Charts CI
``` Updated: argo/argo-cd: - 5.36.6 bitnami/wordpress: - 16.1.18 bitnami/zookeeper: - 11.4.3 cockroach-labs/cockroachdb: - 11.0.3 codefresh/cf-runtime: - 1.0.8 crowdstrike/falcon-sensor: - 1.20.1 datadog/datadog: - 3.32.4 dh2i/dxemssql: - 1.0.4 dynatrace/dynatrace-operator: - 0.12.0 gopaddle/gopaddle: - 4.2.7 haproxy/haproxy: - 1.30.6 intel/intel-device-plugins-operator: - 0.27.1 intel/intel-device-plugins-qat: - 0.27.1 intel/intel-device-plugins-sgx: - 0.27.1 kuma/kuma: - 2.2.2 new-relic/nri-bundle: - 5.0.20 pixie/pixie-operator-chart: - 0.1.4 redpanda/redpanda: - 4.0.45 speedscale/speedscale-operator: - 1.3.17 weka/csi-wekafsplugin: - 2.1.0 ```pull/803/head
parent
ad7f01c3f2
commit
e490e38761
assets
cockroach-labs
codefresh
crowdstrike
datadog
dynatrace
gopaddle
haproxy
kuma
new-relic
redpanda
speedscale
charts
argo/argo-cd
bitnami
wordpress
zookeeper
cockroach-labs/cockroachdb
codefresh/cf-runtime
crowdstrike/falcon-sensor
datadog/datadog
dynatrace/dynatrace-operator
templates
Common
kubernetes-monitoring
gopaddle/gopaddle
charts/gp-core
files
appscanner/appscanner
appworker/appworker
clustermanager/clustermanager
Binary file not shown.
Binary file not shown.
Binary file not shown.
Binary file not shown.
Binary file not shown.
Binary file not shown.
Binary file not shown.
Binary file not shown.
Binary file not shown.
Binary file not shown.
Binary file not shown.
Binary file not shown.
Binary file not shown.
Binary file not shown.
Binary file not shown.
Binary file not shown.
Binary file not shown.
Binary file not shown.
Binary file not shown.
Binary file not shown.
|
@ -1,7 +1,9 @@
|
|||
annotations:
|
||||
artifacthub.io/changes: |
|
||||
- kind: added
|
||||
description: Add `app.kubernetes.io/version` label
|
||||
- kind: changed
|
||||
description: Upgrade Argo CD to v2.7.6
|
||||
- kind: changed
|
||||
description: applicationSet.containerPorts.metrics to 8085
|
||||
artifacthub.io/signKey: |
|
||||
fingerprint: 2B8F22F57260EFA67BE1C5824B11F800CD9D2252
|
||||
url: https://argoproj.github.io/argo-helm/pgp_keys.asc
|
||||
|
@ -10,7 +12,7 @@ annotations:
|
|||
catalog.cattle.io/kube-version: '>=1.23.0-0'
|
||||
catalog.cattle.io/release-name: argo-cd
|
||||
apiVersion: v2
|
||||
appVersion: v2.7.5
|
||||
appVersion: v2.7.6
|
||||
dependencies:
|
||||
- condition: redis-ha.enabled
|
||||
name: redis-ha
|
||||
|
@ -32,4 +34,4 @@ name: argo-cd
|
|||
sources:
|
||||
- https://github.com/argoproj/argo-helm/tree/main/charts/argo-cd
|
||||
- https://github.com/argoproj/argo-cd
|
||||
version: 5.36.4
|
||||
version: 5.36.6
|
||||
|
|
|
@ -1044,7 +1044,7 @@ If you want to use an existing Redis (eg. a managed service from a cloud provide
|
|||
| applicationSet.certificate.privateKey.size | int | `2048` | Key bit size of the private key. If algorithm is set to `Ed25519`, size is ignored. |
|
||||
| applicationSet.certificate.renewBefore | string | `""` (defaults to 360h = 15d if not specified) | How long before the expiry a certificate should be renewed. |
|
||||
| applicationSet.certificate.secretName | string | `"argocd-application-controller-tls"` | The name of the Secret that will be automatically created and managed by this Certificate resource |
|
||||
| applicationSet.containerPorts.metrics | int | `8080` | Metrics container port |
|
||||
| applicationSet.containerPorts.metrics | int | `8085` | Metrics container port |
|
||||
| applicationSet.containerPorts.probe | int | `8081` | Probe container port |
|
||||
| applicationSet.containerPorts.webhook | int | `7000` | Webhook container port |
|
||||
| applicationSet.containerSecurityContext | object | See [values.yaml] | ApplicationSet controller container-level security context |
|
||||
|
|
|
@ -2506,7 +2506,7 @@ applicationSet:
|
|||
# ApplicationSet controller container ports
|
||||
containerPorts:
|
||||
# -- Metrics container port
|
||||
metrics: 8080
|
||||
metrics: 8085
|
||||
# -- Probe container port
|
||||
probe: 8081
|
||||
# -- Webhook container port
|
||||
|
|
|
@ -40,4 +40,4 @@ maintainers:
|
|||
name: wordpress
|
||||
sources:
|
||||
- https://github.com/bitnami/charts/tree/main/bitnami/wordpress
|
||||
version: 16.1.17
|
||||
version: 16.1.18
|
||||
|
|
|
@ -20,6 +20,8 @@ It also packages the [Bitnami MariaDB chart](https://github.com/bitnami/charts/t
|
|||
|
||||
Bitnami charts can be used with [Kubeapps](https://kubeapps.dev/) for deployment and management of Helm Charts in clusters.
|
||||
|
||||
Looking to use WordPress in production? Try [VMware Application Catalog](https://bitnami.com/enterprise), the enterprise edition of Bitnami Application Catalog.
|
||||
|
||||
## Prerequisites
|
||||
|
||||
- Kubernetes 1.19+
|
||||
|
@ -80,7 +82,7 @@ The command removes all the Kubernetes components associated with the chart and
|
|||
| ------------------- | --------------------------------------------------------------------------------------------------------- | --------------------- |
|
||||
| `image.registry` | WordPress image registry | `docker.io` |
|
||||
| `image.repository` | WordPress image repository | `bitnami/wordpress` |
|
||||
| `image.tag` | WordPress image tag (immutable tags are recommended) | `6.2.2-debian-11-r16` |
|
||||
| `image.tag` | WordPress image tag (immutable tags are recommended) | `6.2.2-debian-11-r18` |
|
||||
| `image.digest` | WordPress image digest in the way sha256:aa.... Please note this parameter, if set, will override the tag | `""` |
|
||||
| `image.pullPolicy` | WordPress image pull policy | `IfNotPresent` |
|
||||
| `image.pullSecrets` | WordPress image pull secrets | `[]` |
|
||||
|
@ -247,7 +249,7 @@ The command removes all the Kubernetes components associated with the chart and
|
|||
| `volumePermissions.enabled` | Enable init container that changes the owner/group of the PV mount point to `runAsUser:fsGroup` | `false` |
|
||||
| `volumePermissions.image.registry` | Bitnami Shell image registry | `docker.io` |
|
||||
| `volumePermissions.image.repository` | Bitnami Shell image repository | `bitnami/bitnami-shell` |
|
||||
| `volumePermissions.image.tag` | Bitnami Shell image tag (immutable tags are recommended) | `11-debian-11-r127` |
|
||||
| `volumePermissions.image.tag` | Bitnami Shell image tag (immutable tags are recommended) | `11-debian-11-r128` |
|
||||
| `volumePermissions.image.digest` | Bitnami Shell image digest in the way sha256:aa.... Please note this parameter, if set, will override the tag | `""` |
|
||||
| `volumePermissions.image.pullPolicy` | Bitnami Shell image pull policy | `IfNotPresent` |
|
||||
| `volumePermissions.image.pullSecrets` | Bitnami Shell image pull secrets | `[]` |
|
||||
|
@ -279,7 +281,7 @@ The command removes all the Kubernetes components associated with the chart and
|
|||
| `metrics.enabled` | Start a sidecar prometheus exporter to expose metrics | `false` |
|
||||
| `metrics.image.registry` | Apache exporter image registry | `docker.io` |
|
||||
| `metrics.image.repository` | Apache exporter image repository | `bitnami/apache-exporter` |
|
||||
| `metrics.image.tag` | Apache exporter image tag (immutable tags are recommended) | `0.13.4-debian-11-r6` |
|
||||
| `metrics.image.tag` | Apache exporter image tag (immutable tags are recommended) | `0.13.4-debian-11-r7` |
|
||||
| `metrics.image.digest` | Apache exporter image digest in the way sha256:aa.... Please note this parameter, if set, will override the tag | `""` |
|
||||
| `metrics.image.pullPolicy` | Apache exporter image pull policy | `IfNotPresent` |
|
||||
| `metrics.image.pullSecrets` | Apache exporter image pull secrets | `[]` |
|
||||
|
|
|
@ -73,7 +73,7 @@ diagnosticMode:
|
|||
image:
|
||||
registry: docker.io
|
||||
repository: bitnami/wordpress
|
||||
tag: 6.2.2-debian-11-r16
|
||||
tag: 6.2.2-debian-11-r18
|
||||
digest: ""
|
||||
## Specify a imagePullPolicy
|
||||
## Defaults to 'Always' if image tag is 'latest', else set to 'IfNotPresent'
|
||||
|
@ -763,7 +763,7 @@ volumePermissions:
|
|||
image:
|
||||
registry: docker.io
|
||||
repository: bitnami/bitnami-shell
|
||||
tag: 11-debian-11-r127
|
||||
tag: 11-debian-11-r128
|
||||
digest: ""
|
||||
pullPolicy: IfNotPresent
|
||||
## Optionally specify an array of imagePullSecrets.
|
||||
|
@ -857,7 +857,7 @@ metrics:
|
|||
image:
|
||||
registry: docker.io
|
||||
repository: bitnami/apache-exporter
|
||||
tag: 0.13.4-debian-11-r6
|
||||
tag: 0.13.4-debian-11-r7
|
||||
digest: ""
|
||||
pullPolicy: IfNotPresent
|
||||
## Optionally specify an array of imagePullSecrets.
|
||||
|
|
|
@ -25,4 +25,4 @@ maintainers:
|
|||
name: zookeeper
|
||||
sources:
|
||||
- https://github.com/bitnami/charts/tree/main/bitnami/zookeeper
|
||||
version: 11.4.2
|
||||
version: 11.4.3
|
||||
|
|
|
@ -80,7 +80,7 @@ The command removes all the Kubernetes components associated with the chart and
|
|||
| ----------------------------- | -------------------------------------------------------------------------------------------------------------------------- | ----------------------- |
|
||||
| `image.registry` | ZooKeeper image registry | `docker.io` |
|
||||
| `image.repository` | ZooKeeper image repository | `bitnami/zookeeper` |
|
||||
| `image.tag` | ZooKeeper image tag (immutable tags are recommended) | `3.8.1-debian-11-r36` |
|
||||
| `image.tag` | ZooKeeper image tag (immutable tags are recommended) | `3.8.1-debian-11-r46` |
|
||||
| `image.digest` | ZooKeeper image digest in the way sha256:aa.... Please note this parameter, if set, will override the tag | `""` |
|
||||
| `image.pullPolicy` | ZooKeeper image pull policy | `IfNotPresent` |
|
||||
| `image.pullSecrets` | Specify docker-registry secret names as an array | `[]` |
|
||||
|
@ -246,7 +246,7 @@ The command removes all the Kubernetes components associated with the chart and
|
|||
| `volumePermissions.enabled` | Enable init container that changes the owner and group of the persistent volume | `false` |
|
||||
| `volumePermissions.image.registry` | Init container volume-permissions image registry | `docker.io` |
|
||||
| `volumePermissions.image.repository` | Init container volume-permissions image repository | `bitnami/bitnami-shell` |
|
||||
| `volumePermissions.image.tag` | Init container volume-permissions image tag (immutable tags are recommended) | `11-debian-11-r118` |
|
||||
| `volumePermissions.image.tag` | Init container volume-permissions image tag (immutable tags are recommended) | `11-debian-11-r127` |
|
||||
| `volumePermissions.image.digest` | Init container volume-permissions image digest in the way sha256:aa.... Please note this parameter, if set, will override the tag | `""` |
|
||||
| `volumePermissions.image.pullPolicy` | Init container volume-permissions image pull policy | `IfNotPresent` |
|
||||
| `volumePermissions.image.pullSecrets` | Init container volume-permissions image pull secrets | `[]` |
|
||||
|
@ -507,7 +507,7 @@ kubectl delete statefulset zookeeper-zookeeper --cascade=false
|
|||
|
||||
## License
|
||||
|
||||
Copyright © 2023 Bitnami
|
||||
Copyright © 2023 VMware, Inc.
|
||||
|
||||
Licensed under the Apache License, Version 2.0 (the "License");
|
||||
you may not use this file except in compliance with the License.
|
||||
|
|
|
@ -76,7 +76,7 @@ diagnosticMode:
|
|||
image:
|
||||
registry: docker.io
|
||||
repository: bitnami/zookeeper
|
||||
tag: 3.8.1-debian-11-r36
|
||||
tag: 3.8.1-debian-11-r46
|
||||
digest: ""
|
||||
## Specify a imagePullPolicy
|
||||
## Defaults to 'Always' if image tag is 'latest', else set to 'IfNotPresent'
|
||||
|
@ -660,7 +660,7 @@ volumePermissions:
|
|||
image:
|
||||
registry: docker.io
|
||||
repository: bitnami/bitnami-shell
|
||||
tag: 11-debian-11-r118
|
||||
tag: 11-debian-11-r127
|
||||
digest: ""
|
||||
pullPolicy: IfNotPresent
|
||||
## Optionally specify an array of imagePullSecrets.
|
||||
|
|
|
@ -4,7 +4,7 @@ annotations:
|
|||
catalog.cattle.io/kube-version: '>=1.8-0'
|
||||
catalog.cattle.io/release-name: cockroachdb
|
||||
apiVersion: v1
|
||||
appVersion: 23.1.3
|
||||
appVersion: 23.1.4
|
||||
description: CockroachDB is a scalable, survivable, strongly-consistent SQL database.
