andata
/
rancher-partner-charts
mirror of https://git.rancher.io/partner-charts
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

Added chart versions: 

codefresh/cf-runtime:
    - 6.3.61
  confluent/confluent-for-kubernetes:
    - 0.1033.33
  speedscale/speedscale-operator:
    - 2.2.419
pull/1061/head
github-actions[bot] 2024-09-17 00:44:27 +00:00
parent 9d5ca053c3
commit fe1384a5a2
126 changed files with 66390 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

BIN
assets/codefresh/cf-runtime-6.3.61.tgz Normal file
View File

Binary file not shown.

BIN
assets/confluent/confluent-for-kubernetes-0.1033.33.tgz Normal file
View File

Binary file not shown.

BIN
assets/speedscale/speedscale-operator-2.2.419.tgz Normal file
View File

Binary file not shown.

3
charts/codefresh/cf-runtime/6.3.61/.helmignore Normal file
View File

@ -0,0 +1,3 @@
tests/
.ci/
test-values/

28
charts/codefresh/cf-runtime/6.3.61/Chart.yaml Normal file
View File

@ -0,0 +1,28 @@
annotations:
artifacthub.io/changes: |
- kind: fixed
description: "engine image upgraded to v1.174.12 with fix to codefresh run --local command"
artifacthub.io/containsSecurityUpdates: "false"
catalog.cattle.io/certified: partner
catalog.cattle.io/display-name: Codefresh
catalog.cattle.io/kube-version: '>=1.18-0'
catalog.cattle.io/release-name: cf-runtime
apiVersion: v2
dependencies:
- name: cf-common
repository: file://./charts/cf-common
version: 0.16.0
description: A Helm chart for Codefresh Runner
home: https://codefresh.io/
icon: file://assets/icons/cf-runtime.png
keywords:
- codefresh
- runner
kubeVersion: '>=1.18-0'
maintainers:
- name: codefresh
url: https://codefresh-io.github.io/
name: cf-runtime
sources:
- https://github.com/codefresh-io/venona
version: 6.3.61

1228
charts/codefresh/cf-runtime/6.3.61/README.md Normal file
View File

File diff suppressed because it is too large Load Diff

1007
charts/codefresh/cf-runtime/6.3.61/README.md.gotmpl Normal file
View File

File diff suppressed because it is too large Load Diff

37
charts/codefresh/cf-runtime/6.3.61/files/cleanup-runtime.sh Normal file
View File

@ -0,0 +1,37 @@
#!/bin/bash
echo "-----"
echo "API_HOST: ${API_HOST}"
echo "AGENT_NAME: ${AGENT_NAME}"
echo "RUNTIME_NAME: ${RUNTIME_NAME}"
echo "AGENT: ${AGENT}"
echo "AGENT_SECRET_NAME: ${AGENT_SECRET_NAME}"
echo "DIND_SECRET_NAME: ${DIND_SECRET_NAME}"
echo "-----"
auth() {
codefresh auth create-context --api-key ${API_TOKEN} --url ${API_HOST}
}
remove_runtime() {
if [ "$AGENT" == "true" ]; then
codefresh delete re ${RUNTIME_NAME} || true
else
codefresh delete sys-re ${RUNTIME_NAME} || true
fi
}
remove_agent() {
codefresh delete agent ${AGENT_NAME} || true
}
remove_secrets() {
kubectl patch secret $(kubectl get secret -l codefresh.io/internal=true | awk 'NR>1{print $1}' | xargs) -p '{"metadata":{"finalizers":null}}' --type=merge || true
kubectl delete secret $AGENT_SECRET_NAME || true
kubectl delete secret $DIND_SECRET_NAME || true
}
auth
remove_runtime
remove_agent
remove_secrets

132
charts/codefresh/cf-runtime/6.3.61/files/configure-dind-certs.sh Normal file
View File

@ -0,0 +1,132 @@
#!/usr/bin/env bash
#
#---
fatal() {
echo "ERROR: $1"
exit 1
}
msg() { echo -e "\e[32mINFO ---> $1\e[0m"; }
err() { echo -e "\e[31mERR ---> $1\e[0m" ; return 1; }
exit_trap () {
local lc="$BASH_COMMAND" rc=$?
if [ $rc != 0 ]; then
if [[ -n "$SLEEP_ON_ERROR" ]]; then
echo -e "\nSLEEP_ON_ERROR is set - Sleeping to fix error"
sleep $SLEEP_ON_ERROR
fi
fi
}
trap exit_trap EXIT
usage() {
echo "Usage:
$0 [-n | --namespace] [--server-cert-cn] [--server-cert-extra-sans] codefresh-api-host codefresh-api-token
Example:
$0 -n workflow https://g.codefresh.io 21341234.423141234.412431234
"
}
# Args
while [[ $1 =~ ^(-(n|h)|--(namespace|server-cert-cn|server-cert-extra-sans|help)) ]]
do
key=$1
value=$2
case $key in
-h|--help)
usage
exit
;;
-n|--namespace)
NAMESPACE="$value"
shift
;;
--server-cert-cn)
SERVER_CERT_CN="$value"
shift
;;
--server-cert-extra-sans)
SERVER_CERT_EXTRA_SANS="$value"
shift
;;
esac
shift # past argument or value
done
API_HOST=${1:-"$CF_API_HOST"}
API_TOKEN=${2:-"$CF_API_TOKEN"}
[[ -z "$API_HOST" ]] && usage && fatal "Missing API_HOST"
[[ -z "$API_TOKEN" ]] && usage && fatal "Missing token"
API_SIGN_PATH=${API_SIGN_PATH:-"api/custom_clusters/signServerCerts"}
NAMESPACE=${NAMESPACE:-default}
RELEASE=${RELEASE:-cf-runtime}
DIR=$(dirname $0)
TMPDIR=/tmp/codefresh/
TMP_CERTS_FILE_ZIP=$TMPDIR/cf-certs.zip
TMP_CERTS_HEADERS_FILE=$TMPDIR/cf-certs-response-headers.txt
CERTS_DIR=$TMPDIR/ssl
SRV_TLS_CA_CERT=${CERTS_DIR}/ca.pem
SRV_TLS_KEY=${CERTS_DIR}/server-key.pem
SRV_TLS_CSR=${CERTS_DIR}/server-cert.csr
SRV_TLS_CERT=${CERTS_DIR}/server-cert.pem
CF_SRV_TLS_CERT=${CERTS_DIR}/cf-server-cert.pem
CF_SRV_TLS_CA_CERT=${CERTS_DIR}/cf-ca.pem
mkdir -p $TMPDIR $CERTS_DIR
K8S_CERT_SECRET_NAME=codefresh-certs-server
echo -e "\n------------------\nGenerating server tls certificates ... "
SERVER_CERT_CN=${SERVER_CERT_CN:-"docker.codefresh.io"}
SERVER_CERT_EXTRA_SANS="${SERVER_CERT_EXTRA_SANS}"
###
openssl genrsa -out $SRV_TLS_KEY 4096 || fatal "Failed to generate openssl key "
openssl req -subj "/CN=${SERVER_CERT_CN}" -new -key $SRV_TLS_KEY -out $SRV_TLS_CSR || fatal "Failed to generate openssl csr "
GENERATE_CERTS=true
CSR=$(sed ':a;N;$!ba;s/\n/\\n/g' ${SRV_TLS_CSR})
SERVER_CERT_SANS="IP:127.0.0.1,DNS:dind,DNS:*.dind.${NAMESPACE},DNS:*.dind.${NAMESPACE}.svc${KUBE_DOMAIN},DNS:*.cf-cd.com,DNS:*.codefresh.io"
if [[ -n "${SERVER_CERT_EXTRA_SANS}" ]]; then
SERVER_CERT_SANS=${SERVER_CERT_SANS},${SERVER_CERT_EXTRA_SANS}
fi
echo "{\"reqSubjectAltName\": \"${SERVER_CERT_SANS}\", \"csr\": \"${CSR}\" }" > ${TMPDIR}/sign_req.json
rm -fv ${TMP_CERTS_HEADERS_FILE} ${TMP_CERTS_FILE_ZIP}
SIGN_STATUS=$(curl -k -sSL -d @${TMPDIR}/sign_req.json -H "Content-Type: application/json" -H "Authorization: ${API_TOKEN}" -H "Expect: " \
-o ${TMP_CERTS_FILE_ZIP} -D ${TMP_CERTS_HEADERS_FILE} -w '%{http_code}' ${API_HOST}/${API_SIGN_PATH} )
echo "Sign request completed with HTTP_STATUS_CODE=$SIGN_STATUS"
if [[ $SIGN_STATUS != 200 ]]; then
echo "ERROR: Cannot sign certificates"
if [[ -f ${TMP_CERTS_FILE_ZIP} ]]; then
mv ${TMP_CERTS_FILE_ZIP} ${TMP_CERTS_FILE_ZIP}.error
cat ${TMP_CERTS_FILE_ZIP}.error
fi
exit 1
fi
unzip -o -d ${CERTS_DIR}/ ${TMP_CERTS_FILE_ZIP} || fatal "Failed to unzip certificates to ${CERTS_DIR} "
cp -v ${CF_SRV_TLS_CA_CERT} $SRV_TLS_CA_CERT || fatal "received ${TMP_CERTS_FILE_ZIP} does not contains ca.pem"
cp -v ${CF_SRV_TLS_CERT} $SRV_TLS_CERT || fatal "received ${TMP_CERTS_FILE_ZIP} does not contains cf-server-cert.pem"
echo -e "\n------------------\nCreating certificate secret "
kubectl -n $NAMESPACE create secret generic $K8S_CERT_SECRET_NAME \
--from-file=$SRV_TLS_CA_CERT \
--from-file=$SRV_TLS_KEY \
--from-file=$SRV_TLS_CERT \
--dry-run=client -o yaml | kubectl apply --overwrite -f -
kubectl -n $NAMESPACE label --overwrite secret ${K8S_CERT_SECRET_NAME} codefresh.io/internal=true
kubectl -n $NAMESPACE patch secret $K8S_CERT_SECRET_NAME -p '{"metadata": {"finalizers": ["kubernetes"]}}'

80
charts/codefresh/cf-runtime/6.3.61/files/init-runtime.sh Normal file
View File

@ -0,0 +1,80 @@
#!/bin/bash
echo "-----"
echo "API_HOST: ${API_HOST}"
echo "AGENT_NAME: ${AGENT_NAME}"
echo "KUBE_CONTEXT: ${KUBE_CONTEXT}"
echo "KUBE_NAMESPACE: ${KUBE_NAMESPACE}"
echo "OWNER_NAME: ${OWNER_NAME}"
echo "RUNTIME_NAME: ${RUNTIME_NAME}"
echo "SECRET_NAME: ${SECRET_NAME}"
echo "-----"
create_agent_secret() {
kubectl apply -f - <<EOF
apiVersion: v1
kind: Secret
type: Opaque
metadata:
name: ${SECRET_NAME}
namespace: ${KUBE_NAMESPACE}
labels:
codefresh.io/internal: "true"
finalizers:
- kubernetes
ownerReferences:
- apiVersion: apps/v1
kind: Deploy
name: ${OWNER_NAME}
uid: ${OWNER_UID}
stringData:
agent-codefresh-token: ${1}
EOF
}
OWNER_UID=$(kubectl get deploy ${OWNER_NAME} --namespace ${KUBE_NAMESPACE} -o jsonpath='{.metadata.uid}')
echo "got owner uid: ${OWNER_UID}"
if [ ! -z "${AGENT_CODEFRESH_TOKEN}" ]; then
echo "-----"
echo "runtime and agent are already initialized"
echo "-----"
exit 0
fi
if [ ! -z "${EXISTING_AGENT_CODEFRESH_TOKEN}" ]; then
echo "using existing agentToken value"
create_agent_secret $EXISTING_AGENT_CODEFRESH_TOKEN
exit 0
fi
if [ -z "${USER_CODEFRESH_TOKEN}" ]; then
echo "-----"
echo "missing codefresh user token. must supply \".global.codefreshToken\" if agent-codefresh-token does not exist"
echo "-----"
exit 1
fi
codefresh auth create-context --api-key ${USER_CODEFRESH_TOKEN} --url ${API_HOST}
# AGENT_TOKEN might be empty, in which case it will be returned by the call
RES=$(codefresh install agent \
--name ${AGENT_NAME} \
--kube-context-name ${KUBE_CONTEXT} \
--kube-namespace ${KUBE_NAMESPACE} \
--agent-kube-namespace ${KUBE_NAMESPACE} \
--install-runtime \
--runtime-name ${RUNTIME_NAME} \
--skip-cluster-creation \
--platform-only)
AGENT_CODEFRESH_TOKEN=$(echo "${RES}" | tail -n 1)
echo "generated agent + runtime in platform"
create_agent_secret $AGENT_CODEFRESH_TOKEN
echo "-----"
echo "done initializing runtime and agent"
echo "-----"

38
charts/codefresh/cf-runtime/6.3.61/files/reconcile-runtime.sh Normal file
View File

@ -0,0 +1,38 @@
#!/bin/bash
echo "-----"
echo "API_HOST: ${API_HOST}"
echo "KUBE_CONTEXT: ${KUBE_CONTEXT}"
echo "KUBE_NAMESPACE: ${KUBE_NAMESPACE}"
echo "OWNER_NAME: ${OWNER_NAME}"
echo "RUNTIME_NAME: ${RUNTIME_NAME}"
echo "CONFIGMAP_NAME: ${CONFIGMAP_NAME}"
echo "RECONCILE_INTERVAL: ${RECONCILE_INTERVAL}"
echo "-----"
msg() { echo -e "\e[32mINFO ---> $1\e[0m"; }
err() { echo -e "\e[31mERR ---> $1\e[0m" ; return 1; }
if [ -z "${USER_CODEFRESH_TOKEN}" ]; then
err "missing codefresh user token. must supply \".global.codefreshToken\" if agent-codefresh-token does not exist"
exit 1
fi
codefresh auth create-context --api-key ${USER_CODEFRESH_TOKEN} --url ${API_HOST}
while true; do
msg "Reconciling ${RUNTIME_NAME} runtime"
sleep $RECONCILE_INTERVAL
codefresh get re \
--name ${RUNTIME_NAME} \
-o yaml \
| yq 'del(.version, .metadata.changedBy, .metadata.creationTime)' > /tmp/runtime.yaml
kubectl get cm ${CONFIGMAP_NAME} -n ${KUBE_NAMESPACE} -o yaml \
| yq 'del(.metadata.resourceVersion, .metadata.uid)' \
| yq eval '.data["runtime.yaml"] = load_str("/tmp/runtime.yaml")' \
| kubectl apply -f -
done

70
charts/codefresh/cf-runtime/6.3.61/templates/_components/app-proxy/_deployment.yaml Normal file
View File

@ -0,0 +1,70 @@
{{- define "app-proxy.resources.deployment" -}}
{{ $cfCommonTplSemver := printf "cf-common-%s" (index .Subcharts "cf-common").Chart.Version }}
apiVersion: apps/v1
kind: Deployment
metadata:
name: {{ include "app-proxy.fullname" . }}
labels:
{{- include "app-proxy.labels" . | nindent 4 }}
spec:
replicas: {{ .Values.replicasCount }}
strategy:
type: {{ .Values.updateStrategy.type }}
selector:
matchLabels:
{{- include "app-proxy.selectorLabels" . | nindent 6 }}
template:
metadata:
labels:
{{- include "app-proxy.selectorLabels" . | nindent 8 }}
{{- with .Values.podAnnotations }}
annotations:
{{- toYaml . | nindent 8 }}
{{- end }}
spec:
{{- include (printf "%s.image.pullSecrets" $cfCommonTplSemver ) . | nindent 8 }}
serviceAccountName: {{ include "app-proxy.serviceAccountName" . }}
{{- if .Values.podSecurityContext.enabled }}
securityContext: {{- omit .Values.podSecurityContext "enabled" | toYaml | nindent 8 }}
{{- end }}
containers:
- name: app-proxy
image: {{ include (printf "%s.image.name" $cfCommonTplSemver ) (dict "image" .Values.image "context" .) }}
imagePullPolicy: {{ .Values.image.pullPolicy | default "Always" }}
env:
{{- include "app-proxy.environment-variables" . | nindent 8 }}
ports:
- name: http
containerPort: 3000
readinessProbe:
initialDelaySeconds: {{ .Values.readinessProbe.initialDelaySeconds }}
periodSeconds: {{ .Values.readinessProbe.periodSeconds }}
timeoutSeconds: {{ .Values.readinessProbe.timeoutSeconds }}
successThreshold: {{ .Values.readinessProbe.successThreshold }}
failureThreshold: {{ .Values.readinessProbe.failureThreshold }}
httpGet:
path: /health
port: http
resources:
{{- toYaml .Values.resources | nindent 12 }}
volumeMounts:
{{- with .Values.extraVolumeMounts }}
{{- toYaml . | nindent 8 }}
{{- end }}
{{- with .Values.nodeSelector }}
nodeSelector:
{{- toYaml . | nindent 8 }}
{{- end }}
{{- with .Values.affinity }}
affinity:
{{- toYaml . | nindent 8 }}
{{- end }}
{{- with .Values.tolerations }}
tolerations:
{{- toYaml . | nindent 6 }}
{{- end }}
volumes:
{{- with .Values.extraVolumes }}
{{- toYaml . | nindent 6 }}
{{- end }}
{{- end -}}

19
charts/codefresh/cf-runtime/6.3.61/templates/_components/app-proxy/_env-vars.yaml Normal file
View File

@ -0,0 +1,19 @@
{{- define "app-proxy.environment-variables.defaults" }}
PORT: 3000
{{- end }}
{{- define "app-proxy.environment-variables.calculated" }}
CODEFRESH_HOST: {{ include "runtime.runtime-environment-spec.codefresh-host" . }}
{{- with .Values.ingress.pathPrefix }}
API_PATH_PREFIX: {{ . | quote }}
{{- end }}
{{- end }}
{{- define "app-proxy.environment-variables" }}
{{- $cfCommonTplSemver := printf "cf-common-%s" (index .Subcharts "cf-common").Chart.Version }}
{{- $defaults := (include "app-proxy.environment-variables.defaults" . | fromYaml) }}
{{- $calculated := (include "app-proxy.environment-variables.calculated" . | fromYaml) }}
{{- $overrides := .Values.env }}
{{- $mergedValues := mergeOverwrite (merge $defaults $calculated) $overrides }}
{{- include (printf "%s.env-vars" $cfCommonTplSemver) (dict "Values" $mergedValues "context" .) }}
{{- end }}

43
charts/codefresh/cf-runtime/6.3.61/templates/_components/app-proxy/_helpers.tpl Normal file
View File

@ -0,0 +1,43 @@
{{/*
Expand the name of the chart.
*/}}
{{- define "app-proxy.name" -}}
{{- printf "%s-%s" (include "cf-runtime.name" .) "app-proxy" | trunc 63 | trimSuffix "-" }}
{{- end }}
{{/*
Create a default fully qualified app name.
We truncate at 63 chars because some Kubernetes name fields are limited to this (by the DNS naming spec).
If release name contains chart name it will be used as a full name.
*/}}
{{- define "app-proxy.fullname" -}}
{{- printf "%s-%s" (include "cf-runtime.fullname" .) "app-proxy" | trunc 63 | trimSuffix "-" }}
{{- end }}
{{/*
Common labels
*/}}
{{- define "app-proxy.labels" -}}
{{ include "cf-runtime.labels" . }}
codefresh.io/application: app-proxy
{{- end }}
{{/*
Selector labels
*/}}
{{- define "app-proxy.selectorLabels" -}}
{{ include "cf-runtime.selectorLabels" . }}
codefresh.io/application: app-proxy
{{- end }}
{{/*
Create the name of the service account to use
*/}}
{{- define "app-proxy.serviceAccountName" -}}
{{- if .Values.serviceAccount.create }}
{{- default (include "app-proxy.fullname" .) .Values.serviceAccount.name }}
{{- else }}
{{- default "default" .Values.serviceAccount.name }}
{{- end }}
{{- end }}

32
charts/codefresh/cf-runtime/6.3.61/templates/_components/app-proxy/_ingress.yaml Normal file
View File

@ -0,0 +1,32 @@
{{- define "app-proxy.resources.ingress" -}}
apiVersion: networking.k8s.io/v1
kind: Ingress
metadata:
name: {{ include "app-proxy.fullname" . }}
labels: {{- include "app-proxy.labels" . | nindent 4 }}
{{- with .Values.ingress.annotations }}
annotations:
{{- toYaml . | nindent 4 }}
{{- end }}
spec:
{{- if and .Values.ingress.class (semverCompare ">=1.18-0" .Capabilities.KubeVersion.GitVersion) }}
ingressClassName: {{ .Values.ingress.class }}
{{- end }}
{{- if .Values.ingress.tlsSecret }}
tls:
- hosts:
- {{ .Values.ingress.host }}
secretName: {{ .Values.tlsSecret }}
{{- end }}
rules:
- host: {{ .Values.ingress.host }}
http:
paths:
- path: {{ .Values.ingress.pathPrefix | default "/" }}
pathType: ImplementationSpecific
backend:
service:
name: {{ include "app-proxy.fullname" . }}
port:
number: 80
{{- end -}}

47
charts/codefresh/cf-runtime/6.3.61/templates/_components/app-proxy/_rbac.yaml Normal file
View File

@ -0,0 +1,47 @@
{{- define "app-proxy.resources.rbac" -}}
{{- if .Values.serviceAccount.create }}
apiVersion: v1
kind: ServiceAccount
metadata:
name: {{ include "app-proxy.serviceAccountName" . }}
labels:
{{- include "app-proxy.labels" . | nindent 4 }}
{{- with .Values.serviceAccount.annotations }}
annotations:
{{- toYaml . | nindent 4 }}
{{- end }}
{{- end }}
---
{{- if .Values.rbac.create }}
kind: {{ .Values.rbac.namespaced | ternary "Role" "ClusterRole" }}
apiVersion: rbac.authorization.k8s.io/v1
metadata:
name: {{ include "app-proxy.fullname" . }}
labels:
{{- include "app-proxy.labels" . | nindent 4 }}
rules:
- apiGroups: [ "" ]
resources: [ "secrets" ]
verbs: [ "get" ]
{{- with .Values.rbac.rules }}
{{ toYaml . | nindent 2 }}
{{- end }}
{{- end }}
---
{{- if and .Values.serviceAccount.create .Values.rbac.create }}
kind: {{ .Values.rbac.namespaced | ternary "RoleBinding" "ClusterRoleBinding" }}
apiVersion: rbac.authorization.k8s.io/v1
metadata:
name: {{ include "app-proxy.fullname" . }}
labels:
{{- include "app-proxy.labels" . | nindent 4 }}
subjects:
- kind: ServiceAccount
name: {{ include "app-proxy.serviceAccountName" . }}
namespace: {{ .Release.Namespace }}
roleRef:
kind: Role
name: {{ include "app-proxy.fullname" . }}
apiGroup: rbac.authorization.k8s.io
{{- end }}
{{- end -}}

17
charts/codefresh/cf-runtime/6.3.61/templates/_components/app-proxy/_service.yaml Normal file
View File

@ -0,0 +1,17 @@
{{- define "app-proxy.resources.service" -}}
apiVersion: v1
kind: Service
metadata:
name: {{ include "app-proxy.fullname" . }}
labels:
{{- include "app-proxy.labels" . | nindent 4 }}
spec:
type: ClusterIP
ports:
- name: http
port: 80
protocol: TCP
targetPort: 3000
selector:
{{- include "app-proxy.selectorLabels" . | nindent 4 }}
{{- end -}}

62
charts/codefresh/cf-runtime/6.3.61/templates/_components/event-exporter/_deployment.yaml Normal file
View File

@ -0,0 +1,62 @@
{{- define "event-exporter.resources.deployment" -}}
{{ $cfCommonTplSemver := printf "cf-common-%s" (index .Subcharts "cf-common").Chart.Version }}
apiVersion: apps/v1
kind: Deployment
metadata:
name: {{ include "event-exporter.fullname" . }}
labels:
{{- include "event-exporter.labels" . | nindent 4 }}
spec:
replicas: {{ .Values.replicasCount }}
strategy:
type: {{ .Values.updateStrategy.type }}
selector:
matchLabels:
{{- include "event-exporter.selectorLabels" . | nindent 6 }}
template:
metadata:
labels:
{{- include "event-exporter.selectorLabels" . | nindent 8 }}
{{- with .Values.podAnnotations }}
annotations:
{{- toYaml . | nindent 8 }}
{{- end }}
spec:
{{- include (printf "%s.image.pullSecrets" $cfCommonTplSemver ) . | nindent 8 }}
serviceAccountName: {{ include "event-exporter.serviceAccountName" . }}
{{- if .Values.podSecurityContext.enabled }}
securityContext: {{- omit .Values.podSecurityContext "enabled" | toYaml | nindent 8 }}
{{- end }}
containers:
- name: event-exporter
image: {{ include (printf "%s.image.name" $cfCommonTplSemver ) (dict "image" .Values.image "context" .) }}
imagePullPolicy: {{ .Values.image.pullPolicy | default "Always" }}
args: [--running-in-cluster=true]
env:
{{- include "event-exporter.environment-variables" . | nindent 8 }}
ports:
- name: metrics
containerPort: 9102
resources:
{{- toYaml .Values.resources | nindent 12 }}
volumeMounts:
{{- with .Values.extraVolumeMounts }}
{{- toYaml . | nindent 8 }}
{{- end }}
{{- with .Values.nodeSelector }}
nodeSelector:
{{- toYaml . | nindent 8 }}
{{- end }}
{{- with .Values.affinity }}
affinity:
{{- toYaml . | nindent 8 }}
{{- end }}
{{- with .Values.tolerations }}
tolerations:
{{- toYaml . | nindent 6 }}
{{- end }}
volumes:
{{- with .Values.extraVolumes }}
{{- toYaml . | nindent 6 }}
{{- end }}
{{- end -}}

14
charts/codefresh/cf-runtime/6.3.61/templates/_components/event-exporter/_env-vars.yaml Normal file
View File

@ -0,0 +1,14 @@
{{- define "event-exporter.environment-variables.defaults" }}
{{- end }}
{{- define "event-exporter.environment-variables.calculated" }}
{{- end }}
{{- define "event-exporter.environment-variables" }}
{{- $cfCommonTplSemver := printf "cf-common-%s" (index .Subcharts "cf-common").Chart.Version }}
{{- $defaults := (include "event-exporter.environment-variables.defaults" . | fromYaml) }}
{{- $calculated := (include "event-exporter.environment-variables.calculated" . | fromYaml) }}
{{- $overrides := .Values.env }}
{{- $mergedValues := mergeOverwrite (merge $defaults $calculated) $overrides }}
{{- include (printf "%s.env-vars" $cfCommonTplSemver) (dict "Values" $mergedValues "context" .) }}
{{- end }}

43
charts/codefresh/cf-runtime/6.3.61/templates/_components/event-exporter/_helpers.tpl Normal file
View File

@ -0,0 +1,43 @@
{{/*
Expand the name of the chart.
*/}}
{{- define "event-exporter.name" -}}
{{- printf "%s-%s" (include "cf-runtime.name" .) "event-exporter" | trunc 63 | trimSuffix "-" }}
{{- end }}
{{/*
Create a default fully qualified app name.
We truncate at 63 chars because some Kubernetes name fields are limited to this (by the DNS naming spec).
If release name contains chart name it will be used as a full name.
*/}}
{{- define "event-exporter.fullname" -}}
{{- printf "%s-%s" (include "cf-runtime.fullname" .) "event-exporter" | trunc 63 | trimSuffix "-" }}
{{- end }}
{{/*
Common labels
*/}}
{{- define "event-exporter.labels" -}}
{{ include "cf-runtime.labels" . }}
app: event-exporter
{{- end }}
{{/*
Selector labels
*/}}
{{- define "event-exporter.selectorLabels" -}}
{{ include "cf-runtime.selectorLabels" . }}
app: event-exporter
{{- end }}
{{/*
Create the name of the service account to use
*/}}
{{- define "event-exporter.serviceAccountName" -}}
{{- if .Values.serviceAccount.create }}
{{- default (include "event-exporter.fullname" .) .Values.serviceAccount.name }}
{{- else }}
{{- default "default" .Values.serviceAccount.name }}
{{- end }}
{{- end }}

47
charts/codefresh/cf-runtime/6.3.61/templates/_components/event-exporter/_rbac.yaml Normal file
View File

@ -0,0 +1,47 @@
{{- define "event-exporter.resources.rbac" -}}
{{- if .Values.serviceAccount.create }}
apiVersion: v1
kind: ServiceAccount
metadata:
name: {{ include "event-exporter.serviceAccountName" . }}
labels:
{{- include "event-exporter.labels" . | nindent 4 }}
{{- with .Values.serviceAccount.annotations }}
annotations:
{{- toYaml . | nindent 4 }}
{{- end }}
{{- end }}
---
{{- if .Values.rbac.create }}
kind: ClusterRole
apiVersion: rbac.authorization.k8s.io/v1
metadata:
name: {{ include "event-exporter.fullname" . }}
labels:
{{- include "event-exporter.labels" . | nindent 4 }}
rules:
- apiGroups: [""]
resources: [events]
verbs: [get, list, watch]
{{- with .Values.rbac.rules }}
{{ toYaml . | nindent 2 }}
{{- end }}
{{- end }}
---
{{- if and .Values.serviceAccount.create .Values.rbac.create }}
kind: ClusterRoleBinding
apiVersion: rbac.authorization.k8s.io/v1
metadata:
name: {{ include "event-exporter.fullname" . }}
labels:
{{- include "event-exporter.labels" . | nindent 4 }}
subjects:
- kind: ServiceAccount
name: {{ include "event-exporter.serviceAccountName" . }}
namespace: {{ .Release.Namespace }}
roleRef:
kind: ClusterRole
name: {{ include "event-exporter.fullname" . }}
apiGroup: rbac.authorization.k8s.io
{{- end }}
{{- end -}}

17
charts/codefresh/cf-runtime/6.3.61/templates/_components/event-exporter/_service.yaml Normal file
View File

@ -0,0 +1,17 @@
{{- define "event-exporter.resources.service" -}}
apiVersion: v1
kind: Service
metadata:
name: {{ include "event-exporter.fullname" . }}
labels:
{{- include "event-exporter.labels" . | nindent 4 }}
spec:
type: ClusterIP
ports:
- name: metrics
port: 9102
targetPort: metrics
protocol: TCP
selector:
{{- include "event-exporter.selectorLabels" . | nindent 4 }}
{{- end -}}

14
charts/codefresh/cf-runtime/6.3.61/templates/_components/event-exporter/_serviceMontor.yaml Normal file
View File

@ -0,0 +1,14 @@
{{- define "event-exporter.resources.serviceMonitor" -}}
apiVersion: monitoring.coreos.com/v1
kind: ServiceMonitor
metadata:
name: {{ include "event-exporter.fullname" . }}
labels:
{{- include "event-exporter.labels" . | nindent 4 }}
spec:
endpoints:
- port: metrics
selector:
matchLabels:
{{- include "event-exporter.selectorLabels" . | nindent 6 }}
{{- end -}}

70
charts/codefresh/cf-runtime/6.3.61/templates/_components/monitor/_deployment.yaml Normal file
View File

