diff --git a/.github/CODEOWNERS b/.github/CODEOWNERS index 83e427c1..1530cb1c 100644 --- a/.github/CODEOWNERS +++ b/.github/CODEOWNERS @@ -1 +1 @@ -* @kvaps @lllamnyp @klinch0 +* @kvaps @lllamnyp @nbykov0 diff --git a/.github/ISSUE_TEMPLATE/bug_report.md b/.github/ISSUE_TEMPLATE/bug_report.md new file mode 100644 index 00000000..1a119259 --- /dev/null +++ b/.github/ISSUE_TEMPLATE/bug_report.md @@ -0,0 +1,50 @@ +--- +name: Bug report +about: Create a report to help us improve +labels: 'bug' +assignees: '' + +--- + + +**Describe the bug** +A clear and concise description of what the bug is. + +**Environment** +- Cozystack version +- Provider: on-prem, Hetzner, and so on + +**To Reproduce** +Steps to reproduce the behavior: +1. Go to '...' +2. Click on '....' +3. Scroll down to '....' +4. See error + +**Expected behaviour** +When taking the steps to reproduce, what should have happened differently? + +**Actual behaviour** +A clear and concise description of what happens when the bug occurs. Explain how the system currently behaves, including error messages, unexpected results, or incorrect functionality observed during execution. + + +**Logs** +``` +Paste any relevant logs here. Please redact tokens, passwords, private keys. +``` + +**Screenshots** +If applicable, add screenshots to help explain the problem. + +**Additional context** +Add any other context about the problem here. + +**Checklist** +- [ ] I have checked the documentation +- [ ] I have searched for similar issues +- [ ] I have included all required information +- [ ] I have provided clear steps to reproduce +- [ ] I have included relevant logs diff --git a/.github/workflows/pull-requests.yaml b/.github/workflows/pull-requests.yaml index 42ac1949..a4dc1a4b 100644 --- a/.github/workflows/pull-requests.yaml +++ b/.github/workflows/pull-requests.yaml @@ -1,7 +1,8 @@ name: Pull Request env: - REGISTRY: ${{ vars.OCIR_REPO }} + # TODO: unhardcode this + REGISTRY: iad.ocir.io/idyksih5sir9/cozystack on: pull_request: types: [opened, synchronize, reopened] diff --git a/CODE_OF_CONDUCT.md b/CODE_OF_CONDUCT.md index fcc2428d..47ffec55 100644 --- a/CODE_OF_CONDUCT.md +++ b/CODE_OF_CONDUCT.md @@ -1,3 +1,22 @@ # Code of Conduct Cozystack follows the [CNCF Code of Conduct](https://github.com/cncf/foundation/blob/master/code-of-conduct.md). + +# Cozystack Vendor Neutrality Manifesto + +Cozystack exists for the cloud-native community. We are committed to a project culture where no single company, product, or commercial agenda directs our roadmap, governance, brand, or releases. Our North Star is user value, technical excellence, and open collaboration under the CNCF umbrella. + +## Our Commitments + +- **Community-first:** Decisions prioritize the broader community over any vendor interest. +- **Open collaboration:** Ideas, discussions, and outcomes happen in public spaces; contributions are welcomed from all. +- **Merit over affiliation:** Proposals are evaluated on technical merit and user impact, not on who submits them. +- **Inclusive stewardship:** Leadership and maintenance are open to contributors who demonstrate sustained, constructive impact. +- **Technology choice:** We prefer open, pluggable designs that interoperate with multiple ecosystems and providers. +- **Neutral brand & voice:** Our name, logo, website, and documentation do not imply endorsement or preference for any vendor. +- **Transparent practices:** Funding acknowledgments, partnerships, and potential conflicts are communicated openly. +- **User trust:** Security handling, releases, and communications aim to be timely, transparent, and fair to all users. + +By contributing to Cozystack, we affirm these principles and work together to keep the project open, welcoming, and vendor-neutral. + +*— The Cozystack community* diff --git a/CONTRIBUTOR_LADDER.md b/CONTRIBUTOR_LADDER.md new file mode 100644 index 00000000..e41f6a93 --- /dev/null +++ b/CONTRIBUTOR_LADDER.md @@ -0,0 +1,151 @@ +# Contributor Ladder + +* [Contributor Ladder](#contributor-ladder) + * [Community Participant](#community-participant) + * [Contributor](#contributor) + * [Reviewer](#reviewer) + * [Maintainer](#maintainer) +* [Inactivity](#inactivity) +* [Involuntary Removal](#involuntary-removal-or-demotion) +* [Stepping Down/Emeritus Process](#stepping-downemeritus-process) +* [Contact](#contact) + + +## Contributor Ladder + +Hello! We are excited that you want to learn more about our project contributor ladder! This contributor ladder outlines the different contributor roles within the project, along with the responsibilities and privileges that come with them. Community members generally start at the first levels of the "ladder" and advance up it as their involvement in the project grows. Our project members are happy to help you advance along the contributor ladder. + +Each of the contributor roles below is organized into lists of three types of things. "Responsibilities" are things that a contributor is expected to do. "Requirements" are qualifications a person needs to meet to be in that role, and "Privileges" are things contributors on that level are entitled to. + + +### Community Participant +Description: A Community Participant engages with the project and its community, contributing their time, thoughts, etc. Community participants are usually users who have stopped being anonymous and started being active in project discussions. + +* Responsibilities: + * Must follow the [CNCF CoC](https://github.com/cncf/foundation/blob/main/code-of-conduct.md) +* How users can get involved with the community: + * Participating in community discussions + * Helping other users + * Submitting bug reports + * Commenting on issues + * Trying out new releases + * Attending community events + + +### Contributor +Description: A Contributor contributes directly to the project and adds value to it. Contributions need not be code. People at the Contributor level may be new contributors, or they may only contribute occasionally. + +* Responsibilities include: + * Follow the [CNCF CoC](https://github.com/cncf/foundation/blob/main/code-of-conduct.md) + * Follow the project [contributing guide] (https://github.com/cozystack/cozystack/blob/main/CONTRIBUTING.md) +* Requirements (one or several of the below): + * Report and sometimes resolve issues + * Occasionally submit PRs + * Contribute to the documentation + * Show up at meetings, takes notes + * Answer questions from other community members + * Submit feedback on issues and PRs + * Test releases and patches and submit reviews + * Run or helps run events + * Promote the project in public + * Help run the project infrastructure +* Privileges: + * Invitations to contributor events + * Eligible to become a Maintainer + + +### Reviewer +Description: A Reviewer has responsibility for specific code, documentation, test, or other project areas. They are collectively responsible, with other Reviewers, for reviewing all changes to those areas and indicating whether those changes are ready to merge. They have a track record of contribution and review in the project. + +Reviewers are responsible for a "specific area." This can be a specific code directory, driver, chapter of the docs, test job, event, or other clearly-defined project component that is smaller than an entire repository or subproject. Most often it is one or a set of directories in one or more Git repositories. The "specific area" below refers to this area of responsibility. + +Reviewers have all the rights and responsibilities of a Contributor, plus: + +* Responsibilities include: + * Continues to contribute regularly, as demonstrated by having at least 15 PRs a year, as demonstrated by [Cozystack devstats](https://cozystack.devstats.cncf.io). + * Following the reviewing guide + * Reviewing most Pull Requests against their specific areas of responsibility + * Reviewing at least 40 PRs per year + * Helping other contributors become reviewers +* Requirements: + * Must have successful contributions to the project, including at least one of the following: + * 10 accepted PRs, + * Reviewed 20 PRs, + * Resolved and closed 20 Issues, + * Become responsible for a key project management area, + * Or some equivalent combination or contribution + * Must have been contributing for at least 6 months + * Must be actively contributing to at least one project area + * Must have two sponsors who are also Reviewers or Maintainers, at least one of whom does not work for the same employer + * Has reviewed, or helped review, at least 20 Pull Requests + * Has analyzed and resolved test failures in their specific area + * Has demonstrated an in-depth knowledge of the specific area + * Commits to being responsible for that specific area + * Is supportive of new and occasional contributors and helps get useful PRs in shape to commit +* Additional privileges: + * Has GitHub or CI/CD rights to approve pull requests in specific directories + * Can recommend and review other contributors to become Reviewers + * May be assigned Issues and Reviews + * May give commands to CI/CD automation + * Can recommend other contributors to become Reviewers + + +The process of becoming a Reviewer is: +1. The contributor is nominated by opening a PR against the appropriate repository, which adds their GitHub username to the OWNERS file for one or more directories. +2. At least two members of the team that owns that repository or main directory, who are already Approvers, approve the PR. + + +### Maintainer +Description: Maintainers are very established contributors who are responsible for the entire project. As such, they have the ability to approve PRs against any area of the project, and are expected to participate in making decisions about the strategy and priorities of the project. + +A Maintainer must meet the responsibilities and requirements of a Reviewer, plus: + +* Responsibilities include: + * Reviewing at least 40 PRs per year, especially PRs that involve multiple parts of the project + * Mentoring new Reviewers + * Writing refactoring PRs + * Participating in CNCF maintainer activities + * Determining strategy and policy for the project + * Participating in, and leading, community meetings +* Requirements + * Experience as a Reviewer for at least 6 months + * Demonstrates a broad knowledge of the project across multiple areas + * Is able to exercise judgment for the good of the project, independent of their employer, friends, or team + * Mentors other contributors + * Can commit to spending at least 10 hours per month working on the project +* Additional privileges: + * Approve PRs to any area of the project + * Represent the project in public as a Maintainer + * Communicate with the CNCF on behalf of the project + * Have a vote in Maintainer decision-making meetings + + +Process of becoming a maintainer: +1. Any current Maintainer may nominate a current Reviewer to become a new Maintainer, by opening a PR against the root of the cozystack repository adding the nominee as an Approver in the [MAINTAINERS](https://github.com/cozystack/cozystack/blob/main/MAINTAINERS.md) file. +2. The nominee will add a comment to the PR testifying that they agree to all requirements of becoming a Maintainer. +3. A majority of the current Maintainers must then approve the PR. + + +## Inactivity +It is important for contributors to be and stay active to set an example and show commitment to the project. Inactivity is harmful to the project as it may lead to unexpected delays, contributor attrition, and a lost of trust in the project. + +* Inactivity is measured by: + * Periods of no contributions for longer than 6 months + * Periods of no communication for longer than 3 months +* Consequences of being inactive include: + * Involuntary removal or demotion + * Being asked to move to Emeritus status + +## Involuntary Removal or Demotion + +Involuntary removal/demotion of a contributor happens when responsibilities and requirements aren't being met. This may include repeated patterns of inactivity, extended period of inactivity, a period of failing to meet the requirements of your role, and/or a violation of the Code of Conduct. This process is important because it protects the community and its deliverables while also opens up opportunities for new contributors to step in. + +Involuntary removal or demotion is handled through a vote by a majority of the current Maintainers. + +## Stepping Down/Emeritus Process +If and when contributors' commitment levels change, contributors can consider stepping down (moving down the contributor ladder) vs moving to emeritus status (completely stepping away from the project). + +Contact the Maintainers about changing to Emeritus status, or reducing your contributor level. + +## Contact +* For inquiries, please reach out to: @kvaps, @tym83 diff --git a/MAINTAINERS.md b/MAINTAINERS.md index ba191681..9c44daab 100644 --- a/MAINTAINERS.md +++ b/MAINTAINERS.md @@ -7,6 +7,6 @@ | Kingdon Barrett | [@kingdonb](https://github.com/kingdonb) | Urmanac | FluxCD and flux-operator | | Timofei Larkin | [@lllamnyp](https://github.com/lllamnyp) | 3commas | Etcd-operator Lead | | Artem Bortnikov | [@aobort](https://github.com/aobort) | Timescale | Etcd-operator Lead | -| Andrei Gumilev | [@chumkaska](https://github.com/chumkaska) | Ænix | Platform Documentation | | Timur Tukaev | [@tym83](https://github.com/tym83) | Ænix | Cozystack Website, Marketing, Community Management | | Kirill Klinchenkov | [@klinch0](https://github.com/klinch0) | Ænix | Core Maintainer | +| Nikita Bykov | [@nbykov0](https://github.com/nbykov0) | Ænix | Maintainer of ARM and stuff | diff --git a/Makefile b/Makefile index c941a9ff..bb5eb40e 100644 --- a/Makefile +++ b/Makefile @@ -15,6 +15,7 @@ build: build-deps make -C packages/extra/monitoring image make -C packages/system/cozystack-api image make -C packages/system/cozystack-controller image + make -C packages/system/lineage-controller-webhook image make -C packages/system/cilium image make -C packages/system/kubeovn image make -C packages/system/kubeovn-webhook image diff --git a/api/v1alpha1/cozystackresourcedefinitions_types.go b/api/v1alpha1/cozystackresourcedefinitions_types.go index 760a5922..b2baee85 100644 --- a/api/v1alpha1/cozystackresourcedefinitions_types.go +++ b/api/v1alpha1/cozystackresourcedefinitions_types.go @@ -51,7 +51,11 @@ type CozystackResourceDefinitionSpec struct { Release CozystackResourceDefinitionRelease `json:"release"` // Secret selectors - Secrets CozystackResourceDefinitionSecrets `json:"secrets,omitempty"` + Secrets CozystackResourceDefinitionResources `json:"secrets,omitempty"` + // Service selectors + Services CozystackResourceDefinitionResources `json:"services,omitempty"` + // Ingress selectors + Ingresses CozystackResourceDefinitionResources `json:"ingresses,omitempty"` // Dashboard configuration for this resource Dashboard *CozystackResourceDefinitionDashboard `json:"dashboard,omitempty"` @@ -95,16 +99,46 @@ type CozystackResourceDefinitionRelease struct { Prefix string `json:"prefix"` } -type CozystackResourceDefinitionSecrets struct { - // Exclude contains an array of label selectors that target secrets. - // If a secret matches the selector in any of the elements in the array, it is +// CozystackResourceDefinitionResourceSelector extends metav1.LabelSelector with resourceNames support. +// A resource matches this selector only if it satisfies ALL criteria: +// - Label selector conditions (matchExpressions and matchLabels) +// - AND has a name that matches one of the names in resourceNames (if specified) +// +// The resourceNames field supports Go templates with the following variables available: +// - {{ .name }}: The name of the managing application (from apps.cozystack.io/application.name) +// - {{ .kind }}: The lowercased kind of the managing application (from apps.cozystack.io/application.kind) +// - {{ .namespace }}: The namespace of the resource being processed +// +// Example YAML: +// secrets: +// include: +// - matchExpressions: +// - key: badlabel +// operator: DoesNotExist +// matchLabels: +// goodlabel: goodvalue +// resourceNames: +// - "{{ .name }}-secret" +// - "{{ .kind }}-{{ .name }}-tls" +// - "specificname" +type CozystackResourceDefinitionResourceSelector struct { + metav1.LabelSelector `json:",inline"` + // ResourceNames is a list of resource names to match + // If specified, the resource must have one of these exact names to match the selector + // +optional + ResourceNames []string `json:"resourceNames,omitempty"` +} + +type CozystackResourceDefinitionResources struct { + // Exclude contains an array of resource selectors that target resources. + // If a resource matches the selector in any of the elements in the array, it is // hidden from the user, regardless of the matches in the include array. - Exclude []*metav1.LabelSelector `json:"exclude,omitempty"` - // Include contains an array of label selectors that target secrets. - // If a secret matches the selector in any of the elements in the array, and - // matches none of the selectors in the exclude array that secret is marked - // as a tenant secret and is visible to users. - Include []*metav1.LabelSelector `json:"include,omitempty"` + Exclude []*CozystackResourceDefinitionResourceSelector `json:"exclude,omitempty"` + // Include contains an array of resource selectors that target resources. + // If a resource matches the selector in any of the elements in the array, and + // matches none of the selectors in the exclude array that resource is marked + // as a tenant resource and is visible to users. + Include []*CozystackResourceDefinitionResourceSelector `json:"include,omitempty"` } // ---- Dashboard types ---- diff --git a/api/v1alpha1/zz_generated.deepcopy.go b/api/v1alpha1/zz_generated.deepcopy.go index f8913912..42cf4c4a 100644 --- a/api/v1alpha1/zz_generated.deepcopy.go +++ b/api/v1alpha1/zz_generated.deepcopy.go @@ -22,7 +22,6 @@ package v1alpha1 import ( "k8s.io/apimachinery/pkg/api/resource" - "k8s.io/apimachinery/pkg/apis/meta/v1" runtime "k8s.io/apimachinery/pkg/runtime" ) @@ -175,38 +174,59 @@ func (in *CozystackResourceDefinitionRelease) DeepCopy() *CozystackResourceDefin } // DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. -func (in *CozystackResourceDefinitionSecrets) DeepCopyInto(out *CozystackResourceDefinitionSecrets) { +func (in *CozystackResourceDefinitionResourceSelector) DeepCopyInto(out *CozystackResourceDefinitionResourceSelector) { + *out = *in + in.LabelSelector.DeepCopyInto(&out.LabelSelector) + if in.ResourceNames != nil { + in, out := &in.ResourceNames, &out.ResourceNames + *out = make([]string, len(*in)) + copy(*out, *in) + } +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new CozystackResourceDefinitionResourceSelector. +func (in *CozystackResourceDefinitionResourceSelector) DeepCopy() *CozystackResourceDefinitionResourceSelector { + if in == nil { + return nil + } + out := new(CozystackResourceDefinitionResourceSelector) + in.DeepCopyInto(out) + return out +} + +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *CozystackResourceDefinitionResources) DeepCopyInto(out *CozystackResourceDefinitionResources) { *out = *in if in.Exclude != nil { in, out := &in.Exclude, &out.Exclude - *out = make([]*v1.LabelSelector, len(*in)) + *out = make([]*CozystackResourceDefinitionResourceSelector, len(*in)) for i := range *in { if (*in)[i] != nil { in, out := &(*in)[i], &(*out)[i] - *out = new(v1.LabelSelector) + *out = new(CozystackResourceDefinitionResourceSelector) (*in).DeepCopyInto(*out) } } } if in.Include != nil { in, out := &in.Include, &out.Include - *out = make([]*v1.LabelSelector, len(*in)) + *out = make([]*CozystackResourceDefinitionResourceSelector, len(*in)) for i := range *in { if (*in)[i] != nil { in, out := &(*in)[i], &(*out)[i] - *out = new(v1.LabelSelector) + *out = new(CozystackResourceDefinitionResourceSelector) (*in).DeepCopyInto(*out) } } } } -// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new CozystackResourceDefinitionSecrets. -func (in *CozystackResourceDefinitionSecrets) DeepCopy() *CozystackResourceDefinitionSecrets { +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new CozystackResourceDefinitionResources. +func (in *CozystackResourceDefinitionResources) DeepCopy() *CozystackResourceDefinitionResources { if in == nil { return nil } - out := new(CozystackResourceDefinitionSecrets) + out := new(CozystackResourceDefinitionResources) in.DeepCopyInto(out) return out } @@ -217,6 +237,8 @@ func (in *CozystackResourceDefinitionSpec) DeepCopyInto(out *CozystackResourceDe out.Application = in.Application in.Release.DeepCopyInto(&out.Release) in.Secrets.DeepCopyInto(&out.Secrets) + in.Services.DeepCopyInto(&out.Services) + in.Ingresses.DeepCopyInto(&out.Ingresses) if in.Dashboard != nil { in, out := &in.Dashboard, &out.Dashboard *out = new(CozystackResourceDefinitionDashboard) diff --git a/cmd/cozystack-controller/main.go b/cmd/cozystack-controller/main.go index f774284a..c2ceb451 100644 --- a/cmd/cozystack-controller/main.go +++ b/cmd/cozystack-controller/main.go @@ -39,7 +39,6 @@ import ( cozystackiov1alpha1 "github.com/cozystack/cozystack/api/v1alpha1" "github.com/cozystack/cozystack/internal/controller" "github.com/cozystack/cozystack/internal/controller/dashboard" - lcw "github.com/cozystack/cozystack/internal/lineagecontrollerwebhook" "github.com/cozystack/cozystack/internal/telemetry" helmv2 "github.com/fluxcd/helm-controller/api/v2" @@ -222,20 +221,6 @@ func main() { os.Exit(1) } - // special one that's both a webhook and a reconciler - lineageControllerWebhook := &lcw.LineageControllerWebhook{ - Client: mgr.GetClient(), - Scheme: mgr.GetScheme(), - } - if err := lineageControllerWebhook.SetupWithManagerAsController(mgr); err != nil { - setupLog.Error(err, "unable to setup controller", "controller", "LineageController") - os.Exit(1) - } - if err := lineageControllerWebhook.SetupWithManagerAsWebhook(mgr); err != nil { - setupLog.Error(err, "unable to setup webhook", "webhook", "LineageWebhook") - os.Exit(1) - } - // +kubebuilder:scaffold:builder if err := mgr.AddHealthzCheck("healthz", healthz.Ping); err != nil { diff --git a/cmd/lineage-controller-webhook/main.go b/cmd/lineage-controller-webhook/main.go new file mode 100644 index 00000000..ffe0942b --- /dev/null +++ b/cmd/lineage-controller-webhook/main.go @@ -0,0 +1,179 @@ +/* +Copyright 2025. + +Licensed under the Apache License, Version 2.0 (the "License"); +you may not use this file except in compliance with the License. +You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + +Unless required by applicable law or agreed to in writing, software +distributed under the License is distributed on an "AS IS" BASIS, +WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +See the License for the specific language governing permissions and +limitations under the License. +*/ + +package main + +import ( + "crypto/tls" + "flag" + "os" + + // Import all Kubernetes client auth plugins (e.g. Azure, GCP, OIDC, etc.) + // to ensure that exec-entrypoint and run can make use of them. + _ "k8s.io/client-go/plugin/pkg/client/auth" + + "k8s.io/apimachinery/pkg/runtime" + utilruntime "k8s.io/apimachinery/pkg/util/runtime" + clientgoscheme "k8s.io/client-go/kubernetes/scheme" + ctrl "sigs.k8s.io/controller-runtime" + "sigs.k8s.io/controller-runtime/pkg/healthz" + "sigs.k8s.io/controller-runtime/pkg/log/zap" + "sigs.k8s.io/controller-runtime/pkg/metrics/filters" + metricsserver "sigs.k8s.io/controller-runtime/pkg/metrics/server" + "sigs.k8s.io/controller-runtime/pkg/webhook" + + cozystackiov1alpha1 "github.com/cozystack/cozystack/api/v1alpha1" + lcw "github.com/cozystack/cozystack/internal/lineagecontrollerwebhook" + // +kubebuilder:scaffold:imports +) + +var ( + scheme = runtime.NewScheme() + setupLog = ctrl.Log.WithName("setup") +) + +func init() { + utilruntime.Must(clientgoscheme.AddToScheme(scheme)) + + utilruntime.Must(cozystackiov1alpha1.AddToScheme(scheme)) + // +kubebuilder:scaffold:scheme +} + +func main() { + var metricsAddr string + var enableLeaderElection bool + var probeAddr string + var secureMetrics bool + var enableHTTP2 bool + var tlsOpts []func(*tls.Config) + flag.StringVar(&metricsAddr, "metrics-bind-address", "0", "The address the metrics endpoint binds to. "+ + "Use :8443 for HTTPS or :8080 for HTTP, or leave as 0 to disable the metrics service.") + flag.StringVar(&probeAddr, "health-probe-bind-address", ":8081", "The address the probe endpoint binds to.") + flag.BoolVar(&enableLeaderElection, "leader-elect", false, + "Enable leader election for controller manager. "+ + "Enabling this will ensure there is only one active controller manager.") + flag.BoolVar(&secureMetrics, "metrics-secure", true, + "If set, the metrics endpoint is served securely via HTTPS. Use --metrics-secure=false to use HTTP instead.") + flag.BoolVar(&enableHTTP2, "enable-http2", false, + "If set, HTTP/2 will be enabled for the metrics and webhook servers") + opts := zap.Options{ + Development: false, + } + opts.BindFlags(flag.CommandLine) + flag.Parse() + + ctrl.SetLogger(zap.New(zap.UseFlagOptions(&opts))) + + // if the enable-http2 flag is false (the default), http/2 should be disabled + // due to its vulnerabilities. More specifically, disabling http/2 will + // prevent from being vulnerable to the HTTP/2 Stream Cancellation and + // Rapid Reset CVEs. For more information see: + // - https://github.com/advisories/GHSA-qppj-fm5r-hxr3 + // - https://github.com/advisories/GHSA-4374-p667-p6c8 + disableHTTP2 := func(c *tls.Config) { + setupLog.Info("disabling http/2") + c.NextProtos = []string{"http/1.1"} + } + + if !enableHTTP2 { + tlsOpts = append(tlsOpts, disableHTTP2) + } + + webhookServer := webhook.NewServer(webhook.Options{ + TLSOpts: tlsOpts, + }) + + // Metrics endpoint is enabled in 'config/default/kustomization.yaml'. The Metrics options configure the server. + // More info: + // - https://pkg.go.dev/sigs.k8s.io/controller-runtime@v0.19.1/pkg/metrics/server + // - https://book.kubebuilder.io/reference/metrics.html + metricsServerOptions := metricsserver.Options{ + BindAddress: metricsAddr, + SecureServing: secureMetrics, + TLSOpts: tlsOpts, + } + + if secureMetrics { + // FilterProvider is used to protect the metrics endpoint with authn/authz. + // These configurations ensure that only authorized users and service accounts + // can access the metrics endpoint. The RBAC are configured in 'config/rbac/kustomization.yaml'. More info: + // https://pkg.go.dev/sigs.k8s.io/controller-runtime@v0.19.1/pkg/metrics/filters#WithAuthenticationAndAuthorization + metricsServerOptions.FilterProvider = filters.WithAuthenticationAndAuthorization + + // TODO(user): If CertDir, CertName, and KeyName are not specified, controller-runtime will automatically + // generate self-signed certificates for the metrics server. While convenient for development and testing, + // this setup is not recommended for production. + } + + // Configure rate limiting for the Kubernetes client + config := ctrl.GetConfigOrDie() + config.QPS = 50.0 // Increased from default 5.0 + config.Burst = 100 // Increased from default 10 + + mgr, err := ctrl.NewManager(config, ctrl.Options{ + Scheme: scheme, + Metrics: metricsServerOptions, + WebhookServer: webhookServer, + HealthProbeBindAddress: probeAddr, + LeaderElection: enableLeaderElection, + LeaderElectionID: "8796f12d.cozystack.io", + // LeaderElectionReleaseOnCancel defines if the leader should step down voluntarily + // when the Manager ends. This requires the binary to immediately end when the + // Manager is stopped, otherwise, this setting is unsafe. Setting this significantly + // speeds up voluntary leader transitions as the new leader don't have to wait + // LeaseDuration time first. + // + // In the default scaffold provided, the program ends immediately after + // the manager stops, so would be fine to enable this option. However, + // if you are doing or is intended to do any operation such as perform cleanups + // after the manager stops then its usage might be unsafe. + // LeaderElectionReleaseOnCancel: true, + }) + if err != nil { + setupLog.Error(err, "unable to start manager") + os.Exit(1) + } + + lineageControllerWebhook := &lcw.LineageControllerWebhook{ + Client: mgr.GetClient(), + Scheme: mgr.GetScheme(), + } + if err := lineageControllerWebhook.SetupWithManagerAsController(mgr); err != nil { + setupLog.Error(err, "unable to setup controller", "controller", "LineageController") + os.Exit(1) + } + if err := lineageControllerWebhook.SetupWithManagerAsWebhook(mgr); err != nil { + setupLog.Error(err, "unable to setup webhook", "webhook", "LineageWebhook") + os.Exit(1) + } + + // +kubebuilder:scaffold:builder + + if err := mgr.AddHealthzCheck("healthz", healthz.Ping); err != nil { + setupLog.Error(err, "unable to set up health check") + os.Exit(1) + } + if err := mgr.AddReadyzCheck("readyz", healthz.Ping); err != nil { + setupLog.Error(err, "unable to set up ready check") + os.Exit(1) + } + + setupLog.Info("starting manager") + if err := mgr.Start(ctrl.SetupSignalHandler()); err != nil { + setupLog.Error(err, "problem running manager") + os.Exit(1) + } +} diff --git a/docs/changelogs/patch-template.md b/docs/changelogs/patch-template.md new file mode 100644 index 00000000..69ad49ba --- /dev/null +++ b/docs/changelogs/patch-template.md @@ -0,0 +1,18 @@ + + + +## Features and Improvements + +## Security + +## Fixes + +## Dependencies + +## Development, Testing, and CI/CD + +--- + +**Full Changelog**: https://github.com/cozystack/cozystack/compare/v0.36.0...main diff --git a/docs/changelogs/template.md b/docs/changelogs/template.md index 6497b7c0..a939e23a 100644 --- a/docs/changelogs/template.md +++ b/docs/changelogs/template.md @@ -17,4 +17,4 @@ https://github.com/cozystack/cozystack/releases/tag/v0.. --- -**Full Changelog**: **Full Changelog**: https://github.com/cozystack/cozystack/compare/v0.34.0...v0.35.0 +**Full Changelog**: https://github.com/cozystack/cozystack/compare/v0.34.0...v0.35.0 diff --git a/docs/changelogs/unreleased.md b/docs/changelogs/unreleased.md new file mode 100644 index 00000000..1ea38313 --- /dev/null +++ b/docs/changelogs/unreleased.md @@ -0,0 +1,3 @@ +# Changes after v0.37.0 + +* [lineage] Break webhook out into a separate daemonset. Reduce unnecessary webhook calls by marking handled resources and excluding them from consideration by the webhook's object selector (@lllamnyp in #1515). diff --git a/docs/changelogs/v0.35.3.md b/docs/changelogs/v0.35.3.md new file mode 100644 index 00000000..38b31111 --- /dev/null +++ b/docs/changelogs/v0.35.3.md @@ -0,0 +1,10 @@ + + + +## Fixes + +* [seaweedfs] Add a liveness check for the SeaweedFS S3 endpoint to improve health monitoring and enable automatic recovery. (@IvanHunters in https://github.com/cozystack/cozystack/pull/1368) + +**Full Changelog**: https://github.com/cozystack/cozystack/compare/v0.35.2...v0.35.3 diff --git a/docs/changelogs/v0.35.4.md b/docs/changelogs/v0.35.4.md new file mode 100644 index 00000000..ba16e26d --- /dev/null +++ b/docs/changelogs/v0.35.4.md @@ -0,0 +1,14 @@ + + + +## Fixes + +* [virtual-machine] Fix the regression in VM update hook introduced in https://github.com/cozystack/cozystack/pull/1169 by targeting the correct API resource and avoiding conflicts with KubeVirt resources. (@kvaps in https://github.com/cozystack/cozystack/pull/1376, backported in https://github.com/cozystack/cozystack/pull/1377) +* [cozy-lib] Add the missing template `cozy-lib.resources.flatten`. (@kvaps in https://github.com/cozystack/cozystack/pull/1372, backported in https://github.com/cozystack/cozystack/pull/1375) +* [platform] Fix a boolean override bug in Helm merge. ConfigMap values now correctly take precedence over bundle defaults. (@dyudin0821 in https://github.com/cozystack/cozystack/pull/1385, backported in https://github.com/cozystack/cozystack/pull/1388) +* [seaweedfs] Resolve connectivity issues in SeaweedFS. Increase Nginx ingress timeouts for SeaweedFS S3 endpoint. (@kvaps in https://github.com/cozystack/cozystack/pull/1386, backported in https://github.com/cozystack/cozystack/pull/1390) +* [dx] Remove the BUILDER and PLATFORM autodetect logic in Makefiles. (@kvaps in https://github.com/cozystack/cozystack/pull/1391, backported in https://github.com/cozystack/cozystack/pull/1392) + +**Full Changelog**: https://github.com/cozystack/cozystack/compare/v0.35.3...v0.35.4 diff --git a/docs/changelogs/v0.35.5.md b/docs/changelogs/v0.35.5.md new file mode 100644 index 00000000..02c744d6 --- /dev/null +++ b/docs/changelogs/v0.35.5.md @@ -0,0 +1,11 @@ + + + +## Fixes + +* [etcd] Ensure that TopologySpreadConstraints consistently target etcd pods. (@kvaps in https://github.com/cozystack/cozystack/pull/1405, backported in https://github.com/cozystack/cozystack/pull/1406) +* [tests] Add resource quota for testing namespaces. (@IvanHunters in https://github.com/cozystack/cozystack/commit/4982cdf5024c8bb9aa794b91d55545ea6b105d17) + +**Full Changelog**: https://github.com/cozystack/cozystack/compare/v0.35.4...v0.35.5 diff --git a/docs/changelogs/v0.36.0.md b/docs/changelogs/v0.36.0.md new file mode 100644 index 00000000..c300a852 --- /dev/null +++ b/docs/changelogs/v0.36.0.md @@ -0,0 +1,117 @@ + + + + +## Feature Highlights + +Release v0.36.0 focuses on the stability, observability, and flexible configuration of managed applications. + +### Per-Namespace Resource Limits for Tenants + +Resource management for Cozystack tenants has received a final patch and is now graduated to a stable feature. +Platform administrators can define explicit CPU, memory, and storage limits for each tenant's namespace +via the tenant specification. +This prevents any single tenant from consuming more than their share of cluster resources, +ensuring cluster stability and a guaranteed service level for each tenant. + +### Kube-OVN Cluster Health Monitor + +A new component called the Kube-OVN Plunger continuously monitors the health of the Kube-OVN network's central control cluster. +This external agent gathers OVN cluster status and consensus information, exposing Prometheus metrics and live events stream via SSE. +As a result, it provides much better visibility of the virtual network layer and helps maintain a reliable and observable network in Cozystack. +This change opens the road to automated Kube-OVN database operations and recovery in specific corner cases. + +### Configurable CoreDNS Addon for Kubernetes + +Cozystack introduces a dedicated CoreDNS addon for managing cluster DNS with greater flexibility. +CoreDNS is now deployed via a Helm chart and can be tuned through custom values in the cluster specification, +including autoscaling, replica count, and adjusting service IP. +CoreDNS can now be configured in the dashboard and using Cozystack API. + +### Granular SeaweedFS Service Configuration + +The SeaweedFS S3 storage service in Cozystack is now far more configurable at a component level. +The Helm chart for SeaweedFS now includes independent configuration for each component and its resources. +It includes the master nodes, volume servers with support for multiple zones, filers, the backing database, and the S3 gateway. +Administrators can set per-component parameters such as the number of replicas, available CPU, memory, and storage size. + +### Server-side Encryption for S3 + +Cozystack v0.36.0 includes SeaweedFS 3.97, bringing support for server-side encryption of S3 buckets (SSE-C, SSE-KMS, and SSE-S3). + +**Breaking change:** upon updating Cozystack, SeaweedFS will be updated to a newer version, and the services specification +will be converted to the new format. + +### Custom Resource Profiles for Ingress Controller + +NGINX controller is now configurable on a per-replica basis. +Configurations include the ingress controller pods' CPU and memory requests/limits, either with direct values or using one of the available presets. + +### Cozystack REST API Documentation + +[Cozystack REST API reference](https://cozystack.io/docs/cozystack-api/rest/) is now published on the website. +It includes endpoints and methods for listing, creating, updating, and removing each managed application, defined as Cozystack CRD. + + +### Built-in LLDP-Based Neighbor Discovery in Talos + +Cozystack now includes the LLDPD extension in its Talos OS image, enabling Link Layer Discovery Protocol (LLDP) out of the box. +This means each node can automatically discover and advertise its network neighbors and topology without any manual setup. + +### Use external IP for Egress Traffic in VMs + +When a virtual machine has an external IP assigned to it, it will now always use it for egress traffic, independently of the external method used. + +## Major Features and Improvements + +* [talos] Add LLDPD (`ghcr.io/siderolabs/lldpd`) as a built-in system extension, enabling LLDP-based neighbor discovery out of the box. (@lllamnyp in https://github.com/cozystack/cozystack/pull/1351 and https://github.com/cozystack/cozystack/pull/1360) +* [kubernetes] Add a configurable CoreDNS addon with valuesOverride, packaged chart, and managed deployment (metrics, autoscaling, HPA, customizable Service). (@klinch0 in https://github.com/cozystack/cozystack/pull/1362) +* [kube-ovn] Implement the Kube-OVN plunger, an external monitoring agent for the ovn-central cluster. (@lllamnyp in https://github.com/cozystack/cozystack/pull/1380, patched in https://github.com/cozystack/cozystack/pull/1414 and https://github.com/cozystack/cozystack/pull/1418) +* [tenant] Enable per-namespace resource quota settings in tenants, with explicit cpu, memory, and storage values. (@IvanHunters in https://github.com/cozystack/cozystack/pull/1389) +* [seaweedfs] Add detailed resource configuration for each component of the SeaweedFS service. (@klinch0 and @kvaps in https://github.com/cozystack/cozystack/pull/1415) +* [ingress] Enable per-replica resource configuration to the ingress controller. (@kvaps in https://github.com/cozystack/cozystack/pull/1416) +* [virtual-machine] Use external IP for egress traffic with `PortList` method. (@kvaps in https://github.com/cozystack/cozystack/pull/1349) + + +## Fixes + +* [cozy-lib] Fix malformed retrieval of `cozyConfig` in the cozy-lib template. (@lllamnyp in https://github.com/cozystack/cozystack/pull/1348) +* [cozy-lib] Add the missing template `cozy-lib.resources.flatten`. (@kvaps in https://github.com/cozystack/cozystack/pull/1372) +* [cozystack-api] Sanitize the OpenAPI v2 schema. (@kvaps in https://github.com/cozystack/cozystack/pull/1353) +* [kube-ovn] Improve northd leader detection. Patch the northd leader check to test against all endpoints instead of just the first one marked as ready. (@lllamnyp in https://github.com/cozystack/cozystack/pull/1363) +* [seaweedfs] Add a liveness check for the SeaweedFS S3 endpoint to improve health monitoring and enable automatic recovery. (@IvanHunters in https://github.com/cozystack/cozystack/pull/1368) +* [seaweedfs] Resolve race conditions in SeaweedFS. Increase deployment timeouts and set install/upgrade remediation to unlimited retries to improve deployment resilience. (@IvanHunters in https://github.com/cozystack/cozystack/pull/1371) +* [seaweedfs] Resolve connectivity issues in SeaweedFS. Increase Nginx ingress timeouts for SeaweedFS S3 endpoint. (@kvaps in https://github.com/cozystack/cozystack/pull/1386) +* [virtual-machine] Fix the reg ression in VM update hook introduced in https://github.com/cozystack/cozystack/pull/1169. Target the correct API resource and avoid conflicts with KubeVirt resources. (@kvaps in https://github.com/cozystack/cozystack/pull/1376) +* [virtual-machine] Correct app version references in `virtual-machine` and `vm-instance`, ensuring accurate versioning during migrations. (@kvaps in https://github.com/cozystack/cozystack/pull/1378). +* [cozyreport] Fix an error where cozyreport tried to parse non-existent objects and generated garbage output in CI debug logs. (@lllamnyp in https://github.com/cozystack/cozystack/pull/1383) +* [platform] Fix a boolean override bug in Helm merge. ConfigMap values now correctly take precedence over bundle defaults. (@dyudin0821 in https://github.com/cozystack/cozystack/pull/1385) +* [kubernetes] CoreDNS release now installs and stores state in the `kube-system` namespace. (@kvaps in https://github.com/cozystack/cozystack/pull/1395) +* [kubernetes] Expose configuration for CoreDNS, enabling setting the image repository and replica count via `values.yaml`. (@kvaps in https://github.com/cozystack/cozystack/pull/1410) +* [etcd] Ensure that TopologySpreadConstraints consistently target etcd pods. (@kvaps in https://github.com/cozystack/cozystack/pull/1405) +* [tenant] Use force-upgrade for ingress controller charts. (@klinch0 in https://github.com/cozystack/cozystack/pull/1404) +* [cozystack-controller] Fix an RBAC error that prevented the workload labelling feature from working. (@lllamnyp in https://github.com/cozystack/cozystack/pull/1419) +* [seaweedfs] Remove VerticalPodAutoscaler for SeaweedFS. (@kvaps in https://github.com/cozystack/cozystack/pull/1421) + + +## Dependencies + +* Update LINSTOR to v1.31.3. (@kvaps in https://github.com/cozystack/cozystack/pull/1358) +* Update SeaweedFS to v3.97. (@kvaps in https://github.com/cozystack/cozystack/pull/1361 and https://github.com/cozystack/cozystack/pull/1373) +* Update Kube-OVN to 1.14.5. (@lllamnyp in https://github.com/cozystack/cozystack/pull/1363) +* Replace Bitnami images with alternatives in all charts. (@kvaps in https://github.com/cozystack/cozystack/pull/1374) + +## Documentation + +## Development, Testing, and CI/CD + +* [dx] Remove the BUILDER and PLATFORM autodetect logic in Makefiles. (@kvaps in https://github.com/cozystack/cozystack/pull/1391) +* [ci] Use the host buildx config in CI. (@kvaps in https://github.com/cozystack/cozystack/pull/1015) +* [ci] Add `jq` and `git` to the installer image. (@kvaps in https://github.com/cozystack/cozystack/pull/1417) +* [ci] Source the `REGISTRY` environment variable from actions' variables, not secrets, so external pull requests can work. (@lllamnyp in https://github.com/cozystack/cozystack/pull/1423) + +--- + +**Full Changelog**: https://github.com/cozystack/cozystack/compare/v0.35.0...v0.36.0 diff --git a/docs/changelogs/v0.36.1.md b/docs/changelogs/v0.36.1.md new file mode 100644 index 00000000..3bac9e72 --- /dev/null +++ b/docs/changelogs/v0.36.1.md @@ -0,0 +1,22 @@ + + + +## Major Features and Improvements + +* [cozystack-api] Implement recursive, Kubernetes-like defaulting for applications: missing fields in nested objects and arrays are auto-populated safely without mutating shared defaults. (@kvaps in https://github.com/cozystack/cozystack/pull/1432) + +## Fixes + +* [cozystack-api] Update defaulting API schemas. (@kvaps in https://github.com/cozystack/cozystack/pull/1433) +* [dashboard] Fix Bitnami dependencies. (@kvaps in https://github.com/cozystack/cozystack/pull/1431) +* [seaweedfs] Fix SeaweedFS migration. (@kvaps in https://github.com/cozystack/cozystack/pull/1430) + +## Development, Testing, and CI/CD + +* [adopters] Add [Hidora](https://hikube.cloud) to the Cozystack adopters list. (@matthieu-robin in https://github.com/cozystack/cozystack/pull/1429) + +--- + +**Full Changelog**: https://github.com/cozystack/cozystack/compare/v0.36.0...v0.36.1 diff --git a/docs/changelogs/v0.36.2.md b/docs/changelogs/v0.36.2.md new file mode 100644 index 00000000..9e912e69 --- /dev/null +++ b/docs/changelogs/v0.36.2.md @@ -0,0 +1,18 @@ + + + +## Features and Improvements + +## Security + +## Fixes + +## Dependencies + +## Development, Testing, and CI/CD + +--- + +**Full Changelog**: [v0.36.1...v0.36.2](https://github.com/cozystack/cozystack/compare/v0.36.1...v0.36.2) diff --git a/docs/changelogs/v0.37.0.md b/docs/changelogs/v0.37.0.md new file mode 100644 index 00000000..87dd3c9d --- /dev/null +++ b/docs/changelogs/v0.37.0.md @@ -0,0 +1,117 @@ +# Cozystack v0.37 — “OpenAPI