|
||||
home: https://www.cockroachlabs.com
|
||||
icon: https://raw.githubusercontent.com/cockroachdb/cockroach/master/docs/media/cockroach_db.png
|
||||
|
@ -14,4 +14,4 @@ maintainers:
|
|||
name: cockroachdb
|
||||
sources:
|
||||
- https://github.com/cockroachdb/cockroach
|
||||
version: 11.0.2
|
||||
version: 11.0.3
|
||||
|
|
|
@ -229,10 +229,10 @@ kubectl get pods \
|
|||
```
|
||||
|
||||
```
|
||||
my-release-cockroachdb-0 cockroachdb/cockroach:v23.1.3
|
||||
my-release-cockroachdb-1 cockroachdb/cockroach:v23.1.3
|
||||
my-release-cockroachdb-2 cockroachdb/cockroach:v23.1.3
|
||||
my-release-cockroachdb-3 cockroachdb/cockroach:v23.1.3
|
||||
my-release-cockroachdb-0 cockroachdb/cockroach:v23.1.4
|
||||
my-release-cockroachdb-1 cockroachdb/cockroach:v23.1.4
|
||||
my-release-cockroachdb-2 cockroachdb/cockroach:v23.1.4
|
||||
my-release-cockroachdb-3 cockroachdb/cockroach:v23.1.4
|
||||
```
|
||||
|
||||
Resume normal operations. Once you are comfortable that the stability and performance of the cluster is what you'd expect post-upgrade, finalize the upgrade:
|
||||
|
@ -316,7 +316,7 @@ For details see the [`values.yaml`](values.yaml) file.
|
|||
| `conf.store.size` | CockroachDB storage size | `""` |
|
||||
| `conf.store.attrs` | CockroachDB storage attributes | `""` |
|
||||
| `image.repository` | Container image name | `cockroachdb/cockroach` |
|
||||
| `image.tag` | Container image tag | `v23.1.3` |
|
||||
| `image.tag` | Container image tag | `v23.1.4` |
|
||||
| `image.pullPolicy` | Container pull policy | `IfNotPresent` |
|
||||
| `image.credentials` | `registry`, `user` and `pass` credentials to pull private image | `{}` |
|
||||
| `statefulset.replicas` | StatefulSet replicas number | `3` |
|
||||
|
|
|
@ -1,7 +1,7 @@
|
|||
# Generated file, DO NOT EDIT. Source: build/templates/values.yaml
|
||||
image:
|
||||
repository: cockroachdb/cockroach
|
||||
tag: v23.1.3
|
||||
tag: v23.1.4
|
||||
pullPolicy: IfNotPresent
|
||||
credentials: {}
|
||||
# registry: docker.io
|
||||
|
|
|
@ -15,4 +15,4 @@ maintainers:
|
|||
- name: codefresh
|
||||
url: https://codefresh-io.github.io/
|
||||
name: cf-runtime
|
||||
version: 1.0.7
|
||||
version: 1.0.8
|
||||
|
|
|
@ -1,6 +1,6 @@
|
|||
## Codefresh Runner
|
||||
|
||||
![Version: 1.0.7](https://img.shields.io/badge/Version-1.0.7-informational?style=flat-square)
|
||||
![Version: 1.0.8](https://img.shields.io/badge/Version-1.0.8-informational?style=flat-square)
|
||||
|
||||
## Prerequisites
|
||||
|
||||
|
@ -91,6 +91,7 @@ Kubernetes: `>=1.19.0-0`
|
|||
| re.dindDaemon.tlskey | string | `"/etc/ssl/cf/server-key.pem"` | |
|
||||
| re.dindDaemon.tlsverify | bool | `true` | |
|
||||
| re.serviceAccount | object | `{"annotations":{}}` | Set annotation on engine Service Account Ref: https://codefresh.io/docs/docs/administration/codefresh-runner/#injecting-aws-arn-roles-into-the-cluster |
|
||||
| runner.annotations | object | `{}` | Add annotations to runner pod |
|
||||
| runner.env | object | `{}` | Add additional env vars |
|
||||
| runner.image | string | `"codefresh/venona:1.9.16"` | Set runner image |
|
||||
| runner.nodeSelector | object | `{}` | Set runner node selector |
|
||||
|
|
|
@ -8,5 +8,5 @@ metadata:
|
|||
annotations:
|
||||
{{- range $key, $value := .Values.re.serviceAccount.annotations }}
|
||||
{{ $key }}: {{ $value }}
|
||||
{{- end}}
|
||||
{{- end}}
|
||||
{{- end}}
|
||||
|
|
|
@ -16,6 +16,10 @@ spec:
|
|||
template:
|
||||
metadata:
|
||||
labels: {{- include "cf-runner.labels" . | nindent 8 }}
|
||||
annotations:
|
||||
{{- range $key, $value := .Values.runner.annotations }}
|
||||
{{ $key }}: {{ $value }}
|
||||
{{- end}}
|
||||
spec:
|
||||
serviceAccountName: {{ include "cf-runner.fullname" . }}
|
||||
{{- if .Values.runner.nodeSelector }}
|
||||
|
|
|
@ -7,5 +7,5 @@ metadata:
|
|||
{{- if .Values.volumeProvisioner.serviceAccount }}
|
||||
{{- range $key, $value := .Values.volumeProvisioner.serviceAccount.annotations }}
|
||||
{{ $key }}: {{ $value }}
|
||||
{{- end}}
|
||||
{{- end}}
|
||||
{{- end}}
|
||||
|
|
|
@ -8,7 +8,7 @@ metadata:
|
|||
{{/* annotations:*/}}
|
||||
{{/* {{ range $key, $value := .Values.Storage.Annotations }}*/}}
|
||||
{{/* {{ $key }}: {{ $value }}*/}}
|
||||
{{/* {{ end }}*/}}
|
||||
{{/* {{ end }}*/}}
|
||||
provisioner: {{ include "cf-vp.volumeProvisionerName" . }}
|
||||
parameters:
|
||||
{{- if eq .Values.storage.backend "local" }}
|
||||
|
|
|
@ -61,6 +61,9 @@ runner:
|
|||
# operator: Equal
|
||||
# value: dind
|
||||
# effect: NoSchedule
|
||||
|
||||
# -- Add annotations to runner pod
|
||||
annotations: {}
|
||||
|
||||
# Volume Provisioner parameters
|
||||
# @default -- See below
|
||||
|
|
|
@ -4,7 +4,7 @@ annotations:
|
|||
catalog.cattle.io/kube-version: '>1.22.0-0'
|
||||
catalog.cattle.io/release-name: falcon-sensor
|
||||
apiVersion: v2
|
||||
appVersion: 1.19.1
|
||||
appVersion: 1.20.1
|
||||
description: A Helm chart to deploy CrowdStrike Falcon sensors into Kubernetes clusters.
|
||||
home: https://crowdstrike.com
|
||||
icon: https://raw.githubusercontent.com/CrowdStrike/falcon-helm/main/images/crowdstrike-logo.svg
|
||||
|
@ -24,4 +24,4 @@ name: falcon-sensor
|
|||
sources:
|
||||
- https://github.com/CrowdStrike/falcon-helm
|
||||
type: application
|
||||
version: 1.19.1
|
||||
version: 1.20.1
|
||||
|
|
|
@ -87,13 +87,6 @@ kubectl label --overwrite ns my-existing-namespace \
|
|||
pod-security.kubernetes.io/enforce=privileged
|
||||
```
|
||||
|
||||
If your cluster is OpenShift version 4.11+, you will need to add an additional label to disable added OpenShift functionality that will sync Pod Security Standard policies based on the default Security Context Constraints (SCC).
|
||||
Run the following command replacing `my-existing-namespace` with the namespace that you have installed the falcon sensors e.g. `falcon-system`.
|
||||
```
|
||||
kubectl label --overwrite ns my-existing-namespace \
|
||||
security.openshift.io/scc.podSecurityLabelSync=false
|
||||
```
|
||||
|
||||
If desired to silence the warning and change the auditing level for the Pod Security Standard, add the following labels
|
||||
```
|
||||
kubectl label ns --overwrite my-existing-namespace pod-security.kubernetes.io/audit=privileged
|
||||
|
@ -207,7 +200,7 @@ The following tables lists the more common configurable parameters of the chart
|
|||
| `container.image.pullPolicy` | Policy for updating images | `Always` |
|
||||
| `container.image.pullSecrets.enable` | Enable pull secrets for private registry | `false` |
|
||||
| `container.image.pullSecrets.namespaces` | List of Namespaces to pull the Falcon sensor from an authenticated registry | None |
|
||||
| `container.image.pullSecrets.allNamespaces` | Use Helm's lookup function to deploy the pull secret to all namespaces | `false` |
|
||||
| `container.image.pullSecrets.allNamespaces` | Use Helm's lookup function to deploy the pull secret to all namespaces. Helm chart must be re-run everytime a new namespace is created. | `false` |
|
||||
| `container.image.pullSecrets.registryConfigJSON` | base64 encoded docker config json for the pull secret | None |
|
||||
| `container.image.sensorResources` | The requests and limits of the sensor ([see example below](#example-using-containerimagesensorresources)) | None |
|
||||
| `falcon.cid` | CrowdStrike Customer ID (CID) | None (Required) |
|
||||
|
|
|
@ -17,10 +17,3 @@ The default image name to deploy the pod sensor is `falcon-sensor`.
|
|||
When utilizing your own registry, an extremely common error on installation is accidentally forgetting to add your containerized
|
||||
sensor to your local image registry prior to executing `helm install`. Please read the Helm Chart's readme
|
||||
for more deployment considerations.
|
||||
|
||||
{{ if and (.Capabilities.APIVersions.Has "security.openshift.io/v1") .Values.container.enabled -}}
|
||||
If deploying the Falcon Container Sensor on Red Hat OpenShift, push the Falcon Container sensor image
|
||||
after you install the Helm Chart if you are using OpenShift's internal registry.
|
||||
This is due to OpenShift requiring a valid ImageStream Tag to pull from a valid image hash in
|
||||
the internal registry.
|
||||
{{- end }}
|
||||
|
|
|
@ -19,31 +19,6 @@ rules:
|
|||
verbs:
|
||||
- get
|
||||
{{- end }}
|
||||
{{- if .Capabilities.APIVersions.Has "image.openshift.io/v1" }}
|
||||
- apiGroups:
|
||||
- ""
|
||||
- image.openshift.io
|
||||
resources:
|
||||
- imagestreams/layers
|
||||
verbs:
|
||||
- get
|
||||
{{- end }}
|
||||
{{- if .Capabilities.APIVersions.Has "security.openshift.io/v1" }}
|
||||
- apiGroups:
|
||||
- security.openshift.io
|
||||
resources:
|
||||
- securitycontextconstraints
|
||||
resourceNames:
|
||||
{{- if .Values.node.enabled }}
|
||||
- privileged
|
||||
{{- end }}
|
||||
{{- if .Values.container.enabled }}
|
||||
- {{ include "falcon-sensor.fullname" . }}-container
|
||||
{{- end }}
|
||||
verbs:
|
||||
- use
|
||||
{{- end }}
|
||||
{{- if not (.Capabilities.APIVersions.Has "security.openshift.io/v1") }}
|
||||
{{- if .Capabilities.APIVersions.Has "policy/v1beta1/PodSecurityPolicy" }}
|
||||
- apiGroups:
|
||||
- policy
|
||||
|
@ -59,4 +34,3 @@ rules:
|
|||
verbs:
|
||||
- use
|
||||
{{- end }}
|
||||
{{- end }}
|
||||
|
|
|
@ -1,4 +1,3 @@
|
|||
{{- if not (.Capabilities.APIVersions.Has "security.openshift.io/v1") }}
|
||||
{{- if lt (int (semver .Capabilities.KubeVersion.Version).Minor) 25 }}
|
||||
{{- if .Capabilities.APIVersions.Has "policy/v1beta1/PodSecurityPolicy" }}
|
||||
{{- if .Values.container.enabled }}
|
||||
|
@ -55,4 +54,3 @@ spec:
|
|||
{{- end }}
|
||||
{{- end }}
|
||||
{{- end }}
|
||||
{{- end }}
|
||||
|
|
|
@ -1,58 +0,0 @@
|
|||
{{- if .Values.container.enabled }}
|
||||
{{- if .Capabilities.APIVersions.Has "security.openshift.io/v1" }}
|
||||
kind: SecurityContextConstraints
|
||||
apiVersion: security.openshift.io/v1
|
||||
metadata:
|
||||
name: {{ include "falcon-sensor.fullname" . }}-container
|
||||
labels:
|
||||
app: {{ include "falcon-sensor.name" . }}
|
||||
app.kubernetes.io/name: {{ include "falcon-sensor.name" . }}
|
||||
app.kubernetes.io/instance: {{ .Release.Name }}
|
||||
app.kubernetes.io/managed-by: {{ .Release.Service }}
|
||||
app.kubernetes.io/component: "container_sensor"
|
||||
crowdstrike.com/provider: crowdstrike
|
||||
helm.sh/chart: {{ include "falcon-sensor.chart" . }}
|
||||
allowPrivilegedContainer: false
|
||||
runAsUser:
|
||||
type: RunAsAny
|
||||
seLinuxContext:
|
||||
type: MustRunAs
|
||||
fsGroup:
|
||||
type: MustRunAs
|
||||
supplementalGroups:
|
||||
type: MustRunAs
|
||||
allowHostDirVolumePlugin: false
|
||||
allowHostIPC: false
|
||||
allowHostNetwork: false
|
||||
allowHostPID: false
|
||||
allowHostPorts: false
|
||||
readOnlyRootFilesystem: false
|
||||
requiredDropCapabilities:
|
||||
- KILL
|
||||
- MKNOD
|
||||
- SYS_CHROOT
|
||||
- AUDIT_WRITE
|
||||
- CHOWN
|
||||
- DAC_OVERRIDE
|
||||
- FOWNER
|
||||
- FSETID
|
||||
- NET_BIND_SERVICE
|
||||
- NET_RAW
|
||||
- SETGID
|
||||
- SETPCAP
|
||||
- SETUID
|
||||
defaultAddCapabilities:
|
||||
- SYS_PTRACE
|
||||
allowedCapabilities:
|
||||
- SYS_PTRACE
|
||||
users:
|
||||
groups:
|
||||
volumes:
|
||||
- configMap
|
||||
- downwardAPI
|
||||
- emptyDir
|
||||
- persistentVolumeClaim
|
||||
- projected
|
||||
- secret
|
||||
{{- end }}
|
||||
{{- end }}
|
|
@ -10,7 +10,7 @@ metadata:
|
|||
data:
|
||||
.dockerconfigjson: {{ $registry }}
|
||||
type: kubernetes.io/dockerconfigjson
|
||||
{{- if .Values.container.image.pullSecrets.namespaces }}
|
||||
{{- if or .Values.container.image.pullSecrets.namespaces .Values.container.image.pullSecrets.allNamespaces }}
|
||||
{{- $name := ( .Values.container.image.pullSecrets.name | default (printf "%s-pull-secret" (include "falcon-sensor.fullname" .))) }}
|
||||
{{- $myns := split "," .Values.container.image.pullSecrets.namespaces -}}
|
||||
{{- if .Values.container.image.pullSecrets.allNamespaces }}
|
||||
|
|
|
@ -1,4 +1,3 @@
|
|||
{{- if not (.Capabilities.APIVersions.Has "security.openshift.io/v1") }}
|
||||
{{- if .Capabilities.APIVersions.Has "policy/v1beta1/PodSecurityPolicy" }}
|
||||
{{- if lt (int (semver .Capabilities.KubeVersion.Version).Minor) 25 }}
|
||||
{{- if .Values.node.enabled }}
|
||||
|
@ -36,4 +35,3 @@ spec:
|
|||
{{- end }}
|
||||
{{- end }}
|
||||
{{- end }}
|
||||
{{- end }}
|
|
@ -1,5 +1,13 @@
|
|||
# Datadog changelog
|
||||
|
||||
## 3.32.4
|
||||
|
||||
* Add futimens, utime, utimes and utimensat syscalls to system-probe seccomp.