@ -0,0 +1,70 @@
{{- define "monitor.resources.deployment" -}}
{{ $cfCommonTplSemver := printf "cf-common-%s" (index .Subcharts "cf-common").Chart.Version }}
apiVersion: apps/v1
kind: Deployment
metadata:
name: {{ include "monitor.fullname" . }}
labels:
{{- include "monitor.labels" . | nindent 4 }}
spec:
replicas: {{ .Values.replicasCount }}
strategy:
type: {{ .Values.updateStrategy.type }}
selector:
matchLabels:
{{- include "monitor.selectorLabels" . | nindent 6 }}
template:
metadata:
labels:
{{- include "monitor.selectorLabels" . | nindent 8 }}
{{- with .Values.podAnnotations }}
annotations:
{{- toYaml . | nindent 8 }}
{{- end }}
spec:
{{- include (printf "%s.image.pullSecrets" $cfCommonTplSemver ) . | nindent 8 }}
serviceAccountName: {{ include "monitor.serviceAccountName" . }}
{{- if .Values.podSecurityContext.enabled }}
securityContext: {{- omit .Values.podSecurityContext "enabled" | toYaml | nindent 8 }}
{{- end }}
containers:
- name: monitor
image: {{ include (printf "%s.image.name" $cfCommonTplSemver ) (dict "image" .Values.image "context" .) }}
imagePullPolicy: {{ .Values.image.pullPolicy | default "Always" }}
env:
{{- include "monitor.environment-variables" . | nindent 8 }}
ports:
- name: http
containerPort: 9020
readinessProbe:
initialDelaySeconds: {{ .Values.readinessProbe.initialDelaySeconds }}
periodSeconds: {{ .Values.readinessProbe.periodSeconds }}
timeoutSeconds: {{ .Values.readinessProbe.timeoutSeconds }}
successThreshold: {{ .Values.readinessProbe.successThreshold }}
failureThreshold: {{ .Values.readinessProbe.failureThreshold }}
httpGet:
path: /api/ping
port: 9020
resources:
{{- toYaml .Values.resources | nindent 12 }}
volumeMounts:
{{- with .Values.extraVolumeMounts }}
{{- toYaml . | nindent 8 }}
{{- end }}
{{- with .Values.nodeSelector }}
nodeSelector:
{{- toYaml . | nindent 8 }}
{{- end }}
{{- with .Values.affinity }}
affinity:
{{- toYaml . | nindent 8 }}
{{- end }}
{{- with .Values.tolerations }}
tolerations:
{{- toYaml . | nindent 6 }}
{{- end }}
volumes:
{{- with .Values.extraVolumes }}
{{- toYaml . | nindent 6 }}
{{- end }}
{{- end -}}

26
charts/codefresh/cf-runtime/6.3.61/templates/_components/monitor/_env-vars.yaml Normal file
View File

@ -0,0 +1,26 @@
{{- define "monitor.environment-variables.defaults" }}
SERVICE_NAME: {{ include "monitor.fullname" . }}
PORT: 9020
HELM3: true
NODE_OPTIONS: "--max_old_space_size=4096"
{{- end }}
{{- define "monitor.environment-variables.calculated" }}
API_TOKEN: {{ include "runtime.installation-token-env-var-value" . | nindent 2 }}
CLUSTER_ID: {{ include "runtime.runtime-environment-spec.context-name" . }}
API_URL: {{ include "runtime.runtime-environment-spec.codefresh-host" . }}/api/k8s-monitor/events
ACCOUNT_ID: {{ .Values.global.accountId }}
NAMESPACE: {{ .Release.Namespace }}
{{- if .Values.rbac.namespaced }}
ROLE_BINDING: true
{{- end }}
{{- end }}
{{- define "monitor.environment-variables" }}
{{- $cfCommonTplSemver := printf "cf-common-%s" (index .Subcharts "cf-common").Chart.Version }}
{{- $defaults := (include "monitor.environment-variables.defaults" . | fromYaml) }}
{{- $calculated := (include "monitor.environment-variables.calculated" . | fromYaml) }}
{{- $overrides := .Values.env }}
{{- $mergedValues := mergeOverwrite (merge $defaults $calculated) $overrides }}
{{- include (printf "%s.env-vars" $cfCommonTplSemver) (dict "Values" $mergedValues "context" .) }}
{{- end }}

42
charts/codefresh/cf-runtime/6.3.61/templates/_components/monitor/_helpers.tpl Normal file
View File

@ -0,0 +1,42 @@
{{/*
Expand the name of the chart.
*/}}
{{- define "monitor.name" -}}
{{- printf "%s-%s" (include "cf-runtime.name" .) "monitor" | trunc 63 | trimSuffix "-" }}
{{- end }}
{{/*
Create a default fully qualified app name.
We truncate at 63 chars because some Kubernetes name fields are limited to this (by the DNS naming spec).
If release name contains chart name it will be used as a full name.
*/}}
{{- define "monitor.fullname" -}}
{{- printf "%s-%s" (include "cf-runtime.fullname" .) "monitor" | trunc 63 | trimSuffix "-" }}
{{- end }}
{{/*
Common labels
*/}}
{{- define "monitor.labels" -}}
{{ include "cf-runtime.labels" . }}
codefresh.io/application: monitor
{{- end }}
{{/*
Selector labels
*/}}
{{- define "monitor.selectorLabels" -}}
{{ include "cf-runtime.selectorLabels" . }}
codefresh.io/application: monitor
{{- end }}
{{/*
Create the name of the service account to use
*/}}
{{- define "monitor.serviceAccountName" -}}
{{- if .Values.serviceAccount.create }}
{{- default (include "monitor.fullname" .) .Values.serviceAccount.name }}
{{- else }}
{{- default "default" .Values.serviceAccount.name }}
{{- end }}
{{- end }}

56
charts/codefresh/cf-runtime/6.3.61/templates/_components/monitor/_rbac.yaml Normal file
View File

@ -0,0 +1,56 @@
{{- define "monitor.resources.rbac" -}}
{{- if .Values.serviceAccount.create }}
apiVersion: v1
kind: ServiceAccount
metadata:
name: {{ include "monitor.serviceAccountName" . }}
labels:
{{- include "monitor.labels" . | nindent 4 }}
{{- with .Values.serviceAccount.annotations }}
annotations:
{{- toYaml . | nindent 4 }}
{{- end }}
{{- end }}
---
{{- if .Values.rbac.create }}
kind: {{ .Values.rbac.namespaced | ternary "Role" "ClusterRole" }}
apiVersion: rbac.authorization.k8s.io/v1
metadata:
name: {{ include "monitor.fullname" . }}
labels:
{{- include "monitor.labels" . | nindent 4 }}
rules:
- apiGroups: [ "" ]
resources: [ "*" ]
verbs: [ "get", "list", "watch", "create", "delete" ]
- apiGroups: [ "" ]
resources: [ "pods" ]
verbs: [ "get", "list", "watch", "create", "deletecollection" ]
- apiGroups: [ "extensions" ]
resources: [ "*" ]
verbs: [ "get", "list", "watch" ]
- apiGroups: [ "apps" ]
resources: [ "*" ]
verbs: [ "get", "list", "watch" ]
{{- with .Values.rbac.rules }}
{{ toYaml . | nindent 2 }}
{{- end }}
{{- end }}
---
{{- if and .Values.serviceAccount.create .Values.rbac.create }}
kind: {{ .Values.rbac.namespaced | ternary "RoleBinding" "ClusterRoleBinding" }}
apiVersion: rbac.authorization.k8s.io/v1
metadata:
name: {{ include "monitor.fullname" . }}
labels:
{{- include "monitor.labels" . | nindent 4 }}
subjects:
- kind: ServiceAccount
name: {{ include "monitor.serviceAccountName" . }}
namespace: {{ .Release.Namespace }}
roleRef:
kind: {{ .Values.rbac.namespaced | ternary "Role" "ClusterRole" }}
name: {{ include "monitor.fullname" . }}
apiGroup: rbac.authorization.k8s.io
{{- end }}
{{- end -}}

17
charts/codefresh/cf-runtime/6.3.61/templates/_components/monitor/_service.yaml Normal file
View File

@ -0,0 +1,17 @@
{{- define "monitor.resources.service" -}}
apiVersion: v1
kind: Service
metadata:
name: {{ include "monitor.fullname" . }}
labels:
{{- include "monitor.labels" . | nindent 4 }}
spec:
type: ClusterIP
ports:
- name: http
port: 80
protocol: TCP
targetPort: 9020
selector:
{{- include "monitor.selectorLabels" . | nindent 4 }}
{{- end -}}

103
charts/codefresh/cf-runtime/6.3.61/templates/_components/runner/_deployment.yaml Normal file
View File

@ -0,0 +1,103 @@
{{- define "runner.resources.deployment" -}}
{{ $cfCommonTplSemver := printf "cf-common-%s" (index .Subcharts "cf-common").Chart.Version }}
apiVersion: apps/v1
kind: Deployment
metadata:
name: {{ include "runner.fullname" . }}
labels:
{{- include "runner.labels" . | nindent 4 }}
spec:
replicas: {{ .Values.replicasCount }}
strategy:
type: {{ .Values.updateStrategy.type }}
selector:
matchLabels:
{{- include "runner.selectorLabels" . | nindent 6 }}
template:
metadata:
labels:
{{- include "runner.selectorLabels" . | nindent 8 }}
{{- with .Values.podAnnotations }}
annotations:
{{- toYaml . | nindent 8 }}
{{- end }}
spec:
{{- include (printf "%s.image.pullSecrets" $cfCommonTplSemver ) . | nindent 8 }}
serviceAccountName: {{ include "runner.serviceAccountName" . }}
{{- if .Values.podSecurityContext.enabled }}
securityContext: {{- omit .Values.podSecurityContext "enabled" | toYaml | nindent 8 }}
{{- end }}
initContainers:
- name: init
image: {{ include (printf "%s.image.name" $cfCommonTplSemver ) (dict "image" .Values.init.image "context" .) }}
imagePullPolicy: {{ .Values.init.image.pullPolicy | default "IfNotPresent" }}
command:
- /bin/bash
args:
- -ec
- | {{ .Files.Get "files/init-runtime.sh" | nindent 10 }}
env:
{{- include "runner-init.environment-variables" . | nindent 8 }}
{{- with .Values.init.resources }}
resources:
{{- toYaml . | nindent 10 }}
{{- end }}
containers:
- name: runner
image: {{ include (printf "%s.image.name" $cfCommonTplSemver ) (dict "image" .Values.image "context" .) }}
imagePullPolicy: {{ .Values.image.pullPolicy | default "IfNotPresent" }}
env:
{{- include "runner.environment-variables" . | nindent 8 }}
ports:
- name: http
containerPort: 8080
readinessProbe:
initialDelaySeconds: {{ .Values.readinessProbe.initialDelaySeconds }}
periodSeconds: {{ .Values.readinessProbe.periodSeconds }}
timeoutSeconds: {{ .Values.readinessProbe.timeoutSeconds }}
successThreshold: {{ .Values.readinessProbe.successThreshold }}
failureThreshold: {{ .Values.readinessProbe.failureThreshold }}
httpGet:
path: /health
port: http
{{- with .Values.resources }}
resources:
{{- toYaml . | nindent 10 }}
{{- end }}
{{- with .Values.extraVolumeMounts }}
volumeMounts:
{{- toYaml . | nindent 8 }}
{{- end }}
{{- if .Values.sidecar.enabled }}
- name: reconcile-runtime
image: {{ include (printf "%s.image.name" $cfCommonTplSemver ) (dict "image" .Values.sidecar.image "context" .) }}
imagePullPolicy: {{ .Values.sidecar.image.pullPolicy | default "IfNotPresent" }}
command:
- /bin/bash
args:
- -ec
- | {{ .Files.Get "files/reconcile-runtime.sh" | nindent 10 }}
env:
{{- include "runner-sidecar.environment-variables" . | nindent 8 }}
{{- with .Values.sidecar.resources }}
resources:
{{- toYaml . | nindent 10 }}
{{- end }}
{{- end }}
{{- with .Values.nodeSelector }}
nodeSelector:
{{- toYaml . | nindent 8 }}
{{- end }}
{{- with .Values.affinity }}
affinity:
{{- toYaml . | nindent 8 }}
{{- end }}
{{- with .Values.tolerations }}
tolerations:
{{- toYaml . | nindent 6 }}
{{- end }}
{{- with .Values.extraVolumes }}
volumes:
{{- toYaml . | nindent 6 }}
{{- end }}
{{- end -}}

42
charts/codefresh/cf-runtime/6.3.61/templates/_components/runner/_helpers.tpl Normal file
View File

@ -0,0 +1,42 @@
{{/*
Expand the name of the chart.
*/}}
{{- define "runner.name" -}}
{{- printf "%s-%s" (include "cf-runtime.name" .) "runner" | trunc 63 | trimSuffix "-" }}
{{- end }}
{{/*
Create a default fully qualified app name.
We truncate at 63 chars because some Kubernetes name fields are limited to this (by the DNS naming spec).
If release name contains chart name it will be used as a full name.
*/}}
{{- define "runner.fullname" -}}
{{- printf "%s-%s" (include "cf-runtime.fullname" .) "runner" | trunc 63 | trimSuffix "-" }}
{{- end }}
{{/*
Common labels
*/}}
{{- define "runner.labels" -}}
{{ include "cf-runtime.labels" . }}
codefresh.io/application: runner
{{- end }}
{{/*
Selector labels
*/}}
{{- define "runner.selectorLabels" -}}
{{ include "cf-runtime.selectorLabels" . }}
codefresh.io/application: runner
{{- end }}
{{/*
Create the name of the service account to use
*/}}
{{- define "runner.serviceAccountName" -}}
{{- if .Values.serviceAccount.create }}
{{- default (include "runner.fullname" .) .Values.serviceAccount.name }}
{{- else }}
{{- default "default" .Values.serviceAccount.name }}
{{- end }}
{{- end }}

53
charts/codefresh/cf-runtime/6.3.61/templates/_components/runner/_rbac.yaml Normal file
View File

@ -0,0 +1,53 @@
{{- define "runner.resources.rbac" -}}
{{- if .Values.serviceAccount.create }}
apiVersion: v1
kind: ServiceAccount
metadata:
name: {{ include "runner.serviceAccountName" . }}
labels:
{{- include "runner.labels" . | nindent 4 }}
{{- with .Values.serviceAccount.annotations }}
annotations:
{{- toYaml . | nindent 4 }}
{{- end }}
{{- end }}
---
{{- if .Values.rbac.create }}
kind: Role
apiVersion: rbac.authorization.k8s.io/v1
metadata:
name: {{ include "runner.fullname" . }}
labels:
{{- include "runner.labels" . | nindent 4 }}
rules:
- apiGroups: [ "" ]
resources: [ "pods", "persistentvolumeclaims" ]
verbs: [ "get", "create", "delete", patch ]
- apiGroups: [ "" ]
resources: [ "configmaps", "secrets" ]
verbs: [ "get", "create", "update", patch ]
- apiGroups: [ "apps" ]
resources: [ "deployments" ]
verbs: [ "get" ]
{{- with .Values.rbac.rules }}
{{ toYaml . | nindent 2 }}
{{- end }}
{{- end }}
---
{{- if and .Values.serviceAccount.create .Values.rbac.create }}
kind: RoleBinding
apiVersion: rbac.authorization.k8s.io/v1
metadata:
name: {{ include "runner.fullname" . }}
labels:
{{- include "runner.labels" . | nindent 4 }}
subjects:
- kind: ServiceAccount
name: {{ include "runner.serviceAccountName" . }}
namespace: {{ .Release.Namespace }}
roleRef:
kind: Role
name: {{ include "runner.fullname" . }}
apiGroup: rbac.authorization.k8s.io
{{- end }}
{{- end -}}

30
charts/codefresh/cf-runtime/6.3.61/templates/_components/runner/environment-variables/_init-container.yaml Normal file
View File

@ -0,0 +1,30 @@
{{- define "runner-init.environment-variables.defaults" }}
HOME: /tmp
{{- end }}
{{- define "runner-init.environment-variables.calculated" }}
AGENT_NAME: {{ include "runtime.runtime-environment-spec.agent-name" . }}
API_HOST: {{ include "runtime.runtime-environment-spec.codefresh-host" . }}
AGENT_CODEFRESH_TOKEN:
valueFrom:
secretKeyRef:
name: {{ include "runner.fullname" . }}
key: agent-codefresh-token
optional: true
EXISTING_AGENT_CODEFRESH_TOKEN: {{ include "runtime.agent-token-env-var-value" . | nindent 2 }}
KUBE_CONTEXT: {{ include "runtime.runtime-environment-spec.context-name" . }}
KUBE_NAMESPACE: {{ .Release.Namespace }}
OWNER_NAME: {{ include "runner.fullname" . }}
RUNTIME_NAME: {{ include "runtime.runtime-environment-spec.runtime-name" . }}
SECRET_NAME: {{ include "runner.fullname" . }}
USER_CODEFRESH_TOKEN: {{ include "runtime.installation-token-env-var-value" . | nindent 2 }}
{{- end }}
{{- define "runner-init.environment-variables" }}
{{- $cfCommonTplSemver := printf "cf-common-%s" (index .Subcharts "cf-common").Chart.Version }}
{{- $defaults := (include "runner-init.environment-variables.defaults" . | fromYaml) }}
{{- $calculated := (include "runner-init.environment-variables.calculated" . | fromYaml) }}
{{- $overrides := .Values.env }}
{{- $mergedValues := mergeOverwrite (merge $defaults $calculated) $overrides }}
{{- include (printf "%s.env-vars" $cfCommonTplSemver) (dict "Values" $mergedValues "context" .) }}
{{- end }}

28
charts/codefresh/cf-runtime/6.3.61/templates/_components/runner/environment-variables/_main-container.yaml Normal file
View File

@ -0,0 +1,28 @@
{{- define "runner.environment-variables.defaults" }}
AGENT_MODE: InCluster
SELF_DEPLOYMENT_NAME:
valueFrom:
fieldRef:
fieldPath: metadata.name
{{- end }}
{{- define "runner.environment-variables.calculated" }}
AGENT_ID: {{ include "runtime.runtime-environment-spec.agent-name" . }}
CODEFRESH_HOST: {{ include "runtime.runtime-environment-spec.codefresh-host" . }}
CODEFRESH_IN_CLUSTER_RUNTIME: {{ include "runtime.runtime-environment-spec.runtime-name" . }}
CODEFRESH_TOKEN:
valueFrom:
secretKeyRef:
name: {{ include "runner.fullname" . }}
key: agent-codefresh-token
DOCKER_REGISTRY: {{ .Values.global.imageRegistry }}
{{- end }}
{{- define "runner.environment-variables" }}
{{- $cfCommonTplSemver := printf "cf-common-%s" (index .Subcharts "cf-common").Chart.Version }}
{{- $defaults := (include "runner.environment-variables.defaults" . | fromYaml) }}
{{- $calculated := (include "runner.environment-variables.calculated" . | fromYaml) }}
{{- $overrides := .Values.env }}
{{- $mergedValues := mergeOverwrite (merge $defaults $calculated) $overrides }}
{{- include (printf "%s.env-vars" $cfCommonTplSemver) (dict "Values" $mergedValues "context" .) }}
{{- end }}

22
charts/codefresh/cf-runtime/6.3.61/templates/_components/runner/environment-variables/_sidecar-container.yaml Normal file
View File

@ -0,0 +1,22 @@
{{- define "runner-sidecar.environment-variables.defaults" }}
HOME: /tmp
{{- end }}
{{- define "runner-sidecar.environment-variables.calculated" }}
API_HOST: {{ include "runtime.runtime-environment-spec.codefresh-host" . }}
USER_CODEFRESH_TOKEN: {{ include "runtime.installation-token-env-var-value" . | nindent 2 }}
KUBE_CONTEXT: {{ include "runtime.runtime-environment-spec.context-name" . }}
KUBE_NAMESPACE: {{ .Release.Namespace }}
OWNER_NAME: {{ include "runner.fullname" . }}
RUNTIME_NAME: {{ include "runtime.runtime-environment-spec.runtime-name" . }}
CONFIGMAP_NAME: {{ printf "%s-%s" (include "runtime.fullname" .) "spec" }}
{{- end }}
{{- define "runner-sidecar.environment-variables" }}
{{- $cfCommonTplSemver := printf "cf-common-%s" (index .Subcharts "cf-common").Chart.Version }}
{{- $defaults := (include "runner-sidecar.environment-variables.defaults" . | fromYaml) }}
{{- $calculated := (include "runner-sidecar.environment-variables.calculated" . | fromYaml) }}
{{- $overrides := .Values.sidecar.env }}
{{- $mergedValues := mergeOverwrite (merge $defaults $calculated) $overrides }}
{{- include (printf "%s.env-vars" $cfCommonTplSemver) (dict "Values" $mergedValues "context" .) }}
{{- end }}

58
charts/codefresh/cf-runtime/6.3.61/templates/_components/volume-provisioner/_cronjob.yaml Normal file
View File

@ -0,0 +1,58 @@
{{- define "dind-volume-provisioner.resources.cronjob" -}}
{{ $cfCommonTplSemver := printf "cf-common-%s" (index .Subcharts "cf-common").Chart.Version }}
{{- if not (eq .Values.storage.backend "local") }}
apiVersion: batch/v1
kind: CronJob
metadata:
name: {{ include "dind-volume-cleanup.fullname" . }}
labels:
{{- include "dind-volume-cleanup.labels" . | nindent 4 }}
spec:
concurrencyPolicy: {{ .Values.concurrencyPolicy }}
schedule: {{ .Values.schedule | quote }}
successfulJobsHistoryLimit: {{ .Values.successfulJobsHistory }}
failedJobsHistoryLimit: {{ .Values.failedJobsHistory }}
{{- with .Values.suspend }}
suspend: {{ . }}
{{- end }}
jobTemplate:
spec:
template:
metadata:
labels:
{{- include "dind-volume-cleanup.selectorLabels" . | nindent 12 }}
{{- with .Values.podAnnotations }}
annotations:
{{- toYaml . | nindent 12 }}
{{- end }}
spec:
{{- include (printf "%s.image.pullSecrets" $cfCommonTplSemver ) . | nindent 10 }}
serviceAccountName: {{ include "dind-volume-provisioner.serviceAccountName" . }}
{{- if .Values.podSecurityContext.enabled }}
securityContext: {{- omit .Values.podSecurityContext "enabled" | toYaml | nindent 12 }}
{{- end }}
restartPolicy: {{ .Values.restartPolicy | default "Never" }}
containers:
- name: dind-volume-cleanup
image: {{ include (printf "%s.image.name" $cfCommonTplSemver ) (dict "image" .Values.image "context" .) }}
imagePullPolicy: {{ .Values.image.pullPolicy | default "Always" }}
env:
{{- include (printf "%s.env-vars" $cfCommonTplSemver) (dict "Values" .Values.env "context" .) | nindent 12 }}
- name: PROVISIONED_BY
value: {{ include "dind-volume-provisioner.volumeProvisionerName" . }}
resources:
{{- toYaml .Values.resources | nindent 14 }}
{{- with .Values.nodeSelector }}
nodeSelector:
{{- toYaml . | nindent 12 }}
{{- end }}
{{- with .Values.affinity }}
affinity:
{{- toYaml . | nindent 12 }}
{{- end }}
{{- with .Values.tolerations }}
tolerations:
{{- toYaml . | nindent 10 }}
{{- end }}
{{- end }}
{{- end -}}

98
charts/codefresh/cf-runtime/6.3.61/templates/_components/volume-provisioner/_daemonset.yaml Normal file
View File

@ -0,0 +1,98 @@
{{- define "dind-volume-provisioner.resources.daemonset" -}}
{{ $cfCommonTplSemver := printf "cf-common-%s" (index .Subcharts "cf-common").Chart.Version }}
{{ $localVolumeParentDir := .Values.storage.local.volumeParentDir }}
{{- if eq .Values.storage.backend "local" }}
---
apiVersion: apps/v1
kind: DaemonSet
metadata:
name: {{ include "dind-lv-monitor.fullname" . }}
labels:
{{- include "dind-lv-monitor.labels" . | nindent 4 }}
spec:
selector:
matchLabels:
{{- include "dind-lv-monitor.selectorLabels" . | nindent 6 }}
template:
metadata:
labels:
{{- include "dind-lv-monitor.selectorLabels" . | nindent 8 }}
{{- with .Values.podAnnotations }}
annotations:
{{- toYaml . | nindent 8 }}
{{- end }}
spec:
{{- include (printf "%s.image.pullSecrets" $cfCommonTplSemver ) . | nindent 8 }}
serviceAccountName: {{ include "dind-volume-provisioner.serviceAccountName" . }}
{{- if .Values.podSecurityContext.enabled }}
securityContext: {{- omit .Values.podSecurityContext "enabled" | toYaml | nindent 8 }}
{{- end }}
{{- if .Values.volumePermissions.enabled }}
initContainers:
- name: volume-permissions
image: {{ include (printf "%s.image.name" $cfCommonTplSemver ) (dict "image" .Values.volumePermissions.image "context" .) }}
imagePullPolicy: {{ .Values.volumePermissions.image.pullPolicy | default "Always" }}
command:
- /bin/sh
args:
- -ec
- |
chown -R {{ .Values.podSecurityContext.runAsUser }}:{{ .Values.podSecurityContext.fsGroup }} {{ $localVolumeParentDir }}
volumeMounts:
- mountPath: {{ $localVolumeParentDir }}
name: dind-volume-dir
{{- if eq ( toString ( .Values.volumePermissions.securityContext.runAsUser )) "auto" }}
securityContext: {{- omit .Values.volumePermissions.securityContext "runAsUser" | toYaml | nindent 10 }}
{{- else }}
securityContext: {{- .Values.volumePermissions.securityContext | toYaml | nindent 10 }}
{{- end }}
resources:
{{- toYaml .Values.volumePermissions.resources | nindent 10 }}
{{- end }}
containers:
- name: dind-lv-monitor
image: {{ include (printf "%s.image.name" $cfCommonTplSemver ) (dict "image" .Values.image "context" .) }}
imagePullPolicy: {{ .Values.image.pullPolicy | default "Always" }}
{{- if .Values.containerSecurityContext.enabled }}
securityContext: {{- omit .Values.containerSecurityContext "enabled" | toYaml | nindent 10 }}
{{- end }}
command:
- /home/dind-volume-utils/bin/local-volumes-agent
env:
{{- include (printf "%s.env-vars" $cfCommonTplSemver) (dict "Values" .Values.env "context" .) | nindent 10 }}
- name: NODE_NAME
valueFrom:
fieldRef:
fieldPath: spec.nodeName
- name: VOLUME_PARENT_DIR
value: {{ $localVolumeParentDir }}
resources:
{{- toYaml .Values.resources | nindent 10 }}
volumeMounts:
- mountPath: {{ $localVolumeParentDir }}
readOnly: false
name: dind-volume-dir
{{- with .Values.extraVolumeMounts }}
{{- toYaml . | nindent 8 }}
{{- end }}
{{- with .Values.nodeSelector }}
nodeSelector:
{{- toYaml . | nindent 8 }}
{{- end }}
{{- with .Values.affinity }}
affinity:
{{- toYaml . | nindent 8 }}
{{- end }}
{{- with .Values.tolerations }}
tolerations:
{{- toYaml . | nindent 6 }}
{{- end }}
volumes:
- name: dind-volume-dir
hostPath:
path: {{ $localVolumeParentDir }}
{{- with .Values.extraVolumes }}
{{- toYaml . | nindent 6 }}
{{- end }}
{{- end }}
{{- end -}}

67
charts/codefresh/cf-runtime/6.3.61/templates/_components/volume-provisioner/_deployment.yaml Normal file
View File

@ -0,0 +1,67 @@
{{- define "dind-volume-provisioner.resources.deployment" -}}
{{ $cfCommonTplSemver := printf "cf-common-%s" (index .Subcharts "cf-common").Chart.Version }}
apiVersion: apps/v1
kind: Deployment
metadata:
name: {{ include "dind-volume-provisioner.fullname" . }}
labels:
{{- include "dind-volume-provisioner.labels" . | nindent 4 }}
spec:
replicas: {{ .Values.replicasCount }}
strategy:
type: {{ .Values.updateStrategy.type }}
selector:
matchLabels:
{{- include "dind-volume-provisioner.selectorLabels" . | nindent 6 }}
template:
metadata:
labels:
{{- include "dind-volume-provisioner.selectorLabels" . | nindent 8 }}
{{- with .Values.podAnnotations }}
annotations:
{{- toYaml . | nindent 8 }}
{{- end }}
spec:
{{- include (printf "%s.image.pullSecrets" $cfCommonTplSemver ) . | nindent 8 }}
serviceAccountName: {{ include "dind-volume-provisioner.serviceAccountName" . }}
{{- if .Values.podSecurityContext.enabled }}
securityContext: {{- omit .Values.podSecurityContext "enabled" | toYaml | nindent 8 }}
{{- end }}
containers:
- name: dind-volume-provisioner
image: {{ include (printf "%s.image.name" $cfCommonTplSemver ) (dict "image" .Values.image "context" .) }}
imagePullPolicy: {{ .Values.image.pullPolicy | default "Always" }}
command:
- /usr/local/bin/dind-volume-provisioner
- -v=4
- --resync-period=50s
env:
{{- include "dind-volume-provisioner.environment-variables" . | nindent 8 }}
ports:
- name: http
containerPort: 8080
resources:
{{- toYaml .Values.resources | nindent 12 }}
volumeMounts:
{{- include "dind-volume-provisioner.volumeMounts.calculated" . | nindent 8 }}
{{- with .Values.extraVolumeMounts }}
{{- toYaml . | nindent 8 }}
{{- end }}
{{- with .Values.nodeSelector }}
nodeSelector:
{{- toYaml . | nindent 8 }}
{{- end }}
{{- with .Values.affinity }}
affinity:
{{- toYaml . | nindent 8 }}
{{- end }}
{{- with .Values.tolerations }}
tolerations:
{{- toYaml . | nindent 6 }}
{{- end }}
volumes:
{{- include "dind-volume-provisioner.volumes.calculated" . | nindent 6 }}
{{- with .Values.extraVolumes }}
{{- toYaml . | nindent 6 }}
{{- end }}
{{- end -}}

88
charts/codefresh/cf-runtime/6.3.61/templates/_components/volume-provisioner/_env-vars.yaml Normal file
View File

@ -0,0 +1,88 @@
{{- define "dind-volume-provisioner.environment-variables.defaults" }}
{{- end }}
{{- define "dind-volume-provisioner.environment-variables.calculated" }}
DOCKER_REGISTRY: {{ .Values.global.imageRegistry }}
PROVISIONER_NAME: {{ include "dind-volume-provisioner.volumeProvisionerName" . }}
{{- if or .Values.storage.ebs.accessKeyId .Values.storage.ebs.accessKeyIdSecretKeyRef }}
AWS_ACCESS_KEY_ID:
{{- if .Values.storage.ebs.accessKeyId }}
valueFrom:
secretKeyRef:
name: {{ include "dind-volume-provisioner.fullname" . }}
key: aws_access_key_id
{{- else if .Values.storage.ebs.accessKeyIdSecretKeyRef }}
valueFrom:
secretKeyRef:
{{- .Values.storage.ebs.accessKeyIdSecretKeyRef | toYaml | nindent 6 }}
{{- end }}
{{- end }}
{{- if or .Values.storage.ebs.secretAccessKey .Values.storage.ebs.secretAccessKeySecretKeyRef }}
AWS_SECRET_ACCESS_KEY:
{{- if .Values.storage.ebs.secretAccessKey }}
valueFrom:
secretKeyRef:
name: {{ include "dind-volume-provisioner.fullname" . }}
key: aws_secret_access_key
{{- else if .Values.storage.ebs.secretAccessKeySecretKeyRef }}
valueFrom:
secretKeyRef:
{{- .Values.storage.ebs.secretAccessKeySecretKeyRef | toYaml | nindent 6 }}
{{- end }}
{{- end }}
{{- if or .Values.storage.gcedisk.serviceAccountJson .Values.storage.gcedisk.serviceAccountJsonSecretKeyRef }}
GOOGLE_APPLICATION_CREDENTIALS: {{ printf "/etc/dind-volume-provisioner/credentials/%s" (.Values.storage.gcedisk.serviceAccountJsonSecretKeyRef.key | default "google-service-account.json") }}
{{- end }}
{{- if and .Values.storage.mountAzureJson }}
AZURE_CREDENTIAL_FILE: /etc/kubernetes/azure.json
CLOUDCONFIG_AZURE: /etc/kubernetes/azure.json
{{- end }}
{{- end }}
{{- define "dind-volume-provisioner.environment-variables" }}
{{- $cfCommonTplSemver := printf "cf-common-%s" (index .Subcharts "cf-common").Chart.Version }}
{{- $defaults := (include "dind-volume-provisioner.environment-variables.defaults" . | fromYaml) }}
{{- $calculated := (include "dind-volume-provisioner.environment-variables.calculated" . | fromYaml) }}
{{- $overrides := .Values.env }}
{{- $mergedValues := mergeOverwrite (merge $defaults $calculated) $overrides }}
{{- include (printf "%s.env-vars" $cfCommonTplSemver) (dict "Values" $mergedValues "context" .) }}
{{- end }}
{{- define "dind-volume-provisioner.volumes.calculated" }}
{{- if .Values.storage.gcedisk.serviceAccountJson }}
- name: credentials
secret:
secretName: {{ include "dind-volume-provisioner.fullname" . }}
optional: true
{{- else if .Values.storage.gcedisk.serviceAccountJsonSecretKeyRef }}
- name: credentials
secret:
secretName: {{ .Values.storage.gcedisk.serviceAccountJsonSecretKeyRef.name }}
optional: true
{{- end }}
{{- if .Values.storage.mountAzureJson }}
- name: azure-json
hostPath:
path: /etc/kubernetes/azure.json
type: File
{{- end }}
{{- end }}
{{- define "dind-volume-provisioner.volumeMounts.calculated" }}
{{- if or .Values.storage.gcedisk.serviceAccountJson .Values.storage.gcedisk.serviceAccountJsonSecretKeyRef }}
- name: credentials
readOnly: true
mountPath: "/etc/dind-volume-provisioner/credentials"
{{- end }}
{{- if .Values.storage.mountAzureJson }}
- name: azure-json
readOnly: true
mountPath: "/etc/kubernetes/azure.json"
{{- end }}
{{- end }}

