Charts CI

```
Updated:
  argo/argo-cd:
    - 5.36.6
  bitnami/wordpress:
    - 16.1.18
  bitnami/zookeeper:
    - 11.4.3
  cockroach-labs/cockroachdb:
    - 11.0.3
  codefresh/cf-runtime:
    - 1.0.8
  crowdstrike/falcon-sensor:
    - 1.20.1
  datadog/datadog:
    - 3.32.4
  dh2i/dxemssql:
    - 1.0.4
  dynatrace/dynatrace-operator:
    - 0.12.0
  gopaddle/gopaddle:
    - 4.2.7
  haproxy/haproxy:
    - 1.30.6
  intel/intel-device-plugins-operator:
    - 0.27.1
  intel/intel-device-plugins-qat:
    - 0.27.1
  intel/intel-device-plugins-sgx:
    - 0.27.1
  kuma/kuma:
    - 2.2.2
  new-relic/nri-bundle:
    - 5.0.20
  pixie/pixie-operator-chart:
    - 0.1.4
  redpanda/redpanda:
    - 4.0.45
  speedscale/speedscale-operator:
    - 1.3.17
  weka/csi-wekafsplugin:
    - 2.1.0
```
pull/803/head
github-actions[bot] 2023-06-22 17:07:06 +00:00
parent ad7f01c3f2
commit e490e38761
193 changed files with 3432 additions and 1677 deletions
charts
cockroach-labs/cockroachdb
gopaddle/gopaddle
charts/gp-core
files
appscanner/appscanner
clustermanager/clustermanager

Binary file not shown.

Binary file not shown.

Binary file not shown.

Binary file not shown.

Binary file not shown.

Binary file not shown.

Binary file not shown.

Binary file not shown.

Binary file not shown.

Binary file not shown.

Binary file not shown.

Binary file not shown.

Binary file not shown.

Binary file not shown.

BIN
assets/kuma/kuma-2.2.2.tgz Normal file

Binary file not shown.

Binary file not shown.

Binary file not shown.

Binary file not shown.

Binary file not shown.

Binary file not shown.

View File

@ -1,7 +1,9 @@
annotations:
artifacthub.io/changes: |
- kind: added
description: Add `app.kubernetes.io/version` label
- kind: changed
description: Upgrade Argo CD to v2.7.6
- kind: changed
description: applicationSet.containerPorts.metrics to 8085
artifacthub.io/signKey: |
fingerprint: 2B8F22F57260EFA67BE1C5824B11F800CD9D2252
url: https://argoproj.github.io/argo-helm/pgp_keys.asc
@ -10,7 +12,7 @@ annotations:
catalog.cattle.io/kube-version: '>=1.23.0-0'
catalog.cattle.io/release-name: argo-cd
apiVersion: v2
appVersion: v2.7.5
appVersion: v2.7.6
dependencies:
- condition: redis-ha.enabled
name: redis-ha
@ -32,4 +34,4 @@ name: argo-cd
sources:
- https://github.com/argoproj/argo-helm/tree/main/charts/argo-cd
- https://github.com/argoproj/argo-cd
version: 5.36.4
version: 5.36.6

View File

@ -1044,7 +1044,7 @@ If you want to use an existing Redis (eg. a managed service from a cloud provide
| applicationSet.certificate.privateKey.size | int | `2048` | Key bit size of the private key. If algorithm is set to `Ed25519`, size is ignored. |
| applicationSet.certificate.renewBefore | string | `""` (defaults to 360h = 15d if not specified) | How long before the expiry a certificate should be renewed. |
| applicationSet.certificate.secretName | string | `"argocd-application-controller-tls"` | The name of the Secret that will be automatically created and managed by this Certificate resource |
| applicationSet.containerPorts.metrics | int | `8080` | Metrics container port |
| applicationSet.containerPorts.metrics | int | `8085` | Metrics container port |
| applicationSet.containerPorts.probe | int | `8081` | Probe container port |
| applicationSet.containerPorts.webhook | int | `7000` | Webhook container port |
| applicationSet.containerSecurityContext | object | See [values.yaml] | ApplicationSet controller container-level security context |

View File

@ -2506,7 +2506,7 @@ applicationSet:
# ApplicationSet controller container ports
containerPorts:
# -- Metrics container port
metrics: 8080
metrics: 8085
# -- Probe container port
probe: 8081
# -- Webhook container port

View File

@ -40,4 +40,4 @@ maintainers:
name: wordpress
sources:
- https://github.com/bitnami/charts/tree/main/bitnami/wordpress
version: 16.1.17
version: 16.1.18

View File

@ -20,6 +20,8 @@ It also packages the [Bitnami MariaDB chart](https://github.com/bitnami/charts/t
Bitnami charts can be used with [Kubeapps](https://kubeapps.dev/) for deployment and management of Helm Charts in clusters.
Looking to use WordPress in production? Try [VMware Application Catalog](https://bitnami.com/enterprise), the enterprise edition of Bitnami Application Catalog.
## Prerequisites
- Kubernetes 1.19+
@ -80,7 +82,7 @@ The command removes all the Kubernetes components associated with the chart and
| ------------------- | --------------------------------------------------------------------------------------------------------- | --------------------- |
| `image.registry` | WordPress image registry | `docker.io` |
| `image.repository` | WordPress image repository | `bitnami/wordpress` |
| `image.tag` | WordPress image tag (immutable tags are recommended) | `6.2.2-debian-11-r16` |
| `image.tag` | WordPress image tag (immutable tags are recommended) | `6.2.2-debian-11-r18` |
| `image.digest` | WordPress image digest in the way sha256:aa.... Please note this parameter, if set, will override the tag | `""` |
| `image.pullPolicy` | WordPress image pull policy | `IfNotPresent` |
| `image.pullSecrets` | WordPress image pull secrets | `[]` |
@ -247,7 +249,7 @@ The command removes all the Kubernetes components associated with the chart and
| `volumePermissions.enabled` | Enable init container that changes the owner/group of the PV mount point to `runAsUser:fsGroup` | `false` |
| `volumePermissions.image.registry` | Bitnami Shell image registry | `docker.io` |
| `volumePermissions.image.repository` | Bitnami Shell image repository | `bitnami/bitnami-shell` |
| `volumePermissions.image.tag` | Bitnami Shell image tag (immutable tags are recommended) | `11-debian-11-r127` |
| `volumePermissions.image.tag` | Bitnami Shell image tag (immutable tags are recommended) | `11-debian-11-r128` |
| `volumePermissions.image.digest` | Bitnami Shell image digest in the way sha256:aa.... Please note this parameter, if set, will override the tag | `""` |
| `volumePermissions.image.pullPolicy` | Bitnami Shell image pull policy | `IfNotPresent` |
| `volumePermissions.image.pullSecrets` | Bitnami Shell image pull secrets | `[]` |
@ -279,7 +281,7 @@ The command removes all the Kubernetes components associated with the chart and
| `metrics.enabled` | Start a sidecar prometheus exporter to expose metrics | `false` |
| `metrics.image.registry` | Apache exporter image registry | `docker.io` |
| `metrics.image.repository` | Apache exporter image repository | `bitnami/apache-exporter` |
| `metrics.image.tag` | Apache exporter image tag (immutable tags are recommended) | `0.13.4-debian-11-r6` |
| `metrics.image.tag` | Apache exporter image tag (immutable tags are recommended) | `0.13.4-debian-11-r7` |
| `metrics.image.digest` | Apache exporter image digest in the way sha256:aa.... Please note this parameter, if set, will override the tag | `""` |
| `metrics.image.pullPolicy` | Apache exporter image pull policy | `IfNotPresent` |
| `metrics.image.pullSecrets` | Apache exporter image pull secrets | `[]` |

View File

@ -73,7 +73,7 @@ diagnosticMode:
image:
registry: docker.io
repository: bitnami/wordpress
tag: 6.2.2-debian-11-r16
tag: 6.2.2-debian-11-r18
digest: ""
## Specify a imagePullPolicy
## Defaults to 'Always' if image tag is 'latest', else set to 'IfNotPresent'
@ -763,7 +763,7 @@ volumePermissions:
image:
registry: docker.io
repository: bitnami/bitnami-shell
tag: 11-debian-11-r127
tag: 11-debian-11-r128
digest: ""
pullPolicy: IfNotPresent
## Optionally specify an array of imagePullSecrets.
@ -857,7 +857,7 @@ metrics:
image:
registry: docker.io
repository: bitnami/apache-exporter
tag: 0.13.4-debian-11-r6
tag: 0.13.4-debian-11-r7
digest: ""
pullPolicy: IfNotPresent
## Optionally specify an array of imagePullSecrets.

