | `""` | Override the fullname of the chart. | -| global.extraAnnotations | object | `{}` | Extra annotations added ta all resources created by the helm chart | -| global.extraEnv.open | object | `{}` | Extra open environment variables to inject into pods. | -| global.extraEnv.secret | object | `{}` | Extra secret environment variables to inject into pods via a `Secret` object. | -| global.extraLabels | object | `{}` | Extra labels added ta all resources created by the helm chart | -| global.imagePullCredentials | object | `{}` | Globally define credentials for pulling images. | -| global.imagePullSecrets | list | `[]` | Secrets / credentials needed for container image registry. | -| global.proxy.url | string | `""` | Proxy for all traffic to stackstate | -| global.skipSslValidation | bool | `false` | Enable tls validation from client | -| httpHeaderInjectorWebhook.enabled | bool | `false` | Enable the webhook for injection http header injection sidecar proxy | -| logsAgent.affinity | object | `{}` | Affinity settings for pod assignment. | -| logsAgent.enabled | bool | `true` | Enable / disable k8s pod log collection | -| logsAgent.image.pullPolicy | string | `"IfNotPresent"` | Default container image pull policy. | -| logsAgent.image.repository | string | `"stackstate/promtail"` | Base container image repository. | -| logsAgent.image.tag | string | `"2.9.8-5b179aee"` | Default container image tag. | -| logsAgent.nodeSelector | object | `{}` | Node labels for pod assignment. | -| logsAgent.priorityClassName | string | `""` | Priority class for logsAgent pods. | -| logsAgent.resources.limits.cpu | string | `"1300m"` | CPU resource limits. | -| logsAgent.resources.limits.memory | string | `"192Mi"` | Memory resource limits. | -| logsAgent.resources.requests.cpu | string | `"20m"` | CPU resource requests. | -| logsAgent.resources.requests.memory | string | `"100Mi"` | Memory resource requests. | -| logsAgent.serviceaccount.annotations | object | `{}` | Annotations for the service account for the daemonset pods | -| logsAgent.skipSslValidation | bool | `false` | If true, ignores the server certificate being signed by an unknown authority. | -| logsAgent.tolerations | list | `[]` | Toleration labels for pod assignment. | -| logsAgent.updateStrategy | object | `{"rollingUpdate":{"maxUnavailable":100},"type":"RollingUpdate"}` | The update strategy for the DaemonSet object. | -| nameOverride | string | `""` | Override the name of the chart. | -| nodeAgent.affinity | object | `{}` | Affinity settings for pod assignment. | -| nodeAgent.apm.enabled | bool | `true` | Enable / disable the nodeAgent APM module. | -| nodeAgent.autoScalingEnabled | bool | `false` | Enable / disable autoscaling for the node agent pods. | -| nodeAgent.checksTagCardinality | string | `"orchestrator"` | low, orchestrator or high. Orchestrator level adds pod_name, high adds display_container_name | -| nodeAgent.config | object | `{"override":[]}` | | -| nodeAgent.config.override | list | `[]` | A list of objects containing three keys `name`, `path` and `data`, specifying filenames at specific paths which need to be (potentially) overridden using a mounted configmap | -| nodeAgent.containerRuntime.customSocketPath | string | `""` | If the container socket path does not match the default for CRI-O, Containerd or Docker, supply a custom socket path. | -| nodeAgent.containerRuntime.hostProc | string | `"/proc"` | | -| nodeAgent.containers.agent.env | object | `{}` | Additional environment variables for the agent container | -| nodeAgent.containers.agent.image.pullPolicy | string | `"IfNotPresent"` | Default container image pull policy. | -| nodeAgent.containers.agent.image.repository | string | `"stackstate/stackstate-k8s-agent"` | Base container image repository. | -| nodeAgent.containers.agent.image.tag | string | `"10e27026"` | Default container image tag. | -| nodeAgent.containers.agent.livenessProbe.enabled | bool | `true` | Enable use of livenessProbe check. | -| nodeAgent.containers.agent.livenessProbe.failureThreshold | int | `3` | `failureThreshold` for the liveness probe. | -| nodeAgent.containers.agent.livenessProbe.initialDelaySeconds | int | `15` | `initialDelaySeconds` for the liveness probe. | -| nodeAgent.containers.agent.livenessProbe.periodSeconds | int | `15` | `periodSeconds` for the liveness probe. | -| nodeAgent.containers.agent.livenessProbe.successThreshold | int | `1` | `successThreshold` for the liveness probe. | -| nodeAgent.containers.agent.livenessProbe.timeoutSeconds | int | `5` | `timeoutSeconds` for the liveness probe. | -| nodeAgent.containers.agent.logLevel | string | `nil` | Set logging verbosity, valid log levels are: trace, debug, info, warn, error, critical, and off # If not set, fall back to the value of agent.logLevel. | -| nodeAgent.containers.agent.processAgent.enabled | bool | `false` | Enable / disable the agent process agent module. - deprecated | -| nodeAgent.containers.agent.readinessProbe.enabled | bool | `true` | Enable use of readinessProbe check. | -| nodeAgent.containers.agent.readinessProbe.failureThreshold | int | `3` | `failureThreshold` for the readiness probe. | -| nodeAgent.containers.agent.readinessProbe.initialDelaySeconds | int | `15` | `initialDelaySeconds` for the readiness probe. | -| nodeAgent.containers.agent.readinessProbe.periodSeconds | int | `15` | `periodSeconds` for the readiness probe. | -| nodeAgent.containers.agent.readinessProbe.successThreshold | int | `1` | `successThreshold` for the readiness probe. | -| nodeAgent.containers.agent.readinessProbe.timeoutSeconds | int | `5` | `timeoutSeconds` for the readiness probe. | -| nodeAgent.containers.agent.resources.limits.cpu | string | `"270m"` | CPU resource limits. | -| nodeAgent.containers.agent.resources.limits.memory | string | `"420Mi"` | Memory resource limits. | -| nodeAgent.containers.agent.resources.requests.cpu | string | `"20m"` | CPU resource requests. | -| nodeAgent.containers.agent.resources.requests.memory | string | `"180Mi"` | Memory resource requests. | -| nodeAgent.containers.processAgent.enabled | bool | `true` | Enable / disable the process agent container. | -| nodeAgent.containers.processAgent.env | object | `{}` | Additional environment variables for the process-agent container | -| nodeAgent.containers.processAgent.image.pullPolicy | string | `"IfNotPresent"` | Process-agent container image pull policy. | -| nodeAgent.containers.processAgent.image.registry | string | `nil` | | -| nodeAgent.containers.processAgent.image.repository | string | `"stackstate/stackstate-k8s-process-agent"` | Process-agent container image repository. | -| nodeAgent.containers.processAgent.image.tag | string | `"cae7a4fa"` | Default process-agent container image tag. | -| nodeAgent.containers.processAgent.logLevel | string | `nil` | Set logging verbosity, valid log levels are: trace, debug, info, warn, error, critical, and off # If not set, fall back to the value of agent.logLevel. | -| nodeAgent.containers.processAgent.procVolumeReadOnly | bool | `true` | Configure whether /host/proc is read only for the process agent container | -| nodeAgent.containers.processAgent.resources.limits.cpu | string | `"125m"` | CPU resource limits. | -| nodeAgent.containers.processAgent.resources.limits.memory | string | `"400Mi"` | Memory resource limits. | -| nodeAgent.containers.processAgent.resources.requests.cpu | string | `"25m"` | CPU resource requests. | -| nodeAgent.containers.processAgent.resources.requests.memory | string | `"128Mi"` | Memory resource requests. | -| nodeAgent.httpTracing.enabled | bool | `true` | | -| nodeAgent.logLevel | string | `"INFO"` | Logging level for agent processes. | -| nodeAgent.networkTracing.enabled | bool | `true` | Enable / disable the nodeAgent network tracing module. | -| nodeAgent.nodeSelector | object | `{}` | Node labels for pod assignment. | -| nodeAgent.priorityClassName | string | `""` | Priority class for nodeAgent pods. | -| nodeAgent.protocolInspection.enabled | bool | `true` | Enable / disable the nodeAgent protocol inspection. | -| nodeAgent.scaling.autoscalerLimits.agent.maximum.cpu | string | `"200m"` | Maximum CPU resource limits for main agent. | -| nodeAgent.scaling.autoscalerLimits.agent.maximum.memory | string | `"450Mi"` | Maximum memory resource limits for main agent. | -| nodeAgent.scaling.autoscalerLimits.agent.minimum.cpu | string | `"20m"` | Minimum CPU resource limits for main agent. | -| nodeAgent.scaling.autoscalerLimits.agent.minimum.memory | string | `"180Mi"` | Minimum memory resource limits for main agent. | -| nodeAgent.scaling.autoscalerLimits.processAgent.maximum.cpu | string | `"200m"` | Maximum CPU resource limits for process agent. | -| nodeAgent.scaling.autoscalerLimits.processAgent.maximum.memory | string | `"500Mi"` | Maximum memory resource limits for process agent. | -| nodeAgent.scaling.autoscalerLimits.processAgent.minimum.cpu | string | `"25m"` | Minimum CPU resource limits for process agent. | -| nodeAgent.scaling.autoscalerLimits.processAgent.minimum.memory | string | `"100Mi"` | Minimum memory resource limits for process agent. | -| nodeAgent.scc.enabled | bool | `false` | Enable / disable the installation of the SecurityContextConfiguration needed for installation on OpenShift. | -| nodeAgent.service | object | `{"annotations":{},"loadBalancerSourceRanges":["10.0.0.0/8"],"type":"ClusterIP"}` | The Kubernetes service for the agent | -| nodeAgent.service.annotations | object | `{}` | Annotations for the service | -| nodeAgent.service.loadBalancerSourceRanges | list | `["10.0.0.0/8"]` | The IP4 CIDR allowed to reach LoadBalancer for the service. For LoadBalancer type of service only. | -| nodeAgent.service.type | string | `"ClusterIP"` | Type of Kubernetes service: ClusterIP, LoadBalancer, NodePort | -| nodeAgent.serviceaccount.annotations | object | `{}` | Annotations for the service account for the agent daemonset pods | -| nodeAgent.skipKubeletTLSVerify | bool | `false` | Set to true if you want to skip kubelet tls verification. | -| nodeAgent.skipSslValidation | bool | `false` | Set to true if self signed certificates are used. | -| nodeAgent.tolerations | list | `[]` | Toleration labels for pod assignment. | -| nodeAgent.updateStrategy | object | `{"rollingUpdate":{"maxUnavailable":100},"type":"RollingUpdate"}` | The update strategy for the DaemonSet object. | -| openShiftLogging.installSecret | bool | `false` | Install a secret for logging on openshift | -| processAgent.checkIntervals.connections | int | `30` | Override the default value of the connections check interval in seconds. | -| processAgent.checkIntervals.container | int | `28` | Override the default value of the container check interval in seconds. | -| processAgent.checkIntervals.process | int | `32` | Override the default value of the process check interval in seconds. | -| processAgent.softMemoryLimit.goMemLimit | string | `"340MiB"` | Soft-limit for golang heap allocation, for sanity, must be around 85% of nodeAgent.containers.processAgent.resources.limits.cpu. | -| processAgent.softMemoryLimit.httpObservationsBufferSize | int | `40000` | Sets a maximum for the number of http observations to keep in memory between check runs, to use 40k requires around ~400Mib of memory. | -| processAgent.softMemoryLimit.httpStatsBufferSize | int | `40000` | Sets a maximum for the number of http stats to keep in memory between check runs, to use 40k requires around ~400Mib of memory. | -| stackstate.apiKey | string | `nil` | **PROVIDE YOUR API KEY HERE** API key to be used by the StackState agent. | -| stackstate.cluster.authToken | string | `""` | Provide a token to enable secure communication between the agent and the cluster agent. | -| stackstate.cluster.name | string | `nil` | **PROVIDE KUBERNETES CLUSTER NAME HERE** Name of the Kubernetes cluster where the agent will be installed. | -| stackstate.customApiKeySecretKey | string | `"sts-api-key"` | Key in the secret containing the receiver API key. | -| stackstate.customClusterAuthTokenSecretKey | string | `"sts-cluster-auth-token"` | Key in the secret containing the cluster auth token. | -| stackstate.customSecretName | string | `""` | Name of the secret containing the receiver API key. | -| stackstate.manageOwnSecrets | bool | `false` | Set to true if you don't want this helm chart to create secrets for you. | -| stackstate.url | string | `nil` | **PROVIDE STACKSTATE URL HERE** URL of the StackState installation to receive data from the agent. | -| targetSystem | string | `"linux"` | Target OS for this deployment (possible values: linux) | diff --git a/charts/stackstate/stackstate-k8s-agent/1.0.95/README.md.gotmpl b/charts/stackstate/stackstate-k8s-agent/1.0.95/README.md.gotmpl deleted file mode 100644 index 7909e6f0d..000000000 --- a/charts/stackstate/stackstate-k8s-agent/1.0.95/README.md.gotmpl +++ /dev/null @@ -1,45 +0,0 @@ -{{ template "chart.header" . }} -{{ template "chart.description" . }} - -Current chart version is `{{ template "chart.version" . }}` - -{{ template "chart.homepageLine" . }} - -{{ template "chart.requirementsSection" . }} - -## Required Values - -In order to successfully install this chart, you **must** provide the following variables: - -* `stackstate.apiKey` -* `stackstate.cluster.name` -* `stackstate.url` - -The parameter `stackstate.cluster.name` is entered when installing the Cluster Agent StackPack. - -Install them on the command line on Helm with the following command: - -```shell -helm install \ ---set-string 'stackstate.apiKey'='' \ ---set-string 'stackstate.cluster.name'='' \ ---set-string 'stackstate.url'='' \ -stackstate/stackstate-k8s-agent -``` - -## Recommended Values - -It is also recommended that you set a value for `stackstate.cluster.authToken`. If it is not provided, a value will be generated for you, but the value will change each time an upgrade is performed. - -The command for **also** installing with a set token would be: - -```shell -helm install \ ---set-string 'stackstate.apiKey'='' \ ---set-string 'stackstate.cluster.name'='' \ ---set-string 'stackstate.cluster.authToken'='' \ ---set-string 'stackstate.url'='' \ -stackstate/stackstate-k8s-agent -``` - -{{ template "chart.valuesSection" . }} diff --git a/charts/stackstate/stackstate-k8s-agent/1.0.95/Releasing.md b/charts/stackstate/stackstate-k8s-agent/1.0.95/Releasing.md deleted file mode 100644 index bab6c2b94..000000000 --- a/charts/stackstate/stackstate-k8s-agent/1.0.95/Releasing.md +++ /dev/null @@ -1,15 +0,0 @@ -To make a new release of this helm chart, follow the following steps: - - -- Create a branch from master -- Set the latest tags for the docker images, based on the dev settings (while we do not promote to prod, the moment we promote to prod we should take those tags) from https://gitlab.com/stackvista/devops/agent-promoter/-/blob/master/config.yml. Set the value to the folowing keys: - * stackstate-k8s-cluster-agent: - * [clusterAgent.image.tag] - * stackstate-k8s-agent: - * [nodeAgent.containers.agent.image.tag] - * [checksAgent.image.tag] - * stackstate-k8s-process-agent: - * [nodeAgent.containers.processAgent.image.tag] -- Bump the version of the chart -- Merge the mr and hit the public release button on the ci pipeline -- Manually smoke-test (deploy) the newly released stackstate/stackstate-k8s-agent chart to make sure it runs diff --git a/charts/stackstate/stackstate-k8s-agent/1.0.95/app-readme.md b/charts/stackstate/stackstate-k8s-agent/1.0.95/app-readme.md deleted file mode 100644 index 8025fe1d3..000000000 --- a/charts/stackstate/stackstate-k8s-agent/1.0.95/app-readme.md +++ /dev/null @@ -1,5 +0,0 @@ -## Introduction - -StackState is a modern Application Troubleshooting and Observability solution designed for the rapid evolving engineering landscape. With specific enhancements for Kubernetes environments it empowers engineers, allowing them to remediate application issues independently in production. - -The StackState Agent auto-discovers your entire environment in minutes, assimilating topology, logs, metrics, and events and sends this of to the StackState server. By using StackState you're able to tracke all activity in your environment in real-time and over time. StackState provides instant understanding of the business impact of an issue, offering end-to-end chain observability and ensuring that you can quickly correlate any product or environmental changes to the overall health of your cloud-native implementation. diff --git a/charts/stackstate/stackstate-k8s-agent/1.0.95/charts/http-header-injector/.helmignore b/charts/stackstate/stackstate-k8s-agent/1.0.95/charts/http-header-injector/.helmignore deleted file mode 100644 index 69790771c..000000000 --- a/charts/stackstate/stackstate-k8s-agent/1.0.95/charts/http-header-injector/.helmignore +++ /dev/null @@ -1,25 +0,0 @@ -# Patterns to ignore when building packages. -# This supports shell glob matching, relative path matching, and -# negation (prefixed with !). Only one pattern per line. -.DS_Store -# Common VCS dirs -.git/ -.gitignore -.bzr/ -.bzrignore -.hg/ -.hgignore -.svn/ -# Common backup files -*.swp -*.bak -*.tmp -*~ -# Various IDEs -.project -.idea/ -*.tmproj -.vscode/ -linter_values.yaml -ci/ -installation/ diff --git a/charts/stackstate/stackstate-k8s-agent/1.0.95/charts/http-header-injector/Chart.yaml b/charts/stackstate/stackstate-k8s-agent/1.0.95/charts/http-header-injector/Chart.yaml deleted file mode 100644 index ff28ae8da..000000000 --- a/charts/stackstate/stackstate-k8s-agent/1.0.95/charts/http-header-injector/Chart.yaml +++ /dev/null @@ -1,15 +0,0 @@ -apiVersion: v2 -appVersion: 0.0.1 -description: 'Helm chart for deploying the http-header-injector sidecar, which automatically - injects x-request-id into http traffic going through the cluster for pods which - have the annotation `http-header-injector.stackstate.io/inject: enabled` is set. ' -home: https://github.com/StackVista/http-header-injector -icon: https://www.stackstate.com/wp-content/uploads/2019/02/152x152-favicon.png -keywords: -- monitoring -- stackstate -maintainers: -- email: ops@stackstate.com - name: Stackstate Lupulus Team -name: http-header-injector -version: 0.0.11 diff --git a/charts/stackstate/stackstate-k8s-agent/1.0.95/charts/http-header-injector/README.md b/charts/stackstate/stackstate-k8s-agent/1.0.95/charts/http-header-injector/README.md deleted file mode 100644 index 840ff5240..000000000 --- a/charts/stackstate/stackstate-k8s-agent/1.0.95/charts/http-header-injector/README.md +++ /dev/null @@ -1,56 +0,0 @@ -# http-header-injector - -![Version: 0.0.11](https://img.shields.io/badge/Version-0.0.11-informational?style=flat-square) ![AppVersion: 0.0.1](https://img.shields.io/badge/AppVersion-0.0.1-informational?style=flat-square) - -Helm chart for deploying the http-header-injector sidecar, which automatically injects x-request-id into http traffic -going through the cluster for pods which have the annotation `http-header-injector.stackstate.io/inject: enabled` is set. - -**Homepage:** - -## Maintainers - -| Name | Email | Url | -| ---- | ------ | --- | -| Stackstate Lupulus Team | | | - -## Values - -| Key | Type | Default | Description | -|-----|------|---------|-------------| -| certificatePrehook | object | `{"image":{"pullPolicy":"IfNotPresent","registry":null,"repository":"stackstate/container-tools","tag":"1.4.0"},"resources":{"limits":{"cpu":"100m","memory":"200Mi"},"requests":{"cpu":"100m","memory":"200Mi"}}}` | Helm prehook to setup/remove a certificate for the sidecarInjector mutationwebhook | -| certificatePrehook.image.pullPolicy | string | `"IfNotPresent"` | Policy when pulling an image | -| certificatePrehook.image.registry | string | `nil` | Registry for the docker image. | -| certificatePrehook.image.tag | string | `"1.4.0"` | The tag for the docker image | -| debug | bool | `false` | Enable debugging. This will leave leave artifacts around like the prehook jobs for further inspection | -| enabled | bool | `true` | Enable/disable the mutationwebhook | -| global.extraAnnotations | object | `{}` | Extra annotations added ta all resources created by the helm chart | -| global.extraLabels | object | `{}` | Extra labels added ta all resources created by the helm chart | -| global.imagePullCredentials | object | `{}` | Globally define credentials for pulling images. | -| global.imagePullSecrets | list | `[]` | Globally add image pull secrets that are used. | -| global.imageRegistry | string | `nil` | Globally override the image registry that is used. Can be overridden by specific containers. Defaults to quay.io | -| images.pullSecretName | string | `nil` | | -| proxy | object | `{"image":{"pullPolicy":"IfNotPresent","registry":null,"repository":"stackstate/http-header-injector-proxy","tag":"sha-5ff79451"},"resources":{"limits":{"memory":"40Mi"},"requests":{"memory":"25Mi"}}}` | Proxy being injected into pods for rewriting http headers | -| proxy.image.pullPolicy | string | `"IfNotPresent"` | Policy when pulling an image | -| proxy.image.registry | string | `nil` | Registry for the docker image. | -| proxy.image.tag | string | `"sha-5ff79451"` | The tag for the docker image | -| proxy.resources.limits.memory | string | `"40Mi"` | Memory resource limits. | -| proxy.resources.requests.memory | string | `"25Mi"` | Memory resource requests. | -| proxyInit | object | `{"image":{"pullPolicy":"IfNotPresent","registry":null,"repository":"stackstate/http-header-injector-proxy-init","tag":"sha-5ff79451"}}` | InitContainer within pod which redirects traffic to the proxy container. | -| proxyInit.image.pullPolicy | string | `"IfNotPresent"` | Policy when pulling an image | -| proxyInit.image.registry | string | `nil` | Registry for the docker image | -| proxyInit.image.tag | string | `"sha-5ff79451"` | The tag for the docker image | -| sidecarInjector | object | `{"image":{"pullPolicy":"IfNotPresent","registry":null,"repository":"stackstate/generic-sidecar-injector","tag":"sha-9c852245"}}` | Service for injecting the proxy sidecar into pods | -| sidecarInjector.image.pullPolicy | string | `"IfNotPresent"` | Policy when pulling an image | -| sidecarInjector.image.registry | string | `nil` | Registry for the docker image. | -| sidecarInjector.image.tag | string | `"sha-9c852245"` | The tag for the docker image | -| webhook | object | `{"failurePolicy":"Ignore","tls":{"certManager":{"issuer":"","issuerKind":"ClusterIssuer","issuerNamespace":""},"mode":"generated","provided":{"caBundle":"","crt":"","key":""},"secret":{"name":""}}}` | MutationWebhook that will be installed to inject a sidecar into pods | -| webhook.failurePolicy | string | `"Ignore"` | How should the webhook fail? Best is to use Ignore, because there is a brief moment at initialization when the hook s there but the service not. Also, putting this to fail can cause the control plane be unresponsive. | -| webhook.tls.certManager.issuer | string | `""` | The issuer that is used for the webhook. Only used if you set webhook.tls.mode to "cert-manager". | -| webhook.tls.certManager.issuerKind | string | `"ClusterIssuer"` | The issuer kind that is used for the webhook, valid values are "Issuer" or "ClusterIssuer". Only used if you set webhook.tls.mode to "cert-manager". | -| webhook.tls.certManager.issuerNamespace | string | `""` | The namespace the cert-manager issuer is located in. If left empty defaults to the release's namespace that is used for the webhook. Only used if you set webhook.tls.mode to "cert-manager". | -| webhook.tls.mode | string | `"generated"` | The mode for the webhook. Can be "provided", "generated", "secret" or "cert-manager". If you want to use cert-manager, you need to install it first. NOTE: If you choose "generated", additional privileges are required to create the certificate and webhook at runtime. | -| webhook.tls.provided.caBundle | string | `""` | The caBundle that is used for the webhook. This is the certificate that is used to sign the webhook. Only used if you set webhook.tls.mode to "provided". | -| webhook.tls.provided.crt | string | `""` | The certificate that is used for the webhook. Only used if you set webhook.tls.mode to "provided". | -| webhook.tls.provided.key | string | `""` | The key that is used for the webhook. Only used if you set webhook.tls.mode to "provided". | -| webhook.tls.secret.name | string | `""` | The name of the secret containing the pre-provisioned certificate data that is used for the webhook. Only used if you set webhook.tls.mode to "secret". | - diff --git a/charts/stackstate/stackstate-k8s-agent/1.0.95/charts/http-header-injector/Readme.md.gotpl b/charts/stackstate/stackstate-k8s-agent/1.0.95/charts/http-header-injector/Readme.md.gotpl deleted file mode 100644 index 225032aa2..000000000 --- a/charts/stackstate/stackstate-k8s-agent/1.0.95/charts/http-header-injector/Readme.md.gotpl +++ /dev/null @@ -1,26 +0,0 @@ -{{ template "chart.header" . }} -{{ template "chart.description" . }} - -Current chart version is `{{ template "chart.version" . }}` - -{{ template "chart.homepageLine" . }} - -{{ template "chart.requirementsSection" . }} - -## Required Values - -No values have to be included to install this chart. After installing this chart, it becomes possible to annotate pods with -the `http-header-injector.stackstate.io/inject: enabled` annotation to make sure the sidecar provided by this chart is -activated on a pod. - -## Recommended Values - -{{ template "chart.valuesSection" . -}} - -## Install - -Install from the command line on Helm with the following command: - -```shell -helm install stackstate/http-header-injector -``` diff --git a/charts/stackstate/stackstate-k8s-agent/1.0.95/charts/http-header-injector/templates/_defines.tpl b/charts/stackstate/stackstate-k8s-agent/1.0.95/charts/http-header-injector/templates/_defines.tpl deleted file mode 100644 index ee6b7320e..000000000 --- a/charts/stackstate/stackstate-k8s-agent/1.0.95/charts/http-header-injector/templates/_defines.tpl +++ /dev/null @@ -1,131 +0,0 @@ -{{- define "http-header-injector.app.name" -}} -{{ .Release.Name }}-http-header-injector -{{- end -}} - -{{- define "http-header-injector.webhook-service.name" -}} -{{ .Release.Name }}-http-header-injector -{{- end -}} - -{{- define "http-header-injector.webhook-service.fqname" -}} -{{ .Release.Name }}-http-header-injector.{{ .Release.Namespace }}.svc -{{- end -}} - -{{- define "http-header-injector.cert-secret.name" -}} -{{- if eq .Values.webhook.tls.mode "secret" -}} -{{ .Values.webhook.tls.secret.name }} -{{- else -}} -{{ .Release.Name }}-http-injector-cert -{{- end -}} -{{- end -}} - -{{- define "http-header-injector.cert-clusterrole.name" -}} -{{ .Release.Name }}-http-injector-cert-cluster-role -{{- end -}} - -{{- define "http-header-injector.cert-serviceaccount.name" -}} -{{ .Release.Name }}-http-injector-cert-sa -{{- end -}} - -{{- define "http-header-injector.cert-config.name" -}} -{{ .Release.Name }}-cert-config -{{- end -}} - -{{- define "http-header-injector.mutatingwebhookconfiguration.name" -}} -{{ .Release.Name }}-http-header-injector-webhook.stackstate.io -{{- end -}} - -{{- define "http-header-injector.webhook-config.name" -}} -{{ .Release.Name }}-http-header-injector-config -{{- end -}} - -{{- define "http-header-injector.mutating-webhook.name" -}} -{{ .Release.Name }}-http-header-injector-webhook -{{- end -}} - -{{- define "http-header-injector.pull-secret.name" -}} -{{ include "http-header-injector.app.name" . }}-pull-secret -{{- end -}} - -{{/* If the issuer is located in a different namespace, it is possible to set that, else default to the release namespace */}} -{{- define "cert-manager.certificate.namespace" -}} -{{ .Values.webhook.tls.certManager.issuerNamespace | default .Release.Namespace }} -{{- end -}} - -{{- define "http-header-injector.image.registry.global" -}} - {{- if .Values.global }} - {{- .Values.global.imageRegistry | default "quay.io" -}} - {{- else -}} - quay.io - {{- end -}} -{{- end -}} - -{{- define "http-header-injector.image.registry" -}} - {{- if ((.ContainerConfig).image).registry -}} - {{- tpl .ContainerConfig.image.registry . -}} - {{- else -}} - {{- include "http-header-injector.image.registry.global" . }} - {{- end -}} -{{- end -}} - -{{- define "http-header-injector.image.pullSecrets" -}} - {{- $pullSecrets := list }} - {{- $pullSecrets = append $pullSecrets (include "http-header-injector.pull-secret.name" .) }} - {{- range .Values.global.imagePullSecrets -}} - {{- $pullSecrets = append $pullSecrets . -}} - {{- end -}} - {{- if (not (empty $pullSecrets)) -}} -imagePullSecrets: - {{- range $pullSecrets | uniq }} - - name: {{ . }} - {{- end }} - {{- end -}} -{{- end -}} - -{{- define "http-header-injector.cert-setup.container.main" }} -{{- $containerConfig := dict "ContainerConfig" .Values.certificatePrehook -}} -name: webhook-cert-setup -image: "{{ include "http-header-injector.image.registry" (merge $containerConfig .) }}/{{ .Values.certificatePrehook.image.repository }}:{{ .Values.certificatePrehook.image.tag }}" -imagePullPolicy: {{ .Values.certificatePrehook.image.pullPolicy }} -{{- with .Values.certificatePrehook.resources }} -resources: - {{- toYaml . | nindent 2 }} -{{- end }} -volumeMounts: - - name: "{{ include "http-header-injector.cert-config.name" . }}" - mountPath: /scripts - readOnly: true -command: ["/scripts/generate-cert.sh"] -{{- end }} - -{{- define "http-header-injector.cert-delete.container.main" }} -{{- $containerConfig := dict "ContainerConfig" .Values.certificatePrehook -}} -name: webhook-cert-delete -image: "{{ include "http-header-injector.image.registry" (merge $containerConfig .) }}/{{ .Values.certificatePrehook.image.repository }}:{{ .Values.certificatePrehook.image.tag }}" -imagePullPolicy: {{ .Values.certificatePrehook.image.pullPolicy }} -{{- with .Values.certificatePrehook.resources }} -resources: - {{- toYaml . | nindent 2 }} -{{- end }} -volumeMounts: - - name: "{{ include "http-header-injector.cert-config.name" . }}" - mountPath: /scripts -command: [ "/scripts/delete-cert.sh" ] -{{- end }} - -{{/* -Returns a YAML with extra annotations. -*/}} -{{- define "http-header-injector.global.extraAnnotations" -}} -{{- with .Values.global.extraAnnotations }} -{{- toYaml . }} -{{- end }} -{{- end -}} - -{{/* -Returns a YAML with extra labels. -*/}} -{{- define "http-header-injector.global.extraLabels" -}} -{{- with .Values.global.extraLabels }} -{{- toYaml . }} -{{- end }} -{{- end -}} \ No newline at end of file diff --git a/charts/stackstate/stackstate-k8s-agent/1.0.95/charts/http-header-injector/templates/cert-hook-clusterrolbinding.yaml b/charts/stackstate/stackstate-k8s-agent/1.0.95/charts/http-header-injector/templates/cert-hook-clusterrolbinding.yaml deleted file mode 100644 index fc0c01258..000000000 --- a/charts/stackstate/stackstate-k8s-agent/1.0.95/charts/http-header-injector/templates/cert-hook-clusterrolbinding.yaml +++ /dev/null @@ -1,24 +0,0 @@ -{{- if eq .Values.webhook.tls.mode "generated" }} -apiVersion: rbac.authorization.k8s.io/v1 -kind: ClusterRoleBinding -metadata: - name: "{{ include "http-header-injector.cert-serviceaccount.name" . }}" - labels: - app.kubernetes.io/component: http-header-injector-cert-hook - app.kubernetes.io/instance: {{ .Release.Name }} - app.kubernetes.io/name: {{ include "http-header-injector.app.name" . }} -{{ include "http-header-injector.global.extraLabels" . | indent 4 }} - annotations: - "helm.sh/hook": pre-install,pre-upgrade,post-delete,post-upgrade - "helm.sh/hook-weight": "-3" - "helm.sh/hook-delete-policy": before-hook-creation,hook-succeeded -{{ include "http-header-injector.global.extraAnnotations" . | indent 4 }} -roleRef: - apiGroup: rbac.authorization.k8s.io - kind: ClusterRole - name: "{{ include "http-header-injector.cert-clusterrole.name" . }}" -subjects: - - kind: ServiceAccount - name: "{{ include "http-header-injector.cert-serviceaccount.name" . }}" - namespace: {{ .Release.Namespace }} -{{- end }} diff --git a/charts/stackstate/stackstate-k8s-agent/1.0.95/charts/http-header-injector/templates/cert-hook-clusterrole.yaml b/charts/stackstate/stackstate-k8s-agent/1.0.95/charts/http-header-injector/templates/cert-hook-clusterrole.yaml deleted file mode 100644 index afab838b3..000000000 --- a/charts/stackstate/stackstate-k8s-agent/1.0.95/charts/http-header-injector/templates/cert-hook-clusterrole.yaml +++ /dev/null @@ -1,26 +0,0 @@ -{{- if eq .Values.webhook.tls.mode "generated" }} -apiVersion: rbac.authorization.k8s.io/v1 -kind: ClusterRole -metadata: - name: "{{ include "http-header-injector.cert-clusterrole.name" . }}" - labels: - app.kubernetes.io/component: http-header-injector-cert-hook - app.kubernetes.io/instance: {{ .Release.Name }} - app.kubernetes.io/name: {{ include "http-header-injector.app.name" . }} -{{ include "http-header-injector.global.extraLabels" . | indent 4 }} - annotations: - "helm.sh/hook": pre-install,pre-upgrade,post-delete,post-upgrade - "helm.sh/hook-weight": "-4" - "helm.sh/hook-delete-policy": before-hook-creation,hook-succeeded -{{ include "http-header-injector.global.extraAnnotations" . | indent 4 }} -rules: - - apiGroups: [ "admissionregistration.k8s.io" ] - resources: [ "mutatingwebhookconfigurations" ] - verbs: [ "get", "create", "patch","update","delete" ] - - apiGroups: [ "" ] - resources: [ "secrets" ] - verbs: [ "create", "get", "patch","update","delete" ] - - apiGroups: [ "apps" ] - resources: [ "deployments" ] - verbs: [ "get" ] -{{- end }} diff --git a/charts/stackstate/stackstate-k8s-agent/1.0.95/charts/http-header-injector/templates/cert-hook-config.yaml b/charts/stackstate/stackstate-k8s-agent/1.0.95/charts/http-header-injector/templates/cert-hook-config.yaml deleted file mode 100644 index a22bdf4fb..000000000 --- a/charts/stackstate/stackstate-k8s-agent/1.0.95/charts/http-header-injector/templates/cert-hook-config.yaml +++ /dev/null @@ -1,158 +0,0 @@ -{{- if eq .Values.webhook.tls.mode "generated" }} -apiVersion: v1 -kind: ConfigMap -metadata: - name: "{{ include "http-header-injector.cert-config.name" . }}" - labels: - app.kubernetes.io/component: http-header-injector-cert-hook - app.kubernetes.io/instance: {{ .Release.Name }} - app.kubernetes.io/name: {{ include "http-header-injector.app.name" . }} -{{ include "http-header-injector.global.extraLabels" . | indent 4 }} - annotations: - "helm.sh/hook": pre-install,pre-upgrade,post-delete,post-upgrade - "helm.sh/hook-weight": "-3" - "helm.sh/hook-delete-policy": before-hook-creation,hook-succeeded -{{ include "http-header-injector.global.extraAnnotations" . | indent 4 }} -data: - generate-cert.sh: | - #!/bin/bash - - # We are going for a self-signed certificate here. We would like to use k8s CertificateSigningRequest, however, - # currently there are no out of the box signers that can sign a 'server auth' certificate, which is required for mutation webhooks. - set -ex - - SCRIPTDIR="${BASH_SOURCE%/*}" - - DIR=`mktemp -d` - - cd "$DIR" - - {{ if .Values.enabled }} - echo "Chart enabled, creating secret and webhook" - - openssl genrsa -out ca.key 2048 - - openssl req -x509 -new -nodes -key ca.key -subj "/CN={{ include "http-header-injector.webhook-service.fqname" . }}" -days 10000 -out ca.crt - - openssl genrsa -out tls.key 2048 - - openssl req -new -key tls.key -out tls.csr -config "$SCRIPTDIR/csr.conf" - - openssl x509 -req -in tls.csr -CA ca.crt -CAkey ca.key \ - -CAcreateserial -out tls.crt -days 10000 \ - -extensions v3_ext -extfile "$SCRIPTDIR/csr.conf" -sha256 - - # Create or update the secret - echo "Applying secret" - kubectl create secret tls "{{ include "http-header-injector.cert-secret.name" . }}" \ - -n "{{ .Release.Namespace }}" \ - --cert=./tls.crt \ - --key=./tls.key \ - --dry-run=client \ - -o yaml | kubectl apply -f - - - echo "Applying mutationwebhook" - caBundle=`base64 -w 0 ca.crt` - cat "$SCRIPTDIR/mutatingwebhookconfiguration.yaml" | sed "s/\\\$CA_BUNDLE/$caBundle/g" | kubectl apply -f - - {{ else }} - echo "Chart disabled, not creating secret and webhook" - {{ end }} - delete-cert.sh: | - #!/bin/bash - - set -x - - DIR="${BASH_SOURCE%/*}" - if [[ ! -d "$DIR" ]]; then DIR="$PWD"; fi - if [[ "$DIR" = "." ]]; then DIR="$PWD"; fi - - cd "$DIR" - - # Using detection of deployment hee to also make this work in post-delete. - if kubectl get deployments "{{ include "http-header-injector.app.name" . }}" -n "{{ .Release.Namespace }}"; then - echo "Chart enabled, not removing secret and mutationwebhook" - exit 0 - else - echo "Chart disabled, removing secret and mutationwebhook" - fi - - # Create or update the secret - echo "Deleting secret" - kubectl delete secret "{{ include "http-header-injector.cert-secret.name" . }}" -n "{{ .Release.Namespace }}" - - echo "Applying mutationwebhook" - kubectl delete MutatingWebhookConfiguration "{{ include "http-header-injector.mutating-webhook.name" . }}" -n "{{ .Release.Namespace }}" - - exit 0 - - csr.conf: | - [ req ] - default_bits = 2048 - prompt = no - default_md = sha256 - req_extensions = req_ext - distinguished_name = dn - - [ dn ] - C = NL - ST = Utrecht - L = Hilversum - O = StackState - OU = Dev - CN = {{ include "http-header-injector.webhook-service.fqname" . }} - - [ req_ext ] - subjectAltName = @alt_names - - [ alt_names ] - DNS.1 = {{ include "http-header-injector.webhook-service.fqname" . }} - - [ v3_ext ] - authorityKeyIdentifier=keyid,issuer:always - basicConstraints=CA:FALSE - keyUsage=keyEncipherment,dataEncipherment - extendedKeyUsage=serverAuth - subjectAltName=@alt_names - - mutatingwebhookconfiguration.yaml: | - apiVersion: admissionregistration.k8s.io/v1 - kind: MutatingWebhookConfiguration - metadata: - name: "{{ include "http-header-injector.mutating-webhook.name" . }}" - namespace: "{{ .Release.Namespace }}" - labels: -{{ include "http-header-injector.global.extraLabels" . | indent 8 }} - annotations: -{{ include "http-header-injector.global.extraAnnotations" . | indent 8 }} - webhooks: - - clientConfig: - caBundle: "$CA_BUNDLE" - service: - name: "{{ include "http-header-injector.webhook-service.name" . }}" - path: /mutate - namespace: {{ .Release.Namespace }} - port: 8443 - # Putting failure on ignore, not doing so can crash the entire control plane if something goes wrong with the service. - failurePolicy: "{{ .Values.webhook.failurePolicy }}" - name: "{{ include "http-header-injector.mutatingwebhookconfiguration.name" . }}" - namespaceSelector: - matchExpressions: - - key: kubernetes.io/metadata.name - operator: NotIn - values: - - kube-system - - cert-manager - - {{ .Release.Namespace }} - rules: - - apiGroups: - - "" - apiVersions: - - v1 - operations: - - CREATE - resources: - - pods - sideEffects: None - admissionReviewVersions: - - v1 -{{- end }} diff --git a/charts/stackstate/stackstate-k8s-agent/1.0.95/charts/http-header-injector/templates/cert-hook-job-delete.yaml b/charts/stackstate/stackstate-k8s-agent/1.0.95/charts/http-header-injector/templates/cert-hook-job-delete.yaml deleted file mode 100644 index 6f72ce247..000000000 --- a/charts/stackstate/stackstate-k8s-agent/1.0.95/charts/http-header-injector/templates/cert-hook-job-delete.yaml +++ /dev/null @@ -1,39 +0,0 @@ -{{- if eq .Values.webhook.tls.mode "generated" }} -apiVersion: batch/v1 -kind: Job -metadata: - name: {{ .Release.Name }}-header-injector-cert-delete - labels: - app.kubernetes.io/component: http-header-injector-cert-hook-delete - app.kubernetes.io/instance: {{ .Release.Name }} - app.kubernetes.io/name: {{ include "http-header-injector.app.name" . }} -{{ include "http-header-injector.global.extraLabels" . | indent 4 }} - annotations: - "helm.sh/hook": post-delete,post-upgrade - "helm.sh/hook-weight": "-2" - "helm.sh/hook-delete-policy": before-hook-creation{{- if not .Values.debug -}},hook-succeeded{{- end }} -{{ include "http-header-injector.global.extraAnnotations" . | indent 4 }} -spec: - template: - metadata: - labels: - app.kubernetes.io/component: http-header-injector-delete - app.kubernetes.io/instance: {{ .Release.Name }} - app.kubernetes.io/name: {{ include "http-header-injector.app.name" . }} -{{ include "http-header-injector.global.extraLabels" . | indent 8 }} - annotations: - checksum/config: {{ include (print $.Template.BasePath "/cert-hook-config.yaml") . | sha256sum }} -{{ include "http-header-injector.global.extraAnnotations" . | indent 8 }} - spec: - serviceAccountName: "{{ include "http-header-injector.cert-serviceaccount.name" . }}" - {{- include "http-header-injector.image.pullSecrets" . | nindent 6 }} - volumes: - - name: "{{ include "http-header-injector.cert-config.name" . }}" - configMap: - name: "{{ include "http-header-injector.cert-config.name" . }}" - defaultMode: 0777 - containers: - - {{ include "http-header-injector.cert-delete.container.main" . | nindent 8 }} - restartPolicy: Never - backoffLimit: 0 -{{- end }} diff --git a/charts/stackstate/stackstate-k8s-agent/1.0.95/charts/http-header-injector/templates/cert-hook-job-setup.yaml b/charts/stackstate/stackstate-k8s-agent/1.0.95/charts/http-header-injector/templates/cert-hook-job-setup.yaml deleted file mode 100644 index cc1c89631..000000000 --- a/charts/stackstate/stackstate-k8s-agent/1.0.95/charts/http-header-injector/templates/cert-hook-job-setup.yaml +++ /dev/null @@ -1,39 +0,0 @@ -{{- if eq .Values.webhook.tls.mode "generated" }} -apiVersion: batch/v1 -kind: Job -metadata: - name: {{ .Release.Name }}-header-injector-cert-setup - labels: - app.kubernetes.io/component: http-header-injector-cert-hook-setup - app.kubernetes.io/instance: {{ .Release.Name }} - app.kubernetes.io/name: {{ include "http-header-injector.app.name" . }} -{{ include "http-header-injector.global.extraLabels" . | indent 4 }} - annotations: - "helm.sh/hook": pre-install,pre-upgrade - "helm.sh/hook-weight": "-2" - "helm.sh/hook-delete-policy": before-hook-creation{{- if not .Values.debug -}},hook-succeeded{{- end }} -{{ include "http-header-injector.global.extraAnnotations" . | indent 4 }} -spec: - template: - metadata: - labels: - app.kubernetes.io/component: http-header-injector-setup - app.kubernetes.io/instance: {{ .Release.Name }} - app.kubernetes.io/name: {{ include "http-header-injector.app.name" . }} -{{ include "http-header-injector.global.extraLabels" . | indent 8 }} - annotations: - checksum/config: {{ include (print $.Template.BasePath "/cert-hook-config.yaml") . | sha256sum }} -{{ include "http-header-injector.global.extraAnnotations" . | indent 8 }} - spec: - serviceAccountName: "{{ include "http-header-injector.cert-serviceaccount.name" . }}" - {{- include "http-header-injector.image.pullSecrets" . | nindent 6 }} - volumes: - - name: "{{ include "http-header-injector.cert-config.name" . }}" - configMap: - name: "{{ include "http-header-injector.cert-config.name" . }}" - defaultMode: 0777 - containers: - - {{ include "http-header-injector.cert-setup.container.main" . | nindent 8 }} - restartPolicy: Never - backoffLimit: 0 -{{- end }} diff --git a/charts/stackstate/stackstate-k8s-agent/1.0.95/charts/http-header-injector/templates/cert-hook-serviceaccount.yaml b/charts/stackstate/stackstate-k8s-agent/1.0.95/charts/http-header-injector/templates/cert-hook-serviceaccount.yaml deleted file mode 100644 index 29b26df95..000000000 --- a/charts/stackstate/stackstate-k8s-agent/1.0.95/charts/http-header-injector/templates/cert-hook-serviceaccount.yaml +++ /dev/null @@ -1,18 +0,0 @@ -{{- if eq .Values.webhook.tls.mode "generated" }} -apiVersion: v1 -kind: ServiceAccount -metadata: - name: "{{ include "http-header-injector.cert-serviceaccount.name" . }}" - namespace: {{ .Release.Namespace }} - annotations: - "helm.sh/hook": pre-install,pre-upgrade,post-delete,post-upgrade - "helm.sh/hook-weight": "-4" - "helm.sh/hook-delete-policy": before-hook-creation,hook-succeeded -{{ include "http-header-injector.global.extraAnnotations" . | indent 4 }} - labels: - app.kubernetes.io/component: http-header-injector-cert-hook - app.kubernetes.io/instance: {{ .Release.Name }} - app.kubernetes.io/name: {{ include "http-header-injector.app.name" . }} - app: "{{ include "http-header-injector.app.name" . }}" -{{ include "http-header-injector.global.extraLabels" . | indent 4 }} -{{- end }} diff --git a/charts/stackstate/stackstate-k8s-agent/1.0.95/charts/http-header-injector/templates/pull-secret.yaml b/charts/stackstate/stackstate-k8s-agent/1.0.95/charts/http-header-injector/templates/pull-secret.yaml deleted file mode 100644 index 80b4ee404..000000000 --- a/charts/stackstate/stackstate-k8s-agent/1.0.95/charts/http-header-injector/templates/pull-secret.yaml +++ /dev/null @@ -1,32 +0,0 @@ -{{- $defaultRegistry := .Values.global.imageRegistry }} -{{- $top := . }} -{{- $registryAuthMap := dict }} - -{{- range $registry, $credentials := .Values.global.imagePullCredentials }} - {{- $registryAuthDocument := dict -}} - {{- $_ := set $registryAuthDocument "username" $credentials.username }} - {{- $_ := set $registryAuthDocument "password" $credentials.password }} - {{- $authMessage := printf "%s:%s" $registryAuthDocument.username $registryAuthDocument.password | b64enc }} - {{- $_ := set $registryAuthDocument "auth" $authMessage }} - {{- if eq $registry "default" }} - {{- $registryAuthMap := set $registryAuthMap (include "http-header-injector.image.registry.global" $top) $registryAuthDocument }} - {{ else }} - {{- $registryAuthMap := set $registryAuthMap $registry $registryAuthDocument }} - {{- end }} -{{- end }} -{{- $dockerAuthsDocuments := dict "auths" $registryAuthMap }} - -apiVersion: v1 -kind: Secret -metadata: - labels: - app.kubernetes.io/component: http-header-injector - app.kubernetes.io/instance: {{ .Release.Name }} - app.kubernetes.io/name: {{ include "http-header-injector.app.name" . }} -{{ include "http-header-injector.global.extraLabels" . | indent 4 }} - annotations: -{{ include "http-header-injector.global.extraAnnotations" . | indent 4 }} - name: {{ include "http-header-injector.pull-secret.name" . }} -data: - .dockerconfigjson: {{ $dockerAuthsDocuments | toJson | b64enc | quote }} -type: kubernetes.io/dockerconfigjson \ No newline at end of file diff --git a/charts/stackstate/stackstate-k8s-agent/1.0.95/charts/http-header-injector/templates/webhook-cert-secret.yaml b/charts/stackstate/stackstate-k8s-agent/1.0.95/charts/http-header-injector/templates/webhook-cert-secret.yaml deleted file mode 100644 index f571ca86b..000000000 --- a/charts/stackstate/stackstate-k8s-agent/1.0.95/charts/http-header-injector/templates/webhook-cert-secret.yaml +++ /dev/null @@ -1,18 +0,0 @@ -{{- if eq .Values.webhook.tls.mode "provided" }} -apiVersion: v1 -kind: Secret -metadata: - name: {{ include "http-header-injector.cert-secret.name" . }} - namespace: {{ .Release.Namespace }} - labels: - app.kubernetes.io/component: http-header-injector - app.kubernetes.io/instance: {{ .Release.Name }} - app.kubernetes.io/name: {{ include "http-header-injector.app.name" . }} -{{ include "http-header-injector.global.extraLabels" . | indent 4 }} - annotations: -{{ include "http-header-injector.global.extraAnnotations" . | indent 4 }} -type: kubernetes.io/tls -data: - tls.crt: {{ .Values.webhook.tls.provided.crt | b64enc }} - tls.key: {{ .Values.webhook.tls.provided.key | b64enc }} -{{- end }} diff --git a/charts/stackstate/stackstate-k8s-agent/1.0.95/charts/http-header-injector/templates/webhook-certificate.yaml b/charts/stackstate/stackstate-k8s-agent/1.0.95/charts/http-header-injector/templates/webhook-certificate.yaml deleted file mode 100644 index a68c7c5f6..000000000 --- a/charts/stackstate/stackstate-k8s-agent/1.0.95/charts/http-header-injector/templates/webhook-certificate.yaml +++ /dev/null @@ -1,23 +0,0 @@ -{{- if eq .Values.webhook.tls.mode "cert-manager" }} -apiVersion: cert-manager.io/v1 -kind: Certificate -metadata: - name: {{ include "http-header-injector.webhook-service.name" . }} - namespace: {{ include "cert-manager.certificate.namespace" . }} - labels: - app.kubernetes.io/component: http-header-injector - app.kubernetes.io/instance: {{ .Release.Name }} - app.kubernetes.io/name: {{ include "http-header-injector.app.name" . }} -{{ include "http-header-injector.global.extraLabels" . | indent 4 }} - annotations: -{{ include "http-header-injector.global.extraAnnotations" . | indent 4 }} -spec: - secretName: {{ include "http-header-injector.cert-secret.name" . }} - issuerRef: - name: {{ .Values.webhook.tls.certManager.issuer }} - kind: {{ .Values.webhook.tls.certManager.issuerKind }} - dnsNames: - - "{{ include "http-header-injector.webhook-service.name" . }}" - - "{{ include "http-header-injector.webhook-service.name" . }}.{{ .Release.Namespace }}" - - "{{ include "http-header-injector.webhook-service.name" . }}.{{ .Release.Namespace }}.svc" -{{- end }} diff --git a/charts/stackstate/stackstate-k8s-agent/1.0.95/charts/http-header-injector/templates/webhook-config.yaml b/charts/stackstate/stackstate-k8s-agent/1.0.95/charts/http-header-injector/templates/webhook-config.yaml deleted file mode 100644 index 20b38ce96..000000000 --- a/charts/stackstate/stackstate-k8s-agent/1.0.95/charts/http-header-injector/templates/webhook-config.yaml +++ /dev/null @@ -1,128 +0,0 @@ -{{- if .Values.enabled -}} -{{- $proxyContainerConfig := dict "ContainerConfig" .Values.proxy -}} -{{- $proxyInitContainerConfig := dict "ContainerConfig" .Values.proxyInit -}} -apiVersion: v1 -kind: ConfigMap -metadata: - labels: - app.kubernetes.io/component: http-header-injector - app.kubernetes.io/instance: {{ .Release.Name }} - app.kubernetes.io/name: {{ include "http-header-injector.app.name" . }} -{{ include "http-header-injector.global.extraLabels" . | indent 4 }} - annotations: -{{ include "http-header-injector.global.extraAnnotations" . | indent 4 }} - name: {{ .Release.Name }}-http-header-injector-config -data: - sidecarconfig.yaml: | - initContainers: - - name: http-header-proxy-init - image: "{{ include "http-header-injector.image.registry" (merge $proxyInitContainerConfig .) }}/{{ .Values.proxyInit.image.repository }}:{{ .Values.proxyInit.image.tag }}" - imagePullPolicy: {{ .Values.proxyInit.image.pullPolicy }} - command: ["/init-iptables.sh"] - env: - - name: CHART_VERSION - value: "{{ .Chart.Version }}" - - name: PROXY_PORT - value: {% if index .Annotations "config.http-header-injector.stackstate.io/proxy-port" %}"{% index .Annotations "config.http-header-injector.stackstate.io/proxy-port" %}"{% else %}"7060"{% end %} - - name: PROXY_UID - value: {% if index .Annotations "config.http-header-injector.stackstate.io/proxy-uid" %}"{% index .Annotations "config.http-header-injector.stackstate.io/proxy-uid" %}"{% else %}"2103"{% end %} - - name: POD_HOST_NETWORK - value: {% .Spec.HostNetwork %} - {% if eq (index .Annotations "linkerd.io/inject") "enabled" %} - - name: LINKERD - value: true - # Reference: https://linkerd.io/2.13/reference/proxy-configuration/ - - name: LINKERD_PROXY_UID - value: {% if index .Annotations "config.linkerd.io/proxy-uid" %}"{% index .Annotations "config.linkerd.io/proxy-uid" %}"{% else %}"2102"{% end %} - # Due to https://github.com/linkerd/linkerd2/issues/10981 this is now not realy possible, still bringing in the code for future reference - - name: LINKERD_ADMIN_PORT - value: {% if index .Annotations "config.linkerd.io/admin-port" %}"{% index .Annotations "config.linkerd.io/admin-port" %}"{% else %}"4191"{% end %} - {% end %} - securityContext: - allowPrivilegeEscalation: false - capabilities: - add: - - NET_ADMIN - - NET_RAW - privileged: false - readOnlyRootFilesystem: true - runAsNonRoot: false - runAsUser: 0 - seccompProfile: - type: RuntimeDefault - volumeMounts: - # This is required for iptables to be able to run - - mountPath: /run - name: http-header-proxy-init-xtables-lock - - containers: - - name: http-header-proxy - image: "{{ include "http-header-injector.image.registry" (merge $proxyContainerConfig .) }}/{{ .Values.proxy.image.repository }}:{{ .Values.proxy.image.tag }}" - imagePullPolicy: {{ .Values.proxy.image.pullPolicy }} - env: - - name: CHART_VERSION - value: "{{ .Chart.Version }}" - - name: PORT - value: {% if index .Annotations "config.http-header-injector.stackstate.io/proxy-port" %}"{% index .Annotations "config.http-header-injector.stackstate.io/proxy-port" %}"{% else %}"7060"{% end %} - - name: DEBUG - value: {% if index .Annotations "config.http-header-injector.stackstate.io/debug" %}"{% index .Annotations "config.http-header-injector.stackstate.io/debug" %}"{% else %}"disabled"{% end %} - securityContext: - runAsUser: {% if index .Annotations "config.http-header-injector.stackstate.io/proxy-uid" %}{% index .Annotations "config.http-header-injector.stackstate.io/proxy-uid" %}{% else %}2103{% end %} - seccompProfile: - type: RuntimeDefault - {{- with .Values.proxy.resources }} - resources: - {{- toYaml . | nindent 12 }} - {{- end }} - - name: http-header-inject-debug - image: "{{ include "http-header-injector.image.registry" (merge $proxyContainerConfig .) }}/{{ .Values.proxyInit.image.repository }}:{{ .Values.proxyInit.image.tag }}" - imagePullPolicy: {{ .Values.proxyInit.image.pullPolicy }} - command: ["/bin/sh", "-c", "while echo \"Running\"; do sleep 1; done"] - securityContext: - allowPrivilegeEscalation: false - capabilities: - add: - - NET_ADMIN - - NET_RAW - privileged: false - readOnlyRootFilesystem: true - runAsNonRoot: false - runAsUser: 0 - seccompProfile: - type: RuntimeDefault - volumeMounts: - # This is required for iptables to be able to run - - mountPath: /run - name: http-header-proxy-init-xtables-lock - - volumes: - - emptyDir: {} - name: http-header-proxy-init-xtables-lock - - mutationconfig.yaml: | - mutationConfigs: - - name: "http-header-injector" - annotationNamespace: "http-header-injector.stackstate.io" - annotationTrigger: "inject" - annotationConfig: - volumeMounts: [] - initContainersBeforePodInitContainers: [ "http-header-proxy-init" ] - initContainers: [ "http-header-proxy-init" ] - containers: [ "http-header-proxy" ] - volumes: [ "http-header-proxy-init-xtables-lock" ] - volumeMounts: [ ] - # Namespaces are ignored by the mutatingwebhook - ignoreNamespaces: [ ] - - name: "http-header-injector-debug" - annotationNamespace: "http-header-injector-debug.stackstate.io" - annotationTrigger: "inject" - annotationConfig: - volumeMounts: [] - initContainersBeforePodInitContainers: [ ] - initContainers: [ ] - containers: [ "http-header-inject-debug" ] - volumes: [ "http-header-proxy-init-xtables-lock" ] - volumeMounts: [ ] - # Namespaces are ignored by the mutatingwebhook - ignoreNamespaces: [ ] - {{- end -}} \ No newline at end of file diff --git a/charts/stackstate/stackstate-k8s-agent/1.0.95/charts/http-header-injector/templates/webhook-deployment.yaml b/charts/stackstate/stackstate-k8s-agent/1.0.95/charts/http-header-injector/templates/webhook-deployment.yaml deleted file mode 100644 index 8af6ff51a..000000000 --- a/charts/stackstate/stackstate-k8s-agent/1.0.95/charts/http-header-injector/templates/webhook-deployment.yaml +++ /dev/null @@ -1,61 +0,0 @@ -{{- if .Values.enabled -}} -{{- $containerConfig := dict "ContainerConfig" .Values.sidecarInjector -}} -apiVersion: apps/v1 -kind: Deployment -metadata: - labels: - app.kubernetes.io/component: http-header-injector - app.kubernetes.io/instance: {{ .Release.Name }} - app.kubernetes.io/name: {{ include "http-header-injector.app.name" . }} - app: "{{ include "http-header-injector.app.name" . }}" -{{ include "http-header-injector.global.extraLabels" . | indent 4 }} - annotations: -{{ include "http-header-injector.global.extraAnnotations" . | indent 4 }} - name: "{{ include "http-header-injector.app.name" . }}" -spec: - replicas: 1 - selector: - matchLabels: - app: "{{ include "http-header-injector.app.name" . }}" - template: - metadata: - labels: - app.kubernetes.io/component: http-header-injector - app.kubernetes.io/instance: {{ .Release.Name }} - app.kubernetes.io/name: {{ include "http-header-injector.app.name" . }} - app: "{{ include "http-header-injector.app.name" . }}" -{{ include "http-header-injector.global.extraLabels" . | indent 8 }} - annotations: - checksum/config: {{ include (print $.Template.BasePath "/webhook-config.yaml") . | sha256sum }} - # This is here to make sure the generic injector gets restarted and picks up a new secret that may have been generated upon upgrade. - revision: "{{ .Release.Revision }}" -{{ include "http-header-injector.global.extraAnnotations" . | indent 8 }} - name: "{{ include "http-header-injector.app.name" . }}" - spec: - {{- include "http-header-injector.image.pullSecrets" . | nindent 6 }} - volumes: - - name: "{{ include "http-header-injector.webhook-config.name" . }}" - configMap: - name: "{{ include "http-header-injector.webhook-config.name" . }}" - - name: "{{ include "http-header-injector.cert-secret.name" . }}" - secret: - secretName: "{{ include "http-header-injector.cert-secret.name" . }}" - containers: - - image: "{{ include "http-header-injector.image.registry" (merge $containerConfig .) }}/{{ .Values.sidecarInjector.image.repository }}:{{ .Values.sidecarInjector.image.tag }}" - imagePullPolicy: {{ .Values.sidecarInjector.image.pullPolicy }} - name: http-header-injector - volumeMounts: - - name: "{{ include "http-header-injector.webhook-config.name" . }}" - mountPath: /etc/webhook/config - readOnly: true - - name: "{{ include "http-header-injector.cert-secret.name" . }}" - mountPath: /etc/webhook/certs - readOnly: true - command: [ "/sidecarinjector" ] - args: - - --port=8443 - - --sidecar-config-file=/etc/webhook/config/sidecarconfig.yaml - - --mutation-config-file=/etc/webhook/config/mutationconfig.yaml - - --cert-file-path=/etc/webhook/certs/tls.crt - - --key-file-path=/etc/webhook/certs/tls.key -{{- end -}} \ No newline at end of file diff --git a/charts/stackstate/stackstate-k8s-agent/1.0.95/charts/http-header-injector/templates/webhook-mutatingwebhookconfiguration.yaml b/charts/stackstate/stackstate-k8s-agent/1.0.95/charts/http-header-injector/templates/webhook-mutatingwebhookconfiguration.yaml deleted file mode 100644 index de0acc1df..000000000 --- a/charts/stackstate/stackstate-k8s-agent/1.0.95/charts/http-header-injector/templates/webhook-mutatingwebhookconfiguration.yaml +++ /dev/null @@ -1,54 +0,0 @@ -{{- if not (eq .Values.webhook.tls.mode "generated") }} -apiVersion: admissionregistration.k8s.io/v1 -kind: MutatingWebhookConfiguration -metadata: - name: "{{ include "http-header-injector.mutating-webhook.name" . }}" - namespace: "{{ .Release.Namespace }}" - labels: - app.kubernetes.io/component: http-header-injector - app.kubernetes.io/instance: {{ .Release.Name }} - app.kubernetes.io/name: {{ include "http-header-injector.app.name" . }} -{{ include "http-header-injector.global.extraLabels" . | indent 4 }} - annotations: - {{- if eq .Values.webhook.tls.mode "cert-manager" }} - cert-manager.io/inject-ca-from: {{ include "cert-manager.certificate.namespace" . }}/{{ include "http-header-injector.webhook-service.name" . }} - {{- else if eq .Values.webhook.tls.mode "secret" }} - cert-manager.io/inject-ca-from-secret: {{ .Release.Namespace }}/{{ .Values.webhook.tls.secret.name | required "'webhook.tls.secret.name' is required when webhook.tls.mode is 'secret'" }} - {{- end }} -{{ include "http-header-injector.global.extraAnnotations" . | indent 4 }} -webhooks: - - clientConfig: - {{- if eq .Values.webhook.tls.mode "provided" }} - caBundle: "{{ .Values.webhook.tls.provided.caBundle | b64enc }}" - {{- else if or (eq .Values.webhook.tls.mode "cert-manager") (eq .Values.webhook.tls.mode "secret") }} - caBundle: "" - {{- end }} - service: - name: "{{ include "http-header-injector.webhook-service.name" . }}" - path: /mutate - namespace: {{ .Release.Namespace }} - port: 8443 - # Putting failure on ignore, not doing so can crash the entire control plane if something goes wrong with the service. - failurePolicy: "{{ .Values.webhook.failurePolicy }}" - name: "{{ include "http-header-injector.mutatingwebhookconfiguration.name" . }}" - namespaceSelector: - matchExpressions: - - key: kubernetes.io/metadata.name - operator: NotIn - values: - - kube-system - - cert-manager - - {{ .Release.Namespace }} - rules: - - apiGroups: - - "" - apiVersions: - - v1 - operations: - - CREATE - resources: - - pods - sideEffects: None - admissionReviewVersions: - - v1 -{{- end }} diff --git a/charts/stackstate/stackstate-k8s-agent/1.0.95/charts/http-header-injector/templates/webhook-service.yaml b/charts/stackstate/stackstate-k8s-agent/1.0.95/charts/http-header-injector/templates/webhook-service.yaml deleted file mode 100644 index 55abdb022..000000000 --- a/charts/stackstate/stackstate-k8s-agent/1.0.95/charts/http-header-injector/templates/webhook-service.yaml +++ /dev/null @@ -1,20 +0,0 @@ -{{- if .Values.enabled -}} -apiVersion: v1 -kind: Service -metadata: - labels: - app.kubernetes.io/component: http-header-injector - app.kubernetes.io/instance: {{ .Release.Name }} - app.kubernetes.io/name: {{ include "http-header-injector.app.name" . }} -{{ include "http-header-injector.global.extraLabels" . | indent 4 }} - annotations: -{{ include "http-header-injector.global.extraAnnotations" . | indent 4 }} - name: "{{ include "http-header-injector.webhook-service.name" . }}" -spec: - ports: - - port: 8443 - protocol: TCP - targetPort: 8443 - selector: - app: "{{ include "http-header-injector.app.name" . }}" -{{- end -}} diff --git a/charts/stackstate/stackstate-k8s-agent/1.0.95/charts/http-header-injector/values.yaml b/charts/stackstate/stackstate-k8s-agent/1.0.95/charts/http-header-injector/values.yaml deleted file mode 100644 index a1b4be2fc..000000000 --- a/charts/stackstate/stackstate-k8s-agent/1.0.95/charts/http-header-injector/values.yaml +++ /dev/null @@ -1,110 +0,0 @@ -# enabled -- Enable/disable the mutationwebhook -enabled: true - -# debug -- Enable debugging. This will leave leave artifacts around like the prehook jobs for further inspection -debug: false - -global: - # global.imageRegistry -- Globally override the image registry that is used. Can be overridden by specific containers. Defaults to quay.io - imageRegistry: null - # global.imagePullSecrets -- Globally add image pull secrets that are used. - imagePullSecrets: [] - # global.imagePullCredentials -- Globally define credentials for pulling images. - imagePullCredentials: {} - - # global.extraLabels -- Extra labels added ta all resources created by the helm chart - extraLabels: {} - # global.extraAnnotations -- Extra annotations added ta all resources created by the helm chart - extraAnnotations: {} - -images: - pullSecretName: - -# proxy -- Proxy being injected into pods for rewriting http headers -proxy: - image: - # proxy.image.registry -- Registry for the docker image. - registry: - # proxy.image.repository - Repository for the docker image - repository: "stackstate/http-header-injector-proxy" - # proxy.image.pullPolicy -- Policy when pulling an image - pullPolicy: IfNotPresent - # proxy.image.tag -- The tag for the docker image - tag: sha-5ff79451 - - # proxy.resource -- Resources for the proxy container - resources: - requests: - # proxy.resources.requests.memory -- Memory resource requests. - memory: "25Mi" - limits: - # proxy.resources.limits.memory -- Memory resource limits. - memory: "40Mi" - -# proxyInit -- InitContainer within pod which redirects traffic to the proxy container. -proxyInit: - image: - # proxyInit.image.registry -- Registry for the docker image - registry: - # proxyInit.image.repository - Repository for the docker image - repository: "stackstate/http-header-injector-proxy-init" - # proxyInit.image.pullPolicy -- Policy when pulling an image - pullPolicy: IfNotPresent - # proxyInit.image.tag -- The tag for the docker image - tag: sha-5ff79451 - -# sidecarInjector -- Service for injecting the proxy sidecar into pods -sidecarInjector: - image: - # sidecarInjector.image.registry -- Registry for the docker image. - registry: - # sidecarInjector.image.repository - Repository for the docker image - repository: "stackstate/generic-sidecar-injector" - # sidecarInjector.image.pullPolicy -- Policy when pulling an image - pullPolicy: IfNotPresent - # sidecarInjector.image.tag -- The tag for the docker image - tag: sha-9c852245 - -# certificatePrehook -- Helm prehook to setup/remove a certificate for the sidecarInjector mutationwebhook -certificatePrehook: - image: - # certificatePrehook.image.registry -- Registry for the docker image. - registry: - # certificatePrehook.image.repository - Repository for the docker image. - repository: stackstate/container-tools - # certificatePrehook.image.pullPolicy -- Policy when pulling an image - pullPolicy: IfNotPresent - # certificatePrehook.image.tag -- The tag for the docker image - tag: 1.4.0 - resources: - limits: - cpu: "100m" - memory: "200Mi" - requests: - cpu: "100m" - memory: "200Mi" - -# webhook -- MutationWebhook that will be installed to inject a sidecar into pods -webhook: - # webhook.failurePolicy -- How should the webhook fail? Best is to use Ignore, because there is a brief moment at initialization when the hook s there but the service not. Also, putting this to fail can cause the control plane be unresponsive. - failurePolicy: Ignore - tls: - # webhook.tls.mode -- The mode for the webhook. Can be "provided", "generated", "secret" or "cert-manager". If you want to use cert-manager, you need to install it first. NOTE: If you choose "generated", additional privileges are required to create the certificate and webhook at runtime. - mode: "generated" - provided: - # webhook.tls.provided.caBundle -- The caBundle that is used for the webhook. This is the certificate that is used to sign the webhook. Only used if you set webhook.tls.mode to "provided". - caBundle: "" - # webhook.tls.provided.crt -- The certificate that is used for the webhook. Only used if you set webhook.tls.mode to "provided". - crt: "" - # webhook.tls.provided.key -- The key that is used for the webhook. Only used if you set webhook.tls.mode to "provided". - key: "" - certManager: - # webhook.tls.certManager.issuer -- The issuer that is used for the webhook. Only used if you set webhook.tls.mode to "cert-manager". - issuer: "" - # webhook.tls.certManager.issuerKind -- The issuer kind that is used for the webhook, valid values are "Issuer" or "ClusterIssuer". Only used if you set webhook.tls.mode to "cert-manager". - issuerKind: "ClusterIssuer" - # webhook.tls.certManager.issuerNamespace -- The namespace the cert-manager issuer is located in. If left empty defaults to the release's namespace that is used for the webhook. Only used if you set webhook.tls.mode to "cert-manager". - issuerNamespace: "" - secret: - # webhook.tls.secret.name -- The name of the secret containing the pre-provisioned certificate data that is used for the webhook. Only used if you set webhook.tls.mode to "secret". - name: "" diff --git a/charts/stackstate/stackstate-k8s-agent/1.0.95/questions.yml b/charts/stackstate/stackstate-k8s-agent/1.0.95/questions.yml deleted file mode 100644 index 5d6e6a011..000000000 --- a/charts/stackstate/stackstate-k8s-agent/1.0.95/questions.yml +++ /dev/null @@ -1,184 +0,0 @@ -questions: - - variable: stackstate.apiKey - label: "StackState API Key" - type: string - description: "The API key for StackState." - required: true - group: General - - variable: stackstate.url - label: "StackState URL" - type: string - description: "The URL where StackState is running." - required: true - group: General - - variable: stackstate.cluster.name - label: "StackState Cluster Name" - type: string - description: "The StackState Cluster Name given when installing the instance of the Kubernetes StackPack in StackState. This is used to identify the cluster in StackState." - required: true - group: General - - variable: all.registry.override - label: "Override Default Image Registry" - type: boolean - description: "Whether or not to override the default image registry." - default: false - group: "General" - show_subquestions_if: true - subquestions: - - variable: all.image.registry - label: "Docker Image Registry" - type: string - description: "The registry to pull the StackState Agent images from." - default: "quay.io" - - variable: global.imagePullCredentials.username - label: "Docker Image Pull Username" - type: string - description: "The username to use when pulling the StackState Agent images." - - variable: global.imagePullCredentials.password - label: "Docker Image Pull Password" - type: secret - description: "The password to use when pulling the StackState Agent images." - - variable: nodeAgent.containers.agent.resources.override - label: "Override Node Agent Resource Allocation" - type: boolean - description: "Whether or not to override the default resources." - default: "false" - group: "Node Agent" - show_subquestions_if: true - subquestions: - - variable: nodeAgent.containers.agent.resources.requests.cpu - label: "CPU Requests" - type: string - description: "The requested CPU for the Node Agent." - default: "20m" - - variable: nodeAgent.containers.agent.resources.requests.memory - label: "Memory Requests" - type: string - description: "The requested memory for the Node Agent." - default: "180Mi" - - variable: nodeAgent.containers.agent.resources.limits.cpu - label: "CPU Limit" - type: string - description: "The CPU limit for the Node Agent." - default: "270m" - - variable: nodeAgent.containers.agent.resources.limits.memory - label: "Memory Limit" - type: string - description: "The memory limit for the Node Agent." - default: "420Mi" - - variable: nodeAgent.containers.processAgent.enabled - label: "Enable Process Agent" - type: boolean - description: "Whether or not to enable the Process Agent." - default: "true" - group: "Process Agent" - - variable: nodeAgent.skipKubeletTLSVerify - label: "Skip Kubelet TLS Verify" - type: boolean - description: "Whether or not to skip TLS verification when connecting to the kubelet API." - default: "true" - group: "Process Agent" - - variable: nodeAgent.containers.processAgent.resources.override - label: "Override Process Agent Resource Allocation" - type: boolean - description: "Whether or not to override the default resources." - default: "false" - group: "Process Agent" - show_subquestions_if: true - subquestions: - - variable: nodeAgent.containers.processAgent.resources.requests.cpu - label: "CPU Requests" - type: string - description: "The requested CPU for the Process Agent." - default: "25m" - - variable: nodeAgent.containers.processAgent.resources.requests.memory - label: "Memory Requests" - type: string - description: "The requested memory for the Process Agent." - default: "128Mi" - - variable: nodeAgent.containers.processAgent.resources.limits.cpu - label: "CPU Limit" - type: string - description: "The CPU limit for the Process Agent." - default: "125m" - - variable: nodeAgent.containers.processAgent.resources.limits.memory - label: "Memory Limit" - type: string - description: "The memory limit for the Process Agent." - default: "400Mi" - - variable: clusterAgent.enabled - label: "Enable Cluster Agent" - type: boolean - description: "Whether or not to enable the Cluster Agent." - default: "true" - group: "Cluster Agent" - - variable: clusterAgent.collection.kubernetesResources.secrets - label: "Collect Secret Resources" - type: boolean - description: | - Whether or not to collect Kubernetes Secrets. - NOTE: StackState will not send the actual data of the secrets, only the metadata and a secure hash of the data. - default: "true" - group: "Cluster Agent" - - variable: clusterAgent.resources.override - label: "Override Cluster Agent Resource Allocation" - type: boolean - description: "Whether or not to override the default resources." - default: "false" - group: "Cluster Agent" - show_subquestions_if: true - subquestions: - - variable: clusterAgent.resources.requests.cpu - label: "CPU Requests" - type: string - description: "The requested CPU for the Cluster Agent." - default: "70m" - - variable: clusterAgent.resources.requests.memory - label: "Memory Requests" - type: string - description: "The requested memory for the Cluster Agent." - default: "512Mi" - - variable: clusterAgent.resources.limits.cpu - label: "CPU Limit" - type: string - description: "The CPU limit for the Cluster Agent." - default: "400m" - - variable: clusterAgent.resources.limits.memory - label: "Memory Limit" - type: string - description: "The memory limit for the Cluster Agent." - default: "800Mi" - - variable: logsAgent.enabled - label: "Enable Logs Agent" - type: boolean - description: "Whether or not to enable the Logs Agent." - default: "true" - group: "Logs Agent" - - variable: logsAgent.resources.override - label: "Override Logs Agent Resource Allocation" - type: boolean - description: "Whether or not to override the default resources." - default: "false" - group: "Logs Agent" - show_subquestions_if: true - subquestions: - - variable: logsAgent.resources.requests.cpu - label: "CPU Requests" - type: string - description: "The requested CPU for the Logs Agent." - default: "20m" - - variable: logsAgent.resources.requests.memory - label: "Memory Requests" - type: string - description: "The requested memory for the Logs Agent." - default: "100Mi" - - variable: logsAgent.resources.limits.cpu - label: "CPU Limit" - type: string - description: "The CPU limit for the Logs Agent." - default: "1300m" - - variable: logsAgent.resources.limits.memory - label: "Memory Limit" - type: string - description: "The memory limit for the Logs Agent." - default: "192Mi" diff --git a/charts/stackstate/stackstate-k8s-agent/1.0.95/templates/_cluster-agent-kube-state-metrics.yaml b/charts/stackstate/stackstate-k8s-agent/1.0.95/templates/_cluster-agent-kube-state-metrics.yaml deleted file mode 100644 index f99fbf618..000000000 --- a/charts/stackstate/stackstate-k8s-agent/1.0.95/templates/_cluster-agent-kube-state-metrics.yaml +++ /dev/null @@ -1,62 +0,0 @@ -{{- define "cluster-agent-kube-state-metrics" -}} -{{- $kubeRes := .Values.clusterAgent.collection.kubernetesResources }} -{{- if .Values.clusterAgent.collection.kubeStateMetrics.clusterCheck }} -cluster_check: true -{{- end }} -init_config: -instances: - - collectors: - - nodes - - pods - - services - {{- if $kubeRes.persistentvolumeclaims }} - - persistentvolumeclaims - {{- end }} - {{- if $kubeRes.persistentvolumes }} - - persistentvolumes - {{- end }} - {{- if $kubeRes.namespaces }} - - namespaces - {{- end }} - {{- if $kubeRes.endpoints }} - - endpoints - {{- end }} - {{- if $kubeRes.daemonsets }} - - daemonsets - {{- end }} - {{- if $kubeRes.deployments }} - - deployments - {{- end }} - {{- if $kubeRes.replicasets }} - - replicasets - {{- end }} - {{- if $kubeRes.statefulsets }} - - statefulsets - {{- end }} - {{- if $kubeRes.cronjobs }} - - cronjobs - {{- end }} - {{- if $kubeRes.jobs }} - - jobs - {{- end }} - {{- if $kubeRes.ingresses }} - - ingresses - {{- end }} - {{- if $kubeRes.secrets }} - - secrets - {{- end }} - - resourcequotas - - replicationcontrollers - - limitranges - - horizontalpodautoscalers - - poddisruptionbudgets - - storageclasses - - volumeattachments - {{- if .Values.clusterAgent.collection.kubeStateMetrics.clusterCheck }} - skip_leader_election: true - {{- end }} - labels_as_tags: - {{ .Values.clusterAgent.collection.kubeStateMetrics.labelsAsTags | toYaml | indent 8 }} - annotations_as_tags: - {{ .Values.clusterAgent.collection.kubeStateMetrics.annotationsAsTags | toYaml | indent 8 }} -{{- end -}} diff --git a/charts/stackstate/stackstate-k8s-agent/1.0.95/templates/_container-agent.yaml b/charts/stackstate/stackstate-k8s-agent/1.0.95/templates/_container-agent.yaml deleted file mode 100644 index 09f9591c6..000000000 --- a/charts/stackstate/stackstate-k8s-agent/1.0.95/templates/_container-agent.yaml +++ /dev/null @@ -1,191 +0,0 @@ -{{- define "container-agent" -}} -- name: node-agent -{{- if .Values.all.hardening.enabled}} - lifecycle: - preStop: - exec: - command: [ "/bin/sh", "-c", "echo 'Giving slim.ai monitor time to submit data...'; sleep 120" ] -{{- end }} - image: "{{ include "stackstate-k8s-agent.imageRegistry" . }}/{{ .Values.nodeAgent.containers.agent.image.repository }}:{{ .Values.nodeAgent.containers.agent.image.tag }}" - imagePullPolicy: "{{ .Values.nodeAgent.containers.agent.image.pullPolicy }}" - env: - {{ include "stackstate-k8s-agent.apiKeyEnv" . | nindent 4 }} - - name: STS_KUBERNETES_KUBELET_HOST - valueFrom: - fieldRef: - fieldPath: status.hostIP - - name: KUBERNETES_HOSTNAME - valueFrom: - fieldRef: - fieldPath: spec.nodeName - - name: STS_HOSTNAME - value: "$(KUBERNETES_HOSTNAME)-{{ .Values.stackstate.cluster.name}}" - - name: AGENT_VERSION - value: {{ .Values.nodeAgent.containers.agent.image.tag | quote }} - - name: HOST_PROC - value: "/host/proc" - - name: HOST_SYS - value: "/host/sys" - - name: KUBERNETES - value: "true" - - name: STS_APM_ENABLED - value: {{ .Values.nodeAgent.apm.enabled | quote }} - - name: STS_APM_URL - value: {{ include "stackstate-k8s-agent.stackstate.url" . }} - - name: STS_CLUSTER_AGENT_ENABLED - value: {{ .Values.clusterAgent.enabled | quote }} - {{- if .Values.clusterAgent.enabled }} - - name: STS_CLUSTER_AGENT_KUBERNETES_SERVICE_NAME - value: {{ .Release.Name }}-cluster-agent - {{ include "stackstate-k8s-agent.clusterAgentAuthTokenEnv" . | nindent 4 }} - {{- end }} - - name: STS_CLUSTER_NAME - value: {{ .Values.stackstate.cluster.name | quote }} - - name: STS_SKIP_VALIDATE_CLUSTERNAME - value: "true" - - name: STS_CHECKS_TAG_CARDINALITY - value: {{ .Values.nodeAgent.checksTagCardinality | quote }} - {{- if .Values.checksAgent.enabled }} - - name: STS_EXTRA_CONFIG_PROVIDERS - value: "endpointschecks" - {{- end }} - - name: STS_HEALTH_PORT - value: "5555" - - name: STS_LEADER_ELECTION - value: "false" - - name: LOG_LEVEL - value: {{ .Values.nodeAgent.containers.agent.logLevel | default .Values.nodeAgent.logLevel | quote }} - - name: STS_LOG_LEVEL - value: {{ .Values.nodeAgent.containers.agent.logLevel | default .Values.nodeAgent.logLevel | quote }} - - name: STS_NETWORK_TRACING_ENABLED - value: {{ .Values.nodeAgent.networkTracing.enabled | quote }} - - name: STS_PROTOCOL_INSPECTION_ENABLED - value: {{ .Values.nodeAgent.protocolInspection.enabled | quote }} - - name: STS_PROCESS_AGENT_ENABLED - value: {{ .Values.nodeAgent.containers.agent.processAgent.enabled | quote }} - - name: STS_CONTAINER_CHECK_INTERVAL - value: {{ .Values.processAgent.checkIntervals.container | quote }} - - name: STS_CONNECTION_CHECK_INTERVAL - value: {{ .Values.processAgent.checkIntervals.connections | quote }} - - name: STS_PROCESS_CHECK_INTERVAL - value: {{ .Values.processAgent.checkIntervals.process | quote }} - - name: STS_PROCESS_AGENT_URL - value: {{ include "stackstate-k8s-agent.stackstate.url" . }} - - - name: STS_SKIP_SSL_VALIDATION - value: {{ or .Values.global.skipSslValidation .Values.nodeAgent.skipSslValidation | quote }} - - name: STS_SKIP_KUBELET_TLS_VERIFY - value: {{ .Values.nodeAgent.skipKubeletTLSVerify | quote }} - - name: STS_STS_URL - value: {{ include "stackstate-k8s-agent.stackstate.url" . }} - {{- if .Values.nodeAgent.containerRuntime.customSocketPath }} - - name: STS_CRI_SOCKET_PATH - value: {{ .Values.nodeAgent.containerRuntime.customSocketPath }} - {{- end }} - {{- if .Values.global.proxy.url }} - - name: STS_PROXY_HTTPS - value: {{ .Values.global.proxy.url | quote }} - - name: STS_PROXY_HTTP - value: {{ .Values.global.proxy.url | quote }} - {{- end }} - {{- range $key, $value := .Values.global.extraEnv.open }} - - name: {{ $key }} - value: {{ $value | quote }} - {{- end }} - {{- range $key, $value := .Values.global.extraEnv.secret }} - - name: {{ $key }} - valueFrom: - secretKeyRef: - name: {{ include "stackstate-k8s-agent.fullname" . }} - key: {{ $key }} - {{- end }} - {{- range $key, $value := .Values.nodeAgent.containers.agent.env }} - - name: {{ $key }} - value: {{ $value | quote }} - {{- end }} - {{- if .Values.nodeAgent.containers.agent.livenessProbe.enabled }} - livenessProbe: - httpGet: - path: /health - port: healthport - failureThreshold: {{ .Values.nodeAgent.containers.agent.livenessProbe.failureThreshold }} - initialDelaySeconds: {{ .Values.nodeAgent.containers.agent.livenessProbe.initialDelaySeconds }} - periodSeconds: {{ .Values.nodeAgent.containers.agent.livenessProbe.periodSeconds }} - successThreshold: {{ .Values.nodeAgent.containers.agent.livenessProbe.successThreshold }} - timeoutSeconds: {{ .Values.nodeAgent.containers.agent.livenessProbe.timeoutSeconds }} - {{- end }} - {{- if .Values.nodeAgent.containers.agent.readinessProbe.enabled }} - readinessProbe: - httpGet: - path: /health - port: healthport - failureThreshold: {{ .Values.nodeAgent.containers.agent.readinessProbe.failureThreshold }} - initialDelaySeconds: {{ .Values.nodeAgent.containers.agent.readinessProbe.initialDelaySeconds }} - periodSeconds: {{ .Values.nodeAgent.containers.agent.readinessProbe.periodSeconds }} - successThreshold: {{ .Values.nodeAgent.containers.agent.readinessProbe.successThreshold }} - timeoutSeconds: {{ .Values.nodeAgent.containers.agent.readinessProbe.timeoutSeconds }} - {{- end }} - ports: - - containerPort: 8126 - name: traceport - protocol: TCP - - containerPort: 5555 - name: healthport - protocol: TCP - {{- with .Values.nodeAgent.containers.agent.resources }} - resources: - {{- toYaml . | nindent 12 }} - {{- end }} - volumeMounts: - {{- if .Values.nodeAgent.containerRuntime.customSocketPath }} - - name: customcrisocket - mountPath: {{ .Values.nodeAgent.containerRuntime.customSocketPath }} - readOnly: true - {{- end }} - - name: crisocket - mountPath: /var/run/crio/crio.sock - readOnly: true - - name: containerdsocket - mountPath: /var/run/containerd/containerd.sock - readOnly: true - - name: kubelet - mountPath: /var/lib/kubelet - readOnly: true - - name: nfs - mountPath: /var/lib/nfs - readOnly: true - - name: dockersocket - mountPath: /var/run/docker.sock - readOnly: true - - name: dockernetns - mountPath: /run/docker/netns - readOnly: true - - name: dockeroverlay2 - mountPath: /var/lib/docker/overlay2 - readOnly: true - - name: procdir - mountPath: /host/proc - readOnly: true - - name: cgroups - mountPath: /host/sys/fs/cgroup - readOnly: true - {{- if .Values.nodeAgent.config.override }} - {{- range .Values.nodeAgent.config.override }} - - name: config-override-volume - mountPath: {{ .path }}/{{ .name }} - subPath: {{ .path | replace "/" "_"}}_{{ .name }} - readOnly: true - {{- end }} - {{- end }} -{{- if .Values.all.hardening.enabled}} - securityContext: - privileged: true - runAsUser: 0 # root - capabilities: - add: [ "ALL" ] - readOnlyRootFilesystem: false -{{- else }} - securityContext: - privileged: false -{{- end }} -{{- end -}} diff --git a/charts/stackstate/stackstate-k8s-agent/1.0.95/templates/_container-process-agent.yaml b/charts/stackstate/stackstate-k8s-agent/1.0.95/templates/_container-process-agent.yaml deleted file mode 100644 index 893f11581..000000000 --- a/charts/stackstate/stackstate-k8s-agent/1.0.95/templates/_container-process-agent.yaml +++ /dev/null @@ -1,160 +0,0 @@ -{{- define "container-process-agent" -}} -- name: process-agent -{{ if .Values.nodeAgent.containers.processAgent.image.registry }} - image: "{{ .Values.nodeAgent.containers.processAgent.image.registry }}/{{ .Values.nodeAgent.containers.processAgent.image.repository }}:{{ .Values.nodeAgent.containers.processAgent.image.tag }}" -{{ else }} - image: "{{ include "stackstate-k8s-agent.imageRegistry" . }}/{{ .Values.nodeAgent.containers.processAgent.image.repository }}:{{ .Values.nodeAgent.containers.processAgent.image.tag }}" -{{- end }} - imagePullPolicy: "{{ .Values.nodeAgent.containers.processAgent.image.pullPolicy }}" - ports: - - containerPort: 6063 - env: - {{ include "stackstate-k8s-agent.apiKeyEnv" . | nindent 4 }} - - name: STS_KUBERNETES_KUBELET_HOST - valueFrom: - fieldRef: - fieldPath: status.hostIP - - name: KUBERNETES_HOSTNAME - valueFrom: - fieldRef: - fieldPath: spec.nodeName - - name: STS_HOSTNAME - value: "$(KUBERNETES_HOSTNAME)-{{ .Values.stackstate.cluster.name}}" - - name: AGENT_VERSION - value: {{ .Values.nodeAgent.containers.processAgent.image.tag | quote }} - - name: STS_LOG_TO_CONSOLE - value: "true" - - name: HOST_PROC - value: "/host/proc" - - name: HOST_SYS - value: "/host/sys" - - name: HOST_ETC - value: "/host/etc" - - name: KUBERNETES - value: "true" - - name: STS_CLUSTER_AGENT_ENABLED - value: {{ .Values.clusterAgent.enabled | quote }} - {{- if .Values.clusterAgent.enabled }} - - name: STS_CLUSTER_AGENT_KUBERNETES_SERVICE_NAME - value: {{ .Release.Name }}-cluster-agent - {{ include "stackstate-k8s-agent.clusterAgentAuthTokenEnv" . | nindent 4 }} - {{- end }} - - name: STS_CLUSTER_NAME - value: {{ .Values.stackstate.cluster.name | quote }} - - name: STS_SKIP_VALIDATE_CLUSTERNAME - value: "true" - - name: LOG_LEVEL - value: {{ .Values.nodeAgent.containers.processAgent.logLevel | default .Values.nodeAgent.logLevel | quote }} - - name: STS_LOG_LEVEL - value: {{ .Values.nodeAgent.containers.processAgent.logLevel | default .Values.nodeAgent.logLevel | quote }} - - name: STS_NETWORK_TRACING_ENABLED - value: {{ .Values.nodeAgent.networkTracing.enabled | quote }} - - name: STS_PROTOCOL_INSPECTION_ENABLED - value: {{ .Values.nodeAgent.protocolInspection.enabled | quote }} - - name: STS_PROCESS_AGENT_ENABLED - value: {{ .Values.nodeAgent.containers.processAgent.enabled | quote }} - - name: STS_CONTAINER_CHECK_INTERVAL - value: {{ .Values.processAgent.checkIntervals.container | quote }} - - name: STS_CONNECTION_CHECK_INTERVAL - value: {{ .Values.processAgent.checkIntervals.connections | quote }} - - name: STS_PROCESS_CHECK_INTERVAL - value: {{ .Values.processAgent.checkIntervals.process | quote }} - - name: GOMEMLIMIT - value: {{ .Values.processAgent.softMemoryLimit.goMemLimit | quote }} - - name: STS_HTTP_STATS_BUFFER_SIZE - value: {{ .Values.processAgent.softMemoryLimit.httpStatsBufferSize | quote }} - - name: STS_HTTP_OBSERVATIONS_BUFFER_SIZE - value: {{ .Values.processAgent.softMemoryLimit.httpObservationsBufferSize | quote }} - - name: STS_PROCESS_AGENT_URL - value: {{ include "stackstate-k8s-agent.stackstate.url" . }} - - name: STS_SKIP_SSL_VALIDATION - value: {{ or .Values.global.skipSslValidation .Values.nodeAgent.skipSslValidation | quote }} - - name: STS_SKIP_KUBELET_TLS_VERIFY - value: {{ .Values.nodeAgent.skipKubeletTLSVerify | quote }} - - name: STS_STS_URL - value: {{ include "stackstate-k8s-agent.stackstate.url" . }} - - name: STS_HTTP_TRACING_ENABLED - value: {{ .Values.nodeAgent.httpTracing.enabled | quote }} - {{- if .Values.nodeAgent.containerRuntime.customSocketPath }} - - name: STS_CRI_SOCKET_PATH - value: {{ .Values.nodeAgent.containerRuntime.customSocketPath }} - {{- end }} - {{- if .Values.global.proxy.url }} - - name: STS_PROXY_HTTPS - value: {{ .Values.global.proxy.url | quote }} - - name: STS_PROXY_HTTP - value: {{ .Values.global.proxy.url | quote }} - {{- end }} - {{- range $key, $value := .Values.global.extraEnv.open }} - - name: {{ $key }} - value: {{ $value | quote }} - {{- end }} - {{- range $key, $value := .Values.global.extraEnv.secret }} - - name: {{ $key }} - valueFrom: - secretKeyRef: - name: {{ include "stackstate-k8s-agent.fullname" . }} - key: {{ $key }} - {{- end }} - {{- range $key, $value := .Values.nodeAgent.containers.processAgent.env }} - - name: {{ $key }} - value: {{ $value | quote }} - {{- end }} - {{- with .Values.nodeAgent.containers.processAgent.resources }} - resources: - {{- toYaml . | nindent 12 }} - {{- end }} - volumeMounts: - {{- if .Values.nodeAgent.containerRuntime.customSocketPath }} - - name: customcrisocket - mountPath: {{ .Values.nodeAgent.containerRuntime.customSocketPath }} - readOnly: true - {{- end }} - - name: crisocket - mountPath: /var/run/crio/crio.sock - readOnly: true - - name: containerdsocket - mountPath: /var/run/containerd/containerd.sock - readOnly: true - - name: sys-kernel-debug - mountPath: /sys/kernel/debug - # Having sys-kernel-debug as read only breaks specific monitors from receiving metrics - # readOnly: true - - name: dockersocket - mountPath: /var/run/docker.sock - readOnly: true - # The agent needs access to /etc to figure out what os it is running on. - - name: etcdir - mountPath: /host/etc - readOnly: true - - name: procdir - mountPath: /host/proc - # We have an agent option STS_DISABLE_BPF_JIT_HARDEN that write to /proc. this is a debug setting but if we want to use - # it, we have the option to make /proc writable. - readOnly: {{ .Values.nodeAgent.containers.processAgent.procVolumeReadOnly }} - - name: passwd - mountPath: /etc/passwd - readOnly: true - - name: cgroups - mountPath: /host/sys/fs/cgroup - readOnly: true - {{- if .Values.nodeAgent.config.override }} - {{- range .Values.nodeAgent.config.override }} - - name: config-override-volume - mountPath: {{ .path }}/{{ .name }} - subPath: {{ .path | replace "/" "_"}}_{{ .name }} - readOnly: true - {{- end }} - {{- end }} -{{- if .Values.all.hardening.enabled}} - securityContext: - privileged: true - runAsUser: 0 # root - capabilities: - add: [ "ALL" ] - readOnlyRootFilesystem: false -{{- else }} - securityContext: - privileged: true -{{- end }} -{{- end -}} diff --git a/charts/stackstate/stackstate-k8s-agent/1.0.95/templates/_helpers.tpl b/charts/stackstate/stackstate-k8s-agent/1.0.95/templates/_helpers.tpl deleted file mode 100644 index 3c51bc308..000000000 --- a/charts/stackstate/stackstate-k8s-agent/1.0.95/templates/_helpers.tpl +++ /dev/null @@ -1,219 +0,0 @@ -{{/* vim: set filetype=mustache: */}} -{{/* -Expand the name of the chart. -*/}} -{{- define "stackstate-k8s-agent.name" -}} -{{- default .Chart.Name .Values.nameOverride | trunc 63 | trimSuffix "-" -}} -{{- end -}} - -{{/* -Create a default fully qualified app name. -We truncate at 63 chars because some Kubernetes name fields are limited to this (by the DNS naming spec). -If release name contains chart name it will be used as a full name. -*/}} -{{- define "stackstate-k8s-agent.fullname" -}} -{{- if .Values.fullnameOverride -}} -{{- .Values.fullnameOverride | trunc 63 | trimSuffix "-" -}} -{{- else -}} -{{- $name := default .Chart.Name .Values.nameOverride -}} -{{- if contains $name .Release.Name -}} -{{- .Release.Name | trunc 63 | trimSuffix "-" -}} -{{- else -}} -{{- printf "%s-%s" .Release.Name $name | trunc 63 | trimSuffix "-" -}} -{{- end -}} -{{- end -}} -{{- end -}} - -{{/* -Create chart name and version as used by the chart label. -*/}} -{{- define "stackstate-k8s-agent.chart" -}} -{{- printf "%s-%s" .Chart.Name .Chart.Version | replace "+" "_" | trunc 63 | trimSuffix "-" -}} -{{- end -}} - -{{/* -Common labels -*/}} -{{- define "stackstate-k8s-agent.labels" -}} -app.kubernetes.io/name: {{ include "stackstate-k8s-agent.name" . }} -helm.sh/chart: {{ include "stackstate-k8s-agent.chart" . }} -app.kubernetes.io/instance: {{ .Release.Name }} -{{- if .Chart.AppVersion }} -app.kubernetes.io/version: {{ .Chart.AppVersion | quote }} -{{- end }} -app.kubernetes.io/managed-by: {{ .Release.Service }} -{{- end -}} - -{{/* -Cluster agent checksum annotations -*/}} -{{- define "stackstate-k8s-agent.checksum-configs" }} -checksum/secret: {{ include (print $.Template.BasePath "/secret.yaml") . | sha256sum }} -{{- end }} - -{{/* -StackState URL function -*/}} -{{- define "stackstate-k8s-agent.stackstate.url" -}} -{{ tpl .Values.stackstate.url . | quote }} -{{- end }} - -{{- define "stackstate-k8s-agent.configmap.override.checksum" -}} -{{- if .Values.clusterAgent.config.override }} -checksum/override-configmap: {{ include (print $.Template.BasePath "/cluster-agent-configmap.yaml") . | sha256sum }} -{{- end }} -{{- end }} - -{{- define "stackstate-k8s-agent.nodeAgent.configmap.override.checksum" -}} -{{- if .Values.nodeAgent.config.override }} -checksum/override-configmap: {{ include (print $.Template.BasePath "/node-agent-configmap.yaml") . | sha256sum }} -{{- end }} -{{- end }} - -{{- define "stackstate-k8s-agent.logsAgent.configmap.override.checksum" -}} -checksum/override-configmap: {{ include (print $.Template.BasePath "/logs-agent-configmap.yaml") . | sha256sum }} -{{- end }} - -{{- define "stackstate-k8s-agent.checksAgent.configmap.override.checksum" -}} -{{- if .Values.checksAgent.config.override }} -checksum/override-configmap: {{ include (print $.Template.BasePath "/checks-agent-configmap.yaml") . | sha256sum }} -{{- end }} -{{- end }} - - -{{/* -Return the image registry -*/}} -{{- define "stackstate-k8s-agent.imageRegistry" -}} - {{- if .Values.global }} - {{- .Values.global.imageRegistry | default .Values.all.image.registry -}} - {{- else -}} - {{- .Values.all.image.registry -}} - {{- end -}} -{{- end -}} - -{{/* -Renders a value that contains a template. -Usage: -{{ include "stackstate-k8s-agent.tplvalue.render" ( dict "value" .Values.path.to.the.Value "context" $) }} -*/}} -{{- define "stackstate-k8s-agent.tplvalue.render" -}} - {{- if typeIs "string" .value }} - {{- tpl .value .context }} - {{- else }} - {{- tpl (.value | toYaml) .context }} - {{- end }} -{{- end -}} - -{{- define "stackstate-k8s-agent.pull-secret.name" -}} -{{ include "stackstate-k8s-agent.fullname" . }}-pull-secret -{{- end -}} - -{{/* -Return the proper Docker Image Registry Secret Names evaluating values as templates -{{ include "stackstate-k8s-agent.image.pullSecrets" ( dict "images" (list .Values.path.to.the.image1, .Values.path.to.the.image2) "context" $) }} -*/}} -{{- define "stackstate-k8s-agent.image.pullSecrets" -}} - {{- $pullSecrets := list }} - {{- $context := .context }} - {{- if $context.Values.global }} - {{- range $context.Values.global.imagePullSecrets -}} - {{/* Is plain array of strings, compatible with all bitnami charts */}} - {{- $pullSecrets = append $pullSecrets (include "stackstate-k8s-agent.tplvalue.render" (dict "value" . "context" $context)) -}} - {{- end -}} - {{- end -}} - {{- range $context.Values.imagePullSecrets -}} - {{- $pullSecrets = append $pullSecrets (include "stackstate-k8s-agent.tplvalue.render" (dict "value" .name "context" $context)) -}} - {{- end -}} - {{- range .images -}} - {{- if .pullSecretName -}} - {{- $pullSecrets = append $pullSecrets (include "stackstate-k8s-agent.tplvalue.render" (dict "value" .pullSecretName "context" $context)) -}} - {{- end -}} - {{- end -}} - {{- $pullSecrets = append $pullSecrets (include "stackstate-k8s-agent.pull-secret.name" $context) -}} - {{- if (not (empty $pullSecrets)) -}} -imagePullSecrets: - {{- range $pullSecrets | uniq }} - - name: {{ . }} - {{- end }} - {{- end }} -{{- end -}} - -{{/* -Check whether the kubernetes-state-metrics configuration is overridden. If so, return 'true' else return nothing (which is false). -{{ include "stackstate-k8s-agent.kube-state-metrics.overridden" $ }} -*/}} -{{- define "stackstate-k8s-agent.kube-state-metrics.overridden" -}} -{{- if .Values.clusterAgent.config.override }} - {{- range $i, $val := .Values.clusterAgent.config.override }} - {{- if and (eq $val.name "conf.yaml") (eq $val.path "/etc/stackstate-agent/conf.d/kubernetes_state.d") }} -true - {{- end }} - {{- end }} -{{- end }} -{{- end -}} - -{{- define "stackstate-k8s-agent.nodeAgent.kube-state-metrics.overridden" -}} -{{- if .Values.nodeAgent.config.override }} - {{- range $i, $val := .Values.nodeAgent.config.override }} - {{- if and (eq $val.name "auto_conf.yaml") (eq $val.path "/etc/stackstate-agent/conf.d/kubernetes_state.d") }} -true - {{- end }} - {{- end }} -{{- end }} -{{- end -}} - -{{/* -Return the appropriate os label -*/}} -{{- define "label.os" -}} -{{- if semverCompare "^1.14-0" .Capabilities.KubeVersion.GitVersion -}} -kubernetes.io/os -{{- else -}} -beta.kubernetes.io/os -{{- end -}} -{{- end -}} - -{{/* -Returns a YAML with extra annotations -*/}} -{{- define "stackstate-k8s-agent.global.extraAnnotations" -}} -{{- with .Values.global.extraAnnotations }} -{{- toYaml . }} -{{- end }} -{{- end -}} - -{{/* -Returns a YAML with extra labels -*/}} -{{- define "stackstate-k8s-agent.global.extraLabels" -}} -{{- with .Values.global.extraLabels }} -{{- toYaml . }} -{{- end }} -{{- end -}} - -{{- define "stackstate-k8s-agent.apiKeyEnv" -}} -- name: STS_API_KEY - valueFrom: - secretKeyRef: -{{- if not .Values.stackstate.manageOwnSecrets }} - name: {{ include "stackstate-k8s-agent.fullname" . }} - key: sts-api-key -{{- else }} - name: {{ .Values.stackstate.customSecretName | quote }} - key: {{ .Values.stackstate.customApiKeySecretKey | quote }} -{{- end }} -{{- end -}} - -{{- define "stackstate-k8s-agent.clusterAgentAuthTokenEnv" -}} -- name: STS_CLUSTER_AGENT_AUTH_TOKEN - valueFrom: - secretKeyRef: -{{- if not .Values.stackstate.manageOwnSecrets }} - name: {{ include "stackstate-k8s-agent.fullname" . }} - key: sts-cluster-auth-token -{{- else }} - name: {{ .Values.stackstate.customSecretName | quote }} - key: {{ .Values.stackstate.customClusterAuthTokenSecretKey | quote }} -{{- end }} -{{- end -}} diff --git a/charts/stackstate/stackstate-k8s-agent/1.0.95/templates/checks-agent-clusterrolebinding.yaml b/charts/stackstate/stackstate-k8s-agent/1.0.95/templates/checks-agent-clusterrolebinding.yaml deleted file mode 100644 index 4fd0eadbc..000000000 --- a/charts/stackstate/stackstate-k8s-agent/1.0.95/templates/checks-agent-clusterrolebinding.yaml +++ /dev/null @@ -1,21 +0,0 @@ -{{- if .Values.checksAgent.enabled }} -apiVersion: rbac.authorization.k8s.io/v1 -kind: ClusterRoleBinding -metadata: - name: {{ .Release.Name }}-checks-agent - labels: -{{ include "stackstate-k8s-agent.labels" . | indent 4 }} -{{ include "stackstate-k8s-agent.global.extraLabels" . | indent 4 }} - app.kubernetes.io/component: checks-agent - annotations: -{{ include "stackstate-k8s-agent.global.extraAnnotations" . | indent 4 }} -roleRef: - apiGroup: rbac.authorization.k8s.io - kind: ClusterRole - name: {{ .Release.Name }}-node-agent -subjects: -- apiGroup: "" - kind: ServiceAccount - name: {{ .Release.Name }}-checks-agent - namespace: {{ .Release.Namespace }} -{{- end -}} diff --git a/charts/stackstate/stackstate-k8s-agent/1.0.95/templates/checks-agent-configmap.yaml b/charts/stackstate/stackstate-k8s-agent/1.0.95/templates/checks-agent-configmap.yaml deleted file mode 100644 index 54a1abf2f..000000000 --- a/charts/stackstate/stackstate-k8s-agent/1.0.95/templates/checks-agent-configmap.yaml +++ /dev/null @@ -1,17 +0,0 @@ -{{- if and .Values.checksAgent.enabled .Values.checksAgent.config.override }} -apiVersion: v1 -kind: ConfigMap -metadata: - name: {{ .Release.Name }}-checks-agent - labels: -{{ include "stackstate-k8s-agent.labels" . | indent 4 }} -{{ include "stackstate-k8s-agent.global.extraLabels" . | indent 4 }} - app.kubernetes.io/component: checks-agent - annotations: -{{ include "stackstate-k8s-agent.global.extraAnnotations" . | indent 4 }} -data: -{{- range .Values.checksAgent.config.override }} - {{ .path | replace "/" "_"}}_{{ .name }}: | -{{ .data | indent 4 -}} -{{- end -}} -{{- end -}} diff --git a/charts/stackstate/stackstate-k8s-agent/1.0.95/templates/checks-agent-deployment.yaml b/charts/stackstate/stackstate-k8s-agent/1.0.95/templates/checks-agent-deployment.yaml deleted file mode 100644 index 37a0b1a1d..000000000 --- a/charts/stackstate/stackstate-k8s-agent/1.0.95/templates/checks-agent-deployment.yaml +++ /dev/null @@ -1,185 +0,0 @@ -{{- if .Values.checksAgent.enabled }} -apiVersion: apps/v1 -kind: Deployment -metadata: - name: {{ .Release.Name }}-checks-agent - namespace: {{ .Release.Namespace }} - labels: -{{ include "stackstate-k8s-agent.labels" . | indent 4 }} -{{ include "stackstate-k8s-agent.global.extraLabels" . | indent 4 }} - app.kubernetes.io/component: checks-agent - annotations: -{{ include "stackstate-k8s-agent.global.extraAnnotations" . | indent 4 }} -spec: - selector: - matchLabels: - app.kubernetes.io/component: checks-agent - app.kubernetes.io/instance: {{ .Release.Name }} - app.kubernetes.io/name: {{ include "stackstate-k8s-agent.name" . }} - replicas: {{ .Values.checksAgent.replicas }} -{{- with .Values.checksAgent.strategy }} - strategy: - {{- toYaml . | nindent 4 }} -{{- end }} - template: - metadata: - annotations: - {{- include "stackstate-k8s-agent.checksum-configs" . | nindent 8 }} - {{- include "stackstate-k8s-agent.nodeAgent.configmap.override.checksum" . | nindent 8 }} -{{ include "stackstate-k8s-agent.global.extraAnnotations" . | indent 8 }} - labels: - app.kubernetes.io/component: checks-agent - app.kubernetes.io/instance: {{ .Release.Name }} - app.kubernetes.io/name: {{ include "stackstate-k8s-agent.name" . }} -{{ include "stackstate-k8s-agent.global.extraLabels" . | indent 8 }} - spec: - {{- include "stackstate-k8s-agent.image.pullSecrets" (dict "images" (list .Values.checksAgent.image .Values.all.image) "context" $) | nindent 6 }} - {{- if .Values.all.hardening.enabled}} - terminationGracePeriodSeconds: 240 - {{- end }} - containers: - - name: {{ .Chart.Name }} - image: "{{ include "stackstate-k8s-agent.imageRegistry" . }}/{{ .Values.checksAgent.image.repository }}:{{ .Values.checksAgent.image.tag }}" - imagePullPolicy: "{{ .Values.checksAgent.image.pullPolicy }}" - {{- if .Values.all.hardening.enabled}} - lifecycle: - preStop: - exec: - command: [ "/bin/sh", "-c", "echo 'Giving slim.ai monitor time to submit data...'; sleep 120" ] - {{- end }} - env: - {{ include "stackstate-k8s-agent.apiKeyEnv" . | nindent 10 }} - - name: KUBERNETES_HOSTNAME - valueFrom: - fieldRef: - fieldPath: spec.nodeName - - name: STS_HOSTNAME - value: "$(KUBERNETES_HOSTNAME)-{{ .Values.stackstate.cluster.name}}" - - name: AGENT_VERSION - value: {{ .Values.checksAgent.image.tag | quote }} - - name: LOG_LEVEL - value: {{ .Values.checksAgent.logLevel | quote }} - - name: STS_APM_ENABLED - value: "false" - - name: STS_CLUSTER_AGENT_ENABLED - value: {{ .Values.clusterAgent.enabled | quote }} - {{- if .Values.clusterAgent.enabled }} - - name: STS_CLUSTER_AGENT_KUBERNETES_SERVICE_NAME - value: {{ .Release.Name }}-cluster-agent - {{ include "stackstate-k8s-agent.clusterAgentAuthTokenEnv" . | nindent 10 }} - {{- end }} - - name: STS_CLUSTER_NAME - value: {{ .Values.stackstate.cluster.name | quote }} - - name: STS_SKIP_VALIDATE_CLUSTERNAME - value: "true" - - name: STS_CHECKS_TAG_CARDINALITY - value: {{ .Values.checksAgent.checksTagCardinality | quote }} - - name: STS_EXTRA_CONFIG_PROVIDERS - value: "clusterchecks" - - name: STS_HEALTH_PORT - value: "5555" - - name: STS_LEADER_ELECTION - value: "false" - - name: STS_LOG_LEVEL - value: {{ .Values.checksAgent.logLevel | quote }} - - name: STS_NETWORK_TRACING_ENABLED - value: "false" - - name: STS_PROCESS_AGENT_ENABLED - value: "false" - - name: STS_SKIP_SSL_VALIDATION - value: {{ or .Values.global.skipSslValidation .Values.checksAgent.skipSslValidation | quote }} - - name: STS_STS_URL - value: {{ include "stackstate-k8s-agent.stackstate.url" . }} - {{- if .Values.global.proxy.url }} - - name: STS_PROXY_HTTPS - value: {{ .Values.global.proxy.url | quote }} - - name: STS_PROXY_HTTP - value: {{ .Values.global.proxy.url | quote }} - {{- end }} - {{- range $key, $value := .Values.global.extraEnv.open }} - - name: {{ $key }} - value: {{ $value | quote }} - {{- end }} - {{- range $key, $value := .Values.global.extraEnv.secret }} - - name: {{ $key }} - valueFrom: - secretKeyRef: - name: {{ include "stackstate-k8s-agent.fullname" . }} - key: {{ $key }} - {{- end }} - livenessProbe: - httpGet: - path: /health - port: healthport - failureThreshold: {{ .Values.checksAgent.livenessProbe.failureThreshold }} - initialDelaySeconds: {{ .Values.checksAgent.livenessProbe.initialDelaySeconds }} - periodSeconds: {{ .Values.checksAgent.livenessProbe.periodSeconds }} - successThreshold: {{ .Values.checksAgent.livenessProbe.successThreshold }} - timeoutSeconds: {{ .Values.checksAgent.livenessProbe.timeoutSeconds }} - readinessProbe: - httpGet: - path: /health - port: healthport - failureThreshold: {{ .Values.checksAgent.readinessProbe.failureThreshold }} - initialDelaySeconds: {{ .Values.checksAgent.readinessProbe.initialDelaySeconds }} - periodSeconds: {{ .Values.checksAgent.readinessProbe.periodSeconds }} - successThreshold: {{ .Values.checksAgent.readinessProbe.successThreshold }} - timeoutSeconds: {{ .Values.checksAgent.readinessProbe.timeoutSeconds }} - ports: - - containerPort: 5555 - name: healthport - protocol: TCP - {{- if .Values.all.hardening.enabled}} - securityContext: - privileged: true - runAsUser: 0 # root - capabilities: - add: [ "ALL" ] - readOnlyRootFilesystem: false - {{- else }} - securityContext: - privileged: false - {{- end }} - {{- with .Values.checksAgent.resources }} - resources: - {{- toYaml . | nindent 12 }} - {{- end }} - volumeMounts: - - name: confd-empty-volume - mountPath: /etc/stackstate-agent/conf.d -# setting as readOnly: false because we need the ability to write data on /etc/stackstate-agent/conf.d as we enable checks to run. - readOnly: false - {{- if .Values.checksAgent.config.override }} - {{- range .Values.checksAgent.config.override }} - - name: config-override-volume - mountPath: {{ .path }}/{{ .name }} - subPath: {{ .path | replace "/" "_"}}_{{ .name }} - readOnly: true - {{- end }} - {{- end }} - {{- if .Values.checksAgent.priorityClassName }} - priorityClassName: {{ .Values.checksAgent.priorityClassName }} - {{- end }} - serviceAccountName: {{ .Release.Name }}-checks-agent - nodeSelector: - {{ template "label.os" . }}: {{ .Values.targetSystem }} - {{- with .Values.checksAgent.nodeSelector }} - {{- toYaml . | nindent 8 }} - {{- end }} - {{- with .Values.checksAgent.affinity }} - affinity: - {{- toYaml . | nindent 8 }} - {{- end }} - {{- with .Values.checksAgent.tolerations }} - tolerations: - {{- toYaml . | nindent 8 }} - {{- end }} - volumes: - - name: confd-empty-volume - emptyDir: {} - {{- if .Values.checksAgent.config.override }} - - name: config-override-volume - configMap: - name: {{ .Release.Name }}-checks-agent - {{- end }} -{{- end -}} diff --git a/charts/stackstate/stackstate-k8s-agent/1.0.95/templates/checks-agent-poddisruptionbudget.yaml b/charts/stackstate/stackstate-k8s-agent/1.0.95/templates/checks-agent-poddisruptionbudget.yaml deleted file mode 100644 index 19d3924ea..000000000 --- a/charts/stackstate/stackstate-k8s-agent/1.0.95/templates/checks-agent-poddisruptionbudget.yaml +++ /dev/null @@ -1,23 +0,0 @@ -{{- if .Values.checksAgent.enabled }} -{{- if .Capabilities.APIVersions.Has "policy/v1/PodDisruptionBudget" }} -apiVersion: policy/v1 -{{- else }} -apiVersion: policy/v1beta1 -{{- end }} -kind: PodDisruptionBudget -metadata: - name: {{ .Release.Name }}-checks-agent - labels: -{{ include "stackstate-k8s-agent.labels" . | indent 4 }} -{{ include "stackstate-k8s-agent.global.extraLabels" . | indent 4 }} - app.kubernetes.io/component: checks-agent - annotations: -{{ include "stackstate-k8s-agent.global.extraAnnotations" . | indent 4 }} -spec: - maxUnavailable: 1 - selector: - matchLabels: - app.kubernetes.io/component: checks-agent - app.kubernetes.io/instance: {{ .Release.Name }} - app.kubernetes.io/name: {{ include "stackstate-k8s-agent.name" . }} -{{- end -}} diff --git a/charts/stackstate/stackstate-k8s-agent/1.0.95/templates/checks-agent-serviceaccount.yaml b/charts/stackstate/stackstate-k8s-agent/1.0.95/templates/checks-agent-serviceaccount.yaml deleted file mode 100644 index a90a43589..000000000 --- a/charts/stackstate/stackstate-k8s-agent/1.0.95/templates/checks-agent-serviceaccount.yaml +++ /dev/null @@ -1,16 +0,0 @@ -{{- if .Values.checksAgent.enabled }} -apiVersion: v1 -kind: ServiceAccount -metadata: - name: {{ .Release.Name }}-checks-agent - namespace: {{ .Release.Namespace }} - labels: -{{ include "stackstate-k8s-agent.labels" . | indent 4 }} -{{ include "stackstate-k8s-agent.global.extraLabels" . | indent 4 }} - app.kubernetes.io/component: checks-agent - annotations: -{{ include "stackstate-k8s-agent.global.extraAnnotations" . | indent 4 }} -{{- with .Values.checksAgent.serviceaccount.annotations }} - {{- toYaml . | nindent 4 }} -{{- end }} -{{- end -}} diff --git a/charts/stackstate/stackstate-k8s-agent/1.0.95/templates/cluster-agent-clusterrole.yaml b/charts/stackstate/stackstate-k8s-agent/1.0.95/templates/cluster-agent-clusterrole.yaml deleted file mode 100644 index 021a43ebd..000000000 --- a/charts/stackstate/stackstate-k8s-agent/1.0.95/templates/cluster-agent-clusterrole.yaml +++ /dev/null @@ -1,152 +0,0 @@ -{{- $kubeRes := .Values.clusterAgent.collection.kubernetesResources }} -apiVersion: rbac.authorization.k8s.io/v1 -kind: ClusterRole -metadata: - name: {{ include "stackstate-k8s-agent.fullname" . }} - labels: -{{ include "stackstate-k8s-agent.labels" . | indent 4 }} -{{ include "stackstate-k8s-agent.global.extraLabels" . | indent 4 }} - app.kubernetes.io/component: cluster-agent - annotations: -{{ include "stackstate-k8s-agent.global.extraAnnotations" . | indent 4 }} -rules: -- apiGroups: - - "" - resources: - - events - - nodes - - pods - - services - {{- if $kubeRes.namespaces }} - - namespaces - {{- end }} - {{- if .Values.clusterAgent.collection.kubernetesMetrics }} - - componentstatuses - {{- end }} - {{- if $kubeRes.configmaps }} - - configmaps - {{- end }} - {{- if $kubeRes.endpoints }} - - endpoints - {{- end }} - {{- if $kubeRes.persistentvolumeclaims }} - - persistentvolumeclaims - {{- end }} - {{- if $kubeRes.persistentvolumes }} - - persistentvolumes - {{- end }} - {{- if $kubeRes.secrets }} - - secrets - {{- end }} - {{- if $kubeRes.resourcequotas }} - - resourcequotas - {{- end }} - verbs: - - get - - list - - watch -{{- if or $kubeRes.daemonsets $kubeRes.deployments $kubeRes.replicasets $kubeRes.statefulsets }} -- apiGroups: - - "apps" - resources: - {{- if $kubeRes.daemonsets }} - - daemonsets - {{- end }} - {{- if $kubeRes.deployments }} - - deployments - {{- end }} - {{- if $kubeRes.replicasets }} - - replicasets - {{- end }} - {{- if $kubeRes.statefulsets }} - - statefulsets - {{- end }} - verbs: - - get - - list - - watch -{{- end}} -{{- if $kubeRes.ingresses }} -- apiGroups: - - "extensions" - - "networking.k8s.io" - resources: - - ingresses - verbs: - - get - - list - - watch -{{- end}} -{{- if or $kubeRes.cronjobs $kubeRes.jobs }} -- apiGroups: - - "batch" - resources: - {{- if $kubeRes.cronjobs }} - - cronjobs - {{- end }} - {{- if $kubeRes.jobs }} - - jobs - {{- end }} - verbs: - - get - - list - - watch -{{- end}} -- nonResourceURLs: - - "/healthz" - - "/version" - verbs: - - get -- apiGroups: - - "storage.k8s.io" - resources: - {{- if $kubeRes.volumeattachments }} - - volumeattachments - {{- end }} - {{- if $kubeRes.storageclasses }} - - storageclasses - {{- end }} - verbs: - - get - - list - - watch -- apiGroups: - - "policy" - resources: - {{- if $kubeRes.poddisruptionbudgets }} - - poddisruptionbudgets - {{- end }} - verbs: - - get - - list - - watch -- apiGroups: - - "" - resources: - {{- if $kubeRes.replicationcontrollers }} - - replicationcontrollers - {{- end }} - verbs: - - get - - list - - watch -- apiGroups: - - "autoscaling" - resources: - {{- if $kubeRes.horizontalpodautoscalers }} - - horizontalpodautoscalers - {{- end }} - verbs: - - get - - list - - watch -- apiGroups: - - "" - resources: - {{- if $kubeRes.limitranges }} - - limitranges - {{- end }} - verbs: - - get - - list - - watch diff --git a/charts/stackstate/stackstate-k8s-agent/1.0.95/templates/cluster-agent-clusterrolebinding.yaml b/charts/stackstate/stackstate-k8s-agent/1.0.95/templates/cluster-agent-clusterrolebinding.yaml deleted file mode 100644 index 207613dd9..000000000 --- a/charts/stackstate/stackstate-k8s-agent/1.0.95/templates/cluster-agent-clusterrolebinding.yaml +++ /dev/null @@ -1,19 +0,0 @@ -apiVersion: rbac.authorization.k8s.io/v1 -kind: ClusterRoleBinding -metadata: - name: {{ include "stackstate-k8s-agent.fullname" . }} - labels: -{{ include "stackstate-k8s-agent.labels" . | indent 4 }} -{{ include "stackstate-k8s-agent.global.extraLabels" . | indent 4 }} - app.kubernetes.io/component: cluster-agent - annotations: -{{ include "stackstate-k8s-agent.global.extraAnnotations" . | indent 4 }} -roleRef: - apiGroup: rbac.authorization.k8s.io - kind: ClusterRole - name: {{ include "stackstate-k8s-agent.fullname" . }} -subjects: -- apiGroup: "" - kind: ServiceAccount - name: {{ include "stackstate-k8s-agent.fullname" . }} - namespace: {{ .Release.Namespace }} diff --git a/charts/stackstate/stackstate-k8s-agent/1.0.95/templates/cluster-agent-configmap.yaml b/charts/stackstate/stackstate-k8s-agent/1.0.95/templates/cluster-agent-configmap.yaml deleted file mode 100644 index 37d10217f..000000000 --- a/charts/stackstate/stackstate-k8s-agent/1.0.95/templates/cluster-agent-configmap.yaml +++ /dev/null @@ -1,31 +0,0 @@ -apiVersion: v1 -kind: ConfigMap -metadata: - name: {{ .Release.Name }}-cluster-agent - labels: -{{ include "stackstate-k8s-agent.labels" . | indent 4 }} -{{ include "stackstate-k8s-agent.global.extraLabels" . | indent 4 }} - app.kubernetes.io/component: cluster-agent - annotations: -{{ include "stackstate-k8s-agent.global.extraAnnotations" . | indent 4 }} -data: - kubernetes_api_events_conf: | - init_config: - instances: - - collect_events: {{ .Values.clusterAgent.collection.kubernetesEvents }} - event_categories:{{ .Values.clusterAgent.config.events.categories | toYaml | nindent 10 }} - kubernetes_api_topology_conf: | - init_config: - instances: - - collection_interval: {{ .Values.clusterAgent.config.topology.collectionInterval }} - resources:{{ .Values.clusterAgent.collection.kubernetesResources | toYaml | nindent 10 }} - {{- if .Values.clusterAgent.collection.kubeStateMetrics.enabled }} - kube_state_metrics_core_conf: | - {{- include "cluster-agent-kube-state-metrics" . | nindent 6 }} - {{- end }} -{{- if .Values.clusterAgent.config.override }} -{{- range .Values.clusterAgent.config.override }} - {{ .path | replace "/" "_"}}_{{ .name }}: | -{{ .data | indent 4 -}} -{{- end -}} -{{- end -}} diff --git a/charts/stackstate/stackstate-k8s-agent/1.0.95/templates/cluster-agent-deployment.yaml b/charts/stackstate/stackstate-k8s-agent/1.0.95/templates/cluster-agent-deployment.yaml deleted file mode 100644 index 51025a670..000000000 --- a/charts/stackstate/stackstate-k8s-agent/1.0.95/templates/cluster-agent-deployment.yaml +++ /dev/null @@ -1,169 +0,0 @@ -apiVersion: apps/v1 -kind: Deployment -metadata: - name: {{ .Release.Name }}-cluster-agent - labels: -{{ include "stackstate-k8s-agent.labels" . | indent 4 }} -{{ include "stackstate-k8s-agent.global.extraLabels" . | indent 4 }} - app.kubernetes.io/component: cluster-agent - annotations: -{{ include "stackstate-k8s-agent.global.extraAnnotations" . | indent 4 }} -spec: - replicas: {{ .Values.clusterAgent.replicaCount }} - selector: - matchLabels: - app.kubernetes.io/component: cluster-agent - app.kubernetes.io/instance: {{ .Release.Name }} - app.kubernetes.io/name: {{ include "stackstate-k8s-agent.name" . }} -{{- with .Values.clusterAgent.strategy }} - strategy: - {{- toYaml . | nindent 4 }} -{{- end }} - template: - metadata: - annotations: - {{- include "stackstate-k8s-agent.checksum-configs" . | nindent 8 }} - {{- include "stackstate-k8s-agent.configmap.override.checksum" . | nindent 8 }} -{{ include "stackstate-k8s-agent.global.extraAnnotations" . | indent 8 }} - labels: - app.kubernetes.io/component: cluster-agent - app.kubernetes.io/instance: {{ .Release.Name }} - app.kubernetes.io/name: {{ include "stackstate-k8s-agent.name" . }} -{{ include "stackstate-k8s-agent.global.extraLabels" . | indent 8 }} - spec: - {{- include "stackstate-k8s-agent.image.pullSecrets" (dict "images" (list .Values.clusterAgent.image .Values.all.image) "context" $) | nindent 6 }} - {{- if .Values.clusterAgent.priorityClassName }} - priorityClassName: {{ .Values.clusterAgent.priorityClassName }} - {{- end }} - serviceAccountName: {{ include "stackstate-k8s-agent.fullname" . }} - {{- if .Values.all.hardening.enabled}} - terminationGracePeriodSeconds: 240 - {{- end }} - containers: - - name: cluster-agent - image: "{{ include "stackstate-k8s-agent.imageRegistry" . }}/{{ .Values.clusterAgent.image.repository }}:{{ .Values.clusterAgent.image.tag }}" - imagePullPolicy: "{{ .Values.clusterAgent.image.pullPolicy }}" - {{- if .Values.all.hardening.enabled}} - lifecycle: - preStop: - exec: - command: [ "/bin/sh", "-c", "echo 'Giving slim.ai monitor time to submit data...'; sleep 120" ] - {{- end }} - env: - {{ include "stackstate-k8s-agent.apiKeyEnv" . | nindent 10 }} - {{ include "stackstate-k8s-agent.clusterAgentAuthTokenEnv" . | nindent 10 }} - - name: KUBERNETES_HOSTNAME - valueFrom: - fieldRef: - fieldPath: spec.nodeName - - name: STS_HOSTNAME - value: "$(KUBERNETES_HOSTNAME)-{{ .Values.stackstate.cluster.name}}" - - name: LOG_LEVEL - value: {{ .Values.clusterAgent.logLevel | quote }} - {{- if .Values.checksAgent.enabled }} - - name: STS_CLUSTER_CHECKS_ENABLED - value: "true" - - name: STS_EXTRA_CONFIG_PROVIDERS - value: "kube_endpoints kube_services" - - name: STS_EXTRA_LISTENERS - value: "kube_endpoints kube_services" - {{- end }} - - name: STS_CLUSTER_NAME - value: {{.Values.stackstate.cluster.name | quote }} - - name: STS_SKIP_VALIDATE_CLUSTERNAME - value: "true" - - name: STS_SKIP_SSL_VALIDATION - value: {{ or .Values.global.skipSslValidation .Values.clusterAgent.skipSslValidation | quote }} - - name: STS_COLLECT_KUBERNETES_METRICS - value: {{ .Values.clusterAgent.collection.kubernetesMetrics | quote }} - - name: STS_COLLECT_KUBERNETES_TIMEOUT - value: {{ .Values.clusterAgent.collection.kubernetesTimeout | quote }} - - name: STS_COLLECT_KUBERNETES_TOPOLOGY - value: {{ .Values.clusterAgent.collection.kubernetesTopology | quote }} - - name: STS_LEADER_ELECTION - value: "true" - - name: STS_LOG_LEVEL - value: {{ .Values.clusterAgent.logLevel | quote }} - - name: STS_CLUSTER_AGENT_CMD_PORT - value: {{ .Values.clusterAgent.service.targetPort | quote }} - - name: STS_STS_URL - value: {{ include "stackstate-k8s-agent.stackstate.url" . }} - {{- if .Values.clusterAgent.config.configMap.maxDataSize }} - - name: STS_CONFIGMAP_MAX_DATASIZE - value: {{ .Values.clusterAgent.config.configMap.maxDataSize | quote }} - {{- end}} - {{- if .Values.global.proxy.url }} - - name: STS_PROXY_HTTPS - value: {{ .Values.global.proxy.url | quote }} - - name: STS_PROXY_HTTP - value: {{ .Values.global.proxy.url | quote }} - {{- end }} - {{- range $key, $value := .Values.global.extraEnv.open }} - - name: {{ $key }} - value: {{ $value | quote }} - {{- end }} - {{- range $key, $value := .Values.global.extraEnv.secret }} - - name: {{ $key }} - valueFrom: - secretKeyRef: - name: {{ include "stackstate-k8s-agent.fullname" . }} - key: {{ $key }} - {{- end }} - {{- if .Values.all.hardening.enabled}} - securityContext: - privileged: true - runAsUser: 0 # root - capabilities: - add: [ "ALL" ] - readOnlyRootFilesystem: false - {{- else }} - securityContext: - privileged: false - {{- end }} - {{- with .Values.clusterAgent.resources }} - resources: - {{- toYaml . | nindent 12 }} - {{- end }} - volumeMounts: - - name: logs - mountPath: /var/log/stackstate-agent - - name: config-override-volume - mountPath: /etc/stackstate-agent/conf.d/kubernetes_api_events.d/conf.yaml - subPath: kubernetes_api_events_conf - - name: config-override-volume - mountPath: /etc/stackstate-agent/conf.d/kubernetes_api_topology.d/conf.yaml - subPath: kubernetes_api_topology_conf - readOnly: true - {{- if .Values.clusterAgent.collection.kubeStateMetrics.enabled }} - - name: config-override-volume - mountPath: /etc/stackstate-agent/conf.d/kubernetes_state_core.d/conf.yaml - subPath: kube_state_metrics_core_conf - readOnly: true - {{- end }} - {{- if .Values.clusterAgent.config.override }} - {{- range .Values.clusterAgent.config.override }} - - name: config-override-volume - mountPath: {{ .path }}/{{ .name }} - subPath: {{ .path | replace "/" "_"}}_{{ .name }} - readOnly: true - {{- end }} - {{- end }} - nodeSelector: - {{ template "label.os" . }}: {{ .Values.targetSystem }} - {{- with .Values.clusterAgent.nodeSelector }} - {{- toYaml . | nindent 8 }} - {{- end }} - {{- with .Values.clusterAgent.affinity }} - affinity: - {{- toYaml . | nindent 8 }} - {{- end }} - {{- with .Values.clusterAgent.tolerations }} - tolerations: - {{- toYaml . | nindent 8 }} - {{- end }} - volumes: - - name: logs - emptyDir: {} - - name: config-override-volume - configMap: - name: {{ .Release.Name }}-cluster-agent diff --git a/charts/stackstate/stackstate-k8s-agent/1.0.95/templates/cluster-agent-poddisruptionbudget.yaml b/charts/stackstate/stackstate-k8s-agent/1.0.95/templates/cluster-agent-poddisruptionbudget.yaml deleted file mode 100644 index 64a265b7d..000000000 --- a/charts/stackstate/stackstate-k8s-agent/1.0.95/templates/cluster-agent-poddisruptionbudget.yaml +++ /dev/null @@ -1,21 +0,0 @@ -{{- if .Capabilities.APIVersions.Has "policy/v1/PodDisruptionBudget" }} -apiVersion: policy/v1 -{{- else }} -apiVersion: policy/v1beta1 -{{- end }} -kind: PodDisruptionBudget -metadata: - name: {{ include "stackstate-k8s-agent.fullname" . }} - labels: -{{ include "stackstate-k8s-agent.labels" . | indent 4 }} -{{ include "stackstate-k8s-agent.global.extraLabels" . | indent 4 }} - app.kubernetes.io/component: cluster-agent - annotations: -{{ include "stackstate-k8s-agent.global.extraAnnotations" . | indent 4 }} -spec: - maxUnavailable: 1 - selector: - matchLabels: - app.kubernetes.io/component: cluster-agent - app.kubernetes.io/instance: {{ .Release.Name }} - app.kubernetes.io/name: {{ include "stackstate-k8s-agent.name" . }} diff --git a/charts/stackstate/stackstate-k8s-agent/1.0.95/templates/cluster-agent-role.yaml b/charts/stackstate/stackstate-k8s-agent/1.0.95/templates/cluster-agent-role.yaml deleted file mode 100644 index eabc5bde3..000000000 --- a/charts/stackstate/stackstate-k8s-agent/1.0.95/templates/cluster-agent-role.yaml +++ /dev/null @@ -1,21 +0,0 @@ -{{- $kubeRes := .Values.clusterAgent.collection.kubernetesResources }} -apiVersion: rbac.authorization.k8s.io/v1 -kind: Role -metadata: - name: {{ include "stackstate-k8s-agent.fullname" . }} - labels: -{{ include "stackstate-k8s-agent.labels" . | indent 4 }} -{{ include "stackstate-k8s-agent.global.extraLabels" . | indent 4 }} - app.kubernetes.io/component: cluster-agent - annotations: -{{ include "stackstate-k8s-agent.global.extraAnnotations" . | indent 4 }} -rules: -- apiGroups: - - "" - resources: - - configmaps - verbs: - - create - - get - - patch - - update diff --git a/charts/stackstate/stackstate-k8s-agent/1.0.95/templates/cluster-agent-rolebinding.yaml b/charts/stackstate/stackstate-k8s-agent/1.0.95/templates/cluster-agent-rolebinding.yaml deleted file mode 100644 index adabad45e..000000000 --- a/charts/stackstate/stackstate-k8s-agent/1.0.95/templates/cluster-agent-rolebinding.yaml +++ /dev/null @@ -1,18 +0,0 @@ -apiVersion: rbac.authorization.k8s.io/v1 -kind: RoleBinding -metadata: - name: {{ include "stackstate-k8s-agent.fullname" . }} - labels: -{{ include "stackstate-k8s-agent.labels" . | indent 4 }} -{{ include "stackstate-k8s-agent.global.extraLabels" . | indent 4 }} - app.kubernetes.io/component: cluster-agent - annotations: -{{ include "stackstate-k8s-agent.global.extraAnnotations" . | indent 4 }} -roleRef: - apiGroup: rbac.authorization.k8s.io - kind: Role - name: {{ include "stackstate-k8s-agent.fullname" . }} -subjects: -- apiGroup: "" - kind: ServiceAccount - name: {{ include "stackstate-k8s-agent.fullname" . }} diff --git a/charts/stackstate/stackstate-k8s-agent/1.0.95/templates/cluster-agent-service.yaml b/charts/stackstate/stackstate-k8s-agent/1.0.95/templates/cluster-agent-service.yaml deleted file mode 100644 index 8b687e8f7..000000000 --- a/charts/stackstate/stackstate-k8s-agent/1.0.95/templates/cluster-agent-service.yaml +++ /dev/null @@ -1,21 +0,0 @@ -apiVersion: v1 -kind: Service -metadata: - name: {{ .Release.Name }}-cluster-agent - namespace: {{ .Release.Namespace }} - labels: -{{ include "stackstate-k8s-agent.labels" . | indent 4 }} -{{ include "stackstate-k8s-agent.global.extraLabels" . | indent 4 }} - app.kubernetes.io/component: cluster-agent - annotations: -{{ include "stackstate-k8s-agent.global.extraAnnotations" . | indent 4 }} -spec: - ports: - - name: clusteragent - port: {{int .Values.clusterAgent.service.port }} - protocol: TCP - targetPort: {{int .Values.clusterAgent.service.targetPort }} - selector: - app.kubernetes.io/component: cluster-agent - app.kubernetes.io/instance: {{ .Release.Name }} - app.kubernetes.io/name: {{ include "stackstate-k8s-agent.name" . }} diff --git a/charts/stackstate/stackstate-k8s-agent/1.0.95/templates/cluster-agent-serviceaccount.yaml b/charts/stackstate/stackstate-k8s-agent/1.0.95/templates/cluster-agent-serviceaccount.yaml deleted file mode 100644 index 6cbc89699..000000000 --- a/charts/stackstate/stackstate-k8s-agent/1.0.95/templates/cluster-agent-serviceaccount.yaml +++ /dev/null @@ -1,14 +0,0 @@ -apiVersion: v1 -kind: ServiceAccount -metadata: - name: {{ include "stackstate-k8s-agent.fullname" . }} - namespace: {{ .Release.Namespace }} - labels: -{{ include "stackstate-k8s-agent.labels" . | indent 4 }} -{{ include "stackstate-k8s-agent.global.extraLabels" . | indent 4 }} - app.kubernetes.io/component: cluster-agent - annotations: -{{ include "stackstate-k8s-agent.global.extraAnnotations" . | indent 4 }} -{{- with .Values.clusterAgent.serviceaccount.annotations }} - {{- toYaml . | nindent 4 }} -{{- end }} diff --git a/charts/stackstate/stackstate-k8s-agent/1.0.95/templates/logs-agent-clusterrole.yaml b/charts/stackstate/stackstate-k8s-agent/1.0.95/templates/logs-agent-clusterrole.yaml deleted file mode 100644 index da6cd59dd..000000000 --- a/charts/stackstate/stackstate-k8s-agent/1.0.95/templates/logs-agent-clusterrole.yaml +++ /dev/null @@ -1,23 +0,0 @@ -{{- if .Values.logsAgent.enabled }} -apiVersion: rbac.authorization.k8s.io/v1 -kind: ClusterRole -metadata: - name: {{ .Release.Name }}-logs-agent - labels: -{{ include "stackstate-k8s-agent.labels" . | indent 4 }} -{{ include "stackstate-k8s-agent.global.extraLabels" . | indent 4 }} - app.kubernetes.io/component: logs-agent - annotations: -{{ include "stackstate-k8s-agent.global.extraAnnotations" . | indent 4 }} -rules: -- apiGroups: # Kubelet connectivity - - "" - resources: - - nodes - - services - - pods - verbs: - - get - - watch - - list -{{- end -}} diff --git a/charts/stackstate/stackstate-k8s-agent/1.0.95/templates/logs-agent-clusterrolebinding.yaml b/charts/stackstate/stackstate-k8s-agent/1.0.95/templates/logs-agent-clusterrolebinding.yaml deleted file mode 100644 index 1f6e7cfcf..000000000 --- a/charts/stackstate/stackstate-k8s-agent/1.0.95/templates/logs-agent-clusterrolebinding.yaml +++ /dev/null @@ -1,21 +0,0 @@ -{{- if .Values.logsAgent.enabled }} -apiVersion: rbac.authorization.k8s.io/v1 -kind: ClusterRoleBinding -metadata: - name: {{ .Release.Name }}-logs-agent - labels: -{{ include "stackstate-k8s-agent.labels" . | indent 4 }} -{{ include "stackstate-k8s-agent.global.extraLabels" . | indent 4 }} - app.kubernetes.io/component: logs-agent - annotations: -{{ include "stackstate-k8s-agent.global.extraAnnotations" . | indent 4 }} -roleRef: - apiGroup: rbac.authorization.k8s.io - kind: ClusterRole - name: {{ .Release.Name }}-logs-agent -subjects: -- apiGroup: "" - kind: ServiceAccount - name: {{ .Release.Name }}-logs-agent - namespace: {{ .Release.Namespace }} -{{- end -}} diff --git a/charts/stackstate/stackstate-k8s-agent/1.0.95/templates/logs-agent-configmap.yaml b/charts/stackstate/stackstate-k8s-agent/1.0.95/templates/logs-agent-configmap.yaml deleted file mode 100644 index ff9440a4b..000000000 --- a/charts/stackstate/stackstate-k8s-agent/1.0.95/templates/logs-agent-configmap.yaml +++ /dev/null @@ -1,63 +0,0 @@ -{{- if .Values.logsAgent.enabled }} -apiVersion: v1 -kind: ConfigMap -metadata: - name: {{ .Release.Name }}-logs-agent - labels: -{{ include "stackstate-k8s-agent.labels" . | indent 4 }} -{{ include "stackstate-k8s-agent.global.extraLabels" . | indent 4 }} - app.kubernetes.io/component: logs-agent - annotations: -{{ include "stackstate-k8s-agent.global.extraAnnotations" . | indent 4 }} -data: - promtail.yaml: | - server: - http_listen_port: 9080 - grpc_listen_port: 0 - - clients: - - url: {{ tpl .Values.stackstate.url . }}/logs/k8s?api_key=${STS_API_KEY} - external_labels: - sts_cluster_name: {{ .Values.stackstate.cluster.name | quote }} - {{- if .Values.global.proxy.url }} - proxy_url: {{ .Values.global.proxy.url | quote }} - {{- end }} - tls_config: - insecure_skip_verify: {{ or .Values.global.skipSslValidation .Values.logsAgent.skipSslValidation }} - - - positions: - filename: /tmp/positions.yaml - target_config: - sync_period: 10s - scrape_configs: - - job_name: pod-logs - kubernetes_sd_configs: - - role: pod - pipeline_stages: - - docker: {} - - cri: {} - relabel_configs: - - action: replace - source_labels: - - __meta_kubernetes_pod_name - target_label: pod_name - - action: replace - source_labels: - - __meta_kubernetes_pod_uid - target_label: pod_uid - - action: replace - source_labels: - - __meta_kubernetes_pod_container_name - target_label: container_name - # The __path__ is required by the promtail client - - replacement: /var/log/pods/*$1/*.log - separator: / - source_labels: - - __meta_kubernetes_pod_uid - - __meta_kubernetes_pod_container_name - target_label: __path__ - # Drop all remaining labels, we do not need those - - action: drop - regex: __meta_(.*) -{{- end -}} diff --git a/charts/stackstate/stackstate-k8s-agent/1.0.95/templates/logs-agent-daemonset.yaml b/charts/stackstate/stackstate-k8s-agent/1.0.95/templates/logs-agent-daemonset.yaml deleted file mode 100644 index 23cfce31f..000000000 --- a/charts/stackstate/stackstate-k8s-agent/1.0.95/templates/logs-agent-daemonset.yaml +++ /dev/null @@ -1,91 +0,0 @@ -{{- if .Values.logsAgent.enabled }} -apiVersion: apps/v1 -kind: DaemonSet -metadata: - name: {{ .Release.Name }}-logs-agent - namespace: {{ .Release.Namespace }} - labels: -{{ include "stackstate-k8s-agent.labels" . | indent 4 }} -{{ include "stackstate-k8s-agent.global.extraLabels" . | indent 4 }} - app.kubernetes.io/component: logs-agent - annotations: -{{ include "stackstate-k8s-agent.global.extraAnnotations" . | indent 4 }} -spec: - selector: - matchLabels: - app.kubernetes.io/component: logs-agent - app.kubernetes.io/instance: {{ .Release.Name }} - app.kubernetes.io/name: {{ include "stackstate-k8s-agent.name" . }} -{{- with .Values.logsAgent.updateStrategy }} - updateStrategy: - {{- toYaml . | nindent 4 }} -{{- end }} - template: - metadata: - annotations: - {{- include "stackstate-k8s-agent.checksum-configs" . | nindent 8 }} - {{- include "stackstate-k8s-agent.logsAgent.configmap.override.checksum" . | nindent 8 }} -{{ include "stackstate-k8s-agent.global.extraAnnotations" . | indent 8 }} - labels: - app.kubernetes.io/component: logs-agent - app.kubernetes.io/instance: {{ .Release.Name }} - app.kubernetes.io/name: {{ include "stackstate-k8s-agent.name" . }} -{{ include "stackstate-k8s-agent.global.extraLabels" . | indent 8 }} - spec: - {{- include "stackstate-k8s-agent.image.pullSecrets" (dict "images" (list .Values.logsAgent.image .Values.all.image) "context" $) | nindent 6 }} - containers: - - name: logs-agent - image: "{{ include "stackstate-k8s-agent.imageRegistry" . }}/{{ .Values.logsAgent.image.repository }}:{{ .Values.logsAgent.image.tag }}" - args: - - -config.expand-env=true - - -config.file=/etc/promtail/promtail.yaml - imagePullPolicy: "{{ .Values.logsAgent.image.pullPolicy }}" - env: - {{ include "stackstate-k8s-agent.apiKeyEnv" . | nindent 10 }} - - name: "HOSTNAME" # needed when using kubernetes_sd_configs - valueFrom: - fieldRef: - fieldPath: "spec.nodeName" - securityContext: - privileged: false - {{- with .Values.logsAgent.resources }} - resources: - {{- toYaml . | nindent 12 }} - {{- end }} - volumeMounts: - - name: logs - mountPath: /var/log - readOnly: true - - name: logs-agent-config - mountPath: /etc/promtail - readOnly: true - - name: varlibdockercontainers - mountPath: /var/lib/docker/containers - readOnly: true - {{- if .Values.logsAgent.priorityClassName }} - priorityClassName: {{ .Values.logsAgent.priorityClassName }} - {{- end }} - serviceAccountName: {{ .Release.Name }}-logs-agent - {{- with .Values.logsAgent.nodeSelector }} - nodeSelector: - {{- toYaml . | nindent 8 }} - {{- end }} - {{- with .Values.logsAgent.affinity }} - affinity: - {{- toYaml . | nindent 8 }} - {{- end }} - {{- with .Values.logsAgent.tolerations }} - tolerations: - {{- toYaml . | nindent 8 }} - {{- end }} - volumes: - - name: logs - hostPath: - path: /var/log - - name: varlibdockercontainers - hostPath: - path: /var/lib/docker/containers - - name: logs-agent-config - configMap: - name: {{ .Release.Name }}-logs-agent -{{- end -}} diff --git a/charts/stackstate/stackstate-k8s-agent/1.0.95/templates/logs-agent-serviceaccount.yaml b/charts/stackstate/stackstate-k8s-agent/1.0.95/templates/logs-agent-serviceaccount.yaml deleted file mode 100644 index 91cfdb137..000000000 --- a/charts/stackstate/stackstate-k8s-agent/1.0.95/templates/logs-agent-serviceaccount.yaml +++ /dev/null @@ -1,16 +0,0 @@ -{{- if .Values.logsAgent.enabled }} -apiVersion: v1 -kind: ServiceAccount -metadata: - name: {{ .Release.Name }}-logs-agent - namespace: {{ .Release.Namespace }} - labels: -{{ include "stackstate-k8s-agent.labels" . | indent 4 }} -{{ include "stackstate-k8s-agent.global.extraLabels" . | indent 4 }} - app.kubernetes.io/component: logs-agent - annotations: -{{ include "stackstate-k8s-agent.global.extraAnnotations" . | indent 4 }} -{{- with .Values.logsAgent.serviceaccount.annotations }} - {{- toYaml . | nindent 4 }} -{{- end }} -{{- end -}} diff --git a/charts/stackstate/stackstate-k8s-agent/1.0.95/templates/node-agent-clusterrole.yaml b/charts/stackstate/stackstate-k8s-agent/1.0.95/templates/node-agent-clusterrole.yaml deleted file mode 100644 index 1ded16cc2..000000000 --- a/charts/stackstate/stackstate-k8s-agent/1.0.95/templates/node-agent-clusterrole.yaml +++ /dev/null @@ -1,21 +0,0 @@ -apiVersion: rbac.authorization.k8s.io/v1 -kind: ClusterRole -metadata: - name: {{ .Release.Name }}-node-agent - labels: -{{ include "stackstate-k8s-agent.labels" . | indent 4 }} -{{ include "stackstate-k8s-agent.global.extraLabels" . | indent 4 }} - app.kubernetes.io/component: node-agent - annotations: -{{ include "stackstate-k8s-agent.global.extraAnnotations" . | indent 4 }} -rules: -- apiGroups: # Kubelet connectivity - - "" - resources: - - nodes/metrics - - nodes/proxy - - nodes/spec - - endpoints - verbs: - - get - - list diff --git a/charts/stackstate/stackstate-k8s-agent/1.0.95/templates/node-agent-clusterrolebinding.yaml b/charts/stackstate/stackstate-k8s-agent/1.0.95/templates/node-agent-clusterrolebinding.yaml deleted file mode 100644 index b3f033ebb..000000000 --- a/charts/stackstate/stackstate-k8s-agent/1.0.95/templates/node-agent-clusterrolebinding.yaml +++ /dev/null @@ -1,19 +0,0 @@ -apiVersion: rbac.authorization.k8s.io/v1 -kind: ClusterRoleBinding -metadata: - name: {{ .Release.Name }}-node-agent - labels: -{{ include "stackstate-k8s-agent.labels" . | indent 4 }} -{{ include "stackstate-k8s-agent.global.extraLabels" . | indent 4 }} - app.kubernetes.io/component: node-agent - annotations: -{{ include "stackstate-k8s-agent.global.extraAnnotations" . | indent 4 }} -roleRef: - apiGroup: rbac.authorization.k8s.io - kind: ClusterRole - name: {{ .Release.Name }}-node-agent -subjects: -- apiGroup: "" - kind: ServiceAccount - name: {{ .Release.Name }}-node-agent - namespace: {{ .Release.Namespace }} diff --git a/charts/stackstate/stackstate-k8s-agent/1.0.95/templates/node-agent-configmap.yaml b/charts/stackstate/stackstate-k8s-agent/1.0.95/templates/node-agent-configmap.yaml deleted file mode 100644 index 8f6b2ed3a..000000000 --- a/charts/stackstate/stackstate-k8s-agent/1.0.95/templates/node-agent-configmap.yaml +++ /dev/null @@ -1,17 +0,0 @@ -{{- if .Values.nodeAgent.config.override }} -apiVersion: v1 -kind: ConfigMap -metadata: - name: {{ .Release.Name }}-node-agent - labels: -{{ include "stackstate-k8s-agent.labels" . | indent 4 }} -{{ include "stackstate-k8s-agent.global.extraLabels" . | indent 4 }} - app.kubernetes.io/component: node-agent - annotations: -{{ include "stackstate-k8s-agent.global.extraAnnotations" . | indent 4 }} -data: -{{- range .Values.nodeAgent.config.override }} - {{ .path | replace "/" "_"}}_{{ .name }}: | -{{ .data | indent 4 -}} -{{- end -}} -{{- end -}} diff --git a/charts/stackstate/stackstate-k8s-agent/1.0.95/templates/node-agent-daemonset.yaml b/charts/stackstate/stackstate-k8s-agent/1.0.95/templates/node-agent-daemonset.yaml deleted file mode 100644 index 4c8dbdd5a..000000000 --- a/charts/stackstate/stackstate-k8s-agent/1.0.95/templates/node-agent-daemonset.yaml +++ /dev/null @@ -1,110 +0,0 @@ ---- -apiVersion: apps/v1 -kind: DaemonSet -metadata: - name: {{ .Release.Name }}-node-agent - namespace: {{ .Release.Namespace }} - labels: -{{ include "stackstate-k8s-agent.labels" . | indent 4 }} -{{ include "stackstate-k8s-agent.global.extraLabels" . | indent 4 }} - app.kubernetes.io/component: node-agent - annotations: -{{ include "stackstate-k8s-agent.global.extraAnnotations" . | indent 4 }} -spec: - selector: - matchLabels: - app.kubernetes.io/component: node-agent - app.kubernetes.io/instance: {{ .Release.Name }} - app.kubernetes.io/name: {{ include "stackstate-k8s-agent.name" . }} -{{- with .Values.nodeAgent.updateStrategy }} - updateStrategy: - {{- toYaml . | nindent 4 }} -{{- end }} - template: - metadata: - annotations: - {{- include "stackstate-k8s-agent.checksum-configs" . | nindent 8 }} - {{- include "stackstate-k8s-agent.nodeAgent.configmap.override.checksum" . | nindent 8 }} -{{ include "stackstate-k8s-agent.global.extraAnnotations" . | indent 8 }} - labels: - app.kubernetes.io/component: node-agent - app.kubernetes.io/instance: {{ .Release.Name }} - app.kubernetes.io/name: {{ include "stackstate-k8s-agent.name" . }} -{{ include "stackstate-k8s-agent.global.extraLabels" . | indent 8 }} - spec: - {{- include "stackstate-k8s-agent.image.pullSecrets" (dict "images" (list .Values.nodeAgent.containers.agent.image .Values.all.image) "context" $) | nindent 6 }} - {{- if .Values.all.hardening.enabled}} - terminationGracePeriodSeconds: 240 - {{- end }} - containers: - {{- include "container-agent" . | nindent 6 }} - {{- if .Values.nodeAgent.containers.processAgent.enabled }} - {{- include "container-process-agent" . | nindent 6 }} - {{- end }} - dnsPolicy: ClusterFirstWithHostNet - hostNetwork: true - hostPID: true - {{- if .Values.nodeAgent.priorityClassName }} - priorityClassName: {{ .Values.nodeAgent.priorityClassName }} - {{- end }} - serviceAccountName: {{ .Release.Name }}-node-agent - nodeSelector: - {{ template "label.os" . }}: {{ .Values.targetSystem }} - {{- with .Values.nodeAgent.nodeSelector }} - {{- toYaml . | nindent 8 }} - {{- end }} - {{- with .Values.nodeAgent.affinity }} - affinity: - {{- toYaml . | nindent 8 }} - {{- end }} - {{- with .Values.nodeAgent.tolerations }} - tolerations: - {{- toYaml . | nindent 8 }} - {{- end }} - volumes: - {{- if .Values.nodeAgent.containerRuntime.customSocketPath }} - - hostPath: - path: {{ .Values.nodeAgent.containerRuntime.customSocketPath }} - name: customcrisocket - {{- end }} - - hostPath: - path: /var/lib/kubelet - name: kubelet - - hostPath: - path: /var/lib/nfs - name: nfs - - hostPath: - path: /var/lib/docker/overlay2 - name: dockeroverlay2 - - hostPath: - path: /run/docker/netns - name: dockernetns - - hostPath: - path: /var/run/crio/crio.sock - name: crisocket - - hostPath: - path: /var/run/containerd/containerd.sock - name: containerdsocket - - hostPath: - path: /sys/kernel/debug - name: sys-kernel-debug - - hostPath: - path: /var/run/docker.sock - name: dockersocket - - hostPath: - path: {{ .Values.nodeAgent.containerRuntime.hostProc }} - name: procdir - - hostPath: - path: /etc - name: etcdir - - hostPath: - path: /etc/passwd - name: passwd - - hostPath: - path: /sys/fs/cgroup - name: cgroups - {{- if .Values.nodeAgent.config.override }} - - name: config-override-volume - configMap: - name: {{ .Release.Name }}-node-agent - {{- end }} diff --git a/charts/stackstate/stackstate-k8s-agent/1.0.95/templates/node-agent-podautoscaler.yaml b/charts/stackstate/stackstate-k8s-agent/1.0.95/templates/node-agent-podautoscaler.yaml deleted file mode 100644 index 38298d414..000000000 --- a/charts/stackstate/stackstate-k8s-agent/1.0.95/templates/node-agent-podautoscaler.yaml +++ /dev/null @@ -1,39 +0,0 @@ ---- -{{- if .Values.nodeAgent.autoScalingEnabled }} -apiVersion: "autoscaling.k8s.io/v1" -kind: VerticalPodAutoscaler -metadata: - name: {{ .Release.Name }}-node-agent-vpa - namespace: {{ .Release.Namespace }} - labels: -{{ include "stackstate-k8s-agent.global.extraLabels" . | indent 4 }} - annotations: -{{ include "stackstate-k8s-agent.global.extraAnnotations" . | indent 4 }} -spec: - targetRef: - apiVersion: "apps/v1" - kind: DaemonSet - name: {{ .Release.Name }}-node-agent - resourcePolicy: - containerPolicies: - - containerName: 'node-agent' - minAllowed: - cpu: {{ .Values.nodeAgent.scaling.autoscalerLimits.agent.minimum.cpu }} - memory: {{ .Values.nodeAgent.scaling.autoscalerLimits.agent.minimum.memory }} - maxAllowed: - cpu: {{ .Values.nodeAgent.scaling.autoscalerLimits.agent.maximum.cpu }} - memory: {{ .Values.nodeAgent.scaling.autoscalerLimits.agent.maximum.memory }} - controlledResources: ["cpu", "memory"] - controlledValues: RequestsAndLimits - - containerName: 'process-agent' - minAllowed: - cpu: {{ .Values.nodeAgent.scaling.autoscalerLimits.processAgent.minimum.cpu }} - memory: {{ .Values.nodeAgent.scaling.autoscalerLimits.processAgent.minimum.memory }} - maxAllowed: - cpu: {{ .Values.nodeAgent.scaling.autoscalerLimits.processAgent.maximum.cpu }} - memory: {{ .Values.nodeAgent.scaling.autoscalerLimits.processAgent.maximum.memory }} - controlledResources: ["cpu", "memory"] - controlledValues: RequestsAndLimits - updatePolicy: - updateMode: "Auto" -{{- end }} diff --git a/charts/stackstate/stackstate-k8s-agent/1.0.95/templates/node-agent-scc.yaml b/charts/stackstate/stackstate-k8s-agent/1.0.95/templates/node-agent-scc.yaml deleted file mode 100644 index a09da78c1..000000000 --- a/charts/stackstate/stackstate-k8s-agent/1.0.95/templates/node-agent-scc.yaml +++ /dev/null @@ -1,60 +0,0 @@ -{{- if .Values.nodeAgent.scc.enabled }} -allowHostDirVolumePlugin: true -# was true -allowHostIPC: true -# was true -allowHostNetwork: true -# Allow host PID for dogstatsd origin detection -allowHostPID: true -# Allow host ports for dsd / trace / logs intake -allowHostPorts: true -allowPrivilegeEscalation: true -# was true -allowPrivilegedContainer: true -# was - '*' -allowedCapabilities: [] -allowedUnsafeSysctls: -- '*' -apiVersion: security.openshift.io/v1 -defaultAddCapabilities: null -fsGroup: -# was RunAsAny - type: MustRunAs -groups: [] -kind: SecurityContextConstraints -metadata: - name: {{ .Release.Name }}-node-agent - namespace: {{ .Release.Namespace }} - labels: -{{ include "stackstate-k8s-agent.global.extraLabels" . | indent 4 }} - annotations: -{{ include "stackstate-k8s-agent.global.extraAnnotations" . | indent 4 }} -priority: null -readOnlyRootFilesystem: false -requiredDropCapabilities: null -# was RunAsAny -runAsUser: - type: MustRunAsRange -# Use the `spc_t` selinux type to access the -# docker socket + proc and cgroup stats -seLinuxContext: - type: RunAsAny - seLinuxOptions: - user: "system_u" - role: "system_r" - type: "spc_t" - level: "s0" -# was - '*' -seccompProfiles: [] -supplementalGroups: - type: RunAsAny -users: -- system:serviceaccount:{{ .Release.Namespace }}:{{ .Release.Name }}-node-agent -# Allow hostPath for docker / process metrics -volumes: - - configMap - - downwardAPI - - emptyDir - - hostPath - - secret -{{- end }} diff --git a/charts/stackstate/stackstate-k8s-agent/1.0.95/templates/node-agent-service.yaml b/charts/stackstate/stackstate-k8s-agent/1.0.95/templates/node-agent-service.yaml deleted file mode 100644 index 0b6cd6ec0..000000000 --- a/charts/stackstate/stackstate-k8s-agent/1.0.95/templates/node-agent-service.yaml +++ /dev/null @@ -1,28 +0,0 @@ -apiVersion: v1 -kind: Service -metadata: - name: {{ .Release.Name }}-node-agent - namespace: {{ .Release.Namespace }} - labels: -{{ include "stackstate-k8s-agent.labels" . | indent 4 }} -{{ include "stackstate-k8s-agent.global.extraLabels" . | indent 4 }} - app.kubernetes.io/component: node-agent - annotations: -{{ include "stackstate-k8s-agent.global.extraAnnotations" . | indent 4 }} -{{- with .Values.nodeAgent.service.annotations }} - {{- toYaml . | nindent 4 }} -{{- end }} -spec: - type: {{ .Values.nodeAgent.service.type }} -{{- if eq .Values.nodeAgent.service.type "LoadBalancer" }} - loadBalancerSourceRanges: {{ toYaml .Values.nodeAgent.service.loadBalancerSourceRanges | nindent 4}} -{{- end }} - ports: - - name: traceport - port: 8126 - protocol: TCP - targetPort: 8126 - selector: - app.kubernetes.io/component: node-agent - app.kubernetes.io/instance: {{ .Release.Name }} - app.kubernetes.io/name: {{ include "stackstate-k8s-agent.name" . }} diff --git a/charts/stackstate/stackstate-k8s-agent/1.0.95/templates/node-agent-serviceaccount.yaml b/charts/stackstate/stackstate-k8s-agent/1.0.95/templates/node-agent-serviceaccount.yaml deleted file mode 100644 index 803d184ef..000000000 --- a/charts/stackstate/stackstate-k8s-agent/1.0.95/templates/node-agent-serviceaccount.yaml +++ /dev/null @@ -1,14 +0,0 @@ -apiVersion: v1 -kind: ServiceAccount -metadata: - name: {{ .Release.Name }}-node-agent - namespace: {{ .Release.Namespace }} - labels: -{{ include "stackstate-k8s-agent.labels" . | indent 4 }} -{{ include "stackstate-k8s-agent.global.extraLabels" . | indent 4 }} - app.kubernetes.io/component: node-agent - annotations: -{{ include "stackstate-k8s-agent.global.extraAnnotations" . | indent 4 }} -{{- with .Values.nodeAgent.serviceaccount.annotations }} - {{- toYaml . | nindent 4 }} -{{- end }} diff --git a/charts/stackstate/stackstate-k8s-agent/1.0.95/templates/openshift-logging-secret.yaml b/charts/stackstate/stackstate-k8s-agent/1.0.95/templates/openshift-logging-secret.yaml deleted file mode 100644 index ed0707f1f..000000000 --- a/charts/stackstate/stackstate-k8s-agent/1.0.95/templates/openshift-logging-secret.yaml +++ /dev/null @@ -1,22 +0,0 @@ -{{- if not .Values.stackstate.manageOwnSecrets }} -{{- if .Values.openShiftLogging.installSecret }} -apiVersion: v1 -kind: Secret -metadata: - name: {{ include "stackstate-k8s-agent.fullname" . }}-logging-secret - namespace: openshift-logging - labels: -{{ include "stackstate-k8s-agent.labels" . | indent 4 }} -{{ include "stackstate-k8s-agent.global.extraLabels" . | indent 4 }} - annotations: -{{ include "stackstate-k8s-agent.global.extraAnnotations" . | indent 4 }} -type: Opaque -data: - username: {{ "apikey" | b64enc | quote }} -{{- if .Values.global.receiverApiKey }} - password: {{ .Values.global.receiverApiKey | b64enc | quote }} -{{- else }} - password: {{ .Values.stackstate.apiKey | b64enc | quote }} -{{- end }} -{{- end }} -{{- end }} diff --git a/charts/stackstate/stackstate-k8s-agent/1.0.95/templates/pull-secret.yaml b/charts/stackstate/stackstate-k8s-agent/1.0.95/templates/pull-secret.yaml deleted file mode 100644 index 916941665..000000000 --- a/charts/stackstate/stackstate-k8s-agent/1.0.95/templates/pull-secret.yaml +++ /dev/null @@ -1,39 +0,0 @@ -{{- $defaultRegistry := .Values.global.imageRegistry }} -{{- $top := . }} -{{- $registryAuthMap := dict }} - -{{- range $registry, $credentials := .Values.global.imagePullCredentials }} - {{- $registryAuthDocument := dict -}} - {{- $_ := set $registryAuthDocument "username" $credentials.username }} - {{- $_ := set $registryAuthDocument "password" $credentials.password }} - {{- $authMessage := printf "%s:%s" $registryAuthDocument.username $registryAuthDocument.password | b64enc }} - {{- $_ := set $registryAuthDocument "auth" $authMessage }} - {{- if eq $registry "default" }} - {{- $registryAuthMap := set $registryAuthMap (include "stackstate-k8s-agent.imageRegistry" $top) $registryAuthDocument }} - {{ else }} - {{- $registryAuthMap := set $registryAuthMap $registry $registryAuthDocument }} - {{- end }} -{{- end }} - -{{- if .Values.all.image.pullSecretUsername }} - {{- $registryAuthDocument := dict -}} - {{- $_ := set $registryAuthDocument "username" .Values.all.image.pullSecretUsername }} - {{- $_ := set $registryAuthDocument "password" .Values.all.image.pullSecretPassword }} - {{- $authMessage := printf "%s:%s" $registryAuthDocument.username $registryAuthDocument.password | b64enc }} - {{- $_ := set $registryAuthDocument "auth" $authMessage }} - {{- $registryAuthMap := set $registryAuthMap (include "stackstate-k8s-agent.imageRegistry" $top) $registryAuthDocument }} -{{- end }} - -{{- $dockerAuthsDocuments := dict "auths" $registryAuthMap }} - -apiVersion: v1 -kind: Secret -metadata: - name: {{ include "stackstate-k8s-agent.pull-secret.name" . }} - labels: -{{ include "stackstate-k8s-agent.global.extraLabels" . | indent 4 }} - annotations: -{{ include "stackstate-k8s-agent.global.extraAnnotations" . | indent 4 }} -data: - .dockerconfigjson: {{ $dockerAuthsDocuments | toJson | b64enc | quote }} -type: kubernetes.io/dockerconfigjson diff --git a/charts/stackstate/stackstate-k8s-agent/1.0.95/templates/secret.yaml b/charts/stackstate/stackstate-k8s-agent/1.0.95/templates/secret.yaml deleted file mode 100644 index 5e0f5f74c..000000000 --- a/charts/stackstate/stackstate-k8s-agent/1.0.95/templates/secret.yaml +++ /dev/null @@ -1,27 +0,0 @@ -{{- if not .Values.stackstate.manageOwnSecrets }} -apiVersion: v1 -kind: Secret -metadata: - name: {{ include "stackstate-k8s-agent.fullname" . }} - namespace: {{ .Release.Namespace }} - labels: -{{ include "stackstate-k8s-agent.labels" . | indent 4 }} -{{ include "stackstate-k8s-agent.global.extraLabels" . | indent 4 }} - annotations: -{{ include "stackstate-k8s-agent.global.extraAnnotations" . | indent 4 }} -type: Opaque -data: -{{- if .Values.global.receiverApiKey }} - sts-api-key: {{ .Values.global.receiverApiKey | b64enc | quote }} -{{- else }} - sts-api-key: {{ .Values.stackstate.apiKey | b64enc | quote }} -{{- end }} -{{- if .Values.stackstate.cluster.authToken }} - sts-cluster-auth-token: {{ .Values.stackstate.cluster.authToken | b64enc | quote }} -{{- else }} - sts-cluster-auth-token: {{ randAlphaNum 32 | b64enc | quote }} -{{- end }} -{{- range $key, $value := .Values.global.extraEnv.secret }} - {{ $key }}: {{ $value | b64enc | quote }} -{{- end }} -{{- end }} diff --git a/charts/stackstate/stackstate-k8s-agent/1.0.95/test/clusteragent_resources_test.go b/charts/stackstate/stackstate-k8s-agent/1.0.95/test/clusteragent_resources_test.go deleted file mode 100644 index 25875e871..000000000 --- a/charts/stackstate/stackstate-k8s-agent/1.0.95/test/clusteragent_resources_test.go +++ /dev/null @@ -1,145 +0,0 @@ -package test - -import ( - "regexp" - "strings" - "testing" - - v1 "k8s.io/api/rbac/v1" - - "github.com/stretchr/testify/assert" - "gitlab.com/StackVista/DevOps/helm-charts/helmtestutil" -) - -var requiredRules = []string{ - "events+get,list,watch", - "nodes+get,list,watch", - "pods+get,list,watch", - "services+get,list,watch", - "configmaps+create,get,patch,update", -} - -var optionalRules = []string{ - "namespaces+get,list,watch", - "componentstatuses+get,list,watch", - "configmaps+list,watch", // get is already required - "endpoints+get,list,watch", - "persistentvolumeclaims+get,list,watch", - "persistentvolumes+get,list,watch", - "secrets+get,list,watch", - "apps/daemonsets+get,list,watch", - "apps/deployments+get,list,watch", - "apps/replicasets+get,list,watch", - "apps/statefulsets+get,list,watch", - "extensions/ingresses+get,list,watch", - "batch/cronjobs+get,list,watch", - "batch/jobs+get,list,watch", -} - -var roleDescriptionRegexp = regexp.MustCompile(`^((?P\w+)/)?(?P\w+)\+(?P[\w,]+)`) - -type Rule struct { - Group string - ResourceName string - Verb string -} - -func assertRuleExistence(t *testing.T, rules []v1.PolicyRule, roleDescription string, shouldBePresent bool) { - match := roleDescriptionRegexp.FindStringSubmatch(roleDescription) - assert.NotNil(t, match) - - var roleRules []Rule - for _, rule := range rules { - for _, group := range rule.APIGroups { - for _, resource := range rule.Resources { - for _, verb := range rule.Verbs { - roleRules = append(roleRules, Rule{group, resource, verb}) - } - } - } - } - - resGroup := match[roleDescriptionRegexp.SubexpIndex("group")] - resName := match[roleDescriptionRegexp.SubexpIndex("name")] - verbs := strings.Split(match[roleDescriptionRegexp.SubexpIndex("verbs")], ",") - - for _, verb := range verbs { - requiredRule := Rule{resGroup, resName, verb} - found := false - for _, rule := range roleRules { - if rule == requiredRule { - found = true - break - } - } - if shouldBePresent { - assert.Truef(t, found, "Rule %v has not been found", requiredRule) - } else { - assert.Falsef(t, found, "Rule %v should not be present", requiredRule) - } - } -} - -func TestAllResourcesAreEnabled(t *testing.T) { - output := helmtestutil.RenderHelmTemplate(t, "stackstate-k8s-agent", "values/minimal.yaml") - resources := helmtestutil.NewKubernetesResources(t, output) - - assert.Contains(t, resources.ClusterRoles, "stackstate-k8s-agent") - assert.Contains(t, resources.Roles, "stackstate-k8s-agent") - rules := resources.ClusterRoles["stackstate-k8s-agent"].Rules - rules = append(rules, resources.Roles["stackstate-k8s-agent"].Rules...) - - for _, requiredRole := range requiredRules { - assertRuleExistence(t, rules, requiredRole, true) - } - // be default, everything is enabled, so all the optional roles should be present as well - for _, optionalRule := range optionalRules { - assertRuleExistence(t, rules, optionalRule, true) - } -} - -func TestMostOfResourcesAreDisabled(t *testing.T) { - output := helmtestutil.RenderHelmTemplate(t, "stackstate-k8s-agent", "values/minimal.yaml", "values/disable-all-resource.yaml") - resources := helmtestutil.NewKubernetesResources(t, output) - - assert.Contains(t, resources.ClusterRoles, "stackstate-k8s-agent") - assert.Contains(t, resources.Roles, "stackstate-k8s-agent") - rules := resources.ClusterRoles["stackstate-k8s-agent"].Rules - rules = append(rules, resources.Roles["stackstate-k8s-agent"].Rules...) - - for _, requiredRole := range requiredRules { - assertRuleExistence(t, rules, requiredRole, true) - } - - // we expect all optional resources to be removed from ClusterRole with the given values - for _, optionalRule := range optionalRules { - assertRuleExistence(t, rules, optionalRule, false) - } -} - -func TestNoClusterWideModificationRights(t *testing.T) { - output := helmtestutil.RenderHelmTemplate(t, "stackstate-k8s-agent", "values/minimal.yaml", "values/http-header-injector.yaml") - resources := helmtestutil.NewKubernetesResources(t, output) - assert.Contains(t, resources.ClusterRoles, "stackstate-k8s-agent") - illegalVerbs := []string{"create", "patch", "update", "delete"} - - for _, clusterRole := range resources.ClusterRoles { - for _, rule := range clusterRole.Rules { - for _, verb := range rule.Verbs { - assert.NotContains(t, illegalVerbs, verb, "ClusterRole %s should not have %s verb for %s resource", clusterRole.Name, verb, rule.Resources) - } - } - } -} - -func TestServicePortChange(t *testing.T) { - output := helmtestutil.RenderHelmTemplate(t, "stackstate-k8s-agent", "values/minimal.yaml", "values/clustercheck_service_port_override.yaml") - resources := helmtestutil.NewKubernetesResources(t, output) - - cluster_agent_service := resources.Services["stackstate-k8s-agent-cluster-agent"] - - port := cluster_agent_service.Spec.Ports[0] - assert.Equal(t, port.Name, "clusteragent") - assert.Equal(t, port.Port, int32(8008)) - assert.Equal(t, port.TargetPort.IntVal, int32(9009)) -} diff --git a/charts/stackstate/stackstate-k8s-agent/1.0.95/test/clustername_test.go b/charts/stackstate/stackstate-k8s-agent/1.0.95/test/clustername_test.go deleted file mode 100644 index 55090b995..000000000 --- a/charts/stackstate/stackstate-k8s-agent/1.0.95/test/clustername_test.go +++ /dev/null @@ -1,54 +0,0 @@ -package test - -import ( - "testing" - - "github.com/gruntwork-io/terratest/modules/helm" - "github.com/stretchr/testify/assert" - - "gitlab.com/StackVista/DevOps/helm-charts/helmtestutil" -) - -func TestHelmBasicRender(t *testing.T) { - output := helmtestutil.RenderHelmTemplate(t, "stackstate-k8s-agent", "values/minimal.yaml") - - // Parse all resources into their corresponding types for validation and further inspection - helmtestutil.NewKubernetesResources(t, output) -} - -func TestClusterNameValidation(t *testing.T) { - testCases := []struct { - Name string - ClusterName string - IsValid bool - }{ - {"not allowed end with special character [.]", "name.", false}, - {"not allowed end with special character [-]", "name.", false}, - {"not allowed start with special character [-]", "-name", false}, - {"not allowed start with special character [.]", ".name", false}, - {"upper case is not allowed", "Euwest1-prod.cool-company.com", false}, - {"upper case is not allowed", "euwest1-PROD.cool-company.com", false}, - {"upper case is not allowed", "euwest1-prod.cool-company.coM", false}, - {"dots and dashes are allowed in the middle", "euwest1-prod.cool-company.com", true}, - {"underscore is not allowed", "why_7", false}, - } - - for _, testCase := range testCases { - t.Run(testCase.Name, func(t *testing.T) { - output, err := helmtestutil.RenderHelmTemplateOpts( - t, "cluster-agent", - &helm.Options{ - ValuesFiles: []string{"values/minimal.yaml"}, - SetStrValues: map[string]string{ - "stackstate.cluster.name": testCase.ClusterName, - }, - }) - if testCase.IsValid { - assert.Nil(t, err) - } else { - assert.NotNil(t, err) - assert.Contains(t, output, "stackstate.cluster.name: Does not match pattern") - } - }) - } -} diff --git a/charts/stackstate/stackstate-k8s-agent/1.0.95/test/values/clustercheck_ksm_custom_url.yaml b/charts/stackstate/stackstate-k8s-agent/1.0.95/test/values/clustercheck_ksm_custom_url.yaml deleted file mode 100644 index 57b973eed..000000000 --- a/charts/stackstate/stackstate-k8s-agent/1.0.95/test/values/clustercheck_ksm_custom_url.yaml +++ /dev/null @@ -1,7 +0,0 @@ -checksAgent: - enabled: true - kubeStateMetrics: - url: http://my-custom-ksm-url.monitoring.svc.local:8080/metrics -dependencies: - kubeStateMetrics: - enabled: true diff --git a/charts/stackstate/stackstate-k8s-agent/1.0.95/test/values/clustercheck_ksm_no_override.yaml b/charts/stackstate/stackstate-k8s-agent/1.0.95/test/values/clustercheck_ksm_no_override.yaml deleted file mode 100644 index b6c817d47..000000000 --- a/charts/stackstate/stackstate-k8s-agent/1.0.95/test/values/clustercheck_ksm_no_override.yaml +++ /dev/null @@ -1,5 +0,0 @@ -checksAgent: - enabled: true -dependencies: - kubeStateMetrics: - enabled: true diff --git a/charts/stackstate/stackstate-k8s-agent/1.0.95/test/values/clustercheck_ksm_override.yaml b/charts/stackstate/stackstate-k8s-agent/1.0.95/test/values/clustercheck_ksm_override.yaml deleted file mode 100644 index 9ca201345..000000000 --- a/charts/stackstate/stackstate-k8s-agent/1.0.95/test/values/clustercheck_ksm_override.yaml +++ /dev/null @@ -1,26 +0,0 @@ -checksAgent: - enabled: true -dependencies: - kubeStateMetrics: - enabled: true -agent: - config: - override: -# agent.config.override -- Disables kubernetes_state check on regular agent pods. - - name: auto_conf.yaml - path: /etc/stackstate-agent/conf.d/kubernetes_state.d - data: | -clusterAgent: - config: - override: -# clusterAgent.config.override -- Defines kubernetes_state check for clusterchecks agents. Auto-discovery -# with ad_identifiers does not work here. Use a specific URL instead. - - name: conf.yaml - path: /etc/stackstate-agent/conf.d/kubernetes_state.d - data: | - cluster_check: true - - init_config: - - instances: - - kube_state_url: http://YOUR_KUBE_STATE_METRICS_SERVICE_NAME:8080/metrics diff --git a/charts/stackstate/stackstate-k8s-agent/1.0.95/test/values/clustercheck_no_ksm_custom_url.yaml b/charts/stackstate/stackstate-k8s-agent/1.0.95/test/values/clustercheck_no_ksm_custom_url.yaml deleted file mode 100644 index a62691878..000000000 --- a/charts/stackstate/stackstate-k8s-agent/1.0.95/test/values/clustercheck_no_ksm_custom_url.yaml +++ /dev/null @@ -1,7 +0,0 @@ -checksAgent: - enabled: true - kubeStateMetrics: - url: http://my-custom-ksm-url.monitoring.svc.local:8080/metrics -dependencies: - kubeStateMetrics: - enabled: false diff --git a/charts/stackstate/stackstate-k8s-agent/1.0.95/test/values/clustercheck_service_port_override.yaml b/charts/stackstate/stackstate-k8s-agent/1.0.95/test/values/clustercheck_service_port_override.yaml deleted file mode 100644 index c01a98fcb..000000000 --- a/charts/stackstate/stackstate-k8s-agent/1.0.95/test/values/clustercheck_service_port_override.yaml +++ /dev/null @@ -1,4 +0,0 @@ -clusterAgent: - service: - port: 8008 - targetPort: 9009 diff --git a/charts/stackstate/stackstate-k8s-agent/1.0.95/test/values/disable-all-resource.yaml b/charts/stackstate/stackstate-k8s-agent/1.0.95/test/values/disable-all-resource.yaml deleted file mode 100644 index cd33e843e..000000000 --- a/charts/stackstate/stackstate-k8s-agent/1.0.95/test/values/disable-all-resource.yaml +++ /dev/null @@ -1,17 +0,0 @@ -clusterAgent: - collection: - kubernetesMetrics: false - kubernetesResources: - namespaces: false - configmaps: false - endpoints: false - persistentvolumes: false - persistentvolumeclaims: false - secrets: false - daemonsets: false - deployments: false - replicasets: false - statefulsets: false - ingresses: false - cronjobs: false - jobs: false diff --git a/charts/stackstate/stackstate-k8s-agent/1.0.95/test/values/http-header-injector.yaml b/charts/stackstate/stackstate-k8s-agent/1.0.95/test/values/http-header-injector.yaml deleted file mode 100644 index c9392ce2d..000000000 --- a/charts/stackstate/stackstate-k8s-agent/1.0.95/test/values/http-header-injector.yaml +++ /dev/null @@ -1,8 +0,0 @@ -httpHeaderInjectorWebhook: - webhook: - tls: - mode: "provided" - provided: - caBundle: insert-ca-here - crt: insert-cert-here - key: insert-key-here diff --git a/charts/stackstate/stackstate-k8s-agent/1.0.95/test/values/minimal.yaml b/charts/stackstate/stackstate-k8s-agent/1.0.95/test/values/minimal.yaml deleted file mode 100644 index b310c9a09..000000000 --- a/charts/stackstate/stackstate-k8s-agent/1.0.95/test/values/minimal.yaml +++ /dev/null @@ -1,7 +0,0 @@ -stackstate: - apiKey: foobar - cluster: - name: some-k8s-cluster - token: some-token - - url: https://stackstate:7000/receiver diff --git a/charts/stackstate/stackstate-k8s-agent/1.0.95/values.schema.json b/charts/stackstate/stackstate-k8s-agent/1.0.95/values.schema.json deleted file mode 100644 index 57d36a9f3..000000000 --- a/charts/stackstate/stackstate-k8s-agent/1.0.95/values.schema.json +++ /dev/null @@ -1,78 +0,0 @@ -{ - "$schema": "https://json-schema.org/draft/2019-09/schema", - "$id": "https://stackstate.io/example.json", - "type": "object", - "default": {}, - "title": "StackState Agent Helm chart values", - "required": [ - "stackstate", - "clusterAgent" - ], - "properties": { - "stackstate": { - "type": "object", - "required": [ - "cluster", - "url" - ], - "properties": { - "apiKey": { - "type": "string" - }, - "cluster": { - "type": "object", - "required": ["name"], - "properties": { - "name": { - "type": "string", - "pattern": "^[a-z0-9]([a-z0-9\\-\\.]