93
charts/codefresh/cf-runtime/6.3.61/templates/_components/volume-provisioner/_helpers.tpl Normal file
View File

@ -0,0 +1,93 @@
{{/*
Expand the name of the chart.
*/}}
{{- define "dind-volume-provisioner.name" -}}
{{- printf "%s-%s" (include "cf-runtime.name" .) "volume-provisioner" | trunc 63 | trimSuffix "-" }}
{{- end }}
{{/*
Create a default fully qualified app name.
We truncate at 63 chars because some Kubernetes name fields are limited to this (by the DNS naming spec).
If release name contains chart name it will be used as a full name.
*/}}
{{- define "dind-volume-provisioner.fullname" -}}
{{- printf "%s-%s" (include "cf-runtime.fullname" .) "volume-provisioner" | trunc 63 | trimSuffix "-" }}
{{- end }}
{{- define "dind-volume-cleanup.fullname" -}}
{{- printf "%s-%s" (include "cf-runtime.fullname" .) "volume-cleanup" | trunc 52 | trimSuffix "-" }}
{{- end }}
{{- define "dind-lv-monitor.fullname" -}}
{{- printf "%s-%s" (include "cf-runtime.fullname" .) "lv-monitor" | trunc 63 | trimSuffix "-" }}
{{- end }}
{{/*
Provisioner name for storage class
*/}}
{{- define "dind-volume-provisioner.volumeProvisionerName" }}
{{- printf "codefresh.io/dind-volume-provisioner-runner-%s" .Release.Namespace }}
{{- end }}
{{/*
Common labels for dind-lv-monitor
*/}}
{{- define "dind-lv-monitor.labels" -}}
{{ include "cf-runtime.labels" . }}
codefresh.io/application: lv-monitor
{{- end }}
{{/*
Selector labels for dind-lv-monitor
*/}}
{{- define "dind-lv-monitor.selectorLabels" -}}
{{ include "cf-runtime.selectorLabels" . }}
codefresh.io/application: lv-monitor
{{- end }}
{{/*
Common labels for dind-volume-provisioner
*/}}
{{- define "dind-volume-provisioner.labels" -}}
{{ include "cf-runtime.labels" . }}
codefresh.io/application: volume-provisioner
{{- end }}
{{/*
Selector labels for dind-volume-provisioner
*/}}
{{- define "dind-volume-provisioner.selectorLabels" -}}
{{ include "cf-runtime.selectorLabels" . }}
codefresh.io/application: volume-provisioner
{{- end }}
{{/*
Common labels for dind-volume-cleanup
*/}}
{{- define "dind-volume-cleanup.labels" -}}
{{ include "cf-runtime.labels" . }}
codefresh.io/application: pv-cleanup
{{- end }}
{{/*
Common labels for dind-volume-cleanup
*/}}
{{- define "dind-volume-cleanup.selectorLabels" -}}
{{ include "cf-runtime.selectorLabels" . }}
codefresh.io/application: pv-cleanup
{{- end }}
{{/*
Create the name of the service account to use
*/}}
{{- define "dind-volume-provisioner.serviceAccountName" -}}
{{- if .Values.serviceAccount.create }}
{{- default (include "dind-volume-provisioner.fullname" .) .Values.serviceAccount.name }}
{{- else }}
{{- default "default" .Values.serviceAccount.name }}
{{- end }}
{{- end }}
{{- define "dind-volume-provisioner.storageClassName" }}
{{- printf "dind-local-volumes-runner-%s" .Release.Namespace }}
{{- end }}

71
charts/codefresh/cf-runtime/6.3.61/templates/_components/volume-provisioner/_rbac.yaml Normal file
View File

@ -0,0 +1,71 @@
{{- define "dind-volume-provisioner.resources.rbac" -}}
{{- if .Values.serviceAccount.create }}
apiVersion: v1
kind: ServiceAccount
metadata:
name: {{ include "dind-volume-provisioner.serviceAccountName" . }}
labels:
{{- include "dind-volume-provisioner.labels" . | nindent 4 }}
{{- with .Values.serviceAccount.annotations }}
annotations:
{{- toYaml . | nindent 4 }}
{{- end }}
{{- end }}
---
{{- if .Values.rbac.create }}
kind: ClusterRole
apiVersion: rbac.authorization.k8s.io/v1
metadata:
name: {{ include "dind-volume-provisioner.fullname" . }}
labels:
{{- include "dind-volume-provisioner.labels" . | nindent 4 }}
rules:
- apiGroups: [ "" ]
resources: [ "persistentvolumes" ]
verbs: [ "get", "list", "watch", "create", "delete", "patch" ]
- apiGroups: [ "" ]
resources: [ "persistentvolumeclaims" ]
verbs: [ "get", "list", "watch", "update", "delete" ]
- apiGroups: [ "storage.k8s.io" ]
resources: [ "storageclasses" ]
verbs: [ "get", "list", "watch" ]
- apiGroups: [ "" ]
resources: [ "events" ]
verbs: [ "list", "watch", "create", "update", "patch" ]
- apiGroups: [ "" ]
resources: [ "secrets" ]
verbs: [ "get", "list" ]
- apiGroups: [ "" ]
resources: [ "nodes" ]
verbs: [ "get", "list", "watch" ]
- apiGroups: [ "" ]
resources: [ "pods" ]
verbs: [ "get", "list", "watch", "create", "delete", "patch" ]
- apiGroups: [ "" ]
resources: [ "endpoints" ]
verbs: [ "get", "list", "watch", "create", "update", "delete" ]
- apiGroups: [ "coordination.k8s.io" ]
resources: [ "leases" ]
verbs: [ "get", "create", "update" ]
{{- with .Values.rbac.rules }}
{{ toYaml . | nindent 2 }}
{{- end }}
{{- end }}
---
{{- if and .Values.serviceAccount.create .Values.rbac.create }}
kind: ClusterRoleBinding
apiVersion: rbac.authorization.k8s.io/v1
metadata:
name: {{ include "dind-volume-provisioner.fullname" . }}
labels:
{{- include "dind-volume-provisioner.labels" . | nindent 4 }}
subjects:
- kind: ServiceAccount
name: {{ include "dind-volume-provisioner.serviceAccountName" . }}
namespace: {{ .Release.Namespace }}
roleRef:
kind: ClusterRole
name: {{ include "dind-volume-provisioner.fullname" . }}
apiGroup: rbac.authorization.k8s.io
{{- end }}
{{- end -}}

22
charts/codefresh/cf-runtime/6.3.61/templates/_components/volume-provisioner/_secret.yaml Normal file
View File

@ -0,0 +1,22 @@
{{- define "dind-volume-provisioner.resources.secret" -}}
{{- if or .Values.storage.ebs.accessKeyId .Values.storage.ebs.secretAccessKey .Values.storage.gcedisk.serviceAccountJson }}
apiVersion: v1
kind: Secret
type: Opaque
metadata:
name: {{ include "dind-volume-provisioner.fullname" . }}
labels:
{{- include "dind-volume-provisioner.labels" . | nindent 4 }}
stringData:
{{- with .Values.storage.gcedisk.serviceAccountJson }}
google-service-account.json: |
{{- . | nindent 4 }}
{{- end }}
{{- with .Values.storage.ebs.accessKeyId }}
aws_access_key_id: {{ . }}
{{- end }}
{{- with .Values.storage.ebs.secretAccessKey }}
aws_secret_access_key: {{ . }}
{{- end }}
{{- end }}
{{- end -}}

47
charts/codefresh/cf-runtime/6.3.61/templates/_components/volume-provisioner/_storageclass.yaml Normal file
View File

@ -0,0 +1,47 @@
{{- define "dind-volume-provisioner.resources.storageclass" -}}
kind: StorageClass
apiVersion: storage.k8s.io/v1
metadata:
{{/* has to be exactly that */}}
name: {{ include "dind-volume-provisioner.storageClassName" . }}
labels:
{{- include "dind-volume-provisioner.labels" . | nindent 4 }}
provisioner: {{ include "dind-volume-provisioner.volumeProvisionerName" . }}
parameters:
{{- if eq .Values.storage.backend "local" }}
volumeBackend: local
volumeParentDir: {{ .Values.storage.local.volumeParentDir }}
{{- else if eq .Values.storage.backend "gcedisk" }}
volumeBackend: {{ .Values.storage.backend }}
type: {{ .Values.storage.gcedisk.volumeType | default "pd-ssd" }}
zone: {{ required ".Values.storage.gcedisk.availabilityZone is required" .Values.storage.gcedisk.availabilityZone }}
fsType: {{ .Values.storage.fsType | default "ext4" }}
{{- else if or (eq .Values.storage.backend "ebs") (eq .Values.storage.backend "ebs-csi")}}
volumeBackend: {{ .Values.storage.backend }}
VolumeType: {{ .Values.storage.ebs.volumeType | default "gp3" }}
AvailabilityZone: {{ required ".Values.storage.ebs.availabilityZone is required" .Values.storage.ebs.availabilityZone }}
fsType: {{ .Values.storage.fsType | default "ext4" }}
encrypted: {{ .Values.storage.ebs.encrypted | default "false" | quote }}
{{- with .Values.storage.ebs.kmsKeyId }}
kmsKeyId: {{ . | quote }}
{{- end }}
{{- with .Values.storage.ebs.iops }}
iops: {{ . | quote }}
{{- end }}
{{- with .Values.storage.ebs.throughput }}
throughput: {{ . | quote }}
{{- end }}
{{- else if or (eq .Values.storage.backend "azuredisk") (eq .Values.storage.backend "azuredisk-csi")}}
volumeBackend: {{ .Values.storage.backend }}
kind: managed
skuName: {{ .Values.storage.azuredisk.skuName | default "Premium_LRS" }}
fsType: {{ .Values.storage.fsType | default "ext4" }}
cachingMode: {{ .Values.storage.azuredisk.cachingMode | default "None" }}
{{- with .Values.storage.azuredisk.availabilityZone }}
availabilityZone: {{ . | quote }}
{{- end }}
{{- with .Values.storage.azuredisk.resourceGroup }}
resourceGroup: {{ . | quote }}
{{- end }}
{{- end }}
{{- end -}}

51
charts/codefresh/cf-runtime/6.3.61/templates/_helpers.tpl Normal file
View File

@ -0,0 +1,51 @@
{{/*
Expand the name of the chart.
*/}}
{{- define "cf-runtime.name" -}}
{{- default .Chart.Name .Values.nameOverride | trunc 63 | trimSuffix "-" }}
{{- end }}
{{/*
Create a default fully qualified app name.
We truncate at 63 chars because some Kubernetes name fields are limited to this (by the DNS naming spec).
If release name contains chart name it will be used as a full name.
*/}}
{{- define "cf-runtime.fullname" -}}
{{- if .Values.fullnameOverride }}
{{- .Values.fullnameOverride | trunc 63 | trimSuffix "-" }}
{{- else }}
{{- $name := default .Chart.Name .Values.nameOverride }}
{{- if contains $name .Release.Name }}
{{- .Release.Name | trunc 63 | trimSuffix "-" }}
{{- else }}
{{- printf "%s-%s" .Release.Name $name | trunc 63 | trimSuffix "-" }}
{{- end }}
{{- end }}
{{- end }}
{{/*
Create chart name and version as used by the chart label.
*/}}
{{- define "cf-runtime.chart" -}}
{{- printf "%s-%s" .Chart.Name .Chart.Version | replace "+" "_" | trunc 63 | trimSuffix "-" }}
{{- end }}
{{/*
Common labels
*/}}
{{- define "cf-runtime.labels" -}}
helm.sh/chart: {{ include "cf-runtime.chart" . }}
{{ include "cf-runtime.selectorLabels" . }}
{{- if .Chart.AppVersion }}
app.kubernetes.io/version: {{ .Chart.AppVersion | quote }}
{{- end }}
app.kubernetes.io/managed-by: {{ .Release.Service }}
{{- end }}
{{/*
Selector labels
*/}}
{{- define "cf-runtime.selectorLabels" -}}
app.kubernetes.io/name: {{ include "cf-runtime.name" . }}
app.kubernetes.io/instance: {{ .Release.Name }}
{{- end }}

9
charts/codefresh/cf-runtime/6.3.61/templates/app-proxy/deployment.yaml Normal file
View File

@ -0,0 +1,9 @@
{{- $appProxyContext := deepCopy . }}
{{- $_ := set $appProxyContext "Values" (get .Values "appProxy") }}
{{- $_ := set $appProxyContext.Values "global" (get .Values "global") }}
{{- $_ := set $appProxyContext.Values "nameOverride" (get .Values "nameOverride") }}
{{- $_ := set $appProxyContext.Values "fullnameOverride" (get .Values "fullnameOverride") }}
{{- if $appProxyContext.Values.enabled }}
{{- include "app-proxy.resources.deployment" $appProxyContext }}
{{- end }}

9
charts/codefresh/cf-runtime/6.3.61/templates/app-proxy/ingress.yaml Normal file
View File

@ -0,0 +1,9 @@
{{- $appProxyContext := deepCopy . }}
{{- $_ := set $appProxyContext "Values" (get .Values "appProxy") }}
{{- $_ := set $appProxyContext.Values "global" (get .Values "global") }}
{{- $_ := set $appProxyContext.Values "nameOverride" (get .Values "nameOverride") }}
{{- $_ := set $appProxyContext.Values "fullnameOverride" (get .Values "fullnameOverride") }}
{{- if $appProxyContext.Values.enabled }}
{{- include "app-proxy.resources.ingress" $appProxyContext }}
{{- end }}

9
charts/codefresh/cf-runtime/6.3.61/templates/app-proxy/rbac.yaml Normal file
View File

@ -0,0 +1,9 @@
{{- $appProxyContext := deepCopy . }}
{{- $_ := set $appProxyContext "Values" (get .Values "appProxy") }}
{{- $_ := set $appProxyContext.Values "global" (get .Values "global") }}
{{- $_ := set $appProxyContext.Values "nameOverride" (get .Values "nameOverride") }}
{{- $_ := set $appProxyContext.Values "fullnameOverride" (get .Values "fullnameOverride") }}
{{- if $appProxyContext.Values.enabled }}
{{- include "app-proxy.resources.rbac" $appProxyContext }}
{{- end }}

9
charts/codefresh/cf-runtime/6.3.61/templates/app-proxy/service.yaml Normal file
View File

@ -0,0 +1,9 @@
{{- $appProxyContext := deepCopy . }}
{{- $_ := set $appProxyContext "Values" (get .Values "appProxy") }}
{{- $_ := set $appProxyContext.Values "global" (get .Values "global") }}
{{- $_ := set $appProxyContext.Values "nameOverride" (get .Values "nameOverride") }}
{{- $_ := set $appProxyContext.Values "fullnameOverride" (get .Values "fullnameOverride") }}
{{- if $appProxyContext.Values.enabled }}
{{- include "app-proxy.resources.service" $appProxyContext }}
{{- end }}

9
charts/codefresh/cf-runtime/6.3.61/templates/event-exporter/deployment.yaml Normal file
View File

@ -0,0 +1,9 @@
{{- $eventExporterContext := deepCopy . }}
{{- $_ := set $eventExporterContext "Values" (get .Values "event-exporter") }}
{{- $_ := set $eventExporterContext.Values "global" (get .Values "global") }}
{{- $_ := set $eventExporterContext.Values "nameOverride" (get .Values "nameOverride") }}
{{- $_ := set $eventExporterContext.Values "fullnameOverride" (get .Values "fullnameOverride") }}
{{- if and $eventExporterContext.Values.enabled }}
{{- include "event-exporter.resources.deployment" $eventExporterContext }}
{{- end }}

9
charts/codefresh/cf-runtime/6.3.61/templates/event-exporter/rbac.yaml Normal file
View File

@ -0,0 +1,9 @@
{{- $eventExporterContext := deepCopy . }}
{{- $_ := set $eventExporterContext "Values" (get .Values "event-exporter") }}
{{- $_ := set $eventExporterContext.Values "global" (get .Values "global") }}
{{- $_ := set $eventExporterContext.Values "nameOverride" (get .Values "nameOverride") }}
{{- $_ := set $eventExporterContext.Values "fullnameOverride" (get .Values "fullnameOverride") }}
{{- if and $eventExporterContext.Values.enabled }}
{{- include "event-exporter.resources.rbac" $eventExporterContext }}
{{- end }}

11
charts/codefresh/cf-runtime/6.3.61/templates/event-exporter/service.yaml Normal file
View File

@ -0,0 +1,11 @@
{{- $eventExporterContext := deepCopy . }}
{{- $_ := set $eventExporterContext "Values" (get .Values "event-exporter") }}
{{- $_ := set $eventExporterContext.Values "global" (get .Values "global") }}
{{- $_ := set $eventExporterContext.Values "nameOverride" (get .Values "nameOverride") }}
{{- $_ := set $eventExporterContext.Values "fullnameOverride" (get .Values "fullnameOverride") }}
{{- if $eventExporterContext.Values.enabled }}
{{- include "event-exporter.resources.service" $eventExporterContext }}
---
{{- include "event-exporter.resources.serviceMonitor" $eventExporterContext }}
{{- end }}

6
charts/codefresh/cf-runtime/6.3.61/templates/extra/extra-resources.yaml Normal file
View File

@ -0,0 +1,6 @@
{{ $cfCommonTplSemver := printf "cf-common-%s" (index .Subcharts "cf-common").Chart.Version }}
{{- range .Values.extraResources }}
---
{{ include (printf "%s.tplrender" $cfCommonTplSemver) (dict "Values" . "context" $) }}
{{- end }}

19
charts/codefresh/cf-runtime/6.3.61/templates/extra/runtime-images-cm.yaml Normal file
View File

@ -0,0 +1,19 @@
{{ $cfCommonTplSemver := printf "cf-common-%s" (index .Subcharts "cf-common").Chart.Version }}
{{ $values := .Values.runtime.engine.runtimeImages }}
---
kind: ConfigMap
apiVersion: v1
metadata:
{{- /* dummy template just to list runtime images */}}
name: {{ include "runtime.fullname" . }}-images
labels:
{{- include "runtime.labels" . | nindent 4 }}
annotations:
{{- with $values.annotations }}
{{- toYaml . | nindent 4 }}
{{- end }}
data:
images: |
{{- range $key, $val := $values }}
image: {{ $val }}
{{- end }}

18
charts/codefresh/cf-runtime/6.3.61/templates/hooks/post-install/cm-update-runtime.yaml Normal file
View File

@ -0,0 +1,18 @@
{{ $cfCommonTplSemver := printf "cf-common-%s" (index .Subcharts "cf-common").Chart.Version }}
{{ $values := .Values.runtime.patch }}
{{- if $values.enabled }}
---
kind: ConfigMap
apiVersion: v1
metadata:
name: {{ include "runtime.fullname" . }}-spec
labels:
{{- include "runtime.labels" . | nindent 4 }}
annotations:
{{- with $values.annotations }}
{{- toYaml . | nindent 4 }}
{{- end }}
data:
runtime.yaml: |
{{ include "runtime.runtime-environment-spec.template" . | nindent 4 | trim }}
{{- end }}

68
charts/codefresh/cf-runtime/6.3.61/templates/hooks/post-install/job-gencerts-dind.yaml Normal file
View File

@ -0,0 +1,68 @@
{{ $cfCommonTplSemver := printf "cf-common-%s" (index .Subcharts "cf-common").Chart.Version }}
{{ $values := .Values.runtime.gencerts }}
{{- if and $values.enabled }}
---
apiVersion: batch/v1
kind: Job
metadata:
name: {{ include "runtime.fullname" . }}-gencerts-dind
labels:
{{- include "runtime.labels" . | nindent 4 }}
annotations:
helm.sh/hook: post-install,post-upgrade
helm.sh/hook-weight: "3"
helm.sh/hook-delete-policy: before-hook-creation,hook-succeeded
{{- with $values.annotations }}
{{- toYaml . | nindent 4 }}
{{- end }}
spec:
{{- with $values.ttlSecondsAfterFinished }}
ttlSecondsAfterFinished: {{ . }}
{{- end }}
{{- with $values.backoffLimit }}
backoffLimit: {{ . | int }}
{{- end }}
template:
metadata:
name: {{ include "runtime.fullname" . }}-gencerts-dind
labels:
{{- include "runtime.labels" . | nindent 8 }}
spec:
{{- if $values.rbac.enabled }}
serviceAccountName: {{ template "runtime.fullname" . }}-gencerts-dind
{{- end }}
securityContext:
{{- toYaml $values.podSecurityContext | nindent 8 }}
containers:
- name: gencerts-dind
image: {{ include (printf "%s.image.name" $cfCommonTplSemver ) (dict "image" $values.image "context" .) }}
imagePullPolicy: {{ $values.image.pullPolicy | default "Always" }}
command:
- "/bin/bash"
args:
- -ec
- | {{ .Files.Get "files/configure-dind-certs.sh" | nindent 10 }}
env:
- name: NAMESPACE
value: {{ .Release.Namespace }}
- name: RELEASE
value: {{ .Release.Name }}
- name: CF_API_HOST
value: {{ include "runtime.runtime-environment-spec.codefresh-host" . }}
- name: CF_API_TOKEN
{{- include "runtime.installation-token-env-var-value" . | indent 10}}
{{- include (printf "%s.env-vars" $cfCommonTplSemver) (dict "Values" $values.env "context" .) | nindent 8 }}
{{- with $values.nodeSelector }}
nodeSelector:
{{- toYaml . | nindent 8 }}
{{- end }}
{{- with $values.affinity }}
affinity:
{{- toYaml . | nindent 8 }}
{{- end }}
{{- with $values.tolerations }}
tolerations:
{{- toYaml . | nindent 6 }}
{{- end }}
restartPolicy: OnFailure
{{- end }}

77
charts/codefresh/cf-runtime/6.3.61/templates/hooks/post-install/job-update-runtime.yaml Normal file
View File

@ -0,0 +1,77 @@
{{ $cfCommonTplSemver := printf "cf-common-%s" (index .Subcharts "cf-common").Chart.Version }}
{{ $values := .Values.runtime.patch }}
{{- if $values.enabled }}
---
apiVersion: batch/v1
kind: Job
metadata:
name: {{ include "runtime.fullname" . }}-patch
labels:
{{- include "runtime.labels" . | nindent 4 }}
annotations:
helm.sh/hook: post-install,post-upgrade
helm.sh/hook-weight: "5"
helm.sh/hook-delete-policy: before-hook-creation,hook-succeeded
{{- with $values.annotations }}
{{- toYaml . | nindent 4 }}
{{- end }}
spec:
{{- with $values.ttlSecondsAfterFinished }}
ttlSecondsAfterFinished: {{ . }}
{{- end }}
{{- with $values.backoffLimit }}
backoffLimit: {{ . | int }}
{{- end }}
template:
metadata:
name: {{ include "runtime.fullname" . }}-patch
labels:
{{- include "runtime.labels" . | nindent 8 }}
spec:
securityContext:
{{- toYaml $values.podSecurityContext | nindent 8 }}
containers:
- name: patch-runtime
image: {{ include (printf "%s.image.name" $cfCommonTplSemver ) (dict "image" $values.image "context" .) }}
imagePullPolicy: {{ $values.image.pullPolicy | default "Always" }}
command:
- "/bin/bash"
args:
- -ec
- |
codefresh auth create-context --api-key $API_KEY --url $API_HOST
cat /usr/share/extras/runtime.yaml
codefresh get re
{{- if .Values.runtime.agent }}
codefresh patch re -f /usr/share/extras/runtime.yaml
{{- else }}
codefresh patch sys-re -f /usr/share/extras/runtime.yaml
{{- end }}
env:
- name: API_KEY
{{- include "runtime.installation-token-env-var-value" . | indent 10}}
- name: API_HOST
value: {{ include "runtime.runtime-environment-spec.codefresh-host" . }}
{{- include (printf "%s.env-vars" $cfCommonTplSemver) (dict "Values" $values.env "context" .) | nindent 8 }}
volumeMounts:
- name: config
mountPath: /usr/share/extras/runtime.yaml
subPath: runtime.yaml
{{- with $values.nodeSelector }}
nodeSelector:
{{- toYaml . | nindent 8 }}
{{- end }}
{{- with $values.affinity }}
affinity:
{{- toYaml . | nindent 8 }}
{{- end }}
{{- with $values.tolerations }}
tolerations:
{{- toYaml . | nindent 6 }}
{{- end }}
restartPolicy: OnFailure
volumes:
- name: config
configMap:
name: {{ include "runtime.fullname" . }}-spec
{{- end }}

37
charts/codefresh/cf-runtime/6.3.61/templates/hooks/post-install/rbac-gencerts-dind.yaml Normal file
View File

@ -0,0 +1,37 @@
{{ $cfCommonTplSemver := printf "cf-common-%s" (index .Subcharts "cf-common").Chart.Version }}
{{ $values := .Values.runtime.gencerts }}
{{- if and $values.enabled }}
---
apiVersion: v1
kind: ServiceAccount
metadata:
name: {{ include "runtime.fullname" . }}-gencerts-dind
namespace: {{ .Release.Namespace }}
---
apiVersion: rbac.authorization.k8s.io/v1
kind: Role
metadata:
name: {{ include "runtime.fullname" . }}-gencerts-dind
namespace: {{ .Release.Namespace }}
rules:
- apiGroups:
- ""
resources:
- secrets
- configmaps
verbs: ["get", "list", "watch", "create", "update", "patch", "delete"]
---
apiVersion: rbac.authorization.k8s.io/v1
kind: RoleBinding
metadata:
name: {{ include "runtime.fullname" . }}-gencerts-dind
namespace: {{ .Release.Namespace }}
roleRef:
apiGroup: rbac.authorization.k8s.io
kind: Role
name: {{ include "runtime.fullname" . }}-gencerts-dind
subjects:
- kind: ServiceAccount
name: {{ include "runtime.fullname" . }}-gencerts-dind
namespace: {{ .Release.Namespace }}
{{ end }}

73
charts/codefresh/cf-runtime/6.3.61/templates/hooks/pre-delete/job-cleanup-resources.yaml Normal file
View File

@ -0,0 +1,73 @@
{{ $cfCommonTplSemver := printf "cf-common-%s" (index .Subcharts "cf-common").Chart.Version }}
{{ $values := .Values.runtime.patch }}
{{- if and $values.enabled }}
---
apiVersion: batch/v1
kind: Job
metadata:
name: {{ include "runtime.fullname" . }}-cleanup
labels:
{{- include "runtime.labels" . | nindent 4 }}
annotations:
helm.sh/hook: pre-delete
helm.sh/hook-delete-policy: hook-succeeded,before-hook-creation
{{- with $values.annotations }}
{{- toYaml . | nindent 4 }}
{{- end }}
spec:
{{- with $values.ttlSecondsAfterFinished }}
ttlSecondsAfterFinished: {{ . }}
{{- end }}
{{- with $values.backoffLimit }}
backoffLimit: {{ . | int }}
{{- end }}
template:
metadata:
name: {{ include "runtime.fullname" . }}-cleanup
labels:
{{- include "runtime.labels" . | nindent 8 }}
spec:
{{- if $values.rbac.enabled }}
serviceAccountName: {{ template "runtime.fullname" . }}-cleanup
{{- end }}
securityContext:
{{- toYaml $values.podSecurityContext | nindent 8 }}
containers:
- name: cleanup
image: {{ include (printf "%s.image.name" $cfCommonTplSemver ) (dict "image" $values.image "context" .) }}
imagePullPolicy: {{ $values.image.pullPolicy | default "Always" }}
command:
- "/bin/bash"
args:
- -ec
- | {{ .Files.Get "files/cleanup-runtime.sh" | nindent 10 }}
env:
- name: AGENT_NAME
value: {{ include "runtime.runtime-environment-spec.agent-name" . }}
- name: RUNTIME_NAME
value: {{ include "runtime.runtime-environment-spec.runtime-name" . }}
- name: API_HOST
value: {{ include "runtime.runtime-environment-spec.codefresh-host" . }}
- name: API_TOKEN
{{- include "runtime.installation-token-env-var-value" . | indent 10}}
- name: AGENT
value: {{ .Values.runtime.agent | quote }}
- name: AGENT_SECRET_NAME
value: {{ include "runner.fullname" . }}
- name: DIND_SECRET_NAME
value: codefresh-certs-server
{{- include (printf "%s.env-vars" $cfCommonTplSemver) (dict "Values" $values.env "context" .) | nindent 8 }}
{{- with $values.nodeSelector }}
nodeSelector:
{{- toYaml . | nindent 8 }}
{{- end }}
{{- with $values.affinity }}
affinity:
{{- toYaml . | nindent 8 }}
{{- end }}
{{- with $values.tolerations }}
tolerations:
{{- toYaml . | nindent 6 }}
{{- end }}
restartPolicy: OnFailure
{{- end }}

46
charts/codefresh/cf-runtime/6.3.61/templates/hooks/pre-delete/rbac-cleanup-resources.yaml Normal file
View File

@ -0,0 +1,46 @@
{{ $cfCommonTplSemver := printf "cf-common-%s" (index .Subcharts "cf-common").Chart.Version }}
{{ $values := .Values.runtime.patch }}
{{- if and $values.enabled }}
---
apiVersion: v1
kind: ServiceAccount
metadata:
name: {{ include "runtime.fullname" . }}-cleanup
namespace: {{ .Release.Namespace }}
annotations:
"helm.sh/hook": pre-delete
"helm.sh/hook-delete-policy": hook-succeeded,before-hook-creation,hook-failed
---
apiVersion: rbac.authorization.k8s.io/v1
kind: Role
metadata:
name: {{ include "runtime.fullname" . }}-cleanup
namespace: {{ .Release.Namespace }}
annotations:
"helm.sh/hook": pre-delete
"helm.sh/hook-delete-policy": hook-succeeded,before-hook-creation,hook-failed
rules:
- apiGroups:
- "*"
resources:
- "*"
verbs:
- "*"
---
apiVersion: rbac.authorization.k8s.io/v1
kind: RoleBinding
metadata:
name: {{ include "runtime.fullname" . }}-cleanup
namespace: {{ .Release.Namespace }}
annotations:
"helm.sh/hook": pre-delete
"helm.sh/hook-delete-policy": hook-succeeded,before-hook-creation,hook-failed
roleRef:
apiGroup: rbac.authorization.k8s.io
kind: Role
name: {{ include "runtime.fullname" . }}-cleanup
subjects:
- kind: ServiceAccount
name: {{ include "runtime.fullname" . }}-cleanup
namespace: {{ .Release.Namespace }}
{{ end }}

9
charts/codefresh/cf-runtime/6.3.61/templates/monitor/deployment.yaml Normal file
View File

@ -0,0 +1,9 @@
{{- $monitorContext := deepCopy . }}
{{- $_ := set $monitorContext "Values" (get .Values "monitor") }}
{{- $_ := set $monitorContext.Values "global" (get .Values "global") }}
{{- $_ := set $monitorContext.Values "nameOverride" (get .Values "nameOverride") }}
{{- $_ := set $monitorContext.Values "fullnameOverride" (get .Values "fullnameOverride") }}
{{- if $monitorContext.Values.enabled }}
{{- include "monitor.resources.deployment" $monitorContext }}
{{- end }}

9
charts/codefresh/cf-runtime/6.3.61/templates/monitor/rbac.yaml Normal file
View File