|
||||
|
||||
## 3.32.3
|
||||
|
||||
* Allows configuration of `dogstatsd.tagCardinality` independent of `dogstatsd.originDetection`.
|
||||
|
||||
## 3.32.2
|
||||
|
||||
* Set the `priority` field of the OpenShift’s SCC to `null` in order to not have a higher priority than the OpenShift 4.11+ default `restricted-v2` SCC.
|
||||
|
|
|
@ -19,4 +19,4 @@ name: datadog
|
|||
sources:
|
||||
- https://app.datadoghq.com/account/settings#agent/kubernetes
|
||||
- https://github.com/DataDog/datadog-agent
|
||||
version: 3.32.2
|
||||
version: 3.32.4
|
||||
|
|
|
@ -1,6 +1,6 @@
|
|||
# Datadog
|
||||
|
||||
![Version: 3.32.2](https://img.shields.io/badge/Version-3.32.2-informational?style=flat-square) ![AppVersion: 7](https://img.shields.io/badge/AppVersion-7-informational?style=flat-square)
|
||||
![Version: 3.32.4](https://img.shields.io/badge/Version-3.32.4-informational?style=flat-square) ![AppVersion: 7](https://img.shields.io/badge/AppVersion-7-informational?style=flat-square)
|
||||
|
||||
[Datadog](https://www.datadoghq.com/) is a hosted infrastructure monitoring platform. This chart adds the Datadog Agent to all nodes in your cluster via a DaemonSet. It also optionally depends on the [kube-state-metrics chart](https://github.com/prometheus-community/helm-charts/tree/main/charts/kube-state-metrics). For more information about monitoring Kubernetes with Datadog, please refer to the [Datadog documentation website](https://docs.datadoghq.com/agent/basic_agent_usage/kubernetes/).
|
||||
|
||||
|
|
|
@ -73,6 +73,8 @@
|
|||
{{- if .Values.datadog.dogstatsd.originDetection }}
|
||||
- name: DD_DOGSTATSD_ORIGIN_DETECTION
|
||||
value: {{ .Values.datadog.dogstatsd.originDetection | quote }}
|
||||
{{- end }}
|
||||
{{- if .Values.datadog.dogstatsd.tagCardinality }}
|
||||
- name: DD_DOGSTATSD_TAG_CARDINALITY
|
||||
value: {{ .Values.datadog.dogstatsd.tagCardinality | quote }}
|
||||
{{- end }}
|
||||
|
|
|
@ -135,6 +135,7 @@ data:
|
|||
"fstatfs",
|
||||
"fsync",
|
||||
"futex",
|
||||
"futimens",
|
||||
"getcwd",
|
||||
"getdents",
|
||||
"getdents64",
|
||||
|
@ -254,6 +255,9 @@ data:
|
|||
"uname",
|
||||
"unlink",
|
||||
"unlinkat",
|
||||
"utime",
|
||||
"utimensat",
|
||||
"utimes",
|
||||
"wait4",
|
||||
"waitid",
|
||||
"waitpid",
|
||||
|
|
|
@ -1,7 +1,7 @@
|
|||
annotations:
|
||||
catalog.cattle.io/certified: partner
|
||||
catalog.cattle.io/display-name: DxEnterprise for Microsoft SQL AG
|
||||
catalog.cattle.io/kube-version: '>= 1.20.0'
|
||||
catalog.cattle.io/kube-version: '>= 1.20.0-0'
|
||||
catalog.cattle.io/release-name: dxemssql
|
||||
charts.openshift.io/name: DxEnterprise for Microsoft SQL AG
|
||||
apiVersion: v2
|
||||
|
@ -9,11 +9,11 @@ appVersion: "22.0"
|
|||
description: Helm chart for DH2i's DxEnterprise clustering solution with SQL Server
|
||||
availability groups
|
||||
icon: https://raw.githubusercontent.com/dh2i/helm/main/assets/DH2i_Logo_Icon.png
|
||||
kubeVersion: '>= 1.20.0'
|
||||
kubeVersion: '>= 1.20.0-0'
|
||||
maintainers:
|
||||
- email: support@dh2i.com
|
||||
name: DH2i Company
|
||||
url: https://dh2i.com
|
||||
name: dxemssql
|
||||
type: application
|
||||
version: 1.0.3
|
||||
version: 1.0.4
|
||||
|
|
|
@ -8,4 +8,8 @@ This chart deploys a SQL Server availability group managed by DxEnterprise clust
|
|||
- A DxEnterprise license key with availability group management features and tunnels enabled
|
||||
- Optional: DxAdmin installed on a Windows machine. Installation instructions for DxAdmin can be found in [DH2i documentation](https://support.dh2i.com/docs/v22.0/guides/dxenterprise/installation/dxadmin-qsg)
|
||||
|
||||
# Additional Information
|
||||
|
||||
Instructions for creating this chart using Rancher can be found in the [DxEnterprise Rancher guide](https://support.dh2i.com/docs/v22.0/guides/dxenterprise/containers/kubernetes/mssql-ag-rancher#install-the-helm-chart), and additional DxEnterprise Kubernetes documentation can be found [here](https://support.dh2i.com/docs/v22.0/category/guides/dxenterprise/containers/kubernetes/).
|
||||
|
||||
Before creating an availability group, reference SQL Server's [quorum considerations](https://support.dh2i.com/docs/kbs/sql_server/availability_groups/quorum-considerations-for-sql-server-availability-groups) when determining the quantity of replicas to deploy.
|
||||
|
|
|
@ -2,7 +2,7 @@ questions:
|
|||
- variable: replicas
|
||||
label: "Replicas"
|
||||
type: int
|
||||
description: "The quantity of replicas (pods) to create."
|
||||
description: "The quantity of replicas (pods) to create. Note that setting the replica quantity to a value less than 3 does not meet Microsoft's quorum requirements for HA. Only set this value below 3 if you intend to add these replicas to an existing AG."
|
||||
default: 3
|
||||
required: true
|
||||
group: General
|
||||
|
|
|
@ -7,7 +7,7 @@
|
|||
"properties": {
|
||||
"replicas": {
|
||||
"type": "integer",
|
||||
"minimum": 3,
|
||||
"minimum": 1,
|
||||
"maximum": 5
|
||||
}
|
||||
}
|
||||
|
|
|
@ -2,12 +2,15 @@
|
|||
# This is a YAML-formatted file.
|
||||
# Declare variables to be passed into your templates.
|
||||
|
||||
#General
|
||||
# General
|
||||
# CAUTION: Setting the replica quantity to a value less than 3 does not meet Microsoft's quorum requirements for HA.
|
||||
# See https://support.dh2i.com/docs/kbs/sql_server/availability_groups/quorum-considerations-for-sql-server-availability-groups
|
||||
# Only set this value below 3 if you intend to assign these replicas to an existing availability group
|
||||
replicas: 3
|
||||
secretKeys: null
|
||||
enableLoadBalancers: "true"
|
||||
|
||||
#SQL Server settings
|
||||
# SQL Server settings
|
||||
sqlImage:
|
||||
repository: "mcr.microsoft.com/mssql/server"
|
||||
pullPolicy: Always
|
||||
|
@ -17,7 +20,7 @@ MSSQL_PID: "Developer"
|
|||
ACCEPT_EULA: null
|
||||
MSSQL_AGENT_ENABLED: "false"
|
||||
|
||||
#DxEnterprise settings
|
||||
# DxEnterprise settings
|
||||
dxeImage:
|
||||
repository: dh2i/dxe
|
||||
pullPolicy: Always
|
||||
|
|
|
@ -4,7 +4,7 @@ annotations:
|
|||
catalog.cattle.io/kube-version: '>=1.19.0-0'
|
||||
catalog.cattle.io/release-name: dynatrace-operator
|
||||
apiVersion: v2
|
||||
appVersion: 0.11.2
|
||||
appVersion: 0.12.0
|
||||
description: The Dynatrace Operator Helm chart for Kubernetes and OpenShift
|
||||
home: https://www.dynatrace.com/
|
||||
icon: https://assets.dynatrace.com/global/resources/Signet_Logo_RGB_CP_512x512px.png
|
||||
|
@ -20,4 +20,4 @@ name: dynatrace-operator
|
|||
sources:
|
||||
- https://github.com/Dynatrace/dynatrace-operator
|
||||
type: application
|
||||
version: 0.11.2
|
||||
version: 0.12.0
|
||||
|
|
|
@ -1,6 +1,5 @@
|
|||
{{- include "dynatrace-operator.platformRequired" . }}
|
||||
{{- if eq (default false .Values.olm) true}}
|
||||
{{ if eq (include "dynatrace-operator.partial" .) "false" }}
|
||||
{{- if (eq (include "dynatrace-operator.platform" .) "openshift") }}
|
||||
|
||||
# Copyright 2021 Dynatrace LLC
|
||||
|
||||
|
@ -25,11 +24,25 @@ rules:
|
|||
- apiGroups:
|
||||
- security.openshift.io
|
||||
resourceNames:
|
||||
- host
|
||||
- privileged
|
||||
- nonroot-v2
|
||||
resources:
|
||||
- securitycontextconstraints
|
||||
verbs:
|
||||
- use
|
||||
{{- end -}}
|
||||
---
|
||||
kind: ClusterRoleBinding
|
||||
apiVersion: rbac.authorization.k8s.io/v1
|
||||
metadata:
|
||||
name: dynatrace-activegate
|
||||
labels:
|
||||
{{- include "dynatrace-operator.activegateLabels" . | nindent 4 }}
|
||||
subjects:
|
||||
- kind: ServiceAccount
|
||||
name: dynatrace-activegate
|
||||
namespace: {{ .Release.Namespace }}
|
||||
roleRef:
|
||||
kind: ClusterRole
|
||||
name: dynatrace-activegate
|
||||
apiGroup: rbac.authorization.k8s.io
|
||||
{{- end -}}
|
||||
|
|
|
@ -1,32 +0,0 @@
|
|||
{{- include "dynatrace-operator.platformRequired" . }}
|
||||
{{- if eq (default false .Values.olm) true}}
|
||||
{{ if eq (include "dynatrace-operator.partial" .) "false" }}
|
||||
# Copyright 2021 Dynatrace LLC
|
||||
|
||||
# Licensed under the Apache License, Version 2.0 (the "License");
|
||||
# you may not use this file except in compliance with the License.
|
||||
# You may obtain a copy of the License at
|
||||
|
||||
# http://www.apache.org/licenses/LICENSE-2.0
|
||||
|
||||
# Unless required by applicable law or agreed to in writing, software
|
||||
# distributed under the License is distributed on an "AS IS" BASIS,
|
||||
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
||||
# See the License for the specific language governing permissions and
|
||||
# limitations under the License.
|
||||
kind: ClusterRoleBinding
|
||||
apiVersion: rbac.authorization.k8s.io/v1
|
||||
metadata:
|
||||
name: dynatrace-activegate
|
||||
labels:
|
||||
{{- include "dynatrace-operator.activegateLabels" . | nindent 4 }}
|
||||
subjects:
|
||||
- kind: ServiceAccount
|
||||
name: dynatrace-activegate
|
||||
namespace: {{ .Release.Namespace }}
|
||||
roleRef:
|
||||
kind: ClusterRole
|
||||
name: dynatrace-activegate
|
||||
apiGroup: rbac.authorization.k8s.io
|
||||
{{- end -}}
|
||||
{{- end -}}
|
|
@ -4,7 +4,7 @@ apiVersion: apiextensions.k8s.io/v1
|
|||
kind: CustomResourceDefinition
|
||||
metadata:
|
||||
annotations:
|
||||
controller-gen.kubebuilder.io/version: v0.11.1
|
||||
controller-gen.kubebuilder.io/version: v0.12.0
|
||||
name: dynakubes.dynatrace.com
|
||||
spec:
|
||||
conversion:
|
||||
|
|
|
@ -62,4 +62,29 @@ rules:
|
|||
- get
|
||||
- list
|
||||
- watch
|
||||
{{- if (eq (include "dynatrace-operator.platform" .) "openshift") }}
|
||||
- apiGroups:
|
||||
- security.openshift.io
|
||||
resourceNames:
|
||||
- privileged
|
||||
resources:
|
||||
- securitycontextconstraints
|
||||
verbs:
|
||||
- use
|
||||
{{ end }}
|
||||
---
|
||||
kind: ClusterRoleBinding
|
||||
apiVersion: rbac.authorization.k8s.io/v1
|
||||
metadata:
|
||||
name: dynatrace-oneagent-csi-driver
|
||||
labels:
|
||||
{{- include "dynatrace-operator.csiLabels" . | nindent 4 }}
|
||||
subjects:
|
||||
- kind: ServiceAccount
|
||||
name: dynatrace-oneagent-csi-driver
|
||||
namespace: {{ .Release.Namespace }}
|
||||
roleRef:
|
||||
kind: ClusterRole
|
||||
name: dynatrace-oneagent-csi-driver
|
||||
apiGroup: rbac.authorization.k8s.io
|
||||
{{- end -}}
|
||||
|
|
|
@ -1,30 +0,0 @@
|
|||
{{- include "dynatrace-operator.platformRequired" . }}
|
||||
{{ if eq (include "dynatrace-operator.needCSI" .) "true" }}
|
||||
# Copyright 2021 Dynatrace LLC
|
||||
|
||||
# Licensed under the Apache License, Version 2.0 (the "License");
|
||||
# you may not use this file except in compliance with the License.
|
||||
# You may obtain a copy of the License at
|
||||
|
||||
# http://www.apache.org/licenses/LICENSE-2.0
|
||||
|
||||
# Unless required by applicable law or agreed to in writing, software
|
||||
# distributed under the License is distributed on an "AS IS" BASIS,
|
||||
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
||||
# See the License for the specific language governing permissions and
|
||||
# limitations under the License.
|
||||
kind: ClusterRoleBinding
|
||||
apiVersion: rbac.authorization.k8s.io/v1
|
||||
metadata:
|
||||
name: dynatrace-oneagent-csi-driver
|
||||
labels:
|
||||
{{- include "dynatrace-operator.csiLabels" . | nindent 4 }}
|
||||
subjects:
|
||||
- kind: ServiceAccount
|
||||
name: dynatrace-oneagent-csi-driver
|
||||
namespace: {{ .Release.Namespace }}
|
||||
roleRef:
|
||||
kind: ClusterRole
|
||||
name: dynatrace-oneagent-csi-driver
|
||||
apiGroup: rbac.authorization.k8s.io
|
||||
{{- end -}}
|
|
@ -18,7 +18,7 @@ kind: CSIDriver
|
|||
metadata:
|
||||
name: csi.oneagent.dynatrace.com
|
||||
labels:
|
||||
{{- if (eq (include "dynatrace-operator.openshiftOrOlm" .) "true") }}
|
||||
{{- if (eq (include "dynatrace-operator.platform" .) "openshift") }}
|
||||
security.openshift.io/csi-ephemeral-volume-profile: "restricted"
|
||||
{{- end }}
|
||||
{{- include "dynatrace-operator.csiLabels" . | nindent 4 }}
|
||||
|
|
|
@ -279,6 +279,9 @@ spec:
|
|||
- key: kubernetes.io/arch
|
||||
value: amd64
|
||||
effect: NoSchedule
|
||||
- key: kubernetes.io/arch
|
||||
value: ppc64le
|
||||
effect: NoSchedule
|
||||
- key: ToBeDeletedByClusterAutoscaler
|
||||
operator: Exists
|
||||
effect: NoSchedule
|
||||
|
|
|
@ -67,4 +67,20 @@ rules:
|
|||
- get
|
||||
- list
|
||||
- watch
|
||||
---
|
||||
kind: RoleBinding
|
||||
apiVersion: rbac.authorization.k8s.io/v1
|
||||
metadata:
|
||||
name: dynatrace-oneagent-csi-driver
|
||||
namespace: {{ .Release.Namespace }}
|
||||
labels:
|
||||
{{- include "dynatrace-operator.csiLabels" . | nindent 4 }}
|
||||
subjects:
|
||||
- kind: ServiceAccount
|
||||
name: dynatrace-oneagent-csi-driver
|
||||
namespace: {{ .Release.Namespace }}
|
||||
roleRef:
|
||||
kind: Role
|
||||
name: dynatrace-oneagent-csi-driver
|
||||
apiGroup: rbac.authorization.k8s.io
|
||||
{{- end -}}
|
||||
|
|
|
@ -1,31 +0,0 @@
|
|||
{{- include "dynatrace-operator.platformRequired" . }}
|
||||
{{ if eq (include "dynatrace-operator.needCSI" .) "true" }}
|
||||
# Copyright 2021 Dynatrace LLC
|
||||
|
||||
# Licensed under the Apache License, Version 2.0 (the "License");
|
||||
# you may not use this file except in compliance with the License.
|
||||
# You may obtain a copy of the License at
|
||||
|
||||
# http://www.apache.org/licenses/LICENSE-2.0
|
||||
|
||||
# Unless required by applicable law or agreed to in writing, software
|
||||
# distributed under the License is distributed on an "AS IS" BASIS,
|
||||
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
||||
# See the License for the specific language governing permissions and
|
||||
# limitations under the License.
|
||||
kind: RoleBinding
|
||||
apiVersion: rbac.authorization.k8s.io/v1
|
||||
metadata:
|
||||
name: dynatrace-oneagent-csi-driver
|
||||
namespace: {{ .Release.Namespace }}
|
||||
labels:
|
||||
{{- include "dynatrace-operator.csiLabels" . | nindent 4 }}
|
||||
subjects:
|
||||
- kind: ServiceAccount
|
||||
name: dynatrace-oneagent-csi-driver
|
||||
namespace: {{ .Release.Namespace }}
|
||||
roleRef:
|
||||
kind: Role
|
||||
name: dynatrace-oneagent-csi-driver
|
||||
apiGroup: rbac.authorization.k8s.io
|
||||
{{- end -}}
|
|
@ -80,15 +80,30 @@ rules:
|
|||
- /livez
|
||||
verbs:
|
||||
- get
|
||||
{{- if eq (default false .Values.olm) true}}
|
||||
{{- if (eq (include "dynatrace-operator.platform" .) "openshift") }}
|
||||
- apiGroups:
|
||||
- security.openshift.io
|
||||
resourceNames:
|
||||
- host
|
||||
- privileged
|
||||
- nonroot-v2
|
||||
resources:
|
||||
- securitycontextconstraints
|
||||
verbs:
|
||||
- use
|
||||
{{ end }}
|
||||
---
|
||||
apiVersion: rbac.authorization.k8s.io/v1
|
||||
kind: ClusterRoleBinding
|
||||
metadata:
|
||||
name: dynatrace-kubernetes-monitoring
|
||||
labels:
|
||||
{{- include "dynatrace-operator.activegateLabels" . | nindent 4 }}
|
||||
roleRef:
|
||||
apiGroup: rbac.authorization.k8s.io
|
||||
kind: ClusterRole
|
||||
name: dynatrace-kubernetes-monitoring
|
||||
subjects:
|
||||
- kind: ServiceAccount
|
||||
name: dynatrace-kubernetes-monitoring
|
||||
namespace: {{ .Release.Namespace }}
|
||||
{{ end }}
|
||||
|
|
|
@ -1,30 +0,0 @@
|
|||
{{- include "dynatrace-operator.platformRequired" . }}
|
||||
{{ if eq (include "dynatrace-operator.partial" .) "false" }}
|
||||
# Copyright 2021 Dynatrace LLC
|
||||
|
||||
# Licensed under the Apache License, Version 2.0 (the "License");
|
||||
# you may not use this file except in compliance with the License.
|
||||
# You may obtain a copy of the License at
|
||||
|
||||
# http://www.apache.org/licenses/LICENSE-2.0
|
||||
|
||||
# Unless required by applicable law or agreed to in writing, software
|
||||
# distributed under the License is distributed on an "AS IS" BASIS,
|
||||
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
||||
# See the License for the specific language governing permissions and
|
||||
# limitations under the License.
|
||||
apiVersion: rbac.authorization.k8s.io/v1
|
||||
kind: ClusterRoleBinding
|
||||
metadata:
|
||||
name: dynatrace-kubernetes-monitoring
|
||||
labels:
|
||||
{{- include "dynatrace-operator.activegateLabels" . | nindent 4 }}
|
||||
roleRef:
|
||||
apiGroup: rbac.authorization.k8s.io
|
||||
kind: ClusterRole
|
||||
name: dynatrace-kubernetes-monitoring
|
||||
subjects:
|
||||
- kind: ServiceAccount
|
||||
name: dynatrace-kubernetes-monitoring
|
||||
namespace: {{ .Release.Namespace }}
|
||||
{{ end }}
|
|
@ -1,32 +0,0 @@
|
|||
{{- include "dynatrace-operator.platformRequired" . }}
|
||||
{{- if (eq (include "dynatrace-operator.openshiftOrOlm" .) "true") }}
|
||||
# Copyright 2021 Dynatrace LLC
|
||||
|
||||
# Licensed under the Apache License, Version 2.0 (the "License");
|
||||
# you may not use this file except in compliance with the License.
|
||||
# You may obtain a copy of the License at
|
||||
|
||||
# http://www.apache.org/licenses/LICENSE-2.0
|
||||
|
||||
# Unless required by applicable law or agreed to in writing, software
|
||||
# distributed under the License is distributed on an "AS IS" BASIS,
|
||||
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
||||
# See the License for the specific language governing permissions and
|
||||
# limitations under the License.
|
||||
apiVersion: rbac.authorization.k8s.io/v1
|
||||
kind: ClusterRole
|
||||
metadata:
|
||||
name: dynatrace-dynakube-oneagent-privileged
|
||||
labels:
|
||||
{{- include "dynatrace-operator.oneagentLabels" . | nindent 4 }}
|
||||
rules:
|
||||
- apiGroups:
|
||||
- security.openshift.io
|
||||
resourceNames:
|
||||
- host
|
||||
- privileged
|
||||
resources:
|
||||
- securitycontextconstraints
|
||||
verbs:
|
||||
- use
|
||||
{{ end }}
|
|
@ -1,5 +1,5 @@
|
|||
{{- include "dynatrace-operator.platformRequired" . }}
|
||||
{{- if (eq (include "dynatrace-operator.openshiftOrOlm" .) "true") }}
|
||||
{{- if (eq (include "dynatrace-operator.platform" .) "openshift") }}
|
||||
# Copyright 2021 Dynatrace LLC
|
||||
|
||||
# Licensed under the Apache License, Version 2.0 (the "License");
|
||||
|
@ -16,17 +16,31 @@
|
|||
apiVersion: rbac.authorization.k8s.io/v1
|
||||
kind: ClusterRole
|
||||
metadata:
|
||||
name: dynatrace-dynakube-oneagent-unprivileged
|
||||
name: dynatrace-dynakube-oneagent
|
||||
labels:
|
||||
{{- include "dynatrace-operator.oneagentLabels" . | nindent 4 }}
|
||||
rules:
|
||||
- apiGroups:
|
||||
- security.openshift.io
|
||||
resourceNames:
|
||||
- host
|
||||
- privileged
|
||||
resources:
|
||||
- securitycontextconstraints
|
||||
verbs:
|
||||
- use
|
||||
---
|
||||
apiVersion: rbac.authorization.k8s.io/v1
|
||||
kind: ClusterRoleBinding
|
||||
metadata:
|
||||
name: dynatrace-dynakube-oneagent
|
||||
labels:
|
||||
{{- include "dynatrace-operator.oneagentLabels" . | nindent 4 }}
|
||||
subjects:
|
||||
- kind: ServiceAccount
|
||||
name: dynatrace-dynakube-oneagent
|
||||
namespace: {{ .Release.Namespace }}
|
||||
roleRef:
|
||||
apiGroup: rbac.authorization.k8s.io
|
||||
kind: ClusterRole
|
||||
name: dynatrace-dynakube-oneagent
|
||||
{{ end }}
|
|
@ -1,30 +0,0 @@
|
|||
{{- include "dynatrace-operator.platformRequired" . }}
|
||||
{{- if (eq (include "dynatrace-operator.openshiftOrOlm" .) "true") }}
|
||||
# Copyright 2021 Dynatrace LLC
|
||||
|
||||
# Licensed under the Apache License, Version 2.0 (the "License");
|
||||
# you may not use this file except in compliance with the License.
|
||||
# You may obtain a copy of the License at
|
||||
|
||||
# http://www.apache.org/licenses/LICENSE-2.0
|
||||
|
||||
# Unless required by applicable law or agreed to in writing, software
|
||||
# distributed under the License is distributed on an "AS IS" BASIS,
|
||||
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
||||
# See the License for the specific language governing permissions and
|
||||
# limitations under the License.
|
||||
apiVersion: rbac.authorization.k8s.io/v1
|
||||
kind: ClusterRoleBinding
|
||||
metadata:
|
||||
name: dynatrace-dynakube-oneagent-privileged
|
||||
labels:
|
||||
{{- include "dynatrace-operator.oneagentLabels" . | nindent 4 }}
|
||||
subjects:
|
||||
- kind: ServiceAccount
|
||||
name: "dynatrace-dynakube-oneagent-privileged"
|
||||
namespace: {{ .Release.Namespace }}
|
||||
roleRef:
|
||||
apiGroup: rbac.authorization.k8s.io
|
||||
kind: ClusterRole
|
||||
name: "dynatrace-dynakube-oneagent-privileged"