*[a-z0-9])$" - }, - "authToken": { - "type": "string" - } - } - }, - "url": { - "type": "string" - } - } - }, - "clusterAgent": { - "type": "object", - "required": [ - "config" - ], - "properties": { - "config": { - "type": "object", - "required": [ - "events" - ], - "properties": { - "events": { - "type": "object", - "properties": { - "categories": { - "type": "object", - "patternProperties": { - ".*": { - "type": [ - "string" - ], - "enum": [ - "Alerts", - "Activities", - "Changes", - "Others" - ] - } - } - } - } - } - } - } - } - } - } -} diff --git a/charts/stackstate/stackstate-k8s-agent/1.0.95/values.yaml b/charts/stackstate/stackstate-k8s-agent/1.0.95/values.yaml deleted file mode 100644 index 50112c361..000000000 --- a/charts/stackstate/stackstate-k8s-agent/1.0.95/values.yaml +++ /dev/null @@ -1,616 +0,0 @@ -##################### -# General variables # -##################### - -global: - extraEnv: - # global.extraEnv.open -- Extra open environment variables to inject into pods. - open: {} - # global.extraEnv.secret -- Extra secret environment variables to inject into pods via a `Secret` object. - secret: {} - # global.imagePullSecrets -- Secrets / credentials needed for container image registry. - imagePullSecrets: [] - # global.imagePullCredentials -- Globally define credentials for pulling images. - imagePullCredentials: {} - proxy: - # global.proxy.url -- Proxy for all traffic to stackstate - url: "" - # global.skipSslValidation -- Enable tls validation from client - skipSslValidation: false - - # global.extraLabels -- Extra labels added ta all resources created by the helm chart - extraLabels: {} - # global.extraAnnotations -- Extra annotations added ta all resources created by the helm chart - extraAnnotations: {} - -# nameOverride -- Override the name of the chart. -nameOverride: "" -# fullnameOverride -- Override the fullname of the chart. -fullnameOverride: "" - -# targetSystem -- Target OS for this deployment (possible values: linux) -targetSystem: "linux" - -all: - image: - # all.image.registry -- The image registry to use. - registry: "quay.io" - hardening: - # all.hardening.enabled -- An indication of whether the containers will be evaluated for hardening at runtime - enabled: false - -nodeAgent: - # nodeAgent.autoScalingEnabled -- Enable / disable autoscaling for the node agent pods. - autoScalingEnabled: false - containerRuntime: - # nodeAgent.containerRuntime.customSocketPath -- If the container socket path does not match the default for CRI-O, Containerd or Docker, supply a custom socket path. - customSocketPath: "" - # nodeAgent.containerRuntime.customHostProc -- If the container is launched from a place where /proc is mounted differently, /proc can be changed - hostProc: /proc - - scc: - # nodeAgent.scc.enabled -- Enable / disable the installation of the SecurityContextConfiguration needed for installation on OpenShift. - enabled: false - apm: - # nodeAgent.apm.enabled -- Enable / disable the nodeAgent APM module. - enabled: true - networkTracing: - # nodeAgent.networkTracing.enabled -- Enable / disable the nodeAgent network tracing module. - enabled: true - protocolInspection: - # nodeAgent.protocolInspection.enabled -- Enable / disable the nodeAgent protocol inspection. - enabled: true - httpTracing: - enabled: true - # nodeAgent.skipSslValidation -- Set to true if self signed certificates are used. - skipSslValidation: false - # nodeAgent.skipKubeletTLSVerify -- Set to true if you want to skip kubelet tls verification. - skipKubeletTLSVerify: false - - # nodeAgent.checksTagCardinality -- low, orchestrator or high. Orchestrator level adds pod_name, high adds display_container_name - checksTagCardinality: orchestrator - - # nodeAgent.config -- - config: - # nodeAgent.config.override -- A list of objects containing three keys `name`, `path` and `data`, specifying filenames at specific paths which need to be (potentially) overridden using a mounted configmap - override: [] - - # nodeAgent.priorityClassName -- Priority class for nodeAgent pods. - priorityClassName: "" - - scaling: - autoscalerLimits: - agent: - minimum: - # nodeAgent.scaling.autoscalerLimits.agent.minimum.cpu -- Minimum CPU resource limits for main agent. - cpu: "20m" - # nodeAgent.scaling.autoscalerLimits.agent.minimum.memory -- Minimum memory resource limits for main agent. - memory: "180Mi" - maximum: - # nodeAgent.scaling.autoscalerLimits.agent.maximum.cpu -- Maximum CPU resource limits for main agent. - cpu: "200m" - # nodeAgent.scaling.autoscalerLimits.agent.maximum.memory -- Maximum memory resource limits for main agent. - memory: "450Mi" - processAgent: - minimum: - # nodeAgent.scaling.autoscalerLimits.processAgent.minimum.cpu -- Minimum CPU resource limits for process agent. - cpu: "25m" - # nodeAgent.scaling.autoscalerLimits.processAgent.minimum.memory -- Minimum memory resource limits for process agent. - memory: "100Mi" - maximum: - # nodeAgent.scaling.autoscalerLimits.processAgent.maximum.cpu -- Maximum CPU resource limits for process agent. - cpu: "200m" - # nodeAgent.scaling.autoscalerLimits.processAgent.maximum.memory -- Maximum memory resource limits for process agent. - memory: "500Mi" - - containers: - agent: - image: - # nodeAgent.containers.agent.image.repository -- Base container image repository. - repository: stackstate/stackstate-k8s-agent - # nodeAgent.containers.agent.image.tag -- Default container image tag. - tag: "10e27026" - # nodeAgent.containers.agent.image.pullPolicy -- Default container image pull policy. - pullPolicy: IfNotPresent - processAgent: - # nodeAgent.containers.agent.processAgent.enabled -- Enable / disable the agent process agent module. - deprecated - enabled: false - # nodeAgent.containers.agent.env -- Additional environment variables for the agent container - env: {} - # nodeAgent.containers.agent.logLevel -- Set logging verbosity, valid log levels are: trace, debug, info, warn, error, critical, and off - ## If not set, fall back to the value of agent.logLevel. - logLevel: # INFO - - resources: - limits: - # nodeAgent.containers.agent.resources.limits.cpu -- CPU resource limits. - cpu: "270m" - # nodeAgent.containers.agent.resources.limits.memory -- Memory resource limits. - memory: "420Mi" - requests: - # nodeAgent.containers.agent.resources.requests.cpu -- CPU resource requests. - cpu: "20m" - # nodeAgent.containers.agent.resources.requests.memory -- Memory resource requests. - memory: "180Mi" - livenessProbe: - # nodeAgent.containers.agent.livenessProbe.enabled -- Enable use of livenessProbe check. - enabled: true - # nodeAgent.containers.agent.livenessProbe.failureThreshold -- `failureThreshold` for the liveness probe. - failureThreshold: 3 - # nodeAgent.containers.agent.livenessProbe.initialDelaySeconds -- `initialDelaySeconds` for the liveness probe. - initialDelaySeconds: 15 - # nodeAgent.containers.agent.livenessProbe.periodSeconds -- `periodSeconds` for the liveness probe. - periodSeconds: 15 - # nodeAgent.containers.agent.livenessProbe.successThreshold -- `successThreshold` for the liveness probe. - successThreshold: 1 - # nodeAgent.containers.agent.livenessProbe.timeoutSeconds -- `timeoutSeconds` for the liveness probe. - timeoutSeconds: 5 - readinessProbe: - # nodeAgent.containers.agent.readinessProbe.enabled -- Enable use of readinessProbe check. - enabled: true - # nodeAgent.containers.agent.readinessProbe.failureThreshold -- `failureThreshold` for the readiness probe. - failureThreshold: 3 - # nodeAgent.containers.agent.readinessProbe.initialDelaySeconds -- `initialDelaySeconds` for the readiness probe. - initialDelaySeconds: 15 - # nodeAgent.containers.agent.readinessProbe.periodSeconds -- `periodSeconds` for the readiness probe. - periodSeconds: 15 - # nodeAgent.containers.agent.readinessProbe.successThreshold -- `successThreshold` for the readiness probe. - successThreshold: 1 - # nodeAgent.containers.agent.readinessProbe.timeoutSeconds -- `timeoutSeconds` for the readiness probe. - timeoutSeconds: 5 - - processAgent: - # nodeAgent.containers.processAgent.enabled -- Enable / disable the process agent container. - enabled: true - image: - # Override to pull the image from an alternate registry - registry: - # nodeAgent.containers.processAgent.image.repository -- Process-agent container image repository. - repository: stackstate/stackstate-k8s-process-agent - # nodeAgent.containers.processAgent.image.tag -- Default process-agent container image tag. - tag: "cae7a4fa" - # nodeAgent.containers.processAgent.image.pullPolicy -- Process-agent container image pull policy. - pullPolicy: IfNotPresent - # nodeAgent.containers.processAgent.env -- Additional environment variables for the process-agent container - env: {} - # nodeAgent.containers.processAgent.logLevel -- Set logging verbosity, valid log levels are: trace, debug, info, warn, error, critical, and off - ## If not set, fall back to the value of agent.logLevel. - logLevel: # INFO - - # nodeAgent.containers.processAgent.procVolumeReadOnly -- Configure whether /host/proc is read only for the process agent container - procVolumeReadOnly: true - - resources: - limits: - # nodeAgent.containers.processAgent.resources.limits.cpu -- CPU resource limits. - cpu: "125m" - # nodeAgent.containers.processAgent.resources.limits.memory -- Memory resource limits. - memory: "400Mi" - requests: - # nodeAgent.containers.processAgent.resources.requests.cpu -- CPU resource requests. - cpu: "25m" - # nodeAgent.containers.processAgent.resources.requests.memory -- Memory resource requests. - memory: "128Mi" - # nodeAgent.service -- The Kubernetes service for the agent - service: - # nodeAgent.service.type -- Type of Kubernetes service: ClusterIP, LoadBalancer, NodePort - type: ClusterIP - # nodeAgent.service.annotations -- Annotations for the service - annotations: {} - # nodeAgent.service.loadBalancerSourceRanges -- The IP4 CIDR allowed to reach LoadBalancer for the service. For LoadBalancer type of service only. - loadBalancerSourceRanges: ["10.0.0.0/8"] - - # nodeAgent.logLevel -- Logging level for agent processes. - logLevel: INFO - - # nodeAgent.updateStrategy -- The update strategy for the DaemonSet object. - updateStrategy: - type: RollingUpdate - rollingUpdate: - maxUnavailable: 100 - - # nodeAgent.nodeSelector -- Node labels for pod assignment. - nodeSelector: {} - - # nodeAgent.tolerations -- Toleration labels for pod assignment. - tolerations: [] - - # nodeAgent.affinity -- Affinity settings for pod assignment. - affinity: {} - - serviceaccount: - # nodeAgent.serviceaccount.annotations -- Annotations for the service account for the agent daemonset pods - annotations: {} - -processAgent: - softMemoryLimit: - # processAgent.softMemoryLimit.goMemLimit -- Soft-limit for golang heap allocation, for sanity, must be around 85% of nodeAgent.containers.processAgent.resources.limits.cpu. - goMemLimit: 340MiB - # processAgent.softMemoryLimit.httpStatsBufferSize -- Sets a maximum for the number of http stats to keep in memory between check runs, to use 40k requires around ~400Mib of memory. - httpStatsBufferSize: 40000 - # processAgent.softMemoryLimit.httpObservationsBufferSize -- Sets a maximum for the number of http observations to keep in memory between check runs, to use 40k requires around ~400Mib of memory. - httpObservationsBufferSize: 40000 - - checkIntervals: - # processAgent.checkIntervals.container -- Override the default value of the container check interval in seconds. - container: 28 - # processAgent.checkIntervals.connections -- Override the default value of the connections check interval in seconds. - connections: 30 - # processAgent.checkIntervals.process -- Override the default value of the process check interval in seconds. - process: 32 - -clusterAgent: - collection: - # clusterAgent.collection.kubernetesEvents -- Enable / disable the cluster agent events collection. - kubernetesEvents: true - # clusterAgent.collection.kubernetesMetrics -- Enable / disable the cluster agent metrics collection. - kubernetesMetrics: true - # clusterAgent.collection.kubernetesTimeout -- Default timeout (in seconds) when obtaining information from the Kubernetes API. - kubernetesTimeout: 10 - # clusterAgent.collection.kubernetesTopology -- Enable / disable the cluster agent topology collection. - kubernetesTopology: true - kubeStateMetrics: - # clusterAgent.collection.kubeStateMetrics.enabled -- Enable / disable the cluster agent kube-state-metrics collection. - enabled: true - # clusterAgent.collection.kubeStateMetrics.clusterCheck -- For large clusters where the Kubernetes State Metrics Check Core needs to be distributed on dedicated workers. - clusterCheck: false - # clusterAgent.collection.kubeStateMetrics.labelsAsTags -- Extra labels to collect from resources and to turn into StackState tag. - ## It has the following structure: - ## labelsAsTags: - ## : # can be pod, deployment, node, etc. - ## : # where is the kubernetes label and is the StackState tag - ## : - ## : - ## : - ## - ## Warning: the label must match the transformation done by kube-state-metrics, - ## for example tags.stackstate/version becomes tags_stackstate_version. - labelsAsTags: {} - # pod: - # app: app - # node: - # zone: zone - # team: team - - # clusterAgent.collection.kubeStateMetrics.annotationsAsTags -- Extra annotations to collect from resources and to turn into StackState tag. - - ## It has the following structure: - ## annotationsAsTags: - ## : # can be pod, deployment, node, etc. - ## : # where is the kubernetes annotation and is the StackState tag - ## : - ## : - ## : - ## - ## Warning: the annotation must match the transformation done by kube-state-metrics, - ## for example tags.stackstate/version becomes tags_stackstate_version. - annotationsAsTags: {} - kubernetesResources: - # clusterAgent.collection.kubernetesResources.limitranges -- Enable / disable collection of LimitRanges. - limitranges: true - # clusterAgent.collection.kubernetesResources.horizontalpodautoscalers -- Enable / disable collection of HorizontalPodAutoscalers. - horizontalpodautoscalers: true - # clusterAgent.collection.kubernetesResources.replicationcontrollers -- Enable / disable collection of ReplicationControllers. - replicationcontrollers: true - # clusterAgent.collection.kubernetesResources.poddisruptionbudgets -- Enable / disable collection of PodDisruptionBudgets. - poddisruptionbudgets: true - # clusterAgent.collection.kubernetesResources.storageclasses -- Enable / disable collection of StorageClasses. - storageclasses: true - # clusterAgent.collection.kubernetesResources.volumeattachments -- Enable / disable collection of Volume Attachments. Used to bind Nodes to Persistent Volumes. - volumeattachments: true - # clusterAgent.collection.kubernetesResources.namespaces -- Enable / disable collection of Namespaces. - namespaces: true - # clusterAgent.collection.kubernetesResources.configmaps -- Enable / disable collection of ConfigMaps. - configmaps: true - # clusterAgent.collection.kubernetesResources.endpoints -- Enable / disable collection of Endpoints. If endpoints are disabled then StackState won't be able to connect a Service to Pods that serving it - endpoints: true - # clusterAgent.collection.kubernetesResources.persistentvolumes -- Enable / disable collection of PersistentVolumes. - persistentvolumes: true - # clusterAgent.collection.kubernetesResources.persistentvolumeclaims -- Enable / disable collection of PersistentVolumeClaims. Disabling these will not let StackState connect PersistentVolumes to pods they are attached to - persistentvolumeclaims: true - # clusterAgent.collection.kubernetesResources.secrets -- Enable / disable collection of Secrets. - secrets: true - # clusterAgent.collection.kubernetesResources.daemonsets -- Enable / disable collection of DaemonSets. - daemonsets: true - # clusterAgent.collection.kubernetesResources.deployments -- Enable / disable collection of Deployments. - deployments: true - # clusterAgent.collection.kubernetesResources.replicasets -- Enable / disable collection of ReplicaSets. - replicasets: true - # clusterAgent.collection.kubernetesResources.statefulsets -- Enable / disable collection of StatefulSets. - statefulsets: true - # clusterAgent.collection.kubernetesResources.ingresses -- Enable / disable collection of Ingresses. - ingresses: true - # clusterAgent.collection.kubernetesResources.cronjobs -- Enable / disable collection of CronJobs. - cronjobs: true - # clusterAgent.collection.kubernetesResources.jobs -- Enable / disable collection of Jobs. - jobs: true - # clusterAgent.collection.kubernetesResources.resourcequotas -- Enable / disable collection of ResourceQuotas. - resourcequotas: true - - # clusterAgent.config -- - config: - events: - # clusterAgent.config.events.categories -- Custom mapping from Kubernetes event reason to StackState event category. Categories allowed: Alerts, Activities, Changes, Others - categories: {} - topology: - # clusterAgent.config.topology.collectionInterval -- Interval for running topology collection, in seconds - collectionInterval: 90 - configMap: - # clusterAgent.config.configMap.maxDataSize -- Maximum amount of characters for the data property of a ConfigMap collected by the kubernetes topology check - maxDataSize: - # clusterAgent.config.override -- A list of objects containing three keys `name`, `path` and `data`, specifying filenames at specific paths which need to be (potentially) overridden using a mounted configmap - override: [] - - service: - # clusterAgent.service.port -- Change the Cluster Agent service port - port: 5005 - # clusterAgent.service.targetPort -- Change the Cluster Agent service targetPort - targetPort: 5005 - - # clusterAgent.enabled -- Enable / disable the cluster agent. - enabled: true - - # clusterAgent.skipSslValidation -- If true, ignores the server certificate being signed by an unknown authority. - skipSslValidation: false - - image: - # clusterAgent.image.repository -- Base container image repository. - repository: stackstate/stackstate-k8s-cluster-agent - # clusterAgent.image.tag -- Default container image tag. - tag: "10e27026" - # clusterAgent.image.pullPolicy -- Default container image pull policy. - pullPolicy: IfNotPresent - - livenessProbe: - # clusterAgent.livenessProbe.enabled -- Enable use of livenessProbe check. - enabled: true - # clusterAgent.livenessProbe.failureThreshold -- `failureThreshold` for the liveness probe. - failureThreshold: 3 - # clusterAgent.livenessProbe.initialDelaySeconds -- `initialDelaySeconds` for the liveness probe. - initialDelaySeconds: 15 - # clusterAgent.livenessProbe.periodSeconds -- `periodSeconds` for the liveness probe. - periodSeconds: 15 - # clusterAgent.livenessProbe.successThreshold -- `successThreshold` for the liveness probe. - successThreshold: 1 - # clusterAgent.livenessProbe.timeoutSeconds -- `timeoutSeconds` for the liveness probe. - timeoutSeconds: 5 - - # clusterAgent.logLevel -- Logging level for stackstate-k8s-agent processes. - logLevel: INFO - - # clusterAgent.priorityClassName -- Priority class for stackstate-k8s-agent pods. - priorityClassName: "" - - readinessProbe: - # clusterAgent.readinessProbe.enabled -- Enable use of readinessProbe check. - enabled: true - # clusterAgent.readinessProbe.failureThreshold -- `failureThreshold` for the readiness probe. - failureThreshold: 3 - # clusterAgent.readinessProbe.initialDelaySeconds -- `initialDelaySeconds` for the readiness probe. - initialDelaySeconds: 15 - # clusterAgent.readinessProbe.periodSeconds -- `periodSeconds` for the readiness probe. - periodSeconds: 15 - # clusterAgent.readinessProbe.successThreshold -- `successThreshold` for the readiness probe. - successThreshold: 1 - # clusterAgent.readinessProbe.timeoutSeconds -- `timeoutSeconds` for the readiness probe. - timeoutSeconds: 5 - - # clusterAgent.replicaCount -- Number of replicas of the cluster agent to deploy. - replicaCount: 1 - - serviceaccount: - # clusterAgent.serviceaccount.annotations -- Annotations for the service account for the cluster agent pods - annotations: {} - - # clusterAgent.strategy -- The strategy for the Deployment object. - strategy: - type: RollingUpdate - # rollingUpdate: - # maxUnavailable: 1 - - resources: - limits: - # clusterAgent.resources.limits.cpu -- CPU resource limits. - cpu: "400m" - # clusterAgent.resources.limits.memory -- Memory resource limits. - memory: "800Mi" - requests: - # clusterAgent.resources.requests.cpu -- CPU resource requests. - cpu: "70m" - # clusterAgent.resources.requests.memory -- Memory resource requests. - memory: "512Mi" - - # clusterAgent.nodeSelector -- Node labels for pod assignment. - nodeSelector: {} - - # clusterAgent.tolerations -- Toleration labels for pod assignment. - tolerations: [] - - # clusterAgent.affinity -- Affinity settings for pod assignment. - affinity: {} - -openShiftLogging: - # openShiftLogging.installSecret -- Install a secret for logging on openshift - installSecret: false - -logsAgent: - # logsAgent.enabled -- Enable / disable k8s pod log collection - enabled: true - - # logsAgent.skipSslValidation -- If true, ignores the server certificate being signed by an unknown authority. - skipSslValidation: false - - # logsAgent.priorityClassName -- Priority class for logsAgent pods. - priorityClassName: "" - - image: - # logsAgent.image.repository -- Base container image repository. - repository: stackstate/promtail - # logsAgent.image.tag -- Default container image tag. - tag: 2.9.8-5b179aee - # logsAgent.image.pullPolicy -- Default container image pull policy. - pullPolicy: IfNotPresent - - resources: - limits: - # logsAgent.resources.limits.cpu -- CPU resource limits. - cpu: "1300m" - # logsAgent.resources.limits.memory -- Memory resource limits. - memory: "192Mi" - requests: - # logsAgent.resources.requests.cpu -- CPU resource requests. - cpu: "20m" - # logsAgent.resources.requests.memory -- Memory resource requests. - memory: "100Mi" - - # logsAgent.updateStrategy -- The update strategy for the DaemonSet object. - updateStrategy: - type: RollingUpdate - rollingUpdate: - maxUnavailable: 100 - - # logsAgent.nodeSelector -- Node labels for pod assignment. - nodeSelector: {} - - # logsAgent.tolerations -- Toleration labels for pod assignment. - tolerations: [] - - # logsAgent.affinity -- Affinity settings for pod assignment. - affinity: {} - - serviceaccount: - # logsAgent.serviceaccount.annotations -- Annotations for the service account for the daemonset pods - annotations: {} - -checksAgent: - # checksAgent.enabled -- Enable / disable runnning cluster checks in a separately deployed pod - enabled: true - scc: - # checksAgent.scc.enabled -- Enable / disable the installation of the SecurityContextConfiguration needed for installation on OpenShift - enabled: false - apm: - # checksAgent.apm.enabled -- Enable / disable the agent APM module. - enabled: true - networkTracing: - # checksAgent.networkTracing.enabled -- Enable / disable the agent network tracing module. - enabled: true - processAgent: - # checksAgent.processAgent.enabled -- Enable / disable the agent process agent module. - enabled: true - # checksAgent.skipSslValidation -- Set to true if self signed certificates are used. - skipSslValidation: false - - # nodeAgent.checksTagCardinality -- low, orchestrator or high. Orchestrator level adds pod_name, high adds display_container_name - checksTagCardinality: orchestrator - - # checksAgent.config -- - config: - # checksAgent.config.override -- A list of objects containing three keys `name`, `path` and `data`, specifying filenames at specific paths which need to be (potentially) overridden using a mounted configmap - override: [] - - image: - # checksAgent.image.repository -- Base container image repository. - repository: stackstate/stackstate-k8s-agent - # checksAgent.image.tag -- Default container image tag. - tag: "10e27026" - # checksAgent.image.pullPolicy -- Default container image pull policy. - pullPolicy: IfNotPresent - - livenessProbe: - # checksAgent.livenessProbe.enabled -- Enable use of livenessProbe check. - enabled: true - # checksAgent.livenessProbe.failureThreshold -- `failureThreshold` for the liveness probe. - failureThreshold: 3 - # checksAgent.livenessProbe.initialDelaySeconds -- `initialDelaySeconds` for the liveness probe. - initialDelaySeconds: 15 - # checksAgent.livenessProbe.periodSeconds -- `periodSeconds` for the liveness probe. - periodSeconds: 15 - # checksAgent.livenessProbe.successThreshold -- `successThreshold` for the liveness probe. - successThreshold: 1 - # checksAgent.livenessProbe.timeoutSeconds -- `timeoutSeconds` for the liveness probe. - timeoutSeconds: 5 - - # checksAgent.logLevel -- Logging level for clusterchecks agent processes. - logLevel: INFO - - # checksAgent.priorityClassName -- Priority class for clusterchecks agent pods. - priorityClassName: "" - - readinessProbe: - # checksAgent.readinessProbe.enabled -- Enable use of readinessProbe check. - enabled: true - # checksAgent.readinessProbe.failureThreshold -- `failureThreshold` for the readiness probe. - failureThreshold: 3 - # checksAgent.readinessProbe.initialDelaySeconds -- `initialDelaySeconds` for the readiness probe. - initialDelaySeconds: 15 - # checksAgent.readinessProbe.periodSeconds -- `periodSeconds` for the readiness probe. - periodSeconds: 15 - # checksAgent.readinessProbe.successThreshold -- `successThreshold` for the readiness probe. - successThreshold: 1 - # checksAgent.readinessProbe.timeoutSeconds -- `timeoutSeconds` for the readiness probe. - timeoutSeconds: 5 - - # checksAgent.replicas -- Number of clusterchecks agent pods to schedule - replicas: 1 - - resources: - limits: - # checksAgent.resources.limits.cpu -- CPU resource limits. - cpu: "400m" - # checksAgent.resources.limits.memory -- Memory resource limits. - memory: "600Mi" - requests: - # checksAgent.resources.requests.cpu -- CPU resource requests. - cpu: "20m" - # checksAgent.resources.requests.memory -- Memory resource requests. - memory: "512Mi" - - serviceaccount: - # checksAgent.serviceaccount.annotations -- Annotations for the service account for the cluster checks pods - annotations: {} - - # checksAgent.strategy -- The strategy for the Deployment object. - strategy: - type: RollingUpdate - # rollingUpdate: - # maxUnavailable: 1 - - # checksAgent.nodeSelector -- Node labels for pod assignment. - nodeSelector: {} - - # checksAgent.tolerations -- Toleration labels for pod assignment. - tolerations: [] - - # checksAgent.affinity -- Affinity settings for pod assignment. - affinity: {} - -################################## -# http-header-injector variables # -################################## - -httpHeaderInjectorWebhook: - # httpHeaderInjectorWebhook.enabled -- Enable the webhook for injection http header injection sidecar proxy - enabled: false - -######################## -# StackState variables # -######################## - -stackstate: - # stackstate.manageOwnSecrets -- Set to true if you don't want this helm chart to create secrets for you. - manageOwnSecrets: false - # stackstate.customSecretName -- Name of the secret containing the receiver API key. - customSecretName: "" - # stackstate.customApiKeySecretKey -- Key in the secret containing the receiver API key. - customApiKeySecretKey: "sts-api-key" - # stackstate.customClusterAuthTokenSecretKey -- Key in the secret containing the cluster auth token. - customClusterAuthTokenSecretKey: "sts-cluster-auth-token" - # stackstate.apiKey -- (string) **PROVIDE YOUR API KEY HERE** API key to be used by the StackState agent. - apiKey: - cluster: - # stackstate.cluster.name -- (string) **PROVIDE KUBERNETES CLUSTER NAME HERE** Name of the Kubernetes cluster where the agent will be installed. - name: - # stackstate.cluster.authToken -- Provide a token to enable secure communication between the agent and the cluster agent. - authToken: "" - # stackstate.url -- (string) **PROVIDE STACKSTATE URL HERE** URL of the StackState installation to receive data from the agent. - url: diff --git a/charts/stackstate/stackstate-k8s-agent/1.0.96/.helmignore b/charts/stackstate/stackstate-k8s-agent/1.0.96/.helmignore deleted file mode 100644 index 15a5c1277..000000000 --- a/charts/stackstate/stackstate-k8s-agent/1.0.96/.helmignore +++ /dev/null @@ -1,26 +0,0 @@ -# Patterns to ignore when building packages. -# This supports shell glob matching, relative path matching, and -# negation (prefixed with !). Only one pattern per line. -.DS_Store -# Common VCS dirs -.git/ -.gitignore -.bzr/ -.bzrignore -.hg/ -.hgignore -.svn/ -# Common backup files -*.swp -*.bak -*.tmp -*~ -# Various IDEs -.project -.idea/ -*.tmproj -.vscode/ -linter_values.yaml -ci/ -installation/ -logo.svg diff --git a/charts/stackstate/stackstate-k8s-agent/1.0.96/Chart.lock b/charts/stackstate/stackstate-k8s-agent/1.0.96/Chart.lock deleted file mode 100644 index a8df83f13..000000000 --- a/charts/stackstate/stackstate-k8s-agent/1.0.96/Chart.lock +++ /dev/null @@ -1,6 +0,0 @@ -dependencies: -- name: http-header-injector - repository: https://helm.stackstate.io - version: 0.0.11 -digest: sha256:ae5ad7c3176f89b71aabef7cd75f99394750f4fffb9905b86fb45c345595c24c -generated: "2024-05-30T13:30:45.346757+02:00" diff --git a/charts/stackstate/stackstate-k8s-agent/1.0.96/Chart.yaml b/charts/stackstate/stackstate-k8s-agent/1.0.96/Chart.yaml deleted file mode 100644 index 5892973bb..000000000 --- a/charts/stackstate/stackstate-k8s-agent/1.0.96/Chart.yaml +++ /dev/null @@ -1,26 +0,0 @@ -annotations: - catalog.cattle.io/certified: partner - catalog.cattle.io/display-name: StackState Agent - catalog.cattle.io/kube-version: '>=1.19.0-0' - catalog.cattle.io/release-name: stackstate-k8s-agent -apiVersion: v2 -appVersion: 3.0.0 -dependencies: -- alias: httpHeaderInjectorWebhook - name: http-header-injector - repository: file://./charts/http-header-injector - version: 0.0.11 -deprecated: true -description: Helm chart for the StackState Agent. -home: https://github.com/StackVista/stackstate-agent -icon: file://assets/icons/stackstate-k8s-agent.svg -keywords: -- monitoring -- observability -- stackstate -kubeVersion: '>=1.19.0-0' -maintainers: -- email: ops@stackstate.com - name: Stackstate -name: stackstate-k8s-agent -version: 1.0.96 diff --git a/charts/stackstate/stackstate-k8s-agent/1.0.96/README.md b/charts/stackstate/stackstate-k8s-agent/1.0.96/README.md deleted file mode 100644 index a026f5b1a..000000000 --- a/charts/stackstate/stackstate-k8s-agent/1.0.96/README.md +++ /dev/null @@ -1,263 +0,0 @@ -# stackstate-k8s-agent - -Helm chart for the StackState Agent. - -Current chart version is `1.0.96` - -**Homepage:** - -## Requirements - -| Repository | Name | Version | -|------------|------|---------| -| https://helm.stackstate.io | httpHeaderInjectorWebhook(http-header-injector) | 0.0.11 | - -## Required Values - -In order to successfully install this chart, you **must** provide the following variables: - -* `stackstate.apiKey` -* `stackstate.cluster.name` -* `stackstate.url` - -The parameter `stackstate.cluster.name` is entered when installing the Cluster Agent StackPack. - -Install them on the command line on Helm with the following command: - -```shell -helm install \ ---set-string 'stackstate.apiKey'='' \ ---set-string 'stackstate.cluster.name'='' \ ---set-string 'stackstate.url'='' \ -stackstate/stackstate-k8s-agent -``` - -## Recommended Values - -It is also recommended that you set a value for `stackstate.cluster.authToken`. If it is not provided, a value will be generated for you, but the value will change each time an upgrade is performed. - -The command for **also** installing with a set token would be: - -```shell -helm install \ ---set-string 'stackstate.apiKey'='' \ ---set-string 'stackstate.cluster.name'='' \ ---set-string 'stackstate.cluster.authToken'='' \ ---set-string 'stackstate.url'='' \ -stackstate/stackstate-k8s-agent -``` - -## Values - -| Key | Type | Default | Description | -|-----|------|---------|-------------| -| all.hardening.enabled | bool | `false` | An indication of whether the containers will be evaluated for hardening at runtime | -| all.image.registry | string | `"quay.io"` | The image registry to use. | -| checksAgent.affinity | object | `{}` | Affinity settings for pod assignment. | -| checksAgent.apm.enabled | bool | `true` | Enable / disable the agent APM module. | -| checksAgent.checksTagCardinality | string | `"orchestrator"` | | -| checksAgent.config | object | `{"override":[]}` | | -| checksAgent.config.override | list | `[]` | A list of objects containing three keys `name`, `path` and `data`, specifying filenames at specific paths which need to be (potentially) overridden using a mounted configmap | -| checksAgent.enabled | bool | `true` | Enable / disable runnning cluster checks in a separately deployed pod | -| checksAgent.image.pullPolicy | string | `"IfNotPresent"` | Default container image pull policy. | -| checksAgent.image.repository | string | `"stackstate/stackstate-k8s-agent"` | Base container image repository. | -| checksAgent.image.tag | string | `"c4caacef"` | Default container image tag. | -| checksAgent.livenessProbe.enabled | bool | `true` | Enable use of livenessProbe check. | -| checksAgent.livenessProbe.failureThreshold | int | `3` | `failureThreshold` for the liveness probe. | -| checksAgent.livenessProbe.initialDelaySeconds | int | `15` | `initialDelaySeconds` for the liveness probe. | -| checksAgent.livenessProbe.periodSeconds | int | `15` | `periodSeconds` for the liveness probe. | -| checksAgent.livenessProbe.successThreshold | int | `1` | `successThreshold` for the liveness probe. | -| checksAgent.livenessProbe.timeoutSeconds | int | `5` | `timeoutSeconds` for the liveness probe. | -| checksAgent.logLevel | string | `"INFO"` | Logging level for clusterchecks agent processes. | -| checksAgent.networkTracing.enabled | bool | `true` | Enable / disable the agent network tracing module. | -| checksAgent.nodeSelector | object | `{}` | Node labels for pod assignment. | -| checksAgent.priorityClassName | string | `""` | Priority class for clusterchecks agent pods. | -| checksAgent.processAgent.enabled | bool | `true` | Enable / disable the agent process agent module. | -| checksAgent.readinessProbe.enabled | bool | `true` | Enable use of readinessProbe check. | -| checksAgent.readinessProbe.failureThreshold | int | `3` | `failureThreshold` for the readiness probe. | -| checksAgent.readinessProbe.initialDelaySeconds | int | `15` | `initialDelaySeconds` for the readiness probe. | -| checksAgent.readinessProbe.periodSeconds | int | `15` | `periodSeconds` for the readiness probe. | -| checksAgent.readinessProbe.successThreshold | int | `1` | `successThreshold` for the readiness probe. | -| checksAgent.readinessProbe.timeoutSeconds | int | `5` | `timeoutSeconds` for the readiness probe. | -| checksAgent.replicas | int | `1` | Number of clusterchecks agent pods to schedule | -| checksAgent.resources.limits.cpu | string | `"400m"` | CPU resource limits. | -| checksAgent.resources.limits.memory | string | `"600Mi"` | Memory resource limits. | -| checksAgent.resources.requests.cpu | string | `"20m"` | CPU resource requests. | -| checksAgent.resources.requests.memory | string | `"512Mi"` | Memory resource requests. | -| checksAgent.scc.enabled | bool | `false` | Enable / disable the installation of the SecurityContextConfiguration needed for installation on OpenShift | -| checksAgent.serviceaccount.annotations | object | `{}` | Annotations for the service account for the cluster checks pods | -| checksAgent.skipSslValidation | bool | `false` | Set to true if self signed certificates are used. | -| checksAgent.strategy | object | `{"type":"RollingUpdate"}` | The strategy for the Deployment object. | -| checksAgent.tolerations | list | `[]` | Toleration labels for pod assignment. | -| clusterAgent.affinity | object | `{}` | Affinity settings for pod assignment. | -| clusterAgent.collection.kubeStateMetrics.annotationsAsTags | object | `{}` | Extra annotations to collect from resources and to turn into StackState tag. | -| clusterAgent.collection.kubeStateMetrics.clusterCheck | bool | `false` | For large clusters where the Kubernetes State Metrics Check Core needs to be distributed on dedicated workers. | -| clusterAgent.collection.kubeStateMetrics.enabled | bool | `true` | Enable / disable the cluster agent kube-state-metrics collection. | -| clusterAgent.collection.kubeStateMetrics.labelsAsTags | object | `{}` | Extra labels to collect from resources and to turn into StackState tag. # It has the following structure: # labelsAsTags: # : # can be pod, deployment, node, etc. # : # where is the kubernetes label and is the StackState tag # : # : # : # # Warning: the label must match the transformation done by kube-state-metrics, # for example tags.stackstate/version becomes tags_stackstate_version. | -| clusterAgent.collection.kubernetesEvents | bool | `true` | Enable / disable the cluster agent events collection. | -| clusterAgent.collection.kubernetesMetrics | bool | `true` | Enable / disable the cluster agent metrics collection. | -| clusterAgent.collection.kubernetesResources.configmaps | bool | `true` | Enable / disable collection of ConfigMaps. | -| clusterAgent.collection.kubernetesResources.cronjobs | bool | `true` | Enable / disable collection of CronJobs. | -| clusterAgent.collection.kubernetesResources.daemonsets | bool | `true` | Enable / disable collection of DaemonSets. | -| clusterAgent.collection.kubernetesResources.deployments | bool | `true` | Enable / disable collection of Deployments. | -| clusterAgent.collection.kubernetesResources.endpoints | bool | `true` | Enable / disable collection of Endpoints. If endpoints are disabled then StackState won't be able to connect a Service to Pods that serving it | -| clusterAgent.collection.kubernetesResources.horizontalpodautoscalers | bool | `true` | Enable / disable collection of HorizontalPodAutoscalers. | -| clusterAgent.collection.kubernetesResources.ingresses | bool | `true` | Enable / disable collection of Ingresses. | -| clusterAgent.collection.kubernetesResources.jobs | bool | `true` | Enable / disable collection of Jobs. | -| clusterAgent.collection.kubernetesResources.limitranges | bool | `true` | Enable / disable collection of LimitRanges. | -| clusterAgent.collection.kubernetesResources.namespaces | bool | `true` | Enable / disable collection of Namespaces. | -| clusterAgent.collection.kubernetesResources.persistentvolumeclaims | bool | `true` | Enable / disable collection of PersistentVolumeClaims. Disabling these will not let StackState connect PersistentVolumes to pods they are attached to | -| clusterAgent.collection.kubernetesResources.persistentvolumes | bool | `true` | Enable / disable collection of PersistentVolumes. | -| clusterAgent.collection.kubernetesResources.poddisruptionbudgets | bool | `true` | Enable / disable collection of PodDisruptionBudgets. | -| clusterAgent.collection.kubernetesResources.replicasets | bool | `true` | Enable / disable collection of ReplicaSets. | -| clusterAgent.collection.kubernetesResources.replicationcontrollers | bool | `true` | Enable / disable collection of ReplicationControllers. | -| clusterAgent.collection.kubernetesResources.resourcequotas | bool | `true` | Enable / disable collection of ResourceQuotas. | -| clusterAgent.collection.kubernetesResources.secrets | bool | `true` | Enable / disable collection of Secrets. | -| clusterAgent.collection.kubernetesResources.statefulsets | bool | `true` | Enable / disable collection of StatefulSets. | -| clusterAgent.collection.kubernetesResources.storageclasses | bool | `true` | Enable / disable collection of StorageClasses. | -| clusterAgent.collection.kubernetesResources.volumeattachments | bool | `true` | Enable / disable collection of Volume Attachments. Used to bind Nodes to Persistent Volumes. | -| clusterAgent.collection.kubernetesTimeout | int | `10` | Default timeout (in seconds) when obtaining information from the Kubernetes API. | -| clusterAgent.collection.kubernetesTopology | bool | `true` | Enable / disable the cluster agent topology collection. | -| clusterAgent.config | object | `{"configMap":{"maxDataSize":null},"events":{"categories":{}},"override":[],"topology":{"collectionInterval":90}}` | | -| clusterAgent.config.configMap.maxDataSize | string | `nil` | Maximum amount of characters for the data property of a ConfigMap collected by the kubernetes topology check | -| clusterAgent.config.events.categories | object | `{}` | Custom mapping from Kubernetes event reason to StackState event category. Categories allowed: Alerts, Activities, Changes, Others | -| clusterAgent.config.override | list | `[]` | A list of objects containing three keys `name`, `path` and `data`, specifying filenames at specific paths which need to be (potentially) overridden using a mounted configmap | -| clusterAgent.config.topology.collectionInterval | int | `90` | Interval for running topology collection, in seconds | -| clusterAgent.enabled | bool | `true` | Enable / disable the cluster agent. | -| clusterAgent.image.pullPolicy | string | `"IfNotPresent"` | Default container image pull policy. | -| clusterAgent.image.repository | string | `"stackstate/stackstate-k8s-cluster-agent"` | Base container image repository. | -| clusterAgent.image.tag | string | `"c4caacef"` | Default container image tag. | -| clusterAgent.livenessProbe.enabled | bool | `true` | Enable use of livenessProbe check. | -| clusterAgent.livenessProbe.failureThreshold | int | `3` | `failureThreshold` for the liveness probe. | -| clusterAgent.livenessProbe.initialDelaySeconds | int | `15` | `initialDelaySeconds` for the liveness probe. | -| clusterAgent.livenessProbe.periodSeconds | int | `15` | `periodSeconds` for the liveness probe. | -| clusterAgent.livenessProbe.successThreshold | int | `1` | `successThreshold` for the liveness probe. | -| clusterAgent.livenessProbe.timeoutSeconds | int | `5` | `timeoutSeconds` for the liveness probe. | -| clusterAgent.logLevel | string | `"INFO"` | Logging level for stackstate-k8s-agent processes. | -| clusterAgent.nodeSelector | object | `{}` | Node labels for pod assignment. | -| clusterAgent.priorityClassName | string | `""` | Priority class for stackstate-k8s-agent pods. | -| clusterAgent.readinessProbe.enabled | bool | `true` | Enable use of readinessProbe check. | -| clusterAgent.readinessProbe.failureThreshold | int | `3` | `failureThreshold` for the readiness probe. | -| clusterAgent.readinessProbe.initialDelaySeconds | int | `15` | `initialDelaySeconds` for the readiness probe. | -| clusterAgent.readinessProbe.periodSeconds | int | `15` | `periodSeconds` for the readiness probe. | -| clusterAgent.readinessProbe.successThreshold | int | `1` | `successThreshold` for the readiness probe. | -| clusterAgent.readinessProbe.timeoutSeconds | int | `5` | `timeoutSeconds` for the readiness probe. | -| clusterAgent.replicaCount | int | `1` | Number of replicas of the cluster agent to deploy. | -| clusterAgent.resources.limits.cpu | string | `"400m"` | CPU resource limits. | -| clusterAgent.resources.limits.memory | string | `"800Mi"` | Memory resource limits. | -| clusterAgent.resources.requests.cpu | string | `"70m"` | CPU resource requests. | -| clusterAgent.resources.requests.memory | string | `"512Mi"` | Memory resource requests. | -| clusterAgent.service.port | int | `5005` | Change the Cluster Agent service port | -| clusterAgent.service.targetPort | int | `5005` | Change the Cluster Agent service targetPort | -| clusterAgent.serviceaccount.annotations | object | `{}` | Annotations for the service account for the cluster agent pods | -| clusterAgent.skipSslValidation | bool | `false` | If true, ignores the server certificate being signed by an unknown authority. | -| clusterAgent.strategy | object | `{"type":"RollingUpdate"}` | The strategy for the Deployment object. | -| clusterAgent.tolerations | list | `[]` | Toleration labels for pod assignment. | -| fullnameOverride | string | `""` | Override the fullname of the chart. | -| global.extraAnnotations | object | `{}` | Extra annotations added ta all resources created by the helm chart | -| global.extraEnv.open | object | `{}` | Extra open environment variables to inject into pods. | -| global.extraEnv.secret | object | `{}` | Extra secret environment variables to inject into pods via a `Secret` object. | -| global.extraLabels | object | `{}` | Extra labels added ta all resources created by the helm chart | -| global.imagePullCredentials | object | `{}` | Globally define credentials for pulling images. | -| global.imagePullSecrets | list | `[]` | Secrets / credentials needed for container image registry. | -| global.proxy.url | string | `""` | Proxy for all traffic to stackstate | -| global.skipSslValidation | bool | `false` | Enable tls validation from client | -| httpHeaderInjectorWebhook.enabled | bool | `false` | Enable the webhook for injection http header injection sidecar proxy | -| logsAgent.affinity | object | `{}` | Affinity settings for pod assignment. | -| logsAgent.enabled | bool | `true` | Enable / disable k8s pod log collection | -| logsAgent.image.pullPolicy | string | `"IfNotPresent"` | Default container image pull policy. | -| logsAgent.image.repository | string | `"stackstate/promtail"` | Base container image repository. | -| logsAgent.image.tag | string | `"2.9.8-5b179aee"` | Default container image tag. | -| logsAgent.nodeSelector | object | `{}` | Node labels for pod assignment. | -| logsAgent.priorityClassName | string | `""` | Priority class for logsAgent pods. | -| logsAgent.resources.limits.cpu | string | `"1300m"` | CPU resource limits. | -| logsAgent.resources.limits.memory | string | `"192Mi"` | Memory resource limits. | -| logsAgent.resources.requests.cpu | string | `"20m"` | CPU resource requests. | -| logsAgent.resources.requests.memory | string | `"100Mi"` | Memory resource requests. | -| logsAgent.serviceaccount.annotations | object | `{}` | Annotations for the service account for the daemonset pods | -| logsAgent.skipSslValidation | bool | `false` | If true, ignores the server certificate being signed by an unknown authority. | -| logsAgent.tolerations | list | `[]` | Toleration labels for pod assignment. | -| logsAgent.updateStrategy | object | `{"rollingUpdate":{"maxUnavailable":100},"type":"RollingUpdate"}` | The update strategy for the DaemonSet object. | -| nameOverride | string | `""` | Override the name of the chart. | -| nodeAgent.affinity | object | `{}` | Affinity settings for pod assignment. | -| nodeAgent.apm.enabled | bool | `true` | Enable / disable the nodeAgent APM module. | -| nodeAgent.autoScalingEnabled | bool | `false` | Enable / disable autoscaling for the node agent pods. | -| nodeAgent.checksTagCardinality | string | `"orchestrator"` | low, orchestrator or high. Orchestrator level adds pod_name, high adds display_container_name | -| nodeAgent.config | object | `{"override":[]}` | | -| nodeAgent.config.override | list | `[]` | A list of objects containing three keys `name`, `path` and `data`, specifying filenames at specific paths which need to be (potentially) overridden using a mounted configmap | -| nodeAgent.containerRuntime.customSocketPath | string | `""` | If the container socket path does not match the default for CRI-O, Containerd or Docker, supply a custom socket path. | -| nodeAgent.containerRuntime.hostProc | string | `"/proc"` | | -| nodeAgent.containers.agent.env | object | `{}` | Additional environment variables for the agent container | -| nodeAgent.containers.agent.image.pullPolicy | string | `"IfNotPresent"` | Default container image pull policy. | -| nodeAgent.containers.agent.image.repository | string | `"stackstate/stackstate-k8s-agent"` | Base container image repository. | -| nodeAgent.containers.agent.image.tag | string | `"c4caacef"` | Default container image tag. | -| nodeAgent.containers.agent.livenessProbe.enabled | bool | `true` | Enable use of livenessProbe check. | -| nodeAgent.containers.agent.livenessProbe.failureThreshold | int | `3` | `failureThreshold` for the liveness probe. | -| nodeAgent.containers.agent.livenessProbe.initialDelaySeconds | int | `15` | `initialDelaySeconds` for the liveness probe. | -| nodeAgent.containers.agent.livenessProbe.periodSeconds | int | `15` | `periodSeconds` for the liveness probe. | -| nodeAgent.containers.agent.livenessProbe.successThreshold | int | `1` | `successThreshold` for the liveness probe. | -| nodeAgent.containers.agent.livenessProbe.timeoutSeconds | int | `5` | `timeoutSeconds` for the liveness probe. | -| nodeAgent.containers.agent.logLevel | string | `nil` | Set logging verbosity, valid log levels are: trace, debug, info, warn, error, critical, and off # If not set, fall back to the value of agent.logLevel. | -| nodeAgent.containers.agent.processAgent.enabled | bool | `false` | Enable / disable the agent process agent module. - deprecated | -| nodeAgent.containers.agent.readinessProbe.enabled | bool | `true` | Enable use of readinessProbe check. | -| nodeAgent.containers.agent.readinessProbe.failureThreshold | int | `3` | `failureThreshold` for the readiness probe. | -| nodeAgent.containers.agent.readinessProbe.initialDelaySeconds | int | `15` | `initialDelaySeconds` for the readiness probe. | -| nodeAgent.containers.agent.readinessProbe.periodSeconds | int | `15` | `periodSeconds` for the readiness probe. | -| nodeAgent.containers.agent.readinessProbe.successThreshold | int | `1` | `successThreshold` for the readiness probe. | -| nodeAgent.containers.agent.readinessProbe.timeoutSeconds | int | `5` | `timeoutSeconds` for the readiness probe. | -| nodeAgent.containers.agent.resources.limits.cpu | string | `"270m"` | CPU resource limits. | -| nodeAgent.containers.agent.resources.limits.memory | string | `"420Mi"` | Memory resource limits. | -| nodeAgent.containers.agent.resources.requests.cpu | string | `"20m"` | CPU resource requests. | -| nodeAgent.containers.agent.resources.requests.memory | string | `"180Mi"` | Memory resource requests. | -| nodeAgent.containers.processAgent.enabled | bool | `true` | Enable / disable the process agent container. | -| nodeAgent.containers.processAgent.env | object | `{}` | Additional environment variables for the process-agent container | -| nodeAgent.containers.processAgent.image.pullPolicy | string | `"IfNotPresent"` | Process-agent container image pull policy. | -| nodeAgent.containers.processAgent.image.registry | string | `nil` | | -| nodeAgent.containers.processAgent.image.repository | string | `"stackstate/stackstate-k8s-process-agent"` | Process-agent container image repository. | -| nodeAgent.containers.processAgent.image.tag | string | `"cae7a4fa"` | Default process-agent container image tag. | -| nodeAgent.containers.processAgent.logLevel | string | `nil` | Set logging verbosity, valid log levels are: trace, debug, info, warn, error, critical, and off # If not set, fall back to the value of agent.logLevel. | -| nodeAgent.containers.processAgent.procVolumeReadOnly | bool | `true` | Configure whether /host/proc is read only for the process agent container | -| nodeAgent.containers.processAgent.resources.limits.cpu | string | `"125m"` | CPU resource limits. | -| nodeAgent.containers.processAgent.resources.limits.memory | string | `"400Mi"` | Memory resource limits. | -| nodeAgent.containers.processAgent.resources.requests.cpu | string | `"25m"` | CPU resource requests. | -| nodeAgent.containers.processAgent.resources.requests.memory | string | `"128Mi"` | Memory resource requests. | -| nodeAgent.httpTracing.enabled | bool | `true` | | -| nodeAgent.logLevel | string | `"INFO"` | Logging level for agent processes. | -| nodeAgent.networkTracing.enabled | bool | `true` | Enable / disable the nodeAgent network tracing module. | -| nodeAgent.nodeSelector | object | `{}` | Node labels for pod assignment. | -| nodeAgent.priorityClassName | string | `""` | Priority class for nodeAgent pods. | -| nodeAgent.protocolInspection.enabled | bool | `true` | Enable / disable the nodeAgent protocol inspection. | -| nodeAgent.scaling.autoscalerLimits.agent.maximum.cpu | string | `"200m"` | Maximum CPU resource limits for main agent. | -| nodeAgent.scaling.autoscalerLimits.agent.maximum.memory | string | `"450Mi"` | Maximum memory resource limits for main agent. | -| nodeAgent.scaling.autoscalerLimits.agent.minimum.cpu | string | `"20m"` | Minimum CPU resource limits for main agent. | -| nodeAgent.scaling.autoscalerLimits.agent.minimum.memory | string | `"180Mi"` | Minimum memory resource limits for main agent. | -| nodeAgent.scaling.autoscalerLimits.processAgent.maximum.cpu | string | `"200m"` | Maximum CPU resource limits for process agent. | -| nodeAgent.scaling.autoscalerLimits.processAgent.maximum.memory | string | `"500Mi"` | Maximum memory resource limits for process agent. | -| nodeAgent.scaling.autoscalerLimits.processAgent.minimum.cpu | string | `"25m"` | Minimum CPU resource limits for process agent. | -| nodeAgent.scaling.autoscalerLimits.processAgent.minimum.memory | string | `"100Mi"` | Minimum memory resource limits for process agent. | -| nodeAgent.scc.enabled | bool | `false` | Enable / disable the installation of the SecurityContextConfiguration needed for installation on OpenShift. | -| nodeAgent.service | object | `{"annotations":{},"loadBalancerSourceRanges":["10.0.0.0/8"],"type":"ClusterIP"}` | The Kubernetes service for the agent | -| nodeAgent.service.annotations | object | `{}` | Annotations for the service | -| nodeAgent.service.loadBalancerSourceRanges | list | `["10.0.0.0/8"]` | The IP4 CIDR allowed to reach LoadBalancer for the service. For LoadBalancer type of service only. | -| nodeAgent.service.type | string | `"ClusterIP"` | Type of Kubernetes service: ClusterIP, LoadBalancer, NodePort | -| nodeAgent.serviceaccount.annotations | object | `{}` | Annotations for the service account for the agent daemonset pods | -| nodeAgent.skipKubeletTLSVerify | bool | `false` | Set to true if you want to skip kubelet tls verification. | -| nodeAgent.skipSslValidation | bool | `false` | Set to true if self signed certificates are used. | -| nodeAgent.tolerations | list | `[]` | Toleration labels for pod assignment. | -| nodeAgent.updateStrategy | object | `{"rollingUpdate":{"maxUnavailable":100},"type":"RollingUpdate"}` | The update strategy for the DaemonSet object. | -| openShiftLogging.installSecret | bool | `false` | Install a secret for logging on openshift | -| processAgent.checkIntervals.connections | int | `30` | Override the default value of the connections check interval in seconds. | -| processAgent.checkIntervals.container | int | `28` | Override the default value of the container check interval in seconds. | -| processAgent.checkIntervals.process | int | `32` | Override the default value of the process check interval in seconds. | -| processAgent.softMemoryLimit.goMemLimit | string | `"340MiB"` | Soft-limit for golang heap allocation, for sanity, must be around 85% of nodeAgent.containers.processAgent.resources.limits.cpu. | -| processAgent.softMemoryLimit.httpObservationsBufferSize | int | `40000` | Sets a maximum for the number of http observations to keep in memory between check runs, to use 40k requires around ~400Mib of memory. | -| processAgent.softMemoryLimit.httpStatsBufferSize | int | `40000` | Sets a maximum for the number of http stats to keep in memory between check runs, to use 40k requires around ~400Mib of memory. | -| stackstate.apiKey | string | `nil` | **PROVIDE YOUR API KEY HERE** API key to be used by the StackState agent. | -| stackstate.cluster.authToken | string | `""` | Provide a token to enable secure communication between the agent and the cluster agent. | -| stackstate.cluster.name | string | `nil` | **PROVIDE KUBERNETES CLUSTER NAME HERE** Name of the Kubernetes cluster where the agent will be installed. | -| stackstate.customApiKeySecretKey | string | `"sts-api-key"` | Key in the secret containing the receiver API key. | -| stackstate.customClusterAuthTokenSecretKey | string | `"sts-cluster-auth-token"` | Key in the secret containing the cluster auth token. | -| stackstate.customSecretName | string | `""` | Name of the secret containing the receiver API key. | -| stackstate.manageOwnSecrets | bool | `false` | Set to true if you don't want this helm chart to create secrets for you. | -| stackstate.url | string | `nil` | **PROVIDE STACKSTATE URL HERE** URL of the StackState installation to receive data from the agent. | -| targetSystem | string | `"linux"` | Target OS for this deployment (possible values: linux) | diff --git a/charts/stackstate/stackstate-k8s-agent/1.0.96/README.md.gotmpl b/charts/stackstate/stackstate-k8s-agent/1.0.96/README.md.gotmpl deleted file mode 100644 index 7909e6f0d..000000000 --- a/charts/stackstate/stackstate-k8s-agent/1.0.96/README.md.gotmpl +++ /dev/null @@ -1,45 +0,0 @@ -{{ template "chart.header" . }} -{{ template "chart.description" . }} - -Current chart version is `{{ template "chart.version" . }}` - -{{ template "chart.homepageLine" . }} - -{{ template "chart.requirementsSection" . }} - -## Required Values - -In order to successfully install this chart, you **must** provide the following variables: - -* `stackstate.apiKey` -* `stackstate.cluster.name` -* `stackstate.url` - -The parameter `stackstate.cluster.name` is entered when installing the Cluster Agent StackPack. - -Install them on the command line on Helm with the following command: - -```shell -helm install \ ---set-string 'stackstate.apiKey'='' \ ---set-string 'stackstate.cluster.name'='' \ ---set-string 'stackstate.url'='' \ -stackstate/stackstate-k8s-agent -``` - -## Recommended Values - -It is also recommended that you set a value for `stackstate.cluster.authToken`. If it is not provided, a value will be generated for you, but the value will change each time an upgrade is performed. - -The command for **also** installing with a set token would be: - -```shell -helm install \ ---set-string 'stackstate.apiKey'='' \ ---set-string 'stackstate.cluster.name'='' \ ---set-string 'stackstate.cluster.authToken'='' \ ---set-string 'stackstate.url'='' \ -stackstate/stackstate-k8s-agent -``` - -{{ template "chart.valuesSection" . }} diff --git a/charts/stackstate/stackstate-k8s-agent/1.0.96/Releasing.md b/charts/stackstate/stackstate-k8s-agent/1.0.96/Releasing.md deleted file mode 100644 index bab6c2b94..000000000 --- a/charts/stackstate/stackstate-k8s-agent/1.0.96/Releasing.md +++ /dev/null @@ -1,15 +0,0 @@ -To make a new release of this helm chart, follow the following steps: - - -- Create a branch from master -- Set the latest tags for the docker images, based on the dev settings (while we do not promote to prod, the moment we promote to prod we should take those tags) from https://gitlab.com/stackvista/devops/agent-promoter/-/blob/master/config.yml. Set the value to the folowing keys: - * stackstate-k8s-cluster-agent: - * [clusterAgent.image.tag] - * stackstate-k8s-agent: - * [nodeAgent.containers.agent.image.tag] - * [checksAgent.image.tag] - * stackstate-k8s-process-agent: - * [nodeAgent.containers.processAgent.image.tag] -- Bump the version of the chart -- Merge the mr and hit the public release button on the ci pipeline -- Manually smoke-test (deploy) the newly released stackstate/stackstate-k8s-agent chart to make sure it runs diff --git a/charts/stackstate/stackstate-k8s-agent/1.0.96/app-readme.md b/charts/stackstate/stackstate-k8s-agent/1.0.96/app-readme.md deleted file mode 100644 index 8025fe1d3..000000000 --- a/charts/stackstate/stackstate-k8s-agent/1.0.96/app-readme.md +++ /dev/null @@ -1,5 +0,0 @@ -## Introduction - -StackState is a modern Application Troubleshooting and Observability solution designed for the rapid evolving engineering landscape. With specific enhancements for Kubernetes environments it empowers engineers, allowing them to remediate application issues independently in production. - -The StackState Agent auto-discovers your entire environment in minutes, assimilating topology, logs, metrics, and events and sends this of to the StackState server. By using StackState you're able to tracke all activity in your environment in real-time and over time. StackState provides instant understanding of the business impact of an issue, offering end-to-end chain observability and ensuring that you can quickly correlate any product or environmental changes to the overall health of your cloud-native implementation. diff --git a/charts/stackstate/stackstate-k8s-agent/1.0.96/charts/http-header-injector/.helmignore b/charts/stackstate/stackstate-k8s-agent/1.0.96/charts/http-header-injector/.helmignore deleted file mode 100644 index 69790771c..000000000 --- a/charts/stackstate/stackstate-k8s-agent/1.0.96/charts/http-header-injector/.helmignore +++ /dev/null @@ -1,25 +0,0 @@ -# Patterns to ignore when building packages. -# This supports shell glob matching, relative path matching, and -# negation (prefixed with !). Only one pattern per line. -.DS_Store -# Common VCS dirs -.git/ -.gitignore -.bzr/ -.bzrignore -.hg/ -.hgignore -.svn/ -# Common backup files -*.swp -*.bak -*.tmp -*~ -# Various IDEs -.project -.idea/ -*.tmproj -.vscode/ -linter_values.yaml -ci/ -installation/ diff --git a/charts/stackstate/stackstate-k8s-agent/1.0.96/charts/http-header-injector/Chart.yaml b/charts/stackstate/stackstate-k8s-agent/1.0.96/charts/http-header-injector/Chart.yaml deleted file mode 100644 index ff28ae8da..000000000 --- a/charts/stackstate/stackstate-k8s-agent/1.0.96/charts/http-header-injector/Chart.yaml +++ /dev/null @@ -1,15 +0,0 @@ -apiVersion: v2 -appVersion: 0.0.1 -description: 'Helm chart for deploying the http-header-injector sidecar, which automatically - injects x-request-id into http traffic going through the cluster for pods which - have the annotation `http-header-injector.stackstate.io/inject: enabled` is set. ' -home: https://github.com/StackVista/http-header-injector -icon: https://www.stackstate.com/wp-content/uploads/2019/02/152x152-favicon.png -keywords: -- monitoring -- stackstate -maintainers: -- email: ops@stackstate.com - name: Stackstate Lupulus Team -name: http-header-injector -version: 0.0.11 diff --git a/charts/stackstate/stackstate-k8s-agent/1.0.96/charts/http-header-injector/README.md b/charts/stackstate/stackstate-k8s-agent/1.0.96/charts/http-header-injector/README.md deleted file mode 100644 index 840ff5240..000000000 --- a/charts/stackstate/stackstate-k8s-agent/1.0.96/charts/http-header-injector/README.md +++ /dev/null @@ -1,56 +0,0 @@ -# http-header-injector - -![Version: 0.0.11](https://img.shields.io/badge/Version-0.0.11-informational?style=flat-square) ![AppVersion: 0.0.1](https://img.shields.io/badge/AppVersion-0.0.1-informational?style=flat-square) - -Helm chart for deploying the http-header-injector sidecar, which automatically injects x-request-id into http traffic -going through the cluster for pods which have the annotation `http-header-injector.stackstate.io/inject: enabled` is set. - -**Homepage:** - -## Maintainers - -| Name | Email | Url | -| ---- | ------ | --- | -| Stackstate Lupulus Team | | | - -## Values - -| Key | Type | Default | Description | -|-----|------|---------|-------------| -| certificatePrehook | object | `{"image":{"pullPolicy":"IfNotPresent","registry":null,"repository":"stackstate/container-tools","tag":"1.4.0"},"resources":{"limits":{"cpu":"100m","memory":"200Mi"},"requests":{"cpu":"100m","memory":"200Mi"}}}` | Helm prehook to setup/remove a certificate for the sidecarInjector mutationwebhook | -| certificatePrehook.image.pullPolicy | string | `"IfNotPresent"` | Policy when pulling an image | -| certificatePrehook.image.registry | string | `nil` | Registry for the docker image. | -| certificatePrehook.image.tag | string | `"1.4.0"` | The tag for the docker image | -| debug | bool | `false` | Enable debugging. This will leave leave artifacts around like the prehook jobs for further inspection | -| enabled | bool | `true` | Enable/disable the mutationwebhook | -| global.extraAnnotations | object | `{}` | Extra annotations added ta all resources created by the helm chart | -| global.extraLabels | object | `{}` | Extra labels added ta all resources created by the helm chart | -| global.imagePullCredentials | object | `{}` | Globally define credentials for pulling images. | -| global.imagePullSecrets | list | `[]` | Globally add image pull secrets that are used. | -| global.imageRegistry | string | `nil` | Globally override the image registry that is used. Can be overridden by specific containers. Defaults to quay.io | -| images.pullSecretName | string | `nil` | | -| proxy | object | `{"image":{"pullPolicy":"IfNotPresent","registry":null,"repository":"stackstate/http-header-injector-proxy","tag":"sha-5ff79451"},"resources":{"limits":{"memory":"40Mi"},"requests":{"memory":"25Mi"}}}` | Proxy being injected into pods for rewriting http headers | -| proxy.image.pullPolicy | string | `"IfNotPresent"` | Policy when pulling an image | -| proxy.image.registry | string | `nil` | Registry for the docker image. | -| proxy.image.tag | string | `"sha-5ff79451"` | The tag for the docker image | -| proxy.resources.limits.memory | string | `"40Mi"` | Memory resource limits. | -| proxy.resources.requests.memory | string | `"25Mi"` | Memory resource requests. | -| proxyInit | object | `{"image":{"pullPolicy":"IfNotPresent","registry":null,"repository":"stackstate/http-header-injector-proxy-init","tag":"sha-5ff79451"}}` | InitContainer within pod which redirects traffic to the proxy container. | -| proxyInit.image.pullPolicy | string | `"IfNotPresent"` | Policy when pulling an image | -| proxyInit.image.registry | string | `nil` | Registry for the docker image | -| proxyInit.image.tag | string | `"sha-5ff79451"` | The tag for the docker image | -| sidecarInjector | object | `{"image":{"pullPolicy":"IfNotPresent","registry":null,"repository":"stackstate/generic-sidecar-injector","tag":"sha-9c852245"}}` | Service for injecting the proxy sidecar into pods | -| sidecarInjector.image.pullPolicy | string | `"IfNotPresent"` | Policy when pulling an image | -| sidecarInjector.image.registry | string | `nil` | Registry for the docker image. | -| sidecarInjector.image.tag | string | `"sha-9c852245"` | The tag for the docker image | -| webhook | object | `{"failurePolicy":"Ignore","tls":{"certManager":{"issuer":"","issuerKind":"ClusterIssuer","issuerNamespace":""},"mode":"generated","provided":{"caBundle":"","crt":"","key":""},"secret":{"name":""}}}` | MutationWebhook that will be installed to inject a sidecar into pods | -| webhook.failurePolicy | string | `"Ignore"` | How should the webhook fail? Best is to use Ignore, because there is a brief moment at initialization when the hook s there but the service not. Also, putting this to fail can cause the control plane be unresponsive. | -| webhook.tls.certManager.issuer | string | `""` | The issuer that is used for the webhook. Only used if you set webhook.tls.mode to "cert-manager". | -| webhook.tls.certManager.issuerKind | string | `"ClusterIssuer"` | The issuer kind that is used for the webhook, valid values are "Issuer" or "ClusterIssuer". Only used if you set webhook.tls.mode to "cert-manager". | -| webhook.tls.certManager.issuerNamespace | string | `""` | The namespace the cert-manager issuer is located in. If left empty defaults to the release's namespace that is used for the webhook. Only used if you set webhook.tls.mode to "cert-manager". | -| webhook.tls.mode | string | `"generated"` | The mode for the webhook. Can be "provided", "generated", "secret" or "cert-manager". If you want to use cert-manager, you need to install it first. NOTE: If you choose "generated", additional privileges are required to create the certificate and webhook at runtime. | -| webhook.tls.provided.caBundle | string | `""` | The caBundle that is used for the webhook. This is the certificate that is used to sign the webhook. Only used if you set webhook.tls.mode to "provided". | -| webhook.tls.provided.crt | string | `""` | The certificate that is used for the webhook. Only used if you set webhook.tls.mode to "provided". | -| webhook.tls.provided.key | string | `""` | The key that is used for the webhook. Only used if you set webhook.tls.mode to "provided". | -| webhook.tls.secret.name | string | `""` | The name of the secret containing the pre-provisioned certificate data that is used for the webhook. Only used if you set webhook.tls.mode to "secret". | - diff --git a/charts/stackstate/stackstate-k8s-agent/1.0.96/charts/http-header-injector/Readme.md.gotpl b/charts/stackstate/stackstate-k8s-agent/1.0.96/charts/http-header-injector/Readme.md.gotpl deleted file mode 100644 index 225032aa2..000000000 --- a/charts/stackstate/stackstate-k8s-agent/1.0.96/charts/http-header-injector/Readme.md.gotpl +++ /dev/null @@ -1,26 +0,0 @@ -{{ template "chart.header" . }} -{{ template "chart.description" . }} - -Current chart version is `{{ template "chart.version" . }}` - -{{ template "chart.homepageLine" . }} - -{{ template "chart.requirementsSection" . }} - -## Required Values - -No values have to be included to install this chart. After installing this chart, it becomes possible to annotate pods with -the `http-header-injector.stackstate.io/inject: enabled` annotation to make sure the sidecar provided by this chart is -activated on a pod. - -## Recommended Values - -{{ template "chart.valuesSection" . -}} - -## Install - -Install from the command line on Helm with the following command: - -```shell -helm install stackstate/http-header-injector -``` diff --git a/charts/stackstate/stackstate-k8s-agent/1.0.96/charts/http-header-injector/templates/_defines.tpl b/charts/stackstate/stackstate-k8s-agent/1.0.96/charts/http-header-injector/templates/_defines.tpl deleted file mode 100644 index ee6b7320e..000000000 --- a/charts/stackstate/stackstate-k8s-agent/1.0.96/charts/http-header-injector/templates/_defines.tpl +++ /dev/null @@ -1,131 +0,0 @@ -{{- define "http-header-injector.app.name" -}} -{{ .Release.Name }}-http-header-injector -{{- end -}} - -{{- define "http-header-injector.webhook-service.name" -}} -{{ .Release.Name }}-http-header-injector -{{- end -}} - -{{- define "http-header-injector.webhook-service.fqname" -}} -{{ .Release.Name }}-http-header-injector.{{ .Release.Namespace }}.svc -{{- end -}} - -{{- define "http-header-injector.cert-secret.name" -}} -{{- if eq .Values.webhook.tls.mode "secret" -}} -{{ .Values.webhook.tls.secret.name }} -{{- else -}} -{{ .Release.Name }}-http-injector-cert -{{- end -}} -{{- end -}} - -{{- define "http-header-injector.cert-clusterrole.name" -}} -{{ .Release.Name }}-http-injector-cert-cluster-role -{{- end -}} - -{{- define "http-header-injector.cert-serviceaccount.name" -}} -{{ .Release.Name }}-http-injector-cert-sa -{{- end -}} - -{{- define "http-header-injector.cert-config.name" -}} -{{ .Release.Name }}-cert-config -{{- end -}} - -{{- define "http-header-injector.mutatingwebhookconfiguration.name" -}} -{{ .Release.Name }}-http-header-injector-webhook.stackstate.io -{{- end -}} - -{{- define "http-header-injector.webhook-config.name" -}} -{{ .Release.Name }}-http-header-injector-config -{{- end -}} - -{{- define "http-header-injector.mutating-webhook.name" -}} -{{ .Release.Name }}-http-header-injector-webhook -{{- end -}} - -{{- define "http-header-injector.pull-secret.name" -}} -{{ include "http-header-injector.app.name" . }}-pull-secret -{{- end -}} - -{{/* If the issuer is located in a different namespace, it is possible to set that, else default to the release namespace */}} -{{- define "cert-manager.certificate.namespace" -}} -{{ .Values.webhook.tls.certManager.issuerNamespace | default .Release.Namespace }} -{{- end -}} - -{{- define "http-header-injector.image.registry.global" -}} - {{- if .Values.global }} - {{- .Values.global.imageRegistry | default "quay.io" -}} - {{- else -}} - quay.io - {{- end -}} -{{- end -}} - -{{- define "http-header-injector.image.registry" -}} - {{- if ((.ContainerConfig).image).registry -}} - {{- tpl .ContainerConfig.image.registry . -}} - {{- else -}} - {{- include "http-header-injector.image.registry.global" . }} - {{- end -}} -{{- end -}} - -{{- define "http-header-injector.image.pullSecrets" -}} - {{- $pullSecrets := list }} - {{- $pullSecrets = append $pullSecrets (include "http-header-injector.pull-secret.name" .) }} - {{- range .Values.global.imagePullSecrets -}} - {{- $pullSecrets = append $pullSecrets . -}} - {{- end -}} - {{- if (not (empty $pullSecrets)) -}} -imagePullSecrets: - {{- range $pullSecrets | uniq }} - - name: {{ . }} - {{- end }} - {{- end -}} -{{- end -}} - -{{- define "http-header-injector.cert-setup.container.main" }} -{{- $containerConfig := dict "ContainerConfig" .Values.certificatePrehook -}} -name: webhook-cert-setup -image: "{{ include "http-header-injector.image.registry" (merge $containerConfig .) }}/{{ .Values.certificatePrehook.image.repository }}:{{ .Values.certificatePrehook.image.tag }}" -imagePullPolicy: {{ .Values.certificatePrehook.image.pullPolicy }} -{{- with .Values.certificatePrehook.resources }} -resources: - {{- toYaml . | nindent 2 }} -{{- end }} -volumeMounts: - - name: "{{ include "http-header-injector.cert-config.name" . }}" - mountPath: /scripts - readOnly: true -command: ["/scripts/generate-cert.sh"] -{{- end }} - -{{- define "http-header-injector.cert-delete.container.main" }} -{{- $containerConfig := dict "ContainerConfig" .Values.certificatePrehook -}} -name: webhook-cert-delete -image: "{{ include "http-header-injector.image.registry" (merge $containerConfig .) }}/{{ .Values.certificatePrehook.image.repository }}:{{ .Values.certificatePrehook.image.tag }}" -imagePullPolicy: {{ .Values.certificatePrehook.image.pullPolicy }} -{{- with .Values.certificatePrehook.resources }} -resources: - {{- toYaml . | nindent 2 }} -{{- end }} -volumeMounts: - - name: "{{ include "http-header-injector.cert-config.name" . }}" - mountPath: /scripts -command: [ "/scripts/delete-cert.sh" ] -{{- end }} - -{{/* -Returns a YAML with extra annotations. -*/}} -{{- define "http-header-injector.global.extraAnnotations" -}} -{{- with .Values.global.extraAnnotations }} -{{- toYaml . }} -{{- end }} -{{- end -}} - -{{/* -Returns a YAML with extra labels. -*/}} -{{- define "http-header-injector.global.extraLabels" -}} -{{- with .Values.global.extraLabels }} -{{- toYaml . }} -{{- end }} -{{- end -}} \ No newline at end of file diff --git a/charts/stackstate/stackstate-k8s-agent/1.0.96/charts/http-header-injector/templates/cert-hook-clusterrolbinding.yaml b/charts/stackstate/stackstate-k8s-agent/1.0.96/charts/http-header-injector/templates/cert-hook-clusterrolbinding.yaml deleted file mode 100644 index fc0c01258..000000000 --- a/charts/stackstate/stackstate-k8s-agent/1.0.96/charts/http-header-injector/templates/cert-hook-clusterrolbinding.yaml +++ /dev/null @@ -1,24 +0,0 @@ -{{- if eq .Values.webhook.tls.mode "generated" }} -apiVersion: rbac.authorization.k8s.io/v1 -kind: ClusterRoleBinding -metadata: - name: "{{ include "http-header-injector.cert-serviceaccount.name" . }}" - labels: - app.kubernetes.io/component: http-header-injector-cert-hook - app.kubernetes.io/instance: {{ .Release.Name }} - app.kubernetes.io/name: {{ include "http-header-injector.app.name" . }} -{{ include "http-header-injector.global.extraLabels" . | indent 4 }} - annotations: - "helm.sh/hook": pre-install,pre-upgrade,post-delete,post-upgrade - "helm.sh/hook-weight": "-3" - "helm.sh/hook-delete-policy": before-hook-creation,hook-succeeded -{{ include "http-header-injector.global.extraAnnotations" . | indent 4 }} -roleRef: - apiGroup: rbac.authorization.k8s.io - kind: ClusterRole - name: "{{ include "http-header-injector.cert-clusterrole.name" . }}" -subjects: - - kind: ServiceAccount - name: "{{ include "http-header-injector.cert-serviceaccount.name" . }}" - namespace: {{ .Release.Namespace }} -{{- end }} diff --git a/charts/stackstate/stackstate-k8s-agent/1.0.96/charts/http-header-injector/templates/cert-hook-clusterrole.yaml b/charts/stackstate/stackstate-k8s-agent/1.0.96/charts/http-header-injector/templates/cert-hook-clusterrole.yaml deleted file mode 100644 index afab838b3..000000000 --- a/charts/stackstate/stackstate-k8s-agent/1.0.96/charts/http-header-injector/templates/cert-hook-clusterrole.yaml +++ /dev/null @@ -1,26 +0,0 @@ -{{- if eq .Values.webhook.tls.mode "generated" }} -apiVersion: rbac.authorization.k8s.io/v1 -kind: ClusterRole -metadata: - name: "{{ include "http-header-injector.cert-clusterrole.name" . }}" - labels: - app.kubernetes.io/component: http-header-injector-cert-hook - app.kubernetes.io/instance: {{ .Release.Name }} - app.kubernetes.io/name: {{ include "http-header-injector.app.name" . }} -{{ include "http-header-injector.global.extraLabels" . | indent 4 }} - annotations: - "helm.sh/hook": pre-install,pre-upgrade,post-delete,post-upgrade - "helm.sh/hook-weight": "-4" - "helm.sh/hook-delete-policy": before-hook-creation,hook-succeeded -{{ include "http-header-injector.global.extraAnnotations" . | indent 4 }} -rules: - - apiGroups: [ "admissionregistration.k8s.io" ] - resources: [ "mutatingwebhookconfigurations" ] - verbs: [ "get", "create", "patch","update","delete" ] - - apiGroups: [ "" ] - resources: [ "secrets" ] - verbs: [ "create", "get", "patch","update","delete" ] - - apiGroups: [ "apps" ] - resources: [ "deployments" ] - verbs: [ "get" ] -{{- end }} diff --git a/charts/stackstate/stackstate-k8s-agent/1.0.96/charts/http-header-injector/templates/cert-hook-config.yaml b/charts/stackstate/stackstate-k8s-agent/1.0.96/charts/http-header-injector/templates/cert-hook-config.yaml deleted file mode 100644 index a22bdf4fb..000000000 --- a/charts/stackstate/stackstate-k8s-agent/1.0.96/charts/http-header-injector/templates/cert-hook-config.yaml +++ /dev/null @@ -1,158 +0,0 @@ -{{- if eq .Values.webhook.tls.mode "generated" }} -apiVersion: v1 -kind: ConfigMap -metadata: - name: "{{ include "http-header-injector.cert-config.name" . }}" - labels: - app.kubernetes.io/component: http-header-injector-cert-hook - app.kubernetes.io/instance: {{ .Release.Name }} - app.kubernetes.io/name: {{ include "http-header-injector.app.name" . }} -{{ include "http-header-injector.global.extraLabels" . | indent 4 }} - annotations: - "helm.sh/hook": pre-install,pre-upgrade,post-delete,post-upgrade - "helm.sh/hook-weight": "-3" - "helm.sh/hook-delete-policy": before-hook-creation,hook-succeeded -{{ include "http-header-injector.global.extraAnnotations" . | indent 4 }} -data: - generate-cert.sh: | - #!