Dashboard & Lineage Everywhere” + +We’ve shipped a big usability push this cycle: a brand-new **OpenAPI-driven dashboard**, lineage labeling across core resource types, and several reliability improvements to smooth upgrades from 0.36→ 0.37. Below are the highlights and the full categorized lists. + +## Highlights + +* **New OpenAPI-based Dashboard** replaces the old UI, adds module-aware navigation, dynamic branding, and richer Kubernetes resource views ([**@kvaps**](https://github.com/kvaps) in #1269, #1463, #1460). +* **Lineage Webhook** tags Pods, PVCs, Services, Ingresses, and Secrets, adding labels referencing the managing Cozystack application ([**@lllamnyp**](https://github.com/lllamnyp) in #1448, #1452, #1477, #1486, #1497; [**@kvaps**](https://github.com/kvaps) in #1454). +* **Smoother upgrades** with installer and migration hardening, decoupled CRDs vs. API server ([**@lllamnyp**](https://github.com/lllamnyp) in #1494, #1498; [**@kvaps**](https://github.com/kvaps) in #1506). +* **Operations quality**: Kubernetes tests with smarter waits/readiness checks ([**@IvanHunters**](https://github.com/IvanHunters) in #1485). + +--- + +## New features + +### Dashboard + +* Introduce the OpenAPI-based dashboard and controller; implement TenantNamespace, TenantModules, TenantSecret/SecretsTable resources ([**@kvaps**](https://github.com/kvaps) in #1269). +* Module-aware navigation, richer detail views (Services/Secrets/Ingresses), improved sidebars; “Tenant Modules” grouping ([**@kvaps**](https://github.com/kvaps) in #1463). +* Dynamic branding via cluster config (tenant name, footer/title, logo/icon SVGs) ([**@kvaps**](https://github.com/kvaps) in #1460). +* Dashboard: fix namespace listing for unprivileged users and stabilize streamed requests; build-time patching ([**@kvaps**](https://github.com/kvaps) in #1456). +* Dashboard UX set: marketplace hides module resources; consistent navigation/links; prefill “name” in forms; ingress factory; formatted TenantNamespaces tables ([**@kvaps**](https://github.com/kvaps) in #1463). +* **Dashboard**: list modules reliably; remove Tenant from Marketplace; fix field override while typing ([**@kvaps**](https://github.com/kvaps) in #1501, #1503). +* **Dashboard**: correct API group for applications; sidebars; disable auto-expand; fix `/docs` redirect ([**@kvaps**](https://github.com/kvaps) in #1463, #1465, #1462). +* **Dashboard**: show Secrets with empty values correctly ([**@kvaps**](https://github.com/kvaps) in #1480). +* Dashboard configuration refactor: generate static resources at startup; auto-cleanup stale objects; higher controller client throughput ([**@kvaps**](https://github.com/kvaps) in #1457). + +### Migration to v0.37 +* **Installer/Migrations**: prevent unintended deletion of platform resource definitions; resilient timestamping; tolerant annotations; stronger migrate-then-reconcile flow ([**@kvaps**](https://github.com/kvaps) in #1475; Andrei Kvapil & [**@lllamnyp**](https://github.com/lllamnyp) in #1498). +* Installer hardening for **migration #20**: packaged apply, ordered waits/readiness checks, RFC3339(nano) stamping; Helm in installer image (Andrei Kvapil & [**@lllamnyp**](https://github.com/lllamnyp) in #1498). +* **Decoupled API & CozyRDs**: You can now upgrade the Cozystack API server independently of CRDs/CozyRD instances, easing 0.36 → 0.37 migrations ([**@lllamnyp**](https://github.com/lllamnyp) in #1494). +* **Migration #20**: The installer runs migration from packaged Helm charts with ordered waits/readiness checks; annotations are tolerant; timestamps are environment-robust (Andrei Kvapil & [**@lllamnyp**](https://github.com/lllamnyp) in #1498; [**@kvaps**](https://github.com/kvaps) in #1475). + +### Webhook / Lineage + +* Add a lineage mutating webhook to auto-label Pods/Secrets/PVCs/Ingresses/WorkloadMonitors with owning app ([**@lllamnyp**](https://github.com/lllamnyp) in #1448, #1497, [**@kvaps**](https://github.com/kvaps) in #1454). +* **Name-based** selectors for Secret visibility (templates supported) ([**@lllamnyp**](https://github.com/lllamnyp) in #1477). +* Select **Services** and **Ingresses** in CRDs/API; treat them as user-facing when configured ([**@lllamnyp**](https://github.com/lllamnyp) in #1486). +* **VictoriaMetrics integration**: Lineage labels are explicitly set on VM resources; `managedMetadata` is configured to avoid controller “fights” over labels ([**@lllamnyp**](https://github.com/lllamnyp) in #1452). +* Webhook **excludes** `default` and `kube-system` to avoid unintended mutations (part of the installer/migration hardening by Andrei Kvapil & [**@lllamnyp**](https://github.com/lllamnyp) in #1498). + +### API / Platform + +* Decouple the Cozystack API from Cozystack Resource Definitions to allow independent upgrades ([**@lllamnyp**](https://github.com/lllamnyp) in #1494). +* Add **label selectors** to app definitions for Secret include/exclude ([**@lllamnyp**](https://github.com/lllamnyp) in #1447). + +### Monitoring & Ops + +* Reduce node labelsets in target relabeling configs on cadvisor/kubelet metrics to reduce cardinality while keeping useful CPU metrics ([**@IvanHunters**](https://github.com/IvanHunters) in #1455). + +### Storage & Backups + +* PVC expansion in tenant clusters via KubeVirt CSI resizer; RBAC updates (Klinch0 in #1438). +* Velero upgraded to **v1.17.0**; node agent enabled by default and a raft of usability features ([**@kvaps**](https://github.com/kvaps) in #1484). + +### Kubernetes/tests & Tooling + +* Smarter Kubernetes test flows: node readiness checks, kubelet version validation, longer rollout waits, per-component readiness ([**@IvanHunters**](https://github.com/IvanHunters) in #1485). + +### UI/Icons + +* New **VM-Disk** SVG icon ([**@kvapsova**](https://github.com/kvapsova) in #1435). + +--- + +## Improvements (minor) + +* Make the **Info** app deploy irrespective of OIDC settings ([**klinch0**](https://github.com/klinch0) in #1474). +* Move SA token Secret creation to **Info** app ([**@lllamnyp**](https://github.com/lllamnyp) in #1446). +* Explicitly set lineage labels for VictoriaMetrics resources ([**@lllamnyp**](https://github.com/lllamnyp) in #1452). + +--- + +## Bug fixes + +* **Kubernetes**: fix MachineDeployment `spec.selector` mismatch to ensure proper targeting ([**@kvaps**](https://github.com/kvaps) in #1502). +* **Old dashboard**: FerretDB spec typo prevented deploy/display ([**@lllamnyp**](https://github.com/lllamnyp) in #1440). +* **SeaweedFS**: fix per-zone size fallback for multi-DC volumes; make migrations more robust ([**@kvaps**](https://github.com/kvaps) in #1476, #1430). +* **CoreDNS**: pin tag to v1.12.4 ([**@kvaps**](https://github.com/kvaps) in #1469). +* **OIDC**: avoid creating KeycloakRealmGroup before operator API is available ([**@lllamnyp**](https://github.com/lllamnyp) in #1495). +* **Kafka**: disable noisy alerts when Kafka isn’t deployed ([**@lllamnyp**](https://github.com/lllamnyp) in #1488). + +--- + +## Dependency & version updates + +* **Velero → v1.17.0**; Helm chart v11; node agent default-on ([**@kvaps**](https://github.com/kvaps) in #1484). +* **Cilium → v1.17.8** ([**@kvaps**](https://github.com/kvaps) in #1473). +* **Flux Operator → v0.29.0** (Kingdon Barrett in #1466). + +--- + +## Refactors & chores + +* Remove legacy `versions_map`; unify packaging targets; tighten HelmRelease defaults; replace many chart versions with build-time placeholders ([**@kvaps**](https://github.com/kvaps) in #1453). +* Pin CoreDNS image and refresh numerous images ([**@kvaps**](https://github.com/kvaps) in #1469; related image refreshes across #1448 work). + +--- + +## Documentation & governance + +* **Contributor Ladder** created and later updated (Timur Tukaev in #1224; Andrei Kvapil & Timur Tukaev in #1492). +* **Code of Conduct** updated with a Vendor Neutrality Manifesto (Timur Tukaev in #1493). +* **Adopters**: add Hidora (Matthieu Robin in #1429). +* **MAINTAINERS**: add/remove entries (Nikita Bykov in #1487; Timur Tukaev in #1491). +* **Issue templates**: new bug-report template and tweaks (Moriarti). +* **README**: updated dark-theme screenshot ([**@kvaps**](https://github.com/kvaps) in #1459). + +--- + +## Breaking changes & upgrade notes + + +--- + +## Security & stability + diff --git a/hack/e2e-apps/ferretdb.bats b/hack/e2e-apps/ferretdb.bats new file mode 100644 index 00000000..a8eb7cf1 --- /dev/null +++ b/hack/e2e-apps/ferretdb.bats @@ -0,0 +1,44 @@ +#!/usr/bin/env bats + +@test "Create DB FerretDB" { + name='test' + kubectl apply -f - <" + s3SecretKey: "" + schedule: "0 2 * * * *" + bootstrap: + enabled: false + external: false + quorum: + maxSyncReplicas: 0 + minSyncReplicas: 0 + replicas: 2 + resources: {} + resourcesPreset: "micro" + size: "10Gi" + users: + testuser: + password: xai7Wepo +EOF + sleep 5 + kubectl -n tenant-test wait hr ferretdb-$name --timeout=100s --for=condition=ready + timeout 40 sh -ec "until kubectl -n tenant-test get svc ferretdb-$name-postgres-r -o jsonpath='{.spec.ports[0].port}' | grep -q '5432'; do sleep 10; done" + timeout 40 sh -ec "until kubectl -n tenant-test get svc ferretdb-$name-postgres-ro -o jsonpath='{.spec.ports[0].port}' | grep -q '5432'; do sleep 10; done" + timeout 40 sh -ec "until kubectl -n tenant-test get svc ferretdb-$name-postgres-rw -o jsonpath='{.spec.ports[0].port}' | grep -q '5432'; do sleep 10; done" + timeout 120 sh -ec "until kubectl -n tenant-test get endpoints ferretdb-$name-postgres-r -o jsonpath='{.subsets[*].addresses[*].ip}' | grep -q '[0-9]'; do sleep 10; done" + # for some reason it takes longer for the read-only endpoint to be ready + #timeout 120 sh -ec "until kubectl -n tenant-test get endpoints ferretdb-$name-postgres-ro -o jsonpath='{.subsets[*].addresses[*].ip}' | grep -q '[0-9]'; do sleep 10; done" + timeout 120 sh -ec "until kubectl -n tenant-test get endpoints ferretdb-$name-postgres-rw -o jsonpath='{.subsets[*].addresses[*].ip}' | grep -q '[0-9]'; do sleep 10; done" + kubectl -n tenant-test delete ferretdb.apps.cozystack.io $name +} diff --git a/hack/e2e-apps/foundationdb.bats b/hack/e2e-apps/foundationdb.bats new file mode 100644 index 00000000..4c8d1b53 --- /dev/null +++ b/hack/e2e-apps/foundationdb.bats @@ -0,0 +1,121 @@ +#!/usr/bin/env bats + +@test "Create DB FoundationDB" { + name='test' + kubectl apply -f - </dev/null; do sleep 10; done" +} \ No newline at end of file diff --git a/hack/e2e-apps/run-kubernetes.sh b/hack/e2e-apps/run-kubernetes.sh index 3988a264..716b40dc 100644 --- a/hack/e2e-apps/run-kubernetes.sh +++ b/hack/e2e-apps/run-kubernetes.sh @@ -64,37 +64,90 @@ spec: EOF # Wait for the tenant-test namespace to be active kubectl wait namespace tenant-test --timeout=20s --for=jsonpath='{.status.phase}'=Active - + # Wait for the Kamaji control plane to be created (retry for up to 10 seconds) timeout 10 sh -ec 'until kubectl get kamajicontrolplane -n tenant-test kubernetes-'"${test_name}"'; do sleep 1; done' # Wait for the tenant control plane to be fully created (timeout after 4 minutes) kubectl wait --for=condition=TenantControlPlaneCreated kamajicontrolplane -n tenant-test kubernetes-${test_name} --timeout=4m - + # Wait for Kubernetes resources to be ready (timeout after 2 minutes) kubectl wait tcp -n tenant-test kubernetes-${test_name} --timeout=2m --for=jsonpath='{.status.kubernetesResources.version.status}'=Ready - + # Wait for all required deployments to be available (timeout after 4 minutes) kubectl wait deploy --timeout=4m --for=condition=available -n tenant-test kubernetes-${test_name} kubernetes-${test_name}-cluster-autoscaler kubernetes-${test_name}-kccm kubernetes-${test_name}-kcsi-controller - + # Wait for the machine deployment to scale to 2 replicas (timeout after 1 minute) kubectl wait machinedeployment kubernetes-${test_name}-md0 -n tenant-test --timeout=1m --for=jsonpath='{.status.replicas}'=2 - # Get the admin kubeconfig and save it to a file kubectl get secret kubernetes-${test_name}-admin-kubeconfig -ojsonpath='{.data.super-admin\.conf}' -n tenant-test | base64 -d > tenantkubeconfig # Update the kubeconfig to use localhost for the API server yq -i ".clusters[0].cluster.server = \"https://localhost:${port}\"" tenantkubeconfig - # Set up port forwarding to the Kubernetes API server for a 40 second timeout - bash -c 'timeout 40s kubectl port-forward service/kubernetes-'"${test_name}"' -n tenant-test '"${port}"':6443 > /dev/null 2>&1 &' + # Set up port forwarding to the Kubernetes API server for a 200 second timeout + bash -c 'timeout 200s kubectl port-forward service/kubernetes-'"${test_name}"' -n tenant-test '"${port}"':6443 > /dev/null 2>&1 &' # Verify the Kubernetes version matches what we expect (retry for up to 20 seconds) timeout 20 sh -ec 'until kubectl --kubeconfig tenantkubeconfig version 2>/dev/null | grep -Fq "Server Version: ${k8s_version}"; do sleep 5; done' + # Wait for the nodes to be ready (timeout after 2 minutes) + timeout 2m bash -c ' + until [ "$(kubectl --kubeconfig tenantkubeconfig get nodes -o jsonpath="{.items[*].metadata.name}" | wc -w)" -eq 2 ]; do + sleep 3 + done + ' + # Verify the nodes are ready + kubectl --kubeconfig tenantkubeconfig wait node --all --timeout=2m --for=condition=Ready + kubectl --kubeconfig tenantkubeconfig get nodes -o wide + + # Verify the kubelet version matches what we expect + versions=$(kubectl --kubeconfig tenantkubeconfig get nodes -o jsonpath='{.items[*].status.nodeInfo.kubeletVersion}') + node_ok=true + + case "$k8s_version" in + v1.32*) + echo "⚠️ TODO: Temporary stub — allowing nodes with v1.33 while k8s_version is v1.32" + ;; + esac + + for v in $versions; do + case "$k8s_version" in + v1.32|v1.32.*) + case "$v" in + v1.32 | v1.32.* | v1.32-* | v1.33 | v1.33.* | v1.33-*) + ;; + *) + node_ok=false + break + ;; + esac + ;; + *) + case "$v" in + "${k8s_version}" | "${k8s_version}".* | "${k8s_version}"-*) + ;; + *) + node_ok=false + break + ;; + esac + ;; + esac + done + + if [ "$node_ok" != true ]; then + echo "Kubelet versions did not match expected ${k8s_version}" >&2 + exit 1 + fi + # Wait for all machine deployment replicas to be ready (timeout after 10 minutes) kubectl wait machinedeployment kubernetes-${test_name}-md0 -n tenant-test --timeout=10m --for=jsonpath='{.status.v1beta2.readyReplicas}'=2 + for component in cilium coredns csi ingress-nginx vsnap-crd; do + kubectl wait hr kubernetes-${test_name}-${component} -n tenant-test --timeout=1m --for=condition=ready + done + # Clean up by deleting the Kubernetes resource kubectl -n tenant-test delete kuberneteses.apps.cozystack.io $test_name diff --git a/hack/update-codegen.sh b/hack/update-codegen.sh index 7067b040..e181fc76 100755 --- a/hack/update-codegen.sh +++ b/hack/update-codegen.sh @@ -53,4 +53,6 @@ kube::codegen::gen_openapi \ "${SCRIPT_ROOT}/pkg/apis" $CONTROLLER_GEN object:headerFile="hack/boilerplate.go.txt" paths="./api/..." -$CONTROLLER_GEN rbac:roleName=manager-role crd paths="./api/..." output:crd:artifacts:config=packages/system/cozystack-controller/templates/crds +$CONTROLLER_GEN rbac:roleName=manager-role crd paths="./api/..." output:crd:artifacts:config=packages/system/cozystack-controller/crds +mv packages/system/cozystack-controller/crds/cozystack.io_cozystackresourcedefinitions.yaml \ + packages/system/cozystack-resource-definition-crd/definition/cozystack.io_cozystackresourcedefinitions.yaml diff --git a/hack/update-crd.sh b/hack/update-crd.sh index 5c78292e..456bf842 100755 --- a/hack/update-crd.sh +++ b/hack/update-crd.sh @@ -8,7 +8,7 @@ need yq; need jq; need base64 CHART_YAML="${CHART_YAML:-Chart.yaml}" VALUES_YAML="${VALUES_YAML:-values.yaml}" SCHEMA_JSON="${SCHEMA_JSON:-values.schema.json}" -CRD_DIR="../../system/cozystack-api/templates/cozystack-resource-definitions" +CRD_DIR="../../system/cozystack-resource-definitions/cozyrds" [[ -f "$CHART_YAML" ]] || { echo "No $CHART_YAML found"; exit 1; } [[ -f "$SCHEMA_JSON" ]] || { echo "No $SCHEMA_JSON found"; exit 1; } diff --git a/internal/controller/dashboard/factory.go b/internal/controller/dashboard/factory.go index 2d89cc0e..798d338c 100644 --- a/internal/controller/dashboard/factory.go +++ b/internal/controller/dashboard/factory.go @@ -248,9 +248,10 @@ func servicesTab(kind string) map[string]any { "customizationId": "factory-details-v1.services", "pathToItems": []any{"items"}, "labelsSelector": map[string]any{ - "apps.cozystack.io/application.group": "apps.cozystack.io", - "apps.cozystack.io/application.kind": kind, - "apps.cozystack.io/application.name": "{reqs[0]['metadata','name']}", + "apps.cozystack.io/application.group": "apps.cozystack.io", + "apps.cozystack.io/application.kind": kind, + "apps.cozystack.io/application.name": "{reqs[0]['metadata','name']}", + "internal.cozystack.io/tenantresource": "true", }, }, }, @@ -273,9 +274,10 @@ func ingressesTab(kind string) map[string]any { "customizationId": "factory-details-networking.k8s.io.v1.ingresses", "pathToItems": []any{"items"}, "labelsSelector": map[string]any{ - "apps.cozystack.io/application.group": "apps.cozystack.io", - "apps.cozystack.io/application.kind": kind, - "apps.cozystack.io/application.name": "{reqs[0]['metadata','name']}", + "apps.cozystack.io/application.group": "apps.cozystack.io", + "apps.cozystack.io/application.kind": kind, + "apps.cozystack.io/application.name": "{reqs[0]['metadata','name']}", + "internal.cozystack.io/tenantresource": "true", }, }, }, diff --git a/internal/controller/dashboard/marketplacepanel.go b/internal/controller/dashboard/marketplacepanel.go index a6900737..e58232f5 100644 --- a/internal/controller/dashboard/marketplacepanel.go +++ b/internal/controller/dashboard/marketplacepanel.go @@ -38,8 +38,8 @@ func (m *Manager) ensureMarketplacePanel(ctx context.Context, crd *cozyv1alpha1. return reconcile.Result{}, nil } - // Skip module resources (they don't need MarketplacePanel) - if crd.Spec.Dashboard.Module { + // Skip module and tenant resources (they don't need MarketplacePanel) + if crd.Spec.Dashboard.Module || crd.Spec.Application.Kind == "Tenant" { err := m.client.Get(ctx, client.ObjectKey{Name: mp.Name}, mp) if apierrors.IsNotFound(err) { return reconcile.Result{}, nil diff --git a/internal/controller/dashboard/static_helpers.go b/internal/controller/dashboard/static_helpers.go index 03003f6d..469e9f8f 100644 --- a/internal/controller/dashboard/static_helpers.go +++ b/internal/controller/dashboard/static_helpers.go @@ -998,6 +998,15 @@ func createBoolColumn(name, jsonPath string) map[string]any { } } +// createReadyColumn creates a Ready column with Boolean type and condition check +func createReadyColumn() map[string]any { + return map[string]any{ + "name": "Ready", + "type": "Boolean", + "jsonPath": `.status.conditions[?(@.type=="Ready")].status`, + } +} + // createConverterBytesColumn creates a column with ConverterBytes component func createConverterBytesColumn(name, jsonPath string) map[string]any { return map[string]any{ diff --git a/internal/controller/dashboard/static_refactored.go b/internal/controller/dashboard/static_refactored.go index 67ea72ed..3caf8edb 100644 --- a/internal/controller/dashboard/static_refactored.go +++ b/internal/controller/dashboard/static_refactored.go @@ -142,16 +142,16 @@ func CreateAllCustomColumnsOverrides() []*dashboardv1alpha1.CustomColumnsOverrid createCustomColumnsOverride("stock-namespace-/v1/services", []any{ createCustomColumnWithJsonPath("Name", ".metadata.name", "S", "service", getColorForType("service"), "/openapi-ui/{2}/{reqsJsonPath[0]['.metadata.namespace']['-']}/factory/kube-service-details/{reqsJsonPath[0]['.metadata.name']['-']}"), createStringColumn("ClusterIP", ".spec.clusterIP"), - createStringColumn("LoadbalancerIP", ".spec.loadBalancerIP"), + createStringColumn("LoadbalancerIP", ".status.loadBalancer.ingress[0].ip"), createTimestampColumn("Created", ".metadata.creationTimestamp"), }), // Stock namespace core cozystack io v1alpha1 tenantmodules createCustomColumnsOverride("stock-namespace-/core.cozystack.io/v1alpha1/tenantmodules", []any{ createCustomColumnWithJsonPath("Name", ".metadata.name", "M", "module", getColorForType("module"), "/openapi-ui/{2}/{reqsJsonPath[0]['.metadata.namespace']['-']}/factory/{reqsJsonPath[0]['.metadata.name']['-']}-details/{reqsJsonPath[0]['.metadata.name']['-']}"), - createStringColumn("Version", ".spec.version"), - createStringColumn("Status", ".status.phase"), + createReadyColumn(), createTimestampColumn("Created", ".metadata.creationTimestamp"), + createStringColumn("Version", ".status.version"), }), // Factory service details port mapping diff --git a/internal/lineagecontrollerwebhook/config.go b/internal/lineagecontrollerwebhook/config.go index c10c5a77..4ca45c13 100644 --- a/internal/lineagecontrollerwebhook/config.go +++ b/internal/lineagecontrollerwebhook/config.go @@ -38,6 +38,9 @@ func (l *LineageControllerWebhook) Map(hr *helmv2.HelmRelease) (string, string, if !ok { return "", "", "", fmt.Errorf("failed to load chart-app mapping from config") } + if hr.Spec.Chart == nil { + return "", "", "", fmt.Errorf("cannot map helm release %s/%s to dynamic app", hr.Namespace, hr.Name) + } s := hr.Spec.Chart.Spec val, ok := cfg.chartAppMap[chartRef{s.SourceRef.Name, s.Chart}] if !ok { diff --git a/internal/lineagecontrollerwebhook/matcher.go b/internal/lineagecontrollerwebhook/matcher.go index ff0da8b4..7c756a49 100644 --- a/internal/lineagecontrollerwebhook/matcher.go +++ b/internal/lineagecontrollerwebhook/matcher.go @@ -1,34 +1,73 @@ package lineagecontrollerwebhook import ( + "bytes" + "context" + "text/template" + + cozyv1alpha1 "github.com/cozystack/cozystack/api/v1alpha1" metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" "k8s.io/apimachinery/pkg/labels" + "sigs.k8s.io/controller-runtime/pkg/log" ) -func matchLabelsToSelector(l map[string]string, s *metav1.LabelSelector) bool { - // TODO: emit warning if error - sel, err := metav1.LabelSelectorAsSelector(s) - if err != nil { - return false +// matchName checks if the provided name matches any of the resource names in the array. +// Each entry in resourceNames is treated as a Go template that gets rendered using the passed context. +// A nil resourceNames array matches any string. +func matchName(ctx context.Context, name string, templateContext map[string]string, resourceNames []string) bool { + if resourceNames == nil { + return true } - return sel.Matches(labels.Set(l)) + + logger := log.FromContext(ctx) + for _, templateStr := range resourceNames { + tmpl, err := template.New("resourceName").Parse(templateStr) + if err != nil { + logger.Error(err, "failed to parse resource name template", "template", templateStr) + continue + } + + var buf bytes.Buffer + err = tmpl.Execute(&buf, templateContext) + if err != nil { + logger.Error(err, "failed to execute resource name template", "template", templateStr, "context", templateContext) + continue + } + + if buf.String() == name { + return true + } + } + + return false } -func matchLabelsToSelectorArray(l map[string]string, ss []*metav1.LabelSelector) bool { +func matchResourceToSelector(ctx context.Context, name string, templateContext, l map[string]string, s *cozyv1alpha1.CozystackResourceDefinitionResourceSelector) bool { + sel, err := metav1.LabelSelectorAsSelector(&s.LabelSelector) + if err != nil { + log.FromContext(ctx).Error(err, "failed to convert label selector to selector") + return false + } + labelMatches := sel.Matches(labels.Set(l)) + nameMatches := matchName(ctx, name, templateContext, s.ResourceNames) + return labelMatches && nameMatches +} + +func matchResourceToSelectorArray(ctx context.Context, name string, templateContext, l map[string]string, ss []*cozyv1alpha1.CozystackResourceDefinitionResourceSelector) bool { for _, s := range ss { - if matchLabelsToSelector(l, s) { + if matchResourceToSelector(ctx, name, templateContext, l, s) { return true } } return false } -func matchLabelsToExcludeInclude(l map[string]string, ex, in []*metav1.LabelSelector) bool { - if matchLabelsToSelectorArray(l, ex) { +func matchResourceToExcludeInclude(ctx context.Context, name string, templateContext, l map[string]string, resources *cozyv1alpha1.CozystackResourceDefinitionResources) bool { + if resources == nil { return false } - if matchLabelsToSelectorArray(l, in) { - return true + if matchResourceToSelectorArray(ctx, name, templateContext, l, resources.Exclude) { + return false } - return false + return matchResourceToSelectorArray(ctx, name, templateContext, l, resources.Include) } diff --git a/internal/lineagecontrollerwebhook/webhook.go b/internal/lineagecontrollerwebhook/webhook.go index 94a0fce4..0841c891 100644 --- a/internal/lineagecontrollerwebhook/webhook.go +++ b/internal/lineagecontrollerwebhook/webhook.go @@ -5,18 +5,20 @@ import ( "encoding/json" "errors" "fmt" + "strings" "github.com/cozystack/cozystack/pkg/lineage" "k8s.io/apimachinery/pkg/apis/meta/v1/unstructured" "k8s.io/apimachinery/pkg/runtime/schema" - "k8s.io/client-go/discovery" - "k8s.io/client-go/discovery/cached/memory" "k8s.io/client-go/dynamic" "k8s.io/client-go/rest" - "k8s.io/client-go/restmapper" ctrl "sigs.k8s.io/controller-runtime" + "sigs.k8s.io/controller-runtime/pkg/client/apiutil" "sigs.k8s.io/controller-runtime/pkg/log" "sigs.k8s.io/controller-runtime/pkg/webhook/admission" + + cozyv1alpha1 "github.com/cozystack/cozystack/api/v1alpha1" + corev1alpha1 "github.com/cozystack/cozystack/pkg/apis/core/v1alpha1" ) var ( @@ -24,6 +26,27 @@ var ( AncestryAmbiguous = fmt.Errorf("object ancestry is ambiguous") ) +const ( + ManagedObjectKey = "internal.cozystack.io/managed-by-cozystack" + ManagerGroupKey = "apps.cozystack.io/application.group" + ManagerKindKey = "apps.cozystack.io/application.kind" + ManagerNameKey = "apps.cozystack.io/application.name" +) + +// getResourceSelectors returns the appropriate CozystackResourceDefinitionResources for a given GroupKind +func (h *LineageControllerWebhook) getResourceSelectors(gk schema.GroupKind, crd *cozyv1alpha1.CozystackResourceDefinition) *cozyv1alpha1.CozystackResourceDefinitionResources { + switch { + case gk.Group == "" && gk.Kind == "Secret": + return &crd.Spec.Secrets + case gk.Group == "" && gk.Kind == "Service": + return &crd.Spec.Services + case gk.Group == "networking.k8s.io" && gk.Kind == "Ingress": + return &crd.Spec.Ingresses + default: + return nil + } +} + // SetupWithManager registers the handler with the webhook server. func (h *LineageControllerWebhook) SetupWithManagerAsWebhook(mgr ctrl.Manager) error { cfg := rest.CopyConfig(mgr.GetConfig()) @@ -34,13 +57,15 @@ func (h *LineageControllerWebhook) SetupWithManagerAsWebhook(mgr ctrl.Manager) e return err } - discoClient, err := discovery.NewDiscoveryClientForConfig(cfg) + httpClient, err := rest.HTTPClientFor(cfg) if err != nil { return err } - cachedDisco := memory.NewMemCacheClient(discoClient) - h.mapper = restmapper.NewDeferredDiscoveryRESTMapper(cachedDisco) + h.mapper, err = apiutil.NewDynamicRESTMapper(cfg, httpClient) + if err != nil { + return err + } h.initConfig() // Register HTTP path -> handler. @@ -73,7 +98,7 @@ func (h *LineageControllerWebhook) Handle(ctx context.Context, req admission.Req labels, err := h.computeLabels(ctx, obj) for { if err != nil && errors.Is(err, NoAncestors) { - return admission.Allowed("object not managed by app") + break // not a problem, mark object as unmanaged } if err != nil && errors.Is(err, AncestryAmbiguous) { warn = append(warn, "object ancestry ambiguous, using first ancestor found") @@ -101,7 +126,7 @@ func (h *LineageControllerWebhook) Handle(ctx context.Context, req admission.Req func (h *LineageControllerWebhook) computeLabels(ctx context.Context, o *unstructured.Unstructured) (map[string]string, error) { owners := lineage.WalkOwnershipGraph(ctx, h.dynClient, h.mapper, h, o) if len(owners) == 0 { - return nil, NoAncestors + return map[string]string{ManagedObjectKey: "false"}, NoAncestors } obj, err := owners[0].GetUnstructured(ctx, h.dynClient, h.mapper) if err != nil { @@ -117,7 +142,8 @@ func (h *LineageControllerWebhook) computeLabels(ctx context.Context, o *unstruc } labels := map[string]string{ // truncate apigroup to first 63 chars - "apps.cozystack.io/application.group": func(s string) string { + ManagedObjectKey: "true", + ManagerGroupKey: func(s string) string { if len(s) < 63 { return s } @@ -127,22 +153,24 @@ func (h *LineageControllerWebhook) computeLabels(ctx context.Context, o *unstruc } return s }(gv.Group), - "apps.cozystack.io/application.kind": obj.GetKind(), - "apps.cozystack.io/application.name": obj.GetName(), + ManagerKindKey: obj.GetKind(), + ManagerNameKey: obj.GetName(), } - if o.GetAPIVersion() != "v1" || o.GetKind() != "Secret" { - return labels, err + templateLabels := map[string]string{ + "kind": strings.ToLower(obj.GetKind()), + "name": obj.GetName(), + "namespace": o.GetNamespace(), } cfg := h.config.Load().(*runtimeConfig) crd := cfg.appCRDMap[appRef{gv.Group, obj.GetKind()}] + resourceSelectors := h.getResourceSelectors(o.GroupVersionKind().GroupKind(), crd) - // TODO: expand this to work with other resources than Secrets - labels["apps.cozystack.io/tenantresource"] = func(b bool) string { + labels[corev1alpha1.TenantResourceLabelKey] = func(b bool) string { if b { - return "true" + return corev1alpha1.TenantResourceLabelValue } return "false" - }(matchLabelsToExcludeInclude(o.GetLabels(), crd.Spec.Secrets.Exclude, crd.Spec.Secrets.Include)) + }(matchResourceToExcludeInclude(ctx, o.GetName(), templateLabels, o.GetLabels(), resourceSelectors)) return labels, err } diff --git a/packages/apps/clickhouse/templates/backup-script.yaml b/packages/apps/clickhouse/templates/backup-script.yaml index d8156792..29e4b727 100644 --- a/packages/apps/clickhouse/templates/backup-script.yaml +++ b/packages/apps/clickhouse/templates/backup-script.yaml @@ -4,8 +4,6 @@ apiVersion: v1 kind: Secret metadata: name: {{ .Release.Name }}-backup-script - labels: - apps.cozystack.io/tenantresource: "false" stringData: backup.sh: | #!/bin/sh diff --git a/packages/apps/foundationdb/.helmignore b/packages/apps/foundationdb/.helmignore new file mode 100644 index 00000000..33ceb8f0 --- /dev/null +++ b/packages/apps/foundationdb/.helmignore @@ -0,0 +1 @@ +Makefile \ No newline at end of file diff --git a/packages/apps/foundationdb/Chart.yaml b/packages/apps/foundationdb/Chart.yaml new file mode 100644 index 00000000..52fdfa11 --- /dev/null +++ b/packages/apps/foundationdb/Chart.yaml @@ -0,0 +1,25 @@ +apiVersion: v2 +name: foundationdb +description: Managed FoundationDB service +icon: /logos/foundationdb.svg + +# A chart can be either an 'application' or a 'library' chart. +# +# Application charts are a collection of templates that can be packaged into versioned archives +# to be deployed. +# +# Library charts provide useful utilities or functions for the chart developer. They're included as +# a dependency of application charts to inject those utilities and functions into the rendering +# pipeline. Library charts do not define any templates and therefore cannot be deployed. +type: application + +# This is the chart version. This version number should be incremented each time you make changes +# to the chart and its templates, including the app version. +# Versions are expected to follow Semantic Versioning (https://semver.org/) +version: 0.1.0 + +# This is the version number of the application being deployed. This version number should be +# incremented each time you make changes to the application. Versions are not expected to +# follow Semantic Versioning. They should reflect the version the application is using. +# It is recommended to use it with quotes. +appVersion: "7.3.63" \ No newline at end of file diff --git a/packages/apps/foundationdb/Makefile b/packages/apps/foundationdb/Makefile new file mode 100644 index 00000000..b885e4b1 --- /dev/null +++ b/packages/apps/foundationdb/Makefile @@ -0,0 +1,4 @@ +include ../../../scripts/package.mk + +generate: + cozyvalues-gen -v values.yaml -s values.schema.json -r README.md \ No newline at end of file diff --git a/packages/apps/foundationdb/README.md b/packages/apps/foundationdb/README.md new file mode 100644 index 00000000..ceebf571 --- /dev/null +++ b/packages/apps/foundationdb/README.md @@ -0,0 +1,195 @@ +# FoundationDB + +A managed FoundationDB service for Cozystack. + +## Overview + +FoundationDB is a distributed database designed to handle large volumes of structured data across clusters of commodity servers. It organizes data as an ordered key-value store and employs ACID transactions for all operations. + +This package provides a managed FoundationDB cluster deployment using the FoundationDB Kubernetes Operator. + +## Features + +- **High Availability**: Multi-instance deployment with automatic failover +- **ACID Transactions**: Full ACID transaction support across the cluster +- **Scalable**: Easily scale storage and compute resources +- **Backup Integration**: Optional S3-compatible backup storage +- **Monitoring**: Built-in monitoring and alerting through WorkloadMonitor +- **Flexible Configuration**: Support for custom FoundationDB parameters + +## Configuration + +### Basic Configuration + +```yaml +# Cluster process configuration +cluster: + version: "7.3.63" + processCounts: + storage: 3 # Number of storage processes (determines cluster size) + stateless: -1 # Automatically calculated + cluster_controller: 1 + faultDomain: + key: "kubernetes.io/hostname" + valueFrom: "spec.nodeName" +``` + +### Storage + +```yaml +storage: + size: "16Gi" # Storage size per instance + storageClass: "" # Storage class (optional) +``` + +### Resources + +```yaml +# Use preset sizing +resourcesPreset: "medium" # small, medium, large, xlarge, 2xlarge + +# Or custom resource configuration +resources: + cpu: "2000m" + memory: "4Gi" +``` + +### Backup (Optional) + +```yaml +backup: + enabled: true + s3: + bucket: "my-fdb-backups" + endpoint: "https://s3.amazonaws.com" + region: "us-east-1" + credentials: + accessKeyId: "AKIA..." + secretAccessKey: "..." + retentionPolicy: "7d" +``` + +### Advanced Configuration + +```yaml +# Custom FoundationDB parameters +customParameters: + - "knob_disable_posix_kernel_aio=1" + +# Image type (unified is default and recommended for new deployments) +imageType: "unified" + +# Enable automatic pod replacements +automaticReplacements: true + +# Security context configuration +securityContext: + runAsUser: 4059 + runAsGroup: 4059 +``` + +## Prerequisites + +- FoundationDB Operator must be installed in the cluster +- Sufficient storage and compute resources +- For backups: S3-compatible storage credentials + +## Deployment + +1. Install the FoundationDB operator (system package) +2. Deploy this application package with your desired configuration +3. The cluster will be automatically provisioned and configured + +## Monitoring + +This package includes WorkloadMonitor integration for cluster health monitoring and resource tracking. Monitoring can be disabled by setting: + +```yaml +monitoring: + enabled: false +``` + +## Security + +- All containers run with restricted security contexts +- No privilege escalation allowed +- Read-only root filesystem where possible +- Custom security context configurations supported + +## Fault Tolerance + +FoundationDB is designed for high availability: +- Automatic failure detection and recovery +- Data replication across instances +- Configurable fault domains for rack/zone awareness +- Transaction log redundancy + +The included `WorkloadMonitor` is automatically configured based on the `cluster.redundancyMode` value. It sets the `minReplicas` property on the `WorkloadMonitor` resource to ensure the cluster's health status accurately reflects its fault tolerance level. The number of tolerated failures is as follows: +- `single`: 0 failures +- `double`: 1 failure +- `triple` and datacenter-aware modes: 2 failures + +For example, with the default configuration (`redundancyMode: double` and 3 storage pods), `minReplicas` will be set to 2. + +## Performance Considerations + +- Use SSD storage for better performance +- Consider dedicating nodes for storage processes +- Monitor cluster metrics for optimization opportunities +- Scale storage and stateless processes based on workload + +## Support + +For issues related to FoundationDB itself, refer to the [FoundationDB documentation](https://apple.github.io/foundationdb/). + +For Cozystack-specific issues, consult the Cozystack documentation or support channels. + +## Parameters + +### Common parameters + +| Name | Description | Type | Value | +| ------------------------------------------ | ------------------------------------------------------------------------------------------------------------------------------------------ | ----------- | ------------------------ | +| `cluster` | Cluster configuration | `object` | `{}` | +| `cluster.processCounts` | Process counts for different roles | `object` | `{}` | +| `cluster.processCounts.stateless` | Number of stateless processes (-1 for automatic) | `int` | `-1` | +| `cluster.processCounts.storage` | Number of storage processes (determines cluster size) | `int` | `3` | +| `cluster.processCounts.cluster_controller` | Number of cluster controller processes | `int` | `1` | +| `cluster.version` | Version of FoundationDB to use | `string` | `7.3.63` | +| `cluster.redundancyMode` | Database redundancy mode (single, double, triple, three_datacenter, three_datacenter_fallback) | `string` | `double` | +| `cluster.storageEngine` | Storage engine (ssd-2, ssd-redwood-v1, ssd-rocksdb-v1, memory) | `string` | `ssd-2` | +| `cluster.faultDomain` | Fault domain configuration | `object` | `{}` | +| `cluster.faultDomain.key` | Fault domain key | `string` | `kubernetes.io/hostname` | +| `cluster.faultDomain.valueFrom` | Fault domain value source | `string` | `spec.nodeName` | +| `storage` | Storage configuration | `object` | `{}` | +| `storage.size` | Size of persistent volumes for each instance | `quantity` | `16Gi` | +| `storage.storageClass` | Storage class (if not set, uses cluster default) | `string` | `""` | +| `resources` | Explicit CPU and memory configuration for each FoundationDB instance. When left empty, the preset defined in `resourcesPreset` is applied. | `*object` | `null` | +| `resources.cpu` | CPU available to each instance | `*quantity` | `null` | +| `resources.memory` | Memory (RAM) available to each instance | `*quantity` | `null` | +| `resourcesPreset` | Default sizing preset used when `resources` is omitted. Allowed values: `small`, `medium`, `large`, `xlarge`, `2xlarge`. | `string` | `medium` | +| `backup` | Backup configuration | `object` | `{}` | +| `backup.enabled` | Enable backups | `bool` | `false` | +| `backup.s3` | S3 configuration for backups | `object` | `{}` | +| `backup.s3.bucket` | S3 bucket name | `string` | `""` | +| `backup.s3.endpoint` | S3 endpoint URL | `string` | `""` | +| `backup.s3.region` | S3 region | `string` | `us-east-1` | +| `backup.s3.credentials` | S3 credentials | `object` | `{}` | +| `backup.s3.credentials.accessKeyId` | S3 access key ID | `string` | `""` | +| `backup.s3.credentials.secretAccessKey` | S3 secret access key | `string` | `""` | +| `backup.retentionPolicy` | Retention policy for backups | `string` | `7d` | +| `monitoring` | Monitoring configuration | `object` | `{}` | +| `monitoring.enabled` | Enable WorkloadMonitor integration | `bool` | `true` | + + +### FoundationDB configuration + +| Name | Description | Type | Value | +| ---------------------------- | ----------------------------------------- | ---------- | --------- | +| `customParameters` | Custom parameters to pass to FoundationDB | `[]string` | `[]` | +| `imageType` | Container image deployment type | `string` | `unified` | +| `securityContext` | Security context for containers | `object` | `{}` | +| `securityContext.runAsUser` | User ID to run the container | `int` | `4059` | +| `securityContext.runAsGroup` | Group ID to run the container | `int` | `4059` | +| `automaticReplacements` | Enable automatic pod replacements | `bool` | `true` | + diff --git a/packages/apps/foundationdb/charts/cozy-lib b/packages/apps/foundationdb/charts/cozy-lib new file mode 120000 index 00000000..e1813509 --- /dev/null +++ b/packages/apps/foundationdb/charts/cozy-lib @@ -0,0 +1 @@ +../../../library/cozy-lib \ No newline at end of file diff --git a/packages/apps/foundationdb/logos/foundationdb.svg b/packages/apps/foundationdb/logos/foundationdb.svg new file mode 100644 index 00000000..6ff3bd28 --- /dev/null +++ b/packages/apps/foundationdb/logos/foundationdb.svg @@ -0,0 +1,106 @@ + + + + + + + + + + + + + + + + + + + + + + + + + + diff --git a/packages/apps/foundationdb/templates/_resources.tpl b/packages/apps/foundationdb/templates/_resources.tpl new file mode 100644 index 00000000..c1b4915e --- /dev/null +++ b/packages/apps/foundationdb/templates/_resources.tpl @@ -0,0 +1,47 @@ +{{/* +Common resource definitions +*/}} +{{- define "foundationdb.resources" -}} +{{- include "cozy-lib.resources.defaultingSanitize" (list .Values.resources.preset .Values.resources $) }} +{{- end }} + +{{/* +Common labels +*/}} +{{- define "foundationdb.labels" -}} +helm.sh/chart: {{ include "foundationdb.chart" . }} +{{ include "foundationdb.selectorLabels" . }} +{{- if .Chart.AppVersion }} +app.kubernetes.io/version: {{ .Chart.AppVersion | quote }} +{{- end }} +app.kubernetes.io/managed-by: {{ .Release.Service }} +{{- end }} + +{{/* +Selector labels +*/}} +{{- define "foundationdb.selectorLabels" -}} +app.kubernetes.io/name: foundationdb +app.kubernetes.io/instance: {{ .Release.Name }} +{{- end }} + +{{/* +Chart name and version +*/}} +{{- define "foundationdb.chart" -}} +{{- printf "%s-%s" .Chart.Name .Chart.Version | replace "+" "_" | trunc 63 | trimSuffix "-" }} +{{- end }} + +{{/* +Calculate minReplicas for WorkloadMonitor based on redundancyMode +*/}} +{{- define "foundationdb.minReplicas" -}} +{{- $replicas := .Values.cluster.processCounts.storage -}} +{{- if or (eq .Values.cluster.redundancyMode "triple") (eq .Values.cluster.redundancyMode "three_data_hall") (eq .Values.cluster.redundancyMode "three_datacenter") (eq .Values.cluster.redundancyMode "three_datacenter_fallback") (eq .Values.cluster.redundancyMode "three_data_hall_fallback") }} +{{- print (max 1 (sub $replicas 2)) -}} +{{- else if eq .Values.cluster.redundancyMode "double" }} +{{- print (max 1 (sub $replicas 1)) -}} +{{- else }} +{{- print $replicas -}} +{{- end -}} +{{- end -}} \ No newline at end of file diff --git a/packages/apps/foundationdb/templates/backup.yaml b/packages/apps/foundationdb/templates/backup.yaml new file mode 100644 index 00000000..129a7b2c --- /dev/null +++ b/packages/apps/foundationdb/templates/backup.yaml @@ -0,0 +1,65 @@ +{{- if .Values.backup.enabled }} +--- +apiVersion: v1 +kind: Secret +metadata: + name: {{ .Release.Name }}-s3-creds + labels: + app.kubernetes.io/name: foundationdb + app.kubernetes.io/instance: {{ .Release.Name }} + app.kubernetes.io/managed-by: {{ .Release.Service }} +type: Opaque +data: + AWS_ACCESS_KEY_ID: {{ .Values.backup.s3.credentials.accessKeyId | b64enc }} + AWS_SECRET_ACCESS_KEY: {{ .Values.backup.s3.credentials.secretAccessKey | b64enc }} + +--- +apiVersion: apps.foundationdb.org/v1beta2 +kind: FoundationDBBackup +metadata: + name: {{ .Release.Name }}-backup + labels: + app.kubernetes.io/name: foundationdb + app.kubernetes.io/instance: {{ .Release.Name }} + app.kubernetes.io/managed-by: {{ .Release.Service }} +spec: + clusterName: {{ .Release.Name }} + + backupState: Running + + backupDeploymentSpec: + podTemplateSpec: + spec: + containers: + - name: foundationdb + resources: + limits: + cpu: 100m + memory: 128Mi + requests: + cpu: 100m + memory: 128Mi + securityContext: + runAsUser: 0 + + customParameters: + - backup_agent_snapshot_mode=0 + + snapshotPeriodSeconds: 3600 + + blobStoreConfiguration: + accountName: {{ .Values.backup.s3.bucket }} + bucket: {{ .Values.backup.s3.bucket }} + {{- if .Values.backup.s3.endpoint }} + endpoint: {{ .Values.backup.s3.endpoint }} + {{- end }} + credentials: + AWS_ACCESS_KEY_ID: + secretKeyRef: + name: {{ .Release.Name }}-s3-creds + key: AWS_ACCESS_KEY_ID + AWS_SECRET_ACCESS_KEY: + secretKeyRef: + name: {{ .Release.Name }}-s3-creds + key: AWS_SECRET_ACCESS_KEY +{{- end }} \ No newline at end of file diff --git a/packages/apps/foundationdb/templates/cluster.yaml b/packages/apps/foundationdb/templates/cluster.yaml new file mode 100644 index 00000000..06992cb5 --- /dev/null +++ b/packages/apps/foundationdb/templates/cluster.yaml @@ -0,0 +1,98 @@ +{{- $cozyConfig := lookup "v1" "ConfigMap" "cozy-system" "cozystack" | default (dict "data" (dict)) }} +{{- $clusterDomain := index $cozyConfig.data "cluster-domain" | default "cozy.local" }} +--- +apiVersion: apps.foundationdb.org/v1beta2 +kind: FoundationDBCluster +metadata: + name: {{ .Release.Name }} + labels: + app.kubernetes.io/name: foundationdb + app.kubernetes.io/instance: {{ .Release.Name }} + app.kubernetes.io/managed-by: {{ .Release.Service }} +spec: + version: {{ .Values.cluster.version | quote }} + + databaseConfiguration: + redundancy_mode: {{ .Values.cluster.redundancyMode }} + storage_engine: {{ .Values.cluster.storageEngine }} + + processCounts: + {{- toYaml .Values.cluster.processCounts | nindent 4 }} + + automationOptions: + replacements: + enabled: {{ .Values.automaticReplacements }} + faultDomain: + key: {{ .Values.cluster.faultDomain.key }} + {{- if .Values.cluster.faultDomain.valueFrom }} + valueFrom: {{ .Values.cluster.faultDomain.valueFrom }} + {{- end }} + imageType: {{ .Values.imageType }} + labels: + filterOnOwnerReference: false + matchLabels: + foundationdb.org/fdb-cluster-name: {{ .Release.Name }} + processClassLabels: + - foundationdb.org/fdb-process-class + processGroupIDLabels: + - foundationdb.org/fdb-process-group-id + minimumUptimeSecondsForBounce: 60 + + processes: + general: + {{- if .Values.customParameters }} + customParameters: + {{- range .Values.customParameters }} + - {{ . }} + {{- end }} + {{- end }} + podTemplate: + metadata: + labels: + policy.cozystack.io/allow-to-apiserver: "true" + spec: + serviceAccountName: {{ .Release.Name }}-foundationdb + securityContext: + fsGroup: {{ .Values.securityContext.runAsGroup }} + containers: + - name: foundationdb + resources: {{- include "cozy-lib.resources.defaultingSanitize" (list .Values.resourcesPreset .Values.resources $) | nindent 16 }} + securityContext: + {{- toYaml .Values.securityContext | nindent 16 }} + - name: foundationdb-kubernetes-sidecar + resources: + limits: + cpu: 100m + memory: 128Mi + requests: + cpu: 100m + memory: 128Mi + securityContext: + {{- toYaml .Values.securityContext | nindent 16 }} + initContainers: + - name: foundationdb-kubernetes-init + resources: + limits: + cpu: 100m + memory: 128Mi + requests: + cpu: 100m + memory: 128Mi + securityContext: + {{- toYaml .Values.securityContext | nindent 16 }} + volumeClaimTemplate: + spec: + {{- if .Values.storage.storageClass }} + storageClassName: {{ .Values.storage.storageClass }} + {{- end }} + resources: + requests: + storage: {{ .Values.storage.size }} + + routing: + dnsDomain: {{ $clusterDomain }} + defineDNSLocalityFields: true + + sidecarContainer: + enableLivenessProbe: true + enableReadinessProbe: true \ No newline at end of file diff --git a/packages/apps/foundationdb/templates/dashboard-resourcemap.yaml b/packages/apps/foundationdb/templates/dashboard-resourcemap.yaml new file mode 100644 index 00000000..ea378769 --- /dev/null +++ b/packages/apps/foundationdb/templates/dashboard-resourcemap.yaml @@ -0,0 +1,22 @@ +{{- if .Values.monitoring.enabled }} +--- +apiVersion: v1 +kind: ConfigMap +metadata: + name: {{ .Release.Name }}-resourcemap + labels: + app.kubernetes.io/name: foundationdb + app.kubernetes.io/instance: {{ .Release.Name }} + app.kubernetes.io/managed-by: {{ .Release.Service }} + app.cozystack.io/type: dashboard-resourcemap +data: + resources: | + - apiVersion: apps.foundationdb.org/v1beta2 + kind: FoundationDBCluster + name: {{ .Release.Name }} + {{- if .Values.backup.enabled }} + - apiVersion: apps.foundationdb.org/v1beta2 + kind: FoundationDBBackup + name: {{ .Release.Name }}-backup + {{- end }} +{{- end }} \ No newline at end of file diff --git a/packages/apps/foundationdb/templates/role.yaml b/packages/apps/foundationdb/templates/role.yaml new file mode 100644 index 00000000..a391a084 --- /dev/null +++ b/packages/apps/foundationdb/templates/role.yaml @@ -0,0 +1,22 @@ +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: Role +metadata: + name: {{ .Release.Name }}-foundationdb + labels: + app.kubernetes.io/name: foundationdb + app.kubernetes.io/instance: {{ .Release.Name }} + app.kubernetes.io/managed-by: {{ .Release.Service }} +rules: +- apiGroups: + - "" + resources: + - pods + verbs: + - get + - list + - watch + - create + - update + - patch + - delete \ No newline at end of file diff --git a/packages/apps/foundationdb/templates/rolebinding.yaml b/packages/apps/foundationdb/templates/rolebinding.yaml new file mode 100644 index 00000000..45b3e123 --- /dev/null +++ b/packages/apps/foundationdb/templates/rolebinding.yaml @@ -0,0 +1,17 @@ +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: RoleBinding +metadata: + name: {{ .Release.Name }}-foundationdb + labels: + app.kubernetes.io/name: foundationdb + app.kubernetes.io/instance: {{ .Release.Name }} + app.kubernetes.io/managed-by: {{ .Release.Service }} +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: Role + name: {{ .Release.Name }}-foundationdb +subjects: +- kind: ServiceAccount + name: {{ .Release.Name }}-foundationdb + namespace: {{ .Release.Namespace }} \ No newline at end of file diff --git a/packages/apps/foundationdb/templates/serviceaccount.yaml b/packages/apps/foundationdb/templates/serviceaccount.yaml new file mode 100644 index 00000000..b53143de --- /dev/null +++ b/packages/apps/foundationdb/templates/serviceaccount.yaml @@ -0,0 +1,9 @@ +--- +apiVersion: v1 +kind: ServiceAccount +metadata: + name: {{ .Release.Name }}-foundationdb + labels: + app.kubernetes.io/name: foundationdb + app.kubernetes.io/instance: {{ .Release.Name }} + app.kubernetes.io/managed-by: {{ .Release.Service }} \ No newline at end of file diff --git a/packages/apps/foundationdb/templates/workloadmonitor.yaml b/packages/apps/foundationdb/templates/workloadmonitor.yaml new file mode 100644 index 00000000..306797f3 --- /dev/null +++ b/packages/apps/foundationdb/templates/workloadmonitor.yaml @@ -0,0 +1,20 @@ +{{- if .Values.monitoring.enabled }} +--- +apiVersion: cozystack.io/v1alpha1 +kind: WorkloadMonitor +metadata: + name: {{ .Release.Name }} + labels: + app.kubernetes.io/name: foundationdb + app.kubernetes.io/instance: {{ .Release.Name }} + app.kubernetes.io/managed-by: {{ .Release.Service }} +spec: + replicas: {{ .Values.cluster.processCounts.storage }} + minReplicas: {{ include "foundationdb.minReplicas" . }} + kind: foundationdb + type: foundationdb + selector: + foundationdb.org/fdb-cluster-name: {{ .Release.Name }} + foundationdb.org/fdb-process-class: storage + version: {{ .Chart.Version }} +{{- end }} \ No newline at end of file diff --git a/packages/apps/foundationdb/values.schema.json b/packages/apps/foundationdb/values.schema.json new file mode 100644 index 00000000..675d20c6 --- /dev/null +++ b/packages/apps/foundationdb/values.schema.json @@ -0,0 +1,282 @@ +{ + "title": "Chart Values", + "type": "object", + "properties": { + "automaticReplacements": { + "description": "Enable automatic pod replacements", + "type": "boolean", + "default": true + }, + "backup": { + "description": "Backup configuration", + "type": "object", + "default": {}, + "required": [ + "enabled", + "retentionPolicy", + "s3" + ], + "properties": { + "enabled": { + "description": "Enable backups", + "type": "boolean", + "default": false + }, + "retentionPolicy": { + "description": "Retention policy for backups", + "type": "string", + "default": "7d" + }, + "s3": { + "description": "S3 configuration for backups", + "type": "object", + "default": {}, + "required": [ + "bucket", + "credentials", + "endpoint", + "region" + ], + "properties": { + "bucket": { + "description": "S3 bucket name", + "type": "string" + }, + "credentials": { + "description": "S3 credentials", + "type": "object", + "default": {}, + "required": [ + "accessKeyId", + "secretAccessKey" + ], + "properties": { + "accessKeyId": { + "description": "S3 access key ID", + "type": "string" + }, + "secretAccessKey": { + "description": "S3 secret access key", + "type": "string" + } + } + }, + "endpoint": { + "description": "S3 endpoint URL", + "type": "string" + }, + "region": { + "description": "S3 region", + "type": "string", + "default": "us-east-1" + } + } + } + } + }, + "cluster": { + "description": "Cluster configuration", + "type": "object", + "default": {}, + "required": [ + "faultDomain", + "processCounts", + "redundancyMode", + "storageEngine", + "version" + ], + "properties": { + "faultDomain": { + "description": "Fault domain configuration", + "type": "object", + "default": {}, + "required": [ + "key", + "valueFrom" + ], + "properties": { + "key": { + "description": "Fault domain key", + "type": "string", + "default": "kubernetes.io/hostname" + }, + "valueFrom": { + "description": "Fault domain value source", + "type": "string", + "default": "spec.nodeName" + } + } + }, + "processCounts": { + "description": "Process counts for different roles", + "type": "object", + "default": {}, + "required": [ + "cluster_controller", + "stateless", + "storage" + ], + "properties": { + "cluster_controller": { + "description": "Number of cluster controller processes", + "type": "integer", + "default": 1 + }, + "stateless": { + "description": "Number of stateless processes (-1 for automatic)", + "type": "integer", + "default": -1 + }, + "storage": { + "description": "Number of storage processes (determines cluster size)", + "type": "integer", + "default": 3 + } + } + }, + "redundancyMode": { + "description": "Database redundancy mode (single, double, triple, three_datacenter, three_datacenter_fallback)", + "type": "string", + "default": "double" + }, + "storageEngine": { + "description": "Storage engine (ssd-2, ssd-redwood-v1, ssd-rocksdb-v1, memory)", + "type": "string", + "default": "ssd-2" + }, + "version": { + "description": "Version of FoundationDB to use", + "type": "string", + "default": "7.3.63" + } + } + }, + "customParameters": { + "description": "Custom parameters to pass to FoundationDB", + "type": "array", + "default": [], + "items": { + "type": "string" + } + }, + "imageType": { + "description": "Container image deployment type", + "type": "string", + "default": "unified", + "enum": [ + "unified", + "split" + ] + }, + "monitoring": { + "description": "Monitoring configuration", + "type": "object", + "default": {}, + "required": [ + "enabled" + ], + "properties": { + "enabled": { + "description": "Enable WorkloadMonitor integration", + "type": "boolean", + "default": true + } + } + }, + "resources": { + "description": "Explicit CPU and memory configuration for each FoundationDB instance. When left empty, the preset defined in `resourcesPreset` is applied.", + "type": "object", + "default": {}, + "properties": { + "cpu": { + "description": "CPU available to each instance", + "pattern": "^(\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))))?$", + "anyOf": [ + { + "type": "integer" + }, + { + "type": "string" + } + ], + "x-kubernetes-int-or-string": true + }, + "memory": { + "description": "Memory (RAM) available to each instance", + "pattern": "^(\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))))?$", + "anyOf": [ + { + "type": "integer" + }, + { + "type": "string" + } + ], + "x-kubernetes-int-or-string": true + } + } + }, + "resourcesPreset": { + "description": "Default sizing preset used when `resources` is omitted. Allowed values: `small`, `medium`, `large`, `xlarge`, `2xlarge`.", + "type": "string", + "default": "medium", + "enum": [ + "small", + "medium", + "large", + "xlarge", + "2xlarge" + ] + }, + "securityContext": { + "description": "Security context for containers", + "type": "object", + "default": {}, + "required": [ + "runAsGroup", + "runAsUser" + ], + "properties": { + "runAsGroup": { + "description": "Group ID to run the container", + "type": "integer", + "default": 4059 + }, + "runAsUser": { + "description": "User ID to run the container", + "type": "integer", + "default": 4059 + } + } + }, + "storage": { + "description": "Storage configuration", + "type": "object", + "default": {}, + "required": [ + "size", + "storageClass" + ], + "properties": { + "size": { + "description": "Size of persistent volumes for each instance", + "default": "16Gi", + "pattern": "^(\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))))?$", + "anyOf": [ + { + "type": "integer" + }, + { + "type": "string" + } + ], + "x-kubernetes-int-or-string": true + }, + "storageClass": { + "description": "Storage class (if not set, uses cluster default)", + "type": "string" + } + } + } + } +} \ No newline at end of file diff --git a/packages/apps/foundationdb/values.yaml b/packages/apps/foundationdb/values.yaml new file mode 100644 index 00000000..902f986a --- /dev/null +++ b/packages/apps/foundationdb/values.yaml @@ -0,0 +1,93 @@ +# Default values for foundationdb. +# This is a YAML-formatted file. +# Declare variables to be passed into your templates. + +## @section Common parameters +## +## @param cluster {cluster} Cluster configuration +## @field cluster.processCounts {clusterProcessCounts} Process counts for different roles +## @field clusterProcessCounts.stateless {int} Number of stateless processes (-1 for automatic) +## @field clusterProcessCounts.storage {int} Number of storage processes (determines cluster size) +## @field clusterProcessCounts.cluster_controller {int} Number of cluster controller processes +## @field cluster.version {string} Version of FoundationDB to use +## @field cluster.redundancyMode {string} Database redundancy mode (single, double, triple, three_datacenter, three_datacenter_fallback) +## @field cluster.storageEngine {string} Storage engine (ssd-2, ssd-redwood-v1, ssd-rocksdb-v1, memory) +## @field cluster.faultDomain {clusterFaultDomain} Fault domain configuration +## @field clusterFaultDomain.key {string} Fault domain key +## @field clusterFaultDomain.valueFrom {string} Fault domain value source +cluster: + processCounts: + stateless: -1 # Automatically calculated + storage: 3 # Number of storage processes (determines cluster size) + cluster_controller: 1 + + version: "7.3.63" + redundancyMode: "double" # Database redundancy mode + storageEngine: "ssd-2" # Storage engine + + faultDomain: + key: "kubernetes.io/hostname" + valueFrom: "spec.nodeName" + +## @param storage {storage} Storage configuration +## @field storage.size {quantity} Size of persistent volumes for each instance +## @field storage.storageClass {string} Storage class (if not set, uses cluster default) +storage: + size: "16Gi" + storageClass: "" + +## @param resources {*resources} Explicit CPU and memory configuration for each FoundationDB instance. When left empty, the preset defined in `resourcesPreset` is applied. +## @field resources.cpu {*quantity} CPU available to each instance +## @field resources.memory {*quantity} Memory (RAM) available to each instance +resources: {} + # resources: + # cpu: 2000m + # memory: 4Gi +## @param resourcesPreset {string enum:"small,medium,large,xlarge,2xlarge"} Default sizing preset used when `resources` is omitted. Allowed values: `small`, `medium`, `large`, `xlarge`, `2xlarge`. +resourcesPreset: "medium" + +## @param backup {backup} Backup configuration +## @field backup.enabled {bool} Enable backups +## @field backup.s3 {backupS3} S3 configuration for backups +## @field backupS3.bucket {string} S3 bucket name +## @field backupS3.endpoint {string} S3 endpoint URL +## @field backupS3.region {string} S3 region +## @field backupS3.credentials {backupS3Credentials} S3 credentials +## @field backupS3Credentials.accessKeyId {string} S3 access key ID +## @field backupS3Credentials.secretAccessKey {string} S3 secret access key +## @field backup.retentionPolicy {string} Retention policy for backups +backup: + enabled: false + s3: + bucket: "" + endpoint: "" + region: "us-east-1" + credentials: + accessKeyId: "" + secretAccessKey: "" + retentionPolicy: "7d" + +## @param monitoring {monitoring} Monitoring configuration +## @field monitoring.enabled {bool} Enable WorkloadMonitor integration +monitoring: + enabled: true + +## @section FoundationDB configuration +## +## @param customParameters {[]string} Custom parameters to pass to FoundationDB +customParameters: [] +# Example: +# - knob_disable_posix_kernel_aio=1 + +## @param imageType {string enum:"unified,split"} Container image deployment type +imageType: "unified" + +## @param securityContext {securityContext} Security context for containers +## @field securityContext.runAsUser {int} User ID to run the container +## @field securityContext.runAsGroup {int} Group ID to run the container +securityContext: + runAsUser: 4059 + runAsGroup: 4059 + +## @param automaticReplacements {bool} Enable automatic pod replacements +automaticReplacements: true \ No newline at end of file diff --git a/packages/apps/http-cache/images/nginx-cache.tag b/packages/apps/http-cache/images/nginx-cache.tag index a5e4ca7b..0970e11c 100644 --- a/packages/apps/http-cache/images/nginx-cache.tag +++ b/packages/apps/http-cache/images/nginx-cache.tag @@ -1 +1 @@ -ghcr.io/cozystack/cozystack/nginx-cache:0.0.0@sha256:b7633717cd7449c0042ae92d8ca9b36e4d69566561f5c7d44e21058e7d05c6d5 +ghcr.io/cozystack/cozystack/nginx-cache:0.0.0@sha256:50ac1581e3100bd6c477a71161cb455a341ffaf9e5e2f6086802e4e25271e8af diff --git a/packages/apps/kubernetes/Makefile b/packages/apps/kubernetes/Makefile index b40d8b36..799a19bc 100644 --- a/packages/apps/kubernetes/Makefile +++ b/packages/apps/kubernetes/Makefile @@ -1,4 +1,4 @@ -KUBERNETES_VERSION = v1.32 +KUBERNETES_VERSION = v1.33 KUBERNETES_PKG_TAG = $(shell awk '$$1 == "version:" {print $$2}' Chart.yaml) include ../../../scripts/common-envs.mk diff --git a/packages/apps/kubernetes/images/kubevirt-csi-driver.tag b/packages/apps/kubernetes/images/kubevirt-csi-driver.tag index a59ba9b8..d0e37aee 100644 --- a/packages/apps/kubernetes/images/kubevirt-csi-driver.tag +++ b/packages/apps/kubernetes/images/kubevirt-csi-driver.tag @@ -1 +1 @@ -ghcr.io/cozystack/cozystack/kubevirt-csi-driver:0.0.0@sha256:f0e1d9f9e91be8e4a22be9fbe01a8b0e81aba4230b865fba9608ef7f9fb5745f +ghcr.io/cozystack/cozystack/kubevirt-csi-driver:0.0.0@sha256:c8b08084a86251cdd18e237de89b695bca0e4f7eb1f1f6ddc2b903b4d74ea5ff diff --git a/packages/apps/kubernetes/images/ubuntu-container-disk.tag b/packages/apps/kubernetes/images/ubuntu-container-disk.tag index 50416e0a..a35d1278 100644 --- a/packages/apps/kubernetes/images/ubuntu-container-disk.tag +++ b/packages/apps/kubernetes/images/ubuntu-container-disk.tag @@ -1 +1 @@ -ghcr.io/cozystack/cozystack/ubuntu-container-disk:v1.32@sha256:e53f2394c7aa76ad10818ffb945e40006cd77406999e47e036d41b8b0bf094cc +ghcr.io/cozystack/cozystack/ubuntu-container-disk:v1.33@sha256:a09724a7f95283f9130b3da2a89d81c4c6051c6edf0392a81b6fc90f404b76b6 diff --git a/packages/apps/kubernetes/templates/cluster.yaml b/packages/apps/kubernetes/templates/cluster.yaml index 7b21c07c..f275c979 100644 --- a/packages/apps/kubernetes/templates/cluster.yaml +++ b/packages/apps/kubernetes/templates/cluster.yaml @@ -266,6 +266,10 @@ metadata: {{- end }} spec: clusterName: {{ $.Release.Name }} + selector: + matchLabels: + cluster.x-k8s.io/cluster-name: {{ $.Release.Name }} + cluster.x-k8s.io/deployment-name: {{ $.Release.Name }}-{{ $groupName }} template: metadata: labels: diff --git a/packages/apps/mysql/images/mariadb-backup.tag b/packages/apps/mysql/images/mariadb-backup.tag index fb7b421d..af6247da 100644 --- a/packages/apps/mysql/images/mariadb-backup.tag +++ b/packages/apps/mysql/images/mariadb-backup.tag @@ -1 +1 @@ -ghcr.io/cozystack/cozystack/mariadb-backup:0.0.0@sha256:a3789db9e9e065ff60cbac70771b4a8aa1460db3194307cf5ca5d4fe1b412b6b +ghcr.io/cozystack/cozystack/mariadb-backup:0.0.0@sha256:1c0beb1b23a109b0e13727b4c73d2c74830e11cede92858ab20101b66f45a858 diff --git a/packages/apps/mysql/templates/backup-script.yaml b/packages/apps/mysql/templates/backup-script.yaml index c5fc8ce7..b261cdea 100644 --- a/packages/apps/mysql/templates/backup-script.yaml +++ b/packages/apps/mysql/templates/backup-script.yaml @@ -4,8 +4,6 @@ apiVersion: v1 kind: Secret metadata: name: {{ .Release.Name }}-backup-script - labels: - apps.cozystack.io/tenantresource: "false" stringData: backup.sh: | #!/bin/sh diff --git a/packages/apps/postgres/templates/init-script.yaml b/packages/apps/postgres/templates/init-script.yaml index 8d306789..80f7c4c7 100644 --- a/packages/apps/postgres/templates/init-script.yaml +++ b/packages/apps/postgres/templates/init-script.yaml @@ -20,8 +20,6 @@ apiVersion: v1 kind: Secret metadata: name: {{ .Release.Name }}-credentials -labels: - internal.cozystack.io/tenantsecret: "true" stringData: {{- range $user, $u := .Values.users }} {{ quote $user }}: {{ quote (index $passwords $user) }} @@ -32,8 +30,6 @@ apiVersion: v1 kind: Secret metadata: name: {{ .Release.Name }}-init-script - labels: - apps.cozystack.io/tenantresource: "false" stringData: init.sh: | #!/bin/bash diff --git a/packages/apps/rabbitmq/templates/rabbitmq.yaml b/packages/apps/rabbitmq/templates/rabbitmq.yaml index 7708a3af..b111285e 100644 --- a/packages/apps/rabbitmq/templates/rabbitmq.yaml +++ b/packages/apps/rabbitmq/templates/rabbitmq.yaml @@ -58,6 +58,8 @@ apiVersion: v1 kind: Secret metadata: name: {{ $.Release.Name }}-{{ kebabcase $user }}-credentials + labels: + apps.cozystack.io/user-secret: "true" type: Opaque stringData: username: {{ $user }} diff --git a/packages/apps/tenant/templates/keycloakgroups.yaml b/packages/apps/tenant/templates/keycloakgroups.yaml index 1f4cc957..59288ca4 100644 --- a/packages/apps/tenant/templates/keycloakgroups.yaml +++ b/packages/apps/tenant/templates/keycloakgroups.yaml @@ -1,6 +1,7 @@ {{- $cozyConfig := lookup "v1" "ConfigMap" "cozy-system" "cozystack" }} {{- $oidcEnabled := index $cozyConfig.data "oidc-enabled" }} {{- if eq $oidcEnabled "true" }} +{{- if .Capabilities.APIVersions.Has "v1.edp.epam.com/v1" }} apiVersion: v1.edp.epam.com/v1 kind: KeycloakRealmGroup metadata: @@ -51,3 +52,4 @@ spec: name: keycloakrealm-cozy kind: ClusterKeycloakRealm {{- end }} +{{- end }} diff --git a/packages/apps/virtual-machine/templates/service.yaml b/packages/apps/virtual-machine/templates/service.yaml index 77698a2d..d9d77825 100644 --- a/packages/apps/virtual-machine/templates/service.yaml +++ b/packages/apps/virtual-machine/templates/service.yaml @@ -5,6 +5,7 @@ kind: Service metadata: name: {{ include "virtual-machine.fullname" . }} labels: + apps.cozystack.io/user-service: "true" {{- include "virtual-machine.labels" . | nindent 4 }} annotations: networking.cozystack.io/wholeIP: "true" diff --git a/packages/apps/vm-instance/templates/service.yaml b/packages/apps/vm-instance/templates/service.yaml index 009062fd..d1ef4df9 100644 --- a/packages/apps/vm-instance/templates/service.yaml +++ b/packages/apps/vm-instance/templates/service.yaml @@ -5,6 +5,7 @@ kind: Service metadata: name: {{ include "virtual-machine.fullname" . }} labels: + apps.cozystack.io/user-service: "true" {{- include "virtual-machine.labels" . | nindent 4 }} annotations: networking.cozystack.io/wholeIP: "true" diff --git a/packages/apps/vpn/templates/secret.yaml b/packages/apps/vpn/templates/secret.yaml index b703a903..79960096 100644 --- a/packages/apps/vpn/templates/secret.yaml +++ b/packages/apps/vpn/templates/secret.yaml @@ -22,8 +22,6 @@ apiVersion: v1 kind: Secret metadata: name: {{ .Release.Name }}-vpn - labels: - apps.cozystack.io/tenantresource: "false" type: Opaque stringData: shadowbox_server_config.json: | diff --git a/packages/core/installer/images/cozystack/Dockerfile b/packages/core/installer/images/cozystack/Dockerfile index 85ae9c08..7327698e 100644 --- a/packages/core/installer/images/cozystack/Dockerfile +++ b/packages/core/installer/images/cozystack/Dockerfile @@ -34,7 +34,7 @@ FROM alpine:3.22 RUN wget -O- https://github.com/cozystack/cozypkg/raw/refs/heads/main/hack/install.sh | sh -s -- -v 1.2.0 -RUN apk add --no-cache make kubectl coreutils git jq +RUN apk add --no-cache make kubectl helm coreutils git jq COPY --from=builder /src/scripts /cozystack/scripts COPY --from=builder /src/packages/core /cozystack/packages/core diff --git a/packages/core/installer/images/talos/profiles/initramfs.yaml b/packages/core/installer/images/talos/profiles/initramfs.yaml index 7e2bdf1d..8bd0bf39 100644 --- a/packages/core/installer/images/talos/profiles/initramfs.yaml +++ b/packages/core/installer/images/talos/profiles/initramfs.yaml @@ -3,25 +3,25 @@ arch: amd64 platform: metal secureboot: false -version: v1.10.6 +version: v1.11.3 input: kernel: path: /usr/install/amd64/vmlinuz initramfs: path: /usr/install/amd64/initramfs.xz baseInstaller: - imageRef: "ghcr.io/siderolabs/installer:v1.10.6" + imageRef: "ghcr.io/siderolabs/installer:v1.11.3" systemExtensions: - - imageRef: ghcr.io/siderolabs/amd-ucode:20250708@sha256:83fdaaf4a44e8574f792f2fb9d0dc5f1ff4817179cbba9ebcb4bc3249b732556 - - imageRef: ghcr.io/siderolabs/amdgpu:20250708-v1.10.6@sha256:5e67db022f62ae9157d19cbcbcf8c96f19a040e26cfe7e0d5709a15b90413c43 - - imageRef: ghcr.io/siderolabs/bnx2-bnx2x:20250708@sha256:f0fc731f3ff1bf417e9bd4dd3f7281e25a6f4e849358a1b46eb41a15066c4bd3 - - imageRef: ghcr.io/siderolabs/intel-ice-firmware:20250708@sha256:9f4c41baa3795fd1457bbb0826a3618e7425f465e99c4647a459217c8b723e6d - - imageRef: ghcr.io/siderolabs/i915:20250708-v1.10.6@sha256:c7d17f6e4e87c8d344f54a02af20631b6cea0f3053d182649b9977857100ce79 - - imageRef: ghcr.io/siderolabs/intel-ucode:20250512@sha256:67a0e0de018229a0d44d950fb730f62311cf7fbf4e267978ebbbc42b5e6a32ae - - imageRef: ghcr.io/siderolabs/qlogic-firmware:20250708@sha256:97124ee3594ab1529c8153b633f85f2d2de1252ee8222a77f81904dcabd76815 - - imageRef: ghcr.io/siderolabs/drbd:9.2.14-v1.10.6@sha256:ca7fba878c5acb8fdfe130a39472a6c0a5c9dd74d65ba7507c09780a873b29c7 - - imageRef: ghcr.io/siderolabs/zfs:2.3.3-v1.10.6@sha256:4952ef7306cf014823b6a66cf6d29840f4c6b7b362e36f9d6e853846c7dd0025 - - imageRef: ghcr.io/siderolabs/lldpd:1.0.19@sha256:73caa3c3a6c325970d0f527963f982698154d5f39c8c045b0fc2eb51d7da7b85 + - imageRef: ghcr.io/siderolabs/amd-ucode:20250917@sha256:ff11ee9f1565d9f9b095a3dc41fb7962b211169b2ef05d658a488398cb98e2d2 + - imageRef: ghcr.io/siderolabs/amdgpu:20250917-v1.11.3@sha256:527b694ddbc4b40e9529d736bfe9874cc786773aa5a1070bbefe77feb9a8a304 + - imageRef: ghcr.io/siderolabs/bnx2-bnx2x:20250917@sha256:ac6aaaa0d3312e72279a5cde7de0d71fb61774aa2f97a4e56dd914a9f1dde4d1 + - imageRef: ghcr.io/siderolabs/intel-ice-firmware:20250917@sha256:c25225c371e81485c64f339864ede410b560f07eb0fc2702a73315e977a6323d + - imageRef: ghcr.io/siderolabs/i915:20250917-v1.11.3@sha256:e8db985ff2ef702d5f3989b0138e1b9dd5ac5e885a3adefa5b42ee6fa32b7027 + - imageRef: ghcr.io/siderolabs/intel-ucode:20250812@sha256:31142ac037235e6779eea9f638e6399080a1f09e7c323ffa30b37488004057a5 + - imageRef: ghcr.io/siderolabs/qlogic-firmware:20250917@sha256:7094e5db6931a1b68240416b65ddc0f3b546bd9b8520e3cfb1ddebcbfc83e890 + - imageRef: ghcr.io/siderolabs/drbd:9.2.14-v1.11.3@sha256:4393756875751e2664a04e96c1ccff84c99958ca819dd93b46b82ad8f3b4be67 + - imageRef: ghcr.io/siderolabs/zfs:2.3.3-v1.11.3@sha256:3c0b34a760914980ac234e66f130d829e428018e46420b7bca33219b1cc2dd87 + - imageRef: ghcr.io/siderolabs/lldpd:1.0.20@sha256:4c6370518f5b2e1f03214a6ed54778eaea663fda8850e3f4da174ed69b636172 output: kind: initramfs imageOptions: {} diff --git a/packages/core/installer/images/talos/profiles/installer.yaml b/packages/core/installer/images/talos/profiles/installer.yaml index 7ad604a2..554423ee 100644 --- a/packages/core/installer/images/talos/profiles/installer.yaml +++ b/packages/core/installer/images/talos/profiles/installer.yaml @@ -3,25 +3,25 @@ arch: amd64 platform: metal secureboot: false -version: v1.10.6 +version: v1.11.3 input: kernel: path: /usr/install/amd64/vmlinuz initramfs: path: /usr/install/amd64/initramfs.xz baseInstaller: - imageRef: "ghcr.io/siderolabs/installer:v1.10.6" + imageRef: "ghcr.io/siderolabs/installer:v1.11.3" systemExtensions: - - imageRef: ghcr.io/siderolabs/amd-ucode:20250708@sha256:83fdaaf4a44e8574f792f2fb9d0dc5f1ff4817179cbba9ebcb4bc3249b732556 - - imageRef: ghcr.io/siderolabs/amdgpu:20250708-v1.10.6@sha256:5e67db022f62ae9157d19cbcbcf8c96f19a040e26cfe7e0d5709a15b90413c43 - - imageRef: ghcr.io/siderolabs/bnx2-bnx2x:20250708@sha256:f0fc731f3ff1bf417e9bd4dd3f7281e25a6f4e849358a1b46eb41a15066c4bd3 - - imageRef: ghcr.io/siderolabs/intel-ice-firmware:20250708@sha256:9f4c41baa3795fd1457bbb0826a3618e7425f465e99c4647a459217c8b723e6d - - imageRef: ghcr.io/siderolabs/i915:20250708-v1.10.6@sha256:c7d17f6e4e87c8d344f54a02af20631b6cea0f3053d182649b9977857100ce79 - - imageRef: ghcr.io/siderolabs/intel-ucode:20250512@sha256:67a0e0de018229a0d44d950fb730f62311cf7fbf4e267978ebbbc42b5e6a32ae - - imageRef: ghcr.io/siderolabs/qlogic-firmware:20250708@sha256:97124ee3594ab1529c8153b633f85f2d2de1252ee8222a77f81904dcabd76815 - - imageRef: ghcr.io/siderolabs/drbd:9.2.14-v1.10.6@sha256:ca7fba878c5acb8fdfe130a39472a6c0a5c9dd74d65ba7507c09780a873b29c7 - - imageRef: ghcr.io/siderolabs/zfs:2.3.3-v1.10.6@sha256:4952ef7306cf014823b6a66cf6d29840f4c6b7b362e36f9d6e853846c7dd0025 - - imageRef: ghcr.io/siderolabs/lldpd:1.0.19@sha256:73caa3c3a6c325970d0f527963f982698154d5f39c8c045b0fc2eb51d7da7b85 + - imageRef: ghcr.io/siderolabs/amd-ucode:20250917@sha256:ff11ee9f1565d9f9b095a3dc41fb7962b211169b2ef05d658a488398cb98e2d2 + - imageRef: ghcr.io/siderolabs/amdgpu:20250917-v1.11.3@sha256:527b694ddbc4b40e9529d736bfe9874cc786773aa5a1070bbefe77feb9a8a304 + - imageRef: ghcr.io/siderolabs/bnx2-bnx2x:20250917@sha256:ac6aaaa0d3312e72279a5cde7de0d71fb61774aa2f97a4e56dd914a9f1dde4d1 + - imageRef: ghcr.io/siderolabs/intel-ice-firmware:20250917@sha256:c25225c371e81485c64f339864ede410b560f07eb0fc2702a73315e977a6323d + - imageRef: ghcr.io/siderolabs/i915:20250917-v1.11.3@sha256:e8db985ff2ef702d5f3989b0138e1b9dd5ac5e885a3adefa5b42ee6fa32b7027 + - imageRef: ghcr.io/siderolabs/intel-ucode:20250812@sha256:31142ac037235e6779eea9f638e6399080a1f09e7c323ffa30b37488004057a5 + - imageRef: ghcr.io/siderolabs/qlogic-firmware:20250917@sha256:7094e5db6931a1b68240416b65ddc0f3b546bd9b8520e3cfb1ddebcbfc83e890 + - imageRef: ghcr.io/siderolabs/drbd:9.2.14-v1.11.3@sha256:4393756875751e2664a04e96c1ccff84c99958ca819dd93b46b82ad8f3b4be67 + - imageRef: ghcr.io/siderolabs/zfs:2.3.3-v1.11.3@sha256:3c0b34a760914980ac234e66f130d829e428018e46420b7bca33219b1cc2dd87 + - imageRef: ghcr.io/siderolabs/lldpd:1.0.20@sha256:4c6370518f5b2e1f03214a6ed54778eaea663fda8850e3f4da174ed69b636172 output: kind: installer imageOptions: {} diff --git a/packages/core/installer/images/talos/profiles/iso.yaml b/packages/core/installer/images/talos/profiles/iso.yaml index 326917e4..9f148153 100644 --- a/packages/core/installer/images/talos/profiles/iso.yaml +++ b/packages/core/installer/images/talos/profiles/iso.yaml @@ -3,25 +3,25 @@ arch: amd64 platform: metal secureboot: false -version: v1.10.6 +version: v1.11.3 input: kernel: path: /usr/install/amd64/vmlinuz initramfs: path: /usr/install/amd64/initramfs.xz baseInstaller: - imageRef: "ghcr.io/siderolabs/installer:v1.10.6" + imageRef: "ghcr.io/siderolabs/installer:v1.11.3" systemExtensions: - - imageRef: ghcr.io/siderolabs/amd-ucode:20250708@sha256:83fdaaf4a44e8574f792f2fb9d0dc5f1ff4817179cbba9ebcb4bc3249b732556 - - imageRef: ghcr.io/siderolabs/amdgpu:20250708-v1.10.6@sha256:5e67db022f62ae9157d19cbcbcf8c96f19a040e26cfe7e0d5709a15b90413c43 - - imageRef: ghcr.io/siderolabs/bnx2-bnx2x:20250708@sha256:f0fc731f3ff1bf417e9bd4dd3f7281e25a6f4e849358a1b46eb41a15066c4bd3 - - imageRef: ghcr.io/siderolabs/intel-ice-firmware:20250708@sha256:9f4c41baa3795fd1457bbb0826a3618e7425f465e99c4647a459217c8b723e6d - - imageRef: ghcr.io/siderolabs/i915:20250708-v1.10.6@sha256:c7d17f6e4e87c8d344f54a02af20631b6cea0f3053d182649b9977857100ce79 - - imageRef: ghcr.io/siderolabs/intel-ucode:20250512@sha256:67a0e0de018229a0d44d950fb730f62311cf7fbf4e267978ebbbc42b5e6a32ae - - imageRef: ghcr.io/siderolabs/qlogic-firmware:20250708@sha256:97124ee3594ab1529c8153b633f85f2d2de1252ee8222a77f81904dcabd76815 - - imageRef: ghcr.io/siderolabs/drbd:9.2.14-v1.10.6@sha256:ca7fba878c5acb8fdfe130a39472a6c0a5c9dd74d65ba7507c09780a873b29c7 - - imageRef: ghcr.io/siderolabs/zfs:2.3.3-v1.10.6@sha256:4952ef7306cf014823b6a66cf6d29840f4c6b7b362e36f9d6e853846c7dd0025 - - imageRef: ghcr.io/siderolabs/lldpd:1.0.19@sha256:73caa3c3a6c325970d0f527963f982698154d5f39c8c045b0fc2eb51d7da7b85 + - imageRef: ghcr.io/siderolabs/amd-ucode:20250917@sha256:ff11ee9f1565d9f9b095a3dc41fb7962b211169b2ef05d658a488398cb98e2d2 + - imageRef: ghcr.io/siderolabs/amdgpu:20250917-v1.11.3@sha256:527b694ddbc4b40e9529d736bfe9874cc786773aa5a1070bbefe77feb9a8a304 + - imageRef: ghcr.io/siderolabs/bnx2-bnx2x:20250917@sha256:ac6aaaa0d3312e72279a5cde7de0d71fb61774aa2f97a4e56dd914a9f1dde4d1 + - imageRef: ghcr.io/siderolabs/intel-ice-firmware:20250917@sha256:c25225c371e81485c64f339864ede410b560f07eb0fc2702a73315e977a6323d + - imageRef: ghcr.io/siderolabs/i915:20250917-v1.11.3@sha256:e8db985ff2ef702d5f3989b0138e1b9dd5ac5e885a3adefa5b42ee6fa32b7027 + - imageRef: ghcr.io/siderolabs/intel-ucode:20250812@sha256:31142ac037235e6779eea9f638e6399080a1f09e7c323ffa30b37488004057a5 + - imageRef: ghcr.io/siderolabs/qlogic-firmware:20250917@sha256:7094e5db6931a1b68240416b65ddc0f3b546bd9b8520e3cfb1ddebcbfc83e890 + - imageRef: ghcr.io/siderolabs/drbd:9.2.14-v1.11.3@sha256:4393756875751e2664a04e96c1ccff84c99958ca819dd93b46b82ad8f3b4be67 + - imageRef: ghcr.io/siderolabs/zfs:2.3.3-v1.11.3@sha256:3c0b34a760914980ac234e66f130d829e428018e46420b7bca33219b1cc2dd87 + - imageRef: ghcr.io/siderolabs/lldpd:1.0.20@sha256:4c6370518f5b2e1f03214a6ed54778eaea663fda8850e3f4da174ed69b636172 output: kind: iso imageOptions: {} diff --git a/packages/core/installer/images/talos/profiles/kernel.yaml b/packages/core/installer/images/talos/profiles/kernel.yaml index 89cf5371..b4dfe053 100644 --- a/packages/core/installer/images/talos/profiles/kernel.yaml +++ b/packages/core/installer/images/talos/profiles/kernel.yaml @@ -3,25 +3,25 @@ arch: amd64 platform: metal secureboot: false -version: v1.10.6 +version: v1.11.3 input: kernel: path: /usr/install/amd64/vmlinuz initramfs: path: /usr/install/amd64/initramfs.xz baseInstaller: - imageRef: "ghcr.io/siderolabs/installer:v1.10.6" + imageRef: "ghcr.io/siderolabs/installer:v1.11.3" systemExtensions: - - imageRef: ghcr.io/siderolabs/amd-ucode:20250708@sha256:83fdaaf4a44e8574f792f2fb9d0dc5f1ff4817179cbba9ebcb4bc3249b732556 - - imageRef: ghcr.io/siderolabs/amdgpu:20250708-v1.10.6@sha256:5e67db022f62ae9157d19cbcbcf8c96f19a040e26cfe7e0d5709a15b90413c43 - - imageRef: ghcr.io/siderolabs/bnx2-bnx2x:20250708@sha256:f0fc731f3ff1bf417e9bd4dd3f7281e25a6f4e849358a1b46eb41a15066c4bd3 - - imageRef: ghcr.io/siderolabs/intel-ice-firmware:20250708@sha256:9f4c41baa3795fd1457bbb0826a3618e7425f465e99c4647a459217c8b723e6d - - imageRef: ghcr.io/siderolabs/i915:20250708-v1.10.6@sha256:c7d17f6e4e87c8d344f54a02af20631b6cea0f3053d182649b9977857100ce79 - - imageRef: ghcr.io/siderolabs/intel-ucode:20250512@sha256:67a0e0de018229a0d44d950fb730f62311cf7fbf4e267978ebbbc42b5e6a32ae - - imageRef: ghcr.io/siderolabs/qlogic-firmware:20250708@sha256:97124ee3594ab1529c8153b633f85f2d2de1252ee8222a77f81904dcabd76815 - - imageRef: ghcr.io/siderolabs/drbd:9.2.14-v1.10.6@sha256:ca7fba878c5acb8fdfe130a39472a6c0a5c9dd74d65ba7507c09780a873b29c7 - - imageRef: ghcr.io/siderolabs/zfs:2.3.3-v1.10.6@sha256:4952ef7306cf014823b6a66cf6d29840f4c6b7b362e36f9d6e853846c7dd0025 - - imageRef: ghcr.io/siderolabs/lldpd:1.0.19@sha256:73caa3c3a6c325970d0f527963f982698154d5f39c8c045b0fc2eb51d7da7b85 + - imageRef: ghcr.io/siderolabs/amd-ucode:20250917@sha256:ff11ee9f1565d9f9b095a3dc41fb7962b211169b2ef05d658a488398cb98e2d2 + - imageRef: ghcr.io/siderolabs/amdgpu:20250917-v1.11.3@sha256:527b694ddbc4b40e9529d736bfe9874cc786773aa5a1070bbefe77feb9a8a304 + - imageRef: ghcr.io/siderolabs/bnx2-bnx2x:20250917@sha256:ac6aaaa0d3312e72279a5cde7de0d71fb61774aa2f97a4e56dd914a9f1dde4d1 + - imageRef: ghcr.io/siderolabs/intel-ice-firmware:20250917@sha256:c25225c371e81485c64f339864ede410b560f07eb0fc2702a73315e977a6323d + - imageRef: ghcr.io/siderolabs/i915:20250917-v1.11.3@sha256:e8db985ff2ef702d5f3989b0138e1b9dd5ac5e885a3adefa5b42ee6fa32b7027 + - imageRef: ghcr.io/siderolabs/intel-ucode:20250812@sha256:31142ac037235e6779eea9f638e6399080a1f09e7c323ffa30b37488004057a5 + - imageRef: ghcr.io/siderolabs/qlogic-firmware:20250917@sha256:7094e5db6931a1b68240416b65ddc0f3b546bd9b8520e3cfb1ddebcbfc83e890 + - imageRef: ghcr.io/siderolabs/drbd:9.2.14-v1.11.3@sha256:4393756875751e2664a04e96c1ccff84c99958ca819dd93b46b82ad8f3b4be67 + - imageRef: ghcr.io/siderolabs/zfs:2.3.3-v1.11.3@sha256:3c0b34a760914980ac234e66f130d829e428018e46420b7bca33219b1cc2dd87 + - imageRef: ghcr.io/siderolabs/lldpd:1.0.20@sha256:4c6370518f5b2e1f03214a6ed54778eaea663fda8850e3f4da174ed69b636172 output: kind: kernel imageOptions: {} diff --git a/packages/core/installer/images/talos/profiles/metal.yaml b/packages/core/installer/images/talos/profiles/metal.yaml index 8e1f1ebb..3b200e76 100644 --- a/packages/core/installer/images/talos/profiles/metal.yaml +++ b/packages/core/installer/images/talos/profiles/metal.yaml @@ -3,25 +3,25 @@ arch: amd64 platform: metal secureboot: false -version: v1.10.6 +version: v1.11.3 input: kernel: path: /usr/install/amd64/vmlinuz initramfs: path: /usr/install/amd64/initramfs.xz baseInstaller: - imageRef: "ghcr.io/siderolabs/installer:v1.10.6" + imageRef: "ghcr.io/siderolabs/installer:v1.11.3" systemExtensions: - - imageRef: ghcr.io/siderolabs/amd-ucode:20250708@sha256:83fdaaf4a44e8574f792f2fb9d0dc5f1ff4817179cbba9ebcb4bc3249b732556 - - imageRef: ghcr.io/siderolabs/amdgpu:20250708-v1.10.6@sha256:5e67db022f62ae9157d19cbcbcf8c96f19a040e26cfe7e0d5709a15b90413c43 - - imageRef: ghcr.io/siderolabs/bnx2-bnx2x:20250708@sha256:f0fc731f3ff1bf417e9bd4dd3f7281e25a6f4e849358a1b46eb41a15066c4bd3 - - imageRef: ghcr.io/siderolabs/intel-ice-firmware:20250708@sha256:9f4c41baa3795fd1457bbb0826a3618e7425f465e99c4647a459217c8b723e6d - - imageRef: ghcr.io/siderolabs/i915:20250708-v1.10.6@sha256:c7d17f6e4e87c8d344f54a02af20631b6cea0f3053d182649b9977857100ce79 - - imageRef: ghcr.io/siderolabs/intel-ucode:20250512@sha256:67a0e0de018229a0d44d950fb730f62311cf7fbf4e267978ebbbc42b5e6a32ae - - imageRef: ghcr.io/siderolabs/qlogic-firmware:20250708@sha256:97124ee3594ab1529c8153b633f85f2d2de1252ee8222a77f81904dcabd76815 - - imageRef: ghcr.io/siderolabs/drbd:9.2.14-v1.10.6@sha256:ca7fba878c5acb8fdfe130a39472a6c0a5c9dd74d65ba7507c09780a873b29c7 - - imageRef: ghcr.io/siderolabs/zfs:2.3.3-v1.10.6@sha256:4952ef7306cf014823b6a66cf6d29840f4c6b7b362e36f9d6e853846c7dd0025 - - imageRef: ghcr.io/siderolabs/lldpd:1.0.19@sha256:73caa3c3a6c325970d0f527963f982698154d5f39c8c045b0fc2eb51d7da7b85 + - imageRef: ghcr.io/siderolabs/amd-ucode:20250917@sha256:ff11ee9f1565d9f9b095a3dc41fb7962b211169b2ef05d658a488398cb98e2d2 + - imageRef: ghcr.io/siderolabs/amdgpu:20250917-v1.11.3@sha256:527b694ddbc4b40e9529d736bfe9874cc786773aa5a1070bbefe77feb9a8a304 + - imageRef: ghcr.io/siderolabs/bnx2-bnx2x:20250917@sha256:ac6aaaa0d3312e72279a5cde7de0d71fb61774aa2f97a4e56dd914a9f1dde4d1 + - imageRef: ghcr.io/siderolabs/intel-ice-firmware:20250917@sha256:c25225c371e81485c64f339864ede410b560f07eb0fc2702a73315e977a6323d + - imageRef: ghcr.io/siderolabs/i915:20250917-v1.11.3@sha256:e8db985ff2ef702d5f3989b0138e1b9dd5ac5e885a3adefa5b42ee6fa32b7027 + - imageRef: ghcr.io/siderolabs/intel-ucode:20250812@sha256:31142ac037235e6779eea9f638e6399080a1f09e7c323ffa30b37488004057a5 + - imageRef: ghcr.io/siderolabs/qlogic-firmware:20250917@sha256:7094e5db6931a1b68240416b65ddc0f3b546bd9b8520e3cfb1ddebcbfc83e890 + - imageRef: ghcr.io/siderolabs/drbd:9.2.14-v1.11.3@sha256:4393756875751e2664a04e96c1ccff84c99958ca819dd93b46b82ad8f3b4be67 + - imageRef: ghcr.io/siderolabs/zfs:2.3.3-v1.11.3@sha256:3c0b34a760914980ac234e66f130d829e428018e46420b7bca33219b1cc2dd87 + - imageRef: ghcr.io/siderolabs/lldpd:1.0.20@sha256:4c6370518f5b2e1f03214a6ed54778eaea663fda8850e3f4da174ed69b636172 output: kind: image imageOptions: { diskSize: 1306525696, diskFormat: raw } diff --git a/packages/core/installer/images/talos/profiles/nocloud.yaml b/packages/core/installer/images/talos/profiles/nocloud.yaml index c9604759..f3f3f31a 100644 --- a/packages/core/installer/images/talos/profiles/nocloud.yaml +++ b/packages/core/installer/images/talos/profiles/nocloud.yaml @@ -3,25 +3,25 @@ arch: amd64 platform: nocloud secureboot: false -version: v1.10.6 +version: v1.11.3 input: kernel: path: /usr/install/amd64/vmlinuz initramfs: path: /usr/install/amd64/initramfs.xz baseInstaller: - imageRef: "ghcr.io/siderolabs/installer:v1.10.6" + imageRef: "ghcr.io/siderolabs/installer:v1.11.3" systemExtensions: - - imageRef: ghcr.io/siderolabs/amd-ucode:20250708@sha256:83fdaaf4a44e8574f792f2fb9d0dc5f1ff4817179cbba9ebcb4bc3249b732556 - - imageRef: ghcr.io/siderolabs/amdgpu:20250708-v1.10.6@sha256:5e67db022f62ae9157d19cbcbcf8c96f19a040e26cfe7e0d5709a15b90413c43 - - imageRef: ghcr.io/siderolabs/bnx2-bnx2x:20250708@sha256:f0fc731f3ff1bf417e9bd4dd3f7281e25a6f4e849358a1b46eb41a15066c4bd3 - - imageRef: ghcr.io/siderolabs/intel-ice-firmware:20250708@sha256:9f4c41baa3795fd1457bbb0826a3618e7425f465e99c4647a459217c8b723e6d - - imageRef: ghcr.io/siderolabs/i915:20250708-v1.10.6@sha256:c7d17f6e4e87c8d344f54a02af20631b6cea0f3053d182649b9977857100ce79 - - imageRef: ghcr.io/siderolabs/intel-ucode:20250512@sha256:67a0e0de018229a0d44d950fb730f62311cf7fbf4e267978ebbbc42b5e6a32ae - - imageRef: ghcr.io/siderolabs/qlogic-firmware:20250708@sha256:97124ee3594ab1529c8153b633f85f2d2de1252ee8222a77f81904dcabd76815 - - imageRef: ghcr.io/siderolabs/drbd:9.2.14-v1.10.6@sha256:ca7fba878c5acb8fdfe130a39472a6c0a5c9dd74d65ba7507c09780a873b29c7 - - imageRef: ghcr.io/siderolabs/zfs:2.3.3-v1.10.6@sha256:4952ef7306cf014823b6a66cf6d29840f4c6b7b362e36f9d6e853846c7dd0025 - - imageRef: ghcr.io/siderolabs/lldpd:1.0.19@sha256:73caa3c3a6c325970d0f527963f982698154d5f39c8c045b0fc2eb51d7da7b85 + - imageRef: ghcr.io/siderolabs/amd-ucode:20250917@sha256:ff11ee9f1565d9f9b095a3dc41fb7962b211169b2ef05d658a488398cb98e2d2 + - imageRef: ghcr.io/siderolabs/amdgpu:20250917-v1.11.3@sha256:527b694ddbc4b40e9529d736bfe9874cc786773aa5a1070bbefe77feb9a8a304 + - imageRef: ghcr.io/siderolabs/bnx2-bnx2x:20250917@sha256:ac6aaaa0d3312e72279a5cde7de0d71fb61774aa2f97a4e56dd914a9f1dde4d1 + - imageRef: ghcr.io/siderolabs/intel-ice-firmware:20250917@sha256:c25225c371e81485c64f339864ede410b560f07eb0fc2702a73315e977a6323d + - imageRef: ghcr.io/siderolabs/i915:20250917-v1.11.3@sha256:e8db985ff2ef702d5f3989b0138e1b9dd5ac5e885a3adefa5b42ee6fa32b7027 + - imageRef: ghcr.io/siderolabs/intel-ucode:20250812@sha256:31142ac037235e6779eea9f638e6399080a1f09e7c323ffa30b37488004057a5 + - imageRef: ghcr.io/siderolabs/qlogic-firmware:20250917@sha256:7094e5db6931a1b68240416b65ddc0f3b546bd9b8520e3cfb1ddebcbfc83e890 + - imageRef: ghcr.io/siderolabs/drbd:9.2.14-v1.11.3@sha256:4393756875751e2664a04e96c1ccff84c99958ca819dd93b46b82ad8f3b4be67 + - imageRef: ghcr.io/siderolabs/zfs:2.3.3-v1.11.3@sha256:3c0b34a760914980ac234e66f130d829e428018e46420b7bca33219b1cc2dd87 + - imageRef: ghcr.io/siderolabs/lldpd:1.0.20@sha256:4c6370518f5b2e1f03214a6ed54778eaea663fda8850e3f4da174ed69b636172 output: kind: image imageOptions: { diskSize: 1306525696, diskFormat: raw } diff --git a/packages/core/installer/values.yaml b/packages/core/installer/values.yaml index ffdb65af..fc7c81fa 100644 --- a/packages/core/installer/values.yaml +++ b/packages/core/installer/values.yaml @@ -1,2 +1,2 @@ cozystack: - image: ghcr.io/cozystack/cozystack/installer:v0.37.0-alpha.2@sha256:ee9fa3a0c7599bb66be2842050aba58660fe497f6878b6ebd3ca0047c349b3ad + image: ghcr.io/cozystack/cozystack/installer:v0.37.0@sha256:256c5a0f0ae2fc3ad6865b9fda74c42945b38a5384240fa29554617185b60556 diff --git a/packages/core/platform/bundles/distro-full.yaml b/packages/core/platform/bundles/distro-full.yaml index fbcf2ba9..ed52a83a 100644 --- a/packages/core/platform/bundles/distro-full.yaml +++ b/packages/core/platform/bundles/distro-full.yaml @@ -68,6 +68,12 @@ releases: disableTelemetry: true {{- end }} +- name: lineage-controller-webhook + releaseName: lineage-controller-webhook + chart: cozy-lineage-controller-webhook + namespace: cozy-system + dependsOn: [cozystack-controller,cilium,cert-manager] + - name: cert-manager releaseName: cert-manager chart: cozy-cert-manager @@ -155,6 +161,13 @@ releases: optional: true dependsOn: [cilium,victoria-metrics-operator] +- name: foundationdb-operator + releaseName: foundationdb-operator + chart: cozy-foundationdb-operator + namespace: cozy-foundationdb-operator + optional: true + dependsOn: [cilium,cert-manager] + - name: rabbitmq-operator releaseName: rabbitmq-operator chart: cozy-rabbitmq-operator diff --git a/packages/core/platform/bundles/distro-hosted.yaml b/packages/core/platform/bundles/distro-hosted.yaml index c24232c6..83aa81d9 100644 --- a/packages/core/platform/bundles/distro-hosted.yaml +++ b/packages/core/platform/bundles/distro-hosted.yaml @@ -36,6 +36,12 @@ releases: disableTelemetry: true {{- end }} +- name: lineage-controller-webhook + releaseName: lineage-controller-webhook + chart: cozy-lineage-controller-webhook + namespace: cozy-system + dependsOn: [cozystack-controller,cert-manager] + - name: cert-manager releaseName: cert-manager chart: cozy-cert-manager @@ -116,6 +122,13 @@ releases: optional: true dependsOn: [victoria-metrics-operator] +- name: foundationdb-operator + releaseName: foundationdb-operator + chart: cozy-foundationdb-operator + namespace: cozy-foundationdb-operator + optional: true + dependsOn: [cert-manager] + - name: rabbitmq-operator releaseName: rabbitmq-operator chart: cozy-rabbitmq-operator diff --git a/packages/core/platform/bundles/paas-full.yaml b/packages/core/platform/bundles/paas-full.yaml index 2343e97e..2322aee2 100644 --- a/packages/core/platform/bundles/paas-full.yaml +++ b/packages/core/platform/bundles/paas-full.yaml @@ -105,6 +105,24 @@ releases: disableTelemetry: true {{- end }} +- name: lineage-controller-webhook + releaseName: lineage-controller-webhook + chart: cozy-lineage-controller-webhook + namespace: cozy-system + dependsOn: [cozystack-controller,cilium,kubeovn,cert-manager] + +- name: cozystack-resource-definition-crd + releaseName: cozystack-resource-definition-crd + chart: cozystack-resource-definition-crd + namespace: cozy-system + dependsOn: [cilium,kubeovn,cozystack-api,cozystack-controller] + +- name: cozystack-resource-definitions + releaseName: cozystack-resource-definitions + chart: cozystack-resource-definitions + namespace: cozy-system + dependsOn: [cilium,kubeovn,cozystack-api,cozystack-controller,cozystack-resource-definition-crd] + - name: cert-manager releaseName: cert-manager chart: cozy-cert-manager @@ -230,6 +248,12 @@ releases: namespace: cozy-clickhouse-operator dependsOn: [cilium,kubeovn,victoria-metrics-operator] +- name: foundationdb-operator + releaseName: foundationdb-operator + chart: cozy-foundationdb-operator + namespace: cozy-foundationdb-operator + dependsOn: [cilium,kubeovn,cert-manager] + - name: rabbitmq-operator releaseName: rabbitmq-operator chart: cozy-rabbitmq-operator diff --git a/packages/core/platform/bundles/paas-hosted.yaml b/packages/core/platform/bundles/paas-hosted.yaml index 710dd439..93593673 100644 --- a/packages/core/platform/bundles/paas-hosted.yaml +++ b/packages/core/platform/bundles/paas-hosted.yaml @@ -52,6 +52,24 @@ releases: disableTelemetry: true {{- end }} +- name: lineage-controller-webhook + releaseName: lineage-controller-webhook + chart: cozy-lineage-controller-webhook + namespace: cozy-system + dependsOn: [cozystack-controller,cert-manager] + +- name: cozystack-resource-definition-crd + releaseName: cozystack-resource-definition-crd + chart: cozystack-resource-definition-crd + namespace: cozy-system + dependsOn: [cozystack-api,cozystack-controller] + +- name: cozystack-resource-definitions + releaseName: cozystack-resource-definitions + chart: cozystack-resource-definitions + namespace: cozy-system + dependsOn: [cozystack-api,cozystack-controller,cozystack-resource-definition-crd] + - name: cert-manager releaseName: cert-manager chart: cozy-cert-manager @@ -123,6 +141,12 @@ releases: namespace: cozy-clickhouse-operator dependsOn: [victoria-metrics-operator] +- name: foundationdb-operator + releaseName: foundationdb-operator + chart: cozy-foundationdb-operator + namespace: cozy-foundationdb-operator + dependsOn: [cert-manager] + - name: rabbitmq-operator releaseName: rabbitmq-operator chart: cozy-rabbitmq-operator diff --git a/packages/core/testing/values.yaml b/packages/core/testing/values.yaml index d4c20ba1..bcc94ce3 100755 --- a/packages/core/testing/values.yaml +++ b/packages/core/testing/values.yaml @@ -1,2 +1,2 @@ e2e: - image: ghcr.io/cozystack/cozystack/e2e-sandbox:v0.37.0-alpha.2@sha256:de82519817d9f7447c7f5e957df590cf3150c24c8d048ccbf954550bb0999123 + image: ghcr.io/cozystack/cozystack/e2e-sandbox:v0.37.0@sha256:10afd0a6c39248ec41d0e59ff1bc6c29bd0075b7cc9a512b01cf603ef39c33ea diff --git a/packages/extra/bootbox/images/matchbox.tag b/packages/extra/bootbox/images/matchbox.tag index c46ae808..6060afa4 100644 --- a/packages/extra/bootbox/images/matchbox.tag +++ b/packages/extra/bootbox/images/matchbox.tag @@ -1 +1 @@ -ghcr.io/cozystack/cozystack/matchbox:v0.37.0-alpha.2@sha256:868c37a32d767ed75a1ec9ae1a2a0d26a08f89b7b149dd095cb27b94f3d385df +ghcr.io/cozystack/cozystack/matchbox:v0.37.0@sha256:5cca5f56b755285aefa11b1052fe55e1aa83b25bae34aef80cdb77ff63091044 diff --git a/packages/extra/etcd/README.md b/packages/extra/etcd/README.md index 8b2253ae..3bdb920b 100644 --- a/packages/extra/etcd/README.md +++ b/packages/extra/etcd/README.md @@ -4,12 +4,12 @@ ### Common parameters -| Name | Description | Type | Value | -| ------------------ | ----------------------------------- | ----------- | ------ | -| `size` | Persistent Volume size | `*quantity` | `4Gi` | -| `storageClass` | StorageClass used to store the data | `*string` | `""` | -| `replicas` | Number of etcd replicas | `*int` | `3` | -| `resources` | Resource configuration for etcd | `*object` | `null` | -| `resources.cpu` | The number of CPU cores allocated | `*quantity` | `4` | -| `resources.memory` | The amount of memory allocated | `*quantity` | `1Gi` | +| Name | Description | Type | Value | +| ------------------ | ----------------------------------- | ----------- | ------- | +| `size` | Persistent Volume size | `*quantity` | `4Gi` | +| `storageClass` | StorageClass used to store the data | `*string` | `""` | +| `replicas` | Number of etcd replicas | `*int` | `3` | +| `resources` | Resource configuration for etcd | `*object` | `null` | +| `resources.cpu` | The number of CPU cores allocated | `*quantity` | `1000m` | +| `resources.memory` | The amount of memory allocated | `*quantity` | `512Mi` | diff --git a/packages/extra/etcd/templates/vpa.yaml b/packages/extra/etcd/templates/vpa.yaml new file mode 100644 index 00000000..57055cbd --- /dev/null +++ b/packages/extra/etcd/templates/vpa.yaml @@ -0,0 +1,21 @@ +--- +apiVersion: autoscaling.k8s.io/v1 +kind: VerticalPodAutoscaler +metadata: + name: etcd +spec: + targetRef: + apiVersion: apps/v1 + kind: StatefulSet + name: etcd + updatePolicy: + updateMode: Auto + resourcePolicy: + containerPolicies: + - containerName: etcd + {{- with dict "cpu" "250m" "memory" "256Mi" }} + minAllowed: {{- get (include "cozy-lib.resources.sanitize" (list . $) | fromYaml) "requests" | toYaml | nindent 8 }} + {{- end }} + {{- with dict "cpu" "5000m" "memory" "8Gi" }} + maxAllowed: {{- get (include "cozy-lib.resources.sanitize" (list . $) | fromYaml) "requests" | toYaml | nindent 8 }} + {{- end }} diff --git a/packages/extra/etcd/values.schema.json b/packages/extra/etcd/values.schema.json index 57c5fee1..ee6960de 100644 --- a/packages/extra/etcd/values.schema.json +++ b/packages/extra/etcd/values.schema.json @@ -14,7 +14,7 @@ "properties": { "cpu": { "description": "The number of CPU cores allocated", - "default": 4, + "default": "1000m", "pattern": "^(\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))))?$", "anyOf": [ { @@ -28,7 +28,7 @@ }, "memory": { "description": "The amount of memory allocated", - "default": "1Gi", + "default": "512Mi", "pattern": "^(\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))))?$", "anyOf": [ { diff --git a/packages/extra/etcd/values.yaml b/packages/extra/etcd/values.yaml index 816cd5a7..43214f6d 100644 --- a/packages/extra/etcd/values.yaml +++ b/packages/extra/etcd/values.yaml @@ -12,5 +12,5 @@ replicas: 3 ## @field resources.cpu {*quantity} The number of CPU cores allocated ## @field resources.memory {*quantity} The amount of memory allocated resources: - cpu: 4 - memory: 1Gi + cpu: 1000m + memory: 512Mi diff --git a/packages/extra/info/templates/dashboard-resourcemap.yaml b/packages/extra/info/templates/dashboard-resourcemap.yaml index fda98c9f..39da1b37 100644 --- a/packages/extra/info/templates/dashboard-resourcemap.yaml +++ b/packages/extra/info/templates/dashboard-resourcemap.yaml @@ -10,11 +10,11 @@ rules: resources: - secrets resourceNames: - - {{- if eq $oidcEnabled "true" -}} - kubeconfig-{{ .Release.Namespace }} - {{- else -}} - tenant-{{ .Release.Namespace }} - {{- end }} + {{- if eq $oidcEnabled "true" }} + - kubeconfig-{{ .Release.Namespace }} + {{- else }} + - {{ .Release.Namespace }} + {{- end }} verbs: ["get", "list", "watch"] --- kind: RoleBinding diff --git a/packages/extra/monitoring/README.md b/packages/extra/monitoring/README.md index c97b13de..06dbc97e 100644 --- a/packages/extra/monitoring/README.md +++ b/packages/extra/monitoring/README.md @@ -72,6 +72,8 @@ | `alerta.alerts.telegram.token` | Telegram token for your bot | `string` | `""` | | `alerta.alerts.telegram.chatID` | Specify multiple ID's separated by comma. Get yours in https://t.me/chatid_echo_bot | `string` | `""` | | `alerta.alerts.telegram.disabledSeverity` | List of severity without alerts, separated by comma like: "informational,warning" | `string` | `""` | +| `alerta.alerts.slack` | Configuration for Slack alerts | `*object` | `null` | +| `alerta.alerts.slack.url` | Configuration uri for Slack alerts | `*string` | `""` | ### Grafana configuration diff --git a/packages/extra/monitoring/templates/alerta/alerta.yaml b/packages/extra/monitoring/templates/alerta/alerta.yaml index 750e4140..71336286 100644 --- a/packages/extra/monitoring/templates/alerta/alerta.yaml +++ b/packages/extra/monitoring/templates/alerta/alerta.yaml @@ -109,9 +109,20 @@ spec: - name: AUTH_REQUIRED value: "True" + {{- $plugins := list }} {{- if and .Values.alerta.alerts.telegram.chatID .Values.alerta.alerts.telegram.token }} + {{- $plugins = append $plugins "telegram" }} + {{- end }} + {{- if .Values.alerta.alerts.slack.url }} + {{- $plugins = append $plugins "slack" }} + {{- end }} + + {{- if gt (len $plugins) 0 }} - name: "PLUGINS" - value: "telegram" + value: "{{ default "" (join "," $plugins) }}" + {{- end }} + + {{- if and .Values.alerta.alerts.telegram.chatID .Values.alerta.alerts.telegram.token }} - name: TELEGRAM_CHAT_ID value: "{{ .Values.alerta.alerts.telegram.chatID }}" - name: TELEGRAM_TOKEN @@ -122,6 +133,11 @@ spec: value: "{{ .Values.alerta.alerts.telegram.disabledSeverity }}" {{- end }} + {{- if .Values.alerta.alerts.slack.url }} + - name: "SLACK_WEBHOOK_URL" + value: "{{ .Values.alerta.alerts.slack.url }}" + {{- end }} + ports: - name: http containerPort: 8080 @@ -192,8 +208,6 @@ apiVersion: v1 kind: Secret metadata: name: alertmanager - labels: - apps.cozystack.io/tenantresource: "false" type: Opaque stringData: alertmanager.yaml: | diff --git a/packages/extra/monitoring/values.schema.json b/packages/extra/monitoring/values.schema.json index 36f1c0c3..505b5bef 100644 --- a/packages/extra/monitoring/values.schema.json +++ b/packages/extra/monitoring/values.schema.json @@ -12,6 +12,17 @@ "type": "object", "default": {}, "properties": { + "slack": { + "description": "Configuration for Slack alerts", + "type": "object", + "default": {}, + "properties": { + "url": { + "description": "Configuration uri for Slack alerts", + "type": "string" + } + } + }, "telegram": { "description": "Configuration for Telegram alerts", "type": "object", diff --git a/packages/extra/monitoring/values.yaml b/packages/extra/monitoring/values.yaml index 02155ce0..72aab9a9 100644 --- a/packages/extra/monitoring/values.yaml +++ b/packages/extra/monitoring/values.yaml @@ -90,6 +90,8 @@ logsStorages: ## @field telegramAlerts.token {string} Telegram token for your bot ## @field telegramAlerts.chatID {string} Specify multiple ID's separated by comma. Get yours in https://t.me/chatid_echo_bot ## @field telegramAlerts.disabledSeverity {string} List of severity without alerts, separated by comma like: "informational,warning" +## @field alerts.slack {*slackAlerts} Configuration for Slack alerts +## @field slackAlerts.url {*string} Configuration uri for Slack alerts alerta: storage: 10Gi storageClassName: "" @@ -112,6 +114,9 @@ alerta: chatID: "" disabledSeverity: "" + slack: + url: "" + ## @section Grafana configuration ## @param grafana {grafana} Configuration for Grafana diff --git a/packages/extra/seaweedfs/images/objectstorage-sidecar.tag b/packages/extra/seaweedfs/images/objectstorage-sidecar.tag index 1d9a7afa..e16a832d 100644 --- a/packages/extra/seaweedfs/images/objectstorage-sidecar.tag +++ b/packages/extra/seaweedfs/images/objectstorage-sidecar.tag @@ -1 +1 @@ -ghcr.io/cozystack/cozystack/objectstorage-sidecar:v0.37.0-alpha.2@sha256:3bde5040e9e6ef1afa000a8cfdb7a2ed2e503d4913fffc992fccf48f0e61057c +ghcr.io/cozystack/cozystack/objectstorage-sidecar:v0.37.0@sha256:f166f09cdc9cdbb758209883819ab8261a3793bc1d7a6b6685efd5a2b2930847 diff --git a/packages/system/bucket/images/s3manager.tag b/packages/system/bucket/images/s3manager.tag index 778c438c..96054223 100644 --- a/packages/system/bucket/images/s3manager.tag +++ b/packages/system/bucket/images/s3manager.tag @@ -1 +1 @@ -ghcr.io/cozystack/cozystack/s3manager:v0.5.0@sha256:40da96d516d4400366c2f451d8b87a57fa8dc3cb5ce2d958318bd18cd2514528 +ghcr.io/cozystack/cozystack/s3manager:v0.5.0@sha256:7348bec610f08bd902c88c9a9f28fdd644727e2728a1e4103f88f0c99febd5e7 diff --git a/packages/system/bucket/templates/secret.yaml b/packages/system/bucket/templates/secret.yaml index 9c5442ce..15474569 100644 --- a/packages/system/bucket/templates/secret.yaml +++ b/packages/system/bucket/templates/secret.yaml @@ -3,6 +3,7 @@ {{- $accessKeyID := index $bucketInfo.spec.secretS3 "accessKeyID" }} {{- $accessSecretKey := index $bucketInfo.spec.secretS3 "accessSecretKey" }} {{- $endpoint := index $bucketInfo.spec.secretS3 "endpoint" }} +{{- $bucketName := index $bucketInfo.spec "bucketName" }} apiVersion: v1 kind: Secret @@ -13,6 +14,7 @@ stringData: accessKey: {{ $accessKeyID | quote }} secretKey: {{ $accessSecretKey | quote }} endpoint: {{ trimPrefix "https://" $endpoint }} + bucketName: {{ $bucketName | quote }} --- apiVersion: v1 kind: Secret diff --git a/packages/system/cilium/charts/cilium/Chart.yaml b/packages/system/cilium/charts/cilium/Chart.yaml index b3ac8c21..39cdd18a 100644 --- a/packages/system/cilium/charts/cilium/Chart.yaml +++ b/packages/system/cilium/charts/cilium/Chart.yaml @@ -79,7 +79,7 @@ annotations: Pod IP Pool\n description: |\n CiliumPodIPPool defines an IP pool that can be used for pooled IPAM (i.e. the multi-pool IPAM mode).\n" apiVersion: v2 -appVersion: 1.17.5 +appVersion: 1.17.8 description: eBPF-based Networking, Security, and Observability home: https://cilium.io/ icon: https://cdn.jsdelivr.net/gh/cilium/cilium@main/Documentation/images/logo-solo.svg @@ -95,4 +95,4 @@ kubeVersion: '>= 1.21.0-0' name: cilium sources: - https://github.com/cilium/cilium -version: 1.17.5 +version: 1.17.8 diff --git a/packages/system/cilium/charts/cilium/README.md b/packages/system/cilium/charts/cilium/README.md index 499d64ef..40a133e6 100644 --- a/packages/system/cilium/charts/cilium/README.md +++ b/packages/system/cilium/charts/cilium/README.md @@ -1,6 +1,6 @@ # cilium -![Version: 1.17.5](https://img.shields.io/badge/Version-1.17.5-informational?style=flat-square) ![AppVersion: 1.17.5](https://img.shields.io/badge/AppVersion-1.17.5-informational?style=flat-square) +![Version: 1.17.8](https://img.shields.io/badge/Version-1.17.8-informational?style=flat-square) ![AppVersion: 1.17.8](https://img.shields.io/badge/AppVersion-1.17.8-informational?style=flat-square) Cilium is open source software for providing and transparently securing network connectivity and loadbalancing between application workloads such as @@ -85,7 +85,7 @@ contributors across the globe, there is almost always someone available to help. | authentication.mutual.spire.install.agent.tolerations | list | `[{"effect":"NoSchedule","key":"node.kubernetes.io/not-ready"},{"effect":"NoSchedule","key":"node-role.kubernetes.io/master"},{"effect":"NoSchedule","key":"node-role.kubernetes.io/control-plane"},{"effect":"NoSchedule","key":"node.cloudprovider.kubernetes.io/uninitialized","value":"true"},{"key":"CriticalAddonsOnly","operator":"Exists"}]` | SPIRE agent tolerations configuration By default it follows the same tolerations as the agent itself to allow the Cilium agent on this node to connect to SPIRE. ref: https://kubernetes.io/docs/concepts/scheduling-eviction/taint-and-toleration/ | | authentication.mutual.spire.install.enabled | bool | `true` | Enable SPIRE installation. This will only take effect only if authentication.mutual.spire.enabled is true | | authentication.mutual.spire.install.existingNamespace | bool | `false` | SPIRE namespace already exists. Set to true if Helm should not create, manage, and import the SPIRE namespace. | -| authentication.mutual.spire.install.initImage | object | `{"digest":"sha256:f85340bf132ae937d2c2a763b8335c9bab35d6e8293f70f606b9c6178d84f42b","override":null,"pullPolicy":"IfNotPresent","repository":"docker.io/library/busybox","tag":"1.37.0","useDigest":true}` | init container image of SPIRE agent and server | +| authentication.mutual.spire.install.initImage | object | `{"digest":"sha256:d82f458899c9696cb26a7c02d5568f81c8c8223f8661bb2a7988b269c8b9051e","override":null,"pullPolicy":"IfNotPresent","repository":"docker.io/library/busybox","tag":"1.37.0","useDigest":true}` | init container image of SPIRE agent and server | | authentication.mutual.spire.install.namespace | string | `"cilium-spire"` | SPIRE namespace to install into | | authentication.mutual.spire.install.server.affinity | object | `{}` | SPIRE server affinity configuration | | authentication.mutual.spire.install.server.annotations | object | `{}` | SPIRE server annotations | @@ -197,7 +197,7 @@ contributors across the globe, there is almost always someone available to help. | clustermesh.apiserver.extraVolumeMounts | list | `[]` | Additional clustermesh-apiserver volumeMounts. | | clustermesh.apiserver.extraVolumes | list | `[]` | Additional clustermesh-apiserver volumes. | | clustermesh.apiserver.healthPort | int | `9880` | TCP port for the clustermesh-apiserver health API. | -| clustermesh.apiserver.image | object | `{"digest":"sha256:78dc40b9cb8d7b1ad21a76ff3e11541809acda2ac4ef94150cc832100edc247d","override":null,"pullPolicy":"IfNotPresent","repository":"quay.io/cilium/clustermesh-apiserver","tag":"v1.17.5","useDigest":true}` | Clustermesh API server image. | +| clustermesh.apiserver.image | object | `{"digest":"sha256:3ac210d94d37a77ec010f9ac4c705edc8f15f22afa2b9a6f0e2a7d64d2360586","override":null,"pullPolicy":"IfNotPresent","repository":"quay.io/cilium/clustermesh-apiserver","tag":"v1.17.8","useDigest":true}` | Clustermesh API server image. | | clustermesh.apiserver.kvstoremesh.enabled | bool | `true` | Enable KVStoreMesh. KVStoreMesh caches the information retrieved from the remote clusters in the local etcd instance. | | clustermesh.apiserver.kvstoremesh.extraArgs | list | `[]` | Additional KVStoreMesh arguments. | | clustermesh.apiserver.kvstoremesh.extraEnv | list | `[]` | Additional KVStoreMesh environment variables. | @@ -378,7 +378,7 @@ contributors across the globe, there is almost always someone available to help. | envoy.healthPort | int | `9878` | TCP port for the health API. | | envoy.httpRetryCount | int | `3` | Maximum number of retries for each HTTP request | | envoy.idleTimeoutDurationSeconds | int | `60` | Set Envoy upstream HTTP idle connection timeout seconds. Does not apply to connections with pending requests. Default 60s | -| envoy.image | object | `{"digest":"sha256:9f69e290a7ea3d4edf9192acd81694089af048ae0d8a67fb63bd62dc1d72203e","override":null,"pullPolicy":"IfNotPresent","repository":"quay.io/cilium/cilium-envoy","tag":"v1.32.6-1749271279-0864395884b263913eac200ee2048fd985f8e626","useDigest":true}` | Envoy container image. | +| envoy.image | object | `{"digest":"sha256:06fbc4e55d926dd82ff2a0049919248dcc6be5354609b09012b01bc9c5b0ee28","override":null,"pullPolicy":"IfNotPresent","repository":"quay.io/cilium/cilium-envoy","tag":"v1.33.9-1757932127-3c04e8f2f1027d106b96f8ef4a0215e81dbaaece","useDigest":true}` | Envoy container image. | | envoy.initialFetchTimeoutSeconds | int | `30` | Time in seconds after which the initial fetch on an xDS stream is considered timed out | | envoy.livenessProbe.failureThreshold | int | `10` | failure threshold of liveness probe | | envoy.livenessProbe.periodSeconds | int | `30` | interval between checks of the liveness probe | @@ -429,7 +429,6 @@ contributors across the globe, there is almost always someone available to help. | etcd.enabled | bool | `false` | Enable etcd mode for the agent. | | etcd.endpoints | list | `["https://CHANGE-ME:2379"]` | List of etcd endpoints | | etcd.ssl | bool | `false` | Enable use of TLS/SSL for connectivity to etcd. | -| externalIPs.enabled | bool | `false` | Enable ExternalIPs service support. | | externalWorkloads | object | `{"enabled":false}` | Configure external workloads support | | externalWorkloads.enabled | bool | `false` | Enable support for external workloads, such as VMs (false by default). | | extraArgs | list | `[]` | Additional agent container arguments. | @@ -519,7 +518,7 @@ contributors across the globe, there is almost always someone available to help. | hubble.relay.extraVolumes | list | `[]` | Additional hubble-relay volumes. | | hubble.relay.gops.enabled | bool | `true` | Enable gops for hubble-relay | | hubble.relay.gops.port | int | `9893` | Configure gops listen port for hubble-relay | -| hubble.relay.image | object | `{"digest":"sha256:fbb8a6afa8718200fca9381ad274ed695792dbadd2417b0e99c36210ae4964ff","override":null,"pullPolicy":"IfNotPresent","repository":"quay.io/cilium/hubble-relay","tag":"v1.17.5","useDigest":true}` | Hubble-relay container image. | +| hubble.relay.image | object | `{"digest":"sha256:2e576bf7a02291c07bffbc1ca0a66a6c70f4c3eb155480e5b3ac027bedd2858b","override":null,"pullPolicy":"IfNotPresent","repository":"quay.io/cilium/hubble-relay","tag":"v1.17.8","useDigest":true}` | Hubble-relay container image. | | hubble.relay.listenHost | string | `""` | Host to listen to. Specify an empty string to bind to all the interfaces. | | hubble.relay.listenPort | string | `"4245"` | Port to listen to. | | hubble.relay.nodeSelector | object | `{"kubernetes.io/os":"linux"}` | Node labels for pod assignment ref: https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/#nodeselector | @@ -586,7 +585,7 @@ contributors across the globe, there is almost always someone available to help. | hubble.ui.backend.extraEnv | list | `[]` | Additional hubble-ui backend environment variables. | | hubble.ui.backend.extraVolumeMounts | list | `[]` | Additional hubble-ui backend volumeMounts. | | hubble.ui.backend.extraVolumes | list | `[]` | Additional hubble-ui backend volumes. | -| hubble.ui.backend.image | object | `{"digest":"sha256:a034b7e98e6ea796ed26df8f4e71f83fc16465a19d166eff67a03b822c0bfa15","override":null,"pullPolicy":"IfNotPresent","repository":"quay.io/cilium/hubble-ui-backend","tag":"v0.13.2","useDigest":true}` | Hubble-ui backend image. | +| hubble.ui.backend.image | object | `{"digest":"sha256:db1454e45dc39ca41fbf7cad31eec95d99e5b9949c39daaad0fa81ef29d56953","override":null,"pullPolicy":"IfNotPresent","repository":"quay.io/cilium/hubble-ui-backend","tag":"v0.13.3","useDigest":true}` | Hubble-ui backend image. | | hubble.ui.backend.livenessProbe.enabled | bool | `false` | Enable liveness probe for Hubble-ui backend (requires Hubble-ui 0.12+) | | hubble.ui.backend.readinessProbe.enabled | bool | `false` | Enable readiness probe for Hubble-ui backend (requires Hubble-ui 0.12+) | | hubble.ui.backend.resources | object | `{}` | Resource requests and limits for the 'backend' container of the 'hubble-ui' deployment. | @@ -596,7 +595,7 @@ contributors across the globe, there is almost always someone available to help. | hubble.ui.frontend.extraEnv | list | `[]` | Additional hubble-ui frontend environment variables. | | hubble.ui.frontend.extraVolumeMounts | list | `[]` | Additional hubble-ui frontend volumeMounts. | | hubble.ui.frontend.extraVolumes | list | `[]` | Additional hubble-ui frontend volumes. | -| hubble.ui.frontend.image | object | `{"digest":"sha256:9e37c1296b802830834cc87342a9182ccbb71ffebb711971e849221bd9d59392","override":null,"pullPolicy":"IfNotPresent","repository":"quay.io/cilium/hubble-ui","tag":"v0.13.2","useDigest":true}` | Hubble-ui frontend image. | +| hubble.ui.frontend.image | object | `{"digest":"sha256:661d5de7050182d495c6497ff0b007a7a1e379648e60830dd68c4d78ae21761d","override":null,"pullPolicy":"IfNotPresent","repository":"quay.io/cilium/hubble-ui","tag":"v0.13.3","useDigest":true}` | Hubble-ui frontend image. | | hubble.ui.frontend.resources | object | `{}` | Resource requests and limits for the 'frontend' container of the 'hubble-ui' deployment. | | hubble.ui.frontend.securityContext | object | `{}` | Hubble-ui frontend security context. | | hubble.ui.frontend.server.ipv6 | object | `{"enabled":true}` | Controls server listener for ipv6 | @@ -626,7 +625,7 @@ contributors across the globe, there is almost always someone available to help. | hubble.ui.updateStrategy | object | `{"rollingUpdate":{"maxUnavailable":1},"type":"RollingUpdate"}` | hubble-ui update strategy. | | identityAllocationMode | string | `"crd"` | Method to use for identity allocation (`crd`, `kvstore` or `doublewrite-readkvstore` / `doublewrite-readcrd` for migrating between identity backends). | | identityChangeGracePeriod | string | `"5s"` | Time to wait before using new identity on endpoint identity change. | -| image | object | `{"digest":"sha256:baf8541723ee0b72d6c489c741c81a6fdc5228940d66cb76ef5ea2ce3c639ea6","override":null,"pullPolicy":"IfNotPresent","repository":"quay.io/cilium/cilium","tag":"v1.17.5","useDigest":true}` | Agent container image. | +| image | object | `{"digest":"sha256:6d7ea72ed311eeca4c75a1f17617a3d596fb6038d30d00799090679f82a01636","override":null,"pullPolicy":"IfNotPresent","repository":"quay.io/cilium/cilium","tag":"v1.17.8","useDigest":true}` | Agent container image. | | imagePullSecrets | list | `[]` | Configure image pull secrets for pulling container images | | ingressController.default | bool | `false` | Set cilium ingress controller to be the default ingress controller This will let cilium ingress controller route entries without ingress class set | | ingressController.defaultSecretName | string | `nil` | Default secret name for ingresses without .spec.tls[].secretName set. | @@ -737,7 +736,7 @@ contributors across the globe, there is almost always someone available to help. | nodeinit.extraEnv | list | `[]` | Additional nodeinit environment variables. | | nodeinit.extraVolumeMounts | list | `[]` | Additional nodeinit volumeMounts. | | nodeinit.extraVolumes | list | `[]` | Additional nodeinit volumes. | -| nodeinit.image | object | `{"digest":"sha256:8d7b41c4ca45860254b3c19e20210462ef89479bb6331d6760c4e609d651b29c","override":null,"pullPolicy":"IfNotPresent","repository":"quay.io/cilium/startup-script","tag":"c54c7edeab7fde4da68e59acd319ab24af242c3f","useDigest":true}` | node-init image. | +| nodeinit.image | object | `{"digest":"sha256:5bdca3c2dec2c79f58d45a7a560bf1098c2126350c901379fe850b7f78d3d757","override":null,"pullPolicy":"IfNotPresent","repository":"quay.io/cilium/startup-script","tag":"1755531540-60ee83e","useDigest":true}` | node-init image. | | nodeinit.nodeSelector | object | `{"kubernetes.io/os":"linux"}` | Node labels for nodeinit pod assignment ref: https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/#nodeselector | | nodeinit.podAnnotations | object | `{}` | Annotations to be added to node-init pods. | | nodeinit.podLabels | object | `{}` | Labels to be added to node-init pods. | @@ -764,7 +763,7 @@ contributors across the globe, there is almost always someone available to help. | operator.hostNetwork | bool | `true` | HostNetwork setting | | operator.identityGCInterval | string | `"15m0s"` | Interval for identity garbage collection. | | operator.identityHeartbeatTimeout | string | `"30m0s"` | Timeout for identity heartbeats. | -| operator.image | object | `{"alibabacloudDigest":"sha256:654db67929f716b6178a34a15cb8f95e391465085bcf48cdba49819a56fcd259","awsDigest":"sha256:3e189ec1e286f1bf23d47c45bdeac6025ef7ec3d2dc16190ee768eb94708cbc3","azureDigest":"sha256:add78783fdaced7453a324612eeb9ebecf56002b56c14c73596b3b4923321026","genericDigest":"sha256:f954c97eeb1b47ed67d08cc8fb4108fb829f869373cbb3e698a7f8ef1085b09e","override":null,"pullPolicy":"IfNotPresent","repository":"quay.io/cilium/operator","suffix":"","tag":"v1.17.5","useDigest":true}` | cilium-operator image. | +| operator.image | object | `{"alibabacloudDigest":"sha256:72c25a405ad8e58d2cf03f7ea2b6696ed1edcfb51716b5f85e45c6c4fcaa6056","awsDigest":"sha256:28012f7d0f4f23e9f6c7d6a5dd931afa326bbac3e8103f3f6f22b9670847dffa","azureDigest":"sha256:619f9febf3efef2724a26522b253e4595cd33c274f5f49925e29a795fdc2d2d7","genericDigest":"sha256:5468807b9c31997f3a1a14558ec7c20c5b962a2df6db633b7afbe2f45a15da1c","override":null,"pullPolicy":"IfNotPresent","repository":"quay.io/cilium/operator","suffix":"","tag":"v1.17.8","useDigest":true}` | cilium-operator image. | | operator.nodeGCInterval | string | `"5m0s"` | Interval for cilium node garbage collection. | | operator.nodeSelector | object | `{"kubernetes.io/os":"linux"}` | Node labels for cilium-operator pod assignment ref: https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/#nodeselector | | operator.podAnnotations | object | `{}` | Annotations to be added to cilium-operator pods | @@ -801,7 +800,7 @@ contributors across the globe, there is almost always someone available to help. | pmtuDiscovery.enabled | bool | `false` | Enable path MTU discovery to send ICMP fragmentation-needed replies to the client. | | podAnnotations | object | `{}` | Annotations to be added to agent pods | | podLabels | object | `{}` | Labels to be added to agent pods | -| podSecurityContext | object | `{"appArmorProfile":{"type":"Unconfined"}}` | Security Context for cilium-agent pods. | +| podSecurityContext | object | `{"appArmorProfile":{"type":"Unconfined"},"seccompProfile":{"type":"Unconfined"}}` | Security Context for cilium-agent pods. | | podSecurityContext.appArmorProfile | object | `{"type":"Unconfined"}` | AppArmorProfile options for the `cilium-agent` and init containers | | policyCIDRMatchMode | string | `nil` | policyCIDRMatchMode is a list of entities that may be selected by CIDR selector. The possible value is "nodes". | | policyEnforcementMode | string | `"default"` | The agent can be put into one of the three policy enforcement modes: default, always and never. ref: https://docs.cilium.io/en/stable/security/policy/intro/#policy-enforcement-modes | @@ -814,7 +813,7 @@ contributors across the globe, there is almost always someone available to help. | preflight.extraEnv | list | `[]` | Additional preflight environment variables. | | preflight.extraVolumeMounts | list | `[]` | Additional preflight volumeMounts. | | preflight.extraVolumes | list | `[]` | Additional preflight volumes. | -| preflight.image | object | `{"digest":"sha256:baf8541723ee0b72d6c489c741c81a6fdc5228940d66cb76ef5ea2ce3c639ea6","override":null,"pullPolicy":"IfNotPresent","repository":"quay.io/cilium/cilium","tag":"v1.17.5","useDigest":true}` | Cilium pre-flight image. | +| preflight.image | object | `{"digest":"sha256:6d7ea72ed311eeca4c75a1f17617a3d596fb6038d30d00799090679f82a01636","override":null,"pullPolicy":"IfNotPresent","repository":"quay.io/cilium/cilium","tag":"v1.17.8","useDigest":true}` | Cilium pre-flight image. | | preflight.nodeSelector | object | `{"kubernetes.io/os":"linux"}` | Node labels for preflight pod assignment ref: https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/#nodeselector | | preflight.podAnnotations | object | `{}` | Annotations to be added to preflight pods | | preflight.podDisruptionBudget.enabled | bool | `false` | enable PodDisruptionBudget ref: https://kubernetes.io/docs/concepts/workloads/pods/disruptions/ | diff --git a/packages/system/cilium/charts/cilium/templates/_extensions.tpl b/packages/system/cilium/charts/cilium/templates/_extensions.tpl index 5da57e2e..bd8ba80b 100644 --- a/packages/system/cilium/charts/cilium/templates/_extensions.tpl +++ b/packages/system/cilium/charts/cilium/templates/_extensions.tpl @@ -3,6 +3,24 @@ _extensions.tpl contains template blocks that are intended to allow packagers to modify or extend the default chart behaviors. */}} +{{/* +Allow packagers to add extra volumes to cilium-agent. +*/}} +{{- define "cilium-agent.volumes.extra" }} +{{- end }} + +{{- define "cilium-agent.volumeMounts.extra" }} +{{- end }} + +{{/* +Allow packagers to set dnsPolicy for cilium-agent. +*/}} +{{- define "cilium-agent.dnsPolicy" }} +{{- if .Values.dnsPolicy }} +dnsPolicy: {{ .Values.dnsPolicy }} +{{- end }} +{{- end }} + {{/* Intentionally empty to allow downstream chart packagers to add extra containers to hubble-relay without having to modify the deployment manifest diff --git a/packages/system/cilium/charts/cilium/templates/cilium-agent/daemonset.yaml b/packages/system/cilium/charts/cilium/templates/cilium-agent/daemonset.yaml index 486903b8..5d73cb7e 100644 --- a/packages/system/cilium/charts/cilium/templates/cilium-agent/daemonset.yaml +++ b/packages/system/cilium/charts/cilium/templates/cilium-agent/daemonset.yaml @@ -399,6 +399,7 @@ spec: {{- with .Values.extraVolumeMounts }} {{- toYaml . | nindent 8 }} {{- end }} + {{- include "cilium-agent.volumeMounts.extra" . | nindent 8 }} {{- if .Values.monitor.enabled }} - name: cilium-monitor image: {{ include "cilium.image" .Values.image | quote }} @@ -768,9 +769,7 @@ spec: automountServiceAccountToken: {{ .Values.serviceAccounts.cilium.automount }} terminationGracePeriodSeconds: {{ .Values.terminationGracePeriodSeconds }} hostNetwork: true - {{- if .Values.dnsPolicy }} - dnsPolicy: {{ .Values.dnsPolicy }} - {{- end }} + {{- include "cilium-agent.dnsPolicy" . | nindent 6 }} {{- if (eq .Values.scheduling.mode "anti-affinity") }} {{- with .Values.affinity }} affinity: @@ -1063,4 +1062,5 @@ spec: {{- with .Values.extraVolumes }} {{- toYaml . | nindent 6 }} {{- end }} + {{- include "cilium-agent.volumes.extra" . | nindent 6 }} {{- end }} diff --git a/packages/system/cilium/charts/cilium/templates/cilium-configmap.yaml b/packages/system/cilium/charts/cilium/templates/cilium-configmap.yaml index 1579754f..72c391da 100644 --- a/packages/system/cilium/charts/cilium/templates/cilium-configmap.yaml +++ b/packages/system/cilium/charts/cilium/templates/cilium-configmap.yaml @@ -735,7 +735,7 @@ data: kube-proxy-replacement: {{ $kubeProxyReplacement | quote }} -{{- if ne $kubeProxyReplacement "disabled" }} +{{- if eq $kubeProxyReplacement "true" }} kube-proxy-replacement-healthz-bind-address: {{ default "" .Values.kubeProxyReplacementHealthzBindAddr | quote}} {{- end }} @@ -755,17 +755,13 @@ data: {{- end }} {{- if hasKey .Values "hostPort" }} -{{- if eq $kubeProxyReplacement "partial" }} +{{- if eq $kubeProxyReplacement "false" }} enable-host-port: {{ .Values.hostPort.enabled | quote }} {{- end }} {{- end }} -{{- if hasKey .Values "externalIPs" }} -{{- if eq $kubeProxyReplacement "partial" }} - enable-external-ips: {{ .Values.externalIPs.enabled | quote }} -{{- end }} -{{- end }} + {{- if hasKey .Values "nodePort" }} -{{- if or (eq $kubeProxyReplacement "partial") (eq $kubeProxyReplacement "false") }} +{{- if eq $kubeProxyReplacement "false" }} enable-node-port: {{ .Values.nodePort.enabled | quote }} {{- end }} {{- if hasKey .Values.nodePort "range" }} @@ -1031,7 +1027,7 @@ data: hubble-drop-events-interval: {{ .Values.hubble.dropEventEmitter.interval | quote }} hubble-drop-events-reasons: {{ .Values.hubble.dropEventEmitter.reasons | join " " | quote }} {{- end }} -{{- if .Values.hubble.preferIpv6 }} +{{- if or (eq .Values.hubble.preferIpv6 true) (eq .Values.ipv4.enabled false) }} hubble-prefer-ipv6: "true" {{- end }} {{- if (not (kindIs "invalid" .Values.hubble.skipUnknownCGroupIDs)) }} diff --git a/packages/system/cilium/charts/cilium/templates/clustermesh-apiserver/deployment.yaml b/packages/system/cilium/charts/cilium/templates/clustermesh-apiserver/deployment.yaml index 9450ea43..72b41679 100644 --- a/packages/system/cilium/charts/cilium/templates/clustermesh-apiserver/deployment.yaml +++ b/packages/system/cilium/charts/cilium/templates/clustermesh-apiserver/deployment.yaml @@ -222,6 +222,9 @@ spec: name: cilium-config key: enable-k8s-endpoint-slice optional: true + {{- with .Values.clustermesh.apiserver.extraEnv }} + {{- toYaml . | trim | nindent 8 }} + {{- end }} readinessProbe: httpGet: path: /readyz @@ -229,9 +232,6 @@ spec: {{- with .Values.clustermesh.apiserver.readinessProbe }} {{- toYaml . | trim | nindent 10 }} {{- end }} - {{- with .Values.clustermesh.apiserver.extraEnv }} - {{- toYaml . | trim | nindent 8 }} - {{- end }} ports: - name: apiserv-health containerPort: {{ .Values.clustermesh.apiserver.healthPort }} diff --git a/packages/system/cilium/charts/cilium/values.schema.json b/packages/system/cilium/charts/cilium/values.schema.json index 047838bf..762efbf9 100644 --- a/packages/system/cilium/charts/cilium/values.schema.json +++ b/packages/system/cilium/charts/cilium/values.schema.json @@ -535,10 +535,16 @@ "default": { "properties": { "burstLimit": { - "type": "null" + "type": [ + "null", + "integer" + ] }, "rateLimit": { - "type": "null" + "type": [ + "null", + "integer" + ] } }, "type": "object" @@ -2351,14 +2357,6 @@ }, "type": "object" }, - "externalIPs": { - "properties": { - "enabled": { - "type": "boolean" - } - }, - "type": "object" - }, "externalWorkloads": { "properties": { "enabled": { @@ -4653,6 +4651,14 @@ } }, "type": "object" + }, + "seccompProfile": { + "properties": { + "type": { + "type": "string" + } + }, + "type": "object" } }, "type": "object" diff --git a/packages/system/cilium/charts/cilium/values.yaml b/packages/system/cilium/charts/cilium/values.yaml index ae4925a0..68f73ee8 100644 --- a/packages/system/cilium/charts/cilium/values.yaml +++ b/packages/system/cilium/charts/cilium/values.yaml @@ -191,10 +191,10 @@ image: # @schema override: ~ repository: "quay.io/cilium/cilium" - tag: "v1.17.5" + tag: "v1.17.8" pullPolicy: "IfNotPresent" # cilium-digest - digest: "sha256:baf8541723ee0b72d6c489c741c81a6fdc5228940d66cb76ef5ea2ce3c639ea6" + digest: "sha256:6d7ea72ed311eeca4c75a1f17617a3d596fb6038d30d00799090679f82a01636" useDigest: true # -- Scheduling configurations for cilium pods scheduling: @@ -270,6 +270,8 @@ podSecurityContext: # -- AppArmorProfile options for the `cilium-agent` and init containers appArmorProfile: type: "Unconfined" + seccompProfile: + type: "Unconfined" # -- Annotations to be added to agent pods podAnnotations: {} # -- Labels to be added to agent pods @@ -508,6 +510,9 @@ bpf: events: # -- Default settings for all types of events except dbg and pcap. default: + # @schema + # type: [null, integer] + # @schema # -- (int) Configure the limit of messages per second that can be written to # BPF events map. The number of messages is averaged, meaning that if no messages # were written to the map over 5 seconds, it's possible to write more events @@ -516,6 +521,9 @@ bpf: # and rateLimit to 0 disables BPF events rate limiting. # @default -- `0` rateLimit: ~ + # @schema + # type: [null, integer] + # @schema # -- (int) Configure the maximum number of messages that can be written to BPF events # map in 1 second. If burstLimit is greater than 0, non-zero value for rateLimit must # also be provided lest the configuration is considered invalid. Setting both burstLimit @@ -1071,9 +1079,6 @@ eni: # -- Filter via AWS EC2 Instance tags (k=v) which will dictate which AWS EC2 Instances # are going to be used to create new ENIs instanceTagsFilter: [] -externalIPs: - # -- Enable ExternalIPs service support. - enabled: false # fragmentTracking enables IPv4 fragment tracking support in the datapath. # fragmentTracking: true gke: @@ -1440,9 +1445,9 @@ hubble: # @schema override: ~ repository: "quay.io/cilium/hubble-relay" - tag: "v1.17.5" + tag: "v1.17.8" # hubble-relay-digest - digest: "sha256:fbb8a6afa8718200fca9381ad274ed695792dbadd2417b0e99c36210ae4964ff" + digest: "sha256:2e576bf7a02291c07bffbc1ca0a66a6c70f4c3eb155480e5b3ac027bedd2858b" useDigest: true pullPolicy: "IfNotPresent" # -- Specifies the resources for the hubble-relay pods @@ -1691,8 +1696,8 @@ hubble: # @schema override: ~ repository: "quay.io/cilium/hubble-ui-backend" - tag: "v0.13.2" - digest: "sha256:a034b7e98e6ea796ed26df8f4e71f83fc16465a19d166eff67a03b822c0bfa15" + tag: "v0.13.3" + digest: "sha256:db1454e45dc39ca41fbf7cad31eec95d99e5b9949c39daaad0fa81ef29d56953" useDigest: true pullPolicy: "IfNotPresent" # -- Hubble-ui backend security context. @@ -1725,8 +1730,8 @@ hubble: # @schema override: ~ repository: "quay.io/cilium/hubble-ui" - tag: "v0.13.2" - digest: "sha256:9e37c1296b802830834cc87342a9182ccbb71ffebb711971e849221bd9d59392" + tag: "v0.13.3" + digest: "sha256:661d5de7050182d495c6497ff0b007a7a1e379648e60830dd68c4d78ae21761d" useDigest: true pullPolicy: "IfNotPresent" # -- Hubble-ui frontend security context. @@ -2353,9 +2358,9 @@ envoy: # @schema override: ~ repository: "quay.io/cilium/cilium-envoy" - tag: "v1.32.6-1749271279-0864395884b263913eac200ee2048fd985f8e626" + tag: "v1.33.9-1757932127-3c04e8f2f1027d106b96f8ef4a0215e81dbaaece" pullPolicy: "IfNotPresent" - digest: "sha256:9f69e290a7ea3d4edf9192acd81694089af048ae0d8a67fb63bd62dc1d72203e" + digest: "sha256:06fbc4e55d926dd82ff2a0049919248dcc6be5354609b09012b01bc9c5b0ee28" useDigest: true # -- Additional containers added to the cilium Envoy DaemonSet. extraContainers: [] @@ -2710,15 +2715,15 @@ operator: # @schema override: ~ repository: "quay.io/cilium/operator" - tag: "v1.17.5" + tag: "v1.17.8" # operator-generic-digest - genericDigest: "sha256:f954c97eeb1b47ed67d08cc8fb4108fb829f869373cbb3e698a7f8ef1085b09e" + genericDigest: "sha256:5468807b9c31997f3a1a14558ec7c20c5b962a2df6db633b7afbe2f45a15da1c" # operator-azure-digest - azureDigest: "sha256:add78783fdaced7453a324612eeb9ebecf56002b56c14c73596b3b4923321026" + azureDigest: "sha256:619f9febf3efef2724a26522b253e4595cd33c274f5f49925e29a795fdc2d2d7" # operator-aws-digest - awsDigest: "sha256:3e189ec1e286f1bf23d47c45bdeac6025ef7ec3d2dc16190ee768eb94708cbc3" + awsDigest: "sha256:28012f7d0f4f23e9f6c7d6a5dd931afa326bbac3e8103f3f6f22b9670847dffa" # operator-alibabacloud-digest - alibabacloudDigest: "sha256:654db67929f716b6178a34a15cb8f95e391465085bcf48cdba49819a56fcd259" + alibabacloudDigest: "sha256:72c25a405ad8e58d2cf03f7ea2b6696ed1edcfb51716b5f85e45c6c4fcaa6056" useDigest: true pullPolicy: "IfNotPresent" suffix: "" @@ -2910,8 +2915,8 @@ nodeinit: # @schema override: ~ repository: "quay.io/cilium/startup-script" - tag: "c54c7edeab7fde4da68e59acd319ab24af242c3f" - digest: "sha256:8d7b41c4ca45860254b3c19e20210462ef89479bb6331d6760c4e609d651b29c" + tag: "1755531540-60ee83e" + digest: "sha256:5bdca3c2dec2c79f58d45a7a560bf1098c2126350c901379fe850b7f78d3d757" useDigest: true pullPolicy: "IfNotPresent" # -- The priority class to use for the nodeinit pod. @@ -2993,9 +2998,9 @@ preflight: # @schema override: ~ repository: "quay.io/cilium/cilium" - tag: "v1.17.5" + tag: "v1.17.8" # cilium-digest - digest: "sha256:baf8541723ee0b72d6c489c741c81a6fdc5228940d66cb76ef5ea2ce3c639ea6" + digest: "sha256:6d7ea72ed311eeca4c75a1f17617a3d596fb6038d30d00799090679f82a01636" useDigest: true pullPolicy: "IfNotPresent" # -- The priority class to use for the preflight pod. @@ -3142,9 +3147,9 @@ clustermesh: # @schema override: ~ repository: "quay.io/cilium/clustermesh-apiserver" - tag: "v1.17.5" + tag: "v1.17.8" # clustermesh-apiserver-digest - digest: "sha256:78dc40b9cb8d7b1ad21a76ff3e11541809acda2ac4ef94150cc832100edc247d" + digest: "sha256:3ac210d94d37a77ec010f9ac4c705edc8f15f22afa2b9a6f0e2a7d64d2360586" useDigest: true pullPolicy: "IfNotPresent" # -- TCP port for the clustermesh-apiserver health API. @@ -3653,7 +3658,7 @@ authentication: override: ~ repository: "docker.io/library/busybox" tag: "1.37.0" - digest: "sha256:f85340bf132ae937d2c2a763b8335c9bab35d6e8293f70f606b9c6178d84f42b" + digest: "sha256:d82f458899c9696cb26a7c02d5568f81c8c8223f8661bb2a7988b269c8b9051e" useDigest: true pullPolicy: "IfNotPresent" # SPIRE agent configuration diff --git a/packages/system/cilium/charts/cilium/values.yaml.tmpl b/packages/system/cilium/charts/cilium/values.yaml.tmpl index e85d3fa4..9ac96556 100644 --- a/packages/system/cilium/charts/cilium/values.yaml.tmpl +++ b/packages/system/cilium/charts/cilium/values.yaml.tmpl @@ -271,6 +271,8 @@ podSecurityContext: # -- AppArmorProfile options for the `cilium-agent` and init containers appArmorProfile: type: "Unconfined" + seccompProfile: + type: "Unconfined" # -- Annotations to be added to agent pods podAnnotations: {} # -- Labels to be added to agent pods @@ -513,6 +515,9 @@ bpf: events: # -- Default settings for all types of events except dbg and pcap. default: + # @schema + # type: [null, integer] + # @schema # -- (int) Configure the limit of messages per second that can be written to # BPF events map. The number of messages is averaged, meaning that if no messages # were written to the map over 5 seconds, it's possible to write more events @@ -521,6 +526,9 @@ bpf: # and rateLimit to 0 disables BPF events rate limiting. # @default -- `0` rateLimit: ~ + # @schema + # type: [null, integer] + # @schema # -- (int) Configure the maximum number of messages that can be written to BPF events # map in 1 second. If burstLimit is greater than 0, non-zero value for rateLimit must # also be provided lest the configuration is considered invalid. Setting both burstLimit @@ -1084,9 +1092,6 @@ eni: # -- Filter via AWS EC2 Instance tags (k=v) which will dictate which AWS EC2 Instances # are going to be used to create new ENIs instanceTagsFilter: [] -externalIPs: - # -- Enable ExternalIPs service support. - enabled: false # fragmentTracking enables IPv4 fragment tracking support in the datapath. # fragmentTracking: true gke: diff --git a/packages/system/cilium/images/cilium/Dockerfile b/packages/system/cilium/images/cilium/Dockerfile index 6399851c..cd113788 100644 --- a/packages/system/cilium/images/cilium/Dockerfile +++ b/packages/system/cilium/images/cilium/Dockerfile @@ -1,2 +1,2 @@ -ARG VERSION=v1.17.5 +ARG VERSION=v1.17.8 FROM quay.io/cilium/cilium:${VERSION} diff --git a/packages/system/cilium/values.yaml b/packages/system/cilium/values.yaml index 25ed972f..72263556 100644 --- a/packages/system/cilium/values.yaml +++ b/packages/system/cilium/values.yaml @@ -14,7 +14,7 @@ cilium: mode: "kubernetes" image: repository: ghcr.io/cozystack/cozystack/cilium - tag: 1.17.5 - digest: "sha256:2def2dccfc17870be6e1d63584c25b32e812f21c9cdcfa06deadd2787606654d" + tag: 1.17.8 + digest: "sha256:81262986a41487bfa3d0465091d3a386def5bd1ab476350bd4af2fdee5846fe6" envoy: enabled: false diff --git a/packages/system/cozystack-api/templates/rbac.yaml b/packages/system/cozystack-api/templates/rbac.yaml index 1a169d86..0429b9ef 100644 --- a/packages/system/cozystack-api/templates/rbac.yaml +++ b/packages/system/cozystack-api/templates/rbac.yaml @@ -4,7 +4,10 @@ metadata: name: cozystack-api rules: - apiGroups: [""] - resources: ["namespaces", "secrets"] + resources: ["namespaces", "secrets", "services"] + verbs: ["get", "watch", "list"] +- apiGroups: ["rbac.authorization.k8s.io"] + resources: ["rolebindings"] verbs: ["get", "watch", "list"] - apiGroups: [""] resources: ["secrets"] diff --git a/packages/system/cozystack-api/values.yaml b/packages/system/cozystack-api/values.yaml index 503862fd..1b68eff4 100644 --- a/packages/system/cozystack-api/values.yaml +++ b/packages/system/cozystack-api/values.yaml @@ -1,2 +1,2 @@ cozystackAPI: - image: ghcr.io/cozystack/cozystack/cozystack-api:v0.37.0-alpha.2@sha256:5276b7da4c56855ad19490056e82aafe5263646963b428a53f031facfb9641f3 + image: ghcr.io/cozystack/cozystack/cozystack-api:v0.37.0@sha256:19d89e8afb90ce38ab7e42ecedfc28402f7c0b56f30957db957c5415132ff6ca diff --git a/packages/system/cozystack-controller/templates/crds/cozystack.io_workloadmonitors.yaml b/packages/system/cozystack-controller/crds/cozystack.io_workloadmonitors.yaml similarity index 100% rename from packages/system/cozystack-controller/templates/crds/cozystack.io_workloadmonitors.yaml rename to packages/system/cozystack-controller/crds/cozystack.io_workloadmonitors.yaml diff --git a/packages/system/cozystack-controller/templates/crds/cozystack.io_workloads.yaml b/packages/system/cozystack-controller/crds/cozystack.io_workloads.yaml similarity index 100% rename from packages/system/cozystack-controller/templates/crds/cozystack.io_workloads.yaml rename to packages/system/cozystack-controller/crds/cozystack.io_workloads.yaml diff --git a/packages/system/cozystack-controller/templates/crds/dashboard.cozystack.io_breadcrumbs.yaml b/packages/system/cozystack-controller/crds/dashboard.cozystack.io_breadcrumbs.yaml similarity index 100% rename from packages/system/cozystack-controller/templates/crds/dashboard.cozystack.io_breadcrumbs.yaml rename to packages/system/cozystack-controller/crds/dashboard.cozystack.io_breadcrumbs.yaml diff --git a/packages/system/cozystack-controller/templates/crds/dashboard.cozystack.io_breadcrumbsinside.yaml b/packages/system/cozystack-controller/crds/dashboard.cozystack.io_breadcrumbsinside.yaml similarity index 100% rename from packages/system/cozystack-controller/templates/crds/dashboard.cozystack.io_breadcrumbsinside.yaml rename to packages/system/cozystack-controller/crds/dashboard.cozystack.io_breadcrumbsinside.yaml diff --git a/packages/system/cozystack-controller/templates/crds/dashboard.cozystack.io_customcolumnsoverrides.yaml b/packages/system/cozystack-controller/crds/dashboard.cozystack.io_customcolumnsoverrides.yaml similarity index 100% rename from packages/system/cozystack-controller/templates/crds/dashboard.cozystack.io_customcolumnsoverrides.yaml rename to packages/system/cozystack-controller/crds/dashboard.cozystack.io_customcolumnsoverrides.yaml diff --git a/packages/system/cozystack-controller/templates/crds/dashboard.cozystack.io_customformsoverrides.yaml b/packages/system/cozystack-controller/crds/dashboard.cozystack.io_customformsoverrides.yaml similarity index 100% rename from packages/system/cozystack-controller/templates/crds/dashboard.cozystack.io_customformsoverrides.yaml rename to packages/system/cozystack-controller/crds/dashboard.cozystack.io_customformsoverrides.yaml diff --git a/packages/system/cozystack-controller/templates/crds/dashboard.cozystack.io_customformsprefills.yaml b/packages/system/cozystack-controller/crds/dashboard.cozystack.io_customformsprefills.yaml similarity index 100% rename from packages/system/cozystack-controller/templates/crds/dashboard.cozystack.io_customformsprefills.yaml rename to packages/system/cozystack-controller/crds/dashboard.cozystack.io_customformsprefills.yaml diff --git a/packages/system/cozystack-controller/templates/crds/dashboard.cozystack.io_factories.yaml b/packages/system/cozystack-controller/crds/dashboard.cozystack.io_factories.yaml similarity index 100% rename from packages/system/cozystack-controller/templates/crds/dashboard.cozystack.io_factories.yaml rename to packages/system/cozystack-controller/crds/dashboard.cozystack.io_factories.yaml diff --git a/packages/system/cozystack-controller/templates/crds/dashboard.cozystack.io_marketplacepanels.yaml b/packages/system/cozystack-controller/crds/dashboard.cozystack.io_marketplacepanels.yaml similarity index 100% rename from packages/system/cozystack-controller/templates/crds/dashboard.cozystack.io_marketplacepanels.yaml rename to packages/system/cozystack-controller/crds/dashboard.cozystack.io_marketplacepanels.yaml diff --git a/packages/system/cozystack-controller/templates/crds/dashboard.cozystack.io_navigations.yaml b/packages/system/cozystack-controller/crds/dashboard.cozystack.io_navigations.yaml similarity index 100% rename from packages/system/cozystack-controller/templates/crds/dashboard.cozystack.io_navigations.yaml rename to packages/system/cozystack-controller/crds/dashboard.cozystack.io_navigations.yaml diff --git a/packages/system/cozystack-controller/templates/crds/dashboard.cozystack.io_sidebars.yaml b/packages/system/cozystack-controller/crds/dashboard.cozystack.io_sidebars.yaml similarity index 100% rename from packages/system/cozystack-controller/templates/crds/dashboard.cozystack.io_sidebars.yaml rename to packages/system/cozystack-controller/crds/dashboard.cozystack.io_sidebars.yaml diff --git a/packages/system/cozystack-controller/templates/crds/dashboard.cozystack.io_tableurimappings.yaml b/packages/system/cozystack-controller/crds/dashboard.cozystack.io_tableurimappings.yaml similarity index 100% rename from packages/system/cozystack-controller/templates/crds/dashboard.cozystack.io_tableurimappings.yaml rename to packages/system/cozystack-controller/crds/dashboard.cozystack.io_tableurimappings.yaml diff --git a/packages/system/cozystack-controller/templates/certmanager.yaml b/packages/system/cozystack-controller/templates/certmanager.yaml deleted file mode 100644 index 6d9bce7d..00000000 --- a/packages/system/cozystack-controller/templates/certmanager.yaml +++ /dev/null @@ -1,45 +0,0 @@ -apiVersion: cert-manager.io/v1 -kind: Issuer -metadata: - name: cozystack-controller-webhook-selfsigned - namespace: {{ .Release.Namespace }} -spec: - selfSigned: {} ---- -apiVersion: cert-manager.io/v1 -kind: Certificate -metadata: - name: cozystack-controller-webhook-ca - namespace: {{ .Release.Namespace }} -spec: - secretName: cozystack-controller-webhook-ca - duration: 43800h # 5 years - commonName: cozystack-controller-webhook-ca - issuerRef: - name: cozystack-controller-webhook-selfsigned - isCA: true ---- -apiVersion: cert-manager.io/v1 -kind: Issuer -metadata: - name: cozystack-controller-webhook-ca - namespace: {{ .Release.Namespace }} -spec: - ca: - secretName: cozystack-controller-webhook-ca ---- -apiVersion: cert-manager.io/v1 -kind: Certificate -metadata: - name: cozystack-controller-webhook - namespace: {{ .Release.Namespace }} -spec: - secretName: cozystack-controller-webhook-cert - duration: 8760h - renewBefore: 720h - issuerRef: - name: cozystack-controller-webhook-ca - commonName: cozystack-controller - dnsNames: - - cozystack-controller - - cozystack-controller.{{ .Release.Namespace }}.svc diff --git a/packages/system/cozystack-controller/templates/crds/cozystack.io_cozystackresourcedefinitions.yaml b/packages/system/cozystack-controller/templates/crds/cozystack.io_cozystackresourcedefinitions.yaml deleted file mode 100644 index a02a8b2a..00000000 --- a/packages/system/cozystack-controller/templates/crds/cozystack.io_cozystackresourcedefinitions.yaml +++ /dev/null @@ -1,294 +0,0 @@ ---- -apiVersion: apiextensions.k8s.io/v1 -kind: CustomResourceDefinition -metadata: - annotations: - controller-gen.kubebuilder.io/version: v0.16.4 - name: cozystackresourcedefinitions.cozystack.io -spec: - group: cozystack.io - names: - kind: CozystackResourceDefinition - listKind: CozystackResourceDefinitionList - plural: cozystackresourcedefinitions - singular: cozystackresourcedefinition - scope: Cluster - versions: - - name: v1alpha1 - schema: - openAPIV3Schema: - description: CozystackResourceDefinition is the Schema for the cozystackresourcedefinitions - API - properties: - apiVersion: - description: |- - APIVersion defines the versioned schema of this representation of an object. - Servers should convert recognized schemas to the latest internal value, and - may reject unrecognized values. - More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources - type: string - kind: - description: |- - Kind is a string value representing the REST resource this object represents. - Servers may infer this from the endpoint the client submits requests to. - Cannot be updated. - In CamelCase. - More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds - type: string - metadata: - type: object - spec: - properties: - application: - description: Application configuration - properties: - kind: - description: Kind of the application, used for UI and API - type: string - openAPISchema: - description: OpenAPI schema for the application, used for API - validation - type: string - plural: - description: Plural name of the application, used for UI and API - type: string - singular: - description: Singular name of the application, used for UI and - API - type: string - required: - - kind - - openAPISchema - - plural - - singular - type: object - dashboard: - description: Dashboard configuration for this resource - properties: - category: - description: Category used to group resources in the UI (e.g., - "Storage", "Networking") - type: string - description: - description: Short description shown in catalogs or headers (e.g., - "S3 compatible storage") - type: string - icon: - description: Icon encoded as a string (e.g., inline SVG, base64, - or data URI) - type: string - keysOrder: - description: Order of keys in the YAML view - items: - items: - type: string - type: array - type: array - module: - description: Whether this resource is a module (tenant module) - type: boolean - name: - description: Hard-coded name used in the UI (e.g., "bucket") - type: string - plural: - description: Plural human-readable name (e.g., "Buckets") - type: string - singular: - description: Human-readable name shown in the UI (e.g., "Bucket") - type: string - singularResource: - description: Whether this resource is singular (not a collection) - in the UI - type: boolean - tabs: - description: Which tabs to show for this resource - items: - description: DashboardTab enumerates allowed UI tabs. - enum: - - workloads - - ingresses - - services - - secrets - - yaml - type: string - type: array - tags: - description: Free-form tags for search and filtering - items: - type: string - type: array - weight: - description: Order weight for sorting resources in the UI (lower - first) - type: integer - required: - - category - - plural - - singular - type: object - release: - description: Release configuration - properties: - chart: - description: Helm chart configuration - properties: - name: - description: Name of the Helm chart - type: string - sourceRef: - description: Source reference for the Helm chart - properties: - kind: - default: HelmRepository - description: Kind of the source reference - type: string - name: - description: Name of the source reference - type: string - namespace: - default: cozy-public - description: Namespace of the source reference - type: string - required: - - kind - - name - - namespace - type: object - required: - - name - - sourceRef - type: object - labels: - additionalProperties: - type: string - description: Labels for the release - type: object - prefix: - description: Prefix for the release name - type: string - required: - - chart - - prefix - type: object - secrets: - description: Secret selectors - properties: - exclude: - description: |- - Exclude contains an array of label selectors that target secrets. - If a secret matches the selector in any of the elements in the array, it is - hidden from the user, regardless of the matches in the include array. - items: - description: |- - A label selector is a label query over a set of resources. The result of matchLabels and - matchExpressions are ANDed. An empty label selector matches all objects. A null - label selector matches no objects. - properties: - matchExpressions: - description: matchExpressions is a list of label selector - requirements. The requirements are ANDed. - items: - description: |- - A label selector requirement is a selector that contains values, a key, and an operator that - relates the key and values. - properties: - key: - description: key is the label key that the selector - applies to. - type: string - operator: - description: |- - operator represents a key's relationship to a set of values. - Valid operators are In, NotIn, Exists and DoesNotExist. - type: string - values: - description: |- - values is an array of string values. If the operator is In or NotIn, - the values array must be non-empty. If the operator is Exists or DoesNotExist, - the values array must be empty. This array is replaced during a strategic - merge patch. - items: - type: string - type: array - x-kubernetes-list-type: atomic - required: - - key - - operator - type: object - type: array - x-kubernetes-list-type: atomic - matchLabels: - additionalProperties: - type: string - description: |- - matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels - map is equivalent to an element of matchExpressions, whose key field is "key", the - operator is "In", and the values array contains only "value". The requirements are ANDed. - type: object - type: object - x-kubernetes-map-type: atomic - type: array - include: - description: |- - Include contains an array of label selectors that target secrets. - If a secret matches the selector in any of the elements in the array, and - matches none of the selectors in the exclude array that secret is marked - as a tenant secret and is visible to users. - items: - description: |- - A label selector is a label query over a set of resources. The result of matchLabels and - matchExpressions are ANDed. An empty label selector matches all objects. A null - label selector matches no objects. - properties: - matchExpressions: - description: matchExpressions is a list of label selector - requirements. The requirements are ANDed. - items: - description: |- - A label selector requirement is a selector that contains values, a key, and an operator that - relates the key and values. - properties: - key: - description: key is the label key that the selector - applies to. - type: string - operator: - description: |- - operator represents a key's relationship to a set of values. - Valid operators are In, NotIn, Exists and DoesNotExist. - type: string - values: - description: |- - values is an array of string values. If the operator is In or NotIn, - the values array must be non-empty. If the operator is Exists or DoesNotExist, - the values array must be empty. This array is replaced during a strategic - merge patch. - items: - type: string - type: array - x-kubernetes-list-type: atomic - required: - - key - - operator - type: object - type: array - x-kubernetes-list-type: atomic - matchLabels: - additionalProperties: - type: string - description: |- - matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels - map is equivalent to an element of matchExpressions, whose key field is "key", the - operator is "In", and the values array contains only "value". The requirements are ANDed. - type: object - type: object - x-kubernetes-map-type: atomic - type: array - type: object - required: - - application - - release - type: object - type: object - served: true - storage: true diff --git a/packages/system/cozystack-controller/templates/crds/crds.yaml b/packages/system/cozystack-controller/templates/crds/crds.yaml new file mode 100644 index 00000000..0a98dd32 --- /dev/null +++ b/packages/system/cozystack-controller/templates/crds/crds.yaml @@ -0,0 +1,4 @@ +{{- range $path, $_ := .Files.Glob "crds/*" }} +--- +{{ $.Files.Get $path }} +{{- end }} diff --git a/packages/system/cozystack-controller/templates/deployment.yaml b/packages/system/cozystack-controller/templates/deployment.yaml index 318ec3b2..bac865ef 100644 --- a/packages/system/cozystack-controller/templates/deployment.yaml +++ b/packages/system/cozystack-controller/templates/deployment.yaml @@ -28,15 +28,3 @@ spec: {{- if .Values.cozystackController.disableTelemetry }} - --disable-telemetry {{- end }} - ports: - - name: webhook - containerPort: 9443 - volumeMounts: - - name: webhook-certs - mountPath: /tmp/k8s-webhook-server/serving-certs - readOnly: true - volumes: - - name: webhook-certs - secret: - secretName: cozystack-controller-webhook-cert - defaultMode: 0400 diff --git a/packages/system/cozystack-controller/values.yaml b/packages/system/cozystack-controller/values.yaml index c3dee2bb..f651807e 100644 --- a/packages/system/cozystack-controller/values.yaml +++ b/packages/system/cozystack-controller/values.yaml @@ -1,5 +1,5 @@ cozystackController: - image: ghcr.io/cozystack/cozystack/cozystack-controller:v0.37.0-alpha.2@sha256:9380ba4134428beee1e81a6f04843b87b8a160e4dd26f5e8f2c783ff343751ae + image: ghcr.io/cozystack/cozystack/cozystack-controller:v0.37.0@sha256:845b8e68cbc277c2303080bcd55597e4334610d396dad258ad56fd906530acc3 debug: false disableTelemetry: false - cozystackVersion: "v0.37.0-alpha.2" + cozystackVersion: "v0.37.0" diff --git a/packages/system/cozystack-resource-definition-crd/Chart.yaml b/packages/system/cozystack-resource-definition-crd/Chart.yaml new file mode 100644 index 00000000..9924c7fa --- /dev/null +++ b/packages/system/cozystack-resource-definition-crd/Chart.yaml @@ -0,0 +1,3 @@ +apiVersion: v2 +name: cozystack-resource-definition-crd +version: 0.0.0 # Placeholder, the actual version will be automatically set during the build process diff --git a/packages/system/cozystack-resource-definition-crd/Makefile b/packages/system/cozystack-resource-definition-crd/Makefile new file mode 100644 index 00000000..ddb24aef --- /dev/null +++ b/packages/system/cozystack-resource-definition-crd/Makefile @@ -0,0 +1,4 @@ +export NAME=cozystack-resource-definition-crd +export NAMESPACE=cozy-system + +include ../../../scripts/package.mk diff --git a/packages/system/cozystack-resource-definition-crd/definition/cozystack.io_cozystackresourcedefinitions.yaml b/packages/system/cozystack-resource-definition-crd/definition/cozystack.io_cozystackresourcedefinitions.yaml new file mode 100644 index 00000000..685d4ac5 --- /dev/null +++ b/packages/system/cozystack-resource-definition-crd/definition/cozystack.io_cozystackresourcedefinitions.yaml @@ -0,0 +1,680 @@ +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + controller-gen.kubebuilder.io/version: v0.16.4 + name: cozystackresourcedefinitions.cozystack.io +spec: + group: cozystack.io + names: + kind: CozystackResourceDefinition + listKind: CozystackResourceDefinitionList + plural: cozystackresourcedefinitions + singular: cozystackresourcedefinition + scope: Cluster + versions: + - name: v1alpha1 + schema: + openAPIV3Schema: + description: CozystackResourceDefinition is the Schema for the cozystackresourcedefinitions + API + properties: + apiVersion: + description: |- + APIVersion defines the versioned schema of this representation of an object. + Servers should convert recognized schemas to the latest internal value, and + may reject unrecognized values. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources + type: string + kind: + description: |- + Kind is a string value representing the REST resource this object represents. + Servers may infer this from the endpoint the client submits requests to. + Cannot be updated. + In CamelCase. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds + type: string + metadata: + type: object + spec: + properties: + application: + description: Application configuration + properties: + kind: + description: Kind of the application, used for UI and API + type: string + openAPISchema: + description: OpenAPI schema for the application, used for API + validation + type: string + plural: + description: Plural name of the application, used for UI and API + type: string + singular: + description: Singular name of the application, used for UI and + API + type: string + required: + - kind + - openAPISchema + - plural + - singular + type: object + dashboard: + description: Dashboard configuration for this resource + properties: + category: + description: Category used to group resources in the UI (e.g., + "Storage", "Networking") + type: string + description: + description: Short description shown in catalogs or headers (e.g., + "S3 compatible storage") + type: string + icon: + description: Icon encoded as a string (e.g., inline SVG, base64, + or data URI) + type: string + keysOrder: + description: Order of keys in the YAML view + items: + items: + type: string + type: array + type: array + module: + description: Whether this resource is a module (tenant module) + type: boolean + name: + description: Hard-coded name used in the UI (e.g., "bucket") + type: string + plural: + description: Plural human-readable name (e.g., "Buckets") + type: string + singular: + description: Human-readable name shown in the UI (e.g., "Bucket") + type: string + singularResource: + description: Whether this resource is singular (not a collection) + in the UI + type: boolean + tabs: + description: Which tabs to show for this resource + items: + description: DashboardTab enumerates allowed UI tabs. + enum: + - workloads + - ingresses + - services + - secrets + - yaml + type: string + type: array + tags: + description: Free-form tags for search and filtering + items: + type: string + type: array + weight: + description: Order weight for sorting resources in the UI (lower + first) + type: integer + required: + - category + - plural + - singular + type: object + ingresses: + description: Ingress selectors + properties: + exclude: + description: |- + Exclude contains an array of resource selectors that target resources. + If a resource matches the selector in any of the elements in the array, it is + hidden from the user, regardless of the matches in the include array. + items: + description: |- + CozystackResourceDefinitionResourceSelector extends metav1.LabelSelector with resourceNames support. + A resource matches this selector only if it satisfies ALL criteria: + - Label selector conditions (matchExpressions and matchLabels) + - AND has a name that matches one of the names in resourceNames (if specified) + + The resourceNames field supports Go templates with the following variables available: + - {{ .name }}: The name of the managing application (from apps.cozystack.io/application.name) + - {{ .kind }}: The lowercased kind of the managing application (from apps.cozystack.io/application.kind) + - {{ .namespace }}: The namespace of the resource being processed + + Example YAML: + secrets: + include: + - matchExpressions: + - key: badlabel + operator: DoesNotExist + matchLabels: + goodlabel: goodvalue + resourceNames: + - "{{ .name }}-secret" + - "{{ .kind }}-{{ .name }}-tls" + - "specificname" + properties: + matchExpressions: + description: matchExpressions is a list of label selector + requirements. The requirements are ANDed. + items: + description: |- + A label selector requirement is a selector that contains values, a key, and an operator that + relates the key and values. + properties: + key: + description: key is the label key that the selector + applies to. + type: string + operator: + description: |- + operator represents a key's relationship to a set of values. + Valid operators are In, NotIn, Exists and DoesNotExist. + type: string + values: + description: |- + values is an array of string values. If the operator is In or NotIn, + the values array must be non-empty. If the operator is Exists or DoesNotExist, + the values array must be empty. This array is replaced during a strategic + merge patch. + items: + type: string + type: array + x-kubernetes-list-type: atomic + required: + - key + - operator + type: object + type: array + x-kubernetes-list-type: atomic + matchLabels: + additionalProperties: + type: string + description: |- + matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels + map is equivalent to an element of matchExpressions, whose key field is "key", the + operator is "In", and the values array contains only "value". The requirements are ANDed. + type: object + resourceNames: + description: |- + ResourceNames is a list of resource names to match + If specified, the resource must have one of these exact names to match the selector + items: + type: string + type: array + type: object + x-kubernetes-map-type: atomic + type: array + include: + description: |- + Include contains an array of resource selectors that target resources. + If a resource matches the selector in any of the elements in the array, and + matches none of the selectors in the exclude array that resource is marked + as a tenant resource and is visible to users. + items: + description: |- + CozystackResourceDefinitionResourceSelector extends metav1.LabelSelector with resourceNames support. + A resource matches this selector only if it satisfies ALL criteria: + - Label selector conditions (matchExpressions and matchLabels) + - AND has a name that matches one of the names in resourceNames (if specified) + + The resourceNames field supports Go templates with the following variables available: + - {{ .name }}: The name of the managing application (from apps.cozystack.io/application.name) + - {{ .kind }}: The lowercased kind of the managing application (from apps.cozystack.io/application.kind) + - {{ .namespace }}: The namespace of the resource being processed + + Example YAML: + secrets: + include: + - matchExpressions: + - key: badlabel + operator: DoesNotExist + matchLabels: + goodlabel: goodvalue + resourceNames: + - "{{ .name }}-secret" + - "{{ .kind }}-{{ .name }}-tls" + - "specificname" + properties: + matchExpressions: + description: matchExpressions is a list of label selector + requirements. The requirements are ANDed. + items: + description: |- + A label selector requirement is a selector that contains values, a key, and an operator that + relates the key and values. + properties: + key: + description: key is the label key that the selector + applies to. + type: string + operator: + description: |- + operator represents a key's relationship to a set of values. + Valid operators are In, NotIn, Exists and DoesNotExist. + type: string + values: + description: |- + values is an array of string values. If the operator is In or NotIn, + the values array must be non-empty. If the operator is Exists or DoesNotExist, + the values array must be empty. This array is replaced during a strategic + merge patch. + items: + type: string + type: array + x-kubernetes-list-type: atomic + required: + - key + - operator + type: object + type: array + x-kubernetes-list-type: atomic + matchLabels: + additionalProperties: + type: string + description: |- + matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels + map is equivalent to an element of matchExpressions, whose key field is "key", the + operator is "In", and the values array contains only "value". The requirements are ANDed. + type: object + resourceNames: + description: |- + ResourceNames is a list of resource names to match + If specified, the resource must have one of these exact names to match the selector + items: + type: string + type: array + type: object + x-kubernetes-map-type: atomic + type: array + type: object + release: + description: Release configuration + properties: + chart: + description: Helm chart configuration + properties: + name: + description: Name of the Helm chart + type: string + sourceRef: + description: Source reference for the Helm chart + properties: + kind: + default: HelmRepository + description: Kind of the source reference + type: string + name: + description: Name of the source reference + type: string + namespace: + default: cozy-public + description: Namespace of the source reference + type: string + required: + - kind + - name + - namespace + type: object + required: + - name + - sourceRef + type: object + labels: + additionalProperties: + type: string + description: Labels for the release + type: object + prefix: + description: Prefix for the release name + type: string + required: + - chart + - prefix + type: object + secrets: + description: Secret selectors + properties: + exclude: + description: |- + Exclude contains an array of resource selectors that target resources. + If a resource matches the selector in any of the elements in the array, it is + hidden from the user, regardless of the matches in the include array. + items: + description: |- + CozystackResourceDefinitionResourceSelector extends metav1.LabelSelector with resourceNames support. + A resource matches this selector only if it satisfies ALL criteria: + - Label selector conditions (matchExpressions and matchLabels) + - AND has a name that matches one of the names in resourceNames (if specified) + + The resourceNames field supports Go templates with the following variables available: + - {{ .name }}: The name of the managing application (from apps.cozystack.io/application.name) + - {{ .kind }}: The lowercased kind of the managing application (from apps.cozystack.io/application.kind) + - {{ .namespace }}: The namespace of the resource being processed + + Example YAML: + secrets: + include: + - matchExpressions: + - key: badlabel + operator: DoesNotExist + matchLabels: + goodlabel: goodvalue + resourceNames: + - "{{ .name }}-secret" + - "{{ .kind }}-{{ .name }}-tls" + - "specificname" + properties: + matchExpressions: + description: matchExpressions is a list of label selector + requirements. The requirements are ANDed. + items: + description: |- + A label selector requirement is a selector that contains values, a key, and an operator that + relates the key and values. + properties: + key: + description: key is the label key that the selector + applies to. + type: string + operator: + description: |- + operator represents a key's relationship to a set of values. + Valid operators are In, NotIn, Exists and DoesNotExist. + type: string + values: + description: |- + values is an array of string values. If the operator is In or NotIn, + the values array must be non-empty. If the operator is Exists or DoesNotExist, + the values array must be empty. This array is replaced during a strategic + merge patch. + items: + type: string + type: array + x-kubernetes-list-type: atomic + required: + - key + - operator + type: object + type: array + x-kubernetes-list-type: atomic + matchLabels: + additionalProperties: + type: string + description: |- + matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels + map is equivalent to an element of matchExpressions, whose key field is "key", the + operator is "In", and the values array contains only "value". The requirements are ANDed. + type: object + resourceNames: + description: |- + ResourceNames is a list of resource names to match + If specified, the resource must have one of these exact names to match the selector + items: + type: string + type: array + type: object + x-kubernetes-map-type: atomic + type: array + include: + description: |- + Include contains an array of resource selectors that target resources. + If a resource matches the selector in any of the elements in the array, and + matches none of the selectors in the exclude array that resource is marked + as a tenant resource and is visible to users. + items: + description: |- + CozystackResourceDefinitionResourceSelector extends metav1.LabelSelector with resourceNames support. + A resource matches this selector only if it satisfies ALL criteria: + - Label selector conditions (matchExpressions and matchLabels) + - AND has a name that matches one of the names in resourceNames (if specified) + + The resourceNames field supports Go templates with the following variables available: + - {{ .name }}: The name of the managing application (from apps.cozystack.io/application.name) + - {{ .kind }}: The lowercased kind of the managing application (from apps.cozystack.io/application.kind) + - {{ .namespace }}: The namespace of the resource being processed + + Example YAML: + secrets: + include: + - matchExpressions: + - key: badlabel + operator: DoesNotExist + matchLabels: + goodlabel: goodvalue + resourceNames: + - "{{ .name }}-secret" + - "{{ .kind }}-{{ .name }}-tls" + - "specificname" + properties: + matchExpressions: + description: matchExpressions is a list of label selector + requirements. The requirements are ANDed. + items: + description: |- + A label selector requirement is a selector that contains values, a key, and an operator that + relates the key and values. + properties: + key: + description: key is the label key that the selector + applies to. + type: string + operator: + description: |- + operator represents a key's relationship to a set of values. + Valid operators are In, NotIn, Exists and DoesNotExist. + type: string + values: + description: |- + values is an array of string values. If the operator is In or NotIn, + the values array must be non-empty. If the operator is Exists or DoesNotExist, + the values array must be empty. This array is replaced during a strategic + merge patch. + items: + type: string + type: array + x-kubernetes-list-type: atomic + required: + - key + - operator + type: object + type: array + x-kubernetes-list-type: atomic + matchLabels: + additionalProperties: + type: string + description: |- + matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels + map is equivalent to an element of matchExpressions, whose key field is "key", the + operator is "In", and the values array contains only "value". The requirements are ANDed. + type: object + resourceNames: + description: |- + ResourceNames is a list of resource names to match + If specified, the resource must have one of these exact names to match the selector + items: + type: string + type: array + type: object + x-kubernetes-map-type: atomic + type: array + type: object + services: + description: Service selectors + properties: + exclude: + description: |- + Exclude contains an array of resource selectors that target resources. + If a resource matches the selector in any of the elements in the array, it is + hidden from the user, regardless of the matches in the include array. + items: + description: |- + CozystackResourceDefinitionResourceSelector extends metav1.LabelSelector with resourceNames support. + A resource matches this selector only if it satisfies ALL criteria: + - Label selector conditions (matchExpressions and matchLabels) + - AND has a name that matches one of the names in resourceNames (if specified) + + The resourceNames field supports Go templates with the following variables available: + - {{ .name }}: The name of the managing application (from apps.cozystack.io/application.name) + - {{ .kind }}: The lowercased kind of the managing application (from apps.cozystack.io/application.kind) + - {{ .namespace }}: The namespace of the resource being processed + + Example YAML: + secrets: + include: + - matchExpressions: + - key: badlabel + operator: DoesNotExist + matchLabels: + goodlabel: goodvalue + resourceNames: + - "{{ .name }}-secret" + - "{{ .kind }}-{{ .name }}-tls" + - "specificname" + properties: + matchExpressions: + description: matchExpressions is a list of label selector + requirements. The requirements are ANDed. + items: + description: |- + A label selector requirement is a selector that contains values, a key, and an operator that + relates the key and values. + properties: + key: + description: key is the label key that the selector + applies to. + type: string + operator: + description: |- + operator represents a key's relationship to a set of values. + Valid operators are In, NotIn, Exists and DoesNotExist. + type: string + values: + description: |- + values is an array of string values. If the operator is In or NotIn, + the values array must be non-empty. If the operator is Exists or DoesNotExist, + the values array must be empty. This array is replaced during a strategic + merge patch. + items: + type: string + type: array + x-kubernetes-list-type: atomic + required: + - key + - operator + type: object + type: array + x-kubernetes-list-type: atomic + matchLabels: + additionalProperties: + type: string + description: |- + matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels + map is equivalent to an element of matchExpressions, whose key field is "key", the + operator is "In", and the values array contains only "value". The requirements are ANDed. + type: object + resourceNames: + description: |- + ResourceNames is a list of resource names to match + If specified, the resource must have one of these exact names to match the selector + items: + type: string + type: array + type: object + x-kubernetes-map-type: atomic + type: array + include: + description: |- + Include contains an array of resource selectors that target resources. + If a resource matches the selector in any of the elements in the array, and + matches none of the selectors in the exclude array that resource is marked + as a tenant resource and is visible to users. + items: + description: |- + CozystackResourceDefinitionResourceSelector extends metav1.LabelSelector with resourceNames support. + A resource matches this selector only if it satisfies ALL criteria: + - Label selector conditions (matchExpressions and matchLabels) + - AND has a name that matches one of the names in resourceNames (if specified) + + The resourceNames field supports Go templates with the following variables available: + - {{ .name }}: The name of the managing application (from apps.cozystack.io/application.name) + - {{ .kind }}: The lowercased kind of the managing application (from apps.cozystack.io/application.kind) + - {{ .namespace }}: The namespace of the resource being processed + + Example YAML: + secrets: + include: + - matchExpressions: + - key: badlabel + operator: DoesNotExist + matchLabels: + goodlabel: goodvalue + resourceNames: + - "{{ .name }}-secret" + - "{{ .kind }}-{{ .name }}-tls" + - "specificname" + properties: + matchExpressions: + description: matchExpressions is a list of label selector + requirements. The requirements are ANDed. + items: + description: |- + A label selector requirement is a selector that contains values, a key, and an operator that + relates the key and values. + properties: + key: + description: key is the label key that the selector + applies to. + type: string + operator: + description: |- + operator represents a key's relationship to a set of values. + Valid operators are In, NotIn, Exists and DoesNotExist. + type: string + values: + description: |- + values is an array of string values. If the operator is In or NotIn, + the values array must be non-empty. If the operator is Exists or DoesNotExist, + the values array must be empty. This array is replaced during a strategic + merge patch. + items: + type: string + type: array + x-kubernetes-list-type: atomic + required: + - key + - operator + type: object + type: array + x-kubernetes-list-type: atomic + matchLabels: + additionalProperties: + type: string + description: |- + matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels + map is equivalent to an element of matchExpressions, whose key field is "key", the + operator is "In", and the values array contains only "value". The requirements are ANDed. + type: object + resourceNames: + description: |- + ResourceNames is a list of resource names to match + If specified, the resource must have one of these exact names to match the selector + items: + type: string + type: array + type: object + x-kubernetes-map-type: atomic + type: array + type: object + required: + - application + - release + type: object + type: object + served: true + storage: true diff --git a/packages/system/cozystack-resource-definition-crd/templates/crd.yaml b/packages/system/cozystack-resource-definition-crd/templates/crd.yaml new file mode 100644 index 00000000..40a93ad3 --- /dev/null +++ b/packages/system/cozystack-resource-definition-crd/templates/crd.yaml @@ -0,0 +1,2 @@ +--- +{{ .Files.Get "definition/cozystack.io_cozystackresourcedefinitions.yaml" }} diff --git a/packages/system/cozystack-resource-definition-crd/values.yaml b/packages/system/cozystack-resource-definition-crd/values.yaml new file mode 100644 index 00000000..0967ef42 --- /dev/null +++ b/packages/system/cozystack-resource-definition-crd/values.yaml @@ -0,0 +1 @@ +{} diff --git a/packages/system/cozystack-resource-definitions/Chart.yaml b/packages/system/cozystack-resource-definitions/Chart.yaml new file mode 100644 index 00000000..39cb9431 --- /dev/null +++ b/packages/system/cozystack-resource-definitions/Chart.yaml @@ -0,0 +1,3 @@ +apiVersion: v2 +name: cozystack-resource-definitions +version: 0.0.0 # Placeholder, the actual version will be automatically set during the build process diff --git a/packages/system/cozystack-resource-definitions/Makefile b/packages/system/cozystack-resource-definitions/Makefile new file mode 100644 index 00000000..00e8bece --- /dev/null +++ b/packages/system/cozystack-resource-definitions/Makefile @@ -0,0 +1,4 @@ +export NAME=cozystack-resource-definitions +export NAMESPACE=cozy-system + +include ../../../scripts/package.mk diff --git a/packages/system/cozystack-api/templates/cozystack-resource-definitions/bootbox.yaml b/packages/system/cozystack-resource-definitions/cozyrds/bootbox.yaml similarity index 98% rename from packages/system/cozystack-api/templates/cozystack-resource-definitions/bootbox.yaml rename to packages/system/cozystack-resource-definitions/cozyrds/bootbox.yaml index 9626f0e4..87e35626 100644 --- a/packages/system/cozystack-api/templates/cozystack-resource-definitions/bootbox.yaml +++ b/packages/system/cozystack-resource-definitions/cozyrds/bootbox.yaml @@ -29,7 +29,15 @@ spec: icon: PHN2ZyB3aWR0aD0iMTQ0IiBoZWlnaHQ9IjE0NCIgdmlld0JveD0iMCAwIDE0NCAxNDQiIGZpbGw9Im5vbmUiIHhtbG5zPSJodHRwOi8vd3d3LnczLm9yZy8yMDAwL3N2ZyI+CjxyZWN0IHdpZHRoPSIxNDQiIGhlaWdodD0iMTQ0IiByeD0iMjQiIGZpbGw9InVybCgjcGFpbnQwX2xpbmVhcl85NzlfNzkyKSIvPgo8cGF0aCBkPSJNNzEuNTY5OCA3Ni41MzM2QzcxLjIzNzQgNzYuNTMzNiA3MC45MDM2IDc2LjQ4NDcgNzAuNTgyOSA3Ni4zODkyTDM2LjIwNzkgNjYuMDc2N0MzNC4zODg1IDY1LjUzMTEgMzMuMzU2MiA2My42MTQ0IDMzLjkwMTcgNjEuNzk2NkMzNC40NDg5IDU5Ljk3NTUgMzYuMzY1NyA1OC45NDgzIDM4LjE4MTcgNTkuNDkwNEw3MS41Njk4IDY5LjUwNzZMMTA0Ljk1OCA1OS40OTA0QzEwNi43NzYgNTguOTYgMTA4LjY5MSA1OS45NzcyIDEwOS4yMzggNjEuNzk2NkMxMDkuNzgzIDYzLjYxNDQgMTA4Ljc1MSA2NS41MzExIDEwNi45MzIgNjYuMDc2N0w3Mi41NTY3IDc2LjM4OTJDNzIuMjM2IDc2LjQ4NDcgNzEuOTAyMiA3Ni41MzM2IDcxLjU2OTggNzYuNTMzNloiIGZpbGw9IiMyMzFGMjAiLz4KPHBhdGggZD0iTTc0Ljk3MyA1My4wMjE0Qzc0Ljc2NjggNTQuMzI3NiA3My44MDQzIDU1LjM5MzMgNzIuNTY2OCA1NS43NzE0TDM4LjE5MTggNjYuMDgzOUMzNy44NDggNjYuMTg3IDM3LjUzODcgNjYuMjIxNCAzNy4xOTQ5IDY2LjIyMTRDMzYuMzY5OSA2Ni4yMjE0IDM1LjU3OTMgNjUuOTEyIDM0LjkyNjIgNjUuMzYyTDIxLjE3NjIgNTMuMzMwOEMyMC4yNDggNTIuNTQwMSAxOS44MzU1IDUxLjI2ODMgMjAuMDc2MiA1MC4wNjUxQzIwLjMxNjggNDguODYyIDIxLjE3NjIgNDcuODY1MSAyMi4zNDQ5IDQ3LjQ4N0w1My4yODI0IDM3LjE3NDVDNTQuMzEzNyAzNi44MzA4IDU1LjQ0OCAzNy4wMDI2IDU2LjM0MTggMzcuNjIxNEw3My41MjkzIDQ5LjY1MjZDNzQuNjI5MyA1MC40MDg5IDc1LjE3OTMgNTEuNzE1MSA3NC45NzMgNTMuMDIxNFoiIGZpbGw9IiNGRkRDODMiLz4KPHBhdGggZD0iTTEyMS45NjQgNTMuMzMwOEwxMDguMjE0IDY1LjM2MkMxMDcuNTYgNjUuOTEyIDEwNi43NyA2Ni4yMjE0IDEwNS45NDUgNjYuMjIxNEMxMDUuNjAxIDY2LjIyMTQgMTA1LjI5MiA2Ni4xODcgMTA0Ljk0OCA2Ni4wODM5TDcwLjU3MyA1NS43NzE0QzY5LjMzNTUgNTUuMzkzMyA2OC4zNzMgNTQuMzI3NiA2OC4xNjY3IDUzLjAyMTRDNjcuOTYwNSA1MS43MTUxIDY4LjUxMDUgNTAuNDA4OSA2OS42MTA1IDQ5LjY1MjZMODYuNzk4IDM3LjYyMTRDODcuNjkxNyAzNy4wMDI2IDg4LjgyNjEgMzYuODMwOCA4OS44NTc0IDM3LjE3NDVMMTIwLjc5NSA0Ny40ODdDMTIxLjk2NCA0Ny44NjUxIDEyMi44MjMgNDguODYyIDEyMy4wNjQgNTAuMDY1MUMxMjMuMzA0IDUxLjI2ODMgMTIyLjg5MiA1Mi41NDAxIDEyMS45NjQgNTMuMzMwOFoiIGZpbGw9IiNGRkRDODMiLz4KPHBhdGggZD0iTTEwOS4zODIgNjMuNjQyNlYxMDcuNDcxQzEwOS4zODIgMTA4Ljg4IDEwOC41MjIgMTEwLjE1MiAxMDcuMjE2IDExMC42NjhMNzIuODQxMiAxMjQuNDE4QzcyLjQyODcgMTI0LjU4OSA3Mi4wMTYyIDEyNC42NTggNzEuNTY5MyAxMjQuNjU4QzcxLjEyMjUgMTI0LjY1OCA3MC43MSAxMjQuNTg5IDcwLjI5NzUgMTI0LjQxOEwzNS45MjI1IDExMC42NjhDMzQuNjE2MiAxMTAuMTUyIDMzLjc1NjggMTA4Ljg4IDMzLjc1NjggMTA3LjQ3MVY2My42NDI2QzMzLjc1NjggNjEuNzUyIDM1LjMwMzcgNjAuMjA1MSAzNy4xOTQzIDYwLjIwNTFIMTA1Ljk0NEMxMDcuODM1IDYwLjIwNTEgMTA5LjM4MiA2MS43NTIgMTA5LjM4MiA2My42NDI2WiIgZmlsbD0iI0VBQkQ0QyIvPgo8cGF0aCBkPSJNMTA3Ljk5OSA2MS40OTU4QzEwNy45OTkgNjIuOTgxMiAxMDcuMDM3IDY0LjI5NzkgMTA1LjY0MyA2NC43MzY4TDcyLjQ2MTMgNzQuODY1QzcyLjEyOTUgNzQuOTY2MiA3MS44MzA4IDc1IDcxLjQ5OSA3NUM3MS4xNjcyIDc1IDcwLjg2ODYgNzQuOTY2MiA3MC41MzY4IDc0Ljg2NUwzNy4zNTQ5IDY0LjczNjhDMzUuOTYxMyA2NC4yOTc5IDM0Ljk5OSA2Mi45ODEyIDM0Ljk5OSA2MS40OTU4QzM0Ljk5OSA2MC4wMTAzIDM1Ljk2MTMgNTguNjkzNyAzNy4zNTQ5IDU4LjI1NDhMNzAuNTM2OCA0OC4xMjY2QzcxLjE2NzIgNDcuOTU3OCA3MS44MzA4IDQ3Ljk1NzggNzIuNDYxMyA0OC4xMjY2TDEwNS42NDMgNTguMjU0OEMxMDcuMDM3IDU4LjY5MzcgMTA3Ljk5OSA2MC4wMTAzIDEwNy45OTkgNjEuNDk1OFoiIGZpbGw9IiM0QzM4MjUiLz4KPHBhdGggZD0iTTc0LjUxMTggNzdDNzUuMzUgNzcgNzYuMTc5NCA3Ni45NjI4IDc3IDc2LjkxMzNWMjEuMDg2N0M3Ni4xNzY1IDIxLjAzNDcgNzUuMzQ3MSAyMSA3NC41MDU5IDIxQzczLjY2NDcgMjEgNzIuODI5NCAyMS4wMzQ3IDcyIDIxLjA4NjdWNzYuOTEwOEM3Mi44MjY1IDc2Ljk2MjggNzMuNjU4OCA3Ni45OTc1IDc0LjUgNzdINzQuNTExOFoiIGZpbGw9InVybCgjcGFpbnQxX2xpbmVhcl85NzlfNzkyKSIvPgo8cGF0aCBkPSJNNDQuMDI4MiAzOC4xMTI5TDQzLjIwNzggMzcuMjk1OUM0Mi4wNzczIDM4LjkxMjEgNDEuMDc0NiA0MC42MTQgNDAuMjA4OCA0Mi4zODYxQzUwLjEwMDEgNTIuNDM1NCA1MS4xNDI0IDU3LjI4MzUgNTEuMTI4OSA1OC45MDc0QzUxLjA5MTkgNjMuMDI2IDQ2LjA1MjIgNjkuNDg0NSA0MC4xNDE2IDc1LjQ2NTdDNDAuOTk5NiA3Ny4yMzc1IDQxLjk5MzMgNzguOTQwNSA0My4xMTM3IDgwLjU1OTJDNDMuNDQ5OSA4MC4yMjMgNDMuNzY5MyA3OS45MTM3IDQ0LjA5NTQgNzkuNTg0MkM1Mi42MjUgNzAuOTk3NSA1Ni43OTQgNjQuMjQ5OCA1Ni44NDQ1IDU4Ljk0NzdDNTYuODk0OSA1My42NDU3IDUyLjcwMjQgNDYuODg3OSA0NC4wMjgyIDM4LjExMjlaIiBmaWxsPSJ1cmwoI3BhaW50Ml9saW5lYXJfOTc5Xzc5MikiLz4KPHBhdGggZD0iTTEwNC42OTUgNzkuNTk3NUwxMDUuNjc2IDgwLjU3MjVDMTA2Ljc5NSA3OC45NDkyIDEwNy43ODcgNzcuMjQxNyAxMDguNjQyIDc1LjQ2NTVDMTAyLjczNSA2OS40NzA5IDk3LjY5NDggNjIuOTk1NSA5Ny42NTQ1IDU4Ljg5MzdDOTcuNjE3NSA1NC44OTI4IDEwMi42MjcgNDguNDIwOCAxMDguNTY4IDQyLjM1OUMxMDcuNzAzIDQwLjU5MTcgMTA2LjcwMyAzOC44OTQ0IDEwNS41NzYgMzcuMjgyMkwxMDQuNzU1IDM4LjA5OTJDOTYuMDgxIDQ2Ljg1NzUgOTEuODg4NSA1My42NzkxIDkxLjkzODkgNTguOTQ0MkM5MS45ODk0IDY0LjIwOTIgOTYuMTU4MyA3MS4wMTA3IDEwNC42OTUgNzkuNTk3NVoiIGZpbGw9InVybCgjcGFpbnQzX2xpbmVhcl85NzlfNzkyKSIvPgo8cGF0aCBkPSJNODcuNDM5NiA1OC45MzQ0Qzg3LjQzOTYgNTEuNTM3OCA5MC43Mzc4IDM5LjIzOTMgOTUuODE3OSAyNy42MTY1Qzk0LjE5NzkgMjYuNTEzOSA5Mi40OTUgMjUuNTM4MiA5MC43MjQ0IDI0LjY5ODJDODUuMTYzNSAzNy4yMjg3IDgxLjcyMDcgNTAuNTU2MSA4MS43MjA3IDU4Ljk0NzhDODEuNzIwNyA2Ny4wNjczIDg1LjQ0OTMgODAuNTQyNSA5MS4xMTEgOTMuMTQwM0M5Mi44NDY4IDkyLjI4NTkgOTQuNTE0NyA5MS4zMDAyIDk2LjEwMDQgOTAuMTkxN0M5MC44NTg5IDc4LjQwMDkgODcuNDM5NiA2Ni4wNzU1IDg3LjQzOTYgNTguOTM0NFoiIGZpbGw9InVybCgjcGFpbnQ0X2xpbmVhcl85NzlfNzkyKSIvPgo8cGF0aCBkPSJNNjcuMDM4NCA1OC45MzUzQzY3LjAzODQgNTAuNDk5OCA2My40NTc4IDM3LjA5ODUgNTcuOTYwOCAyNC43MjI3QzU2LjIxNTggMjUuNTYxMyA1NC41Mzc3IDI2LjUzMjUgNTIuOTQxMiAyNy42Mjc1QzU4LjAzMTQgMzkuMjQzNSA2MS4zMjI4IDUxLjU0NTQgNjEuMzIyOCA1OC45MzUzQzYxLjMyMjggNjYuMDczIDU3LjkwMzYgNzguMzk1IDUyLjY2MjEgOTAuMTcyNEM1NC4yNDgyIDkxLjI4MDIgNTUuOTE2MSA5Mi4yNjU4IDU3LjY1MTQgOTMuMTIxQzYzLjMxOTkgODAuNTI2NiA2Ny4wMzg0IDY3LjA2MTQgNjcuMDM4NCA1OC45MzUzWiIgZmlsbD0idXJsKCNwYWludDVfbGluZWFyXzk3OV83OTIpIi8+CjxwYXRoIGQ9Ik03NC40MjI5IDc0Ljk4N0w2MC42NzI5IDk1LjYxMkM2MC4wMTk3IDk2LjYwODkgNTguOTU0MSA5Ny4xNTg5IDU3LjgxOTcgOTcuMTU4OUM1Ny40MDcyIDk3LjE1ODkgNTYuOTYwNCA5Ny4wOTAxIDU2LjU0NzkgOTYuOTE4M0wyMi4xNzI5IDgzLjE2ODNDMjEuMTQxNiA4Mi43NTU4IDIwLjM4NTQgODEuODk2NCAyMC4xMTA0IDgwLjg2NTFDMTkuODM1NCA3OS43OTk1IDIwLjA3NiA3OC42NjUxIDIwLjc2MzUgNzcuODQwMUwzNC41MTM1IDYwLjY1MjZDMzUuMzcyOSA1OS41NTI2IDMyLjczOTEgNTcuODQwNCAzNC4wNzk3IDU4LjIxODVMNzIuNTY2NiA2OS43OTY0QzczLjU5NzkgNzAuMTA1OCA3NC40MjI5IDcwLjg5NjQgNzQuODAxIDcxLjkyNzZDNzUuMTc5MSA3Mi45NTg5IDc1LjA0MTYgNzQuMDkzMyA3NC40MjI5IDc0Ljk4N1oiIGZpbGw9IiNGRkRDODMiLz4KPHBhdGggZD0iTTEyMy4wMjkgODAuNjI0MkMxMjIuNzU0IDgxLjY1NTUgMTIxLjk5OCA4Mi41NDkyIDEyMS4wMDEgODIuOTI3NEw4Ni42MjYxIDk2LjkxOEM4Ni4xNzkyIDk3LjA4OTkgODUuNzY2NyA5Ny4xNTg2IDg1LjMxOTkgOTcuMTU4NkM4NC4xODU1IDk3LjE1ODYgODMuMTE5OSA5Ni42MDg2IDgyLjQ2NjcgOTUuNjExN0w2OC43MTY3IDc0Ljk4NjdDNjguMDk4IDc0LjA5MyA2Ny45NjA1IDcyLjk1ODYgNjguMzM4NiA3MS45Mjc0QzY4LjcxNjcgNzAuODk2MSA2OS41NDE3IDcwLjEwNTUgNzAuNTczIDY5Ljc5NjFMMTA4LjQ2OSA1OC40MzMxQzEwOS44MSA1OC4wMjA2IDEwNy43MzIgNTkuNTUyNCAxMDguNjI2IDYwLjYxOEwxMjIuMzc2IDc3LjU5OTJDMTIzLjA2NCA3OC40MjQyIDEyMy4zMDQgNzkuNTU4NiAxMjMuMDI5IDgwLjYyNDJaIiBmaWxsPSIjRkZEQzgzIi8+CjxkZWZzPgo8bGluZWFyR3JhZGllbnQgaWQ9InBhaW50MF9saW5lYXJfOTc5Xzc5MiIgeDE9IjI0IiB5MT0iMy41IiB4Mj0iMTgxIiB5Mj0iMTQ3IiBncmFkaWVudFVuaXRzPSJ1c2VyU3BhY2VPblVzZSI+CjxzdG9wIHN0b3AtY29sb3I9IiM0ODAwMDAiLz4KPHN0b3Agb2Zmc2V0PSIxIiBzdG9wLWNvbG9yPSIjQUUyMzAwIi8+CjwvbGluZWFyR3JhZGllbnQ+CjxsaW5lYXJHcmFkaWVudCBpZD0icGFpbnQxX2xpbmVhcl85NzlfNzkyIiB4MT0iNzQuNSIgeTE9IjE3LjIzNjkiIHgyPSI3NC41IiB5Mj0iNzkuOTEzMyIgZ3JhZGllbnRVbml0cz0idXNlclNwYWNlT25Vc2UiPgo8c3RvcCBzdG9wLWNvbG9yPSIjRkZEMjAwIi8+CjxzdG9wIG9mZnNldD0iMC4wNiIgc3RvcC1jb2xvcj0iI0ZGQjUwMCIvPgo8c3RvcCBvZmZzZXQ9IjAuMTQiIHN0b3AtY29sb3I9IiNGRjhDMDAiLz4KPHN0b3Agb2Zmc2V0PSIwLjIxIiBzdG9wLWNvbG9yPSIjRkY3MzAwIi8+CjxzdG9wIG9mZnNldD0iMC4yNiIgc3RvcC1jb2xvcj0iI0ZGNkEwMCIvPgo8c3RvcCBvZmZzZXQ9IjAuMzMiIHN0b3AtY29sb3I9IiNGQzRGMEUiLz4KPHN0b3Agb2Zmc2V0PSIwLjQzIiBzdG9wLWNvbG9yPSIjRjkyRjFFIi8+CjxzdG9wIG9mZnNldD0iMC41MSIgc3RvcC1jb2xvcj0iI0Y4MUIyNyIvPgo8c3RvcCBvZmZzZXQ9IjAuNTciIHN0b3AtY29sb3I9IiNGNzE0MkIiLz4KPHN0b3Agb2Zmc2V0PSIwLjY4IiBzdG9wLWNvbG9yPSIjREYxNjJFIi8+CjxzdG9wIG9mZnNldD0iMC43OSIgc3RvcC1jb2xvcj0iI0FGMUEzOCIvPgo8c3RvcCBvZmZzZXQ9IjEiIHN0b3AtY29sb3I9IiM0QjIxNEMiLz4KPC9saW5lYXJHcmFkaWVudD4KPGxpbmVhckdyYWRpZW50IGlkPSJwYWludDJfbGluZWFyXzk3OV83OTIiIHgxPSI0OC40OTMiIHkxPSIxNS44OTI4IiB4Mj0iNDguNDkzIiB5Mj0iMTAwLjk1NCIgZ3JhZGllbnRVbml0cz0idXNlclNwYWNlT25Vc2UiPgo8c3RvcCBzdG9wLWNvbG9yPSIjRkZEMjAwIi8+CjxzdG9wIG9mZnNldD0iMC4wNiIgc3RvcC1jb2xvcj0iI0ZGQjUwMCIvPgo8c3RvcCBvZmZzZXQ9IjAuMTQiIHN0b3AtY29sb3I9IiNGRjhDMDAiLz4KPHN0b3Agb2Zmc2V0PSIwLjIxIiBzdG9wLWNvbG9yPSIjRkY3MzAwIi8+CjxzdG9wIG9mZnNldD0iMC4yNiIgc3RvcC1jb2xvcj0iI0ZGNkEwMCIvPgo8c3RvcCBvZmZzZXQ9IjAuMzMiIHN0b3AtY29sb3I9IiNGQzRGMEUiLz4KPHN0b3Agb2Zmc2V0PSIwLjQzIiBzdG9wLWNvbG9yPSIjRjkyRjFFIi8+CjxzdG9wIG9mZnNldD0iMC41MSIgc3RvcC1jb2xvcj0iI0Y4MUIyNyIvPgo8c3RvcCBvZmZzZXQ9IjAuNTciIHN0b3AtY29sb3I9IiNGNzE0MkIiLz4KPHN0b3Agb2Zmc2V0PSIwLjY4IiBzdG9wLWNvbG9yPSIjREYxNjJFIi8+CjxzdG9wIG9mZnNldD0iMC43OSIgc3RvcC1jb2xvcj0iI0FGMUEzOCIvPgo8c3RvcCBvZmZzZXQ9IjEiIHN0b3AtY29sb3I9IiM0QjIxNEMiLz4KPC9saW5lYXJHcmFkaWVudD4KPGxpbmVhckdyYWRpZW50IGlkPSJwYWludDNfbGluZWFyXzk3OV83OTIiIHgxPSIxMDAuMjkiIHkxPSIxNS44OTI2IiB4Mj0iMTAwLjI5IiB5Mj0iMTAwLjk1MyIgZ3JhZGllbnRVbml0cz0idXNlclNwYWNlT25Vc2UiPgo8c3RvcCBzdG9wLWNvbG9yPSIjRkZEMjAwIi8+CjxzdG9wIG9mZnNldD0iMC4wNiIgc3RvcC1jb2xvcj0iI0ZGQjUwMCIvPgo8c3RvcCBvZmZzZXQ9IjAuMTQiIHN0b3AtY29sb3I9IiNGRjhDMDAiLz4KPHN0b3Agb2Zmc2V0PSIwLjIxIiBzdG9wLWNvbG9yPSIjRkY3MzAwIi8+CjxzdG9wIG9mZnNldD0iMC4yNiIgc3RvcC1jb2xvcj0iI0ZGNkEwMCIvPgo8c3RvcCBvZmZzZXQ9IjAuMzMiIHN0b3AtY29sb3I9IiNGQzRGMEUiLz4KPHN0b3Agb2Zmc2V0PSIwLjQzIiBzdG9wLWNvbG9yPSIjRjkyRjFFIi8+CjxzdG9wIG9mZnNldD0iMC41MSIgc3RvcC1jb2xvcj0iI0Y4MUIyNyIvPgo8c3RvcCBvZmZzZXQ9IjAuNTciIHN0b3AtY29sb3I9IiNGNzE0MkIiLz4KPHN0b3Agb2Zmc2V0PSIwLjY4IiBzdG9wLWNvbG9yPSIjREYxNjJFIi8+CjxzdG9wIG9mZnNldD0iMC43OSIgc3RvcC1jb2xvcj0iI0FGMUEzOCIvPgo8c3RvcCBvZmZzZXQ9IjEiIHN0b3AtY29sb3I9IiM0QjIxNEMiLz4KPC9saW5lYXJHcmFkaWVudD4KPGxpbmVhckdyYWRpZW50IGlkPSJwYWludDRfbGluZWFyXzk3OV83OTIiIHgxPSI4OC45MTIyIiB5MT0iMTUuODkyOSIgeDI9Ijg4LjkxMjIiIHkyPSIxMDAuOTU0IiBncmFkaWVudFVuaXRzPSJ1c2VyU3BhY2VPblVzZSI+CjxzdG9wIHN0b3AtY29sb3I9IiNGRkQyMDAiLz4KPHN0b3Agb2Zmc2V0PSIwLjA2IiBzdG9wLWNvbG9yPSIjRkZCNTAwIi8+CjxzdG9wIG9mZnNldD0iMC4xNCIgc3RvcC1jb2xvcj0iI0ZGOEMwMCIvPgo8c3RvcCBvZmZzZXQ9IjAuMjEiIHN0b3AtY29sb3I9IiNGRjczMDAiLz4KPHN0b3Agb2Zmc2V0PSIwLjI2IiBzdG9wLWNvbG9yPSIjRkY2QTAwIi8+CjxzdG9wIG9mZnNldD0iMC4zMyIgc3RvcC1jb2xvcj0iI0ZDNEYwRSIvPgo8c3RvcCBvZmZzZXQ9IjAuNDMiIHN0b3AtY29sb3I9IiNGOTJGMUUiLz4KPHN0b3Agb2Zmc2V0PSIwLjUxIiBzdG9wLWNvbG9yPSIjRjgxQjI3Ii8+CjxzdG9wIG9mZnNldD0iMC41NyIgc3RvcC1jb2xvcj0iI0Y3MTQyQiIvPgo8c3RvcCBvZmZzZXQ9IjAuNjgiIHN0b3AtY29sb3I9IiNERjE2MkUiLz4KPHN0b3Agb2Zmc2V0PSIwLjc5IiBzdG9wLWNvbG9yPSIjQUYxQTM4Ii8+CjxzdG9wIG9mZnNldD0iMSIgc3RvcC1jb2xvcj0iIzRCMjE0QyIvPgo8L2xpbmVhckdyYWRpZW50Pgo8bGluZWFyR3JhZGllbnQgaWQ9InBhaW50NV9saW5lYXJfOTc5Xzc5MiIgeDE9IjU5Ljg1NyIgeTE9IjE1Ljg5MzgiIHgyPSI1OS44NTciIHkyPSIxMDAuOTU1IiBncmFkaWVudFVuaXRzPSJ1c2VyU3BhY2VPblVzZSI+CjxzdG9wIHN0b3AtY29sb3I9IiNGRkQyMDAiLz4KPHN0b3Agb2Zmc2V0PSIwLjA2IiBzdG9wLWNvbG9yPSIjRkZCNTAwIi8+CjxzdG9wIG9mZnNldD0iMC4xNCIgc3RvcC1jb2xvcj0iI0ZGOEMwMCIvPgo8c3RvcCBvZmZzZXQ9IjAuMjEiIHN0b3AtY29sb3I9IiNGRjczMDAiLz4KPHN0b3Agb2Zmc2V0PSIwLjI2IiBzdG9wLWNvbG9yPSIjRkY2QTAwIi8+CjxzdG9wIG9mZnNldD0iMC4zMyIgc3RvcC1jb2xvcj0iI0ZDNEYwRSIvPgo8c3RvcCBvZmZzZXQ9IjAuNDMiIHN0b3AtY29sb3I9IiNGOTJGMUUiLz4KPHN0b3Agb2Zmc2V0PSIwLjUxIiBzdG9wLWNvbG9yPSIjRjgxQjI3Ii8+CjxzdG9wIG9mZnNldD0iMC41NyIgc3RvcC1jb2xvcj0iI0Y3MTQyQiIvPgo8c3RvcCBvZmZzZXQ9IjAuNjgiIHN0b3AtY29sb3I9IiNERjE2MkUiLz4KPHN0b3Agb2Zmc2V0PSIwLjc5IiBzdG9wLWNvbG9yPSIjQUYxQTM4Ii8+CjxzdG9wIG9mZnNldD0iMSIgc3RvcC1jb2xvcj0iIzRCMjE0QyIvPgo8L2xpbmVhckdyYWRpZW50Pgo8L2RlZnM+Cjwvc3ZnPgo= keysOrder: [["apiVersion"], ["appVersion"], ["kind"], ["metadata"], ["metadata", "name"], ["spec", "whitelistHTTP"], ["spec", "whitelist"], ["spec", "machines"]] secrets: - exclude: - - matchLabels: - apps.cozystack.io/tenantresource: "false" - include: [{}] + exclude: [] + include: [] + services: + exclude: [] + include: + - resourceNames: + - bootbox + ingresses: + exclude: [] + include: + - resourceNames: + - bootbox diff --git a/packages/system/cozystack-api/templates/cozystack-resource-definitions/bucket.yaml b/packages/system/cozystack-resource-definitions/cozyrds/bucket.yaml similarity index 93% rename from packages/system/cozystack-api/templates/cozystack-resource-definitions/bucket.yaml rename to packages/system/cozystack-resource-definitions/cozyrds/bucket.yaml index d94e67e1..889a36b5 100644 --- a/packages/system/cozystack-api/templates/cozystack-resource-definitions/bucket.yaml +++ b/packages/system/cozystack-resource-definitions/cozyrds/bucket.yaml @@ -30,7 +30,13 @@ spec: icon: PHN2ZyB3aWR0aD0iMTQ0IiBoZWlnaHQ9IjE0NCIgdmlld0JveD0iMCAwIDE0NCAxNDQiIGZpbGw9Im5vbmUiIHhtbG5zPSJodHRwOi8vd3d3LnczLm9yZy8yMDAwL3N2ZyI+CjxyZWN0IHdpZHRoPSIxNDQiIGhlaWdodD0iMTQ0IiByeD0iMjQiIGZpbGw9InVybCgjcGFpbnQwX2xpbmVhcl82ODNfMzA5MSkiLz4KPHBhdGggZmlsbC1ydWxlPSJldmVub2RkIiBjbGlwLXJ1bGU9ImV2ZW5vZGQiIGQ9Ik03MiAzMC4xNjQxTDExNy45ODMgMzYuNzc4OVY0MC42NzM5QzExNy45ODMgNDYuNDY1MyA5Ny4zODYyIDUxLjEzMzIgNzEuOTgyNyA1MS4xMzMyQzQ2LjU3OTIgNTEuMTMzMiAyNiA0Ni40NjUzIDI2IDQwLjY3MzlWMzYuNDQzMUw3MiAzMC4xNjQxWk03MiA1OC4yNjc4QzkxLjIwODQgNTguMjY3OCAxMDcuNjU4IDU1LjU5ODYgMTE0LjU0NyA1MS44MDQ4TDExNi44MDMgNDguMTExTDExNy43MjMgNDQuNzUzVjQ4LjkxNzFMMTAyLjY3OSAxMTEuMDMzQzEwMi42NzkgMTE0Ljg5NSA4OC45NTMzIDExOCA3Mi4wMTcyIDExOEM1NS4wODEyIDExOCA0MS4zNzQzIDExNC44OTUgNDEuMzc0MyAxMTEuMDMzTDI2LjMzIDQ4LjkxNzFWNDQuODM2OUwyOS44MDA3IDUxLjkzODJDMzYuNzA2NSA1NS42NjUzIDUyLjk5OTcgNTguMjY3OCA3MiA1OC4yNjc4WiIgZmlsbD0iIzhDMzEyMyIvPgo8cGF0aCBmaWxsLXJ1bGU9ImV2ZW5vZGQiIGNsaXAtcnVsZT0iZXZlbm9kZCIgZD0iTTcyLjAwMDMgMjZDOTcuNDAzOCAyNiAxMTggMzAuNjgzOSAxMTggMzYuNDQyQzExOCA0Mi4yIDk3LjM4NjYgNDYuODUwNyA3Mi4wMDAzIDQ2Ljg1MDdDNDYuNjE0MSA0Ni44NTA3IDI2LjAxNzYgNDIuMjM0NSAyNi4wMTc2IDM2LjQ0MkMyNi4wMTc2IDMwLjY0OTQgNDYuNTk2OCAyNiA3Mi4wMDAzIDI2Wk03Mi4wMDAzIDU0LjEwMzdDOTUuNjg1NyA1NC4xMDM3IDExNS4xNzIgNTAuMDU4IDExNy43MDYgNDQuODE5N0wxMDIuNjYyIDEwNi45MzdDMTAyLjY2MiAxMTAuNzk5IDg4LjkzNjQgMTEzLjkwNSA3Mi4wMDAzIDExMy45MDVDNTUuMDY0MyAxMTMuOTA1IDQxLjMzOSAxMTAuODE2IDQxLjMzOSAxMDYuOTU0TDI2LjI5NTkgNDQuODM3QzI4Ljg0NjYgNTAuMDU4IDQ4LjMzMzMgNTQuMTAzNyA3Mi4wMDAzIDU0LjEwMzdaIiBmaWxsPSIjRTA1MjQzIi8+CjxwYXRoIGZpbGwtcnVsZT0iZXZlbm9kZCIgY2xpcC1ydWxlPSJldmVub2RkIiBkPSJNNjEuMTcyNSA2MC4wMjkzSDgxLjA5MjhWNzkuMTY3Nkg2MS4xNzI1VjYwLjAyOTNaTTQ1LjMzMDEgOTUuMzY4OEM0NS4zMzAxIDkwLjE0MiA0OS43MTA0IDg1LjkzNDIgNTUuMTUxMSA4NS45MzQyQzYwLjU5MTcgODUuOTM0MiA2NC45NzIxIDkwLjE0MiA2NC45NzIxIDk1LjM2ODhDNjQuOTcyMSAxMDAuNTk2IDYwLjU5MTcgMTA0LjgwMyA1NS4xNTExIDEwNC44MDNDNDkuNzEwNCAxMDQuODAzIDQ1LjMzMDEgMTAwLjU5NiA0NS4zMzAxIDk1LjM2ODhaTTk2LjQ0ODcgMTA0LjM2OEg3Ni43NzIyTDg2LjYxMDUgODYuNzczN0w5Ni40NDg3IDEwNC4zNjhaIiBmaWxsPSJ3aGl0ZSIvPgo8ZGVmcz4KPGxpbmVhckdyYWRpZW50IGlkPSJwYWludDBfbGluZWFyXzY4M18zMDkxIiB4MT0iMCIgeTE9IjAiIHgyPSIxNTEiIHkyPSIxODAiIGdyYWRpZW50VW5pdHM9InVzZXJTcGFjZU9uVXNlIj4KPHN0b3Agc3RvcC1jb2xvcj0iI0ZGRjBFRSIvPgo8c3RvcCBvZmZzZXQ9IjEiIHN0b3AtY29sb3I9IiNFQzg4N0QiLz4KPC9saW5lYXJHcmFkaWVudD4KPC9kZWZzPgo8L3N2Zz4K keysOrder: [["apiVersion"], ["appVersion"], ["kind"], ["metadata"], ["metadata", "name"]] secrets: - exclude: - - matchLabels: - apps.cozystack.io/tenantresource: "false" - include: [{}] + exclude: [] + include: + - resourceNames: + - bucket-{{ .name }} + - bucket-{{ .name }}-credentials + ingresses: + exclude: [] + include: + - resourceNames: + - bucket-{{ .name }}-ui diff --git a/packages/system/cozystack-api/templates/cozystack-resource-definitions/clickhouse.yaml b/packages/system/cozystack-resource-definitions/cozyrds/clickhouse.yaml similarity index 96% rename from packages/system/cozystack-api/templates/cozystack-resource-definitions/clickhouse.yaml rename to packages/system/cozystack-resource-definitions/cozyrds/clickhouse.yaml index c1a7ec87..49cf575f 100644 --- a/packages/system/cozystack-api/templates/cozystack-resource-definitions/clickhouse.yaml +++ b/packages/system/cozystack-resource-definitions/cozyrds/clickhouse.yaml @@ -28,7 +28,12 @@ spec: icon: PHN2ZyB3aWR0aD0iMTQ0IiBoZWlnaHQ9IjE0NCIgdmlld0JveD0iMCAwIDE0NCAxNDQiIGZpbGw9Im5vbmUiIHhtbG5zPSJodHRwOi8vd3d3LnczLm9yZy8yMDAwL3N2ZyI+CjxyZWN0IHdpZHRoPSIxNDQiIGhlaWdodD0iMTQ0IiByeD0iMjQiIGZpbGw9InVybCgjcGFpbnQwX2xpbmVhcl82ODNfMzIwMikiLz4KPHBhdGggZD0iTTIzIDEwNUgzNFYxMTZIMjNWMTA1WiIgZmlsbD0iI0ZGMDAwMCIvPgo8cGF0aCBkPSJNMjMgMjhIMzRWMTA1SDIzVjI4Wk00NSAyOEg1NS45OTk5VjExNkg0NVYyOFpNNjYuOTk5OSAyOEg3Ny45OTk5VjExNkg2Ni45OTk5VjI4Wk04OC45OTk5IDI4SDk5Ljk5OTlWMTE2SDg4Ljk5OTlWMjhaTTExMSA2My43NDk5SDEyMlY4MC4yNDk5SDExMVY2My43NDk5WiIgZmlsbD0id2hpdGUiLz4KPGRlZnM+CjxsaW5lYXJHcmFkaWVudCBpZD0icGFpbnQwX2xpbmVhcl82ODNfMzIwMiIgeDE9Ii0wLjQ5OTk5OCIgeTE9IjEuNSIgeDI9IjE1My41IiB5Mj0iMTYyIiBncmFkaWVudFVuaXRzPSJ1c2VyU3BhY2VPblVzZSI+CjxzdG9wIHN0b3AtY29sb3I9IiNGRkNDMDAiLz4KPHN0b3Agb2Zmc2V0PSIxIiBzdG9wLWNvbG9yPSIjRkY3QTAwIi8+CjwvbGluZWFyR3JhZGllbnQ+CjwvZGVmcz4KPC9zdmc+Cg== keysOrder: [["apiVersion"], ["appVersion"], ["kind"], ["metadata"], ["metadata", "name"], ["spec", "replicas"], ["spec", "shards"], ["spec", "resources"], ["spec", "resourcesPreset"], ["spec", "size"], ["spec", "storageClass"], ["spec", "logStorageSize"], ["spec", "logTTL"], ["spec", "users"], ["spec", "backup"], ["spec", "backup", "enabled"], ["spec", "backup", "s3Region"], ["spec", "backup", "s3Bucket"], ["spec", "backup", "schedule"], ["spec", "backup", "cleanupStrategy"], ["spec", "backup", "s3AccessKey"], ["spec", "backup", "s3SecretKey"], ["spec", "backup", "resticPassword"], ["spec", "clickhouseKeeper"], ["spec", "clickhouseKeeper", "enabled"], ["spec", "clickhouseKeeper", "size"], ["spec", "clickhouseKeeper", "resourcesPreset"], ["spec", "clickhouseKeeper", "replicas"]] secrets: - exclude: - - matchLabels: - apps.cozystack.io/tenantresource: "false" - include: [{}] + exclude: [] + include: + - resourceNames: + - clickhouse-{{ .name }}-credentials + services: + exclude: [] + include: + - resourceNames: + - chendpoint-clickhouse-{{ .name }} diff --git a/packages/system/cozystack-api/templates/cozystack-resource-definitions/etcd.yaml b/packages/system/cozystack-resource-definitions/cozyrds/etcd.yaml similarity index 82% rename from packages/system/cozystack-api/templates/cozystack-resource-definitions/etcd.yaml rename to packages/system/cozystack-resource-definitions/cozyrds/etcd.yaml index 862a2cf6..eeece147 100644 --- a/packages/system/cozystack-api/templates/cozystack-resource-definitions/etcd.yaml +++ b/packages/system/cozystack-resource-definitions/cozyrds/etcd.yaml @@ -8,7 +8,7 @@ spec: plural: etcds singular: etcd openAPISchema: |- - {"title":"Chart Values","type":"object","properties":{"replicas":{"description":"Number of etcd replicas","type":"integer","default":3},"resources":{"description":"Resource configuration for etcd","type":"object","default":{},"properties":{"cpu":{"description":"The number of CPU cores allocated","default":4,"pattern":"^(\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))))?$","anyOf":[{"type":"integer"},{"type":"string"}],"x-kubernetes-int-or-string":true},"memory":{"description":"The amount of memory allocated","default":"1Gi","pattern":"^(\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))))?$","anyOf":[{"type":"integer"},{"type":"string"}],"x-kubernetes-int-or-string":true}}},"size":{"description":"Persistent Volume size","default":"4Gi","pattern":"^(\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))))?$","anyOf":[{"type":"integer"},{"type":"string"}],"x-kubernetes-int-or-string":true},"storageClass":{"description":"StorageClass used to store the data","type":"string"}}} + {"title":"Chart Values","type":"object","properties":{"replicas":{"description":"Number of etcd replicas","type":"integer","default":3},"resources":{"description":"Resource configuration for etcd","type":"object","default":{},"properties":{"cpu":{"description":"The number of CPU cores allocated","default":"1000m","pattern":"^(\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))))?$","anyOf":[{"type":"integer"},{"type":"string"}],"x-kubernetes-int-or-string":true},"memory":{"description":"The amount of memory allocated","default":"512Mi","pattern":"^(\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))))?$","anyOf":[{"type":"integer"},{"type":"string"}],"x-kubernetes-int-or-string":true}}},"size":{"description":"Persistent Volume size","default":"4Gi","pattern":"^(\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))))?$","anyOf":[{"type":"integer"},{"type":"string"}],"x-kubernetes-int-or-string":true},"storageClass":{"description":"StorageClass used to store the data","type":"string"}}} release: prefix: "" labels: @@ -30,7 +30,10 @@ spec: icon: PHN2ZyB3aWR0aD0iMTQ0IiBoZWlnaHQ9IjE0NCIgdmlld0JveD0iMCAwIDE0NCAxNDQiIGZpbGw9Im5vbmUiIHhtbG5zPSJodHRwOi8vd3d3LnczLm9yZy8yMDAwL3N2ZyI+CjxyZWN0IHg9Ii0wLjAwMTk1MzEyIiB3aWR0aD0iMTQ0IiBoZWlnaHQ9IjE0NCIgcng9IjI0IiBmaWxsPSJ1cmwoI3BhaW50MF9saW5lYXJfNjgzXzI5NjMpIi8+CjxwYXRoIGQ9Ik0xMjIuNDQyIDczLjQ3MjlDMTIxLjk1OSA3My41MTM0IDEyMS40NzQgNzMuNTMyMiAxMjAuOTU4IDczLjUzMjJDMTE3Ljk2NSA3My41MzIyIDExNS4wNjEgNzIuODMwNCAxMTIuNDQyIDcxLjU0NTFDMTEzLjMxNCA2Ni41NDIxIDExMy42ODUgNjEuNTAxOSAxMTMuNTg4IDU2LjQ4MDJDMTEwLjc0OCA1Mi4zNzIzIDEwNy41MDIgNDguNDk2NSAxMDMuODM4IDQ0LjkyNTdDMTA1LjQyOCA0MS45NDU0IDEwNy43NzggMzkuMzgxMSAxMTAuNzExIDM3LjU2MjhMMTExLjk3MSAzNi43ODQyTDExMC45ODkgMzUuNjc3NEMxMDUuOTMyIDI5Ljk4MzIgOTkuODk3MSAyNS41ODA5IDkzLjA1NDcgMjIuNTkzN0w5MS42OTAyIDIyTDkxLjM0MzcgMjMuNDQyM0M5MC41Mjc3IDI2LjgwMzYgODguODIyMiAyOS44MzYgODYuNDgwNyAzMi4yNjk1QzgxLjk4MDMgMjkuODc3NCA3Ny4yNzg4IDI3Ljk0NCA3Mi40MzA1IDI2LjQ3OTdDNjcuNTkzNyAyNy45NDA4IDYyLjkwMDUgMjkuODY4NiA1OC40MDIgMzIuMjU3MUM1Ni4wNzAxIDI5LjgyNjggNTQuMzY4OCAyNi44MDE4IDUzLjU1NiAyMy40NTAxTDUzLjIwNzIgMjIuMDA4M0w1MS44NDc3IDIyLjU5OTJDNDUuMDkxNCAyNS41NDMxIDM4Ljg5MDEgMzAuMDY0NyAzMy45MTYyIDM1LjY3NDJMMzIuOTMxOCAzNi43ODMzTDM0LjE5IDM3LjU2MTlDMzcuMTE0MiAzOS4zNzMzIDM5LjQ1NzYgNDEuOTIyNCA0MS4wNDQ0IDQ0Ljg4NjZDMzcuMzkxNyA0OC40NDM1IDM0LjE0OTUgNTIuMzA3IDMxLjMxMTkgNTYuMzk1OUMzMS4yMDE0IDYxLjQxNTQgMzEuNTUzNSA2Ni40OTI0IDMyLjQyOTcgNzEuNTY0NEMyOS44MjMxIDcyLjgzNzggMjYuOTM1OCA3My41MzE4IDIzLjk2MjggNzMuNTMxOEMyMy40NDA5IDczLjUzMTggMjIuOTUyNyA3My41MTI5IDIyLjQ3ODIgNzMuNDczM0wyMSA3My4zNjA2TDIxLjEzODUgNzQuODM2NUMyMS44NjI5IDgyLjMwMzMgMjQuMTgxNCA4OS40MDUzIDI4LjAzMzQgOTUuOTQ3MUwyOC43ODUzIDk3LjIyMzdMMjkuOTE0MiA5Ni4yNjU2QzMyLjUzMDUgOTQuMDQ2NSAzNS42OTE3IDkyLjU3NyAzOS4wNTMgOTEuOTg0N0M0MS4yNjg5IDk2LjUxNTUgNDMuODk1MyAxMDAuNzcyIDQ2Ljg3NDcgMTA0LjcyNUM1MS42Mjg3IDEwNi4zODcgNTYuNTgxOSAxMDcuNjI5IDYxLjY5NzEgMTA4LjM2N0M2Mi4xODc3IDExMS43NSA2MS43OTcgMTE1LjI0OSA2MC40NjI0IDExOC40ODRMNTkuODk5NSAxMTkuODU1TDYxLjM0NjkgMTIwLjE3NEM2NS4wNTI5IDEyMC45ODkgNjguNzkxNyAxMjEuNDA0IDcyLjQ1MjYgMTIxLjQwNEw4My41NTUxIDEyMC4xNzRMODUuMDAzOSAxMTkuODU1TDg0LjQzOTcgMTE4LjQ4MkM4My4xMDg3IDExNS4yNDYgODIuNzE4IDExMS43NDMgODMuMjA4NiAxMDguMzZDODguMzAzNiAxMDcuNjIxIDkzLjIzODQgMTA2LjM4MiA5Ny45NzQ4IDEwNC43MjVDMTAwLjk1NyAxMDAuNzY5IDEwMy41ODYgOTYuNTA5NSAxMDUuODA1IDkxLjk3MjhDMTA5LjE3NyA5Mi41NjE0IDExMi4zNTYgOTQuMDMxNyAxMTQuOTg5IDk2LjI1NzNMMTE2LjExOCA5Ny4yMTQxTDExNi44NjYgOTUuOTQwN0MxMjAuNzI1IDg5LjM5MDUgMTIzLjA0MyA4Mi4yODkxIDEyMy43NTYgNzQuODM0MkwxMjMuODk1IDczLjM2MUwxMjIuNDQyIDczLjQ3MjlaTTg4LjMxOTcgOTEuNTE4MUM4My4wNjczIDkyLjk0NjYgNzcuNzMzIDkzLjY2NzcgNzIuNDMwNSA5My42Njc3QzY3LjExMzcgOTMuNjY3NyA2MS43ODU5IDkyLjk0NyA1Ni41MjkgOTEuNTE4MUM1My42NDQ4IDg3LjAzNjYgNTEuMzY0NSA4Mi4yMzU3IDQ5LjcyMzQgNzcuMTgxMkM0OC4wODkyIDcyLjE1MDIgNDcuMTMyOSA2Ni44Nzk1IDQ2Ljg1NTQgNjEuNDUyMkM1MC4yNTA0IDU3LjI1NDcgNTQuMTExIDUzLjU3NzYgNTguMzc2NyA1MC40ODIzQzYyLjcxMTQgNDcuMzI5NCA2Ny40MjcxIDQ0Ljc2NzkgNzIuNDMwNSA0Mi44NDFDNzcuNDI1NiA0NC43NjgzIDgyLjEzMjYgNDcuMzI2MiA4Ni40NTcyIDUwLjQ2NTdDOTAuNzM5NCA1My41Nzc2IDk0LjYxNzEgNTcuMjgzMiA5OC4wMjg3IDYxLjUwN0M5Ny43Mzc4IDY2LjkwMzQgOTYuNzcgNzIuMTQzOCA5NS4xMzMgNzcuMTY2NUM5My40OTYxIDgyLjIyIDkxLjIwODQgODcuMDM2MSA4OC4zMTk3IDkxLjUxODFaTTc2Ljc2ODQgNjYuMTk3NEM3Ni43Njg0IDY5LjkwODEgNzkuNzc1NCA3Mi45MDk2IDgzLjQ4MSA3Mi45MDk2Qzg3LjE4NTcgNzIuOTA5NiA5MC4xODk1IDY5LjkwODYgOTAuMTg5NSA2Ni4xOTc0QzkwLjE4OTUgNjIuNTAxIDg3LjE4NTcgNTkuNDg4MSA4My40ODEgNTkuNDg4MUM3OS43NzU0IDU5LjQ4ODEgNzYuNzY4NCA2Mi41MDEgNzYuNzY4NCA2Ni4xOTc0Wk02OC4wOTU0IDY2LjE5NzRDNjguMDk1NCA2OS45MDgxIDY1LjA4ODggNzIuOTA5NiA2MS4zODMyIDcyLjkwOTZDNTcuNjc0OSA3Mi45MDk2IDU0LjY3NjYgNjkuOTA4NiA1NC42NzY2IDY2LjE5NzRDNTQuNjc2NiA2Mi41MDI0IDU3LjY3NTMgNTkuNDg5NCA2MS4zODMyIDU5LjQ4OTRDNjUuMDg4OCA1OS40ODk0IDY4LjA5NTQgNjIuNTAyNCA2OC4wOTU0IDY2LjE5NzRaIiBmaWxsPSJ3aGl0ZSIvPgo8ZGVmcz4KPGxpbmVhckdyYWRpZW50IGlkPSJwYWludDBfbGluZWFyXzY4M18yOTYzIiB4MT0iNS41IiB5MT0iMTEiIHgyPSIxNDEiIHkyPSIxMjQuNSIgZ3JhZGllbnRVbml0cz0idXNlclNwYWNlT25Vc2UiPgo8c3RvcCBzdG9wLWNvbG9yPSIjNTNCMkYwIi8+CjxzdG9wIG9mZnNldD0iMSIgc3RvcC1jb2xvcj0iIzQxOUVEQSIvPgo8L2xpbmVhckdyYWRpZW50Pgo8L2RlZnM+Cjwvc3ZnPgo= keysOrder: [["apiVersion"], ["appVersion"], ["kind"], ["metadata"], ["metadata", "name"], ["spec", "size"], ["spec", "storageClass"], ["spec", "replicas"], ["spec", "resources"], ["spec", "resources", "cpu"], ["spec", "resources", "memory"]] secrets: - exclude: - - matchLabels: - apps.cozystack.io/tenantresource: "false" - include: [{}] + exclude: [] + include: [] + services: + exclude: [] + include: + - resourceNames: + - etcd diff --git a/packages/system/cozystack-api/templates/cozystack-resource-definitions/ferretdb.yaml b/packages/system/cozystack-resource-definitions/cozyrds/ferretdb.yaml similarity index 98% rename from packages/system/cozystack-api/templates/cozystack-resource-definitions/ferretdb.yaml rename to packages/system/cozystack-resource-definitions/cozyrds/ferretdb.yaml index e754aa28..853d5d22 100644 --- a/packages/system/cozystack-api/templates/cozystack-resource-definitions/ferretdb.yaml +++ b/packages/system/cozystack-resource-definitions/cozyrds/ferretdb.yaml @@ -29,7 +29,12 @@ spec: icon: PHN2ZyB3aWR0aD0iMTQ0IiBoZWlnaHQ9IjE0NCIgdmlld0JveD0iMCAwIDE0NCAxNDQiIGZpbGw9Im5vbmUiIHhtbG5zPSJodHRwOi8vd3d3LnczLm9yZy8yMDAwL3N2ZyI+CjxyZWN0IHg9Ii0wLjAwMTk1MzEyIiB3aWR0aD0iMTQ0IiBoZWlnaHQ9IjE0NCIgcng9IjI0IiBmaWxsPSJ1cmwoI3BhaW50MF9saW5lYXJfNjgzXzI5NTIpIi8+CjxwYXRoIGQ9Ik02OS41OTIzIDIyLjEzMUM1OC4yNjYyIDIzLjY3ODcgNDYuOTAzNyAzMC44NzE0IDQwLjMzMDIgNDAuNjY3OUMzOS4yNzQgNDIuMjUyMSAzNy40NTMxIDQ1LjU0OCAzNy40NTMxIDQ1Ljg3NTdDMzcuNDUzMSA0NS45MTIyIDM4LjMyNzIgNDUuMzg0MSAzOS4zODMzIDQ0LjY5MjFDNTIuMzg0NyAzNi4xMTU2IDY3Ljg5ODkgMzQuNTMxNCA4MC41MTc4IDQwLjQ4NThDODMuMjY3NCA0MS43Nzg3IDg0Ljk5NzMgNDMuMDM1MSA4Ny40NTU1IDQ1LjQ5MzNDOTEuNTg5IDQ5LjY0NSA5NC42MTE3IDU1LjE5ODggOTYuNzA1OCA2Mi41MDA3Qzk3Ljc5ODMgNjYuMjUxOCA5OC43MDg4IDcxLjM2ODYgOTguOTQ1NSA3NC44NDY1Qzk5LjAwMDEgNzUuNzkzNCA5OS4xNDU4IDc2LjYzMSA5OS4yMzY5IDc2LjY4NTZDOTkuNzQ2NyA3Ni45OTUyIDEwMi4wNDEgNzMuNjYyOSAxMDMuNjYyIDcwLjI3NkMxMDYuMjI5IDY0Ljg4NjEgMTA3LjQzMSA1OS41ODcyIDEwNy40MTMgNTMuNzA1N0MxMDcuMzk1IDQ1LjM4NDEgMTA0LjUxOCAzOC4zOTE3IDk4LjcyNyAzMi41NjQ4QzkzLjU5MiAyNy4zOTM0IDg3LjEwOTUgMjMuODQyNiA4MC4zMTc1IDIyLjQ1ODdDNzguNzMzMyAyMi4xNDkyIDc3LjU2NzkgMjIuMDU4MSA3NC41OTk5IDIyLjAwMzVDNzIuNTQyMiAyMS45ODUzIDcwLjMwMjUgMjIuMDM5OSA2OS41OTIzIDIyLjEzMVoiIGZpbGw9IndoaXRlIi8+CjxwYXRoIGQ9Ik00NS41MiA0Ni40NDAyQzQ0LjMzNjQgNDcuMDIyOSA0Mi4zNTE2IDQ4Ljg0MzggNDAuNjAzNSA1MC45Mzc5QzM5LjgyMDUgNTEuODY2NiAzOC42MzY5IDUzLjAxMzcgMzcuNzYyOSA1My42NjkzQzM1LjcyMzQgNTUuMTk4OSAzMi4yNDU1IDU4LjYwNCAzMC40NzkyIDYwLjgwNzNDMjEuMjY1NCA3Mi4yMjQ0IDE4LjY5NzkgODUuMjQ0IDIzLjA4NjMgOTguMzE4MkMyNi42OTE3IDEwOS4wMjUgMzUuMDMxNSAxMTYuMTI3IDQ3Ljg1MDggMTE5LjM1QzUyLjg0MDEgMTIwLjYyNCA2MC4zMjQgMTIxLjMzNSA2My40NTYgMTIwLjg0M0w2NC4yNTcyIDEyMC43MTVMNjMuMDE5IDExOS45ODdDNTYuMTkwNiAxMTYuMDE4IDUxLjQxOTggMTA5LjMxNyA1MC4wOTA1IDEwMS44NjlDNDkuNjg5OSA5OS42MTEgNDkuNjcxNyA5NS42MDUgNTAuMDcyMyA5My40MDE3QzUwLjk2NDUgODguNDQ4OCA1My40NTkyIDgzLjg5NjUgNTYuODQ2MSA4MS4wNTU5QzU4LjQzMDMgNzkuNzI2NiA2MS4xOTgxIDc4LjM2MDkgNjMuNDAxNCA3Ny44MzI5QzY2LjcxNTUgNzcuMDMxNyA2OC43MzY3IDc2LjEyMTIgNzAuODMwNyA3NC40NjQyQzcyLjE3ODIgNzMuNDA4IDczLjM2MTggNzEuODA1NiA3NC4zNDUxIDY5LjcyOThDNzUuMTgyNyA2Ny45NjM1IDc2Ljk2NzIgNjIuMzU1MSA3Ni45NjcyIDYxLjQ2MjhDNzYuOTY3MiA2MC44NDM3IDc2LjMyOTkgNjAuMDA2MSA3NS40MTk1IDU5LjQ0MTZDNzQuOTQ2IDU5LjE1MDIgNzQuMTk5NCA1OC45ODY0IDcyLjI4NzUgNTguNzg2MUM2NC4wNTY5IDU3LjkzMDIgNTkuOTU5OSA1Ni40MzcxIDU1LjAwNyA1Mi41MjIxQzU0LjI5NjggNTEuOTU3NiA1My40NDEgNTEuMzIwMyA1My4wOTUgNTEuMTAxOEM1Mi43NDkgNTAuOTAxNSA1Mi4wNTcxIDUwLjEzNjcgNTEuNTgzNiA0OS40MjY1QzUwLjE0NTEgNDcuMzMyNSA0OC4zNjA2IDQ1Ljk4NSA0Ni45OTQ5IDQ1Ljk2NjhDNDYuNzAzNiA0NS45NjY4IDQ2LjAyOTggNDYuMTg1MyA0NS41MiA0Ni40NDAyWk01NC40NjA3IDU0Ljg3MTFDNTUuMDc5OCA1NS4xODA2IDU1Ljc1MzUgNTUuNTgxMiA1NS45NzIgNTUuNzQ1MUw1Ni4zNzI3IDU2LjA3MjlMNTUuNzM1MyA1OC42MjIyQzU1LjE4OTEgNjAuODQzNyA1NS4wOTggNjEuNDA4MiA1NS4xNTI2IDYyLjk5MjRDNTUuMjA3MyA2NC41NTg0IDU1LjI2MTkgNjQuOTA0MyA1NS42MjYxIDY1LjQxNDJDNTYuMjI3IDY2LjIzMzYgNTcuMjY0OSA2Ni43MjUzIDU4LjQzMDMgNjYuNzI1M0M2MC4wODczIDY2LjcyNTMgNjEuMzgwMiA2NS43Nzg0IDYzLjUyODkgNjIuOTU2QzY0LjE0OCA2Mi4xNTQ4IDY0LjYzOTYgNjEuNzE3NyA2NS4zNjggNjEuMzcxOEM2Ni40OTcgNjAuODA3MyA2Ny4yOTgyIDYwLjc1MjcgNjkuODExIDYwLjk3MTJMNzEuNDg2MyA2MS4xMzVWNjIuMTE4M0M3MS40ODYzIDYzLjY2NjEgNzIuMzA1NyA2NC41NTg0IDczLjk4MDkgNjQuODEzM0w3NC43ODIxIDY0LjkyMjZMNzQuNDkwOCA2NS41OTYzQzczLjIxNjEgNjguNjczNiA2OS45Mzg1IDcyLjE1MTYgNjYuODYxMSA3My42OTk0QzY2LjM2OTUgNzMuOTM2MSA2NS4yNTg3IDc0LjM3MzEgNjQuNDAyOSA3NC42NjQ1QzYzLjAwMDggNzUuMTE5NyA2Mi42MTg0IDc1LjE3NDMgNjAuMjE0OCA3NS4xNzQzQzU3LjgyOTQgNzUuMTc0MyA1Ny40Mjg4IDc1LjExOTcgNTYuMTE3NyA3NC42ODI3QzUyLjE2NjMgNzMuMzcxNiA0OS4yMzQ3IDcwLjQ1ODEgNDcuOTA1NCA2Ni41NDMyQzQ3LjQzMTkgNjUuMTU5MyA0Ny40MTM3IDYxLjEzNSA0Ny44ODcyIDU5LjQ1OThDNDguNTI0NSA1Ny4xNDcyIDQ5LjY1MzUgNTUuMjM1MyA1MC44MzcxIDU0LjQ4ODdDNTEuNjAxOCA1My45OTcgNTMuMDIyMiA1NC4xNjA5IDU0LjQ2MDcgNTQuODcxMVoiIGZpbGw9IndoaXRlIi8+CjxwYXRoIGQ9Ik0xMTMuMDIyIDYxLjczNjFDMTEzLjAyMiA2Mi41NTU1IDExMi4xMTEgNjYuMzQzMSAxMTEuMzQ3IDY4LjcxMDJDMTA4LjQ3IDc3LjU3ODEgMTAzLjI2MiA4NS41MzU1IDk2LjQ2OTcgOTEuMzQ0M0M5MS42OTg5IDk1LjQ0MTMgODguMzExOSA5Ny4yNDQgODIuOTQwMiA5OC41NzMzQzc5LjQ4MDUgOTkuNDI5MSA3Ny4yMjI2IDk5LjcwMjMgNzIuODM0MSA5OS44MTE1QzY3LjM1MzIgOTkuOTU3MiA2MS45NDUxIDk5LjQ2NTUgNTcuMTAxNCA5OC40MDk0QzU2LjE3MjcgOTguMjA5MSA1NS4zODk4IDk4LjA4MTYgNTUuMzM1MSA5OC4xMzYzQzU1LjExNjYgOTguMzM2NiA1NS45NTQyIDEwMS4xMjMgNTYuNjgyNiAxMDIuNTk4QzU4LjAxMTkgMTA1LjMyOSA1OS41MjMyIDEwNy4zNjggNjIuMjE4MiAxMTAuMDYzQzY1LjA1ODggMTEyLjkwNCA2Ny4xNzExIDExNC40NyA3MC40NDg3IDExNi4xNjNDNzguNTcgMTIwLjM1MSA4Ny44OTMxIDEyMC45MTYgOTcuNDUzIDExNy43NjZDMTA3LjU0MSAxMTQuNDcgMTE0Ljk1MiAxMDguNTE2IDExOC45NCAxMDAuNTAzQzEyMS41OTggOTUuMTg2NCAxMjIuNjkxIDg5LjUwNTEgMTIyLjI5IDgzLjAyMjdDMTIxLjc5OSA3NS4wMjg4IDExOC44NDkgNjcuMTk4OSAxMTQuNTcgNjIuNTczOEMxMTMuODk2IDYxLjg0NTQgMTEzLjI3NyA2MS4yNjI3IDExMy4xODYgNjEuMjYyN0MxMTMuMDk1IDYxLjI2MjcgMTEzLjAyMiA2MS40ODEyIDExMy4wMjIgNjEuNzM2MVoiIGZpbGw9IndoaXRlIi8+CjxkZWZzPgo8bGluZWFyR3JhZGllbnQgaWQ9InBhaW50MF9saW5lYXJfNjgzXzI5NTIiIHgxPSI1LjUiIHkxPSIxMSIgeDI9IjE0MSIgeTI9IjEyNC41IiBncmFkaWVudFVuaXRzPSJ1c2VyU3BhY2VPblVzZSI+CjxzdG9wIHN0b3AtY29sb3I9IiM0NUFEQzYiLz4KPHN0b3Agb2Zmc2V0PSIxIiBzdG9wLWNvbG9yPSIjMjE2Nzc4Ii8+CjwvbGluZWFyR3JhZGllbnQ+CjwvZGVmcz4KPC9zdmc+Cg== keysOrder: [["apiVersion"], ["appVersion"], ["kind"], ["metadata"], ["metadata", "name"], ["spec", "replicas"], ["spec", "resources"], ["spec", "resourcesPreset"], ["spec", "size"], ["spec", "storageClass"], ["spec", "external"], ["spec", "quorum"], ["spec", "quorum", "minSyncReplicas"], ["spec", "quorum", "maxSyncReplicas"], ["spec", "users"], ["spec", "backup"], ["spec", "backup", "enabled"], ["spec", "backup", "schedule"], ["spec", "backup", "retentionPolicy"], ["spec", "backup", "endpointURL"], ["spec", "backup", "destinationPath"], ["spec", "backup", "s3AccessKey"], ["spec", "backup", "s3SecretKey"], ["spec", "bootstrap"], ["spec", "bootstrap", "enabled"], ["spec", "bootstrap", "recoveryTime"], ["spec", "bootstrap", "oldName"]] secrets: - exclude: - - matchLabels: - apps.cozystack.io/tenantresource: "false" - include: [{}] + exclude: [] + include: + - resourceNames: + - ferretdb-{{ .name }}-credentials + services: + exclude: [] + include: + - resourceNames: + - ferretdb-{{ .name }} diff --git a/packages/system/cozystack-resource-definitions/cozyrds/foundationdb.yaml b/packages/system/cozystack-resource-definitions/cozyrds/foundationdb.yaml new file mode 100644 index 00000000..e7759380 --- /dev/null +++ b/packages/system/cozystack-resource-definitions/cozyrds/foundationdb.yaml @@ -0,0 +1,30 @@ +apiVersion: cozystack.io/v1alpha1 +kind: CozystackResourceDefinition +metadata: + name: foundationdb +spec: + application: + kind: FoundationDB + singular: foundationdb + plural: foundationdbs + openAPISchema: |- + {"title":"Chart Values","type":"object","properties":{"automaticReplacements":{"description":"Enable automatic pod replacements","type":"boolean","default":true},"backup":{"description":"Backup configuration","type":"object","default":{"enabled":false,"retentionPolicy":"7d","s3":{"bucket":"","credentials":{"accessKeyId":"","secretAccessKey":""},"endpoint":"","region":"us-east-1"}},"required":["enabled","retentionPolicy","s3"],"properties":{"enabled":{"description":"Enable backups","type":"boolean","default":false},"retentionPolicy":{"description":"Retention policy for backups","type":"string","default":"7d"},"s3":{"description":"S3 configuration for backups","type":"object","default":{"bucket":"","credentials":{"accessKeyId":"","secretAccessKey":""},"endpoint":"","region":"us-east-1"},"required":["bucket","credentials","endpoint","region"],"properties":{"bucket":{"description":"S3 bucket name","type":"string"},"credentials":{"description":"S3 credentials","type":"object","default":{"accessKeyId":"","secretAccessKey":""},"required":["accessKeyId","secretAccessKey"],"properties":{"accessKeyId":{"description":"S3 access key ID","type":"string"},"secretAccessKey":{"description":"S3 secret access key","type":"string"}}},"endpoint":{"description":"S3 endpoint URL","type":"string"},"region":{"description":"S3 region","type":"string","default":"us-east-1"}}}}},"cluster":{"description":"Cluster configuration","type":"object","default":{"faultDomain":{"key":"kubernetes.io/hostname","valueFrom":"spec.nodeName"},"processCounts":{"cluster_controller":1,"stateless":-1,"storage":3},"redundancyMode":"double","storageEngine":"ssd-2","version":"7.3.63"},"required":["faultDomain","processCounts","redundancyMode","storageEngine","version"],"properties":{"faultDomain":{"description":"Fault domain configuration","type":"object","default":{"key":"kubernetes.io/hostname","valueFrom":"spec.nodeName"},"required":["key","valueFrom"],"properties":{"key":{"description":"Fault domain key","type":"string","default":"kubernetes.io/hostname"},"valueFrom":{"description":"Fault domain value source","type":"string","default":"spec.nodeName"}}},"processCounts":{"description":"Process counts for different roles","type":"object","default":{"cluster_controller":1,"stateless":-1,"storage":3},"required":["cluster_controller","stateless","storage"],"properties":{"cluster_controller":{"description":"Number of cluster controller processes","type":"integer","default":1},"stateless":{"description":"Number of stateless processes (-1 for automatic)","type":"integer","default":-1},"storage":{"description":"Number of storage processes (determines cluster size)","type":"integer","default":3}}},"redundancyMode":{"description":"Database redundancy mode (single, double, triple, three_datacenter, three_datacenter_fallback)","type":"string","default":"double"},"storageEngine":{"description":"Storage engine (ssd-2, ssd-redwood-v1, ssd-rocksdb-v1, memory)","type":"string","default":"ssd-2"},"version":{"description":"Version of FoundationDB to use","type":"string","default":"7.3.63"}}},"customParameters":{"description":"Custom parameters to pass to FoundationDB","type":"array","default":[],"items":{"type":"string"}},"imageType":{"description":"Container image deployment type","type":"string","default":"unified","enum":["unified","split"]},"monitoring":{"description":"Monitoring configuration","type":"object","default":{"enabled":true},"required":["enabled"],"properties":{"enabled":{"description":"Enable WorkloadMonitor integration","type":"boolean","default":true}}},"resources":{"description":"Explicit CPU and memory configuration for each FoundationDB instance. When left empty, the preset defined in `resourcesPreset` is applied.","type":"object","default":{},"properties":{"cpu":{"description":"CPU available to each instance","pattern":"^(\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))))?$","anyOf":[{"type":"integer"},{"type":"string"}],"x-kubernetes-int-or-string":true},"memory":{"description":"Memory (RAM) available to each instance","pattern":"^(\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))))?$","anyOf":[{"type":"integer"},{"type":"string"}],"x-kubernetes-int-or-string":true}}},"resourcesPreset":{"description":"Default sizing preset used when `resources` is omitted. Allowed values: `small`, `medium`, `large`, `xlarge`, `2xlarge`.","type":"string","default":"medium","enum":["small","medium","large","xlarge","2xlarge"]},"securityContext":{"description":"Security context for containers","type":"object","default":{"runAsGroup":4059,"runAsUser":4059},"required":["runAsGroup","runAsUser"],"properties":{"runAsGroup":{"description":"Group ID to run the container","type":"integer","default":4059},"runAsUser":{"description":"User ID to run the container","type":"integer","default":4059}}},"storage":{"description":"Storage configuration","type":"object","default":{"size":"16Gi","storageClass":""},"required":["size","storageClass"],"properties":{"size":{"description":"Size of persistent volumes for each instance","default":"16Gi","pattern":"^(\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))))?