andata
/
rancher-partner-charts
mirror of https://git.rancher.io/partner-charts
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

Merge pull request #750 from nflondo/main-source 

Charts CI
pull/752/head
alex-isv 2023-05-04 13:10:20 -06:00 committed by GitHub
parent 0dff543df2 299608e4e9
commit fd94804c35
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
52 changed files with 2003 additions and 17022 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

BIN
assets/bitnami/airflow-14.1.2.tgz Normal file
View File

Binary file not shown.

BIN
assets/bitnami/kafka-22.0.2.tgz Normal file
View File

Binary file not shown.

BIN
assets/dell/csi-isilon-2.6.1.tgz Normal file
View File

Binary file not shown.

BIN
assets/kong/kong-2.20.1.tgz Normal file
View File

Binary file not shown.

BIN
assets/percona/psmdb-db-1.14.3.tgz Normal file
View File

Binary file not shown.

BIN
assets/percona/pxc-db-1.12.2.tgz Normal file
View File

Binary file not shown.

BIN
assets/pixie/pixie-operator-chart-0.1.1.tgz
View File

Binary file not shown.

BIN
assets/trilio/k8s-triliovault-operator-3.1.0.tgz Normal file
View File

Binary file not shown.

6
charts/bitnami/airflow/Chart.lock
View File

@ -7,6 +7,6 @@ dependencies:
version: 12.4.2
- name: common
repository: oci://registry-1.docker.io/bitnamicharts
version: 2.2.4
digest: sha256:5f54e23119e6c659025f771732c257d59adc3332e6a2b2c52a86da5b90aed833
generated: "2023-04-30T05:53:13.195480832Z"
version: 2.2.5
digest: sha256:2e66cac7c89a1c48c71aad455cc484c37c6eb7793c03135c7f6105b0f3bf10b8
generated: "2023-05-03T15:53:54.20666706Z"

4
charts/bitnami/airflow/Chart.yaml
View File

@ -6,7 +6,7 @@ annotations:
category: WorkFlow
licenses: Apache-2.0
apiVersion: v2
appVersion: 2.5.3
appVersion: 2.6.0
dependencies:
- condition: redis.enabled
name: redis
@ -38,4 +38,4 @@ name: airflow
sources:
- https://github.com/bitnami/containers/tree/main/bitnami/airflow
- https://airflow.apache.org/
version: 14.1.1
version: 14.1.2

12
charts/bitnami/airflow/README.md
View File

@ -88,7 +88,7 @@ The command removes all the Kubernetes components associated with the chart and
| `dags.existingConfigmap` | Name of an existing ConfigMap with all the DAGs files you want to load in Airflow | `""` |
| `dags.image.registry` | Init container load-dags image registry | `docker.io` |
| `dags.image.repository` | Init container load-dags image repository | `bitnami/bitnami-shell` |
| `dags.image.tag` | Init container load-dags image tag (immutable tags are recommended) | `11-debian-11-r111` |
| `dags.image.tag` | Init container load-dags image tag (immutable tags are recommended) | `11-debian-11-r112` |
| `dags.image.digest` | Init container load-dags image digest in the way sha256:aa.... Please note this parameter, if set, will override the tag | `""` |
| `dags.image.pullPolicy` | Init container load-dags image pull policy | `IfNotPresent` |
| `dags.image.pullSecrets` | Init container load-dags image pull secrets | `[]` |
@ -107,7 +107,7 @@ The command removes all the Kubernetes components associated with the chart and
| ------------------------------------------- | ------------------------------------------------------------------------------------------------------------------------ | -------------------- |
| `web.image.registry` | Airflow image registry | `docker.io` |
| `web.image.repository` | Airflow image repository | `bitnami/airflow` |
| `web.image.tag` | Airflow image tag (immutable tags are recommended) | `2.5.3-debian-11-r9` |
| `web.image.tag` | Airflow image tag (immutable tags are recommended) | `2.6.0-debian-11-r1` |
| `web.image.digest` | Airflow image digest in the way sha256:aa.... Please note this parameter, if set, will override the tag | `""` |
| `web.image.pullPolicy` | Airflow image pull policy | `IfNotPresent` |
| `web.image.pullSecrets` | Airflow image pull secrets | `[]` |
@ -182,7 +182,7 @@ The command removes all the Kubernetes components associated with the chart and
| ------------------------------------------------- | ------------------------------------------------------------------------------------------------------------------------ | --------------------------- |
| `scheduler.image.registry` | Airflow Scheduler image registry | `docker.io` |
| `scheduler.image.repository` | Airflow Scheduler image repository | `bitnami/airflow-scheduler` |
| `scheduler.image.tag` | Airflow Scheduler image tag (immutable tags are recommended) | `2.5.3-debian-11-r8` |
| `scheduler.image.tag` | Airflow Scheduler image tag (immutable tags are recommended) | `2.6.0-debian-11-r0` |
| `scheduler.image.digest` | Airflow Schefuler image digest in the way sha256:aa.... Please note this parameter, if set, will override the tag | `""` |
| `scheduler.image.pullPolicy` | Airflow Scheduler image pull policy | `IfNotPresent` |
| `scheduler.image.pullSecrets` | Airflow Scheduler image pull secrets | `[]` |
@ -236,7 +236,7 @@ The command removes all the Kubernetes components associated with the chart and
| ---------------------------------------------- | ------------------------------------------------------------------------------------------------------------------------ | ------------------------ |
| `worker.image.registry` | Airflow Worker image registry | `docker.io` |
| `worker.image.repository` | Airflow Worker image repository | `bitnami/airflow-worker` |
| `worker.image.tag` | Airflow Worker image tag (immutable tags are recommended) | `2.5.3-debian-11-r8` |
| `worker.image.tag` | Airflow Worker image tag (immutable tags are recommended) | `2.6.0-debian-11-r0` |
| `worker.image.digest` | Airflow Worker image digest in the way sha256:aa.... Please note this parameter, if set, will override the tag | `""` |
| `worker.image.pullPolicy` | Airflow Worker image pull policy | `IfNotPresent` |
| `worker.image.pullSecrets` | Airflow Worker image pull secrets | `[]` |
@ -316,7 +316,7 @@ The command removes all the Kubernetes components associated with the chart and
| ------------------------------ | --------------------------------------------------------------------------------------------------- | --------------------- |
| `git.image.registry` | Git image registry | `docker.io` |
| `git.image.repository` | Git image repository | `bitnami/git` |
| `git.image.tag` | Git image tag (immutable tags are recommended) | `2.40.1-debian-11-r1` |
| `git.image.tag` | Git image tag (immutable tags are recommended) | `2.40.1-debian-11-r2` |
| `git.image.digest` | Git image digest in the way sha256:aa.... Please note this parameter, if set, will override the tag | `""` |
| `git.image.pullPolicy` | Git image pull policy | `IfNotPresent` |
| `git.image.pullSecrets` | Git image pull secrets | `[]` |
@ -408,7 +408,7 @@ The command removes all the Kubernetes components associated with the chart and
| `metrics.enabled` | Whether or not to create a standalone Airflow exporter to expose Airflow metrics | `false` |
| `metrics.image.registry` | Airflow exporter image registry | `docker.io` |
| `metrics.image.repository` | Airflow exporter image repository | `bitnami/airflow-exporter` |
| `metrics.image.tag` | Airflow exporter image tag (immutable tags are recommended) | `0.20220314.0-debian-11-r115` |
| `metrics.image.tag` | Airflow exporter image tag (immutable tags are recommended) | `0.20220314.0-debian-11-r116` |
| `metrics.image.digest` | Airflow exporter image digest in the way sha256:aa.... Please note this parameter, if set, will override the tag | `""` |
| `metrics.image.pullPolicy` | Airflow exporter image pull policy | `IfNotPresent` |
| `metrics.image.pullSecrets` | Airflow exporter image pull secrets | `[]` |

4
charts/bitnami/airflow/charts/common/Chart.yaml
View File

@ -2,7 +2,7 @@ annotations:
category: Infrastructure
licenses: Apache-2.0
apiVersion: v2
appVersion: 2.2.4
appVersion: 2.2.5
description: A Library Helm Chart for grouping common logic between bitnami charts.
This chart is not deployable by itself.
home: https://github.com/bitnami/charts/tree/main/bitnami/common
@ -21,4 +21,4 @@ sources:
- https://github.com/bitnami/charts
- https://www.bitnami.com/
type: library
version: 2.2.4
version: 2.2.5

4
charts/bitnami/airflow/charts/common/README.md
View File

@ -1,6 +1,6 @@
# Bitnami Common Library Chart
A [Helm Library Chart](https://helm.sh/docs/topics/library_charts/#helm) for grouping common logic between bitnami charts.
A [Helm Library Chart](https://helm.sh/docs/topics/library_charts/#helm) for grouping common logic between Bitnami charts.
## TL;DR
@ -8,7 +8,7 @@ A [Helm Library Chart](https://helm.sh/docs/topics/library_charts/#helm) for gro
dependencies:
- name: common
version: 1.x.x
repository: https://charts.bitnami.com/bitnami
repository: oci://registry-1.docker.io/bitnamicharts
```
```console

12
charts/bitnami/airflow/values.yaml
View File

@ -118,7 +118,7 @@ dags:
image:
registry: docker.io
repository: bitnami/bitnami-shell
tag: 11-debian-11-r111
tag: 11-debian-11-r112
digest: ""
pullPolicy: IfNotPresent
## Optionally specify an array of imagePullSecrets.
@ -185,7 +185,7 @@ web:
image:
registry: docker.io
repository: bitnami/airflow
tag: 2.5.3-debian-11-r9
tag: 2.6.0-debian-11-r1
digest: ""
## Specify a imagePullPolicy
## Defaults to 'Always' if image tag is 'latest', else set to 'IfNotPresent'
@ -443,7 +443,7 @@ scheduler:
image:
registry: docker.io
repository: bitnami/airflow-scheduler
tag: 2.5.3-debian-11-r8
tag: 2.6.0-debian-11-r0
digest: ""
## Specify a imagePullPolicy
## Defaults to 'Always' if image tag is 'latest', else set to 'IfNotPresent'
@ -647,7 +647,7 @@ worker:
image:
registry: docker.io
repository: bitnami/airflow-worker
tag: 2.5.3-debian-11-r8
tag: 2.6.0-debian-11-r0
digest: ""
## Specify a imagePullPolicy
## Defaults to 'Always' if image tag is 'latest', else set to 'IfNotPresent'
@ -920,7 +920,7 @@ git:
image:
registry: docker.io
repository: bitnami/git
tag: 2.40.1-debian-11-r1
tag: 2.40.1-debian-11-r2
digest: ""
## Specify a imagePullPolicy
## Defaults to 'Always' if image tag is 'latest', else set to 'IfNotPresent'
@ -1283,7 +1283,7 @@ metrics:
image:
registry: docker.io
repository: bitnami/airflow-exporter
tag: 0.20220314.0-debian-11-r115
tag: 0.20220314.0-debian-11-r116
digest: ""
pullPolicy: IfNotPresent
## Optionally specify an array of imagePullSecrets.

2
charts/bitnami/kafka/Chart.yaml
View File

@ -35,4 +35,4 @@ name: kafka
sources:
- https://github.com/bitnami/containers/tree/main/bitnami/kafka
- https://kafka.apache.org/
version: 22.0.1
version: 22.0.2

2
charts/bitnami/kafka/templates/scripts-configmap.yaml
View File

@ -93,7 +93,7 @@ data:
fi
fi
if [[ $KAFKA_CFG_PROCESS_ROLES == *"controller"* ]]; then
if [[ $KAFKA_CFG_PROCESS_ROLES == *"controller"* && -z $KAFKA_CFG_CONTROLLER_QUORUM_VOTERS ]]; then
node_id={{ .Values.minId }}
pod_id=0
while :

21
charts/dell/csi-isilon/Chart.yaml Normal file
View File

@ -0,0 +1,21 @@
annotations:
catalog.cattle.io/certified: partner
catalog.cattle.io/display-name: Dell CSI PowerScale
catalog.cattle.io/kube-version: '>= 1.21.0 < 1.27.0'
catalog.cattle.io/release-name: isilon
apiVersion: v1
appVersion: 2.6.1
description: 'PowerScale CSI (Container Storage Interface) driver Kubernetes integration.
This chart includes everything required to provision via CSI as well as an Isilon
StorageClass. '
icon: https://partner-charts.rancher.io/assets/logos/dell.png
keywords:
- csi
- storage
kubeVersion: '>= 1.21.0 < 1.27.0'
maintainers:
- name: DellEMC
name: csi-isilon
sources:
- https://github.com/dell/csi-isilon
version: 2.6.1

10
charts/dell/csi-isilon/app-readme.md Normal file
View File

@ -0,0 +1,10 @@
## Prerequisites
1. Create a namespace named isilon
2. Create a secret named "isilon-creds" in the namespace created above. Sample [secret.yaml](https://github.com/dell/csi-powerscale/blob/main/samples/secret/secret.yaml).
>Secret must be of type opaque.
3. Create a secret named "Isilon-cert-0" in the namespace created above. Sample [empty-secret.yaml](https://github.com/dell/csi-powerscale/blob/main/samples/secret/empty-secret.yaml).
>Secret must be of type opaque.
4. Create storage classes using ones from [samples](https://github.com/dell/csi-powerscale/blob/main/samples/storageclass) folder as an example.
5. Install the chart with the name "csi-islon".
The table [here](https://github.com/dell/csi-powerscale/blob/main/helm/csi-isilon/values.yaml) lists the configurable parameters of the chart and their default values