/bin/bash - - # We are going for a self-signed certificate here. We would like to use k8s CertificateSigningRequest, however, - # currently there are no out of the box signers that can sign a 'server auth' certificate, which is required for mutation webhooks. - set -ex - - SCRIPTDIR="${BASH_SOURCE%/*}" - - DIR=`mktemp -d` - - cd "$DIR" - - {{ if .Values.enabled }} - echo "Chart enabled, creating secret and webhook" - - openssl genrsa -out ca.key 2048 - - openssl req -x509 -new -nodes -key ca.key -subj "/CN={{ include "http-header-injector.webhook-service.fqname" . }}" -days 10000 -out ca.crt - - openssl genrsa -out tls.key 2048 - - openssl req -new -key tls.key -out tls.csr -config "$SCRIPTDIR/csr.conf" - - openssl x509 -req -in tls.csr -CA ca.crt -CAkey ca.key \ - -CAcreateserial -out tls.crt -days 10000 \ - -extensions v3_ext -extfile "$SCRIPTDIR/csr.conf" -sha256 - - # Create or update the secret - echo "Applying secret" - kubectl create secret tls "{{ include "http-header-injector.cert-secret.name" . }}" \ - -n "{{ .Release.Namespace }}" \ - --cert=./tls.crt \ - --key=./tls.key \ - --dry-run=client \ - -o yaml | kubectl apply -f - - - echo "Applying mutationwebhook" - caBundle=`base64 -w 0 ca.crt` - cat "$SCRIPTDIR/mutatingwebhookconfiguration.yaml" | sed "s/\\\$CA_BUNDLE/$caBundle/g" | kubectl apply -f - - {{ else }} - echo "Chart disabled, not creating secret and webhook" - {{ end }} - delete-cert.sh: | - #!/bin/bash - - set -x - - DIR="${BASH_SOURCE%/*}" - if [[ ! -d "$DIR" ]]; then DIR="$PWD"; fi - if [[ "$DIR" = "." ]]; then DIR="$PWD"; fi - - cd "$DIR" - - # Using detection of deployment hee to also make this work in post-delete. - if kubectl get deployments "{{ include "http-header-injector.app.name" . }}" -n "{{ .Release.Namespace }}"; then - echo "Chart enabled, not removing secret and mutationwebhook" - exit 0 - else - echo "Chart disabled, removing secret and mutationwebhook" - fi - - # Create or update the secret - echo "Deleting secret" - kubectl delete secret "{{ include "http-header-injector.cert-secret.name" . }}" -n "{{ .Release.Namespace }}" - - echo "Applying mutationwebhook" - kubectl delete MutatingWebhookConfiguration "{{ include "http-header-injector.mutating-webhook.name" . }}" -n "{{ .Release.Namespace }}" - - exit 0 - - csr.conf: | - [ req ] - default_bits = 2048 - prompt = no - default_md = sha256 - req_extensions = req_ext - distinguished_name = dn - - [ dn ] - C = NL - ST = Utrecht - L = Hilversum - O = StackState - OU = Dev - CN = {{ include "http-header-injector.webhook-service.fqname" . }} - - [ req_ext ] - subjectAltName = @alt_names - - [ alt_names ] - DNS.1 = {{ include "http-header-injector.webhook-service.fqname" . }} - - [ v3_ext ] - authorityKeyIdentifier=keyid,issuer:always - basicConstraints=CA:FALSE - keyUsage=keyEncipherment,dataEncipherment - extendedKeyUsage=serverAuth - subjectAltName=@alt_names - - mutatingwebhookconfiguration.yaml: | - apiVersion: admissionregistration.k8s.io/v1 - kind: MutatingWebhookConfiguration - metadata: - name: "{{ include "http-header-injector.mutating-webhook.name" . }}" - namespace: "{{ .Release.Namespace }}" - labels: -{{ include "http-header-injector.global.extraLabels" . | indent 8 }} - annotations: -{{ include "http-header-injector.global.extraAnnotations" . | indent 8 }} - webhooks: - - clientConfig: - caBundle: "$CA_BUNDLE" - service: - name: "{{ include "http-header-injector.webhook-service.name" . }}" - path: /mutate - namespace: {{ .Release.Namespace }} - port: 8443 - # Putting failure on ignore, not doing so can crash the entire control plane if something goes wrong with the service. - failurePolicy: "{{ .Values.webhook.failurePolicy }}" - name: "{{ include "http-header-injector.mutatingwebhookconfiguration.name" . }}" - namespaceSelector: - matchExpressions: - - key: kubernetes.io/metadata.name - operator: NotIn - values: - - kube-system - - cert-manager - - {{ .Release.Namespace }} - rules: - - apiGroups: - - "" - apiVersions: - - v1 - operations: - - CREATE - resources: - - pods - sideEffects: None - admissionReviewVersions: - - v1 -{{- end }} diff --git a/charts/stackstate/stackstate-k8s-agent/1.0.96/charts/http-header-injector/templates/cert-hook-job-delete.yaml b/charts/stackstate/stackstate-k8s-agent/1.0.96/charts/http-header-injector/templates/cert-hook-job-delete.yaml deleted file mode 100644 index 6f72ce247..000000000 --- a/charts/stackstate/stackstate-k8s-agent/1.0.96/charts/http-header-injector/templates/cert-hook-job-delete.yaml +++ /dev/null @@ -1,39 +0,0 @@ -{{- if eq .Values.webhook.tls.mode "generated" }} -apiVersion: batch/v1 -kind: Job -metadata: - name: {{ .Release.Name }}-header-injector-cert-delete - labels: - app.kubernetes.io/component: http-header-injector-cert-hook-delete - app.kubernetes.io/instance: {{ .Release.Name }} - app.kubernetes.io/name: {{ include "http-header-injector.app.name" . }} -{{ include "http-header-injector.global.extraLabels" . | indent 4 }} - annotations: - "helm.sh/hook": post-delete,post-upgrade - "helm.sh/hook-weight": "-2" - "helm.sh/hook-delete-policy": before-hook-creation{{- if not .Values.debug -}},hook-succeeded{{- end }} -{{ include "http-header-injector.global.extraAnnotations" . | indent 4 }} -spec: - template: - metadata: - labels: - app.kubernetes.io/component: http-header-injector-delete - app.kubernetes.io/instance: {{ .Release.Name }} - app.kubernetes.io/name: {{ include "http-header-injector.app.name" . }} -{{ include "http-header-injector.global.extraLabels" . | indent 8 }} - annotations: - checksum/config: {{ include (print $.Template.BasePath "/cert-hook-config.yaml") . | sha256sum }} -{{ include "http-header-injector.global.extraAnnotations" . | indent 8 }} - spec: - serviceAccountName: "{{ include "http-header-injector.cert-serviceaccount.name" . }}" - {{- include "http-header-injector.image.pullSecrets" . | nindent 6 }} - volumes: - - name: "{{ include "http-header-injector.cert-config.name" . }}" - configMap: - name: "{{ include "http-header-injector.cert-config.name" . }}" - defaultMode: 0777 - containers: - - {{ include "http-header-injector.cert-delete.container.main" . | nindent 8 }} - restartPolicy: Never - backoffLimit: 0 -{{- end }} diff --git a/charts/stackstate/stackstate-k8s-agent/1.0.96/charts/http-header-injector/templates/cert-hook-job-setup.yaml b/charts/stackstate/stackstate-k8s-agent/1.0.96/charts/http-header-injector/templates/cert-hook-job-setup.yaml deleted file mode 100644 index cc1c89631..000000000 --- a/charts/stackstate/stackstate-k8s-agent/1.0.96/charts/http-header-injector/templates/cert-hook-job-setup.yaml +++ /dev/null @@ -1,39 +0,0 @@ -{{- if eq .Values.webhook.tls.mode "generated" }} -apiVersion: batch/v1 -kind: Job -metadata: - name: {{ .Release.Name }}-header-injector-cert-setup - labels: - app.kubernetes.io/component: http-header-injector-cert-hook-setup - app.kubernetes.io/instance: {{ .Release.Name }} - app.kubernetes.io/name: {{ include "http-header-injector.app.name" . }} -{{ include "http-header-injector.global.extraLabels" . | indent 4 }} - annotations: - "helm.sh/hook": pre-install,pre-upgrade - "helm.sh/hook-weight": "-2" - "helm.sh/hook-delete-policy": before-hook-creation{{- if not .Values.debug -}},hook-succeeded{{- end }} -{{ include "http-header-injector.global.extraAnnotations" . | indent 4 }} -spec: - template: - metadata: - labels: - app.kubernetes.io/component: http-header-injector-setup - app.kubernetes.io/instance: {{ .Release.Name }} - app.kubernetes.io/name: {{ include "http-header-injector.app.name" . }} -{{ include "http-header-injector.global.extraLabels" . | indent 8 }} - annotations: - checksum/config: {{ include (print $.Template.BasePath "/cert-hook-config.yaml") . | sha256sum }} -{{ include "http-header-injector.global.extraAnnotations" . | indent 8 }} - spec: - serviceAccountName: "{{ include "http-header-injector.cert-serviceaccount.name" . }}" - {{- include "http-header-injector.image.pullSecrets" . | nindent 6 }} - volumes: - - name: "{{ include "http-header-injector.cert-config.name" . }}" - configMap: - name: "{{ include "http-header-injector.cert-config.name" . }}" - defaultMode: 0777 - containers: - - {{ include "http-header-injector.cert-setup.container.main" . | nindent 8 }} - restartPolicy: Never - backoffLimit: 0 -{{- end }} diff --git a/charts/stackstate/stackstate-k8s-agent/1.0.96/charts/http-header-injector/templates/cert-hook-serviceaccount.yaml b/charts/stackstate/stackstate-k8s-agent/1.0.96/charts/http-header-injector/templates/cert-hook-serviceaccount.yaml deleted file mode 100644 index 29b26df95..000000000 --- a/charts/stackstate/stackstate-k8s-agent/1.0.96/charts/http-header-injector/templates/cert-hook-serviceaccount.yaml +++ /dev/null @@ -1,18 +0,0 @@ -{{- if eq .Values.webhook.tls.mode "generated" }} -apiVersion: v1 -kind: ServiceAccount -metadata: - name: "{{ include "http-header-injector.cert-serviceaccount.name" . }}" - namespace: {{ .Release.Namespace }} - annotations: - "helm.sh/hook": pre-install,pre-upgrade,post-delete,post-upgrade - "helm.sh/hook-weight": "-4" - "helm.sh/hook-delete-policy": before-hook-creation,hook-succeeded -{{ include "http-header-injector.global.extraAnnotations" . | indent 4 }} - labels: - app.kubernetes.io/component: http-header-injector-cert-hook - app.kubernetes.io/instance: {{ .Release.Name }} - app.kubernetes.io/name: {{ include "http-header-injector.app.name" . }} - app: "{{ include "http-header-injector.app.name" . }}" -{{ include "http-header-injector.global.extraLabels" . | indent 4 }} -{{- end }} diff --git a/charts/stackstate/stackstate-k8s-agent/1.0.96/charts/http-header-injector/templates/pull-secret.yaml b/charts/stackstate/stackstate-k8s-agent/1.0.96/charts/http-header-injector/templates/pull-secret.yaml deleted file mode 100644 index 80b4ee404..000000000 --- a/charts/stackstate/stackstate-k8s-agent/1.0.96/charts/http-header-injector/templates/pull-secret.yaml +++ /dev/null @@ -1,32 +0,0 @@ -{{- $defaultRegistry := .Values.global.imageRegistry }} -{{- $top := . }} -{{- $registryAuthMap := dict }} - -{{- range $registry, $credentials := .Values.global.imagePullCredentials }} - {{- $registryAuthDocument := dict -}} - {{- $_ := set $registryAuthDocument "username" $credentials.username }} - {{- $_ := set $registryAuthDocument "password" $credentials.password }} - {{- $authMessage := printf "%s:%s" $registryAuthDocument.username $registryAuthDocument.password | b64enc }} - {{- $_ := set $registryAuthDocument "auth" $authMessage }} - {{- if eq $registry "default" }} - {{- $registryAuthMap := set $registryAuthMap (include "http-header-injector.image.registry.global" $top) $registryAuthDocument }} - {{ else }} - {{- $registryAuthMap := set $registryAuthMap $registry $registryAuthDocument }} - {{- end }} -{{- end }} -{{- $dockerAuthsDocuments := dict "auths" $registryAuthMap }} - -apiVersion: v1 -kind: Secret -metadata: - labels: - app.kubernetes.io/component: http-header-injector - app.kubernetes.io/instance: {{ .Release.Name }} - app.kubernetes.io/name: {{ include "http-header-injector.app.name" . }} -{{ include "http-header-injector.global.extraLabels" . | indent 4 }} - annotations: -{{ include "http-header-injector.global.extraAnnotations" . | indent 4 }} - name: {{ include "http-header-injector.pull-secret.name" . }} -data: - .dockerconfigjson: {{ $dockerAuthsDocuments | toJson | b64enc | quote }} -type: kubernetes.io/dockerconfigjson \ No newline at end of file diff --git a/charts/stackstate/stackstate-k8s-agent/1.0.96/charts/http-header-injector/templates/webhook-cert-secret.yaml b/charts/stackstate/stackstate-k8s-agent/1.0.96/charts/http-header-injector/templates/webhook-cert-secret.yaml deleted file mode 100644 index f571ca86b..000000000 --- a/charts/stackstate/stackstate-k8s-agent/1.0.96/charts/http-header-injector/templates/webhook-cert-secret.yaml +++ /dev/null @@ -1,18 +0,0 @@ -{{- if eq .Values.webhook.tls.mode "provided" }} -apiVersion: v1 -kind: Secret -metadata: - name: {{ include "http-header-injector.cert-secret.name" . }} - namespace: {{ .Release.Namespace }} - labels: - app.kubernetes.io/component: http-header-injector - app.kubernetes.io/instance: {{ .Release.Name }} - app.kubernetes.io/name: {{ include "http-header-injector.app.name" . }} -{{ include "http-header-injector.global.extraLabels" . | indent 4 }} - annotations: -{{ include "http-header-injector.global.extraAnnotations" . | indent 4 }} -type: kubernetes.io/tls -data: - tls.crt: {{ .Values.webhook.tls.provided.crt | b64enc }} - tls.key: {{ .Values.webhook.tls.provided.key | b64enc }} -{{- end }} diff --git a/charts/stackstate/stackstate-k8s-agent/1.0.96/charts/http-header-injector/templates/webhook-certificate.yaml b/charts/stackstate/stackstate-k8s-agent/1.0.96/charts/http-header-injector/templates/webhook-certificate.yaml deleted file mode 100644 index a68c7c5f6..000000000 --- a/charts/stackstate/stackstate-k8s-agent/1.0.96/charts/http-header-injector/templates/webhook-certificate.yaml +++ /dev/null @@ -1,23 +0,0 @@ -{{- if eq .Values.webhook.tls.mode "cert-manager" }} -apiVersion: cert-manager.io/v1 -kind: Certificate -metadata: - name: {{ include "http-header-injector.webhook-service.name" . }} - namespace: {{ include "cert-manager.certificate.namespace" . }} - labels: - app.kubernetes.io/component: http-header-injector - app.kubernetes.io/instance: {{ .Release.Name }} - app.kubernetes.io/name: {{ include "http-header-injector.app.name" . }} -{{ include "http-header-injector.global.extraLabels" . | indent 4 }} - annotations: -{{ include "http-header-injector.global.extraAnnotations" . | indent 4 }} -spec: - secretName: {{ include "http-header-injector.cert-secret.name" . }} - issuerRef: - name: {{ .Values.webhook.tls.certManager.issuer }} - kind: {{ .Values.webhook.tls.certManager.issuerKind }} - dnsNames: - - "{{ include "http-header-injector.webhook-service.name" . }}" - - "{{ include "http-header-injector.webhook-service.name" . }}.{{ .Release.Namespace }}" - - "{{ include "http-header-injector.webhook-service.name" . }}.{{ .Release.Namespace }}.svc" -{{- end }} diff --git a/charts/stackstate/stackstate-k8s-agent/1.0.96/charts/http-header-injector/templates/webhook-config.yaml b/charts/stackstate/stackstate-k8s-agent/1.0.96/charts/http-header-injector/templates/webhook-config.yaml deleted file mode 100644 index 20b38ce96..000000000 --- a/charts/stackstate/stackstate-k8s-agent/1.0.96/charts/http-header-injector/templates/webhook-config.yaml +++ /dev/null @@ -1,128 +0,0 @@ -{{- if .Values.enabled -}} -{{- $proxyContainerConfig := dict "ContainerConfig" .Values.proxy -}} -{{- $proxyInitContainerConfig := dict "ContainerConfig" .Values.proxyInit -}} -apiVersion: v1 -kind: ConfigMap -metadata: - labels: - app.kubernetes.io/component: http-header-injector - app.kubernetes.io/instance: {{ .Release.Name }} - app.kubernetes.io/name: {{ include "http-header-injector.app.name" . }} -{{ include "http-header-injector.global.extraLabels" . | indent 4 }} - annotations: -{{ include "http-header-injector.global.extraAnnotations" . | indent 4 }} - name: {{ .Release.Name }}-http-header-injector-config -data: - sidecarconfig.yaml: | - initContainers: - - name: http-header-proxy-init - image: "{{ include "http-header-injector.image.registry" (merge $proxyInitContainerConfig .) }}/{{ .Values.proxyInit.image.repository }}:{{ .Values.proxyInit.image.tag }}" - imagePullPolicy: {{ .Values.proxyInit.image.pullPolicy }} - command: ["/init-iptables.sh"] - env: - - name: CHART_VERSION - value: "{{ .Chart.Version }}" - - name: PROXY_PORT - value: {% if index .Annotations "config.http-header-injector.stackstate.io/proxy-port" %}"{% index .Annotations "config.http-header-injector.stackstate.io/proxy-port" %}"{% else %}"7060"{% end %} - - name: PROXY_UID - value: {% if index .Annotations "config.http-header-injector.stackstate.io/proxy-uid" %}"{% index .Annotations "config.http-header-injector.stackstate.io/proxy-uid" %}"{% else %}"2103"{% end %} - - name: POD_HOST_NETWORK - value: {% .Spec.HostNetwork %} - {% if eq (index .Annotations "linkerd.io/inject") "enabled" %} - - name: LINKERD - value: true - # Reference: https://linkerd.io/2.13/reference/proxy-configuration/ - - name: LINKERD_PROXY_UID - value: {% if index .Annotations "config.linkerd.io/proxy-uid" %}"{% index .Annotations "config.linkerd.io/proxy-uid" %}"{% else %}"2102"{% end %} - # Due to https://github.com/linkerd/linkerd2/issues/10981 this is now not realy possible, still bringing in the code for future reference - - name: LINKERD_ADMIN_PORT - value: {% if index .Annotations "config.linkerd.io/admin-port" %}"{% index .Annotations "config.linkerd.io/admin-port" %}"{% else %}"4191"{% end %} - {% end %} - securityContext: - allowPrivilegeEscalation: false - capabilities: - add: - - NET_ADMIN - - NET_RAW - privileged: false - readOnlyRootFilesystem: true - runAsNonRoot: false - runAsUser: 0 - seccompProfile: - type: RuntimeDefault - volumeMounts: - # This is required for iptables to be able to run - - mountPath: /run - name: http-header-proxy-init-xtables-lock - - containers: - - name: http-header-proxy - image: "{{ include "http-header-injector.image.registry" (merge $proxyContainerConfig .) }}/{{ .Values.proxy.image.repository }}:{{ .Values.proxy.image.tag }}" - imagePullPolicy: {{ .Values.proxy.image.pullPolicy }} - env: - - name: CHART_VERSION - value: "{{ .Chart.Version }}" - - name: PORT - value: {% if index .Annotations "config.http-header-injector.stackstate.io/proxy-port" %}"{% index .Annotations "config.http-header-injector.stackstate.io/proxy-port" %}"{% else %}"7060"{% end %} - - name: DEBUG - value: {% if index .Annotations "config.http-header-injector.stackstate.io/debug" %}"{% index .Annotations "config.http-header-injector.stackstate.io/debug" %}"{% else %}"disabled"{% end %} - securityContext: - runAsUser: {% if index .Annotations "config.http-header-injector.stackstate.io/proxy-uid" %}{% index .Annotations "config.http-header-injector.stackstate.io/proxy-uid" %}{% else %}2103{% end %} - seccompProfile: - type: RuntimeDefault - {{- with .Values.proxy.resources }} - resources: - {{- toYaml . | nindent 12 }} - {{- end }} - - name: http-header-inject-debug - image: "{{ include "http-header-injector.image.registry" (merge $proxyContainerConfig .) }}/{{ .Values.proxyInit.image.repository }}:{{ .Values.proxyInit.image.tag }}" - imagePullPolicy: {{ .Values.proxyInit.image.pullPolicy }} - command: ["/bin/sh", "-c", "while echo \"Running\"; do sleep 1; done"] - securityContext: - allowPrivilegeEscalation: false - capabilities: - add: - - NET_ADMIN - - NET_RAW - privileged: false - readOnlyRootFilesystem: true - runAsNonRoot: false - runAsUser: 0 - seccompProfile: - type: RuntimeDefault - volumeMounts: - # This is required for iptables to be able to run - - mountPath: /run - name: http-header-proxy-init-xtables-lock - - volumes: - - emptyDir: {} - name: http-header-proxy-init-xtables-lock - - mutationconfig.yaml: | - mutationConfigs: - - name: "http-header-injector" - annotationNamespace: "http-header-injector.stackstate.io" - annotationTrigger: "inject" - annotationConfig: - volumeMounts: [] - initContainersBeforePodInitContainers: [ "http-header-proxy-init" ] - initContainers: [ "http-header-proxy-init" ] - containers: [ "http-header-proxy" ] - volumes: [ "http-header-proxy-init-xtables-lock" ] - volumeMounts: [ ] - # Namespaces are ignored by the mutatingwebhook - ignoreNamespaces: [ ] - - name: "http-header-injector-debug" - annotationNamespace: "http-header-injector-debug.stackstate.io" - annotationTrigger: "inject" - annotationConfig: - volumeMounts: [] - initContainersBeforePodInitContainers: [ ] - initContainers: [ ] - containers: [ "http-header-inject-debug" ] - volumes: [ "http-header-proxy-init-xtables-lock" ] - volumeMounts: [ ] - # Namespaces are ignored by the mutatingwebhook - ignoreNamespaces: [ ] - {{- end -}} \ No newline at end of file diff --git a/charts/stackstate/stackstate-k8s-agent/1.0.96/charts/http-header-injector/templates/webhook-deployment.yaml b/charts/stackstate/stackstate-k8s-agent/1.0.96/charts/http-header-injector/templates/webhook-deployment.yaml deleted file mode 100644 index 8af6ff51a..000000000 --- a/charts/stackstate/stackstate-k8s-agent/1.0.96/charts/http-header-injector/templates/webhook-deployment.yaml +++ /dev/null @@ -1,61 +0,0 @@ -{{- if .Values.enabled -}} -{{- $containerConfig := dict "ContainerConfig" .Values.sidecarInjector -}} -apiVersion: apps/v1 -kind: Deployment -metadata: - labels: - app.kubernetes.io/component: http-header-injector - app.kubernetes.io/instance: {{ .Release.Name }} - app.kubernetes.io/name: {{ include "http-header-injector.app.name" . }} - app: "{{ include "http-header-injector.app.name" . }}" -{{ include "http-header-injector.global.extraLabels" . | indent 4 }} - annotations: -{{ include "http-header-injector.global.extraAnnotations" . | indent 4 }} - name: "{{ include "http-header-injector.app.name" . }}" -spec: - replicas: 1 - selector: - matchLabels: - app: "{{ include "http-header-injector.app.name" . }}" - template: - metadata: - labels: - app.kubernetes.io/component: http-header-injector - app.kubernetes.io/instance: {{ .Release.Name }} - app.kubernetes.io/name: {{ include "http-header-injector.app.name" . }} - app: "{{ include "http-header-injector.app.name" . }}" -{{ include "http-header-injector.global.extraLabels" . | indent 8 }} - annotations: - checksum/config: {{ include (print $.Template.BasePath "/webhook-config.yaml") . | sha256sum }} - # This is here to make sure the generic injector gets restarted and picks up a new secret that may have been generated upon upgrade. - revision: "{{ .Release.Revision }}" -{{ include "http-header-injector.global.extraAnnotations" . | indent 8 }} - name: "{{ include "http-header-injector.app.name" . }}" - spec: - {{- include "http-header-injector.image.pullSecrets" . | nindent 6 }} - volumes: - - name: "{{ include "http-header-injector.webhook-config.name" . }}" - configMap: - name: "{{ include "http-header-injector.webhook-config.name" . }}" - - name: "{{ include "http-header-injector.cert-secret.name" . }}" - secret: - secretName: "{{ include "http-header-injector.cert-secret.name" . }}" - containers: - - image: "{{ include "http-header-injector.image.registry" (merge $containerConfig .) }}/{{ .Values.sidecarInjector.image.repository }}:{{ .Values.sidecarInjector.image.tag }}" - imagePullPolicy: {{ .Values.sidecarInjector.image.pullPolicy }} - name: http-header-injector - volumeMounts: - - name: "{{ include "http-header-injector.webhook-config.name" . }}" - mountPath: /etc/webhook/config - readOnly: true - - name: "{{ include "http-header-injector.cert-secret.name" . }}" - mountPath: /etc/webhook/certs - readOnly: true - command: [ "/sidecarinjector" ] - args: - - --port=8443 - - --sidecar-config-file=/etc/webhook/config/sidecarconfig.yaml - - --mutation-config-file=/etc/webhook/config/mutationconfig.yaml - - --cert-file-path=/etc/webhook/certs/tls.crt - - --key-file-path=/etc/webhook/certs/tls.key -{{- end -}} \ No newline at end of file diff --git a/charts/stackstate/stackstate-k8s-agent/1.0.96/charts/http-header-injector/templates/webhook-mutatingwebhookconfiguration.yaml b/charts/stackstate/stackstate-k8s-agent/1.0.96/charts/http-header-injector/templates/webhook-mutatingwebhookconfiguration.yaml deleted file mode 100644 index de0acc1df..000000000 --- a/charts/stackstate/stackstate-k8s-agent/1.0.96/charts/http-header-injector/templates/webhook-mutatingwebhookconfiguration.yaml +++ /dev/null @@ -1,54 +0,0 @@ -{{- if not (eq .Values.webhook.tls.mode "generated") }} -apiVersion: admissionregistration.k8s.io/v1 -kind: MutatingWebhookConfiguration -metadata: - name: "{{ include "http-header-injector.mutating-webhook.name" . }}" - namespace: "{{ .Release.Namespace }}" - labels: - app.kubernetes.io/component: http-header-injector - app.kubernetes.io/instance: {{ .Release.Name }} - app.kubernetes.io/name: {{ include "http-header-injector.app.name" . }} -{{ include "http-header-injector.global.extraLabels" . | indent 4 }} - annotations: - {{- if eq .Values.webhook.tls.mode "cert-manager" }} - cert-manager.io/inject-ca-from: {{ include "cert-manager.certificate.namespace" . }}/{{ include "http-header-injector.webhook-service.name" . }} - {{- else if eq .Values.webhook.tls.mode "secret" }} - cert-manager.io/inject-ca-from-secret: {{ .Release.Namespace }}/{{ .Values.webhook.tls.secret.name | required "'webhook.tls.secret.name' is required when webhook.tls.mode is 'secret'" }} - {{- end }} -{{ include "http-header-injector.global.extraAnnotations" . | indent 4 }} -webhooks: - - clientConfig: - {{- if eq .Values.webhook.tls.mode "provided" }} - caBundle: "{{ .Values.webhook.tls.provided.caBundle | b64enc }}" - {{- else if or (eq .Values.webhook.tls.mode "cert-manager") (eq .Values.webhook.tls.mode "secret") }} - caBundle: "" - {{- end }} - service: - name: "{{ include "http-header-injector.webhook-service.name" . }}" - path: /mutate - namespace: {{ .Release.Namespace }} - port: 8443 - # Putting failure on ignore, not doing so can crash the entire control plane if something goes wrong with the service. - failurePolicy: "{{ .Values.webhook.failurePolicy }}" - name: "{{ include "http-header-injector.mutatingwebhookconfiguration.name" . }}" - namespaceSelector: - matchExpressions: - - key: kubernetes.io/metadata.name - operator: NotIn - values: - - kube-system - - cert-manager - - {{ .Release.Namespace }} - rules: - - apiGroups: - - "" - apiVersions: - - v1 - operations: - - CREATE - resources: - - pods - sideEffects: None - admissionReviewVersions: - - v1 -{{- end }} diff --git a/charts/stackstate/stackstate-k8s-agent/1.0.96/charts/http-header-injector/templates/webhook-service.yaml b/charts/stackstate/stackstate-k8s-agent/1.0.96/charts/http-header-injector/templates/webhook-service.yaml deleted file mode 100644 index 55abdb022..000000000 --- a/charts/stackstate/stackstate-k8s-agent/1.0.96/charts/http-header-injector/templates/webhook-service.yaml +++ /dev/null @@ -1,20 +0,0 @@ -{{- if .Values.enabled -}} -apiVersion: v1 -kind: Service -metadata: - labels: - app.kubernetes.io/component: http-header-injector - app.kubernetes.io/instance: {{ .Release.Name }} - app.kubernetes.io/name: {{ include "http-header-injector.app.name" . }} -{{ include "http-header-injector.global.extraLabels" . | indent 4 }} - annotations: -{{ include "http-header-injector.global.extraAnnotations" . | indent 4 }} - name: "{{ include "http-header-injector.webhook-service.name" . }}" -spec: - ports: - - port: 8443 - protocol: TCP - targetPort: 8443 - selector: - app: "{{ include "http-header-injector.app.name" . }}" -{{- end -}} diff --git a/charts/stackstate/stackstate-k8s-agent/1.0.96/charts/http-header-injector/values.yaml b/charts/stackstate/stackstate-k8s-agent/1.0.96/charts/http-header-injector/values.yaml deleted file mode 100644 index a1b4be2fc..000000000 --- a/charts/stackstate/stackstate-k8s-agent/1.0.96/charts/http-header-injector/values.yaml +++ /dev/null @@ -1,110 +0,0 @@ -# enabled -- Enable/disable the mutationwebhook -enabled: true - -# debug -- Enable debugging. This will leave leave artifacts around like the prehook jobs for further inspection -debug: false - -global: - # global.imageRegistry -- Globally override the image registry that is used. Can be overridden by specific containers. Defaults to quay.io - imageRegistry: null - # global.imagePullSecrets -- Globally add image pull secrets that are used. - imagePullSecrets: [] - # global.imagePullCredentials -- Globally define credentials for pulling images. - imagePullCredentials: {} - - # global.extraLabels -- Extra labels added ta all resources created by the helm chart - extraLabels: {} - # global.extraAnnotations -- Extra annotations added ta all resources created by the helm chart - extraAnnotations: {} - -images: - pullSecretName: - -# proxy -- Proxy being injected into pods for rewriting http headers -proxy: - image: - # proxy.image.registry -- Registry for the docker image. - registry: - # proxy.image.repository - Repository for the docker image - repository: "stackstate/http-header-injector-proxy" - # proxy.image.pullPolicy -- Policy when pulling an image - pullPolicy: IfNotPresent - # proxy.image.tag -- The tag for the docker image - tag: sha-5ff79451 - - # proxy.resource -- Resources for the proxy container - resources: - requests: - # proxy.resources.requests.memory -- Memory resource requests. - memory: "25Mi" - limits: - # proxy.resources.limits.memory -- Memory resource limits. - memory: "40Mi" - -# proxyInit -- InitContainer within pod which redirects traffic to the proxy container. -proxyInit: - image: - # proxyInit.image.registry -- Registry for the docker image - registry: - # proxyInit.image.repository - Repository for the docker image - repository: "stackstate/http-header-injector-proxy-init" - # proxyInit.image.pullPolicy -- Policy when pulling an image - pullPolicy: IfNotPresent - # proxyInit.image.tag -- The tag for the docker image - tag: sha-5ff79451 - -# sidecarInjector -- Service for injecting the proxy sidecar into pods -sidecarInjector: - image: - # sidecarInjector.image.registry -- Registry for the docker image. - registry: - # sidecarInjector.image.repository - Repository for the docker image - repository: "stackstate/generic-sidecar-injector" - # sidecarInjector.image.pullPolicy -- Policy when pulling an image - pullPolicy: IfNotPresent - # sidecarInjector.image.tag -- The tag for the docker image - tag: sha-9c852245 - -# certificatePrehook -- Helm prehook to setup/remove a certificate for the sidecarInjector mutationwebhook -certificatePrehook: - image: - # certificatePrehook.image.registry -- Registry for the docker image. - registry: - # certificatePrehook.image.repository - Repository for the docker image. - repository: stackstate/container-tools - # certificatePrehook.image.pullPolicy -- Policy when pulling an image - pullPolicy: IfNotPresent - # certificatePrehook.image.tag -- The tag for the docker image - tag: 1.4.0 - resources: - limits: - cpu: "100m" - memory: "200Mi" - requests: - cpu: "100m" - memory: "200Mi" - -# webhook -- MutationWebhook that will be installed to inject a sidecar into pods -webhook: - # webhook.failurePolicy -- How should the webhook fail? Best is to use Ignore, because there is a brief moment at initialization when the hook s there but the service not. Also, putting this to fail can cause the control plane be unresponsive. - failurePolicy: Ignore - tls: - # webhook.tls.mode -- The mode for the webhook. Can be "provided", "generated", "secret" or "cert-manager". If you want to use cert-manager, you need to install it first. NOTE: If you choose "generated", additional privileges are required to create the certificate and webhook at runtime. - mode: "generated" - provided: - # webhook.tls.provided.caBundle -- The caBundle that is used for the webhook. This is the certificate that is used to sign the webhook. Only used if you set webhook.tls.mode to "provided". - caBundle: "" - # webhook.tls.provided.crt -- The certificate that is used for the webhook. Only used if you set webhook.tls.mode to "provided". - crt: "" - # webhook.tls.provided.key -- The key that is used for the webhook. Only used if you set webhook.tls.mode to "provided". - key: "" - certManager: - # webhook.tls.certManager.issuer -- The issuer that is used for the webhook. Only used if you set webhook.tls.mode to "cert-manager". - issuer: "" - # webhook.tls.certManager.issuerKind -- The issuer kind that is used for the webhook, valid values are "Issuer" or "ClusterIssuer". Only used if you set webhook.tls.mode to "cert-manager". - issuerKind: "ClusterIssuer" - # webhook.tls.certManager.issuerNamespace -- The namespace the cert-manager issuer is located in. If left empty defaults to the release's namespace that is used for the webhook. Only used if you set webhook.tls.mode to "cert-manager". - issuerNamespace: "" - secret: - # webhook.tls.secret.name -- The name of the secret containing the pre-provisioned certificate data that is used for the webhook. Only used if you set webhook.tls.mode to "secret". - name: "" diff --git a/charts/stackstate/stackstate-k8s-agent/1.0.96/questions.yml b/charts/stackstate/stackstate-k8s-agent/1.0.96/questions.yml deleted file mode 100644 index 5d6e6a011..000000000 --- a/charts/stackstate/stackstate-k8s-agent/1.0.96/questions.yml +++ /dev/null @@ -1,184 +0,0 @@ -questions: - - variable: stackstate.apiKey - label: "StackState API Key" - type: string - description: "The API key for StackState." - required: true - group: General - - variable: stackstate.url - label: "StackState URL" - type: string - description: "The URL where StackState is running." - required: true - group: General - - variable: stackstate.cluster.name - label: "StackState Cluster Name" - type: string - description: "The StackState Cluster Name given when installing the instance of the Kubernetes StackPack in StackState. This is used to identify the cluster in StackState." - required: true - group: General - - variable: all.registry.override - label: "Override Default Image Registry" - type: boolean - description: "Whether or not to override the default image registry." - default: false - group: "General" - show_subquestions_if: true - subquestions: - - variable: all.image.registry - label: "Docker Image Registry" - type: string - description: "The registry to pull the StackState Agent images from." - default: "quay.io" - - variable: global.imagePullCredentials.username - label: "Docker Image Pull Username" - type: string - description: "The username to use when pulling the StackState Agent images." - - variable: global.imagePullCredentials.password - label: "Docker Image Pull Password" - type: secret - description: "The password to use when pulling the StackState Agent images." - - variable: nodeAgent.containers.agent.resources.override - label: "Override Node Agent Resource Allocation" - type: boolean - description: "Whether or not to override the default resources." - default: "false" - group: "Node Agent" - show_subquestions_if: true - subquestions: - - variable: nodeAgent.containers.agent.resources.requests.cpu - label: "CPU Requests" - type: string - description: "The requested CPU for the Node Agent." - default: "20m" - - variable: nodeAgent.containers.agent.resources.requests.memory - label: "Memory Requests" - type: string - description: "The requested memory for the Node Agent." - default: "180Mi" - - variable: nodeAgent.containers.agent.resources.limits.cpu - label: "CPU Limit" - type: string - description: "The CPU limit for the Node Agent." - default: "270m" - - variable: nodeAgent.containers.agent.resources.limits.memory - label: "Memory Limit" - type: string - description: "The memory limit for the Node Agent." - default: "420Mi" - - variable: nodeAgent.containers.processAgent.enabled - label: "Enable Process Agent" - type: boolean - description: "Whether or not to enable the Process Agent." - default: "true" - group: "Process Agent" - - variable: nodeAgent.skipKubeletTLSVerify - label: "Skip Kubelet TLS Verify" - type: boolean - description: "Whether or not to skip TLS verification when connecting to the kubelet API." - default: "true" - group: "Process Agent" - - variable: nodeAgent.containers.processAgent.resources.override - label: "Override Process Agent Resource Allocation" - type: boolean - description: "Whether or not to override the default resources." - default: "false" - group: "Process Agent" - show_subquestions_if: true - subquestions: - - variable: nodeAgent.containers.processAgent.resources.requests.cpu - label: "CPU Requests" - type: string - description: "The requested CPU for the Process Agent." - default: "25m" - - variable: nodeAgent.containers.processAgent.resources.requests.memory - label: "Memory Requests" - type: string - description: "The requested memory for the Process Agent." - default: "128Mi" - - variable: nodeAgent.containers.processAgent.resources.limits.cpu - label: "CPU Limit" - type: string - description: "The CPU limit for the Process Agent." - default: "125m" - - variable: nodeAgent.containers.processAgent.resources.limits.memory - label: "Memory Limit" - type: string - description: "The memory limit for the Process Agent." - default: "400Mi" - - variable: clusterAgent.enabled - label: "Enable Cluster Agent" - type: boolean - description: "Whether or not to enable the Cluster Agent." - default: "true" - group: "Cluster Agent" - - variable: clusterAgent.collection.kubernetesResources.secrets - label: "Collect Secret Resources" - type: boolean - description: | - Whether or not to collect Kubernetes Secrets. - NOTE: StackState will not send the actual data of the secrets, only the metadata and a secure hash of the data. - default: "true" - group: "Cluster Agent" - - variable: clusterAgent.resources.override - label: "Override Cluster Agent Resource Allocation" - type: boolean - description: "Whether or not to override the default resources." - default: "false" - group: "Cluster Agent" - show_subquestions_if: true - subquestions: - - variable: clusterAgent.resources.requests.cpu - label: "CPU Requests" - type: string - description: "The requested CPU for the Cluster Agent." - default: "70m" - - variable: clusterAgent.resources.requests.memory - label: "Memory Requests" - type: string - description: "The requested memory for the Cluster Agent." - default: "512Mi" - - variable: clusterAgent.resources.limits.cpu - label: "CPU Limit" - type: string - description: "The CPU limit for the Cluster Agent." - default: "400m" - - variable: clusterAgent.resources.limits.memory - label: "Memory Limit" - type: string - description: "The memory limit for the Cluster Agent." - default: "800Mi" - - variable: logsAgent.enabled - label: "Enable Logs Agent" - type: boolean - description: "Whether or not to enable the Logs Agent." - default: "true" - group: "Logs Agent" - - variable: logsAgent.resources.override - label: "Override Logs Agent Resource Allocation" - type: boolean - description: "Whether or not to override the default resources." - default: "false" - group: "Logs Agent" - show_subquestions_if: true - subquestions: - - variable: logsAgent.resources.requests.cpu - label: "CPU Requests" - type: string - description: "The requested CPU for the Logs Agent." - default: "20m" - - variable: logsAgent.resources.requests.memory - label: "Memory Requests" - type: string - description: "The requested memory for the Logs Agent." - default: "100Mi" - - variable: logsAgent.resources.limits.cpu - label: "CPU Limit" - type: string - description: "The CPU limit for the Logs Agent." - default: "1300m" - - variable: logsAgent.resources.limits.memory - label: "Memory Limit" - type: string - description: "The memory limit for the Logs Agent." - default: "192Mi" diff --git a/charts/stackstate/stackstate-k8s-agent/1.0.96/templates/_cluster-agent-kube-state-metrics.yaml b/charts/stackstate/stackstate-k8s-agent/1.0.96/templates/_cluster-agent-kube-state-metrics.yaml deleted file mode 100644 index f99fbf618..000000000 --- a/charts/stackstate/stackstate-k8s-agent/1.0.96/templates/_cluster-agent-kube-state-metrics.yaml +++ /dev/null @@ -1,62 +0,0 @@ -{{- define "cluster-agent-kube-state-metrics" -}} -{{- $kubeRes := .Values.clusterAgent.collection.kubernetesResources }} -{{- if .Values.clusterAgent.collection.kubeStateMetrics.clusterCheck }} -cluster_check: true -{{- end }} -init_config: -instances: - - collectors: - - nodes - - pods - - services - {{- if $kubeRes.persistentvolumeclaims }} - - persistentvolumeclaims - {{- end }} - {{- if $kubeRes.persistentvolumes }} - - persistentvolumes - {{- end }} - {{- if $kubeRes.namespaces }} - - namespaces - {{- end }} - {{- if $kubeRes.endpoints }} - - endpoints - {{- end }} - {{- if $kubeRes.daemonsets }} - - daemonsets - {{- end }} - {{- if $kubeRes.deployments }} - - deployments - {{- end }} - {{- if $kubeRes.replicasets }} - - replicasets - {{- end }} - {{- if $kubeRes.statefulsets }} - - statefulsets - {{- end }} - {{- if $kubeRes.cronjobs }} - - cronjobs - {{- end }} - {{- if $kubeRes.jobs }} - - jobs - {{- end }} - {{- if $kubeRes.ingresses }} - - ingresses - {{- end }} - {{- if $kubeRes.secrets }} - - secrets - {{- end }} - - resourcequotas - - replicationcontrollers - - limitranges - - horizontalpodautoscalers - - poddisruptionbudgets - - storageclasses - - volumeattachments - {{- if .Values.clusterAgent.collection.kubeStateMetrics.clusterCheck }} - skip_leader_election: true - {{- end }} - labels_as_tags: - {{ .Values.clusterAgent.collection.kubeStateMetrics.labelsAsTags | toYaml | indent 8 }} - annotations_as_tags: - {{ .Values.clusterAgent.collection.kubeStateMetrics.annotationsAsTags | toYaml | indent 8 }} -{{- end -}} diff --git a/charts/stackstate/stackstate-k8s-agent/1.0.96/templates/_container-agent.yaml b/charts/stackstate/stackstate-k8s-agent/1.0.96/templates/_container-agent.yaml deleted file mode 100644 index 09f9591c6..000000000 --- a/charts/stackstate/stackstate-k8s-agent/1.0.96/templates/_container-agent.yaml +++ /dev/null @@ -1,191 +0,0 @@ -{{- define "container-agent" -}} -- name: node-agent -{{- if .Values.all.hardening.enabled}} - lifecycle: - preStop: - exec: - command: [ "/bin/sh", "-c", "echo 'Giving slim.ai monitor time to submit data...'; sleep 120" ] -{{- end }} - image: "{{ include "stackstate-k8s-agent.imageRegistry" . }}/{{ .Values.nodeAgent.containers.agent.image.repository }}:{{ .Values.nodeAgent.containers.agent.image.tag }}" - imagePullPolicy: "{{ .Values.nodeAgent.containers.agent.image.pullPolicy }}" - env: - {{ include "stackstate-k8s-agent.apiKeyEnv" . | nindent 4 }} - - name: STS_KUBERNETES_KUBELET_HOST - valueFrom: - fieldRef: - fieldPath: status.hostIP - - name: KUBERNETES_HOSTNAME - valueFrom: - fieldRef: - fieldPath: spec.nodeName - - name: STS_HOSTNAME - value: "$(KUBERNETES_HOSTNAME)-{{ .Values.stackstate.cluster.name}}" - - name: AGENT_VERSION - value: {{ .Values.nodeAgent.containers.agent.image.tag | quote }} - - name: HOST_PROC - value: "/host/proc" - - name: HOST_SYS - value: "/host/sys" - - name: KUBERNETES - value: "true" - - name: STS_APM_ENABLED - value: {{ .Values.nodeAgent.apm.enabled | quote }} - - name: STS_APM_URL - value: {{ include "stackstate-k8s-agent.stackstate.url" . }} - - name: STS_CLUSTER_AGENT_ENABLED - value: {{ .Values.clusterAgent.enabled | quote }} - {{- if .Values.clusterAgent.enabled }} - - name: STS_CLUSTER_AGENT_KUBERNETES_SERVICE_NAME - value: {{ .Release.Name }}-cluster-agent - {{ include "stackstate-k8s-agent.clusterAgentAuthTokenEnv" . | nindent 4 }} - {{- end }} - - name: STS_CLUSTER_NAME - value: {{ .Values.stackstate.cluster.name | quote }} - - name: STS_SKIP_VALIDATE_CLUSTERNAME - value: "true" - - name: STS_CHECKS_TAG_CARDINALITY - value: {{ .Values.nodeAgent.checksTagCardinality | quote }} - {{- if .Values.checksAgent.enabled }} - - name: STS_EXTRA_CONFIG_PROVIDERS - value: "endpointschecks" - {{- end }} - - name: STS_HEALTH_PORT - value: "5555" - - name: STS_LEADER_ELECTION - value: "false" - - name: LOG_LEVEL - value: {{ .Values.nodeAgent.containers.agent.logLevel | default .Values.nodeAgent.logLevel | quote }} - - name: STS_LOG_LEVEL - value: {{ .Values.nodeAgent.containers.agent.logLevel | default .Values.nodeAgent.logLevel | quote }} - - name: STS_NETWORK_TRACING_ENABLED - value: {{ .Values.nodeAgent.networkTracing.enabled | quote }} - - name: STS_PROTOCOL_INSPECTION_ENABLED - value: {{ .Values.nodeAgent.protocolInspection.enabled | quote }} - - name: STS_PROCESS_AGENT_ENABLED - value: {{ .Values.nodeAgent.containers.agent.processAgent.enabled | quote }} - - name: STS_CONTAINER_CHECK_INTERVAL - value: {{ .Values.processAgent.checkIntervals.container | quote }} - - name: STS_CONNECTION_CHECK_INTERVAL - value: {{ .Values.processAgent.checkIntervals.connections | quote }} - - name: STS_PROCESS_CHECK_INTERVAL - value: {{ .Values.processAgent.checkIntervals.process | quote }} - - name: STS_PROCESS_AGENT_URL - value: {{ include "stackstate-k8s-agent.stackstate.url" . }} - - - name: STS_SKIP_SSL_VALIDATION - value: {{ or .Values.global.skipSslValidation .Values.nodeAgent.skipSslValidation | quote }} - - name: STS_SKIP_KUBELET_TLS_VERIFY - value: {{ .Values.nodeAgent.skipKubeletTLSVerify | quote }} - - name: STS_STS_URL - value: {{ include "stackstate-k8s-agent.stackstate.url" . }} - {{- if .Values.nodeAgent.containerRuntime.customSocketPath }} - - name: STS_CRI_SOCKET_PATH - value: {{ .Values.nodeAgent.containerRuntime.customSocketPath }} - {{- end }} - {{- if .Values.global.proxy.url }} - - name: STS_PROXY_HTTPS - value: {{ .Values.global.proxy.url | quote }} - - name: STS_PROXY_HTTP - value: {{ .Values.global.proxy.url | quote }} - {{- end }} - {{- range $key, $value := .Values.global.extraEnv.open }} - - name: {{ $key }} - value: {{ $value | quote }} - {{- end }} - {{- range $key, $value := .Values.global.extraEnv.secret }} - - name: {{ $key }} - valueFrom: - secretKeyRef: - name: {{ include "stackstate-k8s-agent.fullname" . }} - key: {{ $key }} - {{- end }} - {{- range $key, $value := .Values.nodeAgent.containers.agent.env }} - - name: {{ $key }} - value: {{ $value | quote }} - {{- end }} - {{- if .Values.nodeAgent.containers.agent.livenessProbe.enabled }} - livenessProbe: - httpGet: - path: /health - port: healthport - failureThreshold: {{ .Values.nodeAgent.containers.agent.livenessProbe.failureThreshold }} - initialDelaySeconds: {{ .Values.nodeAgent.containers.agent.livenessProbe.initialDelaySeconds }} - periodSeconds: {{ .Values.nodeAgent.containers.agent.livenessProbe.periodSeconds }} - successThreshold: {{ .Values.nodeAgent.containers.agent.livenessProbe.successThreshold }} - timeoutSeconds: {{ .Values.nodeAgent.containers.agent.livenessProbe.timeoutSeconds }} - {{- end }} - {{- if .Values.nodeAgent.containers.agent.readinessProbe.enabled }} - readinessProbe: - httpGet: - path: /health - port: healthport - failureThreshold: {{ .Values.nodeAgent.containers.agent.readinessProbe.failureThreshold }} - initialDelaySeconds: {{ .Values.nodeAgent.containers.agent.readinessProbe.initialDelaySeconds }} - periodSeconds: {{ .Values.nodeAgent.containers.agent.readinessProbe.periodSeconds }} - successThreshold: {{ .Values.nodeAgent.containers.agent.readinessProbe.successThreshold }} - timeoutSeconds: {{ .Values.nodeAgent.containers.agent.readinessProbe.timeoutSeconds }} - {{- end }} - ports: - - containerPort: 8126 - name: traceport - protocol: TCP - - containerPort: 5555 - name: healthport - protocol: TCP - {{- with .Values.nodeAgent.containers.agent.resources }} - resources: - {{- toYaml . | nindent 12 }} - {{- end }} - volumeMounts: - {{- if .Values.nodeAgent.containerRuntime.customSocketPath }} - - name: customcrisocket - mountPath: {{ .Values.nodeAgent.containerRuntime.customSocketPath }} - readOnly: true - {{- end }} - - name: crisocket - mountPath: /var/run/crio/crio.sock - readOnly: true - - name: containerdsocket - mountPath: /var/run/containerd/containerd.sock - readOnly: true - - name: kubelet - mountPath: /var/lib/kubelet - readOnly: true - - name: nfs - mountPath: /var/lib/nfs - readOnly: true - - name: dockersocket - mountPath: /var/run/docker.sock - readOnly: true - - name: dockernetns - mountPath: /run/docker/netns - readOnly: true - - name: dockeroverlay2 - mountPath: /var/lib/docker/overlay2 - readOnly: true - - name: procdir - mountPath: /host/proc - readOnly: true - - name: cgroups - mountPath: /host/sys/fs/cgroup - readOnly: true - {{- if .Values.nodeAgent.config.override }} - {{- range .Values.nodeAgent.config.override }} - - name: config-override-volume - mountPath: {{ .path }}/{{ .name }} - subPath: {{ .path | replace "/" "_"}}_{{ .name }} - readOnly: true - {{- end }} - {{- end }} -{{- if .Values.all.hardening.enabled}} - securityContext: - privileged: true - runAsUser: 0 # root - capabilities: - add: [ "ALL" ] - readOnlyRootFilesystem: false -{{- else }} - securityContext: - privileged: false -{{- end }} -{{- end -}} diff --git a/charts/stackstate/stackstate-k8s-agent/1.0.96/templates/_container-process-agent.yaml b/charts/stackstate/stackstate-k8s-agent/1.0.96/templates/_container-process-agent.yaml deleted file mode 100644 index 893f11581..000000000 --- a/charts/stackstate/stackstate-k8s-agent/1.0.96/templates/_container-process-agent.yaml +++ /dev/null @@ -1,160 +0,0 @@ -{{- define "container-process-agent" -}} -- name: process-agent -{{ if .Values.nodeAgent.containers.processAgent.image.registry }} - image: "{{ .Values.nodeAgent.containers.processAgent.image.registry }}/{{ .Values.nodeAgent.containers.processAgent.image.repository }}:{{ .Values.nodeAgent.containers.processAgent.image.tag }}" -{{ else }} - image: "{{ include "stackstate-k8s-agent.imageRegistry" . }}/{{ .Values.nodeAgent.containers.processAgent.image.repository }}:{{ .Values.nodeAgent.containers.processAgent.image.tag }}" -{{- end }} - imagePullPolicy: "{{ .Values.nodeAgent.containers.processAgent.image.pullPolicy }}" - ports: - - containerPort: 6063 - env: - {{ include "stackstate-k8s-agent.apiKeyEnv" . | nindent 4 }} - - name: STS_KUBERNETES_KUBELET_HOST - valueFrom: - fieldRef: - fieldPath: status.hostIP - - name: KUBERNETES_HOSTNAME - valueFrom: - fieldRef: - fieldPath: spec.nodeName - - name: STS_HOSTNAME - value: "$(KUBERNETES_HOSTNAME)-{{ .Values.stackstate.cluster.name}}" - - name: AGENT_VERSION - value: {{ .Values.nodeAgent.containers.processAgent.image.tag | quote }} - - name: STS_LOG_TO_CONSOLE - value: "true" - - name: HOST_PROC - value: "/host/proc" - - name: HOST_SYS - value: "/host/sys" - - name: HOST_ETC - value: "/host/etc" - - name: KUBERNETES - value: "true" - - name: STS_CLUSTER_AGENT_ENABLED - value: {{ .Values.clusterAgent.enabled | quote }} - {{- if .Values.clusterAgent.enabled }} - - name: STS_CLUSTER_AGENT_KUBERNETES_SERVICE_NAME - value: {{ .Release.Name }}-cluster-agent - {{ include "stackstate-k8s-agent.clusterAgentAuthTokenEnv" . | nindent 4 }} - {{- end }} - - name: STS_CLUSTER_NAME - value: {{ .Values.stackstate.cluster.name | quote }} - - name: STS_SKIP_VALIDATE_CLUSTERNAME - value: "true" - - name: LOG_LEVEL - value: {{ .Values.nodeAgent.containers.processAgent.logLevel | default .Values.nodeAgent.logLevel | quote }} - - name: STS_LOG_LEVEL - value: {{ .Values.nodeAgent.containers.processAgent.logLevel | default .Values.nodeAgent.logLevel | quote }} - - name: STS_NETWORK_TRACING_ENABLED - value: {{ .Values.nodeAgent.networkTracing.enabled | quote }} - - name: STS_PROTOCOL_INSPECTION_ENABLED - value: {{ .Values.nodeAgent.protocolInspection.enabled | quote }} - - name: STS_PROCESS_AGENT_ENABLED - value: {{ .Values.nodeAgent.containers.processAgent.enabled | quote }} - - name: STS_CONTAINER_CHECK_INTERVAL - value: {{ .Values.processAgent.checkIntervals.container | quote }} - - name: STS_CONNECTION_CHECK_INTERVAL - value: {{ .Values.processAgent.checkIntervals.connections | quote }} - - name: STS_PROCESS_CHECK_INTERVAL - value: {{ .Values.processAgent.checkIntervals.process | quote }} - - name: GOMEMLIMIT - value: {{ .Values.processAgent.softMemoryLimit.goMemLimit | quote }} - - name: STS_HTTP_STATS_BUFFER_SIZE - value: {{ .Values.processAgent.softMemoryLimit.httpStatsBufferSize | quote }} - - name: STS_HTTP_OBSERVATIONS_BUFFER_SIZE - value: {{ .Values.processAgent.softMemoryLimit.httpObservationsBufferSize | quote }} - - name: STS_PROCESS_AGENT_URL - value: {{ include "stackstate-k8s-agent.stackstate.url" . }} - - name: STS_SKIP_SSL_VALIDATION - value: {{ or .Values.global.skipSslValidation .Values.nodeAgent.skipSslValidation | quote }} - - name: STS_SKIP_KUBELET_TLS_VERIFY - value: {{ .Values.nodeAgent.skipKubeletTLSVerify | quote }} - - name: STS_STS_URL - value: {{ include "stackstate-k8s-agent.stackstate.url" . }} - - name: STS_HTTP_TRACING_ENABLED - value: {{ .Values.nodeAgent.httpTracing.enabled | quote }} - {{- if .Values.nodeAgent.containerRuntime.customSocketPath }} - - name: STS_CRI_SOCKET_PATH - value: {{ .Values.nodeAgent.containerRuntime.customSocketPath }} - {{- end }} - {{- if .Values.global.proxy.url }} - - name: STS_PROXY_HTTPS - value: {{ .Values.global.proxy.url | quote }} - - name: STS_PROXY_HTTP - value: {{ .Values.global.proxy.url | quote }} - {{- end }} - {{- range $key, $value := .Values.global.extraEnv.open }} - - name: {{ $key }} - value: {{ $value | quote }} - {{- end }} - {{- range $key, $value := .Values.global.extraEnv.secret }} - - name: {{ $key }} - valueFrom: - secretKeyRef: - name: {{ include "stackstate-k8s-agent.fullname" . }} - key: {{ $key }} - {{- end }} - {{- range $key, $value := .Values.nodeAgent.containers.processAgent.env }} - - name: {{ $key }} - value: {{ $value | quote }} - {{- end }} - {{- with .Values.nodeAgent.containers.processAgent.resources }} - resources: - {{- toYaml . | nindent 12 }} - {{- end }} - volumeMounts: - {{- if .Values.nodeAgent.containerRuntime.customSocketPath }} - - name: customcrisocket - mountPath: {{ .Values.nodeAgent.containerRuntime.customSocketPath }} - readOnly: true - {{- end }} - - name: crisocket - mountPath: /var/run/crio/crio.sock - readOnly: true - - name: containerdsocket - mountPath: /var/run/containerd/containerd.sock - readOnly: true - - name: sys-kernel-debug - mountPath: /sys/kernel/debug - # Having sys-kernel-debug as read only breaks specific monitors from receiving metrics - # readOnly: true - - name: dockersocket - mountPath: /var/run/docker.sock - readOnly: true - # The agent needs access to /etc to figure out what os it is running on. - - name: etcdir - mountPath: /host/etc - readOnly: true - - name: procdir - mountPath: /host/proc - # We have an agent option STS_DISABLE_BPF_JIT_HARDEN that write to /proc. this is a debug setting but if we want to use - # it, we have the option to make /proc writable. - readOnly: {{ .Values.nodeAgent.containers.processAgent.procVolumeReadOnly }} - - name: passwd - mountPath: /etc/passwd - readOnly: true - - name: cgroups - mountPath: /host/sys/fs/cgroup - readOnly: true - {{- if .Values.nodeAgent.config.override }} - {{- range .Values.nodeAgent.config.override }} - - name: config-override-volume - mountPath: {{ .path }}/{{ .name }} - subPath: {{ .path | replace "/" "_"}}_{{ .name }} - readOnly: true - {{- end }} - {{- end }} -{{- if .Values.all.hardening.enabled}} - securityContext: - privileged: true - runAsUser: 0 # root - capabilities: - add: [ "ALL" ] - readOnlyRootFilesystem: false -{{- else }} - securityContext: - privileged: true -{{- end }} -{{- end -}} diff --git a/charts/stackstate/stackstate-k8s-agent/1.0.96/templates/_helpers.tpl b/charts/stackstate/stackstate-k8s-agent/1.0.96/templates/_helpers.tpl deleted file mode 100644 index 3c51bc308..000000000 --- a/charts/stackstate/stackstate-k8s-agent/1.0.96/templates/_helpers.tpl +++ /dev/null @@ -1,219 +0,0 @@ -{{/* vim: set filetype=mustache: */}} -{{/* -Expand the name of the chart. -*/}} -{{- define "stackstate-k8s-agent.name" -}} -{{- default .Chart.Name .Values.nameOverride | trunc 63 | trimSuffix "-" -}} -{{- end -}} - -{{/* -Create a default fully qualified app name. -We truncate at 63 chars because some Kubernetes name fields are limited to this (by the DNS naming spec). -If release name contains chart name it will be used as a full name. -*/}} -{{- define "stackstate-k8s-agent.fullname" -}} -{{- if .Values.fullnameOverride -}} -{{- .Values.fullnameOverride | trunc 63 | trimSuffix "-" -}} -{{- else -}} -{{- $name := default .Chart.Name .Values.nameOverride -}} -{{- if contains $name .Release.Name -}} -{{- .Release.Name | trunc 63 | trimSuffix "-" -}} -{{- else -}} -{{- printf "%s-%s" .Release.Name $name | trunc 63 | trimSuffix "-" -}} -{{- end -}} -{{- end -}} -{{- end -}} - -{{/* -Create chart name and version as used by the chart label. -*/}} -{{- define "stackstate-k8s-agent.chart" -}} -{{- printf "%s-%s" .Chart.Name .Chart.Version | replace "+" "_" | trunc 63 | trimSuffix "-" -}} -{{- end -}} - -{{/* -Common labels -*/}} -{{- define "stackstate-k8s-agent.labels" -}} -app.kubernetes.io/name: {{ include "stackstate-k8s-agent.name" . }} -helm.sh/chart: {{ include "stackstate-k8s-agent.chart" . }} -app.kubernetes.io/instance: {{ .Release.Name }} -{{- if .Chart.AppVersion }} -app.kubernetes.io/version: {{ .Chart.AppVersion | quote }} -{{- end }} -app.kubernetes.io/managed-by: {{ .Release.Service }} -{{- end -}} - -{{/* -Cluster agent checksum annotations -*/}} -{{- define "stackstate-k8s-agent.checksum-configs" }} -checksum/secret: {{ include (print $.Template.BasePath "/secret.yaml") . | sha256sum }} -{{- end }} - -{{/* -StackState URL function -*/}} -{{- define "stackstate-k8s-agent.stackstate.url" -}} -{{ tpl .Values.stackstate.url . | quote }} -{{- end }} - -{{- define "stackstate-k8s-agent.configmap.override.checksum" -}} -{{- if .Values.clusterAgent.config.override }} -checksum/override-configmap: {{ include (print $.Template.BasePath "/cluster-agent-configmap.yaml") . | sha256sum }} -{{- end }} -{{- end }} - -{{- define "stackstate-k8s-agent.nodeAgent.configmap.override.checksum" -}} -{{- if .Values.nodeAgent.config.override }} -checksum/override-configmap: {{ include (print $.Template.BasePath "/node-agent-configmap.yaml") . | sha256sum }} -{{- end }} -{{- end }} - -{{- define "stackstate-k8s-agent.logsAgent.configmap.override.checksum" -}} -checksum/override-configmap: {{ include (print $.Template.BasePath "/logs-agent-configmap.yaml") . | sha256sum }} -{{- end }} - -{{- define "stackstate-k8s-agent.checksAgent.configmap.override.checksum" -}} -{{- if .Values.checksAgent.config.override }} -checksum/override-configmap: {{ include (print $.Template.BasePath "/checks-agent-configmap.yaml") . | sha256sum }} -{{- end }} -{{- end }} - - -{{/* -Return the image registry -*/}} -{{- define "stackstate-k8s-agent.imageRegistry" -}} - {{- if .Values.global }} - {{- .Values.global.imageRegistry | default .Values.all.image.registry -}} - {{- else -}} - {{- .Values.all.image.registry -}} - {{- end -}} -{{- end -}} - -{{/* -Renders a value that contains a template. -Usage: -{{ include "stackstate-k8s-agent.tplvalue.render" ( dict "value" .Values.path.to.the.Value "context" $) }} -*/}} -{{- define "stackstate-k8s-agent.tplvalue.render" -}} - {{- if typeIs "string" .value }} - {{- tpl .value .context }} - {{- else }} - {{- tpl (.value | toYaml) .context }} - {{- end }} -{{- end -}} - -{{- define "stackstate-k8s-agent.pull-secret.name" -}} -{{ include "stackstate-k8s-agent.fullname" . }}-pull-secret -{{- end -}} - -{{/* -Return the proper Docker Image Registry Secret Names evaluating values as templates -{{ include "stackstate-k8s-agent.image.pullSecrets" ( dict "images" (list .Values.path.to.the.image1, .Values.path.to.the.image2) "context" $) }} -*/}} -{{- define "stackstate-k8s-agent.image.pullSecrets" -}} - {{- $pullSecrets := list }} - {{- $context := .context }} - {{- if $context.Values.global }} - {{- range $context.Values.global.imagePullSecrets -}} - {{/* Is plain array of strings, compatible with all bitnami charts */}} - {{- $pullSecrets = append $pullSecrets (include "stackstate-k8s-agent.tplvalue.render" (dict "value" . "context" $context)) -}} - {{- end -}} - {{- end -}} - {{- range $context.Values.imagePullSecrets -}} - {{- $pullSecrets = append $pullSecrets (include "stackstate-k8s-agent.tplvalue.render" (dict "value" .name "context" $context)) -}} - {{- end -}} - {{- range .images -}} - {{- if .pullSecretName -}} - {{- $pullSecrets = append $pullSecrets (include "stackstate-k8s-agent.tplvalue.render" (dict "value" .pullSecretName "context" $context)) -}} - {{- end -}} - {{- end -}} - {{- $pullSecrets = append $pullSecrets (include "stackstate-k8s-agent.pull-secret.name" $context) -}} - {{- if (not (empty $pullSecrets)) -}} -imagePullSecrets: - {{- range $pullSecrets | uniq }} - - name: {{ . }} - {{- end }} - {{- end }} -{{- end -}} - -{{/* -Check whether the kubernetes-state-metrics configuration is overridden. If so, return 'true' else return nothing (which is false). -{{ include "stackstate-k8s-agent.kube-state-metrics.overridden" $ }} -*/}} -{{- define "stackstate-k8s-agent.kube-state-metrics.overridden" -}} -{{- if .Values.clusterAgent.config.override }} - {{- range $i, $val := .Values.clusterAgent.config.override }} - {{- if and (eq $val.name "conf.yaml") (eq $val.path "/etc/stackstate-agent/conf.d/kubernetes_state.d") }} -true - {{- end }} - {{- end }} -{{- end }} -{{- end -}} - -{{- define "stackstate-k8s-agent.nodeAgent.kube-state-metrics.overridden" -}} -{{- if .Values.nodeAgent.config.override }} - {{- range $i, $val := .Values.nodeAgent.config.override }} - {{- if and (eq $val.name "auto_conf.yaml") (eq $val.path "/etc/stackstate-agent/conf.d/kubernetes_state.d") }} -true - {{- end }} - {{- end }} -{{- end }} -{{- end -}} - -{{/* -Return the appropriate os label -*/}} -{{- define "label.os" -}} -{{- if semverCompare "^1.14-0" .Capabilities.KubeVersion.GitVersion -}} -kubernetes.io/os -{{- else -}} -beta.kubernetes.io/os -{{- end -}} -{{- end -}} - -{{/* -Returns a YAML with extra annotations -*/}} -{{- define "stackstate-k8s-agent.global.extraAnnotations" -}} -{{- with .Values.global.extraAnnotations }} -{{- toYaml . }} -{{- end }} -{{- end -}} - -{{/* -Returns a YAML with extra labels -*/}} -{{- define "stackstate-k8s-agent.global.extraLabels" -}} -{{- with .Values.global.extraLabels }} -{{- toYaml . }} -{{- end }} -{{- end -}} - -{{- define "stackstate-k8s-agent.apiKeyEnv" -}} -- name: STS_API_KEY - valueFrom: - secretKeyRef: -{{- if not .Values.stackstate.manageOwnSecrets }} - name: {{ include "stackstate-k8s-agent.fullname" . }} - key: sts-api-key -{{- else }} - name: {{ .Values.stackstate.customSecretName | quote }} - key: {{ .Values.stackstate.customApiKeySecretKey | quote }} -{{- end }} -{{- end -}} - -{{- define "stackstate-k8s-agent.clusterAgentAuthTokenEnv" -}} -- name: STS_CLUSTER_AGENT_AUTH_TOKEN - valueFrom: - secretKeyRef: -{{- if not .Values.stackstate.manageOwnSecrets }} - name: {{ include "stackstate-k8s-agent.fullname" . }} - key: sts-cluster-auth-token -{{- else }} - name: {{ .Values.stackstate.customSecretName | quote }} - key: {{ .Values.stackstate.customClusterAuthTokenSecretKey | quote }} -{{- end }} -{{- end -}} diff --git a/charts/stackstate/stackstate-k8s-agent/1.0.96/templates/checks-agent-clusterrolebinding.yaml b/charts/stackstate/stackstate-k8s-agent/1.0.96/templates/checks-agent-clusterrolebinding.yaml deleted file mode 100644 index 4fd0eadbc..000000000 --- a/charts/stackstate/stackstate-k8s-agent/1.0.96/templates/checks-agent-clusterrolebinding.yaml +++ /dev/null @@ -1,21 +0,0 @@ -{{- if .Values.checksAgent.enabled }} -apiVersion: rbac.authorization.k8s.io/v1 -kind: ClusterRoleBinding -metadata: - name: {{ .Release.Name }}-checks-agent - labels: -{{ include "stackstate-k8s-agent.labels" . | indent 4 }} -{{ include "stackstate-k8s-agent.global.extraLabels" . | indent 4 }} - app.kubernetes.io/component: checks-agent - annotations: -{{ include "stackstate-k8s-agent.global.extraAnnotations" . | indent 4 }} -roleRef: - apiGroup: rbac.authorization.k8s.io - kind: ClusterRole - name: {{ .Release.Name }}-node-agent -subjects: -- apiGroup: "" - kind: ServiceAccount - name: {{ .Release.Name }}-checks-agent - namespace: {{ .Release.Namespace }} -{{- end -}} diff --git a/charts/stackstate/stackstate-k8s-agent/1.0.96/templates/checks-agent-configmap.yaml b/charts/stackstate/stackstate-k8s-agent/1.0.96/templates/checks-agent-configmap.yaml deleted file mode 100644 index 54a1abf2f..000000000 --- a/charts/stackstate/stackstate-k8s-agent/1.0.96/templates/checks-agent-configmap.yaml +++ /dev/null @@ -1,17 +0,0 @@ -{{- if and .Values.checksAgent.enabled .Values.checksAgent.config.override }} -apiVersion: v1 -kind: ConfigMap -metadata: - name: {{ .Release.Name }}-checks-agent - labels: -{{ include "stackstate-k8s-agent.labels" . | indent 4 }} -{{ include "stackstate-k8s-agent.global.extraLabels" . | indent 4 }} - app.kubernetes.io/component: checks-agent - annotations: -{{ include "stackstate-k8s-agent.global.extraAnnotations" . | indent 4 }} -data: -{{- range .Values.checksAgent.config.override }} - {{ .path | replace "/" "_"}}_{{ .name }}: | -{{ .data | indent 4 -}} -{{- end -}} -{{- end -}} diff --git a/charts/stackstate/stackstate-k8s-agent/1.0.96/templates/checks-agent-deployment.yaml b/charts/stackstate/stackstate-k8s-agent/1.0.96/templates/checks-agent-deployment.yaml deleted file mode 100644 index 37a0b1a1d..000000000 --- a/charts/stackstate/stackstate-k8s-agent/1.0.96/templates/checks-agent-deployment.yaml +++ /dev/null @@ -1,185 +0,0 @@ -{{- if .Values.checksAgent.enabled }} -apiVersion: apps/v1 -kind: Deployment -metadata: - name: {{ .Release.Name }}-checks-agent - namespace: {{ .Release.Namespace }} - labels: -{{ include "stackstate-k8s-agent.labels" . | indent 4 }} -{{ include "stackstate-k8s-agent.global.extraLabels" . | indent 4 }} - app.kubernetes.io/component: checks-agent - annotations: -{{ include "stackstate-k8s-agent.global.extraAnnotations" . | indent 4 }} -spec: - selector: - matchLabels: - app.kubernetes.io/component: checks-agent - app.kubernetes.io/instance: {{ .Release.Name }} - app.kubernetes.io/name: {{ include "stackstate-k8s-agent.name" . }} - replicas: {{ .Values.checksAgent.replicas }} -{{- with .Values.checksAgent.strategy }} - strategy: - {{- toYaml . | nindent 4 }} -{{- end }} - template: - metadata: - annotations: - {{- include "stackstate-k8s-agent.checksum-configs" . | nindent 8 }} - {{- include "stackstate-k8s-agent.nodeAgent.configmap.override.checksum" . | nindent 8 }} -{{ include "stackstate-k8s-agent.global.extraAnnotations" . | indent 8 }} - labels: - app.kubernetes.io/component: checks-agent - app.kubernetes.io/instance: {{ .Release.Name }} - app.kubernetes.io/name: {{ include "stackstate-k8s-agent.name" . }} -{{ include "stackstate-k8s-agent.global.extraLabels" . | indent 8 }} - spec: - {{- include "stackstate-k8s-agent.image.pullSecrets" (dict "images" (list .Values.checksAgent.image .Values.all.image) "context" $) | nindent 6 }} - {{- if .Values.all.hardening.enabled}} - terminationGracePeriodSeconds: 240 - {{- end }} - containers: - - name: {{ .Chart.Name }} - image: "{{ include "stackstate-k8s-agent.imageRegistry" . }}/{{ .Values.checksAgent.image.repository }}:{{ .Values.checksAgent.image.tag }}" - imagePullPolicy: "{{ .Values.checksAgent.image.pullPolicy }}" - {{- if .Values.all.hardening.enabled}} - lifecycle: - preStop: - exec: - command: [ "/bin/sh", "-c", "echo 'Giving slim.ai monitor time to submit data...'; sleep 120" ] - {{- end }} - env: - {{ include "stackstate-k8s-agent.apiKeyEnv" . | nindent 10 }} - - name: KUBERNETES_HOSTNAME - valueFrom: - fieldRef: - fieldPath: spec.nodeName - - name: STS_HOSTNAME - value: "$(KUBERNETES_HOSTNAME)-{{ .Values.stackstate.cluster.name}}" - - name: AGENT_VERSION - value: {{ .Values.checksAgent.image.tag | quote }} - - name: LOG_LEVEL - value: {{ .Values.checksAgent.logLevel | quote }} - - name: STS_APM_ENABLED - value: "false" - - name: STS_CLUSTER_AGENT_ENABLED - value: {{ .Values.clusterAgent.enabled | quote }} - {{- if .Values.clusterAgent.enabled }} - - name: STS_CLUSTER_AGENT_KUBERNETES_SERVICE_NAME - value: {{ .Release.Name }}-cluster-agent - {{ include "stackstate-k8s-agent.clusterAgentAuthTokenEnv" . | nindent 10 }} - {{- end }} - - name: STS_CLUSTER_NAME - value: {{ .Values.stackstate.cluster.name | quote }} - - name: STS_SKIP_VALIDATE_CLUSTERNAME - value: "true" - - name: STS_CHECKS_TAG_CARDINALITY - value: {{ .Values.checksAgent.checksTagCardinality | quote }} - - name: STS_EXTRA_CONFIG_PROVIDERS - value: "clusterchecks" - - name: STS_HEALTH_PORT - value: "5555" - - name: STS_LEADER_ELECTION - value: "false" - - name: STS_LOG_LEVEL - value: {{ .Values.checksAgent.logLevel | quote }} - - name: STS_NETWORK_TRACING_ENABLED - value: "false" - - name: STS_PROCESS_AGENT_ENABLED - value: "false" - - name: STS_SKIP_SSL_VALIDATION - value: {{ or .Values.global.skipSslValidation .Values.checksAgent.skipSslValidation | quote }} - - name: STS_STS_URL - value: {{ include "stackstate-k8s-agent.stackstate.url" . }} - {{- if .Values.global.proxy.url }} - - name: STS_PROXY_HTTPS - value: {{ .Values.global.proxy.url | quote }} - - name: STS_PROXY_HTTP - value: {{ .Values.global.proxy.url | quote }} - {{- end }} - {{- range $key, $value := .Values.global.extraEnv.open }} - - name: {{ $key }} - value: {{ $value | quote }} - {{- end }} - {{- range $key, $value := .Values.global.extraEnv.secret }} - - name: {{ $key }} - valueFrom: - secretKeyRef: - name: {{ include "stackstate-k8s-agent.fullname" . }} - key: {{ $key }} - {{- end }} - livenessProbe: - httpGet: - path: /health - port: healthport - failureThreshold: {{ .Values.checksAgent.livenessProbe.failureThreshold }} - initialDelaySeconds: {{ .Values.checksAgent.livenessProbe.initialDelaySeconds }} - periodSeconds: {{ .Values.checksAgent.livenessProbe.periodSeconds }} - successThreshold: {{ .Values.checksAgent.livenessProbe.successThreshold }} - timeoutSeconds: {{ .Values.checksAgent.livenessProbe.timeoutSeconds }} - readinessProbe: - httpGet: - path: /health - port: healthport - failureThreshold: {{ .Values.checksAgent.readinessProbe.failureThreshold }} - initialDelaySeconds: {{ .Values.checksAgent.readinessProbe.initialDelaySeconds }} - periodSeconds: {{ .Values.checksAgent.readinessProbe.periodSeconds }} - successThreshold: {{ .Values.checksAgent.readinessProbe.successThreshold }} - timeoutSeconds: {{ .Values.checksAgent.readinessProbe.timeoutSeconds }} - ports: - - containerPort: 5555 - name: healthport - protocol: TCP - {{- if .Values.all.hardening.enabled}} - securityContext: - privileged: true - runAsUser: 0 # root - capabilities: - add: [ "ALL" ] - readOnlyRootFilesystem: false - {{- else }} - securityContext: - privileged: false - {{- end }} - {{- with .Values.checksAgent.resources }} - resources: - {{- toYaml . | nindent 12 }} - {{- end }} - volumeMounts: - - name: confd-empty-volume - mountPath: /etc/stackstate-agent/conf.d -# setting as readOnly: false because we need the ability to write data on /etc/stackstate-agent/conf.d as we enable checks to run. - readOnly: false - {{- if .Values.checksAgent.config.override }} - {{- range .Values.checksAgent.config.override }} - - name: config-override-volume - mountPath: {{ .path }}/{{ .name }} - subPath: {{ .path | replace "/" "_"}}_{{ .name }} - readOnly: true - {{- end }} - {{- end }} - {{- if .Values.checksAgent.priorityClassName }} - priorityClassName: {{ .Values.checksAgent.priorityClassName }} - {{- end }} - serviceAccountName: {{ .Release.Name }}-checks-agent - nodeSelector: - {{ template "label.os" . }}: {{ .Values.targetSystem }} - {{- with .Values.checksAgent.nodeSelector }} - {{- toYaml . | nindent 8 }} - {{- end }} - {{- with .Values.checksAgent.affinity }} - affinity: - {{- toYaml . | nindent 8 }} - {{- end }} - {{- with .Values.checksAgent.tolerations }} - tolerations: - {{- toYaml . | nindent 8 }} - {{- end }} - volumes: - - name: confd-empty-volume - emptyDir: {} - {{- if .Values.checksAgent.config.override }} - - name: config-override-volume - configMap: - name: {{ .Release.Name }}-checks-agent - {{- end }} -{{- end -}} diff --git a/charts/stackstate/stackstate-k8s-agent/1.0.96/templates/checks-agent-poddisruptionbudget.yaml b/charts/stackstate/stackstate-k8s-agent/1.0.96/templates/checks-agent-poddisruptionbudget.yaml deleted file mode 100644 index 19d3924ea..000000000 --- a/charts/stackstate/stackstate-k8s-agent/1.0.96/templates/checks-agent-poddisruptionbudget.yaml +++ /dev/null @@ -1,23 +0,0 @@ -{{- if .Values.checksAgent.enabled }} -{{- if .Capabilities.APIVersions.Has "policy/v1/PodDisruptionBudget" }} -apiVersion: policy/v1 -{{- else }} -apiVersion: policy/v1beta1 -{{- end }} -kind: PodDisruptionBudget -metadata: - name: {{ .Release.Name }}-checks-agent - labels: -{{ include "stackstate-k8s-agent.labels" . | indent 4 }} -{{ include "stackstate-k8s-agent.global.extraLabels" . | indent 4 }} - app.kubernetes.io/component: checks-agent - annotations: -{{ include "stackstate-k8s-agent.global.extraAnnotations" . | indent 4 }} -spec: - maxUnavailable: 1 - selector: - matchLabels: - app.kubernetes.io/component: checks-agent - app.kubernetes.io/instance: {{ .Release.Name }} - app.kubernetes.io/name: {{ include "stackstate-k8s-agent.name" . }} -{{- end -}} diff --git a/charts/stackstate/stackstate-k8s-agent/1.0.96/templates/checks-agent-serviceaccount.yaml b/charts/stackstate/stackstate-k8s-agent/1.0.96/templates/checks-agent-serviceaccount.yaml deleted file mode 100644 index a90a43589..000000000 --- a/charts/stackstate/stackstate-k8s-agent/1.0.96/templates/checks-agent-serviceaccount.yaml +++ /dev/null @@ -1,16 +0,0 @@ -{{- if .Values.checksAgent.enabled }} -apiVersion: v1 -kind: ServiceAccount -metadata: - name: {{ .Release.Name }}-checks-agent - namespace: {{ .Release.Namespace }} - labels: -{{ include "stackstate-k8s-agent.labels" . | indent 4 }} -{{ include "stackstate-k8s-agent.global.extraLabels" . | indent 4 }} - app.kubernetes.io/component: checks-agent - annotations: -{{ include "stackstate-k8s-agent.global.extraAnnotations" . | indent 4 }} -{{- with .Values.checksAgent.serviceaccount.annotations }} - {{- toYaml . | nindent 4 }} -{{- end }} -{{- end -}} diff --git a/charts/stackstate/stackstate-k8s-agent/1.0.96/templates/cluster-agent-clusterrole.yaml b/charts/stackstate/stackstate-k8s-agent/1.0.96/templates/cluster-agent-clusterrole.yaml deleted file mode 100644 index 021a43ebd..000000000 --- a/charts/stackstate/stackstate-k8s-agent/1.0.96/templates/cluster-agent-clusterrole.yaml +++ /dev/null @@ -1,152 +0,0 @@ -{{- $kubeRes := .Values.clusterAgent.collection.kubernetesResources }} -apiVersion: rbac.authorization.k8s.io/v1 -kind: ClusterRole -metadata: - name: {{ include "stackstate-k8s-agent.fullname" . }} - labels: -{{ include "stackstate-k8s-agent.labels" . | indent 4 }} -{{ include "stackstate-k8s-agent.global.extraLabels" . | indent 4 }} - app.kubernetes.io/component: cluster-agent - annotations: -{{ include "stackstate-k8s-agent.global.extraAnnotations" . | indent 4 }} -rules: -- apiGroups: - - "" - resources: - - events - - nodes - - pods - - services - {{- if $kubeRes.namespaces }} - - namespaces - {{- end }} - {{- if .Values.clusterAgent.collection.kubernetesMetrics }} - - componentstatuses - {{- end }} - {{- if $kubeRes.configmaps }} - - configmaps - {{- end }} - {{- if $kubeRes.endpoints }} - - endpoints - {{- end }} - {{- if $kubeRes.persistentvolumeclaims }} - - persistentvolumeclaims - {{- end }} - {{- if $kubeRes.persistentvolumes }} - - persistentvolumes - {{- end }} - {{- if $kubeRes.secrets }} - - secrets - {{- end }} - {{- if $kubeRes.resourcequotas }} - - resourcequotas - {{- end }} - verbs: - - get - - list - - watch -{{- if or $kubeRes.daemonsets $kubeRes.deployments $kubeRes.replicasets $kubeRes.statefulsets }} -- apiGroups: - - "apps" - resources: - {{- if $kubeRes.daemonsets }} - - daemonsets - {{- end }} - {{- if $kubeRes.deployments }} - - deployments - {{- end }} - {{- if $kubeRes.replicasets }} - - replicasets - {{- end }} - {{- if $kubeRes.statefulsets }} - - statefulsets - {{- end }} - verbs: - - get - - list - - watch -{{- end}} -{{- if $kubeRes.ingresses }} -- apiGroups: - - "extensions" - - "networking.k8s.io" - resources: - - ingresses - verbs: - - get - - list - - watch -{{- end}} -{{- if or $kubeRes.cronjobs $kubeRes.jobs }} -- apiGroups: - - "batch" - resources: - {{- if $kubeRes.cronjobs }} - - cronjobs - {{- end }} - {{- if $kubeRes.jobs }} - - jobs - {{- end }} - verbs: - - get - - list - - watch -{{- end}} -- nonResourceURLs: - - "/healthz" - - "/version" - verbs: - - get -- apiGroups: - - "storage.k8s.io" - resources: - {{- if $kubeRes.volumeattachments }} - - volumeattachments - {{- end }} - {{- if $kubeRes.storageclasses }} - - storageclasses - {{- end }} - verbs: - - get - - list - - watch -- apiGroups: - - "policy" - resources: - {{- if $kubeRes.poddisruptionbudgets }} - - poddisruptionbudgets - {{- end }} - verbs: - - get - - list - - watch -- apiGroups: - - "" - resources: - {{- if $kubeRes.replicationcontrollers }} - - replicationcontrollers - {{- end }} - verbs: - - get - - list - - watch -- apiGroups: - - "autoscaling" - resources: - {{- if $kubeRes.horizontalpodautoscalers }} - - horizontalpodautoscalers - {{- end }} - verbs: - - get - - list - - watch -- apiGroups: - - "" - resources: - {{- if $kubeRes.limitranges }} - - limitranges - {{- end }} - verbs: - - get - - list - - watch diff --git a/charts/stackstate/stackstate-k8s-agent/1.0.96/templates/cluster-agent-clusterrolebinding.yaml b/charts/stackstate/stackstate-k8s-agent/1.0.96/templates/cluster-agent-clusterrolebinding.yaml deleted file mode 100644 index 207613dd9..000000000 --- a/charts/stackstate/stackstate-k8s-agent/1.0.96/templates/cluster-agent-clusterrolebinding.yaml +++ /dev/null @@ -1,19 +0,0 @@ -apiVersion: rbac.authorization.k8s.io/v1 -kind: ClusterRoleBinding -metadata: - name: {{ include "stackstate-k8s-agent.fullname" . }} - labels: -{{ include "stackstate-k8s-agent.labels" . | indent 4 }} -{{ include "stackstate-k8s-agent.global.extraLabels" . | indent 4 }} - app.kubernetes.io/component: cluster-agent - annotations: -{{ include "stackstate-k8s-agent.global.extraAnnotations" . | indent 4 }} -roleRef: - apiGroup: rbac.authorization.k8s.io - kind: ClusterRole - name: {{ include "stackstate-k8s-agent.fullname" . }} -subjects: -- apiGroup: "" - kind: ServiceAccount - name: {{ include "stackstate-k8s-agent.fullname" . }} - namespace: {{ .Release.Namespace }} diff --git a/charts/stackstate/stackstate-k8s-agent/1.0.96/templates/cluster-agent-configmap.yaml b/charts/stackstate/stackstate-k8s-agent/1.0.96/templates/cluster-agent-configmap.yaml deleted file mode 100644 index 37d10217f..000000000 --- a/charts/stackstate/stackstate-k8s-agent/1.0.96/templates/cluster-agent-configmap.yaml +++ /dev/null @@ -1,31 +0,0 @@ -apiVersion: v1 -kind: ConfigMap -metadata: - name: {{ .Release.Name }}-cluster-agent - labels: -{{ include "stackstate-k8s-agent.labels" . | indent 4 }} -{{ include "stackstate-k8s-agent.global.extraLabels" . | indent 4 }} - app.kubernetes.io/component: cluster-agent - annotations: -{{ include "stackstate-k8s-agent.global.extraAnnotations" . | indent 4 }} -data: - kubernetes_api_events_conf: | - init_config: - instances: - - collect_events: {{ .Values.clusterAgent.collection.kubernetesEvents }} - event_categories:{{ .Values.clusterAgent.config.events.categories | toYaml | nindent 10 }} - kubernetes_api_topology_conf: | - init_config: - instances: - - collection_interval: {{ .Values.clusterAgent.config.topology.collectionInterval }} - resources:{{ .Values.clusterAgent.collection.kubernetesResources | toYaml | nindent 10 }} - {{- if .Values.clusterAgent.collection.kubeStateMetrics.enabled }} - kube_state_metrics_core_conf: | - {{- include "cluster-agent-kube-state-metrics" . | nindent 6 }} - {{- end }} -{{- if .Values.clusterAgent.config.override }} -{{- range .Values.clusterAgent.config.override }} - {{ .path | replace "/" "_"}}_{{ .name }}: | -{{ .data | indent 4 -}} -{{- end -}} -{{- end -}} diff --git a/charts/stackstate/stackstate-k8s-agent/1.0.96/templates/cluster-agent-deployment.yaml b/charts/stackstate/stackstate-k8s-agent/1.0.96/templates/cluster-agent-deployment.yaml deleted file mode 100644 index 51025a670..000000000 --- a/charts/stackstate/stackstate-k8s-agent/1.0.96/templates/cluster-agent-deployment.yaml +++ /dev/null @@ -1,169 +0,0 @@ -apiVersion: apps/v1 -kind: Deployment -metadata: - name: {{ .Release.Name }}-cluster-agent - labels: -{{ include "stackstate-k8s-agent.labels" . | indent 4 }} -{{ include "stackstate-k8s-agent.global.extraLabels" . | indent 4 }} - app.kubernetes.io/component: cluster-agent - annotations: -{{ include "stackstate-k8s-agent.global.extraAnnotations" . | indent 4 }} -spec: - replicas: {{ .Values.clusterAgent.replicaCount }} - selector: - matchLabels: - app.kubernetes.io/component: cluster-agent - app.kubernetes.io/instance: {{ .Release.Name }} - app.kubernetes.io/name: {{ include "stackstate-k8s-agent.name" . }} -{{- with .Values.clusterAgent.strategy }} - strategy: - {{- toYaml . | nindent 4 }} -{{- end }} - template: - metadata: - annotations: - {{- include "stackstate-k8s-agent.checksum-configs" . | nindent 8 }} - {{- include "stackstate-k8s-agent.configmap.override.checksum" . | nindent 8 }} -{{ include "stackstate-k8s-agent.global.extraAnnotations" . | indent 8 }} - labels: - app.kubernetes.io/component: cluster-agent - app.kubernetes.io/instance: {{ .Release.Name }} - app.kubernetes.io/name: {{ include "stackstate-k8s-agent.name" . }} -{{ include "stackstate-k8s-agent.global.extraLabels" . | indent 8 }} - spec: - {{- include "stackstate-k8s-agent.image.pullSecrets" (dict "images" (list .Values.clusterAgent.image .Values.all.image) "context" $) | nindent 6 }} - {{- if .Values.clusterAgent.priorityClassName }} - priorityClassName: {{ .Values.clusterAgent.priorityClassName }} - {{- end }} - serviceAccountName: {{ include "stackstate-k8s-agent.fullname" . }} - {{- if .Values.all.hardening.enabled}} - terminationGracePeriodSeconds: 240 - {{- end }} - containers: - - name: cluster-agent - image: "{{ include "stackstate-k8s-agent.imageRegistry" . }}/{{ .Values.clusterAgent.image.repository }}:{{ .Values.clusterAgent.image.tag }}" - imagePullPolicy: "{{ .Values.clusterAgent.image.pullPolicy }}" - {{- if .Values.all.hardening.enabled}} - lifecycle: - preStop: - exec: - command: [ "/bin/sh", "-c", "echo 'Giving slim.ai monitor time to submit data...'; sleep 120" ] - {{- end }} - env: - {{ include "stackstate-k8s-agent.apiKeyEnv" . | nindent 10 }} - {{ include "stackstate-k8s-agent.clusterAgentAuthTokenEnv" . | nindent 10 }} - - name: KUBERNETES_HOSTNAME - valueFrom: - fieldRef: - fieldPath: spec.nodeName - - name: STS_HOSTNAME - value: "$(KUBERNETES_HOSTNAME)-{{ .Values.stackstate.cluster.name}}" - - name: LOG_LEVEL - value: {{ .Values.clusterAgent.logLevel | quote }} - {{- if .Values.checksAgent.enabled }} - - name: STS_CLUSTER_CHECKS_ENABLED - value: "true" - - name: STS_EXTRA_CONFIG_PROVIDERS - value: "kube_endpoints kube_services" - - name: STS_EXTRA_LISTENERS - value: "kube_endpoints kube_services" - {{- end }} - - name: STS_CLUSTER_NAME - value: {{.Values.stackstate.cluster.name | quote }} - - name: STS_SKIP_VALIDATE_CLUSTERNAME - value: "true" - - name: STS_SKIP_SSL_VALIDATION - value: {{ or .Values.global.skipSslValidation .Values.clusterAgent.skipSslValidation | quote }} - - name: STS_COLLECT_KUBERNETES_METRICS - value: {{ .Values.clusterAgent.collection.kubernetesMetrics | quote }} - - name: STS_COLLECT_KUBERNETES_TIMEOUT - value: {{ .Values.clusterAgent.collection.kubernetesTimeout | quote }} - - name: STS_COLLECT_KUBERNETES_TOPOLOGY - value: {{ .Values.clusterAgent.collection.kubernetesTopology | quote }} - - name: STS_LEADER_ELECTION - value: "true" - - name: STS_LOG_LEVEL - value: {{ .Values.clusterAgent.logLevel | quote }} - - name: STS_CLUSTER_AGENT_CMD_PORT - value: {{ .Values.clusterAgent.service.targetPort | quote }} - - name: STS_STS_URL - value: {{ include "stackstate-k8s-agent.stackstate.url" . }} - {{- if .Values.clusterAgent.config.configMap.maxDataSize }} - - name: STS_CONFIGMAP_MAX_DATASIZE - value: {{ .Values.clusterAgent.config.configMap.maxDataSize | quote }} - {{- end}} - {{- if .Values.global.proxy.url }} - - name: STS_PROXY_HTTPS - value: {{ .Values.global.proxy.url | quote }} - - name: STS_PROXY_HTTP - value: {{ .Values.global.proxy.url | quote }} - {{- end }} - {{- range $key, $value := .Values.global.extraEnv.open }} - - name: {{ $key }} - value: {{ $value | quote }} - {{- end }} - {{- range $key, $value := .Values.global.extraEnv.secret }} - - name: {{ $key }} - valueFrom: - secretKeyRef: - name: {{ include "stackstate-k8s-agent.fullname" . }} - key: {{ $key }} - {{- end }} - {{- if .Values.all.hardening.enabled}} - securityContext: - privileged: true - runAsUser: 0 # root - capabilities: - add: [ "ALL" ] - readOnlyRootFilesystem: false - {{- else }} - securityContext: - privileged: false - {{- end }} - {{- with .Values.clusterAgent.resources }} - resources: - {{- toYaml . | nindent 12 }} - {{- end }} - volumeMounts: - - name: logs - mountPath: /var/log/stackstate-agent - - name: config-override-volume - mountPath: /etc/stackstate-agent/conf.d/kubernetes_api_events.d/conf.yaml - subPath: kubernetes_api_events_conf - - name: config-override-volume - mountPath: /etc/stackstate-agent/conf.d/kubernetes_api_topology.d/conf.yaml - subPath: kubernetes_api_topology_conf - readOnly: true - {{- if .Values.clusterAgent.collection.kubeStateMetrics.enabled }} - - name: config-override-volume - mountPath: /etc/stackstate-agent/conf.d/kubernetes_state_core.d/conf.yaml - subPath: kube_state_metrics_core_conf - readOnly: true - {{- end }} - {{- if .Values.clusterAgent.config.override }} - {{- range .Values.clusterAgent.config.override }} - - name: config-override-volume - mountPath: {{ .path }}/{{ .name }} - subPath: {{ .path | replace "/" "_"}}_{{ .name }} - readOnly: true - {{- end }} - {{- end }} - nodeSelector: - {{ template "label.os" . }}: {{ .Values.targetSystem }} - {{- with .Values.clusterAgent.nodeSelector }} - {{- toYaml . | nindent 8 }} - {{- end }} - {{- with .Values.clusterAgent.affinity }} - affinity: - {{- toYaml . | nindent 8 }} - {{- end }} - {{- with .Values.clusterAgent.tolerations }} - tolerations: - {{- toYaml . | nindent 8 }} - {{- end }} - volumes: - - name: logs - emptyDir: {} - - name: config-override-volume - configMap: - name: {{ .Release.Name }}-cluster-agent diff --git a/charts/stackstate/stackstate-k8s-agent/1.0.96/templates/cluster-agent-poddisruptionbudget.yaml b/charts/stackstate/stackstate-k8s-agent/1.0.96/templates/cluster-agent-poddisruptionbudget.yaml deleted file mode 100644 index 64a265b7d..000000000 --- a/charts/stackstate/stackstate-k8s-agent/1.0.96/templates/cluster-agent-poddisruptionbudget.yaml +++ /dev/null @@ -1,21 +0,0 @@ -{{- if .Capabilities.APIVersions.Has "policy/v1/PodDisruptionBudget" }} -apiVersion: policy/v1 -{{- else }} -apiVersion: policy/v1beta1 -{{- end }} -kind: PodDisruptionBudget -metadata: - name: {{ include "stackstate-k8s-agent.fullname" . }} - labels: -{{ include "stackstate-k8s-agent.labels" . | indent 4 }} -{{ include "stackstate-k8s-agent.global.extraLabels" . | indent 4 }} - app.kubernetes.io/component: cluster-agent - annotations: -{{ include "stackstate-k8s-agent.global.extraAnnotations" . | indent 4 }} -spec: - maxUnavailable: 1 - selector: - matchLabels: - app.kubernetes.io/component: cluster-agent - app.kubernetes.io/instance: {{ .Release.Name }} - app.kubernetes.io/name: {{ include "stackstate-k8s-agent.name" . }} diff --git a/charts/stackstate/stackstate-k8s-agent/1.0.96/templates/cluster-agent-role.yaml b/charts/stackstate/stackstate-k8s-agent/1.0.96/templates/cluster-agent-role.yaml deleted file mode 100644 index eabc5bde3..000000000 --- a/charts/stackstate/stackstate-k8s-agent/1.0.96/templates/cluster-agent-role.yaml +++ /dev/null @@ -1,21 +0,0 @@ -{{- $kubeRes := .Values.clusterAgent.collection.kubernetesResources }} -apiVersion: rbac.authorization.k8s.io/v1 -kind: Role -metadata: - name: {{ include "stackstate-k8s-agent.fullname" . }} - labels: -{{ include "stackstate-k8s-agent.labels" . | indent 4 }} -{{ include "stackstate-k8s-agent.global.extraLabels" . | indent 4 }} - app.kubernetes.io/component: cluster-agent - annotations: -{{ include "stackstate-k8s-agent.global.extraAnnotations" . | indent 4 }} -rules: -- apiGroups: - - "" - resources: - - configmaps - verbs: - - create - - get - - patch - - update diff --git a/charts/stackstate/stackstate-k8s-agent/1.0.96/templates/cluster-agent-rolebinding.yaml b/charts/stackstate/stackstate-k8s-agent/1.0.96/templates/cluster-agent-rolebinding.yaml deleted file mode 100644 index adabad45e..000000000 --- a/charts/stackstate/stackstate-k8s-agent/1.0.96/templates/cluster-agent-rolebinding.yaml +++ /dev/null @@ -1,18 +0,0 @@ -apiVersion: rbac.authorization.k8s.io/v1 -kind: RoleBinding -metadata: - name: {{ include "stackstate-k8s-agent.fullname" . }} - labels: -{{ include "stackstate-k8s-agent.labels" . | indent 4 }} -{{ include "stackstate-k8s-agent.global.extraLabels" . | indent 4 }} - app.kubernetes.io/component: cluster-agent - annotations: -{{ include "stackstate-k8s-agent.global.extraAnnotations" . | indent 4 }} -roleRef: - apiGroup: rbac.authorization.k8s.io - kind: Role - name: {{ include "stackstate-k8s-agent.fullname" . }} -subjects: -- apiGroup: "" - kind: ServiceAccount - name: {{ include "stackstate-k8s-agent.fullname" . }} diff --git a/charts/stackstate/stackstate-k8s-agent/1.0.96/templates/cluster-agent-service.yaml b/charts/stackstate/stackstate-k8s-agent/1.0.96/templates/cluster-agent-service.yaml deleted file mode 100644 index 8b687e8f7..000000000 --- a/charts/stackstate/stackstate-k8s-agent/1.0.96/templates/cluster-agent-service.yaml +++ /dev/null @@ -1,21 +0,0 @@ -apiVersion: v1 -kind: Service -metadata: - name: {{ .Release.Name }}-cluster-agent - namespace: {{ .Release.Namespace }} - labels: -{{ include "stackstate-k8s-agent.labels" . | indent 4 }} -{{ include "stackstate-k8s-agent.global.extraLabels" . | indent 4 }} - app.kubernetes.io/component: cluster-agent - annotations: -{{ include "stackstate-k8s-agent.global.extraAnnotations" . | indent 4 }} -spec: - ports: - - name: clusteragent - port: {{int .Values.clusterAgent.service.port }} - protocol: TCP - targetPort: {{int .Values.clusterAgent.service.targetPort }} - selector: - app.kubernetes.io/component: cluster-agent - app.kubernetes.io/instance: {{ .Release.Name }} - app.kubernetes.io/name: {{ include "stackstate-k8s-agent.name" . }} diff --git a/charts/stackstate/stackstate-k8s-agent/1.0.96/templates/cluster-agent-serviceaccount.yaml b/charts/stackstate/stackstate-k8s-agent/1.0.96/templates/cluster-agent-serviceaccount.yaml deleted file mode 100644 index 6cbc89699..000000000 --- a/charts/stackstate/stackstate-k8s-agent/1.0.96/templates/cluster-agent-serviceaccount.yaml +++ /dev/null @@ -1,14 +0,0 @@ -apiVersion: v1 -kind: ServiceAccount -metadata: - name: {{ include "stackstate-k8s-agent.fullname" . }} - namespace: {{ .Release.Namespace }} - labels: -{{ include "stackstate-k8s-agent.labels" . | indent 4 }} -{{ include "stackstate-k8s-agent.global.extraLabels" . | indent 4 }} - app.kubernetes.io/component: cluster-agent - annotations: -{{ include "stackstate-k8s-agent.global.extraAnnotations" . | indent 4 }} -{{- with .Values.clusterAgent.serviceaccount.annotations }} - {{- toYaml . | nindent 4 }} -{{- end }} diff --git a/charts/stackstate/stackstate-k8s-agent/1.0.96/templates/logs-agent-clusterrole.yaml b/charts/stackstate/stackstate-k8s-agent/1.0.96/templates/logs-agent-clusterrole.yaml deleted file mode 100644 index da6cd59dd..000000000 --- a/charts/stackstate/stackstate-k8s-agent/1.0.96/templates/logs-agent-clusterrole.yaml +++ /dev/null @@ -1,23 +0,0 @@ -{{- if .Values.logsAgent.enabled }} -apiVersion: rbac.authorization.k8s.io/v1 -kind: ClusterRole -metadata: - name: {{ .Release.Name }}-logs-agent - labels: -{{ include "stackstate-k8s-agent.labels" . | indent 4 }} -{{ include "stackstate-k8s-agent.global.extraLabels" . | indent 4 }} - app.kubernetes.io/component: logs-agent - annotations: -{{ include "stackstate-k8s-agent.global.extraAnnotations" . | indent 4 }} -rules: -- apiGroups: # Kubelet connectivity - - "" - resources: - - nodes - - services - - pods - verbs: - - get - - watch - - list -{{- end -}} diff --git a/charts/stackstate/stackstate-k8s-agent/1.0.96/templates/logs-agent-clusterrolebinding.yaml b/charts/stackstate/stackstate-k8s-agent/1.0.96/templates/logs-agent-clusterrolebinding.yaml deleted file mode 100644 index 1f6e7cfcf..000000000 --- a/charts/stackstate/stackstate-k8s-agent/1.0.96/templates/logs-agent-clusterrolebinding.yaml +++ /dev/null @@ -1,21 +0,0 @@ -{{- if .Values.logsAgent.enabled }} -apiVersion: rbac.authorization.k8s.io/v1 -kind: ClusterRoleBinding -metadata: - name: {{ .Release.Name }}-logs-agent - labels: -{{ include "stackstate-k8s-agent.labels" . | indent 4 }} -{{ include "stackstate-k8s-agent.global.extraLabels" . | indent 4 }} - app.kubernetes.io/component: logs-agent - annotations: -{{ include "stackstate-k8s-agent.global.extraAnnotations" . | indent 4 }} -roleRef: - apiGroup: rbac.authorization.k8s.io - kind: ClusterRole - name: {{ .Release.Name }}-logs-agent -subjects: -- apiGroup: "" - kind: ServiceAccount - name: {{ .Release.Name }}-logs-agent - namespace: {{ .Release.Namespace }} -{{- end -}} diff --git a/charts/stackstate/stackstate-k8s-agent/1.0.96/templates/logs-agent-configmap.yaml b/charts/stackstate/stackstate-k8s-agent/1.0.96/templates/logs-agent-configmap.yaml deleted file mode 100644 index ff9440a4b..000000000 --- a/charts/stackstate/stackstate-k8s-agent/1.0.96/templates/logs-agent-configmap.yaml +++ /dev/null @@ -1,63 +0,0 @@ -{{- if .Values.logsAgent.enabled }} -apiVersion: v1 -kind: ConfigMap -metadata: - name: {{ .Release.Name }}-logs-agent - labels: -{{ include "stackstate-k8s-agent.labels" . | indent 4 }} -{{ include "stackstate-k8s-agent.global.extraLabels" . | indent 4 }} - app.kubernetes.io/component: logs-agent - annotations: -{{ include "stackstate-k8s-agent.global.extraAnnotations" . | indent 4 }} -data: - promtail.yaml: | - server: - http_listen_port: 9080 - grpc_listen_port: 0 - - clients: - - url: {{ tpl .Values.stackstate.url . }}/logs/k8s?api_key=${STS_API_KEY} - external_labels: - sts_cluster_name: {{ .Values.stackstate.cluster.name | quote }} - {{- if .Values.global.proxy.url }} - proxy_url: {{ .Values.global.proxy.url | quote }} - {{- end }} - tls_config: - insecure_skip_verify: {{ or .Values.global.skipSslValidation .Values.logsAgent.skipSslValidation }} - - - positions: - filename: /tmp/positions.yaml - target_config: - sync_period: 10s - scrape_configs: - - job_name: pod-logs - kubernetes_sd_configs: - - role: pod - pipeline_stages: - - docker: {} - - cri: {} - relabel_configs: - - action: replace - source_labels: - - __meta_kubernetes_pod_name - target_label: pod_name - - action: replace - source_labels: - - __meta_kubernetes_pod_uid - target_label: pod_uid - - action: replace - source_labels: - - __meta_kubernetes_pod_container_name - target_label: container_name - # The __path__ is required by the promtail client - - replacement: /var/log/pods/*$1/*.log - separator: / - source_labels: - - __meta_kubernetes_pod_uid - - __meta_kubernetes_pod_container_name - target_label: __path__ - # Drop all remaining labels, we do not need those - - action: drop - regex: __meta_(.*) -{{- end -}} diff --git a/charts/stackstate/stackstate-k8s-agent/1.0.96/templates/logs-agent-daemonset.yaml b/charts/stackstate/stackstate-k8s-agent/1.0.96/templates/logs-agent-daemonset.yaml deleted file mode 100644 index 23cfce31f..000000000 --- a/charts/stackstate/stackstate-k8s-agent/1.0.96/templates/logs-agent-daemonset.yaml +++ /dev/null @@ -1,91 +0,0 @@ -{{- if .Values.logsAgent.enabled }} -apiVersion: apps/v1 -kind: DaemonSet -metadata: - name: {{ .Release.Name }}-logs-agent - namespace: {{ .Release.Namespace }} - labels: -{{ include "stackstate-k8s-agent.labels" . | indent 4 }} -{{ include "stackstate-k8s-agent.global.extraLabels" . | indent 4 }} - app.kubernetes.io/component: logs-agent - annotations: -{{ include "stackstate-k8s-agent.global.extraAnnotations" . | indent 4 }} -spec: - selector: - matchLabels: - app.kubernetes.io/component: logs-agent - app.kubernetes.io/instance: {{ .Release.Name }} - app.kubernetes.io/name: {{ include "stackstate-k8s-agent.name" . }} -{{- with .Values.logsAgent.updateStrategy }} - updateStrategy: - {{- toYaml . | nindent 4 }} -{{- end }} - template: - metadata: - annotations: - {{- include "stackstate-k8s-agent.checksum-configs" . | nindent 8 }} - {{- include "stackstate-k8s-agent.logsAgent.configmap.override.checksum" . | nindent 8 }} -{{ include "stackstate-k8s-agent.global.extraAnnotations" . | indent 8 }} - labels: - app.kubernetes.io/component: logs-agent - app.kubernetes.io/instance: {{ .Release.Name }} - app.kubernetes.io/name: {{ include "stackstate-k8s-agent.name" . }} -{{ include "stackstate-k8s-agent.global.extraLabels" . | indent 8 }} - spec: - {{- include "stackstate-k8s-agent.image.pullSecrets" (dict "images" (list .Values.logsAgent.image .Values.all.image) "context" $) | nindent 6 }} - containers: - - name: logs-agent - image: "{{ include "stackstate-k8s-agent.imageRegistry" . }}/{{ .Values.logsAgent.image.repository }}:{{ .Values.logsAgent.image.tag }}" - args: - - -config.expand-env=true - - -config.file=/etc/promtail/promtail.yaml - imagePullPolicy: "{{ .Values.logsAgent.image.pullPolicy }}" - env: - {{ include "stackstate-k8s-agent.apiKeyEnv" . | nindent 10 }} - - name: "HOSTNAME" # needed when using kubernetes_sd_configs - valueFrom: - fieldRef: - fieldPath: "spec.nodeName" - securityContext: - privileged: false - {{- with .Values.logsAgent.resources }} - resources: - {{- toYaml . | nindent 12 }} - {{- end }} - volumeMounts: - - name: logs - mountPath: /var/log - readOnly: true - - name: logs-agent-config - mountPath: /etc/promtail - readOnly: true - - name: varlibdockercontainers - mountPath: /var/lib/docker/containers - readOnly: true - {{- if .Values.logsAgent.priorityClassName }} - priorityClassName: {{ .Values.logsAgent.priorityClassName }} - {{- end }} - serviceAccountName: {{ .Release.Name }}-logs-agent - {{- with .Values.logsAgent.nodeSelector }} - nodeSelector: - {{- toYaml . | nindent 8 }} - {{- end }} - {{- with .Values.logsAgent.affinity }} - affinity: - {{- toYaml . | nindent 8 }} - {{- end }} - {{- with .Values.logsAgent.tolerations }} - tolerations: - {{- toYaml . | nindent 8 }} - {{- end }} - volumes: - - name: logs - hostPath: - path: /var/log - - name: varlibdockercontainers - hostPath: - path: /var/lib/docker/containers - - name: logs-agent-config - configMap: - name: {{ .Release.Name }}-logs-agent -{{- end -}} diff --git a/charts/stackstate/stackstate-k8s-agent/1.0.96/templates/logs-agent-serviceaccount.yaml b/charts/stackstate/stackstate-k8s-agent/1.0.96/templates/logs-agent-serviceaccount.yaml deleted file mode 100644 index 91cfdb137..000000000 --- a/charts/stackstate/stackstate-k8s-agent/1.0.96/templates/logs-agent-serviceaccount.yaml +++ /dev/null @@ -1,16 +0,0 @@ -{{- if .Values.logsAgent.enabled }} -apiVersion: v1 -kind: ServiceAccount -metadata: - name: {{ .Release.Name }}-logs-agent - namespace: {{ .Release.Namespace }} - labels: -{{ include "stackstate-k8s-agent.labels" . | indent 4 }} -{{ include "stackstate-k8s-agent.global.extraLabels" . | indent 4 }} - app.kubernetes.io/component: logs-agent - annotations: -{{ include "stackstate-k8s-agent.global.extraAnnotations" . | indent 4 }} -{{- with .Values.logsAgent.serviceaccount.annotations }} - {{- toYaml . | nindent 4 }} -{{- end }} -{{- end -}} diff --git a/charts/stackstate/stackstate-k8s-agent/1.0.96/templates/node-agent-clusterrole.yaml b/charts/stackstate/stackstate-k8s-agent/1.0.96/templates/node-agent-clusterrole.yaml deleted file mode 100644 index 1ded16cc2..000000000 --- a/charts/stackstate/stackstate-k8s-agent/1.0.96/templates/node-agent-clusterrole.yaml +++ /dev/null @@ -1,21 +0,0 @@ -apiVersion: rbac.authorization.k8s.io/v1 -kind: ClusterRole -metadata: - name: {{ .Release.Name }}-node-agent - labels: -{{ include "stackstate-k8s-agent.labels" . | indent 4 }} -{{ include "stackstate-k8s-agent.global.extraLabels" . | indent 4 }} - app.kubernetes.io/component: node-agent - annotations: -{{ include "stackstate-k8s-agent.global.extraAnnotations" . | indent 4 }} -rules: -- apiGroups: # Kubelet connectivity - - "" - resources: - - nodes/metrics - - nodes/proxy - - nodes/spec - - endpoints - verbs: - - get - - list diff --git a/charts/stackstate/stackstate-k8s-agent/1.0.96/templates/node-agent-clusterrolebinding.yaml b/charts/stackstate/stackstate-k8s-agent/1.0.96/templates/node-agent-clusterrolebinding.yaml deleted file mode 100644 index b3f033ebb..000000000 --- a/charts/stackstate/stackstate-k8s-agent/1.0.96/templates/node-agent-clusterrolebinding.yaml +++ /dev/null @@ -1,19 +0,0 @@ -apiVersion: rbac.authorization.k8s.io/v1 -kind: ClusterRoleBinding -metadata: - name: {{ .Release.Name }}-node-agent - labels: -{{ include "stackstate-k8s-agent.labels" . | indent 4 }} -{{ include "stackstate-k8s-agent.global.extraLabels" . | indent 4 }} - app.kubernetes.io/component: node-agent - annotations: -{{ include "stackstate-k8s-agent.global.extraAnnotations" . | indent 4 }} -roleRef: - apiGroup: rbac.authorization.k8s.io - kind: ClusterRole - name: {{ .Release.Name }}-node-agent -subjects: -- apiGroup: "" - kind: ServiceAccount - name: {{ .Release.Name }}-node-agent - namespace: {{ .Release.Namespace }} diff --git a/charts/stackstate/stackstate-k8s-agent/1.0.96/templates/node-agent-configmap.yaml b/charts/stackstate/stackstate-k8s-agent/1.0.96/templates/node-agent-configmap.yaml deleted file mode 100644 index 8f6b2ed3a..000000000 --- a/charts/stackstate/stackstate-k8s-agent/1.0.96/templates/node-agent-configmap.yaml +++ /dev/null @@ -1,17 +0,0 @@ -{{- if .Values.nodeAgent.config.override }} -apiVersion: v1 -kind: ConfigMap -metadata: - name: {{ .Release.Name }}-node-agent - labels: -{{ include "stackstate-k8s-agent.labels" . | indent 4 }} -{{ include "stackstate-k8s-agent.global.extraLabels" . | indent 4 }} - app.kubernetes.io/component: node-agent - annotations: -{{ include "stackstate-k8s-agent.global.extraAnnotations" . | indent 4 }} -data: -{{- range .Values.nodeAgent.config.override }} - {{ .path | replace "/" "_"}}_{{ .name }}: | -{{ .data | indent 4 -}} -{{- end -}} -{{- end -}} diff --git a/charts/stackstate/stackstate-k8s-agent/1.0.96/templates/node-agent-daemonset.yaml b/charts/stackstate/stackstate-k8s-agent/1.0.96/templates/node-agent-daemonset.yaml deleted file mode 100644 index 4c8dbdd5a..000000000 --- a/charts/stackstate/stackstate-k8s-agent/1.0.96/templates/node-agent-daemonset.yaml +++ /dev/null @@ -1,110 +0,0 @@ ---- -apiVersion: apps/v1 -kind: DaemonSet -metadata: - name: {{ .Release.Name }}-node-agent - namespace: {{ .Release.Namespace }} - labels: -{{ include "stackstate-k8s-agent.labels" . | indent 4 }} -{{ include "stackstate-k8s-agent.global.extraLabels" . | indent 4 }} - app.kubernetes.io/component: node-agent - annotations: -{{ include "stackstate-k8s-agent.global.extraAnnotations" . | indent 4 }} -spec: - selector: - matchLabels: - app.kubernetes.io/component: node-agent - app.kubernetes.io/instance: {{ .Release.Name }} - app.kubernetes.io/name: {{ include "stackstate-k8s-agent.name" . }} -{{- with .Values.nodeAgent.updateStrategy }} - updateStrategy: - {{- toYaml . | nindent 4 }} -{{- end }} - template: - metadata: - annotations: - {{- include "stackstate-k8s-agent.checksum-configs" . | nindent 8 }} - {{- include "stackstate-k8s-agent.nodeAgent.configmap.override.checksum" . | nindent 8 }} -{{ include "stackstate-k8s-agent.global.extraAnnotations" . | indent 8 }} - labels: - app.kubernetes.io/component: node-agent - app.kubernetes.io/instance: {{ .Release.Name }} - app.kubernetes.io/name: {{ include "stackstate-k8s-agent.name" . }} -{{ include "stackstate-k8s-agent.global.extraLabels" . | indent 8 }} - spec: - {{- include "stackstate-k8s-agent.image.pullSecrets" (dict "images" (list .Values.nodeAgent.containers.agent.image .Values.all.image) "context" $) | nindent 6 }} - {{- if .Values.all.hardening.enabled}} - terminationGracePeriodSeconds: 240 - {{- end }} - containers: - {{- include "container-agent" . | nindent 6 }} - {{- if .Values.nodeAgent.containers.processAgent.enabled }} - {{- include "container-process-agent" . | nindent 6 }} - {{- end }} - dnsPolicy: ClusterFirstWithHostNet - hostNetwork: true - hostPID: true - {{- if .Values.nodeAgent.priorityClassName }} - priorityClassName: {{ .Values.nodeAgent.priorityClassName }} - {{- end }} - serviceAccountName: {{ .Release.Name }}-node-agent - nodeSelector: - {{ template "label.os" . }}: {{ .Values.targetSystem }} - {{- with .Values.nodeAgent.nodeSelector }} - {{- toYaml . | nindent 8 }} - {{- end }} - {{- with .Values.nodeAgent.affinity }} - affinity: - {{- toYaml . | nindent 8 }} - {{- end }} - {{- with .Values.nodeAgent.tolerations }} - tolerations: - {{- toYaml . | nindent 8 }} - {{- end }} - volumes: - {{- if .Values.nodeAgent.containerRuntime.customSocketPath }} - - hostPath: - path: {{ .Values.nodeAgent.containerRuntime.customSocketPath }} - name: customcrisocket - {{- end }} - - hostPath: - path: /var/lib/kubelet - name: kubelet - - hostPath: - path: /var/lib/nfs - name: nfs - - hostPath: - path: /var/lib/docker/overlay2 - name: dockeroverlay2 - - hostPath: - path: /run/docker/netns - name: dockernetns - - hostPath: - path: /var/run/crio/crio.sock - name: crisocket - - hostPath: - path: /var/run/containerd/containerd.sock - name: containerdsocket - - hostPath: - path: /sys/kernel/debug - name: sys-kernel-debug - - hostPath: - path: /var/run/docker.sock - name: dockersocket - - hostPath: - path: {{ .Values.nodeAgent.containerRuntime.hostProc }} - name: procdir - - hostPath: - path: /etc - name: etcdir - - hostPath: - path: /etc/passwd - name: passwd - - hostPath: - path: /sys/fs/cgroup - name: cgroups - {{- if .Values.nodeAgent.config.override }} - - name: config-override-volume - configMap: - name: {{ .Release.Name }}-node-agent - {{- end }} diff --git a/charts/stackstate/stackstate-k8s-agent/1.0.96/templates/node-agent-podautoscaler.yaml b/charts/stackstate/stackstate-k8s-agent/1.0.96/templates/node-agent-podautoscaler.yaml deleted file mode 100644 index 38298d414..000000000 --- a/charts/stackstate/stackstate-k8s-agent/1.0.96/templates/node-agent-podautoscaler.yaml +++ /dev/null @@ -1,39 +0,0 @@ ---- -{{- if .Values.nodeAgent.autoScalingEnabled }} -apiVersion: "autoscaling.k8s.io/v1" -kind: VerticalPodAutoscaler -metadata: - name: {{ .Release.Name }}-node-agent-vpa - namespace: {{ .Release.Namespace }} - labels: -{{ include "stackstate-k8s-agent.global.extraLabels" . | indent 4 }} - annotations: -{{ include "stackstate-k8s-agent.global.extraAnnotations" . | indent 4 }} -spec: - targetRef: - apiVersion: "apps/v1" - kind: DaemonSet - name: {{ .Release.Name }}-node-agent - resourcePolicy: - containerPolicies: - - containerName: 'node-agent' - minAllowed: - cpu: {{ .Values.nodeAgent.scaling.autoscalerLimits.agent.minimum.cpu }} - memory: {{ .Values.nodeAgent.scaling.autoscalerLimits.agent.minimum.memory }} - maxAllowed: - cpu: {{ .Values.nodeAgent.scaling.autoscalerLimits.agent.maximum.cpu }} - memory: {{ .Values.nodeAgent.scaling.autoscalerLimits.agent.maximum.memory }} - controlledResources: ["cpu", "memory"] - controlledValues: RequestsAndLimits - - containerName: 'process-agent' - minAllowed: - cpu: {{ .Values.nodeAgent.scaling.autoscalerLimits.processAgent.minimum.cpu }} - memory: {{ .Values.nodeAgent.scaling.autoscalerLimits.processAgent.minimum.memory }} - maxAllowed: - cpu: {{ .Values.nodeAgent.scaling.autoscalerLimits.processAgent.maximum.cpu }} - memory: {{ .Values.nodeAgent.scaling.autoscalerLimits.processAgent.maximum.memory }} - controlledResources: ["cpu", "memory"] - controlledValues: RequestsAndLimits - updatePolicy: - updateMode: "Auto" -{{- end }} diff --git a/charts/stackstate/stackstate-k8s-agent/1.0.96/templates/node-agent-scc.yaml b/charts/stackstate/stackstate-k8s-agent/1.0.96/templates/node-agent-scc.yaml deleted file mode 100644 index a09da78c1..000000000 --- a/charts/stackstate/stackstate-k8s-agent/1.0.96/templates/node-agent-scc.yaml +++ /dev/null @@ -1,60 +0,0 @@ -{{- if .Values.nodeAgent.scc.enabled }} -allowHostDirVolumePlugin: true -# was true -allowHostIPC: true -# was true -allowHostNetwork: true -# Allow host PID for dogstatsd origin detection -allowHostPID: true -# Allow host ports for dsd / trace / logs intake -allowHostPorts: true -allowPrivilegeEscalation: true -# was true -allowPrivilegedContainer: true -# was - '*' -allowedCapabilities: [] -allowedUnsafeSysctls: -- '*' -apiVersion: security.openshift.io/v1 -defaultAddCapabilities: null -fsGroup: -# was RunAsAny - type: MustRunAs -groups: [] -kind: SecurityContextConstraints -metadata: - name: {{ .Release.Name }}-node-agent - namespace: {{ .Release.Namespace }} - labels: -{{ include "stackstate-k8s-agent.global.extraLabels" . | indent 4 }} - annotations: -{{ include "stackstate-k8s-agent.global.extraAnnotations" . | indent 4 }} -priority: null -readOnlyRootFilesystem: false -requiredDropCapabilities: null -# was RunAsAny -runAsUser: - type: MustRunAsRange -# Use the `spc_t` selinux type to access the -# docker socket + proc and cgroup stats -seLinuxContext: - type: RunAsAny - seLinuxOptions: - user: "system_u" - role: "system_r" - type: "spc_t" - level: "s0" -# was - '*' -seccompProfiles: [] -supplementalGroups: - type: RunAsAny -users: -- system:serviceaccount:{{ .Release.Namespace }}:{{ .Release.Name }}-node-agent -# Allow hostPath for docker / process metrics -volumes: - - configMap - - downwardAPI - - emptyDir - - hostPath - - secret -{{- end }} diff --git a/charts/stackstate/stackstate-k8s-agent/1.0.96/templates/node-agent-service.yaml b/charts/stackstate/stackstate-k8s-agent/1.0.96/templates/node-agent-service.yaml deleted file mode 100644 index 0b6cd6ec0..000000000 --- a/charts/stackstate/stackstate-k8s-agent/1.0.96/templates/node-agent-service.yaml +++ /dev/null @@ -1,28 +0,0 @@ -apiVersion: v1 -kind: Service -metadata: - name: {{ .Release.Name }}-node-agent - namespace: {{ .Release.Namespace }} - labels: -{{ include "stackstate-k8s-agent.labels" . | indent 4 }} -{{ include "stackstate-k8s-agent.global.extraLabels" . | indent 4 }} - app.kubernetes.io/component: node-agent - annotations: -{{ include "stackstate-k8s-agent.global.extraAnnotations" . | indent 4 }} -{{- with .Values.nodeAgent.service.annotations }} - {{- toYaml . | nindent 4 }} -{{- end }} -spec: - type: {{ .Values.nodeAgent.service.type }} -{{- if eq .Values.nodeAgent.service.type "LoadBalancer" }} - loadBalancerSourceRanges: {{ toYaml .Values.nodeAgent.service.loadBalancerSourceRanges | nindent 4}} -{{- end }} - ports: - - name: traceport - port: 8126 - protocol: TCP - targetPort: 8126 - selector: - app.kubernetes.io/component: node-agent - app.kubernetes.io/instance: {{ .Release.Name }} - app.kubernetes.io/name: {{ include "stackstate-k8s-agent.name" . }} diff --git a/charts/stackstate/stackstate-k8s-agent/1.0.96/templates/node-agent-serviceaccount.yaml b/charts/stackstate/stackstate-k8s-agent/1.0.96/templates/node-agent-serviceaccount.yaml deleted file mode 100644 index 803d184ef..000000000 --- a/charts/stackstate/stackstate-k8s-agent/1.0.96/templates/node-agent-serviceaccount.yaml +++ /dev/null @@ -1,14 +0,0 @@ -apiVersion: v1 -kind: ServiceAccount -metadata: - name: {{ .Release.Name }}-node-agent - namespace: {{ .Release.Namespace }} - labels: -{{ include "stackstate-k8s-agent.labels" . | indent 4 }} -{{ include "stackstate-k8s-agent.global.extraLabels" . | indent 4 }} - app.kubernetes.io/component: node-agent - annotations: -{{ include "stackstate-k8s-agent.global.extraAnnotations" . | indent 4 }} -{{- with .Values.nodeAgent.serviceaccount.annotations }} - {{- toYaml . | nindent 4 }} -{{- end }} diff --git a/charts/stackstate/stackstate-k8s-agent/1.0.96/templates/openshift-logging-secret.yaml b/charts/stackstate/stackstate-k8s-agent/1.0.96/templates/openshift-logging-secret.yaml deleted file mode 100644 index ed0707f1f..000000000 --- a/charts/stackstate/stackstate-k8s-agent/1.0.96/templates/openshift-logging-secret.yaml +++ /dev/null @@ -1,22 +0,0 @@ -{{- if not .Values.stackstate.manageOwnSecrets }} -{{- if .Values.openShiftLogging.installSecret }} -apiVersion: v1 -kind: Secret -metadata: - name: {{ include "stackstate-k8s-agent.fullname" . }}-logging-secret - namespace: openshift-logging - labels: -{{ include "stackstate-k8s-agent.labels" . | indent 4 }} -{{ include "stackstate-k8s-agent.global.extraLabels" . | indent 4 }} - annotations: -{{ include "stackstate-k8s-agent.global.extraAnnotations" . | indent 4 }} -type: Opaque -data: - username: {{ "apikey" | b64enc | quote }} -{{- if .Values.global.receiverApiKey }} - password: {{ .Values.global.receiverApiKey | b64enc | quote }} -{{- else }} - password: {{ .Values.stackstate.apiKey | b64enc | quote }} -{{- end }} -{{- end }} -{{- end }} diff --git a/charts/stackstate/stackstate-k8s-agent/1.0.96/templates/pull-secret.yaml b/charts/stackstate/stackstate-k8s-agent/1.0.96/templates/pull-secret.yaml deleted file mode 100644 index 916941665..000000000 --- a/charts/stackstate/stackstate-k8s-agent/1.0.96/templates/pull-secret.yaml +++ /dev/null @@ -1,39 +0,0 @@ -{{- $defaultRegistry := .Values.global.imageRegistry }} -{{- $top := . }} -{{- $registryAuthMap := dict }} - -{{- range $registry, $credentials := .Values.global.imagePullCredentials }} - {{- $registryAuthDocument := dict -}} - {{- $_ := set $registryAuthDocument "username" $credentials.username }} - {{- $_ := set $registryAuthDocument "password" $credentials.password }} - {{- $authMessage := printf "%s:%s" $registryAuthDocument.username $registryAuthDocument.password | b64enc }} - {{- $_ := set $registryAuthDocument "auth" $authMessage }} - {{- if eq $registry "default" }} - {{- $registryAuthMap := set $registryAuthMap (include "stackstate-k8s-agent.imageRegistry" $top) $registryAuthDocument }} - {{ else }} - {{- $registryAuthMap := set $registryAuthMap $registry $registryAuthDocument }} - {{- end }} -{{- end }} - -{{- if .Values.all.image.pullSecretUsername }} - {{- $registryAuthDocument := dict -}} - {{- $_ := set $registryAuthDocument "username" .Values.all.image.pullSecretUsername }} - {{- $_ := set $registryAuthDocument "password" .Values.all.image.pullSecretPassword }} - {{- $authMessage := printf "%s:%s" $registryAuthDocument.username $registryAuthDocument.password | b64enc }} - {{- $_ := set $registryAuthDocument "auth" $authMessage }} - {{- $registryAuthMap := set $registryAuthMap (include "stackstate-k8s-agent.imageRegistry" $top) $registryAuthDocument }} -{{- end }} - -{{- $dockerAuthsDocuments := dict "auths" $registryAuthMap }} - -apiVersion: v1 -kind: Secret -metadata: - name: {{ include "stackstate-k8s-agent.pull-secret.name" . }} - labels: -{{ include "stackstate-k8s-agent.global.extraLabels" . | indent 4 }} - annotations: -{{ include "stackstate-k8s-agent.global.extraAnnotations" . | indent 4 }} -data: - .dockerconfigjson: {{ $dockerAuthsDocuments | toJson | b64enc | quote }} -type: kubernetes.io/dockerconfigjson diff --git a/charts/stackstate/stackstate-k8s-agent/1.0.96/templates/secret.yaml b/charts/stackstate/stackstate-k8s-agent/1.0.96/templates/secret.yaml deleted file mode 100644 index 5e0f5f74c..000000000 --- a/charts/stackstate/stackstate-k8s-agent/1.0.96/templates/secret.yaml +++ /dev/null @@ -1,27 +0,0 @@ -{{- if not .Values.stackstate.manageOwnSecrets }} -apiVersion: v1 -kind: Secret -metadata: - name: {{ include "stackstate-k8s-agent.fullname" . }} - namespace: {{ .Release.Namespace }} - labels: -{{ include "stackstate-k8s-agent.labels" . | indent 4 }} -{{ include "stackstate-k8s-agent.global.extraLabels" . | indent 4 }} - annotations: -{{ include "stackstate-k8s-agent.global.extraAnnotations" . | indent 4 }} -type: Opaque -data: -{{- if .Values.global.receiverApiKey }} - sts-api-key: {{ .Values.global.receiverApiKey | b64enc | quote }} -{{- else }} - sts-api-key: {{ .Values.stackstate.apiKey | b64enc | quote }} -{{- end }} -{{- if .Values.stackstate.cluster.authToken }} - sts-cluster-auth-token: {{ .Values.stackstate.cluster.authToken | b64enc | quote }} -{{- else }} - sts-cluster-auth-token: {{ randAlphaNum 32 | b64enc | quote }} -{{- end }} -{{- range $key, $value := .Values.global.extraEnv.secret }} - {{ $key }}: {{ $value | b64enc | quote }} -{{- end }} -{{- end }} diff --git a/charts/stackstate/stackstate-k8s-agent/1.0.96/test/clusteragent_resources_test.go b/charts/stackstate/stackstate-k8s-agent/1.0.96/test/clusteragent_resources_test.go deleted file mode 100644 index 25875e871..000000000 --- a/charts/stackstate/stackstate-k8s-agent/1.0.96/test/clusteragent_resources_test.go +++ /dev/null @@ -1,145 +0,0 @@ -package test - -import ( - "regexp" - "strings" - "testing" - - v1 "k8s.io/api/rbac/v1" - - "github.com/stretchr/testify/assert" - "gitlab.com/StackVista/DevOps/helm-charts/helmtestutil" -) - -var requiredRules = []string{ - "events+get,list,watch", - "nodes+get,list,watch", - "pods+get,list,watch", - "services+get,list,watch", - "configmaps+create,get,patch,update", -} - -var optionalRules = []string{ - "namespaces+get,list,watch", - "componentstatuses+get,list,watch", - "configmaps+list,watch", // get is already required - "endpoints+get,list,watch", - "persistentvolumeclaims+get,list,watch", - "persistentvolumes+get,list,watch", - "secrets+get,list,watch", - "apps/daemonsets+get,list,watch", - "apps/deployments+get,list,watch", - "apps/replicasets+get,list,watch", - "apps/statefulsets+get,list,watch", - "extensions/ingresses+get,list,watch", - "batch/cronjobs+get,list,watch", - "batch/jobs+get,list,watch", -} - -var roleDescriptionRegexp = regexp.MustCompile(`^((?P\w+)/)?(?P\w+)\+(?P[\w,]+)`) - -type Rule struct { - Group string - ResourceName string - Verb string -} - -func assertRuleExistence(t *testing.T, rules []v1.PolicyRule, roleDescription string, shouldBePresent bool) { - match := roleDescriptionRegexp.FindStringSubmatch(roleDescription) - assert.NotNil(t, match) - - var roleRules []Rule - for _, rule := range rules { - for _, group := range rule.APIGroups { - for _, resource := range rule.Resources { - for _, verb := range rule.Verbs { - roleRules = append(roleRules, Rule{group, resource, verb}) - } - } - } - } - - resGroup := match[roleDescriptionRegexp.SubexpIndex("group")] - resName := match[roleDescriptionRegexp.SubexpIndex("name")] - verbs := strings.Split(match[roleDescriptionRegexp.SubexpIndex("verbs")], ",") - - for _, verb := range verbs { - requiredRule := Rule{resGroup, resName, verb} - found := false - for _, rule := range roleRules { - if rule == requiredRule { - found = true - break - } - } - if shouldBePresent { - assert.Truef(t, found, "Rule %v has not been found", requiredRule) - } else { - assert.Falsef(t, found, "Rule %v should not be present", requiredRule) - } - } -} - -func TestAllResourcesAreEnabled(t *testing.T) { - output := helmtestutil.RenderHelmTemplate(t, "stackstate-k8s-agent", "values/minimal.yaml") - resources := helmtestutil.NewKubernetesResources(t, output) - - assert.Contains(t, resources.ClusterRoles, "stackstate-k8s-agent") - assert.Contains(t, resources.Roles, "stackstate-k8s-agent") - rules := resources.ClusterRoles["stackstate-k8s-agent"].Rules - rules = append(rules, resources.Roles["stackstate-k8s-agent"].Rules...) - - for _, requiredRole := range requiredRules { - assertRuleExistence(t, rules, requiredRole, true) - } - // be default, everything is enabled, so all the optional roles should be present as well - for _, optionalRule := range optionalRules { - assertRuleExistence(t, rules, optionalRule, true) - } -} - -func TestMostOfResourcesAreDisabled(t *testing.T) { - output := helmtestutil.RenderHelmTemplate(t, "stackstate-k8s-agent", "values/minimal.yaml", "values/disable-all-resource.yaml") - resources := helmtestutil.NewKubernetesResources(t, output) - - assert.Contains(t, resources.ClusterRoles, "stackstate-k8s-agent") - assert.Contains(t, resources.Roles, "stackstate-k8s-agent") - rules := resources.ClusterRoles["stackstate-k8s-agent"].Rules - rules = append(rules, resources.Roles["stackstate-k8s-agent"].Rules...) - - for _, requiredRole := range requiredRules { - assertRuleExistence(t, rules, requiredRole, true) - } - - // we expect all optional resources to be removed from ClusterRole with the given values - for _, optionalRule := range optionalRules { - assertRuleExistence(t, rules, optionalRule, false) - } -} - -func TestNoClusterWideModificationRights(t *testing.T) { - output := helmtestutil.RenderHelmTemplate(t, "stackstate-k8s-agent", "values/minimal.yaml", "values/http-header-injector.yaml") - resources := helmtestutil.NewKubernetesResources(t, output) - assert.Contains(t, resources.ClusterRoles, "stackstate-k8s-agent") - illegalVerbs := []string{"create", "patch", "update", "delete"} - - for _, clusterRole := range resources.ClusterRoles { - for _, rule := range clusterRole.Rules { - for _, verb := range rule.Verbs { - assert.NotContains(t, illegalVerbs, verb, "ClusterRole %s should not have %s verb for %s resource", clusterRole.Name, verb, rule.Resources) - } - } - } -} - -func TestServicePortChange(t *testing.T) { - output := helmtestutil.RenderHelmTemplate(t, "stackstate-k8s-agent", "values/minimal.yaml", "values/clustercheck_service_port_override.yaml") - resources := helmtestutil.NewKubernetesResources(t, output) - - cluster_agent_service := resources.Services["stackstate-k8s-agent-cluster-agent"] - - port := cluster_agent_service.Spec.Ports[0] - assert.Equal(t, port.Name, "clusteragent") - assert.Equal(t, port.Port, int32(8008)) - assert.Equal(t, port.TargetPort.IntVal, int32(9009)) -} diff --git a/charts/stackstate/stackstate-k8s-agent/1.0.96/test/clustername_test.go b/charts/stackstate/stackstate-k8s-agent/1.0.96/test/clustername_test.go deleted file mode 100644 index 55090b995..000000000 --- a/charts/stackstate/stackstate-k8s-agent/1.0.96/test/clustername_test.go +++ /dev/null @@ -1,54 +0,0 @@ -package test - -import ( - "testing" - - "github.com/gruntwork-io/terratest/modules/helm" - "github.com/stretchr/testify/assert" - - "gitlab.com/StackVista/DevOps/helm-charts/helmtestutil" -) - -func TestHelmBasicRender(t *testing.T) { - output := helmtestutil.RenderHelmTemplate(t, "stackstate-k8s-agent", "values/minimal.yaml") - - // Parse all resources into their corresponding types for validation and further inspection - helmtestutil.NewKubernetesResources(t, output) -} - -func TestClusterNameValidation(t *testing.T) { - testCases := []struct { - Name string - ClusterName string - IsValid bool - }{ - {"not allowed end with special character [.]", "name.", false}, - {"not allowed end with special character [-]", "name.", false}, - {"not allowed start with special character [-]", "-name", false}, - {"not allowed start with special character [.]", ".name", false}, - {"upper case is not allowed", "Euwest1-prod.cool-company.com", false}, - {"upper case is not allowed", "euwest1-PROD.cool-company.com", false}, - {"upper case is not allowed", "euwest1-prod.cool-company.coM", false}, - {"dots and dashes are allowed in the middle", "euwest1-prod.cool-company.com", true}, - {"underscore is not allowed", "why_7", false}, - } - - for _, testCase := range testCases { - t.Run(testCase.Name, func(t *testing.T) { - output, err := helmtestutil.RenderHelmTemplateOpts( - t, "cluster-agent", - &helm.Options{ - ValuesFiles: []string{"values/minimal.yaml"}, - SetStrValues: map[string]string{ - "stackstate.cluster.name": testCase.ClusterName, - }, - }) - if testCase.IsValid { - assert.Nil(t, err) - } else { - assert.NotNil(t, err) - assert.Contains(t, output, "stackstate.cluster.name: Does not match pattern") - } - }) - } -} diff --git a/charts/stackstate/stackstate-k8s-agent/1.0.96/test/values/clustercheck_ksm_custom_url.yaml b/charts/stackstate/stackstate-k8s-agent/1.0.96/test/values/clustercheck_ksm_custom_url.yaml deleted file mode 100644 index 57b973eed..000000000 --- a/charts/stackstate/stackstate-k8s-agent/1.0.96/test/values/clustercheck_ksm_custom_url.yaml +++ /dev/null @@ -1,7 +0,0 @@ -checksAgent: - enabled: true - kubeStateMetrics: - url: http://my-custom-ksm-url.monitoring.svc.local:8080/metrics -dependencies: - kubeStateMetrics: - enabled: true diff --git a/charts/stackstate/stackstate-k8s-agent/1.0.96/test/values/clustercheck_ksm_no_override.yaml b/charts/stackstate/stackstate-k8s-agent/1.0.96/test/values/clustercheck_ksm_no_override.yaml deleted file mode 100644 index b6c817d47..000000000 --- a/charts/stackstate/stackstate-k8s-agent/1.0.96/test/values/clustercheck_ksm_no_override.yaml +++ /dev/null @@ -1,5 +0,0 @@ -checksAgent: - enabled: true -dependencies: - kubeStateMetrics: - enabled: true diff --git a/charts/stackstate/stackstate-k8s-agent/1.0.96/test/values/clustercheck_ksm_override.yaml b/charts/stackstate/stackstate-k8s-agent/1.0.96/test/values/clustercheck_ksm_override.yaml deleted file mode 100644 index 9ca201345..000000000 --- a/charts/stackstate/stackstate-k8s-agent/1.0.96/test/values/clustercheck_ksm_override.yaml +++ /dev/null @@ -1,26 +0,0 @@ -checksAgent: - enabled: true -dependencies: - kubeStateMetrics: - enabled: true -agent: - config: - override: -# agent.config.override -- Disables kubernetes_state check on regular agent pods. - - name: auto_conf.yaml - path: /etc/stackstate-agent/conf.d/kubernetes_state.d - data: | -clusterAgent: - config: - override: -# clusterAgent.config.override -- Defines kubernetes_state check for clusterchecks agents. Auto-discovery -# with ad_identifiers does not work here. Use a specific URL instead. - - name: conf.yaml - path: /etc/stackstate-agent/conf.d/kubernetes_state.d - data: | - cluster_check: true - - init_config: - - instances: - - kube_state_url: http://YOUR_KUBE_STATE_METRICS_SERVICE_NAME:8080/metrics diff --git a/charts/stackstate/stackstate-k8s-agent/1.0.96/test/values/clustercheck_no_ksm_custom_url.yaml b/charts/stackstate/stackstate-k8s-agent/1.0.96/test/values/clustercheck_no_ksm_custom_url.yaml deleted file mode 100644 index a62691878..000000000 --- a/charts/stackstate/stackstate-k8s-agent/1.0.96/test/values/clustercheck_no_ksm_custom_url.yaml +++ /dev/null @@ -1,7 +0,0 @@ -checksAgent: - enabled: true - kubeStateMetrics: - url: http://my-custom-ksm-url.monitoring.svc.local:8080/metrics -dependencies: - kubeStateMetrics: - enabled: false diff --git a/charts/stackstate/stackstate-k8s-agent/1.0.96/test/values/clustercheck_service_port_override.yaml b/charts/stackstate/stackstate-k8s-agent/1.0.96/test/values/clustercheck_service_port_override.yaml deleted file mode 100644 index c01a98fcb..000000000 --- a/charts/stackstate/stackstate-k8s-agent/1.0.96/test/values/clustercheck_service_port_override.yaml +++ /dev/null @@ -1,4 +0,0 @@ -clusterAgent: - service: - port: 8008 - targetPort: 9009 diff --git a/charts/stackstate/stackstate-k8s-agent/1.0.96/test/values/disable-all-resource.yaml b/charts/stackstate/stackstate-k8s-agent/1.0.96/test/values/disable-all-resource.yaml deleted file mode 100644 index cd33e843e..000000000 --- a/charts/stackstate/stackstate-k8s-agent/1.0.96/test/values/disable-all-resource.yaml +++ /dev/null @@ -1,17 +0,0 @@ -clusterAgent: - collection: - kubernetesMetrics: false - kubernetesResources: - namespaces: false - configmaps: false - endpoints: false - persistentvolumes: false - persistentvolumeclaims: false - secrets: false - daemonsets: false - deployments: false - replicasets: false - statefulsets: false - ingresses: false - cronjobs: false - jobs: false diff --git a/charts/stackstate/stackstate-k8s-agent/1.0.96/test/values/http-header-injector.yaml b/charts/stackstate/stackstate-k8s-agent/1.0.96/test/values/http-header-injector.yaml deleted file mode 100644 index c9392ce2d..000000000 --- a/charts/stackstate/stackstate-k8s-agent/1.0.96/test/values/http-header-injector.yaml +++ /dev/null @@ -1,8 +0,0 @@ -httpHeaderInjectorWebhook: - webhook: - tls: - mode: "provided" - provided: - caBundle: insert-ca-here - crt: insert-cert-here - key: insert-key-here diff --git a/charts/stackstate/stackstate-k8s-agent/1.0.96/test/values/minimal.yaml b/charts/stackstate/stackstate-k8s-agent/1.0.96/test/values/minimal.yaml deleted file mode 100644 index b310c9a09..000000000 --- a/charts/stackstate/stackstate-k8s-agent/1.0.96/test/values/minimal.yaml +++ /dev/null @@ -1,7 +0,0 @@ -stackstate: - apiKey: foobar - cluster: - name: some-k8s-cluster - token: some-token - - url: https://stackstate:7000/receiver diff --git a/charts/stackstate/stackstate-k8s-agent/1.0.96/values.schema.json b/charts/stackstate/stackstate-k8s-agent/1.0.96/values.schema.json deleted file mode 100644 index 57d36a9f3..000000000 --- a/charts/stackstate/stackstate-k8s-agent/1.0.96/values.schema.json +++ /dev/null @@ -1,78 +0,0 @@ -{ - "$schema": "https://json-schema.org/draft/2019-09/schema", - "$id": "https://stackstate.io/example.json", - "type": "object", - "default": {}, - "title": "StackState Agent Helm chart values", - "required": [ - "stackstate", - "clusterAgent" - ], - "properties": { - "stackstate": { - "type": "object", - "required": [ - "cluster", - "url" - ], - "properties": { - "apiKey": { - "type": "string" - }, - "cluster": { - "type": "object", - "required": ["name"], - "properties": { - "name": { - "type": "string", - "pattern": "^[a-z0-9]([a-z0-9\\-\\.]*[a-z0-9])$" - }, - "authToken": { - "type": "string" - } - } - }, - "url": { - "type": "string" - } - } - }, - "clusterAgent": { - "type": "object", - "required": [ - "config" - ], - "properties": { - "config": { - "type": "object", - "required": [ - "events" - ], - "properties": { - "events": { - "type": "object", - "properties": { - "categories": { - "type": "object", - "patternProperties": { - ".*": { - "type": [ - "string" - ], - "enum": [ - "Alerts", - "Activities", - "Changes", - "Others" - ] - } - } - } - } - } - } - } - } - } - } -} diff --git a/charts/stackstate/stackstate-k8s-agent/1.0.96/values.yaml b/charts/stackstate/stackstate-k8s-agent/1.0.96/values.yaml deleted file mode 100644 index c58846a7c..000000000 --- a/charts/stackstate/stackstate-k8s-agent/1.0.96/values.yaml +++ /dev/null @@ -1,616 +0,0 @@ -##################### -# General variables # -##################### - -global: - extraEnv: - # global.extraEnv.open -- Extra open environment variables to inject into pods. - open: {} - # global.extraEnv.secret -- Extra secret environment variables to inject into pods via a `Secret` object. - secret: {} - # global.imagePullSecrets -- Secrets / credentials needed for container image registry. - imagePullSecrets: [] - # global.imagePullCredentials -- Globally define credentials for pulling images. - imagePullCredentials: {} - proxy: - # global.proxy.url -- Proxy for all traffic to stackstate - url: "" - # global.skipSslValidation -- Enable tls validation from client - skipSslValidation: false - - # global.extraLabels -- Extra labels added ta all resources created by the helm chart - extraLabels: {} - # global.extraAnnotations -- Extra annotations added ta all resources created by the helm chart - extraAnnotations: {} - -# nameOverride -- Override the name of the chart. -nameOverride: "" -# fullnameOverride -- Override the fullname of the chart. -fullnameOverride: "" - -# targetSystem -- Target OS for this deployment (possible values: linux) -targetSystem: "linux" - -all: - image: - # all.image.registry -- The image registry to use. - registry: "quay.io" - hardening: - # all.hardening.enabled -- An indication of whether the containers will be evaluated for hardening at runtime - enabled: false - -nodeAgent: - # nodeAgent.autoScalingEnabled -- Enable / disable autoscaling for the node agent pods. - autoScalingEnabled: false - containerRuntime: - # nodeAgent.containerRuntime.customSocketPath -- If the container socket path does not match the default for CRI-O, Containerd or Docker, supply a custom socket path. - customSocketPath: "" - # nodeAgent.containerRuntime.customHostProc -- If the container is launched from a place where /proc is mounted differently, /proc can be changed - hostProc: /proc - - scc: - # nodeAgent.scc.enabled -- Enable / disable the installation of the SecurityContextConfiguration needed for installation on OpenShift. - enabled: false - apm: - # nodeAgent.apm.enabled -- Enable / disable the nodeAgent APM module. - enabled: true - networkTracing: - # nodeAgent.networkTracing.enabled -- Enable / disable the nodeAgent network tracing module. - enabled: true - protocolInspection: - # nodeAgent.protocolInspection.enabled -- Enable / disable the nodeAgent protocol inspection. - enabled: true - httpTracing: - enabled: true - # nodeAgent.skipSslValidation -- Set to true if self signed certificates are used. - skipSslValidation: false - # nodeAgent.skipKubeletTLSVerify -- Set to true if you want to skip kubelet tls verification. - skipKubeletTLSVerify: false - - # nodeAgent.checksTagCardinality -- low, orchestrator or high. Orchestrator level adds pod_name, high adds display_container_name - checksTagCardinality: orchestrator - - # nodeAgent.config -- - config: - # nodeAgent.config.override -- A list of objects containing three keys `name`, `path` and `data`, specifying filenames at specific paths which need to be (potentially) overridden using a mounted configmap - override: [] - - # nodeAgent.priorityClassName -- Priority class for nodeAgent pods. - priorityClassName: "" - - scaling: - autoscalerLimits: - agent: - minimum: - # nodeAgent.scaling.autoscalerLimits.agent.minimum.cpu -- Minimum CPU resource limits for main agent. - cpu: "20m" - # nodeAgent.scaling.autoscalerLimits.agent.minimum.memory -- Minimum memory resource limits for main agent. - memory: "180Mi" - maximum: - # nodeAgent.scaling.autoscalerLimits.agent.maximum.cpu -- Maximum CPU resource limits for main agent. - cpu: "200m" - # nodeAgent.scaling.autoscalerLimits.agent.maximum.memory -- Maximum memory resource limits for main agent. - memory: "450Mi" - processAgent: - minimum: - # nodeAgent.scaling.autoscalerLimits.processAgent.minimum.cpu -- Minimum CPU resource limits for process agent. - cpu: "25m" - # nodeAgent.scaling.autoscalerLimits.processAgent.minimum.memory -- Minimum memory resource limits for process agent. - memory: "100Mi" - maximum: - # nodeAgent.scaling.autoscalerLimits.processAgent.maximum.cpu -- Maximum CPU resource limits for process agent. - cpu: "200m" - # nodeAgent.scaling.autoscalerLimits.processAgent.maximum.memory -- Maximum memory resource limits for process agent. - memory: "500Mi" - - containers: - agent: - image: - # nodeAgent.containers.agent.image.repository -- Base container image repository. - repository: stackstate/stackstate-k8s-agent - # nodeAgent.containers.agent.image.tag -- Default container image tag. - tag: "c4caacef" - # nodeAgent.containers.agent.image.pullPolicy -- Default container image pull policy. - pullPolicy: IfNotPresent - processAgent: - # nodeAgent.containers.agent.processAgent.enabled -- Enable / disable the agent process agent module. - deprecated - enabled: false - # nodeAgent.containers.agent.env -- Additional environment variables for the agent container - env: {} - # nodeAgent.containers.agent.logLevel -- Set logging verbosity, valid log levels are: trace, debug, info, warn, error, critical, and off - ## If not set, fall back to the value of agent.logLevel. - logLevel: # INFO - - resources: - limits: - # nodeAgent.containers.agent.resources.limits.cpu -- CPU resource limits. - cpu: "270m" - # nodeAgent.containers.agent.resources.limits.memory -- Memory resource limits. - memory: "420Mi" - requests: - # nodeAgent.containers.agent.resources.requests.cpu -- CPU resource requests. - cpu: "20m" - # nodeAgent.containers.agent.resources.requests.memory -- Memory resource requests. - memory: "180Mi" - livenessProbe: - # nodeAgent.containers.agent.livenessProbe.enabled -- Enable use of livenessProbe check. - enabled: true - # nodeAgent.containers.agent.livenessProbe.failureThreshold -- `failureThreshold` for the liveness probe. - failureThreshold: 3 - # nodeAgent.containers.agent.livenessProbe.initialDelaySeconds -- `initialDelaySeconds` for the liveness probe. - initialDelaySeconds: 15 - # nodeAgent.containers.agent.livenessProbe.periodSeconds -- `periodSeconds` for the liveness probe. - periodSeconds: 15 - # nodeAgent.containers.agent.livenessProbe.successThreshold -- `successThreshold` for the liveness probe. - successThreshold: 1 - # nodeAgent.containers.agent.livenessProbe.timeoutSeconds -- `timeoutSeconds` for the liveness probe. - timeoutSeconds: 5 - readinessProbe: - # nodeAgent.containers.agent.readinessProbe.enabled -- Enable use of readinessProbe check. - enabled: true - # nodeAgent.containers.agent.readinessProbe.failureThreshold -- `failureThreshold` for the readiness probe. - failureThreshold: 3 - # nodeAgent.containers.agent.readinessProbe.initialDelaySeconds -- `initialDelaySeconds` for the readiness probe. - initialDelaySeconds: 15 - # nodeAgent.containers.agent.readinessProbe.periodSeconds -- `periodSeconds` for the readiness probe. - periodSeconds: 15 - # nodeAgent.containers.agent.readinessProbe.successThreshold -- `successThreshold` for the readiness probe. - successThreshold: 1 - # nodeAgent.containers.agent.readinessProbe.timeoutSeconds -- `timeoutSeconds` for the readiness probe. - timeoutSeconds: 5 - - processAgent: - # nodeAgent.containers.processAgent.enabled -- Enable / disable the process agent container. - enabled: true - image: - # Override to pull the image from an alternate registry - registry: - # nodeAgent.containers.processAgent.image.repository -- Process-agent container image repository. - repository: stackstate/stackstate-k8s-process-agent - # nodeAgent.containers.processAgent.image.tag -- Default process-agent container image tag. - tag: "cae7a4fa" - # nodeAgent.containers.processAgent.image.pullPolicy -- Process-agent container image pull policy. - pullPolicy: IfNotPresent - # nodeAgent.containers.processAgent.env -- Additional environment variables for the process-agent container - env: {} - # nodeAgent.containers.processAgent.logLevel -- Set logging verbosity, valid log levels are: trace, debug, info, warn, error, critical, and off - ## If not set, fall back to the value of agent.logLevel. - logLevel: # INFO - - # nodeAgent.containers.processAgent.procVolumeReadOnly -- Configure whether /host/proc is read only for the process agent container - procVolumeReadOnly: true - - resources: - limits: - # nodeAgent.containers.processAgent.resources.limits.cpu -- CPU resource limits. - cpu: "125m" - # nodeAgent.containers.processAgent.resources.limits.memory -- Memory resource limits. - memory: "400Mi" - requests: - # nodeAgent.containers.processAgent.resources.requests.cpu -- CPU resource requests. - cpu: "25m" - # nodeAgent.containers.processAgent.resources.requests.memory -- Memory resource requests. - memory: "128Mi" - # nodeAgent.service -- The Kubernetes service for the agent - service: - # nodeAgent.service.type -- Type of Kubernetes service: ClusterIP, LoadBalancer, NodePort - type: ClusterIP - # nodeAgent.service.annotations -- Annotations for the service - annotations: {} - # nodeAgent.service.loadBalancerSourceRanges -- The IP4 CIDR allowed to reach LoadBalancer for the service. For LoadBalancer type of service only. - loadBalancerSourceRanges: ["10.0.0.0/8"] - - # nodeAgent.logLevel -- Logging level for agent processes. - logLevel: INFO - - # nodeAgent.updateStrategy -- The update strategy for the DaemonSet object. - updateStrategy: - type: RollingUpdate - rollingUpdate: - maxUnavailable: 100 - - # nodeAgent.nodeSelector -- Node labels for pod assignment. - nodeSelector: {} - - # nodeAgent.tolerations -- Toleration labels for pod assignment. - tolerations: [] - - # nodeAgent.affinity -- Affinity settings for pod assignment. - affinity: {} - - serviceaccount: - # nodeAgent.serviceaccount.annotations -- Annotations for the service account for the agent daemonset pods - annotations: {} - -processAgent: - softMemoryLimit: - # processAgent.softMemoryLimit.goMemLimit -- Soft-limit for golang heap allocation, for sanity, must be around 85% of nodeAgent.containers.processAgent.resources.limits.cpu. - goMemLimit: 340MiB - # processAgent.softMemoryLimit.httpStatsBufferSize -- Sets a maximum for the number of http stats to keep in memory between check runs, to use 40k requires around ~400Mib of memory. - httpStatsBufferSize: 40000 - # processAgent.softMemoryLimit.httpObservationsBufferSize -- Sets a maximum for the number of http observations to keep in memory between check runs, to use 40k requires around ~400Mib of memory. - httpObservationsBufferSize: 40000 - - checkIntervals: - # processAgent.checkIntervals.container -- Override the default value of the container check interval in seconds. - container: 28 - # processAgent.checkIntervals.connections -- Override the default value of the connections check interval in seconds. - connections: 30 - # processAgent.checkIntervals.process -- Override the default value of the process check interval in seconds. - process: 32 - -clusterAgent: - collection: - # clusterAgent.collection.kubernetesEvents -- Enable / disable the cluster agent events collection. - kubernetesEvents: true - # clusterAgent.collection.kubernetesMetrics -- Enable / disable the cluster agent metrics collection. - kubernetesMetrics: true - # clusterAgent.collection.kubernetesTimeout -- Default timeout (in seconds) when obtaining information from the Kubernetes API. - kubernetesTimeout: 10 - # clusterAgent.collection.kubernetesTopology -- Enable / disable the cluster agent topology collection. - kubernetesTopology: true - kubeStateMetrics: - # clusterAgent.collection.kubeStateMetrics.enabled -- Enable / disable the cluster agent kube-state-metrics collection. - enabled: true - # clusterAgent.collection.kubeStateMetrics.clusterCheck -- For large clusters where the Kubernetes State Metrics Check Core needs to be distributed on dedicated workers. - clusterCheck: false - # clusterAgent.collection.kubeStateMetrics.labelsAsTags -- Extra labels to collect from resources and to turn into StackState tag. - ## It has the following structure: - ## labelsAsTags: - ## : # can be pod, deployment, node, etc. - ## : # where is the kubernetes label and is the StackState tag - ## : - ## : - ## : - ## - ## Warning: the label must match the transformation done by kube-state-metrics, - ## for example tags.stackstate/version becomes tags_stackstate_version. - labelsAsTags: {} - # pod: - # app: app - # node: - # zone: zone - # team: team - - # clusterAgent.collection.kubeStateMetrics.annotationsAsTags -- Extra annotations to collect from resources and to turn into StackState tag. - - ## It has the following structure: - ## annotationsAsTags: - ## : # can be pod, deployment, node, etc. - ## : # where is the kubernetes annotation and is the StackState tag - ## : - ## : - ## : - ## - ## Warning: the annotation must match the transformation done by kube-state-metrics, - ## for example tags.stackstate/version becomes tags_stackstate_version. - annotationsAsTags: {} - kubernetesResources: - # clusterAgent.collection.kubernetesResources.limitranges -- Enable / disable collection of LimitRanges. - limitranges: true - # clusterAgent.collection.kubernetesResources.horizontalpodautoscalers -- Enable / disable collection of HorizontalPodAutoscalers. - horizontalpodautoscalers: true - # clusterAgent.collection.kubernetesResources.replicationcontrollers -- Enable / disable collection of ReplicationControllers. - replicationcontrollers: true - # clusterAgent.collection.kubernetesResources.poddisruptionbudgets -- Enable / disable collection of PodDisruptionBudgets. - poddisruptionbudgets: true - # clusterAgent.collection.kubernetesResources.storageclasses -- Enable / disable collection of StorageClasses. - storageclasses: true - # clusterAgent.collection.kubernetesResources.volumeattachments -- Enable / disable collection of Volume Attachments. Used to bind Nodes to Persistent Volumes. - volumeattachments: true - # clusterAgent.collection.kubernetesResources.namespaces -- Enable / disable collection of Namespaces. - namespaces: true - # clusterAgent.collection.kubernetesResources.configmaps -- Enable / disable collection of ConfigMaps. - configmaps: true - # clusterAgent.collection.kubernetesResources.endpoints -- Enable / disable collection of Endpoints. If endpoints are disabled then StackState won't be able to connect a Service to Pods that serving it - endpoints: true - # clusterAgent.collection.kubernetesResources.persistentvolumes -- Enable / disable collection of PersistentVolumes. - persistentvolumes: true - # clusterAgent.collection.kubernetesResources.persistentvolumeclaims -- Enable / disable collection of PersistentVolumeClaims. Disabling these will not let StackState connect PersistentVolumes to pods they are attached to - persistentvolumeclaims: true - # clusterAgent.collection.kubernetesResources.secrets -- Enable / disable collection of Secrets. - secrets: true - # clusterAgent.collection.kubernetesResources.daemonsets -- Enable / disable collection of DaemonSets. - daemonsets: true - # clusterAgent.collection.kubernetesResources.deployments -- Enable / disable collection of Deployments. - deployments: true - # clusterAgent.collection.kubernetesResources.replicasets -- Enable / disable collection of ReplicaSets. - replicasets: true - # clusterAgent.collection.kubernetesResources.statefulsets -- Enable / disable collection of StatefulSets. - statefulsets: true - # clusterAgent.collection.kubernetesResources.ingresses -- Enable / disable collection of Ingresses. - ingresses: true - # clusterAgent.collection.kubernetesResources.cronjobs -- Enable / disable collection of CronJobs. - cronjobs: true - # clusterAgent.collection.kubernetesResources.jobs -- Enable / disable collection of Jobs. - jobs: true - # clusterAgent.collection.kubernetesResources.resourcequotas -- Enable / disable collection of ResourceQuotas. - resourcequotas: true - - # clusterAgent.config -- - config: - events: - # clusterAgent.config.events.categories -- Custom mapping from Kubernetes event reason to StackState event category. Categories allowed: Alerts, Activities, Changes, Others - categories: {} - topology: - # clusterAgent.config.topology.collectionInterval -- Interval for running topology collection, in seconds - collectionInterval: 90 - configMap: - # clusterAgent.config.configMap.maxDataSize -- Maximum amount of characters for the data property of a ConfigMap collected by the kubernetes topology check - maxDataSize: - # clusterAgent.config.override -- A list of objects containing three keys `name`, `path` and `data`, specifying filenames at specific paths which need to be (potentially) overridden using a mounted configmap - override: [] - - service: - # clusterAgent.service.port -- Change the Cluster Agent service port - port: 5005 - # clusterAgent.service.targetPort -- Change the Cluster Agent service targetPort - targetPort: 5005 - - # clusterAgent.enabled -- Enable / disable the cluster agent. - enabled: true - - # clusterAgent.skipSslValidation -- If true, ignores the server certificate being signed by an unknown authority. - skipSslValidation: false - - image: - # clusterAgent.image.repository -- Base container image repository. - repository: stackstate/stackstate-k8s-cluster-agent - # clusterAgent.image.tag -- Default container image tag. - tag: "c4caacef" - # clusterAgent.image.pullPolicy -- Default container image pull policy. - pullPolicy: IfNotPresent - - livenessProbe: - # clusterAgent.livenessProbe.enabled -- Enable use of livenessProbe check. - enabled: true - # clusterAgent.livenessProbe.failureThreshold -- `failureThreshold` for the liveness probe. - failureThreshold: 3 - # clusterAgent.livenessProbe.initialDelaySeconds -- `initialDelaySeconds` for the liveness probe. - initialDelaySeconds: 15 - # clusterAgent.livenessProbe.periodSeconds -- `periodSeconds` for the liveness probe. - periodSeconds: 15 - # clusterAgent.livenessProbe.successThreshold -- `successThreshold` for the liveness probe. - successThreshold: 1 - # clusterAgent.livenessProbe.timeoutSeconds -- `timeoutSeconds` for the liveness probe. - timeoutSeconds: 5 - - # clusterAgent.logLevel -- Logging level for stackstate-k8s-agent processes. - logLevel: INFO - - # clusterAgent.priorityClassName -- Priority class for stackstate-k8s-agent pods. - priorityClassName: "" - - readinessProbe: - # clusterAgent.readinessProbe.enabled -- Enable use of readinessProbe check. - enabled: true - # clusterAgent.readinessProbe.failureThreshold -- `failureThreshold` for the readiness probe. - failureThreshold: 3 - # clusterAgent.readinessProbe.initialDelaySeconds -- `initialDelaySeconds` for the readiness probe. - initialDelaySeconds: 15 - # clusterAgent.readinessProbe.periodSeconds -- `periodSeconds` for the readiness probe. - periodSeconds: 15 - # clusterAgent.readinessProbe.successThreshold -- `successThreshold` for the readiness probe. - successThreshold: 1 - # clusterAgent.readinessProbe.timeoutSeconds -- `timeoutSeconds` for the readiness probe. - timeoutSeconds: 5 - - # clusterAgent.replicaCount -- Number of replicas of the cluster agent to deploy. - replicaCount: 1 - - serviceaccount: - # clusterAgent.serviceaccount.annotations -- Annotations for the service account for the cluster agent pods - annotations: {} - - # clusterAgent.strategy -- The strategy for the Deployment object. - strategy: - type: RollingUpdate - # rollingUpdate: - # maxUnavailable: 1 - - resources: - limits: - # clusterAgent.resources.limits.cpu -- CPU resource limits. - cpu: "400m" - # clusterAgent.resources.limits.memory -- Memory resource limits. - memory: "800Mi" - requests: - # clusterAgent.resources.requests.cpu -- CPU resource requests. - cpu: "70m" - # clusterAgent.resources.requests.memory -- Memory resource requests. - memory: "512Mi" - - # clusterAgent.nodeSelector -- Node labels for pod assignment. - nodeSelector: {} - - # clusterAgent.tolerations -- Toleration labels for pod assignment. - tolerations: [] - - # clusterAgent.affinity -- Affinity settings for pod assignment. - affinity: {} - -openShiftLogging: - # openShiftLogging.installSecret -- Install a secret for logging on openshift - installSecret: false - -logsAgent: - # logsAgent.enabled -- Enable / disable k8s pod log collection - enabled: true - - # logsAgent.skipSslValidation -- If true, ignores the server certificate being signed by an unknown authority. - skipSslValidation: false - - # logsAgent.priorityClassName -- Priority class for logsAgent pods. - priorityClassName: "" - - image: - # logsAgent.image.repository -- Base container image repository. - repository: stackstate/promtail - # logsAgent.image.tag -- Default container image tag. - tag: 2.9.8-5b179aee - # logsAgent.image.pullPolicy -- Default container image pull policy. - pullPolicy: IfNotPresent - - resources: - limits: - # logsAgent.resources.limits.cpu -- CPU resource limits. - cpu: "1300m" - # logsAgent.resources.limits.memory -- Memory resource limits. - memory: "192Mi" - requests: - # logsAgent.resources.requests.cpu -- CPU resource requests. - cpu: "20m" - # logsAgent.resources.requests.memory -- Memory resource requests. - memory: "100Mi" - - # logsAgent.updateStrategy -- The update strategy for the DaemonSet object. - updateStrategy: - type: RollingUpdate - rollingUpdate: - maxUnavailable: 100 - - # logsAgent.nodeSelector -- Node labels for pod assignment. - nodeSelector: {} - - # logsAgent.tolerations -- Toleration labels for pod assignment. - tolerations: [] - - # logsAgent.affinity -- Affinity settings for pod assignment. - affinity: {} - - serviceaccount: - # logsAgent.serviceaccount.annotations -- Annotations for the service account for the daemonset pods - annotations: {} - -checksAgent: - # checksAgent.enabled -- Enable / disable runnning cluster checks in a separately deployed pod - enabled: true - scc: - # checksAgent.scc.enabled -- Enable / disable the installation of the SecurityContextConfiguration needed for installation on OpenShift - enabled: false - apm: - # checksAgent.apm.enabled -- Enable / disable the agent APM module. - enabled: true - networkTracing: - # checksAgent.networkTracing.enabled -- Enable / disable the agent network tracing module. - enabled: true - processAgent: - # checksAgent.processAgent.enabled -- Enable / disable the agent process agent module. - enabled: true - # checksAgent.skipSslValidation -- Set to true if self signed certificates are used. - skipSslValidation: false - - # nodeAgent.checksTagCardinality -- low, orchestrator or high. Orchestrator level adds pod_name, high adds display_container_name - checksTagCardinality: orchestrator - - # checksAgent.config -- - config: - # checksAgent.config.override -- A list of objects containing three keys `name`, `path` and `data`, specifying filenames at specific paths which need to be (potentially) overridden using a mounted configmap - override: [] - - image: - # checksAgent.image.repository -- Base container image repository. - repository: stackstate/stackstate-k8s-agent - # checksAgent.image.tag -- Default container image tag. - tag: "c4caacef" - # checksAgent.image.pullPolicy -- Default container image pull policy. - pullPolicy: IfNotPresent - - livenessProbe: - # checksAgent.livenessProbe.enabled -- Enable use of livenessProbe check. - enabled: true - # checksAgent.livenessProbe.failureThreshold -- `failureThreshold` for the liveness probe. - failureThreshold: 3 - # checksAgent.livenessProbe.initialDelaySeconds -- `initialDelaySeconds` for the liveness probe. - initialDelaySeconds: 15 - # checksAgent.livenessProbe.periodSeconds -- `periodSeconds` for the liveness probe. - periodSeconds: 15 - # checksAgent.livenessProbe.successThreshold -- `successThreshold` for the liveness probe. - successThreshold: 1 - # checksAgent.livenessProbe.timeoutSeconds -- `timeoutSeconds` for the liveness probe. - timeoutSeconds: 5 - - # checksAgent.logLevel -- Logging level for clusterchecks agent processes. - logLevel: INFO - - # checksAgent.priorityClassName -- Priority class for clusterchecks agent pods. - priorityClassName: "" - - readinessProbe: - # checksAgent.readinessProbe.enabled -- Enable use of readinessProbe check. - enabled: true - # checksAgent.readinessProbe.failureThreshold -- `failureThreshold` for the readiness probe. - failureThreshold: 3 - # checksAgent.readinessProbe.initialDelaySeconds -- `initialDelaySeconds` for the readiness probe. - initialDelaySeconds: 15 - # checksAgent.readinessProbe.periodSeconds -- `periodSeconds` for the readiness probe. - periodSeconds: 15 - # checksAgent.readinessProbe.successThreshold -- `successThreshold` for the readiness probe. - successThreshold: 1 - # checksAgent.readinessProbe.timeoutSeconds -- `timeoutSeconds` for the readiness probe. - timeoutSeconds: 5 - - # checksAgent.replicas -- Number of clusterchecks agent pods to schedule - replicas: 1 - - resources: - limits: - # checksAgent.resources.limits.cpu -- CPU resource limits. - cpu: "400m" - # checksAgent.resources.limits.memory -- Memory resource limits. - memory: "600Mi" - requests: - # checksAgent.resources.requests.cpu -- CPU resource requests. - cpu: "20m" - # checksAgent.resources.requests.memory -- Memory resource requests. - memory: "512Mi" - - serviceaccount: - # checksAgent.serviceaccount.annotations -- Annotations for the service account for the cluster checks pods - annotations: {} - - # checksAgent.strategy -- The strategy for the Deployment object. - strategy: - type: RollingUpdate - # rollingUpdate: - # maxUnavailable: 1 - - # checksAgent.nodeSelector -- Node labels for pod assignment. - nodeSelector: {} - - # checksAgent.tolerations -- Toleration labels for pod assignment. - tolerations: [] - - # checksAgent.affinity -- Affinity settings for pod assignment. - affinity: {} - -################################## -# http-header-injector variables # -################################## - -httpHeaderInjectorWebhook: - # httpHeaderInjectorWebhook.enabled -- Enable the webhook for injection http header injection sidecar proxy - enabled: false - -######################## -# StackState variables # -######################## - -stackstate: - # stackstate.manageOwnSecrets -- Set to true if you don't want this helm chart to create secrets for you. - manageOwnSecrets: false - # stackstate.customSecretName -- Name of the secret containing the receiver API key. - customSecretName: "" - # stackstate.customApiKeySecretKey -- Key in the secret containing the receiver API key. - customApiKeySecretKey: "sts-api-key" - # stackstate.customClusterAuthTokenSecretKey -- Key in the secret containing the cluster auth token. - customClusterAuthTokenSecretKey: "sts-cluster-auth-token" - # stackstate.apiKey -- (string) **PROVIDE YOUR API KEY HERE** API key to be used by the StackState agent. - apiKey: - cluster: - # stackstate.cluster.name -- (string) **PROVIDE KUBERNETES CLUSTER NAME HERE** Name of the Kubernetes cluster where the agent will be installed. - name: - # stackstate.cluster.authToken -- Provide a token to enable secure communication between the agent and the cluster agent. - authToken: "" - # stackstate.url -- (string) **PROVIDE STACKSTATE URL HERE** URL of the StackState installation to receive data from the agent. - url: diff --git a/charts/stackstate/stackstate-k8s-agent/1.0.98/.helmignore b/charts/stackstate/stackstate-k8s-agent/1.0.98/.helmignore deleted file mode 100644 index 15a5c1277..000000000 --- a/charts/stackstate/stackstate-k8s-agent/1.0.98/.helmignore +++ /dev/null @@ -1,26 +0,0 @@ -# Patterns to ignore when building packages. -# This supports shell glob matching, relative path matching, and -# negation (prefixed with !). Only one pattern per line. -.DS_Store -# Common VCS dirs -.git/ -.gitignore -.bzr/ -.bzrignore -.hg/ -.hgignore -.svn/ -# Common backup files -*.swp -*.bak -*.tmp -*~ -# Various IDEs -.project -.idea/ -*.tmproj -.vscode/ -linter_values.yaml -ci/ -installation/ -logo.svg diff --git a/charts/stackstate/stackstate-k8s-agent/1.0.98/Chart.lock b/charts/stackstate/stackstate-k8s-agent/1.0.98/Chart.lock deleted file mode 100644 index a8df83f13..000000000 --- a/charts/stackstate/stackstate-k8s-agent/1.0.98/Chart.lock +++ /dev/null @@ -1,6 +0,0 @@ -dependencies: -- name: http-header-injector - repository: https://helm.stackstate.io - version: 0.0.11 -digest: sha256:ae5ad7c3176f89b71aabef7cd75f99394750f4fffb9905b86fb45c345595c24c -generated: "2024-05-30T13:30:45.346757+02:00" diff --git a/charts/stackstate/stackstate-k8s-agent/1.0.98/Chart.yaml b/charts/stackstate/stackstate-k8s-agent/1.0.98/Chart.yaml deleted file mode 100644 index e515835f5..000000000 --- a/charts/stackstate/stackstate-k8s-agent/1.0.98/Chart.yaml +++ /dev/null @@ -1,26 +0,0 @@ -annotations: - catalog.cattle.io/certified: partner - catalog.cattle.io/display-name: StackState Agent - catalog.cattle.io/kube-version: '>=1.19.0-0' - catalog.cattle.io/release-name: stackstate-k8s-agent -apiVersion: v2 -appVersion: 3.0.0 -dependencies: -- alias: httpHeaderInjectorWebhook - name: http-header-injector - repository: https://helm.stackstate.io - version: 0.0.11 -deprecated: true -description: Helm chart for the StackState Agent. -home: https://github.com/StackVista/stackstate-agent -icon: file://assets/icons/stackstate-k8s-agent.svg -keywords: -- monitoring -- observability -- stackstate -kubeVersion: '>=1.19.0-0' -maintainers: -- email: ops@stackstate.com - name: Stackstate -name: stackstate-k8s-agent -version: 1.0.98 diff --git a/charts/stackstate/stackstate-k8s-agent/1.0.98/README.md b/charts/stackstate/stackstate-k8s-agent/1.0.98/README.md deleted file mode 100644 index a8d662035..000000000 --- a/charts/stackstate/stackstate-k8s-agent/1.0.98/README.md +++ /dev/null @@ -1,263 +0,0 @@ -# stackstate-k8s-agent - -Helm chart for the StackState Agent. - -Current chart version is `1.0.98` - -**Homepage:** - -## Requirements - -| Repository | Name | Version | -|------------|------|---------| -| https://helm.stackstate.io | httpHeaderInjectorWebhook(http-header-injector) | 0.0.11 | - -## Required Values - -In order to successfully install this chart, you **must** provide the following variables: - -* `stackstate.apiKey` -* `stackstate.cluster.name` -* `stackstate.url` - -The parameter `stackstate.cluster.name` is entered when installing the Cluster Agent StackPack. - -Install them on the command line on Helm with the following command: - -```shell -helm install \ ---set-string 'stackstate.apiKey'='' \ ---set-string 'stackstate.cluster.name'='' \ ---set-string 'stackstate.url'='' \ -stackstate/stackstate-k8s-agent -``` - -## Recommended Values - -It is also recommended that you set a value for `stackstate.cluster.authToken`. If it is not provided, a value will be generated for you, but the value will change each time an upgrade is performed. - -The command for **also** installing with a set token would be: - -```shell -helm install \ ---set-string 'stackstate.apiKey'='' \ ---set-string 'stackstate.cluster.name'='' \ ---set-string 'stackstate.cluster.authToken'='' \ ---set-string 'stackstate.url'='' \ -stackstate/stackstate-k8s-agent -``` - -## Values - -| Key | Type | Default | Description | -|-----|------|---------|-------------| -| all.hardening.enabled | bool | `false` | An indication of whether the containers will be evaluated for hardening at runtime | -| all.image.registry | string | `"quay.io"` | The image registry to use. | -| checksAgent.affinity | object | `{}` | Affinity settings for pod assignment. | -| checksAgent.apm.enabled | bool | `true` | Enable / disable the agent APM module. | -| checksAgent.checksTagCardinality | string | `"orchestrator"` | | -| checksAgent.config | object | `{"override":[]}` | | -| checksAgent.config.override | list | `[]` | A list of objects containing three keys `name`, `path` and `data`, specifying filenames at specific paths which need to be (potentially) overridden using a mounted configmap | -| checksAgent.enabled | bool | `true` | Enable / disable runnning cluster checks in a separately deployed pod | -| checksAgent.image.pullPolicy | string | `"IfNotPresent"` | Default container image pull policy. | -| checksAgent.image.repository | string | `"stackstate/stackstate-k8s-agent"` | Base container image repository. | -| checksAgent.image.tag | string | `"c4caacef"` | Default container image tag. | -| checksAgent.livenessProbe.enabled | bool | `true` | Enable use of livenessProbe check. | -| checksAgent.livenessProbe.failureThreshold | int | `3` | `failureThreshold` for the liveness probe. | -| checksAgent.livenessProbe.initialDelaySeconds | int | `15` | `initialDelaySeconds` for the liveness probe. | -| checksAgent.livenessProbe.periodSeconds | int | `15` | `periodSeconds` for the liveness probe. | -| checksAgent.livenessProbe.successThreshold | int | `1` | `successThreshold` for the liveness probe. | -| checksAgent.livenessProbe.timeoutSeconds | int | `5` | `timeoutSeconds` for the liveness probe. | -| checksAgent.logLevel | string | `"INFO"` | Logging level for clusterchecks agent processes. | -| checksAgent.networkTracing.enabled | bool | `true` | Enable / disable the agent network tracing module. | -| checksAgent.nodeSelector | object | `{}` | Node labels for pod assignment. | -| checksAgent.priorityClassName | string | `""` | Priority class for clusterchecks agent pods. | -| checksAgent.processAgent.enabled | bool | `true` | Enable / disable the agent process agent module. | -| checksAgent.readinessProbe.enabled | bool | `true` | Enable use of readinessProbe check. | -| checksAgent.readinessProbe.failureThreshold | int | `3` | `failureThreshold` for the readiness probe. | -| checksAgent.readinessProbe.initialDelaySeconds | int | `15` | `initialDelaySeconds` for the readiness probe. | -| checksAgent.readinessProbe.periodSeconds | int | `15` | `periodSeconds` for the readiness probe. | -| checksAgent.readinessProbe.successThreshold | int | `1` | `successThreshold` for the readiness probe. | -| checksAgent.readinessProbe.timeoutSeconds | int | `5` | `timeoutSeconds` for the readiness probe. | -| checksAgent.replicas | int | `1` | Number of clusterchecks agent pods to schedule | -| checksAgent.resources.limits.cpu | string | `"400m"` | CPU resource limits. | -| checksAgent.resources.limits.memory | string | `"600Mi"` | Memory resource limits. | -| checksAgent.resources.requests.cpu | string | `"20m"` | CPU resource requests. | -| checksAgent.resources.requests.memory | string | `"512Mi"` | Memory resource requests. | -| checksAgent.scc.enabled | bool | `false` | Enable / disable the installation of the SecurityContextConfiguration needed for installation on OpenShift | -| checksAgent.serviceaccount.annotations | object | `{}` | Annotations for the service account for the cluster checks pods | -| checksAgent.skipSslValidation | bool | `false` | Set to true if self signed certificates are used. | -| checksAgent.strategy | object | `{"type":"RollingUpdate"}` | The strategy for the Deployment object. | -| checksAgent.tolerations | list | `[]` | Toleration labels for pod assignment. | -| clusterAgent.affinity | object | `{}` | Affinity settings for pod assignment. | -| clusterAgent.collection.kubeStateMetrics.annotationsAsTags | object | `{}` | Extra annotations to collect from resources and to turn into StackState tag. | -| clusterAgent.collection.kubeStateMetrics.clusterCheck | bool | `false` | For large clusters where the Kubernetes State Metrics Check Core needs to be distributed on dedicated workers. | -| clusterAgent.collection.kubeStateMetrics.enabled | bool | `true` | Enable / disable the cluster agent kube-state-metrics collection. | -| clusterAgent.collection.kubeStateMetrics.labelsAsTags | object | `{}` | Extra labels to collect from resources and to turn into StackState tag. # It has the following structure: # labelsAsTags: # : # can be pod, deployment, node, etc. # : # where is the kubernetes label and is the StackState tag # : # : # : # # Warning: the label must match the transformation done by kube-state-metrics, # for example tags.stackstate/version becomes tags_stackstate_version. | -| clusterAgent.collection.kubernetesEvents | bool | `true` | Enable / disable the cluster agent events collection. | -| clusterAgent.collection.kubernetesMetrics | bool | `true` | Enable / disable the cluster agent metrics collection. | -| clusterAgent.collection.kubernetesResources.configmaps | bool | `true` | Enable / disable collection of ConfigMaps. | -| clusterAgent.collection.kubernetesResources.cronjobs | bool | `true` | Enable / disable collection of CronJobs. | -| clusterAgent.collection.kubernetesResources.daemonsets | bool | `true` | Enable / disable collection of DaemonSets. | -| clusterAgent.collection.kubernetesResources.deployments | bool | `true` | Enable / disable collection of Deployments. | -| clusterAgent.collection.kubernetesResources.endpoints | bool | `true` | Enable / disable collection of Endpoints. If endpoints are disabled then StackState won't be able to connect a Service to Pods that serving it | -| clusterAgent.collection.kubernetesResources.horizontalpodautoscalers | bool | `true` | Enable / disable collection of HorizontalPodAutoscalers. | -| clusterAgent.collection.kubernetesResources.ingresses | bool | `true` | Enable / disable collection of Ingresses. | -| clusterAgent.collection.kubernetesResources.jobs | bool | `true` | Enable / disable collection of Jobs. | -| clusterAgent.collection.kubernetesResources.limitranges | bool | `true` | Enable / disable collection of LimitRanges. | -| clusterAgent.collection.kubernetesResources.namespaces | bool | `true` | Enable / disable collection of Namespaces. | -| clusterAgent.collection.kubernetesResources.persistentvolumeclaims | bool | `true` | Enable / disable collection of PersistentVolumeClaims. Disabling these will not let StackState connect PersistentVolumes to pods they are attached to | -| clusterAgent.collection.kubernetesResources.persistentvolumes | bool | `true` | Enable / disable collection of PersistentVolumes. | -| clusterAgent.collection.kubernetesResources.poddisruptionbudgets | bool | `true` | Enable / disable collection of PodDisruptionBudgets. | -| clusterAgent.collection.kubernetesResources.replicasets | bool | `true` | Enable / disable collection of ReplicaSets. | -| clusterAgent.collection.kubernetesResources.replicationcontrollers | bool | `true` | Enable / disable collection of ReplicationControllers. | -| clusterAgent.collection.kubernetesResources.resourcequotas | bool | `true` | Enable / disable collection of ResourceQuotas. | -| clusterAgent.collection.kubernetesResources.secrets | bool | `true` | Enable / disable collection of Secrets. | -| clusterAgent.collection.kubernetesResources.statefulsets | bool | `true` | Enable / disable collection of StatefulSets. | -| clusterAgent.collection.kubernetesResources.storageclasses | bool | `true` | Enable / disable collection of StorageClasses. | -| clusterAgent.collection.kubernetesResources.volumeattachments | bool | `true` | Enable / disable collection of Volume Attachments. Used to bind Nodes to Persistent Volumes. | -| clusterAgent.collection.kubernetesTimeout | int | `10` | Default timeout (in seconds) when obtaining information from the Kubernetes API. | -| clusterAgent.collection.kubernetesTopology | bool | `true` | Enable / disable the cluster agent topology collection. | -| clusterAgent.config | object | `{"configMap":{"maxDataSize":null},"events":{"categories":{}},"override":[],"topology":{"collectionInterval":90}}` | | -| clusterAgent.config.configMap.maxDataSize | string | `nil` | Maximum amount of characters for the data property of a ConfigMap collected by the kubernetes topology check | -| clusterAgent.config.events.categories | object | `{}` | Custom mapping from Kubernetes event reason to StackState event category. Categories allowed: Alerts, Activities, Changes, Others | -| clusterAgent.config.override | list | `[]` | A list of objects containing three keys `name`, `path` and `data`, specifying filenames at specific paths which need to be (potentially) overridden using a mounted configmap | -| clusterAgent.config.topology.collectionInterval | int | `90` | Interval for running topology collection, in seconds | -| clusterAgent.enabled | bool | `true` | Enable / disable the cluster agent. | -| clusterAgent.image.pullPolicy | string | `"IfNotPresent"` | Default container image pull policy. | -| clusterAgent.image.repository | string | `"stackstate/stackstate-k8s-cluster-agent"` | Base container image repository. | -| clusterAgent.image.tag | string | `"c4caacef"` | Default container image tag. | -| clusterAgent.livenessProbe.enabled | bool | `true` | Enable use of livenessProbe check. | -| clusterAgent.livenessProbe.failureThreshold | int | `3` | `failureThreshold` for the liveness probe. | -| clusterAgent.livenessProbe.initialDelaySeconds | int | `15` | `initialDelaySeconds` for the liveness probe. | -| clusterAgent.livenessProbe.periodSeconds | int | `15` | `periodSeconds` for the liveness probe. | -| clusterAgent.livenessProbe.successThreshold | int | `1` | `successThreshold` for the liveness probe. | -| clusterAgent.livenessProbe.timeoutSeconds | int | `5` | `timeoutSeconds` for the liveness probe. | -| clusterAgent.logLevel | string | `"INFO"` | Logging level for stackstate-k8s-agent processes. | -| clusterAgent.nodeSelector | object | `{}` | Node labels for pod assignment. | -| clusterAgent.priorityClassName | string | `""` | Priority class for stackstate-k8s-agent pods. | -| clusterAgent.readinessProbe.enabled | bool | `true` | Enable use of readinessProbe check. | -| clusterAgent.readinessProbe.failureThreshold | int | `3` | `failureThreshold` for the readiness probe. | -| clusterAgent.readinessProbe.initialDelaySeconds | int | `15` | `initialDelaySeconds` for the readiness probe. | -| clusterAgent.readinessProbe.periodSeconds | int | `15` | `periodSeconds` for the readiness probe. | -| clusterAgent.readinessProbe.successThreshold | int | `1` | `successThreshold` for the readiness probe. | -| clusterAgent.readinessProbe.timeoutSeconds | int | `5` | `timeoutSeconds` for the readiness probe. | -| clusterAgent.replicaCount | int | `1` | Number of replicas of the cluster agent to deploy. | -| clusterAgent.resources.limits.cpu | string | `"400m"` | CPU resource limits. | -| clusterAgent.resources.limits.memory | string | `"800Mi"` | Memory resource limits. | -| clusterAgent.resources.requests.cpu | string | `"70m"` | CPU resource requests. | -| clusterAgent.resources.requests.memory | string | `"512Mi"` | Memory resource requests. | -| clusterAgent.service.port | int | `5005` | Change the Cluster Agent service port | -| clusterAgent.service.targetPort | int | `5005` | Change the Cluster Agent service targetPort | -| clusterAgent.serviceaccount.annotations | object | `{}` | Annotations for the service account for the cluster agent pods | -| clusterAgent.skipSslValidation | bool | `false` | If true, ignores the server certificate being signed by an unknown authority. | -| clusterAgent.strategy | object | `{"type":"RollingUpdate"}` | The strategy for the Deployment object. | -| clusterAgent.tolerations | list | `[]` | Toleration labels for pod assignment. | -| fullnameOverride | string | `""` | Override the fullname of the chart. | -| global.extraAnnotations | object | `{}` | Extra annotations added ta all resources created by the helm chart | -| global.extraEnv.open | object | `{}` | Extra open environment variables to inject into pods. | -| global.extraEnv.secret | object | `{}` | Extra secret environment variables to inject into pods via a `Secret` object. | -| global.extraLabels | object | `{}` | Extra labels added ta all resources created by the helm chart | -| global.imagePullCredentials | object | `{}` | Globally define credentials for pulling images. | -| global.imagePullSecrets | list | `[]` | Secrets / credentials needed for container image registry. | -| global.proxy.url | string | `""` | Proxy for all traffic to stackstate | -| global.skipSslValidation | bool | `false` | Enable tls validation from client | -| httpHeaderInjectorWebhook.enabled | bool | `false` | Enable the webhook for injection http header injection sidecar proxy | -| logsAgent.affinity | object | `{}` | Affinity settings for pod assignment. | -| logsAgent.enabled | bool | `true` | Enable / disable k8s pod log collection | -| logsAgent.image.pullPolicy | string | `"IfNotPresent"` | Default container image pull policy. | -| logsAgent.image.repository | string | `"stackstate/promtail"` | Base container image repository. | -| logsAgent.image.tag | string | `"2.9.8-5b179aee"` | Default container image tag. | -| logsAgent.nodeSelector | object | `{}` | Node labels for pod assignment. | -| logsAgent.priorityClassName | string | `""` | Priority class for logsAgent pods. | -| logsAgent.resources.limits.cpu | string | `"1300m"` | CPU resource limits. | -| logsAgent.resources.limits.memory | string | `"192Mi"` | Memory resource limits. | -| logsAgent.resources.requests.cpu | string | `"20m"` | CPU resource requests. | -| logsAgent.resources.requests.memory | string | `"100Mi"` | Memory resource requests. | -| logsAgent.serviceaccount.annotations | object | `{}` | Annotations for the service account for the daemonset pods | -| logsAgent.skipSslValidation | bool | `false` | If true, ignores the server certificate being signed by an unknown authority. | -| logsAgent.tolerations | list | `[]` | Toleration labels for pod assignment. | -| logsAgent.updateStrategy | object | `{"rollingUpdate":{"maxUnavailable":100},"type":"RollingUpdate"}` | The update strategy for the DaemonSet object. | -| nameOverride | string | `""` | Override the name of the chart. | -| nodeAgent.affinity | object | `{}` | Affinity settings for pod assignment. | -| nodeAgent.apm.enabled | bool | `true` | Enable / disable the nodeAgent APM module. | -| nodeAgent.autoScalingEnabled | bool | `false` | Enable / disable autoscaling for the node agent pods. | -| nodeAgent.checksTagCardinality | string | `"orchestrator"` | low, orchestrator or high. Orchestrator level adds pod_name, high adds display_container_name | -| nodeAgent.config | object | `{"override":[]}` | | -| nodeAgent.config.override | list | `[]` | A list of objects containing three keys `name`, `path` and `data`, specifying filenames at specific paths which need to be (potentially) overridden using a mounted configmap | -| nodeAgent.containerRuntime.customSocketPath | string | `""` | If the container socket path does not match the default for CRI-O, Containerd or Docker, supply a custom socket path. | -| nodeAgent.containerRuntime.hostProc | string | `"/proc"` | | -| nodeAgent.containers.agent.env | object | `{}` | Additional environment variables for the agent container | -| nodeAgent.containers.agent.image.pullPolicy | string | `"IfNotPresent"` | Default container image pull policy. | -| nodeAgent.containers.agent.image.repository | string | `"stackstate/stackstate-k8s-agent"` | Base container image repository. | -| nodeAgent.containers.agent.image.tag | string | `"c4caacef"` | Default container image tag. | -| nodeAgent.containers.agent.livenessProbe.enabled | bool | `true` | Enable use of livenessProbe check. | -| nodeAgent.containers.agent.livenessProbe.failureThreshold | int | `3` | `failureThreshold` for the liveness probe. | -| nodeAgent.containers.agent.livenessProbe.initialDelaySeconds | int | `15` | `initialDelaySeconds` for the liveness probe. | -| nodeAgent.containers.agent.livenessProbe.periodSeconds | int | `15` | `periodSeconds` for the liveness probe. | -| nodeAgent.containers.agent.livenessProbe.successThreshold | int | `1` | `successThreshold` for the liveness probe. | -| nodeAgent.containers.agent.livenessProbe.timeoutSeconds | int | `5` | `timeoutSeconds` for the liveness probe. | -| nodeAgent.containers.agent.logLevel | string | `nil` | Set logging verbosity, valid log levels are: trace, debug, info, warn, error, critical, and off # If not set, fall back to the value of agent.logLevel. | -| nodeAgent.containers.agent.processAgent.enabled | bool | `false` | Enable / disable the agent process agent module. - deprecated | -| nodeAgent.containers.agent.readinessProbe.enabled | bool | `true` | Enable use of readinessProbe check. | -| nodeAgent.containers.agent.readinessProbe.failureThreshold | int | `3` | `failureThreshold` for the readiness probe. | -| nodeAgent.containers.agent.readinessProbe.initialDelaySeconds | int | `15` | `initialDelaySeconds` for the readiness probe. | -| nodeAgent.containers.agent.readinessProbe.periodSeconds | int | `15` | `periodSeconds` for the readiness probe. | -| nodeAgent.containers.agent.readinessProbe.successThreshold | int | `1` | `successThreshold` for the readiness probe. | -| nodeAgent.containers.agent.readinessProbe.timeoutSeconds | int | `5` | `timeoutSeconds` for the readiness probe. | -| nodeAgent.containers.agent.resources.limits.cpu | string | `"270m"` | CPU resource limits. | -| nodeAgent.containers.agent.resources.limits.memory | string | `"420Mi"` | Memory resource limits. | -| nodeAgent.containers.agent.resources.requests.cpu | string | `"20m"` | CPU resource requests. | -| nodeAgent.containers.agent.resources.requests.memory | string | `"180Mi"` | Memory resource requests. | -| nodeAgent.containers.processAgent.enabled | bool | `true` | Enable / disable the process agent container. | -| nodeAgent.containers.processAgent.env | object | `{}` | Additional environment variables for the process-agent container | -| nodeAgent.containers.processAgent.image.pullPolicy | string | `"IfNotPresent"` | Process-agent container image pull policy. | -| nodeAgent.containers.processAgent.image.registry | string | `nil` | | -| nodeAgent.containers.processAgent.image.repository | string | `"stackstate/stackstate-k8s-process-agent"` | Process-agent container image repository. | -| nodeAgent.containers.processAgent.image.tag | string | `"cae7a4fa"` | Default process-agent container image tag. | -| nodeAgent.containers.processAgent.logLevel | string | `nil` | Set logging verbosity, valid log levels are: trace, debug, info, warn, error, critical, and off # If not set, fall back to the value of agent.logLevel. | -| nodeAgent.containers.processAgent.procVolumeReadOnly | bool | `true` | Configure whether /host/proc is read only for the process agent container | -| nodeAgent.containers.processAgent.resources.limits.cpu | string | `"125m"` | CPU resource limits. | -| nodeAgent.containers.processAgent.resources.limits.memory | string | `"400Mi"` | Memory resource limits. | -| nodeAgent.containers.processAgent.resources.requests.cpu | string | `"25m"` | CPU resource requests. | -| nodeAgent.containers.processAgent.resources.requests.memory | string | `"128Mi"` | Memory resource requests. | -| nodeAgent.httpTracing.enabled | bool | `true` | | -| nodeAgent.logLevel | string | `"INFO"` | Logging level for agent processes. | -| nodeAgent.networkTracing.enabled | bool | `true` | Enable / disable the nodeAgent network tracing module. | -| nodeAgent.nodeSelector | object | `{}` | Node labels for pod assignment. | -| nodeAgent.priorityClassName | string | `""` | Priority class for nodeAgent pods. | -| nodeAgent.protocolInspection.enabled | bool | `true` | Enable / disable the nodeAgent protocol inspection. | -| nodeAgent.scaling.autoscalerLimits.agent.maximum.cpu | string | `"200m"` | Maximum CPU resource limits for main agent. | -| nodeAgent.scaling.autoscalerLimits.agent.maximum.memory | string | `"450Mi"` | Maximum memory resource limits for main agent. | -| nodeAgent.scaling.autoscalerLimits.agent.minimum.cpu | string | `"20m"` | Minimum CPU resource limits for main agent. | -| nodeAgent.scaling.autoscalerLimits.agent.minimum.memory | string | `"180Mi"` | Minimum memory resource limits for main agent. | -| nodeAgent.scaling.autoscalerLimits.processAgent.maximum.cpu | string | `"200m"` | Maximum CPU resource limits for process agent. | -| nodeAgent.scaling.autoscalerLimits.processAgent.maximum.memory | string | `"500Mi"` | Maximum memory resource limits for process agent. | -| nodeAgent.scaling.autoscalerLimits.processAgent.minimum.cpu | string | `"25m"` | Minimum CPU resource limits for process agent. | -| nodeAgent.scaling.autoscalerLimits.processAgent.minimum.memory | string | `"100Mi"` | Minimum memory resource limits for process agent. | -| nodeAgent.scc.enabled | bool | `false` | Enable / disable the installation of the SecurityContextConfiguration needed for installation on OpenShift. | -| nodeAgent.service | object | `{"annotations":{},"loadBalancerSourceRanges":["10.0.0.0/8"],"type":"ClusterIP"}` | The Kubernetes service for the agent | -| nodeAgent.service.annotations | object | `{}` | Annotations for the service | -| nodeAgent.service.loadBalancerSourceRanges | list | `["10.0.0.0/8"]` | The IP4 CIDR allowed to reach LoadBalancer for the service. For LoadBalancer type of service only. | -| nodeAgent.service.type | string | `"ClusterIP"` | Type of Kubernetes service: ClusterIP, LoadBalancer, NodePort | -| nodeAgent.serviceaccount.annotations | object | `{}` | Annotations for the service account for the agent daemonset pods | -| nodeAgent.skipKubeletTLSVerify | bool | `false` | Set to true if you want to skip kubelet tls verification. | -| nodeAgent.skipSslValidation | bool | `false` | Set to true if self signed certificates are used. | -| nodeAgent.tolerations | list | `[]` | Toleration labels for pod assignment. | -| nodeAgent.updateStrategy | object | `{"rollingUpdate":{"maxUnavailable":100},"type":"RollingUpdate"}` | The update strategy for the DaemonSet object. | -| openShiftLogging.installSecret | bool | `false` | Install a secret for logging on openshift | -| processAgent.checkIntervals.connections | int | `30` | Override the default value of the connections check interval in seconds. | -| processAgent.checkIntervals.container | int | `28` | Override the default value of the container check interval in seconds. | -| processAgent.checkIntervals.process | int | `32` | Override the default value of the process check interval in seconds. | -| processAgent.softMemoryLimit.goMemLimit | string | `"340MiB"` | Soft-limit for golang heap allocation, for sanity, must be around 85% of nodeAgent.containers.processAgent.resources.limits.cpu. | -| processAgent.softMemoryLimit.httpObservationsBufferSize | int | `40000` | Sets a maximum for the number of http observations to keep in memory between check runs, to use 40k requires around ~400Mib of memory. | -| processAgent.softMemoryLimit.httpStatsBufferSize | int | `40000` | Sets a maximum for the number of http stats to keep in memory between check runs, to use 40k requires around ~400Mib of memory. | -| stackstate.apiKey | string | `nil` | **PROVIDE YOUR API KEY HERE** API key to be used by the StackState agent. | -| stackstate.cluster.authToken | string | `""` | Provide a token to enable secure communication between the agent and the cluster agent. | -| stackstate.cluster.name | string | `nil` | **PROVIDE KUBERNETES CLUSTER NAME HERE** Name of the Kubernetes cluster where the agent will be installed. | -| stackstate.customApiKeySecretKey | string | `"sts-api-key"` | Key in the secret containing the receiver API key. | -| stackstate.customClusterAuthTokenSecretKey | string | `"sts-cluster-auth-token"` | Key in the secret containing the cluster auth token. | -| stackstate.customSecretName | string | `""` | Name of the secret containing the receiver API key. | -| stackstate.manageOwnSecrets | bool | `false` | Set to true if you don't want this helm chart to create secrets for you. | -| stackstate.url | string | `nil` | **PROVIDE STACKSTATE URL HERE** URL of the StackState installation to receive data from the agent. | -| targetSystem | string | `"linux"` | Target OS for this deployment (possible values: linux) | diff --git a/charts/stackstate/stackstate-k8s-agent/1.0.98/README.md.gotmpl b/charts/stackstate/stackstate-k8s-agent/1.0.98/README.md.gotmpl deleted file mode 100644 index 7909e6f0d..000000000 --- a/charts/stackstate/stackstate-k8s-agent/1.0.98/README.md.gotmpl +++ /dev/null @@ -1,45 +0,0 @@ -{{ template "chart.header" . }} -{{ template "chart.description" . }} - -Current chart version is `{{ template "chart.version" . }}` - -{{ template "chart.homepageLine" . }} - -{{ template "chart.requirementsSection" . }} - -## Required Values - -In order to successfully install this chart, you **must** provide the following variables: - -* `stackstate.apiKey` -* `stackstate.cluster.name` -* `stackstate.url` - -The parameter `stackstate.cluster.name` is entered when installing the Cluster Agent StackPack. - -Install them on the command line on Helm with the following command: - -```shell -helm install \ ---set-string 'stackstate.apiKey'='' \ ---set-string 'stackstate.cluster.name'='' \ ---set-string 'stackstate.url'='' \ -stackstate/stackstate-k8s-agent -``` - -## Recommended Values - -It is also recommended that you set a value for `stackstate.cluster.authToken`. If it is not provided, a value will be generated for you, but the value will change each time an upgrade is performed. - -The command for **also** installing with a set token would be: - -```shell -helm install \ ---set-string 'stackstate.apiKey'='' \ ---set-string 'stackstate.cluster.name'='' \ ---set-string 'stackstate.cluster.authToken'='' \ ---set-string 'stackstate.url'='' \ -stackstate/stackstate-k8s-agent -``` - -{{ template "chart.valuesSection" . }} diff --git a/charts/stackstate/stackstate-k8s-agent/1.0.98/Releasing.md b/charts/stackstate/stackstate-k8s-agent/1.0.98/Releasing.md deleted file mode 100644 index bab6c2b94..000000000 --- a/charts/stackstate/stackstate-k8s-agent/1.0.98/Releasing.md +++ /dev/null @@ -1,15 +0,0 @@ -To make a new release of this helm chart, follow the following steps: - - -- Create a branch from master -- Set the latest tags for the docker images, based on the dev settings (while we do not promote to prod, the moment we promote to prod we should take those tags) from https://gitlab.com/stackvista/devops/agent-promoter/-/blob/master/config.yml. Set the value to the folowing keys: - * stackstate-k8s-cluster-agent: - * [clusterAgent.image.tag] - * stackstate-k8s-agent: - * [nodeAgent.containers.agent.image.tag] - * [checksAgent.image.tag] - * stackstate-k8s-process-agent: - * [nodeAgent.containers.processAgent.image.tag] -- Bump the version of the chart -- Merge the mr and hit the public release button on the ci pipeline -- Manually smoke-test (deploy) the newly released stackstate/stackstate-k8s-agent chart to make sure it runs diff --git a/charts/stackstate/stackstate-k8s-agent/1.0.98/app-readme.md b/charts/stackstate/stackstate-k8s-agent/1.0.98/app-readme.md deleted file mode 100644 index 8025fe1d3..000000000 --- a/charts/stackstate/stackstate-k8s-agent/1.0.98/app-readme.md +++ /dev/null @@ -1,5 +0,0 @@ -## Introduction - -StackState is a modern Application Troubleshooting and Observability solution designed for the rapid evolving engineering landscape. With specific enhancements for Kubernetes environments it empowers engineers, allowing them to remediate application issues independently in production. - -The StackState Agent auto-discovers your entire environment in minutes, assimilating topology, logs, metrics, and events and sends this of to the StackState server. By using StackState you're able to tracke all activity in your environment in real-time and over time. StackState provides instant understanding of the business impact of an issue, offering end-to-end chain observability and ensuring that you can quickly correlate any product or environmental changes to the overall health of your cloud-native implementation. diff --git a/charts/stackstate/stackstate-k8s-agent/1.0.98/charts/http-header-injector/.helmignore b/charts/stackstate/stackstate-k8s-agent/1.0.98/charts/http-header-injector/.helmignore deleted file mode 100644 index 69790771c..000000000 --- a/charts/stackstate/stackstate-k8s-agent/1.0.98/charts/http-header-injector/.helmignore +++ /dev/null @@ -1,25 +0,0 @@ -# Patterns to ignore when building packages. -# This supports shell glob matching, relative path matching, and -# negation (prefixed with !). Only one pattern per line. -.DS_Store -# Common VCS dirs -.git/ -.gitignore -.bzr/ -.bzrignore -.hg/ -.hgignore -.svn/ -# Common backup files -*.swp -*.bak -*.tmp -*~ -# Various IDEs -.project -.idea/ -*.tmproj -.vscode/ -linter_values.yaml -ci/ -installation/ diff --git a/charts/stackstate/stackstate-k8s-agent/1.0.98/charts/http-header-injector/Chart.yaml b/charts/stackstate/stackstate-k8s-agent/1.0.98/charts/http-header-injector/Chart.yaml deleted file mode 100644 index ff28ae8da..000000000 --- a/charts/stackstate/stackstate-k8s-agent/1.0.98/charts/http-header-injector/Chart.yaml +++ /dev/null @@ -1,15 +0,0 @@ -apiVersion: v2 -appVersion: 0.0.1 -description: 'Helm chart for deploying the http-header-injector sidecar, which automatically - injects x-request-id into http traffic going through the cluster for pods which - have the annotation `http-header-injector.stackstate.io/inject: enabled` is set. ' -home: https://github.com/StackVista/http-header-injector -icon: https://www.stackstate.com/wp-content/uploads/2019/02/152x152-favicon.png -keywords: -- monitoring -- stackstate -maintainers: -- email: ops@stackstate.com - name: Stackstate Lupulus Team -name: http-header-injector -version: 0.0.11 diff --git a/charts/stackstate/stackstate-k8s-agent/1.0.98/charts/http-header-injector/README.md b/charts/stackstate/stackstate-k8s-agent/1.0.98/charts/http-header-injector/README.md deleted file mode 100644 index 840ff5240..000000000 --- a/charts/stackstate/stackstate-k8s-agent/1.0.98/charts/http-header-injector/README.md +++ /dev/null @@ -1,56 +0,0 @@ -# http-header-injector - -![Version: 0.0.11](https://img.shields.io/badge/Version-0.0.11-informational?style=flat-square) ![AppVersion: 0.0.1](https://img.shields.io/badge/AppVersion-0.0.1-informational?style=flat-square) - -Helm chart for deploying the http-header-injector sidecar, which automatically injects x-request-id into http traffic -going through the cluster for pods which have the annotation `http-header-injector.stackstate.io/inject: enabled` is set. - -**Homepage:** - -## Maintainers - -| Name | Email | Url | -| ---- | ------ | --- | -| Stackstate Lupulus Team | | | - -## Values - -| Key | Type | Default | Description | -|-----|------|---------|-------------| -| certificatePrehook | object | `{"image":{"pullPolicy":"IfNotPresent","registry":null,"repository":"stackstate/container-tools","tag":"1.4.0"},"resources":{"limits":{"cpu":"100m","memory":"200Mi"},"requests":{"cpu":"100m","memory":"200Mi"}}}` | Helm prehook to setup/remove a certificate for the sidecarInjector mutationwebhook | -| certificatePrehook.image.pullPolicy | string | `"IfNotPresent"` | Policy when pulling an image | -| certificatePrehook.image.registry | string | `nil` | Registry for the docker image. | -| certificatePrehook.image.tag | string | `"1.4.0"` | The tag for the docker image | -| debug | bool | `false` | Enable debugging. This will leave leave artifacts around like the prehook jobs for further inspection | -| enabled | bool | `true` | Enable/disable the mutationwebhook | -| global.extraAnnotations | object | `{}` | Extra annotations added ta all resources created by the helm chart | -| global.extraLabels | object | `{}` | Extra labels added ta all resources created by the helm chart | -| global.imagePullCredentials | object | `{}` | Globally define credentials for pulling images. | -| global.imagePullSecrets | list | `[]` | Globally add image pull secrets that are used. | -| global.imageRegistry | string | `nil` | Globally override the image registry that is used. Can be overridden by specific containers. Defaults to quay.io | -| images.pullSecretName | string | `nil` | | -| proxy | object | `{"image":{"pullPolicy":"IfNotPresent","registry":null,"repository":"stackstate/http-header-injector-proxy","tag":"sha-5ff79451"},"resources":{"limits":{"memory":"40Mi"},"requests":{"memory":"25Mi"}}}` | Proxy being injected into pods for rewriting http headers | -| proxy.image.pullPolicy | string | `"IfNotPresent"` | Policy when pulling an image | -| proxy.image.registry | string | `nil` | Registry for the docker image. | -| proxy.image.tag | string | `"sha-5ff79451"` | The tag for the docker image | -| proxy.resources.limits.memory | string | `"40Mi"` | Memory resource limits. | -| proxy.resources.requests.memory | string | `"25Mi"` | Memory resource requests. | -| proxyInit | object | `{"image":{"pullPolicy":"IfNotPresent","registry":null,"repository":"stackstate/http-header-injector-proxy-init","tag":"sha-5ff79451"}}` | InitContainer within pod which redirects traffic to the proxy container. | -| proxyInit.image.pullPolicy | string | `"IfNotPresent"` | Policy when pulling an image | -| proxyInit.image.registry | string | `nil` | Registry for the docker image | -| proxyInit.image.tag | string | `"sha-5ff79451"` | The tag for the docker image | -| sidecarInjector | object | `{"image":{"pullPolicy":"IfNotPresent","registry":null,"repository":"stackstate/generic-sidecar-injector","tag":"sha-9c852245"}}` | Service for injecting the proxy sidecar into pods | -| sidecarInjector.image.pullPolicy | string | `"IfNotPresent"` | Policy when pulling an image | -| sidecarInjector.image.registry | string | `nil` | Registry for the docker image. | -| sidecarInjector.image.tag | string | `"sha-9c852245"` | The tag for the docker image | -| webhook | object | `{"failurePolicy":"Ignore","tls":{"certManager":{"issuer":"","issuerKind":"ClusterIssuer","issuerNamespace":""},"mode":"generated","provided":{"caBundle":"","crt":"","key":""},"secret":{"name":""}}}` | MutationWebhook that will be installed to inject a sidecar into pods | -| webhook.failurePolicy | string | `"Ignore"` | How should the webhook fail? Best is to use Ignore, because there is a brief moment at initialization when the hook s there but the service not. Also, putting this to fail can cause the control plane be unresponsive. | -| webhook.tls.certManager.issuer | string | `""` | The issuer that is used for the webhook. Only used if you set webhook.tls.mode to "cert-manager". | -| webhook.tls.certManager.issuerKind | string | `"ClusterIssuer"` | The issuer kind that is used for the webhook, valid values are "Issuer" or "ClusterIssuer". Only used if you set webhook.tls.mode to "cert-manager". | -| webhook.tls.certManager.issuerNamespace | string | `""` | The namespace the cert-manager issuer is located in. If left empty defaults to the release's namespace that is used for the webhook. Only used if you set webhook.tls.mode to "cert-manager". | -| webhook.tls.mode | string | `"generated"` | The mode for the webhook. Can be "provided", "generated", "secret" or "cert-manager". If you want to use cert-manager, you need to install it first. NOTE: If you choose "generated", additional privileges are required to create the certificate and webhook at runtime. | -| webhook.tls.provided.caBundle | string | `""` | The caBundle that is used for the webhook. This is the certificate that is used to sign the webhook. Only used if you set webhook.tls.mode to "provided". | -| webhook.tls.provided.crt | string | `""` | The certificate that is used for the webhook. Only used if you set webhook.tls.mode to "provided". | -| webhook.tls.provided.key | string | `""` | The key that is used for the webhook. Only used if you set webhook.tls.mode to "provided". | -| webhook.tls.secret.name | string | `""` | The name of the secret containing the pre-provisioned certificate data that is used for the webhook. Only used if you set webhook.tls.mode to "secret". | - diff --git a/charts/stackstate/stackstate-k8s-agent/1.0.98/charts/http-header-injector/Readme.md.gotpl b/charts/stackstate/stackstate-k8s-agent/1.0.98/charts/http-header-injector/Readme.md.gotpl deleted file mode 100644 index 225032aa2..000000000 --- a/charts/stackstate/stackstate-k8s-agent/1.0.98/charts/http-header-injector/Readme.md.gotpl +++ /dev/null @@ -1,26 +0,0 @@ -{{ template "chart.header" . }} -{{ template "chart.description" . }} - -Current chart version is `{{ template "chart.version" . }}` - -{{ template "chart.homepageLine" . }} - -{{ template "chart.requirementsSection" . }} - -## Required Values - -No values have to be included to install this chart. After installing this chart, it becomes possible to annotate pods with -the `http-header-injector.stackstate.io/inject: enabled` annotation to make sure the sidecar provided by this chart is -activated on a pod. - -## Recommended Values - -{{ template "chart.valuesSection" . -}} - -## Install - -Install from the command line on Helm with the following command: - -```shell -helm install stackstate/http-header-injector -``` diff --git a/charts/stackstate/stackstate-k8s-agent/1.0.98/charts/http-header-injector/templates/_defines.tpl b/charts/stackstate/stackstate-k8s-agent/1.0.98/charts/http-header-injector/templates/_defines.tpl deleted file mode 100644 index ee6b7320e..000000000 --- a/charts/stackstate/stackstate-k8s-agent/1.0.98/charts/http-header-injector/templates/_defines.tpl +++ /dev/null @@ -1,131 +0,0 @@ -{{- define "http-header-injector.app.name" -}} -{{ .Release.Name }}-http-header-injector -{{- end -}} - -{{- define "http-header-injector.webhook-service.name" -}} -{{ .Release.Name }}-http-header-injector -{{- end -}} - -{{- define "http-header-injector.webhook-service.fqname" -}} -{{ .Release.Name }}-http-header-injector.{{ .Release.Namespace }}.svc -{{- end -}} - -{{- define "http-header-injector.cert-secret.name" -}} -{{- if eq .Values.webhook.tls.mode "secret" -}} -{{ .Values.webhook.tls.secret.name }} -{{- else -}} -{{ .Release.Name }}-http-injector-cert -{{- end -}} -{{- end -}} - -{{- define "http-header-injector.cert-clusterrole.name" -}} -{{ .Release.Name }}-http-injector-cert-cluster-role -{{- end -}} - -{{- define "http-header-injector.cert-serviceaccount.name" -}} -{{ .Release.Name }}-http-injector-cert-sa -{{- end -}} - -{{- define "http-header-injector.cert-config.name" -}} -{{ .Release.Name }}-cert-config -{{- end -}} - -{{- define "http-header-injector.mutatingwebhookconfiguration.name" -}} -{{ .Release.Name }}-http-header-injector-webhook.stackstate.io -{{- end -}} - -{{- define "http-header-injector.webhook-config.name" -}} -{{ .Release.Name }}-http-header-injector-config -{{- end -}} - -{{- define "http-header-injector.mutating-webhook.name" -}} -{{ .Release.Name }}-http-header-injector-webhook -{{- end -}} - -{{- define "http-header-injector.pull-secret.name" -}} -{{ include "http-header-injector.app.name" . }}-pull-secret -{{- end -}} - -{{/* If the issuer is located in a different namespace, it is possible to set that, else default to the release namespace */}} -{{- define "cert-manager.certificate.namespace" -}} -{{ .Values.webhook.tls.certManager.issuerNamespace | default .Release.Namespace }} -{{- end -}} - -{{- define "http-header-injector.image.registry.global" -}} - {{- if .Values.global }} - {{- .Values.global.imageRegistry | default "quay.io" -}} - {{- else -}} - quay.io - {{- end -}} -{{- end -}} - -{{- define "http-header-injector.image.registry" -}} - {{- if ((.ContainerConfig).image).registry -}} - {{- tpl .ContainerConfig.image.registry . -}} - {{- else -}} - {{- include "http-header-injector.image.registry.global" . }} - {{- end -}} -{{- end -}} - -{{- define "http-header-injector.image.pullSecrets" -}} - {{- $pullSecrets := list }} - {{- $pullSecrets = append $pullSecrets (include "http-header-injector.pull-secret.name" .) }} - {{- range .Values.global.imagePullSecrets -}} - {{- $pullSecrets = append $pullSecrets . -}} - {{- end -}} - {{- if (not (empty $pullSecrets)) -}} -imagePullSecrets: - {{- range $pullSecrets | uniq }} - - name: {{ . }} - {{- end }} - {{- end -}} -{{- end -}} - -{{- define "http-header-injector.cert-setup.container.main" }} -{{- $containerConfig := dict "ContainerConfig" .Values.certificatePrehook -}} -name: webhook-cert-setup -image: "{{ include "http-header-injector.image.registry" (merge $containerConfig .) }}/{{ .Values.certificatePrehook.image.repository }}:{{ .Values.certificatePrehook.image.tag }}" -imagePullPolicy: {{ .Values.certificatePrehook.image.pullPolicy }} -{{- with .Values.certificatePrehook.resources }} -resources: - {{- toYaml . | nindent 2 }} -{{- end }} -volumeMounts: - - name: "{{ include "http-header-injector.cert-config.name" . }}" - mountPath: /scripts - readOnly: true -command: ["/scripts/generate-cert.sh"] -{{- end }} - -{{- define "http-header-injector.cert-delete.container.main" }} -{{- $containerConfig := dict "ContainerConfig" .Values.certificatePrehook -}} -name: webhook-cert-delete -image: "{{ include "http-header-injector.image.registry" (merge $containerConfig .) }}/{{ .Values.certificatePrehook.image.repository }}:{{ .Values.certificatePrehook.image.tag }}" -imagePullPolicy: {{ .Values.certificatePrehook.image.pullPolicy }} -{{- with .Values.certificatePrehook.resources }} -resources: - {{- toYaml . | nindent 2 }} -{{- end }} -volumeMounts: - - name: "{{ include "http-header-injector.cert-config.name" . }}" - mountPath: /scripts -command: [ "/scripts/delete-cert.sh" ] -{{- end }} - -{{/* -Returns a YAML with extra annotations. -*/}} -{{- define "http-header-injector.global.extraAnnotations" -}} -{{- with .Values.global.extraAnnotations }} -{{- toYaml . }} -{{- end }} -{{- end -}} - -{{/* -Returns a YAML with extra labels. -*/}} -{{- define "http-header-injector.global.extraLabels" -}} -{{- with .Values.global.extraLabels }} -{{- toYaml . }} -{{- end }} -{{- end -}} \ No newline at end of file diff --git a/charts/stackstate/stackstate-k8s-agent/1.0.98/charts/http-header-injector/templates/cert-hook-clusterrolbinding.yaml b/charts/stackstate/stackstate-k8s-agent/1.0.98/charts/http-header-injector/templates/cert-hook-clusterrolbinding.yaml deleted file mode 100644 index fc0c01258..000000000 --- a/charts/stackstate/stackstate-k8s-agent/1.0.98/charts/http-header-injector/templates/cert-hook-clusterrolbinding.yaml +++ /dev/null @@ -1,24 +0,0 @@ -{{- if eq .Values.webhook.tls.mode "generated" }} -apiVersion: rbac.authorization.k8s.io/v1 -kind: ClusterRoleBinding -metadata: - name: "{{ include "http-header-injector.cert-serviceaccount.name" . }}" - labels: - app.kubernetes.io/component: http-header-injector-cert-hook - app.kubernetes.io/instance: {{ .Release.Name }} - app.kubernetes.io/name: {{ include "http-header-injector.app.name" . }} -{{ include "http-header-injector.global.extraLabels" . | indent 4 }} - annotations: - "helm.sh/hook": pre-install,pre-upgrade,post-delete,post-upgrade - "helm.sh/hook-weight": "-3" - "helm.sh/hook-delete-policy": before-hook-creation,hook-succeeded -{{ include "http-header-injector.global.extraAnnotations" . | indent 4 }} -roleRef: - apiGroup: rbac.authorization.k8s.io - kind: ClusterRole - name: "{{ include "http-header-injector.cert-clusterrole.name" . }}" -subjects: - - kind: ServiceAccount - name: "{{ include "http-header-injector.cert-serviceaccount.name" . }}" - namespace: {{ .Release.Namespace }} -{{- end }} diff --git a/charts/stackstate/stackstate-k8s-agent/1.0.98/charts/http-header-injector/templates/cert-hook-clusterrole.yaml b/charts/stackstate/stackstate-k8s-agent/1.0.98/charts/http-header-injector/templates/cert-hook-clusterrole.yaml deleted file mode 100644 index afab838b3..000000000 --- a/charts/stackstate/stackstate-k8s-agent/1.0.98/charts/http-header-injector/templates/cert-hook-clusterrole.yaml +++ /dev/null @@ -1,26 +0,0 @@ -{{- if eq .Values.webhook.tls.mode "generated" }} -apiVersion: rbac.authorization.k8s.io/v1 -kind: ClusterRole -metadata: - name: "{{ include "http-header-injector.cert-clusterrole.name" . }}" - labels: - app.kubernetes.io/component: http-header-injector-cert-hook - app.kubernetes.io/instance: {{ .Release.Name }} - app.kubernetes.io/name: {{ include "http-header-injector.app.name" . }} -{{ include "http-header-injector.global.extraLabels" . | indent 4 }} - annotations: - "helm.sh/hook": pre-install,pre-upgrade,post-delete,post-upgrade - "helm.sh/hook-weight": "-4" - "helm.sh/hook-delete-policy": before-hook-creation,hook-succeeded -{{ include "http-header-injector.global.extraAnnotations" . | indent 4 }} -rules: - - apiGroups: [ "admissionregistration.k8s.io" ] - resources: [ "mutatingwebhookconfigurations" ] - verbs: [ "get", "create", "patch","update","delete" ] - - apiGroups: [ "" ] - resources: [ "secrets" ] - verbs: [ "create", "get", "patch","update","delete" ] - - apiGroups: [ "apps" ] - resources: [ "deployments" ] - verbs: [ "get" ] -{{- end }} diff --git a/charts/stackstate/stackstate-k8s-agent/1.0.98/charts/http-header-injector/templates/cert-hook-config.yaml b/charts/stackstate/stackstate-k8s-agent/1.0.98/charts/http-header-injector/templates/cert-hook-config.yaml deleted file mode 100644 index a22bdf4fb..000000000 --- a/charts/stackstate/stackstate-k8s-agent/1.0.98/charts/http-header-injector/templates/cert-hook-config.yaml +++ /dev/null @@ -1,158 +0,0 @@ -{{- if eq .Values.webhook.tls.mode "generated" }} -apiVersion: v1 -kind: ConfigMap -metadata: - name: "{{ include "http-header-injector.cert-config.name" . }}" - labels: - app.kubernetes.io/component: http-header-injector-cert-hook - app.kubernetes.io/instance: {{ .Release.Name }} - app.kubernetes.io/name: {{ include "http-header-injector.app.name" . }} -{{ include "http-header-injector.global.extraLabels" . | indent 4 }} - annotations: - "helm.sh/hook": pre-install,pre-upgrade,post-delete,post-upgrade - "helm.sh/hook-weight": "-3" - "helm.sh/hook-delete-policy": before-hook-creation,hook-succeeded -{{ include "http-header-injector.global.extraAnnotations" . | indent 4 }} -data: - generate-cert.sh: | - #!/bin/bash - - # We are going for a self-signed certificate here. We would like to use k8s CertificateSigningRequest, however, - # currently there are no out of the box signers that can sign a 'server auth' certificate, which is required for mutation webhooks. - set -ex - - SCRIPTDIR="${BASH_SOURCE%/*}" - - DIR=`mktemp -d` - - cd "$DIR" - - {{ if .Values.enabled }} - echo "Chart enabled, creating secret and webhook" - - openssl genrsa -out ca.key 2048 - - openssl req -x509 -new -nodes -key ca.key -subj "/CN={{ include "http-header-injector.webhook-service.fqname" . }}" -days 10000 -out ca.crt - - openssl genrsa -out tls.key 2048 - - openssl req -new -key tls.key -out tls.csr -config "$SCRIPTDIR/csr.conf" - - openssl x509 -req -in tls.csr -CA ca.crt -CAkey ca.key \ - -CAcreateserial -out tls.crt -days 10000 \ - -extensions v3_ext -extfile "$SCRIPTDIR/csr.conf" -sha256 - - # Create or update the secret - echo "Applying secret" - kubectl create secret tls "{{ include "http-header-injector.cert-secret.name" . }}" \ - -n "{{ .Release.Namespace }}" \ - --cert=./tls.crt \ - --key=./tls.key \ - --dry-run=client \ - -o yaml | kubectl apply -f - - - echo "Applying mutationwebhook" - caBundle=`base64 -w 0 ca.crt` - cat "$SCRIPTDIR/mutatingwebhookconfiguration.yaml" | sed "s/\\\$CA_BUNDLE/$caBundle/g" | kubectl apply -f - - {{ else }} - echo "Chart disabled, not creating secret and webhook" - {{ end }} - delete-cert.sh: | - #!/bin/bash - - set -x - - DIR="${BASH_SOURCE%/*}" - if [[ ! -d "$DIR" ]]; then DIR="$PWD"; fi - if [[ "$DIR" = "." ]]; then DIR="$PWD"; fi - - cd "$DIR" - - # Using detection of deployment hee to also make this work in post-delete. - if kubectl get deployments "{{ include "http-header-injector.app.name" . }}" -n "{{ .Release.Namespace }}"; then - echo "Chart enabled, not removing secret and mutationwebhook" - exit 0 - else - echo "Chart disabled, removing secret and mutationwebhook" - fi - - # Create or update the secret - echo "Deleting secret" - kubectl delete secret "{{ include "http-header-injector.cert-secret.name" . }}" -n "{{ .Release.Namespace }}" - - echo "Applying mutationwebhook" - kubectl delete MutatingWebhookConfiguration "{{ include "http-header-injector.mutating-webhook.name" . }}" -n "{{ .Release.Namespace }}" - - exit 0 - - csr.conf: | - [ req ] - default_bits = 2048 - prompt = no - default_md = sha256 - req_extensions = req_ext - distinguished_name = dn - - [ dn ] - C = NL - ST = Utrecht - L = Hilversum - O = StackState - OU = Dev - CN = {{ include "http-header-injector.webhook-service.fqname" . }} - - [ req_ext ] - subjectAltName = @alt_names - - [ alt_names ] - DNS.1 = {{ include "http-header-injector.webhook-service.fqname" . }} - - [ v3_ext ] - authorityKeyIdentifier=keyid,issuer:always - basicConstraints=CA:FALSE - keyUsage=keyEncipherment,dataEncipherment - extendedKeyUsage=serverAuth - subjectAltName=@alt_names - - mutatingwebhookconfiguration.yaml: | - apiVersion: admissionregistration.k8s.io/v1 - kind: MutatingWebhookConfiguration - metadata: - name: "{{ include "http-header-injector.mutating-webhook.name" . }}" - namespace: "{{ .Release.Namespace }}" - labels: -{{ include "http-header-injector.global.extraLabels" . | indent 8 }} - annotations: -{{ include "http-header-injector.global.extraAnnotations" . | indent 8 }} - webhooks: - - clientConfig: - caBundle: "$CA_BUNDLE" - service: - name: "{{ include "http-header-injector.webhook-service.name" . }}" - path: /mutate - namespace: {{ .Release.Namespace }} - port: 8443 - # Putting failure on ignore, not doing so can crash the entire control plane if something goes wrong with the service. - failurePolicy: "{{ .Values.webhook.failurePolicy }}" - name: "{{ include "http-header-injector.mutatingwebhookconfiguration.name" . }}" - namespaceSelector: - matchExpressions: - - key: kubernetes.io/metadata.name - operator: NotIn - values: - - kube-system - - cert-manager - - {{ .Release.Namespace }} - rules: - - apiGroups: - - "" - apiVersions: - - v1 - operations: - - CREATE - resources: - - pods - sideEffects: None - admissionReviewVersions: - - v1 -{{- end }} diff --git a/charts/stackstate/stackstate-k8s-agent/1.0.98/charts/http-header-injector/templates/cert-hook-job-delete.yaml b/charts/stackstate/stackstate-k8s-agent/1.0.98/charts/http-header-injector/templates/cert-hook-job-delete.yaml deleted file mode 100644 index 6f72ce247..000000000 --- a/charts/stackstate/stackstate-k8s-agent/1.0.98/charts/http-header-injector/templates/cert-hook-job-delete.yaml +++ /dev/null @@ -1,39 +0,0 @@ -{{- if eq .Values.webhook.tls.mode "generated" }} -apiVersion: batch/v1 -kind: Job -metadata: - name: {{ .Release.Name }}-header-injector-cert-delete - labels: - app.kubernetes.io/component: http-header-injector-cert-hook-delete - app.kubernetes.io/instance: {{ .Release.Name }} - app.kubernetes.io/name: {{ include "http-header-injector.app.name" . }} -{{ include "http-header-injector.global.extraLabels" . | indent 4 }} - annotations: - "helm.sh/hook": post-delete,post-upgrade - "helm.sh/hook-weight": "-2" - "helm.sh/hook-delete-policy": before-hook-creation{{- if not .Values.debug -}},hook-succeeded{{- end }} -{{ include "http-header-injector.global.extraAnnotations" . | indent 4 }} -spec: - template: - metadata: - labels: - app.kubernetes.io/component: http-header-injector-delete - app.kubernetes.io/instance: {{ .Release.Name }} - app.kubernetes.io/name: {{ include "http-header-injector.app.name" . }} -{{ include "http-header-injector.global.extraLabels" . | indent 8 }} - annotations: - checksum/config: {{ include (print $.Template.BasePath "/cert-hook-config.yaml") . | sha256sum }} -{{ include "http-header-injector.global.extraAnnotations" . | indent 8 }} - spec: - serviceAccountName: "{{ include "http-header-injector.cert-serviceaccount.name" . }}" - {{- include "http-header-injector.image.pullSecrets" . | nindent 6 }} - volumes: - - name: "{{ include "http-header-injector.cert-config.name" . }}" - configMap: - name: "{{ include "http-header-injector.cert-config.name" . }}" - defaultMode: 0777 - containers: - - {{ include "http-header-injector.cert-delete.container.main" . | nindent 8 }} - restartPolicy: Never - backoffLimit: 0 -{{- end }} diff --git a/charts/stackstate/stackstate-k8s-agent/1.0.98/charts/http-header-injector/templates/cert-hook-job-setup.yaml b/charts/stackstate/stackstate-k8s-agent/1.0.98/charts/http-header-injector/templates/cert-hook-job-setup.yaml deleted file mode 100644 index cc1c89631..000000000 --- a/charts/stackstate/stackstate-k8s-agent/1.0.98/charts/http-header-injector/templates/cert-hook-job-setup.yaml +++ /dev/null @@ -1,39 +0,0 @@ -{{- if eq .Values.webhook.tls.mode "generated" }} -apiVersion: batch/v1 -kind: Job -metadata: - name: {{ .Release.Name }}-header-injector-cert-setup - labels: - app.kubernetes.io/component: http-header-injector-cert-hook-setup - app.kubernetes.io/instance: {{ .Release.Name }} - app.kubernetes.io/name: {{ include "http-header-injector.app.name" . }} -{{ include "http-header-injector.global.extraLabels" . | indent 4 }} - annotations: - "helm.sh/hook": pre-install,pre-upgrade - "helm.sh/hook-weight": "-2" - "helm.sh/hook-delete-policy": before-hook-creation{{- if not .Values.debug -}},hook-succeeded{{- end }} -{{ include "http-header-injector.global.extraAnnotations" . | indent 4 }} -spec: - template: - metadata: - labels: - app.kubernetes.io/component: http-header-injector-setup - app.kubernetes.io/instance: {{ .Release.Name }} - app.kubernetes.io/name: {{ include "http-header-injector.app.name" . }} -{{ include "http-header-injector.global.extraLabels" . | indent 8 }} - annotations: - checksum/config: {{ include (print $.Template.BasePath "/cert-hook-config.yaml") . | sha256sum }} -{{ include "http-header-injector.global.extraAnnotations" . | indent 8 }} - spec: - serviceAccountName: "{{ include "http-header-injector.cert-serviceaccount.name" . }}" - {{- include "http-header-injector.image.pullSecrets" . | nindent 6 }} - volumes: - - name: "{{ include "http-header-injector.cert-config.name" . }}" - configMap: - name: "{{ include "http-header-injector.cert-config.name" . }}" - defaultMode: 0777 - containers: - - {{ include "http-header-injector.cert-setup.container.main" . | nindent 8 }} - restartPolicy: Never - backoffLimit: 0 -{{- end }} diff --git a/charts/stackstate/stackstate-k8s-agent/1.0.98/charts/http-header-injector/templates/cert-hook-serviceaccount.yaml b/charts/stackstate/stackstate-k8s-agent/1.0.98/charts/http-header-injector/templates/cert-hook-serviceaccount.yaml deleted file mode 100644 index 29b26df95..000000000 --- a/charts/stackstate/stackstate-k8s-agent/1.0.98/charts/http-header-injector/templates/cert-hook-serviceaccount.yaml +++ /dev/null @@ -1,18 +0,0 @@ -{{- if eq .Values.webhook.tls.mode "generated" }} -apiVersion: v1 -kind: ServiceAccount -metadata: - name: "{{ include "http-header-injector.cert-serviceaccount.name" . }}" - namespace: {{ .Release.Namespace }} - annotations: - "helm.sh/hook": pre-install,pre-upgrade,post-delete,post-upgrade - "helm.sh/hook-weight": "-4" - "helm.sh/hook-delete-policy": before-hook-creation,hook-succeeded -{{ include "http-header-injector.global.extraAnnotations" . | indent 4 }} - labels: - app.kubernetes.io/component: http-header-injector-cert-hook - app.kubernetes.io/instance: {{ .Release.Name }} - app.kubernetes.io/name: {{ include "http-header-injector.app.name" . }} - app: "{{ include "http-header-injector.app.name" . }}" -{{ include "http-header-injector.global.extraLabels" . | indent 4 }} -{{- end }} diff --git a/charts/stackstate/stackstate-k8s-agent/1.0.98/charts/http-header-injector/templates/pull-secret.yaml b/charts/stackstate/stackstate-k8s-agent/1.0.98/charts/http-header-injector/templates/pull-secret.yaml deleted file mode 100644 index 80b4ee404..000000000 --- a/charts/stackstate/stackstate-k8s-agent/1.0.98/charts/http-header-injector/templates/pull-secret.yaml +++ /dev/null @@ -1,32 +0,0 @@ -{{- $defaultRegistry := .Values.global.imageRegistry }} -{{- $top := . }} -{{- $registryAuthMap := dict }} - -{{- range $registry, $credentials := .Values.global.imagePullCredentials }} - {{- $registryAuthDocument := dict -}} - {{- $_ := set $registryAuthDocument "username" $credentials.username }} - {{- $_ := set $registryAuthDocument "password" $credentials.password }} - {{- $authMessage := printf "%s:%s" $registryAuthDocument.username $registryAuthDocument.password | b64enc }} - {{- $_ := set $registryAuthDocument "auth" $authMessage }} - {{- if eq $registry "default" }} - {{- $registryAuthMap := set $registryAuthMap (include "http-header-injector.image.registry.global" $top) $registryAuthDocument }} - {{ else }} - {{- $registryAuthMap := set $registryAuthMap $registry $registryAuthDocument }} - {{- end }} -{{- end }} -{{- $dockerAuthsDocuments := dict "auths" $registryAuthMap }} - -apiVersion: v1 -kind: Secret -metadata: - labels: - app.kubernetes.io/component: http-header-injector - app.kubernetes.io/instance: {{ .Release.Name }} - app.kubernetes.io/name: {{ include "http-header-injector.app.name" . }} -{{ include "http-header-injector.global.extraLabels" . | indent 4 }} - annotations: -{{ include "http-header-injector.global.extraAnnotations" . | indent 4 }} - name: {{ include "http-header-injector.pull-secret.name" . }} -data: - .dockerconfigjson: {{ $dockerAuthsDocuments | toJson | b64enc | quote }} -type: kubernetes.io/dockerconfigjson \ No newline at end of file diff --git a/charts/stackstate/stackstate-k8s-agent/1.0.98/charts/http-header-injector/templates/webhook-cert-secret.yaml b/charts/stackstate/stackstate-k8s-agent/1.0.98/charts/http-header-injector/templates/webhook-cert-secret.yaml deleted file mode 100644 index f571ca86b..000000000 --- a/charts/stackstate/stackstate-k8s-agent/1.0.98/charts/http-header-injector/templates/webhook-cert-secret.yaml +++ /dev/null @@ -1,18 +0,0 @@ -{{- if eq .Values.webhook.tls.mode "provided" }} -apiVersion: v1 -kind: Secret -metadata: - name: {{ include "http-header-injector.cert-secret.name" . }} - namespace: {{ .Release.Namespace }} - labels: - app.kubernetes.io/component: http-header-injector - app.kubernetes.io/instance: {{ .Release.Name }} - app.kubernetes.io/name: {{ include "http-header-injector.app.name" . }} -{{ include "http-header-injector.global.extraLabels" . | indent 4 }} - annotations: -{{ include "http-header-injector.global.extraAnnotations" . | indent 4 }} -type: kubernetes.io/tls -data: - tls.crt: {{ .Values.webhook.tls.provided.crt | b64enc }} - tls.key: {{ .Values.webhook.tls.provided.key | b64enc }} -{{- end }} diff --git a/charts/stackstate/stackstate-k8s-agent/1.0.98/charts/http-header-injector/templates/webhook-certificate.yaml b/charts/stackstate/stackstate-k8s-agent/1.0.98/charts/http-header-injector/templates/webhook-certificate.yaml deleted file mode 100644 index a68c7c5f6..000000000 --- a/charts/stackstate/stackstate-k8s-agent/1.0.98/charts/http-header-injector/templates/webhook-certificate.yaml +++ /dev/null @@ -1,23 +0,0 @@ -{{- if eq .Values.webhook.tls.mode "cert-manager" }} -apiVersion: cert-manager.io/v1 -kind: Certificate -metadata: - name: {{ include "http-header-injector.webhook-service.name" . }} - namespace: {{ include "cert-manager.certificate.namespace" . }} - labels: - app.kubernetes.io/component: http-header-injector - app.kubernetes.io/instance: {{ .Release.Name }} - app.kubernetes.io/name: {{ include "http-header-injector.app.name" . }} -{{ include "http-header-injector.global.extraLabels" . | indent 4 }} - annotations: -{{ include "http-header-injector.global.extraAnnotations" . | indent 4 }} -spec: - secretName: {{ include "http-header-injector.cert-secret.name" . }} - issuerRef: - name: {{ .Values.webhook.tls.certManager.issuer }} - kind: {{ .Values.webhook.tls.certManager.issuerKind }} - dnsNames: - - "{{ include "http-header-injector.webhook-service.name" . }}" - - "{{ include "http-header-injector.webhook-service.name" . }}.{{ .Release.Namespace }}" - - "{{ include "http-header-injector.webhook-service.name" . }}.{{ .Release.Namespace }}.svc" -{{- end }} diff --git a/charts/stackstate/stackstate-k8s-agent/1.0.98/charts/http-header-injector/templates/webhook-config.yaml b/charts/stackstate/stackstate-k8s-agent/1.0.98/charts/http-header-injector/templates/webhook-config.yaml deleted file mode 100644 index 20b38ce96..000000000 --- a/charts/stackstate/stackstate-k8s-agent/1.0.98/charts/http-header-injector/templates/webhook-config.yaml +++ /dev/null @@ -1,128 +0,0 @@ -{{- if .Values.enabled -}} -{{- $proxyContainerConfig := dict "ContainerConfig" .Values.proxy -}} -{{- $proxyInitContainerConfig := dict "ContainerConfig" .Values.proxyInit -}} -apiVersion: v1 -kind: ConfigMap -metadata: - labels: - app.kubernetes.io/component: http-header-injector - app.kubernetes.io/instance: {{ .Release.Name }} - app.kubernetes.io/name: {{ include "http-header-injector.app.name" . }} -{{ include "http-header-injector.global.extraLabels" . | indent 4 }} - annotations: -{{ include "http-header-injector.global.extraAnnotations" . | indent 4 }} - name: {{ .Release.Name }}-http-header-injector-config -data: - sidecarconfig.yaml: | - initContainers: - - name: http-header-proxy-init - image: "{{ include "http-header-injector.image.registry" (merge $proxyInitContainerConfig .) }}/{{ .Values.proxyInit.image.repository }}:{{ .Values.proxyInit.image.tag }}" - imagePullPolicy: {{ .Values.proxyInit.image.pullPolicy }} - command: ["/init-iptables.sh"] - env: - - name: CHART_VERSION - value: "{{ .Chart.Version }}" - - name: PROXY_PORT - value: {% if index .Annotations "config.http-header-injector.stackstate.io/proxy-port" %}"{% index .Annotations "config.http-header-injector.stackstate.io/proxy-port" %}"{% else %}"7060"{% end %} - - name: PROXY_UID - value: {% if index .Annotations "config.http-header-injector.stackstate.io/proxy-uid" %}"{% index .Annotations "config.http-header-injector.stackstate.io/proxy-uid" %}"{% else %}"2103"{% end %} - - name: POD_HOST_NETWORK - value: {% .Spec.HostNetwork %} - {% if eq (index .Annotations "linkerd.io/inject") "enabled" %} - - name: LINKERD - value: true - # Reference: https://linkerd.io/2.13/reference/proxy-configuration/ - - name: LINKERD_PROXY_UID - value: {% if index .Annotations "config.linkerd.io/proxy-uid" %}"{% index .Annotations "config.linkerd.io/proxy-uid" %}"{% else %}"2102"{% end %} - # Due to https://github.com/linkerd/linkerd2/issues/10981 this is now not realy possible, still bringing in the code for future reference - - name: LINKERD_ADMIN_PORT - value: {% if index .Annotations "config.linkerd.io/admin-port" %}"{% index .Annotations "config.linkerd.io/admin-port" %}"{% else %}"4191"{% end %} - {% end %} - securityContext: - allowPrivilegeEscalation: false - capabilities: - add: - - NET_ADMIN - - NET_RAW - privileged: false - readOnlyRootFilesystem: true - runAsNonRoot: false - runAsUser: 0 - seccompProfile: - type: RuntimeDefault - volumeMounts: - # This is required for iptables to be able to run - - mountPath: /run - name: http-header-proxy-init-xtables-lock - - containers: - - name: http-header-proxy - image: "{{ include "http-header-injector.image.registry" (merge $proxyContainerConfig .) }}/{{ .Values.proxy.image.repository }}:{{ .Values.proxy.image.tag }}" - imagePullPolicy: {{ .Values.proxy.image.pullPolicy }} - env: - - name: CHART_VERSION - value: "{{ .Chart.Version }}" - - name: PORT - value: {% if index .Annotations "config.http-header-injector.stackstate.io/proxy-port" %}"{% index .Annotations "config.http-header-injector.stackstate.io/proxy-port" %}"{% else %}"7060"{% end %} - - name: DEBUG - value: {% if index .Annotations "config.http-header-injector.stackstate.io/debug" %}"{% index .Annotations "config.http-header-injector.stackstate.io/debug" %}"{% else %}"disabled"{% end %} - securityContext: - runAsUser: {% if index .Annotations "config.http-header-injector.stackstate.io/proxy-uid" %}{% index .Annotations "config.http-header-injector.stackstate.io/proxy-uid" %}{% else %}2103{% end %} - seccompProfile: - type: RuntimeDefault - {{- with .Values.proxy.resources }} - resources: - {{- toYaml . | nindent 12 }} - {{- end }} - - name: http-header-inject-debug - image: "{{ include "http-header-injector.image.registry" (merge $proxyContainerConfig .) }}/{{ .Values.proxyInit.image.repository }}:{{ .Values.proxyInit.image.tag }}" - imagePullPolicy: {{ .Values.proxyInit.image.pullPolicy }} - command: ["/bin/sh", "-c", "while echo \"Running\"; do sleep 1; done"] - securityContext: - allowPrivilegeEscalation: false - capabilities: - add: - - NET_ADMIN - - NET_RAW - privileged: false - readOnlyRootFilesystem: true - runAsNonRoot: false - runAsUser: 0 - seccompProfile: - type: RuntimeDefault - volumeMounts: - # This is required for iptables to be able to run - - mountPath: /run - name: http-header-proxy-init-xtables-lock - - volumes: - - emptyDir: {} - name: http-header-proxy-init-xtables-lock - - mutationconfig.yaml: | - mutationConfigs: - - name: "http-header-injector" - annotationNamespace: "http-header-injector.stackstate.io" - annotationTrigger: "inject" - annotationConfig: - volumeMounts: [] - initContainersBeforePodInitContainers: [ "http-header-proxy-init" ] - initContainers: [ "http-header-proxy-init" ] - containers: [ "http-header-proxy" ] - volumes: [ "http-header-proxy-init-xtables-lock" ] - volumeMounts: [ ] - # Namespaces are ignored by the mutatingwebhook - ignoreNamespaces: [ ] - - name: "http-header-injector-debug" - annotationNamespace: "http-header-injector-debug.stackstate.io" - annotationTrigger: "inject" - annotationConfig: - volumeMounts: [] - initContainersBeforePodInitContainers: [ ] - initContainers: [ ] - containers: [ "http-header-inject-debug" ] - volumes: [ "http-header-proxy-init-xtables-lock" ] - volumeMounts: [ ] - # Namespaces are ignored by the mutatingwebhook - ignoreNamespaces: [ ] - {{- end -}} \ No newline at end of file diff --git a/charts/stackstate/stackstate-k8s-agent/1.0.98/charts/http-header-injector/templates/webhook-deployment.yaml b/charts/stackstate/stackstate-k8s-agent/1.0.98/charts/http-header-injector/templates/webhook-deployment.yaml deleted file mode 100644 index 8af6ff51a..000000000 --- a/charts/stackstate/stackstate-k8s-agent/1.0.98/charts/http-header-injector/templates/webhook-deployment.yaml +++ /dev/null @@ -1,61 +0,0 @@ -{{- if .Values.enabled -}} -{{- $containerConfig := dict "ContainerConfig" .Values.sidecarInjector -}} -apiVersion: apps/v1 -kind: Deployment -metadata: - labels: - app.kubernetes.io/component: http-header-injector - app.kubernetes.io/instance: {{ .Release.Name }} - app.kubernetes.io/name: {{ include "http-header-injector.app.name" . }} - app: "{{ include "http-header-injector.app.name" . }}" -{{ include "http-header-injector.global.extraLabels" . | indent 4 }} - annotations: -{{ include "http-header-injector.global.extraAnnotations" . | indent 4 }} - name: "{{ include "http-header-injector.app.name" . }}" -spec: - replicas: 1 - selector: - matchLabels: - app: "{{ include "http-header-injector.app.name" . }}" - template: - metadata: - labels: - app.kubernetes.io/component: http-header-injector - app.kubernetes.io/instance: {{ .Release.Name }} - app.kubernetes.io/name: {{ include "http-header-injector.app.name" . }} - app: "{{ include "http-header-injector.app.name" . }}" -{{ include "http-header-injector.global.extraLabels" . | indent 8 }} - annotations: - checksum/config: {{ include (print $.Template.BasePath "/webhook-config.yaml") . | sha256sum }} - # This is here to make sure the generic injector gets restarted and picks up a new secret that may have been generated upon upgrade. - revision: "{{ .Release.Revision }}" -{{ include "http-header-injector.global.extraAnnotations" . | indent 8 }} - name: "{{ include "http-header-injector.app.name" . }}" - spec: - {{- include "http-header-injector.image.pullSecrets" . | nindent 6 }} - volumes: - - name: "{{ include "http-header-injector.webhook-config.name" . }}" - configMap: - name: "{{ include "http-header-injector.webhook-config.name" . }}" - - name: "{{ include "http-header-injector.cert-secret.name" . }}" - secret: - secretName: "{{ include "http-header-injector.cert-secret.name" . }}" - containers: - - image: "{{ include "http-header-injector.image.registry" (merge $containerConfig .) }}/{{ .Values.sidecarInjector.image.repository }}:{{ .Values.sidecarInjector.image.tag }}" - imagePullPolicy: {{ .Values.sidecarInjector.image.pullPolicy }} - name: http-header-injector - volumeMounts: - - name: "{{ include "http-header-injector.webhook-config.name" . }}" - mountPath: /etc/webhook/config - readOnly: true - - name: "{{ include "http-header-injector.cert-secret.name" . }}" - mountPath: /etc/webhook/certs - readOnly: true - command: [ "/sidecarinjector" ] - args: - - --port=8443 - - --sidecar-config-file=/etc/webhook/config/sidecarconfig.yaml - - --mutation-config-file=/etc/webhook/config/mutationconfig.yaml - - --cert-file-path=/etc/webhook/certs/tls.crt - - --key-file-path=/etc/webhook/certs/tls.key -{{- end -}} \ No newline at end of file diff --git a/charts/stackstate/stackstate-k8s-agent/1.0.98/charts/http-header-injector/templates/webhook-mutatingwebhookconfiguration.yaml b/charts/stackstate/stackstate-k8s-agent/1.0.98/charts/http-header-injector/templates/webhook-mutatingwebhookconfiguration.yaml deleted file mode 100644 index de0acc1df..000000000 --- a/charts/stackstate/stackstate-k8s-agent/1.0.98/charts/http-header-injector/templates/webhook-mutatingwebhookconfiguration.yaml +++ /dev/null @@ -1,54 +0,0 @@ -{{- if not (eq .Values.webhook.tls.mode "generated") }} -apiVersion: admissionregistration.k8s.io/v1 -kind: MutatingWebhookConfiguration -metadata: - name: "{{ include "http-header-injector.mutating-webhook.name" . }}" - namespace: "{{ .Release.Namespace }}" - labels: - app.kubernetes.io/component: http-header-injector - app.kubernetes.io/instance: {{ .Release.Name }} - app.kubernetes.io/name: {{ include "http-header-injector.app.name" . }} -{{ include "http-header-injector.global.extraLabels" . | indent 4 }} - annotations: - {{- if eq .Values.webhook.tls.mode "cert-manager" }} - cert-manager.io/inject-ca-from: {{ include "cert-manager.certificate.namespace" . }}/{{ include "http-header-injector.webhook-service.name" . }} - {{- else if eq .Values.webhook.tls.mode "secret" }} - cert-manager.io/inject-ca-from-secret: {{ .Release.Namespace }}/{{ .Values.webhook.tls.secret.name | required "'webhook.tls.secret.name' is required when webhook.tls.mode is 'secret'" }} - {{- end }} -{{ include "http-header-injector.global.extraAnnotations" . | indent 4 }} -webhooks: - - clientConfig: - {{- if eq .Values.webhook.tls.mode "provided" }} - caBundle: "{{ .Values.webhook.tls.provided.caBundle | b64enc }}" - {{- else if or (eq .Values.webhook.tls.mode "cert-manager") (eq .Values.webhook.tls.mode "secret") }} - caBundle: "" - {{- end }} - service: - name: "{{ include "http-header-injector.webhook-service.name" . }}" - path: /mutate - namespace: {{ .Release.Namespace }} - port: 8443 - # Putting failure on ignore, not doing so can crash the entire control plane if something goes wrong with the service. - failurePolicy: "{{ .Values.webhook.failurePolicy }}" - name: "{{ include "http-header-injector.mutatingwebhookconfiguration.name" . }}" - namespaceSelector: - matchExpressions: - - key: kubernetes.io/metadata.name - operator: NotIn - values: - - kube-system - - cert-manager - - {{ .Release.Namespace }} - rules: - - apiGroups: - - "" - apiVersions: - - v1 - operations: - - CREATE - resources: - - pods - sideEffects: None - admissionReviewVersions: - - v1 -{{- end }} diff --git a/charts/stackstate/stackstate-k8s-agent/1.0.98/charts/http-header-injector/templates/webhook-service.yaml b/charts/stackstate/stackstate-k8s-agent/1.0.98/charts/http-header-injector/templates/webhook-service.yaml deleted file mode 100644 index 55abdb022..000000000 --- a/charts/stackstate/stackstate-k8s-agent/1.0.98/charts/http-header-injector/templates/webhook-service.yaml +++ /dev/null @@ -1,20 +0,0 @@ -{{- if .Values.enabled -}} -apiVersion: v1 -kind: Service -metadata: - labels: - app.kubernetes.io/component: http-header-injector - app.kubernetes.io/instance: {{ .Release.Name }} - app.kubernetes.io/name: {{ include "http-header-injector.app.name" . }} -{{ include "http-header-injector.global.extraLabels" . | indent 4 }} - annotations: -{{ include "http-header-injector.global.extraAnnotations" . | indent 4 }} - name: "{{ include "http-header-injector.webhook-service.name" . }}" -spec: - ports: - - port: 8443 - protocol: TCP - targetPort: 8443 - selector: - app: "{{ include "http-header-injector.app.name" . }}" -{{- end -}} diff --git a/charts/stackstate/stackstate-k8s-agent/1.0.98/charts/http-header-injector/values.yaml b/charts/stackstate/stackstate-k8s-agent/1.0.98/charts/http-header-injector/values.yaml deleted file mode 100644 index a1b4be2fc..000000000 --- a/charts/stackstate/stackstate-k8s-agent/1.0.98/charts/http-header-injector/values.yaml +++ /dev/null @@ -1,110 +0,0 @@ -# enabled -- Enable/disable the mutationwebhook -enabled: true - -# debug -- Enable debugging. This will leave leave artifacts around like the prehook jobs for further inspection -debug: false - -global: - # global.imageRegistry -- Globally override the image registry that is used. Can be overridden by specific containers. Defaults to quay.io - imageRegistry: null - # global.imagePullSecrets -- Globally add image pull secrets that are used. - imagePullSecrets: [] - # global.imagePullCredentials -- Globally define credentials for pulling images. - imagePullCredentials: {} - - # global.extraLabels -- Extra labels added ta all resources created by the helm chart - extraLabels: {} - # global.extraAnnotations -- Extra annotations added ta all resources created by the helm