View File

@ -25,4 +25,4 @@ maintainers:
name: zookeeper
sources:
- https://github.com/bitnami/charts/tree/main/bitnami/zookeeper
version: 11.4.2
version: 11.4.3

View File

@ -80,7 +80,7 @@ The command removes all the Kubernetes components associated with the chart and
| ----------------------------- | -------------------------------------------------------------------------------------------------------------------------- | ----------------------- |
| `image.registry` | ZooKeeper image registry | `docker.io` |
| `image.repository` | ZooKeeper image repository | `bitnami/zookeeper` |
| `image.tag` | ZooKeeper image tag (immutable tags are recommended) | `3.8.1-debian-11-r36` |
| `image.tag` | ZooKeeper image tag (immutable tags are recommended) | `3.8.1-debian-11-r46` |
| `image.digest` | ZooKeeper image digest in the way sha256:aa.... Please note this parameter, if set, will override the tag | `""` |
| `image.pullPolicy` | ZooKeeper image pull policy | `IfNotPresent` |
| `image.pullSecrets` | Specify docker-registry secret names as an array | `[]` |
@ -246,7 +246,7 @@ The command removes all the Kubernetes components associated with the chart and
| `volumePermissions.enabled` | Enable init container that changes the owner and group of the persistent volume | `false` |
| `volumePermissions.image.registry` | Init container volume-permissions image registry | `docker.io` |
| `volumePermissions.image.repository` | Init container volume-permissions image repository | `bitnami/bitnami-shell` |
| `volumePermissions.image.tag` | Init container volume-permissions image tag (immutable tags are recommended) | `11-debian-11-r118` |
| `volumePermissions.image.tag` | Init container volume-permissions image tag (immutable tags are recommended) | `11-debian-11-r127` |
| `volumePermissions.image.digest` | Init container volume-permissions image digest in the way sha256:aa.... Please note this parameter, if set, will override the tag | `""` |
| `volumePermissions.image.pullPolicy` | Init container volume-permissions image pull policy | `IfNotPresent` |
| `volumePermissions.image.pullSecrets` | Init container volume-permissions image pull secrets | `[]` |
@ -507,7 +507,7 @@ kubectl delete statefulset zookeeper-zookeeper --cascade=false
## License
Copyright © 2023 Bitnami
Copyright © 2023 VMware, Inc.
Licensed under the Apache License, Version 2.0 (the "License");
you may not use this file except in compliance with the License.

View File

@ -76,7 +76,7 @@ diagnosticMode:
image:
registry: docker.io
repository: bitnami/zookeeper
tag: 3.8.1-debian-11-r36
tag: 3.8.1-debian-11-r46
digest: ""
## Specify a imagePullPolicy
## Defaults to 'Always' if image tag is 'latest', else set to 'IfNotPresent'
@ -660,7 +660,7 @@ volumePermissions:
image:
registry: docker.io
repository: bitnami/bitnami-shell
tag: 11-debian-11-r118
tag: 11-debian-11-r127
digest: ""
pullPolicy: IfNotPresent
## Optionally specify an array of imagePullSecrets.

View File

@ -4,7 +4,7 @@ annotations:
catalog.cattle.io/kube-version: '>=1.8-0'
catalog.cattle.io/release-name: cockroachdb
apiVersion: v1
appVersion: 23.1.3
appVersion: 23.1.4
description: CockroachDB is a scalable, survivable, strongly-consistent SQL database.
home: https://www.cockroachlabs.com
icon: https://raw.githubusercontent.com/cockroachdb/cockroach/master/docs/media/cockroach_db.png
@ -14,4 +14,4 @@ maintainers:
name: cockroachdb
sources:
- https://github.com/cockroachdb/cockroach
version: 11.0.2
version: 11.0.3