@ -0,0 +1,9 @@
{{- $monitorContext := deepCopy . }}
{{- $_ := set $monitorContext "Values" (get .Values "monitor") }}
{{- $_ := set $monitorContext.Values "global" (get .Values "global") }}
{{- $_ := set $monitorContext.Values "nameOverride" (get .Values "nameOverride") }}
{{- $_ := set $monitorContext.Values "fullnameOverride" (get .Values "fullnameOverride") }}
{{- if $monitorContext.Values.enabled }}
{{- include "monitor.resources.rbac" $monitorContext }}
{{- end }}

9
charts/codefresh/cf-runtime/6.3.61/templates/monitor/service.yaml Normal file
View File

@ -0,0 +1,9 @@
{{- $monitorContext := deepCopy . }}
{{- $_ := set $monitorContext "Values" (get .Values "monitor") }}
{{- $_ := set $monitorContext.Values "global" (get .Values "global") }}
{{- $_ := set $monitorContext.Values "nameOverride" (get .Values "nameOverride") }}
{{- $_ := set $monitorContext.Values "fullnameOverride" (get .Values "fullnameOverride") }}
{{- if $monitorContext.Values.enabled }}
{{- include "monitor.resources.service" $monitorContext }}
{{- end }}

2
charts/codefresh/cf-runtime/6.3.61/templates/other/external-secrets.yaml Normal file
View File

@ -0,0 +1,2 @@
{{ $templateName := printf "cf-common-%s.external-secrets" (index .Subcharts "cf-common").Chart.Version }}
{{- include $templateName . -}}

2
charts/codefresh/cf-runtime/6.3.61/templates/other/podMonitor.yaml Normal file
View File

@ -0,0 +1,2 @@
{{ $templateName := printf "cf-common-%s.podMonitor" (index .Subcharts "cf-common").Chart.Version }}
{{- include $templateName . -}}

2
charts/codefresh/cf-runtime/6.3.61/templates/other/serviceMonitor.yaml Normal file
View File

@ -0,0 +1,2 @@
{{ $templateName := printf "cf-common-%s.serviceMonitor" (index .Subcharts "cf-common").Chart.Version }}
{{- include $templateName . -}}

9
charts/codefresh/cf-runtime/6.3.61/templates/runner/deployment.yaml Normal file
View File

@ -0,0 +1,9 @@
{{- $runnerContext := deepCopy . }}
{{- $_ := set $runnerContext "Values" (get .Values "runner") }}
{{- $_ := set $runnerContext.Values "global" (get .Values "global") }}
{{- $_ := set $runnerContext.Values "nameOverride" (get .Values "nameOverride") }}
{{- $_ := set $runnerContext.Values "fullnameOverride" (get .Values "fullnameOverride") }}
{{- if and $runnerContext.Values.enabled .Values.runtime.agent }}
{{- include "runner.resources.deployment" $runnerContext }}
{{- end }}

9
charts/codefresh/cf-runtime/6.3.61/templates/runner/rbac.yaml Normal file
View File

@ -0,0 +1,9 @@
{{- $runnerContext := deepCopy . }}
{{- $_ := set $runnerContext "Values" (get .Values "runner") }}
{{- $_ := set $runnerContext.Values "global" (get .Values "global") }}
{{- $_ := set $runnerContext.Values "nameOverride" (get .Values "nameOverride") }}
{{- $_ := set $runnerContext.Values "fullnameOverride" (get .Values "fullnameOverride") }}
{{- if and $runnerContext.Values.enabled .Values.runtime.agent }}
{{- include "runner.resources.rbac" $runnerContext }}
{{- end }}

123
charts/codefresh/cf-runtime/6.3.61/templates/runtime/_helpers.tpl Normal file
View File

@ -0,0 +1,123 @@
{{/*
Expand the name of the chart.
*/}}
{{- define "runtime.name" -}}
{{- printf "%s" (include "cf-runtime.name" .) | trunc 63 | trimSuffix "-" }}
{{- end }}
{{/*
Create a default fully qualified app name.
We truncate at 63 chars because some Kubernetes name fields are limited to this (by the DNS naming spec).
If release name contains chart name it will be used as a full name.
*/}}
{{- define "runtime.fullname" -}}
{{- printf "%s" (include "cf-runtime.fullname" .) | trunc 63 | trimSuffix "-" }}
{{- end }}
{{/*
Common labels
*/}}
{{- define "runtime.labels" -}}
{{ include "cf-runtime.labels" . }}
codefresh.io/application: runtime
{{- end }}
{{/*
Selector labels
*/}}
{{- define "runtime.selectorLabels" -}}
{{ include "cf-runtime.selectorLabels" . }}
codefresh.io/application: runtime
{{- end }}
{{/*
Return runtime image (classic runtime) with private registry prefix
*/}}
{{- define "runtime.runtimeImageName" -}}
{{- if .registry -}}
{{- $imageName := (trimPrefix "quay.io/" .imageFullName) -}}
{{- printf "%s/%s" .registry $imageName -}}
{{- else -}}
{{- printf "%s" .imageFullName -}}
{{- end -}}
{{- end -}}
{{/*
Environment variable value of Codefresh installation token
*/}}
{{- define "runtime.installation-token-env-var-value" -}}
{{- if .Values.global.codefreshToken }}
valueFrom:
secretKeyRef:
name: {{ include "runtime.installation-token-secret-name" . }}
key: codefresh-api-token
{{- else if .Values.global.codefreshTokenSecretKeyRef }}
valueFrom:
secretKeyRef:
{{- .Values.global.codefreshTokenSecretKeyRef | toYaml | nindent 4 }}
{{- end }}
{{- end }}
{{/*
Environment variable value of Codefresh agent token
*/}}
{{- define "runtime.agent-token-env-var-value" -}}
{{- if .Values.global.agentToken }}
{{- printf "%s" .Values.global.agentToken | toYaml }}
{{- else if .Values.global.agentTokenSecretKeyRef }}
valueFrom:
secretKeyRef:
{{- .Values.global.agentTokenSecretKeyRef | toYaml | nindent 4 }}
{{- end }}
{{- end }}
{{/*
Print Codefresh API token secret name
*/}}
{{- define "runtime.installation-token-secret-name" }}
{{- print "codefresh-user-token" }}
{{- end }}
{{/*
Print Codefresh host
*/}}
{{- define "runtime.runtime-environment-spec.codefresh-host" }}
{{- if and (not .Values.global.codefreshHost) }}
{{- fail "ERROR: .global.codefreshHost is required" }}
{{- else }}
{{- printf "%s" (trimSuffix "/" .Values.global.codefreshHost) }}
{{- end }}
{{- end }}
{{/*
Print runtime-environment name
*/}}
{{- define "runtime.runtime-environment-spec.runtime-name" }}
{{- if and (not .Values.global.runtimeName) }}
{{- printf "%s/%s" .Values.global.context .Release.Namespace }}
{{- else }}
{{- printf "%s" .Values.global.runtimeName }}
{{- end }}
{{- end }}
{{/*
Print agent name
*/}}
{{- define "runtime.runtime-environment-spec.agent-name" }}
{{- if and (not .Values.global.agentName) }}
{{- printf "%s_%s" .Values.global.context .Release.Namespace }}
{{- else }}
{{- printf "%s" .Values.global.agentName }}
{{- end }}
{{- end }}
{{/*
Print context
*/}}
{{- define "runtime.runtime-environment-spec.context-name" }}
{{- if and (not .Values.global.context) }}
{{- fail "ERROR: .global.context is required" }}
{{- else }}
{{- printf "%s" .Values.global.context }}
{{- end }}
{{- end }}

10
charts/codefresh/cf-runtime/6.3.61/templates/runtime/cm-dind-daemon.yaml Normal file
View File

@ -0,0 +1,10 @@
apiVersion: v1
kind: ConfigMap
metadata:
{{- /* has to be a constant */}}
name: codefresh-dind-config
labels:
{{- include "runtime.labels" . | nindent 4 }}
data:
daemon.json: |
{{ coalesce .Values.re.dindDaemon .Values.runtime.dindDaemon | toPrettyJson | indent 4 }}

48
charts/codefresh/cf-runtime/6.3.61/templates/runtime/rbac.yaml Normal file
View File

@ -0,0 +1,48 @@
{{ $values := .Values.runtime }}
---
{{- if or $values.serviceAccount.create }}
apiVersion: v1
kind: ServiceAccount
metadata:
{{- /* has to be a constant */}}
name: codefresh-engine
labels:
{{- include "runtime.labels" . | nindent 4 }}
{{- with $values.serviceAccount.annotations }}
annotations:
{{- toYaml . | nindent 4 }}
{{- end }}
{{- end }}
---
{{- if $values.rbac.create }}
kind: Role
apiVersion: rbac.authorization.k8s.io/v1
metadata:
name: codefresh-engine
labels:
{{- include "runner.labels" . | nindent 4 }}
rules:
- apiGroups: [ "" ]
resources: [ "secrets" ]
verbs: [ "get" ]
{{- with $values.rbac.rules }}
{{ toYaml . | nindent 2 }}
{{- end }}
{{- end }}
---
{{- if and $values.serviceAccount.create $values.rbac.create }}
kind: RoleBinding
apiVersion: rbac.authorization.k8s.io/v1
metadata:
name: codefresh-engine
labels:
{{- include "runner.labels" . | nindent 4 }}
subjects:
- kind: ServiceAccount
name: codefresh-engine
roleRef:
kind: Role
name: codefresh-engine
apiGroup: rbac.authorization.k8s.io
{{- end }}

211
charts/codefresh/cf-runtime/6.3.61/templates/runtime/runtime-env-spec-tmpl.yaml Normal file
View File

@ -0,0 +1,211 @@
{{- define "runtime.runtime-environment-spec.template" }}
{{- $cfCommonTplSemver := printf "cf-common-%s" (index .Subcharts "cf-common").Chart.Version -}}
{{- $kubeconfigFilePath := (include "runtime.runtime-environment-spec.runtime-name" .) -}}
{{- $name := (include "runtime.runtime-environment-spec.runtime-name" .) -}}
{{- $engineContext := .Values.runtime.engine -}}
{{- $dindContext := .Values.runtime.dind -}}
{{- $imageRegistry := .Values.global.imageRegistry -}}
metadata:
name: {{ include "runtime.runtime-environment-spec.runtime-name" . }}
agent: {{ .Values.runtime.agent }}
runtimeScheduler:
type: KubernetesPod
{{- if $engineContext.image }}
image: {{ include (printf "%s.image.name" $cfCommonTplSemver ) (dict "image" $engineContext.image "context" .) | squote }}
{{- end }}
imagePullPolicy: {{ $engineContext.image.pullPolicy }}
{{- with $engineContext.command }}
command: {{- toYaml . | nindent 4 }}
{{- end }}
envVars:
{{- with $engineContext.env }}
{{- range $key, $val := . }}
{{- if or (kindIs "bool" $val) (kindIs "int" $val) (kindIs "float64" $val) }}
{{ $key }}: {{ $val | squote }}
{{- else }}
{{ $key }}: {{ $val }}
{{- end }}
{{- end }}
{{- end }}
COMPOSE_IMAGE: {{ include "runtime.runtimeImageName" (dict "registry" $imageRegistry "imageFullName" $engineContext.runtimeImages.COMPOSE_IMAGE) | squote }}
CONTAINER_LOGGER_IMAGE: {{ include "runtime.runtimeImageName" (dict "registry" $imageRegistry "imageFullName" $engineContext.runtimeImages.CONTAINER_LOGGER_IMAGE) | squote }}
DOCKER_BUILDER_IMAGE: {{ include "runtime.runtimeImageName" (dict "registry" $imageRegistry "imageFullName" $engineContext.runtimeImages.DOCKER_BUILDER_IMAGE) | squote }}
DOCKER_PULLER_IMAGE: {{ include "runtime.runtimeImageName" (dict "registry" $imageRegistry "imageFullName" $engineContext.runtimeImages.DOCKER_PULLER_IMAGE) | squote }}
DOCKER_PUSHER_IMAGE: {{ include "runtime.runtimeImageName" (dict "registry" $imageRegistry "imageFullName" $engineContext.runtimeImages.DOCKER_PUSHER_IMAGE) | squote }}
DOCKER_TAG_PUSHER_IMAGE: {{ include "runtime.runtimeImageName" (dict "registry" $imageRegistry "imageFullName" $engineContext.runtimeImages.DOCKER_TAG_PUSHER_IMAGE) | squote }}
FS_OPS_IMAGE: {{ include "runtime.runtimeImageName" (dict "registry" $imageRegistry "imageFullName" $engineContext.runtimeImages.FS_OPS_IMAGE) | squote }}
GIT_CLONE_IMAGE: {{ include "runtime.runtimeImageName" (dict "registry" $imageRegistry "imageFullName" $engineContext.runtimeImages.GIT_CLONE_IMAGE) | squote }}
KUBE_DEPLOY: {{ include "runtime.runtimeImageName" (dict "registry" $imageRegistry "imageFullName" $engineContext.runtimeImages.KUBE_DEPLOY) | squote }}
PIPELINE_DEBUGGER_IMAGE: {{ include "runtime.runtimeImageName" (dict "registry" $imageRegistry "imageFullName" $engineContext.runtimeImages.PIPELINE_DEBUGGER_IMAGE) | squote }}
TEMPLATE_ENGINE: {{ include "runtime.runtimeImageName" (dict "registry" $imageRegistry "imageFullName" $engineContext.runtimeImages.TEMPLATE_ENGINE) | squote }}
CR_6177_FIXER: {{ include "runtime.runtimeImageName" (dict "registry" $imageRegistry "imageFullName" $engineContext.runtimeImages.CR_6177_FIXER) | squote }}
GC_BUILDER_IMAGE: {{ include "runtime.runtimeImageName" (dict "registry" $imageRegistry "imageFullName" $engineContext.runtimeImages.GC_BUILDER_IMAGE) | squote }}
COSIGN_IMAGE_SIGNER_IMAGE: {{ include "runtime.runtimeImageName" (dict "registry" $imageRegistry "imageFullName" $engineContext.runtimeImages.COSIGN_IMAGE_SIGNER_IMAGE) | squote }}
{{- with $engineContext.userEnvVars }}
userEnvVars: {{- toYaml . | nindent 4 }}
{{- end }}
{{- with $engineContext.workflowLimits }}
workflowLimits: {{- toYaml . | nindent 4 }}
{{- end }}
cluster:
namespace: {{ .Release.Namespace }}
serviceAccount: {{ $engineContext.serviceAccount }}
{{- if .Values.runtime.agent }}
clusterProvider:
accountId: {{ .Values.global.accountId }}
selector: {{ include "runtime.runtime-environment-spec.context-name" . }}
{{- else }}
{{- if .Values.runtime.inCluster }}
inCluster: true
kubeconfigFilePath: null
{{- else }}
name: {{ $name }}
kubeconfigFilePath: {{ printf "/etc/kubeconfig/%s" $kubeconfigFilePath }}
{{- end }}
{{- end }}
{{- with $engineContext.nodeSelector }}
nodeSelector: {{- toYaml . | nindent 6 }}
{{- end }}
{{- with $engineContext.affinity }}
affinity: {{- toYaml . | nindent 4 }}
{{- end }}
{{- with $engineContext.tolerations }}
tolerations: {{- toYaml . | nindent 4 }}
{{- end }}
{{- with $engineContext.podAnnotations }}
annotations:
{{- range $key, $val := . }}
{{ $key }}: {{ $val | squote }}
{{- end }}
{{- end }}
{{- with $engineContext.podLabels }}
labels: {{- toYaml . | nindent 4 }}
{{- end }}
{{- if $engineContext.schedulerName }}
schedulerName: {{ $engineContext.schedulerName }}
{{- end }}
resources:
{{- if $engineContext.resources}}
{{- toYaml $engineContext.resources | nindent 4 }}
{{- end }}
dockerDaemonScheduler:
type: DindKubernetesPod
{{- if $dindContext.image }}
dindImage: {{ include (printf "%s.image.name" $cfCommonTplSemver ) (dict "image" $dindContext.image "context" .) | squote }}
{{- end }}
imagePullPolicy: {{ $dindContext.image.pullPolicy }}
{{- with $dindContext.userAccess }}
userAccess: {{ . }}
{{- end }}
{{- with $dindContext.env }}
envVars:
{{- range $key, $val := . }}
{{- if or (kindIs "bool" $val) (kindIs "int" $val) (kindIs "float64" $val) }}
{{ $key }}: {{ $val | squote }}
{{- else }}
{{ $key }}: {{ $val }}
{{- end }}
{{- end }}
{{- end }}
cluster:
namespace: {{ .Release.Namespace }}
serviceAccount: {{ $dindContext.serviceAccount }}
{{- if .Values.runtime.agent }}
clusterProvider:
accountId: {{ .Values.global.accountId }}
selector: {{ include "runtime.runtime-environment-spec.context-name" . }}
{{- else }}
{{- if .Values.runtime.inCluster }}
inCluster: true
kubeconfigFilePath: null
{{- else }}
name: {{ $name }}
kubeconfigFilePath: {{ printf "/etc/kubeconfig/%s" $kubeconfigFilePath }}
{{- end }}
{{- end }}
{{- with $dindContext.nodeSelector }}
nodeSelector: {{- toYaml . | nindent 6 }}
{{- end }}
{{- with $dindContext.affinity }}
affinity: {{- toYaml . | nindent 4 }}
{{- end }}
{{- with $dindContext.tolerations }}
tolerations: {{- toYaml . | nindent 4 }}
{{- end }}
{{- with $dindContext.podAnnotations }}
annotations:
{{- range $key, $val := . }}
{{ $key }}: {{ $val | squote }}
{{- end }}
{{- end }}
{{- with $dindContext.podLabels }}
labels: {{- toYaml . | nindent 4 }}
{{- end }}
{{- if $dindContext.schedulerName }}
schedulerName: {{ $dindContext.schedulerName }}
{{- end }}
{{- if $dindContext.pvcs }}
pvcs:
{{- range $index, $pvc := $dindContext.pvcs }}
- name: {{ $pvc.name }}
reuseVolumeSelector: {{ $pvc.reuseVolumeSelector | squote }}
reuseVolumeSortOrder: {{ $pvc.reuseVolumeSortOrder }}
storageClassName: {{ include (printf "%v.tplrender" $cfCommonTplSemver) (dict "Values" $pvc.storageClassName "context" $) }}
volumeSize: {{ $pvc.volumeSize }}
{{- with $pvc.annotations }}
annotations: {{ . | toYaml | nindent 8 }}
{{- end }}
{{- end }}
{{- end }}
defaultDindResources:
{{- with $dindContext.resources }}
{{- if not .requests }}
limits: {{- toYaml .limits | nindent 6 }}
requests: null
{{- else }}
{{- toYaml . | nindent 4 }}
{{- end }}
{{- end }}
{{- with $dindContext.terminationGracePeriodSeconds }}
terminationGracePeriodSeconds: {{ . }}
{{- end }}
{{- with $dindContext.userVolumeMounts }}
userVolumeMounts: {{- toYaml . | nindent 4 }}
{{- end }}
{{- with $dindContext.userVolumes }}
userVolumes: {{- toYaml . | nindent 4 }}
{{- end }}
{{- if and (not .Values.runtime.agent) }}
clientCertPath: /etc/ssl/cf/
volumeMounts:
codefresh-certs-server:
name: codefresh-certs-server
mountPath: /etc/ssl/cf
readOnly: false
volumes:
codefresh-certs-server:
name: codefresh-certs-server
secret:
secretName: codefresh-certs-server
{{- end }}
extends: {{- toYaml .Values.runtime.runtimeExtends | nindent 2 }}
{{- if .Values.runtime.description }}
description: {{ .Values.runtime.description }}
{{- else }}
description: null
{{- end }}
{{- if .Values.global.accountId }}
accountId: {{ .Values.global.accountId }}
{{- end }}
{{- if not .Values.runtime.agent }}
accounts: {{- toYaml .Values.runtime.accounts | nindent 2 }}
{{- end }}
{{- if .Values.appProxy.enabled }}
appProxy:
externalIP: >-
{{ printf "https://%s%s" .Values.appProxy.ingress.host (.Values.appProxy.ingress.pathPrefix | default "/") }}
{{- end }}
{{- if not .Values.runtime.agent }}
systemHybrid: true
{{- end }}
{{- end }}

11
charts/codefresh/cf-runtime/6.3.61/templates/runtime/secret.yaml Normal file
View File

@ -0,0 +1,11 @@
{{- if and .Values.global.codefreshToken }}
apiVersion: v1
kind: Secret
type: Opaque
metadata:
name: {{ include "runtime.installation-token-secret-name" . }}
labels:
{{- include "runtime.labels" . | nindent 4 }}
stringData:
codefresh-api-token: {{ .Values.global.codefreshToken }}
{{- end }}

16
charts/codefresh/cf-runtime/6.3.61/templates/runtime/svc-dind.yaml Normal file
View File

@ -0,0 +1,16 @@
apiVersion: v1
kind: Service
metadata:
labels:
{{- include "runtime.labels" . | nindent 4 }}
app: dind
{{/* has to be a constant */}}
name: dind
spec:
ports:
- name: "dind-port"
port: 1300
protocol: TCP
clusterIP: None
selector:
app: dind

11
charts/codefresh/cf-runtime/6.3.61/templates/volume-provisioner/cronjob.yaml Normal file
View File

@ -0,0 +1,11 @@
{{- $volumeProvisionerContext := deepCopy . }}
{{- $_ := set $volumeProvisionerContext "Values" (get .Values.volumeProvisioner "dind-volume-cleanup") }}
{{- $_ := set $volumeProvisionerContext.Values "serviceAccount" (get .Values.volumeProvisioner "serviceAccount") }}
{{- $_ := set $volumeProvisionerContext.Values "global" (get .Values "global") }}
{{- $_ := set $volumeProvisionerContext.Values "storage" (get .Values "storage") }}
{{- $_ := set $volumeProvisionerContext.Values "nameOverride" (get .Values "nameOverride") }}
{{- $_ := set $volumeProvisionerContext.Values "fullnameOverride" (get .Values "fullnameOverride") }}
{{- if and $volumeProvisionerContext.Values.enabled .Values.volumeProvisioner.enabled }}
{{- include "dind-volume-provisioner.resources.cronjob" $volumeProvisionerContext }}
{{- end }}

11
charts/codefresh/cf-runtime/6.3.61/templates/volume-provisioner/daemonset.yaml Normal file
View File

@ -0,0 +1,11 @@
{{- $volumeProvisionerContext := deepCopy . }}
{{- $_ := set $volumeProvisionerContext "Values" (get .Values.volumeProvisioner "dind-lv-monitor") }}
{{- $_ := set $volumeProvisionerContext.Values "serviceAccount" (get .Values.volumeProvisioner "serviceAccount") }}
{{- $_ := set $volumeProvisionerContext.Values "global" (get .Values "global") }}
{{- $_ := set $volumeProvisionerContext.Values "storage" (get .Values "storage") }}
{{- $_ := set $volumeProvisionerContext.Values "nameOverride" (get .Values "nameOverride") }}
{{- $_ := set $volumeProvisionerContext.Values "fullnameOverride" (get .Values "fullnameOverride") }}
{{- if and $volumeProvisionerContext.Values.enabled .Values.volumeProvisioner.enabled }}
{{- include "dind-volume-provisioner.resources.daemonset" $volumeProvisionerContext }}
{{- end }}

10
charts/codefresh/cf-runtime/6.3.61/templates/volume-provisioner/deployment.yaml Normal file
View File

@ -0,0 +1,10 @@
{{- $volumeProvisionerContext := deepCopy . }}
{{- $_ := set $volumeProvisionerContext "Values" (get .Values "volumeProvisioner") }}
{{- $_ := set $volumeProvisionerContext.Values "global" (get .Values "global") }}
{{- $_ := set $volumeProvisionerContext.Values "storage" (get .Values "storage") }}
{{- $_ := set $volumeProvisionerContext.Values "nameOverride" (get .Values "nameOverride") }}
{{- $_ := set $volumeProvisionerContext.Values "fullnameOverride" (get .Values "fullnameOverride") }}
{{- if $volumeProvisionerContext.Values.enabled }}
{{- include "dind-volume-provisioner.resources.deployment" $volumeProvisionerContext }}
{{- end }}

9
charts/codefresh/cf-runtime/6.3.61/templates/volume-provisioner/rbac.yaml Normal file
View File

@ -0,0 +1,9 @@
{{- $volumeProvisionerContext := deepCopy . }}
{{- $_ := set $volumeProvisionerContext "Values" (get .Values "volumeProvisioner") }}
{{- $_ := set $volumeProvisionerContext.Values "global" (get .Values "global") }}
{{- $_ := set $volumeProvisionerContext.Values "nameOverride" (get .Values "nameOverride") }}
{{- $_ := set $volumeProvisionerContext.Values "fullnameOverride" (get .Values "fullnameOverride") }}
{{- if $volumeProvisionerContext.Values.enabled }}
{{- include "dind-volume-provisioner.resources.rbac" $volumeProvisionerContext }}
{{- end }}

10
charts/codefresh/cf-runtime/6.3.61/templates/volume-provisioner/secret.yaml Normal file
View File

@ -0,0 +1,10 @@
{{- $volumeProvisionerContext := deepCopy . }}
{{- $_ := set $volumeProvisionerContext "Values" (get .Values "volumeProvisioner") }}
{{- $_ := set $volumeProvisionerContext.Values "global" (get .Values "global") }}
{{- $_ := set $volumeProvisionerContext.Values "storage" (get .Values "storage") }}
{{- $_ := set $volumeProvisionerContext.Values "nameOverride" (get .Values "nameOverride") }}
{{- $_ := set $volumeProvisionerContext.Values "fullnameOverride" (get .Values "fullnameOverride") }}
{{- if $volumeProvisionerContext.Values.enabled }}
{{- include "dind-volume-provisioner.resources.secret" $volumeProvisionerContext }}
{{- end }}

10
charts/codefresh/cf-runtime/6.3.61/templates/volume-provisioner/storageclass.yaml Normal file
View File

@ -0,0 +1,10 @@
{{- $volumeProvisionerContext := deepCopy . }}
{{- $_ := set $volumeProvisionerContext "Values" (get .Values "volumeProvisioner") }}
{{- $_ := set $volumeProvisionerContext.Values "global" (get .Values "global") }}
{{- $_ := set $volumeProvisionerContext.Values "storage" (get .Values "storage") }}
{{- $_ := set $volumeProvisionerContext.Values "nameOverride" (get .Values "nameOverride") }}
{{- $_ := set $volumeProvisionerContext.Values "fullnameOverride" (get .Values "fullnameOverride") }}
{{- if $volumeProvisionerContext.Values.enabled }}
{{- include "dind-volume-provisioner.resources.storageclass" $volumeProvisionerContext }}
{{- end }}