50
charts/dell/csi-isilon/templates/_helpers.tpl Normal file
View File

@ -0,0 +1,50 @@
{{/*
Return the appropriate sidecar images based on k8s version
*/}}
{{- define "csi-isilon.attacherImage" -}}
{{- if eq .Capabilities.KubeVersion.Major "1" }}
{{- if and (ge (trimSuffix "+" .Capabilities.KubeVersion.Minor) "21") (le (trimSuffix "+" .Capabilities.KubeVersion.Minor) "26") -}}
{{- print "k8s.gcr.io/sig-storage/csi-attacher:v4.2.0" -}}
{{- end -}}
{{- end -}}
{{- end -}}
{{- define "csi-isilon.provisionerImage" -}}
{{- if eq .Capabilities.KubeVersion.Major "1" }}
{{- if and (ge (trimSuffix "+" .Capabilities.KubeVersion.Minor) "21") (le (trimSuffix "+" .Capabilities.KubeVersion.Minor) "26") -}}
{{- print "k8s.gcr.io/sig-storage/csi-provisioner:v3.4.0" -}}
{{- end -}}
{{- end -}}
{{- end -}}
{{- define "csi-isilon.snapshotterImage" -}}
{{- if eq .Capabilities.KubeVersion.Major "1" }}
{{- if and (ge (trimSuffix "+" .Capabilities.KubeVersion.Minor) "21") (le (trimSuffix "+" .Capabilities.KubeVersion.Minor) "26") -}}
{{- print "k8s.gcr.io/sig-storage/csi-snapshotter:v6.2.1" -}}
{{- end -}}
{{- end -}}
{{- end -}}
{{- define "csi-isilon.resizerImage" -}}
{{- if eq .Capabilities.KubeVersion.Major "1" }}
{{- if and (ge (trimSuffix "+" .Capabilities.KubeVersion.Minor) "21") (le (trimSuffix "+" .Capabilities.KubeVersion.Minor) "26") -}}
{{- print "k8s.gcr.io/sig-storage/csi-resizer:v1.7.0" -}}
{{- end -}}
{{- end -}}
{{- end -}}
{{- define "csi-isilon.registrarImage" -}}
{{- if eq .Capabilities.KubeVersion.Major "1" }}
{{- if and (ge (trimSuffix "+" .Capabilities.KubeVersion.Minor) "21") (le (trimSuffix "+" .Capabilities.KubeVersion.Minor) "26") -}}
{{- print "k8s.gcr.io/sig-storage/csi-node-driver-registrar:v2.6.3" -}}
{{- end -}}
{{- end -}}
{{- end -}}
{{- define "csi-isilon.healthmonitorImage" -}}
{{- if eq .Capabilities.KubeVersion.Major "1" }}
{{- if and (ge (trimSuffix "+" .Capabilities.KubeVersion.Minor) "21") (le (trimSuffix "+" .Capabilities.KubeVersion.Minor) "26") -}}
{{- print "gcr.io/k8s-staging-sig-storage/csi-external-health-monitor-controller:v0.8.0" -}}
{{- end -}}
{{- end -}}
{{- end -}}

553
charts/dell/csi-isilon/templates/controller.yaml Normal file
View File

@ -0,0 +1,553 @@
apiVersion: v1
kind: ServiceAccount
metadata:
name: {{ .Release.Name }}-controller
namespace: {{ .Release.Namespace }}
---
kind: ClusterRole
apiVersion: rbac.authorization.k8s.io/v1
metadata:
name: {{ .Release.Name }}-controller
rules:
- apiGroups: [""]
resources: ["events"]
verbs: ["list", "watch", "create", "update", "patch"]
- apiGroups: [""]
resources: ["nodes"]
{{- if hasKey .Values "podmon" }}
{{- if eq .Values.podmon.enabled true }}
verbs: ["get", "list", "watch", "patch"]
{{- else }}
verbs: ["get", "list", "watch"]
{{- end }}
{{- end }}
- apiGroups: [""]
resources: ["persistentvolumes"]
verbs: ["get", "list", "watch", "create", "delete", "update"]
- apiGroups: [""]
resources: ["persistentvolumeclaims"]
verbs: ["get", "list", "watch", "update"]
- apiGroups: [""]
resources: ["pods"]
{{- if hasKey .Values "podmon" }}
{{- if eq .Values.podmon.enabled true }}
verbs: ["get", "list", "watch", "update", "delete"]
{{- else }}
verbs: ["get", "list", "watch"]
{{- end }}
{{- end }}
- apiGroups: ["storage.k8s.io"]
resources: ["storageclasses"]
verbs: ["get", "list", "watch"]
- apiGroups: ["storage.k8s.io"]
resources: ["volumeattachments"]
{{- if hasKey .Values "podmon" }}
{{- if eq .Values.podmon.enabled true }}
verbs: ["get", "list", "watch", "update", "patch", "delete"]
{{- else }}
verbs: ["get", "list", "watch", "update", "patch"]
{{- end }}
{{- end }}
- apiGroups: ["storage.k8s.io"]
resources: ["volumeattachments/status"]
verbs: ["patch"]
- apiGroups: ["csi.storage.k8s.io"]
resources: ["csinodeinfos"]
verbs: ["get", "list", "watch"]
- apiGroups: ["storage.k8s.io"]
resources: ["csinodes"]
verbs: ["get", "list", "watch", "update"]
# below for snapshotter
- apiGroups: [""]
resources: ["secrets"]
verbs: ["get", "list"]
- apiGroups: ["snapshot.storage.k8s.io"]
resources: ["volumesnapshotclasses"]
verbs: ["get", "list", "watch"]
- apiGroups: ["snapshot.storage.k8s.io"]
resources: ["volumesnapshotcontents"]
verbs: ["create", "get", "list", "watch", "update", "delete", "patch"]
- apiGroups: ["snapshot.storage.k8s.io"]
resources: ["volumesnapshots"]
verbs: ["get", "list", "watch", "update"]
- apiGroups: ["snapshot.storage.k8s.io"]
resources: ["volumesnapshots/status"]
verbs: ["update"]
- apiGroups: ["snapshot.storage.k8s.io"]
resources: ["volumesnapshotcontents/status"]
verbs: ["update"]
- apiGroups: ["apiextensions.k8s.io"]
resources: ["customresourcedefinitions"]
verbs: ["create", "list", "watch", "delete"]
# below for resizer
- apiGroups: [""]
resources: ["persistentvolumes"]
verbs: ["update", "patch"]
- apiGroups: [""]
resources: ["persistentvolumeclaims/status"]
verbs: ["update", "patch"]
- apiGroups: ["coordination.k8s.io"]
resources: ["leases"]
verbs: ["get", "watch", "list", "delete", "update", "create"]
# below for dell-csi-replicator
{{- if hasKey .Values.controller "replication" }}
{{- if eq .Values.controller.replication.enabled true}}
- apiGroups: ["replication.storage.dell.com"]
resources: ["dellcsireplicationgroups"]
verbs: ["create", "delete", "get", "list", "patch", "update", "watch"]
- apiGroups: ["replication.storage.dell.com"]
resources: ["dellcsireplicationgroups/status"]
verbs: ["get", "patch", "update"]
- apiGroups: [""]
resources: ["configmaps"]
verbs: ["create", "delete", "get", "list", "watch", "update", "patch"]
{{- end}}
{{- end}}
---
kind: ClusterRoleBinding
apiVersion: rbac.authorization.k8s.io/v1
metadata:
name: {{ .Release.Name }}-controller
subjects:
- kind: ServiceAccount
name: {{ .Release.Name }}-controller
namespace: {{ .Release.Namespace }}
roleRef:
kind: ClusterRole
name: {{ .Release.Name }}-controller
apiGroup: rbac.authorization.k8s.io
---
kind: Deployment
apiVersion: apps/v1
metadata:
name: {{ .Release.Name }}-controller
namespace: {{ .Release.Namespace }}
{{- if hasKey .Values "authorization" }}
{{- if eq .Values.authorization.enabled true }}
annotations:
com.dell.karavi-authorization-proxy: "true"
{{ end }}
{{ end }}
spec:
selector:
matchLabels:
app: {{ .Release.Name }}-controller
{{- if lt (.Values.controller.controllerCount | toString | atoi ) 1 -}}
{{- fail "value for .Values.controller.controllerCount should be atleast 1" }}
{{- else }}
replicas: {{ required "Must provide the number of controller instances to create." .Values.controller.controllerCount }}
{{- end }}
strategy:
type: RollingUpdate
rollingUpdate:
maxUnavailable: 1
template:
metadata:
labels:
app: {{ .Release.Name }}-controller
spec:
serviceAccount: {{ .Release.Name }}-controller
affinity:
podAntiAffinity:
requiredDuringSchedulingIgnoredDuringExecution:
- labelSelector:
matchExpressions:
- key: app
operator: In
values:
- {{ .Release.Name }}-controller
topologyKey: kubernetes.io/hostname
{{ if .Values.controller.nodeSelector }}
nodeSelector:
{{- toYaml .Values.controller.nodeSelector | nindent 8 }}
{{ end }}
{{ if .Values.controller.tolerations }}
tolerations:
{{- toYaml .Values.controller.tolerations | nindent 8 }}
{{ end }}
containers:
{{- $encModes := list false }}
{{- if eq .Values.encryption.enabled true }}
{{- $encModes = list false true }}
{{- end }}
{{- range $encrypted := $encModes }}
{{- with $ }}
{{- $driverSock := "csi.sock" }}
{{- $csiSidecarSuffix := "" }}
{{- if $encrypted }}
{{- $driverSock = "csi-sec.sock" }}
{{- $csiSidecarSuffix = "-sec" }}
{{- end }}
{{- $driverSockPath := printf "/var/run/csi/%s" $driverSock }}
{{- if not $encrypted }}
{{- if hasKey .Values "podmon" }}
{{- if eq .Values.podmon.enabled true }}
- name: podmon
image: {{ required "Must provide the podmon container image." .Values.podmon.image }}
imagePullPolicy: {{ .Values.imagePullPolicy }}
args:
{{- toYaml .Values.podmon.controller.args | nindent 12 }}
env:
- name: MY_NODE_NAME
valueFrom:
fieldRef:
fieldPath: spec.nodeName
- name: MY_POD_NAME
valueFrom:
fieldRef:
fieldPath: metadata.name
- name: MY_POD_NAMESPACE
valueFrom:
fieldRef:
fieldPath: metadata.namespace
volumeMounts:
- name: socket-dir
mountPath: /var/run/csi
- name: csi-isilon-config-params
mountPath: /csi-isilon-config-params
{{- end }}
{{- end }}
{{- if hasKey .Values.controller "replication" }}
{{- if eq .Values.controller.replication.enabled true}}
- name: dell-csi-replicator
image: {{ required "Must provide the Dell CSI Replicator image." .Values.controller.replication.image}}
imagePullPolicy: {{ .Values.imagePullPolicy }}
args:
- "--csi-address={{ $driverSockPath }}"
- "--leader-election=true"
- "--worker-threads=2"
- "--retry-interval-start=1s"
- "--retry-interval-max=300s"
- "--timeout=300s"
- "--context-prefix={{ .Values.controller.replication.replicationContextPrefix}}"
- "--prefix={{ .Values.controller.replication.replicationPrefix}}"
env:
- name: X_CSI_REPLICATION_CONFIG_DIR
value: /csi-isilon-config-params
- name: X_CSI_REPLICATION_CONFIG_FILE_NAME
value: driver-config-params.yaml
volumeMounts:
- name: socket-dir
mountPath: /var/run/csi
- name: csi-isilon-config-params
mountPath: /csi-isilon-config-params
{{- end }}
{{- end }}
{{- end }}
{{- if hasKey .Values.controller "resizer" }}
{{- if eq .Values.controller.resizer.enabled true }}
- name: resizer{{ $csiSidecarSuffix }}
image: {{ required "Must provide the CSI resizer container image." ( include "csi-isilon.resizerImage" . ) }}
imagePullPolicy: {{ .Values.imagePullPolicy }}
args:
- "--csi-address={{ $driverSockPath }}"
- "--leader-election"
- "--timeout=120s"
- "--v=5"
{{- if hasKey .Values.controller "leaderElection" }}
{{- if hasKey .Values.controller.leaderElection "leaderElectionRenewDeadline" }}
- "--leader-election-renew-deadline={{ .Values.controller.leaderElection.leaderElectionRenewDeadline }}"
{{end}}
{{- if hasKey .Values.controller.leaderElection "leaderElectionLeaseDuration" }}
- "--leader-election-lease-duration={{ .Values.controller.leaderElection.leaderElectionLeaseDuration }}"
{{end}}
{{- if hasKey .Values.controller.leaderElection "leaderElectionLeaseDuration" }}
- "--leader-election-retry-period={{ .Values.controller.leaderElection.leaderElectionRetryPeriod }}"
{{end}}
{{end}}
volumeMounts:
- name: socket-dir
mountPath: /var/run/csi
{{ end }}
{{ end }}
- name: attacher{{ $csiSidecarSuffix }}
image: {{ required "Must provide the CSI attacher container image." ( include "csi-isilon.attacherImage" . ) }}
