From b3a8490ff9857a53aa62d851d6e2ad3522e0af83 Mon Sep 17 00:00:00 2001 From: Samuel Attwood Date: Tue, 30 Aug 2022 12:34:57 -0400 Subject: [PATCH] CI Updated Charts Updated: dynatrace/dynatrace-operator: - 0.8.2 --- assets/dynatrace/dynatrace-operator-0.8.2.tgz | Bin 0 -> 38761 bytes .../dynatrace-operator/0.8.2/.helmignore | 25 + .../dynatrace-operator/0.8.2/Chart.yaml | 23 + .../dynatrace-operator/0.8.2/README.md | 33 + .../dynatrace-operator/0.8.2/app-readme.md | 5 + .../generated/dynatrace-operator-crd.yaml | 3093 +++++++++++++++++ .../dynatrace-operator/0.8.2/logo.png | Bin 0 -> 9908 bytes .../dynatrace-operator/0.8.2/questions.yml | 166 + .../activegate/clusterrole-activegate.yaml | 35 + .../clusterrolebinding-activegate.yaml | 32 + .../activegate/serviceaccount-activegate.yaml | 23 + .../Common/crd/dynatrace-operator-crd.yaml | 4 + .../templates/Common/csi/clusterrole-csi.yaml | 65 + .../Common/csi/clusterrolebinding-csi.yaml | 30 + .../0.8.2/templates/Common/csi/csidriver.yaml | 27 + .../0.8.2/templates/Common/csi/daemonset.yaml | 243 ++ .../templates/Common/csi/priority-class.yaml | 24 + .../0.8.2/templates/Common/csi/role-csi.yaml | 70 + .../templates/Common/csi/rolebinding-csi.yaml | 31 + .../Common/csi/serviceaccount-csi.yaml | 23 + .../clusterrole-kubernetes-monitoring.yaml | 96 + ...sterrolebinding-kubernetes-monitoring.yaml | 30 + .../serviceaccount-kubernetes-monitoring.yaml | 23 + .../clusterrole-oneagent-privileged.yaml | 32 + .../clusterrole-oneagent-unprivileged.yaml | 32 + ...lusterrolebinding-oneagent-privileged.yaml | 30 + ...sterrolebinding-oneagent-unprivileged.yaml | 30 + .../serviceaccount-oneagent-privileged.yaml | 29 + .../serviceaccount-oneagent-unprivileged.yaml | 29 + .../Common/operator/clusterrole-operator.yaml | 103 + .../operator/clusterrolebinding-operator.yaml | 30 + .../Common/operator/deployment-operator.yaml | 139 + .../Common/operator/role-operator.yaml | 159 + .../Common/operator/rolebinding-operator.yaml | 30 + .../operator/serviceaccount-operator.yaml | 29 + .../Common/webhook/clusterrole-webhook.yaml | 97 + .../webhook/clusterrolebinding-webhook.yaml | 30 + .../Common/webhook/deployment-webhook.yaml | 150 + .../webhook/mutatingwebhookconfiguration.yaml | 61 + .../webhook/poddisruptionbudget-webhook.yaml | 13 + .../Common/webhook/role-webhook.yaml | 74 + .../Common/webhook/rolebinding-webhook.yaml | 31 + .../templates/Common/webhook/service.yaml | 30 + .../webhook/serviceaccount-webhook.yaml | 29 + .../validatingwebhookconfiguration.yaml | 45 + .../0.8.2/templates/NOTES.txt | 10 + .../securitycontextconstraints.yaml | 52 + .../securitycontextconstraints-csidriver.yaml | 49 + ...securitycontextconstraints-privileged.yaml | 66 + ...curitycontextconstraints-unprivileged.yaml | 66 + .../operator/securitycontextconstraints.yaml | 49 + .../webhook/securitycontextconstraints.yaml | 49 + .../0.8.2/templates/_helpers.tpl | 171 + .../0.8.2/templates/application.yaml | 99 + .../dynatrace-operator/0.8.2/values.yaml | 77 + index.yaml | 27 + 56 files changed, 6048 insertions(+) create mode 100644 assets/dynatrace/dynatrace-operator-0.8.2.tgz create mode 100644 charts/dynatrace/dynatrace-operator/0.8.2/.helmignore create mode 100644 charts/dynatrace/dynatrace-operator/0.8.2/Chart.yaml create mode 100644 charts/dynatrace/dynatrace-operator/0.8.2/README.md create mode 100644 charts/dynatrace/dynatrace-operator/0.8.2/app-readme.md create mode 100644 charts/dynatrace/dynatrace-operator/0.8.2/generated/dynatrace-operator-crd.yaml create mode 100644 charts/dynatrace/dynatrace-operator/0.8.2/logo.png create mode 100644 charts/dynatrace/dynatrace-operator/0.8.2/questions.yml create mode 100644 charts/dynatrace/dynatrace-operator/0.8.2/templates/Common/activegate/clusterrole-activegate.yaml create mode 100644 charts/dynatrace/dynatrace-operator/0.8.2/templates/Common/activegate/clusterrolebinding-activegate.yaml create mode 100644 charts/dynatrace/dynatrace-operator/0.8.2/templates/Common/activegate/serviceaccount-activegate.yaml create mode 100644 charts/dynatrace/dynatrace-operator/0.8.2/templates/Common/crd/dynatrace-operator-crd.yaml create mode 100644 charts/dynatrace/dynatrace-operator/0.8.2/templates/Common/csi/clusterrole-csi.yaml create mode 100644 charts/dynatrace/dynatrace-operator/0.8.2/templates/Common/csi/clusterrolebinding-csi.yaml create mode 100644 charts/dynatrace/dynatrace-operator/0.8.2/templates/Common/csi/csidriver.yaml create mode 100644 charts/dynatrace/dynatrace-operator/0.8.2/templates/Common/csi/daemonset.yaml create mode 100644 charts/dynatrace/dynatrace-operator/0.8.2/templates/Common/csi/priority-class.yaml create mode 100644 charts/dynatrace/dynatrace-operator/0.8.2/templates/Common/csi/role-csi.yaml create mode 100644 charts/dynatrace/dynatrace-operator/0.8.2/templates/Common/csi/rolebinding-csi.yaml create mode 100644 charts/dynatrace/dynatrace-operator/0.8.2/templates/Common/csi/serviceaccount-csi.yaml create mode 100644 charts/dynatrace/dynatrace-operator/0.8.2/templates/Common/kubernetes-monitoring/clusterrole-kubernetes-monitoring.yaml create mode 100644 charts/dynatrace/dynatrace-operator/0.8.2/templates/Common/kubernetes-monitoring/clusterrolebinding-kubernetes-monitoring.yaml create mode 100644 charts/dynatrace/dynatrace-operator/0.8.2/templates/Common/kubernetes-monitoring/serviceaccount-kubernetes-monitoring.yaml create mode 100644 charts/dynatrace/dynatrace-operator/0.8.2/templates/Common/oneagent/clusterrole-oneagent-privileged.yaml create mode 100644 charts/dynatrace/dynatrace-operator/0.8.2/templates/Common/oneagent/clusterrole-oneagent-unprivileged.yaml create mode 100644 charts/dynatrace/dynatrace-operator/0.8.2/templates/Common/oneagent/clusterrolebinding-oneagent-privileged.yaml create mode 100644 charts/dynatrace/dynatrace-operator/0.8.2/templates/Common/oneagent/clusterrolebinding-oneagent-unprivileged.yaml create mode 100644 charts/dynatrace/dynatrace-operator/0.8.2/templates/Common/oneagent/serviceaccount-oneagent-privileged.yaml create mode 100644 charts/dynatrace/dynatrace-operator/0.8.2/templates/Common/oneagent/serviceaccount-oneagent-unprivileged.yaml create mode 100644 charts/dynatrace/dynatrace-operator/0.8.2/templates/Common/operator/clusterrole-operator.yaml create mode 100644 charts/dynatrace/dynatrace-operator/0.8.2/templates/Common/operator/clusterrolebinding-operator.yaml create mode 100644 charts/dynatrace/dynatrace-operator/0.8.2/templates/Common/operator/deployment-operator.yaml create mode 100644 charts/dynatrace/dynatrace-operator/0.8.2/templates/Common/operator/role-operator.yaml create mode 100644 charts/dynatrace/dynatrace-operator/0.8.2/templates/Common/operator/rolebinding-operator.yaml create mode 100644 charts/dynatrace/dynatrace-operator/0.8.2/templates/Common/operator/serviceaccount-operator.yaml create mode 100644 charts/dynatrace/dynatrace-operator/0.8.2/templates/Common/webhook/clusterrole-webhook.yaml create mode 100644 charts/dynatrace/dynatrace-operator/0.8.2/templates/Common/webhook/clusterrolebinding-webhook.yaml create mode 100644 charts/dynatrace/dynatrace-operator/0.8.2/templates/Common/webhook/deployment-webhook.yaml create mode 100644 charts/dynatrace/dynatrace-operator/0.8.2/templates/Common/webhook/mutatingwebhookconfiguration.yaml create mode 100644 charts/dynatrace/dynatrace-operator/0.8.2/templates/Common/webhook/poddisruptionbudget-webhook.yaml create mode 100644 charts/dynatrace/dynatrace-operator/0.8.2/templates/Common/webhook/role-webhook.yaml create mode 100644 charts/dynatrace/dynatrace-operator/0.8.2/templates/Common/webhook/rolebinding-webhook.yaml create mode 100644 charts/dynatrace/dynatrace-operator/0.8.2/templates/Common/webhook/service.yaml create mode 100644 charts/dynatrace/dynatrace-operator/0.8.2/templates/Common/webhook/serviceaccount-webhook.yaml create mode 100644 charts/dynatrace/dynatrace-operator/0.8.2/templates/Common/webhook/validatingwebhookconfiguration.yaml create mode 100644 charts/dynatrace/dynatrace-operator/0.8.2/templates/NOTES.txt create mode 100644 charts/dynatrace/dynatrace-operator/0.8.2/templates/Openshift/activegate/securitycontextconstraints.yaml create mode 100644 charts/dynatrace/dynatrace-operator/0.8.2/templates/Openshift/csi/securitycontextconstraints-csidriver.yaml create mode 100644 charts/dynatrace/dynatrace-operator/0.8.2/templates/Openshift/oneagent/securitycontextconstraints-privileged.yaml create mode 100644 charts/dynatrace/dynatrace-operator/0.8.2/templates/Openshift/oneagent/securitycontextconstraints-unprivileged.yaml create mode 100644 charts/dynatrace/dynatrace-operator/0.8.2/templates/Openshift/operator/securitycontextconstraints.yaml create mode 100644 charts/dynatrace/dynatrace-operator/0.8.2/templates/Openshift/webhook/securitycontextconstraints.yaml create mode 100644 charts/dynatrace/dynatrace-operator/0.8.2/templates/_helpers.tpl create mode 100644 charts/dynatrace/dynatrace-operator/0.8.2/templates/application.yaml create mode 100644 charts/dynatrace/dynatrace-operator/0.8.2/values.yaml mode change 100755 => 100644 index.yaml diff --git a/assets/dynatrace/dynatrace-operator-0.8.2.tgz b/assets/dynatrace/dynatrace-operator-0.8.2.tgz new file mode 100644 index 0000000000000000000000000000000000000000..4f923c540d1b69ef3c0b35b40b56512b80b6b0d0 GIT binary patch literal 38761 zcmZU)1yCJ9(=L2)cMa|m91`5!-Q7L71U*OsB)ChkAi*JMa0%}28rubR}py|=TD&1S3h4;zH7eklU-P52*J0)gPO8ybR6%-lQZ*VlknD; z>Z<7&?K%})V12^r3S9D$#I6SMcYlzfd_Zouey@M(D2dkiid-E?{^^I%~0i55H#0GmgB40!(-Q)ksm*!Oyl@=9lk>Y>pPPPM$F~MyP zX!RlEM#0GkK9RH-Ze<>_m7exXMnzG^$^QBCr?*H>Dn6o+;@+C&9$`oTxBYTLIA4o6 zhIspfEyZ>ri!h@+1d=szG?{J&yd3OA=jEy0Z;Iue%3Va_WIpVs1nCJ{QTIuUD`W3O zcEE^J_w`UCQ{Sj#qYD`NlWjr(&$9>6l&8S{Az|EXO*=xb@svFmx)nY=eC>Cv`RMzc z+ZU?N(7@(yX{rHi!qiQqD_AVm>VQ-wM+Vurp^06xXc=Lhn{?LA(p|0E?^Dzv8u;dF zXO|n?U8JJ-%K_-cU!WWo*tDH8h*RPK7UqD{Eg0DPS_oiiZy-H=KIWq{%%G(xDau$%iWe`ax|q6esTgOv%q-YbxWbQeyeP8r;b zfWDsAuqJ5}7oh8yMW&3)g$BpRo92<{<(lPS-bY$J^$X!rO~6P2v0PH38P%-w8HmX6 zmxStwTiMjRa1u7IuI~sl#vVW=Jnm@kjzwTZ_rv}t@0M3@ST64g_yqy1$NN)= zH5L^sVHC`*sAV0H0>jFP^W-s5jXmNme$D;F7oQMmw*&`6cSAgZlQBzg37;$wg^k9Q zu2hy`a)E;E78U#Xw`l3lY~hyoTJZe19xl&(C~c<~p`x+a|B{UEAFLmqZ%99c)aK)0 zmL5J7fWE)8`Dbz7W{MT*7KbU(wRvO7ZvPnvsfXa2824CCxj96_Ezr*c*_Lywbg{lq zX@v93^C2q2P%=0i3w#U0{*W-4ngSR6ScW7HDq;E!w*E?Wql7O(IC9|)Cw_+6_cbXA zbXo9-Ele4C9FP4qr3$kr+RpWNrQw9ZeaCR~<+e32%GbQuCNqmr%y&JGu(wV2&1l4B zhJn(V3Tcm=^_}A04>VyjGB#?=Eqo;XO3YAmuH!r5xS)u1`6_gpYw4#(+8E+r=+X1; zAOS$Nu0U!k&%R)VV=Ux&7?i(^?zfGdJdbCTp+vNQrNXT#d;HCn^s;Y;;UjrS2n3l``3iZ{`d-AJKFaiqZ zF^S_>&p~&#@w6PeC$itfFZ#LYjX9Z$rbFuIXnt}nKTm>bGzP@O2MK;1mST+1;Ia`{IIY$xGlzsdp1XgJ{FdU{(!kP z`@K{6E(Y%BBn@$Ji7VCzWZ!uUJ&sjhC!;WBbK=_`H=c4bxeO4H{?gT_2--7?SG>R9MZ7Q>fOE4Mv3PuDfh*vO-SOi4vJy{ zRh@|?N50~mS2#FZnQIrUm2-Pz(}SDxLnM zoh;;5n zel7fCA)^w7kf2QE(b9;CH@4MaW$XJz&KyHLvw0w&$$YOd9cO^{&j!K((oVW6G$6sF z=9*GsNUT$E_Q3e}(l@XwB%lb9ToF5)mWIxq)IL5nE-Y{GDnd3VxNC$gIjW?1KV3jk zMF?hM$b}l#;f^A#;@pu*YScsxm@{|FkSt*qZAm@h+RTg0cKCb&%^Pw0EpK z{3E^wIN7I(uRy>RggGw+aJ&siDZa<1 zF+zJP-i_CR&IS95Co@@qk=Qwgn}o`J9ubEb;UloScT@YHp(6u)AwcprV8EN#B_4Gp>K5nPnoS+~knMC?!JPx=ZgME5lirnXmQVj3DD6X( z)Gf(m!k=r{TiFd+wxPWbhWXfB#LnrnO~rtyG&MchCtTwET|weyPZ$&_LgH?;xRG|d0{o{f zy|D#ksM|M%J8JNPs8rqJ&t~_8tvnzCYL+o~G^WJg*!EsDsArm}TMqa+X!rEpfuUZu z4j(r0&;w5`kueOmbLKM{7Oda_Tzpn3Q6!b;$F%-ZR)Q^kS_ZT`d-d(^1Gt91TufBU zv1tW*+hOXfMuWDs)#U=`#?c%0CF&y{C5d|b!*#C;P(lnvB4%V)N^tH-y;sW+;Apsf31%PXs=Qu2ku&7DNcwLhFTY9P7LwU49m2D zl8_gb$2jd`jA`o_w54Vl^lJ9_?ybez4(8B^+_8cqg3&YzWBk zTe(5uFf_r^TsUU^@LghL2J`dk)!=iPuj_+QJ@ER|{d$)gSQH%K@qF_%{bP20%?J%1 zu6F8+GiQGvrTAug(xhHw^3~(0`!zSssPo0Gwn@8)hPSB+8F?Oq8jL!Ok0}=kg>5jr zd4$FmsmZ4%d@_m~ta&*ibyiHgI6>vUutti#L4Uv`smO|{#PB=auv40ZF%vZ5$sf@j zo5!oeJc`49i!v;HOpDn994p<)k?1IQmA!e5#e^4W{_1-^9B@nhxc~f2a|6O-?_Tuz`*Rea~CZ5_@h4e@k2&9+xybqNUUyD-q-Le{?qWBoR8JDLUWrJm>oY?OJH$#E+rO*8Wib$1hl1*X;kW0oF$o9@izv7VzgT+Irc=n8EF znYLMC#+)QQEtm#r!N}nu8>UM&YQ@rMjbp8*DlmsmB?Ql|3cp*6wA&Rw>l6fz+`VMu zJ{gwRj-cyr{NNx?J!S8b6x>=VCVWsuoympVeq^|M`J*8*q$h;Ors0PCSx`&TL%2Zp z5z(E!C0z7a)G&@4YmY7eoVHhWHzawn0sW_!Ys*cEof+Sbd%MqV0adOQ_a#@wqdm$p zQ}=9QqN(h+ACb#`U*|>OfdNt5q1js1g%zy}mSEl4Uvy8t_JzA~%ubaK>R+Y}*=S-s z%!;@zkX^Au1T?Tu17rKXW{vW27Yent>3*4!Q-yw%`wOKvQvaL$w5mQFPxVm7HGEUd zp%P`mJ$Y|bmN>S;=QC;AzT4_to0m4v_|O{9UXGD6^A}Zho+dN1S;EH>F{umO7+gKK z|F6)|2I`MTfgvRiDZnm+m*@x%zZ0my*V!c~>CXFp_s4awXP@d5Q<3O%dHY9!xdlms zvNbQxYQk)WopJh-gS%~&mJluUziDZfl@$#sN>mCeIs|8SCoMnh)py${)BV6nWBhFu zi=7jno-olnuBNI+Pv+VZXV<@qz4y=>A?iT5b^+zWur?ci3LA!m3jCw;#8J2l%tQZC z>+3(#rw0bEFU%IWkcIjn$ZhLY3&?5&%VjP1_zJ4bJuQ<`ttOVbL8*Sm)~-%P!;EXH z6<1vWUk$d`$FYeLzRd(psOZc4R2O?&JY1$C~A9 zFms)!!c(D9)6Awi*YT}Rhoh@Ab*#{qGYeY28cxs#%`~?E%gMkX-@?7B8HU=|^kvnX z(ov{MhxoJ@D#Fk44d)}c~Ogy31H7z8(w2RtNM^0T3!RM^&+5N zq*HC^e1?A1!~e@d8YRi{BSQ$c8Jdw|K%W)cL^a4-{_OMKWJKW8F*-YQa$8#Y*W@to z&01qUWrtCK4;5mm2nUD}i*XD9Il=+|9)WQD1K?r_U>t&82wjfe@4#-zeI`CRTOwAZ zqpYJR((luI`kEw$c4d@w$X+aR!(`K`fy*cDu5t5F``l7}#Cr5I@Q5K-R2f24O`wA{ zogz1kJ}E^k5*NZ#EnGe$13e*o984K_6q}5`0%H!~MFN2d+q+_nKv2Q;CLBD}PoL|O z>kE>Hd#Gs5Od3FhE9Qj@L$U+JL_bkt_UkEASv7#ta27-eSdvPK(jxE=52~ zE};?`bY>GWUpRtjEwC|efn`HzSNN-4a(Wz8OxpbkOa}Mp^-lcE+f`)4f!vIV-ePs~ zwcefXk&fGsJ@B(a!sjPEDMyxJlq)8j7(^J$qaEdZ-`6IW^DZs|&dnhv%iGuYo6&z= z_iejxT)sc?3w&FYcCZB2E!eBT+n?=M(GtyZI;+%Qe#EpV!Y&>7hdT6w1KYmyNGdMxOkiUE2poHzmt{otc z9oXyxY40E%=wBX-{dfXg8Xl=TGW zg7%IQy-d7y^Ix1R1T~uk>hUKOK&r5hJgF*AT^|YmXuy5A0$vLMpy#pwQR@#7O!Ge) zA_UzWz=k9^hNv>E1h<_XtZT~%W~)7dydx@0k?#(?O@_~G4_XyBIWzpcmt z;LtGyBd38x=xGaA{G?L=WlJMP71FhJJ->jEuK@soDgfZI`A>|ph#%k>ycaWR>iP!g z_4Wt9xR}R|Q4WNauhBng7|)WX6iF+FS`ebxsxcfgO8NltV*V#BoHH>AP}uLGawrnH zrH_8yekAn=T>Pai9yK;Bkggtt{7gWMp?83ohakn5-k7)1L!dBjxwcMZvFCL0g6I7@Bp!I>E_FeUqR3&m^^8-;Msd25$qi z+ayyl0P{XL;A-s&5LR}-?n(y4h@QGu&JJLzVRD26M_%eJ6yv%1a;_0q_HG^_8M}GS zUfY0!`Xc*r7a~+Fv9hZaAf=2U2f$JPtD=z_eOkKUq=b?M*3PynSF{3gk91X+iF>Ve zY(3~1FxT)l{zcSp z?!}#~R2Mfvs!9*qx=L}r#7%0oVI@sbQanP&*rq{h_@4AHvCNMM4n=+=Gndy*uj|w? zG((aj3kMjulH>P^`vNycKku{3lWSlunG!$1*6#k})bLhL4C(!Fn1QdVbiYk)&V|D- zO_v-r*6Dv@9RcDNsaTa*R-3td;@(^^+-ae_X54YH+Zna&x@etUU~zWe6{Kiw zWS zw|n`#(^F>7>A_1zGui(G&nMeMhwAu|MINL7FpA|-b_jH|@(YTNcffROPC!{?dwc)F zfozEpI$QQrMB73v-7}_QEF=$|gxtH%>`Y^s@SG~LP7~2a=wvA3yU2*j7uWaR7x#$k zCi!*#!fF%)_+;CcNI<6e6;*brEw2YVzp;E2k#nmod=F*Zga3sVj8fZF1e$QjW|0WR9&4Q_l*M~<)FovrjPS(wq*H+O6cY& z{_hCN;EHwP1-D#odyz5c`x^HCf5bl(Mll!#YI_=f5Gz;W8Qe3Y!}%E z-&e13|6hpx7iOD9NX!I=x zC~w+62NSD%`eaeJ^9M8D^827@bxQK8SJWi5WrZ=$Ofx^U-9b$Tkso+jkicgOzuK&F z}mUv@Y!fJ1?e4AsfAiojCAIp|>1YwF~uls!VAS(%4GWEUFKhP)8TK+uskWzL6 zebaN`n^IzDC(aPzW3irhoGFH^S#@%)0)V}Fpu+> z`}F9#YGe{B-S%bc;K~d6`;(PmbWtTVH^x_2y+JiClGCn9GhvovFqUaEBo9j~8@hM| z7BhKuMSF2&9Gt8^-U{%+H1VB#KiXjb+L|TYvhvwAj4(HS-Tz~j1uPuIh!?PbPC#SY z_Bdc&FIK6ut+wf1bJj!+PR@aRa7y-H*x!Q;<*J*PrOPt7@5QPPJCy0rbdWfFv+W~K;Q&{ z>SMh|Der2Q9|2`{GYpFX&UzT7^K?3QtjR@6)p&c}b8B7;fwRrJzW^N-JUSQVwnP;x zcFw9RFJ25<8sdrFKc(K?+gdBW94cpz(hE&t?DhM{y%Ti*5n#BOKn(+2p zKyo_A!Xpr!9tViYyF)gw0JU`BPdspAPaNd$b^P}+q^keQ0raQoCxEz_jRsf-JK4ZH ze+TN~fWUi8;J-NmvRB_*V73@AQhrH8bU&0lAJ<#Of?ji3)j2b!4CQg}kCGE@qYTZV zzr7p^(=AK~eN<@345W!Stc=e z1T+w9>F9jP(B%BoPr(u$q}4V{BGuRTin6>o;xRmlR$COove7BpRM(nGk9}yl%_rQ5Xk~X-1tcbS*PA+DT+6E~u^&%H?Itlj z;M$CgYr-XwE2Za_sHztY(JPZiDCny7_VUju7M!ZeUt*7StSc1E(5O3F6R3%_-#?rN zhbgAYJTot@FMfMTiS~?*ROZv)A6#?$A-NxTdns{m*kEy+KQqaPN@4A^!sMgAJP2Nx zk}$aiyuan1Cjfg}d)8g{0J!$zk`hZZ8@hP}h*`XXRYv~Iv0n~MRb6~s7o3=>nwS9j z&I3OV1_-Epktk&6I20xZuo;xf$%W5sE}ebi5?lizw%ABqQo}sOI@A8{WHcnvbk~QS z)l-7>a0$K=@M0msl#rAm#3St!yHSPvG769D%g5{6!{-k#lK$?AleEV-r&{M4%nl3# zgd%CXng(-uIxK!MhQ0oGn4g~eA=+`A|0HwoVwBV03#e{dxj-m8K(sWs3<6`({*ef= z`l$_z3w1@&Enh9KS*{yObDU3<8u|{Kej{qpZ54H;n_$KTc?tetCc<-5MR~t$T*P{{ zSUXHa_GS8B?-ig+rms6-y_wsu_mE4Zn1dP)Px%sp_~xziEZlDv4% zP2dzsKuNoZ)xKYE_PkBSE2=%!Yf8FcQnZB$M33!iXZq1&TA5JIU%?Wu$<{njqfY~D zhObp+?0tRc^x|xv)~ZhV?O!?a5?irUTTd!i0MX}i7n98&LPBM2hIy_RHU2aVFG{jJkh(vk13iI< z@D!r}e3|%H;7McX1JZj{sOR-&o+(Z(Rj-36np2Os^tHs+(#AFdr^~;ZdS~2zU}}z-sU<+rSUKcm(ny0lh(RFuJ8U z3E8EEq!`wM)qR!wBl|5F1@6>!3ueO$2!K|;siA=TJrKzp2Nik-j%ENK=;kK9*9ne) zh~85OgY5hs-HqBFUe*&S;`Cq0Wv#FwhMu_1dDlC>jhNLtkUe-~O>L!??}Q?oPct0# zM2zVX_rP>gO&=kp>5x6a_lK!#?b?;!OLYsDrsEUvw0bgI@$)ms`GRaRaB-8409oAa zzo{JsE~)nXVTNP3(~|UAV!ogj6vY8ou-q22#pnSYz*GjzFNd&Q_UocYn=+kJ!P^G{8dekk304k)j0`cf2v%p@^_TmrqnU z?M@vPfti>%uq!`s$*{l8jW=94IPIjo{g6pT|FvhIHZ^1A#q2gfIIaMsP>mLTo2C9J zxX-XP2g-2Y#UPH<$$t9nHGZzGhKfv5^ldR9^U%rP*xxEps)fJjROs%OChCA6B`--> ztc~CFg$?DM=Hu)3sr4(Ljqn)sJ46r0AILevrEnCl2gAi%<^7|7uZFN%1Oz>`Zvmd18=JoOT}aG%1rRyx>-d_91_+};hHSLp)8sHX z-T+z%-y=XHsW}?TkWT&@B@)NdI5M9Uj(dF_CIu}CEUj%{Qh!uX!Z?aA=5~H2ema@? znc^vkMs{o=RMu=7QI%rsjYn_kBunzzyzN*=jd}7gm!)mMSl+k`H020VQ(>U%C%|Ui zigB0{Lco{|NE|uP2Z@oAAs`1j_=ZwKfExM?CWh24irz%bxD}3J)gM#$DZh^|%gMwi zlV|BlAu!f?cxEzK2t4pIV+kbfB&8SwG)(4PFzTWP!y;q%b6xvM97kXh(YBIK9V30H zzjyf(C1(nFi37*|_<7@FVrQ9!5Ug72uU!ec+#T1AU~o0m+rtZTvwES*!7-_-noP;A z7OxuIDJaq^43&MoKR$anC`o_L(<@oDV?55=%q{D#hjR<|f4!L={!xFkTQgdCG2d0A zT4P2|X|e**YdhhbmOY~efO(^nQil|%l z+^bZlAMNRy2*3BN;LR!|tyVf~K%*7D!Y|PQ9f7>eBVdj^f!E1!d`3Xvzr$k$9mQQ3 zq=N}_YI)(BJpHFE*L={Jf>Xcq!lU#}!0HDcUQWhmA}%gpdtM^^)e-Q$h3`cT;eD5# z3}kaOs00Ye_;27%;OTf zD1o8~kQZat`DSQ`NA0YLfPWGr_9+KhJ2Z=AvFBsFa)oU-O5oipF#vl2>rvbQ_5?;KOOtY|orx4()AMl3wXF&YY)M3cdp9`>rGG|2^?JP0O~R4WuUdPTSl4gZT&Cvllb$#M1F*n*Jf zl5joY@rI2{G`D&5@;Jxf@4$WTZ)LcwK`QZ2h<4r3!c+XYi>E+F<=r%P6{79mYrRFq z%kAZ@ZNn*tY2>F+nbXlO5K{Lw7uuON1s@i-`&%e6EUXGDTAJZNvuRatML5)!D7|T% z>!ljVoT!jlG><$-R0c^L=BqhL!h-6Vav!C)7YGtvj=kt;z#ODZz0xw(-CJr#RaUT6W9%Rs<|NVndY97FTmJKlH02CQmS5vdWK7n` zV>lYM4MSw=xRoIII*EW+gPz}e%*w5qNBSwR5 z!$3Y+A-nwMnEbeBvJRask~F@ido<~}4Jk#pzN@7Ts}zePdahHTfiPMA{J+iwA_gcy z$DVZ02Z)~D26gmXK=%+e>&y$&2U88!0F5J%c{3 zoH&yAB1MgHNl0 zwm3Gq?uMDuUH9U^KzxZp8vY5ft7oN?kQrFS(0Y@BZl1JIj3QVd`*vKumMh%0VEQ;V zfl-JT*?BBX%6vz4WGB08^2A26!e|8IthuyX75q#(?ydHkvQf+OPD)^DB;cs1nHORNcy_x+e zrRUOjVX=>C74XMD9GT~&fLL(@!~GG^;=&A8lx4s8C68TlkTjUznu}A=QkuU3bnP!Q z*nVj8oLB^0$(nk|2={b*?@HVBt{rD4uIAtIYw*c#NzfDvd%C9t-Q!~^MeNQR;i@0r zSerZe5~V~-is?ijovTZw*0}!;kF+m+zt!gPaZZOnszqG6miJ@od=OM7F~pPUkFD)H z^jzBPEayHCN^O-w%Y2X1=cdZE0{)1i4(-KMpU`Rj(yU!EY&Av&PX6RIDOTdxgDjL| zh^Y&xT|ak-OTg3c%ZZ(7<8gaJ-vnezFbIykT-i2; z8PrtX<)5acCLtw|Z%|9i!9*M ze?)!ExY}@w>z9A+IuCZ`e~pcu16C;sZxSJ5FN|hM8iv#O{(SC5bJFb({Rx}09UKu_ zpJ!hznIxZFM=sxFz-j<&C(pyr`edyQQrQ^A%vQcW(J(-Mk4O-{6B^!*}NUW<*82`jofV5+T|#<;vHZYch%j%(|dopPOM-B(PtT5 zQrHNZk-d)&-b*ig>1O`J@u276mA&2P{;e~0yO3`JmZki2(B~aocF@+kt5rBJd{2*rEIS=SeHdx4#4Vl-0W86qZxpjwGr_lvYw=vf zrA7u6C!GMElVQWM<~uL(b+I~pSk|eLqS+_>)JMKuyOesx@Vvz*+mydjZgDQ5>7nYO zMr81H2!}629z%6;Q}mYa@$$J46`zZ|`??Psyf2Fa!^?%_HqFjL3pXtz?z+l<^Hv)85HWi8rl zV6cqGeJNAzWZsR)sln`d$o%qapwn*t+y+HcNwbKTQDM9Vqv#C+FImgZcQo)$HcZZE zntp21ESzH9r_dSC@=M(*MlbB6NVtfa9wj|V;+l1{k&p)m$F`iC;P;^;Mt+qpB}?`r z6HkL~z)@MstG@G>b3yK)ui-?6!2d=CJ=lN2l-L&k_kfEQlyteE_kxH>q}(!1IZK79 zz#V5MKu_cd8|l#!$@%v}e`=I{T;rbcjG`MsNoRQZJv=@aC8~co@}!PO&TCmGZd-4p zBI00*@eZ~-OfS=BmB5Hjx^@42yyvoi%O7#-1}8OI={WX@PNC+JSM-HX4kNlzEtX2p zdwn|$e%U0vdmaiiY;K}^pZ4eMg4sSiXx|S#8aePOtXCSS5^Sq^i)ZR`rTYrB2t4Ee^#LxY5PN@4P>Oj|x;B#!-iM$}z5=wM4#q6`YYDUEdxHD!5b< z7V^J1Zp>o&wZeP+<;-MGXBq2>nO2|w7DcI{{KcK6yX+x?O*l6~-#(HT;Rl`h zgV4Wo@cgozc3uBoDQmgrv1ls1CiRpsBwJ*&Xl-1+|F~6ISbL4ZJ4pRC3L&T@t?|^s zotINDF18E~BUxH&gYuB|;9p@iBE@cLgC>ZI>X26gXY}Ux7k>4X?7GD_#t<_GHfs{K zK?mW%se`PyzMGgr4QXpNHUIR)(aDX2e+s>2%UAXM{HSUAdoAX3Sd3dw_fG!JW@Q=)(Jn_i*}>WeU&kR}1l)YQ z!;LHm6tgLTPpwy^OU3o#=+H^M^^~zndrr4SdQz3+{3KFZfM?i??7{2b?;DRsU`?jf zO2Nj<@!H|9Mp5fmd2O(ImP*E4h#^%Om|81tA!CGLL=^;qv{YNs0Tf2ZI{kaQ<9YUHbW$Np9wA~rSt)uM z^T~s{43lPSZq|Dke(2Nb?k(i`bbk5BM(04{M>uVC(xxHSzaw9txOZ995p;uyZ#2X6 z!|Q{aLcWqVRN|-&xrE1|8gl8es#0REhQ1H`JtOi=!TmnHHb#OxYcgpVio>KysU0fm zdIIov^(%rFt!3@fF)5axeoJ>QpfKQB#1dslyWefV846G#xxW3|uLu*yip~8ct(F(e zfO3W;YO(u<8LaX)*RP)~M$I0&&tL=4PMqI65N=b%oNC+YeXofMxxj*rI7YAxG zC!bpvS2|38_rA^S!wtqh8n<6p6efh4?^w0y74S9 zw&s#D`8c*V#Hp7-i!W=bqbEiB9;u;D{>3ynS~uNZ7w~ZZJpyQ(lDH;FviHoT)(3l? zy&!!cD|jlF+^i;&zf-*8ULOC28QS#YZyE!I#!6L*fvv?vBvVH@p$ETu{AhG}Bu$T; z7jqe9EBU&nPxx@4TXer=K7ws^VBpi?w`a9zD2&_d{q7kx|8*%8SRIt!`@&wMp1>JS5FXG%`Y2ld`%%+gm`CaUq>Se8qAY@I6 zIfkrZspUcQT-AV^$r3g2b8*YS?MciumEPCZ9SoGaX}=25@@}SBKbelUi_5_p7Jp^qX!+RWZ&2SLi^Bqx;a|VeO$~EM#|Q?rsS0+P`y??B zohQT2K8~8IlF*@<2qwm4p4lG!9F0G1zJsb}d`mEa1*9$73&CXm8trzb#1TwI&hvrn<0njp z`Rd>Q!i5JeDU~nIGk}l2|4_5}6@JoqB9uP?x7w7`Y%b8&xt36jpU!g2`84y5`0?|%76j#aB6(d`Qa&DaJ4Ig@ywLqpMH|g~ znNijB@7zmF5C_%*{Ub+7`|#U_EVog3ZG|qGj{{&RHbhKF40`s^bKd3S z6HJT+h0bpJ1e2A618ZMu);G^6!K>@*%TNDS`OM7BvY}sm!9Zx=zgXzWLk{KCks2Gz z^7`wdnUUA|D-~RJuQWOn=^-=URpO8LzqMvxjhCnhBi|Wi?vWd9%$+H8osBdxiRn?b zovo32o9NEtY5)%P{JF?c@w?>?GISy-+PWEBB$%O^uuX!QT1B^7F!!HK_)71qU8CDN zgH;#xV%C#KWfd-nYsQ#^$0l)92R8ym{>Xxr0dXr6O`*P z>}5ZGu4BXM@H;|hBD!7KZ13_2i|^U99~fPgqJ+pZ>!0@a|YVR zVYZa7O@=YmhI#b{{!(jj8IMchf02EYutfJ1&~${warXZ9AkL-^B%5<1VH;ZuIplcJ zEmt*MN|5UYF$u|+4jEhBv7#n6dUN8>6sNpoUQ@Ex;1*xO^17o9tzEUM)S`5xZ(t`o z{q$kcTkLmqDruUUBl~I#BlSl^g`h1PVQSxF2C6yp%ze#d^BQXdftdPLJ%m8r9aYVc zH+MKOVbC2a3-SFv#8_%Dy8a3nE7Cqw8DH@^%~O&v-fB%UqWQcK=Vsb$UL2Q8iHQ^|q7U)rlt4 zP6fmf86UwA z{flc%I;Xk>Qdzse6NUAFb^)?NM^ozYD+0mS8!Ck%{Z_3vl0rG?z?7`p-|CBm&wM$d zQI$#Sdd(XL#*BqwAI0Zt^whDOl+!ZfIb@;jhWWGezpXR-bb+>qqp_K$FXkVzDOi3j zEln_~BfleG8QfH9kyk`G9^UKH(=}a5u1mh!-ImvX5Dh>duVa{BSP(2!Zka!O)DDPX zt7Y_w+yY}4I<6jz%PU#OSGCtIF7T%+V@fb%NMa6{%juxF5z|mgg@(;n_hTJG(!F~Z zBADrKyFM>8PiIvluD2U@)l+yfXD+CEeXX)w3ZRYU#pnN7k?~`;BV7{*?Zb}(T{^*K z>#mU?R2V5#WCztXa(`=r4BfrJvd6`cxz3RY%1N6FRE9Dz;ma23qHWFGe?LEBthx(Ik7%F zre2d|WyiVIYqV}G2N>V!XD}pa&m&vXxJ^l3q2bTqKC^)AV7cJxwQ5zp!(zg(h~0Km zu_o5EuzH$pPjwDDY!8lKCS}OrS3ol%MZ?NbkO9Lvx>=n=ik2h~ZHBmg#~{v+NGejI z6V2TXKS}L)qOq3Yj)TObEm9h3=1sNeuNvKWiBq1thLq~?f5F@e_dWTee~Wo=?=KyB zF!hgBb!X0jQ7YzgTYSGPs9k1$7J}k6Y|6j5%}k^OYY_NZIeB>%gRe8I7S8?-?x^p$ z0e?0X2GFTTt8@#Py5yoaV8llL)US$hXIFpgP_?ibT#F?6IUE%KZp74TcSBb6^K%3L zZHXG+d?ViwGTWmq+8-bd&15*BExbPovbyIpJBW;<6ra@_B@m-;NG3aG(f5Cg$_Ar} z;c9&{*-G{Ql~nV`=-2YcWb{VS_gnOp2V8JkHob|QlD0W5i{B(~*O{1+%d%>{HPZLO zK384HWTEq_)cxe9^YJhPz~D`f=y+WE=NP-Ns)qYJ?HyR?)KI2^aJp$4p0kLX;}4f0 zCH)fIi^j3K28r8JS`6P(Pp}GO#olf_D$Ho#thfDdIi`7`5Bdh~_P@n?a=q+1BN11* zNh%5W0_=tLSIW?i_14eGbSo`Q$#lmo`pI$U@lIdLE|%HkAT2Q9^d;q(J5~$6k`!d-DDjw-T>NbJr3}NOhNRY6M4{M7MZm%f zJj0=Pzpa<1z#3dtxgp?s?v(DXu8$~cE_q-f&5eQklFBwVi0)S~Clyr(+n}(K!2>l` z%PW6BdMST*&=LWBI1BSnzgA(KFN!{o*=?KK^rpANY+L+virIGXJK+CU=q>U^u6s_z z|Gy{fqI=H;PED)%Pfc~)mpTaNg%#r!jmUgB-u6k0hq`_fGpEs=u1>*I)73>XA2ouv z9+o=xp@OHmz2_pbWg8X`Bj0<^Us3Lh{?pN$FmwBN0Kv^$@!#8YTRf2Y)YQTKw^Gi3 zy0OBtI(U9XN=8o05JxoB<`5FAFP_C{laZOk*AOeE*1=dYm1K!}d40r&!o-@4gWq?t zt?W_5$xzqIJ#LV5Y&b=#&9JoJ!;bzGg^bSQs8|8dgDOnpF#Hx1yS{+`)zoSE@q|u) z4B26Lt~JxamhMQ;TLC0mu=Bt&Q7wlVc8a1}T7l z)Yh~@ofK;2Cv|*U<+VKgK^PMF<7=gAx`}|!-ggL02u|?ebzi0Bsv~6u@;U`{mkkKk^FB0eMYe55YgG3UFRXTinj2h^=cj9mg%U67khYDT zTyuDmO5GVP$q@u~r9MzT-GiVqH+wea|9B@5sYa#WuicNN#CPmY>KXGs76!%28@nX!T2imGQza}tTS z)nF29Dbs{&Qax?Fo2si#93|YEkf!7TEH^zN8`a z_(qRuQN#83e@~+8+Hj()2rk;Q3rF{Q+GwosQB~lFKnCgMbSXCez}U;WZqpn}Q1J#U z)Wi^R$ktwJhq{@;@2ap$qqgdt}K7PbPN74fIF0*NnNRW zBkPGhC=t!A-YLbMR8oxEa^gB~1cZPrSSvxo2y8pVo~kMW0!!?3n$j=LE7x_9&d?iJ z!^J)4D57p?8Z)lSw&xe56FKMWr&npP2qa?Q>zJ$`!kjjmc@fWfwi~T9lq{tuD~CWJ zp%MwX&Y$-%FU}M)Ak%b5i)lgn;QIAcRZPfw0lZg4 zpP!UmNtX(D&zT4&4V6xvK=Kf!e-)qBC542FEU4UhCY&r|%j$q{^EUud)Gy!L-3i;} z4=A`tIpk!VQeD8_!UBcUSBrn3xXW!3uAxAKty4NGE2;oQqvQ-Pb8g|rAjpxoI^)$> zQuKri<{OX@#wMueG50KM59KPR-$TgR?g$8Nj)C4Ui>%1y;J9FCrM+Q=$}Z z`Cfgph4?ps<_scqLk-(N@9Eta+~Hh*=E?qE06v(h-kv(Xt8dGbQT?ljEjp12Dq@Z% zzAt()_}kl3I+veh_m<8*`x-|v+@!G8;#y4q>c?~w+Tz&9g;d^zZraX*)$-U%j{QmLR1K9EdP{BG;W_i%8^w<-VcgEn z8+U9v0vy~oUZJj)&+UmkeED8T^bOh=38q&sPm`$$^ejX@Z(b+<`DoIj%SG#Hu{W)M zJ4!=1*}?i%%r2%hL`gkVK19LVF+q3<4i+r3mgN#M@qyu&64MYB`f67~fh8jvlE9^6 zGG0^hy@1}8(2MPUT@+O};wGbqSAV%u83=zVGyFCz&UH(p<`qjV!l%9x{wM6nTo-hKQ6jKVyOie*!r{`YK#f!12i4;h3mJLog=vY3liNBQh}uAmWwP zAX`Vmevyp>dT2O^t;*cMlKN~xc}0e^ny%~lX-H>EH8qE6=jdpg{=u#C#65GLRa0Id zi9-$)!EBdXxJIZ8&X-3f8yR%TBExh6ZM$7YjV>>y;HB>%Yf227gp{vSTQ zR_MJZrQ}SW&)OsT|3cG$joaZzi&p?|nc|Y9g?2qzWo$ZM$2*4Gtr$LvVdtP-q=qhd z;{5G{lk^0RD3#l-Ld57V?*K_1hlcUQ{&d6Z1x+@m(bhFVQ+vPkE%5H4GxzC$au>5| zj*P#d&f%x_)w7O`c5_A6m^$D9dKD#M=U6tV?bCt!&kR{E4$lY2O6h`L+tQ6@^g@89rzC z%W{PW)ky8pmY|Y#Ul2qsRjF#^_c@wby*4s}BWN3QS$Mx#0>MxwFct4qVy8y!qn2kq z#Z<;zL5@TbBGg{d{6aNFloLbq2o@eTZbZ~*P8K^kvnMB`r(NT)>z~2*)-y-H^y+To zISa_{)H`{z*+Nt!0jjYL+6u;Qe;m@fL{^SEYeK=t8eX_qRi$*;+p(FGsPBVt@R3Z< zogfjr6bH0r-F2fS<3v8KD^RG~!xMtl)EhKw@J;)YVnGwA0sdhgNGx^g5qp~{$yUX!lRhyew<3kLE^p-UF`$_7!=m#zlJV~gs zgHQ}^@jNo-Tg4jWqUmsOtp%lC6HZAeD2|f`ty_oGAvfN|1{NSo(O%@af$<&k?`Ia& z(`2_)>GdmEqInTr7Ua5&DF=pEdN$?|gX0h}e$ zRXET<%p^#*J?9y;tB+Hx%+NNk_1GslKv*jJl zLf|hZgL@h$Qnv7>yamvw<<_rG2!Tz{pEbvTf%CGF)S-0iW(}* zlvqLr(2~@f}sshrfAfSqe^9bcV zvfui>smg|cCeGi}p1O{V5J)BY#Yeh1C zBkauoe4I>G03r$5k!5o&sN;k4#R9U+aup$*m5JT84@2En?|7J7UH4-JzUZJ== zfBJ6rw>V_`7*eFzi<2#}nI^+0|7Zu!$ZU@(4T+jvn;$P3=4eql=YYb4VHPTOuW*lx z<;^CNxJASeN8sOjXLJG(tm!Gqj|gx1`<|b&eVJcw5$JPJEAHNqqv=5bmlbR^6;6i` zLsxJDI#pXZCSO)}ZUC;xD0z~;d*3ZaIWL$UdVvITf(vRlxr59mt%Cl|;`XLYa4cRC zM|5pw*LYzA3EaSPemgAct@RB2I=^J_IY~X69o?KoCE=XD)48kP40tBWH0d zFw^FDMv}z6_KitRaAJ)sJ3c5H{{{k$hy2Rt@(i>I-6dzLq^weKyoXbNZx6n)T*XQt zdvPm)3o!6<1Diu)@k1h-;7Iupn}-?W$hnw9Whx9&SU#V}*amqI*;y(aCI`$qp7F5c zDE8sI{fJkDBd)DYRis_|SvgGJ$e1-O68+Esi z*s>+B0*yaPSTPa$fa)+!&`6oByho5-pg~1eQhMxkN|plXWQS-1)*gglG~s-UeoB?> zS|JKaO<>eumJD6$=o9|SeE_r=Vv{v(1u@K%x6M|Ten_oe>U)tD=JmT~Pq~5`Bk9k1 z@etjxb~0xynZ4>F%Y>BUFQ{j4Q2ub3N!(z#$ec?sZlBNpoe#NeAf!G~{>@sB_{$L> z>nubriQat26uw~=BM}M8OTtOHRS&D8A!C;*7f(xCXuddXBoz@kuBKWVIeu!u*pU|1 zH*7S8j=r?-2xYNnz*sUoY~;j%X>HGdsVyafp2$E$OKMosmKHUl^{OV{)4@|KW=Yt`g^nv`L$Bzd<`mu2$*Prq^ww5*JRUN!?-K}GRDt*U}n9_RlAmA?Y*{5F2)w|$^x zmd6Ru3Z`Mu3P=BQt-Ow+U-7Tj-QNFv;aA)K-|RQE>Ql=9;wGd0FT&!lz2g7zQTnyy z^~vi1DN?fbFMkLKFbC!6H9yj~v!e6kDC}&F&_B4o0e9@`<l0euTusL-N6L#{1j9k;Y_~rEh5jL>)Qa93Gq5dmLU0Gp7GaFT-ko zVj-fI(Ve`(?xxyvY5)1eBF1X<6FzC{Nl|xr~=-ki?^y_1JJ(Q{+#km0;KsBcfDY zTh%D@igOQaO}!4Jb%3iuJV<3Zo-9{xE~y*Q+FZpy%0sDEJEm;GX>JKO%r;BnRL=n3 z08wCHkSo~LX?n5U=j+0)PHVyhSRO{tP9muW^DicX30k@F5Q|B_BSDRP z%K}(Al&1C=AbOO;r5eMb9W-TT_6poaC?1hmR}Pte%#$T{sVs?!>yGY5g~criBwF)WwW1(dEtfW0bC zKHNw?$9VViMxJBG*kMDWR(O`yP2shPy<6hzJsy$F79ksePa19d#~8YP?HFkl^2>k$ z^?5gc@FQSpIarfL5?n+Y*Z|W*7+cueS5Bq^aR4D8I;7#4jsa*1RW7o*797rQL`uB| z=*;}Ov83Ir@%9ftp-!O^DrFk5E9_GXMRlrnPe2nRrPu0cnz90pjcv z+Za07B)Ae2iYDFA+gu{bi#%~88gZ}|+msXnVwL#2pjIs3>mn_>pmwufWhs#`LYbIE zV!fEayrP!SQpCU_Zdj~bE_uF?*o5V2{hpA3LK2}Hxz|T`}Y~$2hkdT4Pq5QVS&x&QXLsxZ>XsP#VZn}K1VTQ zbwR1jy|Gen(ocG^Oma+pn!#H9#4jDT0Xr}o5JPAtKt`>p$*f5hr}5!LsaKdpS#3g- z>vDv*P~qn(UJZ0j(+zc+WdLf$-`82J0r-+^18T)_1hp3Q=p@k%)KRQ!&I7%n>^q1; zo%d1KIiJ&VrpB)dwZuXLy++O=$pt4Ipd9*0U41@PYG46E4g z2TLw@l0>_Ux7gv=S>ytkiI5FPp~IibOs7|R@A|N{| zf4!3=&!SIJ?&Mc*Ad`wBou%SplTGEi)-NOl_OH~^d^@Wn2YAHDQ@-FJDFXDBmE)F0 zSu$Rm!&o#-i{`c}WW9x5%30m85A52Zdgdks(?|oW<0eTmpCff@a7v=nh*5kaEu+Pi zI=HH5x;YK~qV&hUJ3Csx#wR&D_o1+>gPqUxWolBH63NEiZT_D}kaJCYN0+k^7iX zBrlR|55$CRR)dol8%ITo&RKfO-^p}%^@F{CZE}*oJl<_>&f?kixqtTKI=lwNeN>$0 z@LDOc(RBCf3u*VlqGB-+P4(i9c5az?0q!`})Gz~KoA_Gf<}p9KS$XrtqMAMex5x!9 ztKasD$&=2wT!@G?+VY={skOrX;gFs0$nYBzk5|Jet^+#JlGe9 zgw(_?-sSEKVmdPS@_itnHa`Gb0zZo10~$h3{@3>W{|GC76@8!}c7TAtuILDQ)zswZ zwn!+SBKZJNV(&mhy#*(kCEwEa->9gj^FPg)5fqhSaJzzlO5KNofNk7;a1u9pkEp`} zXShi{^$Os{u5upW#j+8B3$5fcvD*S?mXU!AT;$&F)BiJslhBpNNy1|%?+#p0MgKLN zEPUc?`t{EI^)UU<6qR4mo)X}{IPbGC5;uCjZ~J<_N44y0xq&h~Sf@#WUmR;Yr5&!g zm$UufO7?Yp;2(~4e2O^#O(`P+zm(DcCs4+@g#XXy*ZQ|<_Qm)wEmv0FPYg(R91!w8 ziLx46*MRqyMp*mFDV5&SMZBWpDAcg6`(I)%msdMC#ACkg*ot*ZGjP!BYLz8%!i-vC zKKad@Cmu)KM(}5jeJdlgeSamjBcUcSU$sLDfWC2{1c`nSFu{o3z$yGIqije} z!QPBKKA{##ERvl1XPw%+;-(ojd4ukm|CfSomtj$O38D@U28g&-*8bF(tK1z(fT`J5 z;7)^|;Tq~_+3p|Ig#jQ|X}|mE|41$5WwbJ@>XPmHJNZE^l^h(RW4S5hy!ZoS{ z+sVH6xvcfEuD+3qM#A3uO(++o7`6@rwd`L+JIwR!{d5@qWOzle^?&&{zH2IoPU%LR zRaQ5XY}dlfs%qLIuhb$A>8)*g0&`J7`0gv044= z-ra8r55Ev*KC=zyu#|r5)SJErHeEq8e3nz4hSE|;qgy#QvWcQ_TwR?# zd(RjQXdY7V=iAw89=4S3t{C=US<$t{%4Nb5-Kt_z6$3bh>{?)SNEcQ`RmYXtua+LQbh4G^JcXV76{r`tBk@XsVDvrME7`ECWt*?k8r(dxsS; zI)hPOuc6#>!EP~Ua=H{4*@5FwnXed5v}Oi`DMuKzp1Kx=6dUy^LNoh&aEVC0^MFZK z8u*prqoRwZ#uIi$3($gwSM>TmM$c-^#Hqo{igmX28vy>l>K z@#R^-yRx7u%YnsBViSwlB2QmBYcON8d?2$>+BIlT({EjbL)JzFS6|9Te}V?$IT*=; zh#WCAO9ieCI)(zCiIS$ZC4>T?fs*DK*lnRo;trTg6XGERga+Rm?w*Krs;Q!-Wtlvf zgi>vbH6+tSf0%`(6)=NE>Q)hSlNqv_JhI0*FTvl${ut*;^+_Jp?%NAiM(WVzM;WWZ8re9S+ zOGT^#lb>u-80e=qA1%zkrzc>Wj40ME&+!vZT)IHeABUB?&7t!rVd|f@5ofWX6&$uQ z#_q+XszV?po03333^L!&{~z&#P|AV3_bJW1jpwHxD%!3iGYucwLtzk4v__+-=T8HS zWejl>4zJZJnx+QI4MA9a-)?F~t@y?MQmI2$L(Rz3H}^-+H2{HtC&p%_3;jp5?3HyI z@;lm$eB~8AoqPg5Nr4Rvr$Q6_aZu427n|^uF7yGqMW?!#+Qc4sXu_{BTYr)aCQ>z* z$`9EF)rz~QD(6|)HWfRANvv^`nA!Z<${%Y@8Ogp})41c{Mdp5?KN)iCyU&ip5b@UF zb2ePnHpn8GNcCxj_>U@Q<~c{onK2y|5x)GeT*Z8!_SCZ_+#Nl}=*M7G8Hsu=4tTKY zc^AhEg+HNLi2Ui zv@wBB3GrX+W%4LYmA9?yzy*hnuW%}pGFqhj(B^W^&lfnptun3RTbkgvHfZfG2-JV^ zKQ2)>YrOyPKkWU`^9FJH4jIe(nGfet=1>@Y;@O)}Vc1vjFai^rncMj04dY%GJf(FL zBWR9lfrs5BUMzF#rb}&kgLri52^Lvp^ody1c9}w%=6JeYF7ge^?79OyN= z2Wn_%1joSKwn=j5FRj!0(X$d2x{YA;b3zH@iALhZ_!NNz(m`UJh8>H(6{*vPmn$e+qJ zY?3pC{vyz`=3sy|EOLDW-qGd}tD>qIU@38pof?RAGp*y+NDumqGdJY`vM`FNR7ftD zj^h;(HFN}5s*H~7)E;%?Q{Q^|V}xPc$JN3mGP0H<=i&BZ+wgTTQTYucWQCW?vh)qS zA4~oZ1JpVz@+m~ZkE*Vj*Z8>LCeGB>cQP-nYdrbcglkE@c*K^hkIJRZ@8PKQD$7d1 za&oyBY4MXJu01=?F_Gap9&bka2!punCopuXSj|uzsEn|&a3hw~^SpwvHUtH@H7;sQ4L8zCf?n42S1AR3U&4d+4Q*s76)mT2JT-S7M2Cm93 zdzO0q*e}JrD4HL8gE$AR+PR6~+)Z!zP#hXxEd9avv;|rgzUPi{1ptRXUuCEBhpV_lTfnJUO8 z)F#qvX)bj}R%M3eE2O6wo^`4ipEIlx&Y95*V9Fdwq`ieC3p_|`6T883aI>oJFh#_i ztVlil=}JMU|0vt)&(^w8=U5+vIMQARqNr2+7)jFx4P(v#E*z=yKMDn@4D@-GQuCdMOWyunk~QSfE#>>x6a3ORr2+4gXOWC#?O*F{QoxbD-^ z&IV6+$9QS7rqi(Zr{p8H4ie1kc6NT@t%-d#6|_DuE0>oO$4A8&NY+ ztfQMUme=5VY%Tu@yWZhx7f3ucHRRE^RsHRnxj3R-Q;84FbNrg|swk?