View File

@ -229,10 +229,10 @@ kubectl get pods \
```
```
my-release-cockroachdb-0 cockroachdb/cockroach:v23.1.3
my-release-cockroachdb-1 cockroachdb/cockroach:v23.1.3
my-release-cockroachdb-2 cockroachdb/cockroach:v23.1.3
my-release-cockroachdb-3 cockroachdb/cockroach:v23.1.3
my-release-cockroachdb-0 cockroachdb/cockroach:v23.1.4
my-release-cockroachdb-1 cockroachdb/cockroach:v23.1.4
my-release-cockroachdb-2 cockroachdb/cockroach:v23.1.4
my-release-cockroachdb-3 cockroachdb/cockroach:v23.1.4
```
Resume normal operations. Once you are comfortable that the stability and performance of the cluster is what you'd expect post-upgrade, finalize the upgrade:
@ -316,7 +316,7 @@ For details see the [`values.yaml`](values.yaml) file.
| `conf.store.size` | CockroachDB storage size | `""` |
| `conf.store.attrs` | CockroachDB storage attributes | `""` |
| `image.repository` | Container image name | `cockroachdb/cockroach` |
| `image.tag` | Container image tag | `v23.1.3` |
| `image.tag` | Container image tag | `v23.1.4` |
| `image.pullPolicy` | Container pull policy | `IfNotPresent` |
| `image.credentials` | `registry`, `user` and `pass` credentials to pull private image | `{}` |
| `statefulset.replicas` | StatefulSet replicas number | `3` |

View File

@ -1,7 +1,7 @@
# Generated file, DO NOT EDIT. Source: build/templates/values.yaml
image:
repository: cockroachdb/cockroach
tag: v23.1.3
tag: v23.1.4
pullPolicy: IfNotPresent
credentials: {}
# registry: docker.io

View File

@ -15,4 +15,4 @@ maintainers:
- name: codefresh
url: https://codefresh-io.github.io/
name: cf-runtime
version: 1.0.7
version: 1.0.8

View File

@ -1,6 +1,6 @@
## Codefresh Runner
![Version: 1.0.7](https://img.shields.io/badge/Version-1.0.7-informational?style=flat-square)
![Version: 1.0.8](https://img.shields.io/badge/Version-1.0.8-informational?style=flat-square)
## Prerequisites
@ -91,6 +91,7 @@ Kubernetes: `>=1.19.0-0`
| re.dindDaemon.tlskey | string | `"/etc/ssl/cf/server-key.pem"` | |
| re.dindDaemon.tlsverify | bool | `true` | |
| re.serviceAccount | object | `{"annotations":{}}` | Set annotation on engine Service Account Ref: https://codefresh.io/docs/docs/administration/codefresh-runner/#injecting-aws-arn-roles-into-the-cluster |
| runner.annotations | object | `{}` | Add annotations to runner pod |
| runner.env | object | `{}` | Add additional env vars |
| runner.image | string | `"codefresh/venona:1.9.16"` | Set runner image |
| runner.nodeSelector | object | `{}` | Set runner node selector |

View File

@ -8,5 +8,5 @@ metadata:
annotations:
{{- range $key, $value := .Values.re.serviceAccount.annotations }}
{{ $key }}: {{ $value }}
{{- end}}
{{- end}}
{{- end}}

View File

@ -16,6 +16,10 @@ spec:
template:
metadata:
labels: {{- include "cf-runner.labels" . | nindent 8 }}
annotations:
{{- range $key, $value := .Values.runner.annotations }}
{{ $key }}: {{ $value }}
{{- end}}
spec:
serviceAccountName: {{ include "cf-runner.fullname" . }}
{{- if .Values.runner.nodeSelector }}

View File

@ -7,5 +7,5 @@ metadata:
{{- if .Values.volumeProvisioner.serviceAccount }}
{{- range $key, $value := .Values.volumeProvisioner.serviceAccount.annotations }}
{{ $key }}: {{ $value }}
{{- end}}
{{- end}}
{{- end}}

View File

@ -8,7 +8,7 @@ metadata:
{{/* annotations:*/}}
{{/* {{ range $key, $value := .Values.Storage.Annotations }}*/}}
{{/* {{ $key }}: {{ $value }}*/}}
{{/* {{ end }}*/}}
{{/* {{ end }}*/}}
provisioner: {{ include "cf-vp.volumeProvisionerName" . }}
parameters:
{{- if eq .Values.storage.backend "local" }}

View File

@ -61,6 +61,9 @@ runner:
# operator: Equal
# value: dind
# effect: NoSchedule
# -- Add annotations to runner pod
annotations: {}
# Volume Provisioner parameters
# @default -- See below

View File

@ -4,7 +4,7 @@ annotations:
catalog.cattle.io/kube-version: '>1.22.0-0'
catalog.cattle.io/release-name: falcon-sensor
apiVersion: v2
appVersion: 1.19.1
appVersion: 1.20.1
description: A Helm chart to deploy CrowdStrike Falcon sensors into Kubernetes clusters.
home: https://crowdstrike.com
icon: https://raw.githubusercontent.com/CrowdStrike/falcon-helm/main/images/crowdstrike-logo.svg
@ -24,4 +24,4 @@ name: falcon-sensor
sources:
- https://github.com/CrowdStrike/falcon-helm
type: application
version: 1.19.1
version: 1.20.1

View File

@ -87,13 +87,6 @@ kubectl label --overwrite ns my-existing-namespace \
pod-security.kubernetes.io/enforce=privileged
```
If your cluster is OpenShift version 4.11+, you will need to add an additional label to disable added OpenShift functionality that will sync Pod Security Standard policies based on the default Security Context Constraints (SCC).
Run the following command replacing `my-existing-namespace` with the namespace that you have installed the falcon sensors e.g. `falcon-system`.
```
kubectl label --overwrite ns my-existing-namespace \
security.openshift.io/scc.podSecurityLabelSync=false
```
If desired to silence the warning and change the auditing level for the Pod Security Standard, add the following labels
```
kubectl label ns --overwrite my-existing-namespace pod-security.kubernetes.io/audit=privileged
@ -207,7 +200,7 @@ The following tables lists the more common configurable parameters of the chart
| `container.image.pullPolicy` | Policy for updating images | `Always` |
| `container.image.pullSecrets.enable` | Enable pull secrets for private registry | `false` |
| `container.image.pullSecrets.namespaces` | List of Namespaces to pull the Falcon sensor from an authenticated registry | None |
| `container.image.pullSecrets.allNamespaces` | Use Helm's lookup function to deploy the pull secret to all namespaces | `false` |
| `container.image.pullSecrets.allNamespaces` | Use Helm's lookup function to deploy the pull secret to all namespaces. Helm chart must be re-run everytime a new namespace is created. | `false` |
| `container.image.pullSecrets.registryConfigJSON` | base64 encoded docker config json for the pull secret | None |
| `container.image.sensorResources` | The requests and limits of the sensor ([see example below](#example-using-containerimagesensorresources)) | None |
| `falcon.cid` | CrowdStrike Customer ID (CID) | None (Required) |

View File

@ -17,10 +17,3 @@ The default image name to deploy the pod sensor is `falcon-sensor`.
When utilizing your own registry, an extremely common error on installation is accidentally forgetting to add your containerized
sensor to your local image registry prior to executing `helm install`. Please read the Helm Chart's readme
for more deployment considerations.
{{ if and (.Capabilities.APIVersions.Has "security.openshift.io/v1") .Values.container.enabled -}}
If deploying the Falcon Container Sensor on Red Hat OpenShift, push the Falcon Container sensor image
after you install the Helm Chart if you are using OpenShift's internal registry.
This is due to OpenShift requiring a valid ImageStream Tag to pull from a valid image hash in
the internal registry.
{{- end }}

View File

@ -19,31 +19,6 @@ rules:
verbs:
- get
{{- end }}
{{- if .Capabilities.APIVersions.Has "image.openshift.io/v1" }}
- apiGroups:
- ""
- image.openshift.io
resources:
- imagestreams/layers
verbs:
- get
{{- end }}
{{- if .Capabilities.APIVersions.Has "security.openshift.io/v1" }}
- apiGroups:
- security.openshift.io
resources:
- securitycontextconstraints
resourceNames:
{{- if .Values.node.enabled }}
- privileged
{{- end }}
{{- if .Values.container.enabled }}
- {{ include "falcon-sensor.fullname" . }}-container
{{- end }}
verbs:
- use
{{- end }}
{{- if not (.Capabilities.APIVersions.Has "security.openshift.io/v1") }}
{{- if .Capabilities.APIVersions.Has "policy/v1beta1/PodSecurityPolicy" }}
- apiGroups:
- policy
@ -59,4 +34,3 @@ rules:
verbs:
- use
{{- end }}
{{- end }}

View File

@ -1,4 +1,3 @@
{{- if not (.Capabilities.APIVersions.Has "security.openshift.io/v1") }}
{{- if lt (int (semver .Capabilities.KubeVersion.Version).Minor) 25 }}
{{- if .Capabilities.APIVersions.Has "policy/v1beta1/PodSecurityPolicy" }}
{{- if .Values.container.enabled }}
@ -55,4 +54,3 @@ spec:
{{- end }}
{{- end }}
{{- end }}
{{- end }}

View File

@ -1,58 +0,0 @@
{{- if .Values.container.enabled }}
{{- if .Capabilities.APIVersions.Has "security.openshift.io/v1" }}
kind: SecurityContextConstraints
apiVersion: security.openshift.io/v1
metadata:
name: {{ include "falcon-sensor.fullname" . }}-container
labels:
app: {{ include "falcon-sensor.name" . }}
app.kubernetes.io/name: {{ include "falcon-sensor.name" . }}
app.kubernetes.io/instance: {{ .Release.Name }}
app.kubernetes.io/managed-by: {{ .Release.Service }}
app.kubernetes.io/component: "container_sensor"
crowdstrike.com/provider: crowdstrike
helm.sh/chart: {{ include "falcon-sensor.chart" . }}
allowPrivilegedContainer: false
runAsUser:
type: RunAsAny
seLinuxContext:
type: MustRunAs
fsGroup:
type: MustRunAs
supplementalGroups:
type: MustRunAs
allowHostDirVolumePlugin: false
allowHostIPC: false
allowHostNetwork: false
allowHostPID: false
allowHostPorts: false
readOnlyRootFilesystem: false
requiredDropCapabilities:
- KILL
- MKNOD
- SYS_CHROOT
- AUDIT_WRITE
- CHOWN
- DAC_OVERRIDE
- FOWNER
- FSETID
- NET_BIND_SERVICE
- NET_RAW
- SETGID
- SETPCAP
- SETUID
defaultAddCapabilities:
- SYS_PTRACE
allowedCapabilities:
- SYS_PTRACE
users:
groups:
volumes:
- configMap
- downwardAPI
