andata
/
rancher-partner-charts
mirror of https://git.rancher.io/partner-charts
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

Charts CI 

```
Updated:
  kasten/k10:
    - 6.5.14
```
pull/1022/head
github-actions[bot] 2024-05-19 00:58:04 +00:00
parent cf42446a0a
commit e2d191d01c
25 changed files with 268 additions and 93 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

BIN
assets/kasten/k10-6.5.1401.tgz Normal file
View File

Binary file not shown.

2
charts/kasten/k10/Chart.lock
View File

@ -6,4 +6,4 @@ dependencies:
repository: ""
version: 25.18.0
digest: sha256:e35117c8aba9f6bde24ae45b5e05b0342b03029dfb2676236c389572cc502066
generated: "2024-05-03T18:14:59.697223332Z"
generated: "2024-05-18T05:55:02.501542941Z"

4
charts/kasten/k10/Chart.yaml
View File

@ -4,7 +4,7 @@ annotations:
catalog.cattle.io/kube-version: '>= 1.17.0-0'
catalog.cattle.io/release-name: k10
apiVersion: v2
appVersion: 6.5.13
appVersion: 6.5.14
dependencies:
- condition: grafana.enabled
name: grafana
@ -21,4 +21,4 @@ maintainers:
- email: contact@kasten.io
name: kastenIO
name: k10
version: 6.5.1301
version: 6.5.1401

14
charts/kasten/k10/README.md
View File

@ -57,9 +57,9 @@ Parameter | Description | Default
`eula.company` | Company name. Required field if EULA is accepted | `None`
`eula.email` | Contact email. Required field if EULA is accepted | `None`
`license` | License string obtained from Kasten | `None`
`rbac.create` | Whether to enable RBAC with a specific cluster role and binding for K10 | `true`
`scc.create` | Whether to create a SecurityContextConstraints for K10 ServiceAccounts | `false`
`scc.priority` | Sets the SecurityContextConstraints priority | `15`
`rbac.create` | Whether to enable RBAC with a specific cluster role and binding for K10 | `true`
`scc.create` | Whether to create a SecurityContextConstraints for K10 ServiceAccounts | `false`
`scc.priority` | Sets the SecurityContextConstraints priority | `15`
`services.dashboardbff.hostNetwork` | Whether the dashboardbff pods may use the node network | `false`
`services.executor.hostNetwork` | Whether the executor pods may use the node network | `false`
`services.executor.workerCount` | Specifies count of running executor workers | 8
@ -86,7 +86,7 @@ Parameter | Description | Default
`ingress.defaultBackend.resource.apiGroup` | Optional API group of a resource backing the default backend. | `''`
`ingress.defaultBackend.resource.kind` | The type of a resource being referenced by the default backend (required if the resource default backend is used). | `None`
`ingress.defaultBackend.resource.name` | The name of a resource being referenced by the default backend (required if the resource default backend is used). | `None`
`global.persistence.size` | Default global size of volumes for K10 persistent services | `20Gi`
`global.persistence.size` | Default global size of volumes for K10 persistent services | `20Gi`
`global.persistence.catalog.size` | Size of a volume for catalog service | `global.persistence.size`
`global.persistence.jobs.size` | Size of a volume for jobs service | `global.persistence.size`
`global.persistence.logging.size` | Size of a volume for logging service | `global.persistence.size`
@ -173,7 +173,7 @@ Parameter | Description | Default
`auth.ldap.host` | Host and optional port of the AD/LDAP server in the form `host:port` | `None`
`auth.ldap.insecureNoSSL` | Required if the AD/LDAP host is not using TLS | `false`
`auth.ldap.insecureSkipVerifySSL` | To turn off SSL verification of connections to the AD/LDAP host | `false`
`auth.ldap.startTLS` | When set to true, ldap:// is used to connect to the server followed by creation of a TLS session. When set to false, ldaps:// is used. | `false`
`auth.ldap.startTLS` | When set to true, ldap:// is used to connect to the server followed by creation of a TLS session. When set to false, ldaps:// is used. | `false`
`auth.ldap.bindDN` | The Distinguished Name(username) used for connecting to the AD/LDAP host | `None`
`auth.ldap.bindPW` | The password corresponding to the `bindDN` for connecting to the AD/LDAP host | `None`
`auth.ldap.bindPWSecretName` | The name of the secret that contains the password corresponding to the `bindDN` for connecting to the AD/LDAP host | `None`
@ -257,7 +257,7 @@ Parameter | Description | Default
`limiter.csiSnapshots` | Limit of concurrent CSI snapshot create operations | `10`
`limiter.providerSnapshots` | Limit of concurrent cloud provider create operations | `10`
`limiter.imageCopies` | Limit of concurrent image copy operations | `10`
`cluster.domainName` | Specifies the domain name of the cluster | `cluster.local`
`cluster.domainName` | Specifies the domain name of the cluster | `""`
`kanister.backupTimeout` | Specifies timeout to set on Kanister backup operations | `45`
`kanister.restoreTimeout` | Specifies timeout to set on Kanister restore operations | `600`
`kanister.deleteTimeout` | Specifies timeout to set on Kanister delete operations | `45`
@ -284,7 +284,7 @@ Parameter | Description | Default
`defaultPriorityClassName` | Specifies the default [priority class](https://kubernetes.io/docs/concepts/scheduling-eviction/pod-priority-preemption/#priorityclass) name for all K10 deployments and ephemeral pods | `None`
`priorityClassName.<deploymentName>` | Overrides the default [priority class](https://kubernetes.io/docs/concepts/scheduling-eviction/pod-priority-preemption/#priorityclass) name for the specified deployment | `{}`
`ephemeralPVCOverhead` | Set the percentage increase for the ephemeral Persistent Volume Claim's storage request, e.g. PVC size = (file raw size) * (1 + `ephemeralPVCOverhead`) | `0.1`
`datastore.parallelUploads` | Specifies how many files can be uploaded in parallel to the data store | `8`
## Helm tips and tricks
There is a way of setting values via a yaml file instead of using `--set`.