947
charts/codefresh/cf-runtime/6.3.61/values.yaml Normal file
View File

@ -0,0 +1,947 @@
# -- String to partially override cf-runtime.fullname template (will maintain the release name)
nameOverride: ""
# -- String to fully override cf-runtime.fullname template
fullnameOverride: ""
# -- Global parameters
# @default -- See below
global:
# -- Global Docker image registry
imageRegistry: ""
# -- Global Docker registry secret names as array
imagePullSecrets: []
# -- URL of Codefresh Platform (required!)
codefreshHost: "https://g.codefresh.io"
# -- User token in plain text (required if `global.codefreshTokenSecretKeyRef` is omitted!)
# Ref: https://g.codefresh.io/user/settings (see API Keys)
# Minimal API key scopes: Runner-Installation(read+write), Agent(read+write), Agents(read+write)
codefreshToken: ""
# -- User token that references an existing secret containing API key (required if `global.codefreshToken` is omitted!)
codefreshTokenSecretKeyRef: {}
# E.g.
# codefreshTokenSecretKeyRef:
# name: my-codefresh-api-token
# key: codefresh-api-token
# -- Account ID (required!)
# Can be obtained here https://g.codefresh.io/2.0/account-settings/account-information
accountId: ""
# -- K8s context name (required!)
context: ""
# E.g.
# context: prod-ue1-runtime-1
# -- Agent Name (optional!)
# If omitted, the following format will be used `{{ .Values.global.context }}_{{ .Release.Namespace }}`
agentName: ""
# E.g.
# agentName: prod-ue1-runtime-1
# -- Runtime name (optional!)
# If omitted, the following format will be used `{{ .Values.global.context }}/{{ .Release.Namespace }}`
runtimeName: ""
# E.g.
# runtimeName: prod-ue1-runtime-1/namespace
# -- DEPRECATED Agent token in plain text.
# !!! MUST BE provided if migrating from < 6.x chart version
agentToken: ""
# -- DEPRECATED Agent token that references an existing secret containing API key.
# !!! MUST BE provided if migrating from < 6.x chart version
agentTokenSecretKeyRef: {}
# E.g.
# agentTokenSecretKeyRef:
# name: my-codefresh-agent-secret
# key: codefresh-agent-token
# DEPRECATED -- Use `.Values.global.imageRegistry` instead
dockerRegistry: ""
# DEPRECATED -- Use `.Values.runtime` instead
re: {}
# -- Runner parameters
# @default -- See below
runner:
# -- Enable the runner
enabled: true
# -- Set number of pods
replicasCount: 1
# -- Upgrade strategy
updateStrategy:
type: RollingUpdate
# -- Set pod annotations
podAnnotations: {}
# -- Set image
image:
registry: quay.io
repository: codefresh/venona
tag: 1.10.2
# -- Init container
init:
image:
registry: quay.io
repository: codefresh/cli
tag: 0.85.0-rootless
resources:
limits:
memory: 512Mi
cpu: '1'
requests:
memory: 256Mi
cpu: '0.2'
# -- Sidecar container
# Reconciles runtime spec from Codefresh API for drift detection
sidecar:
enabled: false
image:
registry: quay.io
repository: codefresh/codefresh-shell
tag: 0.0.2
env:
RECONCILE_INTERVAL: 300
resources: {}
# -- Add additional env vars
env: {}
# E.g.
# env:
# WORKFLOW_CONCURRENCY: 50 # The number of workflow creation and termination tasks the Runner can handle in parallel. Defaults to 50
# -- Service Account parameters
serviceAccount:
# -- Create service account
create: true
# -- Override service account name
name: ""
# -- Additional service account annotations
annotations: {}
# -- RBAC parameters
rbac:
# -- Create RBAC resources
create: true
# -- Add custom rule to the role
rules: []
# -- Set security context for the pod
# @default -- See below
podSecurityContext:
enabled: true
runAsUser: 10001
runAsGroup: 10001
fsGroup: 10001
# -- Readiness probe configuration
# @default -- See below
readinessProbe:
failureThreshold: 5
initialDelaySeconds: 5
periodSeconds: 5
successThreshold: 1
timeoutSeconds: 5
# -- Set requests and limits
resources: {}
# -- Set node selector
nodeSelector: {}
# -- Set tolerations
tolerations: []
# -- Set affinity
affinity: {}
# -- Volume Provisioner parameters
# @default -- See below
volumeProvisioner:
# -- Enable volume-provisioner
enabled: true
# -- Set number of pods
replicasCount: 1
# -- Upgrade strategy
updateStrategy:
type: Recreate
# -- Set pod annotations
podAnnotations: {}
# -- Set image
image:
registry: quay.io
repository: codefresh/dind-volume-provisioner
tag: 1.35.0
# -- Add additional env vars
env: {}
# E.g.
# env:
# THREADINESS: 4 # The number of PVC requests the dind-volume-provisioner can process in parallel. Defaults to 4
# -- Service Account parameters
serviceAccount:
# -- Create service account
create: true
# -- Override service account name
name: ""
# -- Additional service account annotations
annotations: {}
# E.g.
# serviceAccount:
# annotations:
# eks.amazonaws.com/role-arn: "arn:aws:iam::<ACCOUNT_ID>:role/<IAM_ROLE_NAME>"
# -- RBAC parameters
rbac:
# -- Create RBAC resources
create: true
# -- Add custom rule to the role
rules: []
# -- Set security context for the pod
# @default -- See below
podSecurityContext:
enabled: true
runAsUser: 3000
runAsGroup: 3000
fsGroup: 3000
# -- Set node selector
nodeSelector: {}
# -- Set resources
resources: {}
# -- Set tolerations
tolerations: []
# -- Set affinity
affinity: {}
# -- `dind-lv-monitor` DaemonSet parameters
# (local volumes cleaner)
# @default -- See below
dind-lv-monitor:
enabled: true
image:
registry: quay.io
repository: codefresh/dind-volume-utils
tag: 1.29.4
podAnnotations: {}
podSecurityContext:
enabled: true
runAsUser: 1000
fsGroup: 1000
containerSecurityContext: {}
env: {}
resources: {}
nodeSelector: {}
tolerations:
- key: 'codefresh/dind'
operator: 'Exists'
effect: 'NoSchedule'
volumePermissions:
enabled: true
image:
registry: docker.io
repository: alpine
tag: 3.18
resources: {}
securityContext:
runAsUser: 0 # auto
# `dind-volume-cleanup` CronJob parameters
# (external volumes cleaner)
# @default -- See below
dind-volume-cleanup:
enabled: true
image:
registry: quay.io
repository: codefresh/dind-volume-cleanup
tag: 1.2.0
env: {}
concurrencyPolicy: Forbid
schedule: "*/10 * * * *"
successfulJobsHistory: 3
failedJobsHistory: 1
suspend: false
podAnnotations: {}
podSecurityContext:
enabled: true
fsGroup: 3000
runAsGroup: 3000
runAsUser: 3000
nodeSelector: {}
affinity: {}
tolerations: []
# Storage parameters for volume-provisioner
# @default -- See below
storage:
# -- Set backend volume type (`local`/`ebs`/`ebs-csi`/`gcedisk`/`azuredisk`)
backend: local
# -- Set filesystem type (`ext4`/`xfs`)
fsType: "ext4"
# Storage parametrs example for local volumes on the K8S nodes filesystem (i.e. `storage.backend=local`)
# https://kubernetes.io/docs/concepts/storage/volumes/#local
# @default -- See below
local:
# -- Set volume path on the host filesystem
volumeParentDir: /var/lib/codefresh/dind-volumes
# Storage parameters example for aws ebs disks (i.e. `storage.backend=ebs`/`storage.backend=ebs-csi`)
# https://aws.amazon.com/ebs/
# https://codefresh.io/docs/docs/installation/codefresh-runner/#aws-backend-volume-configuration
# @default -- See below
ebs:
# -- Set EBS volume type (`gp2`/`gp3`/`io1`) (required)
volumeType: "gp2"
# -- Set EBS volumes availability zone (required)
availabilityZone: "us-east-1a"
# -- Enable encryption (optional)
encrypted: "false"
# -- Set KMS encryption key ID (optional)
kmsKeyId: ""
# -- Set AWS_ACCESS_KEY_ID for volume-provisioner (optional)
# Ref: https://codefresh.io/docs/docs/installation/codefresh-runner/#dind-volume-provisioner-permissions
accessKeyId: ""
# -- Existing secret containing AWS_ACCESS_KEY_ID.
accessKeyIdSecretKeyRef: {}
# E.g.
# accessKeyIdSecretKeyRef:
# name:
# key:
# -- Set AWS_SECRET_ACCESS_KEY for volume-provisioner (optional)
# Ref: https://codefresh.io/docs/docs/installation/codefresh-runner/#dind-volume-provisioner-permissions
secretAccessKey: ""
# -- Existing secret containing AWS_SECRET_ACCESS_KEY
secretAccessKeySecretKeyRef: {}
# E.g.
# secretAccessKeySecretKeyRef:
# name:
# key:
# E.g.
# ebs:
# volumeType: gp3
# availabilityZone: us-east-1c
# encrypted: false
# iops: "5000"
# # I/O operations per second. Only effetive when gp3 volume type is specified.
# # Default value - 3000.
# # Max - 16,000
# throughput: "500"
# # Throughput in MiB/s. Only effective when gp3 volume type is specified.
# # Default value - 125.
# # Max - 1000.
# ebs:
# volumeType: gp2
# availabilityZone: us-east-1c
# encrypted: true
# kmsKeyId: "1234abcd-12ab-34cd-56ef-1234567890ab"
# accessKeyId: "MYKEYID"
# secretAccessKey: "MYACCESSKEY"
# Storage parameters example for gce disks
# https://cloud.google.com/compute/docs/disks#pdspecs
# https://codefresh.io/docs/docs/installation/codefresh-runner/#gke-google-kubernetes-engine-backend-volume-configuration
# @default -- See below
gcedisk:
# -- Set GCP volume backend type (`pd-ssd`/`pd-standard`)
volumeType: "pd-ssd"
# -- Set GCP volume availability zone
availabilityZone: "us-west1-a"
# -- Set Google SA JSON key for volume-provisioner (optional)
serviceAccountJson: ""
# -- Existing secret containing containing Google SA JSON key for volume-provisioner (optional)
serviceAccountJsonSecretKeyRef: {}
# E.g.
# gcedisk:
# volumeType: pd-ssd
# availabilityZone: us-central1-c
# serviceAccountJson: |-
# {
# "type": "service_account",
# "project_id": "...",
# "private_key_id": "...",
# "private_key": "...",
# "client_email": "...",
# "client_id": "...",
# "auth_uri": "...",
# "token_uri": "...",
# "auth_provider_x509_cert_url": "...",
# "client_x509_cert_url": "..."
# }
# Storage parameters example for Azure Disks
# https://codefresh.io/docs/docs/installation/codefresh-runner/#install-codefresh-runner-on-azure-kubernetes-service-aks
# @default -- See below
azuredisk:
# -- Set storage type (`Premium_LRS`)
skuName: Premium_LRS
cachingMode: None
# availabilityZone: northeurope-1
# resourceGroup:
# DiskIOPSReadWrite: 500
# DiskMBpsReadWrite: 100
mountAzureJson: false
# -- Set runtime parameters
# @default -- See below
runtime:
# -- Set annotation on engine Service Account
# Ref: https://codefresh.io/docs/docs/administration/codefresh-runner/#injecting-aws-arn-roles-into-the-cluster
serviceAccount:
create: true
annotations: {}
# E.g.
# serviceAccount:
# annotations:
# eks.amazonaws.com/role-arn: "arn:aws:iam::<ACCOUNT_ID>:role/<IAM_ROLE_NAME>"
# -- Set parent runtime to inherit.
# Should not be changes. Parent runtime is controlled from Codefresh side.
runtimeExtends:
- system/default/hybrid/k8s_low_limits
# -- Runtime description
description: ""
# -- RBAC parameters
rbac:
# -- Create RBAC resources
create: true
# -- Add custom rule to the engine role
rules: []
# -- (for On-Premise only) Enable agent
agent: true
# -- (for On-Premise only) Set inCluster runtime
inCluster: true
# -- (for On-Premise only) Assign accounts to runtime (list of account ids)
accounts: []
# -- Parameters for DinD (docker-in-docker) pod (aka "runtime" pod).
dind:
# -- Set dind image.
image:
registry: quay.io
repository: codefresh/dind
tag: 26.1.4-1.28.7 # use `latest-rootless/rootless/26.1.4-1.28.7-rootless` tags for rootless-dind
pullPolicy: IfNotPresent
# -- Set dind resources.
resources:
requests: null
limits:
cpu: 400m
memory: 800Mi
# -- PV claim spec parametes.
pvcs:
# -- Default dind PVC parameters
dind:
# -- PVC name prefix.
# Keep `dind` as default! Don't change!
name: dind
# -- PVC storage class name.
# Change ONLY if you need to use storage class NOT from Codefresh volume-provisioner
storageClassName: '{{ include "dind-volume-provisioner.storageClassName" . }}'
# -- PVC size.
volumeSize: 16Gi
# -- PV reuse selector.
# Ref: https://codefresh.io/docs/docs/installation/codefresh-runner/#volume-reuse-policy
reuseVolumeSelector: codefresh-app,io.codefresh.accountName
reuseVolumeSortOrder: pipeline_id
# -- PV annotations.
annotations: {}
# E.g.:
# annotations:
# codefresh.io/volume-retention: 7d
# -- Set additional env vars.
env:
DOCKER_ENABLE_DEPRECATED_PULL_SCHEMA_1_IMAGE: true
# -- Set pod annotations.
podAnnotations: {}
# -- Set pod labels.
podLabels: {}
# -- Set node selector.
nodeSelector: {}
# -- Set affinity
affinity: {}
# -- Set tolerations.
tolerations: []
# -- Set scheduler name.
schedulerName: ""
# -- Set service account for pod.
serviceAccount: codefresh-engine
# -- Keep `true` as default!
userAccess: true
# -- Add extra volumes
userVolumes: {}
# E.g.:
# userVolumes:
# regctl-docker-registry:
# name: regctl-docker-registry
# secret:
# items:
# - key: .dockerconfigjson
# path: config.json
# secretName: regctl-docker-registry
# optional: true
# -- Add extra volume mounts
userVolumeMounts: {}
# E.g.:
# userVolumeMounts:
# regctl-docker-registry:
# name: regctl-docker-registry
# mountPath: /home/appuser/.docker/
# readOnly: true
# -- Parameters for Engine pod (aka "pipeline" orchestrator).
engine:
# -- Set image.
image:
registry: quay.io
repository: codefresh/engine
tag: 1.174.12
pullPolicy: IfNotPresent
# -- Set container command.
command:
- npm
- run
- start
# -- Set resources.
resources:
requests:
cpu: 100m
memory: 128Mi
limits:
cpu: 1000m
memory: 2048Mi
# -- Set system(base) runtime images.
# @default -- See below.
runtimeImages:
COMPOSE_IMAGE: quay.io/codefresh/compose:v2.28.1-1.5.0
CONTAINER_LOGGER_IMAGE: quay.io/codefresh/cf-container-logger:1.11.6
DOCKER_BUILDER_IMAGE: quay.io/codefresh/cf-docker-builder:1.3.13
DOCKER_PULLER_IMAGE: quay.io/codefresh/cf-docker-puller:8.0.17
DOCKER_PUSHER_IMAGE: quay.io/codefresh/cf-docker-pusher:6.0.16
DOCKER_TAG_PUSHER_IMAGE: quay.io/codefresh/cf-docker-tag-pusher:1.3.14
FS_OPS_IMAGE: quay.io/codefresh/fs-ops:1.2.3
GIT_CLONE_IMAGE: quay.io/codefresh/cf-git-cloner:10.1.28
KUBE_DEPLOY: quay.io/codefresh/cf-deploy-kubernetes:16.1.11
PIPELINE_DEBUGGER_IMAGE: quay.io/codefresh/cf-debugger:1.3.0
TEMPLATE_ENGINE: quay.io/codefresh/pikolo:0.14.1
CR_6177_FIXER: 'quay.io/codefresh/alpine:edge'
GC_BUILDER_IMAGE: 'quay.io/codefresh/cf-gc-builder:0.5.3'
COSIGN_IMAGE_SIGNER_IMAGE: 'quay.io/codefresh/cf-cosign-image-signer:2.4.0-cf.2'
# -- Set additional env vars.
env:
# -- Interval to check the exec status in the container-logger
CONTAINER_LOGGER_EXEC_CHECK_INTERVAL_MS: 1000
# -- Timeout while doing requests to the Docker daemon
DOCKER_REQUEST_TIMEOUT_MS: 30000
# -- If "true", composition images will be pulled sequentially
FORCE_COMPOSE_SERIAL_PULL: false
# -- Level of logging for engine
LOGGER_LEVEL: debug
# -- Enable debug-level logging of outgoing HTTP/HTTPS requests
LOG_OUTGOING_HTTP_REQUESTS: false
# -- Enable emitting metrics from engine
METRICS_PROMETHEUS_ENABLED: true
# -- Enable legacy metrics
METRICS_PROMETHEUS_ENABLE_LEGACY_METRICS: false
# -- Enable collecting process metrics
METRICS_PROMETHEUS_COLLECT_PROCESS_METRICS: false
# -- Host for Prometheus metrics server
METRICS_PROMETHEUS_HOST: '0.0.0.0'
# -- Port for Prometheus metrics server
METRICS_PROMETHEUS_PORT: 9100
# -- Set workflow limits.
workflowLimits:
# -- Maximum time allowed to the engine to wait for the pre-steps (aka "Initializing Process") to succeed; seconds.
MAXIMUM_ALLOWED_TIME_BEFORE_PRE_STEPS_SUCCESS: 600
# -- Maximum time for workflow execution; seconds.
MAXIMUM_ALLOWED_WORKFLOW_AGE_BEFORE_TERMINATION: 86400
# -- Maximum time allowed to workflow to spend in "elected" state; seconds.
MAXIMUM_ELECTED_STATE_AGE_ALLOWED: 900
# -- Maximum retry attempts allowed for workflow.
MAXIMUM_RETRY_ATTEMPTS_ALLOWED: 20
# -- Maximum time allowed to workflow to spend in "terminating" state until force terminated; seconds.
MAXIMUM_TERMINATING_STATE_AGE_ALLOWED: 900
# -- Maximum time allowed to workflow to spend in "terminating" state without logs activity until force terminated; seconds.
MAXIMUM_TERMINATING_STATE_AGE_ALLOWED_WITHOUT_UPDATE: 300
# -- Time since the last health check report after which workflow is terminated; seconds.
TIME_ENGINE_INACTIVE_UNTIL_TERMINATION: 300
# -- Time since the last health check report after which the engine is considered unhealthy; seconds.
TIME_ENGINE_INACTIVE_UNTIL_UNHEALTHY: 60
# -- Time since the last workflow logs activity after which workflow is terminated; seconds.
TIME_INACTIVE_UNTIL_TERMINATION: 2700
# -- Set pod annotations.
podAnnotations: {}
# -- Set pod labels.
podLabels: {}
# -- Set node selector.
nodeSelector: {}
# -- Set affinity
affinity: {}
# -- Set tolerations.
tolerations: []
# -- Set scheduler name.
schedulerName: ""
# -- Set service account for pod.
serviceAccount: codefresh-engine
# -- Set extra env vars
userEnvVars: []
# E.g.
# userEnvVars:
# - name: GITHUB_TOKEN
# valueFrom:
# secretKeyRef:
# name: github-token
# key: token
# -- Parameters for `runtime-patch` post-upgrade/install hook
# @default -- See below
patch:
enabled: true
image:
registry: quay.io
repository: codefresh/cli
tag: 0.85.0-rootless
rbac:
enabled: true
annotations: {}
affinity: {}
nodeSelector: {}
podSecurityContext: {}
resources: {}
tolerations: []
ttlSecondsAfterFinished: 180
env:
HOME: /tmp
# -- Parameters for `gencerts-dind` post-upgrade/install hook
# @default -- See below
gencerts:
enabled: true
image:
registry: quay.io
repository: codefresh/kubectl
tag: 1.28.4
rbac:
enabled: true
annotations: {}
affinity: {}
nodeSelector: {}
podSecurityContext: {}
resources: {}
tolerations: []
ttlSecondsAfterFinished: 180
# -- DinD pod daemon config
# @default -- See below
dindDaemon:
hosts:
- unix:///var/run/docker.sock
- tcp://0.0.0.0:1300
tlsverify: true
tls: true
tlscacert: /etc/ssl/cf-client/ca.pem
tlscert: /etc/ssl/cf/server-cert.pem
tlskey: /etc/ssl/cf/server-key.pem
insecure-registries:
- 192.168.99.100:5000
metrics-addr: 0.0.0.0:9323
experimental: true
# App-Proxy parameters
# Ref: https://codefresh.io/docs/docs/installation/codefresh-runner/#app-proxy-installation
# @default -- See below
appProxy:
# -- Enable app-proxy
enabled: false
# -- Set number of pods
replicasCount: 1
# -- Upgrade strategy
updateStrategy:
type: RollingUpdate
# -- Set pod annotations
podAnnotations: {}
# -- Set image
image:
registry: quay.io
repository: codefresh/cf-app-proxy
tag: 0.0.47
# -- Add additional env vars
env: {}
# Set app-proxy ingress parameters
# @default -- See below
ingress:
# -- Set path prefix for ingress (keep empty for default `/` path)
pathPrefix: ""
# -- Set ingress class
class: ""
# -- Set DNS hostname the ingress will use
host: ""
# -- Set k8s tls secret for the ingress object
tlsSecret: ""
# -- Set extra annotations for ingress object
annotations: {}
# E.g.
# ingress:
# pathPrefix: "/cf-app-proxy"
# class: "nginx"
# host: "mydomain.com"
# tlsSecret: "tls-cert-app-proxy"
# annotations:
# nginx.ingress.kubernetes.io/whitelist-source-range: 123.123.123.123/130
# -- Service Account parameters
serviceAccount:
# -- Create service account
create: true
# -- Override service account name
name: ""
# -- Use Role(true)/ClusterRole(true)
namespaced: true
# -- Additional service account annotations
annotations: {}
# -- RBAC parameters
rbac:
# -- Create RBAC resources
create: true
# -- Use Role(true)/ClusterRole(true)
namespaced: true
# -- Add custom rule to the role
rules: []
# -- Set security context for the pod
podSecurityContext: {}
# -- Readiness probe configuration
# @default -- See below
readinessProbe:
failureThreshold: 5
initialDelaySeconds: 5
periodSeconds: 5
successThreshold: 1
timeoutSeconds: 5
# -- Set requests and limits
resources: {}
# -- Set node selector
nodeSelector: {}
# -- Set tolerations
tolerations: []
# -- Set affinity
affinity: {}
# Monitor parameters
# @default -- See below
monitor:
# -- Enable monitor
# Ref: https://codefresh.io/docs/docs/installation/codefresh-runner/#install-monitoring-component
enabled: false
# -- Set number of pods
replicasCount: 1
# -- Upgrade strategy
updateStrategy:
type: RollingUpdate
# -- Set pod annotations
podAnnotations: {}
# -- Set image
image:
registry: quay.io
repository: codefresh/cf-k8s-agent
tag: 1.3.17
# -- Add additional env vars
env: {}
# -- Service Account parameters
serviceAccount:
# -- Create service account
create: true
# -- Override service account name
name: ""
# -- Additional service account annotations
annotations: {}
# -- RBAC parameters
rbac:
# -- Create RBAC resources
create: true
# -- Use Role(true)/ClusterRole(true)
namespaced: true
# -- Add custom rule to the role
rules: []
# -- Readiness probe configuration
# @default -- See below
readinessProbe:
failureThreshold: 5
initialDelaySeconds: 5
periodSeconds: 5
successThreshold: 1
timeoutSeconds: 5
podSecurityContext: {}
# -- Set node selector
nodeSelector: {}
# -- Set resources
resources: {}
# -- Set tolerations
tolerations: []
# -- Set affinity
affinity: {}
# -- Add serviceMonitor
# @default -- See below
serviceMonitor:
main:
# -- Enable service monitor for dind pods
enabled: false
nameOverride: dind
selector:
matchLabels:
app: dind
endpoints:
- path: /metrics
targetPort: 9100
relabelings:
- action: labelmap
regex: __meta_kubernetes_pod_label_(.+)
# -- Add podMonitor (for engine pods)
# @default -- See below
podMonitor:
main:
# -- Enable pod monitor for engine pods
enabled: false
nameOverride: engine
selector:
matchLabels:
app: runtime
podMetricsEndpoints:
- path: /metrics
targetPort: 9100
runner:
# -- Enable pod monitor for runner pod
enabled: false
nameOverride: runner
selector:
matchLabels:
codefresh.io/application: runner
podMetricsEndpoints:
- path: /metrics
targetPort: 8080
volume-provisioner:
# -- Enable pod monitor for volumeProvisioner pod
enabled: false
nameOverride: volume-provisioner
selector:
matchLabels:
codefresh.io/application: volume-provisioner
podMetricsEndpoints:
- path: /metrics
targetPort: 8080
# -- Event exporter parameters
# @default -- See below
event-exporter:
# -- Enable event-exporter
enabled: false
# -- Set number of pods
replicasCount: 1
# -- Upgrade strategy
updateStrategy:
type: Recreate
# -- Set pod annotations
podAnnotations: {}
# -- Set image
image:
registry: docker.io
repository: codefresh/k8s-event-exporter
tag: latest
# -- Add additional env vars
env: {}
# -- Service Account parameters
serviceAccount:
# -- Create service account
create: true
# -- Override service account name
name: ""
# -- Additional service account annotations
annotations: {}
# -- RBAC parameters
rbac:
# -- Create RBAC resources
create: true
# -- Add custom rule to the role
rules: []
# -- Set security context for the pod
# @default -- See below
podSecurityContext:
enabled: false
# -- Set node selector
nodeSelector: {}
# -- Set resources
resources: {}
# -- Set tolerations
tolerations: []
# -- Set affinity
affinity: {}
# -- Array of extra objects to deploy with the release
extraResources: []
# E.g.
# extraResources:
# - apiVersion: rbac.authorization.k8s.io/v1
# kind: ClusterRole
# metadata:
# name: codefresh-role
# rules:
# - apiGroups: [ "*"]
# resources: ["*"]
# verbs: ["get", "list", "watch", "create", "update", "patch", "delete"]
# - apiVersion: v1
# kind: ServiceAccount
# metadata:
# name: codefresh-user
# namespace: "{{ .Release.Namespace }}"
# - apiVersion: rbac.authorization.k8s.io/v1
# kind: ClusterRoleBinding
# metadata:
# name: codefresh-user
# roleRef:
# apiGroup: rbac.authorization.k8s.io
# kind: ClusterRole
# name: codefresh-role
# subjects:
# - kind: ServiceAccount
# name: codefresh-user
# namespace: "{{ .Release.Namespace }}"
# - apiVersion: v1
# kind: Secret
# type: kubernetes.io/service-account-token
# metadata:
# name: codefresh-user-token
# namespace: "{{ .Release.Namespace }}"
# annotations:
# kubernetes.io/service-account.name: "codefresh-user"

23
charts/confluent/confluent-for-kubernetes/0.1033.33/Chart.yaml Normal file
View File

@ -0,0 +1,23 @@
annotations:
catalog.cattle.io/certified: partner
catalog.cattle.io/display-name: Confluent for Kubernetes
catalog.cattle.io/kube-version: '>=1.15-0'
catalog.cattle.io/release-name: confluent-for-kubernetes
apiVersion: v1
appVersion: 2.9.3
description: A Helm chart to deploy Confluent for Kubernetes
home: https://www.confluent.io/
icon: file://assets/icons/confluent-for-kubernetes.png
keywords:
- Confluent
- Confluent Operator
- Confluent Platform
- CFK
kubeVersion: '>=1.15-0'
maintainers:
- email: operator@confluent.io
name: Confluent Operator
name: confluent-for-kubernetes
sources:
- https://docs.confluent.io/current/index.html
version: 0.1033.33

72
charts/confluent/confluent-for-kubernetes/0.1033.33/README.md Normal file
View File

@ -0,0 +1,72 @@
Confluent for Kubernetes
==================================================================
Confluent for Kubernetes (CFK) is a cloud-native control plane for deploying and managing Confluent in your private cloud environment. It provides standard and simple interface to customize, deploy, and manage Confluent Platform through declarative API.
Confluent for Kubernetes runs on Kubernetes, the runtime for private cloud architectures.
NOTE: Confluent for Kubernetes is the next generation of Confluent Operator. For Confluent Operator 1.x documentation, see [Confluent Operator 1](https://docs.confluent.io/operator/1.7.0/overview.html), or use the version picker to browse to a specific version of the documentation.
See [Introducing Confluent for Kubernetes](https://www.confluent.io/blog/confluent-for-kubernetes-offers-cloud-native-kafka-automation/) for an overview.
The following shows the high-level architecture of Confluent for Kubernetes and Confluent Platform in Kubernetes.
[![_images/co-architecture.png](https://docs.confluent.io/operator/current/_images/co-architecture.png)](_images/co-architecture.png)
Features
---------------------------------------------------
The following are summaries of the main, notable features of Confluent for Kubernetes.
#### Cloud Native Declarative API
* Declarative Kubernetes-native API approach to configure, deploy, and manage Confluent Platform components (Apache KafkaB., Connect workers, ksqlDB, Schema Registry, Confluent Control Center) and resources (topics, rolebindings) through Infrastructure as Code (IaC).
* Provides built-in automation for cloud-native security best practices:
* Complete granular RBAC, authentication and TLS network encryption
* Auto-generated certificates
* Support for credential management systems, such as Hashicorp Vault, to inject sensitive configurations in memory to Confluent deployments
* Provides server properties, JVM, and Log4j configuration overrides for customization of all Confluent Platform components.
#### Upgrades
* Provides automated rolling updates for configuration changes.
* Provides automated rolling upgrades with no impact to Kafka availability.
#### Scaling
* Provides single command, automated scaling and reliability checks of Confluent Platform.
#### Resiliency
* Restores a Kafka pod with the same Kafka broker ID, configuration, and persistent storage volumes if a failure occurs.
* Provides automated rack awareness to spread replicas of a partition across different racks (or zones), improving availability of Kafka brokers and limiting the risk of data loss.
#### Scheduling
* Supports Kubernetes labels and annotations to provide useful context to DevOps teams and ecosystem tooling.
* Supports Kubernetes tolerations and pod/node affinity for efficient resource utilization and pod placement.
#### Monitoring
* Supports metrics aggregation using JMX/Jolokia.
* Supports aggregated metrics export to Prometheus.
Licensing
-----------------------------------------------------
You can use Confluent for Kubernetes and Confluent Control Center for a 30-day trial period without a license key.
After 30 days, Confluent for Kubernetes and Control Center require a license key. Confluent issues keys to subscribers, along with providing [enterprise-level support](https://www.confluent.io/subscription/) for Confluent components and Confluent for Kubernetes.
If you are a subscriber, contact Confluent Support at [support@confluent.io](mailto:support@confluent.io) for more information.
See [Update Confluent Platform License](co-license.html#co-license-key) if you have received a key for Confluent for Kubernetes.
&copy; Copyright 2021 , Confluent, Inc. [Privacy Policy](https://www.confluent.io/confluent-privacy-statement/) | [Terms & Conditions](https://www.confluent.io/terms-of-use/). Apache, Apache Kafka, Kafka and the Kafka logo are trademarks of the [Apache Software Foundation](http://www.apache.org/). All other trademarks, servicemarks, and copyrights are the property of their respective owners.
[Please report any inaccuracies on this page or suggest an edit.](mailto:docs@confluent.io)

3
charts/confluent/confluent-for-kubernetes/0.1033.33/app-readme.md Normal file
View File

@ -0,0 +1,3 @@
##Confluent For Kubernetes
With Confluent for Kubernetes, Confluent brings a cloud-native experience for data in motion workloads in on-premises environments. Based on our expertise and learnings from operating over 5,000 clusters in Confluent Cloud, Confluent for Kubernetes offers an opinionated deployment of Confluent Platform that enhances the platformb's elasticity, ease of operations, and resiliency.

883
charts/confluent/confluent-for-kubernetes/0.1033.33/crds/platform.confluent.io_clusterlinks.yaml Normal file
View File