- emptyDir
- persistentVolumeClaim
- projected
- secret
{{- end }}
{{- end }}

View File

@ -10,7 +10,7 @@ metadata:
data:
.dockerconfigjson: {{ $registry }}
type: kubernetes.io/dockerconfigjson
{{- if .Values.container.image.pullSecrets.namespaces }}
{{- if or .Values.container.image.pullSecrets.namespaces .Values.container.image.pullSecrets.allNamespaces }}
{{- $name := ( .Values.container.image.pullSecrets.name | default (printf "%s-pull-secret" (include "falcon-sensor.fullname" .))) }}
{{- $myns := split "," .Values.container.image.pullSecrets.namespaces -}}
{{- if .Values.container.image.pullSecrets.allNamespaces }}

View File

@ -1,4 +1,3 @@
{{- if not (.Capabilities.APIVersions.Has "security.openshift.io/v1") }}
{{- if .Capabilities.APIVersions.Has "policy/v1beta1/PodSecurityPolicy" }}
{{- if lt (int (semver .Capabilities.KubeVersion.Version).Minor) 25 }}
{{- if .Values.node.enabled }}
@ -36,4 +35,3 @@ spec:
{{- end }}
{{- end }}
{{- end }}
{{- end }}

View File

@ -1,5 +1,13 @@
# Datadog changelog
## 3.32.4
* Add futimens, utime, utimes and utimensat syscalls to system-probe seccomp.
## 3.32.3
* Allows configuration of `dogstatsd.tagCardinality` independent of `dogstatsd.originDetection`.
## 3.32.2
* Set the `priority` field of the OpenShifts SCC to `null` in order to not have a higher priority than the OpenShift 4.11+ default `restricted-v2` SCC.

View File

@ -19,4 +19,4 @@ name: datadog
sources:
- https://app.datadoghq.com/account/settings#agent/kubernetes
- https://github.com/DataDog/datadog-agent
version: 3.32.2
version: 3.32.4

View File

@ -1,6 +1,6 @@
# Datadog
![Version: 3.32.2](https://img.shields.io/badge/Version-3.32.2-informational?style=flat-square) ![AppVersion: 7](https://img.shields.io/badge/AppVersion-7-informational?style=flat-square)
![Version: 3.32.4](https://img.shields.io/badge/Version-3.32.4-informational?style=flat-square) ![AppVersion: 7](https://img.shields.io/badge/AppVersion-7-informational?style=flat-square)
[Datadog](https://www.datadoghq.com/) is a hosted infrastructure monitoring platform. This chart adds the Datadog Agent to all nodes in your cluster via a DaemonSet. It also optionally depends on the [kube-state-metrics chart](https://github.com/prometheus-community/helm-charts/tree/main/charts/kube-state-metrics). For more information about monitoring Kubernetes with Datadog, please refer to the [Datadog documentation website](https://docs.datadoghq.com/agent/basic_agent_usage/kubernetes/).

View File

@ -73,6 +73,8 @@
{{- if .Values.datadog.dogstatsd.originDetection }}
- name: DD_DOGSTATSD_ORIGIN_DETECTION
value: {{ .Values.datadog.dogstatsd.originDetection | quote }}
{{- end }}
{{- if .Values.datadog.dogstatsd.tagCardinality }}
- name: DD_DOGSTATSD_TAG_CARDINALITY
value: {{ .Values.datadog.dogstatsd.tagCardinality | quote }}
{{- end }}

View File

@ -135,6 +135,7 @@ data:
"fstatfs",
"fsync",
"futex",
"futimens",
"getcwd",
"getdents",
"getdents64",
@ -254,6 +255,9 @@ data:
"uname",
"unlink",
"unlinkat",
"utime",
"utimensat",
"utimes",
"wait4",
"waitid",
"waitpid",

View File

@ -1,7 +1,7 @@
annotations:
catalog.cattle.io/certified: partner
catalog.cattle.io/display-name: DxEnterprise for Microsoft SQL AG
catalog.cattle.io/kube-version: '>= 1.20.0'
catalog.cattle.io/kube-version: '>= 1.20.0-0'
catalog.cattle.io/release-name: dxemssql
charts.openshift.io/name: DxEnterprise for Microsoft SQL AG
apiVersion: v2
@ -9,11 +9,11 @@ appVersion: "22.0"
description: Helm chart for DH2i's DxEnterprise clustering solution with SQL Server
availability groups
icon: https://raw.githubusercontent.com/dh2i/helm/main/assets/DH2i_Logo_Icon.png
kubeVersion: '>= 1.20.0'
kubeVersion: '>= 1.20.0-0'
maintainers:
- email: support@dh2i.com
name: DH2i Company
url: https://dh2i.com
name: dxemssql
type: application
version: 1.0.3
version: 1.0.4

View File

@ -8,4 +8,8 @@ This chart deploys a SQL Server availability group managed by DxEnterprise clust
- A DxEnterprise license key with availability group management features and tunnels enabled
- Optional: DxAdmin installed on a Windows machine. Installation instructions for DxAdmin can be found in [DH2i documentation](https://support.dh2i.com/docs/v22.0/guides/dxenterprise/installation/dxadmin-qsg)
# Additional Information
Instructions for creating this chart using Rancher can be found in the [DxEnterprise Rancher guide](https://support.dh2i.com/docs/v22.0/guides/dxenterprise/containers/kubernetes/mssql-ag-rancher#install-the-helm-chart), and additional DxEnterprise Kubernetes documentation can be found [here](https://support.dh2i.com/docs/v22.0/category/guides/dxenterprise/containers/kubernetes/).
Before creating an availability group, reference SQL Server's [quorum considerations](https://support.dh2i.com/docs/kbs/sql_server/availability_groups/quorum-considerations-for-sql-server-availability-groups) when determining the quantity of replicas to deploy.

View File

@ -2,7 +2,7 @@ questions:
- variable: replicas
label: "Replicas"
type: int
description: "The quantity of replicas (pods) to create."
description: "The quantity of replicas (pods) to create. Note that setting the replica quantity to a value less than 3 does not meet Microsoft's quorum requirements for HA. Only set this value below 3 if you intend to add these replicas to an existing AG."
default: 3
required: true
group: General

View File

@ -7,7 +7,7 @@
"properties": {
"replicas": {
"type": "integer",
"minimum": 3,
"minimum": 1,
"maximum": 5
}
}

View File

@ -2,12 +2,15 @@
# This is a YAML-formatted file.
# Declare variables to be passed into your templates.
#General
# General
# CAUTION: Setting the replica quantity to a value less than 3 does not meet Microsoft's quorum requirements for HA.
# See https://support.dh2i.com/docs/kbs/sql_server/availability_groups/quorum-considerations-for-sql-server-availability-groups
# Only set this value below 3 if you intend to assign these replicas to an existing availability group
replicas: 3
secretKeys: null
enableLoadBalancers: "true"
#SQL Server settings
# SQL Server settings
sqlImage:
repository: "mcr.microsoft.com/mssql/server"
pullPolicy: Always
@ -17,7 +20,7 @@ MSSQL_PID: "Developer"
ACCEPT_EULA: null
MSSQL_AGENT_ENABLED: "false"
#DxEnterprise settings
# DxEnterprise settings
dxeImage:
repository: dh2i/dxe
pullPolicy: Always

View File

@ -4,7 +4,7 @@ annotations:
catalog.cattle.io/kube-version: '>=1.19.0-0'
catalog.cattle.io/release-name: dynatrace-operator
apiVersion: v2
appVersion: 0.11.2
appVersion: 0.12.0
description: The Dynatrace Operator Helm chart for Kubernetes and OpenShift
home: https://www.dynatrace.com/
icon: https://assets.dynatrace.com/global/resources/Signet_Logo_RGB_CP_512x512px.png
@ -20,4 +20,4 @@ name: dynatrace-operator
sources:
- https://github.com/Dynatrace/dynatrace-operator
type: application
version: 0.11.2
version: 0.12.0

View File

@ -1,6 +1,5 @@
{{- include "dynatrace-operator.platformRequired" . }}
{{- if eq (default false .Values.olm) true}}
{{ if eq (include "dynatrace-operator.partial" .) "false" }}
{{- if (eq (include "dynatrace-operator.platform" .) "openshift") }}
# Copyright 2021 Dynatrace LLC
@ -25,11 +24,25 @@ rules:
- apiGroups:
- security.openshift.io
resourceNames:
- host
- privileged
- nonroot-v2
resources:
- securitycontextconstraints
verbs:
- use
{{- end -}}
---
kind: ClusterRoleBinding
apiVersion: rbac.authorization.k8s.io/v1
metadata:
name: dynatrace-activegate
labels:
{{- include "dynatrace-operator.activegateLabels" . | nindent 4 }}
subjects:
- kind: ServiceAccount
name: dynatrace-activegate
namespace: {{ .Release.Namespace }}
roleRef:
kind: ClusterRole
name: dynatrace-activegate
apiGroup: rbac.authorization.k8s.io
{{- end -}}

View File

@ -1,32 +0,0 @@
{{- include "dynatrace-operator.platformRequired" . }}
{{- if eq (default false .Values.olm) true}}
{{ if eq (include "dynatrace-operator.partial" .) "false" }}
# Copyright 2021 Dynatrace LLC
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
# http://www.apache.org/licenses/LICENSE-2.0
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
kind: ClusterRoleBinding
apiVersion: rbac.authorization.k8s.io/v1
metadata:
name: dynatrace-activegate
labels:
{{- include "dynatrace-operator.activegateLabels" . | nindent 4 }}
subjects:
- kind: ServiceAccount
name: dynatrace-activegate
namespace: {{ .Release.Namespace }}
roleRef:
kind: ClusterRole
name: dynatrace-activegate
apiGroup: rbac.authorization.k8s.io
{{- end -}}
{{- end -}}

View File

@ -4,7 +4,7 @@ apiVersion: apiextensions.k8s.io/v1
kind: CustomResourceDefinition
metadata:
annotations:
controller-gen.kubebuilder.io/version: v0.11.1
controller-gen.kubebuilder.io/version: v0.12.0
name: dynakubes.dynatrace.com
spec:
conversion:

View File

@ -62,4 +62,29 @@ rules:
- get
- list
- watch
{{- if (eq (include "dynatrace-operator.platform" .) "openshift") }}
- apiGroups:
- security.openshift.io
resourceNames:
- privileged
resources:
- securitycontextconstraints
verbs:
- use
{{ end }}
---
kind: ClusterRoleBinding
apiVersion: rbac.authorization.k8s.io/v1
metadata:
name: dynatrace-oneagent-csi-driver
labels:
{{- include "dynatrace-operator.csiLabels" . | nindent 4 }}
subjects:
- kind: ServiceAccount
name: dynatrace-oneagent-csi-driver
namespace: {{ .Release.Namespace }}
roleRef:
kind: ClusterRole