|
||||
{{ end }}
|
|
@ -1,30 +0,0 @@
|
|||
{{- include "dynatrace-operator.platformRequired" . }}
|
||||
{{- if (eq (include "dynatrace-operator.openshiftOrOlm" .) "true") }}
|
||||
# Copyright 2021 Dynatrace LLC
|
||||
|
||||
# Licensed under the Apache License, Version 2.0 (the "License");
|
||||
# you may not use this file except in compliance with the License.
|
||||
# You may obtain a copy of the License at
|
||||
|
||||
# http://www.apache.org/licenses/LICENSE-2.0
|
||||
|
||||
# Unless required by applicable law or agreed to in writing, software
|
||||
# distributed under the License is distributed on an "AS IS" BASIS,
|
||||
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
||||
# See the License for the specific language governing permissions and
|
||||
# limitations under the License.
|
||||
apiVersion: rbac.authorization.k8s.io/v1
|
||||
kind: ClusterRoleBinding
|
||||
metadata:
|
||||
name: dynatrace-dynakube-oneagent-unprivileged
|
||||
labels:
|
||||
{{- include "dynatrace-operator.oneagentLabels" . | nindent 4 }}
|
||||
subjects:
|
||||
- kind: ServiceAccount
|
||||
name: dynatrace-dynakube-oneagent-unprivileged
|
||||
namespace: {{ .Release.Namespace }}
|
||||
roleRef:
|
||||
apiGroup: rbac.authorization.k8s.io
|
||||
kind: ClusterRole
|
||||
name: dynatrace-dynakube-oneagent-unprivileged
|
||||
{{ end }}
|
|
@ -1,24 +0,0 @@
|
|||
{{- include "dynatrace-operator.platformRequired" . }}
|
||||
{{ if eq (include "dynatrace-operator.partial" .) "false" }}
|
||||
# Copyright 2021 Dynatrace LLC
|
||||
|
||||
# Licensed under the Apache License, Version 2.0 (the "License");
|
||||
# you may not use this file except in compliance with the License.
|
||||
# You may obtain a copy of the License at
|
||||
|
||||
# http://www.apache.org/licenses/LICENSE-2.0
|
||||
|
||||
# Unless required by applicable law or agreed to in writing, software
|
||||
# distributed under the License is distributed on an "AS IS" BASIS,
|
||||
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
||||
# See the License for the specific language governing permissions and
|
||||
# limitations under the License.
|
||||
apiVersion: v1
|
||||
kind: ServiceAccount
|
||||
metadata:
|
||||
name: dynatrace-dynakube-oneagent-unprivileged
|
||||
namespace: {{ .Release.Namespace }}
|
||||
labels:
|
||||
{{- include "dynatrace-operator.oneagentLabels" . | nindent 4 }}
|
||||
automountServiceAccountToken: false
|
||||
{{ end }}
|
|
@ -16,7 +16,7 @@
|
|||
apiVersion: v1
|
||||
kind: ServiceAccount
|
||||
metadata:
|
||||
name: dynatrace-dynakube-oneagent-privileged
|
||||
name: dynatrace-dynakube-oneagent
|
||||
namespace: {{ .Release.Namespace }}
|
||||
labels:
|
||||
{{- include "dynatrace-operator.oneagentLabels" . | nindent 4 }}
|
|
@ -90,15 +90,30 @@ rules:
|
|||
verbs:
|
||||
- get
|
||||
- update
|
||||
{{- if eq (default false .Values.olm) true}}
|
||||
{{- if (eq (include "dynatrace-operator.platform" .) "openshift") }}
|
||||
- apiGroups:
|
||||
- security.openshift.io
|
||||
resourceNames:
|
||||
- host
|
||||
- privileged
|
||||
- nonroot-v2
|
||||
resources:
|
||||
- securitycontextconstraints
|
||||
verbs:
|
||||
- use
|
||||
{{ end }}
|
||||
---
|
||||
apiVersion: rbac.authorization.k8s.io/v1
|
||||
kind: ClusterRoleBinding
|
||||
metadata:
|
||||
name: {{ .Release.Name }}
|
||||
labels:
|
||||
{{- include "dynatrace-operator.operatorLabels" . | nindent 4 }}
|
||||
subjects:
|
||||
- kind: ServiceAccount
|
||||
name: {{ .Release.Name }}
|
||||
namespace: {{ .Release.Namespace }}
|
||||
roleRef:
|
||||
kind: ClusterRole
|
||||
name: {{ .Release.Name }}
|
||||
apiGroup: rbac.authorization.k8s.io
|
||||
{{ end }}
|
||||
|
|
|
@ -1,30 +0,0 @@
|
|||
{{- include "dynatrace-operator.platformRequired" . }}
|
||||
{{ if eq (include "dynatrace-operator.partial" .) "false" }}
|
||||
# Copyright 2021 Dynatrace LLC
|
||||
|
||||
# Licensed under the Apache License, Version 2.0 (the "License");
|
||||
# you may not use this file except in compliance with the License.
|
||||
# You may obtain a copy of the License at
|
||||
|
||||
# http://www.apache.org/licenses/LICENSE-2.0
|
||||
|
||||
# Unless required by applicable law or agreed to in writing, software
|
||||
# distributed under the License is distributed on an "AS IS" BASIS,
|
||||
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
||||
# See the License for the specific language governing permissions and
|
||||
# limitations under the License.
|
||||
apiVersion: rbac.authorization.k8s.io/v1
|
||||
kind: ClusterRoleBinding
|
||||
metadata:
|
||||
name: {{ .Release.Name }}
|
||||
labels:
|
||||
{{- include "dynatrace-operator.operatorLabels" . | nindent 4 }}
|
||||
subjects:
|
||||
- kind: ServiceAccount
|
||||
name: {{ .Release.Name }}
|
||||
namespace: {{ .Release.Namespace }}
|
||||
roleRef:
|
||||
kind: ClusterRole
|
||||
name: {{ .Release.Name }}
|
||||
apiGroup: rbac.authorization.k8s.io
|
||||
{{ end }}
|
|
@ -75,13 +75,6 @@ spec:
|
|||
volumeMounts:
|
||||
- name: tmp-cert-dir
|
||||
mountPath: /tmp/dynatrace-operator
|
||||
readinessProbe:
|
||||
httpGet:
|
||||
path: /livez
|
||||
port: server-port
|
||||
scheme: HTTP
|
||||
initialDelaySeconds: 15
|
||||
periodSeconds: 10
|
||||
livenessProbe:
|
||||
httpGet:
|
||||
path: /livez
|
||||
|
@ -112,6 +105,7 @@ spec:
|
|||
values:
|
||||
- amd64
|
||||
- arm64
|
||||
- ppc64le
|
||||
{{- end }}
|
||||
- key: kubernetes.io/os
|
||||
operator: In
|
||||
|
@ -138,4 +132,7 @@ spec:
|
|||
- key: kubernetes.io/arch
|
||||
value: amd64
|
||||
effect: NoSchedule
|
||||
- key: kubernetes.io/arch
|
||||
value: ppc64le
|
||||
effect: NoSchedule
|
||||
{{ end }}
|
||||
|
|
|
@ -162,4 +162,19 @@ rules:
|
|||
- get
|
||||
- update
|
||||
- create
|
||||
---
|
||||
apiVersion: rbac.authorization.k8s.io/v1
|
||||
kind: RoleBinding
|
||||
metadata:
|
||||
name: {{ .Release.Name }}
|
||||
namespace: {{ .Release.Namespace }}
|
||||
labels:
|
||||
{{- include "dynatrace-operator.operatorLabels" . | nindent 4 }}
|
||||
subjects:
|
||||
- kind: ServiceAccount
|
||||
name: {{ .Release.Name }}
|
||||
roleRef:
|
||||
kind: Role
|
||||
name: {{ .Release.Name }}
|
||||
apiGroup: rbac.authorization.k8s.io
|
||||
{{ end }}
|
||||
|
|
|
@ -1,30 +0,0 @@
|
|||
{{- include "dynatrace-operator.platformRequired" . }}
|
||||
{{ if eq (include "dynatrace-operator.partial" .) "false" }}
|
||||
# Copyright 2021 Dynatrace LLC
|
||||
|
||||
# Licensed under the Apache License, Version 2.0 (the "License");
|
||||
# you may not use this file except in compliance with the License.
|
||||
# You may obtain a copy of the License at
|
||||
|
||||
# http://www.apache.org/licenses/LICENSE-2.0
|
||||
|
||||
# Unless required by applicable law or agreed to in writing, software
|
||||
# distributed under the License is distributed on an "AS IS" BASIS,
|
||||
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
||||
# See the License for the specific language governing permissions and
|
||||
# limitations under the License.
|
||||
apiVersion: rbac.authorization.k8s.io/v1
|
||||
kind: RoleBinding
|
||||
metadata:
|
||||
name: {{ .Release.Name }}
|
||||
namespace: {{ .Release.Namespace }}
|
||||
labels:
|
||||
{{- include "dynatrace-operator.operatorLabels" . | nindent 4 }}
|
||||
subjects:
|
||||
- kind: ServiceAccount
|
||||
name: {{ .Release.Name }}
|
||||
roleRef:
|
||||
kind: Role
|
||||
name: {{ .Release.Name }}
|
||||
apiGroup: rbac.authorization.k8s.io
|
||||
{{ end }}
|
|
@ -83,15 +83,30 @@ rules:
|
|||
- deploymentconfigs
|
||||
verbs:
|
||||
- get
|
||||
{{- if eq (default false .Values.olm) true}}
|
||||
{{- if (eq (include "dynatrace-operator.platform" .) "openshift") }}
|
||||
- apiGroups:
|
||||
- security.openshift.io
|
||||
resourceNames:
|
||||
- host
|
||||
- privileged
|
||||
- nonroot-v2
|
||||
resources:
|
||||
- securitycontextconstraints
|
||||
verbs:
|
||||
- use
|
||||
{{ end }}
|
||||
---
|
||||
apiVersion: rbac.authorization.k8s.io/v1
|
||||
kind: ClusterRoleBinding
|
||||
metadata:
|
||||
name: dynatrace-webhook
|
||||
labels:
|
||||
{{- include "dynatrace-operator.webhookLabels" . | nindent 4 }}
|
||||
subjects:
|
||||
- kind: ServiceAccount
|
||||
name: dynatrace-webhook
|
||||
namespace: {{ .Release.Namespace }}
|
||||
roleRef:
|
||||
kind: ClusterRole
|
||||
name: dynatrace-webhook
|
||||
apiGroup: rbac.authorization.k8s.io
|
||||
{{ end }}
|
||||
|
|
|
@ -1,30 +0,0 @@
|
|||
{{- include "dynatrace-operator.platformRequired" . }}
|
||||
{{ if eq (include "dynatrace-operator.partial" .) "false" }}
|
||||
# Copyright 2021 Dynatrace LLC
|
||||
|
||||
# Licensed under the Apache License, Version 2.0 (the "License");
|
||||
# you may not use this file except in compliance with the License.
|
||||
# You may obtain a copy of the License at
|
||||
|
||||
# http://www.apache.org/licenses/LICENSE-2.0
|
||||
|
||||
# Unless required by applicable law or agreed to in writing, software
|
||||
# distributed under the License is distributed on an "AS IS" BASIS,
|
||||
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
||||
# See the License for the specific language governing permissions and
|
||||
# limitations under the License.
|
||||
apiVersion: rbac.authorization.k8s.io/v1
|
||||
kind: ClusterRoleBinding
|
||||
metadata:
|
||||
name: dynatrace-webhook
|
||||
labels:
|
||||
{{- include "dynatrace-operator.webhookLabels" . | nindent 4 }}
|
||||
subjects:
|
||||
- kind: ServiceAccount
|
||||
name: dynatrace-webhook
|
||||
namespace: {{ .Release.Namespace }}
|
||||
roleRef:
|
||||
kind: ClusterRole
|
||||
name: dynatrace-webhook
|
||||
apiGroup: rbac.authorization.k8s.io
|
||||
{{ end }}
|
|
@ -80,6 +80,7 @@ spec:
|
|||
values:
|
||||
- amd64
|
||||
- arm64
|
||||
- ppc64le
|
||||
{{- end }}
|
||||
- key: kubernetes.io/os
|
||||
operator: In
|
||||
|
@ -103,13 +104,25 @@ spec:
|
|||
fieldRef:
|
||||
fieldPath: metadata.name
|
||||
readinessProbe:
|
||||
httpGet:
|
||||
path: /readyz
|
||||
port: livez
|
||||
scheme: HTTP
|
||||
initialDelaySeconds: 15
|
||||
periodSeconds: 10
|
||||
|
||||
livenessProbe:
|
||||
httpGet:
|
||||
path: /livez
|
||||
port: server-port
|
||||
scheme: HTTPS
|
||||
port: livez
|
||||
scheme: HTTP
|
||||
initialDelaySeconds: 15
|
||||
periodSeconds: 10
|
||||
ports:
|
||||
- name: server-port
|
||||
containerPort: 8443
|
||||
- name: livez
|
||||
containerPort: 10080
|
||||
resources:
|
||||
requests:
|
||||
{{- toYaml (.Values.webhook).requests | nindent 14 }}
|
||||
|
@ -151,4 +164,7 @@ spec:
|
|||
- key: kubernetes.io/arch
|
||||
value: amd64
|
||||
effect: NoSchedule
|
||||
- key: kubernetes.io/arch
|
||||
value: ppc64le
|
||||
effect: NoSchedule
|
||||
{{ end }}
|
||||
|
|
|
@ -71,4 +71,20 @@ rules:
|
|||
verbs:
|
||||
- list
|
||||
- watch
|
||||
---
|
||||
apiVersion: rbac.authorization.k8s.io/v1
|
||||
kind: RoleBinding
|
||||
metadata:
|
||||
name: dynatrace-webhook
|
||||
namespace: {{ .Release.Namespace }}
|
||||
labels:
|
||||
{{- include "dynatrace-operator.webhookLabels" . | nindent 4 }}
|
||||
subjects:
|
||||
- kind: ServiceAccount
|
||||
name: dynatrace-webhook
|
||||
namespace: {{ .Release.Namespace }}
|
||||
roleRef:
|
||||
kind: Role
|
||||
name: dynatrace-webhook
|
||||
apiGroup: rbac.authorization.k8s.io
|
||||
{{ end }}
|
||||
|
|
|
@ -1,31 +0,0 @@
|
|||
{{- include "dynatrace-operator.platformRequired" . }}
|
||||
{{ if eq (include "dynatrace-operator.partial" .) "false" }}
|
||||
# Copyright 2021 Dynatrace LLC
|
||||
|
||||
# Licensed under the Apache License, Version 2.0 (the "License");
|
||||
# you may not use this file except in compliance with the License.
|
||||
# You may obtain a copy of the License at
|
||||
|
||||
# http://www.apache.org/licenses/LICENSE-2.0
|
||||
|
||||
# Unless required by applicable law or agreed to in writing, software
|
||||
# distributed under the License is distributed on an "AS IS" BASIS,
|
||||
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
||||
# See the License for the specific language governing permissions and
|
||||
# limitations under the License.
|
||||
apiVersion: rbac.authorization.k8s.io/v1
|
||||
kind: RoleBinding
|
||||
metadata:
|
||||
name: dynatrace-webhook
|
||||
namespace: {{ .Release.Namespace }}
|
||||
labels:
|
||||
{{- include "dynatrace-operator.webhookLabels" . | nindent 4 }}
|
||||
subjects:
|
||||
- kind: ServiceAccount
|
||||
name: dynatrace-webhook
|
||||
namespace: {{ .Release.Namespace }}
|
||||
roleRef:
|
||||
kind: Role
|
||||
name: dynatrace-webhook
|
||||
apiGroup: rbac.authorization.k8s.io
|
||||
{{ end }}
|
|
@ -40,6 +40,6 @@ webhooks:
|
|||
resources:
|
||||
- dynakubes
|
||||
name: webhook.dynatrace.com
|
||||
timeoutSeconds: 2
|
||||
timeoutSeconds: 10
|
||||
sideEffects: None
|
||||
{{ end }}
|
||||
|
|
|
@ -1,48 +0,0 @@
|
|||
{{- if and (eq (include "dynatrace-operator.platform" .) "openshift") ((.Values.securityContextConstraints).enabled) (eq (include "dynatrace-operator.partial" .) "false")}}
|
||||
# Copyright 2021 Dynatrace LLC
|
||||
|
||||
# Licensed under the Apache License, Version 2.0 (the "License");
|
||||
# you may not use this file except in compliance with the License.
|
||||
# You may obtain a copy of the License at
|
||||
|
||||
# http://www.apache.org/licenses/LICENSE-2.0
|
||||
|
||||
# Unless required by applicable law or agreed to in writing, software
|
||||
# distributed under the License is distributed on an "AS IS" BASIS,
|
||||
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
||||
# See the License for the specific language governing permissions and
|
||||
# limitations under the License.
|
||||
apiVersion: security.openshift.io/v1
|
||||
kind: SecurityContextConstraints
|
||||
metadata:
|
||||
name: dynatrace-activegate
|
||||
allowPrivilegedContainer: false
|
||||
fsGroup:
|
||||
type: RunAsAny
|
||||
priority: 1
|
||||
readOnlyRootFilesystem: false
|
||||
requiredDropCapabilities:
|
||||
- ALL
|
||||
runAsUser:
|
||||
type: MustRunAs
|
||||
uid: 1001
|
||||
seLinuxContext:
|
||||
type: RunAsAny
|
||||
seccompProfiles:
|
||||
- "*"
|
||||
supplementalGroups:
|
||||
type: RunAsAny
|
||||
users:
|
||||
- system:serviceaccount:{{ .Release.Namespace }}:dynatrace-activegate
|
||||
- system:serviceaccount:{{ .Release.Namespace }}:dynatrace-kubernetes-monitoring
|
||||
volumes:
|
||||
- "*"
|
||||
|
||||
allowHostDirVolumePlugin: false
|
||||
allowHostIPC: false
|
||||
allowHostNetwork: false
|
||||
allowHostPID: false
|
||||
allowHostPorts: false
|
||||
allowedFlexVolumes: null
|
||||
defaultAddCapabilities: []
|
||||
{{ end }}
|
|
@ -1,48 +0,0 @@
|
|||
{{- if and (eq (include "dynatrace-operator.platform" .) "openshift") ((.Values.securityContextConstraints).enabled) (eq (include "dynatrace-operator.needCSI" .) "true") }}
|
||||
# Copyright 2021 Dynatrace LLC
|
||||
|
||||
# Licensed under the Apache License, Version 2.0 (the "License");
|
||||
# you may not use this file except in compliance with the License.
|
||||
# You may obtain a copy of the License at
|
||||
|
||||
# http://www.apache.org/licenses/LICENSE-2.0
|
||||
|
||||
# Unless required by applicable law or agreed to in writing, software
|
||||
# distributed under the License is distributed on an "AS IS" BASIS,
|
||||
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
||||
# See the License for the specific language governing permissions and
|
||||
# limitations under the License.
|
||||
apiVersion: security.openshift.io/v1
|
||||
kind: SecurityContextConstraints
|
||||
metadata:
|
||||
name: dynatrace-oneagent-csi-driver
|
||||
labels:
|
||||
{{- include "dynatrace-operator.csiLabels" . | nindent 4 }}
|
||||
allowHostDirVolumePlugin: true
|
||||
allowHostIPC: true
|
||||
allowHostNetwork: true
|
||||
allowHostPID: true
|
||||
allowHostPorts: true
|
||||
allowPrivilegedContainer: true
|
||||
allowedCapabilities:
|
||||
- "*"
|
||||
allowedFlexVolumes: null
|
||||
defaultAddCapabilities: null
|
||||
fsGroup:
|
||||
type: RunAsAny
|
||||
priority: 1
|
||||
readOnlyRootFilesystem: false
|
||||
requiredDropCapabilities: null
|
||||
runAsUser:
|
||||
type: RunAsAny
|
||||
seLinuxContext:
|
||||
type: RunAsAny
|
||||
seccompProfiles:
|
||||
- "*"
|
||||
supplementalGroups:
|
||||
type: RunAsAny
|
||||
users:
|
||||
- system:serviceaccount:dynatrace:dynatrace-oneagent-csi-driver
|
||||
volumes:
|
||||
- "*"
|
||||
{{ end }}
|
|
@ -1,65 +0,0 @@
|
|||
{{- if and (eq (include "dynatrace-operator.platform" .) "openshift") ((.Values.securityContextConstraints).enabled) (eq (include "dynatrace-operator.partial" .) "false")}}
|
||||
# Copyright 2021 Dynatrace LLC
|
||||
|
||||
# Licensed under the Apache License, Version 2.0 (the "License");
|
||||
# you may not use this file except in compliance with the License.
|
||||
# You may obtain a copy of the License at
|
||||
|
||||
# http://www.apache.org/licenses/LICENSE-2.0
|
||||
|
||||
# Unless required by applicable law or agreed to in writing, software
|
||||
# distributed under the License is distributed on an "AS IS" BASIS,
|
||||
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
||||
# See the License for the specific language governing permissions and
|
||||
# limitations under the License.
|
||||
apiVersion: security.openshift.io/v1
|
||||
kind: SecurityContextConstraints
|
||||
metadata:
|
||||
annotations:
|
||||
kubernetes.io/description: "dynatrace-dynakube-oneagent-privileged allows access to all privileged and host features and the ability to run as any user, any group, any fsGroup, and with any SELinux context."
|
||||
name: dynatrace-dynakube-oneagent-privileged
|
||||
labels:
|
||||
{{- include "dynatrace-operator.oneagentLabels" . | nindent 4 }}
|
||||
allowHostDirVolumePlugin: true
|
||||
allowHostIPC: false
|
||||
allowHostNetwork: true
|
||||
allowHostPID: true
|
||||
allowHostPorts: true
|
||||
allowPrivilegedContainer: true
|
||||
allowedCapabilities:
|
||||
- CHOWN
|
||||
- DAC_OVERRIDE
|
||||
- DAC_READ_SEARCH
|
||||
- FOWNER
|
||||
- FSETID
|
||||
- KILL
|
||||
- NET_ADMIN
|
||||
- NET_RAW
|
||||
- SETFCAP
|
||||
- SETGID
|
||||
- SETUID
|
||||
- SYS_ADMIN
|
||||
- SYS_CHROOT
|
||||
- SYS_PTRACE
|
||||
- SYS_RESOURCE
|
||||
allowedFlexVolumes: null
|
||||
defaultAddCapabilities: []
|
||||
fsGroup:
|
||||
type: RunAsAny
|
||||
priority: 1
|
||||
readOnlyRootFilesystem: false
|
||||
requiredDropCapabilities:
|
||||
- ALL
|
||||
runAsUser:
|
||||
type: RunAsAny
|
||||
seLinuxContext:
|
||||
type: RunAsAny
|
||||
seccompProfiles:
|
||||
- "*"
|
||||
supplementalGroups:
|
||||
type: RunAsAny
|
||||
users:
|
||||
- system:serviceaccount:{{ .Release.Namespace }}:dynatrace-dynakube-oneagent-privileged
|
||||
volumes:
|
||||
- "*"
|
||||
{{ end }}
|
|
@ -1,65 +0,0 @@
|
|||
{{- if and (eq (include "dynatrace-operator.platform" .) "openshift") ((.Values.securityContextConstraints).enabled) (eq (include "dynatrace-operator.partial" .) "false")}}
|
||||
# Copyright 2021 Dynatrace LLC
|
||||
|
||||
# Licensed under the Apache License, Version 2.0 (the "License");
|
||||
# you may not use this file except in compliance with the License.
|
||||
# You may obtain a copy of the License at
|
||||
|
||||
# http://www.apache.org/licenses/LICENSE-2.0
|
||||
|
||||
# Unless required by applicable law or agreed to in writing, software
|
||||
# distributed under the License is distributed on an "AS IS" BASIS,
|
||||
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
||||
# See the License for the specific language governing permissions and
|
||||
# limitations under the License.
|
||||
apiVersion: security.openshift.io/v1
|
||||
kind: SecurityContextConstraints
|
||||
metadata:
|
||||
annotations:
|
||||
kubernetes.io/description: "dynatrace-dynakube-oneagent-unprivileged allows access to all privileged and host features and the ability to run as any user, any group, any fsGroup, and with any SELinux context. This is a copy of privileged scc."
|
||||
name: dynatrace-dynakube-oneagent-unprivileged
|
||||
labels:
|
||||
{{- include "dynatrace-operator.oneagentLabels" . | nindent 4 }}
|
||||
allowHostDirVolumePlugin: true
|
||||
allowHostIPC: false
|
||||
allowHostNetwork: true
|
||||
allowHostPID: true
|
||||
allowHostPorts: true
|
||||
allowPrivilegedContainer: false
|
||||
allowedCapabilities:
|
||||
- CHOWN
|
||||
- DAC_OVERRIDE
|
||||
- DAC_READ_SEARCH
|
||||
- FOWNER
|
||||
- FSETID
|
||||
- KILL
|
||||
- NET_ADMIN
|
||||
- NET_RAW
|
||||
- SETFCAP
|
||||
- SETGID
|
||||
- SETUID
|
||||
- SYS_ADMIN
|
||||
- SYS_CHROOT
|
||||
- SYS_PTRACE
|
||||
- SYS_RESOURCE
|
||||
allowedFlexVolumes: null
|
||||
defaultAddCapabilities: []
|
||||
fsGroup:
|
||||
type: RunAsAny
|
||||
priority: 1
|
||||
readOnlyRootFilesystem: false
|
||||
requiredDropCapabilities:
|
||||
- ALL
|
||||
runAsUser:
|
||||
type: RunAsAny
|
||||
seLinuxContext:
|
||||
type: RunAsAny
|
||||
seccompProfiles:
|
||||
- "*"
|
||||
supplementalGroups:
|
||||
type: RunAsAny
|
||||
users:
|
||||
- system:serviceaccount:{{ .Release.Namespace }}:dynatrace-dynakube-oneagent-unprivileged
|
||||
volumes:
|
||||
- "*"
|
||||
{{ end }}
|
|
@ -1,48 +0,0 @@
|
|||
{{- if and (eq (include "dynatrace-operator.platform" .) "openshift") ((.Values.securityContextConstraints).enabled) (eq (include "dynatrace-operator.partial" .) "false")}}