1
charts/kasten/k10/charts/grafana/templates/deployment.yaml
View File

@ -32,6 +32,7 @@ spec:
{{- with .Values.podLabels }}
{{- toYaml . | nindent 8 }}
{{- end }}
{{- include "k10.azMarketPlace.billingIdentifier" . }}
annotations:
checksum/config: {{ include "grafana.configData" . | sha256sum }}
{{- if .Values.dashboards }}

1
charts/kasten/k10/charts/grafana/templates/image-renderer-deployment.yaml
View File

@ -34,6 +34,7 @@ spec:
{{- with .Values.imageRenderer.podLabels }}
{{- toYaml . | nindent 8 }}
{{- end }}
{{- include "k10.azMarketPlace.billingIdentifier" . }}
annotations:
checksum/config: {{ include (print $.Template.BasePath "/configmap.yaml") . | sha256sum }}
{{- with .Values.imageRenderer.podAnnotations }}

1
charts/kasten/k10/charts/prometheus/charts/prometheus-pushgateway/templates/deployment.yaml
View File

@ -23,6 +23,7 @@ spec:
{{- end }}
labels:
{{- include "prometheus-pushgateway.defaultLabels" . | nindent 8 }}
{{- include "k10.azMarketPlace.billingIdentifier" . }}
spec:
{{- include "prometheus-pushgateway.podSpec" . | nindent 6 }}
{{- end }}

1
charts/kasten/k10/charts/prometheus/templates/deploy.yaml
View File

@ -32,6 +32,7 @@ spec:
{{- if .Values.server.podLabels}}
{{ toYaml .Values.server.podLabels | nindent 8 }}
{{- end}}
{{- include "k10.azMarketPlace.billingIdentifier" . }}
spec:
{{- if .Values.server.priorityClassName }}
priorityClassName: "{{ .Values.server.priorityClassName }}"

4
charts/kasten/k10/templates/_definitions.tpl
View File

@ -35,8 +35,8 @@ crypto:
dashboardbff:
- vbrintegrationapi
state:
- events
- admin
- events
{{- end -}}
{{- define "k10.aggregatedAPIs" -}}actions apps repositories vault{{- end -}}
{{- define "k10.configAPIs" -}}config{{- end -}}
@ -214,7 +214,7 @@ state-svc:
{{- define "k10.aggAuditPolicyFile" -}}agg-audit-policy.yaml{{- end -}}
{{- define "k10.siemAuditLogFilePath" -}}-{{- end -}}
{{- define "k10.siemAuditLogFileSize" -}}100{{- end -}}
{{- define "k10.kanisterToolsImageTag" -}}0.107.0{{- end -}}
{{- define "k10.kanisterToolsImageTag" -}}0.108.0{{- end -}}
{{- define "k10.disabledServicesEnvVar" -}}K10_DISABLED_SERVICES{{- end -}}
{{- define "k10.openShiftClientSecretEnvVar" -}}K10_OPENSHIFT_CLIENT_SECRET{{- end -}}
{{- define "k10.defaultK10DefaultPriorityClassName" -}}{{- end -}}

