andata
/
rancher-partner-charts
mirror of https://git.rancher.io/partner-charts
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

Charts CI 

```
Updated:
  argo/argo-cd:
    - 5.36.10
  bitnami/spark:
    - 7.0.2
  bitnami/wordpress:
    - 16.1.19
  datadog/datadog-operator:
    - 1.0.4
  dell/csi-isilon:
    - 2.7.0
  dell/csi-powermax:
    - 2.7.0
  dell/csi-powerstore:
    - 2.7.0
  dell/csi-unity:
    - 2.7.0
  dell/csi-vxflexos:
    - 2.7.0
  external-secrets/external-secrets:
    - 0.9.0
  haproxy/haproxy:
    - 1.31.0
  hashicorp/vault:
    - 0.25.0
  kubecost/cost-analyzer:
    - 1.104.2
  kuma/kuma:
    - 2.3.0
  nats/nats:
    - 0.19.16
  new-relic/nri-bundle:
    - 5.0.22
  redpanda/redpanda:
    - 4.0.47
  sysdig/sysdig:
    - 1.15.93
  weka/csi-wekafsplugin:
    - 2.1.1
```
pull/805/head
github-actions[bot] 2023-06-26 15:58:13 +00:00
parent 0d952db7c9
commit ff8c5eb7f7
206 changed files with 2929 additions and 1101 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

BIN
assets/argo/argo-cd-5.36.10.tgz Normal file
View File

Binary file not shown.

BIN
assets/bitnami/spark-7.0.2.tgz Normal file
View File

Binary file not shown.

BIN
assets/bitnami/wordpress-16.1.19.tgz Normal file
View File

Binary file not shown.

BIN
assets/datadog/datadog-operator-1.0.4.tgz Normal file
View File

Binary file not shown.

BIN
assets/dell/csi-isilon-2.7.0.tgz Normal file
View File

Binary file not shown.

BIN
assets/dell/csi-powermax-2.7.0.tgz Normal file
View File

Binary file not shown.

BIN
assets/dell/csi-powerstore-2.7.0.tgz Normal file
View File

Binary file not shown.

BIN
assets/dell/csi-unity-2.7.0.tgz Normal file
View File

Binary file not shown.

BIN
assets/dell/csi-vxflexos-2.7.0.tgz Normal file
View File

Binary file not shown.

BIN
assets/external-secrets/external-secrets-0.9.0.tgz Normal file
View File

Binary file not shown.

BIN
assets/haproxy/haproxy-1.31.0.tgz Normal file
View File

Binary file not shown.

BIN
assets/hashicorp/vault-0.25.0.tgz Normal file
View File

Binary file not shown.

BIN
assets/kubecost/cost-analyzer-1.104.1.tgz
View File

Binary file not shown.

BIN
assets/kubecost/cost-analyzer-1.104.2.tgz Normal file
View File

Binary file not shown.

BIN
assets/kuma/kuma-2.3.0.tgz Normal file
View File

Binary file not shown.

BIN
assets/nats/nats-0.19.16.tgz Normal file
View File

Binary file not shown.

BIN
assets/new-relic/nri-bundle-5.0.22.tgz Normal file
View File

Binary file not shown.

BIN
assets/redpanda/redpanda-4.0.47.tgz Normal file
View File

Binary file not shown.

BIN
assets/sysdig/sysdig-1.15.93.tgz Normal file
View File

Binary file not shown.

BIN
assets/weka/csi-wekafsplugin-2.1.1.tgz Normal file
View File

Binary file not shown.

8
charts/argo/argo-cd/Chart.yaml
View File

@ -1,9 +1,7 @@
annotations:
artifacthub.io/changes: |
- kind: changed
description: Upgrade Argo CD to v2.7.6
- kind: changed
description: applicationSet.containerPorts.metrics to 8085
- kind: added
description: Add `ARGOCD_NOTIFICATIONS_CONTROLLER_LOGLEVEL` and `ARGOCD_NOTIFICATIONS_CONTROLLER_LOGFORMAT` env vars to argo-notifications Deployment
artifacthub.io/signKey: |
fingerprint: 2B8F22F57260EFA67BE1C5824B11F800CD9D2252
url: https://argoproj.github.io/argo-helm/pgp_keys.asc
@ -34,4 +32,4 @@ name: argo-cd
sources:
- https://github.com/argoproj/argo-helm/tree/main/charts/argo-cd
- https://github.com/argoproj/argo-cd
version: 5.36.6
version: 5.36.10

5
charts/argo/argo-cd/README.md
View File

@ -464,6 +464,7 @@ NAME: my-release
| configs.params."server.staticassets" | string | `"/shared/app"` | Directory path that contains additional static assets |
| configs.params."server.x.frame.options" | string | `"sameorigin"` | Set X-Frame-Options header in HTTP responses to value. To disable, set to "". |
| configs.params.annotations | object | `{}` | Annotations to be added to the argocd-cmd-params-cm ConfigMap |
| configs.params.create | bool | `true` | Create the argocd-cmd-params-cm configmap If false, it is expected the configmap will be created by something else. |
| configs.rbac."policy.csv" | string | `''` (See [values.yaml]) | File containing user-defined policies and role definitions. |
| configs.rbac."policy.default" | string | `""` | The name of the default role which Argo CD will falls back to, when authorizing API requests (optional). If omitted or empty, users may be still be able to login, but will see no apps, projects, etc... |
| configs.rbac.annotations | object | `{}` | Annotations to be added to argocd-rbac-cm configmap |
@ -1044,7 +1045,7 @@ If you want to use an existing Redis (eg. a managed service from a cloud provide
| applicationSet.certificate.privateKey.size | int | `2048` | Key bit size of the private key. If algorithm is set to `Ed25519`, size is ignored. |
| applicationSet.certificate.renewBefore | string | `""` (defaults to 360h = 15d if not specified) | How long before the expiry a certificate should be renewed. |
| applicationSet.certificate.secretName | string | `"argocd-application-controller-tls"` | The name of the Secret that will be automatically created and managed by this Certificate resource |
| applicationSet.containerPorts.metrics | int | `8085` | Metrics container port |
| applicationSet.containerPorts.metrics | int | `8080` | Metrics container port |
| applicationSet.containerPorts.probe | int | `8081` | Probe container port |
| applicationSet.containerPorts.webhook | int | `7000` | Webhook container port |
| applicationSet.containerSecurityContext | object | See [values.yaml] | ApplicationSet controller container-level security context |
@ -1075,7 +1076,7 @@ If you want to use an existing Redis (eg. a managed service from a cloud provide
| applicationSet.metrics.service.clusterIP | string | `""` | Metrics service clusterIP. `None` makes a "headless service" (no virtual IP) |
| applicationSet.metrics.service.labels | object | `{}` | Metrics service labels |
| applicationSet.metrics.service.portName | string | `"http-metrics"` | Metrics service port name |
| applicationSet.metrics.service.servicePort | int | `8085` | Metrics service port |
| applicationSet.metrics.service.servicePort | int | `8080` | Metrics service port |
| applicationSet.metrics.service.type | string | `"ClusterIP"` | Metrics service type |
| applicationSet.metrics.serviceMonitor.additionalLabels | object | `{}` | Prometheus ServiceMonitor labels |
| applicationSet.metrics.serviceMonitor.annotations | object | `{}` | Prometheus ServiceMonitor annotations |

2
charts/argo/argo-cd/templates/argocd-configs/argocd-cmd-params-cm.yaml
View File

@ -1,3 +1,4 @@
{{- if .Values.configs.params.create }}
apiVersion: v1
kind: ConfigMap
metadata:
@ -13,3 +14,4 @@ metadata:
{{- end }}
data:
{{- include "argo-cd.config.params" . | trim | nindent 2 }}
{{- end }}

18
charts/argo/argo-cd/templates/argocd-notifications/deployment.yaml
View File

@ -66,10 +66,22 @@ spec:
{{- range .Values.notifications.extraArgs }}
- {{ . | squote }}
{{- end }}
{{- with (concat .Values.global.env .Values.notifications.extraEnv) }}
env:
{{- toYaml . | nindent 12 }}
{{- end }}
{{- with (concat .Values.global.env .Values.notifications.extraEnv) }}
{{- toYaml . | nindent 12 }}
{{- end }}
- name: ARGOCD_NOTIFICATIONS_CONTROLLER_LOGLEVEL
valueFrom:
configMapKeyRef:
key: notificationscontroller.log.level
name: argocd-cmd-params-cm
optional: true
- name: ARGOCD_NOTIFICATIONS_CONTROLLER_LOGFORMAT
valueFrom:
configMapKeyRef:
key: notificationscontroller.log.format
name: argocd-cmd-params-cm
optional: true
{{- with .Values.notifications.extraEnvFrom }}
envFrom:
{{- toYaml . | nindent 12 }}

8
charts/argo/argo-cd/values.yaml
View File

@ -217,6 +217,10 @@ configs:
# Argo CD configuration parameters
## Ref: https://github.com/argoproj/argo-cd/blob/master/docs/operator-manual/argocd-cmd-params-cm.yaml
params:
# -- Create the argocd-cmd-params-cm configmap
# If false, it is expected the configmap will be created by something else.
create: true
# -- Annotations to be added to the argocd-cmd-params-cm ConfigMap
annotations: {}
@ -2433,7 +2437,7 @@ applicationSet:
# -- Metrics service labels
labels: {}
# -- Metrics service port
servicePort: 8085
servicePort: 8080
# -- Metrics service port name
portName: http-metrics
serviceMonitor:
@ -2506,7 +2510,7 @@ applicationSet:
# ApplicationSet controller container ports
containerPorts:
# -- Metrics container port
metrics: 8085
metrics: 8080
# -- Probe container port
probe: 8081
# -- Webhook container port

4
charts/bitnami/spark/Chart.yaml
View File

@ -6,7 +6,7 @@ annotations:
category: Infrastructure
licenses: Apache-2.0
apiVersion: v2
appVersion: 3.4.0
appVersion: 3.4.1
dependencies:
- name: common
repository: file://./charts/common
@ -27,4 +27,4 @@ maintainers:
name: spark
sources:
- https://github.com/bitnami/charts/tree/main/bitnami/spark
version: 7.0.1
version: 7.0.2

6
charts/bitnami/spark/README.md
View File

@ -22,6 +22,8 @@ Apache Spark includes APIs for Java, Python, Scala and R.
Bitnami charts can be used with [Kubeapps](https://kubeapps.dev/) for deployment and management of Helm Charts in clusters.
Looking to use Apache Spark in production? Try [VMware Application Catalog](https://bitnami.com/enterprise), the enterprise edition of Bitnami Application Catalog.
## Prerequisites
- Kubernetes 1.19+
@ -84,7 +86,7 @@ The command removes all the Kubernetes components associated with the chart and
| ------------------- | ----------------------------------------------------------------------------------------------------- | -------------------- |
| `image.registry` | Spark image registry | `docker.io` |
| `image.repository` | Spark image repository | `bitnami/spark` |
| `image.tag` | Spark image tag (immutable tags are recommended) | `3.4.0-debian-11-r2` |
| `image.tag` | Spark image tag (immutable tags are recommended) | `3.4.1-debian-11-r0` |
| `image.digest` | Spark image digest in the way sha256:aa.... Please note this parameter, if set, will override the tag | `""` |
| `image.pullPolicy` | Spark image pull policy | `IfNotPresent` |
| `image.pullSecrets` | Specify docker-registry secret names as an array | `[]` |
@ -464,7 +466,7 @@ This version standardizes the way of defining Ingress rules. When configuring a
## License
Copyright © 2023 VMware Inc
Copyright © 2023 VMware, Inc.
Licensed under the Apache License, Version 2.0 (the "License");
you may not use this file except in compliance with the License.

2
charts/bitnami/spark/values.yaml
View File

@ -92,7 +92,7 @@ diagnosticMode:
image:
registry: docker.io
repository: bitnami/spark
tag: 3.4.0-debian-11-r2
tag: 3.4.1-debian-11-r0
digest: ""
## Specify a imagePullPolicy
## Defaults to 'Always' if image tag is 'latest', else set to 'IfNotPresent'

2
charts/bitnami/wordpress/Chart.yaml
View File

@ -40,4 +40,4 @@ maintainers:
name: wordpress
sources:
- https://github.com/bitnami/charts/tree/main/bitnami/wordpress
version: 16.1.18
version: 16.1.19

4
charts/bitnami/wordpress/README.md
View File

@ -82,7 +82,7 @@ The command removes all the Kubernetes components associated with the chart and
| ------------------- | --------------------------------------------------------------------------------------------------------- | --------------------- |
| `image.registry` | WordPress image registry | `docker.io` |
| `image.repository` | WordPress image repository | `bitnami/wordpress` |
| `image.tag` | WordPress image tag (immutable tags are recommended) | `6.2.2-debian-11-r18` |
| `image.tag` | WordPress image tag (immutable tags are recommended) | `6.2.2-debian-11-r19` |
| `image.digest` | WordPress image digest in the way sha256:aa.... Please note this parameter, if set, will override the tag | `""` |
| `image.pullPolicy` | WordPress image pull policy | `IfNotPresent` |
| `image.pullSecrets` | WordPress image pull secrets | `[]` |
@ -281,7 +281,7 @@ The command removes all the Kubernetes components associated with the chart and
| `metrics.enabled` | Start a sidecar prometheus exporter to expose metrics | `false` |
| `metrics.image.registry` | Apache exporter image registry | `docker.io` |
| `metrics.image.repository` | Apache exporter image repository | `bitnami/apache-exporter` |
| `metrics.image.tag` | Apache exporter image tag (immutable tags are recommended) | `0.13.4-debian-11-r7` |
| `metrics.image.tag` | Apache exporter image tag (immutable tags are recommended) | `0.13.4-debian-11-r8` |
| `metrics.image.digest` | Apache exporter image digest in the way sha256:aa.... Please note this parameter, if set, will override the tag | `""` |
| `metrics.image.pullPolicy` | Apache exporter image pull policy | `IfNotPresent` |
| `metrics.image.pullSecrets` | Apache exporter image pull secrets | `[]` |

4
charts/bitnami/wordpress/values.yaml
View File

@ -73,7 +73,7 @@ diagnosticMode:
image:
registry: docker.io
repository: bitnami/wordpress
tag: 6.2.2-debian-11-r18
tag: 6.2.2-debian-11-r19
digest: ""
## Specify a imagePullPolicy
## Defaults to 'Always' if image tag is 'latest', else set to 'IfNotPresent'
@ -857,7 +857,7 @@ metrics:
image:
registry: docker.io
repository: bitnami/apache-exporter
tag: 0.13.4-debian-11-r7
tag: 0.13.4-debian-11-r8
digest: ""
pullPolicy: IfNotPresent
## Optionally specify an array of imagePullSecrets.

