diff --git a/.pre-commit-config.yaml b/.pre-commit-config.yaml index 5bbf13b9..ac0f7e30 100644 --- a/.pre-commit-config.yaml +++ b/.pre-commit-config.yaml @@ -5,7 +5,7 @@ repos: name: Run 'make generate' in all app directories entry: | flock -x .git/pre-commit.lock sh -c ' - for dir in ./packages/apps/*/ ./packages/extra/*/ ./packages/system/cozystack-api/; do + for dir in ./packages/apps/*/ ./packages/extra/*/; do if [ -d "$dir" ]; then echo "Running make generate in $dir" make generate -C "$dir" || exit $? diff --git a/api/api-rules/cozystack_api_violation_exceptions.list b/api/api-rules/cozystack_api_violation_exceptions.list index 1092b88b..8442e3ed 100644 --- a/api/api-rules/cozystack_api_violation_exceptions.list +++ b/api/api-rules/cozystack_api_violation_exceptions.list @@ -1,4 +1,5 @@ API rule violation: list_type_missing,github.com/cozystack/cozystack/pkg/apis/apps/v1alpha1,ApplicationStatus,Conditions +API rule violation: list_type_missing,github.com/cozystack/cozystack/pkg/apis/core/v1alpha1,TenantModuleStatus,Conditions API rule violation: names_match,k8s.io/apiextensions-apiserver/pkg/apis/apiextensions/v1,JSONSchemaProps,Ref API rule violation: names_match,k8s.io/apiextensions-apiserver/pkg/apis/apiextensions/v1,JSONSchemaProps,Schema API rule violation: names_match,k8s.io/apiextensions-apiserver/pkg/apis/apiextensions/v1,JSONSchemaProps,XEmbeddedResource diff --git a/api/dashboard/v1alpha1/dashboard_resources.go b/api/dashboard/v1alpha1/dashboard_resources.go new file mode 100644 index 00000000..5af3b359 --- /dev/null +++ b/api/dashboard/v1alpha1/dashboard_resources.go @@ -0,0 +1,255 @@ +// SPDX-License-Identifier: Apache-2.0 +// Package v1alpha1 defines front.in-cloud.io API types. +// +// Group: dashboard.cozystack.io +// Version: v1alpha1 +package v1alpha1 + +import ( + v1 "k8s.io/apiextensions-apiserver/pkg/apis/apiextensions/v1" + metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" +) + +// ----------------------------------------------------------------------------- +// Shared shapes +// ----------------------------------------------------------------------------- + +// CommonStatus is a generic Status block with Kubernetes conditions. +type CommonStatus struct { + // ObservedGeneration reflects the most recent generation observed by the controller. + // +optional + ObservedGeneration int64 `json:"observedGeneration,omitempty"` + + // Conditions represent the latest available observations of an object's state. + // +optional + Conditions []metav1.Condition `json:"conditions,omitempty"` +} + +// ArbitrarySpec holds schemaless user data and preserves unknown fields. +// We map the entire .spec to a single JSON payload to mirror the CRDs you provided. +// NOTE: Using apiextensionsv1.JSON avoids losing arbitrary structure during round-trips. +type ArbitrarySpec struct { + // +kubebuilder:validation:XPreserveUnknownFields + // +kubebuilder:pruning:PreserveUnknownFields + v1.JSON `json:",inline"` +} + +// ----------------------------------------------------------------------------- +// Sidebar +// ----------------------------------------------------------------------------- + +// +kubebuilder:object:root=true +// +kubebuilder:resource:path=sidebars,scope=Cluster +// +kubebuilder:subresource:status +type Sidebar struct { + metav1.TypeMeta `json:",inline"` + metav1.ObjectMeta `json:"metadata,omitempty"` + + Spec ArbitrarySpec `json:"spec"` + Status CommonStatus `json:"status,omitempty"` +} + +// +kubebuilder:object:root=true +type SidebarList struct { + metav1.TypeMeta `json:",inline"` + metav1.ListMeta `json:"metadata,omitempty"` + Items []Sidebar `json:"items"` +} + +// ----------------------------------------------------------------------------- +// CustomFormsPrefill (shortName: cfp) +// ----------------------------------------------------------------------------- + +// +kubebuilder:object:root=true +// +kubebuilder:resource:path=customformsprefills,scope=Cluster,shortName=cfp +// +kubebuilder:subresource:status +type CustomFormsPrefill struct { + metav1.TypeMeta `json:",inline"` + metav1.ObjectMeta `json:"metadata,omitempty"` + + Spec ArbitrarySpec `json:"spec"` + Status CommonStatus `json:"status,omitempty"` +} + +// +kubebuilder:object:root=true +type CustomFormsPrefillList struct { + metav1.TypeMeta `json:",inline"` + metav1.ListMeta `json:"metadata,omitempty"` + Items []CustomFormsPrefill `json:"items"` +} + +// ----------------------------------------------------------------------------- +// BreadcrumbInside +// ----------------------------------------------------------------------------- + +// +kubebuilder:object:root=true +// +kubebuilder:resource:path=breadcrumbsinside,scope=Cluster +// +kubebuilder:subresource:status +type BreadcrumbInside struct { + metav1.TypeMeta `json:",inline"` + metav1.ObjectMeta `json:"metadata,omitempty"` + + Spec ArbitrarySpec `json:"spec"` + Status CommonStatus `json:"status,omitempty"` +} + +// +kubebuilder:object:root=true +type BreadcrumbInsideList struct { + metav1.TypeMeta `json:",inline"` + metav1.ListMeta `json:"metadata,omitempty"` + Items []BreadcrumbInside `json:"items"` +} + +// ----------------------------------------------------------------------------- +// CustomFormsOverride (shortName: cfo) +// ----------------------------------------------------------------------------- + +// +kubebuilder:object:root=true +// +kubebuilder:resource:path=customformsoverrides,scope=Cluster,shortName=cfo +// +kubebuilder:subresource:status +type CustomFormsOverride struct { + metav1.TypeMeta `json:",inline"` + metav1.ObjectMeta `json:"metadata,omitempty"` + + Spec ArbitrarySpec `json:"spec"` + Status CommonStatus `json:"status,omitempty"` +} + +// +kubebuilder:object:root=true +type CustomFormsOverrideList struct { + metav1.TypeMeta `json:",inline"` + metav1.ListMeta `json:"metadata,omitempty"` + Items []CustomFormsOverride `json:"items"` +} + +// ----------------------------------------------------------------------------- +// TableUriMapping +// ----------------------------------------------------------------------------- + +// +kubebuilder:object:root=true +// +kubebuilder:resource:path=tableurimappings,scope=Cluster +// +kubebuilder:subresource:status +type TableUriMapping struct { + metav1.TypeMeta `json:",inline"` + metav1.ObjectMeta `json:"metadata,omitempty"` + + Spec ArbitrarySpec `json:"spec"` + Status CommonStatus `json:"status,omitempty"` +} + +// +kubebuilder:object:root=true +type TableUriMappingList struct { + metav1.TypeMeta `json:",inline"` + metav1.ListMeta `json:"metadata,omitempty"` + Items []TableUriMapping `json:"items"` +} + +// ----------------------------------------------------------------------------- +// Breadcrumb +// ----------------------------------------------------------------------------- + +// +kubebuilder:object:root=true +// +kubebuilder:resource:path=breadcrumbs,scope=Cluster +// +kubebuilder:subresource:status +type Breadcrumb struct { + metav1.TypeMeta `json:",inline"` + metav1.ObjectMeta `json:"metadata,omitempty"` + + Spec ArbitrarySpec `json:"spec"` + Status CommonStatus `json:"status,omitempty"` +} + +// +kubebuilder:object:root=true +type BreadcrumbList struct { + metav1.TypeMeta `json:",inline"` + metav1.ListMeta `json:"metadata,omitempty"` + Items []Breadcrumb `json:"items"` +} + +// ----------------------------------------------------------------------------- +// MarketplacePanel +// ----------------------------------------------------------------------------- + +// +kubebuilder:object:root=true +// +kubebuilder:resource:path=marketplacepanels,scope=Cluster +// +kubebuilder:subresource:status +type MarketplacePanel struct { + metav1.TypeMeta `json:",inline"` + metav1.ObjectMeta `json:"metadata,omitempty"` + + Spec ArbitrarySpec `json:"spec"` + Status CommonStatus `json:"status,omitempty"` +} + +// +kubebuilder:object:root=true +type MarketplacePanelList struct { + metav1.TypeMeta `json:",inline"` + metav1.ListMeta `json:"metadata,omitempty"` + Items []MarketplacePanel `json:"items"` +} + +// ----------------------------------------------------------------------------- +// Navigation +// ----------------------------------------------------------------------------- + +// +kubebuilder:object:root=true +// +kubebuilder:resource:path=navigations,scope=Cluster +// +kubebuilder:subresource:status +type Navigation struct { + metav1.TypeMeta `json:",inline"` + metav1.ObjectMeta `json:"metadata,omitempty"` + + Spec ArbitrarySpec `json:"spec"` + Status CommonStatus `json:"status,omitempty"` +} + +// +kubebuilder:object:root=true +type NavigationList struct { + metav1.TypeMeta `json:",inline"` + metav1.ListMeta `json:"metadata,omitempty"` + Items []Navigation `json:"items"` +} + +// ----------------------------------------------------------------------------- +// CustomColumnsOverride +// ----------------------------------------------------------------------------- + +// +kubebuilder:object:root=true +// +kubebuilder:resource:path=customcolumnsoverrides,scope=Cluster +// +kubebuilder:subresource:status +type CustomColumnsOverride struct { + metav1.TypeMeta `json:",inline"` + metav1.ObjectMeta `json:"metadata,omitempty"` + + Spec ArbitrarySpec `json:"spec"` + Status CommonStatus `json:"status,omitempty"` +} + +// +kubebuilder:object:root=true +type CustomColumnsOverrideList struct { + metav1.TypeMeta `json:",inline"` + metav1.ListMeta `json:"metadata,omitempty"` + Items []CustomColumnsOverride `json:"items"` +} + +// ----------------------------------------------------------------------------- +// Factory +// ----------------------------------------------------------------------------- + +// +kubebuilder:object:root=true +// +kubebuilder:resource:path=factories,scope=Cluster +// +kubebuilder:subresource:status +type Factory struct { + metav1.TypeMeta `json:",inline"` + metav1.ObjectMeta `json:"metadata,omitempty"` + + Spec ArbitrarySpec `json:"spec"` + Status CommonStatus `json:"status,omitempty"` +} + +// +kubebuilder:object:root=true +type FactoryList struct { + metav1.TypeMeta `json:",inline"` + metav1.ListMeta `json:"metadata,omitempty"` + Items []Factory `json:"items"` +} diff --git a/api/dashboard/v1alpha1/groupversion_info.go b/api/dashboard/v1alpha1/groupversion_info.go new file mode 100644 index 00000000..b3c38e00 --- /dev/null +++ b/api/dashboard/v1alpha1/groupversion_info.go @@ -0,0 +1,75 @@ +/* +Copyright 2025. + +Licensed under the Apache License, Version 2.0 (the "License"); +you may not use this file except in compliance with the License. +You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + +Unless required by applicable law or agreed to in writing, software +distributed under the License is distributed on an "AS IS" BASIS, +WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +See the License for the specific language governing permissions and +limitations under the License. +*/ + +// Package v1alpha1 contains API Schema definitions for the v1alpha1 API group. +// +kubebuilder:object:generate=true +// +groupName=dashboard.cozystack.io +package v1alpha1 + +import ( + metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" + "k8s.io/apimachinery/pkg/runtime" + "k8s.io/apimachinery/pkg/runtime/schema" +) + +var ( + // GroupVersion is group version used to register these objects. + GroupVersion = schema.GroupVersion{Group: "dashboard.cozystack.io", Version: "v1alpha1"} + + // SchemeBuilder is used to add go types to the GroupVersionKind scheme. + SchemeBuilder = runtime.NewSchemeBuilder(addKnownTypes) + + // AddToScheme adds the types in this group-version to the given scheme. + AddToScheme = SchemeBuilder.AddToScheme +) + +func addKnownTypes(scheme *runtime.Scheme) error { + scheme.AddKnownTypes( + GroupVersion, + + &Sidebar{}, + &SidebarList{}, + + &CustomFormsPrefill{}, + &CustomFormsPrefillList{}, + + &BreadcrumbInside{}, + &BreadcrumbInsideList{}, + + &CustomFormsOverride{}, + &CustomFormsOverrideList{}, + + &TableUriMapping{}, + &TableUriMappingList{}, + + &Breadcrumb{}, + &BreadcrumbList{}, + + &MarketplacePanel{}, + &MarketplacePanelList{}, + + &Navigation{}, + &NavigationList{}, + + &CustomColumnsOverride{}, + &CustomColumnsOverrideList{}, + + &Factory{}, + &FactoryList{}, + ) + metav1.AddToGroupVersion(scheme, GroupVersion) + return nil +} diff --git a/api/dashboard/v1alpha1/zz_generated.deepcopy.go b/api/dashboard/v1alpha1/zz_generated.deepcopy.go new file mode 100644 index 00000000..45b1d9d7 --- /dev/null +++ b/api/dashboard/v1alpha1/zz_generated.deepcopy.go @@ -0,0 +1,654 @@ +//go:build !ignore_autogenerated + +/* +Copyright 2025 The Cozystack Authors. + +Licensed under the Apache License, Version 2.0 (the "License"); +you may not use this file except in compliance with the License. +You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + +Unless required by applicable law or agreed to in writing, software +distributed under the License is distributed on an "AS IS" BASIS, +WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +See the License for the specific language governing permissions and +limitations under the License. +*/ + +// Code generated by controller-gen. DO NOT EDIT. + +package v1alpha1 + +import ( + "k8s.io/apimachinery/pkg/apis/meta/v1" + "k8s.io/apimachinery/pkg/runtime" +) + +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *ArbitrarySpec) DeepCopyInto(out *ArbitrarySpec) { + *out = *in + in.JSON.DeepCopyInto(&out.JSON) +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new ArbitrarySpec. +func (in *ArbitrarySpec) DeepCopy() *ArbitrarySpec { + if in == nil { + return nil + } + out := new(ArbitrarySpec) + in.DeepCopyInto(out) + return out +} + +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *Breadcrumb) DeepCopyInto(out *Breadcrumb) { + *out = *in + out.TypeMeta = in.TypeMeta + in.ObjectMeta.DeepCopyInto(&out.ObjectMeta) + in.Spec.DeepCopyInto(&out.Spec) + in.Status.DeepCopyInto(&out.Status) +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new Breadcrumb. +func (in *Breadcrumb) DeepCopy() *Breadcrumb { + if in == nil { + return nil + } + out := new(Breadcrumb) + in.DeepCopyInto(out) + return out +} + +// DeepCopyObject is an autogenerated deepcopy function, copying the receiver, creating a new runtime.Object. +func (in *Breadcrumb) DeepCopyObject() runtime.Object { + if c := in.DeepCopy(); c != nil { + return c + } + return nil +} + +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *BreadcrumbInside) DeepCopyInto(out *BreadcrumbInside) { + *out = *in + out.TypeMeta = in.TypeMeta + in.ObjectMeta.DeepCopyInto(&out.ObjectMeta) + in.Spec.DeepCopyInto(&out.Spec) + in.Status.DeepCopyInto(&out.Status) +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new BreadcrumbInside. +func (in *BreadcrumbInside) DeepCopy() *BreadcrumbInside { + if in == nil { + return nil + } + out := new(BreadcrumbInside) + in.DeepCopyInto(out) + return out +} + +// DeepCopyObject is an autogenerated deepcopy function, copying the receiver, creating a new runtime.Object. +func (in *BreadcrumbInside) DeepCopyObject() runtime.Object { + if c := in.DeepCopy(); c != nil { + return c + } + return nil +} + +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *BreadcrumbInsideList) DeepCopyInto(out *BreadcrumbInsideList) { + *out = *in + out.TypeMeta = in.TypeMeta + in.ListMeta.DeepCopyInto(&out.ListMeta) + if in.Items != nil { + in, out := &in.Items, &out.Items + *out = make([]BreadcrumbInside, len(*in)) + for i := range *in { + (*in)[i].DeepCopyInto(&(*out)[i]) + } + } +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new BreadcrumbInsideList. +func (in *BreadcrumbInsideList) DeepCopy() *BreadcrumbInsideList { + if in == nil { + return nil + } + out := new(BreadcrumbInsideList) + in.DeepCopyInto(out) + return out +} + +// DeepCopyObject is an autogenerated deepcopy function, copying the receiver, creating a new runtime.Object. +func (in *BreadcrumbInsideList) DeepCopyObject() runtime.Object { + if c := in.DeepCopy(); c != nil { + return c + } + return nil +} + +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *BreadcrumbList) DeepCopyInto(out *BreadcrumbList) { + *out = *in + out.TypeMeta = in.TypeMeta + in.ListMeta.DeepCopyInto(&out.ListMeta) + if in.Items != nil { + in, out := &in.Items, &out.Items + *out = make([]Breadcrumb, len(*in)) + for i := range *in { + (*in)[i].DeepCopyInto(&(*out)[i]) + } + } +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new BreadcrumbList. +func (in *BreadcrumbList) DeepCopy() *BreadcrumbList { + if in == nil { + return nil + } + out := new(BreadcrumbList) + in.DeepCopyInto(out) + return out +} + +// DeepCopyObject is an autogenerated deepcopy function, copying the receiver, creating a new runtime.Object. +func (in *BreadcrumbList) DeepCopyObject() runtime.Object { + if c := in.DeepCopy(); c != nil { + return c + } + return nil +} + +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *CommonStatus) DeepCopyInto(out *CommonStatus) { + *out = *in + if in.Conditions != nil { + in, out := &in.Conditions, &out.Conditions + *out = make([]v1.Condition, len(*in)) + for i := range *in { + (*in)[i].DeepCopyInto(&(*out)[i]) + } + } +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new CommonStatus. +func (in *CommonStatus) DeepCopy() *CommonStatus { + if in == nil { + return nil + } + out := new(CommonStatus) + in.DeepCopyInto(out) + return out +} + +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *CustomColumnsOverride) DeepCopyInto(out *CustomColumnsOverride) { + *out = *in + out.TypeMeta = in.TypeMeta + in.ObjectMeta.DeepCopyInto(&out.ObjectMeta) + in.Spec.DeepCopyInto(&out.Spec) + in.Status.DeepCopyInto(&out.Status) +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new CustomColumnsOverride. +func (in *CustomColumnsOverride) DeepCopy() *CustomColumnsOverride { + if in == nil { + return nil + } + out := new(CustomColumnsOverride) + in.DeepCopyInto(out) + return out +} + +// DeepCopyObject is an autogenerated deepcopy function, copying the receiver, creating a new runtime.Object. +func (in *CustomColumnsOverride) DeepCopyObject() runtime.Object { + if c := in.DeepCopy(); c != nil { + return c + } + return nil +} + +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *CustomColumnsOverrideList) DeepCopyInto(out *CustomColumnsOverrideList) { + *out = *in + out.TypeMeta = in.TypeMeta + in.ListMeta.DeepCopyInto(&out.ListMeta) + if in.Items != nil { + in, out := &in.Items, &out.Items + *out = make([]CustomColumnsOverride, len(*in)) + for i := range *in { + (*in)[i].DeepCopyInto(&(*out)[i]) + } + } +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new CustomColumnsOverrideList. +func (in *CustomColumnsOverrideList) DeepCopy() *CustomColumnsOverrideList { + if in == nil { + return nil + } + out := new(CustomColumnsOverrideList) + in.DeepCopyInto(out) + return out +} + +// DeepCopyObject is an autogenerated deepcopy function, copying the receiver, creating a new runtime.Object. +func (in *CustomColumnsOverrideList) DeepCopyObject() runtime.Object { + if c := in.DeepCopy(); c != nil { + return c + } + return nil +} + +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *CustomFormsOverride) DeepCopyInto(out *CustomFormsOverride) { + *out = *in + out.TypeMeta = in.TypeMeta + in.ObjectMeta.DeepCopyInto(&out.ObjectMeta) + in.Spec.DeepCopyInto(&out.Spec) + in.Status.DeepCopyInto(&out.Status) +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new CustomFormsOverride. +func (in *CustomFormsOverride) DeepCopy() *CustomFormsOverride { + if in == nil { + return nil + } + out := new(CustomFormsOverride) + in.DeepCopyInto(out) + return out +} + +// DeepCopyObject is an autogenerated deepcopy function, copying the receiver, creating a new runtime.Object. +func (in *CustomFormsOverride) DeepCopyObject() runtime.Object { + if c := in.DeepCopy(); c != nil { + return c + } + return nil +} + +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *CustomFormsOverrideList) DeepCopyInto(out *CustomFormsOverrideList) { + *out = *in + out.TypeMeta = in.TypeMeta + in.ListMeta.DeepCopyInto(&out.ListMeta) + if in.Items != nil { + in, out := &in.Items, &out.Items + *out = make([]CustomFormsOverride, len(*in)) + for i := range *in { + (*in)[i].DeepCopyInto(&(*out)[i]) + } + } +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new CustomFormsOverrideList. +func (in *CustomFormsOverrideList) DeepCopy() *CustomFormsOverrideList { + if in == nil { + return nil + } + out := new(CustomFormsOverrideList) + in.DeepCopyInto(out) + return out +} + +// DeepCopyObject is an autogenerated deepcopy function, copying the receiver, creating a new runtime.Object. +func (in *CustomFormsOverrideList) DeepCopyObject() runtime.Object { + if c := in.DeepCopy(); c != nil { + return c + } + return nil +} + +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *CustomFormsPrefill) DeepCopyInto(out *CustomFormsPrefill) { + *out = *in + out.TypeMeta = in.TypeMeta + in.ObjectMeta.DeepCopyInto(&out.ObjectMeta) + in.Spec.DeepCopyInto(&out.Spec) + in.Status.DeepCopyInto(&out.Status) +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new CustomFormsPrefill. +func (in *CustomFormsPrefill) DeepCopy() *CustomFormsPrefill { + if in == nil { + return nil + } + out := new(CustomFormsPrefill) + in.DeepCopyInto(out) + return out +} + +// DeepCopyObject is an autogenerated deepcopy function, copying the receiver, creating a new runtime.Object. +func (in *CustomFormsPrefill) DeepCopyObject() runtime.Object { + if c := in.DeepCopy(); c != nil { + return c + } + return nil +} + +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *CustomFormsPrefillList) DeepCopyInto(out *CustomFormsPrefillList) { + *out = *in + out.TypeMeta = in.TypeMeta + in.ListMeta.DeepCopyInto(&out.ListMeta) + if in.Items != nil { + in, out := &in.Items, &out.Items + *out = make([]CustomFormsPrefill, len(*in)) + for i := range *in { + (*in)[i].DeepCopyInto(&(*out)[i]) + } + } +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new CustomFormsPrefillList. +func (in *CustomFormsPrefillList) DeepCopy() *CustomFormsPrefillList { + if in == nil { + return nil + } + out := new(CustomFormsPrefillList) + in.DeepCopyInto(out) + return out +} + +// DeepCopyObject is an autogenerated deepcopy function, copying the receiver, creating a new runtime.Object. +func (in *CustomFormsPrefillList) DeepCopyObject() runtime.Object { + if c := in.DeepCopy(); c != nil { + return c + } + return nil +} + +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *Factory) DeepCopyInto(out *Factory) { + *out = *in + out.TypeMeta = in.TypeMeta + in.ObjectMeta.DeepCopyInto(&out.ObjectMeta) + in.Spec.DeepCopyInto(&out.Spec) + in.Status.DeepCopyInto(&out.Status) +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new Factory. +func (in *Factory) DeepCopy() *Factory { + if in == nil { + return nil + } + out := new(Factory) + in.DeepCopyInto(out) + return out +} + +// DeepCopyObject is an autogenerated deepcopy function, copying the receiver, creating a new runtime.Object. +func (in *Factory) DeepCopyObject() runtime.Object { + if c := in.DeepCopy(); c != nil { + return c + } + return nil +} + +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *FactoryList) DeepCopyInto(out *FactoryList) { + *out = *in + out.TypeMeta = in.TypeMeta + in.ListMeta.DeepCopyInto(&out.ListMeta) + if in.Items != nil { + in, out := &in.Items, &out.Items + *out = make([]Factory, len(*in)) + for i := range *in { + (*in)[i].DeepCopyInto(&(*out)[i]) + } + } +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new FactoryList. +func (in *FactoryList) DeepCopy() *FactoryList { + if in == nil { + return nil + } + out := new(FactoryList) + in.DeepCopyInto(out) + return out +} + +// DeepCopyObject is an autogenerated deepcopy function, copying the receiver, creating a new runtime.Object. +func (in *FactoryList) DeepCopyObject() runtime.Object { + if c := in.DeepCopy(); c != nil { + return c + } + return nil +} + +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *MarketplacePanel) DeepCopyInto(out *MarketplacePanel) { + *out = *in + out.TypeMeta = in.TypeMeta + in.ObjectMeta.DeepCopyInto(&out.ObjectMeta) + in.Spec.DeepCopyInto(&out.Spec) + in.Status.DeepCopyInto(&out.Status) +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new MarketplacePanel. +func (in *MarketplacePanel) DeepCopy() *MarketplacePanel { + if in == nil { + return nil + } + out := new(MarketplacePanel) + in.DeepCopyInto(out) + return out +} + +// DeepCopyObject is an autogenerated deepcopy function, copying the receiver, creating a new runtime.Object. +func (in *MarketplacePanel) DeepCopyObject() runtime.Object { + if c := in.DeepCopy(); c != nil { + return c + } + return nil +} + +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *MarketplacePanelList) DeepCopyInto(out *MarketplacePanelList) { + *out = *in + out.TypeMeta = in.TypeMeta + in.ListMeta.DeepCopyInto(&out.ListMeta) + if in.Items != nil { + in, out := &in.Items, &out.Items + *out = make([]MarketplacePanel, len(*in)) + for i := range *in { + (*in)[i].DeepCopyInto(&(*out)[i]) + } + } +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new MarketplacePanelList. +func (in *MarketplacePanelList) DeepCopy() *MarketplacePanelList { + if in == nil { + return nil + } + out := new(MarketplacePanelList) + in.DeepCopyInto(out) + return out +} + +// DeepCopyObject is an autogenerated deepcopy function, copying the receiver, creating a new runtime.Object. +func (in *MarketplacePanelList) DeepCopyObject() runtime.Object { + if c := in.DeepCopy(); c != nil { + return c + } + return nil +} + +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *Navigation) DeepCopyInto(out *Navigation) { + *out = *in + out.TypeMeta = in.TypeMeta + in.ObjectMeta.DeepCopyInto(&out.ObjectMeta) + in.Spec.DeepCopyInto(&out.Spec) + in.Status.DeepCopyInto(&out.Status) +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new Navigation. +func (in *Navigation) DeepCopy() *Navigation { + if in == nil { + return nil + } + out := new(Navigation) + in.DeepCopyInto(out) + return out +} + +// DeepCopyObject is an autogenerated deepcopy function, copying the receiver, creating a new runtime.Object. +func (in *Navigation) DeepCopyObject() runtime.Object { + if c := in.DeepCopy(); c != nil { + return c + } + return nil +} + +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *NavigationList) DeepCopyInto(out *NavigationList) { + *out = *in + out.TypeMeta = in.TypeMeta + in.ListMeta.DeepCopyInto(&out.ListMeta) + if in.Items != nil { + in, out := &in.Items, &out.Items + *out = make([]Navigation, len(*in)) + for i := range *in { + (*in)[i].DeepCopyInto(&(*out)[i]) + } + } +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new NavigationList. +func (in *NavigationList) DeepCopy() *NavigationList { + if in == nil { + return nil + } + out := new(NavigationList) + in.DeepCopyInto(out) + return out +} + +// DeepCopyObject is an autogenerated deepcopy function, copying the receiver, creating a new runtime.Object. +func (in *NavigationList) DeepCopyObject() runtime.Object { + if c := in.DeepCopy(); c != nil { + return c + } + return nil +} + +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *Sidebar) DeepCopyInto(out *Sidebar) { + *out = *in + out.TypeMeta = in.TypeMeta + in.ObjectMeta.DeepCopyInto(&out.ObjectMeta) + in.Spec.DeepCopyInto(&out.Spec) + in.Status.DeepCopyInto(&out.Status) +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new Sidebar. +func (in *Sidebar) DeepCopy() *Sidebar { + if in == nil { + return nil + } + out := new(Sidebar) + in.DeepCopyInto(out) + return out +} + +// DeepCopyObject is an autogenerated deepcopy function, copying the receiver, creating a new runtime.Object. +func (in *Sidebar) DeepCopyObject() runtime.Object { + if c := in.DeepCopy(); c != nil { + return c + } + return nil +} + +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *SidebarList) DeepCopyInto(out *SidebarList) { + *out = *in + out.TypeMeta = in.TypeMeta + in.ListMeta.DeepCopyInto(&out.ListMeta) + if in.Items != nil { + in, out := &in.Items, &out.Items + *out = make([]Sidebar, len(*in)) + for i := range *in { + (*in)[i].DeepCopyInto(&(*out)[i]) + } + } +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new SidebarList. +func (in *SidebarList) DeepCopy() *SidebarList { + if in == nil { + return nil + } + out := new(SidebarList) + in.DeepCopyInto(out) + return out +} + +// DeepCopyObject is an autogenerated deepcopy function, copying the receiver, creating a new runtime.Object. +func (in *SidebarList) DeepCopyObject() runtime.Object { + if c := in.DeepCopy(); c != nil { + return c + } + return nil +} + +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *TableUriMapping) DeepCopyInto(out *TableUriMapping) { + *out = *in + out.TypeMeta = in.TypeMeta + in.ObjectMeta.DeepCopyInto(&out.ObjectMeta) + in.Spec.DeepCopyInto(&out.Spec) + in.Status.DeepCopyInto(&out.Status) +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new TableUriMapping. +func (in *TableUriMapping) DeepCopy() *TableUriMapping { + if in == nil { + return nil + } + out := new(TableUriMapping) + in.DeepCopyInto(out) + return out +} + +// DeepCopyObject is an autogenerated deepcopy function, copying the receiver, creating a new runtime.Object. +func (in *TableUriMapping) DeepCopyObject() runtime.Object { + if c := in.DeepCopy(); c != nil { + return c + } + return nil +} + +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *TableUriMappingList) DeepCopyInto(out *TableUriMappingList) { + *out = *in + out.TypeMeta = in.TypeMeta + in.ListMeta.DeepCopyInto(&out.ListMeta) + if in.Items != nil { + in, out := &in.Items, &out.Items + *out = make([]TableUriMapping, len(*in)) + for i := range *in { + (*in)[i].DeepCopyInto(&(*out)[i]) + } + } +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new TableUriMappingList. +func (in *TableUriMappingList) DeepCopy() *TableUriMappingList { + if in == nil { + return nil + } + out := new(TableUriMappingList) + in.DeepCopyInto(out) + return out +} + +// DeepCopyObject is an autogenerated deepcopy function, copying the receiver, creating a new runtime.Object. +func (in *TableUriMappingList) DeepCopyObject() runtime.Object { + if c := in.DeepCopy(); c != nil { + return c + } + return nil +} diff --git a/api/v1alpha1/cozystackresourcedefinitions_types.go b/api/v1alpha1/cozystackresourcedefinitions_types.go index 91a6e62b..94759edf 100644 --- a/api/v1alpha1/cozystackresourcedefinitions_types.go +++ b/api/v1alpha1/cozystackresourcedefinitions_types.go @@ -21,6 +21,7 @@ import ( ) // +kubebuilder:object:root=true +// +kubebuilder:resource:scope=Cluster // CozystackResourceDefinition is the Schema for the cozystackresourcedefinitions API type CozystackResourceDefinition struct { @@ -48,8 +49,12 @@ type CozystackResourceDefinitionSpec struct { Application CozystackResourceDefinitionApplication `json:"application"` // Release configuration Release CozystackResourceDefinitionRelease `json:"release"` + // Secret selectors Secrets CozystackResourceDefinitionSecrets `json:"secrets,omitempty"` + + // Dashboard configuration for this resource + Dashboard *CozystackResourceDefinitionDashboard `json:"dashboard,omitempty"` } type CozystackResourceDefinitionChart struct { @@ -101,3 +106,51 @@ type CozystackResourceDefinitionSecrets struct { // as a tenant secret and is visible to users. Include []*metav1.LabelSelector `json:"include,omitempty"` } + +// ---- Dashboard types ---- + +// DashboardTab enumerates allowed UI tabs. +// +kubebuilder:validation:Enum=workloads;ingresses;services;secrets;yaml +type DashboardTab string + +const ( + DashboardTabWorkloads DashboardTab = "workloads" + DashboardTabIngresses DashboardTab = "ingresses" + DashboardTabServices DashboardTab = "services" + DashboardTabSecrets DashboardTab = "secrets" + DashboardTabYAML DashboardTab = "yaml" +) + +// CozystackResourceDefinitionDashboard describes how this resource appears in the UI. +type CozystackResourceDefinitionDashboard struct { + // Human-readable name shown in the UI (e.g., "Bucket") + Singular string `json:"singular"` + // Plural human-readable name (e.g., "Buckets") + Plural string `json:"plural"` + // Hard-coded name used in the UI (e.g., "bucket") + // +optional + Name string `json:"name,omitempty"` + // Whether this resource is singular (not a collection) in the UI + // +optional + SingularResource bool `json:"singularResource,omitempty"` + // Order weight for sorting resources in the UI (lower first) + // +optional + Weight int `json:"weight,omitempty"` + // Short description shown in catalogs or headers (e.g., "S3 compatible storage") + // +optional + Description string `json:"description,omitempty"` + // Icon encoded as a string (e.g., inline SVG, base64, or data URI) + // +optional + Icon string `json:"icon,omitempty"` + // Category used to group resources in the UI (e.g., "Storage", "Networking") + Category string `json:"category"` + // Free-form tags for search and filtering + // +optional + Tags []string `json:"tags,omitempty"` + // Which tabs to show for this resource + // +optional + Tabs []DashboardTab `json:"tabs,omitempty"` + // Order of keys in the YAML view + // +optional + KeysOrder [][]string `json:"keysOrder,omitempty"` +} diff --git a/api/v1alpha1/zz_generated.deepcopy.go b/api/v1alpha1/zz_generated.deepcopy.go index 118211df..f8913912 100644 --- a/api/v1alpha1/zz_generated.deepcopy.go +++ b/api/v1alpha1/zz_generated.deepcopy.go @@ -83,6 +83,42 @@ func (in *CozystackResourceDefinitionChart) DeepCopy() *CozystackResourceDefinit return out } +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *CozystackResourceDefinitionDashboard) DeepCopyInto(out *CozystackResourceDefinitionDashboard) { + *out = *in + if in.Tags != nil { + in, out := &in.Tags, &out.Tags + *out = make([]string, len(*in)) + copy(*out, *in) + } + if in.Tabs != nil { + in, out := &in.Tabs, &out.Tabs + *out = make([]DashboardTab, len(*in)) + copy(*out, *in) + } + if in.KeysOrder != nil { + in, out := &in.KeysOrder, &out.KeysOrder + *out = make([][]string, len(*in)) + for i := range *in { + if (*in)[i] != nil { + in, out := &(*in)[i], &(*out)[i] + *out = make([]string, len(*in)) + copy(*out, *in) + } + } + } +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new CozystackResourceDefinitionDashboard. +func (in *CozystackResourceDefinitionDashboard) DeepCopy() *CozystackResourceDefinitionDashboard { + if in == nil { + return nil + } + out := new(CozystackResourceDefinitionDashboard) + in.DeepCopyInto(out) + return out +} + // DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. func (in *CozystackResourceDefinitionList) DeepCopyInto(out *CozystackResourceDefinitionList) { *out = *in @@ -181,6 +217,11 @@ func (in *CozystackResourceDefinitionSpec) DeepCopyInto(out *CozystackResourceDe out.Application = in.Application in.Release.DeepCopyInto(&out.Release) in.Secrets.DeepCopyInto(&out.Secrets) + if in.Dashboard != nil { + in, out := &in.Dashboard, &out.Dashboard + *out = new(CozystackResourceDefinitionDashboard) + (*in).DeepCopyInto(*out) + } } // DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new CozystackResourceDefinitionSpec. diff --git a/cmd/cozystack-api/main.go b/cmd/cozystack-api/main.go index b78edcb0..7fe0a1bb 100644 --- a/cmd/cozystack-api/main.go +++ b/cmd/cozystack-api/main.go @@ -26,8 +26,8 @@ import ( func main() { ctx := genericapiserver.SetupSignalContext() - options := server.NewAppsServerOptions(os.Stdout, os.Stderr) - cmd := server.NewCommandStartAppsServer(ctx, options) + options := server.NewCozyServerOptions(os.Stdout, os.Stderr) + cmd := server.NewCommandStartCozyServer(ctx, options) code := cli.Run(cmd) os.Exit(code) } diff --git a/cmd/cozystack-controller/main.go b/cmd/cozystack-controller/main.go index 82f6cc15..82ae54f1 100644 --- a/cmd/cozystack-controller/main.go +++ b/cmd/cozystack-controller/main.go @@ -38,6 +38,7 @@ import ( cozystackiov1alpha1 "github.com/cozystack/cozystack/api/v1alpha1" "github.com/cozystack/cozystack/internal/controller" + "github.com/cozystack/cozystack/internal/controller/dashboard" lcw "github.com/cozystack/cozystack/internal/lineagecontrollerwebhook" "github.com/cozystack/cozystack/internal/telemetry" @@ -54,6 +55,7 @@ func init() { utilruntime.Must(clientgoscheme.AddToScheme(scheme)) utilruntime.Must(cozystackiov1alpha1.AddToScheme(scheme)) + utilruntime.Must(dashboard.AddToScheme(scheme)) utilruntime.Must(helmv2.AddToScheme(scheme)) // +kubebuilder:scaffold:scheme } diff --git a/hack/update-crd.sh b/hack/update-crd.sh new file mode 100755 index 00000000..5c78292e --- /dev/null +++ b/hack/update-crd.sh @@ -0,0 +1,139 @@ +#!/usr/bin/env bash +set -euo pipefail + +# Requirements: yq (v4), jq, base64 +need() { command -v "$1" >/dev/null 2>&1 || { echo "need $1"; exit 1; }; } +need yq; need jq; need base64 + +CHART_YAML="${CHART_YAML:-Chart.yaml}" +VALUES_YAML="${VALUES_YAML:-values.yaml}" +SCHEMA_JSON="${SCHEMA_JSON:-values.schema.json}" +CRD_DIR="../../system/cozystack-api/templates/cozystack-resource-definitions" + +[[ -f "$CHART_YAML" ]] || { echo "No $CHART_YAML found"; exit 1; } +[[ -f "$SCHEMA_JSON" ]] || { echo "No $SCHEMA_JSON found"; exit 1; } + +# Read basics from Chart.yaml +NAME="$(yq -r '.name // ""' "$CHART_YAML")" +DESC="$(yq -r '.description // ""' "$CHART_YAML")" +ICON_PATH_RAW="$(yq -r '.icon // ""' "$CHART_YAML")" + +if [[ -z "$NAME" ]]; then + echo "Chart.yaml: .name is empty"; exit 1 +fi + +# Resolve icon path +# Accepts: +# /logos/foo.svg -> ./logos/foo.svg +# logos/foo.svg -> logos/foo.svg +# ./logos/foo.svg -> ./logos/foo.svg +# Fallback: ./logos/${NAME}.svg +resolve_icon_path() { + local p="$1" + if [[ -z "$p" || "$p" == "null" ]]; then + echo "./logos/${NAME}.svg"; return + fi + if [[ "$p" == /* ]]; then + echo ".${p}" + else + echo "$p" + fi +} +ICON_PATH="$(resolve_icon_path "$ICON_PATH_RAW")" + +if [[ ! -f "$ICON_PATH" ]]; then + # try fallback + ALT="./logos/${NAME}.svg" + if [[ -f "$ALT" ]]; then + ICON_PATH="$ALT" + else + echo "Icon not found: $ICON_PATH"; exit 1 + fi +fi + +# Base64 (portable: no -w / -b options) +ICON_B64="$(base64 < "$ICON_PATH" | tr -d '\n' | tr -d '\r')" + +# Decide which HelmRepository name to use based on path +# .../apps/... -> cozystack-apps +# .../extra/... -> cozystack-extra +# default: cozystack-apps +SOURCE_NAME="cozystack-apps" +case "$PWD" in + *"/apps/"*) SOURCE_NAME="cozystack-apps" ;; + *"/extra/"*) SOURCE_NAME="cozystack-extra" ;; +esac + +# If file doesn't exist, create a minimal skeleton +OUT="${OUT:-$CRD_DIR/$NAME.yaml}" +if [[ ! -f "$OUT" ]]; then + cat >"$OUT" <0)) # drop root + | map(map(select(type != "number"))) # drop array indices + | map(["spec"] + .) # prepend "spec" + ) + ' +)" + +# Update only necessary fields in-place +# - openAPISchema is loaded from file as a multi-line string (block scalar) +# - labels ensure cozystack.io/ui: "true" +# - prefix = "-" +# - sourceRef derived from directory (apps|extra) +yq -i ' + .apiVersion = (.apiVersion // "cozystack.io/v1alpha1") | + .kind = (.kind // "CozystackResourceDefinition") | + .metadata.name = strenv(RES_NAME) | + .spec.application.openAPISchema = strenv(SCHEMA_JSON_MIN) | + (.spec.application.openAPISchema style="literal") | + .spec.release.prefix = (strenv(PREFIX)) | + .spec.release.labels."cozystack.io/ui" = "true" | + .spec.release.chart.name = strenv(RES_NAME) | + .spec.release.chart.sourceRef.kind = "HelmRepository" | + .spec.release.chart.sourceRef.name = strenv(SOURCE_NAME) | + .spec.release.chart.sourceRef.namespace = "cozy-public" | + .spec.dashboard.description = strenv(DESCRIPTION) | + .spec.dashboard.icon = strenv(ICON_B64) | + .spec.dashboard.keysOrder = env(KEYS_ORDER) +' "$OUT" + +echo "Updated $OUT" diff --git a/internal/controller/cozystackresource_controller.go b/internal/controller/cozystackresource_controller.go index 1c7e751d..39779487 100644 --- a/internal/controller/cozystackresource_controller.go +++ b/internal/controller/cozystackresource_controller.go @@ -9,6 +9,7 @@ import ( "sync" "time" + "github.com/cozystack/cozystack/internal/controller/dashboard" "github.com/cozystack/cozystack/internal/shared/crdmem" cozyv1alpha1 "github.com/cozystack/cozystack/api/v1alpha1" @@ -50,6 +51,25 @@ func (r *CozystackResourceDefinitionReconciler) Reconcile(ctx context.Context, r r.mem.Upsert(crd) } + mgr := dashboard.NewManager( + r.Client, + r.Scheme, + dashboard.WithCRDListFunc(func(c context.Context) ([]cozyv1alpha1.CozystackResourceDefinition, error) { + if r.mem != nil { + return r.mem.ListFromCacheOrAPI(c, r.Client) + } + var list cozyv1alpha1.CozystackResourceDefinitionList + if err := r.Client.List(c, &list); err != nil { + return nil, err + } + return list.Items, nil + }), + ) + + if res, derr := mgr.EnsureForCRD(ctx, crd); derr != nil || res.Requeue || res.RequeueAfter > 0 { + return res, derr + } + r.mu.Lock() r.lastEvent = time.Now() r.mu.Unlock() @@ -102,17 +122,23 @@ type crdHashView struct { Spec cozyv1alpha1.CozystackResourceDefinitionSpec `json:"spec"` } -func (r *CozystackResourceDefinitionReconciler) computeConfigHash() (string, error) { - if r.mem == nil { - return "", nil +func (r *CozystackResourceDefinitionReconciler) computeConfigHash(ctx context.Context) (string, error) { + var items []cozyv1alpha1.CozystackResourceDefinition + if r.mem != nil { + list, err := r.mem.ListFromCacheOrAPI(ctx, r.Client) + if err != nil { + return "", err + } + items = list } - snapshot := r.mem.Snapshot() - sort.Slice(snapshot, func(i, j int) bool { return snapshot[i].Name < snapshot[j].Name }) - views := make([]crdHashView, 0, len(snapshot)) - for i := range snapshot { + + sort.Slice(items, func(i, j int) bool { return items[i].Name < items[j].Name }) + + views := make([]crdHashView, 0, len(items)) + for i := range items { views = append(views, crdHashView{ - Name: snapshot[i].Name, - Spec: snapshot[i].Spec, + Name: items[i].Name, + Spec: items[i].Spec, }) } b, err := json.Marshal(views) @@ -143,7 +169,7 @@ func (r *CozystackResourceDefinitionReconciler) debouncedRestart(ctx context.Con return ctrl.Result{}, nil } - newHash, err := r.computeConfigHash() + newHash, err := r.computeConfigHash(ctx) if err != nil { return ctrl.Result{}, err } diff --git a/internal/controller/dashboard/customcolumns.go b/internal/controller/dashboard/customcolumns.go new file mode 100644 index 00000000..ee4c647b --- /dev/null +++ b/internal/controller/dashboard/customcolumns.go @@ -0,0 +1,298 @@ +package dashboard + +import ( + "context" + "crypto/sha1" + "encoding/hex" + "encoding/json" + "fmt" + "strings" + + dashv1alpha1 "github.com/cozystack/cozystack/api/dashboard/v1alpha1" + cozyv1alpha1 "github.com/cozystack/cozystack/api/v1alpha1" + + apiextv1 "k8s.io/apiextensions-apiserver/pkg/apis/apiextensions/v1" + "k8s.io/apimachinery/pkg/runtime/schema" + "sigs.k8s.io/controller-runtime/pkg/controller/controllerutil" +) + +// ensureCustomColumnsOverride creates or updates a CustomColumnsOverride that +// renders a header row with a colored badge and resource name link, plus a few +// useful columns (Ready, Created, Version). +// +// Naming convention mirrors your example: +// +// metadata.name: stock-namespace-.. +// spec.id: stock-namespace-/// +func (m *Manager) ensureCustomColumnsOverride(ctx context.Context, crd *cozyv1alpha1.CozystackResourceDefinition) (controllerutil.OperationResult, error) { + g, v, kind := pickGVK(crd) + plural := pickPlural(kind, crd) + // Details page segment uses lowercase kind, mirroring your example + detailsSegment := strings.ToLower(kind) + "-details" + + name := fmt.Sprintf("stock-namespace-%s.%s.%s", g, v, plural) + id := fmt.Sprintf("stock-namespace-/%s/%s/%s", g, v, plural) + + // Badge content & color derived from kind + badgeText := initialsFromKind(kind) // e.g., "VirtualMachine" -> "VM", "Bucket" -> "B" + badgeColor := hexColorForKind(kind) // deterministic, dark enough for white text + + obj := &dashv1alpha1.CustomColumnsOverride{} + obj.SetGroupVersionKind(schema.GroupVersionKind{ + Group: "dashboard.cozystack.io", + Version: "v1alpha1", + Kind: "CustomColumnsOverride", + }) + obj.SetName(name) + + href := fmt.Sprintf("/openapi-ui/{2}/{reqsJsonPath[0]['.metadata.namespace']['-']}/factory/%s/{reqsJsonPath[0]['.metadata.name']['-']}", detailsSegment) + if g == "apps.cozystack.io" && kind == "Tenant" && plural == "tenants" { + href = "/openapi-ui/{2}/{reqsJsonPath[0]['.status.namespace']['-']}/api-table/core.cozystack.io/v1alpha1/tenantmodules" + } + + desired := map[string]any{ + "spec": map[string]any{ + "id": id, + "additionalPrinterColumns": []any{ + map[string]any{ + "name": "Name", + "type": "factory", + "jsonPath": ".metadata.name", + "customProps": map[string]any{ + "disableEventBubbling": true, + "items": []any{ + map[string]any{ + "type": "antdFlex", + "data": map[string]any{ + "id": "header-row", + "align": "center", + "gap": 6, + }, + "children": []any{ + map[string]any{ + "type": "antdText", + "data": map[string]any{ + "id": "header-badge", + "text": badgeText, + "title": strings.ToLower(kind), // optional tooltip + "style": map[string]any{ + "backgroundColor": badgeColor, + "borderRadius": "20px", + "color": "#fff", + "display": "inline-block", + "fontFamily": "RedHatDisplay, Overpass, overpass, helvetica, arial, sans-serif", + "fontSize": "15px", + "fontWeight": 400, + "lineHeight": "24px", + "minWidth": 24, + "padding": "0 9px", + "textAlign": "center", + "whiteSpace": "nowrap", + }, + }, + }, + map[string]any{ + "type": "antdLink", + "data": map[string]any{ + "id": "name-link", + "text": "{reqsJsonPath[0]['.metadata.name']['-']}", + "href": href, + }, + }, + }, + }, + }, + }, + }, + map[string]any{ + "name": "Ready", + "type": "Boolean", + "jsonPath": `.status.conditions[?(@.type=="Ready")].status`, + }, + map[string]any{ + "name": "Created", + "type": "factory", + "jsonPath": ".metadata.creationTimestamp", + "customProps": map[string]any{ + "disableEventBubbling": true, + "items": []any{ + map[string]any{ + "type": "antdFlex", + "data": map[string]any{ + "id": "time-block", + "align": "center", + "gap": 6, + }, + "children": []any{ + map[string]any{ + "type": "antdText", + "data": map[string]any{ + "id": "time-icon", + "text": "🌐", + }, + }, + map[string]any{ + "type": "parsedText", + "data": map[string]any{ + "id": "time-value", + "text": "{reqsJsonPath[0]['.metadata.creationTimestamp']['-']}", + "formatter": "timestamp", + }, + }, + }, + }, + }, + }, + }, + map[string]any{ + "name": "Version", + "type": "string", + "jsonPath": ".status.version", + }, + }, + }, + } + + // CreateOrUpdate using typed resource + _, err := controllerutil.CreateOrUpdate(ctx, m.client, obj, func() error { + if err := controllerutil.SetOwnerReference(crd, obj, m.scheme); err != nil { + return err + } + b, err := json.Marshal(desired["spec"]) + if err != nil { + return err + } + obj.Spec = dashv1alpha1.ArbitrarySpec{JSON: apiextv1.JSON{Raw: b}} + return nil + }) + // Return OperationResultCreated/Updated is not available here with unstructured; we can mimic Updated when no error. + return controllerutil.OperationResultNone, err +} + +// --- helpers --- + +// pickGVK tries to read group/version/kind from the CRD. We prefer the "application" section, +// falling back to other likely fields if your schema differs. +func pickGVK(crd *cozyv1alpha1.CozystackResourceDefinition) (group, version, kind string) { + // Best guess based on your examples: + if crd.Spec.Application.Kind != "" { + kind = crd.Spec.Application.Kind + } + + // Reasonable fallbacks if any are empty: + if group == "" { + group = "apps.cozystack.io" + } + if version == "" { + version = "v1alpha1" + } + if kind == "" { + kind = "Resource" + } + return +} + +// pickPlural prefers a field on the CRD if you have it; otherwise do a simple lowercase + "s". +func pickPlural(kind string, crd *cozyv1alpha1.CozystackResourceDefinition) string { + // If you have crd.Spec.Application.Plural, prefer it. Example: + if crd.Spec.Application.Plural != "" { + return crd.Spec.Application.Plural + } + // naive pluralization + k := strings.ToLower(kind) + if strings.HasSuffix(k, "s") { + return k + } + return k + "s" +} + +// initialsFromKind splits CamelCase and returns the first letters in upper case. +// "VirtualMachine" -> "VM"; "Bucket" -> "B". +func initialsFromKind(kind string) string { + parts := splitCamel(kind) + if len(parts) == 0 { + return strings.ToUpper(kind) + } + var b strings.Builder + for _, p := range parts { + if p == "" { + continue + } + b.WriteString(strings.ToUpper(string(p[0]))) + // Limit to 3 chars to keep the badge compact (VM, PVC, etc.) + if b.Len() >= 3 { + break + } + } + return b.String() +} + +// hexColorForKind returns a dark, saturated color (hex) derived from a stable hash of the kind. +// We map the hash to an HSL hue; fix S/L for consistent readability with white text. +func hexColorForKind(kind string) string { + // Stable short hash (sha1 β†’ bytes β†’ hue) + sum := sha1.Sum([]byte(kind)) + // Use first two bytes for hue [0..359] + hue := int(sum[0])<<8 | int(sum[1]) + hue = hue % 360 + + // Fixed S/L chosen to contrast with white text: + // S = 80%, L = 35% (dark enough so #fff is readable) + r, g, b := hslToRGB(float64(hue), 0.80, 0.35) + + return fmt.Sprintf("#%02x%02x%02x", r, g, b) +} + +// hslToRGB converts HSL (0..360, 0..1, 0..1) to sRGB (0..255). +func hslToRGB(h float64, s float64, l float64) (uint8, uint8, uint8) { + c := (1 - absFloat(2*l-1)) * s + hp := h / 60.0 + x := c * (1 - absFloat(modFloat(hp, 2)-1)) + var r1, g1, b1 float64 + switch { + case 0 <= hp && hp < 1: + r1, g1, b1 = c, x, 0 + case 1 <= hp && hp < 2: + r1, g1, b1 = x, c, 0 + case 2 <= hp && hp < 3: + r1, g1, b1 = 0, c, x + case 3 <= hp && hp < 4: + r1, g1, b1 = 0, x, c + case 4 <= hp && hp < 5: + r1, g1, b1 = x, 0, c + default: + r1, g1, b1 = c, 0, x + } + m := l - c/2 + r := uint8(clamp01(r1+m) * 255.0) + g := uint8(clamp01(g1+m) * 255.0) + b := uint8(clamp01(b1+m) * 255.0) + return r, g, b +} + +func absFloat(v float64) float64 { + if v < 0 { + return -v + } + return v +} + +func modFloat(a, b float64) float64 { + return a - b*float64(int(a/b)) +} + +func clamp01(v float64) float64 { + if v < 0 { + return 0 + } + if v > 1 { + return 1 + } + return v +} + +// optional: tiny helper to expose the compact color hash (useful for debugging) +func shortHashHex(s string) string { + sum := sha1.Sum([]byte(s)) + return hex.EncodeToString(sum[:4]) +} diff --git a/internal/controller/dashboard/factory.go b/internal/controller/dashboard/factory.go new file mode 100644 index 00000000..c4146407 --- /dev/null +++ b/internal/controller/dashboard/factory.go @@ -0,0 +1,784 @@ +package dashboard + +import ( + "context" + "encoding/json" + "fmt" + "sort" + "strings" + + dashv1alpha1 "github.com/cozystack/cozystack/api/dashboard/v1alpha1" + cozyv1alpha1 "github.com/cozystack/cozystack/api/v1alpha1" + + apiextv1 "k8s.io/apiextensions-apiserver/pkg/apis/apiextensions/v1" + "k8s.io/apimachinery/pkg/runtime/schema" + "sigs.k8s.io/controller-runtime/pkg/controller/controllerutil" +) + +// ---------------- Types used by OpenAPI parsing ---------------- + +type fieldInfo struct { + JSONPathSpec string // dotted path under .spec (e.g., "systemDisk.image") + Label string // "System Disk / Image" or "systemDisk.image" + Description string +} + +// ---------------- Public entry: ensure Factory ------------------ + +func (m *Manager) ensureFactory(ctx context.Context, crd *cozyv1alpha1.CozystackResourceDefinition) error { + g, v, kind := pickGVK(crd) + plural := pickPlural(kind, crd) + + lowerKind := strings.ToLower(kind) + factoryName := fmt.Sprintf("%s-details", lowerKind) + resourceFetch := fmt.Sprintf("/api/clusters/{2}/k8s/apis/%s/%s/namespaces/{3}/%s/{6}", g, v, plural) + + flags := factoryFeatureFlags(crd) + + var keysOrder [][]string + if crd.Spec.Dashboard != nil { + keysOrder = crd.Spec.Dashboard.KeysOrder + } + tabs := []any{ + detailsTab(kind, resourceFetch, crd.Spec.Application.OpenAPISchema, keysOrder), + } + if flags.Workloads { + tabs = append(tabs, workloadsTab(kind)) + } + if flags.Ingresses { + tabs = append(tabs, ingressesTab(kind)) + } + if flags.Services { + tabs = append(tabs, servicesTab(kind)) + } + if flags.Secrets { + tabs = append(tabs, secretsTab(kind)) + } + tabs = append(tabs, yamlTab(plural)) + + badgeText := initialsFromKind(kind) + badgeColor := hexColorForKind(kind) + header := map[string]any{ + "type": "antdFlex", + "data": map[string]any{ + "id": "header-row", + "align": "center", + "gap": float64(6), + "style": map[string]any{"marginBottom": float64(24)}, + }, + "children": []any{ + map[string]any{ + "type": "antdText", + "data": map[string]any{ + "id": "badge-" + lowerKind, + "text": badgeText, + "title": strings.ToLower(plural), + "style": map[string]any{ + "backgroundColor": badgeColor, + "borderRadius": "20px", + "color": "#fff", + "display": "inline-block", + "fontFamily": "RedHatDisplay, Overpass, overpass, helvetica, arial, sans-serif", + "fontSize": float64(20), + "fontWeight": float64(400), + "lineHeight": "24px", + "minWidth": float64(24), + "padding": "0 9px", + "textAlign": "center", + "whiteSpace": "nowrap", + }, + }, + }, + map[string]any{ + "type": "parsedText", + "data": map[string]any{ + "id": lowerKind + "-name", + "text": "{reqsJsonPath[0]['.metadata.name']['-']}", + "style": map[string]any{ + "fontFamily": "RedHatDisplay, Overpass, overpass, helvetica, arial, sans-serif", + "fontSize": float64(20), + "lineHeight": "24px", + }, + }, + }, + }, + } + + spec := map[string]any{ + "key": factoryName, + "sidebarTags": []any{fmt.Sprintf("%s-sidebar", lowerKind)}, + "withScrollableMainContentCard": true, + "urlsToFetch": []any{resourceFetch}, + "data": []any{ + header, + map[string]any{ + "type": "antdTabs", + "data": map[string]any{ + "id": lowerKind + "-tabs", + "defaultActiveKey": "details", + "items": tabs, + }, + }, + }, + } + + obj := &dashv1alpha1.Factory{} + obj.SetGroupVersionKind(schema.GroupVersionKind{Group: "dashboard.cozystack.io", Version: "v1alpha1", Kind: "Factory"}) + obj.SetName(factoryName) + + _, err := controllerutil.CreateOrUpdate(ctx, m.client, obj, func() error { + if err := controllerutil.SetOwnerReference(crd, obj, m.scheme); err != nil { + return err + } + b, err := json.Marshal(spec) + if err != nil { + return err + } + obj.Spec = dashv1alpha1.ArbitrarySpec{JSON: apiextv1.JSON{Raw: b}} + return nil + }) + return err +} + +// ---------------- Tabs builders ---------------- + +func detailsTab(kind, endpoint, schemaJSON string, keysOrder [][]string) map[string]any { + paramsBlocks := buildOpenAPIParamsBlocks(schemaJSON, keysOrder) + paramsList := map[string]any{ + "type": "antdFlex", + "data": map[string]any{ + "id": "params-list", + "vertical": true, + "gap": float64(24), + }, + "children": paramsBlocks, + } + + leftColStack := []any{ + antdText("details-title", true, kind, map[string]any{ + "fontSize": float64(20), + "marginBottom": float64(12), + }), + antdFlexVertical("meta-name-block", 4, []any{ + antdText("meta-name-label", true, "Name", nil), + parsedText("meta-name-value", "{reqsJsonPath[0]['.metadata.name']['-']}", nil), + }), + antdFlexVertical("meta-namespace-block", 8, []any{ + antdText("meta-namespace-label", true, "Namespace", nil), + map[string]any{ + "type": "antdFlex", + "data": map[string]any{ + "id": "namespace-row", + "align": "center", + "gap": float64(6), + }, + "children": []any{ + map[string]any{ + "type": "antdText", + "data": map[string]any{ + "id": "ns-badge", + "text": "NS", + "style": map[string]any{ + "backgroundColor": "#a25792ff", + "borderRadius": "20px", + "color": "#fff", + "display": "inline-block", + "fontFamily": "RedHatDisplay, Overpass, overpass, helvetica, arial, sans-serif", + "fontSize": float64(15), + "fontWeight": float64(400), + "lineHeight": "24px", + "minWidth": float64(24), + "padding": "0 9px", + "textAlign": "center", + "whiteSpace": "nowrap", + }, + }, + }, + antdLink("namespace-link", + "{reqsJsonPath[0]['.metadata.namespace']['-']}", + "/openapi-ui/{2}/factory/namespace-details/{reqsJsonPath[0]['.metadata.namespace']['-']}", + ), + }, + }, + }), + antdFlexVertical("meta-created-block", 4, []any{ + antdText("time-label", true, "Created", nil), + antdFlex("time-block", 6, []any{ + antdText("time-icon", false, "🌐", nil), + parsedTextWithFormatter("time-value", "{reqsJsonPath[0]['.metadata.creationTimestamp']['-']}", "timestamp"), + }), + }), + antdFlexVertical("meta-version-block", 4, []any{ + antdText("version-label", true, "Version", nil), + parsedText("version-value", "{reqsJsonPath[0]['.status.version']['-']}", nil), + }), + antdFlexVertical("meta-released-block", 4, []any{ + antdText("released-label", true, "Released", nil), + parsedText("released-value", "{reqsJsonPath[0]['.status.conditions[?(@.type==\"Released\")].status']['-']}", nil), + }), + antdFlexVertical("meta-ready-block", 4, []any{ + antdText("ready-label", true, "Ready", nil), + parsedText("ready-value", "{reqsJsonPath[0]['.status.conditions[?(@.type==\"Ready\")].status']['-']}", nil), + }), + } + + rightColStack := []any{ + antdText("params-title", true, "Parameters", map[string]any{ + "fontSize": float64(20), + "marginBottom": float64(12), + }), + paramsList, + } + + return map[string]any{ + "key": "details", + "label": "Details", + "children": []any{ + contentCard("details-card", map[string]any{"marginBottom": float64(24)}, []any{ + map[string]any{ + "type": "antdRow", + "data": map[string]any{ + "id": "details-grid", + "gutter": []any{float64(48), float64(12)}, + }, + "children": []any{ + map[string]any{ + "type": "antdCol", + "data": map[string]any{"id": "col-left", "span": float64(12)}, + "children": []any{ + map[string]any{ + "type": "antdFlex", + "data": map[string]any{"id": "col-left-stack", "vertical": true, "gap": float64(24)}, + "children": leftColStack, + }, + }, + }, + map[string]any{ + "type": "antdCol", + "data": map[string]any{"id": "col-right", "span": float64(12)}, + "children": []any{ + map[string]any{ + "type": "antdFlex", + "data": map[string]any{"id": "col-right-stack", "vertical": true, "gap": float64(24)}, + "children": rightColStack, + }, + }, + }, + }, + }, + spacer("conditions-top-spacer", float64(16)), + antdText("conditions-title", true, "Conditions", map[string]any{"fontSize": float64(20)}), + spacer("conditions-spacer", float64(8)), + map[string]any{ + "type": "EnrichedTable", + "data": map[string]any{ + "id": "conditions-table", + "fetchUrl": endpoint, + "clusterNamePartOfUrl": "{2}", + "customizationId": "factory-status-conditions", + "baseprefix": "/openapi-ui", + "withoutControls": true, + "pathToItems": []any{"status", "conditions"}, + }, + }, + }), + }, + } +} + +func workloadsTab(kind string) map[string]any { + return map[string]any{ + "key": "workloads", + "label": "Workloads", + "children": []any{ + map[string]any{ + "type": "EnrichedTable", + "data": map[string]any{ + "id": "workloads-table", + "fetchUrl": "/api/clusters/{2}/k8s/apis/cozystack.io/v1alpha1/namespaces/{3}/workloadmonitors", + "clusterNamePartOfUrl": "{2}", + "baseprefix": "/openapi-ui", + "customizationId": "factory-details-v1alpha1.cozystack.io.workloadmonitors", + "pathToItems": []any{"items"}, + "labelsSelector": map[string]any{ + "apps.cozystack.io/application.group": "apps.cozystack.io", + "apps.cozystack.io/application.kind": kind, + "apps.cozystack.io/application.name": "{reqs[0]['metadata','name']}", + }, + }, + }, + }, + } +} + +func servicesTab(kind string) map[string]any { + return map[string]any{ + "key": "services", + "label": "Services", + "children": []any{ + map[string]any{ + "type": "EnrichedTable", + "data": map[string]any{ + "id": "services-table", + "fetchUrl": "/api/clusters/{2}/k8s/api/v1/namespaces/{3}/services", + "clusterNamePartOfUrl": "{2}", + "baseprefix": "/openapi-ui", + "customizationId": "factory-details-v1.services", + "pathToItems": []any{"items"}, + "labelsSelector": map[string]any{ + "apps.cozystack.io/application.group": "apps.cozystack.io", + "apps.cozystack.io/application.kind": kind, + "apps.cozystack.io/application.name": "{reqs[0]['metadata','name']}", + }, + }, + }, + }, + } +} + +func ingressesTab(kind string) map[string]any { + return map[string]any{ + "key": "ingresses", + "label": "Ingresses", + "children": []any{ + map[string]any{ + "type": "EnrichedTable", + "data": map[string]any{ + "id": "ingresses-table", + "fetchUrl": "/api/clusters/{2}/k8s/apis/networking.k8s.io/v1/namespaces/{3}/ingresses", + "clusterNamePartOfUrl": "{2}", + "baseprefix": "/openapi-ui", + "customizationId": "factory-details-networking.k8s.io.v1.ingresses", + "pathToItems": []any{"items"}, + "labelsSelector": map[string]any{ + "apps.cozystack.io/application.group": "apps.cozystack.io", + "apps.cozystack.io/application.kind": kind, + "apps.cozystack.io/application.name": "{reqs[0]['metadata','name']}", + }, + }, + }, + }, + } +} + +func secretsTab(kind string) map[string]any { + return map[string]any{ + "key": "secrets", + "label": "Secrets", + "children": []any{ + map[string]any{ + "type": "EnrichedTable", + "data": map[string]any{ + "id": "secrets-table", + "fetchUrl": "/api/clusters/{2}/k8s/apis/core.cozystack.io/v1alpha1/namespaces/{3}/tenantsecretstables", + "clusterNamePartOfUrl": "{2}", + "baseprefix": "/openapi-ui", + "customizationId": "factory-details-v1alpha1.core.cozystack.io.tenantsecretstables", + "pathToItems": []any{"items"}, + "labelsSelector": map[string]any{ + "apps.cozystack.io/application.group": "apps.cozystack.io", + "apps.cozystack.io/application.kind": kind, + "apps.cozystack.io/application.name": "{reqs[0]['metadata','name']}", + }, + }, + }, + }, + } +} + +func yamlTab(plural string) map[string]any { + return map[string]any{ + "key": "yaml", + "label": "YAML", + "children": []any{ + map[string]any{ + "type": "YamlEditorSingleton", + "data": map[string]any{ + "id": "yaml-editor", + "cluster": "{2}", + "isNameSpaced": true, + "type": "builtin", + "typeName": plural, + "prefillValuesRequestIndex": float64(0), + "substractHeight": float64(400), + }, + }, + }, + } +} + +// ---------------- UI helpers (use float64 for numeric fields) ---------------- + +func contentCard(id string, style map[string]any, children []any) map[string]any { + return map[string]any{ + "type": "ContentCard", + "data": map[string]any{ + "id": id, + "style": style, + }, + "children": children, + } +} + +func antdText(id string, strong bool, text string, style map[string]any) map[string]any { + data := map[string]any{ + "id": id, + "text": text, + "strong": strong, + } + if style != nil { + data["style"] = style + } + return map[string]any{"type": "antdText", "data": data} +} + +func parsedText(id, text string, style map[string]any) map[string]any { + data := map[string]any{ + "id": id, + "text": text, + } + if style != nil { + data["style"] = style + } + return map[string]any{"type": "parsedText", "data": data} +} + +func parsedTextWithFormatter(id, text, formatter string) map[string]any { + return map[string]any{ + "type": "parsedText", + "data": map[string]any{ + "id": id, + "text": text, + "formatter": formatter, + }, + } +} + +func spacer(id string, space float64) map[string]any { + return map[string]any{ + "type": "Spacer", + "data": map[string]any{ + "id": id, + "$space": space, + }, + } +} + +func antdFlex(id string, gap float64, children []any) map[string]any { + return map[string]any{ + "type": "antdFlex", + "data": map[string]any{ + "id": id, + "align": "center", + "gap": gap, + }, + "children": children, + } +} + +func antdFlexVertical(id string, gap float64, children []any) map[string]any { + return map[string]any{ + "type": "antdFlex", + "data": map[string]any{ + "id": id, + "vertical": true, + "gap": gap, + }, + "children": children, + } +} + +func antdRow(id string, gutter []any, children []any) map[string]any { + return map[string]any{ + "type": "antdRow", + "data": map[string]any{ + "id": id, + "gutter": gutter, + }, + "children": children, + } +} + +func antdCol(id string, span float64, children []any) map[string]any { + return map[string]any{ + "type": "antdCol", + "data": map[string]any{ + "id": id, + "span": span, + }, + "children": children, + } +} + +func antdColWithStyle(id string, style map[string]any, children []any) map[string]any { + return map[string]any{ + "type": "antdCol", + "data": map[string]any{ + "id": id, + "style": style, + }, + "children": children, + } +} + +func antdLink(id, text, href string) map[string]any { + return map[string]any{ + "type": "antdLink", + "data": map[string]any{ + "id": id, + "text": text, + "href": href, + }, + } +} + +// ---------------- OpenAPI β†’ Right column ---------------- + +func buildOpenAPIParamsBlocks(schemaJSON string, keysOrder [][]string) []any { + var blocks []any + fields := collectOpenAPILeafFields(schemaJSON, 2, 20) + + // Sort fields according to keysOrder if provided + if len(keysOrder) > 0 { + fields = sortFieldsByKeysOrder(fields, keysOrder) + } + + for idx, f := range fields { + id := fmt.Sprintf("param-%d", idx) + blocks = append(blocks, + antdFlexVertical(id, 4, []any{ + antdText(id+"-label", true, f.Label, nil), + parsedText(id+"-value", fmt.Sprintf("{reqsJsonPath[0]['.spec.%s']['-']}", f.JSONPathSpec), nil), + }), + ) + } + if len(fields) == 0 { + blocks = append(blocks, + antdText("params-empty", false, "No scalar parameters detected in schema (see YAML tab for full spec).", map[string]any{"opacity": float64(0.7)}), + ) + } + return blocks +} + +// sortFieldsByKeysOrder sorts fields according to the provided keysOrder +func sortFieldsByKeysOrder(fields []fieldInfo, keysOrder [][]string) []fieldInfo { + // Create a map for quick lookup of field positions + orderMap := make(map[string]int) + for i, path := range keysOrder { + // Convert path to dot notation (e.g., ["spec", "systemDisk", "image"] -> "systemDisk.image") + if len(path) > 1 && path[0] == "spec" { + dotPath := strings.Join(path[1:], ".") + orderMap[dotPath] = i + } + } + + // Sort fields based on their position in keysOrder + sort.Slice(fields, func(i, j int) bool { + posI, existsI := orderMap[fields[i].JSONPathSpec] + posJ, existsJ := orderMap[fields[j].JSONPathSpec] + + // If both exist in orderMap, sort by position + if existsI && existsJ { + return posI < posJ + } + // If only one exists, prioritize the one that exists + if existsI { + return true + } + if existsJ { + return false + } + // If neither exists, maintain original order (stable sort) + return i < j + }) + + return fields +} + +func collectOpenAPILeafFields(schemaJSON string, maxDepth, maxFields int) []fieldInfo { + type node = map[string]any + + if strings.TrimSpace(schemaJSON) == "" { + return nil + } + + var root any + if err := json.Unmarshal([]byte(schemaJSON), &root); err != nil { + // invalid JSON β€” skip + return nil + } + + props := map[string]any{} + if m, ok := root.(node); ok { + if p, ok := m["properties"].(node); ok { + props = p + } + } + if len(props) == 0 { + return nil + } + + var out []fieldInfo + var visit func(prefix []string, n node, depth int) + + addField := func(path []string, schema node) { + // Skip excluded paths (backup/bootstrap/password) + if shouldExcludeParamPath(path) { + return + } + // build label "Foo Bar / Baz" + label := humanizePath(path) + desc := getString(schema, "description") + out = append(out, fieldInfo{ + JSONPathSpec: strings.Join(path, "."), + Label: label, + Description: desc, + }) + } + + visit = func(prefix []string, n node, depth int) { + if len(out) >= maxFields { + return + } + // Scalar? + if isScalarType(n) || isIntOrString(n) || hasEnum(n) { + addField(prefix, n) + return + } + // Object with properties + if props, ok := n["properties"].(node); ok { + if depth >= maxDepth { + // too deep β€” stop + return + } + // deterministic ordering + keys := make([]string, 0, len(props)) + for k := range props { + keys = append(keys, k) + } + sort.Strings(keys) + for _, k := range keys { + child, _ := props[k].(node) + visit(append(prefix, k), child, depth+1) + if len(out) >= maxFields { + return + } + } + return + } + // Arrays: try to render item if it’s scalar and depth limit allows + if n["type"] == "array" { + if items, ok := n["items"].(node); ok && (isScalarType(items) || isIntOrString(items) || hasEnum(items)) { + addField(prefix, items) + } + return + } + // Otherwise skip (unknown/complex) + } + + // top-level: iterate properties + keys := make([]string, 0, len(props)) + for k := range props { + keys = append(keys, k) + } + sort.Strings(keys) + for _, k := range keys { + if child, ok := props[k].(node); ok { + visit([]string{k}, child, 1) + if len(out) >= maxFields { + break + } + } + } + return out +} + +// --- helpers for schema inspection --- + +func isScalarType(n map[string]any) bool { + switch getString(n, "type") { + case "string", "integer", "number", "boolean": + return true + default: + return false + } +} + +func isIntOrString(n map[string]any) bool { + // Kubernetes extension: x-kubernetes-int-or-string: true + if v, ok := n["x-kubernetes-int-or-string"]; ok { + if b, ok := v.(bool); ok && b { + return true + } + } + // anyOf: integer|string + if anyOf, ok := n["anyOf"].([]any); ok { + hasInt := false + hasStr := false + for _, it := range anyOf { + if m, ok := it.(map[string]any); ok { + switch getString(m, "type") { + case "integer": + hasInt = true + case "string": + hasStr = true + } + } + } + return hasInt && hasStr + } + return false +} + +func hasEnum(n map[string]any) bool { + _, ok := n["enum"] + return ok +} + +func getString(n map[string]any, key string) string { + if v, ok := n[key]; ok { + if s, ok := v.(string); ok { + return s + } + } + return "" +} + +// shouldExcludeParamPath returns true if any part of the path contains +// backup / bootstrap / password (case-insensitive) +func shouldExcludeParamPath(parts []string) bool { + for _, p := range parts { + lp := strings.ToLower(p) + if strings.Contains(lp, "backup") || strings.Contains(lp, "bootstrap") || strings.Contains(lp, "password") || strings.Contains(lp, "cloudInit") { + return true + } + } + return false +} + +func humanizePath(parts []string) string { + // "systemDisk.image" -> "System Disk / Image" + return strings.Join(parts, " / ") +} + +// ---------------- Feature flags ---------------- + +type factoryFlags struct { + Workloads bool + Ingresses bool + Services bool + Secrets bool +} + +// factoryFeatureFlags tries several conventional locations so you can evolve the API +// without breaking the controller. Defaults are false (hidden). +func factoryFeatureFlags(crd *cozyv1alpha1.CozystackResourceDefinition) factoryFlags { + var f factoryFlags + + f.Workloads = true + f.Ingresses = true + f.Services = true + f.Secrets = true + + return f +} diff --git a/internal/controller/dashboard/manager.go b/internal/controller/dashboard/manager.go new file mode 100644 index 00000000..fbe03156 --- /dev/null +++ b/internal/controller/dashboard/manager.go @@ -0,0 +1,343 @@ +package dashboard + +import ( + "context" + "encoding/json" + "fmt" + "reflect" + "regexp" + "strings" + + dashv1alpha1 "github.com/cozystack/cozystack/api/dashboard/v1alpha1" + cozyv1alpha1 "github.com/cozystack/cozystack/api/v1alpha1" + + apiextv1 "k8s.io/apiextensions-apiserver/pkg/apis/apiextensions/v1" + apierrors "k8s.io/apimachinery/pkg/api/errors" + "k8s.io/apimachinery/pkg/runtime" + + "sigs.k8s.io/controller-runtime/pkg/client" + "sigs.k8s.io/controller-runtime/pkg/controller/controllerutil" + "sigs.k8s.io/controller-runtime/pkg/log" + "sigs.k8s.io/controller-runtime/pkg/reconcile" +) + +// AddToScheme exposes dashboard types registration for controller setup. +func AddToScheme(s *runtime.Scheme) error { + return dashv1alpha1.AddToScheme(s) +} + +// Manager owns logic for creating/updating dashboard resources derived from CRDs. +// It’s easy to extend: add new ensure* methods and wire them into EnsureForCRD. +type Manager struct { + client client.Client + scheme *runtime.Scheme + crdListFn func(context.Context) ([]cozyv1alpha1.CozystackResourceDefinition, error) +} + +// Option pattern so callers can inject a custom lister. +type Option func(*Manager) + +// WithCRDListFunc overrides how Manager lists all CozystackResourceDefinitions. +func WithCRDListFunc(fn func(context.Context) ([]cozyv1alpha1.CozystackResourceDefinition, error)) Option { + return func(m *Manager) { m.crdListFn = fn } +} + +// NewManager constructs a dashboard Manager. +func NewManager(c client.Client, scheme *runtime.Scheme, opts ...Option) *Manager { + m := &Manager{client: c, scheme: scheme} + for _, o := range opts { + o(m) + } + return m +} + +// EnsureForCRD is the single entry-point used by the controller. +// Add more ensure* calls here as you implement support for other resources: +// +// - ensureBreadcrumb (implemented) +// - ensureCustomColumnsOverride (implemented) +// - ensureCustomFormsOverride (implemented) +// - ensureCustomFormsPrefill (implemented) +// - ensureFactory +// - ensureMarketplacePanel (implemented) +// - ensureSidebar (implemented) +// - ensureTableUriMapping (implemented) +func (m *Manager) EnsureForCRD(ctx context.Context, crd *cozyv1alpha1.CozystackResourceDefinition) (reconcile.Result, error) { + // MarketplacePanel + if res, err := m.ensureMarketplacePanel(ctx, crd); err != nil || res.Requeue || res.RequeueAfter > 0 { + return res, err + } + // CustomFormsPrefill + if res, err := m.ensureCustomFormsPrefill(ctx, crd); err != nil || res.Requeue || res.RequeueAfter > 0 { + return res, err + } + // CustomColumnsOverride + if _, err := m.ensureCustomColumnsOverride(ctx, crd); err != nil { + return reconcile.Result{}, err + } + if err := m.ensureTableUriMapping(ctx, crd); err != nil { + return reconcile.Result{}, err + } + if err := m.ensureBreadcrumb(ctx, crd); err != nil { + return reconcile.Result{}, err + } + if err := m.ensureCustomFormsOverride(ctx, crd); err != nil { + return reconcile.Result{}, err + } + if err := m.ensureSidebar(ctx, crd); err != nil { + return reconcile.Result{}, err + } + if err := m.ensureFactory(ctx, crd); err != nil { + return reconcile.Result{}, err + } + + return reconcile.Result{}, nil +} + +// ----------------------- MarketplacePanel ----------------------- + +func (m *Manager) ensureMarketplacePanel(ctx context.Context, crd *cozyv1alpha1.CozystackResourceDefinition) (reconcile.Result, error) { + logger := log.FromContext(ctx) + + mp := &dashv1alpha1.MarketplacePanel{} + mp.Name = crd.Name // cluster-scoped resource, name mirrors CRD name + + // If dashboard is not set, delete the panel if it exists. + if crd.Spec.Dashboard == nil { + err := m.client.Get(ctx, client.ObjectKey{Name: mp.Name}, mp) + if apierrors.IsNotFound(err) { + return reconcile.Result{}, nil + } + if err != nil { + return reconcile.Result{}, err + } + if err := m.client.Delete(ctx, mp); err != nil && !apierrors.IsNotFound(err) { + return reconcile.Result{}, err + } + logger.Info("Deleted MarketplacePanel because dashboard is not set", "name", mp.Name) + return reconcile.Result{}, nil + } + + // Skip resources with non-empty spec.dashboard.name + if strings.TrimSpace(crd.Spec.Dashboard.Name) != "" { + err := m.client.Get(ctx, client.ObjectKey{Name: mp.Name}, mp) + if apierrors.IsNotFound(err) { + return reconcile.Result{}, nil + } + if err != nil { + return reconcile.Result{}, err + } + if err := m.client.Delete(ctx, mp); err != nil && !apierrors.IsNotFound(err) { + return reconcile.Result{}, err + } + logger.Info("Deleted MarketplacePanel because spec.dashboard.name is set", "name", mp.Name) + return reconcile.Result{}, nil + } + + // Build desired spec from CRD fields + d := crd.Spec.Dashboard + app := crd.Spec.Application + + displayName := d.Singular + if displayName == "" { + displayName = app.Kind + } + + tags := make([]any, len(d.Tags)) + for i, t := range d.Tags { + tags[i] = t + } + + specMap := map[string]any{ + "description": d.Description, + "name": displayName, + "type": "nonCrd", + "apiGroup": "apps.cozystack.io", + "apiVersion": "v1alpha1", + "typeName": app.Plural, // e.g., "buckets" + "disabled": false, + "hidden": false, + "tags": tags, + "icon": d.Icon, + } + + specBytes, err := json.Marshal(specMap) + if err != nil { + return reconcile.Result{}, err + } + + mutate := func() error { + if err := controllerutil.SetOwnerReference(crd, mp, m.scheme); err != nil { + return err + } + // Inline JSON payload (the ArbitrarySpec type inlines apiextv1.JSON) + mp.Spec = dashv1alpha1.ArbitrarySpec{ + JSON: apiextv1.JSON{Raw: specBytes}, + } + return nil + } + + op, err := controllerutil.CreateOrUpdate(ctx, m.client, mp, mutate) + if err != nil { + return reconcile.Result{}, err + } + switch op { + case controllerutil.OperationResultCreated: + logger.Info("Created MarketplacePanel", "name", mp.Name) + case controllerutil.OperationResultUpdated: + logger.Info("Updated MarketplacePanel", "name", mp.Name) + } + return reconcile.Result{}, nil +} + +// ----------------------- Helpers (OpenAPI β†’ values) ----------------------- + +// defaultOrZero returns the schema default if present; otherwise a reasonable zero value. +func defaultOrZero(sub map[string]interface{}) interface{} { + if v, ok := sub["default"]; ok { + return v + } + typ, _ := sub["type"].(string) + switch typ { + case "string": + return "" + case "boolean": + return false + case "array": + return []interface{}{} + case "integer", "number": + return 0 + case "object": + return map[string]interface{}{} + default: + return nil + } +} + +// toIfaceSlice converts []string -> []interface{}. +func toIfaceSlice(ss []string) []interface{} { + out := make([]interface{}, len(ss)) + for i, s := range ss { + out[i] = s + } + return out +} + +// buildPrefillValues converts an OpenAPI schema (JSON string) into a []interface{} "values" list +// suitable for CustomFormsPrefill.spec.values. +// Rules: +// - For top-level primitive/array fields: emit an entry, using default if present, otherwise zero. +// - For top-level objects: recursively process nested objects and emit entries for all default values +// found at any nesting level. +func buildPrefillValues(openAPISchema string) ([]interface{}, error) { + var root map[string]interface{} + if err := json.Unmarshal([]byte(openAPISchema), &root); err != nil { + return nil, fmt.Errorf("cannot parse openAPISchema: %w", err) + } + props, _ := root["properties"].(map[string]interface{}) + if props == nil { + return []interface{}{}, nil + } + + var values []interface{} + processSchemaProperties(props, []string{"spec"}, &values) + return values, nil +} + +// processSchemaProperties recursively processes OpenAPI schema properties and extracts default values +func processSchemaProperties(props map[string]interface{}, path []string, values *[]interface{}) { + for pname, raw := range props { + sub, _ := raw.(map[string]interface{}) + if sub == nil { + continue + } + + typ, _ := sub["type"].(string) + currentPath := append(path, pname) + + switch typ { + case "object": + // Check if this object has a default value + if objDefault, ok := sub["default"].(map[string]interface{}); ok { + // Process the default object recursively + processDefaultObject(objDefault, currentPath, values) + } + + // Also process child properties for their individual defaults + if childProps, ok := sub["properties"].(map[string]interface{}); ok { + processSchemaProperties(childProps, currentPath, values) + } + default: + // For primitive types, use default if present, otherwise zero value + val := defaultOrZero(sub) + if val != nil { + entry := map[string]interface{}{ + "path": toIfaceSlice(currentPath), + "value": val, + } + *values = append(*values, entry) + } + } + } +} + +// processDefaultObject recursively processes a default object and creates entries for all nested values +func processDefaultObject(obj map[string]interface{}, path []string, values *[]interface{}) { + for key, value := range obj { + currentPath := append(path, key) + + // If the value is a map, process it recursively + if nestedObj, ok := value.(map[string]interface{}); ok { + processDefaultObject(nestedObj, currentPath, values) + } else { + // For primitive values, create an entry + entry := map[string]interface{}{ + "path": toIfaceSlice(currentPath), + "value": value, + } + *values = append(*values, entry) + } + } +} + +// normalizeJSON makes maps/slices JSON-safe for k8s Unstructured: +// - converts all int/int32/... to float64 +// - leaves strings, bools, nil as-is +func normalizeJSON(v any) any { + switch t := v.(type) { + case map[string]any: + out := make(map[string]any, len(t)) + for k, val := range t { + out[k] = normalizeJSON(val) + } + return out + case []any: + out := make([]any, len(t)) + for i := range t { + out[i] = normalizeJSON(t[i]) + } + return out + case int: + return float64(t) + case int8: + return float64(t) + case int16: + return float64(t) + case int32: + return float64(t) + case int64: + return float64(t) + case uint, uint8, uint16, uint32, uint64: + return float64(reflect.ValueOf(t).Convert(reflect.TypeOf(uint64(0))).Uint()) + case float32: + return float64(t) + default: + return v + } +} + +var camelSplitter = regexp.MustCompile(`(?m)([A-Z]+[a-z0-9]*|[a-z0-9]+)`) + +func splitCamel(s string) []string { + return camelSplitter.FindAllString(s, -1) +} diff --git a/internal/controller/dashboard/sidebar.go b/internal/controller/dashboard/sidebar.go new file mode 100644 index 00000000..fe8e246f --- /dev/null +++ b/internal/controller/dashboard/sidebar.go @@ -0,0 +1,310 @@ +package dashboard + +import ( + "context" + "encoding/json" + "fmt" + "sort" + "strings" + + dashv1alpha1 "github.com/cozystack/cozystack/api/dashboard/v1alpha1" + cozyv1alpha1 "github.com/cozystack/cozystack/api/v1alpha1" + + apiextv1 "k8s.io/apiextensions-apiserver/pkg/apis/apiextensions/v1" + "k8s.io/apimachinery/pkg/runtime/schema" + "sigs.k8s.io/controller-runtime/pkg/client" + "sigs.k8s.io/controller-runtime/pkg/controller/controllerutil" +) + +// ensureSidebar creates/updates multiple Sidebar resources that share the same menu: +// - The "details" sidebar tied to the current kind (stock-project-factory--details) +// - The stock-instance sidebars: api-form, api-table, builtin-form, builtin-table +// - The stock-project sidebars: api-form, api-table, builtin-form, builtin-table, crd-form, crd-table +// +// Menu rules: +// - The first section is "Marketplace" with two hardcoded entries: +// - Marketplace (/openapi-ui/{clusterName}/{namespace}/factory/marketplace) +// - Tenant Info (/openapi-ui/{clusterName}/{namespace}/factory/info-details/info) +// - All other sections are built from CRDs where spec.dashboard != nil. +// - Categories are ordered strictly as: +// Marketplace, IaaS, PaaS, NaaS, , Resources, Administration +// - Items within each category: sort by Weight (desc), then Label (Aβ†’Z). +func (m *Manager) ensureSidebar(ctx context.Context, crd *cozyv1alpha1.CozystackResourceDefinition) error { + // Build the full menu once. + + // 1) Fetch all CRDs + var all []cozyv1alpha1.CozystackResourceDefinition + if m.crdListFn != nil { + s, err := m.crdListFn(ctx) + if err != nil { + return err + } + all = s + } else { + var crdList cozyv1alpha1.CozystackResourceDefinitionList + if err := m.client.List(ctx, &crdList, &client.ListOptions{}); err != nil { + return err + } + all = crdList.Items + } + + // 2) Build category -> []item map (only for CRDs with spec.dashboard != nil) + type item struct { + Key string + Label string + Link string + Weight int + } + categories := map[string][]item{} // category label -> children + keysAndTags := map[string]any{} // plural -> []string{ "-sidebar" } + + for i := range all { + def := &all[i] + + // Include ONLY when spec.dashboard != nil + if def.Spec.Dashboard == nil { + continue + } + + // Skip resources with non-empty spec.dashboard.name + if strings.TrimSpace(def.Spec.Dashboard.Name) != "" { + continue + } + + g, v, kind := pickGVK(def) + plural := pickPlural(kind, def) + cat := safeCategory(def) // falls back to "Resources" if empty + + // Label: prefer dashboard.Plural if provided + label := titleFromKindPlural(kind, plural) + if def.Spec.Dashboard.Plural != "" { + label = def.Spec.Dashboard.Plural + } + + // Weight (default 0) + weight := def.Spec.Dashboard.Weight + + link := fmt.Sprintf("/openapi-ui/{clusterName}/{namespace}/api-table/%s/%s/%s", g, v, plural) + + categories[cat] = append(categories[cat], item{ + Key: plural, + Label: label, + Link: link, + Weight: weight, + }) + + // keysAndTags: plural -> [ "-sidebar" ] + keysAndTags[plural] = []any{fmt.Sprintf("%s-sidebar", strings.ToLower(kind))} + } + + // 3) Sort items within each category by Weight (desc), then Label (Aβ†’Z) + for cat := range categories { + sort.Slice(categories[cat], func(i, j int) bool { + if categories[cat][i].Weight != categories[cat][j].Weight { + return categories[cat][i].Weight < categories[cat][j].Weight // lower weight first + } + return strings.ToLower(categories[cat][i].Label) < strings.ToLower(categories[cat][j].Label) + }) + } + + // 4) Order categories strictly: + // Marketplace (hardcoded), IaaS, PaaS, NaaS, , Resources, Administration + orderedCats := orderCategoryLabels(categories) + + // 5) Build menuItems (hardcode "Marketplace"; then dynamic categories; then hardcode "Administration") + menuItems := []any{ + map[string]any{ + "key": "marketplace", + "label": "Marketplace", + "children": []any{ + map[string]any{ + "key": "marketplace", + "label": "Marketplace", + "link": "/openapi-ui/{clusterName}/{namespace}/factory/marketplace", + }, + }, + }, + } + + for _, cat := range orderedCats { + // Skip "Marketplace" and "Administration" here since they're hardcoded + if strings.EqualFold(cat, "Marketplace") || strings.EqualFold(cat, "Administration") { + continue + } + children := []any{} + for _, it := range categories[cat] { + children = append(children, map[string]any{ + "key": it.Key, + "label": it.Label, + "link": it.Link, + }) + } + if len(children) > 0 { + menuItems = append(menuItems, map[string]any{ + "key": slugify(cat), + "label": cat, + "children": children, + }) + } + } + + // Add hardcoded Administration section + menuItems = append(menuItems, map[string]any{ + "key": "administration", + "label": "Administration", + "children": []any{ + map[string]any{ + "key": "info", + "label": "Info", + "link": "/openapi-ui/{clusterName}/{namespace}/factory/info-details/info", + }, + map[string]any{ + "key": "modules", + "label": "Modules", + "link": "/openapi-ui/{clusterName}/{namespace}/api-table/core.cozystack.io/v1alpha1/tenantmodules", + }, + map[string]any{ + "key": "tenants", + "label": "Tenants", + "link": "/openapi-ui/{clusterName}/{namespace}/api-table/apps.cozystack.io/v1alpha1/tenants", + }, + }, + }) + + // 6) Prepare the list of Sidebar IDs to upsert with the SAME content + _, _, thisKind := pickGVK(crd) + lowerThisKind := strings.ToLower(thisKind) + detailsID := fmt.Sprintf("stock-project-factory-%s-details", lowerThisKind) + + targetIDs := []string{ + // original details sidebar + detailsID, + + // stock-instance sidebars + "stock-instance-api-form", + "stock-instance-api-table", + "stock-instance-builtin-form", + "stock-instance-builtin-table", + + // stock-project sidebars + "stock-project-factory-marketplace", + "stock-project-factory-workloadmonitor-details", + "stock-project-api-form", + "stock-project-api-table", + "stock-project-builtin-form", + "stock-project-builtin-table", + "stock-project-crd-form", + "stock-project-crd-table", + } + + // 7) Upsert all target sidebars with identical menuItems and keysAndTags + return m.upsertMultipleSidebars(ctx, crd, targetIDs, keysAndTags, menuItems) +} + +// upsertMultipleSidebars creates/updates several Sidebar resources with the same menu spec. +func (m *Manager) upsertMultipleSidebars( + ctx context.Context, + crd *cozyv1alpha1.CozystackResourceDefinition, + ids []string, + keysAndTags map[string]any, + menuItems []any, +) error { + for _, id := range ids { + spec := map[string]any{ + "id": id, + "keysAndTags": keysAndTags, + "menuItems": menuItems, + } + + obj := &dashv1alpha1.Sidebar{} + obj.SetGroupVersionKind(schema.GroupVersionKind{ + Group: "dashboard.cozystack.io", + Version: "v1alpha1", + Kind: "Sidebar", + }) + obj.SetName(id) + + if _, err := controllerutil.CreateOrUpdate(ctx, m.client, obj, func() error { + if err := controllerutil.SetOwnerReference(crd, obj, m.scheme); err != nil { + return err + } + b, err := json.Marshal(spec) + if err != nil { + return err + } + obj.Spec = dashv1alpha1.ArbitrarySpec{JSON: apiextv1.JSON{Raw: b}} + return nil + }); err != nil { + return err + } + } + return nil +} + +// orderCategoryLabels returns category labels ordered strictly as: +// +// Marketplace, IaaS, PaaS, NaaS, , Resources, Administration. +// +// It only returns labels that exist in `cats` (except "Marketplace" which is hardcoded by caller). +func orderCategoryLabels[T any](cats map[string][]T) []string { + if len(cats) == 0 { + return []string{"Marketplace", "IaaS", "PaaS", "NaaS", "Resources", "Administration"} + } + + head := []string{"Marketplace", "IaaS", "PaaS", "NaaS"} + tail := []string{"Resources", "Administration"} + + present := make(map[string]struct{}, len(cats)) + for k := range cats { + present[k] = struct{}{} + } + + var result []string + + // Add head anchors (keep "Marketplace" in the order signature for the caller) + for _, h := range head { + result = append(result, h) + delete(present, h) + } + + // Collect "others": exclude tail + var others []string + for k := range present { + if k == "Resources" || k == "Administration" { + continue + } + others = append(others, k) + } + sort.Slice(others, func(i, j int) bool { return strings.ToLower(others[i]) < strings.ToLower(others[j]) }) + + // Append others, then tail (always in fixed order) + result = append(result, others...) + result = append(result, tail...) + + return result +} + +// safeCategory returns spec.dashboard.category or "Resources" if not set. +func safeCategory(def *cozyv1alpha1.CozystackResourceDefinition) string { + if def == nil || def.Spec.Dashboard == nil { + return "Resources" + } + if def.Spec.Dashboard.Category != "" { + return def.Spec.Dashboard.Category + } + return "Resources" +} + +// slugify converts a category label to a key-friendly identifier. +// "User Management" -> "usermanagement", "PaaS" -> "paas". +func slugify(s string) string { + s = strings.TrimSpace(strings.ToLower(s)) + out := make([]byte, 0, len(s)) + for i := 0; i < len(s); i++ { + c := s[i] + if (c >= 'a' && c <= 'z') || (c >= '0' && c <= '9') { + out = append(out, c) + } + } + return string(out) +} diff --git a/internal/controller/dashboard/webextras.go b/internal/controller/dashboard/webextras.go new file mode 100644 index 00000000..50048ed2 --- /dev/null +++ b/internal/controller/dashboard/webextras.go @@ -0,0 +1,266 @@ +package dashboard + +import ( + "context" + "encoding/json" + "fmt" + "strings" + + dashv1alpha1 "github.com/cozystack/cozystack/api/dashboard/v1alpha1" + cozyv1alpha1 "github.com/cozystack/cozystack/api/v1alpha1" + + apiextv1 "k8s.io/apiextensions-apiserver/pkg/apis/apiextensions/v1" + "k8s.io/apimachinery/pkg/runtime/schema" + "sigs.k8s.io/controller-runtime/pkg/controller/controllerutil" + "sigs.k8s.io/controller-runtime/pkg/log" + "sigs.k8s.io/controller-runtime/pkg/reconcile" +) + +// Ensure the three additional dashboard/frontend resources exist: +// - TableUriMapping (dashboard.cozystack.io/v1alpha1) +// - Breadcrumb (dashboard.cozystack.io/v1alpha1) +// - CustomFormsOverride (dashboard.cozystack.io/v1alpha1) +// +// Call these from Manager.EnsureForCRD() after ensureCustomColumnsOverride. + +// --------------------------- TableUriMapping ----------------------------- + +func (m *Manager) ensureTableUriMapping(ctx context.Context, crd *cozyv1alpha1.CozystackResourceDefinition) error { + // Links are fully managed by the CustomColumnsOverride. + return nil +} + +// ------------------------------- Breadcrumb ----------------------------- + +func (m *Manager) ensureBreadcrumb(ctx context.Context, crd *cozyv1alpha1.CozystackResourceDefinition) error { + _, _, kind := pickGVK(crd) + + lowerKind := strings.ToLower(kind) + detailID := fmt.Sprintf("stock-project-factory-%s-details", lowerKind) + + obj := &dashv1alpha1.Breadcrumb{} + obj.SetGroupVersionKind(schema.GroupVersionKind{ + Group: "dashboard.cozystack.io", + Version: "v1alpha1", + Kind: "Breadcrumb", + }) + obj.SetName(detailID) + + plural := pickPlural(kind, crd) + + // Prefer dashboard.Plural for UI label if provided + labelPlural := titleFromKindPlural(kind, plural) + if crd != nil && crd.Spec.Dashboard != nil && crd.Spec.Dashboard.Plural != "" { + labelPlural = crd.Spec.Dashboard.Plural + } + + key := plural // e.g., "virtualmachines" + label := labelPlural + link := fmt.Sprintf("/openapi-ui/{clusterName}/{namespace}/api-table/apps.cozystack.io/v1alpha1/%s", plural) + // If Name is set, change the first breadcrumb item to "Tenant Modules" + // TODO add parameter to this + if crd.Spec.Dashboard.Name != "" { + key = "tenantmodules" + label = "Tenant Modules" + link = "/openapi-ui/{clusterName}/{namespace}/api-table/core.cozystack.io/v1alpha1/tenantmodules" + } + + items := []any{ + map[string]any{ + "key": key, + "label": label, + "link": link, + }, + map[string]any{ + "key": strings.ToLower(kind), // "etcd" + "label": "{6}", // literal, as in your example + }, + } + + spec := map[string]any{ + "id": detailID, + "breadcrumbItems": items, + } + + _, err := controllerutil.CreateOrUpdate(ctx, m.client, obj, func() error { + if err := controllerutil.SetOwnerReference(crd, obj, m.scheme); err != nil { + return err + } + b, err := json.Marshal(spec) + if err != nil { + return err + } + obj.Spec = dashv1alpha1.ArbitrarySpec{JSON: apiextv1.JSON{Raw: b}} + return nil + }) + return err +} + +// --------------------------- CustomFormsOverride ------------------------ + +func (m *Manager) ensureCustomFormsOverride(ctx context.Context, crd *cozyv1alpha1.CozystackResourceDefinition) error { + g, v, kind := pickGVK(crd) + plural := pickPlural(kind, crd) + + name := fmt.Sprintf("%s.%s.%s", g, v, plural) + customizationID := fmt.Sprintf("default-/%s/%s/%s", g, v, plural) + + obj := &dashv1alpha1.CustomFormsOverride{} + obj.SetGroupVersionKind(schema.GroupVersionKind{ + Group: "dashboard.cozystack.io", + Version: "v1alpha1", + Kind: "CustomFormsOverride", + }) + obj.SetName(name) + + // Replicates your Helm includes (system metadata + api + status). + hidden := []any{} + hidden = append(hidden, hiddenMetadataSystem()...) + hidden = append(hidden, hiddenMetadataAPI()...) + hidden = append(hidden, hiddenStatus()...) + + // If Name is set, hide metadata + if crd.Spec.Dashboard != nil && strings.TrimSpace(crd.Spec.Dashboard.Name) != "" { + hidden = append([]interface{}{ + []any{"metadata"}, + }, hidden...) + } + + sort := make([]any, len(crd.Spec.Dashboard.KeysOrder)) + for i, v := range crd.Spec.Dashboard.KeysOrder { + sort[i] = v + } + + spec := map[string]any{ + "customizationId": customizationID, + "hidden": hidden, + "sort": sort, + "schema": map[string]any{}, // {} + "strategy": "merge", + } + + _, err := controllerutil.CreateOrUpdate(ctx, m.client, obj, func() error { + if err := controllerutil.SetOwnerReference(crd, obj, m.scheme); err != nil { + return err + } + b, err := json.Marshal(spec) + if err != nil { + return err + } + obj.Spec = dashv1alpha1.ArbitrarySpec{JSON: apiextv1.JSON{Raw: b}} + return nil + }) + return err +} + +// ----------------------- CustomFormsPrefill ----------------------- + +func (m *Manager) ensureCustomFormsPrefill(ctx context.Context, crd *cozyv1alpha1.CozystackResourceDefinition) (reconcile.Result, error) { + logger := log.FromContext(ctx) + + app := crd.Spec.Application + group := "apps.cozystack.io" + version := "v1alpha1" + + name := fmt.Sprintf("%s.%s.%s", group, version, app.Plural) + customizationID := fmt.Sprintf("default-/%s/%s/%s", group, version, app.Plural) + + values, err := buildPrefillValues(app.OpenAPISchema) + if err != nil { + return reconcile.Result{}, err + } + + // If Name is set, prefill metadata.name + if crd.Spec.Dashboard != nil && strings.TrimSpace(crd.Spec.Dashboard.Name) != "" { + values = append([]interface{}{ + map[string]interface{}{ + "path": toIfaceSlice([]string{"metadata", "name"}), + "value": crd.Spec.Dashboard.Name, + }, + }, values...) + } + + cfp := &dashv1alpha1.CustomFormsPrefill{} + cfp.Name = name // cluster-scoped + + specMap := map[string]any{ + "customizationId": customizationID, + "values": values, + } + specBytes, err := json.Marshal(specMap) + if err != nil { + return reconcile.Result{}, err + } + + mutate := func() error { + if err := controllerutil.SetOwnerReference(crd, cfp, m.scheme); err != nil { + return err + } + cfp.Spec = dashv1alpha1.ArbitrarySpec{ + JSON: apiextv1.JSON{Raw: specBytes}, + } + return nil + } + + op, err := controllerutil.CreateOrUpdate(ctx, m.client, cfp, mutate) + if err != nil { + return reconcile.Result{}, err + } + switch op { + case controllerutil.OperationResultCreated: + logger.Info("Created CustomFormsPrefill", "name", cfp.Name) + case controllerutil.OperationResultUpdated: + logger.Info("Updated CustomFormsPrefill", "name", cfp.Name) + } + return reconcile.Result{}, nil +} + +// ------------------------------ Helpers --------------------------------- + +// titleFromKindPlural returns a presentable plural label, e.g.: +// kind="VirtualMachine", plural="virtualmachines" => "VirtualMachines" +func titleFromKindPlural(kind, plural string) string { + label := kind + if !strings.HasSuffix(strings.ToLower(plural), "s") || !strings.HasSuffix(strings.ToLower(plural), "S") { + label += "s" + } else { + label += "s" + } + return label +} + +// The hidden lists below mirror the Helm templates you shared. +// Each entry is a path as nested string array, e.g. ["metadata","creationTimestamp"]. + +func hiddenMetadataSystem() []any { + return []any{ + []any{"metadata", "annotations"}, + []any{"metadata", "labels"}, + []any{"metadata", "namespace"}, + []any{"metadata", "creationTimestamp"}, + []any{"metadata", "deletionGracePeriodSeconds"}, + []any{"metadata", "deletionTimestamp"}, + []any{"metadata", "finalizers"}, + []any{"metadata", "generateName"}, + []any{"metadata", "generation"}, + []any{"metadata", "managedFields"}, + []any{"metadata", "ownerReferences"}, + []any{"metadata", "resourceVersion"}, + []any{"metadata", "selfLink"}, + []any{"metadata", "uid"}, + } +} + +func hiddenMetadataAPI() []any { + return []any{ + []any{"kind"}, + []any{"apiVersion"}, + []any{"appVersion"}, + } +} + +func hiddenStatus() []any { + return []any{ + []any{"status"}, + } +} diff --git a/internal/lineagecontrollerwebhook/config.go b/internal/lineagecontrollerwebhook/config.go index 57fc4ad9..c10c5a77 100644 --- a/internal/lineagecontrollerwebhook/config.go +++ b/internal/lineagecontrollerwebhook/config.go @@ -25,7 +25,10 @@ type runtimeConfig struct { func (l *LineageControllerWebhook) initConfig() { l.initOnce.Do(func() { if l.config.Load() == nil { - l.config.Store(&runtimeConfig{chartAppMap: make(map[chartRef]*cozyv1alpha1.CozystackResourceDefinition)}) + l.config.Store(&runtimeConfig{ + chartAppMap: make(map[chartRef]*cozyv1alpha1.CozystackResourceDefinition), + appCRDMap: make(map[appRef]*cozyv1alpha1.CozystackResourceDefinition), + }) } }) } diff --git a/internal/lineagecontrollerwebhook/controller.go b/internal/lineagecontrollerwebhook/controller.go index 7a1eb1d0..e7522f62 100644 --- a/internal/lineagecontrollerwebhook/controller.go +++ b/internal/lineagecontrollerwebhook/controller.go @@ -5,11 +5,10 @@ import ( cozyv1alpha1 "github.com/cozystack/cozystack/api/v1alpha1" ctrl "sigs.k8s.io/controller-runtime" - "sigs.k8s.io/controller-runtime/pkg/client" "sigs.k8s.io/controller-runtime/pkg/log" ) -// +kubebuilder:rbac:groups=cozystack.io,resources=cozystackresourcedefinitions,verbs=list;watch +// +kubebuilder:rbac:groups=cozystack.io,resources=cozystackresourcedefinitions,verbs=list;watch;get func (c *LineageControllerWebhook) SetupWithManagerAsController(mgr ctrl.Manager) error { return ctrl.NewControllerManagedBy(mgr). @@ -20,7 +19,7 @@ func (c *LineageControllerWebhook) SetupWithManagerAsController(mgr ctrl.Manager func (c *LineageControllerWebhook) Reconcile(ctx context.Context, req ctrl.Request) (ctrl.Result, error) { l := log.FromContext(ctx) crds := &cozyv1alpha1.CozystackResourceDefinitionList{} - if err := c.List(ctx, crds, &client.ListOptions{Namespace: "cozy-system"}); err != nil { + if err := c.List(ctx, crds); err != nil { l.Error(err, "failed reading CozystackResourceDefinitions") return ctrl.Result{}, err } diff --git a/packages/apps/bucket/Makefile b/packages/apps/bucket/Makefile index f242b9ea..d448d0c0 100644 --- a/packages/apps/bucket/Makefile +++ b/packages/apps/bucket/Makefile @@ -2,4 +2,5 @@ include ../../../scripts/package.mk generate: cozyvalues-gen -v values.yaml -s values.schema.json -r README.md - yq -o json -i '.properties = {}' values.schema.json \ No newline at end of file + yq -o json -i '.properties = {}' values.schema.json + ../../../hack/update-crd.sh diff --git a/packages/apps/clickhouse/Makefile b/packages/apps/clickhouse/Makefile index f1a0e443..44ac851f 100644 --- a/packages/apps/clickhouse/Makefile +++ b/packages/apps/clickhouse/Makefile @@ -5,6 +5,7 @@ include ../../../scripts/package.mk generate: cozyvalues-gen -v values.yaml -s values.schema.json -r README.md + ../../../hack/update-crd.sh image: docker buildx build images/clickhouse-backup \ diff --git a/packages/apps/ferretdb/Makefile b/packages/apps/ferretdb/Makefile index 55dd28d9..bd52fb05 100644 --- a/packages/apps/ferretdb/Makefile +++ b/packages/apps/ferretdb/Makefile @@ -2,6 +2,7 @@ include ../../../scripts/package.mk generate: cozyvalues-gen -v values.yaml -s values.schema.json -r README.md + ../../../hack/update-crd.sh update: tag=$$(git ls-remote --tags --sort="v:refname" https://github.com/FerretDB/FerretDB | awk -F'[/^]' '{sub("^v", "", $$3)} END{print $$3}') && \ diff --git a/packages/apps/http-cache/Makefile b/packages/apps/http-cache/Makefile index 91a170a5..3237f634 100644 --- a/packages/apps/http-cache/Makefile +++ b/packages/apps/http-cache/Makefile @@ -18,6 +18,7 @@ image-nginx: generate: cozyvalues-gen -v values.yaml -s values.schema.json -r README.md + ../../../hack/update-crd.sh update: tag=$$(git ls-remote --tags --sort="v:refname" https://github.com/chrislim2888/IP2Location-C-Library | awk -F'[/^]' 'END{print $$3}') && \ diff --git a/packages/apps/kafka/Makefile b/packages/apps/kafka/Makefile index 9e4d8a6e..0d71076e 100644 --- a/packages/apps/kafka/Makefile +++ b/packages/apps/kafka/Makefile @@ -3,3 +3,4 @@ PRESET_ENUM := ["nano","micro","small","medium","large","xlarge","2xlarge"] generate: cozyvalues-gen -v values.yaml -s values.schema.json -r README.md + ../../../hack/update-crd.sh diff --git a/packages/apps/kubernetes/Makefile b/packages/apps/kubernetes/Makefile index 81520296..b40d8b36 100644 --- a/packages/apps/kubernetes/Makefile +++ b/packages/apps/kubernetes/Makefile @@ -7,6 +7,7 @@ include ../../../scripts/package.mk generate: cozyvalues-gen -v values.yaml -s values.schema.json -r README.md yq -o=json -i '.properties.version.enum = (load("files/versions.yaml") | keys)' values.schema.json + ../../../hack/update-crd.sh image: image-ubuntu-container-disk image-kubevirt-cloud-provider image-kubevirt-csi-driver image-cluster-autoscaler diff --git a/packages/apps/mysql/Makefile b/packages/apps/mysql/Makefile index d0576060..08c57889 100644 --- a/packages/apps/mysql/Makefile +++ b/packages/apps/mysql/Makefile @@ -5,6 +5,7 @@ include ../../../scripts/package.mk generate: cozyvalues-gen -v values.yaml -s values.schema.json -r README.md + ../../../hack/update-crd.sh image: docker buildx build images/mariadb-backup \ diff --git a/packages/apps/nats/Makefile b/packages/apps/nats/Makefile index 7017c673..8b1dce9d 100644 --- a/packages/apps/nats/Makefile +++ b/packages/apps/nats/Makefile @@ -2,3 +2,4 @@ include ../../../scripts/package.mk generate: cozyvalues-gen -v values.yaml -s values.schema.json -r README.md + ../../../hack/update-crd.sh diff --git a/packages/apps/postgres/Makefile b/packages/apps/postgres/Makefile index 7017c673..8b1dce9d 100644 --- a/packages/apps/postgres/Makefile +++ b/packages/apps/postgres/Makefile @@ -2,3 +2,4 @@ include ../../../scripts/package.mk generate: cozyvalues-gen -v values.yaml -s values.schema.json -r README.md + ../../../hack/update-crd.sh diff --git a/packages/apps/postgres/templates/init-script.yaml b/packages/apps/postgres/templates/init-script.yaml index 269a6aa3..8d306789 100644 --- a/packages/apps/postgres/templates/init-script.yaml +++ b/packages/apps/postgres/templates/init-script.yaml @@ -20,6 +20,8 @@ apiVersion: v1 kind: Secret metadata: name: {{ .Release.Name }}-credentials +labels: + internal.cozystack.io/tenantsecret: "true" stringData: {{- range $user, $u := .Values.users }} {{ quote $user }}: {{ quote (index $passwords $user) }} diff --git a/packages/apps/rabbitmq/Makefile b/packages/apps/rabbitmq/Makefile index 7017c673..8b1dce9d 100644 --- a/packages/apps/rabbitmq/Makefile +++ b/packages/apps/rabbitmq/Makefile @@ -2,3 +2,4 @@ include ../../../scripts/package.mk generate: cozyvalues-gen -v values.yaml -s values.schema.json -r README.md + ../../../hack/update-crd.sh diff --git a/packages/apps/redis/Makefile b/packages/apps/redis/Makefile index 7017c673..8b1dce9d 100644 --- a/packages/apps/redis/Makefile +++ b/packages/apps/redis/Makefile @@ -2,3 +2,4 @@ include ../../../scripts/package.mk generate: cozyvalues-gen -v values.yaml -s values.schema.json -r README.md + ../../../hack/update-crd.sh diff --git a/packages/apps/tcp-balancer/Makefile b/packages/apps/tcp-balancer/Makefile index 7017c673..8b1dce9d 100644 --- a/packages/apps/tcp-balancer/Makefile +++ b/packages/apps/tcp-balancer/Makefile @@ -2,3 +2,4 @@ include ../../../scripts/package.mk generate: cozyvalues-gen -v values.yaml -s values.schema.json -r README.md + ../../../hack/update-crd.sh diff --git a/packages/apps/tenant/Makefile b/packages/apps/tenant/Makefile index 7017c673..8b1dce9d 100644 --- a/packages/apps/tenant/Makefile +++ b/packages/apps/tenant/Makefile @@ -2,3 +2,4 @@ include ../../../scripts/package.mk generate: cozyvalues-gen -v values.yaml -s values.schema.json -r README.md + ../../../hack/update-crd.sh diff --git a/packages/apps/tenant/templates/tenant.yaml b/packages/apps/tenant/templates/tenant.yaml index 1b19ae30..d58c37d4 100644 --- a/packages/apps/tenant/templates/tenant.yaml +++ b/packages/apps/tenant/templates/tenant.yaml @@ -29,6 +29,13 @@ rules: resources: - workloadmonitors verbs: ["get", "list", "watch"] +- apiGroups: + - core.cozystack.io + resources: + - tenantmodules + - tenantsecrets + - tenantsecretstables + verbs: ["get", "list", "watch"] --- apiVersion: rbac.authorization.k8s.io/v1 kind: RoleBinding @@ -178,6 +185,13 @@ rules: resources: - workloadmonitors verbs: ["get", "list", "watch"] + - apiGroups: + - core.cozystack.io + resources: + - tenantmodules + - tenantsecrets + - tenantsecretstables + verbs: ["get", "list", "watch"] --- kind: RoleBinding apiVersion: rbac.authorization.k8s.io/v1 @@ -269,6 +283,13 @@ rules: resources: - workloadmonitors verbs: ["get", "list", "watch"] + - apiGroups: + - core.cozystack.io + resources: + - tenantmodules + - tenantsecrets + - tenantsecretstables + verbs: ["get", "list", "watch"] --- kind: RoleBinding apiVersion: rbac.authorization.k8s.io/v1 @@ -336,6 +357,13 @@ rules: resources: - workloadmonitors verbs: ["get", "list", "watch"] + - apiGroups: + - core.cozystack.io + resources: + - tenantmodules + - tenantsecrets + - tenantsecretstables + verbs: ["get", "list", "watch"] --- kind: RoleBinding apiVersion: rbac.authorization.k8s.io/v1 diff --git a/packages/apps/virtual-machine/Makefile b/packages/apps/virtual-machine/Makefile index 6834018d..b70ac622 100644 --- a/packages/apps/virtual-machine/Makefile +++ b/packages/apps/virtual-machine/Makefile @@ -7,3 +7,4 @@ generate: # && yq -i -o json ".properties.instanceType.enum = $${INSTANCE_TYPES}" values.schema.json PREFERENCES=$$(yq e '.metadata.name' -o=json -r ../../system/kubevirt-instancetypes/templates/preferences.yaml | yq 'split(" ") | . + [""]' -o json) \ && yq -i -o json ".properties.instanceProfile.enum = $${PREFERENCES}" values.schema.json + ../../../hack/update-crd.sh diff --git a/packages/apps/virtual-machine/templates/secret.yaml b/packages/apps/virtual-machine/templates/secret.yaml index 73cd92bf..af104234 100644 --- a/packages/apps/virtual-machine/templates/secret.yaml +++ b/packages/apps/virtual-machine/templates/secret.yaml @@ -11,10 +11,12 @@ stringData: {{- end }} {{- if or .Values.cloudInit .Values.sshKeys }} --- -apiVersion: v1 -kind: Secret +apiVersion: core.cozystack.io/v1alpha1 +kind: TenantSecret metadata: name: {{ include "virtual-machine.fullname" . }}-cloud-init + labels: + apps.cozystack.io/virtual-machine: {{ .Release.Name }} stringData: userdata: | {{- if .Values.cloudInit }} diff --git a/packages/apps/vm-disk/Makefile b/packages/apps/vm-disk/Makefile index 7017c673..8b1dce9d 100644 --- a/packages/apps/vm-disk/Makefile +++ b/packages/apps/vm-disk/Makefile @@ -2,3 +2,4 @@ include ../../../scripts/package.mk generate: cozyvalues-gen -v values.yaml -s values.schema.json -r README.md + ../../../hack/update-crd.sh diff --git a/packages/apps/vm-instance/Makefile b/packages/apps/vm-instance/Makefile index 0a6e1914..105ca7db 100644 --- a/packages/apps/vm-instance/Makefile +++ b/packages/apps/vm-instance/Makefile @@ -6,3 +6,4 @@ generate: # && yq -i -o json ".properties.instanceType.enum = $${INSTANCE_TYPES}" values.schema.json PREFERENCES=$$(yq e '.metadata.name' -o=json -r ../../system/kubevirt-instancetypes/templates/preferences.yaml | yq 'split(" ") | . + [""]' -o json) \ && yq -i -o json ".properties.instanceProfile.enum = $${PREFERENCES}" values.schema.json + ../../../hack/update-crd.sh diff --git a/packages/apps/vpn/Makefile b/packages/apps/vpn/Makefile index 7017c673..8b1dce9d 100644 --- a/packages/apps/vpn/Makefile +++ b/packages/apps/vpn/Makefile @@ -2,3 +2,4 @@ include ../../../scripts/package.mk generate: cozyvalues-gen -v values.yaml -s values.schema.json -r README.md + ../../../hack/update-crd.sh diff --git a/packages/core/platform/bundles/paas-full.yaml b/packages/core/platform/bundles/paas-full.yaml index 6947a3a8..05762936 100644 --- a/packages/core/platform/bundles/paas-full.yaml +++ b/packages/core/platform/bundles/paas-full.yaml @@ -92,7 +92,7 @@ releases: releaseName: cozystack-api chart: cozy-cozystack-api namespace: cozy-system - dependsOn: [cilium,kubeovn] + dependsOn: [cilium,kubeovn,cozystack-controller] - name: cozystack-controller releaseName: cozystack-controller @@ -297,6 +297,24 @@ releases: - keycloak-configure {{- end }} +- name: dashboard-config + releaseName: dashboard-config + chart: cozy-dashboard-config + namespace: cozy-dashboard + values: + {{- $dashboardKCconfig := lookup "v1" "ConfigMap" "cozy-dashboard" "kubeapps-auth-config" }} + {{- $dashboardKCValues := dig "data" "values.yaml" "" $dashboardKCconfig | fromYaml }} + {{- toYaml (deepCopy $dashboardKCValues | mergeOverwrite (fromYaml (include "cozystack.defaultDashboardValues" .))) | nindent 4 }} + dependsOn: + - cilium + - kubeovn + - dashboard + - cozystack-api + {{- if eq $oidcEnabled "true" }} + - keycloak-configure + {{- end }} + + - name: kamaji releaseName: kamaji chart: cozy-kamaji diff --git a/packages/core/platform/bundles/paas-hosted.yaml b/packages/core/platform/bundles/paas-hosted.yaml index 8ec250de..1980f67b 100644 --- a/packages/core/platform/bundles/paas-hosted.yaml +++ b/packages/core/platform/bundles/paas-hosted.yaml @@ -39,7 +39,7 @@ releases: releaseName: cozystack-api chart: cozy-cozystack-api namespace: cozy-system - dependsOn: [] + dependsOn: [cozystack-controller] - name: cozystack-controller releaseName: cozystack-controller @@ -177,11 +177,27 @@ releases: {{- $dashboardKCValues := dig "data" "values.yaml" (dict) $dashboardKCconfig }} {{- toYaml (deepCopy $dashboardKCValues | mergeOverwrite (fromYaml (include "cozystack.defaultDashboardValues" .))) | nindent 4 }} {{- if eq $oidcEnabled "true" }} - dependsOn: [keycloak-configure] + dependsOn: [keycloak-configure,cozystack-api] {{- else }} dependsOn: [] {{- end }} +- name: dashboard-config + releaseName: dashboard-config + chart: cozy-dashboard-config + namespace: cozy-dashboard + values: + {{- $dashboardKCconfig := lookup "v1" "ConfigMap" "cozy-dashboard" "kubeapps-auth-config" }} + {{- $dashboardKCValues := dig "data" "values.yaml" "" $dashboardKCconfig | fromYaml }} + {{- toYaml (deepCopy $dashboardKCValues | mergeOverwrite (fromYaml (include "cozystack.defaultDashboardValues" .))) | nindent 4 }} + dependsOn: + - cilium + - kubeovn + - dashboard + {{- if eq $oidcEnabled "true" }} + - keycloak-configure + {{- end }} + {{- if $oidcEnabled }} - name: keycloak releaseName: keycloak diff --git a/packages/extra/bootbox/Makefile b/packages/extra/bootbox/Makefile index f14160d1..d9a1e261 100644 --- a/packages/extra/bootbox/Makefile +++ b/packages/extra/bootbox/Makefile @@ -5,3 +5,4 @@ include ../../../scripts/package.mk generate: cozyvalues-gen -v values.yaml -s values.schema.json -r README.md + ../../../hack/update-crd.sh diff --git a/packages/extra/etcd/Makefile b/packages/extra/etcd/Makefile index 8b8a0a99..b309346c 100644 --- a/packages/extra/etcd/Makefile +++ b/packages/extra/etcd/Makefile @@ -4,3 +4,4 @@ include ../../../scripts/package.mk generate: cozyvalues-gen -v values.yaml -s values.schema.json -r README.md + ../../../hack/update-crd.sh diff --git a/packages/extra/info/Makefile b/packages/extra/info/Makefile index 56d436a1..e09b33a0 100644 --- a/packages/extra/info/Makefile +++ b/packages/extra/info/Makefile @@ -4,4 +4,5 @@ include ../../../scripts/package.mk generate: cozyvalues-gen -v values.yaml -s values.schema.json -r README.md - yq -o json -i '.properties = {}' values.schema.json \ No newline at end of file + yq -o json -i '.properties = {}' values.schema.json + ../../../hack/update-crd.sh diff --git a/packages/extra/ingress/Makefile b/packages/extra/ingress/Makefile index 4b78cd6d..8134cb22 100644 --- a/packages/extra/ingress/Makefile +++ b/packages/extra/ingress/Makefile @@ -9,3 +9,4 @@ get-cloudflare-ips: generate: cozyvalues-gen -v values.yaml -s values.schema.json -r README.md + ../../../hack/update-crd.sh diff --git a/packages/extra/monitoring/Makefile b/packages/extra/monitoring/Makefile index 5ae09c37..b21607ab 100644 --- a/packages/extra/monitoring/Makefile +++ b/packages/extra/monitoring/Makefile @@ -7,6 +7,7 @@ include ../../../scripts/package.mk generate: cozyvalues-gen -v values.yaml -s values.schema.json -r README.md + ../../../hack/update-crd.sh image: docker buildx build images/grafana \ diff --git a/packages/extra/seaweedfs/Makefile b/packages/extra/seaweedfs/Makefile index ffa23d90..be84180b 100644 --- a/packages/extra/seaweedfs/Makefile +++ b/packages/extra/seaweedfs/Makefile @@ -4,3 +4,4 @@ include ../../../scripts/package.mk generate: cozyvalues-gen -v values.yaml -s values.schema.json -r README.md + ../../../hack/update-crd.sh diff --git a/packages/system/cozystack-api/Makefile b/packages/system/cozystack-api/Makefile index d7504d01..6ba3479b 100644 --- a/packages/system/cozystack-api/Makefile +++ b/packages/system/cozystack-api/Makefile @@ -16,8 +16,3 @@ image-cozystack-api: IMAGE="$(REGISTRY)/cozystack-api:$(call settag,$(TAG))@$$(yq e '."containerimage.digest"' images/cozystack-api.json -o json -r)" \ yq -i '.cozystackAPI.image = strenv(IMAGE)' values.yaml rm -f images/cozystack-api.json - -generate: - rm -rf openapi-schemas - mkdir -p openapi-schemas - find ../../apps ../../extra -maxdepth 2 -name values.schema.json -exec sh -ec 'ln -s ../{} openapi-schemas/$$(basename $$(dirname {})).json' \; diff --git a/packages/system/cozystack-api/openapi-schemas/bootbox.json b/packages/system/cozystack-api/openapi-schemas/bootbox.json deleted file mode 120000 index ae362f9e..00000000 --- a/packages/system/cozystack-api/openapi-schemas/bootbox.json +++ /dev/null @@ -1 +0,0 @@ -../../../extra/bootbox/values.schema.json \ No newline at end of file diff --git a/packages/system/cozystack-api/openapi-schemas/bucket.json b/packages/system/cozystack-api/openapi-schemas/bucket.json deleted file mode 120000 index 3b0a3a83..00000000 --- a/packages/system/cozystack-api/openapi-schemas/bucket.json +++ /dev/null @@ -1 +0,0 @@ -../../../apps/bucket/values.schema.json \ No newline at end of file diff --git a/packages/system/cozystack-api/openapi-schemas/clickhouse.json b/packages/system/cozystack-api/openapi-schemas/clickhouse.json deleted file mode 120000 index ff882f52..00000000 --- a/packages/system/cozystack-api/openapi-schemas/clickhouse.json +++ /dev/null @@ -1 +0,0 @@ -../../../apps/clickhouse/values.schema.json \ No newline at end of file diff --git a/packages/system/cozystack-api/openapi-schemas/etcd.json b/packages/system/cozystack-api/openapi-schemas/etcd.json deleted file mode 120000 index 60885d5a..00000000 --- a/packages/system/cozystack-api/openapi-schemas/etcd.json +++ /dev/null @@ -1 +0,0 @@ -../../../extra/etcd/values.schema.json \ No newline at end of file diff --git a/packages/system/cozystack-api/openapi-schemas/ferretdb.json b/packages/system/cozystack-api/openapi-schemas/ferretdb.json deleted file mode 120000 index 72b0036e..00000000 --- a/packages/system/cozystack-api/openapi-schemas/ferretdb.json +++ /dev/null @@ -1 +0,0 @@ -../../../apps/ferretdb/values.schema.json \ No newline at end of file diff --git a/packages/system/cozystack-api/openapi-schemas/http-cache.json b/packages/system/cozystack-api/openapi-schemas/http-cache.json deleted file mode 120000 index 8cbe4391..00000000 --- a/packages/system/cozystack-api/openapi-schemas/http-cache.json +++ /dev/null @@ -1 +0,0 @@ -../../../apps/http-cache/values.schema.json \ No newline at end of file diff --git a/packages/system/cozystack-api/openapi-schemas/info.json b/packages/system/cozystack-api/openapi-schemas/info.json deleted file mode 120000 index 9e3fe7e3..00000000 --- a/packages/system/cozystack-api/openapi-schemas/info.json +++ /dev/null @@ -1 +0,0 @@ -../../../extra/info/values.schema.json \ No newline at end of file diff --git a/packages/system/cozystack-api/openapi-schemas/ingress.json b/packages/system/cozystack-api/openapi-schemas/ingress.json deleted file mode 120000 index 3ce2865c..00000000 --- a/packages/system/cozystack-api/openapi-schemas/ingress.json +++ /dev/null @@ -1 +0,0 @@ -../../../extra/ingress/values.schema.json \ No newline at end of file diff --git a/packages/system/cozystack-api/openapi-schemas/kafka.json b/packages/system/cozystack-api/openapi-schemas/kafka.json deleted file mode 120000 index f8585e63..00000000 --- a/packages/system/cozystack-api/openapi-schemas/kafka.json +++ /dev/null @@ -1 +0,0 @@ -../../../apps/kafka/values.schema.json \ No newline at end of file diff --git a/packages/system/cozystack-api/openapi-schemas/kubernetes.json b/packages/system/cozystack-api/openapi-schemas/kubernetes.json deleted file mode 120000 index a7110239..00000000 --- a/packages/system/cozystack-api/openapi-schemas/kubernetes.json +++ /dev/null @@ -1 +0,0 @@ -../../../apps/kubernetes/values.schema.json \ No newline at end of file diff --git a/packages/system/cozystack-api/openapi-schemas/monitoring.json b/packages/system/cozystack-api/openapi-schemas/monitoring.json deleted file mode 120000 index ccf48a27..00000000 --- a/packages/system/cozystack-api/openapi-schemas/monitoring.json +++ /dev/null @@ -1 +0,0 @@ -../../../extra/monitoring/values.schema.json \ No newline at end of file diff --git a/packages/system/cozystack-api/openapi-schemas/mysql.json b/packages/system/cozystack-api/openapi-schemas/mysql.json deleted file mode 120000 index b5773dcb..00000000 --- a/packages/system/cozystack-api/openapi-schemas/mysql.json +++ /dev/null @@ -1 +0,0 @@ -../../../apps/mysql/values.schema.json \ No newline at end of file diff --git a/packages/system/cozystack-api/openapi-schemas/nats.json b/packages/system/cozystack-api/openapi-schemas/nats.json deleted file mode 120000 index f8f4e11d..00000000 --- a/packages/system/cozystack-api/openapi-schemas/nats.json +++ /dev/null @@ -1 +0,0 @@ -../../../apps/nats/values.schema.json \ No newline at end of file diff --git a/packages/system/cozystack-api/openapi-schemas/postgres.json b/packages/system/cozystack-api/openapi-schemas/postgres.json deleted file mode 120000 index 828ec547..00000000 --- a/packages/system/cozystack-api/openapi-schemas/postgres.json +++ /dev/null @@ -1 +0,0 @@ -../../../apps/postgres/values.schema.json \ No newline at end of file diff --git a/packages/system/cozystack-api/openapi-schemas/rabbitmq.json b/packages/system/cozystack-api/openapi-schemas/rabbitmq.json deleted file mode 120000 index 608102f5..00000000 --- a/packages/system/cozystack-api/openapi-schemas/rabbitmq.json +++ /dev/null @@ -1 +0,0 @@ -../../../apps/rabbitmq/values.schema.json \ No newline at end of file diff --git a/packages/system/cozystack-api/openapi-schemas/redis.json b/packages/system/cozystack-api/openapi-schemas/redis.json deleted file mode 120000 index f06cc50e..00000000 --- a/packages/system/cozystack-api/openapi-schemas/redis.json +++ /dev/null @@ -1 +0,0 @@ -../../../apps/redis/values.schema.json \ No newline at end of file diff --git a/packages/system/cozystack-api/openapi-schemas/seaweedfs.json b/packages/system/cozystack-api/openapi-schemas/seaweedfs.json deleted file mode 120000 index 542228ca..00000000 --- a/packages/system/cozystack-api/openapi-schemas/seaweedfs.json +++ /dev/null @@ -1 +0,0 @@ -../../../extra/seaweedfs/values.schema.json \ No newline at end of file diff --git a/packages/system/cozystack-api/openapi-schemas/tcp-balancer.json b/packages/system/cozystack-api/openapi-schemas/tcp-balancer.json deleted file mode 120000 index 2489da33..00000000 --- a/packages/system/cozystack-api/openapi-schemas/tcp-balancer.json +++ /dev/null @@ -1 +0,0 @@ -../../../apps/tcp-balancer/values.schema.json \ No newline at end of file diff --git a/packages/system/cozystack-api/openapi-schemas/tenant.json b/packages/system/cozystack-api/openapi-schemas/tenant.json deleted file mode 120000 index 5c71197b..00000000 --- a/packages/system/cozystack-api/openapi-schemas/tenant.json +++ /dev/null @@ -1 +0,0 @@ -../../../apps/tenant/values.schema.json \ No newline at end of file diff --git a/packages/system/cozystack-api/openapi-schemas/virtual-machine.json b/packages/system/cozystack-api/openapi-schemas/virtual-machine.json deleted file mode 120000 index c5898f0b..00000000 --- a/packages/system/cozystack-api/openapi-schemas/virtual-machine.json +++ /dev/null @@ -1 +0,0 @@ -../../../apps/virtual-machine/values.schema.json \ No newline at end of file diff --git a/packages/system/cozystack-api/openapi-schemas/vm-disk.json b/packages/system/cozystack-api/openapi-schemas/vm-disk.json deleted file mode 120000 index c8490747..00000000 --- a/packages/system/cozystack-api/openapi-schemas/vm-disk.json +++ /dev/null @@ -1 +0,0 @@ -../../../apps/vm-disk/values.schema.json \ No newline at end of file diff --git a/packages/system/cozystack-api/openapi-schemas/vm-instance.json b/packages/system/cozystack-api/openapi-schemas/vm-instance.json deleted file mode 120000 index 7dcbad17..00000000 --- a/packages/system/cozystack-api/openapi-schemas/vm-instance.json +++ /dev/null @@ -1 +0,0 @@ -../../../apps/vm-instance/values.schema.json \ No newline at end of file diff --git a/packages/system/cozystack-api/openapi-schemas/vpn.json b/packages/system/cozystack-api/openapi-schemas/vpn.json deleted file mode 120000 index 018a6380..00000000 --- a/packages/system/cozystack-api/openapi-schemas/vpn.json +++ /dev/null @@ -1 +0,0 @@ -../../../apps/vpn/values.schema.json \ No newline at end of file diff --git a/packages/system/cozystack-api/templates/apiservice.yaml b/packages/system/cozystack-api/templates/apiservice.yaml index 5829561e..d0ab1185 100644 --- a/packages/system/cozystack-api/templates/apiservice.yaml +++ b/packages/system/cozystack-api/templates/apiservice.yaml @@ -11,3 +11,17 @@ spec: name: cozystack-api namespace: cozy-system version: v1alpha1 +--- +apiVersion: apiregistration.k8s.io/v1 +kind: APIService +metadata: + name: v1alpha1.core.cozystack.io +spec: + insecureSkipTLSVerify: true + group: core.cozystack.io + groupPriorityMinimum: 1000 + versionPriority: 15 + service: + name: cozystack-api + namespace: cozy-system + version: v1alpha1 diff --git a/packages/system/cozystack-api/templates/cozystack-resource-definitions.yaml b/packages/system/cozystack-api/templates/cozystack-resource-definitions.yaml deleted file mode 100644 index 4526532f..00000000 --- a/packages/system/cozystack-api/templates/cozystack-resource-definitions.yaml +++ /dev/null @@ -1,622 +0,0 @@ -apiVersion: cozystack.io/v1alpha1 -kind: CozystackResourceDefinition -metadata: - name: bucket -spec: - application: - kind: Bucket - singular: bucket - plural: buckets - openAPISchema: | - {{- .Files.Get "openapi-schemas/bucket.json" | fromJson | toJson | nindent 6 }} - release: - prefix: bucket- - labels: - cozystack.io/ui: "true" - chart: - name: bucket - sourceRef: - kind: HelmRepository - name: cozystack-apps - namespace: cozy-public - secrets: - exclude: - - matchLabels: - apps.cozystack.io/tenantresource: "false" - include: [{}] ---- -apiVersion: cozystack.io/v1alpha1 -kind: CozystackResourceDefinition -metadata: - name: clickhouse -spec: - application: - kind: ClickHouse - singular: clickhouse - plural: clickhouses - openAPISchema: | - {{- .Files.Get "openapi-schemas/clickhouse.json" | fromJson | toJson | nindent 6 }} - release: - prefix: clickhouse- - labels: - cozystack.io/ui: "true" - chart: - name: clickhouse - sourceRef: - kind: HelmRepository - name: cozystack-apps - namespace: cozy-public - secrets: - exclude: - - matchLabels: - apps.cozystack.io/tenantresource: "false" - include: [{}] ---- -apiVersion: cozystack.io/v1alpha1 -kind: CozystackResourceDefinition -metadata: - name: httpcache -spec: - application: - kind: HTTPCache - singular: httpcache - plural: httpcaches - openAPISchema: | - {{- .Files.Get "openapi-schemas/http-cache.json" | fromJson | toJson | nindent 6 }} - release: - prefix: http-cache- - labels: - cozystack.io/ui: "true" - chart: - name: http-cache - sourceRef: - kind: HelmRepository - name: cozystack-apps - namespace: cozy-public - secrets: - exclude: - - matchLabels: - apps.cozystack.io/tenantresource: "false" - include: [{}] ---- -apiVersion: cozystack.io/v1alpha1 -kind: CozystackResourceDefinition -metadata: - name: nats -spec: - application: - kind: NATS - singular: nats - plural: natses - openAPISchema: | - {{- .Files.Get "openapi-schemas/nats.json" | fromJson | toJson | nindent 6 }} - release: - prefix: nats- - labels: - cozystack.io/ui: "true" - chart: - name: nats - sourceRef: - kind: HelmRepository - name: cozystack-apps - namespace: cozy-public - secrets: - exclude: - - matchLabels: - apps.cozystack.io/tenantresource: "false" - include: [{}] ---- -apiVersion: cozystack.io/v1alpha1 -kind: CozystackResourceDefinition -metadata: - name: tcpbalancer -spec: - application: - kind: TCPBalancer - singular: tcpbalancer - plural: tcpbalancers - openAPISchema: | - {{- .Files.Get "openapi-schemas/tcp-balancer.json" | fromJson | toJson | nindent 6 }} - release: - prefix: tcp-balancer- - labels: - cozystack.io/ui: "true" - chart: - name: tcp-balancer - sourceRef: - kind: HelmRepository - name: cozystack-apps - namespace: cozy-public - secrets: - exclude: - - matchLabels: - apps.cozystack.io/tenantresource: "false" - include: [{}] ---- -apiVersion: cozystack.io/v1alpha1 -kind: CozystackResourceDefinition -metadata: - name: virtualmachine -spec: - application: - kind: VirtualMachine - singular: virtualmachine - plural: virtualmachines - openAPISchema: | - {{- .Files.Get "openapi-schemas/virtual-machine.json" | fromJson | toJson | nindent 6 }} - release: - prefix: virtual-machine- - labels: - cozystack.io/ui: "true" - chart: - name: virtual-machine - sourceRef: - kind: HelmRepository - name: cozystack-apps - namespace: cozy-public - secrets: - exclude: - - matchLabels: - apps.cozystack.io/tenantresource: "false" - include: [{}] ---- -apiVersion: cozystack.io/v1alpha1 -kind: CozystackResourceDefinition -metadata: - name: vpn -spec: - application: - kind: VPN - singular: vpn - plural: vpns - openAPISchema: | - {{- .Files.Get "openapi-schemas/vpn.json" | fromJson | toJson | nindent 6 }} - release: - prefix: vpn- - labels: - cozystack.io/ui: "true" - chart: - name: vpn - sourceRef: - kind: HelmRepository - name: cozystack-apps - namespace: cozy-public - secrets: - exclude: - - matchLabels: - apps.cozystack.io/tenantresource: "false" - include: [{}] ---- -apiVersion: cozystack.io/v1alpha1 -kind: CozystackResourceDefinition -metadata: - name: mysql -spec: - application: - kind: MySQL - singular: mysql - plural: mysqls - openAPISchema: | - {{- .Files.Get "openapi-schemas/mysql.json" | fromJson | toJson | nindent 6 }} - release: - prefix: mysql- - labels: - cozystack.io/ui: "true" - chart: - name: mysql - sourceRef: - kind: HelmRepository - name: cozystack-apps - namespace: cozy-public - secrets: - exclude: - - matchLabels: - apps.cozystack.io/tenantresource: "false" - include: [{}] ---- -apiVersion: cozystack.io/v1alpha1 -kind: CozystackResourceDefinition -metadata: - name: tenant -spec: - application: - kind: Tenant - singular: tenant - plural: tenants - openAPISchema: | - {{- .Files.Get "openapi-schemas/tenant.json" | fromJson | toJson | nindent 6 }} - release: - prefix: tenant- - labels: - cozystack.io/ui: "true" - chart: - name: tenant - sourceRef: - kind: HelmRepository - name: cozystack-apps - namespace: cozy-public - secrets: - exclude: - - matchLabels: - apps.cozystack.io/tenantresource: "false" - include: [{}] ---- -apiVersion: cozystack.io/v1alpha1 -kind: CozystackResourceDefinition -metadata: - name: kubernetes -spec: - application: - kind: Kubernetes - singular: kubernetes - plural: kuberneteses - openAPISchema: | - {{- .Files.Get "openapi-schemas/kubernetes.json" | fromJson | toJson | nindent 6 }} - release: - prefix: kubernetes- - labels: - cozystack.io/ui: "true" - chart: - name: kubernetes - sourceRef: - kind: HelmRepository - name: cozystack-apps - namespace: cozy-public - secrets: - exclude: - - matchLabels: - apps.cozystack.io/tenantresource: "false" - include: [{}] ---- -apiVersion: cozystack.io/v1alpha1 -kind: CozystackResourceDefinition -metadata: - name: redis -spec: - application: - kind: Redis - singular: redis - plural: redises - openAPISchema: | - {{- .Files.Get "openapi-schemas/redis.json" | fromJson | toJson | nindent 6 }} - release: - prefix: redis- - labels: - cozystack.io/ui: "true" - chart: - name: redis - sourceRef: - kind: HelmRepository - name: cozystack-apps - namespace: cozy-public - secrets: - exclude: - - matchLabels: - apps.cozystack.io/tenantresource: "false" - include: [{}] ---- -apiVersion: cozystack.io/v1alpha1 -kind: CozystackResourceDefinition -metadata: - name: rabbitmq -spec: - application: - kind: RabbitMQ - singular: rabbitmq - plural: rabbitmqs - openAPISchema: | - {{- .Files.Get "openapi-schemas/rabbitmq.json" | fromJson | toJson | nindent 6 }} - release: - prefix: rabbitmq- - labels: - cozystack.io/ui: "true" - chart: - name: rabbitmq - sourceRef: - kind: HelmRepository - name: cozystack-apps - namespace: cozy-public - secrets: - exclude: - - matchLabels: - apps.cozystack.io/tenantresource: "false" - include: [{}] ---- -apiVersion: cozystack.io/v1alpha1 -kind: CozystackResourceDefinition -metadata: - name: postgres -spec: - application: - kind: Postgres - singular: postgres - plural: postgreses - openAPISchema: | - {{- .Files.Get "openapi-schemas/postgres.json" | fromJson | toJson | nindent 6 }} - release: - prefix: postgres- - labels: - cozystack.io/ui: "true" - chart: - name: postgres - sourceRef: - kind: HelmRepository - name: cozystack-apps - namespace: cozy-public - secrets: - exclude: - - matchLabels: - apps.cozystack.io/tenantresource: "false" - - matchLabels: - cnpg.io/userType: superuser - include: [{}] ---- -apiVersion: cozystack.io/v1alpha1 -kind: CozystackResourceDefinition -metadata: - name: ferretdb -spec: - application: - kind: FerretDB - singular: ferretdb - plural: ferretdbs - openAPISchema: | - {{- .Files.Get "openapi-schemas/ferretdb.json" | fromJson | toJson | nindent 6 }} - release: - prefix: ferretdb- - labels: - cozystack.io/ui: "true" - chart: - name: ferretdb - sourceRef: - kind: HelmRepository - name: cozystack-apps - namespace: cozy-public - secrets: - exclude: - - matchLabels: - apps.cozystack.io/tenantresource: "false" - include: [{}] ---- -apiVersion: cozystack.io/v1alpha1 -kind: CozystackResourceDefinition -metadata: - name: kafka -spec: - application: - kind: Kafka - singular: kafka - plural: kafkas - openAPISchema: | - {{- .Files.Get "openapi-schemas/kafka.json" | fromJson | toJson | nindent 6 }} - release: - prefix: kafka- - labels: - cozystack.io/ui: "true" - chart: - name: kafka - sourceRef: - kind: HelmRepository - name: cozystack-apps - namespace: cozy-public - secrets: - exclude: - - matchLabels: - apps.cozystack.io/tenantresource: "false" - include: [{}] ---- -apiVersion: cozystack.io/v1alpha1 -kind: CozystackResourceDefinition -metadata: - name: vmdisk -spec: - application: - kind: VMDisk - singular: vmdisk - plural: vmdisks - openAPISchema: | - {{- .Files.Get "openapi-schemas/vm-disk.json" | fromJson | toJson | nindent 6 }} - release: - prefix: vm-disk- - labels: - cozystack.io/ui: "true" - chart: - name: vm-disk - sourceRef: - kind: HelmRepository - name: cozystack-apps - namespace: cozy-public - secrets: - exclude: - - matchLabels: - apps.cozystack.io/tenantresource: "false" - include: [{}] ---- -apiVersion: cozystack.io/v1alpha1 -kind: CozystackResourceDefinition -metadata: - name: vminstance -spec: - application: - kind: VMInstance - singular: vminstance - plural: vminstances - openAPISchema: | - {{- .Files.Get "openapi-schemas/vm-instance.json" | fromJson | toJson | nindent 6 }} - release: - prefix: vm-instance- - labels: - cozystack.io/ui: "true" - chart: - name: vm-instance - sourceRef: - kind: HelmRepository - name: cozystack-apps - namespace: cozy-public - secrets: - exclude: - - matchLabels: - apps.cozystack.io/tenantresource: "false" - include: [{}] ---- -apiVersion: cozystack.io/v1alpha1 -kind: CozystackResourceDefinition -metadata: - name: monitoring -spec: - application: - kind: Monitoring - singular: monitoring - plural: monitorings - openAPISchema: | - {{- .Files.Get "openapi-schemas/monitoring.json" | fromJson | toJson | nindent 6 }} - release: - prefix: "" - labels: - cozystack.io/ui: "true" - chart: - name: monitoring - sourceRef: - kind: HelmRepository - name: cozystack-extra - namespace: cozy-public - secrets: - exclude: - - matchLabels: - apps.cozystack.io/tenantresource: "false" - include: [{}] ---- -apiVersion: cozystack.io/v1alpha1 -kind: CozystackResourceDefinition -metadata: - name: etcd -spec: - application: - kind: Etcd - singular: etcd - plural: etcds - openAPISchema: | - {{- .Files.Get "openapi-schemas/etcd.json" | fromJson | toJson | nindent 6 }} - release: - prefix: "" - labels: - cozystack.io/ui: "true" - chart: - name: etcd - sourceRef: - kind: HelmRepository - name: cozystack-extra - namespace: cozy-public - secrets: - exclude: - - matchLabels: - apps.cozystack.io/tenantresource: "false" - include: [{}] ---- -apiVersion: cozystack.io/v1alpha1 -kind: CozystackResourceDefinition -metadata: - name: ingress -spec: - application: - kind: Ingress - singular: ingress - plural: ingresses - openAPISchema: | - {{- .Files.Get "openapi-schemas/ingress.json" | fromJson | toJson | nindent 6 }} - release: - prefix: "" - labels: - cozystack.io/ui: "true" - chart: - name: ingress - sourceRef: - kind: HelmRepository - name: cozystack-extra - namespace: cozy-public - secrets: - exclude: - - matchLabels: - apps.cozystack.io/tenantresource: "false" - include: [{}] ---- -apiVersion: cozystack.io/v1alpha1 -kind: CozystackResourceDefinition -metadata: - name: seaweedfs -spec: - application: - kind: SeaweedFS - singular: seaweedfs - plural: seaweedfses - openAPISchema: | - {{- .Files.Get "openapi-schemas/seaweedfs.json" | fromJson | toJson | nindent 6 }} - release: - prefix: "" - labels: - cozystack.io/ui: "true" - chart: - name: seaweedfs - sourceRef: - kind: HelmRepository - name: cozystack-extra - namespace: cozy-public - secrets: - exclude: - - matchLabels: - apps.cozystack.io/tenantresource: "false" - include: [{}] ---- -apiVersion: cozystack.io/v1alpha1 -kind: CozystackResourceDefinition -metadata: - name: bootbox -spec: - application: - kind: BootBox - singular: bootbox - plural: bootboxes - openAPISchema: | - {{- .Files.Get "openapi-schemas/bootbox.json" | fromJson | toJson | nindent 6 }} - release: - prefix: "" - labels: - cozystack.io/ui: "true" - chart: - name: bootbox - sourceRef: - kind: HelmRepository - name: cozystack-extra - namespace: cozy-public - secrets: - exclude: - - matchLabels: - apps.cozystack.io/tenantresource: "false" - include: [{}] ---- -apiVersion: cozystack.io/v1alpha1 -kind: CozystackResourceDefinition -metadata: - name: info -spec: - application: - kind: Info - singular: info - plural: infos - openAPISchema: | - {{- .Files.Get "openapi-schemas/info.json" | fromJson | toJson | nindent 6 }} - release: - prefix: "" - labels: - cozystack.io/ui: "true" - chart: - name: info - sourceRef: - kind: HelmRepository - name: cozystack-extra - namespace: cozy-public - secrets: - exclude: - - matchLabels: - apps.cozystack.io/tenantresource: "false" - include: [{}] diff --git a/packages/system/cozystack-api/templates/cozystack-resource-definitions/bootbox.yaml b/packages/system/cozystack-api/templates/cozystack-resource-definitions/bootbox.yaml new file mode 100644 index 00000000..f652f4c9 --- /dev/null +++ b/packages/system/cozystack-api/templates/cozystack-resource-definitions/bootbox.yaml @@ -0,0 +1,34 @@ +apiVersion: cozystack.io/v1alpha1 +kind: CozystackResourceDefinition +metadata: + name: bootbox +spec: + application: + kind: BootBox + plural: bootboxes + singular: bootbox + openAPISchema: |- + {"title":"Chart Values","type":"object","properties":{"machines":{"description":"Configuration of physical machine instances","type":"array","default":[],"items":{"type":"object","required":["arch","hostname","ip","leaseTime","uefi"],"properties":{"arch":{"description":"Architecture","type":"string"},"hostname":{"description":"Hostname","type":"string"},"ip":{"type":"object","required":["address"],"properties":{"address":{"description":"IP address","type":"object","required":["address","gateway","netmask"],"properties":{"address":{"description":"IP address","type":"string"},"gateway":{"description":"IP gateway","type":"string"},"netmask":{"description":"Netmask","type":"string"}}}}},"leaseTime":{"description":"Lease time","type":"integer"},"mac":{"description":"MAC addresses","type":"array","items":{"type":"string"}},"nameServers":{"description":"Name servers","type":"array","items":{"type":"string"}},"timeServers":{"description":"Time servers","type":"array","items":{"type":"string"}},"uefi":{"description":"UEFI","type":"boolean"}}}},"whitelist":{"description":"List of client networks","type":"array","default":[],"items":{"type":"string"}},"whitelistHTTP":{"description":"Secure HTTP by enabling client networks whitelisting","type":"boolean","default":true}}} + release: + prefix: "" + labels: + cozystack.io/ui: "true" + chart: + name: bootbox + sourceRef: + kind: HelmRepository + name: cozystack-extra + namespace: cozy-public + dashboard: + category: Administration + singular: BootBox + plural: BootBox + name: bootbox + description: PXE hardware provisioning + icon: PHN2ZyB3aWR0aD0iMTQ0IiBoZWlnaHQ9IjE0NCIgdmlld0JveD0iMCAwIDE0NCAxNDQiIGZpbGw9Im5vbmUiIHhtbG5zPSJodHRwOi8vd3d3LnczLm9yZy8yMDAwL3N2ZyI+CjxyZWN0IHdpZHRoPSIxNDQiIGhlaWdodD0iMTQ0IiByeD0iMjQiIGZpbGw9InVybCgjcGFpbnQwX2xpbmVhcl85NzlfNzkyKSIvPgo8cGF0aCBkPSJNNzEuNTY5OCA3Ni41MzM2QzcxLjIzNzQgNzYuNTMzNiA3MC45MDM2IDc2LjQ4NDcgNzAuNTgyOSA3Ni4zODkyTDM2LjIwNzkgNjYuMDc2N0MzNC4zODg1IDY1LjUzMTEgMzMuMzU2MiA2My42MTQ0IDMzLjkwMTcgNjEuNzk2NkMzNC40NDg5IDU5Ljk3NTUgMzYuMzY1NyA1OC45NDgzIDM4LjE4MTcgNTkuNDkwNEw3MS41Njk4IDY5LjUwNzZMMTA0Ljk1OCA1OS40OTA0QzEwNi43NzYgNTguOTYgMTA4LjY5MSA1OS45NzcyIDEwOS4yMzggNjEuNzk2NkMxMDkuNzgzIDYzLjYxNDQgMTA4Ljc1MSA2NS41MzExIDEwNi45MzIgNjYuMDc2N0w3Mi41NTY3IDc2LjM4OTJDNzIuMjM2IDc2LjQ4NDcgNzEuOTAyMiA3Ni41MzM2IDcxLjU2OTggNzYuNTMzNloiIGZpbGw9IiMyMzFGMjAiLz4KPHBhdGggZD0iTTc0Ljk3MyA1My4wMjE0Qzc0Ljc2NjggNTQuMzI3NiA3My44MDQzIDU1LjM5MzMgNzIuNTY2OCA1NS43NzE0TDM4LjE5MTggNjYuMDgzOUMzNy44NDggNjYuMTg3IDM3LjUzODcgNjYuMjIxNCAzNy4xOTQ5IDY2LjIyMTRDMzYuMzY5OSA2Ni4yMjE0IDM1LjU3OTMgNjUuOTEyIDM0LjkyNjIgNjUuMzYyTDIxLjE3NjIgNTMuMzMwOEMyMC4yNDggNTIuNTQwMSAxOS44MzU1IDUxLjI2ODMgMjAuMDc2MiA1MC4wNjUxQzIwLjMxNjggNDguODYyIDIxLjE3NjIgNDcuODY1MSAyMi4zNDQ5IDQ3LjQ4N0w1My4yODI0IDM3LjE3NDVDNTQuMzEzNyAzNi44MzA4IDU1LjQ0OCAzNy4wMDI2IDU2LjM0MTggMzcuNjIxNEw3My41MjkzIDQ5LjY1MjZDNzQuNjI5MyA1MC40MDg5IDc1LjE3OTMgNTEuNzE1MSA3NC45NzMgNTMuMDIxNFoiIGZpbGw9IiNGRkRDODMiLz4KPHBhdGggZD0iTTEyMS45NjQgNTMuMzMwOEwxMDguMjE0IDY1LjM2MkMxMDcuNTYgNjUuOTEyIDEwNi43NyA2Ni4yMjE0IDEwNS45NDUgNjYuMjIxNEMxMDUuNjAxIDY2LjIyMTQgMTA1LjI5MiA2Ni4xODcgMTA0Ljk0OCA2Ni4wODM5TDcwLjU3MyA1NS43NzE0QzY5LjMzNTUgNTUuMzkzMyA2OC4zNzMgNTQuMzI3NiA2OC4xNjY3IDUzLjAyMTRDNjcuOTYwNSA1MS43MTUxIDY4LjUxMDUgNTAuNDA4OSA2OS42MTA1IDQ5LjY1MjZMODYuNzk4IDM3LjYyMTRDODcuNjkxNyAzNy4wMDI2IDg4LjgyNjEgMzYuODMwOCA4OS44NTc0IDM3LjE3NDVMMTIwLjc5NSA0Ny40ODdDMTIxLjk2NCA0Ny44NjUxIDEyMi44MjMgNDguODYyIDEyMy4wNjQgNTAuMDY1MUMxMjMuMzA0IDUxLjI2ODMgMTIyLjg5MiA1Mi41NDAxIDEyMS45NjQgNTMuMzMwOFoiIGZpbGw9IiNGRkRDODMiLz4KPHBhdGggZD0iTTEwOS4zODIgNjMuNjQyNlYxMDcuNDcxQzEwOS4zODIgMTA4Ljg4IDEwOC41MjIgMTEwLjE1MiAxMDcuMjE2IDExMC42NjhMNzIuODQxMiAxMjQuNDE4QzcyLjQyODcgMTI0LjU4OSA3Mi4wMTYyIDEyNC42NTggNzEuNTY5MyAxMjQuNjU4QzcxLjEyMjUgMTI0LjY1OCA3MC43MSAxMjQuNTg5IDcwLjI5NzUgMTI0LjQxOEwzNS45MjI1IDExMC42NjhDMzQuNjE2MiAxMTAuMTUyIDMzLjc1NjggMTA4Ljg4IDMzLjc1NjggMTA3LjQ3MVY2My42NDI2QzMzLjc1NjggNjEuNzUyIDM1LjMwMzcgNjAuMjA1MSAzNy4xOTQzIDYwLjIwNTFIMTA1Ljk0NEMxMDcuODM1IDYwLjIwNTEgMTA5LjM4MiA2MS43NTIgMTA5LjM4MiA2My42NDI2WiIgZmlsbD0iI0VBQkQ0QyIvPgo8cGF0aCBkPSJNMTA3Ljk5OSA2MS40OTU4QzEwNy45OTkgNjIuOTgxMiAxMDcuMDM3IDY0LjI5NzkgMTA1LjY0MyA2NC43MzY4TDcyLjQ2MTMgNzQuODY1QzcyLjEyOTUgNzQuOTY2MiA3MS44MzA4IDc1IDcxLjQ5OSA3NUM3MS4xNjcyIDc1IDcwLjg2ODYgNzQuOTY2MiA3MC41MzY4IDc0Ljg2NUwzNy4zNTQ5IDY0LjczNjhDMzUuOTYxMyA2NC4yOTc5IDM0Ljk5OSA2Mi45ODEyIDM0Ljk5OSA2MS40OTU4QzM0Ljk5OSA2MC4wMTAzIDM1Ljk2MTMgNTguNjkzNyAzNy4zNTQ5IDU4LjI1NDhMNzAuNTM2OCA0OC4xMjY2QzcxLjE2NzIgNDcuOTU3OCA3MS44MzA4IDQ3Ljk1NzggNzIuNDYxMyA0OC4xMjY2TDEwNS42NDMgNTguMjU0OEMxMDcuMDM3IDU4LjY5MzcgMTA3Ljk5OSA2MC4wMTAzIDEwNy45OTkgNjEuNDk1OFoiIGZpbGw9IiM0QzM4MjUiLz4KPHBhdGggZD0iTTc0LjUxMTggNzdDNzUuMzUgNzcgNzYuMTc5NCA3Ni45NjI4IDc3IDc2LjkxMzNWMjEuMDg2N0M3Ni4xNzY1IDIxLjAzNDcgNzUuMzQ3MSAyMSA3NC41MDU5IDIxQzczLjY2NDcgMjEgNzIuODI5NCAyMS4wMzQ3IDcyIDIxLjA4NjdWNzYuOTEwOEM3Mi44MjY1IDc2Ljk2MjggNzMuNjU4OCA3Ni45OTc1IDc0LjUgNzdINzQuNTExOFoiIGZpbGw9InVybCgjcGFpbnQxX2xpbmVhcl85NzlfNzkyKSIvPgo8cGF0aCBkPSJNNDQuMDI4MiAzOC4xMTI5TDQzLjIwNzggMzcuMjk1OUM0Mi4wNzczIDM4LjkxMjEgNDEuMDc0NiA0MC42MTQgNDAuMjA4OCA0Mi4zODYxQzUwLjEwMDEgNTIuNDM1NCA1MS4xNDI0IDU3LjI4MzUgNTEuMTI4OSA1OC45MDc0QzUxLjA5MTkgNjMuMDI2IDQ2LjA1MjIgNjkuNDg0NSA0MC4xNDE2IDc1LjQ2NTdDNDAuOTk5NiA3Ny4yMzc1IDQxLjk5MzMgNzguOTQwNSA0My4xMTM3IDgwLjU1OTJDNDMuNDQ5OSA4MC4yMjMgNDMuNzY5MyA3OS45MTM3IDQ0LjA5NTQgNzkuNTg0MkM1Mi42MjUgNzAuOTk3NSA1Ni43OTQgNjQuMjQ5OCA1Ni44NDQ1IDU4Ljk0NzdDNTYuODk0OSA1My42NDU3IDUyLjcwMjQgNDYuODg3OSA0NC4wMjgyIDM4LjExMjlaIiBmaWxsPSJ1cmwoI3BhaW50Ml9saW5lYXJfOTc5Xzc5MikiLz4KPHBhdGggZD0iTTEwNC42OTUgNzkuNTk3NUwxMDUuNjc2IDgwLjU3MjVDMTA2Ljc5NSA3OC45NDkyIDEwNy43ODcgNzcuMjQxNyAxMDguNjQyIDc1LjQ2NTVDMTAyLjczNSA2OS40NzA5IDk3LjY5NDggNjIuOTk1NSA5Ny42NTQ1IDU4Ljg5MzdDOTcuNjE3NSA1NC44OTI4IDEwMi42MjcgNDguNDIwOCAxMDguNTY4IDQyLjM1OUMxMDcuNzAzIDQwLjU5MTcgMTA2LjcwMyAzOC44OTQ0IDEwNS41NzYgMzcuMjgyMkwxMDQuNzU1IDM4LjA5OTJDOTYuMDgxIDQ2Ljg1NzUgOTEuODg4NSA1My42NzkxIDkxLjkzODkgNTguOTQ0MkM5MS45ODk0IDY0LjIwOTIgOTYuMTU4MyA3MS4wMTA3IDEwNC42OTUgNzkuNTk3NVoiIGZpbGw9InVybCgjcGFpbnQzX2xpbmVhcl85NzlfNzkyKSIvPgo8cGF0aCBkPSJNODcuNDM5NiA1OC45MzQ0Qzg3LjQzOTYgNTEuNTM3OCA5MC43Mzc4IDM5LjIzOTMgOTUuODE3OSAyNy42MTY1Qzk0LjE5NzkgMjYuNTEzOSA5Mi40OTUgMjUuNTM4MiA5MC43MjQ0IDI0LjY5ODJDODUuMTYzNSAzNy4yMjg3IDgxLjcyMDcgNTAuNTU2MSA4MS43MjA3IDU4Ljk0NzhDODEuNzIwNyA2Ny4wNjczIDg1LjQ0OTMgODAuNTQyNSA5MS4xMTEgOTMuMTQwM0M5Mi44NDY4IDkyLjI4NTkgOTQuNTE0NyA5MS4zMDAyIDk2LjEwMDQgOTAuMTkxN0M5MC44NTg5IDc4LjQwMDkgODcuNDM5NiA2Ni4wNzU1IDg3LjQzOTYgNTguOTM0NFoiIGZpbGw9InVybCgjcGFpbnQ0X2xpbmVhcl85NzlfNzkyKSIvPgo8cGF0aCBkPSJNNjcuMDM4NCA1OC45MzUzQzY3LjAzODQgNTAuNDk5OCA2My40NTc4IDM3LjA5ODUgNTcuOTYwOCAyNC43MjI3QzU2LjIxNTggMjUuNTYxMyA1NC41Mzc3IDI2LjUzMjUgNTIuOTQxMiAyNy42Mjc1QzU4LjAzMTQgMzkuMjQzNSA2MS4zMjI4IDUxLjU0NTQgNjEuMzIyOCA1OC45MzUzQzYxLjMyMjggNjYuMDczIDU3LjkwMzYgNzguMzk1IDUyLjY2MjEgOTAuMTcyNEM1NC4yNDgyIDkxLjI4MDIgNTUuOTE2MSA5Mi4yNjU4IDU3LjY1MTQgOTMuMTIxQzYzLjMxOTkgODAuNTI2NiA2Ny4wMzg0IDY3LjA2MTQgNjcuMDM4NCA1OC45MzUzWiIgZmlsbD0idXJsKCNwYWludDVfbGluZWFyXzk3OV83OTIpIi8+CjxwYXRoIGQ9Ik03NC40MjI5IDc0Ljk4N0w2MC42NzI5IDk1LjYxMkM2MC4wMTk3IDk2LjYwODkgNTguOTU0MSA5Ny4xNTg5IDU3LjgxOTcgOTcuMTU4OUM1Ny40MDcyIDk3LjE1ODkgNTYuOTYwNCA5Ny4wOTAxIDU2LjU0NzkgOTYuOTE4M0wyMi4xNzI5IDgzLjE2ODNDMjEuMTQxNiA4Mi43NTU4IDIwLjM4NTQgODEuODk2NCAyMC4xMTA0IDgwLjg2NTFDMTkuODM1NCA3OS43OTk1IDIwLjA3NiA3OC42NjUxIDIwLjc2MzUgNzcuODQwMUwzNC41MTM1IDYwLjY1MjZDMzUuMzcyOSA1OS41NTI2IDMyLjczOTEgNTcuODQwNCAzNC4wNzk3IDU4LjIxODVMNzIuNTY2NiA2OS43OTY0QzczLjU5NzkgNzAuMTA1OCA3NC40MjI5IDcwLjg5NjQgNzQuODAxIDcxLjkyNzZDNzUuMTc5MSA3Mi45NTg5IDc1LjA0MTYgNzQuMDkzMyA3NC40MjI5IDc0Ljk4N1oiIGZpbGw9IiNGRkRDODMiLz4KPHBhdGggZD0iTTEyMy4wMjkgODAuNjI0MkMxMjIuNzU0IDgxLjY1NTUgMTIxLjk5OCA4Mi41NDkyIDEyMS4wMDEgODIuOTI3NEw4Ni42MjYxIDk2LjkxOEM4Ni4xNzkyIDk3LjA4OTkgODUuNzY2NyA5Ny4xNTg2IDg1LjMxOTkgOTcuMTU4NkM4NC4xODU1IDk3LjE1ODYgODMuMTE5OSA5Ni42MDg2IDgyLjQ2NjcgOTUuNjExN0w2OC43MTY3IDc0Ljk4NjdDNjguMDk4IDc0LjA5MyA2Ny45NjA1IDcyLjk1ODYgNjguMzM4NiA3MS45Mjc0QzY4LjcxNjcgNzAuODk2MSA2OS41NDE3IDcwLjEwNTUgNzAuNTczIDY5Ljc5NjFMMTA4LjQ2OSA1OC40MzMxQzEwOS44MSA1OC4wMjA2IDEwNy43MzIgNTkuNTUyNCAxMDguNjI2IDYwLjYxOEwxMjIuMzc2IDc3LjU5OTJDMTIzLjA2NCA3OC40MjQyIDEyMy4zMDQgNzkuNTU4NiAxMjMuMDI5IDgwLjYyNDJaIiBmaWxsPSIjRkZEQzgzIi8+CjxkZWZzPgo8bGluZWFyR3JhZGllbnQgaWQ9InBhaW50MF9saW5lYXJfOTc5Xzc5MiIgeDE9IjI0IiB5MT0iMy41IiB4Mj0iMTgxIiB5Mj0iMTQ3IiBncmFkaWVudFVuaXRzPSJ1c2VyU3BhY2VPblVzZSI+CjxzdG9wIHN0b3AtY29sb3I9IiM0ODAwMDAiLz4KPHN0b3Agb2Zmc2V0PSIxIiBzdG9wLWNvbG9yPSIjQUUyMzAwIi8+CjwvbGluZWFyR3JhZGllbnQ+CjxsaW5lYXJHcmFkaWVudCBpZD0icGFpbnQxX2xpbmVhcl85NzlfNzkyIiB4MT0iNzQuNSIgeTE9IjE3LjIzNjkiIHgyPSI3NC41IiB5Mj0iNzkuOTEzMyIgZ3JhZGllbnRVbml0cz0idXNlclNwYWNlT25Vc2UiPgo8c3RvcCBzdG9wLWNvbG9yPSIjRkZEMjAwIi8+CjxzdG9wIG9mZnNldD0iMC4wNiIgc3RvcC1jb2xvcj0iI0ZGQjUwMCIvPgo8c3RvcCBvZmZzZXQ9IjAuMTQiIHN0b3AtY29sb3I9IiNGRjhDMDAiLz4KPHN0b3Agb2Zmc2V0PSIwLjIxIiBzdG9wLWNvbG9yPSIjRkY3MzAwIi8+CjxzdG9wIG9mZnNldD0iMC4yNiIgc3RvcC1jb2xvcj0iI0ZGNkEwMCIvPgo8c3RvcCBvZmZzZXQ9IjAuMzMiIHN0b3AtY29sb3I9IiNGQzRGMEUiLz4KPHN0b3Agb2Zmc2V0PSIwLjQzIiBzdG9wLWNvbG9yPSIjRjkyRjFFIi8+CjxzdG9wIG9mZnNldD0iMC41MSIgc3RvcC1jb2xvcj0iI0Y4MUIyNyIvPgo8c3RvcCBvZmZzZXQ9IjAuNTciIHN0b3AtY29sb3I9IiNGNzE0MkIiLz4KPHN0b3Agb2Zmc2V0PSIwLjY4IiBzdG9wLWNvbG9yPSIjREYxNjJFIi8+CjxzdG9wIG9mZnNldD0iMC43OSIgc3RvcC1jb2xvcj0iI0FGMUEzOCIvPgo8c3RvcCBvZmZzZXQ9IjEiIHN0b3AtY29sb3I9IiM0QjIxNEMiLz4KPC9saW5lYXJHcmFkaWVudD4KPGxpbmVhckdyYWRpZW50IGlkPSJwYWludDJfbGluZWFyXzk3OV83OTIiIHgxPSI0OC40OTMiIHkxPSIxNS44OTI4IiB4Mj0iNDguNDkzIiB5Mj0iMTAwLjk1NCIgZ3JhZGllbnRVbml0cz0idXNlclNwYWNlT25Vc2UiPgo8c3RvcCBzdG9wLWNvbG9yPSIjRkZEMjAwIi8+CjxzdG9wIG9mZnNldD0iMC4wNiIgc3RvcC1jb2xvcj0iI0ZGQjUwMCIvPgo8c3RvcCBvZmZzZXQ9IjAuMTQiIHN0b3AtY29sb3I9IiNGRjhDMDAiLz4KPHN0b3Agb2Zmc2V0PSIwLjIxIiBzdG9wLWNvbG9yPSIjRkY3MzAwIi8+CjxzdG9wIG9mZnNldD0iMC4yNiIgc3RvcC1jb2xvcj0iI0ZGNkEwMCIvPgo8c3RvcCBvZmZzZXQ9IjAuMzMiIHN0b3AtY29sb3I9IiNGQzRGMEUiLz4KPHN0b3Agb2Zmc2V0PSIwLjQzIiBzdG9wLWNvbG9yPSIjRjkyRjFFIi8+CjxzdG9wIG9mZnNldD0iMC41MSIgc3RvcC1jb2xvcj0iI0Y4MUIyNyIvPgo8c3RvcCBvZmZzZXQ9IjAuNTciIHN0b3AtY29sb3I9IiNGNzE0MkIiLz4KPHN0b3Agb2Zmc2V0PSIwLjY4IiBzdG9wLWNvbG9yPSIjREYxNjJFIi8+CjxzdG9wIG9mZnNldD0iMC43OSIgc3RvcC1jb2xvcj0iI0FGMUEzOCIvPgo8c3RvcCBvZmZzZXQ9IjEiIHN0b3AtY29sb3I9IiM0QjIxNEMiLz4KPC9saW5lYXJHcmFkaWVudD4KPGxpbmVhckdyYWRpZW50IGlkPSJwYWludDNfbGluZWFyXzk3OV83OTIiIHgxPSIxMDAuMjkiIHkxPSIxNS44OTI2IiB4Mj0iMTAwLjI5IiB5Mj0iMTAwLjk1MyIgZ3JhZGllbnRVbml0cz0idXNlclNwYWNlT25Vc2UiPgo8c3RvcCBzdG9wLWNvbG9yPSIjRkZEMjAwIi8+CjxzdG9wIG9mZnNldD0iMC4wNiIgc3RvcC1jb2xvcj0iI0ZGQjUwMCIvPgo8c3RvcCBvZmZzZXQ9IjAuMTQiIHN0b3AtY29sb3I9IiNGRjhDMDAiLz4KPHN0b3Agb2Zmc2V0PSIwLjIxIiBzdG9wLWNvbG9yPSIjRkY3MzAwIi8+CjxzdG9wIG9mZnNldD0iMC4yNiIgc3RvcC1jb2xvcj0iI0ZGNkEwMCIvPgo8c3RvcCBvZmZzZXQ9IjAuMzMiIHN0b3AtY29sb3I9IiNGQzRGMEUiLz4KPHN0b3Agb2Zmc2V0PSIwLjQzIiBzdG9wLWNvbG9yPSIjRjkyRjFFIi8+CjxzdG9wIG9mZnNldD0iMC41MSIgc3RvcC1jb2xvcj0iI0Y4MUIyNyIvPgo8c3RvcCBvZmZzZXQ9IjAuNTciIHN0b3AtY29sb3I9IiNGNzE0MkIiLz4KPHN0b3Agb2Zmc2V0PSIwLjY4IiBzdG9wLWNvbG9yPSIjREYxNjJFIi8+CjxzdG9wIG9mZnNldD0iMC43OSIgc3RvcC1jb2xvcj0iI0FGMUEzOCIvPgo8c3RvcCBvZmZzZXQ9IjEiIHN0b3AtY29sb3I9IiM0QjIxNEMiLz4KPC9saW5lYXJHcmFkaWVudD4KPGxpbmVhckdyYWRpZW50IGlkPSJwYWludDRfbGluZWFyXzk3OV83OTIiIHgxPSI4OC45MTIyIiB5MT0iMTUuODkyOSIgeDI9Ijg4LjkxMjIiIHkyPSIxMDAuOTU0IiBncmFkaWVudFVuaXRzPSJ1c2VyU3BhY2VPblVzZSI+CjxzdG9wIHN0b3AtY29sb3I9IiNGRkQyMDAiLz4KPHN0b3Agb2Zmc2V0PSIwLjA2IiBzdG9wLWNvbG9yPSIjRkZCNTAwIi8+CjxzdG9wIG9mZnNldD0iMC4xNCIgc3RvcC1jb2xvcj0iI0ZGOEMwMCIvPgo8c3RvcCBvZmZzZXQ9IjAuMjEiIHN0b3AtY29sb3I9IiNGRjczMDAiLz4KPHN0b3Agb2Zmc2V0PSIwLjI2IiBzdG9wLWNvbG9yPSIjRkY2QTAwIi8+CjxzdG9wIG9mZnNldD0iMC4zMyIgc3RvcC1jb2xvcj0iI0ZDNEYwRSIvPgo8c3RvcCBvZmZzZXQ9IjAuNDMiIHN0b3AtY29sb3I9IiNGOTJGMUUiLz4KPHN0b3Agb2Zmc2V0PSIwLjUxIiBzdG9wLWNvbG9yPSIjRjgxQjI3Ii8+CjxzdG9wIG9mZnNldD0iMC41NyIgc3RvcC1jb2xvcj0iI0Y3MTQyQiIvPgo8c3RvcCBvZmZzZXQ9IjAuNjgiIHN0b3AtY29sb3I9IiNERjE2MkUiLz4KPHN0b3Agb2Zmc2V0PSIwLjc5IiBzdG9wLWNvbG9yPSIjQUYxQTM4Ii8+CjxzdG9wIG9mZnNldD0iMSIgc3RvcC1jb2xvcj0iIzRCMjE0QyIvPgo8L2xpbmVhckdyYWRpZW50Pgo8bGluZWFyR3JhZGllbnQgaWQ9InBhaW50NV9saW5lYXJfOTc5Xzc5MiIgeDE9IjU5Ljg1NyIgeTE9IjE1Ljg5MzgiIHgyPSI1OS44NTciIHkyPSIxMDAuOTU1IiBncmFkaWVudFVuaXRzPSJ1c2VyU3BhY2VPblVzZSI+CjxzdG9wIHN0b3AtY29sb3I9IiNGRkQyMDAiLz4KPHN0b3Agb2Zmc2V0PSIwLjA2IiBzdG9wLWNvbG9yPSIjRkZCNTAwIi8+CjxzdG9wIG9mZnNldD0iMC4xNCIgc3RvcC1jb2xvcj0iI0ZGOEMwMCIvPgo8c3RvcCBvZmZzZXQ9IjAuMjEiIHN0b3AtY29sb3I9IiNGRjczMDAiLz4KPHN0b3Agb2Zmc2V0PSIwLjI2IiBzdG9wLWNvbG9yPSIjRkY2QTAwIi8+CjxzdG9wIG9mZnNldD0iMC4zMyIgc3RvcC1jb2xvcj0iI0ZDNEYwRSIvPgo8c3RvcCBvZmZzZXQ9IjAuNDMiIHN0b3AtY29sb3I9IiNGOTJGMUUiLz4KPHN0b3Agb2Zmc2V0PSIwLjUxIiBzdG9wLWNvbG9yPSIjRjgxQjI3Ii8+CjxzdG9wIG9mZnNldD0iMC41NyIgc3RvcC1jb2xvcj0iI0Y3MTQyQiIvPgo8c3RvcCBvZmZzZXQ9IjAuNjgiIHN0b3AtY29sb3I9IiNERjE2MkUiLz4KPHN0b3Agb2Zmc2V0PSIwLjc5IiBzdG9wLWNvbG9yPSIjQUYxQTM4Ii8+CjxzdG9wIG9mZnNldD0iMSIgc3RvcC1jb2xvcj0iIzRCMjE0QyIvPgo8L2xpbmVhckdyYWRpZW50Pgo8L2RlZnM+Cjwvc3ZnPgo= + keysOrder: [["apiVersion"], ["appVersion"], ["kind"], ["metadata"], ["metadata", "name"], ["spec", "whitelistHTTP"], ["spec", "whitelist"], ["spec", "machines"]] + secrets: + exclude: + - matchLabels: + apps.cozystack.io/tenantresource: "false" + include: [{}] diff --git a/packages/system/cozystack-api/templates/cozystack-resource-definitions/bucket.yaml b/packages/system/cozystack-api/templates/cozystack-resource-definitions/bucket.yaml new file mode 100644 index 00000000..d94e67e1 --- /dev/null +++ b/packages/system/cozystack-api/templates/cozystack-resource-definitions/bucket.yaml @@ -0,0 +1,36 @@ +apiVersion: cozystack.io/v1alpha1 +kind: CozystackResourceDefinition +metadata: + name: bucket +spec: + application: + kind: Bucket + plural: buckets + singular: bucket + openAPISchema: |- + {"title":"Chart Values","type":"object","properties":{}} + release: + prefix: bucket- + labels: + cozystack.io/ui: "true" + chart: + name: bucket + sourceRef: + kind: HelmRepository + name: cozystack-apps + namespace: cozy-public + dashboard: + singular: Bucket + plural: Buckets + category: IaaS + weight: 80 + description: S3 compatible storage + tags: + - storage + icon: PHN2ZyB3aWR0aD0iMTQ0IiBoZWlnaHQ9IjE0NCIgdmlld0JveD0iMCAwIDE0NCAxNDQiIGZpbGw9Im5vbmUiIHhtbG5zPSJodHRwOi8vd3d3LnczLm9yZy8yMDAwL3N2ZyI+CjxyZWN0IHdpZHRoPSIxNDQiIGhlaWdodD0iMTQ0IiByeD0iMjQiIGZpbGw9InVybCgjcGFpbnQwX2xpbmVhcl82ODNfMzA5MSkiLz4KPHBhdGggZmlsbC1ydWxlPSJldmVub2RkIiBjbGlwLXJ1bGU9ImV2ZW5vZGQiIGQ9Ik03MiAzMC4xNjQxTDExNy45ODMgMzYuNzc4OVY0MC42NzM5QzExNy45ODMgNDYuNDY1MyA5Ny4zODYyIDUxLjEzMzIgNzEuOTgyNyA1MS4xMzMyQzQ2LjU3OTIgNTEuMTMzMiAyNiA0Ni40NjUzIDI2IDQwLjY3MzlWMzYuNDQzMUw3MiAzMC4xNjQxWk03MiA1OC4yNjc4QzkxLjIwODQgNTguMjY3OCAxMDcuNjU4IDU1LjU5ODYgMTE0LjU0NyA1MS44MDQ4TDExNi44MDMgNDguMTExTDExNy43MjMgNDQuNzUzVjQ4LjkxNzFMMTAyLjY3OSAxMTEuMDMzQzEwMi42NzkgMTE0Ljg5NSA4OC45NTMzIDExOCA3Mi4wMTcyIDExOEM1NS4wODEyIDExOCA0MS4zNzQzIDExNC44OTUgNDEuMzc0MyAxMTEuMDMzTDI2LjMzIDQ4LjkxNzFWNDQuODM2OUwyOS44MDA3IDUxLjkzODJDMzYuNzA2NSA1NS42NjUzIDUyLjk5OTcgNTguMjY3OCA3MiA1OC4yNjc4WiIgZmlsbD0iIzhDMzEyMyIvPgo8cGF0aCBmaWxsLXJ1bGU9ImV2ZW5vZGQiIGNsaXAtcnVsZT0iZXZlbm9kZCIgZD0iTTcyLjAwMDMgMjZDOTcuNDAzOCAyNiAxMTggMzAuNjgzOSAxMTggMzYuNDQyQzExOCA0Mi4yIDk3LjM4NjYgNDYuODUwNyA3Mi4wMDAzIDQ2Ljg1MDdDNDYuNjE0MSA0Ni44NTA3IDI2LjAxNzYgNDIuMjM0NSAyNi4wMTc2IDM2LjQ0MkMyNi4wMTc2IDMwLjY0OTQgNDYuNTk2OCAyNiA3Mi4wMDAzIDI2Wk03Mi4wMDAzIDU0LjEwMzdDOTUuNjg1NyA1NC4xMDM3IDExNS4xNzIgNTAuMDU4IDExNy43MDYgNDQuODE5N0wxMDIuNjYyIDEwNi45MzdDMTAyLjY2MiAxMTAuNzk5IDg4LjkzNjQgMTEzLjkwNSA3Mi4wMDAzIDExMy45MDVDNTUuMDY0MyAxMTMuOTA1IDQxLjMzOSAxMTAuODE2IDQxLjMzOSAxMDYuOTU0TDI2LjI5NTkgNDQuODM3QzI4Ljg0NjYgNTAuMDU4IDQ4LjMzMzMgNTQuMTAzNyA3Mi4wMDAzIDU0LjEwMzdaIiBmaWxsPSIjRTA1MjQzIi8+CjxwYXRoIGZpbGwtcnVsZT0iZXZlbm9kZCIgY2xpcC1ydWxlPSJldmVub2RkIiBkPSJNNjEuMTcyNSA2MC4wMjkzSDgxLjA5MjhWNzkuMTY3Nkg2MS4xNzI1VjYwLjAyOTNaTTQ1LjMzMDEgOTUuMzY4OEM0NS4zMzAxIDkwLjE0MiA0OS43MTA0IDg1LjkzNDIgNTUuMTUxMSA4NS45MzQyQzYwLjU5MTcgODUuOTM0MiA2NC45NzIxIDkwLjE0MiA2NC45NzIxIDk1LjM2ODhDNjQuOTcyMSAxMDAuNTk2IDYwLjU5MTcgMTA0LjgwMyA1NS4xNTExIDEwNC44MDNDNDkuNzEwNCAxMDQuODAzIDQ1LjMzMDEgMTAwLjU5NiA0NS4zMzAxIDk1LjM2ODhaTTk2LjQ0ODcgMTA0LjM2OEg3Ni43NzIyTDg2LjYxMDUgODYuNzczN0w5Ni40NDg3IDEwNC4zNjhaIiBmaWxsPSJ3aGl0ZSIvPgo8ZGVmcz4KPGxpbmVhckdyYWRpZW50IGlkPSJwYWludDBfbGluZWFyXzY4M18zMDkxIiB4MT0iMCIgeTE9IjAiIHgyPSIxNTEiIHkyPSIxODAiIGdyYWRpZW50VW5pdHM9InVzZXJTcGFjZU9uVXNlIj4KPHN0b3Agc3RvcC1jb2xvcj0iI0ZGRjBFRSIvPgo8c3RvcCBvZmZzZXQ9IjEiIHN0b3AtY29sb3I9IiNFQzg4N0QiLz4KPC9saW5lYXJHcmFkaWVudD4KPC9kZWZzPgo8L3N2Zz4K + keysOrder: [["apiVersion"], ["appVersion"], ["kind"], ["metadata"], ["metadata", "name"]] + secrets: + exclude: + - matchLabels: + apps.cozystack.io/tenantresource: "false" + include: [{}] diff --git a/packages/system/cozystack-api/templates/cozystack-resource-definitions/clickhouse.yaml b/packages/system/cozystack-api/templates/cozystack-resource-definitions/clickhouse.yaml new file mode 100644 index 00000000..c1a7ec87 --- /dev/null +++ b/packages/system/cozystack-api/templates/cozystack-resource-definitions/clickhouse.yaml @@ -0,0 +1,34 @@ +apiVersion: cozystack.io/v1alpha1 +kind: CozystackResourceDefinition +metadata: + name: clickhouse +spec: + application: + kind: ClickHouse + singular: clickhouse + plural: clickhouses + openAPISchema: |- + {"title":"Chart Values","type":"object","properties":{"backup":{"description":"Backup configuration","type":"object","default":{},"required":["cleanupStrategy","enabled","resticPassword","s3AccessKey","s3Bucket","s3Region","s3SecretKey","schedule"],"properties":{"cleanupStrategy":{"description":"Retention strategy for cleaning up old backups","type":"string","default":"--keep-last=3 --keep-daily=3 --keep-within-weekly=1m"},"enabled":{"description":"Enable regular backups, default is `false`","type":"boolean","default":false},"resticPassword":{"description":"Password for Restic backup encryption","type":"string","default":""},"s3AccessKey":{"description":"Access key for S3, used for authentication","type":"string","default":""},"s3Bucket":{"description":"S3 bucket used for storing backups","type":"string","default":"s3.example.org/clickhouse-backups"},"s3Region":{"description":"AWS S3 region where backups are stored","type":"string","default":"us-east-1"},"s3SecretKey":{"description":"Secret key for S3, used for authentication","type":"string","default":""},"schedule":{"description":"Cron schedule for automated backups","type":"string","default":"0 2 * * *"}}},"clickhouseKeeper":{"description":"Clickhouse Keeper configuration","type":"object","default":{},"required":["resourcesPreset"],"properties":{"enabled":{"description":"Deploy ClickHouse Keeper for cluster coordination","type":"boolean","default":true},"replicas":{"description":"Number of Keeper replicas","type":"integer","default":3},"resourcesPreset":{"description":"Default sizing preset used when `resources` is omitted. Allowed values: `nano`, `micro`, `small`, `medium`, `large`, `xlarge`, `2xlarge`.","type":"string","default":"micro","enum":["nano","micro","small","medium","large","xlarge","2xlarge"]},"size":{"description":"Persistent Volume Claim size, available for application data","default":"1Gi","pattern":"^(\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))))?$","anyOf":[{"type":"integer"},{"type":"string"}],"x-kubernetes-int-or-string":true}}},"logStorageSize":{"description":"Size of Persistent Volume for logs","default":"2Gi","pattern":"^(\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))))?$","anyOf":[{"type":"integer"},{"type":"string"}],"x-kubernetes-int-or-string":true},"logTTL":{"description":"TTL (expiration time) for `query_log` and `query_thread_log`","type":"integer","default":15},"replicas":{"description":"Number of Clickhouse replicas","type":"integer","default":2},"resources":{"description":"Explicit CPU and memory configuration for each Clickhouse replica. When left empty, the preset defined in `resourcesPreset` is applied.","type":"object","default":{},"properties":{"cpu":{"description":"CPU available to each replica","pattern":"^(\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))))?$","anyOf":[{"type":"integer"},{"type":"string"}],"x-kubernetes-int-or-string":true},"memory":{"description":"Memory (RAM) available to each replica","pattern":"^(\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))))?$","anyOf":[{"type":"integer"},{"type":"string"}],"x-kubernetes-int-or-string":true}}},"resourcesPreset":{"description":"Default sizing preset used when `resources` is omitted. Allowed values: `nano`, `micro`, `small`, `medium`, `large`, `xlarge`, `2xlarge`.","type":"string","default":"small","enum":["nano","micro","small","medium","large","xlarge","2xlarge"]},"shards":{"description":"Number of Clickhouse shards","type":"integer","default":1},"size":{"description":"Persistent Volume Claim size, available for application data","default":"10Gi","pattern":"^(\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))))?$","anyOf":[{"type":"integer"},{"type":"string"}],"x-kubernetes-int-or-string":true},"storageClass":{"description":"StorageClass used to store the data","type":"string"},"users":{"description":"Users configuration","type":"object","default":{},"additionalProperties":{"type":"object","properties":{"password":{"description":"Password for the user","type":"string"},"readonly":{"description":"User is `readonly`, default is `false`.","type":"boolean"}}}}}} + release: + prefix: clickhouse- + labels: + cozystack.io/ui: "true" + chart: + name: clickhouse + sourceRef: + kind: HelmRepository + name: cozystack-apps + namespace: cozy-public + dashboard: + category: PaaS + singular: ClickHouse + plural: ClickHouse + description: Managed ClickHouse service + tags: [] + icon: PHN2ZyB3aWR0aD0iMTQ0IiBoZWlnaHQ9IjE0NCIgdmlld0JveD0iMCAwIDE0NCAxNDQiIGZpbGw9Im5vbmUiIHhtbG5zPSJodHRwOi8vd3d3LnczLm9yZy8yMDAwL3N2ZyI+CjxyZWN0IHdpZHRoPSIxNDQiIGhlaWdodD0iMTQ0IiByeD0iMjQiIGZpbGw9InVybCgjcGFpbnQwX2xpbmVhcl82ODNfMzIwMikiLz4KPHBhdGggZD0iTTIzIDEwNUgzNFYxMTZIMjNWMTA1WiIgZmlsbD0iI0ZGMDAwMCIvPgo8cGF0aCBkPSJNMjMgMjhIMzRWMTA1SDIzVjI4Wk00NSAyOEg1NS45OTk5VjExNkg0NVYyOFpNNjYuOTk5OSAyOEg3Ny45OTk5VjExNkg2Ni45OTk5VjI4Wk04OC45OTk5IDI4SDk5Ljk5OTlWMTE2SDg4Ljk5OTlWMjhaTTExMSA2My43NDk5SDEyMlY4MC4yNDk5SDExMVY2My43NDk5WiIgZmlsbD0id2hpdGUiLz4KPGRlZnM+CjxsaW5lYXJHcmFkaWVudCBpZD0icGFpbnQwX2xpbmVhcl82ODNfMzIwMiIgeDE9Ii0wLjQ5OTk5OCIgeTE9IjEuNSIgeDI9IjE1My41IiB5Mj0iMTYyIiBncmFkaWVudFVuaXRzPSJ1c2VyU3BhY2VPblVzZSI+CjxzdG9wIHN0b3AtY29sb3I9IiNGRkNDMDAiLz4KPHN0b3Agb2Zmc2V0PSIxIiBzdG9wLWNvbG9yPSIjRkY3QTAwIi8+CjwvbGluZWFyR3JhZGllbnQ+CjwvZGVmcz4KPC9zdmc+Cg== + keysOrder: [["apiVersion"], ["appVersion"], ["kind"], ["metadata"], ["metadata", "name"], ["spec", "replicas"], ["spec", "shards"], ["spec", "resources"], ["spec", "resourcesPreset"], ["spec", "size"], ["spec", "storageClass"], ["spec", "logStorageSize"], ["spec", "logTTL"], ["spec", "users"], ["spec", "backup"], ["spec", "backup", "enabled"], ["spec", "backup", "s3Region"], ["spec", "backup", "s3Bucket"], ["spec", "backup", "schedule"], ["spec", "backup", "cleanupStrategy"], ["spec", "backup", "s3AccessKey"], ["spec", "backup", "s3SecretKey"], ["spec", "backup", "resticPassword"], ["spec", "clickhouseKeeper"], ["spec", "clickhouseKeeper", "enabled"], ["spec", "clickhouseKeeper", "size"], ["spec", "clickhouseKeeper", "resourcesPreset"], ["spec", "clickhouseKeeper", "replicas"]] + secrets: + exclude: + - matchLabels: + apps.cozystack.io/tenantresource: "false" + include: [{}] diff --git a/packages/system/cozystack-api/templates/cozystack-resource-definitions/etcd.yaml b/packages/system/cozystack-api/templates/cozystack-resource-definitions/etcd.yaml new file mode 100644 index 00000000..b9d191f0 --- /dev/null +++ b/packages/system/cozystack-api/templates/cozystack-resource-definitions/etcd.yaml @@ -0,0 +1,34 @@ +apiVersion: cozystack.io/v1alpha1 +kind: CozystackResourceDefinition +metadata: + name: etcd +spec: + application: + kind: Etcd + plural: etcds + singular: etcd + openAPISchema: |- + {"title":"Chart Values","type":"object","properties":{"replicas":{"description":"Number of etcd replicas","type":"integer","default":3},"resources":{"description":"Resource configuration for etcd","type":"object","default":{},"properties":{"cpu":{"description":"The number of CPU cores allocated","default":4,"pattern":"^(\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))))?$","anyOf":[{"type":"integer"},{"type":"string"}],"x-kubernetes-int-or-string":true},"memory":{"description":"The amount of memory allocated","default":"1Gi","pattern":"^(\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))))?$","anyOf":[{"type":"integer"},{"type":"string"}],"x-kubernetes-int-or-string":true}}},"size":{"description":"Persistent Volume size","default":"4Gi","pattern":"^(\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))))?$","anyOf":[{"type":"integer"},{"type":"string"}],"x-kubernetes-int-or-string":true},"storageClass":{"description":"StorageClass used to store the data","type":"string"}}} + release: + prefix: "" + labels: + cozystack.io/ui: "true" + chart: + name: etcd + sourceRef: + kind: HelmRepository + name: cozystack-extra + namespace: cozy-public + dashboard: + category: Administration + singular: Etcd + plural: Etcd + name: etcd + description: Storage for Kubernetes clusters + icon: PHN2ZyB3aWR0aD0iMTQ0IiBoZWlnaHQ9IjE0NCIgdmlld0JveD0iMCAwIDE0NCAxNDQiIGZpbGw9Im5vbmUiIHhtbG5zPSJodHRwOi8vd3d3LnczLm9yZy8yMDAwL3N2ZyI+CjxyZWN0IHg9Ii0wLjAwMTk1MzEyIiB3aWR0aD0iMTQ0IiBoZWlnaHQ9IjE0NCIgcng9IjI0IiBmaWxsPSJ1cmwoI3BhaW50MF9saW5lYXJfNjgzXzI5NjMpIi8+CjxwYXRoIGQ9Ik0xMjIuNDQyIDczLjQ3MjlDMTIxLjk1OSA3My41MTM0IDEyMS40NzQgNzMuNTMyMiAxMjAuOTU4IDczLjUzMjJDMTE3Ljk2NSA3My41MzIyIDExNS4wNjEgNzIuODMwNCAxMTIuNDQyIDcxLjU0NTFDMTEzLjMxNCA2Ni41NDIxIDExMy42ODUgNjEuNTAxOSAxMTMuNTg4IDU2LjQ4MDJDMTEwLjc0OCA1Mi4zNzIzIDEwNy41MDIgNDguNDk2NSAxMDMuODM4IDQ0LjkyNTdDMTA1LjQyOCA0MS45NDU0IDEwNy43NzggMzkuMzgxMSAxMTAuNzExIDM3LjU2MjhMMTExLjk3MSAzNi43ODQyTDExMC45ODkgMzUuNjc3NEMxMDUuOTMyIDI5Ljk4MzIgOTkuODk3MSAyNS41ODA5IDkzLjA1NDcgMjIuNTkzN0w5MS42OTAyIDIyTDkxLjM0MzcgMjMuNDQyM0M5MC41Mjc3IDI2LjgwMzYgODguODIyMiAyOS44MzYgODYuNDgwNyAzMi4yNjk1QzgxLjk4MDMgMjkuODc3NCA3Ny4yNzg4IDI3Ljk0NCA3Mi40MzA1IDI2LjQ3OTdDNjcuNTkzNyAyNy45NDA4IDYyLjkwMDUgMjkuODY4NiA1OC40MDIgMzIuMjU3MUM1Ni4wNzAxIDI5LjgyNjggNTQuMzY4OCAyNi44MDE4IDUzLjU1NiAyMy40NTAxTDUzLjIwNzIgMjIuMDA4M0w1MS44NDc3IDIyLjU5OTJDNDUuMDkxNCAyNS41NDMxIDM4Ljg5MDEgMzAuMDY0NyAzMy45MTYyIDM1LjY3NDJMMzIuOTMxOCAzNi43ODMzTDM0LjE5IDM3LjU2MTlDMzcuMTE0MiAzOS4zNzMzIDM5LjQ1NzYgNDEuOTIyNCA0MS4wNDQ0IDQ0Ljg4NjZDMzcuMzkxNyA0OC40NDM1IDM0LjE0OTUgNTIuMzA3IDMxLjMxMTkgNTYuMzk1OUMzMS4yMDE0IDYxLjQxNTQgMzEuNTUzNSA2Ni40OTI0IDMyLjQyOTcgNzEuNTY0NEMyOS44MjMxIDcyLjgzNzggMjYuOTM1OCA3My41MzE4IDIzLjk2MjggNzMuNTMxOEMyMy40NDA5IDczLjUzMTggMjIuOTUyNyA3My41MTI5IDIyLjQ3ODIgNzMuNDczM0wyMSA3My4zNjA2TDIxLjEzODUgNzQuODM2NUMyMS44NjI5IDgyLjMwMzMgMjQuMTgxNCA4OS40MDUzIDI4LjAzMzQgOTUuOTQ3MUwyOC43ODUzIDk3LjIyMzdMMjkuOTE0MiA5Ni4yNjU2QzMyLjUzMDUgOTQuMDQ2NSAzNS42OTE3IDkyLjU3NyAzOS4wNTMgOTEuOTg0N0M0MS4yNjg5IDk2LjUxNTUgNDMuODk1MyAxMDAuNzcyIDQ2Ljg3NDcgMTA0LjcyNUM1MS42Mjg3IDEwNi4zODcgNTYuNTgxOSAxMDcuNjI5IDYxLjY5NzEgMTA4LjM2N0M2Mi4xODc3IDExMS43NSA2MS43OTcgMTE1LjI0OSA2MC40NjI0IDExOC40ODRMNTkuODk5NSAxMTkuODU1TDYxLjM0NjkgMTIwLjE3NEM2NS4wNTI5IDEyMC45ODkgNjguNzkxNyAxMjEuNDA0IDcyLjQ1MjYgMTIxLjQwNEw4My41NTUxIDEyMC4xNzRMODUuMDAzOSAxMTkuODU1TDg0LjQzOTcgMTE4LjQ4MkM4My4xMDg3IDExNS4yNDYgODIuNzE4IDExMS43NDMgODMuMjA4NiAxMDguMzZDODguMzAzNiAxMDcuNjIxIDkzLjIzODQgMTA2LjM4MiA5Ny45NzQ4IDEwNC43MjVDMTAwLjk1NyAxMDAuNzY5IDEwMy41ODYgOTYuNTA5NSAxMDUuODA1IDkxLjk3MjhDMTA5LjE3NyA5Mi41NjE0IDExMi4zNTYgOTQuMDMxNyAxMTQuOTg5IDk2LjI1NzNMMTE2LjExOCA5Ny4yMTQxTDExNi44NjYgOTUuOTQwN0MxMjAuNzI1IDg5LjM5MDUgMTIzLjA0MyA4Mi4yODkxIDEyMy43NTYgNzQuODM0MkwxMjMuODk1IDczLjM2MUwxMjIuNDQyIDczLjQ3MjlaTTg4LjMxOTcgOTEuNTE4MUM4My4wNjczIDkyLjk0NjYgNzcuNzMzIDkzLjY2NzcgNzIuNDMwNSA5My42Njc3QzY3LjExMzcgOTMuNjY3NyA2MS43ODU5IDkyLjk0NyA1Ni41MjkgOTEuNTE4MUM1My42NDQ4IDg3LjAzNjYgNTEuMzY0NSA4Mi4yMzU3IDQ5LjcyMzQgNzcuMTgxMkM0OC4wODkyIDcyLjE1MDIgNDcuMTMyOSA2Ni44Nzk1IDQ2Ljg1NTQgNjEuNDUyMkM1MC4yNTA0IDU3LjI1NDcgNTQuMTExIDUzLjU3NzYgNTguMzc2NyA1MC40ODIzQzYyLjcxMTQgNDcuMzI5NCA2Ny40MjcxIDQ0Ljc2NzkgNzIuNDMwNSA0Mi44NDFDNzcuNDI1NiA0NC43NjgzIDgyLjEzMjYgNDcuMzI2MiA4Ni40NTcyIDUwLjQ2NTdDOTAuNzM5NCA1My41Nzc2IDk0LjYxNzEgNTcuMjgzMiA5OC4wMjg3IDYxLjUwN0M5Ny43Mzc4IDY2LjkwMzQgOTYuNzcgNzIuMTQzOCA5NS4xMzMgNzcuMTY2NUM5My40OTYxIDgyLjIyIDkxLjIwODQgODcuMDM2MSA4OC4zMTk3IDkxLjUxODFaTTc2Ljc2ODQgNjYuMTk3NEM3Ni43Njg0IDY5LjkwODEgNzkuNzc1NCA3Mi45MDk2IDgzLjQ4MSA3Mi45MDk2Qzg3LjE4NTcgNzIuOTA5NiA5MC4xODk1IDY5LjkwODYgOTAuMTg5NSA2Ni4xOTc0QzkwLjE4OTUgNjIuNTAxIDg3LjE4NTcgNTkuNDg4MSA4My40ODEgNTkuNDg4MUM3OS43NzU0IDU5LjQ4ODEgNzYuNzY4NCA2Mi41MDEgNzYuNzY4NCA2Ni4xOTc0Wk02OC4wOTU0IDY2LjE5NzRDNjguMDk1NCA2OS45MDgxIDY1LjA4ODggNzIuOTA5NiA2MS4zODMyIDcyLjkwOTZDNTcuNjc0OSA3Mi45MDk2IDU0LjY3NjYgNjkuOTA4NiA1NC42NzY2IDY2LjE5NzRDNTQuNjc2NiA2Mi41MDI0IDU3LjY3NTMgNTkuNDg5NCA2MS4zODMyIDU5LjQ4OTRDNjUuMDg4OCA1OS40ODk0IDY4LjA5NTQgNjIuNTAyNCA2OC4wOTU0IDY2LjE5NzRaIiBmaWxsPSJ3aGl0ZSIvPgo8ZGVmcz4KPGxpbmVhckdyYWRpZW50IGlkPSJwYWludDBfbGluZWFyXzY4M18yOTYzIiB4MT0iNS41IiB5MT0iMTEiIHgyPSIxNDEiIHkyPSIxMjQuNSIgZ3JhZGllbnRVbml0cz0idXNlclNwYWNlT25Vc2UiPgo8c3RvcCBzdG9wLWNvbG9yPSIjNTNCMkYwIi8+CjxzdG9wIG9mZnNldD0iMSIgc3RvcC1jb2xvcj0iIzQxOUVEQSIvPgo8L2xpbmVhckdyYWRpZW50Pgo8L2RlZnM+Cjwvc3ZnPgo= + keysOrder: [["apiVersion"], ["appVersion"], ["kind"], ["metadata"], ["metadata", "name"], ["spec", "size"], ["spec", "storageClass"], ["spec", "replicas"], ["spec", "resources"], ["spec", "resources", "cpu"], ["spec", "resources", "memory"]] + secrets: + exclude: + - matchLabels: + apps.cozystack.io/tenantresource: "false" + include: [{}] diff --git a/packages/system/cozystack-api/templates/cozystack-resource-definitions/ferretdb.yaml b/packages/system/cozystack-api/templates/cozystack-resource-definitions/ferretdb.yaml new file mode 100644 index 00000000..e754aa28 --- /dev/null +++ b/packages/system/cozystack-api/templates/cozystack-resource-definitions/ferretdb.yaml @@ -0,0 +1,35 @@ +apiVersion: cozystack.io/v1alpha1 +kind: CozystackResourceDefinition +metadata: + name: ferretdb +spec: + application: + kind: FerretDB + plural: ferretdbs + singular: ferretdb + openAPISchema: |- + {"title":"Chart Values","type":"object","properties":{"backup":{"description":"Backup configuration","type":"object","default":{},"required":["destinationPath","enabled","endpointURL","retentionPolicy","s3AccessKey","s3SecretKey","schedule"],"properties":{"destinationPath":{"description":"Path to store the backup (i.e. s3://bucket/path/to/folder)","type":"string","default":"s3://bucket/path/to/folder/"},"enabled":{"description":"Enable regular backups, default is `false`.","type":"boolean","default":false},"endpointURL":{"description":"S3 Endpoint used to upload data to the cloud","type":"string","default":"http://minio-gateway-service:9000"},"retentionPolicy":{"description":"Retention policy","type":"string","default":"30d"},"s3AccessKey":{"description":"Access key for S3, used for authentication","type":"string","default":""},"s3SecretKey":{"description":"Secret key for S3, used for authentication","type":"string","default":""},"schedule":{"description":"Cron schedule for automated backups","type":"string","default":"0 2 * * * *"}}},"bootstrap":{"description":"Bootstrap (recovery) configuration","type":"object","default":{},"properties":{"enabled":{"description":"Restore database cluster from a backup","type":"boolean","default":false},"oldName":{"description":"Name of database cluster before deleting","type":"string"},"recoveryTime":{"description":"Timestamp (PITR) up to which recovery will proceed, expressed in RFC 3339 format. If left empty, will restore latest.","type":"string"}}},"external":{"description":"Enable external access from outside the cluster","type":"boolean","default":false},"quorum":{"description":"Configuration for the quorum-based synchronous replication","type":"object","default":{},"required":["maxSyncReplicas","minSyncReplicas"],"properties":{"maxSyncReplicas":{"description":"Maximum number of synchronous replicas that can acknowledge a transaction (must be lower than the total number of replicas)","type":"integer","default":0},"minSyncReplicas":{"description":"Minimum number of synchronous replicas that must acknowledge a transaction before it is considered committed","type":"integer","default":0}}},"replicas":{"description":"Number of replicas","type":"integer","default":2},"resources":{"description":"Explicit CPU and memory configuration for each FerretDB replica. When left empty, the preset defined in `resourcesPreset` is applied.","type":"object","default":{},"properties":{"cpu":{"description":"CPU available to each replica","pattern":"^(\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))))?$","anyOf":[{"type":"integer"},{"type":"string"}],"x-kubernetes-int-or-string":true},"memory":{"description":"Memory (RAM) available to each replica","pattern":"^(\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))))?$","anyOf":[{"type":"integer"},{"type":"string"}],"x-kubernetes-int-or-string":true}}},"resourcesPreset":{"description":"Default sizing preset used when `resources` is omitted. Allowed values: `nano`, `micro`, `small`, `medium`, `large`, `xlarge`, `2xlarge`.","type":"string","default":"micro","enum":["nano","micro","small","medium","large","xlarge","2xlarge"]},"size":{"description":"Persistent Volume Claim size, available for application data","default":"10Gi","pattern":"^(\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))))?$","anyOf":[{"type":"integer"},{"type":"string"}],"x-kubernetes-int-or-string":true},"storageClass":{"description":"StorageClass used to store the data","type":"string"},"users":{"description":"Users configuration","type":"object","default":{},"additionalProperties":{"type":"object","properties":{"password":{"description":"Password for the user","type":"string"}}}}}} + release: + prefix: ferretdb- + labels: + cozystack.io/ui: "true" + chart: + name: ferretdb + sourceRef: + kind: HelmRepository + name: cozystack-apps + namespace: cozy-public + dashboard: + category: PaaS + singular: FerretDB + plural: FerretDB + description: Managed FerretDB service + tags: + - database + icon: PHN2ZyB3aWR0aD0iMTQ0IiBoZWlnaHQ9IjE0NCIgdmlld0JveD0iMCAwIDE0NCAxNDQiIGZpbGw9Im5vbmUiIHhtbG5zPSJodHRwOi8vd3d3LnczLm9yZy8yMDAwL3N2ZyI+CjxyZWN0IHg9Ii0wLjAwMTk1MzEyIiB3aWR0aD0iMTQ0IiBoZWlnaHQ9IjE0NCIgcng9IjI0IiBmaWxsPSJ1cmwoI3BhaW50MF9saW5lYXJfNjgzXzI5NTIpIi8+CjxwYXRoIGQ9Ik02OS41OTIzIDIyLjEzMUM1OC4yNjYyIDIzLjY3ODcgNDYuOTAzNyAzMC44NzE0IDQwLjMzMDIgNDAuNjY3OUMzOS4yNzQgNDIuMjUyMSAzNy40NTMxIDQ1LjU0OCAzNy40NTMxIDQ1Ljg3NTdDMzcuNDUzMSA0NS45MTIyIDM4LjMyNzIgNDUuMzg0MSAzOS4zODMzIDQ0LjY5MjFDNTIuMzg0NyAzNi4xMTU2IDY3Ljg5ODkgMzQuNTMxNCA4MC41MTc4IDQwLjQ4NThDODMuMjY3NCA0MS43Nzg3IDg0Ljk5NzMgNDMuMDM1MSA4Ny40NTU1IDQ1LjQ5MzNDOTEuNTg5IDQ5LjY0NSA5NC42MTE3IDU1LjE5ODggOTYuNzA1OCA2Mi41MDA3Qzk3Ljc5ODMgNjYuMjUxOCA5OC43MDg4IDcxLjM2ODYgOTguOTQ1NSA3NC44NDY1Qzk5LjAwMDEgNzUuNzkzNCA5OS4xNDU4IDc2LjYzMSA5OS4yMzY5IDc2LjY4NTZDOTkuNzQ2NyA3Ni45OTUyIDEwMi4wNDEgNzMuNjYyOSAxMDMuNjYyIDcwLjI3NkMxMDYuMjI5IDY0Ljg4NjEgMTA3LjQzMSA1OS41ODcyIDEwNy40MTMgNTMuNzA1N0MxMDcuMzk1IDQ1LjM4NDEgMTA0LjUxOCAzOC4zOTE3IDk4LjcyNyAzMi41NjQ4QzkzLjU5MiAyNy4zOTM0IDg3LjEwOTUgMjMuODQyNiA4MC4zMTc1IDIyLjQ1ODdDNzguNzMzMyAyMi4xNDkyIDc3LjU2NzkgMjIuMDU4MSA3NC41OTk5IDIyLjAwMzVDNzIuNTQyMiAyMS45ODUzIDcwLjMwMjUgMjIuMDM5OSA2OS41OTIzIDIyLjEzMVoiIGZpbGw9IndoaXRlIi8+CjxwYXRoIGQ9Ik00NS41MiA0Ni40NDAyQzQ0LjMzNjQgNDcuMDIyOSA0Mi4zNTE2IDQ4Ljg0MzggNDAuNjAzNSA1MC45Mzc5QzM5LjgyMDUgNTEuODY2NiAzOC42MzY5IDUzLjAxMzcgMzcuNzYyOSA1My42NjkzQzM1LjcyMzQgNTUuMTk4OSAzMi4yNDU1IDU4LjYwNCAzMC40NzkyIDYwLjgwNzNDMjEuMjY1NCA3Mi4yMjQ0IDE4LjY5NzkgODUuMjQ0IDIzLjA4NjMgOTguMzE4MkMyNi42OTE3IDEwOS4wMjUgMzUuMDMxNSAxMTYuMTI3IDQ3Ljg1MDggMTE5LjM1QzUyLjg0MDEgMTIwLjYyNCA2MC4zMjQgMTIxLjMzNSA2My40NTYgMTIwLjg0M0w2NC4yNTcyIDEyMC43MTVMNjMuMDE5IDExOS45ODdDNTYuMTkwNiAxMTYuMDE4IDUxLjQxOTggMTA5LjMxNyA1MC4wOTA1IDEwMS44NjlDNDkuNjg5OSA5OS42MTEgNDkuNjcxNyA5NS42MDUgNTAuMDcyMyA5My40MDE3QzUwLjk2NDUgODguNDQ4OCA1My40NTkyIDgzLjg5NjUgNTYuODQ2MSA4MS4wNTU5QzU4LjQzMDMgNzkuNzI2NiA2MS4xOTgxIDc4LjM2MDkgNjMuNDAxNCA3Ny44MzI5QzY2LjcxNTUgNzcuMDMxNyA2OC43MzY3IDc2LjEyMTIgNzAuODMwNyA3NC40NjQyQzcyLjE3ODIgNzMuNDA4IDczLjM2MTggNzEuODA1NiA3NC4zNDUxIDY5LjcyOThDNzUuMTgyNyA2Ny45NjM1IDc2Ljk2NzIgNjIuMzU1MSA3Ni45NjcyIDYxLjQ2MjhDNzYuOTY3MiA2MC44NDM3IDc2LjMyOTkgNjAuMDA2MSA3NS40MTk1IDU5LjQ0MTZDNzQuOTQ2IDU5LjE1MDIgNzQuMTk5NCA1OC45ODY0IDcyLjI4NzUgNTguNzg2MUM2NC4wNTY5IDU3LjkzMDIgNTkuOTU5OSA1Ni40MzcxIDU1LjAwNyA1Mi41MjIxQzU0LjI5NjggNTEuOTU3NiA1My40NDEgNTEuMzIwMyA1My4wOTUgNTEuMTAxOEM1Mi43NDkgNTAuOTAxNSA1Mi4wNTcxIDUwLjEzNjcgNTEuNTgzNiA0OS40MjY1QzUwLjE0NTEgNDcuMzMyNSA0OC4zNjA2IDQ1Ljk4NSA0Ni45OTQ5IDQ1Ljk2NjhDNDYuNzAzNiA0NS45NjY4IDQ2LjAyOTggNDYuMTg1MyA0NS41MiA0Ni40NDAyWk01NC40NjA3IDU0Ljg3MTFDNTUuMDc5OCA1NS4xODA2IDU1Ljc1MzUgNTUuNTgxMiA1NS45NzIgNTUuNzQ1MUw1Ni4zNzI3IDU2LjA3MjlMNTUuNzM1MyA1OC42MjIyQzU1LjE4OTEgNjAuODQzNyA1NS4wOTggNjEuNDA4MiA1NS4xNTI2IDYyLjk5MjRDNTUuMjA3MyA2NC41NTg0IDU1LjI2MTkgNjQuOTA0MyA1NS42MjYxIDY1LjQxNDJDNTYuMjI3IDY2LjIzMzYgNTcuMjY0OSA2Ni43MjUzIDU4LjQzMDMgNjYuNzI1M0M2MC4wODczIDY2LjcyNTMgNjEuMzgwMiA2NS43Nzg0IDYzLjUyODkgNjIuOTU2QzY0LjE0OCA2Mi4xNTQ4IDY0LjYzOTYgNjEuNzE3NyA2NS4zNjggNjEuMzcxOEM2Ni40OTcgNjAuODA3MyA2Ny4yOTgyIDYwLjc1MjcgNjkuODExIDYwLjk3MTJMNzEuNDg2MyA2MS4xMzVWNjIuMTE4M0M3MS40ODYzIDYzLjY2NjEgNzIuMzA1NyA2NC41NTg0IDczLjk4MDkgNjQuODEzM0w3NC43ODIxIDY0LjkyMjZMNzQuNDkwOCA2NS41OTYzQzczLjIxNjEgNjguNjczNiA2OS45Mzg1IDcyLjE1MTYgNjYuODYxMSA3My42OTk0QzY2LjM2OTUgNzMuOTM2MSA2NS4yNTg3IDc0LjM3MzEgNjQuNDAyOSA3NC42NjQ1QzYzLjAwMDggNzUuMTE5NyA2Mi42MTg0IDc1LjE3NDMgNjAuMjE0OCA3NS4xNzQzQzU3LjgyOTQgNzUuMTc0MyA1Ny40Mjg4IDc1LjExOTcgNTYuMTE3NyA3NC42ODI3QzUyLjE2NjMgNzMuMzcxNiA0OS4yMzQ3IDcwLjQ1ODEgNDcuOTA1NCA2Ni41NDMyQzQ3LjQzMTkgNjUuMTU5MyA0Ny40MTM3IDYxLjEzNSA0Ny44ODcyIDU5LjQ1OThDNDguNTI0NSA1Ny4xNDcyIDQ5LjY1MzUgNTUuMjM1MyA1MC44MzcxIDU0LjQ4ODdDNTEuNjAxOCA1My45OTcgNTMuMDIyMiA1NC4xNjA5IDU0LjQ2MDcgNTQuODcxMVoiIGZpbGw9IndoaXRlIi8+CjxwYXRoIGQ9Ik0xMTMuMDIyIDYxLjczNjFDMTEzLjAyMiA2Mi41NTU1IDExMi4xMTEgNjYuMzQzMSAxMTEuMzQ3IDY4LjcxMDJDMTA4LjQ3IDc3LjU3ODEgMTAzLjI2MiA4NS41MzU1IDk2LjQ2OTcgOTEuMzQ0M0M5MS42OTg5IDk1LjQ0MTMgODguMzExOSA5Ny4yNDQgODIuOTQwMiA5OC41NzMzQzc5LjQ4MDUgOTkuNDI5MSA3Ny4yMjI2IDk5LjcwMjMgNzIuODM0MSA5OS44MTE1QzY3LjM1MzIgOTkuOTU3MiA2MS45NDUxIDk5LjQ2NTUgNTcuMTAxNCA5OC40MDk0QzU2LjE3MjcgOTguMjA5MSA1NS4zODk4IDk4LjA4MTYgNTUuMzM1MSA5OC4xMzYzQzU1LjExNjYgOTguMzM2NiA1NS45NTQyIDEwMS4xMjMgNTYuNjgyNiAxMDIuNTk4QzU4LjAxMTkgMTA1LjMyOSA1OS41MjMyIDEwNy4zNjggNjIuMjE4MiAxMTAuMDYzQzY1LjA1ODggMTEyLjkwNCA2Ny4xNzExIDExNC40NyA3MC40NDg3IDExNi4xNjNDNzguNTcgMTIwLjM1MSA4Ny44OTMxIDEyMC45MTYgOTcuNDUzIDExNy43NjZDMTA3LjU0MSAxMTQuNDcgMTE0Ljk1MiAxMDguNTE2IDExOC45NCAxMDAuNTAzQzEyMS41OTggOTUuMTg2NCAxMjIuNjkxIDg5LjUwNTEgMTIyLjI5IDgzLjAyMjdDMTIxLjc5OSA3NS4wMjg4IDExOC44NDkgNjcuMTk4OSAxMTQuNTcgNjIuNTczOEMxMTMuODk2IDYxLjg0NTQgMTEzLjI3NyA2MS4yNjI3IDExMy4xODYgNjEuMjYyN0MxMTMuMDk1IDYxLjI2MjcgMTEzLjAyMiA2MS40ODEyIDExMy4wMjIgNjEuNzM2MVoiIGZpbGw9IndoaXRlIi8+CjxkZWZzPgo8bGluZWFyR3JhZGllbnQgaWQ9InBhaW50MF9saW5lYXJfNjgzXzI5NTIiIHgxPSI1LjUiIHkxPSIxMSIgeDI9IjE0MSIgeTI9IjEyNC41IiBncmFkaWVudFVuaXRzPSJ1c2VyU3BhY2VPblVzZSI+CjxzdG9wIHN0b3AtY29sb3I9IiM0NUFEQzYiLz4KPHN0b3Agb2Zmc2V0PSIxIiBzdG9wLWNvbG9yPSIjMjE2Nzc4Ii8+CjwvbGluZWFyR3JhZGllbnQ+CjwvZGVmcz4KPC9zdmc+Cg== + keysOrder: [["apiVersion"], ["appVersion"], ["kind"], ["metadata"], ["metadata", "name"], ["spec", "replicas"], ["spec", "resources"], ["spec", "resourcesPreset"], ["spec", "size"], ["spec", "storageClass"], ["spec", "external"], ["spec", "quorum"], ["spec", "quorum", "minSyncReplicas"], ["spec", "quorum", "maxSyncReplicas"], ["spec", "users"], ["spec", "backup"], ["spec", "backup", "enabled"], ["spec", "backup", "schedule"], ["spec", "backup", "retentionPolicy"], ["spec", "backup", "endpointURL"], ["spec", "backup", "destinationPath"], ["spec", "backup", "s3AccessKey"], ["spec", "backup", "s3SecretKey"], ["spec", "bootstrap"], ["spec", "bootstrap", "enabled"], ["spec", "bootstrap", "recoveryTime"], ["spec", "bootstrap", "oldName"]] + secrets: + exclude: + - matchLabels: + apps.cozystack.io/tenantresource: "false" + include: [{}] diff --git a/packages/system/cozystack-api/templates/cozystack-resource-definitions/http-cache.yaml b/packages/system/cozystack-api/templates/cozystack-resource-definitions/http-cache.yaml new file mode 100644 index 00000000..438105eb --- /dev/null +++ b/packages/system/cozystack-api/templates/cozystack-resource-definitions/http-cache.yaml @@ -0,0 +1,36 @@ +apiVersion: cozystack.io/v1alpha1 +kind: CozystackResourceDefinition +metadata: + name: http-cache +spec: + application: + kind: HTTPCache + plural: httpcaches + singular: httpcache + openAPISchema: |- + {"title":"Chart Values","type":"object","properties":{"endpoints":{"description":"Endpoints configuration, as a list of ","type":"array","default":[],"items":{"type":"string"}},"external":{"description":"Enable external access from outside the cluster","type":"boolean","default":false},"haproxy":{"description":"HAProxy configuration","type":"object","default":{},"required":["replicas","resources","resourcesPreset"],"properties":{"replicas":{"description":"Number of HAProxy replicas","type":"integer","default":2},"resources":{"description":"Explicit CPU and memory configuration for each replica. When left empty, the preset defined in `resourcesPreset` is applied.","type":"object","default":{},"properties":{"cpu":{"description":"CPU available to each replica","pattern":"^(\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))))?$","anyOf":[{"type":"integer"},{"type":"string"}],"x-kubernetes-int-or-string":true},"memory":{"description":"Memory (RAM) available to each replica","pattern":"^(\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))))?$","anyOf":[{"type":"integer"},{"type":"string"}],"x-kubernetes-int-or-string":true}}},"resourcesPreset":{"description":"Default sizing preset used when `resources` is omitted. Allowed values: `nano`, `micro`, `small`, `medium`, `large`, `xlarge`, `2xlarge`.","type":"string","default":"nano","enum":["nano","micro","small","medium","large","xlarge","2xlarge"]}}},"nginx":{"description":"Nginx configuration","type":"object","default":{},"required":["replicas","resourcesPreset"],"properties":{"replicas":{"description":"Number of Nginx replicas","type":"integer","default":2},"resources":{"description":"Explicit CPU and memory configuration for each replica. When left empty, the preset defined in `resourcesPreset` is applied.","type":"object","default":{},"properties":{"cpu":{"description":"CPU available to each replica","pattern":"^(\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))))?$","anyOf":[{"type":"integer"},{"type":"string"}],"x-kubernetes-int-or-string":true},"memory":{"description":"Memory (RAM) available to each replica","pattern":"^(\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))))?$","anyOf":[{"type":"integer"},{"type":"string"}],"x-kubernetes-int-or-string":true}}},"resourcesPreset":{"description":"Default sizing preset used when `resources` is omitted. Allowed values: `nano`, `micro`, `small`, `medium`, `large`, `xlarge`, `2xlarge`.","type":"string","default":"nano","enum":["nano","micro","small","medium","large","xlarge","2xlarge"]}}},"size":{"description":"Persistent Volume Claim size, available for application data","default":"10Gi","pattern":"^(\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))))?$","anyOf":[{"type":"integer"},{"type":"string"}],"x-kubernetes-int-or-string":true},"storageClass":{"description":"StorageClass used to store the data","type":"string"}}} + release: + prefix: http-cache- + labels: + cozystack.io/ui: "true" + chart: + name: http-cache + sourceRef: + kind: HelmRepository + name: cozystack-apps + namespace: cozy-public + dashboard: + category: NaaS + singular: HTTP Cache + plural: HTTP Cache + description: Layer7 load balancer and caching service + tags: + - cache + - network + icon: PHN2ZyB3aWR0aD0iMTQ0IiBoZWlnaHQ9IjE0NCIgdmlld0JveD0iMCAwIDE0NCAxNDQiIGZpbGw9Im5vbmUiIHhtbG5zPSJodHRwOi8vd3d3LnczLm9yZy8yMDAwL3N2ZyI+CjxyZWN0IHdpZHRoPSIxNDQiIGhlaWdodD0iMTQ0IiByeD0iMjQiIGZpbGw9InVybCgjcGFpbnQwX2xpbmVhcl82ODFfMjgyNSkiLz4KPHBhdGggZD0iTTI2LjAwMjYgMzcuODU4OEMyNi4wMDI2IDYwLjkxOSAyNi4wMDI2IDgzLjk4MTQgMjYuMDAyNiAxMDcuMDQ2QzI1Ljk3MyAxMDguMzIzIDI2LjE5OTYgMTA5LjU5MyAyNi42NjkyIDExMC43ODNDMjcuMTM4NyAxMTEuOTcyIDI3Ljg0MTggMTEzLjA1NiAyOC43Mzc0IDExMy45NzJDMzAuNDUzOSAxMTUuNjU5IDMyLjcgMTE2LjcwOSAzNS4xMDA5IDExNi45NDhDMzcuNTAxOSAxMTcuMTg3IDM5LjkxMjYgMTE2LjYgNDEuOTMxIDExNS4yODRDNDMuMjgyIDExNC4zNzEgNDQuMzg4MSAxMTMuMTQzIDQ1LjE1MjcgMTExLjcwN0M0NS45MTc0IDExMC4yNzEgNDYuMzE3NSAxMDguNjcxIDQ2LjMxODEgMTA3LjA0NkM0Ni4zMTgxIDkwLjM1MjggNDYuMjg2MSA3My42NTk3IDQ2LjMxODEgNTYuOTY2NkM2MS42MTY4IDc1LjE4ODkgNzYuOTQ3NCA5My4zODU2IDkyLjMxIDExMS41NTdDOTQuNDQ0NCAxMTMuNzA4IDk3LjA4NzUgMTE1LjI5MSA5OS45OTcgMTE2LjE2MkMxMDIuOTA2IDExNy4wMzIgMTA1Ljk4OSAxMTcuMTYyIDEwOC45NjIgMTE2LjUzOUMxMTEuMDYxIDExNi4xMjggMTEyLjk3MyAxMTUuMDU3IDExNC40MTUgMTEzLjQ4NUMxMTUuODU3IDExMS45MTMgMTE2Ljc1NCAxMDkuOTIxIDExNi45NzQgMTA3LjgwNEMxMTcuMDA5IDg0LjI2ODEgMTE3LjAwOSA2MC43MzQzIDExNi45NzQgMzcuMjAyNUMxMTYuNzU0IDM0LjY5MDcgMTE1LjU5NSAzMi4zNTIyIDExMy43MjYgMzAuNjQ4NkMxMTEuODU4IDI4Ljk0NSAxMDkuNDE1IDI4IDEwNi44ODEgMjhDMTA0LjM0NiAyOCAxMDEuOTAzIDI4Ljk0NSAxMDAuMDM1IDMwLjY0ODZDOTguMTY2MyAzMi4zNTIyIDk3LjAwNzQgMzQuNjkwNyA5Ni43ODY5IDM3LjIwMjVDOTYuNzg2OSA1NC4xNjMyIDk2LjY4NDQgNzEuMTA0OCA5Ni43ODY5IDg4LjA1OTFDODEuNzYxNiA3MC40MzU4IDY2LjkyMTkgNTIuNjU5NiA1MS45NTQzIDM0Ljk3MjVDNDkuOTgxIDMyLjQ1NTQgNDcuMzY4NSAzMC41MDczIDQ0LjM4NjMgMjkuMzI5MUM0MS40MDQxIDI4LjE1MDkgMzguMTU5OSAyNy43ODUyIDM0Ljk4ODMgMjguMjY5OEMzMi41ODU3IDI4LjUzNTkgMzAuMzU4MyAyOS42NDkzIDI4LjcwOTkgMzEuNDA4NEMyNy4wNjE1IDMzLjE2NzUgMjYuMTAxIDM1LjQ1NTkgMjYuMDAyNiAzNy44NTg4WiIgZmlsbD0id2hpdGUiLz4KPGRlZnM+CjxsaW5lYXJHcmFkaWVudCBpZD0icGFpbnQwX2xpbmVhcl82ODFfMjgyNSIgeDE9IjEwIiB5MT0iMTUuNSIgeDI9IjE0NCIgeTI9IjEzMS41IiBncmFkaWVudFVuaXRzPSJ1c2VyU3BhY2VPblVzZSI+CjxzdG9wIHN0b3AtY29sb3I9IiMwMEM1NEEiLz4KPHN0b3Agb2Zmc2V0PSIxIiBzdG9wLWNvbG9yPSIjMDE5NjM5Ii8+CjwvbGluZWFyR3JhZGllbnQ+CjwvZGVmcz4KPC9zdmc+Cg== + keysOrder: [["apiVersion"], ["appVersion"], ["kind"], ["metadata"], ["metadata", "name"], ["spec", "size"], ["spec", "storageClass"], ["spec", "external"], ["spec", "endpoints"], ["spec", "haproxy"], ["spec", "haproxy", "replicas"], ["spec", "haproxy", "resources"], ["spec", "haproxy", "resourcesPreset"], ["spec", "nginx"], ["spec", "nginx", "replicas"], ["spec", "nginx", "resources"], ["spec", "nginx", "resourcesPreset"]] + secrets: + exclude: + - matchLabels: + apps.cozystack.io/tenantresource: "false" + include: [{}] diff --git a/packages/system/cozystack-api/templates/cozystack-resource-definitions/info.yaml b/packages/system/cozystack-api/templates/cozystack-resource-definitions/info.yaml new file mode 100644 index 00000000..3fb3843f --- /dev/null +++ b/packages/system/cozystack-api/templates/cozystack-resource-definitions/info.yaml @@ -0,0 +1,34 @@ +apiVersion: cozystack.io/v1alpha1 +kind: CozystackResourceDefinition +metadata: + name: info +spec: + application: + kind: Info + plural: infos + singular: info + openAPISchema: |- + {"title":"Chart Values","type":"object","properties":{}} + release: + prefix: "" + labels: + cozystack.io/ui: "true" + chart: + name: info + sourceRef: + kind: HelmRepository + name: cozystack-extra + namespace: cozy-public + dashboard: + name: info + category: Administration + singular: Info + plural: Info + description: Info + icon: PHN2ZyB3aWR0aD0iMTQ0IiBoZWlnaHQ9IjE0NCIgdmlld0JveD0iMCAwIDE0NCAxNDQiIGZpbGw9Im5vbmUiIHhtbG5zPSJodHRwOi8vd3d3LnczLm9yZy8yMDAwL3N2ZyI+CjxyZWN0IHdpZHRoPSIxNDQiIGhlaWdodD0iMTQ0IiByeD0iMjQiIGZpbGw9InVybCgjcGFpbnQwX3JhZGlhbF8xNDRfMykiLz4KPGcgY2xpcC1wYXRoPSJ1cmwoI2NsaXAwXzE0NF8zKSI+CjxwYXRoIGQ9Ik03Ny42NDA3IDk3LjA4NDRMODIuODMzIDk3LjM2MDRWMTA0LjYzN0g2MS4xNzI4Vjk3LjcxOTdMNjQuMTc3MSA5Ny40NDk1QzY1LjgxMDEgOTcuMjY4NCA2Ni44MTA2IDk2LjcxOTMgNjYuODEwNiA5NC41MzQzVjY5LjIzMTRDNjYuODEwNiA2Ny4yMjE3IDY2LjI3MDEgNjYuNTg2NCA2NC41MzY1IDY2LjU4NjRMNjEuMzU2OCA2Ni40MDgxVjU4Ljg1ODRINzcuNjQ2NUw3Ny42NDA3IDk3LjA4NDRaTTcxLjI3MjYgMzkuMzYzQzc1LjI4MDQgMzkuMzYzIDc4LjE4NyA0Mi4zNzMxIDc4LjE4NyA0Ni4xODgzQzc4LjE4NyA1MC4wMTQ5IDc1LjI3MTggNTIuODM4MSA3MS4xNzc4IDUyLjgzODFDNjYuOTk3NSA1Mi44MzgxIDY0LjI2NjMgNTAuMDE0OSA2NC4yNjYzIDQ2LjE4ODNDNjQuMjY2MyA0Mi4zNzMxIDY2Ljk5NzUgMzkuMzYzIDcxLjI3MjYgMzkuMzYzWk03MiAxMThDNDYuNjM2OCAxMTggMjYgOTcuMzYzMiAyNiA3MkMyNiA0Ni42MzY4IDQ2LjYzNjggMjYgNzIgMjZDOTcuMzU3NSAyNiAxMTggNDYuNjM2OCAxMTggNzJDMTE4IDk3LjM2MzIgOTcuMzU3NSAxMTggNzIgMTE4Wk03MiAzNC42MjVDNTEuMzkyIDM0LjYyNSAzNC42MjUgNTEuMzkyIDM0LjYyNSA3MkMzNC42MjUgOTIuNjA4IDUxLjM5MiAxMDkuMzc1IDcyIDEwOS4zNzVDOTIuNjA4IDEwOS4zNzUgMTA5LjM3NSA5Mi42MDggMTA5LjM3NSA3MkMxMDkuMzc1IDUxLjM5MiA5Mi42MDggMzQuNjI1IDcyIDM0LjYyNVoiIGZpbGw9IndoaXRlIi8+CjwvZz4KPGRlZnM+CjxyYWRpYWxHcmFkaWVudCBpZD0icGFpbnQwX3JhZGlhbF8xNDRfMyIgY3g9IjAiIGN5PSIwIiByPSIxIiBncmFkaWVudFVuaXRzPSJ1c2VyU3BhY2VPblVzZSIgZ3JhZGllbnRUcmFuc2Zvcm09InRyYW5zbGF0ZSgxLjMyMjk4ZS0wNSAtNy41MDAwMSkgcm90YXRlKDQ0LjcxNzgpIHNjYWxlKDIxNS4zMTcgMzEyLjQ1NSkiPgo8c3RvcCBzdG9wLWNvbG9yPSIjMDBCNUU3Ii8+CjxzdG9wIG9mZnNldD0iMSIgc3RvcC1jb2xvcj0iIzAwMzk4NCIvPgo8L3JhZGlhbEdyYWRpZW50Pgo8Y2xpcFBhdGggaWQ9ImNsaXAwXzE0NF8zIj4KPHJlY3Qgd2lkdGg9IjkyIiBoZWlnaHQ9IjkyIiBmaWxsPSJ3aGl0ZSIgdHJhbnNmb3JtPSJ0cmFuc2xhdGUoMjYgMjYpIi8+CjwvY2xpcFBhdGg+CjwvZGVmcz4KPC9zdmc+Cg== + keysOrder: [["apiVersion"], ["appVersion"], ["kind"], ["metadata"], ["metadata", "name"]] + secrets: + exclude: + - matchLabels: + apps.cozystack.io/tenantresource: "false" + include: [{}] diff --git a/packages/system/cozystack-api/templates/cozystack-resource-definitions/ingress.yaml b/packages/system/cozystack-api/templates/cozystack-resource-definitions/ingress.yaml new file mode 100644 index 00000000..1f2ff132 --- /dev/null +++ b/packages/system/cozystack-api/templates/cozystack-resource-definitions/ingress.yaml @@ -0,0 +1,34 @@ +apiVersion: cozystack.io/v1alpha1 +kind: CozystackResourceDefinition +metadata: + name: ingress +spec: + application: + kind: Ingress + plural: ingresses + singular: ingress + openAPISchema: |- + {"title":"Chart Values","type":"object","properties":{"cloudflareProxy":{"description":"Restoring original visitor IPs when Cloudflare proxied is enabled","type":"boolean","default":false},"replicas":{"description":"Number of ingress-nginx replicas","type":"integer","default":2},"resources":{"description":"Explicit CPU and memory configuration for each ingress-nginx replica. When left empty, the preset defined in `resourcesPreset` is applied.","type":"object","default":{},"properties":{"cpu":{"description":"CPU available to each replica","pattern":"^(\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))))?$","anyOf":[{"type":"integer"},{"type":"string"}],"x-kubernetes-int-or-string":true},"memory":{"description":"Memory (RAM) available to each replica","pattern":"^(\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))))?$","anyOf":[{"type":"integer"},{"type":"string"}],"x-kubernetes-int-or-string":true}}},"resourcesPreset":{"description":"Default sizing preset used when `resources` is omitted. Allowed values: `nano`, `micro`, `small`, `medium`, `large`, `xlarge`, `2xlarge`.","type":"string","default":"micro","enum":["nano","micro","small","medium","large","xlarge","2xlarge"]},"whitelist":{"description":"List of client networks","type":"array","default":[],"items":{"type":"string"}}}} + release: + prefix: "" + labels: + cozystack.io/ui: "true" + chart: + name: ingress + sourceRef: + kind: HelmRepository + name: cozystack-extra + namespace: cozy-public + dashboard: + category: Administration + singular: Ingress + plural: Ingress + name: ingress + description: NGINX Ingress Controller + icon: PHN2ZyB3aWR0aD0iMTQ0IiBoZWlnaHQ9IjE0NCIgdmlld0JveD0iMCAwIDE0NCAxNDQiIGZpbGw9Im5vbmUiIHhtbG5zPSJodHRwOi8vd3d3LnczLm9yZy8yMDAwL3N2ZyI+CjxyZWN0IHdpZHRoPSIxNDQiIGhlaWdodD0iMTQ0IiByeD0iMjQiIGZpbGw9InVybCgjcGFpbnQwX2xpbmVhcl82ODRfMzIyOSkiLz4KPHBhdGggZD0iTTg2LjkyNzQgMzcuMTA3NEgxN1YxMDcuMDM1SDg2LjkyNzRWMzcuMTA3NFoiIHN0cm9rZT0id2hpdGUiIHN0cm9rZS13aWR0aD0iNiIgc3Ryb2tlLW1pdGVybGltaXQ9IjEwIiBzdHJva2UtbGluZWNhcD0icm91bmQiIHN0cm9rZS1saW5lam9pbj0icm91bmQiLz4KPHBhdGggZD0iTTEyNy42NDMgMjlIMTA3LjQ1NVY0OS4xODgzSDEyNy42NDNWMjlaIiBzdHJva2U9IndoaXRlIiBzdHJva2Utd2lkdGg9IjQiIHN0cm9rZS1taXRlcmxpbWl0PSIxMCIgc3Ryb2tlLWxpbmVjYXA9InJvdW5kIiBzdHJva2UtbGluZWpvaW49InJvdW5kIi8+CjxwYXRoIGQ9Ik0xMjcuNjQzIDYxLjcyNjZIMTA3LjQ1NVY4MS45MTQ5SDEyNy42NDNWNjEuNzI2NloiIHN0cm9rZT0id2hpdGUiIHN0cm9rZS13aWR0aD0iNCIgc3Ryb2tlLW1pdGVybGltaXQ9IjEwIiBzdHJva2UtbGluZWNhcD0icm91bmQiIHN0cm9rZS1saW5lam9pbj0icm91bmQiLz4KPHBhdGggZD0iTTEyNy42NDMgOTQuNDUyMUgxMDcuNDU1VjExNC42NEgxMjcuNjQzVjk0LjQ1MjFaIiBzdHJva2U9IndoaXRlIiBzdHJva2Utd2lkdGg9IjQiIHN0cm9rZS1taXRlcmxpbWl0PSIxMCIgc3Ryb2tlLWxpbmVjYXA9InJvdW5kIiBzdHJva2UtbGluZWpvaW49InJvdW5kIi8+CjxwYXRoIGQ9Ik04OC41MTM3IDcyLjA3MTNIMTA2LjI3IiBzdHJva2U9IndoaXRlIiBzdHJva2Utd2lkdGg9IjMiIHN0cm9rZS1taXRlcmxpbWl0PSIxMCIgc3Ryb2tlLWxpbmVjYXA9InJvdW5kIiBzdHJva2UtbGluZWpvaW49InJvdW5kIi8+CjxwYXRoIGQ9Ik04Ny41Njc0IDgwLjQyNDhMMTA3LjczIDk1Ljc4MDUiIHN0cm9rZT0id2hpdGUiIHN0cm9rZS13aWR0aD0iMyIgc3Ryb2tlLW1pdGVybGltaXQ9IjEwIiBzdHJva2UtbGluZWNhcD0icm91bmQiIHN0cm9rZS1saW5lam9pbj0icm91bmQiLz4KPHBhdGggZD0iTTg3LjU2NzQgNjMuNzE4MUwxMDcuNzMgNDguMzYyMyIgc3Ryb2tlPSJ3aGl0ZSIgc3Ryb2tlLXdpZHRoPSIzIiBzdHJva2UtbWl0ZXJsaW1pdD0iMTAiIHN0cm9rZS1saW5lY2FwPSJyb3VuZCIgc3Ryb2tlLWxpbmVqb2luPSJyb3VuZCIvPgo8ZGVmcz4KPGxpbmVhckdyYWRpZW50IGlkPSJwYWludDBfbGluZWFyXzY4NF8zMjI5IiB4MT0iMTAiIHkxPSIxNS41IiB4Mj0iMTQ0IiB5Mj0iMTMxLjUiIGdyYWRpZW50VW5pdHM9InVzZXJTcGFjZU9uVXNlIj4KPHN0b3Agc3RvcC1jb2xvcj0iIzAwREE1MyIvPgo8c3RvcCBvZmZzZXQ9IjEiIHN0b3AtY29sb3I9IiMwMDk2MzkiLz4KPC9saW5lYXJHcmFkaWVudD4KPC9kZWZzPgo8L3N2Zz4K + keysOrder: [["apiVersion"], ["appVersion"], ["kind"], ["metadata"], ["metadata", "name"], ["spec", "replicas"], ["spec", "whitelist"], ["spec", "cloudflareProxy"], ["spec", "resources"], ["spec", "resourcesPreset"]] + secrets: + exclude: + - matchLabels: + apps.cozystack.io/tenantresource: "false" + include: [{}] diff --git a/packages/system/cozystack-api/templates/cozystack-resource-definitions/kafka.yaml b/packages/system/cozystack-api/templates/cozystack-resource-definitions/kafka.yaml new file mode 100644 index 00000000..d4891307 --- /dev/null +++ b/packages/system/cozystack-api/templates/cozystack-resource-definitions/kafka.yaml @@ -0,0 +1,35 @@ +apiVersion: cozystack.io/v1alpha1 +kind: CozystackResourceDefinition +metadata: + name: kafka +spec: + application: + kind: Kafka + plural: kafkas + singular: kafka + openAPISchema: |- + {"title":"Chart Values","type":"object","properties":{"external":{"description":"Enable external access from outside the cluster","type":"boolean","default":false},"kafka":{"description":"Kafka configuration","type":"object","default":{},"required":["replicas","resourcesPreset","size","storageClass"],"properties":{"replicas":{"description":"Number of Kafka replicas","type":"integer","default":3},"resources":{"description":"Explicit CPU and memory configuration for each replica. When left empty, the preset defined in `resourcesPreset` is applied.","type":"object","default":{},"properties":{"cpu":{"description":"CPU available to each replica","pattern":"^(\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))))?$","anyOf":[{"type":"integer"},{"type":"string"}],"x-kubernetes-int-or-string":true},"memory":{"description":"Memory (RAM) available to each replica","pattern":"^(\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))))?$","anyOf":[{"type":"integer"},{"type":"string"}],"x-kubernetes-int-or-string":true}}},"resourcesPreset":{"description":"Default sizing preset used when `resources` is omitted. Allowed values: `nano`, `micro`, `small`, `medium`, `large`, `xlarge`, `2xlarge`.","type":"string","default":"small","enum":["nano","micro","small","medium","large","xlarge","2xlarge"]},"size":{"description":"Persistent Volume size for Kafka","default":"10Gi","pattern":"^(\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))))?$","anyOf":[{"type":"integer"},{"type":"string"}],"x-kubernetes-int-or-string":true},"storageClass":{"description":"StorageClass used to store the Kafka data","type":"string"}}},"topics":{"description":"Topics configuration","type":"array","default":[],"items":{"type":"object","required":["config","name","partitions","replicas"],"properties":{"config":{"description":"Topic configuration","type":"object","x-kubernetes-preserve-unknown-fields":true},"name":{"description":"Topic name","type":"string"},"partitions":{"description":"Number of partitions","type":"integer"},"replicas":{"description":"Number of replicas","type":"integer"}}}},"zookeeper":{"description":"Zookeeper configuration","type":"object","default":{},"required":["replicas","resourcesPreset","size","storageClass"],"properties":{"replicas":{"description":"Number of ZooKeeper replicas","type":"integer","default":3},"resources":{"description":"Explicit CPU and memory configuration for each replica. When left empty, the preset defined in `resourcesPreset` is applied.","type":"object","default":{},"properties":{"cpu":{"description":"CPU available to each replica","pattern":"^(\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))))?$","anyOf":[{"type":"integer"},{"type":"string"}],"x-kubernetes-int-or-string":true},"memory":{"description":"Memory (RAM) available to each replica","pattern":"^(\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))))?$","anyOf":[{"type":"integer"},{"type":"string"}],"x-kubernetes-int-or-string":true}}},"resourcesPreset":{"description":"Default sizing preset used when `resources` is omitted. Allowed values: `nano`, `micro`, `small`, `medium`, `large`, `xlarge`, `2xlarge`.","type":"string","default":"small","enum":["nano","micro","small","medium","large","xlarge","2xlarge"]},"size":{"description":"Persistent Volume size for ZooKeeper","default":"5Gi","pattern":"^(\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))))?$","anyOf":[{"type":"integer"},{"type":"string"}],"x-kubernetes-int-or-string":true},"storageClass":{"description":"StorageClass used to store the ZooKeeper data","type":"string"}}}}} + release: + prefix: kafka- + labels: + cozystack.io/ui: "true" + chart: + name: kafka + sourceRef: + kind: HelmRepository + name: cozystack-apps + namespace: cozy-public + dashboard: + category: PaaS + singular: Kafka + plural: Kafka + description: Managed Kafka service + tags: + - messaging + icon: PHN2ZyB3aWR0aD0iMTQ0IiBoZWlnaHQ9IjE0NCIgdmlld0JveD0iMCAwIDE0NCAxNDQiIGZpbGw9Im5vbmUiIHhtbG5zPSJodHRwOi8vd3d3LnczLm9yZy8yMDAwL3N2ZyI+CjxyZWN0IHdpZHRoPSIxNDQiIGhlaWdodD0iMTQ0IiByeD0iMjQiIGZpbGw9InVybCgjcGFpbnQwX2xpbmVhcl82ODFfMjgyMCkiLz4KPHBhdGggZD0iTTkxLjAzMDcgNzcuODE4NUM4Ni44NTc3IDc3LjgxODUgODMuMTE2NiA3OS42ODE4IDgwLjU1NDcgODIuNjE1NEw3My45OTAxIDc3LjkzMTVDNzQuNjg2OSA3NS45OTc4IDc1LjA4NyA3My45MjE1IDc1LjA4NyA3MS43NDgyQzc1LjA4NyA2OS42MTI2IDc0LjcwMDggNjcuNTcxMSA3NC4wMjY5IDY1LjY2Nkw4MC41NzY5IDYxLjAzMThDODMuMTM4NSA2My45NTA1IDg2Ljg2OTkgNjUuODAzNyA5MS4wMzA3IDY1LjgwMzdDOTguNzMyOCA2NS44MDM3IDEwNSA1OS40ODg0IDEwNSA1MS43MjQ3QzEwNSA0My45NjEgOTguNzMyOCAzNy42NDU3IDkxLjAzMDcgMzcuNjQ1N0M4My4zMjg1IDM3LjY0NTcgNzcuMDYxNCA0My45NjEgNzcuMDYxNCA1MS43MjQ3Qzc3LjA2MTQgNTMuMTE0MyA3Ny4yNjk3IDU0LjQ1NDMgNzcuNjQzNSA1NS43MjMzTDcxLjA4OTEgNjAuMzU5OEM2OC4zNTEyIDU2LjkzNjUgNjQuNDA5IDU0LjU0NjMgNTkuOTE3NCA1My44MTY2VjQ1Ljg1NTNDNjYuMjQ1MSA0NC41MTU4IDcxLjAxMjggMzguODQ5NSA3MS4wMTI4IDMyLjA3OUM3MS4wMTI4IDI0LjMxNTMgNjQuNzQ1NyAxOCA1Ny4wNDM1IDE4QzQ5LjM0MTQgMTggNDMuMDc0MiAyNC4zMTUzIDQzLjA3NDIgMzIuMDc5QzQzLjA3NDIgMzguNzU4OSA0Ny43MTg0IDQ0LjM1NTIgNTMuOTE5NiA0NS43OTAzVjUzLjg1NTFDNDUuNDU2NyA1NS4zNTIzIDM5IDYyLjc5NjEgMzkgNzEuNzQ4MkMzOSA4MC43NDQgNDUuNTIwNiA4OC4yMTUxIDU0LjA0NDYgODkuNjYxM1Y5OC4xNzcyQzQ3Ljc4MDEgOTkuNTY1IDQzLjA3NDIgMTA1LjE5NiA0My4wNzQyIDExMS45MjFDNDMuMDc0MiAxMTkuNjg1IDQ5LjM0MTQgMTI2IDU3LjA0MzUgMTI2QzY0Ljc0NTcgMTI2IDcxLjAxMjggMTE5LjY4NSA3MS4wMTI4IDExMS45MjFDNzEuMDEyOCAxMDUuMTk2IDY2LjMwNyA5OS41NjUgNjAuMDQyNCA5OC4xNzcyVjg5LjY2MTFDNjQuMzU2OSA4OC45Mjg2IDY4LjI2MDEgODYuNjQwNyA3MS4wMjUyIDgzLjIyMzRMNzcuNjMzNyA4Ny45Mzc2Qzc3LjI2NjkgODkuMTk1MiA3Ny4wNjE0IDkwLjUyMTkgNzcuMDYxNCA5MS44OTc1Qzc3LjA2MTQgOTkuNjYxMiA4My4zMjg1IDEwNS45NzYgOTEuMDMwNyAxMDUuOTc2Qzk4LjczMjggMTA1Ljk3NiAxMDUgOTkuNjYxMiAxMDUgOTEuODk3NUMxMDUgODQuMTMzOCA5OC43MzI4IDc3LjgxODUgOTEuMDMwNyA3Ny44MTg1Wk05MS4wMzA3IDQ0Ljg5ODVDOTQuNzY1NiA0NC44OTg1IDk3LjgwMzQgNDcuOTYxNSA5Ny44MDM0IDUxLjcyNDdDOTcuODAzNCA1NS40ODc5IDk0Ljc2NTYgNTguNTUwNiA5MS4wMzA3IDU4LjU1MDZDODcuMjk1OCA1OC41NTA2IDg0LjI1OCA1NS40ODc5IDg0LjI1OCA1MS43MjQ3Qzg0LjI1OCA0Ny45NjE1IDg3LjI5NTggNDQuODk4NSA5MS4wMzA3IDQ0Ljg5ODVaTTUwLjI3MDUgMzIuMDc5QzUwLjI3MDUgMjguMzE1OCA1My4zMDg2IDI1LjI1MzEgNTcuMDQzNSAyNS4yNTMxQzYwLjc3ODUgMjUuMjUzMSA2My44MTYzIDI4LjMxNTggNjMuODE2MyAzMi4wNzlDNjMuODE2MyAzNS44NDIyIDYwLjc3ODUgMzguOTA0OSA1Ny4wNDM1IDM4LjkwNDlDNTMuMzA4NiAzOC45MDQ5IDUwLjI3MDUgMzUuODQyMiA1MC4yNzA1IDMyLjA3OVpNNjMuODE2MyAxMTEuOTIxQzYzLjgxNjMgMTE1LjY4NCA2MC43Nzg1IDExOC43NDcgNTcuMDQzNSAxMTguNzQ3QzUzLjMwODYgMTE4Ljc0NyA1MC4yNzA1IDExNS42ODQgNTAuMjcwNSAxMTEuOTIxQzUwLjI3MDUgMTA4LjE1OCA1My4zMDg2IDEwNS4wOTUgNTcuMDQzNSAxMDUuMDk1QzYwLjc3ODUgMTA1LjA5NSA2My44MTYzIDEwOC4xNTggNjMuODE2MyAxMTEuOTIxWk01Ny4wNDMgODEuMjY4MUM1MS44MzM5IDgxLjI2ODEgNDcuNTk2MiA3Ni45OTggNDcuNTk2MiA3MS43NDgyQzQ3LjU5NjIgNjYuNDk4MiA1MS44MzM5IDYyLjIyNzMgNTcuMDQzIDYyLjIyNzNDNjIuMjUxOSA2Mi4yMjczIDY2LjQ4OTUgNjYuNDk4MiA2Ni40ODk1IDcxLjc0ODJDNjYuNDg5NSA3Ni45OTggNjIuMjUxOSA4MS4yNjgxIDU3LjA0MyA4MS4yNjgxWk05MS4wMzA3IDk4LjcyMzdDODcuMjk1OCA5OC43MjM3IDg0LjI1OCA5NS42NjA3IDg0LjI1OCA5MS44OTc1Qzg0LjI1OCA4OC4xMzQzIDg3LjI5NTggODUuMDcxNiA5MS4wMzA3IDg1LjA3MTZDOTQuNzY1NiA4NS4wNzE2IDk3LjgwMzQgODguMTM0MyA5Ny44MDM0IDkxLjg5NzVDOTcuODAzNCA5NS42NjA3IDk0Ljc2NTYgOTguNzIzNyA5MS4wMzA3IDk4LjcyMzdaIiBmaWxsPSJ3aGl0ZSIvPgo8ZGVmcz4KPGxpbmVhckdyYWRpZW50IGlkPSJwYWludDBfbGluZWFyXzY4MV8yODIwIiB4MT0iMTQwIiB5MT0iMTMwLjUiIHgyPSI0IiB5Mj0iOS40OTk5OSIgZ3JhZGllbnRVbml0cz0idXNlclNwYWNlT25Vc2UiPgo8c3RvcC8+CjxzdG9wIG9mZnNldD0iMSIgc3RvcC1jb2xvcj0iIzQzNDE0MSIvPgo8L2xpbmVhckdyYWRpZW50Pgo8L2RlZnM+Cjwvc3ZnPgo= + keysOrder: [["apiVersion"], ["appVersion"], ["kind"], ["metadata"], ["metadata", "name"], ["spec", "external"], ["spec", "topics"], ["spec", "kafka"], ["spec", "kafka", "replicas"], ["spec", "kafka", "resources"], ["spec", "kafka", "resourcesPreset"], ["spec", "kafka", "size"], ["spec", "kafka", "storageClass"], ["spec", "zookeeper"], ["spec", "zookeeper", "replicas"], ["spec", "zookeeper", "resources"], ["spec", "zookeeper", "resourcesPreset"], ["spec", "zookeeper", "size"], ["spec", "zookeeper", "storageClass"]] + secrets: + exclude: + - matchLabels: + apps.cozystack.io/tenantresource: "false" + include: [{}] diff --git a/packages/system/cozystack-api/templates/cozystack-resource-definitions/kubernetes.yaml b/packages/system/cozystack-api/templates/cozystack-resource-definitions/kubernetes.yaml new file mode 100644 index 00000000..0629b6d4 --- /dev/null +++ b/packages/system/cozystack-api/templates/cozystack-resource-definitions/kubernetes.yaml @@ -0,0 +1,36 @@ +apiVersion: cozystack.io/v1alpha1 +kind: CozystackResourceDefinition +metadata: + name: kubernetes +spec: + application: + kind: Kubernetes + singular: kubernetes + plural: kuberneteses + openAPISchema: |- + {"title":"Chart Values","type":"object","properties":{"addons":{"description":"Cluster addons configuration","type":"object","default":{},"required":["certManager","cilium","coredns","fluxcd","gatewayAPI","gpuOperator","ingressNginx","monitoringAgents","velero","verticalPodAutoscaler"],"properties":{"certManager":{"description":"Cert-manager: automatically creates and manages SSL/TLS certificate","type":"object","default":{},"required":["enabled","valuesOverride"],"properties":{"enabled":{"description":"Enable cert-manager, which automatically creates and manages SSL/TLS certificates.","type":"boolean","default":false},"valuesOverride":{"description":"Custom values to override","type":"object","default":{},"x-kubernetes-preserve-unknown-fields":true}}},"cilium":{"description":"Cilium CNI plugin","type":"object","default":{},"required":["valuesOverride"],"properties":{"valuesOverride":{"description":"Custom values to override","type":"object","default":{},"x-kubernetes-preserve-unknown-fields":true}}},"coredns":{"description":"Coredns","type":"object","default":{},"required":["valuesOverride"],"properties":{"valuesOverride":{"description":"Custom values to override","type":"object","default":{},"x-kubernetes-preserve-unknown-fields":true}}},"fluxcd":{"description":"Flux CD","type":"object","default":{},"required":["enabled","valuesOverride"],"properties":{"enabled":{"description":"Enable FluxCD","type":"boolean","default":false},"valuesOverride":{"description":"Custom values to override","type":"object","default":{},"x-kubernetes-preserve-unknown-fields":true}}},"gatewayAPI":{"description":"Gateway API","type":"object","default":{},"required":["enabled"],"properties":{"enabled":{"description":"Enable the Gateway API","type":"boolean","default":false}}},"gpuOperator":{"description":"GPU-operator: NVIDIA GPU Operator","type":"object","default":{},"required":["enabled","valuesOverride"],"properties":{"enabled":{"description":"Enable the GPU-operator","type":"boolean","default":false},"valuesOverride":{"description":"Custom values to override","type":"object","default":{},"x-kubernetes-preserve-unknown-fields":true}}},"ingressNginx":{"description":"Ingress-NGINX Controller","type":"object","default":{},"required":["enabled","exposeMethod","valuesOverride"],"properties":{"enabled":{"description":"Enable the Ingress-NGINX controller (requires nodes labeled with the 'ingress-nginx' role).","type":"boolean","default":false},"exposeMethod":{"description":"Method to expose the Ingress-NGINX controller. Allowed values: `Proxied`, `LoadBalancer`.","type":"string","default":"Proxied","enum":["Proxied","LoadBalancer"]},"hosts":{"description":"List of domain names that the parent cluster should route to this tenant cluster. Taken into account only when `exposeMethod` is set to `Proxied`.","type":"array","default":[],"items":{"type":"string"}},"valuesOverride":{"description":"Custom values to override","type":"object","default":{},"x-kubernetes-preserve-unknown-fields":true}}},"monitoringAgents":{"description":"MonitoringAgents","type":"object","default":{},"required":["enabled","valuesOverride"],"properties":{"enabled":{"description":"Enable monitoring agents (Fluent Bit and VMAgents) to send logs and metrics. If tenant monitoring is enabled, data is sent to tenant storage; otherwise, it goes to root storage.","type":"boolean","default":false},"valuesOverride":{"description":"Custom values to override","type":"object","default":{},"x-kubernetes-preserve-unknown-fields":true}}},"velero":{"description":"Velero","type":"object","default":{},"required":["enabled","valuesOverride"],"properties":{"enabled":{"description":"Enable Velero for backup and recovery of a tenant Kubernetes cluster.","type":"boolean","default":false},"valuesOverride":{"description":"Custom values to override","type":"object","default":{},"x-kubernetes-preserve-unknown-fields":true}}},"verticalPodAutoscaler":{"description":"VerticalPodAutoscaler","type":"object","default":{},"required":["valuesOverride"],"properties":{"valuesOverride":{"description":"Custom values to override","type":"object","default":{},"x-kubernetes-preserve-unknown-fields":true}}}}},"controlPlane":{"description":"Control Plane Configuration","type":"object","default":{},"required":["apiServer","controllerManager","konnectivity","replicas","scheduler"],"properties":{"apiServer":{"description":"Control plane API server configuration.","type":"object","default":{},"required":["resources","resourcesPreset"],"properties":{"resources":{"description":"Explicit CPU and memory configuration for the API Server. When left empty, the preset defined in `resourcesPreset` is applied.","type":"object","default":{},"properties":{"cpu":{"description":"CPU available to each worker node","pattern":"^(\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))))?$","anyOf":[{"type":"integer"},{"type":"string"}],"x-kubernetes-int-or-string":true},"memory":{"description":"Memory (RAM) available to each worker node","pattern":"^(\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))))?$","anyOf":[{"type":"integer"},{"type":"string"}],"x-kubernetes-int-or-string":true}}},"resourcesPreset":{"description":"Default sizing preset used when `resources` is omitted. Allowed values: `nano`, `micro`, `small`, `medium`, `large`, `xlarge`, `2xlarge`.","type":"string","default":"medium","enum":["nano","micro","small","medium","large","xlarge","2xlarge"]}}},"controllerManager":{"description":"Controller Manager configuration.","type":"object","default":{},"required":["resources","resourcesPreset"],"properties":{"resources":{"description":"Explicit CPU and memory configuration for the Controller Manager. When left empty, the preset defined in `resourcesPreset` is applied.","type":"object","default":{},"properties":{"cpu":{"description":"CPU available to each worker node","pattern":"^(\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))))?$","anyOf":[{"type":"integer"},{"type":"string"}],"x-kubernetes-int-or-string":true},"memory":{"description":"Memory (RAM) available to each worker node","pattern":"^(\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))))?$","anyOf":[{"type":"integer"},{"type":"string"}],"x-kubernetes-int-or-string":true}}},"resourcesPreset":{"description":"Default sizing preset used when `resources` is omitted. Allowed values: `nano`, `micro`, `small`, `medium`, `large`, `xlarge`, `2xlarge`.","type":"string","default":"micro","enum":["nano","micro","small","medium","large","xlarge","2xlarge"]}}},"konnectivity":{"description":"Konnectivity configuration.","type":"object","default":{},"required":["server"],"properties":{"server":{"description":"Konnectivity server configuration.","type":"object","default":{},"required":["resources","resourcesPreset"],"properties":{"resources":{"description":"Explicit CPU and memory configuration for Konnectivity. When left empty, the preset defined in `resourcesPreset` is applied.","type":"object","default":{},"properties":{"cpu":{"description":"CPU available to each worker node","pattern":"^(\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))))?$","anyOf":[{"type":"integer"},{"type":"string"}],"x-kubernetes-int-or-string":true},"memory":{"description":"Memory (RAM) available to each worker node","pattern":"^(\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))))?$","anyOf":[{"type":"integer"},{"type":"string"}],"x-kubernetes-int-or-string":true}}},"resourcesPreset":{"description":"Default sizing preset used when `resources` is omitted. Allowed values: `nano`, `micro`, `small`, `medium`, `large`, `xlarge`, `2xlarge`.","type":"string","default":"micro","enum":["nano","micro","small","medium","large","xlarge","2xlarge"]}}}}},"replicas":{"description":"Number of replicas for Kubernetes control plane components.","type":"integer","default":2},"scheduler":{"description":"Scheduler configuration.","type":"object","default":{},"required":["resources","resourcesPreset"],"properties":{"resources":{"description":"Explicit CPU and memory configuration for the Scheduler. When left empty, the preset defined in `resourcesPreset` is applied.","type":"object","default":{},"properties":{"cpu":{"description":"CPU available to each worker node","pattern":"^(\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))))?$","anyOf":[{"type":"integer"},{"type":"string"}],"x-kubernetes-int-or-string":true},"memory":{"description":"Memory (RAM) available to each worker node","pattern":"^(\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))))?$","anyOf":[{"type":"integer"},{"type":"string"}],"x-kubernetes-int-or-string":true}}},"resourcesPreset":{"description":"Default sizing preset used when `resources` is omitted. Allowed values: `nano`, `micro`, `small`, `medium`, `large`, `xlarge`, `2xlarge`.","type":"string","default":"micro","enum":["nano","micro","small","medium","large","xlarge","2xlarge"]}}}}},"host":{"description":"Hostname used to access the Kubernetes cluster externally. Defaults to `.` when empty.","type":"string"},"nodeGroups":{"description":"Worker nodes configuration","type":"object","default":{"md0":{"ephemeralStorage":"20Gi","gpus":[],"instanceType":"u1.medium","maxReplicas":10,"minReplicas":0,"resources":{},"roles":["ingress-nginx"]}},"additionalProperties":{"type":"object","required":["ephemeralStorage","instanceType","maxReplicas","minReplicas","resources"],"properties":{"ephemeralStorage":{"description":"Ephemeral storage size","default":"20Gi","pattern":"^(\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))))?$","anyOf":[{"type":"integer"},{"type":"string"}],"x-kubernetes-int-or-string":true},"gpus":{"description":"List of GPUs to attach (WARN: NVIDIA driver requires at least 4 GiB of RAM)","type":"array","default":[],"items":{"type":"object","required":["name"],"properties":{"name":{"description":"Name of GPU, such as \"nvidia.com/AD102GL_L40S\"","type":"string"}}}},"instanceType":{"description":"Virtual machine instance type","type":"string","default":"u1.medium"},"maxReplicas":{"description":"Maximum amount of replicas","type":"integer","default":10},"minReplicas":{"description":"Minimum amount of replicas","type":"integer","default":0},"resources":{"description":"Resources available to each worker node","type":"object","default":{},"properties":{"cpu":{"description":"CPU available to each worker node","pattern":"^(\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))))?$","anyOf":[{"type":"integer"},{"type":"string"}],"x-kubernetes-int-or-string":true},"memory":{"description":"Memory (RAM) available to each worker node","pattern":"^(\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))))?$","anyOf":[{"type":"integer"},{"type":"string"}],"x-kubernetes-int-or-string":true}}},"roles":{"description":"List of node's roles","type":"array","items":{"type":"string"}}}}},"storageClass":{"description":"StorageClass used to store the data","type":"string","default":"replicated"},"version":{"description":"Kubernetes version given as vMAJOR.MINOR. Available are versions from 1.28 to 1.33.","type":"string","default":"v1.33","enum":["v1.28","v1.29","v1.30","v1.31","v1.32","v1.33"]}}} + release: + prefix: kubernetes- + labels: + cozystack.io/ui: "true" + chart: + name: kubernetes + sourceRef: + kind: HelmRepository + name: cozystack-apps + namespace: cozy-public + dashboard: + category: IaaS + singular: Kubernetes + plural: Kubernetes + weight: 40 + description: Managed Kubernetes service + tags: + - compute + icon: PHN2ZyB3aWR0aD0iMTQ0IiBoZWlnaHQ9IjE0NCIgdmlld0JveD0iMCAwIDE0NCAxNDQiIGZpbGw9Im5vbmUiIHhtbG5zPSJodHRwOi8vd3d3LnczLm9yZy8yMDAwL3N2ZyI+CjxyZWN0IHdpZHRoPSIxNDQiIGhlaWdodD0iMTQ0IiByeD0iMjQiIGZpbGw9InVybCgjcGFpbnQwX2xpbmVhcl82ODFfMjg0NSkiLz4KPHBhdGggZD0iTTcxLjk5NjggMTlDNzAuMzAzOSAxOS4wMDAyIDY4LjkzMTIgMjAuNTMyMiA2OC45MzE0IDIyLjQyMjFDNjguOTMxNCAyMi40NTExIDY4LjkzNzMgMjIuNDc4OCA2OC45Mzc5IDIyLjUwNzZDNjguOTM1NCAyMi43NjQ0IDY4LjkyMzEgMjMuMDczNyA2OC45MzE0IDIzLjI5NzNDNjguOTcxNyAyNC4zODczIDY5LjIwODIgMjUuMjIxNiA2OS4zNTA2IDI2LjIyNThDNjkuNjA4NCAyOC4zNzUyIDY5LjgyNDUgMzAuMTU2OSA2OS42OTEyIDMxLjgxM0M2OS41NjE1IDMyLjQzNzUgNjkuMTAzNyAzMy4wMDg2IDY4LjY5NTYgMzMuNDA1Nkw2OC42MjM1IDM0LjcwODZDNjYuNzgzOSAzNC44NjE3IDY0LjkzMTkgMzUuMTQyMSA2My4wODIxIDM1LjU2NDFDNTUuMTIyNiAzNy4zNzk4IDQ4LjI2OTUgNDEuNDk5MSA0My4wNTIgNDcuMDYwOUM0Mi43MTM0IDQ2LjgyODggNDIuMTIxMSA0Ni40MDE5IDQxLjk0NSA0Ni4yNzEyQzQxLjM5NzcgNDYuMzQ1NCA0MC44NDQ1IDQ2LjUxNTEgNDAuMTI0MSA0Ni4wOTM1QzM4Ljc1MjIgNDUuMTY1NyAzNy41MDI4IDQzLjg4NTEgMzUuOTkxIDQyLjM0MjRDMzUuMjk4MiA0MS42MDQ0IDM0Ljc5NjYgNDAuOTAxOCAzMy45NzM1IDQwLjE5MDRDMzMuNzg2NiA0MC4wMjg5IDMzLjUwMTQgMzkuODEwNCAzMy4yOTIzIDM5LjY0NDJDMzIuNjQ4OSAzOS4xMjg4IDMxLjg5IDM4Ljg2IDMxLjE1NyAzOC44MzQ4QzMwLjIxNDcgMzguODAyNCAyOS4zMDc1IDM5LjE3MjUgMjguNzEzOCAzOS45MjA2QzI3LjY1ODQgNDEuMjUwNiAyNy45OTYzIDQzLjI4MzMgMjkuNDY3MSA0NC40NjE0QzI5LjQ4MiA0NC40NzM0IDI5LjQ5NzkgNDQuNDgyNyAyOS41MTI5IDQ0LjQ5NDNDMjkuNzE1IDQ0LjY1ODkgMjkuOTYyNSA0NC44Njk4IDMwLjE0ODMgNDUuMDA3NkMzMS4wMjE3IDQ1LjY1NTUgMzEuODE5NSA0NS45ODcyIDMyLjY4OTcgNDYuNTAxNUMzNC41MjMxIDQ3LjYzOTEgMzYuMDQzIDQ4LjU4MjMgMzcuMjQ4NiA0OS43MTk2QzM3LjcxOTQgNTAuMjIzNyAzNy44MDE2IDUxLjExMjIgMzcuODY0MyA1MS40OTY0TDM4Ljg0NjggNTIuMzc4MkMzMy41ODcyIDYwLjMzMDggMzEuMTUzIDcwLjE1MzkgMzIuNTkxNSA4MC4xNjI3TDMxLjMwNzcgODAuNTM3OEMzMC45NjkzIDgwLjk3NjggMzAuNDkxMiA4MS42Njc2IDI5Ljk5MTEgODEuODczOEMyOC40MTM4IDgyLjM3MjkgMjYuNjM4NyA4Mi41NTYyIDI0LjQ5NTYgODIuNzgxOUMyMy40ODk0IDgyLjg2NiAyMi42MjEzIDgyLjgxNTggMjEuNTU0NiA4My4wMTg4QzIxLjMxOTggODMuMDYzNSAyMC45OTI3IDgzLjE0OTEgMjAuNzM1OCA4My4yMDk3QzIwLjcyNjkgODMuMjExNiAyMC43MTg2IDgzLjIxNDIgMjAuNzA5NiA4My4yMTYyQzIwLjY5NTYgODMuMjE5NSAyMC42NzcyIDgzLjIyNjMgMjAuNjYzOCA4My4yMjk0QzE4Ljg1NyA4My42NjggMTcuNjk2MyA4NS4zMzY1IDE4LjA2OTkgODYuOTgwNUMxOC40NDM3IDg4LjYyNDggMjAuMjA4NiA4OS42MjQ4IDIyLjAyNjIgODkuMjMxMkMyMi4wMzkzIDg5LjIyODIgMjIuMDU4NCA4OS4yMjc3IDIyLjA3MiA4OS4yMjQ2QzIyLjA5MjYgODkuMjE5OSAyMi4xMTA2IDg5LjIwOTkgMjIuMTMxIDg5LjIwNDlDMjIuMzg0NCA4OS4xNDkgMjIuNzAxOSA4OS4wODY4IDIyLjkyMzYgODkuMDI3MkMyMy45NzIzIDg4Ljc0NTEgMjQuNzMxOCA4OC4zMzA2IDI1LjY3NDYgODcuOTY3N0MyNy43MDI5IDg3LjIzNjggMjkuMzgyOCA4Ni42MjYyIDMxLjAxOTUgODYuMzg4M0MzMS43MDMgODYuMzM0NSAzMi40MjMyIDg2LjgxMiAzMi43ODE0IDg3LjAxMzRMMzQuMTE3NyA4Ni43ODMxQzM3LjE5MjYgOTYuMzYxMyA0My42MzY2IDEwNC4xMDMgNTEuNzk2MyAxMDguOTYxTDUxLjIzOTYgMTEwLjMwM0M1MS40NDAzIDExMC44MjQgNTEuNjYxNiAxMTEuNTMgNTEuNTEyMSAxMTIuMDQ1QzUwLjkxNzEgMTEzLjU5NSA0OS44OTggMTE1LjIzMSA0OC43Mzc0IDExNy4wNTVDNDguMTc1NSAxMTcuODk4IDQ3LjYwMDQgMTE4LjU1MiA0Ny4wOTM0IDExOS41MTZDNDYuOTcyIDExOS43NDcgNDYuODE3NSAxMjAuMTAyIDQ2LjcwMDQgMTIwLjM0NkM0NS45MTI1IDEyMi4wMzkgNDYuNDkwNCAxMjMuOTkgNDguMDAzOCAxMjQuNzIyQzQ5LjUyNjggMTI1LjQ1OSA1MS40MTcxIDEyNC42ODIgNTIuMjM1MiAxMjIuOTg1QzUyLjIzNjQgMTIyLjk4MiA1Mi4yNDA2IDEyMi45OCA1Mi4yNDE3IDEyMi45NzhDNTIuMjQyNiAxMjIuOTc2IDUyLjI0MDkgMTIyLjk3MyA1Mi4yNDE3IDEyMi45NzFDNTIuMzU4MiAxMjIuNzMxIDUyLjUyMzMgMTIyLjQxNSA1Mi42MjE2IDEyMi4xODhDNTMuMDU2IDEyMS4xODkgNTMuMjAwNSAxMjAuMzMyIDUzLjUwNTkgMTE5LjM2NUM1NC4zMTcgMTE3LjMxOCA1NC43NjI2IDExNS4xNyA1NS44NzkxIDExMy44MzJDNTYuMTg0OSAxMTMuNDY2IDU2LjY4MzMgMTEzLjMyNSA1Ny4yMDAxIDExMy4xODZMNTcuODk0NCAxMTEuOTIyQzY1LjAwOCAxMTQuNjY1IDcyLjk3MDUgMTE1LjQwMiA4MC45MjQ1IDExMy41ODdDODIuNzM5MSAxMTMuMTczIDg0LjQ5MDggMTEyLjYzNyA4Ni4xODQzIDExMS45OTRDODYuMzc5NCAxMTIuMzQyIDg2Ljc0MiAxMTMuMDExIDg2LjgzOTMgMTEzLjE3OUM4Ny4zNjQ0IDExMy4zNTEgODcuOTM3NyAxMTMuNDM5IDg4LjQwNDcgMTE0LjEzM0M4OS4yNDAxIDExNS41NjcgODkuODExNCAxMTcuMjYzIDkwLjUwNzMgMTE5LjMxMkM5MC44MTI4IDEyMC4yNzkgOTAuOTYzOCAxMjEuMTM2IDkxLjM5ODEgMTIyLjEzNkM5MS40OTcxIDEyMi4zNjMgOTEuNjYxNCAxMjIuNjg0IDkxLjc3OCAxMjIuOTI1QzkyLjU5NDQgMTI0LjYyOCA5NC40OTA3IDEyNS40MDcgOTYuMDE1OSAxMjQuNjY5Qzk3LjUyOTIgMTIzLjkzNyA5OC4xMDc3IDEyMS45ODYgOTcuMzE5NCAxMjAuMjkzQzk3LjIwMjMgMTIwLjA0OSA5Ny4wNDEyIDExOS42OTUgOTYuOTE5OCAxMTkuNDY0Qzk2LjQxMjcgMTE4LjQ5OSA5NS44Mzc3IDExNy44NTIgOTUuMjc1OCAxMTcuMDA5Qzk0LjExNTIgMTE1LjE4NSA5My4xNTI2IDExMy42NyA5Mi41NTc1IDExMi4xMkM5Mi4zMDg3IDExMS4zMiA5Mi41OTk1IDExMC44MjMgOTIuNzkzMyAxMTAuMzAzQzkyLjY3NzIgMTEwLjE3IDkyLjQyODggMTA5LjQxNCA5Mi4yODI0IDEwOS4wNTlDMTAwLjc2MiAxMDQuMDI5IDEwNy4wMTcgOTUuOTk4NSAxMDkuOTU1IDg2LjcyMzlDMTEwLjM1MSA4Ni43ODY1IDExMS4wNDEgODYuOTA5MSAxMTEuMjY1IDg2Ljk1NDJDMTExLjcyNiA4Ni42NDg3IDExMi4xNDkgODYuMjUwMSAxMTIuOTgxIDg2LjMxNTlDMTE0LjYxNyA4Ni41NTM3IDExNi4yOTcgODcuMTY0NSAxMTguMzI2IDg3Ljg5NTNDMTE5LjI2OCA4OC4yNTgxIDEyMC4wMjggODguNjc5MyAxMjEuMDc3IDg4Ljk2MTRDMTIxLjI5OCA4OS4wMjEgMTIxLjYxNiA4OS4wNzY2IDEyMS44NjkgODkuMTMyNUMxMjEuODg5IDg5LjEzNzUgMTIxLjkwOCA4OS4xNDc1IDEyMS45MjggODkuMTUyMkMxMjEuOTQyIDg5LjE1NTMgMTIxLjk2MSA4OS4xNTU4IDEyMS45NzQgODkuMTU4OEMxMjMuNzkyIDg5LjU1MiAxMjUuNTU3IDg4LjU1MjYgMTI1LjkzIDg2LjkwODFDMTI2LjMwMyA4NS4yNjQxIDEyNS4xNDMgODMuNTk1MiAxMjMuMzM2IDgzLjE1N0MxMjMuMDc0IDgzLjA5NyAxMjIuNzAxIDgyLjk5NSAxMjIuNDQ2IDgyLjk0NjVDMTIxLjM3OSA4Mi43NDM1IDEyMC41MTEgODIuNzkzNSAxMTkuNTA1IDgyLjcwOTVDMTE3LjM2MSA4Mi40ODM5IDExNS41ODYgODIuMzAwNCAxMTQuMDA5IDgxLjgwMTRDMTEzLjM2NiA4MS41NTA3IDExMi45MDggODAuNzgxOSAxMTIuNjg2IDgwLjQ2NTVMMTExLjQ0OCA4MC4xMDM1QzExMi4wOSA3NS40MzggMTExLjkxNyA3MC41ODI1IDExMC44MDYgNjUuNzI0M0MxMDkuNjg1IDYwLjgyMDggMTA3LjcwNCA1Ni4zMzYxIDEwNS4wNjIgNTIuMzg0OEMxMDUuMzc5IDUyLjA5NDggMTA1Ljk3OSA1MS41NjEyIDEwNi4xNDkgNTEuNDA0M0MxMDYuMTk5IDUwLjg1MTcgMTA2LjE1NiA1MC4yNzIyIDEwNi43MjUgNDkuNjYwM0MxMDcuOTMxIDQ4LjUyMyAxMDkuNDUxIDQ3LjU3OTkgMTExLjI4NCA0Ni40NDIzQzExMi4xNTQgNDUuOTI3OSAxMTIuOTU5IDQ1LjU5NjQgMTEzLjgzMiA0NC45NDg0QzExNC4wMyA0NC44MDE5IDExNC4yOTkgNDQuNTY5OSAxMTQuNTA3IDQ0LjQwMjJDMTE1Ljk3NyA0My4yMjM3IDExNi4zMTYgNDEuMTkxMSAxMTUuMjYgMzkuODYxNEMxMTQuMjA0IDM4LjUzMTcgMTEyLjE1OSAzOC40MDY1IDExMC42ODggMzkuNTg1QzExMC40NzkgMzkuNzUxNiAxMTAuMTk1IDM5Ljk2ODggMTEwLjAwNyA0MC4xMzEyQzEwOS4xODQgNDAuODQyNiAxMDguNjc2IDQxLjU0NTIgMTA3Ljk4MyA0Mi4yODMyQzEwNi40NzEgNDMuODI1OSAxMDUuMjIyIDQ1LjExMyAxMDMuODUgNDYuMDQwOUMxMDMuMjU1IDQ2LjM4ODUgMTAyLjM4NSA0Ni4yNjgyIDEwMS45OSA0Ni4yNDQ5TDEwMC44MjQgNDcuMDgwNkM5NC4xNzUzIDQwLjA3NjMgODUuMTIzNSAzNS41OTgyIDc1LjM3NjYgMzQuNzI4M0M3NS4zNDk0IDM0LjMxNzkgNzUuMzEzNyAzMy41NzYxIDc1LjMwNDYgMzMuMzUyOUM3NC45MDU2IDMyLjk2OTMgNzQuNDIzNSAzMi42NDE4IDc0LjMwMjQgMzEuODEzQzc0LjE2OTEgMzAuMTU2OSA3NC4zOTE3IDI4LjM3NTIgNzQuNjQ5NiAyNi4yMjU4Qzc0Ljc5MTkgMjUuMjIxNiA3NS4wMjg0IDI0LjM4NzMgNzUuMDY4OCAyMy4yOTczQzc1LjA3OCAyMy4wNDk1IDc1LjA2MzIgMjIuNjkgNzUuMDYyMiAyMi40MjIxQzc1LjA2MiAyMC41MzIyIDczLjY4OTggMTguOTk5OCA3MS45OTY4IDE5Wk02OC4xNTg1IDQyLjg4ODZMNjcuMjQ4IDU5LjA0NDdMNjcuMTgyNSA1OS4wNzc2QzY3LjEyMTQgNjAuNTIyOSA2NS45Mzc1IDYxLjY3NyA2NC40ODM5IDYxLjY3N0M2My44ODg0IDYxLjY3NyA2My4zMzg4IDYxLjQ4NDkgNjIuODkyMiA2MS4xNTcxTDYyLjg2NiA2MS4xNzAzTDQ5LjY4MDcgNTEuNzc5NEM1My43MzMxIDQ3Ljc3NTkgNTguOTE2NCA0NC44MTcyIDY0Ljg5IDQzLjQ1NDZDNjUuOTgxMiA0My4yMDU2IDY3LjA3MTkgNDMuMDIwOSA2OC4xNTg1IDQyLjg4ODZaTTc1Ljg0MTcgNDIuODg4NkM4Mi44MTU5IDQzLjc1MDQgODkuMjY1NyA0Ni45MjMyIDk0LjIwODEgNTEuNzg2TDgxLjEwOCA2MS4xMTc2TDgxLjA2MjEgNjEuMDk3OUM3OS44OTk0IDYxLjk1MTIgNzguMjYxMSA2MS43Mzk0IDc3LjM1NDggNjAuNTk3OEM3Ni45ODM1IDYwLjEzMDEgNzYuNzg4NyA1OS41ODAxIDc2Ljc2NTMgNTkuMDI0OUw3Ni43NTIyIDU5LjAxODRMNzUuODQxNyA0Mi44ODg2Wk00NC44OTkxIDU3LjgxNEw1Ni45MzgyIDY4LjYzM0w1Ni45MjUxIDY4LjY5ODhDNTguMDExNyA2OS42NDc5IDU4LjE3MiA3MS4yOTQ5IDU3LjI2NTcgNzIuNDM2OEM1Ni44OTQ0IDcyLjkwNDUgNTYuMzk3NSA3My4yMTgyIDU1Ljg2MzkgNzMuMzY0N0w1NS44NTA4IDczLjQxNzNMNDAuNDE4OCA3Ny44OTIzQzM5LjYzMzQgNzAuNjc2NSA0MS4zMjYxIDYzLjY2MjEgNDQuODk5MSA1Ny44MTRaTTk5LjAwOTQgNTcuODIwNkMxMDAuNzk4IDYwLjczMzYgMTAyLjE1MyA2My45ODcxIDEwMi45NTkgNjcuNTE0M0MxMDMuNzU2IDcwLjk5OTEgMTAzLjk1NiA3NC40Nzc4IDEwMy42MjcgNzcuODM5N0w4OC4xMTY2IDczLjM1MTVMODguMTAzNSA3My4yODU3Qzg2LjcxNDUgNzIuOTA0MyA4NS44NjA5IDcxLjQ4NDggODYuMTg0MyA3MC4wNjExQzg2LjMxNjggNjkuNDc3OCA4Ni42MjQ5IDY4Ljk4NDQgODcuMDQyMyA2OC42MTk4TDg3LjAzNTggNjguNTg2OUw5OS4wMDk0IDU3LjgyMDZaTTY5LjUyNzQgNjkuNDY4OEg3NC40NTk2TDc3LjUyNTEgNzMuMzE4Nkw3Ni40MjQ3IDc4LjEyMjZMNzEuOTk2OCA4MC4yNjE0TDY3LjU1NTggNzguMTE2MUw2Ni40NTU0IDczLjMxMkw2OS41Mjc0IDY5LjQ2ODhaTTg1LjMzOTMgODIuNjQzN0M4NS41NDg5IDgyLjYzMzEgODUuNzU3NiA4Mi42NTIgODUuOTYxNiA4Mi42ODk4TDg1Ljk4NzggODIuNjU2OUwxMDEuOTUgODUuMzY4MkM5OS42MTQyIDkxLjk2MjQgOTUuMTQ0IDk3LjY3NSA4OS4xNzExIDEwMS40OThMODIuOTc0NyA4Ni40NjA2TDgyLjk5NDQgODYuNDM0M0M4Mi40MjUyIDg1LjEwNTUgODIuOTk0OCA4My41NDcyIDg0LjMwNDQgODIuOTEzNUM4NC42Mzk3IDgyLjc1MTMgODQuOTkgODIuNjYxNCA4NS4zMzkzIDgyLjY0MzdaTTU4LjUyOTggODIuNzA5NUM1OS43NDggODIuNzI2NyA2MC44NDA2IDgzLjU3NjEgNjEuMTIzNyA4NC44MjJDNjEuMjU2MiA4NS40MDUyIDYxLjE5MTcgODUuOTgzMSA2MC45NzMgODYuNDkzNUw2MS4wMTg5IDg2LjU1MjdMNTQuODg4IDEwMS40MzlDNDkuMTU1OSA5Ny43NDMyIDQ0LjU5MDQgOTIuMjA5OSA0Mi4xNDgxIDg1LjQyMDhMNTcuOTczMSA4Mi43MjI3TDU3Ljk5OTMgODIuNzU1NkM1OC4xNzYzIDgyLjcyMjkgNTguMzU1OCA4Mi43MDcxIDU4LjUyOTggODIuNzA5NVpNNzEuODk4NiA4OS4yMzEyQzcyLjMyMjkgODkuMjE1NSA3Mi43NTM0IDg5LjMwMyA3My4xNjI3IDg5LjUwMUM3My42OTkyIDg5Ljc2MDYgNzQuMTEzNiA5MC4xNjkyIDc0LjM3NDUgOTAuNjU5Mkg3NC40MzM0TDgyLjIzNDYgMTA0LjgyMUM4MS4yMjIxIDEwNS4xNjIgODAuMTgxMyAxMDUuNDU0IDc5LjExNjcgMTA1LjY5N0M3My4xNTA1IDEwNy4wNTggNjcuMjAzMiAxMDYuNjQ1IDYxLjgxOCAxMDQuODAyTDY5LjU5OTUgOTAuNjY1OEg2OS42MTI2QzcwLjA3OTUgODkuNzg4OCA3MC45NjUgODkuMjY1NiA3MS44OTg2IDg5LjIzMTJaIiBmaWxsPSJ3aGl0ZSIgc3Ryb2tlPSJ3aGl0ZSIgc3Ryb2tlLXdpZHRoPSIwLjI1Ii8+CjxkZWZzPgo8bGluZWFyR3JhZGllbnQgaWQ9InBhaW50MF9saW5lYXJfNjgxXzI4NDUiIHgxPSIxMCIgeTE9IjE1LjUiIHgyPSIxNDQiIHkyPSIxMzEuNSIgZ3JhZGllbnRVbml0cz0idXNlclNwYWNlT25Vc2UiPgo8c3RvcCBzdG9wLWNvbG9yPSIjNEQ4N0ZGIi8+CjxzdG9wIG9mZnNldD0iMSIgc3RvcC1jb2xvcj0iIzA1NDdEMCIvPgo8L2xpbmVhckdyYWRpZW50Pgo8L2RlZnM+Cjwvc3ZnPgo= + keysOrder: [["apiVersion"], ["appVersion"], ["kind"], ["metadata"], ["metadata", "name"], ["spec", "storageClass"], ["spec", "version"], ["spec", "host"], ["spec", "nodeGroups"], ["spec", "nodeGroups", "md0"], ["spec", "nodeGroups", "md0", "minReplicas"], ["spec", "nodeGroups", "md0", "maxReplicas"], ["spec", "nodeGroups", "md0", "instanceType"], ["spec", "nodeGroups", "md0", "ephemeralStorage"], ["spec", "nodeGroups", "md0", "roles"], ["spec", "nodeGroups", "md0", "resources"], ["spec", "nodeGroups", "md0", "gpus"], ["spec", "addons"], ["spec", "addons", "certManager"], ["spec", "addons", "certManager", "enabled"], ["spec", "addons", "certManager", "valuesOverride"], ["spec", "addons", "cilium"], ["spec", "addons", "cilium", "valuesOverride"], ["spec", "addons", "gatewayAPI"], ["spec", "addons", "gatewayAPI", "enabled"], ["spec", "addons", "ingressNginx"], ["spec", "addons", "ingressNginx", "enabled"], ["spec", "addons", "ingressNginx", "exposeMethod"], ["spec", "addons", "ingressNginx", "hosts"], ["spec", "addons", "ingressNginx", "valuesOverride"], ["spec", "addons", "gpuOperator"], ["spec", "addons", "gpuOperator", "enabled"], ["spec", "addons", "gpuOperator", "valuesOverride"], ["spec", "addons", "fluxcd"], ["spec", "addons", "fluxcd", "enabled"], ["spec", "addons", "fluxcd", "valuesOverride"], ["spec", "addons", "monitoringAgents"], ["spec", "addons", "monitoringAgents", "enabled"], ["spec", "addons", "monitoringAgents", "valuesOverride"], ["spec", "addons", "verticalPodAutoscaler"], ["spec", "addons", "verticalPodAutoscaler", "valuesOverride"], ["spec", "addons", "velero"], ["spec", "addons", "velero", "enabled"], ["spec", "addons", "velero", "valuesOverride"], ["spec", "addons", "coredns"], ["spec", "addons", "coredns", "valuesOverride"], ["spec", "controlPlane"], ["spec", "controlPlane", "replicas"], ["spec", "controlPlane", "apiServer"], ["spec", "controlPlane", "apiServer", "resources"], ["spec", "controlPlane", "apiServer", "resourcesPreset"], ["spec", "controlPlane", "controllerManager"], ["spec", "controlPlane", "controllerManager", "resourcesPreset"], ["spec", "controlPlane", "controllerManager", "resources"], ["spec", "controlPlane", "scheduler"], ["spec", "controlPlane", "scheduler", "resourcesPreset"], ["spec", "controlPlane", "scheduler", "resources"], ["spec", "controlPlane", "konnectivity"], ["spec", "controlPlane", "konnectivity", "server"], ["spec", "controlPlane", "konnectivity", "server", "resourcesPreset"], ["spec", "controlPlane", "konnectivity", "server", "resources"]] + secrets: + exclude: + - matchLabels: + apps.cozystack.io/tenantresource: "false" + include: [{}] diff --git a/packages/system/cozystack-api/templates/cozystack-resource-definitions/monitoring.yaml b/packages/system/cozystack-api/templates/cozystack-resource-definitions/monitoring.yaml new file mode 100644 index 00000000..aca8cbba --- /dev/null +++ b/packages/system/cozystack-api/templates/cozystack-resource-definitions/monitoring.yaml @@ -0,0 +1,34 @@ +apiVersion: cozystack.io/v1alpha1 +kind: CozystackResourceDefinition +metadata: + name: monitoring +spec: + application: + kind: Monitoring + singular: monitoring + plural: monitorings + openAPISchema: |- + {"title":"Chart Values","type":"object","properties":{"alerta":{"description":"Configuration for Alerta service","type":"object","default":{},"properties":{"alerts":{"description":"Configuration for alerts","type":"object","default":{},"properties":{"telegram":{"description":"Configuration for Telegram alerts","type":"object","default":{},"required":["chatID","disabledSeverity","token"],"properties":{"chatID":{"description":"Specify multiple ID's separated by comma. Get yours in https://t.me/chatid_echo_bot","type":"string"},"disabledSeverity":{"description":"List of severity without alerts, separated by comma like: \"informational,warning\"","type":"string"},"token":{"description":"Telegram token for your bot","type":"string"}}}}},"resources":{"description":"Resources configuration","type":"object","default":{},"properties":{"limits":{"type":"object","default":{},"properties":{"cpu":{"description":"CPU limit (maximum available CPU)","default":1,"pattern":"^(\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))))?$","anyOf":[{"type":"integer"},{"type":"string"}],"x-kubernetes-int-or-string":true},"memory":{"description":"Memory limit (maximum available memory)","default":"1Gi","pattern":"^(\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))))?$","anyOf":[{"type":"integer"},{"type":"string"}],"x-kubernetes-int-or-string":true}}},"requests":{"type":"object","default":{},"properties":{"cpu":{"description":"CPU request (minimum available CPU)","default":"100m","pattern":"^(\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))))?$","anyOf":[{"type":"integer"},{"type":"string"}],"x-kubernetes-int-or-string":true},"memory":{"description":"Memory request (minimum available memory)","default":"256Mi","pattern":"^(\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))))?$","anyOf":[{"type":"integer"},{"type":"string"}],"x-kubernetes-int-or-string":true}}}}},"storage":{"description":"Persistent Volume size for the database","type":"string","default":"10Gi"},"storageClassName":{"description":"StorageClass used to store the data","type":"string"}}},"grafana":{"description":"Configuration for Grafana","type":"object","default":{},"properties":{"db":{"description":"Database configuration","type":"object","default":{},"properties":{"size":{"description":"Persistent Volume size for the database","type":"string","default":"10Gi"}}},"resources":{"description":"Resources configuration","type":"object","default":{},"properties":{"limits":{"type":"object","default":{},"properties":{"cpu":{"description":"CPU limit (maximum available CPU)","default":1,"pattern":"^(\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))))?