@ -0,0 +1,883 @@
---
apiVersion: apiextensions.k8s.io/v1
kind: CustomResourceDefinition
metadata:
annotations:
controller-gen.kubebuilder.io/version: v0.15.0
name: clusterlinks.platform.confluent.io
spec:
group: platform.confluent.io
names:
categories:
- all
- confluent-platform
- confluent
kind: ClusterLink
listKind: ClusterLinkList
plural: clusterlinks
shortNames:
- cl
- clusterlink
- clink
singular: clusterlink
scope: Namespaced
versions:
- additionalPrinterColumns:
- jsonPath: .status.clusterLinkID
name: ID
type: string
- jsonPath: .status.state
name: Status
type: string
- jsonPath: .status.destinationKafkaClusterID
name: DestClusterID
type: string
- jsonPath: .status.sourceKafkaClusterID
name: SrcClusterID
type: string
- jsonPath: .status.numMirrorTopics
name: MirrorTopicCount
type: string
- jsonPath: .metadata.creationTimestamp
name: Age
type: date
name: v1beta1
schema:
openAPIV3Schema:
description: ClusterLink is the schema for the ClusterLink API.
properties:
apiVersion:
description: |-
APIVersion defines the versioned schema of this representation of an object.
Servers should convert recognized schemas to the latest internal value, and
may reject unrecognized values.
More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources
type: string
kind:
description: |-
Kind is a string value representing the REST resource this object represents.
Servers may infer this from the endpoint the client submits requests to.
Cannot be updated.
In CamelCase.
More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds
type: string
metadata:
type: object
spec:
description: spec defines the desired state of the cluster link.
properties:
aclFilters:
description: |-
aclFilters specify the list of ACLs to be migrated from the source cluster to the
destination cluster.
items:
description: |-
AclFilter defines the configuration for the ACLs filter. This follows the same pattern as defined in the
cluster linking documentation. More info:
https://docs.confluent.io/platform/current/multi-dc-deployments/cluster-linking/security.html#cluster-link-acls-migrate
properties:
accessFilter:
description: AclSyncAccessFilter defines the access filter for
ACLs.
properties:
host:
description: |-
host is the host for which operations can be coming from.
The default value is `*` that matches all hosts.
type: string
operation:
description: |-
operation specifies the operation type of the filter. It can be `ANY` or operations
based on resource type defined in the following Confluent documentation:
https://docs.confluent.io/platform/current/kafka/authorization.html#acl-operations
type: string
permissionType:
description: permissionType is the permission type of the
filter. Valid options are `any`, `allow`, and `deny`.
enum:
- any
- allow
- deny
type: string
principal:
description: |-
principal is the name of the principal.
The default value is `*`.
type: string
required:
- operation
- permissionType
type: object
resourceFilter:
description: AclSyncResourceFilter specifies the resource filter
for ACLs.
properties:
name:
description: |-
name is the name of the resource associated with this filter.
The default value is `*`.
type: string
patternType:
description: patternType is the pattern of the resource.
Valid options are `prefixed`, `literal`, `any`, and `match`.
enum:
- prefixed
- literal
- any
- match
type: string
resourceType:
description: resourceType is the type of the filter. Valid
options are `any`, `cluster`, `group`, `topic`, `transactionId`,
and `delegationToken`.
enum:
- any
- cluster
- group
- topic
- transcationId
- delegationToken
type: string
required:
- patternType
- resourceType
type: object
required:
- accessFilter
- resourceFilter
type: object
type: array
configs:
additionalProperties:
type: string
description: |-
configs is a map of string key and value pairs. It specifies additional configurations for the cluster link.
More info: https://docs.confluent.io/platform/current/multi-dc-deployments/cluster-linking/configs.html
type: object
x-kubernetes-map-type: granular
consumerGroupFilters:
description: |-
consumerGroupFilters specify a list of consumer groups to be migrated from
the source cluster to the destination cluster.
items:
description: ClusterLinkOptionsFilter defines the scheme for a filter
properties:
filterType:
description: filterType specifies the filter type. Valid options
are `INCLUDE` and `EXCLUDE`.
enum:
- INCLUDE
- EXCLUDE
type: string
name:
description: name is the resource name associated with this
filter.
type: string
patternType:
description: patternType is the pattern of the resource. Valid
options are `PREFIXED` and `LITERAL`.
enum:
- PREFIXED
- LITERAL
type: string
required:
- filterType
- name
- patternType
type: object
type: array
destinationKafkaCluster:
description: destinationKafkaCluster specifies the destination Kafka
cluster and its REST API configuration.
properties:
authentication:
description: authentication specifies the authentication for the
Kafka cluster.
properties:
jaasConfig:
description: jaasConfig specifies the Kafka client-side JaaS
configuration.
properties:
secretRef:
description: |-
secretRef references the secret containing the required credentials.
More info: https://docs.confluent.io/operator/current/co-authenticate.html
maxLength: 30
minLength: 1
pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$
type: string
required:
- secretRef
type: object
jaasConfigPassThrough:
description: jaasConfigPassThrough specifies another way to
provide the Kafka client-side JaaS configuration.
properties:
directoryPathInContainer:
description: |-
directoryPathInContainer specifies the directory path in the container where required credentials are mounted.
More info: https://docs.confluent.io/operator/current/co-authenticate.html
minLength: 1
type: string
secretRef:
description: |-
secretRef references the secret containing the required credentials for authentication.
More info: https://docs.confluent.io/operator/current/co-authenticate.html
maxLength: 30
minLength: 1
pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$
type: string
type: object
oauthSettings:
description: |-
oauthSettings specifies the OAuth settings.
This needs to passed with the authentication type `oauth`.
properties:
audience:
description: audience specifies the audience claim in
the JWT payload.
minLength: 1
type: string
expectedIssuer:
description: expectedIssuer specifies the expected issuer
in the JWT payload.
minLength: 1
type: string
groupsClaimName:
description: groupsClaimName specifies the name of claim
in token for identifying the groups of subject in the
JWT payload.
minLength: 1
type: string
jwksEndpointUri:
description: |-
jwksEndpointUri specifies the uri for the JSON Web Key Set (JWKS).
It is used to get set of keys containing the public keys used to verify any JWT issued by the IdP's Authorization Server.
minLength: 1
type: string
loginConnectTimeoutMs:
description: LoginConnectTimeoutMs sets connect timeout
with IDP in ms
format: int32
type: integer
loginReadTimeoutMs:
description: LoginReadTimeoutMs sets read timeout with
IDP in ms
format: int32
type: integer
loginRetryBackoffMaxMs:
description: LoginRetryBackoffMaxMs sets max retry backoff
with IDP in ms
format: int32
type: integer
loginRetryBackoffMs:
description: LoginRetryBackoffMs sets retry backoff with
IDP in ms
format: int32
type: integer
scope:
description: |-
scope is optional and required only when your identity provider doesn't have
a default scope or your groups claim is linked to a scope.
minLength: 1
type: string
subClaimName:
description: subClaimName specifies name of claim in JWT
to use for the subject.
minLength: 1
type: string
tokenEndpointUri:
description: |-
tokenBaseEndpointUri specifies the base uri for token endpoint.
This is required for OAuth for inter broker communication along with
clientId & clientSecret in JassConfig or JassConfigPassthrough
minLength: 1
type: string
type: object
oauthbearer:
description: |-
oauthbearer is the authentication mechanism to provider principals.
Only supported in RBAC deployment.
properties:
directoryPathInContainer:
description: |-
directoryPathInContainer specifies the directory path in the container
where the credential is mounted.
minLength: 1
type: string
secretRef:
description: |-
secretRef specifies the name of the secret that contains the credential.
More info: https://docs.confluent.io/operator/current/co-authenticate.html#bearer-authentication
maxLength: 30
minLength: 1
pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$
type: string
type: object
type:
description: |-
type specifies the Kafka client authentication type.
Valid options are `plain`, `oauthbearer`, `digest`, `mtls` and `oauth`.
enum:
- plain
- oauthbearer
- digest
- mtls
- oauth
type: string
required:
- type
type: object
bootstrapEndpoint:
description: |-
bootstrapEndpoint specifies the bootstrap endpoint for the Kafka cluster.
When `spec.sourceInitiatedLink.linkMode` is configured as `Source`, this is required for
`spec.destinationKafkaCluster` and not required for `spec.sourceKafkaCluster`.
For other cluster links this is required for `spec.sourceKafkaCluster` and not required for
`spec.destinationKafkaCluster`.
minLength: 1
pattern: .+:[0-9]+
type: string
clusterID:
description: |-
clusterID specifies the id of the Kafka cluster.
If clusterID is defined for the Kafka cluster, it takes precedence over using the REST API
for getting the cluster ID.
minLength: 1
type: string
kafkaRestClassRef:
description: |-
kafkaRestClassRef references the KafkaRestClass application resource which
defines the Kafka REST API connection information.
When `spec.sourceInitiatedLink.linkMode` is configured as `Source`, this is required for
`spec.sourceKafkaCluster` and optional for `spec.destinationKafkaCluster` if `spec.clusterID` is set.
For other cluster links this is required for 'spec.destinationKafkaCluster` and optional for
`spec.sourceKafkaCluster` if the `spec.clusterID` is set.
properties:
name:
description: name specifies the name of the KafkaRestClass
application resource.
minLength: 1
type: string
namespace:
description: namespace specifies the namespace of the KafkaRestClass.
type: string
required:
- name
type: object
tls:
description: tls specifies the client-side TLS configuration for
the Kafka cluster.
properties:
directoryPathInContainer:
description: |-
directoryPathInContainer contains the directory path in the container where
`fullchain.pem`, `privkey.pem`, `cacerts.pem` or `tls.crt`, `tls.key`, `ca.crt` keys are mounted.
minLength: 1
type: string
enabled:
description: enabled specifies whether to enable the TLS configuration
for the cluster link. The default value is `false`.
type: boolean
keyPassword:
description: |-
keyPassword references the secret containing the SSL key password if the private key passed
in the secretRef above is encrypted.
properties:
secretRef:
description: |-
secretRef references the name of the secret containing the JKS password.
More info: https://docs.confluent.io/operator/current/co-network-encryption.html#configure-user-provided-tls-certificates
maxLength: 30
minLength: 1
pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$
type: string
required:
- secretRef
type: object
secretRef:
description: |-
secretRef references the secret containing the certificates.
More info: https://docs.confluent.io/operator/current/co-network-encryption.html
maxLength: 63
minLength: 1
pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$
type: string
required:
- enabled
type: object
type: object
mirrorTopicOptions:
description: mirrorTopicOptions specify configuration options for
mirror topics.
properties:
autoCreateTopics:
description: |-
autoCreateTopics specifies configurations for the cluster link to
automatically create mirror topics on the destination cluster for topics that exist on the source cluster based on defined filters.
More info: https://docs.confluent.io/platform/current/multi-dc-deployments/cluster-linking/mirror-topics-cp.html#auto-create-mirror-topics
properties:
enabled:
description: |-
enabled specifies whether to auto-create mirror topics based on topics on the source cluster.
When set to “true”, mirror topics will be auto-created. Setting this option to “false” disables mirror topic creation and clears any existing filters.
type: boolean
topicFilters:
description: topicFilter contains an array of filters to apply
to indicate which topics should be mirrored.
items:
description: ClusterLinkOptionsFilter defines the scheme
for a filter
properties:
filterType:
description: filterType specifies the filter type. Valid
options are `INCLUDE` and `EXCLUDE`.
enum:
- INCLUDE
- EXCLUDE
type: string
name:
description: name is the resource name associated with
this filter.
type: string
patternType:
description: patternType is the pattern of the resource.
Valid options are `PREFIXED` and `LITERAL`.
enum:
- PREFIXED
- LITERAL
type: string
required:
- filterType
- name
- patternType
type: object
type: array
type: object
prefix:
description: |-
prefix specifies prefix for the mirror topics of the cluster link.
If configured, the valid mirror topic name should be defined with `<prefix><sourceTopicName>` format
which mirrors the topic name of the format `<sourceTopicName>` from source cluster.
When auto-create is enabled and the prefix is configured then the topics created on the destination will automatically contain the prefix.
Otherwise, `spec.mirrorTopic.name` should be defined with `<prefix><sourceTopicName>` format.
maxLength: 255
minLength: 1
pattern: ^[a-zA-Z0-9\._\-]*$
type: string
type: object
mirrorTopics:
description: mirrorTopics specify the mirror topics under this cluster
link.
items:
description: MirrorTopic defines the mirror topic configuration.
properties:
configs:
additionalProperties:
type: string
description: configs is a map of string key and value pairs.
It specifies any additional configuration or configuration
overrides for the mirror topic.
type: object
x-kubernetes-map-type: granular
name:
description: |-
name is the mirror topic name. If the sourceTopicName is not configured,
we assume that the sourceTopicName is the same as mirrorTopicName,
so a topic with the exact same name must exist on the source cluster and
no topic with this name should exist on the destination cluster.
When `spec.mirrorTopicOptions.prefix: <prefix>` is configured for the cluster link,
the name has to be of the format `<prefix><sourceTopicName>`.
maxLength: 255
minLength: 1
pattern: ^[a-zA-Z0-9\._\-]*$
type: string
replicationFactor:
description: |-
replicationFactor specifies the replication factor for the mirror topic on the destination cluster.
If this is not configured, mirror topic will inherit the broker `default.replication.factor` configuration.
format: int32
type: integer
sourceTopicName:
description: |-
sourceTopicName is topic name on the source cluster that will be mirrored to the destination cluster.
When `spec.mirrorTopicOptions.prefix: <prefix>` is not configured, you should not configure this field.
If it is configured, a topic with the exact same name must exist on the source cluster.
maxLength: 255
minLength: 1
pattern: ^[a-zA-Z0-9\._\-]*$
type: string
state:
description: |-
state specifies the desired state for this mirror topic. Valid options are
`ACTIVE`, `FAILOVER`, `PAUSE`, and `PROMOTE`. The default value is `ACTIVE`.
enum:
- PAUSE
- PROMOTE
- FAILOVER
- ACTIVE
type: string
required:
- name
type: object
type: array
name:
description: |-
name specifies the cluster link name. If not configured, then ClusterLink CR name is used
as the cluster link name.
maxLength: 255
minLength: 1
pattern: ^[a-zA-Z0-9\._\-]*$
type: string
sourceInitiatedLink:
description: sourceInitiatedLink specify configs for source initiated
cluster links.
properties:
linkMode:
description: linkMode specifies if this source initiated cluster
link is in Source or Destination mode.
enum:
- Source
- Destination
- Bidirectional
type: string
required:
- linkMode
type: object
sourceKafkaCluster:
description: sourceKafkaCluster specifies the source Kafka cluster
and its REST API configuration.
properties:
authentication:
description: authentication specifies the authentication for the
Kafka cluster.
properties:
jaasConfig:
description: jaasConfig specifies the Kafka client-side JaaS
configuration.
properties:
secretRef:
description: |-
secretRef references the secret containing the required credentials.
More info: https://docs.confluent.io/operator/current/co-authenticate.html
maxLength: 30
minLength: 1
pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$
type: string
required:
- secretRef
type: object
jaasConfigPassThrough:
description: jaasConfigPassThrough specifies another way to
provide the Kafka client-side JaaS configuration.
properties:
directoryPathInContainer:
description: |-
directoryPathInContainer specifies the directory path in the container where required credentials are mounted.
More info: https://docs.confluent.io/operator/current/co-authenticate.html
minLength: 1
type: string
secretRef:
description: |-
secretRef references the secret containing the required credentials for authentication.
More info: https://docs.confluent.io/operator/current/co-authenticate.html
maxLength: 30
minLength: 1
pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$
type: string
type: object
oauthSettings:
description: |-
oauthSettings specifies the OAuth settings.
This needs to passed with the authentication type `oauth`.
properties:
audience:
description: audience specifies the audience claim in
the JWT payload.
minLength: 1
type: string
expectedIssuer:
description: expectedIssuer specifies the expected issuer
in the JWT payload.
minLength: 1
type: string
groupsClaimName:
description: groupsClaimName specifies the name of claim
in token for identifying the groups of subject in the
JWT payload.
minLength: 1
type: string
jwksEndpointUri:
description: |-
jwksEndpointUri specifies the uri for the JSON Web Key Set (JWKS).
It is used to get set of keys containing the public keys used to verify any JWT issued by the IdP's Authorization Server.
minLength: 1
type: string
loginConnectTimeoutMs:
description: LoginConnectTimeoutMs sets connect timeout
with IDP in ms
format: int32
type: integer
loginReadTimeoutMs:
description: LoginReadTimeoutMs sets read timeout with
IDP in ms
format: int32
type: integer
loginRetryBackoffMaxMs:
description: LoginRetryBackoffMaxMs sets max retry backoff
with IDP in ms
format: int32
type: integer
loginRetryBackoffMs:
description: LoginRetryBackoffMs sets retry backoff with
IDP in ms
format: int32
type: integer
scope:
description: |-
scope is optional and required only when your identity provider doesn't have
a default scope or your groups claim is linked to a scope.
minLength: 1
type: string
subClaimName:
description: subClaimName specifies name of claim in JWT
to use for the subject.
minLength: 1
type: string
tokenEndpointUri:
description: |-
tokenBaseEndpointUri specifies the base uri for token endpoint.
This is required for OAuth for inter broker communication along with
clientId & clientSecret in JassConfig or JassConfigPassthrough
minLength: 1
type: string
type: object
oauthbearer:
description: |-
oauthbearer is the authentication mechanism to provider principals.
Only supported in RBAC deployment.
properties:
directoryPathInContainer:
description: |-
directoryPathInContainer specifies the directory path in the container
where the credential is mounted.
minLength: 1
type: string
secretRef:
description: |-
secretRef specifies the name of the secret that contains the credential.
More info: https://docs.confluent.io/operator/current/co-authenticate.html#bearer-authentication
maxLength: 30
minLength: 1
pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$
type: string
type: object
type:
description: |-
type specifies the Kafka client authentication type.
Valid options are `plain`, `oauthbearer`, `digest`, `mtls` and `oauth`.
enum:
- plain
- oauthbearer
- digest
- mtls
- oauth
type: string
required:
- type
type: object
bootstrapEndpoint:
description: |-
bootstrapEndpoint specifies the bootstrap endpoint for the Kafka cluster.
When `spec.sourceInitiatedLink.linkMode` is configured as `Source`, this is required for
`spec.destinationKafkaCluster` and not required for `spec.sourceKafkaCluster`.
For other cluster links this is required for `spec.sourceKafkaCluster` and not required for
`spec.destinationKafkaCluster`.
minLength: 1
pattern: .+:[0-9]+
type: string
clusterID:
description: |-
clusterID specifies the id of the Kafka cluster.
If clusterID is defined for the Kafka cluster, it takes precedence over using the REST API
for getting the cluster ID.
minLength: 1
type: string
kafkaRestClassRef:
description: |-
kafkaRestClassRef references the KafkaRestClass application resource which
defines the Kafka REST API connection information.
When `spec.sourceInitiatedLink.linkMode` is configured as `Source`, this is required for
`spec.sourceKafkaCluster` and optional for `spec.destinationKafkaCluster` if `spec.clusterID` is set.
For other cluster links this is required for 'spec.destinationKafkaCluster` and optional for
`spec.sourceKafkaCluster` if the `spec.clusterID` is set.
properties:
name:
description: name specifies the name of the KafkaRestClass
application resource.
minLength: 1
type: string
namespace:
description: namespace specifies the namespace of the KafkaRestClass.
type: string
required:
- name
type: object
tls:
description: tls specifies the client-side TLS configuration for
the Kafka cluster.
properties:
directoryPathInContainer:
description: |-
directoryPathInContainer contains the directory path in the container where
`fullchain.pem`, `privkey.pem`, `cacerts.pem` or `tls.crt`, `tls.key`, `ca.crt` keys are mounted.
minLength: 1
type: string
enabled:
description: enabled specifies whether to enable the TLS configuration
for the cluster link. The default value is `false`.
type: boolean
keyPassword:
description: |-
keyPassword references the secret containing the SSL key password if the private key passed
in the secretRef above is encrypted.
properties:
secretRef:
description: |-
secretRef references the name of the secret containing the JKS password.
More info: https://docs.confluent.io/operator/current/co-network-encryption.html#configure-user-provided-tls-certificates
maxLength: 30
minLength: 1
pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$
type: string
required:
- secretRef
type: object
secretRef:
description: |-
secretRef references the secret containing the certificates.
More info: https://docs.confluent.io/operator/current/co-network-encryption.html
maxLength: 63
minLength: 1
pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$
type: string
required:
- enabled
type: object
type: object
required:
- destinationKafkaCluster
- sourceKafkaCluster
type: object
status:
description: status defines the observed state of the cluster link.
properties:
appState:
default: Unknown
description: appState is the current state of the cluster link application.
enum:
- Unknown
- Created
- Failed
- Deleted
type: string
clusterLinkID:
description: clusterLinkID is the id of the cluster link.
type: string
clusterLinkName:
description: clusterLinkName is the name of the cluster link.
type: string
conditions:
description: conditions are the latest available observations of the
cluster link's state.
items:
description: Condition represent the latest available observations
of the current state.
properties:
lastProbeTime:
description: lastProbeTime shows the last time the condition
was evaluated.
format: date-time
type: string
lastTransitionTime:
description: lastTransitionTime shows the last time the condition
was transitioned from one status to another.
format: date-time
type: string
message:
description: message shows a human-readable message with details
about the transition.
type: string
reason:
description: reason shows the reason for the last transition
of the condition.
type: string
status:
description: status shows the status of the condition, one of
`True`, `False`, or `Unknown`.
type: string
type:
description: type shows the condition type.
type: string
type: object
type: array
destinationKafkaClusterID:
description: destinationKafkaClusterID is the ID of the destination
Kafka cluster.
type: string
kafkaCluster:
description: 'kafkaCluster is the Kafka cluster this cluster link
belongs to. The format is: `<Kafka namespace>/<Kafka name>`'
type: string
mirrorTopics:
additionalProperties:
description: |-
MirrorTopicStatus specifies the status reported for each mirror topic as part of
the cluster link status.
properties:
observedGeneration:
description: observedGeneration is the most recent generation
observed for this Confluent component.
format: int64
type: integer
replicationFactor:
description: replicationFactor specifies the replication factor
for the mirror topic on the destination cluster.
format: int32
type: integer
sourceTopicName:
description: sourceTopicName is the name of the topic being
mirrored on the source cluster.
type: string
status:
description: |-
status is the status of the mirror topic.
It can be `ACTIVE`, `FAILED`, `PAUSED`, `STOPPED`, and `PENDING_STOPPED`.
type: string
type: object
description: mirrorTopics is a map of mirror topic name to its status
type: object
x-kubernetes-map-type: granular
numMirrorTopics:
description: numMirrorTopics is the number of mirror topics for the
cluster link.
type: integer
observedGeneration:
description: observedGeneration is the most recent generation observed
for this Confluent component.
format: int64
type: integer
sourceKafkaClusterID:
description: sourceKafkaClusterID is the ID of the source Kafka cluster.
type: string
state:
description: state is the current state of the cluster link.
type: string
type: object
required:
- spec
type: object
served: true
storage: true
subresources:
status: {}

296
charts/confluent/confluent-for-kubernetes/0.1033.33/crds/platform.confluent.io_confluentrolebindings.yaml Normal file
View File

@ -0,0 +1,296 @@
---
apiVersion: apiextensions.k8s.io/v1
kind: CustomResourceDefinition
metadata:
annotations:
controller-gen.kubebuilder.io/version: v0.15.0
name: confluentrolebindings.platform.confluent.io
spec:
group: platform.confluent.io
names:
categories:
- all
- confluent-platform
- confluent
kind: ConfluentRolebinding
listKind: ConfluentRolebindingList
plural: confluentrolebindings
shortNames:
- cfrb
- confluentrolebinding
singular: confluentrolebinding
scope: Namespaced
versions:
- additionalPrinterColumns:
- jsonPath: .status.state
name: Status
type: string
- jsonPath: .status.kafkaClusterID
name: KafkaClusterID
type: string
- jsonPath: .status.principal
name: Principal
type: string
- jsonPath: .status.role
name: Role
type: string
- jsonPath: .status.kafkaRestClass
name: KafkaRestClass
type: string
- jsonPath: .metadata.creationTimestamp
name: Age
type: date
- jsonPath: .status.kafkaCluster
name: KafkaCluster
priority: 1
type: string
- jsonPath: .status.clusterRegistryName
name: ClusterRegistryName
priority: 1
type: string
name: v1beta1
schema:
openAPIV3Schema:
description: ConfluentRolebinding is the schema for the ConfluentRolebinding
API.
properties:
apiVersion:
description: |-
APIVersion defines the versioned schema of this representation of an object.
Servers should convert recognized schemas to the latest internal value, and
may reject unrecognized values.
More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources
type: string
kind:
description: |-
Kind is a string value representing the REST resource this object represents.
Servers may infer this from the endpoint the client submits requests to.
Cannot be updated.
In CamelCase.
More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds
type: string
metadata:
type: object
spec:
description: spec defines the desired state of the ConfluentRolebinding.
properties:
clustersScopeByIds:
description: clustersScopeByIds specify the scope of the Confluent
component cluster(s) via cluster id(s).
properties:
connectClusterId:
description: connectClusterId specifies the Connect cluster id.
minLength: 1
type: string
kafkaClusterId:
description: kafkaClusterId specifies the id of the Kafka cluster
id.
minLength: 1
type: string
ksqlClusterId:
description: ksqlClusterId specifies the ksqlDB cluster id.
minLength: 1
type: string
schemaRegistryClusterId:
description: schemaRegistryClusterId specifies the Schema Registry
cluster id.
minLength: 1
type: string
type: object
clustersScopeByRegistryName:
description: clustersScopeByRegistryName specifies the unique cluster
name you registered in the cluster registry.
minLength: 1
type: string
kafkaRestClassRef:
description: kafkaRestClassRef references the KafkaRestClass that
defines the Kafka REST API connection information.
properties:
name:
description: name specifies the name of the KafkaRestClass application
resource.
minLength: 1
type: string
namespace:
description: namespace specifies the namespace of the KafkaRestClass.
type: string
required:
- name
type: object
principal:
description: RolebindingPrincipal defines the principal(user/group)
the rolebinding belongs to.
properties:
name:
description: name specifies the name of the principal.
minLength: 1
type: string
type:
description: type specifies the type of the principal. Valid options
are `user` and `group`.
enum:
- user
- group
type: string
required:
- name
- type
type: object
resourcePatterns:
description: resourcePatterns specify the qualified resources associated
with this rolebinding.
items:
description: ResourcePattern specifies the qualified resource info
associated with this rolebinding.
properties:
name:
description: name specifies the name of the resource associated
with this rolebinding.
minLength: 1
type: string
patternType:
description: |-
patternType specifies the pattern of the resource. Valid options are
`PREFIXED` or `LITERAL`. The default value is `LITERAL`.
enum:
- PREFIXED
- LITERAL
type: string
resourceType:
description: |-
resourceType refers to the type of the resource.
Valid options are `Topic`, `Group`, `Subject`, `KsqlCluster`, `Cluster`, `TransactionalId`, etc.
minLength: 1
type: string
required:
- name
- resourceType
type: object
type: array
role:
description: role specifies the name of the role.
minLength: 1
type: string
required:
- principal
- role
type: object
status:
description: status is the observed state of the ConfluentRolebinding.
properties:
appState:
default: Unknown
description: appState is the current state of the rolebinding application.
enum:
- Unknown
- Created
- Failed
- Deleted
type: string
clusterRegistryName:
description: clusterRegistryName is the cluster registry name the
rolebinding associated with.
type: string
conditions:
description: conditions are the latest available observations of the
rolebinding's state.
items:
description: Condition represent the latest available observations
of the current state.
properties:
lastProbeTime:
description: lastProbeTime shows the last time the condition
was evaluated.
format: date-time
type: string
lastTransitionTime:
description: lastTransitionTime shows the last time the condition
was transitioned from one status to another.
format: date-time
type: string
message:
description: message shows a human-readable message with details
about the transition.
type: string
reason:
description: reason shows the reason for the last transition
of the condition.
type: string
status:
description: status shows the status of the condition, one of
`True`, `False`, or `Unknown`.
type: string
type:
description: type shows the condition type.
type: string
type: object
type: array
kafkaCluster:
description: 'kafkaCluster is the Kafka cluster the rolebinding belongs
to. The format is: `<Kafka namespace>/<Kafka name>`.'
type: string
kafkaClusterID:
description: kafkaClusterID is the id of the Kafka cluster.
type: string
kafkaRestClass:
description: 'kafkaRestClass is the kafkaRestClass this rolebinding
uses. The format is: `<kafkaRestClass namespace>/<kafkaRestClass
name>`.'
type: string
mdsEndpoint:
description: mdsEndpoint is the MDS endpoint.
type: string
observedGeneration:
description: observedGeneration is the most recent generation observed
for this Confluent component.
format: int64
type: integer
principal:
description: 'principal is the principal the rolebinding belongs to.
The format is: `<principal type>:<principal name>`.'
type: string
resourcePatterns:
description: resourcePatterns are the resource patterns this rolebinding
is associated with.
items:
description: ResourcePattern specifies the qualified resource info
associated with this rolebinding.
properties:
name:
description: name specifies the name of the resource associated
with this rolebinding.
minLength: 1
type: string
patternType:
description: |-
patternType specifies the pattern of the resource. Valid options are
`PREFIXED` or `LITERAL`. The default value is `LITERAL`.
enum:
- PREFIXED
- LITERAL
type: string
resourceType:
description: |-
resourceType refers to the type of the resource.
Valid options are `Topic`, `Group`, `Subject`, `KsqlCluster`, `Cluster`, `TransactionalId`, etc.
minLength: 1
type: string
required:
- name
- resourceType
type: object
type: array
role:
description: role is the role this rolebinding is associated with.
type: string
state:
description: state is the state of this rolebinding.
type: string
type: object
required:
- spec
type: object
served: true
storage: true
subresources:
status: {}

496
charts/confluent/confluent-for-kubernetes/0.1033.33/crds/platform.confluent.io_connectors.yaml Normal file
View File

@ -0,0 +1,496 @@
---
apiVersion: apiextensions.k8s.io/v1
kind: CustomResourceDefinition
metadata:
annotations:
controller-gen.kubebuilder.io/version: v0.15.0
name: connectors.platform.confluent.io
spec:
group: platform.confluent.io
names:
categories:
- all
- confluent-platform
- confluent
kind: Connector
listKind: ConnectorList
plural: connectors
shortNames:
- ctr
- connector
singular: connector
scope: Namespaced
versions:
- additionalPrinterColumns:
- jsonPath: .status.state
name: Status
type: string
- jsonPath: .status.connectorState
name: ConnectorStatus
type: string
- jsonPath: .status.tasksReady
name: Tasks-Ready
type: string
- jsonPath: .metadata.creationTimestamp
name: Age
type: date
- jsonPath: .status.connectRestEndpoint
name: ConnectEndpoint
priority: 1
type: string
- jsonPath: .status.failedTasksCount
name: Tasks-Failed
priority: 1
type: string
- jsonPath: .status.workerID
name: WorkerID
priority: 1
type: string
- jsonPath: .status.restartPolicy.type
name: RestartPolicy
priority: 1
type: string
- jsonPath: .status.kafkaClusterID
name: KafkaClusterID
priority: 1
type: string
name: v1beta1
schema:
openAPIV3Schema:
description: Connector is the schema for the Connector API.
properties:
apiVersion:
description: |-
APIVersion defines the versioned schema of this representation of an object.
Servers should convert recognized schemas to the latest internal value, and
may reject unrecognized values.
More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources
type: string
kind:
description: |-
Kind is a string value representing the REST resource this object represents.
Servers may infer this from the endpoint the client submits requests to.
Cannot be updated.
In CamelCase.
More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds
type: string
metadata:
type: object
spec:
description: spec defines the desired state of the Connector.
properties:
class:
description: |-
class specifies the class name of the connector.
The Connect cluster displays the supported class names in its status.
minLength: 1
type: string
configs:
additionalProperties:
type: string
description: configs is a map of string key and value pairs. It specifies
the additional configurations for the connector.
type: object
x-kubernetes-map-type: granular
connectClusterRef:
description: connectClusterRef references the CFK managed Connect
cluster.
properties:
name:
description: name specifies the name of the Confluent Platform
component cluster.
type: string
namespace:
description: namespace specifies the namespace where the Confluent
Platform component cluster is running.
type: string
required:
- name
type: object
connectRest:
description: connectRest specifies the Connect REST API connection
configuration.
properties:
authentication:
description: authentication specifies the REST API authentication
mechanism.
properties:
basic:
description: basic specifies the basic authentication settings
for the REST API client.
properties:
debug:
description: debug enables the basic authentication debug
logs for JaaS configuration.
type: boolean
directoryPathInContainer:
description: |-
directoryPathInContainer allows to pass the basic credential through a directory path in the container.
More info: https://docs.confluent.io/operator/current/co-authenticate.html#basic-authentication
minLength: 1
type: string
restrictedRoles:
description: |-
restrictedRoles specify the restricted roles on the server side only.
Changes will be only reflected in Control Center.
This configuration is ignored on the client side configuration.
items:
type: string
minItems: 1
type: array
roles:
description: |-
roles specify the roles on the server side only.
This configuration is ignored on the client side configuration.
items:
type: string
type: array
secretRef:
description: |-
secretRef defines secret reference to pass the required credentials.
More info: https://docs.confluent.io/operator/current/co-authenticate.html#basic-authentication
maxLength: 30
minLength: 1
pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$
type: string
type: object
bearer:
description: bearer specifies the bearer authentication settings
for the REST API client.
properties:
directoryPathInContainer:
description: |-
directoryPathInContainer specifies the directory path in the container
where the credential is mounted.
minLength: 1
type: string
secretRef:
description: |-
secretRef specifies the name of the secret that contains the credential.
More info: https://docs.confluent.io/operator/current/co-authenticate.html#bearer-authentication
maxLength: 30
minLength: 1
pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$
type: string
type: object
oauth:
description: oauth specifies the OAuth authentication settings
for the REST API client.
properties:
configuration:
description: configuration specifies the OAuth server
settings.
properties:
audience:
description: audience specifies the audience claim
in the JWT payload.
minLength: 1
type: string
expectedIssuer:
description: expectedIssuer specifies the expected
issuer in the JWT payload.
minLength: 1
type: string
groupsClaimName:
description: groupsClaimName specifies the name of
claim in token for identifying the groups of subject
in the JWT payload.
minLength: 1
type: string
jwksEndpointUri:
description: |-
jwksEndpointUri specifies the uri for the JSON Web Key Set (JWKS).
It is used to get set of keys containing the public keys used to verify any JWT issued by the IdP's Authorization Server.
minLength: 1
type: string
loginConnectTimeoutMs:
description: LoginConnectTimeoutMs sets connect timeout
with IDP in ms
format: int32
type: integer
loginReadTimeoutMs:
description: LoginReadTimeoutMs sets read timeout
with IDP in ms
format: int32
type: integer
loginRetryBackoffMaxMs:
description: LoginRetryBackoffMaxMs sets max retry
backoff with IDP in ms
format: int32
type: integer
loginRetryBackoffMs:
description: LoginRetryBackoffMs sets retry backoff
with IDP in ms
format: int32
type: integer
scope:
description: |-
scope is optional and required only when your identity provider doesn't have
a default scope or your groups claim is linked to a scope.
minLength: 1
type: string
subClaimName:
description: subClaimName specifies name of claim
in JWT to use for the subject.
minLength: 1
type: string
tokenEndpointUri:
description: |-
tokenBaseEndpointUri specifies the base uri for token endpoint.
This is required for OAuth for inter broker communication along with
clientId & clientSecret in JassConfig or JassConfigPassthrough
minLength: 1
type: string
type: object
directoryPathInContainer:
description: directoryPathInContainer allows to pass the
basic credential through a directory path in the container.
minLength: 1
type: string
secretRef:
description: secretRef defines secret reference to pass
the required credentials.
maxLength: 30
minLength: 1
pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$
type: string
required:
- configuration
type: object
type:
description: type specifies the REST API authentication type.
Valid options are `basic`, `bearer`, `mtls` and `oauth`.
enum:
- basic
- bearer
- mtls
- oauth
type: string
required:
- type
type: object
endpoint:
description: endpoint specifies where Confluent REST API is running.
minLength: 1
pattern: ^https?://.*
type: string
kafkaClusterID:
description: |-
kafkaClusterID specifies the id of Kafka cluster.
It takes precedence over using the Kafka REST API to get the cluster id.
minLength: 1
type: string
tls:
description: "tls specifies the custom TLS structure for the application
resources,\n\t// e.g. connector, topic, schema, of the Confluent
Platform components.\n\t// +optional"
properties:
directoryPathInContainer:
description: |-
directoryPathInContainer contains the directory path in the container where
`keystore.jks`, `truststore.jks`, `jksPassword.txt` keys are mounted.
minLength: 1
type: string
jksPassword:
description: jksPassword specifies the secret name that contains
the JKS password.
properties:
secretRef:
description: |-
secretRef references the name of the secret containing the JKS password.
More info: https://docs.confluent.io/operator/current/co-network-encryption.html#configure-user-provided-tls-certificates
maxLength: 30
minLength: 1
pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$
type: string
required:
- secretRef
type: object
secretRef:
description: |-
secretRef specifies the secret name that contains the certificates.
More info about certificates key/value format: https://docs.confluent.io/operator/current/co-network-encryption.html#configure-user-provided-tls-certificates
maxLength: 63
minLength: 1
pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$
type: string
type: object
type: object
name:
description: |-
name specifies the connector name. If not configured,
the Connector CR name is used as the connector name.
maxLength: 255
minLength: 1
pattern: ^[a-zA-Z0-9\._\-]*$
type: string
restartPolicy:
description: restartPolicy specifies the policy to restart failed
tasks of the connector.
properties:
maxRetry:
description: maxRetry specifies the max number of tries to restart
failed tasks when the `restartPolicy` type is `OnFailure`. The
default value is `10`.
format: int32
minimum: 1
type: integer
type:
description: |-
type specifies the policy type to restart connector tasks. Valid options are `OnFailure` and `Never`.
Default value is `OnFailure`, which means it will restart automatically when a task fails if the `maxRetry` value is not reached.
enum:
- OnFailure
- Never
type: string
required:
- type
type: object
taskMax:
description: |-
taskMax specifies the maximum number of tasks for the connector. It must be greater than 0.
The connector may create fewer tasks if it cannot achieve this level of parallelism.
format: int32
minimum: 1
type: integer
required:
- class
- taskMax
type: object
status:
description: status defines the observed state of the Connector.
properties:
appState:
default: Unknown
description: appState is the current state of the connector application.
enum:
- Unknown
- Created
- Failed
- Deleted
type: string
conditions:
description: conditions are the latest available observations of the
connector state.
items:
description: Condition represent the latest available observations
of the current state.
properties:
lastProbeTime:
description: lastProbeTime shows the last time the condition
was evaluated.
format: date-time
type: string
lastTransitionTime:
description: lastTransitionTime shows the last time the condition
was transitioned from one status to another.
format: date-time
type: string
message:
description: message shows a human-readable message with details
about the transition.
type: string
reason:
description: reason shows the reason for the last transition
of the condition.
type: string
status:
description: status shows the status of the condition, one of
`True`, `False`, or `Unknown`.
type: string
type:
description: type shows the condition type.
type: string
type: object
type: array
connectRestEndpoint:
description: connectRestEndpoint is the REST endpoint of the Connect
cluster.
type: string
connectorState:
description: connectorState is the status of the connector instance.
type: string
failedTasks:
additionalProperties:
description: TaskStatus defines the connector task status.
properties:
id:
description: Id is the id of the task.
format: int32
type: integer
retryCount:
description: retryCount is the number of retry attempts to restart
the failed task.
format: int32
type: integer
workerID:
description: workerID is the workerId for the task.
type: string
required:
- id
type: object
description: |-
failedTasks is the map of connector tasks in the `FAILED` state.
Error messages of failed tasks are logged in the CFK logs as `INFO`.
You can also get the error message via Connect REST API calls.
type: object
x-kubernetes-map-type: granular
failedTasksCount:
description: failedTasksCount is the number of failed tasks.
format: int32
type: integer
kafkaClusterID:
description: kafkaClusterID is the Kafka cluster id the connector
belongs to.
type: string
observedGeneration:
description: observedGeneration is the most recent generation observed
for this Confluent component.
format: int64
type: integer
restartPolicy:
description: restartPolicy is the policy to restart failed tasks of
the connector.
properties:
maxRetry:
description: maxRetry specifies the max number of tries to restart
failed tasks when the `restartPolicy` type is `OnFailure`. The
default value is `10`.
format: int32
minimum: 1
type: integer
type:
description: |-
type specifies the policy type to restart connector tasks. Valid options are `OnFailure` and `Never`.
Default value is `OnFailure`, which means it will restart automatically when a task fails if the `maxRetry` value is not reached.
enum:
- OnFailure
- Never
type: string
required:
- type
type: object
state:
description: state is the custom resource state of the connector.
This is not the connector state, which can be `CREATED`, `ERROR`,
etc.
type: string
tasksReady:
description: |-
tasksReady is the number of running tasks based on `taskMax`.
The value is in the following format: `<number of running tasks>/<taskMax>`
type: string
trace:
description: trace is the error trace message for the connector instance.
type: string
workerID:
description: workerID is the workerId of the connector instance.
type: string
type: object
required:
- spec
type: object
served: true
storage: true
subresources:
status: {}