$","anyOf":[{"type":"integer"},{"type":"string"}],"x-kubernetes-int-or-string":true},"storageClass":{"description":"Storage class (if not set, uses cluster default)","type":"string"}}}}} + release: + prefix: foundationdb- + labels: + cozystack.io/ui: "true" + chart: + name: foundationdb + sourceRef: + kind: HelmRepository + name: cozystack-apps + namespace: cozy-public + dashboard: + category: PaaS + singular: FoundationDB + plural: FoundationDB + description: Managed FoundationDB service + tags: + - database + icon: PHN2ZyB3aWR0aD0iMTQ0IiBoZWlnaHQ9IjE0NCIgdmlld0JveD0iMCAwIDE0NCAxNDQiIGZpbGw9Im5vbmUiIHhtbG5zPSJodHRwOi8vd3d3LnczLm9yZy8yMDAwL3N2ZyI+CjxyZWN0IHdpZHRoPSIxNDQiIGhlaWdodD0iMTQ0IiByeD0iMjQiIGZpbGw9InVybCgjcGFpbnQwX3JhZGlhbF84NThfMzA3MikiLz4KPHBhdGggZD0iTTEzNS43ODQgNzUuNjQ0NkwxMzUuOTM5IDg3Ljc2MzhMODkuNjg0NiA4MS41MzYyTDYyLjA4NjggODQuNTA3OUwzNS4zNDE3IDgxLjQzMjlMOC43NTE2NyA4NC41ODU0TDguNzI1ODMgODEuNTEwNEwzNS4zNjc2IDc3LjU4MjZWNjQuMTcxM0w2Mi4yOTM1IDcwLjczNDhMNjIuMzQ1MiA4MS4yNzc4TDg5LjQ3NzkgNzcuNjg2TDg5LjQwMDQgNjQuMTk3MkwxMzUuNzg0IDc1LjY0NDZaIiBmaWxsPSJ3aGl0ZSIvPgo8cGF0aCBkPSJNODkuNDc3OCA4Ni4wMzI1TDEzNS44ODggOTAuODM4OFYxMDIuNzI2SDguNjQ4MjVMOC41MTkwNCA5OS41NzNIMzUuMjY0MUMzNS4yNjQxIDk5LjU3MyAzNS4yNjQxIDkwLjczNTUgMzUuMjY0MSA4Ni4wNTgzQzQ0LjI1NjcgODYuOTM2OSA2Mi4wODY3IDg4LjY5NDEgNjIuMDg2NyA4OC42OTQxVjk5LjI2MjlIODkuNDc3OFY4Ni4wMzI1WiIgZmlsbD0id2hpdGUiLz4KPHBhdGggZD0iTTYyLjI5MzQgNjYuODg0Nkw2Mi4yMTU4IDYzLjYyODZDNjIuMjE1OCA2My42Mjg2IDc5LjgxMzMgNTguMzU3MSA4OC45MDkyIDU1LjY2OTdDODguOTA5MiA1MS4zMDI2IDg4LjkwOTIgNDcuMDkwNiA4OC45MDkyIDQyQzEwNC44NzkgNDguNDA4NSAxMjAuMjI4IDU0LjYxMDIgMTM1LjczMyA2MC44Mzc4QzEzNS43MzMgNjQuNzEzOSAxMzUuNzMzIDY4LjQzNSAxMzUuNzMzIDcyLjU2OTVDMTE5Ljg0MSA2OC4yMDI0IDEwNC4yODQgNjMuOTEyOSA4OS4xNjc2IDU5Ljc1MjVDNzkuOTY4NCA2Mi4yMDc0IDYyLjI5MzQgNjYuODg0NiA2Mi4yOTM0IDY2Ljg4NDZaIiBmaWxsPSJ3aGl0ZSIvPgo8cGF0aCBkPSJNMzUuMzk2MiA4MS43MDczTDguODA2MTIgODQuODU5OEw4Ljc4MDI3IDgxLjc4NDhMMzUuNDIyIDc3Ljg1N1Y2NC40NDU3TDYyLjM0OCA3MS4wMDkzTDYyLjM5OTYgODEuNTUyMkw4OS41MzIzIDc3Ljk2MDRMODkuNDU0OCA2NC40NzE2TDEzNS44MzkgNzUuOTE5TDEzNS45OTQgODguMDM4Mkw4OS43MzkxIDgxLjgxMDZMNjIuMTQxMiA4NC43ODIzTDM1LjM5NjIgODEuNzA3M1oiIGZpbGw9IndoaXRlIi8+CjxwYXRoIGQ9Ik04OS41MzIzIDg2LjMwNjlMMTM1Ljk0MiA5MS4xMTMzVjEwM0g4LjcwMjdMOC41NzM0OSA5OS44NDc0SDM1LjMxODZDMzUuMzE4NiA5OS44NDc0IDM1LjMxODYgOTEuMDA5OSAzNS4zMTg2IDg2LjMzMjhDNDQuMzExMSA4Ny4yMTE0IDYyLjE0MTIgODguOTY4NSA2Mi4xNDEyIDg4Ljk2ODVWOTkuNTM3M0g4OS41MzIzVjg2LjMwNjlaIiBmaWxsPSJ3aGl0ZSIvPgo8cGF0aCBkPSJNNjIuMzQ4MyA2Ny4xNTlMNjIuMjcwOCA2My45MDMxQzYyLjI3MDggNjMuOTAzMSA3OS44NjgyIDU4LjYzMTYgODguOTY0MiA1NS45NDQyQzg4Ljk2NDIgNTEuNTc3MSA4OC45NjQyIDQ3LjM2NTEgODguOTY0MiA0Mi4yNzQ0QzEwNC45MzQgNDguNjgyOSAxMjAuMjgzIDU0Ljg4NDcgMTM1Ljc4NyA2MS4xMTIzQzEzNS43ODcgNjQuOTg4NCAxMzUuNzg3IDY4LjcwOTQgMTM1Ljc4NyA3Mi44NDM5QzExOS44OTUgNjguNDc2OSAxMDQuMzM5IDY0LjE4NzMgODkuMjIyNiA2MC4wMjdDODAuMDIzMyA2Mi40ODE4IDYyLjM0ODMgNjcuMTU5IDYyLjM0ODMgNjcuMTU5WiIgZmlsbD0id2hpdGUiLz4KPGRlZnM+CjxyYWRpYWxHcmFkaWVudCBpZD0icGFpbnQwX3JhZGlhbF84NThfMzA3MiIgY3g9IjAiIGN5PSIwIiByPSIxIiBncmFkaWVudFVuaXRzPSJ1c2VyU3BhY2VPblVzZSIgZ3JhZGllbnRUcmFuc2Zvcm09InRyYW5zbGF0ZSgtMjkuNSAtMTgpIHJvdGF0ZSgzOS42OTYzKSBzY2FsZSgzMDIuMTY4IDI3NS4yNzEpIj4KPHN0b3Agc3RvcC1jb2xvcj0iI0JFRERGRiIvPgo8c3RvcCBvZmZzZXQ9IjAuMjU5NjE1IiBzdG9wLWNvbG9yPSIjOUVDQ0ZEIi8+CjxzdG9wIG9mZnNldD0iMC41OTEzNDYiIHN0b3AtY29sb3I9IiMzRjlBRkIiLz4KPHN0b3Agb2Zmc2V0PSIxIiBzdG9wLWNvbG9yPSIjMEI3MEUwIi8+CjwvcmFkaWFsR3JhZGllbnQ+CjwvZGVmcz4KPC9zdmc+Cg== + # keysOrder: [] diff --git a/packages/system/cozystack-api/templates/cozystack-resource-definitions/http-cache.yaml b/packages/system/cozystack-resource-definitions/cozyrds/http-cache.yaml similarity index 98% rename from packages/system/cozystack-api/templates/cozystack-resource-definitions/http-cache.yaml rename to packages/system/cozystack-resource-definitions/cozyrds/http-cache.yaml index 438105eb..583d8fa8 100644 --- a/packages/system/cozystack-api/templates/cozystack-resource-definitions/http-cache.yaml +++ b/packages/system/cozystack-resource-definitions/cozyrds/http-cache.yaml @@ -30,7 +30,5 @@ spec: icon: PHN2ZyB3aWR0aD0iMTQ0IiBoZWlnaHQ9IjE0NCIgdmlld0JveD0iMCAwIDE0NCAxNDQiIGZpbGw9Im5vbmUiIHhtbG5zPSJodHRwOi8vd3d3LnczLm9yZy8yMDAwL3N2ZyI+CjxyZWN0IHdpZHRoPSIxNDQiIGhlaWdodD0iMTQ0IiByeD0iMjQiIGZpbGw9InVybCgjcGFpbnQwX2xpbmVhcl82ODFfMjgyNSkiLz4KPHBhdGggZD0iTTI2LjAwMjYgMzcuODU4OEMyNi4wMDI2IDYwLjkxOSAyNi4wMDI2IDgzLjk4MTQgMjYuMDAyNiAxMDcuMDQ2QzI1Ljk3MyAxMDguMzIzIDI2LjE5OTYgMTA5LjU5MyAyNi42NjkyIDExMC43ODNDMjcuMTM4NyAxMTEuOTcyIDI3Ljg0MTggMTEzLjA1NiAyOC43Mzc0IDExMy45NzJDMzAuNDUzOSAxMTUuNjU5IDMyLjcgMTE2LjcwOSAzNS4xMDA5IDExNi45NDhDMzcuNTAxOSAxMTcuMTg3IDM5LjkxMjYgMTE2LjYgNDEuOTMxIDExNS4yODRDNDMuMjgyIDExNC4zNzEgNDQuMzg4MSAxMTMuMTQzIDQ1LjE1MjcgMTExLjcwN0M0NS45MTc0IDExMC4yNzEgNDYuMzE3NSAxMDguNjcxIDQ2LjMxODEgMTA3LjA0NkM0Ni4zMTgxIDkwLjM1MjggNDYuMjg2MSA3My42NTk3IDQ2LjMxODEgNTYuOTY2NkM2MS42MTY4IDc1LjE4ODkgNzYuOTQ3NCA5My4zODU2IDkyLjMxIDExMS41NTdDOTQuNDQ0NCAxMTMuNzA4IDk3LjA4NzUgMTE1LjI5MSA5OS45OTcgMTE2LjE2MkMxMDIuOTA2IDExNy4wMzIgMTA1Ljk4OSAxMTcuMTYyIDEwOC45NjIgMTE2LjUzOUMxMTEuMDYxIDExNi4xMjggMTEyLjk3MyAxMTUuMDU3IDExNC40MTUgMTEzLjQ4NUMxMTUuODU3IDExMS45MTMgMTE2Ljc1NCAxMDkuOTIxIDExNi45NzQgMTA3LjgwNEMxMTcuMDA5IDg0LjI2ODEgMTE3LjAwOSA2MC43MzQzIDExNi45NzQgMzcuMjAyNUMxMTYuNzU0IDM0LjY5MDcgMTE1LjU5NSAzMi4zNTIyIDExMy43MjYgMzAuNjQ4NkMxMTEuODU4IDI4Ljk0NSAxMDkuNDE1IDI4IDEwNi44ODEgMjhDMTA0LjM0NiAyOCAxMDEuOTAzIDI4Ljk0NSAxMDAuMDM1IDMwLjY0ODZDOTguMTY2MyAzMi4zNTIyIDk3LjAwNzQgMzQuNjkwNyA5Ni43ODY5IDM3LjIwMjVDOTYuNzg2OSA1NC4xNjMyIDk2LjY4NDQgNzEuMTA0OCA5Ni43ODY5IDg4LjA1OTFDODEuNzYxNiA3MC40MzU4IDY2LjkyMTkgNTIuNjU5NiA1MS45NTQzIDM0Ljk3MjVDNDkuOTgxIDMyLjQ1NTQgNDcuMzY4NSAzMC41MDczIDQ0LjM4NjMgMjkuMzI5MUM0MS40MDQxIDI4LjE1MDkgMzguMTU5OSAyNy43ODUyIDM0Ljk4ODMgMjguMjY5OEMzMi41ODU3IDI4LjUzNTkgMzAuMzU4MyAyOS42NDkzIDI4LjcwOTkgMzEuNDA4NEMyNy4wNjE1IDMzLjE2NzUgMjYuMTAxIDM1LjQ1NTkgMjYuMDAyNiAzNy44NTg4WiIgZmlsbD0id2hpdGUiLz4KPGRlZnM+CjxsaW5lYXJHcmFkaWVudCBpZD0icGFpbnQwX2xpbmVhcl82ODFfMjgyNSIgeDE9IjEwIiB5MT0iMTUuNSIgeDI9IjE0NCIgeTI9IjEzMS41IiBncmFkaWVudFVuaXRzPSJ1c2VyU3BhY2VPblVzZSI+CjxzdG9wIHN0b3AtY29sb3I9IiMwMEM1NEEiLz4KPHN0b3Agb2Zmc2V0PSIxIiBzdG9wLWNvbG9yPSIjMDE5NjM5Ii8+CjwvbGluZWFyR3JhZGllbnQ+CjwvZGVmcz4KPC9zdmc+Cg== keysOrder: [["apiVersion"], ["appVersion"], ["kind"], ["metadata"], ["metadata", "name"], ["spec", "size"], ["spec", "storageClass"], ["spec", "external"], ["spec", "endpoints"], ["spec", "haproxy"], ["spec", "haproxy", "replicas"], ["spec", "haproxy", "resources"], ["spec", "haproxy", "resourcesPreset"], ["spec", "nginx"], ["spec", "nginx", "replicas"], ["spec", "nginx", "resources"], ["spec", "nginx", "resourcesPreset"]] secrets: - exclude: - - matchLabels: - apps.cozystack.io/tenantresource: "false" - include: [{}] + exclude: [] + include: [] diff --git a/packages/system/cozystack-api/templates/cozystack-resource-definitions/info.yaml b/packages/system/cozystack-resource-definitions/cozyrds/info.yaml similarity index 95% rename from packages/system/cozystack-api/templates/cozystack-resource-definitions/info.yaml rename to packages/system/cozystack-resource-definitions/cozyrds/info.yaml index 57945cd8..43cda091 100644 --- a/packages/system/cozystack-api/templates/cozystack-resource-definitions/info.yaml +++ b/packages/system/cozystack-resource-definitions/cozyrds/info.yaml @@ -30,7 +30,8 @@ spec: icon: PHN2ZyB3aWR0aD0iMTQ0IiBoZWlnaHQ9IjE0NCIgdmlld0JveD0iMCAwIDE0NCAxNDQiIGZpbGw9Im5vbmUiIHhtbG5zPSJodHRwOi8vd3d3LnczLm9yZy8yMDAwL3N2ZyI+CjxyZWN0IHdpZHRoPSIxNDQiIGhlaWdodD0iMTQ0IiByeD0iMjQiIGZpbGw9InVybCgjcGFpbnQwX3JhZGlhbF8xNDRfMykiLz4KPGcgY2xpcC1wYXRoPSJ1cmwoI2NsaXAwXzE0NF8zKSI+CjxwYXRoIGQ9Ik03Ny42NDA3IDk3LjA4NDRMODIuODMzIDk3LjM2MDRWMTA0LjYzN0g2MS4xNzI4Vjk3LjcxOTdMNjQuMTc3MSA5Ny40NDk1QzY1LjgxMDEgOTcuMjY4NCA2Ni44MTA2IDk2LjcxOTMgNjYuODEwNiA5NC41MzQzVjY5LjIzMTRDNjYuODEwNiA2Ny4yMjE3IDY2LjI3MDEgNjYuNTg2NCA2NC41MzY1IDY2LjU4NjRMNjEuMzU2OCA2Ni40MDgxVjU4Ljg1ODRINzcuNjQ2NUw3Ny42NDA3IDk3LjA4NDRaTTcxLjI3MjYgMzkuMzYzQzc1LjI4MDQgMzkuMzYzIDc4LjE4NyA0Mi4zNzMxIDc4LjE4NyA0Ni4xODgzQzc4LjE4NyA1MC4wMTQ5IDc1LjI3MTggNTIuODM4MSA3MS4xNzc4IDUyLjgzODFDNjYuOTk3NSA1Mi44MzgxIDY0LjI2NjMgNTAuMDE0OSA2NC4yNjYzIDQ2LjE4ODNDNjQuMjY2MyA0Mi4zNzMxIDY2Ljk5NzUgMzkuMzYzIDcxLjI3MjYgMzkuMzYzWk03MiAxMThDNDYuNjM2OCAxMTggMjYgOTcuMzYzMiAyNiA3MkMyNiA0Ni42MzY4IDQ2LjYzNjggMjYgNzIgMjZDOTcuMzU3NSAyNiAxMTggNDYuNjM2OCAxMTggNzJDMTE4IDk3LjM2MzIgOTcuMzU3NSAxMTggNzIgMTE4Wk03MiAzNC42MjVDNTEuMzkyIDM0LjYyNSAzNC42MjUgNTEuMzkyIDM0LjYyNSA3MkMzNC42MjUgOTIuNjA4IDUxLjM5MiAxMDkuMzc1IDcyIDEwOS4zNzVDOTIuNjA4IDEwOS4zNzUgMTA5LjM3NSA5Mi42MDggMTA5LjM3NSA3MkMxMDkuMzc1IDUxLjM5MiA5Mi42MDggMzQuNjI1IDcyIDM0LjYyNVoiIGZpbGw9IndoaXRlIi8+CjwvZz4KPGRlZnM+CjxyYWRpYWxHcmFkaWVudCBpZD0icGFpbnQwX3JhZGlhbF8xNDRfMyIgY3g9IjAiIGN5PSIwIiByPSIxIiBncmFkaWVudFVuaXRzPSJ1c2VyU3BhY2VPblVzZSIgZ3JhZGllbnRUcmFuc2Zvcm09InRyYW5zbGF0ZSgxLjMyMjk4ZS0wNSAtNy41MDAwMSkgcm90YXRlKDQ0LjcxNzgpIHNjYWxlKDIxNS4zMTcgMzEyLjQ1NSkiPgo8c3RvcCBzdG9wLWNvbG9yPSIjMDBCNUU3Ii8+CjxzdG9wIG9mZnNldD0iMSIgc3RvcC1jb2xvcj0iIzAwMzk4NCIvPgo8L3JhZGlhbEdyYWRpZW50Pgo8Y2xpcFBhdGggaWQ9ImNsaXAwXzE0NF8zIj4KPHJlY3Qgd2lkdGg9IjkyIiBoZWlnaHQ9IjkyIiBmaWxsPSJ3aGl0ZSIgdHJhbnNmb3JtPSJ0cmFuc2xhdGUoMjYgMjYpIi8+CjwvY2xpcFBhdGg+CjwvZGVmcz4KPC9zdmc+Cg== keysOrder: [["apiVersion"], ["appVersion"], ["kind"], ["metadata"], ["metadata", "name"]] secrets: - exclude: - - matchLabels: - apps.cozystack.io/tenantresource: "false" - include: [{}] + exclude: [] + include: + - resourceNames: + - kubeconfig-{{ .namespace }} + - "{{ .namespace }}" diff --git a/packages/system/cozystack-api/templates/cozystack-resource-definitions/ingress.yaml b/packages/system/cozystack-resource-definitions/cozyrds/ingress.yaml similarity index 96% rename from packages/system/cozystack-api/templates/cozystack-resource-definitions/ingress.yaml rename to packages/system/cozystack-resource-definitions/cozyrds/ingress.yaml index a319d3a2..80d52549 100644 --- a/packages/system/cozystack-api/templates/cozystack-resource-definitions/ingress.yaml +++ b/packages/system/cozystack-resource-definitions/cozyrds/ingress.yaml @@ -30,7 +30,10 @@ spec: icon: PHN2ZyB3aWR0aD0iMTQ0IiBoZWlnaHQ9IjE0NCIgdmlld0JveD0iMCAwIDE0NCAxNDQiIGZpbGw9Im5vbmUiIHhtbG5zPSJodHRwOi8vd3d3LnczLm9yZy8yMDAwL3N2ZyI+CjxyZWN0IHdpZHRoPSIxNDQiIGhlaWdodD0iMTQ0IiByeD0iMjQiIGZpbGw9InVybCgjcGFpbnQwX2xpbmVhcl82ODRfMzIyOSkiLz4KPHBhdGggZD0iTTg2LjkyNzQgMzcuMTA3NEgxN1YxMDcuMDM1SDg2LjkyNzRWMzcuMTA3NFoiIHN0cm9rZT0id2hpdGUiIHN0cm9rZS13aWR0aD0iNiIgc3Ryb2tlLW1pdGVybGltaXQ9IjEwIiBzdHJva2UtbGluZWNhcD0icm91bmQiIHN0cm9rZS1saW5lam9pbj0icm91bmQiLz4KPHBhdGggZD0iTTEyNy42NDMgMjlIMTA3LjQ1NVY0OS4xODgzSDEyNy42NDNWMjlaIiBzdHJva2U9IndoaXRlIiBzdHJva2Utd2lkdGg9IjQiIHN0cm9rZS1taXRlcmxpbWl0PSIxMCIgc3Ryb2tlLWxpbmVjYXA9InJvdW5kIiBzdHJva2UtbGluZWpvaW49InJvdW5kIi8+CjxwYXRoIGQ9Ik0xMjcuNjQzIDYxLjcyNjZIMTA3LjQ1NVY4MS45MTQ5SDEyNy42NDNWNjEuNzI2NloiIHN0cm9rZT0id2hpdGUiIHN0cm9rZS13aWR0aD0iNCIgc3Ryb2tlLW1pdGVybGltaXQ9IjEwIiBzdHJva2UtbGluZWNhcD0icm91bmQiIHN0cm9rZS1saW5lam9pbj0icm91bmQiLz4KPHBhdGggZD0iTTEyNy42NDMgOTQuNDUyMUgxMDcuNDU1VjExNC42NEgxMjcuNjQzVjk0LjQ1MjFaIiBzdHJva2U9IndoaXRlIiBzdHJva2Utd2lkdGg9IjQiIHN0cm9rZS1taXRlcmxpbWl0PSIxMCIgc3Ryb2tlLWxpbmVjYXA9InJvdW5kIiBzdHJva2UtbGluZWpvaW49InJvdW5kIi8+CjxwYXRoIGQ9Ik04OC41MTM3IDcyLjA3MTNIMTA2LjI3IiBzdHJva2U9IndoaXRlIiBzdHJva2Utd2lkdGg9IjMiIHN0cm9rZS1taXRlcmxpbWl0PSIxMCIgc3Ryb2tlLWxpbmVjYXA9InJvdW5kIiBzdHJva2UtbGluZWpvaW49InJvdW5kIi8+CjxwYXRoIGQ9Ik04Ny41Njc0IDgwLjQyNDhMMTA3LjczIDk1Ljc4MDUiIHN0cm9rZT0id2hpdGUiIHN0cm9rZS13aWR0aD0iMyIgc3Ryb2tlLW1pdGVybGltaXQ9IjEwIiBzdHJva2UtbGluZWNhcD0icm91bmQiIHN0cm9rZS1saW5lam9pbj0icm91bmQiLz4KPHBhdGggZD0iTTg3LjU2NzQgNjMuNzE4MUwxMDcuNzMgNDguMzYyMyIgc3Ryb2tlPSJ3aGl0ZSIgc3Ryb2tlLXdpZHRoPSIzIiBzdHJva2UtbWl0ZXJsaW1pdD0iMTAiIHN0cm9rZS1saW5lY2FwPSJyb3VuZCIgc3Ryb2tlLWxpbmVqb2luPSJyb3VuZCIvPgo8ZGVmcz4KPGxpbmVhckdyYWRpZW50IGlkPSJwYWludDBfbGluZWFyXzY4NF8zMjI5IiB4MT0iMTAiIHkxPSIxNS41IiB4Mj0iMTQ0IiB5Mj0iMTMxLjUiIGdyYWRpZW50VW5pdHM9InVzZXJTcGFjZU9uVXNlIj4KPHN0b3Agc3RvcC1jb2xvcj0iIzAwREE1MyIvPgo8c3RvcCBvZmZzZXQ9IjEiIHN0b3AtY29sb3I9IiMwMDk2MzkiLz4KPC9saW5lYXJHcmFkaWVudD4KPC9kZWZzPgo8L3N2Zz4K keysOrder: [["apiVersion"], ["appVersion"], ["kind"], ["metadata"], ["metadata", "name"], ["spec", "replicas"], ["spec", "whitelist"], ["spec", "cloudflareProxy"], ["spec", "resources"], ["spec", "resourcesPreset"]] secrets: - exclude: - - matchLabels: - apps.cozystack.io/tenantresource: "false" - include: [{}] + exclude: [] + include: [] + services: + exclude: [] + include: + - resourceNames: + - "{{ slice .namespace 7 }}-ingress-controller" diff --git a/packages/system/cozystack-api/templates/cozystack-resource-definitions/kafka.yaml b/packages/system/cozystack-resource-definitions/cozyrds/kafka.yaml similarity index 97% rename from packages/system/cozystack-api/templates/cozystack-resource-definitions/kafka.yaml rename to packages/system/cozystack-resource-definitions/cozyrds/kafka.yaml index d4891307..05594e07 100644 --- a/packages/system/cozystack-api/templates/cozystack-resource-definitions/kafka.yaml +++ b/packages/system/cozystack-resource-definitions/cozyrds/kafka.yaml @@ -29,7 +29,12 @@ spec: icon: PHN2ZyB3aWR0aD0iMTQ0IiBoZWlnaHQ9IjE0NCIgdmlld0JveD0iMCAwIDE0NCAxNDQiIGZpbGw9Im5vbmUiIHhtbG5zPSJodHRwOi8vd3d3LnczLm9yZy8yMDAwL3N2ZyI+CjxyZWN0IHdpZHRoPSIxNDQiIGhlaWdodD0iMTQ0IiByeD0iMjQiIGZpbGw9InVybCgjcGFpbnQwX2xpbmVhcl82ODFfMjgyMCkiLz4KPHBhdGggZD0iTTkxLjAzMDcgNzcuODE4NUM4Ni44NTc3IDc3LjgxODUgODMuMTE2NiA3OS42ODE4IDgwLjU1NDcgODIuNjE1NEw3My45OTAxIDc3LjkzMTVDNzQuNjg2OSA3NS45OTc4IDc1LjA4NyA3My45MjE1IDc1LjA4NyA3MS43NDgyQzc1LjA4NyA2OS42MTI2IDc0LjcwMDggNjcuNTcxMSA3NC4wMjY5IDY1LjY2Nkw4MC41NzY5IDYxLjAzMThDODMuMTM4NSA2My45NTA1IDg2Ljg2OTkgNjUuODAzNyA5MS4wMzA3IDY1LjgwMzdDOTguNzMyOCA2NS44MDM3IDEwNSA1OS40ODg0IDEwNSA1MS43MjQ3QzEwNSA0My45NjEgOTguNzMyOCAzNy42NDU3IDkxLjAzMDcgMzcuNjQ1N0M4My4zMjg1IDM3LjY0NTcgNzcuMDYxNCA0My45NjEgNzcuMDYxNCA1MS43MjQ3Qzc3LjA2MTQgNTMuMTE0MyA3Ny4yNjk3IDU0LjQ1NDMgNzcuNjQzNSA1NS43MjMzTDcxLjA4OTEgNjAuMzU5OEM2OC4zNTEyIDU2LjkzNjUgNjQuNDA5IDU0LjU0NjMgNTkuOTE3NCA1My44MTY2VjQ1Ljg1NTNDNjYuMjQ1MSA0NC41MTU4IDcxLjAxMjggMzguODQ5NSA3MS4wMTI4IDMyLjA3OUM3MS4wMTI4IDI0LjMxNTMgNjQuNzQ1NyAxOCA1Ny4wNDM1IDE4QzQ5LjM0MTQgMTggNDMuMDc0MiAyNC4zMTUzIDQzLjA3NDIgMzIuMDc5QzQzLjA3NDIgMzguNzU4OSA0Ny43MTg0IDQ0LjM1NTIgNTMuOTE5NiA0NS43OTAzVjUzLjg1NTFDNDUuNDU2NyA1NS4zNTIzIDM5IDYyLjc5NjEgMzkgNzEuNzQ4MkMzOSA4MC43NDQgNDUuNTIwNiA4OC4yMTUxIDU0LjA0NDYgODkuNjYxM1Y5OC4xNzcyQzQ3Ljc4MDEgOTkuNTY1IDQzLjA3NDIgMTA1LjE5NiA0My4wNzQyIDExMS45MjFDNDMuMDc0MiAxMTkuNjg1IDQ5LjM0MTQgMTI2IDU3LjA0MzUgMTI2QzY0Ljc0NTcgMTI2IDcxLjAxMjggMTE5LjY4NSA3MS4wMTI4IDExMS45MjFDNzEuMDEyOCAxMDUuMTk2IDY2LjMwNyA5OS41NjUgNjAuMDQyNCA5OC4xNzcyVjg5LjY2MTFDNjQuMzU2OSA4OC45Mjg2IDY4LjI2MDEgODYuNjQwNyA3MS4wMjUyIDgzLjIyMzRMNzcuNjMzNyA4Ny45Mzc2Qzc3LjI2NjkgODkuMTk1MiA3Ny4wNjE0IDkwLjUyMTkgNzcuMDYxNCA5MS44OTc1Qzc3LjA2MTQgOTkuNjYxMiA4My4zMjg1IDEwNS45NzYgOTEuMDMwNyAxMDUuOTc2Qzk4LjczMjggMTA1Ljk3NiAxMDUgOTkuNjYxMiAxMDUgOTEuODk3NUMxMDUgODQuMTMzOCA5OC43MzI4IDc3LjgxODUgOTEuMDMwNyA3Ny44MTg1Wk05MS4wMzA3IDQ0Ljg5ODVDOTQuNzY1NiA0NC44OTg1IDk3LjgwMzQgNDcuOTYxNSA5Ny44MDM0IDUxLjcyNDdDOTcuODAzNCA1NS40ODc5IDk0Ljc2NTYgNTguNTUwNiA5MS4wMzA3IDU4LjU1MDZDODcuMjk1OCA1OC41NTA2IDg0LjI1OCA1NS40ODc5IDg0LjI1OCA1MS43MjQ3Qzg0LjI1OCA0Ny45NjE1IDg3LjI5NTggNDQuODk4NSA5MS4wMzA3IDQ0Ljg5ODVaTTUwLjI3MDUgMzIuMDc5QzUwLjI3MDUgMjguMzE1OCA1My4zMDg2IDI1LjI1MzEgNTcuMDQzNSAyNS4yNTMxQzYwLjc3ODUgMjUuMjUzMSA2My44MTYzIDI4LjMxNTggNjMuODE2MyAzMi4wNzlDNjMuODE2MyAzNS44NDIyIDYwLjc3ODUgMzguOTA0OSA1Ny4wNDM1IDM4LjkwNDlDNTMuMzA4NiAzOC45MDQ5IDUwLjI3MDUgMzUuODQyMiA1MC4yNzA1IDMyLjA3OVpNNjMuODE2MyAxMTEuOTIxQzYzLjgxNjMgMTE1LjY4NCA2MC43Nzg1IDExOC43NDcgNTcuMDQzNSAxMTguNzQ3QzUzLjMwODYgMTE4Ljc0NyA1MC4yNzA1IDExNS42ODQgNTAuMjcwNSAxMTEuOTIxQzUwLjI3MDUgMTA4LjE1OCA1My4zMDg2IDEwNS4wOTUgNTcuMDQzNSAxMDUuMDk1QzYwLjc3ODUgMTA1LjA5NSA2My44MTYzIDEwOC4xNTggNjMuODE2MyAxMTEuOTIxWk01Ny4wNDMgODEuMjY4MUM1MS44MzM5IDgxLjI2ODEgNDcuNTk2MiA3Ni45OTggNDcuNTk2MiA3MS43NDgyQzQ3LjU5NjIgNjYuNDk4MiA1MS44MzM5IDYyLjIyNzMgNTcuMDQzIDYyLjIyNzNDNjIuMjUxOSA2Mi4yMjczIDY2LjQ4OTUgNjYuNDk4MiA2Ni40ODk1IDcxLjc0ODJDNjYuNDg5NSA3Ni45OTggNjIuMjUxOSA4MS4yNjgxIDU3LjA0MyA4MS4yNjgxWk05MS4wMzA3IDk4LjcyMzdDODcuMjk1OCA5OC43MjM3IDg0LjI1OCA5NS42NjA3IDg0LjI1OCA5MS44OTc1Qzg0LjI1OCA4OC4xMzQzIDg3LjI5NTggODUuMDcxNiA5MS4wMzA3IDg1LjA3MTZDOTQuNzY1NiA4NS4wNzE2IDk3LjgwMzQgODguMTM0MyA5Ny44MDM0IDkxLjg5NzVDOTcuODAzNCA5NS42NjA3IDk0Ljc2NTYgOTguNzIzNyA5MS4wMzA3IDk4LjcyMzdaIiBmaWxsPSJ3aGl0ZSIvPgo8ZGVmcz4KPGxpbmVhckdyYWRpZW50IGlkPSJwYWludDBfbGluZWFyXzY4MV8yODIwIiB4MT0iMTQwIiB5MT0iMTMwLjUiIHgyPSI0IiB5Mj0iOS40OTk5OSIgZ3JhZGllbnRVbml0cz0idXNlclNwYWNlT25Vc2UiPgo8c3RvcC8+CjxzdG9wIG9mZnNldD0iMSIgc3RvcC1jb2xvcj0iIzQzNDE0MSIvPgo8L2xpbmVhckdyYWRpZW50Pgo8L2RlZnM+Cjwvc3ZnPgo= keysOrder: [["apiVersion"], ["appVersion"], ["kind"], ["metadata"], ["metadata", "name"], ["spec", "external"], ["spec", "topics"], ["spec", "kafka"], ["spec", "kafka", "replicas"], ["spec", "kafka", "resources"], ["spec", "kafka", "resourcesPreset"], ["spec", "kafka", "size"], ["spec", "kafka", "storageClass"], ["spec", "zookeeper"], ["spec", "zookeeper", "replicas"], ["spec", "zookeeper", "resources"], ["spec", "zookeeper", "resourcesPreset"], ["spec", "zookeeper", "size"], ["spec", "zookeeper", "storageClass"]] secrets: - exclude: - - matchLabels: - apps.cozystack.io/tenantresource: "false" - include: [{}] + exclude: [] + include: + - resourceNames: + - kafka-{{ .name }}-clients-ca + services: + exclude: [] + include: + - resourceNames: + - kafka-{{ .name }}-kafka-bootstrap diff --git a/packages/system/cozystack-api/templates/cozystack-resource-definitions/kubernetes.yaml b/packages/system/cozystack-resource-definitions/cozyrds/kubernetes.yaml similarity index 98% rename from packages/system/cozystack-api/templates/cozystack-resource-definitions/kubernetes.yaml rename to packages/system/cozystack-resource-definitions/cozyrds/kubernetes.yaml index 0629b6d4..db9ec9dc 100644 --- a/packages/system/cozystack-api/templates/cozystack-resource-definitions/kubernetes.yaml +++ b/packages/system/cozystack-resource-definitions/cozyrds/kubernetes.yaml @@ -30,7 +30,17 @@ spec: icon: PHN2ZyB3aWR0aD0iMTQ0IiBoZWlnaHQ9IjE0NCIgdmlld0JveD0iMCAwIDE0NCAxNDQiIGZpbGw9Im5vbmUiIHhtbG5zPSJodHRwOi8vd3d3LnczLm9yZy8yMDAwL3N2ZyI+CjxyZWN0IHdpZHRoPSIxNDQiIGhlaWdodD0iMTQ0IiByeD0iMjQiIGZpbGw9InVybCgjcGFpbnQwX2xpbmVhcl82ODFfMjg0NSkiLz4KPHBhdGggZD0iTTcxLjk5NjggMTlDNzAuMzAzOSAxOS4wMDAyIDY4LjkzMTIgMjAuNTMyMiA2OC45MzE0IDIyLjQyMjFDNjguOTMxNCAyMi40NTExIDY4LjkzNzMgMjIuNDc4OCA2OC45Mzc5IDIyLjUwNzZDNjguOTM1NCAyMi43NjQ0IDY4LjkyMzEgMjMuMDczNyA2OC45MzE0IDIzLjI5NzNDNjguOTcxNyAyNC4zODczIDY5LjIwODIgMjUuMjIxNiA2OS4zNTA2IDI2LjIyNThDNjkuNjA4NCAyOC4zNzUyIDY5LjgyNDUgMzAuMTU2OSA2OS42OTEyIDMxLjgxM0M2OS41NjE1IDMyLjQzNzUgNjkuMTAzNyAzMy4wMDg2IDY4LjY5NTYgMzMuNDA1Nkw2OC42MjM1IDM0LjcwODZDNjYuNzgzOSAzNC44NjE3IDY0LjkzMTkgMzUuMTQyMSA2My4wODIxIDM1LjU2NDFDNTUuMTIyNiAzNy4zNzk4IDQ4LjI2OTUgNDEuNDk5MSA0My4wNTIgNDcuMDYwOUM0Mi43MTM0IDQ2LjgyODggNDIuMTIxMSA0Ni40MDE5IDQxLjk0NSA0Ni4yNzEyQzQxLjM5NzcgNDYuMzQ1NCA0MC44NDQ1IDQ2LjUxNTEgNDAuMTI0MSA0Ni4wOTM1QzM4Ljc1MjIgNDUuMTY1NyAzNy41MDI4IDQzLjg4NTEgMzUuOTkxIDQyLjM0MjRDMzUuMjk4MiA0MS42MDQ0IDM0Ljc5NjYgNDAuOTAxOCAzMy45NzM1IDQwLjE5MDRDMzMuNzg2NiA0MC4wMjg5IDMzLjUwMTQgMzkuODEwNCAzMy4yOTIzIDM5LjY0NDJDMzIuNjQ4OSAzOS4xMjg4IDMxLjg5IDM4Ljg2IDMxLjE1NyAzOC44MzQ4QzMwLjIxNDcgMzguODAyNCAyOS4zMDc1IDM5LjE3MjUgMjguNzEzOCAzOS45MjA2QzI3LjY1ODQgNDEuMjUwNiAyNy45OTYzIDQzLjI4MzMgMjkuNDY3MSA0NC40NjE0QzI5LjQ4MiA0NC40NzM0IDI5LjQ5NzkgNDQuNDgyNyAyOS41MTI5IDQ0LjQ5NDNDMjkuNzE1IDQ0LjY1ODkgMjkuOTYyNSA0NC44Njk4IDMwLjE0ODMgNDUuMDA3NkMzMS4wMjE3IDQ1LjY1NTUgMzEuODE5NSA0NS45ODcyIDMyLjY4OTcgNDYuNTAxNUMzNC41MjMxIDQ3LjYzOTEgMzYuMDQzIDQ4LjU4MjMgMzcuMjQ4NiA0OS43MTk2QzM3LjcxOTQgNTAuMjIzNyAzNy44MDE2IDUxLjExMjIgMzcuODY0MyA1MS40OTY0TDM4Ljg0NjggNTIuMzc4MkMzMy41ODcyIDYwLjMzMDggMzEuMTUzIDcwLjE1MzkgMzIuNTkxNSA4MC4xNjI3TDMxLjMwNzcgODAuNTM3OEMzMC45NjkzIDgwLjk3NjggMzAuNDkxMiA4MS42Njc2IDI5Ljk5MTEgODEuODczOEMyOC40MTM4IDgyLjM3MjkgMjYuNjM4NyA4Mi41NTYyIDI0LjQ5NTYgODIuNzgxOUMyMy40ODk0IDgyLjg2NiAyMi42MjEzIDgyLjgxNTggMjEuNTU0NiA4My4wMTg4QzIxLjMxOTggODMuMDYzNSAyMC45OTI3IDgzLjE0OTEgMjAuNzM1OCA4My4yMDk3QzIwLjcyNjkgODMuMjExNiAyMC43MTg2IDgzLjIxNDIgMjAuNzA5NiA4My4yMTYyQzIwLjY5NTYgODMuMjE5NSAyMC42NzcyIDgzLjIyNjMgMjAuNjYzOCA4My4yMjk0QzE4Ljg1NyA4My42NjggMTcuNjk2MyA4NS4zMzY1IDE4LjA2OTkgODYuOTgwNUMxOC40NDM3IDg4LjYyNDggMjAuMjA4NiA4OS42MjQ4IDIyLjAyNjIgODkuMjMxMkMyMi4wMzkzIDg5LjIyODIgMjIuMDU4NCA4OS4yMjc3IDIyLjA3MiA4OS4yMjQ2QzIyLjA5MjYgODkuMjE5OSAyMi4xMTA2IDg5LjIwOTkgMjIuMTMxIDg5LjIwNDlDMjIuMzg0NCA4OS4xNDkgMjIuNzAxOSA4OS4wODY4IDIyLjkyMzYgODkuMDI3MkMyMy45NzIzIDg4Ljc0NTEgMjQuNzMxOCA4OC4zMzA2IDI1LjY3NDYgODcuOTY3N0MyNy43MDI5IDg3LjIzNjggMjkuMzgyOCA4Ni42MjYyIDMxLjAxOTUgODYuMzg4M0MzMS43MDMgODYuMzM0NSAzMi40MjMyIDg2LjgxMiAzMi43ODE0IDg3LjAxMzRMMzQuMTE3NyA4Ni43ODMxQzM3LjE5MjYgOTYuMzYxMyA0My42MzY2IDEwNC4xMDMgNTEuNzk2MyAxMDguOTYxTDUxLjIzOTYgMTEwLjMwM0M1MS40NDAzIDExMC44MjQgNTEuNjYxNiAxMTEuNTMgNTEuNTEyMSAxMTIuMDQ1QzUwLjkxNzEgMTEzLjU5NSA0OS44OTggMTE1LjIzMSA0OC43Mzc0IDExNy4wNTVDNDguMTc1NSAxMTcuODk4IDQ3LjYwMDQgMTE4LjU1MiA0Ny4wOTM0IDExOS41MTZDNDYuOTcyIDExOS43NDcgNDYuODE3NSAxMjAuMTAyIDQ2LjcwMDQgMTIwLjM0NkM0NS45MTI1IDEyMi4wMzkgNDYuNDkwNCAxMjMuOTkgNDguMDAzOCAxMjQuNzIyQzQ5LjUyNjggMTI1LjQ1OSA1MS40MTcxIDEyNC42ODIgNTIuMjM1MiAxMjIuOTg1QzUyLjIzNjQgMTIyLjk4MiA1Mi4yNDA2IDEyMi45OCA1Mi4yNDE3IDEyMi45NzhDNTIuMjQyNiAxMjIuOTc2IDUyLjI0MDkgMTIyLjk3MyA1Mi4yNDE3IDEyMi45NzFDNTIuMzU4MiAxMjIuNzMxIDUyLjUyMzMgMTIyLjQxNSA1Mi42MjE2IDEyMi4xODhDNTMuMDU2IDEyMS4xODkgNTMuMjAwNSAxMjAuMzMyIDUzLjUwNTkgMTE5LjM2NUM1NC4zMTcgMTE3LjMxOCA1NC43NjI2IDExNS4xNyA1NS44NzkxIDExMy44MzJDNTYuMTg0OSAxMTMuNDY2IDU2LjY4MzMgMTEzLjMyNSA1Ny4yMDAxIDExMy4xODZMNTcuODk0NCAxMTEuOTIyQzY1LjAwOCAxMTQuNjY1IDcyLjk3MDUgMTE1LjQwMiA4MC45MjQ1IDExMy41ODdDODIuNzM5MSAxMTMuMTczIDg0LjQ5MDggMTEyLjYzNyA4Ni4xODQzIDExMS45OTRDODYuMzc5NCAxMTIuMzQyIDg2Ljc0MiAxMTMuMDExIDg2LjgzOTMgMTEzLjE3OUM4Ny4zNjQ0IDExMy4zNTEgODcuOTM3NyAxMTMuNDM5IDg4LjQwNDcgMTE0LjEzM0M4OS4yNDAxIDExNS41NjcgODkuODExNCAxMTcuMjYzIDkwLjUwNzMgMTE5LjMxMkM5MC44MTI4IDEyMC4yNzkgOTAuOTYzOCAxMjEuMTM2IDkxLjM5ODEgMTIyLjEzNkM5MS40OTcxIDEyMi4zNjMgOTEuNjYxNCAxMjIuNjg0IDkxLjc3OCAxMjIuOTI1QzkyLjU5NDQgMTI0LjYyOCA5NC40OTA3IDEyNS40MDcgOTYuMDE1OSAxMjQuNjY5Qzk3LjUyOTIgMTIzLjkzNyA5OC4xMDc3IDEyMS45ODYgOTcuMzE5NCAxMjAuMjkzQzk3LjIwMjMgMTIwLjA0OSA5Ny4wNDEyIDExOS42OTUgOTYuOTE5OCAxMTkuNDY0Qzk2LjQxMjcgMTE4LjQ5OSA5NS44Mzc3IDExNy44NTIgOTUuMjc1OCAxMTcuMDA5Qzk0LjExNTIgMTE1LjE4NSA5My4xNTI2IDExMy42NyA5Mi41NTc1IDExMi4xMkM5Mi4zMDg3IDExMS4zMiA5Mi41OTk1IDExMC44MjMgOTIuNzkzMyAxMTAuMzAzQzkyLjY3NzIgMTEwLjE3IDkyLjQyODggMTA5LjQxNCA5Mi4yODI0IDEwOS4wNTlDMTAwLjc2MiAxMDQuMDI5IDEwNy4wMTcgOTUuOTk4NSAxMDkuOTU1IDg2LjcyMzlDMTEwLjM1MSA4Ni43ODY1IDExMS4wNDEgODYuOTA5MSAxMTEuMjY1IDg2Ljk1NDJDMTExLjcyNiA4Ni42NDg3IDExMi4xNDkgODYuMjUwMSAxMTIuOTgxIDg2LjMxNTlDMTE0LjYxNyA4Ni41NTM3IDExNi4yOTcgODcuMTY0NSAxMTguMzI2IDg3Ljg5NTNDMTE5LjI2OCA4OC4yNTgxIDEyMC4wMjggODguNjc5MyAxMjEuMDc3IDg4Ljk2MTRDMTIxLjI5OCA4OS4wMjEgMTIxLjYxNiA4OS4wNzY2IDEyMS44NjkgODkuMTMyNUMxMjEuODg5IDg5LjEzNzUgMTIxLjkwOCA4OS4xNDc1IDEyMS45MjggODkuMTUyMkMxMjEuOTQyIDg5LjE1NTMgMTIxLjk2MSA4OS4xNTU4IDEyMS45NzQgODkuMTU4OEMxMjMuNzkyIDg5LjU1MiAxMjUuNTU3IDg4LjU1MjYgMTI1LjkzIDg2LjkwODFDMTI2LjMwMyA4NS4yNjQxIDEyNS4xNDMgODMuNTk1MiAxMjMuMzM2IDgzLjE1N0MxMjMuMDc0IDgzLjA5NyAxMjIuNzAxIDgyLjk5NSAxMjIuNDQ2IDgyLjk0NjVDMTIxLjM3OSA4Mi43NDM1IDEyMC41MTEgODIuNzkzNSAxMTkuNTA1IDgyLjcwOTVDMTE3LjM2MSA4Mi40ODM5IDExNS41ODYgODIuMzAwNCAxMTQuMDA5IDgxLjgwMTRDMTEzLjM2NiA4MS41NTA3IDExMi45MDggODAuNzgxOSAxMTIuNjg2IDgwLjQ2NTVMMTExLjQ0OCA4MC4xMDM1QzExMi4wOSA3NS40MzggMTExLjkxNyA3MC41ODI1IDExMC44MDYgNjUuNzI0M0MxMDkuNjg1IDYwLjgyMDggMTA3LjcwNCA1Ni4zMzYxIDEwNS4wNjIgNTIuMzg0OEMxMDUuMzc5IDUyLjA5NDggMTA1Ljk3OSA1MS41NjEyIDEwNi4xNDkgNTEuNDA0M0MxMDYuMTk5IDUwLjg1MTcgMTA2LjE1NiA1MC4yNzIyIDEwNi43MjUgNDkuNjYwM0MxMDcuOTMxIDQ4LjUyMyAxMDkuNDUxIDQ3LjU3OTkgMTExLjI4NCA0Ni40NDIzQzExMi4xNTQgNDUuOTI3OSAxMTIuOTU5IDQ1LjU5NjQgMTEzLjgzMiA0NC45NDg0QzExNC4wMyA0NC44MDE5IDExNC4yOTkgNDQuNTY5OSAxMTQuNTA3IDQ0LjQwMjJDMTE1Ljk3NyA0My4yMjM3IDExNi4zMTYgNDEuMTkxMSAxMTUuMjYgMzkuODYxNEMxMTQuMjA0IDM4LjUzMTcgMTEyLjE1OSAzOC40MDY1IDExMC42ODggMzkuNTg1QzExMC40NzkgMzkuNzUxNiAxMTAuMTk1IDM5Ljk2ODggMTEwLjAwNyA0MC4xMzEyQzEwOS4xODQgNDAuODQyNiAxMDguNjc2IDQxLjU0NTIgMTA3Ljk4MyA0Mi4yODMyQzEwNi40NzEgNDMuODI1OSAxMDUuMjIyIDQ1LjExMyAxMDMuODUgNDYuMDQwOUMxMDMuMjU1IDQ2LjM4ODUgMTAyLjM4NSA0Ni4yNjgyIDEwMS45OSA0Ni4yNDQ5TDEwMC44MjQgNDcuMDgwNkM5NC4xNzUzIDQwLjA3NjMgODUuMTIzNSAzNS41OTgyIDc1LjM3NjYgMzQuNzI4M0M3NS4zNDk0IDM0LjMxNzkgNzUuMzEzNyAzMy41NzYxIDc1LjMwNDYgMzMuMzUyOUM3NC45MDU2IDMyLjk2OTMgNzQuNDIzNSAzMi42NDE4IDc0LjMwMjQgMzEuODEzQzc0LjE2OTEgMzAuMTU2OSA3NC4zOTE3IDI4LjM3NTIgNzQuNjQ5NiAyNi4yMjU4Qzc0Ljc5MTkgMjUuMjIxNiA3NS4wMjg0IDI0LjM4NzMgNzUuMDY4OCAyMy4yOTczQzc1LjA3OCAyMy4wNDk1IDc1LjA2MzIgMjIuNjkgNzUuMDYyMiAyMi40MjIxQzc1LjA2MiAyMC41MzIyIDczLjY4OTggMTguOTk5OCA3MS45OTY4IDE5Wk02OC4xNTg1IDQyLjg4ODZMNjcuMjQ4IDU5LjA0NDdMNjcuMTgyNSA1OS4wNzc2QzY3LjEyMTQgNjAuNTIyOSA2NS45Mzc1IDYxLjY3NyA2NC40ODM5IDYxLjY3N0M2My44ODg0IDYxLjY3NyA2My4zMzg4IDYxLjQ4NDkgNjIuODkyMiA2MS4xNTcxTDYyLjg2NiA2MS4xNzAzTDQ5LjY4MDcgNTEuNzc5NEM1My43MzMxIDQ3Ljc3NTkgNTguOTE2NCA0NC44MTcyIDY0Ljg5IDQzLjQ1NDZDNjUuOTgxMiA0My4yMDU2IDY3LjA3MTkgNDMuMDIwOSA2OC4xNTg1IDQyLjg4ODZaTTc1Ljg0MTcgNDIuODg4NkM4Mi44MTU5IDQzLjc1MDQgODkuMjY1NyA0Ni45MjMyIDk0LjIwODEgNTEuNzg2TDgxLjEwOCA2MS4xMTc2TDgxLjA2MjEgNjEuMDk3OUM3OS44OTk0IDYxLjk1MTIgNzguMjYxMSA2MS43Mzk0IDc3LjM1NDggNjAuNTk3OEM3Ni45ODM1IDYwLjEzMDEgNzYuNzg4NyA1OS41ODAxIDc2Ljc2NTMgNTkuMDI0OUw3Ni43NTIyIDU5LjAxODRMNzUuODQxNyA0Mi44ODg2Wk00NC44OTkxIDU3LjgxNEw1Ni45MzgyIDY4LjYzM0w1Ni45MjUxIDY4LjY5ODhDNTguMDExNyA2OS42NDc5IDU4LjE3MiA3MS4yOTQ5IDU3LjI2NTcgNzIuNDM2OEM1Ni44OTQ0IDcyLjkwNDUgNTYuMzk3NSA3My4yMTgyIDU1Ljg2MzkgNzMuMzY0N0w1NS44NTA4IDczLjQxNzNMNDAuNDE4OCA3Ny44OTIzQzM5LjYzMzQgNzAuNjc2NSA0MS4zMjYxIDYzLjY2MjEgNDQuODk5MSA1Ny44MTRaTTk5LjAwOTQgNTcuODIwNkMxMDAuNzk4IDYwLjczMzYgMTAyLjE1MyA2My45ODcxIDEwMi45NTkgNjcuNTE0M0MxMDMuNzU2IDcwLjk5OTEgMTAzLjk1NiA3NC40Nzc4IDEwMy42MjcgNzcuODM5N0w4OC4xMTY2IDczLjM1MTVMODguMTAzNSA3My4yODU3Qzg2LjcxNDUgNzIuOTA0MyA4NS44NjA5IDcxLjQ4NDggODYuMTg0MyA3MC4wNjExQzg2LjMxNjggNjkuNDc3OCA4Ni42MjQ5IDY4Ljk4NDQgODcuMDQyMyA2OC42MTk4TDg3LjAzNTggNjguNTg2OUw5OS4wMDk0IDU3LjgyMDZaTTY5LjUyNzQgNjkuNDY4OEg3NC40NTk2TDc3LjUyNTEgNzMuMzE4Nkw3Ni40MjQ3IDc4LjEyMjZMNzEuOTk2OCA4MC4yNjE0TDY3LjU1NTggNzguMTE2MUw2Ni40NTU0IDczLjMxMkw2OS41Mjc0IDY5LjQ2ODhaTTg1LjMzOTMgODIuNjQzN0M4NS41NDg5IDgyLjYzMzEgODUuNzU3NiA4Mi42NTIgODUuOTYxNiA4Mi42ODk4TDg1Ljk4NzggODIuNjU2OUwxMDEuOTUgODUuMzY4MkM5OS42MTQyIDkxLjk2MjQgOTUuMTQ0IDk3LjY3NSA4OS4xNzExIDEwMS40OThMODIuOTc0NyA4Ni40NjA2TDgyLjk5NDQgODYuNDM0M0M4Mi40MjUyIDg1LjEwNTUgODIuOTk0OCA4My41NDcyIDg0LjMwNDQgODIuOTEzNUM4NC42Mzk3IDgyLjc1MTMgODQuOTkgODIuNjYxNCA4NS4zMzkzIDgyLjY0MzdaTTU4LjUyOTggODIuNzA5NUM1OS43NDggODIuNzI2NyA2MC44NDA2IDgzLjU3NjEgNjEuMTIzNyA4NC44MjJDNjEuMjU2MiA4NS40MDUyIDYxLjE5MTcgODUuOTgzMSA2MC45NzMgODYuNDkzNUw2MS4wMTg5IDg2LjU1MjdMNTQuODg4IDEwMS40MzlDNDkuMTU1OSA5Ny43NDMyIDQ0LjU5MDQgOTIuMjA5OSA0Mi4xNDgxIDg1LjQyMDhMNTcuOTczMSA4Mi43MjI3TDU3Ljk5OTMgODIuNzU1NkM1OC4xNzYzIDgyLjcyMjkgNTguMzU1OCA4Mi43MDcxIDU4LjUyOTggODIuNzA5NVpNNzEuODk4NiA4OS4yMzEyQzcyLjMyMjkgODkuMjE1NSA3Mi43NTM0IDg5LjMwMyA3My4xNjI3IDg5LjUwMUM3My42OTkyIDg5Ljc2MDYgNzQuMTEzNiA5MC4xNjkyIDc0LjM3NDUgOTAuNjU5Mkg3NC40MzM0TDgyLjIzNDYgMTA0LjgyMUM4MS4yMjIxIDEwNS4xNjIgODAuMTgxMyAxMDUuNDU0IDc5LjExNjcgMTA1LjY5N0M3My4xNTA1IDEwNy4wNTggNjcuMjAzMiAxMDYuNjQ1IDYxLjgxOCAxMDQuODAyTDY5LjU5OTUgOTAuNjY1OEg2OS42MTI2QzcwLjA3OTUgODkuNzg4OCA3MC45NjUgODkuMjY1NiA3MS44OTg2IDg5LjIzMTJaIiBmaWxsPSJ3aGl0ZSIgc3Ryb2tlPSJ3aGl0ZSIgc3Ryb2tlLXdpZHRoPSIwLjI1Ii8+CjxkZWZzPgo8bGluZWFyR3JhZGllbnQgaWQ9InBhaW50MF9saW5lYXJfNjgxXzI4NDUiIHgxPSIxMCIgeTE9IjE1LjUiIHgyPSIxNDQiIHkyPSIxMzEuNSIgZ3JhZGllbnRVbml0cz0idXNlclNwYWNlT25Vc2UiPgo8c3RvcCBzdG9wLWNvbG9yPSIjNEQ4N0ZGIi8+CjxzdG9wIG9mZnNldD0iMSIgc3RvcC1jb2xvcj0iIzA1NDdEMCIvPgo8L2xpbmVhckdyYWRpZW50Pgo8L2RlZnM+Cjwvc3ZnPgo= keysOrder: [["apiVersion"], ["appVersion"], ["kind"], ["metadata"], ["metadata", "name"], ["spec", "storageClass"], ["spec", "version"], ["spec", "host"], ["spec", "nodeGroups"], ["spec", "nodeGroups", "md0"], ["spec", "nodeGroups", "md0", "minReplicas"], ["spec", "nodeGroups", "md0", "maxReplicas"], ["spec", "nodeGroups", "md0", "instanceType"], ["spec", "nodeGroups", "md0", "ephemeralStorage"], ["spec", "nodeGroups", "md0", "roles"], ["spec", "nodeGroups", "md0", "resources"], ["spec", "nodeGroups", "md0", "gpus"], ["spec", "addons"], ["spec", "addons", "certManager"], ["spec", "addons", "certManager", "enabled"], ["spec", "addons", "certManager", "valuesOverride"], ["spec", "addons", "cilium"], ["spec", "addons", "cilium", "valuesOverride"], ["spec", "addons", "gatewayAPI"], ["spec", "addons", "gatewayAPI", "enabled"], ["spec", "addons", "ingressNginx"], ["spec", "addons", "ingressNginx", "enabled"], ["spec", "addons", "ingressNginx", "exposeMethod"], ["spec", "addons", "ingressNginx", "hosts"], ["spec", "addons", "ingressNginx", "valuesOverride"], ["spec", "addons", "gpuOperator"], ["spec", "addons", "gpuOperator", "enabled"], ["spec", "addons", "gpuOperator", "valuesOverride"], ["spec", "addons", "fluxcd"], ["spec", "addons", "fluxcd", "enabled"], ["spec", "addons", "fluxcd", "valuesOverride"], ["spec", "addons", "monitoringAgents"], ["spec", "addons", "monitoringAgents", "enabled"], ["spec", "addons", "monitoringAgents", "valuesOverride"], ["spec", "addons", "verticalPodAutoscaler"], ["spec", "addons", "verticalPodAutoscaler", "valuesOverride"], ["spec", "addons", "velero"], ["spec", "addons", "velero", "enabled"], ["spec", "addons", "velero", "valuesOverride"], ["spec", "addons", "coredns"], ["spec", "addons", "coredns", "valuesOverride"], ["spec", "controlPlane"], ["spec", "controlPlane", "replicas"], ["spec", "controlPlane", "apiServer"], ["spec", "controlPlane", "apiServer", "resources"], ["spec", "controlPlane", "apiServer", "resourcesPreset"], ["spec", "controlPlane", "controllerManager"], ["spec", "controlPlane", "controllerManager", "resourcesPreset"], ["spec", "controlPlane", "controllerManager", "resources"], ["spec", "controlPlane", "scheduler"], ["spec", "controlPlane", "scheduler", "resourcesPreset"], ["spec", "controlPlane", "scheduler", "resources"], ["spec", "controlPlane", "konnectivity"], ["spec", "controlPlane", "konnectivity", "server"], ["spec", "controlPlane", "konnectivity", "server", "resourcesPreset"], ["spec", "controlPlane", "konnectivity", "server", "resources"]] secrets: - exclude: - - matchLabels: - apps.cozystack.io/tenantresource: "false" - include: [{}] + exclude: [] + include: + - resourceNames: + - kubernetes-{{ .name }}-admin-kubeconfig + services: + exclude: [] + include: + - resourceNames: + - kubernetes-{{ .name }} + ingresses: + exclude: [] + include: + - resourceNames: + - kubernetes-{{ .name }} diff --git a/packages/system/cozystack-api/templates/cozystack-resource-definitions/monitoring.yaml b/packages/system/cozystack-resource-definitions/cozyrds/monitoring.yaml similarity index 50% rename from packages/system/cozystack-api/templates/cozystack-resource-definitions/monitoring.yaml rename to packages/system/cozystack-resource-definitions/cozyrds/monitoring.yaml index a6908d5e..82271a35 100644 --- a/packages/system/cozystack-api/templates/cozystack-resource-definitions/monitoring.yaml +++ b/packages/system/cozystack-resource-definitions/cozyrds/monitoring.yaml @@ -8,7 +8,7 @@ spec: singular: monitoring plural: monitorings openAPISchema: |- - {"title":"Chart Values","type":"object","properties":{"alerta":{"description":"Configuration for Alerta service","type":"object","default":{},"properties":{"alerts":{"description":"Configuration for alerts","type":"object","default":{},"properties":{"telegram":{"description":"Configuration for Telegram alerts","type":"object","default":{},"required":["chatID","disabledSeverity","token"],"properties":{"chatID":{"description":"Specify multiple ID's separated by comma. Get yours in https://t.me/chatid_echo_bot","type":"string"},"disabledSeverity":{"description":"List of severity without alerts, separated by comma like: \"informational,warning\"","type":"string"},"token":{"description":"Telegram token for your bot","type":"string"}}}}},"resources":{"description":"Resources configuration","type":"object","default":{},"properties":{"limits":{"type":"object","default":{},"properties":{"cpu":{"description":"CPU limit (maximum available CPU)","default":1,"pattern":"^(\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))))?$","anyOf":[{"type":"integer"},{"type":"string"}],"x-kubernetes-int-or-string":true},"memory":{"description":"Memory limit (maximum available memory)","default":"1Gi","pattern":"^(\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))))?$","anyOf":[{"type":"integer"},{"type":"string"}],"x-kubernetes-int-or-string":true}}},"requests":{"type":"object","default":{},"properties":{"cpu":{"description":"CPU request (minimum available CPU)","default":"100m","pattern":"^(\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))))?$","anyOf":[{"type":"integer"},{"type":"string"}],"x-kubernetes-int-or-string":true},"memory":{"description":"Memory request (minimum available memory)","default":"256Mi","pattern":"^(\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))))?$","anyOf":[{"type":"integer"},{"type":"string"}],"x-kubernetes-int-or-string":true}}}}},"storage":{"description":"Persistent Volume size for the database","type":"string","default":"10Gi"},"storageClassName":{"description":"StorageClass used to store the data","type":"string"}}},"grafana":{"description":"Configuration for Grafana","type":"object","default":{},"properties":{"db":{"description":"Database configuration","type":"object","default":{},"properties":{"size":{"description":"Persistent Volume size for the database","type":"string","default":"10Gi"}}},"resources":{"description":"Resources configuration","type":"object","default":{},"properties":{"limits":{"type":"object","default":{},"properties":{"cpu":{"description":"CPU limit (maximum available CPU)","default":1,"pattern":"^(\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))))?$","anyOf":[{"type":"integer"},{"type":"string"}],"x-kubernetes-int-or-string":true},"memory":{"description":"Memory limit (maximum available memory)","default":"1Gi","pattern":"^(\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))))?$","anyOf":[{"type":"integer"},{"type":"string"}],"x-kubernetes-int-or-string":true}}},"requests":{"type":"object","default":{},"properties":{"cpu":{"description":"CPU request (minimum available CPU)","default":"100m","pattern":"^(\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))))?$","anyOf":[{"type":"integer"},{"type":"string"}],"x-kubernetes-int-or-string":true},"memory":{"description":"Memory request (minimum available memory)","default":"256Mi","pattern":"^(\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))))?$","anyOf":[{"type":"integer"},{"type":"string"}],"x-kubernetes-int-or-string":true}}}}}}},"host":{"description":"The hostname used to access the grafana externally (defaults to 'grafana' subdomain for the tenant host).","type":"string"},"logsStorages":{"description":"Configuration of logs storage instances","type":"array","default":[{"name":"generic","retentionPeriod":"1","storage":"10Gi","storageClassName":"replicated"}],"items":{"type":"object","required":["name","retentionPeriod","storage"],"properties":{"name":{"description":"Name of the storage instance","type":"string"},"retentionPeriod":{"description":"Retention period for the logs in the storage instance","type":"string","default":"1"},"storage":{"description":"Persistent Volume size for the storage instance","type":"string","default":"10Gi"},"storageClassName":{"description":"StorageClass used to store the data","type":"string","default":"replicated"}}}},"metricsStorages":{"description":"Configuration of metrics storage instances","type":"array","default":[{"deduplicationInterval":"15s","name":"shortterm","retentionPeriod":"3d","storage":"10Gi","storageClassName":""},{"deduplicationInterval":"5m","name":"longterm","retentionPeriod":"14d","storage":"10Gi","storageClassName":""}],"items":{"type":"object","required":["deduplicationInterval","name","retentionPeriod","storage"],"properties":{"deduplicationInterval":{"description":"Deduplication interval for the metrics in the storage instance","type":"string"},"name":{"description":"Name of the storage instance","type":"string"},"retentionPeriod":{"description":"Retention period for the metrics in the storage instance","type":"string"},"storage":{"description":"Persistent Volume size for the storage instance","type":"string","default":"10Gi"},"storageClassName":{"description":"StorageClass used to store the data","type":"string"},"vminsert":{"description":"Configuration for vminsert component of the storage instance","type":"object","properties":{"maxAllowed":{"description":"Limits (maximum allowed/available resources )","type":"object","properties":{"cpu":{"description":"CPU limit (maximum available CPU)","default":1,"pattern":"^(\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))))?$","anyOf":[{"type":"integer"},{"type":"string"}],"x-kubernetes-int-or-string":true},"memory":{"description":"Memory limit (maximum available memory)","default":"1Gi","pattern":"^(\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))))?$","anyOf":[{"type":"integer"},{"type":"string"}],"x-kubernetes-int-or-string":true}}},"minAllowed":{"description":"Requests (minimum allowed/available resources)","type":"object","properties":{"cpu":{"description":"CPU request (minimum available CPU)","default":"100m","pattern":"^(\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))))?$","anyOf":[{"type":"integer"},{"type":"string"}],"x-kubernetes-int-or-string":true},"memory":{"description":"Memory request (minimum available memory)","default":"256Mi","pattern":"^(\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))))?$","anyOf":[{"type":"integer"},{"type":"string"}],"x-kubernetes-int-or-string":true}}}}},"vmselect":{"description":"Configuration for vmselect component of the storage instance","type":"object","properties":{"maxAllowed":{"description":"Limits (maximum allowed/available resources )","type":"object","properties":{"cpu":{"description":"CPU limit (maximum available CPU)","default":1,"pattern":"^(\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))))?$","anyOf":[{"type":"integer"},{"type":"string"}],"x-kubernetes-int-or-string":true},"memory":{"description":"Memory limit (maximum available memory)","default":"1Gi","pattern":"^(\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))))?$","anyOf":[{"type":"integer"},{"type":"string"}],"x-kubernetes-int-or-string":true}}},"minAllowed":{"description":"Requests (minimum allowed/available resources)","type":"object","properties":{"cpu":{"description":"CPU request (minimum available CPU)","default":"100m","pattern":"^(\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))))?$","anyOf":[{"type":"integer"},{"type":"string"}],"x-kubernetes-int-or-string":true},"memory":{"description":"Memory request (minimum available memory)","default":"256Mi","pattern":"^(\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))))?$","anyOf":[{"type":"integer"},{"type":"string"}],"x-kubernetes-int-or-string":true}}}}},"vmstorage":{"description":"Configuration for vmstorage component of the storage instance","type":"object","properties":{"maxAllowed":{"description":"Limits (maximum allowed/available resources )","type":"object","properties":{"cpu":{"description":"CPU limit (maximum available CPU)","default":1,"pattern":"^(\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))))?$","anyOf":[{"type":"integer"},{"type":"string"}],"x-kubernetes-int-or-string":true},"memory":{"description":"Memory limit (maximum available memory)","default":"1Gi","pattern":"^(\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))))?$","anyOf":[{"type":"integer"},{"type":"string"}],"x-kubernetes-int-or-string":true}}},"minAllowed":{"description":"Requests (minimum allowed/available resources)","type":"object","properties":{"cpu":{"description":"CPU request (minimum available CPU)","default":"100m","pattern":"^(\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))))?$","anyOf":[{"type":"integer"},{"type":"string"}],"x-kubernetes-int-or-string":true},"memory":{"description":"Memory request (minimum available memory)","default":"256Mi","pattern":"^(\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))))?$","anyOf":[{"type":"integer"},{"type":"string"}],"x-kubernetes-int-or-string":true}}}}}}}}}} + {"title":"Chart Values","type":"object","properties":{"alerta":{"description":"Configuration for Alerta service","type":"object","default":{},"properties":{"alerts":{"description":"Configuration for alerts","type":"object","default":{},"properties":{"slack":{"description":"Configuration for Slack alerts","type":"object","default":{},"properties":{"url":{"description":"Configuration uri for Slack alerts","type":"string"}}},"telegram":{"description":"Configuration for Telegram alerts","type":"object","default":{},"required":["chatID","disabledSeverity","token"],"properties":{"chatID":{"description":"Specify multiple ID's separated by comma. Get yours in https://t.me/chatid_echo_bot","type":"string"},"disabledSeverity":{"description":"List of severity without alerts, separated by comma like: \"informational,warning\"","type":"string"},"token":{"description":"Telegram token for your bot","type":"string"}}}}},"resources":{"description":"Resources configuration","type":"object","default":{},"properties":{"limits":{"type":"object","default":{},"properties":{"cpu":{"description":"CPU limit (maximum available CPU)","default":1,"pattern":"^(\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))))?$","anyOf":[{"type":"integer"},{"type":"string"}],"x-kubernetes-int-or-string":true},"memory":{"description":"Memory limit (maximum available memory)","default":"1Gi","pattern":"^(\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))))?$","anyOf":[{"type":"integer"},{"type":"string"}],"x-kubernetes-int-or-string":true}}},"requests":{"type":"object","default":{},"properties":{"cpu":{"description":"CPU request (minimum available CPU)","default":"100m","pattern":"^(\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))))?$","anyOf":[{"type":"integer"},{"type":"string"}],"x-kubernetes-int-or-string":true},"memory":{"description":"Memory request (minimum available memory)","default":"256Mi","pattern":"^(\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))))?$","anyOf":[{"type":"integer"},{"type":"string"}],"x-kubernetes-int-or-string":true}}}}},"storage":{"description":"Persistent Volume size for the database","type":"string","default":"10Gi"},"storageClassName":{"description":"StorageClass used to store the data","type":"string"}}},"grafana":{"description":"Configuration for Grafana","type":"object","default":{},"properties":{"db":{"description":"Database configuration","type":"object","default":{},"properties":{"size":{"description":"Persistent Volume size for the database","type":"string","default":"10Gi"}}},"resources":{"description":"Resources configuration","type":"object","default":{},"properties":{"limits":{"type":"object","default":{},"properties":{"cpu":{"description":"CPU limit (maximum available CPU)","default":1,"pattern":"^(\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))))?$","anyOf":[{"type":"integer"},{"type":"string"}],"x-kubernetes-int-or-string":true},"memory":{"description":"Memory limit (maximum available memory)","default":"1Gi","pattern":"^(\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))))?$","anyOf":[{"type":"integer"},{"type":"string"}],"x-kubernetes-int-or-string":true}}},"requests":{"type":"object","default":{},"properties":{"cpu":{"description":"CPU request (minimum available CPU)","default":"100m","pattern":"^(\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))))?$","anyOf":[{"type":"integer"},{"type":"string"}],"x-kubernetes-int-or-string":true},"memory":{"description":"Memory request (minimum available memory)","default":"256Mi","pattern":"^(\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))))?$","anyOf":[{"type":"integer"},{"type":"string"}],"x-kubernetes-int-or-string":true}}}}}}},"host":{"description":"The hostname used to access the grafana externally (defaults to 'grafana' subdomain for the tenant host).","type":"string"},"logsStorages":{"description":"Configuration of logs storage instances","type":"array","default":[{"name":"generic","retentionPeriod":"1","storage":"10Gi","storageClassName":"replicated"}],"items":{"type":"object","required":["name","retentionPeriod","storage"],"properties":{"name":{"description":"Name of the storage instance","type":"string"},"retentionPeriod":{"description":"Retention period for the logs in the storage instance","type":"string","default":"1"},"storage":{"description":"Persistent Volume size for the storage instance","type":"string","default":"10Gi"},"storageClassName":{"description":"StorageClass used to store the data","type":"string","default":"replicated"}}}},"metricsStorages":{"description":"Configuration of metrics storage instances","type":"array","default":[{"deduplicationInterval":"15s","name":"shortterm","retentionPeriod":"3d","storage":"10Gi","storageClassName":""},{"deduplicationInterval":"5m","name":"longterm","retentionPeriod":"14d","storage":"10Gi","storageClassName":""}],"items":{"type":"object","required":["deduplicationInterval","name","retentionPeriod","storage"],"properties":{"deduplicationInterval":{"description":"Deduplication interval for the metrics in the storage instance","type":"string"},"name":{"description":"Name of the storage instance","type":"string"},"retentionPeriod":{"description":"Retention period for the metrics in the storage instance","type":"string"},"storage":{"description":"Persistent Volume size for the storage instance","type":"string","default":"10Gi"},"storageClassName":{"description":"StorageClass used to store the data","type":"string"},"vminsert":{"description":"Configuration for vminsert component of the storage instance","type":"object","properties":{"maxAllowed":{"description":"Limits (maximum allowed/available resources )","type":"object","properties":{"cpu":{"description":"CPU limit (maximum available CPU)","default":1,"pattern":"^(\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))))?$","anyOf":[{"type":"integer"},{"type":"string"}],"x-kubernetes-int-or-string":true},"memory":{"description":"Memory limit (maximum available memory)","default":"1Gi","pattern":"^(\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))))?$","anyOf":[{"type":"integer"},{"type":"string"}],"x-kubernetes-int-or-string":true}}},"minAllowed":{"description":"Requests (minimum allowed/available resources)","type":"object","properties":{"cpu":{"description":"CPU request (minimum available CPU)","default":"100m","pattern":"^(\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))))?$","anyOf":[{"type":"integer"},{"type":"string"}],"x-kubernetes-int-or-string":true},"memory":{"description":"Memory request (minimum available memory)","default":"256Mi","pattern":"^(\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))))?$","anyOf":[{"type":"integer"},{"type":"string"}],"x-kubernetes-int-or-string":true}}}}},"vmselect":{"description":"Configuration for vmselect component of the storage instance","type":"object","properties":{"maxAllowed":{"description":"Limits (maximum allowed/available resources )","type":"object","properties":{"cpu":{"description":"CPU limit (maximum available CPU)","default":1,"pattern":"^(\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))))?$","anyOf":[{"type":"integer"},{"type":"string"}],"x-kubernetes-int-or-string":true},"memory":{"description":"Memory limit (maximum available memory)","default":"1Gi","pattern":"^(\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))))?$","anyOf":[{"type":"integer"},{"type":"string"}],"x-kubernetes-int-or-string":true}}},"minAllowed":{"description":"Requests (minimum allowed/available resources)","type":"object","properties":{"cpu":{"description":"CPU request (minimum available CPU)","default":"100m","pattern":"^(\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))))?$","anyOf":[{"type":"integer"},{"type":"string"}],"x-kubernetes-int-or-string":true},"memory":{"description":"Memory request (minimum available memory)","default":"256Mi","pattern":"^(\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))))?$","anyOf":[{"type":"integer"},{"type":"string"}],"x-kubernetes-int-or-string":true}}}}},"vmstorage":{"description":"Configuration for vmstorage component of the storage instance","type":"object","properties":{"maxAllowed":{"description":"Limits (maximum allowed/available resources )","type":"object","properties":{"cpu":{"description":"CPU limit (maximum available CPU)","default":1,"pattern":"^(\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))))?$","anyOf":[{"type":"integer"},{"type":"string"}],"x-kubernetes-int-or-string":true},"memory":{"description":"Memory limit (maximum available memory)","default":"1Gi","pattern":"^(\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))))?