$","anyOf":[{"type":"integer"},{"type":"string"}],"x-kubernetes-int-or-string":true},"memory":{"description":"Memory limit (maximum available memory)","default":"1Gi","pattern":"^(\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))))?$","anyOf":[{"type":"integer"},{"type":"string"}],"x-kubernetes-int-or-string":true}}},"requests":{"type":"object","default":{},"properties":{"cpu":{"description":"CPU request (minimum available CPU)","default":"100m","pattern":"^(\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))))?$","anyOf":[{"type":"integer"},{"type":"string"}],"x-kubernetes-int-or-string":true},"memory":{"description":"Memory request (minimum available memory)","default":"256Mi","pattern":"^(\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))))?$","anyOf":[{"type":"integer"},{"type":"string"}],"x-kubernetes-int-or-string":true}}}}}}},"host":{"description":"The hostname used to access the grafana externally (defaults to 'grafana' subdomain for the tenant host).","type":"string"},"logsStorages":{"description":"Configuration of logs storage instances","type":"array","default":[{"name":"generic","retentionPeriod":"1","storage":"10Gi","storageClassName":"replicated"}],"items":{"type":"object","required":["name","retentionPeriod","storage"],"properties":{"name":{"description":"Name of the storage instance","type":"string"},"retentionPeriod":{"description":"Retention period for the logs in the storage instance","type":"string","default":"1"},"storage":{"description":"Persistent Volume size for the storage instance","type":"string","default":"10Gi"},"storageClassName":{"description":"StorageClass used to store the data","type":"string","default":"replicated"}}}},"metricsStorages":{"description":"Configuration of metrics storage instances","type":"array","default":[{"deduplicationInterval":"15s","name":"shortterm","retentionPeriod":"3d","storage":"10Gi","storageClassName":""},{"deduplicationInterval":"5m","name":"longterm","retentionPeriod":"14d","storage":"10Gi","storageClassName":""}],"items":{"type":"object","required":["deduplicationInterval","name","retentionPeriod","storage"],"properties":{"deduplicationInterval":{"description":"Deduplication interval for the metrics in the storage instance","type":"string"},"name":{"description":"Name of the storage instance","type":"string"},"retentionPeriod":{"description":"Retention period for the metrics in the storage instance","type":"string"},"storage":{"description":"Persistent Volume size for the storage instance","type":"string","default":"10Gi"},"storageClassName":{"description":"StorageClass used to store the data","type":"string"},"vminsert":{"description":"Configuration for vminsert component of the storage instance","type":"object","properties":{"maxAllowed":{"description":"Limits (maximum allowed/available resources )","type":"object","properties":{"cpu":{"description":"CPU limit (maximum available CPU)","default":1,"pattern":"^(\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))))?$","anyOf":[{"type":"integer"},{"type":"string"}],"x-kubernetes-int-or-string":true},"memory":{"description":"Memory limit (maximum available memory)","default":"1Gi","pattern":"^(\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))))?$","anyOf":[{"type":"integer"},{"type":"string"}],"x-kubernetes-int-or-string":true}}},"minAllowed":{"description":"Requests (minimum allowed/available resources)","type":"object","properties":{"cpu":{"description":"CPU request (minimum available CPU)","default":"100m","pattern":"^(\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))))?$","anyOf":[{"type":"integer"},{"type":"string"}],"x-kubernetes-int-or-string":true},"memory":{"description":"Memory request (minimum available memory)","default":"256Mi","pattern":"^(\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))))?$","anyOf":[{"type":"integer"},{"type":"string"}],"x-kubernetes-int-or-string":true}}}}},"vmselect":{"description":"Configuration for vmselect component of the storage instance","type":"object","properties":{"maxAllowed":{"description":"Limits (maximum allowed/available resources )","type":"object","properties":{"cpu":{"description":"CPU limit (maximum available CPU)","default":1,"pattern":"^(\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))))?$","anyOf":[{"type":"integer"},{"type":"string"}],"x-kubernetes-int-or-string":true},"memory":{"description":"Memory limit (maximum available memory)","default":"1Gi","pattern":"^(\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))))?$","anyOf":[{"type":"integer"},{"type":"string"}],"x-kubernetes-int-or-string":true}}},"minAllowed":{"description":"Requests (minimum allowed/available resources)","type":"object","properties":{"cpu":{"description":"CPU request (minimum available CPU)","default":"100m","pattern":"^(\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))))?$","anyOf":[{"type":"integer"},{"type":"string"}],"x-kubernetes-int-or-string":true},"memory":{"description":"Memory request (minimum available memory)","default":"256Mi","pattern":"^(\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))))?$","anyOf":[{"type":"integer"},{"type":"string"}],"x-kubernetes-int-or-string":true}}}}},"vmstorage":{"description":"Configuration for vmstorage component of the storage instance","type":"object","properties":{"maxAllowed":{"description":"Limits (maximum allowed/available resources )","type":"object","properties":{"cpu":{"description":"CPU limit (maximum available CPU)","default":1,"pattern":"^(\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))))?$","anyOf":[{"type":"integer"},{"type":"string"}],"x-kubernetes-int-or-string":true},"memory":{"description":"Memory limit (maximum available memory)","default":"1Gi","pattern":"^(\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))))?$","anyOf":[{"type":"integer"},{"type":"string"}],"x-kubernetes-int-or-string":true}}},"minAllowed":{"description":"Requests (minimum allowed/available resources)","type":"object","properties":{"cpu":{"description":"CPU request (minimum available CPU)","default":"100m","pattern":"^(\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))))?$","anyOf":[{"type":"integer"},{"type":"string"}],"x-kubernetes-int-or-string":true},"memory":{"description":"Memory request (minimum available memory)","default":"256Mi","pattern":"^(\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))))?$","anyOf":[{"type":"integer"},{"type":"string"}],"x-kubernetes-int-or-string":true}}}}}}}}}} + release: + prefix: "" + labels: + cozystack.io/ui: "true" + chart: + name: monitoring + sourceRef: + kind: HelmRepository + name: cozystack-extra + namespace: cozy-public + dashboard: + category: Administration + singular: Monitoring + plural: Monitoring + name: monitoring + description: Monitoring and observability stack + icon: PHN2ZyB3aWR0aD0iMTQ0IiBoZWlnaHQ9IjE0NCIgdmlld0JveD0iMCAwIDE0NCAxNDQiIGZpbGw9Im5vbmUiIHhtbG5zPSJodHRwOi8vd3d3LnczLm9yZy8yMDAwL3N2ZyI+CjxyZWN0IHdpZHRoPSIxNDQiIGhlaWdodD0iMTQ0IiByeD0iMjQiIGZpbGw9InVybCgjcGFpbnQwX2xpbmVhcl82ODdfMzI2OCkiLz4KPGcgY2xpcC1wYXRoPSJ1cmwoI2NsaXAwXzY4N18zMjY4KSI+CjxwYXRoIGQ9Ik04OS41MDM5IDExMS43MDdINTQuNDk3QzU0LjE3MjcgMTExLjcwNyA1NC4wMTA4IDExMS4yMjEgNTQuMzM0OSAxMTEuMDU5TDU3LjI1MjIgMTA4Ljk1MkM2MC4zMzE0IDEwNi42ODMgNjEuOTUyMiAxMDIuNjMxIDYwLjk3OTcgOTguNzQxMkg4My4wMjFDODIuMDQ4NSAxMDIuNjMxIDgzLjY2OTMgMTA2LjY4MyA4Ni43NDg1IDEwOC45NTJMODkuNjY1OCAxMTEuMDU5Qzg5Ljk5IDExMS4yMjEgODkuODI3OSAxMTEuNzA3IDg5LjUwMzkgMTExLjcwN1oiIGZpbGw9IiNCMEI2QkIiLz4KPHBhdGggZD0iTTExMy4zMjggOTguNzQxSDMwLjY3MjVDMjcuNTkzMSA5OC43NDEgMjUgOTYuMTQ4IDI1IDkzLjA2ODdWMzMuMTAzMkMyNSAzMC4wMjM5IDI3LjU5MzEgMjcuNDMwNyAzMC42NzI1IDI3LjQzMDdIMTEzLjMyOEMxMTYuNDA3IDI3LjQzMDcgMTE5IDMwLjAyMzcgMTE5IDMzLjEwMzJWOTMuMDY4N0MxMTkgOTYuMTQ4IDExNi40MDcgOTguNzQxIDExMy4zMjggOTguNzQxWiIgZmlsbD0iI0U4RURFRSIvPgo8cGF0aCBkPSJNMTE5IDg0LjE1NDlIMjVWMzMuMTAzMkMyNSAzMC4wMjM5IDI3LjU5MzEgMjcuNDMwNyAzMC42NzI1IDI3LjQzMDdIMTEzLjMyOEMxMTYuNDA3IDI3LjQzMDcgMTE5IDMwLjAyMzcgMTE5IDMzLjEwMzJMMTE5IDg0LjE1NDlaIiBmaWxsPSIjMzg0NTRGIi8+CjxwYXRoIGQ9Ik05MC42Mzc0IDExNi41NjlINTMuMzYxNkM1Mi4wNjUxIDExNi41NjkgNTAuOTMwNyAxMTUuNDM1IDUwLjkzMDcgMTE0LjEzOEM1MC45MzA3IDExMi44NDEgNTIuMDY1MSAxMTEuNzA3IDUzLjM2MTYgMTExLjcwN0g5MC42Mzc0QzkxLjkzMzkgMTExLjcwNyA5My4wNjg0IDExMi44NDEgOTMuMDY4NCAxMTQuMTM4QzkzLjA2ODQgMTE1LjQzNSA5MS45MzM5IDExNi41NjkgOTAuNjM3NCAxMTYuNTY5WiIgZmlsbD0iI0U4RURFRSIvPgo8cGF0aCBkPSJNNTQuMTcyMiAzOC43NzU3SDMzLjEwMzJDMzIuMTMwNyAzOC43NzU3IDMxLjQ4MjQgMzguMTI3NCAzMS40ODI0IDM3LjE1NDlDMzEuNDgyNCAzNi4xODI0IDMyLjEzMDcgMzUuNTM0MiAzMy4xMDMyIDM1LjUzNDJINTQuMTcyMkM1NS4xNDQ3IDM1LjUzNDIgNTUuNzkzIDM2LjE4MjQgNTUuNzkzIDM3LjE1NDlDNTUuNzkyOCAzOC4xMjc0IDU1LjE0NDUgMzguNzc1NyA1NC4xNzIyIDM4Ljc3NTdaIiBmaWxsPSIjREQzNDJFIi8+CjxwYXRoIGQ9Ik02My44OTYzIDQ1LjI1OTFINDEuMjA2N0M0MC4yMzQyIDQ1LjI1OTEgMzkuNTg1OSA0NC42MTA4IDM5LjU4NTkgNDMuNjM4M0MzOS41ODU5IDQyLjY2NTggNDAuMjM0MiA0Mi4wMTc2IDQxLjIwNjcgNDIuMDE3Nkg2My44OTYzQzY0Ljg2ODggNDIuMDE3NiA2NS41MTcxIDQyLjY2NTggNjUuNTE3MSA0My42MzgzQzY1LjUxNzEgNDQuNjEwOCA2NC44Njg4IDQ1LjI1OTEgNjMuODk2MyA0NS4yNTkxWiIgZmlsbD0iIzczODNCRiIvPgo8cGF0aCBkPSJNMzQuNzI0IDQ1LjI1OTFIMzMuMTAzMkMzMi4xMzA3IDQ1LjI1OTEgMzEuNDgyNCA0NC42MTA4IDMxLjQ4MjQgNDMuNjM4M0MzMS40ODI0IDQyLjY2NTggMzIuMTMwNyA0Mi4wMTc2IDMzLjEwMzIgNDIuMDE3NkgzNC43MjRDMzUuNjk2NCA0Mi4wMTc2IDM2LjM0NDcgNDIuNjY1OCAzNi4zNDQ3IDQzLjYzODNDMzYuMzQ0NyA0NC42MTA4IDM1LjY5NjMgNDUuMjU5MSAzNC43MjQgNDUuMjU5MVoiIGZpbGw9IiM0MkIwNUMiLz4KPHBhdGggZD0iTTYzLjg5NjMgMzguNzc1N0g2MC42NTQ5QzU5LjY4MjQgMzguNzc1NyA1OS4wMzQyIDM4LjEyNzQgNTkuMDM0MiAzNy4xNTQ5QzU5LjAzNDIgMzYuMTgyNCA1OS42ODI0IDM1LjUzNDIgNjAuNjU0OSAzNS41MzQySDYzLjg5NjNDNjQuODY4OCAzNS41MzQyIDY1LjUxNzEgMzYuMTgyNCA2NS41MTcxIDM3LjE1NDlDNjUuNTE3MSAzOC4xMjc0IDY0Ljg2ODggMzguNzc1NyA2My44OTYzIDM4Ljc3NTdaIiBmaWxsPSIjRUNCQTE2Ii8+CjxwYXRoIGQ9Ik00Ny42ODkzIDUxLjc0MTNIMzMuMTAzMkMzMi4xMzA3IDUxLjc0MTMgMzEuNDgyNCA1MS4wOTMxIDMxLjQ4MjQgNTAuMTIwNkMzMS40ODI0IDQ5LjE0ODEgMzIuMTMwNyA0OC41IDMzLjEwMzIgNDguNUg0Ny42ODkzQzQ4LjY2MTggNDguNSA0OS4zMTAxIDQ5LjE0ODMgNDkuMzEwMSA1MC4xMjA4QzQ5LjMxMDEgNTEuMDkzMyA0OC42NjE4IDUxLjc0MTMgNDcuNjg5MyA1MS43NDEzWiIgZmlsbD0iI0REMzQyRSIvPgo8cGF0aCBkPSJNNjMuODk2OCA1MS43NDEzSDU0LjE3MjVDNTMuMiA1MS43NDEzIDUyLjU1MTggNTEuMDkzMSA1Mi41NTE4IDUwLjEyMDZDNTIuNTUxOCA0OS4xNDgxIDUzLjIwMDIgNDguNSA1NC4xNzI3IDQ4LjVINjMuODk2OUM2NC44Njk0IDQ4LjUgNjUuNTE3NyA0OS4xNDgzIDY1LjUxNzcgNTAuMTIwOEM2NS41MTc3IDUxLjA5MzMgNjQuODY5MiA1MS43NDEzIDYzLjg5NjggNTEuNzQxM1oiIGZpbGw9IiNFQ0JBMTYiLz4KPHBhdGggZD0iTTU0LjE3MjIgNTguMjI0SDMzLjEwMzJDMzIuMTMwNyA1OC4yMjQgMzEuNDgyNCA1Ny41NzU3IDMxLjQ4MjQgNTYuNjAzMkMzMS40ODI0IDU1LjYzMDcgMzIuMTMwNyA1NC45ODI0IDMzLjEwMzIgNTQuOTgyNEg1NC4xNzIyQzU1LjE0NDcgNTQuOTgyNCA1NS43OTMgNTUuNjMwNyA1NS43OTMgNTYuNjAzMkM1NS43OTMgNTcuNTc1NyA1NS4xNDQ1IDU4LjIyNCA1NC4xNzIyIDU4LjIyNFoiIGZpbGw9IiM0MkIwNUMiLz4KPHBhdGggZD0iTTYzLjg5NjMgNjQuNzA3NEg0MS4yMDY3QzQwLjIzNDIgNjQuNzA3NCAzOS41ODU5IDY0LjA1OTEgMzkuNTg1OSA2My4wODY2QzM5LjU4NTkgNjIuMTE0MSA0MC4yMzQyIDYxLjQ2NTggNDEuMjA2NyA2MS40NjU4SDYzLjg5NjNDNjQuODY4OCA2MS40NjU4IDY1LjUxNzEgNjIuMTE0MSA2NS41MTcxIDYzLjA4NjZDNjUuNTE3MSA2NC4wNTkxIDY0Ljg2ODggNjQuNzA3NCA2My44OTYzIDY0LjcwNzRaIiBmaWxsPSIjRUNCQTE2Ii8+CjxwYXRoIGQ9Ik0zNC43MjQgNjQuNzA3NEgzMy4xMDMyQzMyLjEzMDcgNjQuNzA3NCAzMS40ODI0IDY0LjA1OTEgMzEuNDgyNCA2My4wODY2QzMxLjQ4MjQgNjIuMTE0MSAzMi4xMzA3IDYxLjQ2NTggMzMuMTAzMiA2MS40NjU4SDM0LjcyNEMzNS42OTY0IDYxLjQ2NTggMzYuMzQ0NyA2Mi4xMTQxIDM2LjM0NDcgNjMuMDg2NkMzNi4zNDQ3IDY0LjA1OTEgMzUuNjk2MyA2NC43MDc0IDM0LjcyNCA2NC43MDc0WiIgZmlsbD0iI0REMzQyRSIvPgo8cGF0aCBkPSJNNDcuNjg5MyA3MS4xODk4SDMzLjEwMzJDMzIuMTMwNyA3MS4xODk4IDMxLjQ4MjQgNzAuNTQxNSAzMS40ODI0IDY5LjU2OUMzMS40ODI0IDY4LjU5NjUgMzIuMTMwNyA2Ny45NDgyIDMzLjEwMzIgNjcuOTQ4Mkg0Ny42ODkzQzQ4LjY2MTggNjcuOTQ4MiA0OS4zMTAxIDY4LjU5NjUgNDkuMzEwMSA2OS41NjlDNDkuMzEwMSA3MC41NDE1IDQ4LjY2MTggNzEuMTg5OCA0Ny42ODkzIDcxLjE4OThaIiBmaWxsPSIjNDJCMDVDIi8+CjxwYXRoIGQ9Ik02My44OTY4IDcxLjE4OThINTQuMTcyNUM1My4yIDcxLjE4OTggNTIuNTUxOCA3MC41NDE1IDUyLjU1MTggNjkuNTY5QzUyLjU1MTggNjguNTk2NSA1My4yIDY3Ljk0ODIgNTQuMTcyNSA2Ny45NDgySDYzLjg5NjhDNjQuODY5MiA2Ny45NDgyIDY1LjUxNzUgNjguNTk2NSA2NS41MTc1IDY5LjU2OUM2NS41MTc1IDcwLjU0MTUgNjQuODY5MiA3MS4xODk4IDYzLjg5NjggNzEuMTg5OFoiIGZpbGw9IiM3MzgzQkYiLz4KPHBhdGggZD0iTTU0LjE3MjIgNzcuNjcyMkgzMy4xMDMyQzMyLjEzMDcgNzcuNjcyMiAzMS40ODI0IDc3LjAyMzkgMzEuNDgyNCA3Ni4wNTE0QzMxLjQ4MjQgNzUuMDc4OSAzMi4xMzA3IDc0LjQzMDcgMzMuMTAzMiA3NC40MzA3SDU0LjE3MjJDNTUuMTQ0NyA3NC40MzA3IDU1Ljc5MyA3NS4wNzg5IDU1Ljc5MyA3Ni4wNTE0QzU1Ljc5MjggNzcuMDIzOSA1NS4xNDQ1IDc3LjY3MjIgNTQuMTcyMiA3Ny42NzIyWiIgZmlsbD0iI0VDQkExNiIvPgo8cGF0aCBkPSJNNjMuODk2MyA3Ny42NzIySDYwLjY1NDlDNTkuNjgyNCA3Ny42NzIyIDU5LjAzNDIgNzcuMDIzOSA1OS4wMzQyIDc2LjA1MTRDNTkuMDM0MiA3NS4wNzg5IDU5LjY4MjQgNzQuNDMwNyA2MC42NTQ5IDc0LjQzMDdINjMuODk2M0M2NC44Njg4IDc0LjQzMDcgNjUuNTE3MSA3NS4wNzg5IDY1LjUxNzEgNzYuMDUxNEM2NS41MTcxIDc3LjAyMzkgNjQuODY4OCA3Ny42NzIyIDYzLjg5NjMgNzcuNjcyMloiIGZpbGw9IiM0MkIwNUMiLz4KPHBhdGggZD0iTTEwMS4xNzIgNzcuNjcyMkg4MC4xMDMyQzc5LjEzMDcgNzcuNjcyMiA3OC40ODI0IDc3LjAyMzkgNzguNDgyNCA3Ni4wNTE0Qzc4LjQ4MjQgNzUuMDc4OSA3OS4xMzA3IDc0LjQzMDcgODAuMTAzMiA3NC40MzA3SDEwMS4xNzJDMTAyLjE0NSA3NC40MzA3IDEwMi43OTMgNzUuMDc4OSAxMDIuNzkzIDc2LjA1MTRDMTAyLjc5MyA3Ny4wMjM5IDEwMi4xNDUgNzcuNjcyMiAxMDEuMTcyIDc3LjY3MjJaIiBmaWxsPSIjREQzNDJFIi8+CjxwYXRoIGQ9Ik0xMTAuODk2IDc3LjY3MjJIMTA3LjY1NUMxMDYuNjgyIDc3LjY3MjIgMTA2LjAzNCA3Ny4wMjM5IDEwNi4wMzQgNzYuMDUxNEMxMDYuMDM0IDc1LjA3ODkgMTA2LjY4MiA3NC40MzA3IDEwNy42NTUgNzQuNDMwN0gxMTAuODk2QzExMS44NjkgNzQuNDMwNyAxMTIuNTE3IDc1LjA3ODkgMTEyLjUxNyA3Ni4wNTE0QzExMi41MTcgNzcuMDIzOSAxMTEuODY5IDc3LjY3MjIgMTEwLjg5NiA3Ny42NzIyWiIgZmlsbD0iIzQyQjA1QyIvPgo8cGF0aCBkPSJNNjMuODk2MyA1OC4yMjRINjAuNjU0OUM1OS42ODI0IDU4LjIyNCA1OS4wMzQyIDU3LjU3NTcgNTkuMDM0MiA1Ni42MDMyQzU5LjAzNDIgNTUuNjMwNyA1OS42ODI0IDU0Ljk4MjQgNjAuNjU0OSA1NC45ODI0SDYzLjg5NjNDNjQuODY4OCA1NC45ODI0IDY1LjUxNzEgNTUuNjMwNyA2NS41MTcxIDU2LjYwMzJDNjUuNTE3MSA1Ny41NzU3IDY0Ljg2ODggNTguMjI0IDYzLjg5NjMgNTguMjI0WiIgZmlsbD0iIzczODNCRiIvPgo8cGF0aCBkPSJNMTEyLjUxNyA1MS43NDExQzExMi41MTcgNjAuNjU0OSAxMDUuMjI0IDY3Ljk0OCA5Ni4zMTA0IDY3Ljk0OEM4Ny4zOTY2IDY3Ljk0OCA4MC4xMDM1IDYwLjY1NDkgODAuMTAzNSA1MS43NDExQzgwLjEwMzUgNDIuODI3MyA4Ny4zOTY2IDM1LjUzNDIgOTYuMzEwNCAzNS41MzQyQzEwNS4yMjQgMzUuNTM0MiAxMTIuNTE3IDQyLjgyNzMgMTEyLjUxNyA1MS43NDExWiIgZmlsbD0iI0VDQkExNiIvPgo8cGF0aCBkPSJNODAuMTAzNSA1MS43NDExQzgwLjEwMzUgNTIuMjI3MyA4MC4xMDM1IDUyLjg3NTUgODAuMTAzNSA1My4zNjE5SDk2LjMxMDRWMzUuNTM0MkM4Ny4zOTY2IDM1LjUzNDIgODAuMTAzNSA0Mi44MjczIDgwLjEwMzUgNTEuNzQxMVoiIGZpbGw9IiM0MkIwNUMiLz4KPC9nPgo8ZGVmcz4KPGxpbmVhckdyYWRpZW50IGlkPSJwYWludDBfbGluZWFyXzY4N18zMjY4IiB4MT0iMS4yMzIzOWUtMDYiIHkxPSItOS41MDAwMSIgeDI9IjE2OCIgeTI9IjE2MiIgZ3JhZGllbnRVbml0cz0idXNlclNwYWNlT25Vc2UiPgo8c3RvcCBzdG9wLWNvbG9yPSIjOEZEREZGIi8+CjxzdG9wIG9mZnNldD0iMSIgc3RvcC1jb2xvcj0iIzAwNzVGRiIvPgo8L2xpbmVhckdyYWRpZW50Pgo8Y2xpcFBhdGggaWQ9ImNsaXAwXzY4N18zMjY4Ij4KPHJlY3Qgd2lkdGg9Ijk0IiBoZWlnaHQ9Ijk0IiBmaWxsPSJ3aGl0ZSIgdHJhbnNmb3JtPSJ0cmFuc2xhdGUoMjUgMjUpIi8+CjwvY2xpcFBhdGg+CjwvZGVmcz4KPC9zdmc+Cg== + keysOrder: [["apiVersion"], ["appVersion"], ["kind"], ["metadata"], ["metadata", "name"], ["spec", "host"], ["spec", "metricsStorages"], ["spec", "logsStorages"], ["spec", "alerta"], ["spec", "alerta", "storage"], ["spec", "alerta", "storageClassName"], ["spec", "alerta", "resources"], ["spec", "alerta", "resources", "limits"], ["spec", "alerta", "resources", "limits", "cpu"], ["spec", "alerta", "resources", "limits", "memory"], ["spec", "alerta", "resources", "requests"], ["spec", "alerta", "resources", "requests", "cpu"], ["spec", "alerta", "resources", "requests", "memory"], ["spec", "alerta", "alerts"], ["spec", "alerta", "alerts", "telegram"], ["spec", "alerta", "alerts", "telegram", "token"], ["spec", "alerta", "alerts", "telegram", "chatID"], ["spec", "alerta", "alerts", "telegram", "disabledSeverity"], ["spec", "grafana"], ["spec", "grafana", "db"], ["spec", "grafana", "db", "size"], ["spec", "grafana", "resources"], ["spec", "grafana", "resources", "limits"], ["spec", "grafana", "resources", "limits", "cpu"], ["spec", "grafana", "resources", "limits", "memory"], ["spec", "grafana", "resources", "requests"], ["spec", "grafana", "resources", "requests", "cpu"], ["spec", "grafana", "resources", "requests", "memory"]] + secrets: + exclude: + - matchLabels: + apps.cozystack.io/tenantresource: "false" + include: [{}] diff --git a/packages/system/cozystack-api/templates/cozystack-resource-definitions/mysql.yaml b/packages/system/cozystack-api/templates/cozystack-resource-definitions/mysql.yaml new file mode 100644 index 00000000..10e4876d --- /dev/null +++ b/packages/system/cozystack-api/templates/cozystack-resource-definitions/mysql.yaml @@ -0,0 +1,35 @@ +apiVersion: cozystack.io/v1alpha1 +kind: CozystackResourceDefinition +metadata: + name: mysql +spec: + application: + kind: MySQL + plural: mysqls + singular: mysql + openAPISchema: |- + {"title":"Chart Values","type":"object","properties":{"backup":{"description":"Backup configuration","type":"object","default":{},"required":["cleanupStrategy","enabled","resticPassword","s3AccessKey","s3Bucket","s3Region","s3SecretKey","schedule"],"properties":{"cleanupStrategy":{"description":"Retention strategy for cleaning up old backups","type":"string","default":"--keep-last=3 --keep-daily=3 --keep-within-weekly=1m"},"enabled":{"description":"Enable regular backups, default is `false`.","type":"boolean","default":false},"resticPassword":{"description":"Password for Restic backup encryption","type":"string","default":""},"s3AccessKey":{"description":"Access key for S3, used for authentication","type":"string","default":""},"s3Bucket":{"description":"S3 bucket used for storing backups","type":"string","default":"s3.example.org/mysql-backups"},"s3Region":{"description":"AWS S3 region where backups are stored","type":"string","default":"us-east-1"},"s3SecretKey":{"description":"Secret key for S3, used for authentication","type":"string","default":""},"schedule":{"description":"Cron schedule for automated backups","type":"string","default":"0 2 * * *"}}},"databases":{"description":"Databases configuration","type":"object","default":{},"additionalProperties":{"type":"object","properties":{"roles":{"description":"Roles for the database","type":"object","properties":{"admin":{"description":"List of users with admin privileges","type":"array","items":{"type":"string"}},"readonly":{"description":"List of users with read-only privileges","type":"array","items":{"type":"string"}}}}}}},"external":{"description":"Enable external access from outside the cluster","type":"boolean","default":false},"replicas":{"description":"Number of MariaDB replicas","type":"integer","default":2},"resources":{"description":"Explicit CPU and memory configuration for each MariaDB replica. When left empty, the preset defined in `resourcesPreset` is applied.","type":"object","default":{},"properties":{"cpu":{"description":"CPU available to each replica","pattern":"^(\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))))?$","anyOf":[{"type":"integer"},{"type":"string"}],"x-kubernetes-int-or-string":true},"memory":{"description":"Memory (RAM) available to each replica","pattern":"^(\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))))?$","anyOf":[{"type":"integer"},{"type":"string"}],"x-kubernetes-int-or-string":true}}},"resourcesPreset":{"description":"Default sizing preset used when `resources` is omitted. Allowed values: `nano`, `micro`, `small`, `medium`, `large`, `xlarge`, `2xlarge`.","type":"string","default":"nano","enum":["nano","micro","small","medium","large","xlarge","2xlarge"]},"size":{"description":"Persistent Volume Claim size, available for application data","default":"10Gi","pattern":"^(\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))))?$","anyOf":[{"type":"integer"},{"type":"string"}],"x-kubernetes-int-or-string":true},"storageClass":{"description":"StorageClass used to store the data","type":"string"},"users":{"description":"Users configuration","type":"object","default":{},"additionalProperties":{"type":"object","required":["maxUserConnections","password"],"properties":{"maxUserConnections":{"description":"Maximum amount of connections","type":"integer"},"password":{"description":"Password for the user","type":"string"}}}}}} + release: + prefix: mysql- + labels: + cozystack.io/ui: "true" + chart: + name: mysql + sourceRef: + kind: HelmRepository + name: cozystack-apps + namespace: cozy-public + dashboard: + category: PaaS + singular: MySQL + plural: MySQL + description: Managed MariaDB service + tags: + - database + icon: PHN2ZyB3aWR0aD0iMTQ0IiBoZWlnaHQ9IjE0NCIgdmlld0JveD0iMCAwIDE0NCAxNDQiIGZpbGw9Im5vbmUiIHhtbG5zPSJodHRwOi8vd3d3LnczLm9yZy8yMDAwL3N2ZyI+CjxyZWN0IHg9Ii0wLjAwMTk1MzEyIiB3aWR0aD0iMTQ0IiBoZWlnaHQ9IjE0NCIgcng9IjI0IiBmaWxsPSJ1cmwoI3BhaW50MF9saW5lYXJfNjgzXzI5MzApIi8+CjxwYXRoIGQ9Ik0xMzMuMTkxIDI5LjAwMjJDMTMxLjIxMyAyOS4wNjU0IDEzMS44MzkgMjkuNjM1NCAxMjcuNTY0IDMwLjY4NzNDMTIzLjI0OCAzMS43NDk2IDExNy45NzUgMzEuNDIzOSAxMTMuMzI3IDMzLjM3MzNDOTkuNDUxNiAzOS4xOTI0IDk2LjY2NzYgNTkuMDgxMyA4NC4wNTM1IDY2LjIwNTlDNzQuNjI0NyA3MS41MzE4IDY1LjExMiA3MS45NTY1IDU2LjU1OTQgNzQuNjM2NUM1MC45Mzg5IDc2LjM5OSA0NC43OTA2IDgwLjAxMzUgMzkuNjk4MiA4NC40MDE4QzM1Ljc0NTUgODcuODA5MyAzNS42NDIzIDkwLjgwNTQgMzEuNTEyMyA5NS4wNzkxQzI3LjA5NDcgOTkuNjUwNCAxMy45NTUxIDk1LjE1NjQgOCAxMDIuMTUzQzkuOTE4MzUgMTA0LjA5MyAxMC43NTk0IDEwNC42MzYgMTQuNTM5OCAxMDQuMTMzQzEzLjc1NzEgMTA1LjYxNiA5LjE0MzMyIDEwNi44NjYgMTAuMDQ2NSAxMDkuMDQ5QzEwLjk5NjggMTExLjM0NSAyMi4xNTExIDExMi45MDEgMzIuMjkwOCAxMDYuNzhDMzcuMDEzMSAxMDMuOTI5IDQwLjc3NDMgOTkuODE5MyA0OC4xMjg4IDk4LjgzODRDNTcuNjQ1OSA5Ny41Njk5IDY4LjYwOTMgOTkuNjUyIDc5LjYyNjggMTAxLjI0MUM3Ny45OTMyIDEwNi4xMTIgNzQuNzEzMyAxMDkuMzUxIDcyLjA4NiAxMTMuMjMxQzcxLjI3MjQgMTE0LjEwNyA3My43MjAyIDExNC4yMDUgNzYuNTEyNiAxMTMuNjc1QzgxLjUzNTkgMTEyLjQzMyA4NS4xNTYxIDExMS40MzMgODguOTQ3MiAxMDkuMjI3QzkzLjYwNDcgMTA2LjUxNSA5NC4zMTA0IDk5LjU2MzkgMTAwLjAyNSA5OC4wNTk5QzEwMy4yMDkgMTAyLjk1NCAxMTEuODY5IDEwNC4xMSAxMTcuMjQyIDEwMC4xOTVDMTEyLjUyNyA5OC44NjA3IDExMS4yMjQgODguODI0NCAxMTIuODE1IDg0LjQwMThDMTE0LjMyMyA4MC4yMTU2IDExNS44MTMgNzMuNTE5MiAxMTcuMzMxIDY3Ljk4NTVDMTE4Ljk2MSA2Mi4wNDI1IDExOS41NjIgNTQuNTUxOSAxMjEuNTM1IDUxLjUyNDdDMTI0LjUwMyA0Ni45NzAxIDEyNy43ODMgNDUuNDA2IDEzMC42MyA0Mi44Mzc3QzEzMy40NzcgNDAuMjY5NSAxMzYuMDgzIDM3Ljc2OTQgMTM1Ljk5OCAzMS44OTI3QzEzNS45NyAyOS45OTk4IDEzNC45OTIgMjguOTQ0NyAxMzMuMTkxIDI5LjAwMjJaIiBmaWxsPSIjMDQyNDRFIi8+CjxwYXRoIGQ9Ik0xMjguOTUzIDMyLjQ4NDRDMTI5LjQyNyAzNC4xMDA0IDEzMC4xNjggMzQuODQyMSAxMzMuMzc1IDM1LjEzODdDMTMyLjkwNiAzOS4yMDQxIDEzMC4xOTUgNDEuNDI3NiAxMjcuMTU0IDQzLjU2MTFDMTI0LjQ3OSA0NS40Mzc2IDEyMS41NDcgNDcuMjQ0NSAxMTkuNjY0IDUwLjE3NTdDMTE3LjczNCA1My4xNzg1IDExNi41MDkgNjMuNDU1NCAxMTMuNTE3IDczLjYwNDRDMTEwLjkzMSA4Mi4zNzM4IDEwNy4wMjUgOTEuMDQ0NSAxMDAuMjA0IDk0Ljg0MzdDOTkuNDkxOSA5My4wNTAyIDEwMC4yOTUgODkuNzQgOTguODc4IDg4LjY1MkM5Ny45NjExIDkxLjI2NzQgOTYuOTI0MiA5My43NjI3IDk1LjcwOTggOTYuMDgyMUM5MS43MDc3IDEwMy43MzIgODUuNzgyMiAxMDkuNDU5IDc1Ljg4MDEgMTExLjIwOEM4MC41Nzg1IDEwNC44NSA4NS4wNzEgOTguMjg0NCA4NS4xNjgzIDg3LjMyNjJDODEuODYxNyA4OC4wNDE3IDgxLjkzMTkgOTUuODUyMiA3OC41MzQ1IDk3Ljk0MDJDNzYuMzU2MyA5OC4xNzcyIDc0LjE0OTggOTguMTc1OCA3MS45MjkxIDk4LjA0MjRDNjIuODA5MSA5Ny40OTU5IDUzLjQ1MzUgOTQuNzU0OSA0NC45MjE5IDk3LjQ5MjNDMzkuMTEyOCA5OS4zNTY4IDM0LjM2MTkgMTAzLjc1NSAyOS40NDI4IDEwNS44ODhDMjMuNjYxNCAxMDguMzk2IDE5LjI4MzEgMTA5LjQyNyAxMi4wODM2IDEwOC4zOTZDMTEuMTY5NSAxMDcuMTY0IDE3LjM1MjYgMTA1LjU3NSAxNi45ODI5IDEwMi45MDJDMTQuMTY1MyAxMDIuNTkgMTIuNTI5MyAxMDMuMjczIDEwLjA4MDEgMTAyLjE2QzEwLjM1MDUgMTAxLjY2MiAxMC43NDc5IDEwMS4yNDcgMTEuMjQ4MyAxMDAuOTAxQzE1LjczNzMgOTcuNzk0IDI4LjQ4ODIgMTAwLjE2NyAzMS45MDA2IDk2LjgxNjdDMzQuMDA3IDk0Ljc1IDM1LjM4ODkgOTIuNTg2NyAzNi44MTk3IDkwLjQ4MzhDMzguMjA3MiA4OC40NDM0IDM5LjY0MTUgODYuNDU5NyA0MS44MjY4IDg0LjY3MTlDNDIuNjMzNyA4NC4wMTE4IDQzLjUxMSA4My4zNTk2IDQ0LjQ0MjEgODIuNzIzQzQ4LjE2NiA4MC4xNzQzIDUyLjc3MjkgNzcuODYyOCA1Ny4zMDY2IDc2LjI2OTRDNjMuNDgyNiA3NC4wOTg0IDY5Ljc0MSA3My45MTk1IDc2LjMyMzcgNzEuNDA0M0M4MC4zOTA0IDY5Ljg1IDg0LjgxMjcgNjcuOTMwMiA4OC40MTc0IDY1LjI0MzlDODkuMjczMyA2NC42MDUxIDkwLjA4MzEgNjMuOTI0NSA5MC44MzE5IDYzLjE5NDlDMTAxLjEyNSA1My4xNjA4IDEwMy4xNjUgMzUuNDYxIDExOS4yMjQgMzMuODExNkMxMjEuMTY2IDMzLjYxMjEgMTIyLjc1NiAzMy42NzY3IDEyNC4yMDMgMzMuNjMyN0MxMjUuODcxIDMzLjU4MyAxMjcuMzQ3IDMzLjM4OTMgMTI4Ljk1MyAzMi40ODQ0Wk0xMDkuMzc1IDg5LjEzMzlDMTA5LjU2NyA5Mi4yMDEzIDExMS4zNDggOTguMjg3MiAxMTIuOTIgOTkuNzY2M0MxMDkuODQxIDEwMC41MTUgMTA0LjUzNyA5OS4yNzggMTAzLjE3NyA5Ny4xMDYyQzEwMy44NzYgOTMuOTcwNyAxMDcuNTE0IDkxLjEwNDEgMTA5LjM3NSA4OS4xMzM5WiIgZmlsbD0id2hpdGUiLz4KPHBhdGggZD0iTTEzMC4xMDkgMzUuOTE4N0MxMjkuNDkgMzcuMjE2OSAxMjguMzA1IDM4Ljg5MDggMTI4LjMwNSA0Mi4xOTU2QzEyOC4zIDQyLjc2MyAxMjcuODc1IDQzLjE1MTcgMTI3Ljg2NyA0Mi4yNzdDMTI3Ljg5OSAzOS4wNDcgMTI4Ljc1NCAzNy42NTA3IDEyOS42NjIgMzUuODE1NUMxMzAuMDg1IDM1LjA2MzYgMTMwLjMzOSAzNS4zNzM4IDEzMC4xMDkgMzUuOTE4N1pNMTI5LjQ4NiAzNS40Mjk3QzEyOC43NTYgMzYuNjY4NCAxMjYuOTk4IDM4LjkyNzggMTI2LjcwNyA0Mi4yMjAzQzEyNi42NTMgNDIuNzg0OCAxMjYuMTk0IDQzLjEzNDMgMTI2LjI2NCA0Mi4yNjE4QzEyNi41ODEgMzkuMDQ3NyAxMjcuOTg2IDM3LjAzNiAxMjkuMDUyIDM1LjI4NzNDMTI5LjUzNiAzNC41NzYxIDEyOS43NjMgMzQuOTA3NCAxMjkuNDg2IDM1LjQyOTdaTTEyOC45MTggMzQuNzgxN0MxMjguMDg2IDM1Ljk1NDMgMTI1LjM4IDM4LjY2NzggMTI0LjgxNCA0MS45MjQ3QzEyNC43MTIgNDIuNDgxOSAxMjQuMjI1IDQyLjc5MjggMTI0LjM2OCA0MS45MjlDMTI0Ljk1NCAzOC43NTIgMTI3LjI4NyAzNi4yNTUgMTI4LjQ5NiAzNC42MDM3QzEyOS4wMzggMzMuOTM0NiAxMjkuMjM3IDM0LjI4NCAxMjguOTE4IDM0Ljc4MTdaTTEyOC40MTEgMzQuMDU4OEwxMjguMTM3IDM0LjM0OTlDMTI2LjkyNyAzNS42NDcyIDEyNC4xMTYgMzguODExNCAxMjMuMTc5IDQxLjcwNzRDMTIyLjk5OSA0Mi4yNDUgMTIyLjQ3NCA0Mi40ODQ4IDEyMi43MzcgNDEuNjQ5M0MxMjMuNzYzIDM4LjU4NjQgMTI2LjU4OSAzNS4yODczIDEyOC4wMTggMzMuODIyN0MxMjguNjUgMzMuMjM2NCAxMjguNzk2IDMzLjYxMDYgMTI4LjQxMSAzNC4wNTg4Wk0xMTMuODg2IDQwLjYxNjJDMTE0LjUxMyAzNy45MjMxIDExNi42MDcgMzYuNjk2IDEyMC4yMjMgMzYuOTk1M0MxMjEuMDk2IDQxLjAxNTEgMTE2LjIxMyA0Mi42MzY2IDExMy44ODYgNDAuNjE2MloiIGZpbGw9IiMwNDI0NEUiLz4KPGRlZnM+CjxsaW5lYXJHcmFkaWVudCBpZD0icGFpbnQwX2xpbmVhcl82ODNfMjkzMCIgeDE9IjE0MC41IiB5MT0iMTQxIiB4Mj0iNS45OTk5OSIgeTI9Ii01LjUwMjI4ZS0wNiIgZ3JhZGllbnRVbml0cz0idXNlclNwYWNlT25Vc2UiPgo8c3RvcCBzdG9wLWNvbG9yPSIjQzQ5QTZDIi8+CjxzdG9wIG9mZnNldD0iMSIgc3RvcC1jb2xvcj0iI0U3QkY5MyIvPgo8L2xpbmVhckdyYWRpZW50Pgo8L2RlZnM+Cjwvc3ZnPgo= + keysOrder: [["apiVersion"], ["appVersion"], ["kind"], ["metadata"], ["metadata", "name"], ["spec", "replicas"], ["spec", "resources"], ["spec", "resourcesPreset"], ["spec", "size"], ["spec", "storageClass"], ["spec", "external"], ["spec", "users"], ["spec", "databases"], ["spec", "backup"], ["spec", "backup", "enabled"], ["spec", "backup", "s3Region"], ["spec", "backup", "s3Bucket"], ["spec", "backup", "schedule"], ["spec", "backup", "cleanupStrategy"], ["spec", "backup", "s3AccessKey"], ["spec", "backup", "s3SecretKey"], ["spec", "backup", "resticPassword"]] + secrets: + exclude: + - matchLabels: + apps.cozystack.io/tenantresource: "false" + include: [{}] diff --git a/packages/system/cozystack-api/templates/cozystack-resource-definitions/nats.yaml b/packages/system/cozystack-api/templates/cozystack-resource-definitions/nats.yaml new file mode 100644 index 00000000..afde7461 --- /dev/null +++ b/packages/system/cozystack-api/templates/cozystack-resource-definitions/nats.yaml @@ -0,0 +1,35 @@ +apiVersion: cozystack.io/v1alpha1 +kind: CozystackResourceDefinition +metadata: + name: nats +spec: + application: + kind: NATS + plural: natses + singular: nats + openAPISchema: |- + {"title":"Chart Values","type":"object","properties":{"config":{"description":"NATS configuration","type":"object","default":{},"properties":{"merge":{"description":"Additional configuration to merge into NATS config (see example)","type":"object","default":{},"x-kubernetes-preserve-unknown-fields":true},"resolver":{"description":"Additional resolver configuration to merge into NATS config (see example)","type":"object","default":{},"x-kubernetes-preserve-unknown-fields":true}}},"external":{"description":"Enable external access from outside the cluster","type":"boolean","default":false},"jetstream":{"description":"Jetstream configuration","type":"object","default":{},"required":["enabled","size"],"properties":{"enabled":{"description":"Enable or disable Jetstream. Set to `true` (default) to enable Jetstream for persistent messaging in NATS.","type":"boolean","default":true},"size":{"description":"Jetstream persistent storage size. Specifies the size of the persistent storage for Jetstream (message store).","default":"10Gi","pattern":"^(\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))))?$","anyOf":[{"type":"integer"},{"type":"string"}],"x-kubernetes-int-or-string":true}}},"replicas":{"description":"Number of replicas","type":"integer","default":2},"resources":{"description":"Explicit CPU and memory configuration for each NATS replica. When left empty, the preset defined in `resourcesPreset` is applied.","type":"object","default":{},"properties":{"cpu":{"description":"CPU available to each replica","pattern":"^(\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))))?$","anyOf":[{"type":"integer"},{"type":"string"}],"x-kubernetes-int-or-string":true},"memory":{"description":"Memory (RAM) available to each replica","pattern":"^(\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))))?$","anyOf":[{"type":"integer"},{"type":"string"}],"x-kubernetes-int-or-string":true}}},"resourcesPreset":{"description":"Default sizing preset used when `resources` is omitted. Allowed values: `nano`, `micro`, `small`, `medium`, `large`, `xlarge`, `2xlarge`.","type":"string","default":"nano","enum":["nano","micro","small","medium","large","xlarge","2xlarge"]},"storageClass":{"description":"StorageClass used to store the data","type":"string"},"users":{"description":"Users configuration","type":"object","default":{},"additionalProperties":{"type":"object","properties":{"password":{"description":"Password for the user","type":"string"}}}}}} + release: + prefix: nats- + labels: + cozystack.io/ui: "true" + chart: + name: nats + sourceRef: + kind: HelmRepository + name: cozystack-apps + namespace: cozy-public + dashboard: + category: PaaS + singular: NATS + plural: NATS + description: Managed NATS service + tags: + - messaging + icon: PHN2ZyB3aWR0aD0iMTQ0IiBoZWlnaHQ9IjE0NCIgdmlld0JveD0iMCAwIDE0NCAxNDQiIGZpbGw9Im5vbmUiIHhtbG5zPSJodHRwOi8vd3d3LnczLm9yZy8yMDAwL3N2ZyI+CjxyZWN0IHdpZHRoPSIxNDQiIGhlaWdodD0iMTQ0IiByeD0iMjQiIGZpbGw9InVybCgjcGFpbnQwX2xpbmVhcl82ODFfMjgyMSkiLz4KPHJlY3Qgd2lkdGg9IjE0NCIgaGVpZ2h0PSIxNDQiIHJ4PSIyNCIgZmlsbD0iYmxhY2siIGZpbGwtb3BhY2l0eT0iMC4zIi8+CjxwYXRoIGZpbGwtcnVsZT0iZXZlbm9kZCIgY2xpcC1ydWxlPSJldmVub2RkIiBkPSJNMTE3LjQ4IDI1SDI3Vjk4Ljk2OTNINjYuMDY4OUw4Ny43MDc1IDExOVY5OC45NjkzSDExNy40OFYyNVoiIGZpbGw9IndoaXRlIi8+CjxwYXRoIGQ9Ik05Mi4xMzUyIDcyLjQ1NTJWNDIuNjI1SDEwMi43NzNWODEuMTk5OUg4Ni42NTE5TDU0LjExNCA1MC44NDE0VjgxLjIzMjJINDMuNDQ0M1Y0Mi42MjVINjAuMTI2Mkw5Mi4xMzUyIDcyLjQ1NTJaIiBmaWxsPSJibGFjayIvPgo8ZGVmcz4KPGxpbmVhckdyYWRpZW50IGlkPSJwYWludDBfbGluZWFyXzY4MV8yODIxIiB4MT0iMTAiIHkxPSIxNS41IiB4Mj0iMTQ0IiB5Mj0iMTMxLjUiIGdyYWRpZW50VW5pdHM9InVzZXJTcGFjZU9uVXNlIj4KPHN0b3Agc3RvcC1jb2xvcj0iIzM4NUM5MyIvPgo8c3RvcCBvZmZzZXQ9IjEiIHN0b3AtY29sb3I9IiMzMkE1NzQiLz4KPC9saW5lYXJHcmFkaWVudD4KPC9kZWZzPgo8L3N2Zz4K + keysOrder: [["apiVersion"], ["appVersion"], ["kind"], ["metadata"], ["metadata", "name"], ["spec", "replicas"], ["spec", "resources"], ["spec", "resourcesPreset"], ["spec", "storageClass"], ["spec", "external"], ["spec", "users"], ["spec", "jetstream"], ["spec", "jetstream", "enabled"], ["spec", "jetstream", "size"], ["spec", "config"], ["spec", "config", "merge"], ["spec", "config", "resolver"]] + secrets: + exclude: + - matchLabels: + apps.cozystack.io/tenantresource: "false" + include: [{}] diff --git a/packages/system/cozystack-api/templates/cozystack-resource-definitions/postgres.yaml b/packages/system/cozystack-api/templates/cozystack-resource-definitions/postgres.yaml new file mode 100644 index 00000000..d53c7186 --- /dev/null +++ b/packages/system/cozystack-api/templates/cozystack-resource-definitions/postgres.yaml @@ -0,0 +1,43 @@ +apiVersion: cozystack.io/v1alpha1 +kind: CozystackResourceDefinition +metadata: + name: postgres +spec: + application: + kind: Postgres + singular: postgres + plural: postgreses + openAPISchema: |- + {"title":"Chart Values","type":"object","properties":{"backup":{"description":"Backup configuration","type":"object","default":{},"properties":{"destinationPath":{"description":"Path to store the backup (i.e. s3://bucket/path/to/folder)","type":"string","default":"s3://bucket/path/to/folder/"},"enabled":{"description":"Enable regular backups","type":"boolean","default":false},"endpointURL":{"description":"S3 Endpoint used to upload data to the cloud","type":"string","default":"http://minio-gateway-service:9000"},"retentionPolicy":{"description":"Retention policy","type":"string","default":"30d"},"s3AccessKey":{"description":"Access key for S3, used for authentication","type":"string","default":""},"s3SecretKey":{"description":"Secret key for S3, used for authentication","type":"string","default":""},"schedule":{"description":"Cron schedule for automated backups","type":"string","default":"0 2 * * * *"}}},"bootstrap":{"description":"Bootstrap configuration","type":"object","default":{},"required":["enabled","oldName"],"properties":{"enabled":{"description":"Restore database cluster from a backup","type":"boolean","default":false},"oldName":{"description":"Name of database cluster before deleting","type":"string"},"recoveryTime":{"description":"Timestamp (PITR) up to which recovery will proceed, expressed in RFC 3339 format. If left empty, will restore latest","type":"string"}}},"databases":{"description":"Databases configuration","type":"object","default":{},"additionalProperties":{"type":"object","properties":{"extensions":{"description":"Extensions enabled for the database","type":"array","items":{"type":"string"}},"roles":{"description":"Roles for the database","type":"object","properties":{"admin":{"description":"List of users with admin privileges","type":"array","items":{"type":"string"}},"readonly":{"description":"List of users with read-only privileges","type":"array","items":{"type":"string"}}}}}}},"external":{"description":"Enable external access from outside the cluster","type":"boolean","default":false},"postgresql":{"description":"PostgreSQL server configuration","type":"object","default":{},"required":["parameters"],"properties":{"parameters":{"description":"PostgreSQL server parameters","type":"object","default":{},"required":["max_connections"],"properties":{"max_connections":{"description":"Determines the maximum number of concurrent connections to the database server. The default is typically 100 connections","type":"integer","default":100}}}}},"quorum":{"description":"Quorum configuration for synchronous replication","type":"object","default":{},"required":["maxSyncReplicas","minSyncReplicas"],"properties":{"maxSyncReplicas":{"description":"Maximum number of synchronous replicas that can acknowledge a transaction (must be lower than the number of instances).","type":"integer","default":0},"minSyncReplicas":{"description":"Minimum number of synchronous replicas that must acknowledge a transaction before it is considered committed.","type":"integer","default":0}}},"replicas":{"description":"Number of Postgres replicas","type":"integer","default":2},"resources":{"description":"Explicit CPU and memory configuration for each PostgreSQL replica. When left empty, the preset defined in `resourcesPreset` is applied.","type":"object","default":{},"properties":{"cpu":{"description":"CPU available to each replica","pattern":"^(\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))))?$","anyOf":[{"type":"integer"},{"type":"string"}],"x-kubernetes-int-or-string":true},"memory":{"description":"Memory (RAM) available to each replica","pattern":"^(\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))))?$","anyOf":[{"type":"integer"},{"type":"string"}],"x-kubernetes-int-or-string":true}}},"resourcesPreset":{"description":"Default sizing preset used when `resources` is omitted. Allowed values: `nano`, `micro`, `small`, `medium`, `large`, `xlarge`, `2xlarge`.","type":"string","default":"micro","enum":["nano","micro","small","medium","large","xlarge","2xlarge"]},"size":{"description":"Persistent Volume Claim size, available for application data","default":"10Gi","pattern":"^(\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))))?$","anyOf":[{"type":"integer"},{"type":"string"}],"x-kubernetes-int-or-string":true},"storageClass":{"description":"StorageClass used to store the data","type":"string"},"users":{"description":"Users configuration","type":"object","default":{},"additionalProperties":{"type":"object","properties":{"password":{"description":"Password for the user","type":"string"},"replication":{"description":"Whether the user has replication privileges","type":"boolean"}}}}}} + release: + prefix: postgres- + labels: + cozystack.io/ui: "true" + chart: + name: postgres + sourceRef: + kind: HelmRepository + name: cozystack-apps + namespace: cozy-public + dashboard: + category: PaaS + singular: PostgreSQL + plural: PostgreSQL + description: Managed PostgreSQL service + tags: + - database + icon: PHN2ZyB3aWR0aD0iMTQ0IiBoZWlnaHQ9IjE0NCIgdmlld0JveD0iMCAwIDE0NCAxNDQiIGZpbGw9Im5vbmUiIHhtbG5zPSJodHRwOi8vd3d3LnczLm9yZy8yMDAwL3N2ZyI+CjxyZWN0IHdpZHRoPSIxNDQiIGhlaWdodD0iMTQ0IiByeD0iMjQiIGZpbGw9InVybCgjcGFpbnQwX2xpbmVhcl82ODNfMjg0OSkiLz4KPHBhdGggZD0iTTk0LjQ4MSA5My4zMDQ5Qzk1LjA3MTggODguMzQ3NyA5NC44OTQ4IDg3LjYyMDggOTguNTYxMiA4OC40MjM4TDk5LjQ5MiA4OC41MDYxQzEwMi4zMTEgODguNjM1MyAxMDUuOTk5IDg4LjA0OTUgMTA4LjE2NiA4Ny4wMzU4QzExMi44MyA4NC44NTY0IDExNS41OTUgODEuMjE3NiAxMTAuOTk2IDgyLjE3MzhDMTAwLjUwNiA4NC4zNTMyIDk5Ljc4NDkgODAuNzc1OSA5OS43ODQ5IDgwLjc3NTlDMTEwLjg2MiA2NC4yMjQgMTE1LjQ5MyA0My4yMTI4IDExMS40OTYgMzguMDY5N0MxMDAuNTk0IDI0LjA0MTIgODEuNzIzMSAzMC42NzUgODEuNDA3MyAzMC44NDcyTDgxLjMwNjggMzAuODY1OUM3OS4yMzQgMzAuNDMyOCA3Ni45MTQzIDMwLjE3NCA3NC4zMDg1IDMwLjEzMTZDNjkuNTYxMyAzMC4wNTMgNjUuOTU5MSAzMS4zODQ5IDYzLjIyNjYgMzMuNDcyMUM2My4yMjY2IDMzLjQ3MjEgMjkuNTYyMSAxOS41MDQ3IDMxLjEyODIgNTEuMDM3NUMzMS40NjEzIDU3Ljc0NTQgNDAuNjc1OCAxMDEuNzk1IDUxLjY2NTkgODguNDkwMUM1NS42ODI3IDgzLjYyNDkgNTkuNTY0NiA3OS41MTEzIDU5LjU2NDYgNzkuNTExM0M2MS40OTIyIDgwLjgwMDkgNjMuOCA4MS40NTg4IDY2LjIyMDQgODEuMjIyNUw2Ni40MDc1IDgxLjA2MThDNjYuMzQ4OSA4MS42NjU5IDY2LjM3NDcgODIuMjU2NyA2Ni40ODI0IDgyLjk1NjJDNjMuNjUxNyA4Ni4xNDE5IDY0LjQ4MzUgODYuNzAxMiA1OC44MjMxIDg3Ljg3NDVDNTMuMDk2NSA4OS4wNjMxIDU2LjQ2MDkgOTEuMTc5MyA1OC42NTY5IDkxLjczMjRDNjEuMzE5OSA5Mi40MDMgNjcuNDgwNCA5My4zNTMgNzEuNjQ0IDg3LjQ4NDVMNzEuNDc4MiA4OC4xNTQxQzcyLjU4ODggODkuMDQ4OSA3Mi41MTM3IDk0LjU4NTQgNzIuNjcxMiA5OC41NDExQzcyLjgyODkgMTAyLjQ5NyA3My4wOTE5IDEwNi4xODkgNzMuODkyNiAxMDguMzY1Qzc0LjY5MzMgMTEwLjU0MSA3NS42MzgxIDExNi4xNDcgODMuMDc3MSAxMTQuNTQxQzg5LjI5NDMgMTEzLjIgOTQuMDQ3OCAxMTEuMjY5IDk0LjQ4MSA5My4zMDQ5WiIgZmlsbD0iYmxhY2siIHN0cm9rZT0iYmxhY2siIHN0cm9rZS13aWR0aD0iNiIvPgo8cGF0aCBkPSJNMTEwLjk5OCA4Mi4xNzI3QzEwMC41MDYgODQuMzUyMSA5OS43ODQ5IDgwLjc3NDggOTkuNzg0OSA4MC43NzQ4QzExMC44NjIgNjQuMjIxOCAxMTUuNDkzIDQzLjIxMDIgMTExLjQ5NyAzOC4wNjc4QzEwMC41OTUgMjQuMDQwMSA4MS43MjMxIDMwLjY3NDMgODEuNDA4MiAzMC44NDY1TDgxLjMwNjggMzAuODY0OEM3OS4yMzQxIDMwLjQzMTUgNzYuOTE0NCAzMC4xNzMzIDc0LjMwNzMgMzAuMTMwNUM2OS41NiAzMC4wNTIxIDY1Ljk1OTEgMzEuMzgzOCA2My4yMjY3IDMzLjQ3MDZDNjMuMjI2NyAzMy40NzA2IDI5LjU2MTUgMTkuNTAzOCAzMS4xMjcyIDUxLjAzNjRDMzEuNDYwMyA1Ny43NDQ3IDQwLjY3NDYgMTAxLjc5NSA1MS42NjUxIDg4LjQ4OTVDNTUuNjgyMSA4My42MjQzIDU5LjU2MzQgNzkuNTEwNiA1OS41NjM0IDc5LjUxMDZDNjEuNDkxMiA4MC44MDAyIDYzLjc5OSA4MS40NTgxIDY2LjIxODQgODEuMjIxOEw2Ni40MDYzIDgxLjA2MTFDNjYuMzQ3OSA4MS42NjUyIDY2LjM3NDYgODIuMjU2IDY2LjQ4MTYgODIuOTU1NUM2My42NTAzIDg2LjE0MTIgNjQuNDgyMiA4Ni43MDA1IDU4LjgyMjMgODcuODczOEM1My4wOTUzIDg5LjA2MjUgNTYuNDU5NyA5MS4xNzg2IDU4LjY1NjMgOTEuNzMxN0M2MS4zMTkzIDkyLjQwMjMgNjcuNDgwMiA5My4zNTI0IDcxLjY0MyA4Ny40ODM4TDcxLjQ3NyA4OC4xNTM0QzcyLjU4NjQgODkuMDQ4MiA3My4zNjU0IDkzLjk3MzkgNzMuMjM0OCA5OC40MzlDNzMuMTA0MiAxMDIuOTA0IDczLjAxNzEgMTA1Ljk3IDczLjg5MTIgMTA4LjM2NEM3NC43NjUzIDExMC43NTkgNzUuNjM2NSAxMTYuMTQ2IDgzLjA3NjkgMTE0LjU0MUM4OS4yOTQxIDExMy4xOTkgOTIuNTE1OSAxMDkuNzIyIDkyLjk2NDEgMTAzLjkyMkM5My4yODIyIDk5Ljc5ODggOTQuMDAxOSAxMDAuNDA4IDk0LjA0NzQgOTYuNzIxOUw5NC42MjQ3IDk0Ljk3NjZDOTUuMjkwNSA4OS4zODcyIDk0LjczMDUgODcuNTg0IDk4LjU2MDggODguNDIyN0w5OS40OTE3IDg4LjUwNUMxMDIuMzExIDg4LjYzNDIgMTA2LjAwMSA4OC4wNDg0IDEwOC4xNjYgODcuMDM0N0MxMTIuODI5IDg0Ljg1NTMgMTE1LjU5NSA4MS4yMTY2IDExMC45OTcgODIuMTcyN0gxMTAuOTk4WiIgZmlsbD0iIzMzNjc5MSIvPgo8cGF0aCBkPSJNNzIuMDkzMyA4NS4zNzdDNzEuODA0NSA5NS43Nzc0IDcyLjE2NTkgMTA2LjI1IDczLjE3NjQgMTA4Ljc5NkM3NC4xODc2IDExMS4zNDEgNzYuMzUxNCAxMTYuMjkyIDgzLjc5MjUgMTE0LjY4NkM5MC4wMDkxIDExMy4zNDQgOTIuMjcxIDExMC43NDcgOTMuMjUyNiAxMDUuMDE0QzkzLjk3NTUgMTAwLjc5NiA5NS4zNjkxIDg5LjA4MSA5NS41NDc5IDg2LjY4MDkiIHN0cm9rZT0id2hpdGUiIHN0cm9rZS13aWR0aD0iMiIgc3Ryb2tlLWxpbmVjYXA9InJvdW5kIiBzdHJva2UtbGluZWpvaW49InJvdW5kIi8+CjxwYXRoIGQ9Ik02My4xNzUgMzMuMjM5M0M2My4xNzUgMzMuMjM5MyAyOS40ODY4IDE5LjM3MzIgMzEuMDUzIDUwLjkwNThDMzEuMzg2IDU3LjYxNDEgNDAuNjAxIDEwMS42NjUgNTEuNTkxMyA4OC4zNTk3QzU1LjYwNzUgODMuNDkzOCA1OS4yMzk3IDc5LjY3NzYgNTkuMjM5NyA3OS42Nzc2IiBzdHJva2U9IndoaXRlIiBzdHJva2Utd2lkdGg9IjIiIHN0cm9rZS1saW5lY2FwPSJyb3VuZCIgc3Ryb2tlLWxpbmVqb2luPSJyb3VuZCIvPgo8cGF0aCBkPSJNODEuMzcxMyAzMC43MDc4QzgwLjIwNTIgMzEuMDc2IDEwMC4xMTEgMjMuMzc5NiAxMTEuNDIzIDM3LjkzNjhDMTE1LjQxOSA0My4wNzk1IDExMC43ODkgNjQuMDkxMSA5OS43MTE1IDgwLjY0NDUiIHN0cm9rZT0id2hpdGUiIHN0cm9rZS13aWR0aD0iMiIgc3Ryb2tlLWxpbmVjYXA9InJvdW5kIiBzdHJva2UtbGluZWpvaW49InJvdW5kIi8+CjxwYXRoIGQ9Ik05OS43MTEgODAuNjQ0OEM5OS43MTEgODAuNjQ0OCAxMDAuNDMzIDg0LjIyMyAxMTAuOTI0IDgyLjA0MjJDMTE1LjUyMSA4MS4wODYxIDExMi43NTUgODQuNzI1MiAxMDguMDkzIDg2LjkwNTdDMTA0LjI2NyA4OC42OTQgOTUuNjg4MyA4OS4xNTIzIDk1LjU0ODIgODYuNjgxMkM5NS4xODc2IDgwLjMwNTMgMTAwLjA2MyA4Mi4yNDIzIDk5LjcxMSA4MC42NDQ4Wk05OS43MTEgODAuNjQ0OEM5OS4zOTI5IDc5LjIwNiA5Ny4yMTI4IDc3Ljc5MzkgOTUuNzcwNSA3NC4yNzI1Qzk0LjUxMTQgNzEuMTk5IDc4LjUwMTkgNDcuNjI4OSAxMDAuMjEgNTEuMTI5NEMxMDEuMDA2IDUwLjk2MzcgOTQuNTQ4NSAzMC4zMzQ4IDc0LjIzMjUgMjkuOTk5NEM1My45MjExIDI5LjY2MzkgNTQuNTg3NSA1NS4xNTQ1IDU0LjU4NzUgNTUuMTU0NSIgc3Ryb2tlPSJ3aGl0ZSIgc3Ryb2tlLXdpZHRoPSIyIiBzdHJva2UtbGluZWNhcD0icm91bmQiIHN0cm9rZS1saW5lam9pbj0iYmV2ZWwiLz4KPHBhdGggZD0iTTY2LjQwNzcgODIuODI1M0M2My41NzYgODYuMDEwOCA2NC40MDg4IDg2LjU3MDIgNTguNzQ4NSA4Ny43NDM5QzUzLjAyMTQgODguOTMyNyA1Ni4zODYyIDkxLjA0ODUgNTguNTgyMiA5MS42MDEzQzYxLjI0NTIgOTIuMjcyNCA2Ny40MDYxIDkzLjIyMjQgNzEuNTY4OSA4Ny4zNTI0QzcyLjgzNjYgODUuNTY1MSA3MS41NjE0IDgyLjcxMzQgNjkuODIwMSA4MS45ODY0QzY4Ljk3ODcgODEuNjM1NCA2Ny44NTM3IDgxLjE5NTYgNjYuNDA3NyA4Mi44MjUzWiIgc3Ryb2tlPSJ3aGl0ZSIgc3Ryb2tlLXdpZHRoPSIyIiBzdHJva2UtbGluZWNhcD0icm91bmQiIHN0cm9rZS1saW5lam9pbj0icm91bmQiLz4KPHBhdGggZD0iTTY2LjIyMjUgODIuNzY5MUM2NS45MzcyIDgwLjg5NjEgNjYuODMzNiA3OC42Njc0IDY3Ljc5NDMgNzYuMDU5OUM2OS4yMzggNzIuMTQ3NyA3Mi41NjkgNjguMjM0OCA2OS45MDQ0IDU1LjgyNDZDNjcuOTE4MiA0Ni41NzY3IDU0LjU5NjMgNTMuOSA1NC41ODggNTUuMTU0QzU0LjU3OTggNTYuNDA3NSA1NS4xOTA1IDYxLjUwOTkgNTQuMzY1NCA2Ny40NTE1QzUzLjI4ODggNzUuMjA0OCA1OS4yNjQzIDgxLjc2MjEgNjYuMTQ1MSA4MS4wOTEzIiBzdHJva2U9IndoaXRlIiBzdHJva2Utd2lkdGg9IjIiIHN0cm9rZS1saW5lY2FwPSJyb3VuZCIgc3Ryb2tlLWxpbmVqb2luPSJyb3VuZCIvPgo8cGF0aCBkPSJNNjMuMDUyOCA1NC45NjY1QzYyLjk5MjggNTUuMzk0OCA2My44MzE0IDU2LjUzNzcgNjQuOTI0OSA1Ni42OTA0QzY2LjAxNjYgNTYuODQzNyA2Ni45NTEgNTUuOTUwNiA2Ny4wMTAyIDU1LjUyMjdDNjcuMDY5NCA1NS4wOTQ1IDY2LjIzMTggNTQuNjIyNyA2NS4xMzc5IDU0LjQ2OTRDNjQuMDQ1NiA1NC4zMTU4IDYzLjExMDggNTQuNTM5MyA2My4wNTMxIDU0Ljk2NjVINjMuMDUyOFoiIGZpbGw9IndoaXRlIiBzdHJva2U9IndoaXRlIiBzdHJva2Utd2lkdGg9IjIiLz4KPHBhdGggZD0iTTk2LjMwMzQgNTQuMDkyNEM5Ni4zNjI3IDU0LjUyMDcgOTUuNTI1MSA1NS42NjM1IDk0LjQzMTMgNTUuODE2MkM5My4zMzg5IDU1Ljk2OTYgOTIuNDA0NSA1NS4wNzY1IDkyLjM0NDYgNTQuNjQ4NkM5Mi4yODY4IDU0LjIyMDMgOTMuMTI0NyA1My43NDg2IDk0LjIxNzMgNTMuNTk1M0M5NS4zMSA1My40NDE5IDk2LjI0NDIgNTMuNjY1MiA5Ni4zMDM0IDU0LjA5MjZWNTQuMDkyNFoiIGZpbGw9IndoaXRlIiBzdHJva2U9IndoaXRlIi8+CjxwYXRoIGQ9Ik0xMDAuMjEgNTEuMTI4OUMxMDAuMzkgNTQuNDg4MyA5OS40OTIgNTYuNzc2NSA5OS4zNzg3IDYwLjM1MjdDOTkuMjExIDY1LjU1MDggMTAxLjg0IDcxLjUwMDUgOTcuODc4OSA3Ny40NTc1IiBzdHJva2U9IndoaXRlIiBzdHJva2Utd2lkdGg9IjIiIHN0cm9rZS1saW5lY2FwPSJyb3VuZCIgc3Ryb2tlLWxpbmVqb2luPSJyb3VuZCIvPgo8ZGVmcz4KPGxpbmVhckdyYWRpZW50IGlkPSJwYWludDBfbGluZWFyXzY4M18yODQ5IiB4MT0iMTQwIiB5MT0iMTMwLjUiIHgyPSI0IiB5Mj0iOS40OTk5OSIgZ3JhZGllbnRVbml0cz0idXNlclNwYWNlT25Vc2UiPgo8c3RvcCBzdG9wLWNvbG9yPSIjMDAyQzRDIi8+CjxzdG9wIG9mZnNldD0iMSIgc3RvcC1jb2xvcj0iIzAwNDc3QiIvPgo8L2xpbmVhckdyYWRpZW50Pgo8L2RlZnM+Cjwvc3ZnPgo= + #tabs: + # services: + # labelSelector: + # cnpg.io/cluster: "{reqs[0]['metadata','name']}" + # workloadMonitors: + # labelSelector: + # helm.toolkit.fluxcd.io/name: "{reqs[0]['metadata','name']}" + + keysOrder: [["apiVersion"], ["appVersion"], ["kind"], ["metadata"], ["metadata", "name"], ["spec", "replicas"], ["spec", "resources"], ["spec", "resourcesPreset"], ["spec", "size"], ["spec", "storageClass"], ["spec", "external"], ["spec", "postgresql"], ["spec", "postgresql", "parameters"], ["spec", "postgresql", "parameters", "max_connections"], ["spec", "quorum"], ["spec", "quorum", "minSyncReplicas"], ["spec", "quorum", "maxSyncReplicas"], ["spec", "users"], ["spec", "databases"], ["spec", "backup"], ["spec", "backup", "enabled"], ["spec", "backup", "retentionPolicy"], ["spec", "backup", "destinationPath"], ["spec", "backup", "endpointURL"], ["spec", "backup", "schedule"], ["spec", "backup", "s3AccessKey"], ["spec", "backup", "s3SecretKey"], ["spec", "bootstrap"], ["spec", "bootstrap", "enabled"], ["spec", "bootstrap", "recoveryTime"], ["spec", "bootstrap", "oldName"]] + secrets: + exclude: + - matchLabels: + apps.cozystack.io/tenantresource: "false" + include: [{}] diff --git a/packages/system/cozystack-api/templates/cozystack-resource-definitions/rabbitmq.yaml b/packages/system/cozystack-api/templates/cozystack-resource-definitions/rabbitmq.yaml new file mode 100644 index 00000000..87606b4f --- /dev/null +++ b/packages/system/cozystack-api/templates/cozystack-resource-definitions/rabbitmq.yaml @@ -0,0 +1,35 @@ +apiVersion: cozystack.io/v1alpha1 +kind: CozystackResourceDefinition +metadata: + name: rabbitmq +spec: + application: + kind: RabbitMQ + plural: rabbitmqs + singular: rabbitmq + openAPISchema: |- + {"title":"Chart Values","type":"object","properties":{"external":{"description":"Enable external access from outside the cluster","type":"boolean","default":false},"replicas":{"description":"Number of RabbitMQ replicas","type":"integer","default":3},"resources":{"description":"Explicit CPU and memory configuration for each RabbitMQ replica. When left empty, the preset defined in `resourcesPreset` is applied.","type":"object","default":{},"properties":{"cpu":{"description":"CPU available to each replica","pattern":"^(\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))))?$","anyOf":[{"type":"integer"},{"type":"string"}],"x-kubernetes-int-or-string":true},"memory":{"description":"Memory (RAM) available to each replica","pattern":"^(\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))))?$","anyOf":[{"type":"integer"},{"type":"string"}],"x-kubernetes-int-or-string":true}}},"resourcesPreset":{"description":"Default sizing preset used when `resources` is omitted. Allowed values: `nano`, `micro`, `small`, `medium`, `large`, `xlarge`, `2xlarge`.","type":"string","default":"nano","enum":["nano","micro","small","medium","large","xlarge","2xlarge"]},"size":{"description":"Persistent Volume Claim size, available for application data","default":"10Gi","pattern":"^(\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))))?$","anyOf":[{"type":"integer"},{"type":"string"}],"x-kubernetes-int-or-string":true},"storageClass":{"description":"StorageClass used to store the data","type":"string"},"users":{"description":"Users configuration","type":"object","default":{},"additionalProperties":{"type":"object","properties":{"password":{"description":"Password for the user","type":"string"}}}},"vhosts":{"description":"Virtual Hosts configuration","type":"object","default":{},"additionalProperties":{"type":"object","required":["roles"],"properties":{"roles":{"description":"Virtual host roles list","type":"object","properties":{"admin":{"description":"List of admin users","type":"array","items":{"type":"string"}},"readonly":{"description":"List of readonly users","type":"array","items":{"type":"string"}}}}}}}}} + release: + prefix: rabbitmq- + labels: + cozystack.io/ui: "true" + chart: + name: rabbitmq + sourceRef: + kind: HelmRepository + name: cozystack-apps + namespace: cozy-public + dashboard: + category: PaaS + singular: RabbitMQ + plural: RabbitMQ + description: Managed RabbitMQ service + tags: + - messaging + icon: PHN2ZyB3aWR0aD0iMTQ0IiBoZWlnaHQ9IjE0NCIgdmlld0JveD0iMCAwIDE0NCAxNDQiIGZpbGw9Im5vbmUiIHhtbG5zPSJodHRwOi8vd3d3LnczLm9yZy8yMDAwL3N2ZyI+CjxyZWN0IHg9Ii0wLjAwMTk1MzEyIiB3aWR0aD0iMTQ0IiBoZWlnaHQ9IjE0NCIgcng9IjI0IiBmaWxsPSJ1cmwoI3BhaW50MF9saW5lYXJfNjgzXzI5NzIpIi8+CjxwYXRoIGQ9Ik0xMTEuNDExIDYyLjhIODIuNDkzOUM4MS43OTY5IDYyLjc5OTcgODEuMTI4NSA2Mi41MjI4IDgwLjYzNTYgNjIuMDMwMUM4MC4xNDI3IDYxLjUzNzMgNzkuODY1NiA2MC44NjkxIDc5Ljg2NTMgNjAuMTcyMlYzMC4wNDEyQzc5Ljg2NTMgMjcuODEgNzguMDU1NiAyNiA3NS44MjQ5IDI2SDY1LjUwMjFDNjMuMjcgMjYgNjEuNDYxNCAyNy44MSA2MS40NjE0IDMwLjA0MTJWNTkuOTg5OEM2MS40NjE0IDYxLjU0MzUgNjAuMjA1IDYyLjgwNjUgNTguNjUwOCA2Mi44MTMzTDQ5LjE3NDMgNjIuODU4NEM0Ny42MDY5IDYyLjg2NjkgNDYuMzMzNiA2MS41OTU1IDQ2LjMzNjYgNjAuMDI5OEw0Ni4zOTU0IDMwLjA0OEM0Ni40MDA1IDI3LjgxMzQgNDQuNTkwMiAyNiA0Mi4zNTUgMjZIMzIuMDQwN0MyOS44MDgzIDI2IDI4IDI3LjgxIDI4IDMwLjA0MTJWMTE0LjQxMkMyOCAxMTYuMzk0IDI5LjYwNjEgMTE4IDMxLjU4NzEgMTE4SDExMS40MTFDMTEzLjM5NCAxMTggMTE1IDExNi4zOTQgMTE1IDExNC40MTJWNjYuMzg4QzExNSA2NC40MDU4IDExMy4zOTQgNjIuOCAxMTEuNDExIDYyLjhaTTk3Ljg1MDggOTQuNDc3OUM5Ny44NTA4IDk3LjA3NTUgOTUuNzQ0NSA5OS4xODE3IDkzLjE0NjQgOTkuMTgxN0g4NC45ODg0QzgyLjM5IDk5LjE4MTcgODAuMjgzNiA5Ny4wNzU1IDgwLjI4MzYgOTQuNDc3OVY4Ni4zMjE3QzgwLjI4MzYgODMuNzIzOCA4Mi4zOSA4MS42MTc5IDg0Ljk4ODQgODEuNjE3OUg5My4xNDY0Qzk1Ljc0NDUgODEuNjE3OSA5Ny44NTA4IDgzLjcyMzggOTcuODUwOCA4Ni4zMjE3Vjk0LjQ3NzlaIiBmaWxsPSJ3aGl0ZSIvPgo8ZGVmcz4KPGxpbmVhckdyYWRpZW50IGlkPSJwYWludDBfbGluZWFyXzY4M18yOTcyIiB4MT0iNSIgeTE9Ii03LjUiIHgyPSIxNDEiIHkyPSIxMjQuNSIgZ3JhZGllbnRVbml0cz0idXNlclNwYWNlT25Vc2UiPgo8c3RvcCBzdG9wLWNvbG9yPSIjRkY4MjJGIi8+CjxzdG9wIG9mZnNldD0iMSIgc3RvcC1jb2xvcj0iI0ZGNjYwMCIvPgo8L2xpbmVhckdyYWRpZW50Pgo8L2RlZnM+Cjwvc3ZnPgo= + keysOrder: [["apiVersion"], ["appVersion"], ["kind"], ["metadata"], ["metadata", "name"], ["spec", "replicas"], ["spec", "resources"], ["spec", "resourcesPreset"], ["spec", "size"], ["spec", "storageClass"], ["spec", "external"], ["spec", "users"], ["spec", "vhosts"]] + secrets: + exclude: + - matchLabels: + apps.cozystack.io/tenantresource: "false" + include: [{}] diff --git a/packages/system/cozystack-api/templates/cozystack-resource-definitions/redis.yaml b/packages/system/cozystack-api/templates/cozystack-resource-definitions/redis.yaml new file mode 100644 index 00000000..95bee1e7 --- /dev/null +++ b/packages/system/cozystack-api/templates/cozystack-resource-definitions/redis.yaml @@ -0,0 +1,35 @@ +apiVersion: cozystack.io/v1alpha1 +kind: CozystackResourceDefinition +metadata: + name: redis +spec: + application: + kind: Redis + plural: redises + singular: redis + openAPISchema: |- + {"title":"Chart Values","type":"object","properties":{"authEnabled":{"description":"Enable password generation","type":"boolean","default":true},"external":{"description":"Enable external access from outside the cluster","type":"boolean","default":false},"replicas":{"description":"Number of Redis replicas","type":"integer","default":2},"resources":{"description":"Explicit CPU and memory configuration for each Redis replica. When left empty, the preset defined in `resourcesPreset` is applied.","type":"object","default":{},"properties":{"cpu":{"description":"CPU available to each replica","pattern":"^(\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))))?$","anyOf":[{"type":"integer"},{"type":"string"}],"x-kubernetes-int-or-string":true},"memory":{"description":"Memory (RAM) available to each replica","pattern":"^(\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))))?$","anyOf":[{"type":"integer"},{"type":"string"}],"x-kubernetes-int-or-string":true}}},"resourcesPreset":{"description":"Default sizing preset used when `resources` is omitted. Allowed values: `nano`, `micro`, `small`, `medium`, `large`, `xlarge`, `2xlarge`.","type":"string","default":"nano","enum":["nano","micro","small","medium","large","xlarge","2xlarge"]},"size":{"description":"Persistent Volume Claim size, available for application data","default":"1Gi","pattern":"^(\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))))?$","anyOf":[{"type":"integer"},{"type":"string"}],"x-kubernetes-int-or-string":true},"storageClass":{"description":"StorageClass used to store the data","type":"string"}}} + release: + prefix: redis- + labels: + cozystack.io/ui: "true" + chart: + name: redis + sourceRef: + kind: HelmRepository + name: cozystack-apps + namespace: cozy-public + dashboard: + category: PaaS + singular: Redis + plural: Redis + description: Managed Redis service + tags: + - cache + icon: PHN2ZyB3aWR0aD0iMTQ0IiBoZWlnaHQ9IjE0NCIgdmlld0JveD0iMCAwIDE0NCAxNDQiIGZpbGw9Im5vbmUiIHhtbG5zPSJodHRwOi8vd3d3LnczLm9yZy8yMDAwL3N2ZyI+CjxyZWN0IHdpZHRoPSIxNDQiIGhlaWdodD0iMTQ0IiByeD0iMjQiIGZpbGw9InVybCgjcGFpbnQwX2xpbmVhcl82ODNfMzIxMykiLz4KPHBhdGggZD0iTTEyMC4xNDkgOTUuNTQ5MUMxMTQuNTg2IDk4LjQ0ODUgODUuNzcwOSAxMTAuMjk2IDc5LjYzNjMgMTEzLjQ5NUM3My41MDE2IDExNi42OTMgNzAuMDkzNyAxMTYuNjYyIDY1LjI0NzIgMTE0LjM0NkM2MC40MDEyIDExMi4wMjkgMjkuNzM2NCA5OS42NDIzIDI0LjIxMjUgOTcuMDAxOUMyMS40NTE5IDk1LjY4MjcgMjAgOTQuNTY4NyAyMCA5My41MTY2VjgyLjk4MDlDMjAgODIuOTgwOSA1OS45MjIgNzQuMjkwMSA2Ni4zNjY5IDcxLjk3NzhDNzIuODExNSA2OS42NjU2IDc1LjA0NzYgNjkuNTgyMSA4MC41MzIgNzEuNTkxQzg2LjAxNzMgNzMuNjAwOCAxMTguODEyIDc5LjUxNzYgMTI0LjIzMyA4MS41MDI5TDEyNC4yMyA5MS44ODk2QzEyNC4yMzEgOTIuOTMxMSAxMjIuOTggOTQuMDczNiAxMjAuMTQ5IDk1LjU0OTFaIiBmaWxsPSIjOTEyNjI2Ii8+CjxwYXRoIGQ9Ik0xMjAuMTQ3IDg1LjA3NTJDMTE0LjU4NSA4Ny45NzM0IDg1Ljc3IDk5LjgyMTggNzkuNjM1NCAxMDMuMDJDNzMuNTAxMSAxMDYuMjE5IDcwLjA5MzIgMTA2LjE4NyA2NS4yNDcyIDEwMy44NzFDNjAuNDAwNyAxMDEuNTU1IDI5LjczNzEgODkuMTY2OCAyNC4yMTM2IDg2LjUyOEMxOC42OTAxIDgzLjg4NzYgMTguNTc0NCA4Mi4wNzA0IDI0LjAwMDMgNzkuOTQ1OEMyOS40MjYxIDc3LjgyMDUgNTkuOTIxNSA2NS44NTYxIDY2LjM2NzIgNjMuNTQzOEM3Mi44MTE4IDYxLjIzMjQgNzUuMDQ3NSA2MS4xNDgxIDgwLjUzMTkgNjMuMTU3OEM4Ni4wMTY4IDY1LjE2NjggMTE0LjY2IDc2LjU2NzYgMTIwLjA3OSA3OC41NTI1QzEyNS41MDEgODAuNTM5OSAxMjUuNzA5IDgyLjE3NjMgMTIwLjE0NyA4NS4wNzUyWiIgZmlsbD0iI0M2MzAyQiIvPgo8cGF0aCBkPSJNMTIwLjE0OSA3OC41MDJDMTE0LjU4NiA4MS40MDE4IDg1Ljc3MDkgOTMuMjQ5MyA3OS42MzYzIDk2LjQ0ODhDNzMuNTAxNiA5OS42NDYyIDcwLjA5MzcgOTkuNjE1MiA2NS4yNDcyIDk3LjI5ODVDNjAuNDAwOCA5NC45ODMgMjkuNzM2NCA4Mi41OTUyIDI0LjIxMjUgNzkuOTU0N0MyMS40NTE5IDc4LjYzNTUgMjAgNzcuNTIzMiAyMCA3Ni40NzA3VjY1LjkzMzhDMjAgNjUuOTMzOCA1OS45MjIgNTcuMjQzNCA2Ni4zNjY5IDU0LjkzMTFDNzIuODExNSA1Mi42MTg5IDc1LjA0NzYgNTIuNTM1IDgwLjUzMiA1NC41NDQzQzg2LjAxNzcgNTYuNTUzNiAxMTguODEzIDYyLjQ2OTMgMTI0LjIzMyA2NC40NTVMMTI0LjIzIDc0Ljg0MjhDMTI0LjIzMSA3NS44ODQgMTIyLjk4IDc3LjAyNjQgMTIwLjE0OSA3OC41MDJaIiBmaWxsPSIjOTEyNjI2Ii8+CjxwYXRoIGQ9Ik0xMjAuMTQ3IDY4LjAyODJDMTE0LjU4NSA3MC45MjcxIDg1Ljc3IDgyLjc3NDcgNzkuNjM1NCA4NS45NzM3QzczLjUwMTEgODkuMTcxNiA3MC4wOTMyIDg5LjE0MDIgNjUuMjQ3MiA4Ni44MjM1QzYwLjQwMDcgODQuNTA4NCAyOS43MzcxIDcyLjEyMDEgMjQuMjEzNiA2OS40ODA5QzE4LjY5MDEgNjYuODQxMyAxOC41NzQ0IDY1LjAyMzcgMjQuMDAwMyA2Mi44OTg0QzI5LjQyNjEgNjAuNzc0MiA1OS45MjE5IDQ4LjgwOSA2Ni4zNjcyIDQ2LjQ5NzJDNzIuODExOCA0NC4xODUzIDc1LjA0NzUgNDQuMTAxNCA4MC41MzE5IDQ2LjExMDhDODYuMDE2OCA0OC4xMTk3IDExNC42NiA1OS41MTk3IDEyMC4wNzkgNjEuNTA1NUMxMjUuNTAxIDYzLjQ5MjQgMTI1LjcwOSA2NS4xMjkyIDEyMC4xNDcgNjguMDI4MloiIGZpbGw9IiNDNjMwMkIiLz4KPHBhdGggZD0iTTEyMC4xNDkgNjAuODIyNEMxMTQuNTg2IDYzLjcyMTQgODUuNzcwOSA3NS41Njk4IDc5LjYzNjMgNzguNzY5MkM3My41MDE2IDgxLjk2NzEgNzAuMDkzNyA4MS45MzU3IDY1LjI0NzIgNzkuNjE5QzYwLjQwMDggNzcuMzAzNSAyOS43MzY0IDY0LjkxNTIgMjQuMjEyNSA2Mi4yNzZDMjEuNDUxOSA2MC45NTU2IDIwIDU5Ljg0MjggMjAgNTguNzkxNVY0OC4yNTQyQzIwIDQ4LjI1NDIgNTkuOTIyIDM5LjU2NDIgNjYuMzY2OSAzNy4yNTI0QzcyLjgxMTUgMzQuOTM5NyA3NS4wNDc2IDM0Ljg1NjcgODAuNTMyIDM2Ljg2NTZDODYuMDE3NyAzOC44NzQ5IDExOC44MTMgNDQuNzkwNSAxMjQuMjMzIDQ2Ljc3NjNMMTI0LjIzIDU3LjE2MzdDMTI0LjIzMSA1OC4yMDQgMTIyLjk4IDU5LjM0NjUgMTIwLjE0OSA2MC44MjI0WiIgZmlsbD0iIzkxMjYyNiIvPgo8cGF0aCBkPSJNMTIwLjE0NyA1MC4zNDlDMTE0LjU4NSA1My4yNDc5IDg1Ljc2OTggNjUuMDk2MyA3OS42MzUyIDY4LjI5NDFDNzMuNTAwOSA3MS40OTIgNzAuMDkzIDcxLjQ2MDYgNjUuMjQ2OSA2OS4xNDUxQzYwLjQwMDkgNjYuODI4MyAyOS43MzY5IDU0LjQ0MDkgMjQuMjEzOCA1MS44MDEzQzE4LjY4OTkgNDkuMTYyMSAxOC41NzQ2IDQ3LjM0NDEgMjQgNDUuMjE5MkMyOS40MjU5IDQzLjA5NDYgNTkuOTIxNyAzMS4xMzEgNjYuMzY3IDI4LjgxODRDNzIuODExNiAyNi41MDYxIDc1LjA0NzMgMjYuNDIzIDgwLjUzMTcgMjguNDMyNEM4Ni4wMTY2IDMwLjQ0MTcgMTE0LjY1OSA0MS44NDE4IDEyMC4wNzkgNDMuODI3NUMxMjUuNTAxIDQ1LjgxMjggMTI1LjcwOSA0Ny40NSAxMjAuMTQ3IDUwLjM0OVoiIGZpbGw9IiNDNjMwMkIiLz4KPHBhdGggZD0iTTg0Ljg1NDEgNDAuMDk5NEw3NS44OTI2IDQxLjAyOThMNzMuODg2NSA0NS44NTdMNzAuNjQ2MyA0MC40NzAzTDYwLjI5ODMgMzkuNTQwNEw2OC4wMTk3IDM2Ljc1NThMNjUuNzAzIDMyLjQ4MTRMNzIuOTMyMSAzNS4zMDg4TDc5Ljc0NzEgMzMuMDc3NUw3Ny45MDUyIDM3LjQ5NzJMODQuODU0MSA0MC4wOTk0Wk03My4zNTE1IDYzLjUxODRMNTYuNjI2NiA1Ni41ODE2TDgwLjU5MiA1Mi45MDI5TDczLjM1MTUgNjMuNTE4NFpNNTAuMTYzNyA0Mi43ODI2QzU3LjIzODEgNDIuNzgyNiA2Mi45NzMgNDUuMDA1NyA2Mi45NzMgNDcuNzQ3NUM2Mi45NzMgNTAuNDkwMSA1Ny4yMzgxIDUyLjcxMjggNTAuMTYzNyA1Mi43MTI4QzQzLjA4OTMgNTIuNzEyOCAzNy4zNTQ1IDUwLjQ4OTcgMzcuMzU0NSA0Ny43NDc1QzM3LjM1NDUgNDUuMDA1NyA0My4wODkzIDQyLjc4MjYgNTAuMTYzNyA0Mi43ODI2WiIgZmlsbD0id2hpdGUiLz4KPHBhdGggZD0iTTk1LjQ0MzQgNDEuNDE3NEwxMDkuNjI3IDQ3LjAyMjRMOTUuNDU1NiA1Mi42MjJMOTUuNDQzNCA0MS40MTc0WiIgZmlsbD0iIzYyMUIxQyIvPgo8cGF0aCBkPSJNNzkuNzUyOSA0Ny42MjYxTDk1LjQ0NDkgNDEuNDE4OUw5NS40NTcxIDUyLjYyMzZMOTMuOTE4NCA1My4yMjU0TDc5Ljc1MjkgNDcuNjI2MVoiIGZpbGw9IiM5QTI5MjgiLz4KPGRlZnM+CjxsaW5lYXJHcmFkaWVudCBpZD0icGFpbnQwX2xpbmVhcl82ODNfMzIxMyIgeDE9IjE4OSIgeTE9IjIxMC41IiB4Mj0iMCIgeTI9IjAiIGdyYWRpZW50VW5pdHM9InVzZXJTcGFjZU9uVXNlIj4KPHN0b3Agc3RvcC1jb2xvcj0iI0E4MDAwMCIvPgo8c3RvcCBvZmZzZXQ9IjEiIHN0b3AtY29sb3I9IiNGRkNGQ0YiLz4KPC9saW5lYXJHcmFkaWVudD4KPC9kZWZzPgo8L3N2Zz4K + keysOrder: [["apiVersion"], ["appVersion"], ["kind"], ["metadata"], ["metadata", "name"], ["spec", "replicas"], ["spec", "resources"], ["spec", "resourcesPreset"], ["spec", "size"], ["spec", "storageClass"], ["spec", "external"], ["spec", "authEnabled"]] + secrets: + exclude: + - matchLabels: + apps.cozystack.io/tenantresource: "false" + include: [{}] diff --git a/packages/system/cozystack-api/templates/cozystack-resource-definitions/seaweedfs.yaml b/packages/system/cozystack-api/templates/cozystack-resource-definitions/seaweedfs.yaml new file mode 100644 index 00000000..098eb434 --- /dev/null +++ b/packages/system/cozystack-api/templates/cozystack-resource-definitions/seaweedfs.yaml @@ -0,0 +1,34 @@ +apiVersion: cozystack.io/v1alpha1 +kind: CozystackResourceDefinition +metadata: + name: seaweedfs +spec: + application: + kind: SeaweedFS + singular: seaweedfs + plural: seaweedfses + openAPISchema: |- + {"title":"Chart Values","type":"object","properties":{"db":{"description":"Database Configuration","type":"object","default":{},"required":["resources","resourcesPreset"],"properties":{"replicas":{"description":"Number of database replicas","type":"integer","default":2},"resources":{"description":"Explicit CPU and memory configuration for the database. When left empty, the preset defined in `resourcesPreset` is applied.","type":"object","default":{},"properties":{"cpu":{"description":"The number of CPU cores allocated","pattern":"^(\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))))?$","anyOf":[{"type":"integer"},{"type":"string"}],"x-kubernetes-int-or-string":true},"memory":{"description":"The amount of memory allocated","pattern":"^(\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))))?$","anyOf":[{"type":"integer"},{"type":"string"}],"x-kubernetes-int-or-string":true}}},"resourcesPreset":{"description":"Default sizing preset used when `resources` is omitted. Allowed values: `nano`, `micro`, `small`, `medium`, `large`, `xlarge`, `2xlarge`.","type":"string","default":"small","enum":["nano","micro","small","medium","large","xlarge","2xlarge"]},"size":{"description":"Persistent Volume size","default":"10Gi","pattern":"^(\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))))?$","anyOf":[{"type":"integer"},{"type":"string"}],"x-kubernetes-int-or-string":true},"storageClass":{"description":"StorageClass used to store the data","type":"string"}}},"filer":{"description":"Filer service configuration","type":"object","default":{},"required":["resources","resourcesPreset"],"properties":{"grpcHost":{"description":"The hostname used to expose or access the filer service externally.","type":"string"},"grpcPort":{"description":"The port used to access the filer service externally.","type":"integer","default":443},"replicas":{"description":"Number of filer replicas","type":"integer","default":2},"resources":{"description":"Explicit CPU and memory configuration for the filer. When left empty, the preset defined in `resourcesPreset` is applied.","type":"object","default":{},"properties":{"cpu":{"description":"The number of CPU cores allocated","pattern":"^(\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))))?$","anyOf":[{"type":"integer"},{"type":"string"}],"x-kubernetes-int-or-string":true},"memory":{"description":"The amount of memory allocated","pattern":"^(\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))))?$","anyOf":[{"type":"integer"},{"type":"string"}],"x-kubernetes-int-or-string":true}}},"resourcesPreset":{"description":"Default sizing preset used when `resources` is omitted. Allowed values: `nano`, `micro`, `small`, `medium`, `large`, `xlarge`, `2xlarge`.","type":"string","default":"small","enum":["nano","micro","small","medium","large","xlarge","2xlarge"]},"whitelist":{"description":"A list of IP addresses or CIDR ranges that are allowed to access the filer service.","type":"array","default":[],"items":{"type":"string"}}}},"host":{"description":"The hostname used to access the SeaweedFS externally (defaults to 's3' subdomain for the tenant host).","type":"string"},"master":{"description":"Master service configuration","type":"object","default":{},"required":["resources","resourcesPreset"],"properties":{"replicas":{"description":"Number of master replicas","type":"integer","default":3},"resources":{"description":"Explicit CPU and memory configuration for the master. When left empty, the preset defined in `resourcesPreset` is applied.","type":"object","default":{},"properties":{"cpu":{"description":"The number of CPU cores allocated","pattern":"^(\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))))?$","anyOf":[{"type":"integer"},{"type":"string"}],"x-kubernetes-int-or-string":true},"memory":{"description":"The amount of memory allocated","pattern":"^(\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))))?$","anyOf":[{"type":"integer"},{"type":"string"}],"x-kubernetes-int-or-string":true}}},"resourcesPreset":{"description":"Default sizing preset used when `resources` is omitted. Allowed values: `nano`, `micro`, `small`, `medium`, `large`, `xlarge`, `2xlarge`.","type":"string","default":"small","enum":["nano","micro","small","medium","large","xlarge","2xlarge"]}}},"replicationFactor":{"description":"Replication factor: number of replicas for each volume in the SeaweedFS cluster.","type":"integer","default":2},"s3":{"description":"S3 service configuration","type":"object","default":{},"required":["resources","resourcesPreset"],"properties":{"replicas":{"description":"Number of s3 replicas","type":"integer","default":2},"resources":{"description":"Explicit CPU and memory configuration for the s3. When left empty, the preset defined in `resourcesPreset` is applied.","type":"object","default":{},"properties":{"cpu":{"description":"The number of CPU cores allocated","pattern":"^(\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))))?$","anyOf":[{"type":"integer"},{"type":"string"}],"x-kubernetes-int-or-string":true},"memory":{"description":"The amount of memory allocated","pattern":"^(\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))))?$","anyOf":[{"type":"integer"},{"type":"string"}],"x-kubernetes-int-or-string":true}}},"resourcesPreset":{"description":"Default sizing preset used when `resources` is omitted. Allowed values: `nano`, `micro`, `small`, `medium`, `large`, `xlarge`, `2xlarge`.","type":"string","default":"small","enum":["nano","micro","small","medium","large","xlarge","2xlarge"]}}},"topology":{"description":"The topology of the SeaweedFS cluster. (allowed values: Simple, MultiZone, Client)","type":"string","default":"Simple","enum":["Simple","MultiZone","Client"]},"volume":{"description":"Volume service configuration","type":"object","default":{},"required":["resources","resourcesPreset"],"properties":{"replicas":{"description":"Number of volume replicas","type":"integer","default":2},"resources":{"description":"Explicit CPU and memory configuration for the volume. When left empty, the preset defined in `resourcesPreset` is applied.","type":"object","default":{},"properties":{"cpu":{"description":"The number of CPU cores allocated","pattern":"^(\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))))?$","anyOf":[{"type":"integer"},{"type":"string"}],"x-kubernetes-int-or-string":true},"memory":{"description":"The amount of memory allocated","pattern":"^(\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))))?$","anyOf":[{"type":"integer"},{"type":"string"}],"x-kubernetes-int-or-string":true}}},"resourcesPreset":{"description":"Default sizing preset used when `resources` is omitted. Allowed values: `nano`, `micro`, `small`, `medium`, `large`, `xlarge`, `2xlarge`.","type":"string","default":"small","enum":["nano","micro","small","medium","large","xlarge","2xlarge"]},"size":{"description":"Persistent Volume size","default":"10Gi","pattern":"^(\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))))?$","anyOf":[{"type":"integer"},{"type":"string"}],"x-kubernetes-int-or-string":true},"storageClass":{"description":"StorageClass used to store the data","type":"string"},"zones":{"description":"A map of zones for MultiZone topology. Each zone can have its own number of replicas and size.","type":"object","default":{},"additionalProperties":{"type":"object","properties":{"replicas":{"description":"Number of replicas in the zone","type":"integer"},"size":{"description":"Zone storage size","pattern":"^(\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))))?$","anyOf":[{"type":"integer"},{"type":"string"}],"x-kubernetes-int-or-string":true}}}}}}}} + release: + prefix: "" + labels: + cozystack.io/ui: "true" + chart: + name: seaweedfs + sourceRef: + kind: HelmRepository + name: cozystack-extra + namespace: cozy-public + dashboard: + category: Administration + singular: SeaweedFS + plural: SeaweedFS + name: seaweedfs + description: Seaweedfs + icon: PHN2ZyB3aWR0aD0iMTQ0IiBoZWlnaHQ9IjE0NCIgdmlld0JveD0iMCAwIDE0NCAxNDQiIGZpbGw9Im5vbmUiIHhtbG5zPSJodHRwOi8vd3d3LnczLm9yZy8yMDAwL3N2ZyI+CjxyZWN0IHdpZHRoPSIxNDQiIGhlaWdodD0iMTQ0IiByeD0iMjQiIGZpbGw9InVybCgjcGFpbnQwX2xpbmVhcl82NzlfMTkxMCkiLz4KPHBhdGggZD0iTTEzOC42ODUgMTIxLjA1N0MxMzguNjg1IDEyNi42NTIgMTM2LjQ2MiAxMzIuMDE3IDEzMi41MDQgMTM1Ljk3M0MxMjguNTQ3IDEzOS45MjkgMTIzLjE3OSAxNDIuMTUxIDExNy41ODIgMTQyLjE1MUMxMTEuOTg1IDE0Mi4xNTEgMTA2LjYxOCAxMzkuOTI5IDEwMi42NiAxMzUuOTczQzk4LjcwMjggMTMyLjAxNyA5Ni40Nzk1IDEyNi42NTIgOTYuNDc5NSAxMjEuMDU3Qzk2LjQ3OTUgMTE4LjI4NyA5Ny4wMjUzIDExNS41NDQgOTguMDg1OCAxMTIuOTg1Qzk5LjE0NjMgMTEwLjQyNSAxMDAuNzAxIDEwOC4xIDEwMi42NiAxMDYuMTQxQzEwNC42MiAxMDQuMTgyIDEwNi45NDYgMTAyLjYyOSAxMDkuNTA3IDEwMS41NjlDMTEyLjA2NyAxMDAuNTA5IDExNC44MTEgOTkuOTYyOSAxMTcuNTgyIDk5Ljk2MjlDMTIwLjM1MyA5OS45NjI5IDEyMy4wOTggMTAwLjUwOSAxMjUuNjU4IDEwMS41NjlDMTI4LjIxOCAxMDIuNjI5IDEzMC41NDQgMTA0LjE4MiAxMzIuNTA0IDEwNi4xNDFDMTM0LjQ2NCAxMDguMSAxMzYuMDE4IDExMC40MjUgMTM3LjA3OSAxMTIuOTg1QzEzOC4xMzkgMTE1LjU0NCAxMzguNjg1IDExOC4yODcgMTM4LjY4NSAxMjEuMDU3WiIgZmlsbD0idXJsKCNwYWludDFfcmFkaWFsXzY3OV8xOTEwKSIvPgo8cGF0aCBkPSJNMTEwLjMzNiAxMjYuMTQ3SDEyMy42OFYxMzYuODIzSDExMC4zMzZWMTI2LjE0N1oiIGZpbGw9IiMwRjVFOUMiLz4KPHBhdGggZD0iTTExOS4yNyAxMTIuMjk0QzExOS4yNyAxMTIuNzE0IDExOS4xNzggMTEzLjEzMSAxMTkgMTEzLjUxOUMxMTguODIxIDExMy45MDggMTE4LjU2IDExNC4yNjEgMTE4LjIzIDExNC41NThDMTE3LjkwMSAxMTQuODU1IDExNy41MDkgMTE1LjA5MSAxMTcuMDc5IDExNS4yNTJDMTE2LjY0OCAxMTUuNDEzIDExNi4xODYgMTE1LjQ5NiAxMTUuNzIgMTE1LjQ5NkMxMTQuNzc4IDExNS40OTYgMTEzLjg3NSAxMTUuMTU4IDExMy4yMSAxMTQuNTU4QzExMi41NDQgMTEzLjk1NyAxMTIuMTcgMTEzLjE0MyAxMTIuMTcgMTEyLjI5NEMxMTIuMTcgMTExLjQ0NSAxMTIuNTQ0IDExMC42MyAxMTMuMjEgMTEwLjAzQzExMy44NzUgMTA5LjQyOSAxMTQuNzc4IDEwOS4wOTIgMTE1LjcyIDEwOS4wOTJDMTE2LjE4NiAxMDkuMDkyIDExNi42NDggMTA5LjE3NSAxMTcuMDc5IDEwOS4zMzZDMTE3LjUwOSAxMDkuNDk2IDExNy45MDEgMTA5LjczMiAxMTguMjMgMTEwLjAzQzExOC41NiAxMTAuMzI3IDExOC44MjEgMTEwLjY4IDExOSAxMTEuMDY4QzExOS4xNzggMTExLjQ1NyAxMTkuMjcgMTExLjg3MyAxMTkuMjcgMTEyLjI5NFoiIGZpbGw9IiM1OTY4NkYiLz4KPHBhdGggZD0iTTEyOC4xMSAxMTQuMTAzQzEyOC4xMSAxMTQuOTUzIDEyNy43MzYgMTE1Ljc2NyAxMjcuMDcgMTE2LjM2OEMxMjYuNDA0IDExNi45NjggMTI1LjUwMSAxMTcuMzA1IDEyNC41NiAxMTcuMzA1QzEyNC4wOTQgMTE3LjMwNSAxMjMuNjMyIDExNy4yMjMgMTIzLjIwMSAxMTcuMDYyQzEyMi43NzEgMTE2LjkwMSAxMjIuMzc5IDExNi42NjUgMTIyLjA1IDExNi4zNjhDMTIxLjcyIDExNi4wNyAxMjEuNDU4IDExNS43MTcgMTIxLjI4IDExNS4zMjlDMTIxLjEwMiAxMTQuOTQgMTIxLjAxIDExNC41MjQgMTIxLjAxIDExNC4xMDNDMTIxLjAxIDExMy42ODMgMTIxLjEwMiAxMTMuMjY2IDEyMS4yOCAxMTIuODc4QzEyMS40NTggMTEyLjQ5IDEyMS43MiAxMTIuMTM3IDEyMi4wNSAxMTEuODM5QzEyMi4zNzkgMTExLjU0MiAxMjIuNzcxIDExMS4zMDYgMTIzLjIwMSAxMTEuMTQ1QzEyMy42MzIgMTEwLjk4NCAxMjQuMDk0IDExMC45MDEgMTI0LjU2IDExMC45MDFDMTI1LjUwMSAxMTAuOTAxIDEyNi40MDQgMTExLjIzOSAxMjcuMDcgMTExLjgzOUMxMjcuNzM2IDExMi40NCAxMjguMTEgMTEzLjI1NCAxMjguMTEgMTE0LjEwM1oiIGZpbGw9IiM1OTY4NkYiLz4KPHBhdGggZD0iTTEyMi4zMzMgMTE4Ljk3NkMxMjIuMzMzIDExOS44MjYgMTIxLjk1OCAxMjAuNjQgMTIxLjI5MyAxMjEuMjQxQzEyMC42MjcgMTIxLjg0MSAxMTkuNzI0IDEyMi4xNzggMTE4Ljc4MiAxMjIuMTc4QzExOC4zMTYgMTIyLjE3OCAxMTcuODU1IDEyMi4wOTYgMTE3LjQyNCAxMjEuOTM1QzExNi45OTMgMTIxLjc3NCAxMTYuNjAyIDEyMS41MzggMTE2LjI3MiAxMjEuMjQxQzExNS45NDMgMTIwLjk0MyAxMTUuNjgxIDEyMC41OSAxMTUuNTAzIDEyMC4yMDJDMTE1LjMyNCAxMTkuODEzIDExNS4yMzIgMTE5LjM5NyAxMTUuMjMyIDExOC45NzZDMTE1LjIzMiAxMTguNTU2IDExNS4zMjQgMTE4LjE0IDExNS41MDMgMTE3Ljc1MUMxMTUuNjgxIDExNy4zNjMgMTE1Ljk0MyAxMTcuMDEgMTE2LjI3MiAxMTYuNzEyQzExNi42MDIgMTE2LjQxNSAxMTYuOTkzIDExNi4xNzkgMTE3LjQyNCAxMTYuMDE4QzExNy44NTUgMTE1Ljg1NyAxMTguMzE2IDExNS43NzQgMTE4Ljc4MiAxMTUuNzc0QzExOS43MjQgMTE1Ljc3NCAxMjAuNjI3IDExNi4xMTIgMTIxLjI5MyAxMTYuNzEyQzEyMS45NTggMTE3LjMxMyAxMjIuMzMzIDExOC4xMjcgMTIyLjMzMyAxMTguOTc2WiIgZmlsbD0iIzU5Njg2RiIvPgo8cGF0aCBkPSJNMTE1LjMwOCAxMjEuOTA1QzExMy43MzUgMTIxLjQyNiAxMTUuNzA3IDEyMC42OCAxMTUuNDI5IDEyMC41NzNDMTE0LjY1MyAxMjAuMjc2IDExNS43MyAxMTkuMzMzIDExNi43NCAxMTguNTM5QzExNy42MjggMTE3Ljg0MSAxMTcuNjU5IDExNy44MzkgMTE3Ljg5MiAxMTguNDY4QzExOC4wMjQgMTE4LjgyMyAxMTguMzcxIDExOS4yMDYgMTE4LjY2NSAxMTkuMzE5QzExOS4yODkgMTE5LjU1OCAxMjAuOTUxIDExOS4yNjkgMTIwLjk1MSAxMTguODM1QzEyMC45NTEgMTE4LjIyMyAxMjEuNDE1IDExOC42OTkgMTIxLjc5NCAxMTkuNTMxQzEyMi40NTcgMTIwLjk4NyAxMjIuNDM3IDEyMi40NzIgMTIxLjQ1IDEyMi40NzJDMTIwLjg1OSAxMjIuNDcyIDEyMC4zMSAxMjIuNjkxIDEyMC4xOSAxMjMuMTQ3QzExNS4wNDYgMTI0LjYgMTE2LjQ3MSAxMjMuMjg0IDExNS4zMDggMTIxLjkwNVpNMTIzLjA5NCAxMTguMDU0QzEyMS42MDkgMTE3LjQ2NiAxMjAuNTQ3IDExNC44MzggMTIwLjU0NyAxMTMuMzA5QzEyMC41NDcgMTExLjMyMyAxMjIuNTQxIDEwOS4wOTUgMTI0LjMxNyAxMDkuMDk1QzEyOC4zMTUgMTA5LjA5NSAxMzAuNjg0IDExMi4yNjEgMTI4LjgzOCAxMTguNDA5QzEyOC4zODUgMTE5LjkxOSAxMjMuOTMzIDExOC4zODcgMTIzLjA5NCAxMTguMDU0Wk0xMjUuODY2IDExNS42NDlDMTI3LjU0NCAxMTQuNDc0IDEyNS44NTcgMTExLjc1NSAxMjMuOTgxIDExMi42MUMxMjIuNDc5IDExMy4yOTQgMTIzLjExOSAxMTYuMTE1IDEyNC43NyAxMTYuMTY0QzEyNC45NjEgMTE2LjE2OSAxMjUuNDU0IDExNS45MzggMTI1Ljg2NiAxMTUuNjQ5Wk0xMjQuMzM5IDExNC41NzlDMTIzLjc3MSAxMTQuMzgxIDEyMy44MDMgMTEzLjI1NiAxMjQuMzgzIDExMy4wMzRDMTI0LjkwMiAxMTIuODM1IDEyNS42MDQgMTEzLjM5OCAxMjUuNjA0IDExNC4wMTRDMTI1LjYwNCAxMTQuNDg5IDEyNC45MzYgMTE0Ljc4NyAxMjQuMzM5IDExNC41NzlaTTExMi4zMTkgMTE2Ljk4QzEwOS45NiAxMTUuNjcgMTEwLjI4NiAxMTEuMDA2IDExMi40MTcgMTA4Ljk2NUMxMTQuMzk2IDEwNy4wNjkgMTE4Ljc3OCAxMDcuMTAzIDExOS43NjQgMTA5LjQ2MkMxMjAuNDE1IDExMS4wMjEgMTIwLjIyOCAxMTIuNiAxMTkuMzk4IDExNC4wNzdDMTE4LjE5NCAxMTYuMjE5IDExNC4yNDIgMTE4LjA0OSAxMTIuMzE5IDExNi45OFpNMTE2LjU2IDExMy41OTNDMTE3LjMyNSAxMTIuOTAxIDExNy4yOTcgMTEyLjA2IDExNi41NzIgMTExLjI1OUMxMTUuNzc3IDExMC4zNzkgMTE0LjY5MiAxMTAuMzQ1IDExNC4wMzUgMTExLjM0N0MxMTMuNTI0IDExMi4xMjcgMTEzLjQzMSAxMTIuNTI4IDExMy45NDMgMTEzLjMwOUMxMTQuNTggMTE0LjI4IDExNS42NyAxMTQuMzk5IDExNi41NiAxMTMuNTkzWk0xMTQuMzc0IDExMi4zNEMxMTQuMTI4IDExMS42OTggMTE0Ljk4NSAxMTAuOTgxIDExNS42OCAxMTEuMjQ3QzExNS45NzQgMTExLjM2IDExNi4xNjQgMTExLjcxOCAxMTYuMTAyIDExMi4wNDRDMTE1Ljk2MSAxMTIuNzg1IDExNC42MzIgMTEzLjAxMiAxMTQuMzc0IDExMi4zNFoiIGZpbGw9IiNEM0Q2REEiLz4KPHBhdGggZD0iTTExOC40NjMgMTIxLjAwOEwxMTcuOTQ1IDEyMC43OEMxMTcuNTEgMTIwLjY4NSAxMTcuMjMxIDEyMS4xMDcgMTE3LjEzNiAxMjEuNTQzTDExNi44ODEgMTIyLjcwOUMxMTYuNzg2IDEyMy4xNDUgMTE3LjA2MSAxMjMuNTcxIDExNy40OTYgMTIzLjY2NkwxMTguNDQ3IDEyMy44NzRDMTE4Ljg4MiAxMjMuOTY5IDExOS4zMTEgMTIzLjY5NCAxMTkuNDA2IDEyMy4yNTlMMTE5LjY4NSAxMjEuNTU2QzExOS43OCAxMjEuMTIgMTE5LjQ3OSAxMjEuMjI4IDExOS4wNDMgMTIxLjEzM0wxMTguNjI4IDEyMS4wNDNDMTE4LjU3MyAxMjEuMzIxIDExOC41MTYgMTIxLjYxMyAxMTguNDcxIDEyMS44MzNDMTE4LjQzOCAxMjEuOTk4IDExOC40MDcgMTIyLjE0OCAxMTguMzc5IDEyMi4yODJDMTE4LjM1MSAxMjIuNDE1IDExOC4zMjcgMTIyLjUzMyAxMTguMzA1IDEyMi42MzVDMTE4LjI4MiAxMjIuNzM4IDExOC4yNjIgMTIyLjgyNSAxMTguMjQ1IDEyMi44OTdDMTE4LjIyOCAxMjIuOTY5IDExOC4yMTQgMTIzLjAyNSAxMTguMjAyIDEyMy4wNjhDMTE4LjE5NiAxMjMuMDg5IDExOC4xOTMgMTIzLjEwNyAxMTguMTg4IDEyMy4xMjFDMTE4LjE4MyAxMjMuMTM1IDExOC4xNzggMTIzLjE0NSAxMTguMTc1IDEyMy4xNTJDMTE4LjE3MyAxMjMuMTU1IDExOC4xNzIgMTIzLjE1NiAxMTguMTcxIDEyMy4xNThDMTE4LjE3IDEyMy4xNTkgMTE4LjE2OCAxMjMuMTYgMTE4LjE2NyAxMjMuMTZMMTE4LjE2NSAxMjMuMTU4QzExOC4xNjQgMTIzLjE1NiAxMTguMTYzIDEyMy4xNTIgMTE4LjE2MyAxMjMuMTQ4QzExOC4xNjIgMTIzLjE0IDExOC4xNjIgMTIzLjEyOSAxMTguMTYzIDEyMy4xMTVDMTE4LjE2MyAxMjMuMSAxMTguMTYzIDEyMy4wODMgMTE4LjE2NSAxMjMuMDYxQzExOC4xNjggMTIzLjAxOCAxMTguMTc1IDEyMi45NjEgMTE4LjE4MyAxMjIuODkxQzExOC4xOTIgMTIyLjgyIDExOC4yMDMgMTIyLjczNiAxMTguMjE2IDEyMi42NEMxMTguMjI5IDEyMi41NDMgMTE4LjI0NiAxMjIuNDMxIDExOC4yNjQgMTIyLjMwOEMxMTguMjgxIDEyMi4xODUgMTE4LjMwMSAxMjIuMDUxIDExOC4zMjMgMTIxLjkwM0MxMTguMzQ2IDEyMS43NTUgMTE4LjM3IDEyMS41OTIgMTE4LjM5NyAxMjEuNDE5QzExOC40MTYgMTIxLjI5OSAxMTguNDQyIDEyMS4xNCAxMTguNDYzIDEyMS4wMDhaIiBmaWxsPSIjOThDNkQ4Ii8+CjxwYXRoIGQ9Ik0xMDMuNTgxIDExNi4zNjdDMTAzLjQ3OSAxMTYuMTAzIDEwMy42MjIgMTE1LjY5OSAxMDMuODk4IDExNS40NjlDMTA0LjMwMyAxMTUuMTMzIDEwNC41MDQgMTE1LjE1NSAxMDQuOTMgMTE1LjU4MUMxMDUuMjIgMTE1Ljg3MSAxMDUuMzU1IDExNi4yNzYgMTA1LjIzIDExNi40NzlDMTA0LjkwMiAxMTcuMDA5IDEwMy43OTggMTE2LjkzNCAxMDMuNTgxIDExNi4zNjdaIiBmaWxsPSIjOThDNkQ4Ii8+CjxwYXRoIGQ9Ik0xMDYuMDM4IDExMi4yODFDMTA1LjY4IDExMS44NDkgMTA1LjcwMiAxMTEuNjYgMTA2LjE2NSAxMTEuMTk3QzEwNi42ODkgMTEwLjY3NCAxMDYuNzY0IDExMC42NzQgMTA3LjI4NyAxMTEuMTk3QzEwNy43NTEgMTExLjY2IDEwNy43NzMgMTExLjg0OSAxMDcuNDE1IDExMi4yODFDMTA3LjE3NiAxMTIuNTY4IDEwNi44NjYgMTEyLjgwMyAxMDYuNzI2IDExMi44MDNDMTA2LjU4NiAxMTIuODAzIDEwNi4yNzcgMTEyLjU2OCAxMDYuMDM4IDExMi4yODFaIiBmaWxsPSIjOThDNkQ4Ii8+CjxwYXRoIGQ9Ik0xMDYuMDM4IDEwNy4yMjRDMTA1LjY4MiAxMDYuNzk1IDEwNS42OTQgMTA2LjYxMiAxMDYuMTA2IDEwNi4yMDFDMTA2LjY1IDEwNS42NTcgMTA3LjczOCAxMDUuODggMTA3LjczOCAxMDYuNTM2QzEwNy43MzggMTA2Ljk3IDEwNy4wNzIgMTA3Ljc0NyAxMDYuNyAxMDcuNzQ3QzEwNi41NzUgMTA3Ljc0NyAxMDYuMjc3IDEwNy41MTIgMTA2LjAzOCAxMDcuMjI0WiIgZmlsbD0iIzk4QzZEOCIvPgo8cGF0aCBkPSJNMTE3Ljk1NSAxMzYuNTQxQzExNC41NzggMTM2LjExMSAxMTAuMDg3IDEzNC44ODEgMTA5LjQxIDEzNC4yNzRDMTA4LjEyMyAxMzMuMTE5IDEwOC45NDIgMTI3Ljg3OSAxMTAuNDY2IDEyNi41NEMxMTEuMzg3IDEyNS43MzEgMTE1LjAzOSAxMjQuNjYzIDExNy4xODIgMTI1LjE2OUMxMTkuNjQyIDEyNS43NDkgMTIzLjkzMiAxMjguNjQ4IDEyNC4yNSAxMjkuNTA4QzEyNC42MjUgMTMwLjUyMiAxMjQuMDQ4IDEzNC41NDEgMTIzLjMyMyAxMzUuNTM2QzEyMi42OTQgMTM2LjM5OSAxMjAuMzI1IDEzNi44NDMgMTE3Ljk1NSAxMzYuNTQxWk0xMjAuNTQgMTM0LjA4NEMxMjEuMjk3IDEzMy4zOTkgMTIxLjM0MiAxMzEuODQyIDEyMC42MjcgMTMxLjEyNkMxMTkuNDkgMTI5Ljk4OSAxMTcuMTEyIDEzMC44NjkgMTE3LjExMiAxMzIuNDI4QzExNy4xMTIgMTM0LjMwNCAxMTkuMTg5IDEzNS4zMDcgMTIwLjU0IDEzNC4wODRaTTExOC41ODIgMTMzLjEyNUMxMTguMzExIDEzMi40MTkgMTE4LjY4IDEzMS42MDggMTE5LjI3MiAxMzEuNjA4QzEyMCAxMzEuNjA4IDEyMC4yMjggMTMyLjE3MyAxMTkuODEyIDEzMi45NDlDMTE5LjM4MSAxMzMuNzU1IDExOC44NTMgMTMzLjgzIDExOC41ODIgMTMzLjEyNVpNMTE2LjQyMiAxMzMuMTQzQzExNy4wOTQgMTMyLjMzMyAxMTYuNzExIDEzMS4xNzYgMTE1LjY4MSAxMzAuOTAyQzExNC41ODEgMTMwLjYxIDExNC4wNTIgMTMxLjE4MyAxMTQuODY5IDEzMS43OEMxMTUuNjgzIDEzMi4zNzUgMTE1LjU1MSAxMzIuNjc5IDExNC41MzMgMTMyLjU1N0MxMTMuMzI3IDEzMi40MTMgMTEyLjgzMyAxMzEuNTY2IDExMy4yNTQgMTMwLjM2MkMxMTMuNjgxIDEyOS4xNDIgMTE1LjE5NyAxMjguODYzIDExNS43NTMgMTI5LjkwMkMxMTYuMTkzIDEzMC43MjUgMTE2LjYyNyAxMzAuNzkzIDExNi45IDEzMC4wODNDMTE3LjIyOSAxMjkuMjI0IDExNS45MTQgMTI4LjIzNyAxMTQuNDQgMTI4LjIzN0MxMTEuOTkzIDEyOC4yMzcgMTEwLjgxNiAxMzEuMDc0IDExMi41NDYgMTMyLjgwM0MxMTMuNSAxMzMuNzU4IDExNS43NDkgMTMzLjk1NSAxMTYuNDIyIDEzMy4xNDNaIiBmaWxsPSIjN0JBOUI5Ii8+CjxwYXRoIGQ9Ik0xMjAuMTE4IDEzOC41OTJDMTE4Ljc1MSAxMzcuMjk3IDEyMS45MTYgMTM2LjA5NiAxMjMuNjA2IDEzOC4yODNDMTI0LjQ2OSAxMzkuMzIyIDEyMi44NTMgMTM5Ljk3NiAxMjAuMTE4IDEzOC41OTJaTTEwNi4xMiAxMzUuNjU4QzEwNC43NTEgMTM0LjI4OSAxMDYuOTYzIDEzMy45MDQgMTA4LjU4MSAxMzUuMjNMMTA5Ljk0MSAxMzUuOTJMMTA4LjA1OSAxMzYuMDYxQzEwNy4yMTUgMTM2LjA2MiAxMDYuMzQzIDEzNS44ODEgMTA2LjEyIDEzNS42NThWMTM1LjY1OFpNMTI1LjM2MyAxMjcuODY2QzEyNS4wODIgMTI3LjQxIDEyOC4zMzMgMTI2LjI2NyAxMjguNjg4IDEyNi40ODZDMTI4Ljg0NiAxMjYuNTg0IDEyOC45NzUgMTI3LjMzNyAxMjguOTc1IDEyOC4xNjFDMTI4Ljk3NSAxMjkuMjM5IDEyOC44NCAxMjkuNjU4IDEyOC40OSAxMjkuNjU4QzEyOC4yMjIgMTI5LjY1OCAxMjUuNDc2IDEyOC4wNDcgMTI1LjM2MyAxMjcuODY2Wk0xMTguNjQxIDEyMS4wOTVDMTE0Ljg3MSAxMjAuNzUzIDExNS4zNzggMTE5LjMyNyAxMTYuMzYxIDExOC40OTlDMTE2LjkyOCAxMTguMDIxIDExNy4zNCAxMTcuNzc5IDExNy45MTMgMTE3LjY2N0MxMTcuOTEzIDExNy42NjcgMTE3Ljg3MiAxMTkuMDQ2IDExOC42NjYgMTE5LjMxOUMxMTkuMjk3IDExOS41MzYgMTIwLjI3OCAxMTkuMDY0IDEyMC40NzEgMTE4LjY3NUMxMjIuMTg4IDExNS4yMDEgMTIxLjQxNSAxMTguNjk5IDEyMS43OTQgMTE5LjUzMkMxMjMuMjM4IDEyNC4wMDcgMTIwLjE4OCAxMjEuNzMgMTE4LjY0MSAxMjEuMDk1Wk0xMDQuOTEyIDEyMS4yM0MxMDQuMjQyIDEyMC40ODcgMTAzLjY5MyAxMTkuNzI5IDEwMy42OTMgMTE5LjU0NEMxMDMuNjkzIDExOS4xMTYgMTA0Ljc0NiAxMTkuMTEyIDEwNS44NjMgMTE5LjUzN0MxMDYuNTkzIDExOS44MTQgMTEwLjM0NyAxMjAuMDA2IDExMC4zNDcgMTIxLjE1M0MxMTAuMzQ3IDEyMS44OTkgMTA4Ljg5IDEyMy43NjIgMTA4LjcyNiAxMjMuNzYyQzEwOC41NjMgMTIzLjc2MiAxMDUuNTgzIDEyMS45NzIgMTA0LjkxMiAxMjEuMjNaIiBmaWxsPSIjQTZCM0MyIi8+CjxwYXRoIGQ9Ik0xMTguNDYzIDEyMS4wMDhDMTE4LjQ0MiAxMjEuMTQgMTE4LjQxNiAxMjEuMjk5IDExOC4zOTcgMTIxLjQxOUMxMTguMzcgMTIxLjU5MiAxMTguMzQ1IDEyMS43NTUgMTE4LjMyMyAxMjEuOTAzQzExOC4zIDEyMi4wNTEgMTE4LjI4MSAxMjIuMTg1IDExOC4yNjMgMTIyLjMwOEMxMTguMjQ1IDEyMi40MzEgMTE4LjIyOSAxMjIuNTQyIDExOC4yMTYgMTIyLjYzOUMxMTguMjAzIDEyMi43MzYgMTE4LjE5MSAxMjIuODIgMTE4LjE4MyAxMjIuODlDMTE4LjE3NSAxMjIuOTYxIDExOC4xNjggMTIzLjAxOCAxMTguMTY1IDEyMy4wNjFDMTE4LjE2MyAxMjMuMDgzIDExOC4xNjQgMTIzLjEgMTE4LjE2MyAxMjMuMTE1QzExOC4xNjIgMTIzLjEyOSAxMTguMTYyIDEyMy4xNCAxMTguMTYzIDEyMy4xNDhDMTE4LjE2MyAxMjMuMTUyIDExOC4xNjQgMTIzLjE1NiAxMTguMTY1IDEyMy4xNThMMTE4LjE2NyAxMjMuMTZDMTE4LjE2OCAxMjMuMTYgMTE4LjE3IDEyMy4xNTkgMTE4LjE3MSAxMjMuMTU4QzExOC4xNzIgMTIzLjE1NyAxMTguMTczIDEyMy4xNTUgMTE4LjE3NSAxMjMuMTUyQzExOC4xNzggMTIzLjE0NSAxMTguMTgyIDEyMy4xMzUgMTE4LjE4NyAxMjMuMTIxQzExOC4xOTIgMTIzLjEwNyAxMTguMTk2IDEyMy4wODkgMTE4LjIwMiAxMjMuMDY3QzExOC4yMTMgMTIzLjAyNSAxMTguMjI4IDEyMi45NjkgMTE4LjI0NSAxMjIuODk3QzExOC4yNjIgMTIyLjgyNSAxMTguMjgyIDEyMi43MzggMTE4LjMwNSAxMjIuNjM1QzExOC4zMjcgMTIyLjUzMyAxMTguMzUxIDEyMi40MTUgMTE4LjM3OSAxMjIuMjgxQzExOC40MDYgMTIyLjE0OCAxMTguNDM4IDEyMS45OTggMTE4LjQ3MSAxMjEuODMzQzExOC41MTYgMTIxLjYxMyAxMTguNTczIDEyMS4zMjEgMTE4LjYyOCAxMjEuMDQzTDExOC40NjMgMTIxLjAwOFoiIGZpbGw9IiM0QzlDQkIiLz4KPHBhdGggZD0iTTMwLjk5ODYgMTQyLjY3M0MyNi40NDg5IDE0MC45MTYgMjEuNDY2NCAxMzYuODA1IDE4Ljc5MjEgMTMyLjYwM0MxNS40MDUzIDEyNy4yODEgMTQuNDA1MiAxMjMuNDE5IDE1LjA2MzYgMTE4LjIwM0MxNS42ODA2IDExMy4zMTUgMTcuMzU1OCAxMTAuNTU3IDIyLjIyMzIgMTA2LjQxM0MyOS4wNDE3IDEwMC42MDggMzQuNDg0NiA5Ny45Nzk5IDQwLjU5NDcgOTcuNTQxNUM0OS44MjEyIDk2Ljg3OTQgNTUuMDk3OCA5OS44MTA5IDU3LjY0NjUgMTA3LjAxNUM1OC41MDQzIDEwOS40MzkgNTguNjg1NiAxMTUuNTcgNTguMDU0NCAxMjAuODA5QzU3LjgzMTEgMTIyLjY2MyA1Ny40Nzg5IDEyNi4wNTUgNTcuMjcxOCAxMjguMzQ4QzU2LjU0NjcgMTM2LjM3NSA1NC40MTQ3IDE0MC40MTcgNDkuNjI1MyAxNDIuODQzQzQ4LjI5NzkgMTQzLjUxNiA0Ny43MTk5IDE0My41NjEgNDAuNjkyNCAxNDMuNTM5QzMzLjUxNTEgMTQzLjUxNiAzMy4wODEgMTQzLjQ3OCAzMC45OTg2IDE0Mi42NzNaTTAuMDc5NTc2NSAxMDQuOTY1QzAuMDgxNTcyMyAxMDMuODUzIDAuMTQ0NDAzIDEwMy40MzggMC4yMTk0MjcgMTA0LjA0NEMwLjI5NDQ1MSAxMDQuNjUgMC4yOTI4OTkgMTA1LjU2IDAuMjE1OTk2IDEwNi4wNjdDMC4xMzkwNzkgMTA2LjU3MyAwLjA3NzY4MzggMTA2LjA3OCAwLjA3OTU3NjUgMTA0Ljk2NVpNMC4wMDE3MzM1MSAxMDIuMjRDMC4wMTc4OTkyIDEwMS44NDggMC4wOTc3ODk3IDEwMS43NjggMC4yMDUzOTggMTAyLjAzN0MwLjMwMjc3MiAxMDIuMjggMC4yOTA3OTcgMTAyLjU3MSAwLjE3ODc4NyAxMDIuNjgzQzAuMDY2Nzc0OCAxMDIuNzk1IC0wLjAxMjkwMjEgMTAyLjU5NiAwLjAwMTczMzUxIDEwMi4yNFpNMC4wMjgzNDQ0IDc1LjEzMjZDMC4wMjgzNDQ0IDc0LjY2OTEgMC4xMDQ4NTcgNzQuNDc5NSAwLjE5ODM2OSA3NC43MTEyQzAuMjkxODg0IDc0Ljk0MyAwLjI5MTg4NCA3NS4zMjIyIDAuMTk4MzY5IDc1LjU1MzlDMC4xMDQ4NTcgNzUuNzg1NyAwLjAyODM0NDQgNzUuNTk2MSAwLjAyODM0NDQgNzUuMTMyNloiIGZpbGw9InVybCgjcGFpbnQyX3JhZGlhbF82NzlfMTkxMCkiLz4KPHBhdGggZD0iTTM1LjMxMzMgMTEyLjU0NEwzNy45IDExMS4wOTFMMzkuMzUxNyAxMjEuNDZMMzkuMjQ4IDEyOC45MjZMMzUuMzcwMyAxMzAuODUxTDMyLjkyMjkgMTI2LjQzN0wzNS4zMTMzIDExMi41NDRaIiBmaWxsPSIjMzA2MEFEIi8+CjxwYXRoIGQ9Ik0zOC43Mjk1IDExNi42OUwzOS4zNTE2IDEyNC41NzFMNDMuMjkxOSAxMjUuOTE5TDQzLjM5NTYgMTA5LjIyNUw0MC4xODEyIDExMC4wNTRMMzguNzI5NSAxMTYuNjlaIiBmaWxsPSIjNjA2MzY4Ii8+CjxwYXRoIGQ9Ik0zNS4zNjk5IDEzMC44NTFDMzMuMDMyNCAxMjkuNzMgMjkuNzMwMSAxMjYuNDA4IDI4LjY2MjEgMTI0LjEwM0MyOC4wMzMyIDEyMi43NDUgMjcuNjM5NyAxMjIuMzEgMjYuODkyMyAxMjIuMTQ2QzI1Ljc4NzkgMTIxLjkwMyAyNS44MDg0IDEyMS45NzEgMjYuMzIxOCAxMjAuMjU4QzI2LjU5MzYgMTE5LjM1IDI2LjkwMzIgMTE4Ljk1NCAyNy4zNDA2IDExOC45NTRDMjcuNjg2MiAxMTguOTU0IDI5LjE1OTcgMTE3Ljg0MSAzMC42MTQ5IDExNi40OEMzMi4wNzAyIDExNS4xMTkgMzMuNzIyNiAxMTMuNjc3IDM0LjI4NjkgMTEzLjI3NUwzNS4zMTI5IDExMi41NDRMMzUuNjc2NyAxMTQuMjQxQzM3LjA0NDMgMTIwLjYxOCAzNy4wMjcgMTI0LjI2NiAzNS42MTk4IDEyNi4yNDNDMzQuNTUyMSAxMjcuNzQ0IDM0Ljg0MTcgMTI4LjM5MyAzNi41NzkxIDEyOC4zOTNDMzcuMzk3IDEyOC4zOTMgMzcuODIyMiAxMjguMTg1IDM4LjEzMDUgMTI3LjYzNEMzOC42NzQ4IDEyNi42NjMgMzguNjMxNSAxMjAuOTY4IDM4LjA0NTQgMTE2LjQyNkMzNy4zNDQ2IDExMC45OTUgMzcuMzEyNyAxMTEuMTY3IDM5LjE1NzggMTEwLjM5OEM0MC4wMzYgMTEwLjAzMSA0MC44MTggMTA5Ljc5NyA0MC44OTU1IDEwOS44NzdDNDAuOTczMSAxMDkuOTU2IDQwLjgxOTEgMTExLjIzNSA0MC41NTM0IDExMi43MThDMzkuNjA2NyAxMTguMDAzIDM5LjkzMTUgMTIzLjIzOCA0MS4yNzUyIDEyNC4zNTNDNDEuNjg1MSAxMjQuNjkzIDQxLjcyMzMgMTIzLjk2OSA0MS41NDUyIDExOS4yMzJDNDEuMzE1NiAxMTMuMTIzIDQxLjUxNzQgMTEwLjkxOSA0Mi40MDc1IDEwOS44MkM0Mi45MTk4IDEwOS4xODggNDMuMjEzIDEwOS4xMTYgNDQuNDk1OSAxMDkuMzFDNDYuOTU2NiAxMDkuNjgyIDQ2Ljk1MDYgMTA5LjY2OCA0Ni4yMDk5IDExMy4yNTRDNDUuODQ5NiAxMTQuOTk5IDQ1LjQ0ODMgMTE3LjIyNCA0NS4zMTggMTE4LjJMNDUuMDgxMiAxMTkuOTczTDQ1Ljk0NDYgMTE5LjY0NUM0Ni40MTk1IDExOS40NjUgNDcuNDQxMyAxMTguOTk0IDQ4LjIxNTMgMTE4LjU5OUw0OS42MjI2IDExNy44ODFMNDkuMzg5MyAxMTguNjdDNDkuMjYxIDExOS4xMDUgNDkuMDY3MiAxMjAuNzAxIDQ4Ljk1ODcgMTIyLjIxOEw0OC43NjE0IDEyNC45NzZMNDcuMTA5NSAxMjQuMzI1QzQ2LjIwMSAxMjMuOTY3IDQ1LjMxMTYgMTIzLjY3NCA0NS4xMzMxIDEyMy42NzRDNDQuOTQxIDEyMy42NzQgNDQuODA4NSAxMjUuNTMyIDQ0LjgwODUgMTI4LjIyNEM0NC44MDg1IDEzMS44OTEgNDQuNzE3MSAxMzIuNzc1IDQ0LjMzODYgMTMyLjc3NUM0MS4wMTk4IDEzMi4yOTUgMzguNzg0MiAxMzIuNDU4IDM1LjM2OTkgMTMwLjg1MVoiIGZpbGw9IiNFRUMyM0IiLz4KPHBhdGggZD0iTTQxLjE2MzkgMTMyLjQxOEM0MS4xNjM5IDEzMi4yODMgNDEuMzQwOCAxMzAuNTE1IDQxLjY2OTIgMTI4LjE0NUM0MS45OTc3IDEyNS43NzUgNDIuMzU3NyAxMjIuOTYxIDQyLjQ2OTIgMTIxLjg5M0M0Mi41ODA4IDEyMC44MjQgNDIuNzk2OSAxMjAuMDI3IDQyLjk0OTUgMTIwLjEyMUM0My42NDQzIDEyMC41NTEgNDQuMjkzOCAxMjkuMzc1IDQ0LjA0NzQgMTMxLjQyQzQzLjg5MDkgMTMyLjcxOSA0My42NTk1IDEzMi43MzcgNDMuMzAxOSAxMzIuNjc3QzQyLjY2MDIgMTMyLjU3IDQxLjkxMDEgMTMyLjUxMyA0MS4xNjM5IDEzMi40MThaTTMyLjU5NjkgMTIyLjczNUMzMS42ODEzIDEyMi41ODMgMzAuODI0MiAxMjEuNDQyIDMwLjgyNDIgMTIwLjM3NEMzMC44MjQyIDExOS40MDcgMzIuMjM4MSAxMTcuOTM3IDMzLjE2ODUgMTE3LjkzN0MzNC42NjY2IDExNy45MzcgMzUuODM5MiAxMjAuNTEzIDM0Ljk0ODQgMTIxLjg0N0MzNC41NTE3IDEyMi40NDEgMzMuNDE0NyAxMjIuODcgMzIuNTk2OSAxMjIuNzM1WiIgZmlsbD0id2hpdGUiLz4KPHBhdGggZD0iTTExNC4wMjEgMTM3LjQ5OEMxMDcuMzE4IDEzNS43NCAxMDYuMjczIDEzNC4xMDQgMTA2LjYwOSAxMjUuODkxQzEwNi43MTYgMTIzLjI4MSAxMDYuODg1IDEyMC41MzkgMTA2Ljk4NiAxMTkuNzk3QzEwNy41NDUgMTE1LjY2NCAxMDguMzQyIDExMi4xNzMgMTA5LjA4NiAxMTAuNTk5QzEwOS43NDQgMTA5LjIwNiAxMDkuODQyIDEwOC43MTIgMTA5LjUzNSAxMDguMzQyQzEwOC40NSAxMDcuMDM1IDExMC4zNzEgMTA0Ljk5NSAxMTEuOTEgMTA1LjgxOUMxMTIuNDU3IDEwNi4xMTEgMTEyLjkxOCAxMDYuMDc3IDExMy45NDUgMTA1LjY2NUMxMTcuMDYyIDEwNC40MTkgMTIzLjExNyAxMDUuNTcxIDEyNi44MTQgMTA4LjExNUMxMjguMTQ5IDEwOS4wMzMgMTI4LjQ4NSAxMDkuMTM2IDEyOS4wMzggMTA4Ljc5MUMxMzAuNTIzIDEwNy44NjMgMTMyLjQ1MSAxMTAuNTczIDEzMS4yNSAxMTEuOUMxMzAuNzg3IDExMi40MTIgMTMwLjc1NSAxMTIuNzA1IDEzMS4wNjUgMTEzLjU5NkMxMzEuODUgMTE1Ljg0NiAxMzEuNzk0IDExNi4xMDQgMTI4LjAwNiAxMjcuNzE5QzEyNS41OCAxMzUuMTYgMTI0LjU0MyAxMzcuMzY1IDEyMy4yNjQgMTM3LjgxMUMxMjEuNjUzIDEzOC4zNzMgMTE2LjcyMyAxMzguMjA2IDExNC4wMjEgMTM3LjQ5OFpNMTIyLjU0MSAxMzUuMjI5QzEyMy4wMDMgMTM0LjU0MSAxMjMuMzU5IDEzMy4zMTMgMTIzLjUxMyAxMzEuODc4QzEyMy43OTQgMTI5LjI1IDEyMy44MTkgMTI5LjI4MyAxMjAuMzE3IDEyNy42MDFDMTE3LjY4NSAxMjYuMzM4IDExMy44MzMgMTI1Ljk3MiAxMTEuODU1IDEyNi43OThDMTEwLjgyOSAxMjcuMjI3IDExMC41OTUgMTI3LjU1NiAxMTAuMDU5IDEyOS4zMjdDMTA5LjExNiAxMzIuNDQzIDEwOS43MDMgMTM0LjMwOCAxMTEuODMyIDEzNC45NThDMTEzLjEzOSAxMzUuMzU3IDEyMC4wOSAxMzYuNDMgMTIwLjk4IDEzNi4zN0MxMjEuNTA0IDEzNi4zMzUgMTIyLjA4MiAxMzUuOTEyIDEyMi41NDEgMTM1LjIyOVpNMTE5LjQ1MSAxMjIuNDJDMTE5LjYzIDEyMi4wODEgMTE5LjY4NSAxMjEuNTU2IDExOS42ODUgMTIxLjU1NkMxMjAuMTU2IDEyMS42NTQgMTIwLjQ4IDEyMS42ODMgMTIwLjcyNiAxMjEuNzE5QzEyMS4xMDUgMTIxLjc3NCAxMjEuNTY0IDEyMS41ODcgMTIxLjc0NSAxMjEuMzAzQzEyMi4xNDkgMTIwLjY3MSAxMjAuNDc0IDExNy43MDEgMTE5LjU0OCAxMTcuNDA4QzExOC42NjggMTE3LjEyOCAxMTUuOTM1IDExOC44MjcgMTE1LjkzNSAxMTkuNjUzQzExNS45MzUgMTIwLjAyMiAxMTYuNTUzIDEyMC40MTEgMTE2LjgzMSAxMjAuNTE4QzExNi45ODIgMTIwLjU3NiAxMTcuMjUyIDEyMC43MzggMTE3LjU3NiAxMjAuOTM4QzExNy4zOCAxMjEuMzUxIDExNy4zNDYgMTIxLjQ3OCAxMTcuMzEyIDEyMS43MjRDMTE3LjIwNCAxMjIuNDk4IDExNy40MzUgMTIyLjY4NiAxMTguNDE2IDEyMi45MTJDMTE5LjE1MSAxMjIuOTkxIDExOS4yNSAxMjIuODQ1IDExOS40NTEgMTIyLjQyWk0xMjcuMjY1IDExNi44MzZDMTMwLjkzMyAxMTMuNDc1IDEyNy4wNzQgMTA3LjQxIDEyMi43MDUgMTA5LjY3QzEyMS42MjYgMTEwLjIyOCAxMjAuNjU0IDExMi4wMTkgMTIwLjY1NCAxMTMuNDQ5QzEyMC42NTQgMTE1LjY2NCAxMjIuODMxIDExNy45MzcgMTI0Ljk1NyAxMTcuOTQxQzEyNS43MzMgMTE3Ljk0MyAxMjYuNDE0IDExNy42MTcgMTI3LjI2NSAxMTYuODM2Wk0xMTcuMTQxIDExNS42MjJDMTE5LjAzNSAxMTQuNDY4IDExOS44MDQgMTExLjc5NSAxMTguODAyIDEwOS44NTdDMTE4LjA4MiAxMDguNDY0IDExNy4wMDggMTA3LjgzIDExNS4zNjYgMTA3LjgzQzExMS41MDggMTA3LjgzIDEwOS40ODUgMTEzLjIzNCAxMTIuNDY1IDExNS41NzhDMTEzLjU3IDExNi40NDggMTE1Ljc1NCAxMTYuNDY4IDExNy4xNDEgMTE1LjYyMloiIGZpbGw9IiMwOTk2RDEiLz4KPHBhdGggb3BhY2l0eT0iMC45IiBkPSJNMzMuMTc1NyAyNkwzMi4zODEgMjcuMjE5QzMxLjk0NDkgMjcuODg5IDMxLjI4MzYgMjkuMzI0OCAzMC45MDkxIDMwLjQwODhDMzAuNTM0NyAzMS40OTI4IDI5Ljk5MjIgMzIuOTcwMSAyOS43MDQzIDMzLjY5MjhDMjkuNDE2MyAzNC40MTU0IDI5LjE3MzMgMzYuMTE1IDI5LjE2MzggMzcuNDdDMjkuMTQzNiA0MC4zNTMgMjguNzQ5NCA0MS44ODg4IDI3LjYzNjQgNDMuNDIyNUMyNi45MjEyIDQ0LjQwOCAyNi42NzUxIDQ0LjUyMjMgMjUuNDUzMiA0NC40NDFDMjMuODk5NSA0NC4zMzc3IDIyLjgxNTMgNDUuMDgxNSAyMS4yMTcgNDcuMzQ4MUMyMC43MTY1IDQ4LjA1OCAyMC4xMzY3IDQ4LjYzOTMgMTkuOTI4OSA0OC42MzkzQzE5LjcyMTEgNDguNjM5MyAxOS4xODA1IDQ4LjIzMTkgMTguNzI2MiA0Ny43MzUxQzE4LjI3MTkgNDcuMjM4MiAxNy45OTQ0IDQ3LjAxMTUgMTguMTExIDQ3LjIyOThDMTguNDkgNDcuOTM5NiAxNy41OTA0IDUzLjI2MTUgMTYuODM3OCA1NC43NjQyQzE1Ljk2NyA1Ni41MDI4IDE0LjM4NzIgNTcuNzIzMyAxMi41MzU0IDU4LjA4NDNDMTEuMDA1OSA1OC4zODI2IDExLjIyODMgNTguMDkgOC43MTc5NSA2My4wOTQ2QzYuNjYzMzQgNjcuMTkwNyA1Ljk2OTM1IDY3LjgyNjQgMi42NTUzMyA2OC42NTQyQzEuNDk3MTcgNjguOTQzNCAwLjQ1ODc1OSA2OS43MTQyIDAgNzAuNTI4N1Y3Mi44MjYzQzAuMzU2MTkzIDcyLjc0NzMgMC44Mjg3MjggNzIuNjIwMyAxLjYxNDk5IDcyLjM4NzNDMi45OTQ4NiA3MS45NzgyIDQuODIzNDggNzEuNDgwNiA1LjY3ODEgNzEuMjgwNkM3LjcyOTM0IDcwLjgwMDYgOS4zOTM1MSA2OS4yMTk1IDkuOTIyNzkgNjcuMjQ2N0MxMC4yNDI0IDY2LjA1NTQgMTAuNzAzMyA2NS40MjQxIDExLjk5OTIgNjQuNDA1OEMxMy4yODQgNjMuMzk2MiAxMy43NTY1IDYyLjc1NDYgMTQuMDY3MSA2MS41OTY5QzE0LjM3MzkgNjAuNDUzMiAxNC43MDExIDYwLjAwNCAxNS40NDA3IDU5LjcwNjNDMTcuMDE1MyA1OS4wNzI0IDIwLjY0NDQgNTUuODY1NSAyMS4yMzYzIDU0LjU4NThDMjEuNTM3MyA1My45MzQ5IDIyLjExOTggNTIuNTM5OSAyMi41Mjg3IDUxLjQ4NjJDMjMuMjYzNCA0OS41OTMyIDI1LjAxOTUgNDcuMzI2MSAyNS43NTAxIDQ3LjMyNjFDMjUuOTU3NCA0Ny4zMjYxIDI3LjEwOSA0Ni43MjQ4IDI4LjMwOTMgNDUuOTkwOEMzMS4yMzc2IDQ0LjIwMDMgMzEuNTk5MSA0My40MTM2IDMxLjU5OTEgMzguODYxNEMzMS41OTkxIDM1LjY4MTQgMzEuNjg3IDM1LjE1NTcgMzIuMzQ2OCAzNC4zNjg0QzMzLjAwMzcgMzMuNTg0NyAzMy4wOTk3IDMzLjAyNDkgMzMuMTM1MSAyOS43MzkxTDMzLjE3NTcgMjZaTTI0LjMzMzggNjMuNTk1OEMyNC4yMDM3IDYzLjYxMzUgMjQuMDczOCA2My42NjE4IDIzLjkyNTggNjMuNzM2MkMyMi45Mzk3IDY0LjIzMTUgMjIuNjEzNiA2NC45MTAyIDIxLjU5NzMgNjguNTg2QzIxLjAxNzkgNzAuNjgxNSAyMC40MjEyIDcyLjA4MTkgMTkuODc5OCA3Mi42MTc4QzE5LjQyMzUgNzMuMDY5NSAxOC45MzgzIDczLjg4MjMgMTguODAxIDc0LjQyNDJDMTguMTgxIDc2Ljg3MTUgMTYuNzQ1NCA3OC42MDczIDE0LjQ0OTUgNzkuNjg3MUMxMi40NTU1IDgwLjYyNDkgMTAuNjQwNyA4Mi4xMTc5IDkuMTExMDIgODQuMDc5OEM4LjMyMTA5IDg1LjA5MjkgNy40ODc1MiA4Ni4wMjkgNy4yNTY3OCA4Ni4xNjA5QzYuNzYxNjQgODYuNDQ0IDUuNzA4OTkgODguODk0MSA0LjYwNzg1IDkyLjMyOEMzLjcxMDkyIDk1LjEyNSAxLjcxMDY1IDk3LjQ2ODIgMC40Nzg1MTQgOTcuMTY1OEMwLjI1NDkzMSA5Ny4xMTA5IDAuMTA2OTExIDk3LjExMzcgMCA5Ny4yOTAxVjEwNC40OTJDMC41NTY0MTEgMTAzLjY2NCAxLjIzNDIgMTAyLjYyOSAyLjU2MzQ3IDEwMC41NEM0LjM0NTExIDk3LjczOTcgNi40NjM4NSA5NC40ODY3IDcuMjcxNzMgOTMuMzEyNEM4LjA3OTYgOTIuMTM4MSA5LjM1Njg3IDkwLjE0ODggMTAuMTA4NiA4OC44OTE2QzExLjIzNDIgODcuMDA5MiAxMi4xMDE2IDg2LjEyNDMgMTUuMDI4NCA4My44ODMzTDE4LjU4MzEgODEuMTYyN0wyMC40MDUzIDc1Ljk4ODFDMjMuMTg5NSA2OC4wODE3IDIzLjk1ODUgNjcuMTk5NyAyNy43NjI0IDY3LjU1MTVDMjkuNDYwNSA2Ny43MDg1IDMwLjYzMzQgNjcuNjE5NiAzMi4wNzM0IDY3LjIyNjdDMzQuMTgyNiA2Ni42NTEyIDM0LjQ3OTkgNjYuMTg3MiAzMy4zNTUxIDY1LjIzMThDMzIuNjU1NCA2NC42Mzc2IDMxLjMxNTMgNjQuNjQgMjguMjM4OCA2NS4yNDE4QzI3LjMzOTcgNjUuNDE3NyAyNi45MzQzIDY1LjI3NTcgMjUuODkzMiA2NC40MTc4QzI1LjEwNTEgNjMuNzY4NCAyNC43MjQxIDYzLjU0MjYgMjQuMzMzOCA2My41OTU4Wk0zMS43MTY2IDgzLjI1OThDMzEuNjYwNSA4My4yNzQ5IDMxLjU5MjEgODMuMzEyNiAzMS41MTE1IDgzLjM3MjFDMzEuMjcwOSA4My41NSAzMC42NTM2IDgzLjc5IDMwLjEzNzkgODMuOTA1NEMyOS4zODc2IDg0LjA3MzQgMjkuMDQ5OCA4NC40OTMyIDI4LjQ0ODIgODYuMDA0NUMyOC4wMzQ3IDg3LjA0MzIgMjcuNDkxNSA4OC4xMTUzIDI3LjI0MTIgODguMzg2M0MyNi45OTA5IDg4LjY1NzMgMjYuNDc1IDg5LjU1MSAyNi4wOTQxIDkwLjM3MzJDMjQuOTQyMiA5Mi44NTkyIDIzLjUyODIgOTQuMDYxOCAxOS45MDExIDk1LjY0MjFDMTYuNjEwNyA5Ny4wNzU2IDE2LjU2NyA5Ny4xMDg2IDE1LjY2NzEgOTguOTgwMkMxNS4xMDI3IDEwMC4xNTQgMTQuNjc5MiAxMDEuNzU3IDE0LjU0OTkgMTAzLjIwNUMxNC4yNzMxIDEwNi4zMDIgMTMuNTk2MiAxMDcuMDMxIDkuNTIxMTggMTA4LjYxNkM1LjkxNDk3IDExMC4wMTkgMy41NzcwMiAxMTEuNzQ1IDMuNDE1ODMgMTEzLjEyM0MzLjI0MDQxIDExNC42MjMgMi41OTgxMyAxMTUuMDg0IDAuOTI5MjYgMTE0LjkwN0MwLjUzOTUyOSAxMTQuODY2IDAuMjQ0MzMyIDExNC44NTEgMCAxMTQuODgxVjEyMUMxLjAyNjU4IDExOS42NTggMi43MTkyMiAxMTguMzYxIDYuMjI0OTcgMTE2LjIwNkMxMC4zNjA0IDExMy42NjUgMTIuNzA2NSAxMTEuNTc1IDEzLjU3NzkgMTA5LjY1NEMxMy45MjYgMTA4Ljg4NyAxNC42NTQ3IDEwNy4zOTMgMTUuMTk3MSAxMDYuMzM0QzE1LjczOTUgMTA1LjI3NSAxNi4yODQ1IDEwMy45MDEgMTYuNDA4NCAxMDMuMjgxQzE2LjczMjQgMTAxLjY2IDE4LjMwMzIgMTAwLjM0OSAyMC42NjU5IDk5LjcyNkMyNS4xNzcgOTguNTM3MiAyNS43NDYxIDk4LjAxNjMgMjYuMzUyNSA5NC41MzU0QzI2Ljg1NjEgOTEuNjQ1MiAyOC42MTIgODguMDY2MSAzMC41MjY3IDg2LjAyNDZDMzEuMzA5NSA4NS4xOSAzMS45NDk1IDg0LjE4IDMxLjk0OTUgODMuNzc5MUMzMS45NDk1IDgzLjM3NjYgMzEuODg0OSA4My4yMTQ2IDMxLjcxNjYgODMuMjU5OFoiIGZpbGw9IiMzNTkxMzYiLz4KPHBhdGggZD0iTTguMDgxNzcgNzQuNDA4M0M2LjAzNDE5IDczLjg3MDUgNS44OTQ0MyA3My43MzAyIDYuMDQyNzEgNzIuMzYxNUM2LjEzMDI1IDcxLjU1MzMgNi4yNDAxNyA3MC44NTc1IDYuMjg2OTYgNzAuODE1NEM2LjMzMzc2IDcwLjc3MzMgNy43MDQ0MyA3MS4wNjg3IDkuMzMyOTIgNzEuNDcxOUMxMS45NzY4IDcyLjEyNjQgMTIuNDg2NiA3Mi4xMjM4IDE0LjA5NDcgNzEuNDQ3NEMxNi40MDQxIDcwLjQ3NiAxNy4yMzgzIDY4Ljc3NTMgMTYuNDAyMiA2Ni43NDMxQzE1Ljk0MjQgNjUuNjI1NyAxNC45MjA0IDY0LjgyODEgMTIuMjM4NCA2My40OTRDNy42NDE3IDYxLjIwNzUgNi41MzA2MiA1OS45OTkgNi4yNzQ2NSA1Ny4wMDc2QzUuODkzMzcgNTIuNTUxOSA4Ljg0Njg5IDQ5Ljk4MzYgMTQuMzUyMiA0OS45ODM2QzE1Ljk3MzMgNDkuOTgzNiAxNy44NDg3IDUwLjE5MzcgMTguNTE5NiA1MC40NTA1QzE5LjYzNjggNTAuODc4MSAxOS42OTM3IDUxLjAzOTkgMTkuMTk0NSA1Mi4zNzEyQzE4LjcxODIgNTMuNjQxNiAxOC41MDI3IDUzLjc2ODggMTcuNDg2MSA1My4zNzk2QzE1LjUxOTkgNTIuNjI3IDEyLjE5NDggNTIuODU1NCAxMS4wMDU4IDUzLjgyNDdDOS43OTA1OCA1NC44MTUzIDkuNTU3MzYgNTYuOTI1MiAxMC41MzI0IDU4LjEwNzlDMTAuODcyNyA1OC41MjA3IDEyLjkwODcgNTkuNzc5IDE1LjA1NjkgNjAuOTA0MUMxOC40NjI4IDYyLjY4ODEgMTkuMDgyIDYzLjIyMTQgMTkuODk1MSA2NS4wNzE5QzIxLjExNTIgNjcuODQ4NyAyMC42Nzg4IDcwLjM0MzcgMTguNjA3OCA3Mi40MzIzQzE2LjE2MDcgNzQuOTAwMiAxMi41NDEzIDc1LjU3OTYgOC4wODE3NyA3NC40MDgzWk0yOC45MzI4IDc0LjM4MjNDMjUuMjM2NSA3Mi45OTU4IDIzLjcxMzggNzAuNTQwNSAyMy43MTM4IDY1Ljk2NjdDMjMuNzEzOCA2Mi41MDM0IDI0LjU1ODggNjAuNDY5NyAyNi44MzMzIDU4LjQ1OTNDMjguMzk2NCA1Ny4wNzc2IDI4Ljk4NjcgNTYuODY4NiAzMS4zMjY4IDU2Ljg2ODZDMzIuODE2OCA1Ni44Njg2IDM0LjY4MjEgNTcuMjEyOSAzNS41MDA1IDU3LjYzODlDMzcuMzE2OSA1OC41ODQ2IDM4LjgzMTkgNjEuNzQyNiAzOC44NDY2IDY0LjYxNDNMMzguODU3MyA2Ni43MDQ0SDMyLjk0MjNIMjcuMDI3M0wyNy4zNDIgNjguMDU2OUMyNy41MTUgNjguODAwNyAyOC4zMzU0IDcwLjAzOTEgMjkuMTY1IDcwLjgwOUMzMC41NzczIDcyLjExOTYgMzAuODk0OSA3Mi4xOTc5IDM0LjE1NDcgNzIuMDM4NUMzNy4zOTM4IDcxLjg4MDEgMzcuNjQ2MyA3MS45NDA5IDM3Ljc4NCA3Mi45MTIyQzM3Ljk2MjYgNzQuMTcyNSAzNy4xODgyIDc0LjUyMzYgMzMuNTI0MiA3NC44NDM0QzMxLjgwODUgNzQuOTkzMiAzMC4xMDU2IDc0LjgyMjIgMjguOTMyOCA3NC4zODIzWk0zNS4wODgxIDYyLjUyNDJDMzQuOTU1OCA2MC42NzMgMzMuMzY0NCA1OS4zMjc2IDMxLjMwNzIgNTkuMzI3NkMyOS43MDg2IDU5LjMyNzYgMjguNzI4MSA2MC4wOTA5IDI3LjY2MiA2Mi4xNjU1QzI2Ljc0NTcgNjMuOTQ4NiAyNy40MTIgNjQuMjk2NSAzMS40NDg4IDY0LjE0MjVMMzUuMTkzNiA2My45OTk2TDM1LjA4ODEgNjIuNTI0MlpNNDQuMzkxNCA3NC4zNzA4QzQyLjU3MTEgNzMuNTQ2OCA0MS43MDU5IDcyLjEyODYgNDEuNjQyMSA2OS44NjQ3QzQxLjU0MTYgNjYuMjk0NCA0NC4xMTEgNjQuMTQ2OCA0OS4yNTc2IDYzLjQ5OTRDNTEuODQxNCA2My4xNzQ0IDUyLjA0OTUgNjMuMDU3NyA1MS43NTkzIDYyLjA5NjlDNTAuOTY1IDU5LjQ2NjYgNDguMjQyMyA1OC41NjQ0IDQ0LjkyNzYgNTkuODMzMUM0My40MzAzIDYwLjQwNjMgNDMuNDg2OCA2MC40MzEzIDQzLjA1MTQgNTkuMDAzMkM0Mi43ODAxIDU4LjExMzUgNDIuOTk4MiA1Ny44NTExIDQ0LjM5NSA1Ny4zODdDNDYuOTM2NCA1Ni41NDI3IDUxLjM3NDUgNTYuNjM0MiA1Mi43Nzc5IDU3LjU2QzU0LjkzOTIgNTguOTg1NyA1NS4zNzUxIDYwLjYwMTkgNTUuNTQ4NyA2Ny44MzI4TDU1LjcxMDYgNzQuNTc0NUw1NC4xMjMgNzQuNTc0QzUzLjAzNzcgNzQuNTczMyA1Mi41MzUzIDc0LjMzOTYgNTIuNTM1MyA3My44MzU0QzUyLjUzNTMgNzIuOTA2NiA1Mi4wNTI4IDcyLjkwMjQgNTAuNzUyIDczLjgxOTZDNDkuMjAxMyA3NC45MTMgNDYuMTY5NyA3NS4xNzU3IDQ0LjM5MTQgNzQuMzcwOFpNNTAuOTQ3NyA3MC44MTc1QzUxLjcwOTkgNjkuOTczNSA1Mi4wNDY4IDY4Ljk4NiA1Mi4wNDY4IDY3LjU5NjZWNjUuNTkyOUw0OS44MTgyIDY1Ljg0NThDNDUuNzE5IDY2LjMxMSA0My44NzQ5IDY5LjUxMTggNDYuNTA1OCA3MS41OTUzQzQ4LjAzNzEgNzIuODA3OSA0OS4zNTk0IDcyLjU3NjMgNTAuOTQ3NyA3MC44MTc1Wk05Mi4wMDIgNzQuNTc4OEM4OC40MDI0IDczLjQ4NjQgODYuMjQxOSA3MC4yNDY2IDg2LjI0MTkgNjUuOTQxQzg2LjI0MTkgNjAuNDA0MiA4OS41MjExIDU2LjgzMjUgOTQuNjQxIDU2Ljc5MjVDOTguNjk4OSA1Ni43NjA5IDEwMS4yNjMgNTkuNDY3OSAxMDEuNTAzIDY0LjAzNjZMMTAxLjYzIDY2LjQ1ODVMOTYuMjU2MiA2Ni41ODg1QzkzLjMwMDcgNjYuNjYgOTAuNjE1OCA2Ni44MTYgOTAuMjg5NyA2Ni45MzUxQzg5LjM4MTggNjcuMjY2OCA5MC40Nzg4IDY5Ljk0NyA5Mi4wMzA2IDcxLjE4ODZDOTMuMTU5OSA3Mi4wOTIxIDkzLjc3MSA3Mi4xOTEyIDk2LjgxNzggNzEuOTY1QzEwMC4xOTMgNzEuNzE0NCAxMDAuMzE4IDcxLjc0NDkgMTAwLjUzMSA3Mi44Njg0QzEwMC43MyA3My45MTMzIDEwMC41MDkgNzQuMDgzNSA5OC4zNTc5IDc0LjU0OEM5NS42MTAzIDc1LjE0MTIgOTMuODgyOSA3NS4xNDk2IDkyLjAwMiA3NC41Nzg4Wk05Ny45NjU5IDYzLjA4MjNDOTcuOTY1OSA2MS4xMjMxIDk2LjE4NTggNTkuMzI3NiA5NC4yNDM0IDU5LjMyNzZDOTIuMjQ5NCA1OS4zMjc2IDkwLjE0OTkgNjEuMjU2MiA5MC4xNDk5IDYzLjA4NzhDOTAuMTQ5OSA2NC4yMDcgOTAuMjc5NyA2NC4yNDU1IDk0LjA1NzkgNjQuMjQ1NUM5Ny44NDE0IDY0LjI0NTUgOTcuOTY1OSA2NC4yMDg0IDk3Ljk2NTkgNjMuMDgyM1pNMTEwLjA0MiA3NC40N0MxMDYuMTQ5IDczLjQzIDEwMy45MyA2OS40MDI5IDEwNC41NCA2NC40ODYyQzEwNS4xNjYgNTkuNDQ0MiAxMDcuOTUxIDU2Ljg3MzYgMTEyLjc5MiA1Ni44NzA1QzExNS4zNzQgNTYuODY5IDExNS44MDUgNTcuMDI0OSAxMTcuMjYgNTguNDlDMTE4Ljg3OCA2MC4xMTg1IDExOS45NDEgNjIuODM0MyAxMTkuOTQ2IDY1LjM1MkwxMTkuOTQ5IDY2LjcwNDRIMTE0LjA4N0MxMDguNDg4IDY2LjcwNDQgMTA4LjIyNSA2Ni43NTAxIDEwOC4yMjUgNjcuNzIwM0MxMDguMjI1IDcwLjcxMjIgMTEwLjk1MiA3Mi4zNDQyIDExNS4zNTcgNzEuOTg4MkMxMTguMTM2IDcxLjc2MzcgMTE4LjQyMyA3MS44MzE1IDExOC42NjcgNzIuNzY3NEMxMTguOTk4IDc0LjA0NDMgMTE4Ljk2OCA3NC4wNzIgMTE2LjY5IDc0LjYwNDNDMTE0LjM2NyA3NS4xNDcgMTEyLjQzIDc1LjEwNzggMTEwLjA0MiA3NC40N1pNMTE2LjExOSA2Mi43NzAxQzExNS44NjQgNjAuODc4NyAxMTQuMTU5IDU5LjMyNzYgMTEyLjMzNSA1OS4zMjc2QzExMC41NjYgNTkuMzI3NiAxMDguMjI0IDYxLjYwMTQgMTA4LjIyNCA2My4zMTk1QzEwOC4yMjQgNjQuMjEyOCAxMDguNTI3IDY0LjI3NDYgMTEyLjI1NSA2NC4xNDI0QzExNi4yNDEgNjQuMDAxMSAxMTYuMjgzIDYzLjk4NjIgMTE2LjExOSA2Mi43NzAxWk0xMjYuODk0IDc0LjI0N0MxMjQuODI2IDczLjIyMDggMTIzLjUzMiA3MS4zNTg5IDEyMi44OTQgNjguNDg4OUMxMjEuOTc1IDY0LjM2MDUgMTIzLjA3NCA2MC40OTE0IDEyNS44MyA1OC4xNTY3QzEyNy44MjcgNTYuNDY1NyAxMzEuODM4IDU2LjMzMDUgMTMzLjgwNSA1Ny44ODc5TDEzNS4wOTIgNTguOTA3MlY1My45NTM2VjQ5SDEzNy4wNDZIMTM5VjYxLjc4NjVWNzQuNTczMUgxMzcuMjlDMTM1Ljc2MiA3NC41NzMxIDEzNS41OCA3NC40MzMxIDEzNS41OCA3My4yNTc5VjcxLjk0MjdMMTM0LjQ4MSA3Mi45NzkyQzEzMi4yMzMgNzUuMDk5OCAxMjkuNTI1IDc1LjU1MjMgMTI2Ljg5NCA3NC4yNDdaTTEzMy42NjQgNzAuNjc2NkMxMzQuOTc2IDY5LjM1NTcgMTM1LjA5MiA2OC45NTM3IDEzNS4wOTIgNjUuNzIwOUMxMzUuMDkyIDYyLjQ1NzIgMTM0Ljk4NSA2Mi4wOTQ1IDEzMy42MDcgNjAuNzA3NkMxMzIuMzY1IDU5LjQ1NzUgMTMxLjg2NSA1OS4yNjIyIDEzMC41NTQgNTkuNTE1NEMxMjYuMTQ0IDYwLjM2NzIgMTI0LjgzNSA2OC4xNDIzIDEyOC41OTggNzEuMTIyOUMxMzAuMzQ4IDcyLjUwODEgMTMxLjk4OCA3Mi4zNjM1IDEzMy42NjQgNzAuNjc2NlpNNjEuNDEwNyA2Ni4wNTg0QzYwLjAyMiA2MS4zNzU0IDU4Ljg4NTkgNTcuMzkxOSA1OC44ODU5IDU3LjIwNjJDNTguODg1OSA1Ny4wMjA2IDU5LjcyNzQgNTYuODY4NiA2MC43NTU5IDU2Ljg2ODZINjIuNjI1OUw2NC4yNTUxIDYzLjg3NjZDNjUuMTUxMiA2Ny43MzEgNjUuOTU2IDcwLjY2MzMgNjYuMDQzNyA3MC4zOTI5QzY2LjEzMTMgNzAuMTIyNCA2Ny4wNTU3IDY3LjAyNDEgNjguMDk3OCA2My41MDc4TDY5Ljk5MjYgNTcuMTE0NUg3MS41OTY5SDczLjIwMTJMNzQuODg2NSA2My4yNjE5Qzc1LjgxMzQgNjYuNjQzIDc2LjY4MzIgNjkuNzQxMiA3Ni44MTk0IDcwLjE0N0M3Ni45NTU3IDcwLjU1MjcgNzcuODQxOSA2Ny43MzEgNzguNzg5IDYzLjg3NjZMODAuNTEwOSA1Ni44Njg2SDgyLjQ1MTdDODMuOTUxNyA1Ni44Njg2IDg0LjMzMDMgNTcuMDMxNiA4NC4xMTkgNTcuNTg2QzgzLjk2ODYgNTcuOTgwNiA4Mi42OTU2IDYxLjk2NDEgODEuMjkwMiA2Ni40MzgyTDc4LjczNDkgNzQuNTczMUg3Ni45NjM1SDc1LjE5MjFMNzMuNTgxMiA2OC43OTQ1QzcyLjY5NTIgNjUuNjE2MyA3MS44NTg1IDYyLjY4NDEgNzEuNzIxNyA2Mi4yNzgzQzcxLjQ0NjUgNjEuNDYxNiA3MS41OTExIDYxLjA3MzMgNjkuMTExNCA2OS4yODYzTDY3LjUxNTIgNzQuNTczMUg2NS43MjU0SDYzLjkzNTZMNjEuNDEwNyA2Ni4wNTg0WiIgZmlsbD0id2hpdGUiLz4KPHBhdGggZD0iTTE5Ljk3NDYgMTE5LjI3NEMxOS4wMTU4IDExOC4xMTkgMjAuMzM4MSAxMTYuMTY2IDIxLjU2MDQgMTE2LjkzMkMyMi43NjMyIDExNy42ODYgMjIuMzMwNSAxMTkuNzYxIDIwLjk3MDQgMTE5Ljc2MUMyMC42NDUgMTE5Ljc2MSAyMC4xOTY5IDExOS41NDIgMTkuOTc0NiAxMTkuMjc0WiIgZmlsbD0idXJsKCNwYWludDNfcmFkaWFsXzY3OV8xOTEwKSIvPgo8cGF0aCBkPSJNMjMuODM2IDExMi42M0MyMi4xMTUyIDExMS42ODkgMjEuODAyOSAxMDkuNzk3IDIzLjE0NjUgMTA4LjQ1M0MyNC4wODU3IDEwNy41MTQgMjUuMjEgMTA3LjM5NCAyNi4yNTA3IDEwOC4xMjNDMjcuODU3MSAxMDkuMjQ5IDI3LjQ2NTUgMTEyLjAxMyAyNS42MDc5IDExMi42NkMyNS42MDc5IDExMi42NiAyNC40NzQ1IDExMi45NzMgMjMuODM2IDExMi42M1oiIGZpbGw9InVybCgjcGFpbnQ0X3JhZGlhbF82NzlfMTkxMCkiLz4KPHBhdGggZD0iTTMzLjc4NTUgMTIwLjAzNkMzMy43ODU1IDEyMC4xODggMzMuNzU1NyAxMjAuMzM4IDMzLjY5NzYgMTIwLjQ3OUMzMy42Mzk1IDEyMC42MTkgMzMuNTU0NCAxMjAuNzQ2IDMzLjQ0NzEgMTIwLjg1M0MzMy4zMzk4IDEyMC45NjEgMzMuMjEyNCAxMjEuMDQ2IDMzLjA3MjMgMTIxLjEwNEMzMi45MzIxIDEyMS4xNjIgMzIuNzgxOCAxMjEuMTkyIDMyLjYzMDEgMTIxLjE5MkMzMi40NzgzIDEyMS4xOTIgMzIuMzI4MSAxMjEuMTYyIDMyLjE4NzkgMTIxLjEwNEMzMi4wNDc3IDEyMS4wNDYgMzEuOTIwMyAxMjAuOTYxIDMxLjgxMyAxMjAuODUzQzMxLjcwNTcgMTIwLjc0NiAzMS42MjA2IDEyMC42MTkgMzEuNTYyNiAxMjAuNDc5QzMxLjUwNDUgMTIwLjMzOCAzMS40NzQ2IDEyMC4xODggMzEuNDc0NiAxMjAuMDM2QzMxLjQ3NDYgMTE5LjczIDMxLjU5NjMgMTE5LjQzNiAzMS44MTMgMTE5LjIxOUMzMi4wMjk3IDExOS4wMDMgMzIuMzIzNiAxMTguODgxIDMyLjYzMDEgMTE4Ljg4MUMzMi45MzY1IDExOC44ODEgMzMuMjMwNCAxMTkuMDAzIDMzLjQ0NzEgMTE5LjIxOUMzMy42NjM4IDExOS40MzYgMzMuNzg1NSAxMTkuNzMgMzMuNzg1NSAxMjAuMDM2WiIgZmlsbD0iYmxhY2siLz4KPHBhdGggZD0iTTEyMC43MjEgMTE4LjI3NkMxMjAuNzIxIDExOC42MjMgMTIwLjU2NSAxMTguOTU2IDEyMC4yODcgMTE5LjIwMUMxMjAuMDA5IDExOS40NDYgMTE5LjYzMiAxMTkuNTg0IDExOS4yMzkgMTE5LjU4NEMxMTguODQ2IDExOS41ODQgMTE4LjQ2OSAxMTkuNDQ2IDExOC4xOTEgMTE5LjIwMUMxMTcuOTEzIDExOC45NTYgMTE3Ljc1NyAxMTguNjIzIDExNy43NTcgMTE4LjI3NkMxMTcuNzU3IDExOC4xMDUgMTE3Ljc5NSAxMTcuOTM1IDExNy44NyAxMTcuNzc2QzExNy45NDQgMTE3LjYxNyAxMTguMDUzIDExNy40NzMgMTE4LjE5MSAxMTcuMzUyQzExOC4zMjkgMTE3LjIzIDExOC40OTIgMTE3LjEzNCAxMTguNjcyIDExNy4wNjhDMTE4Ljg1MSAxMTcuMDAzIDExOS4wNDQgMTE2Ljk2OSAxMTkuMjM5IDExNi45NjlDMTE5LjQzMyAxMTYuOTY5IDExOS42MjYgMTE3LjAwMyAxMTkuODA2IDExNy4wNjhDMTE5Ljk4NiAxMTcuMTM0IDEyMC4xNDkgMTE3LjIzIDEyMC4yODcgMTE3LjM1MkMxMjAuNDI0IDExNy40NzMgMTIwLjUzMyAxMTcuNjE3IDEyMC42MDggMTE3Ljc3NkMxMjAuNjgyIDExNy45MzUgMTIwLjcyMSAxMTguMTA1IDEyMC43MjEgMTE4LjI3NloiIGZpbGw9IiM1OTY4NkYiLz4KPGRlZnM+CjxsaW5lYXJHcmFkaWVudCBpZD0icGFpbnQwX2xpbmVhcl82NzlfMTkxMCIgeDE9IjExIiB5MT0iLTQuNzc3NjhlLTA3IiB4Mj0iMTY0LjUiIHkyPSIxNTAuNSIgZ3JhZGllbnRVbml0cz0idXNlclNwYWNlT25Vc2UiPgo8c3RvcCBzdG9wLWNvbG9yPSIjNjRCN0ZGIi8+CjxzdG9wIG9mZnNldD0iMSIgc3RvcC1jb2xvcj0iIzAwNURBRCIvPgo8L2xpbmVhckdyYWRpZW50Pgo8cmFkaWFsR3JhZGllbnQgaWQ9InBhaW50MV9yYWRpYWxfNjc5XzE5MTAiIGN4PSIwIiBjeT0iMCIgcj0iMSIgZ3JhZGllbnRVbml0cz0idXNlclNwYWNlT25Vc2UiIGdyYWRpZW50VHJhbnNmb3JtPSJ0cmFuc2xhdGUoMTI0LjkwNCAxMjguNjM2KSByb3RhdGUoLTAuMDQ4NTUyKSBzY2FsZSgzNi4yODAyIDMxLjQwMzIpIj4KPHN0b3Agc3RvcC1jb2xvcj0iIzExNzdDRSIvPgo8c3RvcCBvZmZzZXQ9IjEiIHN0b3AtY29sb3I9IiM3RUM3RkYiIHN0b3Atb3BhY2l0eT0iMCIvPgo8L3JhZGlhbEdyYWRpZW50Pgo8cmFkaWFsR3JhZGllbnQgaWQ9InBhaW50Ml9yYWRpYWxfNjc5XzE5MTAiIGN4PSIwIiBjeT0iMCIgcj0iMSIgZ3JhZGllbnRVbml0cz0idXNlclNwYWNlT25Vc2UiIGdyYWRpZW50VHJhbnNmb3JtPSJ0cmFuc2xhdGUoMzkuMzUxMiAxMjEuNDYpIHJvdGF0ZSgtMC4wNTczKSBzY2FsZSg1MC4yMjc2IDUxLjMwOTEpIj4KPHN0b3Agc3RvcC1jb2xvcj0iIzExNzdDRSIvPgo8c3RvcCBvZmZzZXQ9IjEiIHN0b3AtY29sb3I9IiM3RUM3RkYiIHN0b3Atb3BhY2l0eT0iMCIvPgo8L3JhZGlhbEdyYWRpZW50Pgo8cmFkaWFsR3JhZGllbnQgaWQ9InBhaW50M19yYWRpYWxfNjc5XzE5MTAiIGN4PSIwIiBjeT0iMCIgcj0iMSIgZ3JhZGllbnRVbml0cz0idXNlclNwYWNlT25Vc2UiIGdyYWRpZW50VHJhbnNmb3JtPSJ0cmFuc2xhdGUoMjAuOTU0OCAxMTguMjYpIHNjYWxlKDEuMzA5MjkgMS41MDEyNykiPgo8c3RvcCBzdG9wLWNvbG9yPSIjODhBM0QwIi8+CjxzdG9wIG9mZnNldD0iMSIgc3RvcC1jb2xvcj0iIzVEODNCRiIvPgo8L3JhZGlhbEdyYWRpZW50Pgo8cmFkaWFsR3JhZGllbnQgaWQ9InBhaW50NF9yYWRpYWxfNjc5XzE5MTAiIGN4PSIwIiBjeT0iMCIgcj0iMSIgZ3JhZGllbnRVbml0cz0idXNlclNwYWNlT25Vc2UiIGdyYWRpZW50VHJhbnNmb3JtPSJ0cmFuc2xhdGUoMjQuNzg0MyAxMTAuMjIxKSBzY2FsZSgyLjQ3Mjc3IDIuNTY5NTQpIj4KPHN0b3Agc3RvcC1jb2xvcj0iIzg4QTNEMCIvPgo8c3RvcCBvZmZzZXQ9IjEiIHN0b3AtY29sb3I9IiM1RDgzQkYiLz4KPC9yYWRpYWxHcmFkaWVudD4KPC9kZWZzPgo8L3N2Zz4K + keysOrder: [["apiVersion"], ["appVersion"], ["kind"], ["metadata"], ["metadata", "name"], ["spec", "host"], ["spec", "topology"], ["spec", "replicationFactor"], ["spec", "db"], ["spec", "db", "replicas"], ["spec", "db", "size"], ["spec", "db", "storageClass"], ["spec", "db", "resources"], ["spec", "db", "resourcesPreset"], ["spec", "master"], ["spec", "master", "replicas"], ["spec", "master", "resources"], ["spec", "master", "resourcesPreset"], ["spec", "filer"], ["spec", "filer", "replicas"], ["spec", "filer", "resources"], ["spec", "filer", "resourcesPreset"], ["spec", "filer", "grpcHost"], ["spec", "filer", "grpcPort"], ["spec", "filer", "whitelist"], ["spec", "volume"], ["spec", "volume", "replicas"], ["spec", "volume", "size"], ["spec", "volume", "storageClass"], ["spec", "volume", "resources"], ["spec", "volume", "resourcesPreset"], ["spec", "volume", "zones"], ["spec", "s3"], ["spec", "s3", "replicas"], ["spec", "s3", "resources"], ["spec", "s3", "resourcesPreset"]] + secrets: + exclude: + - matchLabels: + apps.cozystack.io/tenantresource: "false" + include: [{}] diff --git a/packages/system/cozystack-api/templates/cozystack-resource-definitions/tcp-balancer.yaml b/packages/system/cozystack-api/templates/cozystack-resource-definitions/tcp-balancer.yaml new file mode 100644 index 00000000..f4e03aeb --- /dev/null +++ b/packages/system/cozystack-api/templates/cozystack-resource-definitions/tcp-balancer.yaml @@ -0,0 +1,35 @@ +apiVersion: cozystack.io/v1alpha1 +kind: CozystackResourceDefinition +metadata: + name: tcp-balancer +spec: + application: + kind: TCPBalancer + plural: tcpbalancers + singular: tcpbalancer + openAPISchema: |- + {"title":"Chart Values","type":"object","properties":{"external":{"description":"Enable external access from outside the cluster","type":"boolean","default":false},"httpAndHttps":{"description":"HTTP and HTTPS configuration","type":"object","default":{},"required":["mode","targetPorts"],"properties":{"endpoints":{"description":"Endpoint addresses list","type":"array","default":[],"items":{"type":"string"}},"mode":{"description":"Mode for balancer. Allowed values: `tcp` and `tcp-with-proxy`","type":"string","default":"tcp","enum":["tcp","tcp-with-proxy"]},"targetPorts":{"description":"Target ports configuration","type":"object","default":{},"required":["http","https"],"properties":{"http":{"description":"HTTP port number.","type":"integer","default":80},"https":{"description":"HTTPS port number.","type":"integer","default":443}}}}},"replicas":{"description":"Number of HAProxy replicas","type":"integer","default":2},"resources":{"description":"Explicit CPU and memory configuration for each TCP Balancer replica. When left empty, the preset defined in `resourcesPreset` is applied.","type":"object","properties":{"cpu":{"description":"CPU available to each replica","pattern":"^(\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))))?$","anyOf":[{"type":"integer"},{"type":"string"}],"x-kubernetes-int-or-string":true},"memory":{"description":"Memory (RAM) available to each replica","pattern":"^(\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))))?$","anyOf":[{"type":"integer"},{"type":"string"}],"x-kubernetes-int-or-string":true}}},"resourcesPreset":{"description":"Default sizing preset used when `resources` is omitted. Allowed values: `nano`, `micro`, `small`, `medium`, `large`, `xlarge`, `2xlarge`.","type":"string","default":"nano","enum":["nano","micro","small","medium","large","xlarge","2xlarge"]},"whitelist":{"description":"List of allowed client networks","type":"array","default":[],"items":{"type":"string"}},"whitelistHTTP":{"description":"Secure HTTP by whitelisting client networks, `false` by default.","type":"boolean","default":false}}} + release: + prefix: tcp-balancer- + labels: + cozystack.io/ui: "true" + chart: + name: tcp-balancer + sourceRef: + kind: HelmRepository + name: cozystack-apps + namespace: cozy-public + dashboard: + category: NaaS + singular: TCP Balancer + plural: TCP Balancer + description: Layer4 load balancer service + tags: + - network + icon: PHN2ZyB3aWR0aD0iMTQ0IiBoZWlnaHQ9IjE0NCIgdmlld0JveD0iMCAwIDE0NCAxNDQiIGZpbGw9Im5vbmUiIHhtbG5zPSJodHRwOi8vd3d3LnczLm9yZy8yMDAwL3N2ZyI+CjxyZWN0IHdpZHRoPSIxNDQiIGhlaWdodD0iMTQ0IiByeD0iMjQiIGZpbGw9InVybCgjcGFpbnQwX2xpbmVhcl82ODNfMjk4NSkiLz4KPHBhdGggZD0iTTcyLjE2NDUgNTkuNDI0M0w2Mi41IDQ4LjQ5OCIgc3Ryb2tlPSJ3aGl0ZSIgc3Ryb2tlLXdpZHRoPSIwLjI2IiBzdHJva2UtbWl0ZXJsaW1pdD0iMTAiLz4KPHBhdGggZD0iTTQxLjY4NTUgNTEuMDIxNUw0OS4yNDcgNjIuMDY5MyIgc3Ryb2tlPSJ3aGl0ZSIgc3Ryb2tlLXdpZHRoPSIwLjEzIiBzdHJva2UtbWl0ZXJsaW1pdD0iMTAiLz4KPHBhdGggZD0iTTcyLjE2NDYgNTkuNDQxNEw4MS43MjYzIDQ4LjM5MzZNODMuNzE3MSA3MS42Mjk0TDk1LjA2NCA2Mi4wNjc4TTgzLjcxNzEgNzEuNjEwOEw5NS4wNjQgODEuNTkzTTgxLjgyOTEgOTQuMjAxN0w3Mi4xNjQ2IDgzLjQ4MTFNNjIuNTAwMSA5NC4yMDE3TDcyLjE2NDYgODMuNDkwNE00OS4yNTU5IDgxLjE3MjRMNjAuMTgyMSA3MS42MTA4TTYwLjE5MTUgNzEuNjEwOEw0OS4yNjUyIDYyLjA0OTFMNzIuMTY0NiA1OS40MjI3TDk1LjA2NCA2Mi4wNDkxIiBzdHJva2U9IndoaXRlIiBzdHJva2Utd2lkdGg9IjAuMjYiIHN0cm9rZS1taXRlcmxpbWl0PSIxMCIvPgo8cGF0aCBkPSJNODEuNzE2OCA0OC4zOTM2TDgzLjcxNyA3MS42MTA4TDgxLjgyOSA5NC4xOTI0IiBzdHJva2U9IndoaXRlIiBzdHJva2Utd2lkdGg9IjAuMjYiIHN0cm9rZS1taXRlcmxpbWl0PSIxMCIvPgo8cGF0aCBkPSJNOTUuMDY0IDgxLjU5MjVMNzIuMTY0NiA4My40ODA1TTQ5LjI1NTkgODEuMTcxOUw3Mi4xNTUzIDgzLjQ5OTIiIHN0cm9rZT0id2hpdGUiIHN0cm9rZS13aWR0aD0iMC4yNiIgc3Ryb2tlLW1pdGVybGltaXQ9IjEwIi8+CjxwYXRoIGQ9Ik02Mi41MDEyIDk0LjIwMTRMNjAuMTczOCA3MS42MTk4TTYyLjUwMTIgNDguNDk2MUw2MC4xNzM4IDcxLjYxMDUiIHN0cm9rZT0id2hpdGUiIHN0cm9rZS13aWR0aD0iMC4yNiIgc3Ryb2tlLW1pdGVybGltaXQ9IjEwIi8+CjxwYXRoIGQ9Ik0zOC43NSA2NC45OTQ4TDQ5LjI1NTcgNjIuMDUwNk01MS40NjE1IDQwLjYxODdMNjIuNTA5MyA0OC40OTc5TTYyLjQ5MDYgNDguNDk3OUw2NS4wMTQyIDM1LjY4MzZMODEuNzE2OCA0OC4zOTUxIiBzdHJva2U9IndoaXRlIiBzdHJva2Utd2lkdGg9IjAuMTMiIHN0cm9rZS1taXRlcmxpbWl0PSIxMCIvPgo8cGF0aCBkPSJNNzkuMjAzMSAzNS42ODM2TDgxLjcyNjcgNDguMzk1MU05Mi43NTU4IDQwLjYxODdMODEuNzA4IDQ4LjM5NTFNMTAyLjYyNiA1MS4wMjE1TDgxLjcxNzQgNDguMzk1MU0xMDIuNjI2IDUxLjAwMjhMOTUuMDY0NSA2Mi4wNTA2TDEwNS43NzYgNjQuOTk0OCIgc3Ryb2tlPSJ3aGl0ZSIgc3Ryb2tlLXdpZHRoPSIwLjEzIiBzdHJva2UtbWl0ZXJsaW1pdD0iMTAiLz4KPHBhdGggZD0iTTk1LjA2MzkgNjIuMDUwNkwxMDUuNTcgNzguMDE0OE03OS4yMDI1IDM1LjY4MzZMNjIuNSA0OC40OTc5IiBzdHJva2U9IndoaXRlIiBzdHJva2Utd2lkdGg9IjAuMTMiIHN0cm9rZS1taXRlcmxpbWl0PSIxMCIvPgo8cGF0aCBkPSJNOTUuMDYzNyA2Mi4wNTExTDkyLjczNjMgNDAuNjE5MU05NS4wNjM3IDgxLjU5NTFMMTA1LjU2OSA3OC4wMTUzIiBzdHJva2U9IndoaXRlIiBzdHJva2Utd2lkdGg9IjAuMTMiIHN0cm9rZS1taXRlcmxpbWl0PSIxMCIvPgo8cGF0aCBkPSJNOTUuMDY1IDgxLjU5NDlMMTA1Ljc3NiA2NC45OTUxTTk1LjA2NSA4MS41OTQ5TDEwMi42MjYgOTEuNzgyOE05NS4wNjUgODEuNTk0OUw5Mi43Mzc3IDEwMi4xODZNODEuODMwMSA5NC4yMDM1TDkyLjc1NjQgMTAyLjE4NiIgc3Ryb2tlPSJ3aGl0ZSIgc3Ryb2tlLXdpZHRoPSIwLjEzIiBzdHJva2UtbWl0ZXJsaW1pdD0iMTAiLz4KPHBhdGggZD0iTTgxLjgyOSA5NC4yMDNMMTAyLjYyNSA5MS43ODIyTTgxLjgyOSA5NC4yMDNMNzkuMzI0MSAxMDcuMTExTTgxLjgyOSA5NC4yMDNMNjUuMDE0MyAxMDcuMTAxTTYyLjUgOTQuMjAzTDY1LjAyMzYgMTA3LjEzOSIgc3Ryb2tlPSJ3aGl0ZSIgc3Ryb2tlLXdpZHRoPSIwLjEzIiBzdHJva2UtbWl0ZXJsaW1pdD0iMTAiLz4KPHBhdGggZD0iTTYyLjUwMTIgOTQuMjAzMUw3OS4zMjUzIDEwNy4xMTFNNTEuNDYyOCAxMDIuMTg1TDYyLjUxMDUgOTQuMjAzMUw0MS42NzY4IDkxLjg4NTFMNDkuMjU2OSA4MS4xNzM4IiBzdHJva2U9IndoaXRlIiBzdHJva2Utd2lkdGg9IjAuMTMiIHN0cm9rZS1taXRlcmxpbWl0PSIxMCIvPgo8cGF0aCBkPSJNNTEuNDYxOCAxMDIuMTg1TDQ5LjI1NiA4MS4xNzMxTDM4LjY0NzUgNzcuOTExMUw0OS4yNTYgNjIuMDQ5OCIgc3Ryb2tlPSJ3aGl0ZSIgc3Ryb2tlLXdpZHRoPSIwLjEzIiBzdHJva2UtbWl0ZXJsaW1pdD0iMTAiLz4KPHBhdGggZD0iTTQ5LjI1NTcgODEuMTc0NUwzOC43NSA2NC45OTUzTTUxLjQ2MTUgNDAuNjE5MUw0OS4yNTU3IDYyLjA1MTEiIHN0cm9rZT0id2hpdGUiIHN0cm9rZS13aWR0aD0iMC4xMyIgc3Ryb2tlLW1pdGVybGltaXQ9IjEwIi8+CjxwYXRoIGQ9Ik00MS42ODU1IDUxLjAyMTdMNjIuNDgxOSA0OC40OTgiIHN0cm9rZT0id2hpdGUiIHN0cm9rZS13aWR0aD0iMC4xMyIgc3Ryb2tlLW1pdGVybGltaXQ9IjEwIi8+CjxwYXRoIGQ9Ik00My4zNzYgMzYuODMzOEw1MS40NjA5IDQwLjYxOTJMNTAuODM0NiAzMS43OTU5TDY1LjAxMzYgMzUuNjg0MSIgc3Ryb2tlPSJ3aGl0ZSIgc3Ryb2tlLXdpZHRoPSIwLjEwMSIgc3Ryb2tlLW1pdGVybGltaXQ9IjEwIi8+CjxwYXRoIGQ9Ik01OC45Mjg5IDI4LjIyNDRMNjUuMDEzNiAzNS42ODMxTDY3LjUzNzMgMjYuNzM4M0w3OS4yMDE5IDM1LjY4MzFNNTEuNDYwOSA0MC42MTgxTDU4LjkxOTYgMjguMjI0NCIgc3Ryb2tlPSJ3aGl0ZSIgc3Ryb2tlLXdpZHRoPSIwLjEwMSIgc3Ryb2tlLW1pdGVybGltaXQ9IjEwIi8+CjxwYXRoIGQ9Ik03Ni41NjY3IDI2LjQ0MDRMNzkuMjAyNSAzNS42ODQzTDg1LjI5NjYgMjguMjI1Nk02NS4wMDQ5IDM1LjY4NDNMNzYuNTU3NCAyNi40NDA0TTkyLjc1NTIgNDAuNjE5NEw4NS4yNzc5IDI4LjIyNTYiIHN0cm9rZT0id2hpdGUiIHN0cm9rZS13aWR0aD0iMC4xMDEiIHN0cm9rZS1taXRlcmxpbWl0PSIxMCIvPgo8cGF0aCBkPSJNOTIuNzU0OSA0MC42MTkyTDkzLjQ5MzIgMzEuNzk1OU05Mi43NTQ5IDQwLjYxOTJMMTAxLjAzNiAzNi40MTMyTTkyLjc1NDkgNDAuNjE5MkwxMDcuMTQ5IDQyLjgyNU03OS4yMDIxIDM1LjY4NDFMOTMuNDgzOSAzMS43OTU5IiBzdHJva2U9IndoaXRlIiBzdHJva2Utd2lkdGg9IjAuMTAxIiBzdHJva2UtbWl0ZXJsaW1pdD0iMTAiLz4KPHBhdGggZD0iTTEwMi42MjUgNTEuMDIxNEwxMDcuMTM5IDQyLjgyNDRNMTAyLjYyNSA1MS4wMjE0TDEwMS4wNDUgMzYuNDIxOU0xMDIuNjI1IDUxLjAyMTRMMTEyLjA4MyA1MC4yODNNMTAyLjYyNSA1MS4wMjE0TDExNS41NiA1OC4zNzczIiBzdHJva2U9IndoaXRlIiBzdHJva2Utd2lkdGg9IjAuMTAxIiBzdHJva2UtbWl0ZXJsaW1pdD0iMTAiLz4KPHBhdGggZD0iTTEwNS43NzQgNjQuOTk0OUwxMTIuMDgzIDUwLjI4MzJNMTA1Ljc3NCA2NC45OTQ5TDExNS41NDEgNTguMzc3NE0xMDUuNzc0IDY0Ljk5NDlMMTE2LjcgNjcuMjAwN0wxMDUuNTY4IDc4LjAxNDkiIHN0cm9rZT0id2hpdGUiIHN0cm9rZS13aWR0aD0iMC4xMDEiIHN0cm9rZS1taXRlcmxpbWl0PSIxMCIvPgo8cGF0aCBkPSJNMTE3LjAxOSA3NS45MTIxTDEwNS41NjkgNzguMDE1MUwxMTUuMzM3IDg0LjUyOTdMMTAyLjYyNSA5MS43ODI3TTEwNS43NzUgNjQuOTk1MUwxMTcuMDE5IDc1LjkyMTQiIHN0cm9rZT0id2hpdGUiIHN0cm9rZS13aWR0aD0iMC4xMDEiIHN0cm9rZS1taXRlcmxpbWl0PSIxMCIvPgo8cGF0aCBkPSJNMTAyLjYyNSA5MS43ODMzTDExMS45NzEgOTIuNzI3M00xMDUuNTc4IDc4LjAxNTZMMTExLjk3MSA5Mi43MThNMTA3LjA1NSAxMDAuMDY0TDEwMi42NDMgOTEuNzgzM0wxMDAuOTYxIDEwNi4yOCIgc3Ryb2tlPSJ3aGl0ZSIgc3Ryb2tlLXdpZHRoPSIwLjEwMSIgc3Ryb2tlLW1pdGVybGltaXQ9IjEwIi8+CjxwYXRoIGQ9Ik0xMDAuOTQzIDEwNi4yNzlMOTIuNzQ1OCAxMDIuMTg1TTkyLjc1NTEgMTAyLjE4NUw5My4zODEzIDExMS4zNDVNOTIuNzU1MSAxMDIuMTg1TDEwNy4wMzcgMTAwLjA4Mk05Mi43NTUxIDEwMi4xODVMODUuMjg3MSAxMTQuNzk0IiBzdHJva2U9IndoaXRlIiBzdHJva2Utd2lkdGg9IjAuMTAxIiBzdHJva2UtbWl0ZXJsaW1pdD0iMTAiLz4KPHBhdGggZD0iTTc5LjMyMzIgMTA3LjEwM0w4NS4yNzcgMTE0Ljc2N003OS4zMjMyIDEwNy4xMDNMOTMuMzk5MyAxMTEuMzA5TTc5LjMyMzIgMTA3LjEwM0w3Ni41NjU5IDExNi41NjFNNzkuMzIzMiAxMDcuMTAzTDY3LjU1NTcgMTE2LjU2MSIgc3Ryb2tlPSJ3aGl0ZSIgc3Ryb2tlLXdpZHRoPSIwLjEwMSIgc3Ryb2tlLW1pdGVybGltaXQ9IjEwIi8+CjxwYXRoIGQ9Ik02NS4wMTM2IDEwNy4xMDJMNjcuNTM3MyAxMTYuNTYxTTY1LjAxMzYgMTA3LjEwMkw3Ni41NTY4IDExNi41NjFNNjUuMDEzNiAxMDcuMTAyTDU5LjAyMjQgMTE0Ljc2Nk01MS40NjA5IDEwMi4xODZMNTkuMDIyNCAxMTQuNzk0IiBzdHJva2U9IndoaXRlIiBzdHJva2Utd2lkdGg9IjAuMTAxIiBzdHJva2UtbWl0ZXJsaW1pdD0iMTAiLz4KPHBhdGggZD0iTTY1LjAxMzkgMTA3LjEwMUw1MC43MzIyIDExMS41MTNNNTAuNzIyOCAxMTEuNTMyTDUxLjQ2MTIgMTAyLjE4NUw0My4yNjQyIDEwNi42OTlMNDEuNjg0NiA5MS44ODQ4IiBzdHJva2U9IndoaXRlIiBzdHJva2Utd2lkdGg9IjAuMTAxIiBzdHJva2UtbWl0ZXJsaW1pdD0iMTAiLz4KPHBhdGggZD0iTTUxLjQ2MSAxMDIuMTg2TDM3LjA2NzEgMTAwLjE5NU00MS42ODQ0IDkxLjg4NkwzNy4wNTc4IDEwMC4xNjdNNDEuNjg0NCA5MS44ODZMMzIuMjI1NSA5Mi44MzAxTTQxLjY4NDQgOTEuODg2TDI4LjY3MzggODQuNjQyM0wzOC42NDY3IDc3LjkxMjdMMjcuMjk5OCA3NS45MjE5IiBzdHJva2U9IndoaXRlIiBzdHJva2Utd2lkdGg9IjAuMTAxIiBzdHJva2UtbWl0ZXJsaW1pdD0iMTAiLz4KPHBhdGggZD0iTTM4LjY0NjcgNzcuOTEyM0wzMi4yNTM2IDkyLjgyOTZNMzguNzQ5NSA2NC45OTUxTDI3LjI5OTggNzUuOTIxNCIgc3Ryb2tlPSJ3aGl0ZSIgc3Ryb2tlLXdpZHRoPSIwLjEwMSIgc3Ryb2tlLW1pdGVybGltaXQ9IjEwIi8+CjxwYXRoIGQ9Ik0zOC42NDY3IDc3LjkxMjJMMjcuMjk5OCA2Ny4yMDA5TTM4Ljc1ODkgNjQuOTk1MUwyOC45ODIyIDU4LjQ4MDUiIHN0cm9rZT0id2hpdGUiIHN0cm9rZS13aWR0aD0iMC4xMDEiIHN0cm9rZS1taXRlcmxpbWl0PSIxMCIvPgo8cGF0aCBkPSJNMjcuMjk5OCA2Ny4yMDA3TDM4Ljc0OTUgNjQuOTk0OUwzMi4yNDQyIDUwLjI4MzIiIHN0cm9rZT0id2hpdGUiIHN0cm9rZS13aWR0aD0iMC4xMDEiIHN0cm9rZS1taXRlcmxpbWl0PSIxMCIvPgo8cGF0aCBkPSJNNDEuNjgzNiA1MS4wMjE3TDMyLjIyNDcgNTAuMjgzM000MS42ODM2IDUxLjAyMTdMMjguOTgxNCA1OC40ODA0TTQxLjY4MzYgNTEuMDIxN0wzNy4xNzg1IDQzLjI0NTNNNDEuNjgzNiA1MS4wMjE3TDQzLjM2NiAzNi44NDI4IiBzdHJva2U9IndoaXRlIiBzdHJva2Utd2lkdGg9IjAuMTAxIiBzdHJva2UtbWl0ZXJsaW1pdD0iMTAiLz4KPHBhdGggZD0iTTUxLjQ2MSA0MC42MTkxTDM3LjE2OTkgNDMuMjQ1NiIgc3Ryb2tlPSJ3aGl0ZSIgc3Ryb2tlLXdpZHRoPSIwLjEwMSIgc3Ryb2tlLW1pdGVybGltaXQ9IjEwIi8+CjxwYXRoIGQ9Ik01NC41NjQ1IDc3LjA3MDJMNTQuNjM5MiA2Ni4wMjI0TDY1LjY4NyA2Ni4wOTcxTDY1LjYxMjMgNzcuMTQ0OUw1NC41NjQ1IDc3LjA3MDJaTTY2LjUxODkgNjQuOTEwMUw2Ni41OTM3IDUzLjg2MjNMNzcuNjQxNSA1My45MzcxTDc3LjU2NjcgNjQuOTg0OUw2Ni41MTg5IDY0LjkxMDFaTTY2LjUxODkgODkuMTI3NEw2Ni41OTM3IDc4LjA3OTZMNzcuNjQxNSA3OC4xNTQ0TDc3LjU2NjcgODkuMjAyMkw2Ni41MTg5IDg5LjEyNzRaTTc4LjU3NjEgNzYuOTY3M0w3OC42NTA5IDY1LjkxOTVMODkuNjk4NyA2NS45OTQzTDg5LjYyMzkgNzcuMDQyMUw3OC41NzYxIDc2Ljk2NzNaIiBmaWxsPSJ3aGl0ZSIvPgo8cGF0aCBkPSJNNzcuOTQwNiA1Mi4yMzY2TDc3Ljk5NjYgNDQuNTcyM0w4NS42OTgzIDQ0LjYyODNMODUuNjQyMiA1Mi4yOTI2TDc3Ljk0MDYgNTIuMjM2NlpNNTguNjg2NCA1Mi4yMzY2TDU4Ljc0MjQgNDQuNTcyM0w2Ni40NDQxIDQ0LjYyODNMNjYuMzg4IDUyLjI5MjZMNTguNjg2NCA1Mi4yMzY2Wk00NS4zNTggNjUuODkyMUw0NS40MTQxIDU4LjIyNzhMNTMuMTE1NyA1OC4yODM5TDUzLjA1OTcgNjUuOTQ4Mkw0NS4zNTggNjUuODkyMVpNNDUuMzQ4NiA4NS4xNjVMNDUuNDMyOCA3Ny41MDA3TDUzLjEzNDQgNzcuNTg0OEw1My4wNTAzIDg1LjI0OTFMNDUuMzQ4NiA4NS4xNjVaTTkxLjI2OSA4NS4wMTU0TDkxLjMyNSA3Ny4zNTExTDk5LjAyNjcgNzcuNDA3Mkw5OC45NzA2IDg1LjA3MTVMOTEuMjY5IDg1LjAxNTRaTTkxLjQxODUgNjUuOTQ4Mkw5MS41MDI2IDU4LjI4MzlMOTkuMjA0MyA1OC4zNjhMOTkuMTIwMiA2Ni4wMzIzTDkxLjQxODUgNjUuOTQ4MloiIGZpbGw9IndoaXRlIi8+CjxwYXRoIGQ9Ik0zOS4xMTQzIDUzLjUyNjNMMzkuMTUxNyA0OC40NzkxTDQ0LjE4MDIgNDguNTE2NUw0NC4xNDI4IDUzLjU2MzdMMzkuMTE0MyA1My41MjYzWk00OC45NTYzIDQzLjI2MzdMNDguOTkzNyAzOC4yMTY0TDU0LjAyMjMgMzguMjUzOEw1My45ODQ5IDQzLjMwMUw0OC45NTYzIDQzLjI2MzdaTTYyLjQ5OTcgMzguMTg4NEw2Mi41MzcxIDMzLjE0MTJMNjcuNTY1NiAzMy4xNzg2TDY3LjUyODIgMzguMjI1OEw2Mi40OTk3IDM4LjE4ODRaTTM2LjE1MTQgNjcuNDkwM0wzNi4xODg4IDYyLjQ0MzFMNDEuMTg5MiA2Mi40ODA1TDQxLjE1MTkgNjcuNTI3N0wzNi4xNTE0IDY3LjQ5MDNaTTEwMC4wODMgNDguNTUzOUwxMDUuMTMgNDguNTE2NUwxMDUuMTY3IDUzLjU0NUwxMDAuMTIgNTMuNTgyNEwxMDAuMDgzIDQ4LjU1MzlaTTkwLjI0MDcgMzguMTEzNkw5NS4yODc5IDM4LjA3NjJMOTUuMzI1MyA0My4xMDQ4TDkwLjI3ODEgNDMuMTQyMUw5MC4yNDA3IDM4LjExMzZaTTc2LjY1MDYgMzMuMTY5Mkw4MS42OTc4IDMzLjEzMThMODEuNzM1MiAzOC4xNjA0TDc2LjY4OCAzOC4xOTc3TDc2LjY1MDYgMzMuMTY5MlpNMTAzLjAxOCA2Mi40OTkyTDEwOC4wNjUgNjIuNDYxOEwxMDguMTAyIDY3LjQ5MDNMMTAzLjA1NSA2Ny41Mjc3TDEwMy4wMTggNjIuNDk5MloiIGZpbGw9IndoaXRlIi8+CjxwYXRoIGQ9Ik01OC41ODMgOTguMjQwNUw1OC42MzkxIDkwLjU3NjJMNjYuMzQwOCA5MC42MzIzTDY2LjI4NDcgOTguMjk2NUw1OC41ODMgOTguMjQwNVpNNzcuODM3MiA5OC4yNDA1TDc3Ljg5MzMgOTAuNTc2Mkw4NS41OTUgOTAuNjMyM0w4NS41Mzg5IDk4LjI5NjVMNzcuODM3MiA5OC4yNDA1WiIgZmlsbD0id2hpdGUiLz4KPHBhdGggZD0iTTEwMC4wNDUgOTQuMzYxOUwxMDAuMDgyIDg5LjMxNDdMMTA1LjExMSA4OS4zNTIxTDEwNS4wNzQgOTQuMzk5M0wxMDAuMDQ1IDk0LjM2MTlaTTkwLjMxNTIgMTA0LjcyN0w5MC4zNTI2IDk5LjY4MDJMOTUuMzgxMSA5OS43MTc2TDk1LjM0MzcgMTA0Ljc2NUw5MC4zMTUyIDEwNC43MjdaTTc2Ljc3MTggMTA5LjdMNzYuODA5MiAxMDQuNjUzTDgxLjgzNzcgMTA0LjY5TDgxLjgwMDQgMTA5LjczN0w3Ni43NzE4IDEwOS43Wk0xMDMuMDA4IDgwLjM5NzlMMTAzLjA0NSA3NS4zNTA3TDEwOC4wNzQgNzUuMzg4MUwxMDguMDM3IDgwLjQzNTNMMTAzLjAwOCA4MC4zOTc5Wk0zOS4xMjMzIDg5LjMxNDdMNDQuMTcwNiA4OS4yNzczTDQ0LjIwNzkgOTQuMzA1OEwzOS4xNjA3IDk0LjM0MzJMMzkuMTIzMyA4OS4zMTQ3Wk00OC45NjU0IDk5LjY0MjhMNTQuMDEyNiA5OS42MDU0TDU0LjA1IDEwNC42MzRMNDkuMDAyOCAxMDQuNjcxTDQ4Ljk2NTQgOTkuNjQyOFpNNjIuNDQzMyAxMDQuNTk3TDY3LjQ5MDYgMTA0LjU1OUw2Ny41Mjc5IDEwOS41ODhMNjIuNDgwNyAxMDkuNjI1TDYyLjQ0MzMgMTA0LjU5N1pNMzYuMTg4NSA3NS4zNjk0TDQxLjIzNTcgNzUuMzMyTDQxLjI3MzEgODAuMzYwNkwzNi4yMjU5IDgwLjM5NzlMMzYuMTg4NSA3NS4zNjk0WiIgZmlsbD0id2hpdGUiLz4KPHBhdGggZD0iTTExMC42MjUgNTEuNjM4NEwxMTAuNjQ0IDQ4LjkwOTJMMTEzLjQyOSA0OC45Mjc5TDExMy40MSA1MS42NTcxTDExMC42MjUgNTEuNjM4NFoiIGZpbGw9IndoaXRlIi8+CjxwYXRoIGQ9Ik0xMTQuMjI0IDU5Ljg5MTNMMTE0LjI0MiA1Ny4xNjIxTDExNy4wMjggNTcuMTgwOEwxMTcuMDA5IDU5LjkxTDExNC4yMjQgNTkuODkxM1oiIGZpbGw9IndoaXRlIi8+CjxwYXRoIGQ9Ik0xMDUuNzY3IDQ0LjMzNzZMMTA1Ljc4NSA0MS42MDg0TDEwOC41NzEgNDEuNjI3MUwxMDguNTUyIDQ0LjM1NjNMMTA1Ljc2NyA0NC4zMzc2WiIgZmlsbD0id2hpdGUiLz4KPHBhdGggZD0iTTQxLjk3MzYgMzguMDk0NUw0MS45OTIzIDM1LjM2NTJMNDQuNzc3NiAzNS4zODM5TDQ0Ljc1ODkgMzguMTEzMkw0MS45NzM2IDM4LjA5NDVaIiBmaWxsPSJ3aGl0ZSIvPgo8cGF0aCBkPSJNMjYgNjguNTU1NEwyNi4wMTg3IDY1LjgyNjJMMjguODA0IDY1Ljg0NDlMMjguNzg1MyA2OC41NzQxTDI2IDY4LjU1NTRaIiBmaWxsPSJ3aGl0ZSIvPgo8cGF0aCBkPSJNOTkuNjI0IDM4LjA5NDVMOTkuNjQyNyAzNS4zNjUyTDEwMi40MjggMzUuMzgzOUwxMDIuNDA5IDM4LjExMzJMOTkuNjI0IDM4LjA5NDVaIiBmaWxsPSJ3aGl0ZSIvPgo8cGF0aCBkPSJNMjcuNTg5OCA1OS44ODE2TDI3LjYwODUgNTcuMTUyM0wzMC4zOTM5IDU3LjE3MUwzMC4zNzUyIDU5LjkwMDNMMjcuNTg5OCA1OS44ODE2WiIgZmlsbD0id2hpdGUiLz4KPHBhdGggZD0iTTU3LjYyOTkgMjkuNjM1NUw1Ny42NDg2IDI2LjkwNjJMNjAuNDMzOSAyNi45MjQ5TDYwLjQxNTIgMjkuNjU0Mkw1Ny42Mjk5IDI5LjYzNTVaIiBmaWxsPSJ3aGl0ZSIvPgo8cGF0aCBkPSJNMzAuOTcyNyA1MS42Mzg0TDMwLjk5MTMgNDguOTA5MkwzMy43NzY3IDQ4LjkyNzlMMzMuNzU4IDUxLjY1NzFMMzAuOTcyNyA1MS42Mzg0WiIgZmlsbD0id2hpdGUiLz4KPHBhdGggZD0iTTM1Ljk0NTMgNDQuMjM2MUwzNS45NjQgNDEuNTA2OEwzOC43NDkzIDQxLjUyNTVMMzguNzMwNiA0NC4yNTQ4TDM1Ljk0NTMgNDQuMjM2MVoiIGZpbGw9IndoaXRlIi8+CjxwYXRoIGQ9Ik00OS40MjI5IDMwLjQyMDRMNTIuMTUyMSAzMC40MDE3TDUyLjE3MDggMzMuMTg3TDQ5LjQ0MTUgMzMuMjA1N0w0OS40MjI5IDMwLjQyMDRaTTY2LjMwMyAyNS4wNDZMNjkuMDMyMiAyNS4wMjczTDY5LjA1MDkgMjcuODEyN0w2Ni4zMjE3IDI3LjgzMTRMNjYuMzAzIDI1LjA0NloiIGZpbGw9IndoaXRlIi8+CjxwYXRoIGQ9Ik05Mi4yMjI3IDMzLjIyNDRMOTIuMjQxNCAzMC40OTUxTDk1LjAyNjcgMzAuNTEzOEw5NS4wMDggMzMuMjQzTDkyLjIyMjcgMzMuMjI0NFoiIGZpbGw9IndoaXRlIi8+CjxwYXRoIGQ9Ik0xMTUuNTk4IDY4LjQ1MjlMMTE1LjYxNiA2NS43MjM2TDExOC40MDIgNjUuNzQyM0wxMTguMzgzIDY4LjQ3MTZMMTE1LjU5OCA2OC40NTI5WiIgZmlsbD0id2hpdGUiLz4KPHBhdGggZD0iTTc1LjE5MTQgMjcuNzI5Mkw3NS4yMTAxIDI1TDc3Ljk5NTQgMjUuMDE4N0w3Ny45NzY3IDI3Ljc0NzlMNzUuMTkxNCAyNy43MjkyWiIgZmlsbD0id2hpdGUiLz4KPHBhdGggZD0iTTgzLjg2NjIgMjkuNTIzMkw4My44ODQ5IDI2Ljc5MzlMODYuNjcwMiAyNi44MTI2TDg2LjY1MTUgMjkuNTQxOUw4My44NjYyIDI5LjUyMzJaIiBmaWxsPSJ3aGl0ZSIvPgo8cGF0aCBkPSJNOTkuNjI0IDEwNy43TDk5LjY0MjcgMTA0Ljk3MUwxMDIuNDI4IDEwNC45ODlMMTAyLjQwOSAxMDcuNzE5TDk5LjYyNCAxMDcuN1oiIGZpbGw9IndoaXRlIi8+CjxwYXRoIGQ9Ik0xMTUuNTk4IDc3LjIzOUwxMTUuNjE2IDc0LjUwOThMMTE4LjQwMiA3NC41Mjg1TDExOC4zODMgNzcuMjU3N0wxMTUuNTk4IDc3LjIzOVoiIGZpbGw9IndoaXRlIi8+CjxwYXRoIGQ9Ik00MS45NzM2IDEwNy43TDQxLjk5MjMgMTA0Ljk3MUw0NC43Nzc2IDEwNC45ODlMNDQuNzU4OSAxMDcuNzE5TDQxLjk3MzYgMTA3LjdaIiBmaWxsPSJ3aGl0ZSIvPgo8cGF0aCBkPSJNMTE0LjIyNCA4Ni4wMzI5TDExNC4yNDIgODMuMzAzN0wxMTcuMDI4IDgzLjMyMjRMMTE3LjAwOSA4Ni4wNTE2TDExNC4yMjQgODYuMDMyOVoiIGZpbGw9IndoaXRlIi8+CjxwYXRoIGQ9Ik04My44NjYyIDExNi4yN0w4My44ODQ5IDExMy41NDFMODYuNjcwMiAxMTMuNTZMODYuNjUxNSAxMTYuMjg5TDgzLjg2NjIgMTE2LjI3WiIgZmlsbD0id2hpdGUiLz4KPHBhdGggZD0iTTExMC42MjUgOTQuMjY4M0wxMTAuNjQ0IDkxLjUzOTFMMTEzLjQyOSA5MS41NTc4TDExMy40MSA5NC4yODdMMTEwLjYyNSA5NC4yNjgzWiIgZmlsbD0id2hpdGUiLz4KPHBhdGggZD0iTTEwNS43NjcgMTAxLjY3MkwxMDUuNzg1IDk4Ljk0MjRMMTA4LjU3MSA5OC45NjExTDEwOC41NTIgMTAxLjY5TDEwNS43NjcgMTAxLjY3MloiIGZpbGw9IndoaXRlIi8+CjxwYXRoIGQ9Ik05Mi4xMDk0IDExMC4wNjVMOTQuODM4NiAxMTAuMDQ2TDk0Ljg1NzMgMTEyLjgzMUw5Mi4xMjggMTEyLjg1TDkyLjEwOTQgMTEwLjA2NVpNNzUuMzMyIDExNS4yMTVMNzguMDYxMyAxMTUuMTk2TDc4LjA4IDExNy45ODFMNzUuMzUwNyAxMThMNzUuMzMyIDExNS4yMTVaIiBmaWxsPSJ3aGl0ZSIvPgo8cGF0aCBkPSJNNDkuNDc4NSAxMTIuODg2TDQ5LjQ5NzIgMTEwLjE1N0w1Mi4yODI1IDExMC4xNzZMNTIuMjYzOCAxMTIuOTA1TDQ5LjQ3ODUgMTEyLjg4NloiIGZpbGw9IndoaXRlIi8+CjxwYXRoIGQ9Ik0zMC44NTk0IDk0LjE2NThMMzAuODc4MSA5MS40MzY1TDMzLjY2MzQgOTEuNDU1MkwzMy42NDQ3IDk0LjE4NDVMMzAuODU5NCA5NC4xNjU4WiIgZmlsbD0id2hpdGUiLz4KPHBhdGggZD0iTTI3LjU4MDEgODYuMDE0NEwyNy41OTg4IDgzLjI4NTJMMzAuMzg0MSA4My4zMDM5TDMwLjM2NTQgODYuMDMzMUwyNy41ODAxIDg2LjAxNDRaIiBmaWxsPSJ3aGl0ZSIvPgo8cGF0aCBkPSJNMzUuODMyIDEwMS42NzJMMzUuODUwNyA5OC45NDI0TDM4LjYzNiA5OC45NjExTDM4LjYxNzMgMTAxLjY5TDM1LjgzMiAxMDEuNjcyWiIgZmlsbD0id2hpdGUiLz4KPHBhdGggZD0iTTI2IDc3LjIzOUwyNi4wMTg3IDc0LjUwOThMMjguODA0IDc0LjUyODVMMjguNzg1MyA3Ny4yNTc3TDI2IDc3LjIzOVoiIGZpbGw9IndoaXRlIi8+CjxwYXRoIGQ9Ik02Ni40MDUzIDExNy45NjJMNjYuNDI0IDExNS4yMzJMNjkuMjA5MyAxMTUuMjUxTDY5LjE5MDYgMTE3Ljk4TDY2LjQwNTMgMTE3Ljk2MloiIGZpbGw9IndoaXRlIi8+CjxwYXRoIGQ9Ik01Ny41MTc2IDExNi4xNjhMNTcuNTM2MyAxMTMuNDM4TDYwLjMyMTYgMTEzLjQ1N0w2MC4zMDI5IDExNi4xODZMNTcuNTE3NiAxMTYuMTY4WiIgZmlsbD0id2hpdGUiLz4KPGRlZnM+CjxsaW5lYXJHcmFkaWVudCBpZD0icGFpbnQwX2xpbmVhcl82ODNfMjk4NSIgeDE9IjEwIiB5MT0iMTUuNSIgeDI9IjE0NCIgeTI9IjEzMS41IiBncmFkaWVudFVuaXRzPSJ1c2VyU3BhY2VPblVzZSI+CjxzdG9wIHN0b3AtY29sb3I9IiMwMEE4REEiLz4KPHN0b3Agb2Zmc2V0PSIwLjQ5NSIgc3RvcC1jb2xvcj0iIzM1NzlCQyIvPgo8c3RvcCBvZmZzZXQ9IjEiIHN0b3AtY29sb3I9IiMyODZFQTUiLz4KPC9saW5lYXJHcmFkaWVudD4KPC9kZWZzPgo8L3N2Zz4K + keysOrder: [["apiVersion"], ["appVersion"], ["kind"], ["metadata"], ["metadata", "name"], ["spec", "replicas"], ["spec", "resourcesPreset"], ["spec", "external"], ["spec", "httpAndHttps"], ["spec", "httpAndHttps", "mode"], ["spec", "httpAndHttps", "targetPorts"], ["spec", "httpAndHttps", "targetPorts", "http"], ["spec", "httpAndHttps", "targetPorts", "https"], ["spec", "httpAndHttps", "endpoints"], ["spec", "whitelistHTTP"], ["spec", "whitelist"]] + secrets: + exclude: + - matchLabels: + apps.cozystack.io/tenantresource: "false" + include: [{}] diff --git a/packages/system/cozystack-api/templates/cozystack-resource-definitions/tenant.yaml b/packages/system/cozystack-api/templates/cozystack-resource-definitions/tenant.yaml new file mode 100644 index 00000000..76aa6365 --- /dev/null +++ b/packages/system/cozystack-api/templates/cozystack-resource-definitions/tenant.yaml @@ -0,0 +1,33 @@ +apiVersion: cozystack.io/v1alpha1 +kind: CozystackResourceDefinition +metadata: + name: tenant +spec: + application: + kind: Tenant + singular: tenant + plural: tenants + openAPISchema: |- + {"title":"Chart Values","type":"object","properties":{"etcd":{"description":"Deploy own Etcd cluster","type":"boolean","default":false},"host":{"description":"The hostname used to access tenant services (defaults to using the tenant name as a subdomain for it's parent tenant host).","type":"string"},"ingress":{"description":"Deploy own Ingress Controller","type":"boolean","default":false},"isolated":{"description":"Enforce tenant namespace with network policies, `true` by default","type":"boolean","default":true},"monitoring":{"description":"Deploy own Monitoring Stack","type":"boolean","default":false},"resourceQuotas":{"description":"Define resource quotas for the tenant","type":"object","default":{},"additionalProperties":{"pattern":"^(\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))))?$","anyOf":[{"type":"integer"},{"type":"string"}],"x-kubernetes-int-or-string":true}},"seaweedfs":{"description":"Deploy own SeaweedFS","type":"boolean","default":false}}} + release: + prefix: tenant- + labels: + cozystack.io/ui: "true" + chart: + name: tenant + sourceRef: + kind: HelmRepository + name: cozystack-apps + namespace: cozy-public + dashboard: + category: Administration + singular: Tenant + plural: Tenants + description: Separated tenant namespace + icon: PHN2ZyB3aWR0aD0iMTQ0IiBoZWlnaHQ9IjE0NCIgdmlld0JveD0iMCAwIDE0NCAxNDQiIGZpbGw9Im5vbmUiIHhtbG5zPSJodHRwOi8vd3d3LnczLm9yZy8yMDAwL3N2ZyI+CjxyZWN0IHdpZHRoPSIxNDQiIGhlaWdodD0iMTQ0IiByeD0iMjQiIGZpbGw9InVybCgjcGFpbnQwX2xpbmVhcl82ODdfMzQwMykiLz4KPGcgY2xpcC1wYXRoPSJ1cmwoI2NsaXAwXzY4N18zNDAzKSI+CjxwYXRoIGQ9Ik03MiAyOUM2Ni4zOTI2IDI5IDYxLjAxNDggMzEuMjM4OCA1Ny4wNDk3IDM1LjIyNEM1My4wODQ3IDM5LjIwOTEgNTAuODU3MSA0NC42MTQxIDUwLjg1NzEgNTAuMjVDNTAuODU3MSA1NS44ODU5IDUzLjA4NDcgNjEuMjkwOSA1Ny4wNDk3IDY1LjI3NkM2MS4wMTQ4IDY5LjI2MTIgNjYuMzkyNiA3MS41IDcyIDcxLjVDNzcuNjA3NCA3MS41IDgyLjk4NTIgNjkuMjYxMiA4Ni45NTAzIDY1LjI3NkM5MC45MTUzIDYxLjI5MDkgOTMuMTQyOSA1NS44ODU5IDkzLjE0MjkgNTAuMjVDOTMuMTQyOSA0NC42MTQxIDkwLjkxNTMgMzkuMjA5MSA4Ni45NTAzIDM1LjIyNEM4Mi45ODUyIDMxLjIzODggNzcuNjA3NCAyOSA3MiAyOVpNNjAuOTgyNiA4My4zMDM3QzYwLjQ1NCA4Mi41ODk4IDU5LjU5NTEgODIuMTkxNCA1OC43MTk2IDgyLjI3NDRDNDUuMzg5NyA4My43MzU0IDM1IDk1LjEwNzQgMzUgMTA4LjkwM0MzNSAxMTEuNzI2IDM3LjI3OTUgMTE0IDQwLjA3MSAxMTRIMTAzLjkyOUMxMDYuNzM3IDExNCAxMDkgMTExLjcwOSAxMDkgMTA4LjkwM0MxMDkgOTUuMTA3NCA5OC42MTAzIDgzLjc1MiA4NS4yNjM4IDgyLjI5MUM4NC4zODg0IDgyLjE5MTQgODMuNTI5NSA4Mi42MDY0IDgzLjAwMDkgODMuMzIwM0w3NC4wOTc4IDk1LjI0MDJDNzMuMDQwNiA5Ni42NTE0IDcwLjkyNjMgOTYuNjUxNCA2OS44NjkyIDk1LjI0MDJMNjAuOTY2MSA4My4zMjAzTDYwLjk4MjYgODMuMzAzN1oiIGZpbGw9ImJsYWNrIi8+CjwvZz4KPGRlZnM+CjxsaW5lYXJHcmFkaWVudCBpZD0icGFpbnQwX2xpbmVhcl82ODdfMzQwMyIgeDE9IjcyIiB5MT0iMTQ0IiB4Mj0iLTEuMjgxN2UtMDUiIHkyPSI0IiBncmFkaWVudFVuaXRzPSJ1c2VyU3BhY2VPblVzZSI+CjxzdG9wIHN0b3AtY29sb3I9IiNDMEQ2RkYiLz4KPHN0b3Agb2Zmc2V0PSIwLjMiIHN0b3AtY29sb3I9IiNDNERBRkYiLz4KPHN0b3Agb2Zmc2V0PSIwLjY1IiBzdG9wLWNvbG9yPSIjRDNFOUZGIi8+CjxzdG9wIG9mZnNldD0iMSIgc3RvcC1jb2xvcj0iI0U5RkZGRiIvPgo8L2xpbmVhckdyYWRpZW50Pgo8Y2xpcFBhdGggaWQ9ImNsaXAwXzY4N18zNDAzIj4KPHJlY3Qgd2lkdGg9Ijc0IiBoZWlnaHQ9Ijg1IiBmaWxsPSJ3aGl0ZSIgdHJhbnNmb3JtPSJ0cmFuc2xhdGUoMzUgMjkpIi8+CjwvY2xpcFBhdGg+CjwvZGVmcz4KPC9zdmc+Cg== + keysOrder: [["apiVersion"], ["appVersion"], ["kind"], ["metadata"], ["metadata", "name"], ["spec", "host"], ["spec", "etcd"], ["spec", "monitoring"], ["spec", "ingress"], ["spec", "seaweedfs"], ["spec", "isolated"], ["spec", "resourceQuotas"]] + secrets: + exclude: + - matchLabels: + apps.cozystack.io/tenantresource: "false" + include: [{}] diff --git a/packages/system/cozystack-api/templates/cozystack-resource-definitions/virtual-machine.yaml b/packages/system/cozystack-api/templates/cozystack-resource-definitions/virtual-machine.yaml new file mode 100644 index 00000000..0a0d4821 --- /dev/null +++ b/packages/system/cozystack-api/templates/cozystack-resource-definitions/virtual-machine.yaml @@ -0,0 +1,36 @@ +apiVersion: cozystack.io/v1alpha1 +kind: CozystackResourceDefinition +metadata: + name: virtual-machine +spec: + application: + kind: VirtualMachine + plural: virtualmachines + singular: virtualmachine + openAPISchema: |- + {"title":"Chart Values","type":"object","properties":{"cloudInit":{"description":"Cloud-init user data config. See cloud-init documentation for more details: [format](https://cloudinit.readthedocs.io/en/latest/explanation/format.html), [examples](https://cloudinit.readthedocs.io/en/latest/reference/examples.html).","type":"string"},"cloudInitSeed":{"description":"A seed string to generate an SMBIOS UUID for the VM.","type":"string"},"external":{"description":"Enable external access from outside the cluster","type":"boolean","default":false},"externalMethod":{"description":"Specify method to pass through the traffic to the virtual machine. Allowed values: `WholeIP` and `PortList`","type":"string","default":"PortList","enum":["PortList","WholeIP"]},"externalPorts":{"description":"Specify ports to forward from outside the cluster","type":"array","default":[22],"items":{"type":"integer"}},"gpus":{"description":"List of GPUs to attach","type":"array","default":[],"items":{"type":"object","required":["name"],"properties":{"name":{"description":"The name of the GPU to attach. This should match the GPU resource name in the cluster.","type":"string"}}}},"instanceProfile":{"description":"Virtual Machine preferences profile","type":"string","default":"ubuntu","enum":["alpine","centos.7","centos.7.desktop","centos.stream10","centos.stream10.desktop","centos.stream8","centos.stream8.desktop","centos.stream8.dpdk","centos.stream9","centos.stream9.desktop","centos.stream9.dpdk","cirros","fedora","fedora.arm64","opensuse.leap","opensuse.tumbleweed","rhel.10","rhel.10.arm64","rhel.7","rhel.7.desktop","rhel.8","rhel.8.desktop","rhel.8.dpdk","rhel.9","rhel.9.arm64","rhel.9.desktop","rhel.9.dpdk","rhel.9.realtime","sles","ubuntu","windows.10","windows.10.virtio","windows.11","windows.11.virtio","windows.2k16","windows.2k16.virtio","windows.2k19","windows.2k19.virtio","windows.2k22","windows.2k22.virtio","windows.2k25","windows.2k25.virtio",""]},"instanceType":{"description":"Virtual Machine instance type","type":"string","default":"u1.medium"},"resources":{"description":"Resources","type":"object","default":{},"properties":{"cpu":{"description":"The number of CPU cores allocated to the virtual machine","pattern":"^(\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))))?$","anyOf":[{"type":"integer"},{"type":"string"}],"x-kubernetes-int-or-string":true},"memory":{"description":"The amount of memory allocated to the virtual machine","pattern":"^(\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))))?$","anyOf":[{"type":"integer"},{"type":"string"}],"x-kubernetes-int-or-string":true},"sockets":{"description":"The number of CPU sockets allocated to the virtual machine (used to define vCPU topology)","pattern":"^(\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))))?$","anyOf":[{"type":"integer"},{"type":"string"}],"x-kubernetes-int-or-string":true}}},"running":{"description":"if the virtual machine should be running","type":"boolean","default":true},"sshKeys":{"description":"List of SSH public keys for authentication. Can be a single key or a list of keys.","type":"array","default":[],"items":{"type":"string"}},"systemDisk":{"description":"System disk configuration","type":"object","default":{},"required":["image","storage"],"properties":{"image":{"description":"The base image for the virtual machine. Allowed values: `ubuntu`, `cirros`, `alpine`, `fedora` and `talos`","type":"string","default":"ubuntu","enum":["ubuntu","cirros","alpine","fedora","talos"]},"storage":{"description":"The size of the disk allocated for the virtual machine","type":"string","default":"5Gi"},"storageClass":{"description":"StorageClass used to store the data","type":"string","default":"replicated"}}}}} + release: + prefix: virtual-machine- + labels: + cozystack.io/ui: "true" + chart: + name: virtual-machine + sourceRef: + kind: HelmRepository + name: cozystack-apps + namespace: cozy-public + dashboard: + category: IaaS + singular: Virtual Machine + plural: Virtual Machines + description: Virtual Machine (simple) + weight: 10 + tags: + - compute + icon: PHN2ZyB3aWR0aD0iMTQ0IiBoZWlnaHQ9IjE0NCIgdmlld0JveD0iMCAwIDE0NCAxNDQiIGZpbGw9Im5vbmUiIHhtbG5zPSJodHRwOi8vd3d3LnczLm9yZy8yMDAwL3N2ZyI+CjxyZWN0IHdpZHRoPSIxNDQiIGhlaWdodD0iMTQ0IiByeD0iMjQiIGZpbGw9InVybCgjcGFpbnQwX2xpbmVhcl82ODdfMzQ1NCkiLz4KPGcgY2xpcC1wYXRoPSJ1cmwoI2NsaXAwXzY4N18zNDU0KSI+CjxwYXRoIGQ9Ik04OS41MDM5IDExMS43MDdINTQuNDk3QzU0LjE3MjcgMTExLjcwNyA1NC4wMTA4IDExMS4yMjEgNTQuMzM0OSAxMTEuMDU5TDU3LjI1MjIgMTA4Ljk1MkM2MC4zMzE0IDEwNi42ODMgNjEuOTUyMiAxMDIuNjMxIDYwLjk3OTcgOTguNzQxMkg4My4wMjFDODIuMDQ4NSAxMDIuNjMxIDgzLjY2OTMgMTA2LjY4MyA4Ni43NDg1IDEwOC45NTJMODkuNjY1OCAxMTEuMDU5Qzg5Ljk5IDExMS4yMjEgODkuODI3OSAxMTEuNzA3IDg5LjUwMzkgMTExLjcwN1oiIGZpbGw9IiNCMEI2QkIiLz4KPHBhdGggZD0iTTExMy4zMjggOTguNzQxSDMwLjY3MjVDMjcuNTkzMSA5OC43NDEgMjUgOTYuMTQ4IDI1IDkzLjA2ODdWMzMuMTAzMkMyNSAzMC4wMjM5IDI3LjU5MzEgMjcuNDMwNyAzMC42NzI1IDI3LjQzMDdIMTEzLjMyOEMxMTYuNDA3IDI3LjQzMDcgMTE5IDMwLjAyMzcgMTE5IDMzLjEwMzJWOTMuMDY4N0MxMTkgOTYuMTQ4IDExNi40MDcgOTguNzQxIDExMy4zMjggOTguNzQxWiIgZmlsbD0iI0U4RURFRSIvPgo8cGF0aCBkPSJNMTE5IDg0LjE1NDlIMjVWMzMuMTAzMkMyNSAzMC4wMjM5IDI3LjU5MzEgMjcuNDMwNyAzMC42NzI1IDI3LjQzMDdIMTEzLjMyOEMxMTYuNDA3IDI3LjQzMDcgMTE5IDMwLjAyMzcgMTE5IDMzLjEwMzJMMTE5IDg0LjE1NDlaIiBmaWxsPSIjMDBCM0ZGIi8+CjxwYXRoIGQ9Ik05MC42Mzc0IDExNi41NjlINTMuMzYxNkM1Mi4wNjUxIDExNi41NjkgNTAuOTMwNyAxMTUuNDM1IDUwLjkzMDcgMTE0LjEzOEM1MC45MzA3IDExMi44NDEgNTIuMDY1MSAxMTEuNzA3IDUzLjM2MTYgMTExLjcwN0g5MC42Mzc0QzkxLjkzMzkgMTExLjcwNyA5My4wNjg0IDExMi44NDEgOTMuMDY4NCAxMTQuMTM4QzkzLjA2ODQgMTE1LjQzNSA5MS45MzM5IDExNi41NjkgOTAuNjM3NCAxMTYuNTY5WiIgZmlsbD0iI0U4RURFRSIvPgo8L2c+CjxwYXRoIGQ9Ik03Mi41Mjc1IDUzLjgzNjdDNzIuNDQzMSA1My44MzUxIDcyLjM2MDUgNTMuODEyMiA3Mi4yODczIDUzLjc3MDFMNTYuNDY5OSA0NC43OTM0QzU2LjM5ODMgNDQuNzUxOSA1Ni4zMzg4IDQ0LjY5MjMgNTYuMjk3MyA0NC42MjA3QzU2LjI1NTkgNDQuNTQ5IDU2LjIzMzggNDQuNDY3OCA1Ni4yMzM0IDQ0LjM4NUM1Ni4yMzM0IDQ0LjIxNjkgNTYuMzI1OCA0NC4wNjE3IDU2LjQ2OTkgNDMuOTc4NUw3Mi4xOTEyIDM1LjA2MDlDNzIuMjYzNyAzNS4wMjEgNzIuMzQ1IDM1IDcyLjQyNzcgMzVDNzIuNTEwNSAzNSA3Mi41OTE4IDM1LjAyMSA3Mi42NjQzIDM1LjA2MDlMODguNDg3MiA0NC4wMzk1Qzg4LjU1OTEgNDQuMDgwMSA4OC42MTg4IDQ0LjEzOTIgODguNjYgNDQuMjEwN0M4OC43MDEzIDQ0LjI4MjIgODguNzIyNyA0NC4zNjM1IDg4LjcyMTkgNDQuNDQ2Qzg4LjcyMjUgNDQuNTI4NSA4OC43MDEgNDQuNjA5NyA4OC42NTk4IDQ0LjY4MTJDODguNjE4NSA0NC43NTI2IDg4LjU1ODkgNDQuODExOCA4OC40ODcyIDQ0Ljg1MjVMNzIuNzcxNCA1My43NjgzQzcyLjY5NzIgNTMuODExNCA3Mi42MTMzIDUzLjgzNDkgNzIuNTI3NSA1My44MzY3IiBmaWxsPSJ3aGl0ZSIvPgo8cGF0aCBvcGFjaXR5PSIwLjciIGQ9Ik03MC4yNTUzIDc1LjY1MTdDNzAuMTcxIDc1LjY1MzUgNzAuMDg3OCA3NS42MzE3IDcwLjAxNTEgNzUuNTg4OEw1NC4yNDU4IDY2LjY0MTdDNTQuMTcxNSA2Ni42MDI0IDU0LjEwOTUgNjYuNTQzNiA1NC4wNjYxIDY2LjQ3MTZDNTQuMDIyOCA2Ni4zOTk3IDU0IDY2LjMxNzMgNTQgNjYuMjMzM1Y0OC4yNzhDNTQgNDguMTA4IDU0LjA5MjQgNDcuOTU0NiA1NC4yNDM5IDQ3Ljg2OTZDNTQuMzE3MiA0Ny44MjcxIDU0LjQwMDQgNDcuODA0NyA1NC40ODUxIDQ3LjgwNDdDNTQuNTY5NyA0Ny44MDQ3IDU0LjY1MjkgNDcuODI3MSA1NC43MjYyIDQ3Ljg2OTZMNzAuNDkzNyA1Ni44MTMxQzcwLjU2NDIgNTYuODU2NSA3MC42MjI1IDU2LjkxNyA3MC42NjMyIDU2Ljk4OTFDNzAuNzAzOSA1Ny4wNjEyIDcwLjcyNTcgNTcuMTQyNCA3MC43MjY1IDU3LjIyNTFWNzUuMTgwNUM3MC43MjU5IDc1LjI2MjggNzAuNzA0MiA3NS4zNDM2IDcwLjY2MzUgNzUuNDE1MUM3MC42MjI3IDc1LjQ4NjYgNzAuNTY0MiA3NS41NDY0IDcwLjQ5MzcgNzUuNTg4OEM3MC40MjA2IDc1LjYyOTEgNzAuMzM4NyA3NS42NTA3IDcwLjI1NTMgNzUuNjUxNyIgZmlsbD0id2hpdGUiLz4KPHBhdGggb3BhY2l0eT0iMC40IiBkPSJNNzQuNzE5OCA3NS42NTExQzc0LjYzMzMgNzUuNjUxMiA3NC41NDgyIDc1LjYyOTYgNzQuNDcyMiA3NS41ODgzQzc0LjQwMTYgNzUuNTQ2MSA3NC4zNDMyIDc1LjQ4NjIgNzQuMzAyNyA3NS40MTQ3Qzc0LjI2MjMgNzUuMzQzMSA3NC4yNDExIDc1LjI2MjIgNzQuMjQxMiA3NS4xOFY1Ny4zMzczQzc0LjI0MTIgNTcuMTcxIDc0LjMzMzYgNTcuMDE1OCA3NC40NzIyIDU2LjkyOUw5MC4yMzk3IDQ3Ljk4NTVDOTAuMzExOSA0Ny45NDM4IDkwLjM5MzggNDcuOTIxOSA5MC40NzcxIDQ3LjkyMTlDOTAuNTYwNSA0Ny45MjE5IDkwLjY0MjQgNDcuOTQzOCA5MC43MTQ2IDQ3Ljk4NTVDOTAuNzg3NiA0OC4wMjU1IDkwLjg0ODUgNDguMDg0MiA5MC44OTExIDQ4LjE1NTdDOTAuOTMzNyA0OC4yMjcyIDkwLjk1NjMgNDguMzA4OCA5MC45NTY2IDQ4LjM5MlY2Ni4yMzI4QzkwLjk1NyA2Ni4zMTY0IDkwLjkzNDcgNjYuMzk4NSA5MC44OTIxIDY2LjQ3MDRDOTAuODQ5NSA2Ni41NDI0IDkwLjc4ODEgNjYuNjAxNCA5MC43MTQ2IDY2LjY0MTFMNzQuOTUyNiA3NS41ODgzQzc0Ljg4MjUgNzUuNjMwNyA3NC44MDE4IDc1LjY1MjUgNzQuNzE5OCA3NS42NTExIiBmaWxsPSJ3aGl0ZSIvPgo8ZGVmcz4KPGxpbmVhckdyYWRpZW50IGlkPSJwYWludDBfbGluZWFyXzY4N18zNDU0IiB4MT0iMTYxIiB5MT0iMTgwIiB4Mj0iMy41OTI4NGUtMDciIHkyPSI0Ljk5OTk4IiBncmFkaWVudFVuaXRzPSJ1c2VyU3BhY2VPblVzZSI+CjxzdG9wLz4KPHN0b3Agb2Zmc2V0PSIxIiBzdG9wLWNvbG9yPSIjNTk1NjU2Ii8+CjwvbGluZWFyR3JhZGllbnQ+CjxjbGlwUGF0aCBpZD0iY2xpcDBfNjg3XzM0NTQiPgo8cmVjdCB3aWR0aD0iOTQiIGhlaWdodD0iOTQiIGZpbGw9IndoaXRlIiB0cmFuc2Zvcm09InRyYW5zbGF0ZSgyNSAyNSkiLz4KPC9jbGlwUGF0aD4KPC9kZWZzPgo8L3N2Zz4K + keysOrder: [["apiVersion"], ["appVersion"], ["kind"], ["metadata"], ["metadata", "name"], ["spec", "external"], ["spec", "externalMethod"], ["spec", "externalPorts"], ["spec", "running"], ["spec", "instanceType"], ["spec", "instanceProfile"], ["spec", "systemDisk"], ["spec", "systemDisk", "image"], ["spec", "systemDisk", "storage"], ["spec", "systemDisk", "storageClass"], ["spec", "gpus"], ["spec", "resources"], ["spec", "sshKeys"], ["spec", "cloudInit"], ["spec", "cloudInitSeed"]] + secrets: + exclude: + - matchLabels: + apps.cozystack.io/tenantresource: "false" + include: [{}] diff --git a/packages/system/cozystack-api/templates/cozystack-resource-definitions/vm-disk.yaml b/packages/system/cozystack-api/templates/cozystack-resource-definitions/vm-disk.yaml new file mode 100644 index 00000000..0f3d4754 --- /dev/null +++ b/packages/system/cozystack-api/templates/cozystack-resource-definitions/vm-disk.yaml @@ -0,0 +1,36 @@ +apiVersion: cozystack.io/v1alpha1 +kind: CozystackResourceDefinition +metadata: + name: vm-disk +spec: + application: + kind: VMDisk + singular: vmdisk + plural: vmdisks + openAPISchema: |- + {"title":"Chart Values","type":"object","properties":{"optical":{"description":"Defines if disk should be considered optical","type":"boolean","default":false},"source":{"description":"The source image location used to create a disk","type":"object","default":{},"properties":{"http":{"description":"Download image from an HTTP source","type":"object","required":["url"],"properties":{"url":{"description":"URL to download the image","type":"string"}}},"image":{"description":"Use image by name: uploaded as \"golden image\" or from the list: `ubuntu`, `fedora`, `cirros`, `alpine`, and `talos`.","type":"object","required":["name"],"properties":{"name":{"description":"Name of the image to use","type":"string"}}},"upload":{"description":"Upload local image","type":"object"}}},"storage":{"description":"The size of the disk allocated for the virtual machine","default":"5Gi","pattern":"^(\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))))?$","anyOf":[{"type":"integer"},{"type":"string"}],"x-kubernetes-int-or-string":true},"storageClass":{"description":"StorageClass used to store the data","type":"string","default":"replicated"}}} + release: + prefix: vm-disk- + labels: + cozystack.io/ui: "true" + chart: + name: vm-disk + sourceRef: + kind: HelmRepository + name: cozystack-apps + namespace: cozy-public + dashboard: + category: IaaS + singular: VM Disk + plural: VM Disks + description: Virtual Machine disk + weight: 51 + tags: + - storage + icon: PHN2ZyB3aWR0aD0iMTQ0IiBoZWlnaHQ9IjE0NCIgdmlld0JveD0iMCAwIDE0NCAxNDQiIGZpbGw9Im5vbmUiIHhtbG5zPSJodHRwOi8vd3d3LnczLm9yZy8yMDAwL3N2ZyI+CjxyZWN0IHdpZHRoPSIxNDQiIGhlaWdodD0iMTQ0IiByeD0iMjQiIGZpbGw9InVybCgjcGFpbnQwX2xpbmVhcl8zMzBfNDg5NjMpIi8+CjxnIGZpbHRlcj0idXJsKCNmaWx0ZXIwX2lfMzMwXzQ4OTYzKSI+CjxwYXRoIGQ9Ik03Mi4wMDAxIDI2LjYzNjdDNDYuODc3MiAyNi42MzY3IDI2LjUxMTIgNDcuMDAyNyAyNi41MTEyIDcyLjEyNTZDMjYuNTExMiA5Ny4yNDg0IDQ2Ljg3NzIgMTE3LjYxNCA3Mi4wMDAxIDExNy42MTRDOTcuMTIyOSAxMTcuNjE0IDExNy40ODkgOTcuMjQ4MiAxMTcuNDg5IDcyLjEyNTRDMTE3LjQ4OSA0Ny4wMDI1IDk3LjEyMjkgMjYuNjM2NyA3Mi4wMDAxIDI2LjYzNjdaTTcyLjAwMDEgODEuNjIxMkM2Ni43NTU3IDgxLjYyMTIgNjIuNTA0NCA3Ny4zNjk5IDYyLjUwNDQgNzIuMTI1NkM2Mi41MDQ0IDY2Ljg4MTIgNjYuNzU1NyA2Mi42Mjk5IDcyLjAwMDEgNjIuNjI5OUM3Ny4yNDQ0IDYyLjYyOTkgODEuNDk1NyA2Ni44ODEyIDgxLjQ5NTcgNzIuMTI1NkM4MS40OTU3IDc3LjM2OTkgNzcuMjQ0NCA4MS42MjEyIDcyLjAwMDEgODEuNjIxMloiIGZpbGw9IiNCQUQ5RkYiLz4KPC9nPgo8cGF0aCBkPSJNNTIuMDA3NSA2NS43MjA5TDMyLjI5NzYgNTkuMDQ5OEMzNi4yODQyIDQ3LjI3MTEgNDUuMzI4NSAzNy42MzE1IDU2LjQ5MSAzMy4yNjRMNjQuMDcyOCA1Mi42NDE5QzU4LjY0MiA1NC43NjY3IDU0LjAxOSA1OS43NzgzIDUyLjAwNzUgNjUuNzIwOVpNOTEuOTkyNiA3OC41M0wxMTEuNzAzIDg1LjIwMTFDMTA3LjcxNiA5Ni45Nzk5IDk4LjY3MTggMTA2LjYxOSA4Ny41MDkzIDExMC45ODdMNzkuOTI3NSA5MS42MDlDODUuMzU4MSA4OS40ODQyIDg5Ljk4MTMgODQuNDcyNiA5MS45OTI2IDc4LjUzWiIgZmlsbD0iI0VERjZGRiIvPgo8cGF0aCBkPSJNNTUuOTMyNCA1OC43MDI4QzU3LjY1MTQgNTYuNjE0IDU5LjcxOTQgNTQuODYzMiA2MS45ODk0IDUzLjYxODNDNjMuMTQ5IDUyLjk4MjQgNjQuMjYzMyA1My4xMjk2IDYzLjc4MTQgNTEuODk3OUw1Ny4yMDk1IDM1LjEwMDlDNTYuMjkwOSAzMi43NTI5IDU1LjI4MTQgMzMuNzI4NSA1My45MDYgMzQuMzg2OEM0OC45NzM0IDM2Ljc0NzYgNDQuNTM0OSA0MC4xNTkgNDAuODYwMSA0NC4zMTU0TDU1LjkzMjQgNTguNzAyOFpNODguMDY3NiA4NS41NDgxQzg1LjgzNTIgODguMjYwNSA4My4wMTQ4IDkwLjQwMjkgNzkuOTI2OSA5MS42MDhMODcuNTA4OSAxMTAuOTg2QzkzLjQ3ODUgMTA4LjY1NCA5OC44MzM2IDEwNC44MDYgMTAzLjE0IDk5LjkzNTVMODguMDY3NiA4NS41NDgxWiIgZmlsbD0iI0NERTNGRiIvPgo8cGF0aCBkPSJNNzIgODkuNDM4OEM2Mi40NTM0IDg5LjQzODggNTQuNjg2NSA4MS42NzIxIDU0LjY4NjUgNzIuMTI1NEM1NC42ODY1IDYyLjU3ODYgNjIuNDUzNCA1NC44MTE5IDcyIDU0LjgxMTlDODEuNTQ2OCA1NC44MTE5IDg5LjMxMzQgNjIuNTc4OCA4OS4zMTM0IDcyLjEyNTRDODkuMzEzNCA4MS42NzIgODEuNTQ2OCA4OS40Mzg4IDcyIDg5LjQzODhaTTcyIDU5LjExMDVDNjQuODIzNCA1OS4xMTA1IDU4Ljk4NDkgNjQuOTQ5IDU4Ljk4NDkgNzIuMTI1NkM1OC45ODQ5IDc5LjMwMjIgNjQuODIzNCA4NS4xNDA2IDcyIDg1LjE0MDZDNzkuMTc2NiA4NS4xNDA2IDg1LjAxNSA3OS4zMDIyIDg1LjAxNSA3Mi4xMjU2Qzg1LjAxNSA2NC45NDkgNzkuMTc2NiA1OS4xMTA1IDcyIDU5LjExMDVaIiBmaWxsPSIjMDBCNEZGIi8+CjxkZWZzPgo8ZmlsdGVyIGlkPSJmaWx0ZXIwX2lfMzMwXzQ4OTYzIiB4PSIyNi41MTEyIiB5PSIyNi42MzY3IiB3aWR0aD0iOTIuOTc3OCIgaGVpZ2h0PSI5Mi45Nzc1IiBmaWx0ZXJVbml0cz0idXNlclNwYWNlT25Vc2UiIGNvbG9yLWludGVycG9sYXRpb24tZmlsdGVycz0ic1JHQiI+CjxmZUZsb29kIGZsb29kLW9wYWNpdHk9IjAiIHJlc3VsdD0iQmFja2dyb3VuZEltYWdlRml4Ii8+CjxmZUJsZW5kIG1vZGU9Im5vcm1hbCIgaW49IlNvdXJjZUdyYXBoaWMiIGluMj0iQmFja2dyb3VuZEltYWdlRml4IiByZXN1bHQ9InNoYXBlIi8+CjxmZUNvbG9yTWF0cml4IGluPSJTb3VyY2VBbHBoYSIgdHlwZT0ibWF0cml4IiB2YWx1ZXM9IjAgMCAwIDAgMCAwIDAgMCAwIDAgMCAwIDAgMCAwIDAgMCAwIDEyNyAwIiByZXN1bHQ9ImhhcmRBbHBoYSIvPgo8ZmVPZmZzZXQgZHg9IjIiIGR5PSIyIi8+CjxmZUdhdXNzaWFuQmx1ciBzdGREZXZpYXRpb249IjIuNSIvPgo8ZmVDb21wb3NpdGUgaW4yPSJoYXJkQWxwaGEiIG9wZXJhdG9yPSJhcml0aG1ldGljIiBrMj0iLTEiIGszPSIxIi8+CjxmZUNvbG9yTWF0cml4IHR5cGU9Im1hdHJpeCIgdmFsdWVzPSIwIDAgMCAwIDEgMCAwIDAgMCAxIDAgMCAwIDAgMSAwIDAgMCAwLjIxIDAiLz4KPGZlQmxlbmQgbW9kZT0ibm9ybWFsIiBpbjI9InNoYXBlIiByZXN1bHQ9ImVmZmVjdDFfaW5uZXJTaGFkb3dfMzMwXzQ4OTYzIi8+CjwvZmlsdGVyPgo8bGluZWFyR3JhZGllbnQgaWQ9InBhaW50MF9saW5lYXJfMzMwXzQ4OTYzIiB4MT0iLTE1LjUiIHkxPSItMTIiIHgyPSIyMTYuNSIgeTI9IjE4NS41IiBncmFkaWVudFVuaXRzPSJ1c2VyU3BhY2VPblVzZSI+CjxzdG9wIHN0b3AtY29sb3I9IiM2NUNDRkYiLz4KPHN0b3Agb2Zmc2V0PSIxIiBzdG9wLWNvbG9yPSIjMDQ0Mzc0Ii8+CjwvbGluZWFyR3JhZGllbnQ+CjwvZGVmcz4KPC9zdmc+Cg== + keysOrder: [["apiVersion"], ["appVersion"], ["kind"], ["metadata"], ["metadata", "name"], ["spec", "source"], ["spec", "optical"], ["spec", "storage"], ["spec", "storageClass"]] + secrets: + exclude: + - matchLabels: + apps.cozystack.io/tenantresource: "false" + include: [{}] diff --git a/packages/system/cozystack-api/templates/cozystack-resource-definitions/vm-instance.yaml b/packages/system/cozystack-api/templates/cozystack-resource-definitions/vm-instance.yaml new file mode 100644 index 00000000..1c019265 --- /dev/null +++ b/packages/system/cozystack-api/templates/cozystack-resource-definitions/vm-instance.yaml @@ -0,0 +1,36 @@ +apiVersion: cozystack.io/v1alpha1 +kind: CozystackResourceDefinition +metadata: + name: vm-instance +spec: + application: + kind: VMInstance + singular: vminstance + plural: vminstances + openAPISchema: |- + {"title":"Chart Values","type":"object","properties":{"cloudInit":{"description":"Cloud-init user data config. See cloud-init documentation for more details: [format](https://cloudinit.readthedocs.io/en/latest/explanation/format.html), [examples](https://cloudinit.readthedocs.io/en/latest/reference/examples.html).","type":"string"},"cloudInitSeed":{"description":"A seed string to generate an SMBIOS UUID for the VM.","type":"string"},"disks":{"description":"List of disks to attach","type":"array","default":[],"items":{"type":"object","required":["name"],"properties":{"bus":{"description":"Disk bus type, such as \"sata\"","type":"string"},"name":{"description":"Disk name","type":"string"}}}},"external":{"description":"Enable external access from outside the cluster","type":"boolean","default":false},"externalMethod":{"description":"Specify method to pass through the traffic to the virtual machine. Allowed values: `WholeIP` and `PortList`","type":"string","default":"PortList","enum":["PortList","WholeIP"]},"externalPorts":{"description":"Ports to forward from outside the cluster","type":"array","default":[22],"items":{"type":"integer"}},"gpus":{"description":"List of GPUs to attach (WARN: NVIDIA driver requires at least 4 GiB of RAM)","type":"array","default":[],"items":{"type":"object","required":["name"],"properties":{"name":{"description":"Name of GPU, such as \"nvidia.com/AD102GL_L40S\"","type":"string"}}}},"instanceProfile":{"description":"Virtual Machine preferences profile","type":"string","default":"ubuntu","enum":["alpine","centos.7","centos.7.desktop","centos.stream10","centos.stream10.desktop","centos.stream8","centos.stream8.desktop","centos.stream8.dpdk","centos.stream9","centos.stream9.desktop","centos.stream9.dpdk","cirros","fedora","fedora.arm64","opensuse.leap","opensuse.tumbleweed","rhel.10","rhel.10.arm64","rhel.7","rhel.7.desktop","rhel.8","rhel.8.desktop","rhel.8.dpdk","rhel.9","rhel.9.arm64","rhel.9.desktop","rhel.9.dpdk","rhel.9.realtime","sles","ubuntu","windows.10","windows.10.virtio","windows.11","windows.11.virtio","windows.2k16","windows.2k16.virtio","windows.2k19","windows.2k19.virtio","windows.2k22","windows.2k22.virtio","windows.2k25","windows.2k25.virtio",""]},"instanceType":{"description":"Virtual Machine instance type","type":"string","default":"u1.medium"},"resources":{"description":"Resources","type":"object","default":{},"properties":{"cpu":{"description":"The number of CPU cores allocated to the virtual machine","pattern":"^(\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))))?$","anyOf":[{"type":"integer"},{"type":"string"}],"x-kubernetes-int-or-string":true},"memory":{"description":"The amount of memory allocated to the virtual machine","pattern":"^(\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))))?$","anyOf":[{"type":"integer"},{"type":"string"}],"x-kubernetes-int-or-string":true},"sockets":{"description":"The number of CPU sockets allocated to the virtual machine (used to define vCPU topology)","pattern":"^(\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))))?$","anyOf":[{"type":"integer"},{"type":"string"}],"x-kubernetes-int-or-string":true}}},"running":{"description":"Determines if the virtual machine should be running","type":"boolean","default":true},"sshKeys":{"description":"List of SSH public keys for authentication. Can be a single key or a list of keys.","type":"array","default":[],"items":{"type":"string"}}}} + release: + prefix: vm-instance- + labels: + cozystack.io/ui: "true" + chart: + name: vm-instance + sourceRef: + kind: HelmRepository + name: cozystack-apps + namespace: cozy-public + dashboard: + category: IaaS + singular: VM Instance + plural: VM Instances + description: Virtual machine instance + weight: 50 + tags: + - compute + icon: PHN2ZyB3aWR0aD0iMTQ0IiBoZWlnaHQ9IjE0NCIgdmlld0JveD0iMCAwIDE0NCAxNDQiIGZpbGw9Im5vbmUiIHhtbG5zPSJodHRwOi8vd3d3LnczLm9yZy8yMDAwL3N2ZyI+CjxyZWN0IHdpZHRoPSIxNDQiIGhlaWdodD0iMTQ0IiByeD0iMjQiIGZpbGw9InVybCgjcGFpbnQwX2xpbmVhcl82ODdfMzQ1NCkiLz4KPGcgY2xpcC1wYXRoPSJ1cmwoI2NsaXAwXzY4N18zNDU0KSI+CjxwYXRoIGQ9Ik04OS41MDM5IDExMS43MDdINTQuNDk3QzU0LjE3MjcgMTExLjcwNyA1NC4wMTA4IDExMS4yMjEgNTQuMzM0OSAxMTEuMDU5TDU3LjI1MjIgMTA4Ljk1MkM2MC4zMzE0IDEwNi42ODMgNjEuOTUyMiAxMDIuNjMxIDYwLjk3OTcgOTguNzQxMkg4My4wMjFDODIuMDQ4NSAxMDIuNjMxIDgzLjY2OTMgMTA2LjY4MyA4Ni43NDg1IDEwOC45NTJMODkuNjY1OCAxMTEuMDU5Qzg5Ljk5IDExMS4yMjEgODkuODI3OSAxMTEuNzA3IDg5LjUwMzkgMTExLjcwN1oiIGZpbGw9IiNCMEI2QkIiLz4KPHBhdGggZD0iTTExMy4zMjggOTguNzQxSDMwLjY3MjVDMjcuNTkzMSA5OC43NDEgMjUgOTYuMTQ4IDI1IDkzLjA2ODdWMzMuMTAzMkMyNSAzMC4wMjM5IDI3LjU5MzEgMjcuNDMwNyAzMC42NzI1IDI3LjQzMDdIMTEzLjMyOEMxMTYuNDA3IDI3LjQzMDcgMTE5IDMwLjAyMzcgMTE5IDMzLjEwMzJWOTMuMDY4N0MxMTkgOTYuMTQ4IDExNi40MDcgOTguNzQxIDExMy4zMjggOTguNzQxWiIgZmlsbD0iI0U4RURFRSIvPgo8cGF0aCBkPSJNMTE5IDg0LjE1NDlIMjVWMzMuMTAzMkMyNSAzMC4wMjM5IDI3LjU5MzEgMjcuNDMwNyAzMC42NzI1IDI3LjQzMDdIMTEzLjMyOEMxMTYuNDA3IDI3LjQzMDcgMTE5IDMwLjAyMzcgMTE5IDMzLjEwMzJMMTE5IDg0LjE1NDlaIiBmaWxsPSIjMDBCM0ZGIi8+CjxwYXRoIGQ9Ik05MC42Mzc0IDExNi41NjlINTMuMzYxNkM1Mi4wNjUxIDExNi41NjkgNTAuOTMwNyAxMTUuNDM1IDUwLjkzMDcgMTE0LjEzOEM1MC45MzA3IDExMi44NDEgNTIuMDY1MSAxMTEuNzA3IDUzLjM2MTYgMTExLjcwN0g5MC42Mzc0QzkxLjkzMzkgMTExLjcwNyA5My4wNjg0IDExMi44NDEgOTMuMDY4NCAxMTQuMTM4QzkzLjA2ODQgMTE1LjQzNSA5MS45MzM5IDExNi41NjkgOTAuNjM3NCAxMTYuNTY5WiIgZmlsbD0iI0U4RURFRSIvPgo8L2c+CjxwYXRoIGQ9Ik03Mi41Mjc1IDUzLjgzNjdDNzIuNDQzMSA1My44MzUxIDcyLjM2MDUgNTMuODEyMiA3Mi4yODczIDUzLjc3MDFMNTYuNDY5OSA0NC43OTM0QzU2LjM5ODMgNDQuNzUxOSA1Ni4zMzg4IDQ0LjY5MjMgNTYuMjk3MyA0NC42MjA3QzU2LjI1NTkgNDQuNTQ5IDU2LjIzMzggNDQuNDY3OCA1Ni4yMzM0IDQ0LjM4NUM1Ni4yMzM0IDQ0LjIxNjkgNTYuMzI1OCA0NC4wNjE3IDU2LjQ2OTkgNDMuOTc4NUw3Mi4xOTEyIDM1LjA2MDlDNzIuMjYzNyAzNS4wMjEgNzIuMzQ1IDM1IDcyLjQyNzcgMzVDNzIuNTEwNSAzNSA3Mi41OTE4IDM1LjAyMSA3Mi42NjQzIDM1LjA2MDlMODguNDg3MiA0NC4wMzk1Qzg4LjU1OTEgNDQuMDgwMSA4OC42MTg4IDQ0LjEzOTIgODguNjYgNDQuMjEwN0M4OC43MDEzIDQ0LjI4MjIgODguNzIyNyA0NC4zNjM1IDg4LjcyMTkgNDQuNDQ2Qzg4LjcyMjUgNDQuNTI4NSA4OC43MDEgNDQuNjA5NyA4OC42NTk4IDQ0LjY4MTJDODguNjE4NSA0NC43NTI2IDg4LjU1ODkgNDQuODExOCA4OC40ODcyIDQ0Ljg1MjVMNzIuNzcxNCA1My43NjgzQzcyLjY5NzIgNTMuODExNCA3Mi42MTMzIDUzLjgzNDkgNzIuNTI3NSA1My44MzY3IiBmaWxsPSJ3aGl0ZSIvPgo8cGF0aCBvcGFjaXR5PSIwLjciIGQ9Ik03MC4yNTUzIDc1LjY1MTdDNzAuMTcxIDc1LjY1MzUgNzAuMDg3OCA3NS42MzE3IDcwLjAxNTEgNzUuNTg4OEw1NC4yNDU4IDY2LjY0MTdDNTQuMTcxNSA2Ni42MDI0IDU0LjEwOTUgNjYuNTQzNiA1NC4wNjYxIDY2LjQ3MTZDNTQuMDIyOCA2Ni4zOTk3IDU0IDY2LjMxNzMgNTQgNjYuMjMzM1Y0OC4yNzhDNTQgNDguMTA4IDU0LjA5MjQgNDcuOTU0NiA1NC4yNDM5IDQ3Ljg2OTZDNTQuMzE3MiA0Ny44MjcxIDU0LjQwMDQgNDcuODA0NyA1NC40ODUxIDQ3LjgwNDdDNTQuNTY5NyA0Ny44MDQ3IDU0LjY1MjkgNDcuODI3MSA1NC43MjYyIDQ3Ljg2OTZMNzAuNDkzNyA1Ni44MTMxQzcwLjU2NDIgNTYuODU2NSA3MC42MjI1IDU2LjkxNyA3MC42NjMyIDU2Ljk4OTFDNzAuNzAzOSA1Ny4wNjEyIDcwLjcyNTcgNTcuMTQyNCA3MC43MjY1IDU3LjIyNTFWNzUuMTgwNUM3MC43MjU5IDc1LjI2MjggNzAuNzA0MiA3NS4zNDM2IDcwLjY2MzUgNzUuNDE1MUM3MC42MjI3IDc1LjQ4NjYgNzAuNTY0MiA3NS41NDY0IDcwLjQ5MzcgNzUuNTg4OEM3MC40MjA2IDc1LjYyOTEgNzAuMzM4NyA3NS42NTA3IDcwLjI1NTMgNzUuNjUxNyIgZmlsbD0id2hpdGUiLz4KPHBhdGggb3BhY2l0eT0iMC40IiBkPSJNNzQuNzE5OCA3NS42NTExQzc0LjYzMzMgNzUuNjUxMiA3NC41NDgyIDc1LjYyOTYgNzQuNDcyMiA3NS41ODgzQzc0LjQwMTYgNzUuNTQ2MSA3NC4zNDMyIDc1LjQ4NjIgNzQuMzAyNyA3NS40MTQ3Qzc0LjI2MjMgNzUuMzQzMSA3NC4yNDExIDc1LjI2MjIgNzQuMjQxMiA3NS4xOFY1Ny4zMzczQzc0LjI0MTIgNTcuMTcxIDc0LjMzMzYgNTcuMDE1OCA3NC40NzIyIDU2LjkyOUw5MC4yMzk3IDQ3Ljk4NTVDOTAuMzExOSA0Ny45NDM4IDkwLjM5MzggNDcuOTIxOSA5MC40NzcxIDQ3LjkyMTlDOTAuNTYwNSA0Ny45MjE5IDkwLjY0MjQgNDcuOTQzOCA5MC43MTQ2IDQ3Ljk4NTVDOTAuNzg3NiA0OC4wMjU1IDkwLjg0ODUgNDguMDg0MiA5MC44OTExIDQ4LjE1NTdDOTAuOTMzNyA0OC4yMjcyIDkwLjk1NjMgNDguMzA4OCA5MC45NTY2IDQ4LjM5MlY2Ni4yMzI4QzkwLjk1NyA2Ni4zMTY0IDkwLjkzNDcgNjYuMzk4NSA5MC44OTIxIDY2LjQ3MDRDOTAuODQ5NSA2Ni41NDI0IDkwLjc4ODEgNjYuNjAxNCA5MC43MTQ2IDY2LjY0MTFMNzQuOTUyNiA3NS41ODgzQzc0Ljg4MjUgNzUuNjMwNyA3NC44MDE4IDc1LjY1MjUgNzQuNzE5OCA3NS42NTExIiBmaWxsPSJ3aGl0ZSIvPgo8ZGVmcz4KPGxpbmVhckdyYWRpZW50IGlkPSJwYWludDBfbGluZWFyXzY4N18zNDU0IiB4MT0iMTYxIiB5MT0iMTgwIiB4Mj0iMy41OTI4NGUtMDciIHkyPSI0Ljk5OTk4IiBncmFkaWVudFVuaXRzPSJ1c2VyU3BhY2VPblVzZSI+CjxzdG9wLz4KPHN0b3Agb2Zmc2V0PSIxIiBzdG9wLWNvbG9yPSIjNTk1NjU2Ii8+CjwvbGluZWFyR3JhZGllbnQ+CjxjbGlwUGF0aCBpZD0iY2xpcDBfNjg3XzM0NTQiPgo8cmVjdCB3aWR0aD0iOTQiIGhlaWdodD0iOTQiIGZpbGw9IndoaXRlIiB0cmFuc2Zvcm09InRyYW5zbGF0ZSgyNSAyNSkiLz4KPC9jbGlwUGF0aD4KPC9kZWZzPgo8L3N2Zz4K + keysOrder: [["apiVersion"], ["appVersion"], ["kind"], ["metadata"], ["metadata", "name"], ["spec", "external"], ["spec", "externalMethod"], ["spec", "externalPorts"], ["spec", "running"], ["spec", "instanceType"], ["spec", "instanceProfile"], ["spec", "disks"], ["spec", "gpus"], ["spec", "resources"], ["spec", "sshKeys"], ["spec", "cloudInit"], ["spec", "cloudInitSeed"]] + secrets: + exclude: + - matchLabels: + apps.cozystack.io/tenantresource: "false" + include: [{}] diff --git a/packages/system/cozystack-api/templates/cozystack-resource-definitions/vpn.yaml b/packages/system/cozystack-api/templates/cozystack-resource-definitions/vpn.yaml new file mode 100644 index 00000000..ce4ccc01 --- /dev/null +++ b/packages/system/cozystack-api/templates/cozystack-resource-definitions/vpn.yaml @@ -0,0 +1,35 @@ +apiVersion: cozystack.io/v1alpha1 +kind: CozystackResourceDefinition +metadata: + name: vpn +spec: + application: + kind: VPN + plural: vpns + singular: vpn + openAPISchema: |- + {"title":"Chart Values","type":"object","properties":{"external":{"description":"Enable external access from outside the cluster","type":"boolean","default":false},"externalIPs":{"description":"List of externalIPs for service. Optional. If not specified will use LoadBalancer service by default.","type":"array","default":[],"items":{"type":"string"}},"host":{"description":"Host used to substitute into generated URLs","type":"string"},"replicas":{"description":"Number of VPN server replicas","type":"integer","default":2},"resources":{"description":"Explicit CPU and memory configuration for each VPN server replica. When left empty, the preset defined in `resourcesPreset` is applied.","type":"object","default":{},"properties":{"cpu":{"description":"CPU available to each replica","pattern":"^(\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))))?$","anyOf":[{"type":"integer"},{"type":"string"}],"x-kubernetes-int-or-string":true},"memory":{"description":"Memory (RAM) available to each replica","pattern":"^(\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))))?$","anyOf":[{"type":"integer"},{"type":"string"}],"x-kubernetes-int-or-string":true}}},"resourcesPreset":{"description":"Default sizing preset used when `resources` is omitted. Allowed values: `nano`, `micro`, `small`, `medium`, `large`, `xlarge`, `2xlarge`.","type":"string","default":"nano","enum":["nano","micro","small","medium","large","xlarge","2xlarge"]},"users":{"description":"Users configuration","type":"object","default":{},"additionalProperties":{"type":"object","properties":{"password":{"description":"Password for the user, autogenerated if none provided","type":"string"}}}}}} + release: + prefix: vpn- + labels: + cozystack.io/ui: "true" + chart: + name: vpn + sourceRef: + kind: HelmRepository + name: cozystack-apps + namespace: cozy-public + dashboard: + category: NaaS + singular: VPN + plural: VPN + description: Managed VPN service + tags: + - network + icon: PHN2ZyB3aWR0aD0iMTQ0IiBoZWlnaHQ9IjE0NCIgdmlld0JveD0iMCAwIDE0NCAxNDQiIGZpbGw9Im5vbmUiIHhtbG5zPSJodHRwOi8vd3d3LnczLm9yZy8yMDAwL3N2ZyI+CjxwYXRoIGQ9Ik0xNDMuOTkyIDMwLjM2OTdDMTQzLjk5MiAyOS4yNTU2IDE0My45OTIgMjguMTUxNyAxNDMuOTkyIDI3LjA0NzdDMTQzLjk0NSAyNC42Mjg3IDE0My43MTcgMjIuMjE2NiAxNDMuMzA5IDE5LjgzMTZDMTQyLjkxMiAxNy40NDczIDE0Mi4xNTcgMTUuMTM2NSAxNDEuMDcyIDEyLjk3NjlDMTM5Ljk3IDEwLjgxOCAxMzguNTM0IDguODQ2NjUgMTM2LjgxNyA3LjEzNTc3TDEzMC45OTcgMi44OTA0NEMxMjguODM3IDEuODAyODkgMTI2LjUyNyAxLjA0MTg5IDEyNC4xNDQgMC42MzIyODNDMTIxLjc1NiAwLjIzNDgwOCAxMTkuMzQgMC4wMjM0MTEzIDExNi45MTkgMEMxMTUuODE1IDAgMjguMTQ2MSAwIDI3LjAzMjMgMEMyNC42MDQ3IDAuMDI0MjIxMSAyMi4xODI2IDAuMjM1NjA5IDE5Ljc4NzYgMC42MzIyODNDMTcuNDEyOCAxLjAzODUxIDE1LjExMjYgMS43OTk3NCAxMi45NjQzIDIuODkwNDRDMTAuODEzIDMuOTk1MTkgOC44NDYyNSA1LjQyNzM2IDcuMTM0MzYgNy4xMzU3N0M1LjQxNzY4IDguODQ0NCAzLjk4NDggMTAuODE2MyAyLjg4OTg3IDEyLjk3NjlDMS44MDA4NiAxNS4xMzYgMS4wNDMxMyAxNy40NDY4IDAuNjQyMTkzIDE5LjgzMTZDMC4yNDM0OTcgMjIuMjE2OSAwLjAyODc5OTggMjQuNjI5NCAwIDI3LjA0NzdDMCAyOC4xNTE3IDAgMTE1LjgzOCAwIDExNi45NTJDMC4wMjYxNzU1IDExOS4zODQgMC4yNDA4ODQgMTIxLjgxIDAuNjQyMTkzIDEyNC4yMDlDMS4wNDA0NCAxMjYuNTk0IDEuNzk4MjkgMTI4LjkwNSAyLjg4OTg3IDEzMS4wNjNDMy45ODUxNSAxMzMuMjE4IDUuNDE4MSAxMzUuMTgzIDcuMTM0MzYgMTM2Ljg4NEM4Ljg0MDk1IDEzOC41OTkgMTAuODA4NyAxNDAuMDMyIDEyLjk2NDMgMTQxLjEzQzE1LjExNDcgMTQyLjIwOSAxNy40MTQ2IDE0Mi45NiAxOS43ODc2IDE0My4zNThDMjIuMTczMSAxNDMuNzUxIDI0LjU4NDcgMTQzLjk2NiAyNy4wMDIyIDE0NEMyOC4xMTYgMTQ0IDExNS43ODUgMTQ0IDExNi44ODkgMTQ0QzExOS4zMDMgMTQzLjk2NyAxMjEuNzEyIDE0My43NTIgMTI0LjA5NCAxNDMuMzU4QzEyNi40ODUgMTQyLjk0NiAxMjguODAxIDE0Mi4xODIgMTMwLjk2NyAxNDEuMDg5QzEzMy4xMjEgMTM5Ljk5NCAxMzUuMDg2IDEzOC41NjEgMTM2Ljc4NyAxMzYuODQ0QzEzOC41MDMgMTM1LjE0IDEzOS45MzkgMTMzLjE3NiAxNDEuMDQyIDEzMS4wMjNDMTQyLjEzNyAxMjguODc5IDE0Mi45MDEgMTI2LjU4MSAxNDMuMzA5IDEyNC4yMDlDMTQzLjcxIDEyMS44MjMgMTQzLjkzMiAxMTkuNDExIDE0My45NzIgMTE2Ljk5MkMxNDMuOTkyIDExNS44MzggMTQ0LjAxMiAzMS42NzQ0IDE0My45OTIgMzAuMzY5N1oiIGZpbGw9InVybCgjcGFpbnQwX2xpbmVhcl82ODFfMjgxOCkiLz4KPHBhdGggZD0iTTExNS45NTUgNjcuNDIzMUMxMTQuOTQxIDU3LjgyMzQgMTEwLjcwMSA0OC44NTE4IDEwMy45MjggNDEuOTc1MkM5Ny4xNTQ5IDM1LjA5ODYgODguMjQ5NSAzMC43MjM5IDc4LjY2OCAyOS41NjY0VjQ2Ljc3ODZDODQuNDg4NyA0Ny45MTI3IDg5LjczMzggNTEuMDM2MiA5My41MDQ5IDU1LjYxMzdDOTcuMjc2IDYwLjE5MTIgOTkuMzM4MSA2NS45Mzc5IDk5LjMzODEgNzEuODY5MkM5OS4zMzgxIDc3LjgwMDQgOTcuMjc2IDgzLjU0NzEgOTMuNTA0OSA4OC4xMjQ2Qzg5LjczMzggOTIuNzAyMiA4NC40ODg3IDk1LjgyNTYgNzguNjY4IDk2Ljk1OThWMTE0LjIyMkM4OS43ODAxIDExMi44NzcgOTkuOTE3OCAxMDcuMjE1IDEwNi44OTQgOTguNDYwMUMxMTMuODY5IDg5LjcwNDggMTE3LjEyNCA3OC41NTczIDExNS45NTUgNjcuNDIzMVoiIGZpbGw9IndoaXRlIi8+CjxwYXRoIGQ9Ik0yOC4wMTU1IDc2LjM2NTRDMjkuMDMxMSA4NS45NjQ0IDMzLjI3MTggOTQuOTM1MSA0MC4wNDQ3IDEwMS44MTFDNDYuODE3NSAxMDguNjg4IDU1LjcyMiAxMTMuMDYzIDY1LjMwMjggMTE0LjIyMlYyOS41NjY0QzU0LjE5MDcgMzAuOTExOSA0NC4wNTMgMzYuNTczMSAzNy4wNzcyIDQ1LjMyODRDMzAuMTAxMyA1NC4wODM3IDI2Ljg0NjcgNjUuMjMxMiAyOC4wMTU1IDc2LjM2NTRaIiBmaWxsPSIjNUJCMTkzIi8+CjxkZWZzPgo8bGluZWFyR3JhZGllbnQgaWQ9InBhaW50MF9saW5lYXJfNjgxXzI4MTgiIHgxPSIxMzIuNSIgeTE9IjEzMi41IiB4Mj0iLTI0IiB5Mj0iLTE5IiBncmFkaWVudFVuaXRzPSJ1c2VyU3BhY2VPblVzZSI+CjxzdG9wIHN0b3AtY29sb3I9IiMxODM3MjkiLz4KPHN0b3Agb2Zmc2V0PSIxIiBzdG9wLWNvbG9yPSIjNDU5RDc1Ii8+CjwvbGluZWFyR3JhZGllbnQ+CjwvZGVmcz4KPC9zdmc+Cg== + keysOrder: [["apiVersion"], ["appVersion"], ["kind"], ["metadata"], ["metadata", "name"], ["spec", "replicas"], ["spec", "resources"], ["spec", "resourcesPreset"], ["spec", "external"], ["spec", "host"], ["spec", "users"], ["spec", "externalIPs"]] + secrets: + exclude: + - matchLabels: + apps.cozystack.io/tenantresource: "false" + include: [{}] diff --git a/packages/system/cozystack-api/templates/rbac.yaml b/packages/system/cozystack-api/templates/rbac.yaml index b6a3469b..1a169d86 100644 --- a/packages/system/cozystack-api/templates/rbac.yaml +++ b/packages/system/cozystack-api/templates/rbac.yaml @@ -4,8 +4,11 @@ metadata: name: cozystack-api rules: - apiGroups: [""] - resources: ["namespaces"] + resources: ["namespaces", "secrets"] verbs: ["get", "watch", "list"] +- apiGroups: [""] + resources: ["secrets"] + verbs: ["create", "update", "patch", "delete"] - apiGroups: ["admissionregistration.k8s.io"] resources: ["mutatingwebhookconfigurations", "validatingwebhookconfigurations", "validatingadmissionpolicies", "validatingadmissionpolicybindings"] verbs: ["get", "watch", "list"] diff --git a/packages/system/cozystack-api/templates/tenantnamespaces-rbac.yaml b/packages/system/cozystack-api/templates/tenantnamespaces-rbac.yaml new file mode 100644 index 00000000..48cd3071 --- /dev/null +++ b/packages/system/cozystack-api/templates/tenantnamespaces-rbac.yaml @@ -0,0 +1,26 @@ +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRole +metadata: + name: tenantnamespaces-read +rules: +- apiGroups: + - core.cozystack.io + resources: + - tenantnamespaces + verbs: + - get + - list + - watch +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRoleBinding +metadata: + name: tenantnamespaces-read-authenticated +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: ClusterRole + name: tenantnamespaces-read +subjects: +- apiGroup: rbac.authorization.k8s.io + kind: Group + name: system:authenticated diff --git a/packages/system/cozystack-api/values.yaml b/packages/system/cozystack-api/values.yaml index a7f9b23d..601f0b01 100644 --- a/packages/system/cozystack-api/values.yaml +++ b/packages/system/cozystack-api/values.yaml @@ -1,2 +1,2 @@ cozystackAPI: - image: ghcr.io/cozystack/cozystack/cozystack-api:latest@sha256:be6aca4df4b769538454d6c65b7045b2bef81b2a15d70eeddbfdf55d6bd17d6c + image: ghcr.io/cozystack/cozystack/cozystack-api:latest@sha256:73fd18b7dcc1782002574d3b6436f5f164d43c7fb0e78cdcf2d71fe10f9863fd diff --git a/packages/system/cozystack-controller/templates/crds/cozystack.io_cozystackresourcedefinitions.yaml b/packages/system/cozystack-controller/templates/crds/cozystack.io_cozystackresourcedefinitions.yaml index 977a0f6d..47c882be 100644 --- a/packages/system/cozystack-controller/templates/crds/cozystack.io_cozystackresourcedefinitions.yaml +++ b/packages/system/cozystack-controller/templates/crds/cozystack.io_cozystackresourcedefinitions.yaml @@ -12,7 +12,7 @@ spec: listKind: CozystackResourceDefinitionList plural: cozystackresourcedefinitions singular: cozystackresourcedefinition - scope: Namespaced + scope: Cluster versions: - name: v1alpha1 schema: @@ -62,6 +62,67 @@ spec: - plural - singular type: object + dashboard: + description: Dashboard configuration for this resource + properties: + category: + description: Category used to group resources in the UI (e.g., + "Storage", "Networking") + type: string + description: + description: Short description shown in catalogs or headers (e.g., + "S3 compatible storage") + type: string + icon: + description: Icon encoded as a string (e.g., inline SVG, base64, + or data URI) + type: string + keysOrder: + description: Order of keys in the YAML view + items: + items: + type: string + type: array + type: array + name: + description: Hard-coded name used in the UI (e.g., "bucket") + type: string + plural: + description: Plural human-readable name (e.g., "Buckets") + type: string + singular: + description: Human-readable name shown in the UI (e.g., "Bucket") + type: string + singularResource: + description: Whether this resource is singular (not a collection) + in the UI + type: boolean + tabs: + description: Which tabs to show for this resource + items: + description: DashboardTab enumerates allowed UI tabs. + enum: + - workloads + - ingresses + - services + - secrets + - yaml + type: string + type: array + tags: + description: Free-form tags for search and filtering + items: + type: string + type: array + weight: + description: Order weight for sorting resources in the UI (lower + first) + type: integer + required: + - category + - plural + - singular + type: object release: description: Release configuration properties: diff --git a/packages/system/cozystack-controller/templates/crds/dashboard.cozystack.io_breadcrumbs.yaml b/packages/system/cozystack-controller/templates/crds/dashboard.cozystack.io_breadcrumbs.yaml new file mode 100644 index 00000000..8ea3a23a --- /dev/null +++ b/packages/system/cozystack-controller/templates/crds/dashboard.cozystack.io_breadcrumbs.yaml @@ -0,0 +1,118 @@ +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + controller-gen.kubebuilder.io/version: v0.16.4 + name: breadcrumbs.dashboard.cozystack.io +spec: + group: dashboard.cozystack.io + names: + kind: Breadcrumb + listKind: BreadcrumbList + plural: breadcrumbs + singular: breadcrumb + scope: Cluster + versions: + - name: v1alpha1 + schema: + openAPIV3Schema: + properties: + apiVersion: + description: |- + APIVersion defines the versioned schema of this representation of an object. + Servers should convert recognized schemas to the latest internal value, and + may reject unrecognized values. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources + type: string + kind: + description: |- + Kind is a string value representing the REST resource this object represents. + Servers may infer this from the endpoint the client submits requests to. + Cannot be updated. + In CamelCase. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds + type: string + metadata: + type: object + spec: + description: |- + ArbitrarySpec holds schemaless user data and preserves unknown fields. + We map the entire .spec to a single JSON payload to mirror the CRDs you provided. + NOTE: Using apiextensionsv1.JSON avoids losing arbitrary structure during round-trips. + type: object + x-kubernetes-preserve-unknown-fields: true + status: + description: CommonStatus is a generic Status block with Kubernetes conditions. + properties: + conditions: + description: Conditions represent the latest available observations + of an object's state. + items: + description: Condition contains details for one aspect of the current + state of this API Resource. + properties: + lastTransitionTime: + description: |- + lastTransitionTime is the last time the condition transitioned from one status to another. + This should be when the underlying condition changed. If that is not known, then using the time when the API field changed is acceptable. + format: date-time + type: string + message: + description: |- + message is a human readable message indicating details about the transition. + This may be an empty string. + maxLength: 32768 + type: string + observedGeneration: + description: |- + observedGeneration represents the .metadata.generation that the condition was set based upon. + For instance, if .metadata.generation is currently 12, but the .status.conditions[x].observedGeneration is 9, the condition is out of date + with respect to the current state of the instance. + format: int64 + minimum: 0 + type: integer + reason: + description: |- + reason contains a programmatic identifier indicating the reason for the condition's last transition. + Producers of specific condition types may define expected values and meanings for this field, + and whether the values are considered a guaranteed API. + The value should be a CamelCase string. + This field may not be empty. + maxLength: 1024 + minLength: 1 + pattern: ^[A-Za-z]([A-Za-z0-9_,:]*[A-Za-z0-9_])?$ + type: string + status: + description: status of the condition, one of True, False, Unknown. + enum: + - "True" + - "False" + - Unknown + type: string + type: + description: type of condition in CamelCase or in foo.example.com/CamelCase. + maxLength: 316 + pattern: ^([a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*/)?(([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9])$ + type: string + required: + - lastTransitionTime + - message + - reason + - status + - type + type: object + type: array + observedGeneration: + description: ObservedGeneration reflects the most recent generation + observed by the controller. + format: int64 + type: integer + type: object + required: + - spec + type: object + served: true + storage: true + subresources: + status: {} diff --git a/packages/system/cozystack-controller/templates/crds/dashboard.cozystack.io_breadcrumbsinside.yaml b/packages/system/cozystack-controller/templates/crds/dashboard.cozystack.io_breadcrumbsinside.yaml new file mode 100644 index 00000000..3124ec1a --- /dev/null +++ b/packages/system/cozystack-controller/templates/crds/dashboard.cozystack.io_breadcrumbsinside.yaml @@ -0,0 +1,118 @@ +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + controller-gen.kubebuilder.io/version: v0.16.4 + name: breadcrumbsinside.dashboard.cozystack.io +spec: + group: dashboard.cozystack.io + names: + kind: BreadcrumbInside + listKind: BreadcrumbInsideList + plural: breadcrumbsinside + singular: breadcrumbinside + scope: Cluster + versions: + - name: v1alpha1 + schema: + openAPIV3Schema: + properties: + apiVersion: + description: |- + APIVersion defines the versioned schema of this representation of an object. + Servers should convert recognized schemas to the latest internal value, and + may reject unrecognized values. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources + type: string + kind: + description: |- + Kind is a string value representing the REST resource this object represents. + Servers may infer this from the endpoint the client submits requests to. + Cannot be updated. + In CamelCase. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds + type: string + metadata: + type: object + spec: + description: |- + ArbitrarySpec holds schemaless user data and preserves unknown fields. + We map the entire .spec to a single JSON payload to mirror the CRDs you provided. + NOTE: Using apiextensionsv1.JSON avoids losing arbitrary structure during round-trips. + type: object + x-kubernetes-preserve-unknown-fields: true + status: + description: CommonStatus is a generic Status block with Kubernetes conditions. + properties: + conditions: + description: Conditions represent the latest available observations + of an object's state. + items: + description: Condition contains details for one aspect of the current + state of this API Resource. + properties: + lastTransitionTime: + description: |- + lastTransitionTime is the last time the condition transitioned from one status to another. + This should be when the underlying condition changed. If that is not known, then using the time when the API field changed is acceptable. + format: date-time + type: string + message: + description: |- + message is a human readable message indicating details about the transition. + This may be an empty string. + maxLength: 32768 + type: string + observedGeneration: + description: |- + observedGeneration represents the .metadata.generation that the condition was set based upon. + For instance, if .metadata.generation is currently 12, but the .status.conditions[x].observedGeneration is 9, the condition is out of date + with respect to the current state of the instance. + format: int64 + minimum: 0 + type: integer + reason: + description: |- + reason contains a programmatic identifier indicating the reason for the condition's last transition. + Producers of specific condition types may define expected values and meanings for this field, + and whether the values are considered a guaranteed API. + The value should be a CamelCase string. + This field may not be empty. + maxLength: 1024 + minLength: 1 + pattern: ^[A-Za-z]([A-Za-z0-9_,:]*[A-Za-z0-9_])?$ + type: string + status: + description: status of the condition, one of True, False, Unknown. + enum: + - "True" + - "False" + - Unknown + type: string + type: + description: type of condition in CamelCase or in foo.example.com/CamelCase. + maxLength: 316 + pattern: ^([a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*/)?(([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9])$ + type: string + required: + - lastTransitionTime + - message + - reason + - status + - type + type: object + type: array + observedGeneration: + description: ObservedGeneration reflects the most recent generation + observed by the controller. + format: int64 + type: integer + type: object + required: + - spec + type: object + served: true + storage: true + subresources: + status: {} diff --git a/packages/system/cozystack-controller/templates/crds/dashboard.cozystack.io_customcolumnsoverrides.yaml b/packages/system/cozystack-controller/templates/crds/dashboard.cozystack.io_customcolumnsoverrides.yaml new file mode 100644 index 00000000..44e6392c --- /dev/null +++ b/packages/system/cozystack-controller/templates/crds/dashboard.cozystack.io_customcolumnsoverrides.yaml @@ -0,0 +1,118 @@ +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + controller-gen.kubebuilder.io/version: v0.16.4 + name: customcolumnsoverrides.dashboard.cozystack.io +spec: + group: dashboard.cozystack.io + names: + kind: CustomColumnsOverride + listKind: CustomColumnsOverrideList + plural: customcolumnsoverrides + singular: customcolumnsoverride + scope: Cluster + versions: + - name: v1alpha1 + schema: + openAPIV3Schema: + properties: + apiVersion: + description: |- + APIVersion defines the versioned schema of this representation of an object. + Servers should convert recognized schemas to the latest internal value, and + may reject unrecognized values. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources + type: string + kind: + description: |- + Kind is a string value representing the REST resource this object represents. + Servers may infer this from the endpoint the client submits requests to. + Cannot be updated. + In CamelCase. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds + type: string + metadata: + type: object + spec: + description: |- + ArbitrarySpec holds schemaless user data and preserves unknown fields. + We map the entire .spec to a single JSON payload to mirror the CRDs you provided. + NOTE: Using apiextensionsv1.JSON avoids losing arbitrary structure during round-trips. + type: object + x-kubernetes-preserve-unknown-fields: true + status: + description: CommonStatus is a generic Status block with Kubernetes conditions. + properties: + conditions: + description: Conditions represent the latest available observations + of an object's state. + items: + description: Condition contains details for one aspect of the current + state of this API Resource. + properties: + lastTransitionTime: + description: |- + lastTransitionTime is the last time the condition transitioned from one status to another. + This should be when the underlying condition changed. If that is not known, then using the time when the API field changed is acceptable. + format: date-time + type: string + message: + description: |- + message is a human readable message indicating details about the transition. + This may be an empty string. + maxLength: 32768 + type: string + observedGeneration: + description: |- + observedGeneration represents the .metadata.generation that the condition was set based upon. + For instance, if .metadata.generation is currently 12, but the .status.conditions[x].observedGeneration is 9, the condition is out of date + with respect to the current state of the instance. + format: int64 + minimum: 0 + type: integer + reason: + description: |- + reason contains a programmatic identifier indicating the reason for the condition's last transition. + Producers of specific condition types may define expected values and meanings for this field, + and whether the values are considered a guaranteed API. + The value should be a CamelCase string. + This field may not be empty. + maxLength: 1024 + minLength: 1 + pattern: ^[A-Za-z]([A-Za-z0-9_,:]*[A-Za-z0-9_])?$ + type: string + status: + description: status of the condition, one of True, False, Unknown. + enum: + - "True" + - "False" + - Unknown + type: string + type: + description: type of condition in CamelCase or in foo.example.com/CamelCase. + maxLength: 316 + pattern: ^([a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*/)?(([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9])$ + type: string + required: + - lastTransitionTime + - message + - reason + - status + - type + type: object + type: array + observedGeneration: + description: ObservedGeneration reflects the most recent generation + observed by the controller. + format: int64 + type: integer + type: object + required: + - spec + type: object + served: true + storage: true + subresources: + status: {} diff --git a/packages/system/cozystack-controller/templates/crds/dashboard.cozystack.io_customformsoverrides.yaml b/packages/system/cozystack-controller/templates/crds/dashboard.cozystack.io_customformsoverrides.yaml new file mode 100644 index 00000000..0f4d927f --- /dev/null +++ b/packages/system/cozystack-controller/templates/crds/dashboard.cozystack.io_customformsoverrides.yaml @@ -0,0 +1,120 @@ +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + controller-gen.kubebuilder.io/version: v0.16.4 + name: customformsoverrides.dashboard.cozystack.io +spec: + group: dashboard.cozystack.io + names: + kind: CustomFormsOverride + listKind: CustomFormsOverrideList + plural: customformsoverrides + shortNames: + - cfo + singular: customformsoverride + scope: Cluster + versions: + - name: v1alpha1 + schema: + openAPIV3Schema: + properties: + apiVersion: + description: |- + APIVersion defines the versioned schema of this representation of an object. + Servers should convert recognized schemas to the latest internal value, and + may reject unrecognized values. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources + type: string + kind: + description: |- + Kind is a string value representing the REST resource this object represents. + Servers may infer this from the endpoint the client submits requests to. + Cannot be updated. + In CamelCase. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds + type: string + metadata: + type: object + spec: + description: |- + ArbitrarySpec holds schemaless user data and preserves unknown fields. + We map the entire .spec to a single JSON payload to mirror the CRDs you provided. + NOTE: Using apiextensionsv1.JSON avoids losing arbitrary structure during round-trips. + type: object + x-kubernetes-preserve-unknown-fields: true + status: + description: CommonStatus is a generic Status block with Kubernetes conditions. + properties: + conditions: + description: Conditions represent the latest available observations + of an object's state. + items: + description: Condition contains details for one aspect of the current + state of this API Resource. + properties: + lastTransitionTime: + description: |- + lastTransitionTime is the last time the condition transitioned from one status to another. + This should be when the underlying condition changed. If that is not known, then using the time when the API field changed is acceptable. + format: date-time + type: string + message: + description: |- + message is a human readable message indicating details about the transition. + This may be an empty string. + maxLength: 32768 + type: string + observedGeneration: + description: |- + observedGeneration represents the .metadata.generation that the condition was set based upon. + For instance, if .metadata.generation is currently 12, but the .status.conditions[x].observedGeneration is 9, the condition is out of date + with respect to the current state of the instance. + format: int64 + minimum: 0 + type: integer + reason: + description: |- + reason contains a programmatic identifier indicating the reason for the condition's last transition. + Producers of specific condition types may define expected values and meanings for this field, + and whether the values are considered a guaranteed API. + The value should be a CamelCase string. + This field may not be empty. + maxLength: 1024 + minLength: 1 + pattern: ^[A-Za-z]([A-Za-z0-9_,:]*[A-Za-z0-9_])?$ + type: string + status: + description: status of the condition, one of True, False, Unknown. + enum: + - "True" + - "False" + - Unknown + type: string + type: + description: type of condition in CamelCase or in foo.example.com/CamelCase. + maxLength: 316 + pattern: ^([a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*/)?(([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9])$ + type: string + required: + - lastTransitionTime + - message + - reason + - status + - type + type: object + type: array + observedGeneration: + description: ObservedGeneration reflects the most recent generation + observed by the controller. + format: int64 + type: integer + type: object + required: + - spec + type: object + served: true + storage: true + subresources: + status: {} diff --git a/packages/system/cozystack-controller/templates/crds/dashboard.cozystack.io_customformsprefills.yaml b/packages/system/cozystack-controller/templates/crds/dashboard.cozystack.io_customformsprefills.yaml new file mode 100644 index 00000000..ef43df11 --- /dev/null +++ b/packages/system/cozystack-controller/templates/crds/dashboard.cozystack.io_customformsprefills.yaml @@ -0,0 +1,120 @@ +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + controller-gen.kubebuilder.io/version: v0.16.4 + name: customformsprefills.dashboard.cozystack.io +spec: + group: dashboard.cozystack.io + names: + kind: CustomFormsPrefill + listKind: CustomFormsPrefillList + plural: customformsprefills + shortNames: + - cfp + singular: customformsprefill + scope: Cluster + versions: + - name: v1alpha1 + schema: + openAPIV3Schema: + properties: + apiVersion: + description: |- + APIVersion defines the versioned schema of this representation of an object. + Servers should convert recognized schemas to the latest internal value, and + may reject unrecognized values. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources + type: string + kind: + description: |- + Kind is a string value representing the REST resource this object represents. + Servers may infer this from the endpoint the client submits requests to. + Cannot be updated. + In CamelCase. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds + type: string + metadata: + type: object + spec: + description: |- + ArbitrarySpec holds schemaless user data and preserves unknown fields. + We map the entire .spec to a single JSON payload to mirror the CRDs you provided. + NOTE: Using apiextensionsv1.JSON avoids losing arbitrary structure during round-trips. + type: object + x-kubernetes-preserve-unknown-fields: true + status: + description: CommonStatus is a generic Status block with Kubernetes conditions. + properties: + conditions: + description: Conditions represent the latest available observations + of an object's state. + items: + description: Condition contains details for one aspect of the current + state of this API Resource. + properties: + lastTransitionTime: + description: |- + lastTransitionTime is the last time the condition transitioned from one status to another. + This should be when the underlying condition changed. If that is not known, then using the time when the API field changed is acceptable. + format: date-time + type: string + message: + description: |- + message is a human readable message indicating details about the transition. + This may be an empty string. + maxLength: 32768 + type: string + observedGeneration: + description: |- + observedGeneration represents the .metadata.generation that the condition was set based upon. + For instance, if .metadata.generation is currently 12, but the .status.conditions[x].observedGeneration is 9, the condition is out of date + with respect to the current state of the instance. + format: int64 + minimum: 0 + type: integer + reason: + description: |- + reason contains a programmatic identifier indicating the reason for the condition's last transition. + Producers of specific condition types may define expected values and meanings for this field, + and whether the values are considered a guaranteed API. + The value should be a CamelCase string. + This field may not be empty. + maxLength: 1024 + minLength: 1 + pattern: ^[A-Za-z]([A-Za-z0-9_,:]*[A-Za-z0-9_])?$ + type: string + status: + description: status of the condition, one of True, False, Unknown. + enum: + - "True" + - "False" + - Unknown + type: string + type: + description: type of condition in CamelCase or in foo.example.com/CamelCase. + maxLength: 316 + pattern: ^([a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*/)?(([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9])$ + type: string + required: + - lastTransitionTime + - message + - reason + - status + - type + type: object + type: array + observedGeneration: + description: ObservedGeneration reflects the most recent generation + observed by the controller. + format: int64 + type: integer + type: object + required: + - spec + type: object + served: true + storage: true + subresources: + status: {} diff --git a/packages/system/cozystack-controller/templates/crds/dashboard.cozystack.io_factories.yaml b/packages/system/cozystack-controller/templates/crds/dashboard.cozystack.io_factories.yaml new file mode 100644 index 00000000..4c902d7a --- /dev/null +++ b/packages/system/cozystack-controller/templates/crds/dashboard.cozystack.io_factories.yaml @@ -0,0 +1,118 @@ +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + controller-gen.kubebuilder.io/version: v0.16.4 + name: factories.dashboard.cozystack.io +spec: + group: dashboard.cozystack.io + names: + kind: Factory + listKind: FactoryList + plural: factories + singular: factory + scope: Cluster + versions: + - name: v1alpha1 + schema: + openAPIV3Schema: + properties: + apiVersion: + description: |- + APIVersion defines the versioned schema of this representation of an object. + Servers should convert recognized schemas to the latest internal value, and + may reject unrecognized values. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources + type: string + kind: + description: |- + Kind is a string value representing the REST resource this object represents. + Servers may infer this from the endpoint the client submits requests to. + Cannot be updated. + In CamelCase. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds + type: string + metadata: + type: object + spec: + description: |- + ArbitrarySpec holds schemaless user data and preserves unknown fields. + We map the entire .spec to a single JSON payload to mirror the CRDs you provided. + NOTE: Using apiextensionsv1.JSON avoids losing arbitrary structure during round-trips. + type: object + x-kubernetes-preserve-unknown-fields: true + status: + description: CommonStatus is a generic Status block with Kubernetes conditions. + properties: + conditions: + description: Conditions represent the latest available observations + of an object's state. + items: + description: Condition contains details for one aspect of the current + state of this API Resource. + properties: + lastTransitionTime: + description: |- + lastTransitionTime is the last time the condition transitioned from one status to another. + This should be when the underlying condition changed. If that is not known, then using the time when the API field changed is acceptable. + format: date-time + type: string + message: + description: |- + message is a human readable message indicating details about the transition. + This may be an empty string. + maxLength: 32768 + type: string + observedGeneration: + description: |- + observedGeneration represents the .metadata.generation that the condition was set based upon. + For instance, if .metadata.generation is currently 12, but the .status.conditions[x].observedGeneration is 9, the condition is out of date + with respect to the current state of the instance. + format: int64 + minimum: 0 + type: integer + reason: + description: |- + reason contains a programmatic identifier indicating the reason for the condition's last transition. + Producers of specific condition types may define expected values and meanings for this field, + and whether the values are considered a guaranteed API. + The value should be a CamelCase string. + This field may not be empty. + maxLength: 1024 + minLength: 1 + pattern: ^[A-Za-z]([A-Za-z0-9_,:]*[A-Za-z0-9_])?$ + type: string + status: + description: status of the condition, one of True, False, Unknown. + enum: + - "True" + - "False" + - Unknown + type: string + type: + description: type of condition in CamelCase or in foo.example.com/CamelCase. + maxLength: 316 + pattern: ^([a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*/)?(([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9])$ + type: string + required: + - lastTransitionTime + - message + - reason + - status + - type + type: object + type: array + observedGeneration: + description: ObservedGeneration reflects the most recent generation + observed by the controller. + format: int64 + type: integer + type: object + required: + - spec + type: object + served: true + storage: true + subresources: + status: {} diff --git a/packages/system/cozystack-controller/templates/crds/dashboard.cozystack.io_marketplacepanels.yaml b/packages/system/cozystack-controller/templates/crds/dashboard.cozystack.io_marketplacepanels.yaml new file mode 100644 index 00000000..161366bf --- /dev/null +++ b/packages/system/cozystack-controller/templates/crds/dashboard.cozystack.io_marketplacepanels.yaml @@ -0,0 +1,118 @@ +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + controller-gen.kubebuilder.io/version: v0.16.4 + name: marketplacepanels.dashboard.cozystack.io +spec: + group: dashboard.cozystack.io + names: + kind: MarketplacePanel + listKind: MarketplacePanelList + plural: marketplacepanels + singular: marketplacepanel + scope: Cluster + versions: + - name: v1alpha1 + schema: + openAPIV3Schema: + properties: + apiVersion: + description: |- + APIVersion defines the versioned schema of this representation of an object. + Servers should convert recognized schemas to the latest internal value, and + may reject unrecognized values. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources + type: string + kind: + description: |- + Kind is a string value representing the REST resource this object represents. + Servers may infer this from the endpoint the client submits requests to. + Cannot be updated. + In CamelCase. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds + type: string + metadata: + type: object + spec: + description: |- + ArbitrarySpec holds schemaless user data and preserves unknown fields. + We map the entire .spec to a single JSON payload to mirror the CRDs you provided. + NOTE: Using apiextensionsv1.JSON avoids losing arbitrary structure during round-trips. + type: object + x-kubernetes-preserve-unknown-fields: true + status: + description: CommonStatus is a generic Status block with Kubernetes conditions. + properties: + conditions: + description: Conditions represent the latest available observations + of an object's state. + items: + description: Condition contains details for one aspect of the current + state of this API Resource. + properties: + lastTransitionTime: + description: |- + lastTransitionTime is the last time the condition transitioned from one status to another. + This should be when the underlying condition changed. If that is not known, then using the time when the API field changed is acceptable. + format: date-time + type: string + message: + description: |- + message is a human readable message indicating details about the transition. + This may be an empty string. + maxLength: 32768 + type: string + observedGeneration: + description: |- + observedGeneration represents the .metadata.generation that the condition was set based upon. + For instance, if .metadata.generation is currently 12, but the .status.conditions[x].observedGeneration is 9, the condition is out of date + with respect to the current state of the instance. + format: int64 + minimum: 0 + type: integer + reason: + description: |- + reason contains a programmatic identifier indicating the reason for the condition's last transition. + Producers of specific condition types may define expected values and meanings for this field, + and whether the values are considered a guaranteed API. + The value should be a CamelCase string. + This field may not be empty. + maxLength: 1024 + minLength: 1 + pattern: ^[A-Za-z]([A-Za-z0-9_,:]*[A-Za-z0-9_])?$ + type: string + status: + description: status of the condition, one of True, False, Unknown. + enum: + - "True" + - "False" + - Unknown + type: string + type: + description: type of condition in CamelCase or in foo.example.com/CamelCase. + maxLength: 316 + pattern: ^([a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*/)?(([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9])$ + type: string + required: + - lastTransitionTime + - message + - reason + - status + - type + type: object + type: array + observedGeneration: + description: ObservedGeneration reflects the most recent generation + observed by the controller. + format: int64 + type: integer + type: object + required: + - spec + type: object + served: true + storage: true + subresources: + status: {} diff --git a/packages/system/cozystack-controller/templates/crds/dashboard.cozystack.io_navigations.yaml b/packages/system/cozystack-controller/templates/crds/dashboard.cozystack.io_navigations.yaml new file mode 100644 index 00000000..61fd0d13 --- /dev/null +++ b/packages/system/cozystack-controller/templates/crds/dashboard.cozystack.io_navigations.yaml @@ -0,0 +1,118 @@ +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + controller-gen.kubebuilder.io/version: v0.16.4 + name: navigations.dashboard.cozystack.io +spec: + group: dashboard.cozystack.io + names: + kind: Navigation + listKind: NavigationList + plural: navigations + singular: navigation + scope: Cluster + versions: + - name: v1alpha1 + schema: + openAPIV3Schema: + properties: + apiVersion: + description: |- + APIVersion defines the versioned schema of this representation of an object. + Servers should convert recognized schemas to the latest internal value, and + may reject unrecognized values. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources + type: string + kind: + description: |- + Kind is a string value representing the REST resource this object represents. + Servers may infer this from the endpoint the client submits requests to. + Cannot be updated. + In CamelCase. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds + type: string + metadata: + type: object + spec: + description: |- + ArbitrarySpec holds schemaless user data and preserves unknown fields. + We map the entire .spec to a single JSON payload to mirror the CRDs you provided. + NOTE: Using apiextensionsv1.JSON avoids losing arbitrary structure during round-trips. + type: object + x-kubernetes-preserve-unknown-fields: true + status: + description: CommonStatus is a generic Status block with Kubernetes conditions. + properties: + conditions: + description: Conditions represent the latest available observations + of an object's state. + items: + description: Condition contains details for one aspect of the current + state of this API Resource. + properties: + lastTransitionTime: + description: |- + lastTransitionTime is the last time the condition transitioned from one status to another. + This should be when the underlying condition changed. If that is not known, then using the time when the API field changed is acceptable. + format: date-time + type: string + message: + description: |- + message is a human readable message indicating details about the transition. + This may be an empty string. + maxLength: 32768 + type: string + observedGeneration: + description: |- + observedGeneration represents the .metadata.generation that the condition was set based upon. + For instance, if .metadata.generation is currently 12, but the .status.conditions[x].observedGeneration is 9, the condition is out of date + with respect to the current state of the instance. + format: int64 + minimum: 0 + type: integer + reason: + description: |- + reason contains a programmatic identifier indicating the reason for the condition's last transition. + Producers of specific condition types may define expected values and meanings for this field, + and whether the values are considered a guaranteed API. + The value should be a CamelCase string. + This field may not be empty. + maxLength: 1024 + minLength: 1 + pattern: ^[A-Za-z]([A-Za-z0-9_,:]*[A-Za-z0-9_])?$ + type: string + status: + description: status of the condition, one of True, False, Unknown. + enum: + - "True" + - "False" + - Unknown + type: string + type: + description: type of condition in CamelCase or in foo.example.com/CamelCase. + maxLength: 316 + pattern: ^([a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*/)?(([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9])$ + type: string + required: + - lastTransitionTime + - message + - reason + - status + - type + type: object + type: array + observedGeneration: + description: ObservedGeneration reflects the most recent generation + observed by the controller. + format: int64 + type: integer + type: object + required: + - spec + type: object + served: true + storage: true + subresources: + status: {} diff --git a/packages/system/cozystack-controller/templates/crds/dashboard.cozystack.io_sidebars.yaml b/packages/system/cozystack-controller/templates/crds/dashboard.cozystack.io_sidebars.yaml new file mode 100644 index 00000000..abc3fc49 --- /dev/null +++ b/packages/system/cozystack-controller/templates/crds/dashboard.cozystack.io_sidebars.yaml @@ -0,0 +1,118 @@ +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + controller-gen.kubebuilder.io/version: v0.16.4 + name: sidebars.dashboard.cozystack.io +spec: + group: dashboard.cozystack.io + names: + kind: Sidebar + listKind: SidebarList + plural: sidebars + singular: sidebar + scope: Cluster + versions: + - name: v1alpha1 + schema: + openAPIV3Schema: + properties: + apiVersion: + description: |- + APIVersion defines the versioned schema of this representation of an object. + Servers should convert recognized schemas to the latest internal value, and + may reject unrecognized values. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources + type: string + kind: + description: |- + Kind is a string value representing the REST resource this object represents. + Servers may infer this from the endpoint the client submits requests to. + Cannot be updated. + In CamelCase. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds + type: string + metadata: + type: object + spec: + description: |- + ArbitrarySpec holds schemaless user data and preserves unknown fields. + We map the entire .spec to a single JSON payload to mirror the CRDs you provided. + NOTE: Using apiextensionsv1.JSON avoids losing arbitrary structure during round-trips. + type: object + x-kubernetes-preserve-unknown-fields: true + status: + description: CommonStatus is a generic Status block with Kubernetes conditions. + properties: + conditions: + description: Conditions represent the latest available observations + of an object's state. + items: + description: Condition contains details for one aspect of the current + state of this API Resource. + properties: + lastTransitionTime: + description: |- + lastTransitionTime is the last time the condition transitioned from one status to another. + This should be when the underlying condition changed. If that is not known, then using the time when the API field changed is acceptable. + format: date-time + type: string + message: + description: |- + message is a human readable message indicating details about the transition. + This may be an empty string. + maxLength: 32768 + type: string + observedGeneration: + description: |- + observedGeneration represents the .metadata.generation that the condition was set based upon. + For instance, if .metadata.generation is currently 12, but the .status.conditions[x].observedGeneration is 9, the condition is out of date + with respect to the current state of the instance. + format: int64 + minimum: 0 + type: integer + reason: + description: |- + reason contains a programmatic identifier indicating the reason for the condition's last transition. + Producers of specific condition types may define expected values and meanings for this field, + and whether the values are considered a guaranteed API. + The value should be a CamelCase string. + This field may not be empty. + maxLength: 1024 + minLength: 1 + pattern: ^[A-Za-z]([A-Za-z0-9_,:]*[A-Za-z0-9_])?$ + type: string + status: + description: status of the condition, one of True, False, Unknown. + enum: + - "True" + - "False" + - Unknown + type: string + type: + description: type of condition in CamelCase or in foo.example.com/CamelCase. + maxLength: 316 + pattern: ^([a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*/)?(([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9])$ + type: string + required: + - lastTransitionTime + - message + - reason + - status + - type + type: object + type: array + observedGeneration: + description: ObservedGeneration reflects the most recent generation + observed by the controller. + format: int64 + type: integer + type: object + required: + - spec + type: object + served: true + storage: true + subresources: + status: {} diff --git a/packages/system/cozystack-controller/templates/crds/dashboard.cozystack.io_tableurimappings.yaml b/packages/system/cozystack-controller/templates/crds/dashboard.cozystack.io_tableurimappings.yaml new file mode 100644 index 00000000..19a4c451 --- /dev/null +++ b/packages/system/cozystack-controller/templates/crds/dashboard.cozystack.io_tableurimappings.yaml @@ -0,0 +1,118 @@ +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + controller-gen.kubebuilder.io/version: v0.16.4 + name: tableurimappings.dashboard.cozystack.io +spec: + group: dashboard.cozystack.io + names: + kind: TableUriMapping + listKind: TableUriMappingList + plural: tableurimappings + singular: tableurimapping + scope: Cluster + versions: + - name: v1alpha1 + schema: + openAPIV3Schema: + properties: + apiVersion: + description: |- + APIVersion defines the versioned schema of this representation of an object. + Servers should convert recognized schemas to the latest internal value, and + may reject unrecognized values. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources + type: string + kind: + description: |- + Kind is a string value representing the REST resource this object represents. + Servers may infer this from the endpoint the client submits requests to. + Cannot be updated. + In CamelCase. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds + type: string + metadata: + type: object + spec: + description: |- + ArbitrarySpec holds schemaless user data and preserves unknown fields. + We map the entire .spec to a single JSON payload to mirror the CRDs you provided. + NOTE: Using apiextensionsv1.JSON avoids losing arbitrary structure during round-trips. + type: object + x-kubernetes-preserve-unknown-fields: true + status: + description: CommonStatus is a generic Status block with Kubernetes conditions. + properties: + conditions: + description: Conditions represent the latest available observations + of an object's state. + items: + description: Condition contains details for one aspect of the current + state of this API Resource. + properties: + lastTransitionTime: + description: |- + lastTransitionTime is the last time the condition transitioned from one status to another. + This should be when the underlying condition changed. If that is not known, then using the time when the API field changed is acceptable. + format: date-time + type: string + message: + description: |- + message is a human readable message indicating details about the transition. + This may be an empty string. + maxLength: 32768 + type: string + observedGeneration: + description: |- + observedGeneration represents the .metadata.generation that the condition was set based upon. + For instance, if .metadata.generation is currently 12, but the .status.conditions[x].observedGeneration is 9, the condition is out of date + with respect to the current state of the instance. + format: int64 + minimum: 0 + type: integer + reason: + description: |- + reason contains a programmatic identifier indicating the reason for the condition's last transition. + Producers of specific condition types may define expected values and meanings for this field, + and whether the values are considered a guaranteed API. + The value should be a CamelCase string. + This field may not be empty. + maxLength: 1024 + minLength: 1 + pattern: ^[A-Za-z]([A-Za-z0-9_,:]*[A-Za-z0-9_])?$ + type: string + status: + description: status of the condition, one of True, False, Unknown. + enum: + - "True" + - "False" + - Unknown + type: string + type: + description: type of condition in CamelCase or in foo.example.com/CamelCase. + maxLength: 316 + pattern: ^([a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*/)?(([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9])$ + type: string + required: + - lastTransitionTime + - message + - reason + - status + - type + type: object + type: array + observedGeneration: + description: ObservedGeneration reflects the most recent generation + observed by the controller. + format: int64 + type: integer + type: object + required: + - spec + type: object + served: true + storage: true + subresources: + status: {} diff --git a/packages/system/cozystack-controller/templates/rbac.yaml b/packages/system/cozystack-controller/templates/rbac.yaml index 917b736f..9ef8970a 100644 --- a/packages/system/cozystack-controller/templates/rbac.yaml +++ b/packages/system/cozystack-controller/templates/rbac.yaml @@ -3,7 +3,7 @@ apiVersion: rbac.authorization.k8s.io/v1 metadata: name: cozystack-controller rules: -- apiGroups: ['cozystack.io'] +- apiGroups: ['cozystack.io', 'dashboard.cozystack.io'] resources: ['*'] verbs: ['*'] - apiGroups: ["helm.toolkit.fluxcd.io"] diff --git a/packages/system/dashboard-config/Chart.yaml b/packages/system/dashboard-config/Chart.yaml new file mode 100644 index 00000000..4d848e27 --- /dev/null +++ b/packages/system/dashboard-config/Chart.yaml @@ -0,0 +1,3 @@ +apiVersion: v2 +version: 1.0.0 +name: cozy-dashboard-config diff --git a/packages/system/dashboard-config/Makefile b/packages/system/dashboard-config/Makefile new file mode 100644 index 00000000..041e535e --- /dev/null +++ b/packages/system/dashboard-config/Makefile @@ -0,0 +1,5 @@ +NAME := dashboard-config +NAMESPACE := cozy-dashboard + +include ../../../scripts/common-envs.mk +include ../../../scripts/package.mk diff --git a/packages/system/dashboard-config/templates/Breadcrumb/factory/configmap-details.yaml b/packages/system/dashboard-config/templates/Breadcrumb/factory/configmap-details.yaml new file mode 100644 index 00000000..f365fb62 --- /dev/null +++ b/packages/system/dashboard-config/templates/Breadcrumb/factory/configmap-details.yaml @@ -0,0 +1,13 @@ +--- +apiVersion: dashboard.cozystack.io/v1alpha1 +kind: Breadcrumb +metadata: + name: stock-project-factory-configmap-details +spec: + id: "stock-project-factory-configmap-details" + breadcrumbItems: + - key: configmaps + label: "v1/configmaps" + link: "/openapi-ui/{clusterName}/{namespace}/builtin-table/configmaps" + - key: configmap + label: "{6}" diff --git a/packages/system/dashboard-config/templates/Breadcrumb/factory/namespace-details.yaml b/packages/system/dashboard-config/templates/Breadcrumb/factory/namespace-details.yaml new file mode 100644 index 00000000..9e9ac4bf --- /dev/null +++ b/packages/system/dashboard-config/templates/Breadcrumb/factory/namespace-details.yaml @@ -0,0 +1,13 @@ +--- +apiVersion: dashboard.cozystack.io/v1alpha1 +kind: Breadcrumb +metadata: + name: stock-cluster-factory-namespace-details +spec: + id: "stock-cluster-factory-namespace-details" + breadcrumbItems: + - key: namespaces + label: "v1/namespaces" + link: "/openapi-ui/{clusterName}/builtin-table/namespaces" + - key: namespace + label: "{5}" diff --git a/packages/system/dashboard-config/templates/Breadcrumb/factory/node-details.yaml b/packages/system/dashboard-config/templates/Breadcrumb/factory/node-details.yaml new file mode 100644 index 00000000..bcd1be70 --- /dev/null +++ b/packages/system/dashboard-config/templates/Breadcrumb/factory/node-details.yaml @@ -0,0 +1,13 @@ +--- +apiVersion: dashboard.cozystack.io/v1alpha1 +kind: Breadcrumb +metadata: + name: stock-cluster-factory-node-details +spec: + id: "stock-cluster-factory-node-details" + breadcrumbItems: + - key: node + label: "v1/nodes" + link: "/openapi-ui/{clusterName}/builtin-table/nodes" + - key: node + label: "{5}" diff --git a/packages/system/dashboard-config/templates/Breadcrumb/factory/pod-details.yaml b/packages/system/dashboard-config/templates/Breadcrumb/factory/pod-details.yaml new file mode 100644 index 00000000..f09bbf5a --- /dev/null +++ b/packages/system/dashboard-config/templates/Breadcrumb/factory/pod-details.yaml @@ -0,0 +1,13 @@ +--- +apiVersion: dashboard.cozystack.io/v1alpha1 +kind: Breadcrumb +metadata: + name: stock-project-factory-pod-details +spec: + id: "stock-project-factory-pod-details" + breadcrumbItems: + - key: pods + label: "v1/pods" + link: "/openapi-ui/{clusterName}/{namespace}/builtin-table/pods" + - key: pod + label: "{6}" diff --git a/packages/system/dashboard-config/templates/Breadcrumb/factory/secret-details.yaml b/packages/system/dashboard-config/templates/Breadcrumb/factory/secret-details.yaml new file mode 100644 index 00000000..5e5230bd --- /dev/null +++ b/packages/system/dashboard-config/templates/Breadcrumb/factory/secret-details.yaml @@ -0,0 +1,13 @@ +--- +apiVersion: dashboard.cozystack.io/v1alpha1 +kind: Breadcrumb +metadata: + name: stock-project-factory-secret-details +spec: + id: "stock-project-factory-secret-details" + breadcrumbItems: + - key: secrets + label: "v1/secrets" + link: "/openapi-ui/{clusterName}/{namespace}/builtin-table/secrets" + - key: secret + label: "{6}" diff --git a/packages/system/dashboard-config/templates/Breadcrumb/factory/service-details.yaml b/packages/system/dashboard-config/templates/Breadcrumb/factory/service-details.yaml new file mode 100644 index 00000000..83aca2e9 --- /dev/null +++ b/packages/system/dashboard-config/templates/Breadcrumb/factory/service-details.yaml @@ -0,0 +1,13 @@ +--- +apiVersion: dashboard.cozystack.io/v1alpha1 +kind: Breadcrumb +metadata: + name: stock-project-factory-service-details +spec: + id: "stock-project-factory-service-details" + breadcrumbItems: + - key: services + label: "v1/services" + link: "/openapi-ui/{clusterName}/{namespace}/builtin-table/services" + - key: service + label: "{6}" diff --git a/packages/system/dashboard-config/templates/Breadcrumb/stock-cluster-api.yaml b/packages/system/dashboard-config/templates/Breadcrumb/stock-cluster-api.yaml new file mode 100644 index 00000000..f402e37d --- /dev/null +++ b/packages/system/dashboard-config/templates/Breadcrumb/stock-cluster-api.yaml @@ -0,0 +1,38 @@ +--- +apiVersion: dashboard.cozystack.io/v1alpha1 +kind: Breadcrumb +metadata: + name: stock-cluster-api-table +spec: + id: "stock-cluster-api-table" + breadcrumbItems: + - key: api + label: "{apiGroup}/{apiVersion}/{typeName}" + +--- +apiVersion: dashboard.cozystack.io/v1alpha1 +kind: Breadcrumb +metadata: + name: stock-cluster-api-form +spec: + id: "stock-cluster-api-form" + breadcrumbItems: + - key: create-api-res-namespaced-table + label: "{apiGroup}/{apiVersion}/{typeName}" + link: "/openapi-ui/{clusterName}/api-table/{apiGroup}/{apiVersion}/{typeName}" + - key: create-api-res-namespaced-typename + label: Create + +--- +apiVersion: dashboard.cozystack.io/v1alpha1 +kind: Breadcrumb +metadata: + name: stock-cluster-api-form-edit +spec: + id: "stock-cluster-api-form-edit" + breadcrumbItems: + - key: create-api-res-namespaced-table + label: "{apiGroup}/{apiVersion}/{typeName}" + link: "/openapi-ui/{clusterName}/api-table/{apiGroup}/{apiVersion}/{typeName}" + - key: create-api-res-namespaced-typename + label: Update diff --git a/packages/system/dashboard-config/templates/Breadcrumb/stock-cluster-builtin.yaml b/packages/system/dashboard-config/templates/Breadcrumb/stock-cluster-builtin.yaml new file mode 100644 index 00000000..adf3847c --- /dev/null +++ b/packages/system/dashboard-config/templates/Breadcrumb/stock-cluster-builtin.yaml @@ -0,0 +1,38 @@ +--- +apiVersion: dashboard.cozystack.io/v1alpha1 +kind: Breadcrumb +metadata: + name: stock-cluster-builtin-table +spec: + id: "stock-cluster-builtin-table" + breadcrumbItems: + - key: api + label: "v1/{typeName}" + +--- +apiVersion: dashboard.cozystack.io/v1alpha1 +kind: Breadcrumb +metadata: + name: stock-cluster-builtin-form +spec: + id: "stock-cluster-builtin-form" + breadcrumbItems: + - key: create-api-res-namespaced-table + label: "v1/{typeName}" + link: "/openapi-ui/{clusterName}/builtin-table/{typeName}" + - key: create-api-res-namespaced-typename + label: Create + +--- +apiVersion: dashboard.cozystack.io/v1alpha1 +kind: Breadcrumb +metadata: + name: stock-cluster-builtin-form-edit +spec: + id: "stock-cluster-builtin-form-edit" + breadcrumbItems: + - key: create-api-res-namespaced-table + label: "v1/{typeName}" + link: "/openapi-ui/{clusterName}/builtin-table/{typeName}" + - key: create-api-res-namespaced-typename + label: Update diff --git a/packages/system/dashboard-config/templates/Breadcrumb/stock-project-api.yaml b/packages/system/dashboard-config/templates/Breadcrumb/stock-project-api.yaml new file mode 100644 index 00000000..083c74f5 --- /dev/null +++ b/packages/system/dashboard-config/templates/Breadcrumb/stock-project-api.yaml @@ -0,0 +1,38 @@ +--- +apiVersion: dashboard.cozystack.io/v1alpha1 +kind: Breadcrumb +metadata: + name: stock-project-api-table +spec: + id: "stock-project-api-table" + breadcrumbItems: + - key: api + label: "{apiGroup}/{apiVersion}/{typeName}" + +--- +apiVersion: dashboard.cozystack.io/v1alpha1 +kind: Breadcrumb +metadata: + name: stock-project-api-form +spec: + id: "stock-project-api-form" + breadcrumbItems: + - key: create-api-res-namespaced-table + label: "{apiGroup}/{apiVersion}/{typeName}" + link: "/openapi-ui/{clusterName}/{namespace}/api-table/{apiGroup}/{apiVersion}/{typeName}" + - key: create-api-res-namespaced-typename + label: Create + +--- +apiVersion: dashboard.cozystack.io/v1alpha1 +kind: Breadcrumb +metadata: + name: stock-project-api-form-edit +spec: + id: "stock-project-api-form-edit" + breadcrumbItems: + - key: create-api-res-namespaced-table + label: "{apiGroup}/{apiVersion}/{typeName}" + link: "/openapi-ui/{clusterName}/{namespace}/api-table/{apiGroup}/{apiVersion}/{typeName}" + - key: create-api-res-namespaced-typename + label: Update diff --git a/packages/system/dashboard-config/templates/Breadcrumb/stock-project-builtin.yaml b/packages/system/dashboard-config/templates/Breadcrumb/stock-project-builtin.yaml new file mode 100644 index 00000000..cb83795a --- /dev/null +++ b/packages/system/dashboard-config/templates/Breadcrumb/stock-project-builtin.yaml @@ -0,0 +1,38 @@ +--- +apiVersion: dashboard.cozystack.io/v1alpha1 +kind: Breadcrumb +metadata: + name: stock-project-builtin-table +spec: + id: "stock-project-builtin-table" + breadcrumbItems: + - key: api + label: "v1/{typeName}" + +--- +apiVersion: dashboard.cozystack.io/v1alpha1 +kind: Breadcrumb +metadata: + name: stock-project-builtin-form +spec: + id: "stock-project-builtin-form" + breadcrumbItems: + - key: create-api-res-namespaced-table + label: "v1/{typeName}" + link: "/openapi-ui/{clusterName}/{namespace}/builtin-table/{typeName}" + - key: create-api-res-namespaced-typename + label: Create + +--- +apiVersion: dashboard.cozystack.io/v1alpha1 +kind: Breadcrumb +metadata: + name: stock-project-builtin-form-edit +spec: + id: "stock-project-builtin-form-edit" + breadcrumbItems: + - key: create-api-res-namespaced-table + label: "v1/{typeName}" + link: "/openapi-ui/{clusterName}/{namespace}/builtin-table/{typeName}" + - key: create-api-res-namespaced-typename + label: Update diff --git a/packages/system/dashboard-config/templates/CustomColumnsOverride/factory-details-v1.services.yaml b/packages/system/dashboard-config/templates/CustomColumnsOverride/factory-details-v1.services.yaml new file mode 100644 index 00000000..bcab444b --- /dev/null +++ b/packages/system/dashboard-config/templates/CustomColumnsOverride/factory-details-v1.services.yaml @@ -0,0 +1,126 @@ +--- +apiVersion: dashboard.cozystack.io/v1alpha1 +kind: CustomColumnsOverride +metadata: + name: factory-details-v1.services +spec: + id: factory-details-v1.services + additionalPrinterColumns: + - jsonPath: .metadata.name + name: Name + type: factory + customProps: + disableEventBubbling: true + items: + {{ include "incloud-web-resources.icon" (dict + "text" "S" + "title" "service" + "backgroundColor" "#6ca100" + )| nindent 8 + }} + {{ include "incloud-web-resources.factory.linkblock" (dict + "reqIndex" 0 + "type" "name" + "jsonPath" ".metadata.name" + "namespace" "{reqsJsonPath[0]['.metadata.namespace']['-']}" + "factory" "service-details" + ) | nindent 12 + }} + - jsonPath: .spec.clusterIP + name: ClusterIP + type: string + - jsonPath: .spec.loadBalancerIP + name: LoadbalancerIP + type: string + - jsonPath: .metadata.creationTimestamp + name: Created + type: factory + customProps: + disableEventBubbling: true + items: + {{ include "incloud-web-resources.factory.timeblock" (dict + "req" ".metadata.creationTimestamp" + ) | nindent 8 + }} + additionalPrinterColumnsUndefinedValues: + - key: ClusterIP + value: "-" + - key: LoadbalancerIP + value: "-" + additionalPrinterColumnsTrimLengths: + - key: Name + value: 64 + +--- +apiVersion: dashboard.cozystack.io/v1alpha1 +kind: CustomColumnsOverride +metadata: + name: stock-namespace-v1.services +spec: + additionalPrinterColumns: + - jsonPath: .metadata.name + name: Name + type: factory + customProps: + disableEventBubbling: true + items: + {{ include "incloud-web-resources.icon" (dict + "text" "S" + "title" "service" + "backgroundColor" "#6ca100" + )| nindent 8 + }} + {{ include "incloud-web-resources.factory.linkblock" (dict + "reqIndex" 0 + "type" "name" + "jsonPath" ".metadata.name" + "namespace" "{reqsJsonPath[0]['.metadata.namespace']['-']}" + "factory" "service-details" + ) | nindent 12 + }} + - jsonPath: .spec.clusterIP + name: ClusterIP + type: string + - jsonPath: .spec.loadBalancerIP + name: LoadbalancerIP + type: string + - jsonPath: .metadata.creationTimestamp + name: Created + type: factory + customProps: + disableEventBubbling: true + items: + {{ include "incloud-web-resources.factory.timeblock" (dict + "req" ".metadata.creationTimestamp" + ) | nindent 8 + }} + additionalPrinterColumnsUndefinedValues: + - key: ClusterIP + value: "-" + - key: LoadbalancerIP + value: "-" + additionalPrinterColumnsTrimLengths: + - key: Name + value: 64 + id: stock-namespace-/v1/services + +--- +apiVersion: dashboard.cozystack.io/v1alpha1 +kind: CustomColumnsOverride +metadata: + name: factory-service-details-port-mapping +spec: + additionalPrinterColumns: + - jsonPath: .name + name: Name + type: string + - jsonPath: .port + name: Port + type: string + - jsonPath: .protocol + name: Protocol + type: string + - jsonPath: .targetPort + name: Pod port or name + type: string + id: factory-service-details-port-mapping diff --git a/packages/system/dashboard-config/templates/CustomColumnsOverride/factory-details-v1alpha1.apps.cozystack.io.workloadmonitors.yaml b/packages/system/dashboard-config/templates/CustomColumnsOverride/factory-details-v1alpha1.apps.cozystack.io.workloadmonitors.yaml new file mode 100644 index 00000000..d0ffe701 --- /dev/null +++ b/packages/system/dashboard-config/templates/CustomColumnsOverride/factory-details-v1alpha1.apps.cozystack.io.workloadmonitors.yaml @@ -0,0 +1,46 @@ +--- +apiVersion: dashboard.cozystack.io/v1alpha1 +kind: CustomColumnsOverride +metadata: + name: factory-details-v1alpha1.cozystack.io.workloadmonitors +spec: + id: factory-details-v1alpha1.cozystack.io.workloadmonitors + additionalPrinterColumns: + - jsonPath: .metadata.name + name: Name + type: factory + customProps: + disableEventBubbling: true + items: + {{ include "incloud-web-resources.icon" (dict + "text" "W" + "title" "workloadmonitor" + "backgroundColor" "#c46100" + )| nindent 8 + }} + {{ include "incloud-web-resources.factory.linkblock" (dict + "reqIndex" 0 + "type" "name" + "jsonPath" ".metadata.name" + "namespace" "{reqsJsonPath[0]['.metadata.namespace']['-']}" + "factory" "workloadmonitor-details" + ) | nindent 12 + }} + - jsonPath: .spec.type + name: TYPE + type: string + - jsonPath: .spec.version + name: VERSION + type: string + - jsonPath: .spec.replicas + name: REPLICAS + type: string + - jsonPath: .spec.minReplicas + name: MINREPLICAS + type: string + - jsonPath: .status.availableReplicas + name: AVAILABLE + type: string + - jsonPath: .status.observedReplicas + name: OBSERVED + type: string diff --git a/packages/system/dashboard-config/templates/CustomColumnsOverride/factory-details-v1alpha1.core.cozystack.io.tenantsecretstables.yaml b/packages/system/dashboard-config/templates/CustomColumnsOverride/factory-details-v1alpha1.core.cozystack.io.tenantsecretstables.yaml new file mode 100644 index 00000000..783a9659 --- /dev/null +++ b/packages/system/dashboard-config/templates/CustomColumnsOverride/factory-details-v1alpha1.core.cozystack.io.tenantsecretstables.yaml @@ -0,0 +1,56 @@ +apiVersion: dashboard.cozystack.io/v1alpha1 +kind: CustomColumnsOverride +metadata: + name: factory-details-v1alpha1.core.cozystack.io.tenantsecretstables +spec: + id: factory-details-v1alpha1.core.cozystack.io.tenantsecretstables + additionalPrinterColumns: + - jsonPath: .metadata.name + name: Name + type: factory + customProps: + disableEventBubbling: true + items: + {{ include "incloud-web-resources.icon" (dict + "text" "S" + "title" "secret" + "backgroundColor" "#c46100" + )| nindent 8 + }} + {{ include "incloud-web-resources.factory.linkblock" (dict + "reqIndex" 0 + "type" "name" + "jsonPath" ".metadata.name" + "namespace" "{reqsJsonPath[0]['.metadata.namespace']['-']}" + "factory" "secret-details" + ) | nindent 12 + }} + - jsonPath: .data.key + name: Key + type: string + - name: Value + type: factory + customProps: + disableEventBubbling: true + items: + - type: SecretBase64Plain + data: + id: example-secterbase64 + plainTextValue: "hello" + base64Value: "{reqsJsonPath[0]['.data.value']['-']}" + - jsonPath: .metadata.creationTimestamp + name: Created + type: factory + customProps: + disableEventBubbling: true + items: + {{ include "incloud-web-resources.factory.timeblock" (dict + "req" ".metadata.creationTimestamp" + ) | nindent 8 + }} + additionalPrinterColumnsTrimLengths: + - key: Name + value: 64 + additionalPrinterColumnsUndefinedValues: + - key: Namespace + value: '-' diff --git a/packages/system/dashboard-config/templates/CustomColumnsOverride/factory-ingress-details-rules.yaml b/packages/system/dashboard-config/templates/CustomColumnsOverride/factory-ingress-details-rules.yaml new file mode 100644 index 00000000..b84a8426 --- /dev/null +++ b/packages/system/dashboard-config/templates/CustomColumnsOverride/factory-ingress-details-rules.yaml @@ -0,0 +1,47 @@ +--- +apiVersion: dashboard.cozystack.io/v1alpha1 +kind: CustomColumnsOverride +metadata: + name: factory-ingress-details-rules +spec: + id: factory-ingress-details-rules + # Each item is a rule. We'll display the first HTTP path data where present + additionalPrinterColumns: + - jsonPath: .host + name: Host + type: string + - jsonPath: .http.paths[0].backend.service.name + name: Service + type: factory + customProps: + disableEventBubbling: true + items: + {{ include "incloud-web-resources.icon" (dict + "text" "S" + "title" "service" + "backgroundColor" "#6ca100" + )| nindent 8 + }} + {{ include "incloud-web-resources.factory.linkblock" (dict + "reqIndex" 0 + "type" "name" + "jsonPath" ".http.paths[0].backend.service.name" + "namespace" "{reqsJsonPath[0]['.metadata.namespace']['-']}" + "factory" "service-details" + ) | nindent 12 + }} + - jsonPath: .http.paths[0].backend.service.port.number + name: Port + type: string + - jsonPath: .http.paths[0].path + name: Path + type: string + additionalPrinterColumnsUndefinedValues: + - key: Service + value: "-" + - key: Port + value: "-" + - key: Path + value: "-" + + diff --git a/packages/system/dashboard-config/templates/CustomColumnsOverride/factory-node-images.yaml b/packages/system/dashboard-config/templates/CustomColumnsOverride/factory-node-images.yaml new file mode 100644 index 00000000..d2c8d72e --- /dev/null +++ b/packages/system/dashboard-config/templates/CustomColumnsOverride/factory-node-images.yaml @@ -0,0 +1,33 @@ +--- +apiVersion: dashboard.cozystack.io/v1alpha1 +kind: CustomColumnsOverride +metadata: + name: factory-node-images +spec: + additionalPrinterColumns: + - jsonPath: .names[0] + name: ImageID + type: string + - jsonPath: .sizeBytes + name: Size + type: factory + customProps: + disableEventBubbling: true + items: + - type: ConverterBytes + data: + id: example-converter-bytes + bytesValue: "{reqsJsonPath[0]['.sizeBytes']['-']}" + format: true + precision: 1 + + additionalPrinterColumnsUndefinedValues: + - key: Message + value: "-" + + additionalPrinterColumnsTrimLengths: + - key: ImageID + value: 128 + - key: Size + value: 63 + id: "factory-node-images" diff --git a/packages/system/dashboard-config/templates/CustomColumnsOverride/factory-pod-details-list.yaml b/packages/system/dashboard-config/templates/CustomColumnsOverride/factory-pod-details-list.yaml new file mode 100644 index 00000000..47782a1f --- /dev/null +++ b/packages/system/dashboard-config/templates/CustomColumnsOverride/factory-pod-details-list.yaml @@ -0,0 +1,11 @@ +--- +apiVersion: dashboard.cozystack.io/v1alpha1 +kind: CustomColumnsOverride +metadata: + name: factory-pod-details-volume-list +spec: + additionalPrinterColumns: + - jsonPath: .name + name: Name + type: string + id: "factory-pod-details-volume-list" diff --git a/packages/system/dashboard-config/templates/CustomColumnsOverride/factory-status-conditions.yaml b/packages/system/dashboard-config/templates/CustomColumnsOverride/factory-status-conditions.yaml new file mode 100644 index 00000000..eac76733 --- /dev/null +++ b/packages/system/dashboard-config/templates/CustomColumnsOverride/factory-status-conditions.yaml @@ -0,0 +1,40 @@ +--- +apiVersion: dashboard.cozystack.io/v1alpha1 +kind: CustomColumnsOverride +metadata: + name: factory-status-conditions +spec: + additionalPrinterColumns: + - jsonPath: .type + name: Type + type: string + - jsonPath: .status + name: Status + type: bool + - jsonPath: .lastTransitionTime + name: Updated + type: factory + customProps: + disableEventBubbling: true + items: + {{ include "incloud-web-resources.factory.timeblock" (dict + "req" ".lastTransitionTime" + ) | nindent 8 + }} + - jsonPath: .reason + name: Reason + type: string + - jsonPath: .message + name: Message + type: string + + additionalPrinterColumnsUndefinedValues: + - key: Reason + value: "-" + - key: Message + value: "-" + + additionalPrinterColumnsTrimLengths: + - key: Message + value: 63 + id: "factory-status-conditions" diff --git a/packages/system/dashboard-config/templates/CustomColumnsOverride/helpers/hidden.metadata.tpl b/packages/system/dashboard-config/templates/CustomColumnsOverride/helpers/hidden.metadata.tpl new file mode 100644 index 00000000..e282731a --- /dev/null +++ b/packages/system/dashboard-config/templates/CustomColumnsOverride/helpers/hidden.metadata.tpl @@ -0,0 +1,162 @@ +{{- define "incloud-web-resources.customformoverride.hidden.metadata.system" -}} +- - metadata + - creationTimestamp +- - metadata + - deletionGracePeriodSeconds +- - metadata + - deletionTimestamp +- - metadata + - finalizers +- - metadata + - generateName +- - metadata + - generation +- - metadata + - managedFields +- - metadata + - ownerReferences +- - metadata + - resourceVersion +- - metadata + - selfLink +- - metadata + - uid +{{- end -}} + +{{- define "incloud-web-resources.customformoverride.hidden.metadata.system-clusterscope" -}} +- - metadata + - creationTimestamp +- - metadata + - namespace +- - metadata + - deletionGracePeriodSeconds +- - metadata + - deletionTimestamp +- - metadata + - finalizers +- - metadata + - generateName +- - metadata + - generation +- - metadata + - managedFields +- - metadata + - ownerReferences +- - metadata + - resourceVersion +- - metadata + - selfLink +- - metadata + - uid +{{- end -}} + +{{- define "incloud-web-resources.customformoverride.hidden.metadata.system.job-template" -}} +- - spec + - jobTemplate + - metadata + - creationTimestamp +- - spec + - jobTemplate + - metadata + - namespace +- - spec + - jobTemplate + - metadata + - deletionGracePeriodSeconds +- - spec + - jobTemplate + - metadata + - deletionTimestamp +- - spec + - jobTemplate + - metadata + - finalizers +- - spec + - jobTemplate + - metadata + - generateName +- - spec + - jobTemplate + - metadata + - generation +- - spec + - jobTemplate + - metadata + - managedFields +- - spec + - jobTemplate + - metadata + - ownerReferences +- - spec + - jobTemplate + - metadata + - resourceVersion +- - spec + - jobTemplate + - metadata + - selfLink +- - spec + - jobTemplate + - metadata + - uid +{{- end -}} + +{{- define "incloud-web-resources.customformoverride.hidden.metadata.system.template" -}} +- - spec + - template + - metadata + - creationTimestamp +- - spec + - template + - metadata + - namespace +- - spec + - template + - metadata + - deletionGracePeriodSeconds +- - spec + - template + - metadata + - deletionTimestamp +- - spec + - template + - metadata + - finalizers +- - spec + - template + - metadata + - generateName +- - spec + - template + - metadata + - generation +- - spec + - template + - metadata + - managedFields +- - spec + - template + - metadata + - ownerReferences +- - spec + - template + - metadata + - resourceVersion +- - spec + - template + - metadata + - selfLink +- - spec + - template + - metadata + - uid +{{- end -}} + +{{- define "incloud-web-resources.customformoverride.hidden.metadata.api" -}} +- - kind +- - apiVersion +{{- end -}} + +{{- define "incloud-web-resources.customformoverride.hidden.status" -}} +- - status +{{- end -}} diff --git a/packages/system/dashboard-config/templates/CustomColumnsOverride/helpers/icons.tpl b/packages/system/dashboard-config/templates/CustomColumnsOverride/helpers/icons.tpl new file mode 100644 index 00000000..12a8e7e9 --- /dev/null +++ b/packages/system/dashboard-config/templates/CustomColumnsOverride/helpers/icons.tpl @@ -0,0 +1,89 @@ +{{- define "incloud-web-resources.pod.icon" -}} +- type: antdFlex + data: + id: header-row + gap: 6 + align: center + # style: + # marginBottom: 24px + children: + - type: antdText + data: + id: header-badge + text: P + title: Pods + style: + fontSize: 20px + lineHeight: 24px + padding: "0 9px" + borderRadius: "20px" + minWidth: 24 + display: inline-block + textAlign: center + whiteSpace: nowrap + color: "#fff" + backgroundColor: "#009596" + fontFamily: RedHatDisplay, Overpass, overpass, helvetica, arial, sans-serif + fontWeight: 400 +{{- end -}} + +{{- define "incloud-web-resources.namespace.icon" -}} +- type: antdFlex + data: + id: header-row + gap: 6 + align: center + # style: + # marginBottom: 24px + children: + - type: antdText + data: + id: header-badge + text: NS + title: Nanesoace + style: + fontSize: 20px + lineHeight: 24px + padding: "0 9px" + borderRadius: "20px" + minWidth: 24 + display: inline-block + textAlign: center + whiteSpace: nowrap + color: "#fff" + backgroundColor: "#45a703ff" + fontFamily: RedHatDisplay, Overpass, overpass, helvetica, arial, sans-serif + fontWeight: 400 +{{- end -}} + + +{{- define "incloud-web-resources.icon" -}} +{{- $text := (default "" .text) -}} +{{- $title := (default "" .title) -}} +{{- $backgroundColor := (default "#a25792ff" .backgroundColor) -}} +- type: antdFlex + data: + id: header-row + gap: 6 + align: center + children: + # Badge with resource short name + - type: antdText + data: + id: header-badge + text: "{{ $text }}" + title: "{{ $title }}" + style: + fontSize: 15px + lineHeight: 24px + padding: "0 9px" + borderRadius: "20px" + minWidth: 24 + display: inline-block + textAlign: center + whiteSpace: nowrap + color: "#fff" + backgroundColor: "{{ $backgroundColor }}" + fontFamily: RedHatDisplay, Overpass, overpass, helvetica, arial, sans-serif + fontWeight: 400 +{{- end -}} diff --git a/packages/system/dashboard-config/templates/CustomColumnsOverride/k8s.container.yaml b/packages/system/dashboard-config/templates/CustomColumnsOverride/k8s.container.yaml new file mode 100644 index 00000000..3b300e27 --- /dev/null +++ b/packages/system/dashboard-config/templates/CustomColumnsOverride/k8s.container.yaml @@ -0,0 +1,154 @@ +--- +apiVersion: dashboard.cozystack.io/v1alpha1 +kind: CustomColumnsOverride +metadata: + name: container-status-init-containers-list +spec: + additionalPrinterColumns: + - jsonPath: .name + name: Name + type: string + - jsonPath: .imageID + name: Image + type: string + - jsonPath: .started + name: Started + type: bool + - jsonPath: .ready + name: Ready + type: bool + - jsonPath: .restartCount + name: RestartCount + type: string + - jsonPath: .state.waiting.reason + name: WaitingdReason + type: string + - jsonPath: .state.terminated.reason + name: TerminatedReason + type: string + + additionalPrinterColumnsUndefinedValues: + - key: TerminatedReason + value: "-" + - key: WaitingdReason + value: "-" + + additionalPrinterColumnsTrimLengths: + - key: Name + value: 63 + - key: Image + value: 63 + id: "container-status-init-containers-list" + +--- +apiVersion: dashboard.cozystack.io/v1alpha1 +kind: CustomColumnsOverride +metadata: + name: container-status-containers-list +spec: + additionalPrinterColumns: + - jsonPath: .name + name: Name + type: string + - jsonPath: .imageID + name: Image + type: string + - jsonPath: .started + name: Started + type: bool + - jsonPath: .ready + name: Ready + type: bool + - jsonPath: .restartCount + name: RestartCount + type: string + - jsonPath: .state.waiting.reason + name: WaitingdReason + type: string + - jsonPath: .state.terminated.reason + name: TerminatedReason + type: string + + additionalPrinterColumnsUndefinedValues: + - key: TerminatedReason + value: "-" + - key: WaitingdReason + value: "-" + + additionalPrinterColumnsTrimLengths: + - key: Name + value: 63 + - key: Image + value: 63 + id: "container-status-containers-list" + +--- +apiVersion: dashboard.cozystack.io/v1alpha1 +kind: CustomColumnsOverride +metadata: + name: container-spec-init-containers-list +spec: + additionalPrinterColumns: + - jsonPath: .name + name: Name + type: string + - jsonPath: .image + name: Image + type: string + - jsonPath: .resources.requests + name: Resources requests + type: array + - jsonPath: .resources.limits + name: Resources limits + type: array + additionalPrinterColumnsTrimLengths: + - key: Image + value: 64 + additionalPrinterColumnsUndefinedValues: + - key: Name + value: "-" + - key: Image + value: "-" + - key: Resources limits + value: "-" + - key: Resources requests + value: "-" + id: container-spec-init-containers-list + +--- +apiVersion: dashboard.cozystack.io/v1alpha1 +kind: CustomColumnsOverride +metadata: + name: container-spec-containers-list +spec: + additionalPrinterColumns: + - jsonPath: .name + name: Name + type: string + - jsonPath: .image + name: Image + type: string + - jsonPath: .resources.requests + name: Resources requests + type: array + - jsonPath: .resources.limits + name: Resources limits + type: array + - jsonPath: .ports[*].containerPort + name: Ports + type: array + additionalPrinterColumnsTrimLengths: + - key: Image + value: 64 + additionalPrinterColumnsUndefinedValues: + - key: Name + value: "-" + - key: Image + value: "-" + - key: Resources limits + value: "-" + - key: Resources requests + value: "-" + - key: Ports + value: "-" + id: container-spec-containers-list \ No newline at end of file diff --git a/packages/system/dashboard-config/templates/CustomColumnsOverride/networking.k8s.io.v1.ingresses.yaml b/packages/system/dashboard-config/templates/CustomColumnsOverride/networking.k8s.io.v1.ingresses.yaml new file mode 100644 index 00000000..8caf34ba --- /dev/null +++ b/packages/system/dashboard-config/templates/CustomColumnsOverride/networking.k8s.io.v1.ingresses.yaml @@ -0,0 +1,117 @@ +--- +apiVersion: dashboard.cozystack.io/v1alpha1 +kind: CustomColumnsOverride +metadata: + name: factory-details-networking.k8s.io.v1.ingresses +spec: + id: factory-details-networking.k8s.io.v1.ingresses + additionalPrinterColumns: + - jsonPath: .metadata.name + name: Name + type: factory + customProps: + disableEventBubbling: true + items: + {{ include "incloud-web-resources.icon" (dict + "text" "I" + "title" "ingress" + "backgroundColor" "#2e7dff" + )| nindent 8 + }} + {{ include "incloud-web-resources.factory.linkblock" (dict + "reqIndex" 0 + "type" "name" + "jsonPath" ".metadata.name" + "namespace" "{reqsJsonPath[0]['.metadata.namespace']['-']}" + "factory" "ingress-details" + ) | nindent 12 + }} + - jsonPath: .spec.rules[*].host + name: Hosts + type: string + - jsonPath: .status.loadBalancer.ingress[0].ip + name: Address + type: string + - jsonPath: .spec.defaultBackend.service.port.number + name: Port + type: string + - jsonPath: .metadata.creationTimestamp + name: Created + type: factory + customProps: + disableEventBubbling: true + items: + {{ include "incloud-web-resources.factory.timeblock" (dict + "req" ".metadata.creationTimestamp" + ) | nindent 8 + }} + additionalPrinterColumnsUndefinedValues: + - key: Hosts + value: "-" + - key: Address + value: "-" + - key: Port + value: "-" + additionalPrinterColumnsTrimLengths: + - key: Name + value: 64 + +--- +apiVersion: dashboard.cozystack.io/v1alpha1 +kind: CustomColumnsOverride +metadata: + name: stock-namespace-networking.k8s.io.v1.ingresses +spec: + id: stock-namespace-/networking.k8s.io/v1/ingresses + additionalPrinterColumns: + - jsonPath: .metadata.name + name: Name + type: factory + customProps: + disableEventBubbling: true + items: + {{ include "incloud-web-resources.icon" (dict + "text" "I" + "title" "ingress" + "backgroundColor" "#2e7dff" + )| nindent 8 + }} + {{ include "incloud-web-resources.factory.linkblock" (dict + "reqIndex" 0 + "type" "name" + "jsonPath" ".metadata.name" + "namespace" "{reqsJsonPath[0]['.metadata.namespace']['-']}" + "factory" "ingress-details" + ) | nindent 12 + }} + - jsonPath: .spec.rules[*].host + name: Hosts + type: string + - jsonPath: .status.loadBalancer.ingress[0].ip + name: Address + type: string + - jsonPath: .spec.defaultBackend.service.port.number + name: Port + type: string + - jsonPath: .metadata.creationTimestamp + name: Created + type: factory + customProps: + disableEventBubbling: true + items: + {{ include "incloud-web-resources.factory.timeblock" (dict + "req" ".metadata.creationTimestamp" + ) | nindent 8 + }} + additionalPrinterColumnsUndefinedValues: + - key: Hosts + value: "-" + - key: Address + value: "-" + - key: Port + value: "-" + additionalPrinterColumnsTrimLengths: + - key: Name + value: 64 + + diff --git a/packages/system/dashboard-config/templates/CustomColumnsOverride/v1.configmaps.yaml b/packages/system/dashboard-config/templates/CustomColumnsOverride/v1.configmaps.yaml new file mode 100644 index 00000000..57e01a34 --- /dev/null +++ b/packages/system/dashboard-config/templates/CustomColumnsOverride/v1.configmaps.yaml @@ -0,0 +1,169 @@ +--- +apiVersion: dashboard.cozystack.io/v1alpha1 +kind: CustomColumnsOverride +metadata: + name: "stock-cluster-v1.configmaps" +spec: + additionalPrinterColumns: + - jsonPath: .metadata.name + name: Name + type: factory + customProps: + disableEventBubbling: true + items: + {{ include "incloud-web-resources.icon" (dict + "text" "CM" + "title" "configmap" + "backgroundColor" "#b48c78ff" + )| nindent 8 + }} + {{ include "incloud-web-resources.factory.linkblock" (dict + "reqIndex" 0 + "type" "name" + "jsonPath" ".metadata.name" + "namespace" "{reqsJsonPath[0]['.metadata.namespace']['-']}" + "factory" "configmap-details" + ) | nindent 12 + }} + - jsonPath: .metadata.namespace + name: Namespace + type: factory + customProps: + disableEventBubbling: true + items: + {{ include "incloud-web-resources.icon" (dict + "text" "NS" + "title" "namespace" + "backgroundColor" "#a25792ff" + )| nindent 8 + }} + {{ include "incloud-web-resources.factory.linkblock" (dict + "reqIndex" 0 + "type" "namespace" + "jsonPath" ".metadata.namespace" + "factory" "namespace-details" + ) | nindent 12 + }} + - jsonPath: .metadata.creationTimestamp + name: Created + type: factory + customProps: + disableEventBubbling: true + items: + {{ include "incloud-web-resources.factory.timeblock" (dict + "req" ".metadata.creationTimestamp" + ) | nindent 8 + }} + additionalPrinterColumnsTrimLengths: + - key: Name + value: 64 + additionalPrinterColumnsUndefinedValues: + - key: Namespace + value: "-" + id: "stock-cluster-/v1/configmaps" + +--- +apiVersion: dashboard.cozystack.io/v1alpha1 +kind: CustomColumnsOverride +metadata: + name: "stock-namespace-v1.configmaps" +spec: + additionalPrinterColumns: + - jsonPath: .metadata.name + name: Name + type: factory + customProps: + disableEventBubbling: true + items: + {{ include "incloud-web-resources.icon" (dict + "text" "CM" + "title" "configmap" + "backgroundColor" "#b48c78ff" + )| nindent 8 + }} + {{ include "incloud-web-resources.factory.linkblock" (dict + "reqIndex" 0 + "type" "name" + "jsonPath" ".metadata.name" + "namespace" "{reqsJsonPath[0]['.metadata.namespace']['-']}" + "factory" "configmap-details" + ) | nindent 12 + }} + - jsonPath: .metadata.creationTimestamp + name: Created + type: factory + customProps: + disableEventBubbling: true + items: + {{ include "incloud-web-resources.factory.timeblock" (dict + "req" ".metadata.creationTimestamp" + ) | nindent 8 + }} + additionalPrinterColumnsTrimLengths: + - key: Name + value: 64 + id: "stock-namespace-/v1/configmaps" + +--- +apiVersion: dashboard.cozystack.io/v1alpha1 +kind: CustomColumnsOverride +metadata: + name: "cluster-v1.configmaps" +spec: + additionalPrinterColumns: + - jsonPath: .metadata.name + name: Name + type: factory + customProps: + disableEventBubbling: true + items: + {{ include "incloud-web-resources.icon" (dict + "text" "CM" + "title" "configmap" + "backgroundColor" "#b48c78ff" + )| nindent 8 + }} + {{ include "incloud-web-resources.factory.linkblock" (dict + "reqIndex" 0 + "type" "name" + "jsonPath" ".metadata.name" + "namespace" "{reqsJsonPath[0]['.metadata.namespace']['-']}" + "factory" "configmap-details" + ) | nindent 12 + }} + - jsonPath: .metadata.namespace + name: Namespace + type: factory + customProps: + disableEventBubbling: true + items: + {{ include "incloud-web-resources.icon" (dict + "text" "NS" + "title" "namespace" + "backgroundColor" "#a25792ff" + )| nindent 8 + }} + {{ include "incloud-web-resources.factory.linkblock" (dict + "reqIndex" 0 + "type" "namespace" + "jsonPath" ".metadata.namespace" + "factory" "namespace-details" + ) | nindent 12 + }} + - jsonPath: .metadata.creationTimestamp + name: Created + type: factory + customProps: + disableEventBubbling: true + items: + {{ include "incloud-web-resources.factory.timeblock" (dict + "req" ".metadata.creationTimestamp" + ) | nindent 8 + }} + additionalPrinterColumnsTrimLengths: + - key: Name + value: 64 + additionalPrinterColumnsUndefinedValues: + - key: Namespace + value: "-" + id: "cluster-/v1/configmaps" diff --git a/packages/system/dashboard-config/templates/CustomColumnsOverride/v1.nodes.yaml b/packages/system/dashboard-config/templates/CustomColumnsOverride/v1.nodes.yaml new file mode 100644 index 00000000..e12b4a69 --- /dev/null +++ b/packages/system/dashboard-config/templates/CustomColumnsOverride/v1.nodes.yaml @@ -0,0 +1,46 @@ +--- +apiVersion: dashboard.cozystack.io/v1alpha1 +kind: CustomColumnsOverride +metadata: + name: stock-cluster-v1.nodes +spec: + additionalPrinterColumns: + - jsonPath: .metadata.name + name: Name + type: factory + customProps: + disableEventBubbling: true + items: + {{ include "incloud-web-resources.icon" (dict + "text" "N" + "title" "node" + "backgroundColor" "#8476d1" + )| nindent 8 + }} + {{ include "incloud-web-resources.factory.linkblock" (dict + "reqIndex" 0 + "type" "name" + "jsonPath" ".metadata.name" + "factory" "node-details" + ) | nindent 12 + }} + - name: Status + type: factory + customProps: + disableEventBubbling: true + items: + {{ include "incloud-web-resources.factory.statuses.node" . | nindent 8 }} + - jsonPath: .metadata.creationTimestamp + name: Created + type: factory + customProps: + disableEventBubbling: true + items: + {{ include "incloud-web-resources.factory.timeblock" (dict + "req" ".metadata.creationTimestamp" + ) | nindent 8 + }} + additionalPrinterColumnsTrimLengths: + - key: Name + value: 64 + id: stock-cluster-/v1/nodes diff --git a/packages/system/dashboard-config/templates/CustomColumnsOverride/v1.pods.yaml b/packages/system/dashboard-config/templates/CustomColumnsOverride/v1.pods.yaml new file mode 100644 index 00000000..35450665 --- /dev/null +++ b/packages/system/dashboard-config/templates/CustomColumnsOverride/v1.pods.yaml @@ -0,0 +1,364 @@ +--- +apiVersion: dashboard.cozystack.io/v1alpha1 +kind: CustomColumnsOverride +metadata: + name: "factory-node-details-v1.pods" +spec: + additionalPrinterColumns: + - jsonPath: .metadata.name + name: Name + type: factory + customProps: + disableEventBubbling: true + items: + {{ include "incloud-web-resources.icon" (dict + "text" "P" + "title" "pod" + "backgroundColor" "#009596" + )| nindent 8 + }} + {{ include "incloud-web-resources.factory.linkblock" (dict + "reqIndex" 0 + "type" "name" + "jsonPath" ".metadata.name" + "namespace" "{reqsJsonPath[0]['.metadata.namespace']['-']}" + "factory" "pod-details" + ) | nindent 12 + }} + - jsonPath: .metadata.namespace + name: Namespace + type: factory + customProps: + disableEventBubbling: true + items: + {{ include "incloud-web-resources.icon" (dict + "text" "NS" + "title" "namespace" + "backgroundColor" "#a25792ff" + )| nindent 8 + }} + {{ include "incloud-web-resources.factory.linkblock" (dict + "reqIndex" 0 + "type" "namespace" + "jsonPath" ".metadata.namespace" + "factory" "namespace-details" + ) | nindent 12 + }} + - jsonPath: .spec.restartPolicy + name: Restart Policy + type: string + - jsonPath: .status.podIP + name: Pod IP + type: string + # - jsonPath: .status.conditions[?