andata
/
rancher-partner-charts
mirror of https://git.rancher.io/partner-charts
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

Added chart versions: 

codefresh/cf-runtime:
    - 7.2.2
  speedscale/speedscale-operator:
    - 2.2.744
pull/1093/head
github-actions[bot] 2024-12-05 00:03:38 +00:00
parent 03057885b4
commit ec91e88709
97 changed files with 8252 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

BIN
assets/codefresh/cf-runtime-7.2.2.tgz Normal file
View File

Binary file not shown.

BIN
assets/speedscale/speedscale-operator-2.2.744.tgz Normal file
View File

Binary file not shown.

3
charts/codefresh/cf-runtime/7.2.2/.helmignore Normal file
View File

@ -0,0 +1,3 @@
tests/
.ci/
test-values/

28
charts/codefresh/cf-runtime/7.2.2/Chart.yaml Normal file
View File

@ -0,0 +1,28 @@
annotations:
artifacthub.io/changes: |
- kind: changed
description: "Update engine (--cache-to support in build step)"
artifacthub.io/containsSecurityUpdates: "false"
catalog.cattle.io/certified: partner
catalog.cattle.io/display-name: Codefresh
catalog.cattle.io/kube-version: '>=1.18-0'
catalog.cattle.io/release-name: ""
apiVersion: v2
dependencies:
- name: cf-common
repository: oci://quay.io/codefresh/charts
version: 0.21.0
description: A Helm chart for Codefresh Runner
home: https://codefresh.io/
icon: file://assets/icons/cf-runtime.png
keywords:
- codefresh
- runner
kubeVersion: '>=1.18-0'
maintainers:
- name: codefresh
url: https://codefresh-io.github.io/
name: cf-runtime
sources:
- https://github.com/codefresh-io/venona
version: 7.2.2

1289
charts/codefresh/cf-runtime/7.2.2/README.md Normal file
View File

File diff suppressed because it is too large Load Diff

1065
charts/codefresh/cf-runtime/7.2.2/README.md.gotmpl Normal file
View File

File diff suppressed because it is too large Load Diff

37
charts/codefresh/cf-runtime/7.2.2/files/cleanup-runtime.sh Normal file
View File

@ -0,0 +1,37 @@
#!/bin/bash
echo "-----"
echo "API_HOST: ${API_HOST}"
echo "AGENT_NAME: ${AGENT_NAME}"
echo "RUNTIME_NAME: ${RUNTIME_NAME}"
echo "AGENT: ${AGENT}"
echo "AGENT_SECRET_NAME: ${AGENT_SECRET_NAME}"
echo "DIND_SECRET_NAME: ${DIND_SECRET_NAME}"
echo "-----"
auth() {
codefresh auth create-context --api-key ${API_TOKEN} --url ${API_HOST}
}
remove_runtime() {
if [ "$AGENT" == "true" ]; then
codefresh delete re ${RUNTIME_NAME} || true
else
codefresh delete sys-re ${RUNTIME_NAME} || true
fi
}
remove_agent() {
codefresh delete agent ${AGENT_NAME} || true
}
remove_secrets() {
kubectl patch secret $(kubectl get secret -l codefresh.io/internal=true | awk 'NR>1{print $1}' | xargs) -p '{"metadata":{"finalizers":null}}' --type=merge || true
kubectl delete secret $AGENT_SECRET_NAME || true
kubectl delete secret $DIND_SECRET_NAME || true
}
auth
remove_runtime
remove_agent
remove_secrets

132
charts/codefresh/cf-runtime/7.2.2/files/configure-dind-certs.sh Normal file
View File

@ -0,0 +1,132 @@
#!/usr/bin/env bash
#
#---
fatal() {
echo "ERROR: $1"
exit 1
}
msg() { echo -e "\e[32mINFO ---> $1\e[0m"; }
err() { echo -e "\e[31mERR ---> $1\e[0m" ; return 1; }
exit_trap () {
local lc="$BASH_COMMAND" rc=$?
if [ $rc != 0 ]; then
if [[ -n "$SLEEP_ON_ERROR" ]]; then
echo -e "\nSLEEP_ON_ERROR is set - Sleeping to fix error"
sleep $SLEEP_ON_ERROR
fi
fi
}
trap exit_trap EXIT
usage() {
echo "Usage:
$0 [-n | --namespace] [--server-cert-cn] [--server-cert-extra-sans] codefresh-api-host codefresh-api-token
Example:
$0 -n workflow https://g.codefresh.io 21341234.423141234.412431234
"
}
# Args
while [[ $1 =~ ^(-(n|h)|--(namespace|server-cert-cn|server-cert-extra-sans|help)) ]]
do
key=$1
value=$2
case $key in
-h|--help)
usage
exit
;;
-n|--namespace)
NAMESPACE="$value"
shift
;;
--server-cert-cn)
SERVER_CERT_CN="$value"
shift
;;
--server-cert-extra-sans)
SERVER_CERT_EXTRA_SANS="$value"
shift
;;
esac
shift # past argument or value
done
API_HOST=${1:-"$CF_API_HOST"}
API_TOKEN=${2:-"$CF_API_TOKEN"}
[[ -z "$API_HOST" ]] && usage && fatal "Missing API_HOST"
[[ -z "$API_TOKEN" ]] && usage && fatal "Missing token"
API_SIGN_PATH=${API_SIGN_PATH:-"api/custom_clusters/signServerCerts"}
NAMESPACE=${NAMESPACE:-default}
RELEASE=${RELEASE:-cf-runtime}
DIR=$(dirname $0)
TMPDIR=/tmp/codefresh/
TMP_CERTS_FILE_ZIP=$TMPDIR/cf-certs.zip
TMP_CERTS_HEADERS_FILE=$TMPDIR/cf-certs-response-headers.txt
CERTS_DIR=$TMPDIR/ssl
SRV_TLS_CA_CERT=${CERTS_DIR}/ca.pem
SRV_TLS_KEY=${CERTS_DIR}/server-key.pem
SRV_TLS_CSR=${CERTS_DIR}/server-cert.csr
SRV_TLS_CERT=${CERTS_DIR}/server-cert.pem
CF_SRV_TLS_CERT=${CERTS_DIR}/cf-server-cert.pem
CF_SRV_TLS_CA_CERT=${CERTS_DIR}/cf-ca.pem
mkdir -p $TMPDIR $CERTS_DIR
K8S_CERT_SECRET_NAME=codefresh-certs-server
echo -e "\n------------------\nGenerating server tls certificates ... "
SERVER_CERT_CN=${SERVER_CERT_CN:-"docker.codefresh.io"}
SERVER_CERT_EXTRA_SANS="${SERVER_CERT_EXTRA_SANS}"
###
openssl genrsa -out $SRV_TLS_KEY 4096 || fatal "Failed to generate openssl key "
openssl req -subj "/CN=${SERVER_CERT_CN}" -new -key $SRV_TLS_KEY -out $SRV_TLS_CSR || fatal "Failed to generate openssl csr "
GENERATE_CERTS=true
CSR=$(sed ':a;N;$!ba;s/\n/\\n/g' ${SRV_TLS_CSR})
SERVER_CERT_SANS="IP:127.0.0.1,DNS:dind,DNS:*.dind.${NAMESPACE},DNS:*.dind.${NAMESPACE}.svc${KUBE_DOMAIN},DNS:*.cf-cd.com,DNS:*.codefresh.io"
if [[ -n "${SERVER_CERT_EXTRA_SANS}" ]]; then
SERVER_CERT_SANS=${SERVER_CERT_SANS},${SERVER_CERT_EXTRA_SANS}
fi
echo "{\"reqSubjectAltName\": \"${SERVER_CERT_SANS}\", \"csr\": \"${CSR}\" }" > ${TMPDIR}/sign_req.json
rm -fv ${TMP_CERTS_HEADERS_FILE} ${TMP_CERTS_FILE_ZIP}
SIGN_STATUS=$(curl -k -sSL -d @${TMPDIR}/sign_req.json -H "Content-Type: application/json" -H "Authorization: ${API_TOKEN}" -H "Expect: " \
-o ${TMP_CERTS_FILE_ZIP} -D ${TMP_CERTS_HEADERS_FILE} -w '%{http_code}' ${API_HOST}/${API_SIGN_PATH} )
echo "Sign request completed with HTTP_STATUS_CODE=$SIGN_STATUS"
if [[ $SIGN_STATUS != 200 ]]; then
echo "ERROR: Cannot sign certificates"
if [[ -f ${TMP_CERTS_FILE_ZIP} ]]; then
mv ${TMP_CERTS_FILE_ZIP} ${TMP_CERTS_FILE_ZIP}.error
cat ${TMP_CERTS_FILE_ZIP}.error
fi
exit 1
fi
unzip -o -d ${CERTS_DIR}/ ${TMP_CERTS_FILE_ZIP} || fatal "Failed to unzip certificates to ${CERTS_DIR} "
cp -v ${CF_SRV_TLS_CA_CERT} $SRV_TLS_CA_CERT || fatal "received ${TMP_CERTS_FILE_ZIP} does not contains ca.pem"
cp -v ${CF_SRV_TLS_CERT} $SRV_TLS_CERT || fatal "received ${TMP_CERTS_FILE_ZIP} does not contains cf-server-cert.pem"
echo -e "\n------------------\nCreating certificate secret "
kubectl -n $NAMESPACE create secret generic $K8S_CERT_SECRET_NAME \
--from-file=$SRV_TLS_CA_CERT \
--from-file=$SRV_TLS_KEY \
--from-file=$SRV_TLS_CERT \
--dry-run=client -o yaml | kubectl apply --overwrite -f -
kubectl -n $NAMESPACE label --overwrite secret ${K8S_CERT_SECRET_NAME} codefresh.io/internal=true
kubectl -n $NAMESPACE patch secret $K8S_CERT_SECRET_NAME -p '{"metadata": {"finalizers": ["kubernetes"]}}'

80
charts/codefresh/cf-runtime/7.2.2/files/init-runtime.sh Normal file
View File

@ -0,0 +1,80 @@
#!/bin/bash
echo "-----"
echo "API_HOST: ${API_HOST}"
echo "AGENT_NAME: ${AGENT_NAME}"
echo "KUBE_CONTEXT: ${KUBE_CONTEXT}"
echo "KUBE_NAMESPACE: ${KUBE_NAMESPACE}"
echo "OWNER_NAME: ${OWNER_NAME}"
echo "RUNTIME_NAME: ${RUNTIME_NAME}"
echo "SECRET_NAME: ${SECRET_NAME}"
echo "-----"
create_agent_secret() {
kubectl apply -f - <<EOF
apiVersion: v1
kind: Secret
type: Opaque
metadata:
name: ${SECRET_NAME}
namespace: ${KUBE_NAMESPACE}
labels:
codefresh.io/internal: "true"
finalizers:
- kubernetes
ownerReferences:
- apiVersion: apps/v1
kind: Deploy
name: ${OWNER_NAME}
uid: ${OWNER_UID}
stringData:
agent-codefresh-token: ${1}
EOF
}
OWNER_UID=$(kubectl get deploy ${OWNER_NAME} --namespace ${KUBE_NAMESPACE} -o jsonpath='{.metadata.uid}')
echo "got owner uid: ${OWNER_UID}"
if [ ! -z "${AGENT_CODEFRESH_TOKEN}" ]; then
echo "-----"
echo "runtime and agent are already initialized"
echo "-----"
exit 0
fi
if [ ! -z "${EXISTING_AGENT_CODEFRESH_TOKEN}" ]; then
echo "using existing agentToken value"
create_agent_secret $EXISTING_AGENT_CODEFRESH_TOKEN
exit 0
fi
if [ -z "${USER_CODEFRESH_TOKEN}" ]; then
echo "-----"
echo "missing codefresh user token. must supply \".global.codefreshToken\" if agent-codefresh-token does not exist"
echo "-----"
exit 1
fi
codefresh auth create-context --api-key ${USER_CODEFRESH_TOKEN} --url ${API_HOST}
# AGENT_TOKEN might be empty, in which case it will be returned by the call
RES=$(codefresh install agent \
--name ${AGENT_NAME} \
--kube-context-name ${KUBE_CONTEXT} \
--kube-namespace ${KUBE_NAMESPACE} \
--agent-kube-namespace ${KUBE_NAMESPACE} \
--install-runtime \
--runtime-name ${RUNTIME_NAME} \
--skip-cluster-creation \
--platform-only)
AGENT_CODEFRESH_TOKEN=$(echo "${RES}" | tail -n 1)
echo "generated agent + runtime in platform"
create_agent_secret $AGENT_CODEFRESH_TOKEN
echo "-----"
echo "done initializing runtime and agent"
echo "-----"

38
charts/codefresh/cf-runtime/7.2.2/files/reconcile-runtime.sh Normal file
View File

@ -0,0 +1,38 @@
#!/bin/bash
echo "-----"
echo "API_HOST: ${API_HOST}"
echo "KUBE_CONTEXT: ${KUBE_CONTEXT}"
echo "KUBE_NAMESPACE: ${KUBE_NAMESPACE}"
echo "OWNER_NAME: ${OWNER_NAME}"
echo "RUNTIME_NAME: ${RUNTIME_NAME}"
echo "CONFIGMAP_NAME: ${CONFIGMAP_NAME}"
echo "RECONCILE_INTERVAL: ${RECONCILE_INTERVAL}"
echo "-----"
msg() { echo -e "\e[32mINFO ---> $1\e[0m"; }
err() { echo -e "\e[31mERR ---> $1\e[0m" ; return 1; }
if [ -z "${USER_CODEFRESH_TOKEN}" ]; then
err "missing codefresh user token. must supply \".global.codefreshToken\" if agent-codefresh-token does not exist"
exit 1
fi
codefresh auth create-context --api-key ${USER_CODEFRESH_TOKEN} --url ${API_HOST}
while true; do
msg "Reconciling ${RUNTIME_NAME} runtime"
sleep $RECONCILE_INTERVAL
codefresh get re \
--name ${RUNTIME_NAME} \
-o yaml \
| yq 'del(.version, .metadata.changedBy, .metadata.creationTime)' > /tmp/runtime.yaml
kubectl get cm ${CONFIGMAP_NAME} -n ${KUBE_NAMESPACE} -o yaml \
| yq 'del(.metadata.resourceVersion, .metadata.uid)' \
| yq eval '.data["runtime.yaml"] = load_str("/tmp/runtime.yaml")' \
| kubectl apply -f -
done

70
charts/codefresh/cf-runtime/7.2.2/templates/_components/app-proxy/_deployment.yaml Normal file
View File

@ -0,0 +1,70 @@
{{- define "app-proxy.resources.deployment" -}}
{{ $cfCommonTplSemver := printf "cf-common-%s" (index .Subcharts "cf-common").Chart.Version }}
apiVersion: apps/v1
kind: Deployment
metadata:
name: {{ include "app-proxy.fullname" . }}
labels:
{{- include "app-proxy.labels" . | nindent 4 }}
spec:
replicas: {{ .Values.replicasCount }}
strategy:
type: {{ .Values.updateStrategy.type }}
selector:
matchLabels:
{{- include "app-proxy.selectorLabels" . | nindent 6 }}
template:
metadata:
labels:
{{- include "app-proxy.selectorLabels" . | nindent 8 }}
{{- with .Values.podAnnotations }}
annotations:
{{- toYaml . | nindent 8 }}
{{- end }}
spec:
{{- include (printf "%s.image.pullSecrets" $cfCommonTplSemver ) . | nindent 8 }}
serviceAccountName: {{ include "app-proxy.serviceAccountName" . }}
{{- if .Values.podSecurityContext.enabled }}
securityContext: {{- omit .Values.podSecurityContext "enabled" | toYaml | nindent 8 }}
{{- end }}
containers:
- name: app-proxy
image: {{ include (printf "%s.image.name" $cfCommonTplSemver ) (dict "image" .Values.image "context" .) }}
imagePullPolicy: {{ .Values.image.pullPolicy | default "Always" }}
env:
{{- include "app-proxy.environment-variables" . | nindent 8 }}
ports:
- name: http
containerPort: 3000
readinessProbe:
initialDelaySeconds: {{ .Values.readinessProbe.initialDelaySeconds }}
periodSeconds: {{ .Values.readinessProbe.periodSeconds }}
timeoutSeconds: {{ .Values.readinessProbe.timeoutSeconds }}
successThreshold: {{ .Values.readinessProbe.successThreshold }}
failureThreshold: {{ .Values.readinessProbe.failureThreshold }}
httpGet:
path: /health
port: http
resources:
{{- toYaml .Values.resources | nindent 12 }}
volumeMounts:
{{- with .Values.extraVolumeMounts }}
{{- toYaml . | nindent 8 }}
{{- end }}
{{- with .Values.nodeSelector }}
nodeSelector:
{{- toYaml . | nindent 8 }}
{{- end }}
{{- with .Values.affinity }}
affinity:
{{- toYaml . | nindent 8 }}
{{- end }}
{{- with .Values.tolerations }}
tolerations:
{{- toYaml . | nindent 6 }}
{{- end }}
volumes:
{{- with .Values.extraVolumes }}
{{- toYaml . | nindent 6 }}
{{- end }}
{{- end -}}

19
charts/codefresh/cf-runtime/7.2.2/templates/_components/app-proxy/_env-vars.yaml Normal file
View File

@ -0,0 +1,19 @@
{{- define "app-proxy.environment-variables.defaults" }}
PORT: 3000
{{- end }}
{{- define "app-proxy.environment-variables.calculated" }}
CODEFRESH_HOST: {{ include "runtime.runtime-environment-spec.codefresh-host" . }}
{{- with .Values.ingress.pathPrefix }}
API_PATH_PREFIX: {{ . | quote }}
{{- end }}
{{- end }}
{{- define "app-proxy.environment-variables" }}
{{- $cfCommonTplSemver := printf "cf-common-%s" (index .Subcharts "cf-common").Chart.Version }}
{{- $defaults := (include "app-proxy.environment-variables.defaults" . | fromYaml) }}
{{- $calculated := (include "app-proxy.environment-variables.calculated" . | fromYaml) }}
{{- $overrides := .Values.env }}
{{- $mergedValues := mergeOverwrite (merge $defaults $calculated) $overrides }}
{{- include (printf "%s.env-vars" $cfCommonTplSemver) (dict "Values" $mergedValues "context" .) }}
{{- end }}

43
charts/codefresh/cf-runtime/7.2.2/templates/_components/app-proxy/_helpers.tpl Normal file
View File

@ -0,0 +1,43 @@
{{/*
Expand the name of the chart.
*/}}
{{- define "app-proxy.name" -}}
{{- printf "%s-%s" (include "cf-runtime.name" .) "app-proxy" | trunc 63 | trimSuffix "-" }}
{{- end }}
{{/*
Create a default fully qualified app name.
We truncate at 63 chars because some Kubernetes name fields are limited to this (by the DNS naming spec).
If release name contains chart name it will be used as a full name.
*/}}
{{- define "app-proxy.fullname" -}}
{{- printf "%s-%s" (include "cf-runtime.fullname" .) "app-proxy" | trunc 63 | trimSuffix "-" }}
{{- end }}
{{/*
Common labels
*/}}
{{- define "app-proxy.labels" -}}
{{ include "cf-runtime.labels" . }}
codefresh.io/application: app-proxy
{{- end }}
{{/*
Selector labels
*/}}
{{- define "app-proxy.selectorLabels" -}}
{{ include "cf-runtime.selectorLabels" . }}
codefresh.io/application: app-proxy
{{- end }}
{{/*
Create the name of the service account to use
*/}}
{{- define "app-proxy.serviceAccountName" -}}
{{- if .Values.serviceAccount.create }}
{{- default (include "app-proxy.fullname" .) .Values.serviceAccount.name }}
{{- else }}
{{- default "default" .Values.serviceAccount.name }}
{{- end }}
{{- end }}

32
charts/codefresh/cf-runtime/7.2.2/templates/_components/app-proxy/_ingress.yaml Normal file
View File

@ -0,0 +1,32 @@
{{- define "app-proxy.resources.ingress" -}}
apiVersion: networking.k8s.io/v1
kind: Ingress
metadata:
name: {{ include "app-proxy.fullname" . }}
labels: {{- include "app-proxy.labels" . | nindent 4 }}
{{- with .Values.ingress.annotations }}
annotations:
{{- toYaml . | nindent 4 }}
{{- end }}
spec:
{{- if and .Values.ingress.class (semverCompare ">=1.18-0" .Capabilities.KubeVersion.GitVersion) }}
ingressClassName: {{ .Values.ingress.class }}
{{- end }}
{{- if .Values.ingress.tlsSecret }}
tls:
- hosts:
- {{ .Values.ingress.host }}
secretName: {{ .Values.tlsSecret }}
{{- end }}
rules:
- host: {{ .Values.ingress.host }}
http:
paths:
- path: {{ .Values.ingress.pathPrefix | default "/" }}
pathType: ImplementationSpecific
backend:
service:
name: {{ include "app-proxy.fullname" . }}
port:
number: 80
{{- end -}}

47
charts/codefresh/cf-runtime/7.2.2/templates/_components/app-proxy/_rbac.yaml Normal file
View File

@ -0,0 +1,47 @@
{{- define "app-proxy.resources.rbac" -}}
{{- if .Values.serviceAccount.create }}
apiVersion: v1
kind: ServiceAccount
metadata:
name: {{ include "app-proxy.serviceAccountName" . }}
labels:
{{- include "app-proxy.labels" . | nindent 4 }}
{{- with .Values.serviceAccount.annotations }}
annotations:
{{- toYaml . | nindent 4 }}
{{- end }}
{{- end }}
---
{{- if .Values.rbac.create }}
kind: {{ .Values.rbac.namespaced | ternary "Role" "ClusterRole" }}
apiVersion: rbac.authorization.k8s.io/v1
metadata:
name: {{ include "app-proxy.fullname" . }}
labels:
{{- include "app-proxy.labels" . | nindent 4 }}
rules:
- apiGroups: [ "" ]
resources: [ "secrets" ]
verbs: [ "get" ]
{{- with .Values.rbac.rules }}
{{ toYaml . | nindent 2 }}
{{- end }}
{{- end }}
---
{{- if and .Values.serviceAccount.create .Values.rbac.create }}
kind: {{ .Values.rbac.namespaced | ternary "RoleBinding" "ClusterRoleBinding" }}
apiVersion: rbac.authorization.k8s.io/v1
metadata:
name: {{ include "app-proxy.fullname" . }}
labels:
{{- include "app-proxy.labels" . | nindent 4 }}
subjects:
- kind: ServiceAccount
name: {{ include "app-proxy.serviceAccountName" . }}
namespace: {{ .Release.Namespace }}
roleRef:
kind: Role
name: {{ include "app-proxy.fullname" . }}
apiGroup: rbac.authorization.k8s.io
{{- end }}
{{- end -}}

17
charts/codefresh/cf-runtime/7.2.2/templates/_components/app-proxy/_service.yaml Normal file
View File

@ -0,0 +1,17 @@
{{- define "app-proxy.resources.service" -}}
apiVersion: v1
kind: Service
metadata:
name: {{ include "app-proxy.fullname" . }}
labels:
{{- include "app-proxy.labels" . | nindent 4 }}
spec:
type: ClusterIP
ports:
- name: http
port: 80
protocol: TCP
targetPort: 3000
selector:
{{- include "app-proxy.selectorLabels" . | nindent 4 }}
{{- end -}}

62
charts/codefresh/cf-runtime/7.2.2/templates/_components/event-exporter/_deployment.yaml Normal file
View File

@ -0,0 +1,62 @@
{{- define "event-exporter.resources.deployment" -}}
{{ $cfCommonTplSemver := printf "cf-common-%s" (index .Subcharts "cf-common").Chart.Version }}
apiVersion: apps/v1
kind: Deployment
metadata:
name: {{ include "event-exporter.fullname" . }}
labels:
{{- include "event-exporter.labels" . | nindent 4 }}
spec:
replicas: {{ .Values.replicasCount }}
strategy:
type: {{ .Values.updateStrategy.type }}
selector:
matchLabels:
{{- include "event-exporter.selectorLabels" . | nindent 6 }}
template:
metadata:
labels:
{{- include "event-exporter.selectorLabels" . | nindent 8 }}
{{- with .Values.podAnnotations }}
annotations:
{{- toYaml . | nindent 8 }}
{{- end }}
spec:
{{- include (printf "%s.image.pullSecrets" $cfCommonTplSemver ) . | nindent 8 }}
serviceAccountName: {{ include "event-exporter.serviceAccountName" . }}
{{- if .Values.podSecurityContext.enabled }}
securityContext: {{- omit .Values.podSecurityContext "enabled" | toYaml | nindent 8 }}
{{- end }}
containers:
- name: event-exporter
image: {{ include (printf "%s.image.name" $cfCommonTplSemver ) (dict "image" .Values.image "context" .) }}
imagePullPolicy: {{ .Values.image.pullPolicy | default "Always" }}
args: [--running-in-cluster=true]
env:
{{- include "event-exporter.environment-variables" . | nindent 8 }}
ports:
- name: metrics
containerPort: 9102
resources:
{{- toYaml .Values.resources | nindent 12 }}
volumeMounts:
{{- with .Values.extraVolumeMounts }}
{{- toYaml . | nindent 8 }}
{{- end }}
{{- with .Values.nodeSelector }}
nodeSelector:
{{- toYaml . | nindent 8 }}
{{- end }}
{{- with .Values.affinity }}
affinity:
{{- toYaml . | nindent 8 }}
{{- end }}
{{- with .Values.tolerations }}
tolerations:
{{- toYaml . | nindent 6 }}
{{- end }}
volumes:
{{- with .Values.extraVolumes }}
{{- toYaml . | nindent 6 }}
{{- end }}
{{- end -}}

14
charts/codefresh/cf-runtime/7.2.2/templates/_components/event-exporter/_env-vars.yaml Normal file
View File

@ -0,0 +1,14 @@
{{- define "event-exporter.environment-variables.defaults" }}
{{- end }}
{{- define "event-exporter.environment-variables.calculated" }}
{{- end }}
{{- define "event-exporter.environment-variables" }}
{{- $cfCommonTplSemver := printf "cf-common-%s" (index .Subcharts "cf-common").Chart.Version }}
{{- $defaults := (include "event-exporter.environment-variables.defaults" . | fromYaml) }}
{{- $calculated := (include "event-exporter.environment-variables.calculated" . | fromYaml) }}
{{- $overrides := .Values.env }}
{{- $mergedValues := mergeOverwrite (merge $defaults $calculated) $overrides }}
{{- include (printf "%s.env-vars" $cfCommonTplSemver) (dict "Values" $mergedValues "context" .) }}
{{- end }}

43
charts/codefresh/cf-runtime/7.2.2/templates/_components/event-exporter/_helpers.tpl Normal file
View File

@ -0,0 +1,43 @@
{{/*
Expand the name of the chart.
*/}}
{{- define "event-exporter.name" -}}
{{- printf "%s-%s" (include "cf-runtime.name" .) "event-exporter" | trunc 63 | trimSuffix "-" }}
{{- end }}
{{/*
Create a default fully qualified app name.
We truncate at 63 chars because some Kubernetes name fields are limited to this (by the DNS naming spec).
If release name contains chart name it will be used as a full name.
*/}}
{{- define "event-exporter.fullname" -}}
{{- printf "%s-%s" (include "cf-runtime.fullname" .) "event-exporter" | trunc 63 | trimSuffix "-" }}
{{- end }}
{{/*
Common labels
*/}}
{{- define "event-exporter.labels" -}}
{{ include "cf-runtime.labels" . }}
app: event-exporter
{{- end }}
{{/*
Selector labels
*/}}
{{- define "event-exporter.selectorLabels" -}}
{{ include "cf-runtime.selectorLabels" . }}
app: event-exporter
{{- end }}
{{/*
Create the name of the service account to use
*/}}
{{- define "event-exporter.serviceAccountName" -}}
{{- if .Values.serviceAccount.create }}
{{- default (include "event-exporter.fullname" .) .Values.serviceAccount.name }}
{{- else }}
{{- default "default" .Values.serviceAccount.name }}
{{- end }}
{{- end }}

