TVK Operator update v2.6.4, make charts output
parent
b417b68829
commit
f35527d11d
Binary file not shown.
|
@ -0,0 +1,23 @@
|
|||
# Patterns to ignore when building packages.
|
||||
# This supports shell glob matching, relative path matching, and
|
||||
# negation (prefixed with !). Only one pattern per line.
|
||||
.DS_Store
|
||||
# Common VCS dirs
|
||||
.git/
|
||||
.gitignore
|
||||
.bzr/
|
||||
.bzrignore
|
||||
.hg/
|
||||
.hgignore
|
||||
.svn/
|
||||
# Common backup files
|
||||
*.swp
|
||||
*.bak
|
||||
*.tmp
|
||||
*~
|
||||
# Various IDEs
|
||||
.project
|
||||
.idea/
|
||||
*.tmproj
|
||||
# Helm files
|
||||
OWNERS
|
|
@ -0,0 +1,18 @@
|
|||
annotations:
|
||||
catalog.cattle.io/certified: partner
|
||||
catalog.cattle.io/display-name: TrilioVault for Kubernetes Operator
|
||||
catalog.cattle.io/release-name: k8s-triliovault-operator
|
||||
apiVersion: v1
|
||||
appVersion: 2.6.4
|
||||
description: K8s-TrilioVault-Operator is an operator designed to manage the K8s-TrilioVault
|
||||
Application Lifecycle.
|
||||
home: https://github.com/trilioData/k8s-triliovault-operator
|
||||
icon: https://www.trilio.io/wp-content/uploads/2021/01/Trilio-2020-logo-RGB-gray-green.png
|
||||
kubeVersion: 1.18-1.22
|
||||
maintainers:
|
||||
- email: prafull.ladha@trilio.io
|
||||
name: prafull11
|
||||
name: k8s-triliovault-operator
|
||||
sources:
|
||||
- https://github.com/trilioData/k8s-triliovault-operator
|
||||
version: 2.6.400
|
|
@ -0,0 +1 @@
|
|||
# Placeholder for the License if we decide to provide one
|
|
@ -0,0 +1,120 @@
|
|||
# K8s-TrilioVault-Operator
|
||||
This operator is to manage the lifecycle of TrilioVault Backup/Recovery solution. This operator install, updates and manage the TrilioVault application.
|
||||
|
||||
## Introduction
|
||||
|
||||
## Prerequisites
|
||||
|
||||
- Kubernetes 1.18+
|
||||
- Alpha feature gates should be enabled
|
||||
- PV provisioner support
|
||||
- CSI driver should be installed
|
||||
|
||||
## Installation
|
||||
|
||||
To install the operator on local setup just run the latest helm charts inside this repo
|
||||
|
||||
```shell script
|
||||
helm repo add trilio-vault-operator https://charts.k8strilio.net/trilio-stable/k8s-triliovault-operator
|
||||
helm install tvm trilio-vault-operator/k8s-triliovault-operator
|
||||
```
|
||||
|
||||
Now, create a TrilioVaultManager CR to install the TrilioVault for Kubernetes. You can provide the custom configurations for the TVK resources as follows:
|
||||
|
||||
```
|
||||
apiVersion: triliovault.trilio.io/v1
|
||||
kind: TrilioVaultManager
|
||||
metadata:
|
||||
labels:
|
||||
triliovault: k8s
|
||||
name: tvk
|
||||
spec:
|
||||
trilioVaultAppVersion: 2.5.0
|
||||
applicationScope: Cluster
|
||||
# TVK components configuration, currently supports control-plane, web, exporter, web-backend, ingress-controller, admission-webhook.
|
||||
# User can configure resources for all componentes and can configure service type and host for the ingress-controller
|
||||
componentConfiguration:
|
||||
web-backend:
|
||||
resources:
|
||||
requests:
|
||||
memory: "400Mi"
|
||||
cpu: "200m"
|
||||
limits:
|
||||
memory: "2584Mi"
|
||||
cpu: "1000m"
|
||||
ingress-controller:
|
||||
service:
|
||||
type: LoadBalancer
|
||||
host: "trilio.co.in"
|
||||
```
|
||||
|
||||
### Apply the Custom Resource
|
||||
|
||||
Apply `TVM.yaml`:
|
||||
|
||||
```shell
|
||||
kubectl create -f TVM.yaml
|
||||
```
|
||||
|
||||
Check that the pods were created:
|
||||
|
||||
```
|
||||
kubectl get pods
|
||||
```
|
||||
|
||||
```
|
||||
NAME READY STATUS RESTARTS AGE
|
||||
k8s-triliovault-admission-webhook-6ff5f98c8-qwmfc 1/1 Running 0 81s
|
||||
k8s-triliovault-backend-6f66b6b8d5-gxtmz 1/1 Running 0 81s
|
||||
k8s-triliovault-control-plane-6c464c5d78-ftk6g 1/1 Running 0 81s
|
||||
k8s-triliovault-exporter-59566f97dd-gs4xc 1/1 Running 0 81s
|
||||
k8s-triliovault-ingress-controller-84cf46848-tkcdz 1/1 Running 0 18s
|
||||
k8s-triliovault-web-967c8475-m7pc6 1/1 Running 0 81s
|
||||
tvm-k8s-triliovault-operator-66bd7d86d5-dvhzb 1/1 Running 0 6m48s
|
||||
```
|
||||
|
||||
Check that ingress controller service is of type LoadBalancer:
|
||||
```
|
||||
k8s-triliovault-admission-webhook ClusterIP 10.255.241.108 <none> 443/TCP 2m7s
|
||||
k8s-triliovault-ingress-gateway LoadBalancer 10.255.254.153 34.75.176.146 80:30737/TCP,443:30769/TCP 2m7s
|
||||
k8s-triliovault-web ClusterIP 10.255.245.52 <none> 80/TCP 2m7s
|
||||
k8s-triliovault-web-backend ClusterIP 10.255.250.166 <none> 80/TCP 2m7s
|
||||
kubernetes ClusterIP 10.255.240.1 <none> 443/TCP 6m9s
|
||||
tvm-k8s-triliovault-operator-webhook-service ClusterIP 10.255.249.77 <none> 443/TCP 3m22s
|
||||
```
|
||||
|
||||
Check that ingress resources has the host defined by the user:
|
||||
```
|
||||
NAME CLASS HOSTS ADDRESS PORTS AGE
|
||||
k8s-triliovault-ingress-master nginx trilio.co.in 80 98s
|
||||
k8s-triliovault-ingress-minion nginx trilio.co.in 80 98s
|
||||
|
||||
```
|
||||
|
||||
## Delete
|
||||
|
||||
```shell
|
||||
kubectl delete -f TVM.yaml
|
||||
```
|
||||
|
||||
## Uninstall
|
||||
|
||||
To uninstall/delete the operator helm chart :
|
||||
|
||||
```bash
|
||||
helm uninstall tvm
|
||||
```
|
||||
|
||||
## TrilioVaultManager compatibility
|
||||
|
||||
The following table captures the compatibility matrix of the TrilioVault Manager against TVK:
|
||||
|
||||
| TVM Version | TVK 2.5.2 | TVK 2.5.1 | TVK 2.5.0 | TVK 2.1.0 | TVK 2.0.5 | TVK 2.0.4 | TVK 2.0.3 | TVK 2.0.2 | TVK 2.0.1 |
|
||||
|-------------|-----------|-----------|-----------|-----------|-----------|-----------|-----------|-----------|-----------|
|
||||
| 2.5.2 | yes | yes | yes | yes | yes | yes | yes | yes | yes |
|
||||
| 2.5.0 | no | yes | yes | yes | yes | yes | yes | yes | yes |
|
||||
| v2.1.0 | no | no | no | yes | yes | yes | yes | yes | yes |
|
||||
| v2.0.5 | no | no | no | yes | yes | yes | yes | yes | yes |
|
||||
| v2.0.2 | no | no | no | yes | yes | yes | yes | yes | yes |
|
||||
| v2.0.1 | no | no | no | yes | yes | yes | yes | yes | yes |
|
||||
| v2.0.0 | no | no | no | yes | yes | yes | yes | yes | yes |
|
|
@ -0,0 +1,37 @@
|
|||
# TrilioVault for Kubernetes
|
||||
|
||||
[K8s-TrilioVault-Operator](https://trilio.io) is an operator designed to manage
|
||||
the K8s-TrilioVault Application Lifecycle.
|
||||
|
||||
This operator is to manage the lifecycle of TrilioVault Backup/Recovery solution. This operator install, updates and manage the TrilioVault application.
|
||||
|
||||
Introduction:
|
||||
|
||||
Prerequisites:
|
||||
|
||||
Kubernetes 1.17+
|
||||
Alpha feature gates should be enabled
|
||||
PV provisioner support
|
||||
CSI driver should be installed
|
||||
|
||||
Installation:
|
||||
|
||||
To install the chart with the operator name trilio:
|
||||
|
||||
helm install k8s-triliovault-operator triliovault-operator/k8s-triliovault-operator
|
||||
|
||||
# For helm version 3
|
||||
|
||||
helm install triliovault-operator triliovault-operator/k8s-triliovault-operator
|
||||
|
||||
The command deploys the Triliovault for Kubernetes Operator with the default configuration.