4
charts/datadog/datadog-operator/CHANGELOG.md
View File

@ -1,5 +1,9 @@
# Changelog
## 1.0.4
* Update Datadog Operator version to 1.0.3.
## 1.0.3
* Add `list` and `watch` permissions of `customresourcedefinitions` for the KSM core check to collect CRD resources.

6
charts/datadog/datadog-operator/Chart.lock
View File

@ -1,6 +1,6 @@
dependencies:
- name: datadog-crds
repository: https://helm.datadoghq.com
version: 1.0.0
digest: sha256:46c620716bf7ab9e1ffd7eaf39dfd44b5a8cab49a5acb70de071dcbad4c7ee86
generated: "2023-04-03T15:45:41.953207-04:00"
version: 1.0.1
digest: sha256:e882fa60c39302a3092cc43bcbf0a8412a2c63933efc9767740c4c6144c5b0b4
generated: "2023-06-22T11:55:54.905315-04:00"

6
charts/datadog/datadog-operator/Chart.yaml
View File

@ -3,7 +3,7 @@ annotations:
catalog.cattle.io/display-name: Datadog Operator
catalog.cattle.io/release-name: datadog-operator
apiVersion: v2
appVersion: 1.0.0
appVersion: 1.0.3
dependencies:
- alias: datadogCRDs
condition: installCRDs
@ -11,7 +11,7 @@ dependencies:
repository: file://./charts/datadog-crds
tags:
- install-crds
version: =1.0.0
version: =1.0.1
description: Datadog Operator
home: https://www.datadoghq.com
icon: https://datadog-live.imgix.net/img/dd_logo_70x75.png
@ -26,4 +26,4 @@ name: datadog-operator
sources:
- https://app.datadoghq.com/account/settings#agent/kubernetes
- https://github.com/DataDog/datadog-agent
version: 1.0.3
version: 1.0.4

8
charts/datadog/datadog-operator/README.md
View File

@ -1,6 +1,6 @@
# Datadog Operator
![Version: 1.0.3](https://img.shields.io/badge/Version-1.0.3-informational?style=flat-square) ![AppVersion: 1.0.0](https://img.shields.io/badge/AppVersion-1.0.0-informational?style=flat-square)
![Version: 1.0.4](https://img.shields.io/badge/Version-1.0.4-informational?style=flat-square) ![AppVersion: 1.0.3](https://img.shields.io/badge/AppVersion-1.0.3-informational?style=flat-square)
## Values
@ -28,7 +28,7 @@
| fullnameOverride | string | `""` | |
| image.pullPolicy | string | `"IfNotPresent"` | Define the pullPolicy for Datadog Operator image |
| image.repository | string | `"gcr.io/datadoghq/operator"` | Repository to use for Datadog Operator image |
| image.tag | string | `"1.0.0"` | Define the Datadog Operator version to use |
| image.tag | string | `"1.0.3"` | Define the Datadog Operator version to use |
| imagePullSecrets | list | `[]` | Datadog Operator repository pullSecret (ex: specify docker registry credentials) |
| installCRDs | bool | `true` | Set to true to deploy the Datadog's CRDs |
| logLevel | string | `"info"` | Set Datadog Operator log level (debug, info, error, panic, fatal) |
@ -93,7 +93,7 @@ and for the Datadog Operator chart:
```
NAME CHART VERSION APP VERSION DESCRIPTION
datadog/datadog-operator 1.0.0 1.0.0 Datadog Operator
datadog/datadog-operator 1.0.4 1.0.3 Datadog Operator
```
Then you will need to install the cert manager if you don't have it already, add the chart:
@ -115,7 +115,7 @@ You can update with the following:
```
helm upgrade \
datadog-operator datadog/datadog-operator \
--set image.tag=1.0.0 \
--set image.tag=1.0.3 \
--set datadogCRDs.migration.datadogAgents.version=v2alpha1 \
--set datadogCRDs.migration.datadogAgents.useCertManager=true \
--set datadogCRDs.migration.datadogAgents.conversionWebhook.enabled=true

4
charts/datadog/datadog-operator/README.md.gotmpl
View File

@ -46,7 +46,7 @@ and for the Datadog Operator chart:
```
NAME CHART VERSION APP VERSION DESCRIPTION
datadog/datadog-operator 1.0.0 1.0.0 Datadog Operator
datadog/datadog-operator 1.0.4 1.0.3 Datadog Operator
```
Then you will need to install the cert manager if you don't have it already, add the chart:
@ -68,7 +68,7 @@ You can update with the following:
```
helm upgrade \
datadog-operator datadog/datadog-operator \
--set image.tag=1.0.0 \
--set image.tag=1.0.3 \
--set datadogCRDs.migration.datadogAgents.version=v2alpha1 \
--set datadogCRDs.migration.datadogAgents.useCertManager=true \
--set datadogCRDs.migration.datadogAgents.conversionWebhook.enabled=true

4
charts/datadog/datadog-operator/charts/datadog-crds/CHANGELOG.md
View File

@ -1,5 +1,9 @@
# Changelog
## 1.0.1
* Update CRDs from Datadog Operator v1.0.3.
## 1.0.0
* Default DatadogAgent stored version is `v2alpha1` to align with the GA of the Datadog Operator.

2
charts/datadog/datadog-operator/charts/datadog-crds/Chart.yaml
View File

@ -15,4 +15,4 @@ sources:
- https://app.datadoghq.com/account/settings#agent/kubernetes
- https://github.com/DataDog/datadog-operator
- https://docs.datadoghq.com/agent/cluster_agent/external_metrics
version: 1.0.0
version: 1.0.1

2
charts/datadog/datadog-operator/charts/datadog-crds/README.md
View File

@ -1,6 +1,6 @@
# Datadog CRDs
![Version: 1.0.0](https://img.shields.io/badge/Version-1.0.0-informational?style=flat-square) ![AppVersion: 1](https://img.shields.io/badge/AppVersion-1-informational?style=flat-square)
![Version: 1.0.1](https://img.shields.io/badge/Version-1.0.1-informational?style=flat-square) ![AppVersion: 1](https://img.shields.io/badge/AppVersion-1-informational?style=flat-square)
This chart was designed to allow other "datadog" charts to share `CustomResourceDefinitions` such as the `DatadogMetric`.

11
charts/datadog/datadog-operator/charts/datadog-crds/templates/datadoghq.com_datadogagents_v1.yaml
View File

@ -5852,9 +5852,6 @@ spec:
x-kubernetes-list-map-keys:
- type
x-kubernetes-list-type: map
defaultOverride:
type: object
x-kubernetes-preserve-unknown-fields: true
type: object
type: object
{{- if not (eq .Values.migration.datadogAgents.version "v2alpha1") }}
@ -6407,6 +6404,10 @@ spec:
type: object
logLevel:
type: string
namespaceLabelsAsTags:
additionalProperties:
type: string
type: object
networkPolicy:
properties:
create:
@ -6440,10 +6441,6 @@ spec:
flavor:
type: string
type: object
namespaceLabelsAsTags:
additionalProperties:
type: string
type: object
nodeLabelsAsTags:
additionalProperties:
type: string

10
charts/datadog/datadog-operator/charts/datadog-crds/templates/datadoghq.com_datadogagents_v1beta1.yaml
View File

@ -1,4 +1,6 @@
{{- if and .Values.crds.datadogAgents (semverCompare "<=1.21-0" .Capabilities.KubeVersion.GitVersion ) }}
---
apiVersion: apiextensions.k8s.io/v1beta1
kind: CustomResourceDefinition
metadata:
@ -6393,6 +6395,10 @@ spec:
type: object
logLevel:
type: string
namespaceLabelsAsTags:
additionalProperties:
type: string
type: object
networkPolicy:
properties:
create:
@ -6426,6 +6432,10 @@ spec:
flavor:
type: string
type: object
nodeLabelsAsTags:
additionalProperties:
type: string
type: object
podAnnotationsAsTags:
additionalProperties:
type: string

5
charts/datadog/datadog-operator/charts/datadog-crds/templates/datadoghq.com_datadogmetrics_v1.yaml
View File

@ -1,4 +1,6 @@
{{- if and .Values.crds.datadogMetrics (semverCompare ">1.21-0" .Capabilities.KubeVersion.GitVersion ) }}
---
apiVersion: apiextensions.k8s.io/v1
kind: CustomResourceDefinition
metadata:
@ -61,6 +63,9 @@ spec:
query:
description: Query is the raw datadog query
type: string
timeWindow:
description: TimeWindow provides the time window for the metric query, defaults to MaxAge.
type: string
type: object
status:
description: DatadogMetricStatus defines the observed state of DatadogMetric

8
charts/datadog/datadog-operator/charts/datadog-crds/templates/datadoghq.com_datadogmetrics_v1beta1.yaml
View File

@ -1,4 +1,6 @@
{{- if and .Values.crds.datadogMetrics (semverCompare "<=1.21-0" .Capabilities.KubeVersion.GitVersion ) }}
---
apiVersion: apiextensions.k8s.io/v1beta1
kind: CustomResourceDefinition
metadata:
@ -61,6 +63,9 @@ spec:
query:
description: Query is the raw datadog query
type: string
timeWindow:
description: TimeWindow provides the time window for the metric query, defaults to MaxAge.
type: string
type: object
status:
description: DatadogMetricStatus defines the observed state of DatadogMetric
@ -98,6 +103,9 @@ spec:
- type
type: object
type: array
x-kubernetes-list-map-keys:
- type
x-kubernetes-list-type: map
currentValue:
description: Value is the latest value of the metric
type: string

2
charts/datadog/datadog-operator/charts/datadog-crds/templates/datadoghq.com_datadogmonitors_v1.yaml
View File

@ -1,4 +1,6 @@
{{- if and .Values.crds.datadogMonitors (semverCompare ">1.21-0" .Capabilities.KubeVersion.GitVersion ) }}
---
apiVersion: apiextensions.k8s.io/v1
kind: CustomResourceDefinition
metadata:

5
charts/datadog/datadog-operator/charts/datadog-crds/templates/datadoghq.com_datadogmonitors_v1beta1.yaml
View File

@ -1,4 +1,6 @@
{{- if and .Values.crds.datadogMonitors (semverCompare "<=1.21-0" .Capabilities.KubeVersion.GitVersion ) }}
---
apiVersion: apiextensions.k8s.io/v1beta1
kind: CustomResourceDefinition
metadata:
@ -185,6 +187,9 @@ spec:
- type
type: object
type: array
x-kubernetes-list-map-keys:
- type
x-kubernetes-list-type: map
created:
description: Created is the time the monitor was created
format: date-time

2
charts/datadog/datadog-operator/values.yaml
View File

@ -42,7 +42,7 @@ image:
# image.repository -- Repository to use for Datadog Operator image
repository: gcr.io/datadoghq/operator
# image.tag -- Define the Datadog Operator version to use
tag: 1.0.0
tag: 1.0.3
# image.pullPolicy -- Define the pullPolicy for Datadog Operator image
pullPolicy: IfNotPresent
# imagePullSecrets -- Datadog Operator repository pullSecret (ex: specify docker registry credentials)

10
charts/dell/csi-isilon/Chart.yaml
View File

@ -1,10 +1,10 @@
annotations:
catalog.cattle.io/certified: partner
catalog.cattle.io/display-name: Dell CSI PowerScale
catalog.cattle.io/kube-version: '>= 1.21.0 < 1.27.0'
catalog.cattle.io/kube-version: '>= 1.21.0 < 1.28.0'
catalog.cattle.io/release-name: isilon
apiVersion: v1
appVersion: 2.6.1
apiVersion: v2
appVersion: 2.7.0
description: 'PowerScale CSI (Container Storage Interface) driver Kubernetes integration.
This chart includes everything required to provision via CSI as well as an Isilon
StorageClass. '
@ -12,10 +12,10 @@ icon: https://partner-charts.rancher.io/assets/logos/dell.png
keywords:
- csi
- storage
kubeVersion: '>= 1.21.0 < 1.27.0'
kubeVersion: '>= 1.21.0 < 1.28.0'
maintainers:
- name: DellEMC
name: csi-isilon
sources:
- https://github.com/dell/csi-isilon
version: 2.6.1
version: 2.7.0