47
charts/codefresh/cf-runtime/7.2.2/templates/_components/event-exporter/_rbac.yaml Normal file
View File

@ -0,0 +1,47 @@
{{- define "event-exporter.resources.rbac" -}}
{{- if .Values.serviceAccount.create }}
apiVersion: v1
kind: ServiceAccount
metadata:
name: {{ include "event-exporter.serviceAccountName" . }}
labels:
{{- include "event-exporter.labels" . | nindent 4 }}
{{- with .Values.serviceAccount.annotations }}
annotations:
{{- toYaml . | nindent 4 }}
{{- end }}
{{- end }}
---
{{- if .Values.rbac.create }}
kind: ClusterRole
apiVersion: rbac.authorization.k8s.io/v1
metadata:
name: {{ include "event-exporter.fullname" . }}
labels:
{{- include "event-exporter.labels" . | nindent 4 }}
rules:
- apiGroups: [""]
resources: [events]
verbs: [get, list, watch]
{{- with .Values.rbac.rules }}
{{ toYaml . | nindent 2 }}
{{- end }}
{{- end }}
---
{{- if and .Values.serviceAccount.create .Values.rbac.create }}
kind: ClusterRoleBinding
apiVersion: rbac.authorization.k8s.io/v1
metadata:
name: {{ include "event-exporter.fullname" . }}
labels:
{{- include "event-exporter.labels" . | nindent 4 }}
subjects:
- kind: ServiceAccount
name: {{ include "event-exporter.serviceAccountName" . }}
namespace: {{ .Release.Namespace }}
roleRef:
kind: ClusterRole
name: {{ include "event-exporter.fullname" . }}
apiGroup: rbac.authorization.k8s.io
{{- end }}
{{- end -}}

17
charts/codefresh/cf-runtime/7.2.2/templates/_components/event-exporter/_service.yaml Normal file
View File

@ -0,0 +1,17 @@
{{- define "event-exporter.resources.service" -}}
apiVersion: v1
kind: Service
metadata:
name: {{ include "event-exporter.fullname" . }}
labels:
{{- include "event-exporter.labels" . | nindent 4 }}
spec:
type: ClusterIP
ports:
- name: metrics
port: 9102
targetPort: metrics
protocol: TCP
selector:
{{- include "event-exporter.selectorLabels" . | nindent 4 }}
{{- end -}}

14
charts/codefresh/cf-runtime/7.2.2/templates/_components/event-exporter/_serviceMontor.yaml Normal file
View File

@ -0,0 +1,14 @@
{{- define "event-exporter.resources.serviceMonitor" -}}
apiVersion: monitoring.coreos.com/v1
kind: ServiceMonitor
metadata:
name: {{ include "event-exporter.fullname" . }}
labels:
{{- include "event-exporter.labels" . | nindent 4 }}
spec:
endpoints:
- port: metrics
selector:
matchLabels:
{{- include "event-exporter.selectorLabels" . | nindent 6 }}
{{- end -}}

70
charts/codefresh/cf-runtime/7.2.2/templates/_components/monitor/_deployment.yaml Normal file
View File

@ -0,0 +1,70 @@
{{- define "monitor.resources.deployment" -}}
{{ $cfCommonTplSemver := printf "cf-common-%s" (index .Subcharts "cf-common").Chart.Version }}
apiVersion: apps/v1
kind: Deployment
metadata:
name: {{ include "monitor.fullname" . }}
labels:
{{- include "monitor.labels" . | nindent 4 }}
spec:
replicas: {{ .Values.replicasCount }}
strategy:
type: {{ .Values.updateStrategy.type }}
selector:
matchLabels:
{{- include "monitor.selectorLabels" . | nindent 6 }}
template:
metadata:
labels:
{{- include "monitor.selectorLabels" . | nindent 8 }}
{{- with .Values.podAnnotations }}
annotations:
{{- toYaml . | nindent 8 }}
{{- end }}
spec:
{{- include (printf "%s.image.pullSecrets" $cfCommonTplSemver ) . | nindent 8 }}
serviceAccountName: {{ include "monitor.serviceAccountName" . }}
{{- if .Values.podSecurityContext.enabled }}
securityContext: {{- omit .Values.podSecurityContext "enabled" | toYaml | nindent 8 }}
{{- end }}
containers:
- name: monitor
image: {{ include (printf "%s.image.name" $cfCommonTplSemver ) (dict "image" .Values.image "context" .) }}
imagePullPolicy: {{ .Values.image.pullPolicy | default "Always" }}
env:
{{- include "monitor.environment-variables" . | nindent 8 }}
ports:
- name: http
containerPort: 9020
readinessProbe:
initialDelaySeconds: {{ .Values.readinessProbe.initialDelaySeconds }}
periodSeconds: {{ .Values.readinessProbe.periodSeconds }}
timeoutSeconds: {{ .Values.readinessProbe.timeoutSeconds }}
successThreshold: {{ .Values.readinessProbe.successThreshold }}
failureThreshold: {{ .Values.readinessProbe.failureThreshold }}
httpGet:
path: /api/ping
port: 9020
resources:
{{- toYaml .Values.resources | nindent 12 }}
volumeMounts:
{{- with .Values.extraVolumeMounts }}
{{- toYaml . | nindent 8 }}
{{- end }}
{{- with .Values.nodeSelector }}
nodeSelector:
{{- toYaml . | nindent 8 }}
{{- end }}
{{- with .Values.affinity }}
affinity:
{{- toYaml . | nindent 8 }}
{{- end }}
{{- with .Values.tolerations }}
tolerations:
{{- toYaml . | nindent 6 }}
{{- end }}
volumes:
{{- with .Values.extraVolumes }}
{{- toYaml . | nindent 6 }}
{{- end }}
{{- end -}}

26
charts/codefresh/cf-runtime/7.2.2/templates/_components/monitor/_env-vars.yaml Normal file
View File

@ -0,0 +1,26 @@
{{- define "monitor.environment-variables.defaults" }}
SERVICE_NAME: {{ include "monitor.fullname" . }}
PORT: 9020
HELM3: true
NODE_OPTIONS: "--max_old_space_size=4096"
{{- end }}
{{- define "monitor.environment-variables.calculated" }}
API_TOKEN: {{ include "runtime.installation-token-env-var-value" . | nindent 2 }}
CLUSTER_ID: {{ include "runtime.runtime-environment-spec.context-name" . }}
API_URL: {{ include "runtime.runtime-environment-spec.codefresh-host" . }}/api/k8s-monitor/events
ACCOUNT_ID: {{ .Values.global.accountId }}
NAMESPACE: {{ .Release.Namespace }}
{{- if .Values.rbac.namespaced }}
ROLE_BINDING: true
{{- end }}
{{- end }}
{{- define "monitor.environment-variables" }}
{{- $cfCommonTplSemver := printf "cf-common-%s" (index .Subcharts "cf-common").Chart.Version }}
{{- $defaults := (include "monitor.environment-variables.defaults" . | fromYaml) }}
{{- $calculated := (include "monitor.environment-variables.calculated" . | fromYaml) }}
{{- $overrides := .Values.env }}
{{- $mergedValues := mergeOverwrite (merge $defaults $calculated) $overrides }}
{{- include (printf "%s.env-vars" $cfCommonTplSemver) (dict "Values" $mergedValues "context" .) }}
{{- end }}

42
charts/codefresh/cf-runtime/7.2.2/templates/_components/monitor/_helpers.tpl Normal file
View File

@ -0,0 +1,42 @@
{{/*
Expand the name of the chart.
*/}}
{{- define "monitor.name" -}}
{{- printf "%s-%s" (include "cf-runtime.name" .) "monitor" | trunc 63 | trimSuffix "-" }}
{{- end }}
{{/*
Create a default fully qualified app name.
We truncate at 63 chars because some Kubernetes name fields are limited to this (by the DNS naming spec).
If release name contains chart name it will be used as a full name.
*/}}
{{- define "monitor.fullname" -}}
{{- printf "%s-%s" (include "cf-runtime.fullname" .) "monitor" | trunc 63 | trimSuffix "-" }}
{{- end }}
{{/*
Common labels
*/}}
{{- define "monitor.labels" -}}
{{ include "cf-runtime.labels" . }}
codefresh.io/application: monitor
{{- end }}
{{/*
Selector labels
*/}}
{{- define "monitor.selectorLabels" -}}
{{ include "cf-runtime.selectorLabels" . }}
codefresh.io/application: monitor
{{- end }}
{{/*
Create the name of the service account to use
*/}}
{{- define "monitor.serviceAccountName" -}}
{{- if .Values.serviceAccount.create }}
{{- default (include "monitor.fullname" .) .Values.serviceAccount.name }}
{{- else }}
{{- default "default" .Values.serviceAccount.name }}
{{- end }}
{{- end }}

56
charts/codefresh/cf-runtime/7.2.2/templates/_components/monitor/_rbac.yaml Normal file
View File

@ -0,0 +1,56 @@
{{- define "monitor.resources.rbac" -}}
{{- if .Values.serviceAccount.create }}
apiVersion: v1
kind: ServiceAccount
metadata:
name: {{ include "monitor.serviceAccountName" . }}
labels:
{{- include "monitor.labels" . | nindent 4 }}
{{- with .Values.serviceAccount.annotations }}
annotations:
{{- toYaml . | nindent 4 }}
{{- end }}
{{- end }}
---
{{- if .Values.rbac.create }}
kind: {{ .Values.rbac.namespaced | ternary "Role" "ClusterRole" }}
apiVersion: rbac.authorization.k8s.io/v1
metadata:
name: {{ include "monitor.fullname" . }}
labels:
{{- include "monitor.labels" . | nindent 4 }}
rules:
- apiGroups: [ "" ]
resources: [ "*" ]
verbs: [ "get", "list", "watch", "create", "delete" ]
- apiGroups: [ "" ]
resources: [ "pods" ]
verbs: [ "get", "list", "watch", "create", "deletecollection" ]
- apiGroups: [ "extensions" ]
resources: [ "*" ]
verbs: [ "get", "list", "watch" ]
- apiGroups: [ "apps" ]
resources: [ "*" ]
verbs: [ "get", "list", "watch" ]
{{- with .Values.rbac.rules }}
{{ toYaml . | nindent 2 }}
{{- end }}
{{- end }}
---
{{- if and .Values.serviceAccount.create .Values.rbac.create }}
kind: {{ .Values.rbac.namespaced | ternary "RoleBinding" "ClusterRoleBinding" }}
apiVersion: rbac.authorization.k8s.io/v1
metadata:
name: {{ include "monitor.fullname" . }}
labels:
{{- include "monitor.labels" . | nindent 4 }}
subjects:
- kind: ServiceAccount
name: {{ include "monitor.serviceAccountName" . }}
namespace: {{ .Release.Namespace }}
roleRef:
kind: {{ .Values.rbac.namespaced | ternary "Role" "ClusterRole" }}
name: {{ include "monitor.fullname" . }}
apiGroup: rbac.authorization.k8s.io
{{- end }}
{{- end -}}

17
charts/codefresh/cf-runtime/7.2.2/templates/_components/monitor/_service.yaml Normal file
View File

@ -0,0 +1,17 @@
{{- define "monitor.resources.service" -}}
apiVersion: v1
kind: Service
metadata:
name: {{ include "monitor.fullname" . }}
labels:
{{- include "monitor.labels" . | nindent 4 }}
spec:
type: ClusterIP
ports:
- name: http
port: 80
protocol: TCP
targetPort: 9020
selector:
{{- include "monitor.selectorLabels" . | nindent 4 }}
{{- end -}}

103
charts/codefresh/cf-runtime/7.2.2/templates/_components/runner/_deployment.yaml Normal file
View File

@ -0,0 +1,103 @@
{{- define "runner.resources.deployment" -}}
{{ $cfCommonTplSemver := printf "cf-common-%s" (index .Subcharts "cf-common").Chart.Version }}
apiVersion: apps/v1
kind: Deployment
metadata:
name: {{ include "runner.fullname" . }}
labels:
{{- include "runner.labels" . | nindent 4 }}
spec:
replicas: {{ .Values.replicasCount }}
strategy:
type: {{ .Values.updateStrategy.type }}
selector:
matchLabels:
{{- include "runner.selectorLabels" . | nindent 6 }}
template:
metadata:
labels:
{{- include "runner.selectorLabels" . | nindent 8 }}
{{- with .Values.podAnnotations }}
annotations:
{{- toYaml . | nindent 8 }}
{{- end }}
spec:
{{- include (printf "%s.image.pullSecrets" $cfCommonTplSemver ) . | nindent 8 }}
serviceAccountName: {{ include "runner.serviceAccountName" . }}
{{- if .Values.podSecurityContext.enabled }}
securityContext: {{- omit .Values.podSecurityContext "enabled" | toYaml | nindent 8 }}
{{- end }}
initContainers:
- name: init
image: {{ include (printf "%s.image.name" $cfCommonTplSemver ) (dict "image" .Values.init.image "context" .) }}
imagePullPolicy: {{ .Values.init.image.pullPolicy | default "IfNotPresent" }}
command:
- /bin/bash
args:
- -ec
- | {{ .Files.Get "files/init-runtime.sh" | nindent 10 }}
env:
{{- include "runner-init.environment-variables" . | nindent 8 }}
{{- with .Values.init.resources }}
resources:
{{- toYaml . | nindent 10 }}
{{- end }}
containers:
- name: runner
image: {{ include (printf "%s.image.name" $cfCommonTplSemver ) (dict "image" .Values.image "context" .) }}
imagePullPolicy: {{ .Values.image.pullPolicy | default "IfNotPresent" }}
env:
{{- include "runner.environment-variables" . | nindent 8 }}
ports:
- name: http
containerPort: 8080
readinessProbe:
initialDelaySeconds: {{ .Values.readinessProbe.initialDelaySeconds }}
periodSeconds: {{ .Values.readinessProbe.periodSeconds }}
timeoutSeconds: {{ .Values.readinessProbe.timeoutSeconds }}
successThreshold: {{ .Values.readinessProbe.successThreshold }}
failureThreshold: {{ .Values.readinessProbe.failureThreshold }}
httpGet:
path: /health
port: http
{{- with .Values.resources }}
resources:
{{- toYaml . | nindent 10 }}
{{- end }}
{{- with .Values.extraVolumeMounts }}
volumeMounts:
{{- toYaml . | nindent 8 }}
{{- end }}
{{- if .Values.sidecar.enabled }}
- name: reconcile-runtime
image: {{ include (printf "%s.image.name" $cfCommonTplSemver ) (dict "image" .Values.sidecar.image "context" .) }}
imagePullPolicy: {{ .Values.sidecar.image.pullPolicy | default "IfNotPresent" }}
command:
- /bin/bash
args:
- -ec
- | {{ .Files.Get "files/reconcile-runtime.sh" | nindent 10 }}
env:
{{- include "runner-sidecar.environment-variables" . | nindent 8 }}
{{- with .Values.sidecar.resources }}
resources:
{{- toYaml . | nindent 10 }}
{{- end }}
{{- end }}
{{- with .Values.nodeSelector }}
nodeSelector:
{{- toYaml . | nindent 8 }}
{{- end }}
{{- with .Values.affinity }}
affinity:
{{- toYaml . | nindent 8 }}
{{- end }}
{{- with .Values.tolerations }}
tolerations:
{{- toYaml . | nindent 6 }}
{{- end }}
{{- with .Values.extraVolumes }}
volumes:
{{- toYaml . | nindent 6 }}
{{- end }}
{{- end -}}

42
charts/codefresh/cf-runtime/7.2.2/templates/_components/runner/_helpers.tpl Normal file
View File

@ -0,0 +1,42 @@
{{/*
Expand the name of the chart.
*/}}
{{- define "runner.name" -}}
{{- printf "%s-%s" (include "cf-runtime.name" .) "runner" | trunc 63 | trimSuffix "-" }}
{{- end }}
{{/*
Create a default fully qualified app name.
We truncate at 63 chars because some Kubernetes name fields are limited to this (by the DNS naming spec).
If release name contains chart name it will be used as a full name.
*/}}
{{- define "runner.fullname" -}}
{{- printf "%s-%s" (include "cf-runtime.fullname" .) "runner" | trunc 63 | trimSuffix "-" }}
{{- end }}
{{/*
Common labels
*/}}
{{- define "runner.labels" -}}
{{ include "cf-runtime.labels" . }}
codefresh.io/application: runner
{{- end }}
{{/*
Selector labels
*/}}
{{- define "runner.selectorLabels" -}}
{{ include "cf-runtime.selectorLabels" . }}
codefresh.io/application: runner
{{- end }}
{{/*
Create the name of the service account to use
*/}}
{{- define "runner.serviceAccountName" -}}
{{- if .Values.serviceAccount.create }}
{{- default (include "runner.fullname" .) .Values.serviceAccount.name }}
{{- else }}
{{- default "default" .Values.serviceAccount.name }}
{{- end }}
{{- end }}

53
charts/codefresh/cf-runtime/7.2.2/templates/_components/runner/_rbac.yaml Normal file
View File

@ -0,0 +1,53 @@
{{- define "runner.resources.rbac" -}}
{{- if .Values.serviceAccount.create }}
apiVersion: v1
kind: ServiceAccount
metadata:
name: {{ include "runner.serviceAccountName" . }}
labels:
{{- include "runner.labels" . | nindent 4 }}
{{- with .Values.serviceAccount.annotations }}
annotations:
{{- toYaml . | nindent 4 }}
{{- end }}
{{- end }}
---
{{- if .Values.rbac.create }}
kind: Role
apiVersion: rbac.authorization.k8s.io/v1
metadata:
name: {{ include "runner.fullname" . }}
labels:
{{- include "runner.labels" . | nindent 4 }}
rules:
- apiGroups: [ "" ]
resources: [ "pods", "persistentvolumeclaims" ]
verbs: [ "get", "create", "delete", patch ]
- apiGroups: [ "" ]
resources: [ "configmaps", "secrets" ]
verbs: [ "get", "create", "update", patch ]
- apiGroups: [ "apps" ]
resources: [ "deployments" ]
verbs: [ "get" ]
{{- with .Values.rbac.rules }}
{{ toYaml . | nindent 2 }}
{{- end }}
{{- end }}
---
{{- if and .Values.serviceAccount.create .Values.rbac.create }}
kind: RoleBinding
apiVersion: rbac.authorization.k8s.io/v1
metadata:
name: {{ include "runner.fullname" . }}
labels:
{{- include "runner.labels" . | nindent 4 }}
subjects:
- kind: ServiceAccount
name: {{ include "runner.serviceAccountName" . }}
namespace: {{ .Release.Namespace }}
roleRef:
kind: Role
name: {{ include "runner.fullname" . }}
apiGroup: rbac.authorization.k8s.io
{{- end }}
{{- end -}}

30
charts/codefresh/cf-runtime/7.2.2/templates/_components/runner/environment-variables/_init-container.yaml Normal file
View File

@ -0,0 +1,30 @@
{{- define "runner-init.environment-variables.defaults" }}
HOME: /tmp
{{- end }}
{{- define "runner-init.environment-variables.calculated" }}
AGENT_NAME: {{ include "runtime.runtime-environment-spec.agent-name" . }}
API_HOST: {{ include "runtime.runtime-environment-spec.codefresh-host" . }}
AGENT_CODEFRESH_TOKEN:
valueFrom:
secretKeyRef:
name: {{ include "runner.fullname" . }}
key: agent-codefresh-token
optional: true
EXISTING_AGENT_CODEFRESH_TOKEN: {{ include "runtime.agent-token-env-var-value" . | nindent 2 }}
KUBE_CONTEXT: {{ include "runtime.runtime-environment-spec.context-name" . }}
KUBE_NAMESPACE: {{ .Release.Namespace }}
OWNER_NAME: {{ include "runner.fullname" . }}
RUNTIME_NAME: {{ include "runtime.runtime-environment-spec.runtime-name" . }}
SECRET_NAME: {{ include "runner.fullname" . }}
USER_CODEFRESH_TOKEN: {{ include "runtime.installation-token-env-var-value" . | nindent 2 }}
{{- end }}
{{- define "runner-init.environment-variables" }}
{{- $cfCommonTplSemver := printf "cf-common-%s" (index .Subcharts "cf-common").Chart.Version }}
{{- $defaults := (include "runner-init.environment-variables.defaults" . | fromYaml) }}
{{- $calculated := (include "runner-init.environment-variables.calculated" . | fromYaml) }}
{{- $overrides := .Values.env }}
{{- $mergedValues := mergeOverwrite (merge $defaults $calculated) $overrides }}
{{- include (printf "%s.env-vars" $cfCommonTplSemver) (dict "Values" $mergedValues "context" .) }}
{{- end }}

29
charts/codefresh/cf-runtime/7.2.2/templates/_components/runner/environment-variables/_main-container.yaml Normal file
View File

@ -0,0 +1,29 @@
{{- define "runner.environment-variables.defaults" }}
AGENT_MODE: InCluster
SELF_DEPLOYMENT_NAME:
valueFrom:
fieldRef:
fieldPath: metadata.name
{{- end }}
{{- define "runner.environment-variables.calculated" }}
AGENT_ID: {{ include "runtime.runtime-environment-spec.agent-name" . }}
CODEFRESH_HOST: {{ include "runtime.runtime-environment-spec.codefresh-host" . }}
CODEFRESH_IN_CLUSTER_RUNTIME: {{ include "runtime.runtime-environment-spec.runtime-name" . }}
CODEFRESH_TOKEN:
valueFrom:
secretKeyRef:
name: {{ include "runner.fullname" . }}
key: agent-codefresh-token
DOCKER_REGISTRY: {{ .Values.global.imageRegistry }}
RUNTIME_CHART_VERSION: {{ .Chart.Version }}
{{- end }}
{{- define "runner.environment-variables" }}
{{- $cfCommonTplSemver := printf "cf-common-%s" (index .Subcharts "cf-common").Chart.Version }}
{{- $defaults := (include "runner.environment-variables.defaults" . | fromYaml) }}
{{- $calculated := (include "runner.environment-variables.calculated" . | fromYaml) }}
{{- $overrides := .Values.env }}
{{- $mergedValues := mergeOverwrite (merge $defaults $calculated) $overrides }}
{{- include (printf "%s.env-vars" $cfCommonTplSemver) (dict "Values" $mergedValues "context" .) }}
{{- end }}

22
charts/codefresh/cf-runtime/7.2.2/templates/_components/runner/environment-variables/_sidecar-container.yaml Normal file
View File

@ -0,0 +1,22 @@
{{- define "runner-sidecar.environment-variables.defaults" }}
HOME: /tmp
{{- end }}
{{- define "runner-sidecar.environment-variables.calculated" }}
API_HOST: {{ include "runtime.runtime-environment-spec.codefresh-host" . }}
USER_CODEFRESH_TOKEN: {{ include "runtime.installation-token-env-var-value" . | nindent 2 }}
KUBE_CONTEXT: {{ include "runtime.runtime-environment-spec.context-name" . }}
KUBE_NAMESPACE: {{ .Release.Namespace }}
OWNER_NAME: {{ include "runner.fullname" . }}
RUNTIME_NAME: {{ include "runtime.runtime-environment-spec.runtime-name" . }}
CONFIGMAP_NAME: {{ printf "%s-%s" (include "runtime.fullname" .) "spec" }}
{{- end }}
{{- define "runner-sidecar.environment-variables" }}
{{- $cfCommonTplSemver := printf "cf-common-%s" (index .Subcharts "cf-common").Chart.Version }}
{{- $defaults := (include "runner-sidecar.environment-variables.defaults" . | fromYaml) }}
{{- $calculated := (include "runner-sidecar.environment-variables.calculated" . | fromYaml) }}
{{- $overrides := .Values.sidecar.env }}
{{- $mergedValues := mergeOverwrite (merge $defaults $calculated) $overrides }}
{{- include (printf "%s.env-vars" $cfCommonTplSemver) (dict "Values" $mergedValues "context" .) }}
{{- end }}

58
charts/codefresh/cf-runtime/7.2.2/templates/_components/volume-provisioner/_cronjob.yaml Normal file
View File

@ -0,0 +1,58 @@
{{- define "dind-volume-provisioner.resources.cronjob" -}}
{{ $cfCommonTplSemver := printf "cf-common-%s" (index .Subcharts "cf-common").Chart.Version }}
{{- if not (eq .Values.storage.backend "local") }}
apiVersion: batch/v1
kind: CronJob
metadata:
name: {{ include "dind-volume-cleanup.fullname" . }}
labels:
{{- include "dind-volume-cleanup.labels" . | nindent 4 }}
spec:
concurrencyPolicy: {{ .Values.concurrencyPolicy }}
schedule: {{ .Values.schedule | quote }}
successfulJobsHistoryLimit: {{ .Values.successfulJobsHistory }}
failedJobsHistoryLimit: {{ .Values.failedJobsHistory }}
{{- with .Values.suspend }}
suspend: {{ . }}
{{- end }}
jobTemplate:
spec:
template:
metadata:
labels:
{{- include "dind-volume-cleanup.selectorLabels" . | nindent 12 }}
{{- with .Values.podAnnotations }}
annotations:
{{- toYaml . | nindent 12 }}
{{- end }}
spec:
{{- include (printf "%s.image.pullSecrets" $cfCommonTplSemver ) . | nindent 10 }}
serviceAccountName: {{ include "dind-volume-provisioner.serviceAccountName" . }}
{{- if .Values.podSecurityContext.enabled }}
securityContext: {{- omit .Values.podSecurityContext "enabled" | toYaml | nindent 12 }}
{{- end }}
restartPolicy: {{ .Values.restartPolicy | default "Never" }}
containers:
- name: dind-volume-cleanup
image: {{ include (printf "%s.image.name" $cfCommonTplSemver ) (dict "image" .Values.image "context" .) }}
imagePullPolicy: {{ .Values.image.pullPolicy | default "Always" }}
env:
{{- include (printf "%s.env-vars" $cfCommonTplSemver) (dict "Values" .Values.env "context" .) | nindent 12 }}
- name: PROVISIONED_BY
value: {{ include "dind-volume-provisioner.volumeProvisionerName" . }}
resources:
{{- toYaml .Values.resources | nindent 14 }}
{{- with .Values.nodeSelector }}
nodeSelector:
{{- toYaml . | nindent 12 }}
{{- end }}
{{- with .Values.affinity }}
affinity:
{{- toYaml . | nindent 12 }}
{{- end }}
{{- with .Values.tolerations }}
tolerations:
{{- toYaml . | nindent 10 }}
{{- end }}
{{- end }}
{{- end -}}

98
charts/codefresh/cf-runtime/7.2.2/templates/_components/volume-provisioner/_daemonset.yaml Normal file
View File