#R*^gNsDTlE zI%aaWOzXiwm{Kojrk4kGQNCCSzVR+RB`6bWnzg%g!(iDqe!sy}0 z%tZ3@Ib=%L&O&>}FdIOp-hXEVkwV8C&1{cDojQcZ=+{MpV6Kg<$exRGR+@V+hmH@4 z;H`Q*MIj%0yQ(t_YVQK8xE% zj?_2+vmfZ(82#92ipvH$q=wU_4;*xaF<@AyDkMkrgb z>??IXW@@9BfROzwaeiG20QFUQZ|%U*MN8@9$q$`6ifHG>t_{ND!!x}WVf}%(tf(ol zo#FN>qNtoOKmbvE*X?q6@-r|cup(ZPY zNIEr)8Dkj%>G&1&2rDZnKioCfw+Ouwzxt7lhO2CeI-SZ_oM&SAgXj88#{hY-Bd7tM zD2i+kw(&uX3*C#4m42yvdJ)YRxo*EcLx<`0D81vPXBD2P zZgM;;C%K5^=s$RwNX1YlvOQ>JJ(^>Nb#EAEN@PCqsVgVT8{ITXP)#hWQfv^#ddH?z zNh_5)bK@0BL~A+ptYVT!RhEuhLe6%p{J?2R2rYDp=t1VDxh`jO8EgvnHZx`qcQC^3 z*qXR5u+2QcWUM``Q~=2c5$aVSvDtj@uk`Ie)RN}t0KHQXuK}pK^og@K$2F5Pr9}}9 z5y%UEae82x1BQ%V^~>^`Y{NY|FRf^lL6)6)wxxv$N)wBWV48dEbAi1^^h8#8iC1(G zX~OlGmZn^LmiF@&q_aj1$vuU-LBEL%@AG4;^^}XL-fAhf&r+1@t1R>hIjb%=rnzBh z2=w8_s1;DM%}{e0{kN}f5w%Y^@u;d%N>;@B8XwZa)X?g>Pp_~ofgH1M@gH?BC<%)g z{E^y-BaGPcxpIlk3a)I4vnth179ZKhLath)BZfob2<6txg)K;k*zsLo!dUW%7HkX{ zrMBNczrP;_a8lG=YH!rwzQ+iNqTrsvuUhhhRV((Gs@N=);;3K@fAYfPC-q>}=CUOb zcG%B=mhvDiU7viMQ;U0Px?8Yc3JhD)x%SkcGPYaL+*Jm96AktelxqSe!WSZNR1Z2W zV#zv!kK@wEiPfR4Y~JOn;=@T4_# z-UX5^40Wui33Cx@{(AaRU(XUEhfT82@OFTUdRYU06BW~=1H^K`l#xP>b7s~#s9bQL zYVn9F=D~~Is+WMeq3EKfAz+?`Hju{58UEfhL|*L*F`b%scqnzcwFS@e0Byh84kZ_n zIxk~EN+py&pe{{_OoZN1q%N=Wz&~chzu7wWVa}-Cprx8#-6sFjTIzyIF(W+GxOGQ* zRIYyPsztohp#AR$NQ)N3NYct)=9#L@$@TLojZ)ewWh4bGYw`}t#NQ(_&@*KpLCXLz0fasvmd$ACVbt>qXLQLv)q1waH#g5V z<-`hK)^wEF7iY{fpM$f=&adcx*$4*6w4Q8M=+Z{- z_N*GAJde|qfO<5V44$hGn+k?>-k+xq zH+kV)=quT=MXCvgE3}6*T1<7$^`~N>lqk{G{0186OLXl4s{ zzpM43)4Tv(&hip0(d*UqC3M&Ez_+EhR21tAlMI~fTlJ|b4Ko6#p)4IeRNrA-Zhz!J zK*_xh>w@^SbxMB5y_t7nP|!mvoIHLQMd)W<+d^)yC{({*n9e(?{T2W9 zk%rxWb);^$`ng#NN&fv^wb`%9Qc+dP`ouJ2T5`du#WvPAV450QvTUQNsmEg58iJCm z>{NqqaT9t027*`hv{%c5zwq6Ep6)X%rm`bs%XKuGN;`rAz|Z|?U;+5O*MUm|`04yp zmwW>-dlC9M=)3U*2LOlyS=<7(!Qm4i4;%%7>%p-t5iIXu#O&Ft{4tOL(@Pq>G>3y8 zjHr-Mv3hWuB9LrsIOLK_@s!f_%DvwNc^*-p5APy;60NpnSg{PU((YQZuJiHPdGpr@ zVgUZy4j``_a!&OrrfVUnm|m?J>D^R|;$w80B&ra$t&e;^*QSC)3Q#m)#g**z>031@ z+H6-(IpNFrDBV7o|Fp>2c(5!9OQ;I{{^$B)of#M{W^FRe`w=xY<(B2mgnGw!zsLRg z@8*u0e&?8At-qU}#x><%=iizXO|tncr)?TOWyBXd?}hS>Sm)G|Y>c*y7~~AN@oGDn zaHF`;8L4vFhcS}WDp@FPLlG$5FV0I60zVptI@han-|Roiy~$hH_7blpn|q9m3fg&UZuqq>cIU4d&e!TUNfZYa~3*#~smt8CA z?k)5q1HGEpo-7|s&PMA}ZB82@3=)pKii3Nw08vSVuw++HgpQm3ozanU$GLcXPHbeDEKNRa^qq`x+Df3Di+QRC4`s%;9owZId6quSx;CWgQ zp7qz&&3oc*V3g9EB4+#nz~LLxMX{G>FrZ|*?$fgdoE!qKoe?GP8RG=E1gGi!yhE37!*oSeIPI`l>?Vu+-1K@r{?I;~#`X)2&#K%EDR^0HlQQk(4Jl zkEWohnlZ-ITDGfRd-=Q=UW~sXB+Tz`oB^$?onPc((5PKtw%*E8P|Z3&s=mPOgj22qh|DEe3A9Bb;YQ!lqNKBhy;uZ!;P zUg|+3v#n6Sf3KB9W)O+ZhM9%)l{gYZpT1R@&;DmD zJVfN-isy{6lMM^*bdI95SaQz9(>kE*U2f>G!FlNp`KX;>OFAW4Y|Gw$)hJybsLPX3 z<9HMUk@Hbq#R0f!3l^!Nvm?AqO)BSUX-*lt0nlKBB>beU$LVg%A>8c7Q5HT64`zrN zoGc3sg!s_y`})cq)!tdHGhE>}89Re8z5n-Ccv`Y3H+)Rr-T2k+Ul<$WZP1XK*`p^# z`O>1d>{7U9(Hc()%Xa2 zm>9|%H13ckiA0*cQoH_$F<0(^z%Q%jx(`;tzR2hNQL81jv8^dgaHi^|$7uu{4H;U- z?Kac(U|zrBkqH|Ay1s8Z=3GF~IY-kH0VM%3wz$N{fS~z5rMGJ)w~xhI;Zh$RD2Va8 zq9&)RN~x>UhC(>Til5y4ZSzpS&JM0WB-25r-$nI?$yNImX8hUO`K%2a_qAB3@<1ES zh~E04@sR9_1f+|`Y+(H~A_D>8An5T)L-El`aZPc4(FGL;rXxcKT7B3;X`FTF!FxYC z=VwNLe&25F!=2JI(2!DuB%iu_g#AxV7c|O>`|wMD;e9t-Bi(+(EJ!un$gFq^5g~Zu z!zkv=2QeU;{Jz3O zsuH*-1>Tvm!fi)?B;Q5{0fwy-I;UVxp9L3QUa1qx!+DHnM*TbAgM?A^FQKfR)aHh& zn@6W0e{YLGQOA&pRt+I+SDOGz$n}y4+W5Fb@OHtkXFfqMDXZttu`*yWJi4t^>8H=f(8tIKAtW!tlQsz25{l0v4rLO)rH z*y@TtJ+y8y)RF?YPwa31Og;pwm*~we9}yGAK^x)sn+PDM3D1CDrn5#l*PjgL?Korv z;o`GrZ#Pv(*Pm=UdT!f6kih-$>1a2}pSlu_#;2a*XxmwQc{o)nX-tnwwOJ)NZdTLr zSygo*3e49@$@lO+n#>*-1)-$)WnfV1yn=&@K*h%{X7{QY<%>3Kz~|>kAWh|ja>+Cr zjVzSu+;4*j_ZTbqD&Ipcs{H}}IwkLnsSZaMf(=NfnxtHq?j$EYhXyMMwZSViWQo}( z#pQ~h=;{>8rmi2MAT>w_PjeKHc+0OOOZwDsdYMLiJehK`IR`0Buf~6{5Epyz9<8cc zfaaO0ioQJ;1y-?N--h+x^S28Z=@s-5^<(Lz77@#&ZCW*v@F7SeOB{%d!4}3RlF5x= z<}}By^vX~=?2yA|Z`r-P&u!hcw?B{+;YJ#tghnFCijTX7Vslp0cQa@6t$@{0HBsCP zh?+$jie!mwE(g4405Wj2_kw7UMsmf6%p4~m!&5j6cA&(d-LF492R%oKTjAY`>$pN?KP}zGWka4Ux|s5l)+aaQtUtk$W3~6*uT`JIXQgGZ zUAN9-b`YJ@ha9+$N;m}#N4xE)p!{Gku7C}3s}*DXED1$x3cyH{<9cHq%>fe+P3+!d zyqzX4)TO7gBnVweib{wPRd9~|D?)owCW=53C@Ol~E_+&aFcVl-2j1C8AA|1zSu@UL zH!NVF%S|h3c_U^`&+e{Qx1eT=@<&6eg!Fi@2c{*?NwDb1x#D}0$-|Q(`6I2F8;e+z z>hmwi^(tB-AQ`)uO-^P$@Px+NJ;;9?d1~;qks9kw9qZ+?_K){o<9Rbf6RxQXY?O$b z-Bd}AI;#-MMdPtCKYQmnU0Aco@Dsjxq_IEEgv!MEvSi4^%%K|z zVUY35%QGa?(U2}e4>Bo1?mK>Z>F`TK0v0mkz5>q++LtN)(#w-WtJ2bqkFBgQ#lzV- zC7`%!pC*)TTL0R{Wqf=W+o@)0yFJN#U9TLzlS@JrWi!8Iivx~A zt`bewq=YP6ld$P@orJcYsb2C48&(!x4q|K~YL<>w)}l(oF*|AKE1hL%^A{-|nf@$9 zyuT)%M#Z9=D;^9oH#ka*sADZDwONmsWI8%b(At=vekIhOMCBk8*?YF_Xr*r@B*-tQ*hqS7P-Jm<9a-?auCjf>WUDA~-Z6KXOp47lQ`ww_DDJDIph;JC zB1y~z9CP9x>jDJjhmfVrt{4QmFG0YL;f)UHIhBlcC#fCVlMfAVgL#<D)@1zOgYJbPa!EmLsI)BX~8t1xrl9+?~eN#Jr9 zO2hX}zOz#{X9)}OaW~kfcG|AH^7W~>H6g2Il|C}+BtKg!UkqiSacjnB?o0r~!% z$l+-oX#VpS(DSxI16GUKTGiP6;Eev?1uA}iWGy?8+Si%Wpk7A%i`DVlV3mrdJfTi% zqPqz_eT*nrZe*H2uWAYgGFzHubD2qp-69x?`#Y+Nz4wBve)qpgq%t~$)OSh6X|LyB z`i%SpQ@7dO>C9@O`yLJ9183eq*A@HMP2n~-lt7i9Uur8jb8@f4!PmuofFnb+%rloJ zhc+ml$tH1)A-7i-^Ui#Ku7v&3@g-HgcH%RqscDePVB*xO{a=5y!_hm{;WP8Z8>RK`X;~;dy=}Jp z*0fh*qJBT)Lh!rLO*n}8TS}HN6Dui)D>{5e!YP@xrd$(UeY?l+a2!s<*~C7U1k)<~ z16#{e5<0_wvdc0Y>ZtBiML4yqaF)=)lg+g6szBX+7@go&dv?J3 z@0K!0liEn~QOYnzf)?u-l9``!;8UKb!nYncWyy~GD5#X4*uXpSW^g{~_4^?@F5d>) z|L9WszG=&#Sg4|1qo(OY14_!&)vsrqwaskNM5sIW$$dY=QraP^=KYTv^HfzsUsCr^ z+rRTl@Hq=l`V(8aJ@G?Yk+6|*lHIlEE%_IiFF0xQ2)oK856h!PG${o zk}jp90MvVal_@YmwQa+`2$r@DXnB#52&2C%h%L>G;$RtfRJx*0+SE0JNS2Lwx__Fu znii;d-w;JML!41WCyfsQ|4RkEdzG4LKQ4M*ljcIBk9G&z=fir83%P*X$7GCcwKl+aGUq)Od!U}%ZO&` z1)%oi-gV<5N5FsypjS76;%B4>bo|vmhIopJ6x65-Ka{CO#kc@2_%szJ4bIKn#9u2u z3FkjBwlh1VtGeSg8Xos$$!D^~>s0{^=cjBn@6d$_@b+*Xw)KIL~H#Cju6bFmkz^3*OiF*kc9uDZ`@$3$r z4e(E{k9P(uKxO;m1#;F10KpJ2KL~UzxCNj$%4^wuX{fFm0suKX#2j58NE-|`3OpVT z5D@NFys69cM9t3uoCX~xz&njM0Zb!?-zxaPJ6GWCJAfNa69Gi5j@g>07aUZKU=tfa z;0*9PrJy?EPD(WL`3Eq;<7OiWz(msg`)=6bK7HLAI=A;~_&hs0005xhG@1YCt9>76 zMIFvQ$1Xj>DVD#zK|3U%9{?3l2=FfeP$P$|)w*Za?zgm;-}|?h3Ez(oO<;x?=+^T# z|G+FCpc192r~wF|QUR_ISN7$%E{-1*FohK$s`aECF({a@qs^M`1*Y)ev~2}S=iB_F zxp7v-4FOroqkyl&6zNmb=NN%XpeL)*6M{|pzGBb{3&>IXYU23N%27^IA%_mL2v@xixcXVIY*P{ zt}A0C2e{V?slfqNSit>~47yIZ72d6m@fMKRw+sK3q^M+fs~uG5FF67fl<=BXSt00q z2Cyc}XO3hq>>w|q986&rV_~n|2fZyWv?zk3DZ)3L7}#UjHzzyEV`xYoCV+?J{%&C( z(S1!Kf?BQfEXQGO-dxq-ZqPjWo-VQ=6`d4dW-NfKv>r=6pq$TW;2E;-NISqa1dGR? zc%MNiHrs7$9y(Z*Y7l^Dx7{`{fG9g~S@FI|(;nNy8@D)ZAAM`zfV!}oHCgsKgdzZX z%HZaCN;c@2YA-G&bbYI_yf#f%2U z4T1xUdeQdtXT%>iO!GUSIVPhqPQRFAmbh5Qq-fhy-1(g>z_3Ka^|C z`MLc+0ZSFM>N8-{;uUnh5?P=Pbo#-Po23U92rKPHk7)~m9;_F8Zdmd($sa9$o*~k2 zgc-|ms~DByqh@dYKxzR~LOPtTAsibAf4r>TEL`oaV-_x@4%9G-IS%#|-a}Gtz!0A; zQq9dp4})&%7VgEfy3E7$h-*z+<${j^MLBD+5 zAl2OL>MpY@sK}Tu)OkB^D13Vp?pCORo#rv#i0p5127J&LHlquO=VyM7MQ$eDJJ=sI zXK6#pYb_k<4vgXFGN!LPI9;d(xq#FZD>Epfa1rvNKgha#xb8?_7_1JAi+Bd@#h2;R z2cnBpt0yF$WA^5|RUyYq#}EN4T692DFH{y6wZrxeQ@G-Vr99x_Go6P%)f)VA-uvGT3@fb-y03^d_=T*I5~Tg0Mm1y&Por{B-ZosfRKG~zvN?I@(G z<+kKTEK+195|qc!MeeQOy-Y!b_8F z-bqU%YKe(NjcYl56U(ZH_)cDj66pR`QPxl8wnjX$5<6W2QHi(g>RD;ss6vt!V=(IRQ=&x6;>EjDH^tGx*wu&J6(q(2TE zDW6M()0-xtE95Z;dX;B7HX@}~dgCU^HyWn^ePM)bj;>fVTt0hgp&F3Tev(orsnO+k zudTH&T`#3c4&$Q{!M4e2J2dCscsoiSL;IDh-f%5JW7vG^e0zB=Kzrim+b?-UTKQGc zfIpj0mDOg|jMs;UZ$dUmQ+oHlJ7n+Eqz}<%AR1~R3NM4_eQp(+N=PsF#Fs73_5;z# zxQPT8L`quTJY)Gy4Kb3sTYKsq+iY>E4iJ-F%|YB4&?{`%bt&0jBfAA1qvlMcsv4a< zr`PeP`vZL-5iOA=^@r2*?(N1?#O%`XPmXBx;m+y|IZM!>AI3orsd@NdH^Wud*NWmRD>$*`& z3jP>QHPGLK3wvstEru?df<*N(kPOsC>4m#{vY5>lXkQwDk zZeX?S2aJOI4{cx!@{)Mg8G&1?N0E@11EY~%RD)mZuO0_l$fP__zW?F7eR{Ca2uPCL zadep)K|A{(kv`vpy-KF}Vjup(@3igVapNrIhG(+0;Y;VrUegw#JZRfUoxsMuCjPiH zXoda2#_F|(5!g25qP4Hb05Prai+y;mX|hyvhAFVb>BG9Fz>=U3XPb~O+T!}6e`-Nq z>gRC%;rXUuNNs#kEOJ1qX#;+=|7Dp>(-wd1?y~+!_1c_4@N}xdyu15Hd)jHei$Qol zGX-}_OFum80}BsAXpe8IIpOr+>>Ya%LwNr0IIWYB)GSBjvScw9*HgS(n}orO1;$xL&O<)ChYcAvb&o&0qFhhdxuL4S8)IZb_ia z>`q|3tm6ju;`Lx%GjO!`F{$Q^=Ikix5eGf^oqj>zD>Js(sc)GiuPaN+tJ(MaM2SW3 z)f42u>Iz4ho8MWf4?pZLWPAIp!FD}J+r%S<{YVJ6ymtH9$N|mzbngUQFDO}WHy|R{ z4TSsjZPoh1bOwsB`4(V4?S`>@{pkzpE;75bU|dM{smBzQ3~#NXY1cf!UOcLpJj;{XOBT4Y|9IMMl!cjvTwV`Bv47ep2BB9FH zCuXX<$P#dRFf$rjE_1w$HI)g*NyZ3|kJmz^n?xhz``Lsti;Wa{!cy=)|3vex+uX*R zKj?~)>71ph63sL>z??W-{vrYQIyPWMj%Wz~$3CzNCwAW-TIq+Rp0+xx`wJ)C#cM&? z_e9bq;Q9jt_;4(;R6_djN-mPdJzU>cv^bGSFC70yP%a@qljcQi6_=MhyRhO}>A5I^s8USp;+0n+5~_UvNp|qlF)!Z^j(8KR;U*is1dKAc9-@WZ7nA$8aHsI@Q?!tBV)lr; z)h8ZOGqn7?&ZG=cI)nzs>}3K1p9 zALmKq@-FPgjp7mLH2IRtKKjDyEmush?1)8N%O&KZnqHhCUN=Y&UpXV%5W&lN`r@jj zzj9D2o`qe48w`M0GN12*iXkCM>qGr%qLiX>{C7@ya^YP7Ma==|3x{bC_ zx&+MNW#S|vihS6RgePGMV0=AMxK4H|GIrdF6Hb+Rx)nQ}DkP;x9b{RF)Dh1cuBV+| z2dSL`D1M2RRej)K329u-=3`6mBk1UYqT-}+4U>PC#{TLLt`}=ua99F7`oq2S9}z_j z$E2EX%J1&6!>_t&08oh=VYdf2VCH#0iO57g>;pdC`cW;dzWlA2OzMcBJQ8ryzmrU{BfT)Pma}kUNtmAq8cQe>GAV zyRT`#^o9<7h!#}lXak;H&<25-n%PE@Q{Yg4c&?Z{U|h{8I-eYwvRxvo+U5Ls{R3DW zE{nC3XRM4sYrI&AmxZPIfoK{F)&E|0=dTy4r}{lcw4s7AKuj*YJs}c2NCjF@&Fts; zLaAoMed!c%&en%-@AFayzen@CY~XUg~)>X>kl~hg1i(i$rf1F=;=!s~2jcqIu1g>}z6#joa); z!f3l_wzmddrsiWHwExo(YM!=<_qIWtGz`K~(2&%_NPPK$4Sf^2PlJ=vce)l@7d6X@2m2i8bw>T3? z*YI+WO^TQjSwENB3(^M%Of{=lnhr46avGgIR9sP#K+CkP9|Ce7AU>kHq%)Z_OVgeg zFTG7psgu@5FkOJj!2y4qAvq1(GhT>0coIIvy`OaU*-qr*5&}Uu``3-thm$?^PmHJZ z;*^HjXPvcv`ok4s3LHZtf(5%au4%YxN_Z)}Zp5rhA}(pshV;R&YI_bXXn>)rP}paU z^xgSr8WHF$?X59)!+6bUKEM768LW73cz2{Z5z+^)rkdKtw;ZxQ#(AV=Pb&#SMmN5= z{)ZSs6~!q$5%`jeUSwC{c4=3@IjCwRf_H||iyN*+Y^){`*1N`G-FP6PM8~V!t@OTa zRRNn3q4RaqaY9prXxKC+`EvCW1DziW17AWH9@JLA_n_Oor!+>yL%xMYc2zZxt(#1M z9%3$bVmi!D%`6^tK7(9Z*yws?qw}Rq19&9oU0|T6J_rb#{hGQ=N5r1;L$tV}sJONz z?6`W+$9wmoy;1d*oZT%m*Nr5>bu)$%K!F*tI{2kmB*QAf%E7+m9jC^p_SMW54wcWHF_-{MGR*7!`)X*5 z8}R$htNOu`O;bt8tJ_TS2T{H@l-0B!fP25jByMrcmz5Z5=FsMSj9uP1Ra&{^wtV>F zh^wU^PCDYi8}|VkTd$VIoj3fk=*05Zo;8MxKho;omYUXGgpW7+OoYrQKA(vLu4X!E zRU1DLH>M0bw|kScc3%A-*K&*PG6wNEewxm5)|zsgQnRkM>D&Pv}GT zXt=7vKkn(?_=((#mUzul&!q73#GEHpiJpU>&y6*0smUH54IitF(g%Rj3-J`Y_o zR(QwH+zkK#v!^>vJNbjxhW~4yx&J>sD*QjO_!BHWUU+cO_h_Sg|4(aMYdh;t{6ELr z+SvZ*|M_n`%4?dH5fv5`2bcNS&-olSOTfYWyW99-5|K!u3|H|`W@7j5P#l%_E zKsR+eWuy)a@n$O1zG1h$`EY`R6*)0kew1)d2o@&69^D>Z>8r>P!wz8t1%*?>nS!=k zQxxv&tv&1TibzqJQ`?`%3E@tn7^}jbG4WGW1-GV4X~mKoQ$S&~rm|MVtY8U4TLZs* zIKf;Fo5>caL{<;A+ixPr(&=z~0+~EZ7Khp~ajNKlX) z(}%|tbd3RSNKg=kj}_{S2W)UXqTti&oo^)T2;y6Zr*a0hh3iej0$i}mB>whvY9k(- z<^CCdGTC;b+|4MzHq#!ug%(rIcbFK6escs_54pxqLncr%ZsTf-?UU8GJgT zgo@pqZoy#tTD13y`tKp0!R0b|!Jo{M>1-^ir~{YlfPVWblw0J++Q>ffZ3W2lfnq*geWeT?AQvwJt=9IkXy4aDm!FJaZujQ&_3xq;B&lH@TV-+_UfPD zvNmJ}GlMzGyM_IJmn?YQ}@Pm$UF?w`PB5G$C~6JsjMd@Bx>S6O}o zTcYYMgwO1NFKesMnXmobKZvg{;JtqcYhTWJZRm30p!|of%>)WloEhfBWco5YN=56j z6Fz6X4lln6mt7fZOPJmP98Tchw9`HzO{fCM*J>YSAHJ{h=>+sU=$@Vs^%=jmA|-(3 zAE3-1iskcEg&edDh0&qVS7WL5z9={Bx--YNE9Mk8zO&dqJk$o_E3+PRgIGQc40&UF zYVrRRg&e-Xi75!>@B&q0ul@7a;7tLA|98OrUn1lCSTdc4^F0lj&Vc`(?zK^&OKf`9 zCEt$9?_kG#Eke6iCf|a|uhu1BjmvMhV!jZAf8U7t1d*THF#k5+eJ=~=1.21.0-0' + catalog.cattle.io/release-name: dynatrace-operator +apiVersion: v2 +appVersion: 0.8.2 +description: The Dynatrace Operator Helm chart for Kubernetes and OpenShift +home: https://www.dynatrace.com/ +icon: https://assets.dynatrace.com/global/resources/Signet_Logo_RGB_CP_512x512px.png +kubeVersion: '>=1.21.0-0' +maintainers: +- email: marcell.sevcsik@dynatrace.com + name: 0sewa0 +- email: christoph.muellner@dynatrace.com + name: chrismuellner +- email: lukas.hinterreiter@dynatrace.com + name: luhi-DT +name: dynatrace-operator +sources: +- https://github.com/Dynatrace/dynatrace-operator +type: application +version: 0.8.2 diff --git a/charts/dynatrace/dynatrace-operator/0.8.2/README.md b/charts/dynatrace/dynatrace-operator/0.8.2/README.md new file mode 100644 index 000000000..60ae0d5f2 --- /dev/null +++ b/charts/dynatrace/dynatrace-operator/0.8.2/README.md @@ -0,0 +1,33 @@ +# Dynatrace Operator Helm Chart + +The Dynatrace Operator supports rollout and lifecycle of various Dynatrace components in Kubernetes and OpenShift. + +This Helm Chart requires Helm 3. + +## Quick Start +Migration instructions can be found in the [official help page](https://www.dynatrace.com/support/help/shortlink/k8s-dto-helm#migrate). + +Install the Dynatrace Operator via Helm by running the following commands. + +### Installation + +> For instructions on how to install the dynatrace-operator on Openshift, head to the +> [official help page](https://www.dynatrace.com/support/help/shortlink/k8s-helm) + +Add `dynatrace` helm repository: +``` +helm repo add dynatrace https://raw.githubusercontent.com/Dynatrace/dynatrace-operator/master/config/helm/repos/stable +``` + +Install `dynatrace-operator` helm chart and create the corresponding `dynatrace` namespace: +```console +helm install dynatrace-operator dynatrace/dynatrace-operator -n dynatrace --create-namespace --atomic +``` + +## Uninstall chart +> Full instructions can be found in the [official help page](https://www.dynatrace.com/support/help/shortlink/k8s-helm#uninstall-dynatrace-operator) + +Uninstall the Dynatrace Operator by running the following command: +```console +helm uninstall dynatrace-operator -n dynatrace +``` diff --git a/charts/dynatrace/dynatrace-operator/0.8.2/app-readme.md b/charts/dynatrace/dynatrace-operator/0.8.2/app-readme.md new file mode 100644 index 000000000..844c96dd7 --- /dev/null +++ b/charts/dynatrace/dynatrace-operator/0.8.2/app-readme.md @@ -0,0 +1,5 @@ +# Dynatrace Operator + +The Dynatrace Operator supports rollout and lifecycle of various Dynatrace components in Kubernetes and OpenShift. + +As of launch, the Dynatrace Operator can be used to deploy a containerized ActiveGate for Kubernetes API monitoring. New capabilities will be added to the Dynatrace Operator over time including metric routing, and API monitoring for AWS, Azure, GCP, and vSphere. diff --git a/charts/dynatrace/dynatrace-operator/0.8.2/generated/dynatrace-operator-crd.yaml b/charts/dynatrace/dynatrace-operator/0.8.2/generated/dynatrace-operator-crd.yaml new file mode 100644 index 000000000..04d3bd72f --- /dev/null +++ b/charts/dynatrace/dynatrace-operator/0.8.2/generated/dynatrace-operator-crd.yaml @@ -0,0 +1,3093 @@ +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + controller-gen.kubebuilder.io/version: v0.9.0 + name: dynakubes.dynatrace.com +spec: + conversion: + strategy: Webhook + webhook: + clientConfig: + service: + name: dynatrace-webhook + namespace: dynatrace + path: /convert + conversionReviewVersions: + - v1beta1 + group: dynatrace.com + names: + categories: + - dynatrace + kind: DynaKube + listKind: DynaKubeList + plural: dynakubes + singular: dynakube + preserveUnknownFields: false + scope: Namespaced + versions: + - additionalPrinterColumns: + - jsonPath: .spec.apiUrl + name: ApiUrl + type: string + - jsonPath: .status.tokens + name: Tokens + type: string + - jsonPath: .metadata.creationTimestamp + name: Age + type: date + name: v1alpha1 + schema: + openAPIV3Schema: + description: DynaKube is the Schema for the DynaKube API + properties: + apiVersion: + description: 'APIVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + type: string + kind: + description: 'Kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + description: DynaKubeSpec defines the desired state of DynaKube + properties: + activeGate: + description: General configuration about ActiveGate instances + properties: + autoUpdate: + description: Disable automatic restarts of OneAgent pods in case + a new version is available + type: boolean + image: + description: 'Optional: the ActiveGate container image. Defaults + to the latest ActiveGate image provided by the Docker Registry + implementation from the Dynatrace environment set as API URL.' + type: string + type: object + apiUrl: + description: Location of the Dynatrace API to connect to, including + your specific environment UUID + type: string + classicFullStack: + description: Configuration for ClassicFullStack Monitoring + properties: + args: + description: 'Optional: Arguments to the OneAgent installer' + items: + type: string + type: array + dnsPolicy: + description: 'Optional: Sets DNS Policy for the OneAgent pods' + type: string + enabled: + description: Enables FullStack Monitoring + type: boolean + env: + description: 'Optional: List of environment variables to set for + the installer' + items: + description: EnvVar represents an environment variable present + in a Container. + properties: + name: + description: Name of the environment variable. Must be a + C_IDENTIFIER. + type: string + value: + description: 'Variable references $(VAR_NAME) are expanded + using the previously defined environment variables in + the container and any service environment variables. If + a variable cannot be resolved, the reference in the input + string will be unchanged. Double $$ are reduced to a single + $, which allows for escaping the $(VAR_NAME) syntax: i.e. + "$$(VAR_NAME)" will produce the string literal "$(VAR_NAME)". + Escaped references will never be expanded, regardless + of whether the variable exists or not. Defaults to "".' + type: string + valueFrom: + description: Source for the environment variable's value. + Cannot be used if value is not empty. + properties: + configMapKeyRef: + description: Selects a key of a ConfigMap. + properties: + key: + description: The key to select. + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, + uid?' + type: string + optional: + description: Specify whether the ConfigMap or its + key must be defined + type: boolean + required: + - key + type: object + fieldRef: + description: 'Selects a field of the pod: supports metadata.name, + metadata.namespace, `metadata.labels['''']`, + `metadata.annotations['''']`, spec.nodeName, + spec.serviceAccountName, status.hostIP, status.podIP, + status.podIPs.' + properties: + apiVersion: + description: Version of the schema the FieldPath + is written in terms of, defaults to "v1". + type: string + fieldPath: + description: Path of the field to select in the + specified API version. + type: string + required: + - fieldPath + type: object + resourceFieldRef: + description: 'Selects a resource of the container: only + resources limits and requests (limits.cpu, limits.memory, + limits.ephemeral-storage, requests.cpu, requests.memory + and requests.ephemeral-storage) are currently supported.' + properties: + containerName: + description: 'Container name: required for volumes, + optional for env vars' + type: string + divisor: + anyOf: + - type: integer + - type: string + description: Specifies the output format of the + exposed resources, defaults to "1" + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + resource: + description: 'Required: resource to select' + type: string + required: + - resource + type: object + secretKeyRef: + description: Selects a key of a secret in the pod's + namespace + properties: + key: + description: The key of the secret to select from. Must + be a valid secret key. + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, + uid?' + type: string + optional: + description: Specify whether the Secret or its key + must be defined + type: boolean + required: + - key + type: object + type: object + required: + - name + type: object + type: array + labels: + additionalProperties: + type: string + description: 'Optional: Adds additional labels for the OneAgent + pods' + type: object + nodeSelector: + additionalProperties: + type: string + description: Node selector to control the selection of nodes (optional) + type: object + priorityClassName: + description: 'Optional: If specified, indicates the pod''s priority. + Name must be defined by creating a PriorityClass object with + that name. If not specified the setting will be removed from + the DaemonSet.' + type: string + resources: + description: 'Optional: define resources requests and limits for + single pods' + properties: + limits: + additionalProperties: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + description: 'Limits describes the maximum amount of compute + resources allowed. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/' + type: object + requests: + additionalProperties: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + description: 'Requests describes the minimum amount of compute + resources required. If Requests is omitted for a container, + it defaults to Limits if that is explicitly specified, otherwise + to an implementation-defined value. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/' + type: object + type: object + serviceAccountName: + description: 'Optional: set custom Service Account Name used with + OneAgent pods' + type: string + tolerations: + description: 'Optional: set tolerations for the OneAgent pods' + items: + description: The pod this Toleration is attached to tolerates + any taint that matches the triple using + the matching operator . + properties: + effect: + description: Effect indicates the taint effect to match. + Empty means match all taint effects. When specified, allowed + values are NoSchedule, PreferNoSchedule and NoExecute. + type: string + key: + description: Key is the taint key that the toleration applies + to. Empty means match all taint keys. If the key is empty, + operator must be Exists; this combination means to match + all values and all keys. + type: string + operator: + description: Operator represents a key's relationship to + the value. Valid operators are Exists and Equal. Defaults + to Equal. Exists is equivalent to wildcard for value, + so that a pod can tolerate all taints of a particular + category. + type: string + tolerationSeconds: + description: TolerationSeconds represents the period of + time the toleration (which must be of effect NoExecute, + otherwise this field is ignored) tolerates the taint. + By default, it is not set, which means tolerate the taint + forever (do not evict). Zero and negative values will + be treated as 0 (evict immediately) by the system. + format: int64 + type: integer + value: + description: Value is the taint value the toleration matches + to. If the operator is Exists, the value should be empty, + otherwise just a regular string. + type: string + type: object + type: array + useImmutableImage: + description: Defines if you want to use the immutable image or + the installer + type: boolean + useUnprivilegedMode: + description: 'Optional: Runs the OneAgent Pods as unprivileged + (Early Adopter)' + type: boolean + waitReadySeconds: + description: 'Optional: Defines the time to wait until OneAgent + pod is ready after update - default 300 sec' + minimum: 0 + type: integer + type: object + customPullSecret: + description: 'Optional: Pull secret for your private registry' + type: string + enableIstio: + description: If enabled, Istio on the cluster will be configured automatically + to allow access to the Dynatrace environment + type: boolean + kubernetesMonitoring: + description: Configuration for Kubernetes Monitoring + properties: + args: + description: 'Optional: Adds additional arguments for the ActiveGate + instances' + items: + type: string + type: array + customProperties: + description: 'Optional: Add a custom properties file by providing + it as a value or reference it from a secret If referenced from + a secret, make sure the key is called ''customProperties''' + properties: + value: + type: string + valueFrom: + type: string + type: object + enabled: + description: Enables Capability + type: boolean + env: + description: 'Optional: List of environment variables to set for + the ActiveGate' + items: + description: EnvVar represents an environment variable present + in a Container. + properties: + name: + description: Name of the environment variable. Must be a + C_IDENTIFIER. + type: string + value: + description: 'Variable references $(VAR_NAME) are expanded + using the previously defined environment variables in + the container and any service environment variables. If + a variable cannot be resolved, the reference in the input + string will be unchanged. Double $$ are reduced to a single + $, which allows for escaping the $(VAR_NAME) syntax: i.e. + "$$(VAR_NAME)" will produce the string literal "$(VAR_NAME)". + Escaped references will never be expanded, regardless + of whether the variable exists or not. Defaults to "".' + type: string + valueFrom: + description: Source for the environment variable's value. + Cannot be used if value is not empty. + properties: + configMapKeyRef: + description: Selects a key of a ConfigMap. + properties: + key: + description: The key to select. + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, + uid?' + type: string + optional: + description: Specify whether the ConfigMap or its + key must be defined + type: boolean + required: + - key + type: object + fieldRef: + description: 'Selects a field of the pod: supports metadata.name, + metadata.namespace, `metadata.labels['''']`, + `metadata.annotations['''']`, spec.nodeName, + spec.serviceAccountName, status.hostIP, status.podIP, + status.podIPs.' + properties: + apiVersion: + description: Version of the schema the FieldPath + is written in terms of, defaults to "v1". + type: string + fieldPath: + description: Path of the field to select in the + specified API version. + type: string + required: + - fieldPath + type: object + resourceFieldRef: + description: 'Selects a resource of the container: only + resources limits and requests (limits.cpu, limits.memory, + limits.ephemeral-storage, requests.cpu, requests.memory + and requests.ephemeral-storage) are currently supported.' + properties: + containerName: + description: 'Container name: required for volumes, + optional for env vars' + type: string + divisor: + anyOf: + - type: integer + - type: string + description: Specifies the output format of the + exposed resources, defaults to "1" + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + resource: + description: 'Required: resource to select' + type: string + required: + - resource + type: object + secretKeyRef: + description: Selects a key of a secret in the pod's + namespace + properties: + key: + description: The key of the secret to select from. Must + be a valid secret key. + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, + uid?' + type: string + optional: + description: Specify whether the Secret or its key + must be defined + type: boolean + required: + - key + type: object + type: object + required: + - name + type: object + type: array + group: + description: 'Optional: Set activation group for ActiveGate' + type: string + labels: + additionalProperties: + type: string + description: 'Optional: Adds additional labels for the ActiveGate + pods' + type: object + nodeSelector: + additionalProperties: + type: string + description: 'Optional: Node selector to control the selection + of nodes' + type: object + replicas: + description: Amount of replicas for your DynaKube + format: int32 + type: integer + resources: + description: 'Optional: define resources requests and limits for + single ActiveGate pods' + properties: + limits: + additionalProperties: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + description: 'Limits describes the maximum amount of compute + resources allowed. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/' + type: object + requests: + additionalProperties: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + description: 'Requests describes the minimum amount of compute + resources required. If Requests is omitted for a container, + it defaults to Limits if that is explicitly specified, otherwise + to an implementation-defined value. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/' + type: object + type: object + serviceAccountName: + description: 'Optional: set custom Service Account Name used with + ActiveGate pods' + type: string + tolerations: + description: 'Optional: set tolerations for the ActiveGatePods + pods' + items: + description: The pod this Toleration is attached to tolerates + any taint that matches the triple using + the matching operator . + properties: + effect: + description: Effect indicates the taint effect to match. + Empty means match all taint effects. When specified, allowed + values are NoSchedule, PreferNoSchedule and NoExecute. + type: string + key: + description: Key is the taint key that the toleration applies + to. Empty means match all taint keys. If the key is empty, + operator must be Exists; this combination means to match + all values and all keys. + type: string + operator: + description: Operator represents a key's relationship to + the value. Valid operators are Exists and Equal. Defaults + to Equal. Exists is equivalent to wildcard for value, + so that a pod can tolerate all taints of a particular + category. + type: string + tolerationSeconds: + description: TolerationSeconds represents the period of + time the toleration (which must be of effect NoExecute, + otherwise this field is ignored) tolerates the taint. + By default, it is not set, which means tolerate the taint + forever (do not evict). Zero and negative values will + be treated as 0 (evict immediately) by the system. + format: int64 + type: integer + value: + description: Value is the taint value the toleration matches + to. If the operator is Exists, the value should be empty, + otherwise just a regular string. + type: string + type: object + type: array + type: object + networkZone: + description: 'Optional: Sets Network Zone for OneAgent and ActiveGate + pods' + type: string + oneAgent: + description: General configuration about OneAgent instances + properties: + autoUpdate: + description: Disable automatic restarts of OneAgent pods in case + a new version is available + type: boolean + image: + description: 'Optional: the Dynatrace installer container image + Defaults to docker.io/dynatrace/oneagent:latest for Kubernetes + and to registry.connect.redhat.com/dynatrace/oneagent for OpenShift' + type: string + version: + description: 'Optional: If specified, indicates the OneAgent version + to use Defaults to latest Example: {major.minor.release} - 1.200.0' + type: string + type: object + proxy: + description: 'Optional: Set custom proxy settings either directly + or from a secret with the field ''proxy''' + properties: + value: + type: string + valueFrom: + type: string + type: object + routing: + description: Configuration for Routing + properties: + args: + description: 'Optional: Adds additional arguments for the ActiveGate + instances' + items: + type: string + type: array + customProperties: + description: 'Optional: Add a custom properties file by providing + it as a value or reference it from a secret If referenced from + a secret, make sure the key is called ''customProperties''' + properties: + value: + type: string + valueFrom: + type: string + type: object + enabled: + description: Enables Capability + type: boolean + env: + description: 'Optional: List of environment variables to set for + the ActiveGate' + items: + description: EnvVar represents an environment variable present + in a Container. + properties: + name: + description: Name of the environment variable. Must be a + C_IDENTIFIER. + type: string + value: + description: 'Variable references $(VAR_NAME) are expanded + using the previously defined environment variables in + the container and any service environment variables. If + a variable cannot be resolved, the reference in the input + string will be unchanged. Double $$ are reduced to a single + $, which allows for escaping the $(VAR_NAME) syntax: i.e. + "$$(VAR_NAME)" will produce the string literal "$(VAR_NAME)". + Escaped references will never be expanded, regardless + of whether the variable exists or not. Defaults to "".' + type: string + valueFrom: + description: Source for the environment variable's value. + Cannot be used if value is not empty. + properties: + configMapKeyRef: + description: Selects a key of a ConfigMap. + properties: + key: + description: The key to select. + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, + uid?' + type: string + optional: + description: Specify whether the ConfigMap or its + key must be defined + type: boolean + required: + - key + type: object + fieldRef: + description: 'Selects a field of the pod: supports metadata.name, + metadata.namespace, `metadata.labels['''']`, + `metadata.annotations['''']`, spec.nodeName, + spec.serviceAccountName, status.hostIP, status.podIP, + status.podIPs.' + properties: + apiVersion: + description: Version of the schema the FieldPath + is written in terms of, defaults to "v1". + type: string + fieldPath: + description: Path of the field to select in the + specified API version. + type: string + required: + - fieldPath + type: object + resourceFieldRef: + description: 'Selects a resource of the container: only + resources limits and requests (limits.cpu, limits.memory, + limits.ephemeral-storage, requests.cpu, requests.memory + and requests.ephemeral-storage) are currently supported.' + properties: + containerName: + description: 'Container name: required for volumes, + optional for env vars' + type: string + divisor: + anyOf: + - type: integer + - type: string + description: Specifies the output format of the + exposed resources, defaults to "1" + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + resource: + description: 'Required: resource to select' + type: string + required: + - resource + type: object + secretKeyRef: + description: Selects a key of a secret in the pod's + namespace + properties: + key: + description: The key of the secret to select from. Must + be a valid secret key. + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, + uid?' + type: string + optional: + description: Specify whether the Secret or its key + must be defined + type: boolean + required: + - key + type: object + type: object + required: + - name + type: object + type: array + group: + description: 'Optional: Set activation group for ActiveGate' + type: string + labels: + additionalProperties: + type: string + description: 'Optional: Adds additional labels for the ActiveGate + pods' + type: object + nodeSelector: + additionalProperties: + type: string + description: 'Optional: Node selector to control the selection + of nodes' + type: object + replicas: + description: Amount of replicas for your DynaKube + format: int32 + type: integer + resources: + description: 'Optional: define resources requests and limits for + single ActiveGate pods' + properties: + limits: + additionalProperties: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + description: 'Limits describes the maximum amount of compute + resources allowed. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/' + type: object + requests: + additionalProperties: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + description: 'Requests describes the minimum amount of compute + resources required. If Requests is omitted for a container, + it defaults to Limits if that is explicitly specified, otherwise + to an implementation-defined value. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/' + type: object + type: object + serviceAccountName: + description: 'Optional: set custom Service Account Name used with + ActiveGate pods' + type: string + tolerations: + description: 'Optional: set tolerations for the ActiveGatePods + pods' + items: + description: The pod this Toleration is attached to tolerates + any taint that matches the triple using + the matching operator . + properties: + effect: + description: Effect indicates the taint effect to match. + Empty means match all taint effects. When specified, allowed + values are NoSchedule, PreferNoSchedule and NoExecute. + type: string + key: + description: Key is the taint key that the toleration applies + to. Empty means match all taint keys. If the key is empty, + operator must be Exists; this combination means to match + all values and all keys. + type: string + operator: + description: Operator represents a key's relationship to + the value. Valid operators are Exists and Equal. Defaults + to Equal. Exists is equivalent to wildcard for value, + so that a pod can tolerate all taints of a particular + category. + type: string + tolerationSeconds: + description: TolerationSeconds represents the period of + time the toleration (which must be of effect NoExecute, + otherwise this field is ignored) tolerates the taint. + By default, it is not set, which means tolerate the taint + forever (do not evict). Zero and negative values will + be treated as 0 (evict immediately) by the system. + format: int64 + type: integer + value: + description: Value is the taint value the toleration matches + to. If the operator is Exists, the value should be empty, + otherwise just a regular string. + type: string + type: object + type: array + type: object + skipCertCheck: + description: Disable certificate validation checks for installer download + and API communication + type: boolean + tokens: + description: Credentials for the DynaKube to connect back to Dynatrace. + type: string + trustedCAs: + description: 'Optional: Adds custom RootCAs from a configmap This + property only affects certificates used to communicate with the + Dynatrace API. The property is not applied to the ActiveGate' + type: string + required: + - apiUrl + type: object + status: + description: DynaKubeStatus defines the observed state of DynaKube + properties: + activeGate: + properties: + imageHash: + description: ImageHash contains the last image hash seen. + type: string + imageVersion: + description: ImageVersion contains the version from the last image + seen. + type: string + lastImageProbeTimestamp: + description: LastImageProbeTimestamp defines the last timestamp + when the querying for image updates have been done. + format: date-time + type: string + type: object + conditions: + description: Conditions includes status about the current state of + the instance + items: + description: "Condition contains details for one aspect of the current + state of this API Resource. --- This struct is intended for direct + use as an array at the field path .status.conditions. For example, + type FooStatus struct{ // Represents the observations of a foo's + current state. // Known .status.conditions.type are: \"Available\", + \"Progressing\", and \"Degraded\" // +patchMergeKey=type // +patchStrategy=merge + // +listType=map // +listMapKey=type Conditions []metav1.Condition + `json:\"conditions,omitempty\" patchStrategy:\"merge\" patchMergeKey:\"type\" + protobuf:\"bytes,1,rep,name=conditions\"` \n // other fields }" + properties: + lastTransitionTime: + description: lastTransitionTime is the last time the condition + transitioned from one status to another. This should be when + the underlying condition changed. If that is not known, then + using the time when the API field changed is acceptable. + format: date-time + type: string + message: + description: message is a human readable message indicating + details about the transition. This may be an empty string. + maxLength: 32768 + type: string + observedGeneration: + description: observedGeneration represents the .metadata.generation + that the condition was set based upon. For instance, if .metadata.generation + is currently 12, but the .status.conditions[x].observedGeneration + is 9, the condition is out of date with respect to the current + state of the instance. + format: int64 + minimum: 0 + type: integer + reason: + description: reason contains a programmatic identifier indicating + the reason for the condition's last transition. Producers + of specific condition types may define expected values and + meanings for this field, and whether the values are considered + a guaranteed API. The value should be a CamelCase string. + This field may not be empty. + maxLength: 1024 + minLength: 1 + pattern: ^[A-Za-z]([A-Za-z0-9_,:]*[A-Za-z0-9_])?$ + type: string + status: + description: status of the condition, one of True, False, Unknown. + enum: + - "True" + - "False" + - Unknown + type: string + type: + description: type of condition in CamelCase or in foo.example.com/CamelCase. + --- Many .condition.type values are consistent across resources + like Available, but because arbitrary conditions can be useful + (see .node.status.conditions), the ability to deconflict is + important. The regex it matches is (dns1123SubdomainFmt/)?(qualifiedNameFmt) + maxLength: 316 + pattern: ^([a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*/)?(([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9])$ + type: string + required: + - lastTransitionTime + - message + - reason + - status + - type + type: object + type: array + environmentID: + description: EnvironmentID contains the environment UUID corresponding + to the API URL + type: string + lastAPITokenProbeTimestamp: + description: LastAPITokenProbeTimestamp tracks when the last request + for the API token validity was sent + format: date-time + type: string + lastClusterVersionProbeTimestamp: + description: LastClusterVersionProbeTimestamp indicates when the cluster's + version was last checked + format: date-time + type: string + lastPaaSTokenProbeTimestamp: + description: LastPaaSTokenProbeTimestamp tracks when the last request + for the PaaS token validity was sent + format: date-time + type: string + oneAgent: + properties: + imageHash: + description: ImageHash contains the last image hash seen. + type: string + imageVersion: + description: ImageVersion contains the version from the last image + seen. + type: string + instances: + additionalProperties: + properties: + ipAddress: + type: string + podName: + type: string + version: + type: string + type: object + type: object + lastImageProbeTimestamp: + description: LastImageProbeTimestamp defines the last timestamp + when the querying for image updates have been done. + format: date-time + type: string + lastUpdateProbeTimestamp: + description: LastUpdateProbeTimestamp defines the last timestamp + when the querying for updates have been done + format: date-time + type: string + useImmutableImage: + description: UseImmutableImage is set when an immutable image + is currently in use + type: boolean + version: + description: Dynatrace version being used. + type: string + type: object + phase: + description: Defines the current state (Running, Updating, Error, + ...) + type: string + tokens: + description: Credentials used to connect back to Dynatrace. + type: string + updatedTimestamp: + description: UpdatedTimestamp indicates when the instance was last + updated + format: date-time + type: string + type: object + type: object + served: true + storage: false + subresources: + status: {} + - additionalPrinterColumns: + - jsonPath: .spec.apiUrl + name: ApiUrl + type: string + - jsonPath: .status.tokens + name: Tokens + type: string + - jsonPath: .status.phase + name: Status + type: string + - jsonPath: .metadata.creationTimestamp + name: Age + type: date + name: v1beta1 + schema: + openAPIV3Schema: + description: DynaKube is the Schema for the DynaKube API + properties: + apiVersion: + description: 'APIVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + type: string + kind: + description: 'Kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + description: DynaKubeSpec defines the desired state of DynaKube + properties: + activeGate: + description: General configuration about ActiveGate instances + properties: + capabilities: + description: Activegate capabilities enabled (routing, kubernetes-monitoring, + metrics-ingest, dynatrace-api) + items: + type: string + type: array + customProperties: + description: 'Optional: Add a custom properties file by providing + it as a value or reference it from a secret If referenced from + a secret, make sure the key is called ''customProperties''' + properties: + value: + type: string + valueFrom: + type: string + type: object + dnsPolicy: + description: 'Optional: Sets DNS Policy for the ActiveGate pods' + type: string + env: + description: 'Optional: List of environment variables to set for + the ActiveGate' + items: + description: EnvVar represents an environment variable present + in a Container. + properties: + name: + description: Name of the environment variable. Must be a + C_IDENTIFIER. + type: string + value: + description: 'Variable references $(VAR_NAME) are expanded + using the previously defined environment variables in + the container and any service environment variables. If + a variable cannot be resolved, the reference in the input + string will be unchanged. Double $$ are reduced to a single + $, which allows for escaping the $(VAR_NAME) syntax: i.e. + "$$(VAR_NAME)" will produce the string literal "$(VAR_NAME)". + Escaped references will never be expanded, regardless + of whether the variable exists or not. Defaults to "".' + type: string + valueFrom: + description: Source for the environment variable's value. + Cannot be used if value is not empty. + properties: + configMapKeyRef: + description: Selects a key of a ConfigMap. + properties: + key: + description: The key to select. + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, + uid?' + type: string + optional: + description: Specify whether the ConfigMap or its + key must be defined + type: boolean + required: + - key + type: object + fieldRef: + description: 'Selects a field of the pod: supports metadata.name, + metadata.namespace, `metadata.labels['''']`, + `metadata.annotations['''']`, spec.nodeName, + spec.serviceAccountName, status.hostIP, status.podIP, + status.podIPs.' + properties: + apiVersion: + description: Version of the schema the FieldPath + is written in terms of, defaults to "v1". + type: string + fieldPath: + description: Path of the field to select in the + specified API version. + type: string + required: + - fieldPath + type: object + resourceFieldRef: + description: 'Selects a resource of the container: only + resources limits and requests (limits.cpu, limits.memory, + limits.ephemeral-storage, requests.cpu, requests.memory + and requests.ephemeral-storage) are currently supported.' + properties: + containerName: + description: 'Container name: required for volumes, + optional for env vars' + type: string + divisor: + anyOf: + - type: integer + - type: string + description: Specifies the output format of the + exposed resources, defaults to "1" + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + resource: + description: 'Required: resource to select' + type: string + required: + - resource + type: object + secretKeyRef: + description: Selects a key of a secret in the pod's + namespace + properties: + key: + description: The key of the secret to select from. Must + be a valid secret key. + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, + uid?' + type: string + optional: + description: Specify whether the Secret or its key + must be defined + type: boolean + required: + - key + type: object + type: object + required: + - name + type: object + type: array + group: + description: 'Optional: Set activation group for ActiveGate' + type: string + image: + description: 'Optional: the ActiveGate container image. Defaults + to the latest ActiveGate image provided by the registry on the + tenant' + type: string + labels: + additionalProperties: + type: string + description: 'Optional: Adds additional labels for the ActiveGate + pods' + type: object + nodeSelector: + additionalProperties: + type: string + description: 'Optional: Node selector to control the selection + of nodes' + type: object + priorityClassName: + description: 'Optional: If specified, indicates the pod''s priority. + Name must be defined by creating a PriorityClass object with + that name. If not specified the setting will be removed from + the StatefulSet.' + type: string + replicas: + description: Amount of replicas for your ActiveGates + format: int32 + type: integer + resources: + description: 'Optional: define resources requests and limits for + single ActiveGate pods' + properties: + limits: + additionalProperties: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + description: 'Limits describes the maximum amount of compute + resources allowed. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/' + type: object + requests: + additionalProperties: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + description: 'Requests describes the minimum amount of compute + resources required. If Requests is omitted for a container, + it defaults to Limits if that is explicitly specified, otherwise + to an implementation-defined value. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/' + type: object + type: object + tlsSecretName: + description: 'Optional: the name of a secret containing ActiveGate + TLS cert+key and password. If not set, self-signed certificate + is used. server.p12: certificate+key pair in pkcs12 format password: + passphrase to read server.p12' + type: string + tolerations: + description: 'Optional: set tolerations for the ActiveGatePods + pods' + items: + description: The pod this Toleration is attached to tolerates + any taint that matches the triple using + the matching operator . + properties: + effect: + description: Effect indicates the taint effect to match. + Empty means match all taint effects. When specified, allowed + values are NoSchedule, PreferNoSchedule and NoExecute. + type: string + key: + description: Key is the taint key that the toleration applies + to. Empty means match all taint keys. If the key is empty, + operator must be Exists; this combination means to match + all values and all keys. + type: string + operator: + description: Operator represents a key's relationship to + the value. Valid operators are Exists and Equal. Defaults + to Equal. Exists is equivalent to wildcard for value, + so that a pod can tolerate all taints of a particular + category. + type: string + tolerationSeconds: + description: TolerationSeconds represents the period of + time the toleration (which must be of effect NoExecute, + otherwise this field is ignored) tolerates the taint. + By default, it is not set, which means tolerate the taint + forever (do not evict). Zero and negative values will + be treated as 0 (evict immediately) by the system. + format: int64 + type: integer + value: + description: Value is the taint value the toleration matches + to. If the operator is Exists, the value should be empty, + otherwise just a regular string. + type: string + type: object + type: array + topologySpreadConstraints: + description: 'Optional: Adds TopologySpreadConstraints for the + ActiveGate pods' + items: + description: TopologySpreadConstraint specifies how to spread + matching pods among the given topology. + properties: + labelSelector: + description: LabelSelector is used to find matching pods. + Pods that match this label selector are counted to determine + the number of pods in their corresponding topology domain. + properties: + matchExpressions: + description: matchExpressions is a list of label selector + requirements. The requirements are ANDed. + items: + description: A label selector requirement is a selector + that contains values, a key, and an operator that + relates the key and values. + properties: + key: + description: key is the label key that the selector + applies to. + type: string + operator: + description: operator represents a key's relationship + to a set of values. Valid operators are In, + NotIn, Exists and DoesNotExist. + type: string + values: + description: values is an array of string values. + If the operator is In or NotIn, the values array + must be non-empty. If the operator is Exists + or DoesNotExist, the values array must be empty. + This array is replaced during a strategic merge + patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + description: matchLabels is a map of {key,value} pairs. + A single {key,value} in the matchLabels map is equivalent + to an element of matchExpressions, whose key field + is "key", the operator is "In", and the values array + contains only "value". The requirements are ANDed. + type: object + type: object + maxSkew: + description: 'MaxSkew describes the degree to which pods + may be unevenly distributed. When `whenUnsatisfiable=DoNotSchedule`, + it is the maximum permitted difference between the number + of matching pods in the target topology and the global + minimum. For example, in a 3-zone cluster, MaxSkew is + set to 1, and pods with the same labelSelector spread + as 1/1/0: | zone1 | zone2 | zone3 | | P | P | | + - if MaxSkew is 1, incoming pod can only be scheduled + to zone3 to become 1/1/1; scheduling it onto zone1(zone2) + would make the ActualSkew(2-0) on zone1(zone2) violate + MaxSkew(1). - if MaxSkew is 2, incoming pod can be scheduled + onto any zone. When `whenUnsatisfiable=ScheduleAnyway`, + it is used to give higher precedence to topologies that + satisfy it. It''s a required field. Default value is 1 + and 0 is not allowed.' + format: int32 + type: integer + topologyKey: + description: TopologyKey is the key of node labels. Nodes + that have a label with this key and identical values are + considered to be in the same topology. We consider each + as a "bucket", and try to put balanced number + of pods into each bucket. It's a required field. + type: string + whenUnsatisfiable: + description: 'WhenUnsatisfiable indicates how to deal with + a pod if it doesn''t satisfy the spread constraint. - + DoNotSchedule (default) tells the scheduler not to schedule + it. - ScheduleAnyway tells the scheduler to schedule the + pod in any location, but giving higher precedence to topologies + that would help reduce the skew. A constraint is considered + "Unsatisfiable" for an incoming pod if and only if every + possible node assignment for that pod would violate "MaxSkew" + on some topology. For example, in a 3-zone cluster, MaxSkew + is set to 1, and pods with the same labelSelector spread + as 3/1/1: | zone1 | zone2 | zone3 | | P P P | P | P | + If WhenUnsatisfiable is set to DoNotSchedule, incoming + pod can only be scheduled to zone2(zone3) to become 3/2/1(3/1/2) + as ActualSkew(2-1) on zone2(zone3) satisfies MaxSkew(1). + In other words, the cluster can still be imbalanced, but + scheduler won''t make it *more* imbalanced. It''s a required + field.' + type: string + required: + - maxSkew + - topologyKey + - whenUnsatisfiable + type: object + type: array + type: object + apiUrl: + description: Location of the Dynatrace API to connect to, including + your specific environment UUID + type: string + customPullSecret: + description: 'Optional: Pull secret for your private registry' + type: string + enableIstio: + description: If enabled, Istio on the cluster will be configured automatically + to allow access to the Dynatrace environment + type: boolean + kubernetesMonitoring: + description: 'Deprecated: Configuration for Kubernetes Monitoring' + properties: + customProperties: + description: 'Optional: Add a custom properties file by providing + it as a value or reference it from a secret If referenced from + a secret, make sure the key is called ''customProperties''' + properties: + value: + type: string + valueFrom: + type: string + type: object + enabled: + description: Enables Capability + type: boolean + env: + description: 'Optional: List of environment variables to set for + the ActiveGate' + items: + description: EnvVar represents an environment variable present + in a Container. + properties: + name: + description: Name of the environment variable. Must be a + C_IDENTIFIER. + type: string + value: + description: 'Variable references $(VAR_NAME) are expanded + using the previously defined environment variables in + the container and any service environment variables. If + a variable cannot be resolved, the reference in the input + string will be unchanged. Double $$ are reduced to a single + $, which allows for escaping the $(VAR_NAME) syntax: i.e. + "$$(VAR_NAME)" will produce the string literal "$(VAR_NAME)". + Escaped references will never be expanded, regardless + of whether the variable exists or not. Defaults to "".' + type: string + valueFrom: + description: Source for the environment variable's value. + Cannot be used if value is not empty. + properties: + configMapKeyRef: + description: Selects a key of a ConfigMap. + properties: + key: + description: The key to select. + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, + uid?' + type: string + optional: + description: Specify whether the ConfigMap or its + key must be defined + type: boolean + required: + - key + type: object + fieldRef: + description: 'Selects a field of the pod: supports metadata.name, + metadata.namespace, `metadata.labels['''']`, + `metadata.annotations['''']`, spec.nodeName, + spec.serviceAccountName, status.hostIP, status.podIP, + status.podIPs.' + properties: + apiVersion: + description: Version of the schema the FieldPath + is written in terms of, defaults to "v1". + type: string + fieldPath: + description: Path of the field to select in the + specified API version. + type: string + required: + - fieldPath + type: object + resourceFieldRef: + description: 'Selects a resource of the container: only + resources limits and requests (limits.cpu, limits.memory, + limits.ephemeral-storage, requests.cpu, requests.memory + and requests.ephemeral-storage) are currently supported.' + properties: + containerName: + description: 'Container name: required for volumes, + optional for env vars' + type: string + divisor: + anyOf: + - type: integer + - type: string + description: Specifies the output format of the + exposed resources, defaults to "1" + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + resource: + description: 'Required: resource to select' + type: string + required: + - resource + type: object + secretKeyRef: + description: Selects a key of a secret in the pod's + namespace + properties: + key: + description: The key of the secret to select from. Must + be a valid secret key. + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, + uid?' + type: string + optional: + description: Specify whether the Secret or its key + must be defined + type: boolean + required: + - key + type: object + type: object + required: + - name + type: object + type: array + group: + description: 'Optional: Set activation group for ActiveGate' + type: string + image: + description: 'Optional: the ActiveGate container image. Defaults + to the latest ActiveGate image provided by the registry on the + tenant' + type: string + labels: + additionalProperties: + type: string + description: 'Optional: Adds additional labels for the ActiveGate + pods' + type: object + nodeSelector: + additionalProperties: + type: string + description: 'Optional: Node selector to control the selection + of nodes' + type: object + replicas: + description: Amount of replicas for your ActiveGates + format: int32 + type: integer + resources: + description: 'Optional: define resources requests and limits for + single ActiveGate pods' + properties: + limits: + additionalProperties: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + description: 'Limits describes the maximum amount of compute + resources allowed. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/' + type: object + requests: + additionalProperties: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + description: 'Requests describes the minimum amount of compute + resources required. If Requests is omitted for a container, + it defaults to Limits if that is explicitly specified, otherwise + to an implementation-defined value. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/' + type: object + type: object + tolerations: + description: 'Optional: set tolerations for the ActiveGatePods + pods' + items: + description: The pod this Toleration is attached to tolerates + any taint that matches the triple using + the matching operator . + properties: + effect: + description: Effect indicates the taint effect to match. + Empty means match all taint effects. When specified, allowed + values are NoSchedule, PreferNoSchedule and NoExecute. + type: string + key: + description: Key is the taint key that the toleration applies + to. Empty means match all taint keys. If the key is empty, + operator must be Exists; this combination means to match + all values and all keys. + type: string + operator: + description: Operator represents a key's relationship to + the value. Valid operators are Exists and Equal. Defaults + to Equal. Exists is equivalent to wildcard for value, + so that a pod can tolerate all taints of a particular + category. + type: string + tolerationSeconds: + description: TolerationSeconds represents the period of + time the toleration (which must be of effect NoExecute, + otherwise this field is ignored) tolerates the taint. + By default, it is not set, which means tolerate the taint + forever (do not evict). Zero and negative values will + be treated as 0 (evict immediately) by the system. + format: int64 + type: integer + value: + description: Value is the taint value the toleration matches + to. If the operator is Exists, the value should be empty, + otherwise just a regular string. + type: string + type: object + type: array + topologySpreadConstraints: + description: 'Optional: Adds TopologySpreadConstraints for the + ActiveGate pods' + items: + description: TopologySpreadConstraint specifies how to spread + matching pods among the given topology. + properties: + labelSelector: + description: LabelSelector is used to find matching pods. + Pods that match this label selector are counted to determine + the number of pods in their corresponding topology domain. + properties: + matchExpressions: + description: matchExpressions is a list of label selector + requirements. The requirements are ANDed. + items: + description: A label selector requirement is a selector + that contains values, a key, and an operator that + relates the key and values. + properties: + key: + description: key is the label key that the selector + applies to. + type: string + operator: + description: operator represents a key's relationship + to a set of values. Valid operators are In, + NotIn, Exists and DoesNotExist. + type: string + values: + description: values is an array of string values. + If the operator is In or NotIn, the values array + must be non-empty. If the operator is Exists + or DoesNotExist, the values array must be empty. + This array is replaced during a strategic merge + patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + description: matchLabels is a map of {key,value} pairs. + A single {key,value} in the matchLabels map is equivalent + to an element of matchExpressions, whose key field + is "key", the operator is "In", and the values array + contains only "value". The requirements are ANDed. + type: object + type: object + maxSkew: + description: 'MaxSkew describes the degree to which pods + may be unevenly distributed. When `whenUnsatisfiable=DoNotSchedule`, + it is the maximum permitted difference between the number + of matching pods in the target topology and the global + minimum. For example, in a 3-zone cluster, MaxSkew is + set to 1, and pods with the same labelSelector spread + as 1/1/0: | zone1 | zone2 | zone3 | | P | P | | + - if MaxSkew is 1, incoming pod can only be scheduled + to zone3 to become 1/1/1; scheduling it onto zone1(zone2) + would make the ActualSkew(2-0) on zone1(zone2) violate + MaxSkew(1). - if MaxSkew is 2, incoming pod can be scheduled + onto any zone. When `whenUnsatisfiable=ScheduleAnyway`, + it is used to give higher precedence to topologies that + satisfy it. It''s a required field. Default value is 1 + and 0 is not allowed.' + format: int32 + type: integer + topologyKey: + description: TopologyKey is the key of node labels. Nodes + that have a label with this key and identical values are + considered to be in the same topology. We consider each + as a "bucket", and try to put balanced number + of pods into each bucket. It's a required field. + type: string + whenUnsatisfiable: + description: 'WhenUnsatisfiable indicates how to deal with + a pod if it doesn''t satisfy the spread constraint. - + DoNotSchedule (default) tells the scheduler not to schedule + it. - ScheduleAnyway tells the scheduler to schedule the + pod in any location, but giving higher precedence to topologies + that would help reduce the skew. A constraint is considered + "Unsatisfiable" for an incoming pod if and only if every + possible node assignment for that pod would violate "MaxSkew" + on some topology. For example, in a 3-zone cluster, MaxSkew + is set to 1, and pods with the same labelSelector spread + as 3/1/1: | zone1 | zone2 | zone3 | | P P P | P | P | + If WhenUnsatisfiable is set to DoNotSchedule, incoming + pod can only be scheduled to zone2(zone3) to become 3/2/1(3/1/2) + as ActualSkew(2-1) on zone2(zone3) satisfies MaxSkew(1). + In other words, the cluster can still be imbalanced, but + scheduler won''t make it *more* imbalanced. It''s a required + field.' + type: string + required: + - maxSkew + - topologyKey + - whenUnsatisfiable + type: object + type: array + type: object + namespaceSelector: + description: 'Optional: set a namespace selector to limit which namespaces + are monitored By default, all namespaces will be monitored Has no + effect during classicFullStack and hostMonitoring mode' + properties: + matchExpressions: + description: matchExpressions is a list of label selector requirements. + The requirements are ANDed. + items: + description: A label selector requirement is a selector that + contains values, a key, and an operator that relates the key + and values. + properties: + key: + description: key is the label key that the selector applies + to. + type: string + operator: + description: operator represents a key's relationship to + a set of values. Valid operators are In, NotIn, Exists + and DoesNotExist. + type: string + values: + description: values is an array of string values. If the + operator is In or NotIn, the values array must be non-empty. + If the operator is Exists or DoesNotExist, the values + array must be empty. This array is replaced during a strategic + merge patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + description: matchLabels is a map of {key,value} pairs. A single + {key,value} in the matchLabels map is equivalent to an element + of matchExpressions, whose key field is "key", the operator + is "In", and the values array contains only "value". The requirements + are ANDed. + type: object + type: object + networkZone: + description: 'Optional: Sets Network Zone for OneAgent and ActiveGate + pods' + type: string + oneAgent: + description: General configuration about OneAgent instances + properties: + applicationMonitoring: + description: 'Optional: enable application-only monitoring and + change its settings Cannot be used in conjunction with cloud-native + fullstack monitoring, classic fullstack monitoring or host monitoring' + nullable: true + properties: + codeModulesImage: + description: 'Optional: the Dynatrace installer container + image' + type: string + initResources: + description: 'Optional: define resources requests and limits + for the initContainer' + properties: + limits: + additionalProperties: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + description: 'Limits describes the maximum amount of compute + resources allowed. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/' + type: object + requests: + additionalProperties: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + description: 'Requests describes the minimum amount of + compute resources required. If Requests is omitted for + a container, it defaults to Limits if that is explicitly + specified, otherwise to an implementation-defined value. + More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/' + type: object + type: object + useCSIDriver: + description: 'Optional: If you want to use CSIDriver; disable + if your cluster does not have ''nodes'' to fall back to + the volume approach.' + type: boolean + version: + description: 'Optional: If specified, indicates the OneAgent + version to use Defaults to latest Example: {major.minor.release} + - 1.200.0' + type: string + type: object + classicFullStack: + description: 'Optional: enable classic fullstack monitoring and + change its settings Cannot be used in conjunction with cloud-native + fullstack monitoring, application monitoring or host monitoring' + nullable: true + properties: + args: + description: 'Optional: Arguments to the OneAgent installer' + items: + type: string + type: array + x-kubernetes-list-type: set + autoUpdate: + description: 'Optional: Enables automatic restarts of OneAgent + pods in case a new version is available Defaults to true' + type: boolean + dnsPolicy: + description: 'Optional: Sets DNS Policy for the OneAgent pods' + type: string + env: + description: 'Optional: List of environment variables to set + for the installer' + items: + description: EnvVar represents an environment variable present + in a Container. + properties: + name: + description: Name of the environment variable. Must + be a C_IDENTIFIER. + type: string + value: + description: 'Variable references $(VAR_NAME) are expanded + using the previously defined environment variables + in the container and any service environment variables. + If a variable cannot be resolved, the reference in + the input string will be unchanged. Double $$ are + reduced to a single $, which allows for escaping the + $(VAR_NAME) syntax: i.e. "$$(VAR_NAME)" will produce + the string literal "$(VAR_NAME)". Escaped references + will never be expanded, regardless of whether the + variable exists or not. Defaults to "".' + type: string + valueFrom: + description: Source for the environment variable's value. + Cannot be used if value is not empty. + properties: + configMapKeyRef: + description: Selects a key of a ConfigMap. + properties: + key: + description: The key to select. + type: string + name: + description: 'Name of the referent. More info: + https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, + kind, uid?' + type: string + optional: + description: Specify whether the ConfigMap or + its key must be defined + type: boolean + required: + - key + type: object + fieldRef: + description: 'Selects a field of the pod: supports + metadata.name, metadata.namespace, `metadata.labels['''']`, + `metadata.annotations['''']`, spec.nodeName, + spec.serviceAccountName, status.hostIP, status.podIP, + status.podIPs.' + properties: + apiVersion: + description: Version of the schema the FieldPath + is written in terms of, defaults to "v1". + type: string + fieldPath: + description: Path of the field to select in + the specified API version. + type: string + required: + - fieldPath + type: object + resourceFieldRef: + description: 'Selects a resource of the container: + only resources limits and requests (limits.cpu, + limits.memory, limits.ephemeral-storage, requests.cpu, + requests.memory and requests.ephemeral-storage) + are currently supported.' + properties: + containerName: + description: 'Container name: required for volumes, + optional for env vars' + type: string + divisor: + anyOf: + - type: integer + - type: string + description: Specifies the output format of + the exposed resources, defaults to "1" + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + resource: + description: 'Required: resource to select' + type: string + required: + - resource + type: object + secretKeyRef: + description: Selects a key of a secret in the pod's + namespace + properties: + key: + description: The key of the secret to select + from. Must be a valid secret key. + type: string + name: + description: 'Name of the referent. More info: + https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, + kind, uid?' + type: string + optional: + description: Specify whether the Secret or its + key must be defined + type: boolean + required: + - key + type: object + type: object + required: + - name + type: object + type: array + image: + description: 'Optional: the Dynatrace installer container + image Defaults to the registry on the tenant for both Kubernetes + and for OpenShift' + type: string + labels: + additionalProperties: + type: string + description: 'Optional: Adds additional labels for the OneAgent + pods' + type: object + nodeSelector: + additionalProperties: + type: string + description: Node selector to control the selection of nodes + (optional) + type: object + oneAgentResources: + description: 'Optional: define resources requests and limits + for single pods' + properties: + limits: + additionalProperties: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + description: 'Limits describes the maximum amount of compute + resources allowed. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/' + type: object + requests: + additionalProperties: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + description: 'Requests describes the minimum amount of + compute resources required. If Requests is omitted for + a container, it defaults to Limits if that is explicitly + specified, otherwise to an implementation-defined value. + More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/' + type: object + type: object + priorityClassName: + description: 'Optional: If specified, indicates the pod''s + priority. Name must be defined by creating a PriorityClass + object with that name. If not specified the setting will + be removed from the DaemonSet.' + type: string + tolerations: + description: 'Optional: set tolerations for the OneAgent pods' + items: + description: The pod this Toleration is attached to tolerates + any taint that matches the triple using + the matching operator . + properties: + effect: + description: Effect indicates the taint effect to match. + Empty means match all taint effects. When specified, + allowed values are NoSchedule, PreferNoSchedule and + NoExecute. + type: string + key: + description: Key is the taint key that the toleration + applies to. Empty means match all taint keys. If the + key is empty, operator must be Exists; this combination + means to match all values and all keys. + type: string + operator: + description: Operator represents a key's relationship + to the value. Valid operators are Exists and Equal. + Defaults to Equal. Exists is equivalent to wildcard + for value, so that a pod can tolerate all taints of + a particular category. + type: string + tolerationSeconds: + description: TolerationSeconds represents the period + of time the toleration (which must be of effect NoExecute, + otherwise this field is ignored) tolerates the taint. + By default, it is not set, which means tolerate the + taint forever (do not evict). Zero and negative values + will be treated as 0 (evict immediately) by the system. + format: int64 + type: integer + value: + description: Value is the taint value the toleration + matches to. If the operator is Exists, the value should + be empty, otherwise just a regular string. + type: string + type: object + type: array + version: + description: 'Optional: If specified, indicates the OneAgent + version to use Defaults to latest Example: {major.minor.release} + - 1.200.0' + type: string + type: object + cloudNativeFullStack: + description: 'Optional: enable cloud-native fullstack monitoring + and change its settings Cannot be used in conjunction with classic + fullstack monitoring, application monitoring or host monitoring' + nullable: true + properties: + args: + description: 'Optional: Arguments to the OneAgent installer' + items: + type: string + type: array + x-kubernetes-list-type: set + autoUpdate: + description: 'Optional: Enables automatic restarts of OneAgent + pods in case a new version is available Defaults to true' + type: boolean + codeModulesImage: + description: 'Optional: the Dynatrace installer container + image' + type: string + dnsPolicy: + description: 'Optional: Sets DNS Policy for the OneAgent pods' + type: string + env: + description: 'Optional: List of environment variables to set + for the installer' + items: + description: EnvVar represents an environment variable present + in a Container. + properties: + name: + description: Name of the environment variable. Must + be a C_IDENTIFIER. + type: string + value: + description: 'Variable references $(VAR_NAME) are expanded + using the previously defined environment variables + in the container and any service environment variables. + If a variable cannot be resolved, the reference in + the input string will be unchanged. Double $$ are + reduced to a single $, which allows for escaping the + $(VAR_NAME) syntax: i.e. "$$(VAR_NAME)" will produce + the string literal "$(VAR_NAME)". Escaped references + will never be expanded, regardless of whether the + variable exists or not. Defaults to "".' + type: string + valueFrom: + description: Source for the environment variable's value. + Cannot be used if value is not empty. + properties: + configMapKeyRef: + description: Selects a key of a ConfigMap. + properties: + key: + description: The key to select. + type: string + name: + description: 'Name of the referent. More info: + https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, + kind, uid?' + type: string + optional: + description: Specify whether the ConfigMap or + its key must be defined + type: boolean + required: + - key + type: object + fieldRef: + description: 'Selects a field of the pod: supports + metadata.name, metadata.namespace, `metadata.labels['''']`, + `metadata.annotations['''']`, spec.nodeName, + spec.serviceAccountName, status.hostIP, status.podIP, + status.podIPs.' + properties: + apiVersion: + description: Version of the schema the FieldPath + is written in terms of, defaults to "v1". + type: string + fieldPath: + description: Path of the field to select in + the specified API version. + type: string + required: + - fieldPath + type: object + resourceFieldRef: + description: 'Selects a resource of the container: + only resources limits and requests (limits.cpu, + limits.memory, limits.ephemeral-storage, requests.cpu, + requests.memory and requests.ephemeral-storage) + are currently supported.' + properties: + containerName: + description: 'Container name: required for volumes, + optional for env vars' + type: string + divisor: + anyOf: + - type: integer + - type: string + description: Specifies the output format of + the exposed resources, defaults to "1" + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + resource: + description: 'Required: resource to select' + type: string + required: + - resource + type: object + secretKeyRef: + description: Selects a key of a secret in the pod's + namespace + properties: + key: + description: The key of the secret to select + from. Must be a valid secret key. + type: string + name: + description: 'Name of the referent. More info: + https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, + kind, uid?' + type: string + optional: + description: Specify whether the Secret or its + key must be defined + type: boolean + required: + - key + type: object + type: object + required: + - name + type: object + type: array + image: + description: 'Optional: the Dynatrace installer container + image Defaults to the registry on the tenant for both Kubernetes + and for OpenShift' + type: string + initResources: + description: 'Optional: define resources requests and limits + for the initContainer' + properties: + limits: + additionalProperties: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + description: 'Limits describes the maximum amount of compute + resources allowed. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/' + type: object + requests: + additionalProperties: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + description: 'Requests describes the minimum amount of + compute resources required. If Requests is omitted for + a container, it defaults to Limits if that is explicitly + specified, otherwise to an implementation-defined value. + More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/' + type: object + type: object + labels: + additionalProperties: + type: string + description: 'Optional: Adds additional labels for the OneAgent + pods' + type: object + nodeSelector: + additionalProperties: + type: string + description: Node selector to control the selection of nodes + (optional) + type: object + oneAgentResources: + description: 'Optional: define resources requests and limits + for single pods' + properties: + limits: + additionalProperties: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + description: 'Limits describes the maximum amount of compute + resources allowed. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/' + type: object + requests: + additionalProperties: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + description: 'Requests describes the minimum amount of + compute resources required. If Requests is omitted for + a container, it defaults to Limits if that is explicitly + specified, otherwise to an implementation-defined value. + More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/' + type: object + type: object + priorityClassName: + description: 'Optional: If specified, indicates the pod''s + priority. Name must be defined by creating a PriorityClass + object with that name. If not specified the setting will + be removed from the DaemonSet.' + type: string + tolerations: + description: 'Optional: set tolerations for the OneAgent pods' + items: + description: The pod this Toleration is attached to tolerates + any taint that matches the triple using + the matching operator . + properties: + effect: + description: Effect indicates the taint effect to match. + Empty means match all taint effects. When specified, + allowed values are NoSchedule, PreferNoSchedule and + NoExecute. + type: string + key: + description: Key is the taint key that the toleration + applies to. Empty means match all taint keys. If the + key is empty, operator must be Exists; this combination + means to match all values and all keys. + type: string + operator: + description: Operator represents a key's relationship + to the value. Valid operators are Exists and Equal. + Defaults to Equal. Exists is equivalent to wildcard + for value, so that a pod can tolerate all taints of + a particular category. + type: string + tolerationSeconds: + description: TolerationSeconds represents the period + of time the toleration (which must be of effect NoExecute, + otherwise this field is ignored) tolerates the taint. + By default, it is not set, which means tolerate the + taint forever (do not evict). Zero and negative values + will be treated as 0 (evict immediately) by the system. + format: int64 + type: integer + value: + description: Value is the taint value the toleration + matches to. If the operator is Exists, the value should + be empty, otherwise just a regular string. + type: string + type: object + type: array + version: + description: 'Optional: If specified, indicates the OneAgent + version to use Defaults to latest Example: {major.minor.release} + - 1.200.0' + type: string + type: object + hostMonitoring: + description: 'Optional: enable host monitoring and change its + settings Cannot be used in conjunction with cloud-native fullstack + monitoring, classic fullstack monitoring or application monitoring' + nullable: true + properties: + args: + description: 'Optional: Arguments to the OneAgent installer' + items: + type: string + type: array + x-kubernetes-list-type: set + autoUpdate: + description: 'Optional: Enables automatic restarts of OneAgent + pods in case a new version is available Defaults to true' + type: boolean + dnsPolicy: + description: 'Optional: Sets DNS Policy for the OneAgent pods' + type: string + env: + description: 'Optional: List of environment variables to set + for the installer' + items: + description: EnvVar represents an environment variable present + in a Container. + properties: + name: + description: Name of the environment variable. Must + be a C_IDENTIFIER. + type: string + value: + description: 'Variable references $(VAR_NAME) are expanded + using the previously defined environment variables + in the container and any service environment variables. + If a variable cannot be resolved, the reference in + the input string will be unchanged. Double $$ are + reduced to a single $, which allows for escaping the + $(VAR_NAME) syntax: i.e. "$$(VAR_NAME)" will produce + the string literal "$(VAR_NAME)". Escaped references + will never be expanded, regardless of whether the + variable exists or not. Defaults to "".' + type: string + valueFrom: + description: Source for the environment variable's value. + Cannot be used if value is not empty. + properties: + configMapKeyRef: + description: Selects a key of a ConfigMap. + properties: + key: + description: The key to select. + type: string + name: + description: 'Name of the referent. More info: + https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, + kind, uid?' + type: string + optional: + description: Specify whether the ConfigMap or + its key must be defined + type: boolean + required: + - key + type: object + fieldRef: + description: 'Selects a field of the pod: supports + metadata.name, metadata.namespace, `metadata.labels['''']`, + `metadata.annotations['''']`, spec.nodeName, + spec.serviceAccountName, status.hostIP, status.podIP, + status.podIPs.' + properties: + apiVersion: + description: Version of the schema the FieldPath + is written in terms of, defaults to "v1". + type: string + fieldPath: + description: Path of the field to select in + the specified API version. + type: string + required: + - fieldPath + type: object + resourceFieldRef: + description: 'Selects a resource of the container: + only resources limits and requests (limits.cpu, + limits.memory, limits.ephemeral-storage, requests.cpu, + requests.memory and requests.ephemeral-storage) + are currently supported.' + properties: + containerName: + description: 'Container name: required for volumes, + optional for env vars' + type: string + divisor: + anyOf: + - type: integer + - type: string + description: Specifies the output format of + the exposed resources, defaults to "1" + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + resource: + description: 'Required: resource to select' + type: string + required: + - resource + type: object + secretKeyRef: + description: Selects a key of a secret in the pod's + namespace + properties: + key: + description: The key of the secret to select + from. Must be a valid secret key. + type: string + name: + description: 'Name of the referent. More info: + https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, + kind, uid?' + type: string + optional: + description: Specify whether the Secret or its + key must be defined + type: boolean + required: + - key + type: object + type: object + required: + - name + type: object + type: array + image: + description: 'Optional: the Dynatrace installer container + image Defaults to the registry on the tenant for both Kubernetes + and for OpenShift' + type: string + labels: + additionalProperties: + type: string + description: 'Optional: Adds additional labels for the OneAgent + pods' + type: object + nodeSelector: + additionalProperties: + type: string + description: Node selector to control the selection of nodes + (optional) + type: object + oneAgentResources: + description: 'Optional: define resources requests and limits + for single pods' + properties: + limits: + additionalProperties: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + description: 'Limits describes the maximum amount of compute + resources allowed. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/' + type: object + requests: + additionalProperties: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + description: 'Requests describes the minimum amount of + compute resources required. If Requests is omitted for + a container, it defaults to Limits if that is explicitly + specified, otherwise to an implementation-defined value. + More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/' + type: object + type: object + priorityClassName: + description: 'Optional: If specified, indicates the pod''s + priority. Name must be defined by creating a PriorityClass + object with that name. If not specified the setting will + be removed from the DaemonSet.' + type: string + tolerations: + description: 'Optional: set tolerations for the OneAgent pods' + items: + description: The pod this Toleration is attached to tolerates + any taint that matches the triple using + the matching operator . + properties: + effect: + description: Effect indicates the taint effect to match. + Empty means match all taint effects. When specified, + allowed values are NoSchedule, PreferNoSchedule and + NoExecute. + type: string + key: + description: Key is the taint key that the toleration + applies to. Empty means match all taint keys. If the + key is empty, operator must be Exists; this combination + means to match all values and all keys. + type: string + operator: + description: Operator represents a key's relationship + to the value. Valid operators are Exists and Equal. + Defaults to Equal. Exists is equivalent to wildcard + for value, so that a pod can tolerate all taints of + a particular category. + type: string + tolerationSeconds: + description: TolerationSeconds represents the period + of time the toleration (which must be of effect NoExecute, + otherwise this field is ignored) tolerates the taint. + By default, it is not set, which means tolerate the + taint forever (do not evict). Zero and negative values + will be treated as 0 (evict immediately) by the system. + format: int64 + type: integer + value: + description: Value is the taint value the toleration + matches to. If the operator is Exists, the value should + be empty, otherwise just a regular string. + type: string + type: object + type: array + version: + description: 'Optional: If specified, indicates the OneAgent + version to use Defaults to latest Example: {major.minor.release} + - 1.200.0' + type: string + type: object + type: object + proxy: + description: 'Optional: Set custom proxy settings either directly + or from a secret with the field ''proxy''' + properties: + value: + type: string + valueFrom: + type: string + type: object + routing: + description: 'Deprecated: Configuration for Routing' + properties: + customProperties: + description: 'Optional: Add a custom properties file by providing + it as a value or reference it from a secret If referenced from + a secret, make sure the key is called ''customProperties''' + properties: + value: + type: string + valueFrom: + type: string + type: object + enabled: + description: Enables Capability + type: boolean + env: + description: 'Optional: List of environment variables to set for + the ActiveGate' + items: + description: EnvVar represents an environment variable present + in a Container. + properties: + name: + description: Name of the environment variable. Must be a + C_IDENTIFIER. + type: string + value: + description: 'Variable references $(VAR_NAME) are expanded + using the previously defined environment variables in + the container and any service environment variables. If + a variable cannot be resolved, the reference in the input + string will be unchanged. Double $$ are reduced to a single + $, which allows for escaping the $(VAR_NAME) syntax: i.e. + "$$(VAR_NAME)" will produce the string literal "$(VAR_NAME)". + Escaped references will never be expanded, regardless + of whether the variable exists or not. Defaults to "".' + type: string + valueFrom: + description: Source for the environment variable's value. + Cannot be used if value is not empty. + properties: + configMapKeyRef: + description: Selects a key of a ConfigMap. + properties: + key: + description: The key to select. + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, + uid?' + type: string + optional: + description: Specify whether the ConfigMap or its + key must be defined + type: boolean + required: + - key + type: object + fieldRef: + description: 'Selects a field of the pod: supports metadata.name, + metadata.namespace, `metadata.labels['''']`, + `metadata.annotations['''']`, spec.nodeName, + spec.serviceAccountName, status.hostIP, status.podIP, + status.podIPs.' + properties: + apiVersion: + description: Version of the schema the FieldPath + is written in terms of, defaults to "v1". + type: string + fieldPath: + description: Path of the field to select in the + specified API version. + type: string + required: + - fieldPath + type: object + resourceFieldRef: + description: 'Selects a resource of the container: only + resources limits and requests (limits.cpu, limits.memory, + limits.ephemeral-storage, requests.cpu, requests.memory + and requests.ephemeral-storage) are currently supported.' + properties: + containerName: + description: 'Container name: required for volumes, + optional for env vars' + type: string + divisor: + anyOf: + - type: integer + - type: string + description: Specifies the output format of the + exposed resources, defaults to "1" + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + resource: + description: 'Required: resource to select' + type: string + required: + - resource + type: object + secretKeyRef: + description: Selects a key of a secret in the pod's + namespace + properties: + key: + description: The key of the secret to select from. Must + be a valid secret key. + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, + uid?' + type: string + optional: + description: Specify whether the Secret or its key + must be defined + type: boolean + required: + - key + type: object + type: object + required: + - name + type: object + type: array + group: + description: 'Optional: Set activation group for ActiveGate' + type: string + image: + description: 'Optional: the ActiveGate container image. Defaults + to the latest ActiveGate image provided by the registry on the + tenant' + type: string + labels: + additionalProperties: + type: string + description: 'Optional: Adds additional labels for the ActiveGate + pods' + type: object + nodeSelector: + additionalProperties: + type: string + description: 'Optional: Node selector to control the selection + of nodes' + type: object + replicas: + description: Amount of replicas for your ActiveGates + format: int32 + type: integer + resources: + description: 'Optional: define resources requests and limits for + single ActiveGate pods' + properties: + limits: + additionalProperties: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + description: 'Limits describes the maximum amount of compute + resources allowed. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/' + type: object + requests: + additionalProperties: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + description: 'Requests describes the minimum amount of compute + resources required. If Requests is omitted for a container, + it defaults to Limits if that is explicitly specified, otherwise + to an implementation-defined value. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/' + type: object + type: object + tolerations: + description: 'Optional: set tolerations for the ActiveGatePods + pods' + items: + description: The pod this Toleration is attached to tolerates + any taint that matches the triple using + the matching operator . + properties: + effect: + description: Effect indicates the taint effect to match. + Empty means match all taint effects. When specified, allowed + values are NoSchedule, PreferNoSchedule and NoExecute. + type: string + key: + description: Key is the taint key that the toleration applies + to. Empty means match all taint keys. If the key is empty, + operator must be Exists; this combination means to match + all values and all keys. + type: string + operator: + description: Operator represents a key's relationship to + the value. Valid operators are Exists and Equal. Defaults + to Equal. Exists is equivalent to wildcard for value, + so that a pod can tolerate all taints of a particular + category. + type: string + tolerationSeconds: + description: TolerationSeconds represents the period of + time the toleration (which must be of effect NoExecute, + otherwise this field is ignored) tolerates the taint. + By default, it is not set, which means tolerate the taint + forever (do not evict). Zero and negative values will + be treated as 0 (evict immediately) by the system. + format: int64 + type: integer + value: + description: Value is the taint value the toleration matches + to. If the operator is Exists, the value should be empty, + otherwise just a regular string. + type: string + type: object + type: array + topologySpreadConstraints: + description: 'Optional: Adds TopologySpreadConstraints for the + ActiveGate pods' + items: + description: TopologySpreadConstraint specifies how to spread + matching pods among the given topology. + properties: + labelSelector: + description: LabelSelector is used to find matching pods. + Pods that match this label selector are counted to determine + the number of pods in their corresponding topology domain. + properties: + matchExpressions: + description: matchExpressions is a list of label selector + requirements. The requirements are ANDed. + items: + description: A label selector requirement is a selector + that contains values, a key, and an operator that + relates the key and values. + properties: + key: + description: key is the label key that the selector + applies to. + type: string + operator: + description: operator represents a key's relationship + to a set of values. Valid operators are In, + NotIn, Exists and DoesNotExist. + type: string + values: + description: values is an array of string values. + If the operator is In or NotIn, the values array + must be non-empty. If the operator is Exists + or DoesNotExist, the values array must be empty. + This array is replaced during a strategic merge + patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + description: matchLabels is a map of {key,value} pairs. + A single {key,value} in the matchLabels map is equivalent + to an element of matchExpressions, whose key field + is "key", the operator is "In", and the values array + contains only "value". The requirements are ANDed. + type: object + type: object + maxSkew: + description: 'MaxSkew describes the degree to which pods + may be unevenly distributed. When `whenUnsatisfiable=DoNotSchedule`, + it is the maximum permitted difference between the number + of matching pods in the target topology and the global + minimum. For example, in a 3-zone cluster, MaxSkew is + set to 1, and pods with the same labelSelector spread + as 1/1/0: | zone1 | zone2 | zone3 | | P | P | | + - if MaxSkew is 1, incoming pod can only be scheduled + to zone3 to become 1/1/1; scheduling it onto zone1(zone2) + would make the ActualSkew(2-0) on zone1(zone2) violate + MaxSkew(1). - if MaxSkew is 2, incoming pod can be scheduled + onto any zone. When `whenUnsatisfiable=ScheduleAnyway`, + it is used to give higher precedence to topologies that + satisfy it. It''s a required field. Default value is 1 + and 0 is not allowed.' + format: int32 + type: integer + topologyKey: + description: TopologyKey is the key of node labels. Nodes + that have a label with this key and identical values are + considered to be in the same topology. We consider each + as a "bucket", and try to put balanced number + of pods into each bucket. It's a required field. + type: string + whenUnsatisfiable: + description: 'WhenUnsatisfiable indicates how to deal with + a pod if it doesn''t satisfy the spread constraint. - + DoNotSchedule (default) tells the scheduler not to schedule + it. - ScheduleAnyway tells the scheduler to schedule the + pod in any location, but giving higher precedence to topologies + that would help reduce the skew. A constraint is considered + "Unsatisfiable" for an incoming pod if and only if every + possible node assignment for that pod would violate "MaxSkew" + on some topology. For example, in a 3-zone cluster, MaxSkew + is set to 1, and pods with the same labelSelector spread + as 3/1/1: | zone1 | zone2 | zone3 | | P P P | P | P | + If WhenUnsatisfiable is set to DoNotSchedule, incoming + pod can only be scheduled to zone2(zone3) to become 3/2/1(3/1/2) + as ActualSkew(2-1) on zone2(zone3) satisfies MaxSkew(1). + In other words, the cluster can still be imbalanced, but + scheduler won''t make it *more* imbalanced. It''s a required + field.' + type: string + required: + - maxSkew + - topologyKey + - whenUnsatisfiable + type: object + type: array + type: object + skipCertCheck: + description: Disable certificate validation checks for installer download + and API communication + type: boolean + tokens: + description: Credentials for the DynaKube to connect back to Dynatrace. + type: string + trustedCAs: + description: 'Optional: Adds custom RootCAs from a configmap This + property only affects certificates used to communicate with the + Dynatrace API. The property is not applied to the ActiveGate' + type: string + required: + - apiUrl + type: object + status: + description: DynaKubeStatus defines the observed state of DynaKube + properties: + activeGate: + properties: + imageHash: + description: ImageHash contains the last image hash seen. + type: string + lastUpdateProbeTimestamp: + description: LastUpdateProbeTimestamp defines the last timestamp + when the querying for updates have been done + format: date-time + type: string + version: + description: Version contains the version to be deployed. + type: string + type: object + communicationHostForClient: + description: CommunicationHostForClient caches a communication host + specific to the api url. + properties: + host: + type: string + port: + format: int32 + type: integer + protocol: + type: string + type: object + conditions: + description: Conditions includes status about the current state of + the instance + items: + description: "Condition contains details for one aspect of the current + state of this API Resource. --- This struct is intended for direct + use as an array at the field path .status.conditions. For example, + type FooStatus struct{ // Represents the observations of a foo's + current state. // Known .status.conditions.type are: \"Available\", + \"Progressing\", and \"Degraded\" // +patchMergeKey=type // +patchStrategy=merge + // +listType=map // +listMapKey=type Conditions []metav1.Condition + `json:\"conditions,omitempty\" patchStrategy:\"merge\" patchMergeKey:\"type\" + protobuf:\"bytes,1,rep,name=conditions\"` \n // other fields }" + properties: + lastTransitionTime: + description: lastTransitionTime is the last time the condition + transitioned from one status to another. This should be when + the underlying condition changed. If that is not known, then + using the time when the API field changed is acceptable. + format: date-time + type: string + message: + description: message is a human readable message indicating + details about the transition. This may be an empty string. + maxLength: 32768 + type: string + observedGeneration: + description: observedGeneration represents the .metadata.generation + that the condition was set based upon. For instance, if .metadata.generation + is currently 12, but the .status.conditions[x].observedGeneration + is 9, the condition is out of date with respect to the current + state of the instance. + format: int64 + minimum: 0 + type: integer + reason: + description: reason contains a programmatic identifier indicating + the reason for the condition's last transition. Producers + of specific condition types may define expected values and + meanings for this field, and whether the values are considered + a guaranteed API. The value should be a CamelCase string. + This field may not be empty. + maxLength: 1024 + minLength: 1 + pattern: ^[A-Za-z]([A-Za-z0-9_,:]*[A-Za-z0-9_])?$ + type: string + status: + description: status of the condition, one of True, False, Unknown. + enum: + - "True" + - "False" + - Unknown + type: string + type: + description: type of condition in CamelCase or in foo.example.com/CamelCase. + --- Many .condition.type values are consistent across resources + like Available, but because arbitrary conditions can be useful + (see .node.status.conditions), the ability to deconflict is + important. The regex it matches is (dns1123SubdomainFmt/)?(qualifiedNameFmt) + maxLength: 316 + pattern: ^([a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*/)?(([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9])$ + type: string + required: + - lastTransitionTime + - message + - reason + - status + - type + type: object + type: array + connectionInfo: + description: ConnectionInfo caches information about the tenant and + its communication hosts + properties: + communicationHosts: + items: + properties: + host: + type: string + port: + format: int32 + type: integer + protocol: + type: string + type: object + type: array + formattedCommunicationEndpoints: + type: string + tenantUUID: + type: string + type: object + eec: + properties: + imageHash: + description: ImageHash contains the last image hash seen. + type: string + lastUpdateProbeTimestamp: + description: LastUpdateProbeTimestamp defines the last timestamp + when the querying for updates have been done + format: date-time + type: string + version: + description: Version contains the version to be deployed. + type: string + type: object + kubeSystemUUID: + description: KubeSystemUUID contains the UUID of the current Kubernetes + cluster + type: string + lastAPITokenProbeTimestamp: + description: LastAPITokenProbeTimestamp tracks when the last request + for the API token validity was sent + format: date-time + type: string + lastClusterVersionProbeTimestamp: + description: LastClusterVersionProbeTimestamp indicates when the cluster's + version was last checked + format: date-time + type: string + lastDataIngestTokenProbeTimestamp: + description: LastDataIngestTokenProbeTimestamp tracks when the last + request for the DataIngest token validity was sent + format: date-time + type: string + lastPaaSTokenProbeTimestamp: + description: LastPaaSTokenProbeTimestamp tracks when the last request + for the PaaS token validity was sent + format: date-time + type: string + latestAgentVersionUnixDefault: + description: LatestAgentVersionUnixDefault caches the current agent + version for unix and the default installer which is configured for + the environment + type: string + latestAgentVersionUnixPaas: + description: LatestAgentVersionUnixDefault caches the current agent + version for unix and the PaaS installer which is configured for + the environment + type: string + oneAgent: + properties: + imageHash: + description: ImageHash contains the last image hash seen. + type: string + instances: + additionalProperties: + properties: + ipAddress: + type: string + podName: + type: string + type: object + type: object + lastHostsRequestTimestamp: + description: LastHostsRequestTimestamp indicates the last timestamp + the Operator queried for hosts + format: date-time + type: string + lastUpdateProbeTimestamp: + description: LastUpdateProbeTimestamp defines the last timestamp + when the querying for updates have been done + format: date-time + type: string + version: + description: Version contains the version to be deployed. + type: string + type: object + phase: + description: Defines the current state (Running, Updating, Error, + ...) + type: string + statsd: + properties: + imageHash: + description: ImageHash contains the last image hash seen. + type: string + lastUpdateProbeTimestamp: + description: LastUpdateProbeTimestamp defines the last timestamp + when the querying for updates have been done + format: date-time + type: string + version: + description: Version contains the version to be deployed. + type: string + type: object + tokens: + description: Credentials used to connect back to Dynatrace. + type: string + updatedTimestamp: + description: UpdatedTimestamp indicates when the instance was last + updated + format: date-time + type: string + type: object + type: object + served: true + storage: true + subresources: + status: {} diff --git a/charts/dynatrace/dynatrace-operator/0.8.2/logo.png b/charts/dynatrace/dynatrace-operator/0.8.2/logo.png new file mode 100644 index 0000000000000000000000000000000000000000..6714eb8a59509d9513133b43b2de290f73be9c18 GIT binary patch literal 9908 zcmYj%c|27A_y22#u?!l?E=H*kp(IM0@s_kAN~kOqDnhHhJ7sHEy(=UQZ6sT~C83!{ zsqAU7r7>k+r)-1k-tX(`^Lspgf8@^0z305nd7kBUU(eG;M|(RtsyY<_Ah%`nMkfHs z@FN*WNx;ik=$C1Dkq+MMb`k)Y1;jrRxO-0({-}1!*7cNgkngDw?-M@2`cTjTAMGv2 zy#0Kfe7p~Z9slUF9)M-mTQ*wn3T+*1-+yIalQ&&hT8duR+q=)!<+Ju3i@@m3F{vjs z$DXdN@;)bV`m#%;^FqZ2g&qDl!7q(F9R#1M=tJmAHp5=__ujmogst%Pp^KO4e(*uuGQNdfaJ6RFPqenFM$+onoTezZ9RIp1K^;W{2e6tv5qD^H|haSJlChGx{0Ac;) zH4)of{SrA1T;C)r9?j^gIfYbxD=5uSdu6F8vB#Q4W{OoX7LFq=n@wV{0A9z^f44%> zFNUI?2)kJa4Y{rVMJ-Fm^I7vLV6hY)>mg#BsBdo`*Yu^mxSwMOo$jw-L^f!dsc-Br zIL{)3t~kUJd8LOQVOsa**}R+_R1~9v!G+l6sn3@;osSzZ-ZjV=zAb)PaVL<+ye7PY zC%EMrj_~vKd`w9;wdN^B5yUXAM+G1CKApcrPf`!ORmHp+NZT~;l<&NIE{?!!xqx$z zVdcL>`_hR9_S)VFB*6Ls8SvEGt}OcGNh z_I+fUyWJXjk@gV4n~keO)zkm|8hTQP!dg{>R-Bnxd`{FJe+4WmVV}k6$2W&Aq>|@WsT0zav!+dzU=X#@U$VHD z2N9Un#;8hRx%t6o0TSHBTwe)J+Z6ff-s)i^(ZD7xY-a!MuTF$(74eA0AJ2qwjfJaF zgB9R^2K$K&00dOLf{__u3@B-80=@#q5+-aw6AQ?e&$~H!H{IaRn1Ih;i*PP zWbF4YkbZ*LIun(y^p zfM?$T3a70~OH27jJK7#J< z{|1pc8SXYuH2unf0ux7su?%&!Z%N^r!bReAc)1u-+-}|FMw}0CzvVIB>-eGX@m3y?%vxaTt zQ@c;Nr)tMJ!dH_^Md)+KXkpNwvxbii#dpCv5LSVFGq>B5!l8MQsU>mwc=Tusi%sBL64HB)rOC!iPF+Y0 zdvcX2fVrcMYCK`M#4dSGtSf~m7{KyMQx+iZqJ-=mqMF;YziOi@qZvU`_{XDz>a6wX z-l@;FM7`CHyK>%mh}y2?B;6qgBO=QLaR_1_7)(E&F=v>=Th|crfL(-LMN;@EkE3`n z^=IIA;(NhphV&k7U8SKHl*Wn9lEI_N=6B0>^{+-n>%Yseq(Eo$@;%Nv(?3bf|{on9t>N1Fhpz1y+GV}orH&H5I zj_T$LL+#2X(n2ixu+=OX{Qr6`d)D>nlGaoZA>e;ncJ6HjBVedheZX7~edu`DoU7+B z*URf0s5xR6a_5TK;lNy#E=E;ikzLdwiu?|e>Pr|INv9&^4K@Dqm@yTfzWj4J>zr^h zj_fp#=mZ|o!uLd`$Ya~xX1~p;sXw)SE5W#}m>M{5UY^*FX zD|y-L1zyHz(H8AKVSO~RvO6eW1$*J0mtbdf@6{@&hp+tAX8)q)77cqvfCSq&&HKv4HvUuI_B*lKb`qU3)^-h9+9G1KL6JAA%e8a z9m?OJM&!^6zxGdG$34D!9xQ&rV01SfrcI?UR;)a^jE4IN90HcZ9Ahg~gcZvVO=wMi zWCUBv(KGb0vr|Y<4*JyWpEpVM!=Bk+I&UsQlW$FAas*6UIu&k+^flL1eP!2bD zbM$lEi`PHOe*Z>)zb$WgJw1{4ea0^@2U#95(p@om_H5TxPlJidh>kb>(9z5EsaKzT z$)*e1{4^yl+la=OuUT^03LSdey51j_kXoM;w~@+(=zf%nn!L&>IOs)-oBEnVcNi}0 z$U&x?uk4BYu(hJ&)uoAfUEWCr^7h`T*TQ_aiOlzSfKAi;tQ;E=3m$S_BBN0x`R zM91T}Ja(&p0W_%3{)B|r77-13``S5Q#VWyr-@116bqGZY+1gZf#`D(RKvI4y9{q6Q z&ASt`Cx@R1LaOnW;w$9shNy~ZTfVa|sds3I-zyxUm&i;uYH(??WGMvhrkO9mm`n9H zY{z)(v~KY~W%TaZBUAaAxeP0~Y3>9C5tlKeZ!0@yo^@)LJG2ZA+D60h_AOr}mVb|N z?VYf8vYsOo3Iq;o8aFX@lvrplernC*{TQ!gQhrcyFA`6Fb$9B;O4e2$V_{lLoYj7v zcI|*(vPpjJ$i|qync%SR1`JU^c;ZL1?{K?dm=f9g!}-%^ocpGR6b+Y9A>h(fid*=^Lb>Fj^H*5?PxGeyo9Z_I0qPbIk;&6LXa zjB%!B>wD~G*yA^0nJx?9N02)0@FBF%$qnhK&f8FU`oEE~vstD<5+BSluEo!vV?965 zw{mT+%`k=q^hNGzTr$bR^V@vf9P42yqfgE2T3SZbDDv1Y-(CaKyup)W{3^Enwb9g= zlc?v+zle7he0N!JW7Zc`uA9cYC-FDmc5-%vsV0#{BNC(-#_c}-)bmhM@BT^TRqsxG zWcCwhWqbWRiuTM6Yu1el&h7U0^ZP}GY$tnCjF3LnFngPhT^;0i2}UyMX}4hLK2143 z-Zi7dx)C|#fVoZ7jzs;)EO=(l5#3ly09PejuGVmkl4d^3XuOYeChhR>fj=8y-8!32 z=(ExjFn;NH@Pskmalk65&eT#Ra7P5+xV~lx9k|`v{9(<=_m(MktS6^Xa7^xqn*z4$ zNHMt~cfW{k5o%s$6C4jXGykIR>8O(5yiUgbYiksTwLo+=)$QtDRDH*VQO4p+ga1;49gy+r=PPc znBGY({$~U~j$BNxmXJ?#_x_wIlaV_ZQFXeLEI%=Zw;JGO9iO_>X|WqF))+-PD!%sj z0?W<61hQam=l2Hnb=?+lVohQZJ=$z^JY)S=S+M=9J;kfZU#j8(Cn`iV5R26aBo}rS z?td@OZE%qz{c8j)>%d@$0YBL$zR(Z}uo5#dO00F-WoZyf?Rag2Hhp81>;`9KF?2K1 z{YFPwNMhFdf#C&#!#X0hrlOvEWRSUoB$bFp9WG>xNfx%mZ}^FB0B?_EYLJJLe|mq# zJHFsGHxdq+($*h7Ov>_;1GaLfZPKhpLKoyt^4-T7mWj1mQ5!|3*UW4{MQL#VrDq`X zORgyh`XLgvw`1M&4i(bs+pekDnF9S95IH)-R>6QHLzk+;3LeJy=AAW4neDCMu?tSg zk(lex7=k>sqp-z+#tjiz$i_^-JZcJzIlm|6G{Bd(UVo6b_{l2L z;s?NFe$)Nx0Do#406^)eJ^*Pz4{U$8+Xl$1P*_`f)yaBqTh*Wq;w9m65B5n&0qJ$_ zk3e(8-Gbyw@e4Kf6z;7BKBM=^neb!`js|k}k_`Z8*bWa}pTC)jgX24aBY>~Pp%=8;ceEIU^Q*9H?0^pjZy-3eWx3ds)ESd9j}0IyvuD6FS1C+a~3ktqOXmM6q0tme~lq$^!XiWYaJ%sB#;{?=M##blY@uW7K=$FJ@^-@ zsf7sr)eNq#0DI)-gD)QbU&sw+zTn@}!;QaR?DT3SlxP!5SToJCQb55FtPvw8mEBo1 zcZ&kxEh1AkDYLFEIv~5k2E@Y9)qpg>3|E$gOauG`z*iM80|0Y2b>UO6FQU$#1y)A7 zRy=~iBjh(f2H9%MSRXAy`d(Ur3r~QnBrsV!0krRuf$iFxFp$AZ#F(j6=6e&;_U+a3 zUJ?YXP%vp9DOd@BC9dE*4S1a}yuTDma64Z{DpOdkCv6t6)Kvfs+OiBEsS6Ll%cUmV zjhd$7Z&!&y8F!GYu^ep9gNrd2B}9F_S;1i$o~NMu zcXLebNx=+o>8Ki6^{zA6B{(1;f?!E<+T8q4_(v0N!!>ns6}IqoaDP?5g(+}cg0@xZ zFeB~ohswZQ{DAA8SjLrZSVvFrr#vS$3O9ajh1ARrV<|*6*#PLxdIc2s;X7r3EIfmM z;6K>O>a*lDF$khYKK{j`w2gxQX5SS+>_Qi#q@&(_@Z2%r3o;vh1hmKb60B7T*krl* z4D0v-S%Wa4vATp_>@$$m{0YxA1)2vh2_-MIehv5_*L;u66xl3vk7Fs^)9mi`guI2# z`fFHgi6+d%k^2ay35Ru<3J$Jmy zI&=&-dRET%3)|Tn`t;(h{UG_UNRnU{Z1C!YsM7=Mzb?(Qei+lR@5*|#VkdriDbi9c z#?Ug9n55e1m4zK~41f9s=2OKn7JrSx_EqR*MG*9*I~LMQ2^0O-F7Y^58ci&!^FP`)fDx>kk&+TyC@meVDSv09Cn1rW1#s7iP?xSEqUJJ9|9F0MaY7R8~3oIlrn|UqI_hO73vsLOKIq z4JkcH1n!;LwD*Gq56?`L*-*2F%j3&JUc$)`BrFHgp^GYobUz91Ea9W19X>cj6wmXs zCm~Ld^x^Cgv6Zp>`cH}Q1n=(-dAOu&IVrXqwFsu&Jcd!UVI4d58CoB_KwH2VSLi>T zwObUggCF+u3>V-J5-+_v#ZxrMDUz8=k4%7@)FeF0~m@cVhx*jkBD`k zNKTH~A~gEAJ>(~)V-YQMbn5dv^myYo+ff;Az++Fo5-6hKn>yLf;JE0Yxd^5|I`6IF zCGZ?o169Z2(Yp)M0@B7xx5nN)15)@pNGqj({e52^W5L5E+m&EgDKgxLROXI-fk#D> zzwVP?-ep`1OIU4$suYyUU}Y~ldKtTk99%PHY!OK6rCz)du-{UBYA8}Ae2#|P9of4a z($@-5G*~}PD7i@=7?Bh)Ie4KcVq87?t2HDA;;R(mCH{h>jP1||nj^`r@%RIwq$#*) z`LDZ3at%4F&RrQFimcGUY>kz+*QM)vnoIqT#ZTPyIaR~wkN=pDu^u9X#UI4%A(h0v zeh*i{cHAXN(iFL_ozWm00%`*N7=#Om70P9V@^N#{0$Sx#us%9Yy9v zVD)KkUK1qY3Q7k|Vi<4tL6eA$$+N@C?WZjFvz#oRUljCTp+@-}fnI)l(VvGa5`l}) zQW|DkVN$NfTBbDxHx0!(%q`qD$SqSKnd1z6*6N_YQb@h=hxb=-G*4cfk2wa# z-~Uf4|B=vhjqGt{*19^#A#gu&;LxP z20tpRL)3XWX#aqng`^*xmUv5e z6$m(idi@MB`EAh)VB9o9s`LTuU&vO9cAUzp31N^lvbll;6X`vQ1vJPqT{jja#pCZT zR3Pap1ZOWzv>&z;De0TctD^I(|Flg}kd{HYd7$7A&v$oeBKZPNXD zSE7JIyBJf{l#}T)b~>*+;o#E9)VWYMonTJ24oe4VdcCK8?RLOr5Q>+Bt;-<$V+9e#BFypF zgc9I!th3z3O!`x7L}Jb%qZ6W@VU0)%_b$xW3A3MOGd%j?I$5Tv3=96S=|l-hz|lq* zX{NMf8OJ6|k8=Q|F z6VO%#1NT3Rd5Uy18>@kTupL7{3n($`UdoEUKb;QAWu~SS(qUr?T3*Tk z{}M^A8YJ=`DP!Asbk)_v%a|wW5gFG6oWa`;P3OK~JV@7@qlF&fgv2iovM4l%7)8K? z5^U|}#g)zCnZ8XB@r|RqRXM7b*56C60P&JhFmC>Hhm})6)i7@ADOigOe)-r0erU&5Y3O->#nJuEo zh!s+Fugb1=xG{OPO@n~coUqU*+XL~qR6o^x*t7i z8Vk%o_eD*KknZ^g=_O=rf8 zAz%vn5;-+b#gi_X|CrhtV22ayd^*rzEH-rRKu4B%Ci6x$-i-{<3UoLVR)PdF_wA)O z9lNDR#VCTLPv;KsO7MIMFV}c>xK+g1He+c-5j@bB9P-dtHI%Z~P2L-f{P+(FW9nI5cy*cz$ew@Qr5#GCNwAsXeJQ^K4XUpU$^ z$>Qc72dYhaFas)5JZcO7zm8H2rXQPDKGdQld$HNS3wilvqzC(iRL`@T3QtB3HMg1% z4mYiw)&ugmAm=^g7z1tV9W08uZ)W-%}AB4&Bmg>@Ld*wE8E8 z*VEcIG8_6#JYe$EXXIYgSYJ@$tle2?@aQHj3TQN-4jt?Aitsi`F|oF6{~ZKRK;3q; zc+sHTS>8_kLFrUF01>xi-Z(X|-K1K@IKG>_w_COgGtNK6f^+dmEp*$ag%qGyXgKDl zAR)t>Ag3D+!t;LI1{&U7?L!