|
||||
|
||||
Uninstall:
|
||||
|
||||
To uninstall/delete the chart trilio :
|
||||
|
||||
# For helm version 3
|
||||
helm uninstall k8s-triliovault-operator
|
||||
|
||||
For more information around TVM manager installation, please follow below link:
|
||||
https://docs.trilio.io/kubernetes/use-triliovault/installing-triliovault
|
|
@ -0,0 +1,895 @@
|
|||
|
||||
---
|
||||
apiVersion: apiextensions.k8s.io/v1
|
||||
kind: CustomResourceDefinition
|
||||
metadata:
|
||||
annotations:
|
||||
controller-gen.kubebuilder.io/version: v0.7.0
|
||||
creationTimestamp: null
|
||||
name: triliovaultmanagers.triliovault.trilio.io
|
||||
spec:
|
||||
group: triliovault.trilio.io
|
||||
names:
|
||||
kind: TrilioVaultManager
|
||||
listKind: TrilioVaultManagerList
|
||||
plural: triliovaultmanagers
|
||||
shortNames:
|
||||
- tvm
|
||||
singular: triliovaultmanager
|
||||
scope: Namespaced
|
||||
versions:
|
||||
- additionalPrinterColumns:
|
||||
- jsonPath: .spec.trilioVaultAppVersion
|
||||
name: TrilioVault-Version
|
||||
type: string
|
||||
- jsonPath: .spec.applicationScope
|
||||
name: Scope
|
||||
type: string
|
||||
- jsonPath: .status.conditions.type
|
||||
name: Status
|
||||
type: string
|
||||
- jsonPath: .spec.restoreNamespaces
|
||||
name: Restore-Namespaces
|
||||
type: string
|
||||
name: v1
|
||||
schema:
|
||||
openAPIV3Schema:
|
||||
description: TrilioVaultManager is the Schema for the triliovaultmanagers
|
||||
API
|
||||
properties:
|
||||
apiVersion:
|
||||
description: 'APIVersion defines the versioned schema of this representation
|
||||
of an object. Servers should convert recognized schemas to the latest
|
||||
internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources'
|
||||
type: string
|
||||
kind:
|
||||
description: 'Kind is a string value representing the REST resource this
|
||||
object represents. Servers may infer this from the endpoint the client
|
||||
submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds'
|
||||
type: string
|
||||
metadata:
|
||||
type: object
|
||||
spec:
|
||||
description: TrilioVaultManagerSpec defines the desired state of TrilioVaultManager
|
||||
properties:
|
||||
affinity:
|
||||
description: The scheduling constraints on application pods.
|
||||
properties:
|
||||
nodeAffinity:
|
||||
description: Describes node affinity scheduling rules for the
|
||||
pod.
|
||||
properties:
|
||||
preferredDuringSchedulingIgnoredDuringExecution:
|
||||
description: The scheduler will prefer to schedule pods to
|
||||
nodes that satisfy the affinity expressions specified by
|
||||
this field, but it may choose a node that violates one or
|
||||
more of the expressions. The node that is most preferred
|
||||
is the one with the greatest sum of weights, i.e. for each
|
||||
node that meets all of the scheduling requirements (resource
|
||||
request, requiredDuringScheduling affinity expressions,
|
||||
etc.), compute a sum by iterating through the elements of
|
||||
this field and adding "weight" to the sum if the node matches
|
||||
the corresponding matchExpressions; the node(s) with the
|
||||
highest sum are the most preferred.
|
||||
items:
|
||||
description: An empty preferred scheduling term matches
|
||||
all objects with implicit weight 0 (i.e. it's a no-op).
|
||||
A null preferred scheduling term matches no objects (i.e.
|
||||
is also a no-op).
|
||||
properties:
|
||||
preference:
|
||||
description: A node selector term, associated with the
|
||||
corresponding weight.
|
||||
properties:
|
||||
matchExpressions:
|
||||
description: A list of node selector requirements
|
||||
by node's labels.
|
||||
items:
|
||||
description: A node selector requirement is a
|
||||
selector that contains values, a key, and an
|
||||
operator that relates the key and values.
|
||||
properties:
|
||||
key:
|
||||
description: The label key that the selector
|
||||
applies to.
|
||||
type: string
|
||||
operator:
|
||||
description: Represents a key's relationship
|
||||
to a set of values. Valid operators are
|
||||
In, NotIn, Exists, DoesNotExist. Gt, and
|
||||
Lt.
|
||||
type: string
|
||||
values:
|
||||
description: An array of string values. If
|
||||
the operator is In or NotIn, the values
|
||||
array must be non-empty. If the operator
|
||||
is Exists or DoesNotExist, the values array
|
||||
must be empty. If the operator is Gt or
|
||||
Lt, the values array must have a single
|
||||
element, which will be interpreted as an
|
||||
integer. This array is replaced during a
|
||||
strategic merge patch.
|
||||
items:
|
||||
type: string
|
||||
type: array
|
||||
required:
|
||||
- key
|
||||
- operator
|
||||
type: object
|
||||
type: array
|
||||
matchFields:
|
||||
description: A list of node selector requirements
|
||||
by node's fields.
|
||||
items:
|
||||
description: A node selector requirement is a
|
||||
selector that contains values, a key, and an
|
||||
operator that relates the key and values.
|
||||
properties:
|
||||
key:
|
||||
description: The label key that the selector
|
||||
applies to.
|
||||
type: string
|
||||
operator:
|
||||
description: Represents a key's relationship
|
||||
to a set of values. Valid operators are
|
||||
In, NotIn, Exists, DoesNotExist. Gt, and
|
||||
Lt.
|
||||
type: string
|
||||
values:
|
||||
description: An array of string values. If
|
||||
the operator is In or NotIn, the values
|
||||
array must be non-empty. If the operator
|
||||
is Exists or DoesNotExist, the values array
|
||||
must be empty. If the operator is Gt or
|
||||
Lt, the values array must have a single
|
||||
element, which will be interpreted as an
|
||||
integer. This array is replaced during a
|
||||
strategic merge patch.
|
||||
items:
|
||||
type: string
|
||||
type: array
|
||||
required:
|
||||
- key
|
||||
- operator
|
||||
type: object
|
||||
type: array
|
||||
type: object
|
||||
weight:
|
||||
description: Weight associated with matching the corresponding
|
||||
nodeSelectorTerm, in the range 1-100.
|
||||
format: int32
|
||||
type: integer
|
||||
required:
|
||||
- preference
|
||||
- weight
|
||||
type: object
|
||||
type: array
|
||||
requiredDuringSchedulingIgnoredDuringExecution:
|
||||
description: If the affinity requirements specified by this
|
||||
field are not met at scheduling time, the pod will not be
|
||||
scheduled onto the node. If the affinity requirements specified
|
||||
by this field cease to be met at some point during pod execution
|
||||
(e.g. due to an update), the system may or may not try to
|
||||
eventually evict the pod from its node.
|
||||
properties:
|
||||
nodeSelectorTerms:
|
||||
description: Required. A list of node selector terms.
|
||||
The terms are ORed.
|
||||
items:
|
||||
description: A null or empty node selector term matches
|
||||
no objects. The requirements of them are ANDed. The
|
||||
TopologySelectorTerm type implements a subset of the
|
||||
NodeSelectorTerm.
|
||||
properties:
|
||||
matchExpressions:
|
||||
description: A list of node selector requirements
|
||||
by node's labels.
|
||||
items:
|
||||
description: A node selector requirement is a
|
||||
selector that contains values, a key, and an
|
||||
operator that relates the key and values.
|
||||
properties:
|
||||
key:
|
||||
description: The label key that the selector
|
||||
applies to.
|
||||
type: string
|
||||
operator:
|
||||
description: Represents a key's relationship
|
||||
to a set of values. Valid operators are
|
||||
In, NotIn, Exists, DoesNotExist. Gt, and
|
||||
Lt.
|
||||
type: string
|
||||
values:
|
||||
description: An array of string values. If
|
||||
the operator is In or NotIn, the values
|
||||
array must be non-empty. If the operator
|
||||
is Exists or DoesNotExist, the values array
|
||||
must be empty. If the operator is Gt or
|
||||
Lt, the values array must have a single
|
||||
element, which will be interpreted as an
|
||||
integer. This array is replaced during a
|
||||
strategic merge patch.
|
||||
items:
|
||||
type: string
|
||||
type: array
|
||||
required:
|
||||
- key
|
||||
- operator
|
||||
type: object
|
||||
type: array
|
||||
matchFields:
|
||||
description: A list of node selector requirements
|
||||
by node's fields.
|
||||
items:
|
||||
description: A node selector requirement is a
|
||||
selector that contains values, a key, and an
|
||||
operator that relates the key and values.
|
||||
properties:
|
||||
key:
|
||||
description: The label key that the selector
|
||||
applies to.
|
||||
type: string
|
||||
operator:
|
||||
description: Represents a key's relationship
|
||||
to a set of values. Valid operators are
|
||||
In, NotIn, Exists, DoesNotExist. Gt, and
|
||||
Lt.