@ -0,0 +1,98 @@
{{- define "dind-volume-provisioner.resources.daemonset" -}}
{{ $cfCommonTplSemver := printf "cf-common-%s" (index .Subcharts "cf-common").Chart.Version }}
{{ $localVolumeParentDir := .Values.storage.local.volumeParentDir }}
{{- if eq .Values.storage.backend "local" }}
---
apiVersion: apps/v1
kind: DaemonSet
metadata:
name: {{ include "dind-lv-monitor.fullname" . }}
labels:
{{- include "dind-lv-monitor.labels" . | nindent 4 }}
spec:
selector:
matchLabels:
{{- include "dind-lv-monitor.selectorLabels" . | nindent 6 }}
template:
metadata:
labels:
{{- include "dind-lv-monitor.selectorLabels" . | nindent 8 }}
{{- with .Values.podAnnotations }}
annotations:
{{- toYaml . | nindent 8 }}
{{- end }}
spec:
{{- include (printf "%s.image.pullSecrets" $cfCommonTplSemver ) . | nindent 8 }}
serviceAccountName: {{ include "dind-volume-provisioner.serviceAccountName" . }}
{{- if .Values.podSecurityContext.enabled }}
securityContext: {{- omit .Values.podSecurityContext "enabled" | toYaml | nindent 8 }}
{{- end }}
{{- if .Values.volumePermissions.enabled }}
initContainers:
- name: volume-permissions
image: {{ include (printf "%s.image.name" $cfCommonTplSemver ) (dict "image" .Values.volumePermissions.image "context" .) }}
imagePullPolicy: {{ .Values.volumePermissions.image.pullPolicy | default "Always" }}
command:
- /bin/sh
args:
- -ec
- |
chown -R {{ .Values.containerSecurityContext.runAsUser }}:{{ .Values.podSecurityContext.fsGroup }} {{ $localVolumeParentDir }}
volumeMounts:
- mountPath: {{ $localVolumeParentDir }}
name: dind-volume-dir
{{- if eq ( toString ( .Values.volumePermissions.securityContext.runAsUser )) "auto" }}
securityContext: {{- omit .Values.volumePermissions.securityContext "runAsUser" | toYaml | nindent 10 }}
{{- else }}
securityContext: {{- .Values.volumePermissions.securityContext | toYaml | nindent 10 }}
{{- end }}
resources:
{{- toYaml .Values.volumePermissions.resources | nindent 10 }}
{{- end }}
containers:
- name: dind-lv-monitor
image: {{ include (printf "%s.image.name" $cfCommonTplSemver ) (dict "image" .Values.image "context" .) }}
imagePullPolicy: {{ .Values.image.pullPolicy | default "Always" }}
{{- if .Values.containerSecurityContext.enabled }}
securityContext: {{- omit .Values.containerSecurityContext "enabled" | toYaml | nindent 10 }}
{{- end }}
command:
- /home/dind-volume-utils/bin/local-volumes-agent
env:
{{- include (printf "%s.env-vars" $cfCommonTplSemver) (dict "Values" .Values.env "context" .) | nindent 10 }}
- name: NODE_NAME
valueFrom:
fieldRef:
fieldPath: spec.nodeName
- name: VOLUME_PARENT_DIR
value: {{ $localVolumeParentDir }}
resources:
{{- toYaml .Values.resources | nindent 10 }}
volumeMounts:
- mountPath: {{ $localVolumeParentDir }}
readOnly: false
name: dind-volume-dir
{{- with .Values.extraVolumeMounts }}
{{- toYaml . | nindent 8 }}
{{- end }}
{{- with .Values.nodeSelector }}
nodeSelector:
{{- toYaml . | nindent 8 }}
{{- end }}
{{- with .Values.affinity }}
affinity:
{{- toYaml . | nindent 8 }}
{{- end }}
{{- with .Values.tolerations }}
tolerations:
{{- toYaml . | nindent 6 }}
{{- end }}
volumes:
- name: dind-volume-dir
hostPath:
path: {{ $localVolumeParentDir }}
{{- with .Values.extraVolumes }}
{{- toYaml . | nindent 6 }}
{{- end }}
{{- end }}
{{- end -}}

67
charts/codefresh/cf-runtime/7.2.2/templates/_components/volume-provisioner/_deployment.yaml Normal file
View File

@ -0,0 +1,67 @@
{{- define "dind-volume-provisioner.resources.deployment" -}}
{{ $cfCommonTplSemver := printf "cf-common-%s" (index .Subcharts "cf-common").Chart.Version }}
apiVersion: apps/v1
kind: Deployment
metadata:
name: {{ include "dind-volume-provisioner.fullname" . }}
labels:
{{- include "dind-volume-provisioner.labels" . | nindent 4 }}
spec:
replicas: {{ .Values.replicasCount }}
strategy:
type: {{ .Values.updateStrategy.type }}
selector:
matchLabels:
{{- include "dind-volume-provisioner.selectorLabels" . | nindent 6 }}
template:
metadata:
labels:
{{- include "dind-volume-provisioner.selectorLabels" . | nindent 8 }}
{{- with .Values.podAnnotations }}
annotations:
{{- toYaml . | nindent 8 }}
{{- end }}
spec:
{{- include (printf "%s.image.pullSecrets" $cfCommonTplSemver ) . | nindent 8 }}
serviceAccountName: {{ include "dind-volume-provisioner.serviceAccountName" . }}
{{- if .Values.podSecurityContext.enabled }}
securityContext: {{- omit .Values.podSecurityContext "enabled" | toYaml | nindent 8 }}
{{- end }}
containers:
- name: dind-volume-provisioner
image: {{ include (printf "%s.image.name" $cfCommonTplSemver ) (dict "image" .Values.image "context" .) }}
imagePullPolicy: {{ .Values.image.pullPolicy | default "Always" }}
command:
- /usr/local/bin/dind-volume-provisioner
- -v=4
- --resync-period=50s
env:
{{- include "dind-volume-provisioner.environment-variables" . | nindent 8 }}
ports:
- name: http
containerPort: 8080
resources:
{{- toYaml .Values.resources | nindent 12 }}
volumeMounts:
{{- include "dind-volume-provisioner.volumeMounts.calculated" . | nindent 8 }}
{{- with .Values.extraVolumeMounts }}
{{- toYaml . | nindent 8 }}
{{- end }}
{{- with .Values.nodeSelector }}
nodeSelector:
{{- toYaml . | nindent 8 }}
{{- end }}
{{- with .Values.affinity }}
affinity:
{{- toYaml . | nindent 8 }}
{{- end }}
{{- with .Values.tolerations }}
tolerations:
{{- toYaml . | nindent 6 }}
{{- end }}
volumes:
{{- include "dind-volume-provisioner.volumes.calculated" . | nindent 6 }}
{{- with .Values.extraVolumes }}
{{- toYaml . | nindent 6 }}
{{- end }}
{{- end -}}

88
charts/codefresh/cf-runtime/7.2.2/templates/_components/volume-provisioner/_env-vars.yaml Normal file
View File

@ -0,0 +1,88 @@
{{- define "dind-volume-provisioner.environment-variables.defaults" }}
{{- end }}
{{- define "dind-volume-provisioner.environment-variables.calculated" }}
DOCKER_REGISTRY: {{ .Values.global.imageRegistry }}
PROVISIONER_NAME: {{ include "dind-volume-provisioner.volumeProvisionerName" . }}
{{- if or .Values.storage.ebs.accessKeyId .Values.storage.ebs.accessKeyIdSecretKeyRef }}
AWS_ACCESS_KEY_ID:
{{- if .Values.storage.ebs.accessKeyId }}
valueFrom:
secretKeyRef:
name: {{ include "dind-volume-provisioner.fullname" . }}
key: aws_access_key_id
{{- else if .Values.storage.ebs.accessKeyIdSecretKeyRef }}
valueFrom:
secretKeyRef:
{{- .Values.storage.ebs.accessKeyIdSecretKeyRef | toYaml | nindent 6 }}
{{- end }}
{{- end }}
{{- if or .Values.storage.ebs.secretAccessKey .Values.storage.ebs.secretAccessKeySecretKeyRef }}
AWS_SECRET_ACCESS_KEY:
{{- if .Values.storage.ebs.secretAccessKey }}
valueFrom:
secretKeyRef:
name: {{ include "dind-volume-provisioner.fullname" . }}
key: aws_secret_access_key
{{- else if .Values.storage.ebs.secretAccessKeySecretKeyRef }}
valueFrom:
secretKeyRef:
{{- .Values.storage.ebs.secretAccessKeySecretKeyRef | toYaml | nindent 6 }}
{{- end }}
{{- end }}
{{- if or .Values.storage.gcedisk.serviceAccountJson .Values.storage.gcedisk.serviceAccountJsonSecretKeyRef }}
GOOGLE_APPLICATION_CREDENTIALS: {{ printf "/etc/dind-volume-provisioner/credentials/%s" (.Values.storage.gcedisk.serviceAccountJsonSecretKeyRef.key | default "google-service-account.json") }}
{{- end }}
{{- if and .Values.storage.mountAzureJson }}
AZURE_CREDENTIAL_FILE: /etc/kubernetes/azure.json
CLOUDCONFIG_AZURE: /etc/kubernetes/azure.json
{{- end }}
{{- end }}
{{- define "dind-volume-provisioner.environment-variables" }}
{{- $cfCommonTplSemver := printf "cf-common-%s" (index .Subcharts "cf-common").Chart.Version }}
{{- $defaults := (include "dind-volume-provisioner.environment-variables.defaults" . | fromYaml) }}
{{- $calculated := (include "dind-volume-provisioner.environment-variables.calculated" . | fromYaml) }}
{{- $overrides := .Values.env }}
{{- $mergedValues := mergeOverwrite (merge $defaults $calculated) $overrides }}
{{- include (printf "%s.env-vars" $cfCommonTplSemver) (dict "Values" $mergedValues "context" .) }}
{{- end }}
{{- define "dind-volume-provisioner.volumes.calculated" }}
{{- if .Values.storage.gcedisk.serviceAccountJson }}
- name: credentials
secret:
secretName: {{ include "dind-volume-provisioner.fullname" . }}
optional: true
{{- else if .Values.storage.gcedisk.serviceAccountJsonSecretKeyRef }}
- name: credentials
secret:
secretName: {{ .Values.storage.gcedisk.serviceAccountJsonSecretKeyRef.name }}
optional: true
{{- end }}
{{- if .Values.storage.mountAzureJson }}
- name: azure-json
hostPath:
path: /etc/kubernetes/azure.json
type: File
{{- end }}
{{- end }}
{{- define "dind-volume-provisioner.volumeMounts.calculated" }}
{{- if or .Values.storage.gcedisk.serviceAccountJson .Values.storage.gcedisk.serviceAccountJsonSecretKeyRef }}
- name: credentials
readOnly: true
mountPath: "/etc/dind-volume-provisioner/credentials"
{{- end }}
{{- if .Values.storage.mountAzureJson }}
- name: azure-json
readOnly: true
mountPath: "/etc/kubernetes/azure.json"
{{- end }}
{{- end }}

93
charts/codefresh/cf-runtime/7.2.2/templates/_components/volume-provisioner/_helpers.tpl Normal file
View File

@ -0,0 +1,93 @@
{{/*
Expand the name of the chart.
*/}}
{{- define "dind-volume-provisioner.name" -}}
{{- printf "%s-%s" (include "cf-runtime.name" .) "volume-provisioner" | trunc 63 | trimSuffix "-" }}
{{- end }}
{{/*
Create a default fully qualified app name.
We truncate at 63 chars because some Kubernetes name fields are limited to this (by the DNS naming spec).
If release name contains chart name it will be used as a full name.
*/}}
{{- define "dind-volume-provisioner.fullname" -}}
{{- printf "%s-%s" (include "cf-runtime.fullname" .) "volume-provisioner" | trunc 63 | trimSuffix "-" }}
{{- end }}
{{- define "dind-volume-cleanup.fullname" -}}
{{- printf "%s-%s" (include "cf-runtime.fullname" .) "volume-cleanup" | trunc 52 | trimSuffix "-" }}
{{- end }}
{{- define "dind-lv-monitor.fullname" -}}
{{- printf "%s-%s" (include "cf-runtime.fullname" .) "lv-monitor" | trunc 63 | trimSuffix "-" }}
{{- end }}
{{/*
Provisioner name for storage class
*/}}
{{- define "dind-volume-provisioner.volumeProvisionerName" }}
{{- printf "codefresh.io/dind-volume-provisioner-runner-%s" .Release.Namespace }}
{{- end }}
{{/*
Common labels for dind-lv-monitor
*/}}
{{- define "dind-lv-monitor.labels" -}}
{{ include "cf-runtime.labels" . }}
codefresh.io/application: lv-monitor
{{- end }}
{{/*
Selector labels for dind-lv-monitor
*/}}
{{- define "dind-lv-monitor.selectorLabels" -}}
{{ include "cf-runtime.selectorLabels" . }}
codefresh.io/application: lv-monitor
{{- end }}
{{/*
Common labels for dind-volume-provisioner
*/}}
{{- define "dind-volume-provisioner.labels" -}}
{{ include "cf-runtime.labels" . }}
codefresh.io/application: volume-provisioner
{{- end }}
{{/*
Selector labels for dind-volume-provisioner
*/}}
{{- define "dind-volume-provisioner.selectorLabels" -}}
{{ include "cf-runtime.selectorLabels" . }}
codefresh.io/application: volume-provisioner
{{- end }}
{{/*
Common labels for dind-volume-cleanup
*/}}
{{- define "dind-volume-cleanup.labels" -}}
{{ include "cf-runtime.labels" . }}
codefresh.io/application: pv-cleanup
{{- end }}
{{/*
Common labels for dind-volume-cleanup
*/}}
{{- define "dind-volume-cleanup.selectorLabels" -}}
{{ include "cf-runtime.selectorLabels" . }}
codefresh.io/application: pv-cleanup
{{- end }}
{{/*
Create the name of the service account to use
*/}}
{{- define "dind-volume-provisioner.serviceAccountName" -}}
{{- if .Values.serviceAccount.create }}
{{- default (include "dind-volume-provisioner.fullname" .) .Values.serviceAccount.name }}
{{- else }}
{{- default "default" .Values.serviceAccount.name }}
{{- end }}
{{- end }}
{{- define "dind-volume-provisioner.storageClassName" }}
{{- printf "dind-local-volumes-runner-%s" .Release.Namespace }}
{{- end }}

71
charts/codefresh/cf-runtime/7.2.2/templates/_components/volume-provisioner/_rbac.yaml Normal file
View File

@ -0,0 +1,71 @@
{{- define "dind-volume-provisioner.resources.rbac" -}}
{{- if .Values.serviceAccount.create }}
apiVersion: v1
kind: ServiceAccount
metadata:
name: {{ include "dind-volume-provisioner.serviceAccountName" . }}
labels:
{{- include "dind-volume-provisioner.labels" . | nindent 4 }}
{{- with .Values.serviceAccount.annotations }}
annotations:
{{- toYaml . | nindent 4 }}
{{- end }}
{{- end }}
---
{{- if .Values.rbac.create }}
kind: ClusterRole
apiVersion: rbac.authorization.k8s.io/v1
metadata:
name: {{ include "dind-volume-provisioner.fullname" . }}
labels:
{{- include "dind-volume-provisioner.labels" . | nindent 4 }}
rules:
- apiGroups: [ "" ]
resources: [ "persistentvolumes" ]
verbs: [ "get", "list", "watch", "create", "delete", "patch" ]
- apiGroups: [ "" ]
resources: [ "persistentvolumeclaims" ]
verbs: [ "get", "list", "watch", "update", "delete" ]
- apiGroups: [ "storage.k8s.io" ]
resources: [ "storageclasses" ]
verbs: [ "get", "list", "watch" ]
- apiGroups: [ "" ]
resources: [ "events" ]
verbs: [ "list", "watch", "create", "update", "patch" ]
- apiGroups: [ "" ]
resources: [ "secrets" ]
verbs: [ "get", "list" ]
- apiGroups: [ "" ]
resources: [ "nodes" ]
verbs: [ "get", "list", "watch" ]
- apiGroups: [ "" ]
resources: [ "pods" ]
verbs: [ "get", "list", "watch", "create", "delete", "patch" ]
- apiGroups: [ "" ]
resources: [ "endpoints" ]
verbs: [ "get", "list", "watch", "create", "update", "delete" ]
- apiGroups: [ "coordination.k8s.io" ]
resources: [ "leases" ]
verbs: [ "get", "create", "update" ]
{{- with .Values.rbac.rules }}
{{ toYaml . | nindent 2 }}
{{- end }}
{{- end }}
---
{{- if and .Values.serviceAccount.create .Values.rbac.create }}
kind: ClusterRoleBinding
apiVersion: rbac.authorization.k8s.io/v1
metadata:
name: {{ include "dind-volume-provisioner.fullname" . }}
labels:
{{- include "dind-volume-provisioner.labels" . | nindent 4 }}
subjects:
- kind: ServiceAccount
name: {{ include "dind-volume-provisioner.serviceAccountName" . }}
namespace: {{ .Release.Namespace }}
roleRef:
kind: ClusterRole
name: {{ include "dind-volume-provisioner.fullname" . }}
apiGroup: rbac.authorization.k8s.io
{{- end }}
{{- end -}}

22
charts/codefresh/cf-runtime/7.2.2/templates/_components/volume-provisioner/_secret.yaml Normal file
View File

@ -0,0 +1,22 @@
{{- define "dind-volume-provisioner.resources.secret" -}}
{{- if or .Values.storage.ebs.accessKeyId .Values.storage.ebs.secretAccessKey .Values.storage.gcedisk.serviceAccountJson }}
apiVersion: v1
kind: Secret
type: Opaque
metadata:
name: {{ include "dind-volume-provisioner.fullname" . }}
labels:
{{- include "dind-volume-provisioner.labels" . | nindent 4 }}
stringData:
{{- with .Values.storage.gcedisk.serviceAccountJson }}
google-service-account.json: |
{{- . | nindent 4 }}
{{- end }}
{{- with .Values.storage.ebs.accessKeyId }}
aws_access_key_id: {{ . }}
{{- end }}
{{- with .Values.storage.ebs.secretAccessKey }}
aws_secret_access_key: {{ . }}
{{- end }}
{{- end }}
{{- end -}}

47
charts/codefresh/cf-runtime/7.2.2/templates/_components/volume-provisioner/_storageclass.yaml Normal file
View File

@ -0,0 +1,47 @@
{{- define "dind-volume-provisioner.resources.storageclass" -}}
kind: StorageClass
apiVersion: storage.k8s.io/v1
metadata:
{{/* has to be exactly that */}}
name: {{ include "dind-volume-provisioner.storageClassName" . }}
labels:
{{- include "dind-volume-provisioner.labels" . | nindent 4 }}
provisioner: {{ include "dind-volume-provisioner.volumeProvisionerName" . }}
parameters:
{{- if eq .Values.storage.backend "local" }}
volumeBackend: local
volumeParentDir: {{ .Values.storage.local.volumeParentDir }}
{{- else if eq .Values.storage.backend "gcedisk" }}
volumeBackend: {{ .Values.storage.backend }}
type: {{ .Values.storage.gcedisk.volumeType | default "pd-ssd" }}
zone: {{ required ".Values.storage.gcedisk.availabilityZone is required" .Values.storage.gcedisk.availabilityZone }}
fsType: {{ .Values.storage.fsType | default "ext4" }}
{{- else if or (eq .Values.storage.backend "ebs") (eq .Values.storage.backend "ebs-csi")}}
volumeBackend: {{ .Values.storage.backend }}
VolumeType: {{ .Values.storage.ebs.volumeType | default "gp3" }}
AvailabilityZone: {{ required ".Values.storage.ebs.availabilityZone is required" .Values.storage.ebs.availabilityZone }}
fsType: {{ .Values.storage.fsType | default "ext4" }}
encrypted: {{ .Values.storage.ebs.encrypted | default "false" | quote }}
{{- with .Values.storage.ebs.kmsKeyId }}
kmsKeyId: {{ . | quote }}
{{- end }}
{{- with .Values.storage.ebs.iops }}
iops: {{ . | quote }}
{{- end }}
{{- with .Values.storage.ebs.throughput }}
throughput: {{ . | quote }}
{{- end }}
{{- else if or (eq .Values.storage.backend "azuredisk") (eq .Values.storage.backend "azuredisk-csi")}}
volumeBackend: {{ .Values.storage.backend }}
kind: managed
skuName: {{ .Values.storage.azuredisk.skuName | default "Premium_LRS" }}
fsType: {{ .Values.storage.fsType | default "ext4" }}
cachingMode: {{ .Values.storage.azuredisk.cachingMode | default "None" }}
{{- with .Values.storage.azuredisk.availabilityZone }}
availabilityZone: {{ . | quote }}
{{- end }}
{{- with .Values.storage.azuredisk.resourceGroup }}
resourceGroup: {{ . | quote }}
{{- end }}
{{- end }}
{{- end -}}

51
charts/codefresh/cf-runtime/7.2.2/templates/_helpers.tpl Normal file
View File

@ -0,0 +1,51 @@
{{/*
Expand the name of the chart.
*/}}
{{- define "cf-runtime.name" -}}
{{- default .Chart.Name .Values.nameOverride | trunc 63 | trimSuffix "-" }}
{{- end }}
{{/*
Create a default fully qualified app name.
We truncate at 63 chars because some Kubernetes name fields are limited to this (by the DNS naming spec).
If release name contains chart name it will be used as a full name.
*/}}
{{- define "cf-runtime.fullname" -}}
{{- if .Values.fullnameOverride }}
{{- .Values.fullnameOverride | trunc 63 | trimSuffix "-" }}
{{- else }}
{{- $name := default .Chart.Name .Values.nameOverride }}
{{- if contains $name .Release.Name }}
{{- .Release.Name | trunc 63 | trimSuffix "-" }}
{{- else }}
{{- printf "%s-%s" .Release.Name $name | trunc 63 | trimSuffix "-" }}
{{- end }}
{{- end }}
{{- end }}
{{/*
Create chart name and version as used by the chart label.
*/}}
{{- define "cf-runtime.chart" -}}
{{- printf "%s-%s" .Chart.Name .Chart.Version | replace "+" "_" | trunc 63 | trimSuffix "-" }}
{{- end }}
{{/*
Common labels
*/}}
{{- define "cf-runtime.labels" -}}
helm.sh/chart: {{ include "cf-runtime.chart" . }}
{{ include "cf-runtime.selectorLabels" . }}
{{- if .Chart.AppVersion }}
app.kubernetes.io/version: {{ .Chart.AppVersion | quote }}
{{- end }}
app.kubernetes.io/managed-by: {{ .Release.Service }}
{{- end }}
{{/*
Selector labels
*/}}
{{- define "cf-runtime.selectorLabels" -}}
app.kubernetes.io/name: {{ include "cf-runtime.name" . }}
app.kubernetes.io/instance: {{ .Release.Name }}
{{- end }}

9
charts/codefresh/cf-runtime/7.2.2/templates/app-proxy/deployment.yaml Normal file
View File

@ -0,0 +1,9 @@
{{- $appProxyContext := deepCopy . }}
{{- $_ := set $appProxyContext "Values" (get .Values "appProxy") }}
{{- $_ := set $appProxyContext.Values "global" (get .Values "global") }}
{{- $_ := set $appProxyContext.Values "nameOverride" (get .Values "nameOverride") }}
{{- $_ := set $appProxyContext.Values "fullnameOverride" (get .Values "fullnameOverride") }}
{{- if $appProxyContext.Values.enabled }}
{{- include "app-proxy.resources.deployment" $appProxyContext }}
{{- end }}

9
charts/codefresh/cf-runtime/7.2.2/templates/app-proxy/ingress.yaml Normal file
View File

@ -0,0 +1,9 @@
{{- $appProxyContext := deepCopy . }}
{{- $_ := set $appProxyContext "Values" (get .Values "appProxy") }}
{{- $_ := set $appProxyContext.Values "global" (get .Values "global") }}
{{- $_ := set $appProxyContext.Values "nameOverride" (get .Values "nameOverride") }}
{{- $_ := set $appProxyContext.Values "fullnameOverride" (get .Values "fullnameOverride") }}
{{- if $appProxyContext.Values.enabled }}
{{- include "app-proxy.resources.ingress" $appProxyContext }}
{{- end }}

9
charts/codefresh/cf-runtime/7.2.2/templates/app-proxy/rbac.yaml Normal file
View File

@ -0,0 +1,9 @@
{{- $appProxyContext := deepCopy . }}
{{- $_ := set $appProxyContext "Values" (get .Values "appProxy") }}
{{- $_ := set $appProxyContext.Values "global" (get .Values "global") }}
{{- $_ := set $appProxyContext.Values "nameOverride" (get .Values "nameOverride") }}
{{- $_ := set $appProxyContext.Values "fullnameOverride" (get .Values "fullnameOverride") }}
{{- if $appProxyContext.Values.enabled }}
{{- include "app-proxy.resources.rbac" $appProxyContext }}
{{- end }}

9
charts/codefresh/cf-runtime/7.2.2/templates/app-proxy/service.yaml Normal file
View File

@ -0,0 +1,9 @@
{{- $appProxyContext := deepCopy . }}
{{- $_ := set $appProxyContext "Values" (get .Values "appProxy") }}
{{- $_ := set $appProxyContext.Values "global" (get .Values "global") }}
{{- $_ := set $appProxyContext.Values "nameOverride" (get .Values "nameOverride") }}
{{- $_ := set $appProxyContext.Values "fullnameOverride" (get .Values "fullnameOverride") }}
{{- if $appProxyContext.Values.enabled }}
{{- include "app-proxy.resources.service" $appProxyContext }}
{{- end }}

9
charts/codefresh/cf-runtime/7.2.2/templates/event-exporter/deployment.yaml Normal file
View File

@ -0,0 +1,9 @@
{{- $eventExporterContext := deepCopy . }}
{{- $_ := set $eventExporterContext "Values" (get .Values "event-exporter") }}
{{- $_ := set $eventExporterContext.Values "global" (get .Values "global") }}
{{- $_ := set $eventExporterContext.Values "nameOverride" (get .Values "nameOverride") }}
{{- $_ := set $eventExporterContext.Values "fullnameOverride" (get .Values "fullnameOverride") }}
{{- if and $eventExporterContext.Values.enabled }}
{{- include "event-exporter.resources.deployment" $eventExporterContext }}
{{- end }}

9
charts/codefresh/cf-runtime/7.2.2/templates/event-exporter/rbac.yaml Normal file
View File

@ -0,0 +1,9 @@
{{- $eventExporterContext := deepCopy . }}
{{- $_ := set $eventExporterContext "Values" (get .Values "event-exporter") }}
{{- $_ := set $eventExporterContext.Values "global" (get .Values "global") }}
{{- $_ := set $eventExporterContext.Values "nameOverride" (get .Values "nameOverride") }}
{{- $_ := set $eventExporterContext.Values "fullnameOverride" (get .Values "fullnameOverride") }}
{{- if and $eventExporterContext.Values.enabled }}
{{- include "event-exporter.resources.rbac" $eventExporterContext }}
{{- end }}

11
charts/codefresh/cf-runtime/7.2.2/templates/event-exporter/service.yaml Normal file
View File

@ -0,0 +1,11 @@
{{- $eventExporterContext := deepCopy . }}
{{- $_ := set $eventExporterContext "Values" (get .Values "event-exporter") }}
{{- $_ := set $eventExporterContext.Values "global" (get .Values "global") }}
{{- $_ := set $eventExporterContext.Values "nameOverride" (get .Values "nameOverride") }}
{{- $_ := set $eventExporterContext.Values "fullnameOverride" (get .Values "fullnameOverride") }}
{{- if $eventExporterContext.Values.enabled }}
{{- include "event-exporter.resources.service" $eventExporterContext }}
---
{{- include "event-exporter.resources.serviceMonitor" $eventExporterContext }}
{{- end }}