imagePullPolicy: {{ .Values.imagePullPolicy }}
args:
- "--csi-address={{ $driverSockPath }}"
- "--v=5"
- "--leader-election"
- "--timeout=180s"
{{- if hasKey .Values.controller "leaderElection" }}
{{- if hasKey .Values.controller.leaderElection "leaderElectionRenewDeadline" }}
- "--leader-election-renew-deadline={{ .Values.controller.leaderElection.leaderElectionRenewDeadline }}"
{{end}}
{{- if hasKey .Values.controller.leaderElection "leaderElectionLeaseDuration" }}
- "--leader-election-lease-duration={{ .Values.controller.leaderElection.leaderElectionLeaseDuration }}"
{{end}}
{{- if hasKey .Values.controller.leaderElection "leaderElectionLeaseDuration" }}
- "--leader-election-retry-period={{ .Values.controller.leaderElection.leaderElectionRetryPeriod }}"
{{end}}
{{end}}
volumeMounts:
- name: socket-dir
mountPath: /var/run/csi
{{- if not $encrypted }}
{{- if hasKey .Values.controller "healthMonitor" }}
{{- if eq .Values.controller.healthMonitor.enabled true }}
- name: external-health-monitor-controller
image: {{ required "Must provide the CSI external-health-monitor-controller container image." ( include "csi-isilon.healthmonitorImage" . ) }}
imagePullPolicy: {{ .Values.imagePullPolicy }}
args:
- "--csi-address={{ $driverSockPath }}"
- "--v=5"
- "--leader-election"
- "--enable-node-watcher=true"
- "--monitor-interval={{ .Values.controller.healthMonitor.interval | default "60s" }}"
- "--timeout=180s"
- "--http-endpoint=:8080"
{{- if hasKey .Values.controller "leaderElection" }}
{{- if hasKey .Values.controller.leaderElection "leaderElectionRenewDeadline" }}
- "--leader-election-renew-deadline={{ .Values.controller.leaderElection.leaderElectionRenewDeadline }}"
{{end}}
{{- if hasKey .Values.controller.leaderElection "leaderElectionLeaseDuration" }}
- "--leader-election-lease-duration={{ .Values.controller.leaderElection.leaderElectionLeaseDuration }}"
{{end}}
{{- if hasKey .Values.controller.leaderElection "leaderElectionLeaseDuration" }}
- "--leader-election-retry-period={{ .Values.controller.leaderElection.leaderElectionRetryPeriod }}"
{{end}}
{{end}}
volumeMounts:
- name: socket-dir
mountPath: /var/run/csi
{{end}}
{{end}}
{{- end }}
- name: provisioner{{ $csiSidecarSuffix }}
image: {{ required "Must provide the CSI provisioner container image." ( include "csi-isilon.provisionerImage" . ) }}
imagePullPolicy: {{ .Values.imagePullPolicy }}
args:
- "--csi-address={{ $driverSockPath }}"
- "--volume-name-prefix={{ required "Must provide a value to prefix to driver created volume names" .Values.controller.volumeNamePrefix }}"
- "--volume-name-uuid-length=10"
- "--worker-threads=5"
- "--timeout=120s"
- "--v=5"
- "--feature-gates=Topology=true"
- "--leader-election"
- "--extra-create-metadata"
{{- if hasKey .Values.controller "leaderElection" }}
{{- if hasKey .Values.controller.leaderElection "leaderElectionRenewDeadline" }}
- "--leader-election-renew-deadline={{ .Values.controller.leaderElection.leaderElectionRenewDeadline }}"
{{end}}
{{- if hasKey .Values.controller.leaderElection "leaderElectionLeaseDuration" }}
- "--leader-election-lease-duration={{ .Values.controller.leaderElection.leaderElectionLeaseDuration }}"
{{end}}
{{- if hasKey .Values.controller.leaderElection "leaderElectionLeaseDuration" }}
- "--leader-election-retry-period={{ .Values.controller.leaderElection.leaderElectionRetryPeriod }}"
{{end}}
{{end}}
volumeMounts:
- name: socket-dir
mountPath: /var/run/csi
{{- if hasKey .Values.controller "snapshot" }}
{{- if eq .Values.controller.snapshot.enabled true }}
- name: snapshotter{{ $csiSidecarSuffix }}
#image: quay.io/k8scsi/csi-snapshotter:v1.0.0
image: {{ required "Must provide the CSI snapshotter container image." ( include "csi-isilon.snapshotterImage" . ) }}
imagePullPolicy: {{ .Values.imagePullPolicy }}
args:
- "--csi-address={{ $driverSockPath }}"
- "--timeout=120s"
- "--v=5"
- "--snapshot-name-prefix={{ required "Must privided a Snapshot Name Prefix" .Values.controller.snapshot.snapNamePrefix }}"
- "--leader-election"
{{- if hasKey .Values.controller "leaderElection" }}
{{- if hasKey .Values.controller.leaderElection "leaderElectionRenewDeadline" }}
- "--leader-election-renew-deadline={{ .Values.controller.leaderElection.leaderElectionRenewDeadline }}"
{{end}}
{{- if hasKey .Values.controller.leaderElection "leaderElectionLeaseDuration" }}
- "--leader-election-lease-duration={{ .Values.controller.leaderElection.leaderElectionLeaseDuration }}"
{{end}}
{{- if hasKey .Values.controller.leaderElection "leaderElectionLeaseDuration" }}
- "--leader-election-retry-period={{ .Values.controller.leaderElection.leaderElectionRetryPeriod }}"
{{end}}
{{end}}
volumeMounts:
- name: socket-dir
mountPath: /var/run/csi
{{end}}
{{end}}
{{- if not $encrypted }}
- name: driver
image: {{ required "Must provide the Isilon driver image repository." .Values.images.driverRepository }}/{{ .Chart.Name }}:{{ .Values.version }}
imagePullPolicy: {{ .Values.imagePullPolicy }}
command: [ "/csi-isilon" ]
args:
- "--leader-election"
{{- if hasKey .Values.controller "leaderElection" }}
{{- if hasKey .Values.controller.leaderElection "leaderElectionRenewDeadline" }}
- "--leader-election-renew-deadline={{ .Values.controller.leaderElection.leaderElectionRenewDeadline }}"
{{end}}
{{- if hasKey .Values.controller.leaderElection "leaderElectionLeaseDuration" }}
- "--leader-election-lease-duration={{ .Values.controller.leaderElection.leaderElectionLeaseDuration }}"
{{end}}
{{- if hasKey .Values.controller.leaderElection "leaderElectionLeaseDuration" }}
- "--leader-election-retry-period={{ .Values.controller.leaderElection.leaderElectionRetryPeriod }}"
{{end}}
{{end}}
- "--driver-config-params=/csi-isilon-config-params/driver-config-params.yaml"
env:
- name: CSI_ENDPOINT
value: "{{ $driverSockPath }}"
- name: X_CSI_MODE
value: controller
- name: X_CSI_ISI_SKIP_CERTIFICATE_VALIDATION
value: "{{ .Values.skipCertificateValidation }}"
- name: X_CSI_ISI_AUTH_TYPE
value: "{{ .Values.isiAuthType }}"
- name: X_CSI_VERBOSE
value: "{{ .Values.verbose }}"
- name: X_CSI_ISI_PORT
value: "{{ .Values.endpointPort }}"
- name: X_CSI_ISI_AUTOPROBE
value: "{{ .Values.autoProbe }}"
- name: X_CSI_ISI_QUOTA_ENABLED
value: "{{ .Values.enableQuota }}"
- name: X_CSI_ISI_ACCESS_ZONE
value: {{ .Values.isiAccessZone }}
- name: X_CSI_CUSTOM_TOPOLOGY_ENABLED
value: "{{ .Values.enableCustomTopology }}"
- name: X_CSI_ISI_PATH
value: {{ .Values.isiPath }}
- name: X_CSI_ISI_VOLUME_PATH_PERMISSIONS
value: "{{ .Values.isiVolumePathPermissions }}"
- name: X_CSI_ISI_IGNORE_UNRESOLVABLE_HOSTS
value: "{{ .Values.ignoreUnresolvableHosts }}"
- name: X_CSI_ISI_NO_PROBE_ON_START
value: "{{ .Values.noProbeOnStart }}"
- name: X_CSI_PODMON_ENABLED
value: "{{ .Values.podmon.enabled }}"
- name: X_CSI_PODMON_API_PORT
value: "{{ .Values.podmonAPIPort }}"
{{- if eq .Values.podmon.enabled true }}
{{- range $key, $value := .Values.podmon.controller.args }}
{{- if contains "--arrayConnectivityPollRate" $value }}
- name: X_CSI_PODMON_ARRAY_CONNECTIVITY_POLL_RATE
value: "{{ (split "=" $value)._1 }}"
{{ end }}
{{ end }}
{{ end }}
{{- if hasKey .Values.controller "replication" }}
{{- if eq .Values.controller.replication.enabled true}}
- name: X_CSI_REPLICATION_CONTEXT_PREFIX
value: {{ .Values.controller.replication.replicationContextPrefix | default "powerscale"}}
- name: X_CSI_REPLICATION_PREFIX
value: {{ .Values.controller.replication.replicationPrefix | default "replication.storage.dell.com"}}
{{- end }}
{{- end }}
{{- if hasKey .Values.controller "healthMonitor" }}
{{- if eq .Values.controller.healthMonitor.enabled true }}
- name: X_CSI_HEALTH_MONITOR_ENABLED
value: "{{ .Values.controller.healthMonitor.enabled }}"
{{end}}
{{end}}
- name: X_CSI_NODE_NAME
valueFrom:
fieldRef:
fieldPath: spec.nodeName
- name: SSL_CERT_DIR
value: /certs
- name: X_CSI_ISI_CONFIG_PATH
value: /isilon-configs/config
- name: X_CSI_MAX_PATH_LIMIT
value: "{{ .Values.maxPathLen }}"
volumeMounts:
- name: socket-dir
mountPath: /var/run/csi
- name: certs
mountPath: /certs
readOnly: true
- name: isilon-configs
mountPath: /isilon-configs
- name: csi-isilon-config-params
mountPath: /csi-isilon-config-params
{{- end }}
{{- if not $encrypted }}
{{- if hasKey .Values "authorization" }}
{{- if eq .Values.authorization.enabled true }}
- name: karavi-authorization-proxy
imagePullPolicy: {{ .Values.imagePullPolicy }}
image: {{ required "Must provide the authorization sidecar container image." .Values.authorization.sidecarProxyImage }}
env:
- name: PROXY_HOST
value: "{{ .Values.authorization.proxyHost }}"
- name: SKIP_CERTIFICATE_VALIDATION
value: "{{ .Values.authorization.skipCertificateValidation }}"
- name: PLUGIN_IDENTIFIER
value: powerscale
- name: ACCESS_TOKEN
valueFrom:
secretKeyRef:
name: proxy-authz-tokens
key: access
- name: REFRESH_TOKEN
valueFrom:
secretKeyRef:
name: proxy-authz-tokens
key: refresh
volumeMounts:
- name: karavi-authorization-config
mountPath: /etc/karavi-authorization/config
- name: proxy-server-root-certificate
mountPath: /etc/karavi-authorization/root-certificates
- name: csi-isilon-config-params
mountPath: /etc/karavi-authorization
{{ end }}
{{ end }}
{{- end }}
{{- if $encrypted }}
- name: driver-sec
image: {{ .Values.encryption.image }}
imagePullPolicy: {{ .Values.imagePullPolicy }}
args:
- --name={{ .Values.encryption.pluginName }}
- --nodeId=$(NODE_ID)
- "--endpoint=unix://var/run/csi/csi-sec.sock"
- "--targetEndpoint=unix://var/run/csi/csi.sock"
- --targetType=Isilon
- --controller
- --logLevel={{ .Values.encryption.logLevel }}
{{- range index .Values.encryption.extraArgs }}
- {{ . | quote }}
{{- end }}
env:
- name: NODE_ID
valueFrom:
fieldRef:
fieldPath: spec.nodeName
volumeMounts:
- name: socket-dir
mountPath: /var/run/csi
{{- end }}
{{- end }}
{{- end }}
volumes:
- name: socket-dir
emptyDir:
- name: certs
projected:
sources:
{{- range $i, $e := until (int .Values.certSecretCount ) }}
- secret:
name: {{ print $.Release.Name "-certs-" $e }}
items:
- key: cert-{{ $e }}
path: cert-{{ $e }}
{{- end }}
- name: isilon-configs
secret:
secretName: {{ .Release.Name }}-creds
- name: csi-isilon-config-params
configMap:
name: {{ .Release.Name }}-config-params
{{- if hasKey .Values "authorization" }}
{{- if eq .Values.authorization.enabled true }}
- name: karavi-authorization-config
secret:
secretName: karavi-authorization-config
- name: proxy-server-root-certificate
secret:
secretName: proxy-server-root-certificate
{{ end }}
{{ end }}