~uz>#6;G*t5GR&44en+8$4iev?2`(*sysSU!uJ=Lg= zOZXf9c&-fz^t-A`Tz=D$P^@yXHG6Nb=dg;)Bx7uVuRr<L#ryU768OY`g zMvqgYGZwu_j1!J*AN%iZZJT+a#>pUGNeA@EnNCx_!N6TC_$+=Pv@;#~WCuV5;ZBpWEW~XNS2uF<4d~6b9PTxF?GQu78W$e<0Z| R5fVsXi>>{}+<&~z{~v%ki3tDz literal 0 HcmV?d00001 diff --git a/charts/dynatrace/dynatrace-operator/0.8.2/questions.yml b/charts/dynatrace/dynatrace-operator/0.8.2/questions.yml new file mode 100644 index 000000000..ca4422b3c --- /dev/null +++ b/charts/dynatrace/dynatrace-operator/0.8.2/questions.yml @@ -0,0 +1,166 @@ +categories: + - APM + - Monitoring +questions: + + #################### Global Configuration #################### + - variable: installCRD + label: "Install Custom Resource Definitions" + description: "Installs the Custom Resource Definitions for the Dynakube. This is recommended if you haven't installed it manually yet. Default: true" + default: true + type: boolean + group: "Global Configuration" + + - variable: image + label: "Set a custom image for operator components" + description: "Set a custom image for operator. Defaults to docker.io/dynatrace/dynatrace-operator" + default: "" + type: string + group: "Global Configuration" + + - variable: customPullSecret + label: "Set a custom pull secret for operator image" + description: "Set a custom pull secret for the operator image" + default: "" + type: string + group: "Global Configuration" + + #################### Operator Deployment Configuration #################### + - variable: operator.nodeSelector + label: "Assign the Dynatrace Operator's pod to certain nodes" + description: "Defines a NodeSelector to customize to which nodes the Dynatrace Operator can be deployed on - Please edit as Yaml for the best experience - see https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/#nodeselector" + default: "" + type: string + group: "Operator Deployment Configuration" + + - variable: operator.tolerations + label: "Custom tolerations for the Dynatrace Operator's pod" + description: "Defines custom tolerations to the Dynatrace Operator - Please edit as Yaml for the best experience - see https://kubernetes.io/docs/concepts/configuration/taint-and-toleration/" + default: "" + type: string + group: "Operator Deployment Configuration" + + - variable: operator.apparmor + label: "Enable AppArmor for the Dynatrace Operator's pod" + description: "Adds AppArmor security annotations to the Dynatrace Operator's pod. Default: false" + default: false + type: boolean + group: "Operator Deployment Configuration" + + - variable: operator.requests.cpu + label: "CPU resource requests settings for Dynatrace Operator's pods" + description: "The minimum amount of CPU resources that the Dynatrace Operator's pods should request. Affects scheduling. Default: 50m" + default: "50m" + type: string + group: "Operator Deployment Configuration" + + - variable: operator.requests.memory + label: "Memory resource requests settings for Dynatrace Operator's pods" + description: "The minimum amount of memory that the Dynatrace Operator's pods should request. Affects scheduling. Default: 64Mi" + default: "64Mi" + type: string + group: "Operator Deployment Configuration" + + - variable: operator.limits.cpu + label: "CPU resource limits settings for Dynatrace Operator's pods" + description: "The maximum amount of CPU resources that the Dynatrace Operator's pods can use. Default: 100m" + default: "100m" + type: string + group: "Operator Deployment Configuration" + + - variable: operator.limits.memory + label: "Memory resource limits settings for Dynatrace Operator's pods" + description: "The maximum amount of memory that the Dynatrace Operator's pods can use. Pod restarted if exceeded. Default: 128Mi" + default: "128Mi" + type: string + group: "Operator Deployment Configuration" + + + #################### Webhook Deployment Configuration #################### + + - variable: webhook.apparmor + label: "Enable AppArmor for the Dynatrace Webhook's pod" + description: "Adds AppArmor security annotations to the Dynatrace Webhook's pod. Default: false" + default: false + type: boolean + group: "Webhook Deployment Configuration" + + - variable: webhook.highAvailability + label: "Enable high availability for the Dynatrace Webhook's pod" + description: "Adds topologySpreadConstraints and increases the replicas to 2 for the Dynatrace Webhook's pod. Default: false" + default: false + type: boolean + group: "Webhook Deployment Configuration" + + - variable: webhook.hostNetwork + label: "Enable hostNetwork for the Dynatrace Webhook's pod" + description: "Enables hostNetwork for the Dynatrace Webhook's pod. Default: false" + default: false + type: boolean + group: "Webhook Deployment Configuration" + + - variable: webhook.requests.cpu + label: "CPU resource requests settings for Dynatrace Webhook's pods" + description: "The minimum amount of CPU resources that the Dynatrace Webhook's pods should request. Affects scheduling. Default: 300m" + default: "300m" + type: string + group: "Webhook Deployment Configuration" + + - variable: webhook.requests.memory + label: "Memory resource requests settings for Dynatrace Webhook's pods" + description: "The minimum amount of memory that the Dynatrace Webhook's pods should request. Affects scheduling. Default: 128Mi" + default: "128Mi" + type: string + group: "Webhook Deployment Configuration" + + - variable: webhook.limits.cpu + label: "CPU resource limits settings for Dynatrace Webhook's pods" + description: "The maximum amount of CPU resources that the Dynatrace Webhook's pods can use. Default: 300m" + default: "300m" + type: string + group: "Webhook Deployment Configuration" + + - variable: webhook.limits.memory + label: "Memory resource limits settings for Dynatrace Webhook's pods" + description: "The maximum amount of memory that the Dynatrace Webhook's pods can use. Pod restarted if exceeded. Default: 128Mi" + default: "128Mi" + type: string + group: "Webhook Deployment Configuration" + + + #################### CSI Driver Deployment Configuration #################### + + - variable: csidriver.enabled + label: "Deploy the Dynatrace CSI Driver" + description: "Deploys the Dynatrace CSI Driver via a DaemonSet to enable Cloud Native FullStack. Default: false" + default: false + type: boolean + group: "CSI Driver Deployment Configuration" + + - variable: csidriver.requests.cpu + label: "CPU resource requests settings for Dynatrace CSI Driver's pods" + description: "The minimum amount of CPU resources that the Dynatrace CSI Driver's pods should request. Affects scheduling. Default: 300m" + default: "300m" + type: string + group: "CSI Driver Deployment Configuration" + + - variable: csidriver.requests.memory + label: "Memory resource requests settings for Dynatrace CSI Driver's pods" + description: "The minimum amount of memory that the Dynatrace CSI Driver's pods should request. Affects scheduling. Default: 100Mi" + default: "100Mi" + type: string + group: "CSI Driver Deployment Configuration" + + - variable: csidriver.limits.cpu + label: "CPU resource limits settings for Dynatrace CSI Driver's pods" + description: "The maximum amount of CPU resources that the Dynatrace CSI Driver's pods can use. Default: 300m" + default: "300m" + type: string + group: "CSI Driver Deployment Configuration" + + - variable: csidriver.limits.memory + label: "Memory resource limits settings for Dynatrace CSI Driver's pods" + description: "The maximum amount of memory that the Dynatrace CSI Driver's pods can use. Pod restarted if exceeded. Default: 100Mi" + default: "100Mi" + type: string + group: "CSI Driver Deployment Configuration" diff --git a/charts/dynatrace/dynatrace-operator/0.8.2/templates/Common/activegate/clusterrole-activegate.yaml b/charts/dynatrace/dynatrace-operator/0.8.2/templates/Common/activegate/clusterrole-activegate.yaml new file mode 100644 index 000000000..ed8feb1b4 --- /dev/null +++ b/charts/dynatrace/dynatrace-operator/0.8.2/templates/Common/activegate/clusterrole-activegate.yaml @@ -0,0 +1,35 @@ +{{- include "dynatrace-operator.platformRequired" . }} +{{- if eq (default false .Values.olm) true}} +{{ if eq (include "dynatrace-operator.partial" .) "false" }} + +# Copyright 2021 Dynatrace LLC + +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at + +# http://www.apache.org/licenses/LICENSE-2.0 + +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +kind: ClusterRole +apiVersion: rbac.authorization.k8s.io/v1 +metadata: + name: dynatrace-activegate + labels: + {{- include "dynatrace-operator.activegateLabels" . | nindent 4 }} +rules: + - apiGroups: + - security.openshift.io + resourceNames: + - host + - privileged + resources: + - securitycontextconstraints + verbs: + - use +{{- end -}} +{{- end -}} diff --git a/charts/dynatrace/dynatrace-operator/0.8.2/templates/Common/activegate/clusterrolebinding-activegate.yaml b/charts/dynatrace/dynatrace-operator/0.8.2/templates/Common/activegate/clusterrolebinding-activegate.yaml new file mode 100644 index 000000000..c36e10990 --- /dev/null +++ b/charts/dynatrace/dynatrace-operator/0.8.2/templates/Common/activegate/clusterrolebinding-activegate.yaml @@ -0,0 +1,32 @@ +{{- include "dynatrace-operator.platformRequired" . }} +{{- if eq (default false .Values.olm) true}} +{{ if eq (include "dynatrace-operator.partial" .) "false" }} +# Copyright 2021 Dynatrace LLC + +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at + +# http://www.apache.org/licenses/LICENSE-2.0 + +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +kind: ClusterRoleBinding +apiVersion: rbac.authorization.k8s.io/v1 +metadata: + name: dynatrace-activegate + labels: + {{- include "dynatrace-operator.activegateLabels" . | nindent 4 }} +subjects: + - kind: ServiceAccount + name: dynatrace-activegate + namespace: {{ .Release.Namespace }} +roleRef: + kind: ClusterRole + name: dynatrace-activegate + apiGroup: rbac.authorization.k8s.io +{{- end -}} +{{- end -}} diff --git a/charts/dynatrace/dynatrace-operator/0.8.2/templates/Common/activegate/serviceaccount-activegate.yaml b/charts/dynatrace/dynatrace-operator/0.8.2/templates/Common/activegate/serviceaccount-activegate.yaml new file mode 100644 index 000000000..45adc0fc2 --- /dev/null +++ b/charts/dynatrace/dynatrace-operator/0.8.2/templates/Common/activegate/serviceaccount-activegate.yaml @@ -0,0 +1,23 @@ +{{- include "dynatrace-operator.platformRequired" . }} +{{ if eq (include "dynatrace-operator.partial" .) "false" }} +# Copyright 2021 Dynatrace LLC + +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at + +# http://www.apache.org/licenses/LICENSE-2.0 + +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +apiVersion: v1 +kind: ServiceAccount +metadata: + name: dynatrace-activegate + namespace: {{ .Release.Namespace }} + labels: + {{- include "dynatrace-operator.activegateLabels" . | nindent 4 }} +{{ end }} diff --git a/charts/dynatrace/dynatrace-operator/0.8.2/templates/Common/crd/dynatrace-operator-crd.yaml b/charts/dynatrace/dynatrace-operator/0.8.2/templates/Common/crd/dynatrace-operator-crd.yaml new file mode 100644 index 000000000..fd90930da --- /dev/null +++ b/charts/dynatrace/dynatrace-operator/0.8.2/templates/Common/crd/dynatrace-operator-crd.yaml @@ -0,0 +1,4 @@ +{{- include "dynatrace-operator.platformRequired" . }} +{{ if and .Values.installCRD (eq (include "dynatrace-operator.partial" .) "false") }} +{{ .Files.Get "generated/dynatrace-operator-crd.yaml" }} +{{- end -}} diff --git a/charts/dynatrace/dynatrace-operator/0.8.2/templates/Common/csi/clusterrole-csi.yaml b/charts/dynatrace/dynatrace-operator/0.8.2/templates/Common/csi/clusterrole-csi.yaml new file mode 100644 index 000000000..47013af33 --- /dev/null +++ b/charts/dynatrace/dynatrace-operator/0.8.2/templates/Common/csi/clusterrole-csi.yaml @@ -0,0 +1,65 @@ +{{- include "dynatrace-operator.platformRequired" . }} +{{ if eq (include "dynatrace-operator.needCSI" .) "true" }} +# Copyright 2021 Dynatrace LLC + +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at + +# http://www.apache.org/licenses/LICENSE-2.0 + +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +kind: ClusterRole +apiVersion: rbac.authorization.k8s.io/v1 +metadata: + name: dynatrace-oneagent-csi-driver + labels: + {{- include "dynatrace-operator.csiLabels" . | nindent 4 }} +rules: + - apiGroups: + - "" + resources: + - namespaces + verbs: + - get + - list + - watch + - apiGroups: + - "" + resources: + - events + verbs: + - list + - watch + - create + - update + - patch + - apiGroups: + - storage.k8s.io + resources: + - csinodes + verbs: + - get + - list + - watch + - apiGroups: + - "" + resources: + - nodes + verbs: + - get + - list + - watch + - apiGroups: + - "" + resources: + - pods + verbs: + - get + - list + - watch +{{- end -}} diff --git a/charts/dynatrace/dynatrace-operator/0.8.2/templates/Common/csi/clusterrolebinding-csi.yaml b/charts/dynatrace/dynatrace-operator/0.8.2/templates/Common/csi/clusterrolebinding-csi.yaml new file mode 100644 index 000000000..caa125baa --- /dev/null +++ b/charts/dynatrace/dynatrace-operator/0.8.2/templates/Common/csi/clusterrolebinding-csi.yaml @@ -0,0 +1,30 @@ +{{- include "dynatrace-operator.platformRequired" . }} +{{ if eq (include "dynatrace-operator.needCSI" .) "true" }} +# Copyright 2021 Dynatrace LLC + +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at + +# http://www.apache.org/licenses/LICENSE-2.0 + +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +kind: ClusterRoleBinding +apiVersion: rbac.authorization.k8s.io/v1 +metadata: + name: dynatrace-oneagent-csi-driver + labels: + {{- include "dynatrace-operator.csiLabels" . | nindent 4 }} +subjects: + - kind: ServiceAccount + name: dynatrace-oneagent-csi-driver + namespace: {{ .Release.Namespace }} +roleRef: + kind: ClusterRole + name: dynatrace-oneagent-csi-driver + apiGroup: rbac.authorization.k8s.io +{{- end -}} diff --git a/charts/dynatrace/dynatrace-operator/0.8.2/templates/Common/csi/csidriver.yaml b/charts/dynatrace/dynatrace-operator/0.8.2/templates/Common/csi/csidriver.yaml new file mode 100644 index 000000000..e92606d32 --- /dev/null +++ b/charts/dynatrace/dynatrace-operator/0.8.2/templates/Common/csi/csidriver.yaml @@ -0,0 +1,27 @@ +{{- include "dynatrace-operator.platformRequired" . }} +{{ if eq (include "dynatrace-operator.needCSI" .) "true" }} +# Copyright 2021 Dynatrace LLC + +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at + +# http://www.apache.org/licenses/LICENSE-2.0 + +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +apiVersion: storage.k8s.io/v1 +kind: CSIDriver +metadata: + name: csi.oneagent.dynatrace.com + labels: + {{- include "dynatrace-operator.csiLabels" . | nindent 4 }} +spec: + attachRequired: false + podInfoOnMount: true + volumeLifecycleModes: + - Ephemeral +{{- end -}} diff --git a/charts/dynatrace/dynatrace-operator/0.8.2/templates/Common/csi/daemonset.yaml b/charts/dynatrace/dynatrace-operator/0.8.2/templates/Common/csi/daemonset.yaml new file mode 100644 index 000000000..8792d8d1c --- /dev/null +++ b/charts/dynatrace/dynatrace-operator/0.8.2/templates/Common/csi/daemonset.yaml @@ -0,0 +1,243 @@ +{{- include "dynatrace-operator.platformRequired" . }} +{{ if eq (include "dynatrace-operator.needCSI" .) "true" }} +# Copyright 2021 Dynatrace LLC + +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at + +# http://www.apache.org/licenses/LICENSE-2.0 + +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +apiVersion: apps/v1 +kind: DaemonSet +metadata: + labels: + {{- include "dynatrace-operator.csiLabels" . | nindent 4 }} + {{- if .Values.csidriver.labels }} + {{- toYaml .Values.csidriver.labels | nindent 4 }} + {{- end}} + name: dynatrace-oneagent-csi-driver + namespace: {{ .Release.Namespace }} +spec: + revisionHistoryLimit: 10 + selector: + matchLabels: + {{- include "dynatrace-operator.csiSelectorLabels" . | nindent 6 }} + template: + metadata: + annotations: + kubectl.kubernetes.io/default-logs-container: driver + cluster-autoscaler.kubernetes.io/enable-ds-eviction: "false" + {{- if and (eq (default false .Values.apparmor) true) (ne .Values.platform "openshift") }} + container.apparmor.security.beta.kubernetes.io/driver: runtime/default + container.apparmor.security.beta.kubernetes.io/registrar: runtime/default + container.apparmor.security.beta.kubernetes.io/liveness-probe: runtime/default + {{- end}} + {{- if .Values.csidriver.annotations }} + {{- toYaml .Values.csidriver.annotations | nindent 8 }} + {{- end }} + labels: + {{- include "dynatrace-operator.csiLabels" . | nindent 8 }} + {{- include "dynatrace-operator.csiSelectorLabels" . | nindent 8 }} + {{- if .Values.csidriver.labels }} + {{- toYaml .Values.csidriver.labels | nindent 8 }} + {{- end }} + spec: + containers: + # Used to receive/execute gRPC requests (NodePublishVolume/NodeUnpublishVolume) from kubelet to mount/unmount volumes for a pod + # - Needs access to the csi socket, needs to read/write to it, needs root permissions to do so. + # - Needs access to the filesystem of pods on the node, and mount stuff to it,needs to read/write to it, needs root permissions to do so + # - Needs access to a dedicated folder on the node to persist data, needs to read/write to it. + - name: driver + image: {{- include "dynatrace-operator.image" . | nindent 12 }} + imagePullPolicy: Always + args: + - csi-driver + - --endpoint=unix://csi/csi.sock + - --node-id=$(KUBE_NODE_NAME) + - --health-probe-bind-address=:10080 + env: + - name: POD_NAMESPACE + valueFrom: + fieldRef: + apiVersion: v1 + fieldPath: metadata.namespace + - name: KUBE_NODE_NAME + valueFrom: + fieldRef: + apiVersion: v1 + fieldPath: spec.nodeName + livenessProbe: + failureThreshold: 3 + httpGet: + path: /livez + port: livez + scheme: HTTP + initialDelaySeconds: 5 + periodSeconds: 5 + successThreshold: 1 + timeoutSeconds: 1 + ports: + - containerPort: 10080 + name: livez + protocol: TCP + resources: + limits: + cpu: {{ default "300m" ((.Values.csidriver).limits).cpu }} + memory: {{ default "100Mi" ((.Values.csidriver).limits).memory }} + requests: + cpu: {{ default "300m" ((.Values.csidriver).requests).cpu }} + memory: {{ default "100Mi" ((.Values.csidriver).requests).memory }} + securityContext: + runAsUser: 0 + privileged: true # Needed for mountPropagation + allowPrivilegeEscalation: true # Needed for privileged + readOnlyRootFilesystem: true + runAsNonRoot: false + seccompProfile: + type: RuntimeDefault + seLinuxOptions: + level: s0 + terminationMessagePath: /dev/termination-log + terminationMessagePolicy: File + volumeMounts: + - mountPath: /csi + name: plugin-dir + - mountPath: /var/lib/kubelet/pods + mountPropagation: Bidirectional + name: mountpoint-dir + - mountPath: /data + mountPropagation: Bidirectional + name: dynatrace-oneagent-data-dir + - mountPath: /tmp + name: tmp-dir + # Used to make a gRPC request (GetPluginInfo()) to the driver to get driver name and driver contain + # - Needs access to the csi socket, needs to read/write to it, needs root permissions to do so. + # Used for registering the driver with kubelet + # - Needs access to the registration socket, needs to read/write to it, needs root permissions to do so. + - name: registrar + image: {{- include "dynatrace-operator.image" . | nindent 12 }} + imagePullPolicy: Always + args: + - --csi-address=/csi/csi.sock + - --kubelet-registration-path=/var/lib/kubelet/plugins/csi.oneagent.dynatrace.com/csi.sock + command: + - csi-node-driver-registrar + livenessProbe: + exec: + command: + - csi-node-driver-registrar + - --kubelet-registration-path=/var/lib/kubelet/plugins/csi.oneagent.dynatrace.com/csi.sock + - --mode=kubelet-registration-probe + failureThreshold: 3 + initialDelaySeconds: 30 + periodSeconds: 10 + successThreshold: 1 + timeoutSeconds: 15 + resources: + limits: + cpu: 100m + memory: 100Mi + requests: + cpu: 10m + memory: 20Mi + securityContext: + runAsUser: 0 + privileged: false + readOnlyRootFilesystem: true + runAsNonRoot: false + seccompProfile: + type: RuntimeDefault + terminationMessagePath: /dev/termination-log + terminationMessagePolicy: File + volumeMounts: + - mountPath: /csi + name: plugin-dir + - mountPath: /registration + name: registration-dir + - mountPath: /var/lib/kubelet/plugins/csi.oneagent.dynatrace.com + name: lockfile-dir + # Used to make a gRPC request (Probe()) to the driver to check if its running + # - Needs access to the csi socket, needs to read/write to it, needs root permissions to do so. + - name: liveness-probe + image: {{- include "dynatrace-operator.image" . | nindent 12 }} + imagePullPolicy: Always + args: + - --csi-address=/csi/csi.sock + - --health-port=9898 + command: + - livenessprobe + resources: + limits: + cpu: 100m + memory: 100Mi + requests: + cpu: 10m + memory: 20Mi + terminationMessagePath: /dev/termination-log + terminationMessagePolicy: File + securityContext: + runAsUser: 0 + privileged: false + allowPrivilegeEscalation: false + readOnlyRootFilesystem: true + runAsNonRoot: false + seccompProfile: + type: RuntimeDefault + volumeMounts: + - mountPath: /csi + name: plugin-dir + dnsPolicy: ClusterFirst + restartPolicy: Always + schedulerName: default-scheduler + securityContext: {} + serviceAccountName: dynatrace-oneagent-csi-driver + terminationGracePeriodSeconds: 30 + priorityClassName: dynatrace-high-priority + volumes: + # This volume is where the registrar registers the plugin with kubelet + - hostPath: + path: /var/lib/kubelet/plugins_registry/ + type: Directory + name: registration-dir + # This volume is where the socket for kubelet->driver communication is done + - name: plugin-dir + hostPath: + path: /var/lib/kubelet/plugins/csi.oneagent.dynatrace.com + type: DirectoryOrCreate + # This volume is where the driver mounts volumes + - hostPath: + path: /var/lib/kubelet/pods + type: DirectoryOrCreate + name: mountpoint-dir + # This volume is where the driver persists data on the node + - hostPath: + path: /var/lib/kubelet/plugins/csi.oneagent.dynatrace.com/data + type: DirectoryOrCreate + name: dynatrace-oneagent-data-dir + # Used by the registrar to create its lockfile + - name: lockfile-dir + emptyDir: {} + # A volume for the driver to write temporary files to + - name: tmp-dir + emptyDir: {} + {{- if .Values.customPullSecret }} + imagePullSecrets: + - name: {{ .Values.customPullSecret }} + {{- end }} + {{- if .Values.csidriver.nodeSelector }} + nodeSelector: {{- toYaml .Values.csidriver.nodeSelector | nindent 8 }} + {{- end }} + {{- if .Values.csidriver.tolerations }} + tolerations: {{- toYaml .Values.csidriver.tolerations | nindent 8 }} + {{- end }} + updateStrategy: + rollingUpdate: + maxUnavailable: 1 + type: RollingUpdate +{{- end -}} diff --git a/charts/dynatrace/dynatrace-operator/0.8.2/templates/Common/csi/priority-class.yaml b/charts/dynatrace/dynatrace-operator/0.8.2/templates/Common/csi/priority-class.yaml new file mode 100644 index 000000000..e751149f6 --- /dev/null +++ b/charts/dynatrace/dynatrace-operator/0.8.2/templates/Common/csi/priority-class.yaml @@ -0,0 +1,24 @@ +{{- include "dynatrace-operator.platformRequired" . }} +{{ if eq (include "dynatrace-operator.needCSI" .) "true" }} + +# Copyright 2021 Dynatrace LLC + +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at + +# http://www.apache.org/licenses/LICENSE-2.0 + +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +kind: PriorityClass +apiVersion: scheduling.k8s.io/v1 +metadata: + name: dynatrace-high-priority +value: {{ default 1000000 (int (.Values.csidriver).priorityClassValue) }} +globalDefault: false +description: "This priority class is used for Dynatrace Components in order to make sure they are not evicted in favor of other pods" +{{- end -}} diff --git a/charts/dynatrace/dynatrace-operator/0.8.2/templates/Common/csi/role-csi.yaml b/charts/dynatrace/dynatrace-operator/0.8.2/templates/Common/csi/role-csi.yaml new file mode 100644 index 000000000..d0f401f1b --- /dev/null +++ b/charts/dynatrace/dynatrace-operator/0.8.2/templates/Common/csi/role-csi.yaml @@ -0,0 +1,70 @@ +{{- include "dynatrace-operator.platformRequired" . }} +{{ if eq (include "dynatrace-operator.needCSI" .) "true" }} +# Copyright 2021 Dynatrace LLC + +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at + +# http://www.apache.org/licenses/LICENSE-2.0 + +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +kind: Role +apiVersion: rbac.authorization.k8s.io/v1 +metadata: + name: dynatrace-oneagent-csi-driver + namespace: {{ .Release.Namespace }} + labels: + {{- include "dynatrace-operator.csiLabels" . | nindent 4 }} +rules: + - apiGroups: + - "" + resources: + - endpoints + verbs: + - get + - watch + - list + - delete + - update + - create + - apiGroups: + - coordination.k8s.io + resources: + - leases + verbs: + - get + - watch + - list + - delete + - update + - create + - apiGroups: + - dynatrace.com + resources: + - dynakubes + verbs: + - get + - list + - watch + - apiGroups: + - "" + resources: + - secrets + verbs: + - get + - list + - watch + - apiGroups: + - "" + resources: + - configmaps + verbs: + - get + - list + - watch +{{- end -}} diff --git a/charts/dynatrace/dynatrace-operator/0.8.2/templates/Common/csi/rolebinding-csi.yaml b/charts/dynatrace/dynatrace-operator/0.8.2/templates/Common/csi/rolebinding-csi.yaml new file mode 100644 index 000000000..a2b50b95e --- /dev/null +++ b/charts/dynatrace/dynatrace-operator/0.8.2/templates/Common/csi/rolebinding-csi.yaml @@ -0,0 +1,31 @@ +{{- include "dynatrace-operator.platformRequired" . }} +{{ if eq (include "dynatrace-operator.needCSI" .) "true" }} +# Copyright 2021 Dynatrace LLC + +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at + +# http://www.apache.org/licenses/LICENSE-2.0 + +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +kind: RoleBinding +apiVersion: rbac.authorization.k8s.io/v1 +metadata: + name: dynatrace-oneagent-csi-driver + namespace: {{ .Release.Namespace }} + labels: + {{- include "dynatrace-operator.csiLabels" . | nindent 4 }} +subjects: + - kind: ServiceAccount + name: dynatrace-oneagent-csi-driver + namespace: {{ .Release.Namespace }} +roleRef: + kind: Role + name: dynatrace-oneagent-csi-driver + apiGroup: rbac.authorization.k8s.io +{{- end -}} diff --git a/charts/dynatrace/dynatrace-operator/0.8.2/templates/Common/csi/serviceaccount-csi.yaml b/charts/dynatrace/dynatrace-operator/0.8.2/templates/Common/csi/serviceaccount-csi.yaml new file mode 100644 index 000000000..226b6821e --- /dev/null +++ b/charts/dynatrace/dynatrace-operator/0.8.2/templates/Common/csi/serviceaccount-csi.yaml @@ -0,0 +1,23 @@ +{{- include "dynatrace-operator.platformRequired" . }} +{{ if eq (include "dynatrace-operator.needCSI" .) "true" }} +# Copyright 2021 Dynatrace LLC + +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at + +# http://www.apache.org/licenses/LICENSE-2.0 + +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +apiVersion: v1 +kind: ServiceAccount +metadata: + name: dynatrace-oneagent-csi-driver + namespace: {{ .Release.Namespace }} + labels: + {{- include "dynatrace-operator.csiLabels" . | nindent 4 }} +{{- end -}} diff --git a/charts/dynatrace/dynatrace-operator/0.8.2/templates/Common/kubernetes-monitoring/clusterrole-kubernetes-monitoring.yaml b/charts/dynatrace/dynatrace-operator/0.8.2/templates/Common/kubernetes-monitoring/clusterrole-kubernetes-monitoring.yaml new file mode 100644 index 000000000..cce3af50c --- /dev/null +++ b/charts/dynatrace/dynatrace-operator/0.8.2/templates/Common/kubernetes-monitoring/clusterrole-kubernetes-monitoring.yaml @@ -0,0 +1,96 @@ +{{- include "dynatrace-operator.platformRequired" . }} +{{ if eq (include "dynatrace-operator.partial" .) "false" }} +# Copyright 2021 Dynatrace LLC + +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at + +# http://www.apache.org/licenses/LICENSE-2.0 + +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRole +metadata: + name: dynatrace-kubernetes-monitoring + labels: + {{- include "dynatrace-operator.activegateLabels" . | nindent 4 }} +rules: + - apiGroups: + - "" + resources: + - nodes + - pods + - namespaces + - replicationcontrollers + - events + - resourcequotas + - pods/proxy + - nodes/proxy + - services + {{- if default false (.Values.additionalPermissions).pvcMonitoring}} + - nodes/metrics + {{- end }} + verbs: + - list + - watch + - get + - apiGroups: + - batch + resources: + - jobs + - cronjobs + verbs: + - list + - watch + - get + - apiGroups: + - apps + resources: + - deployments + - replicasets + - statefulsets + - daemonsets + verbs: + - list + - watch + - get + - apiGroups: + - apps.openshift.io + resources: + - deploymentconfigs + verbs: + - list + - watch + - get + - apiGroups: + - config.openshift.io + resources: + - clusterversions + verbs: + - list + - watch + - get + - nonResourceURLs: + - /metrics + - /version + - /readyz + - /livez + verbs: + - get + {{- if eq (default false .Values.olm) true}} + - apiGroups: + - security.openshift.io + resourceNames: + - host + - privileged + resources: + - securitycontextconstraints + verbs: + - use + {{ end }} +{{ end }} diff --git a/charts/dynatrace/dynatrace-operator/0.8.2/templates/Common/kubernetes-monitoring/clusterrolebinding-kubernetes-monitoring.yaml b/charts/dynatrace/dynatrace-operator/0.8.2/templates/Common/kubernetes-monitoring/clusterrolebinding-kubernetes-monitoring.yaml new file mode 100644 index 000000000..07f9201a6 --- /dev/null +++ b/charts/dynatrace/dynatrace-operator/0.8.2/templates/Common/kubernetes-monitoring/clusterrolebinding-kubernetes-monitoring.yaml @@ -0,0 +1,30 @@ +{{- include "dynatrace-operator.platformRequired" . }} +{{ if eq (include "dynatrace-operator.partial" .) "false" }} +# Copyright 2021 Dynatrace LLC + +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at + +# http://www.apache.org/licenses/LICENSE-2.0 + +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRoleBinding +metadata: + name: dynatrace-kubernetes-monitoring + labels: + {{- include "dynatrace-operator.activegateLabels" . | nindent 4 }} +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: ClusterRole + name: dynatrace-kubernetes-monitoring +subjects: + - kind: ServiceAccount + name: dynatrace-kubernetes-monitoring + namespace: {{ .Release.Namespace }} +{{ end }} diff --git a/charts/dynatrace/dynatrace-operator/0.8.2/templates/Common/kubernetes-monitoring/serviceaccount-kubernetes-monitoring.yaml