6
charts/codefresh/cf-runtime/7.2.2/templates/extra/extra-resources.yaml Normal file
View File

@ -0,0 +1,6 @@
{{ $cfCommonTplSemver := printf "cf-common-%s" (index .Subcharts "cf-common").Chart.Version }}
{{- range .Values.extraResources }}
---
{{ include (printf "%s.tplrender" $cfCommonTplSemver) (dict "Values" . "context" $) }}
{{- end }}

19
charts/codefresh/cf-runtime/7.2.2/templates/extra/runtime-images-cm.yaml Normal file
View File

@ -0,0 +1,19 @@
{{ $cfCommonTplSemver := printf "cf-common-%s" (index .Subcharts "cf-common").Chart.Version }}
{{ $values := .Values.runtime.engine.runtimeImages }}
---
kind: ConfigMap
apiVersion: v1
metadata:
{{- /* dummy template just to list runtime images */}}
name: {{ include "runtime.fullname" . }}-images
labels:
{{- include "runtime.labels" . | nindent 4 }}
annotations:
{{- with $values.annotations }}
{{- toYaml . | nindent 4 }}
{{- end }}
data:
images: |
{{- range $key, $val := $values }}
image: {{ $val }}
{{- end }}

18
charts/codefresh/cf-runtime/7.2.2/templates/hooks/post-install/cm-update-runtime.yaml Normal file
View File

@ -0,0 +1,18 @@
{{ $cfCommonTplSemver := printf "cf-common-%s" (index .Subcharts "cf-common").Chart.Version }}
{{ $values := .Values.runtime.patch }}
{{- if $values.enabled }}
---
kind: ConfigMap
apiVersion: v1
metadata:
name: {{ include "runtime.fullname" . }}-spec
labels:
{{- include "runtime.labels" . | nindent 4 }}
annotations:
{{- with $values.annotations }}
{{- toYaml . | nindent 4 }}
{{- end }}
data:
runtime.yaml: |
{{ include "runtime.runtime-environment-spec.template" . | nindent 4 | trim }}
{{- end }}

68
charts/codefresh/cf-runtime/7.2.2/templates/hooks/post-install/job-gencerts-dind.yaml Normal file
View File

@ -0,0 +1,68 @@
{{ $cfCommonTplSemver := printf "cf-common-%s" (index .Subcharts "cf-common").Chart.Version }}
{{ $values := .Values.runtime.gencerts }}
{{- if and $values.enabled }}
---
apiVersion: batch/v1
kind: Job
metadata:
name: {{ include "runtime.fullname" . }}-gencerts-dind
labels:
{{- include "runtime.labels" . | nindent 4 }}
annotations:
helm.sh/hook: post-install,post-upgrade
helm.sh/hook-weight: "3"
helm.sh/hook-delete-policy: before-hook-creation,hook-succeeded
{{- with $values.annotations }}
{{- toYaml . | nindent 4 }}
{{- end }}
spec:
{{- with $values.ttlSecondsAfterFinished }}
ttlSecondsAfterFinished: {{ . }}
{{- end }}
{{- with $values.backoffLimit }}
backoffLimit: {{ . | int }}
{{- end }}
template:
metadata:
name: {{ include "runtime.fullname" . }}-gencerts-dind
labels:
{{- include "runtime.labels" . | nindent 8 }}
spec:
{{- if $values.rbac.enabled }}
serviceAccountName: {{ template "runtime.fullname" . }}-gencerts-dind
{{- end }}
securityContext:
{{- toYaml $values.podSecurityContext | nindent 8 }}
containers:
- name: gencerts-dind
image: {{ include (printf "%s.image.name" $cfCommonTplSemver ) (dict "image" $values.image "context" .) }}
imagePullPolicy: {{ $values.image.pullPolicy | default "Always" }}
command:
- "/bin/bash"
args:
- -ec
- | {{ .Files.Get "files/configure-dind-certs.sh" | nindent 10 }}
env:
- name: NAMESPACE
value: {{ .Release.Namespace }}
- name: RELEASE
value: {{ .Release.Name }}
- name: CF_API_HOST
value: {{ include "runtime.runtime-environment-spec.codefresh-host" . }}
- name: CF_API_TOKEN
{{- include "runtime.installation-token-env-var-value" . | indent 10}}
{{- include (printf "%s.env-vars" $cfCommonTplSemver) (dict "Values" $values.env "context" .) | nindent 8 }}
{{- with $values.nodeSelector }}
nodeSelector:
{{- toYaml . | nindent 8 }}
{{- end }}
{{- with $values.affinity }}
affinity:
{{- toYaml . | nindent 8 }}
{{- end }}
{{- with $values.tolerations }}
tolerations:
{{- toYaml . | nindent 6 }}
{{- end }}
restartPolicy: OnFailure
{{- end }}

77
charts/codefresh/cf-runtime/7.2.2/templates/hooks/post-install/job-update-runtime.yaml Normal file
View File

@ -0,0 +1,77 @@
{{ $cfCommonTplSemver := printf "cf-common-%s" (index .Subcharts "cf-common").Chart.Version }}
{{ $values := .Values.runtime.patch }}
{{- if $values.enabled }}
---
apiVersion: batch/v1
kind: Job
metadata:
name: {{ include "runtime.fullname" . }}-patch
labels:
{{- include "runtime.labels" . | nindent 4 }}
annotations:
helm.sh/hook: post-install,post-upgrade
helm.sh/hook-weight: "5"
helm.sh/hook-delete-policy: before-hook-creation,hook-succeeded
{{- with $values.annotations }}
{{- toYaml . | nindent 4 }}
{{- end }}
spec:
{{- with $values.ttlSecondsAfterFinished }}
ttlSecondsAfterFinished: {{ . }}
{{- end }}
{{- with $values.backoffLimit }}
backoffLimit: {{ . | int }}
{{- end }}
template:
metadata:
name: {{ include "runtime.fullname" . }}-patch
labels:
{{- include "runtime.labels" . | nindent 8 }}
spec:
securityContext:
{{- toYaml $values.podSecurityContext | nindent 8 }}
containers:
- name: patch-runtime
image: {{ include (printf "%s.image.name" $cfCommonTplSemver ) (dict "image" $values.image "context" .) }}
imagePullPolicy: {{ $values.image.pullPolicy | default "Always" }}
command:
- "/bin/bash"
args:
- -ec
- |
codefresh auth create-context --api-key $API_KEY --url $API_HOST
cat /usr/share/extras/runtime.yaml
codefresh get re
{{- if .Values.runtime.agent }}
codefresh patch re -f /usr/share/extras/runtime.yaml
{{- else }}
codefresh patch sys-re -f /usr/share/extras/runtime.yaml
{{- end }}
env:
- name: API_KEY
{{- include "runtime.installation-token-env-var-value" . | indent 10}}
- name: API_HOST
value: {{ include "runtime.runtime-environment-spec.codefresh-host" . }}
{{- include (printf "%s.env-vars" $cfCommonTplSemver) (dict "Values" $values.env "context" .) | nindent 8 }}
volumeMounts:
- name: config
mountPath: /usr/share/extras/runtime.yaml
subPath: runtime.yaml
{{- with $values.nodeSelector }}
nodeSelector:
{{- toYaml . | nindent 8 }}
{{- end }}
{{- with $values.affinity }}
affinity:
{{- toYaml . | nindent 8 }}
{{- end }}
{{- with $values.tolerations }}
tolerations:
{{- toYaml . | nindent 6 }}
{{- end }}
restartPolicy: OnFailure
volumes:
- name: config
configMap:
name: {{ include "runtime.fullname" . }}-spec
{{- end }}

37
charts/codefresh/cf-runtime/7.2.2/templates/hooks/post-install/rbac-gencerts-dind.yaml Normal file
View File

@ -0,0 +1,37 @@
{{ $cfCommonTplSemver := printf "cf-common-%s" (index .Subcharts "cf-common").Chart.Version }}
{{ $values := .Values.runtime.gencerts }}
{{- if and $values.enabled }}
---
apiVersion: v1
kind: ServiceAccount
metadata:
name: {{ include "runtime.fullname" . }}-gencerts-dind
namespace: {{ .Release.Namespace }}
---
apiVersion: rbac.authorization.k8s.io/v1
kind: Role
metadata:
name: {{ include "runtime.fullname" . }}-gencerts-dind
namespace: {{ .Release.Namespace }}
rules:
- apiGroups:
- ""
resources:
- secrets
- configmaps
verbs: ["get", "list", "watch", "create", "update", "patch", "delete"]
---
apiVersion: rbac.authorization.k8s.io/v1
kind: RoleBinding
metadata:
name: {{ include "runtime.fullname" . }}-gencerts-dind
namespace: {{ .Release.Namespace }}
roleRef:
apiGroup: rbac.authorization.k8s.io
kind: Role
name: {{ include "runtime.fullname" . }}-gencerts-dind
subjects:
- kind: ServiceAccount
name: {{ include "runtime.fullname" . }}-gencerts-dind
namespace: {{ .Release.Namespace }}
{{ end }}

73
charts/codefresh/cf-runtime/7.2.2/templates/hooks/pre-delete/job-cleanup-resources.yaml Normal file
View File

@ -0,0 +1,73 @@
{{ $cfCommonTplSemver := printf "cf-common-%s" (index .Subcharts "cf-common").Chart.Version }}
{{ $values := .Values.runtime.patch }}
{{- if and $values.enabled }}
---
apiVersion: batch/v1
kind: Job
metadata:
name: {{ include "runtime.fullname" . }}-cleanup
labels:
{{- include "runtime.labels" . | nindent 4 }}
annotations:
helm.sh/hook: pre-delete
helm.sh/hook-delete-policy: hook-succeeded,before-hook-creation
{{- with $values.annotations }}
{{- toYaml . | nindent 4 }}
{{- end }}
spec:
{{- with $values.ttlSecondsAfterFinished }}
ttlSecondsAfterFinished: {{ . }}
{{- end }}
{{- with $values.backoffLimit }}
backoffLimit: {{ . | int }}
{{- end }}
template:
metadata:
name: {{ include "runtime.fullname" . }}-cleanup
labels:
{{- include "runtime.labels" . | nindent 8 }}
spec:
{{- if $values.rbac.enabled }}
serviceAccountName: {{ template "runtime.fullname" . }}-cleanup
{{- end }}
securityContext:
{{- toYaml $values.podSecurityContext | nindent 8 }}
containers:
- name: cleanup
image: {{ include (printf "%s.image.name" $cfCommonTplSemver ) (dict "image" $values.image "context" .) }}
imagePullPolicy: {{ $values.image.pullPolicy | default "Always" }}
command:
- "/bin/bash"
args:
- -ec
- | {{ .Files.Get "files/cleanup-runtime.sh" | nindent 10 }}
env:
- name: AGENT_NAME
value: {{ include "runtime.runtime-environment-spec.agent-name" . }}
- name: RUNTIME_NAME
value: {{ include "runtime.runtime-environment-spec.runtime-name" . }}
- name: API_HOST
value: {{ include "runtime.runtime-environment-spec.codefresh-host" . }}
- name: API_TOKEN
{{- include "runtime.installation-token-env-var-value" . | indent 10}}
- name: AGENT
value: {{ .Values.runtime.agent | quote }}
- name: AGENT_SECRET_NAME
value: {{ include "runner.fullname" . }}
- name: DIND_SECRET_NAME
value: codefresh-certs-server
{{- include (printf "%s.env-vars" $cfCommonTplSemver) (dict "Values" $values.env "context" .) | nindent 8 }}
{{- with $values.nodeSelector }}
nodeSelector:
{{- toYaml . | nindent 8 }}
{{- end }}
{{- with $values.affinity }}
affinity:
{{- toYaml . | nindent 8 }}
{{- end }}
{{- with $values.tolerations }}
tolerations:
{{- toYaml . | nindent 6 }}
{{- end }}
restartPolicy: OnFailure
{{- end }}

46
charts/codefresh/cf-runtime/7.2.2/templates/hooks/pre-delete/rbac-cleanup-resources.yaml Normal file
View File

@ -0,0 +1,46 @@
{{ $cfCommonTplSemver := printf "cf-common-%s" (index .Subcharts "cf-common").Chart.Version }}
{{ $values := .Values.runtime.patch }}
{{- if and $values.enabled }}
---
apiVersion: v1
kind: ServiceAccount
metadata:
name: {{ include "runtime.fullname" . }}-cleanup
namespace: {{ .Release.Namespace }}
annotations:
"helm.sh/hook": pre-delete
"helm.sh/hook-delete-policy": hook-succeeded,before-hook-creation,hook-failed
---
apiVersion: rbac.authorization.k8s.io/v1
kind: Role
metadata:
name: {{ include "runtime.fullname" . }}-cleanup
namespace: {{ .Release.Namespace }}
annotations:
"helm.sh/hook": pre-delete
"helm.sh/hook-delete-policy": hook-succeeded,before-hook-creation,hook-failed
rules:
- apiGroups:
- "*"
resources:
- "*"
verbs:
- "*"
---
apiVersion: rbac.authorization.k8s.io/v1
kind: RoleBinding
metadata:
name: {{ include "runtime.fullname" . }}-cleanup
namespace: {{ .Release.Namespace }}
annotations:
"helm.sh/hook": pre-delete
"helm.sh/hook-delete-policy": hook-succeeded,before-hook-creation,hook-failed
roleRef:
apiGroup: rbac.authorization.k8s.io
kind: Role
name: {{ include "runtime.fullname" . }}-cleanup
subjects:
- kind: ServiceAccount
name: {{ include "runtime.fullname" . }}-cleanup
namespace: {{ .Release.Namespace }}
{{ end }}

9
charts/codefresh/cf-runtime/7.2.2/templates/monitor/deployment.yaml Normal file
View File

@ -0,0 +1,9 @@
{{- $monitorContext := deepCopy . }}
{{- $_ := set $monitorContext "Values" (get .Values "monitor") }}
{{- $_ := set $monitorContext.Values "global" (get .Values "global") }}
{{- $_ := set $monitorContext.Values "nameOverride" (get .Values "nameOverride") }}
{{- $_ := set $monitorContext.Values "fullnameOverride" (get .Values "fullnameOverride") }}
{{- if $monitorContext.Values.enabled }}
{{- include "monitor.resources.deployment" $monitorContext }}
{{- end }}

9
charts/codefresh/cf-runtime/7.2.2/templates/monitor/rbac.yaml Normal file
View File

@ -0,0 +1,9 @@
{{- $monitorContext := deepCopy . }}
{{- $_ := set $monitorContext "Values" (get .Values "monitor") }}
{{- $_ := set $monitorContext.Values "global" (get .Values "global") }}
{{- $_ := set $monitorContext.Values "nameOverride" (get .Values "nameOverride") }}
{{- $_ := set $monitorContext.Values "fullnameOverride" (get .Values "fullnameOverride") }}
{{- if $monitorContext.Values.enabled }}
{{- include "monitor.resources.rbac" $monitorContext }}
{{- end }}

9
charts/codefresh/cf-runtime/7.2.2/templates/monitor/service.yaml Normal file
View File

@ -0,0 +1,9 @@
{{- $monitorContext := deepCopy . }}
{{- $_ := set $monitorContext "Values" (get .Values "monitor") }}
{{- $_ := set $monitorContext.Values "global" (get .Values "global") }}
{{- $_ := set $monitorContext.Values "nameOverride" (get .Values "nameOverride") }}
{{- $_ := set $monitorContext.Values "fullnameOverride" (get .Values "fullnameOverride") }}
{{- if $monitorContext.Values.enabled }}
{{- include "monitor.resources.service" $monitorContext }}
{{- end }}

2
charts/codefresh/cf-runtime/7.2.2/templates/other/external-secrets.yaml Normal file
View File

@ -0,0 +1,2 @@
{{ $templateName := printf "cf-common-%s.external-secrets" (index .Subcharts "cf-common").Chart.Version }}
{{- include $templateName . -}}

2
charts/codefresh/cf-runtime/7.2.2/templates/other/podMonitor.yaml Normal file
View File

@ -0,0 +1,2 @@
{{ $templateName := printf "cf-common-%s.podMonitor" (index .Subcharts "cf-common").Chart.Version }}
{{- include $templateName . -}}

2
charts/codefresh/cf-runtime/7.2.2/templates/other/serviceMonitor.yaml Normal file
View File

@ -0,0 +1,2 @@
{{ $templateName := printf "cf-common-%s.serviceMonitor" (index .Subcharts "cf-common").Chart.Version }}
{{- include $templateName . -}}

9
charts/codefresh/cf-runtime/7.2.2/templates/runner/deployment.yaml Normal file
View File

@ -0,0 +1,9 @@
{{- $runnerContext := deepCopy . }}
{{- $_ := set $runnerContext "Values" (get .Values "runner") }}
{{- $_ := set $runnerContext.Values "global" (get .Values "global") }}
{{- $_ := set $runnerContext.Values "nameOverride" (get .Values "nameOverride") }}
{{- $_ := set $runnerContext.Values "fullnameOverride" (get .Values "fullnameOverride") }}
{{- if and $runnerContext.Values.enabled .Values.runtime.agent }}
{{- include "runner.resources.deployment" $runnerContext }}
{{- end }}

9
charts/codefresh/cf-runtime/7.2.2/templates/runner/rbac.yaml Normal file
View File

@ -0,0 +1,9 @@
{{- $runnerContext := deepCopy . }}
{{- $_ := set $runnerContext "Values" (get .Values "runner") }}
{{- $_ := set $runnerContext.Values "global" (get .Values "global") }}
{{- $_ := set $runnerContext.Values "nameOverride" (get .Values "nameOverride") }}
{{- $_ := set $runnerContext.Values "fullnameOverride" (get .Values "fullnameOverride") }}
{{- if and $runnerContext.Values.enabled .Values.runtime.agent }}
{{- include "runner.resources.rbac" $runnerContext }}
{{- end }}

123
charts/codefresh/cf-runtime/7.2.2/templates/runtime/_helpers.tpl Normal file
View File

@ -0,0 +1,123 @@
{{/*
Expand the name of the chart.
*/}}
{{- define "runtime.name" -}}
{{- printf "%s" (include "cf-runtime.name" .) | trunc 63 | trimSuffix "-" }}
{{- end }}
{{/*
Create a default fully qualified app name.
We truncate at 63 chars because some Kubernetes name fields are limited to this (by the DNS naming spec).
If release name contains chart name it will be used as a full name.
*/}}
{{- define "runtime.fullname" -}}
{{- printf "%s" (include "cf-runtime.fullname" .) | trunc 63 | trimSuffix "-" }}
{{- end }}
{{/*
Common labels
*/}}
{{- define "runtime.labels" -}}
{{ include "cf-runtime.labels" . }}
codefresh.io/application: runtime
{{- end }}
{{/*
Selector labels
*/}}
{{- define "runtime.selectorLabels" -}}
{{ include "cf-runtime.selectorLabels" . }}
codefresh.io/application: runtime
{{- end }}
{{/*
Return runtime image (classic runtime) with private registry prefix
*/}}
{{- define "runtime.runtimeImageName" -}}
{{- if .registry -}}
{{- $imageName := (trimPrefix "quay.io/" .imageFullName) -}}
{{- printf "%s/%s" .registry $imageName -}}
{{- else -}}
{{- printf "%s" .imageFullName -}}
{{- end -}}
{{- end -}}
{{/*
Environment variable value of Codefresh installation token
*/}}
{{- define "runtime.installation-token-env-var-value" -}}
{{- if .Values.global.codefreshToken }}
valueFrom:
secretKeyRef:
name: {{ include "runtime.installation-token-secret-name" . }}
key: codefresh-api-token
{{- else if .Values.global.codefreshTokenSecretKeyRef }}
valueFrom:
secretKeyRef:
{{- .Values.global.codefreshTokenSecretKeyRef | toYaml | nindent 4 }}
{{- end }}
{{- end }}
{{/*
Environment variable value of Codefresh agent token
*/}}
{{- define "runtime.agent-token-env-var-value" -}}
{{- if .Values.global.agentToken }}
{{- printf "%s" .Values.global.agentToken | toYaml }}
{{- else if .Values.global.agentTokenSecretKeyRef }}
valueFrom:
secretKeyRef:
{{- .Values.global.agentTokenSecretKeyRef | toYaml | nindent 4 }}
{{- end }}
{{- end }}
{{/*
Print Codefresh API token secret name
*/}}
{{- define "runtime.installation-token-secret-name" }}
{{- print "codefresh-user-token" }}
{{- end }}
{{/*
Print Codefresh host
*/}}
{{- define "runtime.runtime-environment-spec.codefresh-host" }}
{{- if and (not .Values.global.codefreshHost) }}
{{- fail "ERROR: .global.codefreshHost is required" }}
{{- else }}
{{- printf "%s" (trimSuffix "/" .Values.global.codefreshHost) }}
{{- end }}
{{- end }}
{{/*
Print runtime-environment name
*/}}
{{- define "runtime.runtime-environment-spec.runtime-name" }}
{{- if and (not .Values.global.runtimeName) }}
{{- printf "%s/%s" .Values.global.context .Release.Namespace }}
{{- else }}
{{- printf "%s" .Values.global.runtimeName }}
{{- end }}
{{- end }}
{{/*
Print agent name
*/}}
{{- define "runtime.runtime-environment-spec.agent-name" }}
{{- if and (not .Values.global.agentName) }}
{{- printf "%s_%s" .Values.global.context .Release.Namespace }}
{{- else }}
{{- printf "%s" .Values.global.agentName }}
{{- end }}
{{- end }}
{{/*
Print context
*/}}
{{- define "runtime.runtime-environment-spec.context-name" }}
{{- if and (not .Values.global.context) }}
{{- fail "ERROR: .global.context is required" }}
{{- else }}
{{- printf "%s" .Values.global.context }}
{{- end }}
{{- end }}

10
charts/codefresh/cf-runtime/7.2.2/templates/runtime/cm-dind-daemon.yaml Normal file
View File

@ -0,0 +1,10 @@
apiVersion: v1
kind: ConfigMap
metadata:
{{- /* has to be a constant */}}
name: codefresh-dind-config
labels:
{{- include "runtime.labels" . | nindent 4 }}
data:
daemon.json: |
{{ coalesce .Values.re.dindDaemon .Values.runtime.dindDaemon | toPrettyJson | indent 4 }}

48
charts/codefresh/cf-runtime/7.2.2/templates/runtime/rbac.yaml Normal file
View File

@ -0,0 +1,48 @@
{{ $values := .Values.runtime }}
---
{{- if or $values.serviceAccount.create }}
apiVersion: v1
kind: ServiceAccount
metadata:
{{- /* has to be a constant */}}
name: codefresh-engine
labels:
{{- include "runtime.labels" . | nindent 4 }}
{{- with $values.serviceAccount.annotations }}
annotations:
{{- toYaml . | nindent 4 }}
{{- end }}
{{- end }}
---
{{- if $values.rbac.create }}
kind: Role
apiVersion: rbac.authorization.k8s.io/v1
metadata:
name: codefresh-engine
labels:
{{- include "runner.labels" . | nindent 4 }}
rules:
- apiGroups: [ "" ]
resources: [ "secrets" ]
verbs: [ "get" ]
{{- with $values.rbac.rules }}
{{ toYaml . | nindent 2 }}
{{- end }}
{{- end }}
---
{{- if and $values.serviceAccount.create $values.rbac.create }}
kind: RoleBinding
apiVersion: rbac.authorization.k8s.io/v1
metadata:
name: codefresh-engine
labels:
{{- include "runner.labels" . | nindent 4 }}
subjects:
- kind: ServiceAccount
name: codefresh-engine
roleRef:
kind: Role
name: codefresh-engine
apiGroup: rbac.authorization.k8s.io
{{- end }}

235
charts/codefresh/cf-runtime/7.2.2/templates/runtime/runtime-env-spec-tmpl.yaml Normal file
View File