11
charts/dell/csi-isilon/templates/csidriver.yaml Normal file
View File

@ -0,0 +1,11 @@
apiVersion: storage.k8s.io/v1
kind: CSIDriver
metadata:
name: csi-isilon.dellemc.com
spec:
attachRequired: true
podInfoOnMount: true
fsGroupPolicy: {{ .Values.fsGroupPolicy }}
volumeLifecycleModes:
- Persistent
- Ephemeral

14
charts/dell/csi-isilon/templates/driver-config-params.yaml Normal file
View File

@ -0,0 +1,14 @@
apiVersion: v1
kind: ConfigMap
metadata:
name: {{ .Release.Name }}-config-params
namespace: {{ .Release.Namespace }}
data:
driver-config-params.yaml: |
CSI_LOG_LEVEL: "{{ .Values.logLevel }}"
{{ if .Values.podmon.enabled }}
PODMON_CONTROLLER_LOG_LEVEL: "{{ .Values.logLevel }}"
PODMON_CONTROLLER_LOG_FORMAT: "{{ .Values.logFormat }}"
PODMON_NODE_LOG_LEVEL: "{{ .Values.logLevel }}"
PODMON_NODE_LOG_FORMAT: "{{ .Values.logFormat }}"
{{ end }}

458
charts/dell/csi-isilon/templates/node.yaml Normal file
View File

@ -0,0 +1,458 @@
apiVersion: v1
kind: ServiceAccount
metadata:
name: {{ .Release.Name }}-node
namespace: {{ .Release.Namespace }}
---
kind: ClusterRole
apiVersion: rbac.authorization.k8s.io/v1
metadata:
name: {{ .Release.Name }}-node
rules:
- apiGroups: [""]
resources: ["persistentvolumes"]
verbs: ["create", "delete", "get", "list", "watch", "update"]
- apiGroups: [""]
resources: ["persistentvolumesclaims"]
verbs: ["get", "list", "watch", "update"]
- apiGroups: [""]
resources: ["events"]
verbs: ["get", "list", "watch", "create", "update", "patch"]
- apiGroups: [""]
resources: ["nodes"]
verbs: ["get", "list", "watch", "update", "patch"]
- apiGroups: ["storage.k8s.io"]
resources: ["volumeattachments"]
verbs: ["get", "list", "watch", "update"]
- apiGroups: ["storage.k8s.io"]
resources: ["storageclasses"]
verbs: ["get", "list", "watch"]
- apiGroups: ["storage.k8s.io"]
resources: ["volumeattachments"]
verbs: ["get", "list", "watch", "update"]
- apiGroups: [ "security.openshift.io" ]
resourceNames: [ "privileged" ]
resources: [ "securitycontextconstraints" ]
verbs: [ "use" ]
{{- if hasKey .Values "podmon" }}
{{- if eq .Values.podmon.enabled true }}
- apiGroups: [""]
resources: ["pods"]
verbs: ["get", "list", "watch", "update", "delete"]
- apiGroups: ["coordination.k8s.io"]
resources: ["leases"]
verbs: ["get", "watch", "list", "delete", "update", "create"]
{{ end }}
{{ end }}
---
kind: ClusterRoleBinding
apiVersion: rbac.authorization.k8s.io/v1
metadata:
name: {{ .Release.Name }}-node
subjects:
- kind: ServiceAccount
name: {{ .Release.Name }}-node
namespace: {{ .Release.Namespace }}
roleRef:
kind: ClusterRole
name: {{ .Release.Name }}-node
apiGroup: rbac.authorization.k8s.io
---
kind: DaemonSet
apiVersion: apps/v1
metadata:
name: {{ .Release.Name }}-node
namespace: {{ .Release.Namespace }}
{{- if hasKey .Values "authorization" }}
{{- if eq .Values.authorization.enabled true }}
annotations:
com.dell.karavi-authorization-proxy: "true"
{{ end }}
{{ end }}
spec:
selector:
matchLabels:
app: {{ .Release.Name }}-node
template:
metadata:
labels:
app: {{ .Release.Name }}-node
{{- if .Values.podmon.enabled }}
driver.dellemc.com: dell-storage
{{- end }}
spec:
serviceAccount: {{ .Release.Name }}-node
{{ if .Values.node.nodeSelector }}
nodeSelector:
{{- toYaml .Values.node.nodeSelector | nindent 8 }}
{{ end }}
{{ if .Values.node.tolerations }}
tolerations:
{{- toYaml .Values.node.tolerations | nindent 8 }}
{{ end }}
hostNetwork: true
dnsPolicy: {{ .Values.node.dnsPolicy }}
containers:
{{- $encModes := list false }}
{{- if eq .Values.encryption.enabled true }}
{{- $encModes = list false true }}
{{- end }}
{{- range $encrypted := $encModes }}
{{- with $ }}
{{- $driverSock := "csi_sock" }}
{{- $csiSidecarSuffix := "" }}
{{- if $encrypted }}
{{- $driverSock = "csi_sec_sock" }}
{{- $csiSidecarSuffix = "-sec" }}
{{- end }}
{{- if hasKey .Values "podmon" }}
{{- if eq .Values.podmon.enabled true }}
- name: podmon
securityContext:
privileged: true
capabilities:
add: ["SYS_ADMIN"]
allowPrivilegeEscalation: true
image: {{ required "Must provide the podmon container image." .Values.podmon.image }}
imagePullPolicy: {{ .Values.imagePullPolicy }}
args:
{{- toYaml .Values.podmon.node.args | nindent 12 }}
env:
- name: KUBE_NODE_NAME
valueFrom:
fieldRef:
apiVersion: v1
fieldPath: spec.nodeName
- name: X_CSI_PRIVATE_MOUNT_DIR
value: "{{ .Values.kubeletConfigDir }}/plugins/csi-isilon/disks"
- name: MY_NODE_NAME
valueFrom:
fieldRef:
fieldPath: spec.nodeName
- name: MY_POD_NAME
valueFrom:
fieldRef:
fieldPath: metadata.name
- name: MY_POD_NAMESPACE
valueFrom:
fieldRef:
fieldPath: metadata.namespace
volumeMounts:
- name: kubelet-pods
mountPath: {{ .Values.kubeletConfigDir }}/pods
mountPropagation: "Bidirectional"
- name: driver-path
mountPath: {{ .Values.kubeletConfigDir }}/plugins/csi-isilon
mountPropagation: "Bidirectional"
- name: volumedevices-path
mountPath: {{ .Values.kubeletConfigDir }}/plugins/kubernetes.io/csi/volumeDevices
mountPropagation: "Bidirectional"
- name: dev
mountPath: /dev
- name: usr-bin
mountPath: /usr-bin
- name: var-run
mountPath: /var/run
- name: csi-isilon-config-params
mountPath: /csi-isilon-config-params
{{- end }}
{{- end }}
{{- if not $encrypted }}
- name: driver
command: ["/csi-isilon"]
args:
- "--driver-config-params=/csi-isilon-config-params/driver-config-params.yaml"
securityContext:
privileged: true
capabilities:
add: ["SYS_ADMIN"]
allowPrivilegeEscalation: true
image: {{ required "Must provide the Isilon driver image repository." .Values.images.driverRepository }}/{{ .Chart.Name }}:{{ .Values.version }}
imagePullPolicy: {{ .Values.imagePullPolicy }}
env:
- name: CSI_ENDPOINT
value: "{{ .Values.kubeletConfigDir }}/plugins/csi-isilon/{{ $driverSock }}"
- name: X_CSI_MODE
value: node
- name: X_CSI_ISI_SKIP_CERTIFICATE_VALIDATION
value: "{{ .Values.skipCertificateValidation }}"
- name: X_CSI_ISI_AUTH_TYPE
value: "{{ .Values.isiAuthType }}"
- name: X_CSI_ALLOWED_NETWORKS
value: "{{ .Values.allowedNetworks }}"
- name: X_CSI_VERBOSE
value: "{{ .Values.verbose }}"
- name: X_CSI_PRIVATE_MOUNT_DIR
value: "{{ .Values.kubeletConfigDir }}/plugins/csi-isilon/disks"
- name: X_CSI_ISI_PORT
value: "{{ .Values.endpointPort }}"
- name: X_CSI_ISI_PATH
value: {{ .Values.isiPath }}
- name: X_CSI_ISI_NO_PROBE_ON_START
value: "{{ .Values.noProbeOnStart }}"
- name: X_CSI_ISI_AUTOPROBE
value: "{{ .Values.autoProbe }}"
- name: X_CSI_NODE_NAME
valueFrom:
fieldRef:
fieldPath: spec.nodeName
- name: X_CSI_NODE_IP
valueFrom:
fieldRef:
fieldPath: status.hostIP
- name: SSL_CERT_DIR
value: /certs
- name: X_CSI_ISI_QUOTA_ENABLED
value: "{{ .Values.enableQuota }}"
- name: X_CSI_CUSTOM_TOPOLOGY_ENABLED
value: "{{ .Values.enableCustomTopology }}"
- name: X_CSI_ISI_CONFIG_PATH
value: /isilon-configs/config
- name: X_CSI_MAX_VOLUMES_PER_NODE
value: "{{ .Values.maxIsilonVolumesPerNode }}"
- name: X_CSI_HEALTH_MONITOR_ENABLED
value: "{{ .Values.node.healthMonitor.enabled }}"
- name: X_CSI_PODMON_ENABLED
value: "{{ .Values.podmon.enabled }}"
- name: X_CSI_PODMON_API_PORT
value: "{{ .Values.podmonAPIPort }}"
{{- if eq .Values.podmon.enabled true }}
{{- range $key, $value := .Values.podmon.node.args }}
{{- if contains "--arrayConnectivityPollRate" $value }}
- name: X_CSI_PODMON_ARRAY_CONNECTIVITY_POLL_RATE
value: "{{ (split "=" $value)._1 }}"
{{ end }}
{{ end }}
{{ end }}
- name: X_CSI_MAX_PATH_LIMIT
value: "{{ .Values.maxPathLen }}"
volumeMounts:
- name: driver-path
mountPath: {{ .Values.kubeletConfigDir }}/plugins/csi-isilon
{{- if eq .Values.encryption.enabled true }}
- name: staging-dir
mountPath: {{ .Values.kubeletConfigDir }}/plugins/kubernetes.io/csi
mountPropagation: Bidirectional
{{- else }}
- name: volumedevices-path
mountPath: {{ .Values.kubeletConfigDir }}/plugins/kubernetes.io/csi/volumeDevices
{{- end }}
- name: pods-path
mountPath: {{ .Values.kubeletConfigDir }}/pods
mountPropagation: "Bidirectional"
- name: dev
mountPath: /dev
- name: certs
mountPath: /certs
readOnly: true
- name: isilon-configs
mountPath: /isilon-configs
- name: csi-isilon-config-params
mountPath: /csi-isilon-config-params
{{- end }}
- name: registrar{{ $csiSidecarSuffix }}
image: {{ required "Must provide the CSI node registrar container image." ( include "csi-isilon.registrarImage" . ) }}
imagePullPolicy: {{ .Values.imagePullPolicy }}
args:
- "--v=5"
- "--csi-address=/csi/{{ $driverSock }}"
- --kubelet-registration-path={{ .Values.kubeletConfigDir }}/plugins/csi-isilon/{{ $driverSock }}
env:
- name: KUBE_NODE_NAME
valueFrom:
fieldRef:
apiVersion: v1
fieldPath: spec.nodeName
volumeMounts:
- name: registration-dir
mountPath: /registration
- name: driver-path
mountPath: /csi
{{- if not $encrypted }}
{{- if hasKey .Values "authorization" }}
{{- if eq .Values.authorization.enabled true }}
- name: karavi-authorization-proxy
imagePullPolicy: {{ .Values.imagePullPolicy }}
image: {{ required "Must provide the authorization sidecar container image." .Values.authorization.sidecarProxyImage }}
env:
- name: PROXY_HOST
value: "{{ .Values.authorization.proxyHost }}"
- name: SKIP_CERTIFICATE_VALIDATION
value: "{{ .Values.authorization.skipCertificateValidation }}"
- name: PLUGIN_IDENTIFIER
value: powerscale
- name: ACCESS_TOKEN
valueFrom:
secretKeyRef:
name: proxy-authz-tokens
key: access
- name: REFRESH_TOKEN
valueFrom:
secretKeyRef:
name: proxy-authz-tokens
key: refresh
volumeMounts:
- name: karavi-authorization-config
mountPath: /etc/karavi-authorization/config
- name: proxy-server-root-certificate
mountPath: /etc/karavi-authorization/root-certificates
- name: csi-isilon-config-params
mountPath: /etc/karavi-authorization
{{ end }}
{{ end }}
{{- end }}
{{- if $encrypted }}
- name: driver-sec
image: {{ .Values.encryption.image }}
imagePullPolicy: {{ .Values.imagePullPolicy }}
securityContext:
privileged: true
allowPrivilegeEscalation: true
capabilities:
add: ["SYS_ADMIN"]
args:
- --name={{ .Values.encryption.pluginName }}
- --nodeId=$(NODE_ID)
- "--endpoint=unix://var/run/csi/csi_sec_sock"
- "--targetEndpoint=unix://var/run/csi/csi_sock"
- --targetType=Isilon
- --vaultClientConfig=/etc/dea/vault/client.json
- --logLevel={{ .Values.encryption.logLevel }}
- --licenseName=/etc/dea/license/license
{{- if .Values.encryption.livenessPort }}
- --livenessPort={{ .Values.encryption.livenessPort }}
{{- end}}
- --apiPort={{ .Values.encryption.apiPort }}
{{- range index .Values.encryption.extraArgs }}
- {{ . | quote }}
{{- end }}
env:
- name: NODE_ID
valueFrom:
fieldRef:
fieldPath: spec.nodeName
{{- if eq .Values.encryption.ocp true }}
- name: CORE_ID
value: "{{ required "encryption.ocpCoreID not set to core user uid:gid" .Values.encryption.ocpCoreID }}"
{{- end }}
volumeMounts:
- name: vault-config
mountPath: /etc/dea/vault
- name: driver-path
mountPath: /var/run/csi
- name: pods-path
mountPath: {{ .Values.kubeletConfigDir }}/pods
mountPropagation: Bidirectional
- name: staging-dir
mountPath: {{ .Values.kubeletConfigDir }}/plugins/kubernetes.io/csi
mountPropagation: Bidirectional
- name: user-home
{{- if eq .Values.encryption.ocp true }}
mountPath: /corehome
{{- else }}
mountPath: /roothome
{{- end }}
- name: license-config
mountPath: /etc/dea/license
{{- if .Values.encryption.livenessPort }}
livenessProbe:
httpGet:
path: /liveprobe
port: {{ .Values.encryption.livenessPort }}
initialDelaySeconds: 1500
periodSeconds: 1000
timeoutSeconds: 3
failureThreshold: 100
{{- end }}
{{- end }}
{{- end }}
{{- end }}
volumes:
- name: registration-dir
hostPath:
path: {{ .Values.kubeletConfigDir }}/plugins_registry/
type: DirectoryOrCreate
- name: driver-path
hostPath:
path: {{ .Values.kubeletConfigDir }}/plugins/csi-isilon
type: DirectoryOrCreate
- name: volumedevices-path
hostPath:
path: {{ .Values.kubeletConfigDir }}/plugins/kubernetes.io/csi/volumeDevices
type: DirectoryOrCreate
- name: pods-path
hostPath:
path: {{ .Values.kubeletConfigDir }}/pods
type: Directory
- name: dev
hostPath:
path: /dev
type: Directory
- name: certs
projected:
sources:
{{- range $i, $e := until (int .Values.certSecretCount ) }}
- secret:
name: {{ print $.Release.Name "-certs-" $e }}
items:
- key: cert-{{ $e }}
path: cert-{{ $e }}
{{- end }}
- name: isilon-configs
secret:
secretName: {{ .Release.Name }}-creds
- name: csi-isilon-config-params
configMap:
name: {{ .Release.Name }}-config-params
{{- if hasKey .Values "authorization" }}
{{- if eq .Values.authorization.enabled true }}
- name: karavi-authorization-config
secret:
secretName: karavi-authorization-config
- name: proxy-server-root-certificate
secret:
secretName: proxy-server-root-certificate
{{ end }}
{{ end }}
{{- if hasKey .Values "podmon" }}
{{- if eq .Values.podmon.enabled true }}
- name: usr-bin
hostPath:
path: /usr/bin
type: Directory
- name: kubelet-pods
hostPath:
path: /var/lib/kubelet/pods
type: Directory
- name: var-run
hostPath:
path: /var/run
type: Directory
{{ end }}
{{ end }}
{{- if eq .Values.encryption.enabled true }}
- name: vault-config
projected:
sources:
- secret:
name: vault-cert
- secret:
name: vault-auth
- configMap:
name: vault-client-conf
- name: staging-dir
hostPath:
path: {{ .Values.kubeletConfigDir }}/plugins/kubernetes.io/csi
type: DirectoryOrCreate
- name: user-home
hostPath:
{{- if eq .Values.encryption.ocp true }}
path: /home/core
{{- else }}
path: /root
{{- end }}
type: Directory
- name: license-config
secret:
secretName: encryption-license
{{- end }}