(@.type=="ContainersReady")].status + # name: Status Containers + # type: string + # - jsonPath: .status.conditions[?(@.type=="PodScheduled")].status + # name: Status Scheduled + # type: string + - jsonPath: .status.qosClass + name: QOS + type: string + - name: Status + type: factory + customProps: + disableEventBubbling: true + items: + {{ include "incloud-web-resources.factory.statuses.pod" . | nindent 8 }} + - jsonPath: .metadata.creationTimestamp + name: Created + type: factory + customProps: + disableEventBubbling: true + items: + {{ include "incloud-web-resources.factory.timeblock" (dict + "req" ".metadata.creationTimestamp" + ) | nindent 8 + }} + additionalPrinterColumnsUndefinedValues: + - key: Node + value: Unschedulable + - key: Pod IP + value: NotAllocated + additionalPrinterColumnsTrimLengths: + - key: Name + value: 64 + id: "factory-node-details-/v1/pods" + +--- +apiVersion: dashboard.cozystack.io/v1alpha1 +kind: CustomColumnsOverride +metadata: + name: "factory-v1.pods" +spec: + additionalPrinterColumns: + - jsonPath: .metadata.name + name: Name + type: factory + customProps: + disableEventBubbling: true + items: + {{ include "incloud-web-resources.icon" (dict + "text" "P" + "title" "pod" + "backgroundColor" "#009596" + )| nindent 8 + }} + {{ include "incloud-web-resources.factory.linkblock" (dict + "reqIndex" 0 + "type" "name" + "jsonPath" ".metadata.name" + "namespace" "{reqsJsonPath[0]['.metadata.namespace']['-']}" + "factory" "pod-details" + ) | nindent 12 + }} + - name: Node + type: factory + customProps: + disableEventBubbling: true + items: + {{ include "incloud-web-resources.icon" (dict + "text" "N" + "title" "node" + "backgroundColor" "#8476d1" + )| nindent 8 + }} + {{ include "incloud-web-resources.factory.linkblock" (dict + "reqIndex" 0 + "type" "name" + "jsonPath" ".spec.nodeName" + "factory" "node-details" + ) | nindent 12 + }} + - jsonPath: .spec.restartPolicy + name: Restart Policy + type: string + - jsonPath: .status.podIP + name: Pod IP + type: string + # - jsonPath: .status.conditions[?(@.type=="ContainersReady" || @.type=="PodReady")].status + # name: Status Containers + # type: string + # - jsonPath: .status.conditions[?(@.type=="PodScheduled")].status + # name: Status Scheduled + # type: string + - jsonPath: .status.qosClass + name: QOS + type: string + - name: Status + type: factory + customProps: + disableEventBubbling: true + items: + {{ include "incloud-web-resources.factory.statuses.pod" . | nindent 8 }} + - jsonPath: .metadata.creationTimestamp + name: Created + type: factory + customProps: + disableEventBubbling: true + items: + {{ include "incloud-web-resources.factory.timeblock" (dict + "req" ".metadata.creationTimestamp" + ) | nindent 8 + }} + additionalPrinterColumnsUndefinedValues: + - key: Node + value: Unschedulable + - key: Pod IP + value: NotAllocated + additionalPrinterColumnsTrimLengths: + - key: Name + value: 64 + id: "factory-/v1/pods" + +--- +apiVersion: dashboard.cozystack.io/v1alpha1 +kind: CustomColumnsOverride +metadata: + name: "stock-cluster-v1.pods" +spec: + additionalPrinterColumns: + - jsonPath: .metadata.name + name: Name + type: factory + customProps: + disableEventBubbling: true + items: + {{ include "incloud-web-resources.icon" (dict + "text" "P" + "title" "pod" + "backgroundColor" "#009596" + )| nindent 8 + }} + {{ include "incloud-web-resources.factory.linkblock" (dict + "reqIndex" 0 + "type" "name" + "jsonPath" ".metadata.name" + "namespace" "{reqsJsonPath[0]['.metadata.namespace']['-']}" + "factory" "pod-details" + ) | nindent 12 + }} + - jsonPath: .metadata.namespace + name: Namespace + type: factory + customProps: + disableEventBubbling: true + items: + {{ include "incloud-web-resources.icon" (dict + "text" "NS" + "title" "namespace" + "backgroundColor" "#a25792ff" + )| nindent 8 + }} + {{ include "incloud-web-resources.factory.linkblock" (dict + "reqIndex" 0 + "type" "namespace" + "jsonPath" ".metadata.namespace" + "factory" "namespace-details" + ) | nindent 12 + }} + - jsonPath: .spec.nodeName + name: Node + type: factory + customProps: + disableEventBubbling: true + items: + {{ include "incloud-web-resources.icon" (dict + "text" "N" + "title" "node" + "backgroundColor" "#8476d1" + )| nindent 8 + }} + {{ include "incloud-web-resources.factory.linkblock" (dict + "reqIndex" 0 + "type" "name" + "jsonPath" ".spec.nodeName" + "factory" "node-details" + ) | nindent 12 + }} + - jsonPath: .spec.restartPolicy + name: Restart Policy + type: string + - jsonPath: .status.podIP + name: Pod IP + type: string + # - jsonPath: .status.conditions[?(@.type=="ContainersReady")].status + # name: Status Containers + # type: string + # - jsonPath: .status.conditions[?(@.type=="PodScheduled")].status + # name: Status Scheduled + # type: string + - jsonPath: .status.qosClass + name: QOS + type: string + - name: Status + type: factory + customProps: + disableEventBubbling: true + items: + {{ include "incloud-web-resources.factory.statuses.pod" . | nindent 8 }} + - jsonPath: .metadata.creationTimestamp + name: Created + type: factory + customProps: + disableEventBubbling: true + items: + {{ include "incloud-web-resources.factory.timeblock" (dict + "req" ".metadata.creationTimestamp" + ) | nindent 8 + }} + additionalPrinterColumnsUndefinedValues: + - key: Node + value: Unschedulable + - key: Pod IP + value: NotAllocated + additionalPrinterColumnsTrimLengths: + - key: Name + value: 64 + id: "stock-cluster-/v1/pods" + +--- +apiVersion: dashboard.cozystack.io/v1alpha1 +kind: CustomColumnsOverride +metadata: + name: "stock-namespace-v1.pods" +spec: + additionalPrinterColumns: + - jsonPath: .metadata.name + name: Name + type: factory + customProps: + disableEventBubbling: true + items: + {{ include "incloud-web-resources.icon" (dict + "text" "P" + "title" "pod" + "backgroundColor" "#009596" + )| nindent 8 + }} + {{ include "incloud-web-resources.factory.linkblock" (dict + "reqIndex" 0 + "type" "name" + "jsonPath" ".metadata.name" + "namespace" "{reqsJsonPath[0]['.metadata.namespace']['-']}" + "factory" "pod-details" + ) | nindent 12 + }} + - name: Node + type: factory + customProps: + disableEventBubbling: true + items: + {{ include "incloud-web-resources.icon" (dict + "text" "N" + "title" "node" + "backgroundColor" "#8476d1" + )| nindent 8 + }} + {{ include "incloud-web-resources.factory.linkblock" (dict + "reqIndex" 0 + "type" "name" + "jsonPath" ".spec.nodeName" + "factory" "node-details" + ) | nindent 12 + }} + - jsonPath: .spec.restartPolicy + name: Restart Policy + type: string + - jsonPath: .status.podIP + name: Pod IP + type: string + # - jsonPath: .status.conditions[?(@.type=="ContainersReady")].status + # name: Status Containers + # type: string + # - jsonPath: .status.conditions[?(@.type=="PodScheduled")].status + # name: Status Scheduled + # type: string + - jsonPath: .status.qosClass + name: QOS + type: string + - name: Status + type: factory + customProps: + disableEventBubbling: true + items: + {{ include "incloud-web-resources.factory.statuses.pod" . | nindent 8 }} + - jsonPath: .metadata.creationTimestamp + name: Created + type: factory + customProps: + disableEventBubbling: true + items: + {{ include "incloud-web-resources.factory.timeblock" (dict + "req" ".metadata.creationTimestamp" + ) | nindent 8 + }} + additionalPrinterColumnsUndefinedValues: + - key: Node + value: Unschedulable + - key: Pod IP + value: NotAllocated + additionalPrinterColumnsTrimLengths: + - key: Name + value: 64 + id: "stock-namespace-/v1/pods" diff --git a/packages/system/dashboard-config/templates/CustomColumnsOverride/v1.secrets.yaml b/packages/system/dashboard-config/templates/CustomColumnsOverride/v1.secrets.yaml new file mode 100644 index 00000000..dbcc6f3a --- /dev/null +++ b/packages/system/dashboard-config/templates/CustomColumnsOverride/v1.secrets.yaml @@ -0,0 +1,111 @@ +--- +apiVersion: dashboard.cozystack.io/v1alpha1 +kind: CustomColumnsOverride +metadata: + name: "stock-cluster-v1.secrets" +spec: + additionalPrinterColumns: + - jsonPath: .metadata.name + name: Name + type: factory + customProps: + disableEventBubbling: true + items: + {{ include "incloud-web-resources.icon" (dict + "text" "S" + "title" "secret" + "backgroundColor" "#c46100" + )| nindent 8 + }} + {{ include "incloud-web-resources.factory.linkblock" (dict + "reqIndex" 0 + "type" "name" + "jsonPath" ".metadata.name" + "namespace" "{reqsJsonPath[0]['.metadata.namespace']['-']}" + "factory" "secret-details" + ) | nindent 12 + }} + - jsonPath: .metadata.namespace + name: Namespace + type: factory + customProps: + disableEventBubbling: true + items: + {{ include "incloud-web-resources.icon" (dict + "text" "NS" + "title" "namespace" + "backgroundColor" "#a25792ff" + )| nindent 8 + }} + {{ include "incloud-web-resources.factory.linkblock" (dict + "reqIndex" 0 + "type" "namespace" + "jsonPath" ".metadata.namespace" + "factory" "namespace-details" + ) | nindent 12 + }} + - jsonPath: .type + name: Type + type: string + - jsonPath: .metadata.creationTimestamp + name: Created + type: factory + customProps: + disableEventBubbling: true + items: + {{ include "incloud-web-resources.factory.timeblock" (dict + "req" ".metadata.creationTimestamp" + ) | nindent 8 + }} + additionalPrinterColumnsTrimLengths: + - key: Name + value: 64 + id: "stock-cluster-/v1/secrets" + +--- +apiVersion: dashboard.cozystack.io/v1alpha1 +kind: CustomColumnsOverride +metadata: + name: "stock-namespace-v1.secrets" +spec: + additionalPrinterColumns: + - jsonPath: .metadata.name + name: Name + type: factory + customProps: + disableEventBubbling: true + items: + {{ include "incloud-web-resources.icon" (dict + "text" "S" + "title" "secret" + "backgroundColor" "#c46100" + )| nindent 8 + }} + {{ include "incloud-web-resources.factory.linkblock" (dict + "reqIndex" 0 + "type" "name" + "jsonPath" ".metadata.name" + "namespace" "{reqsJsonPath[0]['.metadata.namespace']['-']}" + "factory" "secret-details" + ) | nindent 12 + }} + - jsonPath: .type + name: Type + type: string + - jsonPath: .metadata.creationTimestamp + name: Created + type: factory + customProps: + disableEventBubbling: true + items: + {{ include "incloud-web-resources.factory.timeblock" (dict + "req" ".metadata.creationTimestamp" + ) | nindent 8 + }} + additionalPrinterColumnsTrimLengths: + - key: Name + value: 64 + additionalPrinterColumnsUndefinedValues: + - key: Namespace + value: "-" + id: "stock-namespace-/v1/secrets" diff --git a/packages/system/dashboard-config/templates/CustomColumnsOverride/v1alpha1.cozystack.io.workloads.yaml b/packages/system/dashboard-config/templates/CustomColumnsOverride/v1alpha1.cozystack.io.workloads.yaml new file mode 100644 index 00000000..2dc62cc3 --- /dev/null +++ b/packages/system/dashboard-config/templates/CustomColumnsOverride/v1alpha1.cozystack.io.workloads.yaml @@ -0,0 +1,42 @@ +--- +apiVersion: dashboard.cozystack.io/v1alpha1 +kind: CustomColumnsOverride +metadata: + name: factory-details-v1alpha1.cozystack.io.workloads +spec: + id: factory-details-v1alpha1.cozystack.io.workloads + additionalPrinterColumns: + - jsonPath: .metadata.name + name: Name + type: string + - jsonPath: .status.kind + name: Kind + type: string + - jsonPath: .status.type + name: Type + type: string + - jsonPath: .status.resources.cpu + name: CPU + type: string + - jsonPath: .status.resources.memory + name: Memory + type: string + - jsonPath: .status.operational + name: Operational + type: string + additionalPrinterColumnsTrimLengths: + - key: Name + value: 64 + additionalPrinterColumnsUndefinedValues: + - key: Name + value: "-" + - key: Kind + value: "-" + - key: Type + value: "-" + - key: CPU + value: "-" + - key: Memory + value: "-" + - key: Operational + value: "-" diff --git a/packages/system/dashboard-config/templates/CustomFormOverride/networking.k8s.io.v1.ingresses.yaml b/packages/system/dashboard-config/templates/CustomFormOverride/networking.k8s.io.v1.ingresses.yaml new file mode 100644 index 00000000..e37effd6 --- /dev/null +++ b/packages/system/dashboard-config/templates/CustomFormOverride/networking.k8s.io.v1.ingresses.yaml @@ -0,0 +1,13 @@ +--- +apiVersion: dashboard.cozystack.io/v1alpha1 +kind: CustomFormsOverride +metadata: + name: default-networking.k8s.io.v1.ingresses +spec: + customizationId: "default-/networking.k8s.io/v1/ingresses" + hidden: + {{ include "incloud-web-resources.customformoverride.hidden.metadata.system" . | nindent 4 }} + {{ include "incloud-web-resources.customformoverride.hidden.metadata.api" . | nindent 4 }} + {{ include "incloud-web-resources.customformoverride.hidden.status" . | nindent 4 }} + schema: {} + strategy: merge diff --git a/packages/system/dashboard-config/templates/CustomFormOverride/storage.k8s.io.v1.storageclasses.yaml b/packages/system/dashboard-config/templates/CustomFormOverride/storage.k8s.io.v1.storageclasses.yaml new file mode 100644 index 00000000..6d52f275 --- /dev/null +++ b/packages/system/dashboard-config/templates/CustomFormOverride/storage.k8s.io.v1.storageclasses.yaml @@ -0,0 +1,13 @@ +--- +apiVersion: dashboard.cozystack.io/v1alpha1 +kind: CustomFormsOverride +metadata: + name: default-storage.k8s.io.v1.storageclasses +spec: + customizationId: "default-/storage.k8s.io/v1/storageclasses" + hidden: + {{ include "incloud-web-resources.customformoverride.hidden.metadata.system" . | nindent 4 }} + {{ include "incloud-web-resources.customformoverride.hidden.metadata.api" . | nindent 4 }} + {{ include "incloud-web-resources.customformoverride.hidden.status" . | nindent 4 }} + schema: {} + strategy: merge diff --git a/packages/system/dashboard-config/templates/CustomFormOverride/v1.configmaps.yaml b/packages/system/dashboard-config/templates/CustomFormOverride/v1.configmaps.yaml new file mode 100644 index 00000000..739cac5a --- /dev/null +++ b/packages/system/dashboard-config/templates/CustomFormOverride/v1.configmaps.yaml @@ -0,0 +1,13 @@ +--- +apiVersion: dashboard.cozystack.io/v1alpha1 +kind: CustomFormsOverride +metadata: + name: default-v1.configmaps +spec: + customizationId: "default-/v1/configmaps" + hidden: + {{ include "incloud-web-resources.customformoverride.hidden.metadata.system" . | nindent 4 }} + {{ include "incloud-web-resources.customformoverride.hidden.metadata.api" . | nindent 4 }} + {{ include "incloud-web-resources.customformoverride.hidden.status" . | nindent 4 }} + schema: {} + strategy: merge diff --git a/packages/system/dashboard-config/templates/CustomFormOverride/v1.namespaces.yaml b/packages/system/dashboard-config/templates/CustomFormOverride/v1.namespaces.yaml new file mode 100644 index 00000000..6106bf8f --- /dev/null +++ b/packages/system/dashboard-config/templates/CustomFormOverride/v1.namespaces.yaml @@ -0,0 +1,13 @@ +--- +apiVersion: dashboard.cozystack.io/v1alpha1 +kind: CustomFormsOverride +metadata: + name: default-v1.namespaces +spec: + customizationId: "default-/v1/namespaces" + hidden: + {{ include "incloud-web-resources.customformoverride.hidden.metadata.system-clusterscope" . | nindent 4 }} + {{ include "incloud-web-resources.customformoverride.hidden.metadata.api" . | nindent 4 }} + {{ include "incloud-web-resources.customformoverride.hidden.status" . | nindent 4 }} + schema: {} + strategy: merge diff --git a/packages/system/dashboard-config/templates/CustomFormOverride/v1.nodes.yaml b/packages/system/dashboard-config/templates/CustomFormOverride/v1.nodes.yaml new file mode 100644 index 00000000..e2b4bc3c --- /dev/null +++ b/packages/system/dashboard-config/templates/CustomFormOverride/v1.nodes.yaml @@ -0,0 +1,13 @@ +--- +apiVersion: dashboard.cozystack.io/v1alpha1 +kind: CustomFormsOverride +metadata: + name: default-v1.nodes +spec: + customizationId: "default-/v1/nodes" + hidden: + {{ include "incloud-web-resources.customformoverride.hidden.metadata.system-clusterscope" . | nindent 4 }} + {{ include "incloud-web-resources.customformoverride.hidden.metadata.api" . | nindent 4 }} + {{ include "incloud-web-resources.customformoverride.hidden.status" . | nindent 4 }} + schema: {} + strategy: merge diff --git a/packages/system/dashboard-config/templates/CustomFormOverride/v1.persistentvolumeclaims.yaml b/packages/system/dashboard-config/templates/CustomFormOverride/v1.persistentvolumeclaims.yaml new file mode 100644 index 00000000..e82b72ea --- /dev/null +++ b/packages/system/dashboard-config/templates/CustomFormOverride/v1.persistentvolumeclaims.yaml @@ -0,0 +1,13 @@ +--- +apiVersion: dashboard.cozystack.io/v1alpha1 +kind: CustomFormsOverride +metadata: + name: default-v1.persistentvolumeclaims +spec: + customizationId: "default-/v1/persistentvolumeclaims" + hidden: + {{ include "incloud-web-resources.customformoverride.hidden.metadata.system" . | nindent 4 }} + {{ include "incloud-web-resources.customformoverride.hidden.metadata.api" . | nindent 4 }} + {{ include "incloud-web-resources.customformoverride.hidden.status" . | nindent 4 }} + schema: {} + strategy: merge diff --git a/packages/system/dashboard-config/templates/CustomFormOverride/v1.persistentvolumes.yaml b/packages/system/dashboard-config/templates/CustomFormOverride/v1.persistentvolumes.yaml new file mode 100644 index 00000000..20472c98 --- /dev/null +++ b/packages/system/dashboard-config/templates/CustomFormOverride/v1.persistentvolumes.yaml @@ -0,0 +1,13 @@ +--- +apiVersion: dashboard.cozystack.io/v1alpha1 +kind: CustomFormsOverride +metadata: + name: default-v1.persistentvolumes +spec: + customizationId: "default-/v1/persistentvolumes" + hidden: + {{ include "incloud-web-resources.customformoverride.hidden.metadata.system" . | nindent 4 }} + {{ include "incloud-web-resources.customformoverride.hidden.metadata.api" . | nindent 4 }} + {{ include "incloud-web-resources.customformoverride.hidden.status" . | nindent 4 }} + schema: {} + strategy: merge diff --git a/packages/system/dashboard-config/templates/CustomFormOverride/v1.pods.yaml b/packages/system/dashboard-config/templates/CustomFormOverride/v1.pods.yaml new file mode 100644 index 00000000..7acf2ddb --- /dev/null +++ b/packages/system/dashboard-config/templates/CustomFormOverride/v1.pods.yaml @@ -0,0 +1,13 @@ +--- +apiVersion: dashboard.cozystack.io/v1alpha1 +kind: CustomFormsOverride +metadata: + name: default-v1.pods +spec: + customizationId: "default-/v1/pods" + hidden: + {{ include "incloud-web-resources.customformoverride.hidden.metadata.system" . | nindent 4 }} + {{ include "incloud-web-resources.customformoverride.hidden.metadata.api" . | nindent 4 }} + {{ include "incloud-web-resources.customformoverride.hidden.status" . | nindent 4 }} + schema: {} + strategy: merge diff --git a/packages/system/dashboard-config/templates/CustomFormOverride/v1.secrets.yaml b/packages/system/dashboard-config/templates/CustomFormOverride/v1.secrets.yaml new file mode 100644 index 00000000..a5127240 --- /dev/null +++ b/packages/system/dashboard-config/templates/CustomFormOverride/v1.secrets.yaml @@ -0,0 +1,13 @@ +--- +apiVersion: dashboard.cozystack.io/v1alpha1 +kind: CustomFormsOverride +metadata: + name: default-v1.secrets +spec: + customizationId: "default-/v1/secrets" + hidden: + {{ include "incloud-web-resources.customformoverride.hidden.metadata.system" . | nindent 4 }} + {{ include "incloud-web-resources.customformoverride.hidden.metadata.api" . | nindent 4 }} + {{ include "incloud-web-resources.customformoverride.hidden.status" . | nindent 4 }} + schema: {} + strategy: merge diff --git a/packages/system/dashboard-config/templates/CustomFormOverride/v1.services.yaml b/packages/system/dashboard-config/templates/CustomFormOverride/v1.services.yaml new file mode 100644 index 00000000..ed91341e --- /dev/null +++ b/packages/system/dashboard-config/templates/CustomFormOverride/v1.services.yaml @@ -0,0 +1,13 @@ +--- +apiVersion: dashboard.cozystack.io/v1alpha1 +kind: CustomFormsOverride +metadata: + name: default-v1.services +spec: + customizationId: "default-/v1/services" + hidden: + {{ include "incloud-web-resources.customformoverride.hidden.metadata.system" . | nindent 4 }} + {{ include "incloud-web-resources.customformoverride.hidden.metadata.api" . | nindent 4 }} + {{ include "incloud-web-resources.customformoverride.hidden.status" . | nindent 4 }} + schema: {} + strategy: merge diff --git a/packages/system/dashboard-config/templates/Factory/cozy-marketplace.yaml b/packages/system/dashboard-config/templates/Factory/cozy-marketplace.yaml new file mode 100644 index 00000000..a2857001 --- /dev/null +++ b/packages/system/dashboard-config/templates/Factory/cozy-marketplace.yaml @@ -0,0 +1,29 @@ +--- +apiVersion: dashboard.cozystack.io/v1alpha1 +kind: Factory +metadata: + name: marketplace +spec: + key: marketplace + sidebarTags: + - marketplace-sidebar + withScrollableMainContentCard: true + urlsToFetch: [] + data: + - type: ContentCard + data: + id: 31 + title: "Marketplace" + style: + flexGrow: 1 + children: + - type: MarketplaceCard + data: + id: 311 + clusterNamePartOfUrl: "{2}" + namespacePartOfUrl: "{3}" + baseApiGroup: dashboard.cozystack.io + baseApiVersion: v1alpha1 + mpResourceName: marketplacepanels + mpResourceKind: MarketplacePanel + baseprefix: openapi-ui diff --git a/packages/system/dashboard-config/templates/Factory/helpers/annotations.tpl b/packages/system/dashboard-config/templates/Factory/helpers/annotations.tpl new file mode 100644 index 00000000..8e49c717 --- /dev/null +++ b/packages/system/dashboard-config/templates/Factory/helpers/annotations.tpl @@ -0,0 +1,30 @@ +{{- define "incloud-web-resources.factory.annotations.block" -}} +{{- $i := (default 0 .reqIndex) -}} +{{- $jsonPath := (default ".metadata.annotations" .jsonPath) -}} +{{- $endpoint := (default "" .endpoint) -}} +{{- $pathToValue := (default "/metadata/annotations" .pathToValue) -}} +- type: antdText + data: + id: annotations + strong: true + text: Annotations +- type: Annotations + data: + id: annotations + reqIndex: 0 + jsonPathToObj: "{{ $jsonPath }}" + text: "~counter~ Annotations" + errorText: "0 Annotations" + notificationSuccessMessage: "Updated successfully" + notificationSuccessMessageDescription: "Annotations have been updated" + modalTitle: "Edit annotations" + modalDescriptionText: "" + inputLabel: "" + endpoint: "{{ $endpoint }}" + pathToValue: "{{ $pathToValue }}" + editModalWidth: "800px" + cols: + - 11 + - 11 + - 2 +{{- end -}} diff --git a/packages/system/dashboard-config/templates/Factory/helpers/counters.tpl b/packages/system/dashboard-config/templates/Factory/helpers/counters.tpl new file mode 100644 index 00000000..da6c1fdf --- /dev/null +++ b/packages/system/dashboard-config/templates/Factory/helpers/counters.tpl @@ -0,0 +1,35 @@ +{{- define "incloud-web-resources.factory.counters.fields" -}} +{{- $i := (default 0 .reqIndex) -}} +{{- $type := (default "counter" .type) -}} +{{- $title := (default "" .title) -}} +- type: antdText + data: + id: {{ printf "%s-label" $type }} + strong: true + text: "{{ $title }}" +- type: ItemCounter + data: + id: {{ printf "%s-counter" $type }} + text: "~counter~ {{ $type }}" + reqIndex: {{$i}} + jsonPathToArray: "{{ .jsonPath | default "" }}" + errorText: "Error" +{{- end -}} + +{{- define "incloud-web-resources.factory.counters.object.fields" -}} +{{- $i := (default 0 .reqIndex) -}} +{{- $type := (default "counter" .type) -}} +{{- $title := (default "" .title) -}} +- type: antdText + data: + id: {{ printf "%s-label" $type }} + strong: true + text: "{{ $title }}" +- type: KeyCounter + data: + id: {{ printf "%s-counter" $type }} + text: "~counter~ {{ $type }}" + reqIndex: {{$i}} + jsonPathToObj: "{{ .jsonPath | default "" }}" + errorText: "Error" +{{- end -}} diff --git a/packages/system/dashboard-config/templates/Factory/helpers/labels.tpl b/packages/system/dashboard-config/templates/Factory/helpers/labels.tpl new file mode 100644 index 00000000..9fe7afb3 --- /dev/null +++ b/packages/system/dashboard-config/templates/Factory/helpers/labels.tpl @@ -0,0 +1,64 @@ +{{- define "incloud-web-resources.factory.labels" -}} +{{- $i := (default 0 .reqIndex) -}} +{{- $type := (default "labels" .type) -}} +{{- $title := (default "Labels" .title) -}} +{{- $jsonPath := (default ".metadata.labels" .jsonPath) -}} +{{- $endpoint := (default "" .endpoint) -}} +{{- $pathToValue := (default "/metadata/labels" .pathToValue) -}} +{{- $maxTagTextLength := (default 35 .maxTagTextLength) -}} +{{- $maxEditTagTextLength := (default 35 .maxEditTagTextLength) -}} +{{- $notificationSuccessMessage := (default "Updated successfully" .notificationSuccessMessage) -}} +{{- $notificationSuccessMessageDescription := (default "Labels have been updated" .notificationSuccessMessageDescription) -}} +{{- $modalTitle := (default "Edit labels" .modalTitle) -}} +{{- $modalDescriptionText := (default "" .modalDescriptionText) -}} +{{- $inputLabel := (default "" .inputLabel) -}} +{{- $containerMarginTop := (default "-30px" .containerMarginTop) -}} +- type: antdText + data: + id: {{ printf "%s-title" $type }} + text: "{{ $title }}" + strong: true + style: + fontSize: 14 +- type: Labels + data: + id: {{ printf "%s-editor" $type }} + reqIndex: {{ $i }} + jsonPathToLabels: "{{ $jsonPath }}" + selectProps: + maxTagTextLength: {{ $maxTagTextLength }} + notificationSuccessMessage: "{{ $notificationSuccessMessage }}" + notificationSuccessMessageDescription: "{{ $notificationSuccessMessageDescription }}" + modalTitle: "{{ $modalTitle }}" + modalDescriptionText: "{{ $modalDescriptionText }}" + inputLabel: "{{ $inputLabel }}" + containerStyle: + marginTop: "{{ $containerMarginTop }}" + maxEditTagTextLength: {{ $maxEditTagTextLength }} + endpoint: "{{ $endpoint }}" + pathToValue: "{{ $pathToValue }}" + editModalWidth: 650 + paddingContainerEnd: "24px" +{{- end -}} + +{{- define "incloud-web-resources.factory.labels.base.selector" -}} +{{- $i := (default 0 .reqIndex) -}} +{{- $type := (default "pod-selector" .type) -}} +{{- $title := (default "Pod selector" .title) -}} +{{- $jsonPath := (default ".spec.template.metadata.labels" .jsonPath) -}} +- type: antdText + data: + id: {{ printf "%s-selector" $type }} + text: "{{ $title }}" + strong: true + style: + fontSize: 14 +- type: LabelsToSearchParams + data: + id: {{ printf "%s-to-search-params" $type }} + reqIndex: {{$i}} + jsonPathToLabels: "{{ $jsonPath }}" + linkPrefix: "{{ .linkPrefix | default "/openapi-ui/{2}/search" }}" + errorText: "-" +{{- end -}} + diff --git a/packages/system/dashboard-config/templates/Factory/helpers/links.tpl b/packages/system/dashboard-config/templates/Factory/helpers/links.tpl new file mode 100644 index 00000000..7bfa6023 --- /dev/null +++ b/packages/system/dashboard-config/templates/Factory/helpers/links.tpl @@ -0,0 +1,43 @@ +{{- define "incloud-web-resources.factory.links.details" -}} +{{- $i := (default 0 .reqIndex) -}} +{{- $type := (default "" .type) -}} +{{- $title := (default "" .title) -}} +{{- $jsonPath := (default "" .jsonPath) -}} +{{- $factory := (default "" .factory) -}} +{{- $ns := (default "" .namespace) -}} + +{{- $nsPart := "" -}} +{{- if ne $ns "" }} + {{- $nsPart = printf "%s/" $ns -}} +{{- end }} +- type: parsedText + data: + id: {{ printf "%s-title" $type }} + strong: true + text: "{{ $title }}" + style: + fontWeight: bold +- type: antdLink + data: + id: {{ printf "%s-link" $type }} + text: "{reqsJsonPath[{{$i}}]['{{ $jsonPath }}']['-']}" + href: "/openapi-ui/{2}/{{$nsPart}}factory/{{ $factory }}/{reqsJsonPath[{{$i}}]['{{ $jsonPath }}']['-']}" +{{- end -}} + +{{- define "incloud-web-resources.factory.linkblock" -}} +{{- $i := (default 0 .reqIndex) -}} +{{- $type := (default "" .type) -}} +{{- $jsonPath := (default "" .jsonPath) -}} +{{- $factory := (default "" .factory) -}} +{{- $ns := (default "" .namespace) -}} + +{{- $nsPart := "" -}} +{{- if ne $ns "" }} + {{- $nsPart = printf "%s/" $ns -}} +{{- end }} +- type: antdLink + data: + id: {{ printf "%s-link" $type }} + text: "{reqsJsonPath[{{$i}}]['{{ $jsonPath }}']['-']}" + href: "/openapi-ui/{2}/{{$nsPart}}factory/{{ $factory }}/{reqsJsonPath[{{$i}}]['{{ $jsonPath }}']['-']}" +{{- end -}} diff --git a/packages/system/dashboard-config/templates/Factory/helpers/statuses.tpl b/packages/system/dashboard-config/templates/Factory/helpers/statuses.tpl new file mode 100644 index 00000000..5725600c --- /dev/null +++ b/packages/system/dashboard-config/templates/Factory/helpers/statuses.tpl @@ -0,0 +1,189 @@ +{{- define "incloud-web-resources.factory.statuses.deployment" -}} +- type: StatusText + data: + id: header-status + # 1) Collect all possible Deployment conditions + values: + - "{reqsJsonPath[0]['.status.conditions[*].reason']['-']}" + + # 2) Criteria: positive / negative; neutral goes to fallback + criteriaSuccess: equals + valueToCompareSuccess: + # Positive reasons + - "MinimumReplicasAvailable" # Available: all replicas are healthy + - "NewReplicaSetAvailable" # Progressing: new RS serves traffic + - "ReplicaSetUpdated" # Progressing: RS is updated/synced + - "Complete" # Update completed successfully + + criteriaError: equals + valueToCompareError: + # Negative reasons + - "DeploymentReplicaFailure" # General replica failure + - "FailedCreate" # Failed to create Pod/RS + - "FailedDelete" # Failed to delete resource + - "FailedScaleUp" # Failed to scale up + - "FailedScaleDown" # Failed to scale down + + # 3) Texts to display + successText: "Available" + errorText: "Error" + fallbackText: "Progressing" + + # Notes on neutral/fallback cases: + # - ReplicaSetUpdated β†’ neutral/positive (update in progress) + # - ScalingReplicaSet β†’ neutral (normal scale up/down) + # - Paused / DeploymentPausedβ†’ neutral (manually paused by admin) + # - NewReplicaSetCreated β†’ neutral (new RS created, not yet serving) + # - FoundNewReplicaSet β†’ neutral (RS found, syncing) + # - MinimumReplicasUnavailable β†’ neutral (some replicas not ready yet) + # - ProgressDeadlineExceeded β†’ error-like, stuck in progress +{{- end -}} + +{{- define "incloud-web-resources.factory.statuses.pod" -}} +- type: StatusText + data: + id: pod-status + + # --- Collected values from Pod status ----------------------------------- + values: + # Init containers + - "{reqsJsonPath[0]['.status.initContainerStatuses[*].state.waiting.reason']}" + - "{reqsJsonPath[0]['.status.initContainerStatuses[*].state.terminated.reason']}" + - "{reqsJsonPath[0]['.status.initContainerStatuses[*].lastState.terminated.reason']}" + + # Main containers + - "{reqsJsonPath[0]['.status.containerStatuses[*].state.waiting.reason']}" + - "{reqsJsonPath[0]['.status.containerStatuses[*].state.terminated.reason']}" + - "{reqsJsonPath[0]['.status.containerStatuses[*].lastState.terminated.reason']}" + + # Pod phase and general reason + - "{reqsJsonPath[0]['.status.phase']}" + - "{reqsJsonPath[0]['.status.reason']}" + + # Condition reasons (PodScheduled / Initialized / ContainersReady / Ready) + - "{reqsJsonPath[0]['.status.conditions[*].reason']}" + + # --- Success criteria --------------------------------------------------- + criteriaSuccess: notEquals + stategySuccess: every + valueToCompareSuccess: + # Graceful or expected state transitions + - "Preempted" + - "Shutdown" + - "NodeShutdown" + - "DisruptionTarget" + + # Transitional states (may require timeout) + - "Unschedulable" + - "SchedulingGated" + - "ContainersNotReady" + - "ContainersNotInitialized" + + # Temporary failures + - "BackOff" + + # Controlled shutdowns or benign errors + - "PreStopHookError" + - "KillError" + - "ContainerStatusUnknown" + + # --- Error criteria ----------------------------------------------------- + criteriaError: equals + strategyError: every + valueToCompareError: + # Pod-level fatal phases or errors + - "Failed" + - "Unknown" + - "Evicted" + - "NodeLost" + - "UnexpectedAdmissionError" + + # Scheduler-related failures + - "SchedulerError" + - "FailedScheduling" + + # Container-level fatal errors + - "CrashLoopBackOff" + - "ImagePullBackOff" + - "ErrImagePull" + - "ErrImageNeverPull" + - "InvalidImageName" + - "ImageInspectError" + - "CreateContainerConfigError" + - "CreateContainerError" + - "RunContainerError" + - "StartError" + - "PostStartHookError" + - "ContainerCannotRun" + - "OOMKilled" + - "Error" + - "DeadlineExceeded" + - "CreatePodSandboxError" + + # --- Output text rendering ---------------------------------------------- + successText: "{reqsJsonPath[0]['.status.phase']}" + errorText: "Error" + fallbackText: "Progressing" +{{- end -}} + +{{- define "incloud-web-resources.factory.statuses.node" -}} +- type: StatusText + data: + id: node-status + + # --- Collected values from Node status ---------------------------------- + values: + # Node phase and conditions + - "{reqsJsonPath[0]['.status.conditions[?(@.status=='True')].reason']['-']}" + + # --- Success criteria --------------------------------------------------- + criteriaSuccess: equals + stategySuccess: every + valueToCompareSuccess: + "KubeletReady" + + # --- Error criteria ----------------------------------------------------- + criteriaError: equals + strategyError: every + valueToCompareError: + # Node condition failures + - "KernelDeadlock" + - "ReadonlyFilesystem" + - "NetworkUnavailable" + - "MemoryPressure" + - "DiskPressure" + - "PIDPressure" + + # --- Output text rendering ---------------------------------------------- + successText: "Available" + errorText: "Unavailable" + fallbackText: "Progressing" +{{- end -}} + +{{- define "incloud-web-resources.factory.statuses.job" -}} +- type: StatusText + data: + id: header-status + + # --- Collected values from Job conditions ------------------------------- + values: + # Extracts the type of any condition where type == 'Complete' or 'Failed' + - "{reqsJsonPath[0]['.status.conditions[?(@.type=='Complete' || @.type=='Failed')].type']['-']}" + + # --- Success criteria --------------------------------------------------- + criteriaSuccess: equals + stategySuccess: every + valueToCompareSuccess: + - "Complete" # Job succeeded + + # --- Error criteria ----------------------------------------------------- + criteriaError: equals + strategyError: every # ← likely meant to be `strategyError` + valueToCompareError: + - "Failed" # Job failed + + # --- Output text rendering ---------------------------------------------- + successText: "Available" + errorText: "Unavailable" + fallbackText: "Progressing" +{{- end -}} diff --git a/packages/system/dashboard-config/templates/Factory/helpers/tables.tpl b/packages/system/dashboard-config/templates/Factory/helpers/tables.tpl new file mode 100644 index 00000000..a8e211cf --- /dev/null +++ b/packages/system/dashboard-config/templates/Factory/helpers/tables.tpl @@ -0,0 +1,40 @@ +{{- define "incloud-web-resources.factory.containers.table" -}} + {{- $i := (default 0 .reqIndex) -}} + {{- $type := (default "" .type) -}} + {{- $title := (default "Init containers" .title) -}} + {{- $jsonPath := (default "" .jsonPath) -}} + {{- $pathToItems := (default "" .pathToItems) -}} + {{- $apiGroup := (default "" .apiGroup) -}} + {{- $kind := (default "" .kind) -}} + {{- $resourceName := (default "" .resourceName) -}} + {{- $namespace := (default "" .namespace) -}} + {{- $namespacePart := "" -}} + {{- if ne $namespace "" }} + {{- $namespacePart = printf "namespaces/%s/" $namespace -}} + {{- end }} +- type: VisibilityContainer + data: + id: {{ printf "%s-container" $type }} + value: "{reqsJsonPath[{{$i}}]['{{ $jsonPath }}']['-']}" + style: + margin: 0 + padding: 0 + children: + - type: antdText + data: + id: {{ printf "%s-title" $type }} + text: "{{ $title }}" + strong: true + style: + fontSize: 22 + marginBottom: 32px + - type: EnrichedTable + data: + id: {{ printf "%s-table" $type }} + fetchUrl: "/api/clusters/{2}/k8s/{{ $apiGroup }}/{{$namespacePart}}{{ $kind }}/{{$resourceName}}" + clusterNamePartOfUrl: "{2}" + customizationId: {{ .customizationId | default ("") }} + baseprefix: "/openapi-ui" + withoutControls: {{ default true .withoutControls }} + pathToItems: {{ $pathToItems }} +{{- end -}} diff --git a/packages/system/dashboard-config/templates/Factory/helpers/taints.tpl b/packages/system/dashboard-config/templates/Factory/helpers/taints.tpl new file mode 100644 index 00000000..1d10b69d --- /dev/null +++ b/packages/system/dashboard-config/templates/Factory/helpers/taints.tpl @@ -0,0 +1,30 @@ +{{- define "incloud-web-resources.factory.taints.block" -}} +{{- $i := (default 0 .reqIndex) -}} +{{- $jsonPathToArray := (default "" .jsonPathToArray) -}} +{{- $endpoint := (default "" .endpoint) -}} +{{- $pathToValue := (default "" .pathToValue) -}} +- type: antdText + data: + id: taints + strong: true + text: Taints +- type: Taints + data: + id: taints + reqIndex: {{ $i }} + jsonPathToArray: "{{ $jsonPathToArray }}" + text: "~counter~ Taints" + errorText: "0 Taints" + notificationSuccessMessage: "Updated successfully" + notificationSuccessMessageDescription: "Taints have been updated" + modalTitle: "Edit taints" + modalDescriptionText: "" + inputLabel: "" + endpoint: "{{ $endpoint }}" + pathToValue: "{{ $pathToValue }}" + editModalWidth: "800px" + cols: + - 8 + - 8 + - 6 +{{- end -}} diff --git a/packages/system/dashboard-config/templates/Factory/helpers/times.tpl b/packages/system/dashboard-config/templates/Factory/helpers/times.tpl new file mode 100644 index 00000000..f939553a --- /dev/null +++ b/packages/system/dashboard-config/templates/Factory/helpers/times.tpl @@ -0,0 +1,42 @@ +{{- define "incloud-web-resources.factory.time.create" -}} +{{- $i := (default 0 .reqIndex) -}} +- type: antdText + data: + id: {{ .labelId | default "time-label" }} + strong: true + text: "{{ .text | default "Created" }}" +- type: antdFlex + data: + id: {{ .id | default "time-block" }} + align: center + gap: 6 + children: + - type: antdText + data: + id: {{ .iconId | default "time-icon" }} + text: "🌐" + - type: parsedText + data: + id: {{ .valueId | default "time-value" }} + text: "{reqsJsonPath[{{$i}}]['{{ .req }}']['-']}" + formatter: timestamp +{{- end -}} + +{{- define "incloud-web-resources.factory.timeblock" -}} +{{- $i := (default 0 .reqIndex) -}} +- type: antdFlex + data: + id: {{ .id | default "time-block" }} + align: center + gap: 6 + children: + - type: antdText + data: + id: {{ .iconId | default "time-icon" }} + text: "🌐" + - type: parsedText + data: + id: {{ .valueId | default "time-value" }} + text: "{reqsJsonPath[{{$i}}]['{{ .req }}']['-']}" + formatter: timestamp +{{- end -}} diff --git a/packages/system/dashboard-config/templates/Factory/helpers/tolerations.tpl b/packages/system/dashboard-config/templates/Factory/helpers/tolerations.tpl new file mode 100644 index 00000000..0123a3b6 --- /dev/null +++ b/packages/system/dashboard-config/templates/Factory/helpers/tolerations.tpl @@ -0,0 +1,32 @@ +{{- define "incloud-web-resources.factory.tolerations.block" -}} +{{- $i := (default 0 .reqIndex) -}} +{{- $jsonPathToArray := (default "" .jsonPathToArray) -}} +{{- $endpoint := (default "" .endpoint) -}} +{{- $pathToValue := (default "" .pathToValue) -}} +- type: antdText + data: + id: tolerations + strong: true + text: Tolerations +- type: Tolerations + data: + id: tolerations + reqIndex: {{ $i }} + jsonPathToArray: "{{ $jsonPathToArray }}" + text: "~counter~ Tolerations" + errorText: "0 Tolerations" + notificationSuccessMessage: "Updated successfully" + notificationSuccessMessageDescription: "Tolerations have been updated" + modalTitle: "Edit tolerations" + modalDescriptionText: "" + inputLabel: "" + endpoint: "{{ $endpoint }}" + pathToValue: "{{ $pathToValue }}" + editModalWidth: "1000px" + cols: + - 8 + - 3 + - 8 + - 4 + - 1 +{{- end -}} diff --git a/packages/system/dashboard-config/templates/Factory/namespace-details.yaml b/packages/system/dashboard-config/templates/Factory/namespace-details.yaml new file mode 100644 index 00000000..759d18dc --- /dev/null +++ b/packages/system/dashboard-config/templates/Factory/namespace-details.yaml @@ -0,0 +1,232 @@ +apiVersion: dashboard.cozystack.io/v1alpha1 +kind: Factory +metadata: + name: namespace-details +spec: + # Unique key for this factory configuration + key: namespace-details + + # Sidebar category tags + sidebarTags: + - namespace-sidebar + + # Enable scrollable content card for main section + withScrollableMainContentCard: true + + # API endpoint for fetching Namespace details + urlsToFetch: + - "/api/clusters/{2}/k8s/api/v1/namespaces/{5}" + + data: + # === HEADER ROW === + - type: antdFlex + data: + id: header-row + gap: 6 + align: center + style: + marginBottom: 24px + children: + # Badge with resource short name + - type: antdText + data: + id: header-badge + text: "NS" + title: Namespace + style: + fontSize: 20px + lineHeight: 24px + padding: "0 9px" + borderRadius: "20px" + minWidth: 24 + display: inline-block + textAlign: center + whiteSpace: nowrap + color: "#fff" + backgroundColor: "#a25792ff" + fontFamily: RedHatDisplay, Overpass, overpass, helvetica, arial, sans-serif + fontWeight: 400 + + # Namespace name + - type: parsedText + data: + id: header-name + text: "{reqsJsonPath[0]['.metadata.name']['-']}" + style: + fontSize: 20px + lineHeight: 24px + fontFamily: RedHatDisplay, Overpass, overpass, helvetica, arial, sans-serif + + # === MAIN TABS === + - type: antdTabs + data: + id: tabs-root + defaultActiveKey: "details" + items: + # ------ DETAILS TAB ------ + - key: "details" + label: "Details" + children: + # Main card container for details section + - type: ContentCard + data: + id: details-card + style: + marginBottom: 24px + children: + # Section title + - type: antdText + data: + id: details-title + text: "Namespace details" + strong: true + style: + fontSize: 20 + marginBottom: 12px + + # Spacer for visual separation + - type: Spacer + data: + id: details-spacer + "$space": 16 + + # Grid layout: left and right columns + - type: antdRow + data: + id: details-grid + gutter: [48, 12] + children: + # LEFT COLUMN: metadata + - type: antdCol + data: + id: col-left + span: 12 + children: + - type: antdFlex + data: + id: left-stack + vertical: true + gap: 24 + children: + # Namespace name block + - type: antdFlex + data: + id: name-block + vertical: true + gap: 4 + children: + - type: antdText + data: + id: name-label + strong: true + text: "Name" + - type: parsedText + data: + id: name-value + text: "{reqsJsonPath[0]['.metadata.name']['-']}" + + # Labels display block + - type: antdFlex + data: + id: labels-block + vertical: true + gap: 8 + children: + {{ include "incloud-web-resources.factory.labels" (dict + "endpoint" "/api/clusters/{2}/k8s/api/v1/namespaces/{5}" + ) | nindent 34 + }} + + # Annotations counter block + - type: antdFlex + data: + id: ds-annotations + vertical: true + gap: 4 + children: + {{ include "incloud-web-resources.factory.annotations.block" (dict + "endpoint" "/api/clusters/{2}/k8s/api/v1/namespaces/{5}" + ) | nindent 34 + }} + + # Creation time block + - type: antdFlex + data: + id: created-time-block + vertical: true + gap: 4 + children: + {{ include "incloud-web-resources.factory.time.create" (dict + "req" ".metadata.creationTimestamp" + "text" "Created" + ) | nindent 38 + }} + + # Owner information block + # - type: antdFlex + # data: + # id: owner-block + # vertical: true + # gap: 4 + # children: + # - type: antdText + # data: + # id: owner-label + # strong: true + # text: "Owner" + # - type: antdFlex + # data: + # id: owner-value-container + # gap: 6 + # align: center + # children: + # - type: antdText + # data: + # id: owner-value + # text: "No owner" + # style: + # color: "#FF0000" + + # RIGHT COLUMN: status + - type: antdCol + data: + id: col-right + span: 12 + children: + - type: antdFlex + data: + id: right-stack + vertical: true + gap: 24 + children: + # Namespace status phase + - type: antdFlex + data: + id: status-block + vertical: true + gap: 4 + children: + - type: antdText + data: + id: status-label + strong: true + text: "Status" + - type: parsedText + data: + id: status-value + text: "{reqsJsonPath[0]['.status.phase']['-']}" + + # ------ YAML TAB ------ + - key: "yaml" + label: "YAML" + children: + # YAML editor for Namespace manifest + - type: YamlEditorSingleton + data: + id: yaml-editor + cluster: "{2}" + isNameSpaced: false + type: "builtin" + typeName: namespaces + prefillValuesRequestIndex: 0 + substractHeight: 400 diff --git a/packages/system/dashboard-config/templates/Factory/node-details.yaml b/packages/system/dashboard-config/templates/Factory/node-details.yaml new file mode 100644 index 00000000..b0012d61 --- /dev/null +++ b/packages/system/dashboard-config/templates/Factory/node-details.yaml @@ -0,0 +1,511 @@ +apiVersion: dashboard.cozystack.io/v1alpha1 +kind: Factory +metadata: + name: node-details +spec: + # Unique key for this factory configuration + key: node-details + + # Sidebar category tags + sidebarTags: + - node-sidebar + + # Enable scrollable content card for main section + withScrollableMainContentCard: true + + # API endpoint for fetching Node details + urlsToFetch: + - "/api/clusters/{2}/k8s/api/v1/nodes/{5}" + + data: + # === HEADER ROW === + - type: antdFlex + data: + id: header-row + gap: 6 + align: center + style: + marginBottom: 24px + children: + # Badge with resource short name + - type: antdText + data: + id: header-badge + text: "N" + title: nodes + style: + fontSize: 20px + lineHeight: 24px + padding: "0 9px" + borderRadius: "20px" + minWidth: 24 + display: inline-block + textAlign: center + whiteSpace: nowrap + color: "#fff" + backgroundColor: "#8476d1" + fontFamily: RedHatDisplay, Overpass, overpass, helvetica, arial, sans-serif + fontWeight: 400 + + # Node name + - type: parsedText + data: + id: header-name + text: "{reqsJsonPath[0]['.metadata.name']['-']}" + style: + fontSize: 20px + lineHeight: 24px + fontFamily: RedHatDisplay, Overpass, overpass, helvetica, arial, sans-serif + + - type: antdFlex + data: + id: status-header-block + vertical: true + gap: 4 + children: + {{ include "incloud-web-resources.factory.statuses.node" . | nindent 12 }} + + # === MAIN TABS === + - type: antdTabs + data: + id: tabs-root + defaultActiveKey: "details" + items: + # ------ DETAILS TAB ------ + - key: "details" + label: "Details" + children: + # Main card container for details section + - type: ContentCard + data: + id: details-card + style: + marginBottom: 24px + children: + # Section title + - type: antdText + data: + id: details-title + text: "Node details" + strong: true + style: + fontSize: 20 + marginBottom: 12px + + # Spacer for visual separation + - type: Spacer + data: + id: details-spacer + "$space": 16 + + # Grid layout: left and right columns + - type: antdRow + data: + id: details-grid + gutter: [48, 12] + children: + # LEFT COLUMN: general metadata + - type: antdCol + data: + id: col-left + span: 12 + children: + - type: antdFlex + data: + id: left-stack + vertical: true + gap: 24 + children: + # Node name block + - type: antdFlex + data: + id: name-block + vertical: true + gap: 4 + children: + - type: antdText + data: + id: name-label + strong: true + text: "Name" + - type: parsedText + data: + id: name-value + text: "{reqsJsonPath[0]['.metadata.name']['-']}" + + # External ID block + - type: antdFlex + data: + id: external-id-block + vertical: true + gap: 4 + children: + - type: antdText + data: + id: external-id-label + strong: true + text: "External ID" + - type: parsedText + data: + id: external-id-value + text: "{reqsJsonPath[0]['.spec.externalID']['-']}" + + # Uptime block (placeholder for future calculated value) + # TODO To be done + # - type: antdFlex + # data: + # id: uptime-block + # vertical: true + # gap: 4 + # children: + # - type: antdText + # data: + # id: uptime-label + # strong: true + # text: "Uptime" + # - type: parsedText + # data: + # id: uptime-value + # text: "Function needed to calculate uptime" + + # Node address block + - type: antdFlex + data: + id: node-address-block + vertical: true + gap: 4 + children: + - type: antdText + data: + id: node-address-label + strong: true + text: "Node address" + - type: antdFlex + data: + id: node-address-stack + vertical: true + gap: 2 + children: + - type: ArrayOfObjectsToKeyValues + data: + id: node-address + reqIndex: 0 + jsonPathToArray: ".status.addresses" + keyFieldName: type + valueFieldName: address + keyFieldStyle: + color: "#aaabac" + + # Labels block + - type: antdFlex + data: + id: labels-block + vertical: true + gap: 8 + children: + {{ include "incloud-web-resources.factory.labels" (dict + "endpoint" "/api/clusters/{2}/k8s/api/v1/nodes/{5}" + ) | nindent 34 + }} + + # Taints counter block + - type: antdFlex + data: + id: taints-counter-block + vertical: true + gap: 4 + children: + {{ include "incloud-web-resources.factory.taints.block" (dict + "endpoint" "/api/clusters/{2}/k8s/api/v1/nodes/{5}" + "jsonPathToArray" ".spec.taints" + "pathToValue" "/spec/taints" + ) | nindent 34 + }} + + # Annotations counter block + - type: antdFlex + data: + id: ds-annotations + vertical: true + gap: 4 + children: + {{ include "incloud-web-resources.factory.annotations.block" (dict + "endpoint" "/api/clusters/{2}/k8s/api/v1/nodes/{5}" + ) | nindent 34 + }} + + # Provider ID block + - type: antdFlex + data: + id: provider-id-block + vertical: true + gap: 4 + children: + - type: antdText + data: + id: provider-id-label + strong: true + text: "Provider ID" + - type: parsedText + data: + id: provider-id-value + text: "{reqsJsonPath[0]['.spec.providerID']['-']}" + + # Creation time block + - type: antdFlex + data: + id: created-time-block + vertical: true + gap: 4 + children: + {{ include "incloud-web-resources.factory.time.create" (dict + "req" ".metadata.creationTimestamp" + "text" "Created" + ) | nindent 38 + }} + + # RIGHT COLUMN: node info and status + - type: antdCol + data: + id: col-right + span: 12 + children: + - type: antdFlex + data: + id: right-stack + vertical: true + gap: 24 + children: + # Status block + - type: antdFlex + data: + id: status-block + vertical: true + gap: 4 + children: + - type: antdText + data: + id: status-label + strong: true + text: "Status" + - type: antdFlex + data: + id: status-header-block + vertical: true + gap: 4 + children: + {{ include "incloud-web-resources.factory.statuses.node" . | nindent 38 }} + + # Operating system block + - type: antdFlex + data: + id: operating-system-block + vertical: true + gap: 4 + children: + - type: antdText + data: + id: operating-system-label + strong: true + text: "Operating system" + - type: parsedText + data: + id: operating-system-value + text: "{reqsJsonPath[0]['.status.nodeInfo.operatingSystem']['-']}" + + # OS image block + - type: antdFlex + data: + id: os-image-block + vertical: true + gap: 4 + children: + - type: antdText + data: + id: os-image-label + strong: true + text: "OS image" + - type: parsedText + data: + id: os-image-value + text: "{reqsJsonPath[0]['.status.nodeInfo.osImage']['-']}" + + # Architecture block + - type: antdFlex + data: + id: architecture-block + vertical: true + gap: 4 + children: + - type: antdText + data: + id: architecture-label + strong: true + text: "Architecture" + - type: parsedText + data: + id: architecture-value + text: "{reqsJsonPath[0]['.status.nodeInfo.architecture']['-']}" + + # Kernel version block + - type: antdFlex + data: + id: kernel-version-block + vertical: true + gap: 4 + children: + - type: antdText + data: + id: kernel-version-label + strong: true + text: "Kernel versions" + - type: parsedText + data: + id: kernel-version-value + text: "{reqsJsonPath[0]['.status.nodeInfo.kernelVersion']['-']}" + + # Boot ID block + - type: antdFlex + data: + id: boot-id-block + vertical: true + gap: 4 + children: + - type: antdText + data: + id: boot-id-label + strong: true + text: "Boot ID" + - type: parsedText + data: + id: boot-id-value + text: "{reqsJsonPath[0]['.status.nodeInfo.bootID']['-']}" + + # Container runtime block + - type: antdFlex + data: + id: container-runtime-block + vertical: true + gap: 4 + children: + - type: antdText + data: + id: container-runtime-label + strong: true + text: "Container runtime" + - type: parsedText + data: + id: container-runtime-value + text: "{reqsJsonPath[0]['.status.nodeInfo.containerRuntimeVersion']['-']}" + + # Kubelet version block + - type: antdFlex + data: + id: kubelet-version-block + vertical: true + gap: 4 + children: + - type: antdText + data: + id: kubelet-version-label + strong: true + text: "Kubelet version" + - type: parsedText + data: + id: kubelet-version-value + text: "{reqsJsonPath[0]['.status.nodeInfo.kubeletVersion']['-']}" + + # CONDITIONS SECTION + - type: antdCol + data: + id: conditions-col + style: + marginTop: 32px + padding: 16px + children: + - type: antdText + data: + id: conditions-title + text: "Conditions" + strong: true + style: + fontSize: 22 + - type: EnrichedTable + data: + id: conditions-table + fetchUrl: "/api/clusters/{2}/k8s/api/v1/nodes/{5}" + clusterNamePartOfUrl: "{2}" + customizationId: "factory-status-conditions" + baseprefix: "/openapi-ui" + withoutControls: true + pathToItems: ".status.conditions" + + # IMAGES SECTION + - type: antdCol + data: + id: images-col + style: + marginTop: 32px + padding: 16px + children: + - type: antdText + data: + id: images-title + text: "Images" + strong: true + style: + fontSize: 22 + - type: EnrichedTable + data: + id: images-table + fetchUrl: "/api/clusters/{2}/k8s/api/v1/nodes/{5}" + clusterNamePartOfUrl: "{2}" + customizationId: "factory-node-images" + baseprefix: "/openapi-ui" + withoutControls: true + pathToItems: ".status.images" + + # ------ YAML TAB ------ + - key: "yaml" + label: "YAML" + children: + # YAML editor for Node manifest + - type: YamlEditorSingleton + data: + id: yaml-editor + cluster: "{2}" + isNameSpaced: false + type: "builtin" + typeName: nodes + prefillValuesRequestIndex: 0 + substractHeight: 400 + + # ------ PODS TAB ------ + - key: "pods" + label: "Pods" + children: + # Table of Pods scheduled on this Node + - type: EnrichedTable + data: + id: pods-table + fetchUrl: "/api/clusters/{2}/k8s/api/v1/pods" + clusterNamePartOfUrl: "{2}" + customizationId: "factory-node-details-/v1/pods" + baseprefix: "/openapi-ui" + withoutControls: true + fieldSelector: + fieldName: "spec.nodeName" + parsedText: "{reqsJsonPath[0]['.metadata.name']['-']}" + pathToItems: ".items" + + # ------ TERMINAL TAB ------ + - key: "terminal" + label: "Terminal" + children: + # Interactive node terminal + - type: NodeTerminal + data: + id: terminal + cluster: "{2}" + nodeName: "{reqsJsonPath[0]['.metadata.name']['-']}" + substractHeight: 400 diff --git a/packages/system/dashboard-config/templates/Factory/pod-details.yaml b/packages/system/dashboard-config/templates/Factory/pod-details.yaml new file mode 100644 index 00000000..376ccf51 --- /dev/null +++ b/packages/system/dashboard-config/templates/Factory/pod-details.yaml @@ -0,0 +1,533 @@ +apiVersion: dashboard.cozystack.io/v1alpha1 +kind: Factory +metadata: + name: pod-details +spec: + key: pod-details + sidebarTags: + - pods-sidebar + withScrollableMainContentCard: true + urlsToFetch: + - "/api/clusters/{2}/k8s/api/v1/namespaces/{3}/pods/{6}" + + # Header row with badge, pod name, and status + data: + - type: antdFlex + data: + id: header-row + gap: 6 + align: center + style: + marginBottom: 24px + children: + # Pod badge + - type: antdText + data: + id: header-badge + text: P + title: Pods + style: + fontSize: 20px + lineHeight: 24px + padding: "0 9px" + borderRadius: "20px" + minWidth: 24 + display: inline-block + textAlign: center + whiteSpace: nowrap + color: "#fff" + backgroundColor: "#009596" + fontFamily: RedHatDisplay, Overpass, overpass, helvetica, arial, sans-serif + fontWeight: 400 + # Pod name next to badge + - type: parsedText + data: + id: header-pod-name + text: "{reqsJsonPath[0]['.metadata.name']['-']}" + style: + fontSize: 20px + lineHeight: 24px + fontFamily: RedHatDisplay, Overpass, overpass, helvetica, arial, sans-serif + + - type: antdFlex + data: + id: status-header-block + vertical: true + gap: 4 + children: + {{ include "incloud-web-resources.factory.statuses.pod" . | nindent 38 }} + + # Tabs with Details, YAML, Logs, and Terminal views + - type: antdTabs + data: + id: pod-tabs + defaultActiveKey: "details" + items: + # Details tab with metadata and spec + - key: "details" + label: "Details" + children: + - type: ContentCard + data: + id: details-card + style: + marginBottom: 24px + children: + # Title of the details section + - type: antdText + data: + id: details-title + text: "Pod details" + strong: true + style: + fontSize: 20 + marginBottom: 12px + # Spacer before grid + - type: Spacer + data: + id: details-spacer + "$space": 16 + # Two-column layout for metadata (left) and status/spec (right) + + - type: antdRow + data: + id: details-grid + gutter: [48, 12] + children: + # Left column: metadata, links, labels + - type: antdCol + data: + id: col-left + span: 12 + children: + - type: antdFlex + data: + id: col-left-stack + vertical: true + gap: 24 + children: + # Display name label/value + - type: antdFlex + data: + id: meta-name-block + vertical: true + gap: 4 + children: + - type: antdText + data: + id: meta-name-label + strong: true + text: "Name" + - type: parsedText + data: + id: meta-name-value + text: "{reqsJsonPath[0]['.metadata.name']['-']}" + + # Namespace link (kept as include) + - type: antdFlex + data: + id: meta-namespace-block + vertical: true + gap: 8 + children: + - type: antdText + data: + id: meta-name-label + text: Namespace + strong: true + + {{ include "incloud-web-resources.icon" (dict + "text" "NS" + "title" "namespace" + "backgroundColor" "#a25792ff" + )| nindent 34 + }} + {{ include "incloud-web-resources.factory.linkblock" (dict + "reqIndex" 0 + "type" "namespace" + "jsonPath" ".metadata.namespace" + "factory" "namespace-details" + ) | nindent 38 + }} + # Labels list (kept as include) + - type: antdFlex + data: + id: meta-labels-block + vertical: true + gap: 8 + children: + {{ include "incloud-web-resources.factory.labels" (dict + "endpoint" "/api/clusters/{2}/k8s/api/v1/namespaces/{3}/pods/{6}" + ) | nindent 34 + }} + + # Node selector chips (kept as include) + - type: antdFlex + data: + id: meta-node-selector-block + vertical: true + gap: 4 + children: + {{ include "incloud-web-resources.factory.labels.base.selector" (dict + "type" "node" + "title" "Node selector" + "jsonPath" ".spec.nodeSelector" + ) | nindent 34 + }} + + # Tolerations counter (kept as include) + - type: antdFlex + data: + id: meta-tolerations-block + vertical: true + gap: 4 + children: + {{ include "incloud-web-resources.factory.tolerations.block" (dict + "endpoint" "/api/clusters/{2}/k8s/api/v1/namespaces/{3}/pods/{6}" + "jsonPathToArray" ".spec.tolerations" + "pathToValue" "/spec/tolerations" + ) | nindent 34 + }} + + # Annotations counter block + - type: antdFlex + data: + id: ds-annotations + vertical: true + gap: 4 + children: + {{ include "incloud-web-resources.factory.annotations.block" (dict + "endpoint" "/api/clusters/{2}/k8s/api/v1/namespaces/{3}/pods/{6}" + ) | nindent 34 + }} + + # Created timestamp (kept as include) + - type: antdFlex + data: + id: meta-created-block + vertical: true + gap: 4 + children: + {{ include "incloud-web-resources.factory.time.create" (dict + "req" ".metadata.creationTimestamp" + "text" "Created" + ) | nindent 38 + }} + + # Owner information (fallback when absent) + # - type: antdFlex + # data: + # id: meta-owner-block + # vertical: true + # gap: 4 + # children: + # - type: antdText + # data: + # id: meta-owner-label + # strong: true + # text: "Owner" + # - type: parsedText + # data: + # id: meta-owner-fallback + # strong: true + # text: "No owner" + # style: + # color: red + + # Right column: status and runtime info + - type: antdCol + data: + id: col-right + span: 12 + children: + - type: antdFlex + data: + id: col-right-stack + vertical: true + gap: 24 + children: + # Status block with readiness reason mapping + - type: antdFlex + data: + id: status-block + vertical: true + gap: 4 + children: + - type: antdText + data: + id: status-label + strong: true + text: "Status" + # Pod readiness/status indicator + - type: antdFlex + data: + id: status-label-block + vertical: true + gap: 4 + children: + {{ include "incloud-web-resources.factory.statuses.pod" . | nindent 38 }} + + # Restart policy + - type: antdFlex + data: + id: restart-policy-block + vertical: true + gap: 4 + children: + - type: antdText + data: + id: restart-policy-label + strong: true + text: "Restart policy" + - type: parsedText + data: + id: restart-policy-value + text: "{reqsJsonPath[0]['.spec.restartPolicy']['-']} restart" + + # Active deadline seconds + - type: antdFlex + data: + id: active-deadline-block + vertical: true + gap: 4 + children: + - type: antdText + data: + id: active-deadline-label + strong: true + text: "Active deadline seconds" + - type: parsedText + data: + id: active-deadline-value + text: "{reqsJsonPath[0]['.spec.activeDeadlineSeconds']['-']}" + + # Pod IP + - type: antdFlex + data: + id: pod-ip-block + vertical: true + gap: 4 + children: + - type: antdText + data: + id: pod-ip-label + strong: true + text: "Pod IP" + - type: parsedText + data: + id: pod-ip-value + text: "{reqsJsonPath[0]['.status.podIP']['-']}" + + # Host IP + - type: antdFlex + data: + id: host-ip-block + vertical: true + gap: 4 + children: + - type: antdText + data: + id: host-ip-label + strong: true + text: "Host IP" + - type: parsedText + data: + id: host-ip-value + text: "{reqsJsonPath[0]['.status.hostIP']['-']}" + + # Node details link (kept as include) + - type: antdFlex + data: + id: node-link-block + vertical: true + gap: 8 + children: + - type: antdText + data: + id: meta-node + text: Node + strong: true + + {{ include "incloud-web-resources.icon" (dict + "text" "N" + "title" "node" + "backgroundColor" "#8476d1" + )| nindent 34 + }} + {{ include "incloud-web-resources.factory.linkblock" (dict + "reqIndex" 0 + "type" "name" + "jsonPath" ".spec.nodeName" + "factory" "node-details" + ) | nindent 38 + }} + + # QoS class + - type: antdFlex + data: + id: qos-class-block + vertical: true + gap: 4 + children: + - type: antdText + data: + id: qos-class-label + strong: true + text: "QOS class" + - type: parsedText + data: + id: qos-class-value + text: "{reqsJsonPath[0]['.status.qosClass']['-']}" + + # Volumes section (table is hidden if no volumes) + # TODO to be done + # - type: antdCol + # data: + # id: volumes-col + # style: + # marginTop: 10 + # padding: 10 + # children: + # - type: VisibilityContainer + # data: + # id: volumes-visibility + # value: "{reqsJsonPath[0]['.spec.volumes']['-']}" + # style: + # margin: 0 + # padding: 0 + # children: + # # Volumes title + # - type: antdText + # data: + # id: volumes-title + # text: "Volumes" + # strong: true + # style: + # fontSize: 22 + # marginBottom: 32px + # # Volumes table + # - type: EnrichedTable + # data: + # id: volumes-table + # fetchUrl: "/api/clusters/{2}/k8s/api/v1/namespaces/{3}/pods/{6}" + # clusterNamePartOfUrl: "{2}" + # customizationId: factory-pod-details-volume-list + # baseprefix: "/openapi-ui" + # withoutControls: true + # pathToItems: ".spec.volumes" + + + # Init containers section (hidden if none) + - type: antdCol + data: + id: init-containers-col + style: + marginTop: 10 + padding: 10 + children: + {{ include "incloud-web-resources.factory.containers.table" (dict + "title" "Init containers" + "customizationId" "container-status-init-containers-list" + "type" "init-containers" + "apiGroup" "api/v1" + "kind" "pods" + "resourceName" "{6}" + "namespace" "{3}" + "jsonPath" ".status.initContainerStatuses" + "pathToItems" "['status','initContainerStatuses']" + ) | nindent 22 + }} + + # Containers section (hidden if none) + - type: antdCol + data: + id: containers-col + style: + marginTop: 10 + padding: 10 + children: + {{ include "incloud-web-resources.factory.containers.table" (dict + "title" "Containers" + "customizationId" "container-status-containers-list" + "type" "containers" + "apiGroup" "api/v1" + "kind" "pods" + "resourceName" "{6}" + "namespace" "{3}" + "jsonPath" ".status.containerStatuses" + "pathToItems" "['status','containerStatuses']" + ) | nindent 22 + }} + + # Conditions section (hidden if none) + - type: antdCol + data: + id: conditions-col + style: + marginTop: 10 + padding: 10 + children: + - type: VisibilityContainer + data: + id: conditions-visibility + value: "{reqsJsonPath[0]['.status.conditions']['-']}" + style: + margin: 0 + padding: 0 + children: + # Conditions title + - type: antdText + data: + id: conditions-title + text: "Conditions" + strong: true + style: + fontSize: 22 + # Conditions table + - type: EnrichedTable + data: + id: conditions-table + fetchUrl: "/api/clusters/{2}/k8s/api/v1/namespaces/{3}/pods/{6}" + clusterNamePartOfUrl: "{2}" + customizationId: factory-status-conditions + baseprefix: "/openapi-ui" + withoutControls: true + pathToItems: ".status.conditions" + + # YAML tab with inline editor + - key: "yaml" + label: "YAML" + children: + - type: YamlEditorSingleton + data: + id: yaml-editor + cluster: "{2}" + isNameSpaced: true + type: "builtin" + typeName: pods + prefillValuesRequestIndex: 0 + substractHeight: 400 + + # Logs tab with live pod logs + - key: "logs" + label: "Logs" + children: + - type: PodLogs + data: + id: pod-logs + cluster: "{2}" + namespace: "{reqsJsonPath[0]['.metadata.namespace']['-']}" + podName: "{reqsJsonPath[0]['.metadata.name']['-']}" + substractHeight: 400 + + # Terminal tab with exec into pod + - key: "terminal" + label: "Terminal" + children: + - type: PodTerminal + data: + id: pod-terminal + cluster: "{2}" + namespace: "{reqsJsonPath[0]['.metadata.namespace']['-']}" + podName: "{reqsJsonPath[0]['.metadata.name']['-']}" + substractHeight: 400 diff --git a/packages/system/dashboard-config/templates/Factory/secret-details.yaml b/packages/system/dashboard-config/templates/Factory/secret-details.yaml new file mode 100644 index 00000000..4525db80 --- /dev/null +++ b/packages/system/dashboard-config/templates/Factory/secret-details.yaml @@ -0,0 +1,268 @@ +apiVersion: dashboard.cozystack.io/v1alpha1 +kind: Factory +metadata: + name: secret-details +spec: + key: secret-details + sidebarTags: + - secret-sidebar + withScrollableMainContentCard: true + urlsToFetch: + - "/api/clusters/{2}/k8s/api/v1/namespaces/{3}/secrets/{6}" + + # Header row with badge and Secret name + data: + - type: antdFlex + data: + id: header-row + gap: 6 + align: center + style: + marginBottom: 24px + children: + # Secret badge + - type: antdText + data: + id: badge-secret + text: S + title: secret + style: + fontSize: 20px + lineHeight: 24px + padding: "0 9px" + borderRadius: "20px" + minWidth: 24 + display: inline-block + textAlign: center + whiteSpace: nowrap + color: "#fff" + backgroundColor: "#c46100" + fontFamily: RedHatDisplay, Overpass, overpass, helvetica, arial, sans-serif + fontWeight: 400 + # Secret name + - type: parsedText + data: + id: header-secret-name + text: "{reqsJsonPath[0]['.metadata.name']['-']}" + style: + fontSize: 20px + lineHeight: 24px + fontFamily: RedHatDisplay, Overpass, overpass, helvetica, arial, sans-serif + + # Tabs with Details and YAML + - type: antdTabs + data: + id: secret-tabs + defaultActiveKey: "details" + items: + # Details tab with metadata and spec info + - key: "details" + label: "Details" + children: + - type: ContentCard + data: + id: details-card + style: + marginBottom: 24px + children: + # Title + - type: antdText + data: + id: details-title + text: "Secret details" + strong: true + style: + fontSize: 20 + marginBottom: 12px + + # Spacer + - type: Spacer + data: + id: details-spacer + "$space": 16 + + # Two-column layout + - type: antdRow + data: + id: details-grid + gutter: [48, 12] + children: + # Left column: metadata + - type: antdCol + data: + id: col-left + span: 12 + children: + - type: antdFlex + data: + id: col-left-stack + vertical: true + gap: 24 + children: + # Name block + - type: antdFlex + data: + id: meta-name-block + vertical: true + gap: 4 + children: + - type: antdText + data: + id: meta-name-label + strong: true + text: "Name" + - type: parsedText + data: + id: meta-name-value + text: "{reqsJsonPath[0]['.metadata.name']['-']}" + + # Namespace link + - type: antdFlex + data: + id: meta-namespace-block + vertical: true + gap: 8 + children: + - type: antdText + data: + id: meta-name-label + text: Namespace + strong: true + + {{ include "incloud-web-resources.icon" (dict + "text" "NS" + "title" "namespace" + "backgroundColor" "#a25792ff" + )| nindent 34 + }} + {{ include "incloud-web-resources.factory.linkblock" (dict + "reqIndex" 0 + "type" "namespace" + "jsonPath" ".metadata.namespace" + "factory" "namespace-details" + ) | nindent 38 + }} + + # Labels + - type: antdFlex + data: + id: meta-labels-block + vertical: true + gap: 8 + children: + {{ include "incloud-web-resources.factory.labels" (dict + "endpoint" "/api/clusters/{2}/k8s/api/v1/namespaces/{3}/secrets/{6}" + ) | nindent 34 + }} + + # Annotations counter block + - type: antdFlex + data: + id: ds-annotations + vertical: true + gap: 4 + children: + {{ include "incloud-web-resources.factory.annotations.block" (dict + "endpoint" "/api/clusters/{2}/k8s/api/v1/namespaces/{3}/secrets/{6}" + ) | nindent 34 + }} + + # Created timestamp + - type: antdFlex + data: + id: meta-created-block + vertical: true + gap: 4 + children: + {{ include "incloud-web-resources.factory.time.create" (dict + "req" ".metadata.creationTimestamp" + "text" "Created" + ) | nindent 38 + }} + + # Owner block + # - type: antdFlex + # data: + # id: meta-owner-block + # vertical: true + # gap: 4 + # children: + # - type: antdText + # data: + # id: meta-owner-label + # strong: true + # text: "Owner" + # - type: antdFlex + # data: + # id: meta-owner-flex + # gap: 6 + # align: center + # children: + # - type: parsedText + # data: + # id: owner-value + # strong: true + # text: "No owner" + # style: + # color: red + + # Right column: type info + - type: antdCol + data: + id: col-right + span: 12 + children: + - type: antdFlex + data: + id: col-right-stack + vertical: true + gap: 24 + children: + # Secret type + - type: antdFlex + data: + id: secret-type-block + vertical: true + gap: 4 + children: + - type: antdText + data: + id: secret-type-label + strong: true + text: "Type" + - type: parsedText + data: + id: secret-type-value + text: "{reqsJsonPath[0]['.type']['-']}" + + # Secret SA + - type: antdFlex + data: + id: secret-sa-block + vertical: true + gap: 4 + children: + # SA Link + {{ include "incloud-web-resources.factory.links.details" (dict + "reqIndex" 0 + "type" "serviceaccount" + "title" "ServiceAccount" + "jsonPath" ".metadata.annotations['kubernetes.io/service-account.name']" + "namespace" "{3}" + "factory" "serviceaccount-details" + ) | nindent 34 + }} + + # YAML tab + - key: yaml + label: YAML + children: + - type: YamlEditorSingleton + data: + id: yaml-editor + cluster: "{2}" + isNameSpaced: true + type: builtin + typeName: secrets + prefillValuesRequestIndex: 0 + substractHeight: 400 diff --git a/packages/system/dashboard-config/templates/Factory/service-details.yaml b/packages/system/dashboard-config/templates/Factory/service-details.yaml new file mode 100644 index 00000000..2e3d4db3 --- /dev/null +++ b/packages/system/dashboard-config/templates/Factory/service-details.yaml @@ -0,0 +1,403 @@ +apiVersion: dashboard.cozystack.io/v1alpha1 +kind: Factory +metadata: + name: service-details +spec: + key: service-details + withScrollableMainContentCard: true + sidebarTags: + - service-sidebar + urlsToFetch: + - "/api/clusters/{2}/k8s/api/v1/namespaces/{3}/services/{6}" + + # Header row with badge and Service name + data: + - type: antdFlex + data: + id: header-row + gap: 6 + align: center + style: + marginBottom: 24px + children: + # Service badge + - type: antdText + data: + id: badge-service + text: S + title: services + style: + fontSize: 20px + lineHeight: 24px + padding: "0 9px" + borderRadius: "20px" + minWidth: 24 + display: inline-block + textAlign: center + whiteSpace: nowrap + color: "#fff" + backgroundColor: "#6ca100" + fontFamily: RedHatDisplay, Overpass, overpass, helvetica, arial, sans-serif + fontWeight: 400 + # Service name + - type: parsedText + data: + id: service-name + text: "{reqsJsonPath[0]['.metadata.name']['-']}" + style: + fontSize: 20px + lineHeight: 24px + fontFamily: RedHatDisplay, Overpass, overpass, helvetica, arial, sans-serif + + # Tabs with Details, YAML, and Pods + - type: antdTabs + data: + id: service-tabs + defaultActiveKey: "details" + items: + # Details tab + - key: "details" + label: "Details" + children: + - type: ContentCard + data: + id: details-card + style: + marginBottom: 24px + children: + - type: antdRow + data: + id: details-grid + gutter: [48, 12] + children: + # Left column: metadata and config + - type: antdCol + data: + id: col-left + span: 12 + children: + - type: antdText + data: + id: details-title + text: "Service details" + strong: true + style: + fontSize: 20 + marginBottom: 12px + - type: Spacer + data: + id: details-spacer + "$space": 16 + - type: antdFlex + data: + id: col-left-stack + vertical: true + gap: 24 + children: + # Name block + - type: antdFlex + data: + id: meta-name-block + vertical: true + gap: 4 + children: + - type: antdText + data: + id: meta-name-label + strong: true + text: "Name" + - type: parsedText + data: + id: meta-name-value + text: "{reqsJsonPath[0]['.metadata.name']['-']}" + + # Namespace link + - type: antdFlex + data: + id: meta-namespace-block + vertical: true + gap: 8 + children: + - type: antdText + data: + id: meta-name-label + text: Namespace + strong: true + + {{ include "incloud-web-resources.icon" (dict + "text" "NS" + "title" "namespace" + "backgroundColor" "#a25792ff" + )| nindent 34 + }} + {{ include "incloud-web-resources.factory.linkblock" (dict + "reqIndex" 0 + "type" "namespace" + "jsonPath" ".metadata.namespace" + "factory" "namespace-details" + ) | nindent 38 + }} + + # Labels + - type: antdFlex + data: + id: meta-labels-block + vertical: true + gap: 8 + children: + {{ include "incloud-web-resources.factory.labels" (dict + "endpoint" "/api/clusters/{2}/k8s/api/v1/namespaces/{3}/services/{6}" + ) | nindent 34 + }} + + # Pod selector + - type: antdFlex + data: + id: meta-pod-selector-block + vertical: true + gap: 4 + children: + {{ include "incloud-web-resources.factory.labels.base.selector" (dict + "type" "pod" + "title" "Pod selector" + "jsonPath" ".spec.template.metadata.labels" + ) | nindent 34 + }} + + # Annotations counter block + - type: antdFlex + data: + id: ds-annotations + vertical: true + gap: 4 + children: + {{ include "incloud-web-resources.factory.annotations.block" (dict + "endpoint" "/api/clusters/{2}/k8s/api/v1/namespaces/{3}/services/{6}" + ) | nindent 34 + }} + + # Session affinity + - type: antdFlex + data: + id: meta-session-affinity-block + vertical: true + gap: 4 + children: + - type: antdText + data: + id: meta-session-affinity-label + strong: true + text: "Session affinity" + - type: parsedText + data: + id: meta-session-affinity-value + text: "{reqsJsonPath[0]['.spec.sessionAffinity']['Not configured']}" + + # Created timestamp + - type: antdFlex + data: + id: meta-created-block + vertical: true + gap: 4 + children: + {{ include "incloud-web-resources.factory.time.create" (dict + "req" ".metadata.creationTimestamp" + "text" "Created" + ) | nindent 34 + }} + + # Owner + # - type: antdFlex + # data: + # id: meta-owner-block + # vertical: true + # gap: 4 + # children: + # - type: antdText + # data: + # id: meta-owner-label + # strong: true + # text: "Owner" + # - type: antdFlex + # data: + # id: meta-owner-flex + # gap: 6 + # align: center + # children: + # - type: antdText + # data: + # id: meta-owner-fallback + # text: "No owner" + # style: + # color: "#FF0000" + + # Right column: routing and ports + - type: antdCol + data: + id: col-right + span: 12 + children: + - type: antdText + data: + id: routing-title + text: "Service routing" + strong: true + style: + fontSize: 20 + marginBottom: 12px + - type: Spacer + data: + id: routing-spacer + "$space": 16 + - type: antdFlex + data: + id: col-right-stack + vertical: true + gap: 24 + children: + # Hostname + - type: antdFlex + data: + id: service-hostname-block + vertical: true + gap: 4 + children: + - type: antdText + data: + id: service-hostname-label + strong: true + text: "Hostname" + - type: parsedText + data: + id: service-hostname-value + text: "{reqsJsonPath[0]['.metadata.name']['-']}.{reqsJsonPath[0]['.metadata.namespace']['-']}.svc.cluster.local" + + # IP addresses block + - type: antdFlex + data: + id: service-ip-block + vertical: true + gap: 12 + children: + # ClusterIP + - type: antdFlex + data: + id: clusterip-block + vertical: true + gap: 4 + children: + - type: antdText + data: + id: clusterip-label + strong: true + text: "ClusterIP address" + - type: parsedText + data: + id: clusterip-value + text: "{reqsJsonPath[0]['.spec.clusterIP']['-']}" + + # LoadBalancerIP + - type: antdFlex + data: + id: loadbalancerip-block + vertical: true + gap: 4 + children: + - type: antdText + data: + id: loadbalancerip-label + strong: true + text: "LoadBalancerIP address" + - type: parsedText + data: + id: loadbalancerip-value + text: "{reqsJsonPath[0]['.status.loadBalancer.ingress[0].ip']['Not Configured']}" + + # Service port mapping + - type: antdFlex + data: + id: service-port-mapping-block + vertical: true + gap: 4 + children: + - type: antdText + data: + id: service-port-mapping-label + strong: true + text: "Service port mapping" + - type: EnrichedTable + data: + id: service-port-mapping-table + fetchUrl: "/api/clusters/{2}/k8s/api/v1/namespaces/{3}/services/{6}" + clusterNamePartOfUrl: "{2}" + customizationId: "factory-service-details-port-mapping" + baseprefix: "/openapi-ui" + withoutControls: true + pathToItems: ".spec.ports" + + # Pod serving + - type: VisibilityContainer + data: + id: service-pod-serving-vis + value: "{reqsJsonPath[0]['.spec.selector']['-']}" + style: { margin: 0, padding: 0 } + children: + - type: antdFlex + data: + id: service-pod-serving-block + vertical: true + gap: 4 + children: + - type: antdText + data: + id: service-pod-serving-label + strong: true + text: "Pod serving" + - type: EnrichedTable + data: + id: service-pod-serving-table + fetchUrl: "/api/clusters/{2}/k8s/apis/discovery.k8s.io/v1/namespaces/{3}/endpointslices" + clusterNamePartOfUrl: "{2}" + customizationId: "factory-service-details-endpointslice" + baseprefix: "/openapi-ui" + withoutControls: true + labelsSelector: + kubernetes.io/service-name: "{reqsJsonPath[0]['.metadata.name']['-']}" + pathToItems: ".items[*].endpoints" + + # YAML tab + - key: "yaml" + label: "YAML" + children: + - type: YamlEditorSingleton + data: + id: yaml-editor + cluster: "{2}" + isNameSpaced: true + type: "builtin" + typeName: services + prefillValuesRequestIndex: 0 + substractHeight: 400 + + # Pods tab + - key: "pods" + label: "Pods" + children: + - type: VisibilityContainer + data: + id: service-pod-serving-vis + value: "{reqsJsonPath[0]['.spec.selector']['-']}" + style: { margin: 0, padding: 0 } + children: + - type: EnrichedTable + data: + id: pods-table + fetchUrl: "/api/clusters/{2}/k8s/api/v1/namespaces/{3}/pods" + clusterNamePartOfUrl: "{2}" + customizationId: "factory-node-details-/v1/pods" + baseprefix: "/openapi-ui" + withoutControls: false + labelsSelectorFull: + reqIndex: 0 + pathToLabels: ".spec.selector" + pathToItems: ".items" diff --git a/packages/system/dashboard-config/templates/Factory/workloadmonitor-details.yaml b/packages/system/dashboard-config/templates/Factory/workloadmonitor-details.yaml new file mode 100644 index 00000000..bb9f45f1 --- /dev/null +++ b/packages/system/dashboard-config/templates/Factory/workloadmonitor-details.yaml @@ -0,0 +1,328 @@ +--- +apiVersion: dashboard.cozystack.io/v1alpha1 +kind: Factory +metadata: + name: workloadmonitor-details +spec: + key: workloadmonitor-details + sidebarTags: + - workloadmonitor-sidebar + withScrollableMainContentCard: true + urlsToFetch: + - "/api/clusters/{2}/k8s/apis/cozystack.io/v1alpha1/namespaces/{3}/workloadmonitors/{6}" + data: + - type: antdFlex + data: + id: header-row + gap: 6 + align: center + style: + marginBottom: 24 + children: + - type: antdText + data: + id: badge-workloadmonitor + text: "W" + title: workloadmonitors + style: + backgroundColor: "#c46100" + borderRadius: "20px" + color: "#fff" + display: inline-block + fontFamily: RedHatDisplay, Overpass, overpass, helvetica, arial, sans-serif + fontSize: 20 + fontWeight: 400 + lineHeight: "24px" + minWidth: 24 + padding: "0 9px" + textAlign: center + whiteSpace: nowrap + - type: parsedText + data: + id: workloadmonitor-name + text: "{reqsJsonPath[0]['.metadata.name']['-']}" + style: + fontFamily: RedHatDisplay, Overpass, overpass, helvetica, arial, sans-serif + fontSize: 20 + lineHeight: "24px" + + - type: antdTabs + data: + id: workloadmonitor-tabs + defaultActiveKey: details + items: + - key: details + label: Details + children: + - type: ContentCard + data: + id: details-card + style: + marginBottom: 24 + children: + - type: antdRow + data: + id: details-grid + gutter: [48, 12] + children: + - type: antdCol + data: + id: col-left + span: 12 + children: + - type: antdFlex + data: + id: col-left-stack + vertical: true + gap: 24 + children: + - type: antdFlex + data: + id: meta-name-block + vertical: true + gap: 4 + children: + - type: antdText + data: + id: meta-name-label + text: Name + strong: true + - type: parsedText + data: + id: meta-name-value + text: "{reqsJsonPath[0]['.metadata.name']['-']}" + + - type: antdFlex + data: + id: meta-namespace-block + vertical: true + gap: 8 + children: + - type: antdText + data: + id: meta-namespace-label + text: Namespace + strong: true + - type: antdFlex + data: + id: namespace-row + align: center + gap: 6 + children: + - type: antdText + data: + id: ns-badge + text: NS + style: + backgroundColor: "#a25792ff" + borderRadius: "20px" + color: "#fff" + display: inline-block + fontFamily: RedHatDisplay, Overpass, overpass, helvetica, arial, sans-serif + fontSize: 15 + fontWeight: 400 + lineHeight: "24px" + minWidth: 24 + padding: "0 9px" + textAlign: center + whiteSpace: nowrap + - type: antdLink + data: + id: namespace-link + text: "{reqsJsonPath[0]['.metadata.namespace']['-']}" + href: "/openapi-ui/{2}/factory/namespace-details/{reqsJsonPath[0]['.metadata.namespace']['-']}" + + - type: antdFlex + data: + id: meta-created-block + vertical: true + gap: 4 + children: + {{ include "incloud-web-resources.factory.time.create" (dict + "req" ".metadata.creationTimestamp" + "text" "Created" + ) | nindent 34 + }} + + - type: antdFlex + data: + id: meta-kind-block + vertical: true + gap: 4 + children: + - type: antdText + data: + id: kind-label + text: Kind + strong: true + - type: parsedText + data: + id: kind-value + text: "{reqsJsonPath[0]['.spec.kind']['-']}" + + - type: antdFlex + data: + id: meta-type-block + vertical: true + gap: 4 + children: + - type: antdText + data: + id: type-label + text: Type + strong: true + - type: parsedText + data: + id: type-value + text: "{reqsJsonPath[0]['.spec.type']['-']}" + + - type: antdCol + data: + id: col-right + span: 12 + children: + - type: antdFlex + data: + id: col-right-stack + vertical: true + gap: 24 + children: + - type: antdText + data: + id: params-title + text: Parameters + strong: true + style: + fontSize: 20 + marginBottom: 12 + + - type: antdFlex + data: + id: params-list + vertical: true + gap: 24 + children: + - type: antdFlex + data: + id: param-version + vertical: true + gap: 4 + children: + - type: antdText + data: + id: param-version-label + text: Version + strong: true + - type: parsedText + data: + id: param-version-value + text: "{reqsJsonPath[0]['.spec.version']['-']}" + + - type: antdFlex + data: + id: param-replicas + vertical: true + gap: 4 + children: + - type: antdText + data: + id: param-replicas-label + text: Replicas + strong: true + - type: parsedText + data: + id: param-replicas-value + text: "{reqsJsonPath[0]['.spec.replicas']['-']}" + + - type: antdFlex + data: + id: param-minreplicas + vertical: true + gap: 4 + children: + - type: antdText + data: + id: param-minreplicas-label + text: MinReplicas + strong: true + - type: parsedText + data: + id: param-minreplicas-value + text: "{reqsJsonPath[0]['.spec.minReplicas']['-']}" + + - type: antdFlex + data: + id: param-available + vertical: true + gap: 4 + children: + - type: antdText + data: + id: param-available-label + text: AvailableReplicas + strong: true + - type: parsedText + data: + id: param-available-value + text: "{reqsJsonPath[0]['.status.availableReplicas']['-']}" + + - type: antdFlex + data: + id: param-observed + vertical: true + gap: 4 + children: + - type: antdText + data: + id: param-observed-label + text: ObservedReplicas + strong: true + - type: parsedText + data: + id: param-observed-value + text: "{reqsJsonPath[0]['.status.observedReplicas']['-']}" + + - type: antdFlex + data: + id: param-operational + vertical: true + gap: 4 + children: + - type: antdText + data: + id: param-operational-label + text: Operational + strong: true + - type: parsedText + data: + id: param-operational-value + text: "{reqsJsonPath[0]['.status.operational']['-']}" + + - key: workloads + label: Workloads + children: + - type: EnrichedTable + data: + id: workloads-table + fetchUrl: "/api/clusters/{2}/k8s/apis/cozystack.io/v1alpha1/namespaces/{3}/workloads" + clusterNamePartOfUrl: "{2}" + baseprefix: "/openapi-ui" + customizationId: "factory-details-v1alpha1.cozystack.io.workloads" + pathToItems: ["items"] + labelsSelector: + workloads.cozystack.io/monitor: "{reqs[0]['metadata','name']}" + + - key: yaml + label: YAML + children: + - type: YamlEditorSingleton + data: + id: yaml-editor + cluster: "{2}" + isNameSpaced: true + type: builtin + typeName: workloadmonitors + prefillValuesRequestIndex: 0 + substractHeight: 400 + + diff --git a/packages/system/dashboard-config/templates/Navigation/navigaton.yaml b/packages/system/dashboard-config/templates/Navigation/navigaton.yaml new file mode 100644 index 00000000..9f5bbbc8 --- /dev/null +++ b/packages/system/dashboard-config/templates/Navigation/navigaton.yaml @@ -0,0 +1,8 @@ +apiVersion: dashboard.cozystack.io/v1alpha1 +kind: Navigation +metadata: + name: navigation +spec: + namespaces: + change: /openapi-ui/{selectedCluster}/{value}/factory/marketplace + clear: /openapi-ui/{selectedCluster}/api-table/core.cozystack.io/v1alpha1/tenantnamespaces diff --git a/packages/system/dashboard-config/templates/TableUriMapping/apps.cozystack.io.v1alpha1.virtualmachines.yaml b/packages/system/dashboard-config/templates/TableUriMapping/apps.cozystack.io.v1alpha1.virtualmachines.yaml new file mode 100644 index 00000000..4fa2eebd --- /dev/null +++ b/packages/system/dashboard-config/templates/TableUriMapping/apps.cozystack.io.v1alpha1.virtualmachines.yaml @@ -0,0 +1,26 @@ +--- +apiVersion: dashboard.cozystack.io/v1alpha1 +kind: TableUriMapping +metadata: + name: virtualmachine-details + name: stock-namespace-default-apps.cozystack.io.v1alpha1.virtualmachines.yaml +spec: + id: "stock-namespace-/apps.cozystack.io/v1alpha1/virtualmachines" + pathToNavigate: "/openapi-ui/{2}/{3}/factory/virtualmachine-details/~recordValue~" + keysToParse: + - metadata + - name +--- +apiVersion: dashboard.cozystack.io/v1alpha1 +kind: TableUriMapping +metadata: + name: stock-cluster-service-details +spec: + id: "vm-factory-services" + pathToNavigate: "/openapi-ui/default/~recordValueSecond~/factory/service-details/~recordValue~" + keysToParse: + - metadata + - name + keysToParseSecond: + - metadata + - namespace diff --git a/packages/system/dashboard-config/templates/TableUriMapping/core.cozystack.io.v1alpha1.tenantnamespaces.yaml b/packages/system/dashboard-config/templates/TableUriMapping/core.cozystack.io.v1alpha1.tenantnamespaces.yaml new file mode 100644 index 00000000..4af0a482 --- /dev/null +++ b/packages/system/dashboard-config/templates/TableUriMapping/core.cozystack.io.v1alpha1.tenantnamespaces.yaml @@ -0,0 +1,11 @@ +--- +apiVersion: dashboard.cozystack.io/v1alpha1 +kind: TableUriMapping +metadata: + name: namespaces +spec: + id: "stock-cluster-/core.cozystack.io/v1alpha1/tenantnamespaces" + pathToNavigate: "/openapi-ui/{clusterName}/~recordValue~/factory/marketplace" + keysToParse: + - metadata + - name diff --git a/packages/system/dashboard-config/templates/TableUriMapping/networking.k8s.io.v1.ingresses.yaml b/packages/system/dashboard-config/templates/TableUriMapping/networking.k8s.io.v1.ingresses.yaml new file mode 100644 index 00000000..ccdae10e --- /dev/null +++ b/packages/system/dashboard-config/templates/TableUriMapping/networking.k8s.io.v1.ingresses.yaml @@ -0,0 +1,23 @@ +--- +apiVersion: dashboard.cozystack.io/v1alpha1 +kind: TableUriMapping +metadata: + name: stock-cluster-networking.k8s.io.v1.ingress-details +spec: + keysToParse: ".metadata.name" + keysToParseSecond: ".metadata.namespace" + id: "stock-cluster-/networking.k8s.io/v1/ingresses" + pathToNavigate: "/openapi-ui/{clusterName}/~recordValueSecond~/factory/ingress-details/~recordValue~" + +--- +apiVersion: dashboard.cozystack.io/v1alpha1 +kind: TableUriMapping +metadata: + name: stock-namespace-networking.k8s.io.v1.ingress-details +spec: + keysToParse: ".metadata.name" + keysToParseSecond: ".metadata.namespace" + id: "stock-namespace-/networking.k8s.io/v1/ingresses" + pathToNavigate: "/openapi-ui/{clusterName}/~recordValueSecond~/factory/ingress-details/~recordValue~" + + diff --git a/packages/system/dashboard-config/templates/TableUriMapping/v1.configmaps.yaml b/packages/system/dashboard-config/templates/TableUriMapping/v1.configmaps.yaml new file mode 100644 index 00000000..78240dfd --- /dev/null +++ b/packages/system/dashboard-config/templates/TableUriMapping/v1.configmaps.yaml @@ -0,0 +1,21 @@ +# --- +# apiVersion: dashboard.cozystack.io/v1alpha1 +# kind: TableUriMapping +# metadata: +# name: stock-cluster-configmap-details +# spec: +# keysToParse: ".metadata.name" +# keysToParseSecond: ".metadata.namespace" +# id: "stock-cluster-/v1/configmaps" +# pathToNavigate: "/openapi-ui/{clusterName}/~recordValueSecond~/factory/configmap-details/~recordValue~" + +# --- +# apiVersion: dashboard.cozystack.io/v1alpha1 +# kind: TableUriMapping +# metadata: +# name: stock-namespace-configmap-details +# spec: +# keysToParse: ".metadata.name" +# keysToParseSecond: ".metadata.namespace" +# id: "stock-namespace-/v1/configmaps" +# pathToNavigate: "/openapi-ui/{clusterName}/~recordValueSecond~/factory/configmap-details/~recordValue~" diff --git a/packages/system/dashboard-config/templates/TableUriMapping/v1.namespaces.yaml b/packages/system/dashboard-config/templates/TableUriMapping/v1.namespaces.yaml new file mode 100644 index 00000000..b8bd64d5 --- /dev/null +++ b/packages/system/dashboard-config/templates/TableUriMapping/v1.namespaces.yaml @@ -0,0 +1,9 @@ +# --- +# apiVersion: dashboard.cozystack.io/v1alpha1 +# kind: TableUriMapping +# metadata: +# name: stock-cluster-namespace-details +# spec: +# keysToParse: ".metadata.name" +# id: "stock-cluster-/v1/namespaces" +# pathToNavigate: "/openapi-ui/{clusterName}/factory/namespace-details/~recordValue~" diff --git a/packages/system/dashboard-config/templates/TableUriMapping/v1.nodes.yaml b/packages/system/dashboard-config/templates/TableUriMapping/v1.nodes.yaml new file mode 100644 index 00000000..ea084ab7 --- /dev/null +++ b/packages/system/dashboard-config/templates/TableUriMapping/v1.nodes.yaml @@ -0,0 +1,9 @@ +# --- +# apiVersion: dashboard.cozystack.io/v1alpha1 +# kind: TableUriMapping +# metadata: +# name: stock-cluster-node-details +# spec: +# keysToParse: ".metadata.name" +# id: "stock-cluster-/v1/nodes" +# pathToNavigate: "/openapi-ui/{clusterName}/factory/node-details/~recordValue~" diff --git a/packages/system/dashboard-config/templates/TableUriMapping/v1.pods.yaml b/packages/system/dashboard-config/templates/TableUriMapping/v1.pods.yaml new file mode 100644 index 00000000..334a562b --- /dev/null +++ b/packages/system/dashboard-config/templates/TableUriMapping/v1.pods.yaml @@ -0,0 +1,54 @@ +# --- +# apiVersion: dashboard.cozystack.io/v1alpha1 +# kind: TableUriMapping +# metadata: +# name: stock-cluster-pod-details +# spec: +# keysToParse: ".metadata.name" +# keysToParseSecond: ".metadata.namespace" +# id: "stock-cluster-/v1/pods" +# pathToNavigate: "/openapi-ui/{clusterName}/~recordValueSecond~/factory/pod-details/~recordValue~" + +# --- +# apiVersion: dashboard.cozystack.io/v1alpha1 +# kind: TableUriMapping +# metadata: +# name: stock-namespace-pod-details +# spec: +# keysToParse: ".metadata.name" +# keysToParseSecond: ".metadata.namespace" +# id: "stock-namespace-/v1/pods" +# pathToNavigate: "/openapi-ui/{clusterName}/~recordValueSecond~/factory/pod-details/~recordValue~" + +# --- +# apiVersion: dashboard.cozystack.io/v1alpha1 +# kind: TableUriMapping +# metadata: +# name: factory-node-details-table-pods +# spec: +# keysToParse: ".metadata.name" +# keysToParseSecond: ".metadata.namespace" +# id: "factory-node-details-/v1/pods" +# pathToNavigate: "/openapi-ui/{2}/~recordValueSecond~/factory/pod-details/~recordValue~" + +# --- +# apiVersion: dashboard.cozystack.io/v1alpha1 +# kind: TableUriMapping +# metadata: +# name: factory-service-details-endpointslice +# spec: +# keysToParse: ".targetRef.name" +# keysToParseSecond: ".targetRef.namespace" +# id: "factory-service-details-endpointslice" +# pathToNavigate: "/openapi-ui/{2}/~recordValueSecond~/factory/pod-details/~recordValue~" + +# --- +# apiVersion: dashboard.cozystack.io/v1alpha1 +# kind: TableUriMapping +# metadata: +# name: "factory-v1.pods" +# spec: +# keysToParse: ".metadata.name" +# keysToParseSecond: ".metadata.namespace" +# id: "factory-/v1/pods" +# pathToNavigate: "/openapi-ui/{2}/~recordValueSecond~/factory/pod-details/~recordValue~" diff --git a/packages/system/dashboard-config/templates/TableUriMapping/v1.secrets.yaml b/packages/system/dashboard-config/templates/TableUriMapping/v1.secrets.yaml new file mode 100644 index 00000000..736749b6 --- /dev/null +++ b/packages/system/dashboard-config/templates/TableUriMapping/v1.secrets.yaml @@ -0,0 +1,21 @@ +# --- +# apiVersion: dashboard.cozystack.io/v1alpha1 +# kind: TableUriMapping +# metadata: +# name: stock-cluster-secret-details +# spec: +# keysToParse: ".metadata.name" +# keysToParseSecond: ".metadata.namespace" +# id: "stock-cluster-/v1/secrets" +# pathToNavigate: "/openapi-ui/{clusterName}/~recordValueSecond~/factory/secret-details/~recordValue~" + +# --- +# apiVersion: dashboard.cozystack.io/v1alpha1 +# kind: TableUriMapping +# metadata: +# name: stock-namespace-secret-details +# spec: +# keysToParse: ".metadata.name" +# keysToParseSecond: ".metadata.namespace" +# id: "stock-namespace-/v1/secrets" +# pathToNavigate: "/openapi-ui/{clusterName}/~recordValueSecond~/factory/secret-details/~recordValue~" diff --git a/packages/system/dashboard-config/templates/TableUriMapping/v1.services.yaml b/packages/system/dashboard-config/templates/TableUriMapping/v1.services.yaml new file mode 100644 index 00000000..c177b9dd --- /dev/null +++ b/packages/system/dashboard-config/templates/TableUriMapping/v1.services.yaml @@ -0,0 +1,21 @@ +# --- +# apiVersion: dashboard.cozystack.io/v1alpha1 +# kind: TableUriMapping +# metadata: +# name: stock-cluster-service-details +# spec: +# keysToParse: ".metadata.name" +# keysToParseSecond: ".metadata.namespace" +# id: "stock-cluster-/v1/services" +# pathToNavigate: "/openapi-ui/{clusterName}/~recordValueSecond~/factory/service-details/~recordValue~" + +# --- +# apiVersion: dashboard.cozystack.io/v1alpha1 +# kind: TableUriMapping +# metadata: +# name: stock-namespace-service-details +# spec: +# keysToParse: ".metadata.name" +# keysToParseSecond: ".metadata.namespace" +# id: "stock-namespace-/v1/services" +# pathToNavigate: "/openapi-ui/{clusterName}/~recordValueSecond~/factory/service-details/~recordValue~" diff --git a/packages/system/dashboard-config/templates/_helpers.tpl b/packages/system/dashboard-config/templates/_helpers.tpl new file mode 100644 index 00000000..4dd9a4b7 --- /dev/null +++ b/packages/system/dashboard-config/templates/_helpers.tpl @@ -0,0 +1,62 @@ +{{/* +Expand the name of the chart. +*/}} +{{- define "incloud-web-resources.name" -}} +{{- default .Chart.Name .Values.nameOverride | trunc 63 | trimSuffix "-" }} +{{- end }} + +{{/* +Create a default fully qualified app name. +We truncate at 63 chars because some Kubernetes name fields are limited to this (by the DNS naming spec). +If release name contains chart name it will be used as a full name. +*/}} +{{- define "incloud-web-resources.fullname" -}} +{{- if .Values.fullnameOverride }} +{{- .Values.fullnameOverride | trunc 63 | trimSuffix "-" }} +{{- else }} +{{- $name := default .Chart.Name .Values.nameOverride }} +{{- if contains $name .Release.Name }} +{{- .Release.Name | trunc 63 | trimSuffix "-" }} +{{- else }} +{{- printf "%s-%s" .Release.Name $name | trunc 63 | trimSuffix "-" }} +{{- end }} +{{- end }} +{{- end }} + +{{/* +Create chart name and version as used by the chart label. +*/}} +{{- define "incloud-web-resources.chart" -}} +{{- printf "%s-%s" .Chart.Name .Chart.Version | replace "+" "_" | trunc 63 | trimSuffix "-" }} +{{- end }} + +{{/* +Common labels +*/}} +{{- define "incloud-web-resources.labels" -}} +helm.sh/chart: {{ include "incloud-web-resources.chart" . }} +{{ include "incloud-web-resources.selectorLabels" . }} +{{- if .Chart.AppVersion }} +app.kubernetes.io/version: {{ .Chart.AppVersion | quote }} +{{- end }} +app.kubernetes.io/managed-by: {{ .Release.Service }} +{{- end }} + +{{/* +Selector labels +*/}} +{{- define "incloud-web-resources.selectorLabels" -}} +app.kubernetes.io/name: {{ include "incloud-web-resources.name" . }} +app.kubernetes.io/instance: {{ .Release.Name }} +{{- end }} + +{{/* +Create the name of the service account to use +*/}} +{{- define "incloud-web-resources.serviceAccountName" -}} +{{- if .Values.serviceAccount.create }} +{{- default (include "incloud-web-resources.fullname" .) .Values.serviceAccount.name }} +{{- else }} +{{- default "default" .Values.serviceAccount.name }} +{{- end }} +{{- end }} diff --git a/packages/system/dashboard/Makefile b/packages/system/dashboard/Makefile index fd83f384..c8930ef6 100644 --- a/packages/system/dashboard/Makefile +++ b/packages/system/dashboard/Makefile @@ -4,61 +4,64 @@ export NAMESPACE=cozy-$(NAME) include ../../../scripts/common-envs.mk include ../../../scripts/package.mk -update: update-chart update-dockerfiles -image: image-dashboard image-kubeapps-apis +update: update-crd update-dockerfiles +image: image-openapi-ui image-openapi-ui-k8s-bff image-token-proxy -update-chart: - rm -rf charts - helm repo add bitnami https://charts.bitnami.com/bitnami - helm repo update bitnami - helm pull bitnami/kubeapps --untar --untardir charts - rm -rf charts/kubeapps/charts/postgresql/ - sed -i 's/.cluster.local//g' charts/kubeapps/templates/kubeappsapis/deployment.yaml - patch --no-backup-if-mismatch charts/kubeapps/templates/frontend/configmap.yaml < patches/logos.patch update-dockerfiles: @echo Update dockerfiles manually - #tag=$$(git ls-remote --tags --sort="v:refname" https://github.com/vmware-tanzu/kubeapps | awk -F'[/^]' 'END{print $$3}') && \ - wget https://github.com/vmware-tanzu/kubeapps/raw/$${tag}/cmd/kubeapps-apis/Dockerfile -O images/kubeapps-apis/Dockerfile && \ - patch --no-backup-if-mismatch images/kubeapps-apis/Dockerfile < images/kubeapps-apis/dockerfile.diff && \ - node_image=$$(wget -O- https://github.com/vmware-tanzu/kubeapps/raw/main/dashboard/Dockerfile | awk '/FROM bitnami\/node/ {print $$2}') && \ - sed -i "s|FROM .* AS build|FROM $${node_image} AS build|" images/dashboard/Dockerfile && \ - version=$$(echo "$$tag" | sed 's/^v//') && \ - sed -i "s/ARG VERSION=.*/ARG VERSION=$${version}/" images/dashboard/Dockerfile -image-dashboard: update-version - docker buildx build images/dashboard \ - --tag $(REGISTRY)/dashboard:$(call settag,$(TAG)) \ - --cache-from type=registry,ref=$(REGISTRY)/dashboard:latest \ +update-crd: + rm -rf crds + mkdir -p crds + wget -O- https://github.com/PRO-Robotech/helmfile-manifests/archive/refs/heads/main.tar.gz | tar -C crds -xzvf- helmfile-manifests-main/charts/incloud-main/incloud-web-1.0.0/incloud-web/templates --strip-components=6 + rm -f crds/_helpers.tpl + sed -i '/{{/d' crds/*.yml crds/*.yaml + +image-openapi-ui: + docker buildx build images/openapi-ui \ + --provenance false \ + --builder=$(BUILDER) \ + --platform=linux/amd64 \ + --tag $(REGISTRY)/openapi-ui:$(call settag,$(TAG)) \ + --cache-from type=registry,ref=$(REGISTRY)/openapi-ui:latest \ --cache-to type=inline \ - --metadata-file images/dashboard.json \ - $(BUILDX_ARGS) - REGISTRY="$(REGISTRY)" \ - yq -i '.kubeapps.dashboard.image.registry = strenv(REGISTRY)' values.yaml - REPOSITORY="dashboard" \ - yq -i '.kubeapps.dashboard.image.repository = strenv(REPOSITORY)' values.yaml - TAG="$(call settag,$(TAG))" \ - yq -i '.kubeapps.dashboard.image.tag = strenv(TAG)' values.yaml - DIGEST=$$(yq e '."containerimage.digest"' images/dashboard.json -o json -r) \ - yq -i '.kubeapps.dashboard.image.digest = strenv(DIGEST)' values.yaml - rm -f images/dashboard.json + --metadata-file images/openapi-ui.json \ + --push=$(PUSH) \ + --label "org.opencontainers.image.source=https://github.com/cozystack/cozystack" \ + --load=$(LOAD) + IMAGE="$(REGISTRY)/openapi-ui:$(call settag,$(TAG))@$$(yq e '."containerimage.digest"' images/openapi-ui.json -r)" \ + yq -i '.openapiUI.image = strenv(IMAGE)' values.yaml + rm -f images/openapi-ui.json -image-kubeapps-apis: update-version - docker buildx build images/kubeapps-apis \ - --tag $(REGISTRY)/kubeapps-apis:$(call settag,$(TAG)) \ - --cache-from type=registry,ref=$(REGISTRY)/kubeapps-apis:latest \ +image-openapi-ui-k8s-bff: + docker buildx build images/openapi-ui-k8s-bff \ + --provenance false \ + --builder=$(BUILDER) \ + --platform=linux/amd64 \ + --tag $(REGISTRY)/openapi-ui-k8s-bff:$(call settag,$(TAG)) \ + --cache-from type=registry,ref=$(REGISTRY)/openapi-ui-k8s-bff:latest \ --cache-to type=inline \ - --metadata-file images/kubeapps-apis.json \ - $(BUILDX_ARGS) - REGISTRY="$(REGISTRY)" \ - yq -i '.kubeapps.kubeappsapis.image.registry = strenv(REGISTRY)' values.yaml - REPOSITORY="kubeapps-apis" \ - yq -i '.kubeapps.kubeappsapis.image.repository = strenv(REPOSITORY)' values.yaml - TAG="$(call settag,$(TAG))" \ - yq -i '.kubeapps.kubeappsapis.image.tag = strenv(TAG)' values.yaml - DIGEST=$$(yq e '."containerimage.digest"' images/kubeapps-apis.json -o json -r) \ - yq -i '.kubeapps.kubeappsapis.image.digest = strenv(DIGEST)' values.yaml - rm -f images/kubeapps-apis.json + --metadata-file images/openapi-ui-k8s-bff.json \ + --push=$(PUSH) \ + --label "org.opencontainers.image.source=https://github.com/cozystack/cozystack" \ + --load=$(LOAD) + IMAGE="$(REGISTRY)/openapi-ui-k8s-bff:$(call settag,$(TAG))@$$(yq e '."containerimage.digest"' images/openapi-ui-k8s-bff.json -r)" \ + yq -i '.openapiUIK8sBff.image = strenv(IMAGE)' values.yaml + rm -f images/openapi-ui-k8s-bff.json -update-version: - sed -i "s|\(\"appVersion\":\).*|\1 \"$(TAG)\",|g" ./charts/kubeapps/templates/dashboard/configmap.yaml +image-token-proxy: + docker buildx build images/token-proxy \ + --provenance false \ + --builder=$(BUILDER) \ + --platform=linux/amd64 \ + --tag $(REGISTRY)/token-proxy:$(call settag,$(TAG)) \ + --cache-from type=registry,ref=$(REGISTRY)/token-proxy:latest \ + --cache-to type=inline \ + --metadata-file images/token-proxy.json \ + --push=$(PUSH) \ + --label "org.opencontainers.image.source=https://github.com/cozystack/cozystack" \ + --load=$(LOAD) + IMAGE="$(REGISTRY)/token-proxy:$(call settag,$(TAG))@$$(yq e '."containerimage.digest"' images/token-proxy.json -r)" \ + yq -i '.tokenProxy.image = strenv(IMAGE)' values.yaml + rm -f images/token-proxy.json diff --git a/packages/system/dashboard/charts/kubeapps/.helmignore b/packages/system/dashboard/charts/kubeapps/.helmignore deleted file mode 100644 index 34d55e3e..00000000 --- a/packages/system/dashboard/charts/kubeapps/.helmignore +++ /dev/null @@ -1,28 +0,0 @@ -# Copyright 2021-2022 the Kubeapps contributors. -# SPDX-License-Identifier: Apache-2.0 - -# Patterns to ignore when building packages. -# This supports shell glob matching, relative path matching, and -# negation (prefixed with !). Only one pattern per line. -.DS_Store -# Common VCS dirs -.git/ -.gitignore -.bzr/ -.bzrignore -.hg/ -.hgignore -.svn/ -# Common backup files -*.swp -*.bak -*.tmp -*~ -# Various IDEs -.project -.idea/ -*.tmproj -# img folder -img/ -# Changelog -CHANGELOG.md diff --git a/packages/system/dashboard/charts/kubeapps/Chart.lock b/packages/system/dashboard/charts/kubeapps/Chart.lock deleted file mode 100644 index 93e54bb9..00000000 --- a/packages/system/dashboard/charts/kubeapps/Chart.lock +++ /dev/null @@ -1,12 +0,0 @@ -dependencies: -- name: redis - repository: oci://registry-1.docker.io/bitnamicharts - version: 20.2.1 -- name: postgresql - repository: oci://registry-1.docker.io/bitnamicharts - version: 16.1.0 -- name: common - repository: oci://registry-1.docker.io/bitnamicharts - version: 2.26.0 -digest: sha256:8765098cabaca39ce13d856f5260df97667201dac6d2209280e5de9ad1a33006 -generated: "2024-10-31T19:49:51.754205675Z" diff --git a/packages/system/dashboard/charts/kubeapps/Chart.yaml b/packages/system/dashboard/charts/kubeapps/Chart.yaml deleted file mode 100644 index d0529f4e..00000000 --- a/packages/system/dashboard/charts/kubeapps/Chart.yaml +++ /dev/null @@ -1,54 +0,0 @@ -annotations: - category: Infrastructure - images: | - - name: kubeapps-apis - image: docker.io/bitnami/kubeapps-apis:2.12.0-debian-12-r0 - - name: kubeapps-apprepository-controller - image: docker.io/bitnami/kubeapps-apprepository-controller:2.12.0-debian-12-r0 - - name: kubeapps-asset-syncer - image: docker.io/bitnami/kubeapps-asset-syncer:2.12.0-debian-12-r0 - - name: kubeapps-dashboard - image: docker.io/bitnami/kubeapps-dashboard:2.12.0-debian-12-r0 - - name: kubeapps-oci-catalog - image: docker.io/bitnami/kubeapps-oci-catalog:2.12.0-debian-12-r0 - - name: kubeapps-pinniped-proxy - image: docker.io/bitnami/kubeapps-pinniped-proxy:2.12.0-debian-12-r0 - - name: nginx - image: docker.io/bitnami/nginx:1.27.2-debian-12-r2 - - name: oauth2-proxy - image: docker.io/bitnami/oauth2-proxy:7.7.1-debian-12-r1 - licenses: Apache-2.0 -apiVersion: v2 -appVersion: 2.12.0 -dependencies: -- condition: packaging.flux.enabled - name: redis - repository: oci://registry-1.docker.io/bitnamicharts - version: 20.x.x -- condition: packaging.helm.enabled - name: postgresql - repository: oci://registry-1.docker.io/bitnamicharts - version: 16.x.x -- name: common - repository: oci://registry-1.docker.io/bitnamicharts - tags: - - bitnami-common - version: 2.x.x -description: Kubeapps is a web-based UI for launching and managing applications on - Kubernetes. It allows users to deploy trusted applications and operators to control - users access to the cluster. -home: https://bitnami.com -icon: https://bitnami.com/assets/stacks/kubeapps/img/kubeapps-stack-220x234.png -keywords: -- helm -- dashboard -- service catalog -- deployment -kubeVersion: '>=1.21.0-0' -maintainers: -- name: Broadcom, Inc. All Rights Reserved. - url: https://github.com/bitnami/charts -name: kubeapps -sources: -- https://github.com/bitnami/charts/tree/main/bitnami/kubeapps -version: 17.0.3 diff --git a/packages/system/dashboard/charts/kubeapps/README.md b/packages/system/dashboard/charts/kubeapps/README.md deleted file mode 100644 index 14855b42..00000000 --- a/packages/system/dashboard/charts/kubeapps/README.md +++ /dev/null @@ -1,1220 +0,0 @@ - - -# Bitnami package for Kubeapps - -Kubeapps is a web-based UI for launching and managing applications on Kubernetes. It allows users to deploy trusted applications and operators to control users access to the cluster. - -[Overview of Kubeapps](https://github.com/vmware-tanzu/kubeapps) - -## TL;DR - -```console -helm install my-release oci://registry-1.docker.io/bitnamicharts/kubeapps --namespace kubeapps --create-namespace -``` - -> Note: You need to substitute the placeholders `REGISTRY_NAME` and `REPOSITORY_NAME` with a reference to your Helm chart registry and repository. For example, in the case of Bitnami, you need to use `REGISTRY_NAME=registry-1.docker.io` and `REPOSITORY_NAME=bitnamicharts`. -> Check out the [getting started](https://github.com/vmware-tanzu/kubeapps/blob/main/site/content/docs/latest/tutorials/getting-started.md) to start deploying apps with Kubeapps. - -Looking to use Kubeapps in production? Try [VMware Tanzu Application Catalog](https://bitnami.com/enterprise), the commercial edition of the Bitnami catalog. - -## Introduction - -This chart bootstraps a [Kubeapps](https://kubeapps.dev) deployment on a [Kubernetes](https://kubernetes.io) cluster using the [Helm](https://helm.sh) package manager. - -With Kubeapps you can: - -- Customize deployments through an intuitive, form-based user interface -- Inspect, upgrade and delete applications installed in the cluster -- Browse and deploy [Helm](https://github.com/helm/helm) charts from public or private chart repositories (including [VMware Marketplace™](https://marketplace.cloud.vmware.com) and [Bitnami Application Catalog](https://bitnami.com/application-catalog)) -- Browse and deploy [Kubernetes Operators](https://operatorhub.io/) -- Secure authentication to Kubeapps using a [standalone OAuth2/OIDC provider](https://github.com/vmware-tanzu/kubeapps/blob/main/site/content/docs/latest/tutorials/using-an-OIDC-provider.md) or [using Pinniped](https://github.com/vmware-tanzu/kubeapps/blob/main/site/content/docs/latest/howto/OIDC/using-an-OIDC-provider-with-pinniped.md) -- Secure authorization based on Kubernetes [Role-Based Access Control](https://github.com/vmware-tanzu/kubeapps/blob/main/site/content/docs/latest/howto/access-control.md) - -**_Note:_** Kubeapps 2.0 and onwards supports Helm 3 only. While only the Helm 3 API is supported, in most cases, charts made for Helm 2 will still work. - -It also packages the [Bitnami PostgreSQL chart](https://github.com/bitnami/charts/tree/main/bitnami/postgresql), which is required for bootstrapping a deployment for the database requirements of the Kubeapps application. - -## Prerequisites - -- Kubernetes 1.23+ -- Helm 3.8.0+ -- Administrative access to the cluster to create Custom Resource Definitions (CRDs) -- PV provisioner support in the underlying infrastructure (required for PostgreSQL database) - -## Installing the Chart - -To install the chart with the release name `my-release`: - -```console -helm install my-release oci://REGISTRY_NAME/REPOSITORY_NAME/kubeapps --namespace kubeapps --create-namespace -``` - -> Note: You need to substitute the placeholders `REGISTRY_NAME` and `REPOSITORY_NAME` with a reference to your Helm chart registry and repository. For example, in the case of Bitnami, you need to use `REGISTRY_NAME=registry-1.docker.io` and `REPOSITORY_NAME=bitnamicharts`. - -The command deploys Kubeapps on the Kubernetes cluster in the `kubeapps` namespace. The [Parameters](#parameters) section lists the parameters that can be configured during installation. - -> **Caveat**: Only one Kubeapps installation is supported per namespace - -Once you have installed Kubeapps follow the [Getting Started Guide](https://github.com/vmware-tanzu/kubeapps/blob/main/site/content/docs/latest/tutorials/getting-started.md) for additional information on how to access and use Kubeapps. - -## Configuration and installation details - -### Resource requests and limits - -Bitnami charts allow setting resource requests and limits for all containers inside the chart deployment. These are inside the `resources` value (check parameter table). Setting requests is essential for production workloads and these should be adapted to your specific use case. - -To make this process easier, the chart contains the `resourcesPreset` values, which automatically sets the `resources` section according to different presets. Check these presets in [the bitnami/common chart](https://github.com/bitnami/charts/blob/main/bitnami/common/templates/_resources.tpl#L15). However, in production workloads using `resourcePreset` is discouraged as it may not fully adapt to your specific needs. Find more information on container resource management in the [official Kubernetes documentation](https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/). - -### Configuring Initial Repositories - -By default, Kubeapps will track the [Bitnami Application Catalog](https://github.com/bitnami/charts). To change these defaults, override with your desired parameters the `apprepository.initialRepos` object present in the [values.yaml](https://github.com/bitnami/charts/tree/main/bitnami/kubeapps/values.yaml) file. - -### Enabling Operators - -Since v1.9.0 (and by default since v2.0), Kubeapps supports deploying and managing Operators within its dashboard. More information about how to enable and use this feature can be found in [this guide](https://github.com/vmware-tanzu/kubeapps/blob/main/site/content/docs/latest/tutorials/operators.md). - -### Exposing Externally - -> **Note**: The Kubeapps frontend sets up a proxy to the Kubernetes API service which means that when exposing the Kubeapps service to a network external to the Kubernetes cluster (perhaps on an internal or public network), the Kubernetes API will also be exposed for authenticated requests from that network. It is highly recommended that you [use an OAuth2/OIDC provider with Kubeapps](https://github.com/vmware-tanzu/kubeapps/blob/main/site/content/docs/latest/tutorials/using-an-OIDC-provider.md) to ensure that your authentication proxy is exposed rather than the Kubeapps frontend. This ensures that only the configured users trusted by your Identity Provider will be able to reach the Kubeapps frontend and therefore the Kubernetes API. Kubernetes service token authentication should only be used for users for demonstration purposes only, not production environments. - -#### LoadBalancer Service - -The simplest way to expose the Kubeapps Dashboard is to assign a LoadBalancer type to the Kubeapps frontend Service. For example, you can use the following parameter: `frontend.service.type=LoadBalancer` - -Wait for your cluster to assign a LoadBalancer IP or Hostname to the `kubeapps` Service and access it on that address: - -```console -kubectl get services --namespace kubeapps --watch -``` - -#### Ingress - -This chart provides support for Ingress resources. If you have an ingress controller installed on your cluster, such as [nginx-ingress-controller](https://github.com/bitnami/charts/tree/main/bitnami/nginx-ingress-controller) or [contour](https://github.com/bitnami/charts/tree/main/bitnami/contour) you can utilize the ingress controller to serve your application. - -To enable ingress integration, please set `ingress.enabled` to `true` - -##### Hosts - -Most likely you will only want to have one hostname that maps to this Kubeapps installation (use the `ingress.hostname` parameter to set the hostname), however, it is possible to have more than one host. To facilitate this, the `ingress.extraHosts` object is an array. - -##### Annotations - -For annotations, please see [this document](https://github.com/kubernetes/ingress-nginx/blob/main/docs/user-guide/nginx-configuration/annotations.md). Not all annotations are supported by all ingress controllers, but this document does a good job of indicating which annotation is supported by many popular ingress controllers. Annotations can be set using `ingress.annotations`. - -##### TLS - -This chart will facilitate the creation of TLS secrets for use with the ingress controller, however, this is not required. There are four common use cases: - -- Helm generates/manages certificate secrets based on the parameters. -- The user generates/manages certificates separately. -- Helm creates self-signed certificates and generates/manages certificate secrets. -- An additional tool (like [cert-manager](https://github.com/jetstack/cert-manager/)) manages the secrets for the application. - -In the first two cases, it is needed a certificate and a key. We would expect them to look like this: - -- certificate files should look like (and there can be more than one certificate if there is a certificate chain) - - ```console - -----BEGIN CERTIFICATE----- - MIID6TCCAtGgAwIBAgIJAIaCwivkeB5EMA0GCSqGSIb3DQEBCwUAMFYxCzAJBgNV - ... - jScrvkiBO65F46KioCL9h5tDvomdU1aqpI/CBzhvZn1c0ZTf87tGQR8NK7v7 - -----END CERTIFICATE----- - ``` - -- keys should look like: - - ```console - -----BEGIN RSA PRIVATE KEY----- - MIIEogIBAAKCAQEAvLYcyu8f3skuRyUgeeNpeDvYBCDcgq+LsWap6zbX5f8oLqp4 - ... - wrj2wDbCDCFmfqnSJ+dKI3vFLlEz44sAV8jX/kd4Y6ZTQhlLbYc= - -----END RSA PRIVATE KEY----- - ``` - -- If you are going to use Helm to manage the certificates based on the parameters, please copy these values into the `certificate` and `key` values for a given `ingress.secrets` entry. -- In case you are going to manage TLS secrets separately, please know that you must use a TLS secret with name _INGRESS_HOSTNAME-tls_ (where _INGRESS_HOSTNAME_ is a placeholder to be replaced with the hostname you set using the `ingress.hostname` parameter). -- To use self-signed certificates created by Helm, set both `ingress.tls` and `ingress.selfSigned` to `true`. -- If your cluster has a [cert-manager](https://github.com/jetstack/cert-manager) add-on to automate the management and issuance of TLS certificates, set `ingress.certManager` boolean to true to enable the corresponding annotations for cert-manager. - -## Parameters - -### Global parameters - -| Name | Description | Value | -| ----------------------------------------------------- | ------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | ------ | -| `global.imageRegistry` | Global Docker image registry | `""` | -| `global.imagePullSecrets` | Global Docker registry secret names as an array | `[]` | -| `global.defaultStorageClass` | Global default StorageClass for Persistent Volume(s) | `""` | -| `global.storageClass` | DEPRECATED: use global.defaultStorageClass instead | `""` | -| `global.compatibility.openshift.adaptSecurityContext` | Adapt the securityContext sections of the deployment to make them compatible with Openshift restricted-v2 SCC: remove runAsUser, runAsGroup and fsGroup and let the platform use their allowed default IDs. Possible values: auto (apply if the detected running cluster is Openshift), force (perform the adaptation always), disabled (do not perform adaptation) | `auto` | - -### Common parameters - -| Name | Description | Value | -| ------------------------ | --------------------------------------------------------------------------------------- | -------------- | -| `kubeVersion` | Override Kubernetes version | `""` | -| `nameOverride` | String to partially override common.names.fullname | `""` | -| `fullnameOverride` | String to fully override common.names.fullname | `""` | -| `commonLabels` | Labels to add to all deployed objects | `{}` | -| `commonAnnotations` | Annotations to add to all deployed objects | `{}` | -| `extraDeploy` | Array of extra objects to deploy with the release | `[]` | -| `enableIPv6` | Enable IPv6 configuration | `false` | -| `diagnosticMode.enabled` | Enable diagnostic mode (all probes will be disabled and the command will be overridden) | `false` | -| `diagnosticMode.command` | Command to override all containers in the deployment | `["sleep"]` | -| `diagnosticMode.args` | Args to override all containers in the deployment | `["infinity"]` | - -### Traffic Exposure Parameters - -| Name | Description | Value | -| -------------------------- | -------------------------------------------------------------------------------------------------------------------------------- | ------------------------ | -| `ingress.enabled` | Enable ingress record generation for Kubeapps | `false` | -| `ingress.apiVersion` | Force Ingress API version (automatically detected if not set) | `""` | -| `ingress.hostname` | Default host for the ingress record | `kubeapps.local` | -| `ingress.path` | Default path for the ingress record | `/` | -| `ingress.pathType` | Ingress path type | `ImplementationSpecific` | -| `ingress.annotations` | Additional annotations for the Ingress resource. To enable certificate autogeneration, place here your cert-manager annotations. | `{}` | -| `ingress.tls` | Enable TLS configuration for the host defined at `ingress.hostname` parameter | `false` | -| `ingress.selfSigned` | Create a TLS secret for this ingress record using self-signed certificates generated by Helm | `false` | -| `ingress.extraHosts` | An array with additional hostname(s) to be covered with the ingress record | `[]` | -| `ingress.extraPaths` | An array with additional arbitrary paths that may need to be added to the ingress under the main host | `[]` | -| `ingress.extraTls` | TLS configuration for additional hostname(s) to be covered with this ingress record | `[]` | -| `ingress.secrets` | Custom TLS certificates as secrets | `[]` | -| `ingress.ingressClassName` | IngressClass that will be be used to implement the Ingress (Kubernetes 1.18+) | `""` | -| `ingress.extraRules` | Additional rules to be covered with this ingress record | `[]` | - -### Kubeapps packaging options - -| Name | Description | Value | -| -------------------------- | ---------------------------------------------------------- | ------- | -| `packaging.helm.enabled` | Enable the standard Helm packaging. | `true` | -| `packaging.carvel.enabled` | Enable support for the Carvel (kapp-controller) packaging. | `false` | -| `packaging.flux.enabled` | Enable support for Flux (v2) packaging. | `false` | - -### Frontend parameters - -| Name | Description | Value | -| ------------------------------------------------------------ | ----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | ----------------------- | -| `frontend.image.registry` | NGINX image registry | `REGISTRY_NAME` | -| `frontend.image.repository` | NGINX image repository | `REPOSITORY_NAME/nginx` | -| `frontend.image.digest` | NGINX image digest in the way sha256:aa.... Please note this parameter, if set, will override the tag | `""` | -| `frontend.image.pullPolicy` | NGINX image pull policy | `IfNotPresent` | -| `frontend.image.pullSecrets` | NGINX image pull secrets | `[]` | -| `frontend.image.debug` | Enable image debug mode | `false` | -| `frontend.proxypassAccessTokenAsBearer` | Use access_token as the Bearer when talking to the k8s api server | `false` | -| `frontend.proxypassExtraSetHeader` | Set an additional proxy header for all requests proxied via NGINX | `""` | -| `frontend.largeClientHeaderBuffers` | Set large_client_header_buffers in NGINX config | `4 32k` | -| `frontend.replicaCount` | Number of frontend replicas to deploy | `2` | -| `frontend.updateStrategy.type` | Frontend deployment strategy type. | `RollingUpdate` | -| `frontend.resourcesPreset` | Set container resources according to one common preset (allowed values: none, nano, micro, small, medium, large, xlarge, 2xlarge). This is ignored if frontend.resources is set (frontend.resources is recommended for production). | `micro` | -| `frontend.resources` | Set container requests and limits for different resources like CPU or memory (essential for production workloads) | `{}` | -| `frontend.extraEnvVars` | Array with extra environment variables to add to the NGINX container | `[]` | -| `frontend.extraEnvVarsCM` | Name of existing ConfigMap containing extra env vars for the NGINX container | `""` | -| `frontend.extraEnvVarsSecret` | Name of existing Secret containing extra env vars for the NGINX container | `""` | -| `frontend.containerPorts.http` | NGINX HTTP container port | `8080` | -| `frontend.podSecurityContext.enabled` | Enabled frontend pods' Security Context | `true` | -| `frontend.podSecurityContext.fsGroupChangePolicy` | Set filesystem group change policy | `Always` | -| `frontend.podSecurityContext.sysctls` | Set kernel settings using the sysctl interface | `[]` | -| `frontend.podSecurityContext.supplementalGroups` | Set filesystem extra groups | `[]` | -| `frontend.podSecurityContext.fsGroup` | Set frontend pod's Security Context fsGroup | `1001` | -| `frontend.containerSecurityContext.enabled` | Enabled containers' Security Context | `true` | -| `frontend.containerSecurityContext.seLinuxOptions` | Set SELinux options in container | `{}` | -| `frontend.containerSecurityContext.runAsUser` | Set containers' Security Context runAsUser | `1001` | -| `frontend.containerSecurityContext.runAsGroup` | Set containers' Security Context runAsGroup | `1001` | -| `frontend.containerSecurityContext.runAsNonRoot` | Set container's Security Context runAsNonRoot | `true` | -| `frontend.containerSecurityContext.privileged` | Set container's Security Context privileged | `false` | -| `frontend.containerSecurityContext.readOnlyRootFilesystem` | Set container's Security Context readOnlyRootFilesystem | `true` | -| `frontend.containerSecurityContext.allowPrivilegeEscalation` | Set container's Security Context allowPrivilegeEscalation | `false` | -| `frontend.containerSecurityContext.capabilities.drop` | List of capabilities to be dropped | `["ALL"]` | -| `frontend.containerSecurityContext.seccompProfile.type` | Set container's Security Context seccomp profile | `RuntimeDefault` | -| `frontend.livenessProbe.enabled` | Enable livenessProbe | `true` | -| `frontend.livenessProbe.initialDelaySeconds` | Initial delay seconds for livenessProbe | `60` | -| `frontend.livenessProbe.periodSeconds` | Period seconds for livenessProbe | `10` | -| `frontend.livenessProbe.timeoutSeconds` | Timeout seconds for livenessProbe | `5` | -| `frontend.livenessProbe.failureThreshold` | Failure threshold for livenessProbe | `6` | -| `frontend.livenessProbe.successThreshold` | Success threshold for livenessProbe | `1` | -| `frontend.readinessProbe.enabled` | Enable readinessProbe | `true` | -| `frontend.readinessProbe.initialDelaySeconds` | Initial delay seconds for readinessProbe | `0` | -| `frontend.readinessProbe.periodSeconds` | Period seconds for readinessProbe | `10` | -| `frontend.readinessProbe.timeoutSeconds` | Timeout seconds for readinessProbe | `5` | -| `frontend.readinessProbe.failureThreshold` | Failure threshold for readinessProbe | `6` | -| `frontend.readinessProbe.successThreshold` | Success threshold for readinessProbe | `1` | -| `frontend.startupProbe.enabled` | Enable startupProbe | `false` | -| `frontend.startupProbe.initialDelaySeconds` | Initial delay seconds for startupProbe | `0` | -| `frontend.startupProbe.periodSeconds` | Period seconds for startupProbe | `10` | -| `frontend.startupProbe.timeoutSeconds` | Timeout seconds for startupProbe | `5` | -| `frontend.startupProbe.failureThreshold` | Failure threshold for startupProbe | `6` | -| `frontend.startupProbe.successThreshold` | Success threshold for startupProbe | `1` | -| `frontend.customLivenessProbe` | Custom livenessProbe that overrides the default one | `{}` | -| `frontend.customReadinessProbe` | Custom readinessProbe that overrides the default one | `{}` | -| `frontend.customStartupProbe` | Custom startupProbe that overrides the default one | `{}` | -| `frontend.lifecycleHooks` | Custom lifecycle hooks for frontend containers | `{}` | -| `frontend.command` | Override default container command (useful when using custom images) | `[]` | -| `frontend.args` | Override default container args (useful when using custom images) | `[]` | -| `frontend.podLabels` | Extra labels for frontend pods | `{}` | -| `frontend.podAnnotations` | Annotations for frontend pods | `{}` | -| `frontend.podAffinityPreset` | Pod affinity preset. Ignored if `affinity` is set. Allowed values: `soft` or `hard` | `""` | -| `frontend.podAntiAffinityPreset` | Pod anti-affinity preset. Ignored if `affinity` is set. Allowed values: `soft` or `hard` | `soft` | -| `frontend.nodeAffinityPreset.type` | Node affinity preset type. Ignored if `affinity` is set. Allowed values: `soft` or `hard` | `""` | -| `frontend.nodeAffinityPreset.key` | Node label key to match. Ignored if `affinity` is set | `""` | -| `frontend.nodeAffinityPreset.values` | Node label values to match. Ignored if `affinity` is set | `[]` | -| `frontend.affinity` | Affinity for pod assignment | `{}` | -| `frontend.nodeSelector` | Node labels for pod assignment | `{}` | -| `frontend.tolerations` | Tolerations for pod assignment | `[]` | -| `frontend.priorityClassName` | Priority class name for frontend pods | `""` | -| `frontend.schedulerName` | Name of the k8s scheduler (other than default) | `""` | -| `frontend.topologySpreadConstraints` | Topology Spread Constraints for pod assignment | `[]` | -| `frontend.automountServiceAccountToken` | Mount Service Account token in pod | `true` | -| `frontend.hostAliases` | Custom host aliases for frontend pods | `[]` | -| `frontend.extraVolumes` | Optionally specify extra list of additional volumes for frontend pods | `[]` | -| `frontend.extraVolumeMounts` | Optionally specify extra list of additional volumeMounts for frontend container(s) | `[]` | -| `frontend.sidecars` | Add additional sidecar containers to the frontend pod | `[]` | -| `frontend.initContainers` | Add additional init containers to the frontend pods | `[]` | -| `frontend.pdb.create` | Enable/disable a Pod Disruption Budget creation | `true` | -| `frontend.pdb.minAvailable` | Minimum number/percentage of pods that should remain scheduled | `""` | -| `frontend.pdb.maxUnavailable` | Maximum number/percentage of pods that may be made unavailable. Defaults to `1` if both `frontend.pdb.minAvailable` and `frontend.pdb.maxUnavailable` are empty. | `""` | -| `frontend.service.type` | Frontend service type | `ClusterIP` | -| `frontend.service.ports.http` | Frontend service HTTP port | `80` | -| `frontend.service.nodePorts.http` | Node port for HTTP | `""` | -| `frontend.service.clusterIP` | Frontend service Cluster IP | `""` | -| `frontend.service.loadBalancerIP` | Frontend service Load Balancer IP | `""` | -| `frontend.service.loadBalancerSourceRanges` | Frontend service Load Balancer sources | `[]` | -| `frontend.service.externalTrafficPolicy` | Frontend service external traffic policy | `Cluster` | -| `frontend.service.extraPorts` | Extra ports to expose (normally used with the `sidecar` value) | `[]` | -| `frontend.service.annotations` | Additional custom annotations for frontend service | `{}` | -| `frontend.service.sessionAffinity` | Session Affinity for Kubernetes service, can be "None" or "ClientIP" | `None` | -| `frontend.service.sessionAffinityConfig` | Additional settings for the sessionAffinity | `{}` | -| `frontend.networkPolicy.enabled` | Specifies whether a NetworkPolicy should be created | `true` | -| `frontend.networkPolicy.allowExternal` | Don't require server label for connections | `true` | -| `frontend.networkPolicy.allowExternalEgress` | Allow the pod to access any range of port and all destinations. | `true` | -| `frontend.networkPolicy.kubeAPIServerPorts` | List of possible endpoints to kube-apiserver (limit to your cluster settings to increase security) | `[]` | -| `frontend.networkPolicy.extraIngress` | Add extra ingress rules to the NetworkPolicy | `[]` | -| `frontend.networkPolicy.extraEgress` | Add extra ingress rules to the NetworkPolicy | `[]` | -| `frontend.networkPolicy.ingressNSMatchLabels` | Labels to match to allow traffic from other namespaces | `{}` | -| `frontend.networkPolicy.ingressNSPodMatchLabels` | Pod labels to match to allow traffic from other namespaces | `{}` | - -### Dashboard parameters - -| Name | Description | Value | -| ------------------------------------------------------------- | ------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | ------------------------------------ | -| `dashboard.enabled` | Specifies whether Kubeapps Dashboard should be deployed or not | `true` | -| `dashboard.image.registry` | Dashboard image registry | `REGISTRY_NAME` | -| `dashboard.image.repository` | Dashboard image repository | `REPOSITORY_NAME/kubeapps-dashboard` | -| `dashboard.image.digest` | Dashboard image digest in the way sha256:aa.... Please note this parameter, if set, will override the tag | `""` | -| `dashboard.image.pullPolicy` | Dashboard image pull policy | `IfNotPresent` | -| `dashboard.image.pullSecrets` | Dashboard image pull secrets | `[]` | -| `dashboard.image.debug` | Enable image debug mode | `false` | -| `dashboard.customStyle` | Custom CSS injected to the Dashboard to customize Kubeapps look and feel | `""` | -| `dashboard.customAppViews` | Package names to signal a custom app view | `[]` | -| `dashboard.customComponents` | Custom Form components injected into the BasicDeploymentForm | `""` | -| `dashboard.remoteComponentsUrl` | Remote URL that can be used to load custom components vs loading from the local filesystem | `""` | -| `dashboard.skipAvailablePackageDetails` | Skip the package details view and go straight to the installation view of the latest version | `false` | -| `dashboard.customLocale` | Custom translations injected to the Dashboard to customize the strings used in Kubeapps | `""` | -| `dashboard.defaultTheme` | Default theme used in the Dashboard if the user has not selected any theme yet. | `""` | -| `dashboard.replicaCount` | Number of Dashboard replicas to deploy | `2` | -| `dashboard.createNamespaceLabels` | Labels added to newly created namespaces | `{}` | -| `dashboard.updateStrategy.type` | Dashboard deployment strategy type. | `RollingUpdate` | -| `dashboard.extraEnvVars` | Array with extra environment variables to add to the Dashboard container | `[]` | -| `dashboard.extraEnvVarsCM` | Name of existing ConfigMap containing extra env vars for the Dashboard container | `""` | -| `dashboard.extraEnvVarsSecret` | Name of existing Secret containing extra env vars for the Dashboard container | `""` | -| `dashboard.containerPorts.http` | Dashboard HTTP container port | `8080` | -| `dashboard.resourcesPreset` | Set container resources according to one common preset (allowed values: none, nano, micro, small, medium, large, xlarge, 2xlarge). This is ignored if dashboard.resources is set (dashboard.resources is recommended for production). | `micro` | -| `dashboard.resources` | Set container requests and limits for different resources like CPU or memory (essential for production workloads) | `{}` | -| `dashboard.podSecurityContext.enabled` | Enabled Dashboard pods' Security Context | `true` | -| `dashboard.podSecurityContext.fsGroupChangePolicy` | Set filesystem group change policy | `Always` | -| `dashboard.podSecurityContext.sysctls` | Set kernel settings using the sysctl interface | `[]` | -| `dashboard.podSecurityContext.supplementalGroups` | Set filesystem extra groups | `[]` | -| `dashboard.podSecurityContext.fsGroup` | Set Dashboard pod's Security Context fsGroup | `1001` | -| `dashboard.containerSecurityContext.enabled` | Enabled containers' Security Context | `true` | -| `dashboard.containerSecurityContext.seLinuxOptions` | Set SELinux options in container | `{}` | -| `dashboard.containerSecurityContext.runAsUser` | Set containers' Security Context runAsUser | `1001` | -| `dashboard.containerSecurityContext.runAsGroup` | Set containers' Security Context runAsGroup | `1001` | -| `dashboard.containerSecurityContext.runAsNonRoot` | Set container's Security Context runAsNonRoot | `true` | -| `dashboard.containerSecurityContext.privileged` | Set container's Security Context privileged | `false` | -| `dashboard.containerSecurityContext.readOnlyRootFilesystem` | Set container's Security Context readOnlyRootFilesystem | `true` | -| `dashboard.containerSecurityContext.allowPrivilegeEscalation` | Set container's Security Context allowPrivilegeEscalation | `false` | -| `dashboard.containerSecurityContext.capabilities.drop` | List of capabilities to be dropped | `["ALL"]` | -| `dashboard.containerSecurityContext.seccompProfile.type` | Set container's Security Context seccomp profile | `RuntimeDefault` | -| `dashboard.livenessProbe.enabled` | Enable livenessProbe | `true` | -| `dashboard.livenessProbe.initialDelaySeconds` | Initial delay seconds for livenessProbe | `60` | -| `dashboard.livenessProbe.periodSeconds` | Period seconds for livenessProbe | `10` | -| `dashboard.livenessProbe.timeoutSeconds` | Timeout seconds for livenessProbe | `5` | -| `dashboard.livenessProbe.failureThreshold` | Failure threshold for livenessProbe | `6` | -| `dashboard.livenessProbe.successThreshold` | Success threshold for livenessProbe | `1` | -| `dashboard.readinessProbe.enabled` | Enable readinessProbe | `true` | -| `dashboard.readinessProbe.initialDelaySeconds` | Initial delay seconds for readinessProbe | `0` | -| `dashboard.readinessProbe.periodSeconds` | Period seconds for readinessProbe | `10` | -| `dashboard.readinessProbe.timeoutSeconds` | Timeout seconds for readinessProbe | `5` | -| `dashboard.readinessProbe.failureThreshold` | Failure threshold for readinessProbe | `6` | -| `dashboard.readinessProbe.successThreshold` | Success threshold for readinessProbe | `1` | -| `dashboard.startupProbe.enabled` | Enable startupProbe | `true` | -| `dashboard.startupProbe.initialDelaySeconds` | Initial delay seconds for startupProbe | `0` | -| `dashboard.startupProbe.periodSeconds` | Period seconds for startupProbe | `10` | -| `dashboard.startupProbe.timeoutSeconds` | Timeout seconds for startupProbe | `5` | -| `dashboard.startupProbe.failureThreshold` | Failure threshold for startupProbe | `6` | -| `dashboard.startupProbe.successThreshold` | Success threshold for startupProbe | `1` | -| `dashboard.customLivenessProbe` | Custom livenessProbe that overrides the default one | `{}` | -| `dashboard.customReadinessProbe` | Custom readinessProbe that overrides the default one | `{}` | -| `dashboard.customStartupProbe` | Custom startupProbe that overrides the default one | `{}` | -| `dashboard.lifecycleHooks` | Custom lifecycle hooks for Dashboard containers | `{}` | -| `dashboard.command` | Override default container command (useful when using custom images) | `[]` | -| `dashboard.args` | Override default container args (useful when using custom images) | `[]` | -| `dashboard.podLabels` | Extra labels for Dashboard pods | `{}` | -| `dashboard.podAnnotations` | Annotations for Dashboard pods | `{}` | -| `dashboard.podAffinityPreset` | Pod affinity preset. Ignored if `affinity` is set. Allowed values: `soft` or `hard` | `""` | -| `dashboard.podAntiAffinityPreset` | Pod anti-affinity preset. Ignored if `affinity` is set. Allowed values: `soft` or `hard` | `soft` | -| `dashboard.nodeAffinityPreset.type` | Node affinity preset type. Ignored if `affinity` is set. Allowed values: `soft` or `hard` | `""` | -| `dashboard.nodeAffinityPreset.key` | Node label key to match. Ignored if `affinity` is set | `""` | -| `dashboard.nodeAffinityPreset.values` | Node label values to match. Ignored if `affinity` is set | `[]` | -| `dashboard.affinity` | Affinity for pod assignment | `{}` | -| `dashboard.nodeSelector` | Node labels for pod assignment | `{}` | -| `dashboard.tolerations` | Tolerations for pod assignment | `[]` | -| `dashboard.priorityClassName` | Priority class name for Dashboard pods | `""` | -| `dashboard.schedulerName` | Name of the k8s scheduler (other than default) | `""` | -| `dashboard.topologySpreadConstraints` | Topology Spread Constraints for pod assignment | `[]` | -| `dashboard.automountServiceAccountToken` | Mount Service Account token in pod | `true` | -| `dashboard.hostAliases` | Custom host aliases for Dashboard pods | `[]` | -| `dashboard.extraVolumes` | Optionally specify extra list of additional volumes for Dashboard pods | `[]` | -| `dashboard.extraVolumeMounts` | Optionally specify extra list of additional volumeMounts for Dashboard container(s) | `[]` | -| `dashboard.sidecars` | Add additional sidecar containers to the Dashboard pod | `[]` | -| `dashboard.initContainers` | Add additional init containers to the Dashboard pods | `[]` | -| `dashboard.pdb.create` | Enable/disable a Pod Disruption Budget creation | `true` | -| `dashboard.pdb.minAvailable` | Minimum number/percentage of pods that should remain scheduled | `""` | -| `dashboard.pdb.maxUnavailable` | Maximum number/percentage of pods that may be made unavailable. Defaults to `1` if both `dashboard.pdb.minAvailable` and `dashboard.pdb.maxUnavailable` are empty. | `""` | -| `dashboard.service.ports.http` | Dashboard service HTTP port | `8080` | -| `dashboard.service.annotations` | Additional custom annotations for Dashboard service | `{}` | -| `dashboard.networkPolicy.enabled` | Specifies whether a NetworkPolicy should be created | `true` | -| `dashboard.networkPolicy.allowExternal` | Don't require server label for connections | `true` | -| `dashboard.networkPolicy.allowExternalEgress` | Allow the pod to access any range of port and all destinations. | `true` | -| `dashboard.networkPolicy.kubeAPIServerPorts` | List of possible endpoints to kube-apiserver (limit to your cluster settings to increase security) | `[]` | -| `dashboard.networkPolicy.extraIngress` | Add extra ingress rules to the NetworkPolicy | `[]` | -| `dashboard.networkPolicy.extraEgress` | Add extra ingress rules to the NetworkPolicy | `[]` | -| `dashboard.networkPolicy.ingressNSMatchLabels` | Labels to match to allow traffic from other namespaces | `{}` | -| `dashboard.networkPolicy.ingressNSPodMatchLabels` | Pod labels to match to allow traffic from other namespaces | `{}` | - -### AppRepository Controller parameters - -| Name | Description | Value | -| ----------------------------------------------------------------- | --------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | --------------------------------------------------- | -| `apprepository.image.registry` | Kubeapps AppRepository Controller image registry | `REGISTRY_NAME` | -| `apprepository.image.repository` | Kubeapps AppRepository Controller image repository | `REPOSITORY_NAME/kubeapps-apprepository-controller` | -| `apprepository.image.digest` | Kubeapps AppRepository Controller image digest in the way sha256:aa.... Please note this parameter, if set, will override the tag | `""` | -| `apprepository.image.pullPolicy` | Kubeapps AppRepository Controller image pull policy | `IfNotPresent` | -| `apprepository.image.pullSecrets` | Kubeapps AppRepository Controller image pull secrets | `[]` | -| `apprepository.syncImage.registry` | Kubeapps Asset Syncer image registry | `REGISTRY_NAME` | -| `apprepository.syncImage.repository` | Kubeapps Asset Syncer image repository | `REPOSITORY_NAME/kubeapps-asset-syncer` | -| `apprepository.syncImage.digest` | Kubeapps Asset Syncer image digest in the way sha256:aa.... Please note this parameter, if set, will override the tag | `""` | -| `apprepository.syncImage.pullPolicy` | Kubeapps Asset Syncer image pull policy | `IfNotPresent` | -| `apprepository.syncImage.pullSecrets` | Kubeapps Asset Syncer image pull secrets | `[]` | -| `apprepository.globalReposNamespaceSuffix` | Suffix for the namespace of global repos in the Helm plugin. Defaults to empty for backwards compatibility. Ignored if kubeappsapis.pluginConfig.helm.packages.v1alpha1.globalPackagingNamespace is set. | `""` | -| `apprepository.initialRepos` | Initial chart repositories to configure | `[]` | -| `apprepository.customAnnotations` | Custom annotations be added to each AppRepository-generated CronJob, Job and Pod | `{}` | -| `apprepository.customLabels` | Custom labels be added to each AppRepository-generated CronJob, Job and Pod | `{}` | -| `apprepository.initialReposProxy.enabled` | Enables the proxy | `false` | -| `apprepository.initialReposProxy.httpProxy` | URL for the http proxy | `""` | -| `apprepository.initialReposProxy.httpsProxy` | URL for the https proxy | `""` | -| `apprepository.initialReposProxy.noProxy` | URL to exclude from using the proxy | `""` | -| `apprepository.crontab` | Default schedule for syncing App repositories (defaults to every 10 minutes) | `""` | -| `apprepository.watchAllNamespaces` | Watch all namespaces to support separate AppRepositories per namespace | `true` | -| `apprepository.extraFlags` | Additional command line flags for AppRepository Controller | `[]` | -| `apprepository.replicaCount` | Number of AppRepository Controller replicas to deploy | `1` | -| `apprepository.updateStrategy.type` | AppRepository Controller deployment strategy type. | `RollingUpdate` | -| `apprepository.resourcesPreset` | Set container resources according to one common preset (allowed values: none, nano, micro, small, medium, large, xlarge, 2xlarge). This is ignored if apprepository.resources is set (apprepository.resources is recommended for production). | `micro` | -| `apprepository.resources` | Set container requests and limits for different resources like CPU or memory (essential for production workloads) | `{}` | -| `apprepository.podSecurityContext.enabled` | Enabled AppRepository Controller pods' Security Context | `true` | -| `apprepository.podSecurityContext.fsGroupChangePolicy` | Set filesystem group change policy | `Always` | -| `apprepository.podSecurityContext.sysctls` | Set kernel settings using the sysctl interface | `[]` | -| `apprepository.podSecurityContext.supplementalGroups` | Set filesystem extra groups | `[]` | -| `apprepository.podSecurityContext.fsGroup` | Set AppRepository Controller pod's Security Context fsGroup | `1001` | -| `apprepository.containerSecurityContext.enabled` | Enabled containers' Security Context | `true` | -| `apprepository.containerSecurityContext.seLinuxOptions` | Set SELinux options in container | `{}` | -| `apprepository.containerSecurityContext.runAsUser` | Set containers' Security Context runAsUser | `1001` | -| `apprepository.containerSecurityContext.runAsGroup` | Set containers' Security Context runAsGroup | `1001` | -| `apprepository.containerSecurityContext.runAsNonRoot` | Set container's Security Context runAsNonRoot | `true` | -| `apprepository.containerSecurityContext.privileged` | Set container's Security Context privileged | `false` | -| `apprepository.containerSecurityContext.readOnlyRootFilesystem` | Set container's Security Context readOnlyRootFilesystem | `true` | -| `apprepository.containerSecurityContext.allowPrivilegeEscalation` | Set container's Security Context allowPrivilegeEscalation | `false` | -| `apprepository.containerSecurityContext.capabilities.drop` | List of capabilities to be dropped | `["ALL"]` | -| `apprepository.containerSecurityContext.seccompProfile.type` | Set container's Security Context seccomp profile | `RuntimeDefault` | -| `apprepository.lifecycleHooks` | Custom lifecycle hooks for AppRepository Controller containers | `{}` | -| `apprepository.command` | Override default container command (useful when using custom images) | `[]` | -| `apprepository.args` | Override default container args (useful when using custom images) | `[]` | -| `apprepository.extraEnvVars` | Array with extra environment variables to add to AppRepository Controller pod(s) | `[]` | -| `apprepository.extraEnvVarsCM` | Name of existing ConfigMap containing extra env vars for AppRepository Controller pod(s) | `""` | -| `apprepository.extraEnvVarsSecret` | Name of existing Secret containing extra env vars for AppRepository Controller pod(s) | `""` | -| `apprepository.extraVolumes` | Optionally specify extra list of additional volumes for the AppRepository Controller pod(s) | `[]` | -| `apprepository.extraVolumeMounts` | Optionally specify extra list of additional volumeMounts for the AppRepository Controller container(s) | `[]` | -| `apprepository.podLabels` | Extra labels for AppRepository Controller pods | `{}` | -| `apprepository.podAnnotations` | Annotations for AppRepository Controller pods | `{}` | -| `apprepository.podAffinityPreset` | Pod affinity preset. Ignored if `affinity` is set. Allowed values: `soft` or `hard` | `""` | -| `apprepository.podAntiAffinityPreset` | Pod anti-affinity preset. Ignored if `affinity` is set. Allowed values: `soft` or `hard` | `soft` | -| `apprepository.nodeAffinityPreset.type` | Node affinity preset type. Ignored if `affinity` is set. Allowed values: `soft` or `hard` | `""` | -| `apprepository.nodeAffinityPreset.key` | Node label key to match. Ignored if `affinity` is set | `""` | -| `apprepository.nodeAffinityPreset.values` | Node label values to match. Ignored if `affinity` is set | `[]` | -| `apprepository.affinity` | Affinity for pod assignment | `{}` | -| `apprepository.nodeSelector` | Node labels for pod assignment | `{}` | -| `apprepository.tolerations` | Tolerations for pod assignment | `[]` | -| `apprepository.priorityClassName` | Priority class name for AppRepository Controller pods | `""` | -| `apprepository.schedulerName` | Name of the k8s scheduler (other than default) | `""` | -| `apprepository.topologySpreadConstraints` | Topology Spread Constraints for pod assignment | `[]` | -| `apprepository.automountServiceAccountToken` | Mount Service Account token in pod | `true` | -| `apprepository.hostAliases` | Custom host aliases for AppRepository Controller pods | `[]` | -| `apprepository.sidecars` | Add additional sidecar containers to the AppRepository Controller pod(s) | `[]` | -| `apprepository.initContainers` | Add additional init containers to the AppRepository Controller pod(s) | `[]` | -| `apprepository.pdb.create` | Enable/disable a Pod Disruption Budget creation | `true` | -| `apprepository.pdb.minAvailable` | Minimum number/percentage of pods that should remain scheduled | `""` | -| `apprepository.pdb.maxUnavailable` | Maximum number/percentage of pods that may be made unavailable. Defaults to `1` if both `apprepository.pdb.minAvailable` and `apprepository.pdb.maxUnavailable` are empty. | `""` | -| `apprepository.networkPolicy.enabled` | Specifies whether a NetworkPolicy should be created | `true` | -| `apprepository.networkPolicy.allowExternalEgress` | Allow the pod to access any range of port and all destinations. | `true` | -| `apprepository.networkPolicy.kubeAPIServerPorts` | List of possible endpoints to kube-apiserver (limit to your cluster settings to increase security) | `[]` | -| `apprepository.networkPolicy.extraIngress` | Add extra ingress rules to the NetworkPolicy | `[]` | -| `apprepository.networkPolicy.extraEgress` | Add extra ingress rules to the NetworkPolicy | `[]` | -| `apprepository.serviceAccount.create` | Specifies whether a ServiceAccount should be created | `true` | -| `apprepository.serviceAccount.name` | Name of the service account to use. If not set and create is true, a name is generated using the fullname template. | `""` | -| `apprepository.serviceAccount.automountServiceAccountToken` | Automount service account token for the server service account | `false` | -| `apprepository.serviceAccount.annotations` | Annotations for service account. Evaluated as a template. Only used if `create` is `true`. | `{}` | - -### Auth Proxy parameters - -| Name | Description | Value | -| ------------------------------------------------------------- | ------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | ------------------------------ | -| `authProxy.enabled` | Specifies whether Kubeapps should configure OAuth login/logout | `false` | -| `authProxy.image.registry` | OAuth2 Proxy image registry | `REGISTRY_NAME` | -| `authProxy.image.repository` | OAuth2 Proxy image repository | `REPOSITORY_NAME/oauth2-proxy` | -| `authProxy.image.digest` | OAuth2 Proxy image digest in the way sha256:aa.... Please note this parameter, if set, will override the tag | `""` | -| `authProxy.image.pullPolicy` | OAuth2 Proxy image pull policy | `IfNotPresent` | -| `authProxy.image.pullSecrets` | OAuth2 Proxy image pull secrets | `[]` | -| `authProxy.external` | Use an external Auth Proxy instead of deploying its own one | `false` | -| `authProxy.oauthLoginURI` | OAuth Login URI to which the Kubeapps frontend redirects for authn | `/oauth2/start` | -| `authProxy.oauthLogoutURI` | OAuth Logout URI to which the Kubeapps frontend redirects for authn | `/oauth2/sign_out` | -| `authProxy.skipKubeappsLoginPage` | Skip the Kubeapps login page when using OIDC and directly redirect to the IdP | `false` | -| `authProxy.provider` | OAuth provider | `""` | -| `authProxy.clientID` | OAuth Client ID | `""` | -| `authProxy.clientSecret` | OAuth Client secret | `""` | -| `authProxy.cookieSecret` | Secret used by oauth2-proxy to encrypt any credentials | `""` | -| `authProxy.existingOauth2Secret` | Name of an existing secret containing the OAuth client secrets, it should contain the keys clientID, clientSecret, and cookieSecret | `""` | -| `authProxy.cookieRefresh` | Duration after which to refresh the cookie | `2m` | -| `authProxy.scope` | OAuth scope specification | `openid email groups` | -| `authProxy.emailDomain` | Allowed email domains | `*` | -| `authProxy.extraFlags` | Additional command line flags for oauth2-proxy | `[]` | -| `authProxy.lifecycleHooks` | for the Auth Proxy container(s) to automate configuration before or after startup | `{}` | -| `authProxy.command` | Override default container command (useful when using custom images) | `[]` | -| `authProxy.args` | Override default container args (useful when using custom images) | `[]` | -| `authProxy.extraEnvVars` | Array with extra environment variables to add to the Auth Proxy container | `[]` | -| `authProxy.extraEnvVarsCM` | Name of existing ConfigMap containing extra env vars for Auth Proxy containers(s) | `""` | -| `authProxy.extraEnvVarsSecret` | Name of existing Secret containing extra env vars for Auth Proxy containers(s) | `""` | -| `authProxy.extraVolumeMounts` | Optionally specify extra list of additional volumeMounts for the Auth Proxy container(s) | `[]` | -| `authProxy.containerPorts.proxy` | Auth Proxy HTTP container port | `3000` | -| `authProxy.containerSecurityContext.enabled` | Enabled containers' Security Context | `true` | -| `authProxy.containerSecurityContext.seLinuxOptions` | Set SELinux options in container | `{}` | -| `authProxy.containerSecurityContext.runAsUser` | Set containers' Security Context runAsUser | `1001` | -| `authProxy.containerSecurityContext.runAsGroup` | Set containers' Security Context runAsGroup | `1001` | -| `authProxy.containerSecurityContext.runAsNonRoot` | Set container's Security Context runAsNonRoot | `true` | -| `authProxy.containerSecurityContext.privileged` | Set container's Security Context privileged | `false` | -| `authProxy.containerSecurityContext.readOnlyRootFilesystem` | Set container's Security Context readOnlyRootFilesystem | `true` | -| `authProxy.containerSecurityContext.allowPrivilegeEscalation` | Set container's Security Context allowPrivilegeEscalation | `false` | -| `authProxy.containerSecurityContext.capabilities.drop` | List of capabilities to be dropped | `["ALL"]` | -| `authProxy.containerSecurityContext.seccompProfile.type` | Set container's Security Context seccomp profile | `RuntimeDefault` | -| `authProxy.resourcesPreset` | Set container resources according to one common preset (allowed values: none, nano, micro, small, medium, large, xlarge, 2xlarge). This is ignored if authProxy.resources is set (authProxy.resources is recommended for production). | `micro` | -| `authProxy.resources` | Set container requests and limits for different resources like CPU or memory (essential for production workloads) | `{}` | - -### Pinniped Proxy parameters - -| Name | Description | Value | -| ----------------------------------------------------------------- | --------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | ----------------------------------------- | -| `pinnipedProxy.enabled` | Specifies whether Kubeapps should configure Pinniped Proxy | `false` | -| `pinnipedProxy.image.registry` | Pinniped Proxy image registry | `REGISTRY_NAME` | -| `pinnipedProxy.image.repository` | Pinniped Proxy image repository | `REPOSITORY_NAME/kubeapps-pinniped-proxy` | -| `pinnipedProxy.image.digest` | Pinniped Proxy image digest in the way sha256:aa.... Please note this parameter, if set, will override the tag | `""` | -| `pinnipedProxy.image.pullPolicy` | Pinniped Proxy image pull policy | `IfNotPresent` | -| `pinnipedProxy.image.pullSecrets` | Pinniped Proxy image pull secrets | `[]` | -| `pinnipedProxy.defaultPinnipedNamespace` | Namespace in which pinniped concierge is installed | `pinniped-concierge` | -| `pinnipedProxy.defaultAuthenticatorType` | Authenticator type | `JWTAuthenticator` | -| `pinnipedProxy.defaultAuthenticatorName` | Authenticator name | `jwt-authenticator` | -| `pinnipedProxy.defaultPinnipedAPISuffix` | API suffix | `pinniped.dev` | -| `pinnipedProxy.tls.existingSecret` | TLS secret with which to proxy requests | `""` | -| `pinnipedProxy.tls.caCertificate` | TLS CA cert config map which clients of pinniped proxy should use with TLS requests | `""` | -| `pinnipedProxy.lifecycleHooks` | For the Pinniped Proxy container(s) to automate configuration before or after startup | `{}` | -| `pinnipedProxy.command` | Override default container command (useful when using custom images) | `[]` | -| `pinnipedProxy.args` | Override default container args (useful when using custom images) | `[]` | -| `pinnipedProxy.extraEnvVars` | Array with extra environment variables to add to Pinniped Proxy container(s) | `[]` | -| `pinnipedProxy.extraEnvVarsCM` | Name of existing ConfigMap containing extra env vars for Pinniped Proxy container(s) | `""` | -| `pinnipedProxy.extraEnvVarsSecret` | Name of existing Secret containing extra env vars for Pinniped Proxy container(s) | `""` | -| `pinnipedProxy.extraVolumeMounts` | Optionally specify extra list of additional volumeMounts for the Pinniped Proxy container(s) | `[]` | -| `pinnipedProxy.containerPorts.pinnipedProxy` | Pinniped Proxy container port | `3333` | -| `pinnipedProxy.containerSecurityContext.enabled` | Enabled containers' Security Context | `true` | -| `pinnipedProxy.containerSecurityContext.seLinuxOptions` | Set SELinux options in container | `{}` | -| `pinnipedProxy.containerSecurityContext.runAsUser` | Set containers' Security Context runAsUser | `1001` | -| `pinnipedProxy.containerSecurityContext.runAsGroup` | Set containers' Security Context runAsGroup | `1001` | -| `pinnipedProxy.containerSecurityContext.runAsNonRoot` | Set container's Security Context runAsNonRoot | `true` | -| `pinnipedProxy.containerSecurityContext.privileged` | Set container's Security Context privileged | `false` | -| `pinnipedProxy.containerSecurityContext.readOnlyRootFilesystem` | Set container's Security Context readOnlyRootFilesystem | `true` | -| `pinnipedProxy.containerSecurityContext.allowPrivilegeEscalation` | Set container's Security Context allowPrivilegeEscalation | `false` | -| `pinnipedProxy.containerSecurityContext.capabilities.drop` | List of capabilities to be dropped | `["ALL"]` | -| `pinnipedProxy.containerSecurityContext.seccompProfile.type` | Set container's Security Context seccomp profile | `RuntimeDefault` | -| `pinnipedProxy.resourcesPreset` | Set container resources according to one common preset (allowed values: none, nano, micro, small, medium, large, xlarge, 2xlarge). This is ignored if pinnipedProxy.resources is set (pinnipedProxy.resources is recommended for production). | `micro` | -| `pinnipedProxy.resources` | Set container requests and limits for different resources like CPU or memory (essential for production workloads) | `{}` | -| `pinnipedProxy.service.ports.pinnipedProxy` | Pinniped Proxy service port | `3333` | -| `pinnipedProxy.service.annotations` | Additional custom annotations for Pinniped Proxy service | `{}` | - -### Other Parameters - -| Name | Description | Value | -| ------------- | --------------------------------------------------------- | ------ | -| `clusters` | List of clusters that Kubeapps can target for deployments | `[]` | -| `rbac.create` | Specifies whether RBAC resources should be created | `true` | - -### Feature flags - -| Name | Description | Value | -| --------------------------------------- | ---------------------------------------------------------------------------------------------------------- | ------- | -| `featureFlags.apiOnly.enabled` | Enable ingress for API operations only. Access to "/" will not be possible, so Dashboard will be unusable. | `false` | -| `featureFlags.apiOnly.grpc.annotations` | Specific annotations for the GRPC ingress in API-only mode | `{}` | -| `featureFlags.operators` | Enable support for Operators in Kubeapps | `false` | -| `featureFlags.schemaEditor.enabled` | Enable a visual editor for customizing the package schemas | `false` | - -### Database Parameters - -| Name | Description | Value | -| ---------------------------------------- | --------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | ------------ | -| `postgresql.enabled` | Deploy a PostgreSQL server to satisfy the applications database requirements | `true` | -| `postgresql.auth.username` | Username for PostgreSQL server | `postgres` | -| `postgresql.auth.postgresPassword` | Password for 'postgres' user | `""` | -| `postgresql.auth.database` | Name for a custom database to create | `assets` | -| `postgresql.auth.existingSecret` | Name of existing secret to use for PostgreSQL credentials | `""` | -| `postgresql.primary.persistence.enabled` | Enable PostgreSQL Primary data persistence using PVC | `false` | -| `postgresql.architecture` | PostgreSQL architecture (`standalone` or `replication`) | `standalone` | -| `postgresql.securityContext.enabled` | Enabled PostgreSQL replicas pods' Security Context | `false` | -| `postgresql.resourcesPreset` | Set container resources according to one common preset (allowed values: none, nano, micro, small, medium, large, xlarge, 2xlarge). This is ignored if postgresql.resources is set (postgresql.resources is recommended for production). | `micro` | -| `postgresql.resources` | Set container requests and limits for different resources like CPU or memory (essential for production workloads) | `{}` | - -### kubeappsapis parameters - -| Name | Description | Value | -| ----------------------------------------------------------------------------------------------- | ------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | ---------------------------------- | -| `kubeappsapis.enabledPlugins` | Manually override which plugins are enabled for the Kubeapps-APIs service | `[]` | -| `kubeappsapis.pluginConfig.core.packages.v1alpha1.versionsInSummary.major` | Number of major versions to display in the summary | `3` | -| `kubeappsapis.pluginConfig.core.packages.v1alpha1.versionsInSummary.minor` | Number of minor versions to display in the summary | `3` | -| `kubeappsapis.pluginConfig.core.packages.v1alpha1.versionsInSummary.patch` | Number of patch versions to display in the summary | `3` | -| `kubeappsapis.pluginConfig.core.packages.v1alpha1.timeoutSeconds` | Value to wait for Kubernetes commands to complete | `300` | -| `kubeappsapis.pluginConfig.helm.packages.v1alpha1.globalPackagingNamespace` | Custom global packaging namespace. Using this value will override the current "kubeapps release namespace + suffix" pattern and will create a new namespace if not exists. | `""` | -| `kubeappsapis.pluginConfig.kappController.packages.v1alpha1.defaultUpgradePolicy` | Default upgrade policy generating version constraints | `none` | -| `kubeappsapis.pluginConfig.kappController.packages.v1alpha1.defaultPrereleasesVersionSelection` | Default policy for allowing prereleases containing one of the identifiers | `nil` | -| `kubeappsapis.pluginConfig.kappController.packages.v1alpha1.defaultAllowDowngrades` | Default policy for allowing applications to be downgraded to previous versions | `false` | -| `kubeappsapis.pluginConfig.kappController.packages.v1alpha1.globalPackagingNamespace` | Default global packaging namespace | `kapp-controller-packaging-global` | -| `kubeappsapis.pluginConfig.flux.packages.v1alpha1.defaultUpgradePolicy` | Default upgrade policy generating version constraints | `none` | -| `kubeappsapis.pluginConfig.flux.packages.v1alpha1.noCrossNamespaceRefs` | Enable this flag to disallow cross-namespace references, useful when running Flux on multi-tenant clusters | `false` | -| `kubeappsapis.pluginConfig.resources.packages.v1alpha1.trustedNamespaces.headerName` | Optional header name for trusted namespaces | `""` | -| `kubeappsapis.pluginConfig.resources.packages.v1alpha1.trustedNamespaces.headerPattern` | Optional header pattern for trusted namespaces | `""` | -| `kubeappsapis.image.registry` | Kubeapps-APIs image registry | `REGISTRY_NAME` | -| `kubeappsapis.image.repository` | Kubeapps-APIs image repository | `REPOSITORY_NAME/kubeapps-apis` | -| `kubeappsapis.image.digest` | Kubeapps-APIs image digest in the way sha256:aa.... Please note this parameter, if set, will override the tag | `""` | -| `kubeappsapis.image.pullPolicy` | Kubeapps-APIs image pull policy | `IfNotPresent` | -| `kubeappsapis.image.pullSecrets` | Kubeapps-APIs image pull secrets | `[]` | -| `kubeappsapis.replicaCount` | Number of frontend replicas to deploy | `2` | -| `kubeappsapis.updateStrategy.type` | KubeappsAPIs deployment strategy type. | `RollingUpdate` | -| `kubeappsapis.extraFlags` | Additional command line flags for KubeappsAPIs | `[]` | -| `kubeappsapis.qps` | KubeappsAPIs Kubernetes API client QPS limit | `50.0` | -| `kubeappsapis.burst` | KubeappsAPIs Kubernetes API client Burst limit | `100` | -| `kubeappsapis.terminationGracePeriodSeconds` | The grace time period for sig term | `300` | -| `kubeappsapis.extraEnvVars` | Array with extra environment variables to add to the KubeappsAPIs container | `[]` | -| `kubeappsapis.extraEnvVarsCM` | Name of existing ConfigMap containing extra env vars for the KubeappsAPIs container | `""` | -| `kubeappsapis.extraEnvVarsSecret` | Name of existing Secret containing extra env vars for the KubeappsAPIs container | `""` | -| `kubeappsapis.containerPorts.http` | KubeappsAPIs HTTP container port | `50051` | -| `kubeappsapis.resourcesPreset` | Set container resources according to one common preset (allowed values: none, nano, micro, small, medium, large, xlarge, 2xlarge). This is ignored if kubeappsapis.resources is set (kubeappsapis.resources is recommended for production). | `micro` | -| `kubeappsapis.resources` | Set container requests and limits for different resources like CPU or memory (essential for production workloads) | `{}` | -| `kubeappsapis.podSecurityContext.enabled` | Enabled KubeappsAPIs pods' Security Context | `true` | -| `kubeappsapis.podSecurityContext.fsGroupChangePolicy` | Set filesystem group change policy | `Always` | -| `kubeappsapis.podSecurityContext.sysctls` | Set kernel settings using the sysctl interface | `[]` | -| `kubeappsapis.podSecurityContext.supplementalGroups` | Set filesystem extra groups | `[]` | -| `kubeappsapis.podSecurityContext.fsGroup` | Set KubeappsAPIs pod's Security Context fsGroup | `1001` | -| `kubeappsapis.containerSecurityContext.enabled` | Enabled containers' Security Context | `true` | -| `kubeappsapis.containerSecurityContext.seLinuxOptions` | Set SELinux options in container | `{}` | -| `kubeappsapis.containerSecurityContext.runAsUser` | Set containers' Security Context runAsUser | `1001` | -| `kubeappsapis.containerSecurityContext.runAsGroup` | Set containers' Security Context runAsGroup | `1001` | -| `kubeappsapis.containerSecurityContext.runAsNonRoot` | Set container's Security Context runAsNonRoot | `true` | -| `kubeappsapis.containerSecurityContext.privileged` | Set container's Security Context privileged | `false` | -| `kubeappsapis.containerSecurityContext.readOnlyRootFilesystem` | Set container's Security Context readOnlyRootFilesystem | `true` | -| `kubeappsapis.containerSecurityContext.allowPrivilegeEscalation` | Set container's Security Context allowPrivilegeEscalation | `false` | -| `kubeappsapis.containerSecurityContext.capabilities.drop` | List of capabilities to be dropped | `["ALL"]` | -| `kubeappsapis.containerSecurityContext.seccompProfile.type` | Set container's Security Context seccomp profile | `RuntimeDefault` | -| `kubeappsapis.livenessProbe.enabled` | Enable livenessProbe | `true` | -| `kubeappsapis.livenessProbe.initialDelaySeconds` | Initial delay seconds for livenessProbe | `60` | -| `kubeappsapis.livenessProbe.periodSeconds` | Period seconds for livenessProbe | `10` | -| `kubeappsapis.livenessProbe.timeoutSeconds` | Timeout seconds for livenessProbe | `5` | -| `kubeappsapis.livenessProbe.failureThreshold` | Failure threshold for livenessProbe | `6` | -| `kubeappsapis.livenessProbe.successThreshold` | Success threshold for livenessProbe | `1` | -| `kubeappsapis.readinessProbe.enabled` | Enable readinessProbe | `true` | -| `kubeappsapis.readinessProbe.initialDelaySeconds` | Initial delay seconds for readinessProbe | `0` | -| `kubeappsapis.readinessProbe.periodSeconds` | Period seconds for readinessProbe | `10` | -| `kubeappsapis.readinessProbe.timeoutSeconds` | Timeout seconds for readinessProbe | `5` | -| `kubeappsapis.readinessProbe.failureThreshold` | Failure threshold for readinessProbe | `6` | -| `kubeappsapis.readinessProbe.successThreshold` | Success threshold for readinessProbe | `1` | -| `kubeappsapis.startupProbe.enabled` | Enable startupProbe | `false` | -| `kubeappsapis.startupProbe.initialDelaySeconds` | Initial delay seconds for startupProbe | `0` | -| `kubeappsapis.startupProbe.periodSeconds` | Period seconds for startupProbe | `10` | -| `kubeappsapis.startupProbe.timeoutSeconds` | Timeout seconds for startupProbe | `5` | -| `kubeappsapis.startupProbe.failureThreshold` | Failure threshold for startupProbe | `6` | -| `kubeappsapis.startupProbe.successThreshold` | Success threshold for startupProbe | `1` | -| `kubeappsapis.customLivenessProbe` | Custom livenessProbe that overrides the default one | `{}` | -| `kubeappsapis.customReadinessProbe` | Custom readinessProbe that overrides the default one | `{}` | -| `kubeappsapis.customStartupProbe` | Custom startupProbe that overrides the default one | `{}` | -| `kubeappsapis.lifecycleHooks` | Custom lifecycle hooks for KubeappsAPIs containers | `{}` | -| `kubeappsapis.command` | Override default container command (useful when using custom images) | `[]` | -| `kubeappsapis.args` | Override default container args (useful when using custom images) | `[]` | -| `kubeappsapis.extraVolumes` | Optionally specify extra list of additional volumes for the KubeappsAPIs pod(s) | `[]` | -| `kubeappsapis.extraVolumeMounts` | Optionally specify extra list of additional volumeMounts for the KubeappsAPIs container(s) | `[]` | -| `kubeappsapis.podLabels` | Extra labels for KubeappsAPIs pods | `{}` | -| `kubeappsapis.podAnnotations` | Annotations for KubeappsAPIs pods | `{}` | -| `kubeappsapis.podAffinityPreset` | Pod affinity preset. Ignored if `affinity` is set. Allowed values: `soft` or `hard` | `""` | -| `kubeappsapis.podAntiAffinityPreset` | Pod anti-affinity preset. Ignored if `affinity` is set. Allowed values: `soft` or `hard` | `soft` | -| `kubeappsapis.nodeAffinityPreset.type` | Node affinity preset type. Ignored if `affinity` is set. Allowed values: `soft` or `hard` | `""` | -| `kubeappsapis.nodeAffinityPreset.key` | Node label key to match. Ignored if `affinity` is set | `""` | -| `kubeappsapis.nodeAffinityPreset.values` | Node label values to match. Ignored if `affinity` is set | `[]` | -| `kubeappsapis.affinity` | Affinity for pod assignment | `{}` | -| `kubeappsapis.nodeSelector` | Node labels for pod assignment | `{}` | -| `kubeappsapis.tolerations` | Tolerations for pod assignment | `[]` | -| `kubeappsapis.priorityClassName` | Priority class name for KubeappsAPIs pods | `""` | -| `kubeappsapis.schedulerName` | Name of the k8s scheduler (other than default) | `""` | -| `kubeappsapis.topologySpreadConstraints` | Topology Spread Constraints for pod assignment | `[]` | -| `kubeappsapis.automountServiceAccountToken` | Mount Service Account token in pod | `true` | -| `kubeappsapis.hostAliases` | Custom host aliases for KubeappsAPIs pods | `[]` | -| `kubeappsapis.sidecars` | Add additional sidecar containers to the KubeappsAPIs pod(s) | `[]` | -| `kubeappsapis.initContainers` | Add additional init containers to the KubeappsAPIs pod(s) | `[]` | -| `kubeappsapis.pdb.create` | Enable/disable a Pod Disruption Budget creation | `true` | -| `kubeappsapis.pdb.minAvailable` | Minimum number/percentage of pods that should remain scheduled | `""` | -| `kubeappsapis.pdb.maxUnavailable` | Maximum number/percentage of pods that may be made unavailable. Defaults to `1` if both `kubeappsapis.pdb.minAvailable` and `kubeappsapis.pdb.maxUnavailable` are empty. | `""` | -| `kubeappsapis.service.ports.http` | KubeappsAPIs service HTTP port | `8080` | -| `kubeappsapis.service.annotations` | Additional custom annotations for KubeappsAPIs service | `{}` | -| `kubeappsapis.networkPolicy.enabled` | Specifies whether a NetworkPolicy should be created | `true` | -| `kubeappsapis.networkPolicy.allowExternal` | Don't require server label for connections | `true` | -| `kubeappsapis.networkPolicy.allowExternalEgress` | Allow the pod to access any range of port and all destinations. | `true` | -| `kubeappsapis.networkPolicy.kubeAPIServerPorts` | List of possible endpoints to kube-apiserver (limit to your cluster settings to increase security) | `[]` | -| `kubeappsapis.networkPolicy.extraIngress` | Add extra ingress rules to the NetworkPolicy | `[]` | -| `kubeappsapis.networkPolicy.extraEgress` | Add extra ingress rules to the NetworkPolicy | `[]` | -| `kubeappsapis.networkPolicy.ingressNSMatchLabels` | Labels to match to allow traffic from other namespaces | `{}` | -| `kubeappsapis.networkPolicy.ingressNSPodMatchLabels` | Pod labels to match to allow traffic from other namespaces | `{}` | -| `kubeappsapis.serviceAccount.create` | Specifies whether a ServiceAccount should be created | `true` | -| `kubeappsapis.serviceAccount.name` | Name of the service account to use. If not set and create is true, a name is generated using the fullname template. | `""` | -| `kubeappsapis.serviceAccount.automountServiceAccountToken` | Automount service account token for the server service account | `false` | -| `kubeappsapis.serviceAccount.annotations` | Annotations for service account. Evaluated as a template. Only used if `create` is `true`. | `{}` | - -### OCI Catalog chart configuration - -| Name | Description | Value | -| -------------------------------------------------------------- | --------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | -------------------------------------- | -| `ociCatalog.enabled` | Enable the OCI catalog gRPC service for cataloging | `false` | -| `ociCatalog.image.registry` | OCI Catalog image registry | `REGISTRY_NAME` | -| `ociCatalog.image.repository` | OCI Catalog image repository | `REPOSITORY_NAME/kubeapps-oci-catalog` | -| `ociCatalog.image.digest` | OCI Catalog image digest in the way sha256:aa.... Please note this parameter, if set, will override the tag | `""` | -| `ociCatalog.image.pullPolicy` | OCI Catalog image pull policy | `IfNotPresent` | -| `ociCatalog.image.pullSecrets` | OCI Catalog image pull secrets | `[]` | -| `ociCatalog.image.debug` | Enable image debug mode | `false` | -| `ociCatalog.extraFlags` | Additional command line flags for OCI Catalog | `[]` | -| `ociCatalog.extraEnvVars` | Array with extra environment variables to add to the oci-catalog container | `[]` | -| `ociCatalog.extraEnvVarsCM` | Name of existing ConfigMap containing extra env vars for the OCI Catalog container | `""` | -| `ociCatalog.extraEnvVarsSecret` | Name of existing Secret containing extra env vars for the OCI Catalog container | `""` | -| `ociCatalog.containerPorts.grpc` | OCI Catalog gRPC container port | `50061` | -| `ociCatalog.resourcesPreset` | Set container resources according to one common preset (allowed values: none, nano, micro, small, medium, large, xlarge, 2xlarge). This is ignored if ociCatalog.resources is set (ociCatalog.resources is recommended for production). | `micro` | -| `ociCatalog.resources` | Set container requests and limits for different resources like CPU or memory (essential for production workloads) | `{}` | -| `ociCatalog.containerSecurityContext.enabled` | Enabled containers' Security Context | `true` | -| `ociCatalog.containerSecurityContext.seLinuxOptions` | Set SELinux options in container | `{}` | -| `ociCatalog.containerSecurityContext.runAsUser` | Set containers' Security Context runAsUser | `1001` | -| `ociCatalog.containerSecurityContext.runAsGroup` | Set containers' Security Context runAsGroup | `1001` | -| `ociCatalog.containerSecurityContext.runAsNonRoot` | Set container's Security Context runAsNonRoot | `true` | -| `ociCatalog.containerSecurityContext.privileged` | Set container's Security Context privileged | `false` | -| `ociCatalog.containerSecurityContext.readOnlyRootFilesystem` | Set container's Security Context readOnlyRootFilesystem | `true` | -| `ociCatalog.containerSecurityContext.allowPrivilegeEscalation` | Set container's Security Context allowPrivilegeEscalation | `false` | -| `ociCatalog.containerSecurityContext.capabilities.drop` | List of capabilities to be dropped | `["ALL"]` | -| `ociCatalog.containerSecurityContext.seccompProfile.type` | Set container's Security Context seccomp profile | `RuntimeDefault` | -| `ociCatalog.livenessProbe.enabled` | Enable livenessProbe | `true` | -| `ociCatalog.livenessProbe.initialDelaySeconds` | Initial delay seconds for livenessProbe | `60` | -| `ociCatalog.livenessProbe.periodSeconds` | Period seconds for livenessProbe | `10` | -| `ociCatalog.livenessProbe.timeoutSeconds` | Timeout seconds for livenessProbe | `5` | -| `ociCatalog.livenessProbe.failureThreshold` | Failure threshold for livenessProbe | `6` | -| `ociCatalog.livenessProbe.successThreshold` | Success threshold for livenessProbe | `1` | -| `ociCatalog.readinessProbe.enabled` | Enable readinessProbe | `true` | -| `ociCatalog.readinessProbe.initialDelaySeconds` | Initial delay seconds for readinessProbe | `0` | -| `ociCatalog.readinessProbe.periodSeconds` | Period seconds for readinessProbe | `10` | -| `ociCatalog.readinessProbe.timeoutSeconds` | Timeout seconds for readinessProbe | `5` | -| `ociCatalog.readinessProbe.failureThreshold` | Failure threshold for readinessProbe | `6` | -| `ociCatalog.readinessProbe.successThreshold` | Success threshold for readinessProbe | `1` | -| `ociCatalog.startupProbe.enabled` | Enable startupProbe | `false` | -| `ociCatalog.startupProbe.initialDelaySeconds` | Initial delay seconds for startupProbe | `0` | -| `ociCatalog.startupProbe.periodSeconds` | Period seconds for startupProbe | `10` | -| `ociCatalog.startupProbe.timeoutSeconds` | Timeout seconds for startupProbe | `5` | -| `ociCatalog.startupProbe.failureThreshold` | Failure threshold for startupProbe | `6` | -| `ociCatalog.startupProbe.successThreshold` | Success threshold for startupProbe | `1` | -| `ociCatalog.customLivenessProbe` | Custom livenessProbe that overrides the default one | `{}` | -| `ociCatalog.customReadinessProbe` | Custom readinessProbe that overrides the default one | `{}` | -| `ociCatalog.customStartupProbe` | Custom startupProbe that overrides the default one | `{}` | -| `ociCatalog.lifecycleHooks` | Custom lifecycle hooks for OCI Catalog containers | `{}` | -| `ociCatalog.command` | Override default container command (useful when using custom images) | `[]` | -| `ociCatalog.args` | Override default container args (useful when using custom images) | `[]` | -| `ociCatalog.extraVolumes` | Optionally specify extra list of additional volumes for the OCI Catalog pod(s) | `[]` | -| `ociCatalog.extraVolumeMounts` | Optionally specify extra list of additional volumeMounts for the OCI Catalog container(s) | `[]` | - -### Redis® chart configuration - -| Name | Description | Value | -| ----------------------------------- | ------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------ | -------------------------------------------------------- | -| `redis.auth.enabled` | Enable password authentication | `true` | -| `redis.auth.password` | Redis® password | `""` | -| `redis.auth.existingSecret` | The name of an existing secret with Redis® credentials | `""` | -| `redis.architecture` | Redis(R) architecture (`standalone` or `replication`) | `standalone` | -| `redis.master.extraFlags` | Array with additional command line flags for Redis® master | `["--maxmemory 200mb","--maxmemory-policy allkeys-lru"]` | -| `redis.master.disableCommands` | Array with commands to deactivate on Redis® | `[]` | -| `redis.master.persistence.enabled` | Enable Redis® master data persistence using PVC | `false` | -| `redis.master.resourcesPreset` | Set container resources according to one common preset (allowed values: none, nano, small, medium, large, xlarge, 2xlarge). This is ignored if master.resources is set (master.resources is recommended for production). | `nano` | -| `redis.master.resources` | Set container requests and limits for different resources like CPU or memory (essential for production workloads) | `{}` | -| `redis.replica.replicaCount` | Number of Redis® replicas to deploy | `1` | -| `redis.replica.extraFlags` | Array with additional command line flags for Redis® replicas | `["--maxmemory 200mb","--maxmemory-policy allkeys-lru"]` | -| `redis.replica.disableCommands` | Array with commands to deactivate on Redis® | `[]` | -| `redis.replica.persistence.enabled` | Enable Redis® replica data persistence using PVC | `false` | - -```console -helm install kubeapps --namespace kubeapps \ - --set ingress.enabled=true \ - oci://REGISTRY_NAME/REPOSITORY_NAME/kubeapps -``` - -> Note: You need to substitute the placeholders `REGISTRY_NAME` and `REPOSITORY_NAME` with a reference to your Helm chart registry and repository. For example, in the case of Bitnami, you need to use `REGISTRY_NAME=registry-1.docker.io` and `REPOSITORY_NAME=bitnamicharts`. - -The above command enables an Ingress Rule to expose Kubeapps. - -Alternatively, a YAML file that specifies the values for parameters can be provided while installing the chart. For example, - -```console -helm install kubeapps --namespace kubeapps -f custom-values.yaml oci://REGISTRY_NAME/REPOSITORY_NAME/kubeapps -``` - -> Note: You need to substitute the placeholders `REGISTRY_NAME` and `REPOSITORY_NAME` with a reference to your Helm chart registry and repository. For example, in the case of Bitnami, you need to use `REGISTRY_NAME=registry-1.docker.io` and `REPOSITORY_NAME=bitnamicharts`. - -## Troubleshooting - -### How to install Kubeapps for demo purposes? - -Install Kubeapps for exclusively **demo purposes** by simply following the [getting started](https://github.com/vmware-tanzu/kubeapps/blob/main/site/content/docs/latest/tutorials/getting-started.md) docs. - -### How to install Kubeapps in production scenarios? - -For any user-facing installation, you should [configure an OAuth2/OIDC provider](https://github.com/vmware-tanzu/kubeapps/blob/main/site/content/docs/latest/tutorials/using-an-OIDC-provider.md) to enable secure user authentication with Kubeapps and the cluster. -Please also refer to the [Access Control](https://github.com/vmware-tanzu/kubeapps/blob/main/site/content/docs/latest/howto/access-control.md) documentation to configure fine-grained access control for users. - -### How to use Kubeapps? - -Have a look at the [dashboard documentation](https://github.com/vmware-tanzu/kubeapps/blob/main/site/content/docs/latest/howto/dashboard.md) for knowing how to use the Kubeapps dashboard: deploying applications, listing and removing the applications running in your cluster and adding new repositories. - -### How to uninstall Kubeapps - -To uninstall/delete the `kubeapps` deployment: - -```console -helm uninstall -n kubeapps kubeapps - -# Optional: Only if there are no more instances of Kubeapps -$ kubectl delete crd apprepositories.kubeapps.com -``` - -The first command removes most of the Kubernetes components associated with the chart and deletes the release. After that, if there are no more instances of Kubeapps in the cluster you can manually delete the `apprepositories.kubeapps.com` CRD used by Kubeapps that is shared for the entire cluster. - -> **NOTE**: If you delete the CRD for `apprepositories.kubeapps.com` it will delete the repositories for **all** the installed instances of `kubeapps`. This will break existing installations of `kubeapps` if they exist. - -If you have dedicated a namespace only for Kubeapps you can completely clean the remaining completed/failed jobs or any stale resources by deleting the namespace - -```console -kubectl delete namespace kubeapps -``` - -### How to configure Kubeapps with Ingress - -The example below will match the URL `http://example.com` to the Kubeapps dashboard. For further configuration, please refer to your specific Ingress configuration docs (e.g., [NGINX](https://github.com/kubernetes/ingress-nginx) or [HAProxy](https://github.com/haproxytech/kubernetes-ingress)). - -```console -helm install kubeapps oci://REGISTRY_NAME/REPOSITORY_NAME/kubeapps \ - --namespace kubeapps \ - --set ingress.enabled=true \ - --set ingress.hostname=example.com \ - --set ingress.annotations."kubernetes\.io/ingress\.class"=nginx # or your preferred ingress controller -``` - -> Note: You need to substitute the placeholders `REGISTRY_NAME` and `REPOSITORY_NAME` with a reference to your Helm chart registry and repository. For example, in the case of Bitnami, you need to use `REGISTRY_NAME=registry-1.docker.io` and `REPOSITORY_NAME=bitnamicharts`. - -If you are using LDAP via Dex with OIDC or you are getting an error message like `upstream sent too big header while reading response header from upstream` it means the cookie size is too big and can't be processed by the Ingress Controller. -You can work around this problem by setting the following Nginx ingress annotations (look for similar annotations in your preferred Ingress Controller): - -```text - # rest of the helm install ... command - --set ingress.annotations."nginx\.ingress\.kubernetes\.io/proxy-read-timeout"=600 - --set ingress.annotations."nginx\.ingress\.kubernetes\.io/proxy-buffer-size"=8k - --set ingress.annotations."nginx\.ingress\.kubernetes\.io/proxy-buffers"=4 -``` - -#### Serving Kubeapps in a subpath - -You may want to serve Kubeapps with a subpath, for instance `http://example.com/subpath`, you have to set the proper Ingress configuration. If you are using the ingress configuration provided by the Kubeapps chart, you will have to set the `ingress.hostname` and `path` parameters: - -```console -helm install kubeapps oci://REGISTRY_NAME/REPOSITORY_NAME/kubeapps \ - --namespace kubeapps \ - --set ingress.enabled=true \ - --set ingress.hostname=example.com \ - --set ingress.path=/subpath \ - --set ingress.annotations."kubernetes\.io/ingress\.class"=nginx # or your preferred ingress controller -``` - -> Note: You need to substitute the placeholders `REGISTRY_NAME` and `REPOSITORY_NAME` with a reference to your Helm chart registry and repository. For example, in the case of Bitnami, you need to use `REGISTRY_NAME=registry-1.docker.io` and `REPOSITORY_NAME=bitnamicharts`. - -Besides, if you are using the OAuth2/OIDC login (more information at the [using an OIDC provider documentation](https://github.com/vmware-tanzu/kubeapps/blob/main/site/content/docs/latest/tutorials/using-an-OIDC-provider.md)), you will need, also, to configure the different URLs: - -```console -helm install kubeapps oci://REGISTRY_NAME/REPOSITORY_NAME/kubeapps \ - --namespace kubeapps \ - # ... other OIDC and ingress flags - --set authProxy.oauthLoginURI="/subpath/oauth2/login" \ - --set authProxy.oauthLogoutURI="/subpath/oauth2/logout" \ - --set authProxy.extraFlags="{,--proxy-prefix=/subpath/oauth2}" -``` - -> Note: You need to substitute the placeholders `REGISTRY_NAME` and `REPOSITORY_NAME` with a reference to your Helm chart registry and repository. For example, in the case of Bitnami, you need to use `REGISTRY_NAME=registry-1.docker.io` and `REPOSITORY_NAME=bitnamicharts`. - -### Can Kubeapps install apps into more than one cluster? - -Yes! Kubeapps 2.0+ supports multicluster environments. Have a look at the [Kubeapps dashboard documentation](https://github.com/vmware-tanzu/kubeapps/blob/main/site/content/docs/latest/howto/deploying-to-multiple-clusters.md) to know more. - -### Can Kubeapps be installed without Internet connection? - -Yes! Follow the [offline installation documentation](https://github.com/vmware-tanzu/kubeapps/blob/main/site/content/docs/latest/howto/offline-installation.md) to discover how to perform an installation in an air-gapped scenario. - -### Does Kubeapps support private repositories? - -Of course! Have a look at the [private package repositories documentation](https://github.com/vmware-tanzu/kubeapps/blob/main/site/content/docs/latest/howto/private-app-repository.md) to learn how to configure a private repository in Kubeapps. - -### Is there any API documentation? - -Yes! But it is not definitive and is still subject to change. Check out the [latest API online documentation](https://app.swaggerhub.com/apis/vmware-tanzu/Kubeapps) or download the Kubeapps [OpenAPI Specification yaml file](https://github.com/vmware-tanzu/kubeapps/blob/main/dashboard/public/openapi.yaml) from the repository. - -### Why can't I configure global private repositories? - -You can, but you will need to configure the `imagePullSecrets` manually. - -Kubeapps does not allow you to add `imagePullSecrets` to an AppRepository that is available to the whole cluster because it would require that Kubeapps copies those secrets to the target namespace when a user deploys an app. - -If you create a global AppRepository but the images are on a private registry requiring `imagePullSecrets`, the best way to configure that is to ensure your [Kubernetes nodes are configured with the required `imagePullSecrets`](https://kubernetes.io/docs/concepts/containers/images/#configuring-nodes-to-authenticate-to-a-private-registry) - this allows all users (of those nodes) to use those images in their deployments without ever requiring access to the secrets. - -You could alternatively ensure that the `imagePullSecret` is available in all namespaces in which you want people to deploy, but this unnecessarily compromises the secret. - -### Does Kubeapps support Operators? - -Yes! You can get started by following the [operators documentation](https://github.com/vmware-tanzu/kubeapps/blob/main/site/content/docs/latest/tutorials/operators.md). - -### Slow response when listing namespaces - -Kubeapps uses the currently logged-in user credential to retrieve the list of all namespaces. If the user does not have permission to list namespaces, the backend will try again with its own service account. It will list all the namespaces and then will iterate through each namespace to check if the user has permissions to get secrets for each one. -This can lead to a slow response if the number of namespaces on the cluster is large. - -To reduce this response time, you can increase the number of checks that Kubeapps will perform in parallel (per connection) setting the value: `kubeappsapis.burst=` and `kubeappsapis.QPS=`. - -### Nginx Ipv6 error - -When starting the application with the `--set enableIPv6=true` option, the Nginx server present in the services `kubeapps` and `kubeapps-internal-dashboard` may fail with the following: - -```console -nginx: [emerg] socket() [::]:8080 failed (97: Address family not supported by protocol) -``` - -This usually means that your cluster is not compatible with IPv6. To deactivate it, install kubeapps with the flag: `--set enableIPv6=false`. - -### Forbidden error while installing the Chart - -If during installation you run into an error similar to: - -```console -Error: release kubeapps failed: clusterroles.rbac.authorization.k8s.io "kubeapps-apprepository-controller" is forbidden: attempt to grant extra privileges: [{[get] [batch] [cronjobs] [] []... -``` - -Or: - -```console -Error: namespaces "kubeapps" is forbidden: User "system:serviceaccount:kube-system:default" cannot get namespaces in the namespace "kubeapps" -``` - -It is possible, though uncommon, that your cluster does not have Role-Based Access Control (RBAC) enabled. To check if your cluster has RBAC you can run the following command: - -```console -kubectl api-versions -``` - -If the above command does not include entries for `rbac.authorization.k8s.io` you should perform the chart installation by setting `rbac.create=false`: - -```console -helm install --name kubeapps --namespace kubeapps oci://REGISTRY_NAME/REPOSITORY_NAME/kubeapps --set rbac.create=false -``` - -> Note: You need to substitute the placeholders `REGISTRY_NAME` and `REPOSITORY_NAME` with a reference to your Helm chart registry and repository. For example, in the case of Bitnami, you need to use `REGISTRY_NAME=registry-1.docker.io` and `REPOSITORY_NAME=bitnamicharts`. - -### Error while upgrading the Chart - -It is possible that when upgrading Kubeapps an error appears. That can be caused by a breaking change in the new chart or because the current chart installation is in an inconsistent state. If you find issues upgrading Kubeapps you can follow these steps: - -> Note: These steps assume that you have installed Kubeapps in the namespace `kubeapps` using the name `kubeapps`. If that is not the case replace the command with your namespace and/or name. -> Note: If you are upgrading from 2.3.1 see the [following section](#to-600). -> Note: If you are upgrading from 1.X to 2.X see the [following section](#to-400). - -1. (Optional) Backup your personal repositories (if you have any): - - ```console - kubectl get apprepository -A -o yaml > .yaml - ``` - -2. Delete Kubeapps: - - ```console - helm del --purge kubeapps - ``` - -3. (Optional) Delete the App Repositories CRD: - - > **Warning**: Do not run this step if you have more than one Kubeapps installation in your cluster. - - ```console - kubectl delete crd apprepositories.kubeapps.com - ``` - -4. (Optional) Clean the Kubeapps namespace: - - > **Warning**: Do not run this step if you have workloads other than Kubeapps in the `kubeapps` namespace. - - ```console - kubectl delete namespace kubeapps - ``` - -5. Install the latest version of Kubeapps (using any custom modifications you need): - - ```console - helm repo update - helm install --name kubeapps --namespace kubeapps oci://REGISTRY_NAME/REPOSITORY_NAME/kubeapps - ``` - - > Note: You need to substitute the placeholders `REGISTRY_NAME` and `REPOSITORY_NAME` with a reference to your Helm chart registry and repository. For example, in the case of Bitnami, you need to use `REGISTRY_NAME=registry-1.docker.io` and `REPOSITORY_NAME=bitnamicharts`. - -6. (Optional) Restore any repositories you backed up in the first step: - - ```console - kubectl apply -f .yaml - ``` - -After that you should be able to access the new version of Kubeapps. If the above doesn't work for you or you run into any other issues please open an [issue](https://github.com/vmware-tanzu/kubeapps/issues/new). - -### More questions? - -Feel free to [open an issue](https://github.com/vmware-tanzu/kubeapps/issues/new) if you have any questions! - -## Upgrading Kubeapps - -You can upgrade Kubeapps from the Kubeapps web interface. Select the namespace in which Kubeapps is installed (`kubeapps` if you followed the instructions in this guide) and click on the "Upgrade" button. Select the new version and confirm. - -You can also use the Helm CLI to upgrade Kubeapps, first ensure you have updated your local chart repository cache: - -```console -helm repo update -``` - -Now upgrade Kubeapps: - -```console -export RELEASE_NAME=kubeapps -helm upgrade $RELEASE_NAME oci://REGISTRY_NAME/REPOSITORY_NAME/kubeapps -``` - -> Note: You need to substitute the placeholders `REGISTRY_NAME` and `REPOSITORY_NAME` with a reference to your Helm chart registry and repository. For example, in the case of Bitnami, you need to use `REGISTRY_NAME=registry-1.docker.io` and `REPOSITORY_NAME=bitnamicharts`. - -If you find issues upgrading Kubeapps, check the [troubleshooting](#error-while-upgrading-the-chart) section. - -### To 17.0.0 - -This major updates the PostgreSQL subchart to its newest major, 16.0.0, which uses PostgreSQL 17.x. Follow the [official instructions](https://www.postgresql.org/docs/17/upgrading.html) to upgrade to 17.x. - -### To 16.0.0 - -This major updates the Redis® subchart to its newest major, 20.0.0. [Here](https://github.com/bitnami/charts/tree/main/bitnami/redis#to-2000) you can find more information about the changes introduced in that version. - -### To 15.0.0 - -This major bump changes the following security defaults: - -- `runAsGroup` is changed from `0` to `1001` -- `readOnlyRootFilesystem` is set to `true` -- `resourcesPreset` is changed from `none` to the minimum size working in our test suites (NOTE: `resourcesPreset` is not meant for production usage, but `resources` adapted to your use case). -- `global.compatibility.openshift.adaptSecurityContext` is changed from `disabled` to `auto`. -- The `networkPolicy` section has been normalized amongst all Bitnami charts. Compared to the previous approach, the values section has been simplified (check the Parameters section) and now it set to `enabled=true` by default. Egress traffic is allowed by default and ingress traffic is allowed by all pods but only to the ports set in `containerPorts`. -- The PostgreSQL subchart was updated to version 15.2.1, with the same security improvements. -- The Redis subchart was updated to version 19.0.2, with the same security improvements. - -This could potentially break any customization or init scripts used in your deployment. If this is the case, change the default values to the previous ones. - -### To 14.0.0 - -This major updates the PostgreSQL subchart to its newest major, 13.0.0. [Here](https://github.com/bitnami/charts/tree/master/bitnami/postgresql#to-1300) you can find more information about the changes introduced in that version. - -### To 13.0.0 - -This major updates the Redis® subchart to its newest major, 18.0.0. [Here](https://github.com/bitnami/charts/tree/main/bitnami/redis#to-1800) you can find more information about the changes introduced in that version. - -NOTE: Due to an error in our release process, Redis®' chart versions higher or equal than 17.15.4 already use Redis® 7.2 by default. - -### To 12.0.0 - -This major updates the PostgreSQL subchart to its newest major, 12.0.0. [Here](https://github.com/bitnami/charts/tree/master/bitnami/postgresql#to-1200) you can find more information about the changes introduced in that version. - -### To 8.0.0 - -This major release renames several values in this chart and adds missing features, in order to get aligned with the rest of the assets in the Bitnami charts repository. - -Additionally, it updates both the [PostgreSQL](https://github.com/bitnami/charts/tree/main/bitnami/postgresql) and the [Redis](https://github.com/bitnami/charts/tree/main/bitnami/redis) subcharts to their latest major versions, 11.0.0 and 16.0.0 respectively, where similar changes have been also performed. -Check [PostgreSQL Upgrading Notes](https://github.com/bitnami/charts/tree/master/bitnami/postgresql#to-1100) and [Redis Upgrading Notes](https://github.com/bitnami/charts/tree/main/bitnami/redis#to-1600) for more information. - -The following values have been renamed: - -- `frontend.service.port` renamed as `frontend.service.ports.http`. -- `frontend.service.nodePort` renamed as `frontend.service.nodePorts.http`. -- `frontend.containerPort` renamed as `frontend.containerPorts.http`. -- `dashboard.service.port` renamed as `dashboard.service.ports.http`. -- `dashboard.containerPort` renamed as `dashboard.containerPorts.http`. -- `apprepository.service.port` renamed as `apprepository.service.ports.http`. -- `apprepository.containerPort` renamed as `apprepository.containerPorts.http`. -- `kubeops.service.port` renamed as `kubeops.service.ports.http`. -- `kubeops.containerPort` renamed as `kubeops.containerPorts.http`. -- `assetsvc.service.port` renamed as `assetsvc.service.ports.http`. -- `assetsvc.containerPort` renamed as `assetsvc.containerPorts.http`. -- `authProxy.containerPort` renamed as `authProxy.containerPorts.proxy`. -- `authProxy.additionalFlags` renamed as `authProxy.extraFlags`, -- Pinniped Proxy service no longer uses `pinnipedProxy.containerPort`. Use `pinnipedProxy.service.ports.pinnipedProxy` to change the service port. -- `pinnipedProxy.containerPort` renamed as `pinnipedProxy.containerPorts.pinnipedProxy`. -- `postgresql.replication.enabled` has been removed. Use `postgresql.architecture` instead. -- `postgresql.postgresqlDatabase` renamed as `postgresql.auth.database`. -- `postgresql.postgresqlPassword` renamed as `postgresql.auth.password`. -- `postgresql.existingSecret` renamed as `postgresql.auth.existingSecret`. -- `redis.redisPassword` renamed as `redis.auth.password`. -- `redis.existingSecret` renamed as `redis.auth.existingSecret`. - -Note also that if you have an existing Postgresql secret that is used for Kubeapps, you will need to update the key from `postgresql-password` to `postgres-password`. - -### To 7.0.0 - -In this release, no breaking changes were included in Kubeapps (version 2.3.2). However, the chart adopted the standardizations included in the rest of the charts in the Bitnami catalog. - -Most of these standardizations simply add new parameters that allow to add more customizations such as adding custom env. variables, volumes or sidecar containers. That said, some of them include breaking changes: - -- Chart labels were adapted to follow the [Helm charts standard labels](https://helm.sh/docs/chart_best_practices/labels/#standard-labels). -- `securityContext.*` parameters are deprecated in favor of `XXX.podSecurityContext.*` and `XXX.containerSecurityContext.