69
charts/kasten/k10/templates/_helpers.tpl
View File

@ -119,6 +119,8 @@
{{- $fips := .Values.fips | default dict -}}
{{- if $fips.enabled -}}
{{- $internal_capabilities = append $internal_capabilities "fips.strict" -}}
{{- $internal_capabilities = append $internal_capabilities "crypto.storagerepository.v2" -}}
{{- $internal_capabilities = append $internal_capabilities "crypto.vbr.v2" -}}
{{- end -}}
{{- concat $internal_capabilities (.Values.capabilities | default list) | join " " -}}
@ -281,6 +283,10 @@ external-dns.alpha.kubernetes.io/hostname: {{ .Values.externalGateway.fqdn.name
Prometheus scrape config template for k10 services
*/}}
{{- define "k10.prometheusScrape" -}}
{{- $cluster_domain := "" -}}
{{- with .main.Values.cluster.domainName -}}
{{- $cluster_domain = printf ".%s" . -}}
{{- end -}}
{{- $admin_port := default 8877 .main.Values.service.gatewayAdminPort -}}
- job_name: {{ .k10service }}
metrics_path: /metrics
@ -295,13 +301,13 @@ Prometheus scrape config template for k10 services
static_configs:
- targets:
{{- if eq "gateway" .k10service }}
- {{ .k10service }}-admin.{{ .main.Release.Namespace }}.svc.{{ .main.Values.cluster.domainName }}:{{ $admin_port }}
- {{ .k10service }}-admin.{{ .main.Release.Namespace }}.svc{{ $cluster_domain }}:{{ $admin_port }}
{{- else if eq "aggregatedapis" .k10service }}
- {{ .k10service }}-svc.{{ .main.Release.Namespace }}.svc.{{ .main.Values.cluster.domainName }}:443
- {{ .k10service }}-svc.{{ .main.Release.Namespace }}.svc{{ $cluster_domain }}:443
{{- else }}
{{- $service := default .k10service (index (include "get.enabledColocatedServices" . | fromYaml) .k10service).primary }}
{{- $port := default .main.Values.service.externalPort (index (include "get.enabledColocatedServices" . | fromYaml) .k10service).port }}
- {{ $service }}-svc.{{ .main.Release.Namespace }}.svc.{{ .main.Values.cluster.domainName }}:{{ $port }}
- {{ $service }}-svc.{{ .main.Release.Namespace }}.svc{{ $cluster_domain }}:{{ $port }}
{{- end }}
labels:
application: {{ .main.Release.Name }}
@ -312,6 +318,10 @@ Prometheus scrape config template for k10 services
Prometheus scrape config template for k10 services
*/}}
{{- define "k10.prometheusTargetConfig" -}}
{{- $cluster_domain := "" -}}
{{- with .main.Values.cluster.domainName -}}
{{- $cluster_domain = printf ".%s" . -}}
{{- end -}}
{{- $admin_port := default 8877 .main.Values.service.gatewayAdminPort | toString -}}
- service: {{ .k10service }}
metricsPath: /metrics
@ -326,15 +336,15 @@ Prometheus scrape config template for k10 services
{{- $serviceFqdn := "" }}
{{- $servicePort := "" }}
{{- if eq "gateway" .k10service -}}
{{- $serviceFqdn = printf "%s-admin.%s.svc.%s" .k10service .main.Release.Namespace .main.Values.cluster.domainName -}}
{{- $serviceFqdn = printf "%s-admin.%s.svc%s" .k10service .main.Release.Namespace $cluster_domain -}}
{{- $servicePort = $admin_port -}}
{{- else if eq "aggregatedapis" .k10service -}}
{{- $serviceFqdn = printf "%s-svc.%s.svc.%s" .k10service .main.Release.Namespace .main.Values.cluster.domainName -}}
{{- $serviceFqdn = printf "%s-svc.%s.svc%s" .k10service .main.Release.Namespace $cluster_domain -}}
{{- $servicePort = "443" -}}
{{- else -}}
{{- $service := default .k10service (index (include "get.enabledColocatedServices" .main | fromYaml) .k10service).primary -}}
{{- $port := default .main.Values.service.externalPort (index (include "get.enabledColocatedServices" .main | fromYaml) .k10service).port | toString -}}
{{- $serviceFqdn = printf "%s-svc.%s.svc.%s" $service .main.Release.Namespace .main.Values.cluster.domainName -}}
{{- $serviceFqdn = printf "%s-svc.%s.svc%s" $service .main.Release.Namespace $cluster_domain -}}
{{- $servicePort = $port -}}
{{- end }}
fqdn: {{ $serviceFqdn }}
@ -406,6 +416,8 @@ images or not
{{- define "dex.dexImageRepo" -}}
{{- if .Values.global.airgapped.repository }}
{{- printf "%s/%s" .Values.global.airgapped.repository (include "dex.dexImageName" .) }}