42
charts/dell/csi-isilon/templates/sec-rolebinding.yaml Normal file
View File

@ -0,0 +1,42 @@
{{- if eq .Values.encryption.enabled true }}
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRole
metadata:
creationTimestamp: null
name: {{ .Release.Name }}-manager-role
rules:
- apiGroups:
- ""
resources:
- namespaces
verbs:
- get
- list
- apiGroups:
- ""
resources:
- secrets
verbs:
- get
- list
- watch
---
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRoleBinding
metadata:
name: {{ .Release.Name }}-manager-rolebinding
namespace: kube-system
roleRef:
apiGroup: rbac.authorization.k8s.io
kind: ClusterRole
name: {{ .Release.Name }}-manager-role
subjects:
- kind: ServiceAccount
# "system:serviceaccount:isilon:isilon-node"
name: {{ .Release.Name }}-node
namespace: {{ .Release.Namespace }}
- kind: ServiceAccount
# "system:serviceaccount:isilon:isilon-controller"
name: {{ .Release.Name }}-controller
namespace: {{ .Release.Namespace }}
{{ end }}

17
charts/dell/csi-isilon/templates/validation.yaml Normal file
View File

@ -0,0 +1,17 @@
{{- if .Values.encryption.enabled }}
{{- if .Values.authorization.enabled }}
{{- fail "Encryption cannot be enabled in tandem with Authorization. Please adjust your values.yaml to disable one or the other" }}
{{- end }}
{{- if .Values.controller.replication.enabled }}
{{- fail "Encryption cannot be enabled in tandem with Replication. Please adjust your values.yaml to disable one or the other" }}
{{- end }}
{{- if .Values.controller.healthMonitor.enabled }}
{{- fail "Encryption cannot be enabled in tandem with Health Monitor. Please adjust your values.yaml to disable one or the other" }}
{{- end }}
{{- if .Values.podmon.enabled }}
{{- fail "Encryption cannot be enabled in tandem with Pods Monitor. Please adjust your values.yaml to disable one or the other" }}
{{- end }}
{{- if ne (.Values.controller.controllerCount | toString | atoi ) 1 }}
{{- fail "Encryption can only be enabled with controller.controllerCount 1" }}
{{- end }}
{{- end }}

438
charts/dell/csi-isilon/values.yaml Normal file
View File

@ -0,0 +1,438 @@
## K8S/DRIVER ATTRIBUTES
########################
# version: version of this values file
# Note: Do not change this value
version: "v2.6.1"
# CSI driver log level
# Allowed values: "error", "warn"/"warning", "info", "debug"
# Default value: "debug"
logLevel: "debug"
# certSecretCount: Represents number of certificate secrets, which user is going to create for
# ssl authentication. (isilon-cert-0..isilon-cert-n)
# Allowed values: n, where n > 0
# Default value: None
certSecretCount: 1
# allowedNetworks: Custom networks for PowerScale export
# Specify list of networks which can be used for NFS I/O traffic; CIDR format should be used.
# Allowed values: list of one or more networks
# Default value: None
# Examples: [192.168.1.0/24, 192.168.100.0/22]
allowedNetworks: []
# maxIsilonVolumesPerNode: Specify default value for maximum number of volumes that controller can publish to the node.
# If value is zero CO SHALL decide how many volumes of this type can be published by the controller to the node.
# This limit is applicable to all the nodes in the cluster for which node label 'max-isilon-volumes-per-node' is not set.
# Allowed values: n, where n >= 0
# Default value: 0
maxIsilonVolumesPerNode: 0
# imagePullPolicy: Policy to determine if the image should be pulled prior to starting the container.
# Allowed values:
# Always: Always pull the image.
# IfNotPresent: Only pull the image if it does not already exist on the node.
# Never: Never pull the image.
# Default value: None
imagePullPolicy: IfNotPresent
# verbose: Indicates what content of the OneFS REST API message should be logged in debug level logs
# Allowed Values:
# 0: log full content of the HTTP request and response
# 1: log without the HTTP response body
# 2: log only 1st line of the HTTP request and response
# Default value: 0
verbose: 1
# Specify kubelet config dir path.
# Ensure that the config.yaml file is present at this path.
# Default value: None
kubeletConfigDir: /var/lib/kubelet
# enableCustomTopology: Specify if custom topology label <provisionerName>.dellemc.com/<powerscalefqdnorip>:<provisionerName>
# has to be used for making connection to backend PowerScale Array.
# If enableCustomTopology is set to true, then do not specify allowedTopologies in storage class.
# Allowed values:
# true : enable custom topology
# false: disable custom topology
# Default value: false
enableCustomTopology: false
# fsGroupPolicy: Defines if the underlying volume supports changing ownership and permission of the volume before being mounted.
# Allowed values:
# ReadWriteOnceWithFSType: supports volume ownership and permissions change only if the fsType is defined
# and the volume's accessModes contains ReadWriteOnce.
# File: kubernetes may use fsGroup to change permissions and ownership of the volume
# to match user requested fsGroup in the pod's security policy regardless of fstype or access mode.
# None: volumes will be mounted with no modifications.
# Default value: ReadWriteOnceWithFSType
fsGroupPolicy: ReadWriteOnceWithFSType
# podmonAPIPort: Defines the port to be used within the kubernetes cluster
# Allowed values:
# Any valid and free port.
# Default value: 8083
podmonAPIPort: 8083
# maxPathLen: this parameter is used for setting the maximum Path length for the given volume.
# Default value: 192
# Examples: 192, 256
maxPathLen: 192
# controller: configure controller pod specific parameters
controller:
# controllerCount: defines the number of csi-powerscale controller pods to deploy to
# the Kubernetes release.
# Allowed values: n, where n > 0
# Default value: None
controllerCount: 2
# volumeNamePrefix: Prefix of PersistentVolume names created
# Allowed values: string
# Default value: None
volumeNamePrefix: k8s
# leaderElection: configure leader election parameters
leaderElection:
# Duration, that non-leader candidates will wait to force acquire leadership
# Allowed values: Duration, in seconds. Must be greater than leaderElectionRenewDeadline
# Default value: 15s
leaderElectionLeaseDuration: 15s
# Duration, that the acting leader will retry refreshing leadership before giving up
# Allowed values: Duration, in seconds. Must be greater than leaderElectionRetryPeriod
# Default value: 10s
leaderElectionRenewDeadline: 10s
# Duration, the LeaderElector clients should wait between tries of actions.
# Allowed values: Duration, in seconds
# Default value: 5s
leaderElectionRetryPeriod: 5s
# replication: allows to configure replication
# Replication CRDs must be installed before installing driver
replication:
# enabled: Enable/Disable replication feature
# Allowed values:
# true: enable replication feature(install dell-csi-replicator sidecar)
# false: disable replication feature(do not install dell-csi-replicator sidecar)
# Default value: false
enabled: false
# image: Image to use for dell-csi-replicator. This shouldn't be changed
# Allowed values: string
# Default value: None
image: dellemc/dell-csi-replicator:v1.4.0
# replicationContextPrefix: prefix to use for naming of resources created by replication feature
# Allowed values: string
# Default value: powerstore
replicationContextPrefix: "powerscale"
# replicationPrefix: prefix to prepend to storage classes parameters
# Allowed values: string
# Default value: replication.storage.dell.com
replicationPrefix: "replication.storage.dell.com"
snapshot:
# enabled: Enable/Disable volume snapshot feature
# Allowed values:
# true: enable volume snapshot feature(install snapshotter sidecar)
# false: disable volume snapshot feature(do not install snapshotter sidecar)
# Default value: None
enabled: true
# snapNamePrefix: Prefix to apply to the names of a created snapshots
# Allowed values: string
# Default value: None
snapNamePrefix: snapshot
resizer:
# enabled: Enable/Disable volume expansion feature
# Allowed values:
# true: enable volume expansion feature(install resizer sidecar)
# false: disable volume snapshot feature(do not install resizer sidecar)
# Default value: None
enabled: true
healthMonitor:
# enabled: Enable/Disable health monitor of CSI volumes- volume status, volume condition
# Allowed values:
# true: enable checking of health condition of CSI volumes
# false: disable checking of health condition of CSI volumes
# Default value: None
enabled: false
# interval: Interval of monitoring volume health condition
# Allowed values: Number followed by unit of time (s,m,h)
# Default value: 60s
interval: 60s
# nodeSelector: Define node selection constraints for pods of controller deployment.
# For the pod to be eligible to run on a node, the node must have each
# of the indicated key-value pairs as labels.
# Leave as blank to consider all nodes
# Allowed values: map of key-value pairs
# Default value: None
nodeSelector:
# Uncomment if nodes you wish to use have the node-role.kubernetes.io/master taint
# node-role.kubernetes.io/master: ""
# Uncomment if nodes you wish to use have the node-role.kubernetes.io/control-plane taint
# node-role.kubernetes.io/control-plane: ""
# tolerations: Define tolerations for the controller deployment, if required.
# Default value: None
# Uncomment if nodes you wish to use have the node-role.kubernetes.io/master taint
tolerations:
# - key: "node-role.kubernetes.io/master"
# operator: "Exists"
# effect: "NoSchedule"
# Uncomment if nodes you wish to use have the node-role.kubernetes.io/control-plane taint
# tolerations:
# - key: "node-role.kubernetes.io/control-plane"
# operator: "Exists"
# effect: "NoSchedule"
# node: configure node pod specific parameters
node:
# nodeSelector: Define node selection constraints for pods of node daemonset
# For the pod to be eligible to run on a node, the node must have each
# of the indicated key-value pairs as labels.
# Leave as blank to consider all nodes
# Allowed values: map of key-value pairs
# Default value: None
nodeSelector:
# Uncomment if nodes you wish to use have the node-role.kubernetes.io/master taint
# node-role.kubernetes.io/master: ""
# Uncomment if nodes you wish to use have the node-role.kubernetes.io/control-plane taint
# node-role.kubernetes.io/control-plane: ""
# tolerations: Define tolerations for the node daemonset, if required.
# Default value: None
# Uncomment if nodes you wish to use have the node-role.kubernetes.io/master taint
tolerations:
# - key: "node.kubernetes.io/memory-pressure"
# operator: "Exists"
# effect: "NoExecute"
# - key: "node.kubernetes.io/disk-pressure"
# operator: "Exists"
# effect: "NoExecute"
# - key: "node.kubernetes.io/network-unavailable"
# operator: "Exists"
# effect: "NoExecute"
# - key: "node-role.kubernetes.io/master"
# operator: "Exists"
# effect: "NoSchedule"
# Uncomment if nodes you wish to use have the node-role.kubernetes.io/control-plane taint
# tolerations:
# - key: "node-role.kubernetes.io/control-plane"
# operator: "Exists"
# effect: "NoSchedule"
# Uncomment if CSM for Resiliency and CSI Driver pods monitor are enabled
#tolerations:
# - key: "offline.vxflexos.storage.dell.com"
# operator: "Exists"
# effect: "NoSchedule"
# - key: "vxflexos.podmon.storage.dell.com"
# operator: "Exists"
# effect: "NoSchedule"
# - key: "offline.unity.storage.dell.com"
# operator: "Exists"
# effect: "NoSchedule"
# - key: "unity.podmon.storage.dell.com"
# operator: "Exists"
# effect: "NoSchedule"
# - key: "offline.isilon.storage.dell.com"
# operator: "Exists"
# effect: "NoSchedule"
# - key: "isilon.podmon.storage.dell.com"
# operator: "Exists"
# effect: "NoSchedule"
# dnsPolicy: Determines the DNS Policy of the Node service.
# Allowed values:
# Default: The Pod inherits the name resolution configuration from the node that the pods run on.
# ClusterFirst: Any DNS query that does not match the configured cluster domain suffix, such as "www.kubernetes.io",
# is forwarded to the upstream nameserver inherited from the node.
# ClusterFirstWithHostNet: For Pods running with hostNetwork, you should explicitly set this DNS policy.
# None: It allows a Pod to ignore DNS settings from the Kubernetes environment.
# All DNS settings are supposed to be provided using the dnsConfig field in the Pod Spec.
# Default value: ClusterFirst
# ClusterFirstWithHostNet is the recommended DNS policy.
# Prior to v1.5 of the driver, the default DNS policy was ClusterFirst.
# In certain scenarios, users might need to change the default dnsPolicy.
dnsPolicy: ClusterFirstWithHostNet
healthMonitor:
# enabled: Enable/Disable health monitor of CSI volumes- volume usage, volume condition
# Allowed values:
# true: enable checking of health condition of CSI volumes
# false: disable checking of health condition of CSI volumes
# Default value: None
enabled: false
## PLATFORM ATTRIBUTES
######################
# endpointPort: Specify the HTTPs port number of the PowerScale OneFS API server
# Formerly this attribute was named as "isiPort"
# This value acts as a default value for endpointPort, if not specified for a cluster config in secret
# If authorization is enabled, endpointPort must match the port specified in the endpoint parameter of the karavi-authorization-config secret
# Allowed value: valid port number
# Default value: 8080
endpointPort: 8080
# skipCertificateValidation: Specify whether the PowerScale OneFS API server's certificate chain and host name should be verified.
# Formerly this attribute was named as "isiInsecure"
# This value acts as a default value for skipCertificateValidation, if not specified for a cluster config in secret
# Allowed values:
# true: skip OneFS API server's certificate verification
# false: verify OneFS API server's certificates
# Default value: false
skipCertificateValidation: true
# isiAuthType: Indicates whether the authentication will be session-based or basic.
# Allowed values:
# 0: enables basic Authentication
# 1: enables session-based Authentication
# Default value: 0
isiAuthType: 0
# isiAccessZone: The name of the access zone a volume can be created in.
# If storageclass is missing with AccessZone parameter, then value of isiAccessZone is used for the same.
# Default value: System
# Examples: System, zone1
isiAccessZone: System
# enableQuota: Indicates whether the provisioner should attempt to set (later unset) quota
# on a newly provisioned volume.
# This requires SmartQuotas to be enabled on PowerScale cluster.
# Allowed values:
# true: set quota for volume
# false: do not set quota for volume
enableQuota: true
# isiPath: The base path for the volumes to be created on PowerScale cluster.
# This value acts as a default value for isiPath, if not specified for a cluster config in secret
# Ensure that this path exists on PowerScale cluster.
# Allowed values: unix absolute path
# Default value: /ifs
# Examples: /ifs/data/csi, /ifs/engineering
isiPath: /ifs/data/csi
# isiVolumePathPermissions: The permissions for isi volume directory path
# This value acts as a default value for isiVolumePathPermissions, if not specified for a cluster config in secret
# Allowed values: valid octal mode number
# Default value: "0777"
# Examples: "0777", "777", "0755"
isiVolumePathPermissions: "0777"
# ignoreUnresolvableHosts: Ignore unresolvable hosts on the OneFS
# When set to true, OneFS allows new host to add to existing export list though any of the existing hosts from the
# same exports are unresolvable/doesn't exist anymore.
# Allowed values:
# true: ignore existing unresolvable hosts and append new host to the existing export
# false: exhibits OneFS default behavior i.e. if any of existing hosts are unresolvable while adding new one it fails
# Default value: false
ignoreUnresolvableHosts: false
# noProbeOnStart: Indicates whether the controller/node should probe all the PowerScale clusters during driver initialization
# When set to true, the driver will not set node labels, please manually add
# the label <provisionerName>.dellemc.com/<powerscalefqdnorip>:<provisionerName> on the nodes for each of the clusters reachable from the node.
# Allowed values:
# true : do not probe all PowerScale clusters during driver initialization
# false: probe all PowerScale clusters during driver initialization
# Default value: false
noProbeOnStart: false
# autoProbe: automatically probe the PowerScale cluster if not done already during CSI calls.
# Allowed values:
# true : enable auto probe.
# false: disable auto probe.
# Default value: false
autoProbe: true
authorization:
enabled: false
# sidecarProxyImage: the container image used for the csm-authorization-sidecar.
# Default value: dellemc/csm-authorization-sidecar:v1.6.0
sidecarProxyImage: dellemc/csm-authorization-sidecar:v1.6.0
# proxyHost: hostname of the csm-authorization server
# Default value: None
proxyHost:
# skipCertificateValidation: certificate validation of the csm-authorization server
# Allowed Values:
# "true" - TLS certificate verification will be skipped
# "false" - TLS certificate will be verified
# Default value: "true"
skipCertificateValidation: true
# Enable this feature only after contact support for additional information
podmon:
enabled: false
image: dellemc/podmon:v1.5.0
#controller:
# args:
# - "--csisock=unix:/var/run/csi/csi.sock"
# - "--labelvalue=csi-isilon"
# - "--arrayConnectivityPollRate=60"
# - "--driverPath=csi-isilon.dellemc.com"
# - "--mode=controller"
# - "--skipArrayConnectionValidation=false"
# - "--driver-config-params=/csi-isilon-config-params/driver-config-params.yaml"
# - "--driverPodLabelValue=dell-storage"
# - "--ignoreVolumelessPods=false"
#node:
# args:
# - "--csisock=unix:/var/lib/kubelet/plugins/csi-isilon/csi_sock"
# - "--labelvalue=csi-isilon"
# - "--arrayConnectivityPollRate=60"
# - "--driverPath=csi-isilon.dellemc.com"
# - "--mode=node"
# - "--leaderelection=false"
# - "--driver-config-params=/csi-isilon-config-params/driver-config-params.yaml"
# - "--driverPodLabelValue=dell-storage"
# - "--ignoreVolumelessPods=false"
encryption:
# enabled: Enable/disable volume encryption feature.
enabled: false
# pluginName: The name of the provisioner to use for encrypted volumes.
pluginName: "sec-isilon.dellemc.com"
# image: Encryption driver image name.
image: "dellemc/csm-encryption:v0.3.0"
# apiPort: TCP port number used by the REST API server.
apiPort: 3838
# logLevel: Log level of the encryption driver.
# Allowed values: "error", "warning", "info", "debug", "trace".
logLevel: "error"
# livenessPort: HTTP liveness probe port number.
# Leave empty to disable the liveness probe.
# Example: 8080
livenessPort:
# ocp: Enable when running on OpenShift Container Platform with CoreOS worker nodes.
ocp: false
# ocpCoreID: User ID and group ID of user core on CoreOS worker nodes.
# Ignored when ocp is set to false.
ocpCoreID: "1000:1000"
# extraArgs: Extra command line parameters to pass to the encryption driver.
# Allowed values:
# --sharedStorage - may be required by some applications to work properly.
# When set, performance is reduced and hard links cannot be created.
# See the gocryptfs documentation for more details.
extraArgs: []
images:
# "driver" defines the container image, used for the driver container.
driverRepository: dellemc