*`, where _XXX_ is placeholder you need to replace with the actual component(s). For instance, to modify the container security context for "kubeops" use `kubeops.podSecurityContext` and `kubeops.containerSecurityContext` parameters. - -### To 6.0.0 - -Kubeapps 2.3.1 (Chart version 6.0.0) introduces some breaking changes. Helm-specific functionality has been removed in order to support other installation methods (like using YAML manifests, [`kapp`](https://carvel.dev/kapp) or [`kustomize`](https://kustomize.io/)). Because of that, there are some steps required before upgrading from a previous version: - -1. Kubeapps will no longer create a database secret for you automatically but rather will rely on the default behavior of the PostgreSQL chart. If you try to upgrade Kubeapps and you installed it without setting a password, you will get the following error: - - ```console - Error: UPGRADE FAILED: template: kubeapps/templates/NOTES.txt:73:4: executing "kubeapps/templates/NOTES.txt" at : error calling include: template: kubeapps/charts/common/templates/_errors.tpl:18:48: executing "common.errors.upgrade.passwords.empty" at : error calling fail: - PASSWORDS ERROR: you must provide your current passwords when upgrade the release - 'postgresql.postgresqlPassword' must not be empty, please add '--set postgresql.postgresqlPassword=$POSTGRESQL_PASSWORD' to the command. To get the current value: - ``` - - The error gives you generic instructions for retrieving the PostgreSQL password, but if you have installed a Kubeapps version prior to 2.3.1, the name of the secret will differ. Run the following command: - - ```console - export POSTGRESQL_PASSWORD=$(kubectl get secret --namespace "kubeapps" kubeapps-db -o jsonpath="{.data.postgresql-password}" | base64 -d) - ``` - - > NOTE: Replace the namespace in the command with the namespace in which you have deployed Kubeapps. - - Make sure that you have stored the password in the variable `$POSTGRESQL_PASSWORD` before continuing with the next issue. - -2. The chart `initialRepos` are no longer installed using [Helm hooks](https://helm.sh/docs/topics/charts_hooks/), which caused these repos not to be handled by Helm after the first installation. Now they will be tracked for every update. However, if you do not delete the existing ones, it will fail to update with: - -```console -Error: UPGRADE FAILED: rendered manifests contain a resource that already exists. Unable to continue with update: AppRepository "bitnami" in namespace "kubeapps" exists and cannot be imported into the current release: invalid ownership metadata; annotation validation error: missing key "meta.helm.sh/release-name": must be set to "kubeapps"; annotation validation error: missing key "meta.helm.sh/release-namespace": must be set to "kubeapps" -``` - -To bypass this issue, you will need to before delete all the initialRepos from the chart values (only the `bitnami` repo by default): - -```console -kubectl delete apprepositories.kubeapps.com -n kubeapps bitnami -``` - -> NOTE: Replace the namespace in the command with the namespace in which you have deployed Kubeapps. - -After that, you will be able to upgrade Kubeapps to 2.3.1 using the existing database secret: - -> **WARNING**: Make sure that the variable `$POSTGRESQL_PASSWORD` is properly populated. Setting a wrong (or empty) password will corrupt the release. - -```console -helm upgrade kubeapps oci://REGISTRY_NAME/REPOSITORY_NAME/kubeapps -n kubeapps --set postgresql.postgresqlPassword=$POSTGRESQL_PASSWORD -``` - -> Note: You need to substitute the placeholders `REGISTRY_NAME` and `REPOSITORY_NAME` with a reference to your Helm chart registry and repository. For example, in the case of Bitnami, you need to use `REGISTRY_NAME=registry-1.docker.io` and `REPOSITORY_NAME=bitnamicharts`. - -### To 5.0.0 - -[On November 13, 2020, Helm 2 support was formally finished](https://github.com/helm/charts#status-of-the-project), this major version is the result of the required changes applied to the Helm Chart to be able to incorporate the different features added in Helm 3 and to be consistent with the Helm project itself regarding the Helm 2 EOL. - -#### What changes were introduced in this major version? - -- Previous versions of this Helm Chart use `apiVersion: v1` (installable by both Helm 2 and 3), this Helm Chart was updated to `apiVersion: v2` (installable by Helm 3 only). [Here](https://helm.sh/docs/topics/charts/#the-apiversion-field) you can find more information about the `apiVersion` field. -- Move dependency information from the _requirements.yaml_ to the _Chart.yaml_ -- After running `helm dependency update`, a _Chart.lock_ file is generated containing the same structure used in the previous _requirements.lock_ -- The different fields present in the _Chart.yaml_ file has been ordered alphabetically in a homogeneous way for all the Bitnami Helm Charts -- In the case of PostgreSQL subchart, apart from the same changes that are described in this section, there are also other major changes due to the _master/slave_ nomenclature was replaced by _primary/readReplica_. [Here](https://github.com/bitnami/charts/pull/4385) you can find more information about the changes introduced. - -#### Considerations when upgrading to this version - -- If you want to upgrade to this version using Helm 2, this scenario is not supported as this version does not support Helm 2 anymore -- If you installed the previous version with Helm 2 and wants to upgrade to this version with Helm 3, please refer to the [official Helm documentation](https://helm.sh/docs/topics/v2_v3_migration/#migration-use-cases) about migrating from Helm 2 to 3 -- If you want to upgrade to this version from a previous one installed with Helm 3, you should not face any issues related to the new `apiVersion`. Due to the PostgreSQL major version bump, it is necessary to remove the existing statefulsets: - -> Note: The command below assumes that Kubeapps has been deployed in the kubeapps namespace using "kubeapps" as release name, if that is not the case, adapt the command accordingly. - -```console -kubectl delete statefulset -n kubeapps kubeapps-postgresql-master kubeapps-postgresql-slave -``` - -#### Useful links - -- -- -- - -### To 4.0.0 - -Kubeapps 2.0 (Chart version 4.0.0) introduces some breaking changes: - -- Helm 2 is no longer supported. If you are still using some Helm 2 charts, [migrate them with the available tools](https://helm.sh/docs/topics/v2_v3_migration/). Note that some charts (but not all of them) may require to be migrated to the [new Chart specification (v2)](https://helm.sh/docs/topics/charts/#the-apiversion-field). If you are facing any issue managing this migration and Kubeapps, please open a new issue! -- MongoDB® is no longer supported. Since 2.0, the only database supported is PostgreSQL. -- PostgreSQL chart dependency has been upgraded to a new major version. - -Due to the last point, it is necessary to run a command before upgrading to Kubeapps 2.0: - -> Note: The command below assumes that Kubeapps has been deployed in the kubeapps namespace using "kubeapps" as release name, if that is not the case, adapt the command accordingly. - -```console -kubectl delete statefulset -n kubeapps kubeapps-postgresql-master kubeapps-postgresql-slave -``` - -After that, you should be able to upgrade Kubeapps as always and the database will be repopulated. - -## License - -Copyright © 2024 Broadcom. The term "Broadcom" refers to Broadcom Inc. and/or its subsidiaries. - -Licensed under the Apache License, Version 2.0 (the "License"); -you may not use this file except in compliance with the License. -You may obtain a copy of the License at - - - -Unless required by applicable law or agreed to in writing, software -distributed under the License is distributed on an "AS IS" BASIS, -WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -See the License for the specific language governing permissions and -limitations under the License. \ No newline at end of file diff --git a/packages/system/dashboard/charts/kubeapps/charts/common/.helmignore b/packages/system/dashboard/charts/kubeapps/charts/common/.helmignore deleted file mode 100644 index d0e10845..00000000 --- a/packages/system/dashboard/charts/kubeapps/charts/common/.helmignore +++ /dev/null @@ -1,26 +0,0 @@ -# Patterns to ignore when building packages. -# This supports shell glob matching, relative path matching, and -# negation (prefixed with !). Only one pattern per line. -.DS_Store -# Common VCS dirs -.git/ -.gitignore -.bzr/ -.bzrignore -.hg/ -.hgignore -.svn/ -# Common backup files -*.swp -*.bak -*.tmp -*~ -# Various IDEs -.project -.idea/ -*.tmproj -.vscode/ -# img folder -img/ -# Changelog -CHANGELOG.md diff --git a/packages/system/dashboard/charts/kubeapps/charts/common/Chart.yaml b/packages/system/dashboard/charts/kubeapps/charts/common/Chart.yaml deleted file mode 100644 index 0d437c4c..00000000 --- a/packages/system/dashboard/charts/kubeapps/charts/common/Chart.yaml +++ /dev/null @@ -1,23 +0,0 @@ -annotations: - category: Infrastructure - licenses: Apache-2.0 -apiVersion: v2 -appVersion: 2.26.0 -description: A Library Helm Chart for grouping common logic between bitnami charts. - This chart is not deployable by itself. -home: https://bitnami.com -icon: https://bitnami.com/downloads/logos/bitnami-mark.png -keywords: -- common -- helper -- template -- function -- bitnami -maintainers: -- name: Broadcom, Inc. All Rights Reserved. - url: https://github.com/bitnami/charts -name: common -sources: -- https://github.com/bitnami/charts/tree/main/bitnami/common -type: library -version: 2.26.0 diff --git a/packages/system/dashboard/charts/kubeapps/charts/common/README.md b/packages/system/dashboard/charts/kubeapps/charts/common/README.md deleted file mode 100644 index fee26c99..00000000 --- a/packages/system/dashboard/charts/kubeapps/charts/common/README.md +++ /dev/null @@ -1,235 +0,0 @@ -# Bitnami Common Library Chart - -A [Helm Library Chart](https://helm.sh/docs/topics/library_charts/#helm) for grouping common logic between Bitnami charts. - -## TL;DR - -```yaml -dependencies: - - name: common - version: 2.x.x - repository: oci://registry-1.docker.io/bitnamicharts -``` - -```console -helm dependency update -``` - -```yaml -apiVersion: v1 -kind: ConfigMap -metadata: - name: {{ include "common.names.fullname" . }} -data: - myvalue: "Hello World" -``` - -Looking to use our applications in production? Try [VMware Tanzu Application Catalog](https://bitnami.com/enterprise), the commercial edition of the Bitnami catalog. - -## Introduction - -This chart provides a common template helpers which can be used to develop new charts using [Helm](https://helm.sh) package manager. - -Bitnami charts can be used with [Kubeapps](https://kubeapps.dev/) for deployment and management of Helm Charts in clusters. - -## Prerequisites - -- Kubernetes 1.23+ -- Helm 3.8.0+ - -## Parameters - -## Special input schemas - -### ImageRoot - -```yaml -registry: - type: string - description: Docker registry where the image is located - example: docker.io - -repository: - type: string - description: Repository and image name - example: bitnami/nginx - -tag: - type: string - description: image tag - example: 1.16.1-debian-10-r63 - -pullPolicy: - type: string - description: Specify a imagePullPolicy. Defaults to 'Always' if image tag is 'latest', else set to 'IfNotPresent' - -pullSecrets: - type: array - items: - type: string - description: Optionally specify an array of imagePullSecrets (evaluated as templates). - -debug: - type: boolean - description: Set to true if you would like to see extra information on logs - example: false - -## An instance would be: -# registry: docker.io -# repository: bitnami/nginx -# tag: 1.16.1-debian-10-r63 -# pullPolicy: IfNotPresent -# debug: false -``` - -### Persistence - -```yaml -enabled: - type: boolean - description: Whether enable persistence. - example: true - -storageClass: - type: string - description: Ghost data Persistent Volume Storage Class, If set to "-", storageClassName: "" which disables dynamic provisioning. - example: "-" - -accessMode: - type: string - description: Access mode for the Persistent Volume Storage. - example: ReadWriteOnce - -size: - type: string - description: Size the Persistent Volume Storage. - example: 8Gi - -path: - type: string - description: Path to be persisted. - example: /bitnami - -## An instance would be: -# enabled: true -# storageClass: "-" -# accessMode: ReadWriteOnce -# size: 8Gi -# path: /bitnami -``` - -### ExistingSecret - -```yaml -name: - type: string - description: Name of the existing secret. - example: mySecret -keyMapping: - description: Mapping between the expected key name and the name of the key in the existing secret. - type: object - -## An instance would be: -# name: mySecret -# keyMapping: -# password: myPasswordKey -``` - -#### Example of use - -When we store sensitive data for a deployment in a secret, some times we want to give to users the possibility of using theirs existing secrets. - -```yaml -# templates/secret.yaml ---- -apiVersion: v1 -kind: Secret -metadata: - name: {{ include "common.names.fullname" . }} - labels: - app: {{ include "common.names.fullname" . }} -type: Opaque -data: - password: {{ .Values.password | b64enc | quote }} - -# templates/dpl.yaml ---- -... - env: - - name: PASSWORD - valueFrom: - secretKeyRef: - name: {{ include "common.secrets.name" (dict "existingSecret" .Values.existingSecret "context" $) }} - key: {{ include "common.secrets.key" (dict "existingSecret" .Values.existingSecret "key" "password") }} -... - -# values.yaml ---- -name: mySecret -keyMapping: - password: myPasswordKey -``` - -### ValidateValue - -#### NOTES.txt - -```console -{{- $validateValueConf00 := (dict "valueKey" "path.to.value00" "secret" "secretName" "field" "password-00") -}} -{{- $validateValueConf01 := (dict "valueKey" "path.to.value01" "secret" "secretName" "field" "password-01") -}} - -{{ include "common.validations.values.multiple.empty" (dict "required" (list $validateValueConf00 $validateValueConf01) "context" $) }} -``` - -If we force those values to be empty we will see some alerts - -```console -helm install test mychart --set path.to.value00="",path.to.value01="" - 'path.to.value00' must not be empty, please add '--set path.to.value00=$PASSWORD_00' to the command. To get the current value: - - export PASSWORD_00=$(kubectl get secret --namespace default secretName -o jsonpath="{.data.password-00}" | base64 -d) - - 'path.to.value01' must not be empty, please add '--set path.to.value01=$PASSWORD_01' to the command. To get the current value: - - export PASSWORD_01=$(kubectl get secret --namespace default secretName -o jsonpath="{.data.password-01}" | base64 -d) -``` - -## Upgrading - -### To 1.0.0 - -[On November 13, 2020, Helm v2 support was formally finished](https://github.com/helm/charts#status-of-the-project), this major version is the result of the required changes applied to the Helm Chart to be able to incorporate the different features added in Helm v3 and to be consistent with the Helm project itself regarding the Helm v2 EOL. - -#### What changes were introduced in this major version? - -- Previous versions of this Helm Chart use `apiVersion: v1` (installable by both Helm 2 and 3), this Helm Chart was updated to `apiVersion: v2` (installable by Helm 3 only). [Here](https://helm.sh/docs/topics/charts/#the-apiversion-field) you can find more information about the `apiVersion` field. -- Use `type: library`. [Here](https://v3.helm.sh/docs/faq/#library-chart-support) you can find more information. -- The different fields present in the *Chart.yaml* file has been ordered alphabetically in a homogeneous way for all the Bitnami Helm Charts - -#### Considerations when upgrading to this version - -- If you want to upgrade to this version from a previous one installed with Helm v3, you shouldn't face any issues -- If you want to upgrade to this version using Helm v2, this scenario is not supported as this version doesn't support Helm v2 anymore -- If you installed the previous version with Helm v2 and wants to upgrade to this version with Helm v3, please refer to the [official Helm documentation](https://helm.sh/docs/topics/v2_v3_migration/#migration-use-cases) about migrating from Helm v2 to v3 - -#### Useful links - -- -- -- - -## License - -Copyright © 2024 Broadcom. The term "Broadcom" refers to Broadcom Inc. and/or its subsidiaries. - -Licensed under the Apache License, Version 2.0 (the "License"); -you may not use this file except in compliance with the License. -You may obtain a copy of the License at - - - -Unless required by applicable law or agreed to in writing, software -distributed under the License is distributed on an "AS IS" BASIS, -WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -See the License for the specific language governing permissions and -limitations under the License. diff --git a/packages/system/dashboard/charts/kubeapps/charts/common/templates/_affinities.tpl b/packages/system/dashboard/charts/kubeapps/charts/common/templates/_affinities.tpl deleted file mode 100644 index d387dbe6..00000000 --- a/packages/system/dashboard/charts/kubeapps/charts/common/templates/_affinities.tpl +++ /dev/null @@ -1,155 +0,0 @@ -{{/* -Copyright Broadcom, Inc. All Rights Reserved. -SPDX-License-Identifier: APACHE-2.0 -*/}} - -{{/* vim: set filetype=mustache: */}} - -{{/* -Return a soft nodeAffinity definition -{{ include "common.affinities.nodes.soft" (dict "key" "FOO" "values" (list "BAR" "BAZ")) -}} -*/}} -{{- define "common.affinities.nodes.soft" -}} -preferredDuringSchedulingIgnoredDuringExecution: - - preference: - matchExpressions: - - key: {{ .key }} - operator: In - values: - {{- range .values }} - - {{ . | quote }} - {{- end }} - weight: 1 -{{- end -}} - -{{/* -Return a hard nodeAffinity definition -{{ include "common.affinities.nodes.hard" (dict "key" "FOO" "values" (list "BAR" "BAZ")) -}} -*/}} -{{- define "common.affinities.nodes.hard" -}} -requiredDuringSchedulingIgnoredDuringExecution: - nodeSelectorTerms: - - matchExpressions: - - key: {{ .key }} - operator: In - values: - {{- range .values }} - - {{ . | quote }} - {{- end }} -{{- end -}} - -{{/* -Return a nodeAffinity definition -{{ include "common.affinities.nodes" (dict "type" "soft" "key" "FOO" "values" (list "BAR" "BAZ")) -}} -*/}} -{{- define "common.affinities.nodes" -}} - {{- if eq .type "soft" }} - {{- include "common.affinities.nodes.soft" . -}} - {{- else if eq .type "hard" }} - {{- include "common.affinities.nodes.hard" . -}} - {{- end -}} -{{- end -}} - -{{/* -Return a topologyKey definition -{{ include "common.affinities.topologyKey" (dict "topologyKey" "BAR") -}} -*/}} -{{- define "common.affinities.topologyKey" -}} -{{ .topologyKey | default "kubernetes.io/hostname" -}} -{{- end -}} - -{{/* -Return a soft podAffinity/podAntiAffinity definition -{{ include "common.affinities.pods.soft" (dict "component" "FOO" "customLabels" .Values.podLabels "extraMatchLabels" .Values.extraMatchLabels "topologyKey" "BAR" "extraPodAffinityTerms" .Values.extraPodAffinityTerms "extraNamespaces" (list "namespace1" "namespace2") "context" $) -}} -*/}} -{{- define "common.affinities.pods.soft" -}} -{{- $component := default "" .component -}} -{{- $customLabels := default (dict) .customLabels -}} -{{- $extraMatchLabels := default (dict) .extraMatchLabels -}} -{{- $extraPodAffinityTerms := default (list) .extraPodAffinityTerms -}} -{{- $extraNamespaces := default (list) .extraNamespaces -}} -preferredDuringSchedulingIgnoredDuringExecution: - - podAffinityTerm: - labelSelector: - matchLabels: {{- (include "common.labels.matchLabels" ( dict "customLabels" $customLabels "context" .context )) | nindent 10 }} - {{- if not (empty $component) }} - {{ printf "app.kubernetes.io/component: %s" $component }} - {{- end }} - {{- range $key, $value := $extraMatchLabels }} - {{ $key }}: {{ $value | quote }} - {{- end }} - {{- if $extraNamespaces }} - namespaces: - - {{ .context.Release.Namespace }} - {{- with $extraNamespaces }} - {{ include "common.tplvalues.render" (dict "value" . "context" $) | nindent 8 }} - {{- end }} - {{- end }} - topologyKey: {{ include "common.affinities.topologyKey" (dict "topologyKey" .topologyKey) }} - weight: 1 - {{- range $extraPodAffinityTerms }} - - podAffinityTerm: - labelSelector: - matchLabels: {{- (include "common.labels.matchLabels" ( dict "customLabels" $customLabels "context" $.context )) | nindent 10 }} - {{- if not (empty $component) }} - {{ printf "app.kubernetes.io/component: %s" $component }} - {{- end }} - {{- range $key, $value := .extraMatchLabels }} - {{ $key }}: {{ $value | quote }} - {{- end }} - topologyKey: {{ include "common.affinities.topologyKey" (dict "topologyKey" .topologyKey) }} - weight: {{ .weight | default 1 -}} - {{- end -}} -{{- end -}} - -{{/* -Return a hard podAffinity/podAntiAffinity definition -{{ include "common.affinities.pods.hard" (dict "component" "FOO" "customLabels" .Values.podLabels "extraMatchLabels" .Values.extraMatchLabels "topologyKey" "BAR" "extraPodAffinityTerms" .Values.extraPodAffinityTerms "extraNamespaces" (list "namespace1" "namespace2") "context" $) -}} -*/}} -{{- define "common.affinities.pods.hard" -}} -{{- $component := default "" .component -}} -{{- $customLabels := default (dict) .customLabels -}} -{{- $extraMatchLabels := default (dict) .extraMatchLabels -}} -{{- $extraPodAffinityTerms := default (list) .extraPodAffinityTerms -}} -{{- $extraNamespaces := default (list) .extraNamespaces -}} -requiredDuringSchedulingIgnoredDuringExecution: - - labelSelector: - matchLabels: {{- (include "common.labels.matchLabels" ( dict "customLabels" $customLabels "context" .context )) | nindent 8 }} - {{- if not (empty $component) }} - {{ printf "app.kubernetes.io/component: %s" $component }} - {{- end }} - {{- range $key, $value := $extraMatchLabels }} - {{ $key }}: {{ $value | quote }} - {{- end }} - {{- if $extraNamespaces }} - namespaces: - - {{ .context.Release.Namespace }} - {{- with $extraNamespaces }} - {{ include "common.tplvalues.render" (dict "value" . "context" $) | nindent 8 }} - {{- end }} - {{- end }} - topologyKey: {{ include "common.affinities.topologyKey" (dict "topologyKey" .topologyKey) }} - {{- range $extraPodAffinityTerms }} - - labelSelector: - matchLabels: {{- (include "common.labels.matchLabels" ( dict "customLabels" $customLabels "context" $.context )) | nindent 8 }} - {{- if not (empty $component) }} - {{ printf "app.kubernetes.io/component: %s" $component }} - {{- end }} - {{- range $key, $value := .extraMatchLabels }} - {{ $key }}: {{ $value | quote }} - {{- end }} - topologyKey: {{ include "common.affinities.topologyKey" (dict "topologyKey" .topologyKey) }} - {{- end -}} -{{- end -}} - -{{/* -Return a podAffinity/podAntiAffinity definition -{{ include "common.affinities.pods" (dict "type" "soft" "key" "FOO" "values" (list "BAR" "BAZ")) -}} -*/}} -{{- define "common.affinities.pods" -}} - {{- if eq .type "soft" }} - {{- include "common.affinities.pods.soft" . -}} - {{- else if eq .type "hard" }} - {{- include "common.affinities.pods.hard" . -}} - {{- end -}} -{{- end -}} diff --git a/packages/system/dashboard/charts/kubeapps/charts/common/templates/_capabilities.tpl b/packages/system/dashboard/charts/kubeapps/charts/common/templates/_capabilities.tpl deleted file mode 100644 index 2fe81d32..00000000 --- a/packages/system/dashboard/charts/kubeapps/charts/common/templates/_capabilities.tpl +++ /dev/null @@ -1,229 +0,0 @@ -{{/* -Copyright Broadcom, Inc. All Rights Reserved. -SPDX-License-Identifier: APACHE-2.0 -*/}} - -{{/* vim: set filetype=mustache: */}} - -{{/* -Return the target Kubernetes version -*/}} -{{- define "common.capabilities.kubeVersion" -}} -{{- default (default .Capabilities.KubeVersion.Version .Values.kubeVersion) ((.Values.global).kubeVersion) -}} -{{- end -}} - -{{/* -Return the appropriate apiVersion for poddisruptionbudget. -*/}} -{{- define "common.capabilities.policy.apiVersion" -}} -{{- $kubeVersion := include "common.capabilities.kubeVersion" . -}} -{{- if and (not (empty $kubeVersion)) (semverCompare "<1.21-0" $kubeVersion) -}} -{{- print "policy/v1beta1" -}} -{{- else -}} -{{- print "policy/v1" -}} -{{- end -}} -{{- end -}} - -{{/* -Return the appropriate apiVersion for networkpolicy. -*/}} -{{- define "common.capabilities.networkPolicy.apiVersion" -}} -{{- $kubeVersion := include "common.capabilities.kubeVersion" . -}} -{{- if and (not (empty $kubeVersion)) (semverCompare "<1.7-0" $kubeVersion) -}} -{{- print "extensions/v1beta1" -}} -{{- else -}} -{{- print "networking.k8s.io/v1" -}} -{{- end -}} -{{- end -}} - -{{/* -Return the appropriate apiVersion for cronjob. -*/}} -{{- define "common.capabilities.cronjob.apiVersion" -}} -{{- $kubeVersion := include "common.capabilities.kubeVersion" . -}} -{{- if and (not (empty $kubeVersion)) (semverCompare "<1.21-0" $kubeVersion) -}} -{{- print "batch/v1beta1" -}} -{{- else -}} -{{- print "batch/v1" -}} -{{- end -}} -{{- end -}} - -{{/* -Return the appropriate apiVersion for daemonset. -*/}} -{{- define "common.capabilities.daemonset.apiVersion" -}} -{{- $kubeVersion := include "common.capabilities.kubeVersion" . -}} -{{- if and (not (empty $kubeVersion)) (semverCompare "<1.14-0" $kubeVersion) -}} -{{- print "extensions/v1beta1" -}} -{{- else -}} -{{- print "apps/v1" -}} -{{- end -}} -{{- end -}} - -{{/* -Return the appropriate apiVersion for deployment. -*/}} -{{- define "common.capabilities.deployment.apiVersion" -}} -{{- $kubeVersion := include "common.capabilities.kubeVersion" . -}} -{{- if and (not (empty $kubeVersion)) (semverCompare "<1.14-0" $kubeVersion) -}} -{{- print "extensions/v1beta1" -}} -{{- else -}} -{{- print "apps/v1" -}} -{{- end -}} -{{- end -}} - -{{/* -Return the appropriate apiVersion for statefulset. -*/}} -{{- define "common.capabilities.statefulset.apiVersion" -}} -{{- $kubeVersion := include "common.capabilities.kubeVersion" . -}} -{{- if and (not (empty $kubeVersion)) (semverCompare "<1.14-0" $kubeVersion) -}} -{{- print "apps/v1beta1" -}} -{{- else -}} -{{- print "apps/v1" -}} -{{- end -}} -{{- end -}} - -{{/* -Return the appropriate apiVersion for ingress. -*/}} -{{- define "common.capabilities.ingress.apiVersion" -}} -{{- $kubeVersion := include "common.capabilities.kubeVersion" . -}} -{{- if (.Values.ingress).apiVersion -}} -{{- .Values.ingress.apiVersion -}} -{{- else if and (not (empty $kubeVersion)) (semverCompare "<1.14-0" $kubeVersion) -}} -{{- print "extensions/v1beta1" -}} -{{- else if and (not (empty $kubeVersion)) (semverCompare "<1.19-0" $kubeVersion) -}} -{{- print "networking.k8s.io/v1beta1" -}} -{{- else -}} -{{- print "networking.k8s.io/v1" -}} -{{- end }} -{{- end -}} - -{{/* -Return the appropriate apiVersion for RBAC resources. -*/}} -{{- define "common.capabilities.rbac.apiVersion" -}} -{{- $kubeVersion := include "common.capabilities.kubeVersion" . -}} -{{- if and (not (empty $kubeVersion)) (semverCompare "<1.17-0" $kubeVersion) -}} -{{- print "rbac.authorization.k8s.io/v1beta1" -}} -{{- else -}} -{{- print "rbac.authorization.k8s.io/v1" -}} -{{- end -}} -{{- end -}} - -{{/* -Return the appropriate apiVersion for CRDs. -*/}} -{{- define "common.capabilities.crd.apiVersion" -}} -{{- $kubeVersion := include "common.capabilities.kubeVersion" . -}} -{{- if and (not (empty $kubeVersion)) (semverCompare "<1.19-0" $kubeVersion) -}} -{{- print "apiextensions.k8s.io/v1beta1" -}} -{{- else -}} -{{- print "apiextensions.k8s.io/v1" -}} -{{- end -}} -{{- end -}} - -{{/* -Return the appropriate apiVersion for APIService. -*/}} -{{- define "common.capabilities.apiService.apiVersion" -}} -{{- $kubeVersion := include "common.capabilities.kubeVersion" . -}} -{{- if and (not (empty $kubeVersion)) (semverCompare "<1.10-0" $kubeVersion) -}} -{{- print "apiregistration.k8s.io/v1beta1" -}} -{{- else -}} -{{- print "apiregistration.k8s.io/v1" -}} -{{- end -}} -{{- end -}} - -{{/* -Return the appropriate apiVersion for Horizontal Pod Autoscaler. -*/}} -{{- define "common.capabilities.hpa.apiVersion" -}} -{{- $kubeVersion := include "common.capabilities.kubeVersion" .context -}} -{{- if and (not (empty $kubeVersion)) (semverCompare "<1.23-0" $kubeVersion) -}} -{{- if .beta2 -}} -{{- print "autoscaling/v2beta2" -}} -{{- else -}} -{{- print "autoscaling/v2beta1" -}} -{{- end -}} -{{- else -}} -{{- print "autoscaling/v2" -}} -{{- end -}} -{{- end -}} - -{{/* -Return the appropriate apiVersion for Vertical Pod Autoscaler. -*/}} -{{- define "common.capabilities.vpa.apiVersion" -}} -{{- $kubeVersion := include "common.capabilities.kubeVersion" .context -}} -{{- if and (not (empty $kubeVersion)) (semverCompare "<1.23-0" $kubeVersion) -}} -{{- if .beta2 -}} -{{- print "autoscaling/v2beta2" -}} -{{- else -}} -{{- print "autoscaling/v2beta1" -}} -{{- end -}} -{{- else -}} -{{- print "autoscaling/v2" -}} -{{- end -}} -{{- end -}} - -{{/* -Returns true if PodSecurityPolicy is supported -*/}} -{{- define "common.capabilities.psp.supported" -}} -{{- $kubeVersion := include "common.capabilities.kubeVersion" . -}} -{{- if or (empty $kubeVersion) (semverCompare "<1.25-0" $kubeVersion) -}} - {{- true -}} -{{- end -}} -{{- end -}} - -{{/* -Returns true if AdmissionConfiguration is supported -*/}} -{{- define "common.capabilities.admissionConfiguration.supported" -}} -{{- $kubeVersion := include "common.capabilities.kubeVersion" . -}} -{{- if or (empty $kubeVersion) (not (semverCompare "<1.23-0" $kubeVersion)) -}} - {{- true -}} -{{- end -}} -{{- end -}} - -{{/* -Return the appropriate apiVersion for AdmissionConfiguration. -*/}} -{{- define "common.capabilities.admissionConfiguration.apiVersion" -}} -{{- $kubeVersion := include "common.capabilities.kubeVersion" . -}} -{{- if and (not (empty $kubeVersion)) (semverCompare "<1.23-0" $kubeVersion) -}} -{{- print "apiserver.config.k8s.io/v1alpha1" -}} -{{- else if and (not (empty $kubeVersion)) (semverCompare "<1.25-0" $kubeVersion) -}} -{{- print "apiserver.config.k8s.io/v1beta1" -}} -{{- else -}} -{{- print "apiserver.config.k8s.io/v1" -}} -{{- end -}} -{{- end -}} - -{{/* -Return the appropriate apiVersion for PodSecurityConfiguration. -*/}} -{{- define "common.capabilities.podSecurityConfiguration.apiVersion" -}} -{{- $kubeVersion := include "common.capabilities.kubeVersion" . -}} -{{- if and (not (empty $kubeVersion)) (semverCompare "<1.23-0" $kubeVersion) -}} -{{- print "pod-security.admission.config.k8s.io/v1alpha1" -}} -{{- else if and (not (empty $kubeVersion)) (semverCompare "<1.25-0" $kubeVersion) -}} -{{- print "pod-security.admission.config.k8s.io/v1beta1" -}} -{{- else -}} -{{- print "pod-security.admission.config.k8s.io/v1" -}} -{{- end -}} -{{- end -}} - -{{/* -Returns true if the used Helm version is 3.3+. -A way to check the used Helm version was not introduced until version 3.3.0 with .Capabilities.HelmVersion, which contains an additional "{}}" structure. -This check is introduced as a regexMatch instead of {{ if .Capabilities.HelmVersion }} because checking for the key HelmVersion in <3.3 results in a "interface not found" error. -**To be removed when the catalog's minimun Helm version is 3.3** -*/}} -{{- define "common.capabilities.supportsHelmVersion" -}} -{{- if regexMatch "{(v[0-9])*[^}]*}}$" (.Capabilities | toString ) }} - {{- true -}} -{{- end -}} -{{- end -}} diff --git a/packages/system/dashboard/charts/kubeapps/charts/common/templates/_compatibility.tpl b/packages/system/dashboard/charts/kubeapps/charts/common/templates/_compatibility.tpl deleted file mode 100644 index a61588d6..00000000 --- a/packages/system/dashboard/charts/kubeapps/charts/common/templates/_compatibility.tpl +++ /dev/null @@ -1,46 +0,0 @@ -{{/* -Copyright Broadcom, Inc. All Rights Reserved. -SPDX-License-Identifier: APACHE-2.0 -*/}} - -{{/* vim: set filetype=mustache: */}} - -{{/* -Return true if the detected platform is Openshift -Usage: -{{- include "common.compatibility.isOpenshift" . -}} -*/}} -{{- define "common.compatibility.isOpenshift" -}} -{{- if .Capabilities.APIVersions.Has "security.openshift.io/v1" -}} -{{- true -}} -{{- end -}} -{{- end -}} - -{{/* -Render a compatible securityContext depending on the platform. By default it is maintained as it is. In other platforms like Openshift we remove default user/group values that do not work out of the box with the restricted-v1 SCC -Usage: -{{- include "common.compatibility.renderSecurityContext" (dict "secContext" .Values.containerSecurityContext "context" $) -}} -*/}} -{{- define "common.compatibility.renderSecurityContext" -}} -{{- $adaptedContext := .secContext -}} - -{{- if (((.context.Values.global).compatibility).openshift) -}} - {{- if or (eq .context.Values.global.compatibility.openshift.adaptSecurityContext "force") (and (eq .context.Values.global.compatibility.openshift.adaptSecurityContext "auto") (include "common.compatibility.isOpenshift" .context)) -}} - {{/* Remove incompatible user/group values that do not work in Openshift out of the box */}} - {{- $adaptedContext = omit $adaptedContext "fsGroup" "runAsUser" "runAsGroup" -}} - {{- if not .secContext.seLinuxOptions -}} - {{/* If it is an empty object, we remove it from the resulting context because it causes validation issues */}} - {{- $adaptedContext = omit $adaptedContext "seLinuxOptions" -}} - {{- end -}} - {{- end -}} -{{- end -}} -{{/* Remove empty seLinuxOptions object if global.compatibility.omitEmptySeLinuxOptions is set to true */}} -{{- if and (((.context.Values.global).compatibility).omitEmptySeLinuxOptions) (not .secContext.seLinuxOptions) -}} - {{- $adaptedContext = omit $adaptedContext "seLinuxOptions" -}} -{{- end -}} -{{/* Remove fields that are disregarded when running the container in privileged mode */}} -{{- if $adaptedContext.privileged -}} - {{- $adaptedContext = omit $adaptedContext "capabilities" "seLinuxOptions" -}} -{{- end -}} -{{- omit $adaptedContext "enabled" | toYaml -}} -{{- end -}} diff --git a/packages/system/dashboard/charts/kubeapps/charts/common/templates/_errors.tpl b/packages/system/dashboard/charts/kubeapps/charts/common/templates/_errors.tpl deleted file mode 100644 index e9653651..00000000 --- a/packages/system/dashboard/charts/kubeapps/charts/common/templates/_errors.tpl +++ /dev/null @@ -1,28 +0,0 @@ -{{/* -Copyright Broadcom, Inc. All Rights Reserved. -SPDX-License-Identifier: APACHE-2.0 -*/}} - -{{/* vim: set filetype=mustache: */}} -{{/* -Through error when upgrading using empty passwords values that must not be empty. - -Usage: -{{- $validationError00 := include "common.validations.values.single.empty" (dict "valueKey" "path.to.password00" "secret" "secretName" "field" "password-00") -}} -{{- $validationError01 := include "common.validations.values.single.empty" (dict "valueKey" "path.to.password01" "secret" "secretName" "field" "password-01") -}} -{{ include "common.errors.upgrade.passwords.empty" (dict "validationErrors" (list $validationError00 $validationError01) "context" $) }} - -Required password params: - - validationErrors - String - Required. List of validation strings to be return, if it is empty it won't throw error. - - context - Context - Required. Parent context. -*/}} -{{- define "common.errors.upgrade.passwords.empty" -}} - {{- $validationErrors := join "" .validationErrors -}} - {{- if and $validationErrors .context.Release.IsUpgrade -}} - {{- $errorString := "\nPASSWORDS ERROR: You must provide your current passwords when upgrading the release." -}} - {{- $errorString = print $errorString "\n Note that even after reinstallation, old credentials may be needed as they may be kept in persistent volume claims." -}} - {{- $errorString = print $errorString "\n Further information can be obtained at https://docs.bitnami.com/general/how-to/troubleshoot-helm-chart-issues/#credential-errors-while-upgrading-chart-releases" -}} - {{- $errorString = print $errorString "\n%s" -}} - {{- printf $errorString $validationErrors | fail -}} - {{- end -}} -{{- end -}} diff --git a/packages/system/dashboard/charts/kubeapps/charts/common/templates/_images.tpl b/packages/system/dashboard/charts/kubeapps/charts/common/templates/_images.tpl deleted file mode 100644 index 76bb7ce4..00000000 --- a/packages/system/dashboard/charts/kubeapps/charts/common/templates/_images.tpl +++ /dev/null @@ -1,115 +0,0 @@ -{{/* -Copyright Broadcom, Inc. All Rights Reserved. -SPDX-License-Identifier: APACHE-2.0 -*/}} - -{{/* vim: set filetype=mustache: */}} -{{/* -Return the proper image name. -If image tag and digest are not defined, termination fallbacks to chart appVersion. -{{ include "common.images.image" ( dict "imageRoot" .Values.path.to.the.image "global" .Values.global "chart" .Chart ) }} -*/}} -{{- define "common.images.image" -}} -{{- $registryName := default .imageRoot.registry ((.global).imageRegistry) -}} -{{- $repositoryName := .imageRoot.repository -}} -{{- $separator := ":" -}} -{{- $termination := .imageRoot.tag | toString -}} - -{{- if not .imageRoot.tag }} - {{- if .chart }} - {{- $termination = .chart.AppVersion | toString -}} - {{- end -}} -{{- end -}} -{{- if .imageRoot.digest }} - {{- $separator = "@" -}} - {{- $termination = .imageRoot.digest | toString -}} -{{- end -}} -{{- if $registryName }} - {{- printf "%s/%s%s%s" $registryName $repositoryName $separator $termination -}} -{{- else -}} - {{- printf "%s%s%s" $repositoryName $separator $termination -}} -{{- end -}} -{{- end -}} - -{{/* -Return the proper Docker Image Registry Secret Names (deprecated: use common.images.renderPullSecrets instead) -{{ include "common.images.pullSecrets" ( dict "images" (list .Values.path.to.the.image1, .Values.path.to.the.image2) "global" .Values.global) }} -*/}} -{{- define "common.images.pullSecrets" -}} - {{- $pullSecrets := list }} - - {{- range ((.global).imagePullSecrets) -}} - {{- if kindIs "map" . -}} - {{- $pullSecrets = append $pullSecrets .name -}} - {{- else -}} - {{- $pullSecrets = append $pullSecrets . -}} - {{- end }} - {{- end -}} - - {{- range .images -}} - {{- range .pullSecrets -}} - {{- if kindIs "map" . -}} - {{- $pullSecrets = append $pullSecrets .name -}} - {{- else -}} - {{- $pullSecrets = append $pullSecrets . -}} - {{- end -}} - {{- end -}} - {{- end -}} - - {{- if (not (empty $pullSecrets)) -}} -imagePullSecrets: - {{- range $pullSecrets | uniq }} - - name: {{ . }} - {{- end }} - {{- end }} -{{- end -}} - -{{/* -Return the proper Docker Image Registry Secret Names evaluating values as templates -{{ include "common.images.renderPullSecrets" ( dict "images" (list .Values.path.to.the.image1, .Values.path.to.the.image2) "context" $) }} -*/}} -{{- define "common.images.renderPullSecrets" -}} - {{- $pullSecrets := list }} - {{- $context := .context }} - - {{- range (($context.Values.global).imagePullSecrets) -}} - {{- if kindIs "map" . -}} - {{- $pullSecrets = append $pullSecrets (include "common.tplvalues.render" (dict "value" .name "context" $context)) -}} - {{- else -}} - {{- $pullSecrets = append $pullSecrets (include "common.tplvalues.render" (dict "value" . "context" $context)) -}} - {{- end -}} - {{- end -}} - - {{- range .images -}} - {{- range .pullSecrets -}} - {{- if kindIs "map" . -}} - {{- $pullSecrets = append $pullSecrets (include "common.tplvalues.render" (dict "value" .name "context" $context)) -}} - {{- else -}} - {{- $pullSecrets = append $pullSecrets (include "common.tplvalues.render" (dict "value" . "context" $context)) -}} - {{- end -}} - {{- end -}} - {{- end -}} - - {{- if (not (empty $pullSecrets)) -}} -imagePullSecrets: - {{- range $pullSecrets | uniq }} - - name: {{ . }} - {{- end }} - {{- end }} -{{- end -}} - -{{/* -Return the proper image version (ingores image revision/prerelease info & fallbacks to chart appVersion) -{{ include "common.images.version" ( dict "imageRoot" .Values.path.to.the.image "chart" .Chart ) }} -*/}} -{{- define "common.images.version" -}} -{{- $imageTag := .imageRoot.tag | toString -}} -{{/* regexp from https://github.com/Masterminds/semver/blob/23f51de38a0866c5ef0bfc42b3f735c73107b700/version.go#L41-L44 */}} -{{- if regexMatch `^([0-9]+)(\.[0-9]+)?(\.[0-9]+)?(-([0-9A-Za-z\-]+(\.[0-9A-Za-z\-]+)*))?(\+([0-9A-Za-z\-]+(\.[0-9A-Za-z\-]+)*))?$` $imageTag -}} - {{- $version := semver $imageTag -}} - {{- printf "%d.%d.%d" $version.Major $version.Minor $version.Patch -}} -{{- else -}} - {{- print .chart.AppVersion -}} -{{- end -}} -{{- end -}} - diff --git a/packages/system/dashboard/charts/kubeapps/charts/common/templates/_ingress.tpl b/packages/system/dashboard/charts/kubeapps/charts/common/templates/_ingress.tpl deleted file mode 100644 index 7d2b8798..00000000 --- a/packages/system/dashboard/charts/kubeapps/charts/common/templates/_ingress.tpl +++ /dev/null @@ -1,73 +0,0 @@ -{{/* -Copyright Broadcom, Inc. All Rights Reserved. -SPDX-License-Identifier: APACHE-2.0 -*/}} - -{{/* vim: set filetype=mustache: */}} - -{{/* -Generate backend entry that is compatible with all Kubernetes API versions. - -Usage: -{{ include "common.ingress.backend" (dict "serviceName" "backendName" "servicePort" "backendPort" "context" $) }} - -Params: - - serviceName - String. Name of an existing service backend - - servicePort - String/Int. Port name (or number) of the service. It will be translated to different yaml depending if it is a string or an integer. - - context - Dict - Required. The context for the template evaluation. -*/}} -{{- define "common.ingress.backend" -}} -{{- $apiVersion := (include "common.capabilities.ingress.apiVersion" .context) -}} -{{- if or (eq $apiVersion "extensions/v1beta1") (eq $apiVersion "networking.k8s.io/v1beta1") -}} -serviceName: {{ .serviceName }} -servicePort: {{ .servicePort }} -{{- else -}} -service: - name: {{ .serviceName }} - port: - {{- if typeIs "string" .servicePort }} - name: {{ .servicePort }} - {{- else if or (typeIs "int" .servicePort) (typeIs "float64" .servicePort) }} - number: {{ .servicePort | int }} - {{- end }} -{{- end -}} -{{- end -}} - -{{/* -Print "true" if the API pathType field is supported -Usage: -{{ include "common.ingress.supportsPathType" . }} -*/}} -{{- define "common.ingress.supportsPathType" -}} -{{- if (semverCompare "<1.18-0" (include "common.capabilities.kubeVersion" .)) -}} -{{- print "false" -}} -{{- else -}} -{{- print "true" -}} -{{- end -}} -{{- end -}} - -{{/* -Returns true if the ingressClassname field is supported -Usage: -{{ include "common.ingress.supportsIngressClassname" . }} -*/}} -{{- define "common.ingress.supportsIngressClassname" -}} -{{- if semverCompare "<1.18-0" (include "common.capabilities.kubeVersion" .) -}} -{{- print "false" -}} -{{- else -}} -{{- print "true" -}} -{{- end -}} -{{- end -}} - -{{/* -Return true if cert-manager required annotations for TLS signed -certificates are set in the Ingress annotations -Ref: https://cert-manager.io/docs/usage/ingress/#supported-annotations -Usage: -{{ include "common.ingress.certManagerRequest" ( dict "annotations" .Values.path.to.the.ingress.annotations ) }} -*/}} -{{- define "common.ingress.certManagerRequest" -}} -{{ if or (hasKey .annotations "cert-manager.io/cluster-issuer") (hasKey .annotations "cert-manager.io/issuer") (hasKey .annotations "kubernetes.io/tls-acme") }} - {{- true -}} -{{- end -}} -{{- end -}} diff --git a/packages/system/dashboard/charts/kubeapps/charts/common/templates/_labels.tpl b/packages/system/dashboard/charts/kubeapps/charts/common/templates/_labels.tpl deleted file mode 100644 index 0a0cc548..00000000 --- a/packages/system/dashboard/charts/kubeapps/charts/common/templates/_labels.tpl +++ /dev/null @@ -1,46 +0,0 @@ -{{/* -Copyright Broadcom, Inc. All Rights Reserved. -SPDX-License-Identifier: APACHE-2.0 -*/}} - -{{/* vim: set filetype=mustache: */}} - -{{/* -Kubernetes standard labels -{{ include "common.labels.standard" (dict "customLabels" .Values.commonLabels "context" $) -}} -*/}} -{{- define "common.labels.standard" -}} -{{- if and (hasKey . "customLabels") (hasKey . "context") -}} -{{- $default := dict "app.kubernetes.io/name" (include "common.names.name" .context) "helm.sh/chart" (include "common.names.chart" .context) "app.kubernetes.io/instance" .context.Release.Name "app.kubernetes.io/managed-by" .context.Release.Service -}} -{{- with .context.Chart.AppVersion -}} -{{- $_ := set $default "app.kubernetes.io/version" . -}} -{{- end -}} -{{ template "common.tplvalues.merge" (dict "values" (list .customLabels $default) "context" .context) }} -{{- else -}} -app.kubernetes.io/name: {{ include "common.names.name" . }} -helm.sh/chart: {{ include "common.names.chart" . }} -app.kubernetes.io/instance: {{ .Release.Name }} -app.kubernetes.io/managed-by: {{ .Release.Service }} -{{- with .Chart.AppVersion }} -app.kubernetes.io/version: {{ . | quote }} -{{- end -}} -{{- end -}} -{{- end -}} - -{{/* -Labels used on immutable fields such as deploy.spec.selector.matchLabels or svc.spec.selector -{{ include "common.labels.matchLabels" (dict "customLabels" .Values.podLabels "context" $) -}} - -We don't want to loop over custom labels appending them to the selector -since it's very likely that it will break deployments, services, etc. -However, it's important to overwrite the standard labels if the user -overwrote them on metadata.labels fields. -*/}} -{{- define "common.labels.matchLabels" -}} -{{- if and (hasKey . "customLabels") (hasKey . "context") -}} -{{ merge (pick (include "common.tplvalues.render" (dict "value" .customLabels "context" .context) | fromYaml) "app.kubernetes.io/name" "app.kubernetes.io/instance") (dict "app.kubernetes.io/name" (include "common.names.name" .context) "app.kubernetes.io/instance" .context.Release.Name ) | toYaml }} -{{- else -}} -app.kubernetes.io/name: {{ include "common.names.name" . }} -app.kubernetes.io/instance: {{ .Release.Name }} -{{- end -}} -{{- end -}} diff --git a/packages/system/dashboard/charts/kubeapps/charts/common/templates/_names.tpl b/packages/system/dashboard/charts/kubeapps/charts/common/templates/_names.tpl deleted file mode 100644 index ba839568..00000000 --- a/packages/system/dashboard/charts/kubeapps/charts/common/templates/_names.tpl +++ /dev/null @@ -1,71 +0,0 @@ -{{/* -Copyright Broadcom, Inc. All Rights Reserved. -SPDX-License-Identifier: APACHE-2.0 -*/}} - -{{/* vim: set filetype=mustache: */}} -{{/* -Expand the name of the chart. -*/}} -{{- define "common.names.name" -}} -{{- default .Chart.Name .Values.nameOverride | trunc 63 | trimSuffix "-" -}} -{{- end -}} - -{{/* -Create chart name and version as used by the chart label. -*/}} -{{- define "common.names.chart" -}} -{{- printf "%s-%s" .Chart.Name .Chart.Version | replace "+" "_" | trunc 63 | trimSuffix "-" -}} -{{- end -}} - -{{/* -Create a default fully qualified app name. -We truncate at 63 chars because some Kubernetes name fields are limited to this (by the DNS naming spec). -If release name contains chart name it will be used as a full name. -*/}} -{{- define "common.names.fullname" -}} -{{- if .Values.fullnameOverride -}} -{{- .Values.fullnameOverride | trunc 63 | trimSuffix "-" -}} -{{- else -}} -{{- $name := default .Chart.Name .Values.nameOverride -}} -{{- if contains $name .Release.Name -}} -{{- .Release.Name | trunc 63 | trimSuffix "-" -}} -{{- else -}} -{{- printf "%s-%s" .Release.Name $name | trunc 63 | trimSuffix "-" -}} -{{- end -}} -{{- end -}} -{{- end -}} - -{{/* -Create a default fully qualified dependency name. -We truncate at 63 chars because some Kubernetes name fields are limited to this (by the DNS naming spec). -If release name contains chart name it will be used as a full name. -Usage: -{{ include "common.names.dependency.fullname" (dict "chartName" "dependency-chart-name" "chartValues" .Values.dependency-chart "context" $) }} -*/}} -{{- define "common.names.dependency.fullname" -}} -{{- if .chartValues.fullnameOverride -}} -{{- .chartValues.fullnameOverride | trunc 63 | trimSuffix "-" -}} -{{- else -}} -{{- $name := default .chartName .chartValues.nameOverride -}} -{{- if contains $name .context.Release.Name -}} -{{- .context.Release.Name | trunc 63 | trimSuffix "-" -}} -{{- else -}} -{{- printf "%s-%s" .context.Release.Name $name | trunc 63 | trimSuffix "-" -}} -{{- end -}} -{{- end -}} -{{- end -}} - -{{/* -Allow the release namespace to be overridden for multi-namespace deployments in combined charts. -*/}} -{{- define "common.names.namespace" -}} -{{- default .Release.Namespace .Values.namespaceOverride | trunc 63 | trimSuffix "-" -}} -{{- end -}} - -{{/* -Create a fully qualified app name adding the installation's namespace. -*/}} -{{- define "common.names.fullname.namespace" -}} -{{- printf "%s-%s" (include "common.names.fullname" .) (include "common.names.namespace" .) | trunc 63 | trimSuffix "-" -}} -{{- end -}} diff --git a/packages/system/dashboard/charts/kubeapps/charts/common/templates/_resources.tpl b/packages/system/dashboard/charts/kubeapps/charts/common/templates/_resources.tpl deleted file mode 100644 index d8a43e1c..00000000 --- a/packages/system/dashboard/charts/kubeapps/charts/common/templates/_resources.tpl +++ /dev/null @@ -1,50 +0,0 @@ -{{/* -Copyright Broadcom, Inc. All Rights Reserved. -SPDX-License-Identifier: APACHE-2.0 -*/}} - -{{/* vim: set filetype=mustache: */}} - -{{/* -Return a resource request/limit object based on a given preset. -These presets are for basic testing and not meant to be used in production -{{ include "common.resources.preset" (dict "type" "nano") -}} -*/}} -{{- define "common.resources.preset" -}} -{{/* The limits are the requests increased by 50% (except ephemeral-storage and xlarge/2xlarge sizes)*/}} -{{- $presets := dict - "nano" (dict - "requests" (dict "cpu" "100m" "memory" "128Mi" "ephemeral-storage" "50Mi") - "limits" (dict "cpu" "150m" "memory" "192Mi" "ephemeral-storage" "2Gi") - ) - "micro" (dict - "requests" (dict "cpu" "250m" "memory" "256Mi" "ephemeral-storage" "50Mi") - "limits" (dict "cpu" "375m" "memory" "384Mi" "ephemeral-storage" "2Gi") - ) - "small" (dict - "requests" (dict "cpu" "500m" "memory" "512Mi" "ephemeral-storage" "50Mi") - "limits" (dict "cpu" "750m" "memory" "768Mi" "ephemeral-storage" "2Gi") - ) - "medium" (dict - "requests" (dict "cpu" "500m" "memory" "1024Mi" "ephemeral-storage" "50Mi") - "limits" (dict "cpu" "750m" "memory" "1536Mi" "ephemeral-storage" "2Gi") - ) - "large" (dict - "requests" (dict "cpu" "1.0" "memory" "2048Mi" "ephemeral-storage" "50Mi") - "limits" (dict "cpu" "1.5" "memory" "3072Mi" "ephemeral-storage" "2Gi") - ) - "xlarge" (dict - "requests" (dict "cpu" "1.0" "memory" "3072Mi" "ephemeral-storage" "50Mi") - "limits" (dict "cpu" "3.0" "memory" "6144Mi" "ephemeral-storage" "2Gi") - ) - "2xlarge" (dict - "requests" (dict "cpu" "1.0" "memory" "3072Mi" "ephemeral-storage" "50Mi") - "limits" (dict "cpu" "6.0" "memory" "12288Mi" "ephemeral-storage" "2Gi") - ) - }} -{{- if hasKey $presets .type -}} -{{- index $presets .type | toYaml -}} -{{- else -}} -{{- printf "ERROR: Preset key '%s' invalid. Allowed values are %s" .type (join "," (keys $presets)) | fail -}} -{{- end -}} -{{- end -}} diff --git a/packages/system/dashboard/charts/kubeapps/charts/common/templates/_secrets.tpl b/packages/system/dashboard/charts/kubeapps/charts/common/templates/_secrets.tpl deleted file mode 100644 index 801918ce..00000000 --- a/packages/system/dashboard/charts/kubeapps/charts/common/templates/_secrets.tpl +++ /dev/null @@ -1,185 +0,0 @@ -{{/* -Copyright Broadcom, Inc. All Rights Reserved. -SPDX-License-Identifier: APACHE-2.0 -*/}} - -{{/* vim: set filetype=mustache: */}} -{{/* -Generate secret name. - -Usage: -{{ include "common.secrets.name" (dict "existingSecret" .Values.path.to.the.existingSecret "defaultNameSuffix" "mySuffix" "context" $) }} - -Params: - - existingSecret - ExistingSecret/String - Optional. The path to the existing secrets in the values.yaml given by the user - to be used instead of the default one. Allows for it to be of type String (just the secret name) for backwards compatibility. - +info: https://github.com/bitnami/charts/tree/main/bitnami/common#existingsecret - - defaultNameSuffix - String - Optional. It is used only if we have several secrets in the same deployment. - - context - Dict - Required. The context for the template evaluation. -*/}} -{{- define "common.secrets.name" -}} -{{- $name := (include "common.names.fullname" .context) -}} - -{{- if .defaultNameSuffix -}} -{{- $name = printf "%s-%s" $name .defaultNameSuffix | trunc 63 | trimSuffix "-" -}} -{{- end -}} - -{{- with .existingSecret -}} -{{- if not (typeIs "string" .) -}} -{{- with .name -}} -{{- $name = . -}} -{{- end -}} -{{- else -}} -{{- $name = . -}} -{{- end -}} -{{- end -}} - -{{- printf "%s" $name -}} -{{- end -}} - -{{/* -Generate secret key. - -Usage: -{{ include "common.secrets.key" (dict "existingSecret" .Values.path.to.the.existingSecret "key" "keyName") }} - -Params: - - existingSecret - ExistingSecret/String - Optional. The path to the existing secrets in the values.yaml given by the user - to be used instead of the default one. Allows for it to be of type String (just the secret name) for backwards compatibility. - +info: https://github.com/bitnami/charts/tree/main/bitnami/common#existingsecret - - key - String - Required. Name of the key in the secret. -*/}} -{{- define "common.secrets.key" -}} -{{- $key := .key -}} - -{{- if .existingSecret -}} - {{- if not (typeIs "string" .existingSecret) -}} - {{- if .existingSecret.keyMapping -}} - {{- $key = index .existingSecret.keyMapping $.key -}} - {{- end -}} - {{- end }} -{{- end -}} - -{{- printf "%s" $key -}} -{{- end -}} - -{{/* -Generate secret password or retrieve one if already created. - -Usage: -{{ include "common.secrets.passwords.manage" (dict "secret" "secret-name" "key" "keyName" "providedValues" (list "path.to.password1" "path.to.password2") "length" 10 "strong" false "chartName" "chartName" "context" $) }} - -Params: - - secret - String - Required - Name of the 'Secret' resource where the password is stored. - - key - String - Required - Name of the key in the secret. - - providedValues - List - Required - The path to the validating value in the values.yaml, e.g: "mysql.password". Will pick first parameter with a defined value. - - length - int - Optional - Length of the generated random password. - - strong - Boolean - Optional - Whether to add symbols to the generated random password. - - chartName - String - Optional - Name of the chart used when said chart is deployed as a subchart. - - context - Context - Required - Parent context. - - failOnNew - Boolean - Optional - Default to true. If set to false, skip errors adding new keys to existing secrets. - - skipB64enc - Boolean - Optional - Default to false. If set to true, no the secret will not be base64 encrypted. - - skipQuote - Boolean - Optional - Default to false. If set to true, no quotes will be added around the secret. -The order in which this function returns a secret password: - 1. Already existing 'Secret' resource - (If a 'Secret' resource is found under the name provided to the 'secret' parameter to this function and that 'Secret' resource contains a key with the name passed as the 'key' parameter to this function then the value of this existing secret password will be returned) - 2. Password provided via the values.yaml - (If one of the keys passed to the 'providedValues' parameter to this function is a valid path to a key in the values.yaml and has a value, the value of the first key with a value will be returned) - 3. Randomly generated secret password - (A new random secret password with the length specified in the 'length' parameter will be generated and returned) - -*/}} -{{- define "common.secrets.passwords.manage" -}} - -{{- $password := "" }} -{{- $subchart := "" }} -{{- $chartName := default "" .chartName }} -{{- $passwordLength := default 10 .length }} -{{- $providedPasswordKey := include "common.utils.getKeyFromList" (dict "keys" .providedValues "context" $.context) }} -{{- $providedPasswordValue := include "common.utils.getValueFromKey" (dict "key" $providedPasswordKey "context" $.context) }} -{{- $secretData := (lookup "v1" "Secret" (include "common.names.namespace" .context) .secret).data }} -{{- if $secretData }} - {{- if hasKey $secretData .key }} - {{- $password = index $secretData .key | b64dec }} - {{- else if not (eq .failOnNew false) }} - {{- printf "\nPASSWORDS ERROR: The secret \"%s\" does not contain the key \"%s\"\n" .secret .key | fail -}} - {{- end -}} -{{- end }} - -{{- if not $password }} - {{- if $providedPasswordValue }} - {{- $password = $providedPasswordValue | toString }} - {{- else }} - {{- if .context.Values.enabled }} - {{- $subchart = $chartName }} - {{- end -}} - - {{- if not (eq .failOnNew false) }} - {{- $requiredPassword := dict "valueKey" $providedPasswordKey "secret" .secret "field" .key "subchart" $subchart "context" $.context -}} - {{- $requiredPasswordError := include "common.validations.values.single.empty" $requiredPassword -}} - {{- $passwordValidationErrors := list $requiredPasswordError -}} - {{- include "common.errors.upgrade.passwords.empty" (dict "validationErrors" $passwordValidationErrors "context" $.context) -}} - {{- end }} - - {{- if .strong }} - {{- $subStr := list (lower (randAlpha 1)) (randNumeric 1) (upper (randAlpha 1)) | join "_" }} - {{- $password = randAscii $passwordLength }} - {{- $password = regexReplaceAllLiteral "\\W" $password "@" | substr 5 $passwordLength }} - {{- $password = printf "%s%s" $subStr $password | toString | shuffle }} - {{- else }} - {{- $password = randAlphaNum $passwordLength }} - {{- end }} - {{- end -}} -{{- end -}} -{{- if not .skipB64enc }} -{{- $password = $password | b64enc }} -{{- end -}} -{{- if .skipQuote -}} -{{- printf "%s" $password -}} -{{- else -}} -{{- printf "%s" $password | quote -}} -{{- end -}} -{{- end -}} - -{{/* -Reuses the value from an existing secret, otherwise sets its value to a default value. - -Usage: -{{ include "common.secrets.lookup" (dict "secret" "secret-name" "key" "keyName" "defaultValue" .Values.myValue "context" $) }} - -Params: - - secret - String - Required - Name of the 'Secret' resource where the password is stored. - - key - String - Required - Name of the key in the secret. - - defaultValue - String - Required - The path to the validating value in the values.yaml, e.g: "mysql.password". Will pick first parameter with a defined value. - - context - Context - Required - Parent context. - -*/}} -{{- define "common.secrets.lookup" -}} -{{- $value := "" -}} -{{- $secretData := (lookup "v1" "Secret" (include "common.names.namespace" .context) .secret).data -}} -{{- if and $secretData (hasKey $secretData .key) -}} - {{- $value = index $secretData .key -}} -{{- else if .defaultValue -}} - {{- $value = .defaultValue | toString | b64enc -}} -{{- end -}} -{{- if $value -}} -{{- printf "%s" $value -}} -{{- end -}} -{{- end -}} - -{{/* -Returns whether a previous generated secret already exists - -Usage: -{{ include "common.secrets.exists" (dict "secret" "secret-name" "context" $) }} - -Params: - - secret - String - Required - Name of the 'Secret' resource where the password is stored. - - context - Context - Required - Parent context. -*/}} -{{- define "common.secrets.exists" -}} -{{- $secret := (lookup "v1" "Secret" (include "common.names.namespace" .context) .secret) }} -{{- if $secret }} - {{- true -}} -{{- end -}} -{{- end -}} diff --git a/packages/system/dashboard/charts/kubeapps/charts/common/templates/_storage.tpl b/packages/system/dashboard/charts/kubeapps/charts/common/templates/_storage.tpl deleted file mode 100644 index aa75856c..00000000 --- a/packages/system/dashboard/charts/kubeapps/charts/common/templates/_storage.tpl +++ /dev/null @@ -1,21 +0,0 @@ -{{/* -Copyright Broadcom, Inc. All Rights Reserved. -SPDX-License-Identifier: APACHE-2.0 -*/}} - -{{/* vim: set filetype=mustache: */}} - -{{/* -Return the proper Storage Class -{{ include "common.storage.class" ( dict "persistence" .Values.path.to.the.persistence "global" $) }} -*/}} -{{- define "common.storage.class" -}} -{{- $storageClass := (.global).storageClass | default .persistence.storageClass | default (.global).defaultStorageClass | default "" -}} -{{- if $storageClass -}} - {{- if (eq "-" $storageClass) -}} - {{- printf "storageClassName: \"\"" -}} - {{- else -}} - {{- printf "storageClassName: %s" $storageClass -}} - {{- end -}} -{{- end -}} -{{- end -}} diff --git a/packages/system/dashboard/charts/kubeapps/charts/common/templates/_tplvalues.tpl b/packages/system/dashboard/charts/kubeapps/charts/common/templates/_tplvalues.tpl deleted file mode 100644 index a04f4c1e..00000000 --- a/packages/system/dashboard/charts/kubeapps/charts/common/templates/_tplvalues.tpl +++ /dev/null @@ -1,52 +0,0 @@ -{{/* -Copyright Broadcom, Inc. All Rights Reserved. -SPDX-License-Identifier: APACHE-2.0 -*/}} - -{{/* vim: set filetype=mustache: */}} -{{/* -Renders a value that contains template perhaps with scope if the scope is present. -Usage: -{{ include "common.tplvalues.render" ( dict "value" .Values.path.to.the.Value "context" $ ) }} -{{ include "common.tplvalues.render" ( dict "value" .Values.path.to.the.Value "context" $ "scope" $app ) }} -*/}} -{{- define "common.tplvalues.render" -}} -{{- $value := typeIs "string" .value | ternary .value (.value | toYaml) }} -{{- if contains "{{" (toJson .value) }} - {{- if .scope }} - {{- tpl (cat "{{- with $.RelativeScope -}}" $value "{{- end }}") (merge (dict "RelativeScope" .scope) .context) }} - {{- else }} - {{- tpl $value .context }} - {{- end }} -{{- else }} - {{- $value }} -{{- end }} -{{- end -}} - -{{/* -Merge a list of values that contains template after rendering them. -Merge precedence is consistent with http://masterminds.github.io/sprig/dicts.html#merge-mustmerge -Usage: -{{ include "common.tplvalues.merge" ( dict "values" (list .Values.path.to.the.Value1 .Values.path.to.the.Value2) "context" $ ) }} -*/}} -{{- define "common.tplvalues.merge" -}} -{{- $dst := dict -}} -{{- range .values -}} -{{- $dst = include "common.tplvalues.render" (dict "value" . "context" $.context "scope" $.scope) | fromYaml | merge $dst -}} -{{- end -}} -{{ $dst | toYaml }} -{{- end -}} - -{{/* -Merge a list of values that contains template after rendering them. -Merge precedence is consistent with https://masterminds.github.io/sprig/dicts.html#mergeoverwrite-mustmergeoverwrite -Usage: -{{ include "common.tplvalues.merge-overwrite" ( dict "values" (list .Values.path.to.the.Value1 .Values.path.to.the.Value2) "context" $ ) }} -*/}} -{{- define "common.tplvalues.merge-overwrite" -}} -{{- $dst := dict -}} -{{- range .values -}} -{{- $dst = include "common.tplvalues.render" (dict "value" . "context" $.context "scope" $.scope) | fromYaml | mergeOverwrite $dst -}} -{{- end -}} -{{ $dst | toYaml }} -{{- end -}} diff --git a/packages/system/dashboard/charts/kubeapps/charts/common/templates/_utils.tpl b/packages/system/dashboard/charts/kubeapps/charts/common/templates/_utils.tpl deleted file mode 100644 index d53c74aa..00000000 --- a/packages/system/dashboard/charts/kubeapps/charts/common/templates/_utils.tpl +++ /dev/null @@ -1,77 +0,0 @@ -{{/* -Copyright Broadcom, Inc. All Rights Reserved. -SPDX-License-Identifier: APACHE-2.0 -*/}} - -{{/* vim: set filetype=mustache: */}} -{{/* -Print instructions to get a secret value. -Usage: -{{ include "common.utils.secret.getvalue" (dict "secret" "secret-name" "field" "secret-value-field" "context" $) }} -*/}} -{{- define "common.utils.secret.getvalue" -}} -{{- $varname := include "common.utils.fieldToEnvVar" . -}} -export {{ $varname }}=$(kubectl get secret --namespace {{ include "common.names.namespace" .context | quote }} {{ .secret }} -o jsonpath="{.data.{{ .field }}}" | base64 -d) -{{- end -}} - -{{/* -Build env var name given a field -Usage: -{{ include "common.utils.fieldToEnvVar" dict "field" "my-password" }} -*/}} -{{- define "common.utils.fieldToEnvVar" -}} - {{- $fieldNameSplit := splitList "-" .field -}} - {{- $upperCaseFieldNameSplit := list -}} - - {{- range $fieldNameSplit -}} - {{- $upperCaseFieldNameSplit = append $upperCaseFieldNameSplit ( upper . ) -}} - {{- end -}} - - {{ join "_" $upperCaseFieldNameSplit }} -{{- end -}} - -{{/* -Gets a value from .Values given -Usage: -{{ include "common.utils.getValueFromKey" (dict "key" "path.to.key" "context" $) }} -*/}} -{{- define "common.utils.getValueFromKey" -}} -{{- $splitKey := splitList "." .key -}} -{{- $value := "" -}} -{{- $latestObj := $.context.Values -}} -{{- range $splitKey -}} - {{- if not $latestObj -}} - {{- printf "please review the entire path of '%s' exists in values" $.key | fail -}} - {{- end -}} - {{- $value = ( index $latestObj . ) -}} - {{- $latestObj = $value -}} -{{- end -}} -{{- printf "%v" (default "" $value) -}} -{{- end -}} - -{{/* -Returns first .Values key with a defined value or first of the list if all non-defined -Usage: -{{ include "common.utils.getKeyFromList" (dict "keys" (list "path.to.key1" "path.to.key2") "context" $) }} -*/}} -{{- define "common.utils.getKeyFromList" -}} -{{- $key := first .keys -}} -{{- $reverseKeys := reverse .keys }} -{{- range $reverseKeys }} - {{- $value := include "common.utils.getValueFromKey" (dict "key" . "context" $.context ) }} - {{- if $value -}} - {{- $key = . }} - {{- end -}} -{{- end -}} -{{- printf "%s" $key -}} -{{- end -}} - -{{/* -Checksum a template at "path" containing a *single* resource (ConfigMap,Secret) for use in pod annotations, excluding the metadata (see #18376). -Usage: -{{ include "common.utils.checksumTemplate" (dict "path" "/configmap.yaml" "context" $) }} -*/}} -{{- define "common.utils.checksumTemplate" -}} -{{- $obj := include (print .context.Template.BasePath .path) .context | fromYaml -}} -{{ omit $obj "apiVersion" "kind" "metadata" | toYaml | sha256sum }} -{{- end -}} diff --git a/packages/system/dashboard/charts/kubeapps/charts/common/templates/_warnings.tpl b/packages/system/dashboard/charts/kubeapps/charts/common/templates/_warnings.tpl deleted file mode 100644 index e4dbecde..00000000 --- a/packages/system/dashboard/charts/kubeapps/charts/common/templates/_warnings.tpl +++ /dev/null @@ -1,109 +0,0 @@ -{{/* -Copyright Broadcom, Inc. All Rights Reserved. -SPDX-License-Identifier: APACHE-2.0 -*/}} - -{{/* vim: set filetype=mustache: */}} -{{/* -Warning about using rolling tag. -Usage: -{{ include "common.warnings.rollingTag" .Values.path.to.the.imageRoot }} -*/}} -{{- define "common.warnings.rollingTag" -}} - -{{- if and (contains "bitnami/" .repository) (not (.tag | toString | regexFind "-r\\d+$|sha256:")) }} -WARNING: Rolling tag detected ({{ .repository }}:{{ .tag }}), please note that it is strongly recommended to avoid using rolling tags in a production environment. -+info https://docs.vmware.com/en/VMware-Tanzu-Application-Catalog/services/tutorials/GUID-understand-rolling-tags-containers-index.html -{{- end }} -{{- end -}} - -{{/* -Warning about replaced images from the original. -Usage: -{{ include "common.warnings.modifiedImages" (dict "images" (list .Values.path.to.the.imageRoot) "context" $) }} -*/}} -{{- define "common.warnings.modifiedImages" -}} -{{- $affectedImages := list -}} -{{- $printMessage := false -}} -{{- $originalImages := .context.Chart.Annotations.images -}} -{{- range .images -}} - {{- $fullImageName := printf (printf "%s/%s:%s" .registry .repository .tag) -}} - {{- if not (contains $fullImageName $originalImages) }} - {{- $affectedImages = append $affectedImages (printf "%s/%s:%s" .registry .repository .tag) -}} - {{- $printMessage = true -}} - {{- end -}} -{{- end -}} -{{- if $printMessage }} - -⚠ SECURITY WARNING: Original containers have been substituted. This Helm chart was designed, tested, and validated on multiple platforms using a specific set of Bitnami and Tanzu Application Catalog containers. Substituting other containers is likely to cause degraded security and performance, broken chart features, and missing environment variables. - -Substituted images detected: -{{- range $affectedImages }} - - {{ . }} -{{- end }} -{{- end -}} -{{- end -}} - -{{/* -Warning about not setting the resource object in all deployments. -Usage: -{{ include "common.warnings.resources" (dict "sections" (list "path1" "path2") context $) }} -Example: -{{- include "common.warnings.resources" (dict "sections" (list "csiProvider.provider" "server" "volumePermissions" "") "context" $) }} -The list in the example assumes that the following values exist: - - csiProvider.provider.resources - - server.resources - - volumePermissions.resources - - resources -*/}} -{{- define "common.warnings.resources" -}} -{{- $values := .context.Values -}} -{{- $printMessage := false -}} -{{ $affectedSections := list -}} -{{- range .sections -}} - {{- if eq . "" -}} - {{/* Case where the resources section is at the root (one main deployment in the chart) */}} - {{- if not (index $values "resources") -}} - {{- $affectedSections = append $affectedSections "resources" -}} - {{- $printMessage = true -}} - {{- end -}} - {{- else -}} - {{/* Case where the are multiple resources sections (more than one main deployment in the chart) */}} - {{- $keys := split "." . -}} - {{/* We iterate through the different levels until arriving to the resource section. Example: a.b.c.resources */}} - {{- $section := $values -}} - {{- range $keys -}} - {{- $section = index $section . -}} - {{- end -}} - {{- if not (index $section "resources") -}} - {{/* If the section has enabled=false or replicaCount=0, do not include it */}} - {{- if and (hasKey $section "enabled") -}} - {{- if index $section "enabled" -}} - {{/* enabled=true */}} - {{- $affectedSections = append $affectedSections (printf "%s.resources" .) -}} - {{- $printMessage = true -}} - {{- end -}} - {{- else if and (hasKey $section "replicaCount") -}} - {{/* We need a casting to int because number 0 is not treated as an int by default */}} - {{- if (gt (index $section "replicaCount" | int) 0) -}} - {{/* replicaCount > 0 */}} - {{- $affectedSections = append $affectedSections (printf "%s.resources" .) -}} - {{- $printMessage = true -}} - {{- end -}} - {{- else -}} - {{/* Default case, add it to the affected sections */}} - {{- $affectedSections = append $affectedSections (printf "%s.resources" .) -}} - {{- $printMessage = true -}} - {{- end -}} - {{- end -}} - {{- end -}} -{{- end -}} -{{- if $printMessage }} - -WARNING: There are "resources" sections in the chart not set. Using "resourcesPreset" is not recommended for production. For production installations, please set the following values according to your workload needs: -{{- range $affectedSections }} - - {{ . }} -{{- end }} -+info https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/ -{{- end -}} -{{- end -}} diff --git a/packages/system/dashboard/charts/kubeapps/charts/common/templates/validations/_cassandra.tpl b/packages/system/dashboard/charts/kubeapps/charts/common/templates/validations/_cassandra.tpl deleted file mode 100644 index f8fd213b..00000000 --- a/packages/system/dashboard/charts/kubeapps/charts/common/templates/validations/_cassandra.tpl +++ /dev/null @@ -1,51 +0,0 @@ -{{/* -Copyright Broadcom, Inc. All Rights Reserved. -SPDX-License-Identifier: APACHE-2.0 -*/}} - -{{/* vim: set filetype=mustache: */}} -{{/* -Auxiliary function to get the right value for existingSecret. - -Usage: -{{ include "common.cassandra.values.existingSecret" (dict "context" $) }} -Params: - - subchart - Boolean - Optional. Whether Cassandra is used as subchart or not. Default: false -*/}} -{{- define "common.cassandra.values.existingSecret" -}} - {{- if .subchart -}} - {{- .context.Values.cassandra.dbUser.existingSecret | quote -}} - {{- else -}} - {{- .context.Values.dbUser.existingSecret | quote -}} - {{- end -}} -{{- end -}} - -{{/* -Auxiliary function to get the right value for enabled cassandra. - -Usage: -{{ include "common.cassandra.values.enabled" (dict "context" $) }} -*/}} -{{- define "common.cassandra.values.enabled" -}} - {{- if .subchart -}} - {{- printf "%v" .context.Values.cassandra.enabled -}} - {{- else -}} - {{- printf "%v" (not .context.Values.enabled) -}} - {{- end -}} -{{- end -}} - -{{/* -Auxiliary function to get the right value for the key dbUser - -Usage: -{{ include "common.cassandra.values.key.dbUser" (dict "subchart" "true" "context" $) }} -Params: - - subchart - Boolean - Optional. Whether Cassandra is used as subchart or not. Default: false -*/}} -{{- define "common.cassandra.values.key.dbUser" -}} - {{- if .subchart -}} - cassandra.dbUser - {{- else -}} - dbUser - {{- end -}} -{{- end -}} diff --git a/packages/system/dashboard/charts/kubeapps/charts/common/templates/validations/_mariadb.tpl b/packages/system/dashboard/charts/kubeapps/charts/common/templates/validations/_mariadb.tpl deleted file mode 100644 index 6ea8c0f4..00000000 --- a/packages/system/dashboard/charts/kubeapps/charts/common/templates/validations/_mariadb.tpl +++ /dev/null @@ -1,108 +0,0 @@ -{{/* -Copyright Broadcom, Inc. All Rights Reserved. -SPDX-License-Identifier: APACHE-2.0 -*/}} - -{{/* vim: set filetype=mustache: */}} -{{/* -Validate MariaDB required passwords are not empty. - -Usage: -{{ include "common.validations.values.mariadb.passwords" (dict "secret" "secretName" "subchart" false "context" $) }} -Params: - - secret - String - Required. Name of the secret where MariaDB values are stored, e.g: "mysql-passwords-secret" - - subchart - Boolean - Optional. Whether MariaDB is used as subchart or not. Default: false -*/}} -{{- define "common.validations.values.mariadb.passwords" -}} - {{- $existingSecret := include "common.mariadb.values.auth.existingSecret" . -}} - {{- $enabled := include "common.mariadb.values.enabled" . -}} - {{- $architecture := include "common.mariadb.values.architecture" . -}} - {{- $authPrefix := include "common.mariadb.values.key.auth" . -}} - {{- $valueKeyRootPassword := printf "%s.rootPassword" $authPrefix -}} - {{- $valueKeyUsername := printf "%s.username" $authPrefix -}} - {{- $valueKeyPassword := printf "%s.password" $authPrefix -}} - {{- $valueKeyReplicationPassword := printf "%s.replicationPassword" $authPrefix -}} - - {{- if and (or (not $existingSecret) (eq $existingSecret "\"\"")) (eq $enabled "true") -}} - {{- $requiredPasswords := list -}} - - {{- $requiredRootPassword := dict "valueKey" $valueKeyRootPassword "secret" .secret "field" "mariadb-root-password" -}} - {{- $requiredPasswords = append $requiredPasswords $requiredRootPassword -}} - - {{- $valueUsername := include "common.utils.getValueFromKey" (dict "key" $valueKeyUsername "context" .context) }} - {{- if not (empty $valueUsername) -}} - {{- $requiredPassword := dict "valueKey" $valueKeyPassword "secret" .secret "field" "mariadb-password" -}} - {{- $requiredPasswords = append $requiredPasswords $requiredPassword -}} - {{- end -}} - - {{- if (eq $architecture "replication") -}} - {{- $requiredReplicationPassword := dict "valueKey" $valueKeyReplicationPassword "secret" .secret "field" "mariadb-replication-password" -}} - {{- $requiredPasswords = append $requiredPasswords $requiredReplicationPassword -}} - {{- end -}} - - {{- include "common.validations.values.multiple.empty" (dict "required" $requiredPasswords "context" .context) -}} - - {{- end -}} -{{- end -}} - -{{/* -Auxiliary function to get the right value for existingSecret. - -Usage: -{{ include "common.mariadb.values.auth.existingSecret" (dict "context" $) }} -Params: - - subchart - Boolean - Optional. Whether MariaDB is used as subchart or not. Default: false -*/}} -{{- define "common.mariadb.values.auth.existingSecret" -}} - {{- if .subchart -}} - {{- .context.Values.mariadb.auth.existingSecret | quote -}} - {{- else -}} - {{- .context.Values.auth.existingSecret | quote -}} - {{- end -}} -{{- end -}} - -{{/* -Auxiliary function to get the right value for enabled mariadb. - -Usage: -{{ include "common.mariadb.values.enabled" (dict "context" $) }} -*/}} -{{- define "common.mariadb.values.enabled" -}} - {{- if .subchart -}} - {{- printf "%v" .context.Values.mariadb.enabled -}} - {{- else -}} - {{- printf "%v" (not .context.Values.enabled) -}} - {{- end -}} -{{- end -}} - -{{/* -Auxiliary function to get the right value for architecture - -Usage: -{{ include "common.mariadb.values.architecture" (dict "subchart" "true" "context" $) }} -Params: - - subchart - Boolean - Optional. Whether MariaDB is used as subchart or not. Default: false -*/}} -{{- define "common.mariadb.values.architecture" -}} - {{- if .subchart -}} - {{- .context.Values.mariadb.architecture -}} - {{- else -}} - {{- .context.Values.architecture -}} - {{- end -}} -{{- end -}} - -{{/* -Auxiliary function to get the right value for the key auth - -Usage: -{{ include "common.mariadb.values.key.auth" (dict "subchart" "true" "context" $) }} -Params: - - subchart - Boolean - Optional. Whether MariaDB is used as subchart or not. Default: false -*/}} -{{- define "common.mariadb.values.key.auth" -}} - {{- if .subchart -}} - mariadb.auth - {{- else -}} - auth - {{- end -}} -{{- end -}} diff --git a/packages/system/dashboard/charts/kubeapps/charts/common/templates/validations/_mongodb.tpl b/packages/system/dashboard/charts/kubeapps/charts/common/templates/validations/_mongodb.tpl deleted file mode 100644 index e678a6de..00000000 --- a/packages/system/dashboard/charts/kubeapps/charts/common/templates/validations/_mongodb.tpl +++ /dev/null @@ -1,67 +0,0 @@ -{{/* -Copyright Broadcom, Inc. All Rights Reserved. -SPDX-License-Identifier: APACHE-2.0 -*/}} - -{{/* vim: set filetype=mustache: */}} -{{/* -Auxiliary function to get the right value for existingSecret. - -Usage: -{{ include "common.mongodb.values.auth.existingSecret" (dict "context" $) }} -Params: - - subchart - Boolean - Optional. Whether MongoDb is used as subchart or not. Default: false -*/}} -{{- define "common.mongodb.values.auth.existingSecret" -}} - {{- if .subchart -}} - {{- .context.Values.mongodb.auth.existingSecret | quote -}} - {{- else -}} - {{- .context.Values.auth.existingSecret | quote -}} - {{- end -}} -{{- end -}} - -{{/* -Auxiliary function to get the right value for enabled mongodb. - -Usage: -{{ include "common.mongodb.values.enabled" (dict "context" $) }} -*/}} -{{- define "common.mongodb.values.enabled" -}} - {{- if .subchart -}} - {{- printf "%v" .context.Values.mongodb.enabled -}} - {{- else -}} - {{- printf "%v" (not .context.Values.enabled) -}} - {{- end -}} -{{- end -}} - -{{/* -Auxiliary function to get the right value for the key auth - -Usage: -{{ include "common.mongodb.values.key.auth" (dict "subchart" "true" "context" $) }} -Params: - - subchart - Boolean - Optional. Whether MongoDB® is used as subchart or not. Default: false -*/}} -{{- define "common.mongodb.values.key.auth" -}} - {{- if .subchart -}} - mongodb.auth - {{- else -}} - auth - {{- end -}} -{{- end -}} - -{{/* -Auxiliary function to get the right value for architecture - -Usage: -{{ include "common.mongodb.values.architecture" (dict "subchart" "true" "context" $) }} -Params: - - subchart - Boolean - Optional. Whether MongoDB® is used as subchart or not. Default: false -*/}} -{{- define "common.mongodb.values.architecture" -}} - {{- if .subchart -}} - {{- .context.Values.mongodb.architecture -}} - {{- else -}} - {{- .context.Values.architecture -}} - {{- end -}} -{{- end -}} diff --git a/packages/system/dashboard/charts/kubeapps/charts/common/templates/validations/_mysql.tpl b/packages/system/dashboard/charts/kubeapps/charts/common/templates/validations/_mysql.tpl deleted file mode 100644 index fbb65c33..00000000 --- a/packages/system/dashboard/charts/kubeapps/charts/common/templates/validations/_mysql.tpl +++ /dev/null @@ -1,67 +0,0 @@ -{{/* -Copyright Broadcom, Inc. All Rights Reserved. -SPDX-License-Identifier: APACHE-2.0 -*/}} - -{{/* vim: set filetype=mustache: */}} -{{/* -Auxiliary function to get the right value for existingSecret. - -Usage: -{{ include "common.mysql.values.auth.existingSecret" (dict "context" $) }} -Params: - - subchart - Boolean - Optional. Whether MySQL is used as subchart or not. Default: false -*/}} -{{- define "common.mysql.values.auth.existingSecret" -}} - {{- if .subchart -}} - {{- .context.Values.mysql.auth.existingSecret | quote -}} - {{- else -}} - {{- .context.Values.auth.existingSecret | quote -}} - {{- end -}} -{{- end -}} - -{{/* -Auxiliary function to get the right value for enabled mysql. - -Usage: -{{ include "common.mysql.values.enabled" (dict "context" $) }} -*/}} -{{- define "common.mysql.values.enabled" -}} - {{- if .subchart -}} - {{- printf "%v" .context.Values.mysql.enabled -}} - {{- else -}} - {{- printf "%v" (not .context.Values.enabled) -}} - {{- end -}} -{{- end -}} - -{{/* -Auxiliary function to get the right value for architecture - -Usage: -{{ include "common.mysql.values.architecture" (dict "subchart" "true" "context" $) }} -Params: - - subchart - Boolean - Optional. Whether MySQL is used as subchart or not. Default: false -*/}} -{{- define "common.mysql.values.architecture" -}} - {{- if .subchart -}} - {{- .context.Values.mysql.architecture -}} - {{- else -}} - {{- .context.Values.architecture -}} - {{- end -}} -{{- end -}} - -{{/* -Auxiliary function to get the right value for the key auth - -Usage: -{{ include "common.mysql.values.key.auth" (dict "subchart" "true" "context" $) }} -Params: - - subchart - Boolean - Optional. Whether MySQL is used as subchart or not. Default: false -*/}} -{{- define "common.mysql.values.key.auth" -}} - {{- if .subchart -}} - mysql.auth - {{- else -}} - auth - {{- end -}} -{{- end -}} diff --git a/packages/system/dashboard/charts/kubeapps/charts/common/templates/validations/_postgresql.tpl b/packages/system/dashboard/charts/kubeapps/charts/common/templates/validations/_postgresql.tpl deleted file mode 100644 index 51d47162..00000000 --- a/packages/system/dashboard/charts/kubeapps/charts/common/templates/validations/_postgresql.tpl +++ /dev/null @@ -1,105 +0,0 @@ -{{/* -Copyright Broadcom, Inc. All Rights Reserved. -SPDX-License-Identifier: APACHE-2.0 -*/}} - -{{/* vim: set filetype=mustache: */}} -{{/* -Auxiliary function to decide whether evaluate global values. - -Usage: -{{ include "common.postgresql.values.use.global" (dict "key" "key-of-global" "context" $) }} -Params: - - key - String - Required. Field to be evaluated within global, e.g: "existingSecret" -*/}} -{{- define "common.postgresql.values.use.global" -}} - {{- if .context.Values.global -}} - {{- if .context.Values.global.postgresql -}} - {{- index .context.Values.global.postgresql .key | quote -}} - {{- end -}} - {{- end -}} -{{- end -}} - -{{/* -Auxiliary function to get the right value for existingSecret. - -Usage: -{{ include "common.postgresql.values.existingSecret" (dict "context" $) }} -*/}} -{{- define "common.postgresql.values.existingSecret" -}} - {{- $globalValue := include "common.postgresql.values.use.global" (dict "key" "existingSecret" "context" .context) -}} - - {{- if .subchart -}} - {{- default (.context.Values.postgresql.existingSecret | quote) $globalValue -}} - {{- else -}} - {{- default (.context.Values.existingSecret | quote) $globalValue -}} - {{- end -}} -{{- end -}} - -{{/* -Auxiliary function to get the right value for enabled postgresql. - -Usage: -{{ include "common.postgresql.values.enabled" (dict "context" $) }} -*/}} -{{- define "common.postgresql.values.enabled" -}} - {{- if .subchart -}} - {{- printf "%v" .context.Values.postgresql.enabled -}} - {{- else -}} - {{- printf "%v" (not .context.Values.enabled) -}} - {{- end -}} -{{- end -}} - -{{/* -Auxiliary function to get the right value for the key postgressPassword. - -Usage: -{{ include "common.postgresql.values.key.postgressPassword" (dict "subchart" "true" "context" $) }} -Params: - - subchart - Boolean - Optional. Whether postgresql is used as subchart or not. Default: false -*/}} -{{- define "common.postgresql.values.key.postgressPassword" -}} - {{- $globalValue := include "common.postgresql.values.use.global" (dict "key" "postgresqlUsername" "context" .context) -}} - - {{- if not $globalValue -}} - {{- if .subchart -}} - postgresql.postgresqlPassword - {{- else -}} - postgresqlPassword - {{- end -}} - {{- else -}} - global.postgresql.postgresqlPassword - {{- end -}} -{{- end -}} - -{{/* -Auxiliary function to get the right value for enabled.replication. - -Usage: -{{ include "common.postgresql.values.enabled.replication" (dict "subchart" "true" "context" $) }} -Params: - - subchart - Boolean - Optional. Whether postgresql is used as subchart or not. Default: false -*/}} -{{- define "common.postgresql.values.enabled.replication" -}} - {{- if .subchart -}} - {{- printf "%v" .context.Values.postgresql.replication.enabled -}} - {{- else -}} - {{- printf "%v" .context.Values.replication.enabled -}} - {{- end -}} -{{- end -}} - -{{/* -Auxiliary function to get the right value for the key replication.password. - -Usage: -{{ include "common.postgresql.values.key.replicationPassword" (dict "subchart" "true" "context" $) }} -Params: - - subchart - Boolean - Optional. Whether postgresql is used as subchart or not. Default: false -*/}} -{{- define "common.postgresql.values.key.replicationPassword" -}} - {{- if .subchart -}} - postgresql.replication.password - {{- else -}} - replication.password - {{- end -}} -{{- end -}} diff --git a/packages/system/dashboard/charts/kubeapps/charts/common/templates/validations/_redis.tpl b/packages/system/dashboard/charts/kubeapps/charts/common/templates/validations/_redis.tpl deleted file mode 100644 index 9fedfef9..00000000 --- a/packages/system/dashboard/charts/kubeapps/charts/common/templates/validations/_redis.tpl +++ /dev/null @@ -1,48 +0,0 @@ -{{/* -Copyright Broadcom, Inc. All Rights Reserved. -SPDX-License-Identifier: APACHE-2.0 -*/}} - - -{{/* vim: set filetype=mustache: */}} -{{/* -Auxiliary function to get the right value for enabled redis. - -Usage: -{{ include "common.redis.values.enabled" (dict "context" $) }} -*/}} -{{- define "common.redis.values.enabled" -}} - {{- if .subchart -}} - {{- printf "%v" .context.Values.redis.enabled -}} - {{- else -}} - {{- printf "%v" (not .context.Values.enabled) -}} - {{- end -}} -{{- end -}} - -{{/* -Auxiliary function to get the right prefix path for the values - -Usage: -{{ include "common.redis.values.key.prefix" (dict "subchart" "true" "context" $) }} -Params: - - subchart - Boolean - Optional. Whether redis is used as subchart or not. Default: false -*/}} -{{- define "common.redis.values.keys.prefix" -}} - {{- if .subchart -}}redis.{{- else -}}{{- end -}} -{{- end -}} - -{{/* -Checks whether the redis chart's includes the standarizations (version >= 14) - -Usage: -{{ include "common.redis.values.standarized.version" (dict "context" $) }} -*/}} -{{- define "common.redis.values.standarized.version" -}} - - {{- $standarizedAuth := printf "%s%s" (include "common.redis.values.keys.prefix" .) "auth" -}} - {{- $standarizedAuthValues := include "common.utils.getValueFromKey" (dict "key" $standarizedAuth "context" .context) }} - - {{- if $standarizedAuthValues -}} - {{- true -}} - {{- end -}} -{{- end -}} diff --git a/packages/system/dashboard/charts/kubeapps/charts/common/templates/validations/_validations.tpl b/packages/system/dashboard/charts/kubeapps/charts/common/templates/validations/_validations.tpl deleted file mode 100644 index 7cdee617..00000000 --- a/packages/system/dashboard/charts/kubeapps/charts/common/templates/validations/_validations.tpl +++ /dev/null @@ -1,51 +0,0 @@ -{{/* -Copyright Broadcom, Inc. All Rights Reserved. -SPDX-License-Identifier: APACHE-2.0 -*/}} - -{{/* vim: set filetype=mustache: */}} -{{/* -Validate values must not be empty. - -Usage: -{{- $validateValueConf00 := (dict "valueKey" "path.to.value" "secret" "secretName" "field" "password-00") -}} -{{- $validateValueConf01 := (dict "valueKey" "path.to.value" "secret" "secretName" "field" "password-01") -}} -{{ include "common.validations.values.empty" (dict "required" (list $validateValueConf00 $validateValueConf01) "context" $) }} - -Validate value params: - - valueKey - String - Required. The path to the validating value in the values.yaml, e.g: "mysql.password" - - secret - String - Optional. Name of the secret where the validating value is generated/stored, e.g: "mysql-passwords-secret" - - field - String - Optional. Name of the field in the secret data, e.g: "mysql-password" -*/}} -{{- define "common.validations.values.multiple.empty" -}} - {{- range .required -}} - {{- include "common.validations.values.single.empty" (dict "valueKey" .valueKey "secret" .secret "field" .field "context" $.context) -}} - {{- end -}} -{{- end -}} - -{{/* -Validate a value must not be empty. - -Usage: -{{ include "common.validations.value.empty" (dict "valueKey" "mariadb.password" "secret" "secretName" "field" "my-password" "subchart" "subchart" "context" $) }} - -Validate value params: - - valueKey - String - Required. The path to the validating value in the values.yaml, e.g: "mysql.password" - - secret - String - Optional. Name of the secret where the validating value is generated/stored, e.g: "mysql-passwords-secret" - - field - String - Optional. Name of the field in the secret data, e.g: "mysql-password" - - subchart - String - Optional - Name of the subchart that the validated password is part of. -*/}} -{{- define "common.validations.values.single.empty" -}} - {{- $value := include "common.utils.getValueFromKey" (dict "key" .valueKey "context" .context) }} - {{- $subchart := ternary "" (printf "%s." .subchart) (empty .subchart) }} - - {{- if not $value -}} - {{- $varname := "my-value" -}} - {{- $getCurrentValue := "" -}} - {{- if and .secret .field -}} - {{- $varname = include "common.utils.fieldToEnvVar" . -}} - {{- $getCurrentValue = printf " To get the current value:\n\n %s\n" (include "common.utils.secret.getvalue" .) -}} - {{- end -}} - {{- printf "\n '%s' must not be empty, please add '--set %s%s=$%s' to the command.%s" .valueKey $subchart .valueKey $varname $getCurrentValue -}} - {{- end -}} -{{- end -}} diff --git a/packages/system/dashboard/charts/kubeapps/charts/common/values.yaml b/packages/system/dashboard/charts/kubeapps/charts/common/values.yaml deleted file mode 100644 index de2cac57..00000000 --- a/packages/system/dashboard/charts/kubeapps/charts/common/values.yaml +++ /dev/null @@ -1,8 +0,0 @@ -# Copyright Broadcom, Inc. All Rights Reserved. -# SPDX-License-Identifier: APACHE-2.0 - -## bitnami/common -## It is required by CI/CD tools and processes. -## @skip exampleValue -## -exampleValue: common-chart diff --git a/packages/system/dashboard/charts/kubeapps/charts/redis/.helmignore b/packages/system/dashboard/charts/kubeapps/charts/redis/.helmignore deleted file mode 100644 index 207983f3..00000000 --- a/packages/system/dashboard/charts/kubeapps/charts/redis/.helmignore +++ /dev/null @@ -1,25 +0,0 @@ -# Patterns to ignore when building packages. -# This supports shell glob matching, relative path matching, and -# negation (prefixed with !). Only one pattern per line. -.DS_Store -# Common VCS dirs -.git/ -.gitignore -.bzr/ -.bzrignore -.hg/ -.hgignore -.svn/ -# Common backup files -*.swp -*.bak -*.tmp -*~ -# Various IDEs -.project -.idea/ -*.tmproj -# img folder -img/ -# Changelog -CHANGELOG.md diff --git a/packages/system/dashboard/charts/kubeapps/charts/redis/Chart.lock b/packages/system/dashboard/charts/kubeapps/charts/redis/Chart.lock deleted file mode 100644 index c399b3a7..00000000 --- a/packages/system/dashboard/charts/kubeapps/charts/redis/Chart.lock +++ /dev/null @@ -1,6 +0,0 @@ -dependencies: -- name: common - repository: oci://registry-1.docker.io/bitnamicharts - version: 2.23.0 -digest: sha256:fbd6439f12ded949c04553b9c52a4c8153a8f2790147d972b314ddcd46921a14 -generated: "2024-09-14T18:55:25.608679155Z" diff --git a/packages/system/dashboard/charts/kubeapps/charts/redis/Chart.yaml b/packages/system/dashboard/charts/kubeapps/charts/redis/Chart.yaml deleted file mode 100644 index ffb31a4d..00000000 --- a/packages/system/dashboard/charts/kubeapps/charts/redis/Chart.yaml +++ /dev/null @@ -1,38 +0,0 @@ -annotations: - category: Database - images: | - - name: kubectl - image: docker.io/bitnami/kubectl:1.31.1-debian-12-r3 - - name: os-shell - image: docker.io/bitnami/os-shell:12-debian-12-r30 - - name: redis - image: docker.io/bitnami/redis:7.4.1-debian-12-r0 - - name: redis-exporter - image: docker.io/bitnami/redis-exporter:1.63.0-debian-12-r1 - - name: redis-sentinel - image: docker.io/bitnami/redis-sentinel:7.4.1-debian-12-r0 - licenses: Apache-2.0 -apiVersion: v2 -appVersion: 7.4.1 -dependencies: -- name: common - repository: oci://registry-1.docker.io/bitnamicharts - tags: - - bitnami-common - version: 2.x.x -description: Redis(R) is an open source, advanced key-value store. It is often referred - to as a data structure server since keys can contain strings, hashes, lists, sets - and sorted sets. -home: https://bitnami.com -icon: https://bitnami.com/assets/stacks/redis/img/redis-stack-220x234.png -keywords: -- redis -- keyvalue -- database -maintainers: -- name: Broadcom, Inc. All Rights Reserved. - url: https://github.com/bitnami/charts -name: redis -sources: -- https://github.com/bitnami/charts/tree/main/bitnami/redis -version: 20.2.1 diff --git a/packages/system/dashboard/charts/kubeapps/charts/redis/README.md b/packages/system/dashboard/charts/kubeapps/charts/redis/README.md deleted file mode 100644 index 9b01882e..00000000 --- a/packages/system/dashboard/charts/kubeapps/charts/redis/README.md +++ /dev/null @@ -1,1288 +0,0 @@ - - -# Bitnami package for Redis(R) - -Redis(R) is an open source, advanced key-value store. It is often referred to as a data structure server since keys can contain strings, hashes, lists, sets and sorted sets. - -[Overview of Redis®](http://redis.io) - -Disclaimer: Redis is a registered trademark of Redis Ltd. Any rights therein are reserved to Redis Ltd. Any use by Bitnami is for referential purposes only and does not indicate any sponsorship, endorsement, or affiliation between Redis Ltd. - -## TL;DR - -```console -helm install my-release oci://registry-1.docker.io/bitnamicharts/redis -``` - -Looking to use Redis® in production? Try [VMware Tanzu Application Catalog](https://bitnami.com/enterprise), the commercial edition of the Bitnami catalog. - -## Introduction - -This chart bootstraps a [Redis®](https://github.com/bitnami/containers/tree/main/bitnami/redis) deployment on a [Kubernetes](https://kubernetes.io) cluster using the [Helm](https://helm.sh) package manager. - -Bitnami charts can be used with [Kubeapps](https://kubeapps.dev/) for deployment and management of Helm Charts in clusters. - -### Choose between Redis® Helm Chart and Redis® Cluster Helm Chart - -You can choose any of the two Redis® Helm charts for deploying a Redis® cluster. - -1. [Redis® Helm Chart](https://github.com/bitnami/charts/tree/main/bitnami/redis) will deploy a master-replica cluster, with the [option](https://github.com/bitnami/charts/tree/main/bitnami/redis#redis-sentinel-configuration-parameters) of enabling using Redis® Sentinel. -2. [Redis® Cluster Helm Chart](https://github.com/bitnami/charts/tree/main/bitnami/redis-cluster) will deploy a Redis® Cluster topology with sharding. - -The main features of each chart are the following: - -| Redis® | Redis® Cluster | -|--------------------------------------------------------|------------------------------------------------------------------------| -| Supports multiple databases | Supports only one database. Better if you have a big dataset | -| Single write point (single master) | Multiple write points (multiple masters) | -| ![Redis® Topology](img/redis-topology.png) | ![Redis® Cluster Topology](img/redis-cluster-topology.png) | - -## Prerequisites - -- Kubernetes 1.23+ -- Helm 3.8.0+ -- PV provisioner support in the underlying infrastructure - -## Installing the Chart - -To install the chart with the release name `my-release`: - -```console -helm install my-release oci://REGISTRY_NAME/REPOSITORY_NAME/redis -``` - -> Note: You need to substitute the placeholders `REGISTRY_NAME` and `REPOSITORY_NAME` with a reference to your Helm chart registry and repository. For example, in the case of Bitnami, you need to use `REGISTRY_NAME=registry-1.docker.io` and `REPOSITORY_NAME=bitnamicharts`. - -The command deploys Redis® on the Kubernetes cluster in the default configuration. The [Parameters](#parameters) section lists the parameters that can be configured during installation. - -> **Tip**: List all releases using `helm list` - -## Configuration and installation details - -### Resource requests and limits - -Bitnami charts allow setting resource requests and limits for all containers inside the chart deployment. These are inside the `resources` value (check parameter table). Setting requests is essential for production workloads and these should be adapted to your specific use case. - -To make this process easier, the chart contains the `resourcesPreset` values, which automatically sets the `resources` section according to different presets. Check these presets in [the bitnami/common chart](https://github.com/bitnami/charts/blob/main/bitnami/common/templates/_resources.tpl#L15). However, in production workloads using `resourcePreset` is discouraged as it may not fully adapt to your specific needs. Find more information on container resource management in the [official Kubernetes documentation](https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/). - -### [Rolling VS Immutable tags](https://docs.vmware.com/en/VMware-Tanzu-Application-Catalog/services/tutorials/GUID-understand-rolling-tags-containers-index.html) - -It is strongly recommended to use immutable tags in a production environment. This ensures your deployment does not change automatically if the same tag is updated with a different image. - -Bitnami will release a new chart updating its containers if a new version of the main container, significant changes, or critical vulnerabilities exist. - -### Use a different Redis® version - -To modify the application version used in this chart, specify a different version of the image using the `image.tag` parameter and/or a different repository using the `image.repository` parameter. - -### Bootstrapping with an External Cluster - -This chart is equipped with the ability to bring online a set of Pods that connect to an existing Redis deployment that lies outside of Kubernetes. This effectively creates a hybrid Redis Deployment where both Pods in Kubernetes and Instances such as Virtual Machines can partake in a single Redis Deployment. This is helpful in situations where one may be migrating Redis from Virtual Machines into Kubernetes, for example. To take advantage of this, use the following as an example configuration: - -```yaml -replica: - externalMaster: - enabled: true - host: external-redis-0.internal -sentinel: - externalMaster: - enabled: true - host: external-redis-0.internal -``` - -:warning: This is currently limited to clusters in which Sentinel and Redis run on the same node! :warning: - -Please also note that the external sentinel must be listening on port `26379`, and this is currently not configurable. - -Once the Kubernetes Redis Deployment is online and confirmed to be working with the existing cluster, the configuration can then be removed and the cluster will remain connected. - -### External DNS - -This chart is equipped to allow leveraging the ExternalDNS project. Doing so will enable ExternalDNS to publish the FQDN for each instance, in the format of `..`. -Example, when using the following configuration: - -```yaml -useExternalDNS: - enabled: true - suffix: prod.example.org - additionalAnnotations: - ttl: 10 -``` - -On a cluster where the name of the Helm release is `a`, the hostname of a Pod is generated as: `a-redis-node-0.a-redis.prod.example.org`. The IP of that FQDN will match that of the associated Pod. This modifies the following parameters of the Redis/Sentinel configuration using this new FQDN: - -- `replica-announce-ip` -- `known-sentinel` -- `known-replica` -- `announce-ip` - -:warning: This requires a working installation of `external-dns` to be fully functional. :warning: - -See the [official ExternalDNS documentation](https://github.com/kubernetes-sigs/external-dns) for additional configuration options. - -### Cluster topologies - -#### Default: Master-Replicas - -When installing the chart with `architecture=replication`, it will deploy a Redis® master StatefulSet and a Redis® replicas StatefulSet. The replicas will be read-replicas of the master. Two services will be exposed: - -- Redis® Master service: Points to the master, where read-write operations can be performed -- Redis® Replicas service: Points to the replicas, where only read operations are allowed by default. - -In case the master crashes, the replicas will wait until the master node is respawned again by the Kubernetes Controller Manager. - -#### Standalone - -When installing the chart with `architecture=standalone`, it will deploy a standalone Redis® StatefulSet. A single service will be exposed: - -- Redis® Master service: Points to the master, where read-write operations can be performed - -#### Master-Replicas with Sentinel - -When installing the chart with `architecture=replication` and `sentinel.enabled=true`, it will deploy a Redis® master StatefulSet (only one master allowed) and a Redis® replicas StatefulSet. In this case, the pods will contain an extra container with Redis® Sentinel. This container will form a cluster of Redis® Sentinel nodes, which will promote a new master in case the actual one fails. - -On graceful termination of the Redis® master pod, a failover of the master is initiated to promote a new master. The Redis® Sentinel container in this pod will wait for the failover to occur before terminating. If `sentinel.redisShutdownWaitFailover=true` is set (the default), the Redis® container will wait for the failover as well before terminating. This increases availability for reads during failover, but may cause stale reads until all clients have switched to the new master. - -In addition to this, only one service is exposed: - -- Redis® service: Exposes port 6379 for Redis® read-only operations and port 26379 for accessing Redis® Sentinel. - -For read-only operations, access the service using port 6379. For write operations, it's necessary to access the Redis® Sentinel cluster and query the current master using the command below (using redis-cli or similar): - -```console -SENTINEL get-master-addr-by-name -``` - -This command will return the address of the current master, which can be accessed from inside the cluster. - -In case the current master crashes, the Sentinel containers will elect a new master node. - -`master.count` greater than `1` is not designed for use when `sentinel.enabled=true`. - -### Multiple masters (experimental) - -When `master.count` is greater than `1`, special care must be taken to create a consistent setup. - -An example of use case is the creation of a redundant set of standalone masters or master-replicas per Kubernetes node where you must ensure: - -- No more than `1` master can be deployed per Kubernetes node -- Replicas and writers can only see the single master of their own Kubernetes node - -One way of achieving this is by setting `master.service.internalTrafficPolicy=Local` in combination with a `master.affinity.podAntiAffinity` spec to never schedule more than one master per Kubernetes node. - -It's recommended to only change `master.count` if you know what you are doing. -`master.count` greater than `1` is not designed for use when `sentinel.enabled=true`. - -### Using a password file - -To use a password file for Redis® you need to create a secret containing the password and then deploy the chart using that secret. Follow these instructions: - -- Create the secret with the password. It is important that the file with the password must be called `redis-password`. - -```console -kubectl create secret generic redis-password-secret --from-file=redis-password.yaml -``` - -- Deploy the Helm Chart using the secret name as parameter: - -```text -usePassword=true -usePasswordFile=true -existingSecret=redis-password-secret -sentinels.enabled=true -metrics.enabled=true -``` - -### Securing traffic using TLS - -TLS support can be enabled in the chart by specifying the `tls.` parameters while creating a release. The following parameters should be configured to properly enable the TLS support in the cluster: - -- `tls.enabled`: Enable TLS support. Defaults to `false` -- `tls.existingSecret`: Name of the secret that contains the certificates. No defaults. -- `tls.certFilename`: Certificate filename. No defaults. -- `tls.certKeyFilename`: Certificate key filename. No defaults. -- `tls.certCAFilename`: CA Certificate filename. No defaults. - -For example: - -First, create the secret with the certificates files: - -```console -kubectl create secret generic certificates-tls-secret --from-file=./cert.pem --from-file=./cert.key --from-file=./ca.pem -``` - -Then, use the following parameters: - -```console -tls.enabled="true" -tls.existingSecret="certificates-tls-secret" -tls.certFilename="cert.pem" -tls.certKeyFilename="cert.key" -tls.certCAFilename="ca.pem" -``` - -### Metrics - -The chart optionally can start a metrics exporter for [prometheus](https://prometheus.io). The metrics endpoint (port 9121) is exposed in the service. Metrics can be scraped from within the cluster using something similar as the described in the [example Prometheus scrape configuration](https://github.com/prometheus/prometheus/blob/master/documentation/examples/prometheus-kubernetes.yml). If metrics are to be scraped from outside the cluster, the Kubernetes API proxy can be utilized to access the endpoint. - -If you have enabled TLS by specifying `tls.enabled=true` you also need to specify TLS option to the metrics exporter. You can do that via `metrics.extraArgs`. You can find the metrics exporter CLI flags for TLS [here](https://github.com/oliver006/redis_exporter#command-line-flags). For example: - -You can either specify `metrics.extraArgs.skip-tls-verification=true` to skip TLS verification or providing the following values under `metrics.extraArgs` for TLS client authentication: - -```console -tls-client-key-file -tls-client-cert-file -tls-ca-cert-file -``` - -### Deploy a custom metrics script in the sidecar - -A custom Lua script can be added to the `redis-exporter` sidecar by way of the `metrics.extraArgs.script` parameter. The pathname of the script must exist on the container, or the `redis_exporter` process (and therefore the whole pod) will refuse to start. The script can be provided to the sidecar containers via the `metrics.extraVolumes` and `metrics.extraVolumeMounts` parameters: - -```yaml -metrics: - extraVolumeMounts: - - name: '{{ printf "%s-metrics-script-file" (include "common.names.fullname" .) }}' - mountPath: '{{ printf "/mnt/%s/" (include "common.names.name" .) }}' - readOnly: true - extraVolumes: - - name: '{{ printf "%s-metrics-script-file" (include "common.names.fullname" .) }}' - configMap: - name: '{{ printf "%s-metrics-script" (include "common.names.fullname" .) }}' - extraArgs: - script: '{{ printf "/mnt/%s/my_custom_metrics.lua" (include "common.names.name" .) }}' -``` - -Then deploy the script into the correct location via `extraDeploy`: - -```yaml -extraDeploy: - - apiVersion: v1 - kind: ConfigMap - metadata: - name: '{{ printf "%s-metrics-script" (include "common.names.fullname" .) }}' - data: - my_custom_metrics.lua: | - -- LUA SCRIPT CODE HERE, e.g., - return {'bitnami_makes_the_best_charts', '1'} -``` - -### Host Kernel Settings - -Redis® may require some changes in the kernel of the host machine to work as expected, in particular increasing the `somaxconn` value and disabling transparent huge pages. To do so, you can set up a privileged `initContainer` with the `sysctlImage` config values, for example: - -```yaml -sysctlImage: - enabled: true - mountHostSys: true - command: - - /bin/sh - - -c - - |- - install_packages procps - sysctl -w net.core.somaxconn=10000 - echo never > /host-sys/kernel/mm/transparent_hugepage/enabled -``` - -Alternatively, for Kubernetes 1.12+ you can set `securityContext.sysctls` which will configure `sysctls` for master and slave pods. Example: - -```yaml -securityContext: - sysctls: - - name: net.core.somaxconn - value: "10000" -``` - -Note that this will not disable transparent huge tables. - -### Backup and restore - -To backup and restore Redis deployments on Kubernetes, you will need to create a snapshot of the data in the source cluster, and later restore it in a new cluster with the new parameters. Follow the instructions below: - -#### Step 1: Backup the deployment - -- Connect to one of the nodes and start the Redis CLI tool. Then, run the commands below: - - ```text - $ kubectl exec -it my-release-master-0 bash - $ redis-cli - 127.0.0.1:6379> auth your_current_redis_password - OK - 127.0.0.1:6379> save - OK - ``` - -- Copy the dump file from the Redis node: - - ```console - kubectl cp my-release-master-0:/data/dump.rdb dump.rdb -c redis - ``` - -#### Step 2: Restore the data on the destination cluster - -To restore the data in a new cluster, you will need to create a PVC and then upload the *dump.rdb* file to the new volume. - -Follow the following steps: - -- In the [*values.yaml*](https://github.com/bitnami/charts/blob/main/bitnami/redis/values.yaml) file set the *appendonly* parameter to *no*. You can skip this step if it is already configured as *no* - - ```yaml - commonConfiguration: |- - # Enable AOF https://redis.io/topics/persistence#append-only-file - appendonly no - # Disable RDB persistence, AOF persistence already enabled. - save "" - ``` - - > *Note that the `Enable AOF` comment belongs to the original config file and what you're actually doing is disabling it. This change will only be neccessary for the temporal cluster you're creating to upload the dump.* - -- Start the new cluster to create the PVCs. Use the command below as an example: - - ```console - helm install new-redis -f values.yaml . --set cluster.enabled=true --set cluster.slaveCount=3 - ``` - -- Now that the PVC were created, stop it and copy the *dump.rdp* file on the persisted data by using a helping pod. - - ```text - $ helm delete new-redis - - $ kubectl run --generator=run-pod/v1 -i --rm --tty volpod --overrides=' - { - "apiVersion": "v1", - "kind": "Pod", - "metadata": { - "name": "redisvolpod" - }, - "spec": { - "containers": [{ - "command": [ - "tail", - "-f", - "/dev/null" - ], - "image": "bitnami/minideb", - "name": "mycontainer", - "volumeMounts": [{ - "mountPath": "/mnt", - "name": "redisdata" - }] - }], - "restartPolicy": "Never", - "volumes": [{ - "name": "redisdata", - "persistentVolumeClaim": { - "claimName": "redis-data-new-redis-master-0" - } - }] - } - }' --image="bitnami/minideb" - - $ kubectl cp dump.rdb redisvolpod:/mnt/dump.rdb - $ kubectl delete pod volpod - ``` - -- Restart the cluster: - - > **INFO:** The *appendonly* parameter can be safely restored to your desired value. - - ```console - helm install new-redis -f values.yaml . --set cluster.enabled=true --set cluster.slaveCount=3 - ``` - -### NetworkPolicy - -To enable network policy for Redis®, install [a networking plugin that implements the Kubernetes NetworkPolicy spec](https://kubernetes.io/docs/tasks/administer-cluster/declare-network-policy#before-you-begin), and set `networkPolicy.enabled` to `true`. - -With NetworkPolicy enabled, only pods with the generated client label will be able to connect to Redis. This label will be displayed in the output after a successful install. - -With `networkPolicy.ingressNSMatchLabels` pods from other namespaces can connect to Redis. Set `networkPolicy.ingressNSPodMatchLabels` to match pod labels in matched namespace. For example, for a namespace labeled `redis=external` and pods in that namespace labeled `redis-client=true` the fields should be set: - -```yaml -networkPolicy: - enabled: true - ingressNSMatchLabels: - redis: external - ingressNSPodMatchLabels: - redis-client: true -``` - -#### Setting Pod's affinity - -This chart allows you to set your custom affinity using the `XXX.affinity` parameter(s). Find more information about Pod's affinity in the [Kubernetes documentation](https://kubernetes.io/docs/concepts/configuration/assign-pod-node/#affinity-and-anti-affinity). - -As an alternative, you can use of the preset configurations for pod affinity, pod anti-affinity, and node affinity available at the [bitnami/common](https://github.com/bitnami/charts/tree/main/bitnami/common#affinities) chart. To do so, set the `XXX.podAffinityPreset`, `XXX.podAntiAffinityPreset`, or `XXX.nodeAffinityPreset` parameters. - -## Persistence - -By default, the chart mounts a [Persistent Volume](https://kubernetes.io/docs/concepts/storage/persistent-volumes/) at the `/data` path. The volume is created using dynamic volume provisioning. If a Persistent Volume Claim already exists, specify it during installation. - -### Existing PersistentVolumeClaim - -1. Create the PersistentVolume -2. Create the PersistentVolumeClaim -3. Install the chart - -```console -helm install my-release --set master.persistence.existingClaim=PVC_NAME oci://REGISTRY_NAME/REPOSITORY_NAME/redis -``` - -> Note: You need to substitute the placeholders `REGISTRY_NAME` and `REPOSITORY_NAME` with a reference to your Helm chart registry and repository. For example, in the case of Bitnami, you need to use `REGISTRY_NAME=registry-1.docker.io` and `REPOSITORY_NAME=bitnamicharts`. - -## Parameters - -### Global parameters - -| Name | Description | Value | -| ----------------------------------------------------- | ------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | ------ | -| `global.imageRegistry` | Global Docker image registry | `""` | -| `global.imagePullSecrets` | Global Docker registry secret names as an array | `[]` | -| `global.defaultStorageClass` | Global default StorageClass for Persistent Volume(s) | `""` | -| `global.storageClass` | DEPRECATED: use global.defaultStorageClass instead | `""` | -| `global.redis.password` | Global Redis® password (overrides `auth.password`) | `""` | -| `global.compatibility.openshift.adaptSecurityContext` | Adapt the securityContext sections of the deployment to make them compatible with Openshift restricted-v2 SCC: remove runAsUser, runAsGroup and fsGroup and let the platform use their allowed default IDs. Possible values: auto (apply if the detected running cluster is Openshift), force (perform the adaptation always), disabled (do not perform adaptation) | `auto` | - -### Common parameters - -| Name | Description | Value | -| ------------------------- | -------------------------------------------------------------------------------------------------------------- | --------------- | -| `kubeVersion` | Override Kubernetes version | `""` | -| `nameOverride` | String to partially override common.names.fullname | `""` | -| `fullnameOverride` | String to fully override common.names.fullname | `""` | -| `namespaceOverride` | String to fully override common.names.namespace | `""` | -| `commonLabels` | Labels to add to all deployed objects | `{}` | -| `commonAnnotations` | Annotations to add to all deployed objects | `{}` | -| `secretAnnotations` | Annotations to add to secret | `{}` | -| `clusterDomain` | Kubernetes cluster domain name | `cluster.local` | -| `extraDeploy` | Array of extra objects to deploy with the release | `[]` | -| `useHostnames` | Use hostnames internally when announcing replication. If false, the hostname will be resolved to an IP address | `true` | -| `nameResolutionThreshold` | Failure threshold for internal hostnames resolution | `5` | -| `nameResolutionTimeout` | Timeout seconds between probes for internal hostnames resolution | `5` | -| `diagnosticMode.enabled` | Enable diagnostic mode (all probes will be disabled and the command will be overridden) | `false` | -| `diagnosticMode.command` | Command to override all containers in the deployment | `["sleep"]` | -| `diagnosticMode.args` | Args to override all containers in the deployment | `["infinity"]` | - -### Redis® Image parameters - -| Name | Description | Value | -| ------------------- | ---------------------------------------------------------------------------------------------------------- | ----------------------- | -| `image.registry` | Redis® image registry | `REGISTRY_NAME` | -| `image.repository` | Redis® image repository | `REPOSITORY_NAME/redis` | -| `image.digest` | Redis® image digest in the way sha256:aa.... Please note this parameter, if set, will override the tag | `""` | -| `image.pullPolicy` | Redis® image pull policy | `IfNotPresent` | -| `image.pullSecrets` | Redis® image pull secrets | `[]` | -| `image.debug` | Enable image debug mode | `false` | - -### Redis® common configuration parameters - -| Name | Description | Value | -| -------------------------------- | ------------------------------------------------------------------------------------- | ------------- | -| `architecture` | Redis® architecture. Allowed values: `standalone` or `replication` | `replication` | -| `auth.enabled` | Enable password authentication | `true` | -| `auth.sentinel` | Enable password authentication on sentinels too | `true` | -| `auth.password` | Redis® password | `""` | -| `auth.existingSecret` | The name of an existing secret with Redis® credentials | `""` | -| `auth.existingSecretPasswordKey` | Password key to be retrieved from existing secret | `""` | -| `auth.usePasswordFiles` | Mount credentials as files instead of using an environment variable | `false` | -| `auth.usePasswordFileFromSecret` | Mount password file from secret | `true` | -| `commonConfiguration` | Common configuration to be added into the ConfigMap | `""` | -| `existingConfigmap` | The name of an existing ConfigMap with your custom configuration for Redis® nodes | `""` | - -### Redis® master configuration parameters - -| Name | Description | Value | -| ---------------------------------------------------------- | ------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | ------------------------ | -| `master.count` | Number of Redis® master instances to deploy (experimental, requires additional configuration) | `1` | -| `master.revisionHistoryLimit` | The number of old history to retain to allow rollback | `10` | -| `master.configuration` | Configuration for Redis® master nodes | `""` | -| `master.disableCommands` | Array with Redis® commands to disable on master nodes | `["FLUSHDB","FLUSHALL"]` | -| `master.command` | Override default container command (useful when using custom images) | `[]` | -| `master.args` | Override default container args (useful when using custom images) | `[]` | -| `master.enableServiceLinks` | Whether information about services should be injected into pod's environment variable | `true` | -| `master.preExecCmds` | Additional commands to run prior to starting Redis® master | `[]` | -| `master.extraFlags` | Array with additional command line flags for Redis® master | `[]` | -| `master.extraEnvVars` | Array with extra environment variables to add to Redis® master nodes | `[]` | -| `master.extraEnvVarsCM` | Name of existing ConfigMap containing extra env vars for Redis® master nodes | `""` | -| `master.extraEnvVarsSecret` | Name of existing Secret containing extra env vars for Redis® master nodes | `""` | -| `master.containerPorts.redis` | Container port to open on Redis® master nodes | `6379` | -| `master.startupProbe.enabled` | Enable startupProbe on Redis® master nodes | `false` | -| `master.startupProbe.initialDelaySeconds` | Initial delay seconds for startupProbe | `20` | -| `master.startupProbe.periodSeconds` | Period seconds for startupProbe | `5` | -| `master.startupProbe.timeoutSeconds` | Timeout seconds for startupProbe | `5` | -| `master.startupProbe.failureThreshold` | Failure threshold for startupProbe | `5` | -| `master.startupProbe.successThreshold` | Success threshold for startupProbe | `1` | -| `master.livenessProbe.enabled` | Enable livenessProbe on Redis® master nodes | `true` | -| `master.livenessProbe.initialDelaySeconds` | Initial delay seconds for livenessProbe | `20` | -| `master.livenessProbe.periodSeconds` | Period seconds for livenessProbe | `5` | -| `master.livenessProbe.timeoutSeconds` | Timeout seconds for livenessProbe | `5` | -| `master.livenessProbe.failureThreshold` | Failure threshold for livenessProbe | `5` | -| `master.livenessProbe.successThreshold` | Success threshold for livenessProbe | `1` | -| `master.readinessProbe.enabled` | Enable readinessProbe on Redis® master nodes | `true` | -| `master.readinessProbe.initialDelaySeconds` | Initial delay seconds for readinessProbe | `20` | -| `master.readinessProbe.periodSeconds` | Period seconds for readinessProbe | `5` | -| `master.readinessProbe.timeoutSeconds` | Timeout seconds for readinessProbe | `1` | -| `master.readinessProbe.failureThreshold` | Failure threshold for readinessProbe | `5` | -| `master.readinessProbe.successThreshold` | Success threshold for readinessProbe | `1` | -| `master.customStartupProbe` | Custom startupProbe that overrides the default one | `{}` | -| `master.customLivenessProbe` | Custom livenessProbe that overrides the default one | `{}` | -| `master.customReadinessProbe` | Custom readinessProbe that overrides the default one | `{}` | -| `master.resourcesPreset` | Set container resources according to one common preset (allowed values: none, nano, micro, small, medium, large, xlarge, 2xlarge). This is ignored if master.resources is set (master.resources is recommended for production). | `nano` | -| `master.resources` | Set container requests and limits for different resources like CPU or memory (essential for production workloads) | `{}` | -| `master.podSecurityContext.enabled` | Enabled Redis® master pods' Security Context | `true` | -| `master.podSecurityContext.fsGroupChangePolicy` | Set filesystem group change policy | `Always` | -| `master.podSecurityContext.sysctls` | Set kernel settings using the sysctl interface | `[]` | -| `master.podSecurityContext.supplementalGroups` | Set filesystem extra groups | `[]` | -| `master.podSecurityContext.fsGroup` | Set Redis® master pod's Security Context fsGroup | `1001` | -| `master.containerSecurityContext.enabled` | Enabled Redis® master containers' Security Context | `true` | -| `master.containerSecurityContext.seLinuxOptions` | Set SELinux options in container | `{}` | -| `master.containerSecurityContext.runAsUser` | Set Redis® master containers' Security Context runAsUser | `1001` | -| `master.containerSecurityContext.runAsGroup` | Set Redis® master containers' Security Context runAsGroup | `1001` | -| `master.containerSecurityContext.runAsNonRoot` | Set Redis® master containers' Security Context runAsNonRoot | `true` | -| `master.containerSecurityContext.allowPrivilegeEscalation` | Is it possible to escalate Redis® pod(s) privileges | `false` | -| `master.containerSecurityContext.readOnlyRootFilesystem` | Set container's Security Context read-only root filesystem | `true` | -| `master.containerSecurityContext.seccompProfile.type` | Set Redis® master containers' Security Context seccompProfile | `RuntimeDefault` | -| `master.containerSecurityContext.capabilities.drop` | Set Redis® master containers' Security Context capabilities to drop | `["ALL"]` | -| `master.kind` | Use either Deployment, StatefulSet (default) or DaemonSet | `StatefulSet` | -| `master.schedulerName` | Alternate scheduler for Redis® master pods | `""` | -| `master.updateStrategy.type` | Redis® master statefulset strategy type | `RollingUpdate` | -| `master.minReadySeconds` | How many seconds a pod needs to be ready before killing the next, during update | `0` | -| `master.priorityClassName` | Redis® master pods' priorityClassName | `""` | -| `master.automountServiceAccountToken` | Mount Service Account token in pod | `false` | -| `master.hostAliases` | Redis® master pods host aliases | `[]` | -| `master.podLabels` | Extra labels for Redis® master pods | `{}` | -| `master.podAnnotations` | Annotations for Redis® master pods | `{}` | -| `master.shareProcessNamespace` | Share a single process namespace between all of the containers in Redis® master pods | `false` | -| `master.podAffinityPreset` | Pod affinity preset. Ignored if `master.affinity` is set. Allowed values: `soft` or `hard` | `""` | -| `master.podAntiAffinityPreset` | Pod anti-affinity preset. Ignored if `master.affinity` is set. Allowed values: `soft` or `hard` | `soft` | -| `master.nodeAffinityPreset.type` | Node affinity preset type. Ignored if `master.affinity` is set. Allowed values: `soft` or `hard` | `""` | -| `master.nodeAffinityPreset.key` | Node label key to match. Ignored if `master.affinity` is set | `""` | -| `master.nodeAffinityPreset.values` | Node label values to match. Ignored if `master.affinity` is set | `[]` | -| `master.affinity` | Affinity for Redis® master pods assignment | `{}` | -| `master.nodeSelector` | Node labels for Redis® master pods assignment | `{}` | -| `master.tolerations` | Tolerations for Redis® master pods assignment | `[]` | -| `master.topologySpreadConstraints` | Spread Constraints for Redis® master pod assignment | `[]` | -| `master.dnsPolicy` | DNS Policy for Redis® master pod | `""` | -| `master.dnsConfig` | DNS Configuration for Redis® master pod | `{}` | -| `master.lifecycleHooks` | for the Redis® master container(s) to automate configuration before or after startup | `{}` | -| `master.extraVolumes` | Optionally specify extra list of additional volumes for the Redis® master pod(s) | `[]` | -| `master.extraVolumeMounts` | Optionally specify extra list of additional volumeMounts for the Redis® master container(s) | `[]` | -| `master.sidecars` | Add additional sidecar containers to the Redis® master pod(s) | `[]` | -| `master.initContainers` | Add additional init containers to the Redis® master pod(s) | `[]` | -| `master.persistence.enabled` | Enable persistence on Redis® master nodes using Persistent Volume Claims | `true` | -| `master.persistence.medium` | Provide a medium for `emptyDir` volumes. | `""` | -| `master.persistence.sizeLimit` | Set this to enable a size limit for `emptyDir` volumes. | `""` | -| `master.persistence.path` | The path the volume will be mounted at on Redis® master containers | `/data` | -| `master.persistence.subPath` | The subdirectory of the volume to mount on Redis® master containers | `""` | -| `master.persistence.subPathExpr` | Used to construct the subPath subdirectory of the volume to mount on Redis® master containers | `""` | -| `master.persistence.storageClass` | Persistent Volume storage class | `""` | -| `master.persistence.accessModes` | Persistent Volume access modes | `["ReadWriteOnce"]` | -| `master.persistence.size` | Persistent Volume size | `8Gi` | -| `master.persistence.annotations` | Additional custom annotations for the PVC | `{}` | -| `master.persistence.labels` | Additional custom labels for the PVC | `{}` | -| `master.persistence.selector` | Additional labels to match for the PVC | `{}` | -| `master.persistence.dataSource` | Custom PVC data source | `{}` | -| `master.persistence.existingClaim` | Use a existing PVC which must be created manually before bound | `""` | -| `master.persistentVolumeClaimRetentionPolicy.enabled` | Controls if and how PVCs are deleted during the lifecycle of a StatefulSet | `false` | -| `master.persistentVolumeClaimRetentionPolicy.whenScaled` | Volume retention behavior when the replica count of the StatefulSet is reduced | `Retain` | -| `master.persistentVolumeClaimRetentionPolicy.whenDeleted` | Volume retention behavior that applies when the StatefulSet is deleted | `Retain` | -| `master.service.type` | Redis® master service type | `ClusterIP` | -| `master.service.portNames.redis` | Redis® master service port name | `tcp-redis` | -| `master.service.ports.redis` | Redis® master service port | `6379` | -| `master.service.nodePorts.redis` | Node port for Redis® master | `""` | -| `master.service.externalTrafficPolicy` | Redis® master service external traffic policy | `Cluster` | -| `master.service.extraPorts` | Extra ports to expose (normally used with the `sidecar` value) | `[]` | -| `master.service.internalTrafficPolicy` | Redis® master service internal traffic policy (requires Kubernetes v1.22 or greater to be usable) | `Cluster` | -| `master.service.clusterIP` | Redis® master service Cluster IP | `""` | -| `master.service.loadBalancerIP` | Redis® master service Load Balancer IP | `""` | -| `master.service.loadBalancerClass` | master service Load Balancer class if service type is `LoadBalancer` (optional, cloud specific) | `""` | -| `master.service.loadBalancerSourceRanges` | Redis® master service Load Balancer sources | `[]` | -| `master.service.externalIPs` | Redis® master service External IPs | `[]` | -| `master.service.annotations` | Additional custom annotations for Redis® master service | `{}` | -| `master.service.sessionAffinity` | Session Affinity for Kubernetes service, can be "None" or "ClientIP" | `None` | -| `master.service.sessionAffinityConfig` | Additional settings for the sessionAffinity | `{}` | -| `master.terminationGracePeriodSeconds` | Integer setting the termination grace period for the redis-master pods | `30` | -| `master.serviceAccount.create` | Specifies whether a ServiceAccount should be created | `true` | -| `master.serviceAccount.name` | The name of the ServiceAccount to use. | `""` | -| `master.serviceAccount.automountServiceAccountToken` | Whether to auto mount the service account token | `false` | -| `master.serviceAccount.annotations` | Additional custom annotations for the ServiceAccount | `{}` | -| `master.pdb.create` | Enable/disable a Pod Disruption Budget creation | `true` | -| `master.pdb.minAvailable` | Minimum number/percentage of pods that should remain scheduled | `{}` | -| `master.pdb.maxUnavailable` | Maximum number/percentage of pods that may be made unavailable. Defaults to `1` if both `master.pdb.minAvailable` and `master.pdb.maxUnavailable` are empty. | `{}` | -| `master.extraPodSpec` | Optionally specify extra PodSpec for the Redis® master pod(s) | `{}` | - -### Redis® replicas configuration parameters - -| Name | Description | Value | -| ----------------------------------------------------------- | --------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | ------------------------ | -| `replica.kind` | Use either DaemonSet or StatefulSet (default) | `StatefulSet` | -| `replica.replicaCount` | Number of Redis® replicas to deploy | `3` | -| `replica.revisionHistoryLimit` | The number of old history to retain to allow rollback | `10` | -| `replica.configuration` | Configuration for Redis® replicas nodes | `""` | -| `replica.disableCommands` | Array with Redis® commands to disable on replicas nodes | `["FLUSHDB","FLUSHALL"]` | -| `replica.command` | Override default container command (useful when using custom images) | `[]` | -| `replica.args` | Override default container args (useful when using custom images) | `[]` | -| `replica.enableServiceLinks` | Whether information about services should be injected into pod's environment variable | `true` | -| `replica.preExecCmds` | Additional commands to run prior to starting Redis® replicas | `[]` | -| `replica.extraFlags` | Array with additional command line flags for Redis® replicas | `[]` | -| `replica.extraEnvVars` | Array with extra environment variables to add to Redis® replicas nodes | `[]` | -| `replica.extraEnvVarsCM` | Name of existing ConfigMap containing extra env vars for Redis® replicas nodes | `""` | -| `replica.extraEnvVarsSecret` | Name of existing Secret containing extra env vars for Redis® replicas nodes | `""` | -| `replica.externalMaster.enabled` | Use external master for bootstrapping | `false` | -| `replica.externalMaster.host` | External master host to bootstrap from | `""` | -| `replica.externalMaster.port` | Port for Redis service external master host | `6379` | -| `replica.containerPorts.redis` | Container port to open on Redis® replicas nodes | `6379` | -| `replica.startupProbe.enabled` | Enable startupProbe on Redis® replicas nodes | `true` | -| `replica.startupProbe.initialDelaySeconds` | Initial delay seconds for startupProbe | `10` | -| `replica.startupProbe.periodSeconds` | Period seconds for startupProbe | `10` | -| `replica.startupProbe.timeoutSeconds` | Timeout seconds for startupProbe | `5` | -| `replica.startupProbe.failureThreshold` | Failure threshold for startupProbe | `22` | -| `replica.startupProbe.successThreshold` | Success threshold for startupProbe | `1` | -| `replica.livenessProbe.enabled` | Enable livenessProbe on Redis® replicas nodes | `true` | -| `replica.livenessProbe.initialDelaySeconds` | Initial delay seconds for livenessProbe | `20` | -| `replica.livenessProbe.periodSeconds` | Period seconds for livenessProbe | `5` | -| `replica.livenessProbe.timeoutSeconds` | Timeout seconds for livenessProbe | `5` | -| `replica.livenessProbe.failureThreshold` | Failure threshold for livenessProbe | `5` | -| `replica.livenessProbe.successThreshold` | Success threshold for livenessProbe | `1` | -| `replica.readinessProbe.enabled` | Enable readinessProbe on Redis® replicas nodes | `true` | -| `replica.readinessProbe.initialDelaySeconds` | Initial delay seconds for readinessProbe | `20` | -| `replica.readinessProbe.periodSeconds` | Period seconds for readinessProbe | `5` | -| `replica.readinessProbe.timeoutSeconds` | Timeout seconds for readinessProbe | `1` | -| `replica.readinessProbe.failureThreshold` | Failure threshold for readinessProbe | `5` | -| `replica.readinessProbe.successThreshold` | Success threshold for readinessProbe | `1` | -| `replica.customStartupProbe` | Custom startupProbe that overrides the default one | `{}` | -| `replica.customLivenessProbe` | Custom livenessProbe that overrides the default one | `{}` | -| `replica.customReadinessProbe` | Custom readinessProbe that overrides the default one | `{}` | -| `replica.resourcesPreset` | Set container resources according to one common preset (allowed values: none, nano, micro, small, medium, large, xlarge, 2xlarge). This is ignored if replica.resources is set (replica.resources is recommended for production). | `nano` | -| `replica.resources` | Set container requests and limits for different resources like CPU or memory (essential for production workloads) | `{}` | -| `replica.podSecurityContext.enabled` | Enabled Redis® replicas pods' Security Context | `true` | -| `replica.podSecurityContext.fsGroupChangePolicy` | Set filesystem group change policy | `Always` | -| `replica.podSecurityContext.sysctls` | Set kernel settings using the sysctl interface | `[]` | -| `replica.podSecurityContext.supplementalGroups` | Set filesystem extra groups | `[]` | -| `replica.podSecurityContext.fsGroup` | Set Redis® replicas pod's Security Context fsGroup | `1001` | -| `replica.containerSecurityContext.enabled` | Enabled Redis® replicas containers' Security Context | `true` | -| `replica.containerSecurityContext.seLinuxOptions` | Set SELinux options in container | `{}` | -| `replica.containerSecurityContext.runAsUser` | Set Redis® replicas containers' Security Context runAsUser | `1001` | -| `replica.containerSecurityContext.runAsGroup` | Set Redis® replicas containers' Security Context runAsGroup | `1001` | -| `replica.containerSecurityContext.runAsNonRoot` | Set Redis® replicas containers' Security Context runAsNonRoot | `true` | -| `replica.containerSecurityContext.allowPrivilegeEscalation` | Set Redis® replicas pod's Security Context allowPrivilegeEscalation | `false` | -| `replica.containerSecurityContext.readOnlyRootFilesystem` | Set container's Security Context read-only root filesystem | `true` | -| `replica.containerSecurityContext.seccompProfile.type` | Set Redis® replicas containers' Security Context seccompProfile | `RuntimeDefault` | -| `replica.containerSecurityContext.capabilities.drop` | Set Redis® replicas containers' Security Context capabilities to drop | `["ALL"]` | -| `replica.schedulerName` | Alternate scheduler for Redis® replicas pods | `""` | -| `replica.updateStrategy.type` | Redis® replicas statefulset strategy type | `RollingUpdate` | -| `replica.minReadySeconds` | How many seconds a pod needs to be ready before killing the next, during update | `0` | -| `replica.priorityClassName` | Redis® replicas pods' priorityClassName | `""` | -| `replica.podManagementPolicy` | podManagementPolicy to manage scaling operation of %%MAIN_CONTAINER_NAME%% pods | `""` | -| `replica.automountServiceAccountToken` | Mount Service Account token in pod | `false` | -| `replica.hostAliases` | Redis® replicas pods host aliases | `[]` | -| `replica.podLabels` | Extra labels for Redis® replicas pods | `{}` | -| `replica.podAnnotations` | Annotations for Redis® replicas pods | `{}` | -| `replica.shareProcessNamespace` | Share a single process namespace between all of the containers in Redis® replicas pods | `false` | -| `replica.podAffinityPreset` | Pod affinity preset. Ignored if `replica.affinity` is set. Allowed values: `soft` or `hard` | `""` | -| `replica.podAntiAffinityPreset` | Pod anti-affinity preset. Ignored if `replica.affinity` is set. Allowed values: `soft` or `hard` | `soft` | -| `replica.nodeAffinityPreset.type` | Node affinity preset type. Ignored if `replica.affinity` is set. Allowed values: `soft` or `hard` | `""` | -| `replica.nodeAffinityPreset.key` | Node label key to match. Ignored if `replica.affinity` is set | `""` | -| `replica.nodeAffinityPreset.values` | Node label values to match. Ignored if `replica.affinity` is set | `[]` | -| `replica.affinity` | Affinity for Redis® replicas pods assignment | `{}` | -| `replica.nodeSelector` | Node labels for Redis® replicas pods assignment | `{}` | -| `replica.tolerations` | Tolerations for Redis® replicas pods assignment | `[]` | -| `replica.topologySpreadConstraints` | Spread Constraints for Redis® replicas pod assignment | `[]` | -| `replica.dnsPolicy` | DNS Policy for Redis® replica pods | `""` | -| `replica.dnsConfig` | DNS Configuration for Redis® replica pods | `{}` | -| `replica.lifecycleHooks` | for the Redis® replica container(s) to automate configuration before or after startup | `{}` | -| `replica.extraVolumes` | Optionally specify extra list of additional volumes for the Redis® replicas pod(s) | `[]` | -| `replica.extraVolumeMounts` | Optionally specify extra list of additional volumeMounts for the Redis® replicas container(s) | `[]` | -| `replica.sidecars` | Add additional sidecar containers to the Redis® replicas pod(s) | `[]` | -| `replica.initContainers` | Add additional init containers to the Redis® replicas pod(s) | `[]` | -| `replica.persistence.enabled` | Enable persistence on Redis® replicas nodes using Persistent Volume Claims | `true` | -| `replica.persistence.medium` | Provide a medium for `emptyDir` volumes. | `""` | -| `replica.persistence.sizeLimit` | Set this to enable a size limit for `emptyDir` volumes. | `""` | -| `replica.persistence.path` | The path the volume will be mounted at on Redis® replicas containers | `/data` | -| `replica.persistence.subPath` | The subdirectory of the volume to mount on Redis® replicas containers | `""` | -| `replica.persistence.subPathExpr` | Used to construct the subPath subdirectory of the volume to mount on Redis® replicas containers | `""` | -| `replica.persistence.storageClass` | Persistent Volume storage class | `""` | -| `replica.persistence.accessModes` | Persistent Volume access modes | `["ReadWriteOnce"]` | -| `replica.persistence.size` | Persistent Volume size | `8Gi` | -| `replica.persistence.annotations` | Additional custom annotations for the PVC | `{}` | -| `replica.persistence.labels` | Additional custom labels for the PVC | `{}` | -| `replica.persistence.selector` | Additional labels to match for the PVC | `{}` | -| `replica.persistence.dataSource` | Custom PVC data source | `{}` | -| `replica.persistence.existingClaim` | Use a existing PVC which must be created manually before bound | `""` | -| `replica.persistentVolumeClaimRetentionPolicy.enabled` | Controls if and how PVCs are deleted during the lifecycle of a StatefulSet | `false` | -| `replica.persistentVolumeClaimRetentionPolicy.whenScaled` | Volume retention behavior when the replica count of the StatefulSet is reduced | `Retain` | -| `replica.persistentVolumeClaimRetentionPolicy.whenDeleted` | Volume retention behavior that applies when the StatefulSet is deleted | `Retain` | -| `replica.service.type` | Redis® replicas service type | `ClusterIP` | -| `replica.service.ports.redis` | Redis® replicas service port | `6379` | -| `replica.service.nodePorts.redis` | Node port for Redis® replicas | `""` | -| `replica.service.externalTrafficPolicy` | Redis® replicas service external traffic policy | `Cluster` | -| `replica.service.internalTrafficPolicy` | Redis® replicas service internal traffic policy (requires Kubernetes v1.22 or greater to be usable) | `Cluster` | -| `replica.service.extraPorts` | Extra ports to expose (normally used with the `sidecar` value) | `[]` | -| `replica.service.clusterIP` | Redis® replicas service Cluster IP | `""` | -| `replica.service.loadBalancerIP` | Redis® replicas service Load Balancer IP | `""` | -| `replica.service.loadBalancerClass` | replicas service Load Balancer class if service type is `LoadBalancer` (optional, cloud specific) | `""` | -| `replica.service.loadBalancerSourceRanges` | Redis® replicas service Load Balancer sources | `[]` | -| `replica.service.annotations` | Additional custom annotations for Redis® replicas service | `{}` | -| `replica.service.sessionAffinity` | Session Affinity for Kubernetes service, can be "None" or "ClientIP" | `None` | -| `replica.service.sessionAffinityConfig` | Additional settings for the sessionAffinity | `{}` | -| `replica.terminationGracePeriodSeconds` | Integer setting the termination grace period for the redis-replicas pods | `30` | -| `replica.autoscaling.enabled` | Enable replica autoscaling settings | `false` | -| `replica.autoscaling.minReplicas` | Minimum replicas for the pod autoscaling | `1` | -| `replica.autoscaling.maxReplicas` | Maximum replicas for the pod autoscaling | `11` | -| `replica.autoscaling.targetCPU` | Percentage of CPU to consider when autoscaling | `""` | -| `replica.autoscaling.targetMemory` | Percentage of Memory to consider when autoscaling | `""` | -| `replica.serviceAccount.create` | Specifies whether a ServiceAccount should be created | `true` | -| `replica.serviceAccount.name` | The name of the ServiceAccount to use. | `""` | -| `replica.serviceAccount.automountServiceAccountToken` | Whether to auto mount the service account token | `false` | -| `replica.serviceAccount.annotations` | Additional custom annotations for the ServiceAccount | `{}` | -| `replica.pdb.create` | Enable/disable a Pod Disruption Budget creation | `true` | -| `replica.pdb.minAvailable` | Minimum number/percentage of pods that should remain scheduled | `{}` | -| `replica.pdb.maxUnavailable` | Maximum number/percentage of pods that may be made unavailable. Defaults to `1` if both `replica.pdb.minAvailable` and `replica.pdb.maxUnavailable` are empty. | `{}` | -| `replica.extraPodSpec` | Optionally specify extra PodSpec for the Redis® replicas pod(s) | `{}` | - -### Redis® Sentinel configuration parameters - -| Name | Description | Value | -| ------------------------------------------------------------ | ----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | -------------------------------- | -| `sentinel.enabled` | Use Redis® Sentinel on Redis® pods. | `false` | -| `sentinel.image.registry` | Redis® Sentinel image registry | `REGISTRY_NAME` | -| `sentinel.image.repository` | Redis® Sentinel image repository | `REPOSITORY_NAME/redis-sentinel` | -| `sentinel.image.digest` | Redis® Sentinel image digest in the way sha256:aa.... Please note this parameter, if set, will override the tag | `""` | -| `sentinel.image.pullPolicy` | Redis® Sentinel image pull policy | `IfNotPresent` | -| `sentinel.image.pullSecrets` | Redis® Sentinel image pull secrets | `[]` | -| `sentinel.image.debug` | Enable image debug mode | `false` | -| `sentinel.annotations` | Additional custom annotations for Redis® Sentinel resource | `{}` | -| `sentinel.masterSet` | Master set name | `mymaster` | -| `sentinel.quorum` | Sentinel Quorum | `2` | -| `sentinel.getMasterTimeout` | Amount of time to allow before get_sentinel_master_info() times out. | `90` | -| `sentinel.automateClusterRecovery` | Automate cluster recovery in cases where the last replica is not considered a good replica and Sentinel won't automatically failover to it. | `false` | -| `sentinel.redisShutdownWaitFailover` | Whether the Redis® master container waits for the failover at shutdown (in addition to the Redis® Sentinel container). | `true` | -| `sentinel.downAfterMilliseconds` | Timeout for detecting a Redis® node is down | `60000` | -| `sentinel.failoverTimeout` | Timeout for performing a election failover | `180000` | -| `sentinel.parallelSyncs` | Number of replicas that can be reconfigured in parallel to use the new master after a failover | `1` | -| `sentinel.configuration` | Configuration for Redis® Sentinel nodes | `""` | -| `sentinel.command` | Override default container command (useful when using custom images) | `[]` | -| `sentinel.args` | Override default container args (useful when using custom images) | `[]` | -| `sentinel.enableServiceLinks` | Whether information about services should be injected into pod's environment variable | `true` | -| `sentinel.preExecCmds` | Additional commands to run prior to starting Redis® Sentinel | `[]` | -| `sentinel.extraEnvVars` | Array with extra environment variables to add to Redis® Sentinel nodes | `[]` | -| `sentinel.extraEnvVarsCM` | Name of existing ConfigMap containing extra env vars for Redis® Sentinel nodes | `""` | -| `sentinel.extraEnvVarsSecret` | Name of existing Secret containing extra env vars for Redis® Sentinel nodes | `""` | -| `sentinel.externalMaster.enabled` | Use external master for bootstrapping | `false` | -| `sentinel.externalMaster.host` | External master host to bootstrap from | `""` | -| `sentinel.externalMaster.port` | Port for Redis service external master host | `6379` | -| `sentinel.containerPorts.sentinel` | Container port to open on Redis® Sentinel nodes | `26379` | -| `sentinel.startupProbe.enabled` | Enable startupProbe on Redis® Sentinel nodes | `true` | -| `sentinel.startupProbe.initialDelaySeconds` | Initial delay seconds for startupProbe | `10` | -| `sentinel.startupProbe.periodSeconds` | Period seconds for startupProbe | `10` | -| `sentinel.startupProbe.timeoutSeconds` | Timeout seconds for startupProbe | `5` | -| `sentinel.startupProbe.failureThreshold` | Failure threshold for startupProbe | `22` | -| `sentinel.startupProbe.successThreshold` | Success threshold for startupProbe | `1` | -| `sentinel.livenessProbe.enabled` | Enable livenessProbe on Redis® Sentinel nodes | `true` | -| `sentinel.livenessProbe.initialDelaySeconds` | Initial delay seconds for livenessProbe | `20` | -| `sentinel.livenessProbe.periodSeconds` | Period seconds for livenessProbe | `10` | -| `sentinel.livenessProbe.timeoutSeconds` | Timeout seconds for livenessProbe | `5` | -| `sentinel.livenessProbe.failureThreshold` | Failure threshold for livenessProbe | `6` | -| `sentinel.livenessProbe.successThreshold` | Success threshold for livenessProbe | `1` | -| `sentinel.readinessProbe.enabled` | Enable readinessProbe on Redis® Sentinel nodes | `true` | -| `sentinel.readinessProbe.initialDelaySeconds` | Initial delay seconds for readinessProbe | `20` | -| `sentinel.readinessProbe.periodSeconds` | Period seconds for readinessProbe | `5` | -| `sentinel.readinessProbe.timeoutSeconds` | Timeout seconds for readinessProbe | `1` | -| `sentinel.readinessProbe.failureThreshold` | Failure threshold for readinessProbe | `6` | -| `sentinel.readinessProbe.successThreshold` | Success threshold for readinessProbe | `1` | -| `sentinel.customStartupProbe` | Custom startupProbe that overrides the default one | `{}` | -| `sentinel.customLivenessProbe` | Custom livenessProbe that overrides the default one | `{}` | -| `sentinel.customReadinessProbe` | Custom readinessProbe that overrides the default one | `{}` | -| `sentinel.persistence.enabled` | Enable persistence on Redis® sentinel nodes using Persistent Volume Claims (Experimental) | `false` | -| `sentinel.persistence.storageClass` | Persistent Volume storage class | `""` | -| `sentinel.persistence.accessModes` | Persistent Volume access modes | `["ReadWriteOnce"]` | -| `sentinel.persistence.size` | Persistent Volume size | `100Mi` | -| `sentinel.persistence.annotations` | Additional custom annotations for the PVC | `{}` | -| `sentinel.persistence.labels` | Additional custom labels for the PVC | `{}` | -| `sentinel.persistence.selector` | Additional labels to match for the PVC | `{}` | -| `sentinel.persistence.dataSource` | Custom PVC data source | `{}` | -| `sentinel.persistence.medium` | Provide a medium for `emptyDir` volumes. | `""` | -| `sentinel.persistence.sizeLimit` | Set this to enable a size limit for `emptyDir` volumes. | `""` | -| `sentinel.persistentVolumeClaimRetentionPolicy.enabled` | Controls if and how PVCs are deleted during the lifecycle of a StatefulSet | `false` | -| `sentinel.persistentVolumeClaimRetentionPolicy.whenScaled` | Volume retention behavior when the replica count of the StatefulSet is reduced | `Retain` | -| `sentinel.persistentVolumeClaimRetentionPolicy.whenDeleted` | Volume retention behavior that applies when the StatefulSet is deleted | `Retain` | -| `sentinel.resourcesPreset` | Set container resources according to one common preset (allowed values: none, nano, micro, small, medium, large, xlarge, 2xlarge). This is ignored if sentinel.resources is set (sentinel.resources is recommended for production). | `nano` | -| `sentinel.resources` | Set container requests and limits for different resources like CPU or memory (essential for production workloads) | `{}` | -| `sentinel.containerSecurityContext.enabled` | Enabled Redis® Sentinel containers' Security Context | `true` | -| `sentinel.containerSecurityContext.seLinuxOptions` | Set SELinux options in container | `{}` | -| `sentinel.containerSecurityContext.runAsUser` | Set Redis® Sentinel containers' Security Context runAsUser | `1001` | -| `sentinel.containerSecurityContext.runAsGroup` | Set Redis® Sentinel containers' Security Context runAsGroup | `1001` | -| `sentinel.containerSecurityContext.runAsNonRoot` | Set Redis® Sentinel containers' Security Context runAsNonRoot | `true` | -| `sentinel.containerSecurityContext.readOnlyRootFilesystem` | Set container's Security Context read-only root filesystem | `true` | -| `sentinel.containerSecurityContext.allowPrivilegeEscalation` | Set Redis® Sentinel containers' Security Context allowPrivilegeEscalation | `false` | -| `sentinel.containerSecurityContext.seccompProfile.type` | Set Redis® Sentinel containers' Security Context seccompProfile | `RuntimeDefault` | -| `sentinel.containerSecurityContext.capabilities.drop` | Set Redis® Sentinel containers' Security Context capabilities to drop | `["ALL"]` | -| `sentinel.lifecycleHooks` | for the Redis® sentinel container(s) to automate configuration before or after startup | `{}` | -| `sentinel.extraVolumes` | Optionally specify extra list of additional volumes for the Redis® Sentinel | `[]` | -| `sentinel.extraVolumeMounts` | Optionally specify extra list of additional volumeMounts for the Redis® Sentinel container(s) | `[]` | -| `sentinel.service.type` | Redis® Sentinel service type | `ClusterIP` | -| `sentinel.service.ports.redis` | Redis® service port for Redis® | `6379` | -| `sentinel.service.ports.sentinel` | Redis® service port for Redis® Sentinel | `26379` | -| `sentinel.service.nodePorts.redis` | Node port for Redis® | `""` | -| `sentinel.service.nodePorts.sentinel` | Node port for Sentinel | `""` | -| `sentinel.service.externalTrafficPolicy` | Redis® Sentinel service external traffic policy | `Cluster` | -| `sentinel.service.extraPorts` | Extra ports to expose (normally used with the `sidecar` value) | `[]` | -| `sentinel.service.clusterIP` | Redis® Sentinel service Cluster IP | `""` | -| `sentinel.service.createMaster` | Enable master service pointing to the current master (experimental) | `false` | -| `sentinel.service.loadBalancerIP` | Redis® Sentinel service Load Balancer IP | `""` | -| `sentinel.service.loadBalancerClass` | sentinel service Load Balancer class if service type is `LoadBalancer` (optional, cloud specific) | `""` | -| `sentinel.service.loadBalancerSourceRanges` | Redis® Sentinel service Load Balancer sources | `[]` | -| `sentinel.service.annotations` | Additional custom annotations for Redis® Sentinel service | `{}` | -| `sentinel.service.sessionAffinity` | Session Affinity for Kubernetes service, can be "None" or "ClientIP" | `None` | -| `sentinel.service.sessionAffinityConfig` | Additional settings for the sessionAffinity | `{}` | -| `sentinel.service.headless.annotations` | Annotations for the headless service. | `{}` | -| `sentinel.masterService.enabled` | Enable master service pointing to the current master (experimental) | `false` | -| `sentinel.masterService.type` | Redis® Sentinel master service type | `ClusterIP` | -| `sentinel.masterService.ports.redis` | Redis® service port for Redis® | `6379` | -| `sentinel.masterService.nodePorts.redis` | Node port for Redis® | `""` | -| `sentinel.masterService.externalTrafficPolicy` | Redis® master service external traffic policy | `""` | -| `sentinel.masterService.extraPorts` | Extra ports to expose (normally used with the `sidecar` value) | `[]` | -| `sentinel.masterService.clusterIP` | Redis® master service Cluster IP | `""` | -| `sentinel.masterService.loadBalancerIP` | Redis® master service Load Balancer IP | `""` | -| `sentinel.masterService.loadBalancerClass` | master service Load Balancer class if service type is `LoadBalancer` (optional, cloud specific) | `""` | -| `sentinel.masterService.loadBalancerSourceRanges` | Redis® master service Load Balancer sources | `[]` | -| `sentinel.masterService.annotations` | Additional custom annotations for Redis® master service | `{}` | -| `sentinel.masterService.sessionAffinity` | Session Affinity for Kubernetes service, can be "None" or "ClientIP" | `None` | -| `sentinel.masterService.sessionAffinityConfig` | Additional settings for the sessionAffinity | `{}` | -| `sentinel.terminationGracePeriodSeconds` | Integer setting the termination grace period for the redis-node pods | `30` | -| `sentinel.extraPodSpec` | Optionally specify extra PodSpec for the Redis® Sentinel pod(s) | `{}` | - -### Other Parameters - -| Name | Description | Value | -| ----------------------------------------------- | ------------------------------------------------------------------------------------------------------------------------------------------- | ------- | -| `serviceBindings.enabled` | Create secret for service binding (Experimental) | `false` | -| `networkPolicy.enabled` | Enable creation of NetworkPolicy resources | `true` | -| `networkPolicy.allowExternal` | Don't require client label for connections | `true` | -| `networkPolicy.allowExternalEgress` | Allow the pod to access any range of port and all destinations. | `true` | -| `networkPolicy.extraIngress` | Add extra ingress rules to the NetworkPolicy | `[]` | -| `networkPolicy.extraEgress` | Add extra egress rules to the NetworkPolicy | `[]` | -| `networkPolicy.ingressNSMatchLabels` | Labels to match to allow traffic from other namespaces | `{}` | -| `networkPolicy.ingressNSPodMatchLabels` | Pod labels to match to allow traffic from other namespaces | `{}` | -| `networkPolicy.metrics.allowExternal` | Don't require client label for connections for metrics endpoint | `true` | -| `networkPolicy.metrics.ingressNSMatchLabels` | Labels to match to allow traffic from other namespaces to metrics endpoint | `{}` | -| `networkPolicy.metrics.ingressNSPodMatchLabels` | Pod labels to match to allow traffic from other namespaces to metrics endpoint | `{}` | -| `podSecurityPolicy.create` | Whether to create a PodSecurityPolicy. WARNING: PodSecurityPolicy is deprecated in Kubernetes v1.21 or later, unavailable in v1.25 or later | `false` | -| `podSecurityPolicy.enabled` | Enable PodSecurityPolicy's RBAC rules | `false` | -| `rbac.create` | Specifies whether RBAC resources should be created | `false` | -| `rbac.rules` | Custom RBAC rules to set | `[]` | -| `serviceAccount.create` | Specifies whether a ServiceAccount should be created | `true` | -| `serviceAccount.name` | The name of the ServiceAccount to use. | `""` | -| `serviceAccount.automountServiceAccountToken` | Whether to auto mount the service account token | `false` | -| `serviceAccount.annotations` | Additional custom annotations for the ServiceAccount | `{}` | -| `pdb` | DEPRECATED Please use `master.pdb` and `replica.pdb` values instead | `{}` | -| `tls.enabled` | Enable TLS traffic | `false` | -| `tls.authClients` | Require clients to authenticate | `true` | -| `tls.autoGenerated` | Enable autogenerated certificates | `false` | -| `tls.existingSecret` | The name of the existing secret that contains the TLS certificates | `""` | -| `tls.certificatesSecret` | DEPRECATED. Use existingSecret instead. | `""` | -| `tls.certFilename` | Certificate filename | `""` | -| `tls.certKeyFilename` | Certificate Key filename | `""` | -| `tls.certCAFilename` | CA Certificate filename | `""` | -| `tls.dhParamsFilename` | File containing DH params (in order to support DH based ciphers) | `""` | - -### Metrics Parameters - -| Name | Description | Value | -| ----------------------------------------------------------- | --------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | -------------------------------- | -| `metrics.enabled` | Start a sidecar prometheus exporter to expose Redis® metrics | `false` | -| `metrics.image.registry` | Redis® Exporter image registry | `REGISTRY_NAME` | -| `metrics.image.repository` | Redis® Exporter image repository | `REPOSITORY_NAME/redis-exporter` | -| `metrics.image.digest` | Redis® Exporter image digest in the way sha256:aa.... Please note this parameter, if set, will override the tag | `""` | -| `metrics.image.pullPolicy` | Redis® Exporter image pull policy | `IfNotPresent` | -| `metrics.image.pullSecrets` | Redis® Exporter image pull secrets | `[]` | -| `metrics.containerPorts.http` | Metrics HTTP container port | `9121` | -| `metrics.startupProbe.enabled` | Enable startupProbe on Redis® replicas nodes | `false` | -| `metrics.startupProbe.initialDelaySeconds` | Initial delay seconds for startupProbe | `10` | -| `metrics.startupProbe.periodSeconds` | Period seconds for startupProbe | `10` | -| `metrics.startupProbe.timeoutSeconds` | Timeout seconds for startupProbe | `5` | -| `metrics.startupProbe.failureThreshold` | Failure threshold for startupProbe | `5` | -| `metrics.startupProbe.successThreshold` | Success threshold for startupProbe | `1` | -| `metrics.livenessProbe.enabled` | Enable livenessProbe on Redis® replicas nodes | `true` | -| `metrics.livenessProbe.initialDelaySeconds` | Initial delay seconds for livenessProbe | `10` | -| `metrics.livenessProbe.periodSeconds` | Period seconds for livenessProbe | `10` | -| `metrics.livenessProbe.timeoutSeconds` | Timeout seconds for livenessProbe | `5` | -| `metrics.livenessProbe.failureThreshold` | Failure threshold for livenessProbe | `5` | -| `metrics.livenessProbe.successThreshold` | Success threshold for livenessProbe | `1` | -| `metrics.readinessProbe.enabled` | Enable readinessProbe on Redis® replicas nodes | `true` | -| `metrics.readinessProbe.initialDelaySeconds` | Initial delay seconds for readinessProbe | `5` | -| `metrics.readinessProbe.periodSeconds` | Period seconds for readinessProbe | `10` | -| `metrics.readinessProbe.timeoutSeconds` | Timeout seconds for readinessProbe | `1` | -| `metrics.readinessProbe.failureThreshold` | Failure threshold for readinessProbe | `3` | -| `metrics.readinessProbe.successThreshold` | Success threshold for readinessProbe | `1` | -| `metrics.customStartupProbe` | Custom startupProbe that overrides the default one | `{}` | -| `metrics.customLivenessProbe` | Custom livenessProbe that overrides the default one | `{}` | -| `metrics.customReadinessProbe` | Custom readinessProbe that overrides the default one | `{}` | -| `metrics.command` | Override default metrics container init command (useful when using custom images) | `[]` | -| `metrics.redisTargetHost` | A way to specify an alternative Redis® hostname | `localhost` | -| `metrics.extraArgs` | Extra arguments for Redis® exporter, for example: | `{}` | -| `metrics.extraEnvVars` | Array with extra environment variables to add to Redis® exporter | `[]` | -| `metrics.containerSecurityContext.enabled` | Enabled Redis® exporter containers' Security Context | `true` | -| `metrics.containerSecurityContext.seLinuxOptions` | Set SELinux options in container | `{}` | -| `metrics.containerSecurityContext.runAsUser` | Set Redis® exporter containers' Security Context runAsUser | `1001` | -| `metrics.containerSecurityContext.runAsGroup` | Set Redis® exporter containers' Security Context runAsGroup | `1001` | -| `metrics.containerSecurityContext.runAsNonRoot` | Set Redis® exporter containers' Security Context runAsNonRoot | `true` | -| `metrics.containerSecurityContext.allowPrivilegeEscalation` | Set Redis® exporter containers' Security Context allowPrivilegeEscalation | `false` | -| `metrics.containerSecurityContext.readOnlyRootFilesystem` | Set container's Security Context read-only root filesystem | `true` | -| `metrics.containerSecurityContext.seccompProfile.type` | Set Redis® exporter containers' Security Context seccompProfile | `RuntimeDefault` | -| `metrics.containerSecurityContext.capabilities.drop` | Set Redis® exporter containers' Security Context capabilities to drop | `["ALL"]` | -| `metrics.extraVolumes` | Optionally specify extra list of additional volumes for the Redis® metrics sidecar | `[]` | -| `metrics.extraVolumeMounts` | Optionally specify extra list of additional volumeMounts for the Redis® metrics sidecar | `[]` | -| `metrics.resourcesPreset` | Set container resources according to one common preset (allowed values: none, nano, micro, small, medium, large, xlarge, 2xlarge). This is ignored if metrics.resources is set (metrics.resources is recommended for production). | `nano` | -| `metrics.resources` | Set container requests and limits for different resources like CPU or memory (essential for production workloads) | `{}` | -| `metrics.podLabels` | Extra labels for Redis® exporter pods | `{}` | -| `metrics.podAnnotations` | Annotations for Redis® exporter pods | `{}` | -| `metrics.service.enabled` | Create Service resource(s) for scraping metrics using PrometheusOperator ServiceMonitor, can be disabled when using a PodMonitor | `true` | -| `metrics.service.type` | Redis® exporter service type | `ClusterIP` | -| `metrics.service.ports.http` | Redis® exporter service port | `9121` | -| `metrics.service.externalTrafficPolicy` | Redis® exporter service external traffic policy | `Cluster` | -| `metrics.service.extraPorts` | Extra ports to expose (normally used with the `sidecar` value) | `[]` | -| `metrics.service.loadBalancerIP` | Redis® exporter service Load Balancer IP | `""` | -| `metrics.service.loadBalancerClass` | exporter service Load Balancer class if service type is `LoadBalancer` (optional, cloud specific) | `""` | -| `metrics.service.loadBalancerSourceRanges` | Redis® exporter service Load Balancer sources | `[]` | -| `metrics.service.annotations` | Additional custom annotations for Redis® exporter service | `{}` | -| `metrics.service.clusterIP` | Redis® exporter service Cluster IP | `""` | -| `metrics.serviceMonitor.port` | the service port to scrape metrics from | `http-metrics` | -| `metrics.serviceMonitor.enabled` | Create ServiceMonitor resource(s) for scraping metrics using PrometheusOperator | `false` | -| `metrics.serviceMonitor.namespace` | The namespace in which the ServiceMonitor will be created | `""` | -| `metrics.serviceMonitor.interval` | The interval at which metrics should be scraped | `30s` | -| `metrics.serviceMonitor.scrapeTimeout` | The timeout after which the scrape is ended | `""` | -| `metrics.serviceMonitor.relabelings` | Metrics RelabelConfigs to apply to samples before scraping. | `[]` | -| `metrics.serviceMonitor.metricRelabelings` | Metrics RelabelConfigs to apply to samples before ingestion. | `[]` | -| `metrics.serviceMonitor.honorLabels` | Specify honorLabels parameter to add the scrape endpoint | `false` | -| `metrics.serviceMonitor.additionalLabels` | Additional labels that can be used so ServiceMonitor resource(s) can be discovered by Prometheus | `{}` | -| `metrics.serviceMonitor.podTargetLabels` | Labels from the Kubernetes pod to be transferred to the created metrics | `[]` | -| `metrics.serviceMonitor.sampleLimit` | Limit of how many samples should be scraped from every Pod | `false` | -| `metrics.serviceMonitor.targetLimit` | Limit of how many targets should be scraped | `false` | -| `metrics.serviceMonitor.additionalEndpoints` | Additional endpoints to scrape (e.g sentinel) | `[]` | -| `metrics.podMonitor.port` | the pod port to scrape metrics from | `metrics` | -| `metrics.podMonitor.enabled` | Create PodMonitor resource(s) for scraping metrics using PrometheusOperator | `false` | -| `metrics.podMonitor.namespace` | The namespace in which the PodMonitor will be created | `""` | -| `metrics.podMonitor.interval` | The interval at which metrics should be scraped | `30s` | -| `metrics.podMonitor.scrapeTimeout` | The timeout after which the scrape is ended | `""` | -| `metrics.podMonitor.relabelings` | Metrics RelabelConfigs to apply to samples before scraping. | `[]` | -| `metrics.podMonitor.metricRelabelings` | Metrics RelabelConfigs to apply to samples before ingestion. | `[]` | -| `metrics.podMonitor.honorLabels` | Specify honorLabels parameter to add the scrape endpoint | `false` | -| `metrics.podMonitor.additionalLabels` | Additional labels that can be used so PodMonitor resource(s) can be discovered by Prometheus | `{}` | -| `metrics.podMonitor.podTargetLabels` | Labels from the Kubernetes pod to be transferred to the created metrics | `[]` | -| `metrics.podMonitor.sampleLimit` | Limit of how many samples should be scraped from every Pod | `false` | -| `metrics.podMonitor.targetLimit` | Limit of how many targets should be scraped | `false` | -| `metrics.podMonitor.additionalEndpoints` | Additional endpoints to scrape (e.g sentinel) | `[]` | -| `metrics.prometheusRule.enabled` | Create a custom prometheusRule Resource for scraping metrics using PrometheusOperator | `false` | -| `metrics.prometheusRule.namespace` | The namespace in which the prometheusRule will be created | `""` | -| `metrics.prometheusRule.additionalLabels` | Additional labels for the prometheusRule | `{}` | -| `metrics.prometheusRule.rules` | Custom Prometheus rules | `[]` | - -### Init Container Parameters - -| Name | Description | Value | -| ----------------------------------------------------------- | ----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | ----------------------------------------------------------------- | -| `volumePermissions.enabled` | Enable init container that changes the owner/group of the PV mount point to `runAsUser:fsGroup` | `false` | -| `volumePermissions.image.registry` | OS Shell + Utility image registry | `REGISTRY_NAME` | -| `volumePermissions.image.repository` | OS Shell + Utility image repository | `REPOSITORY_NAME/os-shell` | -| `volumePermissions.image.digest` | OS Shell + Utility image digest in the way sha256:aa.... Please note this parameter, if set, will override the tag | `""` | -| `volumePermissions.image.pullPolicy` | OS Shell + Utility image pull policy | `IfNotPresent` | -| `volumePermissions.image.pullSecrets` | OS Shell + Utility image pull secrets | `[]` | -| `volumePermissions.resourcesPreset` | Set container resources according to one common preset (allowed values: none, nano, micro, small, medium, large, xlarge, 2xlarge). This is ignored if volumePermissions.resources is set (volumePermissions.resources is recommended for production). | `nano` | -| `volumePermissions.resources` | Set container requests and limits for different resources like CPU or memory (essential for production workloads) | `{}` | -| `volumePermissions.containerSecurityContext.seLinuxOptions` | Set SELinux options in container | `{}` | -| `volumePermissions.containerSecurityContext.runAsUser` | Set init container's Security Context runAsUser | `0` | -| `volumePermissions.extraEnvVars` | Array with extra environment variables to add to volume permissions init container. | `[]` | -| `kubectl.image.registry` | Kubectl image registry | `REGISTRY_NAME` | -| `kubectl.image.repository` | Kubectl image repository | `REPOSITORY_NAME/kubectl` | -| `kubectl.image.digest` | Kubectl image digest in the way sha256:aa.... Please note this parameter, if set, will override the tag | `""` | -| `kubectl.image.pullPolicy` | Kubectl image pull policy | `IfNotPresent` | -| `kubectl.image.pullSecrets` | Kubectl pull secrets | `[]` | -| `kubectl.command` | kubectl command to execute | `["/opt/bitnami/scripts/kubectl-scripts/update-master-label.sh"]` | -| `kubectl.containerSecurityContext.enabled` | Enabled kubectl containers' Security Context | `true` | -| `kubectl.containerSecurityContext.seLinuxOptions` | Set SELinux options in container | `{}` | -| `kubectl.containerSecurityContext.runAsUser` | Set kubectl containers' Security Context runAsUser | `1001` | -| `kubectl.containerSecurityContext.runAsGroup` | Set kubectl containers' Security Context runAsGroup | `1001` | -| `kubectl.containerSecurityContext.runAsNonRoot` | Set kubectl containers' Security Context runAsNonRoot | `true` | -| `kubectl.containerSecurityContext.allowPrivilegeEscalation` | Set kubectl containers' Security Context allowPrivilegeEscalation | `false` | -| `kubectl.containerSecurityContext.readOnlyRootFilesystem` | Set container's Security Context read-only root filesystem | `true` | -| `kubectl.containerSecurityContext.seccompProfile.type` | Set kubectl containers' Security Context seccompProfile | `RuntimeDefault` | -| `kubectl.containerSecurityContext.capabilities.drop` | Set kubectl containers' Security Context capabilities to drop | `["ALL"]` | -| `kubectl.resources.limits` | The resources limits for the kubectl containers | `{}` | -| `kubectl.resources.requests` | The requested resources for the kubectl containers | `{}` | -| `sysctl.enabled` | Enable init container to modify Kernel settings | `false` | -| `sysctl.image.registry` | OS Shell + Utility image registry | `REGISTRY_NAME` | -| `sysctl.image.repository` | OS Shell + Utility image repository | `REPOSITORY_NAME/os-shell` | -| `sysctl.image.digest` | OS Shell + Utility image digest in the way sha256:aa.... Please note this parameter, if set, will override the tag | `""` | -| `sysctl.image.pullPolicy` | OS Shell + Utility image pull policy | `IfNotPresent` | -| `sysctl.image.pullSecrets` | OS Shell + Utility image pull secrets | `[]` | -| `sysctl.command` | Override default init-sysctl container command (useful when using custom images) | `[]` | -| `sysctl.mountHostSys` | Mount the host `/sys` folder to `/host-sys` | `false` | -| `sysctl.resourcesPreset` | Set container resources according to one common preset (allowed values: none, nano, micro, small, medium, large, xlarge, 2xlarge). This is ignored if sysctl.resources is set (sysctl.resources is recommended for production). | `nano` | -| `sysctl.resources` | Set container requests and limits for different resources like CPU or memory (essential for production workloads) | `{}` | - -### useExternalDNS Parameters - -| Name | Description | Value | -| -------------------------------------- | ---------------------------------------------------------------------------------------------------------------------------------------- | ----------------------------------- | -| `useExternalDNS.enabled` | Enable various syntax that would enable external-dns to work. Note this requires a working installation of `external-dns` to be usable. | `false` | -| `useExternalDNS.additionalAnnotations` | Extra annotations to be utilized when `external-dns` is enabled. | `{}` | -| `useExternalDNS.annotationKey` | The annotation key utilized when `external-dns` is enabled. Setting this to `false` will disable annotations. | `external-dns.alpha.kubernetes.io/` | -| `useExternalDNS.suffix` | The DNS suffix utilized when `external-dns` is enabled. Note that we prepend the suffix with the full name of the release. | `""` | - -Specify each parameter using the `--set key=value[,key=value]` argument to `helm install`. For example, - -```console -helm install my-release \ - --set auth.password=secretpassword \ - oci://REGISTRY_NAME/REPOSITORY_NAME/redis -``` - -> Note: You need to substitute the placeholders `REGISTRY_NAME` and `REPOSITORY_NAME` with a reference to your Helm chart registry and repository. For example, in the case of Bitnami, you need to use `REGISTRY_NAME=registry-1.docker.io` and `REPOSITORY_NAME=bitnamicharts`. - -The above command sets the Redis® server password to `secretpassword`. - -> NOTE: Once this chart is deployed, it is not possible to change the application's access credentials, such as usernames or passwords, using Helm. To change these application credentials after deployment, delete any persistent volumes (PVs) used by the chart and re-deploy it, or use the application's built-in administrative tools if available. - -Alternatively, a YAML file that specifies the values for the parameters can be provided while installing the chart. For example, - -```console -helm install my-release -f values.yaml oci://REGISTRY_NAME/REPOSITORY_NAME/redis -``` - -> Note: You need to substitute the placeholders `REGISTRY_NAME` and `REPOSITORY_NAME` with a reference to your Helm chart registry and repository. For example, in the case of Bitnami, you need to use `REGISTRY_NAME=registry-1.docker.io` and `REPOSITORY_NAME=bitnamicharts`. -> **Tip**: You can use the default [values.yaml](https://github.com/bitnami/charts/tree/main/bitnami/redis/values.yaml) - -## Troubleshooting - -Find more information about how to deal with common errors related to Bitnami's Helm charts in [this troubleshooting guide](https://docs.bitnami.com/general/how-to/troubleshoot-helm-chart-issues). - -## Upgrading - -A major chart version change (like v1.2.3 -> v2.0.0) indicates that there is an incompatible breaking change needing manual actions. - -### RDB compatibility - -It's common to have RDB format changes across Redis® releases where we see backward compatibility but no forward compatibility. For example, v7.0 can load an RDB created by v6.2 , but the opposite is not true. -When that's the case, the rolling update can cause replicas to temporarily stop synchronizing while they are running a lower version than master. -For example, on a rolling update `master-0` and `replica-2` are updated first from version v6.2 to v7.0; `replica-0` and `replica-1` won't be able to start a full sync with `master-0` because they are still running v6.2 and can't support the RDB format from version 7.0 that master is now using. -This issue can be mitigated by splitting the upgrade into two stages: one for all replicas and another for any master. - -- Stage 1 (replicas only, as there's no master with an ordinal higher than 99): -`helm upgrade oci://REGISTRY_NAME/REPOSITORY_NAME/redis --set master.updateStrategy.rollingUpdate.partition=99` -- Stage 2 (anything else that is not up to date, in this case only master): -`helm upgrade oci://REGISTRY_NAME/REPOSITORY_NAME/redis` - -### To 20.0.0 - -This major version updates the Redis® docker image version used from `7.2` to `7.4`, the new stable version. There are no major changes in the chart, but we recommend checking the [Redis® 7.4 release notes](https://raw.githubusercontent.com/redis/redis/7.4/00-RELEASENOTES) before upgrading. - -### To 19.0.0 - -This major bump changes the following security defaults: - -- `runAsGroup` is changed from `0` to `1001` -- `readOnlyRootFilesystem` is set to `true` -- `resourcesPreset` is changed from `none` to the minimum size working in our test suites (NOTE: `resourcesPreset` is not meant for production usage, but `resources` adapted to your use case). -- `global.compatibility.openshift.adaptSecurityContext` is changed from `disabled` to `auto`. - -This could potentially break any customization or init scripts used in your deployment. If this is the case, change the default values to the previous ones. - -### To 18.0.0 - -This major version updates the Redis® docker image version used from `7.0` to `7.2`, the new stable version. There are no major changes in the chart, but we recommend checking the [Redis® 7.2 release notes](https://raw.githubusercontent.com/redis/redis/7.2/00-RELEASENOTES) before upgrading. - -NOTE: Due to an error in our release process, versions higher or equal than 17.15.4 already use 7.2 by default. - -### To 17.0.0 - -This major version updates the Redis® docker image version used from `6.2` to `7.0`, the new stable version. There are no major changes in the chart, but we recommend checking the [Redis® 7.0 release notes](https://raw.githubusercontent.com/redis/redis/7.0/00-RELEASENOTES) before upgrading. - -### To 16.0.0 - -This major release renames several values in this chart and adds missing features, in order to be inline with the rest of assets in the Bitnami charts repository. - -Affected values: - -- `master.service.port` renamed as `master.service.ports.redis`. -- `master.service.nodePort` renamed as `master.service.nodePorts.redis`. -- `replica.service.port` renamed as `replica.service.ports.redis`. -- `replica.service.nodePort` renamed as `replica.service.nodePorts.redis`. -- `sentinel.service.port` renamed as `sentinel.service.ports.redis`. -- `sentinel.service.sentinelPort` renamed as `sentinel.service.ports.sentinel`. -- `master.containerPort` renamed as `master.containerPorts.redis`. -- `replica.containerPort` renamed as `replica.containerPorts.redis`. -- `sentinel.containerPort` renamed as `sentinel.containerPorts.sentinel`. -- `master.spreadConstraints` renamed as `master.topologySpreadConstraints` -- `replica.spreadConstraints` renamed as `replica.topologySpreadConstraints` - -### To 15.0.0 - -The parameter to enable the usage of StaticIDs was removed. The behavior is to [always use StaticIDs](https://github.com/bitnami/charts/pull/7278). - -### To 14.8.0 - -The Redis® sentinel exporter was removed in this version because the upstream project was deprecated. The regular Redis® exporter is included in the sentinel scenario as usual. - -### To 14.0.0 - -- Several parameters were renamed or disappeared in favor of new ones on this major version: - - The term *slave* has been replaced by the term *replica*. Therefore, parameters prefixed with `slave` are now prefixed with `replicas`. - - Credentials parameter are reorganized under the `auth` parameter. - - `cluster.enabled` parameter is deprecated in favor of `architecture` parameter that accepts two values: `standalone` and `replication`. - - `securityContext.*` is deprecated in favor of `XXX.podSecurityContext` and `XXX.containerSecurityContext`. - - `sentinel.metrics.*` parameters are deprecated in favor of `metrics.sentinel.*` ones. -- New parameters to add custom command, environment variables, sidecars, init containers, etc. were added. -- Chart labels were adapted to follow the [Helm charts standard labels](https://helm.sh/docs/chart_best_practices/labels/#standard-labels). -- values.yaml metadata was adapted to follow the format supported by [Readme Generator for Helm](https://github.com/bitnami/readme-generator-for-helm). - -Consequences: - -Backwards compatibility is not guaranteed. To upgrade to `14.0.0`, install a new release of the Redis® chart, and migrate the data from your previous release. You have 2 alternatives to do so: - -- Create a backup of the database, and restore it on the new release as explained in the [Backup and restore](#backup-and-restore) section. -- Reuse the PVC used to hold the master data on your previous release. To do so, use the `master.persistence.existingClaim` parameter. The following example assumes that the release name is `redis`: - -```console -helm install redis oci://REGISTRY_NAME/REPOSITORY_NAME/redis --set auth.password=[PASSWORD] --set master.persistence.existingClaim=[EXISTING_PVC] -``` - -> Note: You need to substitute the placeholders `REGISTRY_NAME` and `REPOSITORY_NAME` with a reference to your Helm chart registry and repository. For example, in the case of Bitnami, you need to use `REGISTRY_NAME=registry-1.docker.io` and `REPOSITORY_NAME=bitnamicharts`. - -| Note: you need to substitute the placeholder *[EXISTING_PVC]* with the name of the PVC used on your previous release, and *[PASSWORD]* with the password used in your previous release. - -### To 13.0.0 - -This major version updates the Redis® docker image version used from `6.0` to `6.2`, the new stable version. There are no major changes in the chart and there shouldn't be any breaking changes in it as `6.2` is basically a stricter superset of `6.0`. For more information, please refer to [Redis® 6.2 release notes](https://raw.githubusercontent.com/redis/redis/6.2/00-RELEASENOTES). - -### To 12.3.0 - -This version also introduces `bitnami/common`, a [library chart](https://helm.sh/docs/topics/library_charts/#helm) as a dependency. More documentation about this new utility could be found [here](https://github.com/bitnami/charts/tree/main/bitnami/common#bitnami-common-library-chart). Please, make sure that you have updated the chart dependencies before executing any upgrade. - -### To 12.0.0 - -[On November 13, 2020, Helm v2 support was formally finished](https://github.com/helm/charts#status-of-the-project), this major version is the result of the required changes applied to the Helm Chart to be able to incorporate the different features added in Helm v3 and to be consistent with the Helm project itself regarding the Helm v2 EOL. - -#### What changes were introduced in this major version? - -- Previous versions of this Helm Chart use `apiVersion: v1` (installable by both Helm 2 and 3), this Helm Chart was updated to `apiVersion: v2` (installable by Helm 3 only). [Here](https://helm.sh/docs/topics/charts/#the-apiversion-field) you can find more information about the `apiVersion` field. -- The different fields present in the *Chart.yaml* file has been ordered alphabetically in a homogeneous way for all the Bitnami Helm Charts - -#### Considerations when upgrading to this version - -- If you want to upgrade to this version from a previous one installed with Helm v3, you shouldn't face any issues -- If you want to upgrade to this version using Helm v2, this scenario is not supported as this version doesn't support Helm v2 anymore -- If you installed the previous version with Helm v2 and wants to upgrade to this version with Helm v3, please refer to the [official Helm documentation](https://helm.sh/docs/topics/v2_v3_migration/#migration-use-cases) about migrating from Helm v2 to v3 - -#### Useful links - -- -- -- - -### To 11.0.0 - -When using sentinel, a new statefulset called `-node` was introduced. This will break upgrading from a previous version where the statefulsets are called master and slave. Hence the PVC will not match the new naming and won't be reused. If you want to keep your data, you will need to perform a backup and then a restore the data in this new version. - -When deployed with sentinel enabled, only a group of nodes is deployed and the master/slave role is handled in the group. To avoid breaking the compatibility, the settings for this nodes are given through the `slave.xxxx` parameters in `values.yaml` - -### To 10.0.0 - -For releases with `usePassword: true`, the value `sentinel.usePassword` controls whether the password authentication also applies to the sentinel port. This defaults to `true` for a secure configuration, however it is possible to disable to account for the following cases: - -- Using a version of redis-sentinel prior to `5.0.1` where the authentication feature was introduced. -- Where redis clients need to be updated to support sentinel authentication. - -If using a master/slave topology, or with `usePassword: false`, no action is required. - -### To 9.0.0 - -The metrics exporter has been changed from a separate deployment to a sidecar container, due to the latest changes in the Redis® exporter code. Check the [official page](https://github.com/oliver006/redis_exporter/) for more information. The metrics container image was changed from oliver006/redis_exporter to bitnami/redis-exporter (Bitnami's maintained package of oliver006/redis_exporter). - -### To 8.0.18 - -For releases with `metrics.enabled: true` the default tag for the exporter image is now `v1.x.x`. This introduces many changes including metrics names. You'll want to use [this dashboard](https://github.com/oliver006/redis_exporter/blob/master/contrib/grafana_prometheus_redis_dashboard.json) now. Please see the [redis_exporter github page](https://github.com/oliver006/redis_exporter#upgrading-from-0x-to-1x) for more details. - -### To 7.0.0 - -This version causes a change in the Redis® Master StatefulSet definition, so the command helm upgrade would not work out of the box. As an alternative, one of the following could be done: - -- Recommended: Create a clone of the Redis® Master PVC (for example, using projects like [this one](https://github.com/edseymour/pvc-transfer)). Then launch a fresh release reusing this cloned PVC. - -```console -helm install my-release oci://REGISTRY_NAME/REPOSITORY_NAME/redis --set persistence.existingClaim= -``` - -> Note: You need to substitute the placeholders `REGISTRY_NAME` and `REPOSITORY_NAME` with a reference to your Helm chart registry and repository. For example, in the case of Bitnami, you need to use `REGISTRY_NAME=registry-1.docker.io` and `REPOSITORY_NAME=bitnamicharts`. - -- Alternative (not recommended, do at your own risk): `helm delete --purge` does not remove the PVC assigned to the Redis® Master StatefulSet. As a consequence, the following commands can be done to upgrade the release - -```console -helm delete --purge -helm install oci://REGISTRY_NAME/REPOSITORY_NAME/redis -``` - -> Note: You need to substitute the placeholders `REGISTRY_NAME` and `REPOSITORY_NAME` with a reference to your Helm chart registry and repository. For example, in the case of Bitnami, you need to use `REGISTRY_NAME=registry-1.docker.io` and `REPOSITORY_NAME=bitnamicharts`. - -Previous versions of the chart were not using persistence in the slaves, so this upgrade would add it to them. Another important change is that no values are inherited from master to slaves. For example, in 6.0.0 `slaves.readinessProbe.periodSeconds`, if empty, would be set to `master.readinessProbe.periodSeconds`. This approach lacked transparency and was difficult to maintain. From now on, all the slave parameters must be configured just as it is done with the masters. - -Some values have changed as well: - -- `master.port` and `slave.port` have been changed to `redisPort` (same value for both master and slaves) -- `master.securityContext` and `slave.securityContext` have been changed to `securityContext`(same values for both master and slaves) - -By default, the upgrade will not change the cluster topology. In case you want to use Redis® Sentinel, you must explicitly set `sentinel.enabled` to `true`. - -### To 6.0.0 - -Previous versions of the chart were using an init-container to change the permissions of the volumes. This was done in case the `securityContext` directive in the template was not enough for that (for example, with cephFS). In this new version of the chart, this container is disabled by default (which should not affect most of the deployments). If your installation still requires that init container, execute `helm upgrade` with the `--set volumePermissions.enabled=true`. - -### To 5.0.0 - -The default image in this release may be switched out for any image containing the `redis-server` -and `redis-cli` binaries. If `redis-server` is not the default image ENTRYPOINT, `master.command` -must be specified. - -#### Breaking changes - -- `master.args` and `slave.args` are removed. Use `master.command` or `slave.command` instead in order to override the image entrypoint, or `master.extraFlags` to pass additional flags to `redis-server`. -- `disableCommands` is now interpreted as an array of strings instead of a string of comma separated values. -- `master.persistence.path` now defaults to `/data`. - -### To 4.0.0 - -This version removes the `chart` label from the `spec.selector.matchLabels` -which is immutable since `StatefulSet apps/v1beta2`. It has been inadvertently -added, causing any subsequent upgrade to fail. See . - -It also fixes where a deployment `extensions/v1beta1` can not be upgraded if `spec.selector` is not explicitly set. - -Finally, it fixes by removing mutable labels in `spec.VolumeClaimTemplate.metadata.labels` so that it is upgradable. - -In order to upgrade, delete the Redis® StatefulSet before upgrading: - -```console -kubectl delete statefulsets.apps --cascade=false my-release-redis-master -``` - -And edit the Redis® slave (and metrics if enabled) deployment: - -```console -kubectl patch deployments my-release-redis-slave --type=json -p='[{"op": "remove", "path": "/spec/selector/matchLabels/chart"}]' -kubectl patch deployments my-release-redis-metrics --type=json -p='[{"op": "remove", "path": "/spec/selector/matchLabels/chart"}]' -``` - -## License - -Copyright © 2024 Broadcom. The term "Broadcom" refers to Broadcom Inc. and/or its subsidiaries. - -Licensed under the Apache License, Version 2.0 (the "License"); -you may not use this file except in compliance with the License. -You may obtain a copy of the License at - - - -Unless required by applicable law or agreed to in writing, software -distributed under the License is distributed on an "AS IS" BASIS, -WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -See the License for the specific language governing permissions and -limitations under the License. \ No newline at end of file diff --git a/packages/system/dashboard/charts/kubeapps/charts/redis/charts/common/.helmignore b/packages/system/dashboard/charts/kubeapps/charts/redis/charts/common/.helmignore deleted file mode 100644 index d0e10845..00000000 --- a/packages/system/dashboard/charts/kubeapps/charts/redis/charts/common/.helmignore +++ /dev/null @@ -1,26 +0,0 @@ -# Patterns to ignore when building packages. -# This supports shell glob matching, relative path matching, and -# negation (prefixed with !). Only one pattern per line. -.DS_Store -# Common VCS dirs -.git/ -.gitignore -.bzr/ -.bzrignore -.hg/ -.hgignore -.svn/ -# Common backup files -*.swp -*.bak -*.tmp -*~ -# Various IDEs -.project -.idea/ -*.tmproj -.vscode/ -# img folder -img/ -# Changelog -CHANGELOG.md diff --git a/packages/system/dashboard/charts/kubeapps/charts/redis/charts/common/Chart.yaml b/packages/system/dashboard/charts/kubeapps/charts/redis/charts/common/Chart.yaml deleted file mode 100644 index 8cc0aaa0..00000000 --- a/packages/system/dashboard/charts/kubeapps/charts/redis/charts/common/Chart.yaml +++ /dev/null @@ -1,23 +0,0 @@ -annotations: - category: Infrastructure - licenses: Apache-2.0 -apiVersion: v2 -appVersion: 2.23.0 -description: A Library Helm Chart for grouping common logic between bitnami charts. - This chart is not deployable by itself. -home: https://bitnami.com -icon: https://bitnami.com/downloads/logos/bitnami-mark.png -keywords: -- common -- helper -- template -- function -- bitnami -maintainers: -- name: Broadcom, Inc. All Rights Reserved. - url: https://github.com/bitnami/charts -name: common -sources: -- https://github.com/bitnami/charts/tree/main/bitnami/common -type: library -version: 2.23.0 diff --git a/packages/system/dashboard/charts/kubeapps/charts/redis/charts/common/README.md b/packages/system/dashboard/charts/kubeapps/charts/redis/charts/common/README.md deleted file mode 100644 index fee26c99..00000000 --- a/packages/system/dashboard/charts/kubeapps/charts/redis/charts/common/README.md +++ /dev/null @@ -1,235 +0,0 @@ -# Bitnami Common Library Chart - -A [Helm Library Chart](https://helm.sh/docs/topics/library_charts/#helm) for grouping common logic between Bitnami charts. - -## TL;DR - -```yaml -dependencies: - - name: common - version: 2.x.x - repository: oci://registry-1.docker.io/bitnamicharts -``` - -```console -helm dependency update -``` - -```yaml -apiVersion: v1 -kind: ConfigMap -metadata: - name: {{ include "common.names.fullname" . }} -data: - myvalue: "Hello World" -``` - -Looking to use our applications in production? Try [VMware Tanzu Application Catalog](https://bitnami.com/enterprise), the commercial edition of the Bitnami catalog. - -## Introduction - -This chart provides a common template helpers which can be used to develop new charts using [Helm](https://helm.sh) package manager. - -Bitnami charts can be used with [Kubeapps](https://kubeapps.dev/) for deployment and management of Helm Charts in clusters. - -## Prerequisites - -- Kubernetes 1.23+ -- Helm 3.8.0+ - -## Parameters - -## Special input schemas - -### ImageRoot - -```yaml -registry: - type: string - description: Docker registry where the image is located - example: docker.io - -repository: - type: string - description: Repository and image name - example: bitnami/nginx - -tag: - type: string - description: image tag - example: 1.16.1-debian-10-r63 - -pullPolicy: - type: string - description: Specify a imagePullPolicy. Defaults to 'Always' if image tag is 'latest', else set to 'IfNotPresent' - -pullSecrets: - type: array - items: - type: string - description: Optionally specify an array of imagePullSecrets (evaluated as templates). - -debug: - type: boolean - description: Set to true if you would like to see extra information on logs - example: false - -## An instance would be: -# registry: docker.io -# repository: bitnami/nginx -# tag: 1.16.1-debian-10-r63 -# pullPolicy: IfNotPresent -# debug: false -``` - -### Persistence - -```yaml -enabled: - type: boolean - description: Whether enable persistence. - example: true - -storageClass: - type: string - description: Ghost data Persistent Volume Storage Class, If set to "-", storageClassName: "" which disables dynamic provisioning. - example: "-" - -accessMode: - type: string - description: Access mode for the Persistent Volume Storage. - example: ReadWriteOnce - -size: - type: string - description: Size the Persistent Volume Storage. - example: 8Gi - -path: - type: string - description: Path to be persisted. - example: /bitnami - -## An instance would be: -# enabled: true -# storageClass: "-" -# accessMode: ReadWriteOnce -# size: 8Gi -# path: /bitnami -``` - -### ExistingSecret - -```yaml -name: - type: string - description: Name of the existing secret. - example: mySecret -keyMapping: - description: Mapping between the expected key name and the name of the key in the existing secret. - type: object - -## An instance would be: -# name: mySecret -# keyMapping: -# password: myPasswordKey -``` - -#### Example of use - -When we store sensitive data for a deployment in a secret, some times we want to give to users the possibility of using theirs existing secrets. - -```yaml -# templates/secret.yaml ---- -apiVersion: v1 -kind: Secret -metadata: - name: {{ include "common.names.fullname" . }} - labels: - app: {{ include "common.names.fullname" . }} -type: Opaque -data: - password: {{ .Values.password | b64enc | quote }} - -# templates/dpl.yaml ---- -... - env: - - name: PASSWORD - valueFrom: - secretKeyRef: - name: {{ include "common.secrets.name" (dict "existingSecret" .Values.existingSecret "context" $) }} - key: {{ include "common.secrets.key" (dict "existingSecret" .Values.existingSecret "key" "password") }} -... - -# values.yaml ---- -name: mySecret -keyMapping: - password: myPasswordKey -``` - -### ValidateValue - -#### NOTES.txt - -```console -{{- $validateValueConf00 := (dict "valueKey" "path.to.value00" "secret" "secretName" "field" "password-00") -}} -{{- $validateValueConf01 := (dict "valueKey" "path.to.value01" "secret" "secretName" "field" "password-01") -}} - -{{ include "common.validations.values.multiple.empty" (dict "required" (list $validateValueConf00 $validateValueConf01) "context" $) }} -``` - -If we force those values to be empty we will see some alerts - -```console -helm install test mychart --set path.to.value00="",path.to.value01="" - 'path.to.value00' must not be empty, please add '--set path.to.value00=$PASSWORD_00' to the command. To get the current value: - - export PASSWORD_00=$(kubectl get secret --namespace default secretName -o jsonpath="{.data.password-00}" | base64 -d) - - 'path.to.value01' must not be empty, please add '--set path.to.value01=$PASSWORD_01' to the command. To get the current value: - - export PASSWORD_01=$(kubectl get secret --namespace default secretName -o jsonpath="{.data.password-01}" | base64 -d) -``` - -## Upgrading - -### To 1.0.0 - -[On November 13, 2020, Helm v2 support was formally finished](https://github.com/helm/charts#status-of-the-project), this major version is the result of the required changes applied to the Helm Chart to be able to incorporate the different features added in Helm v3 and to be consistent with the Helm project itself regarding the Helm v2 EOL. - -#### What changes were introduced in this major version? - -- Previous versions of this Helm Chart use `apiVersion: v1` (installable by both Helm 2 and 3), this Helm Chart was updated to `apiVersion: v2` (installable by Helm 3 only). [Here](https://helm.sh/docs/topics/charts/#the-apiversion-field) you can find more information about the `apiVersion` field. -- Use `type: library`. [Here](https://v3.helm.sh/docs/faq/#library-chart-support) you can find more information. -- The different fields present in the *Chart.yaml* file has been ordered alphabetically in a homogeneous way for all the Bitnami Helm Charts - -#### Considerations when upgrading to this version - -- If you want to upgrade to this version from a previous one installed with Helm v3, you shouldn't face any issues -- If you want to upgrade to this version using Helm v2, this scenario is not supported as this version doesn't support Helm v2 anymore -- If you installed the previous version with Helm v2 and wants to upgrade to this version with Helm v3, please refer to the [official Helm documentation](https://helm.sh/docs/topics/v2_v3_migration/#migration-use-cases) about migrating from Helm v2 to v3 - -#### Useful links - -- -- -- - -## License - -Copyright © 2024 Broadcom. The term "Broadcom" refers to Broadcom Inc. and/or its subsidiaries. - -Licensed under the Apache License, Version 2.0 (the "License"); -you may not use this file except in compliance with the License. -You may obtain a copy of the License at - - - -Unless required by applicable law or agreed to in writing, software -distributed under the License is distributed on an "AS IS" BASIS, -WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -See the License for the specific language governing permissions and -limitations under the License. diff --git a/packages/system/dashboard/charts/kubeapps/charts/redis/charts/common/templates/_affinities.tpl b/packages/system/dashboard/charts/kubeapps/charts/redis/charts/common/templates/_affinities.tpl deleted file mode 100644 index c2d29079..00000000 --- a/packages/system/dashboard/charts/kubeapps/charts/redis/charts/common/templates/_affinities.tpl +++ /dev/null @@ -1,139 +0,0 @@ -{{/* -Copyright Broadcom, Inc. All Rights Reserved. -SPDX-License-Identifier: APACHE-2.0 -*/}} - -{{/* vim: set filetype=mustache: */}} - -{{/* -Return a soft nodeAffinity definition -{{ include "common.affinities.nodes.soft" (dict "key" "FOO" "values" (list "BAR" "BAZ")) -}} -*/}} -{{- define "common.affinities.nodes.soft" -}} -preferredDuringSchedulingIgnoredDuringExecution: - - preference: - matchExpressions: - - key: {{ .key }} - operator: In - values: - {{- range .values }} - - {{ . | quote }} - {{- end }} - weight: 1 -{{- end -}} - -{{/* -Return a hard nodeAffinity definition -{{ include "common.affinities.nodes.hard" (dict "key" "FOO" "values" (list "BAR" "BAZ")) -}} -*/}} -{{- define "common.affinities.nodes.hard" -}} -requiredDuringSchedulingIgnoredDuringExecution: - nodeSelectorTerms: - - matchExpressions: - - key: {{ .key }} - operator: In - values: - {{- range .values }} - - {{ . | quote }} - {{- end }} -{{- end -}} - -{{/* -Return a nodeAffinity definition -{{ include "common.affinities.nodes" (dict "type" "soft" "key" "FOO" "values" (list "BAR" "BAZ")) -}} -*/}} -{{- define "common.affinities.nodes" -}} - {{- if eq .type "soft" }} - {{- include "common.affinities.nodes.soft" . -}} - {{- else if eq .type "hard" }} - {{- include "common.affinities.nodes.hard" . -}} - {{- end -}} -{{- end -}} - -{{/* -Return a topologyKey definition -{{ include "common.affinities.topologyKey" (dict "topologyKey" "BAR") -}} -*/}} -{{- define "common.affinities.topologyKey" -}} -{{ .topologyKey | default "kubernetes.io/hostname" -}} -{{- end -}} - -{{/* -Return a soft podAffinity/podAntiAffinity definition -{{ include "common.affinities.pods.soft" (dict "component" "FOO" "customLabels" .Values.podLabels "extraMatchLabels" .Values.extraMatchLabels "topologyKey" "BAR" "extraPodAffinityTerms" .Values.extraPodAffinityTerms "context" $) -}} -*/}} -{{- define "common.affinities.pods.soft" -}} -{{- $component := default "" .component -}} -{{- $customLabels := default (dict) .customLabels -}} -{{- $extraMatchLabels := default (dict) .extraMatchLabels -}} -{{- $extraPodAffinityTerms := default (list) .extraPodAffinityTerms -}} -preferredDuringSchedulingIgnoredDuringExecution: - - podAffinityTerm: - labelSelector: - matchLabels: {{- (include "common.labels.matchLabels" ( dict "customLabels" $customLabels "context" .context )) | nindent 10 }} - {{- if not (empty $component) }} - {{ printf "app.kubernetes.io/component: %s" $component }} - {{- end }} - {{- range $key, $value := $extraMatchLabels }} - {{ $key }}: {{ $value | quote }} - {{- end }} - topologyKey: {{ include "common.affinities.topologyKey" (dict "topologyKey" .topologyKey) }} - weight: 1 - {{- range $extraPodAffinityTerms }} - - podAffinityTerm: - labelSelector: - matchLabels: {{- (include "common.labels.matchLabels" ( dict "customLabels" $customLabels "context" $.context )) | nindent 10 }} - {{- if not (empty $component) }} - {{ printf "app.kubernetes.io/component: %s" $component }} - {{- end }} - {{- range $key, $value := .extraMatchLabels }} - {{ $key }}: {{ $value | quote }} - {{- end }} - topologyKey: {{ include "common.affinities.topologyKey" (dict "topologyKey" .topologyKey) }} - weight: {{ .weight | default 1 -}} - {{- end -}} -{{- end -}} - -{{/* -Return a hard podAffinity/podAntiAffinity definition -{{ include "common.affinities.pods.hard" (dict "component" "FOO" "customLabels" .Values.podLabels "extraMatchLabels" .Values.extraMatchLabels "topologyKey" "BAR" "extraPodAffinityTerms" .Values.extraPodAffinityTerms "context" $) -}} -*/}} -{{- define "common.affinities.pods.hard" -}} -{{- $component := default "" .component -}} -{{- $customLabels := default (dict) .customLabels -}} -{{- $extraMatchLabels := default (dict) .extraMatchLabels -}} -{{- $extraPodAffinityTerms := default (list) .extraPodAffinityTerms -}} -requiredDuringSchedulingIgnoredDuringExecution: - - labelSelector: - matchLabels: {{- (include "common.labels.matchLabels" ( dict "customLabels" $customLabels "context" .context )) | nindent 8 }} - {{- if not (empty $component) }} - {{ printf "app.kubernetes.io/component: %s" $component }} - {{- end }} - {{- range $key, $value := $extraMatchLabels }} - {{ $key }}: {{ $value | quote }} - {{- end }} - topologyKey: {{ include "common.affinities.topologyKey" (dict "topologyKey" .topologyKey) }} - {{- range $extraPodAffinityTerms }} - - labelSelector: - matchLabels: {{- (include "common.labels.matchLabels" ( dict "customLabels" $customLabels "context" $.context )) | nindent 8 }} - {{- if not (empty $component) }} - {{ printf "app.kubernetes.io/component: %s" $component }} - {{- end }} - {{- range $key, $value := .extraMatchLabels }} - {{ $key }}: {{ $value | quote }} - {{- end }} - topologyKey: {{ include "common.affinities.topologyKey" (dict "topologyKey" .topologyKey) }} - {{- end -}} -{{- end -}} - -{{/* -Return a podAffinity/podAntiAffinity definition -{{ include "common.affinities.pods" (dict "type" "soft" "key" "FOO" "values" (list "BAR" "BAZ")) -}} -*/}} -{{- define "common.affinities.pods" -}} - {{- if eq .type "soft" }} - {{- include "common.affinities.pods.soft" . -}} - {{- else if eq .type "hard" }} - {{- include "common.affinities.pods.hard" . -}} - {{- end -}} -{{- end -}} diff --git a/packages/system/dashboard/charts/kubeapps/charts/redis/charts/common/templates/_capabilities.tpl b/packages/system/dashboard/charts/kubeapps/charts/redis/charts/common/templates/_capabilities.tpl deleted file mode 100644 index 2fe81d32..00000000 --- a/packages/system/dashboard/charts/kubeapps/charts/redis/charts/common/templates/_capabilities.tpl +++ /dev/null @@ -1,229 +0,0 @@ -{{/* -Copyright Broadcom, Inc. All Rights Reserved. -SPDX-License-Identifier: APACHE-2.0 -*/}} - -{{/* vim: set filetype=mustache: */}} - -{{/* -Return the target Kubernetes version -*/}} -{{- define "common.capabilities.kubeVersion" -}} -{{- default (default .Capabilities.KubeVersion.Version .Values.kubeVersion) ((.Values.global).kubeVersion) -}} -{{- end -}} - -{{/* -Return the appropriate apiVersion for poddisruptionbudget. -*/}} -{{- define "common.capabilities.policy.apiVersion" -}} -{{- $kubeVersion := include "common.capabilities.kubeVersion" . -}} -{{- if and (not (empty $kubeVersion)) (semverCompare "<1.21-0" $kubeVersion) -}} -{{- print "policy/v1beta1" -}} -{{- else -}} -{{- print "policy/v1" -}} -{{- end -}} -{{- end -}} - -{{/* -Return the appropriate apiVersion for networkpolicy. -*/}} -{{- define "common.capabilities.networkPolicy.apiVersion" -}} -{{- $kubeVersion := include "common.capabilities.kubeVersion" . -}} -{{- if and (not (empty $kubeVersion)) (semverCompare "<1.7-0" $kubeVersion) -}} -{{- print "extensions/v1beta1" -}} -{{- else -}} -{{- print "networking.k8s.io/v1" -}} -{{- end -}} -{{- end -}} - -{{/* -Return the appropriate apiVersion for cronjob. -*/}} -{{- define "common.capabilities.cronjob.apiVersion" -}} -{{- $kubeVersion := include "common.capabilities.kubeVersion" . -}} -{{- if and (not (empty $kubeVersion)) (semverCompare "<1.21-0" $kubeVersion) -}} -{{- print "batch/v1beta1" -}} -{{- else -}} -{{- print "batch/v1" -}} -{{- end -}} -{{- end -}} - -{{/* -Return the appropriate apiVersion for daemonset. -*/}} -{{- define "common.capabilities.daemonset.apiVersion" -}} -{{- $kubeVersion := include "common.capabilities.kubeVersion" . -}} -{{- if and (not (empty $kubeVersion)) (semverCompare "<1.14-0" $kubeVersion) -}} -{{- print "extensions/v1beta1" -}} -{{- else -}} -{{- print "apps/v1" -}} -{{- end -}} -{{- end -}} - -{{/* -Return the appropriate apiVersion for deployment. -*/}} -{{- define "common.capabilities.deployment.apiVersion" -}} -{{- $kubeVersion := include "common.capabilities.kubeVersion" . -}} -{{- if and (not (empty $kubeVersion)) (semverCompare "<1.14-0" $kubeVersion) -}} -{{- print "extensions/v1beta1" -}} -{{- else -}} -{{- print "apps/v1" -}} -{{- end -}} -{{- end -}} - -{{/* -Return the appropriate apiVersion for statefulset. -*/}} -{{- define "common.capabilities.statefulset.apiVersion" -}} -{{- $kubeVersion := include "common.capabilities.kubeVersion" . -}} -{{- if and (not (empty $kubeVersion)) (semverCompare "<1.14-0" $kubeVersion) -}} -{{- print "apps/v1beta1" -}} -{{- else -}} -{{- print "apps/v1" -}} -{{- end -}} -{{- end -}} - -{{/* -Return the appropriate apiVersion for ingress. -*/}} -{{- define "common.capabilities.ingress.apiVersion" -}} -{{- $kubeVersion := include "common.capabilities.kubeVersion" . -}} -{{- if (.Values.ingress).apiVersion -}} -{{- .Values.ingress.apiVersion -}} -{{- else if and (not (empty $kubeVersion)) (semverCompare "<1.14-0" $kubeVersion) -}} -{{- print "extensions/v1beta1" -}} -{{- else if and (not (empty $kubeVersion)) (semverCompare "<1.19-0" $kubeVersion) -}} -{{- print "networking.k8s.io/v1beta1" -}} -{{- else -}} -{{- print "networking.k8s.io/v1" -}} -{{- end }} -{{- end -}} - -{{/* -Return the appropriate apiVersion for RBAC resources. -*/}} -{{- define "common.capabilities.rbac.apiVersion" -}} -{{- $kubeVersion := include "common.capabilities.kubeVersion" . -}} -{{- if and (not (empty $kubeVersion)) (semverCompare "<1.17-0" $kubeVersion) -}} -{{- print "rbac.authorization.k8s.io/v1beta1" -}} -{{- else -}} -{{- print "rbac.authorization.k8s.io/v1" -}} -{{- end -}} -{{- end -}} - -{{/* -Return the appropriate apiVersion for CRDs. -*/}} -{{- define "common.capabilities.crd.apiVersion" -}} -{{- $kubeVersion := include "common.capabilities.kubeVersion" . -}} -{{- if and (not (empty $kubeVersion)) (semverCompare "<1.19-0" $kubeVersion) -}} -{{- print "apiextensions.k8s.io/v1beta1" -}} -{{- else -}} -{{- print "apiextensions.k8s.io/v1" -}} -{{- end -}} -{{- end -}} - -{{/* -Return the appropriate apiVersion for APIService. -*/}} -{{- define "common.capabilities.apiService.apiVersion" -}} -{{- $kubeVersion := include "common.capabilities.kubeVersion" . -}} -{{- if and (not (empty $kubeVersion)) (semverCompare "<1.10-0" $kubeVersion) -}} -{{- print "apiregistration.k8s.io/v1beta1" -}} -{{- else -}} -{{- print "apiregistration.k8s.io/v1" -}} -{{- end -}} -{{- end -}} - -{{/* -Return the appropriate apiVersion for Horizontal Pod Autoscaler. -*/}} -{{- define "common.capabilities.hpa.apiVersion" -}} -{{- $kubeVersion := include "common.capabilities.kubeVersion" .context -}} -{{- if and (not (empty $kubeVersion)) (semverCompare "<1.23-0" $kubeVersion) -}} -{{- if .beta2 -}} -{{- print "autoscaling/v2beta2" -}} -{{- else -}} -{{- print "autoscaling/v2beta1" -}} -{{- end -}} -{{- else -}} -{{- print "autoscaling/v2" -}} -{{- end -}} -{{- end -}} - -{{/* -Return the appropriate apiVersion for Vertical Pod Autoscaler. -*/}} -{{- define "common.capabilities.vpa.apiVersion" -}} -{{- $kubeVersion := include "common.capabilities.kubeVersion" .context -}} -{{- if and (not (empty $kubeVersion)) (semverCompare "<1.23-0" $kubeVersion) -}} -{{- if .beta2 -}} -{{- print "autoscaling/v2beta2" -}} -{{- else -}} -{{- print "autoscaling/v2beta1" -}} -{{- end -}} -{{- else -}} -{{- print "autoscaling/v2" -}} -{{- end -}} -{{- end -}} - -{{/* -Returns true if PodSecurityPolicy is supported -*/}} -{{- define "common.capabilities.psp.supported" -}} -{{- $kubeVersion := include "common.capabilities.kubeVersion" . -}} -{{- if or (empty $kubeVersion) (semverCompare "<1.25-0" $kubeVersion) -}} - {{- true -}} -{{- end -}} -{{- end -}} - -{{/* -Returns true if AdmissionConfiguration is supported -*/}} -{{- define "common.capabilities.admissionConfiguration.supported" -}} -{{- $kubeVersion := include "common.capabilities.kubeVersion" . -}} -{{- if or (empty $kubeVersion) (not (semverCompare "<1.23-0" $kubeVersion)) -}} - {{- true -}} -{{- end -}} -{{- end -}} - -{{/* -Return the appropriate apiVersion for AdmissionConfiguration. -*/}} -{{- define "common.capabilities.admissionConfiguration.apiVersion" -}} -{{- $kubeVersion := include "common.capabilities.kubeVersion" . -}} -{{- if and (not (empty $kubeVersion)) (semverCompare "<1.23-0" $kubeVersion) -}} -{{- print "apiserver.config.k8s.io/v1alpha1" -}} -{{- else if and (not (empty $kubeVersion)) (semverCompare "<1.25-0" $kubeVersion) -}} -{{- print "apiserver.config.k8s.io/v1beta1" -}} -{{- else -}} -{{- print "apiserver.config.k8s.io/v1" -}} -{{- end -}} -{{- end -}} - -{{/* -Return the appropriate apiVersion for PodSecurityConfiguration. -*/}} -{{- define "common.capabilities.podSecurityConfiguration.apiVersion" -}} -{{- $kubeVersion := include "common.capabilities.kubeVersion" . -}} -{{- if and (not (empty $kubeVersion)) (semverCompare "<1.23-0" $kubeVersion) -}} -{{- print "pod-security.admission.config.k8s.io/v1alpha1" -}} -{{- else if and (not (empty $kubeVersion)) (semverCompare "<1.25-0" $kubeVersion) -}} -{{- print "pod-security.admission.config.k8s.io/v1beta1" -}} -{{- else -}} -{{- print "pod-security.admission.config.k8s.io/v1" -}} -{{- end -}} -{{- end -}} - -{{/* -Returns true if the used Helm version is 3.3+. -A way to check the used Helm version was not introduced until version 3.3.0 with .Capabilities.HelmVersion, which contains an additional "{}}" structure. -This check is introduced as a regexMatch instead of {{ if .Capabilities.HelmVersion }} because checking for the key HelmVersion in <3.3 results in a "interface not found" error. -**To be removed when the catalog's minimun Helm version is 3.3** -*/}} -{{- define "common.capabilities.supportsHelmVersion" -}} -{{- if regexMatch "{(v[0-9])*[^}]*}}$" (.Capabilities | toString ) }} - {{- true -}} -{{- end -}} -{{- end -}} diff --git a/packages/system/dashboard/charts/kubeapps/charts/redis/charts/common/templates/_compatibility.tpl b/packages/system/dashboard/charts/kubeapps/charts/redis/charts/common/templates/_compatibility.tpl deleted file mode 100644 index a61588d6..00000000 --- a/packages/system/dashboard/charts/kubeapps/charts/redis/charts/common/templates/_compatibility.tpl +++ /dev/null @@ -1,46 +0,0 @@ -{{/* -Copyright Broadcom, Inc. All Rights Reserved. -SPDX-License-Identifier: APACHE-2.0 -*/}} - -{{/* vim: set filetype=mustache: */}} - -{{/* -Return true if the detected platform is Openshift -Usage: -{{- include "common.compatibility.isOpenshift" . -}} -*/}} -{{- define "common.compatibility.isOpenshift" -}} -{{- if .Capabilities.APIVersions.Has "security.openshift.io/v1" -}} -{{- true -}} -{{- end -}} -{{- end -}} - -{{/* -Render a compatible securityContext depending on the platform. By default it is maintained as it is. In other platforms like Openshift we remove default user/group values that do not work out of the box with the restricted-v1 SCC -Usage: -{{- include "common.compatibility.renderSecurityContext" (dict "secContext" .Values.containerSecurityContext "context" $) -}} -*/}} -{{- define "common.compatibility.renderSecurityContext" -}} -{{- $adaptedContext := .secContext -}} - -{{- if (((.context.Values.global).compatibility).openshift) -}} - {{- if or (eq .context.Values.global.compatibility.openshift.adaptSecurityContext "force") (and (eq .context.Values.global.compatibility.openshift.adaptSecurityContext "auto") (include "common.compatibility.isOpenshift" .context)) -}} - {{/* Remove incompatible user/group values that do not work in Openshift out of the box */}} - {{- $adaptedContext = omit $adaptedContext "fsGroup" "runAsUser" "runAsGroup" -}} - {{- if not .secContext.seLinuxOptions -}} - {{/* If it is an empty object, we remove it from the resulting context because it causes validation issues */}} - {{- $adaptedContext = omit $adaptedContext "seLinuxOptions" -}} - {{- end -}} - {{- end -}} -{{- end -}} -{{/* Remove empty seLinuxOptions object if global.compatibility.omitEmptySeLinuxOptions is set to true */}} -{{- if and (((.context.Values.global).compatibility).omitEmptySeLinuxOptions) (not .secContext.seLinuxOptions) -}} - {{- $adaptedContext = omit $adaptedContext "seLinuxOptions" -}} -{{- end -}} -{{/* Remove fields that are disregarded when running the container in privileged mode */}} -{{- if $adaptedContext.privileged -}} - {{- $adaptedContext = omit $adaptedContext "capabilities" "seLinuxOptions" -}} -{{- end -}} -{{- omit $adaptedContext "enabled" | toYaml -}} -{{- end -}} diff --git a/packages/system/dashboard/charts/kubeapps/charts/redis/charts/common/templates/_errors.tpl b/packages/system/dashboard/charts/kubeapps/charts/redis/charts/common/templates/_errors.tpl deleted file mode 100644 index e9653651..00000000 --- a/packages/system/dashboard/charts/kubeapps/charts/redis/charts/common/templates/_errors.tpl +++ /dev/null @@ -1,28 +0,0 @@ -{{/* -Copyright Broadcom, Inc. All Rights Reserved. -SPDX-License-Identifier: APACHE-2.0 -*/}} - -{{/* vim: set filetype=mustache: */}} -{{/* -Through error when upgrading using empty passwords values that must not be empty. - -Usage: -{{- $validationError00 := include "common.validations.values.single.empty" (dict "valueKey" "path.to.password00" "secret" "secretName" "field" "password-00") -}} -{{- $validationError01 := include "common.validations.values.single.empty" (dict "valueKey" "path.to.password01" "secret" "secretName" "field" "password-01") -}} -{{ include "common.errors.upgrade.passwords.empty" (dict "validationErrors" (list $validationError00 $validationError01) "context" $) }} - -Required password params: - - validationErrors - String - Required. List of validation strings to be return, if it is empty it won't throw error. - - context - Context - Required. Parent context. -*/}} -{{- define "common.errors.upgrade.passwords.empty" -}} - {{- $validationErrors := join "" .validationErrors -}} - {{- if and $validationErrors .context.Release.IsUpgrade -}} - {{- $errorString := "\nPASSWORDS ERROR: You must provide your current passwords when upgrading the release." -}} - {{- $errorString = print $errorString "\n Note that even after reinstallation, old credentials may be needed as they may be kept in persistent volume claims." -}} - {{- $errorString = print $errorString "\n Further information can be obtained at https://docs.bitnami.com/general/how-to/troubleshoot-helm-chart-issues/#credential-errors-while-upgrading-chart-releases" -}} - {{- $errorString = print $errorString "\n%s" -}} - {{- printf $errorString $validationErrors | fail -}} - {{- end -}} -{{- end -}} diff --git a/packages/system/dashboard/charts/kubeapps/charts/redis/charts/common/templates/_images.tpl b/packages/system/dashboard/charts/kubeapps/charts/redis/charts/common/templates/_images.tpl deleted file mode 100644 index 76bb7ce4..00000000 --- a/packages/system/dashboard/charts/kubeapps/charts/redis/charts/common/templates/_images.tpl +++ /dev/null @@ -1,115 +0,0 @@ -{{/* -Copyright Broadcom, Inc. All Rights Reserved. -SPDX-License-Identifier: APACHE-2.0 -*/}} - -{{/* vim: set filetype=mustache: */}} -{{/* -Return the proper image name. -If image tag and digest are not defined, termination fallbacks to chart appVersion. -{{ include "common.images.image" ( dict "imageRoot" .Values.path.to.the.image "global" .Values.global "chart" .Chart ) }} -*/}} -{{- define "common.images.image" -}} -{{- $registryName := default .imageRoot.registry ((.global).imageRegistry) -}} -{{- $repositoryName := .imageRoot.repository -}} -{{- $separator := ":" -}} -{{- $termination := .imageRoot.tag | toString -}} - -{{- if not .imageRoot.tag }} - {{- if .chart }} - {{- $termination = .chart.AppVersion | toString -}} - {{- end -}} -{{- end -}} -{{- if .imageRoot.digest }} - {{- $separator = "@" -}} - {{- $termination = .imageRoot.digest | toString -}} -{{- end -}} -{{- if $registryName }} - {{- printf "%s/%s%s%s" $registryName $repositoryName $separator $termination -}} -{{- else -}} - {{- printf "%s%s%s" $repositoryName $separator $termination -}} -{{- end -}} -{{- end -}} - -{{/* -Return the proper Docker Image Registry Secret Names (deprecated: use common.images.renderPullSecrets instead) -{{ include "common.images.pullSecrets" ( dict "images" (list .Values.path.to.the.image1, .Values.path.to.the.image2) "global" .Values.global) }} -*/}} -{{- define "common.images.pullSecrets" -}} - {{- $pullSecrets := list }} - - {{- range ((.global).imagePullSecrets) -}} - {{- if kindIs "map" . -}} - {{- $pullSecrets = append $pullSecrets .name -}} - {{- else -}} - {{- $pullSecrets = append $pullSecrets . -}} - {{- end }} - {{- end -}} - - {{- range .images -}} - {{- range .pullSecrets -}} - {{- if kindIs "map" . -}} - {{- $pullSecrets = append $pullSecrets .name -}} - {{- else -}} - {{- $pullSecrets = append $pullSecrets . -}} - {{- end -}} - {{- end -}} - {{- end -}} - - {{- if (not (empty $pullSecrets)) -}} -imagePullSecrets: - {{- range $pullSecrets | uniq }} - - name: {{ . }} - {{- end }} - {{- end }} -{{- end -}} - -{{/* -Return the proper Docker Image Registry Secret Names evaluating values as templates -{{ include "common.images.renderPullSecrets" ( dict "images" (list .Values.path.to.the.image1, .Values.path.to.the.image2) "context" $) }} -*/}} -{{- define "common.images.renderPullSecrets" -}} - {{- $pullSecrets := list }} - {{- $context := .context }} - - {{- range (($context.Values.global).imagePullSecrets) -}} - {{- if kindIs "map" . -}} - {{- $pullSecrets = append $pullSecrets (include "common.tplvalues.render" (dict "value" .name "context" $context)) -}} - {{- else -}} - {{- $pullSecrets = append $pullSecrets (include "common.tplvalues.render" (dict "value" . "context" $context)) -}} - {{- end -}} - {{- end -}} - - {{- range .images -}} - {{- range .pullSecrets -}} - {{- if kindIs "map" . -}} - {{- $pullSecrets = append $pullSecrets (include "common.tplvalues.render" (dict "value" .name "context" $context)) -}} - {{- else -}} - {{- $pullSecrets = append $pullSecrets (include "common.tplvalues.render" (dict "value" . "context" $context)) -}} - {{- end -}} - {{- end -}} - {{- end -}} - - {{- if (not (empty $pullSecrets)) -}} -imagePullSecrets: - {{- range $pullSecrets | uniq }} - - name: {{ . }} - {{- end }} - {{- end }} -{{- end -}} - -{{/* -Return the proper image version (ingores image revision/prerelease info & fallbacks to chart appVersion) -{{ include "common.images.version" ( dict "imageRoot" .Values.path.to.the.image "chart" .Chart ) }} -*/}} -{{- define "common.images.version" -}} -{{- $imageTag := .imageRoot.tag | toString -}} -{{/* regexp from https://github.com/Masterminds/semver/blob/23f51de38a0866c5ef0bfc42b3f735c73107b700/version.go#L41-L44 */}} -{{- if regexMatch `^([0-9]+)(\.[0-9]+)?(\.[0-9]+)?(-([0-9A-Za-z\-]+(\.[0-9A-Za-z\-]+)*))?(\+([0-9A-Za-z\-]+(\.[0-9A-Za-z\-]+)*))?$` $imageTag -}} - {{- $version := semver $imageTag -}} - {{- printf "%d.%d.%d" $version.Major $version.Minor $version.Patch -}} -{{- else -}} - {{- print .chart.AppVersion -}} -{{- end -}} -{{- end -}} - diff --git a/packages/system/dashboard/charts/kubeapps/charts/redis/charts/common/templates/_ingress.tpl b/packages/system/dashboard/charts/kubeapps/charts/redis/charts/common/templates/_ingress.tpl deleted file mode 100644 index 7d2b8798..00000000 --- a/packages/system/dashboard/charts/kubeapps/charts/redis/charts/common/templates/_ingress.tpl +++ /dev/null @@ -1,73 +0,0 @@ -{{/* -Copyright Broadcom, Inc. All Rights Reserved. -SPDX-License-Identifier: APACHE-2.0 -*/}} - -{{/* vim: set filetype=mustache: */}} - -{{/* -Generate backend entry that is compatible with all Kubernetes API versions. - -Usage: -{{ include "common.ingress.backend" (dict "serviceName" "backendName" "servicePort" "backendPort" "context" $) }} - -Params: - - serviceName - String. Name of an existing service backend - - servicePort - String/Int. Port name (or number) of the service. It will be translated to different yaml depending if it is a string or an integer. - - context - Dict - Required. The context for the template evaluation. -*/}} -{{- define "common.ingress.backend" -}} -{{- $apiVersion := (include "common.capabilities.ingress.apiVersion" .context) -}} -{{- if or (eq $apiVersion "extensions/v1beta1") (eq $apiVersion "networking.k8s.io/v1beta1") -}} -serviceName: {{ .serviceName }} -servicePort: {{ .servicePort }} -{{- else -}} -service: - name: {{ .serviceName }} - port: - {{- if typeIs "string" .servicePort }} - name: {{ .servicePort }} - {{- else if or (typeIs "int" .servicePort) (typeIs "float64" .servicePort) }} - number: {{ .servicePort | int }} - {{- end }} -{{- end -}} -{{- end -}} - -{{/* -Print "true" if the API pathType field is supported -Usage: -{{ include "common.ingress.supportsPathType" . }} -*/}} -{{- define "common.ingress.supportsPathType" -}} -{{- if (semverCompare "<1.18-0" (include "common.capabilities.kubeVersion" .)) -}} -{{- print "false" -}} -{{- else -}} -{{- print "true" -}} -{{- end -}} -{{- end -}} - -{{/* -Returns true if the ingressClassname field is supported -Usage: -{{ include "common.ingress.supportsIngressClassname" . }} -*/}} -{{- define "common.ingress.supportsIngressClassname" -}} -{{- if semverCompare "<1.18-0" (include "common.capabilities.kubeVersion" .) -}} -{{- print "false" -}} -{{- else -}} -{{- print "true" -}} -{{- end -}} -{{- end -}} - -{{/* -Return true if cert-manager required annotations for TLS signed -certificates are set in the Ingress annotations -Ref: https://cert-manager.io/docs/usage/ingress/#supported-annotations -Usage: -{{ include "common.ingress.certManagerRequest" ( dict "annotations" .Values.path.to.the.ingress.annotations ) }} -*/}} -{{- define "common.ingress.certManagerRequest" -}} -{{ if or (hasKey .annotations "cert-manager.io/cluster-issuer") (hasKey .annotations "cert-manager.io/issuer") (hasKey .annotations "kubernetes.io/tls-acme") }} - {{- true -}} -{{- end -}} -{{- end -}} diff --git a/packages/system/dashboard/charts/kubeapps/charts/redis/charts/common/templates/_labels.tpl b/packages/system/dashboard/charts/kubeapps/charts/redis/charts/common/templates/_labels.tpl deleted file mode 100644 index 0a0cc548..00000000 --- a/packages/system/dashboard/charts/kubeapps/charts/redis/charts/common/templates/_labels.tpl +++ /dev/null @@ -1,46 +0,0 @@ -{{/* -Copyright Broadcom, Inc. All Rights Reserved. -SPDX-License-Identifier: APACHE-2.0 -*/}} - -{{/* vim: set filetype=mustache: */}} - -{{/* -Kubernetes standard labels -{{ include "common.labels.standard" (dict "customLabels" .Values.commonLabels "context" $) -}} -*/}} -{{- define "common.labels.standard" -}} -{{- if and (hasKey . "customLabels") (hasKey . "context") -}} -{{- $default := dict "app.kubernetes.io/name" (include "common.names.name" .context) "helm.sh/chart" (include "common.names.chart" .context) "app.kubernetes.io/instance" .context.Release.Name "app.kubernetes.io/managed-by" .context.Release.Service -}} -{{- with .context.Chart.AppVersion -}} -{{- $_ := set $default "app.kubernetes.io/version" . -}} -{{- end -}} -{{ template "common.tplvalues.merge" (dict "values" (list .customLabels $default) "context" .context) }} -{{- else -}} -app.kubernetes.io/name: {{ include "common.names.name" . }} -helm.sh/chart: {{ include "common.names.chart" . }} -app.kubernetes.io/instance: {{ .Release.Name }} -app.kubernetes.io/managed-by: {{ .Release.Service }} -{{- with .Chart.AppVersion }} -app.kubernetes.io/version: {{ . | quote }} -{{- end -}} -{{- end -}} -{{- end -}} - -{{/* -Labels used on immutable fields such as deploy.spec.selector.matchLabels or svc.spec.selector -{{ include "common.labels.matchLabels" (dict "customLabels" .Values.podLabels "context" $) -}} - -We don't want to loop over custom labels appending them to the selector -since it's very likely that it will break deployments, services, etc. -However, it's important to overwrite the standard labels if the user -overwrote them on metadata.labels fields. -*/}} -{{- define "common.labels.matchLabels" -}} -{{- if and (hasKey . "customLabels") (hasKey . "context") -}} -{{ merge (pick (include "common.tplvalues.render" (dict "value" .customLabels "context" .context) | fromYaml) "app.kubernetes.io/name" "app.kubernetes.io/instance") (dict "app.kubernetes.io/name" (include "common.names.name" .context) "app.kubernetes.io/instance" .context.Release.Name ) | toYaml }} -{{- else -}} -app.kubernetes.io/name: {{ include "common.names.name" . }} -app.kubernetes.io/instance: {{ .Release.Name }} -{{- end -}} -{{- end -}} diff --git a/packages/system/dashboard/charts/kubeapps/charts/redis/charts/common/templates/_names.tpl b/packages/system/dashboard/charts/kubeapps/charts/redis/charts/common/templates/_names.tpl deleted file mode 100644 index ba839568..00000000 --- a/packages/system/dashboard/charts/kubeapps/charts/redis/charts/common/templates/_names.tpl +++ /dev/null @@ -1,71 +0,0 @@ -{{/* -Copyright Broadcom, Inc. All Rights Reserved. -SPDX-License-Identifier: APACHE-2.0 -*/}} - -{{/* vim: set filetype=mustache: */}} -{{/* -Expand the name of the chart. -*/}} -{{- define "common.names.name" -}} -{{- default .Chart.Name .Values.nameOverride | trunc 63 | trimSuffix "-" -}} -{{- end -}} - -{{/* -Create chart name and version as used by the chart label. -*/}} -{{- define "common.names.chart" -}} -{{- printf "%s-%s" .Chart.Name .Chart.Version | replace "+" "_" | trunc 63 | trimSuffix "-" -}} -{{- end -}} - -{{/* -Create a default fully qualified app name. -We truncate at 63 chars because some Kubernetes name fields are limited to this (by the DNS naming spec). -If release name contains chart name it will be used as a full name. -*/}} -{{- define "common.names.fullname" -}} -{{- if .Values.fullnameOverride -}} -{{- .Values.fullnameOverride | trunc 63 | trimSuffix "-" -}} -{{- else -}} -{{- $name := default .Chart.Name .Values.nameOverride -}} -{{- if contains $name .Release.Name -}} -{{- .Release.Name | trunc 63 | trimSuffix "-" -}} -{{- else -}} -{{- printf "%s-%s" .Release.Name $name | trunc 63 | trimSuffix "-" -}} -{{- end -}} -{{- end -}} -{{- end -}} - -{{/* -Create a default fully qualified dependency name. -We truncate at 63 chars because some Kubernetes name fields are limited to this (by the DNS naming spec). -If release name contains chart name it will be used as a full name. -Usage: -{{ include "common.names.dependency.fullname" (dict "chartName" "dependency-chart-name" "chartValues" .Values.dependency-chart "context" $) }} -*/}} -{{- define "common.names.dependency.fullname" -}} -{{- if .chartValues.fullnameOverride -}} -{{- .chartValues.fullnameOverride | trunc 63 | trimSuffix "-" -}} -{{- else -}} -{{- $name := default .chartName .chartValues.nameOverride -}} -{{- if contains $name .context.Release.Name -}} -{{- .context.Release.Name | trunc 63 | trimSuffix "-" -}} -{{- else -}} -{{- printf "%s-%s" .context.Release.Name $name | trunc 63 | trimSuffix "-" -}} -{{- end -}} -{{- end -}} -{{- end -}} - -{{/* -Allow the release namespace to be overridden for multi-namespace deployments in combined charts. -*/}} -{{- define "common.names.namespace" -}} -{{- default .Release.Namespace .Values.namespaceOverride | trunc 63 | trimSuffix "-" -}} -{{- end -}} - -{{/* -Create a fully qualified app name adding the installation's namespace. -*/}} -{{- define "common.names.fullname.namespace" -}} -{{- printf "%s-%s" (include "common.names.fullname" .) (include "common.names.namespace" .) | trunc 63 | trimSuffix "-" -}} -{{- end -}} diff --git a/packages/system/dashboard/charts/kubeapps/charts/redis/charts/common/templates/_resources.tpl b/packages/system/dashboard/charts/kubeapps/charts/redis/charts/common/templates/_resources.tpl deleted file mode 100644 index d8a43e1c..00000000 --- a/packages/system/dashboard/charts/kubeapps/charts/redis/charts/common/templates/_resources.tpl +++ /dev/null @@ -1,50 +0,0 @@ -{{/* -Copyright Broadcom, Inc. All Rights Reserved. -SPDX-License-Identifier: APACHE-2.0 -*/}} - -{{/* vim: set filetype=mustache: */}} - -{{/* -Return a resource request/limit object based on a given preset. -These presets are for basic testing and not meant to be used in production -{{ include "common.resources.preset" (dict "type" "nano") -}} -*/}} -{{- define "common.resources.preset" -}} -{{/* The limits are the requests increased by 50% (except ephemeral-storage and xlarge/2xlarge sizes)*/}} -{{- $presets := dict - "nano" (dict - "requests" (dict "cpu" "100m" "memory" "128Mi" "ephemeral-storage" "50Mi") - "limits" (dict "cpu" "150m" "memory" "192Mi" "ephemeral-storage" "2Gi") - ) - "micro" (dict - "requests" (dict "cpu" "250m" "memory" "256Mi" "ephemeral-storage" "50Mi") - "limits" (dict "cpu" "375m" "memory" "384Mi" "ephemeral-storage" "2Gi") - ) - "small" (dict - "requests" (dict "cpu" "500m" "memory" "512Mi" "ephemeral-storage" "50Mi") - "limits" (dict "cpu" "750m" "memory" "768Mi" "ephemeral-storage" "2Gi") - ) - "medium" (dict - "requests" (dict "cpu" "500m" "memory" "1024Mi" "ephemeral-storage" "50Mi") - "limits" (dict "cpu" "750m" "memory" "1536Mi" "ephemeral-storage" "2Gi") - ) - "large" (dict - "requests" (dict "cpu" "1.0" "memory" "2048Mi" "ephemeral-storage" "50Mi") - "limits" (dict "cpu" "1.5" "memory" "3072Mi" "ephemeral-storage" "2Gi") - ) - "xlarge" (dict - "requests" (dict "cpu" "1.0" "memory" "3072Mi" "ephemeral-storage" "50Mi") - "limits" (dict "cpu" "3.0" "memory" "6144Mi" "ephemeral-storage" "2Gi") - ) - "2xlarge" (dict - "requests" (dict "cpu" "1.0" "memory" "3072Mi" "ephemeral-storage" "50Mi") - "limits" (dict "cpu" "6.0" "memory" "12288Mi" "ephemeral-storage" "2Gi") - ) - }} -{{- if hasKey $presets .type -}} -{{- index $presets .type | toYaml -}} -{{- else -}} -{{- printf "ERROR: Preset key '%s' invalid. Allowed values are %s" .type (join "," (keys $presets)) | fail -}} -{{- end -}} -{{- end -}} diff --git a/packages/system/dashboard/charts/kubeapps/charts/redis/charts/common/templates/_secrets.tpl b/packages/system/dashboard/charts/kubeapps/charts/redis/charts/common/templates/_secrets.tpl deleted file mode 100644 index 801918ce..00000000 --- a/packages/system/dashboard/charts/kubeapps/charts/redis/charts/common/templates/_secrets.tpl +++ /dev/null @@ -1,185 +0,0 @@ -{{/* -Copyright Broadcom, Inc. All Rights Reserved. -SPDX-License-Identifier: APACHE-2.0 -*/}} - -{{/* vim: set filetype=mustache: */}} -{{/* -Generate secret name. - -Usage: -{{ include "common.secrets.name" (dict "existingSecret" .Values.path.to.the.existingSecret "defaultNameSuffix" "mySuffix" "context" $) }} - -Params: - - existingSecret - ExistingSecret/String - Optional. The path to the existing secrets in the values.yaml given by the user - to be used instead of the default one. Allows for it to be of type String (just the secret name) for backwards compatibility. - +info: https://github.com/bitnami/charts/tree/main/bitnami/common#existingsecret - - defaultNameSuffix - String - Optional. It is used only if we have several secrets in the same deployment. - - context - Dict - Required. The context for the template evaluation. -*/}} -{{- define "common.secrets.name" -}} -{{- $name := (include "common.names.fullname" .context) -}} - -{{- if .defaultNameSuffix -}} -{{- $name = printf "%s-%s" $name .defaultNameSuffix | trunc 63 | trimSuffix "-" -}} -{{- end -}} - -{{- with .existingSecret -}} -{{- if not (typeIs "string" .) -}} -{{- with .name -}} -{{- $name = . -}} -{{- end -}} -{{- else -}} -{{- $name = . -}} -{{- end -}} -{{- end -}} - -{{- printf "%s" $name -}} -{{- end -}} - -{{/* -Generate secret key. - -Usage: -{{ include "common.secrets.key" (dict "existingSecret" .Values.path.to.the.existingSecret "key" "keyName") }} - -Params: - - existingSecret - ExistingSecret/String - Optional. The path to the existing secrets in the values.yaml given by the user - to be used instead of the default one. Allows for it to be of type String (just the secret name) for backwards compatibility. - +info: https://github.com/bitnami/charts/tree/main/bitnami/common#existingsecret - - key - String - Required. Name of the key in the secret. -*/}} -{{- define "common.secrets.key" -}} -{{- $key := .key -}} - -{{- if .existingSecret -}} - {{- if not (typeIs "string" .existingSecret) -}} - {{- if .existingSecret.keyMapping -}} - {{- $key = index .existingSecret.keyMapping $.key -}} - {{- end -}} - {{- end }} -{{- end -}} - -{{- printf "%s" $key -}} -{{- end -}} - -{{/* -Generate secret password or retrieve one if already created. - -Usage: -{{ include "common.secrets.passwords.manage" (dict "secret" "secret-name" "key" "keyName" "providedValues" (list "path.to.password1" "path.to.password2") "length" 10 "strong" false "chartName" "chartName" "context" $) }} - -Params: - - secret - String - Required - Name of the 'Secret' resource where the password is stored. - - key - String - Required - Name of the key in the secret. - - providedValues - List - Required - The path to the validating value in the values.yaml, e.g: "mysql.password". Will pick first parameter with a defined value. - - length - int - Optional - Length of the generated random password. - - strong - Boolean - Optional - Whether to add symbols to the generated random password. - - chartName - String - Optional - Name of the chart used when said chart is deployed as a subchart. - - context - Context - Required - Parent context. - - failOnNew - Boolean - Optional - Default to true. If set to false, skip errors adding new keys to existing secrets. - - skipB64enc - Boolean - Optional - Default to false. If set to true, no the secret will not be base64 encrypted. - - skipQuote - Boolean - Optional - Default to false. If set to true, no quotes will be added around the secret. -The order in which this function returns a secret password: - 1. Already existing 'Secret' resource - (If a 'Secret' resource is found under the name provided to the 'secret' parameter to this function and that 'Secret' resource contains a key with the name passed as the 'key' parameter to this function then the value of this existing secret password will be returned) - 2. Password provided via the values.yaml - (If one of the keys passed to the 'providedValues' parameter to this function is a valid path to a key in the values.yaml and has a value, the value of the first key with a value will be returned) - 3. Randomly generated secret password - (A new random secret password with the length specified in the 'length' parameter will be generated and returned) - -*/}} -{{- define "common.secrets.passwords.manage" -}} - -{{- $password := "" }} -{{- $subchart := "" }} -{{- $chartName := default "" .chartName }} -{{- $passwordLength := default 10 .length }} -{{- $providedPasswordKey := include "common.utils.getKeyFromList" (dict "keys" .providedValues "context" $.context) }} -{{- $providedPasswordValue := include "common.utils.getValueFromKey" (dict "key" $providedPasswordKey "context" $.context) }} -{{- $secretData := (lookup "v1" "Secret" (include "common.names.namespace" .context) .secret).data }} -{{- if $secretData }} - {{- if hasKey $secretData .key }} - {{- $password = index $secretData .key | b64dec }} - {{- else if not (eq .failOnNew false) }} - {{- printf "\nPASSWORDS ERROR: The secret \"%s\" does not contain the key \"%s\"\n" .secret .key | fail -}} - {{- end -}} -{{- end }} - -{{- if not $password }} - {{- if $providedPasswordValue }} - {{- $password = $providedPasswordValue | toString }} - {{- else }} - {{- if .context.Values.enabled }} - {{- $subchart = $chartName }} - {{- end -}} - - {{- if not (eq .failOnNew false) }} - {{- $requiredPassword := dict "valueKey" $providedPasswordKey "secret" .secret "field" .key "subchart" $subchart "context" $.context -}} - {{- $requiredPasswordError := include "common.validations.values.single.empty" $requiredPassword -}} - {{- $passwordValidationErrors := list $requiredPasswordError -}} - {{- include "common.errors.upgrade.passwords.empty" (dict "validationErrors" $passwordValidationErrors "context" $.context) -}} - {{- end }} - - {{- if .strong }} - {{- $subStr := list (lower (randAlpha 1)) (randNumeric 1) (upper (randAlpha 1)) | join "_" }} - {{- $password = randAscii $passwordLength }} - {{- $password = regexReplaceAllLiteral "\\W" $password "@" | substr 5 $passwordLength }} - {{- $password = printf "%s%s" $subStr $password | toString | shuffle }} - {{- else }} - {{- $password = randAlphaNum $passwordLength }} - {{- end }} - {{- end -}} -{{- end -}} -{{- if not .skipB64enc }} -{{- $password = $password | b64enc }} -{{- end -}} -{{- if .skipQuote -}} -{{- printf "%s" $password -}} -{{- else -}} -{{- printf "%s" $password | quote -}} -{{- end -}} -{{- end -}} - -{{/* -Reuses the value from an existing secret, otherwise sets its value to a default value. - -Usage: -{{ include "common.secrets.lookup" (dict "secret" "secret-name" "key" "keyName" "defaultValue" .Values.myValue "context" $) }} - -Params: - - secret - String - Required - Name of the 'Secret' resource where the password is stored. - - key - String - Required - Name of the key in the secret. - - defaultValue - String - Required - The path to the validating value in the values.yaml, e.g: "mysql.password". Will pick first parameter with a defined value. - - context - Context - Required - Parent context. - -*/}} -{{- define "common.secrets.lookup" -}} -{{- $value := "" -}} -{{- $secretData := (lookup "v1" "Secret" (include "common.names.namespace" .context) .secret).data -}} -{{- if and $secretData (hasKey $secretData .key) -}} - {{- $value = index $secretData .key -}} -{{- else if .defaultValue -}} - {{- $value = .defaultValue | toString | b64enc -}} -{{- end -}} -{{- if $value -}} -{{- printf "%s" $value -}} -{{- end -}} -{{- end -}} - -{{/* -Returns whether a previous generated secret already exists - -Usage: -{{ include "common.secrets.exists" (dict "secret" "secret-name" "context" $) }} - -Params: - - secret - String - Required - Name of the 'Secret' resource where the password is stored. - - context - Context - Required - Parent context. -*/}} -{{- define "common.secrets.exists" -}} -{{- $secret := (lookup "v1" "Secret" (include "common.names.namespace" .context) .secret) }} -{{- if $secret }} - {{- true -}} -{{- end -}} -{{- end -}} diff --git a/packages/system/dashboard/charts/kubeapps/charts/redis/charts/common/templates/_storage.tpl b/packages/system/dashboard/charts/kubeapps/charts/redis/charts/common/templates/_storage.tpl deleted file mode 100644 index aa75856c..00000000 --- a/packages/system/dashboard/charts/kubeapps/charts/redis/charts/common/templates/_storage.tpl +++ /dev/null @@ -1,21 +0,0 @@ -{{/* -Copyright Broadcom, Inc. All Rights Reserved. -SPDX-License-Identifier: APACHE-2.0 -*/}} - -{{/* vim: set filetype=mustache: */}} - -{{/* -Return the proper Storage Class -{{ include "common.storage.class" ( dict "persistence" .Values.path.to.the.persistence "global" $) }} -*/}} -{{- define "common.storage.class" -}} -{{- $storageClass := (.global).storageClass | default .persistence.storageClass | default (.global).defaultStorageClass | default "" -}} -{{- if $storageClass -}} - {{- if (eq "-" $storageClass) -}} - {{- printf "storageClassName: \"\"" -}} - {{- else -}} - {{- printf "storageClassName: %s" $storageClass -}} - {{- end -}} -{{- end -}} -{{- end -}} diff --git a/packages/system/dashboard/charts/kubeapps/charts/redis/charts/common/templates/_tplvalues.tpl b/packages/system/dashboard/charts/kubeapps/charts/redis/charts/common/templates/_tplvalues.tpl deleted file mode 100644 index c84d72c8..00000000 --- a/packages/system/dashboard/charts/kubeapps/charts/redis/charts/common/templates/_tplvalues.tpl +++ /dev/null @@ -1,38 +0,0 @@ -{{/* -Copyright Broadcom, Inc. All Rights Reserved. -SPDX-License-Identifier: APACHE-2.0 -*/}} - -{{/* vim: set filetype=mustache: */}} -{{/* -Renders a value that contains template perhaps with scope if the scope is present. -Usage: -{{ include "common.tplvalues.render" ( dict "value" .Values.path.to.the.Value "context" $ ) }} -{{ include "common.tplvalues.render" ( dict "value" .Values.path.to.the.Value "context" $ "scope" $app ) }} -*/}} -{{- define "common.tplvalues.render" -}} -{{- $value := typeIs "string" .value | ternary .value (.value | toYaml) }} -{{- if contains "{{" (toJson .value) }} - {{- if .scope }} - {{- tpl (cat "{{- with $.RelativeScope -}}" $value "{{- end }}") (merge (dict "RelativeScope" .scope) .context) }} - {{- else }} - {{- tpl $value .context }} - {{- end }} -{{- else }} - {{- $value }} -{{- end }} -{{- end -}} - -{{/* -Merge a list of values that contains template after rendering them. -Merge precedence is consistent with http://masterminds.github.io/sprig/dicts.html#merge-mustmerge -Usage: -{{ include "common.tplvalues.merge" ( dict "values" (list .Values.path.to.the.Value1 .Values.path.to.the.Value2) "context" $ ) }} -*/}} -{{- define "common.tplvalues.merge" -}} -{{- $dst := dict -}} -{{- range .values -}} -{{- $dst = include "common.tplvalues.render" (dict "value" . "context" $.context "scope" $.scope) | fromYaml | merge $dst -}} -{{- end -}} -{{ $dst | toYaml }} -{{- end -}} diff --git a/packages/system/dashboard/charts/kubeapps/charts/redis/charts/common/templates/_utils.tpl b/packages/system/dashboard/charts/kubeapps/charts/redis/charts/common/templates/_utils.tpl deleted file mode 100644 index d53c74aa..00000000 --- a/packages/system/dashboard/charts/kubeapps/charts/redis/charts/common/templates/_utils.tpl +++ /dev/null @@ -1,77 +0,0 @@ -{{/* -Copyright Broadcom, Inc. All Rights Reserved. -SPDX-License-Identifier: APACHE-2.0 -*/}} - -{{/* vim: set filetype=mustache: */}} -{{/* -Print instructions to get a secret value. -Usage: -{{ include "common.utils.secret.getvalue" (dict "secret" "secret-name" "field" "secret-value-field" "context" $) }} -*/}} -{{- define "common.utils.secret.getvalue" -}} -{{- $varname := include "common.utils.fieldToEnvVar" . -}} -export {{ $varname }}=$(kubectl get secret --namespace {{ include "common.names.namespace" .context | quote }} {{ .secret }} -o jsonpath="{.data.