|
||||
# Copyright 2021 Dynatrace LLC
|
||||
|
||||
# Licensed under the Apache License, Version 2.0 (the "License");
|
||||
# you may not use this file except in compliance with the License.
|
||||
# You may obtain a copy of the License at
|
||||
|
||||
# http://www.apache.org/licenses/LICENSE-2.0
|
||||
|
||||
# Unless required by applicable law or agreed to in writing, software
|
||||
# distributed under the License is distributed on an "AS IS" BASIS,
|
||||
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
||||
# See the License for the specific language governing permissions and
|
||||
# limitations under the License.
|
||||
apiVersion: security.openshift.io/v1
|
||||
kind: SecurityContextConstraints
|
||||
metadata:
|
||||
name: {{ .Release.Name }}
|
||||
labels:
|
||||
{{- include "dynatrace-operator.operatorLabels" . | nindent 4 }}
|
||||
allowPrivilegedContainer: false
|
||||
fsGroup:
|
||||
type: RunAsAny
|
||||
priority: 1
|
||||
readOnlyRootFilesystem: true
|
||||
requiredDropCapabilities:
|
||||
- ALL
|
||||
runAsUser:
|
||||
type: MustRunAsNonRoot
|
||||
seLinuxContext:
|
||||
type: RunAsAny
|
||||
seccompProfiles:
|
||||
- "*"
|
||||
supplementalGroups:
|
||||
type: RunAsAny
|
||||
users:
|
||||
- system:serviceaccount:{{ .Release.Namespace }}:{{ .Release.Name }}
|
||||
volumes:
|
||||
- "*"
|
||||
|
||||
allowHostDirVolumePlugin: false
|
||||
allowHostIPC: false
|
||||
allowHostNetwork: false
|
||||
allowHostPID: false
|
||||
allowHostPorts: false
|
||||
allowedFlexVolumes: null
|
||||
defaultAddCapabilities: []
|
||||
{{ end }}
|
|
@ -1,48 +0,0 @@
|
|||
{{- if and (eq (include "dynatrace-operator.platform" .) "openshift") ((.Values.securityContextConstraints).enabled) (eq (include "dynatrace-operator.partial" .) "false")}}
|
||||
# Copyright 2021 Dynatrace LLC
|
||||
|
||||
# Licensed under the Apache License, Version 2.0 (the "License");
|
||||
# you may not use this file except in compliance with the License.
|
||||
# You may obtain a copy of the License at
|
||||
|
||||
# http://www.apache.org/licenses/LICENSE-2.0
|
||||
|
||||
# Unless required by applicable law or agreed to in writing, software
|
||||
# distributed under the License is distributed on an "AS IS" BASIS,
|
||||
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
||||
# See the License for the specific language governing permissions and
|
||||
# limitations under the License.
|
||||
apiVersion: security.openshift.io/v1
|
||||
kind: SecurityContextConstraints
|
||||
metadata:
|
||||
name: dynatrace-webhook
|
||||
labels:
|
||||
{{- include "dynatrace-operator.operatorLabels" . | nindent 4 }}
|
||||
allowPrivilegedContainer: false
|
||||
fsGroup:
|
||||
type: RunAsAny
|
||||
priority: 1
|
||||
readOnlyRootFilesystem: true
|
||||
requiredDropCapabilities:
|
||||
- ALL
|
||||
runAsUser:
|
||||
type: MustRunAsNonRoot
|
||||
seLinuxContext:
|
||||
type: RunAsAny
|
||||
seccompProfiles:
|
||||
- "*"
|
||||
supplementalGroups:
|
||||
type: RunAsAny
|
||||
users:
|
||||
- system:serviceaccount:{{ .Release.Namespace }}:dynatrace-webhook
|
||||
volumes:
|
||||
- "*"
|
||||
|
||||
allowHostDirVolumePlugin: false
|
||||
allowHostIPC: false
|
||||
allowHostNetwork: true
|
||||
allowHostPID: false
|
||||
allowHostPorts: false
|
||||
allowedFlexVolumes: null
|
||||
defaultAddCapabilities: []
|
||||
{{ end }}
|
|
@ -27,15 +27,6 @@ Auto-detect the platform (if not set), according to the available APIVersions
|
|||
{{- end -}}
|
||||
{{- end }}
|
||||
|
||||
{{/*
|
||||
Exclude Kubernetes manifest not running on OLM
|
||||
*/}}
|
||||
{{- define "dynatrace-operator.openshiftOrOlm" -}}
|
||||
{{- if and (or (eq (include "dynatrace-operator.platform" .) "openshift") (.Values.olm)) (eq (include "dynatrace-operator.partial" .) "false") -}}
|
||||
{{ default "true" }}
|
||||
{{- end -}}
|
||||
{{- end -}}
|
||||
|
||||
{{/*
|
||||
Check if platform is set to a valid one
|
||||
*/}}
|
||||
|
|
|
@ -1,11 +1,20 @@
|
|||
annotations:
|
||||
artifacthub.io/changes: |-
|
||||
- kind: added
|
||||
description: Docker Compose based installer for Docker Desktop extension
|
||||
- kind: changed
|
||||
description: Docker Image size optimization for faster installation
|
||||
- kind: added
|
||||
description: Gitlab person access token support added
|
||||
- kind: changed
|
||||
description: EKS cluster create - UX improvements for Master role ARN, Node role ARN & ALB role
|
||||
catalog.cattle.io/certified: partner
|
||||
catalog.cattle.io/display-name: gopaddle
|
||||
catalog.cattle.io/kube-version: '>=1.21-0'
|
||||
catalog.cattle.io/namespace: gp-lite-4-2
|
||||
catalog.cattle.io/release-name: gopaddle
|
||||
apiVersion: v2
|
||||
appVersion: 4.2.6
|
||||
appVersion: 4.2.7
|
||||
dependencies:
|
||||
- condition: global.installer.chart.gp-core
|
||||
name: gp-core
|
||||
|
@ -23,4 +32,4 @@ keywords:
|
|||
- Community Edition
|
||||
kubeVersion: '>=1.21-0'
|
||||
name: gopaddle
|
||||
version: 4.2.6
|
||||
version: 4.2.7
|
||||
|
|
|
@ -2,23 +2,29 @@
|
|||
|
||||
# [gopaddle](https://gopaddle.io/)
|
||||
|
||||
## Simple low-code platform for Kubernetes developers and operators.
|
||||
## Simplest DevSecOps platform for Kubernetes developers and operators.
|
||||
|
||||
Provision multi-cloud clusters, Dockerize applications, Deploy, Monitor and Build DevOps pipelines within a fraction of time and cost.
|
||||
gopaddle is a simple low-code Internal Developer Platform (IDP) for Kubernetes developers and operators. Using gopaddle, developers can generate everything they need to set up Kubernetes infrastructure on multiple cloud environments and deployment applications with ease. From Dockerfiles to Kubernetes YAML files, Helm Charts, and pipeline code, gopaddle will help containerize and get the applications running in minutes. Developers can also efficiently manage existing applications on the Kubernetes cluster by monitoring the application performance and setting alerts and notificications.
|
||||
<br>
|
||||
|
||||
## gopaddle Lite
|
||||
gopaddle Lite is a life-time free community edition of gopaddle that can be installed in a single node/single user mode on a Kubernetes cluster. gopaddle lite comes with many capabilities that helps developers to built a self-service portal for a small scale Kubernetes deployment at zero cost. gopaddle Lite is available on a variety of marketplaces like microk8s add-on, SUSE Rancher Prime, ArtifactHub and many more.
|
||||
|
||||
[![Artifact Hub](https://img.shields.io/endpoint?url=https://artifacthub.io/badge/repository/gopaddle-lite)](https://artifacthub.io/packages/search?repo=gopaddle-lite)
|
||||
[![Slack Channel](https://img.shields.io/badge/Slack-Join-purple)](https://gopaddleio.slack.com/join/shared_invite/zt-1l73p8wfo-vYk1XcbLAZMo9wcV_AChvg#/shared-invite/email/expanded-email-form)
|
||||
[![Twitter](https://img.shields.io/twitter/follow/gopaddleio?style=social)](https://twitter.com/gopaddleio)
|
||||
[![YouTube Channel](https://img.shields.io/badge/YouTube-Subscribe-red)](https://www.youtube.com/channel/UCtbfM3vjjJJBAka8DCzKKYg)
|
||||
<br><br><br><br>
|
||||
<br><br>
|
||||
|
||||
## Installation
|
||||
|
||||
### Minimum System Requirements
|
||||
gopaddle installation requires a minimum of `8GB RAM` and `4 vCPUs`
|
||||
|
||||
### Step to install
|
||||
### Firewall Ports
|
||||
The following incoming firewall ports need to be opened - `30003`, `30004`, `30006`, `32000` and any port that is needed for nodeport based application deployment.
|
||||
|
||||
### Step to install using Helm Charts
|
||||
|
||||
Add the helm repo
|
||||
|
||||
|
@ -48,7 +54,7 @@ pod/rabbitmq-0 condition met
|
|||
pod/gpcore-85c7c6f65b-5vfmh condition met
|
||||
```
|
||||
|
||||
One the installation is complete, gopaddle dashboard can be accessed at http://<NodeIP>:30003/
|
||||
One the installation is complete, gopaddle dashboard can be accessed at http://[NodeIP]:30003/
|
||||
|
||||
NodeIP can be obtained by executing the command below:
|
||||
|
||||
|
@ -56,6 +62,20 @@ NodeIP can be obtained by executing the command below:
|
|||
root@localhost:~# kubectl get nodes -o wide
|
||||
```
|
||||
|
||||
## microk8s addon for gopaddle lite
|
||||
|
||||
The microk8s addon for gopaddle community (lite) edition uses this helm
|
||||
repository for helm-based installation of gopaddle-lite.
|
||||
|
||||
For documentation specific to microk8s addon for gopaddle community (lite)
|
||||
edition, see:
|
||||
https://help.gopaddle.io/en/articles/6654354-install-gopaddle-lite-microk8s-addon-on-ubuntu
|
||||
|
||||
## gopaddle lite on SUSE Rancher Prime
|
||||
gopaddle Lite can be easily installed by choosing the gopaddle chart from the Rancher Prime marketplace place.
|
||||
For documentation specific to installing gopaddle community (lite) edition on Rancher Prime, see:
|
||||
|
||||
https://help.gopaddle.io/en/articles/6977654-install-gopaddle-lite-on-suse-rancher-prime
|
||||
|
||||
## Getting started with gopaddle
|
||||
|
||||
|
@ -84,21 +104,72 @@ In the final step of the Containerize and Deploy Quickstart wizard, enable the o
|
|||
|
||||
All the artificats generated during the process can be edited and re-deployed at a later stage.
|
||||
|
||||
### Application Templates - Marketplace
|
||||
## Features
|
||||
## 1\. DevOps Dashboard
|
||||
|
||||
Under Templates, the Marketplace Applications hosts a variety of pre-built Kubernetes templates. Developers can subscribe to these templates and deploy them on the local microk8s cluster.
|
||||
The main dashboard gives a bird's eye view of the clusters, volumes, applications, events and projects imported and managed by gopaddle.
|
||||
|
||||
<img width="1445" alt="gp-app-templates-1" src="https://user-images.githubusercontent.com/74309181/205758999-2a50eac6-d292-4280-85dd-3d617eda623a.png">
|
||||
![DevOps Dashboard](<https://gopaddle-marketing.s3.ap-southeast-2.amazonaws.com/docker-desktop-screenshots/gp-dashboard.png>)
|
||||
|
||||
## 2\. Builds & Vulnerabilities
|
||||
|
||||
## microk8s addon for gopaddle community (lite) edition
|
||||
The builds and vulnerabilities dashboard captures the status of the Docker builds and the severity of the vulnerabilities identified in the builds.
|
||||
|
||||
The microk8s addon for gopaddle community (lite) edition uses this helm
|
||||
repository for helm-based installation of gopaddle-lite.
|
||||
![Builds & Vulnerabilities](<https://gopaddle-marketing.s3.ap-southeast-2.amazonaws.com/docker-desktop-screenshots/gp-devops-dashboard.png>)
|
||||
|
||||
For documentation specific to microk8s addon for gopaddle community (lite)
|
||||
edition, see:
|
||||
https://github.com/gopaddle-io/microk8s-community-addons-gplite/blob/main/README.md
|
||||
## 3\. Quick start wizards
|
||||
|
||||
gopaddle offers 3 type of quick start wizards -
|
||||
|
||||
**1\. Provision Clusters** \- Onboard GKE or AWS cloud accounts with fine grained access controls and provision multi-cloud Kubernetes cluster. Available only in SaaS & Enterprise Editions.
|
||||
|
||||
**2\. Dockerize & Deploy** \- Automatically generate Dockerfiles and Kubernetes YAML files by analyzing the source code in GitHub or GitLab accounts and deploy them on to Kubernetes clusters.
|
||||
|
||||
**3\.Generate Pipeline code** \- Generate Jenkins or GitHub Actions or Azure DevOps pipeline Code for an application deployed through gopaddle.
|
||||
|
||||
![Quickstart Wizards](<https://gopaddle-marketing.s3.ap-southeast-2.amazonaws.com/docker-desktop-screenshots/quick-start-wizards.png>)
|
||||
|
||||
## 4\. Marketplace
|
||||
|
||||
Subscribe to a gopaddle marketplace application, and visualize the helm chart in the design studio. These templates can be launched on a Kubernetes cluster using simple UI based wizards.
|
||||
|
||||
![Marketplace](<https://gopaddle-marketing.s3.ap-southeast-2.amazonaws.com/docker-desktop-screenshots/gp-marketplace.png>)
|
||||
|
||||
## 5\. Cluster Management
|
||||
|
||||
Clusters can be centrally managed. gopaddle automatically installs a few addons on these clusters - like Prometheus and Grafana for an out-of-the-box monitoring and alerting capabilties.
|
||||
|
||||
![Cluster Management](<https://gopaddle-marketing.s3.ap-southeast-2.amazonaws.com/docker-desktop-screenshots/gp-cluster.png>)
|
||||
|
||||
## 6\. Designer Studio
|
||||
|
||||
Design Studio provides a visual representation of the Kubernetes resources and helps to quickly design and compose Kubernetes resources without having to learn YAML.
|
||||
|
||||
![Designer Studio](<https://gopaddle-marketing.s3.ap-southeast-2.amazonaws.com/docker-desktop-screenshots/gp-designstudio.png>)
|
||||
|
||||
## 7\. Application Management
|
||||
|
||||
Centrally monitor the existing Kubernetes deployments.
|
||||
|
||||
![Application Management](<https://gopaddle-marketing.s3.ap-southeast-2.amazonaws.com/docker-desktop-screenshots/gp-app-dashboard.png>)
|
||||
|
||||
## 8\. Alerts & Notifications
|
||||
|
||||
Set alerts and notifications for the applications and clusters managed by gopaddle. gopaddle supports any type of incoming webhooks, slack, AWS SNS, Jenkins Jobs and PagerDuty as notification channel.
|
||||
|
||||
![Alerts & Notifications](<https://gopaddle-marketing.s3.ap-southeast-2.amazonaws.com/docker-desktop-screenshots/gp-alerts-notifications.png>)
|
||||
|
||||
## 9\. Developer Tools - Container Terminal
|
||||
|
||||
Easily troubleshoot issues in deployments using inbuilt developer tools like Container terminal without having to use Kubectl commands.