6941
charts/confluent/confluent-for-kubernetes/0.1033.33/crds/platform.confluent.io_connects.yaml Normal file
View File

File diff suppressed because it is too large Load Diff

6394
charts/confluent/confluent-for-kubernetes/0.1033.33/crds/platform.confluent.io_controlcenters.yaml Normal file
View File

File diff suppressed because it is too large Load Diff

557
charts/confluent/confluent-for-kubernetes/0.1033.33/crds/platform.confluent.io_kafkarestclasses.yaml Normal file
View File

@ -0,0 +1,557 @@
---
apiVersion: apiextensions.k8s.io/v1
kind: CustomResourceDefinition
metadata:
annotations:
controller-gen.kubebuilder.io/version: v0.15.0
name: kafkarestclasses.platform.confluent.io
spec:
group: platform.confluent.io
names:
categories:
- all
- confluent-platform
- confluent
kind: KafkaRestClass
listKind: KafkaRestClassList
plural: kafkarestclasses
shortNames:
- krc
- kafkarestclass
singular: kafkarestclass
scope: Namespaced
versions:
- additionalPrinterColumns:
- jsonPath: .metadata.creationTimestamp
name: Age
type: date
name: v1beta1
schema:
openAPIV3Schema:
description: KafkaRestClass is the schema for the Kafka REST API.
properties:
apiVersion:
description: |-
APIVersion defines the versioned schema of this representation of an object.
Servers should convert recognized schemas to the latest internal value, and
may reject unrecognized values.
More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources
type: string
kind:
description: |-
Kind is a string value representing the REST resource this object represents.
Servers may infer this from the endpoint the client submits requests to.
Cannot be updated.
In CamelCase.
More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds
type: string
metadata:
type: object
spec:
description: spec defines the desired state of the KafkaRestClass.
properties:
kafkaClusterRef:
description: kafkaClusterRef specifies the name of the Kafka cluster.
properties:
name:
description: name specifies the name of the Confluent Platform
component cluster.
type: string
namespace:
description: namespace specifies the namespace where the Confluent
Platform component cluster is running.
type: string
required:
- name
type: object
kafkaRest:
description: kafkaRest specifies the Kafka REST API configuration.
properties:
authentication:
description: authentication specifies the REST API authentication
mechanism.
properties:
basic:
description: basic specifies the basic authentication settings
for the REST API client.
properties:
debug:
description: debug enables the basic authentication debug
logs for JaaS configuration.
type: boolean
directoryPathInContainer:
description: |-
directoryPathInContainer allows to pass the basic credential through a directory path in the container.
More info: https://docs.confluent.io/operator/current/co-authenticate.html#basic-authentication
minLength: 1
type: string
restrictedRoles:
description: |-
restrictedRoles specify the restricted roles on the server side only.
Changes will be only reflected in Control Center.
This configuration is ignored on the client side configuration.
items:
type: string
minItems: 1
type: array
roles:
description: |-
roles specify the roles on the server side only.
This configuration is ignored on the client side configuration.
items:
type: string
type: array
secretRef:
description: |-
secretRef defines secret reference to pass the required credentials.
More info: https://docs.confluent.io/operator/current/co-authenticate.html#basic-authentication
maxLength: 30
minLength: 1
pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$
type: string
type: object
bearer:
description: bearer specifies the bearer authentication settings
for the REST API client.
properties:
directoryPathInContainer:
description: |-
directoryPathInContainer specifies the directory path in the container
where the credential is mounted.
minLength: 1
type: string
secretRef:
description: |-
secretRef specifies the name of the secret that contains the credential.
More info: https://docs.confluent.io/operator/current/co-authenticate.html#bearer-authentication
maxLength: 30
minLength: 1
pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$
type: string
type: object
oauth:
description: oauth specifies the OAuth authentication settings
for the REST API client.
properties:
configuration:
description: configuration specifies the OAuth server
settings.
properties:
audience:
description: audience specifies the audience claim
in the JWT payload.
minLength: 1
type: string
expectedIssuer:
description: expectedIssuer specifies the expected
issuer in the JWT payload.
minLength: 1
type: string
groupsClaimName:
description: groupsClaimName specifies the name of
claim in token for identifying the groups of subject
in the JWT payload.
minLength: 1
type: string
jwksEndpointUri:
description: |-
jwksEndpointUri specifies the uri for the JSON Web Key Set (JWKS).
It is used to get set of keys containing the public keys used to verify any JWT issued by the IdP's Authorization Server.
minLength: 1
type: string
loginConnectTimeoutMs:
description: LoginConnectTimeoutMs sets connect timeout
with IDP in ms
format: int32
type: integer
loginReadTimeoutMs:
description: LoginReadTimeoutMs sets read timeout
with IDP in ms
format: int32
type: integer
loginRetryBackoffMaxMs:
description: LoginRetryBackoffMaxMs sets max retry
backoff with IDP in ms
format: int32
type: integer
loginRetryBackoffMs:
description: LoginRetryBackoffMs sets retry backoff
with IDP in ms
format: int32
type: integer
scope:
description: |-
scope is optional and required only when your identity provider doesn't have
a default scope or your groups claim is linked to a scope.
minLength: 1
type: string
subClaimName:
description: subClaimName specifies name of claim
in JWT to use for the subject.
minLength: 1
type: string
tokenEndpointUri:
description: |-
tokenBaseEndpointUri specifies the base uri for token endpoint.
This is required for OAuth for inter broker communication along with
clientId & clientSecret in JassConfig or JassConfigPassthrough
minLength: 1
type: string
type: object
directoryPathInContainer:
description: directoryPathInContainer allows to pass the
basic credential through a directory path in the container.
minLength: 1
type: string
secretRef:
description: secretRef defines secret reference to pass
the required credentials.
maxLength: 30
minLength: 1
pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$
type: string
required:
- configuration
type: object
type:
description: type specifies the REST API authentication type.
Valid options are `basic`, `bearer`, `mtls` and `oauth`.
enum:
- basic
- bearer
- mtls
- oauth
type: string
required:
- type
type: object
endpoint:
description: endpoint specifies where Confluent REST API is running.
minLength: 1
pattern: ^https?://.*
type: string
kafkaClusterID:
description: |-
kafkaClusterID specifies the id of Kafka cluster.
It takes precedence over using the Kafka REST API to get the cluster id.
minLength: 1
type: string
tls:
description: "tls specifies the custom TLS structure for the application
resources,\n\t// e.g. connector, topic, schema, of the Confluent
Platform components.\n\t// +optional"
properties:
directoryPathInContainer:
description: |-
directoryPathInContainer contains the directory path in the container where
`keystore.jks`, `truststore.jks`, `jksPassword.txt` keys are mounted.
minLength: 1
type: string
jksPassword:
description: jksPassword specifies the secret name that contains
the JKS password.
properties:
secretRef:
description: |-
secretRef references the name of the secret containing the JKS password.
More info: https://docs.confluent.io/operator/current/co-network-encryption.html#configure-user-provided-tls-certificates
maxLength: 30
minLength: 1
pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$
type: string
required:
- secretRef
type: object
secretRef:
description: |-
secretRef specifies the secret name that contains the certificates.
More info about certificates key/value format: https://docs.confluent.io/operator/current/co-network-encryption.html#configure-user-provided-tls-certificates
maxLength: 63
minLength: 1
pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$
type: string
type: object
type: object
secondaryKafkaClusterRef:
description: secondaryKafkaClusterRef specifies the name of the secondary
Kafka cluster when using centralized RBAC.
properties:
name:
description: name specifies the name of the Confluent Platform
component cluster.
type: string
namespace:
description: namespace specifies the namespace where the Confluent
Platform component cluster is running.
type: string
required:
- name
type: object
secondaryKafkaRest:
description: secondaryKafkaRest specifies the secondary Kafka REST
API configuration when using centralized RBAC.
properties:
authentication:
description: authentication specifies the REST API authentication
mechanism.
properties:
basic:
description: basic specifies the basic authentication settings
for the REST API client.
properties:
debug:
description: debug enables the basic authentication debug
logs for JaaS configuration.
type: boolean
directoryPathInContainer:
description: |-
directoryPathInContainer allows to pass the basic credential through a directory path in the container.
More info: https://docs.confluent.io/operator/current/co-authenticate.html#basic-authentication
minLength: 1
type: string
restrictedRoles:
description: |-
restrictedRoles specify the restricted roles on the server side only.
Changes will be only reflected in Control Center.
This configuration is ignored on the client side configuration.
items:
type: string
minItems: 1
type: array
roles:
description: |-
roles specify the roles on the server side only.
This configuration is ignored on the client side configuration.
items:
type: string
type: array
secretRef:
description: |-
secretRef defines secret reference to pass the required credentials.
More info: https://docs.confluent.io/operator/current/co-authenticate.html#basic-authentication
maxLength: 30
minLength: 1
pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$
type: string
type: object
bearer:
description: bearer specifies the bearer authentication settings
for the REST API client.
properties:
directoryPathInContainer:
description: |-
directoryPathInContainer specifies the directory path in the container
where the credential is mounted.
minLength: 1
type: string
secretRef:
description: |-
secretRef specifies the name of the secret that contains the credential.
More info: https://docs.confluent.io/operator/current/co-authenticate.html#bearer-authentication
maxLength: 30
minLength: 1
pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$
type: string
type: object
oauth:
description: oauth specifies the OAuth authentication settings
for the REST API client.
properties:
configuration:
description: configuration specifies the OAuth server
settings.
properties:
audience:
description: audience specifies the audience claim
in the JWT payload.
minLength: 1
type: string
expectedIssuer:
description: expectedIssuer specifies the expected
issuer in the JWT payload.
minLength: 1
type: string
groupsClaimName:
description: groupsClaimName specifies the name of
claim in token for identifying the groups of subject
in the JWT payload.
minLength: 1
type: string
jwksEndpointUri:
description: |-
jwksEndpointUri specifies the uri for the JSON Web Key Set (JWKS).
It is used to get set of keys containing the public keys used to verify any JWT issued by the IdP's Authorization Server.
minLength: 1
type: string
loginConnectTimeoutMs:
description: LoginConnectTimeoutMs sets connect timeout
with IDP in ms
format: int32
type: integer
loginReadTimeoutMs:
description: LoginReadTimeoutMs sets read timeout
with IDP in ms
format: int32
type: integer
loginRetryBackoffMaxMs:
description: LoginRetryBackoffMaxMs sets max retry
backoff with IDP in ms
format: int32
type: integer
loginRetryBackoffMs:
description: LoginRetryBackoffMs sets retry backoff
with IDP in ms
format: int32
type: integer
scope:
description: |-
scope is optional and required only when your identity provider doesn't have
a default scope or your groups claim is linked to a scope.
minLength: 1
type: string
subClaimName:
description: subClaimName specifies name of claim
in JWT to use for the subject.
minLength: 1
type: string
tokenEndpointUri:
description: |-
tokenBaseEndpointUri specifies the base uri for token endpoint.
This is required for OAuth for inter broker communication along with
clientId & clientSecret in JassConfig or JassConfigPassthrough
minLength: 1
type: string
type: object
directoryPathInContainer:
description: directoryPathInContainer allows to pass the
basic credential through a directory path in the container.
minLength: 1
type: string
secretRef:
description: secretRef defines secret reference to pass
the required credentials.
maxLength: 30
minLength: 1
pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$
type: string
required:
- configuration
type: object
type:
description: type specifies the REST API authentication type.
Valid options are `basic`, `bearer`, `mtls` and `oauth`.
enum:
- basic
- bearer
- mtls
- oauth
type: string
required:
- type
type: object
endpoint:
description: endpoint specifies where Confluent REST API is running.
minLength: 1
pattern: ^https?://.*
type: string
kafkaClusterID:
description: |-
kafkaClusterID specifies the id of Kafka cluster.
It takes precedence over using the Kafka REST API to get the cluster id.
minLength: 1
type: string
tls:
description: "tls specifies the custom TLS structure for the application
resources,\n\t// e.g. connector, topic, schema, of the Confluent
Platform components.\n\t// +optional"
properties:
directoryPathInContainer:
description: |-
directoryPathInContainer contains the directory path in the container where
`keystore.jks`, `truststore.jks`, `jksPassword.txt` keys are mounted.
minLength: 1
type: string
jksPassword:
description: jksPassword specifies the secret name that contains
the JKS password.
properties:
secretRef:
description: |-
secretRef references the name of the secret containing the JKS password.
More info: https://docs.confluent.io/operator/current/co-network-encryption.html#configure-user-provided-tls-certificates
maxLength: 30
minLength: 1
pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$
type: string
required:
- secretRef
type: object
secretRef:
description: |-
secretRef specifies the secret name that contains the certificates.
More info about certificates key/value format: https://docs.confluent.io/operator/current/co-network-encryption.html#configure-user-provided-tls-certificates
maxLength: 63
minLength: 1
pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$
type: string
type: object
type: object
type: object
status:
description: status defines the observed state of the KafkaRestClass.
properties:
conditions:
description: conditions are the latest available observed state of
the kafkaRestClass.
items:
description: Condition represent the latest available observations
of the current state.
properties:
lastProbeTime:
description: lastProbeTime shows the last time the condition
was evaluated.
format: date-time
type: string
lastTransitionTime:
description: lastTransitionTime shows the last time the condition
was transitioned from one status to another.
format: date-time
type: string
message:
description: message shows a human-readable message with details
about the transition.
type: string
reason:
description: reason shows the reason for the last transition
of the condition.
type: string
status:
description: status shows the status of the condition, one of
`True`, `False`, or `Unknown`.
type: string
type:
description: type shows the condition type.
type: string
type: object
type: array
endpoint:
description: endpoint specifies the Kafka REST API / MDS endpoint.
type: string
kafkaClusterID:
description: |-
kafkaClusterID specifies the id of the Kafka cluster.
If using centralized RBAC and kafkaRestClass is for the secondary Kafka cluster, it will be the cluster id of the secondary Kafka cluster.
type: string
observedGeneration:
description: observedGeneration is the most recent generation observed
for this Confluent component.
format: int64
type: integer
type: object
required:
- spec
type: object
served: true
storage: true
subresources:
status: {}

5834
charts/confluent/confluent-for-kubernetes/0.1033.33/crds/platform.confluent.io_kafkarestproxies.yaml Normal file
View File

File diff suppressed because it is too large Load Diff

10948
charts/confluent/confluent-for-kubernetes/0.1033.33/crds/platform.confluent.io_kafkas.yaml Normal file
View File

File diff suppressed because it is too large Load Diff

410
charts/confluent/confluent-for-kubernetes/0.1033.33/crds/platform.confluent.io_kafkatopics.yaml Normal file
View File

@ -0,0 +1,410 @@
---
apiVersion: apiextensions.k8s.io/v1
kind: CustomResourceDefinition
metadata:
annotations:
controller-gen.kubebuilder.io/version: v0.15.0
name: kafkatopics.platform.confluent.io
spec:
group: platform.confluent.io
names:
categories:
- all
- confluent-platform
- confluent
kind: KafkaTopic
listKind: KafkaTopicList
plural: kafkatopics
shortNames:
- kt
- topic
singular: kafkatopic
scope: Namespaced
versions:
- additionalPrinterColumns:
- jsonPath: .status.replicas
name: Replicas
type: string
- jsonPath: .status.partitionCount
name: Partition
type: string
- jsonPath: .status.state
name: Status
type: string
- jsonPath: .status.kafkaClusterID
name: ClusterID
type: string
- jsonPath: .metadata.creationTimestamp
name: Age
type: date
- jsonPath: .status.kafkaCluster
name: KafkaCluster
priority: 1
type: string
name: v1beta1
schema:
openAPIV3Schema:
description: KafkaTopic is the schema for the Kafka Topic API.
properties:
apiVersion:
description: |-
APIVersion defines the versioned schema of this representation of an object.
Servers should convert recognized schemas to the latest internal value, and
may reject unrecognized values.
More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources
type: string
kind:
description: |-
Kind is a string value representing the REST resource this object represents.
Servers may infer this from the endpoint the client submits requests to.
Cannot be updated.
In CamelCase.
More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds
type: string
metadata:
type: object
spec:
description: spec defines the desired state of the KafkaTopic.
properties:
configs:
additionalProperties:
type: string
description: |-
configs is a map of string key and value pairs that are used to pass the configuration settings for the topic.
More info: https://docs.confluent.io/current/installation/configuration/topic-configs.html.
type: object
x-kubernetes-map-type: granular
kafkaClusterRef:
description: kafkaClusterRef specifies the name of the Kafka cluster.
properties:
name:
description: name specifies the name of the Confluent Platform
component cluster.
type: string
namespace:
description: namespace specifies the namespace where the Confluent
Platform component cluster is running.
type: string
required:
- name
type: object
kafkaRest:
description: kafkaRest specifies the Kafka REST API configuration.
properties:
authentication:
description: authentication specifies the REST API authentication
mechanism.
properties:
basic:
description: basic specifies the basic authentication settings
for the REST API client.
properties:
debug:
description: debug enables the basic authentication debug
logs for JaaS configuration.
type: boolean
directoryPathInContainer:
description: |-
directoryPathInContainer allows to pass the basic credential through a directory path in the container.
More info: https://docs.confluent.io/operator/current/co-authenticate.html#basic-authentication
minLength: 1
type: string
restrictedRoles:
description: |-
restrictedRoles specify the restricted roles on the server side only.
Changes will be only reflected in Control Center.
This configuration is ignored on the client side configuration.
items:
type: string
minItems: 1
type: array
roles:
description: |-
roles specify the roles on the server side only.
This configuration is ignored on the client side configuration.
items:
type: string
type: array
secretRef:
description: |-
secretRef defines secret reference to pass the required credentials.
More info: https://docs.confluent.io/operator/current/co-authenticate.html#basic-authentication
maxLength: 30
minLength: 1
pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$
type: string
type: object
bearer:
description: bearer specifies the bearer authentication settings
for the REST API client.
properties:
directoryPathInContainer:
description: |-
directoryPathInContainer specifies the directory path in the container
where the credential is mounted.
minLength: 1
type: string
secretRef:
description: |-
secretRef specifies the name of the secret that contains the credential.
More info: https://docs.confluent.io/operator/current/co-authenticate.html#bearer-authentication
maxLength: 30
minLength: 1
pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$
type: string
type: object
oauth:
description: oauth specifies the OAuth authentication settings
for the REST API client.
properties:
configuration:
description: configuration specifies the OAuth server
settings.
properties:
audience:
description: audience specifies the audience claim
in the JWT payload.
minLength: 1
type: string
expectedIssuer:
description: expectedIssuer specifies the expected
issuer in the JWT payload.
minLength: 1
type: string
groupsClaimName:
description: groupsClaimName specifies the name of
claim in token for identifying the groups of subject
in the JWT payload.
minLength: 1
type: string
jwksEndpointUri:
description: |-
jwksEndpointUri specifies the uri for the JSON Web Key Set (JWKS).
It is used to get set of keys containing the public keys used to verify any JWT issued by the IdP's Authorization Server.
minLength: 1
type: string
loginConnectTimeoutMs:
description: LoginConnectTimeoutMs sets connect timeout
with IDP in ms
format: int32
type: integer
loginReadTimeoutMs:
description: LoginReadTimeoutMs sets read timeout
with IDP in ms
format: int32
type: integer
loginRetryBackoffMaxMs:
description: LoginRetryBackoffMaxMs sets max retry
backoff with IDP in ms
format: int32
type: integer
loginRetryBackoffMs:
description: LoginRetryBackoffMs sets retry backoff
with IDP in ms
format: int32
type: integer
scope:
description: |-
scope is optional and required only when your identity provider doesn't have
a default scope or your groups claim is linked to a scope.
minLength: 1
type: string
subClaimName:
description: subClaimName specifies name of claim
in JWT to use for the subject.
minLength: 1
type: string
tokenEndpointUri:
description: |-
tokenBaseEndpointUri specifies the base uri for token endpoint.
This is required for OAuth for inter broker communication along with
clientId & clientSecret in JassConfig or JassConfigPassthrough
minLength: 1
type: string
type: object
directoryPathInContainer:
description: directoryPathInContainer allows to pass the
basic credential through a directory path in the container.
minLength: 1
type: string
secretRef:
description: secretRef defines secret reference to pass
the required credentials.
maxLength: 30
minLength: 1
pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$
type: string
required:
- configuration
type: object
type:
description: type specifies the REST API authentication type.
Valid options are `basic`, `bearer`, `mtls` and `oauth`.
enum:
- basic
- bearer
- mtls
- oauth
type: string
required:
- type
type: object
endpoint:
description: endpoint specifies where Confluent REST API is running.
minLength: 1
pattern: ^https?://.*
type: string
kafkaClusterID:
description: |-
kafkaClusterID specifies the id of Kafka cluster.
It takes precedence over using the Kafka REST API to get the cluster id.
minLength: 1
type: string
tls:
description: "tls specifies the custom TLS structure for the application
resources,\n\t// e.g. connector, topic, schema, of the Confluent
Platform components.\n\t// +optional"
properties:
directoryPathInContainer:
description: |-
directoryPathInContainer contains the directory path in the container where
`keystore.jks`, `truststore.jks`, `jksPassword.txt` keys are mounted.
minLength: 1
type: string
jksPassword:
description: jksPassword specifies the secret name that contains
the JKS password.
properties:
secretRef:
description: |-
secretRef references the name of the secret containing the JKS password.
More info: https://docs.confluent.io/operator/current/co-network-encryption.html#configure-user-provided-tls-certificates
maxLength: 30
minLength: 1
pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$
type: string
required:
- secretRef
type: object
secretRef:
description: |-
secretRef specifies the secret name that contains the certificates.
More info about certificates key/value format: https://docs.confluent.io/operator/current/co-network-encryption.html#configure-user-provided-tls-certificates
maxLength: 63
minLength: 1
pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$
type: string
type: object
type: object
kafkaRestClassRef:
description: kafkaRestClassRef references the KafkaRestClass which
defines Kafka REST API connection information.
properties:
name:
description: name specifies the name of the KafkaRestClass application
resource.
minLength: 1
type: string
namespace:
description: namespace specifies the namespace of the KafkaRestClass.
type: string
required:
- name
type: object
name:
description: |-
name specifies the topic name. If not configured, the KafkaTopic CR name is used
as the topic name.
maxLength: 255
minLength: 1
pattern: ^[a-zA-Z0-9\._\-]*$
type: string
partitionCount:
description: |-
partitionCount specifies the number of partitions for the topic.
If not configured, it will be defaulted to the partition count that Kafka REST V3 API supports.
format: int32
type: integer
replicas:
description: |-
replicas specifies the replication factor for the topic.
If not configured, it will be defaulted to the replication factor that Kafka REST V3 API supports.
format: int32
type: integer
type: object
status:
description: status defines the observed state of the KafkaTopic.
properties:
appState:
default: Unknown
description: appState is the current state of the topic application.
enum:
- Unknown
- Created
- Failed
- Deleted
type: string
conditions:
description: conditions are the latest available observed states of
the topic.
items:
description: Condition represent the latest available observations
of the current state.
properties:
lastProbeTime:
description: lastProbeTime shows the last time the condition
was evaluated.
format: date-time
type: string
lastTransitionTime:
description: lastTransitionTime shows the last time the condition
was transitioned from one status to another.
format: date-time
type: string
message:
description: message shows a human-readable message with details
about the transition.
type: string
reason:
description: reason shows the reason for the last transition
of the condition.
type: string
status:
description: status shows the status of the condition, one of
`True`, `False`, or `Unknown`.
type: string
type:
description: type shows the condition type.
type: string
type: object
type: array
kafkaCluster:
type: string
kafkaClusterID:
description: kafkaClusterID is the id of the Kafka cluster.
type: string
kafkaRestEndpoint:
description: kafkaRestEndpoint is the endpoint of the Kafka REST API.
type: string
observedGeneration:
description: observedGeneration is the most recent generation observed
for this Confluent component.
format: int64
type: integer
partitionCount:
description: partitionCount is the partition count of the topic.
format: int32
type: integer
replicas:
description: replicas is the replication factor of the topic.
format: int32
type: integer
state:
description: state is the state of the topic.
type: string
type: object
type: object
served: true
storage: true
subresources:
status: {}

5752
charts/confluent/confluent-for-kubernetes/0.1033.33/crds/platform.confluent.io_kraftcontrollers.yaml Normal file
View File

File diff suppressed because it is too large Load Diff

194
charts/confluent/confluent-for-kubernetes/0.1033.33/crds/platform.confluent.io_kraftmigrationjobs.yaml Normal file
View File

@ -0,0 +1,194 @@
---
apiVersion: apiextensions.k8s.io/v1
kind: CustomResourceDefinition
metadata:
annotations:
controller-gen.kubebuilder.io/version: v0.15.0
name: kraftmigrationjobs.platform.confluent.io
spec:
group: platform.confluent.io
names:
categories:
- all
- confluent-platform
- confluent
kind: KRaftMigrationJob
listKind: KRaftMigrationJobList
plural: kraftmigrationjobs
shortNames:
- kraftmigrationjob
- kmj
singular: kraftmigrationjob
scope: Namespaced
versions:
- additionalPrinterColumns:
- jsonPath: .status.phase
name: Status
type: string
- jsonPath: .metadata.creationTimestamp
name: Age
type: date
name: v1beta1
schema:
openAPIV3Schema:
description: KRaftMigrationJob is the schema for the KRaftMigrationJob API.
properties:
apiVersion:
description: |-
APIVersion defines the versioned schema of this representation of an object.
Servers should convert recognized schemas to the latest internal value, and
may reject unrecognized values.
More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources
type: string
kind:
description: |-
Kind is a string value representing the REST resource this object represents.
Servers may infer this from the endpoint the client submits requests to.
Cannot be updated.
In CamelCase.
More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds
type: string
metadata:
type: object
spec:
description: spec defines the desired state of the KRaftMigrationJob.
properties:
dependencies:
description: dependencies specify the Kafka Broker, Zookeeper and
KRaft Controllers.
properties:
kRaftController:
description: |-
kRaftController specifies the dependency configuration for the KRaftController cluster.
You cannot configure both zookeeper and kRaftController dependencies.
properties:
name:
description: name specifies the name of the Confluent Platform
component cluster.
type: string
namespace:
description: namespace specifies the namespace where the Confluent
Platform component cluster is running.
type: string
required:
- name
type: object
kafka:
description: kafka defines the Kafka dependency configurations.
properties:
name:
description: name specifies the name of the Confluent Platform
component cluster.
type: string
namespace:
description: namespace specifies the namespace where the Confluent
Platform component cluster is running.
type: string
required:
- name
type: object
zookeeper:
description: zookeeper specifies the dependency configuration
for Zookeeper.
properties:
name:
description: name specifies the name of the Confluent Platform
component cluster.
type: string
namespace:
description: namespace specifies the namespace where the Confluent
Platform component cluster is running.
type: string
required:
- name
type: object
required:
- kRaftController
- kafka
- zookeeper
type: object
required:
- dependencies
type: object
status:
description: status defines the observed state of the KRaftMigrationJob.
properties:
conditions:
description: conditions represents the latest available observations
of the kraft migration job.
items:
description: Condition represent the latest available observations
of the current state.
properties:
lastProbeTime:
description: lastProbeTime shows the last time the condition
was evaluated.
format: date-time
type: string
lastTransitionTime:
description: lastTransitionTime shows the last time the condition
was transitioned from one status to another.
format: date-time
type: string
message:
description: message shows a human-readable message with details
about the transition.
type: string
reason:
description: reason shows the reason for the last transition
of the condition.
type: string
status:
description: status shows the status of the condition, one of
`True`, `False`, or `Unknown`.
type: string
type:
description: type shows the condition type.
type: string
type: object
type: array
kafkaClusterId:
description: clusterId is the clusterId for migrating cluster
type: string
kafkaGeneration:
description: |-
kafkaGeneration is the last generation at which
kafka cluster was updated during migration workflow
format: int64
type: integer
kraftControllerGeneration:
description: |-
kraftControllerGeneration is the last generation at which
kraftController cluster was updated during migration workflow
format: int64
type: integer
phase:
description: phase is the state of the kraft migration job.
type: string
subPhase:
description: subPhase is the state of the kraft migration job.
type: string
zkEndpointWithNode:
description: |-
zkEndpointWithNode is the zkEndpoint with node fetched from kafka
<host:port>/<zkNodeID>
type: string
required:
- kafkaClusterId
- kafkaGeneration
- kraftControllerGeneration
- phase
- subPhase
- zkEndpointWithNode
type: object
required:
- spec
type: object
served: true
storage: true
subresources:
scale:
labelSelectorPath: .status.selector
specReplicasPath: .spec.replicas
statusReplicasPath: .status.replicas
status: {}

6646
charts/confluent/confluent-for-kubernetes/0.1033.33/crds/platform.confluent.io_ksqldbs.yaml Normal file
View File

File diff suppressed because it is too large Load Diff

688
charts/confluent/confluent-for-kubernetes/0.1033.33/crds/platform.confluent.io_schemaexporters.yaml Normal file
View File