{{ .field }}}" | base64 -d) -{{- end -}} - -{{/* -Build env var name given a field -Usage: -{{ include "common.utils.fieldToEnvVar" dict "field" "my-password" }} -*/}} -{{- define "common.utils.fieldToEnvVar" -}} - {{- $fieldNameSplit := splitList "-" .field -}} - {{- $upperCaseFieldNameSplit := list -}} - - {{- range $fieldNameSplit -}} - {{- $upperCaseFieldNameSplit = append $upperCaseFieldNameSplit ( upper . ) -}} - {{- end -}} - - {{ join "_" $upperCaseFieldNameSplit }} -{{- end -}} - -{{/* -Gets a value from .Values given -Usage: -{{ include "common.utils.getValueFromKey" (dict "key" "path.to.key" "context" $) }} -*/}} -{{- define "common.utils.getValueFromKey" -}} -{{- $splitKey := splitList "." .key -}} -{{- $value := "" -}} -{{- $latestObj := $.context.Values -}} -{{- range $splitKey -}} - {{- if not $latestObj -}} - {{- printf "please review the entire path of '%s' exists in values" $.key | fail -}} - {{- end -}} - {{- $value = ( index $latestObj . ) -}} - {{- $latestObj = $value -}} -{{- end -}} -{{- printf "%v" (default "" $value) -}} -{{- end -}} - -{{/* -Returns first .Values key with a defined value or first of the list if all non-defined -Usage: -{{ include "common.utils.getKeyFromList" (dict "keys" (list "path.to.key1" "path.to.key2") "context" $) }} -*/}} -{{- define "common.utils.getKeyFromList" -}} -{{- $key := first .keys -}} -{{- $reverseKeys := reverse .keys }} -{{- range $reverseKeys }} - {{- $value := include "common.utils.getValueFromKey" (dict "key" . "context" $.context ) }} - {{- if $value -}} - {{- $key = . }} - {{- end -}} -{{- end -}} -{{- printf "%s" $key -}} -{{- end -}} - -{{/* -Checksum a template at "path" containing a *single* resource (ConfigMap,Secret) for use in pod annotations, excluding the metadata (see #18376). -Usage: -{{ include "common.utils.checksumTemplate" (dict "path" "/configmap.yaml" "context" $) }} -*/}} -{{- define "common.utils.checksumTemplate" -}} -{{- $obj := include (print .context.Template.BasePath .path) .context | fromYaml -}} -{{ omit $obj "apiVersion" "kind" "metadata" | toYaml | sha256sum }} -{{- end -}} diff --git a/packages/system/dashboard/charts/kubeapps/charts/redis/charts/common/templates/_warnings.tpl b/packages/system/dashboard/charts/kubeapps/charts/redis/charts/common/templates/_warnings.tpl deleted file mode 100644 index e4dbecde..00000000 --- a/packages/system/dashboard/charts/kubeapps/charts/redis/charts/common/templates/_warnings.tpl +++ /dev/null @@ -1,109 +0,0 @@ -{{/* -Copyright Broadcom, Inc. All Rights Reserved. -SPDX-License-Identifier: APACHE-2.0 -*/}} - -{{/* vim: set filetype=mustache: */}} -{{/* -Warning about using rolling tag. -Usage: -{{ include "common.warnings.rollingTag" .Values.path.to.the.imageRoot }} -*/}} -{{- define "common.warnings.rollingTag" -}} - -{{- if and (contains "bitnami/" .repository) (not (.tag | toString | regexFind "-r\\d+$|sha256:")) }} -WARNING: Rolling tag detected ({{ .repository }}:{{ .tag }}), please note that it is strongly recommended to avoid using rolling tags in a production environment. -+info https://docs.vmware.com/en/VMware-Tanzu-Application-Catalog/services/tutorials/GUID-understand-rolling-tags-containers-index.html -{{- end }} -{{- end -}} - -{{/* -Warning about replaced images from the original. -Usage: -{{ include "common.warnings.modifiedImages" (dict "images" (list .Values.path.to.the.imageRoot) "context" $) }} -*/}} -{{- define "common.warnings.modifiedImages" -}} -{{- $affectedImages := list -}} -{{- $printMessage := false -}} -{{- $originalImages := .context.Chart.Annotations.images -}} -{{- range .images -}} - {{- $fullImageName := printf (printf "%s/%s:%s" .registry .repository .tag) -}} - {{- if not (contains $fullImageName $originalImages) }} - {{- $affectedImages = append $affectedImages (printf "%s/%s:%s" .registry .repository .tag) -}} - {{- $printMessage = true -}} - {{- end -}} -{{- end -}} -{{- if $printMessage }} - -⚠ SECURITY WARNING: Original containers have been substituted. This Helm chart was designed, tested, and validated on multiple platforms using a specific set of Bitnami and Tanzu Application Catalog containers. Substituting other containers is likely to cause degraded security and performance, broken chart features, and missing environment variables. - -Substituted images detected: -{{- range $affectedImages }} - - {{ . }} -{{- end }} -{{- end -}} -{{- end -}} - -{{/* -Warning about not setting the resource object in all deployments. -Usage: -{{ include "common.warnings.resources" (dict "sections" (list "path1" "path2") context $) }} -Example: -{{- include "common.warnings.resources" (dict "sections" (list "csiProvider.provider" "server" "volumePermissions" "") "context" $) }} -The list in the example assumes that the following values exist: - - csiProvider.provider.resources - - server.resources - - volumePermissions.resources - - resources -*/}} -{{- define "common.warnings.resources" -}} -{{- $values := .context.Values -}} -{{- $printMessage := false -}} -{{ $affectedSections := list -}} -{{- range .sections -}} - {{- if eq . "" -}} - {{/* Case where the resources section is at the root (one main deployment in the chart) */}} - {{- if not (index $values "resources") -}} - {{- $affectedSections = append $affectedSections "resources" -}} - {{- $printMessage = true -}} - {{- end -}} - {{- else -}} - {{/* Case where the are multiple resources sections (more than one main deployment in the chart) */}} - {{- $keys := split "." . -}} - {{/* We iterate through the different levels until arriving to the resource section. Example: a.b.c.resources */}} - {{- $section := $values -}} - {{- range $keys -}} - {{- $section = index $section . -}} - {{- end -}} - {{- if not (index $section "resources") -}} - {{/* If the section has enabled=false or replicaCount=0, do not include it */}} - {{- if and (hasKey $section "enabled") -}} - {{- if index $section "enabled" -}} - {{/* enabled=true */}} - {{- $affectedSections = append $affectedSections (printf "%s.resources" .) -}} - {{- $printMessage = true -}} - {{- end -}} - {{- else if and (hasKey $section "replicaCount") -}} - {{/* We need a casting to int because number 0 is not treated as an int by default */}} - {{- if (gt (index $section "replicaCount" | int) 0) -}} - {{/* replicaCount > 0 */}} - {{- $affectedSections = append $affectedSections (printf "%s.resources" .) -}} - {{- $printMessage = true -}} - {{- end -}} - {{- else -}} - {{/* Default case, add it to the affected sections */}} - {{- $affectedSections = append $affectedSections (printf "%s.resources" .) -}} - {{- $printMessage = true -}} - {{- end -}} - {{- end -}} - {{- end -}} -{{- end -}} -{{- if $printMessage }} - -WARNING: There are "resources" sections in the chart not set. Using "resourcesPreset" is not recommended for production. For production installations, please set the following values according to your workload needs: -{{- range $affectedSections }} - - {{ . }} -{{- end }} -+info https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/ -{{- end -}} -{{- end -}} diff --git a/packages/system/dashboard/charts/kubeapps/charts/redis/charts/common/templates/validations/_cassandra.tpl b/packages/system/dashboard/charts/kubeapps/charts/redis/charts/common/templates/validations/_cassandra.tpl deleted file mode 100644 index 3f41ff8f..00000000 --- a/packages/system/dashboard/charts/kubeapps/charts/redis/charts/common/templates/validations/_cassandra.tpl +++ /dev/null @@ -1,77 +0,0 @@ -{{/* -Copyright Broadcom, Inc. All Rights Reserved. -SPDX-License-Identifier: APACHE-2.0 -*/}} - -{{/* vim: set filetype=mustache: */}} -{{/* -Validate Cassandra required passwords are not empty. - -Usage: -{{ include "common.validations.values.cassandra.passwords" (dict "secret" "secretName" "subchart" false "context" $) }} -Params: - - secret - String - Required. Name of the secret where Cassandra values are stored, e.g: "cassandra-passwords-secret" - - subchart - Boolean - Optional. Whether Cassandra is used as subchart or not. Default: false -*/}} -{{- define "common.validations.values.cassandra.passwords" -}} - {{- $existingSecret := include "common.cassandra.values.existingSecret" . -}} - {{- $enabled := include "common.cassandra.values.enabled" . -}} - {{- $dbUserPrefix := include "common.cassandra.values.key.dbUser" . -}} - {{- $valueKeyPassword := printf "%s.password" $dbUserPrefix -}} - - {{- if and (or (not $existingSecret) (eq $existingSecret "\"\"")) (eq $enabled "true") -}} - {{- $requiredPasswords := list -}} - - {{- $requiredPassword := dict "valueKey" $valueKeyPassword "secret" .secret "field" "cassandra-password" -}} - {{- $requiredPasswords = append $requiredPasswords $requiredPassword -}} - - {{- include "common.validations.values.multiple.empty" (dict "required" $requiredPasswords "context" .context) -}} - - {{- end -}} -{{- end -}} - -{{/* -Auxiliary function to get the right value for existingSecret. - -Usage: -{{ include "common.cassandra.values.existingSecret" (dict "context" $) }} -Params: - - subchart - Boolean - Optional. Whether Cassandra is used as subchart or not. Default: false -*/}} -{{- define "common.cassandra.values.existingSecret" -}} - {{- if .subchart -}} - {{- .context.Values.cassandra.dbUser.existingSecret | quote -}} - {{- else -}} - {{- .context.Values.dbUser.existingSecret | quote -}} - {{- end -}} -{{- end -}} - -{{/* -Auxiliary function to get the right value for enabled cassandra. - -Usage: -{{ include "common.cassandra.values.enabled" (dict "context" $) }} -*/}} -{{- define "common.cassandra.values.enabled" -}} - {{- if .subchart -}} - {{- printf "%v" .context.Values.cassandra.enabled -}} - {{- else -}} - {{- printf "%v" (not .context.Values.enabled) -}} - {{- end -}} -{{- end -}} - -{{/* -Auxiliary function to get the right value for the key dbUser - -Usage: -{{ include "common.cassandra.values.key.dbUser" (dict "subchart" "true" "context" $) }} -Params: - - subchart - Boolean - Optional. Whether Cassandra is used as subchart or not. Default: false -*/}} -{{- define "common.cassandra.values.key.dbUser" -}} - {{- if .subchart -}} - cassandra.dbUser - {{- else -}} - dbUser - {{- end -}} -{{- end -}} diff --git a/packages/system/dashboard/charts/kubeapps/charts/redis/charts/common/templates/validations/_mariadb.tpl b/packages/system/dashboard/charts/kubeapps/charts/redis/charts/common/templates/validations/_mariadb.tpl deleted file mode 100644 index 6ea8c0f4..00000000 --- a/packages/system/dashboard/charts/kubeapps/charts/redis/charts/common/templates/validations/_mariadb.tpl +++ /dev/null @@ -1,108 +0,0 @@ -{{/* -Copyright Broadcom, Inc. All Rights Reserved. -SPDX-License-Identifier: APACHE-2.0 -*/}} - -{{/* vim: set filetype=mustache: */}} -{{/* -Validate MariaDB required passwords are not empty. - -Usage: -{{ include "common.validations.values.mariadb.passwords" (dict "secret" "secretName" "subchart" false "context" $) }} -Params: - - secret - String - Required. Name of the secret where MariaDB values are stored, e.g: "mysql-passwords-secret" - - subchart - Boolean - Optional. Whether MariaDB is used as subchart or not. Default: false -*/}} -{{- define "common.validations.values.mariadb.passwords" -}} - {{- $existingSecret := include "common.mariadb.values.auth.existingSecret" . -}} - {{- $enabled := include "common.mariadb.values.enabled" . -}} - {{- $architecture := include "common.mariadb.values.architecture" . -}} - {{- $authPrefix := include "common.mariadb.values.key.auth" . -}} - {{- $valueKeyRootPassword := printf "%s.rootPassword" $authPrefix -}} - {{- $valueKeyUsername := printf "%s.username" $authPrefix -}} - {{- $valueKeyPassword := printf "%s.password" $authPrefix -}} - {{- $valueKeyReplicationPassword := printf "%s.replicationPassword" $authPrefix -}} - - {{- if and (or (not $existingSecret) (eq $existingSecret "\"\"")) (eq $enabled "true") -}} - {{- $requiredPasswords := list -}} - - {{- $requiredRootPassword := dict "valueKey" $valueKeyRootPassword "secret" .secret "field" "mariadb-root-password" -}} - {{- $requiredPasswords = append $requiredPasswords $requiredRootPassword -}} - - {{- $valueUsername := include "common.utils.getValueFromKey" (dict "key" $valueKeyUsername "context" .context) }} - {{- if not (empty $valueUsername) -}} - {{- $requiredPassword := dict "valueKey" $valueKeyPassword "secret" .secret "field" "mariadb-password" -}} - {{- $requiredPasswords = append $requiredPasswords $requiredPassword -}} - {{- end -}} - - {{- if (eq $architecture "replication") -}} - {{- $requiredReplicationPassword := dict "valueKey" $valueKeyReplicationPassword "secret" .secret "field" "mariadb-replication-password" -}} - {{- $requiredPasswords = append $requiredPasswords $requiredReplicationPassword -}} - {{- end -}} - - {{- include "common.validations.values.multiple.empty" (dict "required" $requiredPasswords "context" .context) -}} - - {{- end -}} -{{- end -}} - -{{/* -Auxiliary function to get the right value for existingSecret. - -Usage: -{{ include "common.mariadb.values.auth.existingSecret" (dict "context" $) }} -Params: - - subchart - Boolean - Optional. Whether MariaDB is used as subchart or not. Default: false -*/}} -{{- define "common.mariadb.values.auth.existingSecret" -}} - {{- if .subchart -}} - {{- .context.Values.mariadb.auth.existingSecret | quote -}} - {{- else -}} - {{- .context.Values.auth.existingSecret | quote -}} - {{- end -}} -{{- end -}} - -{{/* -Auxiliary function to get the right value for enabled mariadb. - -Usage: -{{ include "common.mariadb.values.enabled" (dict "context" $) }} -*/}} -{{- define "common.mariadb.values.enabled" -}} - {{- if .subchart -}} - {{- printf "%v" .context.Values.mariadb.enabled -}} - {{- else -}} - {{- printf "%v" (not .context.Values.enabled) -}} - {{- end -}} -{{- end -}} - -{{/* -Auxiliary function to get the right value for architecture - -Usage: -{{ include "common.mariadb.values.architecture" (dict "subchart" "true" "context" $) }} -Params: - - subchart - Boolean - Optional. Whether MariaDB is used as subchart or not. Default: false -*/}} -{{- define "common.mariadb.values.architecture" -}} - {{- if .subchart -}} - {{- .context.Values.mariadb.architecture -}} - {{- else -}} - {{- .context.Values.architecture -}} - {{- end -}} -{{- end -}} - -{{/* -Auxiliary function to get the right value for the key auth - -Usage: -{{ include "common.mariadb.values.key.auth" (dict "subchart" "true" "context" $) }} -Params: - - subchart - Boolean - Optional. Whether MariaDB is used as subchart or not. Default: false -*/}} -{{- define "common.mariadb.values.key.auth" -}} - {{- if .subchart -}} - mariadb.auth - {{- else -}} - auth - {{- end -}} -{{- end -}} diff --git a/packages/system/dashboard/charts/kubeapps/charts/redis/charts/common/templates/validations/_mongodb.tpl b/packages/system/dashboard/charts/kubeapps/charts/redis/charts/common/templates/validations/_mongodb.tpl deleted file mode 100644 index d4cd38cb..00000000 --- a/packages/system/dashboard/charts/kubeapps/charts/redis/charts/common/templates/validations/_mongodb.tpl +++ /dev/null @@ -1,113 +0,0 @@ -{{/* -Copyright Broadcom, Inc. All Rights Reserved. -SPDX-License-Identifier: APACHE-2.0 -*/}} - -{{/* vim: set filetype=mustache: */}} -{{/* -Validate MongoDB® required passwords are not empty. - -Usage: -{{ include "common.validations.values.mongodb.passwords" (dict "secret" "secretName" "subchart" false "context" $) }} -Params: - - secret - String - Required. Name of the secret where MongoDB® values are stored, e.g: "mongodb-passwords-secret" - - subchart - Boolean - Optional. Whether MongoDB® is used as subchart or not. Default: false -*/}} -{{- define "common.validations.values.mongodb.passwords" -}} - {{- $existingSecret := include "common.mongodb.values.auth.existingSecret" . -}} - {{- $enabled := include "common.mongodb.values.enabled" . -}} - {{- $authPrefix := include "common.mongodb.values.key.auth" . -}} - {{- $architecture := include "common.mongodb.values.architecture" . -}} - {{- $valueKeyRootPassword := printf "%s.rootPassword" $authPrefix -}} - {{- $valueKeyUsername := printf "%s.username" $authPrefix -}} - {{- $valueKeyDatabase := printf "%s.database" $authPrefix -}} - {{- $valueKeyPassword := printf "%s.password" $authPrefix -}} - {{- $valueKeyReplicaSetKey := printf "%s.replicaSetKey" $authPrefix -}} - {{- $valueKeyAuthEnabled := printf "%s.enabled" $authPrefix -}} - - {{- $authEnabled := include "common.utils.getValueFromKey" (dict "key" $valueKeyAuthEnabled "context" .context) -}} - - {{- if and (or (not $existingSecret) (eq $existingSecret "\"\"")) (eq $enabled "true") (eq $authEnabled "true") -}} - {{- $requiredPasswords := list -}} - - {{- $requiredRootPassword := dict "valueKey" $valueKeyRootPassword "secret" .secret "field" "mongodb-root-password" -}} - {{- $requiredPasswords = append $requiredPasswords $requiredRootPassword -}} - - {{- $valueUsername := include "common.utils.getValueFromKey" (dict "key" $valueKeyUsername "context" .context) }} - {{- $valueDatabase := include "common.utils.getValueFromKey" (dict "key" $valueKeyDatabase "context" .context) }} - {{- if and $valueUsername $valueDatabase -}} - {{- $requiredPassword := dict "valueKey" $valueKeyPassword "secret" .secret "field" "mongodb-password" -}} - {{- $requiredPasswords = append $requiredPasswords $requiredPassword -}} - {{- end -}} - - {{- if (eq $architecture "replicaset") -}} - {{- $requiredReplicaSetKey := dict "valueKey" $valueKeyReplicaSetKey "secret" .secret "field" "mongodb-replica-set-key" -}} - {{- $requiredPasswords = append $requiredPasswords $requiredReplicaSetKey -}} - {{- end -}} - - {{- include "common.validations.values.multiple.empty" (dict "required" $requiredPasswords "context" .context) -}} - - {{- end -}} -{{- end -}} - -{{/* -Auxiliary function to get the right value for existingSecret. - -Usage: -{{ include "common.mongodb.values.auth.existingSecret" (dict "context" $) }} -Params: - - subchart - Boolean - Optional. Whether MongoDb is used as subchart or not. Default: false -*/}} -{{- define "common.mongodb.values.auth.existingSecret" -}} - {{- if .subchart -}} - {{- .context.Values.mongodb.auth.existingSecret | quote -}} - {{- else -}} - {{- .context.Values.auth.existingSecret | quote -}} - {{- end -}} -{{- end -}} - -{{/* -Auxiliary function to get the right value for enabled mongodb. - -Usage: -{{ include "common.mongodb.values.enabled" (dict "context" $) }} -*/}} -{{- define "common.mongodb.values.enabled" -}} - {{- if .subchart -}} - {{- printf "%v" .context.Values.mongodb.enabled -}} - {{- else -}} - {{- printf "%v" (not .context.Values.enabled) -}} - {{- end -}} -{{- end -}} - -{{/* -Auxiliary function to get the right value for the key auth - -Usage: -{{ include "common.mongodb.values.key.auth" (dict "subchart" "true" "context" $) }} -Params: - - subchart - Boolean - Optional. Whether MongoDB® is used as subchart or not. Default: false -*/}} -{{- define "common.mongodb.values.key.auth" -}} - {{- if .subchart -}} - mongodb.auth - {{- else -}} - auth - {{- end -}} -{{- end -}} - -{{/* -Auxiliary function to get the right value for architecture - -Usage: -{{ include "common.mongodb.values.architecture" (dict "subchart" "true" "context" $) }} -Params: - - subchart - Boolean - Optional. Whether MongoDB® is used as subchart or not. Default: false -*/}} -{{- define "common.mongodb.values.architecture" -}} - {{- if .subchart -}} - {{- .context.Values.mongodb.architecture -}} - {{- else -}} - {{- .context.Values.architecture -}} - {{- end -}} -{{- end -}} diff --git a/packages/system/dashboard/charts/kubeapps/charts/redis/charts/common/templates/validations/_mysql.tpl b/packages/system/dashboard/charts/kubeapps/charts/redis/charts/common/templates/validations/_mysql.tpl deleted file mode 100644 index 924812a9..00000000 --- a/packages/system/dashboard/charts/kubeapps/charts/redis/charts/common/templates/validations/_mysql.tpl +++ /dev/null @@ -1,108 +0,0 @@ -{{/* -Copyright Broadcom, Inc. All Rights Reserved. -SPDX-License-Identifier: APACHE-2.0 -*/}} - -{{/* vim: set filetype=mustache: */}} -{{/* -Validate MySQL required passwords are not empty. - -Usage: -{{ include "common.validations.values.mysql.passwords" (dict "secret" "secretName" "subchart" false "context" $) }} -Params: - - secret - String - Required. Name of the secret where MySQL values are stored, e.g: "mysql-passwords-secret" - - subchart - Boolean - Optional. Whether MySQL is used as subchart or not. Default: false -*/}} -{{- define "common.validations.values.mysql.passwords" -}} - {{- $existingSecret := include "common.mysql.values.auth.existingSecret" . -}} - {{- $enabled := include "common.mysql.values.enabled" . -}} - {{- $architecture := include "common.mysql.values.architecture" . -}} - {{- $authPrefix := include "common.mysql.values.key.auth" . -}} - {{- $valueKeyRootPassword := printf "%s.rootPassword" $authPrefix -}} - {{- $valueKeyUsername := printf "%s.username" $authPrefix -}} - {{- $valueKeyPassword := printf "%s.password" $authPrefix -}} - {{- $valueKeyReplicationPassword := printf "%s.replicationPassword" $authPrefix -}} - - {{- if and (or (not $existingSecret) (eq $existingSecret "\"\"")) (eq $enabled "true") -}} - {{- $requiredPasswords := list -}} - - {{- $requiredRootPassword := dict "valueKey" $valueKeyRootPassword "secret" .secret "field" "mysql-root-password" -}} - {{- $requiredPasswords = append $requiredPasswords $requiredRootPassword -}} - - {{- $valueUsername := include "common.utils.getValueFromKey" (dict "key" $valueKeyUsername "context" .context) }} - {{- if not (empty $valueUsername) -}} - {{- $requiredPassword := dict "valueKey" $valueKeyPassword "secret" .secret "field" "mysql-password" -}} - {{- $requiredPasswords = append $requiredPasswords $requiredPassword -}} - {{- end -}} - - {{- if (eq $architecture "replication") -}} - {{- $requiredReplicationPassword := dict "valueKey" $valueKeyReplicationPassword "secret" .secret "field" "mysql-replication-password" -}} - {{- $requiredPasswords = append $requiredPasswords $requiredReplicationPassword -}} - {{- end -}} - - {{- include "common.validations.values.multiple.empty" (dict "required" $requiredPasswords "context" .context) -}} - - {{- end -}} -{{- end -}} - -{{/* -Auxiliary function to get the right value for existingSecret. - -Usage: -{{ include "common.mysql.values.auth.existingSecret" (dict "context" $) }} -Params: - - subchart - Boolean - Optional. Whether MySQL is used as subchart or not. Default: false -*/}} -{{- define "common.mysql.values.auth.existingSecret" -}} - {{- if .subchart -}} - {{- .context.Values.mysql.auth.existingSecret | quote -}} - {{- else -}} - {{- .context.Values.auth.existingSecret | quote -}} - {{- end -}} -{{- end -}} - -{{/* -Auxiliary function to get the right value for enabled mysql. - -Usage: -{{ include "common.mysql.values.enabled" (dict "context" $) }} -*/}} -{{- define "common.mysql.values.enabled" -}} - {{- if .subchart -}} - {{- printf "%v" .context.Values.mysql.enabled -}} - {{- else -}} - {{- printf "%v" (not .context.Values.enabled) -}} - {{- end -}} -{{- end -}} - -{{/* -Auxiliary function to get the right value for architecture - -Usage: -{{ include "common.mysql.values.architecture" (dict "subchart" "true" "context" $) }} -Params: - - subchart - Boolean - Optional. Whether MySQL is used as subchart or not. Default: false -*/}} -{{- define "common.mysql.values.architecture" -}} - {{- if .subchart -}} - {{- .context.Values.mysql.architecture -}} - {{- else -}} - {{- .context.Values.architecture -}} - {{- end -}} -{{- end -}} - -{{/* -Auxiliary function to get the right value for the key auth - -Usage: -{{ include "common.mysql.values.key.auth" (dict "subchart" "true" "context" $) }} -Params: - - subchart - Boolean - Optional. Whether MySQL is used as subchart or not. Default: false -*/}} -{{- define "common.mysql.values.key.auth" -}} - {{- if .subchart -}} - mysql.auth - {{- else -}} - auth - {{- end -}} -{{- end -}} diff --git a/packages/system/dashboard/charts/kubeapps/charts/redis/charts/common/templates/validations/_postgresql.tpl b/packages/system/dashboard/charts/kubeapps/charts/redis/charts/common/templates/validations/_postgresql.tpl deleted file mode 100644 index 0fa0b146..00000000 --- a/packages/system/dashboard/charts/kubeapps/charts/redis/charts/common/templates/validations/_postgresql.tpl +++ /dev/null @@ -1,134 +0,0 @@ -{{/* -Copyright Broadcom, Inc. All Rights Reserved. -SPDX-License-Identifier: APACHE-2.0 -*/}} - -{{/* vim: set filetype=mustache: */}} -{{/* -Validate PostgreSQL required passwords are not empty. - -Usage: -{{ include "common.validations.values.postgresql.passwords" (dict "secret" "secretName" "subchart" false "context" $) }} -Params: - - secret - String - Required. Name of the secret where postgresql values are stored, e.g: "postgresql-passwords-secret" - - subchart - Boolean - Optional. Whether postgresql is used as subchart or not. Default: false -*/}} -{{- define "common.validations.values.postgresql.passwords" -}} - {{- $existingSecret := include "common.postgresql.values.existingSecret" . -}} - {{- $enabled := include "common.postgresql.values.enabled" . -}} - {{- $valueKeyPostgresqlPassword := include "common.postgresql.values.key.postgressPassword" . -}} - {{- $valueKeyPostgresqlReplicationEnabled := include "common.postgresql.values.key.replicationPassword" . -}} - {{- if and (or (not $existingSecret) (eq $existingSecret "\"\"")) (eq $enabled "true") -}} - {{- $requiredPasswords := list -}} - {{- $requiredPostgresqlPassword := dict "valueKey" $valueKeyPostgresqlPassword "secret" .secret "field" "postgresql-password" -}} - {{- $requiredPasswords = append $requiredPasswords $requiredPostgresqlPassword -}} - - {{- $enabledReplication := include "common.postgresql.values.enabled.replication" . -}} - {{- if (eq $enabledReplication "true") -}} - {{- $requiredPostgresqlReplicationPassword := dict "valueKey" $valueKeyPostgresqlReplicationEnabled "secret" .secret "field" "postgresql-replication-password" -}} - {{- $requiredPasswords = append $requiredPasswords $requiredPostgresqlReplicationPassword -}} - {{- end -}} - - {{- include "common.validations.values.multiple.empty" (dict "required" $requiredPasswords "context" .context) -}} - {{- end -}} -{{- end -}} - -{{/* -Auxiliary function to decide whether evaluate global values. - -Usage: -{{ include "common.postgresql.values.use.global" (dict "key" "key-of-global" "context" $) }} -Params: - - key - String - Required. Field to be evaluated within global, e.g: "existingSecret" -*/}} -{{- define "common.postgresql.values.use.global" -}} - {{- if .context.Values.global -}} - {{- if .context.Values.global.postgresql -}} - {{- index .context.Values.global.postgresql .key | quote -}} - {{- end -}} - {{- end -}} -{{- end -}} - -{{/* -Auxiliary function to get the right value for existingSecret. - -Usage: -{{ include "common.postgresql.values.existingSecret" (dict "context" $) }} -*/}} -{{- define "common.postgresql.values.existingSecret" -}} - {{- $globalValue := include "common.postgresql.values.use.global" (dict "key" "existingSecret" "context" .context) -}} - - {{- if .subchart -}} - {{- default (.context.Values.postgresql.existingSecret | quote) $globalValue -}} - {{- else -}} - {{- default (.context.Values.existingSecret | quote) $globalValue -}} - {{- end -}} -{{- end -}} - -{{/* -Auxiliary function to get the right value for enabled postgresql. - -Usage: -{{ include "common.postgresql.values.enabled" (dict "context" $) }} -*/}} -{{- define "common.postgresql.values.enabled" -}} - {{- if .subchart -}} - {{- printf "%v" .context.Values.postgresql.enabled -}} - {{- else -}} - {{- printf "%v" (not .context.Values.enabled) -}} - {{- end -}} -{{- end -}} - -{{/* -Auxiliary function to get the right value for the key postgressPassword. - -Usage: -{{ include "common.postgresql.values.key.postgressPassword" (dict "subchart" "true" "context" $) }} -Params: - - subchart - Boolean - Optional. Whether postgresql is used as subchart or not. Default: false -*/}} -{{- define "common.postgresql.values.key.postgressPassword" -}} - {{- $globalValue := include "common.postgresql.values.use.global" (dict "key" "postgresqlUsername" "context" .context) -}} - - {{- if not $globalValue -}} - {{- if .subchart -}} - postgresql.postgresqlPassword - {{- else -}} - postgresqlPassword - {{- end -}} - {{- else -}} - global.postgresql.postgresqlPassword - {{- end -}} -{{- end -}} - -{{/* -Auxiliary function to get the right value for enabled.replication. - -Usage: -{{ include "common.postgresql.values.enabled.replication" (dict "subchart" "true" "context" $) }} -Params: - - subchart - Boolean - Optional. Whether postgresql is used as subchart or not. Default: false -*/}} -{{- define "common.postgresql.values.enabled.replication" -}} - {{- if .subchart -}} - {{- printf "%v" .context.Values.postgresql.replication.enabled -}} - {{- else -}} - {{- printf "%v" .context.Values.replication.enabled -}} - {{- end -}} -{{- end -}} - -{{/* -Auxiliary function to get the right value for the key replication.password. - -Usage: -{{ include "common.postgresql.values.key.replicationPassword" (dict "subchart" "true" "context" $) }} -Params: - - subchart - Boolean - Optional. Whether postgresql is used as subchart or not. Default: false -*/}} -{{- define "common.postgresql.values.key.replicationPassword" -}} - {{- if .subchart -}} - postgresql.replication.password - {{- else -}} - replication.password - {{- end -}} -{{- end -}} diff --git a/packages/system/dashboard/charts/kubeapps/charts/redis/charts/common/templates/validations/_redis.tpl b/packages/system/dashboard/charts/kubeapps/charts/redis/charts/common/templates/validations/_redis.tpl deleted file mode 100644 index f4778256..00000000 --- a/packages/system/dashboard/charts/kubeapps/charts/redis/charts/common/templates/validations/_redis.tpl +++ /dev/null @@ -1,81 +0,0 @@ -{{/* -Copyright Broadcom, Inc. All Rights Reserved. -SPDX-License-Identifier: APACHE-2.0 -*/}} - - -{{/* vim: set filetype=mustache: */}} -{{/* -Validate Redis® required passwords are not empty. - -Usage: -{{ include "common.validations.values.redis.passwords" (dict "secret" "secretName" "subchart" false "context" $) }} -Params: - - secret - String - Required. Name of the secret where redis values are stored, e.g: "redis-passwords-secret" - - subchart - Boolean - Optional. Whether redis is used as subchart or not. Default: false -*/}} -{{- define "common.validations.values.redis.passwords" -}} - {{- $enabled := include "common.redis.values.enabled" . -}} - {{- $valueKeyPrefix := include "common.redis.values.keys.prefix" . -}} - {{- $standarizedVersion := include "common.redis.values.standarized.version" . }} - - {{- $existingSecret := ternary (printf "%s%s" $valueKeyPrefix "auth.existingSecret") (printf "%s%s" $valueKeyPrefix "existingSecret") (eq $standarizedVersion "true") }} - {{- $existingSecretValue := include "common.utils.getValueFromKey" (dict "key" $existingSecret "context" .context) }} - - {{- $valueKeyRedisPassword := ternary (printf "%s%s" $valueKeyPrefix "auth.password") (printf "%s%s" $valueKeyPrefix "password") (eq $standarizedVersion "true") }} - {{- $valueKeyRedisUseAuth := ternary (printf "%s%s" $valueKeyPrefix "auth.enabled") (printf "%s%s" $valueKeyPrefix "usePassword") (eq $standarizedVersion "true") }} - - {{- if and (or (not $existingSecret) (eq $existingSecret "\"\"")) (eq $enabled "true") -}} - {{- $requiredPasswords := list -}} - - {{- $useAuth := include "common.utils.getValueFromKey" (dict "key" $valueKeyRedisUseAuth "context" .context) -}} - {{- if eq $useAuth "true" -}} - {{- $requiredRedisPassword := dict "valueKey" $valueKeyRedisPassword "secret" .secret "field" "redis-password" -}} - {{- $requiredPasswords = append $requiredPasswords $requiredRedisPassword -}} - {{- end -}} - - {{- include "common.validations.values.multiple.empty" (dict "required" $requiredPasswords "context" .context) -}} - {{- end -}} -{{- end -}} - -{{/* -Auxiliary function to get the right value for enabled redis. - -Usage: -{{ include "common.redis.values.enabled" (dict "context" $) }} -*/}} -{{- define "common.redis.values.enabled" -}} - {{- if .subchart -}} - {{- printf "%v" .context.Values.redis.enabled -}} - {{- else -}} - {{- printf "%v" (not .context.Values.enabled) -}} - {{- end -}} -{{- end -}} - -{{/* -Auxiliary function to get the right prefix path for the values - -Usage: -{{ include "common.redis.values.key.prefix" (dict "subchart" "true" "context" $) }} -Params: - - subchart - Boolean - Optional. Whether redis is used as subchart or not. Default: false -*/}} -{{- define "common.redis.values.keys.prefix" -}} - {{- if .subchart -}}redis.{{- else -}}{{- end -}} -{{- end -}} - -{{/* -Checks whether the redis chart's includes the standarizations (version >= 14) - -Usage: -{{ include "common.redis.values.standarized.version" (dict "context" $) }} -*/}} -{{- define "common.redis.values.standarized.version" -}} - - {{- $standarizedAuth := printf "%s%s" (include "common.redis.values.keys.prefix" .) "auth" -}} - {{- $standarizedAuthValues := include "common.utils.getValueFromKey" (dict "key" $standarizedAuth "context" .context) }} - - {{- if $standarizedAuthValues -}} - {{- true -}} - {{- end -}} -{{- end -}} diff --git a/packages/system/dashboard/charts/kubeapps/charts/redis/charts/common/templates/validations/_validations.tpl b/packages/system/dashboard/charts/kubeapps/charts/redis/charts/common/templates/validations/_validations.tpl deleted file mode 100644 index 7cdee617..00000000 --- a/packages/system/dashboard/charts/kubeapps/charts/redis/charts/common/templates/validations/_validations.tpl +++ /dev/null @@ -1,51 +0,0 @@ -{{/* -Copyright Broadcom, Inc. All Rights Reserved. -SPDX-License-Identifier: APACHE-2.0 -*/}} - -{{/* vim: set filetype=mustache: */}} -{{/* -Validate values must not be empty. - -Usage: -{{- $validateValueConf00 := (dict "valueKey" "path.to.value" "secret" "secretName" "field" "password-00") -}} -{{- $validateValueConf01 := (dict "valueKey" "path.to.value" "secret" "secretName" "field" "password-01") -}} -{{ include "common.validations.values.empty" (dict "required" (list $validateValueConf00 $validateValueConf01) "context" $) }} - -Validate value params: - - valueKey - String - Required. The path to the validating value in the values.yaml, e.g: "mysql.password" - - secret - String - Optional. Name of the secret where the validating value is generated/stored, e.g: "mysql-passwords-secret" - - field - String - Optional. Name of the field in the secret data, e.g: "mysql-password" -*/}} -{{- define "common.validations.values.multiple.empty" -}} - {{- range .required -}} - {{- include "common.validations.values.single.empty" (dict "valueKey" .valueKey "secret" .secret "field" .field "context" $.context) -}} - {{- end -}} -{{- end -}} - -{{/* -Validate a value must not be empty. - -Usage: -{{ include "common.validations.value.empty" (dict "valueKey" "mariadb.password" "secret" "secretName" "field" "my-password" "subchart" "subchart" "context" $) }} - -Validate value params: - - valueKey - String - Required. The path to the validating value in the values.yaml, e.g: "mysql.password" - - secret - String - Optional. Name of the secret where the validating value is generated/stored, e.g: "mysql-passwords-secret" - - field - String - Optional. Name of the field in the secret data, e.g: "mysql-password" - - subchart - String - Optional - Name of the subchart that the validated password is part of. -*/}} -{{- define "common.validations.values.single.empty" -}} - {{- $value := include "common.utils.getValueFromKey" (dict "key" .valueKey "context" .context) }} - {{- $subchart := ternary "" (printf "%s." .subchart) (empty .subchart) }} - - {{- if not $value -}} - {{- $varname := "my-value" -}} - {{- $getCurrentValue := "" -}} - {{- if and .secret .field -}} - {{- $varname = include "common.utils.fieldToEnvVar" . -}} - {{- $getCurrentValue = printf " To get the current value:\n\n %s\n" (include "common.utils.secret.getvalue" .) -}} - {{- end -}} - {{- printf "\n '%s' must not be empty, please add '--set %s%s=$%s' to the command.%s" .valueKey $subchart .valueKey $varname $getCurrentValue -}} - {{- end -}} -{{- end -}} diff --git a/packages/system/dashboard/charts/kubeapps/charts/redis/charts/common/values.yaml b/packages/system/dashboard/charts/kubeapps/charts/redis/charts/common/values.yaml deleted file mode 100644 index de2cac57..00000000 --- a/packages/system/dashboard/charts/kubeapps/charts/redis/charts/common/values.yaml +++ /dev/null @@ -1,8 +0,0 @@ -# Copyright Broadcom, Inc. All Rights Reserved. -# SPDX-License-Identifier: APACHE-2.0 - -## bitnami/common -## It is required by CI/CD tools and processes. -## @skip exampleValue -## -exampleValue: common-chart diff --git a/packages/system/dashboard/charts/kubeapps/charts/redis/templates/NOTES.txt b/packages/system/dashboard/charts/kubeapps/charts/redis/templates/NOTES.txt deleted file mode 100644 index 69bdec3c..00000000 --- a/packages/system/dashboard/charts/kubeapps/charts/redis/templates/NOTES.txt +++ /dev/null @@ -1,213 +0,0 @@ -CHART NAME: {{ .Chart.Name }} -CHART VERSION: {{ .Chart.Version }} -APP VERSION: {{ .Chart.AppVersion }} - -** Please be patient while the chart is being deployed ** - -{{- if .Values.diagnosticMode.enabled }} -The chart has been deployed in diagnostic mode. All probes have been disabled and the command has been overwritten with: - - command: {{- include "common.tplvalues.render" (dict "value" .Values.diagnosticMode.command "context" $) | nindent 4 }} - args: {{- include "common.tplvalues.render" (dict "value" .Values.diagnosticMode.args "context" $) | nindent 4 }} - -Get the list of pods by executing: - - kubectl get pods --namespace {{ include "common.names.namespace" . }} -l app.kubernetes.io/instance={{ .Release.Name }} - -Access the pod you want to debug by executing - - kubectl exec --namespace {{ include "common.names.namespace" . }} -ti -- bash - -In order to replicate the container startup scripts execute this command: - -For Redis: - - /opt/bitnami/scripts/redis/entrypoint.sh /opt/bitnami/scripts/redis/run.sh - -{{- if .Values.sentinel.enabled }} - -For Redis Sentinel: - - /opt/bitnami/scripts/redis-sentinel/entrypoint.sh /opt/bitnami/scripts/redis-sentinel/run.sh - -{{- end }} -{{- else }} - -{{- if contains .Values.master.service.type "LoadBalancer" }} -{{- if not .Values.auth.enabled }} -{{ if and (not .Values.networkPolicy.enabled) (.Values.networkPolicy.allowExternal) }} - -------------------------------------------------------------------------------- - WARNING - - By specifying "master.service.type=LoadBalancer" and "auth.enabled=false" you have - most likely exposed the Redis® service externally without any authentication - mechanism. - - For security reasons, we strongly suggest that you switch to "ClusterIP" or - "NodePort". As alternative, you can also switch to "auth.enabled=true" - providing a valid password on "password" parameter. - -------------------------------------------------------------------------------- -{{- end }} -{{- end }} -{{- end }} - -{{- if and .Values.auth.usePasswordFiles (not .Values.auth.usePasswordFileFromSecret) (or (empty .Values.master.initContainers) (empty .Values.replica.initContainers)) }} - -------------------------------------------------------------------------------- - WARNING - - By specifying ".Values.auth.usePasswordFiles=true" and ".Values.auth.usePasswordFileFromSecret=false" - Redis is expecting that the password is mounted as a file in each pod - (by default in /opt/bitnami/redis/secrets/redis-password) - - Ensure that you specify the respective initContainers in - both .Values.master.initContainers and .Values.replica.initContainers - in order to populate the contents of this file. - -------------------------------------------------------------------------------- -{{- end }} - -{{- if eq .Values.architecture "replication" }} -{{- if .Values.sentinel.enabled }} - -Redis® can be accessed via port {{ .Values.sentinel.service.ports.redis }} on the following DNS name from within your cluster: - - {{ template "common.names.fullname" . }}.{{ include "common.names.namespace" . }}.svc.{{ .Values.clusterDomain }} for read only operations - -For read/write operations, first access the Redis® Sentinel cluster, which is available in port {{ .Values.sentinel.service.ports.sentinel }} using the same domain name above. - -{{- else }} - -Redis® can be accessed on the following DNS names from within your cluster: - - {{ printf "%s-master.%s.svc.%s" (include "common.names.fullname" .) (include "common.names.namespace" . ) .Values.clusterDomain }} for read/write operations (port {{ .Values.master.service.ports.redis }}) - {{ printf "%s-replicas.%s.svc.%s" (include "common.names.fullname" .) (include "common.names.namespace" . ) .Values.clusterDomain }} for read-only operations (port {{ .Values.replica.service.ports.redis }}) - -{{- end }} -{{- else }} - -Redis® can be accessed via port {{ .Values.master.service.ports.redis }} on the following DNS name from within your cluster: - - {{ template "common.names.fullname" . }}-master.{{ include "common.names.namespace" . }}.svc.{{ .Values.clusterDomain }} - -{{- end }} - -{{ if .Values.auth.enabled }} - -To get your password run: - - export REDIS_PASSWORD=$(kubectl get secret --namespace {{ include "common.names.namespace" . }} {{ template "redis.secretName" . }} -o jsonpath="{.data.redis-password}" | base64 -d) - -{{- end }} - -To connect to your Redis® server: - -1. Run a Redis® pod that you can use as a client: - - kubectl run --namespace {{ include "common.names.namespace" . }} redis-client --restart='Never' {{ if .Values.auth.enabled }} --env REDIS_PASSWORD=$REDIS_PASSWORD {{ end }} --image {{ template "redis.image" . }} --command -- sleep infinity - -{{- if .Values.tls.enabled }} - - Copy your TLS certificates to the pod: - - kubectl cp --namespace {{ include "common.names.namespace" . }} /path/to/client.cert redis-client:/tmp/client.cert - kubectl cp --namespace {{ include "common.names.namespace" . }} /path/to/client.key redis-client:/tmp/client.key - kubectl cp --namespace {{ include "common.names.namespace" . }} /path/to/CA.cert redis-client:/tmp/CA.cert - -{{- end }} - - Use the following command to attach to the pod: - - kubectl exec --tty -i redis-client \ - {{- if and (.Values.networkPolicy.enabled) (not .Values.networkPolicy.allowExternal) }}--labels="{{ template "common.names.fullname" . }}-client=true" \{{- end }} - --namespace {{ include "common.names.namespace" . }} -- bash - -2. Connect using the Redis® CLI: - -{{- if eq .Values.architecture "replication" }} - {{- if .Values.sentinel.enabled }} - {{ if .Values.auth.enabled }}REDISCLI_AUTH="$REDIS_PASSWORD" {{ end }}redis-cli -h {{ template "common.names.fullname" . }} -p {{ .Values.sentinel.service.ports.redis }}{{ if .Values.tls.enabled }} --tls --cert /tmp/client.cert --key /tmp/client.key --cacert /tmp/CA.cert{{ end }} # Read only operations - {{ if .Values.auth.enabled }}REDISCLI_AUTH="$REDIS_PASSWORD" {{ end }}redis-cli -h {{ template "common.names.fullname" . }} -p {{ .Values.sentinel.service.ports.sentinel }}{{ if .Values.tls.enabled }} --tls --cert /tmp/client.cert --key /tmp/client.key --cacert /tmp/CA.cert{{ end }} # Sentinel access - {{- else }} - {{ if .Values.auth.enabled }}REDISCLI_AUTH="$REDIS_PASSWORD" {{ end }}redis-cli -h {{ printf "%s-master" (include "common.names.fullname" .) }}{{ if .Values.tls.enabled }} --tls --cert /tmp/client.cert --key /tmp/client.key --cacert /tmp/CA.cert{{ end }} - {{ if .Values.auth.enabled }}REDISCLI_AUTH="$REDIS_PASSWORD" {{ end }}redis-cli -h {{ printf "%s-replicas" (include "common.names.fullname" .) }}{{ if .Values.tls.enabled }} --tls --cert /tmp/client.cert --key /tmp/client.key --cacert /tmp/CA.cert{{ end }} - {{- end }} -{{- else }} - {{ if .Values.auth.enabled }}REDISCLI_AUTH="$REDIS_PASSWORD" {{ end }}redis-cli -h {{ template "common.names.fullname" . }}-master{{ if .Values.tls.enabled }} --tls --cert /tmp/client.cert --key /tmp/client.key --cacert /tmp/CA.cert{{ end }} -{{- end }} - -{{- if and (.Values.networkPolicy.enabled) (not .Values.networkPolicy.allowExternal) }} - -Note: Since NetworkPolicy is enabled, only pods with label {{ template "common.names.fullname" . }}-client=true" will be able to connect to redis. - -{{- else }} - -To connect to your database from outside the cluster execute the following commands: - -{{- if and (eq .Values.architecture "replication") .Values.sentinel.enabled }} -{{- if contains "NodePort" .Values.sentinel.service.type }} - - export NODE_IP=$(kubectl get nodes --namespace {{ include "common.names.namespace" . }} -o jsonpath="{.items[0].status.addresses[0].address}") - export NODE_PORT=$(kubectl get --namespace {{ include "common.names.namespace" . }} -o jsonpath="{.spec.ports[0].nodePort}" services {{ template "common.names.fullname" . }}) - {{ if .Values.auth.enabled }}REDISCLI_AUTH="$REDIS_PASSWORD" {{ end }}redis-cli -h $NODE_IP -p $NODE_PORT {{- if .Values.tls.enabled }} --tls --cert /tmp/client.cert --key /tmp/client.key --cacert /tmp/CA.cert{{ end }} - -{{- else if contains "LoadBalancer" .Values.sentinel.service.type }} - - NOTE: It may take a few minutes for the LoadBalancer IP to be available. - Watch the status with: 'kubectl get svc --namespace {{ include "common.names.namespace" . }} -w {{ template "common.names.fullname" . }}' - - export SERVICE_IP=$(kubectl get svc --namespace {{ include "common.names.namespace" . }} {{ template "common.names.fullname" . }} --template "{{ "{{ range (index .status.loadBalancer.ingress 0) }}{{ . }}{{ end }}" }}") - {{ if .Values.auth.enabled }}REDISCLI_AUTH="$REDIS_PASSWORD" {{ end }}redis-cli -h $SERVICE_IP -p {{ .Values.sentinel.service.ports.redis }} {{- if .Values.tls.enabled }} --tls --cert /tmp/client.cert --key /tmp/client.key --cacert /tmp/CA.cert{{ end }} - -{{- else if contains "ClusterIP" .Values.sentinel.service.type }} - - kubectl port-forward --namespace {{ include "common.names.namespace" . }} svc/{{ template "common.names.fullname" . }} {{ .Values.sentinel.service.ports.redis }}:{{ .Values.sentinel.service.ports.redis }} & - {{ if .Values.auth.enabled }}REDISCLI_AUTH="$REDIS_PASSWORD" {{ end }}redis-cli -h 127.0.0.1 -p {{ .Values.sentinel.service.ports.redis }} {{- if .Values.tls.enabled }} --tls --cert /tmp/client.cert --key /tmp/client.key --cacert /tmp/CA.cert{{ end }} - -{{- end }} -{{- else }} -{{- if contains "NodePort" .Values.master.service.type }} - - export NODE_IP=$(kubectl get nodes --namespace {{ include "common.names.namespace" . }} -o jsonpath="{.items[0].status.addresses[0].address}") - export NODE_PORT=$(kubectl get --namespace {{ include "common.names.namespace" . }} -o jsonpath="{.spec.ports[0].nodePort}" services {{ printf "%s-master" (include "common.names.fullname" .) }}) - {{ if .Values.auth.enabled }}REDISCLI_AUTH="$REDIS_PASSWORD" {{ end }}redis-cli -h $NODE_IP -p $NODE_PORT {{- if .Values.tls.enabled }} --tls --cert /tmp/client.cert --key /tmp/client.key --cacert /tmp/CA.cert{{ end }} - -{{- else if contains "LoadBalancer" .Values.master.service.type }} - - NOTE: It may take a few minutes for the LoadBalancer IP to be available. - Watch the status with: 'kubectl get svc --namespace {{ include "common.names.namespace" . }} -w {{ template "common.names.fullname" . }}' - - export SERVICE_IP=$(kubectl get svc --namespace {{ include "common.names.namespace" . }} {{ printf "%s-master" (include "common.names.fullname" .) }} --template "{{ "{{ range (index .status.loadBalancer.ingress 0) }}{{ . }}{{ end }}" }}") - {{ if .Values.auth.enabled }}REDISCLI_AUTH="$REDIS_PASSWORD" {{ end }}redis-cli -h $SERVICE_IP -p {{ .Values.master.service.ports.redis }} {{- if .Values.tls.enabled }} --tls --cert /tmp/client.cert --key /tmp/client.key --cacert /tmp/CA.cert{{ end }} - -{{- else if contains "ClusterIP" .Values.master.service.type }} - - kubectl port-forward --namespace {{ include "common.names.namespace" . }} svc/{{ printf "%s-master" (include "common.names.fullname" .) }} {{ .Values.master.service.ports.redis }}:{{ .Values.master.service.ports.redis }} & - {{ if .Values.auth.enabled }}REDISCLI_AUTH="$REDIS_PASSWORD" {{ end }}redis-cli -h 127.0.0.1 -p {{ .Values.master.service.ports.redis }} {{- if .Values.tls.enabled }} --tls --cert /tmp/client.cert --key /tmp/client.key --cacert /tmp/CA.cert{{ end }} - -{{- end }} -{{- end }} - -{{- end }} -{{- end }} -{{- include "redis.checkRollingTags" . }} -{{- include "common.warnings.rollingTag" .Values.volumePermissions.image }} -{{- include "common.warnings.rollingTag" .Values.sysctl.image }} -{{- include "redis.validateValues" . }} - -{{- if and (eq .Values.architecture "replication") .Values.sentinel.enabled (eq .Values.sentinel.service.type "NodePort") (not .Release.IsUpgrade ) }} -{{- if $.Values.sentinel.service.nodePorts.sentinel }} -No need to upgrade, ports and nodeports have been set from values -{{- else }} -#!#!#!#!#!#!#!# IMPORTANT #!#!#!#!#!#!#!# -YOU NEED TO PERFORM AN UPGRADE FOR THE SERVICES AND WORKLOAD TO BE CREATED -{{- end }} -{{- end }} -{{- $resourceSections := list "metrics" "replica" "sentinel" "sysctl" "volumePermissions" }} -{{- if not (and (eq .Values.architecture "replication") .Values.sentinel.enabled) }} - {{- $resourceSections = append $resourceSections "master" -}} -{{- end }} -{{- include "common.warnings.resources" (dict "sections" $resourceSections "context" $) }} -{{- include "common.warnings.modifiedImages" (dict "images" (list .Values.image .Values.sentinel.image .Values.metrics.image .Values.volumePermissions.image .Values.kubectl.image .Values.sysctl.image) "context" $) }} \ No newline at end of file diff --git a/packages/system/dashboard/charts/kubeapps/charts/redis/templates/_helpers.tpl b/packages/system/dashboard/charts/kubeapps/charts/redis/templates/_helpers.tpl deleted file mode 100644 index 2f0bda6a..00000000 --- a/packages/system/dashboard/charts/kubeapps/charts/redis/templates/_helpers.tpl +++ /dev/null @@ -1,325 +0,0 @@ -{{/* -Copyright Broadcom, Inc. All Rights Reserved. -SPDX-License-Identifier: APACHE-2.0 -*/}} - -{{/* vim: set filetype=mustache: */}} - -{{/* -Return the proper Redis image name -*/}} -{{- define "redis.image" -}} -{{ include "common.images.image" (dict "imageRoot" .Values.image "global" .Values.global) }} -{{- end -}} - -{{/* -Return the proper Redis Sentinel image name -*/}} -{{- define "redis.sentinel.image" -}} -{{ include "common.images.image" (dict "imageRoot" .Values.sentinel.image "global" .Values.global) }} -{{- end -}} - -{{/* -Return the proper image name (for the metrics image) -*/}} -{{- define "redis.metrics.image" -}} -{{ include "common.images.image" (dict "imageRoot" .Values.metrics.image "global" .Values.global) }} -{{- end -}} - -{{/* -Return the proper image name (for the init container volume-permissions image) -*/}} -{{- define "redis.volumePermissions.image" -}} -{{ include "common.images.image" (dict "imageRoot" .Values.volumePermissions.image "global" .Values.global) }} -{{- end -}} - -{{/* -Return kubectl image -*/}} -{{- define "redis.kubectl.image" -}} -{{ include "common.images.image" (dict "imageRoot" .Values.kubectl.image "global" .Values.global) }} -{{- end -}} - -{{/* -Return sysctl image -*/}} -{{- define "redis.sysctl.image" -}} -{{ include "common.images.image" (dict "imageRoot" .Values.sysctl.image "global" .Values.global) }} -{{- end -}} - -{{/* -Return the proper Docker Image Registry Secret Names -*/}} -{{- define "redis.imagePullSecrets" -}} -{{- include "common.images.renderPullSecrets" (dict "images" (list .Values.image .Values.sentinel.image .Values.metrics.image .Values.volumePermissions.image .Values.sysctl.image) "context" $) -}} -{{- end -}} - -{{/* -Return the appropriate apiVersion for networkpolicy. -*/}} -{{- define "networkPolicy.apiVersion" -}} -{{- if semverCompare ">=1.4-0, <1.7-0" .Capabilities.KubeVersion.GitVersion -}} -{{- print "extensions/v1beta1" -}} -{{- else -}} -{{- print "networking.k8s.io/v1" -}} -{{- end -}} -{{- end -}} - -{{/* -Return the appropriate apiGroup for PodSecurityPolicy. -*/}} -{{- define "podSecurityPolicy.apiGroup" -}} -{{- if semverCompare ">=1.14-0" .Capabilities.KubeVersion.GitVersion -}} -{{- print "policy" -}} -{{- else -}} -{{- print "extensions" -}} -{{- end -}} -{{- end -}} - -{{/* -Return true if a TLS secret object should be created -*/}} -{{- define "redis.createTlsSecret" -}} -{{- if and .Values.tls.enabled .Values.tls.autoGenerated (and (not .Values.tls.existingSecret) (not .Values.tls.certificatesSecret)) }} - {{- true -}} -{{- end -}} -{{- end -}} - -{{/* -Return the secret containing Redis TLS certificates -*/}} -{{- define "redis.tlsSecretName" -}} -{{- $secretName := coalesce .Values.tls.existingSecret .Values.tls.certificatesSecret -}} -{{- if $secretName -}} - {{- printf "%s" (tpl $secretName $) -}} -{{- else -}} - {{- printf "%s-crt" (include "common.names.fullname" .) -}} -{{- end -}} -{{- end -}} - -{{/* -Return the path to the cert file. -*/}} -{{- define "redis.tlsCert" -}} -{{- if (include "redis.createTlsSecret" . ) -}} - {{- printf "/opt/bitnami/redis/certs/%s" "tls.crt" -}} -{{- else -}} - {{- required "Certificate filename is required when TLS in enabled" .Values.tls.certFilename | printf "/opt/bitnami/redis/certs/%s" -}} -{{- end -}} -{{- end -}} - -{{/* -Return the path to the cert key file. -*/}} -{{- define "redis.tlsCertKey" -}} -{{- if (include "redis.createTlsSecret" . ) -}} - {{- printf "/opt/bitnami/redis/certs/%s" "tls.key" -}} -{{- else -}} - {{- required "Certificate Key filename is required when TLS in enabled" .Values.tls.certKeyFilename | printf "/opt/bitnami/redis/certs/%s" -}} -{{- end -}} -{{- end -}} - -{{/* -Return the path to the CA cert file. -*/}} -{{- define "redis.tlsCACert" -}} -{{- if (include "redis.createTlsSecret" . ) -}} - {{- printf "/opt/bitnami/redis/certs/%s" "ca.crt" -}} -{{- else -}} - {{- required "Certificate CA filename is required when TLS in enabled" .Values.tls.certCAFilename | printf "/opt/bitnami/redis/certs/%s" -}} -{{- end -}} -{{- end -}} - -{{/* -Return the path to the DH params file. -*/}} -{{- define "redis.tlsDHParams" -}} -{{- if .Values.tls.dhParamsFilename -}} -{{- printf "/opt/bitnami/redis/certs/%s" .Values.tls.dhParamsFilename -}} -{{- end -}} -{{- end -}} - -{{/* -Create the name of the shared service account to use -*/}} -{{- define "redis.serviceAccountName" -}} -{{- if .Values.serviceAccount.create -}} - {{ default (include "common.names.fullname" .) .Values.serviceAccount.name }} -{{- else -}} - {{ default "default" .Values.serviceAccount.name }} -{{- end -}} -{{- end -}} - -{{/* -Create the name of the master service account to use -*/}} -{{- define "redis.masterServiceAccountName" -}} -{{- if .Values.master.serviceAccount.create -}} - {{ default (printf "%s-master" (include "common.names.fullname" .)) .Values.master.serviceAccount.name }} -{{- else -}} - {{- if .Values.serviceAccount.create -}} - {{ template "redis.serviceAccountName" . }} - {{- else -}} - {{ default "default" .Values.master.serviceAccount.name }} - {{- end -}} -{{- end -}} -{{- end -}} - -{{/* -Create the name of the replicas service account to use -*/}} -{{- define "redis.replicaServiceAccountName" -}} -{{- if .Values.replica.serviceAccount.create -}} - {{ default (printf "%s-replica" (include "common.names.fullname" .)) .Values.replica.serviceAccount.name }} -{{- else -}} - {{- if .Values.serviceAccount.create -}} - {{ template "redis.serviceAccountName" . }} - {{- else -}} - {{ default "default" .Values.replica.serviceAccount.name }} - {{- end -}} -{{- end -}} -{{- end -}} - -{{/* -Return the configuration configmap name -*/}} -{{- define "redis.configmapName" -}} -{{- if .Values.existingConfigmap -}} - {{- printf "%s" (tpl .Values.existingConfigmap $) -}} -{{- else -}} - {{- printf "%s-configuration" (include "common.names.fullname" .) -}} -{{- end -}} -{{- end -}} - -{{/* -Return true if a configmap object should be created -*/}} -{{- define "redis.createConfigmap" -}} -{{- if empty .Values.existingConfigmap }} - {{- true -}} -{{- end -}} -{{- end -}} - -{{/* -Get the password secret. -*/}} -{{- define "redis.secretName" -}} -{{- if .Values.auth.existingSecret -}} -{{- printf "%s" (tpl .Values.auth.existingSecret $) -}} -{{- else -}} -{{- printf "%s" (include "common.names.fullname" .) -}} -{{- end -}} -{{- end -}} - -{{/* -Get the password key to be retrieved from Redis® secret. -*/}} -{{- define "redis.secretPasswordKey" -}} -{{- if and .Values.auth.existingSecret .Values.auth.existingSecretPasswordKey -}} -{{- printf "%s" (tpl .Values.auth.existingSecretPasswordKey $) -}} -{{- else -}} -{{- printf "redis-password" -}} -{{- end -}} -{{- end -}} - -{{/* -Return Redis® password -*/}} -{{- define "redis.password" -}} -{{- if or .Values.auth.enabled .Values.global.redis.password -}} - {{- include "common.secrets.passwords.manage" (dict "secret" (include "redis.secretName" .) "key" (include "redis.secretPasswordKey" .) "providedValues" (list "global.redis.password" "auth.password") "length" 10 "skipB64enc" true "skipQuote" true "context" $) -}} -{{- end }} -{{- end }} - -{{/* Check if there are rolling tags in the images */}} -{{- define "redis.checkRollingTags" -}} -{{- include "common.warnings.rollingTag" .Values.image }} -{{- include "common.warnings.rollingTag" .Values.sentinel.image }} -{{- include "common.warnings.rollingTag" .Values.metrics.image }} -{{- end -}} - -{{/* -Compile all warnings into a single message, and call fail. -*/}} -{{- define "redis.validateValues" -}} -{{- $messages := list -}} -{{- $messages := append $messages (include "redis.validateValues.topologySpreadConstraints" .) -}} -{{- $messages := append $messages (include "redis.validateValues.architecture" .) -}} -{{- $messages := append $messages (include "redis.validateValues.podSecurityPolicy.create" .) -}} -{{- $messages := append $messages (include "redis.validateValues.tls" .) -}} -{{- $messages := append $messages (include "redis.validateValues.createMaster" .) -}} -{{- $messages := without $messages "" -}} -{{- $message := join "\n" $messages -}} - -{{- if $message -}} -{{- printf "\nVALUES VALIDATION:\n%s" $message | fail -}} -{{- end -}} -{{- end -}} - -{{/* Validate values of Redis® - spreadConstrainsts K8s version */}} -{{- define "redis.validateValues.topologySpreadConstraints" -}} -{{- if and (semverCompare "<1.16-0" .Capabilities.KubeVersion.GitVersion) .Values.replica.topologySpreadConstraints -}} -redis: topologySpreadConstraints - Pod Topology Spread Constraints are only available on K8s >= 1.16 - Find more information at https://kubernetes.io/docs/concepts/workloads/pods/pod-topology-spread-constraints/ -{{- end -}} -{{- end -}} - -{{/* Validate values of Redis® - must provide a valid architecture */}} -{{- define "redis.validateValues.architecture" -}} -{{- if and (ne .Values.architecture "standalone") (ne .Values.architecture "replication") -}} -redis: architecture - Invalid architecture selected. Valid values are "standalone" and - "replication". Please set a valid architecture (--set architecture="xxxx") -{{- end -}} -{{- if and .Values.sentinel.enabled (not (eq .Values.architecture "replication")) }} -redis: architecture - Using redis sentinel on standalone mode is not supported. - To deploy redis sentinel, please select the "replication" mode - (--set "architecture=replication,sentinel.enabled=true") -{{- end -}} -{{- end -}} - -{{/* Validate values of Redis® - PodSecurityPolicy create */}} -{{- define "redis.validateValues.podSecurityPolicy.create" -}} -{{- if and .Values.podSecurityPolicy.create (not .Values.podSecurityPolicy.enabled) }} -redis: podSecurityPolicy.create - In order to create PodSecurityPolicy, you also need to enable - podSecurityPolicy.enabled field -{{- end -}} -{{- end -}} - -{{/* Validate values of Redis® - TLS enabled */}} -{{- define "redis.validateValues.tls" -}} -{{- if and .Values.tls.enabled (not .Values.tls.autoGenerated) (not .Values.tls.existingSecret) (not .Values.tls.certificatesSecret) }} -redis: tls.enabled - In order to enable TLS, you also need to provide - an existing secret containing the TLS certificates or - enable auto-generated certificates. -{{- end -}} -{{- end -}} - -{{/* Validate values of Redis® - master service enabled */}} -{{- define "redis.validateValues.createMaster" -}} -{{- if and (or .Values.sentinel.masterService.enabled .Values.sentinel.service.createMaster) (or (not .Values.rbac.create) (not .Values.replica.automountServiceAccountToken) (not .Values.serviceAccount.create)) }} -redis: sentinel.masterService.enabled - In order to redirect requests only to the master pod via the service, you also need to - create rbac and serviceAccount. In addition, you need to enable - replica.automountServiceAccountToken. -{{- end -}} -{{- end -}} - -{{/* Define the suffix utilized for external-dns */}} -{{- define "redis.externalDNS.suffix" -}} -{{ printf "%s.%s" (include "common.names.fullname" .) .Values.useExternalDNS.suffix }} -{{- end -}} - -{{/* Compile all annotations utilized for external-dns */}} -{{- define "redis.externalDNS.annotations" -}} -{{- if and .Values.useExternalDNS.enabled .Values.useExternalDNS.annotationKey }} -{{ .Values.useExternalDNS.annotationKey }}hostname: {{ include "redis.externalDNS.suffix" . }} -{{- range $key, $val := .Values.useExternalDNS.additionalAnnotations }} -{{ $.Values.useExternalDNS.annotationKey }}{{ $key }}: {{ $val | quote }} -{{- end }} -{{- end }} -{{- end }} diff --git a/packages/system/dashboard/charts/kubeapps/charts/redis/templates/configmap.yaml b/packages/system/dashboard/charts/kubeapps/charts/redis/templates/configmap.yaml deleted file mode 100644 index 22df3583..00000000 --- a/packages/system/dashboard/charts/kubeapps/charts/redis/templates/configmap.yaml +++ /dev/null @@ -1,64 +0,0 @@ -{{- /* -Copyright Broadcom, Inc. All Rights Reserved. -SPDX-License-Identifier: APACHE-2.0 -*/}} - -{{- if (include "redis.createConfigmap" .) }} -apiVersion: v1 -kind: ConfigMap -metadata: - name: {{ printf "%s-configuration" (include "common.names.fullname" .) }} - namespace: {{ include "common.names.namespace" . | quote }} - labels: {{- include "common.labels.standard" ( dict "customLabels" .Values.commonLabels "context" $ ) | nindent 4 }} - {{- if .Values.commonAnnotations }} - annotations: {{- include "common.tplvalues.render" ( dict "value" .Values.commonAnnotations "context" $ ) | nindent 4 }} - {{- end }} -data: - redis.conf: |- - # User-supplied common configuration: - {{- if .Values.commonConfiguration }} - {{- include "common.tplvalues.render" ( dict "value" .Values.commonConfiguration "context" $ ) | nindent 4 }} - {{- end }} - # End of common configuration - master.conf: |- - dir {{ .Values.master.persistence.path }} - # User-supplied master configuration: - {{- if .Values.master.configuration }} - {{- include "common.tplvalues.render" ( dict "value" .Values.master.configuration "context" $ ) | nindent 4 }} - {{- end }} - {{- if .Values.master.disableCommands }} - {{- range .Values.master.disableCommands }} - rename-command {{ . }} "" - {{- end }} - {{- end }} - # End of master configuration - replica.conf: |- - dir {{ .Values.replica.persistence.path }} - # User-supplied replica configuration: - {{- if .Values.replica.configuration }} - {{- include "common.tplvalues.render" ( dict "value" .Values.replica.configuration "context" $ ) | nindent 4 }} - {{- end }} - {{- if .Values.replica.disableCommands }} - {{- range .Values.replica.disableCommands }} - rename-command {{ . }} "" - {{- end }} - {{- end }} - # End of replica configuration - {{- if .Values.sentinel.enabled }} - sentinel.conf: |- - dir "/tmp" - port {{ .Values.sentinel.containerPorts.sentinel }} - sentinel monitor {{ .Values.sentinel.masterSet }} {{ template "common.names.fullname" . }}-node-0.{{ template "common.names.fullname" . }}-headless.{{ include "common.names.namespace" . }}.svc.{{ .Values.clusterDomain }} {{ .Values.sentinel.service.ports.redis }} {{ .Values.sentinel.quorum }} - sentinel down-after-milliseconds {{ .Values.sentinel.masterSet }} {{ .Values.sentinel.downAfterMilliseconds }} - sentinel failover-timeout {{ .Values.sentinel.masterSet }} {{ .Values.sentinel.failoverTimeout }} - sentinel parallel-syncs {{ .Values.sentinel.masterSet }} {{ .Values.sentinel.parallelSyncs }} - {{- if or .Values.sentinel.masterService.enabled .Values.sentinel.service.createMaster }} - sentinel client-reconfig-script {{ .Values.sentinel.masterSet }} /opt/bitnami/scripts/start-scripts/push-master-label.sh - {{- end }} - # User-supplied sentinel configuration: - {{- if .Values.sentinel.configuration }} - {{- include "common.tplvalues.render" ( dict "value" .Values.sentinel.configuration "context" $ ) | nindent 4 }} - {{- end }} - # End of sentinel configuration - {{- end }} -{{- end }} diff --git a/packages/system/dashboard/charts/kubeapps/charts/redis/templates/extra-list.yaml b/packages/system/dashboard/charts/kubeapps/charts/redis/templates/extra-list.yaml deleted file mode 100644 index 329f5c65..00000000 --- a/packages/system/dashboard/charts/kubeapps/charts/redis/templates/extra-list.yaml +++ /dev/null @@ -1,9 +0,0 @@ -{{- /* -Copyright Broadcom, Inc. All Rights Reserved. -SPDX-License-Identifier: APACHE-2.0 -*/}} - -{{- range .Values.extraDeploy }} ---- -{{ include "common.tplvalues.render" (dict "value" . "context" $) }} -{{- end }} diff --git a/packages/system/dashboard/charts/kubeapps/charts/redis/templates/headless-svc.yaml b/packages/system/dashboard/charts/kubeapps/charts/redis/templates/headless-svc.yaml deleted file mode 100644 index 280d9de0..00000000 --- a/packages/system/dashboard/charts/kubeapps/charts/redis/templates/headless-svc.yaml +++ /dev/null @@ -1,35 +0,0 @@ -{{- /* -Copyright Broadcom, Inc. All Rights Reserved. -SPDX-License-Identifier: APACHE-2.0 -*/}} - -apiVersion: v1 -kind: Service -metadata: - name: {{ printf "%s-headless" (include "common.names.fullname" .) }} - namespace: {{ include "common.names.namespace" . | quote }} - labels: {{- include "common.labels.standard" ( dict "customLabels" .Values.commonLabels "context" $ ) | nindent 4 }} - {{- if or .Values.sentinel.service.headless.annotations .Values.commonAnnotations (include "redis.externalDNS.annotations" .) }} - annotations: - {{- if or .Values.sentinel.service.headless.annotations .Values.commonAnnotations }} - {{- $annotations := include "common.tplvalues.merge" ( dict "values" ( list .Values.sentinel.service.headless.annotations .Values.commonAnnotations ) "context" . ) }} - {{- include "common.tplvalues.render" ( dict "value" $annotations "context" $) | nindent 4 }} - {{- end }} - {{- include "redis.externalDNS.annotations" . | nindent 4 }} - {{- end }} -spec: - type: ClusterIP - clusterIP: None - {{- if .Values.sentinel.enabled }} - publishNotReadyAddresses: true - {{- end }} - ports: - - name: tcp-redis - port: {{ if .Values.sentinel.enabled }}{{ .Values.sentinel.service.ports.redis }}{{ else }}{{ .Values.master.service.ports.redis }}{{ end }} - targetPort: redis - {{- if .Values.sentinel.enabled }} - - name: tcp-sentinel - port: {{ .Values.sentinel.service.ports.sentinel }} - targetPort: redis-sentinel - {{- end }} - selector: {{- include "common.labels.matchLabels" ( dict "customLabels" .Values.commonLabels "context" $ ) | nindent 4 }} diff --git a/packages/system/dashboard/charts/kubeapps/charts/redis/templates/health-configmap.yaml b/packages/system/dashboard/charts/kubeapps/charts/redis/templates/health-configmap.yaml deleted file mode 100644 index bdd72a05..00000000 --- a/packages/system/dashboard/charts/kubeapps/charts/redis/templates/health-configmap.yaml +++ /dev/null @@ -1,194 +0,0 @@ -{{- /* -Copyright Broadcom, Inc. All Rights Reserved. -SPDX-License-Identifier: APACHE-2.0 -*/}} - -apiVersion: v1 -kind: ConfigMap -metadata: - name: {{ printf "%s-health" (include "common.names.fullname" .) }} - namespace: {{ include "common.names.namespace" . | quote }} - labels: {{- include "common.labels.standard" ( dict "customLabels" .Values.commonLabels "context" $ ) | nindent 4 }} - {{- if .Values.commonAnnotations }} - annotations: {{- include "common.tplvalues.render" ( dict "value" .Values.commonAnnotations "context" $ ) | nindent 4 }} - {{- end }} -data: - ping_readiness_local.sh: |- - #!/bin/bash - - [[ -f $REDIS_PASSWORD_FILE ]] && export REDIS_PASSWORD="$(< "${REDIS_PASSWORD_FILE}")" - [[ -n "$REDIS_PASSWORD" ]] && export REDISCLI_AUTH="$REDIS_PASSWORD" - response=$( - timeout -s 15 $1 \ - redis-cli \ - -h localhost \ -{{- if .Values.tls.enabled }} - -p $REDIS_TLS_PORT \ - --tls \ - --cacert {{ template "redis.tlsCACert" . }} \ - {{- if .Values.tls.authClients }} - --cert {{ template "redis.tlsCert" . }} \ - --key {{ template "redis.tlsCertKey" . }} \ - {{- end }} -{{- else }} - -p $REDIS_PORT \ -{{- end }} - ping - ) - if [ "$?" -eq "124" ]; then - echo "Timed out" - exit 1 - fi - if [ "$response" != "PONG" ]; then - echo "$response" - exit 1 - fi - ping_liveness_local.sh: |- - #!/bin/bash - - [[ -f $REDIS_PASSWORD_FILE ]] && export REDIS_PASSWORD="$(< "${REDIS_PASSWORD_FILE}")" - [[ -n "$REDIS_PASSWORD" ]] && export REDISCLI_AUTH="$REDIS_PASSWORD" - response=$( - timeout -s 15 $1 \ - redis-cli \ - -h localhost \ -{{- if .Values.tls.enabled }} - -p $REDIS_TLS_PORT \ - --tls \ - --cacert {{ template "redis.tlsCACert" . }} \ - {{- if .Values.tls.authClients }} - --cert {{ template "redis.tlsCert" . }} \ - --key {{ template "redis.tlsCertKey" . }} \ - {{- end }} -{{- else }} - -p $REDIS_PORT \ -{{- end }} - ping - ) - if [ "$?" -eq "124" ]; then - echo "Timed out" - exit 1 - fi - responseFirstWord=$(echo $response | head -n1 | awk '{print $1;}') - if [ "$response" != "PONG" ] && [ "$responseFirstWord" != "LOADING" ] && [ "$responseFirstWord" != "MASTERDOWN" ]; then - echo "$response" - exit 1 - fi -{{- if .Values.sentinel.enabled }} - ping_sentinel.sh: |- - #!/bin/bash - -{{- if .Values.auth.sentinel }} - [[ -f $REDIS_PASSWORD_FILE ]] && export REDIS_PASSWORD="$(< "${REDIS_PASSWORD_FILE}")" - [[ -n "$REDIS_PASSWORD" ]] && export REDISCLI_AUTH="$REDIS_PASSWORD" -{{- end }} - response=$( - timeout -s 15 $1 \ - redis-cli \ - -h localhost \ -{{- if .Values.tls.enabled }} - -p $REDIS_SENTINEL_TLS_PORT_NUMBER \ - --tls \ - --cacert "$REDIS_SENTINEL_TLS_CA_FILE" \ - {{- if .Values.tls.authClients }} - --cert "$REDIS_SENTINEL_TLS_CERT_FILE" \ - --key "$REDIS_SENTINEL_TLS_KEY_FILE" \ - {{- end }} -{{- else }} - -p $REDIS_SENTINEL_PORT \ -{{- end }} - ping - ) - if [ "$?" -eq "124" ]; then - echo "Timed out" - exit 1 - fi - if [ "$response" != "PONG" ]; then - echo "$response" - exit 1 - fi - parse_sentinels.awk: |- - /ip/ {FOUND_IP=1} - /port/ {FOUND_PORT=1} - /runid/ {FOUND_RUNID=1} - !/ip|port|runid/ { - if (FOUND_IP==1) { - IP=$1; FOUND_IP=0; - } - else if (FOUND_PORT==1) { - PORT=$1; - FOUND_PORT=0; - } else if (FOUND_RUNID==1) { - printf "\nsentinel known-sentinel {{ .Values.sentinel.masterSet }} %s %s %s", IP, PORT, $0; FOUND_RUNID=0; - } - } -{{- end }} - ping_readiness_master.sh: |- - #!/bin/bash - - [[ -f $REDIS_MASTER_PASSWORD_FILE ]] && export REDIS_MASTER_PASSWORD="$(< "${REDIS_MASTER_PASSWORD_FILE}")" - [[ -n "$REDIS_MASTER_PASSWORD" ]] && export REDISCLI_AUTH="$REDIS_MASTER_PASSWORD" - response=$( - timeout -s 15 $1 \ - redis-cli \ - -h $REDIS_MASTER_HOST \ - -p $REDIS_MASTER_PORT_NUMBER \ -{{- if .Values.tls.enabled }} - --tls \ - --cacert {{ template "redis.tlsCACert" . }} \ - {{- if .Values.tls.authClients }} - --cert {{ template "redis.tlsCert" . }} \ - --key {{ template "redis.tlsCertKey" . }} \ - {{- end }} -{{- end }} - ping - ) - if [ "$?" -eq "124" ]; then - echo "Timed out" - exit 1 - fi - if [ "$response" != "PONG" ]; then - echo "$response" - exit 1 - fi - ping_liveness_master.sh: |- - #!/bin/bash - - [[ -f $REDIS_MASTER_PASSWORD_FILE ]] && export REDIS_MASTER_PASSWORD="$(< "${REDIS_MASTER_PASSWORD_FILE}")" - [[ -n "$REDIS_MASTER_PASSWORD" ]] && export REDISCLI_AUTH="$REDIS_MASTER_PASSWORD" - response=$( - timeout -s 15 $1 \ - redis-cli \ - -h $REDIS_MASTER_HOST \ - -p $REDIS_MASTER_PORT_NUMBER \ -{{- if .Values.tls.enabled }} - --tls \ - --cacert {{ template "redis.tlsCACert" . }} \ - {{- if .Values.tls.authClients }} - --cert {{ template "redis.tlsCert" . }} \ - --key {{ template "redis.tlsCertKey" . }} \ - {{- end }} -{{- end }} - ping - ) - if [ "$?" -eq "124" ]; then - echo "Timed out" - exit 1 - fi - responseFirstWord=$(echo $response | head -n1 | awk '{print $1;}') - if [ "$response" != "PONG" ] && [ "$responseFirstWord" != "LOADING" ]; then - echo "$response" - exit 1 - fi - ping_readiness_local_and_master.sh: |- - script_dir="$(dirname "$0")" - exit_status=0 - "$script_dir/ping_readiness_local.sh" $1 || exit_status=$? - "$script_dir/ping_readiness_master.sh" $1 || exit_status=$? - exit $exit_status - ping_liveness_local_and_master.sh: |- - script_dir="$(dirname "$0")" - exit_status=0 - "$script_dir/ping_liveness_local.sh" $1 || exit_status=$? - "$script_dir/ping_liveness_master.sh" $1 || exit_status=$? - exit $exit_status diff --git a/packages/system/dashboard/charts/kubeapps/charts/redis/templates/master/application.yaml b/packages/system/dashboard/charts/kubeapps/charts/redis/templates/master/application.yaml deleted file mode 100644 index 84f83021..00000000 --- a/packages/system/dashboard/charts/kubeapps/charts/redis/templates/master/application.yaml +++ /dev/null @@ -1,553 +0,0 @@ -{{- /* -Copyright Broadcom, Inc. All Rights Reserved. -SPDX-License-Identifier: APACHE-2.0 -*/}} - -{{- if gt (int64 .Values.master.count) 0 -}} -{{- if or (not (eq .Values.architecture "replication")) (not .Values.sentinel.enabled) }} -apiVersion: {{ include "common.capabilities.statefulset.apiVersion" . }} -kind: {{ .Values.master.kind }} -metadata: - name: {{ printf "%s-master" (include "common.names.fullname" .) }} - namespace: {{ include "common.names.namespace" . | quote }} - labels: {{- include "common.labels.standard" ( dict "customLabels" .Values.commonLabels "context" $ ) | nindent 4 }} - app.kubernetes.io/component: master - {{- if .Values.commonAnnotations }} - annotations: {{- include "common.tplvalues.render" ( dict "value" .Values.commonAnnotations "context" $ ) | nindent 4 }} - {{- end }} -spec: - {{- if not (eq .Values.master.kind "DaemonSet") }} - replicas: {{ .Values.master.count }} - {{- end }} - revisionHistoryLimit: {{ .Values.master.revisionHistoryLimit }} - {{- $podLabels := include "common.tplvalues.merge" ( dict "values" ( list .Values.master.podLabels .Values.commonLabels ) "context" . ) }} - selector: - matchLabels: {{- include "common.labels.matchLabels" ( dict "customLabels" $podLabels "context" $ ) | nindent 6 }} - app.kubernetes.io/component: master - {{- if (eq .Values.master.kind "StatefulSet") }} - serviceName: {{ printf "%s-headless" (include "common.names.fullname" .) }} - {{- end }} - {{- if .Values.master.updateStrategy }} - {{- if (eq .Values.master.kind "Deployment") }} - strategy: {{- toYaml .Values.master.updateStrategy | nindent 4 }} - {{- else }} - updateStrategy: {{- toYaml .Values.master.updateStrategy | nindent 4 }} - {{- end }} - {{- if and .Values.master.minReadySeconds (semverCompare ">= 1.23-0" (include "common.capabilities.kubeVersion" .)) }} - minReadySeconds: {{ .Values.master.minReadySeconds }} - {{- end }} - {{- end }} - template: - metadata: - labels: {{- include "common.labels.standard" ( dict "customLabels" $podLabels "context" $ ) | nindent 8 }} - app.kubernetes.io/component: master - {{- if and .Values.metrics.enabled .Values.metrics.podLabels }} - {{- include "common.tplvalues.render" ( dict "value" .Values.metrics.podLabels "context" $ ) | nindent 8 }} - {{- end }} - annotations: - {{- if (include "redis.createConfigmap" .) }} - checksum/configmap: {{ pick ( include (print $.Template.BasePath "/configmap.yaml") . | fromYaml ) "data" | toYaml | sha256sum }} - {{- end }} - checksum/health: {{ pick ( include (print $.Template.BasePath "/health-configmap.yaml") . | fromYaml ) "data" | toYaml | sha256sum }} - checksum/scripts: {{ pick ( include (print $.Template.BasePath "/scripts-configmap.yaml") . | fromYaml ) "data" | toYaml | sha256sum }} - checksum/secret: {{ pick ( include (print $.Template.BasePath "/secret.yaml") . | fromYaml ) "data" | toYaml | sha256sum }} - {{- if .Values.master.podAnnotations }} - {{- include "common.tplvalues.render" ( dict "value" .Values.master.podAnnotations "context" $ ) | nindent 8 }} - {{- end }} - {{- if and .Values.metrics.enabled .Values.metrics.podAnnotations }} - {{- include "common.tplvalues.render" ( dict "value" .Values.metrics.podAnnotations "context" $ ) | nindent 8 }} - {{- end }} - spec: - {{- if .Values.master.extraPodSpec }} - {{- include "common.tplvalues.render" (dict "value" .Values.master.extraPodSpec "context" $) | nindent 6 }} - {{- end }} - {{- include "redis.imagePullSecrets" . | nindent 6 }} - {{- if .Values.master.hostAliases }} - hostAliases: {{- include "common.tplvalues.render" (dict "value" .Values.master.hostAliases "context" $) | nindent 8 }} - {{- end }} - {{- if .Values.master.podSecurityContext.enabled }} - securityContext: {{- include "common.compatibility.renderSecurityContext" (dict "secContext" .Values.master.podSecurityContext "context" $) | nindent 8 }} - {{- end }} - serviceAccountName: {{ template "redis.masterServiceAccountName" . }} - automountServiceAccountToken: {{ .Values.master.automountServiceAccountToken }} - {{- if .Values.master.priorityClassName }} - priorityClassName: {{ .Values.master.priorityClassName | quote }} - {{- end }} - {{- if .Values.master.affinity }} - affinity: {{- include "common.tplvalues.render" (dict "value" .Values.master.affinity "context" $) | nindent 8 }} - {{- else }} - affinity: - podAffinity: {{- include "common.affinities.pods" (dict "type" .Values.master.podAffinityPreset "component" "master" "customLabels" $podLabels "context" $) | nindent 10 }} - podAntiAffinity: {{- include "common.affinities.pods" (dict "type" .Values.master.podAntiAffinityPreset "component" "master" "customLabels" $podLabels "context" $) | nindent 10 }} - nodeAffinity: {{- include "common.affinities.nodes" (dict "type" .Values.master.nodeAffinityPreset.type "key" .Values.master.nodeAffinityPreset.key "values" .Values.master.nodeAffinityPreset.values) | nindent 10 }} - {{- end }} - {{- if .Values.master.nodeSelector }} - nodeSelector: {{- include "common.tplvalues.render" (dict "value" .Values.master.nodeSelector "context" $) | nindent 8 }} - {{- end }} - {{- if .Values.master.tolerations }} - tolerations: {{- include "common.tplvalues.render" (dict "value" .Values.master.tolerations "context" $) | nindent 8 }} - {{- end }} - {{- if .Values.master.topologySpreadConstraints }} - topologySpreadConstraints: {{- include "common.tplvalues.render" (dict "value" .Values.master.topologySpreadConstraints "context" $) | nindent 8 }} - {{- end }} - {{- if .Values.master.shareProcessNamespace }} - shareProcessNamespace: {{ .Values.master.shareProcessNamespace }} - {{- end }} - {{- if .Values.master.schedulerName }} - schedulerName: {{ .Values.master.schedulerName | quote }} - {{- end }} - {{- if .Values.master.dnsPolicy }} - dnsPolicy: {{ .Values.master.dnsPolicy }} - {{- end }} - {{- if .Values.master.dnsConfig }} - dnsConfig: {{- include "common.tplvalues.render" (dict "value" .Values.master.dnsConfig "context" $) | nindent 8 }} - {{- end }} - enableServiceLinks: {{ .Values.master.enableServiceLinks }} - terminationGracePeriodSeconds: {{ .Values.master.terminationGracePeriodSeconds }} - containers: - - name: redis - image: {{ template "redis.image" . }} - imagePullPolicy: {{ .Values.image.pullPolicy | quote }} - {{- if .Values.master.lifecycleHooks }} - lifecycle: {{- include "common.tplvalues.render" (dict "value" .Values.master.lifecycleHooks "context" $) | nindent 12 }} - {{- end }} - {{- if .Values.master.containerSecurityContext.enabled }} - securityContext: {{- include "common.compatibility.renderSecurityContext" (dict "secContext" .Values.master.containerSecurityContext "context" $) | nindent 12 }} - {{- end }} - {{- if .Values.diagnosticMode.enabled }} - command: {{- include "common.tplvalues.render" (dict "value" .Values.diagnosticMode.command "context" $) | nindent 12 }} - {{- else if .Values.master.command }} - command: {{- include "common.tplvalues.render" (dict "value" .Values.master.command "context" $) | nindent 12 }} - {{- else }} - command: - - /bin/bash - {{- end }} - {{- if .Values.diagnosticMode.enabled }} - args: {{- include "common.tplvalues.render" (dict "value" .Values.diagnosticMode.args "context" $) | nindent 12 }} - {{- else if .Values.master.args }} - args: {{- include "common.tplvalues.render" (dict "value" .Values.master.args "context" $) | nindent 12 }} - {{- else }} - args: - - -c - - /opt/bitnami/scripts/start-scripts/start-master.sh - {{- end }} - env: - - name: BITNAMI_DEBUG - value: {{ ternary "true" "false" (or .Values.image.debug .Values.diagnosticMode.enabled) | quote }} - - name: REDIS_REPLICATION_MODE - value: master - - name: ALLOW_EMPTY_PASSWORD - value: {{ ternary "no" "yes" .Values.auth.enabled | quote }} - {{- if .Values.auth.enabled }} - {{- if .Values.auth.usePasswordFiles }} - - name: REDIS_PASSWORD_FILE - value: "/opt/bitnami/redis/secrets/redis-password" - {{- else }} - - name: REDIS_PASSWORD - valueFrom: - secretKeyRef: - name: {{ template "redis.secretName" . }} - key: {{ template "redis.secretPasswordKey" . }} - {{- end }} - {{- end }} - - name: REDIS_TLS_ENABLED - value: {{ ternary "yes" "no" .Values.tls.enabled | quote }} - {{- if .Values.tls.enabled }} - - name: REDIS_TLS_PORT - value: {{ .Values.master.containerPorts.redis | quote }} - - name: REDIS_TLS_AUTH_CLIENTS - value: {{ ternary "yes" "no" .Values.tls.authClients | quote }} - - name: REDIS_TLS_CERT_FILE - value: {{ template "redis.tlsCert" . }} - - name: REDIS_TLS_KEY_FILE - value: {{ template "redis.tlsCertKey" . }} - - name: REDIS_TLS_CA_FILE - value: {{ template "redis.tlsCACert" . }} - {{- if .Values.tls.dhParamsFilename }} - - name: REDIS_TLS_DH_PARAMS_FILE - value: {{ template "redis.tlsDHParams" . }} - {{- end }} - {{- else }} - - name: REDIS_PORT - value: {{ .Values.master.containerPorts.redis | quote }} - {{- end }} - {{- if .Values.master.extraEnvVars }} - {{- include "common.tplvalues.render" (dict "value" .Values.master.extraEnvVars "context" $) | nindent 12 }} - {{- end }} - {{- if or .Values.master.extraEnvVarsCM .Values.master.extraEnvVarsSecret }} - envFrom: - {{- if .Values.master.extraEnvVarsCM }} - - configMapRef: - name: {{ .Values.master.extraEnvVarsCM }} - {{- end }} - {{- if .Values.master.extraEnvVarsSecret }} - - secretRef: - name: {{ .Values.master.extraEnvVarsSecret }} - {{- end }} - {{- end }} - ports: - - name: redis - containerPort: {{ .Values.master.containerPorts.redis }} - {{- if not .Values.diagnosticMode.enabled }} - {{- if .Values.master.customStartupProbe }} - startupProbe: {{- include "common.tplvalues.render" (dict "value" .Values.master.customStartupProbe "context" $) | nindent 12 }} - {{- else if .Values.master.startupProbe.enabled }} - startupProbe: {{- include "common.tplvalues.render" (dict "value" (omit .Values.master.startupProbe "enabled") "context" $) | nindent 12 }} - tcpSocket: - port: redis - {{- end }} - {{- if .Values.master.customLivenessProbe }} - livenessProbe: {{- include "common.tplvalues.render" (dict "value" .Values.master.customLivenessProbe "context" $) | nindent 12 }} - {{- else if .Values.master.livenessProbe.enabled }} - livenessProbe: - initialDelaySeconds: {{ .Values.master.livenessProbe.initialDelaySeconds }} - periodSeconds: {{ .Values.master.livenessProbe.periodSeconds }} - # One second longer than command timeout should prevent generation of zombie processes. - timeoutSeconds: {{ add1 .Values.master.livenessProbe.timeoutSeconds }} - successThreshold: {{ .Values.master.livenessProbe.successThreshold }} - failureThreshold: {{ .Values.master.livenessProbe.failureThreshold }} - exec: - command: - - sh - - -c - - /health/ping_liveness_local.sh {{ .Values.master.livenessProbe.timeoutSeconds }} - {{- end }} - {{- if .Values.master.customReadinessProbe }} - readinessProbe: {{- include "common.tplvalues.render" (dict "value" .Values.master.customReadinessProbe "context" $) | nindent 12 }} - {{- else if .Values.master.readinessProbe.enabled }} - readinessProbe: - initialDelaySeconds: {{ .Values.master.readinessProbe.initialDelaySeconds }} - periodSeconds: {{ .Values.master.readinessProbe.periodSeconds }} - timeoutSeconds: {{ add1 .Values.master.readinessProbe.timeoutSeconds }} - successThreshold: {{ .Values.master.readinessProbe.successThreshold }} - failureThreshold: {{ .Values.master.readinessProbe.failureThreshold }} - exec: - command: - - sh - - -c - - /health/ping_readiness_local.sh {{ .Values.master.readinessProbe.timeoutSeconds }} - {{- end }} - {{- end }} - {{- if .Values.master.resources }} - resources: {{- toYaml .Values.master.resources | nindent 12 }} - {{- else if ne .Values.master.resourcesPreset "none" }} - resources: {{- include "common.resources.preset" (dict "type" .Values.master.resourcesPreset) | nindent 12 }} - {{- end }} - volumeMounts: - - name: start-scripts - mountPath: /opt/bitnami/scripts/start-scripts - - name: health - mountPath: /health - {{- if .Values.auth.usePasswordFiles }} - - name: redis-password - mountPath: /opt/bitnami/redis/secrets/ - {{- end }} - - name: redis-data - mountPath: {{ .Values.master.persistence.path }} - {{- if .Values.master.persistence.subPath }} - subPath: {{ .Values.master.persistence.subPath }} - {{- else if .Values.master.persistence.subPathExpr }} - subPathExpr: {{ .Values.master.persistence.subPathExpr }} - {{- end }} - - name: config - mountPath: /opt/bitnami/redis/mounted-etc - - name: empty-dir - mountPath: /opt/bitnami/redis/etc/ - subPath: app-conf-dir - - name: empty-dir - mountPath: /tmp - subPath: tmp-dir - {{- if .Values.tls.enabled }} - - name: redis-certificates - mountPath: /opt/bitnami/redis/certs - readOnly: true - {{- end }} - {{- if .Values.master.extraVolumeMounts }} - {{- include "common.tplvalues.render" ( dict "value" .Values.master.extraVolumeMounts "context" $ ) | nindent 12 }} - {{- end }} - {{- if .Values.metrics.enabled }} - - name: metrics - image: {{ include "redis.metrics.image" . }} - imagePullPolicy: {{ .Values.metrics.image.pullPolicy | quote }} - {{- if .Values.metrics.containerSecurityContext.enabled }} - securityContext: {{- include "common.compatibility.renderSecurityContext" (dict "secContext" .Values.metrics.containerSecurityContext "context" $) | nindent 12 }} - {{- end }} - {{- if .Values.diagnosticMode.enabled }} - command: {{- include "common.tplvalues.render" (dict "value" .Values.diagnosticMode.command "context" $) | nindent 12 }} - {{- else if .Values.metrics.command }} - command: {{- include "common.tplvalues.render" (dict "value" .Values.metrics.command "context" $) | nindent 12 }} - {{- else }} - command: - - /bin/bash - - -c - - | - if [[ -f '/secrets/redis-password' ]]; then - export REDIS_PASSWORD=$(cat /secrets/redis-password) - fi - redis_exporter{{- range $key, $value := .Values.metrics.extraArgs }} --{{ $key }}={{ $value }}{{- end }} - {{- end }} - {{- if .Values.diagnosticMode.enabled }} - args: {{- include "common.tplvalues.render" (dict "value" .Values.diagnosticMode.args "context" $) | nindent 12 }} - {{- end }} - env: - - name: REDIS_ALIAS - value: {{ template "common.names.fullname" . }} - - name: REDIS_EXPORTER_WEB_LISTEN_ADDRESS - value: {{ printf ":%v" .Values.metrics.containerPorts.http }} - {{- if .Values.auth.enabled }} - - name: REDIS_USER - value: default - {{- if (not .Values.auth.usePasswordFiles) }} - - name: REDIS_PASSWORD - valueFrom: - secretKeyRef: - name: {{ template "redis.secretName" . }} - key: {{ template "redis.secretPasswordKey" . }} - {{- end }} - {{- end }} - {{- if .Values.tls.enabled }} - - name: REDIS_ADDR - value: rediss://{{ .Values.metrics.redisTargetHost }}:{{ .Values.master.containerPorts.redis }} - {{- if .Values.tls.authClients }} - - name: REDIS_EXPORTER_TLS_CLIENT_KEY_FILE - value: {{ template "redis.tlsCertKey" . }} - - name: REDIS_EXPORTER_TLS_CLIENT_CERT_FILE - value: {{ template "redis.tlsCert" . }} - {{- end }} - - name: REDIS_EXPORTER_TLS_CA_CERT_FILE - value: {{ template "redis.tlsCACert" . }} - {{- end }} - {{- if .Values.metrics.extraEnvVars }} - {{- include "common.tplvalues.render" (dict "value" .Values.metrics.extraEnvVars "context" $) | nindent 12 }} - {{- end }} - ports: - - name: metrics - containerPort: {{ .Values.metrics.containerPorts.http }} - {{- if not .Values.diagnosticMode.enabled }} - {{- if .Values.metrics.customStartupProbe }} - startupProbe: {{- include "common.tplvalues.render" (dict "value" .Values.metrics.customStartupProbe "context" $) | nindent 12 }} - {{- else if .Values.metrics.startupProbe.enabled }} - startupProbe: {{- include "common.tplvalues.render" (dict "value" (omit .Values.metrics.startupProbe "enabled") "context" $) | nindent 12 }} - tcpSocket: - port: metrics - {{- end }} - {{- if .Values.metrics.customLivenessProbe }} - livenessProbe: {{- include "common.tplvalues.render" (dict "value" .Values.metrics.customLivenessProbe "context" $) | nindent 12 }} - {{- else if .Values.metrics.livenessProbe.enabled }} - livenessProbe: {{- include "common.tplvalues.render" (dict "value" (omit .Values.metrics.livenessProbe "enabled") "context" $) | nindent 12 }} - tcpSocket: - port: metrics - {{- end }} - {{- if .Values.metrics.customReadinessProbe }} - readinessProbe: {{- include "common.tplvalues.render" (dict "value" .Values.metrics.customReadinessProbe "context" $) | nindent 12 }} - {{- else if .Values.metrics.readinessProbe.enabled }} - readinessProbe: {{- include "common.tplvalues.render" (dict "value" (omit .Values.metrics.readinessProbe "enabled") "context" $) | nindent 12 }} - httpGet: - path: / - port: metrics - {{- end }} - {{- end }} - {{- if .Values.metrics.resources }} - resources: {{- toYaml .Values.metrics.resources | nindent 12 }} - {{- else if ne .Values.metrics.resourcesPreset "none" }} - resources: {{- include "common.resources.preset" (dict "type" .Values.metrics.resourcesPreset) | nindent 12 }} - {{- end }} - volumeMounts: - - name: empty-dir - mountPath: /tmp - subPath: app-tmp-dir - {{- if .Values.auth.usePasswordFiles }} - - name: redis-password - mountPath: /secrets/ - {{- end }} - {{- if .Values.tls.enabled }} - - name: redis-certificates - mountPath: /opt/bitnami/redis/certs - readOnly: true - {{- end }} - {{- if .Values.metrics.extraVolumeMounts }} - {{- include "common.tplvalues.render" ( dict "value" .Values.metrics.extraVolumeMounts "context" $ ) | nindent 12 }} - {{- end }} - {{- end }} - {{- if .Values.master.sidecars }} - {{- include "common.tplvalues.render" (dict "value" .Values.master.sidecars "context" $) | nindent 8 }} - {{- end }} - {{- $needsVolumePermissions := and .Values.volumePermissions.enabled .Values.master.persistence.enabled .Values.master.podSecurityContext.enabled .Values.master.containerSecurityContext.enabled }} - {{- if or .Values.master.initContainers $needsVolumePermissions .Values.sysctl.enabled }} - initContainers: - {{- if .Values.master.initContainers }} - {{- include "common.tplvalues.render" (dict "value" .Values.master.initContainers "context" $) | nindent 8 }} - {{- end }} - {{- if $needsVolumePermissions }} - - name: volume-permissions - image: {{ include "redis.volumePermissions.image" . }} - imagePullPolicy: {{ .Values.volumePermissions.image.pullPolicy | quote }} - command: - - /bin/bash - - -ec - - | - {{- if eq ( toString ( .Values.volumePermissions.containerSecurityContext.runAsUser )) "auto" }} - chown -R `id -u`:`id -G | cut -d " " -f2` {{ .Values.master.persistence.path }} - {{- else }} - chown -R {{ .Values.master.containerSecurityContext.runAsUser }}:{{ .Values.master.podSecurityContext.fsGroup }} {{ .Values.master.persistence.path }} - {{- end }} - {{- if eq ( toString ( .Values.volumePermissions.containerSecurityContext.runAsUser )) "auto" }} - securityContext: {{- omit .Values.volumePermissions.containerSecurityContext "runAsUser" | toYaml | nindent 12 }} - {{- else }} - securityContext: {{- .Values.volumePermissions.containerSecurityContext | toYaml | nindent 12 }} - {{- end }} - {{- if .Values.volumePermissions.extraEnvVars }} - env: - {{- include "common.tplvalues.render" (dict "value" .Values.volumePermissions.extraEnvVars "context" $) | nindent 12 }} - {{- end }} - {{- if .Values.volumePermissions.resources }} - resources: {{- toYaml .Values.volumePermissions.resources | nindent 12 }} - {{- else if ne .Values.volumePermissions.resourcesPreset "none" }} - resources: {{- include "common.resources.preset" (dict "type" .Values.volumePermissions.resourcesPreset) | nindent 12 }} - {{- end }} - volumeMounts: - - name: empty-dir - mountPath: /tmp - subPath: tmp-dir - - name: redis-data - mountPath: {{ .Values.master.persistence.path }} - {{- if .Values.master.persistence.subPath }} - subPath: {{ .Values.master.persistence.subPath }} - {{- else if .Values.master.persistence.subPathExpr }} - subPathExpr: {{ .Values.master.persistence.subPathExpr }} - {{- end }} - {{- end }} - {{- if .Values.sysctl.enabled }} - - name: init-sysctl - image: {{ include "redis.sysctl.image" . }} - imagePullPolicy: {{ default "" .Values.sysctl.image.pullPolicy | quote }} - securityContext: - privileged: true - runAsUser: 0 - {{- if .Values.sysctl.command }} - command: {{- include "common.tplvalues.render" (dict "value" .Values.sysctl.command "context" $) | nindent 12 }} - {{- end }} - {{- if .Values.sysctl.resources }} - resources: {{- toYaml .Values.sysctl.resources | nindent 12 }} - {{- else if ne .Values.sysctl.resourcesPreset "none" }} - resources: {{- include "common.resources.preset" (dict "type" .Values.sysctl.resourcesPreset) | nindent 12 }} - {{- end }} - {{- if .Values.sysctl.mountHostSys }} - volumeMounts: - - name: empty-dir - mountPath: /tmp - subPath: tmp-dir - - name: host-sys - mountPath: /host-sys - {{- end }} - {{- end }} - {{- end }} - volumes: - - name: start-scripts - configMap: - name: {{ printf "%s-scripts" (include "common.names.fullname" .) }} - defaultMode: 0755 - - name: health - configMap: - name: {{ printf "%s-health" (include "common.names.fullname" .) }} - defaultMode: 0755 - {{- if .Values.auth.usePasswordFiles }} - - name: redis-password - {{ if .Values.auth.usePasswordFileFromSecret }} - secret: - secretName: {{ template "redis.secretName" . }} - items: - - key: {{ template "redis.secretPasswordKey" . }} - path: redis-password - {{- else }} - emptyDir: {} - {{- end }} - {{- end }} - - name: config - configMap: - name: {{ include "redis.configmapName" . }} - {{- if .Values.sysctl.mountHostSys }} - - name: host-sys - hostPath: - path: /sys - {{- end }} - - name: empty-dir - {{- if or .Values.master.persistence.medium .Values.master.persistence.sizeLimit }} - emptyDir: - {{- if .Values.master.persistence.medium }} - medium: {{ .Values.master.persistence.medium | quote }} - {{- end }} - {{- if .Values.master.persistence.sizeLimit }} - sizeLimit: {{ .Values.master.persistence.sizeLimit | quote }} - {{- end }} - {{- else }} - emptyDir: {} - {{- end }} - {{- if .Values.tls.enabled }} - - name: redis-certificates - secret: - secretName: {{ include "redis.tlsSecretName" . }} - defaultMode: 256 - {{- end }} - {{- if .Values.master.extraVolumes }} - {{- include "common.tplvalues.render" ( dict "value" .Values.master.extraVolumes "context" $ ) | nindent 8 }} - {{- end }} - {{- if .Values.metrics.extraVolumes }} - {{- include "common.tplvalues.render" ( dict "value" .Values.metrics.extraVolumes "context" $ ) | nindent 8 }} - {{- end }} - {{- if or (not .Values.master.persistence.enabled) (eq .Values.master.kind "DaemonSet") }} - - name: redis-data - {{- if or .Values.master.persistence.medium .Values.master.persistence.sizeLimit }} - emptyDir: - {{- if .Values.master.persistence.medium }} - medium: {{ .Values.master.persistence.medium | quote }} - {{- end }} - {{- if .Values.master.persistence.sizeLimit }} - sizeLimit: {{ .Values.master.persistence.sizeLimit | quote }} - {{- end }} - {{- else }} - emptyDir: {} - {{- end }} - {{- else if .Values.master.persistence.existingClaim }} - - name: redis-data - persistentVolumeClaim: - claimName: {{ printf "%s" (tpl .Values.master.persistence.existingClaim .) }} - {{- else if (eq .Values.master.kind "Deployment") }} - - name: redis-data - persistentVolumeClaim: - claimName: {{ printf "redis-data-%s-master" (include "common.names.fullname" .) }} - {{- else }} - {{- if .Values.master.persistentVolumeClaimRetentionPolicy.enabled }} - persistentVolumeClaimRetentionPolicy: - whenDeleted: {{ .Values.master.persistentVolumeClaimRetentionPolicy.whenDeleted }} - whenScaled: {{ .Values.master.persistentVolumeClaimRetentionPolicy.whenScaled }} - {{- end }} - volumeClaimTemplates: - - apiVersion: v1 - kind: PersistentVolumeClaim - metadata: - name: redis-data - {{- $claimLabels := include "common.tplvalues.merge" ( dict "values" ( list .Values.master.persistence.labels .Values.commonLabels ) "context" . ) }} - labels: {{- include "common.labels.matchLabels" ( dict "customLabels" $claimLabels "context" $ ) | nindent 10 }} - app.kubernetes.io/component: master - {{- if .Values.master.persistence.annotations }} - annotations: {{- toYaml .Values.master.persistence.annotations | nindent 10 }} - {{- end }} - spec: - accessModes: - {{- range .Values.master.persistence.accessModes }} - - {{ . | quote }} - {{- end }} - resources: - requests: - storage: {{ .Values.master.persistence.size | quote }} - {{- if .Values.master.persistence.selector }} - selector: {{- include "common.tplvalues.render" (dict "value" .Values.master.persistence.selector "context" $) | nindent 10 }} - {{- end }} - {{- if .Values.master.persistence.dataSource }} - dataSource: {{- include "common.tplvalues.render" (dict "value" .Values.master.persistence.dataSource "context" $) | nindent 10 }} - {{- end }} - {{- include "common.storage.class" (dict "persistence" .Values.master.persistence "global" .Values.global) | nindent 8 }} - {{- end }} -{{- end }} -{{- end }} diff --git a/packages/system/dashboard/charts/kubeapps/charts/redis/templates/master/pdb.yaml b/packages/system/dashboard/charts/kubeapps/charts/redis/templates/master/pdb.yaml deleted file mode 100644 index dab636db..00000000 --- a/packages/system/dashboard/charts/kubeapps/charts/redis/templates/master/pdb.yaml +++ /dev/null @@ -1,27 +0,0 @@ -{{- /* -Copyright Broadcom, Inc. All Rights Reserved. -SPDX-License-Identifier: APACHE-2.0 -*/}} -{{- $pdb := coalesce .Values.pdb .Values.master.pdb }} -{{- if and $pdb.create (gt (int64 .Values.master.count) 0) (or (not (eq .Values.architecture "replication")) (not .Values.sentinel.enabled)) }} -apiVersion: {{ include "common.capabilities.policy.apiVersion" . }} -kind: PodDisruptionBudget -metadata: - name: {{ printf "%s-master" (include "common.names.fullname" .) }} - namespace: {{ include "common.names.namespace" . | quote }} - labels: {{- include "common.labels.standard" ( dict "customLabels" .Values.commonLabels "context" $ ) | nindent 4 }} - app.kubernetes.io/component: master - {{- if .Values.commonAnnotations }} - annotations: {{- include "common.tplvalues.render" ( dict "value" .Values.commonAnnotations "context" $ ) | nindent 4 }} - {{- end }} -spec: - {{- if $pdb.minAvailable }} - minAvailable: {{ $pdb.minAvailable }} - {{- end }} - {{- if or $pdb.maxUnavailable (not $pdb.minAvailable)}} - maxUnavailable: {{ $pdb.maxUnavailable | default 1 }} - {{- end }} - selector: - matchLabels: {{- include "common.labels.matchLabels" ( dict "customLabels" .Values.commonLabels "context" $ ) | nindent 6 }} - app.kubernetes.io/component: master -{{- end }} diff --git a/packages/system/dashboard/charts/kubeapps/charts/redis/templates/master/psp.yaml b/packages/system/dashboard/charts/kubeapps/charts/redis/templates/master/psp.yaml deleted file mode 100644 index 2a685f8e..00000000 --- a/packages/system/dashboard/charts/kubeapps/charts/redis/templates/master/psp.yaml +++ /dev/null @@ -1,47 +0,0 @@ -{{- /* -Copyright Broadcom, Inc. All Rights Reserved. -SPDX-License-Identifier: APACHE-2.0 -*/}} - -{{- if and (include "common.capabilities.psp.supported" .) .Values.podSecurityPolicy.create }} -apiVersion: policy/v1beta1 -kind: PodSecurityPolicy -metadata: - name: {{ printf "%s-master" (include "common.names.fullname" .) }} - namespace: {{ include "common.names.namespace" . | quote }} - labels: {{- include "common.labels.standard" ( dict "customLabels" .Values.commonLabels "context" $ ) | nindent 4 }} - {{- if .Values.commonAnnotations }} - annotations: {{- include "common.tplvalues.render" ( dict "value" .Values.commonAnnotations "context" $ ) | nindent 4 }} - {{- end }} -spec: - allowPrivilegeEscalation: false - fsGroup: - rule: 'MustRunAs' - ranges: - - min: {{ .Values.master.podSecurityContext.fsGroup }} - max: {{ .Values.master.podSecurityContext.fsGroup }} - hostIPC: false - hostNetwork: false - hostPID: false - privileged: false - readOnlyRootFilesystem: false - requiredDropCapabilities: - - ALL - runAsUser: - rule: 'MustRunAs' - ranges: - - min: {{ .Values.master.containerSecurityContext.runAsUser }} - max: {{ .Values.master.containerSecurityContext.runAsUser }} - seLinux: - rule: 'RunAsAny' - supplementalGroups: - rule: 'MustRunAs' - ranges: - - min: {{ .Values.master.containerSecurityContext.runAsUser }} - max: {{ .Values.master.containerSecurityContext.runAsUser }} - volumes: - - 'configMap' - - 'secret' - - 'emptyDir' - - 'persistentVolumeClaim' -{{- end }} diff --git a/packages/system/dashboard/charts/kubeapps/charts/redis/templates/master/pvc.yaml b/packages/system/dashboard/charts/kubeapps/charts/redis/templates/master/pvc.yaml deleted file mode 100644 index 13aee503..00000000 --- a/packages/system/dashboard/charts/kubeapps/charts/redis/templates/master/pvc.yaml +++ /dev/null @@ -1,33 +0,0 @@ -{{- /* -Copyright Broadcom, Inc. All Rights Reserved. -SPDX-License-Identifier: APACHE-2.0 -*/}} - -{{- if and (eq .Values.architecture "standalone") (eq .Values.master.kind "Deployment") (.Values.master.persistence.enabled) (not .Values.master.persistence.existingClaim) }} -kind: PersistentVolumeClaim -apiVersion: v1 -metadata: - name: {{ printf "redis-data-%s-master" (include "common.names.fullname" .) }} - namespace: {{ include "common.names.namespace" . | quote }} - {{- $labels := include "common.tplvalues.merge" ( dict "values" ( list .Values.master.persistence.labels .Values.commonLabels ) "context" . ) }} - labels: {{- include "common.labels.standard" ( dict "customLabels" $labels "context" $ ) | nindent 4 }} - app.kubernetes.io/component: master - {{- if .Values.master.persistence.annotations }} - annotations: {{- toYaml .Values.master.persistence.annotations | nindent 4 }} - {{- end }} -spec: - accessModes: - {{- range .Values.master.persistence.accessModes }} - - {{ . | quote }} - {{- end }} - resources: - requests: - storage: {{ .Values.master.persistence.size | quote }} - {{- if .Values.master.persistence.selector }} - selector: {{- include "common.tplvalues.render" (dict "value" .Values.master.persistence.selector "context" $) | nindent 4 }} - {{- end }} - {{- if .Values.master.persistence.dataSource }} - dataSource: {{- include "common.tplvalues.render" (dict "value" .Values.master.persistence.dataSource "context" $) | nindent 4 }} - {{- end }} - {{- include "common.storage.class" (dict "persistence" .Values.master.persistence "global" .Values.global) | nindent 2 }} -{{- end }} diff --git a/packages/system/dashboard/charts/kubeapps/charts/redis/templates/master/service.yaml b/packages/system/dashboard/charts/kubeapps/charts/redis/templates/master/service.yaml deleted file mode 100644 index b9bf47da..00000000 --- a/packages/system/dashboard/charts/kubeapps/charts/redis/templates/master/service.yaml +++ /dev/null @@ -1,62 +0,0 @@ -{{- /* -Copyright Broadcom, Inc. All Rights Reserved. -SPDX-License-Identifier: APACHE-2.0 -*/}} - -{{- if and (not .Values.sentinel.enabled) (gt (int64 .Values.master.count) 0) }} -apiVersion: v1 -kind: Service -metadata: - name: {{ printf "%s-master" (include "common.names.fullname" .) }} - namespace: {{ include "common.names.namespace" . | quote }} - labels: {{- include "common.labels.standard" ( dict "customLabels" .Values.commonLabels "context" $ ) | nindent 4 }} - app.kubernetes.io/component: master - {{- if or .Values.master.service.annotations .Values.commonAnnotations }} - {{- $annotations := include "common.tplvalues.merge" ( dict "values" ( list .Values.master.service.annotations .Values.commonAnnotations ) "context" . ) }} - annotations: {{- include "common.tplvalues.render" ( dict "value" $annotations "context" $) | nindent 4 }} - {{- end }} -spec: - type: {{ .Values.master.service.type }} - {{- if or (eq .Values.master.service.type "LoadBalancer") (eq .Values.master.service.type "NodePort") }} - externalTrafficPolicy: {{ .Values.master.service.externalTrafficPolicy | quote }} - {{- end }} - {{- if (semverCompare ">=1.22-0" (include "common.capabilities.kubeVersion" .)) }} - internalTrafficPolicy: {{ .Values.master.service.internalTrafficPolicy }} - {{- end }} - {{- if and (eq .Values.master.service.type "LoadBalancer") (not (empty .Values.master.service.loadBalancerIP)) }} - loadBalancerIP: {{ .Values.master.service.loadBalancerIP }} - {{- end }} - {{- if and (eq .Values.master.service.type "LoadBalancer") .Values.master.service.loadBalancerClass }} - loadBalancerClass: {{ .Values.master.service.loadBalancerClass }} - {{- end }} - {{- if and (eq .Values.master.service.type "LoadBalancer") (not (empty .Values.master.service.loadBalancerSourceRanges)) }} - loadBalancerSourceRanges: {{ toYaml .Values.master.service.loadBalancerSourceRanges | nindent 4 }} - {{- end }} - {{- if and .Values.master.service.clusterIP (eq .Values.master.service.type "ClusterIP") }} - clusterIP: {{ .Values.master.service.clusterIP }} - {{- end }} - {{- if .Values.master.service.sessionAffinity }} - sessionAffinity: {{ .Values.master.service.sessionAffinity }} - {{- end }} - {{- if .Values.master.service.sessionAffinityConfig }} - sessionAffinityConfig: {{- include "common.tplvalues.render" (dict "value" .Values.master.service.sessionAffinityConfig "context" $) | nindent 4 }} - {{- end }} - {{- if .Values.master.service.externalIPs }} - externalIPs: {{- include "common.tplvalues.render" (dict "value" .Values.master.service.externalIPs "context" $) | nindent 4 }} - {{- end }} - ports: - - name: {{ .Values.master.service.portNames.redis }} - port: {{ .Values.master.service.ports.redis }} - targetPort: redis - {{- if and (or (eq .Values.master.service.type "NodePort") (eq .Values.master.service.type "LoadBalancer")) .Values.master.service.nodePorts.redis}} - nodePort: {{ .Values.master.service.nodePorts.redis}} - {{- else if eq .Values.master.service.type "ClusterIP" }} - nodePort: null - {{- end }} - {{- if .Values.master.service.extraPorts }} - {{- include "common.tplvalues.render" (dict "value" .Values.master.service.extraPorts "context" $) | nindent 4 }} - {{- end }} - {{- $podLabels := include "common.tplvalues.merge" ( dict "values" ( list .Values.master.podLabels .Values.commonLabels ) "context" . ) }} - selector: {{- include "common.labels.matchLabels" ( dict "customLabels" $podLabels "context" $ ) | nindent 4 }} - app.kubernetes.io/component: master -{{- end }} diff --git a/packages/system/dashboard/charts/kubeapps/charts/redis/templates/master/serviceaccount.yaml b/packages/system/dashboard/charts/kubeapps/charts/redis/templates/master/serviceaccount.yaml deleted file mode 100644 index bf58cc50..00000000 --- a/packages/system/dashboard/charts/kubeapps/charts/redis/templates/master/serviceaccount.yaml +++ /dev/null @@ -1,18 +0,0 @@ -{{- /* -Copyright Broadcom, Inc. All Rights Reserved. -SPDX-License-Identifier: APACHE-2.0 -*/}} - -{{- if and .Values.master.serviceAccount.create (or (not (eq .Values.architecture "replication")) (not .Values.sentinel.enabled)) }} -apiVersion: v1 -kind: ServiceAccount -automountServiceAccountToken: {{ .Values.master.serviceAccount.automountServiceAccountToken }} -metadata: - name: {{ template "redis.masterServiceAccountName" . }} - namespace: {{ include "common.names.namespace" . | quote }} - labels: {{- include "common.labels.standard" ( dict "customLabels" .Values.commonLabels "context" $ ) | nindent 4 }} - {{- if or .Values.master.serviceAccount.annotations .Values.commonAnnotations }} - {{- $annotations := include "common.tplvalues.merge" ( dict "values" ( list .Values.master.serviceAccount.annotations .Values.commonAnnotations ) "context" . ) }} - annotations: {{- include "common.tplvalues.render" ( dict "value" $annotations "context" $) | nindent 4 }} - {{- end }} -{{- end }} diff --git a/packages/system/dashboard/charts/kubeapps/charts/redis/templates/metrics-svc.yaml b/packages/system/dashboard/charts/kubeapps/charts/redis/templates/metrics-svc.yaml deleted file mode 100644 index 529122ef..00000000 --- a/packages/system/dashboard/charts/kubeapps/charts/redis/templates/metrics-svc.yaml +++ /dev/null @@ -1,44 +0,0 @@ -{{- /* -Copyright Broadcom, Inc. All Rights Reserved. -SPDX-License-Identifier: APACHE-2.0 -*/}} - -{{- if and .Values.metrics.enabled .Values.metrics.service.enabled }} -apiVersion: v1 -kind: Service -metadata: - name: {{ printf "%s-metrics" (include "common.names.fullname" .) }} - namespace: {{ include "common.names.namespace" . | quote }} - labels: {{- include "common.labels.standard" ( dict "customLabels" .Values.commonLabels "context" $ ) | nindent 4 }} - app.kubernetes.io/component: metrics - {{- if or .Values.metrics.service.annotations .Values.commonAnnotations }} - {{- $annotations := include "common.tplvalues.merge" ( dict "values" ( list .Values.metrics.service.annotations .Values.commonAnnotations ) "context" . ) }} - annotations: {{- include "common.tplvalues.render" ( dict "value" $annotations "context" $) | nindent 4 }} - {{- end }} -spec: - type: {{ .Values.metrics.service.type }} - {{- if and .Values.metrics.service.clusterIP (eq .Values.metrics.service.type "ClusterIP") }} - clusterIP: {{ .Values.metrics.service.clusterIP }} - {{- end }} - {{- if eq .Values.metrics.service.type "LoadBalancer" }} - externalTrafficPolicy: {{ .Values.metrics.service.externalTrafficPolicy }} - {{- end }} - {{- if and (eq .Values.metrics.service.type "LoadBalancer") .Values.metrics.service.loadBalancerIP }} - loadBalancerIP: {{ .Values.metrics.service.loadBalancerIP }} - {{- end }} - {{- if and (eq .Values.metrics.service.type "LoadBalancer") .Values.metrics.service.loadBalancerClass }} - loadBalancerClass: {{ .Values.metrics.service.loadBalancerClass }} - {{- end }} - {{- if and (eq .Values.metrics.service.type "LoadBalancer") .Values.metrics.service.loadBalancerSourceRanges }} - loadBalancerSourceRanges: {{- toYaml .Values.metrics.service.loadBalancerSourceRanges | nindent 4 }} - {{- end }} - ports: - - name: http-metrics - port: {{ coalesce .Values.metrics.service.ports.http .Values.metrics.service.port }} - protocol: TCP - targetPort: metrics - {{- if .Values.metrics.service.extraPorts }} - {{- include "common.tplvalues.render" (dict "value" .Values.metrics.service.extraPorts "context" $) | nindent 4 }} - {{- end }} - selector: {{- include "common.labels.matchLabels" ( dict "customLabels" .Values.commonLabels "context" $ ) | nindent 4 }} -{{- end }} diff --git a/packages/system/dashboard/charts/kubeapps/charts/redis/templates/networkpolicy.yaml b/packages/system/dashboard/charts/kubeapps/charts/redis/templates/networkpolicy.yaml deleted file mode 100644 index 3d652c6e..00000000 --- a/packages/system/dashboard/charts/kubeapps/charts/redis/templates/networkpolicy.yaml +++ /dev/null @@ -1,108 +0,0 @@ -{{- /* -Copyright Broadcom, Inc. All Rights Reserved. -SPDX-License-Identifier: APACHE-2.0 -*/}} - -{{- if .Values.networkPolicy.enabled }} -kind: NetworkPolicy -apiVersion: {{ template "networkPolicy.apiVersion" . }} -metadata: - name: {{ template "common.names.fullname" . }} - namespace: {{ include "common.names.namespace" . | quote }} - labels: {{- include "common.labels.standard" ( dict "customLabels" .Values.commonLabels "context" $ ) | nindent 4 }} - {{- if .Values.commonAnnotations }} - annotations: {{- include "common.tplvalues.render" ( dict "value" .Values.commonAnnotations "context" $ ) | nindent 4 }} - {{- end }} -spec: - podSelector: - matchLabels: {{- include "common.labels.matchLabels" ( dict "customLabels" .Values.commonLabels "context" $ ) | nindent 6 }} - policyTypes: - - Ingress - - Egress - {{- if .Values.networkPolicy.allowExternalEgress }} - egress: - - {} - {{- else }} - egress: - {{- if eq .Values.architecture "replication" }} - # Allow dns resolution - - ports: - - port: 53 - protocol: UDP - # Allow outbound connections to other cluster pods - - ports: - - port: {{ .Values.master.containerPorts.redis }} - {{- if .Values.sentinel.enabled }} - - port: {{ .Values.sentinel.containerPorts.sentinel }} - {{- end }} - to: - - podSelector: - matchLabels: {{- include "common.labels.matchLabels" ( dict "customLabels" .Values.commonLabels "context" $ ) | nindent 14 }} - {{- end }} - {{- if .Values.networkPolicy.extraEgress }} - {{- include "common.tplvalues.render" ( dict "value" .Values.networkPolicy.extraEgress "context" $ ) | nindent 4 }} - {{- end }} - {{- end }} - ingress: - # Allow inbound connections - - ports: - - port: {{ .Values.master.containerPorts.redis }} - {{- if .Values.sentinel.enabled }} - - port: {{ .Values.sentinel.containerPorts.sentinel }} - {{- end }} - {{- if not .Values.networkPolicy.allowExternal }} - from: - - podSelector: - matchLabels: - {{ template "common.names.fullname" . }}-client: "true" - - podSelector: - matchLabels: {{- include "common.labels.matchLabels" ( dict "customLabels" .Values.commonLabels "context" $ ) | nindent 14 }} - {{- if or .Values.networkPolicy.ingressNSMatchLabels .Values.networkPolicy.ingressNSPodMatchLabels }} - - namespaceSelector: - matchLabels: - {{- if .Values.networkPolicy.ingressNSMatchLabels }} - {{- range $key, $value := .Values.networkPolicy.ingressNSMatchLabels }} - {{ $key | quote }}: {{ $value | quote }} - {{- end }} - {{ else }} - {} - {{- end }} - {{- if .Values.networkPolicy.ingressNSPodMatchLabels }} - podSelector: - matchLabels: - {{- range $key, $value := .Values.networkPolicy.ingressNSPodMatchLabels }} - {{ $key | quote }}: {{ $value | quote }} - {{- end }} - {{- end }} - {{- end }} - {{- end }} - {{- if .Values.metrics.enabled }} - # Allow prometheus scrapes for metrics - - ports: - - port: {{ .Values.metrics.containerPorts.http }} - {{- if not .Values.networkPolicy.metrics.allowExternal }} - from: - {{- if or .Values.networkPolicy.metrics.ingressNSMatchLabels .Values.networkPolicy.metrics.ingressNSPodMatchLabels }} - - namespaceSelector: - matchLabels: - {{- if .Values.networkPolicy.metrics.ingressNSMatchLabels }} - {{- range $key, $value := .Values.networkPolicy.metrics.ingressNSMatchLabels }} - {{ $key | quote }}: {{ $value | quote }} - {{- end }} - {{ else }} - {} - {{- end }} - {{- if .Values.networkPolicy.metrics.ingressNSPodMatchLabels }} - podSelector: - matchLabels: - {{- range $key, $value := .Values.networkPolicy.metrics.ingressNSPodMatchLabels }} - {{ $key | quote }}: {{ $value | quote }} - {{- end }} - {{- end }} - {{- end }} - {{- end }} - {{- end }} - {{- if .Values.networkPolicy.extraIngress }} - {{- include "common.tplvalues.render" ( dict "value" .Values.networkPolicy.extraIngress "context" $ ) | nindent 4 }} - {{- end }} -{{- end }} diff --git a/packages/system/dashboard/charts/kubeapps/charts/redis/templates/podmonitor.yaml b/packages/system/dashboard/charts/kubeapps/charts/redis/templates/podmonitor.yaml deleted file mode 100644 index 32976106..00000000 --- a/packages/system/dashboard/charts/kubeapps/charts/redis/templates/podmonitor.yaml +++ /dev/null @@ -1,81 +0,0 @@ -{{- /* -Copyright Broadcom, Inc. All Rights Reserved. -SPDX-License-Identifier: APACHE-2.0 -*/}} - -{{- if and .Values.metrics.enabled .Values.metrics.podMonitor.enabled }} -apiVersion: monitoring.coreos.com/v1 -kind: PodMonitor -metadata: - name: {{ template "common.names.fullname" . }} - namespace: {{ default (include "common.names.namespace" .) .Values.metrics.podMonitor.namespace | quote }} - labels: {{- include "common.labels.standard" ( dict "customLabels" .Values.commonLabels "context" $ ) | nindent 4 }} - {{- if .Values.metrics.podMonitor.additionalLabels }} - {{- include "common.tplvalues.render" (dict "value" .Values.metrics.podMonitor.additionalLabels "context" $) | nindent 4 }} - {{- end }} - {{- if .Values.commonAnnotations }} - annotations: {{- include "common.tplvalues.render" ( dict "value" .Values.commonAnnotations "context" $ ) | nindent 4 }} - {{- end }} -spec: - podMetricsEndpoints: - - port: {{ .Values.metrics.podMonitor.port }} - {{- if .Values.metrics.podMonitor.interval }} - interval: {{ .Values.metrics.podMonitor.interval }} - {{- end }} - {{- if .Values.metrics.podMonitor.scrapeTimeout }} - scrapeTimeout: {{ .Values.metrics.podMonitor.scrapeTimeout }} - {{- end }} - {{- if .Values.metrics.podMonitor.honorLabels }} - honorLabels: {{ .Values.metrics.podMonitor.honorLabels }} - {{- end }} - {{- with concat .Values.metrics.podMonitor.relabelings .Values.metrics.podMonitor.relabellings }} - relabelings: {{- toYaml . | nindent 6 }} - {{- end }} - {{- if .Values.metrics.podMonitor.metricRelabelings }} - metricRelabelings: {{- toYaml .Values.metrics.podMonitor.metricRelabelings | nindent 6 }} - {{- end }} - {{- range .Values.metrics.podMonitor.additionalEndpoints }} - - port: {{ .port }} - {{- if .interval }} - interval: {{ .interval }} - {{- end }} - {{- if .path }} - path: {{ .path }} - {{- end }} - {{- if .honorLabels }} - honorLabels: {{ .honorLabels }} - {{- end }} - {{- with concat .relabelings .relabellings }} - relabelings: {{- toYaml . | nindent 6 }} - {{- end }} - {{- if .metricRelabelings }} - metricRelabelings: {{- toYaml .metricRelabelings | nindent 6 }} - {{- end }} - {{- if .scrapeTimeout }} - scrapeTimeout: {{ .scrapeTimeout }} - {{- end }} - {{- if .params }} - params: - {{- range $key, $value := .params }} - {{ $key }}: - {{- range $value }} - - {{ . | quote }} - {{- end }} - {{- end }} - {{- end }} - {{- end }} - {{- if .Values.metrics.serviceMonitor.podTargetLabels }} - podTargetLabels: {{- toYaml .Values.metrics.podMonitor.podTargetLabels | nindent 4 }} - {{- end }} - {{- with .Values.metrics.podMonitor.sampleLimit -}} - sampleLimit: {{ . }} - {{- end }} - {{- with .Values.metrics.podMonitor.targetLimit -}} - targetLimit: {{ . }} - {{- end }} - namespaceSelector: - matchNames: - - {{ include "common.names.namespace" . | quote }} - selector: - matchLabels: {{- include "common.labels.matchLabels" ( dict "customLabels" .Values.commonLabels "context" $ ) | nindent 6 }} -{{- end }} diff --git a/packages/system/dashboard/charts/kubeapps/charts/redis/templates/prometheusrule.yaml b/packages/system/dashboard/charts/kubeapps/charts/redis/templates/prometheusrule.yaml deleted file mode 100644 index 56c013bd..00000000 --- a/packages/system/dashboard/charts/kubeapps/charts/redis/templates/prometheusrule.yaml +++ /dev/null @@ -1,23 +0,0 @@ -{{- /* -Copyright Broadcom, Inc. All Rights Reserved. -SPDX-License-Identifier: APACHE-2.0 -*/}} - -{{- if and .Values.metrics.enabled .Values.metrics.prometheusRule.enabled }} -apiVersion: monitoring.coreos.com/v1 -kind: PrometheusRule -metadata: - name: {{ template "common.names.fullname" . }} - namespace: {{ default (include "common.names.namespace" .) .Values.metrics.prometheusRule.namespace | quote }} - labels: {{- include "common.labels.standard" ( dict "customLabels" .Values.commonLabels "context" $ ) | nindent 4 }} - {{- if .Values.metrics.prometheusRule.additionalLabels }} - {{- include "common.tplvalues.render" (dict "value" .Values.metrics.prometheusRule.additionalLabels "context" $) | nindent 4 }} - {{- end }} - {{- if .Values.commonAnnotations }} - annotations: {{- include "common.tplvalues.render" ( dict "value" .Values.commonAnnotations "context" $ ) | nindent 4 }} - {{- end }} -spec: - groups: - - name: {{ include "common.names.fullname" . }} - rules: {{- include "common.tplvalues.render" ( dict "value" .Values.metrics.prometheusRule.rules "context" $ ) | nindent 8 }} -{{- end }} diff --git a/packages/system/dashboard/charts/kubeapps/charts/redis/templates/replicas/application.yaml b/packages/system/dashboard/charts/kubeapps/charts/redis/templates/replicas/application.yaml deleted file mode 100644 index bba4c7e9..00000000 --- a/packages/system/dashboard/charts/kubeapps/charts/redis/templates/replicas/application.yaml +++ /dev/null @@ -1,568 +0,0 @@ -{{- /* -Copyright Broadcom, Inc. All Rights Reserved. -SPDX-License-Identifier: APACHE-2.0 -*/}} - -{{- if and (eq .Values.architecture "replication") (not .Values.sentinel.enabled) }} -apiVersion: {{ include "common.capabilities.statefulset.apiVersion" . }} -kind: {{ .Values.replica.kind }} -metadata: - name: {{ printf "%s-replicas" (include "common.names.fullname" .) }} - namespace: {{ include "common.names.namespace" . | quote }} - labels: {{- include "common.labels.standard" ( dict "customLabels" .Values.commonLabels "context" $ ) | nindent 4 }} - app.kubernetes.io/component: replica - {{- if .Values.commonAnnotations }} - annotations: {{- include "common.tplvalues.render" ( dict "value" .Values.commonAnnotations "context" $ ) | nindent 4 }} - {{- end }} -spec: - {{- if and (not (eq .Values.replica.kind "DaemonSet")) (not .Values.replica.autoscaling.enabled) }} - replicas: {{ .Values.replica.replicaCount }} - {{- end }} - revisionHistoryLimit: {{ .Values.replica.revisionHistoryLimit }} - {{- $podLabels := include "common.tplvalues.merge" ( dict "values" ( list .Values.replica.podLabels .Values.commonLabels ) "context" . ) }} - selector: - matchLabels: {{- include "common.labels.matchLabels" ( dict "customLabels" $podLabels "context" $ ) | nindent 6 }} - app.kubernetes.io/component: replica - {{- if (eq .Values.replica.kind "StatefulSet") }} - serviceName: {{ printf "%s-headless" (include "common.names.fullname" .) }} - {{- end }} - {{- if .Values.replica.updateStrategy }} - updateStrategy: {{- toYaml .Values.replica.updateStrategy | nindent 4 }} - {{- end }} - {{- if and .Values.replica.minReadySeconds (semverCompare ">= 1.23-0" (include "common.capabilities.kubeVersion" .)) }} - minReadySeconds: {{ .Values.replica.minReadySeconds }} - {{- end }} - {{- if .Values.replica.podManagementPolicy }} - podManagementPolicy: {{ .Values.replica.podManagementPolicy | quote }} - {{- end }} - template: - metadata: - labels: {{- include "common.labels.standard" ( dict "customLabels" $podLabels "context" $ ) | nindent 8 }} - app.kubernetes.io/component: replica - {{- if and .Values.metrics.enabled .Values.metrics.podLabels }} - {{- include "common.tplvalues.render" ( dict "value" .Values.metrics.podLabels "context" $ ) | nindent 8 }} - {{- end }} - annotations: - {{- if (include "redis.createConfigmap" .) }} - checksum/configmap: {{ pick ( include (print $.Template.BasePath "/configmap.yaml") . | fromYaml ) "data" | toYaml | sha256sum }} - {{- end }} - checksum/health: {{ pick ( include (print $.Template.BasePath "/health-configmap.yaml") . | fromYaml ) "data" | toYaml | sha256sum }} - checksum/scripts: {{ pick ( include (print $.Template.BasePath "/scripts-configmap.yaml") . | fromYaml ) "data" | toYaml | sha256sum }} - checksum/secret: {{ pick ( include (print $.Template.BasePath "/secret.yaml") . | fromYaml ) "data" | toYaml | sha256sum }} - {{- if .Values.replica.podAnnotations }} - {{- include "common.tplvalues.render" ( dict "value" .Values.replica.podAnnotations "context" $ ) | nindent 8 }} - {{- end }} - {{- if and .Values.metrics.enabled .Values.metrics.podAnnotations }} - {{- include "common.tplvalues.render" ( dict "value" .Values.metrics.podAnnotations "context" $ ) | nindent 8 }} - {{- end }} - spec: - {{- if .Values.replica.extraPodSpec }} - {{- include "common.tplvalues.render" (dict "value" .Values.replica.extraPodSpec "context" $) | nindent 6 }} - {{- end }} - {{- include "redis.imagePullSecrets" . | nindent 6 }} - {{- if .Values.replica.hostAliases }} - hostAliases: {{- include "common.tplvalues.render" (dict "value" .Values.replica.hostAliases "context" $) | nindent 8 }} - {{- end }} - {{- if .Values.replica.podSecurityContext.enabled }} - securityContext: {{- include "common.compatibility.renderSecurityContext" (dict "secContext" .Values.replica.podSecurityContext "context" $) | nindent 8 }} - {{- end }} - serviceAccountName: {{ template "redis.replicaServiceAccountName" . }} - automountServiceAccountToken: {{ .Values.replica.automountServiceAccountToken }} - {{- if .Values.replica.priorityClassName }} - priorityClassName: {{ .Values.replica.priorityClassName | quote }} - {{- end }} - {{- if .Values.replica.affinity }} - affinity: {{- include "common.tplvalues.render" (dict "value" .Values.replica.affinity "context" $) | nindent 8 }} - {{- else }} - affinity: - podAffinity: {{- include "common.affinities.pods" (dict "type" .Values.replica.podAffinityPreset "component" "replica" "customLabels" $podLabels "context" $) | nindent 10 }} - podAntiAffinity: {{- include "common.affinities.pods" (dict "type" .Values.replica.podAntiAffinityPreset "component" "replica" "customLabels" $podLabels "context" $) | nindent 10 }} - nodeAffinity: {{- include "common.affinities.nodes" (dict "type" .Values.replica.nodeAffinityPreset.type "key" .Values.replica.nodeAffinityPreset.key "values" .Values.replica.nodeAffinityPreset.values) | nindent 10 }} - {{- end }} - {{- if .Values.replica.nodeSelector }} - nodeSelector: {{- include "common.tplvalues.render" (dict "value" .Values.replica.nodeSelector "context" $) | nindent 8 }} - {{- end }} - {{- if .Values.replica.tolerations }} - tolerations: {{- include "common.tplvalues.render" (dict "value" .Values.replica.tolerations "context" $) | nindent 8 }} - {{- end }} - {{- if .Values.replica.topologySpreadConstraints }} - topologySpreadConstraints: {{- include "common.tplvalues.render" (dict "value" .Values.replica.topologySpreadConstraints "context" $) | nindent 8 }} - {{- end }} - {{- if .Values.replica.shareProcessNamespace }} - shareProcessNamespace: {{ .Values.replica.shareProcessNamespace }} - {{- end }} - {{- if .Values.replica.schedulerName }} - schedulerName: {{ .Values.replica.schedulerName | quote }} - {{- end }} - {{- if .Values.replica.dnsPolicy }} - dnsPolicy: {{ .Values.replica.dnsPolicy }} - {{- end }} - {{- if .Values.replica.dnsConfig }} - dnsConfig: {{- include "common.tplvalues.render" (dict "value" .Values.replica.dnsConfig "context" $) | nindent 8 }} - {{- end }} - enableServiceLinks: {{ .Values.replica.enableServiceLinks }} - terminationGracePeriodSeconds: {{ .Values.replica.terminationGracePeriodSeconds }} - containers: - - name: redis - image: {{ template "redis.image" . }} - imagePullPolicy: {{ .Values.image.pullPolicy | quote }} - {{- if not .Values.diagnosticMode.enabled }} - {{- if .Values.replica.lifecycleHooks }} - lifecycle: {{- include "common.tplvalues.render" (dict "value" .Values.replica.lifecycleHooks "context" $) | nindent 12 }} - {{- end }} - {{- end }} - {{- if .Values.replica.containerSecurityContext.enabled }} - securityContext: {{- include "common.compatibility.renderSecurityContext" (dict "secContext" .Values.replica.containerSecurityContext "context" $) | nindent 12 }} - {{- end }} - {{- if .Values.diagnosticMode.enabled }} - command: {{- include "common.tplvalues.render" (dict "value" .Values.diagnosticMode.command "context" $) | nindent 12 }} - {{- else if .Values.replica.command }} - command: {{- include "common.tplvalues.render" (dict "value" .Values.replica.command "context" $) | nindent 12 }} - {{- else }} - command: - - /bin/bash - {{- end }} - {{- if .Values.diagnosticMode.enabled }} - args: {{- include "common.tplvalues.render" (dict "value" .Values.diagnosticMode.args "context" $) | nindent 12 }} - {{- else if .Values.replica.args }} - args: {{- include "common.tplvalues.render" (dict "value" .Values.replica.args "context" $) | nindent 12 }} - {{- else }} - args: - - -c - - /opt/bitnami/scripts/start-scripts/start-replica.sh - {{- end }} - env: - - name: BITNAMI_DEBUG - value: {{ ternary "true" "false" (or .Values.image.debug .Values.diagnosticMode.enabled) | quote }} - - name: REDIS_REPLICATION_MODE - value: replica - - name: REDIS_MASTER_HOST - {{- if .Values.replica.externalMaster.enabled }} - value: {{ .Values.replica.externalMaster.host | quote }} - {{- else if and (eq (int64 .Values.master.count) 1) (eq .Values.master.kind "StatefulSet") }} - value: {{ template "common.names.fullname" . }}-master-0.{{ template "common.names.fullname" . }}-headless.{{ include "common.names.namespace" . }}.svc.{{ .Values.clusterDomain }} - {{- else }} - value: {{ template "common.names.fullname" . }}-master.{{ include "common.names.namespace" . }}.svc.{{ .Values.clusterDomain }} - {{- end }} - - name: REDIS_MASTER_PORT_NUMBER - {{- if .Values.replica.externalMaster.enabled }} - value: {{ .Values.replica.externalMaster.port | quote }} - {{- else }} - value: {{ .Values.master.containerPorts.redis | quote }} - {{- end }} - - name: ALLOW_EMPTY_PASSWORD - value: {{ ternary "no" "yes" .Values.auth.enabled | quote }} - {{- if .Values.auth.enabled }} - {{- if .Values.auth.usePasswordFiles }} - - name: REDIS_PASSWORD_FILE - value: "/opt/bitnami/redis/secrets/redis-password" - - name: REDIS_MASTER_PASSWORD_FILE - value: "/opt/bitnami/redis/secrets/redis-password" - {{- else }} - - name: REDIS_PASSWORD - valueFrom: - secretKeyRef: - name: {{ template "redis.secretName" . }} - key: {{ template "redis.secretPasswordKey" . }} - - name: REDIS_MASTER_PASSWORD - valueFrom: - secretKeyRef: - name: {{ template "redis.secretName" . }} - key: {{ template "redis.secretPasswordKey" . }} - {{- end }} - {{- end }} - - name: REDIS_TLS_ENABLED - value: {{ ternary "yes" "no" .Values.tls.enabled | quote }} - {{- if .Values.tls.enabled }} - - name: REDIS_TLS_PORT - value: {{ .Values.replica.containerPorts.redis | quote }} - - name: REDIS_TLS_AUTH_CLIENTS - value: {{ ternary "yes" "no" .Values.tls.authClients | quote }} - - name: REDIS_TLS_CERT_FILE - value: {{ template "redis.tlsCert" . }} - - name: REDIS_TLS_KEY_FILE - value: {{ template "redis.tlsCertKey" . }} - - name: REDIS_TLS_CA_FILE - value: {{ template "redis.tlsCACert" . }} - {{- if .Values.tls.dhParamsFilename }} - - name: REDIS_TLS_DH_PARAMS_FILE - value: {{ template "redis.tlsDHParams" . }} - {{- end }} - {{- else }} - - name: REDIS_PORT - value: {{ .Values.replica.containerPorts.redis | quote }} - {{- end }} - {{- if .Values.replica.extraEnvVars }} - {{- include "common.tplvalues.render" (dict "value" .Values.replica.extraEnvVars "context" $) | nindent 12 }} - {{- end }} - {{- if or .Values.replica.extraEnvVarsCM .Values.replica.extraEnvVarsSecret }} - envFrom: - {{- if .Values.replica.extraEnvVarsCM }} - - configMapRef: - name: {{ .Values.replica.extraEnvVarsCM }} - {{- end }} - {{- if .Values.replica.extraEnvVarsSecret }} - - secretRef: - name: {{ .Values.replica.extraEnvVarsSecret }} - {{- end }} - {{- end }} - ports: - - name: redis - containerPort: {{ .Values.replica.containerPorts.redis }} - {{- if not .Values.diagnosticMode.enabled }} - {{- if .Values.replica.customStartupProbe }} - startupProbe: {{- include "common.tplvalues.render" (dict "value" .Values.replica.customStartupProbe "context" $) | nindent 12 }} - {{- else if .Values.replica.startupProbe.enabled }} - startupProbe: {{- include "common.tplvalues.render" (dict "value" (omit .Values.replica.startupProbe "enabled") "context" $) | nindent 12 }} - tcpSocket: - port: redis - {{- end }} - {{- if .Values.replica.customLivenessProbe }} - livenessProbe: {{- include "common.tplvalues.render" (dict "value" .Values.replica.customLivenessProbe "context" $) | nindent 12 }} - {{- else if .Values.replica.livenessProbe.enabled }} - livenessProbe: - initialDelaySeconds: {{ .Values.replica.livenessProbe.initialDelaySeconds }} - periodSeconds: {{ .Values.replica.livenessProbe.periodSeconds }} - timeoutSeconds: {{ add1 .Values.replica.livenessProbe.timeoutSeconds }} - successThreshold: {{ .Values.replica.livenessProbe.successThreshold }} - failureThreshold: {{ .Values.replica.livenessProbe.failureThreshold }} - exec: - command: - - sh - - -c - - /health/ping_liveness_local_and_master.sh {{ .Values.replica.livenessProbe.timeoutSeconds }} - {{- end }} - {{- if .Values.replica.customReadinessProbe }} - readinessProbe: {{- include "common.tplvalues.render" (dict "value" .Values.replica.customReadinessProbe "context" $) | nindent 12 }} - {{- else if .Values.replica.readinessProbe.enabled }} - readinessProbe: - initialDelaySeconds: {{ .Values.replica.readinessProbe.initialDelaySeconds }} - periodSeconds: {{ .Values.replica.readinessProbe.periodSeconds }} - timeoutSeconds: {{ add1 .Values.replica.readinessProbe.timeoutSeconds }} - successThreshold: {{ .Values.replica.readinessProbe.successThreshold }} - failureThreshold: {{ .Values.replica.readinessProbe.failureThreshold }} - exec: - command: - - sh - - -c - - /health/ping_readiness_local_and_master.sh {{ .Values.replica.readinessProbe.timeoutSeconds }} - {{- end }} - {{- end }} - {{- if .Values.replica.resources }} - resources: {{- toYaml .Values.replica.resources | nindent 12 }} - {{- else if ne .Values.replica.resourcesPreset "none" }} - resources: {{- include "common.resources.preset" (dict "type" .Values.replica.resourcesPreset) | nindent 12 }} - {{- end }} - volumeMounts: - - name: start-scripts - mountPath: /opt/bitnami/scripts/start-scripts - - name: health - mountPath: /health - {{- if .Values.auth.usePasswordFiles }} - - name: redis-password - mountPath: /opt/bitnami/redis/secrets/ - {{- end }} - - name: redis-data - mountPath: /data - {{- if .Values.replica.persistence.subPath }} - subPath: {{ .Values.replica.persistence.subPath }} - {{- else if .Values.replica.persistence.subPathExpr }} - subPathExpr: {{ .Values.replica.persistence.subPathExpr }} - {{- end }} - - name: config - mountPath: /opt/bitnami/redis/mounted-etc - - name: empty-dir - mountPath: /opt/bitnami/redis/etc - subPath: app-conf-dir - - name: empty-dir - mountPath: /tmp - subPath: tmp-dir - {{- if .Values.tls.enabled }} - - name: redis-certificates - mountPath: /opt/bitnami/redis/certs - readOnly: true - {{- end }} - {{- if .Values.replica.extraVolumeMounts }} - {{- include "common.tplvalues.render" ( dict "value" .Values.replica.extraVolumeMounts "context" $ ) | nindent 12 }} - {{- end }} - {{- if .Values.metrics.enabled }} - - name: metrics - image: {{ include "redis.metrics.image" . }} - imagePullPolicy: {{ .Values.metrics.image.pullPolicy | quote }} - {{- if .Values.metrics.containerSecurityContext.enabled }} - securityContext: {{- include "common.compatibility.renderSecurityContext" (dict "secContext" .Values.metrics.containerSecurityContext "context" $) | nindent 12 }} - {{- end }} - {{- if .Values.diagnosticMode.enabled }} - command: {{- include "common.tplvalues.render" (dict "value" .Values.diagnosticMode.command "context" $) | nindent 12 }} - {{- else if .Values.metrics.command }} - command: {{- include "common.tplvalues.render" (dict "value" .Values.metrics.command "context" $) | nindent 12 }} - {{- else }} - command: - - /bin/bash - - -c - - | - if [[ -f '/secrets/redis-password' ]]; then - export REDIS_PASSWORD=$(cat /secrets/redis-password) - fi - redis_exporter{{- range $key, $value := .Values.metrics.extraArgs }} --{{ $key }}={{ $value }}{{- end }} - {{- end }} - {{- if .Values.diagnosticMode.enabled }} - args: {{- include "common.tplvalues.render" (dict "value" .Values.diagnosticMode.args "context" $) | nindent 12 }} - {{- end }} - env: - - name: REDIS_ALIAS - value: {{ template "common.names.fullname" . }} - - name: REDIS_EXPORTER_WEB_LISTEN_ADDRESS - value: {{ printf ":%v" .Values.metrics.containerPorts.http }} - {{- if .Values.auth.enabled }} - - name: REDIS_USER - value: default - {{- if (not .Values.auth.usePasswordFiles) }} - - name: REDIS_PASSWORD - valueFrom: - secretKeyRef: - name: {{ template "redis.secretName" . }} - key: {{ template "redis.secretPasswordKey" . }} - {{- end }} - {{- end }} - {{- if .Values.tls.enabled }} - - name: REDIS_ADDR - value: rediss://{{ .Values.metrics.redisTargetHost }}:{{ .Values.replica.containerPorts.redis }} - {{- if .Values.tls.authClients }} - - name: REDIS_EXPORTER_TLS_CLIENT_KEY_FILE - value: {{ template "redis.tlsCertKey" . }} - - name: REDIS_EXPORTER_TLS_CLIENT_CERT_FILE - value: {{ template "redis.tlsCert" . }} - {{- end }} - - name: REDIS_EXPORTER_TLS_CA_CERT_FILE - value: {{ template "redis.tlsCACert" . }} - {{- end }} - {{- if .Values.metrics.extraEnvVars }} - {{- include "common.tplvalues.render" (dict "value" .Values.metrics.extraEnvVars "context" $) | nindent 12 }} - {{- end }} - ports: - - name: metrics - containerPort: {{ .Values.metrics.containerPorts.http }} - {{- if not .Values.diagnosticMode.enabled }} - {{- if .Values.metrics.customStartupProbe }} - startupProbe: {{- include "common.tplvalues.render" (dict "value" .Values.metrics.customStartupProbe "context" $) | nindent 12 }} - {{- else if .Values.metrics.startupProbe.enabled }} - startupProbe: {{- include "common.tplvalues.render" (dict "value" (omit .Values.metrics.startupProbe "enabled") "context" $) | nindent 12 }} - tcpSocket: - port: metrics - {{- end }} - {{- if .Values.metrics.customLivenessProbe }} - livenessProbe: {{- include "common.tplvalues.render" (dict "value" .Values.metrics.customLivenessProbe "context" $) | nindent 12 }} - {{- else if .Values.metrics.livenessProbe.enabled }} - livenessProbe: {{- include "common.tplvalues.render" (dict "value" (omit .Values.metrics.livenessProbe "enabled") "context" $) | nindent 12 }} - tcpSocket: - port: metrics - {{- end }} - {{- if .Values.metrics.customReadinessProbe }} - readinessProbe: {{- include "common.tplvalues.render" (dict "value" .Values.metrics.customReadinessProbe "context" $) | nindent 12 }} - {{- else if .Values.metrics.readinessProbe.enabled }} - readinessProbe: {{- include "common.tplvalues.render" (dict "value" (omit .Values.metrics.readinessProbe "enabled") "context" $) | nindent 12 }} - httpGet: - path: / - port: metrics - {{- end }} - {{- end }} - {{- if .Values.metrics.resources }} - resources: {{- toYaml .Values.metrics.resources | nindent 12 }} - {{- else if ne .Values.metrics.resourcesPreset "none" }} - resources: {{- include "common.resources.preset" (dict "type" .Values.metrics.resourcesPreset) | nindent 12 }} - {{- end }} - volumeMounts: - - name: empty-dir - mountPath: /tmp - subPath: tmp-dir - {{- if .Values.auth.usePasswordFiles }} - - name: redis-password - mountPath: /secrets/ - {{- end }} - {{- if .Values.tls.enabled }} - - name: redis-certificates - mountPath: /opt/bitnami/redis/certs - readOnly: true - {{- end }} - {{- if .Values.metrics.extraVolumeMounts }} - {{- include "common.tplvalues.render" ( dict "value" .Values.metrics.extraVolumeMounts "context" $ ) | nindent 12 }} - {{- end }} - {{- end }} - {{- if .Values.replica.sidecars }} - {{- include "common.tplvalues.render" (dict "value" .Values.replica.sidecars "context" $) | nindent 8 }} - {{- end }} - {{- $needsVolumePermissions := and .Values.volumePermissions.enabled .Values.replica.persistence.enabled .Values.replica.podSecurityContext.enabled .Values.replica.containerSecurityContext.enabled }} - {{- if or .Values.replica.initContainers $needsVolumePermissions .Values.sysctl.enabled }} - initContainers: - {{- if .Values.replica.initContainers }} - {{- include "common.tplvalues.render" (dict "value" .Values.replica.initContainers "context" $) | nindent 8 }} - {{- end }} - {{- if $needsVolumePermissions }} - - name: volume-permissions - image: {{ include "redis.volumePermissions.image" . }} - imagePullPolicy: {{ .Values.volumePermissions.image.pullPolicy | quote }} - command: - - /bin/bash - - -ec - - | - {{- if eq ( toString ( .Values.volumePermissions.containerSecurityContext.runAsUser )) "auto" }} - chown -R `id -u`:`id -G | cut -d " " -f2` {{ .Values.replica.persistence.path }} - {{- else }} - chown -R {{ .Values.replica.containerSecurityContext.runAsUser }}:{{ .Values.replica.podSecurityContext.fsGroup }} {{ .Values.replica.persistence.path }} - {{- end }} - {{- if eq ( toString ( .Values.volumePermissions.containerSecurityContext.runAsUser )) "auto" }} - securityContext: {{- omit .Values.volumePermissions.containerSecurityContext "runAsUser" | toYaml | nindent 12 }} - {{- else }} - securityContext: {{- .Values.volumePermissions.containerSecurityContext | toYaml | nindent 12 }} - {{- end }} - {{- if .Values.volumePermissions.extraEnvVars }} - env: - {{- include "common.tplvalues.render" (dict "value" .Values.volumePermissions.extraEnvVars "context" $) | nindent 12 }} - {{- end }} - {{- if .Values.volumePermissions.resources }} - resources: {{- toYaml .Values.volumePermissions.resources | nindent 12 }} - {{- else if ne .Values.volumePermissions.resourcesPreset "none" }} - resources: {{- include "common.resources.preset" (dict "type" .Values.volumePermissions.resourcesPreset) | nindent 12 }} - {{- end }} - volumeMounts: - - name: empty-dir - mountPath: /tmp - subPath: tmp-dir - - name: redis-data - mountPath: {{ .Values.replica.persistence.path }} - {{- if .Values.replica.persistence.subPath }} - subPath: {{ .Values.replica.persistence.subPath }} - {{- else if .Values.replica.persistence.subPathExpr }} - subPathExpr: {{ .Values.replica.persistence.subPathExpr }} - {{- end }} - {{- end }} - {{- if .Values.sysctl.enabled }} - - name: init-sysctl - image: {{ include "redis.sysctl.image" . }} - imagePullPolicy: {{ default "" .Values.sysctl.image.pullPolicy | quote }} - securityContext: - privileged: true - runAsUser: 0 - {{- if .Values.sysctl.command }} - command: {{- include "common.tplvalues.render" (dict "value" .Values.sysctl.command "context" $) | nindent 12 }} - {{- end }} - {{- if .Values.sysctl.resources }} - resources: {{- toYaml .Values.sysctl.resources | nindent 12 }} - {{- else if ne .Values.sysctl.resourcesPreset "none" }} - resources: {{- include "common.resources.preset" (dict "type" .Values.sysctl.resourcesPreset) | nindent 12 }} - {{- end }} - {{- if .Values.sysctl.mountHostSys }} - volumeMounts: - - name: empty-dir - mountPath: /tmp - subPath: tmp-dir - - name: host-sys - mountPath: /host-sys - {{- end }} - {{- end }} - {{- end }} - volumes: - - name: start-scripts - configMap: - name: {{ printf "%s-scripts" (include "common.names.fullname" .) }} - defaultMode: 0755 - - name: health - configMap: - name: {{ printf "%s-health" (include "common.names.fullname" .) }} - defaultMode: 0755 - {{- if .Values.auth.usePasswordFiles }} - - name: redis-password - {{ if .Values.auth.usePasswordFileFromSecret }} - secret: - secretName: {{ template "redis.secretName" . }} - items: - - key: {{ template "redis.secretPasswordKey" . }} - path: redis-password - {{- else }} - emptyDir: {} - {{- end }} - {{- end }} - - name: config - configMap: - name: {{ include "redis.configmapName" . }} - {{- if .Values.sysctl.mountHostSys }} - - name: host-sys - hostPath: - path: /sys - {{- end }} - - name: empty-dir - {{- if or .Values.replica.persistence.medium .Values.replica.persistence.sizeLimit }} - emptyDir: - {{- if .Values.replica.persistence.medium }} - medium: {{ .Values.replica.persistence.medium | quote }} - {{- end }} - {{- if .Values.replica.persistence.sizeLimit }} - sizeLimit: {{ .Values.replica.persistence.sizeLimit | quote }} - {{- end }} - {{- else }} - emptyDir: {} - {{- end }} - {{- if .Values.tls.enabled }} - - name: redis-certificates - secret: - secretName: {{ include "redis.tlsSecretName" . }} - defaultMode: 256 - {{- end }} - {{- if .Values.replica.extraVolumes }} - {{- include "common.tplvalues.render" ( dict "value" .Values.replica.extraVolumes "context" $ ) | nindent 8 }} - {{- end }} - {{- if .Values.metrics.extraVolumes }} - {{- include "common.tplvalues.render" ( dict "value" .Values.metrics.extraVolumes "context" $ ) | nindent 8 }} - {{- end }} - {{- if or (not .Values.replica.persistence.enabled) (not (eq .Values.replica.kind "StatefulSet")) }} - - name: redis-data - {{- if or .Values.replica.persistence.medium .Values.replica.persistence.sizeLimit }} - emptyDir: - {{- if .Values.replica.persistence.medium }} - medium: {{ .Values.replica.persistence.medium | quote }} - {{- end }} - {{- if .Values.replica.persistence.sizeLimit }} - sizeLimit: {{ .Values.replica.persistence.sizeLimit | quote }} - {{- end }} - {{- else }} - emptyDir: {} - {{- end }} - {{- else if .Values.replica.persistence.existingClaim }} - - name: redis-data - persistentVolumeClaim: - claimName: {{ printf "%s" (tpl .Values.replica.persistence.existingClaim .) }} - {{- else }} - {{- if .Values.replica.persistentVolumeClaimRetentionPolicy.enabled }} - persistentVolumeClaimRetentionPolicy: - whenDeleted: {{ .Values.replica.persistentVolumeClaimRetentionPolicy.whenDeleted }} - whenScaled: {{ .Values.replica.persistentVolumeClaimRetentionPolicy.whenScaled }} - {{- end }} - volumeClaimTemplates: - - apiVersion: v1 - kind: PersistentVolumeClaim - metadata: - name: redis-data - {{- $claimLabels := include "common.tplvalues.merge" ( dict "values" ( list .Values.master.persistence.labels .Values.commonLabels ) "context" . ) }} - labels: {{- include "common.labels.matchLabels" ( dict "customLabels" $claimLabels "context" $ ) | nindent 10 }} - app.kubernetes.io/component: replica - {{- if .Values.replica.persistence.annotations }} - annotations: {{- toYaml .Values.replica.persistence.annotations | nindent 10 }} - {{- end }} - spec: - accessModes: - {{- range .Values.replica.persistence.accessModes }} - - {{ . | quote }} - {{- end }} - resources: - requests: - storage: {{ .Values.replica.persistence.size | quote }} - {{- if .Values.replica.persistence.selector }} - selector: {{- include "common.tplvalues.render" (dict "value" .Values.replica.persistence.selector "context" $) | nindent 10 }} - {{- end }} - {{- if .Values.replica.persistence.dataSource }} - dataSource: {{- include "common.tplvalues.render" (dict "value" .Values.replica.persistence.dataSource "context" $) | nindent 10 }} - {{- end }} - {{- include "common.storage.class" (dict "persistence" .Values.replica.persistence "global" .Values.global) | nindent 8 }} - {{- end }} -{{- end }} diff --git a/packages/system/dashboard/charts/kubeapps/charts/redis/templates/replicas/hpa.yaml b/packages/system/dashboard/charts/kubeapps/charts/redis/templates/replicas/hpa.yaml deleted file mode 100644 index 85adf724..00000000 --- a/packages/system/dashboard/charts/kubeapps/charts/redis/templates/replicas/hpa.yaml +++ /dev/null @@ -1,49 +0,0 @@ -{{- /* -Copyright Broadcom, Inc. All Rights Reserved. -SPDX-License-Identifier: APACHE-2.0 -*/}} - -{{- if and .Values.replica.autoscaling.enabled (not .Values.sentinel.enabled) }} -apiVersion: {{ include "common.capabilities.hpa.apiVersion" ( dict "context" $ ) }} -kind: HorizontalPodAutoscaler -metadata: - name: {{ printf "%s-replicas" (include "common.names.fullname" .) }} - namespace: {{ include "common.names.namespace" . | quote }} - labels: {{- include "common.labels.standard" ( dict "customLabels" .Values.commonLabels "context" $ ) | nindent 4 }} - app.kubernetes.io/component: replica - {{- if .Values.commonAnnotations }} - annotations: {{- include "common.tplvalues.render" ( dict "value" .Values.commonAnnotations "context" $ ) | nindent 4 }} - {{- end }} -spec: - scaleTargetRef: - apiVersion: {{ include "common.capabilities.deployment.apiVersion" . }} - kind: StatefulSet - name: {{ printf "%s-replicas" (include "common.names.fullname" .) }} - minReplicas: {{ .Values.replica.autoscaling.minReplicas }} - maxReplicas: {{ .Values.replica.autoscaling.maxReplicas }} - metrics: - {{- if .Values.replica.autoscaling.targetCPU }} - - type: Resource - resource: - name: cpu - {{- if semverCompare "<1.23-0" (include "common.capabilities.kubeVersion" .) }} - targetAverageUtilization: {{ .Values.replica.autoscaling.targetCPU }} - {{- else }} - target: - type: Utilization - averageUtilization: {{ .Values.replica.autoscaling.targetCPU }} - {{- end }} - {{- end }} - {{- if .Values.replica.autoscaling.targetMemory }} - - type: Resource - resource: - name: memory - {{- if semverCompare "<1.23-0" (include "common.capabilities.kubeVersion" .) }} - targetAverageUtilization: {{ .Values.replica.autoscaling.targetMemory }} - {{- else }} - target: - type: Utilization - averageUtilization: {{ .Values.replica.autoscaling.targetMemory }} - {{- end }} - {{- end }} -{{- end }} diff --git a/packages/system/dashboard/charts/kubeapps/charts/redis/templates/replicas/pdb.yaml b/packages/system/dashboard/charts/kubeapps/charts/redis/templates/replicas/pdb.yaml deleted file mode 100644 index d7b777b5..00000000 --- a/packages/system/dashboard/charts/kubeapps/charts/redis/templates/replicas/pdb.yaml +++ /dev/null @@ -1,28 +0,0 @@ -{{- /* -Copyright Broadcom, Inc. All Rights Reserved. -SPDX-License-Identifier: APACHE-2.0 -*/}} - -{{- $pdb := coalesce .Values.pdb .Values.replica.pdb }} -{{- if and (eq .Values.architecture "replication") (not .Values.sentinel.enabled) $pdb.create }} -apiVersion: {{ include "common.capabilities.policy.apiVersion" . }} -kind: PodDisruptionBudget -metadata: - name: {{ printf "%s-replicas" (include "common.names.fullname" .) }} - namespace: {{ include "common.names.namespace" . | quote }} - labels: {{- include "common.labels.standard" ( dict "customLabels" .Values.commonLabels "context" $ ) | nindent 4 }} - app.kubernetes.io/component: replica - {{- if .Values.commonAnnotations }} - annotations: {{- include "common.tplvalues.render" ( dict "value" .Values.commonAnnotations "context" $ ) | nindent 4 }} - {{- end }} -spec: - {{- if $pdb.minAvailable }} - minAvailable: {{ $pdb.minAvailable }} - {{- end }} - {{- if or $pdb.maxUnavailable (not $pdb.minAvailable) }} - maxUnavailable: {{ $pdb.maxUnavailable | default 1 }} - {{- end }} - selector: - matchLabels: {{- include "common.labels.matchLabels" ( dict "customLabels" .Values.commonLabels "context" $ ) | nindent 6 }} - app.kubernetes.io/component: replica -{{- end }} diff --git a/packages/system/dashboard/charts/kubeapps/charts/redis/templates/replicas/service.yaml b/packages/system/dashboard/charts/kubeapps/charts/redis/templates/replicas/service.yaml deleted file mode 100644 index ebb2a4fa..00000000 --- a/packages/system/dashboard/charts/kubeapps/charts/redis/templates/replicas/service.yaml +++ /dev/null @@ -1,59 +0,0 @@ -{{- /* -Copyright Broadcom, Inc. All Rights Reserved. -SPDX-License-Identifier: APACHE-2.0 -*/}} - -{{- if and (eq .Values.architecture "replication") (not .Values.sentinel.enabled) }} -apiVersion: v1 -kind: Service -metadata: - name: {{ printf "%s-replicas" (include "common.names.fullname" .) }} - namespace: {{ include "common.names.namespace" . | quote }} - labels: {{- include "common.labels.standard" ( dict "customLabels" .Values.commonLabels "context" $ ) | nindent 4 }} - app.kubernetes.io/component: replica - {{- if or .Values.replica.service.annotations .Values.commonAnnotations }} - {{- $annotations := include "common.tplvalues.merge" ( dict "values" ( list .Values.replica.service.annotations .Values.commonAnnotations ) "context" . ) }} - annotations: {{- include "common.tplvalues.render" ( dict "value" $annotations "context" $) | nindent 4 }} - {{- end }} -spec: - type: {{ .Values.replica.service.type }} - {{- if or (eq .Values.replica.service.type "LoadBalancer") (eq .Values.replica.service.type "NodePort") }} - externalTrafficPolicy: {{ .Values.replica.service.externalTrafficPolicy | quote }} - {{- end }} - {{- if (semverCompare ">=1.22-0" (include "common.capabilities.kubeVersion" .)) }} - internalTrafficPolicy: {{ .Values.replica.service.internalTrafficPolicy }} - {{- end }} - {{- if and (eq .Values.replica.service.type "LoadBalancer") (not (empty .Values.replica.service.loadBalancerIP)) }} - loadBalancerIP: {{ .Values.replica.service.loadBalancerIP }} - {{- end }} - {{- if and (eq .Values.replica.service.type "LoadBalancer") .Values.replica.service.loadBalancerClass }} - loadBalancerClass: {{ .Values.replica.service.loadBalancerClass }} - {{- end }} - {{- if and (eq .Values.replica.service.type "LoadBalancer") (not (empty .Values.replica.service.loadBalancerSourceRanges)) }} - loadBalancerSourceRanges: {{ toYaml .Values.replica.service.loadBalancerSourceRanges | nindent 4 }} - {{- end }} - {{- if and .Values.replica.service.clusterIP (eq .Values.replica.service.type "ClusterIP") }} - clusterIP: {{ .Values.replica.service.clusterIP }} - {{- end }} - {{- if .Values.replica.service.sessionAffinity }} - sessionAffinity: {{ .Values.replica.service.sessionAffinity }} - {{- end }} - {{- if .Values.replica.service.sessionAffinityConfig }} - sessionAffinityConfig: {{- include "common.tplvalues.render" (dict "value" .Values.replica.service.sessionAffinityConfig "context" $) | nindent 4 }} - {{- end }} - ports: - - name: tcp-redis - port: {{ .Values.replica.service.ports.redis }} - targetPort: redis - {{- if and (or (eq .Values.replica.service.type "NodePort") (eq .Values.replica.service.type "LoadBalancer")) .Values.replica.service.nodePorts.redis}} - nodePort: {{ .Values.replica.service.nodePorts.redis}} - {{- else if eq .Values.replica.service.type "ClusterIP" }} - nodePort: null - {{- end }} - {{- if .Values.replica.service.extraPorts }} - {{- include "common.tplvalues.render" (dict "value" .Values.replica.service.extraPorts "context" $) | nindent 4 }} - {{- end }} - {{- $podLabels := include "common.tplvalues.merge" ( dict "values" ( list .Values.replica.podLabels .Values.commonLabels ) "context" . ) }} - selector: {{- include "common.labels.matchLabels" ( dict "customLabels" $podLabels "context" $ ) | nindent 4 }} - app.kubernetes.io/component: replica -{{- end }} diff --git a/packages/system/dashboard/charts/kubeapps/charts/redis/templates/replicas/serviceaccount.yaml b/packages/system/dashboard/charts/kubeapps/charts/redis/templates/replicas/serviceaccount.yaml deleted file mode 100644 index 6cf3411b..00000000 --- a/packages/system/dashboard/charts/kubeapps/charts/redis/templates/replicas/serviceaccount.yaml +++ /dev/null @@ -1,18 +0,0 @@ -{{- /* -Copyright Broadcom, Inc. All Rights Reserved. -SPDX-License-Identifier: APACHE-2.0 -*/}} - -{{- if and .Values.replica.serviceAccount.create (eq .Values.architecture "replication") (not .Values.sentinel.enabled) }} -apiVersion: v1 -kind: ServiceAccount -automountServiceAccountToken: {{ .Values.replica.serviceAccount.automountServiceAccountToken }} -metadata: - name: {{ template "redis.replicaServiceAccountName" . }} - namespace: {{ include "common.names.namespace" . | quote }} - labels: {{- include "common.labels.standard" ( dict "customLabels" .Values.commonLabels "context" $ ) | nindent 4 }} - {{- if or .Values.replica.serviceAccount.annotations .Values.commonAnnotations }} - {{- $annotations := include "common.tplvalues.merge" ( dict "values" ( list .Values.replica.serviceAccount.annotations .Values.commonAnnotations ) "context" . ) }} - annotations: {{- include "common.tplvalues.render" ( dict "value" $annotations "context" $) | nindent 4 }} - {{- end }} -{{- end }} diff --git a/packages/system/dashboard/charts/kubeapps/charts/redis/templates/role.yaml b/packages/system/dashboard/charts/kubeapps/charts/redis/templates/role.yaml deleted file mode 100644 index 54a2b1bd..00000000 --- a/packages/system/dashboard/charts/kubeapps/charts/redis/templates/role.yaml +++ /dev/null @@ -1,34 +0,0 @@ -{{- /* -Copyright Broadcom, Inc. All Rights Reserved. -SPDX-License-Identifier: APACHE-2.0 -*/}} - -{{- if .Values.rbac.create }} -apiVersion: {{ include "common.capabilities.rbac.apiVersion" . }} -kind: Role -metadata: - name: {{ template "common.names.fullname" . }} - namespace: {{ include "common.names.namespace" . | quote }} - labels: {{- include "common.labels.standard" ( dict "customLabels" .Values.commonLabels "context" $ ) | nindent 4 }} - {{- if .Values.commonAnnotations }} - annotations: {{- include "common.tplvalues.render" ( dict "value" .Values.commonAnnotations "context" $ ) | nindent 4 }} - {{- end }} -rules: - {{- if and (include "common.capabilities.psp.supported" .) .Values.podSecurityPolicy.enabled }} - - apiGroups: - - '{{ template "podSecurityPolicy.apiGroup" . }}' - resources: - - 'podsecuritypolicies' - verbs: - - 'use' - resourceNames: [{{ printf "%s-master" (include "common.names.fullname" .) }}] - {{- end }} - {{- if and .Values.sentinel.enabled (or .Values.sentinel.masterService.enabled .Values.sentinel.service.createMaster) }} - - apiGroups: [""] - resources: ["pods"] - verbs: ["list", "patch"] - {{- end -}} - {{- if .Values.rbac.rules }} - {{- include "common.tplvalues.render" ( dict "value" .Values.rbac.rules "context" $ ) | nindent 2 }} - {{- end }} -{{- end }} diff --git a/packages/system/dashboard/charts/kubeapps/charts/redis/templates/rolebinding.yaml b/packages/system/dashboard/charts/kubeapps/charts/redis/templates/rolebinding.yaml deleted file mode 100644 index a164289a..00000000 --- a/packages/system/dashboard/charts/kubeapps/charts/redis/templates/rolebinding.yaml +++ /dev/null @@ -1,23 +0,0 @@ -{{- /* -Copyright Broadcom, Inc. All Rights Reserved. -SPDX-License-Identifier: APACHE-2.0 -*/}} - -{{- if .Values.rbac.create }} -apiVersion: {{ include "common.capabilities.rbac.apiVersion" . }} -kind: RoleBinding -metadata: - name: {{ template "common.names.fullname" . }} - namespace: {{ include "common.names.namespace" . | quote }} - labels: {{- include "common.labels.standard" ( dict "customLabels" .Values.commonLabels "context" $ ) | nindent 4 }} - {{- if .Values.commonAnnotations }} - annotations: {{- include "common.tplvalues.render" ( dict "value" .Values.commonAnnotations "context" $ ) | nindent 4 }} - {{- end }} -roleRef: - apiGroup: rbac.authorization.k8s.io - kind: Role - name: {{ template "common.names.fullname" . }} -subjects: - - kind: ServiceAccount - name: {{ template "redis.serviceAccountName" . }} -{{- end }} diff --git a/packages/system/dashboard/charts/kubeapps/charts/redis/templates/scripts-configmap.yaml b/packages/system/dashboard/charts/kubeapps/charts/redis/templates/scripts-configmap.yaml deleted file mode 100644 index acb04424..00000000 --- a/packages/system/dashboard/charts/kubeapps/charts/redis/templates/scripts-configmap.yaml +++ /dev/null @@ -1,799 +0,0 @@ -{{- /* -Copyright Broadcom, Inc. All Rights Reserved. -SPDX-License-Identifier: APACHE-2.0 -*/}} - -apiVersion: v1 -kind: ConfigMap -metadata: - name: {{ printf "%s-scripts" (include "common.names.fullname" .) }} - namespace: {{ include "common.names.namespace" . | quote }} - labels: {{- include "common.labels.standard" ( dict "customLabels" .Values.commonLabels "context" $ ) | nindent 4 }} - {{- if .Values.commonAnnotations }} - annotations: {{- include "common.tplvalues.render" ( dict "value" .Values.commonAnnotations "context" $ ) | nindent 4 }} - {{- end }} -data: -{{- if and (eq .Values.architecture "replication") .Values.sentinel.enabled }} - start-node.sh: | - #!/bin/bash - - . /opt/bitnami/scripts/libos.sh - . /opt/bitnami/scripts/liblog.sh - . /opt/bitnami/scripts/libvalidations.sh - - get_port() { - hostname="$1" - type="$2" - - port_var=$(echo "${hostname^^}_SERVICE_PORT_$type" | sed "s/-/_/g") - port=${!port_var} - - if [ -z "$port" ]; then - case $type in - "SENTINEL") - echo {{ .Values.sentinel.containerPorts.sentinel }} - ;; - "REDIS") - echo {{ .Values.master.containerPorts.redis }} - ;; - esac - else - echo $port - fi - } - - get_full_hostname() { - hostname="$1" - - {{- if .Values.useExternalDNS.enabled }} - full_hostname="${hostname}.{{- include "redis.externalDNS.suffix" . }}" - {{- else if eq .Values.sentinel.service.type "NodePort" }} - full_hostname="${hostname}.{{- include "common.names.namespace" . }}" - {{- else }} - full_hostname="${hostname}.${HEADLESS_SERVICE}" - {{- end }} - - {{- if .Values.useHostnames }} - echo "${full_hostname}" - {{- else }} - retry_count=0 - until getent hosts "${full_hostname}" | awk '{ print $1; exit }' | grep .; do - if [[ $retry_count -lt {{ .Values.nameResolutionThreshold }} ]]; then - sleep {{ .Values.nameResolutionTimeout }} - else - error "IP address for ${full_hostname} not found" - exit 1 - fi - ((retry_count++)) - done - {{- end }} - } - - REDISPORT=$(get_port "$HOSTNAME" "REDIS") - - HEADLESS_SERVICE="{{ template "common.names.fullname" . }}-headless.{{ include "common.names.namespace" . }}.svc.{{ .Values.clusterDomain }}" - - if [ -n "$REDIS_EXTERNAL_MASTER_HOST" ]; then - REDIS_SERVICE="$REDIS_EXTERNAL_MASTER_HOST" - else - REDIS_SERVICE="{{ template "common.names.fullname" . }}.{{ include "common.names.namespace" . }}.svc.{{ .Values.clusterDomain }}" - fi - - SENTINEL_SERVICE_PORT=$(get_port "{{ include "common.names.fullname" . }}" "SENTINEL") - validate_quorum() { - if is_boolean_yes "$REDIS_TLS_ENABLED"; then - quorum_info_command="{{- if and .Values.auth.enabled .Values.auth.sentinel }}REDISCLI_AUTH="\$REDIS_PASSWORD" {{ end }}redis-cli -h $REDIS_SERVICE -p $SENTINEL_SERVICE_PORT --tls --cert ${REDIS_TLS_CERT_FILE} --key ${REDIS_TLS_KEY_FILE} --cacert ${REDIS_TLS_CA_FILE} sentinel master {{ .Values.sentinel.masterSet }}" - else - quorum_info_command="{{- if and .Values.auth.enabled .Values.auth.sentinel }}REDISCLI_AUTH="\$REDIS_PASSWORD" {{ end }}redis-cli -h $REDIS_SERVICE -p $SENTINEL_SERVICE_PORT sentinel master {{ .Values.sentinel.masterSet }}" - fi - info "about to run the command: $quorum_info_command" - eval $quorum_info_command | grep -Fq "s_down" - } - - trigger_manual_failover() { - if is_boolean_yes "$REDIS_TLS_ENABLED"; then - failover_command="{{- if and .Values.auth.enabled .Values.auth.sentinel }}REDISCLI_AUTH="\$REDIS_PASSWORD" {{ end }}redis-cli -h $REDIS_SERVICE -p $SENTINEL_SERVICE_PORT --tls --cert ${REDIS_TLS_CERT_FILE} --key ${REDIS_TLS_KEY_FILE} --cacert ${REDIS_TLS_CA_FILE} sentinel failover {{ .Values.sentinel.masterSet }}" - else - failover_command="{{- if and .Values.auth.enabled .Values.auth.sentinel }}REDISCLI_AUTH="\$REDIS_PASSWORD" {{ end }}redis-cli -h $REDIS_SERVICE -p $SENTINEL_SERVICE_PORT sentinel failover {{ .Values.sentinel.masterSet }}" - fi - - info "about to run the command: $failover_command" - eval $failover_command - } - - get_sentinel_master_info() { - if is_boolean_yes "$REDIS_TLS_ENABLED"; then - sentinel_info_command="{{- if and .Values.auth.enabled .Values.auth.sentinel }}REDISCLI_AUTH="\$REDIS_PASSWORD" {{ end }}timeout {{ .Values.sentinel.getMasterTimeout }} redis-cli -h $REDIS_SERVICE -p $SENTINEL_SERVICE_PORT --tls --cert ${REDIS_TLS_CERT_FILE} --key ${REDIS_TLS_KEY_FILE} --cacert ${REDIS_TLS_CA_FILE} sentinel get-master-addr-by-name {{ .Values.sentinel.masterSet }}" - else - sentinel_info_command="{{- if and .Values.auth.enabled .Values.auth.sentinel }}REDISCLI_AUTH="\$REDIS_PASSWORD" {{ end }}timeout {{ .Values.sentinel.getMasterTimeout }} redis-cli -h $REDIS_SERVICE -p $SENTINEL_SERVICE_PORT sentinel get-master-addr-by-name {{ .Values.sentinel.masterSet }}" - fi - - info "about to run the command: $sentinel_info_command" - retry_while "eval $sentinel_info_command" 2 5 - } - - {{- if and .Values.replica.containerSecurityContext.runAsUser (eq (.Values.replica.containerSecurityContext.runAsUser | int) 0) }} - useradd redis - chown -R redis {{ .Values.replica.persistence.path }} - {{- end }} - - [[ -f $REDIS_PASSWORD_FILE ]] && export REDIS_PASSWORD="$(< "${REDIS_PASSWORD_FILE}")" - [[ -f $REDIS_MASTER_PASSWORD_FILE ]] && export REDIS_MASTER_PASSWORD="$(< "${REDIS_MASTER_PASSWORD_FILE}")" - - # check if there is a master - master_in_persisted_conf="$(get_full_hostname "$HOSTNAME")" - master_port_in_persisted_conf="$REDIS_MASTER_PORT_NUMBER" - master_in_sentinel="$(get_sentinel_master_info)" - redisRetVal=$? - - if [[ -f /opt/bitnami/redis-sentinel/etc/sentinel.conf ]]; then - master_in_persisted_conf="$(awk '/monitor/ {print $4}' /opt/bitnami/redis-sentinel/etc/sentinel.conf)" - master_port_in_persisted_conf="$(awk '/monitor/ {print $5}' /opt/bitnami/redis-sentinel/etc/sentinel.conf)" - info "Found previous master ${master_in_persisted_conf}:${master_port_in_persisted_conf} in /opt/bitnami/redis-sentinel/etc/sentinel.conf" - debug "$(cat /opt/bitnami/redis-sentinel/etc/sentinel.conf | grep monitor)" - fi - - if [[ $redisRetVal -ne 0 ]]; then - if [[ "$master_in_persisted_conf" == "$(get_full_hostname "$HOSTNAME")" ]]; then - # Case 1: No active sentinel and in previous sentinel.conf we were the master --> MASTER - info "Configuring the node as master" - export REDIS_REPLICATION_MODE="master" - else - # Case 2: No active sentinel and in previous sentinel.conf we were not master --> REPLICA - info "Configuring the node as replica" - export REDIS_REPLICATION_MODE="replica" - REDIS_MASTER_HOST=${master_in_persisted_conf} - REDIS_MASTER_PORT_NUMBER=${master_port_in_persisted_conf} - fi - else - # Fetches current master's host and port - REDIS_SENTINEL_INFO=($(get_sentinel_master_info)) - info "Current master: REDIS_SENTINEL_INFO=(${REDIS_SENTINEL_INFO[0]},${REDIS_SENTINEL_INFO[1]})" - REDIS_MASTER_HOST=${REDIS_SENTINEL_INFO[0]} - REDIS_MASTER_PORT_NUMBER=${REDIS_SENTINEL_INFO[1]} - - if [[ "$REDIS_MASTER_HOST" == "$(get_full_hostname "$HOSTNAME")" ]]; then - # Case 3: Active sentinel and master it is this node --> MASTER - info "Configuring the node as master" - export REDIS_REPLICATION_MODE="master" - else - # Case 4: Active sentinel and master is not this node --> REPLICA - info "Configuring the node as replica" - export REDIS_REPLICATION_MODE="replica" - - {{- if and .Values.sentinel.automateClusterRecovery (le (int .Values.sentinel.downAfterMilliseconds) 2000) }} - retry_count=1 - while validate_quorum - do - info "sleeping, waiting for Redis master to come up" - sleep 1s - if ! ((retry_count % 11)); then - info "Trying to manually failover" - failover_result=$(trigger_manual_failover) - - debug "Failover result: $failover_result" - fi - - ((retry_count+=1)) - done - info "Redis master is up now" - {{- end }} - fi - fi - - if [[ -n "$REDIS_EXTERNAL_MASTER_HOST" ]]; then - REDIS_MASTER_HOST="$REDIS_EXTERNAL_MASTER_HOST" - REDIS_MASTER_PORT_NUMBER="${REDIS_EXTERNAL_MASTER_PORT}" - fi - - if [[ -f /opt/bitnami/redis/mounted-etc/replica.conf ]];then - cp /opt/bitnami/redis/mounted-etc/replica.conf /opt/bitnami/redis/etc/replica.conf - fi - - if [[ -f /opt/bitnami/redis/mounted-etc/redis.conf ]];then - cp /opt/bitnami/redis/mounted-etc/redis.conf /opt/bitnami/redis/etc/redis.conf - fi - - echo "" >> /opt/bitnami/redis/etc/replica.conf - echo "replica-announce-port $REDISPORT" >> /opt/bitnami/redis/etc/replica.conf - echo "replica-announce-ip $(get_full_hostname "$HOSTNAME")" >> /opt/bitnami/redis/etc/replica.conf - - {{- if .Values.tls.enabled }} - ARGS=("--port" "0") - ARGS+=("--tls-port" "${REDIS_TLS_PORT}") - ARGS+=("--tls-cert-file" "${REDIS_TLS_CERT_FILE}") - ARGS+=("--tls-key-file" "${REDIS_TLS_KEY_FILE}") - ARGS+=("--tls-ca-cert-file" "${REDIS_TLS_CA_FILE}") - ARGS+=("--tls-auth-clients" "${REDIS_TLS_AUTH_CLIENTS}") - ARGS+=("--tls-replication" "yes") - {{- if .Values.tls.dhParamsFilename }} - ARGS+=("--tls-dh-params-file" "${REDIS_TLS_DH_PARAMS_FILE}") - {{- end }} - {{- else }} - ARGS=("--port" "${REDIS_PORT}") - {{- end }} - - if [[ "$REDIS_REPLICATION_MODE" = "slave" ]] || [[ "$REDIS_REPLICATION_MODE" = "replica" ]]; then - ARGS+=("--replicaof" "${REDIS_MASTER_HOST}" "${REDIS_MASTER_PORT_NUMBER}") - fi - - {{- if .Values.auth.enabled }} - ARGS+=("--requirepass" "${REDIS_PASSWORD}") - ARGS+=("--masterauth" "${REDIS_MASTER_PASSWORD}") - {{- else }} - ARGS+=("--protected-mode" "no") - {{- end }} - ARGS+=("--include" "/opt/bitnami/redis/etc/replica.conf") - ARGS+=("--include" "/opt/bitnami/redis/etc/redis.conf") - {{- if .Values.replica.extraFlags }} - {{- range .Values.replica.extraFlags }} - ARGS+=({{ . | quote }}) - {{- end }} - {{- end }} - - {{- if .Values.replica.preExecCmds }} - {{- range $command := .Values.replica.preExecCmds }} - {{- $command | nindent 4 }} - {{- end }} - {{- end }} - - {{- if .Values.replica.command }} - exec {{ .Values.replica.command }} "${ARGS[@]}" - {{- else }} - exec redis-server "${ARGS[@]}" - {{- end }} - - start-sentinel.sh: | - #!/bin/bash - - . /opt/bitnami/scripts/libos.sh - . /opt/bitnami/scripts/libvalidations.sh - . /opt/bitnami/scripts/libfile.sh - - HEADLESS_SERVICE="{{ template "common.names.fullname" . }}-headless.{{ include "common.names.namespace" . }}.svc.{{ .Values.clusterDomain }}" - REDIS_SERVICE="{{ template "common.names.fullname" . }}.{{ include "common.names.namespace" . }}.svc.{{ .Values.clusterDomain }}" - - get_port() { - hostname="$1" - type="$2" - - port_var=$(echo "${hostname^^}_SERVICE_PORT_$type" | sed "s/-/_/g") - port=${!port_var} - - if [ -z "$port" ]; then - case $type in - "SENTINEL") - echo {{ .Values.sentinel.containerPorts.sentinel }} - ;; - "REDIS") - echo {{ .Values.master.containerPorts.redis }} - ;; - esac - else - echo $port - fi - } - - get_full_hostname() { - hostname="$1" - - {{- if .Values.useExternalDNS.enabled }} - full_hostname="${hostname}.{{- include "redis.externalDNS.suffix" . }}" - {{- else if eq .Values.sentinel.service.type "NodePort" }} - full_hostname="${hostname}.{{- include "common.names.namespace" . }}" - {{- else }} - full_hostname="${hostname}.${HEADLESS_SERVICE}" - {{- end }} - - {{- if .Values.useHostnames }} - echo "${full_hostname}" - {{- else }} - retry_count=0 - until getent hosts "${full_hostname}" | awk '{ print $1; exit }' | grep .; do - if [[ $retry_count -lt {{ .Values.nameResolutionThreshold }} ]]; then - sleep {{ .Values.nameResolutionTimeout }} - else - error "IP address for ${full_hostname} not found" - exit 1 - fi - ((retry_count++)) - done - {{- end }} - } - - SERVPORT=$(get_port "$HOSTNAME" "SENTINEL") - REDISPORT=$(get_port "$HOSTNAME" "REDIS") - SENTINEL_SERVICE_PORT=$(get_port "{{ include "common.names.fullname" . }}" "SENTINEL") - - sentinel_conf_set() { - local -r key="${1:?missing key}" - local value="${2:-}" - - # Sanitize inputs - value="${value//\\/\\\\}" - value="${value//&/\\&}" - value="${value//\?/\\?}" - [[ "$value" = "" ]] && value="\"$value\"" - - replace_in_file "/opt/bitnami/redis-sentinel/etc/prepare-sentinel.conf" "^#*\s*${key} .*" "${key} ${value}" false - } - sentinel_conf_add() { - echo $'\n'"$@" >> "/opt/bitnami/redis-sentinel/etc/prepare-sentinel.conf" - } - host_id() { - echo "$1" | openssl sha1 | awk '{print $2}' - } - get_sentinel_master_info() { - if is_boolean_yes "$REDIS_SENTINEL_TLS_ENABLED"; then - sentinel_info_command="{{- if and .Values.auth.enabled .Values.auth.sentinel }}REDISCLI_AUTH="\$REDIS_PASSWORD" {{ end }}timeout {{ .Values.sentinel.getMasterTimeout }} redis-cli -h $REDIS_SERVICE -p $SENTINEL_SERVICE_PORT --tls --cert ${REDIS_SENTINEL_TLS_CERT_FILE} --key ${REDIS_SENTINEL_TLS_KEY_FILE} --cacert ${REDIS_SENTINEL_TLS_CA_FILE} sentinel get-master-addr-by-name {{ .Values.sentinel.masterSet }}" - else - sentinel_info_command="{{- if and .Values.auth.enabled .Values.auth.sentinel }}REDISCLI_AUTH="\$REDIS_PASSWORD" {{ end }}timeout {{ .Values.sentinel.getMasterTimeout }} redis-cli -h $REDIS_SERVICE -p $SENTINEL_SERVICE_PORT sentinel get-master-addr-by-name {{ .Values.sentinel.masterSet }}" - fi - info "about to run the command: $sentinel_info_command" - retry_while "eval $sentinel_info_command" 2 5 - } - - [[ -f $REDIS_PASSWORD_FILE ]] && export REDIS_PASSWORD="$(< "${REDIS_PASSWORD_FILE}")" - - master_in_persisted_conf="$(get_full_hostname "$HOSTNAME")" - - if [[ -f /opt/bitnami/redis-sentinel/etc/sentinel.conf ]]; then - master_in_persisted_conf="$(awk '/monitor/ {print $4}' /opt/bitnami/redis-sentinel/etc/sentinel.conf)" - info "Found previous master $master_in_persisted_conf in /opt/bitnami/redis-sentinel/etc/sentinel.conf" - debug "$(cat /opt/bitnami/redis-sentinel/etc/sentinel.conf | grep monitor)" - fi - REDIS_SENTINEL_INFO=($(get_sentinel_master_info)) - if [ "$?" -eq "0" ]; then - # current master's host and port obtained from other Sentinel - info "printing REDIS_SENTINEL_INFO=(${REDIS_SENTINEL_INFO[0]},${REDIS_SENTINEL_INFO[1]})" - REDIS_MASTER_HOST=${REDIS_SENTINEL_INFO[0]} - REDIS_MASTER_PORT_NUMBER=${REDIS_SENTINEL_INFO[1]} - else - REDIS_MASTER_HOST="$master_in_persisted_conf" - REDIS_MASTER_PORT_NUMBER="$REDISPORT" - fi - if [[ "$REDIS_MASTER_HOST" == "$(get_full_hostname "$HOSTNAME")" ]]; then - export REDIS_REPLICATION_MODE="master" - else - export REDIS_REPLICATION_MODE="replica" - fi - - {{- if or .Values.sentinel.masterService.enabled .Values.sentinel.service.createMaster }} - if [[ "${REDIS_REPLICATION_MODE}" == "master" ]]; then - # Add isMaster label to master node for master service - echo "${REDIS_MASTER_HOST/.*}" > /etc/shared/current - fi - {{- end }} - - if [[ -n "$REDIS_EXTERNAL_MASTER_HOST" ]]; then - REDIS_MASTER_HOST="$REDIS_EXTERNAL_MASTER_HOST" - REDIS_MASTER_PORT_NUMBER="${REDIS_EXTERNAL_MASTER_PORT}" - fi - - # To prevent incomplete configuration and as the redis container accesses /opt/bitnami/redis-sentinel/etc/sentinel.conf - # as well, prepare the new config in `prepare-sentinel.conf` and move it atomically to the ultimate destination when it is complete. - cp /opt/bitnami/redis-sentinel/mounted-etc/sentinel.conf /opt/bitnami/redis-sentinel/etc/prepare-sentinel.conf - {{- if .Values.auth.enabled }} - printf "\nsentinel auth-pass %s %s" "{{ .Values.sentinel.masterSet }}" "$REDIS_PASSWORD" >> /opt/bitnami/redis-sentinel/etc/prepare-sentinel.conf - {{- if and .Values.auth.enabled .Values.auth.sentinel }} - printf "\nrequirepass %s" "$REDIS_PASSWORD" >> /opt/bitnami/redis-sentinel/etc/prepare-sentinel.conf - {{- end }} - {{- end }} - printf "\nsentinel myid %s" "$(host_id "$HOSTNAME")" >> /opt/bitnami/redis-sentinel/etc/prepare-sentinel.conf - - if [[ -z "$REDIS_MASTER_HOST" ]] || [[ -z "$REDIS_MASTER_PORT_NUMBER" ]] - then - # Prevent incorrect configuration to be written to sentinel.conf - error "Redis master host is configured incorrectly (host: $REDIS_MASTER_HOST, port: $REDIS_MASTER_PORT_NUMBER)" - exit 1 - fi - - sentinel_conf_set "sentinel monitor" "{{ .Values.sentinel.masterSet }} "$REDIS_MASTER_HOST" "$REDIS_MASTER_PORT_NUMBER" {{ .Values.sentinel.quorum }}" - - add_known_sentinel() { - hostname="$1" - ip="$2" - - if [[ -n "$hostname" && -n "$ip" && "$hostname" != "$HOSTNAME" ]]; then - sentinel_conf_add "sentinel known-sentinel {{ .Values.sentinel.masterSet }} $(get_full_hostname "$hostname") $(get_port "$hostname" "SENTINEL") $(host_id "$hostname")" - fi - } - add_known_replica() { - hostname="$1" - ip="$2" - - if [[ -n "$ip" && "$(get_full_hostname "$hostname")" != "$REDIS_MASTER_HOST" ]]; then - sentinel_conf_add "sentinel known-replica {{ .Values.sentinel.masterSet }} $(get_full_hostname "$hostname") $(get_port "$hostname" "REDIS")" - fi - } - - # Add available hosts on the network as known replicas & sentinels - for node in $(seq 0 $(({{ .Values.replica.replicaCount }}-1))); do - hostname="{{ template "common.names.fullname" . }}-node-$node" - ip="$(getent hosts "$hostname.$HEADLESS_SERVICE" | awk '{ print $1 }')" - add_known_sentinel "$hostname" "$ip" - add_known_replica "$hostname" "$ip" - done - - echo "" >> /opt/bitnami/redis-sentinel/etc/prepare-sentinel.conf - {{- if not (contains "sentinel announce-hostnames" .Values.sentinel.configuration) }} - echo "sentinel announce-hostnames yes" >> /opt/bitnami/redis-sentinel/etc/prepare-sentinel.conf - {{- end }} - {{- if not (contains "sentinel resolve-hostnames" .Values.sentinel.configuration) }} - echo "sentinel resolve-hostnames yes" >> /opt/bitnami/redis-sentinel/etc/prepare-sentinel.conf - {{- end }} - {{- if not (contains "sentinel announce-port" .Values.sentinel.configuration) }} - echo "sentinel announce-port $SERVPORT" >> /opt/bitnami/redis-sentinel/etc/prepare-sentinel.conf - {{- end }} - {{- if not (contains "sentinel announce-ip" .Values.sentinel.configuration) }} - echo "sentinel announce-ip $(get_full_hostname "$HOSTNAME")" >> /opt/bitnami/redis-sentinel/etc/prepare-sentinel.conf - {{- end }} - - {{- if .Values.tls.enabled }} - ARGS=("--port" "0") - ARGS+=("--tls-port" "${REDIS_SENTINEL_TLS_PORT_NUMBER}") - ARGS+=("--tls-cert-file" "${REDIS_SENTINEL_TLS_CERT_FILE}") - ARGS+=("--tls-key-file" "${REDIS_SENTINEL_TLS_KEY_FILE}") - ARGS+=("--tls-ca-cert-file" "${REDIS_SENTINEL_TLS_CA_FILE}") - ARGS+=("--tls-replication" "yes") - ARGS+=("--tls-auth-clients" "${REDIS_SENTINEL_TLS_AUTH_CLIENTS}") - {{- if .Values.tls.dhParamsFilename }} - ARGS+=("--tls-dh-params-file" "${REDIS_SENTINEL_TLS_DH_PARAMS_FILE}") - {{- end }} - {{- end }} - {{- if .Values.sentinel.preExecCmds }} - {{- range $command := .Values.sentinel.preExecCmds }} - {{- $command | nindent 4 }} - {{- end }} - {{- end }} - mv /opt/bitnami/redis-sentinel/etc/prepare-sentinel.conf /opt/bitnami/redis-sentinel/etc/sentinel.conf - exec redis-server /opt/bitnami/redis-sentinel/etc/sentinel.conf {{- if .Values.tls.enabled }} "${ARGS[@]}" {{- end }} --sentinel - prestop-sentinel.sh: | - #!/bin/bash - - . /opt/bitnami/scripts/libvalidations.sh - . /opt/bitnami/scripts/libos.sh - - HEADLESS_SERVICE="{{ template "common.names.fullname" . }}-headless.{{ include "common.names.namespace" . }}.svc.{{ .Values.clusterDomain }}" - - get_full_hostname() { - hostname="$1" - - {{- if .Values.useExternalDNS.enabled }} - full_hostname="${hostname}.{{- include "redis.externalDNS.suffix" . }}" - {{- else if eq .Values.sentinel.service.type "NodePort" }} - full_hostname="${hostname}.{{- include "common.names.namespace" . }}" - {{- else }} - full_hostname="${hostname}.${HEADLESS_SERVICE}" - {{- end }} - - {{- if .Values.useHostnames }} - echo "${full_hostname}" - {{- else }} - retry_count=0 - until getent hosts "${full_hostname}" | awk '{ print $1; exit }' | grep .; do - if [[ $retry_count -lt {{ .Values.nameResolutionThreshold }} ]]; then - sleep {{ .Values.nameResolutionTimeout }} - else - error "IP address for ${full_hostname} not found" - exit 1 - fi - ((retry_count++)) - done - {{- end }} - } - - run_sentinel_command() { - if is_boolean_yes "$REDIS_SENTINEL_TLS_ENABLED"; then - redis-cli -h "$REDIS_SERVICE" -p "$REDIS_SENTINEL_TLS_PORT_NUMBER" --tls --cert "$REDIS_SENTINEL_TLS_CERT_FILE" --key "$REDIS_SENTINEL_TLS_KEY_FILE" --cacert "$REDIS_SENTINEL_TLS_CA_FILE" sentinel "$@" - else - redis-cli -h "$REDIS_SERVICE" -p "$REDIS_SENTINEL_PORT" sentinel "$@" - fi - } - sentinel_failover_finished() { - REDIS_SENTINEL_INFO=($(run_sentinel_command get-master-addr-by-name "{{ .Values.sentinel.masterSet }}")) - REDIS_MASTER_HOST="${REDIS_SENTINEL_INFO[0]}" - [[ "$REDIS_MASTER_HOST" != "$(get_full_hostname $HOSTNAME)" ]] - } - - REDIS_SERVICE="{{ include "common.names.fullname" . }}.{{ include "common.names.namespace" . }}.svc.{{ .Values.clusterDomain }}" - - {{ if .Values.auth.sentinel -}} - # redis-cli automatically consumes credentials from the REDISCLI_AUTH variable - [[ -n "$REDIS_PASSWORD" ]] && export REDISCLI_AUTH="$REDIS_PASSWORD" - [[ -f "$REDIS_PASSWORD_FILE" ]] && export REDISCLI_AUTH="$(< "${REDIS_PASSWORD_FILE}")" - {{- end }} - - if ! sentinel_failover_finished; then - echo "I am the master pod and you are stopping me. Starting sentinel failover" - if retry_while "sentinel_failover_finished" "{{ sub .Values.sentinel.terminationGracePeriodSeconds 10 }}" 1; then - echo "Master has been successfuly failed over to a different pod." - exit 0 - else - echo "Master failover failed" - exit 1 - fi - else - exit 0 - fi - prestop-redis.sh: | - #!/bin/bash - - . /opt/bitnami/scripts/libvalidations.sh - . /opt/bitnami/scripts/libos.sh - - run_redis_command() { - if is_boolean_yes "$REDIS_TLS_ENABLED"; then - redis-cli -h 127.0.0.1 -p "$REDIS_TLS_PORT" --tls --cert "$REDIS_TLS_CERT_FILE" --key "$REDIS_TLS_KEY_FILE" --cacert "$REDIS_TLS_CA_FILE" "$@" - else - redis-cli -h 127.0.0.1 -p "$REDIS_PORT" "$@" - fi - } - is_master() { - REDIS_ROLE=$(run_redis_command role | head -1) - [[ "$REDIS_ROLE" == "master" ]] - } - - HEADLESS_SERVICE="{{ template "common.names.fullname" . }}-headless.{{- include "common.names.namespace" . }}.svc.{{ .Values.clusterDomain }}" - - get_full_hostname() { - hostname="$1" - - {{- if .Values.useExternalDNS.enabled }} - full_hostname="${hostname}.{{- include "redis.externalDNS.suffix" . }}" - {{- else if eq .Values.sentinel.service.type "NodePort" }} - full_hostname="${hostname}.{{- include "common.names.namespace" . }}" - {{- else }} - full_hostname="${hostname}.${HEADLESS_SERVICE}" - {{- end }} - - {{- if .Values.useHostnames }} - echo "${full_hostname}" - {{- else }} - retry_count=0 - until getent hosts "${full_hostname}" | awk '{ print $1; exit }' | grep .; do - if [[ $retry_count -lt {{ .Values.nameResolutionThreshold }} ]]; then - sleep {{ .Values.nameResolutionTimeout }} - else - error "IP address for ${full_hostname} not found" - exit 1 - fi - ((retry_count++)) - done - {{- end }} - } - - run_sentinel_command() { - if is_boolean_yes "$REDIS_SENTINEL_TLS_ENABLED"; then - {{ .Values.auth.sentinel | ternary "" "env -u REDISCLI_AUTH " -}} redis-cli -h "$REDIS_SERVICE" -p "$REDIS_SENTINEL_TLS_PORT_NUMBER" --tls --cert "$REDIS_SENTINEL_TLS_CERT_FILE" --key "$REDIS_SENTINEL_TLS_KEY_FILE" --cacert "$REDIS_SENTINEL_TLS_CA_FILE" sentinel "$@" - else - {{ .Values.auth.sentinel | ternary "" "env -u REDISCLI_AUTH " -}} redis-cli -h "$REDIS_SERVICE" -p "$REDIS_SENTINEL_PORT" sentinel "$@" - fi - } - sentinel_failover_finished() { - REDIS_SENTINEL_INFO=($(run_sentinel_command get-master-addr-by-name "{{ .Values.sentinel.masterSet }}")) - REDIS_MASTER_HOST="${REDIS_SENTINEL_INFO[0]}" - [[ "$REDIS_MASTER_HOST" != "$(get_full_hostname $HOSTNAME)" ]] - } - - REDIS_SERVICE="{{ include "common.names.fullname" . }}.{{ include "common.names.namespace" . }}.svc.{{ .Values.clusterDomain }}" - - # redis-cli automatically consumes credentials from the REDISCLI_AUTH variable - [[ -n "$REDIS_PASSWORD" ]] && export REDISCLI_AUTH="$REDIS_PASSWORD" - [[ -f "$REDIS_PASSWORD_FILE" ]] && export REDISCLI_AUTH="$(< "${REDIS_PASSWORD_FILE}")" - - - if is_master && ! sentinel_failover_finished; then - echo "I am the master pod and you are stopping me. Pausing client connections." - # Pausing client write connections to avoid data loss - run_redis_command CLIENT PAUSE "{{ mul (add 2 (sub .Values.sentinel.terminationGracePeriodSeconds 10)) 1000 }}" WRITE - - echo "Issuing failover" - # if I am the master, issue a command to failover once - run_sentinel_command failover "{{ .Values.sentinel.masterSet }}" - - {{- if .Values.sentinel.redisShutdownWaitFailover }} - echo "Waiting for sentinel to complete failover for up to {{ sub .Values.sentinel.terminationGracePeriodSeconds 10 }}s" - retry_while "sentinel_failover_finished" "{{ sub .Values.sentinel.terminationGracePeriodSeconds 10 }}" 1 - {{- end }} - else - exit 0 - fi - - {{- if or .Values.sentinel.masterService.enabled .Values.sentinel.service.createMaster }} - push-master-label.sh: | - #!/bin/bash - # https://download.redis.io/redis-stable/sentinel.conf - - echo "${6/.*}" > /etc/shared/current - echo "${4/.*}" > /etc/shared/previous - {{- end }} -{{- else }} - start-master.sh: | - #!/bin/bash - - [[ -f $REDIS_PASSWORD_FILE ]] && export REDIS_PASSWORD="$(< "${REDIS_PASSWORD_FILE}")" - {{- if and .Values.master.containerSecurityContext.runAsUser (eq (.Values.master.containerSecurityContext.runAsUser | int) 0) }} - useradd redis - chown -R redis {{ .Values.master.persistence.path }} - {{- end }} - if [[ -f /opt/bitnami/redis/mounted-etc/master.conf ]];then - cp /opt/bitnami/redis/mounted-etc/master.conf /opt/bitnami/redis/etc/master.conf - fi - if [[ -f /opt/bitnami/redis/mounted-etc/redis.conf ]];then - cp /opt/bitnami/redis/mounted-etc/redis.conf /opt/bitnami/redis/etc/redis.conf - fi - {{- if .Values.tls.enabled }} - ARGS=("--port" "0") - ARGS+=("--tls-port" "${REDIS_TLS_PORT}") - ARGS+=("--tls-cert-file" "${REDIS_TLS_CERT_FILE}") - ARGS+=("--tls-key-file" "${REDIS_TLS_KEY_FILE}") - ARGS+=("--tls-ca-cert-file" "${REDIS_TLS_CA_FILE}") - ARGS+=("--tls-auth-clients" "${REDIS_TLS_AUTH_CLIENTS}") - {{- if .Values.tls.dhParamsFilename }} - ARGS+=("--tls-dh-params-file" "${REDIS_TLS_DH_PARAMS_FILE}") - {{- end }} - {{- else }} - ARGS=("--port" "${REDIS_PORT}") - {{- end }} - {{- if .Values.auth.enabled }} - ARGS+=("--requirepass" "${REDIS_PASSWORD}") - ARGS+=("--masterauth" "${REDIS_PASSWORD}") - {{- else }} - ARGS+=("--protected-mode" "no") - {{- end }} - ARGS+=("--include" "/opt/bitnami/redis/etc/redis.conf") - ARGS+=("--include" "/opt/bitnami/redis/etc/master.conf") - {{- if .Values.master.extraFlags }} - {{- range .Values.master.extraFlags }} - ARGS+=({{ . | quote }}) - {{- end }} - {{- end }} - {{- if .Values.master.preExecCmds }} - {{- range $command := .Values.master.preExecCmds }} - {{- $command | nindent 4 }} - {{- end }} - {{- end }} - {{- if .Values.master.command }} - exec {{ .Values.master.command }} "${ARGS[@]}" - {{- else }} - exec redis-server "${ARGS[@]}" - {{- end }} - {{- if eq .Values.architecture "replication" }} - start-replica.sh: | - #!/bin/bash - - get_port() { - hostname="$1" - type="$2" - - port_var=$(echo "${hostname^^}_SERVICE_PORT_$type" | sed "s/-/_/g") - port=${!port_var} - - if [ -z "$port" ]; then - case $type in - "SENTINEL") - echo {{ .Values.sentinel.containerPorts.sentinel }} - ;; - "REDIS") - echo {{ .Values.master.containerPorts.redis }} - ;; - esac - else - echo $port - fi - } - - get_full_hostname() { - hostname="$1" - - {{- if .Values.useExternalDNS.enabled }} - full_hostname="${hostname}.{{- include "redis.externalDNS.suffix" . }}" - {{- else if eq .Values.sentinel.service.type "NodePort" }} - full_hostname="${hostname}.{{- include "common.names.namespace" . }}" - {{- else }} - full_hostname="${hostname}.${HEADLESS_SERVICE}" - {{- end }} - - {{- if .Values.useHostnames }} - echo "${full_hostname}" - {{- else }} - retry_count=0 - until getent hosts "${full_hostname}" | awk '{ print $1; exit }' | grep .; do - if [[ $retry_count -lt {{ .Values.nameResolutionThreshold }} ]]; then - sleep {{ .Values.nameResolutionTimeout }} - else - error "IP address for ${full_hostname} not found" - exit 1 - fi - ((retry_count++)) - done - {{- end }} - } - - REDISPORT=$(get_port "$HOSTNAME" "REDIS") - HEADLESS_SERVICE="{{ template "common.names.fullname" . }}-headless.{{ include "common.names.namespace" . }}.svc.{{ .Values.clusterDomain }}" - - [[ -f $REDIS_PASSWORD_FILE ]] && export REDIS_PASSWORD="$(< "${REDIS_PASSWORD_FILE}")" - [[ -f $REDIS_MASTER_PASSWORD_FILE ]] && export REDIS_MASTER_PASSWORD="$(< "${REDIS_MASTER_PASSWORD_FILE}")" - {{- if and .Values.replica.containerSecurityContext.runAsUser (eq (.Values.replica.containerSecurityContext.runAsUser | int) 0) }} - useradd redis - chown -R redis {{ .Values.replica.persistence.path }} - {{- end }} - if [[ -f /opt/bitnami/redis/mounted-etc/replica.conf ]];then - cp /opt/bitnami/redis/mounted-etc/replica.conf /opt/bitnami/redis/etc/replica.conf - fi - if [[ -f /opt/bitnami/redis/mounted-etc/redis.conf ]];then - cp /opt/bitnami/redis/mounted-etc/redis.conf /opt/bitnami/redis/etc/redis.conf - fi - - echo "" >> /opt/bitnami/redis/etc/replica.conf - echo "replica-announce-port $REDISPORT" >> /opt/bitnami/redis/etc/replica.conf - echo "replica-announce-ip $(get_full_hostname "$HOSTNAME")" >> /opt/bitnami/redis/etc/replica.conf - - {{- if .Values.tls.enabled }} - ARGS=("--port" "0") - ARGS+=("--tls-port" "${REDIS_TLS_PORT}") - ARGS+=("--tls-cert-file" "${REDIS_TLS_CERT_FILE}") - ARGS+=("--tls-key-file" "${REDIS_TLS_KEY_FILE}") - ARGS+=("--tls-ca-cert-file" "${REDIS_TLS_CA_FILE}") - ARGS+=("--tls-auth-clients" "${REDIS_TLS_AUTH_CLIENTS}") - ARGS+=("--tls-replication" "yes") - {{- if .Values.tls.dhParamsFilename }} - ARGS+=("--tls-dh-params-file" "${REDIS_TLS_DH_PARAMS_FILE}") - {{- end }} - {{- else }} - ARGS=("--port" "${REDIS_PORT}") - {{- end }} - ARGS+=("--replicaof" "${REDIS_MASTER_HOST}" "${REDIS_MASTER_PORT_NUMBER}") - {{- if .Values.auth.enabled }} - ARGS+=("--requirepass" "${REDIS_PASSWORD}") - ARGS+=("--masterauth" "${REDIS_MASTER_PASSWORD}") - {{- else }} - ARGS+=("--protected-mode" "no") - {{- end }} - ARGS+=("--include" "/opt/bitnami/redis/etc/redis.conf") - ARGS+=("--include" "/opt/bitnami/redis/etc/replica.conf") - {{- if .Values.replica.extraFlags }} - {{- range .Values.replica.extraFlags }} - ARGS+=({{ . | quote }}) - {{- end }} - {{- end }} - {{- if .Values.replica.preExecCmds }} - {{- range $command := .Values.replica.preExecCmds }} - {{- $command | nindent 4 }} - {{- end }} {{- end }} - {{- if .Values.replica.command }} - exec {{ .Values.replica.command }} "${ARGS[@]}" - {{- else }} - exec redis-server "${ARGS[@]}" - {{- end }} - {{- end }} -{{- end }} ---- -{{- if or .Values.sentinel.masterService.enabled .Values.sentinel.service.createMaster }} -apiVersion: v1 -kind: ConfigMap -metadata: - name: {{ printf "%s-kubectl-scripts" (include "common.names.fullname" .) }} - namespace: {{ include "common.names.namespace" . | quote }} - labels: {{- include "common.labels.standard" ( dict "customLabels" .Values.commonLabels "context" $ ) | nindent 4 }} - {{- if .Values.commonAnnotations }} - annotations: {{- include "common.tplvalues.render" ( dict "value" .Values.commonAnnotations "context" $ ) | nindent 4 }} - {{- end }} -data: - update-master-label.sh: | - #!