name: dynatrace-oneagent-csi-driver
apiGroup: rbac.authorization.k8s.io
{{- end -}}

View File

@ -1,30 +0,0 @@
{{- include "dynatrace-operator.platformRequired" . }}
{{ if eq (include "dynatrace-operator.needCSI" .) "true" }}
# Copyright 2021 Dynatrace LLC
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
# http://www.apache.org/licenses/LICENSE-2.0
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
kind: ClusterRoleBinding
apiVersion: rbac.authorization.k8s.io/v1
metadata:
name: dynatrace-oneagent-csi-driver
labels:
{{- include "dynatrace-operator.csiLabels" . | nindent 4 }}
subjects:
- kind: ServiceAccount
name: dynatrace-oneagent-csi-driver
namespace: {{ .Release.Namespace }}
roleRef:
kind: ClusterRole
name: dynatrace-oneagent-csi-driver
apiGroup: rbac.authorization.k8s.io
{{- end -}}

View File

@ -18,7 +18,7 @@ kind: CSIDriver
metadata:
name: csi.oneagent.dynatrace.com
labels:
{{- if (eq (include "dynatrace-operator.openshiftOrOlm" .) "true") }}
{{- if (eq (include "dynatrace-operator.platform" .) "openshift") }}
security.openshift.io/csi-ephemeral-volume-profile: "restricted"
{{- end }}
{{- include "dynatrace-operator.csiLabels" . | nindent 4 }}

View File

@ -279,6 +279,9 @@ spec:
- key: kubernetes.io/arch
value: amd64
effect: NoSchedule
- key: kubernetes.io/arch
value: ppc64le
effect: NoSchedule
- key: ToBeDeletedByClusterAutoscaler
operator: Exists
effect: NoSchedule

View File

@ -67,4 +67,20 @@ rules:
- get
- list
- watch
---
kind: RoleBinding
apiVersion: rbac.authorization.k8s.io/v1
metadata:
name: dynatrace-oneagent-csi-driver
namespace: {{ .Release.Namespace }}
labels:
{{- include "dynatrace-operator.csiLabels" . | nindent 4 }}
subjects:
- kind: ServiceAccount
name: dynatrace-oneagent-csi-driver
namespace: {{ .Release.Namespace }}
roleRef:
kind: Role
name: dynatrace-oneagent-csi-driver
apiGroup: rbac.authorization.k8s.io
{{- end -}}

View File

@ -1,31 +0,0 @@
{{- include "dynatrace-operator.platformRequired" . }}
{{ if eq (include "dynatrace-operator.needCSI" .) "true" }}
# Copyright 2021 Dynatrace LLC
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
# http://www.apache.org/licenses/LICENSE-2.0
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
kind: RoleBinding
apiVersion: rbac.authorization.k8s.io/v1
metadata:
name: dynatrace-oneagent-csi-driver
namespace: {{ .Release.Namespace }}
labels:
{{- include "dynatrace-operator.csiLabels" . | nindent 4 }}
subjects:
- kind: ServiceAccount
name: dynatrace-oneagent-csi-driver
namespace: {{ .Release.Namespace }}
roleRef:
kind: Role
name: dynatrace-oneagent-csi-driver
apiGroup: rbac.authorization.k8s.io
{{- end -}}

View File

@ -80,15 +80,30 @@ rules:
- /livez
verbs:
- get
{{- if eq (default false .Values.olm) true}}
{{- if (eq (include "dynatrace-operator.platform" .) "openshift") }}
- apiGroups:
- security.openshift.io
resourceNames:
- host
- privileged
- nonroot-v2
resources:
- securitycontextconstraints
verbs:
- use
{{ end }}
---
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRoleBinding
metadata:
name: dynatrace-kubernetes-monitoring
labels:
{{- include "dynatrace-operator.activegateLabels" . | nindent 4 }}
roleRef:
apiGroup: rbac.authorization.k8s.io
kind: ClusterRole
name: dynatrace-kubernetes-monitoring
subjects:
- kind: ServiceAccount
name: dynatrace-kubernetes-monitoring
namespace: {{ .Release.Namespace }}
{{ end }}

View File

@ -1,30 +0,0 @@
{{- include "dynatrace-operator.platformRequired" . }}
{{ if eq (include "dynatrace-operator.partial" .) "false" }}
# Copyright 2021 Dynatrace LLC
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
# http://www.apache.org/licenses/LICENSE-2.0
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRoleBinding
metadata:
name: dynatrace-kubernetes-monitoring
labels:
{{- include "dynatrace-operator.activegateLabels" . | nindent 4 }}
roleRef:
apiGroup: rbac.authorization.k8s.io
kind: ClusterRole
name: dynatrace-kubernetes-monitoring
subjects:
- kind: ServiceAccount
name: dynatrace-kubernetes-monitoring
namespace: {{ .Release.Namespace }}
{{ end }}

View File

@ -1,32 +0,0 @@
{{- include "dynatrace-operator.platformRequired" . }}
{{- if (eq (include "dynatrace-operator.openshiftOrOlm" .) "true") }}
# Copyright 2021 Dynatrace LLC
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
# http://www.apache.org/licenses/LICENSE-2.0
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRole
metadata:
name: dynatrace-dynakube-oneagent-privileged
labels:
{{- include "dynatrace-operator.oneagentLabels" . | nindent 4 }}
rules:
- apiGroups:
- security.openshift.io
resourceNames:
- host
- privileged
resources:
- securitycontextconstraints
verbs:
- use
{{ end }}

View File

@ -1,5 +1,5 @@
{{- include "dynatrace-operator.platformRequired" . }}
{{- if (eq (include "dynatrace-operator.openshiftOrOlm" .) "true") }}
{{- if (eq (include "dynatrace-operator.platform" .) "openshift") }}
# Copyright 2021 Dynatrace LLC
# Licensed under the Apache License, Version 2.0 (the "License");
@ -16,17 +16,31 @@
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRole
metadata:
name: dynatrace-dynakube-oneagent-unprivileged
name: dynatrace-dynakube-oneagent
labels:
{{- include "dynatrace-operator.oneagentLabels" . | nindent 4 }}
rules:
- apiGroups:
- security.openshift.io
resourceNames:
- host
- privileged
resources:
- securitycontextconstraints
verbs:
- use
---
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRoleBinding
metadata:
name: dynatrace-dynakube-oneagent
labels:
{{- include "dynatrace-operator.oneagentLabels" . | nindent 4 }}
subjects:
- kind: ServiceAccount
name: dynatrace-dynakube-oneagent
namespace: {{ .Release.Namespace }}
roleRef:
apiGroup: rbac.authorization.k8s.io
kind: ClusterRole
name: dynatrace-dynakube-oneagent
{{ end }}

View File

@ -1,30 +0,0 @@
{{- include "dynatrace-operator.platformRequired" . }}
{{- if (eq (include "dynatrace-operator.openshiftOrOlm" .) "true") }}
# Copyright 2021 Dynatrace LLC
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
# http://www.apache.org/licenses/LICENSE-2.0
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRoleBinding
metadata:
name: dynatrace-dynakube-oneagent-privileged
labels:
{{- include "dynatrace-operator.oneagentLabels" . | nindent 4 }}
subjects:
- kind: ServiceAccount
name: "dynatrace-dynakube-oneagent-privileged"
namespace: {{ .Release.Namespace }}
roleRef:
apiGroup: rbac.authorization.k8s.io
kind: ClusterRole
name: "dynatrace-dynakube-oneagent-privileged"
{{ end }}

View File

@ -1,30 +0,0 @@
{{- include "dynatrace-operator.platformRequired" . }}
{{- if (eq (include "dynatrace-operator.openshiftOrOlm" .) "true") }}
# Copyright 2021 Dynatrace LLC
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
# http://www.apache.org/licenses/LICENSE-2.0
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRoleBinding
metadata:
name: dynatrace-dynakube-oneagent-unprivileged
labels:
{{- include "dynatrace-operator.oneagentLabels" . | nindent 4 }}
subjects:
- kind: ServiceAccount
name: dynatrace-dynakube-oneagent-unprivileged
namespace: {{ .Release.Namespace }}
roleRef:
apiGroup: rbac.authorization.k8s.io
kind: ClusterRole
name: dynatrace-dynakube-oneagent-unprivileged
{{ end }}

View File

@ -1,24 +0,0 @@
{{- include "dynatrace-operator.platformRequired" . }}
{{ if eq (include "dynatrace-operator.partial" .) "false" }}
# Copyright 2021 Dynatrace LLC
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
# http://www.apache.org/licenses/LICENSE-2.0
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
apiVersion: v1
kind: ServiceAccount
metadata:
name: dynatrace-dynakube-oneagent-unprivileged
namespace: {{ .Release.Namespace }}
labels:
{{- include "dynatrace-operator.oneagentLabels" . | nindent 4 }}
automountServiceAccountToken: false
{{ end }}

View File

@ -16,7 +16,7 @@
apiVersion: v1
kind: ServiceAccount
metadata:
name: dynatrace-dynakube-oneagent-privileged
name: dynatrace-dynakube-oneagent
namespace: {{ .Release.Namespace }}
labels:
{{- include "dynatrace-operator.oneagentLabels" . | nindent 4 }}

View File

@ -90,15 +90,30 @@ rules:
verbs:
- get
- update
{{- if eq (default false .Values.olm) true}}
{{- if (eq (include "dynatrace-operator.platform" .) "openshift") }}
- apiGroups:
- security.openshift.io
resourceNames:
- host
- privileged
- nonroot-v2
resources:
- securitycontextconstraints
verbs:
- use
{{ end }}
---
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRoleBinding
metadata:
name: {{ .Release.Name }}
labels:
{{- include "dynatrace-operator.operatorLabels" . | nindent 4 }}
subjects:
- kind: ServiceAccount
name: {{ .Release.Name }}
namespace: {{ .Release.Namespace }}
roleRef:
kind: ClusterRole
name: {{ .Release.Name }}
apiGroup: rbac.authorization.k8s.io
{{ end }}

View File

@ -1,30 +0,0 @@
{{- include "dynatrace-operator.platformRequired" . }}
{{ if eq (include "dynatrace-operator.partial" .) "false" }}
# Copyright 2021 Dynatrace LLC
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
# http://www.apache.org/licenses/LICENSE-2.0
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRoleBinding
metadata:
name: {{ .Release.Name }}
labels:
{{- include "dynatrace-operator.operatorLabels" . | nindent 4 }}
subjects:
- kind: ServiceAccount
name: {{ .Release.Name }}
namespace: {{ .Release.Namespace }}
roleRef:
kind: ClusterRole