35
charts/dell/csi-isilon/templates/_helpers.tpl
View File

@ -3,48 +3,59 @@ Return the appropriate sidecar images based on k8s version
*/}}
{{- define "csi-isilon.attacherImage" -}}
{{- if eq .Capabilities.KubeVersion.Major "1" }}
{{- if and (ge (trimSuffix "+" .Capabilities.KubeVersion.Minor) "21") (le (trimSuffix "+" .Capabilities.KubeVersion.Minor) "26") -}}
{{- print "k8s.gcr.io/sig-storage/csi-attacher:v4.2.0" -}}
{{- if and (ge (trimSuffix "+" .Capabilities.KubeVersion.Minor) "21") (le (trimSuffix "+" .Capabilities.KubeVersion.Minor) "27") -}}
{{- print "registry.k8s.io/sig-storage/csi-attacher:v4.3.0" -}}
{{- end -}}
{{- end -}}
{{- end -}}
{{- define "csi-isilon.provisionerImage" -}}
{{- if eq .Capabilities.KubeVersion.Major "1" }}
{{- if and (ge (trimSuffix "+" .Capabilities.KubeVersion.Minor) "21") (le (trimSuffix "+" .Capabilities.KubeVersion.Minor) "26") -}}
{{- print "k8s.gcr.io/sig-storage/csi-provisioner:v3.4.0" -}}
{{- if and (ge (trimSuffix "+" .Capabilities.KubeVersion.Minor) "21") (le (trimSuffix "+" .Capabilities.KubeVersion.Minor) "27") -}}
{{- print "registry.k8s.io/sig-storage/csi-provisioner:v3.5.0" -}}
{{- end -}}
{{- end -}}
{{- end -}}
{{- define "csi-isilon.snapshotterImage" -}}
{{- if eq .Capabilities.KubeVersion.Major "1" }}
{{- if and (ge (trimSuffix "+" .Capabilities.KubeVersion.Minor) "21") (le (trimSuffix "+" .Capabilities.KubeVersion.Minor) "26") -}}
{{- print "k8s.gcr.io/sig-storage/csi-snapshotter:v6.2.1" -}}
{{- if and (ge (trimSuffix "+" .Capabilities.KubeVersion.Minor) "21") (le (trimSuffix "+" .Capabilities.KubeVersion.Minor) "27") -}}
{{- print "registry.k8s.io/sig-storage/csi-snapshotter:v6.2.2" -}}
{{- end -}}
{{- end -}}
{{- end -}}
{{- define "csi-isilon.resizerImage" -}}
{{- if eq .Capabilities.KubeVersion.Major "1" }}
{{- if and (ge (trimSuffix "+" .Capabilities.KubeVersion.Minor) "21") (le (trimSuffix "+" .Capabilities.KubeVersion.Minor) "26") -}}
{{- print "k8s.gcr.io/sig-storage/csi-resizer:v1.7.0" -}}
{{- if and (ge (trimSuffix "+" .Capabilities.KubeVersion.Minor) "21") (le (trimSuffix "+" .Capabilities.KubeVersion.Minor) "27") -}}
{{- print "registry.k8s.io/sig-storage/csi-resizer:v1.8.0" -}}
{{- end -}}
{{- end -}}
{{- end -}}
{{- define "csi-isilon.registrarImage" -}}
{{- if eq .Capabilities.KubeVersion.Major "1" }}
{{- if and (ge (trimSuffix "+" .Capabilities.KubeVersion.Minor) "21") (le (trimSuffix "+" .Capabilities.KubeVersion.Minor) "26") -}}
{{- print "k8s.gcr.io/sig-storage/csi-node-driver-registrar:v2.6.3" -}}
{{- if and (ge (trimSuffix "+" .Capabilities.KubeVersion.Minor) "21") (le (trimSuffix "+" .Capabilities.KubeVersion.Minor) "27") -}}
{{- print "registry.k8s.io/sig-storage/csi-node-driver-registrar:v2.8.0" -}}
{{- end -}}
{{- end -}}
{{- end -}}
{{- define "csi-isilon.healthmonitorImage" -}}
{{- if eq .Capabilities.KubeVersion.Major "1" }}
{{- if and (ge (trimSuffix "+" .Capabilities.KubeVersion.Minor) "21") (le (trimSuffix "+" .Capabilities.KubeVersion.Minor) "26") -}}
{{- print "gcr.io/k8s-staging-sig-storage/csi-external-health-monitor-controller:v0.8.0" -}}
{{- if and (ge (trimSuffix "+" .Capabilities.KubeVersion.Minor) "21") (le (trimSuffix "+" .Capabilities.KubeVersion.Minor) "27") -}}
{{- print "registry.k8s.io/sig-storage/csi-external-health-monitor-controller:v0.9.0" -}}
{{- end -}}
{{- end -}}
{{- end -}}
{{/*
Return true if storage capacity tracking is enabled and is supported based on k8s version
*/}}
{{- define "csi-isilon.isStorageCapacitySupported" -}}
{{- if eq .Values.storageCapacity.enabled true -}}
{{- if and (eq .Capabilities.KubeVersion.Major "1") (ge (trimSuffix "+" .Capabilities.KubeVersion.Minor) "24") -}}
{{- true -}}
{{- end -}}
{{- end -}}
{{- end -}}

1157
charts/dell/csi-isilon/templates/controller.yaml
View File

File diff suppressed because it is too large Load Diff

1
charts/dell/csi-isilon/templates/csidriver.yaml
View File

@ -5,6 +5,7 @@ metadata:
spec:
attachRequired: true
podInfoOnMount: true
storageCapacity: {{ (include "csi-isilon.isStorageCapacitySupported" .) | default false }}
fsGroupPolicy: {{ .Values.fsGroupPolicy }}
volumeLifecycleModes:
- Persistent

43
charts/dell/csi-isilon/values.yaml
View File

@ -2,7 +2,7 @@
########################
# version: version of this values file
# Note: Do not change this value
version: "v2.6.1"
version: "v2.7.0"
# CSI driver log level
# Allowed values: "error", "warn"/"warning", "info", "debug"
@ -63,7 +63,7 @@ enableCustomTopology: false
# Allowed values:
# ReadWriteOnceWithFSType: supports volume ownership and permissions change only if the fsType is defined
# and the volume's accessModes contains ReadWriteOnce.
# File: kubernetes may use fsGroup to change permissions and ownership of the volume
# File: kubernetes may use fsGroup to change permissions and ownership of the volume
# to match user requested fsGroup in the pod's security policy regardless of fstype or access mode.
# None: volumes will be mounted with no modifications.
# Default value: ReadWriteOnceWithFSType
@ -110,6 +110,10 @@ controller:
# Default value: 5s
leaderElectionRetryPeriod: 5s
# Image for csi-metadata-retriever
metadataretriever:
image: dellemc/csi-metadata-retriever:v1.4.0
# replication: allows to configure replication
# Replication CRDs must be installed before installing driver
replication:
@ -123,11 +127,11 @@ controller:
# image: Image to use for dell-csi-replicator. This shouldn't be changed
# Allowed values: string
# Default value: None
image: dellemc/dell-csi-replicator:v1.4.0
image: dellemc/dell-csi-replicator:v1.5.0
# replicationContextPrefix: prefix to use for naming of resources created by replication feature
# Allowed values: string
# Default value: powerstore
# Default value: powerscale
replicationContextPrefix: "powerscale"
# replicationPrefix: prefix to prepend to storage classes parameters
@ -273,7 +277,6 @@ node:
# Default value: None
enabled: false
## PLATFORM ATTRIBUTES
######################
# endpointPort: Specify the HTTPs port number of the PowerScale OneFS API server
@ -357,22 +360,36 @@ autoProbe: true
authorization:
enabled: false
# sidecarProxyImage: the container image used for the csm-authorization-sidecar.
# Default value: dellemc/csm-authorization-sidecar:v1.6.0
sidecarProxyImage: dellemc/csm-authorization-sidecar:v1.6.0
# Default value: dellemc/csm-authorization-sidecar:v1.7.0
sidecarProxyImage: dellemc/csm-authorization-sidecar:v1.7.0
# proxyHost: hostname of the csm-authorization server
# Default value: None
proxyHost:
# skipCertificateValidation: certificate validation of the csm-authorization server
# Allowed Values:
# "true" - TLS certificate verification will be skipped
# "false" - TLS certificate will be verified
# Default value: "true"
# "false" - TLS certificate will be verified
# Default value: "true"
skipCertificateValidation: true
# Storage Capacity Tracking
# Note: Capacity tracking is supported in kubernetes v1.24 and above, this feature will be automatically disabled in older versions.
storageCapacity:
# enabled : Enable/Disable storage capacity tracking
# Allowed values:
# true: enable storage capacity tracking
# false: disable storage capacity tracking
# Default value: true
enabled: true
# pollInterval : Configure how often external-provisioner polls the driver to detect changed capacity
# Allowed values: 1m,2m,3m,...,10m,...,60m etc
# Default value: 5m
pollInterval: 5m
# Enable this feature only after contact support for additional information
podmon:
enabled: false
image: dellemc/podmon:v1.5.0
image: dellemc/podmon:v1.6.0
#controller:
# args:
# - "--csisock=unix:/var/run/csi/csi.sock"
@ -413,15 +430,15 @@ encryption:
# logLevel: Log level of the encryption driver.
# Allowed values: "error", "warning", "info", "debug", "trace".
logLevel: "error"
# livenessPort: HTTP liveness probe port number.
# livenessPort: HTTP liveness probe port number.
# Leave empty to disable the liveness probe.
# Example: 8080
livenessPort:
# ocp: Enable when running on OpenShift Container Platform with CoreOS worker nodes.
ocp: false
# ocpCoreID: User ID and group ID of user core on CoreOS worker nodes.
# Ignored when ocp is set to false.
ocpCoreID: "1000:1000"

11
charts/dell/csi-powermax/Chart.yaml
View File

@ -1,15 +1,15 @@
annotations:
catalog.cattle.io/certified: partner
catalog.cattle.io/display-name: Dell CSI PowerMax
catalog.cattle.io/kube-version: '>= 1.23.0 < 1.27.0'
catalog.cattle.io/kube-version: '>= 1.23.0 < 1.28.0'
catalog.cattle.io/release-name: csi-powermax
apiVersion: v2
appVersion: 2.6.0
appVersion: 2.7.0
dependencies:
- condition: required
name: csireverseproxy
repository: file://./charts/csireverseproxy
version: 2.5.0
version: 2.6.0
description: 'PowerMax CSI (Container Storage Interface) driver Kubernetes integration.
This chart includes everything required to provision via CSI as well as a PowerMax
StorageClass. '
@ -18,10 +18,11 @@ icon: https://partner-charts.rancher.io/assets/logos/dell.png
keywords:
- csi
- storage
kubeVersion: '>= 1.23.0 < 1.27.0'
kubeVersion: '>= 1.23.0 < 1.28.0'
maintainers:
- name: DellEMC
name: csi-powermax
sources:
- https://github.com/dell/csi-powermax
version: 2.6.0
type: application
version: 2.7.0

4
charts/dell/csi-powermax/charts/csireverseproxy/Chart.yaml
View File

@ -1,6 +1,6 @@
apiVersion: v2
appVersion: 2.5.0
appVersion: 2.6.0
description: A Helm chart for CSI PowerMax ReverseProxy
name: csireverseproxy
type: application
version: 2.5.0
version: 2.6.0

70
charts/dell/csi-powermax/charts/csireverseproxy/templates/certificate.yaml Normal file
View File

@ -0,0 +1,70 @@
# If the csireverseproxy cert and key are provided, deploy a CA Issuer using the cert and key
{{- if ne .Values.certManager.selfSignedCert true }}
apiVersion: v1
data:
tls.crt: {{ .Values.certManager.certificateFile }}
tls.key: {{ .Values.certManager.privateKeyFile }}
kind: Secret
type: kubernetes.io/tls
metadata:
name: csirevproxy-tls-secret
namespace: {{ .Release.Namespace }}
---
apiVersion: cert-manager.io/v1
kind: Issuer
metadata:
name: csirevproxy-issuer
namespace: {{ .Release.Namespace }}
spec:
ca:
secretName: csirevproxy-tls-secret
---
{{- else }}
# deploy a selfsigned-issuer
apiVersion: cert-manager.io/v1
kind: Issuer
metadata:
name: selfsigned-issuer
namespace: {{ .Release.Namespace }}
spec:
selfSigned: {}
---
{{- end }}
---
apiVersion: cert-manager.io/v1
kind: Certificate
metadata:
name: csirevproxy-tls-cert
namespace: {{ .Release.Namespace }}
spec:
secretName: csirevproxy-tls-secret
commonName: powermax-reverseproxy
duration: 2160h # 90d
renewBefore: 360h # 15d
subject:
organizations:
- dellemc
isCA: false
privateKey:
algorithm: RSA
encoding: PKCS1
size: 2048
usages:
- server auth
- client auth
dnsNames:
- powermax-reverseproxy
- powermax-reverseproxy.powermax.svc.cluster.local
- reverseproxy
issuerRef:
{{- if ne .Values.certManager.selfSignedCert true }}
name: csirevproxy-issuer
{{- else }}
name: selfsigned-issuer
{{- end }}
kind: Issuer
group: cert-manager.io
---

2
charts/dell/csi-powermax/charts/csireverseproxy/templates/configmap.yaml
View File

@ -2,6 +2,6 @@ apiVersion: v1
kind: ConfigMap
metadata:
name: {{ .Release.Name }}-reverseproxy-config
namespace: {{ include "custom.namespace" . }}
namespace: {{ .Release.Namespace }}
data:
{{ tpl (.Files.Glob "conf/config.yaml").AsConfig . | indent 2 }}

6
charts/dell/csi-powermax/charts/csireverseproxy/templates/reverseproxy-rbac.yaml
View File

@ -3,7 +3,7 @@ kind: Role
apiVersion: rbac.authorization.k8s.io/v1
metadata:
name: {{ .Release.Name }}-reverseproxy
namespace: {{ include "custom.namespace" . }}
namespace: {{ .Release.Namespace }}
rules:
- apiGroups: [""]
resources: ["secrets"]
@ -13,11 +13,11 @@ kind: RoleBinding
apiVersion: rbac.authorization.k8s.io/v1
metadata:
name: {{ .Release.Name }}-reverseproxy
namespace: {{ include "custom.namespace" . }}
namespace: {{ .Release.Namespace }}
subjects:
- kind: ServiceAccount
name: {{ .Release.Name }}-reverseproxy
namespace: {{ include "custom.namespace" . }}
namespace: {{ .Release.Namespace }}
roleRef:
kind: Role
name: {{ .Release.Name }}-reverseproxy

4
charts/dell/csi-powermax/charts/csireverseproxy/templates/reverseproxy.yaml
View File

@ -3,7 +3,7 @@ apiVersion: apps/v1
kind: Deployment
metadata:
name: {{ .Release.Name }}-reverseproxy
namespace: {{ include "custom.namespace" . }}
namespace: {{ .Release.Namespace }}
spec:
replicas: 1
selector:
@ -29,7 +29,7 @@ spec:
- name: X_CSI_REVPROXY_TLS_CERT_DIR
value: /app/tls
- name: X_CSI_REVPROXY_WATCH_NAMESPACE
value: {{ include "custom.namespace" . }}
value: {{ .Release.Namespace }}
volumeMounts:
- name: configmap-volume
mountPath: /etc/config/configmap

2
charts/dell/csi-powermax/charts/csireverseproxy/templates/service.yaml
View File

@ -2,7 +2,7 @@ apiVersion: v1
kind: Service
metadata:
name: {{ .Release.Name }}-reverseproxy
namespace: {{ include "custom.namespace" . }}
namespace: {{ .Release.Namespace }}
spec:
ports:
- port: {{ .Values.port }}

2
charts/dell/csi-powermax/charts/csireverseproxy/templates/serviceaccount.yaml
View File

@ -3,5 +3,5 @@ apiVersion: v1
kind: ServiceAccount
metadata:
name: {{ .Release.Name }}-reverseproxy
namespace: {{ include "custom.namespace" . }}
namespace: {{ .Release.Namespace }}
{{- end }}

2
charts/dell/csi-powermax/charts/csireverseproxy/values.yaml
View File

@ -1,4 +1,4 @@
image: dellemc/csipowermax-reverseproxy:v2.5.0
image: dellemc/csipowermax-reverseproxy:v2.6.0
port: 2222
# TLS secret which is used for setting up the proxy HTTPS server