@ -0,0 +1,688 @@
---
apiVersion: apiextensions.k8s.io/v1
kind: CustomResourceDefinition
metadata:
annotations:
controller-gen.kubebuilder.io/version: v0.15.0
name: schemaexporters.platform.confluent.io
spec:
group: platform.confluent.io
names:
categories:
- all
- confluent-platform
- confluent
kind: SchemaExporter
listKind: SchemaExporterList
plural: schemaexporters
shortNames:
- se
- schemaexporter
singular: schemaexporter
scope: Namespaced
versions:
- additionalPrinterColumns:
- jsonPath: .status.contextName
name: ContextName
type: string
- jsonPath: .status.exporterStatus
name: ExporterStatus
type: string
- jsonPath: .status.state
name: Status
type: string
- jsonPath: .metadata.creationTimestamp
name: Age
type: date
- jsonPath: .status.sourceSchemaRegistry.endpoint
name: SourceSchemaRegistryEndpoint
priority: 1
type: string
- jsonPath: .status.destinationSchemaRegistry.endpoint
name: DestinationSchemaRegistryEndpoint
priority: 1
type: string
name: v1beta1
schema:
openAPIV3Schema:
description: SchemaExporter is the schema for the SchemaExporter API.
properties:
apiVersion:
description: |-
APIVersion defines the versioned schema of this representation of an object.
Servers should convert recognized schemas to the latest internal value, and
may reject unrecognized values.
More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources
type: string
kind:
description: |-
Kind is a string value representing the REST resource this object represents.
Servers may infer this from the endpoint the client submits requests to.
Cannot be updated.
In CamelCase.
More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds
type: string
metadata:
type: object
spec:
description: spec defines the desired state of the schema exporter.
properties:
configs:
additionalProperties:
type: string
description: |-
configs is a map of string key and value pairs. It specifies additional configurations for the schema exporter. More info:
https://docs.confluent.io/platform/current/schema-registry/schema-linking-cp.html#create-a-configuration-file-for-the-exporter
type: object
x-kubernetes-map-type: granular
contextName:
description: |-
contextName specifies the custom context name in the destination Schema Registry cluster where the
schemas will be exported. If this is defined, contextType will be ignored. If this is not defined,
schemas will be exported to context in destination based on contextType.
type: string
contextType:
description: |-
contextType specifies the type of context created in the destination Schema Registry cluster of
the schema exporter.
Valid options are `AUTO` and `NONE`.
The default value is `AUTO`.
enum:
- AUTO
- NONE
type: string
destinationCluster:
description: |-
destinationCluster specifies the destination Schema Registry cluster. If this is not defined,
sourceCluster is chosen as the destination and the schema exporter will be exporting
schemas across contexts within the sourceCluster.
Schema exporter should be enabled in Schema Registry cluster CR with `spec.enableSchemaExporter`.
properties:
schemaRegistryClusterRef:
description: schemaRegistryClusterRef references the CFK-managed
Schema Registry cluster.
properties:
name:
description: name specifies the name of the Confluent Platform
component cluster.
type: string
namespace:
description: namespace specifies the namespace where the Confluent
Platform component cluster is running.
type: string
required:
- name
type: object
schemaRegistryRest:
description: schemaRegistryRest specifies the Schema Registry
REST API configuration.
properties:
authentication:
description: authentication specifies the REST API authentication
mechanism.
properties:
basic:
description: basic specifies the basic authentication
settings for the REST API client.
properties:
debug:
description: debug enables the basic authentication
debug logs for JaaS configuration.
type: boolean
directoryPathInContainer:
description: |-
directoryPathInContainer allows to pass the basic credential through a directory path in the container.
More info: https://docs.confluent.io/operator/current/co-authenticate.html#basic-authentication
minLength: 1
type: string
restrictedRoles:
description: |-
restrictedRoles specify the restricted roles on the server side only.
Changes will be only reflected in Control Center.
This configuration is ignored on the client side configuration.
items:
type: string
minItems: 1
type: array
roles:
description: |-
roles specify the roles on the server side only.
This configuration is ignored on the client side configuration.
items:
type: string
type: array
secretRef:
description: |-
secretRef defines secret reference to pass the required credentials.
More info: https://docs.confluent.io/operator/current/co-authenticate.html#basic-authentication
maxLength: 30
minLength: 1
pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$
type: string
type: object
bearer:
description: bearer specifies the bearer authentication
settings for the REST API client.
properties:
directoryPathInContainer:
description: |-
directoryPathInContainer specifies the directory path in the container
where the credential is mounted.
minLength: 1
type: string
secretRef:
description: |-
secretRef specifies the name of the secret that contains the credential.
More info: https://docs.confluent.io/operator/current/co-authenticate.html#bearer-authentication
maxLength: 30
minLength: 1
pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$
type: string
type: object
oauth:
description: oauth specifies the OAuth authentication
settings for the REST API client.
properties:
configuration:
description: configuration specifies the OAuth server
settings.
properties:
audience:
description: audience specifies the audience claim
in the JWT payload.
minLength: 1
type: string
expectedIssuer:
description: expectedIssuer specifies the expected
issuer in the JWT payload.
minLength: 1
type: string
groupsClaimName:
description: groupsClaimName specifies the name
of claim in token for identifying the groups
of subject in the JWT payload.
minLength: 1
type: string
jwksEndpointUri:
description: |-
jwksEndpointUri specifies the uri for the JSON Web Key Set (JWKS).
It is used to get set of keys containing the public keys used to verify any JWT issued by the IdP's Authorization Server.
minLength: 1
type: string
loginConnectTimeoutMs:
description: LoginConnectTimeoutMs sets connect
timeout with IDP in ms
format: int32
type: integer
loginReadTimeoutMs:
description: LoginReadTimeoutMs sets read timeout
with IDP in ms
format: int32
type: integer
loginRetryBackoffMaxMs:
description: LoginRetryBackoffMaxMs sets max retry
backoff with IDP in ms
format: int32
type: integer
loginRetryBackoffMs:
description: LoginRetryBackoffMs sets retry backoff
with IDP in ms
format: int32
type: integer
scope:
description: |-
scope is optional and required only when your identity provider doesn't have
a default scope or your groups claim is linked to a scope.
minLength: 1
type: string
subClaimName:
description: subClaimName specifies name of claim
in JWT to use for the subject.
minLength: 1
type: string
tokenEndpointUri:
description: |-
tokenBaseEndpointUri specifies the base uri for token endpoint.
This is required for OAuth for inter broker communication along with
clientId & clientSecret in JassConfig or JassConfigPassthrough
minLength: 1
type: string
type: object
directoryPathInContainer:
description: directoryPathInContainer allows to pass
the basic credential through a directory path in
the container.
minLength: 1
type: string
secretRef:
description: secretRef defines secret reference to
pass the required credentials.
maxLength: 30
minLength: 1
pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$
type: string
required:
- configuration
type: object
type:
description: type specifies the REST API authentication
type. Valid options are `basic`, `bearer`, `mtls` and
`oauth`.
enum:
- basic
- bearer
- mtls
- oauth
type: string
required:
- type
type: object
endpoint:
description: endpoint specifies where Confluent REST API is
running.
minLength: 1
pattern: ^https?://.*
type: string
kafkaClusterID:
description: |-
kafkaClusterID specifies the id of Kafka cluster.
It takes precedence over using the Kafka REST API to get the cluster id.
minLength: 1
type: string
tls:
description: "tls specifies the custom TLS structure for the
application resources,\n\t// e.g. connector, topic, schema,
of the Confluent Platform components.\n\t// +optional"
properties:
directoryPathInContainer:
description: |-
directoryPathInContainer contains the directory path in the container where
`keystore.jks`, `truststore.jks`, `jksPassword.txt` keys are mounted.
minLength: 1
type: string
jksPassword:
description: jksPassword specifies the secret name that
contains the JKS password.
properties:
secretRef:
description: |-
secretRef references the name of the secret containing the JKS password.
More info: https://docs.confluent.io/operator/current/co-network-encryption.html#configure-user-provided-tls-certificates
maxLength: 30
minLength: 1
pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$
type: string
required:
- secretRef
type: object
secretRef:
description: |-
secretRef specifies the secret name that contains the certificates.
More info about certificates key/value format: https://docs.confluent.io/operator/current/co-network-encryption.html#configure-user-provided-tls-certificates
maxLength: 63
minLength: 1
pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$
type: string
type: object
type: object
type: object
sourceCluster:
description: |-
sourceCluster specifies the source Schema Registry cluster. Schema exporter will be set
up in the source cluster. If this is not defined, controller will try to auto discover Schema Registry
in the namespace of the schema exporter. If it cannot discover a Schema Registry cluster or more than
one Schema Registry clusters are found, controller will return error.
Schema exporter should be enabled in Schema Registry cluster CR with `spec.enableSchemaExporter`.
properties:
schemaRegistryClusterRef:
description: schemaRegistryClusterRef references the CFK-managed
Schema Registry cluster.
properties:
name:
description: name specifies the name of the Confluent Platform
component cluster.
type: string
namespace:
description: namespace specifies the namespace where the Confluent
Platform component cluster is running.
type: string
required:
- name
type: object
schemaRegistryRest:
description: schemaRegistryRest specifies the Schema Registry
REST API configuration.
properties:
authentication:
description: authentication specifies the REST API authentication
mechanism.
properties:
basic:
description: basic specifies the basic authentication
settings for the REST API client.
properties:
debug:
description: debug enables the basic authentication
debug logs for JaaS configuration.
type: boolean
directoryPathInContainer:
description: |-
directoryPathInContainer allows to pass the basic credential through a directory path in the container.
More info: https://docs.confluent.io/operator/current/co-authenticate.html#basic-authentication
minLength: 1
type: string
restrictedRoles:
description: |-
restrictedRoles specify the restricted roles on the server side only.
Changes will be only reflected in Control Center.
This configuration is ignored on the client side configuration.
items:
type: string
minItems: 1
type: array
roles:
description: |-
roles specify the roles on the server side only.
This configuration is ignored on the client side configuration.
items:
type: string
type: array
secretRef:
description: |-
secretRef defines secret reference to pass the required credentials.
More info: https://docs.confluent.io/operator/current/co-authenticate.html#basic-authentication
maxLength: 30
minLength: 1
pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$
type: string
type: object
bearer:
description: bearer specifies the bearer authentication
settings for the REST API client.
properties:
directoryPathInContainer:
description: |-
directoryPathInContainer specifies the directory path in the container
where the credential is mounted.
minLength: 1
type: string
secretRef:
description: |-
secretRef specifies the name of the secret that contains the credential.
More info: https://docs.confluent.io/operator/current/co-authenticate.html#bearer-authentication
maxLength: 30
minLength: 1
pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$
type: string
type: object
oauth:
description: oauth specifies the OAuth authentication
settings for the REST API client.
properties:
configuration:
description: configuration specifies the OAuth server
settings.
properties:
audience:
description: audience specifies the audience claim
in the JWT payload.
minLength: 1
type: string
expectedIssuer:
description: expectedIssuer specifies the expected
issuer in the JWT payload.
minLength: 1
type: string
groupsClaimName:
description: groupsClaimName specifies the name
of claim in token for identifying the groups
of subject in the JWT payload.
minLength: 1
type: string
jwksEndpointUri:
description: |-
jwksEndpointUri specifies the uri for the JSON Web Key Set (JWKS).
It is used to get set of keys containing the public keys used to verify any JWT issued by the IdP's Authorization Server.
minLength: 1
type: string
loginConnectTimeoutMs:
description: LoginConnectTimeoutMs sets connect
timeout with IDP in ms
format: int32
type: integer
loginReadTimeoutMs:
description: LoginReadTimeoutMs sets read timeout
with IDP in ms
format: int32
type: integer
loginRetryBackoffMaxMs:
description: LoginRetryBackoffMaxMs sets max retry
backoff with IDP in ms
format: int32
type: integer
loginRetryBackoffMs:
description: LoginRetryBackoffMs sets retry backoff
with IDP in ms
format: int32
type: integer
scope:
description: |-
scope is optional and required only when your identity provider doesn't have
a default scope or your groups claim is linked to a scope.
minLength: 1
type: string
subClaimName:
description: subClaimName specifies name of claim
in JWT to use for the subject.
minLength: 1
type: string
tokenEndpointUri:
description: |-
tokenBaseEndpointUri specifies the base uri for token endpoint.
This is required for OAuth for inter broker communication along with
clientId & clientSecret in JassConfig or JassConfigPassthrough
minLength: 1
type: string
type: object
directoryPathInContainer:
description: directoryPathInContainer allows to pass
the basic credential through a directory path in
the container.
minLength: 1
type: string
secretRef:
description: secretRef defines secret reference to
pass the required credentials.
maxLength: 30
minLength: 1
pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$
type: string
required:
- configuration
type: object
type:
description: type specifies the REST API authentication
type. Valid options are `basic`, `bearer`, `mtls` and
`oauth`.
enum:
- basic
- bearer
- mtls
- oauth
type: string
required:
- type
type: object
endpoint:
description: endpoint specifies where Confluent REST API is
running.
minLength: 1
pattern: ^https?://.*
type: string
kafkaClusterID:
description: |-
kafkaClusterID specifies the id of Kafka cluster.
It takes precedence over using the Kafka REST API to get the cluster id.
minLength: 1
type: string
tls:
description: "tls specifies the custom TLS structure for the
application resources,\n\t// e.g. connector, topic, schema,
of the Confluent Platform components.\n\t// +optional"
properties:
directoryPathInContainer:
description: |-
directoryPathInContainer contains the directory path in the container where
`keystore.jks`, `truststore.jks`, `jksPassword.txt` keys are mounted.
minLength: 1
type: string
jksPassword:
description: jksPassword specifies the secret name that
contains the JKS password.
properties:
secretRef:
description: |-
secretRef references the name of the secret containing the JKS password.
More info: https://docs.confluent.io/operator/current/co-network-encryption.html#configure-user-provided-tls-certificates
maxLength: 30
minLength: 1
pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$
type: string
required:
- secretRef
type: object
secretRef:
description: |-
secretRef specifies the secret name that contains the certificates.
More info about certificates key/value format: https://docs.confluent.io/operator/current/co-network-encryption.html#configure-user-provided-tls-certificates
maxLength: 63
minLength: 1
pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$
type: string
type: object
type: object
type: object
subjectRenameFormat:
description: |-
subjectRenameFormat specifies the rename format for the subjects exported to the destination.
For example, if the value is `my-${subject}`, subjects at destination will become `my-firstSubject`
where `firstSubject` is the original subject name.
type: string
subjects:
description: |-
subjects specifies the list of subjects to be exported by schema exporter.
The default value is `["*"]`. This indicates all subjects in the default context.
items:
type: string
type: array
type: object
status:
description: status defines the observed state of the schema exporter.
properties:
appState:
default: Unknown
description: appState is the current state of the schema exporter
application.
enum:
- Unknown
- Created
- Failed
- Deleted
type: string
conditions:
description: conditions are the latest available observations of the
schema exporter's state.
items:
description: Condition represent the latest available observations
of the current state.
properties:
lastProbeTime:
description: lastProbeTime shows the last time the condition
was evaluated.
format: date-time
type: string
lastTransitionTime:
description: lastTransitionTime shows the last time the condition
was transitioned from one status to another.
format: date-time
type: string
message:
description: message shows a human-readable message with details
about the transition.
type: string
reason:
description: reason shows the reason for the last transition
of the condition.
type: string
status:
description: status shows the status of the condition, one of
`True`, `False`, or `Unknown`.
type: string
type:
description: type shows the condition type.
type: string
type: object
type: array
contextName:
description: |-
contextName shows the name of the context in the destination Schema Registry cluster
where the schemas will be exported.
type: string
contextType:
description: contextType is the contextType of the schema exporter.
type: string
destinationSchemaRegistry:
description: |-
destinationSchemaRegistry shows the destination Schema Registry endpoint, authentication type
and if it is using TLS.
properties:
authenticationType:
description: authenticationType is the authentication method used
for Schema Registry.
type: string
endpoint:
description: endpoint is the Schema Registry REST endpoint.
type: string
tls:
description: tls shows whether the Schema Registry is using TLS.
type: boolean
type: object
exporterStatus:
description: exporterStatus is the status of the schema exporter.
type: string
observedGeneration:
description: observedGeneration is the most recent generation observed
for this Confluent component.
format: int64
type: integer
sourceSchemaRegistry:
description: |-
sourceSchemaRegistry shows the source Schema Registry endpoint, authentication type
and if it is using TLS.
properties:
authenticationType:
description: authenticationType is the authentication method used
for Schema Registry.
type: string
endpoint:
description: endpoint is the Schema Registry REST endpoint.
type: string
tls:
description: tls shows whether the Schema Registry is using TLS.
type: boolean
type: object
state:
description: state is the current state of the schema exporter.
type: string
subjects:
description: subjects is the list of subjects exported by the schema
exporter.
items:
type: string
type: array
type: object
type: object
served: true
storage: true
subresources:
status: {}

5801
charts/confluent/confluent-for-kubernetes/0.1033.33/crds/platform.confluent.io_schemaregistries.yaml Normal file
View File

File diff suppressed because it is too large Load Diff

590
charts/confluent/confluent-for-kubernetes/0.1033.33/crds/platform.confluent.io_schemas.yaml Normal file
View File

@ -0,0 +1,590 @@
---
apiVersion: apiextensions.k8s.io/v1
kind: CustomResourceDefinition
metadata:
annotations:
controller-gen.kubebuilder.io/version: v0.15.0
name: schemas.platform.confluent.io
spec:
group: platform.confluent.io
names:
categories:
- all
- confluent-platform
- confluent
kind: Schema
listKind: SchemaList
plural: schemas
shortNames:
- schema
singular: schema
scope: Namespaced
versions:
- additionalPrinterColumns:
- jsonPath: .status.format
name: Format
type: string
- jsonPath: .status.id
name: ID
type: string
- jsonPath: .status.version
name: Version
type: string
- jsonPath: .status.phase
name: Status
type: string
- jsonPath: .metadata.creationTimestamp
name: Age
type: date
- jsonPath: .status.schemaRegistryEndpoint
name: SchemaRegistryEndpoint
priority: 1
type: string
name: v1beta1
schema:
openAPIV3Schema:
properties:
apiVersion:
description: |-
APIVersion defines the versioned schema of this representation of an object.
Servers should convert recognized schemas to the latest internal value, and
may reject unrecognized values.
More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources
type: string
kind:
description: |-
Kind is a string value representing the REST resource this object represents.
Servers may infer this from the endpoint the client submits requests to.
Cannot be updated.
In CamelCase.
More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds
type: string
metadata:
type: object
spec:
description: spec defines the desired state of the Schema.
properties:
compatibilityLevel:
description: |-
compatibilityLevel specifies the compatibility level requirement for the schema under the specified subject.
Valid options are `BACKWARD`, `BACKWARD_TRANSITIVE`, `FORWARD`, `FORWARD_TRANSITIVE`, `FULL`, `FULL_TRANSITIVE` and `NONE`.
more info: https://docs.confluent.io/platform/current/schema-registry/avro.html#schema-evolution-and-compatibility
enum:
- BACKWARD
- BACKWARD_TRANSITIVE
- FORWARD
- FORWARD_TRANSITIVE
- FULL
- FULL_TRANSITIVE
- NONE
type: string
data:
description: data defines the data required to create the schema.
properties:
configRef:
description: configRef is the name of the Kubernetes ConfigMap
resource containing the schema.
minLength: 1
type: string
format:
description: format is the format type of the encoded schema.
Valid options are `avro`, `json`, and `protobuf`.
enum:
- avro
- json
- protobuf
minLength: 1
type: string
required:
- configRef
- format
type: object
mode:
description: |-
Mode specifies the schema registry mode for the schemas under the specified subject.
Valid options are `IMPORT`, `READONLY`, `READWRITE`.
enum:
- IMPORT
- READONLY
- READWRITE
type: string
name:
description: |-
name specifies the subject name of schema. If not configured, the Schema CR name is used
as the subject name.
maxLength: 255
minLength: 1
pattern: ^[^\\]*$
type: string
normalize:
description: |-
Normalize specifies whether to normalize the schema at the time of registering to schema registry.
more info: https://docs.confluent.io/platform/current/schema-registry/fundamentals/serdes-develop/index.html#schema-normalization
type: boolean
schemaReferences:
description: schemaReferences defines the schema references in the
schema data.
items:
description: SchemaReference is the schema to be used as a reference
for the new schema.
properties:
avro:
description: avro is the data for the referenced Avro schema.
properties:
avro:
description: name is the fully qualified name of the referenced
Avro schema.
minLength: 1
type: string
required:
- avro
type: object
format:
description: format is the format type of the referenced schema.
Valid options are `avro`, `json`, and `protobuf`.
enum:
- avro
- json
- protobuf
minLength: 1
type: string
json:
description: json is the data for the referenced JSON schema.
properties:
url:
description: url is the referenced JSON schema url.
minLength: 1
type: string
required:
- url
type: object
protobuf:
description: protobuf is the data for the referenced Protobuf
schema.
properties:
file:
description: file is the file name of the referenced Protobuf
schema.
minLength: 1
type: string
required:
- file
type: object
subject:
description: subject is the subject name for the referenced
schema through the configRef.
minLength: 1
type: string
version:
description: version is the version type of the referenced schema.
format: int32
type: integer
required:
- format
- subject
- version
type: object
type: array
schemaRegistryClusterRef:
description: schemaRegistryClusterRef references the CFK-managed Schema
Registry cluster.
properties:
name:
description: name specifies the name of the Confluent Platform
component cluster.
type: string
namespace:
description: namespace specifies the namespace where the Confluent
Platform component cluster is running.
type: string
required:
- name
type: object
schemaRegistryRest:
description: schemaRegistryRest specifies the Schema Registry REST
API configuration.
properties:
authentication:
description: authentication specifies the REST API authentication
mechanism.
properties:
basic:
description: basic specifies the basic authentication settings
for the REST API client.
properties:
debug:
description: debug enables the basic authentication debug
logs for JaaS configuration.
type: boolean
directoryPathInContainer:
description: |-
directoryPathInContainer allows to pass the basic credential through a directory path in the container.
More info: https://docs.confluent.io/operator/current/co-authenticate.html#basic-authentication
minLength: 1
type: string
restrictedRoles:
description: |-
restrictedRoles specify the restricted roles on the server side only.
Changes will be only reflected in Control Center.
This configuration is ignored on the client side configuration.
items:
type: string
minItems: 1
type: array
roles:
description: |-
roles specify the roles on the server side only.
This configuration is ignored on the client side configuration.
items:
type: string
type: array
secretRef:
description: |-
secretRef defines secret reference to pass the required credentials.
More info: https://docs.confluent.io/operator/current/co-authenticate.html#basic-authentication
maxLength: 30
minLength: 1
pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$
type: string
type: object
bearer:
description: bearer specifies the bearer authentication settings
for the REST API client.
properties:
directoryPathInContainer:
description: |-
directoryPathInContainer specifies the directory path in the container
where the credential is mounted.
minLength: 1
type: string
secretRef:
description: |-
secretRef specifies the name of the secret that contains the credential.
More info: https://docs.confluent.io/operator/current/co-authenticate.html#bearer-authentication
maxLength: 30
minLength: 1
pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$
type: string
type: object
oauth:
description: oauth specifies the OAuth authentication settings
for the REST API client.
properties:
configuration:
description: configuration specifies the OAuth server
settings.
properties:
audience:
description: audience specifies the audience claim
in the JWT payload.
minLength: 1
type: string
expectedIssuer:
description: expectedIssuer specifies the expected
issuer in the JWT payload.
minLength: 1
type: string
groupsClaimName:
description: groupsClaimName specifies the name of
claim in token for identifying the groups of subject
in the JWT payload.
minLength: 1
type: string
jwksEndpointUri:
description: |-
jwksEndpointUri specifies the uri for the JSON Web Key Set (JWKS).
It is used to get set of keys containing the public keys used to verify any JWT issued by the IdP's Authorization Server.
minLength: 1
type: string
loginConnectTimeoutMs:
description: LoginConnectTimeoutMs sets connect timeout
with IDP in ms
format: int32
type: integer
loginReadTimeoutMs:
description: LoginReadTimeoutMs sets read timeout
with IDP in ms
format: int32
type: integer
loginRetryBackoffMaxMs:
description: LoginRetryBackoffMaxMs sets max retry
backoff with IDP in ms
format: int32
type: integer
loginRetryBackoffMs:
description: LoginRetryBackoffMs sets retry backoff
with IDP in ms
format: int32
type: integer
scope:
description: |-
scope is optional and required only when your identity provider doesn't have
a default scope or your groups claim is linked to a scope.
minLength: 1
type: string
subClaimName:
description: subClaimName specifies name of claim
in JWT to use for the subject.
minLength: 1
type: string
tokenEndpointUri:
description: |-
tokenBaseEndpointUri specifies the base uri for token endpoint.
This is required for OAuth for inter broker communication along with
clientId & clientSecret in JassConfig or JassConfigPassthrough
minLength: 1
type: string
type: object
directoryPathInContainer:
description: directoryPathInContainer allows to pass the
basic credential through a directory path in the container.
minLength: 1
type: string
secretRef:
description: secretRef defines secret reference to pass
the required credentials.
maxLength: 30
minLength: 1
pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$
type: string
required:
- configuration
type: object
type:
description: type specifies the REST API authentication type.
Valid options are `basic`, `bearer`, `mtls` and `oauth`.
enum:
- basic
- bearer
- mtls
- oauth
type: string
required:
- type
type: object
endpoint:
description: endpoint specifies where Confluent REST API is running.
minLength: 1
pattern: ^https?://.*
type: string
kafkaClusterID:
description: |-
kafkaClusterID specifies the id of Kafka cluster.
It takes precedence over using the Kafka REST API to get the cluster id.
minLength: 1
type: string
tls:
description: "tls specifies the custom TLS structure for the application
resources,\n\t// e.g. connector, topic, schema, of the Confluent
Platform components.\n\t// +optional"
properties:
directoryPathInContainer:
description: |-
directoryPathInContainer contains the directory path in the container where
`keystore.jks`, `truststore.jks`, `jksPassword.txt` keys are mounted.
minLength: 1
type: string
jksPassword:
description: jksPassword specifies the secret name that contains
the JKS password.
properties:
secretRef:
description: |-
secretRef references the name of the secret containing the JKS password.
More info: https://docs.confluent.io/operator/current/co-network-encryption.html#configure-user-provided-tls-certificates
maxLength: 30
minLength: 1
pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$
type: string
required:
- secretRef
type: object
secretRef:
description: |-
secretRef specifies the secret name that contains the certificates.
More info about certificates key/value format: https://docs.confluent.io/operator/current/co-network-encryption.html#configure-user-provided-tls-certificates
maxLength: 63
minLength: 1
pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$
type: string
type: object
type: object
required:
- data
type: object
status:
description: status defines the observed state of the Schema.
properties:
appState:
default: Unknown
description: appState is the current state of the Schema application.
enum:
- Unknown
- Created
- Failed
- Deleted
type: string
compatibilityLevel:
description: compatibilityLevel specifies the compatibility level
of the schema under the subject.
type: string
conditions:
description: conditions are the latest available observed state of
the schema.
items:
description: Condition represent the latest available observations
of the current state.
properties:
lastProbeTime:
description: lastProbeTime shows the last time the condition
was evaluated.
format: date-time
type: string
lastTransitionTime:
description: lastTransitionTime shows the last time the condition
was transitioned from one status to another.
format: date-time
type: string
message:
description: message shows a human-readable message with details
about the transition.
type: string
reason:
description: reason shows the reason for the last transition
of the condition.
type: string
status:
description: status shows the status of the condition, one of
`True`, `False`, or `Unknown`.
type: string
type:
description: type shows the condition type.
type: string
type: object
type: array
deletedVersions:
description: deletedVersions are the successfully hard deleted versions
for the subject.
items:
format: int32
type: integer
type: array
format:
description: format is the format of the latest schema for the subject.
type: string
id:
description: id is the id of the latest schema for the subject.
format: int32
type: integer
mode:
description: Mode specifies the operating mode of schema under the
subject.
type: string
normalize:
description: Normalize specifies whether schema has been normalized
at the time of registering.
type: boolean
observedGeneration:
description: observedGeneration is the most recent generation observed
for this Confluent component.
format: int64
type: integer
schemaReferences:
description: schemaReferences are the schema references for the subject.
items:
description: SchemaReference is the schema to be used as a reference
for the new schema.
properties:
avro:
description: avro is the data for the referenced Avro schema.
properties:
avro:
description: name is the fully qualified name of the referenced
Avro schema.
minLength: 1
type: string
required:
- avro
type: object
format:
description: format is the format type of the referenced schema.
Valid options are `avro`, `json`, and `protobuf`.
enum:
- avro
- json
- protobuf
minLength: 1
type: string
json:
description: json is the data for the referenced JSON schema.
properties:
url:
description: url is the referenced JSON schema url.
minLength: 1
type: string
required:
- url
type: object
protobuf:
description: protobuf is the data for the referenced Protobuf
schema.
properties:
file:
description: file is the file name of the referenced Protobuf
schema.
minLength: 1
type: string
required:
- file
type: object
subject:
description: subject is the subject name for the referenced
schema through the configRef.
minLength: 1
type: string
version:
description: version is the version type of the referenced schema.
format: int32
type: integer
required:
- format
- subject
- version
type: object
type: array
schemaRegistryAuthenticationType:
description: schemaRegistryAuthenticationType is the authentication
method used.
type: string
schemaRegistryEndpoint:
description: schemaRegistryEndpoint is the Schema Registry REST endpoint.
type: string
schemaRegistryTLS:
description: schemaRegistryTLS shows whether the Schema Registry is
using TLS.
type: boolean
softDeletedVersions:
description: softDeletedVersions are the successfully soft deleted
versions for the subject.
items:
format: int32
type: integer
type: array
state:
description: state is the state of the Schema CR.
type: string
subject:
description: subject is the subject of the schema.
type: string
version:
description: version is the version of the latest schema for the subject.
format: int32
type: integer
type: object
required:
- spec
type: object
served: true
storage: true
subresources:
status: {}

4713
charts/confluent/confluent-for-kubernetes/0.1033.33/crds/platform.confluent.io_zookeepers.yaml Normal file
View File

File diff suppressed because it is too large Load Diff

4
charts/confluent/confluent-for-kubernetes/0.1033.33/templates/NOTES.txt Normal file
View File

@ -0,0 +1,4 @@
The Confluent Operator
The Confluent Operator brings the component (Confluent Services) specific controllers for kubernetes by providing components specific Custom Resource
Definition (CRD) as well as managing other Confluent Platform services

42
charts/confluent/confluent-for-kubernetes/0.1033.33/templates/_helpers.tpl Normal file
View File

@ -0,0 +1,42 @@
{{/* vim: set filetype=mustache: */}}
{{/*
Expand the name of the chart.
*/}}
{{- define "confluent-operator.name" -}}
{{- default .Chart.Name .Values.nameOverride | trunc 63 | trimSuffix "-" -}}
{{- end -}}
{{/*
Create a default fully qualified app name.
We truncate at 63 chars because some Kubernetes name fields are limited to this (by the DNS naming spec).
*/}}
{{- define "confluent-operator.fullname" -}}
{{- if .Values.fullnameOverride -}}
{{- .Values.fullnameOverride | trunc 63 | trimSuffix "-" -}}
{{- else -}}
{{- $name := default .Chart.Name .Values.nameOverride -}}
{{- if contains $name .Release.Name -}}
{{- .Release.Name | trunc 63 | trimSuffix "-" -}}
{{- else -}}
{{- printf "%s-%s" .Release.Name $name | trunc 63 | trimSuffix "-" -}}
{{- end -}}
{{- end -}}
{{- end -}}
{{/*
Create the name of the service account to use
*/}}
{{- define "confluent-operator.service-account" -}}
{{- if .Values.serviceAccount.create -}}
{{ default (include "confluent-operator.name" .) .Values.serviceAccount.name }}
{{- else -}}
{{ default "default" .Values.serviceAccount.name }}
{{- end -}}
{{- end -}}
{{/*
Create chart name and version as used by the chart label.
*/}}
{{- define "confluent-operator.chart" -}}
{{- printf "%s-%s" .Chart.Name .Chart.Version | replace "+" "_" | trunc 63 | trimSuffix "-" -}}
{{- end -}}

Some files were not shown because too many files have changed in this diff Show More