@ -0,0 +1,235 @@
{{- define "runtime.runtime-environment-spec.template" }}
{{- $cfCommonTplSemver := printf "cf-common-%s" (index .Subcharts "cf-common").Chart.Version -}}
{{- $kubeconfigFilePath := (include "runtime.runtime-environment-spec.runtime-name" .) -}}
{{- $name := (include "runtime.runtime-environment-spec.runtime-name" .) -}}
{{- $engineContext := .Values.runtime.engine -}}
{{- $dindContext := .Values.runtime.dind -}}
{{- $imageRegistry := .Values.global.imageRegistry -}}
metadata:
name: {{ include "runtime.runtime-environment-spec.runtime-name" . }}
agent: {{ .Values.runtime.agent }}
runtimeScheduler:
type: KubernetesPod
{{- if $engineContext.image }}
image: {{ include (printf "%s.image.name" $cfCommonTplSemver ) (dict "image" $engineContext.image "context" .) | squote }}
{{- end }}
imagePullPolicy: {{ $engineContext.image.pullPolicy }}
{{- with $engineContext.command }}
command: {{- toYaml . | nindent 4 }}
{{- end }}
envVars:
{{- with $engineContext.env }}
{{- range $key, $val := . }}
{{ $key }}: {{ $val | squote }}
{{- end }}
{{- end }}
COMPOSE_IMAGE: {{ include "runtime.runtimeImageName" (dict "registry" $imageRegistry "imageFullName" $engineContext.runtimeImages.COMPOSE_IMAGE) | squote }}
CONTAINER_LOGGER_IMAGE: {{ include "runtime.runtimeImageName" (dict "registry" $imageRegistry "imageFullName" $engineContext.runtimeImages.CONTAINER_LOGGER_IMAGE) | squote }}
DOCKER_BUILDER_IMAGE: {{ include "runtime.runtimeImageName" (dict "registry" $imageRegistry "imageFullName" $engineContext.runtimeImages.DOCKER_BUILDER_IMAGE) | squote }}
DOCKER_PULLER_IMAGE: {{ include "runtime.runtimeImageName" (dict "registry" $imageRegistry "imageFullName" $engineContext.runtimeImages.DOCKER_PULLER_IMAGE) | squote }}
DOCKER_PUSHER_IMAGE: {{ include "runtime.runtimeImageName" (dict "registry" $imageRegistry "imageFullName" $engineContext.runtimeImages.DOCKER_PUSHER_IMAGE) | squote }}
DOCKER_TAG_PUSHER_IMAGE: {{ include "runtime.runtimeImageName" (dict "registry" $imageRegistry "imageFullName" $engineContext.runtimeImages.DOCKER_TAG_PUSHER_IMAGE) | squote }}
FS_OPS_IMAGE: {{ include "runtime.runtimeImageName" (dict "registry" $imageRegistry "imageFullName" $engineContext.runtimeImages.FS_OPS_IMAGE) | squote }}
GIT_CLONE_IMAGE: {{ include "runtime.runtimeImageName" (dict "registry" $imageRegistry "imageFullName" $engineContext.runtimeImages.GIT_CLONE_IMAGE) | squote }}
KUBE_DEPLOY: {{ include "runtime.runtimeImageName" (dict "registry" $imageRegistry "imageFullName" $engineContext.runtimeImages.KUBE_DEPLOY) | squote }}
PIPELINE_DEBUGGER_IMAGE: {{ include "runtime.runtimeImageName" (dict "registry" $imageRegistry "imageFullName" $engineContext.runtimeImages.PIPELINE_DEBUGGER_IMAGE) | squote }}
TEMPLATE_ENGINE: {{ include "runtime.runtimeImageName" (dict "registry" $imageRegistry "imageFullName" $engineContext.runtimeImages.TEMPLATE_ENGINE) | squote }}
CR_6177_FIXER: {{ include "runtime.runtimeImageName" (dict "registry" $imageRegistry "imageFullName" $engineContext.runtimeImages.CR_6177_FIXER) | squote }}
GC_BUILDER_IMAGE: {{ include "runtime.runtimeImageName" (dict "registry" $imageRegistry "imageFullName" $engineContext.runtimeImages.GC_BUILDER_IMAGE) | squote }}
COSIGN_IMAGE_SIGNER_IMAGE: {{ include "runtime.runtimeImageName" (dict "registry" $imageRegistry "imageFullName" $engineContext.runtimeImages.COSIGN_IMAGE_SIGNER_IMAGE) | squote }}
RUNTIME_CHART_VERSION: {{ .Chart.Version }}
{{- with $engineContext.userEnvVars }}
userEnvVars: {{- toYaml . | nindent 4 }}
{{- end }}
{{- with $engineContext.workflowLimits }}
workflowLimits: {{- toYaml . | nindent 4 }}
{{- end }}
cluster:
namespace: {{ .Release.Namespace }}
serviceAccount: {{ $engineContext.serviceAccount }}
{{- if .Values.runtime.agent }}
clusterProvider:
accountId: {{ .Values.global.accountId }}
selector: {{ include "runtime.runtime-environment-spec.context-name" . }}
{{- else }}
{{- if .Values.runtime.inCluster }}
inCluster: true
kubeconfigFilePath: null
{{- else }}
name: {{ $name }}
kubeconfigFilePath: {{ printf "/etc/kubeconfig/%s" $kubeconfigFilePath }}
{{- end }}
{{- end }}
{{- with $engineContext.nodeSelector }}
nodeSelector: {{- toYaml . | nindent 6 }}
{{- end }}
{{- with $engineContext.affinity }}
affinity: {{- toYaml . | nindent 4 }}
{{- end }}
{{- with $engineContext.tolerations }}
tolerations: {{- toYaml . | nindent 4 }}
{{- end }}
{{- with $engineContext.podAnnotations }}
annotations:
{{- range $key, $val := . }}
{{ $key }}: {{ $val | squote }}
{{- end }}
{{- end }}
{{- with $engineContext.podLabels }}
labels: {{- toYaml . | nindent 4 }}
{{- end }}
{{- if $engineContext.schedulerName }}
schedulerName: {{ $engineContext.schedulerName }}
{{- end }}
resources:
{{- if $engineContext.resources}}
{{- toYaml $engineContext.resources | nindent 4 }}
{{- end }}
{{- with $engineContext.terminationGracePeriodSeconds }}
terminationGracePeriodSeconds: {{ . }}
{{- end }}
dockerDaemonScheduler:
type: DindKubernetesPod
{{- if $dindContext.image }}
dindImage: {{ include (printf "%s.image.name" $cfCommonTplSemver ) (dict "image" $dindContext.image "context" .) | squote }}
{{- end }}
imagePullPolicy: {{ $dindContext.image.pullPolicy }}
{{- with $dindContext.userAccess }}
userAccess: {{ . }}
{{- end }}
{{- with $dindContext.env }}
envVars:
{{- range $key, $val := . }}
{{ $key }}: {{ $val | squote }}
{{- end }}
{{- end }}
cluster:
namespace: {{ .Release.Namespace }}
serviceAccount: {{ $dindContext.serviceAccount }}
{{- if .Values.runtime.agent }}
clusterProvider:
accountId: {{ .Values.global.accountId }}
selector: {{ include "runtime.runtime-environment-spec.context-name" . }}
{{- else }}
{{- if .Values.runtime.inCluster }}
inCluster: true
kubeconfigFilePath: null
{{- else }}
name: {{ $name }}
kubeconfigFilePath: {{ printf "/etc/kubeconfig/%s" $kubeconfigFilePath }}
{{- end }}
{{- end }}
{{- with $dindContext.nodeSelector }}
nodeSelector: {{- toYaml . | nindent 6 }}
{{- end }}
{{- with $dindContext.affinity }}
affinity: {{- toYaml . | nindent 4 }}
{{- end }}
{{- with $dindContext.tolerations }}
tolerations: {{- toYaml . | nindent 4 }}
{{- end }}
{{- with $dindContext.podAnnotations }}
annotations:
{{- range $key, $val := . }}
{{ $key }}: {{ $val | squote }}
{{- end }}
{{- end }}
{{- with $dindContext.podLabels }}
labels: {{- toYaml . | nindent 4 }}
{{- end }}
{{- if $dindContext.schedulerName }}
schedulerName: {{ $dindContext.schedulerName }}
{{- end }}
{{- if $dindContext.pvcs }}
pvcs:
{{- range $index, $pvc := $dindContext.pvcs }}
- name: {{ $pvc.name }}
reuseVolumeSelector: {{ $pvc.reuseVolumeSelector | squote }}
reuseVolumeSortOrder: {{ $pvc.reuseVolumeSortOrder }}
storageClassName: {{ include (printf "%v.tplrender" $cfCommonTplSemver) (dict "Values" $pvc.storageClassName "context" $) }}
volumeSize: {{ $pvc.volumeSize }}
{{- with $pvc.annotations }}
annotations: {{ . | toYaml | nindent 8 }}
{{- end }}
{{- end }}
{{- end }}
defaultDindResources:
{{- with $dindContext.resources }}
{{- if not .requests }}
limits: {{- toYaml .limits | nindent 6 }}
requests: null
{{- else }}
{{- toYaml . | nindent 4 }}
{{- end }}
{{- end }}
{{- with $dindContext.terminationGracePeriodSeconds }}
terminationGracePeriodSeconds: {{ . }}
{{- end }}
{{- with $dindContext.userVolumeMounts }}
userVolumeMounts: {{- toYaml . | nindent 4 }}
{{- end }}
{{- with $dindContext.userVolumes }}
userVolumes: {{- toYaml . | nindent 4 }}
{{- end }}
{{- if and (not .Values.runtime.agent) }}
clientCertPath: /etc/ssl/cf/
volumeMounts:
codefresh-certs-server:
name: codefresh-certs-server
mountPath: /etc/ssl/cf
readOnly: false
volumes:
codefresh-certs-server:
name: codefresh-certs-server
secret:
secretName: codefresh-certs-server
{{- end }}
{{- with $dindContext.podSecurityContext }}
podSecurityContext: {{- toYaml . | nindent 4 }}
{{- end }}
{{- with $dindContext.containerSecurityContext }}
containerSecurityContext: {{- toYaml . | nindent 4 }}
{{- end }}
{{- if $dindContext.volumePermissions.enabled }}
initContainers:
- name: volume-permissions
image: {{ include (printf "%s.image.name" $cfCommonTplSemver ) (dict "image" $dindContext.volumePermissions.image "context" .) }}
imagePullPolicy: {{ $dindContext.volumePermissions.image.pullPolicy | default "Always" }}
command:
- /bin/sh
args:
- -ec
- |
chown -R {{ $dindContext.containerSecurityContext.runAsUser }}:{{ $dindContext.podSecurityContext.fsGroup }} /home/rootless/.local/share/docker
volumeMounts:
- mountPath: /home/rootless/.local/share/docker
name: dind
{{- if eq ( toString ( $dindContext.volumePermissions.securityContext.runAsUser )) "auto" }}
securityContext: {{- omit $dindContext.volumePermissions.securityContext "runAsUser" | toYaml | nindent 6 }}
{{- else }}
securityContext: {{- $dindContext.volumePermissions.securityContext | toYaml | nindent 6 }}
{{- end }}
resources:
{{- toYaml $dindContext.volumePermissions.resources | nindent 6 }}
{{- end }}
extends: {{- toYaml .Values.runtime.runtimeExtends | nindent 2 }}
{{- if .Values.runtime.description }}
description: {{ .Values.runtime.description }}
{{- else }}
description: null
{{- end }}
{{- if .Values.global.accountId }}
accountId: {{ .Values.global.accountId }}
{{- end }}
{{- if not .Values.runtime.agent }}
accounts: {{- toYaml .Values.runtime.accounts | nindent 2 }}
{{- end }}
{{- if .Values.appProxy.enabled }}
appProxy:
externalIP: >-
{{ printf "https://%s%s" .Values.appProxy.ingress.host (.Values.appProxy.ingress.pathPrefix | default "/") }}
{{- end }}
{{- if not .Values.runtime.agent }}
systemHybrid: true
{{- end }}
{{- end }}

11
charts/codefresh/cf-runtime/7.2.2/templates/runtime/secret.yaml Normal file
View File

@ -0,0 +1,11 @@
{{- if and .Values.global.codefreshToken }}
apiVersion: v1
kind: Secret
type: Opaque
metadata:
name: {{ include "runtime.installation-token-secret-name" . }}
labels:
{{- include "runtime.labels" . | nindent 4 }}
stringData:
codefresh-api-token: {{ .Values.global.codefreshToken }}
{{- end }}

16
charts/codefresh/cf-runtime/7.2.2/templates/runtime/svc-dind.yaml Normal file
View File

@ -0,0 +1,16 @@
apiVersion: v1
kind: Service
metadata:
labels:
{{- include "runtime.labels" . | nindent 4 }}
app: dind
{{/* has to be a constant */}}
name: dind
spec:
ports:
- name: "dind-port"
port: 1300
protocol: TCP
clusterIP: None
selector:
app: dind

11
charts/codefresh/cf-runtime/7.2.2/templates/volume-provisioner/cronjob.yaml Normal file
View File

@ -0,0 +1,11 @@
{{- $volumeProvisionerContext := deepCopy . }}
{{- $_ := set $volumeProvisionerContext "Values" (get .Values.volumeProvisioner "dind-volume-cleanup") }}
{{- $_ := set $volumeProvisionerContext.Values "serviceAccount" (get .Values.volumeProvisioner "serviceAccount") }}
{{- $_ := set $volumeProvisionerContext.Values "global" (get .Values "global") }}
{{- $_ := set $volumeProvisionerContext.Values "storage" (get .Values "storage") }}
{{- $_ := set $volumeProvisionerContext.Values "nameOverride" (get .Values "nameOverride") }}
{{- $_ := set $volumeProvisionerContext.Values "fullnameOverride" (get .Values "fullnameOverride") }}
{{- if and $volumeProvisionerContext.Values.enabled .Values.volumeProvisioner.enabled }}
{{- include "dind-volume-provisioner.resources.cronjob" $volumeProvisionerContext }}
{{- end }}

11
charts/codefresh/cf-runtime/7.2.2/templates/volume-provisioner/daemonset.yaml Normal file
View File

@ -0,0 +1,11 @@
{{- $volumeProvisionerContext := deepCopy . }}
{{- $_ := set $volumeProvisionerContext "Values" (get .Values.volumeProvisioner "dind-lv-monitor") }}
{{- $_ := set $volumeProvisionerContext.Values "serviceAccount" (get .Values.volumeProvisioner "serviceAccount") }}
{{- $_ := set $volumeProvisionerContext.Values "global" (get .Values "global") }}
{{- $_ := set $volumeProvisionerContext.Values "storage" (get .Values "storage") }}
{{- $_ := set $volumeProvisionerContext.Values "nameOverride" (get .Values "nameOverride") }}
{{- $_ := set $volumeProvisionerContext.Values "fullnameOverride" (get .Values "fullnameOverride") }}
{{- if and $volumeProvisionerContext.Values.enabled .Values.volumeProvisioner.enabled }}
{{- include "dind-volume-provisioner.resources.daemonset" $volumeProvisionerContext }}
{{- end }}

10
charts/codefresh/cf-runtime/7.2.2/templates/volume-provisioner/deployment.yaml Normal file
View File

@ -0,0 +1,10 @@
{{- $volumeProvisionerContext := deepCopy . }}
{{- $_ := set $volumeProvisionerContext "Values" (get .Values "volumeProvisioner") }}
{{- $_ := set $volumeProvisionerContext.Values "global" (get .Values "global") }}
{{- $_ := set $volumeProvisionerContext.Values "storage" (get .Values "storage") }}
{{- $_ := set $volumeProvisionerContext.Values "nameOverride" (get .Values "nameOverride") }}
{{- $_ := set $volumeProvisionerContext.Values "fullnameOverride" (get .Values "fullnameOverride") }}
{{- if $volumeProvisionerContext.Values.enabled }}
{{- include "dind-volume-provisioner.resources.deployment" $volumeProvisionerContext }}
{{- end }}

9
charts/codefresh/cf-runtime/7.2.2/templates/volume-provisioner/rbac.yaml Normal file
View File

@ -0,0 +1,9 @@
{{- $volumeProvisionerContext := deepCopy . }}
{{- $_ := set $volumeProvisionerContext "Values" (get .Values "volumeProvisioner") }}
{{- $_ := set $volumeProvisionerContext.Values "global" (get .Values "global") }}
{{- $_ := set $volumeProvisionerContext.Values "nameOverride" (get .Values "nameOverride") }}
{{- $_ := set $volumeProvisionerContext.Values "fullnameOverride" (get .Values "fullnameOverride") }}
{{- if $volumeProvisionerContext.Values.enabled }}
{{- include "dind-volume-provisioner.resources.rbac" $volumeProvisionerContext }}
{{- end }}

10
charts/codefresh/cf-runtime/7.2.2/templates/volume-provisioner/secret.yaml Normal file
View File

@ -0,0 +1,10 @@
{{- $volumeProvisionerContext := deepCopy . }}
{{- $_ := set $volumeProvisionerContext "Values" (get .Values "volumeProvisioner") }}
{{- $_ := set $volumeProvisionerContext.Values "global" (get .Values "global") }}
{{- $_ := set $volumeProvisionerContext.Values "storage" (get .Values "storage") }}
{{- $_ := set $volumeProvisionerContext.Values "nameOverride" (get .Values "nameOverride") }}
{{- $_ := set $volumeProvisionerContext.Values "fullnameOverride" (get .Values "fullnameOverride") }}
{{- if $volumeProvisionerContext.Values.enabled }}
{{- include "dind-volume-provisioner.resources.secret" $volumeProvisionerContext }}
{{- end }}

10
charts/codefresh/cf-runtime/7.2.2/templates/volume-provisioner/storageclass.yaml Normal file
View File

@ -0,0 +1,10 @@
{{- $volumeProvisionerContext := deepCopy . }}
{{- $_ := set $volumeProvisionerContext "Values" (get .Values "volumeProvisioner") }}
{{- $_ := set $volumeProvisionerContext.Values "global" (get .Values "global") }}
{{- $_ := set $volumeProvisionerContext.Values "storage" (get .Values "storage") }}
{{- $_ := set $volumeProvisionerContext.Values "nameOverride" (get .Values "nameOverride") }}
{{- $_ := set $volumeProvisionerContext.Values "fullnameOverride" (get .Values "fullnameOverride") }}
{{- if $volumeProvisionerContext.Values.enabled }}
{{- include "dind-volume-provisioner.resources.storageclass" $volumeProvisionerContext }}
{{- end }}

38
charts/codefresh/cf-runtime/7.2.2/values-rootless.yaml Normal file
View File

@ -0,0 +1,38 @@
volumeProvisioner:
env:
IS_ROOTLESS: true
# -- Only if local volumes are used as backend storage (ignored for ebs/ebs-csi disks)
dind-lv-monitor:
image:
tag: 1.30.0-rootless
digest: sha256:712e549e6e843b04684647f17e0973f8047e0d60e6e8b38a693ea64dc75b0479
containerSecurityContext:
runAsUser: 1000
podSecurityContext:
fsGroup: 1000
# Ref: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/#configure-volume-permission-and-ownership-change-policy-for-pods
fsGroupChangePolicy: "OnRootMismatch"
# -- Enable initContainer to run chmod for /var/lib/codefresh/dind-volumes on host nodes
volumePermissions:
enabled: false
runtime:
dind:
image:
tag: 26.1.4-1.28.10-rootless
digest: sha256:59dfc004eb22a8f09c8a3d585271a055af9df4591ab815bca418c24a2077f5c8
userVolumeMounts:
dind:
name: dind
mountPath: /home/rootless/.local/share/docker
containerSecurityContext:
privileged: true
runAsUser: 1000
podSecurityContext:
fsGroup: 1000
# Ref: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/#configure-volume-permission-and-ownership-change-policy-for-pods
fsGroupChangePolicy: "OnRootMismatch"
# -- Enable initContainer to run chmod for /home/rootless in DinD pod
# !!! Will slow down dind pod startup
volumePermissions:
enabled: true