34
charts/dell/csi-powermax/templates/_helpers.tpl
View File

@ -3,58 +3,48 @@ Return the appropriate sidecar images based on k8s version
*/}}
{{- define "csi-powermax.attacherImage" -}}
{{- if eq .Capabilities.KubeVersion.Major "1" }}
{{- if and (ge (trimSuffix "+" .Capabilities.KubeVersion.Minor) "23") (le (trimSuffix "+" .Capabilities.KubeVersion.Minor) "26") -}}
{{- print "k8s.gcr.io/sig-storage/csi-attacher:v4.2.0" -}}
{{- if and (ge (trimSuffix "+" .Capabilities.KubeVersion.Minor) "23") (le (trimSuffix "+" .Capabilities.KubeVersion.Minor) "27") -}}
{{- print "k8s.gcr.io/sig-storage/csi-attacher:v4.3.0" -}}
{{- end -}}
{{- end -}}
{{- end -}}
{{- define "csi-powermax.provisionerImage" -}}
{{- if eq .Capabilities.KubeVersion.Major "1" }}
{{- if and (ge (trimSuffix "+" .Capabilities.KubeVersion.Minor) "23") (le (trimSuffix "+" .Capabilities.KubeVersion.Minor) "26") -}}
{{- print "k8s.gcr.io/sig-storage/csi-provisioner:v3.4.0" -}}
{{- if and (ge (trimSuffix "+" .Capabilities.KubeVersion.Minor) "23") (le (trimSuffix "+" .Capabilities.KubeVersion.Minor) "27") -}}
{{- print "k8s.gcr.io/sig-storage/csi-provisioner:v3.5.0" -}}
{{- end -}}
{{- end -}}
{{- end -}}
{{- define "csi-powermax.snapshotterImage" -}}
{{- if eq .Capabilities.KubeVersion.Major "1" }}
{{- if and (ge (trimSuffix "+" .Capabilities.KubeVersion.Minor) "23") (le (trimSuffix "+" .Capabilities.KubeVersion.Minor) "26") -}}
{{- print "k8s.gcr.io/sig-storage/csi-snapshotter:v6.2.1" -}}
{{- if and (ge (trimSuffix "+" .Capabilities.KubeVersion.Minor) "23") (le (trimSuffix "+" .Capabilities.KubeVersion.Minor) "27") -}}
{{- print "k8s.gcr.io/sig-storage/csi-snapshotter:v6.2.2" -}}
{{- end -}}
{{- end -}}
{{- end -}}
{{- define "csi-powermax.resizerImage" -}}
{{- if eq .Capabilities.KubeVersion.Major "1" }}
{{- if and (ge (trimSuffix "+" .Capabilities.KubeVersion.Minor) "23") (le (trimSuffix "+" .Capabilities.KubeVersion.Minor) "26") -}}
{{- print "k8s.gcr.io/sig-storage/csi-resizer:v1.7.0" -}}
{{- if and (ge (trimSuffix "+" .Capabilities.KubeVersion.Minor) "23") (le (trimSuffix "+" .Capabilities.KubeVersion.Minor) "27") -}}
{{- print "k8s.gcr.io/sig-storage/csi-resizer:v1.8.0" -}}
{{- end -}}
{{- end -}}
{{- end -}}
{{- define "csi-powermax.registrarImage" -}}
{{- if eq .Capabilities.KubeVersion.Major "1" }}
{{- if and (ge (trimSuffix "+" .Capabilities.KubeVersion.Minor) "23") (le (trimSuffix "+" .Capabilities.KubeVersion.Minor) "26") -}}
{{- print "k8s.gcr.io/sig-storage/csi-node-driver-registrar:v2.6.3" -}}
{{- if and (ge (trimSuffix "+" .Capabilities.KubeVersion.Minor) "23") (le (trimSuffix "+" .Capabilities.KubeVersion.Minor) "27") -}}
{{- print "k8s.gcr.io/sig-storage/csi-node-driver-registrar:v2.8.0" -}}
{{- end -}}
{{- end -}}
{{- end -}}
{{- define "csi-powermax.healthmonitorImage" -}}
{{- if eq .Capabilities.KubeVersion.Major "1" }}
{{- if and (ge (trimSuffix "+" .Capabilities.KubeVersion.Minor) "23") (le (trimSuffix "+" .Capabilities.KubeVersion.Minor) "26") -}}
{{- print "gcr.io/k8s-staging-sig-storage/csi-external-health-monitor-controller:v0.8.0" -}}
{{- if and (ge (trimSuffix "+" .Capabilities.KubeVersion.Minor) "23") (le (trimSuffix "+" .Capabilities.KubeVersion.Minor) "27") -}}
{{- print "registry.k8s.io/sig-storage/csi-external-health-monitor-controller:v0.9.0" -}}
{{- end -}}
{{- end -}}
{{- end -}}
{{/*
Namespace for all resources to be installed into
If not defined in values file then the helm release namespace is used
By default this is not set so the helm release namespace will be used
*/}}
{{- define "custom.namespace" -}}
{{ .Values.namespace | default .Release.Namespace }}
{{- end -}}

16
charts/dell/csi-powermax/templates/controller.yaml
View File

@ -2,13 +2,13 @@ apiVersion: v1
kind: ServiceAccount
metadata:
name: {{.Release.Name}}-controller
namespace: {{ include "custom.namespace" . }}
namespace: {{ .Release.Namespace }}
---
kind: ClusterRole
apiVersion: rbac.authorization.k8s.io/v1
metadata:
{{- if eq .Values.customDriverName.enabled true}}
name: {{printf "%s-%s-controller" ( include "custom.namespace" . ) .Values.customDriverName.value}}
name: {{printf "%s-%s-controller" .Release.Namespace .Values.customDriverName.value}}
{{- else }}
name: {{ .Release.Name }}-controller
{{- end }}
@ -97,18 +97,18 @@ kind: ClusterRoleBinding
apiVersion: rbac.authorization.k8s.io/v1
metadata:
{{- if eq .Values.customDriverName.enabled true}}
name: {{ printf "%s-%s-controller" ( include "custom.namespace" . ) .Values.customDriverName.value }}
name: {{ printf "%s-%s-controller" .Release.Namespace .Values.customDriverName.value }}
{{- else }}
name: {{ .Release.Name }}-controller
{{- end }}
subjects:
- kind: ServiceAccount
name: {{ .Release.Name }}-controller
namespace: {{ include "custom.namespace" . }}
namespace: {{ .Release.Namespace }}
roleRef:
kind: ClusterRole
{{- if eq .Values.customDriverName.enabled true}}
name: {{ printf "%s-%s-controller" ( include "custom.namespace" . ) .Values.customDriverName.value }}
name: {{ printf "%s-%s-controller" .Release.Namespace .Values.customDriverName.value }}
{{- else }}
name: {{ .Release.Name }}-controller
{{- end }}
@ -118,7 +118,7 @@ apiVersion: apps/v1
kind: Deployment
metadata:
name: {{ .Release.Name }}-controller
namespace: {{ include "custom.namespace" . }}
namespace: {{ .Release.Namespace }}
{{- if hasKey .Values "authorization" }}
{{- if eq .Values.authorization.enabled true }}
annotations:
@ -345,7 +345,7 @@ spec:
{{- end }}
- name: X_CSI_POWERMAX_DRIVER_NAME
{{- if eq .Values.customDriverName.enabled true}}
value: {{ required "Must provide a driver name" (printf "%s.%s.dellemc.com" ( include "custom.namespace" . ) .Values.customDriverName.value) }}
value: {{ required "Must provide a driver name" (printf "%s.%s.dellemc.com" .Release.Namespace .Values.customDriverName.value) }}
{{- else }}
value: csi-powermax.dellemc.com
{{- end }}
@ -448,7 +448,7 @@ spec:
- name: X_CSI_REVPROXY_TLS_CERT_DIR
value: /app/tls
- name: X_CSI_REVPROXY_WATCH_NAMESPACE
value: {{ include "custom.namespace" . }}
value: {{ .Release.Namespace }}
- name: X_CSI_REVPROXY_IS_LEADER_ENABLED
value: "true"
volumeMounts:

2
charts/dell/csi-powermax/templates/csidriver.yaml
View File

@ -2,7 +2,7 @@ apiVersion: storage.k8s.io/v1
kind: CSIDriver
metadata:
{{- if eq .Values.customDriverName.enabled true}}
name: {{ printf "%s-%s" ( include "custom.namespace" . ) .Values.customDriverName.value }}
name: {{ printf "%s-%s" .Release.Namespace .Values.customDriverName.value }}
{{- else }}
name: csi-powermax
{{- end }}

2
charts/dell/csi-powermax/templates/driver-config-params.yaml
View File

@ -2,7 +2,7 @@ apiVersion: v1
kind: ConfigMap
metadata:
name: {{ .Release.Name }}-config-params
namespace: {{ include "custom.namespace" . }}
namespace: {{ .Release.Namespace }}
data:
driver-config-params.yaml: |
CSI_LOG_LEVEL: {{ .Values.global.logLevel | default "debug" }}

14
charts/dell/csi-powermax/templates/node.yaml
View File

@ -3,13 +3,13 @@ apiVersion: v1
kind: ServiceAccount
metadata:
name: {{ .Release.Name }}-node
namespace: {{ include "custom.namespace" . }}
namespace: {{ .Release.Namespace }}
---
kind: ClusterRole
apiVersion: rbac.authorization.k8s.io/v1
metadata:
{{- if eq .Values.customDriverName.enabled true}}
name: {{ printf "%s-%s-node" ( include "custom.namespace" . ) .Values.customDriverName.value }}
name: {{ printf "%s-%s-node" .Release.Namespace .Values.customDriverName.value }}
{{- else }}
name: {{ .Release.Name }}-node
{{- end }}
@ -43,18 +43,18 @@ kind: ClusterRoleBinding
apiVersion: rbac.authorization.k8s.io/v1
metadata:
{{- if eq .Values.customDriverName.enabled true}}
name: {{ printf "%s-%s-node" ( include "custom.namespace" . ) .Values.customDriverName.value }}
name: {{ printf "%s-%s-node" .Release.Namespace .Values.customDriverName.value }}
{{- else }}
name: {{ .Release.Name }}-node
{{- end }}
subjects:
- kind: ServiceAccount
name: {{ .Release.Name }}-node
namespace: {{ include "custom.namespace" . }}
namespace: {{ .Release.Namespace }}
roleRef:
kind: ClusterRole
{{- if eq .Values.customDriverName.enabled true}}
name: {{ printf "%s-%s-node" ( include "custom.namespace" . ) .Values.customDriverName.value }}
name: {{ printf "%s-%s-node" .Release.Namespace .Values.customDriverName.value }}
{{- else }}
name: {{ .Release.Name }}-node
{{- end }}
@ -65,7 +65,7 @@ kind: DaemonSet
apiVersion: apps/v1
metadata:
name: {{ .Release.Name }}-node
namespace: {{ include "custom.namespace" . }}
namespace: {{ .Release.Namespace }}
{{- if hasKey .Values "authorization" }}
{{- if eq .Values.authorization.enabled true }}
annotations:
@ -113,7 +113,7 @@ spec:
env:
- name: X_CSI_POWERMAX_DRIVER_NAME
{{- if eq .Values.customDriverName.enabled true }}
value: {{ required "Must provide a driver name" (printf "%s.%s.dellemc.com" ( include "custom.namespace" . ) .Values.customDriverName.value) }}
value: {{ required "Must provide a driver name" (printf "%s.%s.dellemc.com" .Release.Namespace .Values.customDriverName.value) }}
{{- else }}
value: csi-powermax.dellemc.com
{{- end }}

39
charts/dell/csi-powermax/values.yaml
View File

@ -49,7 +49,7 @@ global:
# Current version of the driver
# Don't modify this value as this value will be used by the install script
version: "v2.6.0"
version: "v2.7.0"
images:
# "driver" defines the container image, used for the driver container.
@ -255,8 +255,8 @@ enableCHAP: false
csireverseproxy:
# image: Define the container images used for the reverse proxy
# Default value: None
# Example: "csipowermax-reverseproxy:v2.5.0"
image: dellemc/csipowermax-reverseproxy:v2.5.0
# Example: "csipowermax-reverseproxy:v2.6.0"
image: dellemc/csipowermax-reverseproxy:v2.6.0
# "tlsSecret" defines the TLS secret that is created with certificate
# and its associated key
# Default value: None
@ -277,9 +277,21 @@ csireverseproxy:
# Default value: None
# Example: "StandAlone"
mode: StandAlone
# Optionally, uncomment and specify the name of the pre-created namespace to install the sidecar in it
# namespace:
# Auto-create TLS certificate for csi-reverseproxy
certManager:
# Set selfSignedCert to use a self-signed certificate
# Default value: true
selfSignedCert: true
# certificateFile has tls.key content in encoded format
# Allowed Values:
# - encoded base64 value of tls.crt: cat tls.crt | base64
# - comment the param, if selfsigned should be used
certificateFile: tls.crt.encoded64
# privateKeyFile has tls.key content in encoded format
# Allowed Values:
# - encoded base64 value of tls.key: cat tls.key | base64
# - comment the param, if selfsigned should be used
privateKeyFile: tls.key.encoded64
# clusterPrefix: Define a prefix that is appended onto
# all resources created in the Array
# This should be unique per K8s/CSI deployment
@ -363,7 +375,7 @@ replication:
enabled: false
# Change this to use any specific version of the dell-csi-replicator sidecar
# Default value: None
image: dellemc/dell-csi-replicator:v1.4.0
image: dellemc/dell-csi-replicator:v1.5.0
# replicationContextPrefix enables side cars to read
# required information from the volume context
# Default value: "powermax"
@ -384,10 +396,10 @@ migration:
enabled: false
# Change this to use any specific version of the dell-csi-migrator sidecar
# Default value: None
image: dellemc/dell-csi-migrator:v1.1.0
image: dellemc/dell-csi-migrator:v1.1.1
# Node rescan sidecar does a rescan on nodes for identifying new paths
# Default value: dellemc/dell-csi-node-rescanner:v1.0.0
nodeRescanSidecarImage: dellemc/dell-csi-node-rescanner:v1.0.0
# Default value: dellemc/dell-csi-node-rescanner:v1.0.1
nodeRescanSidecarImage: dellemc/dell-csi-node-rescanner:v1.0.1
# migrationPrefix: Determine if migration is enabled
# Default value: "migration.storage.dell.com"
# Examples: "migration.storage.dell.com"
@ -403,8 +415,8 @@ migration:
authorization:
enabled: false
# sidecarProxyImage: the container image used for the csm-authorization-sidecar.
# Default value: dellemc/csm-authorization-sidecar:v1.6.0
sidecarProxyImage: dellemc/csm-authorization-sidecar:v1.6.0
# Default value: dellemc/csm-authorization-sidecar:v1.7.0
sidecarProxyImage: dellemc/csm-authorization-sidecar:v1.7.0
# proxyHost: hostname of the csm-authorization server
# Default value: None
proxyHost:
@ -435,6 +447,3 @@ vSphere:
vCenterHost: "00.000.000.00"
# vCenterCredSecret: secret name for the vCenter credentials
vCenterCredSecret: vcenter-creds
# Optionally, uncomment and specify the name of the pre-created namespace to install the driver in it
# namespace:

10
charts/dell/csi-powerstore/Chart.yaml
View File

@ -1,10 +1,10 @@
annotations:
catalog.cattle.io/certified: partner
catalog.cattle.io/display-name: Dell CSI PowerStore
catalog.cattle.io/kube-version: '>= 1.22.0 < 1.27.0'
catalog.cattle.io/release-name: csi-powerstore
catalog.cattle.io/kube-version: '>= 1.22.0 < 1.28.0'
catalog.cattle.io/release-name: powerstore
apiVersion: v2
appVersion: 2.6.0
appVersion: 2.7.0
description: 'PowerStore CSI (Container Storage Interface) driver Kubernetes integration.
This chart includes everything required to provision via CSI as well as a PowerStore
StorageClass. '
@ -13,10 +13,10 @@ icon: https://partner-charts.rancher.io/assets/logos/dell.png
keywords:
- csi
- storage
kubeVersion: '>= 1.22.0 < 1.27.0'
kubeVersion: '>= 1.22.0 < 1.28.0'
maintainers:
- name: DellEMC
name: csi-powerstore
sources:
- https://github.com/dell/csi-powerstore
version: 2.6.0
version: 2.7.0

24
charts/dell/csi-powerstore/templates/_helpers.tpl
View File

@ -3,48 +3,48 @@ Return the appropriate sidecar images based on k8s version
*/}}
{{- define "csi-powerstore.attacherImage" -}}
{{- if eq .Capabilities.KubeVersion.Major "1" }}
{{- if and (ge (trimSuffix "+" .Capabilities.KubeVersion.Minor) "22") (le (trimSuffix "+" .Capabilities.KubeVersion.Minor) "26") -}}
{{- print "k8s.gcr.io/sig-storage/csi-attacher:v4.2.0" -}}
{{- if and (ge (trimSuffix "+" .Capabilities.KubeVersion.Minor) "22") (le (trimSuffix "+" .Capabilities.KubeVersion.Minor) "27") -}}
{{- print "registry.k8s.io/sig-storage/csi-attacher:v4.3.0" -}}
{{- end -}}
{{- end -}}
{{- end -}}
{{- define "csi-powerstore.provisionerImage" -}}
{{- if eq .Capabilities.KubeVersion.Major "1" }}
{{- if and (ge (trimSuffix "+" .Capabilities.KubeVersion.Minor) "22") (le (trimSuffix "+" .Capabilities.KubeVersion.Minor) "26") -}}
{{- print "k8s.gcr.io/sig-storage/csi-provisioner:v3.4.0" -}}
{{- if and (ge (trimSuffix "+" .Capabilities.KubeVersion.Minor) "22") (le (trimSuffix "+" .Capabilities.KubeVersion.Minor) "27") -}}
{{- print "registry.k8s.io/sig-storage/csi-provisioner:v3.5.0" -}}
{{- end -}}
{{- end -}}
{{- end -}}
{{- define "csi-powerstore.snapshotterImage" -}}
{{- if eq .Capabilities.KubeVersion.Major "1" }}
{{- if and (ge (trimSuffix "+" .Capabilities.KubeVersion.Minor) "22") (le (trimSuffix "+" .Capabilities.KubeVersion.Minor) "26") -}}
{{- print "k8s.gcr.io/sig-storage/csi-snapshotter:v6.2.1" -}}
{{- if and (ge (trimSuffix "+" .Capabilities.KubeVersion.Minor) "22") (le (trimSuffix "+" .Capabilities.KubeVersion.Minor) "27") -}}
{{- print "registry.k8s.io/sig-storage/csi-snapshotter:v6.2.2" -}}
{{- end -}}
{{- end -}}
{{- end -}}
{{- define "csi-powerstore.resizerImage" -}}
{{- if eq .Capabilities.KubeVersion.Major "1" }}
{{- if and (ge (trimSuffix "+" .Capabilities.KubeVersion.Minor) "22") (le (trimSuffix "+" .Capabilities.KubeVersion.Minor) "26") -}}
{{- print "k8s.gcr.io/sig-storage/csi-resizer:v1.7.0" -}}
{{- if and (ge (trimSuffix "+" .Capabilities.KubeVersion.Minor) "22") (le (trimSuffix "+" .Capabilities.KubeVersion.Minor) "27") -}}
{{- print "registry.k8s.io/sig-storage/csi-resizer:v1.8.0" -}}
{{- end -}}
{{- end -}}
{{- end -}}
{{- define "csi-powerstore.registrarImage" -}}
{{- if eq .Capabilities.KubeVersion.Major "1" }}
{{- if and (ge (trimSuffix "+" .Capabilities.KubeVersion.Minor) "22") (le (trimSuffix "+" .Capabilities.KubeVersion.Minor) "26") -}}
{{- print "k8s.gcr.io/sig-storage/csi-node-driver-registrar:v2.6.3" -}}
{{- if and (ge (trimSuffix "+" .Capabilities.KubeVersion.Minor) "22") (le (trimSuffix "+" .Capabilities.KubeVersion.Minor) "27") -}}
{{- print "registry.k8s.io/sig-storage/csi-node-driver-registrar:v2.8.0" -}}
{{- end -}}
{{- end -}}
{{- end -}}
{{- define "csi-powerstore.healthmonitorImage" -}}
{{- if eq .Capabilities.KubeVersion.Major "1" }}
{{- if and (ge (trimSuffix "+" .Capabilities.KubeVersion.Minor) "22") (le (trimSuffix "+" .Capabilities.KubeVersion.Minor) "26") -}}
{{- print "gcr.io/k8s-staging-sig-storage/csi-external-health-monitor-controller:v0.8.0" -}}
{{- if and (ge (trimSuffix "+" .Capabilities.KubeVersion.Minor) "22") (le (trimSuffix "+" .Capabilities.KubeVersion.Minor) "27") -}}
{{- print "registry.k8s.io/sig-storage/csi-external-health-monitor-controller:v0.9.0" -}}
{{- end -}}
{{- end -}}
{{- end -}}

2
charts/dell/csi-powerstore/templates/controller.yaml
View File

@ -1,6 +1,6 @@
#
#
# Copyright © 2020-2022 Dell Inc. or its subsidiaries. All Rights Reserved.
# Copyright © 2020-2023 Dell Inc. or its subsidiaries. All Rights Reserved.
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.

4
charts/dell/csi-powerstore/templates/node.yaml
View File

@ -1,6 +1,6 @@
#
#
# Copyright © 2020-2022 Dell Inc. or its subsidiaries. All Rights Reserved.
# Copyright © 2020-2023 Dell Inc. or its subsidiaries. All Rights Reserved.
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
@ -105,7 +105,7 @@ spec:
tolerations:
{{- toYaml .Values.node.tolerations | nindent 6 }}
{{ end }}
serviceAccount: {{ .Release.Name }}-node
serviceAccountName: {{ .Release.Name }}-node
dnsPolicy: ClusterFirstWithHostNet
hostNetwork: true
hostIPC: true

10
charts/dell/csi-powerstore/values.yaml
View File

@ -1,6 +1,6 @@
#
#
# Copyright © 2020-2022 Dell Inc. or its subsidiaries. All Rights Reserved.
# Copyright © 2020-2023 Dell Inc. or its subsidiaries. All Rights Reserved.
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
@ -23,7 +23,7 @@
driverName: "csi-powerstore.dellemc.com"
# Driver version required to pull the latest driver image
version: "v2.6.0"
version: "v2.7.0"
# Specify kubelet config dir path.
# Ensure that the config.yaml file is present at this path.
@ -151,7 +151,7 @@ controller:
# image: Image to use for dell-csi-replicator. This shouldn't be changed
# Allowed values: string
# Default value: None
image: dellemc/dell-csi-replicator:v1.4.0
image: dellemc/dell-csi-replicator:v1.5.0
# replicationContextPrefix: prefix to use for naming of resources created by replication feature
# Allowed values: string
@ -164,7 +164,7 @@ controller:
replicationPrefix: "replication.storage.dell.com"
# Image for csi-metadata-retriever
metadataretriever: dellemc/csi-metadata-retriever:v1.3.0
metadataretriever: dellemc/csi-metadata-retriever:v1.4.0
# nodeSelector: Define node selection constraints for controller pods.
# For the pod to be eligible to run on a node, the node must have each
@ -311,7 +311,7 @@ storageCapacity:
# Enable this feature only after contact support for additional information
podmon:
enabled: false
image: dellemc/podmon:v1.5.0
image: dellemc/podmon:v1.6.0
#controller:
# args:
# - "--csisock=unix:/var/run/csi/csi.sock"

11
charts/dell/csi-unity/Chart.yaml
View File

@ -1,11 +1,10 @@
annotations:
catalog.cattle.io/certified: partner
catalog.cattle.io/display-name: Dell CSI Unity
catalog.cattle.io/kube-version: '>= 1.24.0 < 1.27.0'
catalog.cattle.io/namespace: unity
catalog.cattle.io/release-name: csi-unity
catalog.cattle.io/kube-version: '>= 1.24.0 < 1.28.0'
catalog.cattle.io/release-name: unity
apiVersion: v1
appVersion: 2.6.0
appVersion: 2.7.0
description: 'Unity XT CSI (Container Storage Interface) driver Kubernetes integration.
This chart includes everything required to provision via CSI as well as a Unity
XT StorageClass. '
@ -13,10 +12,10 @@ icon: https://partner-charts.rancher.io/assets/logos/dell.png
keywords:
- csi
- storage
kubeVersion: '>= 1.24.0 < 1.27.0'
kubeVersion: '>= 1.24.0 < 1.28.0'
maintainers:
- name: DellEMC
name: csi-unity
sources:
- https://github.com/dell/csi-unity
version: 2.6.0
version: 2.7.0

26
charts/dell/csi-unity/templates/_helpers.tpl
View File

@ -3,48 +3,48 @@ Return the appropriate sidecar images based on k8s version
*/}}
{{- define "csi-unity.attacherImage" -}}
{{- if eq .Capabilities.KubeVersion.Major "1" }}
{{- if and (ge (trimSuffix "+" .Capabilities.KubeVersion.Minor) "22") (le (trimSuffix "+" .Capabilities.KubeVersion.Minor) "26") -}}
{{- print "k8s.gcr.io/sig-storage/csi-attacher:v4.2.0" -}}
{{- if and (ge (trimSuffix "+" .Capabilities.KubeVersion.Minor) "24") (le (trimSuffix "+" .Capabilities.KubeVersion.Minor) "27") -}}
{{- print "registry.k8s.io/sig-storage/csi-attacher:v4.3.0" -}}
{{- end -}}
{{- end -}}
{{- end -}}
{{- define "csi-unity.provisionerImage" -}}
{{- if eq .Capabilities.KubeVersion.Major "1" }}
{{- if and (ge (trimSuffix "+" .Capabilities.KubeVersion.Minor) "22") (le (trimSuffix "+" .Capabilities.KubeVersion.Minor) "26") -}}
{{- print "k8s.gcr.io/sig-storage/csi-provisioner:v3.4.0" -}}
{{- if and (ge (trimSuffix "+" .Capabilities.KubeVersion.Minor) "24") (le (trimSuffix "+" .Capabilities.KubeVersion.Minor) "27") -}}
{{- print "registry.k8s.io/sig-storage/csi-provisioner:v3.5.0" -}}
{{- end -}}
{{- end -}}
{{- end -}}
{{- define "csi-unity.snapshotterImage" -}}
{{- if eq .Capabilities.KubeVersion.Major "1" }}
{{- if and (ge (trimSuffix "+" .Capabilities.KubeVersion.Minor) "22") (le (trimSuffix "+" .Capabilities.KubeVersion.Minor) "26") -}}
{{- print "k8s.gcr.io/sig-storage/csi-snapshotter:v6.2.1" -}}
{{- if and (ge (trimSuffix "+" .Capabilities.KubeVersion.Minor) "24") (le (trimSuffix "+" .Capabilities.KubeVersion.Minor) "27") -}}
{{- print "registry.k8s.io/sig-storage/csi-snapshotter:v6.2.2" -}}
{{- end -}}
{{- end -}}
{{- end -}}
{{- define "csi-unity.resizerImage" -}}
{{- if eq .Capabilities.KubeVersion.Major "1" }}
{{- if and (ge (trimSuffix "+" .Capabilities.KubeVersion.Minor) "22") (le (trimSuffix "+" .Capabilities.KubeVersion.Minor) "26") -}}
{{- print "k8s.gcr.io/sig-storage/csi-resizer:v1.7.0" -}}
{{- if and (ge (trimSuffix "+" .Capabilities.KubeVersion.Minor) "24") (le (trimSuffix "+" .Capabilities.KubeVersion.Minor) "27") -}}
{{- print "registry.k8s.io/sig-storage/csi-resizer:v1.8.0" -}}
{{- end -}}
{{- end -}}
{{- end -}}
{{- define "csi-unity.registrarImage" -}}
{{- if eq .Capabilities.KubeVersion.Major "1" }}
{{- if and (ge (trimSuffix "+" .Capabilities.KubeVersion.Minor) "22") (le (trimSuffix "+" .Capabilities.KubeVersion.Minor) "26") -}}
{{- print "k8s.gcr.io/sig-storage/csi-node-driver-registrar:v2.6.3" -}}
{{- if and (ge (trimSuffix "+" .Capabilities.KubeVersion.Minor) "24") (le (trimSuffix "+" .Capabilities.KubeVersion.Minor) "27") -}}
{{- print "registry.k8s.io/sig-storage/csi-node-driver-registrar:v2.8.0" -}}
{{- end -}}
{{- end -}}
{{- end -}}
{{- define "csi-unity.healthmonitorImage" -}}
{{- if eq .Capabilities.KubeVersion.Major "1" }}
{{- if and (ge (trimSuffix "+" .Capabilities.KubeVersion.Minor) "22") (le (trimSuffix "+" .Capabilities.KubeVersion.Minor) "26") -}}
{{- print "gcr.io/k8s-staging-sig-storage/csi-external-health-monitor-controller:v0.8.0" -}}
{{- if and (ge (trimSuffix "+" .Capabilities.KubeVersion.Minor) "24") (le (trimSuffix "+" .Capabilities.KubeVersion.Minor) "27") -}}
{{- print "registry.k8s.io/sig-storage/csi-external-health-monitor-controller:v0.9.0" -}}
{{- end -}}
{{- end -}}
{{- end -}}
{{- end -}}