7
charts/kong/kong/CHANGELOG.md
View File

@ -1,5 +1,12 @@
# Changelog
## 2.20.1
### Fixed
* Fix correct timestamp format and remove `isCA` in certificates
[#791](https://github.com/Kong/charts/pull/791)
## 2.20.0
### Improvements

2
charts/kong/kong/Chart.yaml
View File

@ -20,4 +20,4 @@ maintainers:
name: kong
sources:
- https://github.com/Kong/charts/tree/main/charts/kong
version: 2.20.0
version: 2.20.1

5
charts/kong/kong/templates/certificate.yaml
View File

@ -56,9 +56,8 @@ spec:
{{- range (append .dnsNames .commonName) }}
- {{ . | quote }}
{{- end }}
renewBefore: 360h
duration: 2160h
isCA: false
renewBefore: 360h0m0s
duration: 2160h0m0s
{{ if .subject -}}
subject:
{{- toYaml .subject | nindent 4 }}

2
charts/percona/psmdb-db/Chart.yaml
View File

@ -15,4 +15,4 @@ maintainers:
- email: tomislav.plavcic@percona.com
name: tplavcic
name: psmdb-db
version: 1.14.1
version: 1.14.3

16950
charts/percona/psmdb-db/crds/crd.yaml
View File

File diff suppressed because it is too large Load Diff

22
charts/percona/psmdb-db/templates/NOTES.txt
View File

@ -1,3 +1,25 @@
#
% _____
%%% | __ \
###%%%%%%%%%%%%* | |__) |__ _ __ ___ ___ _ __ __ _
### ##%% %%%% | ___/ _ \ '__/ __/ _ \| '_ \ / _` |
#### ##% %%%% | | | __/ | | (_| (_) | | | | (_| |
### #### %%% |_| \___|_| \___\___/|_| |_|\__,_|
,((### ### %%% _ _ _____ _
(((( (### #### %%%% | | / _ \ / ____| | |
((( ((# ###### | | _| (_) |___ | (___ __ _ _ _ __ _ __| |
(((( (((# #### | |/ /> _ </ __| \___ \ / _` | | | |/ _` |/ _` |
/(( ,((( *### | <| (_) \__ \ ____) | (_| | |_| | (_| | (_| |
//// ((( #### |_|\_\\___/|___/ |_____/ \__, |\__,_|\__,_|\__,_|
/// (((( #### | |
/////////////(((((((((((((((((######## |_| Join @ percona.com/k8s
Join Percona Squad! Get early access to new product features, invite-only ”ask me anything” sessions with Percona Kubernetes experts, and monthly swag raffles.
>>> https://percona.com/k8s <<<
Percona Server for MongoDB cluster is deployed now. Get the username and password:
ADMIN_USER=$(kubectl -n {{ .Release.Namespace }} get secrets {{ include "psmdb-database.fullname" . }}-secrets -o jsonpath="{.data.MONGODB_USER_ADMIN_USER}" | base64 --decode)

2
charts/percona/pxc-db/Chart.yaml
View File

@ -19,4 +19,4 @@ maintainers:
- email: natalia.marukovich@percona.com
name: nmarukovich
name: pxc-db
version: 1.12.1
version: 1.12.2

22
charts/percona/pxc-db/templates/NOTES.txt
View File

@ -1,3 +1,25 @@
#
% _____
%%% | __ \
###%%%%%%%%%%%%* | |__) |__ _ __ ___ ___ _ __ __ _
### ##%% %%%% | ___/ _ \ '__/ __/ _ \| '_ \ / _` |
#### ##% %%%% | | | __/ | | (_| (_) | | | | (_| |
### #### %%% |_| \___|_| \___\___/|_| |_|\__,_|
,((### ### %%% _ _ _____ _
(((( (### #### %%%% | | / _ \ / ____| | |
((( ((# ###### | | _| (_) |___ | (___ __ _ _ _ __ _ __| |
(((( (((# #### | |/ /> _ </ __| \___ \ / _` | | | |/ _` |/ _` |
/(( ,((( *### | <| (_) \__ \ ____) | (_| | |_| | (_| | (_| |
//// ((( #### |_|\_\\___/|___/ |_____/ \__, |\__,_|\__,_|\__,_|
/// (((( #### | |
/////////////(((((((((((((((((######## |_| Join @ percona.com/k8s
Join Percona Squad! Get early access to new product features, invite-only ”ask me anything” sessions with Percona Kubernetes experts, and monthly swag raffles.
>>> https://percona.com/k8s <<<
1. To get a MySQL prompt inside your new cluster you can run:
ROOT_PASSWORD=`kubectl -n {{ .Release.Namespace }} get secrets {{ include "pxc-database.fullname" . }} -o jsonpath="{.data.root}" | base64 --decode`

4
charts/trilio/k8s-triliovault-operator/Chart.yaml
View File

@ -4,7 +4,7 @@ annotations:
catalog.cattle.io/kube-version: '>=1.19.0-0'
catalog.cattle.io/release-name: k8s-triliovault-operator
apiVersion: v2
appVersion: 3.0.3
appVersion: 3.1.0
dependencies:
- condition: observability.enabled
name: observability
@ -21,4 +21,4 @@ maintainers:
name: k8s-triliovault-operator
sources:
- https://github.com/trilioData/k8s-triliovault-operator
version: 3.0.3
version: 3.1.0

2
charts/trilio/k8s-triliovault-operator/charts/observability/charts/logging/charts/loki/templates/statefulset.yaml
View File

@ -56,7 +56,7 @@ spec:
{{- end }}
containers:
- name: {{ .Chart.Name }}
image: "{{ .Values.image.repository }}:{{ .Values.image.tag }}"
image: "{{ .Values.image.registry }}/{{ .Values.image.repository }}:{{ .Values.image.tag }}"
imagePullPolicy: {{ .Values.image.pullPolicy }}
args:
- "-config.file=/etc/loki/loki.yaml"

1
charts/trilio/k8s-triliovault-operator/charts/observability/charts/logging/charts/loki/values.yaml
View File

@ -1,4 +1,5 @@
image:
registry: docker.io
repository: grafana/loki
tag: 2.6.1
pullPolicy: IfNotPresent

2
charts/trilio/k8s-triliovault-operator/charts/observability/charts/monitoring/charts/prometheus/charts/kube-state-metrics/templates/deployment.yaml
View File

@ -104,7 +104,7 @@ spec:
readOnly: true
{{- end }}
imagePullPolicy: {{ .Values.image.pullPolicy }}
image: "{{ .Values.image.repository }}:{{ .Values.image.tag }}"
image: "{{ .Values.image.registry }}/{{ .Values.image.repository }}:{{ .Values.image.tag }}"
ports:
- containerPort: {{ .Values.service.port | default 8080}}
name: "http"

3
charts/trilio/k8s-triliovault-operator/charts/observability/charts/monitoring/charts/prometheus/charts/kube-state-metrics/values.yaml
View File

@ -1,7 +1,8 @@
# Default values for kube-state-metrics.
prometheusScrape: true
image:
repository: k8s.gcr.io/kube-state-metrics/kube-state-metrics
registry: k8s.gcr.io
repository: kube-state-metrics/kube-state-metrics
tag: v2.4.1
pullPolicy: IfNotPresent

4
charts/trilio/k8s-triliovault-operator/charts/observability/charts/monitoring/charts/prometheus/templates/alertmanager/deploy.yaml
View File

@ -45,7 +45,7 @@ spec:
{{- end }}
containers:
- name: {{ template "prometheus.name" . }}-{{ .Values.alertmanager.name }}
image: "{{ .Values.alertmanager.image.repository }}:{{ .Values.alertmanager.image.tag }}"
image: "{{ .Values.alertmanager.image.registry }}/{{ .Values.alertmanager.image.repository }}:{{ .Values.alertmanager.image.tag }}"
imagePullPolicy: "{{ .Values.alertmanager.image.pullPolicy }}"
env:
{{- range $key, $value := .Values.alertmanager.extraEnv }}
@ -114,7 +114,7 @@ spec:
{{- if .Values.configmapReload.alertmanager.enabled }}
- name: {{ template "prometheus.name" . }}-{{ .Values.alertmanager.name }}-{{ .Values.configmapReload.alertmanager.name }}
image: "{{ .Values.configmapReload.alertmanager.image.repository }}:{{ .Values.configmapReload.alertmanager.image.tag }}"
image: "{{ .Values.configmapReload.alertmanager.image.registry }}/{{ .Values.configmapReload.alertmanager.image.repository }}:{{ .Values.configmapReload.alertmanager.image.tag }}"
imagePullPolicy: "{{ .Values.configmapReload.alertmanager.image.pullPolicy }}"
args:
- --volume-dir=/etc/config

4
charts/trilio/k8s-triliovault-operator/charts/observability/charts/monitoring/charts/prometheus/templates/alertmanager/sts.yaml
View File

@ -45,7 +45,7 @@ spec:
{{- end }}
containers:
- name: {{ template "prometheus.name" . }}-{{ .Values.alertmanager.name }}
image: "{{ .Values.alertmanager.image.repository }}:{{ .Values.alertmanager.image.tag }}"
image: "{{ .Values.alertmanager.image.registry }}/{{ .Values.alertmanager.image.repository }}:{{ .Values.alertmanager.image.tag }}"
imagePullPolicy: "{{ .Values.alertmanager.image.pullPolicy }}"
env:
{{- range $key, $value := .Values.alertmanager.extraEnv }}
@ -103,7 +103,7 @@ spec:
{{- end }}
{{- if .Values.configmapReload.alertmanager.enabled }}
- name: {{ template "prometheus.name" . }}-{{ .Values.alertmanager.name }}-{{ .Values.configmapReload.alertmanager.name }}
image: "{{ .Values.configmapReload.alertmanager.image.repository }}:{{ .Values.configmapReload.alertmanager.image.tag }}"
image: "{{ .Values.configmapReload.alertmanager.image.registry }}/{{ .Values.configmapReload.alertmanager.image.repository }}:{{ .Values.configmapReload.alertmanager.image.tag }}"
imagePullPolicy: "{{ .Values.configmapReload.alertmanager.image.pullPolicy }}"
args:
- --volume-dir=/etc/config