b/charts/dynatrace/dynatrace-operator/0.8.2/templates/Common/kubernetes-monitoring/serviceaccount-kubernetes-monitoring.yaml new file mode 100644 index 000000000..18b2492d7 --- /dev/null +++ b/charts/dynatrace/dynatrace-operator/0.8.2/templates/Common/kubernetes-monitoring/serviceaccount-kubernetes-monitoring.yaml @@ -0,0 +1,23 @@ +{{- include "dynatrace-operator.platformRequired" . }} +{{ if eq (include "dynatrace-operator.partial" .) "false" }} +# Copyright 2021 Dynatrace LLC + +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at + +# http://www.apache.org/licenses/LICENSE-2.0 + +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +apiVersion: v1 +kind: ServiceAccount +metadata: + name: dynatrace-kubernetes-monitoring + namespace: {{ .Release.Namespace }} + labels: + {{- include "dynatrace-operator.activegateLabels" . | nindent 4 }} +{{ end }} diff --git a/charts/dynatrace/dynatrace-operator/0.8.2/templates/Common/oneagent/clusterrole-oneagent-privileged.yaml b/charts/dynatrace/dynatrace-operator/0.8.2/templates/Common/oneagent/clusterrole-oneagent-privileged.yaml new file mode 100644 index 000000000..51d145b97 --- /dev/null +++ b/charts/dynatrace/dynatrace-operator/0.8.2/templates/Common/oneagent/clusterrole-oneagent-privileged.yaml @@ -0,0 +1,32 @@ +{{- include "dynatrace-operator.platformRequired" . }} +{{- if (eq (include "dynatrace-operator.openshiftOrOlm" .) "true") }} +# Copyright 2021 Dynatrace LLC + +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at + +# http://www.apache.org/licenses/LICENSE-2.0 + +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRole +metadata: + name: dynatrace-dynakube-oneagent-privileged + labels: + {{- include "dynatrace-operator.oneagentLabels" . | nindent 4 }} +rules: + - apiGroups: + - security.openshift.io + resourceNames: + - host + - privileged + resources: + - securitycontextconstraints + verbs: + - use +{{ end }} diff --git a/charts/dynatrace/dynatrace-operator/0.8.2/templates/Common/oneagent/clusterrole-oneagent-unprivileged.yaml b/charts/dynatrace/dynatrace-operator/0.8.2/templates/Common/oneagent/clusterrole-oneagent-unprivileged.yaml new file mode 100644 index 000000000..13c00aa8e --- /dev/null +++ b/charts/dynatrace/dynatrace-operator/0.8.2/templates/Common/oneagent/clusterrole-oneagent-unprivileged.yaml @@ -0,0 +1,32 @@ +{{- include "dynatrace-operator.platformRequired" . }} +{{- if (eq (include "dynatrace-operator.openshiftOrOlm" .) "true") }} +# Copyright 2021 Dynatrace LLC + +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at + +# http://www.apache.org/licenses/LICENSE-2.0 + +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRole +metadata: + name: dynatrace-dynakube-oneagent-unprivileged + labels: + {{- include "dynatrace-operator.oneagentLabels" . | nindent 4 }} +rules: + - apiGroups: + - security.openshift.io + resourceNames: + - host + - privileged + resources: + - securitycontextconstraints + verbs: + - use +{{ end }} diff --git a/charts/dynatrace/dynatrace-operator/0.8.2/templates/Common/oneagent/clusterrolebinding-oneagent-privileged.yaml b/charts/dynatrace/dynatrace-operator/0.8.2/templates/Common/oneagent/clusterrolebinding-oneagent-privileged.yaml new file mode 100644 index 000000000..a79a47c24 --- /dev/null +++ b/charts/dynatrace/dynatrace-operator/0.8.2/templates/Common/oneagent/clusterrolebinding-oneagent-privileged.yaml @@ -0,0 +1,30 @@ +{{- include "dynatrace-operator.platformRequired" . }} +{{- if (eq (include "dynatrace-operator.openshiftOrOlm" .) "true") }} +# Copyright 2021 Dynatrace LLC + +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at + +# http://www.apache.org/licenses/LICENSE-2.0 + +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRoleBinding +metadata: + name: dynatrace-dynakube-oneagent-privileged + labels: + {{- include "dynatrace-operator.oneagentLabels" . | nindent 4 }} +subjects: + - kind: ServiceAccount + name: "dynatrace-dynakube-oneagent-privileged" + namespace: {{ .Release.Namespace }} +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: ClusterRole + name: "dynatrace-dynakube-oneagent-privileged" +{{ end }} diff --git a/charts/dynatrace/dynatrace-operator/0.8.2/templates/Common/oneagent/clusterrolebinding-oneagent-unprivileged.yaml b/charts/dynatrace/dynatrace-operator/0.8.2/templates/Common/oneagent/clusterrolebinding-oneagent-unprivileged.yaml new file mode 100644 index 000000000..2581546d4 --- /dev/null +++ b/charts/dynatrace/dynatrace-operator/0.8.2/templates/Common/oneagent/clusterrolebinding-oneagent-unprivileged.yaml @@ -0,0 +1,30 @@ +{{- include "dynatrace-operator.platformRequired" . }} +{{- if (eq (include "dynatrace-operator.openshiftOrOlm" .) "true") }} +# Copyright 2021 Dynatrace LLC + +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at + +# http://www.apache.org/licenses/LICENSE-2.0 + +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRoleBinding +metadata: + name: dynatrace-dynakube-oneagent-unprivileged + labels: + {{- include "dynatrace-operator.oneagentLabels" . | nindent 4 }} +subjects: + - kind: ServiceAccount + name: dynatrace-dynakube-oneagent-unprivileged + namespace: {{ .Release.Namespace }} +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: ClusterRole + name: dynatrace-dynakube-oneagent-unprivileged +{{ end }} diff --git a/charts/dynatrace/dynatrace-operator/0.8.2/templates/Common/oneagent/serviceaccount-oneagent-privileged.yaml b/charts/dynatrace/dynatrace-operator/0.8.2/templates/Common/oneagent/serviceaccount-oneagent-privileged.yaml new file mode 100644 index 000000000..94d60bd0a --- /dev/null +++ b/charts/dynatrace/dynatrace-operator/0.8.2/templates/Common/oneagent/serviceaccount-oneagent-privileged.yaml @@ -0,0 +1,29 @@ +{{- include "dynatrace-operator.platformRequired" . }} +{{ if eq (include "dynatrace-operator.partial" .) "false" }} +# Copyright 2021 Dynatrace LLC + +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at + +# http://www.apache.org/licenses/LICENSE-2.0 + +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +apiVersion: v1 +kind: ServiceAccount +metadata: + name: dynatrace-dynakube-oneagent-privileged + namespace: {{ .Release.Namespace }} + labels: + {{- include "dynatrace-operator.oneagentLabels" . | nindent 4 }} +automountServiceAccountToken: false +{{- if eq .Values.platform "openshift"}} +imagePullSecrets: +- name: redhat-connect +- name: redhat-connect-sso +{{- end }} +{{ end }} diff --git a/charts/dynatrace/dynatrace-operator/0.8.2/templates/Common/oneagent/serviceaccount-oneagent-unprivileged.yaml b/charts/dynatrace/dynatrace-operator/0.8.2/templates/Common/oneagent/serviceaccount-oneagent-unprivileged.yaml new file mode 100644 index 000000000..71f419de8 --- /dev/null +++ b/charts/dynatrace/dynatrace-operator/0.8.2/templates/Common/oneagent/serviceaccount-oneagent-unprivileged.yaml @@ -0,0 +1,29 @@ +{{- include "dynatrace-operator.platformRequired" . }} +{{ if eq (include "dynatrace-operator.partial" .) "false" }} +# Copyright 2021 Dynatrace LLC + +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at + +# http://www.apache.org/licenses/LICENSE-2.0 + +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +apiVersion: v1 +kind: ServiceAccount +metadata: + name: dynatrace-dynakube-oneagent-unprivileged + namespace: {{ .Release.Namespace }} + labels: + {{- include "dynatrace-operator.oneagentLabels" . | nindent 4 }} +automountServiceAccountToken: false +{{- if eq .Values.platform "openshift"}} +imagePullSecrets: +- name: redhat-connect +- name: redhat-connect-sso +{{- end }} +{{ end }} diff --git a/charts/dynatrace/dynatrace-operator/0.8.2/templates/Common/operator/clusterrole-operator.yaml b/charts/dynatrace/dynatrace-operator/0.8.2/templates/Common/operator/clusterrole-operator.yaml new file mode 100644 index 000000000..feb3b13bd --- /dev/null +++ b/charts/dynatrace/dynatrace-operator/0.8.2/templates/Common/operator/clusterrole-operator.yaml @@ -0,0 +1,103 @@ +{{- include "dynatrace-operator.platformRequired" . }} +{{ if eq (include "dynatrace-operator.partial" .) "false" }} +# Copyright 2021 Dynatrace LLC + +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at + +# http://www.apache.org/licenses/LICENSE-2.0 + +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRole +metadata: + name: {{ .Release.Name }} + labels: + {{- include "dynatrace-operator.operatorLabels" . | nindent 4 }} +rules: + - apiGroups: + - "" + resources: + - nodes + verbs: + - get + - list + - watch + - apiGroups: + - "" + resources: + - namespaces + verbs: + - get + - list + - watch + - update + - apiGroups: + - "" + resources: + - secrets + verbs: + - create + - apiGroups: + - "" + resources: + - secrets + resourceNames: + - dynatrace-dynakube-config + - dynatrace-data-ingest-endpoint + - dynatrace-activegate-internal-proxy + verbs: + - get + - update + - delete + - apiGroups: + - "" + resources: + - events + verbs: + - create + - patch + - apiGroups: + - admissionregistration.k8s.io + resources: + - mutatingwebhookconfigurations + resourceNames: + - dynatrace-webhook + verbs: + - get + - update + - apiGroups: + - admissionregistration.k8s.io + resources: + - validatingwebhookconfigurations + resourceNames: + - dynatrace-webhook + verbs: + - get + - update + - apiGroups: + - apiextensions.k8s.io + resources: + - customresourcedefinitions + resourceNames: + - dynakubes.dynatrace.com + verbs: + - get + - update + {{- if eq (default false .Values.olm) true}} + - apiGroups: + - security.openshift.io + resourceNames: + - host + - privileged + resources: + - securitycontextconstraints + verbs: + - use + {{ end }} +{{ end }} diff --git a/charts/dynatrace/dynatrace-operator/0.8.2/templates/Common/operator/clusterrolebinding-operator.yaml b/charts/dynatrace/dynatrace-operator/0.8.2/templates/Common/operator/clusterrolebinding-operator.yaml new file mode 100644 index 000000000..5ab0c0e88 --- /dev/null +++ b/charts/dynatrace/dynatrace-operator/0.8.2/templates/Common/operator/clusterrolebinding-operator.yaml @@ -0,0 +1,30 @@ +{{- include "dynatrace-operator.platformRequired" . }} +{{ if eq (include "dynatrace-operator.partial" .) "false" }} +# Copyright 2021 Dynatrace LLC + +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at + +# http://www.apache.org/licenses/LICENSE-2.0 + +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRoleBinding +metadata: + name: {{ .Release.Name }} + labels: + {{- include "dynatrace-operator.operatorLabels" . | nindent 4 }} +subjects: + - kind: ServiceAccount + name: {{ .Release.Name }} + namespace: {{ .Release.Namespace }} +roleRef: + kind: ClusterRole + name: {{ .Release.Name }} + apiGroup: rbac.authorization.k8s.io +{{ end }} diff --git a/charts/dynatrace/dynatrace-operator/0.8.2/templates/Common/operator/deployment-operator.yaml b/charts/dynatrace/dynatrace-operator/0.8.2/templates/Common/operator/deployment-operator.yaml new file mode 100644 index 000000000..9866b756c --- /dev/null +++ b/charts/dynatrace/dynatrace-operator/0.8.2/templates/Common/operator/deployment-operator.yaml @@ -0,0 +1,139 @@ +{{- include "dynatrace-operator.platformRequired" . }} +{{ if eq (include "dynatrace-operator.partial" .) "false" }} +# Copyright 2021 Dynatrace LLC + +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at + +# http://www.apache.org/licenses/LICENSE-2.0 + +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +apiVersion: apps/v1 +kind: Deployment +metadata: + name: {{ .Release.Name }} + namespace: {{ .Release.Namespace }} + labels: + {{- include "dynatrace-operator.operatorLabels" . | nindent 4 }} + {{- if .Values.operator.labels }} + {{- toYaml .Values.operator.labels | nindent 4 }} + {{- end }} +spec: + replicas: 1 + revisionHistoryLimit: 1 + selector: + matchLabels: + {{- include "dynatrace-operator.operatorSelectorLabels" . | nindent 6 }} + strategy: + type: RollingUpdate + template: + metadata: + {{- if or (.Values.operator).apparmor .Values.operator.annotations}} + annotations: + {{- if (.Values.operator).apparmor}} + container.apparmor.security.beta.kubernetes.io/{{ .Release.Name }}: runtime/default + {{- end }} + {{- if .Values.operator.annotations }} + {{- toYaml .Values.operator.annotations | nindent 8 }} + {{- end }} + {{- end }} + labels: + {{- include "dynatrace-operator.operatorLabels" . | nindent 8 }} + {{- include "dynatrace-operator.operatorSelectorLabels" . | nindent 8 }} + {{- if .Values.operator.labels }} + {{- toYaml .Values.operator.labels | nindent 8 }} + {{- end }} + spec: + containers: + - name: {{ .Release.Name }} + args: + - operator + # Replace this with the built image name + image: {{- include "dynatrace-operator.image" . | nindent 12 }} + imagePullPolicy: Always + env: + - name: POD_NAMESPACE + valueFrom: + fieldRef: + fieldPath: metadata.namespace + - name: POD_NAME + valueFrom: + fieldRef: + fieldPath: metadata.name + ports: + - containerPort: 10080 + name: server-port + resources: + requests: + cpu: {{ default "50m" ((.Values.operator).requests).cpu }} + memory: {{ default "64Mi" ((.Values.operator).requests).memory }} + ephemeral-storage: "10Mi" + limits: + cpu: {{ default "100m" ((.Values.operator).limits).cpu }} + memory: {{ default "128Mi" ((.Values.operator).limits).memory }} + ephemeral-storage: "10Mi" + volumeMounts: + - name: tmp-cert-dir + mountPath: /tmp/dynatrace-operator + readinessProbe: + httpGet: + path: /livez + port: server-port + scheme: HTTP + initialDelaySeconds: 15 + periodSeconds: 10 + livenessProbe: + httpGet: + path: /livez + port: server-port + scheme: HTTP + initialDelaySeconds: 15 + periodSeconds: 10 + securityContext: + seccompProfile: + type: RuntimeDefault + privileged: false + allowPrivilegeEscalation: false + readOnlyRootFilesystem: true + runAsNonRoot: true + runAsUser: 1001 + runAsGroup: 1001 + capabilities: + drop: + - ALL + affinity: + nodeAffinity: + requiredDuringSchedulingIgnoredDuringExecution: + nodeSelectorTerms: + - matchExpressions: + {{- if ne .Values.platform "gke-autopilot"}} + - key: kubernetes.io/arch + operator: In + values: + - amd64 + - arm64 + {{- end }} + - key: kubernetes.io/os + operator: In + values: + - linux + volumes: + - emptyDir: { } + name: tmp-cert-dir + serviceAccountName: {{ .Release.Name }} + {{- if .Values.customPullSecret }} + imagePullSecrets: + - name: {{ .Values.customPullSecret }} + {{- end }} + {{- if .Values.operator.nodeSelector }} + nodeSelector: {{- toYaml .Values.operator.nodeSelector | nindent 8 }} + {{- end }} + {{- if .Values.operator.tolerations }} + tolerations: {{- toYaml .Values.operator.tolerations | nindent 8 }} + {{- end -}} +{{ end }} diff --git a/charts/dynatrace/dynatrace-operator/0.8.2/templates/Common/operator/role-operator.yaml b/charts/dynatrace/dynatrace-operator/0.8.2/templates/Common/operator/role-operator.yaml new file mode 100644 index 000000000..6991a9552 --- /dev/null +++ b/charts/dynatrace/dynatrace-operator/0.8.2/templates/Common/operator/role-operator.yaml @@ -0,0 +1,159 @@ +{{- include "dynatrace-operator.platformRequired" . }} +{{ if eq (include "dynatrace-operator.partial" .) "false" }} +# Copyright 2021 Dynatrace LLC + +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at + +# http://www.apache.org/licenses/LICENSE-2.0 + +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +apiVersion: rbac.authorization.k8s.io/v1 +kind: Role +metadata: + name: {{ .Release.Name }} + namespace: {{ .Release.Namespace }} + labels: + {{- include "dynatrace-operator.operatorLabels" . | nindent 4 }} +rules: + - apiGroups: + - dynatrace.com + resources: + - dynakubes + verbs: + - get + - list + - watch + - update + - create + - apiGroups: + - dynatrace.com + resources: + - dynakubes/finalizers + - dynakubes/status + verbs: + - update + + - apiGroups: + - apps + resources: + - statefulsets + verbs: + - get + - list + - watch + - create + - update + - delete + - apiGroups: + - apps + resources: + - daemonsets + verbs: + - get + - list + - watch + - create + - update + - delete + - apiGroups: + - apps + resources: + - replicasets + - deployments + verbs: + - get + - list + - watch + - apiGroups: + - apps + resources: + - deployments/finalizers + verbs: + - update + + - apiGroups: + - "" # "" indicates the core API group + resources: + - configmaps + verbs: + - get + - list + - watch + - create + - update + - delete + - apiGroups: + - "" # "" indicates the core API group + resources: + - pods + verbs: + - get + - list + - watch + - delete + - create + - apiGroups: + - "" # "" indicates the core API group + resources: + - secrets + verbs: + - get + - list + - watch + - create + - update + - delete + - apiGroups: + - "" + resources: + - events + verbs: + - list + - create + - apiGroups: + - "" + resources: + - services + verbs: + - create + - update + - delete + - get + - list + - watch + + - apiGroups: + - monitoring.coreos.com + resources: + - servicemonitors + verbs: + - get + - create + + - apiGroups: + - networking.istio.io + resources: + - serviceentries + - virtualservices + verbs: + - get + - list + - create + - update + - delete + + - apiGroups: + - coordination.k8s.io + resources: + - leases + verbs: + - get + - update + - create +{{ end }} diff --git a/charts/dynatrace/dynatrace-operator/0.8.2/templates/Common/operator/rolebinding-operator.yaml b/charts/dynatrace/dynatrace-operator/0.8.2/templates/Common/operator/rolebinding-operator.yaml new file mode 100644 index 000000000..d7fd25b84 --- /dev/null +++ b/charts/dynatrace/dynatrace-operator/0.8.2/templates/Common/operator/rolebinding-operator.yaml @@ -0,0 +1,30 @@ +{{- include "dynatrace-operator.platformRequired" . }} +{{ if eq (include "dynatrace-operator.partial" .) "false" }} +# Copyright 2021 Dynatrace LLC + +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at + +# http://www.apache.org/licenses/LICENSE-2.0 + +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +apiVersion: rbac.authorization.k8s.io/v1 +kind: RoleBinding +metadata: + name: {{ .Release.Name }} + namespace: {{ .Release.Namespace }} + labels: + {{- include "dynatrace-operator.operatorLabels" . | nindent 4 }} +subjects: + - kind: ServiceAccount + name: {{ .Release.Name }} +roleRef: + kind: Role + name: {{ .Release.Name }} + apiGroup: rbac.authorization.k8s.io +{{ end }} diff --git a/charts/dynatrace/dynatrace-operator/0.8.2/templates/Common/operator/serviceaccount-operator.yaml b/charts/dynatrace/dynatrace-operator/0.8.2/templates/Common/operator/serviceaccount-operator.yaml new file mode 100644 index 000000000..4ec204757 --- /dev/null +++ b/charts/dynatrace/dynatrace-operator/0.8.2/templates/Common/operator/serviceaccount-operator.yaml @@ -0,0 +1,29 @@ +{{- include "dynatrace-operator.platformRequired" . }} +{{ if eq (include "dynatrace-operator.partial" .) "false" }} +# Copyright 2021 Dynatrace LLC + +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at + +# http://www.apache.org/licenses/LICENSE-2.0 + +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +apiVersion: v1 +kind: ServiceAccount +metadata: + name: {{ .Release.Name }} + namespace: {{ .Release.Namespace }} + labels: + {{- include "dynatrace-operator.operatorLabels" . | nindent 4 }} + +{{ if eq .Values.platform "openshift" }} +imagePullSecrets: +- name: redhat-connect +- name: redhat-connect-sso +{{ end }} +{{ end }} diff --git a/charts/dynatrace/dynatrace-operator/0.8.2/templates/Common/webhook/clusterrole-webhook.yaml b/charts/dynatrace/dynatrace-operator/0.8.2/templates/Common/webhook/clusterrole-webhook.yaml new file mode 100644 index 000000000..039b382ee --- /dev/null +++ b/charts/dynatrace/dynatrace-operator/0.8.2/templates/Common/webhook/clusterrole-webhook.yaml @@ -0,0 +1,97 @@ +{{- include "dynatrace-operator.platformRequired" . }} +{{ if eq (include "dynatrace-operator.partial" .) "false" }} +# Copyright 2021 Dynatrace LLC + +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at + +# http://www.apache.org/licenses/LICENSE-2.0 + +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRole +metadata: + name: dynatrace-webhook + labels: + {{- include "dynatrace-operator.webhookLabels" . | nindent 4 }} +rules: + - apiGroups: + - "" + resources: + - namespaces + verbs: + - get + - list + - watch + - update + - apiGroups: + - "" + resources: + - events + verbs: + - create + - patch + - apiGroups: + - "" + resources: + - secrets + verbs: + - create + - apiGroups: + - "" + resources: + - secrets + resourceNames: + - dynatrace-dynakube-config + - dynatrace-data-ingest-endpoint + verbs: + - get + - list + - watch + - update + # data-ingest workload owner lookup + - apiGroups: + - "" + resources: + - replicationcontrollers + verbs: + - get + - apiGroups: + - apps + resources: + - replicasets + - statefulsets + - daemonsets + - deployments + verbs: + - get + - apiGroups: + - batch + resources: + - jobs + - cronjobs + verbs: + - get + - apiGroups: + - apps.openshift.io + resources: + - deploymentconfigs + verbs: + - get + {{- if eq (default false .Values.olm) true}} + - apiGroups: + - security.openshift.io + resourceNames: + - host + - privileged + resources: + - securitycontextconstraints + verbs: + - use + {{ end }} +{{ end }} diff --git a/charts/dynatrace/dynatrace-operator/0.8.2/templates/Common/webhook/clusterrolebinding-webhook.yaml b/charts/dynatrace/dynatrace-operator/0.8.2/templates/Common/webhook/clusterrolebinding-webhook.yaml new file mode 100644 index 000000000..e6ab06164 --- /dev/null +++ b/charts/dynatrace/dynatrace-operator/0.8.2/templates/Common/webhook/clusterrolebinding-webhook.yaml @@ -0,0 +1,30 @@ +{{- include "dynatrace-operator.platformRequired" . }} +{{ if eq (include "dynatrace-operator.partial" .) "false" }} +# Copyright 2021 Dynatrace LLC + +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at + +# http://www.apache.org/licenses/LICENSE-2.0 + +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRoleBinding +metadata: + name: dynatrace-webhook + labels: + {{- include "dynatrace-operator.webhookLabels" . | nindent 4 }} +subjects: + - kind: ServiceAccount + name: dynatrace-webhook + namespace: {{ .Release.Namespace }} +roleRef: + kind: ClusterRole + name: dynatrace-webhook + apiGroup: rbac.authorization.k8s.io +{{ end }} diff --git a/charts/dynatrace/dynatrace-operator/0.8.2/templates/Common/webhook/deployment-webhook.yaml b/charts/dynatrace/dynatrace-operator/0.8.2/templates/Common/webhook/deployment-webhook.yaml new file mode 100644 index 000000000..b3a7a0e40 --- /dev/null +++ b/charts/dynatrace/dynatrace-operator/0.8.2/templates/Common/webhook/deployment-webhook.yaml @@ -0,0 +1,150 @@ +{{- include "dynatrace-operator.platformRequired" . }} +{{ if eq (include "dynatrace-operator.partial" .) "false" }} +# Copyright 2021 Dynatrace LLC + +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at + +# http://www.apache.org/licenses/LICENSE-2.0 + +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +apiVersion: apps/v1 +kind: Deployment +metadata: + name: dynatrace-webhook + namespace: {{ .Release.Namespace }} + labels: + {{- include "dynatrace-operator.webhookLabels" . | nindent 4 }} + {{- if .Values.webhook.labels }} + {{- toYaml .Values.webhook.labels | nindent 4 }} + {{- end }} +spec: + replicas: {{ (default false (.Values.webhook).highAvailability) | ternary 2 1 }} + revisionHistoryLimit: 1 + selector: + matchLabels: + {{- include "dynatrace-operator.webhookSelectorLabels" . | nindent 6 }} + strategy: + type: RollingUpdate + template: + metadata: + annotations: + kubectl.kubernetes.io/default-container: webhook + {{- if (.Values.webhook).apparmor}} + container.apparmor.security.beta.kubernetes.io/webhook: runtime/default + {{- end }} + {{- if .Values.webhook.annotations}} + {{- toYaml .Values.webhook.annotations | nindent 8 }} + {{- end }} + labels: + {{- include "dynatrace-operator.webhookLabels" . | nindent 8 }} + {{- include "dynatrace-operator.webhookSelectorLabels" . | nindent 8 }} + {{- if .Values.webhook.labels }} + {{- toYaml .Values.webhook.labels | nindent 8 }} + {{- end }} + spec: + {{- if (.Values.webhook).highAvailability }} + topologySpreadConstraints: + - maxSkew: 1 + topologyKey: "topology.kubernetes.io/zone" + whenUnsatisfiable: ScheduleAnyway + labelSelector: + matchLabels: + app.kubernetes.io/component: webhook + app.kubernetes.io/name: dynatrace-operator + - maxSkew: 1 + topologyKey: "kubernetes.io/hostname" + whenUnsatisfiable: DoNotSchedule + labelSelector: + matchLabels: + app.kubernetes.io/component: webhook + app.kubernetes.io/name: dynatrace-operator + {{- end }} + volumes: + - emptyDir: {} + name: certs-dir + affinity: + nodeAffinity: + requiredDuringSchedulingIgnoredDuringExecution: + nodeSelectorTerms: + - matchExpressions: + {{- if ne .Values.platform "gke-autopilot"}} + - key: kubernetes.io/arch + operator: In + values: + - amd64 + - arm64 + {{- end }} + - key: kubernetes.io/os + operator: In + values: + - linux + containers: + - name: webhook + args: + - webhook-server + # OLM mounts the certificates here, so we reuse it for simplicity + - --certs-dir=/tmp/k8s-webhook-server/serving-certs/ + image: {{- include "dynatrace-operator.image" . | nindent 12 }} + imagePullPolicy: Always + env: + - name: POD_NAMESPACE + valueFrom: + fieldRef: + fieldPath: metadata.namespace + - name: POD_NAME + valueFrom: + fieldRef: + fieldPath: metadata.name + readinessProbe: + httpGet: + path: /livez + port: server-port + scheme: HTTPS + ports: + - name: server-port + containerPort: 8443 + resources: + requests: + cpu: {{ default "300m" ((.Values.webhook).requests).cpu }} + memory: {{ default "128Mi" ((.Values.webhook).requests).memory }} + ephemeral-storage: "10Mi" + limits: + cpu: {{ default "300m" ((.Values.webhook).limits).cpu }} + memory: {{ default "128Mi" ((.Values.webhook).limits).memory }} + ephemeral-storage: "10Mi" + volumeMounts: + - name: certs-dir + mountPath: /tmp/k8s-webhook-server/serving-certs/ + securityContext: + seccompProfile: + type: RuntimeDefault + privileged: false + allowPrivilegeEscalation: false + readOnlyRootFilesystem: true + runAsNonRoot: true + runAsUser: 1001 + runAsGroup: 1001 + capabilities: + drop: + - ALL + serviceAccountName: dynatrace-webhook + {{- if (.Values.webhook).hostNetwork }} + hostNetwork: true + {{- end }} + {{- if .Values.customPullSecret }} + imagePullSecrets: + - name: {{ .Values.customPullSecret }} + {{- end }} + {{- if .Values.webhook.nodeSelector }} + nodeSelector: {{- toYaml .Values.webhook.nodeSelector | nindent 8 }} + {{- end }} + {{- if .Values.webhook.tolerations }} + tolerations: {{- toYaml .Values.webhook.tolerations | nindent 8 }} + {{- end -}} +{{ end }} diff --git a/charts/dynatrace/dynatrace-operator/0.8.2/templates/Common/webhook/mutatingwebhookconfiguration.yaml b/charts/dynatrace/dynatrace-operator/0.8.2/templates/Common/webhook/mutatingwebhookconfiguration.yaml new file mode 100644 index 000000000..6a182eb1b --- /dev/null +++ b/charts/dynatrace/dynatrace-operator/0.8.2/templates/Common/webhook/mutatingwebhookconfiguration.yaml @@ -0,0 +1,61 @@ +{{- include "dynatrace-operator.platformRequired" . }} +{{ if eq (include "dynatrace-operator.partial" .) "false" }} +# Copyright 2021 Dynatrace LLC + +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at + +# http://www.apache.org/licenses/LICENSE-2.0 + +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +apiVersion: admissionregistration.k8s.io/v1 +kind: MutatingWebhookConfiguration +metadata: + name: dynatrace-webhook + labels: + {{- include "dynatrace-operator.webhookLabels" . | nindent 4 }} +webhooks: + - name: webhook.pod.dynatrace.com + reinvocationPolicy: IfNeeded + failurePolicy: Ignore + timeoutSeconds: 2 + rules: + - apiGroups: [ "" ] + apiVersions: [ "v1" ] + operations: [ "CREATE" ] + resources: [ "pods" ] + scope: Namespaced + namespaceSelector: + matchExpressions: + - key: dynakube.internal.dynatrace.com/instance + operator: Exists + clientConfig: + service: + name: dynatrace-webhook + namespace: {{ .Release.Namespace }} + path: /inject + admissionReviewVersions: [ "v1beta1", "v1" ] + sideEffects: None + - name: webhook.ns.dynatrace.com + reinvocationPolicy: IfNeeded + failurePolicy: Ignore + timeoutSeconds: 2 + rules: + - apiGroups: [ "" ] + apiVersions: [ "v1" ] + operations: [ "CREATE", "UPDATE"] + resources: [ "namespaces" ] + scope: Cluster + clientConfig: + service: + name: dynatrace-webhook + namespace: {{ .Release.Namespace }} + path: /label-ns + admissionReviewVersions: [ "v1beta1", "v1" ] + sideEffects: None +{{ end }} diff --git a/charts/dynatrace/dynatrace-operator/0.8.2/templates/Common/webhook/poddisruptionbudget-webhook.yaml b/charts/dynatrace/dynatrace-operator/0.8.2/templates/Common/webhook/poddisruptionbudget-webhook.yaml new file mode 100644 index 000000000..9b51a0148 --- /dev/null +++ b/charts/dynatrace/dynatrace-operator/0.8.2/templates/Common/webhook/poddisruptionbudget-webhook.yaml @@ -0,0 +1,13 @@ +{{- include "dynatrace-operator.platformRequired" . }} +{{ if and (.Values.webhook).highAvailability (eq (include "dynatrace-operator.partial" .) "false") }} +apiVersion: policy/v1 +kind: PodDisruptionBudget +metadata: + name: dynatrace-webhook + namespace: {{ .Release.Namespace }} +spec: + minAvailable: 1 + selector: + matchLabels: + app.kubernetes.io/component: webhook +{{ end }} diff --git a/charts/dynatrace/dynatrace-operator/0.8.2/templates/Common/webhook/role-webhook.yaml b/charts/dynatrace/dynatrace-operator/0.8.2/templates/Common/webhook/role-webhook.yaml new file mode 100644 index 000000000..cc1072cd2 --- /dev/null +++ b/charts/dynatrace/dynatrace-operator/0.8.2/templates/Common/webhook/role-webhook.yaml @@ -0,0 +1,74 @@ +{{- include "dynatrace-operator.platformRequired" . }} +{{ if eq (include "dynatrace-operator.partial" .) "false" }} +# Copyright 2021 Dynatrace LLC + +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at + +# http://www.apache.org/licenses/LICENSE-2.0 + +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +apiVersion: rbac.authorization.k8s.io/v1 +kind: Role +metadata: + name: dynatrace-webhook + namespace: {{ .Release.Namespace }} + labels: + {{- include "dynatrace-operator.webhookLabels" . | nindent 4 }} +rules: + - apiGroups: + - "" + resources: + - services + - configmaps + - secrets + verbs: + - get + - list + - watch + - create + - update + - apiGroups: + - "" + resources: + - pods + verbs: + - get + - list + - watch + - apiGroups: + - dynatrace.com + resources: + - dynakubes + verbs: + - get + - list + - watch + - apiGroups: + - "" + resources: + - events + verbs: + - list + - create + - apiGroups: + - coordination.k8s.io + resources: + - leases + verbs: + - get + - update + - create + - apiGroups: + - apps + resources: + - daemonsets + verbs: + - list + - watch +{{ end }} diff --git a/charts/dynatrace/dynatrace-operator/0.8.2/templates/Common/webhook/rolebinding-webhook.yaml b/charts/dynatrace/dynatrace-operator/0.8.2/templates/Common/webhook/rolebinding-webhook.yaml new file mode 100644 index 000000000..c77009db2 --- /dev/null +++ b/charts/dynatrace/dynatrace-operator/0.8.2/templates/Common/webhook/rolebinding-webhook.yaml @@ -0,0 +1,31 @@ +{{- include "dynatrace-operator.platformRequired" . }} +{{ if eq (include "dynatrace-operator.partial" .) "false" }} +# Copyright 2021 Dynatrace LLC + +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at + +# http://www.apache.org/licenses/LICENSE-2.0 + +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +apiVersion: rbac.authorization.k8s.io/v1 +kind: RoleBinding +metadata: + name: dynatrace-webhook + namespace: {{ .Release.Namespace }} + labels: + {{- include "dynatrace-operator.webhookLabels" . | nindent 4 }} +subjects: + - kind: ServiceAccount + name: dynatrace-webhook + namespace: {{ .Release.Namespace }} +roleRef: + kind: Role + name: dynatrace-webhook + apiGroup: rbac.authorization.k8s.io +{{ end }} diff --git a/charts/dynatrace/dynatrace-operator/0.8.2/templates/Common/webhook/service.yaml b/charts/dynatrace/dynatrace-operator/0.8.2/templates/Common/webhook/service.yaml new file mode 100644 index 000000000..46268b14c --- /dev/null +++ b/charts/dynatrace/dynatrace-operator/0.8.2/templates/Common/webhook/service.yaml @@ -0,0 +1,30 @@ +{{- include "dynatrace-operator.platformRequired" . }} +{{ if eq (include "dynatrace-operator.partial" .) "false" }} +# Copyright 2021 Dynatrace LLC + +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at + +# http://www.apache.org/licenses/LICENSE-2.0 + +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +apiVersion: v1 +kind: Service +metadata: + name: dynatrace-webhook + namespace: {{ .Release.Namespace }} + labels: + {{- include "dynatrace-operator.webhookLabels" . | nindent 4 }} +spec: + selector: + {{- include "dynatrace-operator.webhookLabels" . | nindent 4 }} + ports: + - port: 443 + protocol: TCP + targetPort: server-port +{{ end }} diff --git a/charts/dynatrace/dynatrace-operator/0.8.2/templates/Common/webhook/serviceaccount-webhook.yaml b/charts/dynatrace/dynatrace-operator/0.8.2/templates/Common/webhook/serviceaccount-webhook.yaml new file mode 100644 index 000000000..ebc6a9828 --- /dev/null +++ b/charts/dynatrace/dynatrace-operator/0.8.2/templates/Common/webhook/serviceaccount-webhook.yaml @@ -0,0 +1,29 @@ +{{- include "dynatrace-operator.platformRequired" . }} +{{ if eq (include "dynatrace-operator.partial" .) "false" }} +# Copyright 2021 Dynatrace LLC + +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at + +# http://www.apache.org/licenses/LICENSE-2.0 + +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +apiVersion: v1 +kind: ServiceAccount +metadata: + name: dynatrace-webhook + namespace: {{ .Release.Namespace }} + labels: + {{- include "dynatrace-operator.webhookLabels" . | nindent 4 }} +{{- if eq .Values.platform "openshift" }} +imagePullSecrets: +- name: redhat-connect +- name: redhat-connect-sso +{{- end }} +{{ end }} + diff --git a/charts/dynatrace/dynatrace-operator/0.8.2/templates/Common/webhook/validatingwebhookconfiguration.yaml b/charts/dynatrace/dynatrace-operator/0.8.2/templates/Common/webhook/validatingwebhookconfiguration.yaml new file mode 100644 index 000000000..8791ec3f6 --- /dev/null +++ b/charts/dynatrace/dynatrace-operator/0.8.2/templates/Common/webhook/validatingwebhookconfiguration.yaml @@ -0,0 +1,45 @@ +{{- include "dynatrace-operator.platformRequired" . }} +{{ if eq (include "dynatrace-operator.partial" .) "false" }} +# Copyright 2021 Dynatrace LLC + +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at + +# http://www.apache.org/licenses/LICENSE-2.0 + +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +apiVersion: admissionregistration.k8s.io/v1 +kind: ValidatingWebhookConfiguration +metadata: + name: dynatrace-webhook + labels: + {{- include "dynatrace-operator.webhookLabels" . | nindent 4 }} +webhooks: + - admissionReviewVersions: + - v1 + - v1beta1 + - v1alpha1 + clientConfig: + service: + name: dynatrace-webhook + namespace: {{ .Release.Namespace }} + path: /validate + rules: + - operations: + - CREATE + - UPDATE + apiGroups: + - dynatrace.com + apiVersions: + - v1beta1 + resources: + - dynakubes + name: webhook.dynatrace.com + timeoutSeconds: 2 + sideEffects: None +{{ end }} diff --git a/charts/dynatrace/dynatrace-operator/0.8.2/templates/NOTES.txt b/charts/dynatrace/dynatrace-operator/0.8.2/templates/NOTES.txt new file mode 100644 index 000000000..8ff8ac567 --- /dev/null +++ b/charts/dynatrace/dynatrace-operator/0.8.2/templates/NOTES.txt @@ -0,0 +1,10 @@ +Thank you for installing {{ .Chart.Name }}. + +Your release is named {{ .Release.Name }}. + +To find more information about the Dynatrace Operator, try: +https://github.com/Dynatrace/dynatrace-operator + +To verify the current state of the deployments, try: + $ kubectl get pods -n {{ .Release.Namespace }} + $ kubectl logs -f deployment/{{ .Release.Name }} -n {{ .Release.Namespace }} \ No newline at end of file diff --git a/charts/dynatrace/dynatrace-operator/0.8.2/templates/Openshift/activegate/securitycontextconstraints.yaml b/charts/dynatrace/dynatrace-operator/0.8.2/templates/Openshift/activegate/securitycontextconstraints.yaml new file mode 100644 index 000000000..b6bcaf2d4 --- /dev/null +++ b/charts/dynatrace/dynatrace-operator/0.8.2/templates/Openshift/activegate/securitycontextconstraints.yaml @@ -0,0 +1,52 @@ +{{- include "dynatrace-operator.platformRequired" . }} +{{- if and (eq .Values.platform "openshift") ((.Values.securityContextConstraints).enabled) (eq (include "dynatrace-operator.partial" .) "false")}} +# Copyright 2021 Dynatrace LLC + +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at + +# http://www.apache.org/licenses/LICENSE-2.0 + +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +apiVersion: security.openshift.io/v1 +kind: SecurityContextConstraints +metadata: + name: dynatrace-activegate +allowPrivilegedContainer: false +fsGroup: + type: RunAsAny +priority: 1 +{{- if (.Values.activeGate).readOnlyFs }} +readOnlyRootFilesystem: true +{{ else }} +readOnlyRootFilesystem: false +{{ end }} +requiredDropCapabilities: + - ALL +runAsUser: + type: MustRunAsNonRoot +seLinuxContext: + type: RunAsAny +seccompProfiles: + - "*" +supplementalGroups: + type: RunAsAny +users: + - system:serviceaccount:{{ .Release.Namespace }}:dynatrace-activegate + - system:serviceaccount:{{ .Release.Namespace }}:dynatrace-kubernetes-monitoring +volumes: + - "*" + +allowHostDirVolumePlugin: false +allowHostIPC: false +allowHostNetwork: false +allowHostPID: false +allowHostPorts: false +allowedFlexVolumes: null +defaultAddCapabilities: [] +{{ end }} diff --git a/charts/dynatrace/dynatrace-operator/0.8.2/templates/Openshift/csi/securitycontextconstraints-csidriver.yaml b/charts/dynatrace/dynatrace-operator/0.8.2/templates/Openshift/csi/securitycontextconstraints-csidriver.yaml new file mode 100644 index 000000000..de5e8fc72 --- /dev/null +++ b/charts/dynatrace/dynatrace-operator/0.8.2/templates/Openshift/csi/securitycontextconstraints-csidriver.yaml @@ -0,0 +1,49 @@ +{{- include "dynatrace-operator.platformRequired" . }} +{{- if and (eq .Values.platform "openshift") ((.Values.securityContextConstraints).enabled) (eq (include "dynatrace-operator.needCSI" .) "true") }} +# Copyright 2021 Dynatrace LLC + +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at + +# http://www.apache.org/licenses/LICENSE-2.0 + +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +apiVersion: security.openshift.io/v1 +kind: SecurityContextConstraints +metadata: + name: dynatrace-oneagent-csi-driver + labels: + {{- include "dynatrace-operator.csiLabels" . | nindent 4 }} +allowHostDirVolumePlugin: true +allowHostIPC: true +allowHostNetwork: true +allowHostPID: true +allowHostPorts: true +allowPrivilegedContainer: true +allowedCapabilities: + - "*" +allowedFlexVolumes: null +defaultAddCapabilities: null +fsGroup: + type: RunAsAny +priority: 1 +readOnlyRootFilesystem: false +requiredDropCapabilities: null +runAsUser: + type: RunAsAny +seLinuxContext: + type: RunAsAny +seccompProfiles: + - "*" +supplementalGroups: + type: RunAsAny +users: + - system:serviceaccount:dynatrace:dynatrace-oneagent-csi-driver +volumes: + - "*" +{{ end }} diff --git a/charts/dynatrace/dynatrace-operator/0.8.2/templates/Openshift/oneagent/securitycontextconstraints-privileged.yaml b/charts/dynatrace/dynatrace-operator/0.8.2/templates/Openshift/oneagent/securitycontextconstraints-privileged.yaml new file mode 100644 index 000000000..5936d103b --- /dev/null +++ b/charts/dynatrace/dynatrace-operator/0.8.2/templates/Openshift/oneagent/securitycontextconstraints-privileged.yaml @@ -0,0 +1,66 @@ +{{- include "dynatrace-operator.platformRequired" . }} +{{- if and (eq .Values.platform "openshift") ((.Values.securityContextConstraints).enabled) (eq (include "dynatrace-operator.partial" .) "false")}} +# Copyright 2021 Dynatrace LLC + +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at + +# http://www.apache.org/licenses/LICENSE-2.0 + +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +apiVersion: security.openshift.io/v1 +kind: SecurityContextConstraints +metadata: + annotations: + kubernetes.io/description: "dynatrace-dynakube-oneagent-privileged allows access to all privileged and host features and the ability to run as any user, any group, any fsGroup, and with any SELinux context." + name: dynatrace-dynakube-oneagent-privileged + labels: + {{- include "dynatrace-operator.oneagentLabels" . | nindent 4 }} +allowHostDirVolumePlugin: true +allowHostIPC: false +allowHostNetwork: true +allowHostPID: true +allowHostPorts: true +allowPrivilegedContainer: true +allowedCapabilities: + - CHOWN + - DAC_OVERRIDE + - DAC_READ_SEARCH + - FOWNER + - FSETID + - KILL + - NET_ADMIN + - NET_RAW + - SETFCAP + - SETGID + - SETUID + - SYS_ADMIN + - SYS_CHROOT + - SYS_PTRACE + - SYS_RESOURCE +allowedFlexVolumes: null +defaultAddCapabilities: [] +fsGroup: + type: RunAsAny +priority: 1 +readOnlyRootFilesystem: false +requiredDropCapabilities: + - ALL +runAsUser: + type: RunAsAny +seLinuxContext: + type: RunAsAny +seccompProfiles: + - "*" +supplementalGroups: + type: RunAsAny +users: + - system:serviceaccount:{{ .Release.Namespace }}:dynatrace-dynakube-oneagent-privileged +volumes: + - "*" +{{ end }} diff --git a/charts/dynatrace/dynatrace-operator/0.8.2/templates/Openshift/oneagent/securitycontextconstraints-unprivileged.yaml b/charts/dynatrace/dynatrace-operator/0.8.2/templates/Openshift/oneagent/securitycontextconstraints-unprivileged.yaml new file mode 100644 index 000000000..756eac3aa --- /dev/null +++ b/charts/dynatrace/dynatrace-operator/0.8.2/templates/Openshift/oneagent/securitycontextconstraints-unprivileged.yaml @@ -0,0 +1,66 @@ +{{- include "dynatrace-operator.platformRequired" . }} +{{- if and (eq .Values.platform "openshift") ((.Values.securityContextConstraints).enabled) (eq (include "dynatrace-operator.partial" .) "false")}} +# Copyright 2021 Dynatrace LLC + +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at + +# http://www.apache.org/licenses/LICENSE-2.0 + +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +apiVersion: security.openshift.io/v1 +kind: SecurityContextConstraints +metadata: + annotations: + kubernetes.io/description: "dynatrace-dynakube-oneagent-unprivileged allows access to all privileged and host features and the ability to run as any user, any group, any fsGroup, and with any SELinux context. This is a copy of privileged scc." + name: dynatrace-dynakube-oneagent-unprivileged + labels: + {{- include "dynatrace-operator.oneagentLabels" . | nindent 4 }} +allowHostDirVolumePlugin: true +allowHostIPC: false +allowHostNetwork: true +allowHostPID: true +allowHostPorts: true +allowPrivilegedContainer: false +allowedCapabilities: + - CHOWN + - DAC_OVERRIDE + - DAC_READ_SEARCH + - FOWNER + - FSETID + - KILL + - NET_ADMIN + - NET_RAW + - SETFCAP + - SETGID + - SETUID + - SYS_ADMIN + - SYS_CHROOT + - SYS_PTRACE + - SYS_RESOURCE +allowedFlexVolumes: null +defaultAddCapabilities: [] +fsGroup: + type: RunAsAny +priority: 1 +readOnlyRootFilesystem: false +requiredDropCapabilities: + - ALL +runAsUser: + type: RunAsAny +seLinuxContext: + type: RunAsAny +seccompProfiles: + - "*" +supplementalGroups: + type: RunAsAny +users: + - system:serviceaccount:{{ .Release.Namespace }}:dynatrace-dynakube-oneagent-unprivileged +volumes: + - "*" +{{ end }} diff --git a/charts/dynatrace/dynatrace-operator/0.8.2/templates/Openshift/operator/securitycontextconstraints.yaml b/charts/dynatrace/dynatrace-operator/0.8.2/templates/Openshift/operator/securitycontextconstraints.yaml new file mode 100644 index 000000000..55cc05805 --- /dev/null +++ b/charts/dynatrace/dynatrace-operator/0.8.2/templates/Openshift/operator/securitycontextconstraints.yaml @@ -0,0 +1,49 @@ +{{- include "dynatrace-operator.platformRequired" . }} +{{- if and (eq .Values.platform "openshift") ((.Values.securityContextConstraints).enabled) (eq (include "dynatrace-operator.partial" .) "false")}} +# Copyright 2021 Dynatrace LLC + +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at + +# http://www.apache.org/licenses/LICENSE-2.0 + +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +apiVersion: security.openshift.io/v1 +kind: SecurityContextConstraints +metadata: + name: {{ .Release.Name }} + labels: + {{- include "dynatrace-operator.operatorLabels" . | nindent 4 }} +allowPrivilegedContainer: false +fsGroup: + type: RunAsAny +priority: 1 +readOnlyRootFilesystem: true +requiredDropCapabilities: + - ALL +runAsUser: + type: MustRunAsNonRoot +seLinuxContext: + type: RunAsAny +seccompProfiles: + - "*" +supplementalGroups: + type: RunAsAny +users: + - system:serviceaccount:{{ .Release.Namespace }}:{{ .Release.Name }} +volumes: + - "*" + +allowHostDirVolumePlugin: false +allowHostIPC: false +allowHostNetwork: false +allowHostPID: false +allowHostPorts: false +allowedFlexVolumes: null +defaultAddCapabilities: [] +{{ end }} diff --git a/charts/dynatrace/dynatrace-operator/0.8.2/templates/Openshift/webhook/securitycontextconstraints.yaml b/charts/dynatrace/dynatrace-operator/0.8.2/templates/Openshift/webhook/securitycontextconstraints.yaml new file mode 100644 index 000000000..aa1b0a267 --- /dev/null +++ b/charts/dynatrace/dynatrace-operator/0.8.2/templates/Openshift/webhook/securitycontextconstraints.yaml @@ -0,0 +1,49 @@ +{{- include "dynatrace-operator.platformRequired" . }} +{{- if and (eq .Values.platform "openshift") ((.Values.securityContextConstraints).enabled) (eq (include "dynatrace-operator.partial" .) "false")}} +# Copyright 2021 Dynatrace LLC + +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at + +# http://www.apache.org/licenses/LICENSE-2.0 + +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +apiVersion: security.openshift.io/v1 +kind: SecurityContextConstraints +metadata: + name: dynatrace-webhook + labels: + {{- include "dynatrace-operator.operatorLabels" . | nindent 4 }} +allowPrivilegedContainer: false +fsGroup: + type: RunAsAny +priority: 1 +readOnlyRootFilesystem: true +requiredDropCapabilities: + - ALL +runAsUser: + type: MustRunAsNonRoot +seLinuxContext: + type: RunAsAny +seccompProfiles: + - "*" +supplementalGroups: + type: RunAsAny +users: + - system:serviceaccount:{{ .Release.Namespace }}:dynatrace-webhook +volumes: + - "*" + +allowHostDirVolumePlugin: false +allowHostIPC: false +allowHostNetwork: true +allowHostPID: false +allowHostPorts: false +allowedFlexVolumes: null +defaultAddCapabilities: [] +{{ end }} diff --git a/charts/dynatrace/dynatrace-operator/0.8.2/templates/_helpers.tpl b/charts/dynatrace/dynatrace-operator/0.8.2/templates/_helpers.tpl new file mode 100644 index 000000000..7b2fc3108 --- /dev/null +++ b/charts/dynatrace/dynatrace-operator/0.8.2/templates/_helpers.tpl @@ -0,0 +1,171 @@ +// Copyright 2020 Dynatrace LLC + +// Licensed under the Apache License, Version 2.0 (the "License"); +// you may not use this file except in compliance with the License. +// You may obtain a copy of the License at + +// http://www.apache.org/licenses/LICENSE-2.0 + +// Unless required by applicable law or agreed to in writing, software +// distributed under the License is distributed on an "AS IS" BASIS, +// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +// See the License for the specific language governing permissions and +// limitations under the License. + + +{{/* +Create chart name and version as used by the chart label. +*/}} +{{- define "dynatrace-operator.chart" -}} +{{- printf "%s-%s" .Chart.Name .Chart.Version | replace "+" "_" | trunc 63 | trimSuffix "-" }} +{{- end }} + +{{/* +Selector labels +*/}} +{{- define "dynatrace-operator.futureSelectorLabels" -}} +app.kubernetes.io/name: {{ .Release.Name }} +{{- if not (.Values).manifests }} +app.kubernetes.io/managed-by: {{ .Release.Service }} +{{- end -}} +{{- end -}} + +{{/* +Common labels +*/}} +{{- define "dynatrace-operator.commonLabels" -}} +{{ include "dynatrace-operator.futureSelectorLabels" . }} +{{- if .Chart.AppVersion }} +app.kubernetes.io/version: {{ .Chart.AppVersion | quote }} +{{- end }} +{{- if not (.Values).manifests }} +helm.sh/chart: {{ include "dynatrace-operator.chart" . }} +{{- end -}} +{{- end -}} + +{{/* +Operator labels +*/}} +{{- define "dynatrace-operator.operatorLabels" -}} +{{ include "dynatrace-operator.commonLabels" . }} +app.kubernetes.io/component: operator +{{- end -}} + +{{/* +Operator selector labels +*/}} +{{- define "dynatrace-operator.operatorSelectorLabels" -}} +name: {{ .Release.Name }} +{{- end -}} + +{{/* +Webhook labels +*/}} +{{- define "dynatrace-operator.webhookLabels" -}} +{{ include "dynatrace-operator.commonLabels" . }} +app.kubernetes.io/component: webhook +{{- end -}} + +{{/* +Webhook selector labels +*/}} +{{- define "dynatrace-operator.webhookSelectorLabels" -}} +internal.dynatrace.com/component: webhook +internal.dynatrace.com/app: webhook +{{- end -}} + +{{/* +CSI labels +*/}} +{{- define "dynatrace-operator.csiLabels" -}} +{{ include "dynatrace-operator.commonLabels" . }} +app.kubernetes.io/component: csi-driver +{{- end -}} + +{{/* +CSI selector labels +*/}} +{{- define "dynatrace-operator.csiSelectorLabels" -}} +internal.oneagent.dynatrace.com/app: csi-driver +internal.oneagent.dynatrace.com/component: csi-driver +{{- end -}} + +{{/* +ActiveGate labels +*/}} +{{- define "dynatrace-operator.activegateLabels" -}} +{{ include "dynatrace-operator.commonLabels" . }} +app.kubernetes.io/component: activegate +{{- end -}} + +{{/* +OneAgent labels +*/}} +{{- define "dynatrace-operator.oneagentLabels" -}} +{{ include "dynatrace-operator.commonLabels" . }} +app.kubernetes.io/component: oneagent +{{- end -}} + + +{{/* +Check if default image is used +*/}} +{{- define "dynatrace-operator.image" -}} +{{- if .Values.image -}} + {{- printf "%s" .Values.image -}} +{{- else -}} + {{- if eq .Values.platform "google-marketplace" -}} + {{- printf "%s:%s" "gcr.io/dynatrace-marketplace-prod/dynatrace-operator" "{{ .Chart.AppVersion }}" }} + {{- else -}} + {{- printf "%s:v%s" "docker.io/dynatrace/dynatrace-operator" .Chart.AppVersion }} + {{- end -}} +{{- end -}} +{{- end -}} + + +{{/* +Check if we need the csi driver. +*/}} +{{- define "dynatrace-operator.needCSI" -}} + {{- if or (.Values.csidriver.enabled) (eq (include "dynatrace-operator.partial" .) "csi") -}} + {{- printf "true" -}} + {{- end -}} +{{- end -}} + + +{{/* +Check if we are generating only a part of the yamls +*/}} +{{- define "dynatrace-operator.partial" -}} + {{- if (default false .Values.partial) -}} + {{- printf "%s" .Values.partial -}} + {{- else -}} + {{- printf "false" -}} + {{- end -}} +{{- end -}} + + +{{/* +Check if platform is set +*/}} +{{- define "dynatrace-operator.platformSet" -}} +{{- if or (eq .Values.platform "kubernetes") (eq .Values.platform "openshift") (eq .Values.platform "google-marketplace") (eq .Values.platform "gke-autopilot") -}} + {{ default "set" }} +{{- end -}} +{{- end -}} + +{{/* +Exclude Kubernetes manifest not running on OLM +*/}} +{{- define "dynatrace-operator.openshiftOrOlm" -}} +{{- if and (or (eq .Values.platform "openshift") (.Values.olm)) (eq (include "dynatrace-operator.partial" .) "false") -}} + {{ default "true" }} +{{- end -}} +{{- end -}} + +{{/* +Check if the platform is set +*/}} +{{- define "dynatrace-operator.platformRequired" -}} +{{- $platformIsSet := printf "%s" (required "Platform needs to be set to kubernetes, openshift, google-marketplace, or gke-autopilot" (include "dynatrace-operator.platformSet" .))}} +{{- end -}} diff --git a/charts/dynatrace/dynatrace-operator/0.8.2/templates/application.yaml b/charts/dynatrace/dynatrace-operator/0.8.2/templates/application.yaml new file mode 100644 index 000000000..ff895bde3 --- /dev/null +++ b/charts/dynatrace/dynatrace-operator/0.8.2/templates/application.yaml @@ -0,0 +1,99 @@ +{{- include "dynatrace-operator.platformRequired" . }} +{{- if eq .Values.platform "google-marketplace" }} +# Copyright 2020 Dynatrace LLC + +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# http://www.apache.org/licenses/LICENSE-2.0 +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +apiVersion: app.k8s.io/v1beta1 +kind: Application +metadata: + name: {{ .Release.Name }} + namespace: {{ .Release.Namespace }} + labels: + {{- include "dynatrace-operator.operatorLabels" . | nindent 4 }} + annotations: + kubernetes-engine.cloud.google.com/icon: data:image/png;base64,{{ .Files.Get "logo.png" | b64enc }} + marketplace.cloud.google.com/deploy-info: '{"partner_id": "dynatrace-marketplace-prod", "product_id": "dynatrace-operator", "partner_name": "Dynatrace LLC"}' +spec: + descriptor: + type: "Dynatrace Operator" + version: "0.8.1" + maintainers: + - name: Dynatrace LLC + url: https://www.dynatrace.com/ + keywords: + - "dynatrace" + - "operator" + - "activegate" + - "k8s" + - "monitoring" + - "apm" + description: | + # Dynatrace Operator + + The Dynatrace Operator supports rollout and lifecycle management of various Dynatrace components in Kubernetes and OpenShift. + + * OneAgent + * `classicFullStack` rolls out a OneAgent pod per node to monitor pods on it and the node itself + * `applicationMonitoring` is a webhook based injection mechanism for automatic app-only injection + * CSI Driver can be enabled to cache OneAgent downloads per node + * `hostMonitoring` is only monitoring the hosts (i.e. nodes) in the cluster without app-only injection + * `cloudNativeFullStack` is a combination of `applicationMonitoring` with CSI driver and `hostMonitoring` + * ActiveGate + * `routing` routes OneAgent traffic through the ActiveGate + * `kubernetes-monitoring` allows monitoring of the Kubernetes API + * `metrics-ingest` routes enriched metrics through ActiveGate + + For more information please have a look at [our DynaKube Custom Resource examples](config/samples) and + our [official help page](https://www.dynatrace.com/support/help/setup-and-configuration/setup-on-container-platforms/kubernetes/). + links: + - description: Dynatrace Website + url: https://www.dynatrace.com/ + - description: Operator Deploy Guide + url: ToDo + - description: Kubernetes Monitoring Info + url: https://www.dynatrace.com/technologies/kubernetes-monitoring + selector: + matchLabels: + app.kubernetes.io/name: "{{ .Release.Name }}" + componentKinds: + - group: apps/v1 + kind: DaemonSet + - group: v1 + kind: Pod + - group: v1 + kind: ConfigMap + - group: apps/v1 + kind: Deployment + - group: v1 + kind: Secret + - group: batch/v1 + kind: Job + - group: v1 + kind: Service + - group: v1 + kind: ServiceAccount + - group: admissionregistration.k8s.io/v1 + kind: ValidatingWebhookConfiguration + - group: admissionregistration.k8s.io/v1 + kind: MutatingWebhookConfiguration + - group: apps/v1 + kind: StatefulSet + - group: storage.k8s.io/v1 + kind: CSIDriver + - group: rbac.authorization.k8s.io/v1 + kind: ClusterRole + - group: rbac.authorization.k8s.io/v1 + kind: ClusterRoleBinding + - group: rbac.authorization.k8s.io/v1 + kind: Role + - group: rbac.authorization.k8s.io/v1 + kind: RoleBinding +{{ end }} diff --git a/charts/dynatrace/dynatrace-operator/0.8.2/values.yaml b/charts/dynatrace/dynatrace-operator/0.8.2/values.yaml new file mode 100644 index 000000000..6dd4b6a40 --- /dev/null +++ b/charts/dynatrace/dynatrace-operator/0.8.2/values.yaml @@ -0,0 +1,77 @@ +# Copyright 2021 Dynatrace LLC + +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at + +# http://www.apache.org/licenses/LICENSE-2.0 + +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +# may be set to "kubernetes", "openshift", or "gke-autopilot" +platform: "kubernetes" + +image: "" +customPullSecret: "" +installCRD: false + +operator: + nodeSelector: {} + tolerations: [] + labels: [] + annotations: [] + apparmor: false + requests: + cpu: 50m + memory: 64Mi + limits: + cpu: 100m + memory: 128Mi + +webhook: + hostNetwork: false + nodeSelector: {} + tolerations: [] + labels: [] + annotations: [] + apparmor: false + requests: + cpu: 300m + memory: 128Mi + limits: + cpu: 300m + memory: 128Mi + highAvailability: true + +csidriver: + enabled: false + nodeSelector: {} + priorityClassValue: "1000000" + tolerations: + - effect: NoSchedule + key: node-role.kubernetes.io/master + operator: Exists + - effect: NoSchedule + key: node-role.kubernetes.io/control-plane + operator: Exists + - effect: NoSchedule + key: ToBeDeletedByClusterAutoscaler + operator: Exists + labels: [] + annotations: [] + requests: + cpu: 300m + memory: 100Mi + limits: + cpu: 300m + memory: 100Mi + +securityContextConstraints: + enabled: true # Only applicable for Openshift + +additionalPermissions: + pvcMonitoring: false diff --git a/index.yaml b/index.yaml old mode 100755 new mode 100644 index 5ca3814d9..898e77eb1 --- a/index.yaml +++ b/index.yaml @@ -1135,6 +1135,33 @@ entries: - assets/dynatrace/dynatrace-oneagent-operator-0.8.000.tgz version: 0.8.000 dynatrace-operator: + - annotations: + catalog.cattle.io/certified: partner + catalog.cattle.io/display-name: Dynatrace Operator + catalog.cattle.io/kube-version: '>=1.21.0-0' + catalog.cattle.io/release-name: dynatrace-operator + apiVersion: v2 + appVersion: 0.8.2 + created: "2022-08-30T12:34:53.716323-04:00" + description: The Dynatrace Operator Helm chart for Kubernetes and OpenShift + digest: f00dff617c06508dd3d18b3503ce65c6a241081566be53b2b4449b9e08f765c8 + home: https://www.dynatrace.com/ + icon: https://assets.dynatrace.com/global/resources/Signet_Logo_RGB_CP_512x512px.png + kubeVersion: '>=1.21.0-0' + maintainers: + - email: marcell.sevcsik@dynatrace.com + name: 0sewa0 + - email: christoph.muellner@dynatrace.com + name: chrismuellner + - email: lukas.hinterreiter@dynatrace.com + name: luhi-DT + name: dynatrace-operator + sources: + - https://github.com/Dynatrace/dynatrace-operator + type: application + urls: + - assets/dynatrace/dynatrace-operator-0.8.2.tgz + version: 0.8.2 - annotations: catalog.cattle.io/certified: partner catalog.cattle.io/display-name: Dynatrace Operator