47
charts/dell/csi-unity/values.yaml
View File

@ -3,8 +3,8 @@
# version: version of this values file
# Note: Do not change this value
# Examples : "v2.6.0" , "nightly"
version: "v2.6.0"
# Examples : "v2.7.0" , "nightly"
version: "v2.7.0"
# LogLevel is used to set the logging level of the driver.
# Allowed values: "error", "warn"/"warning", "info", "debug"
@ -181,6 +181,7 @@ node:
# - key: "isilon.podmon.storage.dell.com"
# operator: "Exists"
# effect: "NoSchedule"
# CSM module attributes
# service to monitor failing jobs and notify
podmon:
@ -193,27 +194,27 @@ podmon:
# allowed values - string
# default value : None
# Example : "podman:latest", "pod:latest"
image: dellemc/podmon:v1.5.0
# controller:
# args:
# - "--csisock=unix:/var/run/csi/csi.sock"
# - "--labelvalue=csi-unity"
# - "--driverPath=csi-unity.dellemc.com"
# - "--mode=controller"
# - "--skipArrayConnectionValidation=false"
# - "--driver-config-params=/unity-config/driver-config-params.yaml"
# - "--driverPodLabelValue=dell-storage"
# - "--ignoreVolumelessPods=false"
# node:
# args:
# - "--csisock=unix:/var/lib/kubelet/plugins/unity.emc.dell.com/csi_sock"
# - "--labelvalue=csi-unity"
# - "--driverPath=csi-unity.dellemc.com"
# - "--mode=node"
# - "--leaderelection=false"
# - "--driver-config-params=/unity-config/driver-config-params.yaml"
# - "--driverPodLabelValue=dell-storage"
# - "--ignoreVolumelessPods=false"
image: dellemc/podmon:v1.6.0
controller:
args:
- "--csisock=unix:/var/run/csi/csi.sock"
- "--labelvalue=csi-unity"
- "--driverPath=csi-unity.dellemc.com"
- "--mode=controller"
- "--skipArrayConnectionValidation=false"
- "--driver-config-params=/unity-config/driver-config-params.yaml"
- "--driverPodLabelValue=dell-storage"
- "--ignoreVolumelessPods=false"
node:
args:
- "--csisock=unix:/var/lib/kubelet/plugins/unity.emc.dell.com/csi_sock"
- "--labelvalue=csi-unity"
- "--driverPath=csi-unity.dellemc.com"
- "--mode=node"
- "--leaderelection=false"
- "--driver-config-params=/unity-config/driver-config-params.yaml"
- "--driverPodLabelValue=dell-storage"
- "--ignoreVolumelessPods=false"
### The below parameters have been discontinued for configuration from secret.yaml and will have to be configured only in values.yaml

8
charts/dell/csi-vxflexos/Chart.yaml
View File

@ -1,11 +1,11 @@
annotations:
catalog.cattle.io/certified: partner
catalog.cattle.io/display-name: Dell CSI PowerFlex
catalog.cattle.io/kube-version: '>= 1.21.0 < 1.27.0'
catalog.cattle.io/kube-version: '>= 1.21.0 < 1.28.0'
catalog.cattle.io/namespace: vxflexos
catalog.cattle.io/release-name: vxflexos
apiVersion: v2
appVersion: 2.6.0
appVersion: 2.7.0
description: 'VxFlex OS CSI (Container Storage Interface) driver Kubernetes integration.
This chart includes everything required to provision via CSI as well as a VxFlex
OS StorageClass. '
@ -13,10 +13,10 @@ icon: https://partner-charts.rancher.io/assets/logos/dell.png
keywords:
- csi
- storage
kubeVersion: '>= 1.21.0 < 1.27.0'
kubeVersion: '>= 1.21.0 < 1.28.0'
maintainers:
- name: DellEMC
name: csi-vxflexos
sources:
- https://github.com/dell/csi-vxflexos
version: 2.6.0
version: 2.7.0

24
charts/dell/csi-vxflexos/templates/_helpers.tpl
View File

@ -3,48 +3,48 @@ Return the appropriate sidecar images based on k8s version
*/}}
{{- define "csi-vxflexos.attacherImage" -}}
{{- if eq .Capabilities.KubeVersion.Major "1" }}
{{- if and (ge (trimSuffix "+" .Capabilities.KubeVersion.Minor) "21") (le (trimSuffix "+" .Capabilities.KubeVersion.Minor) "26") -}}
{{- print "k8s.gcr.io/sig-storage/csi-attacher:v4.2.0" -}}
{{- if and (ge (trimSuffix "+" .Capabilities.KubeVersion.Minor) "21") (le (trimSuffix "+" .Capabilities.KubeVersion.Minor) "27") -}}
{{- print "registry.k8s.io/sig-storage/csi-attacher:v4.3.0" -}}
{{- end -}}
{{- end -}}
{{- end -}}
{{- define "csi-vxflexos.provisionerImage" -}}
{{- if eq .Capabilities.KubeVersion.Major "1" }}
{{- if and (ge (trimSuffix "+" .Capabilities.KubeVersion.Minor) "21") (le (trimSuffix "+" .Capabilities.KubeVersion.Minor) "26") -}}
{{- print "k8s.gcr.io/sig-storage/csi-provisioner:v3.4.0" -}}
{{- if and (ge (trimSuffix "+" .Capabilities.KubeVersion.Minor) "21") (le (trimSuffix "+" .Capabilities.KubeVersion.Minor) "27") -}}
{{- print "registry.k8s.io/sig-storage/csi-provisioner:v3.5.0" -}}
{{- end -}}
{{- end -}}
{{- end -}}
{{- define "csi-vxflexos.snapshotterImage" -}}
{{- if eq .Capabilities.KubeVersion.Major "1" }}
{{- if and (ge (trimSuffix "+" .Capabilities.KubeVersion.Minor) "21") (le (trimSuffix "+" .Capabilities.KubeVersion.Minor) "26") -}}
{{- print "k8s.gcr.io/sig-storage/csi-snapshotter:v6.2.1" -}}
{{- if and (ge (trimSuffix "+" .Capabilities.KubeVersion.Minor) "21") (le (trimSuffix "+" .Capabilities.KubeVersion.Minor) "27") -}}
{{- print "registry.k8s.io/sig-storage/csi-snapshotter:v6.2.2" -}}
{{- end -}}
{{- end -}}
{{- end -}}
{{- define "csi-vxflexos.resizerImage" -}}
{{- if eq .Capabilities.KubeVersion.Major "1" }}
{{- if and (ge (trimSuffix "+" .Capabilities.KubeVersion.Minor) "21") (le (trimSuffix "+" .Capabilities.KubeVersion.Minor) "26") -}}
{{- print "k8s.gcr.io/sig-storage/csi-resizer:v1.7.0" -}}
{{- if and (ge (trimSuffix "+" .Capabilities.KubeVersion.Minor) "21") (le (trimSuffix "+" .Capabilities.KubeVersion.Minor) "27") -}}
{{- print "registry.k8s.io/sig-storage/csi-resizer:v1.8.0" -}}
{{- end -}}
{{- end -}}
{{- end -}}
{{- define "csi-vxflexos.registrarImage" -}}
{{- if eq .Capabilities.KubeVersion.Major "1" }}
{{- if and (ge (trimSuffix "+" .Capabilities.KubeVersion.Minor) "21") (le (trimSuffix "+" .Capabilities.KubeVersion.Minor) "26") -}}
{{- print "k8s.gcr.io/sig-storage/csi-node-driver-registrar:v2.6.3" -}}
{{- if and (ge (trimSuffix "+" .Capabilities.KubeVersion.Minor) "21") (le (trimSuffix "+" .Capabilities.KubeVersion.Minor) "27") -}}
{{- print "registry.k8s.io/sig-storage/csi-node-driver-registrar:v2.8.0" -}}
{{- end -}}
{{- end -}}
{{- end -}}
{{- define "csi-vxflexos.healthmonitorImage" -}}
{{- if eq .Capabilities.KubeVersion.Major "1" }}
{{- if and (ge (trimSuffix "+" .Capabilities.KubeVersion.Minor) "21") (le (trimSuffix "+" .Capabilities.KubeVersion.Minor) "26") -}}
{{- print "gcr.io/k8s-staging-sig-storage/csi-external-health-monitor-controller:v0.8.0" -}}
{{- if and (ge (trimSuffix "+" .Capabilities.KubeVersion.Minor) "21") (le (trimSuffix "+" .Capabilities.KubeVersion.Minor) "27") -}}
{{- print "registry.k8s.io/sig-storage/csi-external-health-monitor-controller:v0.9.0" -}}
{{- end -}}
{{- end -}}
{{- end -}}

10
charts/dell/csi-vxflexos/values.yaml
View File

@ -3,7 +3,7 @@
# "version" is used to verify the values file matches driver version
# Not recommend to change
version: v2.6.0
version: v2.7.0
images:
# "driver" defines the container image, used for the driver container.
@ -95,7 +95,7 @@ controller:
# image: Image to use for dell-csi-replicator. This shouldn't be changed
# Allowed values: string
# Default value: None
image: dellemc/dell-csi-replicator:v1.4.0
image: dellemc/dell-csi-replicator:v1.5.0
# replicationContextPrefix: prefix to use for naming of resources created by replication feature
# Allowed values: string
@ -277,7 +277,7 @@ vgsnapshotter:
# Enable this feature only after contact support for additional information
podmon:
enabled: false
image: dellemc/podmon:v1.5.0
image: dellemc/podmon:v1.6.0
#controller:
# args:
# - "--csisock=unix:/var/run/csi/csi.sock"
@ -308,8 +308,8 @@ authorization:
enabled: false
# sidecarProxyImage: the container image used for the csm-authorization-sidecar.
# Default value: dellemc/csm-authorization-sidecar:v1.6.0
sidecarProxyImage: dellemc/csm-authorization-sidecar:v1.6.0
# Default value: dellemc/csm-authorization-sidecar:v1.7.0
sidecarProxyImage: dellemc/csm-authorization-sidecar:v1.7.0
# proxyHost: hostname of the csm-authorization server
# Default value: None

4
charts/external-secrets/external-secrets/Chart.yaml
View File

@ -4,7 +4,7 @@ annotations:
catalog.cattle.io/kube-version: '>= 1.19.0-0'
catalog.cattle.io/release-name: external-secrets
apiVersion: v2
appVersion: v0.8.3
appVersion: v0.9.0
description: External secret management for Kubernetes
home: https://github.com/external-secrets/external-secrets
icon: https://raw.githubusercontent.com/external-secrets/external-secrets/main/assets/eso-logo-large.png
@ -17,4 +17,4 @@ maintainers:
name: mcavoyk
name: external-secrets
type: application
version: 0.8.3
version: 0.9.0

10
charts/external-secrets/external-secrets/README.md
View File

@ -4,7 +4,7 @@
[//]: # (README.md generated by gotmpl. DO NOT EDIT.)
![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square) ![Version: 0.8.3](https://img.shields.io/badge/Version-0.8.3-informational?style=flat-square)
![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square) ![Version: 0.9.0](https://img.shields.io/badge/Version-0.9.0-informational?style=flat-square)
External secret management for Kubernetes
@ -82,6 +82,7 @@ The command removes all the Kubernetes components associated with the chart and
| certController.serviceMonitor.scrapeTimeout | string | `"25s"` | Timeout if metrics can't be retrieved in given time interval |
| certController.tolerations | list | `[]` | |
| certController.topologySpreadConstraints | list | `[]` | |
| commonLabels | object | `{}` | Additional labels added to all helm chart resources. |
| concurrent | int | `1` | Specifies the number of concurrent ExternalSecret Reconciles external-secret executes at a time. |
| controllerClass | string | `""` | If set external secrets will filter matching Secret Stores with the appropriate controller values. |
| crds.annotations | object | `{}` | |
@ -151,6 +152,13 @@ The command removes all the Kubernetes components associated with the chart and
| webhook.affinity | object | `{}` | |
| webhook.certCheckInterval | string | `"5m"` | Specifices the time to check if the cert is valid |
| webhook.certDir | string | `"/tmp/certs"` | |
| webhook.certManager.addInjectorAnnotations | bool | `true` | Automatically add the cert-manager.io/inject-ca-from annotation to the webhooks and CRDs. As long as you have the cert-manager CA Injector enabled, this will automatically setup your webhook's CA to the one used by cert-manager. See https://cert-manager.io/docs/concepts/ca-injector |
| webhook.certManager.cert.annotations | object | `{}` | Add extra annotations to the Certificate resource. |
| webhook.certManager.cert.create | bool | `true` | Create a certificate resource within this chart. See https://cert-manager.io/docs/usage/certificate/ |
| webhook.certManager.cert.duration | string | `""` | Set the requested duration (i.e. lifetime) of the Certificate. See https://cert-manager.io/docs/reference/api-docs/#cert-manager.io/v1.CertificateSpec |
| webhook.certManager.cert.issuerRef | object | `{"group":"cert-manager.io","kind":"Issuer","name":"my-issuer"}` | For the Certificate created by this chart, setup the issuer. See https://cert-manager.io/docs/reference/api-docs/#cert-manager.io/v1.IssuerSpec |
| webhook.certManager.cert.renewBefore | string | `""` | How long before the currently issued certificates expiry cert-manager should renew the certificate. See https://cert-manager.io/docs/reference/api-docs/#cert-manager.io/v1.CertificateSpec Note that renewBefore should be greater than .webhook.lookaheadInterval since the webhook will check this far in advance that the certificate is valid. |
| webhook.certManager.enabled | bool | `false` | Enabling cert-manager support will disable the built in secret and switch to using cert-manager (installed separately) to automatically issue and renew the webhook certificate. This chart does not install cert-manager for you, See https://cert-manager.io/docs/ |
| webhook.create | bool | `true` | Specifies whether a webhook deployment be created. |
| webhook.deploymentAnnotations | object | `{}` | Annotations to add to Deployment |
| webhook.extraArgs | object | `{}` | |