/bin/bash - while true; do - while [ ! -f "/etc/shared/current" ]; do - sleep 1 - done - echo "new master elected, updating label(s)..." - kubectl label pod --field-selector metadata.name="$(< "/etc/shared/current")" isMaster="true" --overwrite - kubectl label pod --field-selector metadata.name="$(< "/etc/shared/current")" app.kubernetes.io/role- - if [ -f /etc/shared/previous ]; then - kubectl label pod --field-selector metadata.name="$(< "/etc/shared/previous")" isMaster="false" --overwrite - fi - rm "/etc/shared/current" "/etc/shared/previous" - done -{{- end }} diff --git a/packages/system/dashboard/charts/kubeapps/charts/redis/templates/secret-svcbind.yaml b/packages/system/dashboard/charts/kubeapps/charts/redis/templates/secret-svcbind.yaml deleted file mode 100644 index d3c74ff3..00000000 --- a/packages/system/dashboard/charts/kubeapps/charts/redis/templates/secret-svcbind.yaml +++ /dev/null @@ -1,37 +0,0 @@ -{{- /* -Copyright Broadcom, Inc. All Rights Reserved. -SPDX-License-Identifier: APACHE-2.0 -*/}} - -{{- if .Values.serviceBindings.enabled }} -{{- $host := include "common.names.fullname" . }} -{{- if not .Values.sentinel.enabled }} -{{- $host = printf "%s-master" (include "common.names.fullname" .) }} -{{- end }} -{{- $port := print .Values.master.service.ports.redis }} -{{- if .Values.sentinel.enabled }} -{{- $port = print .Values.sentinel.service.ports.redis }} -{{- end }} -{{- $password := include "redis.password" . }} -apiVersion: v1 -kind: Secret -metadata: - name: {{ include "common.names.fullname" . }}-svcbind - namespace: {{ include "common.names.namespace" . | quote }} - labels: {{- include "common.labels.standard" ( dict "customLabels" .Values.commonLabels "context" $ ) | nindent 4 }} - {{- if .Values.commonAnnotations }} - annotations: {{- include "common.tplvalues.render" ( dict "value" .Values.commonAnnotations "context" $ ) | nindent 4 }} - {{- end }} -type: servicebinding.io/redis -data: - provider: {{ print "bitnami" | b64enc | quote }} - type: {{ print "redis" | b64enc | quote }} - host: {{ print $host | b64enc | quote }} - port: {{ print $port | b64enc | quote }} - password: {{ print $password | b64enc | quote }} - {{- if $password }} - uri: {{ printf "redis://:%s@%s:%s" $password $host $port | b64enc | quote }} - {{- else }} - uri: {{ printf "redis://%s:%s" $host $port | b64enc | quote }} - {{- end }} -{{- end }} diff --git a/packages/system/dashboard/charts/kubeapps/charts/redis/templates/secret.yaml b/packages/system/dashboard/charts/kubeapps/charts/redis/templates/secret.yaml deleted file mode 100644 index ec69fe25..00000000 --- a/packages/system/dashboard/charts/kubeapps/charts/redis/templates/secret.yaml +++ /dev/null @@ -1,25 +0,0 @@ -{{- /* -Copyright Broadcom, Inc. All Rights Reserved. -SPDX-License-Identifier: APACHE-2.0 -*/}} - -{{- if and .Values.auth.enabled (not .Values.auth.existingSecret) (or .Values.auth.usePasswordFileFromSecret (not .Values.auth.usePasswordFiles)) -}} -apiVersion: v1 -kind: Secret -metadata: - name: {{ template "common.names.fullname" . }} - namespace: {{ include "common.names.namespace" . | quote }} - labels: {{- include "common.labels.standard" ( dict "customLabels" .Values.commonLabels "context" $ ) | nindent 4 }} - {{- if or .Values.secretAnnotations .Values.commonAnnotations }} - annotations: - {{- if .Values.secretAnnotations }} - {{- include "common.tplvalues.render" ( dict "value" .Values.secretAnnotations "context" $ ) | nindent 4 }} - {{- end }} - {{- if .Values.commonAnnotations }} - {{- include "common.tplvalues.render" ( dict "value" .Values.commonAnnotations "context" $ ) | nindent 4 }} - {{- end }} - {{- end }} -type: Opaque -data: - redis-password: {{ include "redis.password" . | b64enc | quote }} -{{- end -}} diff --git a/packages/system/dashboard/charts/kubeapps/charts/redis/templates/sentinel/hpa.yaml b/packages/system/dashboard/charts/kubeapps/charts/redis/templates/sentinel/hpa.yaml deleted file mode 100644 index 54ec4857..00000000 --- a/packages/system/dashboard/charts/kubeapps/charts/redis/templates/sentinel/hpa.yaml +++ /dev/null @@ -1,49 +0,0 @@ -{{- /* -Copyright Broadcom, Inc. All Rights Reserved. -SPDX-License-Identifier: APACHE-2.0 -*/}} - -{{- if and .Values.replica.autoscaling.enabled .Values.sentinel.enabled }} -apiVersion: {{ include "common.capabilities.hpa.apiVersion" ( dict "context" $ ) }} -kind: HorizontalPodAutoscaler -metadata: - name: {{ printf "%s-node" (include "common.names.fullname" .) }} - namespace: {{ include "common.names.namespace" . | quote }} - labels: {{- include "common.labels.standard" ( dict "customLabels" .Values.commonLabels "context" $ ) | nindent 4 }} - app.kubernetes.io/component: replica - {{- if .Values.commonAnnotations }} - annotations: {{- include "common.tplvalues.render" ( dict "value" .Values.commonAnnotations "context" $ ) | nindent 4 }} - {{- end }} -spec: - scaleTargetRef: - apiVersion: {{ include "common.capabilities.deployment.apiVersion" . }} - kind: StatefulSet - name: {{ printf "%s-node" (include "common.names.fullname" .) }} - minReplicas: {{ .Values.replica.autoscaling.minReplicas }} - maxReplicas: {{ .Values.replica.autoscaling.maxReplicas }} - metrics: - {{- if .Values.replica.autoscaling.targetMemory }} - - type: Resource - resource: - name: memory - {{- if semverCompare "<1.23-0" (include "common.capabilities.kubeVersion" .) }} - targetAverageUtilization: {{ .Values.replica.autoscaling.targetMemory }} - {{- else }} - target: - type: Utilization - averageUtilization: {{ .Values.replica.autoscaling.targetMemory }} - {{- end }} - {{- end }} - {{- if .Values.replica.autoscaling.targetCPU }} - - type: Resource - resource: - name: cpu - {{- if semverCompare "<1.23-0" (include "common.capabilities.kubeVersion" .) }} - targetAverageUtilization: {{ .Values.replica.autoscaling.targetCPU }} - {{- else }} - target: - type: Utilization - averageUtilization: {{ .Values.replica.autoscaling.targetCPU }} - {{- end }} - {{- end }} -{{- end }} diff --git a/packages/system/dashboard/charts/kubeapps/charts/redis/templates/sentinel/node-services.yaml b/packages/system/dashboard/charts/kubeapps/charts/redis/templates/sentinel/node-services.yaml deleted file mode 100644 index 30ccad5e..00000000 --- a/packages/system/dashboard/charts/kubeapps/charts/redis/templates/sentinel/node-services.yaml +++ /dev/null @@ -1,67 +0,0 @@ -{{- /* -Copyright Broadcom, Inc. All Rights Reserved. -SPDX-License-Identifier: APACHE-2.0 -*/}} - -{{- if and (eq .Values.architecture "replication") .Values.sentinel.enabled (eq .Values.sentinel.service.type "NodePort") (or .Release.IsUpgrade .Values.sentinel.service.nodePorts.redis ) }} - -{{- range $i := until (int .Values.replica.replicaCount) }} - -{{ $portsmap := (lookup "v1" "ConfigMap" (include "common.names.namespace" $) (printf "%s-%s" ( include "common.names.fullname" $ ) "ports-configmap")).data }} - -{{ $sentinelport := 0}} -{{ $redisport := 0}} -{{- if $portsmap }} -{{ $sentinelport = index $portsmap (printf "%s-node-%s-%s" (include "common.names.fullname" $) (toString $i) "sentinel") }} -{{ $redisport = index $portsmap (printf "%s-node-%s-%s" (include "common.names.fullname" $) (toString $i) "redis") }} -{{- else }} -{{- end }} -apiVersion: v1 -kind: Service -metadata: - name: {{ template "common.names.fullname" $ }}-node-{{ $i }} - namespace: {{ include "common.names.namespace" $ | quote }} - labels: {{- include "common.labels.standard" ( dict "customLabels" $.Values.commonLabels "context" $ ) | nindent 4 }} - app.kubernetes.io/component: node - {{- if or $.Values.commonAnnotations $.Values.sentinel.service.annotations }} - {{- $annotations := include "common.tplvalues.merge" ( dict "values" ( list $.Values.sentinel.service.annotations $.Values.commonAnnotations ) "context" $ ) }} - annotations: {{- include "common.tplvalues.render" ( dict "value" $annotations "context" $) | nindent 4 }} - {{- end }} -spec: - type: NodePort - ports: - - name: sentinel - {{- if $.Values.sentinel.service.nodePorts.sentinel }} - nodePort: {{ (add $.Values.sentinel.service.nodePorts.sentinel $i 1) }} - port: {{ (add $.Values.sentinel.service.nodePorts.sentinel $i 1) }} - {{- else }} - nodePort: {{ $sentinelport }} - port: {{ $sentinelport }} - {{- end }} - protocol: TCP - targetPort: {{ $.Values.sentinel.containerPorts.sentinel }} - - name: redis - {{- if $.Values.sentinel.service.nodePorts.redis }} - nodePort: {{ (add $.Values.sentinel.service.nodePorts.redis $i 1) }} - port: {{ (add $.Values.sentinel.service.nodePorts.redis $i 1) }} - {{- else }} - nodePort: {{ $redisport }} - port: {{ $redisport }} - {{- end }} - protocol: TCP - targetPort: {{ $.Values.replica.containerPorts.redis }} - - name: sentinel-internal - nodePort: null - port: {{ $.Values.sentinel.containerPorts.sentinel }} - protocol: TCP - targetPort: {{ $.Values.sentinel.containerPorts.sentinel }} - - name: redis-internal - nodePort: null - port: {{ $.Values.replica.containerPorts.redis }} - protocol: TCP - targetPort: {{ $.Values.replica.containerPorts.redis }} - selector: - statefulset.kubernetes.io/pod-name: {{ template "common.names.fullname" $ }}-node-{{ $i }} ---- -{{- end }} -{{- end }} diff --git a/packages/system/dashboard/charts/kubeapps/charts/redis/templates/sentinel/pdb.yaml b/packages/system/dashboard/charts/kubeapps/charts/redis/templates/sentinel/pdb.yaml deleted file mode 100644 index 32ddad65..00000000 --- a/packages/system/dashboard/charts/kubeapps/charts/redis/templates/sentinel/pdb.yaml +++ /dev/null @@ -1,27 +0,0 @@ -{{- /* -Copyright Broadcom, Inc. All Rights Reserved. -SPDX-License-Identifier: APACHE-2.0 -*/}} -{{- $pdb := coalesce .Values.pdb .Values.replica.pdb }} -{{- if and (eq .Values.architecture "replication") .Values.sentinel.enabled $pdb.create }} -apiVersion: {{ include "common.capabilities.policy.apiVersion" . }} -kind: PodDisruptionBudget -metadata: - name: {{ printf "%s-node" (include "common.names.fullname" .) }} - namespace: {{ include "common.names.namespace" . | quote }} - labels: {{- include "common.labels.standard" ( dict "customLabels" .Values.commonLabels "context" $ ) | nindent 4 }} - app.kubernetes.io/component: node - {{- if .Values.commonAnnotations }} - annotations: {{- include "common.tplvalues.render" ( dict "value" .Values.commonAnnotations "context" $ ) | nindent 4 }} - {{- end }} -spec: - {{- if $pdb.minAvailable }} - minAvailable: {{ $pdb.minAvailable }} - {{- end }} - {{- if or $pdb.maxUnavailable (not $pdb.minAvailable) }} - maxUnavailable: {{ $pdb.maxUnavailable | default 1 }} - {{- end }} - selector: - matchLabels: {{- include "common.labels.matchLabels" ( dict "customLabels" .Values.commonLabels "context" $ ) | nindent 6 }} - app.kubernetes.io/component: node -{{- end }} diff --git a/packages/system/dashboard/charts/kubeapps/charts/redis/templates/sentinel/ports-configmap.yaml b/packages/system/dashboard/charts/kubeapps/charts/redis/templates/sentinel/ports-configmap.yaml deleted file mode 100644 index d55f01a0..00000000 --- a/packages/system/dashboard/charts/kubeapps/charts/redis/templates/sentinel/ports-configmap.yaml +++ /dev/null @@ -1,102 +0,0 @@ -{{- /* -Copyright Broadcom, Inc. All Rights Reserved. -SPDX-License-Identifier: APACHE-2.0 -*/}} - -{{- if and (eq .Values.architecture "replication") .Values.sentinel.enabled (eq .Values.sentinel.service.type "NodePort") (not .Values.sentinel.service.nodePorts.redis ) }} -{{- /* create a list to keep track of ports we choose to use */}} -{{ $chosenports := (list ) }} - -{{- /* Get list of all used nodeports */}} -{{ $usedports := (list ) }} -{{- range $index, $service := (lookup "v1" "Service" "" "").items }} - {{- range.spec.ports }} - {{- if .nodePort }} - {{- $usedports = (append $usedports .nodePort) }} - {{- end }} - {{- end }} -{{- end }} - -{{- /* -comments that start with # are rendered in the output when you debug, so you can less and search for them -Vars in the comment will be rendered out, so you can check their value this way. -https://helm.sh/docs/chart_best_practices/templates/#comments-yaml-comments-vs-template-comments - -remove the template comments and leave the yaml comments to help debug -*/}} - -{{- /* Sort the list */}} -{{ $usedports = $usedports | sortAlpha }} -#usedports {{ $usedports }} - -{{- /* How many nodeports per service do we want to create, except for the main service which is always two */}} -{{ $numberofPortsPerNodeService := 2 }} - -{{- /* for every nodeport we want, loop though the used ports to get an unused port */}} -{{- range $j := until (int (add (mul (int .Values.replica.replicaCount) $numberofPortsPerNodeService) 2)) }} - {{- /* #j={{ $j }} */}} - {{- $nodeport := (add $j 30000) }} - {{- $nodeportfound := false }} - {{- range $i := $usedports }} - {{- /* #i={{ $i }} - #nodeport={{ $nodeport }} - #usedports={{ $usedports }} */}} - {{- if and (has (toString $nodeport) $usedports) (eq $nodeportfound false) }} - {{- /* nodeport conflicts with in use */}} - {{- $nodeport = (add $nodeport 1) }} - {{- else if and ( has $nodeport $chosenports) (eq $nodeportfound false) }} - {{- /* nodeport already chosen, try another */}} - {{- $nodeport = (add $nodeport 1) }} - {{- else if (eq $nodeportfound false) }} - {{- /* nodeport free to use: not already claimed and not in use */}} - {{- /* select nodeport, and place into usedports */}} - {{- $chosenports = (append $chosenports $nodeport) }} - {{- $nodeportfound = true }} - {{- else }} - {{- /* nodeport has already been chosen and locked in, just work through the rest of the list to get to the next nodeport selection */}} - {{- end }} - {{- end }} - {{- if (eq $nodeportfound false) }} - {{- $chosenports = (append $chosenports $nodeport) }} - {{- end }} - -{{- end }} - -{{- /* print the usedports and chosenports for debugging */}} -#usedports {{ $usedports }} -#chosenports {{ $chosenports }}}} - ---- -apiVersion: v1 -kind: ConfigMap -metadata: - name: {{ template "common.names.fullname" . }}-ports-configmap - namespace: {{ include "common.names.namespace" . | quote }} - labels: {{- include "common.labels.standard" ( dict "customLabels" .Values.commonLabels "context" $ ) | nindent 4 }} - {{- if .Values.commonAnnotations }} - annotations: - {{- include "common.tplvalues.render" ( dict "value" .Values.commonAnnotations "context" $ ) | nindent 4 }} - {{- end }} -data: -{{ $portsmap := (lookup "v1" "ConfigMap" (include "common.names.namespace" .) (printf "%s-%s" ( include "common.names.fullname" . ) "ports-configmap")).data }} -{{- if $portsmap }} -{{- /* configmap already exists, do not install again */ -}} - {{- range $name, $value := $portsmap }} - "{{ $name }}": "{{ $value }}" - {{- end }} -{{- else }} -{{- /* configmap being set for first time */ -}} - {{- range $index, $port := $chosenports }} - {{- $nodenumber := (floor (div $index 2)) }} - {{- if (eq $index 0) }} - "{{ template "common.names.fullname" $ }}-sentinel": "{{ $port }}" - {{- else if (eq $index 1) }} - "{{ template "common.names.fullname" $ }}-redis": "{{ $port }}" - {{- else if (eq (mod $index 2) 0) }} - "{{ template "common.names.fullname" $ }}-node-{{ (sub $nodenumber 1) }}-sentinel": "{{ $port }}" - {{- else if (eq (mod $index 2) 1) }} - "{{ template "common.names.fullname" $ }}-node-{{ (sub $nodenumber 1) }}-redis": "{{ $port }}" - {{- end }} - {{- end }} -{{- end }} -{{- end }} diff --git a/packages/system/dashboard/charts/kubeapps/charts/redis/templates/sentinel/service.yaml b/packages/system/dashboard/charts/kubeapps/charts/redis/templates/sentinel/service.yaml deleted file mode 100644 index 9530bde9..00000000 --- a/packages/system/dashboard/charts/kubeapps/charts/redis/templates/sentinel/service.yaml +++ /dev/null @@ -1,160 +0,0 @@ -{{- /* -Copyright Broadcom, Inc. All Rights Reserved. -SPDX-License-Identifier: APACHE-2.0 -*/}} - -{{- if or .Release.IsUpgrade (ne .Values.sentinel.service.type "NodePort") .Values.sentinel.service.nodePorts.redis -}} -{{- if and (eq .Values.architecture "replication") .Values.sentinel.enabled }} -{{ $portsmap := (lookup "v1" "ConfigMap" (include "common.names.namespace" .) (printf "%s-%s" ( include "common.names.fullname" . ) "ports-configmap")).data }} - -{{ $sentinelport := 0}} -{{ $redisport := 0}} -{{- if $portsmap }} -{{ $sentinelport = index $portsmap (printf "%s-%s" (include "common.names.fullname" $) "sentinel") }} -{{ $redisport = index $portsmap (printf "%s-%s" (include "common.names.fullname" $) "redis") }} -{{- else }} -{{- end }} - -apiVersion: v1 -kind: Service -metadata: - name: {{ template "common.names.fullname" . }} - namespace: {{ include "common.names.namespace" . | quote }} - labels: {{- include "common.labels.standard" ( dict "customLabels" .Values.commonLabels "context" $ ) | nindent 4 }} - app.kubernetes.io/component: node - {{- if or .Values.sentinel.service.annotations .Values.commonAnnotations }} - {{- $annotations := include "common.tplvalues.merge" ( dict "values" ( list .Values.sentinel.service.annotations .Values.commonAnnotations ) "context" . ) }} - annotations: {{- include "common.tplvalues.render" ( dict "value" $annotations "context" $) | nindent 4 }} - {{- end }} -spec: - type: {{ .Values.sentinel.service.type }} - {{- if or (eq .Values.sentinel.service.type "LoadBalancer") (eq .Values.sentinel.service.type "NodePort") }} - externalTrafficPolicy: {{ .Values.sentinel.service.externalTrafficPolicy | quote }} - {{- end }} - {{- if and (eq .Values.sentinel.service.type "LoadBalancer") (not (empty .Values.sentinel.service.loadBalancerIP)) }} - loadBalancerIP: {{ .Values.sentinel.service.loadBalancerIP }} - {{- end }} - {{- if and (eq .Values.sentinel.service.type "LoadBalancer") .Values.sentinel.service.loadBalancerClass }} - loadBalancerClass: {{ .Values.sentinel.service.loadBalancerClass }} - {{- end }} - {{- if and (eq .Values.sentinel.service.type "LoadBalancer") (not (empty .Values.sentinel.service.loadBalancerSourceRanges)) }} - loadBalancerSourceRanges: {{ toYaml .Values.sentinel.service.loadBalancerSourceRanges | nindent 4 }} - {{- end }} - {{- if and .Values.sentinel.service.clusterIP (eq .Values.sentinel.service.type "ClusterIP") }} - clusterIP: {{ .Values.sentinel.service.clusterIP }} - {{- end }} - {{- if .Values.sentinel.service.sessionAffinity }} - sessionAffinity: {{ .Values.sentinel.service.sessionAffinity }} - {{- end }} - {{- if .Values.sentinel.service.sessionAffinityConfig }} - sessionAffinityConfig: {{- include "common.tplvalues.render" (dict "value" .Values.sentinel.service.sessionAffinityConfig "context" $) | nindent 4 }} - {{- end }} - ports: - - name: tcp-redis - {{- if and (or (eq .Values.sentinel.service.type "NodePort") (eq .Values.sentinel.service.type "LoadBalancer")) .Values.sentinel.service.nodePorts.redis }} - port: {{ .Values.sentinel.service.nodePorts.redis }} - {{- else if eq .Values.sentinel.service.type "NodePort" }} - port: {{ $redisport }} - {{- else}} - port: {{ .Values.sentinel.service.ports.redis }} - {{- end }} - targetPort: {{ .Values.replica.containerPorts.redis }} - {{- if and (or (eq .Values.sentinel.service.type "NodePort") (eq .Values.sentinel.service.type "LoadBalancer")) .Values.sentinel.service.nodePorts.redis }} - nodePort: {{ .Values.sentinel.service.nodePorts.redis }} - {{- else if eq .Values.sentinel.service.type "ClusterIP" }} - nodePort: null - {{- else if eq .Values.sentinel.service.type "NodePort" }} - nodePort: {{ $redisport }} - {{- end }} - - name: tcp-sentinel - {{- if and (or (eq .Values.sentinel.service.type "NodePort") (eq .Values.sentinel.service.type "LoadBalancer")) .Values.sentinel.service.nodePorts.sentinel }} - port: {{ .Values.sentinel.service.nodePorts.sentinel }} - {{- else if eq .Values.sentinel.service.type "NodePort" }} - port: {{ $sentinelport }} - {{- else }} - port: {{ .Values.sentinel.service.ports.sentinel }} - {{- end }} - targetPort: {{ .Values.sentinel.containerPorts.sentinel }} - {{- if and (or (eq .Values.sentinel.service.type "NodePort") (eq .Values.sentinel.service.type "LoadBalancer")) .Values.sentinel.service.nodePorts.sentinel }} - nodePort: {{ .Values.sentinel.service.nodePorts.sentinel }} - {{- else if eq .Values.sentinel.service.type "ClusterIP" }} - nodePort: null - {{- else if eq .Values.sentinel.service.type "NodePort" }} - nodePort: {{ $sentinelport }} - {{- end }} - {{- if eq .Values.sentinel.service.type "NodePort" }} - - name: sentinel-internal - nodePort: null - port: {{ .Values.sentinel.containerPorts.sentinel }} - protocol: TCP - targetPort: {{ .Values.sentinel.containerPorts.sentinel }} - - name: redis-internal - nodePort: null - port: {{ .Values.replica.containerPorts.redis }} - protocol: TCP - targetPort: {{ .Values.replica.containerPorts.redis }} - {{- end }} - {{- if .Values.sentinel.service.extraPorts }} - {{- include "common.tplvalues.render" (dict "value" .Values.sentinel.service.extraPorts "context" $) | nindent 4 }} - {{- end }} - {{- $podLabels := include "common.tplvalues.merge" ( dict "values" ( list .Values.replica.podLabels .Values.commonLabels ) "context" . ) }} - selector: {{- include "common.labels.matchLabels" ( dict "customLabels" $podLabels "context" $ ) | nindent 4 }} - app.kubernetes.io/component: node - -{{- $masterServiceConfig := ternary .Values.sentinel.masterService .Values.sentinel.service .Values.sentinel.masterService.enabled -}} -{{- if and .Values.sentinel.enabled (or .Values.sentinel.masterService.enabled .Values.sentinel.service.createMaster) }} ---- -apiVersion: v1 -kind: Service -metadata: - name: "{{ template "common.names.fullname" . }}-master" - namespace: {{ include "common.names.namespace" . | quote }} - labels: {{- include "common.labels.standard" ( dict "customLabels" .Values.commonLabels "context" $ ) | nindent 4 }} - app.kubernetes.io/component: node - {{- if or $masterServiceConfig.annotations .Values.commonAnnotations }} - {{- $annotations := include "common.tplvalues.merge" ( dict "values" ( list ($masterServiceConfig.annotations) .Values.commonAnnotations ) "context" . ) }} - annotations: {{- include "common.tplvalues.render" ( dict "value" $annotations "context" $) | nindent 4 }} - {{- end }} -spec: - type: {{ $masterServiceConfig.type }} - {{- if or (eq $masterServiceConfig.type "LoadBalancer") (eq $masterServiceConfig.type "NodePort") }} - externalTrafficPolicy: {{ $masterServiceConfig.externalTrafficPolicy | quote }} - {{- end }} - {{- if and (eq $masterServiceConfig.type "LoadBalancer") (not (empty ($masterServiceConfig.loadBalancerIP))) }} - loadBalancerIP: {{ $masterServiceConfig.loadBalancerIP }} - {{- end }} - {{- if and (eq $masterServiceConfig.type "LoadBalancer") (not (empty ($masterServiceConfig.loadBalancerClass))) }} - loadBalancerClass: {{ $masterServiceConfig.loadBalancerClass }} - {{- end }} - {{- if and (eq $masterServiceConfig.type "LoadBalancer") (not (empty ($masterServiceConfig.loadBalancerSourceRanges))) }} - loadBalancerSourceRanges: {{ toYaml ($masterServiceConfig.loadBalancerSourceRanges) | nindent 4 }} - {{- end }} - {{- if and (eq $masterServiceConfig.type "ClusterIP") (not (empty ($masterServiceConfig.clusterIP))) }} - clusterIP: {{ $masterServiceConfig.clusterIP }} - {{- end }} - sessionAffinity: {{ $masterServiceConfig.sessionAffinity }} - {{- if $masterServiceConfig.sessionAffinityConfig }} - sessionAffinityConfig: {{- include "common.tplvalues.render" (dict "value" ($masterServiceConfig.sessionAffinityConfig) "context" $) | nindent 4 }} - {{- end }} - ports: - - name: tcp-redis - {{- if and (or (eq $masterServiceConfig.type "NodePort") (eq $masterServiceConfig.type "LoadBalancer")) ($masterServiceConfig.nodePorts.redis) }} - port: {{ $masterServiceConfig.nodePorts.redis }} - {{- else if eq $masterServiceConfig.type "NodePort" }} - port: {{ $redisport }} - {{- else }} - port: {{ $masterServiceConfig.ports.redis }} - {{- end }} - targetPort: {{ .Values.replica.containerPorts.redis }} - {{- if and (or (eq $masterServiceConfig.type "NodePort") (eq $masterServiceConfig.type "LoadBalancer")) ($masterServiceConfig.nodePorts.redis) }} - nodePort: {{ $masterServiceConfig.nodePorts.redis }} - {{- else if eq $masterServiceConfig.type "ClusterIP" }} - nodePort: null - {{- else if eq $masterServiceConfig.type "NodePort" }} - nodePort: {{ $redisport }} - {{- end }} - selector: {{- include "common.labels.matchLabels" ( dict "customLabels" $podLabels "context" $ ) | nindent 4 }} - isMaster: "true" -{{- end }} -{{- end }} -{{- end }} diff --git a/packages/system/dashboard/charts/kubeapps/charts/redis/templates/sentinel/statefulset.yaml b/packages/system/dashboard/charts/kubeapps/charts/redis/templates/sentinel/statefulset.yaml deleted file mode 100644 index 45c7451e..00000000 --- a/packages/system/dashboard/charts/kubeapps/charts/redis/templates/sentinel/statefulset.yaml +++ /dev/null @@ -1,843 +0,0 @@ -{{- /* -Copyright Broadcom, Inc. All Rights Reserved. -SPDX-License-Identifier: APACHE-2.0 -*/}} - -{{- if or .Release.IsUpgrade (ne .Values.sentinel.service.type "NodePort") .Values.sentinel.service.nodePorts.redis -}} -{{- if and (eq .Values.architecture "replication") .Values.sentinel.enabled }} -apiVersion: {{ include "common.capabilities.statefulset.apiVersion" . }} -kind: StatefulSet -metadata: - name: {{ printf "%s-node" (include "common.names.fullname" .) }} - namespace: {{ include "common.names.namespace" . | quote }} - labels: {{- include "common.labels.standard" ( dict "customLabels" .Values.commonLabels "context" $ ) | nindent 4 }} - app.kubernetes.io/component: node - {{- if or .Values.commonAnnotations .Values.sentinel.annotations }} - {{- $annotations := include "common.tplvalues.merge" ( dict "values" ( list .Values.sentinel.annotations .Values.commonAnnotations ) "context" . ) }} - annotations: {{- include "common.tplvalues.render" ( dict "value" $annotations "context" $) | nindent 4 }} - {{- end }} -spec: - replicas: {{ .Values.replica.replicaCount }} - revisionHistoryLimit: {{ .Values.replica.revisionHistoryLimit }} - {{- $podLabels := include "common.tplvalues.merge" ( dict "values" ( list .Values.replica.podLabels .Values.commonLabels ) "context" . ) }} - selector: - matchLabels: {{- include "common.labels.matchLabels" ( dict "customLabels" $podLabels "context" $ ) | nindent 6 }} - app.kubernetes.io/component: node - serviceName: {{ printf "%s-headless" (include "common.names.fullname" .) }} - {{- if .Values.replica.updateStrategy }} - updateStrategy: {{- toYaml .Values.replica.updateStrategy | nindent 4 }} - {{- end }} - {{- if and .Values.replica.minReadySeconds (semverCompare ">= 1.23-0" (include "common.capabilities.kubeVersion" .)) }} - minReadySeconds: {{ .Values.replica.minReadySeconds }} - {{- end }} - {{- if .Values.replica.podManagementPolicy }} - podManagementPolicy: {{ .Values.replica.podManagementPolicy | quote }} - {{- end }} - template: - metadata: - labels: {{- include "common.labels.standard" ( dict "customLabels" $podLabels "context" $ ) | nindent 8 }} - app.kubernetes.io/component: node - {{- if .Values.sentinel.masterService.enabled }} - app.kubernetes.io/role: slave - {{- end }} - {{- if and .Values.metrics.enabled .Values.metrics.podLabels }} - {{- include "common.tplvalues.render" ( dict "value" .Values.metrics.podLabels "context" $ ) | nindent 8 }} - {{- end }} - annotations: - {{- if (include "redis.createConfigmap" .) }} - checksum/configmap: {{ pick ( include (print $.Template.BasePath "/configmap.yaml") . | fromYaml ) "data" | toYaml | sha256sum }} - {{- end }} - checksum/health: {{ pick ( include (print $.Template.BasePath "/health-configmap.yaml") . | fromYaml ) "data" | toYaml | sha256sum }} - checksum/scripts: {{ pick ( include (print $.Template.BasePath "/scripts-configmap.yaml") . | fromYaml ) "data" | toYaml | sha256sum }} - checksum/secret: {{ pick ( include (print $.Template.BasePath "/secret.yaml") . | fromYaml ) "data" | toYaml | sha256sum }} - {{- if .Values.replica.podAnnotations }} - {{- include "common.tplvalues.render" ( dict "value" .Values.replica.podAnnotations "context" $ ) | nindent 8 }} - {{- end }} - {{- if and .Values.metrics.enabled .Values.metrics.podAnnotations }} - {{- include "common.tplvalues.render" ( dict "value" .Values.metrics.podAnnotations "context" $ ) | nindent 8 }} - {{- end }} - spec: - {{- if .Values.sentinel.extraPodSpec }} - {{- include "common.tplvalues.render" (dict "value" .Values.sentinel.extraPodSpec "context" $) | nindent 6 }} - {{- end }} - {{- include "redis.imagePullSecrets" . | nindent 6 }} - automountServiceAccountToken: {{ .Values.replica.automountServiceAccountToken }} - {{- if .Values.replica.hostAliases }} - hostAliases: {{- include "common.tplvalues.render" (dict "value" .Values.replica.hostAliases "context" $) | nindent 8 }} - {{- end }} - {{- if .Values.replica.podSecurityContext.enabled }} - securityContext: {{- include "common.compatibility.renderSecurityContext" (dict "secContext" .Values.replica.podSecurityContext "context" $) | nindent 8 }} - {{- end }} - serviceAccountName: {{ template "redis.serviceAccountName" . }} - {{- if .Values.replica.priorityClassName }} - priorityClassName: {{ .Values.replica.priorityClassName | quote }} - {{- end }} - {{- if .Values.replica.affinity }} - affinity: {{- include "common.tplvalues.render" (dict "value" .Values.replica.affinity "context" $) | nindent 8 }} - {{- else }} - affinity: - podAffinity: {{- include "common.affinities.pods" (dict "type" .Values.replica.podAffinityPreset "component" "node" "customLabels" $podLabels "context" $) | nindent 10 }} - podAntiAffinity: {{- include "common.affinities.pods" (dict "type" .Values.replica.podAntiAffinityPreset "component" "node" "customLabels" $podLabels "context" $) | nindent 10 }} - nodeAffinity: {{- include "common.affinities.nodes" (dict "type" .Values.replica.nodeAffinityPreset.type "key" .Values.replica.nodeAffinityPreset.key "values" .Values.replica.nodeAffinityPreset.values) | nindent 10 }} - {{- end }} - {{- if .Values.replica.nodeSelector }} - nodeSelector: {{- include "common.tplvalues.render" (dict "value" .Values.replica.nodeSelector "context" $) | nindent 8 }} - {{- end }} - {{- if .Values.replica.tolerations }} - tolerations: {{- include "common.tplvalues.render" (dict "value" .Values.replica.tolerations "context" $) | nindent 8 }} - {{- end }} - {{- if .Values.replica.topologySpreadConstraints }} - topologySpreadConstraints: {{- include "common.tplvalues.render" (dict "value" .Values.replica.topologySpreadConstraints "context" $) | nindent 8 }} - {{- end }} - {{- if .Values.replica.shareProcessNamespace }} - shareProcessNamespace: {{ .Values.replica.shareProcessNamespace }} - {{- end }} - {{- if .Values.replica.schedulerName }} - schedulerName: {{ .Values.replica.schedulerName | quote }} - {{- end }} - {{- if .Values.replica.dnsPolicy }} - dnsPolicy: {{ .Values.replica.dnsPolicy }} - {{- end }} - {{- if .Values.replica.dnsConfig }} - dnsConfig: {{- include "common.tplvalues.render" (dict "value" .Values.replica.dnsConfig "context" $) | nindent 8 }} - {{- end }} - enableServiceLinks: {{ .Values.sentinel.enableServiceLinks }} - terminationGracePeriodSeconds: {{ .Values.sentinel.terminationGracePeriodSeconds }} - containers: - - name: redis - image: {{ template "redis.image" . }} - imagePullPolicy: {{ .Values.image.pullPolicy | quote }} - {{- if not .Values.diagnosticMode.enabled }} - {{- if .Values.replica.lifecycleHooks }} - lifecycle: {{- include "common.tplvalues.render" (dict "value" .Values.replica.lifecycleHooks "context" $) | nindent 12 }} - {{- else }} - lifecycle: - preStop: - exec: - command: - - /bin/bash - - -c - - /opt/bitnami/scripts/start-scripts/prestop-redis.sh - {{- end }} - {{- end }} - {{- if .Values.replica.containerSecurityContext.enabled }} - securityContext: {{- include "common.compatibility.renderSecurityContext" (dict "secContext" .Values.replica.containerSecurityContext "context" $) | nindent 12 }} - {{- end }} - {{- if .Values.diagnosticMode.enabled }} - command: {{- include "common.tplvalues.render" (dict "value" .Values.diagnosticMode.command "context" $) | nindent 12 }} - {{- else if .Values.replica.command }} - command: {{- include "common.tplvalues.render" (dict "value" .Values.replica.command "context" $) | nindent 12 }} - {{- else }} - command: - - /bin/bash - {{- end }} - {{- if .Values.diagnosticMode.enabled }} - args: {{- include "common.tplvalues.render" (dict "value" .Values.diagnosticMode.args "context" $) | nindent 12 }} - {{- else if .Values.replica.args }} - args: {{- include "common.tplvalues.render" (dict "value" .Values.replica.args "context" $) | nindent 12 }} - {{- else }} - args: - - -c - - /opt/bitnami/scripts/start-scripts/start-node.sh - {{- end }} - env: - - name: BITNAMI_DEBUG - value: {{ ternary "true" "false" (or .Values.image.debug .Values.diagnosticMode.enabled) | quote }} - - name: REDIS_MASTER_PORT_NUMBER - value: {{ .Values.replica.containerPorts.redis | quote }} - - name: ALLOW_EMPTY_PASSWORD - value: {{ ternary "no" "yes" .Values.auth.enabled | quote }} - {{- if .Values.auth.enabled }} - {{- if .Values.auth.usePasswordFiles }} - - name: REDIS_PASSWORD_FILE - value: "/opt/bitnami/redis/secrets/redis-password" - - name: REDIS_MASTER_PASSWORD_FILE - value: "/opt/bitnami/redis/secrets/redis-password" - {{- else }} - - name: REDIS_PASSWORD - valueFrom: - secretKeyRef: - name: {{ template "redis.secretName" . }} - key: {{ template "redis.secretPasswordKey" . }} - - name: REDIS_MASTER_PASSWORD - valueFrom: - secretKeyRef: - name: {{ template "redis.secretName" . }} - key: {{ template "redis.secretPasswordKey" . }} - {{- end }} - {{- end }} - - name: REDIS_TLS_ENABLED - value: {{ ternary "yes" "no" .Values.tls.enabled | quote }} - {{- if .Values.tls.enabled }} - - name: REDIS_TLS_PORT - value: {{ .Values.replica.containerPorts.redis | quote }} - - name: REDIS_TLS_AUTH_CLIENTS - value: {{ ternary "yes" "no" .Values.tls.authClients | quote }} - - name: REDIS_TLS_CERT_FILE - value: {{ template "redis.tlsCert" . }} - - name: REDIS_TLS_KEY_FILE - value: {{ template "redis.tlsCertKey" . }} - - name: REDIS_TLS_CA_FILE - value: {{ template "redis.tlsCACert" . }} - {{- if .Values.tls.dhParamsFilename }} - - name: REDIS_TLS_DH_PARAMS_FILE - value: {{ template "redis.tlsDHParams" . }} - {{- end }} - {{- else }} - - name: REDIS_PORT - value: {{ .Values.replica.containerPorts.redis | quote }} - {{- end }} - - name: REDIS_SENTINEL_TLS_ENABLED - value: {{ ternary "yes" "no" .Values.tls.enabled | quote }} - {{- if .Values.tls.enabled }} - - name: REDIS_SENTINEL_TLS_PORT_NUMBER - value: {{ .Values.sentinel.containerPorts.sentinel | quote }} - - name: REDIS_SENTINEL_TLS_AUTH_CLIENTS - value: {{ ternary "yes" "no" .Values.tls.authClients | quote }} - - name: REDIS_SENTINEL_TLS_CERT_FILE - value: {{ template "redis.tlsCert" . }} - - name: REDIS_SENTINEL_TLS_KEY_FILE - value: {{ template "redis.tlsCertKey" . }} - - name: REDIS_SENTINEL_TLS_CA_FILE - value: {{ template "redis.tlsCACert" . }} - {{- if .Values.tls.dhParamsFilename }} - - name: REDIS_SENTINEL_TLS_DH_PARAMS_FILE - value: {{ template "redis.tlsDHParams" . }} - {{- end }} - {{- else }} - - name: REDIS_SENTINEL_PORT - value: {{ .Values.sentinel.containerPorts.sentinel | quote }} - {{- end }} - - name: REDIS_DATA_DIR - value: {{ .Values.replica.persistence.path }} - {{- if .Values.replica.externalMaster.enabled }} - - name: REDIS_EXTERNAL_MASTER_HOST - value: {{ .Values.replica.externalMaster.host | quote }} - - name: REDIS_EXTERNAL_MASTER_PORT - value: {{ .Values.replica.externalMaster.port | quote }} - {{- end }} - {{- if .Values.replica.extraEnvVars }} - {{- include "common.tplvalues.render" ( dict "value" .Values.replica.extraEnvVars "context" $ ) | nindent 12 }} - {{- end }} - {{- if or .Values.replica.extraEnvVarsCM .Values.replica.extraEnvVarsSecret }} - envFrom: - {{- if .Values.replica.extraEnvVarsCM }} - - configMapRef: - name: {{ .Values.replica.extraEnvVarsCM }} - {{- end }} - {{- if .Values.replica.extraEnvVarsSecret }} - - secretRef: - name: {{ .Values.replica.extraEnvVarsSecret }} - {{- end }} - {{- end }} - ports: - - name: redis - containerPort: {{ .Values.replica.containerPorts.redis }} - {{- if not .Values.diagnosticMode.enabled }} - {{- if .Values.replica.customStartupProbe }} - startupProbe: {{- include "common.tplvalues.render" (dict "value" .Values.replica.customStartupProbe "context" $) | nindent 12 }} - {{- else if .Values.replica.startupProbe.enabled }} - startupProbe: {{- include "common.tplvalues.render" (dict "value" (omit .Values.replica.startupProbe "enabled") "context" $) | nindent 12 }} - exec: - command: - - sh - - -c - - /health/ping_liveness_local.sh {{ .Values.replica.livenessProbe.timeoutSeconds }} - {{- end }} - {{- if .Values.replica.customLivenessProbe }} - livenessProbe: {{- include "common.tplvalues.render" (dict "value" .Values.replica.customLivenessProbe "context" $) | nindent 12 }} - {{- else if .Values.replica.livenessProbe.enabled }} - livenessProbe: - initialDelaySeconds: {{ .Values.replica.livenessProbe.initialDelaySeconds }} - periodSeconds: {{ .Values.replica.livenessProbe.periodSeconds }} - timeoutSeconds: {{ .Values.replica.livenessProbe.timeoutSeconds }} - successThreshold: {{ .Values.replica.livenessProbe.successThreshold }} - failureThreshold: {{ .Values.replica.livenessProbe.failureThreshold }} - exec: - command: - - sh - - -c - - /health/ping_liveness_local.sh {{ .Values.replica.livenessProbe.timeoutSeconds }} - {{- end }} - {{- if .Values.replica.customReadinessProbe }} - readinessProbe: {{- include "common.tplvalues.render" (dict "value" .Values.replica.customReadinessProbe "context" $) | nindent 12 }} - {{- else if .Values.replica.readinessProbe.enabled }} - readinessProbe: - initialDelaySeconds: {{ .Values.replica.readinessProbe.initialDelaySeconds }} - periodSeconds: {{ .Values.replica.readinessProbe.periodSeconds }} - timeoutSeconds: {{ .Values.replica.readinessProbe.timeoutSeconds }} - successThreshold: {{ .Values.replica.readinessProbe.successThreshold }} - failureThreshold: {{ .Values.replica.readinessProbe.failureThreshold }} - exec: - command: - - sh - - -c - - /health/ping_readiness_local.sh {{ .Values.replica.readinessProbe.timeoutSeconds }} - {{- end }} - {{- end }} - {{- if .Values.replica.resources }} - resources: {{- toYaml .Values.replica.resources | nindent 12 }} - {{- else if ne .Values.replica.resourcesPreset "none" }} - resources: {{- include "common.resources.preset" (dict "type" .Values.replica.resourcesPreset) | nindent 12 }} - {{- end }} - volumeMounts: - - name: start-scripts - mountPath: /opt/bitnami/scripts/start-scripts - - name: health - mountPath: /health - - name: sentinel-data - mountPath: /opt/bitnami/redis-sentinel/etc - {{- if .Values.auth.usePasswordFiles }} - - name: redis-password - mountPath: /opt/bitnami/redis/secrets/ - {{- end }} - - name: redis-data - mountPath: {{ .Values.replica.persistence.path }} - {{- if .Values.replica.persistence.subPath }} - subPath: {{ .Values.replica.persistence.subPath }} - {{- else if .Values.replica.persistence.subPathExpr }} - subPathExpr: {{ .Values.replica.persistence.subPathExpr }} - {{- end }} - - name: config - mountPath: /opt/bitnami/redis/mounted-etc - - name: empty-dir - mountPath: /opt/bitnami/redis/etc - subPath: app-conf-dir - - name: empty-dir - mountPath: /tmp - subPath: tmp-dir - {{- if .Values.tls.enabled }} - - name: redis-certificates - mountPath: /opt/bitnami/redis/certs - readOnly: true - {{- end }} - {{- if .Values.replica.extraVolumeMounts }} - {{- include "common.tplvalues.render" ( dict "value" .Values.replica.extraVolumeMounts "context" $ ) | nindent 12 }} - {{- end }} - - name: sentinel - image: {{ template "redis.sentinel.image" . }} - imagePullPolicy: {{ .Values.sentinel.image.pullPolicy | quote }} - {{- if not .Values.diagnosticMode.enabled }} - {{- if .Values.sentinel.lifecycleHooks }} - lifecycle: {{- include "common.tplvalues.render" (dict "value" .Values.sentinel.lifecycleHooks "context" $) | nindent 12 }} - {{- else }} - lifecycle: - preStop: - exec: - command: - - /bin/bash - - -c - - /opt/bitnami/scripts/start-scripts/prestop-sentinel.sh - {{- end }} - {{- end }} - {{- if .Values.sentinel.containerSecurityContext.enabled }} - securityContext: {{- include "common.compatibility.renderSecurityContext" (dict "secContext" .Values.sentinel.containerSecurityContext "context" $) | nindent 12 }} - {{- end }} - {{- if .Values.diagnosticMode.enabled }} - command: {{- include "common.tplvalues.render" (dict "value" .Values.diagnosticMode.command "context" $) | nindent 12 }} - {{- else if .Values.sentinel.command }} - command: {{- include "common.tplvalues.render" (dict "value" .Values.sentinel.command "context" $) | nindent 12 }} - {{- else }} - command: - - /bin/bash - {{- end }} - {{- if .Values.diagnosticMode.enabled }} - args: {{- include "common.tplvalues.render" (dict "value" .Values.diagnosticMode.args "context" $) | nindent 12 }} - {{- else if .Values.sentinel.args }} - args: {{- include "common.tplvalues.render" (dict "value" .Values.sentinel.args "context" $) | nindent 12 }} - {{- else }} - args: - - -c - - /opt/bitnami/scripts/start-scripts/start-sentinel.sh - {{- end }} - env: - - name: BITNAMI_DEBUG - value: {{ ternary "true" "false" (or .Values.sentinel.image.debug .Values.diagnosticMode.enabled) | quote }} - {{- if .Values.auth.enabled }} - {{- if .Values.auth.usePasswordFiles }} - - name: REDIS_PASSWORD_FILE - value: "/opt/bitnami/redis/secrets/redis-password" - {{- else }} - - name: REDIS_PASSWORD - valueFrom: - secretKeyRef: - name: {{ template "redis.secretName" . }} - key: {{ template "redis.secretPasswordKey" . }} - {{- end }} - {{- else }} - - name: ALLOW_EMPTY_PASSWORD - value: "yes" - {{- end }} - - name: REDIS_SENTINEL_TLS_ENABLED - value: {{ ternary "yes" "no" .Values.tls.enabled | quote }} - {{- if .Values.tls.enabled }} - - name: REDIS_SENTINEL_TLS_PORT_NUMBER - value: {{ .Values.sentinel.containerPorts.sentinel | quote }} - - name: REDIS_SENTINEL_TLS_AUTH_CLIENTS - value: {{ ternary "yes" "no" .Values.tls.authClients | quote }} - - name: REDIS_SENTINEL_TLS_CERT_FILE - value: {{ template "redis.tlsCert" . }} - - name: REDIS_SENTINEL_TLS_KEY_FILE - value: {{ template "redis.tlsCertKey" . }} - - name: REDIS_SENTINEL_TLS_CA_FILE - value: {{ template "redis.tlsCACert" . }} - {{- if .Values.tls.dhParamsFilename }} - - name: REDIS_SENTINEL_TLS_DH_PARAMS_FILE - value: {{ template "redis.tlsDHParams" . }} - {{- end }} - {{- else }} - - name: REDIS_SENTINEL_PORT - value: {{ .Values.sentinel.containerPorts.sentinel | quote }} - {{- end }} - {{- if .Values.sentinel.externalMaster.enabled }} - - name: REDIS_EXTERNAL_MASTER_HOST - value: {{ .Values.sentinel.externalMaster.host | quote }} - - name: REDIS_EXTERNAL_MASTER_PORT - value: {{ .Values.sentinel.externalMaster.port | quote }} - {{- end }} - {{- if .Values.sentinel.extraEnvVars }} - {{- include "common.tplvalues.render" ( dict "value" .Values.sentinel.extraEnvVars "context" $ ) | nindent 12 }} - {{- end }} - {{- if or .Values.sentinel.extraEnvVarsCM .Values.sentinel.extraEnvVarsSecret }} - envFrom: - {{- if .Values.sentinel.extraEnvVarsCM }} - - configMapRef: - name: {{ .Values.sentinel.extraEnvVarsCM }} - {{- end }} - {{- if .Values.sentinel.extraEnvVarsSecret }} - - secretRef: - name: {{ .Values.sentinel.extraEnvVarsSecret }} - {{- end }} - {{- end }} - ports: - - name: redis-sentinel - containerPort: {{ .Values.sentinel.containerPorts.sentinel }} - {{- if not .Values.diagnosticMode.enabled }} - {{- if .Values.sentinel.customStartupProbe }} - startupProbe: {{- include "common.tplvalues.render" (dict "value" .Values.sentinel.customStartupProbe "context" $) | nindent 12 }} - {{- else if .Values.sentinel.startupProbe.enabled }} - startupProbe: {{- include "common.tplvalues.render" (dict "value" (omit .Values.sentinel.startupProbe "enabled") "context" $) | nindent 12 }} - exec: - command: - - sh - - -c - - /health/ping_sentinel.sh {{ .Values.sentinel.livenessProbe.timeoutSeconds }} - {{- end }} - {{- if .Values.sentinel.customLivenessProbe }} - livenessProbe: {{- include "common.tplvalues.render" (dict "value" .Values.sentinel.customLivenessProbe "context" $) | nindent 12 }} - {{- else if .Values.sentinel.livenessProbe.enabled }} - livenessProbe: - initialDelaySeconds: {{ .Values.sentinel.livenessProbe.initialDelaySeconds }} - periodSeconds: {{ .Values.sentinel.livenessProbe.periodSeconds }} - timeoutSeconds: {{ .Values.sentinel.livenessProbe.timeoutSeconds }} - successThreshold: {{ .Values.sentinel.livenessProbe.successThreshold }} - failureThreshold: {{ .Values.sentinel.livenessProbe.failureThreshold }} - exec: - command: - - sh - - -c - - /health/ping_sentinel.sh {{ .Values.sentinel.livenessProbe.timeoutSeconds }} - {{- end }} - {{- end }} - {{- if not .Values.diagnosticMode.enabled }} - {{- if .Values.sentinel.customReadinessProbe }} - readinessProbe: {{- include "common.tplvalues.render" (dict "value" .Values.sentinel.customReadinessProbe "context" $) | nindent 12 }} - {{- else if .Values.sentinel.readinessProbe.enabled }} - readinessProbe: - initialDelaySeconds: {{ .Values.sentinel.readinessProbe.initialDelaySeconds }} - periodSeconds: {{ .Values.sentinel.readinessProbe.periodSeconds }} - timeoutSeconds: {{ .Values.sentinel.readinessProbe.timeoutSeconds }} - successThreshold: {{ .Values.sentinel.readinessProbe.successThreshold }} - failureThreshold: {{ .Values.sentinel.readinessProbe.failureThreshold }} - exec: - command: - - sh - - -c - - /health/ping_sentinel.sh {{ .Values.sentinel.readinessProbe.timeoutSeconds }} - {{- end }} - {{- end }} - {{- if .Values.sentinel.resources }} - resources: {{- toYaml .Values.sentinel.resources | nindent 12 }} - {{- else if ne .Values.sentinel.resourcesPreset "none" }} - resources: {{- include "common.resources.preset" (dict "type" .Values.sentinel.resourcesPreset) | nindent 12 }} - {{- end }} - volumeMounts: - - name: empty-dir - mountPath: /tmp - subPath: tmp-dir - - name: start-scripts - mountPath: /opt/bitnami/scripts/start-scripts - - name: health - mountPath: /health - {{- if or .Values.sentinel.masterService.enabled .Values.sentinel.service.createMaster}} - - name: kubectl-shared - mountPath: /etc/shared - {{- end }} - - name: sentinel-data - mountPath: /opt/bitnami/redis-sentinel/etc - {{- if .Values.auth.usePasswordFiles }} - - name: redis-password - mountPath: /opt/bitnami/redis/secrets/ - {{- end }} - - name: redis-data - mountPath: {{ .Values.replica.persistence.path }} - {{- if .Values.replica.persistence.subPath }} - subPath: {{ .Values.replica.persistence.subPath }} - {{- else if .Values.replica.persistence.subPathExpr }} - subPathExpr: {{ .Values.replica.persistence.subPathExpr }} - {{- end }} - - name: config - mountPath: /opt/bitnami/redis-sentinel/mounted-etc - {{- if .Values.tls.enabled }} - - name: redis-certificates - mountPath: /opt/bitnami/redis/certs - readOnly: true - {{- end }} - {{- if .Values.sentinel.extraVolumeMounts }} - {{- include "common.tplvalues.render" ( dict "value" .Values.sentinel.extraVolumeMounts "context" $ ) | nindent 12 }} - {{- end }} - {{- if .Values.metrics.enabled }} - - name: metrics - image: {{ template "redis.metrics.image" . }} - imagePullPolicy: {{ .Values.metrics.image.pullPolicy | quote }} - {{- if .Values.metrics.containerSecurityContext.enabled }} - securityContext: {{- include "common.compatibility.renderSecurityContext" (dict "secContext" .Values.metrics.containerSecurityContext "context" $) | nindent 12 }} - {{- end }} - {{- if .Values.diagnosticMode.enabled }} - command: {{- include "common.tplvalues.render" (dict "value" .Values.diagnosticMode.command "context" $) | nindent 12 }} - {{- else }} - command: - - /bin/bash - - -c - - | - if [[ -f '/secrets/redis-password' ]]; then - export REDIS_PASSWORD=$(cat /secrets/redis-password) - fi - redis_exporter{{- range $key, $value := .Values.metrics.extraArgs }} --{{ $key }}={{ $value }}{{- end }} - {{- end }} - {{- if .Values.diagnosticMode.enabled }} - args: {{- include "common.tplvalues.render" (dict "value" .Values.diagnosticMode.args "context" $) | nindent 12 }} - {{- end }} - env: - - name: REDIS_ALIAS - value: {{ template "common.names.fullname" . }} - - name: REDIS_EXPORTER_WEB_LISTEN_ADDRESS - value: {{ printf ":%v" .Values.metrics.containerPorts.http }} - {{- if .Values.auth.enabled }} - - name: REDIS_USER - value: default - {{- if (not .Values.auth.usePasswordFiles) }} - - name: REDIS_PASSWORD - valueFrom: - secretKeyRef: - name: {{ template "redis.secretName" . }} - key: {{ template "redis.secretPasswordKey" . }} - {{- end }} - {{- end }} - {{- if .Values.tls.enabled }} - - name: REDIS_ADDR - value: rediss://{{ .Values.metrics.redisTargetHost }}:{{ .Values.replica.containerPorts.redis }} - {{- if .Values.tls.authClients }} - - name: REDIS_EXPORTER_TLS_CLIENT_KEY_FILE - value: {{ template "redis.tlsCertKey" . }} - - name: REDIS_EXPORTER_TLS_CLIENT_CERT_FILE - value: {{ template "redis.tlsCert" . }} - {{- end }} - - name: REDIS_EXPORTER_TLS_CA_CERT_FILE - value: {{ template "redis.tlsCACert" . }} - {{- end }} - {{- if .Values.metrics.extraEnvVars }} - {{- include "common.tplvalues.render" (dict "value" .Values.metrics.extraEnvVars "context" $) | nindent 12 }} - {{- end }} - ports: - - name: metrics - containerPort: {{ .Values.metrics.containerPorts.http }} - {{- if not .Values.diagnosticMode.enabled }} - {{- if .Values.metrics.customStartupProbe }} - startupProbe: {{- include "common.tplvalues.render" (dict "value" .Values.metrics.customStartupProbe "context" $) | nindent 12 }} - {{- else if .Values.metrics.startupProbe.enabled }} - startupProbe: {{- include "common.tplvalues.render" (dict "value" (omit .Values.metrics.startupProbe "enabled") "context" $) | nindent 12 }} - tcpSocket: - port: metrics - {{- end }} - {{- if .Values.metrics.customLivenessProbe }} - livenessProbe: {{- include "common.tplvalues.render" (dict "value" .Values.metrics.customLivenessProbe "context" $) | nindent 12 }} - {{- else if .Values.metrics.livenessProbe.enabled }} - livenessProbe: {{- include "common.tplvalues.render" (dict "value" (omit .Values.metrics.livenessProbe "enabled") "context" $) | nindent 12 }} - tcpSocket: - port: metrics - {{- end }} - {{- if .Values.metrics.customReadinessProbe }} - readinessProbe: {{- include "common.tplvalues.render" (dict "value" .Values.metrics.customReadinessProbe "context" $) | nindent 12 }} - {{- else if .Values.metrics.readinessProbe.enabled }} - readinessProbe: {{- include "common.tplvalues.render" (dict "value" (omit .Values.metrics.readinessProbe "enabled") "context" $) | nindent 12 }} - httpGet: - path: / - port: metrics - {{- end }} - {{- end }} - {{- if .Values.metrics.resources }} - resources: {{- toYaml .Values.metrics.resources | nindent 12 }} - {{- else if ne .Values.metrics.resourcesPreset "none" }} - resources: {{- include "common.resources.preset" (dict "type" .Values.metrics.resourcesPreset) | nindent 12 }} - {{- end }} - volumeMounts: - - name: empty-dir - mountPath: /tmp - subPath: tmp-dir - {{- if .Values.auth.usePasswordFiles }} - - name: redis-password - mountPath: /secrets/ - {{- end }} - {{- if .Values.tls.enabled }} - - name: redis-certificates - mountPath: /opt/bitnami/redis/certs - readOnly: true - {{- end }} - {{- if .Values.metrics.extraVolumeMounts }} - {{- include "common.tplvalues.render" ( dict "value" .Values.metrics.extraVolumeMounts "context" $ ) | nindent 12 }} - {{- end }} - {{- end }} - {{- if or .Values.sentinel.masterService.enabled .Values.sentinel.service.createMaster }} - - name: kubectl-shared - image: {{ template "redis.kubectl.image" . }} - imagePullPolicy: {{ .Values.kubectl.image.pullPolicy | quote }} - command: {{- toYaml .Values.kubectl.command | nindent 12 }} - {{- if .Values.kubectl.containerSecurityContext.enabled }} - securityContext: {{- include "common.compatibility.renderSecurityContext" (dict "secContext" .Values.kubectl.containerSecurityContext "context" $) | nindent 12 }} - {{- end }} - volumeMounts: - - name: kubectl-shared - mountPath: /etc/shared - - name: kubectl-scripts - mountPath: /opt/bitnami/scripts/kubectl-scripts - {{- if .Values.kubectl.resources }} - resources: {{- toYaml .Values.kubectl.resources | nindent 12 }} - {{- end }} - {{- end }} - {{- if .Values.replica.sidecars }} - {{- include "common.tplvalues.render" (dict "value" .Values.replica.sidecars "context" $) | nindent 8 }} - {{- end }} - {{- $needsVolumePermissions := and .Values.volumePermissions.enabled .Values.replica.persistence.enabled .Values.replica.podSecurityContext.enabled .Values.replica.containerSecurityContext.enabled }} - {{- if or .Values.replica.initContainers $needsVolumePermissions .Values.sysctl.enabled }} - initContainers: - {{- if .Values.replica.initContainers }} - {{- include "common.tplvalues.render" (dict "value" .Values.replica.initContainers "context" $) | nindent 8 }} - {{- end }} - {{- if $needsVolumePermissions }} - - name: volume-permissions - image: {{ include "redis.volumePermissions.image" . }} - imagePullPolicy: {{ .Values.volumePermissions.image.pullPolicy | quote }} - command: - - /bin/bash - - -ec - - | - {{- if eq ( toString ( .Values.volumePermissions.containerSecurityContext.runAsUser )) "auto" }} - chown -R `id -u`:`id -G | cut -d " " -f2` {{ .Values.replica.persistence.path }} - {{- else }} - chown -R {{ .Values.replica.containerSecurityContext.runAsUser }}:{{ .Values.replica.podSecurityContext.fsGroup }} {{ .Values.replica.persistence.path }} - {{- end }} - {{- if eq ( toString ( .Values.volumePermissions.containerSecurityContext.runAsUser )) "auto" }} - securityContext: {{- omit .Values.volumePermissions.containerSecurityContext "runAsUser" | toYaml | nindent 12 }} - {{- else }} - securityContext: {{- .Values.volumePermissions.containerSecurityContext | toYaml | nindent 12 }} - {{- end }} - {{- if .Values.volumePermissions.extraEnvVars }} - env: - {{- include "common.tplvalues.render" (dict "value" .Values.volumePermissions.extraEnvVars "context" $) | nindent 12 }} - {{- end }} - {{- if .Values.volumePermissions.resources }} - resources: {{- toYaml .Values.volumePermissions.resources | nindent 12 }} - {{- else if ne .Values.volumePermissions.resourcesPreset "none" }} - resources: {{- include "common.resources.preset" (dict "type" .Values.volumePermissions.resourcesPreset) | nindent 12 }} - {{- end }} - volumeMounts: - - name: empty-dir - mountPath: /tmp - subPath: tmp-dir - - name: redis-data - mountPath: {{ .Values.replica.persistence.path }} - {{- if .Values.replica.persistence.subPath }} - subPath: {{ .Values.replica.persistence.subPath }} - {{- else if .Values.replica.persistence.subPathExpr }} - subPathExpr: {{ .Values.replica.persistence.subPathExpr }} - {{- end }} - {{- end }} - {{- if .Values.sysctl.enabled }} - - name: init-sysctl - image: {{ include "redis.sysctl.image" . }} - imagePullPolicy: {{ default "" .Values.sysctl.image.pullPolicy | quote }} - securityContext: - privileged: true - runAsUser: 0 - {{- if .Values.sysctl.command }} - command: {{- include "common.tplvalues.render" (dict "value" .Values.sysctl.command "context" $) | nindent 12 }} - {{- end }} - {{- if .Values.sysctl.resources }} - resources: {{- toYaml .Values.sysctl.resources | nindent 12 }} - {{- else if ne .Values.sysctl.resourcesPreset "none" }} - resources: {{- include "common.resources.preset" (dict "type" .Values.sysctl.resourcesPreset) | nindent 12 }} - {{- end }} - {{- if .Values.sysctl.mountHostSys }} - volumeMounts: - - name: empty-dir - mountPath: /tmp - subPath: tmp-dir - - name: host-sys - mountPath: /host-sys - {{- end }} - {{- end }} - {{- end }} - volumes: - - name: start-scripts - configMap: - name: {{ printf "%s-scripts" (include "common.names.fullname" .) }} - defaultMode: 0755 - - name: health - configMap: - name: {{ printf "%s-health" (include "common.names.fullname" .) }} - defaultMode: 0755 - {{- if or .Values.sentinel.masterService.enabled .Values.sentinel.service.createMaster}} - - name: kubectl-shared - emptyDir: {} - - name: kubectl-scripts - configMap: - name: {{ printf "%s-kubectl-scripts" (include "common.names.fullname" .) }} - defaultMode: 0755 - {{- end }} - {{- if .Values.auth.usePasswordFiles }} - - name: redis-password - {{ if .Values.auth.usePasswordFileFromSecret }} - secret: - secretName: {{ template "redis.secretName" . }} - items: - - key: {{ template "redis.secretPasswordKey" . }} - path: redis-password - {{- else }} - emptyDir: {} - {{- end }} - {{- end }} - - name: config - configMap: - name: {{ include "redis.configmapName" . }} - {{- if .Values.sysctl.mountHostSys }} - - name: host-sys - hostPath: - path: /sys - {{- end }} - {{- if not .Values.sentinel.persistence.enabled }} - - name: sentinel-data - {{- if or .Values.sentinel.persistence.medium .Values.sentinel.persistence.sizeLimit }} - emptyDir: - {{- if .Values.sentinel.persistence.medium }} - medium: {{ .Values.sentinel.persistence.medium | quote }} - {{- end }} - {{- if .Values.sentinel.persistence.sizeLimit }} - sizeLimit: {{ .Values.sentinel.persistence.sizeLimit | quote }} - {{- end }} - {{- else }} - emptyDir: {} - {{- end }} - {{- end }} - - name: empty-dir - {{- if or .Values.sentinel.persistence.medium .Values.sentinel.persistence.sizeLimit }} - emptyDir: - {{- if .Values.sentinel.persistence.medium }} - medium: {{ .Values.sentinel.persistence.medium | quote }} - {{- end }} - {{- if .Values.sentinel.persistence.sizeLimit }} - sizeLimit: {{ .Values.sentinel.persistence.sizeLimit | quote }} - {{- end }} - {{- else }} - emptyDir: {} - {{- end }} - {{- if .Values.replica.extraVolumes }} - {{- include "common.tplvalues.render" ( dict "value" .Values.replica.extraVolumes "context" $ ) | nindent 8 }} - {{- end }} - {{- if .Values.metrics.extraVolumes }} - {{- include "common.tplvalues.render" ( dict "value" .Values.metrics.extraVolumes "context" $ ) | nindent 8 }} - {{- end }} - {{- if .Values.sentinel.extraVolumes }} - {{- include "common.tplvalues.render" ( dict "value" .Values.sentinel.extraVolumes "context" $ ) | nindent 8 }} - {{- end }} - {{- if .Values.tls.enabled }} - - name: redis-certificates - secret: - secretName: {{ include "redis.tlsSecretName" . }} - defaultMode: 256 - {{- end }} - {{- if not .Values.replica.persistence.enabled }} - - name: redis-data - {{- if or .Values.replica.persistence.medium .Values.replica.persistence.sizeLimit }} - emptyDir: - {{- if .Values.replica.persistence.medium }} - medium: {{ .Values.replica.persistence.medium | quote }} - {{- end }} - {{- if .Values.replica.persistence.sizeLimit }} - sizeLimit: {{ .Values.replica.persistence.sizeLimit | quote }} - {{- end }} - {{- else }} - emptyDir: {} - {{- end }} - {{- else if .Values.replica.persistence.existingClaim }} - - name: redis-data - persistentVolumeClaim: - claimName: {{ printf "%s" (tpl .Values.replica.persistence.existingClaim .) }} - {{- else }} - {{- if .Values.sentinel.persistentVolumeClaimRetentionPolicy.enabled }} - persistentVolumeClaimRetentionPolicy: - whenDeleted: {{ .Values.sentinel.persistentVolumeClaimRetentionPolicy.whenDeleted }} - whenScaled: {{ .Values.sentinel.persistentVolumeClaimRetentionPolicy.whenScaled }} - {{- end }} - volumeClaimTemplates: - - apiVersion: v1 - kind: PersistentVolumeClaim - metadata: - name: redis-data - labels: {{- include "common.labels.matchLabels" ( dict "customLabels" .Values.commonLabels "context" $ ) | nindent 10 }} - app.kubernetes.io/component: node - {{- if .Values.replica.persistence.annotations }} - annotations: {{- toYaml .Values.replica.persistence.annotations | nindent 10 }} - {{- end }} - spec: - accessModes: - {{- range .Values.replica.persistence.accessModes }} - - {{ . | quote }} - {{- end }} - resources: - requests: - storage: {{ .Values.replica.persistence.size | quote }} - {{- if .Values.replica.persistence.selector }} - selector: {{- include "common.tplvalues.render" ( dict "value" .Values.replica.persistence.selector "context" $) | nindent 10 }} - {{- end }} - {{- include "common.storage.class" (dict "persistence" .Values.replica.persistence "global" .Values.global) | nindent 8 }} - {{- if .Values.sentinel.persistence.enabled }} - - apiVersion: v1 - kind: PersistentVolumeClaim - metadata: - name: sentinel-data - {{- $claimLabels := include "common.tplvalues.merge" ( dict "values" ( list .Values.sentinel.persistence.labels .Values.commonLabels ) "context" . ) }} - labels: {{- include "common.labels.matchLabels" ( dict "customLabels" $claimLabels "context" $ ) | nindent 10 }} - app.kubernetes.io/component: node - {{- if .Values.sentinel.persistence.annotations }} - annotations: {{- toYaml .Values.sentinel.persistence.annotations | nindent 10 }} - {{- end }} - spec: - accessModes: - {{- range .Values.sentinel.persistence.accessModes }} - - {{ . | quote }} - {{- end }} - resources: - requests: - storage: {{ .Values.sentinel.persistence.size | quote }} - {{- if .Values.sentinel.persistence.selector }} - selector: {{- include "common.tplvalues.render" ( dict "value" .Values.sentinel.persistence.selector "context" $) | nindent 10 }} - {{- end }} - {{- if .Values.sentinel.persistence.dataSource }} - dataSource: {{- include "common.tplvalues.render" (dict "value" .Values.sentinel.persistence.dataSource "context" $) | nindent 10 }} - {{- end }} - {{- include "common.storage.class" (dict "persistence" .Values.sentinel.persistence "global" .Values.global) | nindent 8 }} - {{- end }} - {{- end }} -{{- end }} -{{- end }} diff --git a/packages/system/dashboard/charts/kubeapps/charts/redis/templates/serviceaccount.yaml b/packages/system/dashboard/charts/kubeapps/charts/redis/templates/serviceaccount.yaml deleted file mode 100644 index 0b7d39d5..00000000 --- a/packages/system/dashboard/charts/kubeapps/charts/redis/templates/serviceaccount.yaml +++ /dev/null @@ -1,18 +0,0 @@ -{{- /* -Copyright Broadcom, Inc. All Rights Reserved. -SPDX-License-Identifier: APACHE-2.0 -*/}} - -{{- if and .Values.serviceAccount.create .Values.sentinel.enabled }} -apiVersion: v1 -kind: ServiceAccount -automountServiceAccountToken: {{ .Values.serviceAccount.automountServiceAccountToken }} -metadata: - name: {{ template "redis.serviceAccountName" . }} - namespace: {{ include "common.names.namespace" . | quote }} - labels: {{- include "common.labels.standard" ( dict "customLabels" .Values.commonLabels "context" $ ) | nindent 4 }} - {{- if or .Values.commonAnnotations .Values.serviceAccount.annotations }} - {{- $annotations := include "common.tplvalues.merge" ( dict "values" ( list .Values.serviceAccount.annotations .Values.commonAnnotations ) "context" . ) }} - annotations: {{- include "common.tplvalues.render" ( dict "value" $annotations "context" $) | nindent 4 }} - {{- end }} -{{- end }} diff --git a/packages/system/dashboard/charts/kubeapps/charts/redis/templates/servicemonitor.yaml b/packages/system/dashboard/charts/kubeapps/charts/redis/templates/servicemonitor.yaml deleted file mode 100644 index 1a9f6eea..00000000 --- a/packages/system/dashboard/charts/kubeapps/charts/redis/templates/servicemonitor.yaml +++ /dev/null @@ -1,82 +0,0 @@ -{{- /* -Copyright Broadcom, Inc. All Rights Reserved. -SPDX-License-Identifier: APACHE-2.0 -*/}} - -{{- if and .Values.metrics.enabled .Values.metrics.serviceMonitor.enabled }} -apiVersion: monitoring.coreos.com/v1 -kind: ServiceMonitor -metadata: - name: {{ template "common.names.fullname" . }} - namespace: {{ default (include "common.names.namespace" .) .Values.metrics.serviceMonitor.namespace | quote }} - labels: {{- include "common.labels.standard" ( dict "customLabels" .Values.commonLabels "context" $ ) | nindent 4 }} - {{- if .Values.metrics.serviceMonitor.additionalLabels }} - {{- include "common.tplvalues.render" (dict "value" .Values.metrics.serviceMonitor.additionalLabels "context" $) | nindent 4 }} - {{- end }} - {{- if .Values.commonAnnotations }} - annotations: {{- include "common.tplvalues.render" ( dict "value" .Values.commonAnnotations "context" $ ) | nindent 4 }} - {{- end }} -spec: - endpoints: - - port: {{ .Values.metrics.serviceMonitor.port }} - {{- if .Values.metrics.serviceMonitor.interval }} - interval: {{ .Values.metrics.serviceMonitor.interval }} - {{- end }} - {{- if .Values.metrics.serviceMonitor.scrapeTimeout }} - scrapeTimeout: {{ .Values.metrics.serviceMonitor.scrapeTimeout }} - {{- end }} - {{- if .Values.metrics.serviceMonitor.honorLabels }} - honorLabels: {{ .Values.metrics.serviceMonitor.honorLabels }} - {{- end }} - {{- with concat .Values.metrics.serviceMonitor.relabelings .Values.metrics.serviceMonitor.relabellings }} - relabelings: {{- toYaml . | nindent 6 }} - {{- end }} - {{- if .Values.metrics.serviceMonitor.metricRelabelings }} - metricRelabelings: {{- toYaml .Values.metrics.serviceMonitor.metricRelabelings | nindent 6 }} - {{- end }} - {{- range .Values.metrics.serviceMonitor.additionalEndpoints }} - - port: {{ .port }} - {{- if .interval }} - interval: {{ .interval }} - {{- end }} - {{- if .scrapeTimeout }} - scrapeTimeout: {{ .scrapeTimeout }} - {{- end }} - {{- if .honorLabels }} - honorLabels: {{ .honorLabels }} - {{- end }} - {{- with concat $.Values.metrics.serviceMonitor.relabelings $.Values.metrics.serviceMonitor.relabellings }} - relabelings: {{- toYaml . | nindent 6 }} - {{- end }} - {{- if .metricRelabelings }} - metricRelabelings: {{- toYaml .metricRelabelings | nindent 6 }} - {{- end }} - {{- if .path }} - path: {{ .path }} - {{- end }} - {{- if .params }} - params: - {{- range $key, $value := .params }} - {{ $key }}: - {{- range $value }} - - {{ . | quote }} - {{- end }} - {{- end }} - {{- end }} - {{- end }} - {{- if .Values.metrics.serviceMonitor.podTargetLabels }} - podTargetLabels: {{- toYaml .Values.metrics.serviceMonitor.podTargetLabels | nindent 4 }} - {{- end }} - {{- with .Values.metrics.serviceMonitor.sampleLimit }} - sampleLimit: {{ . }} - {{- end }} - {{- with .Values.metrics.serviceMonitor.targetLimit }} - targetLimit: {{ . }} - {{- end }} - namespaceSelector: - matchNames: - - {{ include "common.names.namespace" . | quote }} - selector: - matchLabels: {{- include "common.labels.matchLabels" ( dict "customLabels" .Values.commonLabels "context" $ ) | nindent 6 }} - app.kubernetes.io/component: metrics -{{- end }} diff --git a/packages/system/dashboard/charts/kubeapps/charts/redis/templates/tls-secret.yaml b/packages/system/dashboard/charts/kubeapps/charts/redis/templates/tls-secret.yaml deleted file mode 100644 index aa1c1a78..00000000 --- a/packages/system/dashboard/charts/kubeapps/charts/redis/templates/tls-secret.yaml +++ /dev/null @@ -1,31 +0,0 @@ -{{- /* -Copyright Broadcom, Inc. All Rights Reserved. -SPDX-License-Identifier: APACHE-2.0 -*/}} - -{{- if (include "redis.createTlsSecret" .) }} -{{- $secretName := printf "%s-crt" (include "common.names.fullname" .) }} -{{- $ca := genCA "redis-ca" 365 }} -{{- $releaseNamespace := (include "common.names.namespace" .) }} -{{- $clusterDomain := .Values.clusterDomain }} -{{- $fullname := include "common.names.fullname" . }} -{{- $serviceName := include "common.names.fullname" . }} -{{- $headlessServiceName := printf "%s-headless" (include "common.names.fullname" .) }} -{{- $masterServiceName := printf "%s-master" (include "common.names.fullname" .) }} -{{- $altNames := list (printf "*.%s.%s.svc.%s" $serviceName $releaseNamespace $clusterDomain) (printf "%s.%s.svc.%s" $masterServiceName $releaseNamespace $clusterDomain) (printf "*.%s.%s.svc.%s" $masterServiceName $releaseNamespace $clusterDomain) (printf "*.%s.%s.svc.%s" $headlessServiceName $releaseNamespace $clusterDomain) (printf "%s.%s.svc.%s" $headlessServiceName $releaseNamespace $clusterDomain) "127.0.0.1" "localhost" $fullname }} -{{- $cert := genSignedCert $fullname nil $altNames 365 $ca }} -apiVersion: v1 -kind: Secret -metadata: - name: {{ $secretName }} - namespace: {{ include "common.names.namespace" . | quote }} - labels: {{- include "common.labels.standard" ( dict "customLabels" .Values.commonLabels "context" $ ) | nindent 4 }} - {{- if .Values.commonAnnotations }} - annotations: {{- include "common.tplvalues.render" ( dict "value" .Values.commonAnnotations "context" $ ) | nindent 4 }} - {{- end }} -type: kubernetes.io/tls -data: - tls.crt: {{ include "common.secrets.lookup" (dict "secret" $secretName "key" "tls.crt" "defaultValue" $cert.Cert "context" $) }} - tls.key: {{ include "common.secrets.lookup" (dict "secret" $secretName "key" "tls.key" "defaultValue" $cert.Key "context" $) }} - ca.crt: {{ include "common.secrets.lookup" (dict "secret" $secretName "key" "ca.crt" "defaultValue" $ca.Cert "context" $) }} -{{- end }} diff --git a/packages/system/dashboard/charts/kubeapps/charts/redis/values.schema.json b/packages/system/dashboard/charts/kubeapps/charts/redis/values.schema.json deleted file mode 100644 index f872c957..00000000 --- a/packages/system/dashboard/charts/kubeapps/charts/redis/values.schema.json +++ /dev/null @@ -1,3275 +0,0 @@ -{ - "$schema": "http://json-schema.org/schema#", - "type": "object", - "properties": { - "global": { - "type": "object", - "properties": { - "imageRegistry": { - "type": "string", - "description": "Global Docker image registry", - "default": "" - }, - "imagePullSecrets": { - "type": "array", - "description": "Global Docker registry secret names as an array", - "default": [], - "items": {} - }, - "defaultStorageClass": { - "type": "string", - "description": "Global default StorageClass for Persistent Volume(s)", - "default": "" - }, - "storageClass": { - "type": "string", - "description": "DEPRECATED: use global.defaultStorageClass instead", - "default": "" - }, - "redis": { - "type": "object", - "properties": { - "password": { - "type": "string", - "description": "Global Redis® password (overrides `auth.password`)", - "default": "" - } - } - }, - "compatibility": { - "type": "object", - "properties": { - "openshift": { - "type": "object", - "properties": { - "adaptSecurityContext": { - "type": "string", - "description": "Adapt the securityContext sections of the deployment to make them compatible with Openshift restricted-v2 SCC: remove runAsUser, runAsGroup and fsGroup and let the platform use their allowed default IDs. Possible values: auto (apply if the detected running cluster is Openshift), force (perform the adaptation always), disabled (do not perform adaptation)", - "default": "auto" - } - } - } - } - } - } - }, - "kubeVersion": { - "type": "string", - "description": "Override Kubernetes version", - "default": "" - }, - "nameOverride": { - "type": "string", - "description": "String to partially override common.names.fullname", - "default": "" - }, - "fullnameOverride": { - "type": "string", - "description": "String to fully override common.names.fullname", - "default": "" - }, - "namespaceOverride": { - "type": "string", - "description": "String to fully override common.names.namespace", - "default": "" - }, - "commonLabels": { - "type": "object", - "description": "Labels to add to all deployed objects", - "default": {} - }, - "commonAnnotations": { - "type": "object", - "description": "Annotations to add to all deployed objects", - "default": {} - }, - "secretAnnotations": { - "type": "object", - "description": "Annotations to add to secret", - "default": {} - }, - "clusterDomain": { - "type": "string", - "description": "Kubernetes cluster domain name", - "default": "cluster.local" - }, - "extraDeploy": { - "type": "array", - "description": "Array of extra objects to deploy with the release", - "default": [], - "items": {} - }, - "useHostnames": { - "type": "boolean", - "description": "Use hostnames internally when announcing replication. If false, the hostname will be resolved to an IP address", - "default": true - }, - "nameResolutionThreshold": { - "type": "number", - "description": "Failure threshold for internal hostnames resolution", - "default": 5 - }, - "nameResolutionTimeout": { - "type": "number", - "description": "Timeout seconds between probes for internal hostnames resolution", - "default": 5 - }, - "diagnosticMode": { - "type": "object", - "properties": { - "enabled": { - "type": "boolean", - "description": "Enable diagnostic mode (all probes will be disabled and the command will be overridden)", - "default": false - }, - "command": { - "type": "array", - "description": "Command to override all containers in the deployment", - "default": [ - "sleep" - ], - "items": { - "type": "string" - } - }, - "args": { - "type": "array", - "description": "Args to override all containers in the deployment", - "default": [ - "infinity" - ], - "items": { - "type": "string" - } - } - } - }, - "image": { - "type": "object", - "properties": { - "registry": { - "type": "string", - "description": "Redis® image registry", - "default": "REGISTRY_NAME" - }, - "repository": { - "type": "string", - "description": "Redis® image repository", - "default": "REPOSITORY_NAME/redis" - }, - "digest": { - "type": "string", - "description": "Redis® image digest in the way sha256:aa.... Please note this parameter, if set, will override the tag", - "default": "" - }, - "pullPolicy": { - "type": "string", - "description": "Redis® image pull policy", - "default": "IfNotPresent" - }, - "pullSecrets": { - "type": "array", - "description": "Redis® image pull secrets", - "default": [], - "items": {} - }, - "debug": { - "type": "boolean", - "description": "Enable image debug mode", - "default": false - } - } - }, - "architecture": { - "type": "string", - "description": "Redis® architecture. Allowed values: `standalone` or `replication`", - "default": "replication" - }, - "auth": { - "type": "object", - "properties": { - "enabled": { - "type": "boolean", - "description": "Enable password authentication", - "default": true - }, - "sentinel": { - "type": "boolean", - "description": "Enable password authentication on sentinels too", - "default": true - }, - "password": { - "type": "string", - "description": "Redis® password", - "default": "" - }, - "existingSecret": { - "type": "string", - "description": "The name of an existing secret with Redis® credentials", - "default": "" - }, - "existingSecretPasswordKey": { - "type": "string", - "description": "Password key to be retrieved from existing secret", - "default": "" - }, - "usePasswordFiles": { - "type": "boolean", - "description": "Mount credentials as files instead of using an environment variable", - "default": false - }, - "usePasswordFileFromSecret": { - "type": "boolean", - "description": "Mount password file from secret", - "default": true - } - } - }, - "commonConfiguration": { - "type": "string", - "description": "Common configuration to be added into the ConfigMap", - "default": "\"\"" - }, - "existingConfigmap": { - "type": "string", - "description": "The name of an existing ConfigMap with your custom configuration for Redis® nodes", - "default": "" - }, - "master": { - "type": "object", - "properties": { - "count": { - "type": "number", - "description": "Number of Redis® master instances to deploy (experimental, requires additional configuration)", - "default": 1 - }, - "revisionHistoryLimit": { - "type": "number", - "description": "The number of old history to retain to allow rollback", - "default": 10 - }, - "configuration": { - "type": "string", - "description": "Configuration for Redis® master nodes", - "default": "" - }, - "disableCommands": { - "type": "array", - "description": "Array with Redis® commands to disable on master nodes", - "default": [ - "FLUSHDB", - "FLUSHALL" - ], - "items": { - "type": "string" - } - }, - "command": { - "type": "array", - "description": "Override default container command (useful when using custom images)", - "default": [], - "items": {} - }, - "args": { - "type": "array", - "description": "Override default container args (useful when using custom images)", - "default": [], - "items": {} - }, - "enableServiceLinks": { - "type": "boolean", - "description": "Whether information about services should be injected into pod's environment variable", - "default": true - }, - "preExecCmds": { - "type": "array", - "description": "Additional commands to run prior to starting Redis® master", - "default": [], - "items": {} - }, - "extraFlags": { - "type": "array", - "description": "Array with additional command line flags for Redis® master", - "default": [], - "items": {} - }, - "extraEnvVars": { - "type": "array", - "description": "Array with extra environment variables to add to Redis® master nodes", - "default": [], - "items": {} - }, - "extraEnvVarsCM": { - "type": "string", - "description": "Name of existing ConfigMap containing extra env vars for Redis® master nodes", - "default": "" - }, - "extraEnvVarsSecret": { - "type": "string", - "description": "Name of existing Secret containing extra env vars for Redis® master nodes", - "default": "" - }, - "containerPorts": { - "type": "object", - "properties": { - "redis": { - "type": "number", - "description": "Container port to open on Redis® master nodes", - "default": 6379 - } - } - }, - "startupProbe": { - "type": "object", - "properties": { - "enabled": { - "type": "boolean", - "description": "Enable startupProbe on Redis® master nodes", - "default": false - }, - "initialDelaySeconds": { - "type": "number", - "description": "Initial delay seconds for startupProbe", - "default": 20 - }, - "periodSeconds": { - "type": "number", - "description": "Period seconds for startupProbe", - "default": 5 - }, - "timeoutSeconds": { - "type": "number", - "description": "Timeout seconds for startupProbe", - "default": 5 - }, - "failureThreshold": { - "type": "number", - "description": "Failure threshold for startupProbe", - "default": 5 - }, - "successThreshold": { - "type": "number", - "description": "Success threshold for startupProbe", - "default": 1 - } - } - }, - "livenessProbe": { - "type": "object", - "properties": { - "enabled": { - "type": "boolean", - "description": "Enable livenessProbe on Redis® master nodes", - "default": true - }, - "initialDelaySeconds": { - "type": "number", - "description": "Initial delay seconds for livenessProbe", - "default": 20 - }, - "periodSeconds": { - "type": "number", - "description": "Period seconds for livenessProbe", - "default": 5 - }, - "timeoutSeconds": { - "type": "number", - "description": "Timeout seconds for livenessProbe", - "default": 5 - }, - "failureThreshold": { - "type": "number", - "description": "Failure threshold for livenessProbe", - "default": 5 - }, - "successThreshold": { - "type": "number", - "description": "Success threshold for livenessProbe", - "default": 1 - } - } - }, - "readinessProbe": { - "type": "object", - "properties": { - "enabled": { - "type": "boolean", - "description": "Enable readinessProbe on Redis® master nodes", - "default": true - }, - "initialDelaySeconds": { - "type": "number", - "description": "Initial delay seconds for readinessProbe", - "default": 20 - }, - "periodSeconds": { - "type": "number", - "description": "Period seconds for readinessProbe", - "default": 5 - }, - "timeoutSeconds": { - "type": "number", - "description": "Timeout seconds for readinessProbe", - "default": 1 - }, - "failureThreshold": { - "type": "number", - "description": "Failure threshold for readinessProbe", - "default": 5 - }, - "successThreshold": { - "type": "number", - "description": "Success threshold for readinessProbe", - "default": 1 - } - } - }, - "customStartupProbe": { - "type": "object", - "description": "Custom startupProbe that overrides the default one", - "default": {} - }, - "customLivenessProbe": { - "type": "object", - "description": "Custom livenessProbe that overrides the default one", - "default": {} - }, - "customReadinessProbe": { - "type": "object", - "description": "Custom readinessProbe that overrides the default one", - "default": {} - }, - "resourcesPreset": { - "type": "string", - "description": "Set container resources according to one common preset (allowed values: none, nano, micro, small, medium, large, xlarge, 2xlarge). This is ignored if master.resources is set (master.resources is recommended for production).", - "default": "nano" - }, - "resources": { - "type": "object", - "description": "Set container requests and limits for different resources like CPU or memory (essential for production workloads)", - "default": {} - }, - "podSecurityContext": { - "type": "object", - "properties": { - "enabled": { - "type": "boolean", - "description": "Enabled Redis® master pods' Security Context", - "default": true - }, - "fsGroupChangePolicy": { - "type": "string", - "description": "Set filesystem group change policy", - "default": "Always" - }, - "sysctls": { - "type": "array", - "description": "Set kernel settings using the sysctl interface", - "default": [], - "items": {} - }, - "supplementalGroups": { - "type": "array", - "description": "Set filesystem extra groups", - "default": [], - "items": {} - }, - "fsGroup": { - "type": "number", - "description": "Set Redis® master pod's Security Context fsGroup", - "default": 1001 - } - } - }, - "containerSecurityContext": { - "type": "object", - "properties": { - "enabled": { - "type": "boolean", - "description": "Enabled Redis® master containers' Security Context", - "default": true - }, - "runAsUser": { - "type": "number", - "description": "Set Redis® master containers' Security Context runAsUser", - "default": 1001 - }, - "runAsGroup": { - "type": "number", - "description": "Set Redis® master containers' Security Context runAsGroup", - "default": 1001 - }, - "runAsNonRoot": { - "type": "boolean", - "description": "Set Redis® master containers' Security Context runAsNonRoot", - "default": true - }, - "allowPrivilegeEscalation": { - "type": "boolean", - "description": "Is it possible to escalate Redis® pod(s) privileges", - "default": false - }, - "readOnlyRootFilesystem": { - "type": "boolean", - "description": "Set container's Security Context read-only root filesystem", - "default": true - }, - "seccompProfile": { - "type": "object", - "properties": { - "type": { - "type": "string", - "description": "Set Redis® master containers' Security Context seccompProfile", - "default": "RuntimeDefault" - } - } - }, - "capabilities": { - "type": "object", - "properties": { - "drop": { - "type": "array", - "description": "Set Redis® master containers' Security Context capabilities to drop", - "default": [ - "ALL" - ], - "items": { - "type": "string" - } - } - } - } - } - }, - "kind": { - "type": "string", - "description": "Use either Deployment, StatefulSet (default) or DaemonSet", - "default": "StatefulSet" - }, - "schedulerName": { - "type": "string", - "description": "Alternate scheduler for Redis® master pods", - "default": "" - }, - "updateStrategy": { - "type": "object", - "properties": { - "type": { - "type": "string", - "description": "Redis® master statefulset strategy type", - "default": "RollingUpdate" - } - } - }, - "minReadySeconds": { - "type": "number", - "description": "How many seconds a pod needs to be ready before killing the next, during update", - "default": 0 - }, - "priorityClassName": { - "type": "string", - "description": "Redis® master pods' priorityClassName", - "default": "" - }, - "automountServiceAccountToken": { - "type": "boolean", - "description": "Mount Service Account token in pod", - "default": false - }, - "hostAliases": { - "type": "array", - "description": "Redis® master pods host aliases", - "default": [], - "items": {} - }, - "podLabels": { - "type": "object", - "description": "Extra labels for Redis® master pods", - "default": {} - }, - "podAnnotations": { - "type": "object", - "description": "Annotations for Redis® master pods", - "default": {} - }, - "shareProcessNamespace": { - "type": "boolean", - "description": "Share a single process namespace between all of the containers in Redis® master pods", - "default": false - }, - "podAffinityPreset": { - "type": "string", - "description": "Pod affinity preset. Ignored if `master.affinity` is set. Allowed values: `soft` or `hard`", - "default": "" - }, - "podAntiAffinityPreset": { - "type": "string", - "description": "Pod anti-affinity preset. Ignored if `master.affinity` is set. Allowed values: `soft` or `hard`", - "default": "soft" - }, - "nodeAffinityPreset": { - "type": "object", - "properties": { - "type": { - "type": "string", - "description": "Node affinity preset type. Ignored if `master.affinity` is set. Allowed values: `soft` or `hard`", - "default": "" - }, - "key": { - "type": "string", - "description": "Node label key to match. Ignored if `master.affinity` is set", - "default": "" - }, - "values": { - "type": "array", - "description": "Node label values to match. Ignored if `master.affinity` is set", - "default": [], - "items": {} - } - } - }, - "affinity": { - "type": "object", - "description": "Affinity for Redis® master pods assignment", - "default": {} - }, - "nodeSelector": { - "type": "object", - "description": "Node labels for Redis® master pods assignment", - "default": {} - }, - "tolerations": { - "type": "array", - "description": "Tolerations for Redis® master pods assignment", - "default": [], - "items": {} - }, - "topologySpreadConstraints": { - "type": "array", - "description": "Spread Constraints for Redis® master pod assignment", - "default": [], - "items": {} - }, - "dnsPolicy": { - "type": "string", - "description": "DNS Policy for Redis® master pod", - "default": "" - }, - "dnsConfig": { - "type": "object", - "description": "DNS Configuration for Redis® master pod", - "default": {} - }, - "lifecycleHooks": { - "type": "object", - "description": "for the Redis® master container(s) to automate configuration before or after startup", - "default": {} - }, - "extraVolumes": { - "type": "array", - "description": "Optionally specify extra list of additional volumes for the Redis® master pod(s)", - "default": [], - "items": {} - }, - "extraVolumeMounts": { - "type": "array", - "description": "Optionally specify extra list of additional volumeMounts for the Redis® master container(s)", - "default": [], - "items": {} - }, - "sidecars": { - "type": "array", - "description": "Add additional sidecar containers to the Redis® master pod(s)", - "default": [], - "items": {} - }, - "initContainers": { - "type": "array", - "description": "Add additional init containers to the Redis® master pod(s)", - "default": [], - "items": {} - }, - "persistence": { - "type": "object", - "properties": { - "enabled": { - "type": "boolean", - "description": "Enable persistence on Redis® master nodes using Persistent Volume Claims", - "default": true - }, - "medium": { - "type": "string", - "description": "Provide a medium for `emptyDir` volumes.", - "default": "" - }, - "sizeLimit": { - "type": "string", - "description": "Set this to enable a size limit for `emptyDir` volumes.", - "default": "" - }, - "path": { - "type": "string", - "description": "The path the volume will be mounted at on Redis® master containers", - "default": "/data" - }, - "subPath": { - "type": "string", - "description": "The subdirectory of the volume to mount on Redis® master containers", - "default": "" - }, - "subPathExpr": { - "type": "string", - "description": "Used to construct the subPath subdirectory of the volume to mount on Redis® master containers", - "default": "" - }, - "storageClass": { - "type": "string", - "description": "Persistent Volume storage class", - "default": "" - }, - "accessModes": { - "type": "array", - "description": "Persistent Volume access modes", - "default": [ - "ReadWriteOnce" - ], - "items": { - "type": "string" - } - }, - "size": { - "type": "string", - "description": "Persistent Volume size", - "default": "8Gi" - }, - "annotations": { - "type": "object", - "description": "Additional custom annotations for the PVC", - "default": {} - }, - "labels": { - "type": "object", - "description": "Additional custom labels for the PVC", - "default": {} - }, - "selector": { - "type": "object", - "description": "Additional labels to match for the PVC", - "default": {} - }, - "dataSource": { - "type": "object", - "description": "Custom PVC data source", - "default": {} - }, - "existingClaim": { - "type": "string", - "description": "Use a existing PVC which must be created manually before bound", - "default": "" - } - } - }, - "persistentVolumeClaimRetentionPolicy": { - "type": "object", - "properties": { - "enabled": { - "type": "boolean", - "description": "Controls if and how PVCs are deleted during the lifecycle of a StatefulSet", - "default": false - }, - "whenScaled": { - "type": "string", - "description": "Volume retention behavior when the replica count of the StatefulSet is reduced", - "default": "Retain" - }, - "whenDeleted": { - "type": "string", - "description": "Volume retention behavior that applies when the StatefulSet is deleted", - "default": "Retain" - } - } - }, - "service": { - "type": "object", - "properties": { - "type": { - "type": "string", - "description": "Redis® master service type", - "default": "ClusterIP" - }, - "portNames": { - "type": "object", - "properties": { - "redis": { - "type": "string", - "description": "Redis® master service port name", - "default": "tcp-redis" - } - } - }, - "ports": { - "type": "object", - "properties": { - "redis": { - "type": "number", - "description": "Redis® master service port", - "default": 6379 - } - } - }, - "nodePorts": { - "type": "object", - "properties": { - "redis": { - "type": "string", - "description": "Node port for Redis® master", - "default": "" - } - } - }, - "externalTrafficPolicy": { - "type": "string", - "description": "Redis® master service external traffic policy", - "default": "Cluster" - }, - "extraPorts": { - "type": "array", - "description": "Extra ports to expose (normally used with the `sidecar` value)", - "default": [], - "items": {} - }, - "internalTrafficPolicy": { - "type": "string", - "description": "Redis® master service internal traffic policy (requires Kubernetes v1.22 or greater to be usable)", - "default": "Cluster" - }, - "clusterIP": { - "type": "string", - "description": "Redis® master service Cluster IP", - "default": "" - }, - "loadBalancerIP": { - "type": "string", - "description": "Redis® master service Load Balancer IP", - "default": "" - }, - "loadBalancerClass": { - "type": "string", - "description": "master service Load Balancer class if service type is `LoadBalancer` (optional, cloud specific)", - "default": "" - }, - "loadBalancerSourceRanges": { - "type": "array", - "description": "Redis® master service Load Balancer sources", - "default": [], - "items": {} - }, - "externalIPs": { - "type": "array", - "description": "Redis® master service External IPs", - "default": [], - "items": {} - }, - "annotations": { - "type": "object", - "description": "Additional custom annotations for Redis® master service", - "default": {} - }, - "sessionAffinity": { - "type": "string", - "description": "Session Affinity for Kubernetes service, can be \"None\" or \"ClientIP\"", - "default": "None" - }, - "sessionAffinityConfig": { - "type": "object", - "description": "Additional settings for the sessionAffinity", - "default": {} - } - } - }, - "terminationGracePeriodSeconds": { - "type": "number", - "description": "Integer setting the termination grace period for the redis-master pods", - "default": 30 - }, - "serviceAccount": { - "type": "object", - "properties": { - "create": { - "type": "boolean", - "description": "Specifies whether a ServiceAccount should be created", - "default": true - }, - "name": { - "type": "string", - "description": "The name of the ServiceAccount to use.", - "default": "" - }, - "automountServiceAccountToken": { - "type": "boolean", - "description": "Whether to auto mount the service account token", - "default": false - }, - "annotations": { - "type": "object", - "description": "Additional custom annotations for the ServiceAccount", - "default": {} - } - } - }, - "pdb": { - "type": "object", - "properties": { - "create": { - "type": "boolean", - "description": "Enable/disable a Pod Disruption Budget creation", - "default": true - } - } - } - } - }, - "replica": { - "type": "object", - "properties": { - "kind": { - "type": "string", - "description": "Use either DaemonSet or StatefulSet (default)", - "default": "StatefulSet" - }, - "replicaCount": { - "type": "number", - "description": "Number of Redis® replicas to deploy", - "default": 3 - }, - "revisionHistoryLimit": { - "type": "number", - "description": "The number of old history to retain to allow rollback", - "default": 10 - }, - "configuration": { - "type": "string", - "description": "Configuration for Redis® replicas nodes", - "default": "" - }, - "disableCommands": { - "type": "array", - "description": "Array with Redis® commands to disable on replicas nodes", - "default": [ - "FLUSHDB", - "FLUSHALL" - ], - "items": { - "type": "string" - } - }, - "command": { - "type": "array", - "description": "Override default container command (useful when using custom images)", - "default": [], - "items": {} - }, - "args": { - "type": "array", - "description": "Override default container args (useful when using custom images)", - "default": [], - "items": {} - }, - "enableServiceLinks": { - "type": "boolean", - "description": "Whether information about services should be injected into pod's environment variable", - "default": true - }, - "preExecCmds": { - "type": "array", - "description": "Additional commands to run prior to starting Redis® replicas", - "default": [], - "items": {} - }, - "extraFlags": { - "type": "array", - "description": "Array with additional command line flags for Redis® replicas", - "default": [], - "items": {} - }, - "extraEnvVars": { - "type": "array", - "description": "Array with extra environment variables to add to Redis® replicas nodes", - "default": [], - "items": {} - }, - "extraEnvVarsCM": { - "type": "string", - "description": "Name of existing ConfigMap containing extra env vars for Redis® replicas nodes", - "default": "" - }, - "extraEnvVarsSecret": { - "type": "string", - "description": "Name of existing Secret containing extra env vars for Redis® replicas nodes", - "default": "" - }, - "externalMaster": { - "type": "object", - "properties": { - "enabled": { - "type": "boolean", - "description": "Use external master for bootstrapping", - "default": false - }, - "host": { - "type": "string", - "description": "External master host to bootstrap from", - "default": "" - }, - "port": { - "type": "number", - "description": "Port for Redis service external master host", - "default": 6379 - } - } - }, - "containerPorts": { - "type": "object", - "properties": { - "redis": { - "type": "number", - "description": "Container port to open on Redis® replicas nodes", - "default": 6379 - } - } - }, - "startupProbe": { - "type": "object", - "properties": { - "enabled": { - "type": "boolean", - "description": "Enable startupProbe on Redis® replicas nodes", - "default": true - }, - "initialDelaySeconds": { - "type": "number", - "description": "Initial delay seconds for startupProbe", - "default": 10 - }, - "periodSeconds": { - "type": "number", - "description": "Period seconds for startupProbe", - "default": 10 - }, - "timeoutSeconds": { - "type": "number", - "description": "Timeout seconds for startupProbe", - "default": 5 - }, - "failureThreshold": { - "type": "number", - "description": "Failure threshold for startupProbe", - "default": 22 - }, - "successThreshold": { - "type": "number", - "description": "Success threshold for startupProbe", - "default": 1 - } - } - }, - "livenessProbe": { - "type": "object", - "properties": { - "enabled": { - "type": "boolean", - "description": "Enable livenessProbe on Redis® replicas nodes", - "default": true - }, - "initialDelaySeconds": { - "type": "number", - "description": "Initial delay seconds for livenessProbe", - "default": 20 - }, - "periodSeconds": { - "type": "number", - "description": "Period seconds for livenessProbe", - "default": 5 - }, - "timeoutSeconds": { - "type": "number", - "description": "Timeout seconds for livenessProbe", - "default": 5 - }, - "failureThreshold": { - "type": "number", - "description": "Failure threshold for livenessProbe", - "default": 5 - }, - "successThreshold": { - "type": "number", - "description": "Success threshold for livenessProbe", - "default": 1 - } - } - }, - "readinessProbe": { - "type": "object", - "properties": { - "enabled": { - "type": "boolean", - "description": "Enable readinessProbe on Redis® replicas nodes", - "default": true - }, - "initialDelaySeconds": { - "type": "number", - "description": "Initial delay seconds for readinessProbe", - "default": 20 - }, - "periodSeconds": { - "type": "number", - "description": "Period seconds for readinessProbe", - "default": 5 - }, - "timeoutSeconds": { - "type": "number", - "description": "Timeout seconds for readinessProbe", - "default": 1 - }, - "failureThreshold": { - "type": "number", - "description": "Failure threshold for readinessProbe", - "default": 5 - }, - "successThreshold": { - "type": "number", - "description": "Success threshold for readinessProbe", - "default": 1 - } - } - }, - "customStartupProbe": { - "type": "object", - "description": "Custom startupProbe that overrides the default one", - "default": {} - }, - "customLivenessProbe": { - "type": "object", - "description": "Custom livenessProbe that overrides the default one", - "default": {} - }, - "customReadinessProbe": { - "type": "object", - "description": "Custom readinessProbe that overrides the default one", - "default": {} - }, - "resourcesPreset": { - "type": "string", - "description": "Set container resources according to one common preset (allowed values: none, nano, micro, small, medium, large, xlarge, 2xlarge). This is ignored if replica.resources is set (replica.resources is recommended for production).", - "default": "nano" - }, - "resources": { - "type": "object", - "description": "Set container requests and limits for different resources like CPU or memory (essential for production workloads)", - "default": {} - }, - "podSecurityContext": { - "type": "object", - "properties": { - "enabled": { - "type": "boolean", - "description": "Enabled Redis® replicas pods' Security Context", - "default": true - }, - "fsGroupChangePolicy": { - "type": "string", - "description": "Set filesystem group change policy", - "default": "Always" - }, - "sysctls": { - "type": "array", - "description": "Set kernel settings using the sysctl interface", - "default": [], - "items": {} - }, - "supplementalGroups": { - "type": "array", - "description": "Set filesystem extra groups", - "default": [], - "items": {} - }, - "fsGroup": { - "type": "number", - "description": "Set Redis® replicas pod's Security Context fsGroup", - "default": 1001 - } - } - }, - "containerSecurityContext": { - "type": "object", - "properties": { - "enabled": { - "type": "boolean", - "description": "Enabled Redis® replicas containers' Security Context", - "default": true - }, - "runAsUser": { - "type": "number", - "description": "Set Redis® replicas containers' Security Context runAsUser", - "default": 1001 - }, - "runAsGroup": { - "type": "number", - "description": "Set Redis® replicas containers' Security Context runAsGroup", - "default": 1001 - }, - "runAsNonRoot": { - "type": "boolean", - "description": "Set Redis® replicas containers' Security Context runAsNonRoot", - "default": true - }, - "allowPrivilegeEscalation": { - "type": "boolean", - "description": "Set Redis® replicas pod's Security Context allowPrivilegeEscalation", - "default": false - }, - "readOnlyRootFilesystem": { - "type": "boolean", - "description": "Set container's Security Context read-only root filesystem", - "default": true - }, - "seccompProfile": { - "type": "object", - "properties": { - "type": { - "type": "string", - "description": "Set Redis® replicas containers' Security Context seccompProfile", - "default": "RuntimeDefault" - } - } - }, - "capabilities": { - "type": "object", - "properties": { - "drop": { - "type": "array", - "description": "Set Redis® replicas containers' Security Context capabilities to drop", - "default": [ - "ALL" - ], - "items": { - "type": "string" - } - } - } - } - } - }, - "schedulerName": { - "type": "string", - "description": "Alternate scheduler for Redis® replicas pods", - "default": "" - }, - "updateStrategy": { - "type": "object", - "properties": { - "type": { - "type": "string", - "description": "Redis® replicas statefulset strategy type", - "default": "RollingUpdate" - } - } - }, - "minReadySeconds": { - "type": "number", - "description": "How many seconds a pod needs to be ready before killing the next, during update", - "default": 0 - }, - "priorityClassName": { - "type": "string", - "description": "Redis® replicas pods' priorityClassName", - "default": "" - }, - "podManagementPolicy": { - "type": "string", - "description": "podManagementPolicy to manage scaling operation of %%MAIN_CONTAINER_NAME%% pods", - "default": "" - }, - "automountServiceAccountToken": { - "type": "boolean", - "description": "Mount Service Account token in pod", - "default": false - }, - "hostAliases": { - "type": "array", - "description": "Redis® replicas pods host aliases", - "default": [], - "items": {} - }, - "podLabels": { - "type": "object", - "description": "Extra labels for Redis® replicas pods", - "default": {} - }, - "podAnnotations": { - "type": "object", - "description": "Annotations for Redis® replicas pods", - "default": {} - }, - "shareProcessNamespace": { - "type": "boolean", - "description": "Share a single process namespace between all of the containers in Redis® replicas pods", - "default": false - }, - "podAffinityPreset": { - "type": "string", - "description": "Pod affinity preset. Ignored if `replica.affinity` is set. Allowed values: `soft` or `hard`", - "default": "" - }, - "podAntiAffinityPreset": { - "type": "string", - "description": "Pod anti-affinity preset. Ignored if `replica.affinity` is set. Allowed values: `soft` or `hard`", - "default": "soft" - }, - "nodeAffinityPreset": { - "type": "object", - "properties": { - "type": { - "type": "string", - "description": "Node affinity preset type. Ignored if `replica.affinity` is set. Allowed values: `soft` or `hard`", - "default": "" - }, - "key": { - "type": "string", - "description": "Node label key to match. Ignored if `replica.affinity` is set", - "default": "" - }, - "values": { - "type": "array", - "description": "Node label values to match. Ignored if `replica.affinity` is set", - "default": [], - "items": {} - } - } - }, - "affinity": { - "type": "object", - "description": "Affinity for Redis® replicas pods assignment", - "default": {} - }, - "nodeSelector": { - "type": "object", - "description": "Node labels for Redis® replicas pods assignment", - "default": {} - }, - "tolerations": { - "type": "array", - "description": "Tolerations for Redis® replicas pods assignment", - "default": [], - "items": {} - }, - "topologySpreadConstraints": { - "type": "array", - "description": "Spread Constraints for Redis® replicas pod assignment", - "default": [], - "items": {} - }, - "dnsPolicy": { - "type": "string", - "description": "DNS Policy for Redis® replica pods", - "default": "" - }, - "dnsConfig": { - "type": "object", - "description": "DNS Configuration for Redis® replica pods", - "default": {} - }, - "lifecycleHooks": { - "type": "object", - "description": "for the Redis® replica container(s) to automate configuration before or after startup", - "default": {} - }, - "extraVolumes": { - "type": "array", - "description": "Optionally specify extra list of additional volumes for the Redis® replicas pod(s)", - "default": [], - "items": {} - }, - "extraVolumeMounts": { - "type": "array", - "description": "Optionally specify extra list of additional volumeMounts for the Redis® replicas container(s)", - "default": [], - "items": {} - }, - "sidecars": { - "type": "array", - "description": "Add additional sidecar containers to the Redis® replicas pod(s)", - "default": [], - "items": {} - }, - "initContainers": { - "type": "array", - "description": "Add additional init containers to the Redis® replicas pod(s)", - "default": [], - "items": {} - }, - "persistence": { - "type": "object", - "properties": { - "enabled": { - "type": "boolean", - "description": "Enable persistence on Redis® replicas nodes using Persistent Volume Claims", - "default": true - }, - "medium": { - "type": "string", - "description": "Provide a medium for `emptyDir` volumes.", - "default": "" - }, - "sizeLimit": { - "type": "string", - "description": "Set this to enable a size limit for `emptyDir` volumes.", - "default": "" - }, - "path": { - "type": "string", - "description": "The path the volume will be mounted at on Redis® replicas containers", - "default": "/data" - }, - "subPath": { - "type": "string", - "description": "The subdirectory of the volume to mount on Redis® replicas containers", - "default": "" - }, - "subPathExpr": { - "type": "string", - "description": "Used to construct the subPath subdirectory of the volume to mount on Redis® replicas containers", - "default": "" - }, - "storageClass": { - "type": "string", - "description": "Persistent Volume storage class", - "default": "" - }, - "accessModes": { - "type": "array", - "description": "Persistent Volume access modes", - "default": [ - "ReadWriteOnce" - ], - "items": { - "type": "string" - } - }, - "size": { - "type": "string", - "description": "Persistent Volume size", - "default": "8Gi" - }, - "annotations": { - "type": "object", - "description": "Additional custom annotations for the PVC", - "default": {} - }, - "labels": { - "type": "object", - "description": "Additional custom labels for the PVC", - "default": {} - }, - "selector": { - "type": "object", - "description": "Additional labels to match for the PVC", - "default": {} - }, - "dataSource": { - "type": "object", - "description": "Custom PVC data source", - "default": {} - }, - "existingClaim": { - "type": "string", - "description": "Use a existing PVC which must be created manually before bound", - "default": "" - } - } - }, - "persistentVolumeClaimRetentionPolicy": { - "type": "object", - "properties": { - "enabled": { - "type": "boolean", - "description": "Controls if and how PVCs are deleted during the lifecycle of a StatefulSet", - "default": false - }, - "whenScaled": { - "type": "string", - "description": "Volume retention behavior when the replica count of the StatefulSet is reduced", - "default": "Retain" - }, - "whenDeleted": { - "type": "string", - "description": "Volume retention behavior that applies when the StatefulSet is deleted", - "default": "Retain" - } - } - }, - "service": { - "type": "object", - "properties": { - "type": { - "type": "string", - "description": "Redis® replicas service type", - "default": "ClusterIP" - }, - "ports": { - "type": "object", - "properties": { - "redis": { - "type": "number", - "description": "Redis® replicas service port", - "default": 6379 - } - } - }, - "nodePorts": { - "type": "object", - "properties": { - "redis": { - "type": "string", - "description": "Node port for Redis® replicas", - "default": "" - } - } - }, - "externalTrafficPolicy": { - "type": "string", - "description": "Redis® replicas service external traffic policy", - "default": "Cluster" - }, - "internalTrafficPolicy": { - "type": "string", - "description": "Redis® replicas service internal traffic policy (requires Kubernetes v1.22 or greater to be usable)", - "default": "Cluster" - }, - "extraPorts": { - "type": "array", - "description": "Extra ports to expose (normally used with the `sidecar` value)", - "default": [], - "items": {} - }, - "clusterIP": { - "type": "string", - "description": "Redis® replicas service Cluster IP", - "default": "" - }, - "loadBalancerIP": { - "type": "string", - "description": "Redis® replicas service Load Balancer IP", - "default": "" - }, - "loadBalancerClass": { - "type": "string", - "description": "replicas service Load Balancer class if service type is `LoadBalancer` (optional, cloud specific)", - "default": "" - }, - "loadBalancerSourceRanges": { - "type": "array", - "description": "Redis® replicas service Load Balancer sources", - "default": [], - "items": {} - }, - "annotations": { - "type": "object", - "description": "Additional custom annotations for Redis® replicas service", - "default": {} - }, - "sessionAffinity": { - "type": "string", - "description": "Session Affinity for Kubernetes service, can be \"None\" or \"ClientIP\"", - "default": "None" - }, - "sessionAffinityConfig": { - "type": "object", - "description": "Additional settings for the sessionAffinity", - "default": {} - } - } - }, - "terminationGracePeriodSeconds": { - "type": "number", - "description": "Integer setting the termination grace period for the redis-replicas pods", - "default": 30 - }, - "autoscaling": { - "type": "object", - "properties": { - "enabled": { - "type": "boolean", - "description": "Enable replica autoscaling settings", - "default": false - }, - "minReplicas": { - "type": "number", - "description": "Minimum replicas for the pod autoscaling", - "default": 1 - }, - "maxReplicas": { - "type": "number", - "description": "Maximum replicas for the pod autoscaling", - "default": 11 - }, - "targetCPU": { - "type": "string", - "description": "Percentage of CPU to consider when autoscaling", - "default": "" - }, - "targetMemory": { - "type": "string", - "description": "Percentage of Memory to consider when autoscaling", - "default": "" - } - } - }, - "serviceAccount": { - "type": "object", - "properties": { - "create": { - "type": "boolean", - "description": "Specifies whether a ServiceAccount should be created", - "default": true - }, - "name": { - "type": "string", - "description": "The name of the ServiceAccount to use.", - "default": "" - }, - "automountServiceAccountToken": { - "type": "boolean", - "description": "Whether to auto mount the service account token", - "default": false - }, - "annotations": { - "type": "object", - "description": "Additional custom annotations for the ServiceAccount", - "default": {} - } - } - }, - "pdb": { - "type": "object", - "properties": { - "create": { - "type": "boolean", - "description": "Enable/disable a Pod Disruption Budget creation", - "default": true - } - } - } - } - }, - "sentinel": { - "type": "object", - "properties": { - "enabled": { - "type": "boolean", - "description": "Use Redis® Sentinel on Redis® pods.", - "default": false - }, - "image": { - "type": "object", - "properties": { - "registry": { - "type": "string", - "description": "Redis® Sentinel image registry", - "default": "REGISTRY_NAME" - }, - "repository": { - "type": "string", - "description": "Redis® Sentinel image repository", - "default": "REPOSITORY_NAME/redis-sentinel" - }, - "digest": { - "type": "string", - "description": "Redis® Sentinel image digest in the way sha256:aa.... Please note this parameter, if set, will override the tag", - "default": "" - }, - "pullPolicy": { - "type": "string", - "description": "Redis® Sentinel image pull policy", - "default": "IfNotPresent" - }, - "pullSecrets": { - "type": "array", - "description": "Redis® Sentinel image pull secrets", - "default": [], - "items": {} - }, - "debug": { - "type": "boolean", - "description": "Enable image debug mode", - "default": false - } - } - }, - "annotations": { - "type": "object", - "description": "Additional custom annotations for Redis® Sentinel resource", - "default": {} - }, - "masterSet": { - "type": "string", - "description": "Master set name", - "default": "mymaster" - }, - "quorum": { - "type": "number", - "description": "Sentinel Quorum", - "default": 2 - }, - "getMasterTimeout": { - "type": "number", - "description": "Amount of time to allow before get_sentinel_master_info() times out.", - "default": 90 - }, - "automateClusterRecovery": { - "type": "boolean", - "description": "Automate cluster recovery in cases where the last replica is not considered a good replica and Sentinel won't automatically failover to it.", - "default": false - }, - "redisShutdownWaitFailover": { - "type": "boolean", - "description": "Whether the Redis® master container waits for the failover at shutdown (in addition to the Redis® Sentinel container).", - "default": true - }, - "downAfterMilliseconds": { - "type": "number", - "description": "Timeout for detecting a Redis® node is down", - "default": 60000 - }, - "failoverTimeout": { - "type": "number", - "description": "Timeout for performing a election failover", - "default": 180000 - }, - "parallelSyncs": { - "type": "number", - "description": "Number of replicas that can be reconfigured in parallel to use the new master after a failover", - "default": 1 - }, - "configuration": { - "type": "string", - "description": "Configuration for Redis® Sentinel nodes", - "default": "" - }, - "command": { - "type": "array", - "description": "Override default container command (useful when using custom images)", - "default": [], - "items": {} - }, - "args": { - "type": "array", - "description": "Override default container args (useful when using custom images)", - "default": [], - "items": {} - }, - "enableServiceLinks": { - "type": "boolean", - "description": "Whether information about services should be injected into pod's environment variable", - "default": true - }, - "preExecCmds": { - "type": "array", - "description": "Additional commands to run prior to starting Redis® Sentinel", - "default": [], - "items": {} - }, - "extraEnvVars": { - "type": "array", - "description": "Array with extra environment variables to add to Redis® Sentinel nodes", - "default": [], - "items": {} - }, - "extraEnvVarsCM": { - "type": "string", - "description": "Name of existing ConfigMap containing extra env vars for Redis® Sentinel nodes", - "default": "" - }, - "extraEnvVarsSecret": { - "type": "string", - "description": "Name of existing Secret containing extra env vars for Redis® Sentinel nodes", - "default": "" - }, - "externalMaster": { - "type": "object", - "properties": { - "enabled": { - "type": "boolean", - "description": "Use external master for bootstrapping", - "default": false - }, - "host": { - "type": "string", - "description": "External master host to bootstrap from", - "default": "" - }, - "port": { - "type": "number", - "description": "Port for Redis service external master host", - "default": 6379 - } - } - }, - "containerPorts": { - "type": "object", - "properties": { - "sentinel": { - "type": "number", - "description": "Container port to open on Redis® Sentinel nodes", - "default": 26379 - } - } - }, - "startupProbe": { - "type": "object", - "properties": { - "enabled": { - "type": "boolean", - "description": "Enable startupProbe on Redis® Sentinel nodes", - "default": true - }, - "initialDelaySeconds": { - "type": "number", - "description": "Initial delay seconds for startupProbe", - "default": 10 - }, - "periodSeconds": { - "type": "number", - "description": "Period seconds for startupProbe", - "default": 10 - }, - "timeoutSeconds": { - "type": "number", - "description": "Timeout seconds for startupProbe", - "default": 5 - }, - "failureThreshold": { - "type": "number", - "description": "Failure threshold for startupProbe", - "default": 22 - }, - "successThreshold": { - "type": "number", - "description": "Success threshold for startupProbe", - "default": 1 - } - } - }, - "livenessProbe": { - "type": "object", - "properties": { - "enabled": { - "type": "boolean", - "description": "Enable livenessProbe on Redis® Sentinel nodes", - "default": true - }, - "initialDelaySeconds": { - "type": "number", - "description": "Initial delay seconds for livenessProbe", - "default": 20 - }, - "periodSeconds": { - "type": "number", - "description": "Period seconds for livenessProbe", - "default": 10 - }, - "timeoutSeconds": { - "type": "number", - "description": "Timeout seconds for livenessProbe", - "default": 5 - }, - "failureThreshold": { - "type": "number", - "description": "Failure threshold for livenessProbe", - "default": 6 - }, - "successThreshold": { - "type": "number", - "description": "Success threshold for livenessProbe", - "default": 1 - } - } - }, - "readinessProbe": { - "type": "object", - "properties": { - "enabled": { - "type": "boolean", - "description": "Enable readinessProbe on Redis® Sentinel nodes", - "default": true - }, - "initialDelaySeconds": { - "type": "number", - "description": "Initial delay seconds for readinessProbe", - "default": 20 - }, - "periodSeconds": { - "type": "number", - "description": "Period seconds for readinessProbe", - "default": 5 - }, - "timeoutSeconds": { - "type": "number", - "description": "Timeout seconds for readinessProbe", - "default": 1 - }, - "failureThreshold": { - "type": "number", - "description": "Failure threshold for readinessProbe", - "default": 6 - }, - "successThreshold": { - "type": "number", - "description": "Success threshold for readinessProbe", - "default": 1 - } - } - }, - "customStartupProbe": { - "type": "object", - "description": "Custom startupProbe that overrides the default one", - "default": {} - }, - "customLivenessProbe": { - "type": "object", - "description": "Custom livenessProbe that overrides the default one", - "default": {} - }, - "customReadinessProbe": { - "type": "object", - "description": "Custom readinessProbe that overrides the default one", - "default": {} - }, - "persistence": { - "type": "object", - "properties": { - "enabled": { - "type": "boolean", - "description": "Enable persistence on Redis® sentinel nodes using Persistent Volume Claims (Experimental)", - "default": false - }, - "storageClass": { - "type": "string", - "description": "Persistent Volume storage class", - "default": "" - }, - "accessModes": { - "type": "array", - "description": "Persistent Volume access modes", - "default": [ - "ReadWriteOnce" - ], - "items": { - "type": "string" - } - }, - "size": { - "type": "string", - "description": "Persistent Volume size", - "default": "100Mi" - }, - "annotations": { - "type": "object", - "description": "Additional custom annotations for the PVC", - "default": {} - }, - "labels": { - "type": "object", - "description": "Additional custom labels for the PVC", - "default": {} - }, - "selector": { - "type": "object", - "description": "Additional labels to match for the PVC", - "default": {} - }, - "dataSource": { - "type": "object", - "description": "Custom PVC data source", - "default": {} - }, - "medium": { - "type": "string", - "description": "Provide a medium for `emptyDir` volumes.", - "default": "" - }, - "sizeLimit": { - "type": "string", - "description": "Set this to enable a size limit for `emptyDir` volumes.", - "default": "" - } - } - }, - "persistentVolumeClaimRetentionPolicy": { - "type": "object", - "properties": { - "enabled": { - "type": "boolean", - "description": "Controls if and how PVCs are deleted during the lifecycle of a StatefulSet", - "default": false - }, - "whenScaled": { - "type": "string", - "description": "Volume retention behavior when the replica count of the StatefulSet is reduced", - "default": "Retain" - }, - "whenDeleted": { - "type": "string", - "description": "Volume retention behavior that applies when the StatefulSet is deleted", - "default": "Retain" - } - } - }, - "resourcesPreset": { - "type": "string", - "description": "Set container resources according to one common preset (allowed values: none, nano, micro, small, medium, large, xlarge, 2xlarge). This is ignored if sentinel.resources is set (sentinel.resources is recommended for production).", - "default": "nano" - }, - "resources": { - "type": "object", - "description": "Set container requests and limits for different resources like CPU or memory (essential for production workloads)", - "default": {} - }, - "containerSecurityContext": { - "type": "object", - "properties": { - "enabled": { - "type": "boolean", - "description": "Enabled Redis® Sentinel containers' Security Context", - "default": true - }, - "runAsUser": { - "type": "number", - "description": "Set Redis® Sentinel containers' Security Context runAsUser", - "default": 1001 - }, - "runAsGroup": { - "type": "number", - "description": "Set Redis® Sentinel containers' Security Context runAsGroup", - "default": 1001 - }, - "runAsNonRoot": { - "type": "boolean", - "description": "Set Redis® Sentinel containers' Security Context runAsNonRoot", - "default": true - }, - "readOnlyRootFilesystem": { - "type": "boolean", - "description": "Set container's Security Context read-only root filesystem", - "default": true - }, - "allowPrivilegeEscalation": { - "type": "boolean", - "description": "Set Redis® Sentinel containers' Security Context allowPrivilegeEscalation", - "default": false - }, - "seccompProfile": { - "type": "object", - "properties": { - "type": { - "type": "string", - "description": "Set Redis® Sentinel containers' Security Context seccompProfile", - "default": "RuntimeDefault" - } - } - }, - "capabilities": { - "type": "object", - "properties": { - "drop": { - "type": "array", - "description": "Set Redis® Sentinel containers' Security Context capabilities to drop", - "default": [ - "ALL" - ], - "items": { - "type": "string" - } - } - } - } - } - }, - "lifecycleHooks": { - "type": "object", - "description": "for the Redis® sentinel container(s) to automate configuration before or after startup", - "default": {} - }, - "extraVolumes": { - "type": "array", - "description": "Optionally specify extra list of additional volumes for the Redis® Sentinel", - "default": [], - "items": {} - }, - "extraVolumeMounts": { - "type": "array", - "description": "Optionally specify extra list of additional volumeMounts for the Redis® Sentinel container(s)", - "default": [], - "items": {} - }, - "service": { - "type": "object", - "properties": { - "type": { - "type": "string", - "description": "Redis® Sentinel service type", - "default": "ClusterIP" - }, - "ports": { - "type": "object", - "properties": { - "redis": { - "type": "number", - "description": "Redis® service port for Redis®", - "default": 6379 - }, - "sentinel": { - "type": "number", - "description": "Redis® service port for Redis® Sentinel", - "default": 26379 - } - } - }, - "nodePorts": { - "type": "object", - "properties": { - "redis": { - "type": "string", - "description": "Node port for Redis®", - "default": "" - }, - "sentinel": { - "type": "string", - "description": "Node port for Sentinel", - "default": "" - } - } - }, - "externalTrafficPolicy": { - "type": "string", - "description": "Redis® Sentinel service external traffic policy", - "default": "Cluster" - }, - "extraPorts": { - "type": "array", - "description": "Extra ports to expose (normally used with the `sidecar` value)", - "default": [], - "items": {} - }, - "clusterIP": { - "type": "string", - "description": "Redis® Sentinel service Cluster IP", - "default": "" - }, - "createMaster": { - "type": "boolean", - "description": "Enable master service pointing to the current master (experimental)", - "default": false - }, - "loadBalancerIP": { - "type": "string", - "description": "Redis® Sentinel service Load Balancer IP", - "default": "" - }, - "loadBalancerClass": { - "type": "string", - "description": "sentinel service Load Balancer class if service type is `LoadBalancer` (optional, cloud specific)", - "default": "" - }, - "loadBalancerSourceRanges": { - "type": "array", - "description": "Redis® Sentinel service Load Balancer sources", - "default": [], - "items": {} - }, - "annotations": { - "type": "object", - "description": "Additional custom annotations for Redis® Sentinel service", - "default": {} - }, - "sessionAffinity": { - "type": "string", - "description": "Session Affinity for Kubernetes service, can be \"None\" or \"ClientIP\"", - "default": "None" - }, - "sessionAffinityConfig": { - "type": "object", - "description": "Additional settings for the sessionAffinity", - "default": {} - }, - "headless": { - "type": "object", - "properties": { - "annotations": { - "type": "object", - "description": "Annotations for the headless service.", - "default": {} - } - } - } - } - }, - "masterService": { - "type": "object", - "properties": { - "enabled": { - "type": "boolean", - "description": "Enable master service pointing to the current master (experimental)", - "default": false - }, - "type": { - "type": "string", - "description": "Redis® Sentinel master service type", - "default": "ClusterIP" - }, - "ports": { - "type": "object", - "properties": { - "redis": { - "type": "number", - "description": "Redis® service port for Redis®", - "default": 6379 - } - } - }, - "nodePorts": { - "type": "object", - "properties": { - "redis": { - "type": "string", - "description": "Node port for Redis®", - "default": "" - } - } - }, - "externalTrafficPolicy": { - "type": "string", - "description": "Redis® master service external traffic policy", - "default": "" - }, - "extraPorts": { - "type": "array", - "description": "Extra ports to expose (normally used with the `sidecar` value)", - "default": [], - "items": {} - }, - "clusterIP": { - "type": "string", - "description": "Redis® master service Cluster IP", - "default": "" - }, - "loadBalancerIP": { - "type": "string", - "description": "Redis® master service Load Balancer IP", - "default": "" - }, - "loadBalancerClass": { - "type": "string", - "description": "master service Load Balancer class if service type is `LoadBalancer` (optional, cloud specific)", - "default": "" - }, - "loadBalancerSourceRanges": { - "type": "array", - "description": "Redis® master service Load Balancer sources", - "default": [], - "items": {} - }, - "annotations": { - "type": "object", - "description": "Additional custom annotations for Redis® master service", - "default": {} - }, - "sessionAffinity": { - "type": "string", - "description": "Session Affinity for Kubernetes service, can be \"None\" or \"ClientIP\"", - "default": "None" - }, - "sessionAffinityConfig": { - "type": "object", - "description": "Additional settings for the sessionAffinity", - "default": {} - } - } - }, - "terminationGracePeriodSeconds": { - "type": "number", - "description": "Integer setting the termination grace period for the redis-node pods", - "default": 30 - } - } - }, - "serviceBindings": { - "type": "object", - "properties": { - "enabled": { - "type": "boolean", - "description": "Create secret for service binding (Experimental)", - "default": false - } - } - }, - "networkPolicy": { - "type": "object", - "properties": { - "enabled": { - "type": "boolean", - "description": "Enable creation of NetworkPolicy resources", - "default": true - }, - "allowExternal": { - "type": "boolean", - "description": "Don't require client label for connections", - "default": true - }, - "allowExternalEgress": { - "type": "boolean", - "description": "Allow the pod to access any range of port and all destinations.", - "default": true - }, - "extraIngress": { - "type": "array", - "description": "Add extra ingress rules to the NetworkPolicy", - "default": [], - "items": {} - }, - "extraEgress": { - "type": "array", - "description": "Add extra egress rules to the NetworkPolicy", - "default": [], - "items": {} - }, - "ingressNSMatchLabels": { - "type": "object", - "description": "Labels to match to allow traffic from other namespaces", - "default": {} - }, - "ingressNSPodMatchLabels": { - "type": "object", - "description": "Pod labels to match to allow traffic from other namespaces", - "default": {} - }, - "metrics": { - "type": "object", - "properties": { - "allowExternal": { - "type": "boolean", - "description": "Don't require client label for connections for metrics endpoint", - "default": true - }, - "ingressNSMatchLabels": { - "type": "object", - "description": "Labels to match to allow traffic from other namespaces to metrics endpoint", - "default": {} - }, - "ingressNSPodMatchLabels": { - "type": "object", - "description": "Pod labels to match to allow traffic from other namespaces to metrics endpoint", - "default": {} - } - } - } - } - }, - "podSecurityPolicy": { - "type": "object", - "properties": { - "create": { - "type": "boolean", - "description": "Whether to create a PodSecurityPolicy. WARNING: PodSecurityPolicy is deprecated in Kubernetes v1.21 or later, unavailable in v1.25 or later", - "default": false - }, - "enabled": { - "type": "boolean", - "description": "Enable PodSecurityPolicy's RBAC rules", - "default": false - } - } - }, - "rbac": { - "type": "object", - "properties": { - "create": { - "type": "boolean", - "description": "Specifies whether RBAC resources should be created", - "default": false - }, - "rules": { - "type": "array", - "description": "Custom RBAC rules to set", - "default": [], - "items": {} - } - } - }, - "serviceAccount": { - "type": "object", - "properties": { - "create": { - "type": "boolean", - "description": "Specifies whether a ServiceAccount should be created", - "default": true - }, - "name": { - "type": "string", - "description": "The name of the ServiceAccount to use.", - "default": "" - }, - "automountServiceAccountToken": { - "type": "boolean", - "description": "Whether to auto mount the service account token", - "default": false - }, - "annotations": { - "type": "object", - "description": "Additional custom annotations for the ServiceAccount", - "default": {} - } - } - }, - "pdb": { - "type": "object", - "description": "DEPRECATED Please use `master.pdb` and `replica.pdb` values instead", - "default": {} - }, - "tls": { - "type": "object", - "properties": { - "enabled": { - "type": "boolean", - "description": "Enable TLS traffic", - "default": false - }, - "authClients": { - "type": "boolean", - "description": "Require clients to authenticate", - "default": true - }, - "autoGenerated": { - "type": "boolean", - "description": "Enable autogenerated certificates", - "default": false - }, - "existingSecret": { - "type": "string", - "description": "The name of the existing secret that contains the TLS certificates", - "default": "" - }, - "certificatesSecret": { - "type": "string", - "description": "DEPRECATED. Use existingSecret instead.", - "default": "" - }, - "certFilename": { - "type": "string", - "description": "Certificate filename", - "default": "" - }, - "certKeyFilename": { - "type": "string", - "description": "Certificate Key filename", - "default": "" - }, - "certCAFilename": { - "type": "string", - "description": "CA Certificate filename", - "default": "" - }, - "dhParamsFilename": { - "type": "string", - "description": "File containing DH params (in order to support DH based ciphers)", - "default": "" - } - } - }, - "metrics": { - "type": "object", - "properties": { - "enabled": { - "type": "boolean", - "description": "Start a sidecar prometheus exporter to expose Redis® metrics", - "default": false - }, - "image": { - "type": "object", - "properties": { - "registry": { - "type": "string", - "description": "Redis® Exporter image registry", - "default": "REGISTRY_NAME" - }, - "repository": { - "type": "string", - "description": "Redis® Exporter image repository", - "default": "REPOSITORY_NAME/redis-exporter" - }, - "digest": { - "type": "string", - "description": "Redis® Exporter image digest in the way sha256:aa.... Please note this parameter, if set, will override the tag", - "default": "" - }, - "pullPolicy": { - "type": "string", - "description": "Redis® Exporter image pull policy", - "default": "IfNotPresent" - }, - "pullSecrets": { - "type": "array", - "description": "Redis® Exporter image pull secrets", - "default": [], - "items": {} - } - } - }, - "containerPorts": { - "type": "object", - "properties": { - "http": { - "type": "number", - "description": "Metrics HTTP container port", - "default": 9121 - } - } - }, - "startupProbe": { - "type": "object", - "properties": { - "enabled": { - "type": "boolean", - "description": "Enable startupProbe on Redis® replicas nodes", - "default": false - }, - "initialDelaySeconds": { - "type": "number", - "description": "Initial delay seconds for startupProbe", - "default": 10 - }, - "periodSeconds": { - "type": "number", - "description": "Period seconds for startupProbe", - "default": 10 - }, - "timeoutSeconds": { - "type": "number", - "description": "Timeout seconds for startupProbe", - "default": 5 - }, - "failureThreshold": { - "type": "number", - "description": "Failure threshold for startupProbe", - "default": 5 - }, - "successThreshold": { - "type": "number", - "description": "Success threshold for startupProbe", - "default": 1 - } - } - }, - "livenessProbe": { - "type": "object", - "properties": { - "enabled": { - "type": "boolean", - "description": "Enable livenessProbe on Redis® replicas nodes", - "default": true - }, - "initialDelaySeconds": { - "type": "number", - "description": "Initial delay seconds for livenessProbe", - "default": 10 - }, - "periodSeconds": { - "type": "number", - "description": "Period seconds for livenessProbe", - "default": 10 - }, - "timeoutSeconds": { - "type": "number", - "description": "Timeout seconds for livenessProbe", - "default": 5 - }, - "failureThreshold": { - "type": "number", - "description": "Failure threshold for livenessProbe", - "default": 5 - }, - "successThreshold": { - "type": "number", - "description": "Success threshold for livenessProbe", - "default": 1 - } - } - }, - "readinessProbe": { - "type": "object", - "properties": { - "enabled": { - "type": "boolean", - "description": "Enable readinessProbe on Redis® replicas nodes", - "default": true - }, - "initialDelaySeconds": { - "type": "number", - "description": "Initial delay seconds for readinessProbe", - "default": 5 - }, - "periodSeconds": { - "type": "number", - "description": "Period seconds for readinessProbe", - "default": 10 - }, - "timeoutSeconds": { - "type": "number", - "description": "Timeout seconds for readinessProbe", - "default": 1 - }, - "failureThreshold": { - "type": "number", - "description": "Failure threshold for readinessProbe", - "default": 3 - }, - "successThreshold": { - "type": "number", - "description": "Success threshold for readinessProbe", - "default": 1 - } - } - }, - "customStartupProbe": { - "type": "object", - "description": "Custom startupProbe that overrides the default one", - "default": {} - }, - "customLivenessProbe": { - "type": "object", - "description": "Custom livenessProbe that overrides the default one", - "default": {} - }, - "customReadinessProbe": { - "type": "object", - "description": "Custom readinessProbe that overrides the default one", - "default": {} - }, - "command": { - "type": "array", - "description": "Override default metrics container init command (useful when using custom images)", - "default": [], - "items": {} - }, - "redisTargetHost": { - "type": "string", - "description": "A way to specify an alternative Redis® hostname", - "default": "localhost" - }, - "extraArgs": { - "type": "object", - "description": "Extra arguments for Redis® exporter, for example:", - "default": {} - }, - "extraEnvVars": { - "type": "array", - "description": "Array with extra environment variables to add to Redis® exporter", - "default": [], - "items": {} - }, - "containerSecurityContext": { - "type": "object", - "properties": { - "enabled": { - "type": "boolean", - "description": "Enabled Redis® exporter containers' Security Context", - "default": true - }, - "runAsUser": { - "type": "number", - "description": "Set Redis® exporter containers' Security Context runAsUser", - "default": 1001 - }, - "runAsGroup": { - "type": "number", - "description": "Set Redis® exporter containers' Security Context runAsGroup", - "default": 1001 - }, - "runAsNonRoot": { - "type": "boolean", - "description": "Set Redis® exporter containers' Security Context runAsNonRoot", - "default": true - }, - "allowPrivilegeEscalation": { - "type": "boolean", - "description": "Set Redis® exporter containers' Security Context allowPrivilegeEscalation", - "default": false - }, - "readOnlyRootFilesystem": { - "type": "boolean", - "description": "Set container's Security Context read-only root filesystem", - "default": true - }, - "seccompProfile": { - "type": "object", - "properties": { - "type": { - "type": "string", - "description": "Set Redis® exporter containers' Security Context seccompProfile", - "default": "RuntimeDefault" - } - } - }, - "capabilities": { - "type": "object", - "properties": { - "drop": { - "type": "array", - "description": "Set Redis® exporter containers' Security Context capabilities to drop", - "default": [ - "ALL" - ], - "items": { - "type": "string" - } - } - } - } - } - }, - "extraVolumes": { - "type": "array", - "description": "Optionally specify extra list of additional volumes for the Redis® metrics sidecar", - "default": [], - "items": {} - }, - "extraVolumeMounts": { - "type": "array", - "description": "Optionally specify extra list of additional volumeMounts for the Redis® metrics sidecar", - "default": [], - "items": {} - }, - "resourcesPreset": { - "type": "string", - "description": "Set container resources according to one common preset (allowed values: none, nano, micro, small, medium, large, xlarge, 2xlarge). This is ignored if metrics.resources is set (metrics.resources is recommended for production).", - "default": "nano" - }, - "resources": { - "type": "object", - "description": "Set container requests and limits for different resources like CPU or memory (essential for production workloads)", - "default": {} - }, - "podLabels": { - "type": "object", - "description": "Extra labels for Redis® exporter pods", - "default": {} - }, - "service": { - "type": "object", - "properties": { - "enabled": { - "type": "boolean", - "description": "Create Service resource(s) for scraping metrics using PrometheusOperator ServiceMonitor, can be disabled when using a PodMonitor", - "default": true - }, - "type": { - "type": "string", - "description": "Redis® exporter service type", - "default": "ClusterIP" - }, - "ports": { - "type": "object", - "properties": { - "http": { - "type": "number", - "description": "Redis® exporter service port", - "default": 9121 - } - } - }, - "externalTrafficPolicy": { - "type": "string", - "description": "Redis® exporter service external traffic policy", - "default": "Cluster" - }, - "extraPorts": { - "type": "array", - "description": "Extra ports to expose (normally used with the `sidecar` value)", - "default": [], - "items": {} - }, - "loadBalancerIP": { - "type": "string", - "description": "Redis® exporter service Load Balancer IP", - "default": "" - }, - "loadBalancerClass": { - "type": "string", - "description": "exporter service Load Balancer class if service type is `LoadBalancer` (optional, cloud specific)", - "default": "" - }, - "loadBalancerSourceRanges": { - "type": "array", - "description": "Redis® exporter service Load Balancer sources", - "default": [], - "items": {} - }, - "annotations": { - "type": "object", - "description": "Additional custom annotations for Redis® exporter service", - "default": {} - }, - "clusterIP": { - "type": "string", - "description": "Redis® exporter service Cluster IP", - "default": "" - } - } - }, - "serviceMonitor": { - "type": "object", - "properties": { - "port": { - "type": "string", - "description": "the service port to scrape metrics from", - "default": "http-metrics" - }, - "enabled": { - "type": "boolean", - "description": "Create ServiceMonitor resource(s) for scraping metrics using PrometheusOperator", - "default": false - }, - "namespace": { - "type": "string", - "description": "The namespace in which the ServiceMonitor will be created", - "default": "" - }, - "interval": { - "type": "string", - "description": "The interval at which metrics should be scraped", - "default": "30s" - }, - "scrapeTimeout": { - "type": "string", - "description": "The timeout after which the scrape is ended", - "default": "" - }, - "relabelings": { - "type": "array", - "description": "Metrics RelabelConfigs to apply to samples before scraping.", - "default": [], - "items": {} - }, - "metricRelabelings": { - "type": "array", - "description": "Metrics RelabelConfigs to apply to samples before ingestion.", - "default": [], - "items": {} - }, - "honorLabels": { - "type": "boolean", - "description": "Specify honorLabels parameter to add the scrape endpoint", - "default": false - }, - "additionalLabels": { - "type": "object", - "description": "Additional labels that can be used so ServiceMonitor resource(s) can be discovered by Prometheus", - "default": {} - }, - "podTargetLabels": { - "type": "array", - "description": "Labels from the Kubernetes pod to be transferred to the created metrics", - "default": [], - "items": {} - }, - "sampleLimit": { - "type": "boolean", - "description": "Limit of how many samples should be scraped from every Pod", - "default": false - }, - "targetLimit": { - "type": "boolean", - "description": "Limit of how many targets should be scraped", - "default": false - }, - "additionalEndpoints": { - "type": "array", - "description": "Additional endpoints to scrape (e.g sentinel)", - "default": [], - "items": {} - } - } - }, - "podMonitor": { - "type": "object", - "properties": { - "port": { - "type": "string", - "description": "the pod port to scrape metrics from", - "default": "metrics" - }, - "enabled": { - "type": "boolean", - "description": "Create PodMonitor resource(s) for scraping metrics using PrometheusOperator", - "default": false - }, - "namespace": { - "type": "string", - "description": "The namespace in which the PodMonitor will be created", - "default": "" - }, - "interval": { - "type": "string", - "description": "The interval at which metrics should be scraped", - "default": "30s" - }, - "scrapeTimeout": { - "type": "string", - "description": "The timeout after which the scrape is ended", - "default": "" - }, - "relabelings": { - "type": "array", - "description": "Metrics RelabelConfigs to apply to samples before scraping.", - "default": [], - "items": {} - }, - "metricRelabelings": { - "type": "array", - "description": "Metrics RelabelConfigs to apply to samples before ingestion.", - "default": [], - "items": {} - }, - "honorLabels": { - "type": "boolean", - "description": "Specify honorLabels parameter to add the scrape endpoint", - "default": false - }, - "additionalLabels": { - "type": "object", - "description": "Additional labels that can be used so PodMonitor resource(s) can be discovered by Prometheus", - "default": {} - }, - "podTargetLabels": { - "type": "array", - "description": "Labels from the Kubernetes pod to be transferred to the created metrics", - "default": [], - "items": {} - }, - "sampleLimit": { - "type": "boolean", - "description": "Limit of how many samples should be scraped from every Pod", - "default": false - }, - "targetLimit": { - "type": "boolean", - "description": "Limit of how many targets should be scraped", - "default": false - }, - "additionalEndpoints": { - "type": "array", - "description": "Additional endpoints to scrape (e.g sentinel)", - "default": [], - "items": {} - } - } - }, - "prometheusRule": { - "type": "object", - "properties": { - "enabled": { - "type": "boolean", - "description": "Create a custom prometheusRule Resource for scraping metrics using PrometheusOperator", - "default": false - }, - "namespace": { - "type": "string", - "description": "The namespace in which the prometheusRule will be created", - "default": "" - }, - "additionalLabels": { - "type": "object", - "description": "Additional labels for the prometheusRule", - "default": {} - }, - "rules": { - "type": "array", - "description": "Custom Prometheus rules", - "default": [], - "items": {} - } - } - } - } - }, - "volumePermissions": { - "type": "object", - "properties": { - "enabled": { - "type": "boolean", - "description": "Enable init container that changes the owner/group of the PV mount point to `runAsUser:fsGroup`", - "default": false - }, - "image": { - "type": "object", - "properties": { - "registry": { - "type": "string", - "description": "OS Shell + Utility image registry", - "default": "REGISTRY_NAME" - }, - "repository": { - "type": "string", - "description": "OS Shell + Utility image repository", - "default": "REPOSITORY_NAME/os-shell" - }, - "digest": { - "type": "string", - "description": "OS Shell + Utility image digest in the way sha256:aa.... Please note this parameter, if set, will override the tag", - "default": "" - }, - "pullPolicy": { - "type": "string", - "description": "OS Shell + Utility image pull policy", - "default": "IfNotPresent" - }, - "pullSecrets": { - "type": "array", - "description": "OS Shell + Utility image pull secrets", - "default": [], - "items": {} - } - } - }, - "resourcesPreset": { - "type": "string", - "description": "Set container resources according to one common preset (allowed values: none, nano, micro, small, medium, large, xlarge, 2xlarge). This is ignored if volumePermissions.resources is set (volumePermissions.resources is recommended for production).", - "default": "nano" - }, - "resources": { - "type": "object", - "description": "Set container requests and limits for different resources like CPU or memory (essential for production workloads)", - "default": {} - }, - "containerSecurityContext": { - "type": "object", - "properties": { - "runAsUser": { - "type": "number", - "description": "Set init container's Security Context runAsUser", - "default": 0 - } - } - } - } - }, - "kubectl": { - "type": "object", - "properties": { - "image": { - "type": "object", - "properties": { - "registry": { - "type": "string", - "description": "Kubectl image registry", - "default": "REGISTRY_NAME" - }, - "repository": { - "type": "string", - "description": "Kubectl image repository", - "default": "REPOSITORY_NAME/kubectl" - }, - "digest": { - "type": "string", - "description": "Kubectl image digest in the way sha256:aa.... Please note this parameter, if set, will override the tag", - "default": "" - }, - "pullPolicy": { - "type": "string", - "description": "Kubectl image pull policy", - "default": "IfNotPresent" - }, - "pullSecrets": { - "type": "array", - "description": "Kubectl pull secrets", - "default": [], - "items": {} - } - } - }, - "command": { - "type": "array", - "description": "kubectl command to execute", - "default": [ - "/opt/bitnami/scripts/kubectl-scripts/update-master-label.sh" - ], - "items": { - "type": "string" - } - }, - "containerSecurityContext": { - "type": "object", - "properties": { - "enabled": { - "type": "boolean", - "description": "Enabled kubectl containers' Security Context", - "default": true - }, - "runAsUser": { - "type": "number", - "description": "Set kubectl containers' Security Context runAsUser", - "default": 1001 - }, - "runAsGroup": { - "type": "number", - "description": "Set kubectl containers' Security Context runAsGroup", - "default": 1001 - }, - "runAsNonRoot": { - "type": "boolean", - "description": "Set kubectl containers' Security Context runAsNonRoot", - "default": true - }, - "allowPrivilegeEscalation": { - "type": "boolean", - "description": "Set kubectl containers' Security Context allowPrivilegeEscalation", - "default": false - }, - "readOnlyRootFilesystem": { - "type": "boolean", - "description": "Set container's Security Context read-only root filesystem", - "default": true - }, - "seccompProfile": { - "type": "object", - "properties": { - "type": { - "type": "string", - "description": "Set kubectl containers' Security Context seccompProfile", - "default": "RuntimeDefault" - } - } - }, - "capabilities": { - "type": "object", - "properties": { - "drop": { - "type": "array", - "description": "Set kubectl containers' Security Context capabilities to drop", - "default": [ - "ALL" - ], - "items": { - "type": "string" - } - } - } - } - } - }, - "resources": { - "type": "object", - "properties": { - "limits": { - "type": "object", - "description": "The resources limits for the kubectl containers", - "default": {} - }, - "requests": { - "type": "object", - "description": "The requested resources for the kubectl containers", - "default": {} - } - } - } - } - }, - "sysctl": { - "type": "object", - "properties": { - "enabled": { - "type": "boolean", - "description": "Enable init container to modify Kernel settings", - "default": false - }, - "image": { - "type": "object", - "properties": { - "registry": { - "type": "string", - "description": "OS Shell + Utility image registry", - "default": "REGISTRY_NAME" - }, - "repository": { - "type": "string", - "description": "OS Shell + Utility image repository", - "default": "REPOSITORY_NAME/os-shell" - }, - "digest": { - "type": "string", - "description": "OS Shell + Utility image digest in the way sha256:aa.... Please note this parameter, if set, will override the tag", - "default": "" - }, - "pullPolicy": { - "type": "string", - "description": "OS Shell + Utility image pull policy", - "default": "IfNotPresent" - }, - "pullSecrets": { - "type": "array", - "description": "OS Shell + Utility image pull secrets", - "default": [], - "items": {} - } - } - }, - "command": { - "type": "array", - "description": "Override default init-sysctl container command (useful when using custom images)", - "default": [], - "items": {} - }, - "mountHostSys": { - "type": "boolean", - "description": "Mount the host `/sys` folder to `/host-sys`", - "default": false - }, - "resourcesPreset": { - "type": "string", - "description": "Set container resources according to one common preset (allowed values: none, nano, micro, small, medium, large, xlarge, 2xlarge). This is ignored if sysctl.resources is set (sysctl.resources is recommended for production).", - "default": "nano" - }, - "resources": { - "type": "object", - "description": "Set container requests and limits for different resources like CPU or memory (essential for production workloads)", - "default": {} - } - } - }, - "useExternalDNS": { - "type": "object", - "properties": { - "enabled": { - "type": "boolean", - "description": "Enable various syntax that would enable external-dns to work. Note this requires a working installation of `external-dns` to be usable.", - "default": false - }, - "additionalAnnotations": { - "type": "object", - "description": "Extra annotations to be utilized when `external-dns` is enabled.", - "default": {} - }, - "annotationKey": { - "type": "string", - "description": "The annotation key utilized when `external-dns` is enabled. Setting this to `false` will disable annotations.", - "default": "external-dns.alpha.kubernetes.io/" - }, - "suffix": { - "type": "string", - "description": "The DNS suffix utilized when `external-dns` is enabled. Note that we prepend the suffix with the full name of the release.", - "default": "" - } - } - } - } -} \ No newline at end of file diff --git a/packages/system/dashboard/charts/kubeapps/charts/redis/values.yaml b/packages/system/dashboard/charts/kubeapps/charts/redis/values.yaml deleted file mode 100644 index 09874845..00000000 --- a/packages/system/dashboard/charts/kubeapps/charts/redis/values.yaml +++ /dev/null @@ -1,2254 +0,0 @@ -# Copyright Broadcom, Inc. All Rights Reserved. -# SPDX-License-Identifier: APACHE-2.0 - -## @section Global parameters -## Global Docker image parameters -## Please, note that this will override the image parameters, including dependencies, configured to use the global value -## Current available global Docker image parameters: imageRegistry, imagePullSecrets and storageClass -## - -## @param global.imageRegistry Global Docker image registry -## @param global.imagePullSecrets Global Docker registry secret names as an array -## @param global.defaultStorageClass Global default StorageClass for Persistent Volume(s) -## @param global.storageClass DEPRECATED: use global.defaultStorageClass instead -## @param global.redis.password Global Redis® password (overrides `auth.password`) -## -global: - imageRegistry: "" - ## E.g. - ## imagePullSecrets: - ## - myRegistryKeySecretName - ## - imagePullSecrets: [] - defaultStorageClass: "" - storageClass: "" - redis: - password: "" - ## Compatibility adaptations for Kubernetes platforms - ## - compatibility: - ## Compatibility adaptations for Openshift - ## - openshift: - ## @param global.compatibility.openshift.adaptSecurityContext Adapt the securityContext sections of the deployment to make them compatible with Openshift restricted-v2 SCC: remove runAsUser, runAsGroup and fsGroup and let the platform use their allowed default IDs. Possible values: auto (apply if the detected running cluster is Openshift), force (perform the adaptation always), disabled (do not perform adaptation) - ## - adaptSecurityContext: auto -## @section Common parameters -## - -## @param kubeVersion Override Kubernetes version -## -kubeVersion: "" -## @param nameOverride String to partially override common.names.fullname -## -nameOverride: "" -## @param fullnameOverride String to fully override common.names.fullname -## -fullnameOverride: "" -## @param namespaceOverride String to fully override common.names.namespace -## -namespaceOverride: "" -## @param commonLabels Labels to add to all deployed objects -## -commonLabels: {} -## @param commonAnnotations Annotations to add to all deployed objects -## -commonAnnotations: {} -## @param secretAnnotations Annotations to add to secret -## -secretAnnotations: {} -## @param clusterDomain Kubernetes cluster domain name -## -clusterDomain: cluster.local -## @param extraDeploy Array of extra objects to deploy with the release -## -extraDeploy: [] -## @param useHostnames Use hostnames internally when announcing replication. If false, the hostname will be resolved to an IP address -## -useHostnames: true -## @param nameResolutionThreshold Failure threshold for internal hostnames resolution -## -nameResolutionThreshold: 5 -## @param nameResolutionTimeout Timeout seconds between probes for internal hostnames resolution -## -nameResolutionTimeout: 5 -## Enable diagnostic mode in the deployment -## -diagnosticMode: - ## @param diagnosticMode.enabled Enable diagnostic mode (all probes will be disabled and the command will be overridden) - ## - enabled: false - ## @param diagnosticMode.command Command to override all containers in the deployment - ## - command: - - sleep - ## @param diagnosticMode.args Args to override all containers in the deployment - ## - args: - - infinity -## @section Redis® Image parameters -## - -## Bitnami Redis® image -## ref: https://hub.docker.com/r/bitnami/redis/tags/ -## @param image.registry [default: REGISTRY_NAME] Redis® image registry -## @param image.repository [default: REPOSITORY_NAME/redis] Redis® image repository -## @skip image.tag Redis® image tag (immutable tags are recommended) -## @param image.digest Redis® image digest in the way sha256:aa.... Please note this parameter, if set, will override the tag -## @param image.pullPolicy Redis® image pull policy -## @param image.pullSecrets Redis® image pull secrets -## @param image.debug Enable image debug mode -## -image: - registry: docker.io - repository: bitnami/redis - tag: 7.4.1-debian-12-r0 - digest: "" - ## Specify a imagePullPolicy - ## Defaults to 'Always' if image tag is 'latest', else set to 'IfNotPresent' - ## ref: https://kubernetes.io/docs/concepts/containers/images/#pre-pulled-images - ## - pullPolicy: IfNotPresent - ## Optionally specify an array of imagePullSecrets. - ## Secrets must be manually created in the namespace. - ## ref: https://kubernetes.io/docs/tasks/configure-pod-container/pull-image-private-registry/ - ## e.g: - ## pullSecrets: - ## - myRegistryKeySecretName - ## - pullSecrets: [] - ## Enable debug mode - ## - debug: false -## @section Redis® common configuration parameters -## https://github.com/bitnami/containers/tree/main/bitnami/redis#configuration -## - -## @param architecture Redis® architecture. Allowed values: `standalone` or `replication` -## -architecture: replication -## Redis® Authentication parameters -## ref: https://github.com/bitnami/containers/tree/main/bitnami/redis#setting-the-server-password-on-first-run -## -auth: - ## @param auth.enabled Enable password authentication - ## - enabled: true - ## @param auth.sentinel Enable password authentication on sentinels too - ## - sentinel: true - ## @param auth.password Redis® password - ## Defaults to a random 10-character alphanumeric string if not set - ## - password: "" - ## @param auth.existingSecret The name of an existing secret with Redis® credentials - ## NOTE: When it's set, the previous `auth.password` parameter is ignored - ## - existingSecret: "" - ## @param auth.existingSecretPasswordKey Password key to be retrieved from existing secret - ## NOTE: ignored unless `auth.existingSecret` parameter is set - ## - existingSecretPasswordKey: "" - ## @param auth.usePasswordFiles Mount credentials as files instead of using an environment variable - ## - usePasswordFiles: false - ## @param auth.usePasswordFileFromSecret Mount password file from secret - ## - usePasswordFileFromSecret: true -## @param commonConfiguration [string] Common configuration to be added into the ConfigMap -## ref: https://redis.io/topics/config -## -commonConfiguration: |- - # Enable AOF https://redis.io/topics/persistence#append-only-file - appendonly yes - # Disable RDB persistence, AOF persistence already enabled. - save "" -## @param existingConfigmap The name of an existing ConfigMap with your custom configuration for Redis® nodes -## -existingConfigmap: "" -## @section Redis® master configuration parameters -## -master: - ## @param master.count Number of Redis® master instances to deploy (experimental, requires additional configuration) - ## - count: 1 - ## @param master.revisionHistoryLimit The number of old history to retain to allow rollback - ## NOTE: Explicitly setting this field to 0, will result in cleaning up all the history, breaking ability to rollback - revisionHistoryLimit: 10 - ## @param master.configuration Configuration for Redis® master nodes - ## ref: https://redis.io/topics/config - ## - configuration: "" - ## @param master.disableCommands Array with Redis® commands to disable on master nodes - ## Commands will be completely disabled by renaming each to an empty string. - ## ref: https://redis.io/topics/security#disabling-of-specific-commands - ## - disableCommands: - - FLUSHDB - - FLUSHALL - ## @param master.command Override default container command (useful when using custom images) - ## - command: [] - ## @param master.args Override default container args (useful when using custom images) - ## - args: [] - ## @param master.enableServiceLinks Whether information about services should be injected into pod's environment variable - ## - enableServiceLinks: true - ## @param master.preExecCmds Additional commands to run prior to starting Redis® master - ## - preExecCmds: [] - ## @param master.extraFlags Array with additional command line flags for Redis® master - ## e.g: - ## extraFlags: - ## - "--maxmemory-policy volatile-ttl" - ## - "--repl-backlog-size 1024mb" - ## - extraFlags: [] - ## @param master.extraEnvVars Array with extra environment variables to add to Redis® master nodes - ## e.g: - ## extraEnvVars: - ## - name: FOO - ## value: "bar" - ## - extraEnvVars: [] - ## @param master.extraEnvVarsCM Name of existing ConfigMap containing extra env vars for Redis® master nodes - ## - extraEnvVarsCM: "" - ## @param master.extraEnvVarsSecret Name of existing Secret containing extra env vars for Redis® master nodes - ## - extraEnvVarsSecret: "" - ## @param master.containerPorts.redis Container port to open on Redis® master nodes - ## - containerPorts: - redis: 6379 - ## Configure extra options for Redis® containers' liveness and readiness probes - ## ref: https://kubernetes.io/docs/tasks/configure-pod-container/configure-liveness-readiness-probes/#configure-probes - ## @param master.startupProbe.enabled Enable startupProbe on Redis® master nodes - ## @param master.startupProbe.initialDelaySeconds Initial delay seconds for startupProbe - ## @param master.startupProbe.periodSeconds Period seconds for startupProbe - ## @param master.startupProbe.timeoutSeconds Timeout seconds for startupProbe - ## @param master.startupProbe.failureThreshold Failure threshold for startupProbe - ## @param master.startupProbe.successThreshold Success threshold for startupProbe - ## - startupProbe: - enabled: false - initialDelaySeconds: 20 - periodSeconds: 5 - timeoutSeconds: 5 - successThreshold: 1 - failureThreshold: 5 - ## @param master.livenessProbe.enabled Enable livenessProbe on Redis® master nodes - ## @param master.livenessProbe.initialDelaySeconds Initial delay seconds for livenessProbe - ## @param master.livenessProbe.periodSeconds Period seconds for livenessProbe - ## @param master.livenessProbe.timeoutSeconds Timeout seconds for livenessProbe - ## @param master.livenessProbe.failureThreshold Failure threshold for livenessProbe - ## @param master.livenessProbe.successThreshold Success threshold for livenessProbe - ## - livenessProbe: - enabled: true - initialDelaySeconds: 20 - periodSeconds: 5 - timeoutSeconds: 5 - successThreshold: 1 - failureThreshold: 5 - ## @param master.readinessProbe.enabled Enable readinessProbe on Redis® master nodes - ## @param master.readinessProbe.initialDelaySeconds Initial delay seconds for readinessProbe - ## @param master.readinessProbe.periodSeconds Period seconds for readinessProbe - ## @param master.readinessProbe.timeoutSeconds Timeout seconds for readinessProbe - ## @param master.readinessProbe.failureThreshold Failure threshold for readinessProbe - ## @param master.readinessProbe.successThreshold Success threshold for readinessProbe - ## - readinessProbe: - enabled: true - initialDelaySeconds: 20 - periodSeconds: 5 - timeoutSeconds: 1 - successThreshold: 1 - failureThreshold: 5 - ## @param master.customStartupProbe Custom startupProbe that overrides the default one - ## - customStartupProbe: {} - ## @param master.customLivenessProbe Custom livenessProbe that overrides the default one - ## - customLivenessProbe: {} - ## @param master.customReadinessProbe Custom readinessProbe that overrides the default one - ## - customReadinessProbe: {} - ## Redis® master resource requests and limits - ## ref: https://kubernetes.io/docs/concepts/configuration/manage-compute-resources-container/ - ## @param master.resourcesPreset Set container resources according to one common preset (allowed values: none, nano, micro, small, medium, large, xlarge, 2xlarge). This is ignored if master.resources is set (master.resources is recommended for production). - ## More information: https://github.com/bitnami/charts/blob/main/bitnami/common/templates/_resources.tpl#L15 - ## - resourcesPreset: "nano" - ## @param master.resources Set container requests and limits for different resources like CPU or memory (essential for production workloads) - ## Example: - ## resources: - ## requests: - ## cpu: 2 - ## memory: 512Mi - ## limits: - ## cpu: 3 - ## memory: 1024Mi - ## - resources: {} - ## Configure Pods Security Context - ## ref: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/#set-the-security-context-for-a-pod - ## @param master.podSecurityContext.enabled Enabled Redis® master pods' Security Context - ## @param master.podSecurityContext.fsGroupChangePolicy Set filesystem group change policy - ## @param master.podSecurityContext.sysctls Set kernel settings using the sysctl interface - ## @param master.podSecurityContext.supplementalGroups Set filesystem extra groups - ## @param master.podSecurityContext.fsGroup Set Redis® master pod's Security Context fsGroup - ## - podSecurityContext: - enabled: true - fsGroupChangePolicy: Always - sysctls: [] - supplementalGroups: [] - fsGroup: 1001 - ## Configure Container Security Context - ## ref: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/#set-the-security-context-for-a-pod - ## @param master.containerSecurityContext.enabled Enabled Redis® master containers' Security Context - ## @param master.containerSecurityContext.seLinuxOptions [object,nullable] Set SELinux options in container - ## @param master.containerSecurityContext.runAsUser Set Redis® master containers' Security Context runAsUser - ## @param master.containerSecurityContext.runAsGroup Set Redis® master containers' Security Context runAsGroup - ## @param master.containerSecurityContext.runAsNonRoot Set Redis® master containers' Security Context runAsNonRoot - ## @param master.containerSecurityContext.allowPrivilegeEscalation Is it possible to escalate Redis® pod(s) privileges - ## @param master.containerSecurityContext.readOnlyRootFilesystem Set container's Security Context read-only root filesystem - ## @param master.containerSecurityContext.seccompProfile.type Set Redis® master containers' Security Context seccompProfile - ## @param master.containerSecurityContext.capabilities.drop Set Redis® master containers' Security Context capabilities to drop - ## - containerSecurityContext: - enabled: true - seLinuxOptions: {} - runAsUser: 1001 - runAsGroup: 1001 - runAsNonRoot: true - allowPrivilegeEscalation: false - readOnlyRootFilesystem: true - seccompProfile: - type: RuntimeDefault - capabilities: - drop: ["ALL"] - ## @param master.kind Use either Deployment, StatefulSet (default) or DaemonSet - ## ref: https://kubernetes.io/docs/concepts/workloads/controllers/statefulset/ - ## - kind: StatefulSet - ## @param master.schedulerName Alternate scheduler for Redis® master pods - ## ref: https://kubernetes.io/docs/tasks/administer-cluster/configure-multiple-schedulers/ - ## - schedulerName: "" - ## @param master.updateStrategy.type Redis® master statefulset strategy type - ## @skip master.updateStrategy.rollingUpdate - ## ref: https://kubernetes.io/docs/concepts/workloads/controllers/statefulset/#update-strategies - ## - updateStrategy: - ## StrategyType - ## Can be set to RollingUpdate, OnDelete (statefulset), Recreate (deployment) - ## - type: RollingUpdate - ## @param master.minReadySeconds How many seconds a pod needs to be ready before killing the next, during update - ## - minReadySeconds: 0 - ## @param master.priorityClassName Redis® master pods' priorityClassName - ## - priorityClassName: "" - ## @param master.automountServiceAccountToken Mount Service Account token in pod - ## - automountServiceAccountToken: false - ## @param master.hostAliases Redis® master pods host aliases - ## https://kubernetes.io/docs/concepts/services-networking/add-entries-to-pod-etc-hosts-with-host-aliases/ - ## - hostAliases: [] - ## @param master.podLabels Extra labels for Redis® master pods - ## ref: https://kubernetes.io/docs/concepts/overview/working-with-objects/labels/ - ## - podLabels: {} - ## @param master.podAnnotations Annotations for Redis® master pods - ## ref: https://kubernetes.io/docs/concepts/overview/working-with-objects/annotations/ - ## - podAnnotations: {} - ## @param master.shareProcessNamespace Share a single process namespace between all of the containers in Redis® master pods - ## ref: https://kubernetes.io/docs/tasks/configure-pod-container/share-process-namespace/ - ## - shareProcessNamespace: false - ## @param master.podAffinityPreset Pod affinity preset. Ignored if `master.affinity` is set. Allowed values: `soft` or `hard` - ## ref: https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/#inter-pod-affinity-and-anti-affinity - ## - podAffinityPreset: "" - ## @param master.podAntiAffinityPreset Pod anti-affinity preset. Ignored if `master.affinity` is set. Allowed values: `soft` or `hard` - ## ref: https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/#inter-pod-affinity-and-anti-affinity - ## - podAntiAffinityPreset: soft - ## Node master.affinity preset - ## ref: https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/#node-affinity - ## - nodeAffinityPreset: - ## @param master.nodeAffinityPreset.type Node affinity preset type. Ignored if `master.affinity` is set. Allowed values: `soft` or `hard` - ## - type: "" - ## @param master.nodeAffinityPreset.key Node label key to match. Ignored if `master.affinity` is set - ## - key: "" - ## @param master.nodeAffinityPreset.values Node label values to match. Ignored if `master.affinity` is set - ## E.g. - ## values: - ## - e2e-az1 - ## - e2e-az2 - ## - values: [] - ## @param master.affinity Affinity for Redis® master pods assignment - ## ref: https://kubernetes.io/docs/concepts/configuration/assign-pod-node/#affinity-and-anti-affinity - ## NOTE: `master.podAffinityPreset`, `master.podAntiAffinityPreset`, and `master.nodeAffinityPreset` will be ignored when it's set - ## - affinity: {} - ## @param master.nodeSelector Node labels for Redis® master pods assignment - ## ref: https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/ - ## - nodeSelector: {} - ## @param master.tolerations Tolerations for Redis® master pods assignment - ## ref: https://kubernetes.io/docs/concepts/configuration/taint-and-toleration/ - ## - tolerations: [] - ## @param master.topologySpreadConstraints Spread Constraints for Redis® master pod assignment - ## ref: https://kubernetes.io/docs/concepts/workloads/pods/pod-topology-spread-constraints/ - ## E.g. - ## topologySpreadConstraints: - ## - maxSkew: 1 - ## topologyKey: node - ## whenUnsatisfiable: DoNotSchedule - ## - topologySpreadConstraints: [] - ## @param master.dnsPolicy DNS Policy for Redis® master pod - ## ref: https://kubernetes.io/docs/concepts/services-networking/dns-pod-service/ - ## E.g. - ## dnsPolicy: ClusterFirst - ## - dnsPolicy: "" - ## @param master.dnsConfig DNS Configuration for Redis® master pod - ## ref: https://kubernetes.io/docs/concepts/services-networking/dns-pod-service/ - ## E.g. - ## dnsConfig: - ## options: - ## - name: ndots - ## value: "4" - ## - name: single-request-reopen - ## - dnsConfig: {} - ## @param master.lifecycleHooks for the Redis® master container(s) to automate configuration before or after startup - ## - lifecycleHooks: {} - ## @param master.extraVolumes Optionally specify extra list of additional volumes for the Redis® master pod(s) - ## - extraVolumes: [] - ## @param master.extraVolumeMounts Optionally specify extra list of additional volumeMounts for the Redis® master container(s) - ## - extraVolumeMounts: [] - ## @param master.sidecars Add additional sidecar containers to the Redis® master pod(s) - ## e.g: - ## sidecars: - ## - name: your-image-name - ## image: your-image - ## imagePullPolicy: Always - ## ports: - ## - name: portname - ## containerPort: 1234 - ## - sidecars: [] - ## @param master.initContainers Add additional init containers to the Redis® master pod(s) - ## ref: https://kubernetes.io/docs/concepts/workloads/pods/init-containers/ - ## e.g: - ## initContainers: - ## - name: your-image-name - ## image: your-image - ## imagePullPolicy: Always - ## command: ['sh', '-c', 'echo "hello world"'] - ## - initContainers: [] - ## Persistence parameters - ## ref: https://kubernetes.io/docs/concepts/storage/persistent-volumes/ - ## - persistence: - ## @param master.persistence.enabled Enable persistence on Redis® master nodes using Persistent Volume Claims - ## - enabled: true - ## @param master.persistence.medium Provide a medium for `emptyDir` volumes. - ## - medium: "" - ## @param master.persistence.sizeLimit Set this to enable a size limit for `emptyDir` volumes. - ## - sizeLimit: "" - ## @param master.persistence.path The path the volume will be mounted at on Redis® master containers - ## NOTE: Useful when using different Redis® images - ## - path: /data - ## @param master.persistence.subPath The subdirectory of the volume to mount on Redis® master containers - ## NOTE: Useful in dev environments - ## - subPath: "" - ## @param master.persistence.subPathExpr Used to construct the subPath subdirectory of the volume to mount on Redis® master containers - ## - subPathExpr: "" - ## @param master.persistence.storageClass Persistent Volume storage class - ## If defined, storageClassName: - ## If set to "-", storageClassName: "", which disables dynamic provisioning - ## If undefined (the default) or set to null, no storageClassName spec is set, choosing the default provisioner - ## - storageClass: "" - ## @param master.persistence.accessModes Persistent Volume access modes - ## - accessModes: - - ReadWriteOnce - ## @param master.persistence.size Persistent Volume size - ## - size: 8Gi - ## @param master.persistence.annotations Additional custom annotations for the PVC - ## - annotations: {} - ## @param master.persistence.labels Additional custom labels for the PVC - ## - labels: {} - ## @param master.persistence.selector Additional labels to match for the PVC - ## e.g: - ## selector: - ## matchLabels: - ## app: my-app - ## - selector: {} - ## @param master.persistence.dataSource Custom PVC data source - ## - dataSource: {} - ## @param master.persistence.existingClaim Use a existing PVC which must be created manually before bound - ## NOTE: requires master.persistence.enabled: true - ## - existingClaim: "" - ## persistentVolumeClaimRetentionPolicy - ## ref: https://kubernetes.io/docs/concepts/workloads/controllers/statefulset/#persistentvolumeclaim-retention - ## @param master.persistentVolumeClaimRetentionPolicy.enabled Controls if and how PVCs are deleted during the lifecycle of a StatefulSet - ## @param master.persistentVolumeClaimRetentionPolicy.whenScaled Volume retention behavior when the replica count of the StatefulSet is reduced - ## @param master.persistentVolumeClaimRetentionPolicy.whenDeleted Volume retention behavior that applies when the StatefulSet is deleted - ## - persistentVolumeClaimRetentionPolicy: - enabled: false - whenScaled: Retain - whenDeleted: Retain - ## Redis® master service parameters - ## - service: - ## @param master.service.type Redis® master service type - ## - type: ClusterIP - ## @param master.service.portNames.redis Redis® master service port name - ## - portNames: - redis: "tcp-redis" - ## @param master.service.ports.redis Redis® master service port - ## - ports: - redis: 6379 - ## @param master.service.nodePorts.redis Node port for Redis® master - ## ref: https://kubernetes.io/docs/concepts/services-networking/service/#type-nodeport - ## NOTE: choose port between <30000-32767> - ## - nodePorts: - redis: "" - ## @param master.service.externalTrafficPolicy Redis® master service external traffic policy - ## ref: https://kubernetes.io/docs/tasks/access-application-cluster/create-external-load-balancer/#preserving-the-client-source-ip - ## - externalTrafficPolicy: Cluster - ## @param master.service.extraPorts Extra ports to expose (normally used with the `sidecar` value) - ## - extraPorts: [] - ## @param master.service.internalTrafficPolicy Redis® master service internal traffic policy (requires Kubernetes v1.22 or greater to be usable) - ## ref: https://kubernetes.io/docs/concepts/services-networking/service-traffic-policy/ - ## - internalTrafficPolicy: Cluster - ## @param master.service.clusterIP Redis® master service Cluster IP - ## - clusterIP: "" - ## @param master.service.loadBalancerIP Redis® master service Load Balancer IP - ## ref: https://kubernetes.io/docs/concepts/services-networking/service/#internal-load-balancer - ## - loadBalancerIP: "" - ## @param master.service.loadBalancerClass master service Load Balancer class if service type is `LoadBalancer` (optional, cloud specific) - ## ref: https://kubernetes.io/docs/concepts/services-networking/service/#type-loadbalancer - ## - loadBalancerClass: "" - ## @param master.service.loadBalancerSourceRanges Redis® master service Load Balancer sources - ## https://kubernetes.io/docs/tasks/access-application-cluster/configure-cloud-provider-firewall/#restrict-access-for-loadbalancer-service - ## e.g. - ## loadBalancerSourceRanges: - ## - 10.10.10.0/24 - ## - loadBalancerSourceRanges: [] - ## @param master.service.externalIPs Redis® master service External IPs - ## https://kubernetes.io/docs/concepts/services-networking/service/#external-ips - ## e.g. - ## externalIPs: - ## - 10.10.10.1 - ## - 201.22.30.1 - ## - externalIPs: [] - ## @param master.service.annotations Additional custom annotations for Redis® master service - ## - annotations: {} - ## @param master.service.sessionAffinity Session Affinity for Kubernetes service, can be "None" or "ClientIP" - ## If "ClientIP", consecutive client requests will be directed to the same Pod - ## ref: https://kubernetes.io/docs/concepts/services-networking/service/#virtual-ips-and-service-proxies - ## - sessionAffinity: None - ## @param master.service.sessionAffinityConfig Additional settings for the sessionAffinity - ## sessionAffinityConfig: - ## clientIP: - ## timeoutSeconds: 300 - ## - sessionAffinityConfig: {} - ## @param master.terminationGracePeriodSeconds Integer setting the termination grace period for the redis-master pods - ## - terminationGracePeriodSeconds: 30 - ## ServiceAccount configuration - ## - serviceAccount: - ## @param master.serviceAccount.create Specifies whether a ServiceAccount should be created - ## - create: true - ## @param master.serviceAccount.name The name of the ServiceAccount to use. - ## If not set and create is true, a name is generated using the common.names.fullname template - ## - name: "" - ## @param master.serviceAccount.automountServiceAccountToken Whether to auto mount the service account token - ## ref: https://kubernetes.io/docs/tasks/configure-pod-container/configure-service-account/#use-the-default-service-account-to-access-the-api-server - ## - automountServiceAccountToken: false - ## @param master.serviceAccount.annotations Additional custom annotations for the ServiceAccount - ## - annotations: {} - ## Pod Disruption Budget configuration - ## ref: https://kubernetes.io/docs/tasks/run-application/configure-pdb - ## @param master.pdb.create Enable/disable a Pod Disruption Budget creation - ## @param master.pdb.minAvailable [object] Minimum number/percentage of pods that should remain scheduled - ## @param master.pdb.maxUnavailable [object] Maximum number/percentage of pods that may be made unavailable. Defaults to `1` if both `master.pdb.minAvailable` and `master.pdb.maxUnavailable` are empty. - ## - pdb: - create: true - minAvailable: "" - maxUnavailable: "" - ## @param master.extraPodSpec Optionally specify extra PodSpec for the Redis® master pod(s) - ## - extraPodSpec: {} -## @section Redis® replicas configuration parameters -## -replica: - ## @param replica.kind Use either DaemonSet or StatefulSet (default) - ## ref: https://kubernetes.io/docs/concepts/workloads/controllers/statefulset/ - ## - kind: StatefulSet - ## @param replica.replicaCount Number of Redis® replicas to deploy - ## - replicaCount: 3 - ## @param replica.revisionHistoryLimit The number of old history to retain to allow rollback - ## NOTE: Explicitly setting this field to 0, will result in cleaning up all the history, breaking ability to rollback - revisionHistoryLimit: 10 - ## @param replica.configuration Configuration for Redis® replicas nodes - ## ref: https://redis.io/topics/config - ## - configuration: "" - ## @param replica.disableCommands Array with Redis® commands to disable on replicas nodes - ## Commands will be completely disabled by renaming each to an empty string. - ## ref: https://redis.io/topics/security#disabling-of-specific-commands - ## - disableCommands: - - FLUSHDB - - FLUSHALL - ## @param replica.command Override default container command (useful when using custom images) - ## - command: [] - ## @param replica.args Override default container args (useful when using custom images) - ## - args: [] - ## @param replica.enableServiceLinks Whether information about services should be injected into pod's environment variable - ## - enableServiceLinks: true - ## @param replica.preExecCmds Additional commands to run prior to starting Redis® replicas - ## - preExecCmds: [] - ## @param replica.extraFlags Array with additional command line flags for Redis® replicas - ## e.g: - ## extraFlags: - ## - "--maxmemory-policy volatile-ttl" - ## - "--repl-backlog-size 1024mb" - ## - extraFlags: [] - ## @param replica.extraEnvVars Array with extra environment variables to add to Redis® replicas nodes - ## e.g: - ## extraEnvVars: - ## - name: FOO - ## value: "bar" - ## - extraEnvVars: [] - ## @param replica.extraEnvVarsCM Name of existing ConfigMap containing extra env vars for Redis® replicas nodes - ## - extraEnvVarsCM: "" - ## @param replica.extraEnvVarsSecret Name of existing Secret containing extra env vars for Redis® replicas nodes - ## - extraEnvVarsSecret: "" - ## @param replica.externalMaster.enabled Use external master for bootstrapping - ## @param replica.externalMaster.host External master host to bootstrap from - ## @param replica.externalMaster.port Port for Redis service external master host - ## - externalMaster: - enabled: false - host: "" - port: 6379 - ## @param replica.containerPorts.redis Container port to open on Redis® replicas nodes - ## - containerPorts: - redis: 6379 - ## Configure extra options for Redis® containers' liveness and readiness probes - ## ref: https://kubernetes.io/docs/tasks/configure-pod-container/configure-liveness-readiness-probes/#configure-probes - ## @param replica.startupProbe.enabled Enable startupProbe on Redis® replicas nodes - ## @param replica.startupProbe.initialDelaySeconds Initial delay seconds for startupProbe - ## @param replica.startupProbe.periodSeconds Period seconds for startupProbe - ## @param replica.startupProbe.timeoutSeconds Timeout seconds for startupProbe - ## @param replica.startupProbe.failureThreshold Failure threshold for startupProbe - ## @param replica.startupProbe.successThreshold Success threshold for startupProbe - ## - startupProbe: - enabled: true - initialDelaySeconds: 10 - periodSeconds: 10 - timeoutSeconds: 5 - successThreshold: 1 - failureThreshold: 22 - ## @param replica.livenessProbe.enabled Enable livenessProbe on Redis® replicas nodes - ## @param replica.livenessProbe.initialDelaySeconds Initial delay seconds for livenessProbe - ## @param replica.livenessProbe.periodSeconds Period seconds for livenessProbe - ## @param replica.livenessProbe.timeoutSeconds Timeout seconds for livenessProbe - ## @param replica.livenessProbe.failureThreshold Failure threshold for livenessProbe - ## @param replica.livenessProbe.successThreshold Success threshold for livenessProbe - ## - livenessProbe: - enabled: true - initialDelaySeconds: 20 - periodSeconds: 5 - timeoutSeconds: 5 - successThreshold: 1 - failureThreshold: 5 - ## @param replica.readinessProbe.enabled Enable readinessProbe on Redis® replicas nodes - ## @param replica.readinessProbe.initialDelaySeconds Initial delay seconds for readinessProbe - ## @param replica.readinessProbe.periodSeconds Period seconds for readinessProbe - ## @param replica.readinessProbe.timeoutSeconds Timeout seconds for readinessProbe - ## @param replica.readinessProbe.failureThreshold Failure threshold for readinessProbe - ## @param replica.readinessProbe.successThreshold Success threshold for readinessProbe - ## - readinessProbe: - enabled: true - initialDelaySeconds: 20 - periodSeconds: 5 - timeoutSeconds: 1 - successThreshold: 1 - failureThreshold: 5 - ## @param replica.customStartupProbe Custom startupProbe that overrides the default one - ## - customStartupProbe: {} - ## @param replica.customLivenessProbe Custom livenessProbe that overrides the default one - ## - customLivenessProbe: {} - ## @param replica.customReadinessProbe Custom readinessProbe that overrides the default one - ## - customReadinessProbe: {} - ## Redis® replicas resource requests and limits - ## ref: https://kubernetes.io/docs/concepts/configuration/manage-compute-resources-container/ - ## @param replica.resourcesPreset Set container resources according to one common preset (allowed values: none, nano, micro, small, medium, large, xlarge, 2xlarge). This is ignored if replica.resources is set (replica.resources is recommended for production). - ## More information: https://github.com/bitnami/charts/blob/main/bitnami/common/templates/_resources.tpl#L15 - ## - resourcesPreset: "nano" - ## @param replica.resources Set container requests and limits for different resources like CPU or memory (essential for production workloads) - ## Example: - ## resources: - ## requests: - ## cpu: 2 - ## memory: 512Mi - ## limits: - ## cpu: 3 - ## memory: 1024Mi - ## - resources: {} - ## Configure Pods Security Context - ## ref: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/#set-the-security-context-for-a-pod - ## @param replica.podSecurityContext.enabled Enabled Redis® replicas pods' Security Context - ## @param replica.podSecurityContext.fsGroupChangePolicy Set filesystem group change policy - ## @param replica.podSecurityContext.sysctls Set kernel settings using the sysctl interface - ## @param replica.podSecurityContext.supplementalGroups Set filesystem extra groups - ## @param replica.podSecurityContext.fsGroup Set Redis® replicas pod's Security Context fsGroup - ## - podSecurityContext: - enabled: true - fsGroupChangePolicy: Always - sysctls: [] - supplementalGroups: [] - fsGroup: 1001 - ## Configure Container Security Context - ## ref: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/#set-the-security-context-for-a-pod - ## @param replica.containerSecurityContext.enabled Enabled Redis® replicas containers' Security Context - ## @param replica.containerSecurityContext.seLinuxOptions [object,nullable] Set SELinux options in container - ## @param replica.containerSecurityContext.runAsUser Set Redis® replicas containers' Security Context runAsUser - ## @param replica.containerSecurityContext.runAsGroup Set Redis® replicas containers' Security Context runAsGroup - ## @param replica.containerSecurityContext.runAsNonRoot Set Redis® replicas containers' Security Context runAsNonRoot - ## @param replica.containerSecurityContext.allowPrivilegeEscalation Set Redis® replicas pod's Security Context allowPrivilegeEscalation - ## @param replica.containerSecurityContext.readOnlyRootFilesystem Set container's Security Context read-only root filesystem - ## @param replica.containerSecurityContext.seccompProfile.type Set Redis® replicas containers' Security Context seccompProfile - ## @param replica.containerSecurityContext.capabilities.drop Set Redis® replicas containers' Security Context capabilities to drop - ## - containerSecurityContext: - enabled: true - seLinuxOptions: {} - runAsUser: 1001 - runAsGroup: 1001 - runAsNonRoot: true - allowPrivilegeEscalation: false - readOnlyRootFilesystem: true - seccompProfile: - type: RuntimeDefault - capabilities: - drop: ["ALL"] - ## @param replica.schedulerName Alternate scheduler for Redis® replicas pods - ## ref: https://kubernetes.io/docs/tasks/administer-cluster/configure-multiple-schedulers/ - ## - schedulerName: "" - ## @param replica.updateStrategy.type Redis® replicas statefulset strategy type - ## @skip replica.updateStrategy.rollingUpdate - ## ref: https://kubernetes.io/docs/concepts/workloads/controllers/statefulset/#update-strategies - ## - updateStrategy: - ## StrategyType - ## Can be set to RollingUpdate, OnDelete (statefulset), Recreate (deployment) - ## - type: RollingUpdate - ## @param replica.minReadySeconds How many seconds a pod needs to be ready before killing the next, during update - ## - minReadySeconds: 0 - ## @param replica.priorityClassName Redis® replicas pods' priorityClassName - ## - priorityClassName: "" - ## @param replica.podManagementPolicy podManagementPolicy to manage scaling operation of %%MAIN_CONTAINER_NAME%% pods - ## ref: https://kubernetes.io/docs/concepts/workloads/controllers/statefulset/#pod-management-policies - ## - podManagementPolicy: "" - ## @param replica.automountServiceAccountToken Mount Service Account token in pod - ## - automountServiceAccountToken: false - ## @param replica.hostAliases Redis® replicas pods host aliases - ## https://kubernetes.io/docs/concepts/services-networking/add-entries-to-pod-etc-hosts-with-host-aliases/ - ## - hostAliases: [] - ## @param replica.podLabels Extra labels for Redis® replicas pods - ## ref: https://kubernetes.io/docs/concepts/overview/working-with-objects/labels/ - ## - podLabels: {} - ## @param replica.podAnnotations Annotations for Redis® replicas pods - ## ref: https://kubernetes.io/docs/concepts/overview/working-with-objects/annotations/ - ## - podAnnotations: {} - ## @param replica.shareProcessNamespace Share a single process namespace between all of the containers in Redis® replicas pods - ## ref: https://kubernetes.io/docs/tasks/configure-pod-container/share-process-namespace/ - ## - shareProcessNamespace: false - ## @param replica.podAffinityPreset Pod affinity preset. Ignored if `replica.affinity` is set. Allowed values: `soft` or `hard` - ## ref: https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/#inter-pod-affinity-and-anti-affinity - ## - podAffinityPreset: "" - ## @param replica.podAntiAffinityPreset Pod anti-affinity preset. Ignored if `replica.affinity` is set. Allowed values: `soft` or `hard` - ## ref: https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/#inter-pod-affinity-and-anti-affinity - ## - podAntiAffinityPreset: soft - ## Node affinity preset - ## ref: https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/#node-affinity - ## - nodeAffinityPreset: - ## @param replica.nodeAffinityPreset.type Node affinity preset type. Ignored if `replica.affinity` is set. Allowed values: `soft` or `hard` - ## - type: "" - ## @param replica.nodeAffinityPreset.key Node label key to match. Ignored if `replica.affinity` is set - ## - key: "" - ## @param replica.nodeAffinityPreset.values Node label values to match. Ignored if `replica.affinity` is set - ## E.g. - ## values: - ## - e2e-az1 - ## - e2e-az2 - ## - values: [] - ## @param replica.affinity Affinity for Redis® replicas pods assignment - ## ref: https://kubernetes.io/docs/concepts/configuration/assign-pod-node/#affinity-and-anti-affinity - ## NOTE: `replica.podAffinityPreset`, `replica.podAntiAffinityPreset`, and `replica.nodeAffinityPreset` will be ignored when it's set - ## - affinity: {} - ## @param replica.nodeSelector Node labels for Redis® replicas pods assignment - ## ref: https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/ - ## - nodeSelector: {} - ## @param replica.tolerations Tolerations for Redis® replicas pods assignment - ## ref: https://kubernetes.io/docs/concepts/configuration/taint-and-toleration/ - ## - tolerations: [] - ## @param replica.topologySpreadConstraints Spread Constraints for Redis® replicas pod assignment - ## ref: https://kubernetes.io/docs/concepts/workloads/pods/pod-topology-spread-constraints/ - ## E.g. - ## topologySpreadConstraints: - ## - maxSkew: 1 - ## topologyKey: node - ## whenUnsatisfiable: DoNotSchedule - ## - topologySpreadConstraints: [] - ## @param replica.dnsPolicy DNS Policy for Redis® replica pods - ## ref: https://kubernetes.io/docs/concepts/services-networking/dns-pod-service/ - ## E.g. - ## dnsPolicy: ClusterFirst - ## - dnsPolicy: "" - ## @param replica.dnsConfig DNS Configuration for Redis® replica pods - ## ref: https://kubernetes.io/docs/concepts/services-networking/dns-pod-service/ - ## E.g. - ## dnsConfig: - ## options: - ## - name: ndots - ## value: "4" - ## - name: single-request-reopen - ## - dnsConfig: {} - ## @param replica.lifecycleHooks for the Redis® replica container(s) to automate configuration before or after startup - ## - lifecycleHooks: {} - ## @param replica.extraVolumes Optionally specify extra list of additional volumes for the Redis® replicas pod(s) - ## - extraVolumes: [] - ## @param replica.extraVolumeMounts Optionally specify extra list of additional volumeMounts for the Redis® replicas container(s) - ## - extraVolumeMounts: [] - ## @param replica.sidecars Add additional sidecar containers to the Redis® replicas pod(s) - ## e.g: - ## sidecars: - ## - name: your-image-name - ## image: your-image - ## imagePullPolicy: Always - ## ports: - ## - name: portname - ## containerPort: 1234 - ## - sidecars: [] - ## @param replica.initContainers Add additional init containers to the Redis® replicas pod(s) - ## ref: https://kubernetes.io/docs/concepts/workloads/pods/init-containers/ - ## e.g: - ## initContainers: - ## - name: your-image-name - ## image: your-image - ## imagePullPolicy: Always - ## command: ['sh', '-c', 'echo "hello world"'] - ## - initContainers: [] - ## Persistence Parameters - ## ref: https://kubernetes.io/docs/concepts/storage/persistent-volumes/ - ## - persistence: - ## @param replica.persistence.enabled Enable persistence on Redis® replicas nodes using Persistent Volume Claims - ## - enabled: true - ## @param replica.persistence.medium Provide a medium for `emptyDir` volumes. - ## - medium: "" - ## @param replica.persistence.sizeLimit Set this to enable a size limit for `emptyDir` volumes. - ## - sizeLimit: "" - ## @param replica.persistence.path The path the volume will be mounted at on Redis® replicas containers - ## NOTE: Useful when using different Redis® images - ## - path: /data - ## @param replica.persistence.subPath The subdirectory of the volume to mount on Redis® replicas containers - ## NOTE: Useful in dev environments - ## - subPath: "" - ## @param replica.persistence.subPathExpr Used to construct the subPath subdirectory of the volume to mount on Redis® replicas containers - ## - subPathExpr: "" - ## @param replica.persistence.storageClass Persistent Volume storage class - ## If defined, storageClassName: - ## If set to "-", storageClassName: "", which disables dynamic provisioning - ## If undefined (the default) or set to null, no storageClassName spec is set, choosing the default provisioner - ## - storageClass: "" - ## @param replica.persistence.accessModes Persistent Volume access modes - ## - accessModes: - - ReadWriteOnce - ## @param replica.persistence.size Persistent Volume size - ## - size: 8Gi - ## @param replica.persistence.annotations Additional custom annotations for the PVC - ## - annotations: {} - ## @param replica.persistence.labels Additional custom labels for the PVC - ## - labels: {} - ## @param replica.persistence.selector Additional labels to match for the PVC - ## e.g: - ## selector: - ## matchLabels: - ## app: my-app - ## - selector: {} - ## @param replica.persistence.dataSource Custom PVC data source - ## - dataSource: {} - ## @param replica.persistence.existingClaim Use a existing PVC which must be created manually before bound - ## NOTE: requires replica.persistence.enabled: true - ## - existingClaim: "" - ## persistentVolumeClaimRetentionPolicy - ## ref: https://kubernetes.io/docs/concepts/workloads/controllers/statefulset/#persistentvolumeclaim-retention - ## @param replica.persistentVolumeClaimRetentionPolicy.enabled Controls if and how PVCs are deleted during the lifecycle of a StatefulSet - ## @param replica.persistentVolumeClaimRetentionPolicy.whenScaled Volume retention behavior when the replica count of the StatefulSet is reduced - ## @param replica.persistentVolumeClaimRetentionPolicy.whenDeleted Volume retention behavior that applies when the StatefulSet is deleted - ## - persistentVolumeClaimRetentionPolicy: - enabled: false - whenScaled: Retain - whenDeleted: Retain - ## Redis® replicas service parameters - ## - service: - ## @param replica.service.type Redis® replicas service type - ## - type: ClusterIP - ## @param replica.service.ports.redis Redis® replicas service port - ## - ports: - redis: 6379 - ## @param replica.service.nodePorts.redis Node port for Redis® replicas - ## ref: https://kubernetes.io/docs/concepts/services-networking/service/#type-nodeport - ## NOTE: choose port between <30000-32767> - ## - nodePorts: - redis: "" - ## @param replica.service.externalTrafficPolicy Redis® replicas service external traffic policy - ## ref: https://kubernetes.io/docs/tasks/access-application-cluster/create-external-load-balancer/#preserving-the-client-source-ip - ## - externalTrafficPolicy: Cluster - ## @param replica.service.internalTrafficPolicy Redis® replicas service internal traffic policy (requires Kubernetes v1.22 or greater to be usable) - ## ref: https://kubernetes.io/docs/concepts/services-networking/service-traffic-policy/ - ## - internalTrafficPolicy: Cluster - ## @param replica.service.extraPorts Extra ports to expose (normally used with the `sidecar` value) - ## - extraPorts: [] - ## @param replica.service.clusterIP Redis® replicas service Cluster IP - ## - clusterIP: "" - ## @param replica.service.loadBalancerIP Redis® replicas service Load Balancer IP - ## ref: https://kubernetes.io/docs/concepts/services-networking/service/#internal-load-balancer - ## - loadBalancerIP: "" - ## @param replica.service.loadBalancerClass replicas service Load Balancer class if service type is `LoadBalancer` (optional, cloud specific) - ## ref: https://kubernetes.io/docs/concepts/services-networking/service/#type-loadbalancer - ## - loadBalancerClass: "" - ## @param replica.service.loadBalancerSourceRanges Redis® replicas service Load Balancer sources - ## https://kubernetes.io/docs/tasks/access-application-cluster/configure-cloud-provider-firewall/#restrict-access-for-loadbalancer-service - ## e.g. - ## loadBalancerSourceRanges: - ## - 10.10.10.0/24 - ## - loadBalancerSourceRanges: [] - ## @param replica.service.annotations Additional custom annotations for Redis® replicas service - ## - annotations: {} - ## @param replica.service.sessionAffinity Session Affinity for Kubernetes service, can be "None" or "ClientIP" - ## If "ClientIP", consecutive client requests will be directed to the same Pod - ## ref: https://kubernetes.io/docs/concepts/services-networking/service/#virtual-ips-and-service-proxies - ## - sessionAffinity: None - ## @param replica.service.sessionAffinityConfig Additional settings for the sessionAffinity - ## sessionAffinityConfig: - ## clientIP: - ## timeoutSeconds: 300 - ## - sessionAffinityConfig: {} - ## @param replica.terminationGracePeriodSeconds Integer setting the termination grace period for the redis-replicas pods - ## - terminationGracePeriodSeconds: 30 - ## Autoscaling configuration - ## - autoscaling: - ## @param replica.autoscaling.enabled Enable replica autoscaling settings - ## - enabled: false - ## @param replica.autoscaling.minReplicas Minimum replicas for the pod autoscaling - ## - minReplicas: 1 - ## @param replica.autoscaling.maxReplicas Maximum replicas for the pod autoscaling - ## - maxReplicas: 11 - ## @param replica.autoscaling.targetCPU Percentage of CPU to consider when autoscaling - ## - targetCPU: "" - ## @param replica.autoscaling.targetMemory Percentage of Memory to consider when autoscaling - ## - targetMemory: "" - ## ServiceAccount configuration - ## - serviceAccount: - ## @param replica.serviceAccount.create Specifies whether a ServiceAccount should be created - ## - create: true - ## @param replica.serviceAccount.name The name of the ServiceAccount to use. - ## If not set and create is true, a name is generated using the common.names.fullname template - ## - name: "" - ## @param replica.serviceAccount.automountServiceAccountToken Whether to auto mount the service account token - ## ref: https://kubernetes.io/docs/tasks/configure-pod-container/configure-service-account/#use-the-default-service-account-to-access-the-api-server - ## - automountServiceAccountToken: false - ## @param replica.serviceAccount.annotations Additional custom annotations for the ServiceAccount - ## - annotations: {} - ## Pod Disruption Budget configuration - ## ref: https://kubernetes.io/docs/tasks/run-application/configure-pdb - ## @param replica.pdb.create Enable/disable a Pod Disruption Budget creation - ## @param replica.pdb.minAvailable [object] Minimum number/percentage of pods that should remain scheduled - ## @param replica.pdb.maxUnavailable [object] Maximum number/percentage of pods that may be made unavailable. Defaults to `1` if both `replica.pdb.minAvailable` and `replica.pdb.maxUnavailable` are empty. - ## - pdb: - create: true - minAvailable: "" - maxUnavailable: "" - ## @param replica.extraPodSpec Optionally specify extra PodSpec for the Redis® replicas pod(s) - ## - extraPodSpec: {} -## @section Redis® Sentinel configuration parameters -## - -sentinel: - ## @param sentinel.enabled Use Redis® Sentinel on Redis® pods. - ## IMPORTANT: this will disable the master and replicas services and - ## create a single Redis® service exposing both the Redis and Sentinel ports - ## - enabled: false - ## Bitnami Redis® Sentinel image version - ## ref: https://hub.docker.com/r/bitnami/redis-sentinel/tags/ - ## @param sentinel.image.registry [default: REGISTRY_NAME] Redis® Sentinel image registry - ## @param sentinel.image.repository [default: REPOSITORY_NAME/redis-sentinel] Redis® Sentinel image repository - ## @skip sentinel.image.tag Redis® Sentinel image tag (immutable tags are recommended) - ## @param sentinel.image.digest Redis® Sentinel image digest in the way sha256:aa.... Please note this parameter, if set, will override the tag - ## @param sentinel.image.pullPolicy Redis® Sentinel image pull policy - ## @param sentinel.image.pullSecrets Redis® Sentinel image pull secrets - ## @param sentinel.image.debug Enable image debug mode - ## - image: - registry: docker.io - repository: bitnami/redis-sentinel - tag: 7.4.1-debian-12-r0 - digest: "" - ## Specify a imagePullPolicy - ## Defaults to 'Always' if image tag is 'latest', else set to 'IfNotPresent' - ## ref: https://kubernetes.io/docs/concepts/containers/images/#pre-pulled-images - ## - pullPolicy: IfNotPresent - ## Optionally specify an array of imagePullSecrets. - ## Secrets must be manually created in the namespace. - ## ref: https://kubernetes.io/docs/tasks/configure-pod-container/pull-image-private-registry/ - ## e.g: - ## pullSecrets: - ## - myRegistryKeySecretName - ## - pullSecrets: [] - ## Enable debug mode - ## - debug: false - ## @param sentinel.annotations Additional custom annotations for Redis® Sentinel resource - ## - annotations: {} - ## @param sentinel.masterSet Master set name - ## - masterSet: mymaster - ## @param sentinel.quorum Sentinel Quorum - ## - quorum: 2 - ## @param sentinel.getMasterTimeout Amount of time to allow before get_sentinel_master_info() times out. - ## - getMasterTimeout: 90 - ## @param sentinel.automateClusterRecovery Automate cluster recovery in cases where the last replica is not considered a good replica and Sentinel won't automatically failover to it. - ## This also prevents any new replica from starting until the last remaining replica is elected as master to guarantee that it is the one to be elected by Sentinel, and not a newly started replica with no data. - ## NOTE: This feature requires a "downAfterMilliseconds" value less or equal to 2000. - ## - automateClusterRecovery: false - ## @param sentinel.redisShutdownWaitFailover Whether the Redis® master container waits for the failover at shutdown (in addition to the Redis® Sentinel container). - ## - redisShutdownWaitFailover: true - ## Sentinel timing restrictions - ## @param sentinel.downAfterMilliseconds Timeout for detecting a Redis® node is down - ## @param sentinel.failoverTimeout Timeout for performing a election failover - ## - downAfterMilliseconds: 60000 - failoverTimeout: 180000 - ## @param sentinel.parallelSyncs Number of replicas that can be reconfigured in parallel to use the new master after a failover - ## - parallelSyncs: 1 - ## @param sentinel.configuration Configuration for Redis® Sentinel nodes - ## ref: https://redis.io/topics/sentinel - ## - configuration: "" - ## @param sentinel.command Override default container command (useful when using custom images) - ## - command: [] - ## @param sentinel.args Override default container args (useful when using custom images) - ## - args: [] - ## @param sentinel.enableServiceLinks Whether information about services should be injected into pod's environment variable - ## - enableServiceLinks: true - ## @param sentinel.preExecCmds Additional commands to run prior to starting Redis® Sentinel - ## - preExecCmds: [] - ## @param sentinel.extraEnvVars Array with extra environment variables to add to Redis® Sentinel nodes - ## e.g: - ## extraEnvVars: - ## - name: FOO - ## value: "bar" - ## - extraEnvVars: [] - ## @param sentinel.extraEnvVarsCM Name of existing ConfigMap containing extra env vars for Redis® Sentinel nodes - ## - extraEnvVarsCM: "" - ## @param sentinel.extraEnvVarsSecret Name of existing Secret containing extra env vars for Redis® Sentinel nodes - ## - extraEnvVarsSecret: "" - ## @param sentinel.externalMaster.enabled Use external master for bootstrapping - ## @param sentinel.externalMaster.host External master host to bootstrap from - ## @param sentinel.externalMaster.port Port for Redis service external master host - ## - externalMaster: - enabled: false - host: "" - port: 6379 - ## @param sentinel.containerPorts.sentinel Container port to open on Redis® Sentinel nodes - ## - containerPorts: - sentinel: 26379 - ## Configure extra options for Redis® containers' liveness and readiness probes - ## ref: https://kubernetes.io/docs/tasks/configure-pod-container/configure-liveness-readiness-probes/#configure-probes - ## @param sentinel.startupProbe.enabled Enable startupProbe on Redis® Sentinel nodes - ## @param sentinel.startupProbe.initialDelaySeconds Initial delay seconds for startupProbe - ## @param sentinel.startupProbe.periodSeconds Period seconds for startupProbe - ## @param sentinel.startupProbe.timeoutSeconds Timeout seconds for startupProbe - ## @param sentinel.startupProbe.failureThreshold Failure threshold for startupProbe - ## @param sentinel.startupProbe.successThreshold Success threshold for startupProbe - ## - startupProbe: - enabled: true - initialDelaySeconds: 10 - periodSeconds: 10 - timeoutSeconds: 5 - successThreshold: 1 - failureThreshold: 22 - ## @param sentinel.livenessProbe.enabled Enable livenessProbe on Redis® Sentinel nodes - ## @param sentinel.livenessProbe.initialDelaySeconds Initial delay seconds for livenessProbe - ## @param sentinel.livenessProbe.periodSeconds Period seconds for livenessProbe - ## @param sentinel.livenessProbe.timeoutSeconds Timeout seconds for livenessProbe - ## @param sentinel.livenessProbe.failureThreshold Failure threshold for livenessProbe - ## @param sentinel.livenessProbe.successThreshold Success threshold for livenessProbe - ## - livenessProbe: - enabled: true - initialDelaySeconds: 20 - periodSeconds: 10 - timeoutSeconds: 5 - successThreshold: 1 - failureThreshold: 6 - ## @param sentinel.readinessProbe.enabled Enable readinessProbe on Redis® Sentinel nodes - ## @param sentinel.readinessProbe.initialDelaySeconds Initial delay seconds for readinessProbe - ## @param sentinel.readinessProbe.periodSeconds Period seconds for readinessProbe - ## @param sentinel.readinessProbe.timeoutSeconds Timeout seconds for readinessProbe - ## @param sentinel.readinessProbe.failureThreshold Failure threshold for readinessProbe - ## @param sentinel.readinessProbe.successThreshold Success threshold for readinessProbe - ## - readinessProbe: - enabled: true - initialDelaySeconds: 20 - periodSeconds: 5 - timeoutSeconds: 1 - successThreshold: 1 - failureThreshold: 6 - ## @param sentinel.customStartupProbe Custom startupProbe that overrides the default one - ## - customStartupProbe: {} - ## @param sentinel.customLivenessProbe Custom livenessProbe that overrides the default one - ## - customLivenessProbe: {} - ## @param sentinel.customReadinessProbe Custom readinessProbe that overrides the default one - ## - customReadinessProbe: {} - ## Persistence parameters - ## ref: https://kubernetes.io/docs/concepts/storage/persistent-volumes/ - ## - persistence: - ## @param sentinel.persistence.enabled Enable persistence on Redis® sentinel nodes using Persistent Volume Claims (Experimental) - ## - enabled: false - ## @param sentinel.persistence.storageClass Persistent Volume storage class - ## If defined, storageClassName: - ## If set to "-", storageClassName: "", which disables dynamic provisioning - ## If undefined (the default) or set to null, no storageClassName spec is set, choosing the default provisioner - ## - storageClass: "" - ## @param sentinel.persistence.accessModes Persistent Volume access modes - ## - accessModes: - - ReadWriteOnce - ## @param sentinel.persistence.size Persistent Volume size - ## - size: 100Mi - ## @param sentinel.persistence.annotations Additional custom annotations for the PVC - ## - annotations: {} - ## @param sentinel.persistence.labels Additional custom labels for the PVC - ## - labels: {} - ## @param sentinel.persistence.selector Additional labels to match for the PVC - ## e.g: - ## selector: - ## matchLabels: - ## app: my-app - ## - selector: {} - ## @param sentinel.persistence.dataSource Custom PVC data source - ## - dataSource: {} - ## @param sentinel.persistence.medium Provide a medium for `emptyDir` volumes. - ## - medium: "" - ## @param sentinel.persistence.sizeLimit Set this to enable a size limit for `emptyDir` volumes. - ## - sizeLimit: "" - ## persistentVolumeClaimRetentionPolicy - ## ref: https://kubernetes.io/docs/concepts/workloads/controllers/statefulset/#persistentvolumeclaim-retention - ## @param sentinel.persistentVolumeClaimRetentionPolicy.enabled Controls if and how PVCs are deleted during the lifecycle of a StatefulSet - ## @param sentinel.persistentVolumeClaimRetentionPolicy.whenScaled Volume retention behavior when the replica count of the StatefulSet is reduced - ## @param sentinel.persistentVolumeClaimRetentionPolicy.whenDeleted Volume retention behavior that applies when the StatefulSet is deleted - ## - persistentVolumeClaimRetentionPolicy: - enabled: false - whenScaled: Retain - whenDeleted: Retain - ## Redis® Sentinel resource requests and limits - ## ref: https://kubernetes.io/docs/concepts/configuration/manage-compute-resources-container/ - ## @param sentinel.resourcesPreset Set container resources according to one common preset (allowed values: none, nano, micro, small, medium, large, xlarge, 2xlarge). This is ignored if sentinel.resources is set (sentinel.resources is recommended for production). - ## More information: https://github.com/bitnami/charts/blob/main/bitnami/common/templates/_resources.tpl#L15 - ## - resourcesPreset: "nano" - ## @param sentinel.resources Set container requests and limits for different resources like CPU or memory (essential for production workloads) - ## Example: - ## resources: - ## requests: - ## cpu: 2 - ## memory: 512Mi - ## limits: - ## cpu: 3 - ## memory: 1024Mi - ## - resources: {} - ## Configure Container Security Context - ## ref: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/#set-the-security-context-for-a-pod - ## @param sentinel.containerSecurityContext.enabled Enabled Redis® Sentinel containers' Security Context - ## @param sentinel.containerSecurityContext.seLinuxOptions [object,nullable] Set SELinux options in container - ## @param sentinel.containerSecurityContext.runAsUser Set Redis® Sentinel containers' Security Context runAsUser - ## @param sentinel.containerSecurityContext.runAsGroup Set Redis® Sentinel containers' Security Context runAsGroup - ## @param sentinel.containerSecurityContext.runAsNonRoot Set Redis® Sentinel containers' Security Context runAsNonRoot - ## @param sentinel.containerSecurityContext.readOnlyRootFilesystem Set container's Security Context read-only root filesystem - ## @param sentinel.containerSecurityContext.allowPrivilegeEscalation Set Redis® Sentinel containers' Security Context allowPrivilegeEscalation - ## @param sentinel.containerSecurityContext.seccompProfile.type Set Redis® Sentinel containers' Security Context seccompProfile - ## @param sentinel.containerSecurityContext.capabilities.drop Set Redis® Sentinel containers' Security Context capabilities to drop - ## - containerSecurityContext: - enabled: true - seLinuxOptions: {} - runAsUser: 1001 - runAsGroup: 1001 - runAsNonRoot: true - allowPrivilegeEscalation: false - readOnlyRootFilesystem: true - seccompProfile: - type: RuntimeDefault - capabilities: - drop: ["ALL"] - ## @param sentinel.lifecycleHooks for the Redis® sentinel container(s) to automate configuration before or after startup - ## - lifecycleHooks: {} - ## @param sentinel.extraVolumes Optionally specify extra list of additional volumes for the Redis® Sentinel - ## - extraVolumes: [] - ## @param sentinel.extraVolumeMounts Optionally specify extra list of additional volumeMounts for the Redis® Sentinel container(s) - ## - extraVolumeMounts: [] - ## Redis® Sentinel service parameters - ## Note: values passed in this section also configure the master service, unless the sentinel.masterService is explicitly overridden. - service: - ## @param sentinel.service.type Redis® Sentinel service type - ## - type: ClusterIP - ## @param sentinel.service.ports.redis Redis® service port for Redis® - ## @param sentinel.service.ports.sentinel Redis® service port for Redis® Sentinel - ## - ports: - redis: 6379 - sentinel: 26379 - ## @param sentinel.service.nodePorts.redis Node port for Redis® - ## @param sentinel.service.nodePorts.sentinel Node port for Sentinel - ## ref: https://kubernetes.io/docs/concepts/services-networking/service/#type-nodeport - ## NOTE: choose port between <30000-32767> - ## NOTE: By leaving these values blank, they will be generated by ports-configmap - ## If setting manually, please leave at least replica.replicaCount + 1 in between sentinel.service.nodePorts.redis and sentinel.service.nodePorts.sentinel to take into account the ports that will be created while incrementing that base port - ## - nodePorts: - redis: "" - sentinel: "" - ## @param sentinel.service.externalTrafficPolicy Redis® Sentinel service external traffic policy - ## ref: https://kubernetes.io/docs/tasks/access-application-cluster/create-external-load-balancer/#preserving-the-client-source-ip - ## - externalTrafficPolicy: Cluster - ## @param sentinel.service.extraPorts Extra ports to expose (normally used with the `sidecar` value) - ## - extraPorts: [] - ## @param sentinel.service.clusterIP Redis® Sentinel service Cluster IP - ## - clusterIP: "" - ## @param sentinel.service.createMaster Enable master service pointing to the current master (experimental) - ## NOTE: rbac.create need to be set to true - ## - createMaster: false - - ## @param sentinel.service.loadBalancerIP Redis® Sentinel service Load Balancer IP - ## ref: https://kubernetes.io/docs/concepts/services-networking/service/#internal-load-balancer - ## - loadBalancerIP: "" - ## @param sentinel.service.loadBalancerClass sentinel service Load Balancer class if service type is `LoadBalancer` (optional, cloud specific) - ## ref: https://kubernetes.io/docs/concepts/services-networking/service/#type-loadbalancer - ## - loadBalancerClass: "" - ## @param sentinel.service.loadBalancerSourceRanges Redis® Sentinel service Load Balancer sources - ## https://kubernetes.io/docs/tasks/access-application-cluster/configure-cloud-provider-firewall/#restrict-access-for-loadbalancer-service - ## e.g. - ## loadBalancerSourceRanges: - ## - 10.10.10.0/24 - ## - loadBalancerSourceRanges: [] - ## @param sentinel.service.annotations Additional custom annotations for Redis® Sentinel service - ## - annotations: {} - ## @param sentinel.service.sessionAffinity Session Affinity for Kubernetes service, can be "None" or "ClientIP" - ## If "ClientIP", consecutive client requests will be directed to the same Pod - ## ref: https://kubernetes.io/docs/concepts/services-networking/service/#virtual-ips-and-service-proxies - ## - sessionAffinity: None - ## @param sentinel.service.sessionAffinityConfig Additional settings for the sessionAffinity - ## sessionAffinityConfig: - ## clientIP: - ## timeoutSeconds: 300 - ## - sessionAffinityConfig: {} - ## Headless service properties - ## - headless: - ## @param sentinel.service.headless.annotations Annotations for the headless service. - ## - annotations: {} - - ## Redis® master service parameters - ## - masterService: - ## @param sentinel.masterService.enabled Enable master service pointing to the current master (experimental) - ## NOTE: rbac.create need to be set to true - ## - enabled: false - ## @param sentinel.masterService.type Redis® Sentinel master service type - ## - type: ClusterIP - ## @param sentinel.masterService.ports.redis Redis® service port for Redis® - ## - ports: - redis: 6379 - ## @param sentinel.masterService.nodePorts.redis Node port for Redis® - ## ref: https://kubernetes.io/docs/concepts/services-networking/service/#type-nodeport - ## NOTE: choose port between <30000-32767> - ## NOTE: By leaving these values blank, they will be generated by ports-configmap - ## If setting manually, please leave at least replica.replicaCount + 1 in between sentinel.service.nodePorts.redis and sentinel.service.nodePorts.sentinel to take into account the ports that will be created while incrementing that base port - ## - nodePorts: - redis: "" - ## @param sentinel.masterService.externalTrafficPolicy Redis® master service external traffic policy - ## ref: https://kubernetes.io/docs/tasks/access-application-cluster/create-external-load-balancer/#preserving-the-client-source-ip - ## - externalTrafficPolicy: "" - ## @param sentinel.masterService.extraPorts Extra ports to expose (normally used with the `sidecar` value) - ## - extraPorts: [] - ## @param sentinel.masterService.clusterIP Redis® master service Cluster IP - ## - clusterIP: "" - ## @param sentinel.masterService.loadBalancerIP Redis® master service Load Balancer IP - ## ref: https://kubernetes.io/docs/concepts/services-networking/service/#internal-load-balancer - ## - loadBalancerIP: "" - ## @param sentinel.masterService.loadBalancerClass master service Load Balancer class if service type is `LoadBalancer` (optional, cloud specific) - ## ref: https://kubernetes.io/docs/concepts/services-networking/service/#type-loadbalancer - ## - loadBalancerClass: "" - ## @param sentinel.masterService.loadBalancerSourceRanges Redis® master service Load Balancer sources - ## https://kubernetes.io/docs/tasks/access-application-cluster/configure-cloud-provider-firewall/#restrict-access-for-loadbalancer-service - ## e.g. - ## loadBalancerSourceRanges: - ## - 10.10.10.0/24 - ## - loadBalancerSourceRanges: [] - ## @param sentinel.masterService.annotations Additional custom annotations for Redis® master service - ## - annotations: {} - ## @param sentinel.masterService.sessionAffinity Session Affinity for Kubernetes service, can be "None" or "ClientIP" - ## If "ClientIP", consecutive client requests will be directed to the same Pod - ## ref: https://kubernetes.io/docs/concepts/services-networking/service/#virtual-ips-and-service-proxies - ## - sessionAffinity: None - ## @param sentinel.masterService.sessionAffinityConfig Additional settings for the sessionAffinity - ## sessionAffinityConfig: - ## clientIP: - ## timeoutSeconds: 300 - ## - sessionAffinityConfig: {} - ## @param sentinel.terminationGracePeriodSeconds Integer setting the termination grace period for the redis-node pods - ## - terminationGracePeriodSeconds: 30 - ## @param sentinel.extraPodSpec Optionally specify extra PodSpec for the Redis® Sentinel pod(s) - ## - extraPodSpec: {} -## @section Other Parameters -## - -## @param serviceBindings.enabled Create secret for service binding (Experimental) -## Ref: https://servicebinding.io/service-provider/ -## -serviceBindings: - enabled: false -## Network Policy configuration -## ref: https://kubernetes.io/docs/concepts/services-networking/network-policies/ -## -networkPolicy: - ## @param networkPolicy.enabled Enable creation of NetworkPolicy resources - ## - enabled: true - ## @param networkPolicy.allowExternal Don't require client label for connections - ## When set to false, only pods with the correct client label will have network access to the ports - ## Redis® is listening on. When true, Redis® will accept connections from any source - ## (with the correct destination port). - ## - allowExternal: true - ## @param networkPolicy.allowExternalEgress Allow the pod to access any range of port and all destinations. - ## - allowExternalEgress: true - ## @param networkPolicy.extraIngress Add extra ingress rules to the NetworkPolicy - ## e.g: - ## extraIngress: - ## - ports: - ## - port: 1234 - ## from: - ## - podSelector: - ## - matchLabels: - ## - role: frontend - ## - podSelector: - ## - matchExpressions: - ## - key: role - ## operator: In - ## values: - ## - frontend - ## - extraIngress: [] - ## @param networkPolicy.extraEgress Add extra egress rules to the NetworkPolicy - ## e.g: - ## extraEgress: - ## - ports: - ## - port: 1234 - ## to: - ## - podSelector: - ## - matchLabels: - ## - role: frontend - ## - podSelector: - ## - matchExpressions: - ## - key: role - ## operator: In - ## values: - ## - frontend - ## - extraEgress: [] - ## @param networkPolicy.ingressNSMatchLabels Labels to match to allow traffic from other namespaces - ## @param networkPolicy.ingressNSPodMatchLabels Pod labels to match to allow traffic from other namespaces - ## - ingressNSMatchLabels: {} - ingressNSPodMatchLabels: {} - metrics: - ## @param networkPolicy.metrics.allowExternal Don't require client label for connections for metrics endpoint - ## When set to false, only pods with the correct client label will have network access to the metrics port - ## - allowExternal: true - ## @param networkPolicy.metrics.ingressNSMatchLabels Labels to match to allow traffic from other namespaces to metrics endpoint - ## @param networkPolicy.metrics.ingressNSPodMatchLabels Pod labels to match to allow traffic from other namespaces to metrics endpoint - ## - ingressNSMatchLabels: {} - ingressNSPodMatchLabels: {} -## PodSecurityPolicy configuration -## ref: https://kubernetes.io/docs/concepts/policy/pod-security-policy/ -## -podSecurityPolicy: - ## @param podSecurityPolicy.create Whether to create a PodSecurityPolicy. WARNING: PodSecurityPolicy is deprecated in Kubernetes v1.21 or later, unavailable in v1.25 or later - ## - create: false - ## @param podSecurityPolicy.enabled Enable PodSecurityPolicy's RBAC rules - ## - enabled: false -## RBAC configuration -## -rbac: - ## @param rbac.create Specifies whether RBAC resources should be created - ## - create: false - ## @param rbac.rules Custom RBAC rules to set - ## e.g: - ## rules: - ## - apiGroups: - ## - "" - ## resources: - ## - pods - ## verbs: - ## - get - ## - list - ## - rules: [] -## ServiceAccount configuration -## -serviceAccount: - ## @param serviceAccount.create Specifies whether a ServiceAccount should be created - ## - create: true - ## @param serviceAccount.name The name of the ServiceAccount to use. - ## If not set and create is true, a name is generated using the common.names.fullname template - ## - name: "" - ## @param serviceAccount.automountServiceAccountToken Whether to auto mount the service account token - ## ref: https://kubernetes.io/docs/tasks/configure-pod-container/configure-service-account/#use-the-default-service-account-to-access-the-api-server - ## - automountServiceAccountToken: false - ## @param serviceAccount.annotations Additional custom annotations for the ServiceAccount - ## - annotations: {} -## Redis® Pod Disruption Budget configuration -## ref: https://kubernetes.io/docs/tasks/run-application/configure-pdb/ -## @param pdb DEPRECATED Please use `master.pdb` and `replica.pdb` values instead -## -pdb: {} -## TLS configuration -## -tls: - ## @param tls.enabled Enable TLS traffic - ## - enabled: false - ## @param tls.authClients Require clients to authenticate - ## - authClients: true - ## @param tls.autoGenerated Enable autogenerated certificates - ## - autoGenerated: false - ## @param tls.existingSecret The name of the existing secret that contains the TLS certificates - ## - existingSecret: "" - ## @param tls.certificatesSecret DEPRECATED. Use existingSecret instead. - ## - certificatesSecret: "" - ## @param tls.certFilename Certificate filename - ## - certFilename: "" - ## @param tls.certKeyFilename Certificate Key filename - ## - certKeyFilename: "" - ## @param tls.certCAFilename CA Certificate filename - ## - certCAFilename: "" - ## @param tls.dhParamsFilename File containing DH params (in order to support DH based ciphers) - ## - dhParamsFilename: "" -## @section Metrics Parameters -## -metrics: - ## @param metrics.enabled Start a sidecar prometheus exporter to expose Redis® metrics - ## - enabled: false - ## Bitnami Redis® Exporter image - ## ref: https://hub.docker.com/r/bitnami/redis-exporter/tags/ - ## @param metrics.image.registry [default: REGISTRY_NAME] Redis® Exporter image registry - ## @param metrics.image.repository [default: REPOSITORY_NAME/redis-exporter] Redis® Exporter image repository - ## @skip metrics.image.tag Redis® Exporter image tag (immutable tags are recommended) - ## @param metrics.image.digest Redis® Exporter image digest in the way sha256:aa.... Please note this parameter, if set, will override the tag - ## @param metrics.image.pullPolicy Redis® Exporter image pull policy - ## @param metrics.image.pullSecrets Redis® Exporter image pull secrets - ## - image: - registry: docker.io - repository: bitnami/redis-exporter - tag: 1.63.0-debian-12-r1 - digest: "" - pullPolicy: IfNotPresent - ## Optionally specify an array of imagePullSecrets. - ## Secrets must be manually created in the namespace. - ## ref: https://kubernetes.io/docs/tasks/configure-pod-container/pull-image-private-registry/ - ## e.g: - ## pullSecrets: - ## - myRegistryKeySecretName - ## - pullSecrets: [] - ## @param metrics.containerPorts.http Metrics HTTP container port - ## - containerPorts: - http: 9121 - ## Configure extra options for Redis® containers' liveness, readiness & startup probes - ## ref: https://kubernetes.io/docs/tasks/configure-pod-container/configure-liveness-readiness-startup-probes/ - ## @param metrics.startupProbe.enabled Enable startupProbe on Redis® replicas nodes - ## @param metrics.startupProbe.initialDelaySeconds Initial delay seconds for startupProbe - ## @param metrics.startupProbe.periodSeconds Period seconds for startupProbe - ## @param metrics.startupProbe.timeoutSeconds Timeout seconds for startupProbe - ## @param metrics.startupProbe.failureThreshold Failure threshold for startupProbe - ## @param metrics.startupProbe.successThreshold Success threshold for startupProbe - ## - startupProbe: - enabled: false - initialDelaySeconds: 10 - periodSeconds: 10 - timeoutSeconds: 5 - successThreshold: 1 - failureThreshold: 5 - ## @param metrics.livenessProbe.enabled Enable livenessProbe on Redis® replicas nodes - ## @param metrics.livenessProbe.initialDelaySeconds Initial delay seconds for livenessProbe - ## @param metrics.livenessProbe.periodSeconds Period seconds for livenessProbe - ## @param metrics.livenessProbe.timeoutSeconds Timeout seconds for livenessProbe - ## @param metrics.livenessProbe.failureThreshold Failure threshold for livenessProbe - ## @param metrics.livenessProbe.successThreshold Success threshold for livenessProbe - ## - livenessProbe: - enabled: true - initialDelaySeconds: 10 - periodSeconds: 10 - timeoutSeconds: 5 - successThreshold: 1 - failureThreshold: 5 - ## @param metrics.readinessProbe.enabled Enable readinessProbe on Redis® replicas nodes - ## @param metrics.readinessProbe.initialDelaySeconds Initial delay seconds for readinessProbe - ## @param metrics.readinessProbe.periodSeconds Period seconds for readinessProbe - ## @param metrics.readinessProbe.timeoutSeconds Timeout seconds for readinessProbe - ## @param metrics.readinessProbe.failureThreshold Failure threshold for readinessProbe - ## @param metrics.readinessProbe.successThreshold Success threshold for readinessProbe - ## - readinessProbe: - enabled: true - initialDelaySeconds: 5 - periodSeconds: 10 - timeoutSeconds: 1 - successThreshold: 1 - failureThreshold: 3 - ## @param metrics.customStartupProbe Custom startupProbe that overrides the default one - ## - customStartupProbe: {} - ## @param metrics.customLivenessProbe Custom livenessProbe that overrides the default one - ## - customLivenessProbe: {} - ## @param metrics.customReadinessProbe Custom readinessProbe that overrides the default one - ## - customReadinessProbe: {} - ## @param metrics.command Override default metrics container init command (useful when using custom images) - ## - command: [] - ## @param metrics.redisTargetHost A way to specify an alternative Redis® hostname - ## Useful for certificate CN/SAN matching - ## - redisTargetHost: "localhost" - ## @param metrics.extraArgs Extra arguments for Redis® exporter, for example: - ## e.g.: - ## extraArgs: - ## check-keys: myKey,myOtherKey - ## - extraArgs: {} - ## @param metrics.extraEnvVars Array with extra environment variables to add to Redis® exporter - ## e.g: - ## extraEnvVars: - ## - name: FOO - ## value: "bar" - ## - extraEnvVars: [] - ## Configure Container Security Context - ## ref: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/#set-the-security-context-for-a-pod - ## @param metrics.containerSecurityContext.enabled Enabled Redis® exporter containers' Security Context - ## @param metrics.containerSecurityContext.seLinuxOptions [object,nullable] Set SELinux options in container - ## @param metrics.containerSecurityContext.runAsUser Set Redis® exporter containers' Security Context runAsUser - ## @param metrics.containerSecurityContext.runAsGroup Set Redis® exporter containers' Security Context runAsGroup - ## @param metrics.containerSecurityContext.runAsNonRoot Set Redis® exporter containers' Security Context runAsNonRoot - ## @param metrics.containerSecurityContext.allowPrivilegeEscalation Set Redis® exporter containers' Security Context allowPrivilegeEscalation - ## @param metrics.containerSecurityContext.readOnlyRootFilesystem Set container's Security Context read-only root filesystem - ## @param metrics.containerSecurityContext.seccompProfile.type Set Redis® exporter containers' Security Context seccompProfile - ## @param metrics.containerSecurityContext.capabilities.drop Set Redis® exporter containers' Security Context capabilities to drop - ## - containerSecurityContext: - enabled: true - seLinuxOptions: {} - runAsUser: 1001 - runAsGroup: 1001 - runAsNonRoot: true - allowPrivilegeEscalation: false - readOnlyRootFilesystem: true - seccompProfile: - type: RuntimeDefault - capabilities: - drop: ["ALL"] - ## @param metrics.extraVolumes Optionally specify extra list of additional volumes for the Redis® metrics sidecar - ## - extraVolumes: [] - ## @param metrics.extraVolumeMounts Optionally specify extra list of additional volumeMounts for the Redis® metrics sidecar - ## - extraVolumeMounts: [] - ## Redis® exporter resource requests and limits - ## ref: https://kubernetes.io/docs/concepts/configuration/manage-compute-resources-container/ - ## @param metrics.resourcesPreset Set container resources according to one common preset (allowed values: none, nano, micro, small, medium, large, xlarge, 2xlarge). This is ignored if metrics.resources is set (metrics.resources is recommended for production). - ## More information: https://github.com/bitnami/charts/blob/main/bitnami/common/templates/_resources.tpl#L15 - ## - resourcesPreset: "nano" - ## @param metrics.resources Set container requests and limits for different resources like CPU or memory (essential for production workloads) - ## Example: - ## resources: - ## requests: - ## cpu: 2 - ## memory: 512Mi - ## limits: - ## cpu: 3 - ## memory: 1024Mi - ## - resources: {} - ## @param metrics.podLabels Extra labels for Redis® exporter pods - ## ref: https://kubernetes.io/docs/concepts/overview/working-with-objects/labels/ - ## - podLabels: {} - ## @param metrics.podAnnotations [object] Annotations for Redis® exporter pods - ## ref: https://kubernetes.io/docs/concepts/overview/working-with-objects/annotations/ - ## - podAnnotations: - prometheus.io/scrape: "true" - prometheus.io/port: "9121" - ## Redis® exporter service parameters - ## - service: - ## @param metrics.service.enabled Create Service resource(s) for scraping metrics using PrometheusOperator ServiceMonitor, can be disabled when using a PodMonitor - ## - enabled: true - ## @param metrics.service.type Redis® exporter service type - ## - type: ClusterIP - ## @param metrics.service.ports.http Redis® exporter service port - ## - ports: - http: 9121 - ## @param metrics.service.externalTrafficPolicy Redis® exporter service external traffic policy - ## ref: https://kubernetes.io/docs/tasks/access-application-cluster/create-external-load-balancer/#preserving-the-client-source-ip - ## - externalTrafficPolicy: Cluster - ## @param metrics.service.extraPorts Extra ports to expose (normally used with the `sidecar` value) - ## - extraPorts: [] - ## @param metrics.service.loadBalancerIP Redis® exporter service Load Balancer IP - ## ref: https://kubernetes.io/docs/concepts/services-networking/service/#internal-load-balancer - ## - loadBalancerIP: "" - ## @param metrics.service.loadBalancerClass exporter service Load Balancer class if service type is `LoadBalancer` (optional, cloud specific) - ## ref: https://kubernetes.io/docs/concepts/services-networking/service/#type-loadbalancer - ## - loadBalancerClass: "" - ## @param metrics.service.loadBalancerSourceRanges Redis® exporter service Load Balancer sources - ## https://kubernetes.io/docs/tasks/access-application-cluster/configure-cloud-provider-firewall/#restrict-access-for-loadbalancer-service - ## e.g. - ## loadBalancerSourceRanges: - ## - 10.10.10.0/24 - ## - loadBalancerSourceRanges: [] - ## @param metrics.service.annotations Additional custom annotations for Redis® exporter service - ## - annotations: {} - ## @param metrics.service.clusterIP Redis® exporter service Cluster IP - ## - clusterIP: "" - ## Prometheus Service Monitor - ## ref: https://github.com/coreos/prometheus-operator - ## https://github.com/coreos/prometheus-operator/blob/master/Documentation/api.md#endpoint - ## - serviceMonitor: - ## @param metrics.serviceMonitor.port the service port to scrape metrics from - ## - port: http-metrics - ## @param metrics.serviceMonitor.enabled Create ServiceMonitor resource(s) for scraping metrics using PrometheusOperator - ## - enabled: false - ## @param metrics.serviceMonitor.namespace The namespace in which the ServiceMonitor will be created - ## - namespace: "" - ## @param metrics.serviceMonitor.interval The interval at which metrics should be scraped - ## - interval: 30s - ## @param metrics.serviceMonitor.scrapeTimeout The timeout after which the scrape is ended - ## - scrapeTimeout: "" - ## @param metrics.serviceMonitor.relabelings Metrics RelabelConfigs to apply to samples before scraping. - ## - relabelings: [] - ## @skip metrics.serviceMonitor.relabellings DEPRECATED: Use `metrics.serviceMonitor.relabelings` instead. - ## - relabellings: [] - ## @param metrics.serviceMonitor.metricRelabelings Metrics RelabelConfigs to apply to samples before ingestion. - ## - metricRelabelings: [] - ## @param metrics.serviceMonitor.honorLabels Specify honorLabels parameter to add the scrape endpoint - ## - honorLabels: false - ## @param metrics.serviceMonitor.additionalLabels Additional labels that can be used so ServiceMonitor resource(s) can be discovered by Prometheus - ## - additionalLabels: {} - ## @param metrics.serviceMonitor.podTargetLabels Labels from the Kubernetes pod to be transferred to the created metrics - ## - podTargetLabels: [] - ## @param metrics.serviceMonitor.sampleLimit Limit of how many samples should be scraped from every Pod - ## - sampleLimit: false - ## @param metrics.serviceMonitor.targetLimit Limit of how many targets should be scraped - ## - targetLimit: false - ## @param metrics.serviceMonitor.additionalEndpoints Additional endpoints to scrape (e.g sentinel) - ## - additionalEndpoints: [] - # uncomment in order to scrape sentinel metrics, also to in order distinguish between Sentinel and Redis container metrics - # add metricRelabelings with label like app=redis to main redis pod-monitor port - # - interval: "30s" - # path: "/scrape" - # port: "http-metrics" - # params: - # target: ["localhost:26379"] - # metricRelabelings: - # - targetLabel: "app" - # replacement: "sentinel" - ## Prometheus Pod Monitor - ## ref: https://github.com/coreos/prometheus-operator - ## https://github.com/coreos/prometheus-operator/blob/master/Documentation/api.md#podmonitor - ## - podMonitor: - ## @param metrics.podMonitor.port the pod port to scrape metrics from - ## - port: metrics - ## @param metrics.podMonitor.enabled Create PodMonitor resource(s) for scraping metrics using PrometheusOperator - ## - enabled: false - ## @param metrics.podMonitor.namespace The namespace in which the PodMonitor will be created - ## - namespace: "" - ## @param metrics.podMonitor.interval The interval at which metrics should be scraped - ## - interval: 30s - ## @param metrics.podMonitor.scrapeTimeout The timeout after which the scrape is ended - ## - scrapeTimeout: "" - ## @param metrics.podMonitor.relabelings Metrics RelabelConfigs to apply to samples before scraping. - ## - relabelings: [] - ## @skip metrics.podMonitor.relabellings DEPRECATED: Use `metrics.podMonitor.relabelings` instead. - ## - relabellings: [] - ## @param metrics.podMonitor.metricRelabelings Metrics RelabelConfigs to apply to samples before ingestion. - ## - metricRelabelings: [] - # - targetLabel: "app" - # replacement: "redis" - ## @param metrics.podMonitor.honorLabels Specify honorLabels parameter to add the scrape endpoint - ## - honorLabels: false - ## @param metrics.podMonitor.additionalLabels Additional labels that can be used so PodMonitor resource(s) can be discovered by Prometheus - ## - additionalLabels: {} - ## @param metrics.podMonitor.podTargetLabels Labels from the Kubernetes pod to be transferred to the created metrics - ## - podTargetLabels: [] - ## @param metrics.podMonitor.sampleLimit Limit of how many samples should be scraped from every Pod - ## - sampleLimit: false - ## @param metrics.podMonitor.targetLimit Limit of how many targets should be scraped - ## - targetLimit: false - ## @param metrics.podMonitor.additionalEndpoints Additional endpoints to scrape (e.g sentinel) - ## - additionalEndpoints: [] - # - interval: "30s" - # path: "/scrape" - # port: "metrics" - # params: - # target: ["localhost:26379"] - # metricRelabelings: - # - targetLabel: "app" - # replacement: "sentinel" - ## Custom PrometheusRule to be defined - ## ref: https://github.com/coreos/prometheus-operator#customresourcedefinitions - ## - prometheusRule: - ## @param metrics.prometheusRule.enabled Create a custom prometheusRule Resource for scraping metrics using PrometheusOperator - ## - enabled: false - ## @param metrics.prometheusRule.namespace The namespace in which the prometheusRule will be created - ## - namespace: "" - ## @param metrics.prometheusRule.additionalLabels Additional labels for the prometheusRule - ## - additionalLabels: {} - ## @param metrics.prometheusRule.rules Custom Prometheus rules - ## e.g: - ## rules: - ## - alert: RedisDown - ## expr: redis_up{service="{{ template "common.names.fullname" . }}-metrics"} == 0 - ## for: 2m - ## labels: - ## severity: error - ## annotations: - ## summary: Redis® instance {{ "{{ $labels.instance }}" }} down - ## description: Redis® instance {{ "{{ $labels.instance }}" }} is down - ## - alert: RedisMemoryHigh - ## expr: > - ## redis_memory_used_bytes{service="{{ template "common.names.fullname" . }}-metrics"} * 100 - ## / - ## redis_memory_max_bytes{service="{{ template "common.names.fullname" . }}-metrics"} - ## > 90 - ## for: 2m - ## labels: - ## severity: error - ## annotations: - ## summary: Redis® instance {{ "{{ $labels.instance }}" }} is using too much memory - ## description: | - ## Redis® instance {{ "{{ $labels.instance }}" }} is using {{ "{{ $value }}" }}% of its available memory. - ## - alert: RedisKeyEviction - ## expr: | - ## increase(redis_evicted_keys_total{service="{{ template "common.names.fullname" . }}-metrics"}[5m]) > 0 - ## for: 1s - ## labels: - ## severity: error - ## annotations: - ## summary: Redis® instance {{ "{{ $labels.instance }}" }} has evicted keys - ## description: | - ## Redis® instance {{ "{{ $labels.instance }}" }} has evicted {{ "{{ $value }}" }} keys in the last 5 minutes. - ## - rules: [] -## @section Init Container Parameters -## - -## 'volumePermissions' init container parameters -## Changes the owner and group of the persistent volume mount point to runAsUser:fsGroup values -## based on the *podSecurityContext/*containerSecurityContext parameters -## -volumePermissions: - ## @param volumePermissions.enabled Enable init container that changes the owner/group of the PV mount point to `runAsUser:fsGroup` - ## - enabled: false - ## OS Shell + Utility image - ## ref: https://hub.docker.com/r/bitnami/os-shell/tags/ - ## @param volumePermissions.image.registry [default: REGISTRY_NAME] OS Shell + Utility image registry - ## @param volumePermissions.image.repository [default: REPOSITORY_NAME/os-shell] OS Shell + Utility image repository - ## @skip volumePermissions.image.tag OS Shell + Utility image tag (immutable tags are recommended) - ## @param volumePermissions.image.digest OS Shell + Utility image digest in the way sha256:aa.... Please note this parameter, if set, will override the tag - ## @param volumePermissions.image.pullPolicy OS Shell + Utility image pull policy - ## @param volumePermissions.image.pullSecrets OS Shell + Utility image pull secrets - ## - image: - registry: docker.io - repository: bitnami/os-shell - tag: 12-debian-12-r30 - digest: "" - pullPolicy: IfNotPresent - ## Optionally specify an array of imagePullSecrets. - ## Secrets must be manually created in the namespace. - ## ref: https://kubernetes.io/docs/tasks/configure-pod-container/pull-image-private-registry/ - ## e.g: - ## pullSecrets: - ## - myRegistryKeySecretName - ## - pullSecrets: [] - ## Init container's resource requests and limits - ## ref: https://kubernetes.io/docs/concepts/configuration/manage-compute-resources-container/ - ## @param volumePermissions.resourcesPreset Set container resources according to one common preset (allowed values: none, nano, micro, small, medium, large, xlarge, 2xlarge). This is ignored if volumePermissions.resources is set (volumePermissions.resources is recommended for production). - ## More information: https://github.com/bitnami/charts/blob/main/bitnami/common/templates/_resources.tpl#L15 - ## - resourcesPreset: "nano" - ## @param volumePermissions.resources Set container requests and limits for different resources like CPU or memory (essential for production workloads) - ## Example: - ## resources: - ## requests: - ## cpu: 2 - ## memory: 512Mi - ## limits: - ## cpu: 3 - ## memory: 1024Mi - ## - resources: {} - ## Init container Container Security Context - ## ref: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/#set-the-security-context-for-a-container - ## @param volumePermissions.containerSecurityContext.seLinuxOptions [object,nullable] Set SELinux options in container - ## @param volumePermissions.containerSecurityContext.runAsUser Set init container's Security Context runAsUser - ## NOTE: when runAsUser is set to special value "auto", init container will try to chown the - ## data folder to auto-determined user&group, using commands: `id -u`:`id -G | cut -d" " -f2` - ## "auto" is especially useful for OpenShift which has scc with dynamic user ids (and 0 is not allowed) - ## - containerSecurityContext: - seLinuxOptions: {} - runAsUser: 0 - - ## @param volumePermissions.extraEnvVars Array with extra environment variables to add to volume permissions init container. - ## e.g: - ## extraEnvVars: - ## - name: FOO - ## value: "bar" - ## - extraEnvVars: [] - -## Kubectl InitContainer -## used by Sentinel to update the isMaster label on the Redis(TM) pods -## -kubectl: - ## Bitnami Kubectl image version - ## ref: https://hub.docker.com/r/bitnami/kubectl/tags/ - ## @param kubectl.image.registry [default: REGISTRY_NAME] Kubectl image registry - ## @param kubectl.image.repository [default: REPOSITORY_NAME/kubectl] Kubectl image repository - ## @skip kubectl.image.tag Kubectl image tag (immutable tags are recommended), by default, using the current version - ## @param kubectl.image.digest Kubectl image digest in the way sha256:aa.... Please note this parameter, if set, will override the tag - ## @param kubectl.image.pullPolicy Kubectl image pull policy - ## @param kubectl.image.pullSecrets Kubectl pull secrets - ## - image: - registry: docker.io - repository: bitnami/kubectl - tag: 1.31.1-debian-12-r3 - digest: "" - ## Specify a imagePullPolicy - ## Defaults to 'Always' if image tag is 'latest', else set to 'IfNotPresent' - ## ref: https://kubernetes.io/docs/concepts/containers/images/#pre-pulled-images - ## - pullPolicy: IfNotPresent - ## Optionally specify an array of imagePullSecrets. - ## Secrets must be manually created in the namespace. - ## ref: https://kubernetes.io/docs/tasks/configure-pod-container/pull-image-private-registry/ - ## e.g: - ## pullSecrets: - ## - myRegistryKeySecretName - ## - pullSecrets: [] - ## @param kubectl.command kubectl command to execute - ## - command: ["/opt/bitnami/scripts/kubectl-scripts/update-master-label.sh"] - ## Configure Container Security Context - ## ref: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/#set-the-security-context-for-a-pod - ## @param kubectl.containerSecurityContext.enabled Enabled kubectl containers' Security Context - ## @param kubectl.containerSecurityContext.seLinuxOptions [object,nullable] Set SELinux options in container - ## @param kubectl.containerSecurityContext.runAsUser Set kubectl containers' Security Context runAsUser - ## @param kubectl.containerSecurityContext.runAsGroup Set kubectl containers' Security Context runAsGroup - ## @param kubectl.containerSecurityContext.runAsNonRoot Set kubectl containers' Security Context runAsNonRoot - ## @param kubectl.containerSecurityContext.allowPrivilegeEscalation Set kubectl containers' Security Context allowPrivilegeEscalation - ## @param kubectl.containerSecurityContext.readOnlyRootFilesystem Set container's Security Context read-only root filesystem - ## @param kubectl.containerSecurityContext.seccompProfile.type Set kubectl containers' Security Context seccompProfile - ## @param kubectl.containerSecurityContext.capabilities.drop Set kubectl containers' Security Context capabilities to drop - ## - containerSecurityContext: - enabled: true - seLinuxOptions: {} - runAsUser: 1001 - runAsGroup: 1001 - runAsNonRoot: true - allowPrivilegeEscalation: false - readOnlyRootFilesystem: true - seccompProfile: - type: RuntimeDefault - capabilities: - drop: ["ALL"] - ## Bitnami Kubectl resource requests and limits - ## ref: https://kubernetes.io/docs/concepts/configuration/manage-compute-resources-container/ - ## @param kubectl.resources.limits The resources limits for the kubectl containers - ## @param kubectl.resources.requests The requested resources for the kubectl containers - ## - resources: - limits: {} - requests: {} - -## init-sysctl container parameters -## used to perform sysctl operation to modify Kernel settings (needed sometimes to avoid warnings) -## -sysctl: - ## @param sysctl.enabled Enable init container to modify Kernel settings - ## - enabled: false - ## OS Shell + Utility image - ## ref: https://hub.docker.com/r/bitnami/os-shell/tags/ - ## @param sysctl.image.registry [default: REGISTRY_NAME] OS Shell + Utility image registry - ## @param sysctl.image.repository [default: REPOSITORY_NAME/os-shell] OS Shell + Utility image repository - ## @skip sysctl.image.tag OS Shell + Utility image tag (immutable tags are recommended) - ## @param sysctl.image.digest OS Shell + Utility image digest in the way sha256:aa.... Please note this parameter, if set, will override the tag - ## @param sysctl.image.pullPolicy OS Shell + Utility image pull policy - ## @param sysctl.image.pullSecrets OS Shell + Utility image pull secrets - ## - image: - registry: docker.io - repository: bitnami/os-shell - tag: 12-debian-12-r30 - digest: "" - pullPolicy: IfNotPresent - ## Optionally specify an array of imagePullSecrets. - ## Secrets must be manually created in the namespace. - ## ref: https://kubernetes.io/docs/tasks/configure-pod-container/pull-image-private-registry/ - ## e.g: - ## pullSecrets: - ## - myRegistryKeySecretName - ## - pullSecrets: [] - ## @param sysctl.command Override default init-sysctl container command (useful when using custom images) - ## - command: [] - ## @param sysctl.mountHostSys Mount the host `/sys` folder to `/host-sys` - ## - mountHostSys: false - ## Init container's resource requests and limits - ## ref: https://kubernetes.io/docs/concepts/configuration/manage-compute-resources-container/ - ## @param sysctl.resourcesPreset Set container resources according to one common preset (allowed values: none, nano, micro, small, medium, large, xlarge, 2xlarge). This is ignored if sysctl.resources is set (sysctl.resources is recommended for production). - ## More information: https://github.com/bitnami/charts/blob/main/bitnami/common/templates/_resources.tpl#L15 - ## - resourcesPreset: "nano" - ## @param sysctl.resources Set container requests and limits for different resources like CPU or memory (essential for production workloads) - ## Example: - ## resources: - ## requests: - ## cpu: 2 - ## memory: 512Mi - ## limits: - ## cpu: 3 - ## memory: 1024Mi - ## - resources: {} -## @section useExternalDNS Parameters -## -## @param useExternalDNS.enabled Enable various syntax that would enable external-dns to work. Note this requires a working installation of `external-dns` to be usable. -## @param useExternalDNS.additionalAnnotations Extra annotations to be utilized when `external-dns` is enabled. -## @param useExternalDNS.annotationKey The annotation key utilized when `external-dns` is enabled. Setting this to `false` will disable annotations. -## @param useExternalDNS.suffix The DNS suffix utilized when `external-dns` is enabled. Note that we prepend the suffix with the full name of the release. -## -useExternalDNS: - enabled: false - suffix: "" - annotationKey: external-dns.alpha.kubernetes.io/ - additionalAnnotations: {} diff --git a/packages/system/dashboard/charts/kubeapps/crds/apprepository-crd.yaml b/packages/system/dashboard/charts/kubeapps/crds/apprepository-crd.yaml deleted file mode 100644 index 0bf8e831..00000000 --- a/packages/system/dashboard/charts/kubeapps/crds/apprepository-crd.yaml +++ /dev/null @@ -1,116 +0,0 @@ -apiVersion: apiextensions.k8s.io/v1 -kind: CustomResourceDefinition -metadata: - name: apprepositories.kubeapps.com -spec: - group: kubeapps.com - scope: Namespaced - names: - kind: AppRepository - plural: apprepositories - shortNames: - - apprepos - versions: - - name: v1alpha1 - storage: true - served: true - schema: - openAPIV3Schema: - type: object - required: - - spec - properties: - spec: - type: object - required: - - type - - url - properties: - type: - type: string - enum: ["helm", "oci"] - url: - type: string - description: - type: string - auth: - type: object - properties: - header: - type: object - required: - - secretKeyRef - properties: - secretKeyRef: - type: object - required: - - key - - name - properties: - key: - type: string - name: - type: string - customCA: - type: object - required: - - secretKeyRef - properties: - secretKeyRef: - type: object - required: - - key - - name - properties: - key: - type: string - name: - type: string - dockerRegistrySecrets: - type: array - items: - type: string - tlsInsecureSkipVerify: - type: boolean - passCredentials: - type: boolean - interval: - type: string - filterRule: - type: object - properties: - jq: - type: string - variables: - type: object - additionalProperties: - type: string - ociRepositories: - type: array - items: - type: string - resyncRequests: - type: integer - syncJobPodTemplate: - type: object - properties: - metadata: - type: object - x-kubernetes-preserve-unknown-fields: true - spec: - type: object - x-kubernetes-preserve-unknown-fields: true - status: - type: object - properties: - status: - type: string - additionalPrinterColumns: - - name: Type - type: string - description: The type of this repository. - jsonPath: .spec.type - - name: URL - type: string - description: The URL of this repository. - jsonPath: .spec.url diff --git a/packages/system/dashboard/charts/kubeapps/templates/NOTES.txt b/packages/system/dashboard/charts/kubeapps/templates/NOTES.txt deleted file mode 100644 index 9a5fe40d..00000000 --- a/packages/system/dashboard/charts/kubeapps/templates/NOTES.txt +++ /dev/null @@ -1,89 +0,0 @@ -CHART NAME: {{ .Chart.Name }} -CHART VERSION: {{ .Chart.Version }} -APP VERSION: {{ .Chart.AppVersion }} - -{{- $postgresqlSecretName := include "kubeapps.postgresql.secretName" . -}} - -{{- $redisSecretName := include "kubeapps.redis.secretName" . -}} - -** Please be patient while the chart is being deployed ** - -{{- if .Values.diagnosticMode.enabled }} -The chart has been deployed in diagnostic mode. All probes have been disabled and the command has been overwritten with: - - command: {{- include "common.tplvalues.render" (dict "value" .Values.diagnosticMode.command "context" $) | nindent 4 }} - args: {{- include "common.tplvalues.render" (dict "value" .Values.diagnosticMode.args "context" $) | nindent 4 }} - -Get the list of pods by executing: - - kubectl get pods --namespace {{ .Release.Namespace }} -l app.kubernetes.io/instance={{ .Release.Name }} - -Access the pods you want to debug by executing - - kubectl exec --namespace {{ .Release.Namespace }} -ti -- bash - -{{- else }} - -Tip: - - Watch the deployment status using the command: kubectl get pods -w --namespace {{ .Release.Namespace }} - -Kubeapps can be accessed via port {{ .Values.frontend.service.ports.http }} on the following DNS name from within your cluster: - - {{ template "common.names.fullname" . }}.