|
||||
type: string
|
||||
values:
|
||||
description: An array of string values. If
|
||||
the operator is In or NotIn, the values
|
||||
array must be non-empty. If the operator
|
||||
is Exists or DoesNotExist, the values array
|
||||
must be empty. If the operator is Gt or
|
||||
Lt, the values array must have a single
|
||||
element, which will be interpreted as an
|
||||
integer. This array is replaced during a
|
||||
strategic merge patch.
|
||||
items:
|
||||
type: string
|
||||
type: array
|
||||
required:
|
||||
- key
|
||||
- operator
|
||||
type: object
|
||||
type: array
|
||||
type: object
|
||||
type: array
|
||||
required:
|
||||
- nodeSelectorTerms
|
||||
type: object
|
||||
type: object
|
||||
podAffinity:
|
||||
description: Describes pod affinity scheduling rules (e.g. co-locate
|
||||
this pod in the same node, zone, etc. as some other pod(s)).
|
||||
properties:
|
||||
preferredDuringSchedulingIgnoredDuringExecution:
|
||||
description: The scheduler will prefer to schedule pods to
|
||||
nodes that satisfy the affinity expressions specified by
|
||||
this field, but it may choose a node that violates one or
|
||||
more of the expressions. The node that is most preferred
|
||||
is the one with the greatest sum of weights, i.e. for each
|
||||
node that meets all of the scheduling requirements (resource
|
||||
request, requiredDuringScheduling affinity expressions,
|
||||
etc.), compute a sum by iterating through the elements of
|
||||
this field and adding "weight" to the sum if the node has
|
||||
pods which matches the corresponding podAffinityTerm; the
|
||||
node(s) with the highest sum are the most preferred.
|
||||
items:
|
||||
description: The weights of all of the matched WeightedPodAffinityTerm
|
||||
fields are added per-node to find the most preferred node(s)
|
||||
properties:
|
||||
podAffinityTerm:
|
||||
description: Required. A pod affinity term, associated
|
||||
with the corresponding weight.
|
||||
properties:
|
||||
labelSelector:
|
||||
description: A label query over a set of resources,
|
||||
in this case pods.
|
||||
properties:
|
||||
matchExpressions:
|
||||
description: matchExpressions is a list of label
|
||||
selector requirements. The requirements are
|
||||
ANDed.
|
||||
items:
|
||||
description: A label selector requirement
|
||||
is a selector that contains values, a key,
|
||||
and an operator that relates the key and
|
||||
values.
|
||||
properties:
|
||||
key:
|
||||
description: key is the label key that
|
||||
the selector applies to.
|
||||
type: string
|
||||
operator:
|
||||
description: operator represents a key's
|
||||
relationship to a set of values. Valid
|
||||
operators are In, NotIn, Exists and
|
||||
DoesNotExist.
|
||||
type: string
|
||||
values:
|
||||
description: values is an array of string
|
||||
values. If the operator is In or NotIn,
|
||||
the values array must be non-empty.
|
||||
If the operator is Exists or DoesNotExist,
|
||||
the values array must be empty. This
|
||||
array is replaced during a strategic
|
||||
merge patch.
|
||||
items:
|
||||
type: string
|
||||
type: array
|
||||
required:
|
||||
- key
|
||||
- operator
|
||||
type: object
|
||||
type: array
|
||||
matchLabels:
|
||||
additionalProperties:
|
||||
type: string
|
||||
description: matchLabels is a map of {key,value}
|
||||
pairs. A single {key,value} in the matchLabels
|
||||
map is equivalent to an element of matchExpressions,
|
||||
whose key field is "key", the operator is
|
||||
"In", and the values array contains only "value".
|
||||
The requirements are ANDed.
|
||||
type: object
|
||||
type: object
|
||||
namespaces:
|
||||
description: namespaces specifies which namespaces
|
||||
the labelSelector applies to (matches against);
|
||||
null or empty list means "this pod's namespace"
|
||||
items:
|
||||
type: string
|
||||
type: array
|
||||
topologyKey:
|
||||
description: This pod should be co-located (affinity)
|
||||
or not co-located (anti-affinity) with the pods
|
||||
matching the labelSelector in the specified namespaces,
|
||||
where co-located is defined as running on a node
|
||||
whose value of the label with key topologyKey
|
||||
matches that of any node on which any of the selected
|
||||
pods is running. Empty topologyKey is not allowed.
|
||||
type: string
|
||||
required:
|
||||
- topologyKey
|
||||
type: object
|
||||
weight:
|
||||
description: weight associated with matching the corresponding
|
||||
podAffinityTerm, in the range 1-100.
|
||||
format: int32
|
||||
type: integer
|
||||
required:
|
||||
- podAffinityTerm
|
||||
- weight
|
||||
type: object
|
||||
type: array
|
||||
requiredDuringSchedulingIgnoredDuringExecution:
|
||||
description: If the affinity requirements specified by this
|
||||
field are not met at scheduling time, the pod will not be
|
||||
scheduled onto the node. If the affinity requirements specified
|
||||
by this field cease to be met at some point during pod execution
|
||||
(e.g. due to a pod label update), the system may or may
|
||||
not try to eventually evict the pod from its node. When
|
||||
there are multiple elements, the lists of nodes corresponding
|
||||
to each podAffinityTerm are intersected, i.e. all terms
|
||||
must be satisfied.
|
||||
items:
|
||||
description: Defines a set of pods (namely those matching
|
||||
the labelSelector relative to the given namespace(s))
|
||||
that this pod should be co-located (affinity) or not co-located
|
||||
(anti-affinity) with, where co-located is defined as running
|
||||
on a node whose value of the label with key <topologyKey>
|
||||
matches that of any node on which a pod of the set of
|
||||
pods is running
|
||||
properties:
|
||||
labelSelector:
|
||||
description: A label query over a set of resources,
|
||||
in this case pods.
|
||||
properties:
|
||||
matchExpressions:
|
||||
description: matchExpressions is a list of label
|
||||
selector requirements. The requirements are ANDed.
|
||||
items:
|
||||
description: A label selector requirement is a
|
||||
selector that contains values, a key, and an
|
||||
operator that relates the key and values.
|
||||
properties:
|
||||
key:
|
||||
description: key is the label key that the
|
||||
selector applies to.
|
||||
type: string
|
||||
operator:
|
||||
description: operator represents a key's relationship
|
||||
to a set of values. Valid operators are
|
||||
In, NotIn, Exists and DoesNotExist.
|
||||
type: string
|
||||
values:
|
||||
description: values is an array of string
|
||||
values. If the operator is In or NotIn,
|
||||
the values array must be non-empty. If the
|
||||
operator is Exists or DoesNotExist, the
|
||||
values array must be empty. This array is
|
||||
replaced during a strategic merge patch.
|
||||
items:
|
||||
type: string
|
||||
type: array
|
||||
required:
|
||||
- key
|
||||
- operator
|
||||
type: object
|
||||
type: array
|
||||
matchLabels:
|
||||
additionalProperties:
|
||||
type: string
|
||||
description: matchLabels is a map of {key,value}
|
||||
pairs. A single {key,value} in the matchLabels
|
||||
map is equivalent to an element of matchExpressions,
|
||||
whose key field is "key", the operator is "In",
|
||||
and the values array contains only "value". The
|
||||
requirements are ANDed.
|
||||
type: object
|
||||
type: object
|
||||
namespaces:
|
||||
description: namespaces specifies which namespaces the
|
||||
labelSelector applies to (matches against); null or
|
||||
empty list means "this pod's namespace"
|
||||
items:
|
||||
type: string
|
||||
type: array
|
||||
topologyKey:
|
||||
description: This pod should be co-located (affinity)
|
||||
or not co-located (anti-affinity) with the pods matching
|
||||
the labelSelector in the specified namespaces, where
|
||||
co-located is defined as running on a node whose value
|
||||
of the label with key topologyKey matches that of
|
||||
any node on which any of the selected pods is running.
|
||||
Empty topologyKey is not allowed.
|
||||
type: string
|
||||
required:
|
||||
- topologyKey
|
||||
type: object
|
||||
type: array
|
||||
type: object
|
||||
podAntiAffinity:
|
||||
description: Describes pod anti-affinity scheduling rules (e.g.
|
||||
avoid putting this pod in the same node, zone, etc. as some
|
||||
other pod(s)).
|
||||
properties:
|
||||
preferredDuringSchedulingIgnoredDuringExecution:
|
||||
description: The scheduler will prefer to schedule pods to
|
||||
nodes that satisfy the anti-affinity expressions specified
|
||||
by this field, but it may choose a node that violates one
|
||||
or more of the expressions. The node that is most preferred
|
||||
is the one with the greatest sum of weights, i.e. for each
|
||||
node that meets all of the scheduling requirements (resource
|
||||
request, requiredDuringScheduling anti-affinity expressions,
|
||||
etc.), compute a sum by iterating through the elements of
|
||||
this field and adding "weight" to the sum if the node has
|
||||
pods which matches the corresponding podAffinityTerm; the
|
||||
node(s) with the highest sum are the most preferred.
|
||||
items:
|
||||
description: The weights of all of the matched WeightedPodAffinityTerm
|
||||
fields are added per-node to find the most preferred node(s)
|
||||
properties:
|
||||
podAffinityTerm:
|
||||
description: Required. A pod affinity term, associated
|
||||
with the corresponding weight.