914
charts/codefresh/cf-runtime/7.2.2/values.yaml Normal file
View File

@ -0,0 +1,914 @@
# -- String to partially override cf-runtime.fullname template (will maintain the release name)
nameOverride: ""
# -- String to fully override cf-runtime.fullname template
fullnameOverride: ""
# -- Global parameters
# @default -- See below
global:
# -- Global Docker image registry
imageRegistry: ""
# -- Global Docker registry secret names as array
imagePullSecrets: []
# -- URL of Codefresh Platform (required!)
codefreshHost: "https://g.codefresh.io"
# -- User token in plain text (required if `global.codefreshTokenSecretKeyRef` is omitted!)
# Ref: https://g.codefresh.io/user/settings (see API Keys)
# Minimal API key scopes: Runner-Installation(read+write), Agent(read+write), Agents(read+write)
codefreshToken: ""
# -- User token that references an existing secret containing API key (required if `global.codefreshToken` is omitted!)
codefreshTokenSecretKeyRef: {}
# E.g.
# codefreshTokenSecretKeyRef:
# name: my-codefresh-api-token
# key: codefresh-api-token
# -- Account ID (required!)
# Can be obtained here https://g.codefresh.io/2.0/account-settings/account-information
accountId: ""
# -- K8s context name (required!)
context: ""
# E.g.
# context: prod-ue1-runtime-1
# -- Agent Name (optional!)
# If omitted, the following format will be used `{{ .Values.global.context }}_{{ .Release.Namespace }}`
agentName: ""
# E.g.
# agentName: prod-ue1-runtime-1
# -- Runtime name (optional!)
# If omitted, the following format will be used `{{ .Values.global.context }}/{{ .Release.Namespace }}`
runtimeName: ""
# E.g.
# runtimeName: prod-ue1-runtime-1/namespace
# -- DEPRECATED Agent token in plain text.
# !!! MUST BE provided if migrating from < 6.x chart version
agentToken: ""
# -- DEPRECATED Agent token that references an existing secret containing API key.
# !!! MUST BE provided if migrating from < 6.x chart version
agentTokenSecretKeyRef: {}
# E.g.
# agentTokenSecretKeyRef:
# name: my-codefresh-agent-secret
# key: codefresh-agent-token
# DEPRECATED -- Use `.Values.global.imageRegistry` instead
dockerRegistry: ""
# DEPRECATED -- Use `.Values.runtime` instead
re: {}
# -- Runner parameters
# @default -- See below
runner:
# -- Enable the runner
enabled: true
# -- Set number of pods
replicasCount: 1
# -- Upgrade strategy
updateStrategy:
type: RollingUpdate
# -- Set pod annotations
podAnnotations: {}
# -- Set image
image:
registry: quay.io
repository: codefresh/venona
tag: 1.10.8
digest: sha256:2327a1af2b8ad13e9685e7e577c2aa0d23580657c8da001f436f803280879eab
# -- Init container
init:
image:
registry: quay.io
repository: codefresh/cli
tag: 0.88.4-rootless
digest: sha256:b256d150ff8a636851ddc1d5fb0490114d5036cc5bff357eac6a9899fea87562
resources:
limits:
memory: 512Mi
cpu: '1'
requests:
memory: 256Mi
cpu: '0.2'
# -- Sidecar container
# Reconciles runtime spec from Codefresh API for drift detection
sidecar:
enabled: false
image:
registry: quay.io
repository: codefresh/kubectl
tag: 1.31.2
digest: sha256:a30a8810dde249d0198f67792ed9696363f15c8cecbac955ee9bd267b5454ee7
env:
RECONCILE_INTERVAL: 300
resources: {}
# -- Add additional env vars
env: {}
# E.g.
# env:
# WORKFLOW_CONCURRENCY: 50 # The number of workflow creation and termination tasks the Runner can handle in parallel. Defaults to 50
# -- Service Account parameters
serviceAccount:
# -- Create service account
create: true
# -- Override service account name
name: ""
# -- Additional service account annotations
annotations: {}
# -- RBAC parameters
rbac:
# -- Create RBAC resources
create: true
# -- Add custom rule to the role
rules: []
# -- Set security context for the pod
# @default -- See below
podSecurityContext:
enabled: true
runAsUser: 10001
runAsGroup: 10001
fsGroup: 10001
# -- Readiness probe configuration
# @default -- See below
readinessProbe:
failureThreshold: 5
initialDelaySeconds: 5
periodSeconds: 5
successThreshold: 1
timeoutSeconds: 5
# -- Set requests and limits
resources: {}
# -- Set node selector
nodeSelector: {}
# -- Set tolerations
tolerations: []
# -- Set affinity
affinity: {}
# -- Volume Provisioner parameters
# @default -- See below
volumeProvisioner:
# -- Enable volume-provisioner
enabled: true
# -- Set number of pods
replicasCount: 1
# -- Upgrade strategy
updateStrategy:
type: Recreate
# -- Set pod annotations
podAnnotations: {}
# -- Set image
image:
registry: quay.io
repository: codefresh/dind-volume-provisioner
tag: 1.35.2
digest: sha256:ede6f663c912a08b7d335b5ec5518ccc266b27c431d0854d22971005992adc5d
# -- Add additional env vars
env: {}
# E.g.
# env:
# THREADINESS: 4 # The number of PVC requests the dind-volume-provisioner can process in parallel. Defaults to 4
# -- Service Account parameters
serviceAccount:
# -- Create service account
create: true
# -- Override service account name
name: ""
# -- Additional service account annotations
annotations: {}
# E.g.
# serviceAccount:
# annotations:
# eks.amazonaws.com/role-arn: "arn:aws:iam::<ACCOUNT_ID>:role/<IAM_ROLE_NAME>"
# -- RBAC parameters
rbac:
# -- Create RBAC resources
create: true
# -- Add custom rule to the role
rules: []
# -- Set security context for the pod
# @default -- See below
podSecurityContext:
enabled: true
runAsUser: 3000
runAsGroup: 3000
fsGroup: 3000
# -- Set node selector
nodeSelector: {}
# -- Set resources
resources: {}
# -- Set tolerations
tolerations: []
# -- Set affinity
affinity: {}
# -- `dind-lv-monitor` DaemonSet parameters
# (local volumes cleaner)
# @default -- See below
dind-lv-monitor:
enabled: true
image:
registry: quay.io
repository: codefresh/dind-volume-utils
tag: 1.30.0
digest: sha256:506915ccb63481cd6b249e9068235100ea2ae39d4c811c3e49851c20cbe5ee6f
podAnnotations: {}
podSecurityContext:
enabled: false
runAsUser: 1000
fsGroup: 1000
containerSecurityContext: {}
env: {}
resources: {}
nodeSelector: {}
tolerations:
- key: 'codefresh/dind'
operator: 'Exists'
effect: 'NoSchedule'
volumePermissions:
enabled: false
image:
registry: docker.io
repository: alpine
tag: 3.18
digest: sha256:2995c82e8e723d9a5c8585cb8e901d1c50e3c2759031027d3bff577449435157
resources: {}
securityContext:
runAsUser: 0 # auto
# `dind-volume-cleanup` CronJob parameters
# (external volumes cleaner)
# @default -- See below
dind-volume-cleanup:
enabled: true
image:
registry: quay.io
repository: codefresh/dind-volume-cleanup
tag: 1.2.0
digest: sha256:1af3e3ecc87bf2e26ba07ecef68f54ad100d7e3b5fcf074099f627fd5d917369
env: {}
concurrencyPolicy: Forbid
schedule: "*/10 * * * *"
successfulJobsHistory: 3
failedJobsHistory: 1
suspend: false
podAnnotations: {}
podSecurityContext:
enabled: true
fsGroup: 3000
runAsGroup: 3000
runAsUser: 3000
nodeSelector: {}
affinity: {}
tolerations: []
# Storage parameters for volume-provisioner
# @default -- See below
storage:
# -- Set backend volume type (`local`/`ebs`/`ebs-csi`/`gcedisk`/`azuredisk`)
backend: local
# -- Set filesystem type (`ext4`/`xfs`)
fsType: "ext4"
# Storage parametrs example for local volumes on the K8S nodes filesystem (i.e. `storage.backend=local`)
# https://kubernetes.io/docs/concepts/storage/volumes/#local
# @default -- See below
local:
# -- Set volume path on the host filesystem
volumeParentDir: /var/lib/codefresh/dind-volumes
# Storage parameters example for aws ebs disks (i.e. `storage.backend=ebs`/`storage.backend=ebs-csi`)
# https://aws.amazon.com/ebs/
# https://codefresh.io/docs/docs/installation/codefresh-runner/#aws-backend-volume-configuration
# @default -- See below
ebs:
# -- Set EBS volume type (`gp2`/`gp3`/`io1`) (required)
volumeType: "gp2"
# -- Set EBS volumes availability zone (required)
availabilityZone: "us-east-1a"
# -- Enable encryption (optional)
encrypted: "false"
# -- Set KMS encryption key ID (optional)
kmsKeyId: ""
# -- Set AWS_ACCESS_KEY_ID for volume-provisioner (optional)
# Ref: https://codefresh.io/docs/docs/installation/codefresh-runner/#dind-volume-provisioner-permissions
accessKeyId: ""
# -- Existing secret containing AWS_ACCESS_KEY_ID.
accessKeyIdSecretKeyRef: {}
# E.g.
# accessKeyIdSecretKeyRef:
# name:
# key:
# -- Set AWS_SECRET_ACCESS_KEY for volume-provisioner (optional)
# Ref: https://codefresh.io/docs/docs/installation/codefresh-runner/#dind-volume-provisioner-permissions
secretAccessKey: ""
# -- Existing secret containing AWS_SECRET_ACCESS_KEY
secretAccessKeySecretKeyRef: {}
# E.g.
# secretAccessKeySecretKeyRef:
# name:
# key:
# E.g.
# ebs:
# volumeType: gp3
# availabilityZone: us-east-1c
# encrypted: false
# iops: "5000"
# # I/O operations per second. Only effetive when gp3 volume type is specified.
# # Default value - 3000.
# # Max - 16,000
# throughput: "500"
# # Throughput in MiB/s. Only effective when gp3 volume type is specified.
# # Default value - 125.
# # Max - 1000.
# ebs:
# volumeType: gp2
# availabilityZone: us-east-1c
# encrypted: true
# kmsKeyId: "1234abcd-12ab-34cd-56ef-1234567890ab"
# accessKeyId: "MYKEYID"
# secretAccessKey: "MYACCESSKEY"
# Storage parameters example for gce disks
# https://cloud.google.com/compute/docs/disks#pdspecs
# https://codefresh.io/docs/docs/installation/codefresh-runner/#gke-google-kubernetes-engine-backend-volume-configuration
# @default -- See below
gcedisk:
# -- Set GCP volume backend type (`pd-ssd`/`pd-standard`)
volumeType: "pd-ssd"
# -- Set GCP volume availability zone
availabilityZone: "us-west1-a"
# -- Set Google SA JSON key for volume-provisioner (optional)
serviceAccountJson: ""
# -- Existing secret containing containing Google SA JSON key for volume-provisioner (optional)
serviceAccountJsonSecretKeyRef: {}
# E.g.
# gcedisk:
# volumeType: pd-ssd
# availabilityZone: us-central1-c
# serviceAccountJson: |-
# {
# "type": "service_account",
# "project_id": "...",
# "private_key_id": "...",
# "private_key": "...",
# "client_email": "...",
# "client_id": "...",
# "auth_uri": "...",
# "token_uri": "...",
# "auth_provider_x509_cert_url": "...",
# "client_x509_cert_url": "..."
# }
# Storage parameters example for Azure Disks
# https://codefresh.io/docs/docs/installation/codefresh-runner/#install-codefresh-runner-on-azure-kubernetes-service-aks
# @default -- See below
azuredisk:
# -- Set storage type (`Premium_LRS`)
skuName: Premium_LRS
cachingMode: None
# availabilityZone: northeurope-1
# resourceGroup:
# DiskIOPSReadWrite: 500
# DiskMBpsReadWrite: 100
mountAzureJson: false
# -- Set runtime parameters
# @default -- See below
runtime:
# -- Set annotation on engine Service Account
# Ref: https://codefresh.io/docs/docs/administration/codefresh-runner/#injecting-aws-arn-roles-into-the-cluster
serviceAccount:
create: true
annotations: {}
# E.g.
# serviceAccount:
# annotations:
# eks.amazonaws.com/role-arn: "arn:aws:iam::<ACCOUNT_ID>:role/<IAM_ROLE_NAME>"
# -- Set parent runtime to inherit.
# Should not be changes. Parent runtime is controlled from Codefresh side.
runtimeExtends:
- system/default/hybrid/k8s_low_limits
# -- Runtime description
description: ""
# -- RBAC parameters
rbac:
# -- Create RBAC resources
create: true
# -- Add custom rule to the engine role
rules: []
# -- (for On-Premise only) Enable agent
agent: true
# -- (for On-Premise only) Set inCluster runtime
inCluster: true
# -- (for On-Premise only) Assign accounts to runtime (list of account ids)
accounts: []
# -- Parameters for DinD (docker-in-docker) pod (aka "runtime" pod).
dind:
# -- Set dind image.
image:
registry: quay.io
repository: codefresh/dind
tag: 26.1.4-1.28.8 # use `latest-rootless/rootless/26.1.4-1.28.8-rootless` tags for rootless-dind
pullPolicy: IfNotPresent
digest: sha256:33c343dd01e8a24f0b4a872bbe62884320719f9d9dc27b7a8fed9f7e9fc7e80e
# -- Set dind resources.
resources:
requests: null
limits:
cpu: 400m
memory: 800Mi
# -- Set termination grace period.
terminationGracePeriodSeconds: 30
# -- PV claim spec parametes.
pvcs:
# -- Default dind PVC parameters
dind:
# -- PVC name prefix.
# Keep `dind` as default! Don't change!
name: dind
# -- PVC storage class name.
# Change ONLY if you need to use storage class NOT from Codefresh volume-provisioner
storageClassName: '{{ include "dind-volume-provisioner.storageClassName" . }}'
# -- PVC size.
volumeSize: 16Gi
# -- PV reuse selector.
# Ref: https://codefresh.io/docs/docs/installation/codefresh-runner/#volume-reuse-policy
reuseVolumeSelector: codefresh-app,io.codefresh.accountName
reuseVolumeSortOrder: pipeline_id
# -- PV annotations.
annotations: {}
# E.g.:
# annotations:
# codefresh.io/volume-retention: 7d
# -- Set additional env vars.
env:
DOCKER_ENABLE_DEPRECATED_PULL_SCHEMA_1_IMAGE: true
# -- Set pod annotations.
podAnnotations: {}
# -- Set pod labels.
podLabels: {}
# -- Set node selector.
nodeSelector: {}
# -- Set affinity
affinity: {}
# -- Set tolerations.
tolerations: []
# -- Set security context for the pod.
podSecurityContext: {}
# -- Set container security context.
containerSecurityContext: {}
# -- Set scheduler name.
schedulerName: ""
# -- Set service account for pod.
serviceAccount: codefresh-engine
# -- Keep `true` as default!
userAccess: true
# -- Add extra volumes
userVolumes: {}
# E.g.:
# userVolumes:
# regctl-docker-registry:
# name: regctl-docker-registry
# secret:
# items:
# - key: .dockerconfigjson
# path: config.json
# secretName: regctl-docker-registry
# optional: true
# -- Add extra volume mounts
userVolumeMounts: {}
# E.g.:
# userVolumeMounts:
# regctl-docker-registry:
# name: regctl-docker-registry
# mountPath: /home/appuser/.docker/
# readOnly: true
volumePermissions:
enabled: false
image:
registry: docker.io
repository: alpine
tag: 3.18
digest: sha256:2995c82e8e723d9a5c8585cb8e901d1c50e3c2759031027d3bff577449435157
resources: {}
securityContext:
runAsUser: 0 # auto
# -- Parameters for Engine pod (aka "pipeline" orchestrator).
engine:
# -- Set image.
image:
registry: quay.io
repository: codefresh/engine
tag: 1.176.0
pullPolicy: IfNotPresent
digest: sha256:4f2d32de7ea24e6f152516ae3e8bd1a83a764f2355607c57fad48412c212dbfb
# -- Set container command.
command:
- npm
- run
- start
# -- Set resources.
resources:
requests:
cpu: 100m
memory: 128Mi
limits:
cpu: 1000m
memory: 2048Mi
# -- Set termination grace period.
terminationGracePeriodSeconds: 180
# -- Set system(base) runtime images.
# @default -- See below.
runtimeImages:
COMPOSE_IMAGE: quay.io/codefresh/compose:v2.28.1-1.5.0@sha256:362977564c096b7c2c007b8478ec87cac13d781839adc271d858290213bd89f2
CONTAINER_LOGGER_IMAGE: quay.io/codefresh/cf-container-logger:1.11.8@sha256:db1e1e7f038262cb6051b01c20cde276150ae731479e5d1e0aef39d08fc72ae5
DOCKER_BUILDER_IMAGE: quay.io/codefresh/cf-docker-builder:1.3.17@sha256:d5f9a4a479345d124041851c832a7acc71d62ef16434fae3b13be138efb96273
DOCKER_PULLER_IMAGE: quay.io/codefresh/cf-docker-puller:8.0.18@sha256:1a15c3ae0952d3986de7866a3def8ac7e3e39f668fe87fd46c63d886ca06c6d7
DOCKER_PUSHER_IMAGE: quay.io/codefresh/cf-docker-pusher:6.0.16@sha256:05efc1af8b1196f1b9b3f0781b4dcc1aa2cdd0ffc1347ee5fa81b16d029ec5c2
DOCKER_TAG_PUSHER_IMAGE: quay.io/codefresh/cf-docker-tag-pusher:1.3.15@sha256:3a3e90cd10801c7ec0d3cf3816d0dcc90894d5d1771448c43f67215d90da5eca
FS_OPS_IMAGE: quay.io/codefresh/fs-ops:1.2.3@sha256:57374ccd5275325fc36b237fb38c77dd1f65c84d5aebfe88c9ea0e434ea20fc9
GIT_CLONE_IMAGE: quay.io/codefresh/cf-git-cloner:10.2.0@sha256:a3ec854823f17d0fd817d978219122e644b1abd6db778fd835688fcb6d88c515
KUBE_DEPLOY: quay.io/codefresh/cf-deploy-kubernetes:16.1.11@sha256:b6b3fc6cc5fad3ba9e36055278ce99a74a86876be116574503c6fbb4c1b4aa76
PIPELINE_DEBUGGER_IMAGE: quay.io/codefresh/cf-debugger:1.3.7@sha256:3391822b7ad9835cc2a3a0ce5aaa55774ca110a8682d9512205dea24f438718a
TEMPLATE_ENGINE: quay.io/codefresh/pikolo:0.14.1@sha256:fb7173cfed7536f7de68e75996106e2ce3a0a204e6c5609cba0d7eb62c9db9e1
CR_6177_FIXER: alpine:edge@sha256:8431297eedca8df8f1e6144803c6d7e057ecff2408aa6861213cb9e507acadf8
GC_BUILDER_IMAGE: quay.io/codefresh/cf-gc-builder:0.5.3@sha256:33ac914e6b844909f188a208cf90e569358cafa5aaa60f49848f49d99bcaf875
COSIGN_IMAGE_SIGNER_IMAGE: quay.io/codefresh/cf-cosign-image-signer:2.4.0-cf.2@sha256:5e0993207aa809c25ed70cf89af444d9720892fb4a29deb82db45618b0cae4a9
# -- Set additional env vars.
env:
# -- Interval to check the exec status in the container-logger
CONTAINER_LOGGER_EXEC_CHECK_INTERVAL_MS: 1000
# -- Timeout while doing requests to the Docker daemon
DOCKER_REQUEST_TIMEOUT_MS: 30000
# -- If "true", composition images will be pulled sequentially
FORCE_COMPOSE_SERIAL_PULL: false
# -- Level of logging for engine
LOGGER_LEVEL: debug
# -- Enable debug-level logging of outgoing HTTP/HTTPS requests
LOG_OUTGOING_HTTP_REQUESTS: false
# -- Enable emitting metrics from engine
METRICS_PROMETHEUS_ENABLED: true
# -- Enable legacy metrics
METRICS_PROMETHEUS_ENABLE_LEGACY_METRICS: false
# -- Enable collecting process metrics
METRICS_PROMETHEUS_COLLECT_PROCESS_METRICS: false
# -- Host for Prometheus metrics server
METRICS_PROMETHEUS_HOST: '0.0.0.0'
# -- Port for Prometheus metrics server
METRICS_PROMETHEUS_PORT: 9100
# -- Trusted QEMU images used for docker builds - when left blank only 'tonistiigi/binfmt' is trusted.
TRUSTED_QEMU_IMAGES: ''
# -- Set workflow limits.
workflowLimits:
# -- Maximum time allowed to the engine to wait for the pre-steps (aka "Initializing Process") to succeed; seconds.
MAXIMUM_ALLOWED_TIME_BEFORE_PRE_STEPS_SUCCESS: 600
# -- Maximum time for workflow execution; seconds.
MAXIMUM_ALLOWED_WORKFLOW_AGE_BEFORE_TERMINATION: 86400
# -- Maximum time allowed to workflow to spend in "elected" state; seconds.
MAXIMUM_ELECTED_STATE_AGE_ALLOWED: 900
# -- Maximum retry attempts allowed for workflow.
MAXIMUM_RETRY_ATTEMPTS_ALLOWED: 20
# -- Maximum time allowed to workflow to spend in "terminating" state until force terminated; seconds.
MAXIMUM_TERMINATING_STATE_AGE_ALLOWED: 900
# -- Maximum time allowed to workflow to spend in "terminating" state without logs activity until force terminated; seconds.
MAXIMUM_TERMINATING_STATE_AGE_ALLOWED_WITHOUT_UPDATE: 300
# -- Time since the last health check report after which workflow is terminated; seconds.
TIME_ENGINE_INACTIVE_UNTIL_TERMINATION: 300
# -- Time since the last health check report after which the engine is considered unhealthy; seconds.
TIME_ENGINE_INACTIVE_UNTIL_UNHEALTHY: 60
# -- Time since the last workflow logs activity after which workflow is terminated; seconds.
TIME_INACTIVE_UNTIL_TERMINATION: 2700
# -- Set pod annotations.
podAnnotations: {}
# -- Set pod labels.
podLabels: {}
# -- Set node selector.
nodeSelector: {}
# -- Set affinity
affinity: {}
# -- Set tolerations.
tolerations: []
# -- Set scheduler name.
schedulerName: ""
# -- Set service account for pod.
serviceAccount: codefresh-engine
# -- Set extra env vars
userEnvVars: []
# E.g.
# userEnvVars:
# - name: GITHUB_TOKEN
# valueFrom:
# secretKeyRef:
# name: github-token
# key: token
# -- Parameters for `runtime-patch` post-upgrade/install hook
# @default -- See below
patch:
enabled: true
image:
registry: quay.io
repository: codefresh/cli
tag: 0.88.4-rootless
digest: sha256:b256d150ff8a636851ddc1d5fb0490114d5036cc5bff357eac6a9899fea87562
rbac:
enabled: true
annotations: {}
affinity: {}
nodeSelector: {}
podSecurityContext: {}
resources: {}
tolerations: []
ttlSecondsAfterFinished: 180
env:
HOME: /tmp
# -- Parameters for `gencerts-dind` post-upgrade/install hook
# @default -- See below
gencerts:
enabled: true
image:
registry: quay.io
repository: codefresh/kubectl
tag: 1.31.2
digest: sha256:a30a8810dde249d0198f67792ed9696363f15c8cecbac955ee9bd267b5454ee7
rbac:
enabled: true
annotations: {}
affinity: {}
nodeSelector: {}
podSecurityContext: {}
resources: {}
tolerations: []
ttlSecondsAfterFinished: 180
# -- DinD pod daemon config
# @default -- See below
dindDaemon:
hosts:
- unix:///var/run/docker.sock
- tcp://0.0.0.0:1300
tlsverify: true
tls: true
tlscacert: /etc/ssl/cf-client/ca.pem
tlscert: /etc/ssl/cf/server-cert.pem
tlskey: /etc/ssl/cf/server-key.pem
insecure-registries:
- 192.168.99.100:5000
metrics-addr: 0.0.0.0:9323
experimental: true
# App-Proxy parameters
# Ref: https://codefresh.io/docs/docs/installation/codefresh-runner/#app-proxy-installation
# @default -- See below
appProxy:
# -- Enable app-proxy
enabled: false
# -- Set number of pods
replicasCount: 1
# -- Upgrade strategy
updateStrategy:
type: RollingUpdate
# -- Set pod annotations
podAnnotations: {}
# -- Set image
image:
registry: quay.io
repository: codefresh/cf-app-proxy
tag: 0.0.47
digest: sha256:324a9b89924152cce195c7239ddd8501c8aa5f901d19bc4d9f3936cbe5dac14f
# -- Add additional env vars
env: {}
# Set app-proxy ingress parameters
# @default -- See below
ingress:
# -- Set path prefix for ingress (keep empty for default `/` path)
pathPrefix: ""
# -- Set ingress class
class: ""
# -- Set DNS hostname the ingress will use
host: ""
# -- Set k8s tls secret for the ingress object
tlsSecret: ""
# -- Set extra annotations for ingress object
annotations: {}
# E.g.
# ingress:
# pathPrefix: "/cf-app-proxy"
# class: "nginx"
# host: "mydomain.com"
# tlsSecret: "tls-cert-app-proxy"
# annotations:
# nginx.ingress.kubernetes.io/whitelist-source-range: 123.123.123.123/130
# -- Service Account parameters
serviceAccount:
# -- Create service account
create: true
# -- Override service account name
name: ""
# -- Use Role(true)/ClusterRole(true)
namespaced: true
# -- Additional service account annotations
annotations: {}
# -- RBAC parameters
rbac:
# -- Create RBAC resources
create: true
# -- Use Role(true)/ClusterRole(true)
namespaced: true
# -- Add custom rule to the role
rules: []
# -- Set security context for the pod
podSecurityContext: {}
# -- Readiness probe configuration
# @default -- See below
readinessProbe:
failureThreshold: 5
initialDelaySeconds: 5
periodSeconds: 5
successThreshold: 1
timeoutSeconds: 5
# -- Set requests and limits
resources: {}
# -- Set node selector
nodeSelector: {}
# -- Set tolerations
tolerations: []
# -- Set affinity
affinity: {}
# Monitor parameters
# @default -- See below
monitor:
# -- Enable monitor
# Ref: https://codefresh.io/docs/docs/installation/codefresh-runner/#install-monitoring-component
enabled: false
# -- Set number of pods
replicasCount: 1
# -- Upgrade strategy
updateStrategy:
type: RollingUpdate
# -- Set pod annotations
podAnnotations: {}
# -- Set image
image:
registry: quay.io
repository: codefresh/cf-k8s-agent
tag: 1.3.19
digest: sha256:5be2b798d583abdae68271f57724dd7f2b0251a238845c466fa7b67f078f59ad
# -- Add additional env vars
env: {}
# -- Service Account parameters
serviceAccount:
# -- Create service account
create: true
# -- Override service account name
name: ""
# -- Additional service account annotations
annotations: {}
# -- RBAC parameters
rbac:
# -- Create RBAC resources
create: true
# -- Use Role(true)/ClusterRole(true)
namespaced: true
# -- Add custom rule to the role
rules: []
# -- Readiness probe configuration
# @default -- See below
readinessProbe:
failureThreshold: 5
initialDelaySeconds: 5
periodSeconds: 5
successThreshold: 1
timeoutSeconds: 5
podSecurityContext: {}
# -- Set node selector
nodeSelector: {}
# -- Set resources
resources: {}
# -- Set tolerations
tolerations: []
# -- Set affinity
affinity: {}
# -- Add serviceMonitor
# @default -- See below
serviceMonitor:
main:
# -- Enable service monitor for dind pods
enabled: false
nameOverride: dind
selector:
matchLabels:
app: dind
endpoints:
- path: /metrics
targetPort: 9100
relabelings:
- action: labelmap
regex: __meta_kubernetes_pod_label_(.+)
# -- Add podMonitor (for engine pods)
# @default -- See below
podMonitor:
main:
# -- Enable pod monitor for engine pods
enabled: false
nameOverride: engine
selector:
matchLabels:
app: runtime
podMetricsEndpoints:
- path: /metrics
targetPort: 9100
runner:
# -- Enable pod monitor for runner pod
enabled: false
nameOverride: runner
selector:
matchLabels:
codefresh.io/application: runner
podMetricsEndpoints:
- path: /metrics
targetPort: 8080
volume-provisioner:
# -- Enable pod monitor for volumeProvisioner pod
enabled: false
nameOverride: volume-provisioner
selector:
matchLabels:
codefresh.io/application: volume-provisioner
podMetricsEndpoints:
- path: /metrics
targetPort: 8080
# -- Event exporter parameters
# @default -- See below
event-exporter:
# -- Enable event-exporter
enabled: false
# -- Set number of pods
replicasCount: 1
# -- Upgrade strategy
updateStrategy:
type: Recreate
# -- Set pod annotations
podAnnotations: {}
# -- Set image
image:
registry: docker.io
repository: codefresh/k8s-event-exporter
tag: latest
digest: sha256:cf52048f1378fb6659dffd1394d68fdf23a7ea709585dc14b5007f3e5a1b7584
# -- Add additional env vars
env: {}
# -- Service Account parameters
serviceAccount:
# -- Create service account
create: true
# -- Override service account name
name: ""
# -- Additional service account annotations
annotations: {}
# -- RBAC parameters
rbac:
# -- Create RBAC resources
create: true
# -- Add custom rule to the role
rules: []
# -- Set security context for the pod
# @default -- See below
podSecurityContext:
enabled: false
# -- Set node selector
nodeSelector: {}
# -- Set resources
resources: {}
# -- Set tolerations
tolerations: []
# -- Set affinity
affinity: {}
# -- Array of extra objects to deploy with the release
extraResources: []
# E.g.
# extraResources:
# - apiVersion: rbac.authorization.k8s.io/v1
# kind: ClusterRole
# metadata:
# name: codefresh-role
# rules:
# - apiGroups: [ "*"]
# resources: ["*"]
# verbs: ["get", "list", "watch", "create", "update", "patch", "delete"]
# - apiVersion: v1
# kind: ServiceAccount
# metadata:
# name: codefresh-user
# namespace: "{{ .Release.Namespace }}"
# - apiVersion: rbac.authorization.k8s.io/v1
# kind: ClusterRoleBinding
# metadata:
# name: codefresh-user
# roleRef:
# apiGroup: rbac.authorization.k8s.io
# kind: ClusterRole
# name: codefresh-role
# subjects:
# - kind: ServiceAccount
# name: codefresh-user
# namespace: "{{ .Release.Namespace }}"
# - apiVersion: v1
# kind: Secret
# type: kubernetes.io/service-account-token
# metadata:
# name: codefresh-user-token
# namespace: "{{ .Release.Namespace }}"
# annotations:
# kubernetes.io/service-account.name: "codefresh-user"

23
charts/speedscale/speedscale-operator/2.2.744/.helmignore Normal file
View File

@ -0,0 +1,23 @@
# Patterns to ignore when building packages.
# This supports shell glob matching, relative path matching, and
# negation (prefixed with !). Only one pattern per line.
.DS_Store
# Common VCS dirs
.git/
.gitignore
.bzr/
.bzrignore
.hg/
.hgignore
.svn/
# Common backup files
*.swp
*.bak
*.tmp
*.orig
*~
# Various IDEs
.project
.idea/
*.tmproj
.vscode/

27
charts/speedscale/speedscale-operator/2.2.744/Chart.yaml Normal file
View File

@ -0,0 +1,27 @@
annotations:
catalog.cattle.io/certified: partner
catalog.cattle.io/display-name: Speedscale Operator
catalog.cattle.io/kube-version: '>= 1.17.0-0'
catalog.cattle.io/release-name: speedscale-operator
apiVersion: v1
appVersion: 2.2.744
description: Stress test your APIs with real world scenarios. Collect and replay
traffic without scripting.
home: https://speedscale.com
icon: file://assets/icons/speedscale-operator.png
keywords:
- speedscale
- test
- testing
- regression
- reliability
- load
- replay
- network
- traffic
kubeVersion: '>= 1.17.0-0'
maintainers:
- email: support@speedscale.com
name: Speedscale Support
name: speedscale-operator
version: 2.2.744

201
charts/speedscale/speedscale-operator/2.2.744/LICENSE Normal file
View File

@ -0,0 +1,201 @@
Apache License
Version 2.0, January 2004
http://www.apache.org/licenses/
TERMS AND CONDITIONS FOR USE, REPRODUCTION, AND DISTRIBUTION
1. Definitions.
"License" shall mean the terms and conditions for use, reproduction,
and distribution as defined by Sections 1 through 9 of this document.
"Licensor" shall mean the copyright owner or entity authorized by
the copyright owner that is granting the License.
"Legal Entity" shall mean the union of the acting entity and all
other entities that control, are controlled by, or are under common
control with that entity. For the purposes of this definition,
"control" means (i) the power, direct or indirect, to cause the
direction or management of such entity, whether by contract or
otherwise, or (ii) ownership of fifty percent (50%) or more of the
outstanding shares, or (iii) beneficial ownership of such entity.
"You" (or "Your") shall mean an individual or Legal Entity
exercising permissions granted by this License.
"Source" form shall mean the preferred form for making modifications,
including but not limited to software source code, documentation
source, and configuration files.
"Object" form shall mean any form resulting from mechanical
transformation or translation of a Source form, including but
not limited to compiled object code, generated documentation,
and conversions to other media types.
"Work" shall mean the work of authorship, whether in Source or
Object form, made available under the License, as indicated by a
copyright notice that is included in or attached to the work
(an example is provided in the Appendix below).
"Derivative Works" shall mean any work, whether in Source or Object
form, that is based on (or derived from) the Work and for which the
editorial revisions, annotations, elaborations, or other modifications
represent, as a whole, an original work of authorship. For the purposes
of this License, Derivative Works shall not include works that remain
separable from, or merely link (or bind by name) to the interfaces of,
the Work and Derivative Works thereof.
"Contribution" shall mean any work of authorship, including
the original version of the Work and any modifications or additions
to that Work or Derivative Works thereof, that is intentionally
submitted to Licensor for inclusion in the Work by the copyright owner
or by an individual or Legal Entity authorized to submit on behalf of
the copyright owner. For the purposes of this definition, "submitted"
means any form of electronic, verbal, or written communication sent
to the Licensor or its representatives, including but not limited to
communication on electronic mailing lists, source code control systems,
and issue tracking systems that are managed by, or on behalf of, the
Licensor for the purpose of discussing and improving the Work, but
excluding communication that is conspicuously marked or otherwise
designated in writing by the copyright owner as "Not a Contribution."
"Contributor" shall mean Licensor and any individual or Legal Entity
on behalf of whom a Contribution has been received by Licensor and
subsequently incorporated within the Work.
2. Grant of Copyright License. Subject to the terms and conditions of
this License, each Contributor hereby grants to You a perpetual,
worldwide, non-exclusive, no-charge, royalty-free, irrevocable
copyright license to reproduce, prepare Derivative Works of,
publicly display, publicly perform, sublicense, and distribute the
Work and such Derivative Works in Source or Object form.
3. Grant of Patent License. Subject to the terms and conditions of
this License, each Contributor hereby grants to You a perpetual,
worldwide, non-exclusive, no-charge, royalty-free, irrevocable
(except as stated in this section) patent license to make, have made,
use, offer to sell, sell, import, and otherwise transfer the Work,
where such license applies only to those patent claims licensable
by such Contributor that are necessarily infringed by their
Contribution(s) alone or by combination of their Contribution(s)
with the Work to which such Contribution(s) was submitted. If You
institute patent litigation against any entity (including a
cross-claim or counterclaim in a lawsuit) alleging that the Work
or a Contribution incorporated within the Work constitutes direct
or contributory patent infringement, then any patent licenses
granted to You under this License for that Work shall terminate
as of the date such litigation is filed.
4. Redistribution. You may reproduce and distribute copies of the
Work or Derivative Works thereof in any medium, with or without
modifications, and in Source or Object form, provided that You
meet the following conditions:
(a) You must give any other recipients of the Work or
Derivative Works a copy of this License; and
(b) You must cause any modified files to carry prominent notices
stating that You changed the files; and
(c) You must retain, in the Source form of any Derivative Works
that You distribute, all copyright, patent, trademark, and
attribution notices from the Source form of the Work,
excluding those notices that do not pertain to any part of
the Derivative Works; and
(d) If the Work includes a "NOTICE" text file as part of its
distribution, then any Derivative Works that You distribute must
include a readable copy of the attribution notices contained
within such NOTICE file, excluding those notices that do not
pertain to any part of the Derivative Works, in at least one
of the following places: within a NOTICE text file distributed
as part of the Derivative Works; within the Source form or
documentation, if provided along with the Derivative Works; or,
within a display generated by the Derivative Works, if and
wherever such third-party notices normally appear. The contents
of the NOTICE file are for informational purposes only and
do not modify the License. You may add Your own attribution
notices within Derivative Works that You distribute, alongside
or as an addendum to the NOTICE text from the Work, provided
that such additional attribution notices cannot be construed
as modifying the License.
You may add Your own copyright statement to Your modifications and
may provide additional or different license terms and conditions
for use, reproduction, or distribution of Your modifications, or
for any such Derivative Works as a whole, provided Your use,
reproduction, and distribution of the Work otherwise complies with
the conditions stated in this License.
5. Submission of Contributions. Unless You explicitly state otherwise,
any Contribution intentionally submitted for inclusion in the Work
by You to the Licensor shall be under the terms and conditions of
this License, without any additional terms or conditions.
Notwithstanding the above, nothing herein shall supersede or modify
the terms of any separate license agreement you may have executed
with Licensor regarding such Contributions.
6. Trademarks. This License does not grant permission to use the trade
names, trademarks, service marks, or product names of the Licensor,
except as required for reasonable and customary use in describing the
origin of the Work and reproducing the content of the NOTICE file.
7. Disclaimer of Warranty. Unless required by applicable law or
agreed to in writing, Licensor provides the Work (and each
Contributor provides its Contributions) on an "AS IS" BASIS,
WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or
implied, including, without limitation, any warranties or conditions
of TITLE, NON-INFRINGEMENT, MERCHANTABILITY, or FITNESS FOR A
PARTICULAR PURPOSE. You are solely responsible for determining the
appropriateness of using or redistributing the Work and assume any
risks associated with Your exercise of permissions under this License.
8. Limitation of Liability. In no event and under no legal theory,
whether in tort (including negligence), contract, or otherwise,
unless required by applicable law (such as deliberate and grossly
negligent acts) or agreed to in writing, shall any Contributor be
liable to You for damages, including any direct, indirect, special,
incidental, or consequential damages of any character arising as a
result of this License or out of the use or inability to use the
Work (including but not limited to damages for loss of goodwill,
work stoppage, computer failure or malfunction, or any and all
other commercial damages or losses), even if such Contributor
has been advised of the possibility of such damages.
9. Accepting Warranty or Additional Liability. While redistributing
the Work or Derivative Works thereof, You may choose to offer,
and charge a fee for, acceptance of support, warranty, indemnity,
or other liability obligations and/or rights consistent with this
License. However, in accepting such obligations, You may act only
on Your own behalf and on Your sole responsibility, not on behalf
of any other Contributor, and only if You agree to indemnify,
defend, and hold each Contributor harmless for any liability
incurred by, or claims asserted against, such Contributor by reason
of your accepting any such warranty or additional liability.
END OF TERMS AND CONDITIONS
APPENDIX: How to apply the Apache License to your work.
To apply the Apache License to your work, attach the following
boilerplate notice, with the fields enclosed by brackets "[]"
replaced with your own identifying information. (Don't include
the brackets!) The text should be enclosed in the appropriate
comment syntax for the file format. We also recommend that a
file or class name and description of purpose be included on the
same "printed page" as the copyright notice for easier
identification within third-party archives.
Copyright 2021 Speedscale
Licensed under the Apache License, Version 2.0 (the "License");
you may not use this file except in compliance with the License.
You may obtain a copy of the License at
http://www.apache.org/licenses/LICENSE-2.0
Unless required by applicable law or agreed to in writing, software
distributed under the License is distributed on an "AS IS" BASIS,
WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
See the License for the specific language governing permissions and
limitations under the License.