2
charts/trilio/k8s-triliovault-operator/charts/observability/charts/monitoring/charts/prometheus/templates/node-exporter/daemonset.yaml
View File

@ -40,7 +40,7 @@ spec:
{{- end }}
containers:
- name: {{ template "prometheus.name" . }}-{{ .Values.nodeExporter.name }}
image: "{{ .Values.nodeExporter.image.repository }}:{{ .Values.nodeExporter.image.tag }}"
image: "{{ .Values.nodeExporter.image.registry }}/{{ .Values.nodeExporter.image.repository }}:{{ .Values.nodeExporter.image.tag }}"
imagePullPolicy: "{{ .Values.nodeExporter.image.pullPolicy }}"
args:
- --path.procfs=/host/proc

2
charts/trilio/k8s-triliovault-operator/charts/observability/charts/monitoring/charts/prometheus/templates/pushgateway/deploy.yaml
View File

@ -45,7 +45,7 @@ spec:
{{- end }}
containers:
- name: {{ template "prometheus.name" . }}-{{ .Values.pushgateway.name }}
image: "{{ .Values.pushgateway.image.repository }}:{{ .Values.pushgateway.image.tag }}"
image: "{{ .Values.pushgateway.image.registry }}/{{ .Values.pushgateway.image.repository }}:{{ .Values.pushgateway.image.tag }}"
imagePullPolicy: "{{ .Values.pushgateway.image.pullPolicy }}"
args:
{{- range $key, $value := .Values.pushgateway.extraArgs }}

4
charts/trilio/k8s-triliovault-operator/charts/observability/charts/monitoring/charts/prometheus/templates/server/deploy.yaml
View File

@ -54,7 +54,7 @@ spec:
containers:
{{- if .Values.configmapReload.prometheus.enabled }}
- name: {{ template "prometheus.name" . }}-{{ .Values.server.name }}-{{ .Values.configmapReload.prometheus.name }}
image: "{{ .Values.configmapReload.prometheus.image.repository }}:{{ .Values.configmapReload.prometheus.image.tag }}"
image: "{{ .Values.configmapReload.prometheus.image.registry }}/{{ .Values.configmapReload.prometheus.image.repository }}:{{ .Values.configmapReload.prometheus.image.tag }}"
imagePullPolicy: "{{ .Values.configmapReload.prometheus.image.pullPolicy }}"
args:
- --volume-dir=/etc/config
@ -84,7 +84,7 @@ spec:
{{- end }}
- name: {{ template "prometheus.name" . }}-{{ .Values.server.name }}
image: "{{ .Values.server.image.repository }}:{{ .Values.server.image.tag }}"
image: "{{ .Values.server.image.registry }}/{{ .Values.server.image.repository }}:{{ .Values.server.image.tag }}"
imagePullPolicy: "{{ .Values.server.image.pullPolicy }}"
{{- if .Values.server.env }}
env:

4
charts/trilio/k8s-triliovault-operator/charts/observability/charts/monitoring/charts/prometheus/templates/server/sts.yaml
View File

@ -54,7 +54,7 @@ spec:
containers:
{{- if .Values.configmapReload.prometheus.enabled }}
- name: {{ template "prometheus.name" . }}-{{ .Values.server.name }}-{{ .Values.configmapReload.prometheus.name }}
image: "{{ .Values.configmapReload.prometheus.image.repository }}:{{ .Values.configmapReload.prometheus.image.tag }}"
image: "{{ .Values.configmapReload.prometheus.image.registry }}/{{ .Values.configmapReload.prometheus.image.repository }}:{{ .Values.configmapReload.prometheus.image.tag }}"
imagePullPolicy: "{{ .Values.configmapReload.prometheus.image.pullPolicy }}"
args:
- --volume-dir=/etc/config
@ -84,7 +84,7 @@ spec:
{{- end }}
- name: {{ template "prometheus.name" . }}-{{ .Values.server.name }}
image: "{{ .Values.server.image.repository }}:{{ .Values.server.image.tag }}"
image: "{{ .Values.server.image.registry }}/{{ .Values.server.image.repository }}:{{ .Values.server.image.tag }}"
imagePullPolicy: "{{ .Values.server.image.pullPolicy }}"
{{- if .Values.server.env }}
env:

12
charts/trilio/k8s-triliovault-operator/charts/observability/charts/monitoring/charts/prometheus/values.yaml
View File

@ -47,7 +47,8 @@ alertmanager:
## alertmanager container image
##
image:
repository: quay.io/prometheus/alertmanager
registry: quay.io
repository: prometheus/alertmanager
tag: v0.23.0
pullPolicy: IfNotPresent
@ -389,6 +390,7 @@ configmapReload:
## configmap-reload container image
##
image:
registry: docker.io
repository: jimmidyson/configmap-reload
tag: v0.5.0
pullPolicy: IfNotPresent
@ -435,6 +437,7 @@ configmapReload:
## configmap-reload container image
##
image:
registry: docker.io
repository: jimmidyson/configmap-reload
tag: v0.5.0
pullPolicy: IfNotPresent
@ -504,7 +507,8 @@ nodeExporter:
## node-exporter container image
##
image:
repository: quay.io/prometheus/node-exporter
registry: quay.io
repository: prometheus/node-exporter
tag: v1.3.0
pullPolicy: IfNotPresent
@ -681,7 +685,8 @@ server:
## Prometheus server container image
##
image:
repository: quay.io/prometheus/prometheus
registry: quay.io
repository: prometheus/prometheus
tag: v2.34.0
pullPolicy: IfNotPresent
@ -1155,6 +1160,7 @@ pushgateway:
## pushgateway container image
##
image:
registry: docker.io
repository: prom/pushgateway
tag: v1.4.2
pullPolicy: IfNotPresent

32
charts/trilio/k8s-triliovault-operator/charts/observability/charts/visualization/charts/grafana/templates/_pod.tpl
View File

@ -22,9 +22,9 @@ initContainers:
{{- if ( and .Values.persistence.enabled .Values.initChownData.enabled ) }}
- name: init-chown-data
{{- if .Values.initChownData.image.sha }}
image: "{{ .Values.initChownData.image.repository }}:{{ .Values.initChownData.image.tag }}@sha256:{{ .Values.initChownData.image.sha }}"
image: "{{ .Values.initChownData.image.registry }}/{{ .Values.initChownData.image.repository }}:{{ .Values.initChownData.image.tag }}@sha256:{{ .Values.initChownData.image.sha }}"
{{- else }}
image: "{{ .Values.initChownData.image.repository }}:{{ .Values.initChownData.image.tag }}"
image: "{{ .Values.initChownData.image.registry }}/{{ .Values.initChownData.image.repository }}:{{ .Values.initChownData.image.tag }}"
{{- end }}
imagePullPolicy: {{ .Values.initChownData.image.pullPolicy }}
securityContext:
@ -43,9 +43,9 @@ initContainers:
{{- if .Values.dashboards }}
- name: download-dashboards
{{- if .Values.downloadDashboardsImage.sha }}
image: "{{ .Values.downloadDashboardsImage.repository }}:{{ .Values.downloadDashboardsImage.tag }}@sha256:{{ .Values.downloadDashboardsImage.sha }}"
image: "{{ .Values.downloadDashboardsImage.registry }}/{{ .Values.downloadDashboardsImage.repository }}:{{ .Values.downloadDashboardsImage.tag }}@sha256:{{ .Values.downloadDashboardsImage.sha }}"
{{- else }}
image: "{{ .Values.downloadDashboardsImage.repository }}:{{ .Values.downloadDashboardsImage.tag }}"
image: "{{ .Values.downloadDashboardsImage.registry }}/{{ .Values.downloadDashboardsImage.repository }}:{{ .Values.downloadDashboardsImage.tag }}"
{{- end }}
imagePullPolicy: {{ .Values.downloadDashboardsImage.pullPolicy }}
command: ["/bin/sh"]
@ -80,9 +80,9 @@ initContainers:
{{- if and .Values.sidecar.datasources.enabled .Values.sidecar.datasources.initDatasources }}
- name: {{ template "grafana.name" . }}-init-sc-datasources
{{- if .Values.sidecar.image.sha }}
image: "{{ .Values.sidecar.image.repository }}:{{ .Values.sidecar.image.tag }}@sha256:{{ .Values.sidecar.image.sha }}"
image: "{{ .Values.sidecar.image.registry }}/{{ .Values.sidecar.image.repository }}:{{ .Values.sidecar.image.tag }}@sha256:{{ .Values.sidecar.image.sha }}"
{{- else }}
image: "{{ .Values.sidecar.image.repository }}:{{ .Values.sidecar.image.tag }}"
image: "{{ .Values.sidecar.image.registry }}/{{ .Values.sidecar.image.repository }}:{{ .Values.sidecar.image.tag }}"
{{- end }}
imagePullPolicy: {{ .Values.sidecar.imagePullPolicy }}
env:
@ -123,9 +123,9 @@ initContainers:
{{- if .Values.sidecar.notifiers.enabled }}
- name: {{ template "grafana.name" . }}-sc-notifiers
{{- if .Values.sidecar.image.sha }}
image: "{{ .Values.sidecar.image.repository }}:{{ .Values.sidecar.image.tag }}@sha256:{{ .Values.sidecar.image.sha }}"
image: "{{ .Values.sidecar.image.registry }}/{{ .Values.sidecar.image.repository }}:{{ .Values.sidecar.image.tag }}@sha256:{{ .Values.sidecar.image.sha }}"
{{- else }}
image: "{{ .Values.sidecar.image.repository }}:{{ .Values.sidecar.image.tag }}"
image: "{{ .Values.sidecar.image.registry }}/{{ .Values.sidecar.image.repository }}:{{ .Values.sidecar.image.tag }}"
{{- end }}
imagePullPolicy: {{ .Values.sidecar.imagePullPolicy }}
env:
@ -184,9 +184,9 @@ containers:
{{- if .Values.sidecar.dashboards.enabled }}
- name: {{ template "grafana.name" . }}-sc-dashboard
{{- if .Values.sidecar.image.sha }}
image: "{{ .Values.sidecar.image.repository }}:{{ .Values.sidecar.image.tag }}@sha256:{{ .Values.sidecar.image.sha }}"
image: "{{ .Values.sidecar.image.registry }}{{ .Values.sidecar.image.repository }}:{{ .Values.sidecar.image.tag }}@sha256:{{ .Values.sidecar.image.sha }}"
{{- else }}
image: "{{ .Values.sidecar.image.repository }}:{{ .Values.sidecar.image.tag }}"
image: "{{ .Values.sidecar.image.registry }}/{{ .Values.sidecar.image.repository }}:{{ .Values.sidecar.image.tag }}"
{{- end }}
imagePullPolicy: {{ .Values.sidecar.imagePullPolicy }}
env:
@ -254,9 +254,9 @@ containers:
{{- if .Values.sidecar.datasources.enabled }}
- name: {{ template "grafana.name" . }}-sc-datasources
{{- if .Values.sidecar.image.sha }}
image: "{{ .Values.sidecar.image.repository }}:{{ .Values.sidecar.image.tag }}@sha256:{{ .Values.sidecar.image.sha }}"
image: "{{ .Values.sidecar.image.registry }}/{{ .Values.sidecar.image.repository }}:{{ .Values.sidecar.image.tag }}@sha256:{{ .Values.sidecar.image.sha }}"
{{- else }}
image: "{{ .Values.sidecar.image.repository }}:{{ .Values.sidecar.image.tag }}"
image: "{{ .Values.sidecar.image.registry }}/{{ .Values.sidecar.image.repository }}:{{ .Values.sidecar.image.tag }}"
{{- end }}
imagePullPolicy: {{ .Values.sidecar.imagePullPolicy }}
env:
@ -325,9 +325,9 @@ containers:
{{- if .Values.sidecar.plugins.enabled }}
- name: {{ template "grafana.name" . }}-sc-plugins
{{- if .Values.sidecar.image.sha }}
image: "{{ .Values.sidecar.image.repository }}:{{ .Values.sidecar.image.tag }}@sha256:{{ .Values.sidecar.image.sha }}"
image: "{{ .Values.sidecar.image.registry }}/{{ .Values.sidecar.image.repository }}:{{ .Values.sidecar.image.tag }}@sha256:{{ .Values.sidecar.image.sha }}"
{{- else }}
image: "{{ .Values.sidecar.image.repository }}:{{ .Values.sidecar.image.tag }}"
image: "{{ .Values.sidecar.image.registry }}/{{ .Values.sidecar.image.repository }}:{{ .Values.sidecar.image.tag }}"
{{- end }}
imagePullPolicy: {{ .Values.sidecar.imagePullPolicy }}
env:
@ -395,9 +395,9 @@ containers:
{{- end}}
- name: {{ .Chart.Name }}
{{- if .Values.image.sha }}
image: "{{ .Values.image.repository }}:{{ .Values.image.tag }}@sha256:{{ .Values.image.sha }}"
image: "{{ .Values.image.registry }}/{{ .Values.image.repository }}:{{ .Values.image.tag }}@sha256:{{ .Values.image.sha }}"
{{- else }}
image: "{{ .Values.image.repository }}:{{ .Values.image.tag }}"
image: "{{ .Values.image.registry }}/{{ .Values.image.repository }}:{{ .Values.image.tag }}"
{{- end }}
imagePullPolicy: {{ .Values.image.pullPolicy }}
{{- if .Values.command }}

4
charts/trilio/k8s-triliovault-operator/charts/observability/charts/visualization/charts/grafana/templates/image-renderer-deployment.yaml
View File

@ -64,9 +64,9 @@ spec:
containers:
- name: {{ .Chart.Name }}-image-renderer
{{- if .Values.imageRenderer.image.sha }}
image: "{{ .Values.imageRenderer.image.repository }}:{{ .Values.imageRenderer.image.tag }}@sha256:{{ .Values.imageRenderer.image.sha }}"
image: "{{ .Values.imageRenderer.image.registry }}/{{ .Values.imageRenderer.image.repository }}:{{ .Values.imageRenderer.image.tag }}@sha256:{{ .Values.imageRenderer.image.sha }}"
{{- else }}
image: "{{ .Values.imageRenderer.image.repository }}:{{ .Values.imageRenderer.image.tag }}"
image: "{{ .Values.imageRenderer.image.registry }}/{{ .Values.imageRenderer.image.repository }}:{{ .Values.imageRenderer.image.tag }}"
{{- end }}
imagePullPolicy: {{ .Values.imageRenderer.image.pullPolicy }}
{{- if .Values.imageRenderer.command }}