chart - extraAnnotations: {} - -images: - pullSecretName: - -# proxy -- Proxy being injected into pods for rewriting http headers -proxy: - image: - # proxy.image.registry -- Registry for the docker image. - registry: - # proxy.image.repository - Repository for the docker image - repository: "stackstate/http-header-injector-proxy" - # proxy.image.pullPolicy -- Policy when pulling an image - pullPolicy: IfNotPresent - # proxy.image.tag -- The tag for the docker image - tag: sha-5ff79451 - - # proxy.resource -- Resources for the proxy container - resources: - requests: - # proxy.resources.requests.memory -- Memory resource requests. - memory: "25Mi" - limits: - # proxy.resources.limits.memory -- Memory resource limits. - memory: "40Mi" - -# proxyInit -- InitContainer within pod which redirects traffic to the proxy container. -proxyInit: - image: - # proxyInit.image.registry -- Registry for the docker image - registry: - # proxyInit.image.repository - Repository for the docker image - repository: "stackstate/http-header-injector-proxy-init" - # proxyInit.image.pullPolicy -- Policy when pulling an image - pullPolicy: IfNotPresent - # proxyInit.image.tag -- The tag for the docker image - tag: sha-5ff79451 - -# sidecarInjector -- Service for injecting the proxy sidecar into pods -sidecarInjector: - image: - # sidecarInjector.image.registry -- Registry for the docker image. - registry: - # sidecarInjector.image.repository - Repository for the docker image - repository: "stackstate/generic-sidecar-injector" - # sidecarInjector.image.pullPolicy -- Policy when pulling an image - pullPolicy: IfNotPresent - # sidecarInjector.image.tag -- The tag for the docker image - tag: sha-9c852245 - -# certificatePrehook -- Helm prehook to setup/remove a certificate for the sidecarInjector mutationwebhook -certificatePrehook: - image: - # certificatePrehook.image.registry -- Registry for the docker image. - registry: - # certificatePrehook.image.repository - Repository for the docker image. - repository: stackstate/container-tools - # certificatePrehook.image.pullPolicy -- Policy when pulling an image - pullPolicy: IfNotPresent - # certificatePrehook.image.tag -- The tag for the docker image - tag: 1.4.0 - resources: - limits: - cpu: "100m" - memory: "200Mi" - requests: - cpu: "100m" - memory: "200Mi" - -# webhook -- MutationWebhook that will be installed to inject a sidecar into pods -webhook: - # webhook.failurePolicy -- How should the webhook fail? Best is to use Ignore, because there is a brief moment at initialization when the hook s there but the service not. Also, putting this to fail can cause the control plane be unresponsive. - failurePolicy: Ignore - tls: - # webhook.tls.mode -- The mode for the webhook. Can be "provided", "generated", "secret" or "cert-manager". If you want to use cert-manager, you need to install it first. NOTE: If you choose "generated", additional privileges are required to create the certificate and webhook at runtime. - mode: "generated" - provided: - # webhook.tls.provided.caBundle -- The caBundle that is used for the webhook. This is the certificate that is used to sign the webhook. Only used if you set webhook.tls.mode to "provided". - caBundle: "" - # webhook.tls.provided.crt -- The certificate that is used for the webhook. Only used if you set webhook.tls.mode to "provided". - crt: "" - # webhook.tls.provided.key -- The key that is used for the webhook. Only used if you set webhook.tls.mode to "provided". - key: "" - certManager: - # webhook.tls.certManager.issuer -- The issuer that is used for the webhook. Only used if you set webhook.tls.mode to "cert-manager". - issuer: "" - # webhook.tls.certManager.issuerKind -- The issuer kind that is used for the webhook, valid values are "Issuer" or "ClusterIssuer". Only used if you set webhook.tls.mode to "cert-manager". - issuerKind: "ClusterIssuer" - # webhook.tls.certManager.issuerNamespace -- The namespace the cert-manager issuer is located in. If left empty defaults to the release's namespace that is used for the webhook. Only used if you set webhook.tls.mode to "cert-manager". - issuerNamespace: "" - secret: - # webhook.tls.secret.name -- The name of the secret containing the pre-provisioned certificate data that is used for the webhook. Only used if you set webhook.tls.mode to "secret". - name: "" diff --git a/charts/stackstate/stackstate-k8s-agent/1.0.98/questions.yml b/charts/stackstate/stackstate-k8s-agent/1.0.98/questions.yml deleted file mode 100644 index 5d6e6a011..000000000 --- a/charts/stackstate/stackstate-k8s-agent/1.0.98/questions.yml +++ /dev/null @@ -1,184 +0,0 @@ -questions: - - variable: stackstate.apiKey - label: "StackState API Key" - type: string - description: "The API key for StackState." - required: true - group: General - - variable: stackstate.url - label: "StackState URL" - type: string - description: "The URL where StackState is running." - required: true - group: General - - variable: stackstate.cluster.name - label: "StackState Cluster Name" - type: string - description: "The StackState Cluster Name given when installing the instance of the Kubernetes StackPack in StackState. This is used to identify the cluster in StackState." - required: true - group: General - - variable: all.registry.override - label: "Override Default Image Registry" - type: boolean - description: "Whether or not to override the default image registry." - default: false - group: "General" - show_subquestions_if: true - subquestions: - - variable: all.image.registry - label: "Docker Image Registry" - type: string - description: "The registry to pull the StackState Agent images from." - default: "quay.io" - - variable: global.imagePullCredentials.username - label: "Docker Image Pull Username" - type: string - description: "The username to use when pulling the StackState Agent images." - - variable: global.imagePullCredentials.password - label: "Docker Image Pull Password" - type: secret - description: "The password to use when pulling the StackState Agent images." - - variable: nodeAgent.containers.agent.resources.override - label: "Override Node Agent Resource Allocation" - type: boolean - description: "Whether or not to override the default resources." - default: "false" - group: "Node Agent" - show_subquestions_if: true - subquestions: - - variable: nodeAgent.containers.agent.resources.requests.cpu - label: "CPU Requests" - type: string - description: "The requested CPU for the Node Agent." - default: "20m" - - variable: nodeAgent.containers.agent.resources.requests.memory - label: "Memory Requests" - type: string - description: "The requested memory for the Node Agent." - default: "180Mi" - - variable: nodeAgent.containers.agent.resources.limits.cpu - label: "CPU Limit" - type: string - description: "The CPU limit for the Node Agent." - default: "270m" - - variable: nodeAgent.containers.agent.resources.limits.memory - label: "Memory Limit" - type: string - description: "The memory limit for the Node Agent." - default: "420Mi" - - variable: nodeAgent.containers.processAgent.enabled - label: "Enable Process Agent" - type: boolean - description: "Whether or not to enable the Process Agent." - default: "true" - group: "Process Agent" - - variable: nodeAgent.skipKubeletTLSVerify - label: "Skip Kubelet TLS Verify" - type: boolean - description: "Whether or not to skip TLS verification when connecting to the kubelet API." - default: "true" - group: "Process Agent" - - variable: nodeAgent.containers.processAgent.resources.override - label: "Override Process Agent Resource Allocation" - type: boolean - description: "Whether or not to override the default resources." - default: "false" - group: "Process Agent" - show_subquestions_if: true - subquestions: - - variable: nodeAgent.containers.processAgent.resources.requests.cpu - label: "CPU Requests" - type: string - description: "The requested CPU for the Process Agent." - default: "25m" - - variable: nodeAgent.containers.processAgent.resources.requests.memory - label: "Memory Requests" - type: string - description: "The requested memory for the Process Agent." - default: "128Mi" - - variable: nodeAgent.containers.processAgent.resources.limits.cpu - label: "CPU Limit" - type: string - description: "The CPU limit for the Process Agent." - default: "125m" - - variable: nodeAgent.containers.processAgent.resources.limits.memory - label: "Memory Limit" - type: string - description: "The memory limit for the Process Agent." - default: "400Mi" - - variable: clusterAgent.enabled - label: "Enable Cluster Agent" - type: boolean - description: "Whether or not to enable the Cluster Agent." - default: "true" - group: "Cluster Agent" - - variable: clusterAgent.collection.kubernetesResources.secrets - label: "Collect Secret Resources" - type: boolean - description: | - Whether or not to collect Kubernetes Secrets. - NOTE: StackState will not send the actual data of the secrets, only the metadata and a secure hash of the data. - default: "true" - group: "Cluster Agent" - - variable: clusterAgent.resources.override - label: "Override Cluster Agent Resource Allocation" - type: boolean - description: "Whether or not to override the default resources." - default: "false" - group: "Cluster Agent" - show_subquestions_if: true - subquestions: - - variable: clusterAgent.resources.requests.cpu - label: "CPU Requests" - type: string - description: "The requested CPU for the Cluster Agent." - default: "70m" - - variable: clusterAgent.resources.requests.memory - label: "Memory Requests" - type: string - description: "The requested memory for the Cluster Agent." - default: "512Mi" - - variable: clusterAgent.resources.limits.cpu - label: "CPU Limit" - type: string - description: "The CPU limit for the Cluster Agent." - default: "400m" - - variable: clusterAgent.resources.limits.memory - label: "Memory Limit" - type: string - description: "The memory limit for the Cluster Agent." - default: "800Mi" - - variable: logsAgent.enabled - label: "Enable Logs Agent" - type: boolean - description: "Whether or not to enable the Logs Agent." - default: "true" - group: "Logs Agent" - - variable: logsAgent.resources.override - label: "Override Logs Agent Resource Allocation" - type: boolean - description: "Whether or not to override the default resources." - default: "false" - group: "Logs Agent" - show_subquestions_if: true - subquestions: - - variable: logsAgent.resources.requests.cpu - label: "CPU Requests" - type: string - description: "The requested CPU for the Logs Agent." - default: "20m" - - variable: logsAgent.resources.requests.memory - label: "Memory Requests" - type: string - description: "The requested memory for the Logs Agent." - default: "100Mi" - - variable: logsAgent.resources.limits.cpu - label: "CPU Limit" - type: string - description: "The CPU limit for the Logs Agent." - default: "1300m" - - variable: logsAgent.resources.limits.memory - label: "Memory Limit" - type: string - description: "The memory limit for the Logs Agent." - default: "192Mi" diff --git a/charts/stackstate/stackstate-k8s-agent/1.0.98/templates/_cluster-agent-kube-state-metrics.yaml b/charts/stackstate/stackstate-k8s-agent/1.0.98/templates/_cluster-agent-kube-state-metrics.yaml deleted file mode 100644 index f99fbf618..000000000 --- a/charts/stackstate/stackstate-k8s-agent/1.0.98/templates/_cluster-agent-kube-state-metrics.yaml +++ /dev/null @@ -1,62 +0,0 @@ -{{- define "cluster-agent-kube-state-metrics" -}} -{{- $kubeRes := .Values.clusterAgent.collection.kubernetesResources }} -{{- if .Values.clusterAgent.collection.kubeStateMetrics.clusterCheck }} -cluster_check: true -{{- end }} -init_config: -instances: - - collectors: - - nodes - - pods - - services - {{- if $kubeRes.persistentvolumeclaims }} - - persistentvolumeclaims - {{- end }} - {{- if $kubeRes.persistentvolumes }} - - persistentvolumes - {{- end }} - {{- if $kubeRes.namespaces }} - - namespaces - {{- end }} - {{- if $kubeRes.endpoints }} - - endpoints - {{- end }} - {{- if $kubeRes.daemonsets }} - - daemonsets - {{- end }} - {{- if $kubeRes.deployments }} - - deployments - {{- end }} - {{- if $kubeRes.replicasets }} - - replicasets - {{- end }} - {{- if $kubeRes.statefulsets }} - - statefulsets - {{- end }} - {{- if $kubeRes.cronjobs }} - - cronjobs - {{- end }} - {{- if $kubeRes.jobs }} - - jobs - {{- end }} - {{- if $kubeRes.ingresses }} - - ingresses - {{- end }} - {{- if $kubeRes.secrets }} - - secrets - {{- end }} - - resourcequotas - - replicationcontrollers - - limitranges - - horizontalpodautoscalers - - poddisruptionbudgets - - storageclasses - - volumeattachments - {{- if .Values.clusterAgent.collection.kubeStateMetrics.clusterCheck }} - skip_leader_election: true - {{- end }} - labels_as_tags: - {{ .Values.clusterAgent.collection.kubeStateMetrics.labelsAsTags | toYaml | indent 8 }} - annotations_as_tags: - {{ .Values.clusterAgent.collection.kubeStateMetrics.annotationsAsTags | toYaml | indent 8 }} -{{- end -}} diff --git a/charts/stackstate/stackstate-k8s-agent/1.0.98/templates/_container-agent.yaml b/charts/stackstate/stackstate-k8s-agent/1.0.98/templates/_container-agent.yaml deleted file mode 100644 index 09f9591c6..000000000 --- a/charts/stackstate/stackstate-k8s-agent/1.0.98/templates/_container-agent.yaml +++ /dev/null @@ -1,191 +0,0 @@ -{{- define "container-agent" -}} -- name: node-agent -{{- if .Values.all.hardening.enabled}} - lifecycle: - preStop: - exec: - command: [ "/bin/sh", "-c", "echo 'Giving slim.ai monitor time to submit data...'; sleep 120" ] -{{- end }} - image: "{{ include "stackstate-k8s-agent.imageRegistry" . }}/{{ .Values.nodeAgent.containers.agent.image.repository }}:{{ .Values.nodeAgent.containers.agent.image.tag }}" - imagePullPolicy: "{{ .Values.nodeAgent.containers.agent.image.pullPolicy }}" - env: - {{ include "stackstate-k8s-agent.apiKeyEnv" . | nindent 4 }} - - name: STS_KUBERNETES_KUBELET_HOST - valueFrom: - fieldRef: - fieldPath: status.hostIP - - name: KUBERNETES_HOSTNAME - valueFrom: - fieldRef: - fieldPath: spec.nodeName - - name: STS_HOSTNAME - value: "$(KUBERNETES_HOSTNAME)-{{ .Values.stackstate.cluster.name}}" - - name: AGENT_VERSION - value: {{ .Values.nodeAgent.containers.agent.image.tag | quote }} - - name: HOST_PROC - value: "/host/proc" - - name: HOST_SYS - value: "/host/sys" - - name: KUBERNETES - value: "true" - - name: STS_APM_ENABLED - value: {{ .Values.nodeAgent.apm.enabled | quote }} - - name: STS_APM_URL - value: {{ include "stackstate-k8s-agent.stackstate.url" . }} - - name: STS_CLUSTER_AGENT_ENABLED - value: {{ .Values.clusterAgent.enabled | quote }} - {{- if .Values.clusterAgent.enabled }} - - name: STS_CLUSTER_AGENT_KUBERNETES_SERVICE_NAME - value: {{ .Release.Name }}-cluster-agent - {{ include "stackstate-k8s-agent.clusterAgentAuthTokenEnv" . | nindent 4 }} - {{- end }} - - name: STS_CLUSTER_NAME - value: {{ .Values.stackstate.cluster.name | quote }} - - name: STS_SKIP_VALIDATE_CLUSTERNAME - value: "true" - - name: STS_CHECKS_TAG_CARDINALITY - value: {{ .Values.nodeAgent.checksTagCardinality | quote }} - {{- if .Values.checksAgent.enabled }} - - name: STS_EXTRA_CONFIG_PROVIDERS - value: "endpointschecks" - {{- end }} - - name: STS_HEALTH_PORT - value: "5555" - - name: STS_LEADER_ELECTION - value: "false" - - name: LOG_LEVEL - value: {{ .Values.nodeAgent.containers.agent.logLevel | default .Values.nodeAgent.logLevel | quote }} - - name: STS_LOG_LEVEL - value: {{ .Values.nodeAgent.containers.agent.logLevel | default .Values.nodeAgent.logLevel | quote }} - - name: STS_NETWORK_TRACING_ENABLED - value: {{ .Values.nodeAgent.networkTracing.enabled | quote }} - - name: STS_PROTOCOL_INSPECTION_ENABLED - value: {{ .Values.nodeAgent.protocolInspection.enabled | quote }} - - name: STS_PROCESS_AGENT_ENABLED - value: {{ .Values.nodeAgent.containers.agent.processAgent.enabled | quote }} - - name: STS_CONTAINER_CHECK_INTERVAL - value: {{ .Values.processAgent.checkIntervals.container | quote }} - - name: STS_CONNECTION_CHECK_INTERVAL - value: {{ .Values.processAgent.checkIntervals.connections | quote }} - - name: STS_PROCESS_CHECK_INTERVAL - value: {{ .Values.processAgent.checkIntervals.process | quote }} - - name: STS_PROCESS_AGENT_URL - value: {{ include "stackstate-k8s-agent.stackstate.url" . }} - - - name: STS_SKIP_SSL_VALIDATION - value: {{ or .Values.global.skipSslValidation .Values.nodeAgent.skipSslValidation | quote }} - - name: STS_SKIP_KUBELET_TLS_VERIFY - value: {{ .Values.nodeAgent.skipKubeletTLSVerify | quote }} - - name: STS_STS_URL - value: {{ include "stackstate-k8s-agent.stackstate.url" . }} - {{- if .Values.nodeAgent.containerRuntime.customSocketPath }} - - name: STS_CRI_SOCKET_PATH - value: {{ .Values.nodeAgent.containerRuntime.customSocketPath }} - {{- end }} - {{- if .Values.global.proxy.url }} - - name: STS_PROXY_HTTPS - value: {{ .Values.global.proxy.url | quote }} - - name: STS_PROXY_HTTP - value: {{ .Values.global.proxy.url | quote }} - {{- end }} - {{- range $key, $value := .Values.global.extraEnv.open }} - - name: {{ $key }} - value: {{ $value | quote }} - {{- end }} - {{- range $key, $value := .Values.global.extraEnv.secret }} - - name: {{ $key }} - valueFrom: - secretKeyRef: - name: {{ include "stackstate-k8s-agent.fullname" . }} - key: {{ $key }} - {{- end }} - {{- range $key, $value := .Values.nodeAgent.containers.agent.env }} - - name: {{ $key }} - value: {{ $value | quote }} - {{- end }} - {{- if .Values.nodeAgent.containers.agent.livenessProbe.enabled }} - livenessProbe: - httpGet: - path: /health - port: healthport - failureThreshold: {{ .Values.nodeAgent.containers.agent.livenessProbe.failureThreshold }} - initialDelaySeconds: {{ .Values.nodeAgent.containers.agent.livenessProbe.initialDelaySeconds }} - periodSeconds: {{ .Values.nodeAgent.containers.agent.livenessProbe.periodSeconds }} - successThreshold: {{ .Values.nodeAgent.containers.agent.livenessProbe.successThreshold }} - timeoutSeconds: {{ .Values.nodeAgent.containers.agent.livenessProbe.timeoutSeconds }} - {{- end }} - {{- if .Values.nodeAgent.containers.agent.readinessProbe.enabled }} - readinessProbe: - httpGet: - path: /health - port: healthport - failureThreshold: {{ .Values.nodeAgent.containers.agent.readinessProbe.failureThreshold }} - initialDelaySeconds: {{ .Values.nodeAgent.containers.agent.readinessProbe.initialDelaySeconds }} - periodSeconds: {{ .Values.nodeAgent.containers.agent.readinessProbe.periodSeconds }} - successThreshold: {{ .Values.nodeAgent.containers.agent.readinessProbe.successThreshold }} - timeoutSeconds: {{ .Values.nodeAgent.containers.agent.readinessProbe.timeoutSeconds }} - {{- end }} - ports: - - containerPort: 8126 - name: traceport - protocol: TCP - - containerPort: 5555 - name: healthport - protocol: TCP - {{- with .Values.nodeAgent.containers.agent.resources }} - resources: - {{- toYaml . | nindent 12 }} - {{- end }} - volumeMounts: - {{- if .Values.nodeAgent.containerRuntime.customSocketPath }} - - name: customcrisocket - mountPath: {{ .Values.nodeAgent.containerRuntime.customSocketPath }} - readOnly: true - {{- end }} - - name: crisocket - mountPath: /var/run/crio/crio.sock - readOnly: true - - name: containerdsocket - mountPath: /var/run/containerd/containerd.sock - readOnly: true - - name: kubelet - mountPath: /var/lib/kubelet - readOnly: true - - name: nfs - mountPath: /var/lib/nfs - readOnly: true - - name: dockersocket - mountPath: /var/run/docker.sock - readOnly: true - - name: dockernetns - mountPath: /run/docker/netns - readOnly: true - - name: dockeroverlay2 - mountPath: /var/lib/docker/overlay2 - readOnly: true - - name: procdir - mountPath: /host/proc - readOnly: true - - name: cgroups - mountPath: /host/sys/fs/cgroup - readOnly: true - {{- if .Values.nodeAgent.config.override }} - {{- range .Values.nodeAgent.config.override }} - - name: config-override-volume - mountPath: {{ .path }}/{{ .name }} - subPath: {{ .path | replace "/" "_"}}_{{ .name }} - readOnly: true - {{- end }} - {{- end }} -{{- if .Values.all.hardening.enabled}} - securityContext: - privileged: true - runAsUser: 0 # root - capabilities: - add: [ "ALL" ] - readOnlyRootFilesystem: false -{{- else }} - securityContext: - privileged: false -{{- end }} -{{- end -}} diff --git a/charts/stackstate/stackstate-k8s-agent/1.0.98/templates/_container-process-agent.yaml b/charts/stackstate/stackstate-k8s-agent/1.0.98/templates/_container-process-agent.yaml deleted file mode 100644 index 893f11581..000000000 --- a/charts/stackstate/stackstate-k8s-agent/1.0.98/templates/_container-process-agent.yaml +++ /dev/null @@ -1,160 +0,0 @@ -{{- define "container-process-agent" -}} -- name: process-agent -{{ if .Values.nodeAgent.containers.processAgent.image.registry }} - image: "{{ .Values.nodeAgent.containers.processAgent.image.registry }}/{{ .Values.nodeAgent.containers.processAgent.image.repository }}:{{ .Values.nodeAgent.containers.processAgent.image.tag }}" -{{ else }} - image: "{{ include "stackstate-k8s-agent.imageRegistry" . }}/{{ .Values.nodeAgent.containers.processAgent.image.repository }}:{{ .Values.nodeAgent.containers.processAgent.image.tag }}" -{{- end }} - imagePullPolicy: "{{ .Values.nodeAgent.containers.processAgent.image.pullPolicy }}" - ports: - - containerPort: 6063 - env: - {{ include "stackstate-k8s-agent.apiKeyEnv" . | nindent 4 }} - - name: STS_KUBERNETES_KUBELET_HOST - valueFrom: - fieldRef: - fieldPath: status.hostIP - - name: KUBERNETES_HOSTNAME - valueFrom: - fieldRef: - fieldPath: spec.nodeName - - name: STS_HOSTNAME - value: "$(KUBERNETES_HOSTNAME)-{{ .Values.stackstate.cluster.name}}" - - name: AGENT_VERSION - value: {{ .Values.nodeAgent.containers.processAgent.image.tag | quote }} - - name: STS_LOG_TO_CONSOLE - value: "true" - - name: HOST_PROC - value: "/host/proc" - - name: HOST_SYS - value: "/host/sys" - - name: HOST_ETC - value: "/host/etc" - - name: KUBERNETES - value: "true" - - name: STS_CLUSTER_AGENT_ENABLED - value: {{ .Values.clusterAgent.enabled | quote }} - {{- if .Values.clusterAgent.enabled }} - - name: STS_CLUSTER_AGENT_KUBERNETES_SERVICE_NAME - value: {{ .Release.Name }}-cluster-agent - {{ include "stackstate-k8s-agent.clusterAgentAuthTokenEnv" . | nindent 4 }} - {{- end }} - - name: STS_CLUSTER_NAME - value: {{ .Values.stackstate.cluster.name | quote }} - - name: STS_SKIP_VALIDATE_CLUSTERNAME - value: "true" - - name: LOG_LEVEL - value: {{ .Values.nodeAgent.containers.processAgent.logLevel | default .Values.nodeAgent.logLevel | quote }} - - name: STS_LOG_LEVEL - value: {{ .Values.nodeAgent.containers.processAgent.logLevel | default .Values.nodeAgent.logLevel | quote }} - - name: STS_NETWORK_TRACING_ENABLED - value: {{ .Values.nodeAgent.networkTracing.enabled | quote }} - - name: STS_PROTOCOL_INSPECTION_ENABLED - value: {{ .Values.nodeAgent.protocolInspection.enabled | quote }} - - name: STS_PROCESS_AGENT_ENABLED - value: {{ .Values.nodeAgent.containers.processAgent.enabled | quote }} - - name: STS_CONTAINER_CHECK_INTERVAL - value: {{ .Values.processAgent.checkIntervals.container | quote }} - - name: STS_CONNECTION_CHECK_INTERVAL - value: {{ .Values.processAgent.checkIntervals.connections | quote }} - - name: STS_PROCESS_CHECK_INTERVAL - value: {{ .Values.processAgent.checkIntervals.process | quote }} - - name: GOMEMLIMIT - value: {{ .Values.processAgent.softMemoryLimit.goMemLimit | quote }} - - name: STS_HTTP_STATS_BUFFER_SIZE - value: {{ .Values.processAgent.softMemoryLimit.httpStatsBufferSize | quote }} - - name: STS_HTTP_OBSERVATIONS_BUFFER_SIZE - value: {{ .Values.processAgent.softMemoryLimit.httpObservationsBufferSize | quote }} - - name: STS_PROCESS_AGENT_URL - value: {{ include "stackstate-k8s-agent.stackstate.url" . }} - - name: STS_SKIP_SSL_VALIDATION - value: {{ or .Values.global.skipSslValidation .Values.nodeAgent.skipSslValidation | quote }} - - name: STS_SKIP_KUBELET_TLS_VERIFY - value: {{ .Values.nodeAgent.skipKubeletTLSVerify | quote }} - - name: STS_STS_URL - value: {{ include "stackstate-k8s-agent.stackstate.url" . }} - - name: STS_HTTP_TRACING_ENABLED - value: {{ .Values.nodeAgent.httpTracing.enabled | quote }} - {{- if .Values.nodeAgent.containerRuntime.customSocketPath }} - - name: STS_CRI_SOCKET_PATH - value: {{ .Values.nodeAgent.containerRuntime.customSocketPath }} - {{- end }} - {{- if .Values.global.proxy.url }} - - name: STS_PROXY_HTTPS - value: {{ .Values.global.proxy.url | quote }} - - name: STS_PROXY_HTTP - value: {{ .Values.global.proxy.url | quote }} - {{- end }} - {{- range $key, $value := .Values.global.extraEnv.open }} - - name: {{ $key }} - value: {{ $value | quote }} - {{- end }} - {{- range $key, $value := .Values.global.extraEnv.secret }} - - name: {{ $key }} - valueFrom: - secretKeyRef: - name: {{ include "stackstate-k8s-agent.fullname" . }} - key: {{ $key }} - {{- end }} - {{- range $key, $value := .Values.nodeAgent.containers.processAgent.env }} - - name: {{ $key }} - value: {{ $value | quote }} - {{- end }} - {{- with .Values.nodeAgent.containers.processAgent.resources }} - resources: - {{- toYaml . | nindent 12 }} - {{- end }} - volumeMounts: - {{- if .Values.nodeAgent.containerRuntime.customSocketPath }} - - name: customcrisocket - mountPath: {{ .Values.nodeAgent.containerRuntime.customSocketPath }} - readOnly: true - {{- end }} - - name: crisocket - mountPath: /var/run/crio/crio.sock - readOnly: true - - name: containerdsocket - mountPath: /var/run/containerd/containerd.sock - readOnly: true - - name: sys-kernel-debug - mountPath: /sys/kernel/debug - # Having sys-kernel-debug as read only breaks specific monitors from receiving metrics - # readOnly: true - - name: dockersocket - mountPath: /var/run/docker.sock - readOnly: true - # The agent needs access to /etc to figure out what os it is running on. - - name: etcdir - mountPath: /host/etc - readOnly: true - - name: procdir - mountPath: /host/proc - # We have an agent option STS_DISABLE_BPF_JIT_HARDEN that write to /proc. this is a debug setting but if we want to use - # it, we have the option to make /proc writable. - readOnly: {{ .Values.nodeAgent.containers.processAgent.procVolumeReadOnly }} - - name: passwd - mountPath: /etc/passwd - readOnly: true - - name: cgroups - mountPath: /host/sys/fs/cgroup - readOnly: true - {{- if .Values.nodeAgent.config.override }} - {{- range .Values.nodeAgent.config.override }} - - name: config-override-volume - mountPath: {{ .path }}/{{ .name }} - subPath: {{ .path | replace "/" "_"}}_{{ .name }} - readOnly: true - {{- end }} - {{- end }} -{{- if .Values.all.hardening.enabled}} - securityContext: - privileged: true - runAsUser: 0 # root - capabilities: - add: [ "ALL" ] - readOnlyRootFilesystem: false -{{- else }} - securityContext: - privileged: true -{{- end }} -{{- end -}} diff --git a/charts/stackstate/stackstate-k8s-agent/1.0.98/templates/_helpers.tpl b/charts/stackstate/stackstate-k8s-agent/1.0.98/templates/_helpers.tpl deleted file mode 100644 index 3c51bc308..000000000 --- a/charts/stackstate/stackstate-k8s-agent/1.0.98/templates/_helpers.tpl +++ /dev/null @@ -1,219 +0,0 @@ -{{/* vim: set filetype=mustache: */}} -{{/* -Expand the name of the chart. -*/}} -{{- define "stackstate-k8s-agent.name" -}} -{{- default .Chart.Name .Values.nameOverride | trunc 63 | trimSuffix "-" -}} -{{- end -}} - -{{/* -Create a default fully qualified app name. -We truncate at 63 chars because some Kubernetes name fields are limited to this (by the DNS naming spec). -If release name contains chart name it will be used as a full name. -*/}} -{{- define "stackstate-k8s-agent.fullname" -}} -{{- if .Values.fullnameOverride -}} -{{- .Values.fullnameOverride | trunc 63 | trimSuffix "-" -}} -{{- else -}} -{{- $name := default .Chart.Name .Values.nameOverride -}} -{{- if contains $name .Release.Name -}} -{{- .Release.Name | trunc 63 | trimSuffix "-" -}} -{{- else -}} -{{- printf "%s-%s" .Release.Name $name | trunc 63 | trimSuffix "-" -}} -{{- end -}} -{{- end -}} -{{- end -}} - -{{/* -Create chart name and version as used by the chart label. -*/}} -{{- define "stackstate-k8s-agent.chart" -}} -{{- printf "%s-%s" .Chart.Name .Chart.Version | replace "+" "_" | trunc 63 | trimSuffix "-" -}} -{{- end -}} - -{{/* -Common labels -*/}} -{{- define "stackstate-k8s-agent.labels" -}} -app.kubernetes.io/name: {{ include "stackstate-k8s-agent.name" . }} -helm.sh/chart: {{ include "stackstate-k8s-agent.chart" . }} -app.kubernetes.io/instance: {{ .Release.Name }} -{{- if .Chart.AppVersion }} -app.kubernetes.io/version: {{ .Chart.AppVersion | quote }} -{{- end }} -app.kubernetes.io/managed-by: {{ .Release.Service }} -{{- end -}} - -{{/* -Cluster agent checksum annotations -*/}} -{{- define "stackstate-k8s-agent.checksum-configs" }} -checksum/secret: {{ include (print $.Template.BasePath "/secret.yaml") . | sha256sum }} -{{- end }} - -{{/* -StackState URL function -*/}} -{{- define "stackstate-k8s-agent.stackstate.url" -}} -{{ tpl .Values.stackstate.url . | quote }} -{{- end }} - -{{- define "stackstate-k8s-agent.configmap.override.checksum" -}} -{{- if .Values.clusterAgent.config.override }} -checksum/override-configmap: {{ include (print $.Template.BasePath "/cluster-agent-configmap.yaml") . | sha256sum }} -{{- end }} -{{- end }} - -{{- define "stackstate-k8s-agent.nodeAgent.configmap.override.checksum" -}} -{{- if .Values.nodeAgent.config.override }} -checksum/override-configmap: {{ include (print $.Template.BasePath "/node-agent-configmap.yaml") . | sha256sum }} -{{- end }} -{{- end }} - -{{- define "stackstate-k8s-agent.logsAgent.configmap.override.checksum" -}} -checksum/override-configmap: {{ include (print $.Template.BasePath "/logs-agent-configmap.yaml") . | sha256sum }} -{{- end }} - -{{- define "stackstate-k8s-agent.checksAgent.configmap.override.checksum" -}} -{{- if .Values.checksAgent.config.override }} -checksum/override-configmap: {{ include (print $.Template.BasePath "/checks-agent-configmap.yaml") . | sha256sum }} -{{- end }} -{{- end }} - - -{{/* -Return the image registry -*/}} -{{- define "stackstate-k8s-agent.imageRegistry" -}} - {{- if .Values.global }} - {{- .Values.global.imageRegistry | default .Values.all.image.registry -}} - {{- else -}} - {{- .Values.all.image.registry -}} - {{- end -}} -{{- end -}} - -{{/* -Renders a value that contains a template. -Usage: -{{ include "stackstate-k8s-agent.tplvalue.render" ( dict "value" .Values.path.to.the.Value "context" $) }} -*/}} -{{- define "stackstate-k8s-agent.tplvalue.render" -}} - {{- if typeIs "string" .value }} - {{- tpl .value .context }} - {{- else }} - {{- tpl (.value | toYaml) .context }} - {{- end }} -{{- end -}} - -{{- define "stackstate-k8s-agent.pull-secret.name" -}} -{{ include "stackstate-k8s-agent.fullname" . }}-pull-secret -{{- end -}} - -{{/* -Return the proper Docker Image Registry Secret Names evaluating values as templates -{{ include "stackstate-k8s-agent.image.pullSecrets" ( dict "images" (list .Values.path.to.the.image1, .Values.path.to.the.image2) "context" $) }} -*/}} -{{- define "stackstate-k8s-agent.image.pullSecrets" -}} - {{- $pullSecrets := list }} - {{- $context := .context }} - {{- if $context.Values.global }} - {{- range $context.Values.global.imagePullSecrets -}} - {{/* Is plain array of strings, compatible with all bitnami charts */}} - {{- $pullSecrets = append $pullSecrets (include "stackstate-k8s-agent.tplvalue.render" (dict "value" . "context" $context)) -}} - {{- end -}} - {{- end -}} - {{- range $context.Values.imagePullSecrets -}} - {{- $pullSecrets = append $pullSecrets (include "stackstate-k8s-agent.tplvalue.render" (dict "value" .name "context" $context)) -}} - {{- end -}} - {{- range .images -}} - {{- if .pullSecretName -}} - {{- $pullSecrets = append $pullSecrets (include "stackstate-k8s-agent.tplvalue.render" (dict "value" .pullSecretName "context" $context)) -}} - {{- end -}} - {{- end -}} - {{- $pullSecrets = append $pullSecrets (include "stackstate-k8s-agent.pull-secret.name" $context) -}} - {{- if (not (empty $pullSecrets)) -}} -imagePullSecrets: - {{- range $pullSecrets | uniq }} - - name: {{ . }} - {{- end }} - {{- end }} -{{- end -}} - -{{/* -Check whether the kubernetes-state-metrics configuration is overridden. If so, return 'true' else return nothing (which is false). -{{ include "stackstate-k8s-agent.kube-state-metrics.overridden" $ }} -*/}} -{{- define "stackstate-k8s-agent.kube-state-metrics.overridden" -}} -{{- if .Values.clusterAgent.config.override }} - {{- range $i, $val := .Values.clusterAgent.config.override }} - {{- if and (eq $val.name "conf.yaml") (eq $val.path "/etc/stackstate-agent/conf.d/kubernetes_state.d") }} -true - {{- end }} - {{- end }} -{{- end }} -{{- end -}} - -{{- define "stackstate-k8s-agent.nodeAgent.kube-state-metrics.overridden" -}} -{{- if .Values.nodeAgent.config.override }} - {{- range $i, $val := .Values.nodeAgent.config.override }} - {{- if and (eq $val.name "auto_conf.yaml") (eq $val.path "/etc/stackstate-agent/conf.d/kubernetes_state.d") }} -true - {{- end }} - {{- end }} -{{- end }} -{{- end -}} - -{{/* -Return the appropriate os label -*/}} -{{- define "label.os" -}} -{{- if semverCompare "^1.14-0" .Capabilities.KubeVersion.GitVersion -}} -kubernetes.io/os -{{- else -}} -beta.kubernetes.io/os -{{- end -}} -{{- end -}} - -{{/* -Returns a YAML with extra annotations -*/}} -{{- define "stackstate-k8s-agent.global.extraAnnotations" -}} -{{- with .Values.global.extraAnnotations }} -{{- toYaml . }} -{{- end }} -{{- end -}} - -{{/* -Returns a YAML with extra labels -*/}} -{{- define "stackstate-k8s-agent.global.extraLabels" -}} -{{- with .Values.global.extraLabels }} -{{- toYaml . }} -{{- end }} -{{- end -}} - -{{- define "stackstate-k8s-agent.apiKeyEnv" -}} -- name: STS_API_KEY - valueFrom: - secretKeyRef: -{{- if not .Values.stackstate.manageOwnSecrets }} - name: {{ include "stackstate-k8s-agent.fullname" . }} - key: sts-api-key -{{- else }} - name: {{ .Values.stackstate.customSecretName | quote }} - key: {{ .Values.stackstate.customApiKeySecretKey | quote }} -{{- end }} -{{- end -}} - -{{- define "stackstate-k8s-agent.clusterAgentAuthTokenEnv" -}} -- name: STS_CLUSTER_AGENT_AUTH_TOKEN - valueFrom: - secretKeyRef: -{{- if not .Values.stackstate.manageOwnSecrets }} - name: {{ include "stackstate-k8s-agent.fullname" . }} - key: sts-cluster-auth-token -{{- else }} - name: {{ .Values.stackstate.customSecretName | quote }} - key: {{ .Values.stackstate.customClusterAuthTokenSecretKey | quote }} -{{- end }} -{{- end -}} diff --git a/charts/stackstate/stackstate-k8s-agent/1.0.98/templates/checks-agent-clusterrolebinding.yaml b/charts/stackstate/stackstate-k8s-agent/1.0.98/templates/checks-agent-clusterrolebinding.yaml deleted file mode 100644 index 4fd0eadbc..000000000 --- a/charts/stackstate/stackstate-k8s-agent/1.0.98/templates/checks-agent-clusterrolebinding.yaml +++ /dev/null @@ -1,21 +0,0 @@ -{{- if .Values.checksAgent.enabled }} -apiVersion: rbac.authorization.k8s.io/v1 -kind: ClusterRoleBinding -metadata: - name: {{ .Release.Name }}-checks-agent - labels: -{{ include "stackstate-k8s-agent.labels" . | indent 4 }} -{{ include "stackstate-k8s-agent.global.extraLabels" . | indent 4 }} - app.kubernetes.io/component: checks-agent - annotations: -{{ include "stackstate-k8s-agent.global.extraAnnotations" . | indent 4 }} -roleRef: - apiGroup: rbac.authorization.k8s.io - kind: ClusterRole - name: {{ .Release.Name }}-node-agent -subjects: -- apiGroup: "" - kind: ServiceAccount - name: {{ .Release.Name }}-checks-agent - namespace: {{ .Release.Namespace }} -{{- end -}} diff --git a/charts/stackstate/stackstate-k8s-agent/1.0.98/templates/checks-agent-configmap.yaml b/charts/stackstate/stackstate-k8s-agent/1.0.98/templates/checks-agent-configmap.yaml deleted file mode 100644 index 54a1abf2f..000000000 --- a/charts/stackstate/stackstate-k8s-agent/1.0.98/templates/checks-agent-configmap.yaml +++ /dev/null @@ -1,17 +0,0 @@ -{{- if and .Values.checksAgent.enabled .Values.checksAgent.config.override }} -apiVersion: v1 -kind: ConfigMap -metadata: - name: {{ .Release.Name }}-checks-agent - labels: -{{ include "stackstate-k8s-agent.labels" . | indent 4 }} -{{ include "stackstate-k8s-agent.global.extraLabels" . | indent 4 }} - app.kubernetes.io/component: checks-agent - annotations: -{{ include "stackstate-k8s-agent.global.extraAnnotations" . | indent 4 }} -data: -{{- range .Values.checksAgent.config.override }} - {{ .path | replace "/" "_"}}_{{ .name }}: | -{{ .data | indent 4 -}} -{{- end -}} -{{- end -}} diff --git a/charts/stackstate/stackstate-k8s-agent/1.0.98/templates/checks-agent-deployment.yaml b/charts/stackstate/stackstate-k8s-agent/1.0.98/templates/checks-agent-deployment.yaml deleted file mode 100644 index 37a0b1a1d..000000000 --- a/charts/stackstate/stackstate-k8s-agent/1.0.98/templates/checks-agent-deployment.yaml +++ /dev/null @@ -1,185 +0,0 @@ -{{- if .Values.checksAgent.enabled }} -apiVersion: apps/v1 -kind: Deployment -metadata: - name: {{ .Release.Name }}-checks-agent - namespace: {{ .Release.Namespace }} - labels: -{{ include "stackstate-k8s-agent.labels" . | indent 4 }} -{{ include "stackstate-k8s-agent.global.extraLabels" . | indent 4 }} - app.kubernetes.io/component: checks-agent - annotations: -{{ include "stackstate-k8s-agent.global.extraAnnotations" . | indent 4 }} -spec: - selector: - matchLabels: - app.kubernetes.io/component: checks-agent - app.kubernetes.io/instance: {{ .Release.Name }} - app.kubernetes.io/name: {{ include "stackstate-k8s-agent.name" . }} - replicas: {{ .Values.checksAgent.replicas }} -{{- with .Values.checksAgent.strategy }} - strategy: - {{- toYaml . | nindent 4 }} -{{- end }} - template: - metadata: - annotations: - {{- include "stackstate-k8s-agent.checksum-configs" . | nindent 8 }} - {{- include "stackstate-k8s-agent.nodeAgent.configmap.override.checksum" . | nindent 8 }} -{{ include "stackstate-k8s-agent.global.extraAnnotations" . | indent 8 }} - labels: - app.kubernetes.io/component: checks-agent - app.kubernetes.io/instance: {{ .Release.Name }} - app.kubernetes.io/name: {{ include "stackstate-k8s-agent.name" . }} -{{ include "stackstate-k8s-agent.global.extraLabels" . | indent 8 }} - spec: - {{- include "stackstate-k8s-agent.image.pullSecrets" (dict "images" (list .Values.checksAgent.image .Values.all.image) "context" $) | nindent 6 }} - {{- if .Values.all.hardening.enabled}} - terminationGracePeriodSeconds: 240 - {{- end }} - containers: - - name: {{ .Chart.Name }} - image: "{{ include "stackstate-k8s-agent.imageRegistry" . }}/{{ .Values.checksAgent.image.repository }}:{{ .Values.checksAgent.image.tag }}" - imagePullPolicy: "{{ .Values.checksAgent.image.pullPolicy }}" - {{- if .Values.all.hardening.enabled}} - lifecycle: - preStop: - exec: - command: [ "/bin/sh", "-c", "echo 'Giving slim.ai monitor time to submit data...'; sleep 120" ] - {{- end }} - env: - {{ include "stackstate-k8s-agent.apiKeyEnv" . | nindent 10 }} - - name: KUBERNETES_HOSTNAME - valueFrom: - fieldRef: - fieldPath: spec.nodeName - - name: STS_HOSTNAME - value: "$(KUBERNETES_HOSTNAME)-{{ .Values.stackstate.cluster.name}}" - - name: AGENT_VERSION - value: {{ .Values.checksAgent.image.tag | quote }} - - name: LOG_LEVEL - value: {{ .Values.checksAgent.logLevel | quote }} - - name: STS_APM_ENABLED - value: "false" - - name: STS_CLUSTER_AGENT_ENABLED - value: {{ .Values.clusterAgent.enabled | quote }} - {{- if .Values.clusterAgent.enabled }} - - name: STS_CLUSTER_AGENT_KUBERNETES_SERVICE_NAME - value: {{ .Release.Name }}-cluster-agent - {{ include "stackstate-k8s-agent.clusterAgentAuthTokenEnv" . | nindent 10 }} - {{- end }} - - name: STS_CLUSTER_NAME - value: {{ .Values.stackstate.cluster.name | quote }} - - name: STS_SKIP_VALIDATE_CLUSTERNAME - value: "true" - - name: STS_CHECKS_TAG_CARDINALITY - value: {{ .Values.checksAgent.checksTagCardinality | quote }} - - name: STS_EXTRA_CONFIG_PROVIDERS - value: "clusterchecks" - - name: STS_HEALTH_PORT - value: "5555" - - name: STS_LEADER_ELECTION - value: "false" - - name: STS_LOG_LEVEL - value: {{ .Values.checksAgent.logLevel | quote }} - - name: STS_NETWORK_TRACING_ENABLED - value: "false" - - name: STS_PROCESS_AGENT_ENABLED - value: "false" - - name: STS_SKIP_SSL_VALIDATION - value: {{ or .Values.global.skipSslValidation .Values.checksAgent.skipSslValidation | quote }} - - name: STS_STS_URL - value: {{ include "stackstate-k8s-agent.stackstate.url" . }} - {{- if .Values.global.proxy.url }} - - name: STS_PROXY_HTTPS - value: {{ .Values.global.proxy.url | quote }} - - name: STS_PROXY_HTTP - value: {{ .Values.global.proxy.url | quote }} - {{- end }} - {{- range $key, $value := .Values.global.extraEnv.open }} - - name: {{ $key }} - value: {{ $value | quote }} - {{- end }} - {{- range $key, $value := .Values.global.extraEnv.secret }} - - name: {{ $key }} - valueFrom: - secretKeyRef: - name: {{ include "stackstate-k8s-agent.fullname" . }} - key: {{ $key }} - {{- end }} - livenessProbe: - httpGet: - path: /health - port: healthport - failureThreshold: {{ .Values.checksAgent.livenessProbe.failureThreshold }} - initialDelaySeconds: {{ .Values.checksAgent.livenessProbe.initialDelaySeconds }} - periodSeconds: {{ .Values.checksAgent.livenessProbe.periodSeconds }} - successThreshold: {{ .Values.checksAgent.livenessProbe.successThreshold }} - timeoutSeconds: {{ .Values.checksAgent.livenessProbe.timeoutSeconds }} - readinessProbe: - httpGet: - path: /health - port: healthport - failureThreshold: {{ .Values.checksAgent.readinessProbe.failureThreshold }} - initialDelaySeconds: {{ .Values.checksAgent.readinessProbe.initialDelaySeconds }} - periodSeconds: {{ .Values.checksAgent.readinessProbe.periodSeconds }} - successThreshold: {{ .Values.checksAgent.readinessProbe.successThreshold }} - timeoutSeconds: {{ .Values.checksAgent.readinessProbe.timeoutSeconds }} - ports: - - containerPort: 5555 - name: healthport - protocol: TCP - {{- if .Values.all.hardening.enabled}} - securityContext: - privileged: true - runAsUser: 0 # root - capabilities: - add: [ "ALL" ] - readOnlyRootFilesystem: false - {{- else }} - securityContext: - privileged: false - {{- end }} - {{- with .Values.checksAgent.resources }} - resources: - {{- toYaml . | nindent 12 }} - {{- end }} - volumeMounts: - - name: confd-empty-volume - mountPath: /etc/stackstate-agent/conf.d -# setting as readOnly: false because we need the ability to write data on /etc/stackstate-agent/conf.d as we enable checks to run. - readOnly: false - {{- if .Values.checksAgent.config.override }} - {{- range .Values.checksAgent.config.override }} - - name: config-override-volume - mountPath: {{ .path }}/{{ .name }} - subPath: {{ .path | replace "/" "_"}}_{{ .name }} - readOnly: true - {{- end }} - {{- end }} - {{- if .Values.checksAgent.priorityClassName }} - priorityClassName: {{ .Values.checksAgent.priorityClassName }} - {{- end }} - serviceAccountName: {{ .Release.Name }}-checks-agent - nodeSelector: - {{ template "label.os" . }}: {{ .Values.targetSystem }} - {{- with .Values.checksAgent.nodeSelector }} - {{- toYaml . | nindent 8 }} - {{- end }} - {{- with .Values.checksAgent.affinity }} - affinity: - {{- toYaml . | nindent 8 }} - {{- end }} - {{- with .Values.checksAgent.tolerations }} - tolerations: - {{- toYaml . | nindent 8 }} - {{- end }} - volumes: - - name: confd-empty-volume - emptyDir: {} - {{- if .Values.checksAgent.config.override }} - - name: config-override-volume - configMap: - name: {{ .Release.Name }}-checks-agent - {{- end }} -{{- end -}} diff --git a/charts/stackstate/stackstate-k8s-agent/1.0.98/templates/checks-agent-poddisruptionbudget.yaml b/charts/stackstate/stackstate-k8s-agent/1.0.98/templates/checks-agent-poddisruptionbudget.yaml deleted file mode 100644 index 19d3924ea..000000000 --- a/charts/stackstate/stackstate-k8s-agent/1.0.98/templates/checks-agent-poddisruptionbudget.yaml +++ /dev/null @@ -1,23 +0,0 @@ -{{- if .Values.checksAgent.enabled }} -{{- if .Capabilities.APIVersions.Has "policy/v1/PodDisruptionBudget" }} -apiVersion: policy/v1 -{{- else }} -apiVersion: policy/v1beta1 -{{- end }} -kind: PodDisruptionBudget -metadata: - name: {{ .Release.Name }}-checks-agent - labels: -{{ include "stackstate-k8s-agent.labels" . | indent 4 }} -{{ include "stackstate-k8s-agent.global.extraLabels" . | indent 4 }} - app.kubernetes.io/component: checks-agent - annotations: -{{ include "stackstate-k8s-agent.global.extraAnnotations" . | indent 4 }} -spec: - maxUnavailable: 1 - selector: - matchLabels: - app.kubernetes.io/component: checks-agent - app.kubernetes.io/instance: {{ .Release.Name }} - app.kubernetes.io/name: {{ include "stackstate-k8s-agent.name" . }} -{{- end -}} diff --git a/charts/stackstate/stackstate-k8s-agent/1.0.98/templates/checks-agent-serviceaccount.yaml b/charts/stackstate/stackstate-k8s-agent/1.0.98/templates/checks-agent-serviceaccount.yaml deleted file mode 100644 index a90a43589..000000000 --- a/charts/stackstate/stackstate-k8s-agent/1.0.98/templates/checks-agent-serviceaccount.yaml +++ /dev/null @@ -1,16 +0,0 @@ -{{- if .Values.checksAgent.enabled }} -apiVersion: v1 -kind: ServiceAccount -metadata: - name: {{ .Release.Name }}-checks-agent - namespace: {{ .Release.Namespace }} - labels: -{{ include "stackstate-k8s-agent.labels" . | indent 4 }} -{{ include "stackstate-k8s-agent.global.extraLabels" . | indent 4 }} - app.kubernetes.io/component: checks-agent - annotations: -{{ include "stackstate-k8s-agent.global.extraAnnotations" . | indent 4 }} -{{- with .Values.checksAgent.serviceaccount.annotations }} - {{- toYaml . | nindent 4 }} -{{- end }} -{{- end -}} diff --git a/charts/stackstate/stackstate-k8s-agent/1.0.98/templates/cluster-agent-clusterrole.yaml b/charts/stackstate/stackstate-k8s-agent/1.0.98/templates/cluster-agent-clusterrole.yaml deleted file mode 100644 index 021a43ebd..000000000 --- a/charts/stackstate/stackstate-k8s-agent/1.0.98/templates/cluster-agent-clusterrole.yaml +++ /dev/null @@ -1,152 +0,0 @@ -{{- $kubeRes := .Values.clusterAgent.collection.kubernetesResources }} -apiVersion: rbac.authorization.k8s.io/v1 -kind: ClusterRole -metadata: - name: {{ include "stackstate-k8s-agent.fullname" . }} - labels: -{{ include "stackstate-k8s-agent.labels" . | indent 4 }} -{{ include "stackstate-k8s-agent.global.extraLabels" . | indent 4 }} - app.kubernetes.io/component: cluster-agent - annotations: -{{ include "stackstate-k8s-agent.global.extraAnnotations" . | indent 4 }} -rules: -- apiGroups: - - "" - resources: - - events - - nodes - - pods - - services - {{- if $kubeRes.namespaces }} - - namespaces - {{- end }} - {{- if .Values.clusterAgent.collection.kubernetesMetrics }} - - componentstatuses - {{- end }} - {{- if $kubeRes.configmaps }} - - configmaps - {{- end }} - {{- if $kubeRes.endpoints }} - - endpoints - {{- end }} - {{- if $kubeRes.persistentvolumeclaims }} - - persistentvolumeclaims - {{- end }} - {{- if $kubeRes.persistentvolumes }} - - persistentvolumes - {{- end }} - {{- if $kubeRes.secrets }} - - secrets - {{- end }} - {{- if $kubeRes.resourcequotas }} - - resourcequotas - {{- end }} - verbs: - - get - - list - - watch -{{- if or $kubeRes.daemonsets $kubeRes.deployments $kubeRes.replicasets $kubeRes.statefulsets }} -- apiGroups: - - "apps" - resources: - {{- if $kubeRes.daemonsets }} - - daemonsets - {{- end }} - {{- if $kubeRes.deployments }} - - deployments - {{- end }} - {{- if $kubeRes.replicasets }} - - replicasets - {{- end }} - {{- if $kubeRes.statefulsets }} - - statefulsets - {{- end }} - verbs: - - get - - list - - watch -{{- end}} -{{- if $kubeRes.ingresses }} -- apiGroups: - - "extensions" - - "networking.k8s.io" - resources: - - ingresses - verbs: - - get - - list - - watch -{{- end}} -{{- if or $kubeRes.cronjobs $kubeRes.jobs }} -- apiGroups: - - "batch" - resources: - {{- if $kubeRes.cronjobs }} - - cronjobs - {{- end }} - {{- if $kubeRes.jobs }} - - jobs - {{- end }} - verbs: - - get - - list - - watch -{{- end}} -- nonResourceURLs: - - "/healthz" - - "/version" - verbs: - - get -- apiGroups: - - "storage.k8s.io" - resources: - {{- if $kubeRes.volumeattachments }} - - volumeattachments - {{- end }} - {{- if $kubeRes.storageclasses }} - - storageclasses - {{- end }} - verbs: - - get - - list - - watch -- apiGroups: - - "policy" - resources: - {{- if $kubeRes.poddisruptionbudgets }} - - poddisruptionbudgets - {{- end }} - verbs: - - get - - list - - watch -- apiGroups: - - "" - resources: - {{- if $kubeRes.replicationcontrollers }} - - replicationcontrollers - {{- end }} - verbs: - - get - - list - - watch -- apiGroups: - - "autoscaling" - resources: - {{- if $kubeRes.horizontalpodautoscalers }} - - horizontalpodautoscalers - {{- end }} - verbs: - - get - - list - - watch -- apiGroups: - - "" - resources: - {{- if $kubeRes.limitranges }} - - limitranges - {{- end }} - verbs: - - get - - list - - watch diff --git a/charts/stackstate/stackstate-k8s-agent/1.0.98/templates/cluster-agent-clusterrolebinding.yaml b/charts/stackstate/stackstate-k8s-agent/1.0.98/templates/cluster-agent-clusterrolebinding.yaml deleted file mode 100644 index 207613dd9..000000000 --- a/charts/stackstate/stackstate-k8s-agent/1.0.98/templates/cluster-agent-clusterrolebinding.yaml +++ /dev/null @@ -1,19 +0,0 @@ -apiVersion: rbac.authorization.k8s.io/v1 -kind: ClusterRoleBinding -metadata: - name: {{ include "stackstate-k8s-agent.fullname" . }} - labels: -{{ include "stackstate-k8s-agent.labels" . | indent 4 }} -{{ include "stackstate-k8s-agent.global.extraLabels" . | indent 4 }} - app.kubernetes.io/component: cluster-agent - annotations: -{{ include "stackstate-k8s-agent.global.extraAnnotations" . | indent 4 }} -roleRef: - apiGroup: rbac.authorization.k8s.io - kind: ClusterRole - name: {{ include "stackstate-k8s-agent.fullname" . }} -subjects: -- apiGroup: "" - kind: ServiceAccount - name: {{ include "stackstate-k8s-agent.fullname" . }} - namespace: {{ .Release.Namespace }} diff --git a/charts/stackstate/stackstate-k8s-agent/1.0.98/templates/cluster-agent-configmap.yaml b/charts/stackstate/stackstate-k8s-agent/1.0.98/templates/cluster-agent-configmap.yaml deleted file mode 100644 index 37d10217f..000000000 --- a/charts/stackstate/stackstate-k8s-agent/1.0.98/templates/cluster-agent-configmap.yaml +++ /dev/null @@ -1,31 +0,0 @@ -apiVersion: v1 -kind: ConfigMap -metadata: - name: {{ .Release.Name }}-cluster-agent - labels: -{{ include "stackstate-k8s-agent.labels" . | indent 4 }} -{{ include "stackstate-k8s-agent.global.extraLabels" . | indent 4 }} - app.kubernetes.io/component: cluster-agent - annotations: -{{ include "stackstate-k8s-agent.global.extraAnnotations" . | indent 4 }} -data: - kubernetes_api_events_conf: | - init_config: - instances: - - collect_events: {{ .Values.clusterAgent.collection.kubernetesEvents }} - event_categories:{{ .Values.clusterAgent.config.events.categories | toYaml | nindent 10 }} - kubernetes_api_topology_conf: | - init_config: - instances: - - collection_interval: {{ .Values.clusterAgent.config.topology.collectionInterval }} - resources:{{ .Values.clusterAgent.collection.kubernetesResources | toYaml | nindent 10 }} - {{- if .Values.clusterAgent.collection.kubeStateMetrics.enabled }} - kube_state_metrics_core_conf: | - {{- include "cluster-agent-kube-state-metrics" . | nindent 6 }} - {{- end }} -{{- if .Values.clusterAgent.config.override }} -{{- range .Values.clusterAgent.config.override }} - {{ .path | replace "/" "_"}}_{{ .name }}: | -{{ .data | indent 4 -}} -{{- end -}} -{{- end -}} diff --git a/charts/stackstate/stackstate-k8s-agent/1.0.98/templates/cluster-agent-deployment.yaml b/charts/stackstate/stackstate-k8s-agent/1.0.98/templates/cluster-agent-deployment.yaml deleted file mode 100644 index 51025a670..000000000 --- a/charts/stackstate/stackstate-k8s-agent/1.0.98/templates/cluster-agent-deployment.yaml +++ /dev/null @@ -1,169 +0,0 @@ -apiVersion: apps/v1 -kind: Deployment -metadata: - name: {{ .Release.Name }}-cluster-agent - labels: -{{ include "stackstate-k8s-agent.labels" . | indent 4 }} -{{ include "stackstate-k8s-agent.global.extraLabels" . | indent 4 }} - app.kubernetes.io/component: cluster-agent - annotations: -{{ include "stackstate-k8s-agent.global.extraAnnotations" . | indent 4 }} -spec: - replicas: {{ .Values.clusterAgent.replicaCount }} - selector: - matchLabels: - app.kubernetes.io/component: cluster-agent - app.kubernetes.io/instance: {{ .Release.Name }} - app.kubernetes.io/name: {{ include "stackstate-k8s-agent.name" . }} -{{- with .Values.clusterAgent.strategy }} - strategy: - {{- toYaml . | nindent 4 }} -{{- end }} - template: - metadata: - annotations: - {{- include "stackstate-k8s-agent.checksum-configs" . | nindent 8 }} - {{- include "stackstate-k8s-agent.configmap.override.checksum" . | nindent 8 }} -{{ include "stackstate-k8s-agent.global.extraAnnotations" . | indent 8 }} - labels: - app.kubernetes.io/component: cluster-agent - app.kubernetes.io/instance: {{ .Release.Name }} - app.kubernetes.io/name: {{ include "stackstate-k8s-agent.name" . }} -{{ include "stackstate-k8s-agent.global.extraLabels" . | indent 8 }} - spec: - {{- include "stackstate-k8s-agent.image.pullSecrets" (dict "images" (list .Values.clusterAgent.image .Values.all.image) "context" $) | nindent 6 }} - {{- if .Values.clusterAgent.priorityClassName }} - priorityClassName: {{ .Values.clusterAgent.priorityClassName }} - {{- end }} - serviceAccountName: {{ include "stackstate-k8s-agent.fullname" . }} - {{- if .Values.all.hardening.enabled}} - terminationGracePeriodSeconds: 240 - {{- end }} - containers: - - name: cluster-agent - image: "{{ include "stackstate-k8s-agent.imageRegistry" . }}/{{ .Values.clusterAgent.image.repository }}:{{ .Values.clusterAgent.image.tag }}" - imagePullPolicy: "{{ .Values.clusterAgent.image.pullPolicy }}" - {{- if .Values.all.hardening.enabled}} - lifecycle: - preStop: - exec: - command: [ "/bin/sh", "-c", "echo 'Giving slim.ai monitor time to submit data...'; sleep 120" ] - {{- end }} - env: - {{ include "stackstate-k8s-agent.apiKeyEnv" . | nindent 10 }} - {{ include "stackstate-k8s-agent.clusterAgentAuthTokenEnv" . | nindent 10 }} - - name: KUBERNETES_HOSTNAME - valueFrom: - fieldRef: - fieldPath: spec.nodeName - - name: STS_HOSTNAME - value: "$(KUBERNETES_HOSTNAME)-{{ .Values.stackstate.cluster.name}}" - - name: LOG_LEVEL - value: {{ .Values.clusterAgent.logLevel | quote }} - {{- if .Values.checksAgent.enabled }} - - name: STS_CLUSTER_CHECKS_ENABLED - value: "true" - - name: STS_EXTRA_CONFIG_PROVIDERS - value: "kube_endpoints kube_services" - - name: STS_EXTRA_LISTENERS - value: "kube_endpoints kube_services" - {{- end }} - - name: STS_CLUSTER_NAME - value: {{.Values.stackstate.cluster.name | quote }} - - name: STS_SKIP_VALIDATE_CLUSTERNAME - value: "true" - - name: STS_SKIP_SSL_VALIDATION - value: {{ or .Values.global.skipSslValidation .Values.clusterAgent.skipSslValidation | quote }} - - name: STS_COLLECT_KUBERNETES_METRICS - value: {{ .Values.clusterAgent.collection.kubernetesMetrics | quote }} - - name: STS_COLLECT_KUBERNETES_TIMEOUT - value: {{ .Values.clusterAgent.collection.kubernetesTimeout | quote }} - - name: STS_COLLECT_KUBERNETES_TOPOLOGY - value: {{ .Values.clusterAgent.collection.kubernetesTopology | quote }} - - name: STS_LEADER_ELECTION - value: "true" - - name: STS_LOG_LEVEL - value: {{ .Values.clusterAgent.logLevel | quote }} - - name: STS_CLUSTER_AGENT_CMD_PORT - value: {{ .Values.clusterAgent.service.targetPort | quote }} - - name: STS_STS_URL - value: {{ include "stackstate-k8s-agent.stackstate.url" . }} - {{- if .Values.clusterAgent.config.configMap.maxDataSize }} - - name: STS_CONFIGMAP_MAX_DATASIZE - value: {{ .Values.clusterAgent.config.configMap.maxDataSize | quote }} - {{- end}} - {{- if .Values.global.proxy.url }} - - name: STS_PROXY_HTTPS - value: {{ .Values.global.proxy.url | quote }} - - name: STS_PROXY_HTTP - value: {{ .Values.global.proxy.url | quote }} - {{- end }} - {{- range $key, $value := .Values.global.extraEnv.open }} - - name: {{ $key }} - value: {{ $value | quote }} - {{- end }} - {{- range $key, $value := .Values.global.extraEnv.secret }} - - name: {{ $key }} - valueFrom: - secretKeyRef: - name: {{ include "stackstate-k8s-agent.fullname" . }} - key: {{ $key }} - {{- end }} - {{- if .Values.all.hardening.enabled}} - securityContext: - privileged: true - runAsUser: 0 # root - capabilities: - add: [ "ALL" ] - readOnlyRootFilesystem: false - {{- else }} - securityContext: - privileged: false - {{- end }} - {{- with .Values.clusterAgent.resources }} - resources: - {{- toYaml . | nindent 12 }} - {{- end }} - volumeMounts: - - name: logs - mountPath: /var/log/stackstate-agent - - name: config-override-volume - mountPath: /etc/stackstate-agent/conf.d/kubernetes_api_events.d/conf.yaml - subPath: kubernetes_api_events_conf - - name: config-override-volume - mountPath: /etc/stackstate-agent/conf.d/kubernetes_api_topology.d/conf.yaml - subPath: kubernetes_api_topology_conf - readOnly: true - {{- if .Values.clusterAgent.collection.kubeStateMetrics.enabled }} - - name: config-override-volume - mountPath: /etc/stackstate-agent/conf.d/kubernetes_state_core.d/conf.yaml - subPath: kube_state_metrics_core_conf - readOnly: true - {{- end }} - {{- if .Values.clusterAgent.config.override }} - {{- range .Values.clusterAgent.config.override }} - - name: config-override-volume - mountPath: {{ .path }}/{{ .name }} - subPath: {{ .path | replace "/" "_"}}_{{ .name }} - readOnly: true - {{- end }} - {{- end }} - nodeSelector: - {{ template "label.os" . }}: {{ .Values.targetSystem }} - {{- with .Values.clusterAgent.nodeSelector }} - {{- toYaml . | nindent 8 }} - {{- end }} - {{- with .Values.clusterAgent.affinity }} - affinity: - {{- toYaml . | nindent 8 }} - {{- end }} - {{- with .Values.clusterAgent.tolerations }} - tolerations: - {{- toYaml . | nindent 8 }} - {{- end }} - volumes: - - name: logs - emptyDir: {} - - name: config-override-volume - configMap: - name: {{ .Release.Name }}-cluster-agent diff --git a/charts/stackstate/stackstate-k8s-agent/1.0.98/templates/cluster-agent-poddisruptionbudget.yaml b/charts/stackstate/stackstate-k8s-agent/1.0.98/templates/cluster-agent-poddisruptionbudget.yaml deleted file mode 100644 index 64a265b7d..000000000 --- a/charts/stackstate/stackstate-k8s-agent/1.0.98/templates/cluster-agent-poddisruptionbudget.yaml +++ /dev/null @@ -1,21 +0,0 @@ -{{- if .Capabilities.APIVersions.Has "policy/v1/PodDisruptionBudget" }} -apiVersion: policy/v1 -{{- else }} -apiVersion: policy/v1beta1 -{{- end }} -kind: PodDisruptionBudget -metadata: - name: {{ include "stackstate-k8s-agent.fullname" . }} - labels: -{{ include "stackstate-k8s-agent.labels" . | indent 4 }} -{{ include "stackstate-k8s-agent.global.extraLabels" . | indent 4 }} - app.kubernetes.io/component: cluster-agent - annotations: -{{ include "stackstate-k8s-agent.global.extraAnnotations" . | indent 4 }} -spec: - maxUnavailable: 1 - selector: - matchLabels: - app.kubernetes.io/component: cluster-agent - app.kubernetes.io/instance: {{ .Release.Name }} - app.kubernetes.io/name: {{ include "stackstate-k8s-agent.name" . }} diff --git a/charts/stackstate/stackstate-k8s-agent/1.0.98/templates/cluster-agent-role.yaml b/charts/stackstate/stackstate-k8s-agent/1.0.98/templates/cluster-agent-role.yaml deleted file mode 100644 index eabc5bde3..000000000 --- a/charts/stackstate/stackstate-k8s-agent/1.0.98/templates/cluster-agent-role.yaml +++ /dev/null @@ -1,21 +0,0 @@ -{{- $kubeRes := .Values.clusterAgent.collection.kubernetesResources }} -apiVersion: rbac.authorization.k8s.io/v1 -kind: Role -metadata: - name: {{ include "stackstate-k8s-agent.fullname" . }} - labels: -{{ include "stackstate-k8s-agent.labels" . | indent 4 }} -{{ include "stackstate-k8s-agent.global.extraLabels" . | indent 4 }} - app.kubernetes.io/component: cluster-agent - annotations: -{{ include "stackstate-k8s-agent.global.extraAnnotations" . | indent 4 }} -rules: -- apiGroups: - - "" - resources: - - configmaps - verbs: - - create - - get - - patch - - update diff --git a/charts/stackstate/stackstate-k8s-agent/1.0.98/templates/cluster-agent-rolebinding.yaml b/charts/stackstate/stackstate-k8s-agent/1.0.98/templates/cluster-agent-rolebinding.yaml deleted file mode 100644 index adabad45e..000000000 --- a/charts/stackstate/stackstate-k8s-agent/1.0.98/templates/cluster-agent-rolebinding.yaml +++ /dev/null @@ -1,18 +0,0 @@ -apiVersion: rbac.authorization.k8s.io/v1 -kind: RoleBinding -metadata: - name: {{ include "stackstate-k8s-agent.fullname" . }} - labels: -{{ include "stackstate-k8s-agent.labels" . | indent 4 }} -{{ include "stackstate-k8s-agent.global.extraLabels" . | indent 4 }} - app.kubernetes.io/component: cluster-agent - annotations: -{{ include "stackstate-k8s-agent.global.extraAnnotations" . | indent 4 }} -roleRef: - apiGroup: rbac.authorization.k8s.io - kind: Role - name: {{ include "stackstate-k8s-agent.fullname" . }} -subjects: -- apiGroup: "" - kind: ServiceAccount - name: {{ include "stackstate-k8s-agent.fullname" . }} diff --git a/charts/stackstate/stackstate-k8s-agent/1.0.98/templates/cluster-agent-service.yaml b/charts/stackstate/stackstate-k8s-agent/1.0.98/templates/cluster-agent-service.yaml deleted file mode 100644 index 8b687e8f7..000000000 --- a/charts/stackstate/stackstate-k8s-agent/1.0.98/templates/cluster-agent-service.yaml +++ /dev/null @@ -1,21 +0,0 @@ -apiVersion: v1 -kind: Service -metadata: - name: {{ .Release.Name }}-cluster-agent - namespace: {{ .Release.Namespace }} - labels: -{{ include "stackstate-k8s-agent.labels" . | indent 4 }} -{{ include "stackstate-k8s-agent.global.extraLabels" . | indent 4 }} - app.kubernetes.io/component: cluster-agent - annotations: -{{ include "stackstate-k8s-agent.global.extraAnnotations" . | indent 4 }} -spec: - ports: - - name: clusteragent - port: {{int .Values.clusterAgent.service.port }} - protocol: TCP - targetPort: {{int .Values.clusterAgent.service.targetPort }} - selector: - app.kubernetes.io/component: cluster-agent - app.kubernetes.io/instance: {{ .Release.Name }} - app.kubernetes.io/name: {{ include "stackstate-k8s-agent.name" . }} diff --git a/charts/stackstate/stackstate-k8s-agent/1.0.98/templates/cluster-agent-serviceaccount.yaml b/charts/stackstate/stackstate-k8s-agent/1.0.98/templates/cluster-agent-serviceaccount.yaml deleted file mode 100644 index 6cbc89699..000000000 --- a/charts/stackstate/stackstate-k8s-agent/1.0.98/templates/cluster-agent-serviceaccount.yaml +++ /dev/null @@ -1,14 +0,0 @@ -apiVersion: v1 -kind: ServiceAccount -metadata: - name: {{ include "stackstate-k8s-agent.fullname" . }} - namespace: {{ .Release.Namespace }} - labels: -{{ include "stackstate-k8s-agent.labels" . | indent 4 }} -{{ include "stackstate-k8s-agent.global.extraLabels" . | indent 4 }} - app.kubernetes.io/component: cluster-agent - annotations: -{{ include "stackstate-k8s-agent.global.extraAnnotations" . | indent 4 }} -{{- with .Values.clusterAgent.serviceaccount.annotations }} - {{- toYaml . | nindent 4 }} -{{- end }} diff --git a/charts/stackstate/stackstate-k8s-agent/1.0.98/templates/logs-agent-clusterrole.yaml b/charts/stackstate/stackstate-k8s-agent/1.0.98/templates/logs-agent-clusterrole.yaml deleted file mode 100644 index da6cd59dd..000000000 --- a/charts/stackstate/stackstate-k8s-agent/1.0.98/templates/logs-agent-clusterrole.yaml +++ /dev/null @@ -1,23 +0,0 @@ -{{- if .Values.logsAgent.enabled }} -apiVersion: rbac.authorization.k8s.io/v1 -kind: ClusterRole -metadata: - name: {{ .Release.Name }}-logs-agent - labels: -{{ include "stackstate-k8s-agent.labels" . | indent 4 }} -{{ include "stackstate-k8s-agent.global.extraLabels" . | indent 4 }} - app.kubernetes.io/component: logs-agent - annotations: -{{ include "stackstate-k8s-agent.global.extraAnnotations" . | indent 4 }} -rules: -- apiGroups: # Kubelet connectivity - - "" - resources: - - nodes - - services - - pods - verbs: - - get - - watch - - list -{{- end -}} diff --git a/charts/stackstate/stackstate-k8s-agent/1.0.98/templates/logs-agent-clusterrolebinding.yaml b/charts/stackstate/stackstate-k8s-agent/1.0.98/templates/logs-agent-clusterrolebinding.yaml deleted file mode 100644 index 1f6e7cfcf..000000000 --- a/charts/stackstate/stackstate-k8s-agent/1.0.98/templates/logs-agent-clusterrolebinding.yaml +++ /dev/null @@ -1,21 +0,0 @@ -{{- if .Values.logsAgent.enabled }} -apiVersion: rbac.authorization.k8s.io/v1 -kind: ClusterRoleBinding -metadata: - name: {{ .Release.Name }}-logs-agent - labels: -{{ include "stackstate-k8s-agent.labels" . | indent 4 }} -{{ include "stackstate-k8s-agent.global.extraLabels" . | indent 4 }} - app.kubernetes.io/component: logs-agent - annotations: -{{ include "stackstate-k8s-agent.global.extraAnnotations" . | indent 4 }} -roleRef: - apiGroup: rbac.authorization.k8s.io - kind: ClusterRole - name: {{ .Release.Name }}-logs-agent -subjects: -- apiGroup: "" - kind: ServiceAccount - name: {{ .Release.Name }}-logs-agent - namespace: {{ .Release.Namespace }} -{{- end -}} diff --git a/charts/stackstate/stackstate-k8s-agent/1.0.98/templates/logs-agent-configmap.yaml b/charts/stackstate/stackstate-k8s-agent/1.0.98/templates/logs-agent-configmap.yaml deleted file mode 100644 index ff9440a4b..000000000 --- a/charts/stackstate/stackstate-k8s-agent/1.0.98/templates/logs-agent-configmap.yaml +++ /dev/null @@ -1,63 +0,0 @@ -{{- if .Values.logsAgent.enabled }} -apiVersion: v1 -kind: ConfigMap -metadata: - name: {{ .Release.Name }}-logs-agent - labels: -{{ include "stackstate-k8s-agent.labels" . | indent 4 }} -{{ include "stackstate-k8s-agent.global.extraLabels" . | indent 4 }} - app.kubernetes.io/component: logs-agent - annotations: -{{ include "stackstate-k8s-agent.global.extraAnnotations" . | indent 4 }} -data: - promtail.yaml: | - server: - http_listen_port: 9080 - grpc_listen_port: 0 - - clients: - - url: {{ tpl .Values.stackstate.url . }}/logs/k8s?api_key=${STS_API_KEY} - external_labels: - sts_cluster_name: {{ .Values.stackstate.cluster.name | quote }} - {{- if .Values.global.proxy.url }} - proxy_url: {{ .Values.global.proxy.url | quote }} - {{- end }} - tls_config: - insecure_skip_verify: {{ or .Values.global.skipSslValidation .Values.logsAgent.skipSslValidation }} - - - positions: - filename: /tmp/positions.yaml - target_config: - sync_period: 10s - scrape_configs: - - job_name: pod-logs - kubernetes_sd_configs: - - role: pod - pipeline_stages: - - docker: {} - - cri: {} - relabel_configs: - - action: replace - source_labels: - - __meta_kubernetes_pod_name - target_label: pod_name - - action: replace - source_labels: - - __meta_kubernetes_pod_uid - target_label: pod_uid - - action: replace - source_labels: - - __meta_kubernetes_pod_container_name - target_label: container_name - # The __path__ is required by the promtail client - - replacement: /var/log/pods/*$1/*.log - separator: / - source_labels: - - __meta_kubernetes_pod_uid - - __meta_kubernetes_pod_container_name - target_label: __path__ - # Drop all remaining labels, we do not need those - - action: drop - regex: __meta_(.*) -{{- end -}} diff --git a/charts/stackstate/stackstate-k8s-agent/1.0.98/templates/logs-agent-daemonset.yaml b/charts/stackstate/stackstate-k8s-agent/1.0.98/templates/logs-agent-daemonset.yaml deleted file mode 100644 index 23cfce31f..000000000 --- a/charts/stackstate/stackstate-k8s-agent/1.0.98/templates/logs-agent-daemonset.yaml +++ /dev/null @@ -1,91 +0,0 @@ -{{- if .Values.logsAgent.enabled }} -apiVersion: apps/v1 -kind: DaemonSet -metadata: - name: {{ .Release.Name }}-logs-agent - namespace: {{ .Release.Namespace }} - labels: -{{ include "stackstate-k8s-agent.labels" . | indent 4 }} -{{ include "stackstate-k8s-agent.global.extraLabels" . | indent 4 }} - app.kubernetes.io/component: logs-agent - annotations: -{{ include "stackstate-k8s-agent.global.extraAnnotations" . | indent 4 }} -spec: - selector: - matchLabels: - app.kubernetes.io/component: logs-agent - app.kubernetes.io/instance: {{ .Release.Name }} - app.kubernetes.io/name: {{ include "stackstate-k8s-agent.name" . }} -{{- with .Values.logsAgent.updateStrategy }} - updateStrategy: - {{- toYaml . | nindent 4 }} -{{- end }} - template: - metadata: - annotations: - {{- include "stackstate-k8s-agent.checksum-configs" . | nindent 8 }} - {{- include "stackstate-k8s-agent.logsAgent.configmap.override.checksum" . | nindent 8 }} -{{ include "stackstate-k8s-agent.global.extraAnnotations" . | indent 8 }} - labels: - app.kubernetes.io/component: logs-agent - app.kubernetes.io/instance: {{ .Release.Name }} - app.kubernetes.io/name: {{ include "stackstate-k8s-agent.name" . }} -{{ include "stackstate-k8s-agent.global.extraLabels" . | indent 8 }} - spec: - {{- include "stackstate-k8s-agent.image.pullSecrets" (dict "images" (list .Values.logsAgent.image .Values.all.image) "context" $) | nindent 6 }} - containers: - - name: logs-agent - image: "{{ include "stackstate-k8s-agent.imageRegistry" . }}/{{ .Values.logsAgent.image.repository }}:{{ .Values.logsAgent.image.tag }}" - args: - - -config.expand-env=true - - -config.file=/etc/promtail/promtail.yaml - imagePullPolicy: "{{ .Values.logsAgent.image.pullPolicy }}" - env: - {{ include "stackstate-k8s-agent.apiKeyEnv" . | nindent 10 }} - - name: "HOSTNAME" # needed when using kubernetes_sd_configs - valueFrom: - fieldRef: - fieldPath: "spec.nodeName" - securityContext: - privileged: false - {{- with .Values.logsAgent.resources }} - resources: - {{- toYaml . | nindent 12 }} - {{- end }} - volumeMounts: - - name: logs - mountPath: /var/log - readOnly: true - - name: logs-agent-config - mountPath: /etc/promtail - readOnly: true - - name: varlibdockercontainers - mountPath: /var/lib/docker/containers - readOnly: true - {{- if .Values.logsAgent.priorityClassName }} - priorityClassName: {{ .Values.logsAgent.priorityClassName }} - {{- end }} - serviceAccountName: {{ .Release.Name }}-logs-agent - {{- with .Values.logsAgent.nodeSelector }} - nodeSelector: - {{- toYaml . | nindent 8 }} - {{- end }} - {{- with .Values.logsAgent.affinity }} - affinity: - {{- toYaml . | nindent 8 }} - {{- end }} - {{- with .Values.logsAgent.tolerations }} - tolerations: - {{- toYaml . | nindent 8 }} - {{- end }} - volumes: - - name: logs - hostPath: - path: /var/log - - name: varlibdockercontainers - hostPath: - path: /var/lib/docker/containers - - name: logs-agent-config - configMap: - name: {{ .Release.Name }}-logs-agent -{{- end -}} diff --git a/charts/stackstate/stackstate-k8s-agent/1.0.98/templates/logs-agent-serviceaccount.yaml b/charts/stackstate/stackstate-k8s-agent/1.0.98/templates/logs-agent-serviceaccount.yaml deleted file mode 100644 index 91cfdb137..000000000 --- a/charts/stackstate/stackstate-k8s-agent/1.0.98/templates/logs-agent-serviceaccount.yaml +++ /dev/null @@ -1,16 +0,0 @@ -{{- if .Values.logsAgent.enabled }} -apiVersion: v1 -kind: ServiceAccount -metadata: - name: {{ .Release.Name }}-logs-agent - namespace: {{ .Release.Namespace }} - labels: -{{ include "stackstate-k8s-agent.labels" . | indent 4 }} -{{ include "stackstate-k8s-agent.global.extraLabels" . | indent 4 }} - app.kubernetes.io/component: logs-agent - annotations: -{{ include "stackstate-k8s-agent.global.extraAnnotations" . | indent 4 }} -{{- with .Values.logsAgent.serviceaccount.annotations }} - {{- toYaml . | nindent 4 }} -{{- end }} -{{- end -}} diff --git a/charts/stackstate/stackstate-k8s-agent/1.0.98/templates/node-agent-clusterrole.yaml b/charts/stackstate/stackstate-k8s-agent/1.0.98/templates/node-agent-clusterrole.yaml deleted file mode 100644 index 1ded16cc2..000000000 --- a/charts/stackstate/stackstate-k8s-agent/1.0.98/templates/node-agent-clusterrole.yaml +++ /dev/null @@ -1,21 +0,0 @@ -apiVersion: rbac.authorization.k8s.io/v1 -kind: ClusterRole -metadata: - name: {{ .Release.Name }}-node-agent - labels: -{{ include "stackstate-k8s-agent.labels" . | indent 4 }} -{{ include "stackstate-k8s-agent.global.extraLabels" . | indent 4 }} - app.kubernetes.io/component: node-agent - annotations: -{{ include "stackstate-k8s-agent.global.extraAnnotations" . | indent 4 }} -rules: -- apiGroups: # Kubelet connectivity - - "" - resources: - - nodes/metrics - - nodes/proxy - - nodes/spec - - endpoints - verbs: - - get - - list diff --git a/charts/stackstate/stackstate-k8s-agent/1.0.98/templates/node-agent-clusterrolebinding.yaml b/charts/stackstate/stackstate-k8s-agent/1.0.98/templates/node-agent-clusterrolebinding.yaml deleted file mode 100644 index b3f033ebb..000000000 --- a/charts/stackstate/stackstate-k8s-agent/1.0.98/templates/node-agent-clusterrolebinding.yaml +++ /dev/null @@ -1,19 +0,0 @@ -apiVersion: rbac.authorization.k8s.io/v1 -kind: ClusterRoleBinding -metadata: - name: {{ .Release.Name }}-node-agent - labels: -{{ include "stackstate-k8s-agent.labels" . | indent 4 }} -{{ include "stackstate-k8s-agent.global.extraLabels" . | indent 4 }} - app.kubernetes.io/component: node-agent - annotations: -{{ include "stackstate-k8s-agent.global.extraAnnotations" . | indent 4 }} -roleRef: - apiGroup: rbac.authorization.k8s.io - kind: ClusterRole - name: {{ .Release.Name }}-node-agent -subjects: -- apiGroup: "" - kind: ServiceAccount - name: {{ .Release.Name }}-node-agent - namespace: {{ .Release.Namespace }} diff --git a/charts/stackstate/stackstate-k8s-agent/1.0.98/templates/node-agent-configmap.yaml b/charts/stackstate/stackstate-k8s-agent/1.0.98/templates/node-agent-configmap.yaml deleted file mode 100644 index 8f6b2ed3a..000000000 --- a/charts/stackstate/stackstate-k8s-agent/1.0.98/templates/node-agent-configmap.yaml +++ /dev/null @@ -1,17 +0,0 @@ -{{- if .Values.nodeAgent.config.override }} -apiVersion: v1 -kind: ConfigMap -metadata: - name: {{ .Release.Name }}-node-agent - labels: -{{ include "stackstate-k8s-agent.labels" . | indent 4 }} -{{ include "stackstate-k8s-agent.global.extraLabels" . | indent 4 }} - app.kubernetes.io/component: node-agent - annotations: -{{ include "stackstate-k8s-agent.global.extraAnnotations" . | indent 4 }} -data: -{{- range .Values.nodeAgent.config.override }} - {{ .path | replace "/" "_"}}_{{ .name }}: | -{{ .data | indent 4 -}} -{{- end -}} -{{- end -}} diff --git a/charts/stackstate/stackstate-k8s-agent/1.0.98/templates/node-agent-daemonset.yaml b/charts/stackstate/stackstate-k8s-agent/1.0.98/templates/node-agent-daemonset.yaml deleted file mode 100644 index 4c8dbdd5a..000000000 --- a/charts/stackstate/stackstate-k8s-agent/1.0.98/templates/node-agent-daemonset.yaml +++ /dev/null @@ -1,110 +0,0 @@ ---- -apiVersion: apps/v1 -kind: DaemonSet -metadata: - name: {{ .Release.Name }}-node-agent - namespace: {{ .Release.Namespace }} - labels: -{{ include "stackstate-k8s-agent.labels" . | indent 4 }} -{{ include "stackstate-k8s-agent.global.extraLabels" . | indent 4 }} - app.kubernetes.io/component: node-agent - annotations: -{{ include "stackstate-k8s-agent.global.extraAnnotations" . | indent 4 }} -spec: - selector: - matchLabels: - app.kubernetes.io/component: node-agent - app.kubernetes.io/instance: {{ .Release.Name }} - app.kubernetes.io/name: {{ include "stackstate-k8s-agent.name" . }} -{{- with .Values.nodeAgent.updateStrategy }} - updateStrategy: - {{- toYaml . | nindent 4 }} -{{- end }} - template: - metadata: - annotations: - {{- include "stackstate-k8s-agent.checksum-configs" . | nindent 8 }} - {{- include "stackstate-k8s-agent.nodeAgent.configmap.override.checksum" . | nindent 8 }} -{{ include "stackstate-k8s-agent.global.extraAnnotations" . | indent 8 }} - labels: - app.kubernetes.io/component: node-agent - app.kubernetes.io/instance: {{ .Release.Name }} - app.kubernetes.io/name: {{ include "stackstate-k8s-agent.name" . }} -{{ include "stackstate-k8s-agent.global.extraLabels" . | indent 8 }} - spec: - {{- include "stackstate-k8s-agent.image.pullSecrets" (dict "images" (list .Values.nodeAgent.containers.agent.image .Values.all.image) "context" $) | nindent 6 }} - {{- if .Values.all.hardening.enabled}} - terminationGracePeriodSeconds: 240 - {{- end }} - containers: - {{- include "container-agent" . | nindent 6 }} - {{- if .Values.nodeAgent.containers.processAgent.enabled }} - {{- include "container-process-agent" . | nindent 6 }} - {{- end }} - dnsPolicy: ClusterFirstWithHostNet - hostNetwork: true - hostPID: true - {{- if .Values.nodeAgent.priorityClassName }} - priorityClassName: {{ .Values.nodeAgent.priorityClassName }} - {{- end }} - serviceAccountName: {{ .Release.Name }}-node-agent - nodeSelector: - {{ template "label.os" . }}: {{ .Values.targetSystem }} - {{- with .Values.nodeAgent.nodeSelector }} - {{- toYaml . | nindent 8 }} - {{- end }} - {{- with .Values.nodeAgent.affinity }} - affinity: - {{- toYaml . | nindent 8 }} - {{- end }} - {{- with .Values.nodeAgent.tolerations }} - tolerations: - {{- toYaml . | nindent 8 }} - {{- end }} - volumes: - {{- if .Values.nodeAgent.containerRuntime.customSocketPath }} - - hostPath: - path: {{ .Values.nodeAgent.containerRuntime.customSocketPath }} - name: customcrisocket - {{- end }} - - hostPath: - path: /var/lib/kubelet - name: kubelet - - hostPath: - path: /var/lib/nfs - name: nfs - - hostPath: - path: /var/lib/docker/overlay2 - name: dockeroverlay2 - - hostPath: - path: /run/docker/netns - name: dockernetns - - hostPath: - path: /var/run/crio/crio.sock - name: crisocket - - hostPath: - path: /var/run/containerd/containerd.sock - name: containerdsocket - - hostPath: - path: /sys/kernel/debug - name: sys-kernel-debug - - hostPath: - path: /var/run/docker.sock - name: dockersocket - - hostPath: - path: {{ .Values.nodeAgent.containerRuntime.hostProc }} - name: procdir - - hostPath: - path: /etc - name: etcdir - - hostPath: - path: /etc/passwd - name: passwd - - hostPath: - path: /sys/fs/cgroup - name: cgroups - {{- if .Values.nodeAgent.config.override }} - - name: config-override-volume - configMap: - name: {{ .Release.Name }}-node-agent - {{- end }} diff --git a/charts/stackstate/stackstate-k8s-agent/1.0.98/templates/node-agent-podautoscaler.yaml b/charts/stackstate/stackstate-k8s-agent/1.0.98/templates/node-agent-podautoscaler.yaml deleted file mode 100644 index 38298d414..000000000 --- a/charts/stackstate/stackstate-k8s-agent/1.0.98/templates/node-agent-podautoscaler.yaml +++ /dev/null @@ -1,39 +0,0 @@ ---- -{{- if .Values.nodeAgent.autoScalingEnabled }} -apiVersion: "autoscaling.k8s.io/v1" -kind: VerticalPodAutoscaler -metadata: - name: {{ .Release.Name }}-node-agent-vpa - namespace: {{ .Release.Namespace }} - labels: -{{ include "stackstate-k8s-agent.global.extraLabels" . | indent 4 }} - annotations: -{{ include "stackstate-k8s-agent.global.extraAnnotations" . | indent 4 }} -spec: - targetRef: - apiVersion: "apps/v1" - kind: DaemonSet - name: {{ .Release.Name }}-node-agent - resourcePolicy: - containerPolicies: - - containerName: 'node-agent' - minAllowed: - cpu: {{ .Values.nodeAgent.scaling.autoscalerLimits.agent.minimum.cpu }} - memory: {{ .Values.nodeAgent.scaling.autoscalerLimits.agent.minimum.memory }} - maxAllowed: - cpu: {{ .Values.nodeAgent.scaling.autoscalerLimits.agent.maximum.cpu }} - memory: {{ .Values.nodeAgent.scaling.autoscalerLimits.agent.maximum.memory }} - controlledResources: ["cpu", "memory"] - controlledValues: RequestsAndLimits - - containerName: 'process-agent' - minAllowed: - cpu: {{ .Values.nodeAgent.scaling.autoscalerLimits.processAgent.minimum.cpu }} - memory: {{ .Values.nodeAgent.scaling.autoscalerLimits.processAgent.minimum.memory }} - maxAllowed: - cpu: {{ .Values.nodeAgent.scaling.autoscalerLimits.processAgent.maximum.cpu }} - memory: {{ .Values.nodeAgent.scaling.autoscalerLimits.processAgent.maximum.memory }} - controlledResources: ["cpu", "memory"] - controlledValues: RequestsAndLimits - updatePolicy: - updateMode: "Auto" -{{- end }} diff --git a/charts/stackstate/stackstate-k8s-agent/1.0.98/templates/node-agent-scc.yaml b/charts/stackstate/stackstate-k8s-agent/1.0.98/templates/node-agent-scc.yaml deleted file mode 100644 index a09da78c1..000000000 --- a/charts/stackstate/stackstate-k8s-agent/1.0.98/templates/node-agent-scc.yaml +++ /dev/null @@ -1,60 +0,0 @@ -{{- if .Values.nodeAgent.scc.enabled }} -allowHostDirVolumePlugin: true -# was true -allowHostIPC: true -# was true -allowHostNetwork: true -# Allow host PID for dogstatsd origin detection -allowHostPID: true -# Allow host ports for dsd / trace / logs intake -allowHostPorts: true -allowPrivilegeEscalation: true -# was true -allowPrivilegedContainer: true -# was - '*' -allowedCapabilities: [] -allowedUnsafeSysctls: -- '*' -apiVersion: security.openshift.io/v1 -defaultAddCapabilities: null -fsGroup: -# was RunAsAny - type: MustRunAs -groups: [] -kind: SecurityContextConstraints -metadata: - name: {{ .Release.Name }}-node-agent - namespace: {{ .Release.Namespace }} - labels: -{{ include "stackstate-k8s-agent.global.extraLabels" . | indent 4 }} - annotations: -{{ include "stackstate-k8s-agent.global.extraAnnotations" . | indent 4 }} -priority: null -readOnlyRootFilesystem: false -requiredDropCapabilities: null -# was RunAsAny -runAsUser: - type: MustRunAsRange -# Use the `spc_t` selinux type to access the -# docker socket + proc and cgroup stats -seLinuxContext: - type: RunAsAny - seLinuxOptions: - user: "system_u" - role: "system_r" - type: "spc_t" - level: "s0" -# was - '*' -seccompProfiles: [] -supplementalGroups: - type: RunAsAny -users: -- system:serviceaccount:{{ .Release.Namespace }}:{{ .Release.Name }}-node-agent -# Allow hostPath for docker / process metrics -volumes: - - configMap - - downwardAPI - - emptyDir - - hostPath - - secret -{{- end }} diff --git a/charts/stackstate/stackstate-k8s-agent/1.0.98/templates/node-agent-service.yaml b/charts/stackstate/stackstate-k8s-agent/1.0.98/templates/node-agent-service.yaml deleted file mode 100644 index 0b6cd6ec0..000000000 --- a/charts/stackstate/stackstate-k8s-agent/1.0.98/templates/node-agent-service.yaml +++ /dev/null @@ -1,28 +0,0 @@ -apiVersion: v1 -kind: Service -metadata: - name: {{ .Release.Name }}-node-agent - namespace: {{ .Release.Namespace }} - labels: -{{ include "stackstate-k8s-agent.labels" . | indent 4 }} -{{ include "stackstate-k8s-agent.global.extraLabels" . | indent 4 }} - app.kubernetes.io/component: node-agent - annotations: -{{ include "stackstate-k8s-agent.global.extraAnnotations" . | indent 4 }} -{{- with .Values.nodeAgent.service.annotations }} - {{- toYaml . | nindent 4 }} -{{- end }} -spec: - type: {{ .Values.nodeAgent.service.type }} -{{- if eq .Values.nodeAgent.service.type "LoadBalancer" }} - loadBalancerSourceRanges: {{ toYaml .Values.nodeAgent.service.loadBalancerSourceRanges | nindent 4}} -{{- end }} - ports: - - name: traceport - port: 8126 - protocol: TCP - targetPort: 8126 - selector: - app.kubernetes.io/component: node-agent - app.kubernetes.io/instance: {{ .Release.Name }} - app.kubernetes.io/name: {{ include "stackstate-k8s-agent.name" . }} diff --git a/charts/stackstate/stackstate-k8s-agent/1.0.98/templates/node-agent-serviceaccount.yaml b/charts/stackstate/stackstate-k8s-agent/1.0.98/templates/node-agent-serviceaccount.yaml deleted file mode 100644 index 803d184ef..000000000 --- a/charts/stackstate/stackstate-k8s-agent/1.0.98/templates/node-agent-serviceaccount.yaml +++ /dev/null @@ -1,14 +0,0 @@ -apiVersion: v1 -kind: ServiceAccount -metadata: - name: {{ .Release.Name }}-node-agent - namespace: {{ .Release.Namespace }} - labels: -{{ include "stackstate-k8s-agent.labels" . | indent 4 }} -{{ include "stackstate-k8s-agent.global.extraLabels" . | indent 4 }} - app.kubernetes.io/component: node-agent - annotations: -{{ include "stackstate-k8s-agent.global.extraAnnotations" . | indent 4 }} -{{- with .Values.nodeAgent.serviceaccount.annotations }} - {{- toYaml . | nindent 4 }} -{{- end }} diff --git a/charts/stackstate/stackstate-k8s-agent/1.0.98/templates/openshift-logging-secret.yaml b/charts/stackstate/stackstate-k8s-agent/1.0.98/templates/openshift-logging-secret.yaml deleted file mode 100644 index ed0707f1f..000000000 --- a/charts/stackstate/stackstate-k8s-agent/1.0.98/templates/openshift-logging-secret.yaml +++ /dev/null @@ -1,22 +0,0 @@ -{{- if not .Values.stackstate.manageOwnSecrets }} -{{- if .Values.openShiftLogging.installSecret }} -apiVersion: v1 -kind: Secret -metadata: - name: {{ include "stackstate-k8s-agent.fullname" . }}-logging-secret - namespace: openshift-logging - labels: -{{ include "stackstate-k8s-agent.labels" . | indent 4 }} -{{ include "stackstate-k8s-agent.global.extraLabels" . | indent 4 }} - annotations: -{{ include "stackstate-k8s-agent.global.extraAnnotations" . | indent 4 }} -type: Opaque -data: - username: {{ "apikey" | b64enc | quote }} -{{- if .Values.global.receiverApiKey }} - password: {{ .Values.global.receiverApiKey | b64enc | quote }} -{{- else }} - password: {{ .Values.stackstate.apiKey | b64enc | quote }} -{{- end }} -{{- end }} -{{- end }} diff --git a/charts/stackstate/stackstate-k8s-agent/1.0.98/templates/pull-secret.yaml b/charts/stackstate/stackstate-k8s-agent/1.0.98/templates/pull-secret.yaml deleted file mode 100644 index 916941665..000000000 --- a/charts/stackstate/stackstate-k8s-agent/1.0.98/templates/pull-secret.yaml +++ /dev/null @@ -1,39 +0,0 @@ -{{- $defaultRegistry := .Values.global.imageRegistry }} -{{- $top := . }} -{{- $registryAuthMap := dict }} - -{{- range $registry, $credentials := .Values.global.imagePullCredentials }} - {{- $registryAuthDocument := dict -}} - {{- $_ := set $registryAuthDocument "username" $credentials.username }} - {{- $_ := set $registryAuthDocument "password" $credentials.password }} - {{- $authMessage := printf "%s:%s" $registryAuthDocument.username $registryAuthDocument.password | b64enc }} - {{- $_ := set $registryAuthDocument "auth" $authMessage }} - {{- if eq $registry "default" }} - {{- $registryAuthMap := set $registryAuthMap (include "stackstate-k8s-agent.imageRegistry" $top) $registryAuthDocument }} - {{ else }} - {{- $registryAuthMap := set $registryAuthMap $registry $registryAuthDocument }} - {{- end }} -{{- end }} - -{{- if .Values.all.image.pullSecretUsername }} - {{- $registryAuthDocument := dict -}} - {{- $_ := set $registryAuthDocument "username" .Values.all.image.pullSecretUsername }} - {{- $_ := set $registryAuthDocument "password" .Values.all.image.pullSecretPassword }} - {{- $authMessage := printf "%s:%s" $registryAuthDocument.username $registryAuthDocument.password | b64enc }} - {{- $_ := set $registryAuthDocument "auth" $authMessage }} - {{- $registryAuthMap := set $registryAuthMap (include "stackstate-k8s-agent.imageRegistry" $top) $registryAuthDocument }} -{{- end }} - -{{- $dockerAuthsDocuments := dict "auths" $registryAuthMap }} - -apiVersion: v1 -kind: Secret -metadata: - name: {{ include "stackstate-k8s-agent.pull-secret.name" . }} - labels: -{{ include "stackstate-k8s-agent.global.extraLabels" . | indent 4 }} - annotations: -{{ include "stackstate-k8s-agent.global.extraAnnotations" . | indent 4 }} -data: - .dockerconfigjson: {{ $dockerAuthsDocuments | toJson | b64enc | quote }} -type: kubernetes.io/dockerconfigjson diff --git a/charts/stackstate/stackstate-k8s-agent/1.0.98/templates/secret.yaml b/charts/stackstate/stackstate-k8s-agent/1.0.98/templates/secret.yaml deleted file mode 100644 index 5e0f5f74c..000000000 --- a/charts/stackstate/stackstate-k8s-agent/1.0.98/templates/secret.yaml +++ /dev/null @@ -1,27 +0,0 @@ -{{- if not .Values.stackstate.manageOwnSecrets }} -apiVersion: v1 -kind: Secret -metadata: - name: {{ include "stackstate-k8s-agent.fullname" . }} - namespace: {{ .Release.Namespace }} - labels: -{{ include "stackstate-k8s-agent.labels" . | indent 4 }} -{{ include "stackstate-k8s-agent.global.extraLabels" . | indent 4 }} - annotations: -{{ include "stackstate-k8s-agent.global.extraAnnotations" . | indent 4 }} -type: Opaque -data: -{{- if .Values.global.receiverApiKey }} - sts-api-key: {{ .Values.global.receiverApiKey | b64enc | quote }} -{{- else }} - sts-api-key: {{ .Values.stackstate.apiKey | b64enc | quote }} -{{- end }} -{{- if .Values.stackstate.cluster.authToken }} - sts-cluster-auth-token: {{ .Values.stackstate.cluster.authToken | b64enc | quote }} -{{- else }} - sts-cluster-auth-token: {{ randAlphaNum 32 | b64enc | quote }} -{{- end }} -{{- range $key, $value := .Values.global.extraEnv.secret }} - {{ $key }}: {{ $value | b64enc | quote }} -{{- end }} -{{- end }} diff --git a/charts/stackstate/stackstate-k8s-agent/1.0.98/test/clusteragent_resources_test.go b/charts/stackstate/stackstate-k8s-agent/1.0.98/test/clusteragent_resources_test.go deleted file mode 100644 index 25875e871..000000000 --- a/charts/stackstate/stackstate-k8s-agent/1.0.98/test/clusteragent_resources_test.go +++ /dev/null @@ -1,145 +0,0 @@ -package test - -import ( - "regexp" - "strings" - "testing" - - v1 "k8s.io/api/rbac/v1" - - "github.com/stretchr/testify/assert" - "gitlab.com/StackVista/DevOps/helm-charts/helmtestutil" -) - -var requiredRules = []string{ - "events+get,list,watch", - "nodes+get,list,watch", - "pods+get,list,watch", - "services+get,list,watch", - "configmaps+create,get,patch,update", -} - -var optionalRules = []string{ - "namespaces+get,list,watch", - "componentstatuses+get,list,watch", - "configmaps+list,watch", // get is already required - "endpoints+get,list,watch", - "persistentvolumeclaims+get,list,watch", - "persistentvolumes+get,list,watch", - "secrets+get,list,watch", - "apps/daemonsets+get,list,watch", - "apps/deployments+get,list,watch", - "apps/replicasets+get,list,watch", - "apps/statefulsets+get,list,watch", - "extensions/ingresses+get,list,watch", - "batch/cronjobs+get,list,watch", - "batch/jobs+get,list,watch", -} - -var roleDescriptionRegexp = regexp.MustCompile(`^((?P\w+)/)?