{{- else if .Values.global.azMarketPlace }}
{{- printf "%s/%s" .Values.global.azure.images.dex.registry .Values.global.azure.images.dex.image }}
{{- else }}
{{- printf "%s/%s" .Values.global.image.registry (include "dex.dexImageName" .) }}
{{- end }}
@ -416,7 +428,11 @@ images or not
{{- end -}}
{{- define "dex.dexImageTag" -}}
{{- if .Values.global.azMarketPlace }}
{{- print .Values.global.azure.images.dex.tag }}
{{- else }}
{{- .Values.global.image.tag | default .Chart.AppVersion }}
{{- end -}}
{{- end -}}
{{/*
@ -441,6 +457,8 @@ Get the emissary image.
{{- define "k10.emissaryImageRepo" -}}
{{- if .Values.global.airgapped.repository }}
{{- printf "%s/%s" .Values.global.airgapped.repository (include "k10.emissaryImageName" .) }}
{{- else if .Values.global.azMarketPlace }}
{{- printf "%s/%s" .Values.global.azure.images.emissary.registry .Values.global.azure.images.emissary.image }}
{{- else }}
{{- printf "%s/%s" .Values.global.image.registry (include "k10.emissaryImageName" .) }}
{{- end }}
@ -451,7 +469,11 @@ Get the emissary image.
{{- end -}}
{{- define "k10.emissaryImageTag" -}}
{{- include "get.k10ImageTag" . }}
{{- if .Values.global.azMarketPlace }}
{{- print .Values.global.azure.images.emissary.tag }}
{{- else }}
{{- include "get.k10ImageTag" . }}
{{- end }}
{{- end -}}
{{/*
@ -522,6 +544,8 @@ Get the kanister-tools image.
{{- define "kan.kanisterToolsImageRepo" -}}
{{- if .Values.global.airgapped.repository }}
{{- printf "%s/%s" .Values.global.airgapped.repository (include "kan.kanisterToolsImageName" .) }}
{{- else if .Values.global.azMarketPlace }}
{{- printf "%s/%s" .Values.global.azure.images.kanistertools.registry .Values.global.azure.images.kanistertools.image }}
{{- else }}
{{- printf "%s/%s" .Values.global.image.registry (include "kan.kanisterToolsImageName" .) }}
{{- end }}
@ -532,7 +556,11 @@ Get the kanister-tools image.
{{- end -}}
{{- define "kan.kanisterToolsImageTag" -}}
{{- include "get.k10ImageTag" . }}
{{- if .Values.global.azMarketPlace }}
{{- print .Values.global.azure.images.kanistertools.tag }}
{{- else }}
{{- include "get.k10ImageTag" . }}
{{- end }}
{{- end -}}
{{/*
@ -1074,6 +1102,8 @@ running in the same cluster.
{{- define "init.ImageRepo" -}}
{{- if .Values.global.airgapped.repository }}
{{- printf "%s/%s" .Values.global.airgapped.repository (include "init.ImageName" .) }}
{{- else if .main.Values.global.azMarketPlace }}
{{- printf "%s/%s" .Values.global.azure.images.init.registry .Values.global.azure.images.init.image }}
{{- else }}
{{- printf "%s/%s" .Values.global.image.registry (include "init.ImageName" .) }}
{{- end }}
@ -1216,20 +1246,6 @@ running in the same cluster.
{{- end -}}
{{- end -}}
{{/* Fail if FIPS is enabled and auth.ldap is turned on */}}
{{- define "k10.fail.fipsDexAuthLDAP" -}}
{{- if and ((.Values.fips | default dict).enabled) (.Values.auth.ldap.enabled) -}}
{{- fail "fips.enabled and auth.ldap.enabled cannot both be enabled at the same time" -}}
{{- end -}}
{{- end -}}
{{/* Fail if FIPS is enabled and auth.openshift is turned on */}}
{{- define "k10.fail.fipsDexAuthOpenshift" -}}
{{- if and ((.Values.fips | default dict).enabled) (.Values.auth.openshift.enabled) -}}
{{- fail "fips.enabled and auth.openshift.enabled cannot both be enabled at the same time" -}}
{{- end -}}
{{- end -}}
{{/* Check to see whether SIEM logging is enabled */}}
{{- define "k10.siemEnabled" -}}
{{- if or .Values.siem.logging.cluster.enabled .Values.siem.logging.cloud.awsS3.enabled -}}
@ -1271,3 +1287,12 @@ the Microsoft Go toolchain and Red Hat's OpenSSL.
- name: OPENSSL_FORCE_FIPS_MODE
value: "1"
{{- end }}
{{/*
Returns a billing identifier label to be added to workloads for azure marketplace offer
*/}}
{{- define "k10.azMarketPlace.billingIdentifier" -}}
{{- if .Values.global.azMarketPlace }}
azure-extensions-usage-release-identifier: {{.Release.Name}}
{{- end }}
{{- end }}