111
charts/speedscale/speedscale-operator/2.2.744/README.md Normal file
View File

@ -0,0 +1,111 @@
![GitHub Tag](https://img.shields.io/github/v/tag/speedscale/operator-helm)
# Speedscale Operator
The [Speedscale](https://www.speedscale.com) Operator is a [Kubernetes operator](https://kubernetes.io/docs/concepts/extend-kubernetes/operator/)
that watches for deployments to be applied to the cluster and takes action based on annotations. The operator
can inject a proxy to capture traffic into or out of applications, or setup an isolation test environment around
a deployment for testing. The operator itself is a deployment that will be always present on the cluster once
the helm chart is installed.
## Prerequisites
- Kubernetes 1.20+
- Helm 3+
- Appropriate [network and firewall configuration](https://docs.speedscale.com/reference/networking) for Speedscale cloud and webhook traffic
## Get Repo Info
```bash
helm repo add speedscale https://speedscale.github.io/operator-helm/
helm repo update
```
_See [helm repo](https://helm.sh/docs/helm/helm_repo/) for command documentation._
## Install Chart
An API key is required. Sign up for a [free Speedscale trial](https://speedscale.com/free-trial/) if you do not have one.
```bash
helm install speedscale-operator speedscale/speedscale-operator \
-n speedscale \
--create-namespace \
--set apiKey=<YOUR-SPEEDSCALE-API-KEY> \
--set clusterName=<YOUR-CLUSTER-NAME>
```
_See [helm install](https://helm.sh/docs/helm/helm_install/) for command documentation._
### Pre-install job failure
We use pre-install job to check provided API key and provision some of the required resources.
If the job failed during the installation, you'll see the following error during install:
```
Error: INSTALLATION FAILED: failed pre-install: job failed: BackoffLimitExceeded
```
You can inspect the logs using this command:
```bash
kubectl -n speedscale logs job/speedscale-operator-pre-install
```
After fixing the error, uninstall the helm release, delete the failed job
and try installing again:
```bash
helm -n speedscale uninstall speedscale-operator
kubectl -n speedscale delete job speedscale-operator-pre-install
```
## Uninstall Chart
```bash
helm -n speedscale uninstall speedscale-operator
```
This removes all the Kubernetes components associated with the chart and deletes the release.
_See [helm uninstall](https://helm.sh/docs/helm/helm_uninstall/) for command documentation._
CRDs created by this chart are not removed by default and should be manually cleaned up:
```bash
kubectl delete crd trafficreplays.speedscale.com
```
## Upgrading Chart
```bash
helm repo update
helm -n speedscale upgrade speedscale-operator speedscale/speedscale-operator
```
Resources capturing traffic will need to be rolled to pick up the latest
Speedscale sidecar. Use the rollout restart command for each namespace and
resource type:
```bash
kubectl -n <namespace> rollout restart deployment
```
With Helm v3, CRDs created by this chart are not updated by default
and should be manually updated.
Consult also the [Helm Documentation on CRDs](https://helm.sh/docs/chart_best_practices/custom_resource_definitions).
_See [helm upgrade](https://helm.sh/docs/helm/helm_upgrade/) for command documentation._
### Upgrading an existing Release to a new version
A major chart version change (like v1.2.3 -> v2.0.0) indicates that there is an
incompatible breaking change needing manual actions.
## Help
Speedscale docs information available at [docs.speedscale.com](https://docs.speedscale.com) or join us
on the [Speedscale community Slack](https://join.slack.com/t/speedscalecommunity/shared_invite/zt-x5rcrzn4-XHG1QqcHNXIM~4yozRrz8A)!

111
charts/speedscale/speedscale-operator/2.2.744/app-readme.md Normal file
View File

@ -0,0 +1,111 @@
![GitHub Tag](https://img.shields.io/github/v/tag/speedscale/operator-helm)
# Speedscale Operator
The [Speedscale](https://www.speedscale.com) Operator is a [Kubernetes operator](https://kubernetes.io/docs/concepts/extend-kubernetes/operator/)
that watches for deployments to be applied to the cluster and takes action based on annotations. The operator
can inject a proxy to capture traffic into or out of applications, or setup an isolation test environment around
a deployment for testing. The operator itself is a deployment that will be always present on the cluster once
the helm chart is installed.
## Prerequisites
- Kubernetes 1.20+
- Helm 3+
- Appropriate [network and firewall configuration](https://docs.speedscale.com/reference/networking) for Speedscale cloud and webhook traffic
## Get Repo Info
```bash
helm repo add speedscale https://speedscale.github.io/operator-helm/
helm repo update
```
_See [helm repo](https://helm.sh/docs/helm/helm_repo/) for command documentation._
## Install Chart
An API key is required. Sign up for a [free Speedscale trial](https://speedscale.com/free-trial/) if you do not have one.
```bash
helm install speedscale-operator speedscale/speedscale-operator \
-n speedscale \
--create-namespace \
--set apiKey=<YOUR-SPEEDSCALE-API-KEY> \
--set clusterName=<YOUR-CLUSTER-NAME>
```
_See [helm install](https://helm.sh/docs/helm/helm_install/) for command documentation._
### Pre-install job failure
We use pre-install job to check provided API key and provision some of the required resources.
If the job failed during the installation, you'll see the following error during install:
```
Error: INSTALLATION FAILED: failed pre-install: job failed: BackoffLimitExceeded
```
You can inspect the logs using this command:
```bash
kubectl -n speedscale logs job/speedscale-operator-pre-install
```
After fixing the error, uninstall the helm release, delete the failed job
and try installing again:
```bash
helm -n speedscale uninstall speedscale-operator
kubectl -n speedscale delete job speedscale-operator-pre-install
```
## Uninstall Chart
```bash
helm -n speedscale uninstall speedscale-operator
```
This removes all the Kubernetes components associated with the chart and deletes the release.
_See [helm uninstall](https://helm.sh/docs/helm/helm_uninstall/) for command documentation._
CRDs created by this chart are not removed by default and should be manually cleaned up:
```bash
kubectl delete crd trafficreplays.speedscale.com
```
## Upgrading Chart
```bash
helm repo update
helm -n speedscale upgrade speedscale-operator speedscale/speedscale-operator
```
Resources capturing traffic will need to be rolled to pick up the latest
Speedscale sidecar. Use the rollout restart command for each namespace and
resource type:
```bash
kubectl -n <namespace> rollout restart deployment
```
With Helm v3, CRDs created by this chart are not updated by default
and should be manually updated.
Consult also the [Helm Documentation on CRDs](https://helm.sh/docs/chart_best_practices/custom_resource_definitions).
_See [helm upgrade](https://helm.sh/docs/helm/helm_upgrade/) for command documentation._
### Upgrading an existing Release to a new version
A major chart version change (like v1.2.3 -> v2.0.0) indicates that there is an
incompatible breaking change needing manual actions.
## Help
Speedscale docs information available at [docs.speedscale.com](https://docs.speedscale.com) or join us
on the [Speedscale community Slack](https://join.slack.com/t/speedscalecommunity/shared_invite/zt-x5rcrzn4-XHG1QqcHNXIM~4yozRrz8A)!

9
charts/speedscale/speedscale-operator/2.2.744/questions.yaml Normal file
View File

@ -0,0 +1,9 @@
questions:
- variable: apiKey
default: "fffffffffffffffffffffffffffffffffffffffffffff"
description: "An API key is required to connect to the Speedscale cloud."
required: true
type: string
label: API Key
group: Authentication

12
charts/speedscale/speedscale-operator/2.2.744/templates/NOTES.txt Normal file
View File

@ -0,0 +1,12 @@
Thank you for installing the Speedscale Operator!
Next you'll need to add the Speedscale Proxy Sidecar to your deployments.
See https://docs.speedscale.com/setup/sidecar/install/
If upgrading use the rollout restart command for each namespace and resource
type to ensure Speedscale sidecars are updated:
kubectl -n <namespace> rollout restart deployment
Once your deployment is running the sidecar your service will show up on
https://app.speedscale.com/.

209
charts/speedscale/speedscale-operator/2.2.744/templates/admission.yaml Normal file
View File

@ -0,0 +1,209 @@
{{- $cacrt := "" -}}
{{- $crt := "" -}}
{{- $key := "" -}}
{{- $s := (lookup "v1" "Secret" .Release.Namespace "speedscale-webhook-certs") -}}
{{- if $s -}}
{{- $cacrt = index $s.data "ca.crt" | default (index $s.data "tls.crt") | b64dec -}}
{{- $crt = index $s.data "tls.crt" | b64dec -}}
{{- $key = index $s.data "tls.key" | b64dec -}}
{{ else }}
{{- $altNames := list ( printf "speedscale-operator.%s" .Release.Namespace ) ( printf "speedscale-operator.%s.svc" .Release.Namespace ) -}}
{{- $ca := genCA "speedscale-operator" 3650 -}}
{{- $cert := genSignedCert "speedscale-operator" nil $altNames 3650 $ca -}}
{{- $cacrt = $ca.Cert -}}
{{- $crt = $cert.Cert -}}
{{- $key = $cert.Key -}}
{{- end -}}
---
apiVersion: admissionregistration.k8s.io/v1
kind: MutatingWebhookConfiguration
metadata:
creationTimestamp: null
name: speedscale-operator
annotations:
argocd.argoproj.io/hook: PreSync
{{- if .Values.globalAnnotations }}
{{ toYaml .Values.globalAnnotations | indent 4}}
{{- end }}
webhooks:
- admissionReviewVersions:
- v1
clientConfig:
caBundle: {{ $cacrt | b64enc }}
service:
name: speedscale-operator
namespace: {{ .Release.Namespace }}
path: /mutate
failurePolicy: Ignore
name: sidecar.speedscale.com
namespaceSelector:
matchExpressions:
- key: kubernetes.io/metadata.name
operator: "NotIn"
values:
- kube-system
- kube-node-lease
{{- if .Values.namespaceSelector }}
- key: kubernetes.io/metadata.name
operator: "In"
values:
{{- range .Values.namespaceSelector }}
- {{ . | quote }}
{{- end }}
{{- end }}
reinvocationPolicy: IfNeeded
rules:
- apiGroups:
- apps
- batch
apiVersions:
- v1
operations:
- CREATE
- UPDATE
- DELETE
resources:
- deployments
- statefulsets
- daemonsets
- jobs
- replicasets
- apiGroups:
- ""
apiVersions:
- v1
operations:
- CREATE
- UPDATE
- DELETE
resources:
- pods
- apiGroups:
- argoproj.io
apiVersions:
- "*"
operations:
- CREATE
- UPDATE
- DELETE
resources:
- rollouts
sideEffects: None
timeoutSeconds: 10
---
apiVersion: admissionregistration.k8s.io/v1
kind: MutatingWebhookConfiguration
metadata:
creationTimestamp: null
name: speedscale-operator-replay
annotations:
argocd.argoproj.io/hook: PreSync
{{- if .Values.globalAnnotations }}
{{ toYaml .Values.globalAnnotations | indent 4}}
{{- end }}
webhooks:
- admissionReviewVersions:
- v1
clientConfig:
caBundle: {{ $cacrt | b64enc }}
service:
name: speedscale-operator
namespace: {{ .Release.Namespace }}
path: /mutate-speedscale-com-v1-trafficreplay
failurePolicy: Fail
name: replay.speedscale.com
namespaceSelector:
matchExpressions:
- key: kubernetes.io/metadata.name
operator: "NotIn"
values:
- kube-system
- kube-node-lease
{{- if .Values.namespaceSelector }}
- key: kubernetes.io/metadata.name
operator: "In"
values:
{{- range .Values.namespaceSelector }}
- {{ . | quote }}
{{- end }}
{{- end }}
rules:
- apiGroups:
- speedscale.com
apiVersions:
- v1
operations:
- CREATE
- UPDATE
resources:
- trafficreplays
sideEffects: None
timeoutSeconds: 10
---
apiVersion: admissionregistration.k8s.io/v1
kind: ValidatingWebhookConfiguration
metadata:
creationTimestamp: null
name: speedscale-operator-replay
annotations:
argocd.argoproj.io/hook: PreSync
{{- if .Values.globalAnnotations }}
{{ toYaml .Values.globalAnnotations | indent 4}}
{{- end }}
webhooks:
- admissionReviewVersions:
- v1
clientConfig:
caBundle: {{ $cacrt | b64enc }}
service:
name: speedscale-operator
namespace: {{ .Release.Namespace }}
path: /validate-speedscale-com-v1-trafficreplay
failurePolicy: Fail
name: replay.speedscale.com
namespaceSelector:
matchExpressions:
- key: kubernetes.io/metadata.name
operator: "NotIn"
values:
- kube-system
- kube-node-lease
{{- if .Values.namespaceSelector }}
- key: kubernetes.io/metadata.name
operator: "In"
values:
{{- range .Values.namespaceSelector }}
- {{ . | quote }}
{{- end }}
{{- end }}
rules:
- apiGroups:
- speedscale.com
apiVersions:
- v1
operations:
- CREATE
- UPDATE
- DELETE
resources:
- trafficreplays
sideEffects: None
timeoutSeconds: 10
---
apiVersion: v1
kind: Secret
metadata:
annotations:
helm.sh/hook: pre-install
helm.sh/hook-delete-policy: before-hook-creation
{{- if .Values.globalAnnotations }}
{{ toYaml .Values.globalAnnotations | indent 4}}
{{- end }}
creationTimestamp: null
name: speedscale-webhook-certs
namespace: {{ .Release.Namespace }}
type: kubernetes.io/tls
data:
ca.crt: {{ $cacrt | b64enc }}
tls.crt: {{ $crt | b64enc }}
tls.key: {{ $key | b64enc }}

43
charts/speedscale/speedscale-operator/2.2.744/templates/configmap.yaml Normal file
View File

@ -0,0 +1,43 @@
---
apiVersion: v1
kind: ConfigMap
metadata:
name: speedscale-operator
namespace: {{ .Release.Namespace }}
annotations:
argocd.argoproj.io/hook: PreSync
{{- if .Values.globalAnnotations }}
{{ toYaml .Values.globalAnnotations | indent 4}}
{{- end }}
data:
CLUSTER_NAME: {{ .Values.clusterName }}
IMAGE_PULL_POLICY: {{ .Values.image.pullPolicy }}
IMAGE_PULL_SECRETS: ""
IMAGE_REGISTRY: {{ .Values.image.registry }}
IMAGE_TAG: {{ .Values.image.tag }}
INSTANCE_ID: '{{- $cm := (lookup "v1" "ConfigMap" .Release.Namespace "speedscale-operator") -}}{{ if $cm }}{{ $cm.data.INSTANCE_ID }}{{ else }}{{ ( printf "%s-%s" .Values.clusterName uuidv4 ) }}{{ end }}'
LOG_LEVEL: {{ .Values.logLevel }}
SPEEDSCALE_DLP_CONFIG: {{ .Values.dlp.config }}
SPEEDSCALE_FILTER_RULE: {{ .Values.filterRule }}
TELEMETRY_INTERVAL: 60s
WITH_DLP: {{ .Values.dlp.enabled | quote }}
WITH_INSPECTOR: {{ .Values.dashboardAccess | quote }}
API_KEY_SECRET_NAME: {{ .Values.apiKeySecret | quote }}
DEPLOY_DEMO: {{ .Values.deployDemo | quote }}
GLOBAL_ANNOTATIONS: {{ .Values.globalAnnotations | toJson | quote }}
GLOBAL_LABELS: {{ .Values.globalLabels | toJson | quote }}
{{- if .Values.http_proxy }}
HTTP_PROXY: {{ .Values.http_proxy }}
{{- end }}
{{- if .Values.https_proxy }}
HTTPS_PROXY: {{ .Values.https_proxy }}
{{- end }}
{{- if .Values.no_proxy }}
NO_PROXY: {{ .Values.no_proxy }}
{{- end }}
PRIVILEGED_SIDECARS: {{ .Values.privilegedSidecars | quote }}
DISABLE_SMARTDNS: {{ .Values.disableSidecarSmartReverseDNS | quote }}
SIDECAR_CONFIG: {{ .Values.sidecar | toJson | quote }}
FORWARDER_CONFIG: {{ .Values.forwarder | toJson | quote }}
TEST_PREP_TIMEOUT: {{ .Values.operator.test_prep_timeout }}
CONTROL_PLANE_TIMEOUT: {{ .Values.operator.control_plane_timeout }}

522
charts/speedscale/speedscale-operator/2.2.744/templates/crds/trafficreplays.yaml Normal file
View File

@ -0,0 +1,522 @@
apiVersion: apiextensions.k8s.io/v1
kind: CustomResourceDefinition
metadata:
annotations:
controller-gen.kubebuilder.io/version: v0.15.0
creationTimestamp: null
name: trafficreplays.speedscale.com
spec:
group: speedscale.com
names:
kind: TrafficReplay
listKind: TrafficReplayList
plural: trafficreplays
shortNames:
- replay
singular: trafficreplay
scope: Namespaced
versions:
- additionalPrinterColumns:
- jsonPath: .status.active
name: Active
type: boolean
- jsonPath: .spec.mode
name: Mode
type: string
- jsonPath: .status.conditions[-1:].message
name: Status
type: string
- jsonPath: .metadata.creationTimestamp
name: Age
type: date
name: v1
schema:
openAPIV3Schema:
description: TrafficReplay is the Schema for the trafficreplays API
properties:
apiVersion:
description: |-
APIVersion defines the versioned schema of this representation of an object.
Servers should convert recognized schemas to the latest internal value, and
may reject unrecognized values.
More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources
type: string
kind:
description: |-
Kind is a string value representing the REST resource this object represents.
Servers may infer this from the endpoint the client submits requests to.
Cannot be updated.
In CamelCase.
More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds
type: string
metadata:
type: object
spec:
description: TrafficReplaySpec defines the desired state of TrafficReplay
properties:
buildTag:
description: |-
BuildTag links a unique tag, build hash, etc. to the generated
traffic replay report. That way you can connect the report results to the
version of the code that was tested.
type: string
cleanup:
description: |-
Cleanup is the name of cleanup mode used for this TrafficReplay. Set to
"none" to leave resources in the state they were during the replay. The
default mode "inventory" will revert the environment to the state it was
before the replay.
enum:
- inventory
- all
- none
type: string
collectLogs:
description: 'DEPRECATED: use TestReport.ActualConfig.Cluster.CollectLogs'
type: boolean
configChecksum:
description: |-
ConfigChecksum, managed my the operator, is the SHA1 checksum of the
configuration.
type: string
customURL:
description: |-
CustomURL specifies a custom URL to send *ALL* traffic to. Use
Workload.CustomURI to send traffic to a specific URL for only that
workload.
type: string
generatorLowData:
description: |-
GeneratorLowData forces the generator into a high
efficiency/low data output mode. This is ideal for high volume
performance tests. Defaults to false.
DEPRECATED
type: boolean
mode:
description: Mode is the name of replay mode used for this TrafficReplay.
enum:
- full-replay
- responder-only
- generator-only
type: string
needsReport:
description: 'DEPRECATED: replays always create reports'
type: boolean
proxyMode:
description: |-
ProxyMode defines proxy operational mode used with injected sidecar.
DEPRECATED
type: string
responderLowData:
description: |-
ResponderLowData forces the responder into a high
efficiency/low data output mode. This is ideal for high volume
performance tests. Defaults to false.
DEPRECATED
type: boolean
secretRefs:
description: |-
SecretRefs hold the references to the secrets which contain
various secrets like (e.g. short-lived JWTs to be used by the generator
for authorization with HTTP calls).
items:
description: |-
LocalObjectReference contains enough information to locate the referenced
Kubernetes resource object.
properties:
name:
description: Name of the referent.
type: string
required:
- name
type: object
type: array
sidecar:
description: |-
Sidecar defines sidecar specific configuration.
DEPRECATED: use Workloads
properties:
inject:
description: 'DEPRECATED: do not use'
type: boolean
patch:
description: Patch is .yaml file patch for the Workload
format: byte
type: string
tls:
properties:
in:
description: In provides configuration for sidecar inbound
TLS.
properties:
private:
description: Private is the filename of the TLS inbound
private key.
type: string
public:
description: Public is the filename of the TLS inbound
public key.
type: string
secret:
description: Secret is a secret with the TLS keys to use
for inbound traffic.
type: string
type: object
mutual:
description: Mutual provides configuration for sidecar mutual
TLS.
properties:
private:
description: Private is the filename of the mutual TLS
private key.
type: string
public:
description: Public is the filename of the mutual TLS
public key.
type: string
secret:
description: Secret is a secret with the mutual TLS keys.
type: string
type: object
out:
description: |-
Out enables or disables TLS out on the
sidecar during replay.
type: boolean
type: object
type: object
snapshotID:
description: |-
SnapshotID is the id of the traffic snapshot for this
TrafficReplay.
type: string
testConfigID:
description: |-
TestConfigID is the id of the replay configuration to be used
by the generator and responder for the TrafficReplay.
type: string
timeout:
description: |-
Timeout is the time to wait for replay test to finish. Defaults
to value of the `TIMEOUT` setting of the operator.
type: string
ttlAfterReady:
description: |-
TTLAfterReady provides a TTL (time to live) mechanism to limit
the lifetime of TrafficReplay object that have finished the execution and
reached its final state (either complete or failed).
type: string
workloadRef:
description: |-
WorkloadRef is the reference to the target workload (SUT) for
TrafficReplay. The operations will be performed in the namespace of the
target object.
DEPRECATED: use Workloads
properties:
apiVersion:
description: API version of the referenced object.
type: string
kind:
description: Kind of the referenced object. Defaults to "Deployment".
type: string
name:
description: |-
Name of the referenced object. Required when defining for a test unless a
custom URI is provided. Always required when defining mocks.
type: string
namespace:
description: Namespace of the referenced object. Defaults to the
TrafficReplay namespace.
type: string
required:
- name
type: object
workloads:
description: |-
Workloads define target workloads (SUT) for a TrafficReplay. Many
workloads may be provided, or none. Workloads may be modified and
restarted during replay to configure communication with a responder.
items:
description: |-
Workload represents a Kubernetes workload to be targeted during replay and
associated settings.
properties:
customURI:
description: |-
CustomURI will be target of the traffic instead of directly targeting
workload. This is required if a Ref is not specified.
type: string
inTrafficKey:
description: 'DEPRECATED: use Tests'
type: string
inTrafficKeys:
description: 'DEPRECATED: use Tests'
items:
type: string
type: array
mocks:
description: |-
Mocks are strings used to identify slices of outbound snapshot traffic to
mock for this workload and maps directly to a snapshot's `OutTraffic`
field. Snapshot egress traffic can be split across multiple slices where
each slice contains part of the traffic. A workload may specify multiple
keys and multiple workloads may specify the same key.
Only the traffic slices defined here will be mocked. A workload with no
keys defined will not mock any traffic. Pass '*' to mock all traffic.
Mock strings may only match part of the snapshot's `OutTraffic` key if the
string matches exactly one key. For example, the test string
`foo.example.com` would match the `OutTraffic` key of
my-service:foo.example.com:8080, as long as no other keys would match
`foo.example.com`. Multiple mocks must be specified for multiple keys
unless using '*'.
items:
type: string
type: array
outTrafficKeys:
description: 'DEPRECATED: use Mocks'
items:
type: string
type: array
ref:
description: |-
Ref is a reference to a cluster workload, like a deployment or a
statefulset. This is required unless a CustomURI is specified.
properties:
apiVersion:
description: API version of the referenced object.
type: string
kind:
description: Kind of the referenced object. Defaults to
"Deployment".
type: string
name:
description: |-
Name of the referenced object. Required when defining for a test unless a
custom URI is provided. Always required when defining mocks.
type: string
namespace:
description: Namespace of the referenced object. Defaults
to the TrafficReplay namespace.
type: string
required:
- name
type: object
routing:
description: Routing configures how workloads route egress traffic
to responders
enum:
- hostalias
- nat
type: string
sidecar:
description: |-
TODO: this is not implemented, come back and replace deprecated Sidecar with workload specific settings
Sidecar defines sidecar specific configuration.
properties:
inject:
description: 'DEPRECATED: do not use'
type: boolean
patch:
description: Patch is .yaml file patch for the Workload
format: byte
type: string
tls:
properties:
in:
description: In provides configuration for sidecar inbound
TLS.
properties:
private:
description: Private is the filename of the TLS
inbound private key.
type: string
public:
description: Public is the filename of the TLS inbound
public key.
type: string
secret:
description: Secret is a secret with the TLS keys
to use for inbound traffic.
type: string
type: object
mutual:
description: Mutual provides configuration for sidecar
mutual TLS.
properties:
private:
description: Private is the filename of the mutual
TLS private key.
type: string
public:
description: Public is the filename of the mutual
TLS public key.
type: string
secret:
description: Secret is a secret with the mutual
TLS keys.
type: string
type: object
out:
description: |-
Out enables or disables TLS out on the
sidecar during replay.
type: boolean
type: object
type: object
tests:
description: |-
Tests are strings used to identify slices of inbound snapshot traffic this
workload is targeting and maps directly to a snapshot's `InTraffic` field.
Snapshot ingress traffic can be split across multiple slices where each
slice contains part of the traffic. A key must only be specified once
across all workloads, but a workload may specify multiple keys. Pass '*'
to match all keys.
Test strings may only match part of the snapshot's `InTraffic` key if the
string matches exactly one key. For example, the test string
`foo.example.com` would match the `InTraffic` key of
my-service:foo.example.com:8080, as long as no other keys would match
`foo.example.com`
This field is optional in the spec to provide support for single-workload
and legacy replays, but must be specified for multi-workload replays in
order to provide deterministic replay configuration.
items:
type: string
type: array
type: object
type: array
required:
- snapshotID
- testConfigID
type: object
status:
default:
observedGeneration: -1
description: TrafficReplayStatus defines the observed state of TrafficReplay
properties:
active:
description: Active indicates whether this traffic replay is currently
underway or not.
type: boolean
conditions:
items:
description: "Condition contains details for one aspect of the current
state of this API Resource.\n---\nThis struct is intended for
direct use as an array at the field path .status.conditions. For
example,\n\n\n\ttype FooStatus struct{\n\t // Represents the
observations of a foo's current state.\n\t // Known .status.conditions.type
are: \"Available\", \"Progressing\", and \"Degraded\"\n\t //
+patchMergeKey=type\n\t // +patchStrategy=merge\n\t // +listType=map\n\t
\ // +listMapKey=type\n\t Conditions []metav1.Condition `json:\"conditions,omitempty\"
patchStrategy:\"merge\" patchMergeKey:\"type\" protobuf:\"bytes,1,rep,name=conditions\"`\n\n\n\t
\ // other fields\n\t}"
properties:
lastTransitionTime:
description: |-
lastTransitionTime is the last time the condition transitioned from one status to another.
This should be when the underlying condition changed. If that is not known, then using the time when the API field changed is acceptable.
format: date-time
type: string
message:
description: |-
message is a human readable message indicating details about the transition.
This may be an empty string.
maxLength: 32768
type: string
observedGeneration:
description: |-
observedGeneration represents the .metadata.generation that the condition was set based upon.
For instance, if .metadata.generation is currently 12, but the .status.conditions[x].observedGeneration is 9, the condition is out of date
with respect to the current state of the instance.
format: int64
minimum: 0
type: integer
reason:
description: |-
reason contains a programmatic identifier indicating the reason for the condition's last transition.
Producers of specific condition types may define expected values and meanings for this field,
and whether the values are considered a guaranteed API.
The value should be a CamelCase string.
This field may not be empty.
maxLength: 1024
minLength: 1
pattern: ^[A-Za-z]([A-Za-z0-9_,:]*[A-Za-z0-9_])?$
type: string
status:
description: status of the condition, one of True, False, Unknown.
enum:
- "True"
- "False"
- Unknown
type: string
type:
description: |-
type of condition in CamelCase or in foo.example.com/CamelCase.
---
Many .condition.type values are consistent across resources like Available, but because arbitrary conditions can be
useful (see .node.status.conditions), the ability to deconflict is important.
The regex it matches is (dns1123SubdomainFmt/)?(qualifiedNameFmt)
maxLength: 316
pattern: ^([a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*/)?(([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9])$
type: string
required:
- lastTransitionTime
- message
- reason
- status
- type
type: object
type: array
finishedTime:
description: Information when the traffic replay has finished.
format: date-time
type: string
initializedTime:
description: Information when the test environment was successfully
prepared.
format: date-time
type: string
lastHeartbeatTime:
description: 'DEPRECATED: will not be set'
format: date-time
type: string
observedGeneration:
description: ObservedGeneration is the last observed generation.
format: int64
type: integer
reconcileFailures:
description: |-
ReconcileFailures is the number of times the traffic replay controller
experienced an error during the reconciliation process. The traffic
replay will be deleted if too many errors occur.
format: int64
type: integer
reportID:
description: The id of the traffic replay report created.
type: string
reportURL:
description: The url to the traffic replay report.
type: string
startedTime:
description: Information when the traffic replay has started.
format: date-time
type: string
type: object
type: object
served: true
storage: true
subresources:
status: {}
status:
acceptedNames:
kind: ""
plural: ""
conditions: null
storedVersions: null