{{ .Release.Namespace }}.svc.cluster.local - -{{- $reposWithOrphanSecrets := include "kubeapps.repos-with-orphan-secrets" . }} -{{- if ne $reposWithOrphanSecrets "" }} - -CAVEAT: - Some App Repositories have been installed with a custom CA or authorization header. - This generates secrets that won't be cleaned up if the repository is deleted through the Web application. - You can delete them manually or when uninstalling this chart. - -{{- end }} - -To access Kubeapps from outside your K8s cluster, follow the steps below: - -{{- if .Values.ingress.enabled }} - -1. Get the Kubeapps URL and associate Kubeapps hostname to your cluster external IP: - - export CLUSTER_IP=$(minikube ip) # On Minikube. Use: `kubectl cluster-info` on others K8s clusters - echo "Kubeapps URL: {{ printf "%s://%s/" (ternary "http" "https" .Values.ingress.tls) .Values.ingress.hostname }}" - echo "$CLUSTER_IP {{ .Values.ingress.hostname }}" | sudo tee -a /etc/hosts - -{{- else }} - -1. Get the Kubeapps URL by running these commands: - -{{- if contains "NodePort" .Values.frontend.service.type }} - - export NODE_IP=$(kubectl get nodes --namespace {{ .Release.Namespace }} -o jsonpath="{.items[0].status.addresses[0].address}") - export NODE_PORT=$(kubectl get --namespace {{ .Release.Namespace }} -o jsonpath="{.spec.ports[0].nodePort}" services {{ template "common.names.fullname" . }}) - echo "Kubeapps URL: http://$NODE_IP:$NODE_PORT" - -{{- else if contains "LoadBalancer" .Values.frontend.service.type }} - - NOTE: It may take a few minutes for the LoadBalancer IP to be available. - Watch the status by running 'kubectl get svc --namespace {{ .Release.Namespace }} -w {{ template "common.names.fullname" . }}' - - export SERVICE_IP=$(kubectl get svc --namespace {{ .Release.Namespace }} {{ template "common.names.fullname" . }} --template "{{ "{{ range (index .status.loadBalancer.ingress 0) }}{{ . }}{{ end }}" }}") - echo "Kubeapps URL: {{ printf "%s://$SERVICE_IP:%d" (ternary "http" "https" (eq ( .Values.frontend.service.ports.http | toString ) "443")) (int .Values.frontend.service.ports.http) }}" - -{{- else if contains "ClusterIP" .Values.frontend.service.type }} - -{{- $portNumber := include "kubeapps.frontend-port-number" . }} - echo "Kubeapps URL: http://127.0.0.1:{{ $portNumber }}" - kubectl port-forward --namespace {{ .Release.Namespace }} service/{{ template "common.names.fullname" . }} {{ $portNumber }}:{{ .Values.frontend.service.ports.http }} - -{{- end }} -{{- end }} - -2. Open a browser and access Kubeapps using the obtained URL. - -{{- end }} - -{{- include "kubeapps.checkRollingTags" . }} -{{- include "kubeapps.validateValues" . }} -{{- include "common.warnings.resources" (dict "sections" (list "apprepository" "authProxy" "dashboard" "frontend" "kubeappsapis" "ociCatalog" "pinnipedProxy" "postgresql") "context" $) }} -{{- include "common.warnings.modifiedImages" (dict "images" (list .Values.frontend.image .Values.dashboard.image .Values.apprepository.image .Values.apprepository.syncImage .Values.authProxy.image .Values.pinnipedProxy.image .Values.kubeappsapis.image .Values.ociCatalog.image) "context" $) }} \ No newline at end of file diff --git a/packages/system/dashboard/charts/kubeapps/templates/_helpers.tpl b/packages/system/dashboard/charts/kubeapps/templates/_helpers.tpl deleted file mode 100644 index 83e0bba0..00000000 --- a/packages/system/dashboard/charts/kubeapps/templates/_helpers.tpl +++ /dev/null @@ -1,371 +0,0 @@ -{{/* -Copyright Broadcom, Inc. All Rights Reserved. -SPDX-License-Identifier: APACHE-2.0 -*/}} - -{{/* vim: set filetype=mustache: */}} - -{{/* -Return the proper Docker Image Registry Secret Names -*/}} -{{- define "kubeapps.imagePullSecrets" -}} -{{ include "common.images.renderPullSecrets" (dict "images" (list .Values.frontend.image .Values.dashboard.image .Values.apprepository.image .Values.apprepository.syncImage .Values.authProxy.image .Values.pinnipedProxy.image .Values.kubeappsapis.image) "context" $) }} -{{- end -}} - -{{/* -Return the proper Kubeapps apprepository-controller image name -*/}} -{{- define "kubeapps.apprepository.image" -}} -{{- include "common.images.image" (dict "imageRoot" .Values.apprepository.image "global" .Values.global) -}} -{{- end -}} - -{{/* -Return the proper apprepository-controller sync image name -*/}} -{{- define "kubeapps.apprepository.syncImage" -}} -{{- include "common.images.image" (dict "imageRoot" .Values.apprepository.syncImage "global" .Values.global) -}} -{{- end -}} - -{{/* -Return the proper dashboard image name -*/}} -{{- define "kubeapps.dashboard.image" -}} -{{- include "common.images.image" (dict "imageRoot" .Values.dashboard.image "global" .Values.global) -}} -{{- end -}} - -{{/* -Return the proper frontend image name -*/}} -{{- define "kubeapps.frontend.image" -}} -{{- include "common.images.image" (dict "imageRoot" .Values.frontend.image "global" .Values.global) -}} -{{- end -}} - -{{/* -Return the proper auth proxy image name -*/}} -{{- define "kubeapps.authProxy.image" -}} -{{- include "common.images.image" (dict "imageRoot" .Values.authProxy.image "global" .Values.global) -}} -{{- end -}} - -{{/* -Return the proper pinniped proxy image name -*/}} -{{- define "kubeapps.pinnipedProxy.image" -}} -{{- include "common.images.image" (dict "imageRoot" .Values.pinnipedProxy.image "global" .Values.global) -}} -{{- end -}} - -{{/* -Return the proper kubeappsapis image name -*/}} -{{- define "kubeapps.kubeappsapis.image" -}} -{{- include "common.images.image" (dict "imageRoot" .Values.kubeappsapis.image "global" .Values.global) -}} -{{- end -}} - -{{/* -Return the proper oci-catalog image name -*/}} -{{- define "kubeapps.ociCatalog.image" -}} -{{- include "common.images.image" (dict "imageRoot" .Values.ociCatalog.image "global" .Values.global) -}} -{{- end -}} - -{{/* -Create a default fully qualified app name for PostgreSQL dependency. -We truncate at 63 chars because some Kubernetes name fields are limited to this (by the DNS naming spec). -*/}} -{{- define "kubeapps.postgresql.fullname" -}} -{{- include "common.names.dependency.fullname" (dict "chartName" "postgresql" "chartValues" .Values.postgresql "context" $) -}} -{{- end -}} - -{{/* -Return the Postgresql Hostname -*/}} -{{- define "kubeapps.postgresql.host" -}} -{{- if .Values.postgresql.enabled }} - {{- if eq .Values.postgresql.architecture "replication" }} - {{- printf "%s-primary" (include "kubeapps.postgresql.fullname" .) | trunc 63 | trimSuffix "-" -}} - {{- else -}} - {{- printf "%s" (include "kubeapps.postgresql.fullname" .) -}} - {{- end -}} -{{- else -}} - {{- printf "%s" .Values.externalDatabase.host -}} -{{- end -}} -{{- end -}} - -{{/* -Return the Postgresql Port -*/}} -{{- define "kubeapps.postgresql.port" -}} -{{- if .Values.postgresql.enabled }} - {{- print "5432" -}} -{{- else -}} - {{- printf "%d" (int .Values.externalDatabase.port) -}} -{{- end -}} -{{- end -}} - -{{/* -Create a default fully qualified app name for Redis dependency. -We truncate at 63 chars because some Kubernetes name fields are limited to this (by the DNS naming spec). -*/}} -{{- define "kubeapps.redis.fullname" -}} -{{- include "common.names.dependency.fullname" (dict "chartName" "redis" "chartValues" .Values.redis "context" $) -}} -{{- end -}} - -{{/* -Create name for the apprepository-controller based on the fullname -*/}} -{{- define "kubeapps.apprepository.fullname" -}} -{{- printf "%s-internal-apprepository-controller" (include "common.names.fullname" .) | trunc 63 | trimSuffix "-" -}} -{{- end -}} - -{{/* -Create name for the apprepository-controller based on the namespace -*/}} -{{- define "kubeapps.apprepository.fullname.namespace" -}} -{{- printf "%s-internal-apprepository-controller" (include "common.names.fullname.namespace" .) | trunc 63 | trimSuffix "-" -}} -{{- end -}} - -{{/* -Create name for the dashboard based on the fullname -*/}} -{{- define "kubeapps.dashboard.fullname" -}} -{{- printf "%s-internal-dashboard" (include "common.names.fullname" .) | trunc 63 | trimSuffix "-" -}} -{{- end -}} - -{{/* -Create name for the dashboard config based on the fullname -*/}} -{{- define "kubeapps.dashboard-config.fullname" -}} -{{- printf "%s-internal-dashboard-config" (include "common.names.fullname" .) | trunc 63 | trimSuffix "-" -}} -{{- end -}} - -{{/* -Create name for the frontend config based on the fullname -*/}} -{{- define "kubeapps.frontend-config.fullname" -}} -{{- printf "%s-frontend-config" (include "common.names.fullname" .) | trunc 63 | trimSuffix "-" -}} -{{- end -}} - -{{/* -Create name for kubeappsapis based on the fullname -*/}} -{{- define "kubeapps.kubeappsapis.fullname" -}} -{{- printf "%s-internal-kubeappsapis" (include "common.names.fullname" .) | trunc 63 | trimSuffix "-" -}} -{{- end -}} - -{{/* -Create name for the clusters config based on the fullname -*/}} -{{- define "kubeapps.clusters-config.fullname" -}} -{{- printf "%s-clusters-config" (include "common.names.fullname" .) | trunc 63 | trimSuffix "-" -}} -{{- end -}} - -{{/* -Create the name of the apprepository-controller service account to use -*/}} -{{- define "kubeapps.apprepository.serviceAccountName" -}} -{{- if .Values.apprepository.serviceAccount.create -}} - {{- default (include "kubeapps.apprepository.fullname" .) .Values.apprepository.serviceAccount.name -}} -{{- else -}} - {{- default "default" .Values.apprepository.serviceAccount.name -}} -{{- end -}} -{{- end -}} - -{{/* -Create the name of the kubeappsapis service account to use -*/}} -{{- define "kubeapps.kubeappsapis.serviceAccountName" -}} -{{- if .Values.kubeappsapis.serviceAccount.create -}} - {{- default (include "kubeapps.kubeappsapis.fullname" .) .Values.kubeappsapis.serviceAccount.name -}} -{{- else -}} - {{- default "default" .Values.kubeappsapis.serviceAccount.name -}} -{{- end -}} -{{- end -}} - -{{/* -Create proxy_pass for the kubeappsapis -*/}} -{{- define "kubeapps.kubeappsapis.proxy_pass" -}} -{{- printf "http://%s:%d" (include "kubeapps.kubeappsapis.fullname" .) (int .Values.kubeappsapis.service.ports.http) -}} -{{- end -}} - -{{/* -Create name for the secrets related to oauth2_proxy -*/}} -{{- define "kubeapps.oauth2_proxy-secret.name" -}} -{{- if .Values.authProxy.existingOauth2Secret -}} -{{- printf "%s" (tpl .Values.authProxy.existingOauth2Secret $) -}} -{{- else -}} -{{- printf "%s-oauth2" (include "common.names.fullname" .) | trunc 63 | trimSuffix "-" -}} -{{- end -}} -{{- end -}} - -{{/* -Create name for pinniped-proxy based on the fullname. -Currently used for a service name only. -*/}} -{{- define "kubeapps.pinniped-proxy.fullname" -}} -{{- printf "%s-internal-pinniped-proxy" (include "common.names.fullname" .) | trunc 63 | trimSuffix "-" -}} -{{- end -}} - -{{/* -Repositories that include a caCert or an authorizationHeader -*/}} -{{- define "kubeapps.repos-with-orphan-secrets" -}} -{{- range .Values.apprepository.initialRepos }} -{{- if or .caCert .authorizationHeader }} -{{- print "%s" .name -}} -{{- end }} -{{- end }} -{{- end -}} - -{{/* -Frontend service port number -*/}} -{{- define "kubeapps.frontend-port-number" -}} -{{- if .Values.authProxy.enabled -}} -{{ .Values.authProxy.containerPorts.proxy | int }} -{{- else -}} -{{ .Values.frontend.containerPorts.http | int }} -{{- end -}} -{{- end -}} - -{{/* -Returns the kubeappsCluster based on the configured clusters by finding the cluster without -a defined apiServiceURL. -*/}} -{{- define "kubeapps.kubeappsCluster" -}} - {{- $kubeappsCluster := "" }} - {{- if eq (len .Values.clusters) 0 }} - {{- fail "At least one cluster must be defined." }} - {{- end }} - {{- range .Values.clusters }} - {{- if or .isKubeappsCluster ( eq (.apiServiceURL | toString) "") }} - {{- if eq $kubeappsCluster "" }} - {{- $kubeappsCluster = .name }} - {{- else }} - {{- fail "Only one cluster can be configured using either 'isKubeappsCluster: true' or without an apiServiceURL to refer to the cluster on which Kubeapps is installed. Please check the provided 'clusters' configuration." }} - {{- end }} - {{- end }} - {{- end }} - {{- $kubeappsCluster }} -{{- end -}} - -{{/* -Returns a JSON list of cluster names only (without sensitive tokens etc.) -*/}} -{{- define "kubeapps.clusterNames" -}} - {{- $sanitizedClusters := list }} - {{- range .Values.clusters }} - {{- $sanitizedClusters = append $sanitizedClusters .name }} - {{- end }} - {{- $sanitizedClusters | toJson }} -{{- end -}} - -{{/* -Returns the name of the global packaging namespace for the Helm plugin. -It uses the value passed in the plugin's config, but falls back to the "release namespace + suffix" formula. -*/}} -{{- define "kubeapps.helmGlobalPackagingNamespace" -}} - {{- if .Values.kubeappsapis.pluginConfig.helm.packages.v1alpha1.globalPackagingNamespace }} - {{- printf "%s" .Values.kubeappsapis.pluginConfig.helm.packages.v1alpha1.globalPackagingNamespace -}} - {{- else -}} - {{- printf "%s%s" .Release.Namespace .Values.apprepository.globalReposNamespaceSuffix -}} - {{- end -}} -{{- end -}} - -{{/* -Return the Postgresql secret name -*/}} -{{- define "kubeapps.postgresql.secretName" -}} - {{- if .Values.postgresql.auth.existingSecret }} - {{- printf "%s" .Values.postgresql.auth.existingSecret -}} - {{- else -}} - {{- printf "%s" (include "kubeapps.postgresql.fullname" .) -}} - {{- end -}} -{{- end -}} - -{{/* -Return the Redis secret name -*/}} -{{- define "kubeapps.redis.secretName" -}} - {{- if .Values.redis.auth.existingSecret }} - {{- printf "%s" .Values.redis.auth.existingSecret -}} - {{- else -}} - {{- printf "%s" (include "kubeapps.redis.fullname" .) -}} - {{- end -}} -{{- end -}} - -{{/* -Compile all warnings into a single message, and call fail. -*/}} -{{- define "kubeapps.validateValues" -}} -{{- $messages := list -}} -{{- $messages := append $messages (include "kubeapps.validateValues.ingress.tls" .) -}} -{{- $messages := without $messages "" -}} -{{- $message := join "\n" $messages -}} - -{{- if $message -}} -{{- printf "\nVALUES VALIDATION:\n%s" $message | fail -}} -{{- end -}} -{{- end -}} - -{{/* -Validate values of Kubeapps - TLS configuration for Ingress -*/}} -{{- define "kubeapps.validateValues.ingress.tls" -}} -{{- if and .Values.ingress.enabled .Values.ingress.tls (not (include "common.ingress.certManagerRequest" ( dict "annotations" .Values.ingress.annotations ))) (not .Values.ingress.selfSigned) (empty .Values.ingress.extraTls) }} -kubeapps: ingress.tls - You enabled the TLS configuration for the default ingress hostname but - you did not enable any of the available mechanisms to create the TLS secret - to be used by the Ingress Controller. - Please use any of these alternatives: - - Use the `ingress.extraTls` and `ingress.secrets` parameters to provide your custom TLS certificates. - - Rely on cert-manager to create it by adding its supported annotations in `ingress.annotations` - - Rely on Helm to create self-signed certificates by setting `ingress.selfSigned=true` -{{- end -}} -{{- end -}} - -{{/* -# Calculate the kubeappsapis enabledPlugins. -*/}} -{{- define "kubeapps.kubeappsapis.enabledPlugins" -}} - {{- $enabledPlugins := list }} - {{- if .Values.kubeappsapis.enabledPlugins }} - {{- $enabledPlugins = .Values.kubeappsapis.enabledPlugins }} - {{- else }} - {{- if and .Values.packaging.flux.enabled .Values.packaging.helm.enabled }} - {{- fail "packaging: Please enable only one of the flux and helm plugins, since they both operate on Helm releases." }} - {{- end -}} - {{- range $plugin, $options := .Values.packaging }} - {{- if $options.enabled }} - {{- if eq $plugin "carvel" }} - {{- $enabledPlugins = append $enabledPlugins "kapp-controller-packages" }} - {{- else if eq $plugin "flux" }} - {{- $enabledPlugins = append $enabledPlugins "fluxv2-packages" }} - {{- else if eq $plugin "helm" }} - {{- $enabledPlugins = append $enabledPlugins "helm-packages" }} - {{- else }} - {{ $msg := printf "packaging: Unsupported packaging option: %s" $plugin }} - {{- fail $msg }} - {{- end }} - {{- end }} - {{- end }} - {{- if not $enabledPlugins }} - {{- fail "packaging: Please enable at least one of the packaging plugins." }} - {{- end }} - {{- $enabledPlugins = append $enabledPlugins "resources" }} - {{- end }} - {{- $enabledPlugins | toJson }} -{{- end -}} - -{{/* -Check if there are rolling tags in the images -*/}} -{{- define "kubeapps.checkRollingTags" -}} -{{- include "common.warnings.rollingTag" .Values.frontend.image }} -{{- include "common.warnings.rollingTag" .Values.dashboard.image }} -{{- include "common.warnings.rollingTag" .Values.apprepository.image }} -{{- include "common.warnings.rollingTag" .Values.authProxy.image }} -{{- include "common.warnings.rollingTag" .Values.pinnipedProxy.image }} -{{- include "common.warnings.rollingTag" .Values.kubeappsapis.image }} -{{- end -}} diff --git a/packages/system/dashboard/charts/kubeapps/templates/apprepository/apprepositories-secret.yaml b/packages/system/dashboard/charts/kubeapps/templates/apprepository/apprepositories-secret.yaml deleted file mode 100644 index bdd52c20..00000000 --- a/packages/system/dashboard/charts/kubeapps/templates/apprepository/apprepositories-secret.yaml +++ /dev/null @@ -1,60 +0,0 @@ -{{- /* -Copyright Broadcom, Inc. All Rights Reserved. -SPDX-License-Identifier: APACHE-2.0 -*/}} - -{{- if .Values.packaging.helm.enabled }} -{{- $versionLabel := dict "app.kubernetes.io/version" ( include "common.images.version" ( dict "imageRoot" .Values.apprepository.image "chart" .Chart ) ) }} -{{- $labels := include "common.tplvalues.merge" ( dict "values" ( list .Values.commonLabels $versionLabel ) "context" . ) }} -{{- range .Values.apprepository.initialRepos }} -{{- if or .caCert .authorizationHeader .basicAuth }} -apiVersion: v1 -kind: Secret -metadata: - name: {{ printf "apprepo-%s-secrets" .name }} - namespace: {{ default (include "kubeapps.helmGlobalPackagingNamespace" $) .namespace | quote }} - labels: {{- include "common.labels.standard" ( dict "customLabels" $labels "context" $ ) | nindent 4 }} - {{- if $.Values.commonAnnotations }} - annotations: {{- include "common.tplvalues.render" ( dict "value" $.Values.commonAnnotations "context" $ ) | nindent 4 }} - {{- end }} -data: - {{- if .caCert }} - ca.crt: |- - {{ .caCert | b64enc }} - {{- end }} - {{- $authorizationHeader := "" }} - {{- if .authorizationHeader }} - {{- $authorizationHeader = .authorizationHeader }} - {{- else if .basicAuth }} - {{- $authorizationHeader = printf "Basic %s" (printf "%s:%s" .basicAuth.user .basicAuth.password | b64enc) }} - {{- end }} - {{- if $authorizationHeader }} - authorizationHeader: |- - {{ $authorizationHeader | b64enc }} - {{- end }} ---- -{{/* credentials are required in the release namespace for syncer jobs */}} -{{- if or .namespace $.Values.apprepository.globalReposNamespaceSuffix $.Values.kubeappsapis.pluginConfig.helm.packages.v1alpha1.globalPackagingNamespace}} -apiVersion: v1 -kind: Secret -metadata: - name: {{ printf "%s-apprepo-%s" (default (include "kubeapps.helmGlobalPackagingNamespace" $) .namespace) .name }} - namespace: {{ $.Release.Namespace | quote }} - labels: {{- include "common.labels.standard" ( dict "customLabels" $labels "context" $ ) | nindent 4 }} - {{- if $.Values.commonAnnotations }} - annotations: {{- include "common.tplvalues.render" ( dict "value" $.Values.commonAnnotations "context" $ ) | nindent 4 }} - {{- end }} -data: - {{- if .caCert }} - ca.crt: |- - {{ .caCert | b64enc }} - {{- end }} - {{- if $authorizationHeader }} - authorizationHeader: |- - {{ $authorizationHeader | b64enc }} - {{- end }} ---- -{{- end }} -{{- end }} -{{- end }} -{{- end }} diff --git a/packages/system/dashboard/charts/kubeapps/templates/apprepository/apprepositories.yaml b/packages/system/dashboard/charts/kubeapps/templates/apprepository/apprepositories.yaml deleted file mode 100644 index 1158c79f..00000000 --- a/packages/system/dashboard/charts/kubeapps/templates/apprepository/apprepositories.yaml +++ /dev/null @@ -1,78 +0,0 @@ -{{- /* -Copyright Broadcom, Inc. All Rights Reserved. -SPDX-License-Identifier: APACHE-2.0 -*/}} - -{{- if .Values.packaging.helm.enabled }} -{{- $versionLabel := dict "app.kubernetes.io/version" ( include "common.images.version" ( dict "imageRoot" .Values.apprepository.image "chart" .Chart ) ) }} -{{- $labels := include "common.tplvalues.merge" ( dict "values" ( list .Values.commonLabels $versionLabel ) "context" . ) }} -{{- range .Values.apprepository.initialRepos }} -apiVersion: kubeapps.com/v1alpha1 -kind: AppRepository -metadata: - name: {{ .name }} - namespace: {{ default (include "kubeapps.helmGlobalPackagingNamespace" $) .namespace | quote }} - labels: {{- include "common.labels.standard" ( dict "customLabels" $labels "context" $ ) | nindent 4 }} - {{- if $.Values.commonAnnotations }} - annotations: {{- include "common.tplvalues.render" ( dict "value" $.Values.commonAnnotations "context" $ ) | nindent 4 }} - {{- end }} -spec: - type: {{ default "helm" .type }} - url: {{ .url }} - {{- if .ociRepositories }} - ociRepositories: - {{- range .ociRepositories }} - - {{ . }} - {{- end }} - {{- end }} - {{- if or $.Values.apprepository.podSecurityContext.enabled $.Values.apprepository.containerSecurityContext.enabled $.Values.apprepository.initialReposProxy.enabled .nodeSelector .tolerations}} - syncJobPodTemplate: - spec: - {{- if or $.Values.apprepository.initialReposProxy.enabled $.Values.apprepository.containerSecurityContext.enabled }} - containers: - - - {{- if $.Values.apprepository.initialReposProxy.enabled }} - env: - - name: https_proxy - value: {{ $.Values.apprepository.initialReposProxy.httpsProxy }} - - name: http_proxy - value: {{ $.Values.apprepository.initialReposProxy.httpProxy }} - - name: no_proxy - value: {{ $.Values.apprepository.initialReposProxy.noProxy }} - {{- end }} - {{- if $.Values.apprepository.containerSecurityContext.enabled }} - securityContext: {{- include "common.compatibility.renderSecurityContext" (dict "secContext" $.Values.apprepository.containerSecurityContext "context" $) | nindent 12 }} - {{- end }} - {{- end }} - {{- if $.Values.apprepository.podSecurityContext.enabled }} - securityContext: {{- include "common.compatibility.renderSecurityContext" (dict "secContext" $.Values.apprepository.podSecurityContext "context" $) | nindent 8 }} - {{- end }} - {{- if .nodeSelector }} - nodeSelector: {{- toYaml .nodeSelector | nindent 8 }} - {{- end }} - {{- if .tolerations }} - tolerations: {{- toYaml .tolerations | nindent 8 }} - {{- end }} - {{- end }} - {{- if or .caCert .authorizationHeader .basicAuth }} - auth: - {{- if .caCert }} - customCA: - secretKeyRef: - key: ca.crt - name: {{ printf "apprepo-%s-secrets" .name }} - {{- end }} - {{- if or .authorizationHeader .basicAuth }} - header: - secretKeyRef: - key: authorizationHeader - name: {{ printf "apprepo-%s-secrets" .name }} - {{- end }} - {{- end }} - {{- if .filterRule }} - filterRule: - {{- toYaml .filterRule | nindent 4 }} - {{- end }} ---- -{{ end -}} -{{- end -}} diff --git a/packages/system/dashboard/charts/kubeapps/templates/apprepository/deployment.yaml b/packages/system/dashboard/charts/kubeapps/templates/apprepository/deployment.yaml deleted file mode 100644 index 5a9ba1b4..00000000 --- a/packages/system/dashboard/charts/kubeapps/templates/apprepository/deployment.yaml +++ /dev/null @@ -1,166 +0,0 @@ -{{- /* -Copyright Broadcom, Inc. All Rights Reserved. -SPDX-License-Identifier: APACHE-2.0 -*/}} - -{{- if .Values.packaging.helm.enabled }} -apiVersion: {{ include "common.capabilities.deployment.apiVersion" . }} -kind: Deployment -metadata: - name: {{ template "kubeapps.apprepository.fullname" . }} - namespace: {{ include "common.names.namespace" . | quote }} - {{- $versionLabel := dict "app.kubernetes.io/version" ( include "common.images.version" ( dict "imageRoot" .Values.apprepository.image "chart" .Chart ) ) }} - {{- $labels := include "common.tplvalues.merge" ( dict "values" ( list .Values.commonLabels $versionLabel ) "context" . ) }} - labels: {{- include "common.labels.standard" ( dict "customLabels" $labels "context" $ ) | nindent 4 }} - app.kubernetes.io/component: apprepository - {{- if .Values.commonAnnotations }} - annotations: {{- include "common.tplvalues.render" ( dict "value" .Values.commonAnnotations "context" $ ) | nindent 4 }} - {{- end }} -spec: - replicas: {{ .Values.apprepository.replicaCount }} - {{- if .Values.apprepository.updateStrategy }} - strategy: {{- toYaml .Values.apprepository.updateStrategy | nindent 4 }} - {{- end }} - {{- $podLabels := include "common.tplvalues.merge" ( dict "values" ( list .Values.apprepository.podLabels .Values.commonLabels $versionLabel ) "context" . ) }} - selector: - matchLabels: {{- include "common.labels.matchLabels" ( dict "customLabels" $podLabels "context" $ ) | nindent 6 }} - app.kubernetes.io/component: apprepository - template: - metadata: - {{- if .Values.apprepository.podAnnotations }} - annotations: {{- include "common.tplvalues.render" (dict "value" .Values.apprepository.podAnnotations "context" $) | nindent 8 }} - {{- end }} - labels: {{- include "common.labels.standard" ( dict "customLabels" $podLabels "context" $ ) | nindent 8 }} - app.kubernetes.io/component: apprepository - spec: - {{- include "kubeapps.imagePullSecrets" . | nindent 6 }} - serviceAccountName: {{ template "kubeapps.apprepository.serviceAccountName" . }} - automountServiceAccountToken: {{ .Values.apprepository.automountServiceAccountToken }} - {{- if .Values.apprepository.hostAliases }} - hostAliases: {{- include "common.tplvalues.render" (dict "value" .Values.apprepository.hostAliases "context" $) | nindent 8 }} - {{- end }} - {{- if .Values.apprepository.affinity }} - affinity: {{- include "common.tplvalues.render" (dict "value" .Values.apprepository.affinity "context" $) | nindent 8 }} - {{- else }} - affinity: - podAffinity: {{- include "common.affinities.pods" (dict "type" .Values.apprepository.podAffinityPreset "component" "apprepository" "customLabels" $podLabels "context" $) | nindent 10 }} - podAntiAffinity: {{- include "common.affinities.pods" (dict "type" .Values.apprepository.podAntiAffinityPreset "component" "apprepository" "customLabels" $podLabels "context" $) | nindent 10 }} - nodeAffinity: {{- include "common.affinities.nodes" (dict "type" .Values.apprepository.nodeAffinityPreset.type "key" .Values.apprepository.nodeAffinityPreset.key "values" .Values.apprepository.nodeAffinityPreset.values) | nindent 10 }} - {{- end }} - {{- if .Values.apprepository.schedulerName }} - schedulerName: {{ .Values.apprepository.schedulerName }} - {{- end }} - {{- if .Values.apprepository.topologySpreadConstraints }} - topologySpreadConstraints: {{- include "common.tplvalues.render" (dict "value" .Values.apprepository.topologySpreadConstraints "context" .) | nindent 8 }} - {{- end }} - {{- if .Values.apprepository.nodeSelector }} - nodeSelector: {{- include "common.tplvalues.render" (dict "value" .Values.apprepository.nodeSelector "context" $) | nindent 8 }} - {{- end }} - {{- if .Values.apprepository.tolerations }} - tolerations: {{- include "common.tplvalues.render" (dict "value" .Values.apprepository.tolerations "context" $) | nindent 8 }} - {{- end }} - {{- if .Values.apprepository.priorityClassName }} - priorityClassName: {{ .Values.apprepository.priorityClassName | quote }} - {{- end }} - {{- if .Values.apprepository.podSecurityContext.enabled }} - securityContext: {{- include "common.compatibility.renderSecurityContext" (dict "secContext" .Values.apprepository.podSecurityContext "context" $) | nindent 8 }} - {{- end }} - {{- if .Values.apprepository.initContainers }} - initContainers: {{- include "common.tplvalues.render" (dict "value" .Values.apprepository.initContainers "context" $) | trim | nindent 8 }} - {{- end }} - containers: - - name: controller - image: {{ include "kubeapps.apprepository.image" . }} - imagePullPolicy: {{ .Values.apprepository.image.pullPolicy | quote }} - {{- if .Values.apprepository.containerSecurityContext.enabled }} - securityContext: {{- include "common.compatibility.renderSecurityContext" (dict "secContext" .Values.apprepository.containerSecurityContext "context" $) | nindent 12 }} - {{- end }} - {{- if .Values.apprepository.lifecycleHooks }} - lifecycle: {{- include "common.tplvalues.render" (dict "value" .Values.apprepository.lifecycleHooks "context" $) | nindent 12 }} - {{- end }} - {{- if .Values.apprepository.command }} - command: {{- include "common.tplvalues.render" (dict "value" .Values.apprepository.command "context" $) | nindent 12 }} - {{- else }} - command: - - /apprepository-controller - {{- end }} - {{- if .Values.apprepository.args }} - args: {{- include "common.tplvalues.render" (dict "value" .Values.apprepository.args "context" $) | nindent 12 }} - {{- else }} - args: - - --user-agent-comment={{ printf "kubeapps/%s" .Chart.AppVersion }} - - --repo-sync-image=$(REPO_SYNC_IMAGE) - {{- if .Values.global }} - {{- if.Values.global.imagePullSecrets }} - {{- range $key, $value := .Values.global.imagePullSecrets }} - - --repo-sync-image-pullsecrets={{ $value | quote }} - {{- end }} - {{- end }} - {{- end }} - - --repo-sync-cmd=/asset-syncer - - --namespace={{ .Release.Namespace }} - - --global-repos-namespace={{ include "kubeapps.helmGlobalPackagingNamespace" . }} - - --database-secret-name={{ include "kubeapps.postgresql.secretName" . }} - - --database-secret-key=postgres-password - - --database-url={{ printf "%s:%d" (include "kubeapps.postgresql.host" .) (int (include "kubeapps.postgresql.port" .)) }} - - --database-user={{ .Values.postgresql.auth.username }} - - --database-name={{ .Values.postgresql.auth.database }} - {{- if .Values.apprepository.crontab }} - - --crontab={{ .Values.apprepository.crontab }} - {{- end }} - - --repos-per-namespace={{ .Values.apprepository.watchAllNamespaces }} - {{- if.Values.apprepository.customAnnotations }} - {{- range $key, $value := .Values.apprepository.customAnnotations }} - - --custom-annotations={{ (print $key "=" $value) | quote }} - {{- end }} - {{- end }} - {{- if.Values.apprepository.customLabels }} - {{- range $key, $value := .Values.apprepository.customLabels }} - - --custom-labels={{ (print $key "=" $value) | quote }} - {{- end }} - {{- end }} - {{- range .Values.apprepository.extraFlags }} - - {{ . }} - {{- end }} - {{- end }} - env: - - name: REPO_SYNC_IMAGE - value: {{ include "kubeapps.apprepository.syncImage" . }} - {{- if .Values.ociCatalog.enabled }} - - name: OCI_CATALOG_URL - value: {{ printf "%s:%d" (include "kubeapps.kubeappsapis.fullname" .) (int .Values.ociCatalog.containerPorts.grpc) | quote }} - {{- end }} - {{- if .Values.apprepository.extraEnvVars }} - {{- include "common.tplvalues.render" (dict "value" .Values.apprepository.extraEnvVars "context" $) | nindent 12 }} - {{- end }} - envFrom: - {{- if .Values.apprepository.extraEnvVarsCM }} - - configMapRef: - name: {{ include "common.tplvalues.render" (dict "value" .Values.apprepository.extraEnvVarsCM "context" $) }} - {{- end }} - {{- if .Values.apprepository.extraEnvVarsSecret }} - - secretRef: - name: {{ include "common.tplvalues.render" (dict "value" .Values.apprepository.extraEnvVarsSecret "context" $) }} - {{- end }} - volumeMounts: - - name: empty-dir - mountPath: /tmp - subPath: tmp-dir - {{- if .Values.apprepository.extraVolumeMounts }} - {{- include "common.tplvalues.render" (dict "value" .Values.apprepository.extraVolumeMounts "context" $) | nindent 12 }} - {{- end }} - {{- if .Values.apprepository.resources }} - resources: {{- toYaml .Values.apprepository.resources | nindent 12 }} - {{- else if ne .Values.apprepository.resourcesPreset "none" }} - resources: {{- include "common.resources.preset" (dict "type" .Values.apprepository.resourcesPreset) | nindent 12 }} - {{- end }} - {{- if .Values.apprepository.sidecars }} - {{- include "common.tplvalues.render" (dict "value" .Values.apprepository.sidecars "context" $) | trim | nindent 8 }} - {{- end }} - volumes: - - name: empty-dir - emptyDir: {} - {{- if .Values.apprepository.extraVolumes }} - {{- include "common.tplvalues.render" (dict "value" .Values.apprepository.extraVolumes "context" $) | nindent 8 }} - {{- end }} -{{- end }} diff --git a/packages/system/dashboard/charts/kubeapps/templates/apprepository/networkpolicy.yaml b/packages/system/dashboard/charts/kubeapps/templates/apprepository/networkpolicy.yaml deleted file mode 100644 index 087b45a3..00000000 --- a/packages/system/dashboard/charts/kubeapps/templates/apprepository/networkpolicy.yaml +++ /dev/null @@ -1,59 +0,0 @@ -{{- /* -Copyright Broadcom, Inc. All Rights Reserved. -SPDX-License-Identifier: APACHE-2.0 -*/}} - -{{- if and .Values.packaging.helm.enabled .Values.apprepository.networkPolicy.enabled }} -kind: NetworkPolicy -apiVersion: {{ include "common.capabilities.networkPolicy.apiVersion" . }} -metadata: - name: {{ include "kubeapps.apprepository.fullname" . }} - namespace: {{ include "common.names.namespace" . | quote }} - {{- $versionLabel := dict "app.kubernetes.io/version" ( include "common.images.version" ( dict "imageRoot" .Values.apprepository.image "chart" .Chart ) ) }} - {{- $labels := include "common.tplvalues.merge" ( dict "values" ( list .Values.commonLabels $versionLabel ) "context" . ) }} - labels: {{- include "common.labels.standard" ( dict "customLabels" $labels "context" $ ) | nindent 4 }} - app.kubernetes.io/component: apprepository - {{- if .Values.commonAnnotations }} - annotations: {{- include "common.tplvalues.render" ( dict "value" .Values.commonAnnotations "context" $ ) | nindent 4 }} - {{- end }} -spec: - policyTypes: - - Ingress - - Egress - {{- $podLabels := include "common.tplvalues.merge" ( dict "values" ( list .Values.apprepository.podLabels .Values.commonLabels ) "context" . ) }} - podSelector: - matchLabels: {{- include "common.labels.matchLabels" ( dict "customLabels" $podLabels "context" $ ) | nindent 6 }} - app.kubernetes.io/component: apprepository - {{- if .Values.apprepository.networkPolicy.allowExternalEgress }} - egress: - - {} - {{- else }} - egress: - # Allow dns resolution - - ports: - - port: 53 - protocol: UDP - - port: 53 - protocol: TCP - {{- range $port := .Values.apprepository.networkPolicy.kubeAPIServerPorts }} - - port: {{ $port }} - {{- end }} - # Allow connection to PostgreSQL - - ports: - - port: {{ include "kubeapps.postgresql.port" . }} - {{- if .Values.postgresql.enabled }} - to: - - podSelector: - matchLabels: - app.kubernetes.io/name: postgresql - app.kubernetes.io/instance: {{ .Release.Name }} - {{- end }} - {{- if .Values.apprepository.networkPolicy.extraEgress }} - {{- include "common.tplvalues.render" ( dict "value" .Values.apprepository.networkPolicy.extraEgress "context" $ ) | nindent 4 }} - {{- end }} - {{- end }} - ingress: - {{- if .Values.apprepository.networkPolicy.extraIngress }} - {{- include "common.tplvalues.render" ( dict "value" .Values.apprepository.networkPolicy.extraIngress "context" $ ) | nindent 4 }} - {{- end }} -{{- end }} diff --git a/packages/system/dashboard/charts/kubeapps/templates/apprepository/pdb.yaml b/packages/system/dashboard/charts/kubeapps/templates/apprepository/pdb.yaml deleted file mode 100644 index a71a3635..00000000 --- a/packages/system/dashboard/charts/kubeapps/templates/apprepository/pdb.yaml +++ /dev/null @@ -1,30 +0,0 @@ -{{- /* -Copyright Broadcom, Inc. All Rights Reserved. -SPDX-License-Identifier: APACHE-2.0 -*/}} - -{{- if and .Values.packaging.helm.enabled .Values.apprepository.pdb.create }} -apiVersion: {{ include "common.capabilities.policy.apiVersion" . }} -kind: PodDisruptionBudget -metadata: - name: {{ template "kubeapps.apprepository.fullname" . }} - namespace: {{ include "common.names.namespace" . | quote }} - {{- $versionLabel := dict "app.kubernetes.io/version" ( include "common.images.version" ( dict "imageRoot" .Values.apprepository.image "chart" .Chart ) ) }} - {{- $labels := include "common.tplvalues.merge" ( dict "values" ( list .Values.commonLabels $versionLabel ) "context" . ) }} - labels: {{- include "common.labels.standard" ( dict "customLabels" $labels "context" $ ) | nindent 4 }} - app.kubernetes.io/component: apprepository - {{- if .Values.commonAnnotations }} - annotations: {{- include "common.tplvalues.render" ( dict "value" .Values.commonAnnotations "context" $ ) | nindent 4 }} - {{- end }} -spec: - {{- if .Values.apprepository.pdb.minAvailable }} - minAvailable: {{ .Values.apprepository.pdb.minAvailable }} - {{- end }} - {{- if or .Values.apprepository.pdb.maxUnavailable ( not .Values.apprepository.pdb.minAvailable ) }} - maxUnavailable: {{ .Values.apprepository.pdb.maxUnavailable | default 1 }} - {{- end }} - {{- $podLabels := include "common.tplvalues.merge" ( dict "values" ( list .Values.apprepository.podLabels .Values.commonLabels $versionLabel ) "context" . ) }} - selector: - matchLabels: {{- include "common.labels.matchLabels" ( dict "customLabels" $podLabels "context" $ ) | nindent 6 }} - app.kubernetes.io/component: apprepository -{{- end }} diff --git a/packages/system/dashboard/charts/kubeapps/templates/apprepository/rbac.yaml b/packages/system/dashboard/charts/kubeapps/templates/apprepository/rbac.yaml deleted file mode 100644 index 3f39dab1..00000000 --- a/packages/system/dashboard/charts/kubeapps/templates/apprepository/rbac.yaml +++ /dev/null @@ -1,256 +0,0 @@ -{{- /* -Copyright Broadcom, Inc. All Rights Reserved. -SPDX-License-Identifier: APACHE-2.0 -*/}} - -{{- if .Values.packaging.helm.enabled }} -{{- $versionLabel := dict "app.kubernetes.io/version" ( include "common.images.version" ( dict "imageRoot" .Values.apprepository.image "chart" .Chart ) ) }} -{{- $labels := include "common.tplvalues.merge" ( dict "values" ( list .Values.commonLabels $versionLabel ) "context" . ) }} -{{- if .Values.rbac.create -}} -# Role for managing events, jobs and cronjobs in the release namespace -apiVersion: {{ include "common.capabilities.rbac.apiVersion" . }} -kind: Role -metadata: - name: {{ template "kubeapps.apprepository.fullname" . }} - namespace: {{ include "common.names.namespace" . | quote }} - labels: {{- include "common.labels.standard" ( dict "customLabels" $labels "context" $ ) | nindent 4 }} - app.kubernetes.io/component: apprepository - {{- if .Values.commonAnnotations }} - annotations: {{- include "common.tplvalues.render" ( dict "value" .Values.commonAnnotations "context" $ ) | nindent 4 }} - {{- end }} -rules: - - apiGroups: - - "" - resources: - - events - verbs: - - create - - patch - - apiGroups: - - batch - resources: - - cronjobs - verbs: - - create - - get - - list - - update - - watch - - delete - - apiGroups: - - batch - resources: - - jobs - verbs: - - create ---- -# ClusterRole for managing AppRepository objects in every namespace, -# so that we can update the finalizers on AppRepository objects -apiVersion: {{ include "common.capabilities.rbac.apiVersion" . }} -kind: ClusterRole -metadata: - name: {{ template "kubeapps.apprepository.fullname.namespace" . }} - labels: {{- include "common.labels.standard" ( dict "customLabels" .Values.commonLabels "context" $ ) | nindent 4 }} - app.kubernetes.io/component: apprepository - {{- if .Values.commonAnnotations }} - annotations: {{- include "common.tplvalues.render" ( dict "value" .Values.commonAnnotations "context" $ ) | nindent 4 }} - {{- end }} -rules: - - apiGroups: - - kubeapps.com - resources: - - apprepositories - - apprepositories/finalizers - verbs: - - get - - list - - watch - - create - - update - - patch ---- -apiVersion: {{ include "common.capabilities.rbac.apiVersion" . }} -kind: RoleBinding -metadata: - name: {{ template "kubeapps.apprepository.fullname" . }} - namespace: {{ include "common.names.namespace" . | quote }} - labels: {{- include "common.labels.standard" ( dict "customLabels" $labels "context" $ ) | nindent 4 }} - app.kubernetes.io/component: apprepository - {{- if .Values.commonAnnotations }} - annotations: {{- include "common.tplvalues.render" ( dict "value" .Values.commonAnnotations "context" $ ) | nindent 4 }} - {{- end }} -roleRef: - apiGroup: rbac.authorization.k8s.io - kind: Role - name: {{ template "kubeapps.apprepository.fullname" . }} -subjects: - - kind: ServiceAccount - name: {{ template "kubeapps.apprepository.serviceAccountName" . }} - namespace: {{ .Release.Namespace }} ---- -# ClusterRoleBinding for the apprepository controller SA -apiVersion: {{ include "common.capabilities.rbac.apiVersion" . }} -kind: ClusterRoleBinding -metadata: - name: {{ template "kubeapps.apprepository.fullname.namespace" . }} - labels: {{- include "common.labels.standard" ( dict "customLabels" .Values.commonLabels "context" $ ) | nindent 4 }} - app.kubernetes.io/component: apprepository - {{- if .Values.commonAnnotations }} - annotations: {{- include "common.tplvalues.render" ( dict "value" .Values.commonAnnotations "context" $ ) | nindent 4 }} - {{- end }} -roleRef: - apiGroup: rbac.authorization.k8s.io - kind: ClusterRole - name: {{ template "kubeapps.apprepository.fullname.namespace" . }} -subjects: - - kind: ServiceAccount - name: {{ template "kubeapps.apprepository.serviceAccountName" . }} - namespace: {{ .Release.Namespace }} ---- -# Define role, but no binding, so users can be bound to this role -apiVersion: {{ include "common.capabilities.rbac.apiVersion" . }} -kind: Role -metadata: - name: {{ printf "%s-repositories-read" .Release.Name }} - namespace: {{ include "common.names.namespace" . | quote }} - labels: {{- include "common.labels.standard" ( dict "customLabels" $labels "context" $ ) | nindent 4 }} - app.kubernetes.io/component: apprepository - {{- if .Values.commonAnnotations }} - annotations: {{- include "common.tplvalues.render" ( dict "value" .Values.commonAnnotations "context" $ ) | nindent 4 }} - {{- end }} -rules: - - apiGroups: - - kubeapps.com - resources: - - apprepositories - verbs: - - list - - get ---- -# Define role, but no binding, so users can be bound to this role -apiVersion: {{ include "common.capabilities.rbac.apiVersion" . }} -kind: Role -metadata: - name: {{ printf "%s-repositories-write" .Release.Name }} - namespace: {{ include "common.names.namespace" . | quote }} - labels: {{- include "common.labels.standard" ( dict "customLabels" $labels "context" $ ) | nindent 4 }} - app.kubernetes.io/component: apprepository - {{- if .Values.commonAnnotations }} - annotations: {{- include "common.tplvalues.render" ( dict "value" .Values.commonAnnotations "context" $ ) | nindent 4 }} - {{- end }} -rules: - - apiGroups: - - kubeapps.com - resources: - - apprepositories - verbs: - - "*" - - apiGroups: - - "" - resources: - - secrets - verbs: - - create ---- -# The Kubeapps app repository controller can read and watch its own -# AppRepository resources cluster-wide. The read and write cluster-roles can -# also be bound to users in specific namespaces as required. -apiVersion: {{ include "common.capabilities.rbac.apiVersion" . }} -kind: ClusterRole -metadata: - name: {{ printf "kubeapps:%s:apprepositories-read" .Release.Namespace | quote }} - labels: {{- include "common.labels.standard" ( dict "customLabels" $labels "context" $ ) | nindent 4 }} - app.kubernetes.io/component: apprepository - rbac.authorization.k8s.io/aggregate-to-view: "true" - {{- if .Values.commonAnnotations }} - annotations: {{- include "common.tplvalues.render" ( dict "value" .Values.commonAnnotations "context" $ ) | nindent 4 }} - {{- end }} -rules: - - apiGroups: - - kubeapps.com - resources: - - apprepositories - - apprepositories/finalizers - verbs: - - get - - list - - watch ---- -apiVersion: {{ include "common.capabilities.rbac.apiVersion" . }} -kind: ClusterRoleBinding -metadata: - name: {{ printf "kubeapps:controller:%s:apprepositories-read" .Release.Namespace | quote }} - labels: {{- include "common.labels.standard" ( dict "customLabels" $labels "context" $ ) | nindent 4 }} - app.kubernetes.io/component: apprepository - {{- if .Values.commonAnnotations }} - annotations: {{- include "common.tplvalues.render" ( dict "value" .Values.commonAnnotations "context" $ ) | nindent 4 }} - {{- end }} -roleRef: - apiGroup: rbac.authorization.k8s.io - kind: ClusterRole - name: {{ printf "kubeapps:%s:apprepositories-read" .Release.Namespace | quote }} -subjects: - - kind: ServiceAccount - name: {{ template "kubeapps.apprepository.serviceAccountName" . }} - namespace: {{ .Release.Namespace }} ---- -apiVersion: {{ include "common.capabilities.rbac.apiVersion" . }} -kind: ClusterRole -metadata: - name: {{ printf "kubeapps:%s:apprepositories-write" .Release.Namespace | quote }} - labels: {{- include "common.labels.standard" ( dict "customLabels" $labels "context" $ ) | nindent 4 }} - app.kubernetes.io/component: apprepository - rbac.authorization.k8s.io/aggregate-to-edit: "true" - {{- if .Values.commonAnnotations }} - annotations: {{- include "common.tplvalues.render" ( dict "value" .Values.commonAnnotations "context" $ ) | nindent 4 }} - {{- end }} -rules: - - apiGroups: - - kubeapps.com - resources: - - apprepositories - verbs: - - '*' - - apiGroups: - - "" - resources: - - secrets - verbs: - - '*' ---- -apiVersion: {{ include "common.capabilities.rbac.apiVersion" . }} -kind: ClusterRole -metadata: - name: {{ printf "kubeapps:%s:apprepositories-refresh" .Release.Namespace | quote }} - labels: {{- include "common.labels.standard" ( dict "customLabels" $labels "context" $ ) | nindent 4 }} - app.kubernetes.io/component: apprepository - {{- if .Values.commonAnnotations }} - annotations: {{- include "common.tplvalues.render" ( dict "value" .Values.commonAnnotations "context" $ ) | nindent 4 }} - {{- end }} -rules: - - apiGroups: - - kubeapps.com - resources: - - apprepositories - verbs: - - get - - update ---- -apiVersion: {{ include "common.capabilities.rbac.apiVersion" . }} -kind: RoleBinding -metadata: - name: {{ printf "kubeapps:%s:global-repos-read" .Release.Namespace | quote }} - namespace: {{ include "kubeapps.helmGlobalPackagingNamespace" . | quote }} - labels: {{- include "common.labels.standard" ( dict "customLabels" $labels "context" $ ) | nindent 4 }} - {{- if .Values.commonAnnotations }} - annotations: {{- include "common.tplvalues.render" ( dict "value" .Values.commonAnnotations "context" $ ) | nindent 4 }} - {{- end }} -roleRef: - apiGroup: rbac.authorization.k8s.io - kind: ClusterRole - name: {{ printf "kubeapps:%s:apprepositories-read" .Release.Namespace | quote }} -subjects: - - kind: Group - name: system:authenticated -{{- end -}} -{{- end -}} diff --git a/packages/system/dashboard/charts/kubeapps/templates/apprepository/serviceaccount.yaml b/packages/system/dashboard/charts/kubeapps/templates/apprepository/serviceaccount.yaml deleted file mode 100644 index eff68f9c..00000000 --- a/packages/system/dashboard/charts/kubeapps/templates/apprepository/serviceaccount.yaml +++ /dev/null @@ -1,21 +0,0 @@ -{{- /* -Copyright Broadcom, Inc. All Rights Reserved. -SPDX-License-Identifier: APACHE-2.0 -*/}} - -{{- if and .Values.apprepository.serviceAccount.create .Values.packaging.helm.enabled }} -apiVersion: v1 -kind: ServiceAccount -metadata: - name: {{ template "kubeapps.apprepository.serviceAccountName" . }} - namespace: {{ include "common.names.namespace" . | quote }} - {{- $versionLabel := dict "app.kubernetes.io/version" ( include "common.images.version" ( dict "imageRoot" .Values.apprepository.image "chart" .Chart ) ) }} - {{- $labels := include "common.tplvalues.merge" ( dict "values" ( list .Values.commonLabels $versionLabel ) "context" . ) }} - labels: {{- include "common.labels.standard" ( dict "customLabels" $labels "context" $ ) | nindent 4 }} - app.kubernetes.io/component: apprepository - {{- if or .Values.apprepository.serviceAccount.annotations .Values.commonAnnotations }} - {{- $annotations := include "common.tplvalues.merge" ( dict "values" ( list .Values.apprepository.serviceAccount.annotations .Values.commonAnnotations ) "context" . ) }} - annotations: {{- include "common.tplvalues.render" ( dict "value" $annotations "context" $) | nindent 4 }} - {{- end }} -automountServiceAccountToken: {{ .Values.apprepository.serviceAccount.automountServiceAccountToken }} -{{- end -}} diff --git a/packages/system/dashboard/charts/kubeapps/templates/dashboard/configmap.yaml b/packages/system/dashboard/charts/kubeapps/templates/dashboard/configmap.yaml deleted file mode 100644 index b1f1891b..00000000 --- a/packages/system/dashboard/charts/kubeapps/templates/dashboard/configmap.yaml +++ /dev/null @@ -1,92 +0,0 @@ -{{- /* -Copyright Broadcom, Inc. All Rights Reserved. -SPDX-License-Identifier: APACHE-2.0 -*/}} - -{{- if .Values.dashboard.enabled -}} -apiVersion: v1 -kind: ConfigMap -metadata: - name: {{ template "kubeapps.dashboard-config.fullname" . }} - namespace: {{ include "common.names.namespace" . | quote }} - {{- $versionLabel := dict "app.kubernetes.io/version" ( include "common.images.version" ( dict "imageRoot" .Values.dashboard.image "chart" .Chart ) ) }} - {{- $labels := include "common.tplvalues.merge" ( dict "values" ( list .Values.commonLabels $versionLabel ) "context" . ) }} - labels: {{- include "common.labels.standard" ( dict "customLabels" $labels "context" $ ) | nindent 4 }} - app.kubernetes.io/component: dashboard - {{- if .Values.commonAnnotations }} - annotations: {{- include "common.tplvalues.render" ( dict "value" .Values.commonAnnotations "context" $ ) | nindent 4 }} - {{- end }} -data: - vhost.conf: |- - server { - listen {{ .Values.dashboard.containerPorts.http }}; - {{- if .Values.frontend.largeClientHeaderBuffers }} - large_client_header_buffers {{ .Values.frontend.largeClientHeaderBuffers }}; - {{- end }} - {{- if .Values.enableIPv6 }} - listen [::]:{{ .Values.dashboard.containerPorts.http }}; - {{- end }} - server_name _; - - gzip on; - gzip_static on; - - location /custom_style.css { - root /app/custom-css/; - } - - location /custom_locale.json { - root /app/custom-locale/; - } - - location /custom_components.js { - root /app/custom-components/; - } - - location / { - # Redirects are required to be relative otherwise the internal hostname will be exposed - absolute_redirect off; - - # Trailing / is required in the path for the React app to be loaded correctly - # The rewrite rule adds a trailing "/" to any path that does not contain "." neither "/". - # i.e kubeapps => kubeapps/ - rewrite ^([^.]*[^/])$ $1/ permanent; - - # Support for ingress prefixes maintaining compatibility with the default / - # 1 - Exactly two fragment URLs for files existing inside of the public/ dir - # i.e /[prefix]/config.json => /config.json - rewrite ^/[^/]+/([^/]+)$ /$1 break; - - # 2 - Any static files bundled by webpack referenced by 3 or more URL segments - # i.e /[prefix]/static/main.js => static/main.js - rewrite ^/[^/]+/static/(.*) /static/$1 break; - - try_files $uri /index.html; - } - } - custom_style.css: |- -{{- .Values.dashboard.customStyle | nindent 4 }} - custom_components.js: |- -{{- .Values.dashboard.customComponents | nindent 4 }} - custom_locale.json: |- -{{- .Values.dashboard.customLocale | toJson | nindent 4 }} - config.json: |- - { - "kubeappsCluster": {{ include "kubeapps.kubeappsCluster" . | quote }}, - "kubeappsNamespace": {{ .Release.Namespace | quote }}, - "helmGlobalNamespace": {{ include "kubeapps.helmGlobalPackagingNamespace" . | quote }}, - "carvelGlobalNamespace": {{ .Values.kubeappsapis.pluginConfig.kappController.packages.v1alpha1.globalPackagingNamespace | quote }}, - "appVersion": "latest", - "authProxyEnabled": {{ .Values.authProxy.enabled }}, - "oauthLoginURI": {{ .Values.authProxy.oauthLoginURI | quote }}, - "oauthLogoutURI": {{ .Values.authProxy.oauthLogoutURI | quote }}, - "authProxySkipLoginPage": {{ .Values.authProxy.skipKubeappsLoginPage }}, - "featureFlags": {{ .Values.featureFlags | toJson }}, - "clusters": {{ include "kubeapps.clusterNames" . }}, - "theme": {{ .Values.dashboard.defaultTheme | quote }}, - "remoteComponentsUrl": {{ .Values.dashboard.remoteComponentsUrl | quote }}, - "customAppViews": {{ .Values.dashboard.customAppViews | toJson }}, - "skipAvailablePackageDetails": {{ .Values.dashboard.skipAvailablePackageDetails }}, - "createNamespaceLabels": {{ .Values.dashboard.createNamespaceLabels | toJson }} - } -{{- end -}} diff --git a/packages/system/dashboard/charts/kubeapps/templates/dashboard/deployment.yaml b/packages/system/dashboard/charts/kubeapps/templates/dashboard/deployment.yaml deleted file mode 100644 index e474ed18..00000000 --- a/packages/system/dashboard/charts/kubeapps/templates/dashboard/deployment.yaml +++ /dev/null @@ -1,202 +0,0 @@ -{{- /* -Copyright Broadcom, Inc. All Rights Reserved. -SPDX-License-Identifier: APACHE-2.0 -*/}} - -{{- if .Values.dashboard.enabled }} -apiVersion: {{ include "common.capabilities.deployment.apiVersion" . }} -kind: Deployment -metadata: - name: {{ template "kubeapps.dashboard.fullname" . }} - namespace: {{ include "common.names.namespace" . | quote }} - {{- $versionLabel := dict "app.kubernetes.io/version" ( include "common.images.version" ( dict "imageRoot" .Values.dashboard.image "chart" .Chart ) ) }} - {{- $labels := include "common.tplvalues.merge" ( dict "values" ( list .Values.commonLabels $versionLabel ) "context" . ) }} - labels: {{- include "common.labels.standard" ( dict "customLabels" $labels "context" $ ) | nindent 4 }} - app.kubernetes.io/component: dashboard - {{- if .Values.commonAnnotations }} - annotations: {{- include "common.tplvalues.render" ( dict "value" .Values.commonAnnotations "context" $ ) | nindent 4 }} - {{- end }} -spec: - replicas: {{ .Values.dashboard.replicaCount }} - {{- if .Values.dashboard.updateStrategy }} - strategy: {{- toYaml .Values.dashboard.updateStrategy | nindent 4 }} - {{- end }} - {{- $podLabels := include "common.tplvalues.merge" ( dict "values" ( list .Values.dashboard.podLabels .Values.commonLabels $versionLabel ) "context" . ) }} - selector: - matchLabels: {{- include "common.labels.matchLabels" ( dict "customLabels" $podLabels "context" $ ) | nindent 6 }} - app.kubernetes.io/component: dashboard - template: - metadata: - annotations: - checksum/config: {{ include (print $.Template.BasePath "/dashboard/configmap.yaml") . | sha256sum }} - {{- if .Values.dashboard.podAnnotations }} - {{- include "common.tplvalues.render" (dict "value" .Values.dashboard.podAnnotations "context" $) | nindent 8 }} - {{- end }} - labels: {{- include "common.labels.standard" ( dict "customLabels" $podLabels "context" $ ) | nindent 8 }} - app.kubernetes.io/component: dashboard - spec: - {{- include "kubeapps.imagePullSecrets" . | nindent 6 }} - automountServiceAccountToken: {{ .Values.dashboard.automountServiceAccountToken }} - {{- if .Values.dashboard.hostAliases }} - hostAliases: {{- include "common.tplvalues.render" (dict "value" .Values.dashboard.hostAliases "context" $) | nindent 8 }} - {{- end }} - {{- if .Values.dashboard.affinity }} - affinity: {{- include "common.tplvalues.render" (dict "value" .Values.dashboard.affinity "context" $) | nindent 8 }} - {{- else }} - affinity: - podAffinity: {{- include "common.affinities.pods" (dict "type" .Values.dashboard.podAffinityPreset "component" "dashboard" "customLabels" $podLabels "context" $) | nindent 10 }} - podAntiAffinity: {{- include "common.affinities.pods" (dict "type" .Values.dashboard.podAntiAffinityPreset "component" "dashboard" "customLabels" $podLabels "context" $) | nindent 10 }} - nodeAffinity: {{- include "common.affinities.nodes" (dict "type" .Values.dashboard.nodeAffinityPreset.type "key" .Values.dashboard.nodeAffinityPreset.key "values" .Values.dashboard.nodeAffinityPreset.values) | nindent 10 }} - {{- end }} - {{- if .Values.dashboard.schedulerName }} - schedulerName: {{ .Values.dashboard.schedulerName }} - {{- end }} - {{- if .Values.dashboard.topologySpreadConstraints }} - topologySpreadConstraints: {{- include "common.tplvalues.render" (dict "value" .Values.dashboard.topologySpreadConstraints "context" .) | nindent 8 }} - {{- end }} - {{- if .Values.dashboard.nodeSelector }} - nodeSelector: {{- include "common.tplvalues.render" (dict "value" .Values.dashboard.nodeSelector "context" $) | nindent 8 }} - {{- end }} - {{- if .Values.dashboard.tolerations }} - tolerations: {{- include "common.tplvalues.render" (dict "value" .Values.dashboard.tolerations "context" $) | nindent 8 }} - {{- end }} - {{- if .Values.dashboard.priorityClassName }} - priorityClassName: {{ .Values.dashboard.priorityClassName | quote }} - {{- end }} - {{- if .Values.dashboard.podSecurityContext.enabled }} - securityContext: {{- include "common.compatibility.renderSecurityContext" (dict "secContext" .Values.dashboard.podSecurityContext "context" $) | nindent 8 }} - {{- end }} - {{- if .Values.dashboard.initContainers }} - initContainers: {{- include "common.tplvalues.render" (dict "value" .Values.dashboard.initContainers "context" $) | nindent 8 }} - {{- end }} - containers: - - name: dashboard - image: {{ include "kubeapps.dashboard.image" . }} - imagePullPolicy: {{ .Values.dashboard.image.pullPolicy | quote }} - {{- if .Values.dashboard.containerSecurityContext.enabled }} - securityContext: {{- include "common.compatibility.renderSecurityContext" (dict "secContext" .Values.dashboard.containerSecurityContext "context" $) | nindent 12 }} - {{- end }} - {{- if .Values.diagnosticMode.enabled }} - command: {{- include "common.tplvalues.render" (dict "value" .Values.diagnosticMode.command "context" $) | nindent 12 }} - {{- else if .Values.dashboard.command }} - command: {{- include "common.tplvalues.render" (dict "value" .Values.dashboard.command "context" $) | nindent 12 }} - {{- end }} - {{- if .Values.diagnosticMode.enabled }} - args: {{- include "common.tplvalues.render" (dict "value" .Values.diagnosticMode.args "context" $) | nindent 12 }} - {{- else if .Values.dashboard.args }} - args: {{- include "common.tplvalues.render" (dict "value" .Values.dashboard.args "context" $) | nindent 12 }} - {{- end }} - {{- if .Values.dashboard.lifecycleHooks }} - lifecycle: {{- include "common.tplvalues.render" (dict "value" .Values.dashboard.lifecycleHooks "context" $) | nindent 12 }} - {{- end }} - env: - - name: BITNAMI_DEBUG - value: {{ ternary "true" "false" .Values.dashboard.image.debug | quote }} - {{- if .Values.dashboard.extraEnvVars }} - {{- include "common.tplvalues.render" (dict "value" .Values.dashboard.extraEnvVars "context" $) | nindent 12 }} - {{- end }} - envFrom: - {{- if .Values.dashboard.extraEnvVarsCM }} - - configMapRef: - name: {{ include "common.tplvalues.render" (dict "value" .Values.dashboard.extraEnvVarsCM "context" $) }} - {{- end }} - {{- if .Values.dashboard.extraEnvVarsSecret }} - - secretRef: - name: {{ include "common.tplvalues.render" (dict "value" .Values.dashboard.extraEnvVarsSecret "context" $) }} - {{- end }} - ports: - - name: http - containerPort: {{ .Values.dashboard.containerPorts.http }} - {{- if not .Values.diagnosticMode.enabled }} - {{- if .Values.dashboard.customLivenessProbe }} - livenessProbe: {{- include "common.tplvalues.render" (dict "value" .Values.dashboard.customLivenessProbe "context" $) | nindent 12 }} - {{- else if .Values.dashboard.livenessProbe.enabled }} - livenessProbe: {{- include "common.tplvalues.render" (dict "value" (omit .Values.dashboard.livenessProbe "enabled") "context" $) | nindent 12 }} - tcpSocket: - port: http - {{- end }} - {{- if .Values.dashboard.customReadinessProbe }} - readinessProbe: {{- include "common.tplvalues.render" (dict "value" .Values.dashboard.customReadinessProbe "context" $) | nindent 12 }} - {{- else if .Values.dashboard.readinessProbe.enabled }} - readinessProbe: {{- include "common.tplvalues.render" (dict "value" (omit .Values.dashboard.readinessProbe "enabled") "context" $) | nindent 12 }} - httpGet: - path: / - port: http - {{- end }} - {{- if .Values.dashboard.customStartupProbe }} - startupProbe: {{- include "common.tplvalues.render" (dict "value" .Values.dashboard.customStartupProbe "context" $) | nindent 12 }} - {{- else if .Values.dashboard.startupProbe.enabled }} - startupProbe: {{- include "common.tplvalues.render" (dict "value" (omit .Values.dashboard.startupProbe "enabled") "context" $) | nindent 12 }} - tcpSocket: - port: http - {{- end }} - {{- end }} - {{- if .Values.dashboard.resources }} - resources: {{- toYaml .Values.dashboard.resources | nindent 12 }} - {{- else if ne .Values.dashboard.resourcesPreset "none" }} - resources: {{- include "common.resources.preset" (dict "type" .Values.dashboard.resourcesPreset) | nindent 12 }} - {{- end }} - volumeMounts: - - name: vhost - mountPath: /opt/bitnami/nginx/conf/server_blocks - - name: empty-dir - mountPath: /tmp - subPath: tmp-dir - - name: empty-dir - mountPath: /opt/bitnami/nginx/tmp - subPath: app-tmp-dir - - name: empty-dir - mountPath: /opt/bitnami/nginx/logs - subPath: app-logs-dir - - name: config - mountPath: /app/config.json - subPath: config.json - - mountPath: /app/custom-css - name: custom-css - - mountPath: /app/custom-locale - name: custom-locale - - mountPath: /app/custom-components - name: custom-components - {{- if .Values.dashboard.extraVolumeMounts }} - {{- include "common.tplvalues.render" (dict "value" .Values.dashboard.extraVolumeMounts "context" $) | nindent 12 }} - {{- end }} - {{- if .Values.dashboard.sidecars }} - {{- include "common.tplvalues.render" (dict "value" .Values.dashboard.sidecars "context" $) | nindent 8 }} - {{- end }} - volumes: - - name: empty-dir - emptyDir: {} - - name: vhost - configMap: - name: {{ template "kubeapps.dashboard-config.fullname" . }} - items: - - key: vhost.conf - path: vhost.conf - - name: config - configMap: - name: {{ template "kubeapps.dashboard-config.fullname" . }} - items: - - key: config.json - path: config.json - - name: custom-css - configMap: - name: {{ template "kubeapps.dashboard-config.fullname" . }} - items: - - key: custom_style.css - path: custom_style.css - - name: custom-locale - configMap: - name: {{ template "kubeapps.dashboard-config.fullname" . }} - items: - - key: custom_locale.json - path: custom_locale.json - - name: custom-components - configMap: - name: {{ template "kubeapps.dashboard-config.fullname" . }} - items: - - key: custom_components.js - path: custom_components.js - {{- if .Values.dashboard.extraVolumes }} - {{- include "common.tplvalues.render" (dict "value" .Values.dashboard.extraVolumes "context" $) | nindent 8 }} - {{- end }} -{{- end -}} diff --git a/packages/system/dashboard/charts/kubeapps/templates/dashboard/networkpolicy.yaml b/packages/system/dashboard/charts/kubeapps/templates/dashboard/networkpolicy.yaml deleted file mode 100644 index 63b27c42..00000000 --- a/packages/system/dashboard/charts/kubeapps/templates/dashboard/networkpolicy.yaml +++ /dev/null @@ -1,71 +0,0 @@ -{{- /* -Copyright Broadcom, Inc. All Rights Reserved. -SPDX-License-Identifier: APACHE-2.0 -*/}} - -{{- if and .Values.dashboard.enabled .Values.dashboard.networkPolicy.enabled }} -kind: NetworkPolicy -apiVersion: {{ include "common.capabilities.networkPolicy.apiVersion" . }} -metadata: - name: {{ include "kubeapps.dashboard.fullname" . }} - namespace: {{ include "common.names.namespace" . | quote }} - {{- $versionLabel := dict "app.kubernetes.io/version" ( include "common.images.version" ( dict "imageRoot" .Values.dashboard.image "chart" .Chart ) ) }} - {{- $labels := include "common.tplvalues.merge" ( dict "values" ( list .Values.commonLabels $versionLabel ) "context" . ) }} - labels: {{- include "common.labels.standard" ( dict "customLabels" $labels "context" $ ) | nindent 4 }} - app.kubernetes.io/component: dashboard - {{- if .Values.commonAnnotations }} - annotations: {{- include "common.tplvalues.render" ( dict "value" .Values.commonAnnotations "context" $ ) | nindent 4 }} - {{- end }} -spec: - policyTypes: - - Ingress - - Egress - {{- $podLabels := include "common.tplvalues.merge" ( dict "values" ( list .Values.dashboard.podLabels .Values.commonLabels $versionLabel ) "context" . ) }} - podSelector: - matchLabels: {{- include "common.labels.matchLabels" ( dict "customLabels" $podLabels "context" $ ) | nindent 6 }} - app.kubernetes.io/component: dashboard - {{- if .Values.dashboard.networkPolicy.allowExternalEgress }} - egress: - - {} - {{- else }} - egress: - # Allow dns resolution - - ports: - - port: 53 - protocol: UDP - - port: 53 - protocol: TCP - {{- range $port := .Values.dashboard.networkPolicy.kubeAPIServerPorts }} - - port: {{ $port }} - {{- end }} - {{- if .Values.dashboard.networkPolicy.extraEgress }} - {{- include "common.tplvalues.render" ( dict "value" .Values.dashboard.networkPolicy.extraEgress "context" $ ) | nindent 4 }} - {{- end }} - {{- end }} - ingress: - # Allow inbound connections - - ports: - - port: {{ .Values.dashboard.containerPorts.http }} - {{- if not .Values.dashboard.networkPolicy.allowExternal }} - from: - - podSelector: - matchLabels: {{- include "common.labels.matchLabels" ( dict "customLabels" .Values.commonLabels "context" $ ) | nindent 14 }} - {{- if .Values.dashboard.networkPolicy.ingressNSMatchLabels }} - - namespaceSelector: - matchLabels: - {{- range $key, $value := .Values.dashboard.networkPolicy.ingressNSMatchLabels }} - {{ $key | quote }}: {{ $value | quote }} - {{- end }} - {{- if .Values.dashboard.networkPolicy.ingressNSPodMatchLabels }} - podSelector: - matchLabels: - {{- range $key, $value := .Values.dashboard.networkPolicy.ingressNSPodMatchLabels }} - {{ $key | quote }}: {{ $value | quote }} - {{- end }} - {{- end }} - {{- end }} - {{- end }} - {{- if .Values.dashboard.networkPolicy.extraIngress }} - {{- include "common.tplvalues.render" ( dict "value" .Values.dashboard.networkPolicy.extraIngress "context" $ ) | nindent 4 }} - {{- end }} -{{- end }} diff --git a/packages/system/dashboard/charts/kubeapps/templates/dashboard/pdb.yaml b/packages/system/dashboard/charts/kubeapps/templates/dashboard/pdb.yaml deleted file mode 100644 index 67578402..00000000 --- a/packages/system/dashboard/charts/kubeapps/templates/dashboard/pdb.yaml +++ /dev/null @@ -1,30 +0,0 @@ -{{- /* -Copyright Broadcom, Inc. All Rights Reserved. -SPDX-License-Identifier: APACHE-2.0 -*/}} - -{{- if and .Values.dashboard.enabled .Values.dashboard.pdb.create }} -apiVersion: {{ include "common.capabilities.policy.apiVersion" . }} -kind: PodDisruptionBudget -metadata: - name: {{ template "kubeapps.dashboard.fullname" . }} - namespace: {{ include "common.names.namespace" . | quote }} - {{- $versionLabel := dict "app.kubernetes.io/version" ( include "common.images.version" ( dict "imageRoot" .Values.dashboard.image "chart" .Chart ) ) }} - {{- $labels := include "common.tplvalues.merge" ( dict "values" ( list .Values.commonLabels $versionLabel ) "context" . ) }} - labels: {{- include "common.labels.standard" ( dict "customLabels" $labels "context" $ ) | nindent 4 }} - app.kubernetes.io/component: dashboard - {{- if .Values.commonAnnotations }} - annotations: {{- include "common.tplvalues.render" ( dict "value" .Values.commonAnnotations "context" $ ) | nindent 4 }} - {{- end }} -spec: - {{- if .Values.dashboard.pdb.minAvailable }} - minAvailable: {{ .Values.dashboard.pdb.minAvailable }} - {{- end }} - {{- if or .Values.dashboard.pdb.maxUnavailable ( not .Values.dashboard.pdb.minAvailable ) }} - maxUnavailable: {{ .Values.dashboard.pdb.maxUnavailable | default 1 }} - {{- end }} - {{- $podLabels := include "common.tplvalues.merge" ( dict "values" ( list .Values.dashboard.podLabels .Values.commonLabels $versionLabel ) "context" . ) }} - selector: - matchLabels: {{- include "common.labels.matchLabels" ( dict "customLabels" $podLabels "context" $ ) | nindent 6 }} - app.kubernetes.io/component: dashboard -{{- end }} diff --git a/packages/system/dashboard/charts/kubeapps/templates/dashboard/service.yaml b/packages/system/dashboard/charts/kubeapps/templates/dashboard/service.yaml deleted file mode 100644 index d13cb2d7..00000000 --- a/packages/system/dashboard/charts/kubeapps/templates/dashboard/service.yaml +++ /dev/null @@ -1,30 +0,0 @@ -{{- /* -Copyright Broadcom, Inc. All Rights Reserved. -SPDX-License-Identifier: APACHE-2.0 -*/}} - -{{- if .Values.dashboard.enabled -}} -apiVersion: v1 -kind: Service -metadata: - name: {{ template "kubeapps.dashboard.fullname" . }} - namespace: {{ include "common.names.namespace" . | quote }} - {{- $versionLabel := dict "app.kubernetes.io/version" ( include "common.images.version" ( dict "imageRoot" .Values.dashboard.image "chart" .Chart ) ) }} - {{- $labels := include "common.tplvalues.merge" ( dict "values" ( list .Values.commonLabels $versionLabel ) "context" . ) }} - labels: {{- include "common.labels.standard" ( dict "customLabels" $labels "context" $ ) | nindent 4 }} - app.kubernetes.io/component: dashboard - {{- if or .Values.dashboard.service.annotations .Values.commonAnnotations }} - {{- $annotations := include "common.tplvalues.merge" ( dict "values" ( list .Values.dashboard.service.annotations .Values.commonAnnotations ) "context" . ) }} - annotations: {{- include "common.tplvalues.render" ( dict "value" $annotations "context" $) | nindent 4 }} - {{- end }} -spec: - type: ClusterIP - ports: - - port: {{ .Values.dashboard.service.ports.http }} - targetPort: http - protocol: TCP - name: http - {{- $podLabels := include "common.tplvalues.merge" ( dict "values" ( list .Values.dashboard.podLabels .Values.commonLabels ) "context" . ) }} - selector: {{- include "common.labels.matchLabels" ( dict "customLabels" $podLabels "context" $ ) | nindent 4 }} - app.kubernetes.io/component: dashboard -{{- end -}} diff --git a/packages/system/dashboard/charts/kubeapps/templates/extra-list.yaml b/packages/system/dashboard/charts/kubeapps/templates/extra-list.yaml deleted file mode 100644 index 329f5c65..00000000 --- a/packages/system/dashboard/charts/kubeapps/templates/extra-list.yaml +++ /dev/null @@ -1,9 +0,0 @@ -{{- /* -Copyright Broadcom, Inc. All Rights Reserved. -SPDX-License-Identifier: APACHE-2.0 -*/}} - -{{- range .Values.extraDeploy }} ---- -{{ include "common.tplvalues.render" (dict "value" . "context" $) }} -{{- end }} diff --git a/packages/system/dashboard/charts/kubeapps/templates/frontend/configmap.yaml b/packages/system/dashboard/charts/kubeapps/templates/frontend/configmap.yaml deleted file mode 100644 index cafdc5fc..00000000 --- a/packages/system/dashboard/charts/kubeapps/templates/frontend/configmap.yaml +++ /dev/null @@ -1,145 +0,0 @@ -{{- /* -Copyright Broadcom, Inc. All Rights Reserved. -SPDX-License-Identifier: APACHE-2.0 -*/}} - -apiVersion: v1 -kind: ConfigMap -metadata: - name: {{ template "kubeapps.frontend-config.fullname" . }} - namespace: {{ include "common.names.namespace" . | quote }} - {{- $versionLabel := dict "app.kubernetes.io/version" ( include "common.images.version" ( dict "imageRoot" .Values.frontend.image "chart" .Chart ) ) }} - {{- $labels := include "common.tplvalues.merge" ( dict "values" ( list .Values.commonLabels $versionLabel ) "context" . ) }} - labels: {{- include "common.labels.standard" ( dict "customLabels" $labels "context" $ ) | nindent 4 }} - app.kubernetes.io/component: frontend - {{- if .Values.commonAnnotations }} - annotations: {{- include "common.tplvalues.render" ( dict "value" .Values.commonAnnotations "context" $ ) | nindent 4 }} - {{- end }} -data: - k8s-api-proxy.conf: |- - # Deactivate buffering for log streaming - proxy_buffering off; - # Hide Www-Authenticate to prevent it triggering a basic auth prompt in - # the browser with some clusters - proxy_hide_header Www-Authenticate; - - # Keep the connection open with the API server even if idle (the default is 60 seconds) - # Setting it to 1 hour which should be enough for our current use case of deploying/upgrading apps - # If we enable other use-cases in the future we might need to bump this value - # More info here https://github.com/vmware-tanzu/kubeapps/issues/766 - proxy_read_timeout 1h; - - {{- if .Values.frontend.proxypassAccessTokenAsBearer }} - # Google Kubernetes Engine requires the access_token as the Bearer when talking to the k8s api server. - proxy_set_header Authorization "Bearer $http_x_forwarded_access_token"; - {{- end }} -{{- range .Values.clusters }} - {{- if .certificateAuthorityData }} - {{ printf "%s-ca.pem" .name }}: {{ .certificateAuthorityData }} - {{- end }} -{{- end }} - vhost.conf: |- - # Retain the default nginx handling of requests without a "Connection" header - map $http_upgrade $connection_upgrade { - default upgrade; - '' close; - } - - # Allow websocket connections - proxy_set_header Upgrade $http_upgrade; - proxy_set_header Connection $connection_upgrade; - - server { - listen {{ .Values.frontend.containerPorts.http }}; - {{- if .Values.frontend.largeClientHeaderBuffers }} - large_client_header_buffers {{ .Values.frontend.largeClientHeaderBuffers }}; - {{- end }} - {{- if .Values.enableIPv6 }} - listen [::]:{{ .Values.frontend.containerPorts.http }}; - {{- end }} - server_name _; - - location /healthz { - access_log off; - default_type text/plain; - return 200 "healthy\n"; - } - - # Only proxy to k8s API endpoints if operators are enabled. - {{- if $.Values.featureFlags.operators }} - - # Ensure each cluster can be reached (should only be - # used with an auth-proxy where k8s credentials never leave - # the cluster). See clusters option. - {{- range .Values.clusters }} - - location ~* /api/clusters/{{ .name }} { - {{/* We need to split the API service URL(s) into the base url and the path segment so - those configurations using a path can be appropriately rewritten below while - ensuring the proxy_pass statement is given the base URL only. */}} - {{- $parsed := urlParse (default "https://kubernetes.default" .apiServiceURL) }} - {{- $apiServiceBaseURL := urlJoin (pick $parsed "scheme" "host") }} - {{- $apiServiceURLPath := $parsed.path }} - rewrite /api/clusters/{{ .name }}/(.*) {{ $apiServiceURLPath }}/$1 break; - rewrite /api/clusters/{{ .name }} {{ $apiServiceURLPath }}/ break; - - {{/* Helm returns a nil pointer error when accessing foo.bar if foo doesn't - exist, even with the `default` function. - See https://github.com/helm/helm/issues/8026#issuecomment-756538254 */}} - {{- $pinnipedConfig := .pinnipedConfig | default dict }} - {{- if and $.Values.pinnipedProxy.enabled (or $pinnipedConfig.enabled $pinnipedConfig.enable) }} - # If pinniped proxy is enabled *and* the current cluster is configured - # to exchange credentials then we route via pinnipedProxy to exchange - # credentials for client certificates. Note, we are currently still supporting - # the deprecated `pinnipedConfig.enable` until the next feature release. - # All documentation should now reference the cluster-specific `pinnipedConfig.enabled`. - {{- if .apiServiceURL }} - proxy_set_header PINNIPED_PROXY_API_SERVER_URL {{ .apiServiceURL }}; - {{- end }} - {{- if .certificateAuthorityData }} - proxy_set_header PINNIPED_PROXY_API_SERVER_CERT {{ .certificateAuthorityData }}; - {{- end }} - proxy_pass {{ printf "http://%s.%s:%d" (include "kubeapps.pinniped-proxy.fullname" $) $.Release.Namespace (int $.Values.pinnipedProxy.service.ports.pinnipedProxy) }}; - {{- else }} - # Otherwise we route directly through to the clusters with existing credentials. - proxy_pass {{ $apiServiceBaseURL }}; - {{- if .certificateAuthorityData }} - proxy_ssl_trusted_certificate {{ printf "./server_blocks/%s-ca.pem" .name | quote }}; - {{- end }} - {{- end }} - include "./server_blocks/k8s-api-proxy.conf"; - } - {{- end }} - {{- end }} - - location ~* /apis { - rewrite ^ $request_uri; # pass the encoded url downstream as is, - rewrite /apis/([^?]*) /$1 break; - rewrite /apis / break; - - {{- if .Values.frontend.proxypassExtraSetHeader }} - proxy_set_header {{ .Values.frontend.proxypassExtraSetHeader }}; - {{- end }} - - {{- if .Values.frontend.proxypassAccessTokenAsBearer }} - # Google Kubernetes Engine requires the access_token as the Bearer when talking to the k8s api server. - proxy_set_header Authorization "Bearer $http_x_forwarded_access_token"; - {{- end }} - - proxy_pass {{ include "kubeapps.kubeappsapis.proxy_pass" . -}}; - } - - {{- if .Values.dashboard.enabled }} - location / { - # Add the Authorization header if exists - add_header Authorization $http_authorization; - proxy_pass {{ printf "http://%s:%d" (include "kubeapps.dashboard.fullname" .) (int .Values.dashboard.service.ports.http) }}; - } - {{- end }} - - location /logos { - # Add the Authorization header if exists - proxy_set_header Cookie ""; - proxy_pass http://cozystack.cozy-system.svc:80; - } - } diff --git a/packages/system/dashboard/charts/kubeapps/templates/frontend/deployment.yaml b/packages/system/dashboard/charts/kubeapps/templates/frontend/deployment.yaml deleted file mode 100644 index 9c7e9a47..00000000 --- a/packages/system/dashboard/charts/kubeapps/templates/frontend/deployment.yaml +++ /dev/null @@ -1,335 +0,0 @@ -{{- /* -Copyright Broadcom, Inc. All Rights Reserved. -SPDX-License-Identifier: APACHE-2.0 -*/}} - -apiVersion: {{ include "common.capabilities.deployment.apiVersion" . }} -kind: Deployment -metadata: - name: {{ template "common.names.fullname" . }} - namespace: {{ include "common.names.namespace" . | quote }} - {{- $versionLabel := dict "app.kubernetes.io/version" ( include "common.images.version" ( dict "imageRoot" .Values.frontend.image "chart" .Chart ) ) }} - {{- $labels := include "common.tplvalues.merge" ( dict "values" ( list .Values.commonLabels $versionLabel ) "context" . ) }} - labels: {{- include "common.labels.standard" ( dict "customLabels" $labels "context" $ ) | nindent 4 }} - app.kubernetes.io/component: frontend - {{- if .Values.commonAnnotations }} - annotations: {{- include "common.tplvalues.render" ( dict "value" .Values.commonAnnotations "context" $ ) | nindent 4 }} - {{- end }} -spec: - replicas: {{ .Values.frontend.replicaCount }} - {{- if .Values.frontend.updateStrategy }} - strategy: {{- toYaml .Values.frontend.updateStrategy | nindent 4 }} - {{- end }} - {{- $podLabels := include "common.tplvalues.merge" ( dict "values" ( list .Values.frontend.podLabels .Values.commonLabels $versionLabel ) "context" . ) }} - selector: - matchLabels: {{- include "common.labels.matchLabels" ( dict "customLabels" $podLabels "context" $ ) | nindent 6 }} - app.kubernetes.io/component: frontend - template: - metadata: - annotations: - checksum/config: {{ include (print $.Template.BasePath "/frontend/configmap.yaml") . | sha256sum }} - {{- if .Values.frontend.podAnnotations }} - {{- include "common.tplvalues.render" (dict "value" .Values.frontend.podAnnotations "context" $) | nindent 8 }} - {{- end }} - labels: {{- include "common.labels.standard" ( dict "customLabels" $podLabels "context" $ ) | nindent 8 }} - app.kubernetes.io/component: frontend - spec: - {{- include "kubeapps.imagePullSecrets" . | nindent 6 }} - automountServiceAccountToken: {{ .Values.frontend.automountServiceAccountToken }} - {{- if .Values.frontend.hostAliases }} - hostAliases: {{- include "common.tplvalues.render" (dict "value" .Values.frontend.hostAliases "context" $) | nindent 8 }} - {{- end }} - {{- if .Values.frontend.affinity }} - affinity: {{- include "common.tplvalues.render" (dict "value" .Values.frontend.affinity "context" $) | nindent 8 }} - {{- else }} - affinity: - podAffinity: {{- include "common.affinities.pods" (dict "type" .Values.frontend.podAffinityPreset "component" "frontend" "customLabels" $podLabels "context" $) | nindent 10 }} - podAntiAffinity: {{- include "common.affinities.pods" (dict "type" .Values.frontend.podAntiAffinityPreset "component" "frontend" "customLabels" $podLabels "context" $) | nindent 10 }} - nodeAffinity: {{- include "common.affinities.nodes" (dict "type" .Values.frontend.nodeAffinityPreset.type "key" .Values.frontend.nodeAffinityPreset.key "values" .Values.frontend.nodeAffinityPreset.values) | nindent 10 }} - {{- end }} - {{- if .Values.frontend.schedulerName }} - schedulerName: {{ .Values.frontend.schedulerName }} - {{- end }} - {{- if .Values.frontend.topologySpreadConstraints }} - topologySpreadConstraints: {{- include "common.tplvalues.render" (dict "value" .Values.frontend.topologySpreadConstraints "context" .) | nindent 8 }} - {{- end }} - {{- if .Values.frontend.nodeSelector }} - nodeSelector: {{- include "common.tplvalues.render" (dict "value" .Values.frontend.nodeSelector "context" $) | nindent 8 }} - {{- end }} - {{- if .Values.frontend.tolerations }} - tolerations: {{- include "common.tplvalues.render" (dict "value" .Values.frontend.tolerations "context" $) | nindent 8 }} - {{- end }} - {{- if .Values.frontend.priorityClassName }} - priorityClassName: {{ .Values.frontend.priorityClassName | quote }} - {{- end }} - {{- if .Values.frontend.podSecurityContext.enabled }} - securityContext: {{- include "common.compatibility.renderSecurityContext" (dict "secContext" .Values.frontend.podSecurityContext "context" $) | nindent 8 }} - {{- end }} - {{- if .Values.frontend.initContainers }} - initContainers: {{- include "common.tplvalues.render" (dict "value" .Values.frontend.initContainers "context" $) | nindent 8 }} - {{- end }} - containers: - - name: nginx - image: {{ include "kubeapps.frontend.image" . }} - imagePullPolicy: {{ .Values.frontend.image.pullPolicy | quote }} - {{- if .Values.frontend.containerSecurityContext.enabled }} - securityContext: {{- include "common.compatibility.renderSecurityContext" (dict "secContext" .Values.frontend.containerSecurityContext "context" $) | nindent 12 }} - {{- end }} - {{- if .Values.diagnosticMode.enabled }} - command: {{- include "common.tplvalues.render" (dict "value" .Values.diagnosticMode.command "context" $) | nindent 12 }} - {{- else if .Values.frontend.command }} - command: {{- include "common.tplvalues.render" (dict "value" .Values.frontend.command "context" $) | nindent 12 }} - {{- end }} - {{- if .Values.diagnosticMode.enabled }} - args: {{- include "common.tplvalues.render" (dict "value" .Values.diagnosticMode.args "context" $) | nindent 12 }} - {{- else if .Values.frontend.args }} - args: {{- include "common.tplvalues.render" (dict "value" .Values.frontend.args "context" $) | nindent 12 }} - {{- end }} - {{- if .Values.frontend.lifecycleHooks }} - lifecycle: {{- include "common.tplvalues.render" (dict "value" .Values.frontend.lifecycleHooks "context" $) | nindent 12 }} - {{- end }} - env: - - name: BITNAMI_DEBUG - value: {{ ternary "true" "false" .Values.frontend.image.debug | quote }} - {{- if .Values.frontend.extraEnvVars }} - {{- include "common.tplvalues.render" (dict "value" .Values.frontend.extraEnvVars "context" $) | nindent 12 }} - {{- end }} - envFrom: - {{- if .Values.frontend.extraEnvVarsCM }} - - configMapRef: - name: {{ include "common.tplvalues.render" (dict "value" .Values.frontend.extraEnvVarsCM "context" $) }} - {{- end }} - {{- if .Values.frontend.extraEnvVarsSecret }} - - secretRef: - name: {{ include "common.tplvalues.render" (dict "value" .Values.frontend.extraEnvVarsSecret "context" $) }} - {{- end }} - ports: - - name: http - containerPort: {{ .Values.frontend.containerPorts.http }} - {{- if not .Values.diagnosticMode.enabled }} - {{- if .Values.frontend.customLivenessProbe }} - livenessProbe: {{- include "common.tplvalues.render" (dict "value" .Values.frontend.customLivenessProbe "context" $) | nindent 12 }} - {{- else if .Values.frontend.livenessProbe.enabled }} - livenessProbe: {{- include "common.tplvalues.render" (dict "value" (omit .Values.frontend.livenessProbe "enabled") "context" $) | nindent 12 }} - tcpSocket: - port: http - {{- end }} - {{- if .Values.frontend.customReadinessProbe }} - readinessProbe: {{- include "common.tplvalues.render" (dict "value" .Values.frontend.customReadinessProbe "context" $) | nindent 12 }} - {{- else if .Values.frontend.readinessProbe.enabled }} - readinessProbe: {{- include "common.tplvalues.render" (dict "value" (omit .Values.frontend.readinessProbe "enabled") "context" $) | nindent 12 }} - httpGet: - path: / - port: http - {{- end }} - {{- if .Values.frontend.customStartupProbe }} - startupProbe: {{- include "common.tplvalues.render" (dict "value" .Values.frontend.customStartupProbe "context" $) | nindent 12 }} - {{- else if .Values.frontend.startupProbe.enabled }} - startupProbe: {{- include "common.tplvalues.render" (dict "value" (omit .Values.frontend.startupProbe "enabled") "context" $) | nindent 12 }} - tcpSocket: - port: http - {{- end }} - {{- end }} - {{- if .Values.frontend.resources }} - resources: {{- toYaml .Values.frontend.resources | nindent 12 }} - {{- else if ne .Values.frontend.resourcesPreset "none" }} - resources: {{- include "common.resources.preset" (dict "type" .Values.frontend.resourcesPreset) | nindent 12 }} - {{- end }} - volumeMounts: - - name: empty-dir - mountPath: /tmp - subPath: tmp-dir - - name: empty-dir - mountPath: /opt/bitnami/nginx/tmp - subPath: app-tmp-dir - - name: empty-dir - mountPath: /opt/bitnami/nginx/logs - subPath: app-logs-dir - - name: vhost - mountPath: /opt/bitnami/nginx/conf/server_blocks - {{- if .Values.frontend.extraVolumeMounts }} - {{- include "common.tplvalues.render" (dict "value" .Values.frontend.extraVolumeMounts "context" $) | nindent 12 }} - {{- end }} - {{- if and .Values.authProxy.enabled (not .Values.authProxy.external) }} - - name: auth-proxy - image: {{ include "kubeapps.authProxy.image" . }} - imagePullPolicy: {{ .Values.authProxy.image.pullPolicy | quote }} - {{- if .Values.authProxy.containerSecurityContext.enabled }} - securityContext: {{- include "common.compatibility.renderSecurityContext" (dict "secContext" .Values.authProxy.containerSecurityContext "context" $) | nindent 12 }} - {{- end }} - {{- if .Values.authProxy.lifecycleHooks }} - lifecycle: {{- include "common.tplvalues.render" (dict "value" .Values.authProxy.lifecycleHooks "context" $) | nindent 12 }} - {{- end }} - {{- if .Values.diagnosticMode.enabled }} - command: {{- include "common.tplvalues.render" (dict "value" .Values.diagnosticMode.command "context" $) | nindent 12 }} - {{- else if .Values.authProxy.command }} - command: {{- include "common.tplvalues.render" (dict "value" .Values.authProxy.command "context" $) | nindent 12 }} - {{- end }} - {{- if .Values.diagnosticMode.enabled }} - args: {{- include "common.tplvalues.render" (dict "value" .Values.diagnosticMode.args "context" $) | nindent 12 }} - {{- else if .Values.authProxy.args }} - args: {{- include "common.tplvalues.render" (dict "value" .Values.authProxy.args "context" $) | nindent 12 }} - {{- else }} - args: - - --provider={{ required "You must fill \".Values.authProxy.provider\" with the provider. Valid values at https://oauth2-proxy.github.io/oauth2-proxy/docs/configuration/overview" .Values.authProxy.provider }} - - --upstream=http://localhost:{{ .Values.frontend.containerPorts.http }}/ - - --http-address=0.0.0.0:{{ .Values.authProxy.containerPorts.proxy }} - - --email-domain={{ .Values.authProxy.emailDomain }} - - --pass-basic-auth=false - - --pass-access-token=true - - --pass-authorization-header=true - - --skip-auth-regex=^\/config\.json$ - - --skip-auth-regex=^\/site\.webmanifest$ - - --skip-auth-regex=^\/custom_style\.css$ - - --skip-auth-regex=^\/clr-ui.min\.css$ - - --skip-auth-regex=^\/clr-ui-dark.min\.css$ - - --skip-auth-regex=^\/custom_locale\.json$ - - --skip-auth-regex=^\/favicon.*\.png$ - - --skip-auth-regex=^\/favicon.*\.ico$ - - --skip-auth-regex=^\/android-chrome-.*\.png$ - - --skip-auth-regex=^\/static\/ - - --skip-auth-regex=^\/apis/core/plugins/v1alpha1/configured-plugins$ - - --skip-auth-regex=^\/apis/kubeappsapis.core.plugins.v1alpha1.PluginsService/GetConfiguredPlugins$ - - --skip-auth-regex=^\/$ - - --scope={{ .Values.authProxy.scope }} - - --cookie-refresh={{ .Values.authProxy.cookieRefresh }} - {{- range .Values.authProxy.extraFlags }} - - {{ . }} - {{- end }} - {{- end }} - env: - - name: OAUTH2_PROXY_CLIENT_ID - valueFrom: - secretKeyRef: - name: {{ template "kubeapps.oauth2_proxy-secret.name" . }} - key: clientID - - name: OAUTH2_PROXY_CLIENT_SECRET - valueFrom: - secretKeyRef: - name: {{ template "kubeapps.oauth2_proxy-secret.name" . }} - key: clientSecret - - name: OAUTH2_PROXY_COOKIE_SECRET - valueFrom: - secretKeyRef: - name: {{ template "kubeapps.oauth2_proxy-secret.name" . }} - key: cookieSecret - {{- if .Values.authProxy.extraEnvVars }} - {{- include "common.tplvalues.render" (dict "value" .Values.authProxy.extraEnvVars "context" $) | nindent 12 }} - {{- end }} - envFrom: - {{- if .Values.authProxy.extraEnvVarsCM }} - - configMapRef: - name: {{ include "common.tplvalues.render" (dict "value" .Values.authProxy.extraEnvVarsCM "context" $) }} - {{- end }} - {{- if .Values.authProxy.extraEnvVarsSecret }} - - secretRef: - name: {{ include "common.tplvalues.render" (dict "value" .Values.authProxy.extraEnvVarsSecret "context" $) }} - {{- end }} - ports: - - name: proxy - containerPort: {{ .Values.authProxy.containerPorts.proxy }} - {{- if .Values.authProxy.resources }} - resources: {{- toYaml .Values.authProxy.resources | nindent 12 }} - {{- else if ne .Values.authProxy.resourcesPreset "none" }} - resources: {{- include "common.resources.preset" (dict "type" .Values.authProxy.resourcesPreset) | nindent 12 }} - {{- end }} - volumeMounts: - - name: empty-dir - mountPath: /tmp - subPath: tmp-dir - {{- if .Values.authProxy.extraVolumeMounts }} - {{- include "common.tplvalues.render" (dict "value" .Values.authProxy.extraVolumeMounts "context" $) | nindent 12 }} - {{- end }} - {{- end }} - {{- if and (gt (len .Values.clusters) 1) (not .Values.authProxy.enabled) }} - {{ fail "clusters can be configured only when using an auth proxy for cluster oidc authentication." }} - {{- end }} - {{- if .Values.pinnipedProxy.enabled }} - - name: pinniped-proxy - image: {{ include "kubeapps.pinnipedProxy.image" . }} - imagePullPolicy: {{ .Values.pinnipedProxy.image.pullPolicy | quote }} - {{- if .Values.pinnipedProxy.containerSecurityContext.enabled }} - securityContext: {{- include "common.compatibility.renderSecurityContext" (dict "secContext" .Values.pinnipedProxy.containerSecurityContext "context" $) | nindent 12 }} - {{- end }} - {{- if .Values.diagnosticMode.enabled }} - command: {{- include "common.tplvalues.render" (dict "value" .Values.diagnosticMode.command "context" $) | nindent 12 }} - {{- else if .Values.pinnipedProxy.command }} - command: {{- include "common.tplvalues.render" (dict "value" .Values.pinnipedProxy.command "context" $) | nindent 12 }} - {{- else }} - command: - - pinniped-proxy - {{- if .Values.pinnipedProxy.tls.existingSecret }} - - --proxy-tls-cert=/etc/pinniped-tls/tls.crt - - --proxy-tls-cert-key=/etc/pinniped-tls/tls.key - {{- end }} - {{- end }} - {{- if .Values.diagnosticMode.enabled }} - args: {{- include "common.tplvalues.render" (dict "value" .Values.diagnosticMode.args "context" $) | nindent 12 }} - {{- else if .Values.pinnipedProxy.args }} - args: {{- include "common.tplvalues.render" (dict "value" .Values.pinnipedProxy.args "context" $) | nindent 12 }} - {{- end }} - {{- if .Values.pinnipedProxy.lifecycleHooks }} - lifecycle: {{- include "common.tplvalues.render" (dict "value" .Values.pinnipedProxy.lifecycleHooks "context" $) | nindent 12 }} - {{- end }} - env: - - name: DEFAULT_PINNIPED_NAMESPACE - value: {{ .Values.pinnipedProxy.defaultPinnipedNamespace | quote }} - - name: DEFAULT_PINNIPED_AUTHENTICATOR_TYPE - value: {{ .Values.pinnipedProxy.defaultAuthenticatorType | quote }} - - name: DEFAULT_PINNIPED_AUTHENTICATOR_NAME - value: {{ .Values.pinnipedProxy.defaultAuthenticatorName | quote }} - - name: DEFAULT_PINNIPED_API_SUFFIX - value: {{ .Values.pinnipedProxy.defaultPinnipedAPISuffix | quote }} - - name: RUST_LOG - # Use info,pinniped_proxy::pinniped=debug for module control. - value: info - {{- if .Values.pinnipedProxy.extraEnvVars }} - {{- include "common.tplvalues.render" (dict "value" .Values.pinnipedProxy.extraEnvVars "context" $) | nindent 12 }} - {{- end }} - envFrom: - {{- if .Values.pinnipedProxy.extraEnvVarsCM }} - - configMapRef: - name: {{ include "common.tplvalues.render" (dict "value" .Values.pinnipedProxy.extraEnvVarsCM "context" $) }} - {{- end }} - {{- if .Values.pinnipedProxy.extraEnvVarsSecret }} - - secretRef: - name: {{ include "common.tplvalues.render" (dict "value" .Values.pinnipedProxy.extraEnvVarsSecret "context" $) }} - {{- end }} - ports: - - name: pinniped-proxy - containerPort: {{ .Values.pinnipedProxy.containerPorts.pinnipedProxy }} - {{- if .Values.pinnipedProxy.resources }} - resources: {{- toYaml .Values.pinnipedProxy.resources | nindent 12 }} - {{- else if ne .Values.pinnipedProxy.resourcesPreset "none" }} - resources: {{- include "common.resources.preset" (dict "type" .Values.pinnipedProxy.resourcesPreset) | nindent 12 }} - {{- end }} - volumeMounts: - - name: empty-dir - mountPath: /tmp - subPath: tmp-dir - {{- if .Values.pinnipedProxy.tls.existingSecret }} - - name: pinniped-tls-secret - mountPath: "/etc/pinniped-tls" - readOnly: true - {{- end }} - {{- if .Values.pinnipedProxy.extraVolumeMounts }} - {{- include "common.tplvalues.render" (dict "value" .Values.pinnipedProxy.extraVolumeMounts "context" $) | nindent 12 }} - {{- end }} - {{- end }} - {{- if .Values.frontend.sidecars }} - {{- include "common.tplvalues.render" (dict "value" .Values.frontend.sidecars "context" $) | nindent 8 }} - {{- end }} - volumes: - - name: empty-dir - emptyDir: {} - - name: vhost - configMap: - name: {{ template "kubeapps.frontend-config.fullname" . }} - {{- if .Values.pinnipedProxy.tls.existingSecret }} - - name: pinniped-tls-secret - secret: - secretName: {{ .Values.pinnipedProxy.tls.existingSecret }} - {{- end }} - {{- if .Values.frontend.extraVolumes }} - {{- include "common.tplvalues.render" (dict "value" .Values.frontend.extraVolumes "context" $) | nindent 8 }} - {{- end }} diff --git a/packages/system/dashboard/charts/kubeapps/templates/frontend/networkpolicy.yaml b/packages/system/dashboard/charts/kubeapps/templates/frontend/networkpolicy.yaml deleted file mode 100644 index ac55f482..00000000 --- a/packages/system/dashboard/charts/kubeapps/templates/frontend/networkpolicy.yaml +++ /dev/null @@ -1,77 +0,0 @@ -{{- /* -Copyright Broadcom, Inc. All Rights Reserved. -SPDX-License-Identifier: APACHE-2.0 -*/}} - -{{- if .Values.frontend.networkPolicy.enabled }} -kind: NetworkPolicy -apiVersion: {{ include "common.capabilities.networkPolicy.apiVersion" . }} -metadata: - name: {{ include "common.names.fullname" . }} - namespace: {{ include "common.names.namespace" . | quote }} - {{- $versionLabel := dict "app.kubernetes.io/version" ( include "common.images.version" ( dict "imageRoot" .Values.frontend.image "chart" .Chart ) ) }} - {{- $labels := include "common.tplvalues.merge" ( dict "values" ( list .Values.commonLabels $versionLabel ) "context" . ) }} - labels: {{- include "common.labels.standard" ( dict "customLabels" $labels "context" $ ) | nindent 4 }} - app.kubernetes.io/component: frontend - {{- if .Values.commonAnnotations }} - annotations: {{- include "common.tplvalues.render" ( dict "value" .Values.commonAnnotations "context" $ ) | nindent 4 }} - {{- end }} -spec: - policyTypes: - - Ingress - - Egress - {{- $podLabels := include "common.tplvalues.merge" ( dict "values" ( list .Values.frontend.podLabels .Values.commonLabels $versionLabel ) "context" . ) }} - podSelector: - matchLabels: {{- include "common.labels.matchLabels" ( dict "customLabels" $podLabels "context" $ ) | nindent 6 }} - app.kubernetes.io/component: frontend - {{- if .Values.frontend.networkPolicy.allowExternalEgress }} - egress: - - {} - {{- else }} - egress: - # Allow dns resolution - - ports: - - port: 53 - protocol: UDP - - port: 53 - protocol: TCP - {{- range $port := .Values.frontend.networkPolicy.kubeAPIServerPorts }} - - port: {{ $port }} - {{- end }} - {{- if .Values.frontend.networkPolicy.extraEgress }} - {{- include "common.tplvalues.render" ( dict "value" .Values.frontend.networkPolicy.extraEgress "context" $ ) | nindent 4 }} - {{- end }} - {{- end }} - ingress: - # Allow inbound connections - - ports: - - port: {{ .Values.frontend.containerPorts.http }} - {{- if and .Values.authProxy.enabled (not .Values.authProxy.external) }} - - port: {{ .Values.authProxy.containerPorts.proxy }} - {{- end }} - {{- if .Values.pinnipedProxy.enabled }} - - port: {{ .Values.pinnipedProxy.containerPorts.pinnipedProxy }} - {{- end }} - {{- if not .Values.frontend.networkPolicy.allowExternal }} - from: - - podSelector: - matchLabels: {{- include "common.labels.matchLabels" ( dict "customLabels" .Values.commonLabels "context" $ ) | nindent 14 }} - {{- if .Values.frontend.networkPolicy.ingressNSMatchLabels }} - - namespaceSelector: - matchLabels: - {{- range $key, $value := .Values.frontend.networkPolicy.ingressNSMatchLabels }} - {{ $key | quote }}: {{ $value | quote }} - {{- end }} - {{- if .Values.frontend.networkPolicy.ingressNSPodMatchLabels }} - podSelector: - matchLabels: - {{- range $key, $value := .Values.frontend.networkPolicy.ingressNSPodMatchLabels }} - {{ $key | quote }}: {{ $value | quote }} - {{- end }} - {{- end }} - {{- end }} - {{- end }} - {{- if .Values.frontend.networkPolicy.extraIngress }} - {{- include "common.tplvalues.render" ( dict "value" .Values.frontend.networkPolicy.extraIngress "context" $ ) | nindent 4 }} - {{- end }} -{{- end }} diff --git a/packages/system/dashboard/charts/kubeapps/templates/frontend/oauth2-secret.yaml b/packages/system/dashboard/charts/kubeapps/templates/frontend/oauth2-secret.yaml deleted file mode 100644 index e83afd5d..00000000 --- a/packages/system/dashboard/charts/kubeapps/templates/frontend/oauth2-secret.yaml +++ /dev/null @@ -1,23 +0,0 @@ -{{- /* -Copyright Broadcom, Inc. All Rights Reserved. -SPDX-License-Identifier: APACHE-2.0 -*/}} - -{{- if and .Values.authProxy.enabled (not .Values.authProxy.external) (not .Values.authProxy.existingOauth2Secret) }} -apiVersion: v1 -kind: Secret -metadata: - name: {{ template "kubeapps.oauth2_proxy-secret.name" . }} - namespace: {{ include "common.names.namespace" . | quote }} - {{- $versionLabel := dict "app.kubernetes.io/version" ( include "common.images.version" ( dict "imageRoot" .Values.frontend.image "chart" .Chart ) ) }} - {{- $labels := include "common.tplvalues.merge" ( dict "values" ( list .Values.commonLabels $versionLabel ) "context" . ) }} - labels: {{- include "common.labels.standard" ( dict "customLabels" $labels "context" $ ) | nindent 4 }} - app.kubernetes.io/component: frontend - {{- if .Values.commonAnnotations }} - annotations: {{- include "common.tplvalues.render" ( dict "value" .Values.commonAnnotations "context" $ ) | nindent 4 }} - {{- end }} -data: - clientID: {{ required "You must fill \".Values.authProxy.clientID\" with the Client ID of the provider" .Values.authProxy.clientID | b64enc }} - clientSecret: {{ required "You must fill \".Values.authProxy.clientSecret\" with the Client Secret of the provider" .Values.authProxy.clientSecret | b64enc }} - cookieSecret: {{ required "You must fill \".Values.authProxy.cookieSecret\". More info at https://oauth2-proxy.github.io/oauth2-proxy/docs/configuration/overview/#generating-a-cookie-secret" .Values.authProxy.cookieSecret | b64enc }} -{{- end }} diff --git a/packages/system/dashboard/charts/kubeapps/templates/frontend/pdb.yaml b/packages/system/dashboard/charts/kubeapps/templates/frontend/pdb.yaml deleted file mode 100644 index 3e9a8ec2..00000000 --- a/packages/system/dashboard/charts/kubeapps/templates/frontend/pdb.yaml +++ /dev/null @@ -1,30 +0,0 @@ -{{- /* -Copyright Broadcom, Inc. All Rights Reserved. -SPDX-License-Identifier: APACHE-2.0 -*/}} - -{{- if .Values.frontend.pdb.create }} -apiVersion: {{ include "common.capabilities.policy.apiVersion" . }} -kind: PodDisruptionBudget -metadata: - name: {{ template "common.names.fullname" . }} - namespace: {{ include "common.names.namespace" . | quote }} - {{- $versionLabel := dict "app.kubernetes.io/version" ( include "common.images.version" ( dict "imageRoot" .Values.frontend.image "chart" .Chart ) ) }} - {{- $labels := include "common.tplvalues.merge" ( dict "values" ( list .Values.commonLabels $versionLabel ) "context" . ) }} - labels: {{- include "common.labels.standard" ( dict "customLabels" $labels "context" $ ) | nindent 4 }} - app.kubernetes.io/component: frontend - {{- if .Values.commonAnnotations }} - annotations: {{- include "common.tplvalues.render" ( dict "value" .Values.commonAnnotations "context" $ ) | nindent 4 }} - {{- end }} -spec: - {{- if .Values.frontend.pdb.minAvailable }} - minAvailable: {{ .Values.frontend.pdb.minAvailable }} - {{- end }} - {{- if or .Values.frontend.pdb.maxUnavailable ( not .Values.frontend.pdb.minAvailable ) }} - maxUnavailable: {{ .Values.frontend.pdb.maxUnavailable | default 1 }} - {{- end }} - {{- $podLabels := include "common.tplvalues.merge" ( dict "values" ( list .Values.frontend.podLabels .Values.commonLabels $versionLabel ) "context" . ) }} - selector: - matchLabels: {{- include "common.labels.matchLabels" ( dict "customLabels" $podLabels "context" $ ) | nindent 6 }} - app.kubernetes.io/component: frontend -{{- end }} diff --git a/packages/system/dashboard/charts/kubeapps/templates/frontend/service.yaml b/packages/system/dashboard/charts/kubeapps/templates/frontend/service.yaml deleted file mode 100644 index a4ccdccb..00000000 --- a/packages/system/dashboard/charts/kubeapps/templates/frontend/service.yaml +++ /dev/null @@ -1,84 +0,0 @@ -{{- /* -Copyright Broadcom, Inc. All Rights Reserved. -SPDX-License-Identifier: APACHE-2.0 -*/}} - -apiVersion: v1 -kind: Service -metadata: - name: {{ template "common.names.fullname" . }} - namespace: {{ include "common.names.namespace" . | quote }} - {{- $versionLabel := dict "app.kubernetes.io/version" ( include "common.images.version" ( dict "imageRoot" .Values.frontend.image "chart" .Chart ) ) }} - {{- $labels := include "common.tplvalues.merge" ( dict "values" ( list .Values.commonLabels $versionLabel ) "context" . ) }} - labels: {{- include "common.labels.standard" ( dict "customLabels" $labels "context" $ ) | nindent 4 }} - app.kubernetes.io/component: frontend - {{- if or .Values.frontend.service.annotations .Values.commonAnnotations }} - {{- $annotations := include "common.tplvalues.merge" ( dict "values" ( list .Values.frontend.service.annotations .Values.commonAnnotations ) "context" . ) }} - annotations: {{- include "common.tplvalues.render" ( dict "value" $annotations "context" $) | nindent 4 }} - {{- end }} -spec: - type: {{ .Values.frontend.service.type }} - {{- if and .Values.frontend.service.clusterIP (eq .Values.frontend.service.type "ClusterIP") }} - clusterIP: {{ .Values.frontend.service.clusterIP }} - {{- end }} - {{- if or (eq .Values.frontend.service.type "LoadBalancer") (eq .Values.frontend.service.type "NodePort") }} - externalTrafficPolicy: {{ .Values.frontend.service.externalTrafficPolicy | quote }} - {{- end }} - {{- if and (eq .Values.frontend.service.type "LoadBalancer") .Values.frontend.service.loadBalancerSourceRanges }} - loadBalancerSourceRanges: {{- toYaml .Values.frontend.service.loadBalancerSourceRanges | nindent 4 }} - {{- end }} - {{- if and (eq .Values.frontend.service.type "LoadBalancer") (not (empty .Values.frontend.service.loadBalancerIP)) }} - loadBalancerIP: {{ .Values.frontend.service.loadBalancerIP }} - {{- end }} - {{- if .Values.frontend.service.sessionAffinity }} - sessionAffinity: {{ .Values.frontend.service.sessionAffinity }} - {{- end }} - {{- if .Values.frontend.service.sessionAffinityConfig }} - sessionAffinityConfig: {{- include "common.tplvalues.render" (dict "value" .Values.frontend.service.sessionAffinityConfig "context" $) | nindent 4 }} - {{- end }} - ports: - - name: http - port: {{ .Values.frontend.service.ports.http }} - protocol: TCP - {{- if and .Values.authProxy.enabled (not .Values.authProxy.external) }} - targetPort: proxy - {{- else }} - targetPort: http - {{- end }} - {{- if and (or (eq .Values.frontend.service.type "NodePort") (eq .Values.frontend.service.type "LoadBalancer")) (not (empty .Values.frontend.service.nodePorts.http)) }} - nodePort: {{ .Values.frontend.service.nodePorts.http }} - {{- else if eq .Values.frontend.service.type "ClusterIP" }} - nodePort: null - {{- end }} - {{- if .Values.frontend.service.extraPorts }} - {{- include "common.tplvalues.render" (dict "value" .Values.frontend.service.extraPorts "context" $) | nindent 4 }} - {{- end }} - {{- $podLabels := include "common.tplvalues.merge" ( dict "values" ( list .Values.frontend.podLabels .Values.commonLabels ) "context" . ) }} - selector: {{- include "common.labels.matchLabels" ( dict "customLabels" $podLabels "context" $ ) | nindent 4 }} - app.kubernetes.io/component: frontend -{{- if .Values.pinnipedProxy.enabled }} ---- -# Include an additional ClusterIP service for the pinniped-proxy as some configurations -# require the normal frontend service to use NodePort. -apiVersion: v1 -kind: Service -metadata: - name: {{ template "kubeapps.pinniped-proxy.fullname" . }} - namespace: {{ include "common.names.namespace" . | quote }} - labels: {{- include "common.labels.standard" ( dict "customLabels" .Values.commonLabels "context" $ ) | nindent 4 }} - app.kubernetes.io/component: frontend - {{- if or .Values.pinnipedProxy.service.annotations .Values.commonAnnotations }} - {{- $annotations := include "common.tplvalues.merge" ( dict "values" ( list .Values.pinnipedProxy.service.annotations .Values.commonAnnotations ) "context" . ) }} - annotations: {{- include "common.tplvalues.render" ( dict "value" $annotations "context" $) | nindent 4 }} - {{- end }} -spec: - type: ClusterIP - ports: - - port: {{ .Values.pinnipedProxy.service.ports.pinnipedProxy }} - targetPort: pinniped-proxy - protocol: TCP - name: pinniped-proxy - {{- $podLabels := include "common.tplvalues.merge" ( dict "values" ( list .Values.frontend.podLabels .Values.commonLabels ) "context" . ) }} - selector: {{- include "common.labels.matchLabels" ( dict "customLabels" $podLabels "context" $ ) | nindent 4 }} - app.kubernetes.io/component: frontend -{{- end }} diff --git a/packages/system/dashboard/charts/kubeapps/templates/ingress-api.yaml b/packages/system/dashboard/charts/kubeapps/templates/ingress-api.yaml deleted file mode 100644 index 58f38446..00000000 --- a/packages/system/dashboard/charts/kubeapps/templates/ingress-api.yaml +++ /dev/null @@ -1,115 +0,0 @@ -{{- /* -Copyright Broadcom, Inc. All Rights Reserved. -SPDX-License-Identifier: APACHE-2.0 -*/}} - -{{- if and .Values.featureFlags.apiOnly.enabled (not .Values.ingress.enabled) -}} - {{ fail "Ingress must be enabled for the API mode to work. Please set \"ingress.enabled\" to true." }} -{{- end -}} -{{- if and .Values.ingress.enabled .Values.featureFlags.apiOnly.enabled -}} -{{- if and .Values.dashboard.enabled -}} - {{ fail "Dashboard is enabled but will NOT work with Ingress in API mode. Please set \"dashboard.enabled\" to false." }} -{{- end -}} ---- -apiVersion: {{ include "common.capabilities.ingress.apiVersion" . }} -kind: Ingress -metadata: - name: {{ template "common.names.fullname" . }}-http-api - namespace: {{ include "common.names.namespace" . | quote }} - labels: {{- include "common.labels.standard" ( dict "customLabels" .Values.commonLabels "context" $ ) | nindent 4 }} - {{- if or .Values.ingress.annotations .Values.commonAnnotations }} - {{- $annotations := include "common.tplvalues.merge" ( dict "values" ( list .Values.ingress.annotations .Values.commonAnnotations ) "context" . ) }} - annotations: {{- include "common.tplvalues.render" ( dict "value" $annotations "context" $) | nindent 4 }} - {{- end }} -spec: - {{- if and .Values.ingress.ingressClassName (eq "true" (include "common.ingress.supportsIngressClassname" .)) }} - ingressClassName: {{ .Values.ingress.ingressClassName | quote }} - {{- end }} - rules: - {{- if .Values.ingress.hostname }} - - host: {{ .Values.ingress.hostname }} - http: - paths: - {{- if .Values.ingress.extraPaths }} - {{- toYaml .Values.ingress.extraPaths | nindent 10 }} - {{- end }} - - path: /apis - {{- if eq "true" (include "common.ingress.supportsPathType" $) }} - pathType: {{ $.Values.ingress.pathType }} - {{- end }} - backend: {{- include "common.ingress.backend" (dict "serviceName" (include "common.names.fullname" $) "servicePort" "http" "context" $) | nindent 14 }} - {{- if and .Values.ingress.path (ne (quote (trim .Values.ingress.path)) (quote "/")) }} - - path: {{ .Values.ingress.path }} - {{- if eq "true" (include "common.ingress.supportsPathType" $) }} - pathType: {{ $.Values.ingress.pathType }} - {{- end }} - backend: {{- include "common.ingress.backend" (dict "serviceName" (include "common.names.fullname" $) "servicePort" "http" "context" $) | nindent 14 }} - {{- end -}} - {{- end }} - {{- range .Values.ingress.extraHosts }} - - host: {{ .name }} - http: - paths: - - path: {{ default "/" .path }} - {{- if eq "true" (include "common.ingress.supportsPathType" $) }} - pathType: {{ $.Values.ingress.pathType }} - {{- end }} - backend: {{- include "common.ingress.backend" (dict "serviceName" (include "common.names.fullname" $) "servicePort" "http" "context" $) | nindent 14 }} - {{- end }} - {{- if .Values.ingress.extraRules }} - {{- include "common.tplvalues.render" (dict "value" .Values.ingress.extraRules "context" $) | nindent 4 }} - {{- end }} - {{- if or (and .Values.ingress.tls (or (include "common.ingress.certManagerRequest" ( dict "annotations" .Values.ingress.annotations )) .Values.ingress.selfSigned)) .Values.ingress.extraTls }} - tls: - {{- if and .Values.ingress.tls (or (include "common.ingress.certManagerRequest" ( dict "annotations" .Values.ingress.annotations )) .Values.ingress.selfSigned) }} - - hosts: - - {{ .Values.ingress.hostname | quote }} - secretName: {{ printf "%s-tls" .Values.ingress.hostname }} - {{- end }} - {{- if .Values.ingress.extraTls }} - {{- include "common.tplvalues.render" ( dict "value" .Values.ingress.extraTls "context" $ ) | nindent 4 }} - {{- end }} - {{- end }} ---- -apiVersion: {{ include "common.capabilities.ingress.apiVersion" . }} -kind: Ingress -metadata: - name: {{ template "common.names.fullname" . }} - namespace: {{ include "common.names.namespace" . | quote }} - labels: {{- include "common.labels.standard" ( dict "customLabels" .Values.commonLabels "context" $ ) | nindent 4 }} - {{- if or .Values.featureFlags.apiOnly.grpc.annotations .Values.ingress.annotations .Values.commonAnnotations }} - {{- $annotations := include "common.tplvalues.merge" ( dict "values" ( list .Values.featureFlags.apiOnly.grpc.annotations .Values.ingress.annotations .Values.commonAnnotations ) "context" . ) }} - annotations: {{- include "common.tplvalues.render" ( dict "value" $annotations "context" $) | nindent 4 }} - {{- end }} -spec: - {{- if and .Values.ingress.ingressClassName (eq "true" (include "common.ingress.supportsIngressClassname" .)) }} - ingressClassName: {{ .Values.ingress.ingressClassName | quote }} - {{- end }} - rules: - {{- if .Values.ingress.hostname }} - - host: {{ .Values.ingress.hostname }} - http: - paths: - - path: / - {{- if eq "true" (include "common.ingress.supportsPathType" $) }} - pathType: {{ $.Values.ingress.pathType }} - {{- end }} - backend: - service: - name: {{ template "kubeapps.kubeappsapis.fullname" . }} - port: - name: grpc-http - {{- end }} - {{- if or (and .Values.ingress.tls (or (include "common.ingress.certManagerRequest" ( dict "annotations" .Values.ingress.annotations )) .Values.ingress.selfSigned)) .Values.ingress.extraTls }} - tls: - {{- if and .Values.ingress.tls (or (include "common.ingress.certManagerRequest" ( dict "annotations" .Values.ingress.annotations )) .Values.ingress.selfSigned) }} - - hosts: - - {{ .Values.ingress.hostname | quote }} - secretName: {{ printf "%s-tls" .Values.ingress.hostname }} - {{- end }} - {{- if .Values.ingress.extraTls }} - {{- include "common.tplvalues.render" ( dict "value" .Values.ingress.extraTls "context" $ ) | nindent 4 }} - {{- end }} - {{- end }} ---- -{{- end }} diff --git a/packages/system/dashboard/charts/kubeapps/templates/ingress.yaml b/packages/system/dashboard/charts/kubeapps/templates/ingress.yaml deleted file mode 100644 index 0d55ea64..00000000 --- a/packages/system/dashboard/charts/kubeapps/templates/ingress.yaml +++ /dev/null @@ -1,59 +0,0 @@ -{{- /* -Copyright Broadcom, Inc. All Rights Reserved. -SPDX-License-Identifier: APACHE-2.0 -*/}} - -{{- if and .Values.ingress.enabled (not .Values.featureFlags.apiOnly.enabled) -}} -apiVersion: {{ include "common.capabilities.ingress.apiVersion" . }} -kind: Ingress -metadata: - name: {{ template "common.names.fullname" . }} - namespace: {{ include "common.names.namespace" . | quote }} - labels: {{- include "common.labels.standard" ( dict "customLabels" .Values.commonLabels "context" $ ) | nindent 4 }} - {{- if or .Values.ingress.annotations .Values.commonAnnotations }} - {{- $annotations := include "common.tplvalues.merge" ( dict "values" ( list .Values.ingress.annotations .Values.commonAnnotations ) "context" . ) }} - annotations: {{- include "common.tplvalues.render" ( dict "value" $annotations "context" $) | nindent 4 }} - {{- end }} -spec: - {{- if and .Values.ingress.ingressClassName (eq "true" (include "common.ingress.supportsIngressClassname" .)) }} - ingressClassName: {{ .Values.ingress.ingressClassName | quote }} - {{- end }} - rules: - {{- if .Values.ingress.hostname }} - - host: {{ .Values.ingress.hostname }} - http: - paths: - {{- if .Values.ingress.extraPaths }} - {{- toYaml .Values.ingress.extraPaths | nindent 10 }} - {{- end }} - - path: {{ .Values.ingress.path }} - {{- if eq "true" (include "common.ingress.supportsPathType" $) }} - pathType: {{ $.Values.ingress.pathType }} - {{- end }} - backend: {{- include "common.ingress.backend" (dict "serviceName" (include "common.names.fullname" $) "servicePort" "http" "context" $) | nindent 14 }} - {{- end }} - {{- range .Values.ingress.extraHosts }} - - host: {{ .name }} - http: - paths: - - path: {{ default "/" .path }} - {{- if eq "true" (include "common.ingress.supportsPathType" $) }} - pathType: {{ $.Values.ingress.pathType }} - {{- end }} - backend: {{- include "common.ingress.backend" (dict "serviceName" (include "common.names.fullname" $) "servicePort" "http" "context" $) | nindent 14 }} - {{- end }} - {{- if .Values.ingress.extraRules }} - {{- include "common.tplvalues.render" (dict "value" .Values.ingress.extraRules "context" $) | nindent 4 }} - {{- end }} - {{- if or (and .Values.ingress.tls (or (include "common.ingress.certManagerRequest" ( dict "annotations" .Values.ingress.annotations )) .Values.ingress.selfSigned)) .Values.ingress.extraTls }} - tls: - {{- if and .Values.ingress.tls (or (include "common.ingress.certManagerRequest" ( dict "annotations" .Values.ingress.annotations )) .Values.ingress.selfSigned) }} - - hosts: - - {{ .Values.ingress.hostname | quote }} - secretName: {{ printf "%s-tls" .Values.ingress.hostname }} - {{- end }} - {{- if .Values.ingress.extraTls }} - {{- include "common.tplvalues.render" ( dict "value" .Values.ingress.extraTls "context" $ ) | nindent 4 }} - {{- end }} - {{- end }} -{{- end }} diff --git a/packages/system/dashboard/charts/kubeapps/templates/kubeappsapis/configmap.yaml b/packages/system/dashboard/charts/kubeapps/templates/kubeappsapis/configmap.yaml deleted file mode 100644 index fae9f0cc..00000000 --- a/packages/system/dashboard/charts/kubeapps/templates/kubeappsapis/configmap.yaml +++ /dev/null @@ -1,21 +0,0 @@ -{{- /* -Copyright Broadcom, Inc. All Rights Reserved. -SPDX-License-Identifier: APACHE-2.0 -*/}} - -apiVersion: v1 -kind: ConfigMap -metadata: - name: {{ printf "%s-configmap" (include "kubeapps.kubeappsapis.fullname" .) }} - namespace: {{ include "common.names.namespace" . | quote }} - {{- $versionLabel := dict "app.kubernetes.io/version" ( include "common.images.version" ( dict "imageRoot" .Values.kubeappsapis.image "chart" .Chart ) ) }} - {{- $labels := include "common.tplvalues.merge" ( dict "values" ( list .Values.commonLabels $versionLabel ) "context" . ) }} - labels: {{- include "common.labels.standard" ( dict "customLabels" $labels "context" $ ) | nindent 4 }} - {{- if .Values.commonAnnotations }} - annotations: {{- include "common.tplvalues.render" ( dict "value" .Values.commonAnnotations "context" $ ) | nindent 4 }} - {{- end }} -data: - plugins.conf: |- -{{- if .Values.kubeappsapis.pluginConfig }} -{{ .Values.kubeappsapis.pluginConfig | toPrettyJson | indent 4 }} -{{- end }} diff --git a/packages/system/dashboard/charts/kubeapps/templates/kubeappsapis/deployment.yaml b/packages/system/dashboard/charts/kubeapps/templates/kubeappsapis/deployment.yaml deleted file mode 100644 index ea3b91e0..00000000 --- a/packages/system/dashboard/charts/kubeapps/templates/kubeappsapis/deployment.yaml +++ /dev/null @@ -1,348 +0,0 @@ -{{- /* -Copyright Broadcom, Inc. All Rights Reserved. -SPDX-License-Identifier: APACHE-2.0 -*/}} - -apiVersion: {{ include "common.capabilities.deployment.apiVersion" . }} -kind: Deployment -metadata: - name: {{ template "kubeapps.kubeappsapis.fullname" . }} - namespace: {{ include "common.names.namespace" . | quote }} - {{- $versionLabel := dict "app.kubernetes.io/version" ( include "common.images.version" ( dict "imageRoot" .Values.kubeappsapis.image "chart" .Chart ) ) }} - {{- $labels := include "common.tplvalues.merge" ( dict "values" ( list .Values.commonLabels $versionLabel ) "context" . ) }} - labels: {{- include "common.labels.standard" ( dict "customLabels" $labels "context" $ ) | nindent 4 }} - app.kubernetes.io/component: kubeappsapis - {{- if .Values.commonAnnotations }} - annotations: {{- include "common.tplvalues.render" ( dict "value" .Values.commonAnnotations "context" $ ) | nindent 4 }} - {{- end }} -spec: - replicas: {{ .Values.kubeappsapis.replicaCount }} - {{- if .Values.kubeappsapis.updateStrategy }} - strategy: {{- toYaml .Values.kubeappsapis.updateStrategy | nindent 4 }} - {{- end }} - {{- $podLabels := include "common.tplvalues.merge" ( dict "values" ( list .Values.kubeappsapis.podLabels .Values.commonLabels $versionLabel ) "context" . ) }} - selector: - matchLabels: {{- include "common.labels.matchLabels" ( dict "customLabels" $podLabels "context" $ ) | nindent 6 }} - app.kubernetes.io/component: kubeappsapis - template: - metadata: - {{- if .Values.kubeappsapis.podAnnotations }} - annotations: {{- include "common.tplvalues.render" (dict "value" .Values.kubeappsapis.podAnnotations "context" $) | nindent 8 }} - {{- end }} - labels: {{- include "common.labels.standard" ( dict "customLabels" $podLabels "context" $ ) | nindent 8 }} - app.kubernetes.io/component: kubeappsapis - spec: - {{- include "kubeapps.imagePullSecrets" . | nindent 6 }} - serviceAccountName: {{ template "kubeapps.kubeappsapis.serviceAccountName" . }} - automountServiceAccountToken: {{ .Values.kubeappsapis.automountServiceAccountToken }} - {{- if .Values.kubeappsapis.hostAliases }} - hostAliases: {{- include "common.tplvalues.render" (dict "value" .Values.kubeappsapis.hostAliases "context" $) | nindent 8 }} - {{- end }} - {{- if .Values.kubeappsapis.affinity }} - affinity: {{- include "common.tplvalues.render" (dict "value" .Values.kubeappsapis.affinity "context" $) | nindent 8 }} - {{- else }} - affinity: - podAffinity: {{- include "common.affinities.pods" (dict "type" .Values.kubeappsapis.podAffinityPreset "component" "kubeappsapis" "customLabels" $podLabels "context" $) | nindent 10 }} - podAntiAffinity: {{- include "common.affinities.pods" (dict "type" .Values.kubeappsapis.podAntiAffinityPreset "component" "kubeappsapis" "customLabels" $podLabels "context" $) | nindent 10 }} - nodeAffinity: {{- include "common.affinities.nodes" (dict "type" .Values.kubeappsapis.nodeAffinityPreset.type "key" .Values.kubeappsapis.nodeAffinityPreset.key "values" .Values.kubeappsapis.nodeAffinityPreset.values) | nindent 10 }} - {{- end }} - {{- if .Values.kubeappsapis.schedulerName }} - schedulerName: {{ .Values.kubeappsapis.schedulerName }} - {{- end }} - {{- if .Values.kubeappsapis.topologySpreadConstraints }} - topologySpreadConstraints: {{- include "common.tplvalues.render" (dict "value" .Values.kubeappsapis.topologySpreadConstraints "context" .) | nindent 8 }} - {{- end }} - {{- if .Values.kubeappsapis.nodeSelector }} - nodeSelector: {{- include "common.tplvalues.render" (dict "value" .Values.kubeappsapis.nodeSelector "context" $) | nindent 8 }} - {{- end }} - {{- if .Values.kubeappsapis.tolerations }} - tolerations: {{- include "common.tplvalues.render" (dict "value" .Values.kubeappsapis.tolerations "context" $) | nindent 8 }} - {{- end }} - {{- if .Values.kubeappsapis.priorityClassName }} - priorityClassName: {{ .Values.kubeappsapis.priorityClassName | quote }} - {{- end }} - {{- if .Values.kubeappsapis.podSecurityContext.enabled }} - securityContext: {{- include "common.compatibility.renderSecurityContext" (dict "secContext" .Values.kubeappsapis.podSecurityContext "context" $) | nindent 8 }} - {{- end }} - # Increase termination timeout to let remaining operations to finish before ending the pods - # This is because new releases/upgrades/deletions are synchronous operations - terminationGracePeriodSeconds: {{ .Values.kubeappsapis.terminationGracePeriodSeconds }} - {{- if .Values.kubeappsapis.initContainers }} - initContainers: {{- include "common.tplvalues.render" (dict "value" .Values.kubeappsapis.initContainers "context" $) | trim | nindent 8 }} - {{- end }} - containers: - - name: kubeappsapis - image: {{ include "kubeapps.kubeappsapis.image" . }} - imagePullPolicy: {{ .Values.kubeappsapis.image.pullPolicy | quote }} - {{- if .Values.kubeappsapis.containerSecurityContext.enabled }} - securityContext: {{- include "common.compatibility.renderSecurityContext" (dict "secContext" .Values.kubeappsapis.containerSecurityContext "context" $) | nindent 12 }} - {{- end }} - {{- if .Values.kubeappsapis.lifecycleHooks }} - lifecycle: {{- include "common.tplvalues.render" (dict "value" .Values.kubeappsapis.lifecycleHooks "context" $) | nindent 12 }} - {{- end }} - {{- if .Values.diagnosticMode.enabled }} - command: {{- include "common.tplvalues.render" (dict "value" .Values.diagnosticMode.command "context" $) | nindent 12 }} - {{- else if .Values.kubeappsapis.command }} - command: {{- include "common.tplvalues.render" (dict "value" .Values.kubeappsapis.command "context" $) | nindent 12 }} - {{- else }} - command: - - /kubeapps-apis - {{- end }} - {{- if .Values.diagnosticMode.enabled }} - args: {{- include "common.tplvalues.render" (dict "value" .Values.diagnosticMode.args "context" $) | nindent 12 }} - {{- else if .Values.kubeappsapis.args }} - args: {{- include "common.tplvalues.render" (dict "value" .Values.kubeappsapis.args "context" $) | nindent 12 }} - {{- else }} - args: - {{- $enabledPlugins := include "kubeapps.kubeappsapis.enabledPlugins" . | fromJsonArray }} - {{- range $enabledPlugins }} - - --plugin-dir - - /plugins/{{ . }} - {{- end }} - {{- if .Values.clusters }} - - --clusters-config-path=/config/clusters.conf - {{- end }} - {{- if .Values.kubeappsapis.pluginConfig }} - - --plugin-config-path=/config/kubeapps-apis/plugins.conf - {{- end }} - {{- if .Values.pinnipedProxy.enabled }} - - --pinniped-proxy-url={{ printf "http%s://%s.%s:%d" (eq .Values.pinnipedProxy.tls.caCertificate "" | ternary "" "s") (include "kubeapps.pinniped-proxy.fullname" .) .Release.Namespace (int .Values.pinnipedProxy.service.ports.pinnipedProxy) }} - {{- if .Values.pinnipedProxy.tls.caCertificate }} - - --pinniped-proxy-ca-cert=/etc/pinniped-proxy-tls/ca.crt - {{- end }} - {{- end }} - - --global-repos-namespace={{ include "kubeapps.helmGlobalPackagingNamespace" . }} - {{- if .Values.kubeappsapis.qps }} - - --kube-api-qps={{ .Values.kubeappsapis.qps }} - {{- end }} - {{- if .Values.kubeappsapis.burst }} - - --kube-api-burst={{ .Values.kubeappsapis.burst }} - {{- end }} - {{- range .Values.kubeappsapis.extraFlags }} - - {{ . }} - {{- end }} - {{- end }} - env: - - name: GOGC - value: "50" # default is 100. 50 means increasing x2 the frequency of GC - - name: PORT - value: {{ .Values.kubeappsapis.containerPorts.http | quote }} - {{- if .Values.packaging.flux.enabled }} - # REDIS-* vars are required by the plugins for caching functionality - # TODO (gfichtenolt) this as required by the kubeapps apis service (which will - # longer-term pass something to the plugins so that the plugins won't need to - # know these details). Currently they're used directly by the flux plugin - - name: REDIS_ADDR - value: {{ printf "%s-master.%s.svc:6379" (include "kubeapps.redis.fullname" .) .Release.Namespace }} - - name: REDIS_PASSWORD - valueFrom: - secretKeyRef: - key: redis-password - name: {{ include "kubeapps.redis.secretName" . }} - - name: REDIS_DB - value: "0" - {{- end }} - # TODO(agamez): pass this configuration using a separated config file - # These env vars are currently (and temporarily) required by the 'helm' plugin - {{- if .Values.packaging.helm.enabled }} - - name: POD_NAMESPACE - valueFrom: - fieldRef: - fieldPath: metadata.namespace - - name: ASSET_SYNCER_DB_URL - {{- if .Values.postgresql.enabled }} - value: {{ printf "%s-hl:%d" (include "kubeapps.postgresql.host" .) (int (include "kubeapps.postgresql.port" .)) }} - {{- else }} - value: {{ printf "%s:%d" (include "kubeapps.postgresql.host" .) (int (include "kubeapps.postgresql.port" .)) }} - {{- end }} - - name: ASSET_SYNCER_DB_NAME - value: {{ .Values.postgresql.auth.database | quote }} - - name: ASSET_SYNCER_DB_USERNAME - value: {{ .Values.postgresql.auth.username | quote }} - - name: ASSET_SYNCER_DB_USERPASSWORD - valueFrom: - secretKeyRef: - key: postgres-password - name: {{ include "kubeapps.postgresql.secretName" . }} - {{- if .Values.ociCatalog.enabled }} - - name: OCI_CATALOG_URL - value: {{ printf ":%d" (int .Values.ociCatalog.containerPorts.grpc) | quote }} - {{- end }} - {{- end }} - {{- if .Values.kubeappsapis.extraEnvVars }} - {{- include "common.tplvalues.render" (dict "value" .Values.kubeappsapis.extraEnvVars "context" $) | nindent 12 }} - {{- end }} - envFrom: - {{- if .Values.kubeappsapis.extraEnvVarsCM }} - - configMapRef: - name: {{ include "common.tplvalues.render" (dict "value" .Values.kubeappsapis.extraEnvVarsCM "context" $) }} - {{- end }} - {{- if .Values.kubeappsapis.extraEnvVarsSecret }} - - secretRef: - name: {{ include "common.tplvalues.render" (dict "value" .Values.kubeappsapis.extraEnvVarsSecret "context" $) }} - {{- end }} - ports: - - name: grpc-http - containerPort: {{ .Values.kubeappsapis.containerPorts.http }} - {{- if not .Values.diagnosticMode.enabled }} - {{- if .Values.kubeappsapis.customLivenessProbe }} - livenessProbe: {{- include "common.tplvalues.render" (dict "value" .Values.kubeappsapis.customLivenessProbe "context" $) | nindent 12 }} - {{- else if .Values.kubeappsapis.livenessProbe.enabled }} - livenessProbe: {{- include "common.tplvalues.render" (dict "value" (omit .Values.kubeappsapis.livenessProbe "enabled") "context" $) | nindent 12 }} - tcpSocket: - port: grpc-http - {{- end }} - {{- if .Values.kubeappsapis.customReadinessProbe }} - readinessProbe: {{- include "common.tplvalues.render" (dict "value" .Values.kubeappsapis.customReadinessProbe "context" $) | nindent 12 }} - {{- else if .Values.kubeappsapis.readinessProbe.enabled }} - readinessProbe: {{- include "common.tplvalues.render" (dict "value" (omit .Values.kubeappsapis.readinessProbe "enabled") "context" $) | nindent 12 }} - exec: - command: ["grpc_health_probe", "-addr=:{{ .Values.kubeappsapis.containerPorts.http }}"] - {{- end }} - {{- if .Values.kubeappsapis.customStartupProbe }} - startupProbe: {{- include "common.tplvalues.render" (dict "value" .Values.kubeappsapis.customStartupProbe "context" $) | nindent 12 }} - {{- else if .Values.kubeappsapis.startupProbe.enabled }} - startupProbe: {{- include "common.tplvalues.render" (dict "value" (omit .Values.kubeappsapis.startupProbe "enabled") "context" $) | nindent 12 }} - tcpSocket: - port: grpc-http - {{- end }} - {{- end }} - {{- if .Values.kubeappsapis.resources }} - resources: {{- toYaml .Values.kubeappsapis.resources | nindent 12 }} - {{- else if ne .Values.kubeappsapis.resourcesPreset "none" }} - resources: {{- include "common.resources.preset" (dict "type" .Values.kubeappsapis.resourcesPreset) | nindent 12 }} - {{- end }} - volumeMounts: - - name: empty-dir - mountPath: /tmp - subPath: tmp-dir - {{- if .Values.clusters }} - - name: clusters-config - mountPath: /config - - name: ca-certs - mountPath: /etc/additional-clusters-cafiles - {{- end }} - {{- if .Values.kubeappsapis.pluginConfig }} - - name: plugins-config - mountPath: /config/kubeapps-apis - {{- end }} - {{- if .Values.pinnipedProxy.tls.caCertificate }} - - name: pinniped-proxy-ca-cert - mountPath: /etc/pinniped-proxy-tls - {{- end }} - {{- if .Values.kubeappsapis.extraVolumeMounts }} - {{- include "common.tplvalues.render" (dict "value" .Values.kubeappsapis.extraVolumeMounts "context" $) | nindent 12 }} - {{- end }} - {{- if .Values.ociCatalog.enabled }} - - name: oci-catalog - image: {{ include "kubeapps.ociCatalog.image" . }} - imagePullPolicy: {{ .Values.ociCatalog.image.pullPolicy | quote }} - {{- if .Values.ociCatalog.containerSecurityContext.enabled }} - securityContext: {{- include "common.compatibility.renderSecurityContext" (dict "secContext" .Values.ociCatalog.containerSecurityContext "context" $) | nindent 12 }} - {{- end }} - {{- if .Values.kubeappsapis.lifecycleHooks }} - lifecycle: {{- include "common.tplvalues.render" (dict "value" .Values.kubeappsapis.lifecycleHooks "context" $) | nindent 12 }} - {{- end }} - {{- if .Values.diagnosticMode.enabled }} - command: {{- include "common.tplvalues.render" (dict "value" .Values.diagnosticMode.command "context" $) | nindent 12 }} - {{- else if .Values.ociCatalog.command }} - command: {{- include "common.tplvalues.render" (dict "value" .Values.ociCatalog.command "context" $) | nindent 12 }} - {{- else }} - command: - - /oci-catalog - {{- end }} - {{- if .Values.diagnosticMode.enabled }} - args: {{- include "common.tplvalues.render" (dict "value" .Values.diagnosticMode.args "context" $) | nindent 12 }} - {{- else if .Values.ociCatalog.args }} - args: {{- include "common.tplvalues.render" (dict "value" .Values.kubeappsapis.args "context" $) | nindent 12 }} - {{- else }} - args: - {{- range .Values.ociCatalog.extraFlags }} - - {{ . }} - {{- end }} - {{- end }} - env: - - name: OCI_CATALOG_PORT - value: {{ .Values.ociCatalog.containerPorts.grpc | quote }} - - name: RUST_LOG - # Use info,pinniped_proxy::pinniped=debug for module control. - value: info - {{- if .Values.ociCatalog.extraEnvVars }} - {{- include "common.tplvalues.render" (dict "value" .Values.ociCatalog.extraEnvVars "context" $) | nindent 12 }} - {{- end }} - {{- if or .Values.ociCatalog.extraEnvVarsCM .Values.ociCatalog.extraEnvVarsSecret }} - envFrom: - {{- if .Values.ociCatalog.extraEnvVarsCM }} - - configMapRef: - name: {{ include "common.tplvalues.render" (dict "value" .Values.ociCatalog.extraEnvVarsCM "context" $) }} - {{- end }} - {{- if .Values.ociCatalog.extraEnvVarsSecret }} - - secretRef: - name: {{ include "common.tplvalues.render" (dict "value" .Values.ociCatalog.extraEnvVarsSecret "context" $) }} - {{- end }} - {{- end }} - ports: - - name: grpc - containerPort: {{ .Values.ociCatalog.containerPorts.grpc }} - {{- if not .Values.diagnosticMode.enabled }} - {{- if .Values.ociCatalog.customLivenessProbe }} - livenessProbe: {{- include "common.tplvalues.render" (dict "value" .Values.ociCatalog.customLivenessProbe "context" $) | nindent 12 }} - {{- else if .Values.ociCatalog.livenessProbe.enabled }} - livenessProbe: {{- include "common.tplvalues.render" (dict "value" (omit .Values.kubeappsapis.livenessProbe "enabled") "context" $) | nindent 12 }} - tcpSocket: - port: grpc-http - {{- end }} - {{- if .Values.ociCatalog.customReadinessProbe }} - readinessProbe: {{- include "common.tplvalues.render" (dict "value" .Values.ociCatalog.customReadinessProbe "context" $) | nindent 12 }} - {{- else if .Values.ociCatalog.readinessProbe.enabled }} - readinessProbe: {{- include "common.tplvalues.render" (dict "value" (omit .Values.ociCatalog.readinessProbe "enabled") "context" $) | nindent 12 }} - exec: - command: ["grpc_health_probe", "-addr=:{{ .Values.ociCatalog.containerPorts.grpc }}"] - {{- end }} - {{- if .Values.ociCatalog.customStartupProbe }} - startupProbe: {{- include "common.tplvalues.render" (dict "value" .Values.ociCatalog.customStartupProbe "context" $) | nindent 12 }} - {{- else if .Values.ociCatalog.startupProbe.enabled }} - startupProbe: {{- include "common.tplvalues.render" (dict "value" (omit .Values.ociCatalog.startupProbe "enabled") "context" $) | nindent 12 }} - tcpSocket: - port: grpc-http - {{- end }} - {{- end }} - {{- if .Values.ociCatalog.resources }} - resources: {{- toYaml .Values.ociCatalog.resources | nindent 12 }} - {{- else if ne .Values.ociCatalog.resourcesPreset "none" }} - resources: {{- include "common.resources.preset" (dict "type" .Values.ociCatalog.resourcesPreset) | nindent 12 }} - {{- end }} - volumeMounts: - - name: empty-dir - mountPath: /tmp - subPath: tmp-dir - {{- if .Values.ociCatalog.extraVolumeMounts }} - {{- include "common.tplvalues.render" (dict "value" .Values.ociCatalog.extraVolumeMounts "context" $) | nindent 12 }} - {{- end }} - {{- end }} - {{- if .Values.kubeappsapis.sidecars }} - {{- include "common.tplvalues.render" (dict "value" .Values.kubeappsapis.sidecars "context" $) | trim | nindent 8 }} - {{- end }} - volumes: - - name: empty-dir - emptyDir: {} - {{- if .Values.clusters }} - - name: clusters-config - configMap: - name: {{ template "kubeapps.clusters-config.fullname" . }} - - name: ca-certs - emptyDir: {} - {{- end }} - {{- if .Values.kubeappsapis.pluginConfig }} - - name: plugins-config - configMap: - name: {{ template "kubeapps.kubeappsapis.fullname" . }}-configmap - {{- end }} - {{- if .Values.pinnipedProxy.tls.caCertificate }} - - name: pinniped-proxy-ca-cert - configMap: - name: {{ .Values.pinnipedProxy.tls.caCertificate }} - {{- end }} - {{- if .Values.kubeappsapis.extraVolumes }} - {{- include "common.tplvalues.render" (dict "value" .Values.kubeappsapis.extraVolumes "context" $) | nindent 8 }} - {{- end }} diff --git a/packages/system/dashboard/charts/kubeapps/templates/kubeappsapis/networkpolicy.yaml b/packages/system/dashboard/charts/kubeapps/templates/kubeappsapis/networkpolicy.yaml deleted file mode 100644 index 7ec6ff01..00000000 --- a/packages/system/dashboard/charts/kubeapps/templates/kubeappsapis/networkpolicy.yaml +++ /dev/null @@ -1,74 +0,0 @@ -{{- /* -Copyright Broadcom, Inc. All Rights Reserved. -SPDX-License-Identifier: APACHE-2.0 -*/}} - -{{- if .Values.kubeappsapis.networkPolicy.enabled }} -kind: NetworkPolicy -apiVersion: {{ include "common.capabilities.networkPolicy.apiVersion" . }} -metadata: - name: {{ template "kubeapps.kubeappsapis.fullname" . }} - namespace: {{ include "common.names.namespace" . | quote }} - {{- $versionLabel := dict "app.kubernetes.io/version" ( include "common.images.version" ( dict "imageRoot" .Values.kubeappsapis.image "chart" .Chart ) ) }} - {{- $labels := include "common.tplvalues.merge" ( dict "values" ( list .Values.commonLabels $versionLabel ) "context" . ) }} - labels: {{- include "common.labels.standard" ( dict "customLabels" $labels "context" $ ) | nindent 4 }} - app.kubernetes.io/component: kubeappsapis - {{- if .Values.commonAnnotations }} - annotations: {{- include "common.tplvalues.render" ( dict "value" .Values.commonAnnotations "context" $ ) | nindent 4 }} - {{- end }} -spec: - policyTypes: - - Ingress - - Egress - {{- $podLabels := include "common.tplvalues.merge" ( dict "values" ( list .Values.kubeappsapis.podLabels .Values.commonLabels $versionLabel ) "context" . ) }} - podSelector: - matchLabels: {{- include "common.labels.matchLabels" ( dict "customLabels" $podLabels "context" $ ) | nindent 6 }} - app.kubernetes.io/component: kubeappsapis - {{- if .Values.kubeappsapis.networkPolicy.allowExternalEgress }} - egress: - - {} - {{- else }} - egress: - # Allow dns resolution - - ports: - - port: 53 - protocol: UDP - - port: 53 - protocol: TCP - {{- range $port := .Values.kubeappsapis.networkPolicy.kubeAPIServerPorts }} - - port: {{ $port }} - {{- end }} - {{- if .Values.kubeappsapis.networkPolicy.extraEgress }} - {{- include "common.tplvalues.render" ( dict "value" .Values.kubeappsapis.networkPolicy.extraEgress "context" $ ) | nindent 4 }} - {{- end }} - {{- end }} - ingress: - # Allow inbound connections - - ports: - - port: {{ .Values.kubeappsapis.containerPorts.http }} - {{- if .Values.ociCatalog.enabled }} - - port: {{ .Values.ociCatalog.containerPorts.grpc }} - {{- end }} - {{- if not .Values.kubeappsapis.networkPolicy.allowExternal }} - from: - - podSelector: - matchLabels: {{- include "common.labels.matchLabels" ( dict "customLabels" .Values.commonLabels "context" $ ) | nindent 14 }} - {{- if .Values.kubeappsapis.networkPolicy.ingressNSMatchLabels }} - - namespaceSelector: - matchLabels: - {{- range $key, $value := .Values.kubeappsapis.networkPolicy.ingressNSMatchLabels }} - {{ $key | quote }}: {{ $value | quote }} - {{- end }} - {{- if .Values.kubeappsapis.networkPolicy.ingressNSPodMatchLabels }} - podSelector: - matchLabels: - {{- range $key, $value := .Values.kubeappsapis.networkPolicy.ingressNSPodMatchLabels }} - {{ $key | quote }}: {{ $value | quote }} - {{- end }} - {{- end }} - {{- end }} - {{- end }} - {{- if .Values.kubeappsapis.networkPolicy.extraIngress }} - {{- include "common.tplvalues.render" ( dict "value" .Values.kubeappsapis.networkPolicy.extraIngress "context" $ ) | nindent 4 }} - {{- end }} -{{- end }} diff --git a/packages/system/dashboard/charts/kubeapps/templates/kubeappsapis/pdb.yaml b/packages/system/dashboard/charts/kubeapps/templates/kubeappsapis/pdb.yaml deleted file mode 100644 index d5a27136..00000000 --- a/packages/system/dashboard/charts/kubeapps/templates/kubeappsapis/pdb.yaml +++ /dev/null @@ -1,30 +0,0 @@ -{{- /* -Copyright Broadcom, Inc. All Rights Reserved. -SPDX-License-Identifier: APACHE-2.0 -*/}} - -{{- if .Values.kubeappsapis.pdb.create }} -apiVersion: {{ include "common.capabilities.policy.apiVersion" . }} -kind: PodDisruptionBudget -metadata: - name: {{ template "kubeapps.kubeappsapis.fullname" . }} - namespace: {{ include "common.names.namespace" . | quote }} - {{- $versionLabel := dict "app.kubernetes.io/version" ( include "common.images.version" ( dict "imageRoot" .Values.kubeappsapis.image "chart" .Chart ) ) }} - {{- $labels := include "common.tplvalues.merge" ( dict "values" ( list .Values.commonLabels $versionLabel ) "context" . ) }} - labels: {{- include "common.labels.standard" ( dict "customLabels" $labels "context" $ ) | nindent 4 }} - app.kubernetes.io/component: kubeappsapis - {{- if .Values.commonAnnotations }} - annotations: {{- include "common.tplvalues.render" ( dict "value" .Values.commonAnnotations "context" $ ) | nindent 4 }} - {{- end }} -spec: - {{- if .Values.kubeappsapis.pdb.minAvailable }} - minAvailable: {{ .Values.kubeappsapis.pdb.minAvailable }} - {{- end }} - {{- if or .Values.kubeappsapis.pdb.maxUnavailable ( not .Values.kubeappsapis.pdb.minAvailable ) }} - maxUnavailable: {{ .Values.kubeappsapis.pdb.maxUnavailable | default 1 }} - {{- end }} - {{- $podLabels := include "common.tplvalues.merge" ( dict "values" ( list .Values.kubeappsapis.podLabels .Values.commonLabels $versionLabel ) "context" . ) }} - selector: - matchLabels: {{- include "common.labels.matchLabels" ( dict "customLabels" $podLabels "context" $ ) | nindent 6 }} - app.kubernetes.io/component: kubeappsapis -{{- end }} diff --git a/packages/system/dashboard/charts/kubeapps/templates/kubeappsapis/rbac.yaml b/packages/system/dashboard/charts/kubeapps/templates/kubeappsapis/rbac.yaml deleted file mode 100644 index ba04414d..00000000 --- a/packages/system/dashboard/charts/kubeapps/templates/kubeappsapis/rbac.yaml +++ /dev/null @@ -1,80 +0,0 @@ -{{- /* -Copyright Broadcom, Inc. All Rights Reserved. -SPDX-License-Identifier: APACHE-2.0 -*/}} - -{{- if .Values.rbac.create -}} -{{- $versionLabel := dict "app.kubernetes.io/version" ( include "common.images.version" ( dict "imageRoot" .Values.kubeappsapis.image "chart" .Chart ) ) }} -{{- $labels := include "common.tplvalues.merge" ( dict "values" ( list .Values.commonLabels $versionLabel ) "context" . ) }} -apiVersion: {{ include "common.capabilities.rbac.apiVersion" . }} -kind: ClusterRole -metadata: - name: {{ printf "kubeapps:%s:kubeappsapis-ns-discovery" .Release.Namespace | quote }} - labels: {{- include "common.labels.standard" ( dict "customLabels" $labels "context" $ ) | nindent 4 }} - app.kubernetes.io/component: kubeappsapis - {{- if .Values.commonAnnotations }} - annotations: {{- include "common.tplvalues.render" ( dict "value" .Values.commonAnnotations "context" $ ) | nindent 4 }} - {{- end }} -rules: - - apiGroups: - - "" - resources: - - namespaces - verbs: - - list ---- -apiVersion: {{ include "common.capabilities.rbac.apiVersion" . }} -kind: ClusterRoleBinding -metadata: - name: {{ printf "kubeapps:%s:kubeappsapis-ns-discovery" .Release.Namespace | quote }} - labels: {{- include "common.labels.standard" ( dict "customLabels" $labels "context" $ ) | nindent 4 }} - app.kubernetes.io/component: kubeappsapis - {{- if .Values.commonAnnotations }} - annotations: {{- include "common.tplvalues.render" ( dict "value" .Values.commonAnnotations "context" $ ) | nindent 4 }} - {{- end }} -roleRef: - apiGroup: rbac.authorization.k8s.io - kind: ClusterRole - name: {{ printf "kubeapps:%s:kubeappsapis-ns-discovery" .Release.Namespace | quote }} -subjects: - - kind: ServiceAccount - name: {{ template "kubeapps.kubeappsapis.serviceAccountName" . }} - namespace: {{ .Release.Namespace }} -{{- if $.Values.featureFlags.operators }} ---- -apiVersion: {{ include "common.capabilities.rbac.apiVersion" . }} -kind: ClusterRole -metadata: - name: {{ printf "kubeapps:%s:kubeappsapis-operators" .Release.Namespace | quote }} - labels: {{- include "common.labels.standard" ( dict "customLabels" $labels "context" $ ) | nindent 4 }} - app.kubernetes.io/component: kubeappsapis - {{- if .Values.commonAnnotations }} - annotations: {{- include "common.tplvalues.render" ( dict "value" .Values.commonAnnotations "context" $ ) | nindent 4 }} - {{- end }} -rules: - - apiGroups: - - packages.operators.coreos.com - resources: - - packagemanifests/icon - verbs: - - get ---- -apiVersion: {{ include "common.capabilities.rbac.apiVersion" . }} -kind: ClusterRoleBinding -metadata: - name: {{ printf "kubeapps:%s:kubeappsapis-operators" .Release.Namespace | quote }} - labels: {{- include "common.labels.standard" ( dict "customLabels" $labels "context" $ ) | nindent 4 }} - app.kubernetes.io/component: kubeappsapis - {{- if .Values.commonAnnotations }} - annotations: {{- include "common.tplvalues.render" ( dict "value" .Values.commonAnnotations "context" $ ) | nindent 4 }} - {{- end }} -roleRef: - apiGroup: rbac.authorization.k8s.io - kind: ClusterRole - name: {{ printf "kubeapps:%s:kubeappsapis-operators" .Release.Namespace | quote }} -subjects: - - kind: ServiceAccount - name: {{ template "kubeapps.kubeappsapis.serviceAccountName" . }} - namespace: {{ .Release.Namespace }} -{{- end -}} -{{- end -}} diff --git a/packages/system/dashboard/charts/kubeapps/templates/kubeappsapis/rbac_fluxv2.yaml b/packages/system/dashboard/charts/kubeapps/templates/kubeappsapis/rbac_fluxv2.yaml deleted file mode 100644 index 3fd418c1..00000000 --- a/packages/system/dashboard/charts/kubeapps/templates/kubeappsapis/rbac_fluxv2.yaml +++ /dev/null @@ -1,58 +0,0 @@ -{{- /* -Copyright Broadcom, Inc. All Rights Reserved. -SPDX-License-Identifier: APACHE-2.0 -*/}} - -{{- if .Values.packaging.flux.enabled }} -{{- $versionLabel := dict "app.kubernetes.io/version" ( include "common.images.version" ( dict "imageRoot" .Values.kubeappsapis.image "chart" .Chart ) ) }} -{{- $labels := include "common.tplvalues.merge" ( dict "values" ( list .Values.commonLabels $versionLabel ) "context" . ) }} -{{- if .Values.rbac.create -}} -apiVersion: {{ include "common.capabilities.rbac.apiVersion" . }} -kind: ClusterRole -metadata: - name: "kubeapps:controller:kubeapps-apis-fluxv2-plugin" - labels: {{- include "common.labels.standard" ( dict "customLabels" $labels "context" $ ) | nindent 4 }} - app.kubernetes.io/component: kubeappsapis - {{- if .Values.commonAnnotations }} - annotations: {{- include "common.tplvalues.render" ( dict "value" .Values.commonAnnotations "context" $ ) | nindent 4 }} - {{- end }} -rules: - - apiGroups: ["source.toolkit.fluxcd.io"] - resources: ["helmrepositories"] - verbs: ["get", "list", "watch"] - # needed by fluxv2 plug-in to check whether flux CRDs have been installed - - apiGroups: ["apiextensions.k8s.io"] - resources: ["customresourcedefinitions"] - verbs: ["get", "list"] - # Temp hack to avoid - # Failed to read secret for repo due to: rpc error: code = PermissionDenied desc = Forbidden - # to get the secret 'helm-podinfo' due to 'secrets "helm-podinfo" is forbidden: - # User "system:serviceaccount:kubeapps:kubeapps-internal-kubeappsapis" cannot get resource - # "secrets" in API group "" in the namespace "default"' - # see discussion in https://github.com/vmware-tanzu/kubeapps/pull/4932#issuecomment-1161243049 - - apiGroups: - - "" - resources: - - secrets - verbs: - - get ---- -apiVersion: {{ include "common.capabilities.rbac.apiVersion" . }} -kind: ClusterRoleBinding -metadata: - name: "kubeapps:controller:kubeapps-apis-fluxv2-plugin" - labels: {{- include "common.labels.standard" ( dict "customLabels" $labels "context" $ ) | nindent 4 }} - app.kubernetes.io/component: kubeappsapis - {{- if .Values.commonAnnotations }} - annotations: {{- include "common.tplvalues.render" ( dict "value" .Values.commonAnnotations "context" $ ) | nindent 4 }} - {{- end }} -roleRef: - apiGroup: rbac.authorization.k8s.io - kind: ClusterRole - name: "kubeapps:controller:kubeapps-apis-fluxv2-plugin" -subjects: - - kind: ServiceAccount - name: {{ template "kubeapps.kubeappsapis.serviceAccountName" . }} - namespace: {{ include "common.names.namespace" . | quote }} -{{- end }} -{{- end }} diff --git a/packages/system/dashboard/charts/kubeapps/templates/kubeappsapis/service.yaml b/packages/system/dashboard/charts/kubeapps/templates/kubeappsapis/service.yaml deleted file mode 100644 index 2f352e5c..00000000 --- a/packages/system/dashboard/charts/kubeapps/templates/kubeappsapis/service.yaml +++ /dev/null @@ -1,34 +0,0 @@ -{{- /* -Copyright Broadcom, Inc. All Rights Reserved. -SPDX-License-Identifier: APACHE-2.0 -*/}} - -apiVersion: v1 -kind: Service -metadata: - name: {{ template "kubeapps.kubeappsapis.fullname" . }} - namespace: {{ include "common.names.namespace" . | quote }} - {{- $versionLabel := dict "app.kubernetes.io/version" ( include "common.images.version" ( dict "imageRoot" .Values.kubeappsapis.image "chart" .Chart ) ) }} - {{- $labels := include "common.tplvalues.merge" ( dict "values" ( list .Values.commonLabels $versionLabel ) "context" . ) }} - labels: {{- include "common.labels.standard" ( dict "customLabels" $labels "context" $ ) | nindent 4 }} - app.kubernetes.io/component: kubeappsapis - {{- if or .Values.kubeappsapis.service.annotations .Values.commonAnnotations }} - {{- $annotations := include "common.tplvalues.merge" ( dict "values" ( list .Values.kubeappsapis.service.annotations .Values.commonAnnotations ) "context" . ) }} - annotations: {{- include "common.tplvalues.render" ( dict "value" $annotations "context" $) | nindent 4 }} - {{- end }} -spec: - type: ClusterIP - ports: - - port: {{ .Values.kubeappsapis.service.ports.http }} - targetPort: grpc-http - protocol: TCP - name: grpc-http - {{- $podLabels := include "common.tplvalues.merge" ( dict "values" ( list .Values.kubeappsapis.podLabels .Values.commonLabels ) "context" . ) }} - {{- if .Values.ociCatalog.enabled }} - - port: {{ .Values.ociCatalog.containerPorts.grpc }} - targetPort: grpc - protocol: TCP - name: grpc - {{- end }} - selector: {{- include "common.labels.matchLabels" ( dict "customLabels" $podLabels "context" $ ) | nindent 4 }} - app.kubernetes.io/component: kubeappsapis diff --git a/packages/system/dashboard/charts/kubeapps/templates/kubeappsapis/serviceaccount.yaml b/packages/system/dashboard/charts/kubeapps/templates/kubeappsapis/serviceaccount.yaml deleted file mode 100644 index b1bac4f8..00000000 --- a/packages/system/dashboard/charts/kubeapps/templates/kubeappsapis/serviceaccount.yaml +++ /dev/null @@ -1,21 +0,0 @@ -{{- /* -Copyright Broadcom, Inc. All Rights Reserved. -SPDX-License-Identifier: APACHE-2.0 -*/}} - -{{- if .Values.kubeappsapis.serviceAccount.create }} -apiVersion: v1 -kind: ServiceAccount -metadata: - name: {{ template "kubeapps.kubeappsapis.serviceAccountName" . }} - namespace: {{ include "common.names.namespace" . | quote }} - {{- $versionLabel := dict "app.kubernetes.io/version" ( include "common.images.version" ( dict "imageRoot" .Values.kubeappsapis.image "chart" .Chart ) ) }} - {{- $labels := include "common.tplvalues.merge" ( dict "values" ( list .Values.commonLabels $versionLabel ) "context" . ) }} - labels: {{- include "common.labels.standard" ( dict "customLabels" $labels "context" $ ) | nindent 4 }} - app.kubernetes.io/component: kubeappsapis - {{- if or .Values.kubeappsapis.serviceAccount.annotations .Values.commonAnnotations }} - {{- $annotations := include "common.tplvalues.merge" ( dict "values" ( list .Values.kubeappsapis.serviceAccount.annotations .Values.commonAnnotations ) "context" . ) }} - annotations: {{- include "common.tplvalues.render" ( dict "value" $annotations "context" $) | nindent 4 }} - {{- end }} -automountServiceAccountToken: {{ .Values.kubeappsapis.serviceAccount.automountServiceAccountToken }} -{{- end }} diff --git a/packages/system/dashboard/charts/kubeapps/templates/shared/config.yaml b/packages/system/dashboard/charts/kubeapps/templates/shared/config.yaml deleted file mode 100644 index 2fdaaa0c..00000000 --- a/packages/system/dashboard/charts/kubeapps/templates/shared/config.yaml +++ /dev/null @@ -1,19 +0,0 @@ -{{- /* -Copyright Broadcom, Inc. All Rights Reserved. -SPDX-License-Identifier: APACHE-2.0 -*/}} - -{{- if gt (len .Values.clusters) 0 }} -apiVersion: v1 -kind: ConfigMap -metadata: - name: {{ template "kubeapps.clusters-config.fullname" . }} - namespace: {{ include "common.names.namespace" . | quote }} - labels: {{- include "common.labels.standard" ( dict "customLabels" .Values.commonLabels "context" $ ) | nindent 4 }} - {{- if .Values.commonAnnotations }} - annotations: {{- include "common.tplvalues.render" ( dict "value" .Values.commonAnnotations "context" $ ) | nindent 4 }} - {{- end }} -data: - clusters.conf: |- -{{ .Values.clusters | toPrettyJson | indent 4 }} -{{- end }} diff --git a/packages/system/dashboard/charts/kubeapps/templates/shared/helm-global-repos-namespace.yaml b/packages/system/dashboard/charts/kubeapps/templates/shared/helm-global-repos-namespace.yaml deleted file mode 100644 index 7732d2c1..00000000 --- a/packages/system/dashboard/charts/kubeapps/templates/shared/helm-global-repos-namespace.yaml +++ /dev/null @@ -1,11 +0,0 @@ -{{- /* -Copyright Broadcom, Inc. All Rights Reserved. -SPDX-License-Identifier: APACHE-2.0 -*/}} - -{{- if or .Values.apprepository.globalReposNamespaceSuffix .Values.kubeappsapis.pluginConfig.helm.packages.v1alpha1.globalPackagingNamespace }} -apiVersion: v1 -kind: Namespace -metadata: - name: {{ include "kubeapps.helmGlobalPackagingNamespace" . | quote }} -{{- end }} diff --git a/packages/system/dashboard/charts/kubeapps/templates/tls-secrets.yaml b/packages/system/dashboard/charts/kubeapps/templates/tls-secrets.yaml deleted file mode 100644 index 7e37f4fa..00000000 --- a/packages/system/dashboard/charts/kubeapps/templates/tls-secrets.yaml +++ /dev/null @@ -1,44 +0,0 @@ -{{- /* -Copyright Broadcom, Inc. All Rights Reserved. -SPDX-License-Identifier: APACHE-2.0 -*/}} - -{{- if .Values.ingress.enabled }} -{{- if .Values.ingress.secrets }} -{{- range .Values.ingress.secrets }} -apiVersion: v1 -kind: Secret -metadata: - name: {{ .name }} - namespace: {{ $.Release.Namespace | quote }} - labels: {{- include "common.labels.standard" ( dict "customLabels" $.Values.commonLabels "context" $ ) | nindent 4 }} - {{- if $.Values.commonAnnotations }} - annotations: {{- include "common.tplvalues.render" ( dict "value" $.Values.commonAnnotations "context" $ ) | nindent 4 }} - {{- end }} -type: kubernetes.io/tls -data: - tls.crt: {{ .certificate | b64enc }} - tls.key: {{ .key | b64enc }} ---- -{{- end }} -{{- end }} -{{- if and .Values.ingress.tls .Values.ingress.selfSigned }} -{{- $secretName := printf "%s-tls" .Values.ingress.hostname }} -{{- $ca := genCA "kubeapps-ca" 365 }} -{{- $cert := genSignedCert .Values.ingress.hostname nil (list .Values.ingress.hostname) 365 $ca }} -apiVersion: v1 -kind: Secret -metadata: - name: {{ $secretName }} - namespace: {{ include "common.names.namespace" . | quote }} - labels: {{- include "common.labels.standard" ( dict "customLabels" .Values.commonLabels "context" $ ) | nindent 4 }} - {{- if .Values.commonAnnotations }} - annotations: {{- include "common.tplvalues.render" ( dict "value" .Values.commonAnnotations "context" $ ) | nindent 4 }} - {{- end }} -type: kubernetes.io/tls -data: - tls.crt: {{ include "common.secrets.lookup" (dict "secret" $secretName "key" "tls.crt" "defaultValue" $cert.Cert "context" $) }} - tls.key: {{ include "common.secrets.lookup" (dict "secret" $secretName "key" "tls.key" "defaultValue" $cert.Key "context" $) }} - ca.crt: {{ include "common.secrets.lookup" (dict "secret" $secretName "key" "ca.crt" "defaultValue" $ca.Cert "context" $) }} -{{- end }} -{{- end }} diff --git a/packages/system/dashboard/charts/kubeapps/values.schema.json b/packages/system/dashboard/charts/kubeapps/values.schema.json deleted file mode 100644 index 913528b8..00000000 --- a/packages/system/dashboard/charts/kubeapps/values.schema.json +++ /dev/null @@ -1,125 +0,0 @@ -{ - "$schema": "http://json-schema.org/schema#", - "type": "object", - "properties": { - "frontend": { - "type": "object", - "title": "Frontend configuration", - "form": true, - "properties": { - "replicaCount": { - "type": "integer", - "title": "Number of replicas", - "form": true - } - } - }, - "dashboard": { - "type": "object", - "title": "Dashboard configuration", - "form": true, - "properties": { - "replicaCount": { - "type": "integer", - "title": "Number of replicas", - "form": true - } - } - }, - "kubeappsapis": { - "type": "object", - "title": "kubeappsapis configuration", - "form": true, - "properties": { - "replicaCount": { - "type": "integer", - "title": "Number of replicas", - "form": true - } - } - }, - "ingress": { - "type": "object", - "form": true, - "title": "Ingress configuration", - "properties": { - "enabled": { - "type": "boolean", - "form": true, - "title": "Use a custom hostname", - "description": "Enable the ingress resource that allows you to access the Kubeapps dashboard." - }, - "hostname": { - "type": "string", - "form": true, - "title": "Hostname", - "hidden": { - "value": false, - "path": "ingress/enabled" - } - }, - "tls": { - "type": "boolean", - "form": true, - "title": "Enable TLS configuration", - "hidden": { - "value": false, - "path": "ingress/enabled" - } - } - } - }, - "authProxy": { - "type": "object", - "title": "OIDC Proxy configuration", - "properties": { - "enabled": { - "type": "boolean", - "form": true, - "title": "Enable OIDC proxy", - "description": "Use an OIDC provider in order to manage accounts, groups and roles with a single application" - }, - "provider": { - "type": "string", - "form": true, - "title": "Identity Provider name", - "description": "See https://oauth2-proxy.github.io/oauth2-proxy/docs/configuration/overview#generating-a-cookie-secret to find available providers", - "hidden": { - "value": false, - "path": "authProxy/enabled" - } - }, - "clientID": { - "type": "string", - "form": true, - "title": "Client ID:", - "description": "Client ID of the Identity Provider", - "hidden": { - "value": false, - "path": "authProxy/enabled" - } - }, - "clientSecret": { - "type": "string", - "form": true, - "title": "Client Secret", - "description": "Secret used to validate the Client ID", - "hidden": { - "value": false, - "path": "authProxy/enabled" - } - }, - "cookieSecret": { - "type": "string", - "form": true, - "title": "Cookie Secret", - "description": "Used by OAuth2 Proxy to encrypt any credentials", - "hidden": { - "value": false, - "path": "authProxy/enabled" - } - } - } - } - } -} diff --git a/packages/system/dashboard/charts/kubeapps/values.yaml b/packages/system/dashboard/charts/kubeapps/values.yaml deleted file mode 100644 index e2f60969..00000000 --- a/packages/system/dashboard/charts/kubeapps/values.yaml +++ /dev/null @@ -1,2506 +0,0 @@ -# Copyright Broadcom, Inc. All Rights Reserved. -# SPDX-License-Identifier: APACHE-2.0 - -## @section Global parameters -## Global Docker image parameters -## Please, note that this will override the image parameters, including dependencies, configured to use the global value -## Current available global Docker image parameters: imageRegistry, imagePullSecrets and storageClass - -## @param global.imageRegistry Global Docker image registry -## @param global.imagePullSecrets Global Docker registry secret names as an array -## @param global.defaultStorageClass Global default StorageClass for Persistent Volume(s) -## @param global.storageClass DEPRECATED: use global.defaultStorageClass instead -## -global: - imageRegistry: "" - ## E.g. - ## imagePullSecrets: - ## - myRegistryKeySecretName - ## - imagePullSecrets: [] - defaultStorageClass: "" - storageClass: "" - ## Compatibility adaptations for Kubernetes platforms - ## - compatibility: - ## Compatibility adaptations for Openshift - ## - openshift: - ## @param global.compatibility.openshift.adaptSecurityContext Adapt the securityContext sections of the deployment to make them compatible with Openshift restricted-v2 SCC: remove runAsUser, runAsGroup and fsGroup and let the platform use their allowed default IDs. Possible values: auto (apply if the detected running cluster is Openshift), force (perform the adaptation always), disabled (do not perform adaptation) - ## - adaptSecurityContext: auto -## @section Common parameters - -## @param kubeVersion Override Kubernetes version -## -kubeVersion: "" -## @param nameOverride String to partially override common.names.fullname -## -nameOverride: "" -## @param fullnameOverride String to fully override common.names.fullname -## -fullnameOverride: "" -## @param commonLabels Labels to add to all deployed objects -## -commonLabels: {} -## @param commonAnnotations Annotations to add to all deployed objects -## -commonAnnotations: {} -## @param extraDeploy Array of extra objects to deploy with the release -## -extraDeploy: [] -## @param enableIPv6 Enable IPv6 configuration -## -enableIPv6: false -## Enable diagnostic mode in the deployment -## -diagnosticMode: - ## @param diagnosticMode.enabled Enable diagnostic mode (all probes will be disabled and the command will be overridden) - ## - enabled: false - ## @param diagnosticMode.command Command to override all containers in the deployment - ## - command: - - sleep - ## @param diagnosticMode.args Args to override all containers in the deployment - ## - args: - - infinity -## @section Traffic Exposure Parameters - -## Configure the ingress resource that allows you to access the Kubeapps installation -## ref: https://kubernetes.io/docs/concepts/services-networking/ingress/ -## -ingress: - ## @param ingress.enabled Enable ingress record generation for Kubeapps - ## - enabled: false - ## @param ingress.apiVersion Force Ingress API version (automatically detected if not set) - ## - apiVersion: "" - ## @param ingress.hostname Default host for the ingress record - ## - hostname: kubeapps.local - ## @param ingress.path Default path for the ingress record - ## NOTE: You may need to set this to '/*' in order to use this with ALB ingress controllers - ## - path: / - ## @param ingress.pathType Ingress path type - ## - pathType: ImplementationSpecific - ## @param ingress.annotations [object] Additional annotations for the Ingress resource. To enable certificate autogeneration, place here your cert-manager annotations. - ## For a full list of possible ingress annotations, please see - ## ref: https://github.com/kubernetes/ingress-nginx/blob/main/docs/user-guide/nginx-configuration/annotations.md - ## Use this parameter to set the required annotations for cert-manager, see - ## ref: https://cert-manager.io/docs/usage/ingress/#supported-annotations - ## - ## e.g: - ## annotations: - ## kubernetes.io/ingress.class: nginx - ## cert-manager.io/cluster-issuer: cluster-issuer-name - ## - annotations: - nginx.ingress.kubernetes.io/proxy-read-timeout: "600" - ## @param ingress.tls Enable TLS configuration for the host defined at `ingress.hostname` parameter - ## TLS certificates will be retrieved from a TLS secret with name: `{{- printf "%s-tls" .Values.ingress.hostname }}` - ## You can: - ## - Use the `ingress.secrets` parameter to create this TLS secret - ## - Rely on cert-manager to create it by setting the corresponding annotations - ## - Rely on Helm to create self-signed certificates by setting `ingress.selfSigned=true` - ## - tls: false - ## @param ingress.selfSigned Create a TLS secret for this ingress record using self-signed certificates generated by Helm - ## - selfSigned: false - ## @param ingress.extraHosts An array with additional hostname(s) to be covered with the ingress record - ## e.g: - ## extraHosts: - ## - name: kubeapps.local - ## path: / - ## - extraHosts: [] - ## @param ingress.extraPaths An array with additional arbitrary paths that may need to be added to the ingress under the main host - ## e.g: - ## extraPaths: - ## - path: /* - ## backend: - ## serviceName: ssl-redirect - ## servicePort: use-annotation - ## - extraPaths: [] - ## @param ingress.extraTls TLS configuration for additional hostname(s) to be covered with this ingress record - ## ref: https://kubernetes.io/docs/concepts/services-networking/ingress/#tls - ## e.g: - ## extraTls: - ## - hosts: - ## - kubeapps.local - ## secretName: kubeapps.local-tls - ## - extraTls: [] - ## @param ingress.secrets Custom TLS certificates as secrets - ## NOTE: 'key' and 'certificate' are expected in PEM format - ## NOTE: 'name' should line up with a 'secretName' set further up - ## If it is not set and you're using cert-manager, this is unneeded, as it will create a secret for you with valid certificates - ## If it is not set and you're NOT using cert-manager either, self-signed certificates will be created valid for 365 days - ## It is also possible to create and manage the certificates outside of this helm chart - ## Please see README.md for more information - ## e.g: - ## secrets: - ## - name: kubeapps.local-tls - ## key: |- - ## -----BEGIN RSA PRIVATE KEY----- - ## ... - ## -----END RSA PRIVATE KEY----- - ## certificate: |- - ## -----BEGIN CERTIFICATE----- - ## ... - ## -----END CERTIFICATE----- - ## - secrets: [] - ## @param ingress.ingressClassName IngressClass that will be be used to implement the Ingress (Kubernetes 1.18+) - ## This is supported in Kubernetes 1.18+ and required if you have more than one IngressClass marked as the default for your cluster . - ## ref: https://kubernetes.io/blog/2020/04/02/improvements-to-the-ingress-api-in-kubernetes-1.18/ - ## - ingressClassName: "" - ## @param ingress.extraRules Additional rules to be covered with this ingress record - ## ref: https://kubernetes.io/docs/concepts/services-networking/ingress/#ingress-rules - ## e.g: - ## extraRules: - ## - host: example.local - ## http: - ## path: / - ## backend: - ## service: - ## name: example-svc - ## port: - ## name: http - ## - extraRules: [] -## @section Kubeapps packaging options -## Note: the helm and flux plugins are mutually exclusive, you can only -## enable one or the other since they both operate on Helm release objects. -## Enabling carvel or flux does *not* install the required related Carvel or -## Flux controllers on your cluster. Please read the documentation for running -## Kubeapps with Carvel or Flux support. -packaging: - ## Default helm packaging - ## @param packaging.helm.enabled Enable the standard Helm packaging. - helm: - enabled: true - ## Carvel packaging - ## @param packaging.carvel.enabled Enable support for the Carvel (kapp-controller) packaging. - carvel: - enabled: false - ## Flux (v2) packaging - ## @param packaging.flux.enabled Enable support for Flux (v2) packaging. - flux: - enabled: false -## @section Frontend parameters - -## Frontend parameters -## -frontend: - ## Bitnami NGINX image - ## ref: https://hub.docker.com/r/bitnami/nginx/tags/ - ## @param frontend.image.registry [default: REGISTRY_NAME] NGINX image registry - ## @param frontend.image.repository [default: REPOSITORY_NAME/nginx] NGINX image repository - ## @skip frontend.image.tag NGINX image tag (immutable tags are recommended) - ## @param frontend.image.digest NGINX image digest in the way sha256:aa.... Please note this parameter, if set, will override the tag - ## @param frontend.image.pullPolicy NGINX image pull policy - ## @param frontend.image.pullSecrets NGINX image pull secrets - ## @param frontend.image.debug Enable image debug mode - ## - image: - registry: docker.io - repository: bitnami/nginx - tag: 1.27.2-debian-12-r2 - digest: "" - ## Specify a imagePullPolicy - ## ref: https://kubernetes.io/docs/concepts/containers/images/#pre-pulled-images - ## - pullPolicy: IfNotPresent - ## Optionally specify an array of imagePullSecrets. - ## Secrets must be manually created in the namespace. - ## ref: https://kubernetes.io/docs/tasks/configure-pod-container/pull-image-private-registry/ - ## e.g: - ## pullSecrets: - ## - myRegistryKeySecretName - ## - pullSecrets: [] - ## Enable debug mode - ## - debug: false - ## @param frontend.proxypassAccessTokenAsBearer Use access_token as the Bearer when talking to the k8s api server - ## NOTE: Some K8s distributions such as GKE requires it - ## - proxypassAccessTokenAsBearer: false - ## @param frontend.proxypassExtraSetHeader Set an additional proxy header for all requests proxied via NGINX - ## e.g: - ## proxypassExtraSetHeader: Authorization "Bearer $cookie_sessionid"; - ## - proxypassExtraSetHeader: "" - ## @param frontend.largeClientHeaderBuffers Set large_client_header_buffers in NGINX config - ## NOTE: Can be required when using OIDC or LDAP due to large cookies - ## - largeClientHeaderBuffers: "4 32k" - ## @param frontend.replicaCount Number of frontend replicas to deploy - ## - replicaCount: 2 - ## @param frontend.updateStrategy.type Frontend deployment strategy type. - ## ref: https://kubernetes.io/docs/concepts/workloads/controllers/deployment/#strategy - ## e.g: - ## updateStrategy: - ## type: RollingUpdate - ## rollingUpdate: - ## maxSurge: 25% - ## maxUnavailable: 25% - ## - updateStrategy: - type: RollingUpdate - ## Frontend containers' resource requests and limits - ## ref: https://kubernetes.io/docs/concepts/configuration/manage-compute-resources-container/ - ## @param frontend.resourcesPreset Set container resources according to one common preset (allowed values: none, nano, micro, small, medium, large, xlarge, 2xlarge). This is ignored if frontend.resources is set (frontend.resources is recommended for production). - ## More information: https://github.com/bitnami/charts/blob/main/bitnami/common/templates/_resources.tpl#L15 - ## - resourcesPreset: "micro" - ## @param frontend.resources Set container requests and limits for different resources like CPU or memory (essential for production workloads) - ## Example: - ## resources: - ## requests: - ## cpu: 2 - ## memory: 512Mi - ## limits: - ## cpu: 3 - ## memory: 1024Mi - ## - resources: {} - ## @param frontend.extraEnvVars Array with extra environment variables to add to the NGINX container - ## e.g: - ## extraEnvVars: - ## - name: FOO - ## value: "bar" - ## - extraEnvVars: [] - ## @param frontend.extraEnvVarsCM Name of existing ConfigMap containing extra env vars for the NGINX container - ## - extraEnvVarsCM: "" - ## @param frontend.extraEnvVarsSecret Name of existing Secret containing extra env vars for the NGINX container - ## - extraEnvVarsSecret: "" - ## @param frontend.containerPorts.http NGINX HTTP container port - ## - containerPorts: - http: 8080 - ## Configure Pods Security Context - ## ref: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/#set-the-security-context-for-a-pod - ## @param frontend.podSecurityContext.enabled Enabled frontend pods' Security Context - ## @param frontend.podSecurityContext.fsGroupChangePolicy Set filesystem group change policy - ## @param frontend.podSecurityContext.sysctls Set kernel settings using the sysctl interface - ## @param frontend.podSecurityContext.supplementalGroups Set filesystem extra groups - ## @param frontend.podSecurityContext.fsGroup Set frontend pod's Security Context fsGroup - ## - podSecurityContext: - enabled: true - fsGroupChangePolicy: Always - sysctls: [] - supplementalGroups: [] - fsGroup: 1001 - ## Configure Container Security Context for NGINX - ## ref: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/#set-the-security-context-for-a-container - ## @param frontend.containerSecurityContext.enabled Enabled containers' Security Context - ## @param frontend.containerSecurityContext.seLinuxOptions [object,nullable] Set SELinux options in container - ## @param frontend.containerSecurityContext.runAsUser Set containers' Security Context runAsUser - ## @param frontend.containerSecurityContext.runAsGroup Set containers' Security Context runAsGroup - ## @param frontend.containerSecurityContext.runAsNonRoot Set container's Security Context runAsNonRoot - ## @param frontend.containerSecurityContext.privileged Set container's Security Context privileged - ## @param frontend.containerSecurityContext.readOnlyRootFilesystem Set container's Security Context readOnlyRootFilesystem - ## @param frontend.containerSecurityContext.allowPrivilegeEscalation Set container's Security Context allowPrivilegeEscalation - ## @param frontend.containerSecurityContext.capabilities.drop List of capabilities to be dropped - ## @param frontend.containerSecurityContext.seccompProfile.type Set container's Security Context seccomp profile - ## - containerSecurityContext: - enabled: true - seLinuxOptions: {} - runAsUser: 1001 - runAsGroup: 1001 - runAsNonRoot: true - privileged: false - readOnlyRootFilesystem: true - allowPrivilegeEscalation: false - capabilities: - drop: ["ALL"] - seccompProfile: - type: "RuntimeDefault" - ## Configure extra options for frontend containers' liveness and readiness probes - ## ref: https://kubernetes.io/docs/tasks/configure-pod-container/configure-liveness-readiness-probes/#configure-probes - ## @param frontend.livenessProbe.enabled Enable livenessProbe - ## @param frontend.livenessProbe.initialDelaySeconds Initial delay seconds for livenessProbe - ## @param frontend.livenessProbe.periodSeconds Period seconds for livenessProbe - ## @param frontend.livenessProbe.timeoutSeconds Timeout seconds for livenessProbe - ## @param frontend.livenessProbe.failureThreshold Failure threshold for livenessProbe - ## @param frontend.livenessProbe.successThreshold Success threshold for livenessProbe - ## - livenessProbe: - enabled: true - initialDelaySeconds: 60 - periodSeconds: 10 - timeoutSeconds: 5 - failureThreshold: 6 - successThreshold: 1 - ## @param frontend.readinessProbe.enabled Enable readinessProbe - ## @param frontend.readinessProbe.initialDelaySeconds Initial delay seconds for readinessProbe - ## @param frontend.readinessProbe.periodSeconds Period seconds for readinessProbe - ## @param frontend.readinessProbe.timeoutSeconds Timeout seconds for readinessProbe - ## @param frontend.readinessProbe.failureThreshold Failure threshold for readinessProbe - ## @param frontend.readinessProbe.successThreshold Success threshold for readinessProbe - ## - readinessProbe: - enabled: true - initialDelaySeconds: 0 - periodSeconds: 10 - timeoutSeconds: 5 - failureThreshold: 6 - successThreshold: 1 - ## @param frontend.startupProbe.enabled Enable startupProbe - ## @param frontend.startupProbe.initialDelaySeconds Initial delay seconds for startupProbe - ## @param frontend.startupProbe.periodSeconds Period seconds for startupProbe - ## @param frontend.startupProbe.timeoutSeconds Timeout seconds for startupProbe - ## @param frontend.startupProbe.failureThreshold Failure threshold for startupProbe - ## @param frontend.startupProbe.successThreshold Success threshold for startupProbe - ## - startupProbe: - enabled: false - initialDelaySeconds: 0 - periodSeconds: 10 - timeoutSeconds: 5 - failureThreshold: 6 - successThreshold: 1 - ## @param frontend.customLivenessProbe Custom livenessProbe that overrides the default one - ## - customLivenessProbe: {} - ## @param frontend.customReadinessProbe Custom readinessProbe that overrides the default one - ## - customReadinessProbe: {} - ## @param frontend.customStartupProbe Custom startupProbe that overrides the default one - ## - customStartupProbe: {} - ## @param frontend.lifecycleHooks Custom lifecycle hooks for frontend containers - ## - lifecycleHooks: {} - ## @param frontend.command Override default container command (useful when using custom images) - ## - command: [] - ## @param frontend.args Override default container args (useful when using custom images) - ## - args: [] - ## @param frontend.podLabels Extra labels for frontend pods - ## ref: https://kubernetes.io/docs/concepts/overview/working-with-objects/labels/ - ## - podLabels: {} - ## @param frontend.podAnnotations Annotations for frontend pods - ## ref: https://kubernetes.io/docs/concepts/overview/working-with-objects/annotations/ - ## - podAnnotations: {} - ## @param frontend.podAffinityPreset Pod affinity preset. Ignored if `affinity` is set. Allowed values: `soft` or `hard` - ## ref: https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/#inter-pod-affinity-and-anti-affinity - ## - podAffinityPreset: "" - ## @param frontend.podAntiAffinityPreset Pod anti-affinity preset. Ignored if `affinity` is set. Allowed values: `soft` or `hard` - ## Ref: https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/#inter-pod-affinity-and-anti-affinity - ## - podAntiAffinityPreset: soft - ## nodeAffinityPreset Node affinity preset - ## Ref: https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/#node-affinity - ## - nodeAffinityPreset: - ## @param frontend.nodeAffinityPreset.type Node affinity preset type. Ignored if `affinity` is set. Allowed values: `soft` or `hard` - ## - type: "" - ## @param frontend.nodeAffinityPreset.key Node label key to match. Ignored if `affinity` is set - ## - key: "" - ## @param frontend.nodeAffinityPreset.values Node label values to match. Ignored if `affinity` is set - ## E.g. - ## values: - ## - e2e-az1 - ## - e2e-az2 - ## - values: [] - ## @param frontend.affinity Affinity for pod assignment - ## Ref: https://kubernetes.io/docs/concepts/configuration/assign-pod-node/#affinity-and-anti-affinity - ## NOTE: frontend.podAffinityPreset, frontend.podAntiAffinityPreset, and frontend.nodeAffinityPreset will be ignored when it's set - ## - affinity: {} - ## @param frontend.nodeSelector Node labels for pod assignment - ## ref: https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/ - ## - nodeSelector: {} - ## @param frontend.tolerations Tolerations for pod assignment - ## ref: https://kubernetes.io/docs/concepts/configuration/taint-and-toleration/ - ## - tolerations: [] - ## @param frontend.priorityClassName Priority class name for frontend pods - ## - priorityClassName: "" - ## @param frontend.schedulerName Name of the k8s scheduler (other than default) - ## ref: https://kubernetes.io/docs/tasks/administer-cluster/configure-multiple-schedulers/ - ## - schedulerName: "" - ## @param frontend.topologySpreadConstraints Topology Spread Constraints for pod assignment - ## https://kubernetes.io/docs/concepts/workloads/pods/pod-topology-spread-constraints/ - ## The value is evaluated as a template - ## - topologySpreadConstraints: [] - ## @param frontend.automountServiceAccountToken Mount Service Account token in pod - ## - automountServiceAccountToken: true - ## @param frontend.hostAliases Custom host aliases for frontend pods - ## https://kubernetes.io/docs/concepts/services-networking/add-entries-to-pod-etc-hosts-with-host-aliases/ - ## - hostAliases: [] - ## @param frontend.extraVolumes Optionally specify extra list of additional volumes for frontend pods - ## - extraVolumes: [] - ## @param frontend.extraVolumeMounts Optionally specify extra list of additional volumeMounts for frontend container(s) - ## - extraVolumeMounts: [] - ## @param frontend.sidecars Add additional sidecar containers to the frontend pod - ## e.g: - ## sidecars: - ## - name: your-image-name - ## image: your-image - ## imagePullPolicy: Always - ## ports: - ## - name: portname - ## containerPort: 1234 - ## - sidecars: [] - ## @param frontend.initContainers Add additional init containers to the frontend pods - ## ref: https://kubernetes.io/docs/concepts/workloads/pods/init-containers/ - ## e.g: - ## initContainers: - ## - name: your-image-name - ## image: your-image - ## imagePullPolicy: Always - ## command: ['sh', '-c', 'echo "hello world"'] - ## - initContainers: [] - ## Pod Disruption Budget configuration - ## ref: https://kubernetes.io/docs/tasks/run-application/configure-pdb - ## @param frontend.pdb.create Enable/disable a Pod Disruption Budget creation - ## @param frontend.pdb.minAvailable Minimum number/percentage of pods that should remain scheduled - ## @param frontend.pdb.maxUnavailable Maximum number/percentage of pods that may be made unavailable. Defaults to `1` if both `frontend.pdb.minAvailable` and `frontend.pdb.maxUnavailable` are empty. - ## - pdb: - create: true - minAvailable: "" - maxUnavailable: "" - ## Frontend service parameters - ## - service: - ## @param frontend.service.type Frontend service type - ## - type: ClusterIP - ## @param frontend.service.ports.http Frontend service HTTP port - ## - ports: - http: 80 - ## @param frontend.service.nodePorts.http Node port for HTTP - ## ref: https://kubernetes.io/docs/concepts/services-networking/service/#nodeport - ## - nodePorts: - http: "" - ## @param frontend.service.clusterIP Frontend service Cluster IP - ## e.g.: - ## clusterIP: None - ## - clusterIP: "" - ## @param frontend.service.loadBalancerIP Frontend service Load Balancer IP - ## ref: https://kubernetes.io/docs/concepts/services-networking/service/#type-loadbalancer - ## - loadBalancerIP: "" - ## @param frontend.service.loadBalancerSourceRanges Frontend service Load Balancer sources - ## ref: https://v1-17.docs.kubernetes.io/docs/tasks/access-application-cluster/configure-cloud-provider-firewall/#restrict-access-for-loadbalancer-service - ## e.g: - ## loadBalancerSourceRanges: - ## - 10.10.10.0/24 - ## - loadBalancerSourceRanges: [] - ## @param frontend.service.externalTrafficPolicy Frontend service external traffic policy - ## ref https://kubernetes.io/docs/tasks/access-application-cluster/create-external-load-balancer/#preserving-the-client-source-ip - ## - externalTrafficPolicy: Cluster - ## @param frontend.service.extraPorts Extra ports to expose (normally used with the `sidecar` value) - ## - extraPorts: [] - ## @param frontend.service.annotations Additional custom annotations for frontend service - ## - annotations: {} - ## @param frontend.service.sessionAffinity Session Affinity for Kubernetes service, can be "None" or "ClientIP" - ## If "ClientIP", consecutive client requests will be directed to the same Pod - ## ref: https://kubernetes.io/docs/concepts/services-networking/service/#virtual-ips-and-service-proxies - ## - sessionAffinity: None - ## @param frontend.service.sessionAffinityConfig Additional settings for the sessionAffinity - ## sessionAffinityConfig: - ## clientIP: - ## timeoutSeconds: 300 - ## - sessionAffinityConfig: {} - ## Network Policies - ## Ref: https://kubernetes.io/docs/concepts/services-networking/network-policies/ - ## - networkPolicy: - ## @param frontend.networkPolicy.enabled Specifies whether a NetworkPolicy should be created - ## - enabled: true - ## @param frontend.networkPolicy.allowExternal Don't require server label for connections - ## The Policy model to apply. When set to false, only pods with the correct - ## server label will have network access to the ports server is listening - ## on. When true, server will accept connections from any source - ## (with the correct destination port). - ## - allowExternal: true - ## @param frontend.networkPolicy.allowExternalEgress Allow the pod to access any range of port and all destinations. - ## - allowExternalEgress: true - ## @param frontend.networkPolicy.kubeAPIServerPorts [array] List of possible endpoints to kube-apiserver (limit to your cluster settings to increase security) - ## - kubeAPIServerPorts: [443, 6443, 8443] - ## @param frontend.networkPolicy.extraIngress [array] Add extra ingress rules to the NetworkPolicy - ## e.g: - ## extraIngress: - ## - ports: - ## - port: 1234 - ## from: - ## - podSelector: - ## - matchLabels: - ## - role: frontend - ## - podSelector: - ## - matchExpressions: - ## - key: role - ## operator: In - ## values: - ## - frontend - extraIngress: [] - ## @param frontend.networkPolicy.extraEgress [array] Add extra ingress rules to the NetworkPolicy - ## e.g: - ## extraEgress: - ## - ports: - ## - port: 1234 - ## to: - ## - podSelector: - ## - matchLabels: - ## - role: frontend - ## - podSelector: - ## - matchExpressions: - ## - key: role - ## operator: In - ## values: - ## - frontend - ## - extraEgress: [] - ## @param frontend.networkPolicy.ingressNSMatchLabels [object] Labels to match to allow traffic from other namespaces - ## @param frontend.networkPolicy.ingressNSPodMatchLabels [object] Pod labels to match to allow traffic from other namespaces - ## - ingressNSMatchLabels: {} - ingressNSPodMatchLabels: {} -## @section Dashboard parameters - -## Dashboard parameters -## -dashboard: - ## @param dashboard.enabled Specifies whether Kubeapps Dashboard should be deployed or not - ## - enabled: true - ## Bitnami Kubeapps Dashboard image - ## ref: https://hub.docker.com/r/bitnami/kubeapps-dashboard/ - ## @param dashboard.image.registry [default: REGISTRY_NAME] Dashboard image registry - ## @param dashboard.image.repository [default: REPOSITORY_NAME/kubeapps-dashboard] Dashboard image repository - ## @skip dashboard.image.tag Dashboard image tag (immutable tags are recommended) - ## @param dashboard.image.digest Dashboard image digest in the way sha256:aa.... Please note this parameter, if set, will override the tag - ## @param dashboard.image.pullPolicy Dashboard image pull policy - ## @param dashboard.image.pullSecrets Dashboard image pull secrets - ## @param dashboard.image.debug Enable image debug mode - ## - image: - registry: docker.io - repository: bitnami/kubeapps-dashboard - tag: 2.12.0-debian-12-r0 - digest: "" - ## Specify a imagePullPolicy - ## ref: https://kubernetes.io/docs/concepts/containers/images/#pre-pulled-images - ## - pullPolicy: IfNotPresent - ## Optionally specify an array of imagePullSecrets. - ## Secrets must be manually created in the namespace. - ## ref: https://kubernetes.io/docs/tasks/configure-pod-container/pull-image-private-registry/ - ## e.g: - ## pullSecrets: - ## - myRegistryKeySecretName - ## - pullSecrets: [] - ## Enable debug mode - ## - debug: false - ## @param dashboard.customStyle Custom CSS injected to the Dashboard to customize Kubeapps look and feel - ## e.g: - ## customStyle: |- - ## .header.header-7 { - ## background-color: #991700; - ## } - ## - customStyle: "" - ## @param dashboard.customAppViews Package names to signal a custom app view - ## ref: https://github.com/vmware-tanzu/kubeapps/blob/main/site/content/docs/latest/howto/custom-app-view-support.md - ## e.g: - ## customAppViews: - ## - plugin: helm - ## name: helm-chart - ## repository: bitnami - customAppViews: [] - ## @param dashboard.customComponents Custom Form components injected into the BasicDeploymentForm - ## ref: https://github.com/vmware-tanzu/kubeapps/blob/main/site/content/docs/latest/howto/custom-form-component-support.md - ## - customComponents: "" - ## @param dashboard.remoteComponentsUrl Remote URL that can be used to load custom components vs loading from the local filesystem - ## - remoteComponentsUrl: "" - ## @param dashboard.skipAvailablePackageDetails Skip the package details view and go straight to the installation view of the latest version - ## - skipAvailablePackageDetails: false - ## @param dashboard.customLocale Custom translations injected to the Dashboard to customize the strings used in Kubeapps - ## ref: https://github.com/vmware-tanzu/kubeapps/blob/main/site/content/docs/latest/reference/translations/translate-kubeapps.md - ## e.g: - ## customLocale: - ## "Kubeapps": "My Dashboard" - ## "login-oidc": "Login with my company SSO" - ## - customLocale: "" - ## @param dashboard.defaultTheme Default theme used in the Dashboard if the user has not selected any theme yet. - ## enum: [ "light", "dark" ] - ## e.g: - ## defaultTheme: dark - ## - defaultTheme: "" - ## @param dashboard.replicaCount Number of Dashboard replicas to deploy - ## - ## @param dashboard.createNamespaceLabels Labels added to newly created namespaces - ## e.g: - # createNamespaceLabels: - # "managed-by": "kubeapps" - createNamespaceLabels: {} - replicaCount: 2 - ## @param dashboard.updateStrategy.type Dashboard deployment strategy type. - ## ref: https://kubernetes.io/docs/concepts/workloads/controllers/deployment/#strategy - ## e.g: - ## updateStrategy: - ## type: RollingUpdate - ## rollingUpdate: - ## maxSurge: 25% - ## maxUnavailable: 25% - ## - updateStrategy: - type: RollingUpdate - ## @param dashboard.extraEnvVars Array with extra environment variables to add to the Dashboard container - ## e.g: - ## extraEnvVars: - ## - name: FOO - ## value: "bar" - ## - extraEnvVars: [] - ## @param dashboard.extraEnvVarsCM Name of existing ConfigMap containing extra env vars for the Dashboard container - ## - extraEnvVarsCM: "" - ## @param dashboard.extraEnvVarsSecret Name of existing Secret containing extra env vars for the Dashboard container - ## - extraEnvVarsSecret: "" - ## @param dashboard.containerPorts.http Dashboard HTTP container port - ## - containerPorts: - http: 8080 - ## Dashboard containers' resource requests and limits - ## ref: https://kubernetes.io/docs/concepts/configuration/manage-compute-resources-container/ - ## @param dashboard.resourcesPreset Set container resources according to one common preset (allowed values: none, nano, micro, small, medium, large, xlarge, 2xlarge). This is ignored if dashboard.resources is set (dashboard.resources is recommended for production). - ## More information: https://github.com/bitnami/charts/blob/main/bitnami/common/templates/_resources.tpl#L15 - ## - resourcesPreset: "micro" - ## @param dashboard.resources Set container requests and limits for different resources like CPU or memory (essential for production workloads) - ## Example: - ## resources: - ## requests: - ## cpu: 2 - ## memory: 512Mi - ## limits: - ## cpu: 3 - ## memory: 1024Mi - ## - resources: {} - ## Configure Pods Security Context - ## ref: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/#set-the-security-context-for-a-pod - ## @param dashboard.podSecurityContext.enabled Enabled Dashboard pods' Security Context - ## @param dashboard.podSecurityContext.fsGroupChangePolicy Set filesystem group change policy - ## @param dashboard.podSecurityContext.sysctls Set kernel settings using the sysctl interface - ## @param dashboard.podSecurityContext.supplementalGroups Set filesystem extra groups - ## @param dashboard.podSecurityContext.fsGroup Set Dashboard pod's Security Context fsGroup - ## - podSecurityContext: - enabled: true - fsGroupChangePolicy: Always - sysctls: [] - supplementalGroups: [] - fsGroup: 1001 - ## Configure Container Security Context for Dashboard - ## ref: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/#set-the-security-context-for-a-container - ## @param dashboard.containerSecurityContext.enabled Enabled containers' Security Context - ## @param dashboard.containerSecurityContext.seLinuxOptions [object,nullable] Set SELinux options in container - ## @param dashboard.containerSecurityContext.runAsUser Set containers' Security Context runAsUser - ## @param dashboard.containerSecurityContext.runAsGroup Set containers' Security Context runAsGroup - ## @param dashboard.containerSecurityContext.runAsNonRoot Set container's Security Context runAsNonRoot - ## @param dashboard.containerSecurityContext.privileged Set container's Security Context privileged - ## @param dashboard.containerSecurityContext.readOnlyRootFilesystem Set container's Security Context readOnlyRootFilesystem - ## @param dashboard.containerSecurityContext.allowPrivilegeEscalation Set container's Security Context allowPrivilegeEscalation - ## @param dashboard.containerSecurityContext.capabilities.drop List of capabilities to be dropped - ## @param dashboard.containerSecurityContext.seccompProfile.type Set container's Security Context seccomp profile - ## - containerSecurityContext: - enabled: true - seLinuxOptions: {} - runAsUser: 1001 - runAsGroup: 1001 - runAsNonRoot: true - privileged: false - readOnlyRootFilesystem: true - allowPrivilegeEscalation: false - capabilities: - drop: ["ALL"] - seccompProfile: - type: "RuntimeDefault" - ## Configure extra options for Dashboard containers' liveness and readiness probes - ## ref: https://kubernetes.io/docs/tasks/configure-pod-container/configure-liveness-readiness-probes/#configure-probes - ## @param dashboard.livenessProbe.enabled Enable livenessProbe - ## @param dashboard.livenessProbe.initialDelaySeconds Initial delay seconds for livenessProbe - ## @param dashboard.livenessProbe.periodSeconds Period seconds for livenessProbe - ## @param dashboard.livenessProbe.timeoutSeconds Timeout seconds for livenessProbe - ## @param dashboard.livenessProbe.failureThreshold Failure threshold for livenessProbe - ## @param dashboard.livenessProbe.successThreshold Success threshold for livenessProbe - ## Dashboard containers' liveness and readiness probes - ## ref: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle/#container-probes - ## - livenessProbe: - enabled: true - initialDelaySeconds: 60 - periodSeconds: 10 - timeoutSeconds: 5 - failureThreshold: 6 - successThreshold: 1 - ## @param dashboard.readinessProbe.enabled Enable readinessProbe - ## @param dashboard.readinessProbe.initialDelaySeconds Initial delay seconds for readinessProbe - ## @param dashboard.readinessProbe.periodSeconds Period seconds for readinessProbe - ## @param dashboard.readinessProbe.timeoutSeconds Timeout seconds for readinessProbe - ## @param dashboard.readinessProbe.failureThreshold Failure threshold for readinessProbe - ## @param dashboard.readinessProbe.successThreshold Success threshold for readinessProbe - ## - readinessProbe: - enabled: true - initialDelaySeconds: 0 - periodSeconds: 10 - timeoutSeconds: 5 - failureThreshold: 6 - successThreshold: 1 - ## @param dashboard.startupProbe.enabled Enable startupProbe - ## @param dashboard.startupProbe.initialDelaySeconds Initial delay seconds for startupProbe - ## @param dashboard.startupProbe.periodSeconds Period seconds for startupProbe - ## @param dashboard.startupProbe.timeoutSeconds Timeout seconds for startupProbe - ## @param dashboard.startupProbe.failureThreshold Failure threshold for startupProbe - ## @param dashboard.startupProbe.successThreshold Success threshold for startupProbe - ## - startupProbe: - enabled: true - initialDelaySeconds: 0 - periodSeconds: 10 - timeoutSeconds: 5 - failureThreshold: 6 - successThreshold: 1 - ## @param dashboard.customLivenessProbe Custom livenessProbe that overrides the default one - ## - customLivenessProbe: {} - ## @param dashboard.customReadinessProbe Custom readinessProbe that overrides the default one - ## - customReadinessProbe: {} - ## @param dashboard.customStartupProbe Custom startupProbe that overrides the default one - ## - customStartupProbe: {} - ## @param dashboard.lifecycleHooks Custom lifecycle hooks for Dashboard containers - ## - lifecycleHooks: {} - ## @param dashboard.command Override default container command (useful when using custom images) - ## - command: [] - ## @param dashboard.args Override default container args (useful when using custom images) - ## - args: [] - ## @param dashboard.podLabels Extra labels for Dashboard pods - ## ref: https://kubernetes.io/docs/concepts/overview/working-with-objects/labels/ - ## - podLabels: {} - ## @param dashboard.podAnnotations Annotations for Dashboard pods - ## ref: https://kubernetes.io/docs/concepts/overview/working-with-objects/annotations/ - ## - podAnnotations: {} - ## @param dashboard.podAffinityPreset Pod affinity preset. Ignored if `affinity` is set. Allowed values: `soft` or `hard` - ## ref: https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/#inter-pod-affinity-and-anti-affinity - ## - podAffinityPreset: "" - ## @param dashboard.podAntiAffinityPreset Pod anti-affinity preset. Ignored if `affinity` is set. Allowed values: `soft` or `hard` - ## Ref: https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/#inter-pod-affinity-and-anti-affinity - ## - podAntiAffinityPreset: soft - ## Node affinity preset - ## Ref: https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/#node-affinity - ## - nodeAffinityPreset: - ## @param dashboard.nodeAffinityPreset.type Node affinity preset type. Ignored if `affinity` is set. Allowed values: `soft` or `hard` - ## - type: "" - ## @param dashboard.nodeAffinityPreset.key Node label key to match. Ignored if `affinity` is set - ## - key: "" - ## @param dashboard.nodeAffinityPreset.values Node label values to match. Ignored if `affinity` is set - ## E.g. - ## values: - ## - e2e-az1 - ## - e2e-az2 - ## - values: [] - ## @param dashboard.affinity Affinity for pod assignment - ## Ref: https://kubernetes.io/docs/concepts/configuration/assign-pod-node/#affinity-and-anti-affinity - ## NOTE: dashboard.podAffinityPreset, dashboard.podAntiAffinityPreset, and dashboard.nodeAffinityPreset will be ignored when it's set - ## - affinity: {} - ## @param dashboard.nodeSelector Node labels for pod assignment - ## ref: https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/ - ## - nodeSelector: {} - ## @param dashboard.tolerations Tolerations for pod assignment - ## ref: https://kubernetes.io/docs/concepts/configuration/taint-and-toleration/ - ## - tolerations: [] - ## @param dashboard.priorityClassName Priority class name for Dashboard pods - ## - priorityClassName: "" - ## @param dashboard.schedulerName Name of the k8s scheduler (other than default) - ## ref: https://kubernetes.io/docs/tasks/administer-cluster/configure-multiple-schedulers/ - ## - schedulerName: "" - ## @param dashboard.topologySpreadConstraints Topology Spread Constraints for pod assignment - ## https://kubernetes.io/docs/concepts/workloads/pods/pod-topology-spread-constraints/ - ## The value is evaluated as a template - ## - topologySpreadConstraints: [] - ## @param dashboard.automountServiceAccountToken Mount Service Account token in pod - ## - automountServiceAccountToken: true - ## @param dashboard.hostAliases Custom host aliases for Dashboard pods - ## https://kubernetes.io/docs/concepts/services-networking/add-entries-to-pod-etc-hosts-with-host-aliases/ - ## - hostAliases: [] - ## @param dashboard.extraVolumes Optionally specify extra list of additional volumes for Dashboard pods - ## - extraVolumes: [] - ## @param dashboard.extraVolumeMounts Optionally specify extra list of additional volumeMounts for Dashboard container(s) - ## - extraVolumeMounts: [] - ## @param dashboard.sidecars Add additional sidecar containers to the Dashboard pod - ## e.g: - ## sidecars: - ## - name: your-image-name - ## image: your-image - ## imagePullPolicy: Always - ## ports: - ## - name: portname - ## containerPort: 1234 - ## - sidecars: [] - ## @param dashboard.initContainers Add additional init containers to the Dashboard pods - ## ref: https://kubernetes.io/docs/concepts/workloads/pods/init-containers/ - ## e.g: - ## initContainers: - ## - name: your-image-name - ## image: your-image - ## imagePullPolicy: Always - ## command: ['sh', '-c', 'echo "hello world"'] - ## - initContainers: [] - ## Pod Disruption Budget configuration - ## ref: https://kubernetes.io/docs/tasks/run-application/configure-pdb - ## @param dashboard.pdb.create Enable/disable a Pod Disruption Budget creation - ## @param dashboard.pdb.minAvailable Minimum number/percentage of pods that should remain scheduled - ## @param dashboard.pdb.maxUnavailable Maximum number/percentage of pods that may be made unavailable. Defaults to `1` if both `dashboard.pdb.minAvailable` and `dashboard.pdb.maxUnavailable` are empty. - ## - pdb: - create: true - minAvailable: "" - maxUnavailable: "" - ## Dashboard service parameters - ## - service: - ## @param dashboard.service.ports.http Dashboard service HTTP port - ## - ports: - http: 8080 - ## @param dashboard.service.annotations Additional custom annotations for Dashboard service - ## - annotations: {} - ## Network Policies - ## Ref: https://kubernetes.io/docs/concepts/services-networking/network-policies/ - ## - networkPolicy: - ## @param dashboard.networkPolicy.enabled Specifies whether a NetworkPolicy should be created - ## - enabled: true - ## @param dashboard.networkPolicy.allowExternal Don't require server label for connections - ## The Policy model to apply. When set to false, only pods with the correct - ## server label will have network access to the ports server is listening - ## on. When true, server will accept connections from any source - ## (with the correct destination port). - ## - allowExternal: true - ## @param dashboard.networkPolicy.allowExternalEgress Allow the pod to access any range of port and all destinations. - ## - allowExternalEgress: true - ## @param dashboard.networkPolicy.kubeAPIServerPorts [array] List of possible endpoints to kube-apiserver (limit to your cluster settings to increase security) - ## - kubeAPIServerPorts: [443, 6443, 8443] - ## @param dashboard.networkPolicy.extraIngress [array] Add extra ingress rules to the NetworkPolicy - ## e.g: - ## extraIngress: - ## - ports: - ## - port: 1234 - ## from: - ## - podSelector: - ## - matchLabels: - ## - role: frontend - ## - podSelector: - ## - matchExpressions: - ## - key: role - ## operator: In - ## values: - ## - frontend - extraIngress: [] - ## @param dashboard.networkPolicy.extraEgress [array] Add extra ingress rules to the NetworkPolicy - ## e.g: - ## extraEgress: - ## - ports: - ## - port: 1234 - ## to: - ## - podSelector: - ## - matchLabels: - ## - role: frontend - ## - podSelector: - ## - matchExpressions: - ## - key: role - ## operator: In - ## values: - ## - frontend - ## - extraEgress: [] - ## @param dashboard.networkPolicy.ingressNSMatchLabels [object] Labels to match to allow traffic from other namespaces - ## @param dashboard.networkPolicy.ingressNSPodMatchLabels [object] Pod labels to match to allow traffic from other namespaces - ## - ingressNSMatchLabels: {} - ingressNSPodMatchLabels: {} -## @section AppRepository Controller parameters - -## AppRepository Controller parameters -## -apprepository: - ## Bitnami Kubeapps AppRepository Controller image - ## ref: https://hub.docker.com/r/bitnami/kubeapps-apprepository-controller/tags/ - ## @param apprepository.image.registry [default: REGISTRY_NAME] Kubeapps AppRepository Controller image registry - ## @param apprepository.image.repository [default: REPOSITORY_NAME/kubeapps-apprepository-controller] Kubeapps AppRepository Controller image repository - ## @skip apprepository.image.tag Kubeapps AppRepository Controller image tag (immutable tags are recommended) - ## @param apprepository.image.digest Kubeapps AppRepository Controller image digest in the way sha256:aa.... Please note this parameter, if set, will override the tag - ## @param apprepository.image.pullPolicy Kubeapps AppRepository Controller image pull policy - ## @param apprepository.image.pullSecrets Kubeapps AppRepository Controller image pull secrets - ## - image: - registry: docker.io - repository: bitnami/kubeapps-apprepository-controller - tag: 2.12.0-debian-12-r0 - digest: "" - ## Specify a imagePullPolicy - ## ref: https://kubernetes.io/docs/concepts/containers/images/#pre-pulled-images - ## - pullPolicy: IfNotPresent - ## Optionally specify an array of imagePullSecrets. - ## Secrets must be manually created in the namespace. - ## ref: https://kubernetes.io/docs/tasks/configure-pod-container/pull-image-private-registry/ - ## e.g: - ## pullSecrets: - ## - myRegistryKeySecretName - ## - pullSecrets: [] - ## Bitnami Kubeapps Asset Syncer image - ## ref: https://hub.docker.com/r/bitnami/kubeapps-asset-syncer/tags/ - ## @param apprepository.syncImage.registry [default: REGISTRY_NAME] Kubeapps Asset Syncer image registry - ## @param apprepository.syncImage.repository [default: REPOSITORY_NAME/kubeapps-asset-syncer] Kubeapps Asset Syncer image repository - ## @skip apprepository.syncImage.tag Kubeapps Asset Syncer image tag (immutable tags are recommended) - ## @param apprepository.syncImage.digest Kubeapps Asset Syncer image digest in the way sha256:aa.... Please note this parameter, if set, will override the tag - ## @param apprepository.syncImage.pullPolicy Kubeapps Asset Syncer image pull policy - ## @param apprepository.syncImage.pullSecrets Kubeapps Asset Syncer image pull secrets - ## - syncImage: - registry: docker.io - repository: bitnami/kubeapps-asset-syncer - tag: 2.12.0-debian-12-r0 - digest: "" - ## Specify a imagePullPolicy - ## ref: https://kubernetes.io/docs/concepts/containers/images/#pre-pulled-images - ## - pullPolicy: IfNotPresent - ## Optionally specify an array of imagePullSecrets. - ## Secrets must be manually created in the namespace. - ## ref: https://kubernetes.io/docs/tasks/configure-pod-container/pull-image-private-registry/ - ## e.g: - ## pullSecrets: - ## - myRegistryKeySecretName - ## - pullSecrets: [] - ## @param apprepository.globalReposNamespaceSuffix Suffix for the namespace of global repos in the Helm plugin. Defaults to empty for backwards compatibility. Ignored if kubeappsapis.pluginConfig.helm.packages.v1alpha1.globalPackagingNamespace is set. - ## - globalReposNamespaceSuffix: "" - ## @param apprepository.initialRepos [array] Initial chart repositories to configure - ## e.g: - ## initialRepos: - ## - name: chartmuseum - ## url: https://chartmuseum.default:8080 - ## # Specify nodeSelector and tolerations: - ## nodeSelector: - ## somelabel: somevalue - ## tolerations: - ## - key: "cattle.io/os" - ## operator: "Equal" - ## value: "linux" - ## effect: "NoSchedule" - ## # Specify an Authorization Header if you are using an authentication method: - ## authorizationHeader: "Bearer xrxNC..." - ## # Specify the credentials if you are using a basic authentication method: - ## basicAuth: - ## user: - ## password: - ## # If you're providing your own certificates, please use this to add the certificates as secrets. - ## # It should start with -----BEGIN CERTIFICATE----- or - ## # -----BEGIN RSA PRIVATE KEY----- - ## caCert: - ## # Create this apprepository in a custom namespace - ## namespace: - ## # In case of an OCI registry, specify the type - ## type: oci - ## # And specify the list of repositories - ## ociRepositories: - ## - nginx - ## - jenkins - ## # Optionally filter out some charts. - ## # The jq query format is not exposed in the UI, so care needs to be taken to use the format which the UI expects to parse, - ## # which is why variables are used in the example below. - ## filterRule: - ## jq: .name == $var0 or .name == $var1 - ## variables: - ## $var0: nginx - ## $var1: jenkins - ## - initialRepos: - - name: bitnami - url: https://charts.bitnami.com/bitnami - ## @param apprepository.customAnnotations Custom annotations be added to each AppRepository-generated CronJob, Job and Pod - ## - customAnnotations: {} - ## @param apprepository.customLabels Custom labels be added to each AppRepository-generated CronJob, Job and Pod - ## - customLabels: {} - ## Proxy configuration to access chart repositories - ## - ## @param apprepository.initialReposProxy.enabled Enables the proxy - ## @param apprepository.initialReposProxy.httpProxy URL for the http proxy - ## @param apprepository.initialReposProxy.httpsProxy URL for the https proxy - ## @param apprepository.initialReposProxy.noProxy URL to exclude from using the proxy - ## - initialReposProxy: - enabled: false - httpProxy: "" - httpsProxy: "" - noProxy: "" - ## @param apprepository.crontab Default schedule for syncing App repositories (defaults to every 10 minutes) - ## e.g: - ## crontab: "*/10 * * * *" - ## - crontab: "" - ## @param apprepository.watchAllNamespaces Watch all namespaces to support separate AppRepositories per namespace - ## Switch this off only if you require running multiple instances of Kubeapps in different namespaces - ## without each instance watching AppRepositories of each other - ## - watchAllNamespaces: true - ## @param apprepository.extraFlags Additional command line flags for AppRepository Controller - ## - extraFlags: [] - ## @param apprepository.replicaCount Number of AppRepository Controller replicas to deploy - ## Running a single controller replica to avoid sync job duplication - ## - replicaCount: 1 - ## @param apprepository.updateStrategy.type AppRepository Controller deployment strategy type. - ## ref: https://kubernetes.io/docs/concepts/workloads/controllers/deployment/#strategy - ## e.g: - ## updateStrategy: - ## type: RollingUpdate - ## rollingUpdate: - ## maxSurge: 25% - ## maxUnavailable: 25% - ## - updateStrategy: - type: RollingUpdate - ## AppRepository Controller containers' resource requests and limits - ## ref: https://kubernetes.io/docs/concepts/configuration/manage-compute-resources-container/ - ## @param apprepository.resourcesPreset Set container resources according to one common preset (allowed values: none, nano, micro, small, medium, large, xlarge, 2xlarge). This is ignored if apprepository.resources is set (apprepository.resources is recommended for production). - ## More information: https://github.com/bitnami/charts/blob/main/bitnami/common/templates/_resources.tpl#L15 - ## - resourcesPreset: "micro" - ## @param apprepository.resources Set container requests and limits for different resources like CPU or memory (essential for production workloads) - ## Example: - ## resources: - ## requests: - ## cpu: 2 - ## memory: 512Mi - ## limits: - ## cpu: 3 - ## memory: 1024Mi - ## - resources: {} - ## Configure Pods Security Context - ## ref: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/#set-the-security-context-for-a-pod - ## @param apprepository.podSecurityContext.enabled Enabled AppRepository Controller pods' Security Context - ## @param apprepository.podSecurityContext.fsGroupChangePolicy Set filesystem group change policy - ## @param apprepository.podSecurityContext.sysctls Set kernel settings using the sysctl interface - ## @param apprepository.podSecurityContext.supplementalGroups Set filesystem extra groups - ## @param apprepository.podSecurityContext.fsGroup Set AppRepository Controller pod's Security Context fsGroup - ## - podSecurityContext: - enabled: true - fsGroupChangePolicy: Always - sysctls: [] - supplementalGroups: [] - fsGroup: 1001 - ## Configure Container Security Context for App Repository jobs - ## ref: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/#set-the-security-context-for-a-container - ## @param apprepository.containerSecurityContext.enabled Enabled containers' Security Context - ## @param apprepository.containerSecurityContext.seLinuxOptions [object,nullable] Set SELinux options in container - ## @param apprepository.containerSecurityContext.runAsUser Set containers' Security Context runAsUser - ## @param apprepository.containerSecurityContext.runAsGroup Set containers' Security Context runAsGroup - ## @param apprepository.containerSecurityContext.runAsNonRoot Set container's Security Context runAsNonRoot - ## @param apprepository.containerSecurityContext.privileged Set container's Security Context privileged - ## @param apprepository.containerSecurityContext.readOnlyRootFilesystem Set container's Security Context readOnlyRootFilesystem - ## @param apprepository.containerSecurityContext.allowPrivilegeEscalation Set container's Security Context allowPrivilegeEscalation - ## @param apprepository.containerSecurityContext.capabilities.drop List of capabilities to be dropped - ## @param apprepository.containerSecurityContext.seccompProfile.type Set container's Security Context seccomp profile - ## - containerSecurityContext: - enabled: true - seLinuxOptions: {} - runAsUser: 1001 - runAsGroup: 1001 - runAsNonRoot: true - privileged: false - readOnlyRootFilesystem: true - allowPrivilegeEscalation: false - capabilities: - drop: ["ALL"] - seccompProfile: - type: "RuntimeDefault" - ## @param apprepository.lifecycleHooks Custom lifecycle hooks for AppRepository Controller containers - ## - lifecycleHooks: {} - ## @param apprepository.command Override default container command (useful when using custom images) - ## - command: [] - ## @param apprepository.args Override default container args (useful when using custom images) - ## - args: [] - ## @param apprepository.extraEnvVars Array with extra environment variables to add to AppRepository Controller pod(s) - ## e.g: - ## extraEnvVars: - ## - name: FOO - ## value: "bar" - ## - extraEnvVars: [] - ## @param apprepository.extraEnvVarsCM Name of existing ConfigMap containing extra env vars for AppRepository Controller pod(s) - ## - extraEnvVarsCM: "" - ## @param apprepository.extraEnvVarsSecret Name of existing Secret containing extra env vars for AppRepository Controller pod(s) - ## - extraEnvVarsSecret: "" - ## @param apprepository.extraVolumes Optionally specify extra list of additional volumes for the AppRepository Controller pod(s) - ## - extraVolumes: [] - ## @param apprepository.extraVolumeMounts Optionally specify extra list of additional volumeMounts for the AppRepository Controller container(s) - ## - extraVolumeMounts: [] - ## @param apprepository.podLabels Extra labels for AppRepository Controller pods - ## ref: https://kubernetes.io/docs/concepts/overview/working-with-objects/labels/ - ## - podLabels: {} - ## @param apprepository.podAnnotations Annotations for AppRepository Controller pods - ## ref: https://kubernetes.io/docs/concepts/overview/working-with-objects/annotations/ - ## - podAnnotations: {} - ## @param apprepository.podAffinityPreset Pod affinity preset. Ignored if `affinity` is set. Allowed values: `soft` or `hard` - ## ref: https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/#inter-pod-affinity-and-anti-affinity - ## - podAffinityPreset: "" - ## @param apprepository.podAntiAffinityPreset Pod anti-affinity preset. Ignored if `affinity` is set. Allowed values: `soft` or `hard` - ## Ref: https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/#inter-pod-affinity-and-anti-affinity - ## - podAntiAffinityPreset: soft - ## nodeAffinityPreset Node affinity preset - ## Ref: https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/#node-affinity - ## - nodeAffinityPreset: - ## @param apprepository.nodeAffinityPreset.type Node affinity preset type. Ignored if `affinity` is set. Allowed values: `soft` or `hard` - ## - type: "" - ## @param apprepository.nodeAffinityPreset.key Node label key to match. Ignored if `affinity` is set - ## - key: "" - ## @param apprepository.nodeAffinityPreset.values Node label values to match. Ignored if `affinity` is set - ## E.g. - ## values: - ## - e2e-az1 - ## - e2e-az2 - ## - values: [] - ## @param apprepository.affinity Affinity for pod assignment - ## Ref: https://kubernetes.io/docs/concepts/configuration/assign-pod-node/#affinity-and-anti-affinity - ## NOTE: apprepository.podAffinityPreset, apprepository.podAntiAffinityPreset, and apprepository.nodeAffinityPreset will be ignored when it's set - ## - affinity: {} - ## @param apprepository.nodeSelector Node labels for pod assignment - ## ref: https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/ - ## - nodeSelector: {} - ## @param apprepository.tolerations Tolerations for pod assignment - ## ref: https://kubernetes.io/docs/concepts/configuration/taint-and-toleration/ - ## - tolerations: [] - ## @param apprepository.priorityClassName Priority class name for AppRepository Controller pods - ## - priorityClassName: "" - ## @param apprepository.schedulerName Name of the k8s scheduler (other than default) - ## ref: https://kubernetes.io/docs/tasks/administer-cluster/configure-multiple-schedulers/ - ## - schedulerName: "" - ## @param apprepository.topologySpreadConstraints Topology Spread Constraints for pod assignment - ## https://kubernetes.io/docs/concepts/workloads/pods/pod-topology-spread-constraints/ - ## The value is evaluated as a template - ## - topologySpreadConstraints: [] - ## @param apprepository.automountServiceAccountToken Mount Service Account token in pod - ## - automountServiceAccountToken: true - ## @param apprepository.hostAliases Custom host aliases for AppRepository Controller pods - ## https://kubernetes.io/docs/concepts/services-networking/add-entries-to-pod-etc-hosts-with-host-aliases/ - ## - hostAliases: [] - ## @param apprepository.sidecars Add additional sidecar containers to the AppRepository Controller pod(s) - ## e.g: - ## sidecars: - ## - name: your-image-name - ## image: your-image - ## imagePullPolicy: Always - ## ports: - ## - name: portname - ## containerPort: 1234 - ## - sidecars: [] - ## @param apprepository.initContainers Add additional init containers to the AppRepository Controller pod(s) - ## ref: https://kubernetes.io/docs/concepts/workloads/pods/init-containers/ - ## e.g: - ## initContainers: - ## - name: your-image-name - ## image: your-image - ## imagePullPolicy: Always - ## command: ['sh', '-c', 'echo "hello world"'] - ## - initContainers: [] - ## Pod Disruption Budget configuration - ## ref: https://kubernetes.io/docs/tasks/run-application/configure-pdb - ## @param apprepository.pdb.create Enable/disable a Pod Disruption Budget creation - ## @param apprepository.pdb.minAvailable Minimum number/percentage of pods that should remain scheduled - ## @param apprepository.pdb.maxUnavailable Maximum number/percentage of pods that may be made unavailable. Defaults to `1` if both `apprepository.pdb.minAvailable` and `apprepository.pdb.maxUnavailable` are empty. - ## - pdb: - create: true - minAvailable: "" - maxUnavailable: "" - ## Network Policies - ## Ref: https://kubernetes.io/docs/concepts/services-networking/network-policies/ - ## - networkPolicy: - ## @param apprepository.networkPolicy.enabled Specifies whether a NetworkPolicy should be created - ## - enabled: true - ## @param apprepository.networkPolicy.allowExternalEgress Allow the pod to access any range of port and all destinations. - ## - allowExternalEgress: true - ## @param apprepository.networkPolicy.kubeAPIServerPorts [array] List of possible endpoints to kube-apiserver (limit to your cluster settings to increase security) - ## - kubeAPIServerPorts: [443, 6443, 8443] - ## @param apprepository.networkPolicy.extraIngress [array] Add extra ingress rules to the NetworkPolicy - ## e.g: - ## extraIngress: - ## - ports: - ## - port: 1234 - ## from: - ## - podSelector: - ## - matchLabels: - ## - role: frontend - ## - podSelector: - ## - matchExpressions: - ## - key: role - ## operator: In - ## values: - ## - frontend - extraIngress: [] - ## @param apprepository.networkPolicy.extraEgress [array] Add extra ingress rules to the NetworkPolicy - ## e.g: - ## extraEgress: - ## - ports: - ## - port: 1234 - ## to: - ## - podSelector: - ## - matchLabels: - ## - role: frontend - ## - podSelector: - ## - matchExpressions: - ## - key: role - ## operator: In - ## values: - ## - frontend - ## - extraEgress: [] - ## AppRepository Controller Service Account - ## ref: https://kubernetes.io/docs/tasks/configure-pod-container/configure-service-account/ - ## @param apprepository.serviceAccount.create Specifies whether a ServiceAccount should be created - ## @param apprepository.serviceAccount.name Name of the service account to use. If not set and create is true, a name is generated using the fullname template. - ## @param apprepository.serviceAccount.automountServiceAccountToken Automount service account token for the server service account - ## @param apprepository.serviceAccount.annotations Annotations for service account. Evaluated as a template. Only used if `create` is `true`. - ## - serviceAccount: - create: true - name: "" - automountServiceAccountToken: false - annotations: {} -## @section Auth Proxy parameters - -## Auth Proxy configuration for OIDC support -## ref: https://github.com/vmware-tanzu/kubeapps/blob/main/site/content/docs/latest/tutorials/using-an-OIDC-provider.md -## -authProxy: - ## @param authProxy.enabled Specifies whether Kubeapps should configure OAuth login/logout - ## - enabled: false - ## Bitnami OAuth2 Proxy image - ## ref: https://hub.docker.com/r/bitnami/oauth2-proxy/tags/ - ## @param authProxy.image.registry [default: REGISTRY_NAME] OAuth2 Proxy image registry - ## @param authProxy.image.repository [default: REPOSITORY_NAME/oauth2-proxy] OAuth2 Proxy image repository - ## @skip authProxy.image.tag OAuth2 Proxy image tag (immutable tags are recommended) - ## @param authProxy.image.digest OAuth2 Proxy image digest in the way sha256:aa.... Please note this parameter, if set, will override the tag - ## @param authProxy.image.pullPolicy OAuth2 Proxy image pull policy - ## @param authProxy.image.pullSecrets OAuth2 Proxy image pull secrets - ## - image: - registry: docker.io - repository: bitnami/oauth2-proxy - tag: 7.7.1-debian-12-r1 - digest: "" - ## Specify a imagePullPolicy - ## ref: https://kubernetes.io/docs/concepts/containers/images/#pre-pulled-images - ## - pullPolicy: IfNotPresent - ## Optionally specify an array of imagePullSecrets. - ## Secrets must be manually created in the namespace. - ## ref: https://kubernetes.io/docs/tasks/configure-pod-container/pull-image-private-registry/ - ## e.g: - ## pullSecrets: - ## - myRegistryKeySecretName - ## - pullSecrets: [] - ## @param authProxy.external Use an external Auth Proxy instead of deploying its own one - ## - external: false - ## @param authProxy.oauthLoginURI OAuth Login URI to which the Kubeapps frontend redirects for authn - ## @param authProxy.oauthLogoutURI OAuth Logout URI to which the Kubeapps frontend redirects for authn - ## - oauthLoginURI: /oauth2/start - oauthLogoutURI: /oauth2/sign_out - ## @param authProxy.skipKubeappsLoginPage Skip the Kubeapps login page when using OIDC and directly redirect to the IdP - ## - skipKubeappsLoginPage: false - ## @param authProxy.provider OAuth provider - ## @param authProxy.clientID OAuth Client ID - ## @param authProxy.clientSecret OAuth Client secret - ## NOTE: Mandatory parameters for the internal auth-proxy - ## - provider: "" - clientID: "" - clientSecret: "" - ## @param authProxy.cookieSecret Secret used by oauth2-proxy to encrypt any credentials - ## NOTE: It must be a particular number of bytes. It's recommended using the following - ## script to generate a cookieSecret: - ## python -c 'import os,base64; print base64.urlsafe_b64encode(os.urandom(16))' - ## ref: https://oauth2-proxy.github.io/oauth2-proxy/docs/configuration/overview#generating-a-cookie-secret - ## - cookieSecret: "" - ## @param authProxy.existingOauth2Secret Name of an existing secret containing the OAuth client secrets, it should contain the keys clientID, clientSecret, and cookieSecret - ## If set, the values `authProxy.provider`, `authProxy.clientID`, `authProxy.clientSecret` will be ignored - ## - existingOauth2Secret: "" - ## @param authProxy.cookieRefresh Duration after which to refresh the cookie - ## - cookieRefresh: 2m - ## @param authProxy.scope OAuth scope specification - ## - scope: "openid email groups" - ## @param authProxy.emailDomain Allowed email domains - ## Use "example.com" to restrict logins to emails from example.com - ## - emailDomain: "*" - ## @param authProxy.extraFlags Additional command line flags for oauth2-proxy - ## ref: https://oauth2-proxy.github.io/oauth2-proxy/docs/configuration/overview - ## e.g: - ## extraFlags: - ## - --ssl-insecure-skip-verify - ## - --cookie-secure=false - ## - --oidc-issuer-url=https://accounts.google.com # Only needed if provider is oidc - ## - extraFlags: [] - ## @param authProxy.lifecycleHooks for the Auth Proxy container(s) to automate configuration before or after startup - ## - lifecycleHooks: {} - ## @param authProxy.command Override default container command (useful when using custom images) - ## - command: [] - ## @param authProxy.args Override default container args (useful when using custom images) - ## - args: [] - ## @param authProxy.extraEnvVars Array with extra environment variables to add to the Auth Proxy container - ## e.g: - ## extraEnvVars: - ## - name: FOO - ## value: "bar" - ## - extraEnvVars: [] - ## @param authProxy.extraEnvVarsCM Name of existing ConfigMap containing extra env vars for Auth Proxy containers(s) - ## - extraEnvVarsCM: "" - ## @param authProxy.extraEnvVarsSecret Name of existing Secret containing extra env vars for Auth Proxy containers(s) - ## - extraEnvVarsSecret: "" - ## @param authProxy.extraVolumeMounts Optionally specify extra list of additional volumeMounts for the Auth Proxy container(s) - ## - extraVolumeMounts: [] - ## @param authProxy.containerPorts.proxy Auth Proxy HTTP container port - ## - containerPorts: - proxy: 3000 - ## Configure Container Security Context for Auth Proxy - ## ref: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/#set-the-security-context-for-a-container - ## @param authProxy.containerSecurityContext.enabled Enabled containers' Security Context - ## @param authProxy.containerSecurityContext.seLinuxOptions [object,nullable] Set SELinux options in container - ## @param authProxy.containerSecurityContext.runAsUser Set containers' Security Context runAsUser - ## @param authProxy.containerSecurityContext.runAsGroup Set containers' Security Context runAsGroup - ## @param authProxy.containerSecurityContext.runAsNonRoot Set container's Security Context runAsNonRoot - ## @param authProxy.containerSecurityContext.privileged Set container's Security Context privileged - ## @param authProxy.containerSecurityContext.readOnlyRootFilesystem Set container's Security Context readOnlyRootFilesystem - ## @param authProxy.containerSecurityContext.allowPrivilegeEscalation Set container's Security Context allowPrivilegeEscalation - ## @param authProxy.containerSecurityContext.capabilities.drop List of capabilities to be dropped - ## @param authProxy.containerSecurityContext.seccompProfile.type Set container's Security Context seccomp profile - ## - containerSecurityContext: - enabled: true - seLinuxOptions: {} - runAsUser: 1001 - runAsGroup: 1001 - runAsNonRoot: true - privileged: false - readOnlyRootFilesystem: true - allowPrivilegeEscalation: false - capabilities: - drop: ["ALL"] - seccompProfile: - type: "RuntimeDefault" - ## OAuth2 Proxy containers' resource requests and limits - ## ref: https://kubernetes.io/docs/concepts/configuration/manage-compute-resources-container/ - ## @param authProxy.resourcesPreset Set container resources according to one common preset (allowed values: none, nano, micro, small, medium, large, xlarge, 2xlarge). This is ignored if authProxy.resources is set (authProxy.resources is recommended for production). - ## More information: https://github.com/bitnami/charts/blob/main/bitnami/common/templates/_resources.tpl#L15 - ## - resourcesPreset: "micro" - ## @param authProxy.resources Set container requests and limits for different resources like CPU or memory (essential for production workloads) - ## Example: - ## resources: - ## requests: - ## cpu: 2 - ## memory: 512Mi - ## limits: - ## cpu: 3 - ## memory: 1024Mi - ## - resources: {} -## @section Pinniped Proxy parameters - -## Pinniped Proxy configuration for converting user OIDC tokens to k8s client authorization certs -## -pinnipedProxy: - ## @param pinnipedProxy.enabled Specifies whether Kubeapps should configure Pinniped Proxy - ## - enabled: false - ## Bitnami Pinniped Proxy image - ## ref: https://hub.docker.com/r/bitnami/kubeapps-pinniped-proxy/tags/ - ## @param pinnipedProxy.image.registry [default: REGISTRY_NAME] Pinniped Proxy image registry - ## @param pinnipedProxy.image.repository [default: REPOSITORY_NAME/kubeapps-pinniped-proxy] Pinniped Proxy image repository - ## @skip pinnipedProxy.image.tag Pinniped Proxy image tag (immutable tags are recommended) - ## @param pinnipedProxy.image.digest Pinniped Proxy image digest in the way sha256:aa.... Please note this parameter, if set, will override the tag - ## @param pinnipedProxy.image.pullPolicy Pinniped Proxy image pull policy - ## @param pinnipedProxy.image.pullSecrets Pinniped Proxy image pull secrets - ## - image: - registry: docker.io - repository: bitnami/kubeapps-pinniped-proxy - tag: 2.12.0-debian-12-r0 - digest: "" - ## Specify a imagePullPolicy - ## ref: https://kubernetes.io/docs/concepts/containers/images/#pre-pulled-images - ## - pullPolicy: IfNotPresent - ## Optionally specify an array of imagePullSecrets. - ## Secrets must be manually created in the namespace. - ## ref: https://kubernetes.io/docs/tasks/configure-pod-container/pull-image-private-registry/ - ## e.g: - ## pullSecrets: - ## - myRegistryKeySecretName - ## - pullSecrets: [] - ## @param pinnipedProxy.defaultPinnipedNamespace Namespace in which pinniped concierge is installed - ## - defaultPinnipedNamespace: pinniped-concierge - ## @param pinnipedProxy.defaultAuthenticatorType Authenticator type - ## - defaultAuthenticatorType: JWTAuthenticator - ## @param pinnipedProxy.defaultAuthenticatorName Authenticator name - ## - defaultAuthenticatorName: jwt-authenticator - ## @param pinnipedProxy.defaultPinnipedAPISuffix API suffix - ## - defaultPinnipedAPISuffix: pinniped.dev - ## TLS settings for Pinniped Proxy - ## ref: https://kubeapps.dev/docs/latest/howto/oidc/using-an-oidc-provider-with-pinniped/#running-the-pinniped-proxy-service-over-tls - ## - tls: - ## @param pinnipedProxy.tls.existingSecret TLS secret with which to proxy requests - ## - existingSecret: "" - ## @param pinnipedProxy.tls.caCertificate TLS CA cert config map which clients of pinniped proxy should use with TLS requests - ## This config map must contain a ca.crt key with the CA cert content as the value. - ## - caCertificate: "" - ## @param pinnipedProxy.lifecycleHooks For the Pinniped Proxy container(s) to automate configuration before or after startup - ## - lifecycleHooks: {} - ## @param pinnipedProxy.command Override default container command (useful when using custom images) - ## - command: [] - ## @param pinnipedProxy.args Override default container args (useful when using custom images) - ## - args: [] - ## @param pinnipedProxy.extraEnvVars Array with extra environment variables to add to Pinniped Proxy container(s) - ## e.g: - ## extraEnvVars: - ## - name: FOO - ## value: "bar" - ## - extraEnvVars: [] - ## @param pinnipedProxy.extraEnvVarsCM Name of existing ConfigMap containing extra env vars for Pinniped Proxy container(s) - ## - extraEnvVarsCM: "" - ## @param pinnipedProxy.extraEnvVarsSecret Name of existing Secret containing extra env vars for Pinniped Proxy container(s) - ## - extraEnvVarsSecret: "" - ## @param pinnipedProxy.extraVolumeMounts Optionally specify extra list of additional volumeMounts for the Pinniped Proxy container(s) - ## - extraVolumeMounts: [] - ## @param pinnipedProxy.containerPorts.pinnipedProxy Pinniped Proxy container port - ## - containerPorts: - pinnipedProxy: 3333 - ## Configure Container Security Context for Pinniped Proxy - ## ref: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/#set-the-security-context-for-a-container - ## @param pinnipedProxy.containerSecurityContext.enabled Enabled containers' Security Context - ## @param pinnipedProxy.containerSecurityContext.seLinuxOptions [object,nullable] Set SELinux options in container - ## @param pinnipedProxy.containerSecurityContext.runAsUser Set containers' Security Context runAsUser - ## @param pinnipedProxy.containerSecurityContext.runAsGroup Set containers' Security Context runAsGroup - ## @param pinnipedProxy.containerSecurityContext.runAsNonRoot Set container's Security Context runAsNonRoot - ## @param pinnipedProxy.containerSecurityContext.privileged Set container's Security Context privileged - ## @param pinnipedProxy.containerSecurityContext.readOnlyRootFilesystem Set container's Security Context readOnlyRootFilesystem - ## @param pinnipedProxy.containerSecurityContext.allowPrivilegeEscalation Set container's Security Context allowPrivilegeEscalation - ## @param pinnipedProxy.containerSecurityContext.capabilities.drop List of capabilities to be dropped - ## @param pinnipedProxy.containerSecurityContext.seccompProfile.type Set container's Security Context seccomp profile - ## - containerSecurityContext: - enabled: true - seLinuxOptions: {} - runAsUser: 1001 - runAsGroup: 1001 - runAsNonRoot: true - privileged: false - readOnlyRootFilesystem: true - allowPrivilegeEscalation: false - capabilities: - drop: ["ALL"] - seccompProfile: - type: "RuntimeDefault" - ## Pinniped Proxy containers' resource requests and limits - ## ref: https://kubernetes.io/docs/concepts/configuration/manage-compute-resources-container/ - ## @param pinnipedProxy.resourcesPreset Set container resources according to one common preset (allowed values: none, nano, micro, small, medium, large, xlarge, 2xlarge). This is ignored if pinnipedProxy.resources is set (pinnipedProxy.resources is recommended for production). - ## More information: https://github.com/bitnami/charts/blob/main/bitnami/common/templates/_resources.tpl#L15 - ## - resourcesPreset: "micro" - ## @param pinnipedProxy.resources Set container requests and limits for different resources like CPU or memory (essential for production workloads) - ## Example: - ## resources: - ## requests: - ## cpu: 2 - ## memory: 512Mi - ## limits: - ## cpu: 3 - ## memory: 1024Mi - ## - resources: {} - ## Pinniped Proxy service parameters - ## - service: - ## @param pinnipedProxy.service.ports.pinnipedProxy Pinniped Proxy service port - ## - ports: - pinnipedProxy: 3333 - ## @param pinnipedProxy.service.annotations Additional custom annotations for Pinniped Proxy service - ## - annotations: {} -## @section Other Parameters - -## @param clusters [array] List of clusters that Kubeapps can target for deployments -## When populated with a single cluster (as it is by default), Kubeapps will not allow users to -## change the target cluster. When populated with multiple clusters, Kubeapps will present the clusters to -## the user as potential targets for install or browsing. -## - Note that you can define a single cluster without an apiServiceURL and the chart will assume this is -## the name you are assigning to the cluster on which Kubeapps is itself installed. Specifying more than -## one cluster without an apiServiceURL will cause the chart display an