129
charts/kasten/k10/templates/_k10_container.tpl
View File

@ -94,6 +94,7 @@ stating that types are not same for the equality check
- name: {{ include "k10.disabledServicesEnvVar" . }}
value: {{ include "get.disabledServices" . | quote }}
{{- end -}}
{{- if list "dashboardbff" "executor" "garbagecollector" "controllermanager" "kanister" | has $service}}
{{- if not (eq (include "check.googleproject" . ) "true") -}}
{{- fail "secrets.googleApiKey field is required when using secrets.googleProjectId" -}}
{{- end -}}
@ -116,6 +117,8 @@ stating that types are not same for the equality check
key: {{ $gkeProjectId }}
optional: true
{{- end }}
{{- end }}
{{- if list "dashboardbff" "executor" "garbagecollector" "controllermanager" "kanister" | has $service}}
{{- if or (eq (include "check.azuresecret" .) "true") (eq (include "check.azurecreds" .) "true" ) }}
{{- if eq (include "check.azuresecret" .) "true" }}
- name: AZURE_CLIENT_ID
@ -201,6 +204,7 @@ stating that types are not same for the equality check
value: "{{ .Values.azure.useDefaultMSI }}"
{{- end }}
{{- end }}
{{- end }}
{{- /*
There are 3 valid states of the secret provided by customer:
@ -273,6 +277,7 @@ There are 3 valid states of the secret provided by customer:
{{- end }}
{{- end }}
{{- end }}
{{- if list "dashboardbff" "executor" "garbagecollector" "controllermanager" | has $service}}
{{- if or (eq (include "check.vspherecreds" .) "true") (eq (include "check.vsphereClientSecret" .) "true") }}
{{- $vsphereSecretName := default "vsphere-creds" .Values.secrets.vsphereClientSecretName }}
- name: VSPHERE_ENDPOINT
@ -290,6 +295,7 @@ There are 3 valid states of the secret provided by customer:
secretKeyRef:
name: {{ $vsphereSecretName }}
key: vsphere_password
{{- end }}
{{- end }}
- name: VERSION
valueFrom:
@ -350,62 +356,18 @@ There are 3 valid states of the secret provided by customer:
value: {{ (include "get.k10ImageTag" .) | print .Values.global.image.registry "/datamover:" }}
{{- end }}{{/* if .Values.global.airgapped.repository */}}
- name: K10_KANISTER_POD_METRICS_IMAGE
{{- if not .Values.global.rhMarketPlace }}
{{- if .Values.global.airgapped.repository }}
value: {{ (include "get.k10ImageTag" .) | print .Values.global.airgapped.repository "/metric-sidecar:" }}
{{- else }}
value: {{ (include "get.k10ImageTag" .) | print .Values.global.image.registry "/metric-sidecar:" }}
{{- end }}{{/* if .Values.global.airgapped.repository */}}
{{- else }}
value: {{ index .Values.global.images "metric-sidecar" }}
{{- end }}{{/* if not .Values.global.rhMarketPlace */}}
- name: KANISTER_POD_READY_WAIT_TIMEOUT
valueFrom:
configMapKeyRef:
name: k10-config
key: KanisterPodReadyWaitTimeout
- name: K10_KANISTER_POD_METRICS_ENABLED
valueFrom:
configMapKeyRef:
name: k10-config
key: KanisterPodMetricSidecarEnabled
- name: PUSHGATEWAY_METRICS_INTERVAL
valueFrom:
configMapKeyRef:
name: k10-config
key: KanisterPodPushgatewayMetricsInterval
{{- if .Values.kanisterPodMetricSidecar.resources.requests.memory }}
- name: K10_KANISTER_POD_METRIC_SIDECAR_MEMORY_REQUEST
valueFrom:
configMapKeyRef:
name: k10-config
key: KanisterPodMetricSidecarMemoryRequest
{{- end }}
{{- if .Values.kanisterPodMetricSidecar.resources.requests.cpu }}
- name: K10_KANISTER_POD_METRIC_SIDECAR_CPU_REQUEST
{{- if eq $service "executor"}}
- name: DATA_STORE_LOG_LEVEL
valueFrom:
configMapKeyRef:
name: k10-config
key: KanisterPodMetricSidecarCPURequest
{{- end }}
{{- if .Values.kanisterPodMetricSidecar.resources.limits.memory }}
- name: K10_KANISTER_POD_METRIC_SIDECAR_MEMORY_LIMIT
key: DataStoreLogLevel
- name: DATA_STORE_FILE_LOG_LEVEL
valueFrom:
configMapKeyRef:
name: k10-config
key: KanisterPodMetricSidecarMemoryLimit
{{- end }}
{{- if .Values.kanisterPodMetricSidecar.resources.limits.cpu }}
- name: K10_KANISTER_POD_METRIC_SIDECAR_CPU_LIMIT
valueFrom:
configMapKeyRef:
name: k10-config
key: KanisterPodMetricSidecarCPULimit
{{- end }}
key: DataStoreFileLogLevel
{{- end }}
- name: LOG_LEVEL
valueFrom:
@ -511,6 +473,63 @@ There are 3 valid states of the secret provided by customer:
configMapKeyRef:
name: k10-config
key: k10DataStoreDisableCompression
- name: K10_KANISTER_POD_METRICS_IMAGE
{{- if not .Values.global.rhMarketPlace }}
{{- if .Values.global.airgapped.repository }}
value: {{ (include "get.k10ImageTag" .) | print .Values.global.airgapped.repository "/metric-sidecar:" }}
{{- else }}
value: {{ (include "get.k10ImageTag" .) | print .Values.global.image.registry "/metric-sidecar:" }}
{{- end }}{{/* if .Values.global.airgapped.repository */}}
{{- else }}
value: {{ index .Values.global.images "metric-sidecar" }}
{{- end }}{{/* if not .Values.global.rhMarketPlace */}}
- name: KANISTER_POD_READY_WAIT_TIMEOUT
valueFrom:
configMapKeyRef:
name: k10-config
key: KanisterPodReadyWaitTimeout
- name: K10_KANISTER_POD_METRICS_ENABLED
valueFrom:
configMapKeyRef:
name: k10-config
key: KanisterPodMetricSidecarEnabled
- name: PUSHGATEWAY_METRICS_INTERVAL
valueFrom:
configMapKeyRef:
name: k10-config
key: KanisterPodPushgatewayMetricsInterval
{{- if .Values.kanisterPodMetricSidecar.resources.requests.memory }}
- name: K10_KANISTER_POD_METRIC_SIDECAR_MEMORY_REQUEST
valueFrom:
configMapKeyRef:
name: k10-config
key: KanisterPodMetricSidecarMemoryRequest
{{- end }}
{{- if .Values.kanisterPodMetricSidecar.resources.requests.cpu }}
- name: K10_KANISTER_POD_METRIC_SIDECAR_CPU_REQUEST
valueFrom:
configMapKeyRef:
name: k10-config
key: KanisterPodMetricSidecarCPURequest
{{- end }}
{{- if .Values.kanisterPodMetricSidecar.resources.limits.memory }}
- name: K10_KANISTER_POD_METRIC_SIDECAR_MEMORY_LIMIT
valueFrom:
configMapKeyRef:
name: k10-config
key: KanisterPodMetricSidecarMemoryLimit
{{- end }}
{{- if .Values.kanisterPodMetricSidecar.resources.limits.cpu }}
- name: K10_KANISTER_POD_METRIC_SIDECAR_CPU_LIMIT
valueFrom:
configMapKeyRef:
name: k10-config
key: KanisterPodMetricSidecarCPULimit
{{- end }}
{{- end }}
{{- if (list "dashboardbff" "catalog" "executor" "crypto" | has $service) }}
{{- if .Values.metering.mode }}
@ -797,6 +816,7 @@ There are 3 valid states of the secret provided by customer:
mountPath: /etc/ssl/certs/webhook
readOnly: true
{{- end }}
{{- if list "dashboardbff" "auth" "controllermanager" | has $service}}
{{- if eq (include "basicauth.check" .) "true" }}
- name: k10-basic-auth
mountPath: "/var/run/secrets/kasten.io/k10-basic-auth"
@ -812,6 +832,7 @@ There are 3 valid states of the secret provided by customer:
readOnly: true
{{- end }}
{{- end }}
{{- end }}
{{- if eq (include "check.googleCredsOrSecret" .) "true"}}
- name: service-account
mountPath: "/var/run/secrets/kasten.io"
@ -847,8 +868,16 @@ There are 3 valid states of the secret provided by customer:
image: {{ include "get.kanisterToolsImage" .}}
imagePullPolicy: {{ .Values.kanisterToolsImage.pullPolicy }}
{{- dict "main" . "k10_service_pod_name" $podName "k10_service_container_name" "kanister-sidecar" | include "k10.resource.request" | indent 8}}
{{- if (.Values.fips | default dict).enabled }}
env:
{{- with $capabilities := include "k10.capabilities" . }}
- name: K10_CAPABILITIES
value: {{ $capabilities | quote }}
{{- end }}
{{- with $capabilities_mask := include "k10.capabilities_mask" . }}
- name: K10_CAPABILITIES_MASK
value: {{ $capabilities_mask | quote }}
{{- end }}
{{- if (.Values.fips | default dict).enabled }}
{{- include "k10.enforceFIPSEnvironmentVariables" . | nindent 10 }}
{{- end }}
volumeMounts:

2
charts/kasten/k10/templates/_k10_image_tag.tpl
View File

@ -1 +1 @@
{{- define "k10.imageTag" -}}6.5.13{{- end -}}
{{- define "k10.imageTag" -}}6.5.14{{- end -}}

1
charts/kasten/k10/templates/_k10_metering.tpl
View File

@ -122,6 +122,7 @@ spec:
checksum/secret: {{ include (print .Template.BasePath "/secrets.yaml") . | sha256sum }}
labels:
{{ include "helm.labels" . | indent 8 }}
{{- include "k10.azMarketPlace.billingIdentifier" . }}
component: {{ $service }}
run: {{ $service }}-svc
spec:

3
charts/kasten/k10/templates/_k10_serviceimage.tpl
View File

@ -17,6 +17,9 @@ value that is specified.
{{- $tagFromDefs := "" -}}
{{- if .main.Values.global.airgapped.repository }}
{{- $serviceImage = (include "get.k10ImageTag" .main) | print .main.Values.global.airgapped.repository "/" .k10_service ":" }}
{{- else if .main.Values.global.azMarketPlace }}
{{- $az_image := (get .main.Values.global.azure.images .k10_service) }}
{{- $serviceImage = print $az_image.registry "/" $az_image.image ":" $az_image.tag }}
{{- else }}
{{- $serviceImage = (include "get.k10ImageTag" .main) | print .main.Values.global.image.registry "/" .k10_service ":" }}
{{- end }}{{/* if .main.Values.global.airgapped.repository */}}

3
charts/kasten/k10/templates/_k10_template.tpl
View File

@ -56,6 +56,7 @@ spec:
{{- end}}
labels:
{{ include "helm.labels" . | indent 8 }}
{{- include "k10.azMarketPlace.billingIdentifier" . }}
component: {{ $service }}
run: {{ $deploymentName }}
spec:
@ -131,6 +132,7 @@ spec:
configMap:
name: k10-features
{{- end }}
{{- if list "dashboardbff" "auth" "controllermanager" | has $pod}}
{{- if eq (include "basicauth.check" .) "true" }}
- name: k10-basic-auth
secret:
@ -159,6 +161,7 @@ spec:
configMap:
name: k10-logos-dex
{{- end }}
{{- end }}
{{- range $skip, $statefulContainer := compact (dict "main" . "k10_service_pod" $pod | include "get.statefulRestServicesInPod" | splitList " ") }}
- name: {{ $statefulContainer }}-persistent-storage
persistentVolumeClaim:

1
charts/kasten/k10/templates/gateway.yaml
View File

@ -124,6 +124,7 @@ spec:
service: gateway
component: gateway
{{ include "helm.labels" . | indent 8 }}
{{- include "k10.azMarketPlace.billingIdentifier" . }}
{{- if $.Values.gateway.next_gen }}
spec:
serviceAccountName: {{ template "serviceAccountName" . }}