name: {{ .Release.Name }}
apiGroup: rbac.authorization.k8s.io
{{ end }}

View File

@ -75,13 +75,6 @@ spec:
volumeMounts:
- name: tmp-cert-dir
mountPath: /tmp/dynatrace-operator
readinessProbe:
httpGet:
path: /livez
port: server-port
scheme: HTTP
initialDelaySeconds: 15
periodSeconds: 10
livenessProbe:
httpGet:
path: /livez
@ -112,6 +105,7 @@ spec:
values:
- amd64
- arm64
- ppc64le
{{- end }}
- key: kubernetes.io/os
operator: In
@ -138,4 +132,7 @@ spec:
- key: kubernetes.io/arch
value: amd64
effect: NoSchedule
- key: kubernetes.io/arch
value: ppc64le
effect: NoSchedule
{{ end }}

View File

@ -162,4 +162,19 @@ rules:
- get
- update
- create
---
apiVersion: rbac.authorization.k8s.io/v1
kind: RoleBinding
metadata:
name: {{ .Release.Name }}
namespace: {{ .Release.Namespace }}
labels:
{{- include "dynatrace-operator.operatorLabels" . | nindent 4 }}
subjects:
- kind: ServiceAccount
name: {{ .Release.Name }}
roleRef:
kind: Role
name: {{ .Release.Name }}
apiGroup: rbac.authorization.k8s.io
{{ end }}

View File

@ -1,30 +0,0 @@
{{- include "dynatrace-operator.platformRequired" . }}
{{ if eq (include "dynatrace-operator.partial" .) "false" }}
# Copyright 2021 Dynatrace LLC
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
# http://www.apache.org/licenses/LICENSE-2.0
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
apiVersion: rbac.authorization.k8s.io/v1
kind: RoleBinding
metadata:
name: {{ .Release.Name }}
namespace: {{ .Release.Namespace }}
labels:
{{- include "dynatrace-operator.operatorLabels" . | nindent 4 }}
subjects:
- kind: ServiceAccount
name: {{ .Release.Name }}
roleRef:
kind: Role
name: {{ .Release.Name }}
apiGroup: rbac.authorization.k8s.io
{{ end }}

View File

@ -83,15 +83,30 @@ rules:
- deploymentconfigs
verbs:
- get
{{- if eq (default false .Values.olm) true}}
{{- if (eq (include "dynatrace-operator.platform" .) "openshift") }}
- apiGroups:
- security.openshift.io
resourceNames:
- host
- privileged
- nonroot-v2
resources:
- securitycontextconstraints
verbs:
- use
{{ end }}
---
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRoleBinding
metadata:
name: dynatrace-webhook
labels:
{{- include "dynatrace-operator.webhookLabels" . | nindent 4 }}
subjects:
- kind: ServiceAccount
name: dynatrace-webhook
namespace: {{ .Release.Namespace }}
roleRef:
kind: ClusterRole
name: dynatrace-webhook
apiGroup: rbac.authorization.k8s.io
{{ end }}

View File

@ -1,30 +0,0 @@
{{- include "dynatrace-operator.platformRequired" . }}
{{ if eq (include "dynatrace-operator.partial" .) "false" }}
# Copyright 2021 Dynatrace LLC
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
# http://www.apache.org/licenses/LICENSE-2.0
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRoleBinding
metadata:
name: dynatrace-webhook
labels:
{{- include "dynatrace-operator.webhookLabels" . | nindent 4 }}
subjects:
- kind: ServiceAccount
name: dynatrace-webhook
namespace: {{ .Release.Namespace }}
roleRef:
kind: ClusterRole
name: dynatrace-webhook
apiGroup: rbac.authorization.k8s.io
{{ end }}

View File

@ -80,6 +80,7 @@ spec:
values:
- amd64
- arm64
- ppc64le
{{- end }}
- key: kubernetes.io/os
operator: In
@ -103,13 +104,25 @@ spec:
fieldRef:
fieldPath: metadata.name
readinessProbe:
httpGet:
path: /readyz
port: livez
scheme: HTTP
initialDelaySeconds: 15
periodSeconds: 10
livenessProbe:
httpGet:
path: /livez
port: server-port
scheme: HTTPS
port: livez
scheme: HTTP
initialDelaySeconds: 15
periodSeconds: 10
ports:
- name: server-port
containerPort: 8443
- name: livez
containerPort: 10080
resources:
requests:
{{- toYaml (.Values.webhook).requests | nindent 14 }}
@ -151,4 +164,7 @@ spec:
- key: kubernetes.io/arch
value: amd64
effect: NoSchedule
- key: kubernetes.io/arch
value: ppc64le
effect: NoSchedule
{{ end }}

View File

@ -71,4 +71,20 @@ rules:
verbs:
- list
- watch
---
apiVersion: rbac.authorization.k8s.io/v1
kind: RoleBinding
metadata:
name: dynatrace-webhook
namespace: {{ .Release.Namespace }}
labels:
{{- include "dynatrace-operator.webhookLabels" . | nindent 4 }}
subjects:
- kind: ServiceAccount
name: dynatrace-webhook
namespace: {{ .Release.Namespace }}
roleRef:
kind: Role
name: dynatrace-webhook
apiGroup: rbac.authorization.k8s.io
{{ end }}

View File

@ -1,31 +0,0 @@
{{- include "dynatrace-operator.platformRequired" . }}
{{ if eq (include "dynatrace-operator.partial" .) "false" }}
# Copyright 2021 Dynatrace LLC
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
# http://www.apache.org/licenses/LICENSE-2.0
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
apiVersion: rbac.authorization.k8s.io/v1
kind: RoleBinding
metadata:
name: dynatrace-webhook
namespace: {{ .Release.Namespace }}
labels:
{{- include "dynatrace-operator.webhookLabels" . | nindent 4 }}
subjects:
- kind: ServiceAccount
name: dynatrace-webhook
namespace: {{ .Release.Namespace }}
roleRef:
kind: Role
name: dynatrace-webhook
apiGroup: rbac.authorization.k8s.io
{{ end }}

View File

@ -40,6 +40,6 @@ webhooks:
resources:
- dynakubes
name: webhook.dynatrace.com
timeoutSeconds: 2
timeoutSeconds: 10
sideEffects: None
{{ end }}

View File

@ -1,48 +0,0 @@
{{- if and (eq (include "dynatrace-operator.platform" .) "openshift") ((.Values.securityContextConstraints).enabled) (eq (include "dynatrace-operator.partial" .) "false")}}
# Copyright 2021 Dynatrace LLC
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
# http://www.apache.org/licenses/LICENSE-2.0
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
apiVersion: security.openshift.io/v1
kind: SecurityContextConstraints
metadata:
name: dynatrace-activegate
allowPrivilegedContainer: false
fsGroup:
type: RunAsAny
priority: 1
readOnlyRootFilesystem: false
requiredDropCapabilities:
- ALL
runAsUser:
type: MustRunAs
uid: 1001
seLinuxContext:
type: RunAsAny
seccompProfiles:
- "*"
supplementalGroups:
type: RunAsAny
users:
- system:serviceaccount:{{ .Release.Namespace }}:dynatrace-activegate
- system:serviceaccount:{{ .Release.Namespace }}:dynatrace-kubernetes-monitoring
volumes:
- "*"
allowHostDirVolumePlugin: false
allowHostIPC: false
allowHostNetwork: false
allowHostPID: false
allowHostPorts: false
allowedFlexVolumes: null
defaultAddCapabilities: []
{{ end }}

View File

@ -1,48 +0,0 @@
{{- if and (eq (include "dynatrace-operator.platform" .) "openshift") ((.Values.securityContextConstraints).enabled) (eq (include "dynatrace-operator.needCSI" .) "true") }}
# Copyright 2021 Dynatrace LLC
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
# http://www.apache.org/licenses/LICENSE-2.0
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
apiVersion: security.openshift.io/v1
kind: SecurityContextConstraints
metadata:
name: dynatrace-oneagent-csi-driver
labels:
{{- include "dynatrace-operator.csiLabels" . | nindent 4 }}
allowHostDirVolumePlugin: true
allowHostIPC: true
allowHostNetwork: true
allowHostPID: true
allowHostPorts: true
allowPrivilegedContainer: true
allowedCapabilities:
- "*"
allowedFlexVolumes: null
defaultAddCapabilities: null
fsGroup:
type: RunAsAny
priority: 1
readOnlyRootFilesystem: false
requiredDropCapabilities: null
runAsUser:
type: RunAsAny
seLinuxContext:
type: RunAsAny
seccompProfiles:
- "*"
supplementalGroups:
type: RunAsAny
users:
- system:serviceaccount:dynatrace:dynatrace-oneagent-csi-driver
volumes:
- "*"
{{ end }}

View File

@ -1,65 +0,0 @@
{{- if and (eq (include "dynatrace-operator.platform" .) "openshift") ((.Values.securityContextConstraints).enabled) (eq (include "dynatrace-operator.partial" .) "false")}}
# Copyright 2021 Dynatrace LLC
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
# http://www.apache.org/licenses/LICENSE-2.0
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
apiVersion: security.openshift.io/v1
kind: SecurityContextConstraints
metadata:
annotations:
kubernetes.io/description: "dynatrace-dynakube-oneagent-privileged allows access to all privileged and host features and the ability to run as any user, any group, any fsGroup, and with any SELinux context."
name: dynatrace-dynakube-oneagent-privileged
labels:
{{- include "dynatrace-operator.oneagentLabels" . | nindent 4 }}
allowHostDirVolumePlugin: true
allowHostIPC: false
allowHostNetwork: true
allowHostPID: true
allowHostPorts: true
allowPrivilegedContainer: true
allowedCapabilities:
- CHOWN
- DAC_OVERRIDE
- DAC_READ_SEARCH
- FOWNER
- FSETID
- KILL
- NET_ADMIN
- NET_RAW
- SETFCAP
- SETGID
- SETUID
- SYS_ADMIN
- SYS_CHROOT
- SYS_PTRACE
- SYS_RESOURCE
allowedFlexVolumes: null
defaultAddCapabilities: []
fsGroup:
type: RunAsAny
priority: 1
readOnlyRootFilesystem: false
requiredDropCapabilities:
- ALL
runAsUser:
type: RunAsAny
seLinuxContext:
type: RunAsAny
seccompProfiles:
- "*"
supplementalGroups:
type: RunAsAny
users:
- system:serviceaccount:{{ .Release.Namespace }}:dynatrace-dynakube-oneagent-privileged
volumes:
- "*"
{{ end }}

View File

@ -1,65 +0,0 @@
{{- if and (eq (include "dynatrace-operator.platform" .) "openshift") ((.Values.securityContextConstraints).enabled) (eq (include "dynatrace-operator.partial" .) "false")}}
# Copyright 2021 Dynatrace LLC
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
# http://www.apache.org/licenses/LICENSE-2.0
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
apiVersion: security.openshift.io/v1
kind: SecurityContextConstraints
metadata:
annotations:
kubernetes.io/description: "dynatrace-dynakube-oneagent-unprivileged allows access to all privileged and host features and the ability to run as any user, any group, any fsGroup, and with any SELinux context. This is a copy of privileged scc."
name: dynatrace-dynakube-oneagent-unprivileged
labels:
{{- include "dynatrace-operator.oneagentLabels" . | nindent 4 }}
allowHostDirVolumePlugin: true
allowHostIPC: false
allowHostNetwork: true
allowHostPID: true
allowHostPorts: true
allowPrivilegedContainer: false
allowedCapabilities:
- CHOWN
- DAC_OVERRIDE
- DAC_READ_SEARCH
- FOWNER
- FSETID
- KILL
- NET_ADMIN
- NET_RAW
- SETFCAP
- SETGID
- SETUID
- SYS_ADMIN
- SYS_CHROOT
- SYS_PTRACE
- SYS_RESOURCE
allowedFlexVolumes: null
defaultAddCapabilities: []
fsGroup:
type: RunAsAny
priority: 1
readOnlyRootFilesystem: false
requiredDropCapabilities:
- ALL
runAsUser:
type: RunAsAny
seLinuxContext:
type: RunAsAny
seccompProfiles:
- "*"
supplementalGroups:
type: RunAsAny
users:
- system:serviceaccount:{{ .Release.Namespace }}:dynatrace-dynakube-oneagent-unprivileged
volumes:
- "*"
{{ end }}

View File

@ -1,48 +0,0 @@
{{- if and (eq (include "dynatrace-operator.platform" .) "openshift") ((.Values.securityContextConstraints).enabled) (eq (include "dynatrace-operator.partial" .) "false")}}
# Copyright 2021 Dynatrace LLC
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
# http://www.apache.org/licenses/LICENSE-2.0
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
apiVersion: security.openshift.io/v1
kind: SecurityContextConstraints
metadata:
name: {{ .Release.Name }}
labels:
{{- include "dynatrace-operator.operatorLabels" . | nindent 4 }}
allowPrivilegedContainer: false
fsGroup:
type: RunAsAny
priority: 1
readOnlyRootFilesystem: true
requiredDropCapabilities:
- ALL
runAsUser:
type: MustRunAsNonRoot
seLinuxContext:
type: RunAsAny
seccompProfiles:
- "*"
supplementalGroups:
type: RunAsAny
users:
- system:serviceaccount:{{ .Release.Namespace }}:{{ .Release.Name }}
volumes:
- "*"
allowHostDirVolumePlugin: false
allowHostIPC: false
allowHostNetwork: false
allowHostPID: false
allowHostPorts: false
allowedFlexVolumes: null
defaultAddCapabilities: []
{{ end }}

View File

@ -1,48 +0,0 @@
{{- if and (eq (include "dynatrace-operator.platform" .) "openshift") ((.Values.securityContextConstraints).enabled) (eq (include "dynatrace-operator.partial" .) "false")}}
# Copyright 2021 Dynatrace LLC
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
# http://www.apache.org/licenses/LICENSE-2.0
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
apiVersion: security.openshift.io/v1
kind: SecurityContextConstraints
metadata:
name: dynatrace-webhook
labels:
{{- include "dynatrace-operator.operatorLabels" . | nindent 4 }}
allowPrivilegedContainer: false
fsGroup:
type: RunAsAny
priority: 1
readOnlyRootFilesystem: true
requiredDropCapabilities:
- ALL
runAsUser:
type: MustRunAsNonRoot
seLinuxContext:
type: RunAsAny
seccompProfiles:
- "*"
supplementalGroups:
type: RunAsAny
users:
- system:serviceaccount:{{ .Release.Namespace }}:dynatrace-webhook
volumes:
- "*"
allowHostDirVolumePlugin: false
allowHostIPC: false
allowHostNetwork: true
allowHostPID: false
allowHostPorts: false
allowedFlexVolumes: null
defaultAddCapabilities: []
{{ end }}

View File

@ -27,15 +27,6 @@ Auto-detect the platform (if not set), according to the available APIVersions
{{- end -}}
{{- end }}
{{/*
Exclude Kubernetes manifest not running on OLM
*/}}
{{- define "dynatrace-operator.openshiftOrOlm" -}}
{{- if and (or (eq (include "dynatrace-operator.platform" .) "openshift") (.Values.olm)) (eq (include "dynatrace-operator.partial" .) "false") -}}
{{ default "true" }}
{{- end -}}
{{- end -}}
{{/*
Check if platform is set to a valid one
*/}}

View File

@ -1,11 +1,20 @@
annotations:
artifacthub.io/changes: |-
- kind: added
description: Docker Compose based installer for Docker Desktop extension
- kind: changed
description: Docker Image size optimization for faster installation
- kind: added
description: Gitlab person access token support added
- kind: changed
description: EKS cluster create - UX improvements for Master role ARN, Node role ARN & ALB role
catalog.cattle.io/certified: partner
catalog.cattle.io/display-name: gopaddle
catalog.cattle.io/kube-version: '>=1.21-0'
catalog.cattle.io/namespace: gp-lite-4-2
catalog.cattle.io/release-name: gopaddle
apiVersion: v2
appVersion: 4.2.6
appVersion: 4.2.7
dependencies:
- condition: global.installer.chart.gp-core
name: gp-core
@ -23,4 +32,4 @@ keywords:
- Community Edition
kubeVersion: '>=1.21-0'
name: gopaddle
version: 4.2.6
version: 4.2.7

View File

@ -2,23 +2,29 @@
# [gopaddle](https://gopaddle.io/)
## Simple low-code platform for Kubernetes developers and operators.
## Simplest DevSecOps platform for Kubernetes developers and operators.
Provision multi-cloud clusters, Dockerize applications, Deploy, Monitor and Build DevOps pipelines within a fraction of time and cost.
gopaddle is a simple low-code Internal Developer Platform (IDP) for Kubernetes developers and operators. Using gopaddle, developers can generate everything they need to set up Kubernetes infrastructure on multiple cloud environments and deployment applications with ease. From Dockerfiles to Kubernetes YAML files, Helm Charts, and pipeline code, gopaddle will help containerize and get the applications running in minutes. Developers can also efficiently manage existing applications on the Kubernetes cluster by monitoring the application performance and setting alerts and notificications.
<br>
## gopaddle Lite
gopaddle Lite is a life-time free community edition of gopaddle that can be installed in a single node/single user mode on a Kubernetes cluster. gopaddle lite comes with many capabilities that helps developers to built a self-service portal for a small scale Kubernetes deployment at zero cost. gopaddle Lite is available on a variety of marketplaces like microk8s add-on, SUSE Rancher Prime, ArtifactHub and many more.
[![Artifact Hub](https://img.shields.io/endpoint?url=https://artifacthub.io/badge/repository/gopaddle-lite)](https://artifacthub.io/packages/search?repo=gopaddle-lite)
[![Slack Channel](https://img.shields.io/badge/Slack-Join-purple)](https://gopaddleio.slack.com/join/shared_invite/zt-1l73p8wfo-vYk1XcbLAZMo9wcV_AChvg#/shared-invite/email/expanded-email-form)
[![Twitter](https://img.shields.io/twitter/follow/gopaddleio?style=social)](https://twitter.com/gopaddleio)
[![YouTube Channel](https://img.shields.io/badge/YouTube-Subscribe-red)](https://www.youtube.com/channel/UCtbfM3vjjJJBAka8DCzKKYg)
<br><br><br><br>
<br><br>
## Installation
### Minimum System Requirements
gopaddle installation requires a minimum of `8GB RAM` and `4 vCPUs`
### Step to install
### Firewall Ports
The following incoming firewall ports need to be opened - `30003`, `30004`, `30006`, `32000` and any port that is needed for nodeport based application deployment.
### Step to install using Helm Charts
Add the helm repo
@ -48,7 +54,7 @@ pod/rabbitmq-0 condition met
pod/gpcore-85c7c6f65b-5vfmh condition met
```
One the installation is complete, gopaddle dashboard can be accessed at http://<NodeIP>:30003/
One the installation is complete, gopaddle dashboard can be accessed at http://[NodeIP]:30003/
NodeIP can be obtained by executing the command below:
@ -56,6 +62,20 @@ NodeIP can be obtained by executing the command below:
root@localhost:~# kubectl get nodes -o wide
```
## microk8s addon for gopaddle lite
The microk8s addon for gopaddle community (lite) edition uses this helm
repository for helm-based installation of gopaddle-lite.
For documentation specific to microk8s addon for gopaddle community (lite)
edition, see:
https://help.gopaddle.io/en/articles/6654354-install-gopaddle-lite-microk8s-addon-on-ubuntu
## gopaddle lite on SUSE Rancher Prime
gopaddle Lite can be easily installed by choosing the gopaddle chart from the Rancher Prime marketplace place.
For documentation specific to installing gopaddle community (lite) edition on Rancher Prime, see:
https://help.gopaddle.io/en/articles/6977654-install-gopaddle-lite-on-suse-rancher-prime
## Getting started with gopaddle
@ -84,21 +104,72 @@ In the final step of the Containerize and Deploy Quickstart wizard, enable the o
All the artificats generated during the process can be edited and re-deployed at a later stage.
### Application Templates - Marketplace
## Features
## 1\. DevOps Dashboard
Under Templates, the Marketplace Applications hosts a variety of pre-built Kubernetes templates. Developers can subscribe to these templates and deploy them on the local microk8s cluster.
The main dashboard gives a bird's eye view of the clusters, volumes, applications, events and projects imported and managed by gopaddle.
<img width="1445" alt="gp-app-templates-1" src="https://user-images.githubusercontent.com/74309181/205758999-2a50eac6-d292-4280-85dd-3d617eda623a.png">
![DevOps Dashboard](<https://gopaddle-marketing.s3.ap-southeast-2.amazonaws.com/docker-desktop-screenshots/gp-dashboard.png>)
## 2\. Builds & Vulnerabilities
## microk8s addon for gopaddle community (lite) edition
The builds and vulnerabilities dashboard captures the status of the Docker builds and the severity of the vulnerabilities identified in the builds.