|
||||
properties:
|
||||
labelSelector:
|
||||
description: A label query over a set of resources,
|
||||
in this case pods.
|
||||
properties:
|
||||
matchExpressions:
|
||||
description: matchExpressions is a list of label
|
||||
selector requirements. The requirements are
|
||||
ANDed.
|
||||
items:
|
||||
description: A label selector requirement
|
||||
is a selector that contains values, a key,
|
||||
and an operator that relates the key and
|
||||
values.
|
||||
properties:
|
||||
key:
|
||||
description: key is the label key that
|
||||
the selector applies to.
|
||||
type: string
|
||||
operator:
|
||||
description: operator represents a key's
|
||||
relationship to a set of values. Valid
|
||||
operators are In, NotIn, Exists and
|
||||
DoesNotExist.
|
||||
type: string
|
||||
values:
|
||||
description: values is an array of string
|
||||
values. If the operator is In or NotIn,
|
||||
the values array must be non-empty.
|
||||
If the operator is Exists or DoesNotExist,
|
||||
the values array must be empty. This
|
||||
array is replaced during a strategic
|
||||
merge patch.
|
||||
items:
|
||||
type: string
|
||||
type: array
|
||||
required:
|
||||
- key
|
||||
- operator
|
||||
type: object
|
||||
type: array
|
||||
matchLabels:
|
||||
additionalProperties:
|
||||
type: string
|
||||
description: matchLabels is a map of {key,value}
|
||||
pairs. A single {key,value} in the matchLabels
|
||||
map is equivalent to an element of matchExpressions,
|
||||
whose key field is "key", the operator is
|
||||
"In", and the values array contains only "value".
|
||||
The requirements are ANDed.
|
||||
type: object
|
||||
type: object
|
||||
namespaces:
|
||||
description: namespaces specifies which namespaces
|
||||
the labelSelector applies to (matches against);
|
||||
null or empty list means "this pod's namespace"
|
||||
items:
|
||||
type: string
|
||||
type: array
|
||||
topologyKey:
|
||||
description: This pod should be co-located (affinity)
|
||||
or not co-located (anti-affinity) with the pods
|
||||
matching the labelSelector in the specified namespaces,
|
||||
where co-located is defined as running on a node
|
||||
whose value of the label with key topologyKey
|
||||
matches that of any node on which any of the selected
|
||||
pods is running. Empty topologyKey is not allowed.
|
||||
type: string
|
||||
required:
|
||||
- topologyKey
|
||||
type: object
|
||||
weight:
|
||||
description: weight associated with matching the corresponding
|
||||
podAffinityTerm, in the range 1-100.
|
||||
format: int32
|
||||
type: integer
|
||||
required:
|
||||
- podAffinityTerm
|
||||
- weight
|
||||
type: object
|
||||
type: array
|
||||
requiredDuringSchedulingIgnoredDuringExecution:
|
||||
description: If the anti-affinity requirements specified by
|
||||
this field are not met at scheduling time, the pod will
|
||||
not be scheduled onto the node. If the anti-affinity requirements
|
||||
specified by this field cease to be met at some point during
|
||||
pod execution (e.g. due to a pod label update), the system
|
||||
may or may not try to eventually evict the pod from its
|
||||
node. When there are multiple elements, the lists of nodes
|
||||
corresponding to each podAffinityTerm are intersected, i.e.
|
||||
all terms must be satisfied.
|
||||
items:
|
||||
description: Defines a set of pods (namely those matching
|
||||
the labelSelector relative to the given namespace(s))
|
||||
that this pod should be co-located (affinity) or not co-located
|
||||
(anti-affinity) with, where co-located is defined as running
|
||||
on a node whose value of the label with key <topologyKey>
|
||||
matches that of any node on which a pod of the set of
|
||||
pods is running
|
||||
properties:
|
||||
labelSelector:
|
||||
description: A label query over a set of resources,
|
||||
in this case pods.
|
||||
properties:
|
||||
matchExpressions:
|
||||
description: matchExpressions is a list of label
|
||||
selector requirements. The requirements are ANDed.
|
||||
items:
|
||||
description: A label selector requirement is a
|
||||
selector that contains values, a key, and an
|
||||
operator that relates the key and values.
|
||||
properties:
|
||||
key:
|
||||
description: key is the label key that the
|
||||
selector applies to.
|
||||
type: string
|
||||
operator:
|
||||
description: operator represents a key's relationship
|
||||
to a set of values. Valid operators are
|
||||
In, NotIn, Exists and DoesNotExist.
|
||||
type: string
|
||||
values:
|
||||
description: values is an array of string
|
||||
values. If the operator is In or NotIn,
|
||||
the values array must be non-empty. If the
|
||||
operator is Exists or DoesNotExist, the
|
||||
values array must be empty. This array is
|
||||
replaced during a strategic merge patch.
|
||||
items:
|
||||
type: string
|
||||
type: array
|
||||
required:
|
||||
- key
|
||||
- operator
|
||||
type: object
|
||||
type: array
|
||||
matchLabels:
|
||||
additionalProperties:
|
||||
type: string
|
||||
description: matchLabels is a map of {key,value}
|
||||
pairs. A single {key,value} in the matchLabels
|
||||
map is equivalent to an element of matchExpressions,
|
||||
whose key field is "key", the operator is "In",
|
||||
and the values array contains only "value". The
|
||||
requirements are ANDed.
|
||||
type: object
|
||||
type: object
|
||||
namespaces:
|
||||
description: namespaces specifies which namespaces the
|
||||
labelSelector applies to (matches against); null or
|
||||
empty list means "this pod's namespace"
|
||||
items:
|
||||
type: string
|
||||
type: array
|
||||
topologyKey:
|
||||
description: This pod should be co-located (affinity)
|
||||
or not co-located (anti-affinity) with the pods matching
|
||||
the labelSelector in the specified namespaces, where
|
||||
co-located is defined as running on a node whose value
|
||||
of the label with key topologyKey matches that of
|
||||
any node on which any of the selected pods is running.
|
||||
Empty topologyKey is not allowed.
|
||||
type: string
|
||||
required:
|
||||
- topologyKey
|
||||
type: object
|
||||
type: array
|
||||
type: object
|
||||
type: object
|
||||
applicationScope:
|
||||
description: Scope for the application which will be installed in
|
||||
the cluster NamespaceScope or ClusterScope
|
||||
enum:
|
||||
- Cluster
|
||||
- Namespaced
|
||||
type: string
|
||||
componentConfiguration:
|
||||
description: ComponentConfiguration holds all the field related to
|
||||
components.
|
||||
properties:
|
||||
admission-webhook:
|
||||
description: AdmissionWebhook holds all configuration keys related
|
||||
to admission-webhook
|
||||
type: object
|
||||
x-kubernetes-preserve-unknown-fields: true
|
||||
control-plane:
|
||||
description: ControlPlane holds all configuration keys related
|
||||
to control-plane
|
||||
type: object
|
||||
x-kubernetes-preserve-unknown-fields: true
|
||||
exporter:
|
||||
description: Exporter holds all configuration keys related to
|
||||
exporter
|
||||
type: object
|
||||
x-kubernetes-preserve-unknown-fields: true
|
||||
ingress-controller:
|
||||
description: IngressController holds all configuration keys related
|
||||
to ingress-controller
|
||||
type: object
|
||||
x-kubernetes-preserve-unknown-fields: true
|
||||
web:
|
||||
description: Web holds all configuration keys related to web
|
||||
type: object
|
||||
x-kubernetes-preserve-unknown-fields: true
|
||||
web-backend:
|
||||
description: WebBackend holds all configuration keys related to
|
||||
web-backend
|
||||
type: object
|
||||
x-kubernetes-preserve-unknown-fields: true
|
||||
type: object
|
||||
dataJobLimits:
|
||||
additionalProperties:
|
||||
anyOf:
|
||||
- type: integer
|
||||
- type: string
|
||||
pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$
|
||||
x-kubernetes-int-or-string: true
|
||||
description: DataJobLimits are the resource limits for all the data
|
||||
processing jobs.
|
||||
type: object
|
||||
deploymentLimits:
|
||||
additionalProperties:
|
||||
anyOf:
|
||||
- type: integer
|
||||
- type: string
|
||||
pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$
|
||||
x-kubernetes-int-or-string: true
|
||||
description: DeploymentLimits are the resource limits for all the
|
||||
deployments.
|
||||
type: object
|
||||
helmValues:
|
||||
description: HelmValues holds all the additional fields in the values.yaml
|
||||
of TVK helm chart.