|
||||
|
||||
![Container Terminal](<https://gopaddle-marketing.s3.ap-southeast-2.amazonaws.com/docker-desktop-screenshots/gp-devtools-1.png>)
|
||||
|
||||
## 10\. Developer Tools - Container Logs
|
||||
|
||||
Easily troubleshoot issues in deployments using inbuilt developer tools like Container logs without having to use Kubectl commands.
|
||||
|
||||
![Container Logs](<https://gopaddle-marketing.s3.ap-southeast-2.amazonaws.com/docker-desktop-screenshots/gp-devtools-2.png>)
|
||||
|
||||
## Help
|
||||
|
||||
|
|
|
@ -1,6 +1,6 @@
|
|||
apiVersion: v2
|
||||
appVersion: 4.2.6
|
||||
appVersion: 4.2.7
|
||||
description: A Helm chart for Kubernetes
|
||||
name: gp-core
|
||||
type: application
|
||||
version: 4.2.8
|
||||
version: 4.2.7
|
||||
|
|
|
@ -20,7 +20,8 @@
|
|||
"v1.23",
|
||||
"v1.24",
|
||||
"v1.25",
|
||||
"v1.26"
|
||||
"v1.26",
|
||||
"v1.27"
|
||||
],
|
||||
"v1.6": {
|
||||
"deployment": [
|
||||
|
@ -1699,5 +1700,86 @@
|
|||
"CustomSecret":[
|
||||
"configurator.gopaddle.io/v1alpha1"
|
||||
]
|
||||
},
|
||||
"v1.27": {
|
||||
"deployment": [
|
||||
"apps/v1",
|
||||
"apps/v1beta1"
|
||||
],
|
||||
"rollBack": [
|
||||
"extensions/v1beta1"
|
||||
],
|
||||
"statefulSet": [
|
||||
"apps/v1",
|
||||
"apps/v1beta1"
|
||||
],
|
||||
"daemonSet": [
|
||||
"apps/v1"
|
||||
],
|
||||
"replicaSet": [
|
||||
"apps/v1",
|
||||
"extensions/v1beta1"
|
||||
],
|
||||
"controllerRevision": [
|
||||
"apps/v1",
|
||||
"apps/v1beta1",
|
||||
"apps/v1beta2"
|
||||
],
|
||||
"namespace": [
|
||||
"v1"
|
||||
],
|
||||
"serviceAccount": [
|
||||
"v1"
|
||||
],
|
||||
"networking": [
|
||||
"networking.k8s.io/v1"
|
||||
],
|
||||
"service": [
|
||||
"v1"
|
||||
],
|
||||
"pod": [
|
||||
"v1"
|
||||
],
|
||||
"config": [
|
||||
"v1"
|
||||
],
|
||||
"secret": [
|
||||
"v1"
|
||||
],
|
||||
"ingress": [
|
||||
"networking.k8s.io/v1"
|
||||
],
|
||||
"persistentVolume": [
|
||||
"v1"
|
||||
],
|
||||
"persistentVolumeClaim": [
|
||||
"v1"
|
||||
],
|
||||
"storageClass": [
|
||||
"storage.k8s.io/v1"
|
||||
],
|
||||
"autoscaling": [
|
||||
"autoscaling/v1"
|
||||
],
|
||||
"role": [
|
||||
"rbac.authorization.k8s.io/v1beta1",
|
||||
"rbac.authorization.k8s.io/v1"
|
||||
],
|
||||
"clusterRole": [
|
||||
"rbac.authorization.k8s.io/v1beta1",
|
||||
"rbac.authorization.k8s.io/v1"
|
||||
],
|
||||
"node": [
|
||||
"v1"
|
||||
],
|
||||
"CustomResourceDefinition":[
|
||||
"apiextensions.k8s.io/v1beta1"
|
||||
],
|
||||
"CustomConfigMap":[
|
||||
"configurator.gopaddle.io/v1alpha1"
|
||||
],
|
||||
"CustomSecret":[
|
||||
"configurator.gopaddle.io/v1alpha1"
|
||||
]
|
||||
}
|
||||
}
|
||||
|
|
|
@ -27,7 +27,7 @@
|
|||
"mq-apps-queue":"apps-worker-queue"
|
||||
},
|
||||
"esearch":{
|
||||
"es-user":"admin",
|
||||
"es-user":"elastic",
|
||||
"es-password":"cGFzc3dvcmQ",
|
||||
"es-endpoints":[
|
||||
"http://esearch:9200"
|
||||
|
|
|
@ -20,7 +20,8 @@
|
|||
"v1.23",
|
||||
"v1.24",
|
||||
"v1.25",
|
||||
"v1.26"
|
||||
"v1.26",
|
||||
"v1.27"
|
||||
],
|
||||
"v1.6": {
|
||||
"deployment": [
|
||||
|
@ -1705,5 +1706,87 @@
|
|||
"CustomSecret":[
|
||||
"configurator.gopaddle.io/v1alpha1"
|
||||
]
|
||||
},
|
||||
"v1.27": {
|
||||
"deployment": [
|
||||
"apps/v1",
|
||||
"apps/v1beta1"
|
||||
],
|
||||
"rollBack": [
|
||||
"extensions/v1beta1"
|
||||
],
|
||||
"statefulSet": [
|
||||
"apps/v1",
|
||||
"apps/v1beta1"
|
||||
],
|
||||
"daemonSet": [
|
||||
"apps/v1"
|
||||
],
|
||||
"replicaSet": [
|
||||
"apps/v1",
|
||||
"extensions/v1beta1"
|
||||
],
|
||||
"controllerRevision": [
|
||||
"apps/v1",
|
||||
"apps/v1beta1",
|
||||
"apps/v1beta2"
|
||||
],
|
||||
"namespace": [
|
||||
"v1"
|
||||
],
|
||||
"serviceAccount": [
|
||||
"v1"
|
||||
],
|
||||
"networking": [
|
||||
"networking.k8s.io/v1"
|
||||
],
|
||||
"service": [
|
||||
"v1"
|
||||
],
|
||||
"pod": [
|
||||
"v1"
|
||||
],
|
||||
"config": [
|
||||
"v1"
|
||||
],
|
||||
"secret": [
|
||||
"v1"
|
||||
],
|
||||
"ingress": [
|
||||
"extensions/v1beta1",
|
||||
"networking.k8s.io/v1"
|
||||
],
|
||||
"persistentVolume": [
|
||||
"v1"
|
||||
],
|
||||
"persistentVolumeClaim": [
|
||||
"v1"
|
||||
],
|
||||
"storageClass": [
|
||||
"storage.k8s.io/v1"
|
||||
],
|
||||
"autoscaling": [
|
||||
"autoscaling/v1"
|
||||
],
|
||||
"role": [
|
||||
"rbac.authorization.k8s.io/v1beta1",
|
||||
"rbac.authorization.k8s.io/v1"
|
||||
],
|
||||
"clusterRole": [
|
||||
"rbac.authorization.k8s.io/v1beta1",
|
||||
"rbac.authorization.k8s.io/v1"
|
||||
],
|
||||
"node": [
|
||||
"v1"
|
||||
],
|
||||
"CustomResourceDefinition":[
|
||||
"apiextensions.k8s.io/v1beta1"
|
||||
],
|
||||
"CustomConfigMap":[
|
||||
"configurator.gopaddle.io/v1alpha1"
|
||||
],
|
||||
"CustomSecret":[
|
||||
"configurator.gopaddle.io/v1alpha1"
|
||||
]
|
||||
}
|
||||
}
|
||||
|
|
|
@ -0,0 +1,167 @@
|
|||
# Reference - https://aws.amazon.com/blogs/infrastructure-and-automation/best-practices-for-deploying-ec2-instances-with-aws-cloudformation/
|
||||
---
|
||||
AWSTemplateFormatVersion: '2010-09-09'
|
||||
Description: 'Amazon EKS Sample VPC'
|
||||
|
||||
Parameters:
|
||||
|
||||
SubnetBlock:
|
||||
Type: String
|
||||
Default: SUBNET_VALUE
|
||||
Description: CidrBlock for subnet 04 within the VPC
|
||||
|
||||
|
||||
Metadata:
|
||||
AWS::CloudFormation::Interface:
|
||||
ParameterGroups:
|
||||
-
|
||||
Label:
|
||||
default: "Worker Network Configuration"
|
||||
Parameters:
|
||||
- SubnetBlock
|
||||
|
||||
Resources:
|
||||
|
||||
InternetGateway:
|
||||
Type: "AWS::EC2::InternetGateway"
|
||||
Properties:
|
||||
Tags:
|
||||
- Key: source
|
||||
Value: gopaddle
|
||||
|
||||
VPCGatewayAttachment:
|
||||
Type: "AWS::EC2::VPCGatewayAttachment"
|
||||
Properties:
|
||||
InternetGatewayId: !Ref InternetGateway
|
||||
VpcId: VPC_ID
|
||||
|
||||
|
||||
RouteTable:
|
||||
Type: AWS::EC2::RouteTable
|
||||
Properties:
|
||||
VpcId: VPC_ID
|
||||
Tags:
|
||||
- Key: Name
|
||||
Value: Public Subnets
|
||||
- Key: Network
|
||||
Value: Public
|
||||
- Key: source
|
||||
Value: gopaddle
|
||||
|
||||
|
||||
Route:
|
||||
DependsOn: VPCGatewayAttachment
|
||||
Type: AWS::EC2::Route
|
||||
Properties:
|
||||
RouteTableId: !Ref RouteTable
|
||||
DestinationCidrBlock: 0.0.0.0/0
|
||||
GatewayId: !Ref InternetGateway
|
||||
|
||||
|
||||
Subnet:
|
||||
Type: AWS::EC2::Subnet
|
||||
Metadata:
|
||||
Comment: Subnet 01
|
||||
Properties:
|
||||
MapPublicIpOnLaunch: true
|
||||
AvailabilityZone: SUBNET_ZONE
|
||||
CidrBlock:
|
||||
Ref: SubnetBlock
|
||||
VpcId: VPC_ID
|
||||
Tags:
|
||||
- Key: Name
|
||||
Value: !Sub "${AWS::StackName}-Subnet04"
|
||||
- Key: SUBNET_TAG
|
||||
Value: 1
|
||||
- Key: source
|
||||
Value: gopaddle
|
||||
|
||||
SubnetRouteTableAssociation:
|
||||
Type: AWS::EC2::SubnetRouteTableAssociation
|
||||
Properties:
|
||||
SubnetId: !Ref Subnet
|
||||
RouteTableId: !Ref RouteTable
|
||||
|
||||
SecurityGroup:
|
||||
Type: AWS::EC2::SecurityGroup
|
||||
Properties:
|
||||
GroupDescription: Bastion Host Security Group
|
||||
VpcId: VPC_ID
|
||||
SecurityGroupIngress:
|
||||
- IpProtocol: tcp
|
||||
FromPort: 443
|
||||
ToPort: 443
|
||||
- IpProtocol: tcp
|
||||
FromPort: 22
|
||||
ToPort: 22
|
||||
Tags:
|
||||
- Key: source
|
||||
Value: gopaddle
|
||||
|
||||
SecurityGroupIngress22:
|
||||
Type: "AWS::EC2::SecurityGroupIngress"
|
||||
DependsOn: SecurityGroup
|
||||
Properties:
|
||||
Description: Allow node to communicate with each other
|
||||
CidrIp: 0.0.0.0/0
|
||||
FromPort: 22
|
||||
GroupId: !Ref SecurityGroup
|
||||
IpProtocol: tcp
|
||||
ToPort: 22
|
||||
|
||||
SecurityGroupIngress443:
|
||||
Type: "AWS::EC2::SecurityGroupIngress"
|
||||
DependsOn: SecurityGroup
|
||||
Properties:
|
||||
Description: Allow node to communicate with each other
|
||||
CidrIp: 0.0.0.0/0
|
||||
FromPort: 443
|
||||
GroupId: !Ref SecurityGroup
|
||||
IpProtocol: tcp
|
||||
ToPort: 443
|
||||
|
||||
Ec2Instance:
|
||||
Type: AWS::EC2::Instance
|
||||
Properties:
|
||||
ImageId: IMAGE_ID
|
||||
KeyName: KEY_NAME
|
||||
InstanceType: "t2.micro"
|
||||
NetworkInterfaces:
|
||||
- AssociatePublicIpAddress: "true"
|
||||
DeviceIndex: "0"
|
||||
GroupSet:
|
||||
- Ref: SecurityGroup
|
||||
SubnetId:
|
||||
Ref: Subnet
|
||||
Tags:
|
||||
- Key: source
|
||||
Value: gopaddle
|
||||
UserData: !Base64
|
||||
"Fn::Sub": |
|
||||
#!/bin/bash
|
||||
sudo apt update
|
||||
sudo snap install amazon-ssm-agent --classic
|
||||
sudo snap switch --channel=candidate amazon-ssm-agent
|
||||
sudo snap refresh amazon-ssm-agent
|
||||
sudo snap start amazon-ssm-agent
|
||||
sudo snap services amazon-ssm-agent
|
||||
|
||||
Outputs:
|
||||
|
||||
SubnetID:
|
||||
Description: The Subnet Id
|
||||
Value: !Ref Subnet
|
||||
|
||||
InstanceID:
|
||||
Description: The Instance Id
|
||||
Value: !Ref Ec2Instance
|
||||
|
||||
SecurityGroupID:
|
||||
Description: The Security Group Id
|
||||
Value: !Ref SecurityGroup
|
||||
|
||||
PublicIp:
|
||||
Value: !GetAtt
|
||||
- Ec2Instance
|
||||
- PublicIp
|
||||
Description: Ec2Instance's PublicIp Address
|
Some files were not shown because too many files have changed in this diff Show More
Loading…
Reference in New Issue