error. -## - The base64-encoded certificateAuthorityData can be obtained from the additional cluster's kube config -## file, for example, to get the ca data for the 0th cluster in your config (adjust the index 0 as necessary): -## kubectl --kubeconfig ~/.kube/kind-config-kubeapps-additional config view --raw -o jsonpath='{.clusters[0].cluster.certificate-authority-data}' -## - serviceToken is an optional token configured to allow LIST namespaces and package manifests (operators) only on the additional cluster -## so that the UI can present a list of (only) those namespaces to which the user has access and the available operators. -## - isKubeappsCluster is an optional parameter that allows defining the cluster in which Kubeapps is installed; -## this param is useful when every cluster is using an apiServiceURL (e.g., when using the Pinniped Impersonation Proxy) -## as the chart cannot infer the cluster on which Kubeapps is installed in that case. -## - pinnipedConfig is an optional parameter that contains configuration options specific to a cluster running the pinniped concierge service. -## e.g.: -## clusters: -## - name: default -## domain: cluster.local -## - name: second-cluster -## domain: cluster.local -## apiServiceURL: https://second-cluster:6443 -## certificateAuthorityData: LS0tLS1CRUdJ... -## serviceToken: ... -## isKubeappsCluster: true -## pinnipedConfig: -## enabled: true - -## -clusters: - - name: default - domain: cluster.local -## RBAC configuration -## -rbac: - ## @param rbac.create Specifies whether RBAC resources should be created - ## - create: true -## @section Feature flags -## -## Opt-in features intended for development and advanced use cases. -## They might be removed in future releases without prior notice. -featureFlags: - ## For a full list of possible ingress annotations, please see - apiOnly: - ## @param featureFlags.apiOnly.enabled Enable ingress for API operations only. Access to "/" will not be possible, so Dashboard will be unusable. - ## - enabled: false - grpc: - ## @param featureFlags.apiOnly.grpc.annotations [object] Specific annotations for the GRPC ingress in API-only mode - ## ref: https://github.com/kubernetes/ingress-nginx/blob/main/docs/user-guide/nginx-configuration/annotations.md - ## - annotations: - nginx.ingress.kubernetes.io/backend-protocol: GRPC - ## @param featureFlags.operators Enable support for Operators in Kubeapps - ## - operators: false - schemaEditor: - ## @param featureFlags.schemaEditor.enabled Enable a visual editor for customizing the package schemas - ## - enabled: false -## @section Database Parameters - -## PostgreSQL chart configuration -## ref: https://github.com/bitnami/charts/blob/main/bitnami/postgresql/values.yaml -## @param postgresql.enabled Deploy a PostgreSQL server to satisfy the applications database requirements -## @param postgresql.auth.username Username for PostgreSQL server -## @param postgresql.auth.postgresPassword Password for 'postgres' user -## ref: https://github.com/bitnami/containers/tree/main/bitnami/postgresql#setting-the-root-password-on-first-run -## @param postgresql.auth.database Name for a custom database to create -## @param postgresql.auth.existingSecret Name of existing secret to use for PostgreSQL credentials -## -postgresql: - enabled: true - auth: - username: "postgres" - postgresPassword: "" - database: assets - existingSecret: "" - ## PostgreSQL Primary persistence configuration - ## @param postgresql.primary.persistence.enabled Enable PostgreSQL Primary data persistence using PVC - primary: - persistence: - enabled: false - ## @param postgresql.architecture PostgreSQL architecture (`standalone` or `replication`) - ## - architecture: standalone - ## @param postgresql.securityContext.enabled Enabled PostgreSQL replicas pods' Security Context - ## ref: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/ - ## - securityContext: - enabled: false - ## PostgreSQL containers' resource requests and limits - ## ref: https://kubernetes.io/docs/concepts/configuration/manage-compute-resources-container/ - ## @param postgresql.resourcesPreset Set container resources according to one common preset (allowed values: none, nano, micro, small, medium, large, xlarge, 2xlarge). This is ignored if postgresql.resources is set (postgresql.resources is recommended for production). - ## More information: https://github.com/bitnami/charts/blob/main/bitnami/common/templates/_resources.tpl#L15 - ## - resourcesPreset: "micro" - ## @param postgresql.resources Set container requests and limits for different resources like CPU or memory (essential for production workloads) - ## Example: - ## resources: - ## requests: - ## cpu: 2 - ## memory: 512Mi - ## limits: - ## cpu: 3 - ## memory: 1024Mi - ## - ## - resources: {} -## @section kubeappsapis parameters -kubeappsapis: - ## @param kubeappsapis.enabledPlugins Manually override which plugins are enabled for the Kubeapps-APIs service - ## - ## NOTE: normally this should remain blank, with the top-level `packaging` - ## value automatically determining which plugins should be enabled. Only - ## set this value if you want to manually override the list of plugins - ## enabled for the service. - ## - enabledPlugins: [] - pluginConfig: - core: - packages: - v1alpha1: - versionsInSummary: - ## @param kubeappsapis.pluginConfig.core.packages.v1alpha1.versionsInSummary.major Number of major versions to display in the summary - major: 3 - ## @param kubeappsapis.pluginConfig.core.packages.v1alpha1.versionsInSummary.minor Number of minor versions to display in the summary - minor: 3 - ## @param kubeappsapis.pluginConfig.core.packages.v1alpha1.versionsInSummary.patch Number of patch versions to display in the summary - patch: 3 - ## @param kubeappsapis.pluginConfig.core.packages.v1alpha1.timeoutSeconds Value to wait for Kubernetes commands to complete - timeoutSeconds: 300 - helm: - packages: - v1alpha1: - ## @param kubeappsapis.pluginConfig.helm.packages.v1alpha1.globalPackagingNamespace Custom global packaging namespace. Using this value will override the current "kubeapps release namespace + suffix" pattern and will create a new namespace if not exists. - globalPackagingNamespace: "" - kappController: - packages: - v1alpha1: - ## @param kubeappsapis.pluginConfig.kappController.packages.v1alpha1.defaultUpgradePolicy Default upgrade policy generating version constraints - ## enum: [ "major", "minor", "patch", "none" ] - defaultUpgradePolicy: none - ## @param kubeappsapis.pluginConfig.kappController.packages.v1alpha1.defaultPrereleasesVersionSelection [array,nullable] Default policy for allowing prereleases containing one of the identifiers - ## ref: https://carvel.dev/kapp-controller/docs/latest/package-consumer-concepts/#prereleases - ## e.g: - # defaultPrereleasesVersionSelection: - # - rc - defaultPrereleasesVersionSelection: null - ## @param kubeappsapis.pluginConfig.kappController.packages.v1alpha1.defaultAllowDowngrades Default policy for allowing applications to be downgraded to previous versions - ## ref: https://carvel.dev/kapp-controller/docs/latest/package-consumer-concepts/#downgrading - defaultAllowDowngrades: false - ## @param kubeappsapis.pluginConfig.kappController.packages.v1alpha1.globalPackagingNamespace Default global packaging namespace - ## ref: https://carvel.dev/kapp-controller/docs/latest/package-consumer-concepts/#namespacing - globalPackagingNamespace: kapp-controller-packaging-global - flux: - packages: - v1alpha1: - ## @param kubeappsapis.pluginConfig.flux.packages.v1alpha1.defaultUpgradePolicy Default upgrade policy generating version constraints - ## enum: [ "major", "minor", "patch", "none" ] - defaultUpgradePolicy: none - ## @param kubeappsapis.pluginConfig.flux.packages.v1alpha1.noCrossNamespaceRefs Enable this flag to disallow cross-namespace references, useful when running Flux on multi-tenant clusters - noCrossNamespaceRefs: false - resources: - packages: - v1alpha1: - ## Trusted namespaces parameters - ## - trustedNamespaces: - ## @param kubeappsapis.pluginConfig.resources.packages.v1alpha1.trustedNamespaces.headerName Optional header name for trusted namespaces - ## e.g: - ## headerName: X-Consumer-Groups - ## - headerName: "" - ## @param kubeappsapis.pluginConfig.resources.packages.v1alpha1.trustedNamespaces.headerPattern Optional header pattern for trusted namespaces - ## e.g: - ## headerPattern: namespace:^([\w-]+):\w+$ - ## - headerPattern: "" - ## Bitnami Kubeapps-APIs image - ## ref: https://hub.docker.com/r/bitnami/kubeapps-apis/tags/ - ## @param kubeappsapis.image.registry [default: REGISTRY_NAME] Kubeapps-APIs image registry - ## @param kubeappsapis.image.repository [default: REPOSITORY_NAME/kubeapps-apis] Kubeapps-APIs image repository - ## @skip kubeappsapis.image.tag Kubeapps-APIs image tag (immutable tags are recommended) - ## @param kubeappsapis.image.digest Kubeapps-APIs image digest in the way sha256:aa.... Please note this parameter, if set, will override the tag - ## @param kubeappsapis.image.pullPolicy Kubeapps-APIs image pull policy - ## @param kubeappsapis.image.pullSecrets Kubeapps-APIs image pull secrets - ## - image: - registry: docker.io - repository: bitnami/kubeapps-apis - tag: 2.12.0-debian-12-r0 - digest: "" - ## Specify a imagePullPolicy - ## ref: https://kubernetes.io/docs/concepts/containers/images/#pre-pulled-images - ## - pullPolicy: IfNotPresent - ## Optionally specify an array of imagePullSecrets. - ## Secrets must be manually created in the namespace. - ## ref: https://kubernetes.io/docs/tasks/configure-pod-container/pull-image-private-registry/ - ## e.g: - ## pullSecrets: - ## - myRegistryKeySecretName - ## - pullSecrets: [] - ## @param kubeappsapis.replicaCount Number of frontend replicas to deploy - ## - replicaCount: 2 - ## @param kubeappsapis.updateStrategy.type KubeappsAPIs deployment strategy type. - ## ref: https://kubernetes.io/docs/concepts/workloads/controllers/deployment/#strategy - ## e.g: - ## updateStrategy: - ## type: RollingUpdate - ## rollingUpdate: - ## maxSurge: 25% - ## maxUnavailable: 25% - ## - updateStrategy: - type: RollingUpdate - ## @param kubeappsapis.extraFlags Additional command line flags for KubeappsAPIs - ## - extraFlags: [] - ## @param kubeappsapis.qps KubeappsAPIs Kubernetes API client QPS limit - ## - qps: "50.0" - ## @param kubeappsapis.burst KubeappsAPIs Kubernetes API client Burst limit - ## - burst: "100" - ## @param kubeappsapis.terminationGracePeriodSeconds The grace time period for sig term - ## ref: https://kubernetes.io/docs/concepts/containers/container-lifecycle-hooks/#hook-handler-execution - ## - terminationGracePeriodSeconds: 300 - ## @param kubeappsapis.extraEnvVars Array with extra environment variables to add to the KubeappsAPIs container - ## e.g: - ## extraEnvVars: - ## - name: FOO - ## value: "bar" - ## - extraEnvVars: [] - ## @param kubeappsapis.extraEnvVarsCM Name of existing ConfigMap containing extra env vars for the KubeappsAPIs container - ## - extraEnvVarsCM: "" - ## @param kubeappsapis.extraEnvVarsSecret Name of existing Secret containing extra env vars for the KubeappsAPIs container - ## - extraEnvVarsSecret: "" - ## @param kubeappsapis.containerPorts.http KubeappsAPIs HTTP container port - ## - containerPorts: - http: 50051 - ## KubeappsAPIs containers' resource requests and limits - ## ref: https://kubernetes.io/docs/concepts/configuration/manage-compute-resources-container/ - ## @param kubeappsapis.resourcesPreset Set container resources according to one common preset (allowed values: none, nano, micro, small, medium, large, xlarge, 2xlarge). This is ignored if kubeappsapis.resources is set (kubeappsapis.resources is recommended for production). - ## More information: https://github.com/bitnami/charts/blob/main/bitnami/common/templates/_resources.tpl#L15 - ## - resourcesPreset: "micro" - ## @param kubeappsapis.resources Set container requests and limits for different resources like CPU or memory (essential for production workloads) - ## Example: - ## resources: - ## requests: - ## cpu: 2 - ## memory: 512Mi - ## limits: - ## cpu: 3 - ## memory: 1024Mi - ## - resources: {} - ## Configure Pods Security Context - ## ref: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/#set-the-security-context-for-a-pod - ## @param kubeappsapis.podSecurityContext.enabled Enabled KubeappsAPIs pods' Security Context - ## @param kubeappsapis.podSecurityContext.fsGroupChangePolicy Set filesystem group change policy - ## @param kubeappsapis.podSecurityContext.sysctls Set kernel settings using the sysctl interface - ## @param kubeappsapis.podSecurityContext.supplementalGroups Set filesystem extra groups - ## @param kubeappsapis.podSecurityContext.fsGroup Set KubeappsAPIs pod's Security Context fsGroup - ## - podSecurityContext: - enabled: true - fsGroupChangePolicy: Always - sysctls: [] - supplementalGroups: [] - fsGroup: 1001 - ## Configure Container Security Context for Kubeapps APIs - ## ref: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/#set-the-security-context-for-a-container - ## @param kubeappsapis.containerSecurityContext.enabled Enabled containers' Security Context - ## @param kubeappsapis.containerSecurityContext.seLinuxOptions [object,nullable] Set SELinux options in container - ## @param kubeappsapis.containerSecurityContext.runAsUser Set containers' Security Context runAsUser - ## @param kubeappsapis.containerSecurityContext.runAsGroup Set containers' Security Context runAsGroup - ## @param kubeappsapis.containerSecurityContext.runAsNonRoot Set container's Security Context runAsNonRoot - ## @param kubeappsapis.containerSecurityContext.privileged Set container's Security Context privileged - ## @param kubeappsapis.containerSecurityContext.readOnlyRootFilesystem Set container's Security Context readOnlyRootFilesystem - ## @param kubeappsapis.containerSecurityContext.allowPrivilegeEscalation Set container's Security Context allowPrivilegeEscalation - ## @param kubeappsapis.containerSecurityContext.capabilities.drop List of capabilities to be dropped - ## @param kubeappsapis.containerSecurityContext.seccompProfile.type Set container's Security Context seccomp profile - ## - containerSecurityContext: - enabled: true - seLinuxOptions: {} - runAsUser: 1001 - runAsGroup: 1001 - runAsNonRoot: true - privileged: false - readOnlyRootFilesystem: true - allowPrivilegeEscalation: false - capabilities: - drop: ["ALL"] - seccompProfile: - type: "RuntimeDefault" - ## Configure extra options for KubeappsAPIs containers' liveness and readiness probes - ## ref: https://kubernetes.io/docs/tasks/configure-pod-container/configure-liveness-readiness-probes/#configure-probes - ## @param kubeappsapis.livenessProbe.enabled Enable livenessProbe - ## @param kubeappsapis.livenessProbe.initialDelaySeconds Initial delay seconds for livenessProbe - ## @param kubeappsapis.livenessProbe.periodSeconds Period seconds for livenessProbe - ## @param kubeappsapis.livenessProbe.timeoutSeconds Timeout seconds for livenessProbe - ## @param kubeappsapis.livenessProbe.failureThreshold Failure threshold for livenessProbe - ## @param kubeappsapis.livenessProbe.successThreshold Success threshold for livenessProbe - ## KubeappsAPIs containers' liveness and readiness probes - ## ref: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle/#container-probes - ## - livenessProbe: - enabled: true - initialDelaySeconds: 60 - periodSeconds: 10 - timeoutSeconds: 5 - failureThreshold: 6 - successThreshold: 1 - ## @param kubeappsapis.readinessProbe.enabled Enable readinessProbe - ## @param kubeappsapis.readinessProbe.initialDelaySeconds Initial delay seconds for readinessProbe - ## @param kubeappsapis.readinessProbe.periodSeconds Period seconds for readinessProbe - ## @param kubeappsapis.readinessProbe.timeoutSeconds Timeout seconds for readinessProbe - ## @param kubeappsapis.readinessProbe.failureThreshold Failure threshold for readinessProbe - ## @param kubeappsapis.readinessProbe.successThreshold Success threshold for readinessProbe - ## - readinessProbe: - enabled: true - initialDelaySeconds: 0 - periodSeconds: 10 - timeoutSeconds: 5 - failureThreshold: 6 - successThreshold: 1 - ## @param kubeappsapis.startupProbe.enabled Enable startupProbe - ## @param kubeappsapis.startupProbe.initialDelaySeconds Initial delay seconds for startupProbe - ## @param kubeappsapis.startupProbe.periodSeconds Period seconds for startupProbe - ## @param kubeappsapis.startupProbe.timeoutSeconds Timeout seconds for startupProbe - ## @param kubeappsapis.startupProbe.failureThreshold Failure threshold for startupProbe - ## @param kubeappsapis.startupProbe.successThreshold Success threshold for startupProbe - ## - startupProbe: - enabled: false - initialDelaySeconds: 0 - periodSeconds: 10 - timeoutSeconds: 5 - failureThreshold: 6 - successThreshold: 1 - ## @param kubeappsapis.customLivenessProbe Custom livenessProbe that overrides the default one - ## - customLivenessProbe: {} - ## @param kubeappsapis.customReadinessProbe Custom readinessProbe that overrides the default one - ## - customReadinessProbe: {} - ## @param kubeappsapis.customStartupProbe Custom startupProbe that overrides the default one - ## - customStartupProbe: {} - ## @param kubeappsapis.lifecycleHooks Custom lifecycle hooks for KubeappsAPIs containers - ## - lifecycleHooks: {} - ## @param kubeappsapis.command Override default container command (useful when using custom images) - ## - command: [] - ## @param kubeappsapis.args Override default container args (useful when using custom images) - ## - args: [] - ## @param kubeappsapis.extraVolumes Optionally specify extra list of additional volumes for the KubeappsAPIs pod(s) - ## - extraVolumes: [] - ## @param kubeappsapis.extraVolumeMounts Optionally specify extra list of additional volumeMounts for the KubeappsAPIs container(s) - ## - extraVolumeMounts: [] - ## @param kubeappsapis.podLabels Extra labels for KubeappsAPIs pods - ## ref: https://kubernetes.io/docs/concepts/overview/working-with-objects/labels/ - ## - podLabels: {} - ## @param kubeappsapis.podAnnotations Annotations for KubeappsAPIs pods - ## ref: https://kubernetes.io/docs/concepts/overview/working-with-objects/annotations/ - ## - podAnnotations: {} - ## @param kubeappsapis.podAffinityPreset Pod affinity preset. Ignored if `affinity` is set. Allowed values: `soft` or `hard` - ## ref: https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/#inter-pod-affinity-and-anti-affinity - ## - podAffinityPreset: "" - ## @param kubeappsapis.podAntiAffinityPreset Pod anti-affinity preset. Ignored if `affinity` is set. Allowed values: `soft` or `hard` - ## Ref: https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/#inter-pod-affinity-and-anti-affinity - ## - podAntiAffinityPreset: soft - ## nodeAffinityPreset Node affinity preset - ## Ref: https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/#node-affinity - ## - nodeAffinityPreset: - ## @param kubeappsapis.nodeAffinityPreset.type Node affinity preset type. Ignored if `affinity` is set. Allowed values: `soft` or `hard` - ## - type: "" - ## @param kubeappsapis.nodeAffinityPreset.key Node label key to match. Ignored if `affinity` is set - ## - key: "" - ## @param kubeappsapis.nodeAffinityPreset.values Node label values to match. Ignored if `affinity` is set - ## E.g. - ## values: - ## - e2e-az1 - ## - e2e-az2 - ## - values: [] - ## @param kubeappsapis.affinity Affinity for pod assignment - ## Ref: https://kubernetes.io/docs/concepts/configuration/assign-pod-node/#affinity-and-anti-affinity - ## NOTE: kubeappsapis.podAffinityPreset, kubeappsapis.podAntiAffinityPreset, and kubeappsapis.nodeAffinityPreset will be ignored when it's set - ## - affinity: {} - ## @param kubeappsapis.nodeSelector Node labels for pod assignment - ## ref: https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/ - ## - nodeSelector: {} - ## @param kubeappsapis.tolerations Tolerations for pod assignment - ## ref: https://kubernetes.io/docs/concepts/configuration/taint-and-toleration/ - ## - tolerations: [] - ## @param kubeappsapis.priorityClassName Priority class name for KubeappsAPIs pods - ## - priorityClassName: "" - ## @param kubeappsapis.schedulerName Name of the k8s scheduler (other than default) - ## ref: https://kubernetes.io/docs/tasks/administer-cluster/configure-multiple-schedulers/ - ## - schedulerName: "" - ## @param kubeappsapis.topologySpreadConstraints Topology Spread Constraints for pod assignment - ## https://kubernetes.io/docs/concepts/workloads/pods/pod-topology-spread-constraints/ - ## The value is evaluated as a template - ## - topologySpreadConstraints: [] - ## @param kubeappsapis.automountServiceAccountToken Mount Service Account token in pod - ## - automountServiceAccountToken: true - ## @param kubeappsapis.hostAliases Custom host aliases for KubeappsAPIs pods - ## https://kubernetes.io/docs/concepts/services-networking/add-entries-to-pod-etc-hosts-with-host-aliases/ - ## - hostAliases: [] - ## @param kubeappsapis.sidecars Add additional sidecar containers to the KubeappsAPIs pod(s) - ## e.g: - ## sidecars: - ## - name: your-image-name - ## image: your-image - ## imagePullPolicy: Always - ## ports: - ## - name: portname - ## containerPort: 1234 - ## - sidecars: [] - ## @param kubeappsapis.initContainers Add additional init containers to the KubeappsAPIs pod(s) - ## ref: https://kubernetes.io/docs/concepts/workloads/pods/init-containers/ - ## e.g: - ## initContainers: - ## - name: your-image-name - ## image: your-image - ## imagePullPolicy: Always - ## command: ['sh', '-c', 'echo "hello world"'] - ## - initContainers: [] - ## Pod Disruption Budget configuration - ## ref: https://kubernetes.io/docs/tasks/run-application/configure-pdb - ## @param kubeappsapis.pdb.create Enable/disable a Pod Disruption Budget creation - ## @param kubeappsapis.pdb.minAvailable Minimum number/percentage of pods that should remain scheduled - ## @param kubeappsapis.pdb.maxUnavailable Maximum number/percentage of pods that may be made unavailable. Defaults to `1` if both `kubeappsapis.pdb.minAvailable` and `kubeappsapis.pdb.maxUnavailable` are empty. - ## - pdb: - create: true - minAvailable: "" - maxUnavailable: "" - ## kubeappsapis service parameters - ## - service: - ## @param kubeappsapis.service.ports.http KubeappsAPIs service HTTP port - ## - ports: - http: 8080 - ## @param kubeappsapis.service.annotations Additional custom annotations for KubeappsAPIs service - ## - annotations: {} - ## Network Policies - ## Ref: https://kubernetes.io/docs/concepts/services-networking/network-policies/ - ## - networkPolicy: - ## @param kubeappsapis.networkPolicy.enabled Specifies whether a NetworkPolicy should be created - ## - enabled: true - ## @param kubeappsapis.networkPolicy.allowExternal Don't require server label for connections - ## The Policy model to apply. When set to false, only pods with the correct - ## server label will have network access to the ports server is listening - ## on. When true, server will accept connections from any source - ## (with the correct destination port). - ## - allowExternal: true - ## @param kubeappsapis.networkPolicy.allowExternalEgress Allow the pod to access any range of port and all destinations. - ## - allowExternalEgress: true - ## @param kubeappsapis.networkPolicy.kubeAPIServerPorts [array] List of possible endpoints to kube-apiserver (limit to your cluster settings to increase security) - ## - kubeAPIServerPorts: [443, 6443, 8443] - ## @param kubeappsapis.networkPolicy.extraIngress [array] Add extra ingress rules to the NetworkPolicy - ## e.g: - ## extraIngress: - ## - ports: - ## - port: 1234 - ## from: - ## - podSelector: - ## - matchLabels: - ## - role: frontend - ## - podSelector: - ## - matchExpressions: - ## - key: role - ## operator: In - ## values: - ## - frontend - extraIngress: [] - ## @param kubeappsapis.networkPolicy.extraEgress [array] Add extra ingress rules to the NetworkPolicy - ## e.g: - ## extraEgress: - ## - ports: - ## - port: 1234 - ## to: - ## - podSelector: - ## - matchLabels: - ## - role: frontend - ## - podSelector: - ## - matchExpressions: - ## - key: role - ## operator: In - ## values: - ## - frontend - ## - extraEgress: [] - ## @param kubeappsapis.networkPolicy.ingressNSMatchLabels [object] Labels to match to allow traffic from other namespaces - ## @param kubeappsapis.networkPolicy.ingressNSPodMatchLabels [object] Pod labels to match to allow traffic from other namespaces - ## - ingressNSMatchLabels: {} - ingressNSPodMatchLabels: {} - ## kubeappsapis Service Account - ## ref: https://kubernetes.io/docs/tasks/configure-pod-container/configure-service-account/ - ## @param kubeappsapis.serviceAccount.create Specifies whether a ServiceAccount should be created - ## @param kubeappsapis.serviceAccount.name Name of the service account to use. If not set and create is true, a name is generated using the fullname template. - ## @param kubeappsapis.serviceAccount.automountServiceAccountToken Automount service account token for the server service account - ## @param kubeappsapis.serviceAccount.annotations Annotations for service account. Evaluated as a template. Only used if `create` is `true`. - ## - serviceAccount: - create: true - name: "" - automountServiceAccountToken: false - annotations: {} -## @section OCI Catalog chart configuration -ociCatalog: - ## @param ociCatalog.enabled Enable the OCI catalog gRPC service for cataloging - ## OCI repositories - enabled: false - ## Bitnami Kubeapps OCI Catalog image - ## ref: https://hub.docker.com/r/bitnami/kubeapps-ocicatalog/ - ## @param ociCatalog.image.registry [default: REGISTRY_NAME] OCI Catalog image registry - ## @param ociCatalog.image.repository [default: REPOSITORY_NAME/kubeapps-oci-catalog] OCI Catalog image repository - ## @skip ociCatalog.image.tag OCI Catalog image tag (immutable tags are recommended) - ## @param ociCatalog.image.digest OCI Catalog image digest in the way sha256:aa.... Please note this parameter, if set, will override the tag - ## @param ociCatalog.image.pullPolicy OCI Catalog image pull policy - ## @param ociCatalog.image.pullSecrets OCI Catalog image pull secrets - ## @param ociCatalog.image.debug Enable image debug mode - ## - image: - registry: docker.io - repository: bitnami/kubeapps-oci-catalog - tag: 2.12.0-debian-12-r0 - digest: "" - ## Specify a imagePullPolicy - ## ref: https://kubernetes.io/docs/concepts/containers/images/#pre-pulled-images - ## - pullPolicy: IfNotPresent - ## Optionally specify an array of imagePullSecrets. - ## Secrets must be manually created in the namespace. - ## ref: https://kubernetes.io/docs/tasks/configure-pod-container/pull-image-private-registry/ - ## e.g: - ## pullSecrets: - ## - myRegistryKeySecretName - ## - pullSecrets: [] - ## Enable debug mode - ## - debug: false - ## @param ociCatalog.extraFlags Additional command line flags for OCI Catalog - ## - extraFlags: [] - ## @param ociCatalog.extraEnvVars Array with extra environment variables to add to the oci-catalog container - ## e.g: - ## extraEnvVars: - ## - name: FOO - ## value: "bar" - ## - extraEnvVars: [] - ## @param ociCatalog.extraEnvVarsCM Name of existing ConfigMap containing extra env vars for the OCI Catalog container - ## - extraEnvVarsCM: "" - ## @param ociCatalog.extraEnvVarsSecret Name of existing Secret containing extra env vars for the OCI Catalog container - ## - extraEnvVarsSecret: "" - ## @param ociCatalog.containerPorts.grpc OCI Catalog gRPC container port - ## - containerPorts: - grpc: 50061 - ## OCI Catalog containers' resource requests and limits - ## ref: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/ - ## @param ociCatalog.resourcesPreset Set container resources according to one common preset (allowed values: none, nano, micro, small, medium, large, xlarge, 2xlarge). This is ignored if ociCatalog.resources is set (ociCatalog.resources is recommended for production). - ## More information: https://github.com/bitnami/charts/blob/main/bitnami/common/templates/_resources.tpl#L15 - ## - resourcesPreset: "micro" - ## @param ociCatalog.resources Set container requests and limits for different resources like CPU or memory (essential for production workloads) - ## Example: - ## resources: - ## requests: - ## cpu: 2 - ## memory: 512Mi - ## limits: - ## cpu: 3 - ## memory: 1024Mi - ## - resources: {} - ## Configure Container Security Context (only main container) - ## ref: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/#set-the-security-context-for-a-container - ## @param ociCatalog.containerSecurityContext.enabled Enabled containers' Security Context - ## @param ociCatalog.containerSecurityContext.seLinuxOptions [object,nullable] Set SELinux options in container - ## @param ociCatalog.containerSecurityContext.runAsUser Set containers' Security Context runAsUser - ## @param ociCatalog.containerSecurityContext.runAsGroup Set containers' Security Context runAsGroup - ## @param ociCatalog.containerSecurityContext.runAsNonRoot Set container's Security Context runAsNonRoot - ## @param ociCatalog.containerSecurityContext.privileged Set container's Security Context privileged - ## @param ociCatalog.containerSecurityContext.readOnlyRootFilesystem Set container's Security Context readOnlyRootFilesystem - ## @param ociCatalog.containerSecurityContext.allowPrivilegeEscalation Set container's Security Context allowPrivilegeEscalation - ## @param ociCatalog.containerSecurityContext.capabilities.drop List of capabilities to be dropped - ## @param ociCatalog.containerSecurityContext.seccompProfile.type Set container's Security Context seccomp profile - ## - containerSecurityContext: - enabled: true - seLinuxOptions: {} - runAsUser: 1001 - runAsGroup: 1001 - runAsNonRoot: true - privileged: false - readOnlyRootFilesystem: true - allowPrivilegeEscalation: false - capabilities: - drop: ["ALL"] - seccompProfile: - type: "RuntimeDefault" - ## Configure extra options for OCI Catalog containers' liveness and readiness probes - ## ref: https://kubernetes.io/docs/tasks/configure-pod-container/configure-liveness-readiness-probes/#configure-probes - ## @param ociCatalog.livenessProbe.enabled Enable livenessProbe - ## @param ociCatalog.livenessProbe.initialDelaySeconds Initial delay seconds for livenessProbe - ## @param ociCatalog.livenessProbe.periodSeconds Period seconds for livenessProbe - ## @param ociCatalog.livenessProbe.timeoutSeconds Timeout seconds for livenessProbe - ## @param ociCatalog.livenessProbe.failureThreshold Failure threshold for livenessProbe - ## @param ociCatalog.livenessProbe.successThreshold Success threshold for livenessProbe - ## OCI Catalog containers' liveness and readiness probes - ## ref: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle/#container-probes - ## - livenessProbe: - enabled: true - initialDelaySeconds: 60 - periodSeconds: 10 - timeoutSeconds: 5 - failureThreshold: 6 - successThreshold: 1 - ## @param ociCatalog.readinessProbe.enabled Enable readinessProbe - ## @param ociCatalog.readinessProbe.initialDelaySeconds Initial delay seconds for readinessProbe - ## @param ociCatalog.readinessProbe.periodSeconds Period seconds for readinessProbe - ## @param ociCatalog.readinessProbe.timeoutSeconds Timeout seconds for readinessProbe - ## @param ociCatalog.readinessProbe.failureThreshold Failure threshold for readinessProbe - ## @param ociCatalog.readinessProbe.successThreshold Success threshold for readinessProbe - ## - readinessProbe: - enabled: true - initialDelaySeconds: 0 - periodSeconds: 10 - timeoutSeconds: 5 - failureThreshold: 6 - successThreshold: 1 - ## @param ociCatalog.startupProbe.enabled Enable startupProbe - ## @param ociCatalog.startupProbe.initialDelaySeconds Initial delay seconds for startupProbe - ## @param ociCatalog.startupProbe.periodSeconds Period seconds for startupProbe - ## @param ociCatalog.startupProbe.timeoutSeconds Timeout seconds for startupProbe - ## @param ociCatalog.startupProbe.failureThreshold Failure threshold for startupProbe - ## @param ociCatalog.startupProbe.successThreshold Success threshold for startupProbe - ## - startupProbe: - enabled: false - initialDelaySeconds: 0 - periodSeconds: 10 - timeoutSeconds: 5 - failureThreshold: 6 - successThreshold: 1 - ## @param ociCatalog.customLivenessProbe Custom livenessProbe that overrides the default one - ## - customLivenessProbe: {} - ## @param ociCatalog.customReadinessProbe Custom readinessProbe that overrides the default one - ## - customReadinessProbe: {} - ## @param ociCatalog.customStartupProbe Custom startupProbe that overrides the default one - ## - customStartupProbe: {} - ## @param ociCatalog.lifecycleHooks Custom lifecycle hooks for OCI Catalog containers - ## - lifecycleHooks: {} - ## @param ociCatalog.command Override default container command (useful when using custom images) - ## - command: [] - ## @param ociCatalog.args Override default container args (useful when using custom images) - ## - args: [] - ## @param ociCatalog.extraVolumes Optionally specify extra list of additional volumes for the OCI Catalog pod(s) - ## - extraVolumes: [] - ## @param ociCatalog.extraVolumeMounts Optionally specify extra list of additional volumeMounts for the OCI Catalog container(s) - ## - extraVolumeMounts: [] -## @section Redis® chart configuration -## ref: https://github.com/bitnami/charts/blob/main/bitnami/redis/values.yaml -## -## Redis(R) will be enabled and installed if `packages.flux.enabled` is true. -redis: - ## @param redis.auth.enabled Enable password authentication - ## @param redis.auth.password Redis® password - ## @param redis.auth.existingSecret The name of an existing secret with Redis® credentials - ## - auth: - enabled: true - password: "" - existingSecret: "" - ## @param redis.architecture Redis(R) architecture (`standalone` or `replication`) - ## - architecture: standalone - master: - ## @param redis.master.extraFlags Array with additional command line flags for Redis® master - ## - extraFlags: - ## The maxmemory configuration directive is used in order to configure Redis(R) to use a specified - ## amount of memory for the data set. Setting maxmemory to zero results into no memory limits - ## see https://redis.io/topics/lru-cache for more details - ## - - "--maxmemory 200mb" - ## The exact behavior Redis(R) follows when the maxmemory limit is reached is configured using the - ## maxmemory-policy configuration directive - ## allkeys-lru: evict keys by trying to remove the less recently used (LRU) keys first, in order - ## to make space for the new data added - ## - - "--maxmemory-policy allkeys-lru" - ## ref https://stackoverflow.com/questions/22815364/flushall-and-flushdb-commands-on-redis-return-unk-command - ## Redis official Helm chart by default disables FLUSHDB and FLUSHALL commands - ## - ## @param redis.master.disableCommands Array with commands to deactivate on Redis® - disableCommands: [] - ## Redis(R) Master persistence configuration - # - persistence: - ## @param redis.master.persistence.enabled Enable Redis® master data persistence using PVC - ## - enabled: false - ## Redis® master resource requests and limits - ## ref: https://kubernetes.io/docs/concepts/configuration/manage-compute-resources-container/ - ## @param redis.master.resourcesPreset Set container resources according to one common preset (allowed values: none, nano, small, medium, large, xlarge, 2xlarge). This is ignored if master.resources is set (master.resources is recommended for production). - ## More information: https://github.com/bitnami/charts/blob/main/bitnami/common/templates/_resources.tpl#L15 - ## - resourcesPreset: "nano" - ## @param redis.master.resources Set container requests and limits for different resources like CPU or memory (essential for production workloads) - ## Example: - ## resources: - ## requests: - ## cpu: 2 - ## memory: 512Mi - ## limits: - ## cpu: 3 - ## memory: 1024Mi - ## - resources: {} - replica: - ## @param redis.replica.replicaCount Number of Redis® replicas to deploy - ## - replicaCount: 1 - ## @param redis.replica.extraFlags Array with additional command line flags for Redis® replicas - ## - extraFlags: - ## The maxmemory configuration directive is used in order to configure Redis(R) to use a specified - ## amount of memory for the data set. Setting maxmemory to zero results into no memory limits - ## - - "--maxmemory 200mb" - ## The exact behavior Redis(R) follows when the maxmemory limit is reached is configured using the - ## maxmemory-policy configuration directive - ## allkeys-lru: evict keys by trying to remove the less recently used (LRU) keys first, in order - ## to make space for the new data added - ## - - "--maxmemory-policy allkeys-lru" - ## ref https://stackoverflow.com/questions/22815364/flushall-and-flushdb-commands-on-redis-return-unk-command - ## Redis(R) official Helm chart by default disables FLUSHDB and FLUSHALL commands - ## @param redis.replica.disableCommands Array with commands to deactivate on Redis® - ## - disableCommands: [] - ## Redis(R) Replica persistence configuration - ## - persistence: - ## @param redis.replica.persistence.enabled Enable Redis® replica data persistence using PVC - ## - enabled: false diff --git a/packages/system/dashboard/images/dashboard.tag b/packages/system/dashboard/images/dashboard.tag deleted file mode 100644 index 6e88145f..00000000 --- a/packages/system/dashboard/images/dashboard.tag +++ /dev/null @@ -1 +0,0 @@ -ghcr.io/aenix-io/cozystack/dashboard:latest diff --git a/packages/system/dashboard/images/dashboard/Dockerfile b/packages/system/dashboard/images/dashboard/Dockerfile deleted file mode 100644 index d4b0adbb..00000000 --- a/packages/system/dashboard/images/dashboard/Dockerfile +++ /dev/null @@ -1,30 +0,0 @@ -FROM bitnamilegacy/node:20.15.1 AS build -WORKDIR /app - -ARG COMMIT_REF=4926bc68fabb0914afab574006643c85a597b371 -RUN wget -O- https://github.com/cozystack/kubeapps/archive/${COMMIT_REF}.tar.gz | tar xzf - --strip-components=2 kubeapps-${COMMIT_REF}/dashboard - -RUN yarn install --frozen-lockfile - -RUN yarn run prettier-check && yarn run ts-compile-check -RUN yarn run build - -RUN sed -i \ - -e 's/#2d4048/#202124/g' \ - -e 's/#25333d/#1e2023/g' \ - -e 's/#fcfdfd/#f3f4f5/g' \ - -e 's/#f1f6f8/#e7e9eb/g' \ - -e 's/#e3eaed/#d3d6da/g' \ - -e 's/#cbd4d8/#b7bbc1/g' \ - -e 's/#aeb8bc/#989da3/g' \ - -e 's/#859399/#7b7f85/g' \ - -e 's/#6a7a81/#5b686e/g' \ - -e 's/#4f6169/#4f5256/g' \ - -e 's/#3a4d55/#3a3d41/g' \ - -e 's/#2d4048/#202124/g' \ - -e 's/#21333b/#383d44/g' \ - -e 's/#1b2b32/#2a2d2f/g' \ - $(grep -rl "#2d4048\|#25333d\|#fcfdfd\|#f1f6f8\|#e3eaed\|#cbd4d8\|#aeb8bc\|#859399\|#6a7a81\|#4f6169\|#3a4d55\|#2d4048\|#21333b\|#1b2b32") - -FROM bitnamilegacy/nginx:1.25.2 -COPY --from=build /app/build /app diff --git a/packages/system/dashboard/images/kubeapps-apis.tag b/packages/system/dashboard/images/kubeapps-apis.tag deleted file mode 100644 index b87bc749..00000000 --- a/packages/system/dashboard/images/kubeapps-apis.tag +++ /dev/null @@ -1 +0,0 @@ -ghcr.io/aenix-io/cozystack/kubeapps-apis:latest diff --git a/packages/system/dashboard/images/kubeapps-apis/Dockerfile b/packages/system/dashboard/images/kubeapps-apis/Dockerfile deleted file mode 100644 index c15a2cad..00000000 --- a/packages/system/dashboard/images/kubeapps-apis/Dockerfile +++ /dev/null @@ -1,114 +0,0 @@ -# Copyright 2021-2024 the Kubeapps contributors. -# SPDX-License-Identifier: Apache-2.0 - -# syntax = docker/dockerfile:1 - -FROM alpine AS source -ARG COMMIT_REF=4926bc68fabb0914afab574006643c85a597b371 -RUN apk add --no-cache patch -WORKDIR /source -RUN wget -O- https://github.com/cozystack/kubeapps/archive/${COMMIT_REF}.tar.gz | tar xzf - --strip-components=1 - -FROM bitnamilegacy/golang:1.23.4 AS builder -WORKDIR /go/src/github.com/vmware-tanzu/kubeapps -COPY --from=source /source/go.mod /source/go.sum ./ -ARG TARGETOS -ARG TARGETARCH -ARG VERSION="devel" - -# If true, run golangci-lint to detect issues -ARG lint - -# https://github.com/bufbuild/buf/releases/ -ARG BUF_VERSION="1.45.0" - -# https://github.com/golangci/golangci-lint/releases -ARG GOLANGCILINT_VERSION="1.61.0" - -# https://github.com/grpc-ecosystem/grpc-health-probe/releases/ -ARG GRPC_HEALTH_PROBE_VERSION="0.4.34" - -# Install lint tools -RUN if [ ! -z ${lint:-} ]; then \ - GOOS=$TARGETOS GOARCH=$TARGETARCH go install github.com/golangci/golangci-lint/cmd/golangci-lint@v$GOLANGCILINT_VERSION; \ - fi - -RUN if [ $TARGETARCH = 'amd64' ]; then BUF_ARCH='x86_64'; elif [ $TARGETARCH = 'arm64' ]; then BUF_ARCH='aarch64'; fi && \ - if [ $TARGETOS = 'linux' ]; then BUF_PLATFORM='Linux'; fi && \ - curl -sSL "https://github.com/bufbuild/buf/releases/download/v${BUF_VERSION}/buf-${BUF_PLATFORM}-${BUF_ARCH}" -o "/tmp/buf" && chmod +x "/tmp/buf" - -# TODO: Remove and instead use built-in gRPC container probes once we're supporting >= 1.24 only. https://kubernetes.io/blog/2022/05/13/grpc-probes-now-in-beta/ -RUN curl -sSL "https://github.com/grpc-ecosystem/grpc-health-probe/releases/download/v${GRPC_HEALTH_PROBE_VERSION}/grpc_health_probe-linux-${TARGETARCH}" -o "/bin/grpc_health_probe" && chmod +x "/bin/grpc_health_probe" - -# With the trick below, Go's build cache is kept between builds. -# https://github.com/golang/go/issues/27719#issuecomment-514747274 -RUN --mount=type=cache,target=/go/pkg/mod \ - --mount=type=cache,target=/root/.cache/go-build \ - GOOS=$TARGETOS GOARCH=$TARGETARCH GOPROXY="https://proxy.golang.org,direct" go mod download - -# We don't copy the pkg and cmd directories until here so the above layers can -# be reused. -COPY --from=source /source/pkg pkg -COPY --from=source /source/cmd cmd - -RUN if [ ! -z ${lint:-} ]; then \ - # Run golangci-lint to detect issues - golangci-lint run --timeout=10m ./cmd/kubeapps-apis/... && \ - golangci-lint run --timeout=10m ./pkg/...; \ - fi - -# Lint the proto files to detect errors at build time -RUN /tmp/buf lint ./cmd/kubeapps-apis - -# Build the main grpc server -RUN --mount=type=cache,target=/go/pkg/mod \ - --mount=type=cache,target=/root/.cache/go-build \ - GOOS=$TARGETOS GOARCH=$TARGETARCH GOPROXY="https://proxy.golang.org,direct" \ - go build \ - -ldflags "-X github.com/vmware-tanzu/kubeapps/cmd/kubeapps-apis/cmd.version=$VERSION" \ - ./cmd/kubeapps-apis - -## Build 'fluxv2' plugin, version 'v1alpha1' -RUN --mount=type=cache,target=/go/pkg/mod \ - --mount=type=cache,target=/root/.cache/go-build \ - GOOS=$TARGETOS GOARCH=$TARGETARCH GOPROXY="https://proxy.golang.org,direct" \ - go build \ - -ldflags "-X github.com/vmware-tanzu/kubeapps/cmd/kubeapps-apis/cmd.version=$VERSION" \ - -o /fluxv2-packages-v1alpha1-plugin.so -buildmode=plugin \ - ./cmd/kubeapps-apis/plugins/fluxv2/packages/v1alpha1/*.go - -## Build 'helm' plugin, version 'v1alpha1' -RUN --mount=type=cache,target=/go/pkg/mod \ - --mount=type=cache,target=/root/.cache/go-build \ - GOOS=$TARGETOS GOARCH=$TARGETARCH GOPROXY="https://proxy.golang.org,direct" \ - go build \ - -ldflags "-X github.com/vmware-tanzu/kubeapps/cmd/kubeapps-apis/cmd.version=$VERSION" \ - -o /helm-packages-v1alpha1-plugin.so -buildmode=plugin \ - ./cmd/kubeapps-apis/plugins/helm/packages/v1alpha1/*.go - -## Build 'resources' plugin, version 'v1alpha1' -RUN --mount=type=cache,target=/go/pkg/mod \ - --mount=type=cache,target=/root/.cache/go-build \ - GOOS=$TARGETOS GOARCH=$TARGETARCH GOPROXY="https://proxy.golang.org,direct" \ - go build \ - -ldflags "-X github.com/vmware-tanzu/kubeapps/cmd/kubeapps-apis/cmd.version=$VERSION" \ - -o /resources-v1alpha1-plugin.so -buildmode=plugin \ - ./cmd/kubeapps-apis/plugins/resources/v1alpha1/*.go - -# Note: unlike the other docker images for go, we cannot use scratch as the plugins -# are loaded using the dynamic linker. -FROM bitnami/minideb:bookworm -COPY --from=builder /etc/ssl/certs/ca-certificates.crt /etc/ssl/certs/ -COPY --from=builder /go/src/github.com/vmware-tanzu/kubeapps/kubeapps-apis /kubeapps-apis -COPY --from=builder /fluxv2-packages-v1alpha1-plugin.so /plugins/fluxv2-packages/ -COPY --from=builder /helm-packages-v1alpha1-plugin.so /plugins/helm-packages/ -COPY --from=builder /resources-v1alpha1-plugin.so /plugins/resources/ -COPY --from=builder /bin/grpc_health_probe /bin/ - -# Ensure the container user will be able to write to the k8s discovery client cache. -RUN mkdir -p /.kube/cache && chown 1001:1001 /.kube/cache - -EXPOSE 50051 -USER 1001 -ENTRYPOINT [ "/kubeapps-apis" ] -CMD [ "--help" ] diff --git a/packages/system/dashboard/images/openapi-ui-k8s-bff/Dockerfile b/packages/system/dashboard/images/openapi-ui-k8s-bff/Dockerfile new file mode 100644 index 00000000..737ccc95 --- /dev/null +++ b/packages/system/dashboard/images/openapi-ui-k8s-bff/Dockerfile @@ -0,0 +1,22 @@ +# imported from https://github.com/cozystack/openapi-ui-k8s-bff +ARG NODE_VERSION=20.18.1 +FROM node:${NODE_VERSION}-alpine AS builder +RUN apk add git +WORKDIR /src + +ARG COMMIT_REF=22f9143f5109fb90332651c857d70b51bffccd9b +RUN wget -O- https://github.com/PRO-Robotech/openapi-ui-k8s-bff/archive/${COMMIT_REF}.tar.gz | tar xzf - --strip-components=1 + +ENV PATH=/src/node_modules/.bin:$PATH +RUN npm install +RUN npm run build + +FROM node:${NODE_VERSION}-alpine +WORKDIR /app +COPY --from=builder /src/package*.json /app/ +COPY --from=builder /src/node_modules /app/node_modules +COPY --from=builder /src/src/swagger/swagger-output.json /app/dist/swagger/swagger-output.json +COPY --from=builder /src/dist /app/dist +EXPOSE 8080 +USER 1001 +CMD [ "node", "/app/dist/index.js"] diff --git a/packages/system/dashboard/images/openapi-ui/Dockerfile b/packages/system/dashboard/images/openapi-ui/Dockerfile new file mode 100644 index 00000000..584d3c29 --- /dev/null +++ b/packages/system/dashboard/images/openapi-ui/Dockerfile @@ -0,0 +1,55 @@ +ARG NODE_VERSION=20.18.1 + +# openapi-k8s-toolkit +# imported from https://github.com/cozystack/openapi-k8s-toolkit +FROM node:${NODE_VERSION}-alpine AS openapi-k8s-toolkit-builder +WORKDIR /src +ARG COMMIT=08021b4ee8f59df0c25652ca1fbcd2059176f31b +RUN wget -O- https://github.com/cozystack/openapi-k8s-toolkit/archive/${COMMIT}.tar.gz | tar -xzvf- --strip-components=1 +RUN npm install +RUN npm install --build-from-source @swc/core +RUN npm run build + + +# openapi-ui +# imported from https://github.com/cozystack/openapi-ui +FROM node:${NODE_VERSION}-alpine AS builder +RUN apk add git +WORKDIR /src + +ARG COMMIT_REF=65e7fa8b3dc530a36e94c8435622bb09961aef97 +RUN wget -O- https://github.com/PRO-Robotech/openapi-ui/archive/${COMMIT_REF}.tar.gz | tar xzf - --strip-components=1 + +COPY patches /patches +RUN git apply /patches/*.diff + +ENV PATH=/src/node_modules/.bin:$PATH + +RUN npm install + +# add patched openapi-k8s-toolkit +RUN rm -rf node_modules/@prorobotech/openapi-k8s-toolkit/dist +COPY --from=openapi-k8s-toolkit-builder /src/dist node_modules/@prorobotech/openapi-k8s-toolkit/dist + +RUN npm run build + +FROM node:${NODE_VERSION}-alpine AS builder2 +WORKDIR /src +ENV PATH=/src/node_modules/.bin:$PATH + +COPY --from=builder /src/server/package.json ./ +COPY --from=builder /src/server/package-lock.json ./ +RUN npm install +COPY --from=builder /src/server server +COPY --from=builder /src/tsconfig.server.json ./ +COPY --from=builder /src/build /src/build +RUN npm run server:build + +FROM node:${NODE_VERSION}-alpine +WORKDIR /app +COPY --from=builder2 /src/node_modules /app/node_modules +COPY --from=builder2 /src/build /app/build +EXPOSE 8080 +RUN sed -i -e 's|OpenAPI UI|Cozystack|g' build/index.html +USER 1001 +CMD ["node", "/app/build/index.js"] diff --git a/packages/system/dashboard/images/openapi-ui/patches/namespaces.diff b/packages/system/dashboard/images/openapi-ui/patches/namespaces.diff new file mode 100644 index 00000000..66bce93a --- /dev/null +++ b/packages/system/dashboard/images/openapi-ui/patches/namespaces.diff @@ -0,0 +1,89 @@ +diff --git a/src/components/organisms/ListInsideClusterAndNs/ListInsideClusterAndNs.tsx b/src/components/organisms/ListInsideClusterAndNs/ListInsideClusterAndNs.tsx +index 577ba0f..018df9c 100644 +--- a/src/components/organisms/ListInsideClusterAndNs/ListInsideClusterAndNs.tsx ++++ b/src/components/organisms/ListInsideClusterAndNs/ListInsideClusterAndNs.tsx +@@ -1,11 +1,16 @@ + import React, { FC, useState } from 'react' + import { Button, Alert, Spin, Typography } from 'antd' +-import { filterSelectOptions, Spacer, useBuiltinResources } from '@prorobotech/openapi-k8s-toolkit' ++import { filterSelectOptions, Spacer, useApiResources } from '@prorobotech/openapi-k8s-toolkit' + import { useNavigate } from 'react-router-dom' + import { useSelector, useDispatch } from 'react-redux' + import { RootState } from 'store/store' + import { setCluster } from 'store/cluster/cluster/cluster' + import { Styled } from './styled' ++import { ++ BASE_PROJECTS_API_GROUP, ++ BASE_PROJECTS_VERSION, ++ BASE_PROJECTS_RESOURCE_NAME, ++} from 'constants/customizationApiGroupAndVersion' + + export const ListInsideClusterAndNs: FC = () => { + const clusterList = useSelector((state: RootState) => state.clusterList.clusterList) +@@ -17,9 +22,11 @@ export const ListInsideClusterAndNs: FC = () => { + const [selectedCluster, setSelectedCluster] = useState() + const [selectedNamespace, setSelectedNamespace] = useState() + +- const namespacesData = useBuiltinResources({ ++ const namespacesData = useApiResources({ + clusterName: cluster, +- typeName: 'namespaces', ++ apiGroup: BASE_PROJECTS_API_GROUP, ++ apiVersion: BASE_PROJECTS_VERSION, ++ typeName: BASE_PROJECTS_RESOURCE_NAME, + limit: null, + }) + +diff --git a/src/hooks/useNavSelectorInside.ts b/src/hooks/useNavSelectorInside.ts +index d69405e..5adbd5d 100644 +--- a/src/hooks/useNavSelectorInside.ts ++++ b/src/hooks/useNavSelectorInside.ts +@@ -1,6 +1,11 @@ +-import { TClusterList, TSingleResource, useBuiltinResources } from '@prorobotech/openapi-k8s-toolkit' ++import { TClusterList, TSingleResource, useApiResources } from '@prorobotech/openapi-k8s-toolkit' + import { useSelector } from 'react-redux' + import { RootState } from 'store/store' ++import { ++ BASE_PROJECTS_API_GROUP, ++ BASE_PROJECTS_VERSION, ++ BASE_PROJECTS_RESOURCE_NAME, ++} from 'constants/customizationApiGroupAndVersion' + + const mappedClusterToOptionInSidebar = ({ name }: TClusterList[number]): { value: string; label: string } => ({ + value: name, +@@ -15,9 +20,11 @@ const mappedNamespaceToOptionInSidebar = ({ metadata }: TSingleResource): { valu + export const useNavSelectorInside = (clusterName?: string) => { + const clusterList = useSelector((state: RootState) => state.clusterList.clusterList) + +- const { data: namespaces } = useBuiltinResources({ ++ const { data: namespaces } = useApiResources({ + clusterName: clusterName || '', +- typeName: 'namespaces', ++ apiGroup: BASE_PROJECTS_API_GROUP, ++ apiVersion: BASE_PROJECTS_VERSION, ++ typeName: BASE_PROJECTS_RESOURCE_NAME, + limit: null, + }) + +diff --git a/src/utils/getBacklink.ts b/src/utils/getBacklink.ts +index a862354..f24e2bc 100644 +--- a/src/utils/getBacklink.ts ++++ b/src/utils/getBacklink.ts +@@ -28,7 +28,7 @@ export const getFormsBackLink = ({ + } + + if (namespacesMode) { +- return `${baseprefix}/${clusterName}/builtin-table/namespaces` ++ return `${baseprefix}/${clusterName}/api-table/core.cozystack.io/v1alpha1/tenantnamespaces` + } + + if (possibleProject) { +@@ -64,7 +64,7 @@ export const getTablesBackLink = ({ + } + + if (namespacesMode) { +- return `${baseprefix}/${clusterName}/builtin-table/namespaces` ++ return `${baseprefix}/${clusterName}/api-table/core.cozystack.io/v1alpha1/tenantnamespaces` + } + + if (possibleProject) { diff --git a/packages/system/dashboard/images/token-proxy/Dockerfile b/packages/system/dashboard/images/token-proxy/Dockerfile new file mode 100644 index 00000000..5f6c5e2e --- /dev/null +++ b/packages/system/dashboard/images/token-proxy/Dockerfile @@ -0,0 +1,15 @@ +FROM golang:1.24-alpine as builder + +ARG TARGETOS +ARG TARGETARCH + +COPY main.go go.mod go.sum /src/ +WORKDIR /src + +RUN go build -o /token-proxy -ldflags '-extldflags "-static" -w -s' main.go + +FROM scratch + +COPY --from=builder /token-proxy /token-proxy + +ENTRYPOINT ["/token-proxy"] diff --git a/packages/system/dashboard/images/token-proxy/go.mod b/packages/system/dashboard/images/token-proxy/go.mod new file mode 100644 index 00000000..4ac8c21c --- /dev/null +++ b/packages/system/dashboard/images/token-proxy/go.mod @@ -0,0 +1,8 @@ +module token-proxy + +go 1.24.0 + +require ( + github.com/golang-jwt/jwt/v5 v5.3.0 + github.com/gorilla/securecookie v1.1.2 +) diff --git a/packages/system/dashboard/images/token-proxy/go.sum b/packages/system/dashboard/images/token-proxy/go.sum new file mode 100644 index 00000000..68e4e8cc --- /dev/null +++ b/packages/system/dashboard/images/token-proxy/go.sum @@ -0,0 +1,6 @@ +github.com/golang-jwt/jwt/v5 v5.3.0 h1:pv4AsKCKKZuqlgs5sUmn4x8UlGa0kEVt/puTpKx9vvo= +github.com/golang-jwt/jwt/v5 v5.3.0/go.mod h1:fxCRLWMO43lRc8nhHWY6LGqRcf+1gQWArsqaEUEa5bE= +github.com/google/gofuzz v1.2.0 h1:xRy4A+RhZaiKjJ1bPfwQ8sedCA+YS2YcCHW6ec7JMi0= +github.com/google/gofuzz v1.2.0/go.mod h1:dBl0BpW6vV/+mYPU4Po3pmUjxk6FQPldtuIdl/M65Eg= +github.com/gorilla/securecookie v1.1.2 h1:YCIWL56dvtr73r6715mJs5ZvhtnY73hBvEF8kXD8ePA= +github.com/gorilla/securecookie v1.1.2/go.mod h1:NfCASbcHqRSY+3a8tlWJwsQap2VX5pwzwo4h3eOamfo= diff --git a/packages/system/dashboard/images/token-proxy/main.go b/packages/system/dashboard/images/token-proxy/main.go new file mode 100644 index 00000000..a4a177d1 --- /dev/null +++ b/packages/system/dashboard/images/token-proxy/main.go @@ -0,0 +1,351 @@ +package main + +import ( + "encoding/base64" + "encoding/json" + "flag" + "fmt" + "html/template" + "log" + "net/http" + "net/http/httputil" + "net/url" + "os" + "path" + "strings" + "time" + + "github.com/golang-jwt/jwt/v5" + "github.com/gorilla/securecookie" +) + +/* ----------------------------- flags ------------------------------------ */ + +var ( + upstream, httpAddr, proxyPrefix string + cookieName, cookieSecretB64 string + cookieSecure bool + cookieRefresh time.Duration + tokenCheckURL string +) + +func init() { + flag.StringVar(&upstream, "upstream", "", "Upstream URL to proxy to (required)") + flag.StringVar(&httpAddr, "http-address", "0.0.0.0:8000", "Listen address") + flag.StringVar(&proxyPrefix, "proxy-prefix", "/oauth2", "URL prefix for control endpoints") + + flag.StringVar(&cookieName, "cookie-name", "_oauth2_proxy_0", "Cookie name") + flag.StringVar(&cookieSecretB64, "cookie-secret", "", "Base64-encoded cookie secret") + flag.BoolVar(&cookieSecure, "cookie-secure", false, "Set Secure flag on cookie") + flag.DurationVar(&cookieRefresh, "cookie-refresh", 0, "Cookie refresh interval (e.g. 1h)") + flag.StringVar(&tokenCheckURL, "token-check-url", "", "URL for external token validation") +} + +/* ----------------------------- templates -------------------------------- */ + +var loginTmpl = template.Must(template.New("login").Parse(` + + + + + Login + + + +
+

Kubernetes API Token

+ {{if .Err}}

{{.Err}}

{{end}} +
+ + +
+
+ +`)) + +/* ----------------------------- helpers ---------------------------------- */ + +func decodeJWT(raw string) jwt.MapClaims { + if raw == "" { + return jwt.MapClaims{} + } + tkn, _, err := new(jwt.Parser).ParseUnverified(raw, jwt.MapClaims{}) + if err != nil || tkn == nil { + return jwt.MapClaims{} + } + if c, ok := tkn.Claims.(jwt.MapClaims); ok { + return c + } + return jwt.MapClaims{} +} + +func externalTokenCheck(raw string) error { + if tokenCheckURL == "" { + return nil + } + req, _ := http.NewRequest(http.MethodGet, tokenCheckURL, nil) + req.Header.Set("Authorization", "Bearer "+raw) + cli := &http.Client{Timeout: 5 * time.Second} + resp, err := cli.Do(req) + if err != nil { + return err + } + resp.Body.Close() + if resp.StatusCode != http.StatusOK { + return fmt.Errorf("status %d", resp.StatusCode) + } + return nil +} + +func encodeSession(sc *securecookie.SecureCookie, token string, exp, issued int64) (string, error) { + v := map[string]interface{}{ + "access_token": token, + "expires": exp, + "issued": issued, + } + if sc != nil { + return sc.Encode(cookieName, v) + } + return token, nil +} + +/* ----------------------------- main ------------------------------------- */ + +func main() { + flag.Parse() + if upstream == "" { + log.Fatal("--upstream is required") + } + upURL, err := url.Parse(upstream) + if err != nil { + log.Fatalf("invalid upstream url: %v", err) + } + + if cookieSecretB64 == "" { + cookieSecretB64 = os.Getenv("COOKIE_SECRET") + } + var sc *securecookie.SecureCookie + if cookieSecretB64 != "" { + secret, err := base64.StdEncoding.DecodeString(cookieSecretB64) + if err != nil { + log.Fatalf("cookie-secret: %v", err) + } + sc = securecookie.New(secret, nil) + } else { + log.Println("warning: no cookie-secret provided, cookies will be stored unsigned") + } + + // control paths + signIn := path.Join(proxyPrefix, "sign_in") + signOut := path.Join(proxyPrefix, "sign_out") + userInfo := path.Join(proxyPrefix, "userinfo") + + proxy := httputil.NewSingleHostReverseProxy(upURL) + + /* ------------------------- /sign_in ---------------------------------- */ + + http.HandleFunc(signIn, func(w http.ResponseWriter, r *http.Request) { + switch r.Method { + case http.MethodGet: + _ = loginTmpl.Execute(w, struct { + Action string + Err string + }{Action: signIn}) + case http.MethodPost: + token := strings.TrimSpace(r.FormValue("token")) + if token == "" { + _ = loginTmpl.Execute(w, struct { + Action string + Err string + }{Action: signIn, Err: "Token required"}) + return + } + if err := externalTokenCheck(token); err != nil { + _ = loginTmpl.Execute(w, struct { + Action string + Err string + }{Action: signIn, Err: "Invalid token"}) + return + } + + exp := time.Now().Add(24 * time.Hour).Unix() + claims := decodeJWT(token) + if v, ok := claims["exp"].(float64); ok { + exp = int64(v) + } + session, _ := encodeSession(sc, token, exp, time.Now().Unix()) + http.SetCookie(w, &http.Cookie{ + Name: cookieName, + Value: session, + Path: "/", + Expires: time.Unix(exp, 0), + Secure: cookieSecure, + HttpOnly: true, + SameSite: http.SameSiteLaxMode, + }) + http.Redirect(w, r, "/", http.StatusSeeOther) + } + }) + + /* ------------------------- /sign_out --------------------------------- */ + + http.HandleFunc(signOut, func(w http.ResponseWriter, r *http.Request) { + http.SetCookie(w, &http.Cookie{ + Name: cookieName, + Value: "", + Path: "/", + MaxAge: -1, + Secure: cookieSecure, + HttpOnly: true, + }) + http.Redirect(w, r, signIn, http.StatusSeeOther) + }) + + /* ------------------------- /userinfo --------------------------------- */ + + http.HandleFunc(userInfo, func(w http.ResponseWriter, r *http.Request) { + c, err := r.Cookie(cookieName) + if err != nil { + http.Error(w, "unauthorized", http.StatusUnauthorized) + return + } + var token string + var sess map[string]interface{} + if sc != nil { + if err := sc.Decode(cookieName, c.Value, &sess); err != nil { + http.Error(w, "unauthorized", http.StatusUnauthorized) + return + } + token, _ = sess["access_token"].(string) + } else { + token = c.Value + sess = map[string]interface{}{ + "expires": time.Now().Add(24 * time.Hour).Unix(), + "issued": time.Now().Unix(), + } + } + claims := decodeJWT(token) + + out := map[string]interface{}{ + "token": token, + "sub": claims["sub"], + "email": claims["email"], + "preferred_username": claims["preferred_username"], + "groups": claims["groups"], + "expires": sess["expires"], + "issued": sess["issued"], + "cookie_refresh_enable": cookieRefresh > 0, + } + w.Header().Set("Content-Type", "application/json") + _ = json.NewEncoder(w).Encode(out) + }) + + /* ----------------------------- proxy --------------------------------- */ + + http.HandleFunc("/", func(w http.ResponseWriter, r *http.Request) { + c, err := r.Cookie(cookieName) + if err != nil { + http.Redirect(w, r, signIn, http.StatusFound) + return + } + var token string + var sess map[string]interface{} + if sc != nil { + if err := sc.Decode(cookieName, c.Value, &sess); err != nil { + http.Redirect(w, r, signIn, http.StatusFound) + return + } + token, _ = sess["access_token"].(string) + } else { + token = c.Value + sess = map[string]interface{}{ + "expires": time.Now().Add(24 * time.Hour).Unix(), + "issued": time.Now().Unix(), + } + } + if token == "" { + http.Redirect(w, r, signIn, http.StatusFound) + return + } + + // cookie refresh + if cookieRefresh > 0 { + if issued, ok := sess["issued"].(float64); ok { + if time.Since(time.Unix(int64(issued), 0)) > cookieRefresh { + enc, _ := encodeSession(sc, token, int64(sess["expires"].(float64)), time.Now().Unix()) + http.SetCookie(w, &http.Cookie{ + Name: cookieName, + Value: enc, + Path: "/", + Expires: time.Unix(int64(sess["expires"].(float64)), 0), + Secure: cookieSecure, + HttpOnly: true, + SameSite: http.SameSiteLaxMode, + }) + } + } + } + + r.Header.Set("Authorization", "Bearer "+token) + proxy.ServeHTTP(w, r) + }) + + log.Printf("Listening on %s β†’ %s (control prefix %s)", httpAddr, upURL, proxyPrefix) + if err := http.ListenAndServe(httpAddr, nil); err != nil { + log.Fatal(err) + } +} diff --git a/packages/system/dashboard/patches/logos.patch b/packages/system/dashboard/patches/logos.patch deleted file mode 100644 index 477c3770..00000000 --- a/packages/system/dashboard/patches/logos.patch +++ /dev/null @@ -1,15 +0,0 @@ -diff --git a/packages/system/dashboard/charts/kubeapps/templates/frontend/configmap.yaml b/packages/system/dashboard/charts/kubeapps/templates/frontend/configmap.yaml -index d43f521..31ff7d5 100644 ---- a/packages/system/dashboard/charts/kubeapps/templates/frontend/configmap.yaml -+++ b/packages/system/dashboard/charts/kubeapps/templates/frontend/configmap.yaml -@@ -136,4 +136,10 @@ data: - proxy_pass {{ printf "http://%s:%d" (include "kubeapps.dashboard.fullname" .) (int .Values.dashboard.service.ports.http) }}; - } - {{- end }} -+ -+ location /logos { -+ # Add the Authorization header if exists -+ proxy_set_header Cookie ""; -+ proxy_pass http://cozystack.cozy-system.svc:80; -+ } - } diff --git a/packages/system/dashboard/templates/allow-from-kubeapps.yaml b/packages/system/dashboard/templates/allow-from-kubeapps.yaml deleted file mode 100644 index c8850d88..00000000 --- a/packages/system/dashboard/templates/allow-from-kubeapps.yaml +++ /dev/null @@ -1,14 +0,0 @@ -apiVersion: networking.k8s.io/v1 -kind: NetworkPolicy -metadata: - name: allow-from-dashboard - namespace: cozy-fluxcd -spec: - ingress: - - from: - - namespaceSelector: - matchLabels: - kubernetes.io/metadata.name: cozy-dashboard - podSelector: {} - policyTypes: - - Ingress diff --git a/packages/system/dashboard/templates/clusterrolebinding-cluster-view.yaml b/packages/system/dashboard/templates/clusterrolebinding-cluster-view.yaml new file mode 100644 index 00000000..43d20f57 --- /dev/null +++ b/packages/system/dashboard/templates/clusterrolebinding-cluster-view.yaml @@ -0,0 +1,12 @@ +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRoleBinding +metadata: + name: incloud-web-cluster-view +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: ClusterRole + name: view +subjects: + - kind: ServiceAccount + name: incloud-web-web + namespace: incloud-web diff --git a/packages/system/dashboard/templates/clusterrolebinding-web-user-edit.yaml b/packages/system/dashboard/templates/clusterrolebinding-web-user-edit.yaml new file mode 100644 index 00000000..4d951787 --- /dev/null +++ b/packages/system/dashboard/templates/clusterrolebinding-web-user-edit.yaml @@ -0,0 +1,13 @@ +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRoleBinding +metadata: + annotations: {} + name: incloud-web-web-user-edit +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: ClusterRole + name: edit +subjects: + - apiGroup: rbac.authorization.k8s.io + kind: Group + name: cozystack-cluster-admin diff --git a/packages/system/dashboard/templates/gatekeeper-sa.yaml b/packages/system/dashboard/templates/gatekeeper-sa.yaml new file mode 100644 index 00000000..8f5cabcd --- /dev/null +++ b/packages/system/dashboard/templates/gatekeeper-sa.yaml @@ -0,0 +1,4 @@ +apiVersion: v1 +kind: ServiceAccount +metadata: + name: incloud-web-gatekeeper diff --git a/packages/system/dashboard/templates/gatekeeper-svc.yaml b/packages/system/dashboard/templates/gatekeeper-svc.yaml new file mode 100644 index 00000000..513ebb70 --- /dev/null +++ b/packages/system/dashboard/templates/gatekeeper-svc.yaml @@ -0,0 +1,14 @@ +apiVersion: v1 +kind: Service +metadata: + name: incloud-web-gatekeeper +spec: + ports: + - name: ingress + port: 8000 + protocol: TCP + targetPort: 8000 + selector: + app.kubernetes.io/instance: incloud-web + app.kubernetes.io/name: gatekeeper + type: ClusterIP diff --git a/packages/system/dashboard/templates/gatekeeper.yaml b/packages/system/dashboard/templates/gatekeeper.yaml new file mode 100644 index 00000000..0bf20b02 --- /dev/null +++ b/packages/system/dashboard/templates/gatekeeper.yaml @@ -0,0 +1,142 @@ +{{- $cozyConfig := lookup "v1" "ConfigMap" "cozy-system" "cozystack" }} +{{- $host := index $cozyConfig.data "root-host" }} +{{- $oidcEnabled := index $cozyConfig.data "oidc-enabled" }} + +apiVersion: apps/v1 +kind: Deployment +metadata: + name: incloud-web-gatekeeper +spec: + replicas: 1 + selector: + matchLabels: + app.kubernetes.io/instance: incloud-web + app.kubernetes.io/name: gatekeeper + strategy: + type: RollingUpdate + rollingUpdate: + maxSurge: 25% + maxUnavailable: 25% + template: + metadata: + labels: + app.kubernetes.io/instance: incloud-web + app.kubernetes.io/name: gatekeeper + spec: + serviceAccountName: incloud-web-gatekeeper + affinity: + podAntiAffinity: + preferredDuringSchedulingIgnoredDuringExecution: + - weight: 100 + podAffinityTerm: + labelSelector: + matchExpressions: + - key: app.kubernetes.io/name + operator: In + values: + - appSpec + - key: app.kubernetes.io/instance + operator: In + values: + - incloud-web + topologyKey: kubernetes.io/hostname + dnsPolicy: ClusterFirst + enableServiceLinks: false + restartPolicy: Always + priorityClassName: system-cluster-critical + containers: + {{- if eq $oidcEnabled "true" }} + - name: auth-proxy + image: quay.io/oauth2-proxy/oauth2-proxy:v7.12.0 + imagePullPolicy: IfNotPresent + args: + - --provider=oidc + - --upstream=http://incloud-web-nginx.{{ .Release.Namespace }}.svc:8080 + - --http-address=0.0.0.0:8000 + - --redirect-url=https://dashboard.{{ $host }}/oauth2/callback + - --oidc-issuer-url=https://keycloak.{{ $host }}/realms/cozy + - --email-domain=* + - --pass-access-token=true + - --pass-authorization-header=true + - --cookie-refresh=3m + - --cookie-name=kc-access + - --cookie-secure=true + - --cookie-secret=$(OAUTH2_PROXY_COOKIE_SECRET) + - --skip-provider-button + env: + - name: OAUTH2_PROXY_CLIENT_ID + value: dashboard + - name: OAUTH2_PROXY_CLIENT_SECRET + valueFrom: + secretKeyRef: + name: dashboard-client + key: client-secret-key + - name: OAUTH2_PROXY_COOKIE_SECRET + valueFrom: + secretKeyRef: + name: dashboard-auth-config + key: cookieSecret + {{- else }} + - name: token-proxy + image: {{ .Values.tokenProxy.image }} + imagePullPolicy: IfNotPresent + args: + - --upstream=http://incloud-web-nginx.{{ .Release.Namespace }}.svc:8080 + - --http-address=0.0.0.0:8000 + - --cookie-refresh=1h + - --cookie-name=kc-access + - --cookie-secure=true + - --cookie-secret=$(TOKEN_PROXY_COOKIE_SECRET) + - --token-check-url=http://incloud-web-nginx.{{ .Release.Namespace }}.svc:8080/api/clusters/default/k8s/apis/core.cozystack.io/v1alpha1/tenantnamespaces + env: + - name: TOKEN_PROXY_COOKIE_SECRET + valueFrom: + secretKeyRef: + name: dashboard-auth-config + key: cookieSecret + {{- end }} + ports: + - name: proxy + containerPort: 8000 + protocol: TCP + livenessProbe: + httpGet: + path: /ping + port: proxy + scheme: HTTP + initialDelaySeconds: 10 + periodSeconds: 15 + timeoutSeconds: 2 + successThreshold: 1 + failureThreshold: 3 + readinessProbe: + httpGet: + path: /ping + port: proxy + scheme: HTTP + initialDelaySeconds: 5 + periodSeconds: 10 + timeoutSeconds: 2 + successThreshold: 1 + failureThreshold: 3 + resources: + requests: + cpu: 100m + memory: 128Mi + ephemeral-storage: 50Mi + limits: + cpu: 200m + memory: 256Mi + securityContext: + runAsNonRoot: true + runAsUser: 1001 + runAsGroup: 1001 + allowPrivilegeEscalation: false + readOnlyRootFilesystem: true + capabilities: + drop: + - ALL + seccompProfile: + type: RuntimeDefault + terminationMessagePath: /dev/termination-log + terminationMessagePolicy: File diff --git a/packages/system/dashboard/templates/dashboard-ingress.yaml b/packages/system/dashboard/templates/ingress.yaml similarity index 70% rename from packages/system/dashboard/templates/dashboard-ingress.yaml rename to packages/system/dashboard/templates/ingress.yaml index 1fd7f85d..5a634e2c 100644 --- a/packages/system/dashboard/templates/dashboard-ingress.yaml +++ b/packages/system/dashboard/templates/ingress.yaml @@ -14,27 +14,27 @@ metadata: {{- else }} acme.cert-manager.io/http01-ingress-class: {{ $exposeIngress }} {{- end }} + nginx.ingress.kubernetes.io/rewrite-target: / + nginx.ingress.kubernetes.io/client-max-body-size: 100m nginx.ingress.kubernetes.io/proxy-body-size: 100m nginx.ingress.kubernetes.io/proxy-buffer-size: 100m nginx.ingress.kubernetes.io/proxy-buffers-number: "4" - nginx.ingress.kubernetes.io/client-max-body-size: 100m - name: dashboard - namespace: cozy-dashboard + name: dashboard-web-ingress spec: ingressClassName: {{ $exposeIngress }} rules: - - host: dashboard.{{ $host }} - http: - paths: - - backend: - service: - name: dashboard - port: - number: 80 - path: / - pathType: Prefix + - host: dashboard.{{ $host }} + http: + paths: + - backend: + service: + name: incloud-web-gatekeeper + port: + number: 8000 + path: / + pathType: Prefix tls: - - hosts: - - dashboard.{{ $host }} - secretName: dashboard-tls + - hosts: + - dashboard.{{ $host }} + secretName: dashboard-web-tls {{- end }} diff --git a/packages/system/dashboard/templates/keycloakclient.yaml b/packages/system/dashboard/templates/keycloakclient.yaml new file mode 100644 index 00000000..2779b2d8 --- /dev/null +++ b/packages/system/dashboard/templates/keycloakclient.yaml @@ -0,0 +1,73 @@ +{{- $cozyConfig := lookup "v1" "ConfigMap" "cozy-system" "cozystack" }} +{{- $host := index $cozyConfig.data "root-host" }} +{{- $extraRedirectUris := splitList "," ((index $cozyConfig.data "extra-keycloak-redirect-uri-for-dashboard") | default "") }} + +{{- $existingK8sSecret := lookup "v1" "Secret" .Release.Namespace "k8s-client" }} +{{- $existingDashboardSecret := lookup "v1" "Secret" .Release.Namespace "dashboard-client" }} + +{{ $dashboardClient := "" }} +{{- if $existingDashboardSecret }} + {{- $dashboardClient = index $existingDashboardSecret.data "client-secret-key" | b64dec }} +{{- else }} + {{- $dashboardClient = randAlphaNum 32 }} +{{- end }} + +{{- $existingAuthConfig := lookup "v1" "Secret" .Release.Namespace "dashboard-auth-config" }} +{{ $cookieSecret := "" }} +{{- if $existingAuthConfig }} + {{- $cookieSecret = index $existingAuthConfig.data "cookieSecret" | b64dec }} +{{- else }} + {{- $cookieSecret = randAlphaNum 16 }} +{{- end }} + + +--- + +apiVersion: v1 +kind: Secret +metadata: + name: dashboard-client +type: Opaque +data: + client-secret-key: {{ $dashboardClient | b64enc }} + +--- + +apiVersion: v1 +kind: Secret +metadata: + name: dashboard-auth-config +type: Opaque +data: + cookieSecret: {{ $cookieSecret | b64enc }} + + + +--- + +apiVersion: v1.edp.epam.com/v1 +kind: KeycloakClient +metadata: + name: dashboard-client +spec: + serviceAccount: + enabled: true + realmRef: + name: keycloakrealm-cozy + kind: ClusterKeycloakRealm + secret: $dashboard-client:client-secret-key + advancedProtocolMappers: true + authorizationServicesEnabled: true + name: dashboard + clientId: dashboard + directAccess: true + public: false + webUrl: "https://dashboard.{{ $host }}" + defaultClientScopes: + - groups + - kubernetes-client + redirectUris: + - "https://dashboard.{{ $host }}/oauth2/callback/*" + {{- range $i, $v := $extraRedirectUris }} + - "{{ $v }}" + {{- end }} diff --git a/packages/system/dashboard/templates/nginx-config.yaml b/packages/system/dashboard/templates/nginx-config.yaml new file mode 100644 index 00000000..2f8ad543 --- /dev/null +++ b/packages/system/dashboard/templates/nginx-config.yaml @@ -0,0 +1,77 @@ +{{- $cozyConfig := lookup "v1" "ConfigMap" "cozy-system" "cozystack" }} +{{- $host := index $cozyConfig.data "root-host" }} + +apiVersion: v1 +data: + nginx-config: |- + map $http_upgrade $connection_upgrade { + default upgrade; + '' close; + } + + server { + listen 8080 default_server; + listen [::]:8080 default_server; + server_name _; + + location ~ ^(/clusterlist|/api/clusters)$ { + add_header Content-Type application/json; + set $cluster_list '[{"api":"{{ $host }}","baseDomain":"{{ $host }}","description":"dashboard.{{ $host }}","externalDomain":"dashboard.{{ $host }}","name":"default","tenant":"dev"}]'; + return 200 $cluster_list; + } + + location /api/clusters/default { + proxy_http_version 1.1; + proxy_set_header Upgrade $http_upgrade; + proxy_set_header Connection $connection_upgrade; + proxy_set_header X-Forwarded-Proto $scheme; + proxy_set_header Host $host; + proxy_read_timeout 86400s; + proxy_send_timeout 86400s; + + rewrite /api/clusters/default/(.*) /$1 break; + proxy_pass http://incloud-web-nginx.{{ .Release.Namespace }}.svc:8080; + } + + location /k8s { + rewrite /k8s/(.*) /$1 break; + proxy_pass https://kubernetes.default.svc:443; + } + + location /openapi-bff { + proxy_pass http://incloud-web-web.{{ .Release.Namespace }}.svc:64231; + } + + + location /openapi-bff-ws/ { + proxy_http_version 1.1; + proxy_set_header Upgrade $http_upgrade; + proxy_set_header Connection $connection_upgrade; + proxy_set_header X-Forwarded-Proto $scheme; + proxy_set_header Host $host; + proxy_read_timeout 86400s; + proxy_send_timeout 86400s; + + proxy_pass http://incloud-web-web.{{ .Release.Namespace }}.svc:64231; + } + + location = / { + return 301 https://dashboard.{{ $host }}/openapi-ui; + } + + location = /docs { + return 301 https://cozystack.io/docs/; + } + + location / { + proxy_pass http://incloud-web-web.{{ .Release.Namespace }}.svc:8080; + } + + location /healthcheck { + access_log off; + return 200 "Healthy\n"; + } + } +kind: ConfigMap +metadata: + name: incloud-web-nginx-config diff --git a/packages/system/dashboard/templates/nginx-sa.yaml b/packages/system/dashboard/templates/nginx-sa.yaml new file mode 100644 index 00000000..ea33ead3 --- /dev/null +++ b/packages/system/dashboard/templates/nginx-sa.yaml @@ -0,0 +1,4 @@ +apiVersion: v1 +kind: ServiceAccount +metadata: + name: incloud-web-nginx diff --git a/packages/system/dashboard/templates/nginx-svc.yaml b/packages/system/dashboard/templates/nginx-svc.yaml new file mode 100644 index 00000000..9501bf17 --- /dev/null +++ b/packages/system/dashboard/templates/nginx-svc.yaml @@ -0,0 +1,14 @@ +apiVersion: v1 +kind: Service +metadata: + name: incloud-web-nginx +spec: + ports: + - name: nginx-http + port: 8080 + protocol: TCP + targetPort: 8080 + selector: + app.kubernetes.io/instance: incloud-web + app.kubernetes.io/name: nginx + type: ClusterIP diff --git a/packages/system/dashboard/templates/nginx.yaml b/packages/system/dashboard/templates/nginx.yaml new file mode 100644 index 00000000..a5cbebed --- /dev/null +++ b/packages/system/dashboard/templates/nginx.yaml @@ -0,0 +1,100 @@ +apiVersion: apps/v1 +kind: Deployment +metadata: + name: incloud-web-nginx +spec: + replicas: 1 + selector: + matchLabels: + app.kubernetes.io/instance: incloud-web + app.kubernetes.io/name: nginx + strategy: + rollingUpdate: + maxSurge: 25% + maxUnavailable: 25% + type: RollingUpdate + template: + metadata: + annotations: + checksum/configmap-configurationnginxfile: 258c66b019c8c7f4a5d0a78dfd7bf297ce486b213346fbd2879c466abfc377e0 + labels: + app.kubernetes.io/instance: incloud-web + app.kubernetes.io/name: nginx + spec: + affinity: + podAntiAffinity: + preferredDuringSchedulingIgnoredDuringExecution: + - podAffinityTerm: + labelSelector: + matchExpressions: + - key: app.kubernetes.io/name + operator: In + values: + - appSpec + - key: app.kubernetes.io/instance + operator: In + values: + - incloud-web + topologyKey: kubernetes.io/hostname + weight: 100 + containers: + - image: nginxinc/nginx-unprivileged:1.29-alpine + imagePullPolicy: IfNotPresent + livenessProbe: + failureThreshold: 3 + httpGet: + path: /healthcheck + port: 8080 + scheme: HTTP + initialDelaySeconds: 3 + periodSeconds: 10 + successThreshold: 1 + timeoutSeconds: 2 + name: nginx + ports: + - containerPort: 8080 + name: http + protocol: TCP + resources: + limits: + cpu: 200m + memory: 256Mi + requests: + cpu: 100m + ephemeral-storage: 50Mi + memory: 128Mi + securityContext: + allowPrivilegeEscalation: false + capabilities: + add: [] + drop: + - ALL + privileged: false + readOnlyRootFilesystem: false + runAsGroup: 0 + runAsNonRoot: true + runAsUser: 101 + seccompProfile: + type: RuntimeDefault + terminationMessagePath: /dev/termination-log + terminationMessagePolicy: File + volumeMounts: + - mountPath: /etc/nginx/conf.d/default.conf + name: configurationnginxfile + subPath: nginx-config + dnsPolicy: ClusterFirst + enableServiceLinks: false + hostIPC: false + hostNetwork: false + hostPID: false + preemptionPolicy: null + priorityClassName: system-cluster-critical + restartPolicy: Always + runtimeClassName: null + schedulerName: default-scheduler + serviceAccountName: incloud-web-nginx + terminationGracePeriodSeconds: 30 + volumes: + - configMap: + name: incloud-web-nginx-config + name: configurationnginxfile diff --git a/packages/system/dashboard/templates/rbac.yaml b/packages/system/dashboard/templates/rbac.yaml new file mode 100644 index 00000000..b738595c --- /dev/null +++ b/packages/system/dashboard/templates/rbac.yaml @@ -0,0 +1,27 @@ +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRole +metadata: + name: cozystack-dashboard-readonly +rules: +- apiGroups: + - dashboard.cozystack.io + resources: + - '*' + verbs: + - get + - list + - watch +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRoleBinding +metadata: + name: cozystack-dashboard-readonly-authenticated +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: ClusterRole + name: cozystack-dashboard-readonly +subjects: +- apiGroup: rbac.authorization.k8s.io + kind: Group + name: system:authenticated diff --git a/packages/system/dashboard/templates/vpa.yaml b/packages/system/dashboard/templates/vpa.yaml deleted file mode 100644 index 6eff7036..00000000 --- a/packages/system/dashboard/templates/vpa.yaml +++ /dev/null @@ -1,80 +0,0 @@ -apiVersion: autoscaling.k8s.io/v1 -kind: VerticalPodAutoscaler -metadata: - name: dashboard-internal-dashboard - namespace: cozy-dashboard -spec: - targetRef: - apiVersion: "apps/v1" - kind: Deployment - name: dashboard-internal-dashboard - updatePolicy: - updateMode: "Auto" - resourcePolicy: - containerPolicies: - - containerName: dashboard - controlledResources: ["cpu", "memory"] - minAllowed: - cpu: 50m - memory: 64Mi - maxAllowed: - cpu: 500m - memory: 512Mi ---- -apiVersion: autoscaling.k8s.io/v1 -kind: VerticalPodAutoscaler -metadata: - name: dashboard-internal-kubeappsapis - namespace: cozy-dashboard -spec: - targetRef: - apiVersion: "apps/v1" - kind: Deployment - name: dashboard-internal-kubeappsapis - updatePolicy: - updateMode: "Auto" - resourcePolicy: - containerPolicies: - - containerName: kubeappsapis - controlledResources: ["cpu", "memory"] - minAllowed: - cpu: 50m - memory: 100Mi - maxAllowed: - cpu: 1000m - memory: 1Gi ---- -apiVersion: autoscaling.k8s.io/v1 -kind: VerticalPodAutoscaler -metadata: - name: dashboard-vpa - namespace: cozy-dashboard -spec: - targetRef: - apiVersion: "apps/v1" - kind: Deployment - name: dashboard - updatePolicy: - updateMode: "Auto" - resourcePolicy: - containerPolicies: - - containerName: nginx - controlledResources: ["cpu", "memory"] - minAllowed: - cpu: "50m" - memory: "64Mi" - maxAllowed: - cpu: "500m" - memory: "512Mi" - {{- $dashboardKCconfig := lookup "v1" "ConfigMap" "cozy-dashboard" "kubeapps-auth-config" }} - {{- $dashboardKCValues := dig "data" "values.yaml" "" $dashboardKCconfig }} - {{- if $dashboardKCValues }} - - containerName: auth-proxy - controlledResources: ["cpu", "memory"] - minAllowed: - cpu: "50m" - memory: "64Mi" - maxAllowed: - cpu: "500m" - memory: "512Mi" - {{- end }} diff --git a/packages/system/dashboard/templates/web-sa.yaml b/packages/system/dashboard/templates/web-sa.yaml new file mode 100644 index 00000000..0f259753 --- /dev/null +++ b/packages/system/dashboard/templates/web-sa.yaml @@ -0,0 +1,4 @@ +apiVersion: v1 +kind: ServiceAccount +metadata: + name: incloud-web-web diff --git a/packages/system/dashboard/templates/web-svc.yaml b/packages/system/dashboard/templates/web-svc.yaml new file mode 100644 index 00000000..38026706 --- /dev/null +++ b/packages/system/dashboard/templates/web-svc.yaml @@ -0,0 +1,18 @@ +apiVersion: v1 +kind: Service +metadata: + name: incloud-web-web +spec: + ports: + - name: bff-http + port: 64231 + protocol: TCP + targetPort: 64231 + - name: web-http + port: 8080 + protocol: TCP + targetPort: 8080 + selector: + app.kubernetes.io/instance: incloud-web + app.kubernetes.io/name: web + type: ClusterIP diff --git a/packages/system/dashboard/templates/web.yaml b/packages/system/dashboard/templates/web.yaml new file mode 100644 index 00000000..7a87b813 --- /dev/null +++ b/packages/system/dashboard/templates/web.yaml @@ -0,0 +1,198 @@ +apiVersion: apps/v1 +kind: Deployment +metadata: + name: incloud-web-web +spec: + replicas: 1 + selector: + matchLabels: + app.kubernetes.io/instance: incloud-web + app.kubernetes.io/name: web + strategy: + rollingUpdate: + maxSurge: 25% + maxUnavailable: 25% + type: RollingUpdate + template: + metadata: + annotations: null + labels: + app.kubernetes.io/instance: incloud-web + app.kubernetes.io/name: web + spec: + affinity: + podAntiAffinity: + preferredDuringSchedulingIgnoredDuringExecution: + - podAffinityTerm: + labelSelector: + matchExpressions: + - key: app.kubernetes.io/name + operator: In + values: + - appSpec + - key: app.kubernetes.io/instance + operator: In + values: + - incloud-web + topologyKey: kubernetes.io/hostname + weight: 100 + containers: + - env: + - name: BASE_API_GROUP + value: dashboard.cozystack.io + - name: BASE_API_VERSION + value: v1alpha1 + - name: LOGGER + value: "TRUE" + - name: LOGGER_WITH_HEADERS + value: "TRUE" + - name: PORT + value: "64231" + image: {{ .Values.openapiUIK8sBff.image | quote }} + imagePullPolicy: IfNotPresent + livenessProbe: + failureThreshold: 3 + httpGet: + path: /healthcheck + port: 64231 + scheme: HTTP + initialDelaySeconds: 3 + periodSeconds: 10 + successThreshold: 1 + timeoutSeconds: 2 + name: bff + ports: + - containerPort: 64231 + name: http + protocol: TCP + resources: + limits: + cpu: 1 + memory: 1Gi + requests: + cpu: 100m + ephemeral-storage: 50Mi + memory: 128Mi + securityContext: + allowPrivilegeEscalation: false + capabilities: + add: [] + drop: + - ALL + privileged: false + readOnlyRootFilesystem: false + runAsGroup: 0 + runAsNonRoot: true + runAsUser: 101 + seccompProfile: + type: RuntimeDefault + terminationMessagePath: /dev/termination-log + terminationMessagePolicy: File + volumeMounts: null + - env: + - name: BASEPREFIX + value: /openapi-ui + - name: CUSTOMIZATION_API_GROUP + value: dashboard.cozystack.io + - name: CUSTOMIZATION_API_VERSION + value: v1alpha1 + - name: CUSTOMIZATION_NAVIGATION_RESOURCE + value: navigation + - name: CUSTOMIZATION_NAVIGATION_RESOURCE_NAME + value: navigations + - name: INSTANCES_API_GROUP + value: dashboard.cozystack.io + - name: INSTANCES_RESOURCE_NAME + value: instances + - name: INSTANCES_VERSION + value: v1alpha1 + - name: MARKETPLACE_GROUP + value: dashboard.cozystack.io + - name: MARKETPLACE_KIND + value: MarketplacePanel + - name: MARKETPLACE_RESOURCE_NAME + value: marketplacepanels + - name: MARKETPLACE_VERSION + value: v1alpha1 + - name: NAVIGATE_FROM_CLUSTERLIST + value: /openapi-ui/~recordValue~/api-table/core.cozystack.io/v1alpha1/tenantnamespaces + - name: PROJECTS_API_GROUP + value: core.cozystack.io + - name: PROJECTS_RESOURCE_NAME + value: tenantnamespaces + - name: PROJECTS_VERSION + value: v1alpha1 + - name: USE_NAMESPACE_NAV + value: "true" + - name: LOGIN_URL + value: "/oauth2/userinfo" + - name: LOGOUT_URL + value: "/oauth2/sign_out" + - name: LOGIN_USERNAME_FIELD + value: "preferredUsername" + - name: FOOTER_TEXT + value: Cozystack + - name: TITLE_TEXT + value: Cozystack Dashboard + - name: TENANT_TEXT + value: v0.37.0-alpha.0 + - name: LOGO_TEXT + value: "false" + - name: LOGO_SVG + value: PHN2ZyB3aWR0aD0iMTUwIiBoZWlnaHQ9IjMwIiB2aWV3Qm94PSIwIDAgMTUwIDMwIiBmaWxsPSJub25lIiB4bWxucz0iaHR0cDovL3d3dy53My5vcmcvMjAwMC9zdmciPgogIDxwYXRoIGQ9Ik0xMzMuMzMxMDkgMjIuMzczOTg3VjQuNzk1Mjc2OWgyLjA0NDUyVjEyLjc3Mzg5aC4wNDk5bDguNTI3NzEtNy45NzkxNjcyaDIuNjE4MjdsLTkuNzc0NjQgOS4xMDExNTgyLjAyNDktMS4wOTcwNTkgMTAuMjk4MjQgOS41NzQ4ODloLTIuNjkyNzlsLTkuMDAxNjktOC4yNzgzNjNoLS4wNDk5djguMjc4MzYzem0tOS4xNzIzNi4yMjQzOTljLTEuNzI4NjkuMC0zLjIwODA1LS4zNjU2ODYtNC40MzgxLTEuMDk3MDU5LTEuMjMwNTktLjczMTM3My0yLjE3ODA0LTEuNzcwMjU0LTIuODQyOTMtMy4xMTY2NDUtLjY0ODI3LTEuMzQ2NjY3LS45NzIzOS0yLjk1MDk3OC0uOTcyMzktNC44MTI2NTQuMC0xLjg2MTY3Ny4zMjQxMi0zLjQ1NzM5OS45NzIzOS00Ljc4NzQ0NS42NjQ4OS0xLjM0NjM5MDYgMS42MTIzNC0yLjM4NTI3MjUgMi44NDI2Ni0zLjExNjkyMjQgMS4yMzAwMy0uNzMxMzcyOSAyLjcwOTQxLTEuMDk3MDU5MiA0LjQzODM3LTEuMDk3MDU5MiAxLjIxMzQyLjAgMi4zMzU0MS4xOTExNTQzIDMuMzY2MjYuNTczNDYyOCAxLjAzMDU3LjM4MjMwODUgMS44OTQ5My45MzkxNDkxIDIuNTkzMDUgMS42NzA1MjE5bC0uNzk3ODYgMS42NzA1MjE5Yy0uNzY0NjItLjcxNDc1LTEuNTYyNDgtMS4yMzAwMzYtMi4zOTM1OS0xLjU0NTg1NjEtLjgxNDQ3LS4zMzI0NDIxLTEuNzIwMzgtLjQ5ODY2MzItMi43MTc3MS0uNDk4NjYzMi0xLjk3ODU5LjAtMy40OTEyLjYyMzMyOS00LjUzODM4IDEuODY5OTg4My0xLjA0NzIxIDEuMjQ2NjU3LTEuNTcwOCAzLjAwMDU2Ni0xLjU3MDggNS4yNjE0NTEuMCAyLjI2MDYwNi41MjM1OSA0LjAyMjU0OSAxLjU3MDggNS4yODYxMDggMS4wNDcxOCAxLjI0NjY1NyAyLjU1OTc5IDEuODY5OTg2IDQuNTM4MDkgMS44Njk5ODYuOTk3MzQuMCAxLjkwMzI0LS4xNTc5MDkgMi43MTc3My0uNDczNzMuODMxMzgtLjMzMjQ0MiAxLjYyOTI0LS44NTYwMzggMi4zOTM4Ni0xLjU3MDc4OWwuNzk3ODYgMS42NzA1MjJjLS42OTgxMi43MTQ3NTEtMS41NjI0OCAxLjI3MTg2OS0yLjU5MzA1IDEuNjcwNzk5LTEuMDMwNTguMzgyMzA5LTIuMTUyNTcuNTczNDYyLTMuMzY1OTcuNTczNDYyek05Ni45ODQ2MzEgMjIuMzczOTg3IDEwNC43Mzk0IDQuNzk0OTk5OWgxLjc0NTMzbDcuNzU0NzYgMTcuNTc4OTg3MWgtMi4xMTkzMmwtMi4xNjkxOS01LjAxMTg0MS45OTczMy41MjM1OTVoLTEwLjcyMjA5bDEuMDIyMjctLjUyMzU5NS0yLjE0NDI1NCA1LjAxMTg0MXptOC42MDI0OTktMTUuMTg1NDAzNC00LjAxNDI0IDkuNDUwNTAwNC0uNTk4NC0uNDczNzNoOS4yMjU1NWwtLjU0ODUzLjQ3MzczLTQuMDE0MjUtOS40NTA1MDA0ek04OS44OTM5MjEgMjIuMzczOTg3VjYuNTY1NTMxNkg4My41MTAyMDJWNC43OTUyNzY5aDE0LjgzNjMzVjYuNTY1NTMxNkg5MS45NjMzNjZWMjIuMzc0MjY1eiIgZmlsbD17dG9rZW4uY29sb3JUZXh0fT48L3BhdGg+CiAgPHBhdGggZD0ibTY3Ljg1NDM4NSA0Ljc3MzExNDJoMTQuMDgwODd2MS43NjAwMDQyaC0xNC4wODA4N3ptMCAxNS44NDA4Njk4aDE0LjA4MDg3djEuNzYwMDAzaC0xNC4wODA4N3ptMTQuMDgwODctNy45MjA0MzVoLTE0LjA4MDg3djEuNzYwMDA1aDE0LjA4MDg3eiIgZmlsbD17dG9rZW4uY29sb3JUZXh0fT48L3BhdGg+CiAgPHBhdGggZD0ibTU3LjY2NDQ3MyAyMi4zNzM5ODd2LTkuMTAxMTU4bC40NDg4MDQgMS40MjExOTEtNy4xODEzMDktOS44OTkwMjAxaDIuMzkzODYxbDUuNjYwMTA5IDcuODI5NTY3MWgtLjUyMzYwNmw1LjY2MDM5MS03LjgyOTU2NzFoMi4zMTg3ODdsLTcuMTU2MzczIDkuODk4NzQyMS40MjQxNC0xLjQyMTE4OXY5LjEwMTE1OHptLTIwLjE4ODEwMi4wVjIwLjg1MzA2NUw0OC4xNDg1OTYgNS43NjczOTMydi43OTc4NjEzSDM3LjQ3NjM3MVY0Ljc5NDk5OTlINTAuMDY4NDVWNi4zMTU5MjI4TDM5LjM5NjUwMSAyMS4zNzY2NjF2LS43NzI5MjdoMTEuMDIxMjl2MS43NzAyNTN6bS0xMC4zOTYyOTguMjI0Mzk5Yy0xLjIxMzQxNC4wLTIuMzE5MDYyLS4yMDc3NzYtMy4zMTYzODktLjYyMzMyOC0uOTk3MzI3LS40MzIxNzUtMS44NDUwNTUtMS4wMzg4ODItMi41NDMxODQtMS44MjAxMjEtLjY5ODQwNi0uNzgxMjM5LTEuMjM4NjI0LTEuNzI4Ny0xLjYyMDkzMy0yLjg0MjY1OC0uMzY1Njg2LTEuMTEzNjgyLS41NDg1MjktMi4zNjAzMzktLjU0ODUyOS0zLjc0MDI1MS4wLTEuMzk2MjU3LjE4Mjg0My0yLjY0MjkxNy41NDg1MjktMy43NDAyNTIuMzgyMzA5LTEuMTEzNjgyLjkyMjUyNy0yLjA1MjgzMDkgMS42MjA2NTYtMi44MTc0NDc1LjY5ODEyOS0uNzgxMjM5MiAxLjUzNzU0NS0xLjM3OTkxMjEgMi41MTgyNS0xLjc5NTQ2NDguOTk3NjA0LS40MzIxNzQ5IDIuMTExMjg3LS42NDgyNjIzIDMuMzQxNi0uNjQ4MjYyMyAxLjI0NjY1Ny4wIDIuMzYwMzM5LjIwNzc3NjMgMy4zNDEwNDQuNjIzMzI5MS45OTczMjcuNDE1NTUyNyAxLjg0NTA1NSAxLjAxMzk0ODYgMi41NDM0NTkgMS43OTUxODc3LjcxNDc1MS43ODEyMzk4IDEuMjU0OTY5IDEuNzI4Njk5OCAxLjYyMDY1NSAyLjg0MjY1NzguMzgyMzEgMS4wOTcwNTkuNTczNDY0IDIuMzM1NDA2LjU3MzQ2NCAzLjcxNTA0Mi4wIDEuMzk2NTMzLS4xOTExNTQgMi42NTE3NzktLjU3MzQ2NCAzLjc2NTQ2MS0uMzgyMzA4IDEuMTEzNjgyLS45MjI1MjYgMi4wNjExNDItMS42MjA2NTUgMi44NDIzODFzLTEuNTQ1ODU2IDEuMzg3OTQ2LTIuNTQzMTgzIDEuODIwMzk4Yy0uOTgwNzA0LjQxNTU1Mi0yLjA5NDY2My42MjMzMjgtMy4zNDEzMi42MjMzMjh6bTAtMS44MjAxMmMxLjI2MzI3OS4wIDIuMzI3MDk0LS4yODI1NzYgMy4xOTE0NDMtLjg0NzcyOC44ODA5NzMtLjU2NTE1MiAxLjU1NDE2OS0xLjM4Nzk0NiAyLjAxOTU4OC0yLjQ2ODY2LjQ2NTY5Ni0xLjA4MDQzNy42OTg0MDYtMi4zNzY5NjEuNjk4NDA2LTMuODg5ODUuMC0xLjUyOTIzNC0uMjMyNzEtMi44MjU3NTgtLjY5ODEyOS0zLjg4OTg1MS0uNDY1NDE5LTEuMDYzODE1LTEuMTM4NjE0LTEuODc4Mjk3OC0yLjAxOTU4Ny0yLjQ0MzQ1LS44NjQzNS0uNTY1MTUxOC0xLjkyODQ0Mi0uODQ3NzI3Ni0zLjE5MTcyMS0uODQ3NzI3Ni0xLjIzMDAzOC4wLTIuMjg1ODE4LjI4MjU3NTgtMy4xNjY3OTEuODQ3NzI3Ni0uODY0MzUuNTY1MTUyMi0xLjUyOTIzNCAxLjM4Nzk0Ni0xLjk5NDY1MyAyLjQ2ODM4My0uNDY1NDE5IDEuMDYzODE1LS42OTgxMjkgMi4zNTIwMjktLjY5ODEyOSAzLjg2NDY0MS4wIDEuNTEyODg5LjIzMjcxIDIuODA5NjkuNjk4MTI5IDMuODkwMTI3LjQ2NTQxOSAxLjA2MzgxNSAxLjEzMDMwMyAxLjg4NjYwOSAxLjk5NDY1MyAyLjQ2ODM4My44ODA5NzMuNTY1MTUxIDEuOTM2NDc4Ljg0NzcyNyAzLjE2NjUxMy44NDc3Mjd6bS0xNi4wNDE3MjQgMS44MjAxMmMtMS43Mjg2OTgxLjAtMy4yMDgzNDE3LS4zNjU2ODYtNC40Mzg2NTYxLTEuMDk3MDU5QzUuMzY5NjU3MSAyMC43Njk5NTQgNC40MjIxOTY2IDE5LjczMTA3MyAzLjc1NzMxMzEgMTguMzg0NjgyYy0uNjQ4MjYzLTEuMzQ2NjY3LS45NzIzOTM2LTIuOTUwOTc4LS45NzIzOTM2LTQuODEyNjU0LjAtMS44NjE2NzcuMzI0MTMwNi0zLjQ1NzM5OS45NzIzOTM2LTQuNzg3NDQ1LjY2NDg4MzUtMS4zNDYzOTA2IDEuNjEyMzQ0LTIuMzg1MjcyNSAyLjg0MjM3OTgtMy4xMTY5MjI0QzcuODI5NzI5OCA0LjkzNjI4NzcgOS4zMDkzNzM0IDQuNTcwNjAxNCAxMS4wMzgzNDkgNC41NzA2MDE0YzEuMjEzNDE0LjAgMi4zMzU0MDguMTkxMTU0MyAzLjM2NTk3OC41NzM0NjI4IDEuMDMwNTcyLjM4MjMwODUgMS44OTQ5MjIuOTM5MTQ5MSAyLjU5MzMyNiAxLjY3MDUyMTlMMTYuMTk5NzkxIDguNDg1MTA4QzE1LjQzNTE3NSA3Ljc3MDM1OCAxNC42MzczMTMgNy4yNTUwNzIgMTMuODA2MjA5IDYuOTM5MjUxOSAxMi45OTE0NDcgNi42MDY4MDk4IDEyLjA4NTU0MyA2LjQ0MDU4ODcgMTEuMDg4MjE2IDYuNDQwNTg4N2MtMS45NzgwMzA0LjAtMy40OTA5MTg4LjYyMzMyOS00LjUzODM4OTIgMS44Njk5ODgzLTEuMDQ3MTkyNyAxLjI0NjY1Ny0xLjU3MDc4ODYgMy4wMDA1NjYtMS41NzA3ODg2IDUuMjYxNDUxLjAgMi4yNjA2MDYuNTIzNTk1OSA0LjAyMjU0OSAxLjU3MDc4ODYgNS4yODYxMDggMS4wNDcxOTI5IDEuMjQ2NjU3IDIuNTYwMDgyMyAxLjg2OTk4NiA0LjUzODM4OTIgMS44Njk5ODYuOTk3MzI3LjAgMS45MDMyMzEtLjE1NzkwOSAyLjcxNzcxNS0uNDczNzMuODMxMTA2LS4zMzI0NDIgMS42Mjg5NjgtLjg1NjAzOCAyLjM5MzU4NC0xLjU3MDc4OWwuNzk4MTM4IDEuNjcwNTIyYy0uNjk4MTI4LjcxNDc1MS0xLjU2MjQ3OCAxLjI3MTg2OS0yLjU5MzA0OCAxLjY3MDc5OS0xLjAzMDU3Mi4zODIzMDktMi4xNTI4NDIuNTczNDYyLTMuMzY2MjU2LjU3MzQ2MnoiIGZpbGw9e3Rva2VuLmNvbG9yVGV4dH0+PC9wYXRoPgo8L3N2Zz4K + - name: ICON_SVG + value: PD94bWwgdmVyc2lvbj0iMS4wIiBlbmNvZGluZz0iVVRGLTgiIHN0YW5kYWxvbmU9Im5vIj8+CjxzdmcKICAgd2lkdGg9IjkxIgogICBoZWlnaHQ9IjkxIgogICB2aWV3Qm94PSIwIDAgNjguMjUwMDI0IDY4LjI1MDAyNCIKICAgcHJlc2VydmVBc3BlY3RSYXRpbz0ieE1pZFlNaWQgbWVldCIKICAgdmVyc2lvbj0iMS4xIgogICBpZD0ic3ZnODI2IgogICBzb2RpcG9kaTpkb2NuYW1lPSJmYXZpY29uLnN2ZyIKICAgaW5rc2NhcGU6dmVyc2lvbj0iMS4xLjEgKGMzMDg0ZWYsIDIwMjEtMDktMjIpIgogICB4bWxuczppbmtzY2FwZT0iaHR0cDovL3d3dy5pbmtzY2FwZS5vcmcvbmFtZXNwYWNlcy9pbmtzY2FwZSIKICAgeG1sbnM6c29kaXBvZGk9Imh0dHA6Ly9zb2RpcG9kaS5zb3VyY2Vmb3JnZS5uZXQvRFREL3NvZGlwb2RpLTAuZHRkIgogICB4bWxucz0iaHR0cDovL3d3dy53My5vcmcvMjAwMC9zdmciCiAgIHhtbG5zOnN2Zz0iaHR0cDovL3d3dy53My5vcmcvMjAwMC9zdmciPgogIDxkZWZzCiAgICAgaWQ9ImRlZnM4MzAiIC8+CiAgPHNvZGlwb2RpOm5hbWVkdmlldwogICAgIGlkPSJuYW1lZHZpZXc4MjgiCiAgICAgcGFnZWNvbG9yPSIjZmZmZmZmIgogICAgIGJvcmRlcmNvbG9yPSIjNjY2NjY2IgogICAgIGJvcmRlcm9wYWNpdHk9IjEuMCIKICAgICBpbmtzY2FwZTpwYWdlc2hhZG93PSIyIgogICAgIGlua3NjYXBlOnBhZ2VvcGFjaXR5PSIwLjAiCiAgICAgaW5rc2NhcGU6cGFnZWNoZWNrZXJib2FyZD0iMCIKICAgICBzaG93Z3JpZD0iZmFsc2UiCiAgICAgaW5rc2NhcGU6em9vbT0iMC43NzAzNTc0MSIKICAgICBpbmtzY2FwZTpjeD0iNDM2LjgxMDIzIgogICAgIGlua3NjYXBlOmN5PSI1NDEuOTU2MjMiCiAgICAgaW5rc2NhcGU6d2luZG93LXdpZHRoPSIxNzIwIgogICAgIGlua3NjYXBlOndpbmRvdy1oZWlnaHQ9IjEzODciCiAgICAgaW5rc2NhcGU6d2luZG93LXg9IjE3MjAiCiAgICAgaW5rc2NhcGU6d2luZG93LXk9IjI1IgogICAgIGlua3NjYXBlOndpbmRvdy1tYXhpbWl6ZWQ9IjAiCiAgICAgaW5rc2NhcGU6Y3VycmVudC1sYXllcj0ic3ZnODI2IiAvPgogIDxyZWN0CiAgICAgc3R5bGU9ImZpbGw6IzAwMDAwMDtzdHJva2Utd2lkdGg6MC42MTc5MDUiCiAgICAgaWQ9InJlY3Q5MzgiCiAgICAgd2lkdGg9IjY4LjI1MDAyMyIKICAgICBoZWlnaHQ9IjY4LjI1MDAyMyIKICAgICB4PSIwIgogICAgIHk9Ii0xLjc3NjM1NjhlLTE1IiAvPgogIDxwYXRoCiAgICAgZmlsbC1ydWxlPSJldmVub2RkIgogICAgIGNsaXAtcnVsZT0iZXZlbm9kZCIKICAgICBkPSJtIDE2LjYwMTU5OCwxMy45MjY5MSBjIDAsLTEuMjgwMTE1IDEuMDE1MDUxLC0yLjMxNzg2MSAyLjI2NzQyNCwtMi4zMTc4NjEgaCAzMS43NDM5MzcgYyAxLjI1MjM3OCwwIDIuMjY3NDIsMS4wMzc3NDYgMi4yNjc0MiwyLjMxNzg2MSB2IDAgYyAwLDEuMjgwMTMzIC0xLjAxNTA0MiwyLjMxNzg3IC0yLjI2NzQyLDIuMzE3ODcgSCAxOC44NjkwMjIgYyAtMS4yNTIzNzMsMCAtMi4yNjc0MjQsLTEuMDM3NzM3IC0yLjI2NzQyNCwtMi4zMTc4NyB6IG0gMCw0MS43MjE1NzIgYyAwLC0xLjI4MDA4MSAxLjAxNTA1MSwtMi4zMTc4NjUgMi4yNjc0MjQsLTIuMzE3ODY1IGggMzEuNzQzOTM3IGMgMS4yNTIzNzgsMCAyLjI2NzQyLDEuMDM3Nzg0IDIuMjY3NDIsMi4zMTc4NjUgdiAwIGMgMCwxLjI4MDE1OCAtMS4wMTUwNDIsMi4zMTc4NjYgLTIuMjY3NDIsMi4zMTc4NjYgSCAxOC44NjkwMjIgYyAtMS4yNTIzNzMsMCAtMi4yNjc0MjQsLTEuMDM3NzA4IC0yLjI2NzQyNCwtMi4zMTc4NjYgeiBtIDM2LjI3ODc4MSwtMjAuODYwOCBjIDAsLTEuMjgwMDggLTEuMDE1MDQyLC0yLjMxNzg2NSAtMi4yNjc0MiwtMi4zMTc4NjUgSCAxOC44NjkwMjIgYyAtMS4yNTIzNzMsMCAtMi4yNjc0MjQsMS4wMzc3ODUgLTIuMjY3NDI0LDIuMzE3ODY1IHYgMCBjIDAsMS4yODAxNTggMS4wMTUwNTEsMi4zMTc4NjYgMi4yNjc0MjQsMi4zMTc4NjYgaCAzMS43NDM5MzcgYyAxLjI1MjM3OCwwIDIuMjY3NDIsLTEuMDM3NzA4IDIuMjY3NDIsLTIuMzE3ODY2IHoiCiAgICAgZmlsbD0iI2ZmZmZmZiIKICAgICBpZD0icGF0aDg0MCIKICAgICBzdHlsZT0ic3Ryb2tlLXdpZHRoOjAuNzY0MTYzIiAvPgo8L3N2Zz4K + image: {{ .Values.openapiUI.image | quote }} + imagePullPolicy: IfNotPresent + livenessProbe: + failureThreshold: 3 + httpGet: + path: /healthcheck + port: 8080 + scheme: HTTP + initialDelaySeconds: 3 + periodSeconds: 10 + successThreshold: 1 + timeoutSeconds: 2 + name: web + ports: + - containerPort: 8080 + name: http + protocol: TCP + resources: + limits: + cpu: 200m + memory: 256Mi + requests: + cpu: 100m + ephemeral-storage: 50Mi + memory: 128Mi + securityContext: + allowPrivilegeEscalation: false + capabilities: + add: [] + drop: + - ALL + privileged: false + readOnlyRootFilesystem: false + runAsGroup: 0 + runAsNonRoot: true + runAsUser: 101 + seccompProfile: + type: RuntimeDefault + terminationMessagePath: /dev/termination-log + terminationMessagePolicy: File + volumeMounts: null + dnsPolicy: ClusterFirst + enableServiceLinks: false + hostIPC: false + hostNetwork: false + hostPID: false + preemptionPolicy: null + priorityClassName: system-cluster-critical + restartPolicy: Always + runtimeClassName: null + schedulerName: default-scheduler + serviceAccountName: incloud-web-web + terminationGracePeriodSeconds: 30 + volumes: null diff --git a/packages/system/dashboard/values.yaml b/packages/system/dashboard/values.yaml index 300cf5a1..19e406c0 100644 --- a/packages/system/dashboard/values.yaml +++ b/packages/system/dashboard/values.yaml @@ -1,379 +1,6 @@ -kubeapps: - ingress: - annotations: - nginx.ingress.kubernetes.io/proxy-read-timeout: "600" - nginx.ingress.kubernetes.io/client-max-body-size: 1m - nginx.ingress.kubernetes.io/proxy-body-size: 100m - nginx.ingress.kubernetes.io/proxy-buffer-size: 16k - nginx.ingress.kubernetes.io/proxy-buffers-number: "4" - fullnameOverride: dashboard - postgresql: - enabled: false - packaging: - helm: - enabled: false - flux: - enabled: true - dashboard: - resourcesPreset: "none" - image: - registry: ghcr.io/cozystack/cozystack - repository: dashboard - tag: latest - digest: "sha256:187d4e4964c57b318a4cf538d7e6d03c2f9a73d2ea3126b9be3d5ad7d48fa7f1" - frontend: - image: - repository: bitnamilegacy/nginx - authProxy: - image: - repository: bitnamilegacy/oauth2-proxy - redis: - image: - repository: bitnamilegacy/redis - kubectl: - image: - repository: bitnamilegacy/kubectl - master: - resourcesPreset: "none" - resources: - requests: - cpu: 20m - memory: 128Mi - limits: - memory: 128Mi - kubeappsapis: - resourcesPreset: "none" - qps: "250.0" - burst: "500" - image: - registry: ghcr.io/cozystack/cozystack - repository: kubeapps-apis - tag: latest - digest: "sha256:7f6a822c80dd84ee77276183b59ffe073ececff056bddd71e686b2d542f6fde8" - pluginConfig: - flux: - packages: - v1alpha1: - resources: - - application: - kind: Bucket - singular: bucket - plural: buckets - release: - prefix: bucket- - labels: - cozystack.io/ui: "true" - chart: - name: bucket - sourceRef: - kind: HelmRepository - name: cozystack-apps - namespace: cozy-public - - application: - kind: ClickHouse - singular: clickhouse - plural: clickhouses - release: - prefix: clickhouse- - labels: - cozystack.io/ui: "true" - chart: - name: clickhouse - sourceRef: - kind: HelmRepository - name: cozystack-apps - namespace: cozy-public - - application: - kind: HTTPCache - singular: httpcache - plural: httpcaches - release: - prefix: http-cache- - labels: - cozystack.io/ui: "true" - chart: - name: http-cache - sourceRef: - kind: HelmRepository - name: cozystack-apps - namespace: cozy-public - - application: - kind: NATS - singular: nats - plural: natses - release: - prefix: nats- - labels: - cozystack.io/ui: "true" - chart: - name: nats - sourceRef: - kind: HelmRepository - name: cozystack-apps - namespace: cozy-public - - application: - kind: TCPBalancer - singular: tcpbalancer - plural: tcpbalancers - release: - prefix: tcp-balancer- - labels: - cozystack.io/ui: "true" - chart: - name: tcp-balancer - sourceRef: - kind: HelmRepository - name: cozystack-apps - namespace: cozy-public - - application: - kind: VirtualMachine - singular: virtualmachine - plural: virtualmachines - release: - prefix: virtual-machine- - labels: - cozystack.io/ui: "true" - chart: - name: virtual-machine - sourceRef: - kind: HelmRepository - name: cozystack-apps - namespace: cozy-public - - application: - kind: VPN - singular: vpn - plural: vpns - release: - prefix: vpn- - labels: - cozystack.io/ui: "true" - chart: - name: vpn - sourceRef: - kind: HelmRepository - name: cozystack-apps - namespace: cozy-public - - application: - kind: MySQL - singular: mysql - plural: mysqls - release: - prefix: mysql- - labels: - cozystack.io/ui: "true" - chart: - name: mysql - sourceRef: - kind: HelmRepository - name: cozystack-apps - namespace: cozy-public - - application: - kind: Tenant - singular: tenant - plural: tenants - release: - prefix: tenant- - labels: - cozystack.io/ui: "true" - chart: - name: tenant - sourceRef: - kind: HelmRepository - name: cozystack-apps - namespace: cozy-public - - application: - kind: Kubernetes - singular: kubernetes - plural: kuberneteses - release: - prefix: kubernetes- - labels: - cozystack.io/ui: "true" - chart: - name: kubernetes - sourceRef: - kind: HelmRepository - name: cozystack-apps - namespace: cozy-public - - application: - kind: Redis - singular: redis - plural: redises - release: - prefix: redis- - labels: - cozystack.io/ui: "true" - chart: - name: redis - sourceRef: - kind: HelmRepository - name: cozystack-apps - namespace: cozy-public - - application: - kind: RabbitMQ - singular: rabbitmq - plural: rabbitmqs - release: - prefix: rabbitmq- - labels: - cozystack.io/ui: "true" - chart: - name: rabbitmq - sourceRef: - kind: HelmRepository - name: cozystack-apps - namespace: cozy-public - - application: - kind: Postgres - singular: postgres - plural: postgreses - release: - prefix: postgres- - labels: - cozystack.io/ui: "true" - chart: - name: postgres - sourceRef: - kind: HelmRepository - name: cozystack-apps - namespace: cozy-public - - application: - kind: FerretDB - singular: ferretdb - plural: ferretdbs - release: - prefix: ferretdb- - labels: - cozystack.io/ui: "true" - chart: - name: ferretdb - sourceRef: - kind: HelmRepository - name: cozystack-apps - namespace: cozy-public - - application: - kind: Kafka - singular: kafka - plural: kafkas - release: - prefix: kafka- - labels: - cozystack.io/ui: "true" - chart: - name: kafka - sourceRef: - kind: HelmRepository - name: cozystack-apps - namespace: cozy-public - - application: - kind: VMDisk - plural: vmdisks - singular: vmdisk - release: - prefix: vm-disk- - labels: - cozystack.io/ui: "true" - chart: - name: vm-disk - sourceRef: - kind: HelmRepository - name: cozystack-apps - namespace: cozy-public - - application: - kind: VMInstance - plural: vminstances - singular: vminstance - release: - prefix: vm-instance- - labels: - cozystack.io/ui: "true" - chart: - name: vm-instance - sourceRef: - kind: HelmRepository - name: cozystack-apps - namespace: cozy-public - - application: - kind: Monitoring - plural: monitorings - singular: monitoring - release: - prefix: "" - labels: - cozystack.io/ui: "true" - chart: - name: monitoring - sourceRef: - kind: HelmRepository - name: cozystack-extra - namespace: cozy-public - - application: - kind: Etcd - plural: etcds - singular: etcd - release: - prefix: "" - labels: - cozystack.io/ui: "true" - chart: - name: etcd - sourceRef: - kind: HelmRepository - name: cozystack-extra - namespace: cozy-public - - application: - kind: Ingress - plural: ingresses - singular: ingress - release: - prefix: "" - labels: - cozystack.io/ui: "true" - chart: - name: ingress - sourceRef: - kind: HelmRepository - name: cozystack-extra - namespace: cozy-public - - application: - kind: SeaweedFS - plural: seaweedfses - singular: seaweedfs - release: - prefix: "" - labels: - cozystack.io/ui: "true" - chart: - name: seaweedfs - sourceRef: - kind: HelmRepository - name: cozystack-extra - namespace: cozy-public - - application: - kind: BootBox - plural: bootboxes - singular: bootbox - release: - prefix: "" - labels: - cozystack.io/ui: "true" - chart: - name: bootbox - sourceRef: - kind: HelmRepository - name: cozystack-extra - namespace: cozy-public - - application: - kind: Info - plural: infos - singular: info - release: - prefix: "" - labels: - cozystack.io/ui: "true" - chart: - name: info - sourceRef: - kind: HelmRepository - name: cozystack-extra - namespace: cozy-public +openapiUI: + image: ghcr.io/cozystack/cozystack/openapi-ui:latest@sha256:a8cd0ce7ba55a59df39c23d930bc3bf5b6bb390a24dce157d36c3828e9052365 +openapiUIK8sBff: + image: ghcr.io/cozystack/cozystack/openapi-ui-k8s-bff:latest@sha256:9647ec88955e4749079e4f10c3a941dc57bd74bda67094d2ea0d45943d04a8e7 +tokenProxy: + image: ghcr.io/cozystack/cozystack/token-proxy:latest@sha256:fad27112617bb17816702571e1f39d0ac3fe5283468d25eb12f79906cdab566b diff --git a/packages/system/keycloak-configure/templates/configure-kk.yaml b/packages/system/keycloak-configure/templates/configure-kk.yaml index c49a3889..3fc92c86 100644 --- a/packages/system/keycloak-configure/templates/configure-kk.yaml +++ b/packages/system/keycloak-configure/templates/configure-kk.yaml @@ -16,20 +16,6 @@ {{- $k8sClient = randAlphaNum 32 }} {{- end }} -{{ $kubeappsClient := "" }} -{{- if $existingKubeappsSecret }} - {{- $kubeappsClient = index $existingKubeappsSecret.data "client-secret-key" | b64dec }} -{{- else }} - {{- $kubeappsClient = randAlphaNum 32 }} -{{- end }} - -{{ $cookieSecret := "" }} -{{- if $existingAuthConfig }} - {{- $cookieSecret = index $existingAuthConfig.data "cookieSecret" | b64dec }} -{{- else }} - {{- $cookieSecret = randAlphaNum 16 }} -{{- end }} - {{ $branding := "" }} {{- if $cozystackBranding }} {{- $branding = index $cozystackBranding.data "branding" }} @@ -48,28 +34,6 @@ data: --- -apiVersion: v1 -kind: Secret -metadata: - name: kubeapps-client - namespace: {{ .Release.Namespace }} -type: Opaque -data: - client-secret-key: {{ $kubeappsClient | b64enc }} - ---- - -apiVersion: v1 -kind: Secret -metadata: - name: kubeapps-auth-config - namespace: cozy-dashboard -type: Opaque -data: - cookieSecret: {{ $cookieSecret | b64enc }} - ---- - apiVersion: v1.edp.epam.com/v1alpha1 kind: ClusterKeycloak metadata: @@ -178,57 +142,6 @@ spec: --- -apiVersion: v1.edp.epam.com/v1 -kind: KeycloakClient -metadata: - name: kubeapps-client -spec: - serviceAccount: - enabled: true - realmRef: - name: keycloakrealm-cozy - kind: ClusterKeycloakRealm - secret: $kubeapps-client:client-secret-key - advancedProtocolMappers: true - authorizationServicesEnabled: true - name: kubeapps - clientId: kubeapps - directAccess: true - public: false - webUrl: "https://dashboard.{{ $host }}" - defaultClientScopes: - - groups - - kubernetes-client - redirectUris: - - "https://dashboard.{{ $host }}/oauth2/callback/*" - {{- range $i, $v := $extraRedirectUris }} - - "{{ $v }}" - {{- end }} - ---- - -apiVersion: v1 -kind: ConfigMap -metadata: - name: kubeapps-auth-config - namespace: cozy-dashboard -data: - values.yaml: | - kubeapps: - authProxy: - resourcesPreset: "none" - enabled: true - provider: "oidc" - clientID: "kubeapps" - clientSecret: {{ $kubeappsClient }} - cookieSecret: {{ $cookieSecret }} - extraFlags: - - --cookie-secure - - --scope=openid email groups - - --oidc-issuer-url=https://keycloak.{{ $host }}/realms/cozy - ---- - apiVersion: v1.edp.epam.com/v1 kind: KeycloakRealmGroup metadata: diff --git a/pkg/apis/apps/v1alpha1/register.go b/pkg/apis/apps/v1alpha1/register.go index a1b2586f..e112e1eb 100644 --- a/pkg/apis/apps/v1alpha1/register.go +++ b/pkg/apis/apps/v1alpha1/register.go @@ -1,18 +1,5 @@ -/* -Copyright 2024 The Cozystack Authors. - -Licensed under the Apache License, Version 2.0 (the "License"); -you may not use this file except in compliance with the License. -You may obtain a copy of the License at - - http://www.apache.org/licenses/LICENSE-2.0 - -Unless required by applicable law or agreed to in writing, software -distributed under the License is distributed on an "AS IS" BASIS, -WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -See the License for the specific language governing permissions and -limitations under the License. -*/ +// SPDX-License-Identifier: Apache-2.0 +// Copyright 2025 The Cozystack Authors. package v1alpha1 @@ -24,46 +11,50 @@ import ( "k8s.io/klog/v2" ) -// GroupName holds the API group name. +// ----------------------------------------------------------------------------- +// Group / version boiler-plate +// ----------------------------------------------------------------------------- + +// GroupName is the API group for every resource in this package. const GroupName = "apps.cozystack.io" -var ( - RegisteredGVKs []schema.GroupVersionKind -) - -// SchemeGroupVersion is group version used to register these objects +// SchemeGroupVersion is the canonical {group,version} for v1alpha1. var SchemeGroupVersion = schema.GroupVersion{Group: GroupName, Version: "v1alpha1"} +// ----------------------------------------------------------------------------- +// Scheme registration helpers +// ----------------------------------------------------------------------------- + var ( - // SchemeBuilder allows to add this group to a scheme. - // TODO: move SchemeBuilder with zz_generated.deepcopy.go to k8s.io/api. - // localSchemeBuilder and AddToScheme will stay in k8s.io/kubernetes. + // SchemeBuilder is used by generated deepcopy code. SchemeBuilder runtime.SchemeBuilder localSchemeBuilder = &SchemeBuilder - - // AddToScheme adds this group to a scheme. - AddToScheme = localSchemeBuilder.AddToScheme + AddToScheme = localSchemeBuilder.AddToScheme ) func init() { - // We only register manually written functions here. The registration of the - // generated functions takes place in the generated files. The separation - // makes the code compile even when the generated files are missing. + // Manually-written types go here. Generated deepcopy code is wired in + // via `zz_generated.deepcopy.go`. localSchemeBuilder.Register(addKnownTypes) } -// Adds the list of known types to the given scheme. +// addKnownTypes is called from init(). func addKnownTypes(scheme *runtime.Scheme) error { metav1.AddToGroupVersion(scheme, SchemeGroupVersion) return nil } -// Resource takes an unqualified resource and returns a Group qualified GroupResource +// Resource turns an unqualified resource name into a fully-qualified one. func Resource(resource string) schema.GroupResource { return SchemeGroupVersion.WithResource(resource).GroupResource() } -// RegisterDynamicTypes registers types dynamically based on config +// ----------------------------------------------------------------------------- +// Public helpers consumed by the apiserver wiring +// ----------------------------------------------------------------------------- + +// RegisterDynamicTypes adds per-tenant β€œApplication” kinds that are only known +// at runtime from a config file. func RegisterDynamicTypes(scheme *runtime.Scheme, cfg *config.ResourceConfig) error { for _, res := range cfg.Resources { kind := res.Application.Kind @@ -76,9 +67,7 @@ func RegisterDynamicTypes(scheme *runtime.Scheme, cfg *config.ResourceConfig) er scheme.AddKnownTypeWithName(gvkInternal, &Application{}) scheme.AddKnownTypeWithName(gvkInternal.GroupVersion().WithKind(kind+"List"), &ApplicationList{}) - klog.V(1).Infof("Registered kind: %s\n", kind) - RegisteredGVKs = append(RegisteredGVKs, gvk) + klog.V(1).Infof("Registered dynamic kind: %s", kind) } - return nil } diff --git a/pkg/apis/apps/v1alpha1/types.go b/pkg/apis/apps/v1alpha1/types.go index 5a21d270..8e756779 100644 --- a/pkg/apis/apps/v1alpha1/types.go +++ b/pkg/apis/apps/v1alpha1/types.go @@ -37,6 +37,9 @@ type ApplicationStatus struct { // +optional Version string `json:"version,omitempty"` Conditions []metav1.Condition `json:"conditions,omitempty"` + // Namespace holds the computed namespace for Tenant applications. + // +optional + Namespace string `json:"namespace,omitempty"` } // GetConditions returns the status conditions of the object. diff --git a/pkg/apis/core/fuzzer/fuzzer.go b/pkg/apis/core/fuzzer/fuzzer.go new file mode 100644 index 00000000..dbf3ca39 --- /dev/null +++ b/pkg/apis/core/fuzzer/fuzzer.go @@ -0,0 +1,33 @@ +/* +Copyright 2024 The Cozystack Authors. + +Licensed under the Apache License, Version 2.0 (the "License"); +you may not use this file except in compliance with the License. +You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + +Unless required by applicable law or agreed to in writing, software +distributed under the License is distributed on an "AS IS" BASIS, +WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +See the License for the specific language governing permissions and +limitations under the License. +*/ + +package fuzzer + +import ( + "github.com/cozystack/cozystack/pkg/apis/core" + fuzz "github.com/google/gofuzz" + + runtimeserializer "k8s.io/apimachinery/pkg/runtime/serializer" +) + +// Funcs returns the fuzzer functions for the core api group. +var Funcs = func(codecs runtimeserializer.CodecFactory) []interface{} { + return []interface{}{ + func(s *core.TenantNamespaceSpec, c fuzz.Continue) { + c.FuzzNoCustom(s) // fuzz self without calling this function again + }, + } +} diff --git a/pkg/apis/core/install/install.go b/pkg/apis/core/install/install.go new file mode 100644 index 00000000..0f210eb2 --- /dev/null +++ b/pkg/apis/core/install/install.go @@ -0,0 +1,29 @@ +/* +Copyright 2024 The Cozystack Authors. + +Licensed under the Apache License, Version 2.0 (the "License"); +you may not use this file except in compliance with the License. +You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + +Unless required by applicable law or agreed to in writing, software +distributed under the License is distributed on an "AS IS" BASIS, +WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +See the License for the specific language governing permissions and +limitations under the License. +*/ + +package install + +import ( + corev1alpha1 "github.com/cozystack/cozystack/pkg/apis/core/v1alpha1" + "k8s.io/apimachinery/pkg/runtime" + utilruntime "k8s.io/apimachinery/pkg/util/runtime" +) + +// Install registers the API group and adds types to a scheme +func Install(scheme *runtime.Scheme) { + utilruntime.Must(corev1alpha1.AddToScheme(scheme)) + utilruntime.Must(scheme.SetVersionPriority(corev1alpha1.SchemeGroupVersion)) +} diff --git a/pkg/apis/core/install/roundtrip_test.go b/pkg/apis/core/install/roundtrip_test.go new file mode 100644 index 00000000..a11fa8d9 --- /dev/null +++ b/pkg/apis/core/install/roundtrip_test.go @@ -0,0 +1,30 @@ +/* +Copyright 2024 The Cozystack Authors. + +Licensed under the Apache License, Version 2.0 (the "License"); +you may not use this file except in compliance with the License. +You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + +Unless required by applicable law or agreed to in writing, software +distributed under the License is distributed on an "AS IS" BASIS, +WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +See the License for the specific language governing permissions and +limitations under the License. +*/ + +package install + +import ( + "testing" + + corefuzzer "github.com/cozystack/cozystack/pkg/apis/core/fuzzer" + "k8s.io/apimachinery/pkg/api/apitesting/roundtrip" +) + +func TestRoundTripTypes(t *testing.T) { + roundtrip.RoundTripTestForAPIGroup(t, Install, corefuzzer.Funcs) + // TODO: enable protobuf generation for the sample-apiserver + // roundtrip.RoundTripProtobufTestForAPIGroup(t, Install, corefuzzer.Funcs) +} diff --git a/pkg/apis/core/register.go b/pkg/apis/core/register.go new file mode 100644 index 00000000..9739ffdb --- /dev/null +++ b/pkg/apis/core/register.go @@ -0,0 +1,22 @@ +/* +Copyright 2024 The Cozystack Authors. + +Licensed under the Apache License, Version 2.0 (the "License"); +you may not use this file except in compliance with the License. +You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + +Unless required by applicable law or agreed to in writing, software +distributed under the License is distributed on an "AS IS" BASIS, +WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +See the License for the specific language governing permissions and +limitations under the License. +*/ + +package core + +// GroupName is the group name used in this package +const ( + GroupName = "core.cozystack.io" +) diff --git a/pkg/apis/core/v1alpha1/doc.go b/pkg/apis/core/v1alpha1/doc.go new file mode 100644 index 00000000..15b059be --- /dev/null +++ b/pkg/apis/core/v1alpha1/doc.go @@ -0,0 +1,25 @@ +/* +Copyright 2024 The Cozystack Authors. + +Licensed under the Apache License, Version 2.0 (the "License"); +you may not use this file except in compliance with the License. +You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + +Unless required by applicable law or agreed to in writing, software +distributed under the License is distributed on an "AS IS" BASIS, +WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +See the License for the specific language governing permissions and +limitations under the License. +*/ + +// +k8s:openapi-gen=true +// +k8s:deepcopy-gen=package +// +k8s:conversion-gen=github.com/cozystack/cozystack/pkg/apis/core +// +k8s:conversion-gen=k8s.io/apiextensions-apiserver/pkg/apis/apiextensions +// +k8s:defaulter-gen=TypeMeta +// +groupName=core.cozystack.io + +// Package v1alpha1 is the v1alpha1 version of the API. +package v1alpha1 // import "github.com/cozystack/cozystack/pkg/apis/core/v1alpha1" diff --git a/pkg/apis/core/v1alpha1/register.go b/pkg/apis/core/v1alpha1/register.go new file mode 100644 index 00000000..39976e39 --- /dev/null +++ b/pkg/apis/core/v1alpha1/register.go @@ -0,0 +1,69 @@ +// SPDX-License-Identifier: Apache-2.0 +// Copyright 2025 The Cozystack Authors. + +package v1alpha1 + +import ( + metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" + "k8s.io/apimachinery/pkg/runtime" + "k8s.io/apimachinery/pkg/runtime/schema" + "k8s.io/klog/v2" +) + +// ----------------------------------------------------------------------------- +// Group / version boiler-plate +// ----------------------------------------------------------------------------- + +// GroupName is the API group for every resource in this package. +const GroupName = "core.cozystack.io" + +// SchemeGroupVersion is the canonical {group,version} for v1alpha1. +var SchemeGroupVersion = schema.GroupVersion{Group: GroupName, Version: "v1alpha1"} + +// ----------------------------------------------------------------------------- +// Scheme registration helpers +// ----------------------------------------------------------------------------- + +var ( + // SchemeBuilder is used by generated deepcopy code. + SchemeBuilder runtime.SchemeBuilder + localSchemeBuilder = &SchemeBuilder + AddToScheme = localSchemeBuilder.AddToScheme +) + +func init() { + // Manually-written types go here. Generated deepcopy code is wired in + // via `zz_generated.deepcopy.go`. + localSchemeBuilder.Register(addKnownTypes) +} + +// addKnownTypes is called from init(). +func addKnownTypes(scheme *runtime.Scheme) error { + metav1.AddToGroupVersion(scheme, SchemeGroupVersion) + return nil +} + +// Resource turns an unqualified resource name into a fully-qualified one. +func Resource(resource string) schema.GroupResource { + return SchemeGroupVersion.WithResource(resource).GroupResource() +} + +// ----------------------------------------------------------------------------- +// Public helpers consumed by the apiserver wiring +// ----------------------------------------------------------------------------- + +// RegisterStaticTypes adds *compile-time* resources such as TenantNamespace. +func RegisterStaticTypes(scheme *runtime.Scheme) { + scheme.AddKnownTypes(SchemeGroupVersion, + &TenantNamespace{}, + &TenantNamespaceList{}, + &TenantSecret{}, + &TenantSecretList{}, + &TenantSecretsTable{}, + &TenantSecretsTableList{}, + &TenantModule{}, + &TenantModuleList{}, + ) + metav1.AddToGroupVersion(scheme, SchemeGroupVersion) + klog.V(1).Info("Registered static kinds: TenantNamespace, TenantSecret, TenantSecretsTable, TenantModule") +} diff --git a/pkg/apis/core/v1alpha1/tenantmodule_types.go b/pkg/apis/core/v1alpha1/tenantmodule_types.go new file mode 100644 index 00000000..724efb3c --- /dev/null +++ b/pkg/apis/core/v1alpha1/tenantmodule_types.go @@ -0,0 +1,40 @@ +// SPDX-License-Identifier: Apache-2.0 +package v1alpha1 + +import ( + metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" +) + +// +k8s:deepcopy-gen:interfaces=k8s.io/apimachinery/pkg/runtime.Object + +// TenantModule represents a HelmRelease with the label internal.cozystack.io/tenantmodule=true +type TenantModule struct { + metav1.TypeMeta `json:",inline"` + metav1.ObjectMeta `json:"metadata,omitempty"` + + // AppVersion represents the version of the Helm chart + AppVersion string `json:"appVersion,omitempty"` + + // Status contains the module status + Status TenantModuleStatus `json:"status,omitempty"` +} + +// TenantModuleStatus represents the status of a TenantModule +type TenantModuleStatus struct { + // Version represents the last attempted revision + Version string `json:"version,omitempty"` + + // Conditions represent the latest available observations of the module's state + Conditions []metav1.Condition `json:"conditions,omitempty"` +} + +// +k8s:deepcopy-gen:interfaces=k8s.io/apimachinery/pkg/runtime.Object + +// TenantModuleList contains a list of TenantModule +type TenantModuleList struct { + metav1.TypeMeta `json:",inline"` + metav1.ListMeta `json:"metadata,omitempty"` + Items []TenantModule `json:"items"` +} + +// DeepCopy methods are generated by deepcopy-gen diff --git a/pkg/apis/core/v1alpha1/tenantnamespace_types.go b/pkg/apis/core/v1alpha1/tenantnamespace_types.go new file mode 100644 index 00000000..506fb616 --- /dev/null +++ b/pkg/apis/core/v1alpha1/tenantnamespace_types.go @@ -0,0 +1,30 @@ +// SPDX-License-Identifier: Apache-2.0 +// Copyright 2025 The Cozystack Authors. + +// This file contains the cluster-scoped β€œTenantNamespace” resource. +// A TenantNamespace represents an existing Kubernetes Namespace whose +// *name* starts with the prefix β€œtenant-”. + +package v1alpha1 + +import ( + metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" +) + +// +k8s:deepcopy-gen:interfaces=k8s.io/apimachinery/pkg/runtime.Object + +// TenantNamespace is a thin wrapper around ObjectMeta. It has no spec/status +// because it merely reflects an existing Namespace object. +type TenantNamespace struct { + metav1.TypeMeta `json:",inline"` + metav1.ObjectMeta `json:"metadata,omitempty"` +} + +// +k8s:deepcopy-gen:interfaces=k8s.io/apimachinery/pkg/runtime.Object + +// TenantNamespaceList is the list variant for TenantNamespace. +type TenantNamespaceList struct { + metav1.TypeMeta `json:",inline"` + metav1.ListMeta `json:"metadata,omitempty"` + Items []TenantNamespace `json:"items"` +} diff --git a/pkg/apis/core/v1alpha1/tenantsecret_types.go b/pkg/apis/core/v1alpha1/tenantsecret_types.go new file mode 100644 index 00000000..917e9cc2 --- /dev/null +++ b/pkg/apis/core/v1alpha1/tenantsecret_types.go @@ -0,0 +1,24 @@ +// SPDX-License-Identifier: Apache-2.0 +package v1alpha1 + +import metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" + +// +k8s:deepcopy-gen:interfaces=k8s.io/apimachinery/pkg/runtime.Object + +type TenantSecret struct { + metav1.TypeMeta `json:",inline"` + metav1.ObjectMeta `json:"metadata,omitempty"` + + // Same semantics as core/v1 Secret. + Type string `json:"type,omitempty"` + Data map[string][]byte `json:"data,omitempty"` + StringData map[string]string `json:"stringData,omitempty"` // write-only hint +} + +// +k8s:deepcopy-gen:interfaces=k8s.io/apimachinery/pkg/runtime.Object + +type TenantSecretList struct { + metav1.TypeMeta `json:",inline"` + metav1.ListMeta `json:"metadata,omitempty"` + Items []TenantSecret `json:"items"` +} diff --git a/pkg/apis/core/v1alpha1/tenantsecretstable_types.go b/pkg/apis/core/v1alpha1/tenantsecretstable_types.go new file mode 100644 index 00000000..94119696 --- /dev/null +++ b/pkg/apis/core/v1alpha1/tenantsecretstable_types.go @@ -0,0 +1,34 @@ +// SPDX-License-Identifier: Apache-2.0 +package v1alpha1 + +import metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" + +// TenantSecretEntry represents a single key from a Secret's data. +type TenantSecretEntry struct { + Name string `json:"name,omitempty"` + Key string `json:"key,omitempty"` + Value string `json:"value,omitempty"` +} + +// +k8s:deepcopy-gen:interfaces=k8s.io/apimachinery/pkg/runtime.Object + +// TenantSecretsTable is a virtual, namespaced resource that exposes every key +// of Secrets labelled cozystack.io/ui=true as a separate object. +type TenantSecretsTable struct { + metav1.TypeMeta `json:",inline"` + metav1.ObjectMeta `json:"metadata,omitempty"` + + Data TenantSecretEntry `json:"data,omitempty"` +} + +// DeepCopy methods are generated by deepcopy-gen + +// +k8s:deepcopy-gen:interfaces=k8s.io/apimachinery/pkg/runtime.Object + +type TenantSecretsTableList struct { + metav1.TypeMeta `json:",inline"` + metav1.ListMeta `json:"metadata,omitempty"` + Items []TenantSecretsTable `json:"items"` +} + +// DeepCopy methods are generated by deepcopy-gen diff --git a/pkg/apis/core/v1alpha1/zz_generated.conversion.go b/pkg/apis/core/v1alpha1/zz_generated.conversion.go new file mode 100644 index 00000000..3b3b068a --- /dev/null +++ b/pkg/apis/core/v1alpha1/zz_generated.conversion.go @@ -0,0 +1,36 @@ +//go:build !ignore_autogenerated +// +build !ignore_autogenerated + +/* +Copyright 2025 The Cozystack Authors. + +Licensed under the Apache License, Version 2.0 (the "License"); +you may not use this file except in compliance with the License. +You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + +Unless required by applicable law or agreed to in writing, software +distributed under the License is distributed on an "AS IS" BASIS, +WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +See the License for the specific language governing permissions and +limitations under the License. +*/ + +// Code generated by conversion-gen. DO NOT EDIT. + +package v1alpha1 + +import ( + runtime "k8s.io/apimachinery/pkg/runtime" +) + +func init() { + localSchemeBuilder.Register(RegisterConversions) +} + +// RegisterConversions adds conversion functions to the given scheme. +// Public to allow building arbitrary schemes. +func RegisterConversions(s *runtime.Scheme) error { + return nil +} diff --git a/pkg/apis/core/v1alpha1/zz_generated.deepcopy.go b/pkg/apis/core/v1alpha1/zz_generated.deepcopy.go new file mode 100644 index 00000000..54a7f1e6 --- /dev/null +++ b/pkg/apis/core/v1alpha1/zz_generated.deepcopy.go @@ -0,0 +1,326 @@ +//go:build !ignore_autogenerated +// +build !ignore_autogenerated + +/* +Copyright 2025 The Cozystack Authors. + +Licensed under the Apache License, Version 2.0 (the "License"); +you may not use this file except in compliance with the License. +You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + +Unless required by applicable law or agreed to in writing, software +distributed under the License is distributed on an "AS IS" BASIS, +WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +See the License for the specific language governing permissions and +limitations under the License. +*/ + +// Code generated by deepcopy-gen. DO NOT EDIT. + +package v1alpha1 + +import ( + v1 "k8s.io/apimachinery/pkg/apis/meta/v1" + runtime "k8s.io/apimachinery/pkg/runtime" +) + +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *TenantModule) DeepCopyInto(out *TenantModule) { + *out = *in + out.TypeMeta = in.TypeMeta + in.ObjectMeta.DeepCopyInto(&out.ObjectMeta) + in.Status.DeepCopyInto(&out.Status) + return +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new TenantModule. +func (in *TenantModule) DeepCopy() *TenantModule { + if in == nil { + return nil + } + out := new(TenantModule) + in.DeepCopyInto(out) + return out +} + +// DeepCopyObject is an autogenerated deepcopy function, copying the receiver, creating a new runtime.Object. +func (in *TenantModule) DeepCopyObject() runtime.Object { + if c := in.DeepCopy(); c != nil { + return c + } + return nil +} + +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *TenantModuleList) DeepCopyInto(out *TenantModuleList) { + *out = *in + out.TypeMeta = in.TypeMeta + in.ListMeta.DeepCopyInto(&out.ListMeta) + if in.Items != nil { + in, out := &in.Items, &out.Items + *out = make([]TenantModule, len(*in)) + for i := range *in { + (*in)[i].DeepCopyInto(&(*out)[i]) + } + } + return +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new TenantModuleList. +func (in *TenantModuleList) DeepCopy() *TenantModuleList { + if in == nil { + return nil + } + out := new(TenantModuleList) + in.DeepCopyInto(out) + return out +} + +// DeepCopyObject is an autogenerated deepcopy function, copying the receiver, creating a new runtime.Object. +func (in *TenantModuleList) DeepCopyObject() runtime.Object { + if c := in.DeepCopy(); c != nil { + return c + } + return nil +} + +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *TenantModuleStatus) DeepCopyInto(out *TenantModuleStatus) { + *out = *in + if in.Conditions != nil { + in, out := &in.Conditions, &out.Conditions + *out = make([]v1.Condition, len(*in)) + for i := range *in { + (*in)[i].DeepCopyInto(&(*out)[i]) + } + } + return +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new TenantModuleStatus. +func (in *TenantModuleStatus) DeepCopy() *TenantModuleStatus { + if in == nil { + return nil + } + out := new(TenantModuleStatus) + in.DeepCopyInto(out) + return out +} + +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *TenantNamespace) DeepCopyInto(out *TenantNamespace) { + *out = *in + out.TypeMeta = in.TypeMeta + in.ObjectMeta.DeepCopyInto(&out.ObjectMeta) + return +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new TenantNamespace. +func (in *TenantNamespace) DeepCopy() *TenantNamespace { + if in == nil { + return nil + } + out := new(TenantNamespace) + in.DeepCopyInto(out) + return out +} + +// DeepCopyObject is an autogenerated deepcopy function, copying the receiver, creating a new runtime.Object. +func (in *TenantNamespace) DeepCopyObject() runtime.Object { + if c := in.DeepCopy(); c != nil { + return c + } + return nil +} + +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *TenantNamespaceList) DeepCopyInto(out *TenantNamespaceList) { + *out = *in + out.TypeMeta = in.TypeMeta + in.ListMeta.DeepCopyInto(&out.ListMeta) + if in.Items != nil { + in, out := &in.Items, &out.Items + *out = make([]TenantNamespace, len(*in)) + for i := range *in { + (*in)[i].DeepCopyInto(&(*out)[i]) + } + } + return +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new TenantNamespaceList. +func (in *TenantNamespaceList) DeepCopy() *TenantNamespaceList { + if in == nil { + return nil + } + out := new(TenantNamespaceList) + in.DeepCopyInto(out) + return out +} + +// DeepCopyObject is an autogenerated deepcopy function, copying the receiver, creating a new runtime.Object. +func (in *TenantNamespaceList) DeepCopyObject() runtime.Object { + if c := in.DeepCopy(); c != nil { + return c + } + return nil +} + +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *TenantSecret) DeepCopyInto(out *TenantSecret) { + *out = *in + out.TypeMeta = in.TypeMeta + in.ObjectMeta.DeepCopyInto(&out.ObjectMeta) + if in.Data != nil { + in, out := &in.Data, &out.Data + *out = make(map[string][]byte, len(*in)) + for key, val := range *in { + var outVal []byte + if val == nil { + (*out)[key] = nil + } else { + in, out := &val, &outVal + *out = make([]byte, len(*in)) + copy(*out, *in) + } + (*out)[key] = outVal + } + } + if in.StringData != nil { + in, out := &in.StringData, &out.StringData + *out = make(map[string]string, len(*in)) + for key, val := range *in { + (*out)[key] = val + } + } + return +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new TenantSecret. +func (in *TenantSecret) DeepCopy() *TenantSecret { + if in == nil { + return nil + } + out := new(TenantSecret) + in.DeepCopyInto(out) + return out +} + +// DeepCopyObject is an autogenerated deepcopy function, copying the receiver, creating a new runtime.Object. +func (in *TenantSecret) DeepCopyObject() runtime.Object { + if c := in.DeepCopy(); c != nil { + return c + } + return nil +} + +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *TenantSecretEntry) DeepCopyInto(out *TenantSecretEntry) { + *out = *in + return +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new TenantSecretEntry. +func (in *TenantSecretEntry) DeepCopy() *TenantSecretEntry { + if in == nil { + return nil + } + out := new(TenantSecretEntry) + in.DeepCopyInto(out) + return out +} + +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *TenantSecretList) DeepCopyInto(out *TenantSecretList) { + *out = *in + out.TypeMeta = in.TypeMeta + in.ListMeta.DeepCopyInto(&out.ListMeta) + if in.Items != nil { + in, out := &in.Items, &out.Items + *out = make([]TenantSecret, len(*in)) + for i := range *in { + (*in)[i].DeepCopyInto(&(*out)[i]) + } + } + return +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new TenantSecretList. +func (in *TenantSecretList) DeepCopy() *TenantSecretList { + if in == nil { + return nil + } + out := new(TenantSecretList) + in.DeepCopyInto(out) + return out +} + +// DeepCopyObject is an autogenerated deepcopy function, copying the receiver, creating a new runtime.Object. +func (in *TenantSecretList) DeepCopyObject() runtime.Object { + if c := in.DeepCopy(); c != nil { + return c + } + return nil +} + +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *TenantSecretsTable) DeepCopyInto(out *TenantSecretsTable) { + *out = *in + out.TypeMeta = in.TypeMeta + in.ObjectMeta.DeepCopyInto(&out.ObjectMeta) + out.Data = in.Data + return +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new TenantSecretsTable. +func (in *TenantSecretsTable) DeepCopy() *TenantSecretsTable { + if in == nil { + return nil + } + out := new(TenantSecretsTable) + in.DeepCopyInto(out) + return out +} + +// DeepCopyObject is an autogenerated deepcopy function, copying the receiver, creating a new runtime.Object. +func (in *TenantSecretsTable) DeepCopyObject() runtime.Object { + if c := in.DeepCopy(); c != nil { + return c + } + return nil +} + +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *TenantSecretsTableList) DeepCopyInto(out *TenantSecretsTableList) { + *out = *in + out.TypeMeta = in.TypeMeta + in.ListMeta.DeepCopyInto(&out.ListMeta) + if in.Items != nil { + in, out := &in.Items, &out.Items + *out = make([]TenantSecretsTable, len(*in)) + for i := range *in { + (*in)[i].DeepCopyInto(&(*out)[i]) + } + } + return +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new TenantSecretsTableList. +func (in *TenantSecretsTableList) DeepCopy() *TenantSecretsTableList { + if in == nil { + return nil + } + out := new(TenantSecretsTableList) + in.DeepCopyInto(out) + return out +} + +// DeepCopyObject is an autogenerated deepcopy function, copying the receiver, creating a new runtime.Object. +func (in *TenantSecretsTableList) DeepCopyObject() runtime.Object { + if c := in.DeepCopy(); c != nil { + return c + } + return nil +} diff --git a/pkg/apis/core/v1alpha1/zz_generated.defaults.go b/pkg/apis/core/v1alpha1/zz_generated.defaults.go new file mode 100644 index 00000000..4e70d879 --- /dev/null +++ b/pkg/apis/core/v1alpha1/zz_generated.defaults.go @@ -0,0 +1,33 @@ +//go:build !ignore_autogenerated +// +build !ignore_autogenerated + +/* +Copyright 2025 The Cozystack Authors. + +Licensed under the Apache License, Version 2.0 (the "License"); +you may not use this file except in compliance with the License. +You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + +Unless required by applicable law or agreed to in writing, software +distributed under the License is distributed on an "AS IS" BASIS, +WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +See the License for the specific language governing permissions and +limitations under the License. +*/ + +// Code generated by defaulter-gen. DO NOT EDIT. + +package v1alpha1 + +import ( + runtime "k8s.io/apimachinery/pkg/runtime" +) + +// RegisterDefaults adds defaulters functions to the given scheme. +// Public to allow building arbitrary schemes. +// All generated defaulters are covering - they call all nested defaulters. +func RegisterDefaults(scheme *runtime.Scheme) error { + return nil +} diff --git a/pkg/apis/core/validation/validation.go b/pkg/apis/core/validation/validation.go new file mode 100644 index 00000000..060067de --- /dev/null +++ b/pkg/apis/core/validation/validation.go @@ -0,0 +1,40 @@ +/* +Copyright 2024 The Cozystack Authors. + +Licensed under the Apache License, Version 2.0 (the "License"); +you may not use this file except in compliance with the License. +You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + +Unless required by applicable law or agreed to in writing, software +distributed under the License is distributed on an "AS IS" BASIS, +WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +See the License for the specific language governing permissions and +limitations under the License. +*/ + +package validation + +import ( + "github.com/cozystack/cozystack/pkg/apis/core" + "k8s.io/apimachinery/pkg/util/validation/field" +) + +// ValidateTenantNamespace validates a TenantNamespace. +func ValidateTenantNamespace(f *core.TenantNamespace) field.ErrorList { + allErrs := field.ErrorList{} + + allErrs = append(allErrs, ValidateTenantNamespaceSpec(&f.Spec, field.NewPath("spec"))...) + + return allErrs +} + +// ValidateTenantNamespaceSpec validates a TenantNamespaceSpec. +func ValidateTenantNamespaceSpec(s *core.TenantNamespaceSpec, fldPath *field.Path) field.ErrorList { + allErrs := field.ErrorList{} + + // TODO validation + + return allErrs +} diff --git a/pkg/apiserver/apiserver.go b/pkg/apiserver/apiserver.go index 4e54d867..80220964 100644 --- a/pkg/apiserver/apiserver.go +++ b/pkg/apiserver/apiserver.go @@ -27,13 +27,20 @@ import ( "k8s.io/apiserver/pkg/registry/rest" genericapiserver "k8s.io/apiserver/pkg/server" "k8s.io/client-go/dynamic" + "k8s.io/client-go/kubernetes" restclient "k8s.io/client-go/rest" "github.com/cozystack/cozystack/pkg/apis/apps" - "github.com/cozystack/cozystack/pkg/apis/apps/install" + appsinstall "github.com/cozystack/cozystack/pkg/apis/apps/install" + coreinstall "github.com/cozystack/cozystack/pkg/apis/apps/install" + "github.com/cozystack/cozystack/pkg/apis/core" "github.com/cozystack/cozystack/pkg/config" - appsregistry "github.com/cozystack/cozystack/pkg/registry" + cozyregistry "github.com/cozystack/cozystack/pkg/registry" applicationstorage "github.com/cozystack/cozystack/pkg/registry/apps/application" + tenantmodulestorage "github.com/cozystack/cozystack/pkg/registry/core/tenantmodule" + tenantnamespacestorage "github.com/cozystack/cozystack/pkg/registry/core/tenantnamespace" + tenantsecretstorage "github.com/cozystack/cozystack/pkg/registry/core/tenantsecret" + tenantsecretstablestorage "github.com/cozystack/cozystack/pkg/registry/core/tenantsecretstable" ) var ( @@ -42,11 +49,12 @@ var ( // Codecs provides methods for retrieving codecs and serializers for specific // versions and content types. Codecs = serializer.NewCodecFactory(Scheme) - AppsComponentName = "apps" + CozyComponentName = "cozy" ) func init() { - install.Install(Scheme) + appsinstall.Install(Scheme) + coreinstall.Install(Scheme) // Register HelmRelease types. if err := helmv2.AddToScheme(Scheme); err != nil { @@ -73,8 +81,8 @@ type Config struct { ResourceConfig *config.ResourceConfig } -// AppsServer holds the state for the Kubernetes master/api server. -type AppsServer struct { +// CozyServer holds the state for the Kubernetes master/api server. +type CozyServer struct { GenericAPIServer *genericapiserver.GenericAPIServer } @@ -98,19 +106,17 @@ func (cfg *Config) Complete() CompletedConfig { return CompletedConfig{&c} } -// New returns a new instance of AppsServer from the given configuration. -func (c completedConfig) New() (*AppsServer, error) { - genericServer, err := c.GenericConfig.New("apps-apiserver", genericapiserver.NewEmptyDelegate()) +// New returns a new instance of CozyServer from the given configuration. +func (c completedConfig) New() (*CozyServer, error) { + genericServer, err := c.GenericConfig.New("cozy-apiserver", genericapiserver.NewEmptyDelegate()) if err != nil { return nil, err } - s := &AppsServer{ + s := &CozyServer{ GenericAPIServer: genericServer, } - apiGroupInfo := genericapiserver.NewDefaultAPIGroupInfo(apps.GroupName, Scheme, metav1.ParameterCodec, Codecs) - // Create a dynamic client for HelmRelease using InClusterConfig. inClusterConfig, err := restclient.InClusterConfig() if err != nil { @@ -122,16 +128,51 @@ func (c completedConfig) New() (*AppsServer, error) { return nil, fmt.Errorf("unable to create dynamic client: %v", err) } - v1alpha1storage := map[string]rest.Storage{} - - for _, resConfig := range c.ResourceConfig.Resources { - storage := applicationstorage.NewREST(dynamicClient, &resConfig) - v1alpha1storage[resConfig.Application.Plural] = appsregistry.RESTInPeace(storage) + clientset, err := kubernetes.NewForConfig(inClusterConfig) + if err != nil { + return nil, fmt.Errorf("create kube clientset: %v", err) } - apiGroupInfo.VersionedResourcesStorageMap["v1alpha1"] = v1alpha1storage + // --- static, cluster-scoped resource for core group --- + coreV1alpha1Storage := map[string]rest.Storage{} + coreV1alpha1Storage["tenantnamespaces"] = cozyregistry.RESTInPeace( + tenantnamespacestorage.NewREST( + clientset.CoreV1(), + clientset.AuthorizationV1(), + 20, + ), + ) + coreV1alpha1Storage["tenantsecrets"] = cozyregistry.RESTInPeace( + tenantsecretstorage.NewREST( + clientset.CoreV1(), + ), + ) + coreV1alpha1Storage["tenantsecretstables"] = cozyregistry.RESTInPeace( + tenantsecretstablestorage.NewREST( + clientset.CoreV1(), + ), + ) + coreV1alpha1Storage["tenantmodules"] = cozyregistry.RESTInPeace( + tenantmodulestorage.NewREST( + dynamicClient, + ), + ) - if err := s.GenericAPIServer.InstallAPIGroup(&apiGroupInfo); err != nil { + coreApiGroupInfo := genericapiserver.NewDefaultAPIGroupInfo(core.GroupName, Scheme, metav1.ParameterCodec, Codecs) + coreApiGroupInfo.VersionedResourcesStorageMap["v1alpha1"] = coreV1alpha1Storage + if err := s.GenericAPIServer.InstallAPIGroup(&coreApiGroupInfo); err != nil { + return nil, err + } + + // --- dynamically-configured, per-tenant resources --- + appsV1alpha1Storage := map[string]rest.Storage{} + for _, resConfig := range c.ResourceConfig.Resources { + storage := applicationstorage.NewREST(dynamicClient, &resConfig) + appsV1alpha1Storage[resConfig.Application.Plural] = cozyregistry.RESTInPeace(storage) + } + appsApiGroupInfo := genericapiserver.NewDefaultAPIGroupInfo(apps.GroupName, Scheme, metav1.ParameterCodec, Codecs) + appsApiGroupInfo.VersionedResourcesStorageMap["v1alpha1"] = appsV1alpha1Storage + if err := s.GenericAPIServer.InstallAPIGroup(&appsApiGroupInfo); err != nil { return nil, err } diff --git a/pkg/apiserver/scheme_test.go b/pkg/apiserver/scheme_test.go index e00a1d62..af420791 100644 --- a/pkg/apiserver/scheme_test.go +++ b/pkg/apiserver/scheme_test.go @@ -20,9 +20,11 @@ import ( "testing" appsfuzzer "github.com/cozystack/cozystack/pkg/apis/apps/fuzzer" + corefuzzer "github.com/cozystack/cozystack/pkg/apis/core/fuzzer" "k8s.io/apimachinery/pkg/api/apitesting/roundtrip" ) func TestRoundTripTypes(t *testing.T) { roundtrip.RoundTripTestForScheme(t, Scheme, appsfuzzer.Funcs) + roundtrip.RoundTripTestForScheme(t, Scheme, corefuzzer.Funcs) } diff --git a/pkg/cmd/server/start.go b/pkg/cmd/server/start.go index 8f26b76c..25449ece 100644 --- a/pkg/cmd/server/start.go +++ b/pkg/cmd/server/start.go @@ -25,8 +25,9 @@ import ( "io" "net" - corev1alpha1 "github.com/cozystack/cozystack/api/v1alpha1" - "github.com/cozystack/cozystack/pkg/apis/apps/v1alpha1" + v1alpha1 "github.com/cozystack/cozystack/api/v1alpha1" + appsv1alpha1 "github.com/cozystack/cozystack/pkg/apis/apps/v1alpha1" + corev1alpha1 "github.com/cozystack/cozystack/pkg/apis/core/v1alpha1" "github.com/cozystack/cozystack/pkg/apiserver" "github.com/cozystack/cozystack/pkg/config" sampleopenapi "github.com/cozystack/cozystack/pkg/generated/openapi" @@ -47,8 +48,8 @@ import ( "sigs.k8s.io/controller-runtime/pkg/client" ) -// AppsServerOptions holds the state for the Apps API server -type AppsServerOptions struct { +// CozyServerOptions holds the state for the Cozy API server +type CozyServerOptions struct { RecommendedOptions *genericoptions.RecommendedOptions StdOut io.Writer @@ -61,12 +62,15 @@ type AppsServerOptions struct { ResourceConfig *config.ResourceConfig } -// NewAppsServerOptions returns a new instance of AppsServerOptions -func NewAppsServerOptions(out, errOut io.Writer) *AppsServerOptions { - o := &AppsServerOptions{ +// NewCozyServerOptions returns a new instance of CozyServerOptions +func NewCozyServerOptions(out, errOut io.Writer) *CozyServerOptions { + o := &CozyServerOptions{ RecommendedOptions: genericoptions.NewRecommendedOptions( "", - apiserver.Codecs.LegacyCodec(v1alpha1.SchemeGroupVersion), + apiserver.Codecs.LegacyCodec( + corev1alpha1.SchemeGroupVersion, + appsv1alpha1.SchemeGroupVersion, + ), ), StdOut: out, StdErr: errOut, @@ -75,12 +79,12 @@ func NewAppsServerOptions(out, errOut io.Writer) *AppsServerOptions { return o } -// NewCommandStartAppsServer provides a CLI handler for the 'start apps-server' command -func NewCommandStartAppsServer(ctx context.Context, defaults *AppsServerOptions) *cobra.Command { +// NewCommandStartCozyServer provides a CLI handler for the 'start apps-server' command +func NewCommandStartCozyServer(ctx context.Context, defaults *CozyServerOptions) *cobra.Command { o := *defaults cmd := &cobra.Command{ - Short: "Launch an Apps API server", - Long: "Launch an Apps API server", + Short: "Launch an Cozystack API server", + Long: "Launch an Cozystack API server", PersistentPreRunE: func(*cobra.Command, []string) error { return utilversionpkg.DefaultComponentGlobalsRegistry.Set() }, @@ -91,7 +95,7 @@ func NewCommandStartAppsServer(ctx context.Context, defaults *AppsServerOptions) if err := o.Validate(args); err != nil { return err } - if err := o.RunAppsServer(c.Context()); err != nil { + if err := o.RunCozyServer(c.Context()); err != nil { return err } return nil @@ -103,18 +107,18 @@ func NewCommandStartAppsServer(ctx context.Context, defaults *AppsServerOptions) o.RecommendedOptions.AddFlags(flags) // The following lines demonstrate how to configure version compatibility and feature gates - // for the "Apps" component according to KEP-4330. + // for the "Cozy" component according to KEP-4330. - // Create a default version object for the "Apps" component. - defaultAppsVersion := "1.1" - // Register the "Apps" component in the global component registry, + // Create a default version object for the "Cozy" component. + defaultCozyVersion := "1.1" + // Register the "Cozy" component in the global component registry, // associating it with its effective version and feature gate configuration. _, appsFeatureGate := utilversionpkg.DefaultComponentGlobalsRegistry.ComponentGlobalsOrRegister( - apiserver.AppsComponentName, utilversionpkg.NewEffectiveVersion(defaultAppsVersion), - featuregate.NewVersionedFeatureGate(version.MustParse(defaultAppsVersion)), + apiserver.CozyComponentName, utilversionpkg.NewEffectiveVersion(defaultCozyVersion), + featuregate.NewVersionedFeatureGate(version.MustParse(defaultCozyVersion)), ) - // Add feature gate specifications for the "Apps" component. + // Add feature gate specifications for the "Cozy" component. utilruntime.Must(appsFeatureGate.AddVersioned(map[featuregate.Feature]featuregate.VersionedSpecs{ // Example of adding feature gates: // "FeatureName": {{"v1", true}, {"v2", false}}, @@ -127,9 +131,9 @@ func NewCommandStartAppsServer(ctx context.Context, defaults *AppsServerOptions) utilfeature.DefaultMutableFeatureGate, ) - // Set the version emulation mapping from the "Apps" component to the kube component. + // Set the version emulation mapping from the "Cozy" component to the kube component. utilruntime.Must(utilversionpkg.DefaultComponentGlobalsRegistry.SetEmulationVersionMapping( - apiserver.AppsComponentName, utilversionpkg.DefaultKubeComponent, AppsVersionToKubeVersion, + apiserver.CozyComponentName, utilversionpkg.DefaultKubeComponent, CozyVersionToKubeVersion, )) // Add flags from the global component registry. @@ -139,9 +143,9 @@ func NewCommandStartAppsServer(ctx context.Context, defaults *AppsServerOptions) } // Complete fills in the fields that are not set -func (o *AppsServerOptions) Complete() error { +func (o *CozyServerOptions) Complete() error { scheme := runtime.NewScheme() - if err := corev1alpha1.AddToScheme(scheme); err != nil { + if err := v1alpha1.AddToScheme(scheme); err != nil { return fmt.Errorf("failed to register types: %w", err) } @@ -155,7 +159,7 @@ func (o *AppsServerOptions) Complete() error { return fmt.Errorf("client initialization failed: %w", err) } - crdList := &corev1alpha1.CozystackResourceDefinitionList{} + crdList := &v1alpha1.CozystackResourceDefinitionList{} if err := o.Client.List(context.Background(), crdList); err != nil { return fmt.Errorf("failed to list CozystackResourceDefinitions: %w", err) @@ -192,15 +196,15 @@ func (o *AppsServerOptions) Complete() error { } // Validate checks the correctness of the options -func (o AppsServerOptions) Validate(args []string) error { +func (o CozyServerOptions) Validate(args []string) error { var allErrors []error allErrors = append(allErrors, o.RecommendedOptions.Validate()...) allErrors = append(allErrors, utilversionpkg.DefaultComponentGlobalsRegistry.Validate()...) return utilerrors.NewAggregate(allErrors) } -// Config returns the configuration for the API server based on AppsServerOptions -func (o *AppsServerOptions) Config() (*apiserver.Config, error) { +// Config returns the configuration for the API server based on CozyServerOptions +func (o *CozyServerOptions) Config() (*apiserver.Config, error) { // TODO: set the "real" external address if err := o.RecommendedOptions.SecureServing.MaybeDefaultWithSelfSignedCerts( "localhost", o.AlternateDNS, []net.IP{netutils.ParseIPSloppy("127.0.0.1")}, @@ -208,8 +212,11 @@ func (o *AppsServerOptions) Config() (*apiserver.Config, error) { return nil, fmt.Errorf("error creating self-signed certificates: %v", err) } - // First, register the dynamic types - err := v1alpha1.RegisterDynamicTypes(apiserver.Scheme, o.ResourceConfig) + // Register *compile-time* resources first. + corev1alpha1.RegisterStaticTypes(apiserver.Scheme) + + // Register *run-time* resources (from the user’s config file). + err := appsv1alpha1.RegisterDynamicTypes(apiserver.Scheme, o.ResourceConfig) if err != nil { return nil, fmt.Errorf("failed to register dynamic types: %v", err) } @@ -236,14 +243,14 @@ func (o *AppsServerOptions) Config() (*apiserver.Config, error) { kindSchemas[r.Application.Kind] = r.Application.OpenAPISchema } - serverConfig.OpenAPIConfig.Info.Title = "Apps" + serverConfig.OpenAPIConfig.Info.Title = "Cozy" serverConfig.OpenAPIConfig.Info.Version = version serverConfig.OpenAPIConfig.PostProcessSpec = buildPostProcessV2(kindSchemas) serverConfig.OpenAPIV3Config = genericapiserver.DefaultOpenAPIV3Config( sampleopenapi.GetOpenAPIDefinitions, openapi.NewDefinitionNamer(apiserver.Scheme), ) - serverConfig.OpenAPIV3Config.Info.Title = "Apps" + serverConfig.OpenAPIV3Config.Info.Title = "Cozy" serverConfig.OpenAPIV3Config.Info.Version = version serverConfig.OpenAPIV3Config.PostProcessSpec = buildPostProcessV3(kindSchemas) @@ -252,7 +259,7 @@ func (o *AppsServerOptions) Config() (*apiserver.Config, error) { utilversionpkg.DefaultKubeComponent, ) serverConfig.EffectiveVersion = utilversionpkg.DefaultComponentGlobalsRegistry.EffectiveVersionFor( - apiserver.AppsComponentName, + apiserver.CozyComponentName, ) if err := o.RecommendedOptions.ApplyTo(serverConfig); err != nil { @@ -266,8 +273,8 @@ func (o *AppsServerOptions) Config() (*apiserver.Config, error) { return config, nil } -// RunAppsServer launches a new AppsServer based on AppsServerOptions -func (o AppsServerOptions) RunAppsServer(ctx context.Context) error { +// RunCozyServer launches a new CozyServer based on CozyServerOptions +func (o CozyServerOptions) RunCozyServer(ctx context.Context) error { config, err := o.Config() if err != nil { return err @@ -286,8 +293,8 @@ func (o AppsServerOptions) RunAppsServer(ctx context.Context) error { return server.GenericAPIServer.PrepareRun().RunWithContext(ctx) } -// AppsVersionToKubeVersion defines the version mapping between the Apps component and kube -func AppsVersionToKubeVersion(ver *version.Version) *version.Version { +// CozyVersionToKubeVersion defines the version mapping between the Cozy component and kube +func CozyVersionToKubeVersion(ver *version.Version) *version.Version { if ver.Major() != 1 { return nil } diff --git a/pkg/cmd/server/start_test.go b/pkg/cmd/server/start_test.go index ddff60d9..da96ed31 100644 --- a/pkg/cmd/server/start_test.go +++ b/pkg/cmd/server/start_test.go @@ -25,7 +25,7 @@ import ( "github.com/stretchr/testify/assert" ) -func TestAppsEmulationVersionToKubeEmulationVersion(t *testing.T) { +func TestCozyEmulationVersionToKubeEmulationVersion(t *testing.T) { defaultKubeEffectiveVersion := utilversion.DefaultKubeEffectiveVersion() testCases := []struct { @@ -61,7 +61,7 @@ func TestAppsEmulationVersionToKubeEmulationVersion(t *testing.T) { for _, tc := range testCases { t.Run(tc.desc, func(t *testing.T) { - mappedKubeEmulationVer := AppsVersionToKubeVersion(tc.appsEmulationVer) + mappedKubeEmulationVer := CozyVersionToKubeVersion(tc.appsEmulationVer) assert.True(t, mappedKubeEmulationVer.EqualTo(tc.expectedKubeEmulationVer)) }) } diff --git a/pkg/generated/openapi/zz_generated.openapi.go b/pkg/generated/openapi/zz_generated.openapi.go index ed1d159c..a88f259f 100644 --- a/pkg/generated/openapi/zz_generated.openapi.go +++ b/pkg/generated/openapi/zz_generated.openapi.go @@ -33,6 +33,16 @@ func GetOpenAPIDefinitions(ref common.ReferenceCallback) map[string]common.OpenA "github.com/cozystack/cozystack/pkg/apis/apps/v1alpha1.Application": schema_pkg_apis_apps_v1alpha1_Application(ref), "github.com/cozystack/cozystack/pkg/apis/apps/v1alpha1.ApplicationList": schema_pkg_apis_apps_v1alpha1_ApplicationList(ref), "github.com/cozystack/cozystack/pkg/apis/apps/v1alpha1.ApplicationStatus": schema_pkg_apis_apps_v1alpha1_ApplicationStatus(ref), + "github.com/cozystack/cozystack/pkg/apis/core/v1alpha1.TenantModule": schema_pkg_apis_core_v1alpha1_TenantModule(ref), + "github.com/cozystack/cozystack/pkg/apis/core/v1alpha1.TenantModuleList": schema_pkg_apis_core_v1alpha1_TenantModuleList(ref), + "github.com/cozystack/cozystack/pkg/apis/core/v1alpha1.TenantModuleStatus": schema_pkg_apis_core_v1alpha1_TenantModuleStatus(ref), + "github.com/cozystack/cozystack/pkg/apis/core/v1alpha1.TenantNamespace": schema_pkg_apis_core_v1alpha1_TenantNamespace(ref), + "github.com/cozystack/cozystack/pkg/apis/core/v1alpha1.TenantNamespaceList": schema_pkg_apis_core_v1alpha1_TenantNamespaceList(ref), + "github.com/cozystack/cozystack/pkg/apis/core/v1alpha1.TenantSecret": schema_pkg_apis_core_v1alpha1_TenantSecret(ref), + "github.com/cozystack/cozystack/pkg/apis/core/v1alpha1.TenantSecretEntry": schema_pkg_apis_core_v1alpha1_TenantSecretEntry(ref), + "github.com/cozystack/cozystack/pkg/apis/core/v1alpha1.TenantSecretList": schema_pkg_apis_core_v1alpha1_TenantSecretList(ref), + "github.com/cozystack/cozystack/pkg/apis/core/v1alpha1.TenantSecretsTable": schema_pkg_apis_core_v1alpha1_TenantSecretsTable(ref), + "github.com/cozystack/cozystack/pkg/apis/core/v1alpha1.TenantSecretsTableList": schema_pkg_apis_core_v1alpha1_TenantSecretsTableList(ref), "k8s.io/apiextensions-apiserver/pkg/apis/apiextensions/v1.ConversionRequest": schema_pkg_apis_apiextensions_v1_ConversionRequest(ref), "k8s.io/apiextensions-apiserver/pkg/apis/apiextensions/v1.ConversionResponse": schema_pkg_apis_apiextensions_v1_ConversionResponse(ref), "k8s.io/apiextensions-apiserver/pkg/apis/apiextensions/v1.ConversionReview": schema_pkg_apis_apiextensions_v1_ConversionReview(ref), @@ -244,6 +254,13 @@ func schema_pkg_apis_apps_v1alpha1_ApplicationStatus(ref common.ReferenceCallbac }, }, }, + "namespace": { + SchemaProps: spec.SchemaProps{ + Description: "Namespace holds the computed namespace for Tenant applications.", + Type: []string{"string"}, + Format: "", + }, + }, }, }, }, @@ -252,6 +269,462 @@ func schema_pkg_apis_apps_v1alpha1_ApplicationStatus(ref common.ReferenceCallbac } } +func schema_pkg_apis_core_v1alpha1_TenantModule(ref common.ReferenceCallback) common.OpenAPIDefinition { + return common.OpenAPIDefinition{ + Schema: spec.Schema{ + SchemaProps: spec.SchemaProps{ + Description: "TenantModule represents a HelmRelease with the label internal.cozystack.io/tenantmodule=true", + Type: []string{"object"}, + Properties: map[string]spec.Schema{ + "kind": { + SchemaProps: spec.SchemaProps{ + Description: "Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds", + Type: []string{"string"}, + Format: "", + }, + }, + "apiVersion": { + SchemaProps: spec.SchemaProps{ + Description: "APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources", + Type: []string{"string"}, + Format: "", + }, + }, + "metadata": { + SchemaProps: spec.SchemaProps{ + Default: map[string]interface{}{}, + Ref: ref("k8s.io/apimachinery/pkg/apis/meta/v1.ObjectMeta"), + }, + }, + "appVersion": { + SchemaProps: spec.SchemaProps{ + Description: "AppVersion represents the version of the Helm chart", + Type: []string{"string"}, + Format: "", + }, + }, + "status": { + SchemaProps: spec.SchemaProps{ + Description: "Status contains the module status", + Default: map[string]interface{}{}, + Ref: ref("github.com/cozystack/cozystack/pkg/apis/core/v1alpha1.TenantModuleStatus"), + }, + }, + }, + }, + }, + Dependencies: []string{ + "github.com/cozystack/cozystack/pkg/apis/core/v1alpha1.TenantModuleStatus", "k8s.io/apimachinery/pkg/apis/meta/v1.ObjectMeta"}, + } +} + +func schema_pkg_apis_core_v1alpha1_TenantModuleList(ref common.ReferenceCallback) common.OpenAPIDefinition { + return common.OpenAPIDefinition{ + Schema: spec.Schema{ + SchemaProps: spec.SchemaProps{ + Description: "TenantModuleList contains a list of TenantModule", + Type: []string{"object"}, + Properties: map[string]spec.Schema{ + "kind": { + SchemaProps: spec.SchemaProps{ + Description: "Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds", + Type: []string{"string"}, + Format: "", + }, + }, + "apiVersion": { + SchemaProps: spec.SchemaProps{ + Description: "APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources", + Type: []string{"string"}, + Format: "", + }, + }, + "metadata": { + SchemaProps: spec.SchemaProps{ + Default: map[string]interface{}{}, + Ref: ref("k8s.io/apimachinery/pkg/apis/meta/v1.ListMeta"), + }, + }, + "items": { + SchemaProps: spec.SchemaProps{ + Type: []string{"array"}, + Items: &spec.SchemaOrArray{ + Schema: &spec.Schema{ + SchemaProps: spec.SchemaProps{ + Default: map[string]interface{}{}, + Ref: ref("github.com/cozystack/cozystack/pkg/apis/core/v1alpha1.TenantModule"), + }, + }, + }, + }, + }, + }, + Required: []string{"items"}, + }, + }, + Dependencies: []string{ + "github.com/cozystack/cozystack/pkg/apis/core/v1alpha1.TenantModule", "k8s.io/apimachinery/pkg/apis/meta/v1.ListMeta"}, + } +} + +func schema_pkg_apis_core_v1alpha1_TenantModuleStatus(ref common.ReferenceCallback) common.OpenAPIDefinition { + return common.OpenAPIDefinition{ + Schema: spec.Schema{ + SchemaProps: spec.SchemaProps{ + Description: "TenantModuleStatus represents the status of a TenantModule", + Type: []string{"object"}, + Properties: map[string]spec.Schema{ + "version": { + SchemaProps: spec.SchemaProps{ + Description: "Version represents the last attempted revision", + Type: []string{"string"}, + Format: "", + }, + }, + "conditions": { + SchemaProps: spec.SchemaProps{ + Description: "Conditions represent the latest available observations of the module's state", + Type: []string{"array"}, + Items: &spec.SchemaOrArray{ + Schema: &spec.Schema{ + SchemaProps: spec.SchemaProps{ + Default: map[string]interface{}{}, + Ref: ref("k8s.io/apimachinery/pkg/apis/meta/v1.Condition"), + }, + }, + }, + }, + }, + }, + }, + }, + Dependencies: []string{ + "k8s.io/apimachinery/pkg/apis/meta/v1.Condition"}, + } +} + +func schema_pkg_apis_core_v1alpha1_TenantNamespace(ref common.ReferenceCallback) common.OpenAPIDefinition { + return common.OpenAPIDefinition{ + Schema: spec.Schema{ + SchemaProps: spec.SchemaProps{ + Description: "TenantNamespace is a thin wrapper around ObjectMeta. It has no spec/status because it merely reflects an existing Namespace object.", + Type: []string{"object"}, + Properties: map[string]spec.Schema{ + "kind": { + SchemaProps: spec.SchemaProps{ + Description: "Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds", + Type: []string{"string"}, + Format: "", + }, + }, + "apiVersion": { + SchemaProps: spec.SchemaProps{ + Description: "APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources", + Type: []string{"string"}, + Format: "", + }, + }, + "metadata": { + SchemaProps: spec.SchemaProps{ + Default: map[string]interface{}{}, + Ref: ref("k8s.io/apimachinery/pkg/apis/meta/v1.ObjectMeta"), + }, + }, + }, + }, + }, + Dependencies: []string{ + "k8s.io/apimachinery/pkg/apis/meta/v1.ObjectMeta"}, + } +} + +func schema_pkg_apis_core_v1alpha1_TenantNamespaceList(ref common.ReferenceCallback) common.OpenAPIDefinition { + return common.OpenAPIDefinition{ + Schema: spec.Schema{ + SchemaProps: spec.SchemaProps{ + Description: "TenantNamespaceList is the list variant for TenantNamespace.", + Type: []string{"object"}, + Properties: map[string]spec.Schema{ + "kind": { + SchemaProps: spec.SchemaProps{ + Description: "Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds", + Type: []string{"string"}, + Format: "", + }, + }, + "apiVersion": { + SchemaProps: spec.SchemaProps{ + Description: "APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources", + Type: []string{"string"}, + Format: "", + }, + }, + "metadata": { + SchemaProps: spec.SchemaProps{ + Default: map[string]interface{}{}, + Ref: ref("k8s.io/apimachinery/pkg/apis/meta/v1.ListMeta"), + }, + }, + "items": { + SchemaProps: spec.SchemaProps{ + Type: []string{"array"}, + Items: &spec.SchemaOrArray{ + Schema: &spec.Schema{ + SchemaProps: spec.SchemaProps{ + Default: map[string]interface{}{}, + Ref: ref("github.com/cozystack/cozystack/pkg/apis/core/v1alpha1.TenantNamespace"), + }, + }, + }, + }, + }, + }, + Required: []string{"items"}, + }, + }, + Dependencies: []string{ + "github.com/cozystack/cozystack/pkg/apis/core/v1alpha1.TenantNamespace", "k8s.io/apimachinery/pkg/apis/meta/v1.ListMeta"}, + } +} + +func schema_pkg_apis_core_v1alpha1_TenantSecret(ref common.ReferenceCallback) common.OpenAPIDefinition { + return common.OpenAPIDefinition{ + Schema: spec.Schema{ + SchemaProps: spec.SchemaProps{ + Type: []string{"object"}, + Properties: map[string]spec.Schema{ + "kind": { + SchemaProps: spec.SchemaProps{ + Description: "Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds", + Type: []string{"string"}, + Format: "", + }, + }, + "apiVersion": { + SchemaProps: spec.SchemaProps{ + Description: "APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources", + Type: []string{"string"}, + Format: "", + }, + }, + "metadata": { + SchemaProps: spec.SchemaProps{ + Default: map[string]interface{}{}, + Ref: ref("k8s.io/apimachinery/pkg/apis/meta/v1.ObjectMeta"), + }, + }, + "type": { + SchemaProps: spec.SchemaProps{ + Description: "Same semantics as core/v1 Secret.", + Type: []string{"string"}, + Format: "", + }, + }, + "data": { + SchemaProps: spec.SchemaProps{ + Type: []string{"object"}, + AdditionalProperties: &spec.SchemaOrBool{ + Allows: true, + Schema: &spec.Schema{ + SchemaProps: spec.SchemaProps{ + Type: []string{"string"}, + Format: "byte", + }, + }, + }, + }, + }, + "stringData": { + SchemaProps: spec.SchemaProps{ + Type: []string{"object"}, + AdditionalProperties: &spec.SchemaOrBool{ + Allows: true, + Schema: &spec.Schema{ + SchemaProps: spec.SchemaProps{ + Default: "", + Type: []string{"string"}, + Format: "", + }, + }, + }, + }, + }, + }, + }, + }, + Dependencies: []string{ + "k8s.io/apimachinery/pkg/apis/meta/v1.ObjectMeta"}, + } +} + +func schema_pkg_apis_core_v1alpha1_TenantSecretEntry(ref common.ReferenceCallback) common.OpenAPIDefinition { + return common.OpenAPIDefinition{ + Schema: spec.Schema{ + SchemaProps: spec.SchemaProps{ + Description: "TenantSecretEntry represents a single key from a Secret's data.", + Type: []string{"object"}, + Properties: map[string]spec.Schema{ + "name": { + SchemaProps: spec.SchemaProps{ + Type: []string{"string"}, + Format: "", + }, + }, + "key": { + SchemaProps: spec.SchemaProps{ + Type: []string{"string"}, + Format: "", + }, + }, + "value": { + SchemaProps: spec.SchemaProps{ + Type: []string{"string"}, + Format: "", + }, + }, + }, + }, + }, + } +} + +func schema_pkg_apis_core_v1alpha1_TenantSecretList(ref common.ReferenceCallback) common.OpenAPIDefinition { + return common.OpenAPIDefinition{ + Schema: spec.Schema{ + SchemaProps: spec.SchemaProps{ + Type: []string{"object"}, + Properties: map[string]spec.Schema{ + "kind": { + SchemaProps: spec.SchemaProps{ + Description: "Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds", + Type: []string{"string"}, + Format: "", + }, + }, + "apiVersion": { + SchemaProps: spec.SchemaProps{ + Description: "APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources", + Type: []string{"string"}, + Format: "", + }, + }, + "metadata": { + SchemaProps: spec.SchemaProps{ + Default: map[string]interface{}{}, + Ref: ref("k8s.io/apimachinery/pkg/apis/meta/v1.ListMeta"), + }, + }, + "items": { + SchemaProps: spec.SchemaProps{ + Type: []string{"array"}, + Items: &spec.SchemaOrArray{ + Schema: &spec.Schema{ + SchemaProps: spec.SchemaProps{ + Default: map[string]interface{}{}, + Ref: ref("github.com/cozystack/cozystack/pkg/apis/core/v1alpha1.TenantSecret"), + }, + }, + }, + }, + }, + }, + Required: []string{"items"}, + }, + }, + Dependencies: []string{ + "github.com/cozystack/cozystack/pkg/apis/core/v1alpha1.TenantSecret", "k8s.io/apimachinery/pkg/apis/meta/v1.ListMeta"}, + } +} + +func schema_pkg_apis_core_v1alpha1_TenantSecretsTable(ref common.ReferenceCallback) common.OpenAPIDefinition { + return common.OpenAPIDefinition{ + Schema: spec.Schema{ + SchemaProps: spec.SchemaProps{ + Description: "TenantSecretsTable is a virtual, namespaced resource that exposes every key of Secrets labelled cozystack.io/ui=true as a separate object.", + Type: []string{"object"}, + Properties: map[string]spec.Schema{ + "kind": { + SchemaProps: spec.SchemaProps{ + Description: "Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds", + Type: []string{"string"}, + Format: "", + }, + }, + "apiVersion": { + SchemaProps: spec.SchemaProps{ + Description: "APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources", + Type: []string{"string"}, + Format: "", + }, + }, + "metadata": { + SchemaProps: spec.SchemaProps{ + Default: map[string]interface{}{}, + Ref: ref("k8s.io/apimachinery/pkg/apis/meta/v1.ObjectMeta"), + }, + }, + "data": { + SchemaProps: spec.SchemaProps{ + Default: map[string]interface{}{}, + Ref: ref("github.com/cozystack/cozystack/pkg/apis/core/v1alpha1.TenantSecretEntry"), + }, + }, + }, + }, + }, + Dependencies: []string{ + "github.com/cozystack/cozystack/pkg/apis/core/v1alpha1.TenantSecretEntry", "k8s.io/apimachinery/pkg/apis/meta/v1.ObjectMeta"}, + } +} + +func schema_pkg_apis_core_v1alpha1_TenantSecretsTableList(ref common.ReferenceCallback) common.OpenAPIDefinition { + return common.OpenAPIDefinition{ + Schema: spec.Schema{ + SchemaProps: spec.SchemaProps{ + Type: []string{"object"}, + Properties: map[string]spec.Schema{ + "kind": { + SchemaProps: spec.SchemaProps{ + Description: "Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds", + Type: []string{"string"}, + Format: "", + }, + }, + "apiVersion": { + SchemaProps: spec.SchemaProps{ + Description: "APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources", + Type: []string{"string"}, + Format: "", + }, + }, + "metadata": { + SchemaProps: spec.SchemaProps{ + Default: map[string]interface{}{}, + Ref: ref("k8s.io/apimachinery/pkg/apis/meta/v1.ListMeta"), + }, + }, + "items": { + SchemaProps: spec.SchemaProps{ + Type: []string{"array"}, + Items: &spec.SchemaOrArray{ + Schema: &spec.Schema{ + SchemaProps: spec.SchemaProps{ + Default: map[string]interface{}{}, + Ref: ref("github.com/cozystack/cozystack/pkg/apis/core/v1alpha1.TenantSecretsTable"), + }, + }, + }, + }, + }, + }, + Required: []string{"items"}, + }, + }, + Dependencies: []string{ + "github.com/cozystack/cozystack/pkg/apis/core/v1alpha1.TenantSecretsTable", "k8s.io/apimachinery/pkg/apis/meta/v1.ListMeta"}, + } +} + func schema_pkg_apis_apiextensions_v1_ConversionRequest(ref common.ReferenceCallback) common.OpenAPIDefinition { return common.OpenAPIDefinition{ Schema: spec.Schema{ diff --git a/pkg/registry/apps/application/rest.go b/pkg/registry/apps/application/rest.go index 2f8ab84c..388d741f 100644 --- a/pkg/registry/apps/application/rest.go +++ b/pkg/registry/apps/application/rest.go @@ -997,6 +997,12 @@ func (r *REST) convertHelmReleaseToApplication(hr *helmv2.HelmRelease) (appsv1al } } app.SetConditions(conditions) + + // Add namespace field for Tenant applications + if r.kindName == "Tenant" { + app.Status.Namespace = r.computeTenantNamespace(hr.Namespace, app.Name) + } + return app, nil } @@ -1183,6 +1189,25 @@ func getReadyStatus(conditions []metav1.Condition) string { return "Unknown" } +// computeTenantNamespace computes the namespace for a Tenant application based on the specified logic +func (r *REST) computeTenantNamespace(currentNamespace, tenantName string) string { + hrName := r.releaseConfig.Prefix + tenantName + + switch { + case currentNamespace == "tenant-root" && hrName == "tenant-root": + // 1) root tenant inside root namespace + return "tenant-root" + + case currentNamespace == "tenant-root": + // 2) any other tenant in root namespace + return fmt.Sprintf("tenant-%s", tenantName) + + default: + // 3) tenant in a dedicated namespace + return fmt.Sprintf("%s-%s", currentNamespace, tenantName) + } +} + // Destroy releases resources associated with REST func (r *REST) Destroy() { // No additional actions needed to release resources. diff --git a/pkg/registry/core/tenantmodule/rest.go b/pkg/registry/core/tenantmodule/rest.go new file mode 100644 index 00000000..d77f23a7 --- /dev/null +++ b/pkg/registry/core/tenantmodule/rest.go @@ -0,0 +1,801 @@ +/* +Copyright 2024 The Cozystack Authors. + +Licensed under the Apache License, Version 2.0 (the "License"); +you may not use this file except in compliance with the License. +You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + +Unless required by applicable law or agreed to in writing, software +distributed under the License is distributed on an "AS IS" BASIS, +WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +See the License for the specific language governing permissions and +limitations under the License. +*/ + +package tenantmodule + +import ( + "context" + "fmt" + "net/http" + "sync" + "time" + + helmv2 "github.com/fluxcd/helm-controller/api/v2" + metainternalversion "k8s.io/apimachinery/pkg/apis/meta/internalversion" + metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" + "k8s.io/apimachinery/pkg/apis/meta/v1/unstructured" + fields "k8s.io/apimachinery/pkg/fields" + labels "k8s.io/apimachinery/pkg/labels" + "k8s.io/apimachinery/pkg/runtime" + "k8s.io/apimachinery/pkg/runtime/schema" + "k8s.io/apimachinery/pkg/selection" + "k8s.io/apimachinery/pkg/util/duration" + "k8s.io/apimachinery/pkg/watch" + "k8s.io/apiserver/pkg/endpoints/request" + "k8s.io/apiserver/pkg/registry/rest" + "k8s.io/client-go/dynamic" + "k8s.io/klog/v2" + + corev1alpha1 "github.com/cozystack/cozystack/pkg/apis/core/v1alpha1" + apierrors "k8s.io/apimachinery/pkg/api/errors" +) + +// Ensure REST implements necessary interfaces +var ( + _ rest.Lister = &REST{} + _ rest.Getter = &REST{} + _ rest.Watcher = &REST{} + _ rest.TableConvertor = &REST{} + _ rest.Scoper = &REST{} + _ rest.SingularNameProvider = &REST{} +) + +// Define constants for label filtering +const ( + TenantModuleLabelKey = "apps.cozystack.io/tenantmodule" + TenantModuleLabelValue = "true" + singularName = "tenantmodule" +) + +// Define the GroupVersionResource for HelmRelease +var helmReleaseGVR = schema.GroupVersionResource{ + Group: "helm.toolkit.fluxcd.io", + Version: "v2", + Resource: "helmreleases", +} + +// REST implements the RESTStorage interface for TenantModule resources +type REST struct { + dynamicClient dynamic.Interface + gvr schema.GroupVersionResource + gvk schema.GroupVersionKind + kindName string + singularName string +} + +// NewREST creates a new REST storage for TenantModule +func NewREST(dynamicClient dynamic.Interface) *REST { + return &REST{ + dynamicClient: dynamicClient, + gvr: schema.GroupVersionResource{ + Group: corev1alpha1.GroupName, + Version: "v1alpha1", + Resource: "tenantmodules", + }, + gvk: schema.GroupVersion{ + Group: corev1alpha1.GroupName, + Version: "v1alpha1", + }.WithKind("TenantModule"), + kindName: "TenantModule", + singularName: singularName, + } +} + +// NamespaceScoped indicates whether the resource is namespaced +func (r *REST) NamespaceScoped() bool { + return true +} + +// GetSingularName returns the singular name of the resource +func (r *REST) GetSingularName() string { + return r.singularName +} + +// Get retrieves a TenantModule by converting the corresponding HelmRelease +func (r *REST) Get(ctx context.Context, name string, options *metav1.GetOptions) (runtime.Object, error) { + namespace, err := r.getNamespace(ctx) + if err != nil { + klog.Errorf("Failed to get namespace: %v", err) + return nil, err + } + + klog.V(6).Infof("Attempting to retrieve TenantModule %s in namespace %s", name, namespace) + + // Get the corresponding HelmRelease + hr, err := r.dynamicClient.Resource(helmReleaseGVR).Namespace(namespace).Get(ctx, name, *options) + if err != nil { + klog.Errorf("Error retrieving HelmRelease for TenantModule %s: %v", name, err) + + // Check if the error is a NotFound error + if apierrors.IsNotFound(err) { + // Return a NotFound error for the TenantModule resource instead of HelmRelease + return nil, apierrors.NewNotFound(r.gvr.GroupResource(), name) + } + + // For other errors, return them as-is + return nil, err + } + + // Check if HelmRelease has the required label + if !r.hasTenantModuleLabel(hr) { + klog.Errorf("HelmRelease %s does not have the required label %s=%s", name, TenantModuleLabelKey, TenantModuleLabelValue) + // Return a NotFound error for the TenantModule resource + return nil, apierrors.NewNotFound(r.gvr.GroupResource(), name) + } + + // Convert HelmRelease to TenantModule + convertedModule, err := r.ConvertHelmReleaseToTenantModule(hr) + if err != nil { + klog.Errorf("Conversion error from HelmRelease to TenantModule for resource %s: %v", name, err) + return nil, fmt.Errorf("conversion error: %v", err) + } + + // Explicitly set apiVersion and kind for TenantModule + convertedModule.TypeMeta = metav1.TypeMeta{ + APIVersion: "core.cozystack.io/v1alpha1", + Kind: r.kindName, + } + + // Convert TenantModule to unstructured format + unstructuredModule, err := runtime.DefaultUnstructuredConverter.ToUnstructured(&convertedModule) + if err != nil { + klog.Errorf("Failed to convert TenantModule to unstructured for resource %s: %v", name, err) + return nil, fmt.Errorf("failed to convert TenantModule to unstructured: %v", err) + } + + // Explicitly set apiVersion and kind in unstructured object + unstructuredModule["apiVersion"] = "core.cozystack.io/v1alpha1" + unstructuredModule["kind"] = r.kindName + + klog.V(6).Infof("Successfully retrieved and converted resource %s of kind %s to unstructured", name, r.gvr.Resource) + return &unstructured.Unstructured{Object: unstructuredModule}, nil +} + +// List retrieves a list of TenantModules by converting HelmReleases +func (r *REST) List(ctx context.Context, options *metainternalversion.ListOptions) (runtime.Object, error) { + namespace, err := r.getNamespace(ctx) + if err != nil { + klog.Errorf("Failed to get namespace: %v", err) + return nil, err + } + + klog.V(6).Infof("Attempting to list TenantModules in namespace %s with options: %v", namespace, options) + + // Get resource name from the request (if any) + var resourceName string + if requestInfo, ok := request.RequestInfoFrom(ctx); ok { + resourceName = requestInfo.Name + } + + // Initialize variables for selector mapping + var helmFieldSelector string + var helmLabelSelector string + + // Process field.selector + if options.FieldSelector != nil { + fs, err := fields.ParseSelector(options.FieldSelector.String()) + if err != nil { + klog.Errorf("Invalid field selector: %v", err) + return nil, fmt.Errorf("invalid field selector: %v", err) + } + // Check if selector is for metadata.name + if name, exists := fs.RequiresExactMatch("metadata.name"); exists { + // Create new field.selector for HelmRelease + helmFieldSelector = fields.OneTermEqualSelector("metadata.name", name).String() + } else { + // If field.selector contains other fields, map them directly + helmFieldSelector = fs.String() + } + } + + // Process label.selector - add the tenant module label requirement + tenantModuleReq, err := labels.NewRequirement(TenantModuleLabelKey, selection.Equals, []string{TenantModuleLabelValue}) + if err != nil { + klog.Errorf("Error creating tenant module label requirement: %v", err) + return nil, fmt.Errorf("error creating tenant module label requirement: %v", err) + } + labelRequirements := []labels.Requirement{*tenantModuleReq} + + if options.LabelSelector != nil { + ls := options.LabelSelector.String() + parsedLabels, err := labels.Parse(ls) + if err != nil { + klog.Errorf("Invalid label selector: %v", err) + return nil, fmt.Errorf("invalid label selector: %v", err) + } + if !parsedLabels.Empty() { + reqs, _ := parsedLabels.Requirements() + labelRequirements = append(labelRequirements, reqs...) + } + } + + helmLabelSelector = labels.NewSelector().Add(labelRequirements...).String() + + // Set ListOptions for HelmRelease with selector mapping + metaOptions := metav1.ListOptions{ + FieldSelector: helmFieldSelector, + LabelSelector: helmLabelSelector, + } + + // List HelmReleases with mapped selectors + hrList, err := r.dynamicClient.Resource(helmReleaseGVR).Namespace(namespace).List(ctx, metaOptions) + if err != nil { + klog.Errorf("Error listing HelmReleases: %v", err) + return nil, err + } + + // Initialize unstructured items array + items := make([]unstructured.Unstructured, 0) + + // Iterate over HelmReleases and convert to TenantModules + for _, hr := range hrList.Items { + // Double-check the label requirement + if !r.hasTenantModuleLabel(&hr) { + continue + } + + module, err := r.ConvertHelmReleaseToTenantModule(&hr) + if err != nil { + klog.Errorf("Error converting HelmRelease %s to TenantModule: %v", hr.GetName(), err) + continue + } + + // If resourceName is set, check for match + if resourceName != "" && module.Name != resourceName { + continue + } + + // Apply label.selector + if options.LabelSelector != nil { + sel, err := labels.Parse(options.LabelSelector.String()) + if err != nil { + klog.Errorf("Invalid label selector: %v", err) + continue + } + if !sel.Matches(labels.Set(module.Labels)) { + continue + } + } + + // Apply field.selector by name and namespace (if specified) + if options.FieldSelector != nil { + fs, err := fields.ParseSelector(options.FieldSelector.String()) + if err != nil { + klog.Errorf("Invalid field selector: %v", err) + continue + } + fieldsSet := fields.Set{ + "metadata.name": module.Name, + "metadata.namespace": module.Namespace, + } + if !fs.Matches(fieldsSet) { + continue + } + } + + // Convert TenantModule to unstructured + unstructuredModule, err := runtime.DefaultUnstructuredConverter.ToUnstructured(&module) + if err != nil { + klog.Errorf("Error converting TenantModule %s to unstructured: %v", module.Name, err) + continue + } + items = append(items, unstructured.Unstructured{Object: unstructuredModule}) + } + + // Explicitly set apiVersion and kind in unstructured object + moduleList := &unstructured.UnstructuredList{} + moduleList.SetAPIVersion("core.cozystack.io/v1alpha1") + moduleList.SetKind(r.kindName + "List") + moduleList.SetResourceVersion(hrList.GetResourceVersion()) + moduleList.Items = items + + klog.V(6).Infof("Successfully listed %d TenantModule resources in namespace %s", len(items), namespace) + return moduleList, nil +} + +// Watch sets up a watch on HelmReleases, filters them based on tenant module label, and converts events to TenantModules +func (r *REST) Watch(ctx context.Context, options *metainternalversion.ListOptions) (watch.Interface, error) { + namespace, err := r.getNamespace(ctx) + if err != nil { + klog.Errorf("Failed to get namespace: %v", err) + return nil, err + } + + klog.V(6).Infof("Setting up watch for TenantModules in namespace %s with options: %v", namespace, options) + + // Get request information, including resource name if specified + var resourceName string + if requestInfo, ok := request.RequestInfoFrom(ctx); ok { + resourceName = requestInfo.Name + } + + // Initialize variables for selector mapping + var helmFieldSelector string + var helmLabelSelector string + + // Process field.selector + if options.FieldSelector != nil { + fs, err := fields.ParseSelector(options.FieldSelector.String()) + if err != nil { + klog.Errorf("Invalid field selector: %v", err) + return nil, fmt.Errorf("invalid field selector: %v", err) + } + + // Check if selector is for metadata.name + if name, exists := fs.RequiresExactMatch("metadata.name"); exists { + // Create new field.selector for HelmRelease + helmFieldSelector = fields.OneTermEqualSelector("metadata.name", name).String() + } else { + // If field.selector contains other fields, map them directly + helmFieldSelector = fs.String() + } + } + + // Process label.selector - add the tenant module label requirement + tenantModuleReq, err := labels.NewRequirement(TenantModuleLabelKey, selection.Equals, []string{TenantModuleLabelValue}) + if err != nil { + klog.Errorf("Error creating tenant module label requirement: %v", err) + return nil, fmt.Errorf("error creating tenant module label requirement: %v", err) + } + labelRequirements := []labels.Requirement{*tenantModuleReq} + + if options.LabelSelector != nil { + ls := options.LabelSelector.String() + parsedLabels, err := labels.Parse(ls) + if err != nil { + klog.Errorf("Invalid label selector: %v", err) + return nil, fmt.Errorf("invalid label selector: %v", err) + } + if !parsedLabels.Empty() { + reqs, _ := parsedLabels.Requirements() + labelRequirements = append(labelRequirements, reqs...) + } + } + + helmLabelSelector = labels.NewSelector().Add(labelRequirements...).String() + + // Set ListOptions for HelmRelease with selector mapping + metaOptions := metav1.ListOptions{ + Watch: true, + ResourceVersion: options.ResourceVersion, + FieldSelector: helmFieldSelector, + LabelSelector: helmLabelSelector, + } + + // Start watch on HelmRelease with mapped selectors + helmWatcher, err := r.dynamicClient.Resource(helmReleaseGVR).Namespace(namespace).Watch(ctx, metaOptions) + if err != nil { + klog.Errorf("Error setting up watch for HelmReleases: %v", err) + return nil, err + } + + // Create a custom watcher to transform events + customW := &customWatcher{ + resultChan: make(chan watch.Event), + stopChan: make(chan struct{}), + } + + go func() { + defer close(customW.resultChan) + for { + select { + case event, ok := <-helmWatcher.ResultChan(): + if !ok { + // The watcher has been closed, attempt to re-establish the watch + klog.Warning("HelmRelease watcher closed, attempting to re-establish") + // Implement retry logic or exit based on your requirements + return + } + + // Check if the object is a *v1.Status + if status, ok := event.Object.(*metav1.Status); ok { + klog.V(4).Infof("Received Status object in HelmRelease watch: %v", status.Message) + continue // Skip processing this event + } + + // Proceed with processing Unstructured objects + matches, err := r.isRelevantHelmRelease(&event) + if err != nil { + klog.V(4).Infof("Non-critical error filtering HelmRelease event: %v", err) + continue + } + + if !matches { + continue + } + + // Convert HelmRelease to TenantModule + module, err := r.ConvertHelmReleaseToTenantModule(event.Object.(*unstructured.Unstructured)) + if err != nil { + klog.Errorf("Error converting HelmRelease to TenantModule: %v", err) + continue + } + + // Apply field.selector by name if specified + if resourceName != "" && module.Name != resourceName { + continue + } + + // Apply label.selector + if options.LabelSelector != nil { + sel, err := labels.Parse(options.LabelSelector.String()) + if err != nil { + klog.Errorf("Invalid label selector: %v", err) + continue + } + if !sel.Matches(labels.Set(module.Labels)) { + continue + } + } + + // Convert TenantModule to unstructured + unstructuredModule, err := runtime.DefaultUnstructuredConverter.ToUnstructured(&module) + if err != nil { + klog.Errorf("Failed to convert TenantModule to unstructured: %v", err) + continue + } + + // Create watch event with TenantModule object + moduleEvent := watch.Event{ + Type: event.Type, + Object: &unstructured.Unstructured{Object: unstructuredModule}, + } + + // Send event to custom watcher + select { + case customW.resultChan <- moduleEvent: + case <-customW.stopChan: + return + case <-ctx.Done(): + return + } + + case <-customW.stopChan: + return + case <-ctx.Done(): + return + } + } + }() + + klog.V(6).Infof("Custom watch established successfully") + return customW, nil +} + +// customWatcher wraps the original watcher and filters/converts events +type customWatcher struct { + resultChan chan watch.Event + stopChan chan struct{} + stopOnce sync.Once +} + +// Stop terminates the watch +func (cw *customWatcher) Stop() { + cw.stopOnce.Do(func() { + close(cw.stopChan) + }) +} + +// ResultChan returns the event channel +func (cw *customWatcher) ResultChan() <-chan watch.Event { + return cw.resultChan +} + +// isRelevantHelmRelease checks if the HelmRelease has the tenant module label +func (r *REST) isRelevantHelmRelease(event *watch.Event) (bool, error) { + if event.Object == nil { + return false, nil + } + + // Check if the object is a *v1.Status + if status, ok := event.Object.(*metav1.Status); ok { + // Log at a less severe level or handle specific status errors if needed + klog.V(4).Infof("Received Status object in HelmRelease watch: %v", status.Message) + return false, nil // Not relevant for processing as a HelmRelease + } + + // Proceed if it's an Unstructured object + hr, ok := event.Object.(*unstructured.Unstructured) + if !ok { + return false, fmt.Errorf("expected Unstructured object, got %T", event.Object) + } + + return r.hasTenantModuleLabel(hr), nil +} + +// hasTenantModuleLabel checks if a HelmRelease has the required tenant module label +func (r *REST) hasTenantModuleLabel(hr *unstructured.Unstructured) bool { + labels := hr.GetLabels() + if labels == nil { + return false + } + + value, exists := labels[TenantModuleLabelKey] + return exists && value == TenantModuleLabelValue +} + +// filterInternalLabels removes internal tenant module labels from the map +func filterInternalLabels(m map[string]string) map[string]string { + if m == nil { + return nil + } + out := make(map[string]string, len(m)) + for k, v := range m { + if k == TenantModuleLabelKey { + continue + } + out[k] = v + } + return out +} + +// getNamespace extracts the namespace from the context +func (r *REST) getNamespace(ctx context.Context) (string, error) { + namespace, ok := request.NamespaceFrom(ctx) + if !ok { + err := fmt.Errorf("namespace not found in context") + klog.Errorf(err.Error()) + return "", err + } + return namespace, nil +} + +// ConvertHelmReleaseToTenantModule converts a HelmRelease to a TenantModule +func (r *REST) ConvertHelmReleaseToTenantModule(hr *unstructured.Unstructured) (corev1alpha1.TenantModule, error) { + klog.V(6).Infof("Converting HelmRelease to TenantModule for resource %s", hr.GetName()) + + var helmRelease helmv2.HelmRelease + // Convert unstructured to HelmRelease struct + err := runtime.DefaultUnstructuredConverter.FromUnstructured(hr.Object, &helmRelease) + if err != nil { + klog.Errorf("Error converting from unstructured to HelmRelease: %v", err) + return corev1alpha1.TenantModule{}, err + } + + // Convert HelmRelease struct to TenantModule struct + module, err := r.convertHelmReleaseToTenantModule(&helmRelease) + if err != nil { + klog.Errorf("Error converting from HelmRelease to TenantModule: %v", err) + return corev1alpha1.TenantModule{}, err + } + + klog.V(6).Infof("Successfully converted HelmRelease %s to TenantModule", hr.GetName()) + return module, nil +} + +// convertHelmReleaseToTenantModule implements the actual conversion logic +func (r *REST) convertHelmReleaseToTenantModule(hr *helmv2.HelmRelease) (corev1alpha1.TenantModule, error) { + if hr == nil { + return corev1alpha1.TenantModule{}, fmt.Errorf("HelmRelease is nil") + } + + // Safely extract chart version, handling nil cases + var appVersion string + if hr.Spec.Chart != nil { + appVersion = hr.Spec.Chart.Spec.Version + } + + module := corev1alpha1.TenantModule{ + TypeMeta: metav1.TypeMeta{ + APIVersion: "core.cozystack.io/v1alpha1", + Kind: r.kindName, + }, + AppVersion: appVersion, + ObjectMeta: metav1.ObjectMeta{ + Name: hr.Name, + Namespace: hr.Namespace, + UID: hr.GetUID(), + ResourceVersion: hr.GetResourceVersion(), + CreationTimestamp: hr.CreationTimestamp, + DeletionTimestamp: hr.DeletionTimestamp, + Labels: filterInternalLabels(hr.Labels), + Annotations: hr.Annotations, + }, + Status: corev1alpha1.TenantModuleStatus{ + Version: hr.Status.LastAttemptedRevision, + }, + } + + var conditions []metav1.Condition + for _, hrCondition := range hr.GetConditions() { + if hrCondition.Type == "Ready" || hrCondition.Type == "Released" { + conditions = append(conditions, metav1.Condition{ + LastTransitionTime: hrCondition.LastTransitionTime, + Reason: hrCondition.Reason, + Message: hrCondition.Message, + Status: hrCondition.Status, + Type: hrCondition.Type, + }) + } + } + module.Status.Conditions = conditions + return module, nil +} + +// ConvertToTable implements the TableConvertor interface for displaying resources in a table format +func (r *REST) ConvertToTable(ctx context.Context, object runtime.Object, tableOptions runtime.Object) (*metav1.Table, error) { + klog.V(6).Infof("ConvertToTable: received object of type %T", object) + + var table metav1.Table + + switch obj := object.(type) { + case *unstructured.UnstructuredList: + modules := make([]corev1alpha1.TenantModule, 0, len(obj.Items)) + for _, u := range obj.Items { + var m corev1alpha1.TenantModule + err := runtime.DefaultUnstructuredConverter.FromUnstructured(u.Object, &m) + if err != nil { + klog.Errorf("Failed to convert Unstructured to TenantModule: %v", err) + continue + } + modules = append(modules, m) + } + table = r.buildTableFromTenantModules(modules) + table.ListMeta.ResourceVersion = obj.GetResourceVersion() + case *unstructured.Unstructured: + var module corev1alpha1.TenantModule + err := runtime.DefaultUnstructuredConverter.FromUnstructured(obj.UnstructuredContent(), &module) + if err != nil { + klog.Errorf("Failed to convert Unstructured to TenantModule: %v", err) + return nil, fmt.Errorf("failed to convert Unstructured to TenantModule: %v", err) + } + table = r.buildTableFromTenantModule(module) + table.ListMeta.ResourceVersion = obj.GetResourceVersion() + default: + resource := schema.GroupResource{} + if info, ok := request.RequestInfoFrom(ctx); ok { + resource = schema.GroupResource{Group: info.APIGroup, Resource: info.Resource} + } + return nil, errNotAcceptable{ + resource: resource, + message: "object does not implement the Object interfaces", + } + } + + // Handle table options + if opt, ok := tableOptions.(*metav1.TableOptions); ok && opt != nil && opt.NoHeaders { + table.ColumnDefinitions = nil + } + + table.TypeMeta = metav1.TypeMeta{ + APIVersion: "meta.k8s.io/v1", + Kind: "Table", + } + + klog.V(6).Infof("ConvertToTable: returning table with %d rows", len(table.Rows)) + return &table, nil +} + +// buildTableFromTenantModules constructs a table from a list of TenantModules +func (r *REST) buildTableFromTenantModules(modules []corev1alpha1.TenantModule) metav1.Table { + table := metav1.Table{ + ColumnDefinitions: []metav1.TableColumnDefinition{ + {Name: "NAME", Type: "string", Description: "Name of the TenantModule", Priority: 0}, + {Name: "READY", Type: "string", Description: "Ready status of the TenantModule", Priority: 0}, + {Name: "AGE", Type: "string", Description: "Age of the TenantModule", Priority: 0}, + {Name: "VERSION", Type: "string", Description: "Version of the TenantModule", Priority: 0}, + }, + Rows: make([]metav1.TableRow, 0, len(modules)), + } + now := time.Now() + + for _, module := range modules { + row := metav1.TableRow{ + Cells: []interface{}{module.GetName(), getReadyStatus(module.Status.Conditions), computeAge(module.GetCreationTimestamp().Time, now), getVersion(module.Status.Version)}, + Object: runtime.RawExtension{Object: &module}, + } + table.Rows = append(table.Rows, row) + } + + return table +} + +// buildTableFromTenantModule constructs a table from a single TenantModule +func (r *REST) buildTableFromTenantModule(module corev1alpha1.TenantModule) metav1.Table { + table := metav1.Table{ + ColumnDefinitions: []metav1.TableColumnDefinition{ + {Name: "NAME", Type: "string", Description: "Name of the TenantModule", Priority: 0}, + {Name: "READY", Type: "string", Description: "Ready status of the TenantModule", Priority: 0}, + {Name: "AGE", Type: "string", Description: "Age of the TenantModule", Priority: 0}, + {Name: "VERSION", Type: "string", Description: "Version of the TenantModule", Priority: 0}, + }, + Rows: []metav1.TableRow{}, + } + now := time.Now() + + row := metav1.TableRow{ + Cells: []interface{}{module.GetName(), getReadyStatus(module.Status.Conditions), computeAge(module.GetCreationTimestamp().Time, now), getVersion(module.Status.Version)}, + Object: runtime.RawExtension{Object: &module}, + } + table.Rows = append(table.Rows, row) + + return table +} + +// getVersion returns the module version or a placeholder if unknown +func getVersion(version string) string { + if version == "" { + return "" + } + return version +} + +// computeAge calculates the age of the object based on CreationTimestamp and current time +func computeAge(creationTime, currentTime time.Time) string { + ageDuration := currentTime.Sub(creationTime) + return duration.HumanDuration(ageDuration) +} + +// getReadyStatus returns the ready status based on conditions +func getReadyStatus(conditions []metav1.Condition) string { + for _, condition := range conditions { + if condition.Type == "Ready" { + switch condition.Status { + case metav1.ConditionTrue: + return "True" + case metav1.ConditionFalse: + return "False" + default: + return "Unknown" + } + } + } + return "Unknown" +} + +// Destroy releases resources associated with REST +func (r *REST) Destroy() { + // No additional actions needed to release resources. +} + +// New creates a new instance of TenantModule +func (r *REST) New() runtime.Object { + return &corev1alpha1.TenantModule{} +} + +// NewList returns an empty list of TenantModule objects +func (r *REST) NewList() runtime.Object { + return &corev1alpha1.TenantModuleList{} +} + +// Kind returns the resource kind used for API discovery +func (r *REST) Kind() string { + return r.gvk.Kind +} + +// GroupVersionKind returns the GroupVersionKind for REST +func (r *REST) GroupVersionKind(schema.GroupVersion) schema.GroupVersionKind { + return r.gvk +} + +// errNotAcceptable indicates that the resource does not support conversion to Table +type errNotAcceptable struct { + resource schema.GroupResource + message string +} + +func (e errNotAcceptable) Error() string { + return e.message +} + +func (e errNotAcceptable) Status() metav1.Status { + return metav1.Status{ + Status: metav1.StatusFailure, + Code: http.StatusNotAcceptable, + Reason: metav1.StatusReason("NotAcceptable"), + Message: e.Error(), + } +} diff --git a/pkg/registry/core/tenantnamespace/rest.go b/pkg/registry/core/tenantnamespace/rest.go new file mode 100644 index 00000000..3b18f3e3 --- /dev/null +++ b/pkg/registry/core/tenantnamespace/rest.go @@ -0,0 +1,363 @@ +// SPDX-License-Identifier: Apache-2.0 +// TenantNamespace registry: read-only view over Namespaces whose names start +// with β€œtenant-”. + +package tenantnamespace + +import ( + "context" + "fmt" + "math" + "net/http" + "strings" + "sync" + "time" + + authorizationv1 "k8s.io/api/authorization/v1" + corev1 "k8s.io/api/core/v1" + apierrors "k8s.io/apimachinery/pkg/api/errors" + metainternal "k8s.io/apimachinery/pkg/apis/meta/internalversion" + metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" + "k8s.io/apimachinery/pkg/runtime" + "k8s.io/apimachinery/pkg/runtime/schema" + "k8s.io/apimachinery/pkg/util/duration" + "k8s.io/apimachinery/pkg/watch" + "k8s.io/apiserver/pkg/endpoints/request" + "k8s.io/apiserver/pkg/registry/rest" + authorizationv1client "k8s.io/client-go/kubernetes/typed/authorization/v1" + corev1client "k8s.io/client-go/kubernetes/typed/core/v1" + "k8s.io/klog/v2" + + corev1alpha1 "github.com/cozystack/cozystack/pkg/apis/core/v1alpha1" +) + +const ( + prefix = "tenant-" + singularName = "tenantnamespace" +) + +// ----------------------------------------------------------------------------- +// REST storage +// ----------------------------------------------------------------------------- + +var ( + _ rest.Lister = &REST{} + _ rest.Getter = &REST{} + _ rest.Watcher = &REST{} + _ rest.TableConvertor = &REST{} + _ rest.Scoper = &REST{} + _ rest.SingularNameProvider = &REST{} +) + +type REST struct { + core corev1client.CoreV1Interface + authClient authorizationv1client.AuthorizationV1Interface + maxWorkers int + gvr schema.GroupVersionResource +} + +func NewREST( + coreCli corev1client.CoreV1Interface, + authCli authorizationv1client.AuthorizationV1Interface, + maxWorkers int, +) *REST { + return &REST{ + core: coreCli, + authClient: authCli, + maxWorkers: maxWorkers, + gvr: schema.GroupVersionResource{ + Group: corev1alpha1.GroupName, + Version: "v1alpha1", + Resource: "tenantnamespaces", + }, + } +} + +// ----------------------------------------------------------------------------- +// Basic meta +// ----------------------------------------------------------------------------- + +func (*REST) NamespaceScoped() bool { return false } +func (*REST) New() runtime.Object { return &corev1alpha1.TenantNamespace{} } +func (*REST) NewList() runtime.Object { + return &corev1alpha1.TenantNamespaceList{} +} +func (*REST) Kind() string { return "TenantNamespace" } +func (r *REST) GroupVersionKind(_ schema.GroupVersion) schema.GroupVersionKind { + return r.gvr.GroupVersion().WithKind("TenantNamespace") +} +func (*REST) GetSingularName() string { return singularName } + +// ----------------------------------------------------------------------------- +// Lister / Getter +// ----------------------------------------------------------------------------- + +func (r *REST) List( + ctx context.Context, + _ *metainternal.ListOptions, +) (runtime.Object, error) { + nsList, err := r.core.Namespaces().List(ctx, metav1.ListOptions{}) + if err != nil { + return nil, err + } + + var tenantNames []string + for i := range nsList.Items { + if strings.HasPrefix(nsList.Items[i].Name, prefix) { + tenantNames = append(tenantNames, nsList.Items[i].Name) + } + } + + allowed, err := r.filterAccessible(ctx, tenantNames) + if err != nil { + return nil, err + } + + return r.makeList(nsList, allowed), nil +} + +func (r *REST) Get( + ctx context.Context, + name string, + opts *metav1.GetOptions, +) (runtime.Object, error) { + if !strings.HasPrefix(name, prefix) { + return nil, apierrors.NewNotFound(r.gvr.GroupResource(), name) + } + + ns, err := r.core.Namespaces().Get(ctx, name, *opts) + if err != nil { + return nil, err + } + + return &corev1alpha1.TenantNamespace{ + TypeMeta: metav1.TypeMeta{ + APIVersion: corev1alpha1.SchemeGroupVersion.String(), + Kind: "TenantNamespace", + }, + ObjectMeta: metav1.ObjectMeta{ + Name: ns.Name, + UID: ns.UID, + ResourceVersion: ns.ResourceVersion, + CreationTimestamp: ns.CreationTimestamp, + Labels: ns.Labels, + Annotations: ns.Annotations, + }, + }, nil +} + +// ----------------------------------------------------------------------------- +// Watcher +// ----------------------------------------------------------------------------- + +func (r *REST) Watch(ctx context.Context, opts *metainternal.ListOptions) (watch.Interface, error) { + nsWatch, err := r.core.Namespaces().Watch(ctx, metav1.ListOptions{ + Watch: true, + ResourceVersion: opts.ResourceVersion, + }) + if err != nil { + return nil, err + } + + events := make(chan watch.Event) + pw := watch.NewProxyWatcher(events) + + go func() { + defer pw.Stop() + for ev := range nsWatch.ResultChan() { + ns, ok := ev.Object.(*corev1.Namespace) + if !ok || !strings.HasPrefix(ns.Name, prefix) { + continue + } + out := &corev1alpha1.TenantNamespace{ + TypeMeta: metav1.TypeMeta{ + APIVersion: corev1alpha1.SchemeGroupVersion.String(), + Kind: "TenantNamespace", + }, + ObjectMeta: metav1.ObjectMeta{ + Name: ns.Name, + UID: ns.UID, + ResourceVersion: ns.ResourceVersion, + CreationTimestamp: ns.CreationTimestamp, + Labels: ns.Labels, + Annotations: ns.Annotations, + }, + } + events <- watch.Event{Type: ev.Type, Object: out} + } + }() + + return pw, nil +} + +// ----------------------------------------------------------------------------- +// TableConvertor +// ----------------------------------------------------------------------------- + +func (r *REST) ConvertToTable(_ context.Context, obj runtime.Object, _ runtime.Object) (*metav1.Table, error) { + now := time.Now() + row := func(o *corev1alpha1.TenantNamespace) metav1.TableRow { + return metav1.TableRow{ + Cells: []interface{}{o.Name, duration.HumanDuration(now.Sub(o.CreationTimestamp.Time))}, + Object: runtime.RawExtension{Object: o}, + } + } + + tbl := &metav1.Table{ + TypeMeta: metav1.TypeMeta{APIVersion: "meta.k8s.io/v1", Kind: "Table"}, + ColumnDefinitions: []metav1.TableColumnDefinition{ + {Name: "NAME", Type: "string"}, + {Name: "AGE", Type: "string"}, + }, + } + + switch v := obj.(type) { + case *corev1alpha1.TenantNamespaceList: + for i := range v.Items { + tbl.Rows = append(tbl.Rows, row(&v.Items[i])) + } + tbl.ListMeta.ResourceVersion = v.ListMeta.ResourceVersion + case *corev1alpha1.TenantNamespace: + tbl.Rows = append(tbl.Rows, row(v)) + tbl.ListMeta.ResourceVersion = v.ResourceVersion + default: + return nil, notAcceptable{r.gvr.GroupResource(), fmt.Sprintf("unexpected %T", obj)} + } + return tbl, nil +} + +// ----------------------------------------------------------------------------- +// Helpers +// ----------------------------------------------------------------------------- + +func (r *REST) makeList(src *corev1.NamespaceList, allowed []string) *corev1alpha1.TenantNamespaceList { + set := map[string]struct{}{} + for _, n := range allowed { + set[n] = struct{}{} + } + + out := &corev1alpha1.TenantNamespaceList{ + TypeMeta: metav1.TypeMeta{ + APIVersion: corev1alpha1.SchemeGroupVersion.String(), + Kind: "TenantNamespaceList", + }, + ListMeta: metav1.ListMeta{ResourceVersion: src.ResourceVersion}, + } + + for i := range src.Items { + ns := &src.Items[i] + if _, ok := set[ns.Name]; !ok { + continue + } + out.Items = append(out.Items, corev1alpha1.TenantNamespace{ + TypeMeta: metav1.TypeMeta{ + APIVersion: corev1alpha1.SchemeGroupVersion.String(), + Kind: "TenantNamespace", + }, + ObjectMeta: metav1.ObjectMeta{ + Name: ns.Name, + UID: ns.UID, + ResourceVersion: ns.ResourceVersion, + CreationTimestamp: ns.CreationTimestamp, + Labels: ns.Labels, + Annotations: ns.Annotations, + }, + }) + } + return out +} + +func (r *REST) filterAccessible( + ctx context.Context, + names []string, +) ([]string, error) { + workers := int(math.Min(float64(r.maxWorkers), float64(len(names)))) + type job struct{ name string } + type res struct { + name string + allowed bool + err error + } + jobs := make(chan job, workers) + out := make(chan res, workers) + + var wg sync.WaitGroup + for i := 0; i < workers; i++ { + wg.Add(1) + go func() { + defer wg.Done() + for j := range jobs { + ok, err := r.sar(ctx, j.name) + out <- res{j.name, ok, err} + } + }() + } + go func() { wg.Wait(); close(out) }() + + go func() { + for _, n := range names { + jobs <- job{n} + } + close(jobs) + }() + + var allowed []string + for r := range out { + if r.err != nil { + klog.Errorf("SAR failed for %s: %v", r.name, r.err) + continue + } + if r.allowed { + allowed = append(allowed, r.name) + } + } + return allowed, nil +} + +func (r *REST) sar(ctx context.Context, ns string) (bool, error) { + u, ok := request.UserFrom(ctx) + if !ok || u == nil { + return false, fmt.Errorf("user missing in context") + } + + sar := &authorizationv1.SubjectAccessReview{ + Spec: authorizationv1.SubjectAccessReviewSpec{ + User: u.GetName(), + Groups: u.GetGroups(), + ResourceAttributes: &authorizationv1.ResourceAttributes{ + Group: "cozystack.io", + Resource: "workloadmonitors", + Verb: "get", + Namespace: ns, + }, + }, + } + + rsp, err := r.authClient.SubjectAccessReviews(). + Create(ctx, sar, metav1.CreateOptions{}) + if err != nil { + return false, err + } + return rsp.Status.Allowed, nil +} + +// ----------------------------------------------------------------------------- +// Boiler-plate +// ----------------------------------------------------------------------------- + +func (*REST) Destroy() {} + +type notAcceptable struct { + resource schema.GroupResource + message string +} + +func (e notAcceptable) Error() string { return e.message } +func (e notAcceptable) Status() metav1.Status { + return metav1.Status{ + Status: metav1.StatusFailure, + Code: http.StatusNotAcceptable, + Reason: metav1.StatusReason("NotAcceptable"), + Message: e.message, + } +} diff --git a/pkg/registry/core/tenantsecret/rest.go b/pkg/registry/core/tenantsecret/rest.go new file mode 100644 index 00000000..6e26b524 --- /dev/null +++ b/pkg/registry/core/tenantsecret/rest.go @@ -0,0 +1,451 @@ +// SPDX-License-Identifier: Apache-2.0 +// TenantSecret registry – namespaced view over Secrets labelled +// "internal.cozystack.io/tenantsecret=true". Internal tenant secret labels are hidden. + +package tenantsecret + +import ( + "context" + "encoding/base64" + "fmt" + "net/http" + "sort" + "time" + + corev1 "k8s.io/api/core/v1" + apierrors "k8s.io/apimachinery/pkg/api/errors" + metainternal "k8s.io/apimachinery/pkg/apis/meta/internalversion" + metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" + "k8s.io/apimachinery/pkg/labels" + "k8s.io/apimachinery/pkg/runtime" + "k8s.io/apimachinery/pkg/runtime/schema" + "k8s.io/apimachinery/pkg/selection" + "k8s.io/apimachinery/pkg/types" + "k8s.io/apimachinery/pkg/util/duration" + "k8s.io/apimachinery/pkg/watch" + "k8s.io/apiserver/pkg/endpoints/request" + "k8s.io/apiserver/pkg/registry/rest" + corev1client "k8s.io/client-go/kubernetes/typed/core/v1" + + corev1alpha1 "github.com/cozystack/cozystack/pkg/apis/core/v1alpha1" +) + +// ----------------------------------------------------------------------------- +// Constants & helpers +// ----------------------------------------------------------------------------- + +const ( + tsLabelKey = "apps.cozystack.io/tenantresource" + tsLabelValue = "true" + singularName = "tenantsecret" + kindTenantSecret = "TenantSecret" + kindTenantSecretList = "TenantSecretList" +) + +func stripInternal(m map[string]string) map[string]string { + if m == nil { + return nil + } + out := make(map[string]string, len(m)) + for k, v := range m { + if k == tsLabelKey { + continue + } + out[k] = v + } + return out +} + +func encodeStringData(sd map[string]string) map[string][]byte { + if len(sd) == 0 { + return nil + } + out := make(map[string][]byte, len(sd)) + for k, v := range sd { + out[k] = []byte(v) + } + return out +} + +func decodeStringData(d map[string][]byte) map[string]string { + if len(d) == 0 { + return nil + } + out := make(map[string]string, len(d)) + for k, v := range d { + out[k] = base64.StdEncoding.EncodeToString(v) + } + return out +} + +func secretToTenant(sec *corev1.Secret) *corev1alpha1.TenantSecret { + return &corev1alpha1.TenantSecret{ + TypeMeta: metav1.TypeMeta{ + APIVersion: corev1alpha1.SchemeGroupVersion.String(), + Kind: kindTenantSecret, + }, + ObjectMeta: metav1.ObjectMeta{ + Name: sec.Name, + Namespace: sec.Namespace, + UID: sec.UID, + ResourceVersion: sec.ResourceVersion, + CreationTimestamp: sec.CreationTimestamp, + Labels: stripInternal(sec.Labels), + Annotations: sec.Annotations, + }, + Type: string(sec.Type), + Data: sec.Data, + StringData: decodeStringData(sec.Data), + } +} + +func tenantToSecret(ts *corev1alpha1.TenantSecret, cur *corev1.Secret) *corev1.Secret { + var out corev1.Secret + if cur != nil { + out = *cur.DeepCopy() + } + out.TypeMeta = metav1.TypeMeta{APIVersion: "v1", Kind: "Secret"} + out.Name, out.Namespace = ts.Name, ts.Namespace + + if out.Labels == nil { + out.Labels = map[string]string{} + } + out.Labels[tsLabelKey] = tsLabelValue + for k, v := range ts.Labels { + out.Labels[k] = v + } + + if out.Annotations == nil { + out.Annotations = map[string]string{} + } + for k, v := range ts.Annotations { + out.Annotations[k] = v + } + + if len(ts.Data) != 0 { + out.Data = ts.Data + } else if len(ts.StringData) != 0 { + out.Data = encodeStringData(ts.StringData) + } + out.Type = corev1.SecretType(ts.Type) + return &out +} + +func nsFrom(ctx context.Context) (string, error) { + ns, ok := request.NamespaceFrom(ctx) + if !ok { + return "", apierrors.NewBadRequest("namespace required") + } + return ns, nil +} + +// ----------------------------------------------------------------------------- +// REST storage +// ----------------------------------------------------------------------------- + +var ( + _ rest.Creater = &REST{} + _ rest.Getter = &REST{} + _ rest.Lister = &REST{} + _ rest.Updater = &REST{} + _ rest.Patcher = &REST{} + _ rest.GracefulDeleter = &REST{} + _ rest.Watcher = &REST{} + _ rest.TableConvertor = &REST{} + _ rest.Scoper = &REST{} + _ rest.SingularNameProvider = &REST{} +) + +type REST struct { + core corev1client.CoreV1Interface + gvr schema.GroupVersionResource +} + +func NewREST(coreCli corev1client.CoreV1Interface) *REST { + return &REST{ + core: coreCli, + gvr: schema.GroupVersionResource{ + Group: corev1alpha1.GroupName, + Version: "v1alpha1", + Resource: "tenantsecrets", + }, + } +} + +// ----------------------------------------------------------------------------- +// Basic meta +// ----------------------------------------------------------------------------- + +func (*REST) NamespaceScoped() bool { return true } +func (*REST) New() runtime.Object { return &corev1alpha1.TenantSecret{} } +func (*REST) NewList() runtime.Object { + return &corev1alpha1.TenantSecretList{} +} +func (*REST) Kind() string { return kindTenantSecret } +func (r *REST) GroupVersionKind(_ schema.GroupVersion) schema.GroupVersionKind { + return r.gvr.GroupVersion().WithKind(kindTenantSecret) +} +func (*REST) GetSingularName() string { return singularName } + +// ----------------------------------------------------------------------------- +// CRUD +// ----------------------------------------------------------------------------- + +func (r *REST) Create( + ctx context.Context, + obj runtime.Object, + _ rest.ValidateObjectFunc, + opts *metav1.CreateOptions, +) (runtime.Object, error) { + in, ok := obj.(*corev1alpha1.TenantSecret) + if !ok { + return nil, fmt.Errorf("expected TenantSecret, got %T", obj) + } + + sec := tenantToSecret(in, nil) + out, err := r.core.Secrets(sec.Namespace).Create(ctx, sec, *opts) + if err != nil { + return nil, err + } + return secretToTenant(out), nil +} + +func (r *REST) Get( + ctx context.Context, + name string, + opts *metav1.GetOptions, +) (runtime.Object, error) { + ns, err := nsFrom(ctx) + if err != nil { + return nil, err + } + sec, err := r.core.Secrets(ns).Get(ctx, name, *opts) + if err != nil { + return nil, err + } + return secretToTenant(sec), nil +} + +func (r *REST) List(ctx context.Context, opts *metainternal.ListOptions) (runtime.Object, error) { + ns, err := nsFrom(ctx) + if err != nil { + return nil, err + } + + ls := labels.NewSelector() + req, _ := labels.NewRequirement(tsLabelKey, selection.Equals, []string{tsLabelValue}) + ls = ls.Add(*req) + + if opts.LabelSelector != nil { + if reqs, _ := opts.LabelSelector.Requirements(); len(reqs) > 0 { + ls = ls.Add(reqs...) + } + } + + fieldSel := "" + if opts.FieldSelector != nil { + fieldSel = opts.FieldSelector.String() + } + + list, err := r.core.Secrets(ns).List(ctx, metav1.ListOptions{ + LabelSelector: ls.String(), + FieldSelector: fieldSel, + }) + if err != nil { + return nil, err + } + + out := &corev1alpha1.TenantSecretList{ + TypeMeta: metav1.TypeMeta{ + APIVersion: corev1alpha1.SchemeGroupVersion.String(), + Kind: kindTenantSecretList, + }, + ListMeta: list.ListMeta, + } + + for i := range list.Items { + out.Items = append(out.Items, *secretToTenant(&list.Items[i])) + } + sort.Slice(out.Items, func(i, j int) bool { return out.Items[i].Name < out.Items[j].Name }) + return out, nil +} + +func (r *REST) Update( + ctx context.Context, + name string, + objInfo rest.UpdatedObjectInfo, + _ rest.ValidateObjectFunc, + _ rest.ValidateObjectUpdateFunc, + forceCreate bool, + opts *metav1.UpdateOptions, +) (runtime.Object, bool, error) { + ns, err := nsFrom(ctx) + if err != nil { + return nil, false, err + } + + cur, err := r.core.Secrets(ns).Get(ctx, name, metav1.GetOptions{}) + if err != nil && !apierrors.IsNotFound(err) { + return nil, false, err + } + + newObj, err := objInfo.UpdatedObject(ctx, nil) + if err != nil { + return nil, false, err + } + in := newObj.(*corev1alpha1.TenantSecret) + + newSec := tenantToSecret(in, cur) + if cur == nil { + if !forceCreate && err == nil { + return nil, false, apierrors.NewNotFound(r.gvr.GroupResource(), name) + } + out, err := r.core.Secrets(ns).Create(ctx, newSec, metav1.CreateOptions{}) + return secretToTenant(out), true, err + } + + newSec.ResourceVersion = cur.ResourceVersion + out, err := r.core.Secrets(ns).Update(ctx, newSec, *opts) + return secretToTenant(out), false, err +} + +func (r *REST) Delete( + ctx context.Context, + name string, + _ rest.ValidateObjectFunc, + opts *metav1.DeleteOptions, +) (runtime.Object, bool, error) { + ns, err := nsFrom(ctx) + if err != nil { + return nil, false, err + } + err = r.core.Secrets(ns).Delete(ctx, name, *opts) + return nil, err == nil, err +} + +func (r *REST) Patch( + ctx context.Context, + name string, + pt types.PatchType, + data []byte, + opts *metav1.PatchOptions, + subresources ...string, +) (runtime.Object, error) { + ns, err := nsFrom(ctx) + if err != nil { + return nil, err + } + + out, err := r.core.Secrets(ns). + Patch(ctx, name, pt, data, *opts, subresources...) + if err != nil { + return nil, err + } + + // Ensure tenant secret label is preserved + if out.Labels[tsLabelKey] != tsLabelValue { + out.Labels[tsLabelKey] = tsLabelValue + out, _ = r.core.Secrets(ns).Update(ctx, out, metav1.UpdateOptions{}) + } + + return secretToTenant(out), nil +} + +// ----------------------------------------------------------------------------- +// Watcher +// ----------------------------------------------------------------------------- + +func (r *REST) Watch(ctx context.Context, opts *metainternal.ListOptions) (watch.Interface, error) { + ns, err := nsFrom(ctx) + if err != nil { + return nil, err + } + + ls := labels.Set{tsLabelKey: tsLabelValue}.AsSelector().String() + base, err := r.core.Secrets(ns).Watch(ctx, metav1.ListOptions{ + Watch: true, + LabelSelector: ls, + ResourceVersion: opts.ResourceVersion, + }) + if err != nil { + return nil, err + } + + ch := make(chan watch.Event) + proxy := watch.NewProxyWatcher(ch) + + go func() { + defer proxy.Stop() + for ev := range base.ResultChan() { + sec, ok := ev.Object.(*corev1.Secret) + if !ok || sec == nil { + continue + } + tenant := secretToTenant(sec) + ch <- watch.Event{ + Type: ev.Type, + Object: tenant, + } + } + }() + + return proxy, nil +} + +// ----------------------------------------------------------------------------- +// TableConvertor +// ----------------------------------------------------------------------------- + +func (r *REST) ConvertToTable(_ context.Context, obj runtime.Object, _ runtime.Object) (*metav1.Table, error) { + now := time.Now() + row := func(o *corev1alpha1.TenantSecret) metav1.TableRow { + return metav1.TableRow{ + Cells: []interface{}{o.Name, o.Type, duration.HumanDuration(now.Sub(o.CreationTimestamp.Time))}, + Object: runtime.RawExtension{Object: o}, + } + } + + tbl := &metav1.Table{ + TypeMeta: metav1.TypeMeta{APIVersion: "meta.k8s.io/v1", Kind: "Table"}, + ColumnDefinitions: []metav1.TableColumnDefinition{ + {Name: "NAME", Type: "string"}, + {Name: "TYPE", Type: "string"}, + {Name: "AGE", Type: "string"}, + }, + } + + switch v := obj.(type) { + case *corev1alpha1.TenantSecretList: + for i := range v.Items { + tbl.Rows = append(tbl.Rows, row(&v.Items[i])) + } + tbl.ListMeta.ResourceVersion = v.ListMeta.ResourceVersion + case *corev1alpha1.TenantSecret: + tbl.Rows = append(tbl.Rows, row(v)) + tbl.ListMeta.ResourceVersion = v.ResourceVersion + default: + return nil, notAcceptable{r.gvr.GroupResource(), fmt.Sprintf("unexpected %T", obj)} + } + return tbl, nil +} + +// ----------------------------------------------------------------------------- +// Boiler-plate +// ----------------------------------------------------------------------------- + +func (*REST) Destroy() {} + +type notAcceptable struct { + resource schema.GroupResource + message string +} + +func (e notAcceptable) Error() string { return e.message } +func (e notAcceptable) Status() metav1.Status { + return metav1.Status{ + Status: metav1.StatusFailure, + Code: http.StatusNotAcceptable, + Reason: metav1.StatusReason("NotAcceptable"), + Message: e.message, + } +} diff --git a/pkg/registry/core/tenantsecretstable/rest.go b/pkg/registry/core/tenantsecretstable/rest.go new file mode 100644 index 00000000..644f2c98 --- /dev/null +++ b/pkg/registry/core/tenantsecretstable/rest.go @@ -0,0 +1,317 @@ +// SPDX-License-Identifier: Apache-2.0 +// TenantSecretsTable registry – namespaced, read-only flattened view over +// Secrets labelled "internal.cozystack.io/tenantsecret=true". Each data key is a separate object. + +package tenantsecretstable + +import ( + "context" + "encoding/base64" + "fmt" + "net/http" + "sort" + "time" + + corev1 "k8s.io/api/core/v1" + apierrors "k8s.io/apimachinery/pkg/api/errors" + metainternal "k8s.io/apimachinery/pkg/apis/meta/internalversion" + metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" + "k8s.io/apimachinery/pkg/labels" + "k8s.io/apimachinery/pkg/runtime" + "k8s.io/apimachinery/pkg/runtime/schema" + "k8s.io/apimachinery/pkg/selection" + "k8s.io/apimachinery/pkg/watch" + "k8s.io/apiserver/pkg/endpoints/request" + "k8s.io/apiserver/pkg/registry/rest" + corev1client "k8s.io/client-go/kubernetes/typed/core/v1" + + corev1alpha1 "github.com/cozystack/cozystack/pkg/apis/core/v1alpha1" +) + +const ( + tsLabelKey = "apps.cozystack.io/tenantresource" + tsLabelValue = "true" + kindObj = "TenantSecretsTable" + kindObjList = "TenantSecretsTableList" + singularName = "tenantsecretstable" + resourcePlural = "tenantsecretstables" +) + +type REST struct { + core corev1client.CoreV1Interface + gvr schema.GroupVersionResource +} + +func NewREST(coreCli corev1client.CoreV1Interface) *REST { + return &REST{ + core: coreCli, + gvr: schema.GroupVersionResource{ + Group: corev1alpha1.GroupName, + Version: "v1alpha1", + Resource: resourcePlural, + }, + } +} + +var ( + _ rest.Getter = &REST{} + _ rest.Lister = &REST{} + _ rest.Watcher = &REST{} + _ rest.TableConvertor = &REST{} + _ rest.Scoper = &REST{} + _ rest.SingularNameProvider = &REST{} + _ rest.Storage = &REST{} +) + +func (*REST) NamespaceScoped() bool { return true } +func (*REST) New() runtime.Object { return &corev1alpha1.TenantSecretsTable{} } +func (*REST) NewList() runtime.Object { + return &corev1alpha1.TenantSecretsTableList{} +} +func (*REST) Kind() string { return kindObj } +func (r *REST) GroupVersionKind(_ schema.GroupVersion) schema.GroupVersionKind { + return r.gvr.GroupVersion().WithKind(kindObj) +} +func (*REST) GetSingularName() string { return singularName } +func (*REST) Destroy() {} + +func nsFrom(ctx context.Context) (string, error) { + ns, ok := request.NamespaceFrom(ctx) + if !ok { + return "", fmt.Errorf("namespace required") + } + return ns, nil +} + +// ----------------------- +// Get/List +// ----------------------- + +func (r *REST) Get(ctx context.Context, name string, opts *metav1.GetOptions) (runtime.Object, error) { + ns, err := nsFrom(ctx) + if err != nil { + return nil, err + } + + // We need to identify secret name and key. Iterate secrets in namespace with tenant secret label + // and return the matching composed object. + list, err := r.core.Secrets(ns).List(ctx, metav1.ListOptions{LabelSelector: labels.Set{tsLabelKey: tsLabelValue}.AsSelector().String()}) + if err != nil { + return nil, err + } + for i := range list.Items { + sec := &list.Items[i] + for k, v := range sec.Data { + composed := composedName(sec.Name, k) + if composed == name { + return secretKeyToObj(sec, k, v), nil + } + } + } + return nil, apierrors.NewNotFound(r.gvr.GroupResource(), name) +} + +func (r *REST) List(ctx context.Context, opts *metainternal.ListOptions) (runtime.Object, error) { + ns, err := nsFrom(ctx) + if err != nil { + return nil, err + } + + sel := labels.NewSelector() + req, _ := labels.NewRequirement(tsLabelKey, selection.Equals, []string{tsLabelValue}) + sel = sel.Add(*req) + if opts.LabelSelector != nil { + if reqs, _ := opts.LabelSelector.Requirements(); len(reqs) > 0 { + sel = sel.Add(reqs...) + } + } + fieldSel := "" + if opts.FieldSelector != nil { + fieldSel = opts.FieldSelector.String() + } + + list, err := r.core.Secrets(ns).List(ctx, metav1.ListOptions{LabelSelector: sel.String(), FieldSelector: fieldSel}) + if err != nil { + return nil, err + } + + out := &corev1alpha1.TenantSecretsTableList{ + TypeMeta: metav1.TypeMeta{APIVersion: corev1alpha1.SchemeGroupVersion.String(), Kind: kindObjList}, + ListMeta: list.ListMeta, + } + + for i := range list.Items { + sec := &list.Items[i] + // Ensure stable ordering of keys + keys := make([]string, 0, len(sec.Data)) + for k := range sec.Data { + keys = append(keys, k) + } + sort.Strings(keys) + for _, k := range keys { + v := sec.Data[k] + o := secretKeyToObj(sec, k, v) + out.Items = append(out.Items, *o) + } + } + + sort.Slice(out.Items, func(i, j int) bool { return out.Items[i].Name < out.Items[j].Name }) + return out, nil +} + +// ----------------------- +// Watch +// ----------------------- + +func (r *REST) Watch(ctx context.Context, opts *metainternal.ListOptions) (watch.Interface, error) { + ns, err := nsFrom(ctx) + if err != nil { + return nil, err + } + + ls := labels.Set{tsLabelKey: tsLabelValue}.AsSelector().String() + base, err := r.core.Secrets(ns).Watch(ctx, metav1.ListOptions{ + Watch: true, + LabelSelector: ls, + ResourceVersion: opts.ResourceVersion, + }) + if err != nil { + return nil, err + } + + ch := make(chan watch.Event) + proxy := watch.NewProxyWatcher(ch) + + go func() { + defer proxy.Stop() + for ev := range base.ResultChan() { + sec, ok := ev.Object.(*corev1.Secret) + if !ok || sec == nil { + continue + } + // Emit an event per key + for k, v := range sec.Data { + obj := secretKeyToObj(sec, k, v) + ch <- watch.Event{Type: ev.Type, Object: obj} + } + } + }() + + return proxy, nil +} + +// ----------------------- +// TableConvertor +// ----------------------- + +func (r *REST) ConvertToTable(_ context.Context, obj runtime.Object, _ runtime.Object) (*metav1.Table, error) { + now := time.Now() + row := func(o *corev1alpha1.TenantSecretsTable) metav1.TableRow { + return metav1.TableRow{ + Cells: []interface{}{o.Name, o.Data.Name, o.Data.Key, humanAge(o.CreationTimestamp.Time, now)}, + Object: runtime.RawExtension{Object: o}, + } + } + tbl := &metav1.Table{ + TypeMeta: metav1.TypeMeta{APIVersion: "meta.k8s.io/v1", Kind: "Table"}, + ColumnDefinitions: []metav1.TableColumnDefinition{ + {Name: "NAME", Type: "string"}, + {Name: "SECRET", Type: "string"}, + {Name: "KEY", Type: "string"}, + {Name: "AGE", Type: "string"}, + }, + } + switch v := obj.(type) { + case *corev1alpha1.TenantSecretsTableList: + for i := range v.Items { + tbl.Rows = append(tbl.Rows, row(&v.Items[i])) + } + tbl.ListMeta.ResourceVersion = v.ListMeta.ResourceVersion + case *corev1alpha1.TenantSecretsTable: + tbl.Rows = append(tbl.Rows, row(v)) + tbl.ListMeta.ResourceVersion = v.ResourceVersion + default: + return nil, notAcceptable{r.gvr.GroupResource(), fmt.Sprintf("unexpected %T", obj)} + } + return tbl, nil +} + +// ----------------------- +// Helpers +// ----------------------- + +func composedName(secretName, key string) string { + return secretName + "-" + key +} + +func humanAge(t time.Time, now time.Time) string { + d := now.Sub(t) + // simple human duration + if d.Hours() >= 24 { + return fmt.Sprintf("%dd", int(d.Hours()/24)) + } + if d.Hours() >= 1 { + return fmt.Sprintf("%dh", int(d.Hours())) + } + if d.Minutes() >= 1 { + return fmt.Sprintf("%dm", int(d.Minutes())) + } + return fmt.Sprintf("%ds", int(d.Seconds())) +} + +func secretKeyToObj(sec *corev1.Secret, key string, val []byte) *corev1alpha1.TenantSecretsTable { + return &corev1alpha1.TenantSecretsTable{ + TypeMeta: metav1.TypeMeta{APIVersion: corev1alpha1.SchemeGroupVersion.String(), Kind: kindObj}, + ObjectMeta: metav1.ObjectMeta{ + Name: sec.Name, + Namespace: sec.Namespace, + UID: sec.UID, + ResourceVersion: sec.ResourceVersion, + CreationTimestamp: sec.CreationTimestamp, + Labels: filterUserLabels(sec.Labels), + Annotations: sec.Annotations, + }, + Data: corev1alpha1.TenantSecretEntry{ + Name: sec.Name, + Key: key, + Value: toBase64String(val), + }, + } +} + +func filterUserLabels(m map[string]string) map[string]string { + if m == nil { + return nil + } + out := make(map[string]string, len(m)) + for k, v := range m { + if k == tsLabelKey { + continue + } + out[k] = v + } + return out +} + +func toBase64String(b []byte) string { + const enc = "ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789+/" + // Minimal base64 encoder to avoid extra deps; for readability we could use stdlib encoding/base64 + // but keeping inline is fine; however using stdlib is clearer. + // Using stdlib: + return base64.StdEncoding.EncodeToString(b) +} + +type notAcceptable struct { + resource schema.GroupResource + message string +} + +func (e notAcceptable) Error() string { return e.message } +func (e notAcceptable) Status() metav1.Status { + return metav1.Status{ + Status: metav1.StatusFailure, + Code: http.StatusNotAcceptable, + Reason: metav1.StatusReason("NotAcceptable"), + Message: e.message, + } +} diff --git a/pkg/registry/registry.go b/pkg/registry/registry.go index 5131f71d..44d7022c 100644 --- a/pkg/registry/registry.go +++ b/pkg/registry/registry.go @@ -17,24 +17,17 @@ limitations under the License. package registry import ( - "github.com/cozystack/cozystack/pkg/registry/apps/application" - "k8s.io/apimachinery/pkg/runtime/schema" genericregistry "k8s.io/apiserver/pkg/registry/generic/registry" "k8s.io/apiserver/pkg/registry/rest" ) -// REST implements a RESTStorage for API services against etcd +// REST is a thin wrapper around genericregistry.Store that also satisfies +// the GroupVersionKindProvider interface if callers need it later. type REST struct { *genericregistry.Store - GVK schema.GroupVersionKind } -// Implement the GroupVersionKindProvider interface -func (r *REST) GroupVersionKind(containingGV schema.GroupVersion) schema.GroupVersionKind { - return r.GVK -} - -// RESTInPeace creates REST for Application -func RESTInPeace(r *application.REST) rest.Storage { - return r -} +// RESTInPeace is a tiny helper so the call-site code reads nicely. It simply +// returns its argument, letting us defer (and centralise) any future error +// handling here. +func RESTInPeace(storage rest.Storage) rest.Storage { return storage } diff --git a/scripts/installer.sh b/scripts/installer.sh index 2ffeba7b..f8165938 100755 --- a/scripts/installer.sh +++ b/scripts/installer.sh @@ -89,6 +89,9 @@ kubectl get hr -A -o go-template='{{ range .items }}{{ if .spec.suspend }}{{ .sp esac done +# TODO: Update all Cozystack managed charts to latest version +# kubectl get hr -A -l cozystack.io/ui=true --no-headers | awk '{print "kubectl patch helmrelease -n " $1 " " $2 " --type=merge -p '\''{\"spec\":{\"chart\":{\"spec\":{\"version\":\"*\"}}}}'\'' "}' | sh -x + # Reconcile platform chart trap 'exit' INT TERM while true; do diff --git a/scripts/migrations/20 b/scripts/migrations/20 new file mode 100755 index 00000000..9093c887 --- /dev/null +++ b/scripts/migrations/20 @@ -0,0 +1,11 @@ +#!/bin/sh +# Migration 20 --> 21 + +set -euo pipefail + +kubectl delete ingresses.networking.k8s.io --all -n cozy-dashboard --ignore-not-found +kubectl delete crd cozystackresourcedefinitions.cozystack.io --ignore-not-found + +# Stamp version +kubectl create configmap -n cozy-system cozystack-version \ + --from-literal=version=21 --dry-run=client -o yaml | kubectl apply -f-