15
charts/external-secrets/external-secrets/templates/_helpers.tpl
View File

@ -40,6 +40,9 @@ helm.sh/chart: {{ include "external-secrets.chart" . }}
app.kubernetes.io/version: {{ .Chart.AppVersion | quote }}
{{- end }}
app.kubernetes.io/managed-by: {{ .Release.Service }}
{{- with .Values.commonLabels }}
{{ toYaml . }}
{{- end }}
{{- end }}
{{- define "external-secrets-webhook.labels" -}}
@ -49,11 +52,17 @@ helm.sh/chart: {{ include "external-secrets.chart" . }}
app.kubernetes.io/version: {{ .Chart.AppVersion | quote }}
{{- end }}
app.kubernetes.io/managed-by: {{ .Release.Service }}
{{- with .Values.commonLabels }}
{{ toYaml . }}
{{- end }}
{{- end }}
{{- define "external-secrets-webhook-metrics.labels" -}}
{{ include "external-secrets-webhook.selectorLabels" . }}
app.kubernetes.io/metrics: "webhook"
{{- with .Values.commonLabels }}
{{ toYaml . }}
{{- end }}
{{- end }}
{{- define "external-secrets-cert-controller.labels" -}}
@ -63,11 +72,17 @@ helm.sh/chart: {{ include "external-secrets.chart" . }}
app.kubernetes.io/version: {{ .Chart.AppVersion | quote }}
{{- end }}
app.kubernetes.io/managed-by: {{ .Release.Service }}
{{- with .Values.commonLabels }}
{{ toYaml . }}
{{- end }}
{{- end }}
{{- define "external-secrets-cert-controller-metrics.labels" -}}
{{ include "external-secrets-cert-controller.selectorLabels" . }}
app.kubernetes.io/metrics: "cert-controller"
{{- with .Values.commonLabels }}
{{ toYaml . }}
{{- end }}
{{- end }}
{{/*

5
charts/external-secrets/external-secrets/templates/crds/acraccesstoken.yaml
View File

@ -6,7 +6,10 @@ metadata:
{{- with .Values.crds.annotations }}
{{- toYaml . | nindent 4}}
{{- end }}
controller-gen.kubebuilder.io/version: v0.11.4
{{- if and .Values.crds.conversion.enabled .Values.webhook.certManager.enabled .Values.webhook.certManager.addInjectorAnnotations }}
cert-manager.io/inject-ca-from: {{ .Release.Namespace }}/{{ include "external-secrets.fullname" . }}-webhook
{{- end }}
controller-gen.kubebuilder.io/version: v0.12.0
name: acraccesstokens.generators.external-secrets.io
spec:
group: generators.external-secrets.io

17
charts/external-secrets/external-secrets/templates/crds/clusterexternalsecret.yaml
View File

@ -6,7 +6,10 @@ metadata:
{{- with .Values.crds.annotations }}
{{- toYaml . | nindent 4}}
{{- end }}
controller-gen.kubebuilder.io/version: v0.11.4
{{- if and .Values.crds.conversion.enabled .Values.webhook.certManager.enabled .Values.webhook.certManager.addInjectorAnnotations }}
cert-manager.io/inject-ca-from: {{ .Release.Namespace }}/{{ include "external-secrets.fullname" . }}-webhook
{{- end }}
controller-gen.kubebuilder.io/version: v0.12.0
name: clusterexternalsecrets.external-secrets.io
spec:
group: external-secrets.io
@ -50,6 +53,18 @@ spec:
spec:
description: ClusterExternalSecretSpec defines the desired state of ClusterExternalSecret.
properties:
externalSecretMetadata:
description: The metadata of the external secrets to be created
properties:
annotations:
additionalProperties:
type: string
type: object
labels:
additionalProperties:
type: string
type: object
type: object
externalSecretName:
description: The name of the external secrets to be created defaults to the name of the ClusterExternalSecret
type: string

75
charts/external-secrets/external-secrets/templates/crds/clustersecretstore.yaml
View File

@ -6,7 +6,10 @@ metadata:
{{- with .Values.crds.annotations }}
{{- toYaml . | nindent 4}}
{{- end }}
controller-gen.kubebuilder.io/version: v0.11.4
{{- if and .Values.crds.conversion.enabled .Values.webhook.certManager.enabled .Values.webhook.certManager.addInjectorAnnotations }}
cert-manager.io/inject-ca-from: {{ .Release.Namespace }}/{{ include "external-secrets.fullname" . }}-webhook
{{- end }}
controller-gen.kubebuilder.io/version: v0.12.0
name: clustersecretstores.external-secrets.io
spec:
group: external-secrets.io
@ -1496,6 +1499,24 @@ spec:
- SecretsManager
- ParameterStore
type: string
sessionTags:
description: AWS STS assume role session tags
items:
properties:
key:
type: string
value:
type: string
required:
- key
- value
type: object
type: array
transitiveTagKeys:
description: AWS STS assume role transitive session tags. Required when multiple rules are used with SecretStore
items:
type: string
type: array
required:
- region
- service
@ -1579,6 +1600,57 @@ spec:
required:
- vaultUrl
type: object
conjur:
description: Conjur configures this store to sync secrets using conjur provider
properties:
auth:
properties:
apikey:
properties:
account:
type: string
apiKeyRef:
description: A reference to a specific 'key' within a Secret resource, In some instances, `key` is a required field.
properties:
key:
description: The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be defaulted, in others it may be required.
type: string
name:
description: The name of the Secret resource being referred to.
type: string
namespace:
description: Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults to the namespace of the referent.
type: string
type: object
userRef:
description: A reference to a specific 'key' within a Secret resource, In some instances, `key` is a required field.
properties:
key:
description: The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be defaulted, in others it may be required.
type: string
name:
description: The name of the Secret resource being referred to.
type: string
namespace:
description: Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults to the namespace of the referent.
type: string
type: object
required:
- account
- apiKeyRef
- userRef
type: object
required:
- apikey
type: object
caBundle:
type: string
url:
type: string
required:
- auth
- url
type: object
doppler:
description: Doppler configures this store to sync secrets using the Doppler provider
properties:
@ -1626,6 +1698,7 @@ spec:
- lower-snake
- tf-var
- dotnet-env
- lower-kebab
type: string
project:
description: Doppler project (required if not using a Service Token)

5
charts/external-secrets/external-secrets/templates/crds/ecrauthorizationtoken.yaml
View File

@ -6,7 +6,10 @@ metadata:
{{- with .Values.crds.annotations }}
{{- toYaml . | nindent 4}}
{{- end }}
controller-gen.kubebuilder.io/version: v0.11.4
{{- if and .Values.crds.conversion.enabled .Values.webhook.certManager.enabled .Values.webhook.certManager.addInjectorAnnotations }}
cert-manager.io/inject-ca-from: {{ .Release.Namespace }}/{{ include "external-secrets.fullname" . }}-webhook
{{- end }}
controller-gen.kubebuilder.io/version: v0.12.0
name: ecrauthorizationtokens.generators.external-secrets.io
spec:
group: generators.external-secrets.io

5
charts/external-secrets/external-secrets/templates/crds/externalsecret.yaml
View File

@ -6,7 +6,10 @@ metadata:
{{- with .Values.crds.annotations }}
{{- toYaml . | nindent 4}}
{{- end }}
controller-gen.kubebuilder.io/version: v0.11.4
{{- if and .Values.crds.conversion.enabled .Values.webhook.certManager.enabled .Values.webhook.certManager.addInjectorAnnotations }}
cert-manager.io/inject-ca-from: {{ .Release.Namespace }}/{{ include "external-secrets.fullname" . }}-webhook
{{- end }}
controller-gen.kubebuilder.io/version: v0.12.0
name: externalsecrets.external-secrets.io
spec:
group: external-secrets.io

5
charts/external-secrets/external-secrets/templates/crds/fake.yaml
View File

@ -6,7 +6,10 @@ metadata:
{{- with .Values.crds.annotations }}
{{- toYaml . | nindent 4}}
{{- end }}
controller-gen.kubebuilder.io/version: v0.11.4
{{- if and .Values.crds.conversion.enabled .Values.webhook.certManager.enabled .Values.webhook.certManager.addInjectorAnnotations }}
cert-manager.io/inject-ca-from: {{ .Release.Namespace }}/{{ include "external-secrets.fullname" . }}-webhook
{{- end }}
controller-gen.kubebuilder.io/version: v0.12.0
name: fakes.generators.external-secrets.io
spec:
group: generators.external-secrets.io

5
charts/external-secrets/external-secrets/templates/crds/gcraccesstoken.yaml
View File

@ -6,7 +6,10 @@ metadata:
{{- with .Values.crds.annotations }}
{{- toYaml . | nindent 4}}
{{- end }}
controller-gen.kubebuilder.io/version: v0.11.4
{{- if and .Values.crds.conversion.enabled .Values.webhook.certManager.enabled .Values.webhook.certManager.addInjectorAnnotations }}
cert-manager.io/inject-ca-from: {{ .Release.Namespace }}/{{ include "external-secrets.fullname" . }}-webhook
{{- end }}
controller-gen.kubebuilder.io/version: v0.12.0
name: gcraccesstokens.generators.external-secrets.io
spec:
group: generators.external-secrets.io

5
charts/external-secrets/external-secrets/templates/crds/password.yaml
View File

@ -6,7 +6,10 @@ metadata:
{{- with .Values.crds.annotations }}
{{- toYaml . | nindent 4}}
{{- end }}
controller-gen.kubebuilder.io/version: v0.11.4
{{- if and .Values.crds.conversion.enabled .Values.webhook.certManager.enabled .Values.webhook.certManager.addInjectorAnnotations }}
cert-manager.io/inject-ca-from: {{ .Release.Namespace }}/{{ include "external-secrets.fullname" . }}-webhook
{{- end }}
controller-gen.kubebuilder.io/version: v0.12.0
name: passwords.generators.external-secrets.io
spec:
group: generators.external-secrets.io

5
charts/external-secrets/external-secrets/templates/crds/pushsecret.yaml
View File

@ -6,7 +6,10 @@ metadata:
{{- with .Values.crds.annotations }}
{{- toYaml . | nindent 4}}
{{- end }}
controller-gen.kubebuilder.io/version: v0.11.4
{{- if and .Values.crds.conversion.enabled .Values.webhook.certManager.enabled .Values.webhook.certManager.addInjectorAnnotations }}
cert-manager.io/inject-ca-from: {{ .Release.Namespace }}/{{ include "external-secrets.fullname" . }}-webhook
{{- end }}
controller-gen.kubebuilder.io/version: v0.12.0
name: pushsecrets.external-secrets.io
spec:
group: external-secrets.io

75
charts/external-secrets/external-secrets/templates/crds/secretstore.yaml
View File

@ -6,7 +6,10 @@ metadata:
{{- with .Values.crds.annotations }}
{{- toYaml . | nindent 4}}
{{- end }}
controller-gen.kubebuilder.io/version: v0.11.4
{{- if and .Values.crds.conversion.enabled .Values.webhook.certManager.enabled .Values.webhook.certManager.addInjectorAnnotations }}
cert-manager.io/inject-ca-from: {{ .Release.Namespace }}/{{ include "external-secrets.fullname" . }}-webhook
{{- end }}
controller-gen.kubebuilder.io/version: v0.12.0
name: secretstores.external-secrets.io
spec:
group: external-secrets.io
@ -1496,6 +1499,24 @@ spec:
- SecretsManager
- ParameterStore
type: string
sessionTags:
description: AWS STS assume role session tags
items:
properties:
key:
type: string
value:
type: string
required:
- key
- value
type: object
type: array
transitiveTagKeys:
description: AWS STS assume role transitive session tags. Required when multiple rules are used with SecretStore
items:
type: string
type: array
required:
- region
- service
@ -1579,6 +1600,57 @@ spec:
required:
- vaultUrl
type: object
conjur:
description: Conjur configures this store to sync secrets using conjur provider
properties:
auth:
properties:
apikey:
properties:
account:
type: string
apiKeyRef:
description: A reference to a specific 'key' within a Secret resource, In some instances, `key` is a required field.
properties:
key:
description: The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be defaulted, in others it may be required.
type: string
name:
description: The name of the Secret resource being referred to.
type: string
namespace:
description: Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults to the namespace of the referent.
type: string
type: object
userRef:
description: A reference to a specific 'key' within a Secret resource, In some instances, `key` is a required field.
properties:
key:
description: The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be defaulted, in others it may be required.
type: string
name:
description: The name of the Secret resource being referred to.
type: string
namespace:
description: Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults to the namespace of the referent.
type: string
type: object
required:
- account
- apiKeyRef
- userRef
type: object
required:
- apikey
type: object
caBundle:
type: string
url:
type: string
required:
- auth
- url
type: object
doppler:
description: Doppler configures this store to sync secrets using the Doppler provider
properties:
@ -1626,6 +1698,7 @@ spec:
- lower-snake
- tf-var
- dotnet-env
- lower-kebab
type: string
project:
description: Doppler project (required if not using a Service Token)

5
charts/external-secrets/external-secrets/templates/crds/vaultdynamicsecret.yaml
View File

@ -6,7 +6,10 @@ metadata:
{{- with .Values.crds.annotations }}
{{- toYaml . | nindent 4}}
{{- end }}
controller-gen.kubebuilder.io/version: v0.11.4
{{- if and .Values.crds.conversion.enabled .Values.webhook.certManager.enabled .Values.webhook.certManager.addInjectorAnnotations }}
cert-manager.io/inject-ca-from: {{ .Release.Namespace }}/{{ include "external-secrets.fullname" . }}-webhook
{{- end }}
controller-gen.kubebuilder.io/version: v0.12.0
name: vaultdynamicsecrets.generators.external-secrets.io
spec:
group: generators.external-secrets.io

14
charts/external-secrets/external-secrets/templates/validatingwebhook.yaml
View File