|
||||
type: object
|
||||
x-kubernetes-preserve-unknown-fields: true
|
||||
helmVersion:
|
||||
description: 'Deprecated: Helm Version'
|
||||
properties:
|
||||
tillerNamespace:
|
||||
type: string
|
||||
version:
|
||||
enum:
|
||||
- v3
|
||||
type: string
|
||||
required:
|
||||
- version
|
||||
type: object
|
||||
ingressConfig:
|
||||
description: IngressConfig holds field related to ingress
|
||||
properties:
|
||||
annotations:
|
||||
additionalProperties:
|
||||
type: string
|
||||
type: object
|
||||
host:
|
||||
type: string
|
||||
ingressClass:
|
||||
type: string
|
||||
tlsSecretName:
|
||||
type: string
|
||||
type: object
|
||||
metadataJobLimits:
|
||||
additionalProperties:
|
||||
anyOf:
|
||||
- type: integer
|
||||
- type: string
|
||||
pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$
|
||||
x-kubernetes-int-or-string: true
|
||||
description: MetadataJobLimits are the resource limits for all the
|
||||
meta processing jobs.
|
||||
type: object
|
||||
nodeSelector:
|
||||
additionalProperties:
|
||||
type: string
|
||||
description: NodeSelector specifies a map of key-value pairs. For
|
||||
the pod to be eligible to run on a node, the node must have each
|
||||
of the indicated key-value pairs as labels.
|
||||
type: object
|
||||
resources:
|
||||
description: 'Deprecated: Resources are the resource requirements
|
||||
for the containers.'
|
||||
properties:
|
||||
limits:
|
||||
additionalProperties:
|
||||
anyOf:
|
||||
- type: integer
|
||||
- type: string
|
||||
pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$
|
||||
x-kubernetes-int-or-string: true
|
||||
description: 'Limits describes the maximum amount of compute resources
|
||||
allowed. More info: https://kubernetes.io/docs/concepts/configuration/manage-compute-resources-container/'
|
||||
type: object
|
||||
requests:
|
||||
additionalProperties:
|
||||
anyOf:
|
||||
- type: integer
|
||||
- type: string
|
||||
pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$
|
||||
x-kubernetes-int-or-string: true
|
||||
description: 'Requests describes the minimum amount of compute
|
||||
resources required. If Requests is omitted for a container,
|
||||
it defaults to Limits if that is explicitly specified, otherwise
|
||||
to an implementation-defined value. More info: https://kubernetes.io/docs/concepts/configuration/manage-compute-resources-container/'
|
||||
type: object
|
||||
type: object
|
||||
restoreNamespaces:
|
||||
description: 'Deprecated: RestoreNamespaces are the namespace where
|
||||
you want to restore your applications. Restore Namespaces depends
|
||||
on your k8s RBAC'
|
||||
items:
|
||||
type: string
|
||||
type: array
|
||||
tolerations:
|
||||
description: The toleration of application against the specific taints
|
||||
on the nodes
|
||||
items:
|
||||
description: The pod this Toleration is attached to tolerates any
|
||||
taint that matches the triple <key,value,effect> using the matching
|
||||
operator <operator>.
|
||||
properties:
|
||||
effect:
|
||||
description: Effect indicates the taint effect to match. Empty
|
||||
means match all taint effects. When specified, allowed values
|
||||
are NoSchedule, PreferNoSchedule and NoExecute.
|
||||
type: string
|
||||
key:
|
||||
description: Key is the taint key that the toleration applies
|
||||
to. Empty means match all taint keys. If the key is empty,
|
||||
operator must be Exists; this combination means to match all
|
||||
values and all keys.
|
||||
type: string
|
||||
operator:
|
||||
description: Operator represents a key's relationship to the
|
||||
value. Valid operators are Exists and Equal. Defaults to Equal.
|
||||
Exists is equivalent to wildcard for value, so that a pod
|
||||
can tolerate all taints of a particular category.
|
||||
type: string
|
||||
tolerationSeconds:
|
||||
description: TolerationSeconds represents the period of time
|
||||
the toleration (which must be of effect NoExecute, otherwise
|
||||
this field is ignored) tolerates the taint. By default, it
|
||||
is not set, which means tolerate the taint forever (do not
|
||||
evict). Zero and negative values will be treated as 0 (evict
|
||||
immediately) by the system.
|
||||
format: int64
|
||||
type: integer
|
||||
value:
|
||||
description: Value is the taint value the toleration matches
|
||||
to. If the operator is Exists, the value should be empty,
|
||||
otherwise just a regular string.
|
||||
type: string
|
||||
type: object
|
||||
type: array
|
||||
trilioVaultAppVersion:
|
||||
description: Helm Chart version
|
||||
type: string
|
||||
required:
|
||||
- applicationScope
|
||||
type: object
|
||||
status:
|
||||
description: TrilioVaultManagerStatus defines the observed state of TrilioVaultManager
|
||||
properties:
|
||||
conditions:
|
||||
properties:
|
||||
lastTransitionTime:
|
||||
format: date-time
|
||||
nullable: true
|
||||
type: string
|
||||
message:
|
||||
minLength: 0
|
||||
type: string
|
||||
reason:
|
||||
enum:
|
||||
- InstallSuccessful
|
||||
- UpdateSuccessful
|
||||
- UninstallSuccessful
|
||||
- InstallError
|
||||
- UpdateError
|
||||
- ReconcileError
|
||||
- UninstallError
|
||||
type: string
|
||||
status:
|
||||
enum:
|
||||
- "True"
|
||||
- "False"
|
||||
- Unknown
|
||||
type: string
|
||||
type:
|
||||
enum:
|
||||
- Initialized
|
||||
- Deployed
|
||||
- Updated
|
||||
- ReleaseFailed
|
||||
- Irreconcilable
|
||||
type: string
|
||||
type: object
|
||||
deployedRelease:
|
||||
properties:
|
||||
manifest:
|
||||
type: string
|
||||
name:
|
||||
type: string
|
||||
type: object
|
||||
releaseVersion:
|
||||
type: string
|
||||
required:
|
||||
- conditions
|
||||
type: object
|
||||
type: object
|
||||
served: true
|
||||
storage: true
|
||||
subresources:
|
||||
status: {}
|
||||
status:
|
||||
acceptedNames:
|
||||
kind: ""
|
||||
plural: ""
|
||||
conditions: []
|
||||
storedVersions: []
|
|
@ -0,0 +1,3 @@
|
|||
To verify that TrilioVault Operator has started, run:
|
||||
|
||||
kubectl --namespace={{ .Release.Namespace }} get deployments -l "release={{ .Release.Name }}"
|
|
@ -0,0 +1,54 @@
|
|||
{{/*
|
||||
Expand the name of the chart.
|
||||
*/}}
|
||||
{{- define "k8s-triliovault-operator.name" -}}
|
||||
{{- default .Release.Name .Values.nameOverride | trunc 63 | trimSuffix "-" -}}
|
||||
{{- end -}}
|
||||
|
||||
{{- define "k8s-triliovault-operator.appName" -}}
|
||||
{{- printf "%s" .Chart.Name -}}
|
||||
{{- end -}}
|
||||
|
||||
|
||||
{{/*
|
||||
Create a default fully qualified app name.
|
||||
We truncate at 63 chars because some Kubernetes name fields are limited to this (by the DNS naming spec).