8
charts/trilio/k8s-triliovault-operator/charts/observability/charts/visualization/charts/grafana/values.yaml
View File

@ -73,6 +73,7 @@ livenessProbe:
# schedulerName: "default-scheduler"
image:
registry: docker.io
repository: grafana/grafana
tag: 8.5.0
sha: ""
@ -88,6 +89,7 @@ image:
testFramework:
enabled: true
registry: docker.io
image: "bats/bats"
tag: "v1.4.1"
imagePullPolicy: IfNotPresent
@ -123,6 +125,7 @@ extraLabels: {}
# priorityClassName:
downloadDashboardsImage:
registry: docker.io
repository: curlimages/curl
tag: 7.73.0
sha: ""
@ -317,6 +320,7 @@ initChownData:
## initChownData container image
##
image:
registry: docker.io
repository: busybox
tag: "1.31.1"
sha: ""
@ -683,7 +687,8 @@ smtp:
## Requires at least Grafana 5 to work and can't be used together with parameters dashboardProviders, datasources and dashboards
sidecar:
image:
repository: quay.io/kiwigrid/k8s-sidecar
registry: quay.io
repository: kiwigrid/k8s-sidecar
tag: 1.15.6
sha: ""
imagePullPolicy: IfNotPresent
@ -825,6 +830,7 @@ imageRenderer:
enabled: false
replicas: 1
image:
registry: docker.io
# image-renderer Image repository
repository: grafana/grafana-image-renderer
# image-renderer Image tag

1
charts/trilio/k8s-triliovault-operator/templates/preflight_job_preinstall_hook.yaml
View File

@ -83,6 +83,7 @@ rules:
- create
- update
- delete
- patch
---
{{- if eq .Values.svcAccountName "" }}

46
charts/trilio/k8s-triliovault-operator/values.yaml
View File

@ -4,14 +4,14 @@ operator-webhook-init:
repository: operator-webhook-init
k8s-triliovault-operator:
repository: k8s-triliovault-operator
tag: "3.0.3"
tag: "3.1.0"
# create image pull secrets and specify the name here.
imagePullSecret: ""
priorityClassName: ""
preflight:
enabled: false
repository: preflight
imageTag: "v1.2.2"
imageTag: "1.3.0"
logLevel: "INFO"
cleanupOnFailure: false
imagePullSecret: ""
@ -99,12 +99,16 @@ observability:
reject_old_samples_max_age: 168h
table_manager:
retention_period: 168h
image:
registry: docker.io
promtail:
enabled: true
fullnameOverride: "promtail"
config:
clients:
- url: http://loki:3100/loki/api/v1/push
image:
registry: docker.io
monitoring:
prometheus:
enabled: true
@ -114,14 +118,31 @@ observability:
fullnameOverride: "prom-server"
persistentVolume:
enabled: false
image:
registry: quay.io
kubeStateMetrics:
enabled: false
image:
registry: k8s.gcr.io
nodeExporter:
enabled: false
image:
registry: quay.io
pushgateway:
enabled: false
image:
registry: docker.io
alertmanager:
enabled: false
image:
registry: quay.io
configmapReload:
prometheus:
image:
registry: docker.io
alertmanager:
image:
registry: docker.io
visualization:
grafana:
enabled: true
@ -129,6 +150,21 @@ observability:
fullnameOverride: "grafana"
service:
type: ClusterIP
image:
registry: docker.io
testFramework:
registry: docker.io
imageRenderer:
image:
registry: docker.io
sidecar:
image:
registry: quay.io
initChownData:
image:
registry: docker.io
downloadDashboardsImage:
registry: docker.io
# these annotations will be added to all tvk pods
podAnnotations:
sidecar.istio.io/inject: false
@ -138,8 +174,8 @@ podLabels:
linkerd.io/inject: disabled
relatedImages:
tags:
tvk: "3.0.3"
event: "3.0.3"
tvk: "3.1.0"
event: "3.1.0"
control-plane:
image: "control-plane"
metamover:
@ -180,7 +216,7 @@ relatedImages:
image: "control-plane"
dex:
image: "dex"
tag: "2.30.5"
tag: "2.30.6"
minio:
image: "minio"
tag: "20220416"

216
index.yaml
View File

@ -80,6 +80,51 @@ entries:
- assets/datawiza/access-broker-0.1.1.tgz
version: 0.1.1
airflow:
- annotations:
catalog.cattle.io/certified: partner
catalog.cattle.io/display-name: Apache Airflow
catalog.cattle.io/kube-version: '>=1.19-0'
catalog.cattle.io/release-name: airflow
category: WorkFlow
licenses: Apache-2.0
apiVersion: v2
appVersion: 2.6.0
created: "2023-05-04T18:54:20.949755913Z"
dependencies:
- condition: redis.enabled
name: redis
repository: file://./charts/redis
version: 17.x.x
- condition: postgresql.enabled
name: postgresql
repository: file://./charts/postgresql
version: 12.x.x
- name: common
repository: file://./charts/common
tags:
- bitnami-common
version: 2.x.x
description: Apache Airflow is a tool to express and execute workflows as directed
acyclic graphs (DAGs). It includes utilities to schedule tasks, monitor task
progress and handle task dependencies.
digest: 7dae66d3c96d83a4fb203fa0580d72aab885685d9293b28ef8e995a374fdb286
home: https://github.com/bitnami/charts/tree/main/bitnami/airflow
icon: https://svn.apache.org/repos/asf/comdev/project-logos/originals/airflow-1.svg
keywords:
- apache
- airflow
- workflow
- dag
maintainers:
- name: Bitnami
url: https://github.com/bitnami/charts
name: airflow
sources:
- https://github.com/bitnami/containers/tree/main/bitnami/airflow
- https://airflow.apache.org/
urls:
- assets/bitnami/airflow-14.1.2.tgz
version: 14.1.2
- annotations:
catalog.cattle.io/certified: partner
catalog.cattle.io/display-name: Apache Airflow
@ -8567,6 +8612,32 @@ entries:
urls:
- assets/crate/crate-operator-2.16.0.tgz
version: 2.16.0
csi-isilon:
- annotations:
catalog.cattle.io/certified: partner
catalog.cattle.io/display-name: Dell CSI PowerScale
catalog.cattle.io/kube-version: '>= 1.21.0 < 1.27.0'
catalog.cattle.io/release-name: isilon
apiVersion: v1
appVersion: 2.6.1
created: "2023-05-04T18:54:22.713983751Z"
description: 'PowerScale CSI (Container Storage Interface) driver Kubernetes integration.
This chart includes everything required to provision via CSI as well as an Isilon
StorageClass. '
digest: 41c8cc25efb9f337884c1858f2b500ccdbaf4256706b0b4a12f733e11d4f7b92
icon: https://partner-charts.rancher.io/assets/logos/dell.png
keywords:
- csi
- storage
kubeVersion: '>= 1.21.0 < 1.27.0'
maintainers:
- name: DellEMC
name: csi-isilon
sources:
- https://github.com/dell/csi-isilon
urls:
- assets/dell/csi-isilon-2.6.1.tgz
version: 2.6.1
csi-powermax:
- annotations:
catalog.cattle.io/certified: partner
@ -17065,6 +17136,34 @@ entries:
- assets/jenkins/jenkins-4.2.9.tgz
version: 4.2.9
k8s-triliovault-operator:
- annotations:
catalog.cattle.io/certified: partner
catalog.cattle.io/display-name: TrilioVault for Kubernetes Operator
catalog.cattle.io/kube-version: '>=1.19.0-0'
catalog.cattle.io/release-name: k8s-triliovault-operator
apiVersion: v2
appVersion: 3.1.0
created: "2023-05-04T18:54:26.734901703Z"
dependencies:
- condition: observability.enabled
name: observability
repository: file://./charts/observability
version: ^0.1.0
description: K8s-TrilioVault-Operator is an operator designed to manage the K8s-TrilioVault
Application Lifecycle.
digest: 77a82caa89dad9ea2e19a92d1d89cff8d8ed48099674ebd154e634e059264ead
home: https://github.com/trilioData/k8s-triliovault-operator
icon: https://www.trilio.io/wp-content/uploads/2021/01/Trilio-2020-logo-RGB-gray-green.png
kubeVersion: '>=1.19.0-0'
maintainers:
- email: prafull.ladha@trilio.io
name: prafull11
name: k8s-triliovault-operator
sources:
- https://github.com/trilioData/k8s-triliovault-operator
urls:
- assets/trilio/k8s-triliovault-operator-3.1.0.tgz
version: 3.1.0
- annotations:
catalog.cattle.io/certified: partner
catalog.cattle.io/display-name: TrilioVault for Kubernetes Operator
@ -18439,6 +18538,48 @@ entries:
- assets/kasten/k10-4.5.900.tgz
version: 4.5.900
kafka:
- annotations:
catalog.cattle.io/certified: partner
catalog.cattle.io/display-name: Apache Kafka
catalog.cattle.io/kube-version: '>=1.19-0'
catalog.cattle.io/release-name: kafka
category: Infrastructure
licenses: Apache-2.0
apiVersion: v2
appVersion: 3.4.0
created: "2023-05-04T18:54:21.2103903Z"
dependencies:
- condition: zookeeper.enabled
name: zookeeper
repository: file://./charts/zookeeper
version: 11.x.x
- name: common
repository: file://./charts/common
tags:
- bitnami-common
version: 2.x.x
description: Apache Kafka is a distributed streaming platform designed to build
real-time pipelines and can be used as a message broker or as a replacement
for a log aggregation solution for big data applications.
digest: b48c7de40e0ce229a03ab6458e8deedf1af290d34771868fc17cc83cd24767db
home: https://github.com/bitnami/charts/tree/main/bitnami/kafka
icon: https://svn.apache.org/repos/asf/comdev/project-logos/originals/kafka.svg
keywords:
- kafka
- zookeeper
- streaming
- producer
- consumer
maintainers:
- name: Bitnami
url: https://github.com/bitnami/charts
name: kafka
sources:
- https://github.com/bitnami/containers/tree/main/bitnami/kafka
- https://kafka.apache.org/
urls:
- assets/bitnami/kafka-22.0.2.tgz
version: 22.0.2
- annotations:
catalog.cattle.io/certified: partner
catalog.cattle.io/display-name: Apache Kafka
@ -19735,6 +19876,33 @@ entries:
- assets/elastic/kibana-7.17.3.tgz
version: 7.17.3
kong:
- annotations:
catalog.cattle.io/certified: partner
catalog.cattle.io/display-name: Kong Gateway
catalog.cattle.io/release-name: kong
apiVersion: v2
appVersion: "3.2"
created: "2023-05-04T18:54:25.183578294Z"
dependencies:
- condition: postgresql.enabled
name: postgresql
repository: file://./charts/postgresql
version: 11.9.13
description: The Cloud-Native Ingress and API-management
digest: 8d4c4e975728bf44935f231b15b3f99755161337d98e453be0ea5c66be1f92ed
home: https://konghq.com/
icon: https://s3.amazonaws.com/downloads.kong/universe/assets/icon-kong-inc-large.png
maintainers:
- email: harry@konghq.com
name: hbagdi
- email: traines@konghq.com
name: rainest
name: kong
sources:
- https://github.com/Kong/charts/tree/main/charts/kong
urls:
- assets/kong/kong-2.20.1.tgz
version: 2.20.1
- annotations:
catalog.cattle.io/certified: partner
catalog.cattle.io/display-name: Kong Gateway
@ -27067,6 +27235,28 @@ entries:
- assets/bitnami/postgresql-11.9.12.tgz
version: 11.9.12
psmdb-db:
- annotations:
catalog.cattle.io/certified: partner
catalog.cattle.io/display-name: Percona Server for MongoDB
catalog.cattle.io/kube-version: '>=1.21-0'
catalog.cattle.io/release-name: psmdb-db
apiVersion: v2
appVersion: 1.14.0
created: "2023-05-04T18:54:25.862166465Z"
description: A Helm chart for installing Percona Server MongoDB Cluster Databases
using the PSMDB Operator.
digest: b56d4352b53beeb8ad8b98464375caf2b2059a9e3dad0f97d79cad2bef68ab95
home: https://www.percona.com/doc/kubernetes-operator-for-psmongodb/index.html
icon: https://raw.githubusercontent.com/percona/percona-server-mongodb-operator/main/operator.png
maintainers:
- email: ivan.pylypenko@percona.com
name: cap1984
- email: tomislav.plavcic@percona.com
name: tplavcic
name: psmdb-db
urls:
- assets/percona/psmdb-db-1.14.3.tgz
version: 1.14.3
- annotations:
catalog.cattle.io/certified: partner
catalog.cattle.io/display-name: Percona Server for MongoDB
@ -27294,6 +27484,32 @@ entries:
- assets/percona/psmdb-operator-1.13.1.tgz
version: 1.13.1
pxc-db:
- annotations:
catalog.cattle.io/certified: partner
catalog.cattle.io/display-name: Percona XtraDB Cluster
catalog.cattle.io/kube-version: '>=1.21-0'
catalog.cattle.io/release-name: pxc-db
apiVersion: v2
appVersion: 1.12.0
created: "2023-05-04T18:54:25.886662739Z"
description: A Helm chart for installing Percona XtraDB Cluster Databases using
the PXC Operator.
digest: 16f879eb01d4608e287a26d50b1912d93f5cb35d40e8e2ffe8d4e8696cb390d1
home: https://www.percona.com/doc/kubernetes-operator-for-pxc/kubernetes.html
icon: https://raw.githubusercontent.com/percona/percona-xtradb-cluster-operator/main/operator.png
maintainers:
- email: ivan.pylypenko@percona.com
name: cap1984
- email: tomislav.plavcic@percona.com
name: tplavcic
- email: sergey.pronin@percona.com
name: spron-in
- email: natalia.marukovich@percona.com
name: nmarukovich
name: pxc-db
urls:
- assets/percona/pxc-db-1.12.2.tgz
version: 1.12.2
- annotations:
catalog.cattle.io/certified: partner
catalog.cattle.io/display-name: Percona XtraDB Cluster