@ -5,6 +5,13 @@ metadata:
name: secretstore-validate
labels:
external-secrets.io/component: webhook
{{- with .Values.commonLabels }}
{{ toYaml . | nindent 4 }}
{{- end }}
{{- if and .Values.webhook.certManager.enabled .Values.webhook.certManager.addInjectorAnnotations }}
annotations:
cert-manager.io/inject-ca-from: {{ .Release.Namespace }}/{{ include "external-secrets.fullname" . }}-webhook
{{- end }}
webhooks:
- name: "validate.secretstore.external-secrets.io"
rules:
@ -44,6 +51,13 @@ metadata:
name: externalsecret-validate
labels:
external-secrets.io/component: webhook
{{- with .Values.commonLabels }}
{{ toYaml . | nindent 4 }}
{{- end }}
{{- if and .Values.webhook.certManager.enabled .Values.webhook.certManager.addInjectorAnnotations }}
annotations:
cert-manager.io/inject-ca-from: {{ .Release.Namespace }}/{{ include "external-secrets.fullname" . }}-webhook
{{- end }}
webhooks:
- name: "validate.externalsecret.external-secrets.io"
rules:

30
charts/external-secrets/external-secrets/templates/webhook-certificate.yaml Normal file
View File

@ -0,0 +1,30 @@
{{- if and .Values.webhook.create .Values.webhook.certManager.enabled .Values.webhook.certManager.cert.create }}
---
apiVersion: cert-manager.io/v1
kind: Certificate
metadata:
name: {{ include "external-secrets.fullname" . }}-webhook
namespace: {{ .Release.Namespace | quote }}
labels:
{{- include "external-secrets-webhook.labels" . | nindent 4 }}
external-secrets.io/component: webhook
{{- with .Values.webhook.certManager.cert.annotations }}
annotations:
{{- toYaml . | nindent 4 }}
{{- end }}
spec:
commonName: {{ include "external-secrets.fullname" . }}-webhook
dnsNames:
- {{ include "external-secrets.fullname" . }}-webhook
- {{ include "external-secrets.fullname" . }}-webhook.{{ .Release.Namespace }}
- {{ include "external-secrets.fullname" . }}-webhook.{{ .Release.Namespace }}.svc
issuerRef:
{{- toYaml .Values.webhook.certManager.cert.issuerRef | nindent 4 }}
{{- with .Values.webhook.certManager.cert.duration }}
duration: {{ . | quote }}
{{- end }}
{{- with .Values.webhook.certManager.cert.renewBefore }}
renewBefore: {{ . | quote }}
{{- end }}
secretName: {{ include "external-secrets.fullname" . }}-webhook
{{- end }}

2
charts/external-secrets/external-secrets/templates/webhook-secret.yaml
View File

@ -1,4 +1,4 @@
{{- if .Values.webhook.create }}
{{- if and .Values.webhook.create (not .Values.webhook.certManager.enabled) }}
apiVersion: v1
kind: Secret
metadata:

6
charts/external-secrets/external-secrets/tests/__snapshot__/cert_controller_test.yaml.snap
View File

@ -7,8 +7,8 @@ should match snapshot of default values:
app.kubernetes.io/instance: RELEASE-NAME
app.kubernetes.io/managed-by: Helm
app.kubernetes.io/name: external-secrets-cert-controller
app.kubernetes.io/version: v0.8.3
helm.sh/chart: external-secrets-0.8.3
app.kubernetes.io/version: v0.9.0
helm.sh/chart: external-secrets-0.9.0
name: RELEASE-NAME-external-secrets-cert-controller
namespace: NAMESPACE
spec:
@ -33,7 +33,7 @@ should match snapshot of default values:
- --service-namespace=NAMESPACE
- --secret-name=RELEASE-NAME-external-secrets-webhook
- --secret-namespace=NAMESPACE
image: ghcr.io/external-secrets/external-secrets:v0.8.3
image: ghcr.io/external-secrets/external-secrets:v0.9.0
imagePullPolicy: IfNotPresent
name: cert-controller
ports:

6
charts/external-secrets/external-secrets/tests/__snapshot__/controller_test.yaml.snap
View File

@ -7,8 +7,8 @@ should match snapshot of default values:
app.kubernetes.io/instance: RELEASE-NAME
app.kubernetes.io/managed-by: Helm
app.kubernetes.io/name: external-secrets
app.kubernetes.io/version: v0.8.3
helm.sh/chart: external-secrets-0.8.3
app.kubernetes.io/version: v0.9.0
helm.sh/chart: external-secrets-0.9.0
name: RELEASE-NAME-external-secrets
namespace: NAMESPACE
spec:
@ -28,7 +28,7 @@ should match snapshot of default values:
containers:
- args:
- --concurrent=1
image: ghcr.io/external-secrets/external-secrets:v0.8.3
image: ghcr.io/external-secrets/external-secrets:v0.9.0
imagePullPolicy: IfNotPresent
name: external-secrets
ports:

72
charts/external-secrets/external-secrets/tests/__snapshot__/crds_test.yaml.snap
View File

@ -4,7 +4,7 @@ should match snapshot of default values:
kind: CustomResourceDefinition
metadata:
annotations:
controller-gen.kubebuilder.io/version: v0.11.4
controller-gen.kubebuilder.io/version: v0.12.0
name: secretstores.external-secrets.io
spec:
conversion:
@ -1504,6 +1504,24 @@ should match snapshot of default values:
- SecretsManager
- ParameterStore
type: string
sessionTags:
description: AWS STS assume role session tags
items:
properties:
key:
type: string
value:
type: string
required:
- key
- value
type: object
type: array
transitiveTagKeys:
description: AWS STS assume role transitive session tags. Required when multiple rules are used with SecretStore
items:
type: string
type: array
required:
- region
- service
@ -1587,6 +1605,57 @@ should match snapshot of default values:
required:
- vaultUrl
type: object
conjur:
description: Conjur configures this store to sync secrets using conjur provider
properties:
auth:
properties:
apikey:
properties:
account:
type: string
apiKeyRef:
description: A reference to a specific 'key' within a Secret resource, In some instances, `key` is a required field.
properties:
key:
description: The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be defaulted, in others it may be required.
type: string
name:
description: The name of the Secret resource being referred to.
type: string
namespace:
description: Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults to the namespace of the referent.
type: string
type: object
userRef:
description: A reference to a specific 'key' within a Secret resource, In some instances, `key` is a required field.
properties:
key:
description: The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be defaulted, in others it may be required.
type: string
name:
description: The name of the Secret resource being referred to.
type: string
namespace:
description: Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults to the namespace of the referent.
type: string
type: object
required:
- account
- apiKeyRef
- userRef
type: object
required:
- apikey
type: object
caBundle:
type: string
url:
type: string
required:
- auth
- url
type: object
doppler:
description: Doppler configures this store to sync secrets using the Doppler provider
properties:
@ -1634,6 +1703,7 @@ should match snapshot of default values:
- lower-snake
- tf-var
- dotnet-env
- lower-kebab
type: string
project:
description: Doppler project (required if not using a Service Token)

19
charts/external-secrets/external-secrets/tests/__snapshot__/webhook_test.yaml.snap
View File

@ -7,8 +7,8 @@ should match snapshot of default values:
app.kubernetes.io/instance: RELEASE-NAME
app.kubernetes.io/managed-by: Helm
app.kubernetes.io/name: external-secrets-webhook
app.kubernetes.io/version: v0.8.3
helm.sh/chart: external-secrets-0.8.3
app.kubernetes.io/version: v0.9.0
helm.sh/chart: external-secrets-0.9.0
name: RELEASE-NAME-external-secrets-webhook
namespace: NAMESPACE
spec:
@ -34,7 +34,7 @@ should match snapshot of default values:
- --check-interval=5m
- --metrics-addr=:8080
- --healthz-addr=:8081
image: ghcr.io/external-secrets/external-secrets:v0.8.3
image: ghcr.io/external-secrets/external-secrets:v0.9.0
imagePullPolicy: IfNotPresent
name: webhook
ports:
@ -70,3 +70,16 @@ should match snapshot of default values:
- name: certs
secret:
secretName: RELEASE-NAME-external-secrets-webhook
2: |
apiVersion: v1
kind: Secret
metadata:
labels:
app.kubernetes.io/instance: RELEASE-NAME
app.kubernetes.io/managed-by: Helm
app.kubernetes.io/name: external-secrets-webhook
app.kubernetes.io/version: v0.9.0
external-secrets.io/component: webhook
helm.sh/chart: external-secrets-0.9.0
name: RELEASE-NAME-external-secrets-webhook
namespace: NAMESPACE

114
charts/external-secrets/external-secrets/tests/webhook_test.yaml
View File

@ -1,10 +1,18 @@
suite: test webhook deployment
templates:
- webhook-deployment.yaml
- webhook-secret.yaml
- webhook-certificate.yaml
- validatingwebhook.yaml
- crds/externalsecret.yaml
tests:
- it: should match snapshot of default values
asserts:
- matchSnapshot: {}
templates:
- webhook-deployment.yaml
- webhook-secret.yaml
# webhook-certificate.yaml is not rendered by default
- it: should set imagePullPolicy to Always
set:
webhook.image.pullPolicy: Always
@ -12,11 +20,13 @@ tests:
- equal:
path: spec.template.spec.containers[0].imagePullPolicy
value: Always
template: webhook-deployment.yaml
- it: should imagePullPolicy to be default value IfNotPresent
asserts:
- equal:
path: spec.template.spec.containers[0].imagePullPolicy
value: IfNotPresent
template: webhook-deployment.yaml
- it: should override securityContext
set:
webhook.podSecurityContext:
@ -40,6 +50,7 @@ tests:
runAsUser: 3000
seccompProfile:
type: RuntimeDefault
template: webhook-deployment.yaml
- it: should override hostNetwork
set:
webhook.hostNetwork: true
@ -47,3 +58,106 @@ tests:
- equal:
path: spec.template.spec.hostNetwork
value: true
template: webhook-deployment.yaml
- it: should create a certificate CRD
set:
webhook.certManager.enabled: true
webhook.certManager.cert.duration: "10d"
webhook.certManager.cert.renewBefore: "5d"
asserts:
- equal:
path: metadata.name
value: "RELEASE-NAME-external-secrets-webhook"
- equal:
path: spec.secretName
value: "RELEASE-NAME-external-secrets-webhook"
- equal:
path: spec.commonName
value: "RELEASE-NAME-external-secrets-webhook"
- equal:
path: spec.dnsNames[0]
value: "RELEASE-NAME-external-secrets-webhook"
- equal:
path: spec.issuerRef.group
value: "cert-manager.io"
- equal:
path: spec.issuerRef.kind
value: "Issuer"
- equal:
path: spec.issuerRef.name
value: "my-issuer"
- equal:
path: spec.duration
value: "10d"
- equal:
path: spec.renewBefore
value: "5d"
- hasDocuments:
count: 1
templates:
- webhook-certificate.yaml
- it: should not create the webhook secret
set:
webhook.certManager.enabled: true
asserts:
- hasDocuments:
count: 0
template: webhook-secret.yaml
- it: should not create the secret nor the certificate
set:
webhook.certManager.enabled: true
webhook.certManager.cert.create: false
asserts:
- hasDocuments:
count: 0
templates:
- webhook-secret.yaml
- webhook-certificate.yaml
- it: should
set:
webhook.certManager.enabled: true
asserts:
- equal:
path: metadata.name
value: "RELEASE-NAME-external-secrets-webhook"
- hasDocuments:
count: 1
template: webhook-certificate.yaml
- it: should allow using a cluster issuer
set:
webhook.certManager.enabled: true
webhook.certManager.cert.issuerRef.kind: ClusterIssuer
webhook.certManager.cert.issuerRef.name: my-other-issuer
asserts:
- equal:
path: spec.issuerRef.kind
value: "ClusterIssuer"
- equal:
path: spec.issuerRef.name
value: "my-other-issuer"
templates:
- webhook-certificate.yaml
- it: should add annotations to the webhook
set:
webhook.create: true
webhook.certManager.enabled: true
webhook.certManager.addInjectorAnnotations: true
asserts:
- equal:
path: metadata.annotations["cert-manager.io/inject-ca-from"]
value: "NAMESPACE/RELEASE-NAME-external-secrets-webhook"
templates:
- validatingwebhook.yaml
- crds/externalsecret.yaml
- it: should not add annotations to the webhook
set:
webhook.create: true
webhook.certManager.enabled: true
webhook.certManager.addInjectorAnnotations: false
asserts:
- isNull:
path: metadata.annotations["cert-manager.io/inject-ca-from"]
# value: "NAMESPACE/RELEASE-NAME-external-secrets-webhook"
templates:
- validatingwebhook.yaml
- crds/externalsecret.yaml

37
charts/external-secrets/external-secrets/values.yaml
View File

@ -30,6 +30,9 @@ imagePullSecrets: []
nameOverride: ""
fullnameOverride: ""
# -- Additional labels added to all helm chart resources.
commonLabels: {}
# -- If true, external-secrets will perform leader election between instances to ensure no more
# than one instance of external-secrets operates at a time.
leaderElect: false
@ -245,6 +248,40 @@ webhook:
name: ""
nodeSelector: {}
certManager:
# -- Enabling cert-manager support will disable the built in secret and
# switch to using cert-manager (installed separately) to automatically issue
# and renew the webhook certificate. This chart does not install
# cert-manager for you, See https://cert-manager.io/docs/
enabled: false
# -- Automatically add the cert-manager.io/inject-ca-from annotation to the
# webhooks and CRDs. As long as you have the cert-manager CA Injector
# enabled, this will automatically setup your webhook's CA to the one used
# by cert-manager. See https://cert-manager.io/docs/concepts/ca-injector
addInjectorAnnotations: true
cert:
# -- Create a certificate resource within this chart. See
# https://cert-manager.io/docs/usage/certificate/
create: true
# -- For the Certificate created by this chart, setup the issuer. See
# https://cert-manager.io/docs/reference/api-docs/#cert-manager.io/v1.IssuerSpec
issuerRef:
group: cert-manager.io
kind: "Issuer"
name: "my-issuer"
# -- Set the requested duration (i.e. lifetime) of the Certificate. See
# https://cert-manager.io/docs/reference/api-docs/#cert-manager.io/v1.CertificateSpec
duration: ""
# -- How long before the currently issued certificates expiry
# cert-manager should renew the certificate. See
# https://cert-manager.io/docs/reference/api-docs/#cert-manager.io/v1.CertificateSpec
# Note that renewBefore should be greater than .webhook.lookaheadInterval
# since the webhook will check this far in advance that the certificate is
# valid.
renewBefore: ""
# -- Add extra annotations to the Certificate resource.
annotations: {}
tolerations: []
topologySpreadConstraints: []

Some files were not shown because too many files have changed in this diff Show More