4
charts/kasten/k10/templates/k10-config.yaml
View File

@ -6,6 +6,8 @@ metadata:
namespace: {{ .Release.Namespace }}
name: k10-config
data:
DataStoreLogLevel: {{ default "error" | quote }}
DataStoreFileLogLevel: {{ default "" | quote }}
loglevel: {{ .Values.logLevel | quote }}
{{- if .Values.clusterName }}
clustername: {{ quote .Values.clusterName }}
@ -21,7 +23,7 @@ data:
concurrentSnapConversions: {{ default (include "k10.defaultConcurrentSnapshotConversions" .) .Values.limiter.concurrentSnapConversions | quote }}
concurrentWorkloadSnapshots: {{ include "k10.defaultConcurrentWorkloadSnapshots" . | quote }}
k10DataStoreDisableCompression: "false"
k10DataStoreParallelUpload: {{ include "k10.defaultK10DataStoreParallelUpload" . | quote }}
k10DataStoreParallelUpload: {{ .Values.datastore.parallelUploads | quote }}
k10DataStoreGeneralContentCacheSizeMB: {{ include "k10.defaultK10DataStoreGeneralContentCacheSizeMB" . | quote }}
k10DataStoreGeneralMetadataCacheSizeMB: {{ include "k10.defaultK10DataStoreGeneralMetadataCacheSizeMB" . | quote }}
k10DataStoreRestoreContentCacheSizeMB: {{ include "k10.defaultK10DataStoreRestoreContentCacheSizeMB" . | quote }}

8
charts/kasten/k10/templates/prometheus-configmap.yaml
View File

@ -1,5 +1,9 @@
{{ include "check.validatePrometheusConfig" .}}
{{- if .Values.prometheus.server.enabled -}}
{{- $cluster_domain := "" -}}
{{- with .Values.cluster.domainName -}}
{{- $cluster_domain = printf ".%s" . -}}
{{- end -}}
{{- $rbac := .Values.prometheus.rbac.create -}}
kind: ConfigMap
apiVersion: v1
@ -17,14 +21,14 @@ data:
scrape_configs:
- job_name: httpServiceDiscovery
http_sd_configs:
- url: {{ printf "http://metering-svc.%s.svc.%s:8000/v0/listScrapeTargets" .Release.Namespace .Values.cluster.domainName }}
- url: {{ printf "http://metering-svc.%s.svc%s:8000/v0/listScrapeTargets" .Release.Namespace $cluster_domain }}
{{- if .Values.kanisterPodMetricSidecar.enabled }}
- job_name: pushAggregator
honor_timestamps: true
metrics_path: /v0/push-metric-agg/metrics
static_configs:
- targets:
- {{ printf "metering-svc.%s.svc.%s:8000" .Release.Namespace .Values.cluster.domainName }}
- {{ printf "metering-svc.%s.svc%s:8000" .Release.Namespace $cluster_domain }}
{{- end -}}
{{- if .Values.prometheus.scrapeCAdvisor }}
- job_name: 'kubernetes-cadvisor'

25
charts/kasten/k10/templates/rbac.yaml
View File

@ -254,6 +254,31 @@ subjects:
kind: Group
name: {{ . }}
{{- end }}
---
kind: ClusterRoleBinding
apiVersion: rbac.authorization.k8s.io/v1
metadata:
labels:
{{ include "helm.labels" . | indent 4 }}
name: {{ .Release.Namespace }}-{{ template "serviceAccountName" . }}-mc-admin
roleRef:
apiGroup: rbac.authorization.k8s.io
kind: ClusterRole
name: {{ .Release.Name }}-mc-admin
subjects:
- apiGroup: rbac.authorization.k8s.io
kind: Group
name: k10:admins
{{- range .Values.auth.k10AdminUsers }}
- apiGroup: rbac.authorization.k8s.io
kind: User
name: {{ . }}
{{- end }}
{{- range default .Values.auth.groupAllowList .Values.auth.k10AdminGroups }}
- apiGroup: rbac.authorization.k8s.io
kind: Group
name: {{ . }}
{{- end }}
{{- end }}
{{- if and .Values.rbac.create (not .Values.prometheus.rbac.create) }}
---

2
charts/kasten/k10/templates/secure_deployment.tpl
View File

@ -19,5 +19,3 @@ A secure deployment is defined as one of the following:
{{- include "k10.fail.fipsMulticluster" . -}}
{{- include "k10.fail.fipsPDFReports" . -}}
{{- include "k10.fail.fipsGatewayNextGen" . -}}
{{- include "k10.fail.fipsDexAuthLDAP" . -}}
{{- include "k10.fail.fipsDexAuthOpenshift" . -}}

19
charts/kasten/k10/templates/{values}/grafana/values/grafana_values.tpl
View File