|
||||
*/}}
|
||||
{{- define "k8s-triliovault-operator.fullname" -}}
|
||||
{{- if .Values.fullnameOverride -}}
|
||||
{{- .Values.fullnameOverride | trunc 63 | trimSuffix "-" -}}
|
||||
{{- else -}}
|
||||
{{- $name := default .Chart.Name .Values.nameOverride -}}
|
||||
{{- if contains $name .Release.Name -}}
|
||||
{{- .Release.Name | trunc 63 | trimSuffix "-" -}}
|
||||
{{- else -}}
|
||||
{{- printf "%s-%s" .Release.Name $name | trunc 63 | trimSuffix "-" -}}
|
||||
{{- end -}}
|
||||
{{- end -}}
|
||||
{{- end -}}
|
||||
|
||||
{{/*
|
||||
Return the proper TrilioVault Operator image name
|
||||
*/}}
|
||||
{{- define "k8s-triliovault-operator.image" -}}
|
||||
{{- $registryName := .Values.image.registry -}}
|
||||
{{- $repositoryName := .Values.image.repository -}}
|
||||
{{- $tag := .Values.image.tag | toString -}}
|
||||
{{- printf "%s/%s:%s" $registryName $repositoryName $tag -}}
|
||||
{{- end -}}
|
||||
|
||||
{{/*
|
||||
Validation of the secret of CA bundle if provided
|
||||
*/}}
|
||||
{{- define "k8s-triliovault-operator.caBundleValidation" -}}
|
||||
{{- if .Values.proxySettings.CA_BUNDLE_CONFIGMAP }}
|
||||
{{- if not (lookup "v1" "ConfigMap" .Release.Namespace .Values.proxySettings.CA_BUNDLE_CONFIGMAP) }}
|
||||
{{ fail "Proxy CA bundle proxy is not present in the release namespace" }}
|
||||
{{- else }}
|
||||
{{- $caMap := (lookup "v1" "ConfigMap" .Release.Namespace .Values.proxySettings.CA_BUNDLE_CONFIGMAP).data }}
|
||||
{{- if not (get $caMap "ca-bundle.crt") }}
|
||||
{{ fail "Proxy CA certificate file key should be ca-bundle.crt" }}
|
||||
{{- end }}
|
||||
{{- end }}
|
||||
{{- end }}
|
||||
{{- end -}}
|
|
@ -0,0 +1,125 @@
|
|||
---
|
||||
apiVersion: rbac.authorization.k8s.io/v1
|
||||
kind: ClusterRole
|
||||
metadata:
|
||||
name: {{template "k8s-triliovault-operator.name" .}}-{{.Release.Namespace}}-manager-role
|
||||
labels:
|
||||
app.kubernetes.io/part-of: {{ template "k8s-triliovault-operator.appName" . }}
|
||||
app.kubernetes.io/name: {{ template "k8s-triliovault-operator.appName" . }}
|
||||
app.kubernetes.io/instance: {{template "k8s-triliovault-operator.appName" .}}-manager-role
|
||||
app.kubernetes.io/managed-by: {{ .Release.Service }}
|
||||
rules:
|
||||
- apiGroups:
|
||||
- '*'
|
||||
resources:
|
||||
- '*'
|
||||
verbs:
|
||||
- get
|
||||
- list
|
||||
- watch
|
||||
- apiGroups:
|
||||
- apiextensions.k8s.io
|
||||
resources:
|
||||
- customresourcedefinitions
|
||||
verbs:
|
||||
- create
|
||||
- update
|
||||
- delete
|
||||
- patch
|
||||
- apiGroups:
|
||||
- ""
|
||||
resources:
|
||||
- serviceaccounts
|
||||
- services
|
||||
- services/finalizers
|
||||
- secrets
|
||||
- events
|
||||
- pods
|
||||
- endpoints
|
||||
- configmaps
|
||||
verbs:
|
||||
- create
|
||||
- update
|
||||
- delete
|
||||
- patch
|
||||
- apiGroups:
|
||||
- admissionregistration.k8s.io
|
||||
resources:
|
||||
- validatingwebhookconfigurations
|
||||
- mutatingwebhookconfigurations
|
||||
verbs:
|
||||
- create
|
||||
- update
|
||||
- delete
|
||||
- patch
|
||||
- apiGroups:
|
||||
- apps
|
||||
resources:
|
||||
- deployments
|
||||
verbs:
|
||||
- create
|
||||
- update
|
||||
- delete
|
||||
- patch
|
||||
- apiGroups:
|
||||
- rbac.authorization.k8s.io
|
||||
resources:
|
||||
- clusterroles
|
||||
- clusterrolebindings
|
||||
- roles
|
||||
- rolebindings
|
||||
verbs:
|
||||
- create
|
||||
- update
|
||||
- delete
|
||||
- patch
|
||||
- bind
|
||||
- escalate
|
||||
- apiGroups:
|
||||
- triliovault.trilio.io
|
||||
resources:
|
||||
- '*'
|
||||
verbs:
|
||||
- '*'
|
||||
- apiGroups:
|
||||
- ""
|
||||
resources:
|
||||
- namespaces
|
||||
verbs:
|
||||
- update
|
||||
- apiGroups:
|
||||
- batch
|
||||
resources:
|
||||
- cronjobs
|
||||
verbs:
|
||||
- delete
|
||||
- apiGroups:
|
||||
- policy
|
||||
resources:
|
||||
- poddisruptionbudgets
|
||||
verbs:
|
||||
- create
|
||||
- update
|
||||
- patch
|
||||
- delete
|
||||
- apiGroups:
|
||||
- networking.k8s.io
|
||||
resources:
|
||||
- ingresses
|
||||
verbs:
|
||||
- create
|
||||
- patch
|
||||
- update
|
||||
- delete
|
||||
- apiGroups:
|
||||
- networking.k8s.io
|
||||
resources:
|
||||
- ingresses/status
|
||||
verbs:
|
||||
- update
|
||||
- apiGroups:
|
||||
- networking.k8s.io
|
||||
resources:
|
||||
- ingressclasses
|
||||
verbs:
|
||||
- delete
|
|
@ -0,0 +1,17 @@
|
|||
apiVersion: rbac.authorization.k8s.io/v1
|
||||
kind: ClusterRoleBinding
|
||||
metadata:
|
||||
name: {{ template "k8s-triliovault-operator.name" . }}-{{ .Release.Namespace }}-manager-rolebinding
|
||||
labels:
|
||||
app.kubernetes.io/part-of: {{ template "k8s-triliovault-operator.appName" . }}
|
||||
app.kubernetes.io/name: {{ template "k8s-triliovault-operator.appName" . }}
|
||||
app.kubernetes.io/instance: {{ template "k8s-triliovault-operator.appName" . }}-manager-rolebinding
|
||||
app.kubernetes.io/managed-by: {{ .Release.Service }}
|
||||
roleRef:
|
||||
apiGroup: rbac.authorization.k8s.io
|
||||
kind: ClusterRole
|
||||
name: {{ template "k8s-triliovault-operator.name" . }}-{{ .Release.Namespace }}-manager-role
|
||||
subjects:
|
||||
- kind: ServiceAccount
|
||||
name: {{ template "k8s-triliovault-operator.fullname" . }}-service-account
|
||||
namespace: {{ .Release.Namespace }}
|
|
@ -0,0 +1,182 @@
|
|||
apiVersion: apps/v1
|
||||
kind: Deployment
|
||||
metadata:
|
||||
name: {{ template "k8s-triliovault-operator.fullname" . }}
|
||||
namespace: {{ .Release.Namespace }}
|
||||
labels:
|
||||
app: {{ template "k8s-triliovault-operator.fullname" . }}
|
||||
release: "{{ .Release.Name }}"
|
||||
app.kubernetes.io/part-of: {{ template "k8s-triliovault-operator.appName" . }}
|
||||
app.kubernetes.io/name: {{ template "k8s-triliovault-operator.appName" . }}
|
||||
app.kubernetes.io/instance: {{ template "k8s-triliovault-operator.appName" . }}
|
||||
app.kubernetes.io/managed-by: {{ .Release.Service }}
|
||||
spec:
|
||||
strategy:
|
||||
type: RollingUpdate
|
||||
rollingUpdate:
|
||||
maxSurge: 25%
|
||||
maxUnavailable: 25%
|
||||
selector:
|
||||
matchLabels:
|
||||
app: {{ template "k8s-triliovault-operator.fullname" . }}
|
||||
release: "{{ .Release.Name }}"
|
||||
replicas: {{ .Values.replicaCount }}
|
||||
template:
|
||||
metadata:
|
||||
labels:
|
||||
app: {{ template "k8s-triliovault-operator.fullname" . }}
|
||||
release: "{{ .Release.Name }}"
|
||||
app.kubernetes.io/part-of: {{ template "k8s-triliovault-operator.appName" . }}
|
||||
app.kubernetes.io/name: {{ template "k8s-triliovault-operator.appName" . }}
|
||||
app.kubernetes.io/instance: {{ template "k8s-triliovault-operator.appName" . }}
|
||||
app.kubernetes.io/managed-by: {{ .Release.Service }}
|
||||
spec:
|
||||
hostNetwork: {{ .Values.podSpec.hostNetwork }}
|
||||
hostIPC: {{ .Values.podSpec.hostIPC }}
|
||||
hostPID: {{ .Values.podSpec.hostPID }}
|
||||
{{- if .Values.securityContext }}
|
||||
securityContext:
|
||||
{{- toYaml .Values.podSpec.securityContext | nindent 8 }}
|
||||
{{- end }}
|
||||
containers:
|
||||
- name: k8s-triliovault-operator
|
||||
image: {{ .Values.registry }}/{{ index .Values "k8s-triliovault-operator" "repository" }}:{{ .Values.tag }}
|
||||
imagePullPolicy: {{ .Values.image.pullPolicy | quote }}
|
||||
{{- if .Values.proxySettings.PROXY_ENABLED }}
|