The microk8s addon for gopaddle community (lite) edition uses this helm
repository for helm-based installation of gopaddle-lite.
![Builds & Vulnerabilities](<https://gopaddle-marketing.s3.ap-southeast-2.amazonaws.com/docker-desktop-screenshots/gp-devops-dashboard.png>)
For documentation specific to microk8s addon for gopaddle community (lite)
edition, see:
https://github.com/gopaddle-io/microk8s-community-addons-gplite/blob/main/README.md
## 3\. Quick start wizards
gopaddle offers 3 type of quick start wizards -
**1\. Provision Clusters** \- Onboard GKE or AWS cloud accounts with fine grained access controls and provision multi-cloud Kubernetes cluster. Available only in SaaS & Enterprise Editions.
**2\. Dockerize & Deploy** \- Automatically generate Dockerfiles and Kubernetes YAML files by analyzing the source code in GitHub or GitLab accounts and deploy them on to Kubernetes clusters.
**3\.Generate Pipeline code** \- Generate Jenkins or GitHub Actions or Azure DevOps pipeline Code for an application deployed through gopaddle.
![Quickstart Wizards](<https://gopaddle-marketing.s3.ap-southeast-2.amazonaws.com/docker-desktop-screenshots/quick-start-wizards.png>)
## 4\. Marketplace
Subscribe to a gopaddle marketplace application, and visualize the helm chart in the design studio. These templates can be launched on a Kubernetes cluster using simple UI based wizards.
![Marketplace](<https://gopaddle-marketing.s3.ap-southeast-2.amazonaws.com/docker-desktop-screenshots/gp-marketplace.png>)
## 5\. Cluster Management
Clusters can be centrally managed. gopaddle automatically installs a few addons on these clusters - like Prometheus and Grafana for an out-of-the-box monitoring and alerting capabilties.
![Cluster Management](<https://gopaddle-marketing.s3.ap-southeast-2.amazonaws.com/docker-desktop-screenshots/gp-cluster.png>)
## 6\. Designer Studio
Design Studio provides a visual representation of the Kubernetes resources and helps to quickly design and compose Kubernetes resources without having to learn YAML.
![Designer Studio](<https://gopaddle-marketing.s3.ap-southeast-2.amazonaws.com/docker-desktop-screenshots/gp-designstudio.png>)
## 7\. Application Management
Centrally monitor the existing Kubernetes deployments.
![Application Management](<https://gopaddle-marketing.s3.ap-southeast-2.amazonaws.com/docker-desktop-screenshots/gp-app-dashboard.png>)
## 8\. Alerts & Notifications
Set alerts and notifications for the applications and clusters managed by gopaddle. gopaddle supports any type of incoming webhooks, slack, AWS SNS, Jenkins Jobs and PagerDuty as notification channel.
![Alerts & Notifications](<https://gopaddle-marketing.s3.ap-southeast-2.amazonaws.com/docker-desktop-screenshots/gp-alerts-notifications.png>)
## 9\. Developer Tools - Container Terminal
Easily troubleshoot issues in deployments using inbuilt developer tools like Container terminal without having to use Kubectl commands.
![Container Terminal](<https://gopaddle-marketing.s3.ap-southeast-2.amazonaws.com/docker-desktop-screenshots/gp-devtools-1.png>)
## 10\. Developer Tools - Container Logs
Easily troubleshoot issues in deployments using inbuilt developer tools like Container logs without having to use Kubectl commands.
![Container Logs](<https://gopaddle-marketing.s3.ap-southeast-2.amazonaws.com/docker-desktop-screenshots/gp-devtools-2.png>)
## Help

View File

@ -1,6 +1,6 @@
apiVersion: v2
appVersion: 4.2.6
appVersion: 4.2.7
description: A Helm chart for Kubernetes
name: gp-core
type: application
version: 4.2.8
version: 4.2.7

View File

@ -20,7 +20,8 @@
"v1.23",
"v1.24",
"v1.25",
"v1.26"
"v1.26",
"v1.27"
],
"v1.6": {
"deployment": [
@ -1699,5 +1700,86 @@
"CustomSecret":[
"configurator.gopaddle.io/v1alpha1"
]
},
"v1.27": {
"deployment": [
"apps/v1",
"apps/v1beta1"
],
"rollBack": [
"extensions/v1beta1"
],
"statefulSet": [
"apps/v1",
"apps/v1beta1"
],
"daemonSet": [
"apps/v1"
],
"replicaSet": [
"apps/v1",
"extensions/v1beta1"
],
"controllerRevision": [
"apps/v1",
"apps/v1beta1",
"apps/v1beta2"
],
"namespace": [
"v1"
],
"serviceAccount": [
"v1"
],
"networking": [
"networking.k8s.io/v1"
],
"service": [
"v1"
],
"pod": [
"v1"
],
"config": [
"v1"
],
"secret": [
"v1"
],
"ingress": [
"networking.k8s.io/v1"
],
"persistentVolume": [
"v1"
],
"persistentVolumeClaim": [
"v1"
],
"storageClass": [
"storage.k8s.io/v1"
],
"autoscaling": [
"autoscaling/v1"
],
"role": [
"rbac.authorization.k8s.io/v1beta1",
"rbac.authorization.k8s.io/v1"
],
"clusterRole": [
"rbac.authorization.k8s.io/v1beta1",
"rbac.authorization.k8s.io/v1"
],
"node": [
"v1"
],
"CustomResourceDefinition":[
"apiextensions.k8s.io/v1beta1"
],
"CustomConfigMap":[
"configurator.gopaddle.io/v1alpha1"
],
"CustomSecret":[
"configurator.gopaddle.io/v1alpha1"
]
}
}

View File

@ -27,7 +27,7 @@
"mq-apps-queue":"apps-worker-queue"
},
"esearch":{
"es-user":"admin",
"es-user":"elastic",
"es-password":"cGFzc3dvcmQ",
"es-endpoints":[
"http://esearch:9200"

View File

@ -20,7 +20,8 @@
"v1.23",
"v1.24",
"v1.25",
"v1.26"
"v1.26",
"v1.27"
],
"v1.6": {
"deployment": [
@ -1705,5 +1706,87 @@
"CustomSecret":[
"configurator.gopaddle.io/v1alpha1"
]
},
"v1.27": {
"deployment": [
"apps/v1",
"apps/v1beta1"
],
"rollBack": [
"extensions/v1beta1"
],
"statefulSet": [
"apps/v1",
"apps/v1beta1"
],
"daemonSet": [
"apps/v1"
],
"replicaSet": [
"apps/v1",
"extensions/v1beta1"
],
"controllerRevision": [
"apps/v1",
"apps/v1beta1",
"apps/v1beta2"
],
"namespace": [
"v1"
],
"serviceAccount": [
"v1"
],
"networking": [
"networking.k8s.io/v1"
],
"service": [
"v1"
],
"pod": [
"v1"
],
"config": [
"v1"
],
"secret": [
"v1"
],
"ingress": [
"extensions/v1beta1",
"networking.k8s.io/v1"
],
"persistentVolume": [
"v1"
],
"persistentVolumeClaim": [
"v1"
],
"storageClass": [
"storage.k8s.io/v1"
],
"autoscaling": [
"autoscaling/v1"
],
"role": [
"rbac.authorization.k8s.io/v1beta1",
"rbac.authorization.k8s.io/v1"
],
"clusterRole": [
"rbac.authorization.k8s.io/v1beta1",
"rbac.authorization.k8s.io/v1"
],
"node": [
"v1"
],
"CustomResourceDefinition":[
"apiextensions.k8s.io/v1beta1"
],
"CustomConfigMap":[
"configurator.gopaddle.io/v1alpha1"
],
"CustomSecret":[
"configurator.gopaddle.io/v1alpha1"
]
}
}

View File

@ -0,0 +1,167 @@
# Reference - https://aws.amazon.com/blogs/infrastructure-and-automation/best-practices-for-deploying-ec2-instances-with-aws-cloudformation/
---
AWSTemplateFormatVersion: '2010-09-09'
Description: 'Amazon EKS Sample VPC'
Parameters:
SubnetBlock:
Type: String
Default: SUBNET_VALUE
Description: CidrBlock for subnet 04 within the VPC
Metadata:
AWS::CloudFormation::Interface:
ParameterGroups:
-
Label:
default: "Worker Network Configuration"
Parameters:
- SubnetBlock
Resources:
InternetGateway:
Type: "AWS::EC2::InternetGateway"
Properties:
Tags:
- Key: source
Value: gopaddle
VPCGatewayAttachment:
Type: "AWS::EC2::VPCGatewayAttachment"
Properties:
InternetGatewayId: !Ref InternetGateway
VpcId: VPC_ID
RouteTable:
Type: AWS::EC2::RouteTable
Properties:
VpcId: VPC_ID
Tags:
- Key: Name
Value: Public Subnets
- Key: Network
Value: Public
- Key: source
Value: gopaddle
Route:
DependsOn: VPCGatewayAttachment
Type: AWS::EC2::Route
Properties:
RouteTableId: !Ref RouteTable
DestinationCidrBlock: 0.0.0.0/0
GatewayId: !Ref InternetGateway
Subnet:
Type: AWS::EC2::Subnet
Metadata:
Comment: Subnet 01
Properties:
MapPublicIpOnLaunch: true
AvailabilityZone: SUBNET_ZONE
CidrBlock:
Ref: SubnetBlock
VpcId: VPC_ID
Tags:
- Key: Name
Value: !Sub "${AWS::StackName}-Subnet04"
- Key: SUBNET_TAG
Value: 1
- Key: source
Value: gopaddle
SubnetRouteTableAssociation:
Type: AWS::EC2::SubnetRouteTableAssociation
Properties:
SubnetId: !Ref Subnet
RouteTableId: !Ref RouteTable
SecurityGroup:
Type: AWS::EC2::SecurityGroup
Properties:
GroupDescription: Bastion Host Security Group
VpcId: VPC_ID
SecurityGroupIngress:
- IpProtocol: tcp
FromPort: 443
ToPort: 443
- IpProtocol: tcp
FromPort: 22
ToPort: 22
Tags:
- Key: source
Value: gopaddle
SecurityGroupIngress22:
Type: "AWS::EC2::SecurityGroupIngress"
DependsOn: SecurityGroup
Properties:
Description: Allow node to communicate with each other
CidrIp: 0.0.0.0/0
FromPort: 22
GroupId: !Ref SecurityGroup
IpProtocol: tcp
ToPort: 22
SecurityGroupIngress443:
Type: "AWS::EC2::SecurityGroupIngress"
DependsOn: SecurityGroup
Properties:
Description: Allow node to communicate with each other
CidrIp: 0.0.0.0/0
FromPort: 443
GroupId: !Ref SecurityGroup
IpProtocol: tcp
ToPort: 443
Ec2Instance:
Type: AWS::EC2::Instance
Properties:
ImageId: IMAGE_ID
KeyName: KEY_NAME
InstanceType: "t2.micro"
NetworkInterfaces:
- AssociatePublicIpAddress: "true"
DeviceIndex: "0"
GroupSet:
- Ref: SecurityGroup
SubnetId:
Ref: Subnet
Tags:
- Key: source
Value: gopaddle
UserData: !Base64
"Fn::Sub": |
#!/bin/bash
sudo apt update
sudo snap install amazon-ssm-agent --classic
sudo snap switch --channel=candidate amazon-ssm-agent
sudo snap refresh amazon-ssm-agent
sudo snap start amazon-ssm-agent
sudo snap services amazon-ssm-agent
Outputs:
SubnetID:
Description: The Subnet Id
Value: !Ref Subnet
InstanceID:
Description: The Instance Id
Value: !Ref Ec2Instance
SecurityGroupID:
Description: The Security Group Id
Value: !Ref SecurityGroup
PublicIp:
Value: !GetAtt
- Ec2Instance
- PublicIp
Description: Ec2Instance's PublicIp Address

Some files were not shown because too many files have changed in this diff Show More