@ -202,6 +202,15 @@
{{- $grafana_image = (include "k10.splitImage" $grafana_image_args) | fromJson -}}
{{- end -}}
{{- if .Values.global.azMarketPlace -}}
{{- $grafana_image = ( dict
"registry" .Values.global.azure.images.grafana.registry
"repository" .Values.global.azure.images.grafana.image
"tag" .Values.global.azure.images.grafana.tag
)
-}}
{{- end -}}
{{- $_ := set .Values.grafana.image "registry" $grafana_image.registry -}}
{{- $_ := set .Values.grafana.image "repository" $grafana_image.repository -}}
{{- $_ := set .Values.grafana.image "tag" $grafana_image.tag -}}
@ -218,11 +227,21 @@
"repository" "init"
"tag" (include "get.k10ImageTag" $)
) -}}
{{- if .Values.global.images.init -}}
{{- $init_image_args := (dict "image" .Values.global.images.init "path" "global.images.init") -}}
{{- $init_image = (include "k10.splitImage" $init_image_args) | fromJson -}}
{{- end -}}
{{- if .Values.global.azMarketPlace -}}
{{- $init_image = ( dict
"registry" .Values.global.azure.images.init.registry
"repository" .Values.global.azure.images.init.image
"tag" .Values.global.azure.images.init.tag
)
-}}
{{- end -}}
{{- $_ := set .Values.grafana.downloadDashboardsImage "registry" $init_image.registry -}}
{{- $_ := set .Values.grafana.downloadDashboardsImage "repository" $init_image.repository -}}
{{- $_ := set .Values.grafana.downloadDashboardsImage "tag" $init_image.tag -}}

19
charts/kasten/k10/templates/{values}/prometheus/charts/{charts}/values/prometheus_values.tpl
View File

@ -76,6 +76,7 @@
"repository" "configmap-reload"
"tag" (include "get.k10ImageTag" $)
) -}}
{{- if (index .Values.global.images "configmap-reload") -}}
{{- $prometheus_configmap_reload_image = (
include "k10.splitImage" (dict
@ -86,6 +87,15 @@
-}}
{{- end -}}
{{- if .Values.global.azMarketPlace -}}
{{- $prometheus_configmap_reload_image = (dict
"registry" .Values.global.azure.images.configmapreload.registry
"repository" .Values.global.azure.images.configmapreload.image
"tag" .Values.global.azure.images.configmapreload.tag
)
-}}
{{- end -}}
{{- $_ := mergeOverwrite .Values.prometheus.configmapReload.prometheus.image
(dict
"repository" (list $prometheus_configmap_reload_image.registry $prometheus_configmap_reload_image.repository | compact | join "/")
@ -115,6 +125,15 @@
-}}
{{- end -}}
{{- if .Values.global.azMarketPlace -}}
{{- $prometheus_server_image = ( dict
"registry" .Values.global.azure.images.prometheus.registry
"repository" .Values.global.azure.images.prometheus.image
"tag" .Values.global.azure.images.prometheus.tag
)
-}}
{{- end -}}
{{- $_ := mergeOverwrite .Values.prometheus.server.image
(dict
"repository" (list $prometheus_server_image.registry $prometheus_server_image.repository | compact | join "/")

15
charts/kasten/k10/values.schema.json
View File

@ -791,9 +791,9 @@
"properties": {
"domainName": {
"type": "string",
"default": "cluster.local",
"default": "",
"title": "Domain name of the cluster",
"description": "Change default domain name of the cluster"
"description": "Set domain name of the cluster"
}
}
},
@ -2097,6 +2097,17 @@
"title": "K10 pods resource config",
"description": "Resource management for K10 pods"
},
"datastore": {
"type": "object",
"properties": {
"parallelUploads": {
"type": "integer",
"default": 8,
"title": "Parallelism for data store uploads",
"description": "Specifies how many files can be uploaded in parallel to the data store"
}
}
},
"defaultPriorityClassName": {
"type": "string",
"default": "",

5
charts/kasten/k10/values.yaml
View File

@ -163,7 +163,7 @@ eula:
license: "" #base64 encoded string provided by Kasten
cluster:
domainName: "cluster.local" #default value is cluster.local
domainName: ""
multicluster:
enabled: true
@ -510,3 +510,6 @@ maxJobWaitDuration: ""
forceRootInKanisterHooks: true
ephemeralPVCOverhead: 0.1
datastore:
parallelUploads: 8

28
index.yaml
View File

@ -25943,6 +25943,34 @@ entries:
- assets/trilio/k8s-triliovault-operator-v2.0.200.tgz
version: v2.0.200
k10:
- annotations:
catalog.cattle.io/certified: partner
catalog.cattle.io/display-name: K10
catalog.cattle.io/kube-version: '>= 1.17.0-0'
catalog.cattle.io/release-name: k10
apiVersion: v2
appVersion: 6.5.14
created: "2024-05-19T00:57:54.204290539Z"
dependencies:
- condition: grafana.enabled
name: grafana
repository: file://./charts/grafana
version: 7.3.2
- condition: prometheus.server.enabled
name: prometheus
repository: file://./charts/prometheus
version: 25.18.0
description: Kastens K10 Data Management Platform
digest: 8997bcb7b34b9d70762f2cb4d3801cdf5d81e7cba1a51008a7c04e0128a6ca01
home: https://kasten.io/
icon: https://docs.kasten.io/_static/logo-kasten-k10-blue-white.png
maintainers:
- email: contact@kasten.io
name: kastenIO
name: k10
urls:
- assets/kasten/k10-6.5.1401.tgz
version: 6.5.1401
- annotations:
catalog.cattle.io/certified: partner
catalog.cattle.io/display-name: K10