(?P\w+)\+(?P[\w,]+)`) - -type Rule struct { - Group string - ResourceName string - Verb string -} - -func assertRuleExistence(t *testing.T, rules []v1.PolicyRule, roleDescription string, shouldBePresent bool) { - match := roleDescriptionRegexp.FindStringSubmatch(roleDescription) - assert.NotNil(t, match) - - var roleRules []Rule - for _, rule := range rules { - for _, group := range rule.APIGroups { - for _, resource := range rule.Resources { - for _, verb := range rule.Verbs { - roleRules = append(roleRules, Rule{group, resource, verb}) - } - } - } - } - - resGroup := match[roleDescriptionRegexp.SubexpIndex("group")] - resName := match[roleDescriptionRegexp.SubexpIndex("name")] - verbs := strings.Split(match[roleDescriptionRegexp.SubexpIndex("verbs")], ",") - - for _, verb := range verbs { - requiredRule := Rule{resGroup, resName, verb} - found := false - for _, rule := range roleRules { - if rule == requiredRule { - found = true - break - } - } - if shouldBePresent { - assert.Truef(t, found, "Rule %v has not been found", requiredRule) - } else { - assert.Falsef(t, found, "Rule %v should not be present", requiredRule) - } - } -} - -func TestAllResourcesAreEnabled(t *testing.T) { - output := helmtestutil.RenderHelmTemplate(t, "stackstate-k8s-agent", "values/minimal.yaml") - resources := helmtestutil.NewKubernetesResources(t, output) - - assert.Contains(t, resources.ClusterRoles, "stackstate-k8s-agent") - assert.Contains(t, resources.Roles, "stackstate-k8s-agent") - rules := resources.ClusterRoles["stackstate-k8s-agent"].Rules - rules = append(rules, resources.Roles["stackstate-k8s-agent"].Rules...) - - for _, requiredRole := range requiredRules { - assertRuleExistence(t, rules, requiredRole, true) - } - // be default, everything is enabled, so all the optional roles should be present as well - for _, optionalRule := range optionalRules { - assertRuleExistence(t, rules, optionalRule, true) - } -} - -func TestMostOfResourcesAreDisabled(t *testing.T) { - output := helmtestutil.RenderHelmTemplate(t, "stackstate-k8s-agent", "values/minimal.yaml", "values/disable-all-resource.yaml") - resources := helmtestutil.NewKubernetesResources(t, output) - - assert.Contains(t, resources.ClusterRoles, "stackstate-k8s-agent") - assert.Contains(t, resources.Roles, "stackstate-k8s-agent") - rules := resources.ClusterRoles["stackstate-k8s-agent"].Rules - rules = append(rules, resources.Roles["stackstate-k8s-agent"].Rules...) - - for _, requiredRole := range requiredRules { - assertRuleExistence(t, rules, requiredRole, true) - } - - // we expect all optional resources to be removed from ClusterRole with the given values - for _, optionalRule := range optionalRules { - assertRuleExistence(t, rules, optionalRule, false) - } -} - -func TestNoClusterWideModificationRights(t *testing.T) { - output := helmtestutil.RenderHelmTemplate(t, "stackstate-k8s-agent", "values/minimal.yaml", "values/http-header-injector.yaml") - resources := helmtestutil.NewKubernetesResources(t, output) - assert.Contains(t, resources.ClusterRoles, "stackstate-k8s-agent") - illegalVerbs := []string{"create", "patch", "update", "delete"} - - for _, clusterRole := range resources.ClusterRoles { - for _, rule := range clusterRole.Rules { - for _, verb := range rule.Verbs { - assert.NotContains(t, illegalVerbs, verb, "ClusterRole %s should not have %s verb for %s resource", clusterRole.Name, verb, rule.Resources) - } - } - } -} - -func TestServicePortChange(t *testing.T) { - output := helmtestutil.RenderHelmTemplate(t, "stackstate-k8s-agent", "values/minimal.yaml", "values/clustercheck_service_port_override.yaml") - resources := helmtestutil.NewKubernetesResources(t, output) - - cluster_agent_service := resources.Services["stackstate-k8s-agent-cluster-agent"] - - port := cluster_agent_service.Spec.Ports[0] - assert.Equal(t, port.Name, "clusteragent") - assert.Equal(t, port.Port, int32(8008)) - assert.Equal(t, port.TargetPort.IntVal, int32(9009)) -} diff --git a/charts/stackstate/stackstate-k8s-agent/1.0.98/test/clustername_test.go b/charts/stackstate/stackstate-k8s-agent/1.0.98/test/clustername_test.go deleted file mode 100644 index 55090b995..000000000 --- a/charts/stackstate/stackstate-k8s-agent/1.0.98/test/clustername_test.go +++ /dev/null @@ -1,54 +0,0 @@ -package test - -import ( - "testing" - - "github.com/gruntwork-io/terratest/modules/helm" - "github.com/stretchr/testify/assert" - - "gitlab.com/StackVista/DevOps/helm-charts/helmtestutil" -) - -func TestHelmBasicRender(t *testing.T) { - output := helmtestutil.RenderHelmTemplate(t, "stackstate-k8s-agent", "values/minimal.yaml") - - // Parse all resources into their corresponding types for validation and further inspection - helmtestutil.NewKubernetesResources(t, output) -} - -func TestClusterNameValidation(t *testing.T) { - testCases := []struct { - Name string - ClusterName string - IsValid bool - }{ - {"not allowed end with special character [.]", "name.", false}, - {"not allowed end with special character [-]", "name.", false}, - {"not allowed start with special character [-]", "-name", false}, - {"not allowed start with special character [.]", ".name", false}, - {"upper case is not allowed", "Euwest1-prod.cool-company.com", false}, - {"upper case is not allowed", "euwest1-PROD.cool-company.com", false}, - {"upper case is not allowed", "euwest1-prod.cool-company.coM", false}, - {"dots and dashes are allowed in the middle", "euwest1-prod.cool-company.com", true}, - {"underscore is not allowed", "why_7", false}, - } - - for _, testCase := range testCases { - t.Run(testCase.Name, func(t *testing.T) { - output, err := helmtestutil.RenderHelmTemplateOpts( - t, "cluster-agent", - &helm.Options{ - ValuesFiles: []string{"values/minimal.yaml"}, - SetStrValues: map[string]string{ - "stackstate.cluster.name": testCase.ClusterName, - }, - }) - if testCase.IsValid { - assert.Nil(t, err) - } else { - assert.NotNil(t, err) - assert.Contains(t, output, "stackstate.cluster.name: Does not match pattern") - } - }) - } -} diff --git a/charts/stackstate/stackstate-k8s-agent/1.0.98/test/values/clustercheck_ksm_custom_url.yaml b/charts/stackstate/stackstate-k8s-agent/1.0.98/test/values/clustercheck_ksm_custom_url.yaml deleted file mode 100644 index 57b973eed..000000000 --- a/charts/stackstate/stackstate-k8s-agent/1.0.98/test/values/clustercheck_ksm_custom_url.yaml +++ /dev/null @@ -1,7 +0,0 @@ -checksAgent: - enabled: true - kubeStateMetrics: - url: http://my-custom-ksm-url.monitoring.svc.local:8080/metrics -dependencies: - kubeStateMetrics: - enabled: true diff --git a/charts/stackstate/stackstate-k8s-agent/1.0.98/test/values/clustercheck_ksm_no_override.yaml b/charts/stackstate/stackstate-k8s-agent/1.0.98/test/values/clustercheck_ksm_no_override.yaml deleted file mode 100644 index b6c817d47..000000000 --- a/charts/stackstate/stackstate-k8s-agent/1.0.98/test/values/clustercheck_ksm_no_override.yaml +++ /dev/null @@ -1,5 +0,0 @@ -checksAgent: - enabled: true -dependencies: - kubeStateMetrics: - enabled: true diff --git a/charts/stackstate/stackstate-k8s-agent/1.0.98/test/values/clustercheck_ksm_override.yaml b/charts/stackstate/stackstate-k8s-agent/1.0.98/test/values/clustercheck_ksm_override.yaml deleted file mode 100644 index 9ca201345..000000000 --- a/charts/stackstate/stackstate-k8s-agent/1.0.98/test/values/clustercheck_ksm_override.yaml +++ /dev/null @@ -1,26 +0,0 @@ -checksAgent: - enabled: true -dependencies: - kubeStateMetrics: - enabled: true -agent: - config: - override: -# agent.config.override -- Disables kubernetes_state check on regular agent pods. - - name: auto_conf.yaml - path: /etc/stackstate-agent/conf.d/kubernetes_state.d - data: | -clusterAgent: - config: - override: -# clusterAgent.config.override -- Defines kubernetes_state check for clusterchecks agents. Auto-discovery -# with ad_identifiers does not work here. Use a specific URL instead. - - name: conf.yaml - path: /etc/stackstate-agent/conf.d/kubernetes_state.d - data: | - cluster_check: true - - init_config: - - instances: - - kube_state_url: http://YOUR_KUBE_STATE_METRICS_SERVICE_NAME:8080/metrics diff --git a/charts/stackstate/stackstate-k8s-agent/1.0.98/test/values/clustercheck_no_ksm_custom_url.yaml b/charts/stackstate/stackstate-k8s-agent/1.0.98/test/values/clustercheck_no_ksm_custom_url.yaml deleted file mode 100644 index a62691878..000000000 --- a/charts/stackstate/stackstate-k8s-agent/1.0.98/test/values/clustercheck_no_ksm_custom_url.yaml +++ /dev/null @@ -1,7 +0,0 @@ -checksAgent: - enabled: true - kubeStateMetrics: - url: http://my-custom-ksm-url.monitoring.svc.local:8080/metrics -dependencies: - kubeStateMetrics: - enabled: false diff --git a/charts/stackstate/stackstate-k8s-agent/1.0.98/test/values/clustercheck_service_port_override.yaml b/charts/stackstate/stackstate-k8s-agent/1.0.98/test/values/clustercheck_service_port_override.yaml deleted file mode 100644 index c01a98fcb..000000000 --- a/charts/stackstate/stackstate-k8s-agent/1.0.98/test/values/clustercheck_service_port_override.yaml +++ /dev/null @@ -1,4 +0,0 @@ -clusterAgent: - service: - port: 8008 - targetPort: 9009 diff --git a/charts/stackstate/stackstate-k8s-agent/1.0.98/test/values/disable-all-resource.yaml b/charts/stackstate/stackstate-k8s-agent/1.0.98/test/values/disable-all-resource.yaml deleted file mode 100644 index cd33e843e..000000000 --- a/charts/stackstate/stackstate-k8s-agent/1.0.98/test/values/disable-all-resource.yaml +++ /dev/null @@ -1,17 +0,0 @@ -clusterAgent: - collection: - kubernetesMetrics: false - kubernetesResources: - namespaces: false - configmaps: false - endpoints: false - persistentvolumes: false - persistentvolumeclaims: false - secrets: false - daemonsets: false - deployments: false - replicasets: false - statefulsets: false - ingresses: false - cronjobs: false - jobs: false diff --git a/charts/stackstate/stackstate-k8s-agent/1.0.98/test/values/http-header-injector.yaml b/charts/stackstate/stackstate-k8s-agent/1.0.98/test/values/http-header-injector.yaml deleted file mode 100644 index c9392ce2d..000000000 --- a/charts/stackstate/stackstate-k8s-agent/1.0.98/test/values/http-header-injector.yaml +++ /dev/null @@ -1,8 +0,0 @@ -httpHeaderInjectorWebhook: - webhook: - tls: - mode: "provided" - provided: - caBundle: insert-ca-here - crt: insert-cert-here - key: insert-key-here diff --git a/charts/stackstate/stackstate-k8s-agent/1.0.98/test/values/minimal.yaml b/charts/stackstate/stackstate-k8s-agent/1.0.98/test/values/minimal.yaml deleted file mode 100644 index b310c9a09..000000000 --- a/charts/stackstate/stackstate-k8s-agent/1.0.98/test/values/minimal.yaml +++ /dev/null @@ -1,7 +0,0 @@ -stackstate: - apiKey: foobar - cluster: - name: some-k8s-cluster - token: some-token - - url: https://stackstate:7000/receiver diff --git a/charts/stackstate/stackstate-k8s-agent/1.0.98/values.schema.json b/charts/stackstate/stackstate-k8s-agent/1.0.98/values.schema.json deleted file mode 100644 index 57d36a9f3..000000000 --- a/charts/stackstate/stackstate-k8s-agent/1.0.98/values.schema.json +++ /dev/null @@ -1,78 +0,0 @@ -{ - "$schema": "https://json-schema.org/draft/2019-09/schema", - "$id": "https://stackstate.io/example.json", - "type": "object", - "default": {}, - "title": "StackState Agent Helm chart values", - "required": [ - "stackstate", - "clusterAgent" - ], - "properties": { - "stackstate": { - "type": "object", - "required": [ - "cluster", - "url" - ], - "properties": { - "apiKey": { - "type": "string" - }, - "cluster": { - "type": "object", - "required": ["name"], - "properties": { - "name": { - "type": "string", - "pattern": "^[a-z0-9]([a-z0-9\\-\\.]*[a-z0-9])$" - }, - "authToken": { - "type": "string" - } - } - }, - "url": { - "type": "string" - } - } - }, - "clusterAgent": { - "type": "object", - "required": [ - "config" - ], - "properties": { - "config": { - "type": "object", - "required": [ - "events" - ], - "properties": { - "events": { - "type": "object", - "properties": { - "categories": { - "type": "object", - "patternProperties": { - ".*": { - "type": [ - "string" - ], - "enum": [ - "Alerts", - "Activities", - "Changes", - "Others" - ] - } - } - } - } - } - } - } - } - } - } -} diff --git a/charts/stackstate/stackstate-k8s-agent/1.0.98/values.yaml b/charts/stackstate/stackstate-k8s-agent/1.0.98/values.yaml deleted file mode 100644 index c58846a7c..000000000 --- a/charts/stackstate/stackstate-k8s-agent/1.0.98/values.yaml +++ /dev/null @@ -1,616 +0,0 @@ -##################### -# General variables # -##################### - -global: - extraEnv: - # global.extraEnv.open -- Extra open environment variables to inject into pods. - open: {} - # global.extraEnv.secret -- Extra secret environment variables to inject into pods via a `Secret` object. - secret: {} - # global.imagePullSecrets -- Secrets / credentials needed for container image registry. - imagePullSecrets: [] - # global.imagePullCredentials -- Globally define credentials for pulling images. - imagePullCredentials: {} - proxy: - # global.proxy.url -- Proxy for all traffic to stackstate - url: "" - # global.skipSslValidation -- Enable tls validation from client - skipSslValidation: false - - # global.extraLabels -- Extra labels added ta all resources created by the helm chart - extraLabels: {} - # global.extraAnnotations -- Extra annotations added ta all resources created by the helm chart - extraAnnotations: {} - -# nameOverride -- Override the name of the chart. -nameOverride: "" -# fullnameOverride -- Override the fullname of the chart. -fullnameOverride: "" - -# targetSystem -- Target OS for this deployment (possible values: linux) -targetSystem: "linux" - -all: - image: - # all.image.registry -- The image registry to use. - registry: "quay.io" - hardening: - # all.hardening.enabled -- An indication of whether the containers will be evaluated for hardening at runtime - enabled: false - -nodeAgent: - # nodeAgent.autoScalingEnabled -- Enable / disable autoscaling for the node agent pods. - autoScalingEnabled: false - containerRuntime: - # nodeAgent.containerRuntime.customSocketPath -- If the container socket path does not match the default for CRI-O, Containerd or Docker, supply a custom socket path. - customSocketPath: "" - # nodeAgent.containerRuntime.customHostProc -- If the container is launched from a place where /proc is mounted differently, /proc can be changed - hostProc: /proc - - scc: - # nodeAgent.scc.enabled -- Enable / disable the installation of the SecurityContextConfiguration needed for installation on OpenShift. - enabled: false - apm: - # nodeAgent.apm.enabled -- Enable / disable the nodeAgent APM module. - enabled: true - networkTracing: - # nodeAgent.networkTracing.enabled -- Enable / disable the nodeAgent network tracing module. - enabled: true - protocolInspection: - # nodeAgent.protocolInspection.enabled -- Enable / disable the nodeAgent protocol inspection. - enabled: true - httpTracing: - enabled: true - # nodeAgent.skipSslValidation -- Set to true if self signed certificates are used. - skipSslValidation: false - # nodeAgent.skipKubeletTLSVerify -- Set to true if you want to skip kubelet tls verification. - skipKubeletTLSVerify: false - - # nodeAgent.checksTagCardinality -- low, orchestrator or high. Orchestrator level adds pod_name, high adds display_container_name - checksTagCardinality: orchestrator - - # nodeAgent.config -- - config: - # nodeAgent.config.override -- A list of objects containing three keys `name`, `path` and `data`, specifying filenames at specific paths which need to be (potentially) overridden using a mounted configmap - override: [] - - # nodeAgent.priorityClassName -- Priority class for nodeAgent pods. - priorityClassName: "" - - scaling: - autoscalerLimits: - agent: - minimum: - # nodeAgent.scaling.autoscalerLimits.agent.minimum.cpu -- Minimum CPU resource limits for main agent. - cpu: "20m" - # nodeAgent.scaling.autoscalerLimits.agent.minimum.memory -- Minimum memory resource limits for main agent. - memory: "180Mi" - maximum: - # nodeAgent.scaling.autoscalerLimits.agent.maximum.cpu -- Maximum CPU resource limits for main agent. - cpu: "200m" - # nodeAgent.scaling.autoscalerLimits.agent.maximum.memory -- Maximum memory resource limits for main agent. - memory: "450Mi" - processAgent: - minimum: - # nodeAgent.scaling.autoscalerLimits.processAgent.minimum.cpu -- Minimum CPU resource limits for process agent. - cpu: "25m" - # nodeAgent.scaling.autoscalerLimits.processAgent.minimum.memory -- Minimum memory resource limits for process agent. - memory: "100Mi" - maximum: - # nodeAgent.scaling.autoscalerLimits.processAgent.maximum.cpu -- Maximum CPU resource limits for process agent. - cpu: "200m" - # nodeAgent.scaling.autoscalerLimits.processAgent.maximum.memory -- Maximum memory resource limits for process agent. - memory: "500Mi" - - containers: - agent: - image: - # nodeAgent.containers.agent.image.repository -- Base container image repository. - repository: stackstate/stackstate-k8s-agent - # nodeAgent.containers.agent.image.tag -- Default container image tag. - tag: "c4caacef" - # nodeAgent.containers.agent.image.pullPolicy -- Default container image pull policy. - pullPolicy: IfNotPresent - processAgent: - # nodeAgent.containers.agent.processAgent.enabled -- Enable / disable the agent process agent module. - deprecated - enabled: false - # nodeAgent.containers.agent.env -- Additional environment variables for the agent container - env: {} - # nodeAgent.containers.agent.logLevel -- Set logging verbosity, valid log levels are: trace, debug, info, warn, error, critical, and off - ## If not set, fall back to the value of agent.logLevel. - logLevel: # INFO - - resources: - limits: - # nodeAgent.containers.agent.resources.limits.cpu -- CPU resource limits. - cpu: "270m" - # nodeAgent.containers.agent.resources.limits.memory -- Memory resource limits. - memory: "420Mi" - requests: - # nodeAgent.containers.agent.resources.requests.cpu -- CPU resource requests. - cpu: "20m" - # nodeAgent.containers.agent.resources.requests.memory -- Memory resource requests. - memory: "180Mi" - livenessProbe: - # nodeAgent.containers.agent.livenessProbe.enabled -- Enable use of livenessProbe check. - enabled: true - # nodeAgent.containers.agent.livenessProbe.failureThreshold -- `failureThreshold` for the liveness probe. - failureThreshold: 3 - # nodeAgent.containers.agent.livenessProbe.initialDelaySeconds -- `initialDelaySeconds` for the liveness probe. - initialDelaySeconds: 15 - # nodeAgent.containers.agent.livenessProbe.periodSeconds -- `periodSeconds` for the liveness probe. - periodSeconds: 15 - # nodeAgent.containers.agent.livenessProbe.successThreshold -- `successThreshold` for the liveness probe. - successThreshold: 1 - # nodeAgent.containers.agent.livenessProbe.timeoutSeconds -- `timeoutSeconds` for the liveness probe. - timeoutSeconds: 5 - readinessProbe: - # nodeAgent.containers.agent.readinessProbe.enabled -- Enable use of readinessProbe check. - enabled: true - # nodeAgent.containers.agent.readinessProbe.failureThreshold -- `failureThreshold` for the readiness probe. - failureThreshold: 3 - # nodeAgent.containers.agent.readinessProbe.initialDelaySeconds -- `initialDelaySeconds` for the readiness probe. - initialDelaySeconds: 15 - # nodeAgent.containers.agent.readinessProbe.periodSeconds -- `periodSeconds` for the readiness probe. - periodSeconds: 15 - # nodeAgent.containers.agent.readinessProbe.successThreshold -- `successThreshold` for the readiness probe. - successThreshold: 1 - # nodeAgent.containers.agent.readinessProbe.timeoutSeconds -- `timeoutSeconds` for the readiness probe. - timeoutSeconds: 5 - - processAgent: - # nodeAgent.containers.processAgent.enabled -- Enable / disable the process agent container. - enabled: true - image: - # Override to pull the image from an alternate registry - registry: - # nodeAgent.containers.processAgent.image.repository -- Process-agent container image repository. - repository: stackstate/stackstate-k8s-process-agent - # nodeAgent.containers.processAgent.image.tag -- Default process-agent container image tag. - tag: "cae7a4fa" - # nodeAgent.containers.processAgent.image.pullPolicy -- Process-agent container image pull policy. - pullPolicy: IfNotPresent - # nodeAgent.containers.processAgent.env -- Additional environment variables for the process-agent container - env: {} - # nodeAgent.containers.processAgent.logLevel -- Set logging verbosity, valid log levels are: trace, debug, info, warn, error, critical, and off - ## If not set, fall back to the value of agent.logLevel. - logLevel: # INFO - - # nodeAgent.containers.processAgent.procVolumeReadOnly -- Configure whether /host/proc is read only for the process agent container - procVolumeReadOnly: true - - resources: - limits: - # nodeAgent.containers.processAgent.resources.limits.cpu -- CPU resource limits. - cpu: "125m" - # nodeAgent.containers.processAgent.resources.limits.memory -- Memory resource limits. - memory: "400Mi" - requests: - # nodeAgent.containers.processAgent.resources.requests.cpu -- CPU resource requests. - cpu: "25m" - # nodeAgent.containers.processAgent.resources.requests.memory -- Memory resource requests. - memory: "128Mi" - # nodeAgent.service -- The Kubernetes service for the agent - service: - # nodeAgent.service.type -- Type of Kubernetes service: ClusterIP, LoadBalancer, NodePort - type: ClusterIP - # nodeAgent.service.annotations -- Annotations for the service - annotations: {} - # nodeAgent.service.loadBalancerSourceRanges -- The IP4 CIDR allowed to reach LoadBalancer for the service. For LoadBalancer type of service only. - loadBalancerSourceRanges: ["10.0.0.0/8"] - - # nodeAgent.logLevel -- Logging level for agent processes. - logLevel: INFO - - # nodeAgent.updateStrategy -- The update strategy for the DaemonSet object. - updateStrategy: - type: RollingUpdate - rollingUpdate: - maxUnavailable: 100 - - # nodeAgent.nodeSelector -- Node labels for pod assignment. - nodeSelector: {} - - # nodeAgent.tolerations -- Toleration labels for pod assignment. - tolerations: [] - - # nodeAgent.affinity -- Affinity settings for pod assignment. - affinity: {} - - serviceaccount: - # nodeAgent.serviceaccount.annotations -- Annotations for the service account for the agent daemonset pods - annotations: {} - -processAgent: - softMemoryLimit: - # processAgent.softMemoryLimit.goMemLimit -- Soft-limit for golang heap allocation, for sanity, must be around 85% of nodeAgent.containers.processAgent.resources.limits.cpu. - goMemLimit: 340MiB - # processAgent.softMemoryLimit.httpStatsBufferSize -- Sets a maximum for the number of http stats to keep in memory between check runs, to use 40k requires around ~400Mib of memory. - httpStatsBufferSize: 40000 - # processAgent.softMemoryLimit.httpObservationsBufferSize -- Sets a maximum for the number of http observations to keep in memory between check runs, to use 40k requires around ~400Mib of memory. - httpObservationsBufferSize: 40000 - - checkIntervals: - # processAgent.checkIntervals.container -- Override the default value of the container check interval in seconds. - container: 28 - # processAgent.checkIntervals.connections -- Override the default value of the connections check interval in seconds. - connections: 30 - # processAgent.checkIntervals.process -- Override the default value of the process check interval in seconds. - process: 32 - -clusterAgent: - collection: - # clusterAgent.collection.kubernetesEvents -- Enable / disable the cluster agent events collection. - kubernetesEvents: true - # clusterAgent.collection.kubernetesMetrics -- Enable / disable the cluster agent metrics collection. - kubernetesMetrics: true - # clusterAgent.collection.kubernetesTimeout -- Default timeout (in seconds) when obtaining information from the Kubernetes API. - kubernetesTimeout: 10 - # clusterAgent.collection.kubernetesTopology -- Enable / disable the cluster agent topology collection. - kubernetesTopology: true - kubeStateMetrics: - # clusterAgent.collection.kubeStateMetrics.enabled -- Enable / disable the cluster agent kube-state-metrics collection. - enabled: true - # clusterAgent.collection.kubeStateMetrics.clusterCheck -- For large clusters where the Kubernetes State Metrics Check Core needs to be distributed on dedicated workers. - clusterCheck: false - # clusterAgent.collection.kubeStateMetrics.labelsAsTags -- Extra labels to collect from resources and to turn into StackState tag. - ## It has the following structure: - ## labelsAsTags: - ## : # can be pod, deployment, node, etc. - ## : # where is the kubernetes label and is the StackState tag - ## : - ## : - ## : - ## - ## Warning: the label must match the transformation done by kube-state-metrics, - ## for example tags.stackstate/version becomes tags_stackstate_version. - labelsAsTags: {} - # pod: - # app: app - # node: - # zone: zone - # team: team - - # clusterAgent.collection.kubeStateMetrics.annotationsAsTags -- Extra annotations to collect from resources and to turn into StackState tag. - - ## It has the following structure: - ## annotationsAsTags: - ## : # can be pod, deployment, node, etc. - ## : # where is the kubernetes annotation and is the StackState tag - ## : - ## : - ## : - ## - ## Warning: the annotation must match the transformation done by kube-state-metrics, - ## for example tags.stackstate/version becomes tags_stackstate_version. - annotationsAsTags: {} - kubernetesResources: - # clusterAgent.collection.kubernetesResources.limitranges -- Enable / disable collection of LimitRanges. - limitranges: true - # clusterAgent.collection.kubernetesResources.horizontalpodautoscalers -- Enable / disable collection of HorizontalPodAutoscalers. - horizontalpodautoscalers: true - # clusterAgent.collection.kubernetesResources.replicationcontrollers -- Enable / disable collection of ReplicationControllers. - replicationcontrollers: true - # clusterAgent.collection.kubernetesResources.poddisruptionbudgets -- Enable / disable collection of PodDisruptionBudgets. - poddisruptionbudgets: true - # clusterAgent.collection.kubernetesResources.storageclasses -- Enable / disable collection of StorageClasses. - storageclasses: true - # clusterAgent.collection.kubernetesResources.volumeattachments -- Enable / disable collection of Volume Attachments. Used to bind Nodes to Persistent Volumes. - volumeattachments: true - # clusterAgent.collection.kubernetesResources.namespaces -- Enable / disable collection of Namespaces. - namespaces: true - # clusterAgent.collection.kubernetesResources.configmaps -- Enable / disable collection of ConfigMaps. - configmaps: true - # clusterAgent.collection.kubernetesResources.endpoints -- Enable / disable collection of Endpoints. If endpoints are disabled then StackState won't be able to connect a Service to Pods that serving it - endpoints: true - # clusterAgent.collection.kubernetesResources.persistentvolumes -- Enable / disable collection of PersistentVolumes. - persistentvolumes: true - # clusterAgent.collection.kubernetesResources.persistentvolumeclaims -- Enable / disable collection of PersistentVolumeClaims. Disabling these will not let StackState connect PersistentVolumes to pods they are attached to - persistentvolumeclaims: true - # clusterAgent.collection.kubernetesResources.secrets -- Enable / disable collection of Secrets. - secrets: true - # clusterAgent.collection.kubernetesResources.daemonsets -- Enable / disable collection of DaemonSets. - daemonsets: true - # clusterAgent.collection.kubernetesResources.deployments -- Enable / disable collection of Deployments. - deployments: true - # clusterAgent.collection.kubernetesResources.replicasets -- Enable / disable collection of ReplicaSets. - replicasets: true - # clusterAgent.collection.kubernetesResources.statefulsets -- Enable / disable collection of StatefulSets. - statefulsets: true - # clusterAgent.collection.kubernetesResources.ingresses -- Enable / disable collection of Ingresses. - ingresses: true - # clusterAgent.collection.kubernetesResources.cronjobs -- Enable / disable collection of CronJobs. - cronjobs: true - # clusterAgent.collection.kubernetesResources.jobs -- Enable / disable collection of Jobs. - jobs: true - # clusterAgent.collection.kubernetesResources.resourcequotas -- Enable / disable collection of ResourceQuotas. - resourcequotas: true - - # clusterAgent.config -- - config: - events: - # clusterAgent.config.events.categories -- Custom mapping from Kubernetes event reason to StackState event category. Categories allowed: Alerts, Activities, Changes, Others - categories: {} - topology: - # clusterAgent.config.topology.collectionInterval -- Interval for running topology collection, in seconds - collectionInterval: 90 - configMap: - # clusterAgent.config.configMap.maxDataSize -- Maximum amount of characters for the data property of a ConfigMap collected by the kubernetes topology check - maxDataSize: - # clusterAgent.config.override -- A list of objects containing three keys `name`, `path` and `data`, specifying filenames at specific paths which need to be (potentially) overridden using a mounted configmap - override: [] - - service: - # clusterAgent.service.port -- Change the Cluster Agent service port - port: 5005 - # clusterAgent.service.targetPort -- Change the Cluster Agent service targetPort - targetPort: 5005 - - # clusterAgent.enabled -- Enable / disable the cluster agent. - enabled: true - - # clusterAgent.skipSslValidation -- If true, ignores the server certificate being signed by an unknown authority. - skipSslValidation: false - - image: - # clusterAgent.image.repository -- Base container image repository. - repository: stackstate/stackstate-k8s-cluster-agent - # clusterAgent.image.tag -- Default container image tag. - tag: "c4caacef" - # clusterAgent.image.pullPolicy -- Default container image pull policy. - pullPolicy: IfNotPresent - - livenessProbe: - # clusterAgent.livenessProbe.enabled -- Enable use of livenessProbe check. - enabled: true - # clusterAgent.livenessProbe.failureThreshold -- `failureThreshold` for the liveness probe. - failureThreshold: 3 - # clusterAgent.livenessProbe.initialDelaySeconds -- `initialDelaySeconds` for the liveness probe. - initialDelaySeconds: 15 - # clusterAgent.livenessProbe.periodSeconds -- `periodSeconds` for the liveness probe. - periodSeconds: 15 - # clusterAgent.livenessProbe.successThreshold -- `successThreshold` for the liveness probe. - successThreshold: 1 - # clusterAgent.livenessProbe.timeoutSeconds -- `timeoutSeconds` for the liveness probe. - timeoutSeconds: 5 - - # clusterAgent.logLevel -- Logging level for stackstate-k8s-agent processes. - logLevel: INFO - - # clusterAgent.priorityClassName -- Priority class for stackstate-k8s-agent pods. - priorityClassName: "" - - readinessProbe: - # clusterAgent.readinessProbe.enabled -- Enable use of readinessProbe check. - enabled: true - # clusterAgent.readinessProbe.failureThreshold -- `failureThreshold` for the readiness probe. - failureThreshold: 3 - # clusterAgent.readinessProbe.initialDelaySeconds -- `initialDelaySeconds` for the readiness probe. - initialDelaySeconds: 15 - # clusterAgent.readinessProbe.periodSeconds -- `periodSeconds` for the readiness probe. - periodSeconds: 15 - # clusterAgent.readinessProbe.successThreshold -- `successThreshold` for the readiness probe. - successThreshold: 1 - # clusterAgent.readinessProbe.timeoutSeconds -- `timeoutSeconds` for the readiness probe. - timeoutSeconds: 5 - - # clusterAgent.replicaCount -- Number of replicas of the cluster agent to deploy. - replicaCount: 1 - - serviceaccount: - # clusterAgent.serviceaccount.annotations -- Annotations for the service account for the cluster agent pods - annotations: {} - - # clusterAgent.strategy -- The strategy for the Deployment object. - strategy: - type: RollingUpdate - # rollingUpdate: - # maxUnavailable: 1 - - resources: - limits: - # clusterAgent.resources.limits.cpu -- CPU resource limits. - cpu: "400m" - # clusterAgent.resources.limits.memory -- Memory resource limits. - memory: "800Mi" - requests: - # clusterAgent.resources.requests.cpu -- CPU resource requests. - cpu: "70m" - # clusterAgent.resources.requests.memory -- Memory resource requests. - memory: "512Mi" - - # clusterAgent.nodeSelector -- Node labels for pod assignment. - nodeSelector: {} - - # clusterAgent.tolerations -- Toleration labels for pod assignment. - tolerations: [] - - # clusterAgent.affinity -- Affinity settings for pod assignment. - affinity: {} - -openShiftLogging: - # openShiftLogging.installSecret -- Install a secret for logging on openshift - installSecret: false - -logsAgent: - # logsAgent.enabled -- Enable / disable k8s pod log collection - enabled: true - - # logsAgent.skipSslValidation -- If true, ignores the server certificate being signed by an unknown authority. - skipSslValidation: false - - # logsAgent.priorityClassName -- Priority class for logsAgent pods. - priorityClassName: "" - - image: - # logsAgent.image.repository -- Base container image repository. - repository: stackstate/promtail - # logsAgent.image.tag -- Default container image tag. - tag: 2.9.8-5b179aee - # logsAgent.image.pullPolicy -- Default container image pull policy. - pullPolicy: IfNotPresent - - resources: - limits: - # logsAgent.resources.limits.cpu -- CPU resource limits. - cpu: "1300m" - # logsAgent.resources.limits.memory -- Memory resource limits. - memory: "192Mi" - requests: - # logsAgent.resources.requests.cpu -- CPU resource requests. - cpu: "20m" - # logsAgent.resources.requests.memory -- Memory resource requests. - memory: "100Mi" - - # logsAgent.updateStrategy -- The update strategy for the DaemonSet object. - updateStrategy: - type: RollingUpdate - rollingUpdate: - maxUnavailable: 100 - - # logsAgent.nodeSelector -- Node labels for pod assignment. - nodeSelector: {} - - # logsAgent.tolerations -- Toleration labels for pod assignment. - tolerations: [] - - # logsAgent.affinity -- Affinity settings for pod assignment. - affinity: {} - - serviceaccount: - # logsAgent.serviceaccount.annotations -- Annotations for the service account for the daemonset pods - annotations: {} - -checksAgent: - # checksAgent.enabled -- Enable / disable runnning cluster checks in a separately deployed pod - enabled: true - scc: - # checksAgent.scc.enabled -- Enable / disable the installation of the SecurityContextConfiguration needed for installation on OpenShift - enabled: false - apm: - # checksAgent.apm.enabled -- Enable / disable the agent APM module. - enabled: true - networkTracing: - # checksAgent.networkTracing.enabled -- Enable / disable the agent network tracing module. - enabled: true - processAgent: - # checksAgent.processAgent.enabled -- Enable / disable the agent process agent module. - enabled: true - # checksAgent.skipSslValidation -- Set to true if self signed certificates are used. - skipSslValidation: false - - # nodeAgent.checksTagCardinality -- low, orchestrator or high. Orchestrator level adds pod_name, high adds display_container_name - checksTagCardinality: orchestrator - - # checksAgent.config -- - config: - # checksAgent.config.override -- A list of objects containing three keys `name`, `path` and `data`, specifying filenames at specific paths which need to be (potentially) overridden using a mounted configmap - override: [] - - image: - # checksAgent.image.repository -- Base container image repository. - repository: stackstate/stackstate-k8s-agent - # checksAgent.image.tag -- Default container image tag. - tag: "c4caacef" - # checksAgent.image.pullPolicy -- Default container image pull policy. - pullPolicy: IfNotPresent - - livenessProbe: - # checksAgent.livenessProbe.enabled -- Enable use of livenessProbe check. - enabled: true - # checksAgent.livenessProbe.failureThreshold -- `failureThreshold` for the liveness probe. - failureThreshold: 3 - # checksAgent.livenessProbe.initialDelaySeconds -- `initialDelaySeconds` for the liveness probe. - initialDelaySeconds: 15 - # checksAgent.livenessProbe.periodSeconds -- `periodSeconds` for the liveness probe. - periodSeconds: 15 - # checksAgent.livenessProbe.successThreshold -- `successThreshold` for the liveness probe. - successThreshold: 1 - # checksAgent.livenessProbe.timeoutSeconds -- `timeoutSeconds` for the liveness probe. - timeoutSeconds: 5 - - # checksAgent.logLevel -- Logging level for clusterchecks agent processes. - logLevel: INFO - - # checksAgent.priorityClassName -- Priority class for clusterchecks agent pods. - priorityClassName: "" - - readinessProbe: - # checksAgent.readinessProbe.enabled -- Enable use of readinessProbe check. - enabled: true - # checksAgent.readinessProbe.failureThreshold -- `failureThreshold` for the readiness probe. - failureThreshold: 3 - # checksAgent.readinessProbe.initialDelaySeconds -- `initialDelaySeconds` for the readiness probe. - initialDelaySeconds: 15 - # checksAgent.readinessProbe.periodSeconds -- `periodSeconds` for the readiness probe. - periodSeconds: 15 - # checksAgent.readinessProbe.successThreshold -- `successThreshold` for the readiness probe. - successThreshold: 1 - # checksAgent.readinessProbe.timeoutSeconds -- `timeoutSeconds` for the readiness probe. - timeoutSeconds: 5 - - # checksAgent.replicas -- Number of clusterchecks agent pods to schedule - replicas: 1 - - resources: - limits: - # checksAgent.resources.limits.cpu -- CPU resource limits. - cpu: "400m" - # checksAgent.resources.limits.memory -- Memory resource limits. - memory: "600Mi" - requests: - # checksAgent.resources.requests.cpu -- CPU resource requests. - cpu: "20m" - # checksAgent.resources.requests.memory -- Memory resource requests. - memory: "512Mi" - - serviceaccount: - # checksAgent.serviceaccount.annotations -- Annotations for the service account for the cluster checks pods - annotations: {} - - # checksAgent.strategy -- The strategy for the Deployment object. - strategy: - type: RollingUpdate - # rollingUpdate: - # maxUnavailable: 1 - - # checksAgent.nodeSelector -- Node labels for pod assignment. - nodeSelector: {} - - # checksAgent.tolerations -- Toleration labels for pod assignment. - tolerations: [] - - # checksAgent.affinity -- Affinity settings for pod assignment. - affinity: {} - -################################## -# http-header-injector variables # -################################## - -httpHeaderInjectorWebhook: - # httpHeaderInjectorWebhook.enabled -- Enable the webhook for injection http header injection sidecar proxy - enabled: false - -######################## -# StackState variables # -######################## - -stackstate: - # stackstate.manageOwnSecrets -- Set to true if you don't want this helm chart to create secrets for you. - manageOwnSecrets: false - # stackstate.customSecretName -- Name of the secret containing the receiver API key. - customSecretName: "" - # stackstate.customApiKeySecretKey -- Key in the secret containing the receiver API key. - customApiKeySecretKey: "sts-api-key" - # stackstate.customClusterAuthTokenSecretKey -- Key in the secret containing the cluster auth token. - customClusterAuthTokenSecretKey: "sts-cluster-auth-token" - # stackstate.apiKey -- (string) **PROVIDE YOUR API KEY HERE** API key to be used by the StackState agent. - apiKey: - cluster: - # stackstate.cluster.name -- (string) **PROVIDE KUBERNETES CLUSTER NAME HERE** Name of the Kubernetes cluster where the agent will be installed. - name: - # stackstate.cluster.authToken -- Provide a token to enable secure communication between the agent and the cluster agent. - authToken: "" - # stackstate.url -- (string) **PROVIDE STACKSTATE URL HERE** URL of the StackState installation to receive data from the agent. - url: diff --git a/index.yaml b/index.yaml index 524542ea5..30a79294f 100644 --- a/index.yaml +++ b/index.yaml @@ -43246,680 +43246,6 @@ entries: urls: - assets/speedscale/speedscale-operator-1.3.10.tgz version: 1.3.10 - stackstate-k8s-agent: - - annotations: - catalog.cattle.io/certified: partner - catalog.cattle.io/display-name: StackState Agent - catalog.cattle.io/kube-version: '>=1.19.0-0' - catalog.cattle.io/release-name: stackstate-k8s-agent - apiVersion: v2 - appVersion: 3.0.0 - created: "2024-10-09T00:35:10.293415083Z" - dependencies: - - alias: httpHeaderInjectorWebhook - name: http-header-injector - repository: https://helm.stackstate.io - version: 0.0.11 - deprecated: true - description: Helm chart for the StackState Agent. - digest: f4ac5f73fb285026fe8fc8693e066a48ceff587277f86daf5bccf2e3de7937a6 - home: https://github.com/StackVista/stackstate-agent - icon: file://assets/icons/stackstate-k8s-agent.svg - keywords: - - monitoring - - observability - - stackstate - kubeVersion: '>=1.19.0-0' - maintainers: - - email: ops@stackstate.com - name: Stackstate - name: stackstate-k8s-agent - urls: - - assets/stackstate/stackstate-k8s-agent-1.0.98.tgz - version: 1.0.98 - - annotations: - catalog.cattle.io/certified: partner - catalog.cattle.io/display-name: StackState Agent - catalog.cattle.io/kube-version: '>=1.19.0-0' - catalog.cattle.io/release-name: stackstate-k8s-agent - apiVersion: v2 - appVersion: 3.0.0 - created: "2024-09-03T00:50:19.243556428Z" - dependencies: - - alias: httpHeaderInjectorWebhook - name: http-header-injector - repository: file://./charts/http-header-injector - version: 0.0.11 - deprecated: true - description: Helm chart for the StackState Agent. - digest: 4ec52d32c13ff023665cd2d209d990091881d2c0ca339ffe4b72ee9e3948af82 - home: https://github.com/StackVista/stackstate-agent - icon: file://assets/icons/stackstate-k8s-agent.svg - keywords: - - monitoring - - observability - - stackstate - kubeVersion: '>=1.19.0-0' - maintainers: - - email: ops@stackstate.com - name: Stackstate - name: stackstate-k8s-agent - urls: - - assets/stackstate/stackstate-k8s-agent-1.0.96.tgz - version: 1.0.96 - - annotations: - catalog.cattle.io/certified: partner - catalog.cattle.io/display-name: StackState Agent - catalog.cattle.io/kube-version: '>=1.19.0-0' - catalog.cattle.io/release-name: stackstate-k8s-agent - apiVersion: v2 - appVersion: 3.0.0 - created: "2024-08-27T00:49:45.633810569Z" - dependencies: - - alias: httpHeaderInjectorWebhook - name: http-header-injector - repository: file://./charts/http-header-injector - version: 0.0.11 - deprecated: true - description: Helm chart for the StackState Agent. - digest: 8eb71642433a9345b076be9d73deaa2c5f0ee274b833f13f5e60569559c768e3 - home: https://github.com/StackVista/stackstate-agent - icon: file://assets/icons/stackstate-k8s-agent.svg - keywords: - - monitoring - - observability - - stackstate - kubeVersion: '>=1.19.0-0' - maintainers: - - email: ops@stackstate.com - name: Stackstate - name: stackstate-k8s-agent - urls: - - assets/stackstate/stackstate-k8s-agent-1.0.95.tgz - version: 1.0.95 - - annotations: - catalog.cattle.io/certified: partner - catalog.cattle.io/display-name: StackState Agent - catalog.cattle.io/kube-version: '>=1.19.0-0' - catalog.cattle.io/release-name: stackstate-k8s-agent - apiVersion: v2 - appVersion: 3.0.0 - created: "2024-08-20T00:48:07.485714031Z" - dependencies: - - alias: httpHeaderInjectorWebhook - name: http-header-injector - repository: file://./charts/http-header-injector - version: 0.0.11 - deprecated: true - description: Helm chart for the StackState Agent. - digest: 0fdaf75186513a6b4583cc4029345828fc67f4427336c3eb4d6492c074561e1a - home: https://github.com/StackVista/stackstate-agent - icon: file://assets/icons/stackstate-k8s-agent.svg - keywords: - - monitoring - - observability - - stackstate - kubeVersion: '>=1.19.0-0' - maintainers: - - email: ops@stackstate.com - name: Stackstate - name: stackstate-k8s-agent - urls: - - assets/stackstate/stackstate-k8s-agent-1.0.93.tgz - version: 1.0.93 - - annotations: - catalog.cattle.io/certified: partner - catalog.cattle.io/display-name: StackState Agent - catalog.cattle.io/kube-version: '>=1.19.0-0' - catalog.cattle.io/release-name: stackstate-k8s-agent - apiVersion: v2 - appVersion: 3.0.0 - created: "2024-07-16T19:12:43.140228028Z" - dependencies: - - alias: httpHeaderInjectorWebhook - name: http-header-injector - repository: file://./charts/http-header-injector - version: 0.0.11 - deprecated: true - description: Helm chart for the StackState Agent. - digest: 0b9861dfc1f0e56a89e7ff4f99e00cb393422f06e90b7a7ebe2acc16a1682bae - home: https://github.com/StackVista/stackstate-agent - icon: file://assets/icons/stackstate-k8s-agent.svg - keywords: - - monitoring - - observability - - stackstate - kubeVersion: '>=1.19.0-0' - maintainers: - - email: ops@stackstate.com - name: Stackstate - name: stackstate-k8s-agent - urls: - - assets/stackstate/stackstate-k8s-agent-1.0.90.tgz - version: 1.0.90 - - annotations: - catalog.cattle.io/certified: partner - catalog.cattle.io/display-name: StackState Agent - catalog.cattle.io/kube-version: '>=1.19.0-0' - catalog.cattle.io/release-name: stackstate-k8s-agent - apiVersion: v2 - appVersion: 3.0.0 - created: "2024-07-09T17:15:41.866234546Z" - dependencies: - - alias: httpHeaderInjectorWebhook - name: http-header-injector - repository: file://./charts/http-header-injector - version: 0.0.11 - deprecated: true - description: Helm chart for the StackState Agent. - digest: 36154e8a00c9be1ba3425acd49b0bd68ba1b2edf0d87e70a6e7736ed398ab325 - home: https://github.com/StackVista/stackstate-agent - icon: file://assets/icons/stackstate-k8s-agent.svg - keywords: - - monitoring - - observability - - stackstate - kubeVersion: '>=1.19.0-0' - maintainers: - - email: ops@stackstate.com - name: Stackstate - name: stackstate-k8s-agent - urls: - - assets/stackstate/stackstate-k8s-agent-1.0.89.tgz - version: 1.0.89 - - annotations: - catalog.cattle.io/certified: partner - catalog.cattle.io/display-name: StackState Agent - catalog.cattle.io/kube-version: '>=1.19.0-0' - catalog.cattle.io/release-name: stackstate-k8s-agent - apiVersion: v2 - appVersion: 3.0.0 - created: "2024-07-02T21:24:07.421269659Z" - dependencies: - - alias: httpHeaderInjectorWebhook - name: http-header-injector - repository: file://./charts/http-header-injector - version: 0.0.11 - deprecated: true - description: Helm chart for the StackState Agent. - digest: d84e6a033f827285730edfd48b2cebea811efe2f04c53efd0e075799f09a256f - home: https://github.com/StackVista/stackstate-agent - icon: file://assets/icons/stackstate-k8s-agent.svg - keywords: - - monitoring - - observability - - stackstate - maintainers: - - email: ops@stackstate.com - name: Stackstate - name: stackstate-k8s-agent - urls: - - assets/stackstate/stackstate-k8s-agent-1.0.88.tgz - version: 1.0.88 - - annotations: - catalog.cattle.io/certified: partner - catalog.cattle.io/display-name: StackState Agent - catalog.cattle.io/kube-version: '>=1.19.0-0' - catalog.cattle.io/release-name: stackstate-k8s-agent - apiVersion: v2 - appVersion: 3.0.0 - created: "2024-06-18T00:56:36.654520636Z" - dependencies: - - alias: httpHeaderInjectorWebhook - name: http-header-injector - repository: file://./charts/http-header-injector - version: 0.0.11 - deprecated: true - description: Helm chart for the StackState Agent. - digest: 63357002ff4b6506ae5bafd107ab21b866d4825af77524e75f903085f6327cc7 - home: https://github.com/StackVista/stackstate-agent - icon: file://assets/icons/stackstate-k8s-agent.svg - keywords: - - monitoring - - observability - - stackstate - maintainers: - - email: ops@stackstate.com - name: Stackstate - name: stackstate-k8s-agent - urls: - - assets/stackstate/stackstate-k8s-agent-1.0.87.tgz - version: 1.0.87 - - annotations: - catalog.cattle.io/certified: partner - catalog.cattle.io/display-name: StackState Agent - catalog.cattle.io/kube-version: '>=1.19.0-0' - catalog.cattle.io/release-name: stackstate-k8s-agent - apiVersion: v2 - appVersion: 3.0.0 - created: "2024-06-04T00:56:07.137843926Z" - dependencies: - - alias: httpHeaderInjectorWebhook - name: http-header-injector - repository: file://./charts/http-header-injector - version: 0.0.11 - deprecated: true - description: Helm chart for the StackState Agent. - digest: e329fddae72657b0e004c64ccd5495f9e9c8ed2d51b4efc832f19c5d43ff75e9 - home: https://github.com/StackVista/stackstate-agent - icon: file://assets/icons/stackstate-k8s-agent.svg - keywords: - - monitoring - - observability - - stackstate - maintainers: - - email: ops@stackstate.com - name: Stackstate - name: stackstate-k8s-agent - urls: - - assets/stackstate/stackstate-k8s-agent-1.0.86.tgz - version: 1.0.86 - - annotations: - catalog.cattle.io/certified: partner - catalog.cattle.io/display-name: StackState Agent - catalog.cattle.io/kube-version: '>=1.19.0-0' - catalog.cattle.io/release-name: stackstate-k8s-agent - apiVersion: v2 - appVersion: 3.0.0 - created: "2024-05-18T00:53:34.623339806Z" - dependencies: - - alias: httpHeaderInjectorWebhook - name: http-header-injector - repository: file://./charts/http-header-injector - version: 0.0.10 - deprecated: true - description: Helm chart for the StackState Agent. - digest: 53bd6eb3f80776140c2515170b19a51da67c24b0b4648e0cac169e0dd441113b - home: https://github.com/StackVista/stackstate-agent - icon: file://assets/icons/stackstate-k8s-agent.svg - keywords: - - monitoring - - observability - - stackstate - maintainers: - - email: ops@stackstate.com - name: Stackstate - name: stackstate-k8s-agent - urls: - - assets/stackstate/stackstate-k8s-agent-1.0.84.tgz - version: 1.0.84 - - annotations: - catalog.cattle.io/certified: partner - catalog.cattle.io/display-name: StackState Agent - catalog.cattle.io/kube-version: '>=1.19.0-0' - catalog.cattle.io/release-name: stackstate-k8s-agent - apiVersion: v2 - appVersion: 3.0.0 - created: "2024-05-14T00:54:50.112324678Z" - dependencies: - - alias: httpHeaderInjectorWebhook - name: http-header-injector - repository: file://./charts/http-header-injector - version: 0.0.9 - deprecated: true - description: Helm chart for the StackState Agent. - digest: 96152a4bb640ba279d32161a41ebc16edcf948a6042b1331b06c2eea26fde65d - home: https://github.com/StackVista/stackstate-agent - icon: file://assets/icons/stackstate-k8s-agent.svg - keywords: - - monitoring - - observability - - stackstate - maintainers: - - email: ops@stackstate.com - name: Stackstate - name: stackstate-k8s-agent - urls: - - assets/stackstate/stackstate-k8s-agent-1.0.82.tgz - version: 1.0.82 - - annotations: - catalog.cattle.io/certified: partner - catalog.cattle.io/display-name: StackState Agent - catalog.cattle.io/kube-version: '>=1.19.0-0' - catalog.cattle.io/release-name: stackstate-k8s-agent - apiVersion: v2 - appVersion: 3.0.0 - created: "2024-04-16T10:50:26.349598107-06:00" - dependencies: - - alias: httpHeaderInjectorWebhook - name: http-header-injector - repository: file://./charts/http-header-injector - version: 0.0.9 - deprecated: true - description: Helm chart for the StackState Agent. - digest: d36a447fca9ec2f91d3592f9bc5a0bb4e6d4822e088fa66d73da2acf4a5de39e - home: https://github.com/StackVista/stackstate-agent - icon: file://assets/icons/stackstate-k8s-agent.svg - keywords: - - monitoring - - observability - - stackstate - maintainers: - - email: ops@stackstate.com - name: Stackstate - name: stackstate-k8s-agent - urls: - - assets/stackstate/stackstate-k8s-agent-1.0.81.tgz - version: 1.0.81 - - annotations: - catalog.cattle.io/certified: partner - catalog.cattle.io/display-name: StackState Agent - catalog.cattle.io/kube-version: '>=1.19.0-0' - catalog.cattle.io/release-name: stackstate-k8s-agent - apiVersion: v2 - appVersion: 3.0.0 - created: "2024-04-03T10:30:31.220951856-06:00" - dependencies: - - alias: httpHeaderInjectorWebhook - name: http-header-injector - repository: file://./charts/http-header-injector - version: 0.0.8 - deprecated: true - description: Helm chart for the StackState Agent. - digest: 5b31b33b1bbc9c3b01f4eddb27420a48e7524037e4ec2065f8ae16a1791f8d76 - home: https://github.com/StackVista/stackstate-agent - icon: file://assets/icons/stackstate-k8s-agent.svg - keywords: - - monitoring - - observability - - stackstate - maintainers: - - email: ops@stackstate.com - name: Stackstate - name: stackstate-k8s-agent - urls: - - assets/stackstate/stackstate-k8s-agent-1.0.78.tgz - version: 1.0.78 - - annotations: - catalog.cattle.io/certified: partner - catalog.cattle.io/display-name: StackState Agent - catalog.cattle.io/kube-version: '>=1.19.0-0' - catalog.cattle.io/release-name: stackstate-k8s-agent - apiVersion: v2 - appVersion: 3.0.0 - created: "2024-03-15T00:32:48.388040861Z" - dependencies: - - alias: httpHeaderInjectorWebhook - name: http-header-injector - repository: file://./charts/http-header-injector - version: 0.0.8 - deprecated: true - description: Helm chart for the StackState Agent. - digest: 7ac2e14289339013ef14d746469d4bf91f3f3503e2bc9e54349b6d385d43f85e - home: https://github.com/StackVista/stackstate-agent - icon: file://assets/icons/stackstate-k8s-agent.svg - keywords: - - monitoring - - observability - - stackstate - maintainers: - - email: ops@stackstate.com - name: Stackstate - name: stackstate-k8s-agent - urls: - - assets/stackstate/stackstate-k8s-agent-1.0.76.tgz - version: 1.0.76 - - annotations: - catalog.cattle.io/certified: partner - catalog.cattle.io/display-name: StackState Agent - catalog.cattle.io/kube-version: '>=1.19.0-0' - catalog.cattle.io/release-name: stackstate-k8s-agent - apiVersion: v2 - appVersion: 2.19.1 - created: "2024-02-21T10:03:04.971655438Z" - dependencies: - - alias: httpHeaderInjectorWebhook - name: http-header-injector - repository: file://./charts/http-header-injector - version: 0.0.8 - deprecated: true - description: Helm chart for the StackState Agent. - digest: 15b76f0b0fbee09182d909196b81bf403ea481fb1a46238ae95e70d88d9ad2ce - home: https://github.com/StackVista/stackstate-agent - icon: file://assets/icons/stackstate-k8s-agent.svg - keywords: - - monitoring - - observability - - stackstate - maintainers: - - email: ops@stackstate.com - name: Stackstate - name: stackstate-k8s-agent - urls: - - assets/stackstate/stackstate-k8s-agent-1.0.70.tgz - version: 1.0.70 - - annotations: - catalog.cattle.io/certified: partner - catalog.cattle.io/display-name: StackState Agent - catalog.cattle.io/kube-version: '>=1.19.0-0' - catalog.cattle.io/release-name: stackstate-k8s-agent - apiVersion: v2 - appVersion: 2.19.1 - created: "2024-02-09T14:31:37.763176415Z" - dependencies: - - alias: httpHeaderInjectorWebhook - name: http-header-injector - repository: file://./charts/http-header-injector - version: 0.0.8 - deprecated: true - description: Helm chart for the StackState Agent. - digest: 923752cd5ad07aa9cc6f6365d901cfa22715eaf645169e09e8e7c8bcab3b2575 - home: https://github.com/StackVista/stackstate-agent - icon: file://assets/icons/stackstate-k8s-agent.svg - keywords: - - monitoring - - observability - - stackstate - maintainers: - - email: ops@stackstate.com - name: Stackstate - name: stackstate-k8s-agent - urls: - - assets/stackstate/stackstate-k8s-agent-1.0.68.tgz - version: 1.0.68 - - annotations: - catalog.cattle.io/certified: partner - catalog.cattle.io/display-name: StackState Agent - catalog.cattle.io/kube-version: '>=1.19.0-0' - catalog.cattle.io/release-name: stackstate-k8s-agent - apiVersion: v2 - appVersion: 2.19.1 - created: "2024-01-23T16:21:29.929649373Z" - dependencies: - - alias: httpHeaderInjectorWebhook - name: http-header-injector - repository: file://./charts/http-header-injector - version: 0.0.8 - deprecated: true - description: Helm chart for the StackState Agent. - digest: deb3f6ca0dd63dd1fcdd292bbd811c8d106ece9ca5d475463e7cb173962cf4b0 - home: https://github.com/StackVista/stackstate-agent - icon: file://assets/icons/stackstate-k8s-agent.svg - keywords: - - monitoring - - observability - - stackstate - maintainers: - - email: ops@stackstate.com - name: Stackstate - name: stackstate-k8s-agent - urls: - - assets/stackstate/stackstate-k8s-agent-1.0.67.tgz - version: 1.0.67 - - annotations: - catalog.cattle.io/certified: partner - catalog.cattle.io/display-name: StackState Agent - catalog.cattle.io/kube-version: '>=1.19.0-0' - catalog.cattle.io/release-name: stackstate-k8s-agent - apiVersion: v2 - appVersion: 2.19.1 - created: "2024-01-12T17:07:18.557480555Z" - dependencies: - - alias: httpHeaderInjectorWebhook - name: http-header-injector - repository: file://./charts/http-header-injector - version: 0.0.8 - deprecated: true - description: Helm chart for the StackState Agent. - digest: 25c19f0191adfc7f947404ce15dd0af6c3cae39a8ead500316d5c1b028969420 - home: https://github.com/StackVista/stackstate-agent - icon: file://assets/icons/stackstate-k8s-agent.svg - keywords: - - monitoring - - observability - - stackstate - maintainers: - - email: ops@stackstate.com - name: Stackstate - name: stackstate-k8s-agent - urls: - - assets/stackstate/stackstate-k8s-agent-1.0.66.tgz - version: 1.0.66 - - annotations: - catalog.cattle.io/certified: partner - catalog.cattle.io/display-name: StackState Agent - catalog.cattle.io/kube-version: '>=1.19.0-0' - catalog.cattle.io/release-name: stackstate-k8s-agent - apiVersion: v2 - appVersion: 2.19.1 - created: "2023-11-27T14:31:44.225141187Z" - dependencies: - - alias: httpHeaderInjectorWebhook - name: http-header-injector - repository: file://./charts/http-header-injector - version: 0.0.6 - deprecated: true - description: Helm chart for the StackState Agent. - digest: 1bfce7f0817095397ed49e0442b7a324ba6d4c048163f275d9f7e770e79492aa - home: https://github.com/StackVista/stackstate-agent - icon: file://assets/icons/stackstate-k8s-agent.svg - keywords: - - monitoring - - observability - - stackstate - maintainers: - - email: ops@stackstate.com - name: Stackstate - name: stackstate-k8s-agent - urls: - - assets/stackstate/stackstate-k8s-agent-1.0.58.tgz - version: 1.0.58 - - annotations: - catalog.cattle.io/certified: partner - catalog.cattle.io/display-name: StackState Agent - catalog.cattle.io/kube-version: '>=1.19.0-0' - catalog.cattle.io/release-name: stackstate-k8s-agent - apiVersion: v2 - appVersion: 2.19.1 - created: "2023-11-22T13:39:26.099155869Z" - dependencies: - - alias: httpHeaderInjectorWebhook - name: http-header-injector - repository: file://./charts/http-header-injector - version: 0.0.6 - deprecated: true - description: Helm chart for the StackState Agent. - digest: 518646b003c0a9211edefdc76176be05ae45f20fb56a71df07d3c5e6f9b089ba - home: https://github.com/StackVista/stackstate-agent - icon: file://assets/icons/stackstate-k8s-agent.svg - keywords: - - monitoring - - observability - - stackstate - maintainers: - - email: ops@stackstate.com - name: Stackstate - name: stackstate-k8s-agent - urls: - - assets/stackstate/stackstate-k8s-agent-1.0.54.tgz - version: 1.0.54 - - annotations: - catalog.cattle.io/certified: partner - catalog.cattle.io/display-name: StackState Agent - catalog.cattle.io/kube-version: '>=1.19.0-0' - catalog.cattle.io/release-name: stackstate-k8s-agent - apiVersion: v2 - appVersion: 2.19.1 - created: "2023-11-20T13:19:10.588060801Z" - dependencies: - - alias: httpHeaderInjectorWebhook - name: http-header-injector - repository: file://./charts/http-header-injector - version: 0.0.6 - deprecated: true - description: Helm chart for the StackState Agent. - digest: 523f5530908293fc5512bfa7d6b51df5d3defbd146aa1d0a2a31551d55fc2b8c - home: https://github.com/StackVista/stackstate-agent - icon: file://assets/icons/stackstate-k8s-agent.svg - keywords: - - monitoring - - observability - - stackstate - maintainers: - - email: ops@stackstate.com - name: Stackstate - name: stackstate-k8s-agent - urls: - - assets/stackstate/stackstate-k8s-agent-1.0.53.tgz - version: 1.0.53 - - annotations: - catalog.cattle.io/certified: partner - catalog.cattle.io/display-name: StackState Agent - catalog.cattle.io/kube-version: '>=1.19.0-0' - catalog.cattle.io/release-name: stackstate-k8s-agent - apiVersion: v2 - appVersion: 2.19.1 - created: "2023-10-31T13:40:14.508505312Z" - dependencies: - - alias: httpHeaderInjectorWebhook - name: http-header-injector - repository: file://./charts/http-header-injector - version: 0.0.6 - deprecated: true - description: Helm chart for the StackState Agent. - digest: 22bc668d240743d69b76ff0a0f3e7ee5835d18385439939a2e320a0a18f31a80 - home: https://github.com/StackVista/stackstate-agent - icon: file://assets/icons/stackstate-k8s-agent.svg - keywords: - - monitoring - - observability - - stackstate - maintainers: - - email: ops@stackstate.com - name: Stackstate - name: stackstate-k8s-agent - urls: - - assets/stackstate/stackstate-k8s-agent-1.0.51.tgz - version: 1.0.51 - - annotations: - catalog.cattle.io/certified: partner - catalog.cattle.io/display-name: StackState Agent - catalog.cattle.io/kube-version: '>=1.19.0-0' - catalog.cattle.io/release-name: stackstate-k8s-agent - apiVersion: v2 - appVersion: 2.19.1 - created: "2023-10-04T15:49:06.818791653Z" - dependencies: - - alias: httpHeaderInjectorWebhook - name: http-header-injector - repository: file://./charts/http-header-injector - version: 0.0.6 - deprecated: true - description: Helm chart for the StackState Agent. - digest: 689e8931bc6c24f575560849e5ec4ee768b806119e3c2d371b980b28b8dbbb6b - home: https://github.com/StackVista/stackstate-agent - icon: file://assets/icons/stackstate-k8s-agent.svg - keywords: - - monitoring - - observability - - stackstate - maintainers: - - email: ops@stackstate.com - name: Stackstate - name: stackstate-k8s-agent - urls: - - assets/stackstate/stackstate-k8s-agent-1.0.49.tgz - version: 1.0.49 sumologic: - annotations: catalog.cattle.io/certified: partner diff --git a/packages/stackstate/stackstate-k8s-agent/overlay/app-readme.md b/packages/stackstate/stackstate-k8s-agent/overlay/app-readme.md deleted file mode 100644 index 8025fe1d3..000000000 --- a/packages/stackstate/stackstate-k8s-agent/overlay/app-readme.md +++ /dev/null @@ -1,5 +0,0 @@ -## Introduction - -StackState is a modern Application Troubleshooting and Observability solution designed for the rapid evolving engineering landscape. With specific enhancements for Kubernetes environments it empowers engineers, allowing them to remediate application issues independently in production. - -The StackState Agent auto-discovers your entire environment in minutes, assimilating topology, logs, metrics, and events and sends this of to the StackState server. By using StackState you're able to tracke all activity in your environment in real-time and over time. StackState provides instant understanding of the business impact of an issue, offering end-to-end chain observability and ensuring that you can quickly correlate any product or environmental changes to the overall health of your cloud-native implementation. diff --git a/packages/stackstate/stackstate-k8s-agent/overlay/questions.yml b/packages/stackstate/stackstate-k8s-agent/overlay/questions.yml deleted file mode 100644 index 5d6e6a011..000000000 --- a/packages/stackstate/stackstate-k8s-agent/overlay/questions.yml +++ /dev/null @@ -1,184 +0,0 @@ -questions: - - variable: stackstate.apiKey - label: "StackState API Key" - type: string - description: "The API key for StackState." - required: true - group: General - - variable: stackstate.url - label: "StackState URL" - type: string - description: "The URL where StackState is running." - required: true - group: General - - variable: stackstate.cluster.name - label: "StackState Cluster Name" - type: string - description: "The StackState Cluster Name given when installing the instance of the Kubernetes StackPack in StackState. This is used to identify the cluster in StackState." - required: true - group: General - - variable: all.registry.override - label: "Override Default Image Registry" - type: boolean - description: "Whether or not to override the default image registry." - default: false - group: "General" - show_subquestions_if: true - subquestions: - - variable: all.image.registry - label: "Docker Image Registry" - type: string - description: "The registry to pull the StackState Agent images from." - default: "quay.io" - - variable: global.imagePullCredentials.username - label: "Docker Image Pull Username" - type: string - description: "The username to use when pulling the StackState Agent images." - - variable: global.imagePullCredentials.password - label: "Docker Image Pull Password" - type: secret - description: "The password to use when pulling the StackState Agent images." - - variable: nodeAgent.containers.agent.resources.override - label: "Override Node Agent Resource Allocation" - type: boolean - description: "Whether or not to override the default resources." - default: "false" - group: "Node Agent" - show_subquestions_if: true - subquestions: - - variable: nodeAgent.containers.agent.resources.requests.cpu - label: "CPU Requests" - type: string - description: "The requested CPU for the Node Agent." - default: "20m" - - variable: nodeAgent.containers.agent.resources.requests.memory - label: "Memory Requests" - type: string - description: "The requested memory for the Node Agent." - default: "180Mi" - - variable: nodeAgent.containers.agent.resources.limits.cpu - label: "CPU Limit" - type: string - description: "The CPU limit for the Node Agent." - default: "270m" - - variable: nodeAgent.containers.agent.resources.limits.memory - label: "Memory Limit" - type: string - description: "The memory limit for the Node Agent." - default: "420Mi" - - variable: nodeAgent.containers.processAgent.enabled - label: "Enable Process Agent" - type: boolean - description: "Whether or not to enable the Process Agent." - default: "true" - group: "Process Agent" - - variable: nodeAgent.skipKubeletTLSVerify - label: "Skip Kubelet TLS Verify" - type: boolean - description: "Whether or not to skip TLS verification when connecting to the kubelet API." - default: "true" - group: "Process Agent" - - variable: nodeAgent.containers.processAgent.resources.override - label: "Override Process Agent Resource Allocation" - type: boolean - description: "Whether or not to override the default resources." - default: "false" - group: "Process Agent" - show_subquestions_if: true - subquestions: - - variable: nodeAgent.containers.processAgent.resources.requests.cpu - label: "CPU Requests" - type: string - description: "The requested CPU for the Process Agent." - default: "25m" - - variable: nodeAgent.containers.processAgent.resources.requests.memory - label: "Memory Requests" - type: string - description: "The requested memory for the Process Agent." - default: "128Mi" - - variable: nodeAgent.containers.processAgent.resources.limits.cpu - label: "CPU Limit" - type: string - description: "The CPU limit for the Process Agent." - default: "125m" - - variable: nodeAgent.containers.processAgent.resources.limits.memory - label: "Memory Limit" - type: string - description: "The memory limit for the Process Agent." - default: "400Mi" - - variable: clusterAgent.enabled - label: "Enable Cluster Agent" - type: boolean - description: "Whether or not to enable the Cluster Agent." - default: "true" - group: "Cluster Agent" - - variable: clusterAgent.collection.kubernetesResources.secrets - label: "Collect Secret Resources" - type: boolean - description: | - Whether or not to collect Kubernetes Secrets. - NOTE: StackState will not send the actual data of the secrets, only the metadata and a secure hash of the data. - default: "true" - group: "Cluster Agent" - - variable: clusterAgent.resources.override - label: "Override Cluster Agent Resource Allocation" - type: boolean - description: "Whether or not to override the default resources." - default: "false" - group: "Cluster Agent" - show_subquestions_if: true - subquestions: - - variable: clusterAgent.resources.requests.cpu - label: "CPU Requests" - type: string - description: "The requested CPU for the Cluster Agent." - default: "70m" - - variable: clusterAgent.resources.requests.memory - label: "Memory Requests" - type: string - description: "The requested memory for the Cluster Agent." - default: "512Mi" - - variable: clusterAgent.resources.limits.cpu - label: "CPU Limit" - type: string - description: "The CPU limit for the Cluster Agent." - default: "400m" - - variable: clusterAgent.resources.limits.memory - label: "Memory Limit" - type: string - description: "The memory limit for the Cluster Agent." - default: "800Mi" - - variable: logsAgent.enabled - label: "Enable Logs Agent" - type: boolean - description: "Whether or not to enable the Logs Agent." - default: "true" - group: "Logs Agent" - - variable: logsAgent.resources.override - label: "Override Logs Agent Resource Allocation" - type: boolean - description: "Whether or not to override the default resources." - default: "false" - group: "Logs Agent" - show_subquestions_if: true - subquestions: - - variable: logsAgent.resources.requests.cpu - label: "CPU Requests" - type: string - description: "The requested CPU for the Logs Agent." - default: "20m" - - variable: logsAgent.resources.requests.memory - label: "Memory Requests" - type: string - description: "The requested memory for the Logs Agent." - default: "100Mi" - - variable: logsAgent.resources.limits.cpu - label: "CPU Limit" - type: string - description: "The CPU limit for the Logs Agent." - default: "1300m" - - variable: logsAgent.resources.limits.memory - label: "Memory Limit" - type: string - description: "The memory limit for the Logs Agent." - default: "192Mi" diff --git a/packages/stackstate/stackstate-k8s-agent/upstream.yaml b/packages/stackstate/stackstate-k8s-agent/upstream.yaml deleted file mode 100644 index 150c8fc7f..000000000 --- a/packages/stackstate/stackstate-k8s-agent/upstream.yaml +++ /dev/null @@ -1,8 +0,0 @@ -ChartMetadata: - icon: https://raw.githubusercontent.com/StackVista/helm-charts/master/stable/stackstate-k8s-agent/logo.svg - kubeVersion: '>=1.19.0-0' -Deprecated: true -DisplayName: StackState Agent -HelmChart: stackstate-k8s-agent -HelmRepo: https://helm.stackstate.io -Vendor: StackState