132
charts/speedscale/speedscale-operator/2.2.744/templates/deployments.yaml Normal file
View File

@ -0,0 +1,132 @@
---
apiVersion: apps/v1
kind: Deployment
metadata:
annotations:
operator.speedscale.com/ignore: "true"
{{- if .Values.globalAnnotations }}
{{ toYaml .Values.globalAnnotations | indent 4}}
{{- end }}
labels:
app: speedscale-operator
controlplane.speedscale.com/component: operator
{{- if .Values.globalLabels }}
{{ toYaml .Values.globalLabels | indent 4}}
{{- end }}
name: speedscale-operator
namespace: {{ .Release.Namespace }}
spec:
replicas: 1
selector:
matchLabels:
app: speedscale-operator
controlplane.speedscale.com/component: operator
strategy:
type: Recreate
template:
metadata:
annotations:
{{- if .Values.globalAnnotations }}
{{ toYaml .Values.globalAnnotations | indent 8}}
{{- end }}
labels:
app: speedscale-operator
controlplane.speedscale.com/component: operator
{{- if .Values.globalLabels }}
{{ toYaml .Values.globalLabels | indent 8}}
{{- end }}
spec:
containers:
- command:
- /operator
env:
- name: POD_NAME
valueFrom:
fieldRef:
apiVersion: v1
fieldPath: metadata.name
- name: POD_NAMESPACE
valueFrom:
fieldRef:
apiVersion: v1
fieldPath: metadata.namespace
envFrom:
- configMapRef:
name: speedscale-operator
# https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.23/#container-v1-core
# When a key exists in multiple sources, the value associated with the last source will take precedence.
# Values defined by an Env with a duplicate key will take precedence.
- configMapRef:
name: speedscale-operator-override
optional: true
- secretRef:
name: '{{ ne .Values.apiKeySecret "" | ternary .Values.apiKeySecret "speedscale-apikey" }}'
optional: false
image: '{{ .Values.image.registry }}/operator:{{ .Values.image.tag }}'
imagePullPolicy: {{ .Values.image.pullPolicy }}
livenessProbe:
failureThreshold: 5
httpGet:
path: /healthz
port: health-check
scheme: HTTP
initialDelaySeconds: 30
periodSeconds: 30
successThreshold: 1
timeoutSeconds: 5
name: operator
ports:
- containerPort: 443
name: webhook-server
- containerPort: 8081
name: health-check
readinessProbe:
failureThreshold: 10
httpGet:
path: /readyz
port: health-check
scheme: HTTP
initialDelaySeconds: 5
periodSeconds: 5
successThreshold: 1
timeoutSeconds: 5
resources: {{- toYaml .Values.operator.resources | nindent 10 }}
securityContext:
allowPrivilegeEscalation: false
privileged: false
readOnlyRootFilesystem: true
runAsNonRoot: false
# Run as root to bind 443 https://github.com/kubernetes/kubernetes/issues/56374
runAsUser: 0
volumeMounts:
- mountPath: /tmp
name: tmp
- mountPath: /tmp/k8s-webhook-server/serving-certs
name: webhook-certs
readOnly: true
- mountPath: /etc/ssl/speedscale
name: speedscale-tls-out
readOnly: true
hostNetwork: {{ .Values.hostNetwork }}
securityContext:
runAsNonRoot: true
serviceAccountName: speedscale-operator
terminationGracePeriodSeconds: 10
volumes:
- emptyDir: {}
name: tmp
- name: webhook-certs
secret:
secretName: speedscale-webhook-certs
- name: speedscale-tls-out
secret:
secretName: speedscale-certs
{{- if .Values.affinity }}
affinity: {{ toYaml .Values.affinity | nindent 8 }}
{{- end }}
{{- if .Values.tolerations }}
tolerations: {{ toYaml .Values.tolerations | nindent 8 }}
{{- end }}
{{- if .Values.nodeSelector }}
nodeSelector: {{ toYaml .Values.nodeSelector | nindent 8 }}
{{- end }}

79
charts/speedscale/speedscale-operator/2.2.744/templates/hooks.yaml Normal file
View File

@ -0,0 +1,79 @@
---
apiVersion: batch/v1
kind: Job
metadata:
annotations:
helm.sh/hook: pre-install
helm.sh/hook-delete-policy: before-hook-creation,hook-succeeded
helm.sh/hook-weight: "4"
{{- if .Values.globalAnnotations }}
{{ toYaml .Values.globalAnnotations | indent 4}}
{{- end }}
creationTimestamp: null
name: speedscale-operator-pre-install
namespace: {{ .Release.Namespace }}
labels:
{{- if .Values.globalLabels }}
{{ toYaml .Values.globalLabels | indent 4}}
{{- end }}
spec:
backoffLimit: 0
ttlSecondsAfterFinished: 30
template:
metadata:
annotations:
{{- if .Values.globalAnnotations }}
{{ toYaml .Values.globalAnnotations | indent 8}}
{{- end }}
creationTimestamp: null
labels:
{{- if .Values.globalLabels }}
{{ toYaml .Values.globalLabels | indent 8}}
{{- end }}
spec:
containers:
- args:
- |-
# ensure valid settings before the chart reports a successfull install
{{- if .Values.http_proxy }}
HTTP_PROXY={{ .Values.http_proxy | quote }} \
{{- end }}
{{- if .Values.https_proxy }}
HTTPS_PROXY={{ .Values.https_proxy | quote }} \
{{- end }}
{{- if .Values.no_proxy }}
NO_PROXY={{ .Values.no_proxy | quote }} \
{{- end }}
speedctl init --overwrite --no-rcfile-update \
--api-key $SPEEDSCALE_API_KEY \
--app-url $SPEEDSCALE_APP_URL
# in case we're in istio
curl -X POST http://127.0.0.1:15000/quitquitquit || true
command:
- sh
- -c
envFrom:
- secretRef:
name: '{{ ne .Values.apiKeySecret "" | ternary .Values.apiKeySecret "speedscale-apikey" }}'
optional: false
image: '{{ .Values.image.registry }}/speedscale-cli:{{ .Values.image.tag }}'
imagePullPolicy: {{ .Values.image.pullPolicy }}
name: speedscale-cli
resources:
limits:
memory: "128M"
cpu: "1"
requests:
memory: "64M"
cpu: "100m"
restartPolicy: Never
{{- if .Values.affinity }}
affinity: {{ toYaml .Values.affinity | nindent 8 }}
{{- end }}
{{- if .Values.tolerations }}
tolerations: {{ toYaml .Values.tolerations | nindent 8 }}
{{- end }}
{{- if .Values.nodeSelector }}
nodeSelector: {{ toYaml .Values.nodeSelector | nindent 8 }}
{{- end }}

244
charts/speedscale/speedscale-operator/2.2.744/templates/rbac.yaml Normal file
View File

@ -0,0 +1,244 @@
---
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRole
metadata:
creationTimestamp: null
name: speedscale-operator
{{- if .Values.globalAnnotations }}
annotations: {{ toYaml .Values.globalAnnotations | nindent 4 }}
{{- end }}
rules:
- apiGroups:
- apps
resources:
- deployments
- statefulsets
- daemonsets
verbs:
- create
- delete
- deletecollection
- get
- list
- patch
- update
- watch
- apiGroups:
- apps
resources:
- replicasets
verbs:
- delete
- deletecollection
- get
- list
- patch
- update
- watch
- apiGroups:
- batch
resources:
- jobs
verbs:
- create
- delete
- deletecollection
- get
- list
- patch
- update
- watch
- apiGroups:
- apiextensions.k8s.io
resources:
- customresourcedefinitions
verbs:
- get
- list
- apiGroups:
- admissionregistration.k8s.io
resources:
- mutatingwebhookconfigurations
- validatingwebhookconfigurations
verbs:
- get
- list
- apiGroups:
- rbac.authorization.k8s.io
resources:
- clusterrolebindings
- clusterroles
verbs:
- get
- list
- apiGroups:
- ""
resources:
- namespaces
verbs:
- get
- list
- watch
- apiGroups:
- ""
resources:
- configmaps
- secrets
- pods
- services
- serviceaccounts
verbs:
- create
- delete
- deletecollection
- get
- list
- patch
- update
- watch
- apiGroups:
- ""
resources:
- pods/log
verbs:
- get
- list
- apiGroups:
- ""
resources:
- events
verbs:
- get
- list
- watch
- apiGroups:
- ""
resources:
- nodes
verbs:
- get
- list
- watch
- apiGroups:
- metrics.k8s.io
resources:
- pods
verbs:
- get
- list
- watch
- apiGroups:
- rbac.authorization.k8s.io
resources:
- rolebindings
- roles
verbs:
- create
- delete
- deletecollection
- get
- list
- patch
- update
- watch
- apiGroups:
- networking.istio.io
resources:
- envoyfilters
- sidecars
verbs:
- create
- delete
- deletecollection
- get
- list
- patch
- update
- watch
- apiGroups:
- security.istio.io
resources:
- peerauthentications
verbs:
- create
- delete
- deletecollection
- get
- list
- patch
- update
- watch
- apiGroups:
- coordination.k8s.io
resources:
- leases
verbs:
- create
- delete
- deletecollection
- get
- list
- patch
- update
- watch
- apiGroups:
- speedscale.com
resources:
- trafficreplays
verbs:
- create
- delete
- deletecollection
- get
- list
- patch
- update
- watch
- apiGroups:
- speedscale.com
resources:
- trafficreplays/status
verbs:
- get
- update
- patch
- apiGroups:
- argoproj.io
resources:
- rollouts
verbs:
- get
- list
- patch
- update
- watch
---
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRoleBinding
metadata:
name: speedscale-operator
{{- if .Values.globalAnnotations }}
annotations: {{ toYaml .Values.globalAnnotations | nindent 4 }}
{{- end }}
roleRef:
apiGroup: rbac.authorization.k8s.io
kind: ClusterRole
name: speedscale-operator
subjects:
- kind: ServiceAccount
name: speedscale-operator
namespace: {{ .Release.Namespace }}
---
apiVersion: v1
automountServiceAccountToken: true
kind: ServiceAccount
metadata:
creationTimestamp: null
labels:
app: speedscale-operator
controlplane.speedscale.com/component: operator
name: speedscale-operator
namespace: {{ .Release.Namespace }}
{{- if .Values.globalAnnotations }}
annotations: {{ toYaml .Values.globalAnnotations | nindent 4 }}
{{- end }}

18
charts/speedscale/speedscale-operator/2.2.744/templates/secrets.yaml Normal file
View File

@ -0,0 +1,18 @@
---
{{ if .Values.apiKey }}
apiVersion: v1
kind: Secret
metadata:
name: speedscale-apikey
namespace: {{ .Release.Namespace }}
annotations:
helm.sh/hook: pre-install
helm.sh/hook-weight: "3"
{{- if .Values.globalAnnotations }}
{{ toYaml .Values.globalAnnotations | indent 4}}
{{- end }}
type: Opaque
data:
SPEEDSCALE_API_KEY: {{ .Values.apiKey | b64enc }}
SPEEDSCALE_APP_URL: {{ .Values.appUrl | b64enc }}
{{ end }}

22
charts/speedscale/speedscale-operator/2.2.744/templates/services.yaml Normal file
View File

@ -0,0 +1,22 @@
---
apiVersion: v1
kind: Service
metadata:
creationTimestamp: null
labels:
app: speedscale-operator
controlplane.speedscale.com/component: operator
name: speedscale-operator
namespace: {{ .Release.Namespace }}
{{- if .Values.globalAnnotations }}
annotations: {{ toYaml .Values.globalAnnotations | nindent 4 }}
{{- end }}
spec:
ports:
- port: 443
protocol: TCP
selector:
app: speedscale-operator
controlplane.speedscale.com/component: operator
status:
loadBalancer: {}

189
charts/speedscale/speedscale-operator/2.2.744/templates/tls.yaml Normal file
View File

@ -0,0 +1,189 @@
{{- $crt := "" -}}
{{- $key := "" -}}
{{- $s := (lookup "v1" "Secret" .Release.Namespace "speedscale-certs") -}}
{{- if $s -}}
{{- $crt = index $s.data "tls.crt" | b64dec -}}
{{- $key = index $s.data "tls.key" | b64dec -}}
{{ else }}
{{- $cert := genCA "Speedscale" 3650 -}}
{{- $crt = $cert.Cert -}}
{{- $key = $cert.Key -}}
{{- end -}}
---
apiVersion: batch/v1
kind: Job
metadata:
annotations:
helm.sh/hook: pre-install
helm.sh/hook-delete-policy: before-hook-creation,hook-succeeded
helm.sh/hook-weight: "5"
{{- if .Values.globalAnnotations }}
{{ toYaml .Values.globalAnnotations | indent 4}}
{{- end }}
creationTimestamp: null
name: speedscale-operator-create-jks
namespace: {{ .Release.Namespace }}
labels:
{{- if .Values.globalLabels }}
{{ toYaml .Values.globalLabels | indent 4}}
{{- end }}
spec:
backoffLimit: 0
ttlSecondsAfterFinished: 30
template:
metadata:
annotations:
{{- if .Values.globalAnnotations }}
{{ toYaml .Values.globalAnnotations | indent 8}}
{{- end }}
creationTimestamp: null
labels:
{{- if .Values.globalAnnotations }}
{{ toYaml .Values.globalAnnotations | indent 8}}
{{- end }}
spec:
containers:
- args:
- |-
keytool -keystore /usr/lib/jvm/jre/lib/security/cacerts -importcert -noprompt -trustcacerts -storepass changeit -alias speedscale -file /etc/ssl/speedscale/tls.crt
kubectl -n ${POD_NAMESPACE} delete secret speedscale-jks || true
kubectl -n ${POD_NAMESPACE} create secret generic speedscale-jks --from-file=cacerts.jks=/usr/lib/jvm/jre/lib/security/cacerts
# in case we're in istio
curl -X POST http://127.0.0.1:15000/quitquitquit || true
command:
- sh
- -c
volumeMounts:
- mountPath: /etc/ssl/speedscale
name: speedscale-tls-out
readOnly: true
env:
- name: POD_NAMESPACE
valueFrom:
fieldRef:
apiVersion: v1
fieldPath: metadata.namespace
envFrom:
- secretRef:
name: '{{ ne .Values.apiKeySecret "" | ternary .Values.apiKeySecret "speedscale-apikey" }}'
optional: false
image: '{{ .Values.image.registry }}/amazoncorretto'
imagePullPolicy: {{ .Values.image.pullPolicy }}
name: create-jks
resources:
limits:
memory: "256M"
cpu: "1"
requests:
memory: "128M"
cpu: "200m"
restartPolicy: Never
serviceAccountName: speedscale-operator-provisioning
volumes:
- name: speedscale-tls-out
secret:
secretName: speedscale-certs
{{- if .Values.affinity }}
affinity: {{ toYaml .Values.affinity | nindent 8 }}
{{- end }}
{{- if .Values.tolerations }}
tolerations: {{ toYaml .Values.tolerations | nindent 8 }}
{{- end }}
{{- if .Values.nodeSelector }}
nodeSelector: {{ toYaml .Values.nodeSelector | nindent 8 }}
{{- end }}
---
apiVersion: v1
automountServiceAccountToken: true
kind: ServiceAccount
metadata:
annotations:
helm.sh/hook: pre-install
helm.sh/hook-delete-policy: before-hook-creation,hook-succeeded
helm.sh/hook-weight: "1"
{{- if .Values.globalAnnotations }}
{{ toYaml .Values.globalAnnotations | indent 4}}
{{- end }}
creationTimestamp: null
labels:
app: speedscale-operator
controlplane.speedscale.com/component: operator
name: speedscale-operator-provisioning
namespace: {{ .Release.Namespace }}
---
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRole
metadata:
annotations:
helm.sh/hook: pre-install
helm.sh/hook-delete-policy: before-hook-creation,hook-succeeded
helm.sh/hook-weight: "2"
creationTimestamp: null
name: speedscale-operator-provisioning
rules:
- apiGroups:
- ""
resources:
- secrets
verbs:
- create
- delete
- deletecollection
- get
- list
- patch
- update
- watch
- apiGroups:
- admissionregistration.k8s.io
resources:
- mutatingwebhookconfigurations
- validatingwebhookconfigurations
verbs:
- create
- delete
- deletecollection
- get
- list
- patch
- update
- watch
---
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRoleBinding
metadata:
annotations:
helm.sh/hook: pre-install
helm.sh/hook-delete-policy: before-hook-creation,hook-succeeded
helm.sh/hook-weight: "3"
{{- if .Values.globalAnnotations }}
{{ toYaml .Values.globalAnnotations | indent 4}}
{{- end }}
creationTimestamp: null
name: speedscale-operator-provisioning
roleRef:
apiGroup: rbac.authorization.k8s.io
kind: ClusterRole
name: speedscale-operator-provisioning
subjects:
- kind: ServiceAccount
name: speedscale-operator-provisioning
namespace: {{ .Release.Namespace }}
---
apiVersion: v1
kind: Secret
metadata:
annotations:
helm.sh/hook: pre-install
helm.sh/hook-delete-policy: before-hook-creation
{{- if .Values.globalAnnotations }}
{{ toYaml .Values.globalAnnotations | indent 4}}
{{- end }}
creationTimestamp: null
name: speedscale-certs
namespace: {{ .Release.Namespace }}
type: kubernetes.io/tls
data:
tls.crt: {{ $crt | b64enc }}
tls.key: {{ $key | b64enc }}

138
charts/speedscale/speedscale-operator/2.2.744/values.yaml Normal file
View File

@ -0,0 +1,138 @@
# An API key is required to connect to the Speedscale cloud.
# If you need a key email support@speedscale.com.
apiKey: ""
# A secret name can be referenced instead of the api key itself.
# The secret must be of the format:
#
# type: Opaque
# data:
# SPEEDSCALE_API_KEY: <key>
# SPEEDSCALE_APP_URL: <appUrl>
apiKeySecret: ""
# Speedscale domain to use.
appUrl: "app.speedscale.com"
# The name of your cluster.
clusterName: "my-cluster"
# Speedscale components image settings.
image:
registry: gcr.io/speedscale
tag: v2.2.744
pullPolicy: Always
# Log level for Speedscale components.
logLevel: "info"
# Namespaces to be watched by Speedscale Operator as a list of names.
namespaceSelector: []
# Instructs operator to deploy resources necessary to interact with your cluster from the Speedscale dashboard.
dashboardAccess: true
# Filter Rule to apply to the Speedscale Forwarder
filterRule: "standard"
# Data Loss Prevention settings.
dlp:
# Instructs operator to enable data loss prevention features
enabled: false
# Configuration for data loss prevention
config: "standard"
# If the operator pod/webhooks need to be on the host network.
# This is only needed if the control plane cannot connect directly to a pod
# for eg. if Calico is used as EKS's default networking
# https://docs.tigera.io/calico/3.25/getting-started/kubernetes/managed-public-cloud/eks#install-eks-with-calico-networking
hostNetwork: false
# A set of annotations to be applied to all Speedscale related deployments,
# services, jobs, pods, etc.
#
# Example:
# annotation.first: value
# annotation.second: value
globalAnnotations: {}
# A set of labels to be applied to all Speedscale related deployments,
# services, jobs, pods, etc.
#
# Example:
# label1: value
# label2: value
globalLabels: {}
# A full affinity object as detailed: https://kubernetes.io/docs/tasks/configure-pod-container/assign-pods-nodes-using-node-affinity
affinity: {}
# The list of tolerations as detailed: https://kubernetes.io/docs/concepts/scheduling-eviction/taint-and-toleration/
tolerations: []
# A nodeselector object as detailed: https://kubernetes.io/docs/tasks/configure-pod-container/assign-pods-nodes/
nodeSelector: {}
# Deploy a demo app at startup. Set this to an empty string to not deploy.
# Valid values: ["java", ""]
deployDemo: "java"
# Proxy connection settings if required by your network. These translate to standard proxy environment
# variables HTTP_PROXY, HTTPS_PROXY, and NO_PROXY
http_proxy: ""
https_proxy: ""
no_proxy: ""
# control if sidecar init containers should run with privileged set
privilegedSidecars: false
# control if the sidecar should enable/disable use of the smart dns lookup feature (requires NET_ADMIN)
disableSidecarSmartReverseDNS: false
# Operator settings. These limits are recommended unless you have a cluster
# with a very large number of workloads (for eg. 10k+ deployments, replicasets, etc.).
operator:
resources:
limits:
cpu: 500m
memory: 512Mi
requests:
cpu: 100m
memory: 128Mi
# how long to wait for the SUT to become ready
test_prep_timeout: 10m
# timeout for deploying & upgrading control plane components
control_plane_timeout: 5m
# Default sidecar settings. Example:
# sidecar:
# resources:
# limits:
# cpu: 500m
# memory: 512Mi
# ephemeral-storage: 100Mi
# requests:
# cpu: 10m
# memory: 32Mi
# ephemeral-storage: 100Mi
# ignore_src_hosts: example.com, example.org
# ignore_src_ips: 8.8.8.8, 1.1.1.1
# ignore_dst_hosts: example.com, example.org
# ignore_dst_ips: 8.8.8.8, 1.1.1.1
# insert_init_first: false
# tls_out: false
# reinitialize_iptables: false
sidecar: {}
# Forwarder settings
# forwarder:
# resources:
# limits:
# cpu: 500m
# memory: 500M
# requests:
# cpu: 300m
# memory: 250M
forwarder: {}

65
index.yaml
View File

@ -4615,6 +4615,38 @@ entries:
- assets/cerbos/cerbos-0.37.0.tgz
version: 0.37.0
cf-runtime:
- annotations:
artifacthub.io/changes: |
- kind: changed
description: "Update engine (--cache-to support in build step)"
artifacthub.io/containsSecurityUpdates: "false"
catalog.cattle.io/certified: partner
catalog.cattle.io/display-name: Codefresh
catalog.cattle.io/kube-version: '>=1.18-0'
catalog.cattle.io/release-name: ""
apiVersion: v2
created: "2024-12-05T00:01:46.507094679Z"
dependencies:
- name: cf-common
repository: oci://quay.io/codefresh/charts
version: 0.21.0
description: A Helm chart for Codefresh Runner
digest: 802c29375ff9e3f7bee07a58a5cd4746f63f2514ef9bdcab73c5f12cd62def88
home: https://codefresh.io/
icon: file://assets/icons/cf-runtime.png
keywords:
- codefresh
- runner
kubeVersion: '>=1.18-0'
maintainers:
- name: codefresh
url: https://codefresh-io.github.io/
name: cf-runtime
sources:
- https://github.com/codefresh-io/venona
urls:
- assets/codefresh/cf-runtime-7.2.2.tgz
version: 7.2.2
- annotations:
artifacthub.io/changes: |
- kind: security
@ -42684,6 +42716,37 @@ entries:
- assets/redpanda/redpanda-4.0.33.tgz
version: 4.0.33
speedscale-operator:
- annotations:
catalog.cattle.io/certified: partner
catalog.cattle.io/display-name: Speedscale Operator
catalog.cattle.io/kube-version: '>= 1.17.0-0'
catalog.cattle.io/release-name: speedscale-operator
apiVersion: v1
appVersion: 2.2.744
created: "2024-12-05T00:01:51.202918337Z"
description: Stress test your APIs with real world scenarios. Collect and replay
traffic without scripting.
digest: 54bc1a93d9777b8fa6d5b8eebed953d041c142df47cb60da7c811b3c1dfa9096
home: https://speedscale.com
icon: file://assets/icons/speedscale-operator.png
keywords:
- speedscale
- test
- testing
- regression
- reliability
- load
- replay
- network
- traffic
kubeVersion: '>= 1.17.0-0'
maintainers:
- email: support@speedscale.com
name: Speedscale Support
name: speedscale-operator
urls:
- assets/speedscale/speedscale-operator-2.2.744.tgz
version: 2.2.744
- annotations:
catalog.cattle.io/certified: partner
catalog.cattle.io/display-name: Speedscale Operator
@ -50447,4 +50510,4 @@ entries:
urls:
- assets/netfoundry/ziti-host-1.5.1.tgz
version: 1.5.1
generated: "2024-12-04T00:01:46.132288371Z"
generated: "2024-12-05T00:01:45.827830911Z"