||||
envFrom:
|
||||
- secretRef:
|
||||
name: {{ template "k8s-triliovault-operator.fullname" . }}-proxy
|
||||
{{- end }}
|
||||
env:
|
||||
{{- if .Values.proxySettings.PROXY_ENABLED }}
|
||||
- name: PROXY_SETTINGS_SECRET
|
||||
value: {{ template "k8s-triliovault-operator.fullname" . }}-proxy
|
||||
{{- if .Values.proxySettings.CA_BUNDLE_CONFIGMAP }}
|
||||
- name: PROXY_CA_CONFIGMAP
|
||||
value: {{ .Values.proxySettings.CA_BUNDLE_CONFIGMAP }}
|
||||
{{- end }}
|
||||
{{- end }}
|
||||
{{- if .Values.tvkEnv }}
|
||||
- name: TVK_ENV
|
||||
value: {{ .Values.tvkEnv }}
|
||||
{{- end}}
|
||||
{{- if .Values.tvkHelmRepo }}
|
||||
- name: TVK_HELM_REPO
|
||||
value: {{ .Values.tvkHelmRepo }}
|
||||
{{- end }}
|
||||
- name: INSTALL_NAMESPACE
|
||||
value: {{ .Release.Namespace }}
|
||||
- name: REGISTRY
|
||||
value: {{ .Values.registry }}
|
||||
- name: ADMISSION_MUTATION_CONFIG
|
||||
value: {{ template "k8s-triliovault-operator.name" . }}-mutating-webhook-configuration
|
||||
- name: ADMISSION_VALIDATION_CONFIG
|
||||
value: {{ template "k8s-triliovault-operator.name" . }}-validating-webhook-configuration
|
||||
- name: NAMESPACE_VALIDATION_CONFIG
|
||||
value: {{ template "k8s-triliovault-operator.name" . }}-ns-validating-webhook-configuration
|
||||
volumeMounts:
|
||||
{{- if and .Values.proxySettings.PROXY_ENABLED .Values.proxySettings.CA_BUNDLE_CONFIGMAP }}
|
||||
- name: proxy-ca-cert
|
||||
mountPath: /proxy-certs
|
||||
readOnly: true
|
||||
{{- end }}
|
||||
{{- if .Values.tls.enable }}
|
||||
- name: helm-tls-certs
|
||||
mountPath: /root/.helm
|
||||
readOnly: true
|
||||
{{- if .Values.tls.verify }}
|
||||
- name: helm-tls-ca
|
||||
mountPath: /root/.helm/ca.crt
|
||||
readOnly: true
|
||||
{{- end }}
|
||||
{{- end }}
|
||||
- mountPath: /tmp/k8s-webhook-server/serving-certs
|
||||
name: webhook-certs
|
||||
readOnly: true
|
||||
{{- if .Values.securityContext }}
|
||||
securityContext:
|
||||
{{- toYaml .Values.securityContext | nindent 12 }}
|
||||
{{- end }}
|
||||
resources:
|
||||
limits:
|
||||
cpu: 200m
|
||||
memory: 512Mi
|
||||
requests:
|
||||
cpu: 10m
|
||||
memory: 10Mi
|
||||
initContainers:
|
||||
- name: webhook-init
|
||||
image: {{ .Values.registry }}/{{ index .Values "operator-webhook-init" "repository" }}:{{ .Values.tag }}
|
||||
imagePullPolicy: {{ .Values.image.pullPolicy | quote }}
|
||||
{{- if .Values.securityContext }}
|
||||
securityContext:
|
||||
{{- toYaml .Values.securityContext | nindent 12 }}
|
||||
{{- end }}
|
||||
{{- if .Values.proxySettings.PROXY_ENABLED }}
|
||||
envFrom:
|
||||
- secretRef:
|
||||
name: {{ template "k8s-triliovault-operator.fullname" . }}-proxy
|
||||
{{- end }}
|
||||
env:
|
||||
{{- if .Values.proxySettings.PROXY_ENABLED }}
|
||||
- name: PROXY_SETTINGS_SECRET
|
||||
value: {{ template "k8s-triliovault-operator.fullname" . }}-proxy
|
||||
{{- if .Values.proxySettings.CA_BUNDLE_CONFIGMAP }}
|
||||
- name: PROXY_CA_CONFIGMAP
|
||||
value: {{ .Values.proxySettings.CA_BUNDLE_CONFIGMAP }}
|
||||
{{- end }}
|
||||
{{- end }}
|
||||
- name: TVK_ENV
|
||||
value: {{ .Values.tvkEnv }}
|
||||
- name: TVK_HELM_REPO
|
||||
value: {{ .Values.tvkHelmRepo }}
|
||||
- name: RELEASE_VERSION
|
||||
value: {{ .Chart.AppVersion }}
|
||||
- name: ADMISSION_MUTATION_CONFIG
|
||||
value: {{ template "k8s-triliovault-operator.name" . }}-mutating-webhook-configuration
|
||||
- name: ADMISSION_VALIDATION_CONFIG
|
||||
value: {{ template "k8s-triliovault-operator.name" . }}-validating-webhook-configuration
|
||||
- name: NAMESPACE_VALIDATION_CONFIG
|
||||
value: {{ template "k8s-triliovault-operator.name" . }}-ns-validating-webhook-configuration
|
||||
- name: WEBHOOK_SERVICE
|
||||
value: {{ template "k8s-triliovault-operator.fullname" . }}-webhook-service
|
||||
- name: WEBHOOK_NAMESPACE
|
||||
value: {{ .Release.Namespace }}
|
||||
- name: SECRET_NAME
|
||||
value: {{ template "k8s-triliovault-operator.fullname" . }}-webhook-certs
|
||||
{{- if and .Values.proxySettings.PROXY_ENABLED .Values.proxySettings.CA_BUNDLE_CONFIGMAP }}
|
||||
volumeMounts:
|
||||
- name: proxy-ca-cert
|
||||
mountPath: /proxy-certs
|
||||
readOnly: true
|
||||
{{- end }}
|
||||
serviceAccountName: {{ template "k8s-triliovault-operator.fullname" . }}-service-account
|
||||
{{- if .Values.nodeSelector }}
|
||||
nodeSelector: {{- .Values.nodeSelector | toYaml | nindent 8 }}
|
||||
{{- end }}
|
||||
{{- if .Values.affinity }}
|
||||
affinity:
|
||||
{{- toYaml .Values.affinity | nindent 8 }}
|
||||
{{- end }}
|
||||
volumes:
|
||||
{{- if and .Values.proxySettings.PROXY_ENABLED .Values.proxySettings.CA_BUNDLE_CONFIGMAP }}
|
||||
- name: proxy-ca-cert
|
||||
configMap:
|
||||
name: {{ .Values.proxySettings.CA_BUNDLE_CONFIGMAP }}
|
||||
{{- end }}
|
||||
{{- if .Values.tls.enable }}
|
||||
- name: helm-tls-certs
|
||||
secret:
|
||||
secretName: {{ .Values.tls.secretName }}
|
||||
defaultMode: 0400
|
||||
{{- if .Values.tls.verify }}
|
||||
- name: helm-tls-ca
|
||||
configMap:
|
||||
name: {{ template "helm-operator.fullname" . }}-helm-tls-ca-config
|
||||
defaultMode: 0600
|
||||
{{- end }}
|
||||
{{- end }}
|
||||
- name: webhook-certs
|
||||
secret:
|
||||
defaultMode: 420
|
||||
secretName: {{ template "k8s-triliovault-operator.fullname" . }}-webhook-certs
|
|
@ -0,0 +1,31 @@
|
|||
apiVersion: admissionregistration.k8s.io/v1
|
||||
kind: MutatingWebhookConfiguration
|
||||
metadata:
|
||||
name: {{ template "k8s-triliovault-operator.name" . }}-mutating-webhook-configuration
|
||||
labels:
|
||||
app.kubernetes.io/part-of: {{ template "k8s-triliovault-operator.appName" . }}
|
||||
app.kubernetes.io/name: {{ template "k8s-triliovault-operator.appName" . }}
|
||||
app.kubernetes.io/instance: {{ template "k8s-triliovault-operator.appName" . }}-mutating-webhook-configuration
|
||||
app.kubernetes.io/managed-by: {{ .Release.Service }}
|
||||
webhooks:
|
||||
- clientConfig:
|
||||
caBundle: Cg==
|
||||
service:
|
||||
name: {{ template "k8s-triliovault-operator.fullname" . }}-webhook-service
|
||||
namespace: {{ .Release.Namespace }}
|
||||
path: /mutate-triliovault-trilio-io-v1-triliovaultmanager
|
||||
failurePolicy: Fail
|
||||
name: v1-tvm-mutation.trilio.io
|
||||
rules:
|
||||
- apiGroups:
|
||||
- triliovault.trilio.io
|
||||
apiVersions:
|
||||
- v1
|
||||
operations:
|
||||
- CREATE
|
||||
- UPDATE
|
||||
resources:
|
||||
- triliovaultmanagers
|
||||
sideEffects: None
|
||||
admissionReviewVersions:
|
||||
- v1
|
|
@ -0,0 +1,37 @@
|
|||
apiVersion: admissionregistration.k8s.io/v1
|
||||
kind: ValidatingWebhookConfiguration
|
||||
metadata:
|
||||
name: {{ template "k8s-triliovault-operator.name" . }}-ns-validating-webhook-configuration
|
||||
labels:
|
||||
app.kubernetes.io/part-of: {{ template "k8s-triliovault-operator.appName" . }}
|
||||
app.kubernetes.io/name: {{ template "k8s-triliovault-operator.appName" . }}
|
||||
app.kubernetes.io/instance: {{ template "k8s-triliovault-operator.appName" . }}-ns-validating-webhook-configuration
|
||||
app.kubernetes.io/managed-by: {{ .Release.Service }}
|
||||
webhooks:
|
||||
- clientConfig:
|
||||
caBundle: Cg==
|
||||
service:
|
||||
name: {{ template "k8s-triliovault-operator.fullname" . }}-webhook-service
|
||||
namespace: {{ .Release.Namespace }}
|
||||
path: /validate-core-v1-namespace
|
||||
failurePolicy: Fail
|
||||
name: v1-tvm-ns-validation.trilio.io
|
||||
namespaceSelector:
|
||||
matchExpressions:
|
||||
- key: trilio-operator-label
|
||||
operator: In
|
||||
values:
|
||||
- {{ .Release.Namespace }}
|
||||
rules:
|
||||
- apiGroups:
|
||||
- ""
|
||||
apiVersions:
|
||||
- v1
|
||||
operations:
|
||||
- DELETE
|
||||
resources:
|
||||
- namespaces
|
||||
scope: '*'
|
||||
sideEffects: None
|
||||
admissionReviewVersions:
|
||||
- v1
|
|
@ -0,0 +1,19 @@
|
|||
{{- if .Values.proxySettings.PROXY_ENABLED }}
|
||||
{{ template "k8s-triliovault-operator.caBundleValidation" . }}
|
||||
apiVersion: v1
|
||||
kind: Secret
|
||||
metadata:
|
||||
name: {{ template "k8s-triliovault-operator.fullname" . }}-proxy
|
||||
namespace: {{ .Release.Namespace }}
|
||||
labels:
|
||||
app.kubernetes.io/part-of: {{ template "k8s-triliovault-operator.appName" . }}
|
||||
app.kubernetes.io/name: {{ template "k8s-triliovault-operator.appName" . }}
|
||||
app.kubernetes.io/instance: {{ template "k8s-triliovault-operator.appName" . }}-proxy
|
||||
app.kubernetes.io/managed-by: {{ .Release.Service }}
|
||||
data:
|
||||
{{- range $key, $val := .Values.proxySettings }}
|
||||
{{ $val = $val| toString | b64enc }}
|
||||
{{ $key }}: {{ $val }}
|
||||
{{- end }}
|
||||
type: Opaque
|
||||
{{- end }}
|
|
@ -0,0 +1,11 @@
|
|||
apiVersion: v1
|
||||
kind: Secret
|
||||
metadata:
|
||||
name: {{ template "k8s-triliovault-operator.fullname" . }}-webhook-certs
|
||||
namespace: {{ .Release.Namespace }}
|
||||
labels:
|
||||
app.kubernetes.io/part-of: {{ template "k8s-triliovault-operator.appName" . }}
|
||||
app.kubernetes.io/name: {{ template "k8s-triliovault-operator.appName" . }}
|
||||
app.kubernetes.io/instance: {{ template "k8s-triliovault-operator.appName" . }}-webhook-certs
|
||||
app.kubernetes.io/managed-by: {{ .Release.Service }}
|
||||
type: Opaque
|
|
@ -0,0 +1,10 @@
|
|||
apiVersion: v1
|
||||
kind: ServiceAccount
|
||||
metadata:
|
||||
name: {{ template "k8s-triliovault-operator.fullname" . }}-service-account
|
||||
namespace: {{ .Release.Namespace }}
|
||||
labels:
|
||||
app.kubernetes.io/part-of: {{ template "k8s-triliovault-operator.appName" . }}
|
||||
app.kubernetes.io/name: {{ template "k8s-triliovault-operator.appName" . }}
|
||||
app.kubernetes.io/instance: {{ template "k8s-triliovault-operator.appName" . }}-service-account
|
||||
app.kubernetes.io/managed-by: {{ .Release.Service }}
|
|
@ -0,0 +1,31 @@
|
|||
apiVersion: admissionregistration.k8s.io/v1
|
||||
kind: ValidatingWebhookConfiguration
|
||||
metadata:
|
||||
name: {{ template "k8s-triliovault-operator.name" . }}-validating-webhook-configuration
|
||||
labels:
|
||||
app.kubernetes.io/part-of: {{ template "k8s-triliovault-operator.appName" . }}
|
||||
app.kubernetes.io/name: {{ template "k8s-triliovault-operator.appName" . }}
|
||||
app.kubernetes.io/instance: {{ template "k8s-triliovault-operator.appName" . }}-validating-webhook-configuration
|
||||
app.kubernetes.io/managed-by: {{ .Release.Service }}
|
||||
webhooks:
|
||||
- clientConfig:
|
||||
caBundle: Cg==
|
||||
service:
|
||||
name: {{ template "k8s-triliovault-operator.fullname" . }}-webhook-service
|
||||
namespace: {{ .Release.Namespace }}
|
||||
path: /validate-triliovault-trilio-io-v1-triliovaultmanager
|
||||
failurePolicy: Fail
|
||||
name: v1-tvm-validation.trilio.io
|
||||
rules:
|
||||
- apiGroups:
|
||||
- triliovault.trilio.io
|
||||
apiVersions:
|
||||
- v1
|
||||
operations:
|
||||
- CREATE
|
||||
- UPDATE
|
||||
resources:
|
||||
- triliovaultmanagers
|
||||
sideEffects: None
|
||||
admissionReviewVersions:
|
||||
- v1
|
|
@ -0,0 +1,19 @@
|
|||
apiVersion: v1
|
||||
kind: Service
|
||||
metadata:
|
||||
name: {{ template "k8s-triliovault-operator.fullname" . }}-webhook-service
|
||||
namespace: {{ .Release.Namespace }}
|
||||
labels:
|
||||
app: {{ template "k8s-triliovault-operator.fullname" . }}
|
||||
release: "{{ .Release.Name }}"
|
||||
app.kubernetes.io/part-of: {{ template "k8s-triliovault-operator.appName" . }}
|
||||
app.kubernetes.io/name: {{ template "k8s-triliovault-operator.appName" . }}
|
||||
app.kubernetes.io/instance: {{ template "k8s-triliovault-operator.appName" . }}-webhook-service
|
||||
app.kubernetes.io/managed-by: {{ .Release.Service }}
|
||||
spec:
|
||||
ports:
|
||||
- port: 443
|
||||
targetPort: 9443
|
||||
selector:
|
||||
app: {{ template "k8s-triliovault-operator.fullname" . }}
|
||||
release: "{{ .Release.Name }}"
|
|
@ -0,0 +1,62 @@
|
|||
## TrilioVault Operator
|
||||
registry: "eu.gcr.io/amazing-chalice-243510"
|
||||
|
||||
operator-webhook-init:
|
||||
repository: operator-webhook-init
|
||||
|
||||
k8s-triliovault-operator:
|
||||
repository: k8s-triliovault-operator
|
||||
|
||||
tag: "2.6.4"
|
||||
|
||||
tvkHelmRepo: ""
|
||||
|
||||
affinity:
|
||||
nodeAffinity:
|
||||
requiredDuringSchedulingIgnoredDuringExecution:
|
||||
nodeSelectorTerms:
|
||||
- matchExpressions:
|
||||
- key: kubernetes.io/arch
|
||||
operator: In
|
||||
values:
|
||||
- amd64
|
||||
|
||||
image:
|
||||
pullPolicy: Always
|
||||
tls:
|
||||
secretName: "helm-client-certs"
|
||||
verify: false
|
||||
enable: false
|
||||
keyFile: "tls.key"
|
||||
certFile: "tls.crt"
|
||||
caContent: ""
|
||||
hostname: ""
|
||||
|
||||
nameOverride: ""
|
||||
|
||||
replicaCount: 1
|
||||
|
||||
proxySettings:
|
||||
PROXY_ENABLED: false
|
||||
NO_PROXY: ""
|
||||
HTTP_PROXY: ""
|
||||
HTTPS_PROXY: ""
|
||||
CA_BUNDLE_CONFIGMAP: ""
|
||||
|
||||
podSpec:
|
||||
hostIPC: false
|
||||
hostNetwork: false
|
||||
hostPID: false
|
||||
securityContext:
|
||||
runAsNonRoot: true
|
||||
runAsUser: 1001
|
||||
|
||||
securityContext:
|
||||
allowPrivilegeEscalation: false
|
||||
privileged: false
|
||||
readOnlyRootFilesystem: false
|
||||
runAsNonRoot: true
|
||||
runAsUser: 1001
|
||||
capabilities:
|
||||
drop:
|
||||
- ALL
|
22
index.yaml
22
index.yaml
|
@ -1815,6 +1815,28 @@ entries:
|
|||
- assets/instana-agent/instana-agent-1.0.2900.tgz
|
||||
version: 1.0.2900
|
||||
k8s-triliovault-operator:
|
||||
- annotations:
|
||||
catalog.cattle.io/certified: partner
|
||||
catalog.cattle.io/display-name: TrilioVault for Kubernetes Operator
|
||||
catalog.cattle.io/release-name: k8s-triliovault-operator
|
||||
apiVersion: v1
|
||||
appVersion: 2.6.4
|
||||
created: "2021-12-24T09:14:40.117189869Z"
|
||||
description: K8s-TrilioVault-Operator is an operator designed to manage the K8s-TrilioVault
|
||||
Application Lifecycle.
|
||||
digest: 18bdfd0abe13e97e9443e5b537c49e5c42d2bc1c72cce6d72d51571d91989b57
|
||||
home: https://github.com/trilioData/k8s-triliovault-operator
|
||||
icon: https://www.trilio.io/wp-content/uploads/2021/01/Trilio-2020-logo-RGB-gray-green.png
|
||||
kubeVersion: 1.18-1.22
|
||||
maintainers:
|
||||
- email: prafull.ladha@trilio.io
|
||||
name: prafull11
|
||||
name: k8s-triliovault-operator
|
||||
sources:
|
||||
- https://github.com/trilioData/k8s-triliovault-operator
|
||||
urls:
|
||||
- assets/k8s-triliovault-operator/k8s-triliovault-operator-2.6.400.tgz
|
||||
version: 2.6.400
|
||||
- annotations:
|
||||
catalog.cattle.io/certified: partner
|
||||
catalog.cattle.io/display-name: TrilioVault for Kubernetes Operator
|
||||
|
|
Loading…
Reference in New Issue