$","anyOf":[{"type":"integer"},{"type":"string"}],"x-kubernetes-int-or-string":true}}},"minAllowed":{"description":"Requests (minimum allowed/available resources)","type":"object","properties":{"cpu":{"description":"CPU request (minimum available CPU)","default":"100m","pattern":"^(\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))))?$","anyOf":[{"type":"integer"},{"type":"string"}],"x-kubernetes-int-or-string":true},"memory":{"description":"Memory request (minimum available memory)","default":"256Mi","pattern":"^(\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))))?$","anyOf":[{"type":"integer"},{"type":"string"}],"x-kubernetes-int-or-string":true}}}}}}}}}} release: prefix: "" labels: @@ -28,9 +28,21 @@ spec: description: Monitoring and observability stack module: true icon: PHN2ZyB3aWR0aD0iMTQ0IiBoZWlnaHQ9IjE0NCIgdmlld0JveD0iMCAwIDE0NCAxNDQiIGZpbGw9Im5vbmUiIHhtbG5zPSJodHRwOi8vd3d3LnczLm9yZy8yMDAwL3N2ZyI+CjxyZWN0IHdpZHRoPSIxNDQiIGhlaWdodD0iMTQ0IiByeD0iMjQiIGZpbGw9InVybCgjcGFpbnQwX2xpbmVhcl82ODdfMzI2OCkiLz4KPGcgY2xpcC1wYXRoPSJ1cmwoI2NsaXAwXzY4N18zMjY4KSI+CjxwYXRoIGQ9Ik04OS41MDM5IDExMS43MDdINTQuNDk3QzU0LjE3MjcgMTExLjcwNyA1NC4wMTA4IDExMS4yMjEgNTQuMzM0OSAxMTEuMDU5TDU3LjI1MjIgMTA4Ljk1MkM2MC4zMzE0IDEwNi42ODMgNjEuOTUyMiAxMDIuNjMxIDYwLjk3OTcgOTguNzQxMkg4My4wMjFDODIuMDQ4NSAxMDIuNjMxIDgzLjY2OTMgMTA2LjY4MyA4Ni43NDg1IDEwOC45NTJMODkuNjY1OCAxMTEuMDU5Qzg5Ljk5IDExMS4yMjEgODkuODI3OSAxMTEuNzA3IDg5LjUwMzkgMTExLjcwN1oiIGZpbGw9IiNCMEI2QkIiLz4KPHBhdGggZD0iTTExMy4zMjggOTguNzQxSDMwLjY3MjVDMjcuNTkzMSA5OC43NDEgMjUgOTYuMTQ4IDI1IDkzLjA2ODdWMzMuMTAzMkMyNSAzMC4wMjM5IDI3LjU5MzEgMjcuNDMwNyAzMC42NzI1IDI3LjQzMDdIMTEzLjMyOEMxMTYuNDA3IDI3LjQzMDcgMTE5IDMwLjAyMzcgMTE5IDMzLjEwMzJWOTMuMDY4N0MxMTkgOTYuMTQ4IDExNi40MDcgOTguNzQxIDExMy4zMjggOTguNzQxWiIgZmlsbD0iI0U4RURFRSIvPgo8cGF0aCBkPSJNMTE5IDg0LjE1NDlIMjVWMzMuMTAzMkMyNSAzMC4wMjM5IDI3LjU5MzEgMjcuNDMwNyAzMC42NzI1IDI3LjQzMDdIMTEzLjMyOEMxMTYuNDA3IDI3LjQzMDcgMTE5IDMwLjAyMzcgMTE5IDMzLjEwMzJMMTE5IDg0LjE1NDlaIiBmaWxsPSIjMzg0NTRGIi8+CjxwYXRoIGQ9Ik05MC42Mzc0IDExNi41NjlINTMuMzYxNkM1Mi4wNjUxIDExNi41NjkgNTAuOTMwNyAxMTUuNDM1IDUwLjkzMDcgMTE0LjEzOEM1MC45MzA3IDExMi44NDEgNTIuMDY1MSAxMTEuNzA3IDUzLjM2MTYgMTExLjcwN0g5MC42Mzc0QzkxLjkzMzkgMTExLjcwNyA5My4wNjg0IDExMi44NDEgOTMuMDY4NCAxMTQuMTM4QzkzLjA2ODQgMTE1LjQzNSA5MS45MzM5IDExNi41NjkgOTAuNjM3NCAxMTYuNTY5WiIgZmlsbD0iI0U4RURFRSIvPgo8cGF0aCBkPSJNNTQuMTcyMiAzOC43NzU3SDMzLjEwMzJDMzIuMTMwNyAzOC43NzU3IDMxLjQ4MjQgMzguMTI3NCAzMS40ODI0IDM3LjE1NDlDMzEuNDgyNCAzNi4xODI0IDMyLjEzMDcgMzUuNTM0MiAzMy4xMDMyIDM1LjUzNDJINTQuMTcyMkM1NS4xNDQ3IDM1LjUzNDIgNTUuNzkzIDM2LjE4MjQgNTUuNzkzIDM3LjE1NDlDNTUuNzkyOCAzOC4xMjc0IDU1LjE0NDUgMzguNzc1NyA1NC4xNzIyIDM4Ljc3NTdaIiBmaWxsPSIjREQzNDJFIi8+CjxwYXRoIGQ9Ik02My44OTYzIDQ1LjI1OTFINDEuMjA2N0M0MC4yMzQyIDQ1LjI1OTEgMzkuNTg1OSA0NC42MTA4IDM5LjU4NTkgNDMuNjM4M0MzOS41ODU5IDQyLjY2NTggNDAuMjM0MiA0Mi4wMTc2IDQxLjIwNjcgNDIuMDE3Nkg2My44OTYzQzY0Ljg2ODggNDIuMDE3NiA2NS41MTcxIDQyLjY2NTggNjUuNTE3MSA0My42MzgzQzY1LjUxNzEgNDQuNjEwOCA2NC44Njg4IDQ1LjI1OTEgNjMuODk2MyA0NS4yNTkxWiIgZmlsbD0iIzczODNCRiIvPgo8cGF0aCBkPSJNMzQuNzI0IDQ1LjI1OTFIMzMuMTAzMkMzMi4xMzA3IDQ1LjI1OTEgMzEuNDgyNCA0NC42MTA4IDMxLjQ4MjQgNDMuNjM4M0MzMS40ODI0IDQyLjY2NTggMzIuMTMwNyA0Mi4wMTc2IDMzLjEwMzIgNDIuMDE3NkgzNC43MjRDMzUuNjk2NCA0Mi4wMTc2IDM2LjM0NDcgNDIuNjY1OCAzNi4zNDQ3IDQzLjYzODNDMzYuMzQ0NyA0NC42MTA4IDM1LjY5NjMgNDUuMjU5MSAzNC43MjQgNDUuMjU5MVoiIGZpbGw9IiM0MkIwNUMiLz4KPHBhdGggZD0iTTYzLjg5NjMgMzguNzc1N0g2MC42NTQ5QzU5LjY4MjQgMzguNzc1NyA1OS4wMzQyIDM4LjEyNzQgNTkuMDM0MiAzNy4xNTQ5QzU5LjAzNDIgMzYuMTgyNCA1OS42ODI0IDM1LjUzNDIgNjAuNjU0OSAzNS41MzQySDYzLjg5NjNDNjQuODY4OCAzNS41MzQyIDY1LjUxNzEgMzYuMTgyNCA2NS41MTcxIDM3LjE1NDlDNjUuNTE3MSAzOC4xMjc0IDY0Ljg2ODggMzguNzc1NyA2My44OTYzIDM4Ljc3NTdaIiBmaWxsPSIjRUNCQTE2Ii8+CjxwYXRoIGQ9Ik00Ny42ODkzIDUxLjc0MTNIMzMuMTAzMkMzMi4xMzA3IDUxLjc0MTMgMzEuNDgyNCA1MS4wOTMxIDMxLjQ4MjQgNTAuMTIwNkMzMS40ODI0IDQ5LjE0ODEgMzIuMTMwNyA0OC41IDMzLjEwMzIgNDguNUg0Ny42ODkzQzQ4LjY2MTggNDguNSA0OS4zMTAxIDQ5LjE0ODMgNDkuMzEwMSA1MC4xMjA4QzQ5LjMxMDEgNTEuMDkzMyA0OC42NjE4IDUxLjc0MTMgNDcuNjg5MyA1MS43NDEzWiIgZmlsbD0iI0REMzQyRSIvPgo8cGF0aCBkPSJNNjMuODk2OCA1MS43NDEzSDU0LjE3MjVDNTMuMiA1MS43NDEzIDUyLjU1MTggNTEuMDkzMSA1Mi41NTE4IDUwLjEyMDZDNTIuNTUxOCA0OS4xNDgxIDUzLjIwMDIgNDguNSA1NC4xNzI3IDQ4LjVINjMuODk2OUM2NC44Njk0IDQ4LjUgNjUuNTE3NyA0OS4xNDgzIDY1LjUxNzcgNTAuMTIwOEM2NS41MTc3IDUxLjA5MzMgNjQuODY5MiA1MS43NDEzIDYzLjg5NjggNTEuNzQxM1oiIGZpbGw9IiNFQ0JBMTYiLz4KPHBhdGggZD0iTTU0LjE3MjIgNTguMjI0SDMzLjEwMzJDMzIuMTMwNyA1OC4yMjQgMzEuNDgyNCA1Ny41NzU3IDMxLjQ4MjQgNTYuNjAzMkMzMS40ODI0IDU1LjYzMDcgMzIuMTMwNyA1NC45ODI0IDMzLjEwMzIgNTQuOTgyNEg1NC4xNzIyQzU1LjE0NDcgNTQuOTgyNCA1NS43OTMgNTUuNjMwNyA1NS43OTMgNTYuNjAzMkM1NS43OTMgNTcuNTc1NyA1NS4xNDQ1IDU4LjIyNCA1NC4xNzIyIDU4LjIyNFoiIGZpbGw9IiM0MkIwNUMiLz4KPHBhdGggZD0iTTYzLjg5NjMgNjQuNzA3NEg0MS4yMDY3QzQwLjIzNDIgNjQuNzA3NCAzOS41ODU5IDY0LjA1OTEgMzkuNTg1OSA2My4wODY2QzM5LjU4NTkgNjIuMTE0MSA0MC4yMzQyIDYxLjQ2NTggNDEuMjA2NyA2MS40NjU4SDYzLjg5NjNDNjQuODY4OCA2MS40NjU4IDY1LjUxNzEgNjIuMTE0MSA2NS41MTcxIDYzLjA4NjZDNjUuNTE3MSA2NC4wNTkxIDY0Ljg2ODggNjQuNzA3NCA2My44OTYzIDY0LjcwNzRaIiBmaWxsPSIjRUNCQTE2Ii8+CjxwYXRoIGQ9Ik0zNC43MjQgNjQuNzA3NEgzMy4xMDMyQzMyLjEzMDcgNjQuNzA3NCAzMS40ODI0IDY0LjA1OTEgMzEuNDgyNCA2My4wODY2QzMxLjQ4MjQgNjIuMTE0MSAzMi4xMzA3IDYxLjQ2NTggMzMuMTAzMiA2MS40NjU4SDM0LjcyNEMzNS42OTY0IDYxLjQ2NTggMzYuMzQ0NyA2Mi4xMTQxIDM2LjM0NDcgNjMuMDg2NkMzNi4zNDQ3IDY0LjA1OTEgMzUuNjk2MyA2NC43MDc0IDM0LjcyNCA2NC43MDc0WiIgZmlsbD0iI0REMzQyRSIvPgo8cGF0aCBkPSJNNDcuNjg5MyA3MS4xODk4SDMzLjEwMzJDMzIuMTMwNyA3MS4xODk4IDMxLjQ4MjQgNzAuNTQxNSAzMS40ODI0IDY5LjU2OUMzMS40ODI0IDY4LjU5NjUgMzIuMTMwNyA2Ny45NDgyIDMzLjEwMzIgNjcuOTQ4Mkg0Ny42ODkzQzQ4LjY2MTggNjcuOTQ4MiA0OS4zMTAxIDY4LjU5NjUgNDkuMzEwMSA2OS41NjlDNDkuMzEwMSA3MC41NDE1IDQ4LjY2MTggNzEuMTg5OCA0Ny42ODkzIDcxLjE4OThaIiBmaWxsPSIjNDJCMDVDIi8+CjxwYXRoIGQ9Ik02My44OTY4IDcxLjE4OThINTQuMTcyNUM1My4yIDcxLjE4OTggNTIuNTUxOCA3MC41NDE1IDUyLjU1MTggNjkuNTY5QzUyLjU1MTggNjguNTk2NSA1My4yIDY3Ljk0ODIgNTQuMTcyNSA2Ny45NDgySDYzLjg5NjhDNjQuODY5MiA2Ny45NDgyIDY1LjUxNzUgNjguNTk2NSA2NS41MTc1IDY5LjU2OUM2NS41MTc1IDcwLjU0MTUgNjQuODY5MiA3MS4xODk4IDYzLjg5NjggNzEuMTg5OFoiIGZpbGw9IiM3MzgzQkYiLz4KPHBhdGggZD0iTTU0LjE3MjIgNzcuNjcyMkgzMy4xMDMyQzMyLjEzMDcgNzcuNjcyMiAzMS40ODI0IDc3LjAyMzkgMzEuNDgyNCA3Ni4wNTE0QzMxLjQ4MjQgNzUuMDc4OSAzMi4xMzA3IDc0LjQzMDcgMzMuMTAzMiA3NC40MzA3SDU0LjE3MjJDNTUuMTQ0NyA3NC40MzA3IDU1Ljc5MyA3NS4wNzg5IDU1Ljc5MyA3Ni4wNTE0QzU1Ljc5MjggNzcuMDIzOSA1NS4xNDQ1IDc3LjY3MjIgNTQuMTcyMiA3Ny42NzIyWiIgZmlsbD0iI0VDQkExNiIvPgo8cGF0aCBkPSJNNjMuODk2MyA3Ny42NzIySDYwLjY1NDlDNTkuNjgyNCA3Ny42NzIyIDU5LjAzNDIgNzcuMDIzOSA1OS4wMzQyIDc2LjA1MTRDNTkuMDM0MiA3NS4wNzg5IDU5LjY4MjQgNzQuNDMwNyA2MC42NTQ5IDc0LjQzMDdINjMuODk2M0M2NC44Njg4IDc0LjQzMDcgNjUuNTE3MSA3NS4wNzg5IDY1LjUxNzEgNzYuMDUxNEM2NS41MTcxIDc3LjAyMzkgNjQuODY4OCA3Ny42NzIyIDYzLjg5NjMgNzcuNjcyMloiIGZpbGw9IiM0MkIwNUMiLz4KPHBhdGggZD0iTTEwMS4xNzIgNzcuNjcyMkg4MC4xMDMyQzc5LjEzMDcgNzcuNjcyMiA3OC40ODI0IDc3LjAyMzkgNzguNDgyNCA3Ni4wNTE0Qzc4LjQ4MjQgNzUuMDc4OSA3OS4xMzA3IDc0LjQzMDcgODAuMTAzMiA3NC40MzA3SDEwMS4xNzJDMTAyLjE0NSA3NC40MzA3IDEwMi43OTMgNzUuMDc4OSAxMDIuNzkzIDc2LjA1MTRDMTAyLjc5MyA3Ny4wMjM5IDEwMi4xNDUgNzcuNjcyMiAxMDEuMTcyIDc3LjY3MjJaIiBmaWxsPSIjREQzNDJFIi8+CjxwYXRoIGQ9Ik0xMTAuODk2IDc3LjY3MjJIMTA3LjY1NUMxMDYuNjgyIDc3LjY3MjIgMTA2LjAzNCA3Ny4wMjM5IDEwNi4wMzQgNzYuMDUxNEMxMDYuMDM0IDc1LjA3ODkgMTA2LjY4MiA3NC40MzA3IDEwNy42NTUgNzQuNDMwN0gxMTAuODk2QzExMS44NjkgNzQuNDMwNyAxMTIuNTE3IDc1LjA3ODkgMTEyLjUxNyA3Ni4wNTE0QzExMi41MTcgNzcuMDIzOSAxMTEuODY5IDc3LjY3MjIgMTEwLjg5NiA3Ny42NzIyWiIgZmlsbD0iIzQyQjA1QyIvPgo8cGF0aCBkPSJNNjMuODk2MyA1OC4yMjRINjAuNjU0OUM1OS42ODI0IDU4LjIyNCA1OS4wMzQyIDU3LjU3NTcgNTkuMDM0MiA1Ni42MDMyQzU5LjAzNDIgNTUuNjMwNyA1OS42ODI0IDU0Ljk4MjQgNjAuNjU0OSA1NC45ODI0SDYzLjg5NjNDNjQuODY4OCA1NC45ODI0IDY1LjUxNzEgNTUuNjMwNyA2NS41MTcxIDU2LjYwMzJDNjUuNTE3MSA1Ny41NzU3IDY0Ljg2ODggNTguMjI0IDYzLjg5NjMgNTguMjI0WiIgZmlsbD0iIzczODNCRiIvPgo8cGF0aCBkPSJNMTEyLjUxNyA1MS43NDExQzExMi41MTcgNjAuNjU0OSAxMDUuMjI0IDY3Ljk0OCA5Ni4zMTA0IDY3Ljk0OEM4Ny4zOTY2IDY3Ljk0OCA4MC4xMDM1IDYwLjY1NDkgODAuMTAzNSA1MS43NDExQzgwLjEwMzUgNDIuODI3MyA4Ny4zOTY2IDM1LjUzNDIgOTYuMzEwNCAzNS41MzQyQzEwNS4yMjQgMzUuNTM0MiAxMTIuNTE3IDQyLjgyNzMgMTEyLjUxNyA1MS43NDExWiIgZmlsbD0iI0VDQkExNiIvPgo8cGF0aCBkPSJNODAuMTAzNSA1MS43NDExQzgwLjEwMzUgNTIuMjI3MyA4MC4xMDM1IDUyLjg3NTUgODAuMTAzNSA1My4zNjE5SDk2LjMxMDRWMzUuNTM0MkM4Ny4zOTY2IDM1LjUzNDIgODAuMTAzNSA0Mi44MjczIDgwLjEwMzUgNTEuNzQxMVoiIGZpbGw9IiM0MkIwNUMiLz4KPC9nPgo8ZGVmcz4KPGxpbmVhckdyYWRpZW50IGlkPSJwYWludDBfbGluZWFyXzY4N18zMjY4IiB4MT0iMS4yMzIzOWUtMDYiIHkxPSItOS41MDAwMSIgeDI9IjE2OCIgeTI9IjE2MiIgZ3JhZGllbnRVbml0cz0idXNlclNwYWNlT25Vc2UiPgo8c3RvcCBzdG9wLWNvbG9yPSIjOEZEREZGIi8+CjxzdG9wIG9mZnNldD0iMSIgc3RvcC1jb2xvcj0iIzAwNzVGRiIvPgo8L2xpbmVhckdyYWRpZW50Pgo8Y2xpcFBhdGggaWQ9ImNsaXAwXzY4N18zMjY4Ij4KPHJlY3Qgd2lkdGg9Ijk0IiBoZWlnaHQ9Ijk0IiBmaWxsPSJ3aGl0ZSIgdHJhbnNmb3JtPSJ0cmFuc2xhdGUoMjUgMjUpIi8+CjwvY2xpcFBhdGg+CjwvZGVmcz4KPC9zdmc+Cg== - keysOrder: [["apiVersion"], ["appVersion"], ["kind"], ["metadata"], ["metadata", "name"], ["spec", "host"], ["spec", "metricsStorages"], ["spec", "logsStorages"], ["spec", "alerta"], ["spec", "alerta", "storage"], ["spec", "alerta", "storageClassName"], ["spec", "alerta", "resources"], ["spec", "alerta", "resources", "limits"], ["spec", "alerta", "resources", "limits", "cpu"], ["spec", "alerta", "resources", "limits", "memory"], ["spec", "alerta", "resources", "requests"], ["spec", "alerta", "resources", "requests", "cpu"], ["spec", "alerta", "resources", "requests", "memory"], ["spec", "alerta", "alerts"], ["spec", "alerta", "alerts", "telegram"], ["spec", "alerta", "alerts", "telegram", "token"], ["spec", "alerta", "alerts", "telegram", "chatID"], ["spec", "alerta", "alerts", "telegram", "disabledSeverity"], ["spec", "grafana"], ["spec", "grafana", "db"], ["spec", "grafana", "db", "size"], ["spec", "grafana", "resources"], ["spec", "grafana", "resources", "limits"], ["spec", "grafana", "resources", "limits", "cpu"], ["spec", "grafana", "resources", "limits", "memory"], ["spec", "grafana", "resources", "requests"], ["spec", "grafana", "resources", "requests", "cpu"], ["spec", "grafana", "resources", "requests", "memory"]] + keysOrder: [["apiVersion"], ["appVersion"], ["kind"], ["metadata"], ["metadata", "name"], ["spec", "host"], ["spec", "metricsStorages"], ["spec", "logsStorages"], ["spec", "alerta"], ["spec", "alerta", "storage"], ["spec", "alerta", "storageClassName"], ["spec", "alerta", "resources"], ["spec", "alerta", "resources", "limits"], ["spec", "alerta", "resources", "limits", "cpu"], ["spec", "alerta", "resources", "limits", "memory"], ["spec", "alerta", "resources", "requests"], ["spec", "alerta", "resources", "requests", "cpu"], ["spec", "alerta", "resources", "requests", "memory"], ["spec", "alerta", "alerts"], ["spec", "alerta", "alerts", "telegram"], ["spec", "alerta", "alerts", "telegram", "token"], ["spec", "alerta", "alerts", "telegram", "chatID"], ["spec", "alerta", "alerts", "telegram", "disabledSeverity"], ["spec", "alerta", "alerts", "slack"], ["spec", "alerta", "alerts", "slack", "url"], ["spec", "grafana"], ["spec", "grafana", "db"], ["spec", "grafana", "db", "size"], ["spec", "grafana", "resources"], ["spec", "grafana", "resources", "limits"], ["spec", "grafana", "resources", "limits", "cpu"], ["spec", "grafana", "resources", "limits", "memory"], ["spec", "grafana", "resources", "requests"], ["spec", "grafana", "resources", "requests", "cpu"], ["spec", "grafana", "resources", "requests", "memory"]] secrets: - exclude: - - matchLabels: - apps.cozystack.io/tenantresource: "false" - include: [{}] + exclude: [] + include: + - resourceNames: + - grafana-admin-password + services: + exclude: [] + include: + - resourceNames: + - grafana-service + - alerta + ingresses: + exclude: [] + include: + - resourceNames: + - grafana-ingress + - alerta diff --git a/packages/system/cozystack-api/templates/cozystack-resource-definitions/mysql.yaml b/packages/system/cozystack-resource-definitions/cozyrds/mysql.yaml similarity index 97% rename from packages/system/cozystack-api/templates/cozystack-resource-definitions/mysql.yaml rename to packages/system/cozystack-resource-definitions/cozyrds/mysql.yaml index 10e4876d..6f78b077 100644 --- a/packages/system/cozystack-api/templates/cozystack-resource-definitions/mysql.yaml +++ b/packages/system/cozystack-resource-definitions/cozyrds/mysql.yaml @@ -29,7 +29,13 @@ spec: icon: PHN2ZyB3aWR0aD0iMTQ0IiBoZWlnaHQ9IjE0NCIgdmlld0JveD0iMCAwIDE0NCAxNDQiIGZpbGw9Im5vbmUiIHhtbG5zPSJodHRwOi8vd3d3LnczLm9yZy8yMDAwL3N2ZyI+CjxyZWN0IHg9Ii0wLjAwMTk1MzEyIiB3aWR0aD0iMTQ0IiBoZWlnaHQ9IjE0NCIgcng9IjI0IiBmaWxsPSJ1cmwoI3BhaW50MF9saW5lYXJfNjgzXzI5MzApIi8+CjxwYXRoIGQ9Ik0xMzMuMTkxIDI5LjAwMjJDMTMxLjIxMyAyOS4wNjU0IDEzMS44MzkgMjkuNjM1NCAxMjcuNTY0IDMwLjY4NzNDMTIzLjI0OCAzMS43NDk2IDExNy45NzUgMzEuNDIzOSAxMTMuMzI3IDMzLjM3MzNDOTkuNDUxNiAzOS4xOTI0IDk2LjY2NzYgNTkuMDgxMyA4NC4wNTM1IDY2LjIwNTlDNzQuNjI0NyA3MS41MzE4IDY1LjExMiA3MS45NTY1IDU2LjU1OTQgNzQuNjM2NUM1MC45Mzg5IDc2LjM5OSA0NC43OTA2IDgwLjAxMzUgMzkuNjk4MiA4NC40MDE4QzM1Ljc0NTUgODcuODA5MyAzNS42NDIzIDkwLjgwNTQgMzEuNTEyMyA5NS4wNzkxQzI3LjA5NDcgOTkuNjUwNCAxMy45NTUxIDk1LjE1NjQgOCAxMDIuMTUzQzkuOTE4MzUgMTA0LjA5MyAxMC43NTk0IDEwNC42MzYgMTQuNTM5OCAxMDQuMTMzQzEzLjc1NzEgMTA1LjYxNiA5LjE0MzMyIDEwNi44NjYgMTAuMDQ2NSAxMDkuMDQ5QzEwLjk5NjggMTExLjM0NSAyMi4xNTExIDExMi45MDEgMzIuMjkwOCAxMDYuNzhDMzcuMDEzMSAxMDMuOTI5IDQwLjc3NDMgOTkuODE5MyA0OC4xMjg4IDk4LjgzODRDNTcuNjQ1OSA5Ny41Njk5IDY4LjYwOTMgOTkuNjUyIDc5LjYyNjggMTAxLjI0MUM3Ny45OTMyIDEwNi4xMTIgNzQuNzEzMyAxMDkuMzUxIDcyLjA4NiAxMTMuMjMxQzcxLjI3MjQgMTE0LjEwNyA3My43MjAyIDExNC4yMDUgNzYuNTEyNiAxMTMuNjc1QzgxLjUzNTkgMTEyLjQzMyA4NS4xNTYxIDExMS40MzMgODguOTQ3MiAxMDkuMjI3QzkzLjYwNDcgMTA2LjUxNSA5NC4zMTA0IDk5LjU2MzkgMTAwLjAyNSA5OC4wNTk5QzEwMy4yMDkgMTAyLjk1NCAxMTEuODY5IDEwNC4xMSAxMTcuMjQyIDEwMC4xOTVDMTEyLjUyNyA5OC44NjA3IDExMS4yMjQgODguODI0NCAxMTIuODE1IDg0LjQwMThDMTE0LjMyMyA4MC4yMTU2IDExNS44MTMgNzMuNTE5MiAxMTcuMzMxIDY3Ljk4NTVDMTE4Ljk2MSA2Mi4wNDI1IDExOS41NjIgNTQuNTUxOSAxMjEuNTM1IDUxLjUyNDdDMTI0LjUwMyA0Ni45NzAxIDEyNy43ODMgNDUuNDA2IDEzMC42MyA0Mi44Mzc3QzEzMy40NzcgNDAuMjY5NSAxMzYuMDgzIDM3Ljc2OTQgMTM1Ljk5OCAzMS44OTI3QzEzNS45NyAyOS45OTk4IDEzNC45OTIgMjguOTQ0NyAxMzMuMTkxIDI5LjAwMjJaIiBmaWxsPSIjMDQyNDRFIi8+CjxwYXRoIGQ9Ik0xMjguOTUzIDMyLjQ4NDRDMTI5LjQyNyAzNC4xMDA0IDEzMC4xNjggMzQuODQyMSAxMzMuMzc1IDM1LjEzODdDMTMyLjkwNiAzOS4yMDQxIDEzMC4xOTUgNDEuNDI3NiAxMjcuMTU0IDQzLjU2MTFDMTI0LjQ3OSA0NS40Mzc2IDEyMS41NDcgNDcuMjQ0NSAxMTkuNjY0IDUwLjE3NTdDMTE3LjczNCA1My4xNzg1IDExNi41MDkgNjMuNDU1NCAxMTMuNTE3IDczLjYwNDRDMTEwLjkzMSA4Mi4zNzM4IDEwNy4wMjUgOTEuMDQ0NSAxMDAuMjA0IDk0Ljg0MzdDOTkuNDkxOSA5My4wNTAyIDEwMC4yOTUgODkuNzQgOTguODc4IDg4LjY1MkM5Ny45NjExIDkxLjI2NzQgOTYuOTI0MiA5My43NjI3IDk1LjcwOTggOTYuMDgyMUM5MS43MDc3IDEwMy43MzIgODUuNzgyMiAxMDkuNDU5IDc1Ljg4MDEgMTExLjIwOEM4MC41Nzg1IDEwNC44NSA4NS4wNzEgOTguMjg0NCA4NS4xNjgzIDg3LjMyNjJDODEuODYxNyA4OC4wNDE3IDgxLjkzMTkgOTUuODUyMiA3OC41MzQ1IDk3Ljk0MDJDNzYuMzU2MyA5OC4xNzcyIDc0LjE0OTggOTguMTc1OCA3MS45MjkxIDk4LjA0MjRDNjIuODA5MSA5Ny40OTU5IDUzLjQ1MzUgOTQuNzU0OSA0NC45MjE5IDk3LjQ5MjNDMzkuMTEyOCA5OS4zNTY4IDM0LjM2MTkgMTAzLjc1NSAyOS40NDI4IDEwNS44ODhDMjMuNjYxNCAxMDguMzk2IDE5LjI4MzEgMTA5LjQyNyAxMi4wODM2IDEwOC4zOTZDMTEuMTY5NSAxMDcuMTY0IDE3LjM1MjYgMTA1LjU3NSAxNi45ODI5IDEwMi45MDJDMTQuMTY1MyAxMDIuNTkgMTIuNTI5MyAxMDMuMjczIDEwLjA4MDEgMTAyLjE2QzEwLjM1MDUgMTAxLjY2MiAxMC43NDc5IDEwMS4yNDcgMTEuMjQ4MyAxMDAuOTAxQzE1LjczNzMgOTcuNzk0IDI4LjQ4ODIgMTAwLjE2NyAzMS45MDA2IDk2LjgxNjdDMzQuMDA3IDk0Ljc1IDM1LjM4ODkgOTIuNTg2NyAzNi44MTk3IDkwLjQ4MzhDMzguMjA3MiA4OC40NDM0IDM5LjY0MTUgODYuNDU5NyA0MS44MjY4IDg0LjY3MTlDNDIuNjMzNyA4NC4wMTE4IDQzLjUxMSA4My4zNTk2IDQ0LjQ0MjEgODIuNzIzQzQ4LjE2NiA4MC4xNzQzIDUyLjc3MjkgNzcuODYyOCA1Ny4zMDY2IDc2LjI2OTRDNjMuNDgyNiA3NC4wOTg0IDY5Ljc0MSA3My45MTk1IDc2LjMyMzcgNzEuNDA0M0M4MC4zOTA0IDY5Ljg1IDg0LjgxMjcgNjcuOTMwMiA4OC40MTc0IDY1LjI0MzlDODkuMjczMyA2NC42MDUxIDkwLjA4MzEgNjMuOTI0NSA5MC44MzE5IDYzLjE5NDlDMTAxLjEyNSA1My4xNjA4IDEwMy4xNjUgMzUuNDYxIDExOS4yMjQgMzMuODExNkMxMjEuMTY2IDMzLjYxMjEgMTIyLjc1NiAzMy42NzY3IDEyNC4yMDMgMzMuNjMyN0MxMjUuODcxIDMzLjU4MyAxMjcuMzQ3IDMzLjM4OTMgMTI4Ljk1MyAzMi40ODQ0Wk0xMDkuMzc1IDg5LjEzMzlDMTA5LjU2NyA5Mi4yMDEzIDExMS4zNDggOTguMjg3MiAxMTIuOTIgOTkuNzY2M0MxMDkuODQxIDEwMC41MTUgMTA0LjUzNyA5OS4yNzggMTAzLjE3NyA5Ny4xMDYyQzEwMy44NzYgOTMuOTcwNyAxMDcuNTE0IDkxLjEwNDEgMTA5LjM3NSA4OS4xMzM5WiIgZmlsbD0id2hpdGUiLz4KPHBhdGggZD0iTTEzMC4xMDkgMzUuOTE4N0MxMjkuNDkgMzcuMjE2OSAxMjguMzA1IDM4Ljg5MDggMTI4LjMwNSA0Mi4xOTU2QzEyOC4zIDQyLjc2MyAxMjcuODc1IDQzLjE1MTcgMTI3Ljg2NyA0Mi4yNzdDMTI3Ljg5OSAzOS4wNDcgMTI4Ljc1NCAzNy42NTA3IDEyOS42NjIgMzUuODE1NUMxMzAuMDg1IDM1LjA2MzYgMTMwLjMzOSAzNS4zNzM4IDEzMC4xMDkgMzUuOTE4N1pNMTI5LjQ4NiAzNS40Mjk3QzEyOC43NTYgMzYuNjY4NCAxMjYuOTk4IDM4LjkyNzggMTI2LjcwNyA0Mi4yMjAzQzEyNi42NTMgNDIuNzg0OCAxMjYuMTk0IDQzLjEzNDMgMTI2LjI2NCA0Mi4yNjE4QzEyNi41ODEgMzkuMDQ3NyAxMjcuOTg2IDM3LjAzNiAxMjkuMDUyIDM1LjI4NzNDMTI5LjUzNiAzNC41NzYxIDEyOS43NjMgMzQuOTA3NCAxMjkuNDg2IDM1LjQyOTdaTTEyOC45MTggMzQuNzgxN0MxMjguMDg2IDM1Ljk1NDMgMTI1LjM4IDM4LjY2NzggMTI0LjgxNCA0MS45MjQ3QzEyNC43MTIgNDIuNDgxOSAxMjQuMjI1IDQyLjc5MjggMTI0LjM2OCA0MS45MjlDMTI0Ljk1NCAzOC43NTIgMTI3LjI4NyAzNi4yNTUgMTI4LjQ5NiAzNC42MDM3QzEyOS4wMzggMzMuOTM0NiAxMjkuMjM3IDM0LjI4NCAxMjguOTE4IDM0Ljc4MTdaTTEyOC40MTEgMzQuMDU4OEwxMjguMTM3IDM0LjM0OTlDMTI2LjkyNyAzNS42NDcyIDEyNC4xMTYgMzguODExNCAxMjMuMTc5IDQxLjcwNzRDMTIyLjk5OSA0Mi4yNDUgMTIyLjQ3NCA0Mi40ODQ4IDEyMi43MzcgNDEuNjQ5M0MxMjMuNzYzIDM4LjU4NjQgMTI2LjU4OSAzNS4yODczIDEyOC4wMTggMzMuODIyN0MxMjguNjUgMzMuMjM2NCAxMjguNzk2IDMzLjYxMDYgMTI4LjQxMSAzNC4wNTg4Wk0xMTMuODg2IDQwLjYxNjJDMTE0LjUxMyAzNy45MjMxIDExNi42MDcgMzYuNjk2IDEyMC4yMjMgMzYuOTk1M0MxMjEuMDk2IDQxLjAxNTEgMTE2LjIxMyA0Mi42MzY2IDExMy44ODYgNDAuNjE2MloiIGZpbGw9IiMwNDI0NEUiLz4KPGRlZnM+CjxsaW5lYXJHcmFkaWVudCBpZD0icGFpbnQwX2xpbmVhcl82ODNfMjkzMCIgeDE9IjE0MC41IiB5MT0iMTQxIiB4Mj0iNS45OTk5OSIgeTI9Ii01LjUwMjI4ZS0wNiIgZ3JhZGllbnRVbml0cz0idXNlclNwYWNlT25Vc2UiPgo8c3RvcCBzdG9wLWNvbG9yPSIjQzQ5QTZDIi8+CjxzdG9wIG9mZnNldD0iMSIgc3RvcC1jb2xvcj0iI0U3QkY5MyIvPgo8L2xpbmVhckdyYWRpZW50Pgo8L2RlZnM+Cjwvc3ZnPgo= keysOrder: [["apiVersion"], ["appVersion"], ["kind"], ["metadata"], ["metadata", "name"], ["spec", "replicas"], ["spec", "resources"], ["spec", "resourcesPreset"], ["spec", "size"], ["spec", "storageClass"], ["spec", "external"], ["spec", "users"], ["spec", "databases"], ["spec", "backup"], ["spec", "backup", "enabled"], ["spec", "backup", "s3Region"], ["spec", "backup", "s3Bucket"], ["spec", "backup", "schedule"], ["spec", "backup", "cleanupStrategy"], ["spec", "backup", "s3AccessKey"], ["spec", "backup", "s3SecretKey"], ["spec", "backup", "resticPassword"]] secrets: - exclude: - - matchLabels: - apps.cozystack.io/tenantresource: "false" - include: [{}] + exclude: [] + include: + - resourceNames: + - mysql-{{ .name }}-credentials + services: + exclude: [] + include: + - resourceNames: + - mysql-{{ .name }}-primary + - mysql-{{ .name }}-secondary diff --git a/packages/system/cozystack-api/templates/cozystack-resource-definitions/nats.yaml b/packages/system/cozystack-resource-definitions/cozyrds/nats.yaml similarity index 96% rename from packages/system/cozystack-api/templates/cozystack-resource-definitions/nats.yaml rename to packages/system/cozystack-resource-definitions/cozyrds/nats.yaml index afde7461..692075a9 100644 --- a/packages/system/cozystack-api/templates/cozystack-resource-definitions/nats.yaml +++ b/packages/system/cozystack-resource-definitions/cozyrds/nats.yaml @@ -29,7 +29,12 @@ spec: icon: PHN2ZyB3aWR0aD0iMTQ0IiBoZWlnaHQ9IjE0NCIgdmlld0JveD0iMCAwIDE0NCAxNDQiIGZpbGw9Im5vbmUiIHhtbG5zPSJodHRwOi8vd3d3LnczLm9yZy8yMDAwL3N2ZyI+CjxyZWN0IHdpZHRoPSIxNDQiIGhlaWdodD0iMTQ0IiByeD0iMjQiIGZpbGw9InVybCgjcGFpbnQwX2xpbmVhcl82ODFfMjgyMSkiLz4KPHJlY3Qgd2lkdGg9IjE0NCIgaGVpZ2h0PSIxNDQiIHJ4PSIyNCIgZmlsbD0iYmxhY2siIGZpbGwtb3BhY2l0eT0iMC4zIi8+CjxwYXRoIGZpbGwtcnVsZT0iZXZlbm9kZCIgY2xpcC1ydWxlPSJldmVub2RkIiBkPSJNMTE3LjQ4IDI1SDI3Vjk4Ljk2OTNINjYuMDY4OUw4Ny43MDc1IDExOVY5OC45NjkzSDExNy40OFYyNVoiIGZpbGw9IndoaXRlIi8+CjxwYXRoIGQ9Ik05Mi4xMzUyIDcyLjQ1NTJWNDIuNjI1SDEwMi43NzNWODEuMTk5OUg4Ni42NTE5TDU0LjExNCA1MC44NDE0VjgxLjIzMjJINDMuNDQ0M1Y0Mi42MjVINjAuMTI2Mkw5Mi4xMzUyIDcyLjQ1NTJaIiBmaWxsPSJibGFjayIvPgo8ZGVmcz4KPGxpbmVhckdyYWRpZW50IGlkPSJwYWludDBfbGluZWFyXzY4MV8yODIxIiB4MT0iMTAiIHkxPSIxNS41IiB4Mj0iMTQ0IiB5Mj0iMTMxLjUiIGdyYWRpZW50VW5pdHM9InVzZXJTcGFjZU9uVXNlIj4KPHN0b3Agc3RvcC1jb2xvcj0iIzM4NUM5MyIvPgo8c3RvcCBvZmZzZXQ9IjEiIHN0b3AtY29sb3I9IiMzMkE1NzQiLz4KPC9saW5lYXJHcmFkaWVudD4KPC9kZWZzPgo8L3N2Zz4K keysOrder: [["apiVersion"], ["appVersion"], ["kind"], ["metadata"], ["metadata", "name"], ["spec", "replicas"], ["spec", "resources"], ["spec", "resourcesPreset"], ["spec", "storageClass"], ["spec", "external"], ["spec", "users"], ["spec", "jetstream"], ["spec", "jetstream", "enabled"], ["spec", "jetstream", "size"], ["spec", "config"], ["spec", "config", "merge"], ["spec", "config", "resolver"]] secrets: - exclude: - - matchLabels: - apps.cozystack.io/tenantresource: "false" - include: [{}] + exclude: [] + include: + - resourceNames: + - nats-{{ .name }}-credentials + services: + exclude: [] + include: + - resourceNames: + - nats-{{ .name }} diff --git a/packages/system/cozystack-api/templates/cozystack-resource-definitions/postgres.yaml b/packages/system/cozystack-resource-definitions/cozyrds/postgres.yaml similarity index 97% rename from packages/system/cozystack-api/templates/cozystack-resource-definitions/postgres.yaml rename to packages/system/cozystack-resource-definitions/cozyrds/postgres.yaml index d53c7186..17363553 100644 --- a/packages/system/cozystack-api/templates/cozystack-resource-definitions/postgres.yaml +++ b/packages/system/cozystack-resource-definitions/cozyrds/postgres.yaml @@ -37,7 +37,15 @@ spec: keysOrder: [["apiVersion"], ["appVersion"], ["kind"], ["metadata"], ["metadata", "name"], ["spec", "replicas"], ["spec", "resources"], ["spec", "resourcesPreset"], ["spec", "size"], ["spec", "storageClass"], ["spec", "external"], ["spec", "postgresql"], ["spec", "postgresql", "parameters"], ["spec", "postgresql", "parameters", "max_connections"], ["spec", "quorum"], ["spec", "quorum", "minSyncReplicas"], ["spec", "quorum", "maxSyncReplicas"], ["spec", "users"], ["spec", "databases"], ["spec", "backup"], ["spec", "backup", "enabled"], ["spec", "backup", "retentionPolicy"], ["spec", "backup", "destinationPath"], ["spec", "backup", "endpointURL"], ["spec", "backup", "schedule"], ["spec", "backup", "s3AccessKey"], ["spec", "backup", "s3SecretKey"], ["spec", "bootstrap"], ["spec", "bootstrap", "enabled"], ["spec", "bootstrap", "recoveryTime"], ["spec", "bootstrap", "oldName"]] secrets: - exclude: - - matchLabels: - apps.cozystack.io/tenantresource: "false" - include: [{}] + exclude: [] + include: + - resourceNames: + - postgres-{{ .name }}-credentials + services: + exclude: [] + include: + - resourceNames: + - postgres-{{ .name }}-r + - postgres-{{ .name }}-ro + - postgres-{{ .name }}-rw + - postgres-{{ .name }}-external-write diff --git a/packages/system/cozystack-api/templates/cozystack-resource-definitions/rabbitmq.yaml b/packages/system/cozystack-resource-definitions/cozyrds/rabbitmq.yaml similarity index 95% rename from packages/system/cozystack-api/templates/cozystack-resource-definitions/rabbitmq.yaml rename to packages/system/cozystack-resource-definitions/cozyrds/rabbitmq.yaml index 87606b4f..5e646959 100644 --- a/packages/system/cozystack-api/templates/cozystack-resource-definitions/rabbitmq.yaml +++ b/packages/system/cozystack-resource-definitions/cozyrds/rabbitmq.yaml @@ -29,7 +29,14 @@ spec: icon: PHN2ZyB3aWR0aD0iMTQ0IiBoZWlnaHQ9IjE0NCIgdmlld0JveD0iMCAwIDE0NCAxNDQiIGZpbGw9Im5vbmUiIHhtbG5zPSJodHRwOi8vd3d3LnczLm9yZy8yMDAwL3N2ZyI+CjxyZWN0IHg9Ii0wLjAwMTk1MzEyIiB3aWR0aD0iMTQ0IiBoZWlnaHQ9IjE0NCIgcng9IjI0IiBmaWxsPSJ1cmwoI3BhaW50MF9saW5lYXJfNjgzXzI5NzIpIi8+CjxwYXRoIGQ9Ik0xMTEuNDExIDYyLjhIODIuNDkzOUM4MS43OTY5IDYyLjc5OTcgODEuMTI4NSA2Mi41MjI4IDgwLjYzNTYgNjIuMDMwMUM4MC4xNDI3IDYxLjUzNzMgNzkuODY1NiA2MC44NjkxIDc5Ljg2NTMgNjAuMTcyMlYzMC4wNDEyQzc5Ljg2NTMgMjcuODEgNzguMDU1NiAyNiA3NS44MjQ5IDI2SDY1LjUwMjFDNjMuMjcgMjYgNjEuNDYxNCAyNy44MSA2MS40NjE0IDMwLjA0MTJWNTkuOTg5OEM2MS40NjE0IDYxLjU0MzUgNjAuMjA1IDYyLjgwNjUgNTguNjUwOCA2Mi44MTMzTDQ5LjE3NDMgNjIuODU4NEM0Ny42MDY5IDYyLjg2NjkgNDYuMzMzNiA2MS41OTU1IDQ2LjMzNjYgNjAuMDI5OEw0Ni4zOTU0IDMwLjA0OEM0Ni40MDA1IDI3LjgxMzQgNDQuNTkwMiAyNiA0Mi4zNTUgMjZIMzIuMDQwN0MyOS44MDgzIDI2IDI4IDI3LjgxIDI4IDMwLjA0MTJWMTE0LjQxMkMyOCAxMTYuMzk0IDI5LjYwNjEgMTE4IDMxLjU4NzEgMTE4SDExMS40MTFDMTEzLjM5NCAxMTggMTE1IDExNi4zOTQgMTE1IDExNC40MTJWNjYuMzg4QzExNSA2NC40MDU4IDExMy4zOTQgNjIuOCAxMTEuNDExIDYyLjhaTTk3Ljg1MDggOTQuNDc3OUM5Ny44NTA4IDk3LjA3NTUgOTUuNzQ0NSA5OS4xODE3IDkzLjE0NjQgOTkuMTgxN0g4NC45ODg0QzgyLjM5IDk5LjE4MTcgODAuMjgzNiA5Ny4wNzU1IDgwLjI4MzYgOTQuNDc3OVY4Ni4zMjE3QzgwLjI4MzYgODMuNzIzOCA4Mi4zOSA4MS42MTc5IDg0Ljk4ODQgODEuNjE3OUg5My4xNDY0Qzk1Ljc0NDUgODEuNjE3OSA5Ny44NTA4IDgzLjcyMzggOTcuODUwOCA4Ni4zMjE3Vjk0LjQ3NzlaIiBmaWxsPSJ3aGl0ZSIvPgo8ZGVmcz4KPGxpbmVhckdyYWRpZW50IGlkPSJwYWludDBfbGluZWFyXzY4M18yOTcyIiB4MT0iNSIgeTE9Ii03LjUiIHgyPSIxNDEiIHkyPSIxMjQuNSIgZ3JhZGllbnRVbml0cz0idXNlclNwYWNlT25Vc2UiPgo8c3RvcCBzdG9wLWNvbG9yPSIjRkY4MjJGIi8+CjxzdG9wIG9mZnNldD0iMSIgc3RvcC1jb2xvcj0iI0ZGNjYwMCIvPgo8L2xpbmVhckdyYWRpZW50Pgo8L2RlZnM+Cjwvc3ZnPgo= keysOrder: [["apiVersion"], ["appVersion"], ["kind"], ["metadata"], ["metadata", "name"], ["spec", "replicas"], ["spec", "resources"], ["spec", "resourcesPreset"], ["spec", "size"], ["spec", "storageClass"], ["spec", "external"], ["spec", "users"], ["spec", "vhosts"]] secrets: - exclude: + exclude: [] + include: + - resourceNames: + - rabbitmq-{{ .name }}-default-user - matchLabels: - apps.cozystack.io/tenantresource: "false" - include: [{}] + apps.cozystack.io/user-secret: "true" + services: + exclude: [] + include: + - resourceNames: + - rabbitmq-{{ .name }} diff --git a/packages/system/cozystack-api/templates/cozystack-resource-definitions/redis.yaml b/packages/system/cozystack-resource-definitions/cozyrds/redis.yaml similarity index 96% rename from packages/system/cozystack-api/templates/cozystack-resource-definitions/redis.yaml rename to packages/system/cozystack-resource-definitions/cozyrds/redis.yaml index 95bee1e7..29c33a26 100644 --- a/packages/system/cozystack-api/templates/cozystack-resource-definitions/redis.yaml +++ b/packages/system/cozystack-resource-definitions/cozyrds/redis.yaml @@ -29,7 +29,15 @@ spec: icon: PHN2ZyB3aWR0aD0iMTQ0IiBoZWlnaHQ9IjE0NCIgdmlld0JveD0iMCAwIDE0NCAxNDQiIGZpbGw9Im5vbmUiIHhtbG5zPSJodHRwOi8vd3d3LnczLm9yZy8yMDAwL3N2ZyI+CjxyZWN0IHdpZHRoPSIxNDQiIGhlaWdodD0iMTQ0IiByeD0iMjQiIGZpbGw9InVybCgjcGFpbnQwX2xpbmVhcl82ODNfMzIxMykiLz4KPHBhdGggZD0iTTEyMC4xNDkgOTUuNTQ5MUMxMTQuNTg2IDk4LjQ0ODUgODUuNzcwOSAxMTAuMjk2IDc5LjYzNjMgMTEzLjQ5NUM3My41MDE2IDExNi42OTMgNzAuMDkzNyAxMTYuNjYyIDY1LjI0NzIgMTE0LjM0NkM2MC40MDEyIDExMi4wMjkgMjkuNzM2NCA5OS42NDIzIDI0LjIxMjUgOTcuMDAxOUMyMS40NTE5IDk1LjY4MjcgMjAgOTQuNTY4NyAyMCA5My41MTY2VjgyLjk4MDlDMjAgODIuOTgwOSA1OS45MjIgNzQuMjkwMSA2Ni4zNjY5IDcxLjk3NzhDNzIuODExNSA2OS42NjU2IDc1LjA0NzYgNjkuNTgyMSA4MC41MzIgNzEuNTkxQzg2LjAxNzMgNzMuNjAwOCAxMTguODEyIDc5LjUxNzYgMTI0LjIzMyA4MS41MDI5TDEyNC4yMyA5MS44ODk2QzEyNC4yMzEgOTIuOTMxMSAxMjIuOTggOTQuMDczNiAxMjAuMTQ5IDk1LjU0OTFaIiBmaWxsPSIjOTEyNjI2Ii8+CjxwYXRoIGQ9Ik0xMjAuMTQ3IDg1LjA3NTJDMTE0LjU4NSA4Ny45NzM0IDg1Ljc3IDk5LjgyMTggNzkuNjM1NCAxMDMuMDJDNzMuNTAxMSAxMDYuMjE5IDcwLjA5MzIgMTA2LjE4NyA2NS4yNDcyIDEwMy44NzFDNjAuNDAwNyAxMDEuNTU1IDI5LjczNzEgODkuMTY2OCAyNC4yMTM2IDg2LjUyOEMxOC42OTAxIDgzLjg4NzYgMTguNTc0NCA4Mi4wNzA0IDI0LjAwMDMgNzkuOTQ1OEMyOS40MjYxIDc3LjgyMDUgNTkuOTIxNSA2NS44NTYxIDY2LjM2NzIgNjMuNTQzOEM3Mi44MTE4IDYxLjIzMjQgNzUuMDQ3NSA2MS4xNDgxIDgwLjUzMTkgNjMuMTU3OEM4Ni4wMTY4IDY1LjE2NjggMTE0LjY2IDc2LjU2NzYgMTIwLjA3OSA3OC41NTI1QzEyNS41MDEgODAuNTM5OSAxMjUuNzA5IDgyLjE3NjMgMTIwLjE0NyA4NS4wNzUyWiIgZmlsbD0iI0M2MzAyQiIvPgo8cGF0aCBkPSJNMTIwLjE0OSA3OC41MDJDMTE0LjU4NiA4MS40MDE4IDg1Ljc3MDkgOTMuMjQ5MyA3OS42MzYzIDk2LjQ0ODhDNzMuNTAxNiA5OS42NDYyIDcwLjA5MzcgOTkuNjE1MiA2NS4yNDcyIDk3LjI5ODVDNjAuNDAwOCA5NC45ODMgMjkuNzM2NCA4Mi41OTUyIDI0LjIxMjUgNzkuOTU0N0MyMS40NTE5IDc4LjYzNTUgMjAgNzcuNTIzMiAyMCA3Ni40NzA3VjY1LjkzMzhDMjAgNjUuOTMzOCA1OS45MjIgNTcuMjQzNCA2Ni4zNjY5IDU0LjkzMTFDNzIuODExNSA1Mi42MTg5IDc1LjA0NzYgNTIuNTM1IDgwLjUzMiA1NC41NDQzQzg2LjAxNzcgNTYuNTUzNiAxMTguODEzIDYyLjQ2OTMgMTI0LjIzMyA2NC40NTVMMTI0LjIzIDc0Ljg0MjhDMTI0LjIzMSA3NS44ODQgMTIyLjk4IDc3LjAyNjQgMTIwLjE0OSA3OC41MDJaIiBmaWxsPSIjOTEyNjI2Ii8+CjxwYXRoIGQ9Ik0xMjAuMTQ3IDY4LjAyODJDMTE0LjU4NSA3MC45MjcxIDg1Ljc3IDgyLjc3NDcgNzkuNjM1NCA4NS45NzM3QzczLjUwMTEgODkuMTcxNiA3MC4wOTMyIDg5LjE0MDIgNjUuMjQ3MiA4Ni44MjM1QzYwLjQwMDcgODQuNTA4NCAyOS43MzcxIDcyLjEyMDEgMjQuMjEzNiA2OS40ODA5QzE4LjY5MDEgNjYuODQxMyAxOC41NzQ0IDY1LjAyMzcgMjQuMDAwMyA2Mi44OTg0QzI5LjQyNjEgNjAuNzc0MiA1OS45MjE5IDQ4LjgwOSA2Ni4zNjcyIDQ2LjQ5NzJDNzIuODExOCA0NC4xODUzIDc1LjA0NzUgNDQuMTAxNCA4MC41MzE5IDQ2LjExMDhDODYuMDE2OCA0OC4xMTk3IDExNC42NiA1OS41MTk3IDEyMC4wNzkgNjEuNTA1NUMxMjUuNTAxIDYzLjQ5MjQgMTI1LjcwOSA2NS4xMjkyIDEyMC4xNDcgNjguMDI4MloiIGZpbGw9IiNDNjMwMkIiLz4KPHBhdGggZD0iTTEyMC4xNDkgNjAuODIyNEMxMTQuNTg2IDYzLjcyMTQgODUuNzcwOSA3NS41Njk4IDc5LjYzNjMgNzguNzY5MkM3My41MDE2IDgxLjk2NzEgNzAuMDkzNyA4MS45MzU3IDY1LjI0NzIgNzkuNjE5QzYwLjQwMDggNzcuMzAzNSAyOS43MzY0IDY0LjkxNTIgMjQuMjEyNSA2Mi4yNzZDMjEuNDUxOSA2MC45NTU2IDIwIDU5Ljg0MjggMjAgNTguNzkxNVY0OC4yNTQyQzIwIDQ4LjI1NDIgNTkuOTIyIDM5LjU2NDIgNjYuMzY2OSAzNy4yNTI0QzcyLjgxMTUgMzQuOTM5NyA3NS4wNDc2IDM0Ljg1NjcgODAuNTMyIDM2Ljg2NTZDODYuMDE3NyAzOC44NzQ5IDExOC44MTMgNDQuNzkwNSAxMjQuMjMzIDQ2Ljc3NjNMMTI0LjIzIDU3LjE2MzdDMTI0LjIzMSA1OC4yMDQgMTIyLjk4IDU5LjM0NjUgMTIwLjE0OSA2MC44MjI0WiIgZmlsbD0iIzkxMjYyNiIvPgo8cGF0aCBkPSJNMTIwLjE0NyA1MC4zNDlDMTE0LjU4NSA1My4yNDc5IDg1Ljc2OTggNjUuMDk2MyA3OS42MzUyIDY4LjI5NDFDNzMuNTAwOSA3MS40OTIgNzAuMDkzIDcxLjQ2MDYgNjUuMjQ2OSA2OS4xNDUxQzYwLjQwMDkgNjYuODI4MyAyOS43MzY5IDU0LjQ0MDkgMjQuMjEzOCA1MS44MDEzQzE4LjY4OTkgNDkuMTYyMSAxOC41NzQ2IDQ3LjM0NDEgMjQgNDUuMjE5MkMyOS40MjU5IDQzLjA5NDYgNTkuOTIxNyAzMS4xMzEgNjYuMzY3IDI4LjgxODRDNzIuODExNiAyNi41MDYxIDc1LjA0NzMgMjYuNDIzIDgwLjUzMTcgMjguNDMyNEM4Ni4wMTY2IDMwLjQ0MTcgMTE0LjY1OSA0MS44NDE4IDEyMC4wNzkgNDMuODI3NUMxMjUuNTAxIDQ1LjgxMjggMTI1LjcwOSA0Ny40NSAxMjAuMTQ3IDUwLjM0OVoiIGZpbGw9IiNDNjMwMkIiLz4KPHBhdGggZD0iTTg0Ljg1NDEgNDAuMDk5NEw3NS44OTI2IDQxLjAyOThMNzMuODg2NSA0NS44NTdMNzAuNjQ2MyA0MC40NzAzTDYwLjI5ODMgMzkuNTQwNEw2OC4wMTk3IDM2Ljc1NThMNjUuNzAzIDMyLjQ4MTRMNzIuOTMyMSAzNS4zMDg4TDc5Ljc0NzEgMzMuMDc3NUw3Ny45MDUyIDM3LjQ5NzJMODQuODU0MSA0MC4wOTk0Wk03My4zNTE1IDYzLjUxODRMNTYuNjI2NiA1Ni41ODE2TDgwLjU5MiA1Mi45MDI5TDczLjM1MTUgNjMuNTE4NFpNNTAuMTYzNyA0Mi43ODI2QzU3LjIzODEgNDIuNzgyNiA2Mi45NzMgNDUuMDA1NyA2Mi45NzMgNDcuNzQ3NUM2Mi45NzMgNTAuNDkwMSA1Ny4yMzgxIDUyLjcxMjggNTAuMTYzNyA1Mi43MTI4QzQzLjA4OTMgNTIuNzEyOCAzNy4zNTQ1IDUwLjQ4OTcgMzcuMzU0NSA0Ny43NDc1QzM3LjM1NDUgNDUuMDA1NyA0My4wODkzIDQyLjc4MjYgNTAuMTYzNyA0Mi43ODI2WiIgZmlsbD0id2hpdGUiLz4KPHBhdGggZD0iTTk1LjQ0MzQgNDEuNDE3NEwxMDkuNjI3IDQ3LjAyMjRMOTUuNDU1NiA1Mi42MjJMOTUuNDQzNCA0MS40MTc0WiIgZmlsbD0iIzYyMUIxQyIvPgo8cGF0aCBkPSJNNzkuNzUyOSA0Ny42MjYxTDk1LjQ0NDkgNDEuNDE4OUw5NS40NTcxIDUyLjYyMzZMOTMuOTE4NCA1My4yMjU0TDc5Ljc1MjkgNDcuNjI2MVoiIGZpbGw9IiM5QTI5MjgiLz4KPGRlZnM+CjxsaW5lYXJHcmFkaWVudCBpZD0icGFpbnQwX2xpbmVhcl82ODNfMzIxMyIgeDE9IjE4OSIgeTE9IjIxMC41IiB4Mj0iMCIgeTI9IjAiIGdyYWRpZW50VW5pdHM9InVzZXJTcGFjZU9uVXNlIj4KPHN0b3Agc3RvcC1jb2xvcj0iI0E4MDAwMCIvPgo8c3RvcCBvZmZzZXQ9IjEiIHN0b3AtY29sb3I9IiNGRkNGQ0YiLz4KPC9saW5lYXJHcmFkaWVudD4KPC9kZWZzPgo8L3N2Zz4K keysOrder: [["apiVersion"], ["appVersion"], ["kind"], ["metadata"], ["metadata", "name"], ["spec", "replicas"], ["spec", "resources"], ["spec", "resourcesPreset"], ["spec", "size"], ["spec", "storageClass"], ["spec", "external"], ["spec", "authEnabled"]] secrets: - exclude: - - matchLabels: - apps.cozystack.io/tenantresource: "false" - include: [{}] + exclude: [] + include: + - resourceNames: + - redis-{{ .name }}-auth + services: + exclude: [] + include: + - resourceNames: + - rfs-redis-{{ .name }} + - rfrm-redis-{{ .name }} + - rfrs-redis-{{ .name }} + - redis-{{ .name }}-external-lb diff --git a/packages/system/cozystack-api/templates/cozystack-resource-definitions/seaweedfs.yaml b/packages/system/cozystack-resource-definitions/cozyrds/seaweedfs.yaml similarity index 99% rename from packages/system/cozystack-api/templates/cozystack-resource-definitions/seaweedfs.yaml rename to packages/system/cozystack-resource-definitions/cozyrds/seaweedfs.yaml index f4519c85..2d027491 100644 --- a/packages/system/cozystack-api/templates/cozystack-resource-definitions/seaweedfs.yaml +++ b/packages/system/cozystack-resource-definitions/cozyrds/seaweedfs.yaml @@ -30,7 +30,15 @@ spec: icon: PHN2ZyB3aWR0aD0iMTQ0IiBoZWlnaHQ9IjE0NCIgdmlld0JveD0iMCAwIDE0NCAxNDQiIGZpbGw9Im5vbmUiIHhtbG5zPSJodHRwOi8vd3d3LnczLm9yZy8yMDAwL3N2ZyI+CjxyZWN0IHdpZHRoPSIxNDQiIGhlaWdodD0iMTQ0IiByeD0iMjQiIGZpbGw9InVybCgjcGFpbnQwX2xpbmVhcl82NzlfMTkxMCkiLz4KPHBhdGggZD0iTTEzOC42ODUgMTIxLjA1N0MxMzguNjg1IDEyNi42NTIgMTM2LjQ2MiAxMzIuMDE3IDEzMi41MDQgMTM1Ljk3M0MxMjguNTQ3IDEzOS45MjkgMTIzLjE3OSAxNDIuMTUxIDExNy41ODIgMTQyLjE1MUMxMTEuOTg1IDE0Mi4xNTEgMTA2LjYxOCAxMzkuOTI5IDEwMi42NiAxMzUuOTczQzk4LjcwMjggMTMyLjAxNyA5Ni40Nzk1IDEyNi42NTIgOTYuNDc5NSAxMjEuMDU3Qzk2LjQ3OTUgMTE4LjI4NyA5Ny4wMjUzIDExNS41NDQgOTguMDg1OCAxMTIuOTg1Qzk5LjE0NjMgMTEwLjQyNSAxMDAuNzAxIDEwOC4xIDEwMi42NiAxMDYuMTQxQzEwNC42MiAxMDQuMTgyIDEwNi45NDYgMTAyLjYyOSAxMDkuNTA3IDEwMS41NjlDMTEyLjA2NyAxMDAuNTA5IDExNC44MTEgOTkuOTYyOSAxMTcuNTgyIDk5Ljk2MjlDMTIwLjM1MyA5OS45NjI5IDEyMy4wOTggMTAwLjUwOSAxMjUuNjU4IDEwMS41NjlDMTI4LjIxOCAxMDIuNjI5IDEzMC41NDQgMTA0LjE4MiAxMzIuNTA0IDEwNi4xNDFDMTM0LjQ2NCAxMDguMSAxMzYuMDE4IDExMC40MjUgMTM3LjA3OSAxMTIuOTg1QzEzOC4xMzkgMTE1LjU0NCAxMzguNjg1IDExOC4yODcgMTM4LjY4NSAxMjEuMDU3WiIgZmlsbD0idXJsKCNwYWludDFfcmFkaWFsXzY3OV8xOTEwKSIvPgo8cGF0aCBkPSJNMTEwLjMzNiAxMjYuMTQ3SDEyMy42OFYxMzYuODIzSDExMC4zMzZWMTI2LjE0N1oiIGZpbGw9IiMwRjVFOUMiLz4KPHBhdGggZD0iTTExOS4yNyAxMTIuMjk0QzExOS4yNyAxMTIuNzE0IDExOS4xNzggMTEzLjEzMSAxMTkgMTEzLjUxOUMxMTguODIxIDExMy45MDggMTE4LjU2IDExNC4yNjEgMTE4LjIzIDExNC41NThDMTE3LjkwMSAxMTQuODU1IDExNy41MDkgMTE1LjA5MSAxMTcuMDc5IDExNS4yNTJDMTE2LjY0OCAxMTUuNDEzIDExNi4xODYgMTE1LjQ5NiAxMTUuNzIgMTE1LjQ5NkMxMTQuNzc4IDExNS40OTYgMTEzLjg3NSAxMTUuMTU4IDExMy4yMSAxMTQuNTU4QzExMi41NDQgMTEzLjk1NyAxMTIuMTcgMTEzLjE0MyAxMTIuMTcgMTEyLjI5NEMxMTIuMTcgMTExLjQ0NSAxMTIuNTQ0IDExMC42MyAxMTMuMjEgMTEwLjAzQzExMy44NzUgMTA5LjQyOSAxMTQuNzc4IDEwOS4wOTIgMTE1LjcyIDEwOS4wOTJDMTE2LjE4NiAxMDkuMDkyIDExNi42NDggMTA5LjE3NSAxMTcuMDc5IDEwOS4zMzZDMTE3LjUwOSAxMDkuNDk2IDExNy45MDEgMTA5LjczMiAxMTguMjMgMTEwLjAzQzExOC41NiAxMTAuMzI3IDExOC44MjEgMTEwLjY4IDExOSAxMTEuMDY4QzExOS4xNzggMTExLjQ1NyAxMTkuMjcgMTExLjg3MyAxMTkuMjcgMTEyLjI5NFoiIGZpbGw9IiM1OTY4NkYiLz4KPHBhdGggZD0iTTEyOC4xMSAxMTQuMTAzQzEyOC4xMSAxMTQuOTUzIDEyNy43MzYgMTE1Ljc2NyAxMjcuMDcgMTE2LjM2OEMxMjYuNDA0IDExNi45NjggMTI1LjUwMSAxMTcuMzA1IDEyNC41NiAxMTcuMzA1QzEyNC4wOTQgMTE3LjMwNSAxMjMuNjMyIDExNy4yMjMgMTIzLjIwMSAxMTcuMDYyQzEyMi43NzEgMTE2LjkwMSAxMjIuMzc5IDExNi42NjUgMTIyLjA1IDExNi4zNjhDMTIxLjcyIDExNi4wNyAxMjEuNDU4IDExNS43MTcgMTIxLjI4IDExNS4zMjlDMTIxLjEwMiAxMTQuOTQgMTIxLjAxIDExNC41MjQgMTIxLjAxIDExNC4xMDNDMTIxLjAxIDExMy42ODMgMTIxLjEwMiAxMTMuMjY2IDEyMS4yOCAxMTIuODc4QzEyMS40NTggMTEyLjQ5IDEyMS43MiAxMTIuMTM3IDEyMi4wNSAxMTEuODM5QzEyMi4zNzkgMTExLjU0MiAxMjIuNzcxIDExMS4zMDYgMTIzLjIwMSAxMTEuMTQ1QzEyMy42MzIgMTEwLjk4NCAxMjQuMDk0IDExMC45MDEgMTI0LjU2IDExMC45MDFDMTI1LjUwMSAxMTAuOTAxIDEyNi40MDQgMTExLjIzOSAxMjcuMDcgMTExLjgzOUMxMjcuNzM2IDExMi40NCAxMjguMTEgMTEzLjI1NCAxMjguMTEgMTE0LjEwM1oiIGZpbGw9IiM1OTY4NkYiLz4KPHBhdGggZD0iTTEyMi4zMzMgMTE4Ljk3NkMxMjIuMzMzIDExOS44MjYgMTIxLjk1OCAxMjAuNjQgMTIxLjI5MyAxMjEuMjQxQzEyMC42MjcgMTIxLjg0MSAxMTkuNzI0IDEyMi4xNzggMTE4Ljc4MiAxMjIuMTc4QzExOC4zMTYgMTIyLjE3OCAxMTcuODU1IDEyMi4wOTYgMTE3LjQyNCAxMjEuOTM1QzExNi45OTMgMTIxLjc3NCAxMTYuNjAyIDEyMS41MzggMTE2LjI3MiAxMjEuMjQxQzExNS45NDMgMTIwLjk0MyAxMTUuNjgxIDEyMC41OSAxMTUuNTAzIDEyMC4yMDJDMTE1LjMyNCAxMTkuODEzIDExNS4yMzIgMTE5LjM5NyAxMTUuMjMyIDExOC45NzZDMTE1LjIzMiAxMTguNTU2IDExNS4zMjQgMTE4LjE0IDExNS41MDMgMTE3Ljc1MUMxMTUuNjgxIDExNy4zNjMgMTE1Ljk0MyAxMTcuMDEgMTE2LjI3MiAxMTYuNzEyQzExNi42MDIgMTE2LjQxNSAxMTYuOTkzIDExNi4xNzkgMTE3LjQyNCAxMTYuMDE4QzExNy44NTUgMTE1Ljg1NyAxMTguMzE2IDExNS43NzQgMTE4Ljc4MiAxMTUuNzc0QzExOS43MjQgMTE1Ljc3NCAxMjAuNjI3IDExNi4xMTIgMTIxLjI5MyAxMTYuNzEyQzEyMS45NTggMTE3LjMxMyAxMjIuMzMzIDExOC4xMjcgMTIyLjMzMyAxMTguOTc2WiIgZmlsbD0iIzU5Njg2RiIvPgo8cGF0aCBkPSJNMTE1LjMwOCAxMjEuOTA1QzExMy43MzUgMTIxLjQyNiAxMTUuNzA3IDEyMC42OCAxMTUuNDI5IDEyMC41NzNDMTE0LjY1MyAxMjAuMjc2IDExNS43MyAxMTkuMzMzIDExNi43NCAxMTguNTM5QzExNy42MjggMTE3Ljg0MSAxMTcuNjU5IDExNy44MzkgMTE3Ljg5MiAxMTguNDY4QzExOC4wMjQgMTE4LjgyMyAxMTguMzcxIDExOS4yMDYgMTE4LjY2NSAxMTkuMzE5QzExOS4yODkgMTE5LjU1OCAxMjAuOTUxIDExOS4yNjkgMTIwLjk1MSAxMTguODM1QzEyMC45NTEgMTE4LjIyMyAxMjEuNDE1IDExOC42OTkgMTIxLjc5NCAxMTkuNTMxQzEyMi40NTcgMTIwLjk4NyAxMjIuNDM3IDEyMi40NzIgMTIxLjQ1IDEyMi40NzJDMTIwLjg1OSAxMjIuNDcyIDEyMC4zMSAxMjIuNjkxIDEyMC4xOSAxMjMuMTQ3QzExNS4wNDYgMTI0LjYgMTE2LjQ3MSAxMjMuMjg0IDExNS4zMDggMTIxLjkwNVpNMTIzLjA5NCAxMTguMDU0QzEyMS42MDkgMTE3LjQ2NiAxMjAuNTQ3IDExNC44MzggMTIwLjU0NyAxMTMuMzA5QzEyMC41NDcgMTExLjMyMyAxMjIuNTQxIDEwOS4wOTUgMTI0LjMxNyAxMDkuMDk1QzEyOC4zMTUgMTA5LjA5NSAxMzAuNjg0IDExMi4yNjEgMTI4LjgzOCAxMTguNDA5QzEyOC4zODUgMTE5LjkxOSAxMjMuOTMzIDExOC4zODcgMTIzLjA5NCAxMTguMDU0Wk0xMjUuODY2IDExNS42NDlDMTI3LjU0NCAxMTQuNDc0IDEyNS44NTcgMTExLjc1NSAxMjMuOTgxIDExMi42MUMxMjIuNDc5IDExMy4yOTQgMTIzLjExOSAxMTYuMTE1IDEyNC43NyAxMTYuMTY0QzEyNC45NjEgMTE2LjE2OSAxMjUuNDU0IDExNS45MzggMTI1Ljg2NiAxMTUuNjQ5Wk0xMjQuMzM5IDExNC41NzlDMTIzLjc3MSAxMTQuMzgxIDEyMy44MDMgMTEzLjI1NiAxMjQuMzgzIDExMy4wMzRDMTI0LjkwMiAxMTIuODM1IDEyNS42MDQgMTEzLjM5OCAxMjUuNjA0IDExNC4wMTRDMTI1LjYwNCAxMTQuNDg5IDEyNC45MzYgMTE0Ljc4NyAxMjQuMzM5IDExNC41NzlaTTExMi4zMTkgMTE2Ljk4QzEwOS45NiAxMTUuNjcgMTEwLjI4NiAxMTEuMDA2IDExMi40MTcgMTA4Ljk2NUMxMTQuMzk2IDEwNy4wNjkgMTE4Ljc3OCAxMDcuMTAzIDExOS43NjQgMTA5LjQ2MkMxMjAuNDE1IDExMS4wMjEgMTIwLjIyOCAxMTIuNiAxMTkuMzk4IDExNC4wNzdDMTE4LjE5NCAxMTYuMjE5IDExNC4yNDIgMTE4LjA0OSAxMTIuMzE5IDExNi45OFpNMTE2LjU2IDExMy41OTNDMTE3LjMyNSAxMTIuOTAxIDExNy4yOTcgMTEyLjA2IDExNi41NzIgMTExLjI1OUMxMTUuNzc3IDExMC4zNzkgMTE0LjY5MiAxMTAuMzQ1IDExNC4wMzUgMTExLjM0N0MxMTMuNTI0IDExMi4xMjcgMTEzLjQzMSAxMTIuNTI4IDExMy45NDMgMTEzLjMwOUMxMTQuNTggMTE0LjI4IDExNS42NyAxMTQuMzk5IDExNi41NiAxMTMuNTkzWk0xMTQuMzc0IDExMi4zNEMxMTQuMTI4IDExMS42OTggMTE0Ljk4NSAxMTAuOTgxIDExNS42OCAxMTEuMjQ3QzExNS45NzQgMTExLjM2IDExNi4xNjQgMTExLjcxOCAxMTYuMTAyIDExMi4wNDRDMTE1Ljk2MSAxMTIuNzg1IDExNC42MzIgMTEzLjAxMiAxMTQuMzc0IDExMi4zNFoiIGZpbGw9IiNEM0Q2REEiLz4KPHBhdGggZD0iTTExOC40NjMgMTIxLjAwOEwxMTcuOTQ1IDEyMC43OEMxMTcuNTEgMTIwLjY4NSAxMTcuMjMxIDEyMS4xMDcgMTE3LjEzNiAxMjEuNTQzTDExNi44ODEgMTIyLjcwOUMxMTYuNzg2IDEyMy4xNDUgMTE3LjA2MSAxMjMuNTcxIDExNy40OTYgMTIzLjY2NkwxMTguNDQ3IDEyMy44NzRDMTE4Ljg4MiAxMjMuOTY5IDExOS4zMTEgMTIzLjY5NCAxMTkuNDA2IDEyMy4yNTlMMTE5LjY4NSAxMjEuNTU2QzExOS43OCAxMjEuMTIgMTE5LjQ3OSAxMjEuMjI4IDExOS4wNDMgMTIxLjEzM0wxMTguNjI4IDEyMS4wNDNDMTE4LjU3MyAxMjEuMzIxIDExOC41MTYgMTIxLjYxMyAxMTguNDcxIDEyMS44MzNDMTE4LjQzOCAxMjEuOTk4IDExOC40MDcgMTIyLjE0OCAxMTguMzc5IDEyMi4yODJDMTE4LjM1MSAxMjIuNDE1IDExOC4zMjcgMTIyLjUzMyAxMTguMzA1IDEyMi42MzVDMTE4LjI4MiAxMjIuNzM4IDExOC4yNjIgMTIyLjgyNSAxMTguMjQ1IDEyMi44OTdDMTE4LjIyOCAxMjIuOTY5IDExOC4yMTQgMTIzLjAyNSAxMTguMjAyIDEyMy4wNjhDMTE4LjE5NiAxMjMuMDg5IDExOC4xOTMgMTIzLjEwNyAxMTguMTg4IDEyMy4xMjFDMTE4LjE4MyAxMjMuMTM1IDExOC4xNzggMTIzLjE0NSAxMTguMTc1IDEyMy4xNTJDMTE4LjE3MyAxMjMuMTU1IDExOC4xNzIgMTIzLjE1NiAxMTguMTcxIDEyMy4xNThDMTE4LjE3IDEyMy4xNTkgMTE4LjE2OCAxMjMuMTYgMTE4LjE2NyAxMjMuMTZMMTE4LjE2NSAxMjMuMTU4QzExOC4xNjQgMTIzLjE1NiAxMTguMTYzIDEyMy4xNTIgMTE4LjE2MyAxMjMuMTQ4QzExOC4xNjIgMTIzLjE0IDExOC4xNjIgMTIzLjEyOSAxMTguMTYzIDEyMy4xMTVDMTE4LjE2MyAxMjMuMSAxMTguMTYzIDEyMy4wODMgMTE4LjE2NSAxMjMuMDYxQzExOC4xNjggMTIzLjAxOCAxMTguMTc1IDEyMi45NjEgMTE4LjE4MyAxMjIuODkxQzExOC4xOTIgMTIyLjgyIDExOC4yMDMgMTIyLjczNiAxMTguMjE2IDEyMi42NEMxMTguMjI5IDEyMi41NDMgMTE4LjI0NiAxMjIuNDMxIDExOC4yNjQgMTIyLjMwOEMxMTguMjgxIDEyMi4xODUgMTE4LjMwMSAxMjIuMDUxIDExOC4zMjMgMTIxLjkwM0MxMTguMzQ2IDEyMS43NTUgMTE4LjM3IDEyMS41OTIgMTE4LjM5NyAxMjEuNDE5QzExOC40MTYgMTIxLjI5OSAxMTguNDQyIDEyMS4xNCAxMTguNDYzIDEyMS4wMDhaIiBmaWxsPSIjOThDNkQ4Ii8+CjxwYXRoIGQ9Ik0xMDMuNTgxIDExNi4zNjdDMTAzLjQ3OSAxMTYuMTAzIDEwMy42MjIgMTE1LjY5OSAxMDMuODk4IDExNS40NjlDMTA0LjMwMyAxMTUuMTMzIDEwNC41MDQgMTE1LjE1NSAxMDQuOTMgMTE1LjU4MUMxMDUuMjIgMTE1Ljg3MSAxMDUuMzU1IDExNi4yNzYgMTA1LjIzIDExNi40NzlDMTA0LjkwMiAxMTcuMDA5IDEwMy43OTggMTE2LjkzNCAxMDMuNTgxIDExNi4zNjdaIiBmaWxsPSIjOThDNkQ4Ii8+CjxwYXRoIGQ9Ik0xMDYuMDM4IDExMi4yODFDMTA1LjY4IDExMS44NDkgMTA1LjcwMiAxMTEuNjYgMTA2LjE2NSAxMTEuMTk3QzEwNi42ODkgMTEwLjY3NCAxMDYuNzY0IDExMC42NzQgMTA3LjI4NyAxMTEuMTk3QzEwNy43NTEgMTExLjY2IDEwNy43NzMgMTExLjg0OSAxMDcuNDE1IDExMi4yODFDMTA3LjE3NiAxMTIuNTY4IDEwNi44NjYgMTEyLjgwMyAxMDYuNzI2IDExMi44MDNDMTA2LjU4NiAxMTIuODAzIDEwNi4yNzcgMTEyLjU2OCAxMDYuMDM4IDExMi4yODFaIiBmaWxsPSIjOThDNkQ4Ii8+CjxwYXRoIGQ9Ik0xMDYuMDM4IDEwNy4yMjRDMTA1LjY4MiAxMDYuNzk1IDEwNS42OTQgMTA2LjYxMiAxMDYuMTA2IDEwNi4yMDFDMTA2LjY1IDEwNS42NTcgMTA3LjczOCAxMDUuODggMTA3LjczOCAxMDYuNTM2QzEwNy43MzggMTA2Ljk3IDEwNy4wNzIgMTA3Ljc0NyAxMDYuNyAxMDcuNzQ3QzEwNi41NzUgMTA3Ljc0NyAxMDYuMjc3IDEwNy41MTIgMTA2LjAzOCAxMDcuMjI0WiIgZmlsbD0iIzk4QzZEOCIvPgo8cGF0aCBkPSJNMTE3Ljk1NSAxMzYuNTQxQzExNC41NzggMTM2LjExMSAxMTAuMDg3IDEzNC44ODEgMTA5LjQxIDEzNC4yNzRDMTA4LjEyMyAxMzMuMTE5IDEwOC45NDIgMTI3Ljg3OSAxMTAuNDY2IDEyNi41NEMxMTEuMzg3IDEyNS43MzEgMTE1LjAzOSAxMjQuNjYzIDExNy4xODIgMTI1LjE2OUMxMTkuNjQyIDEyNS43NDkgMTIzLjkzMiAxMjguNjQ4IDEyNC4yNSAxMjkuNTA4QzEyNC42MjUgMTMwLjUyMiAxMjQuMDQ4IDEzNC41NDEgMTIzLjMyMyAxMzUuNTM2QzEyMi42OTQgMTM2LjM5OSAxMjAuMzI1IDEzNi44NDMgMTE3Ljk1NSAxMzYuNTQxWk0xMjAuNTQgMTM0LjA4NEMxMjEuMjk3IDEzMy4zOTkgMTIxLjM0MiAxMzEuODQyIDEyMC42MjcgMTMxLjEyNkMxMTkuNDkgMTI5Ljk4OSAxMTcuMTEyIDEzMC44NjkgMTE3LjExMiAxMzIuNDI4QzExNy4xMTIgMTM0LjMwNCAxMTkuMTg5IDEzNS4zMDcgMTIwLjU0IDEzNC4wODRaTTExOC41ODIgMTMzLjEyNUMxMTguMzExIDEzMi40MTkgMTE4LjY4IDEzMS42MDggMTE5LjI3MiAxMzEuNjA4QzEyMCAxMzEuNjA4IDEyMC4yMjggMTMyLjE3MyAxMTkuODEyIDEzMi45NDlDMTE5LjM4MSAxMzMuNzU1IDExOC44NTMgMTMzLjgzIDExOC41ODIgMTMzLjEyNVpNMTE2LjQyMiAxMzMuMTQzQzExNy4wOTQgMTMyLjMzMyAxMTYuNzExIDEzMS4xNzYgMTE1LjY4MSAxMzAuOTAyQzExNC41ODEgMTMwLjYxIDExNC4wNTIgMTMxLjE4MyAxMTQuODY5IDEzMS43OEMxMTUuNjgzIDEzMi4zNzUgMTE1LjU1MSAxMzIuNjc5IDExNC41MzMgMTMyLjU1N0MxMTMuMzI3IDEzMi40MTMgMTEyLjgzMyAxMzEuNTY2IDExMy4yNTQgMTMwLjM2MkMxMTMuNjgxIDEyOS4xNDIgMTE1LjE5NyAxMjguODYzIDExNS43NTMgMTI5LjkwMkMxMTYuMTkzIDEzMC43MjUgMTE2LjYyNyAxMzAuNzkzIDExNi45IDEzMC4wODNDMTE3LjIyOSAxMjkuMjI0IDExNS45MTQgMTI4LjIzNyAxMTQuNDQgMTI4LjIzN0MxMTEuOTkzIDEyOC4yMzcgMTEwLjgxNiAxMzEuMDc0IDExMi41NDYgMTMyLjgwM0MxMTMuNSAxMzMuNzU4IDExNS43NDkgMTMzLjk1NSAxMTYuNDIyIDEzMy4xNDNaIiBmaWxsPSIjN0JBOUI5Ii8+CjxwYXRoIGQ9Ik0xMjAuMTE4IDEzOC41OTJDMTE4Ljc1MSAxMzcuMjk3IDEyMS45MTYgMTM2LjA5NiAxMjMuNjA2IDEzOC4yODNDMTI0LjQ2OSAxMzkuMzIyIDEyMi44NTMgMTM5Ljk3NiAxMjAuMTE4IDEzOC41OTJaTTEwNi4xMiAxMzUuNjU4QzEwNC43NTEgMTM0LjI4OSAxMDYuOTYzIDEzMy45MDQgMTA4LjU4MSAxMzUuMjNMMTA5Ljk0MSAxMzUuOTJMMTA4LjA1OSAxMzYuMDYxQzEwNy4yMTUgMTM2LjA2MiAxMDYuMzQzIDEzNS44ODEgMTA2LjEyIDEzNS42NThWMTM1LjY1OFpNMTI1LjM2MyAxMjcuODY2QzEyNS4wODIgMTI3LjQxIDEyOC4zMzMgMTI2LjI2NyAxMjguNjg4IDEyNi40ODZDMTI4Ljg0NiAxMjYuNTg0IDEyOC45NzUgMTI3LjMzNyAxMjguOTc1IDEyOC4xNjFDMTI4Ljk3NSAxMjkuMjM5IDEyOC44NCAxMjkuNjU4IDEyOC40OSAxMjkuNjU4QzEyOC4yMjIgMTI5LjY1OCAxMjUuNDc2IDEyOC4wNDcgMTI1LjM2MyAxMjcuODY2Wk0xMTguNjQxIDEyMS4wOTVDMTE0Ljg3MSAxMjAuNzUzIDExNS4zNzggMTE5LjMyNyAxMTYuMzYxIDExOC40OTlDMTE2LjkyOCAxMTguMDIxIDExNy4zNCAxMTcuNzc5IDExNy45MTMgMTE3LjY2N0MxMTcuOTEzIDExNy42NjcgMTE3Ljg3MiAxMTkuMDQ2IDExOC42NjYgMTE5LjMxOUMxMTkuMjk3IDExOS41MzYgMTIwLjI3OCAxMTkuMDY0IDEyMC40NzEgMTE4LjY3NUMxMjIuMTg4IDExNS4yMDEgMTIxLjQxNSAxMTguNjk5IDEyMS43OTQgMTE5LjUzMkMxMjMuMjM4IDEyNC4wMDcgMTIwLjE4OCAxMjEuNzMgMTE4LjY0MSAxMjEuMDk1Wk0xMDQuOTEyIDEyMS4yM0MxMDQuMjQyIDEyMC40ODcgMTAzLjY5MyAxMTkuNzI5IDEwMy42OTMgMTE5LjU0NEMxMDMuNjkzIDExOS4xMTYgMTA0Ljc0NiAxMTkuMTEyIDEwNS44NjMgMTE5LjUzN0MxMDYuNTkzIDExOS44MTQgMTEwLjM0NyAxMjAuMDA2IDExMC4zNDcgMTIxLjE1M0MxMTAuMzQ3IDEyMS44OTkgMTA4Ljg5IDEyMy43NjIgMTA4LjcyNiAxMjMuNzYyQzEwOC41NjMgMTIzLjc2MiAxMDUuNTgzIDEyMS45NzIgMTA0LjkxMiAxMjEuMjNaIiBmaWxsPSIjQTZCM0MyIi8+CjxwYXRoIGQ9Ik0xMTguNDYzIDEyMS4wMDhDMTE4LjQ0MiAxMjEuMTQgMTE4LjQxNiAxMjEuMjk5IDExOC4zOTcgMTIxLjQxOUMxMTguMzcgMTIxLjU5MiAxMTguMzQ1IDEyMS43NTUgMTE4LjMyMyAxMjEuOTAzQzExOC4zIDEyMi4wNTEgMTE4LjI4MSAxMjIuMTg1IDExOC4yNjMgMTIyLjMwOEMxMTguMjQ1IDEyMi40MzEgMTE4LjIyOSAxMjIuNTQyIDExOC4yMTYgMTIyLjYzOUMxMTguMjAzIDEyMi43MzYgMTE4LjE5MSAxMjIuODIgMTE4LjE4MyAxMjIuODlDMTE4LjE3NSAxMjIuOTYxIDExOC4xNjggMTIzLjAxOCAxMTguMTY1IDEyMy4wNjFDMTE4LjE2MyAxMjMuMDgzIDExOC4xNjQgMTIzLjEgMTE4LjE2MyAxMjMuMTE1QzExOC4xNjIgMTIzLjEyOSAxMTguMTYyIDEyMy4xNCAxMTguMTYzIDEyMy4xNDhDMTE4LjE2MyAxMjMuMTUyIDExOC4xNjQgMTIzLjE1NiAxMTguMTY1IDEyMy4xNThMMTE4LjE2NyAxMjMuMTZDMTE4LjE2OCAxMjMuMTYgMTE4LjE3IDEyMy4xNTkgMTE4LjE3MSAxMjMuMTU4QzExOC4xNzIgMTIzLjE1NyAxMTguMTczIDEyMy4xNTUgMTE4LjE3NSAxMjMuMTUyQzExOC4xNzggMTIzLjE0NSAxMTguMTgyIDEyMy4xMzUgMTE4LjE4NyAxMjMuMTIxQzExOC4xOTIgMTIzLjEwNyAxMTguMTk2IDEyMy4wODkgMTE4LjIwMiAxMjMuMDY3QzExOC4yMTMgMTIzLjAyNSAxMTguMjI4IDEyMi45NjkgMTE4LjI0NSAxMjIuODk3QzExOC4yNjIgMTIyLjgyNSAxMTguMjgyIDEyMi43MzggMTE4LjMwNSAxMjIuNjM1QzExOC4zMjcgMTIyLjUzMyAxMTguMzUxIDEyMi40MTUgMTE4LjM3OSAxMjIuMjgxQzExOC40MDYgMTIyLjE0OCAxMTguNDM4IDEyMS45OTggMTE4LjQ3MSAxMjEuODMzQzExOC41MTYgMTIxLjYxMyAxMTguNTczIDEyMS4zMjEgMTE4LjYyOCAxMjEuMDQzTDExOC40NjMgMTIxLjAwOFoiIGZpbGw9IiM0QzlDQkIiLz4KPHBhdGggZD0iTTMwLjk5ODYgMTQyLjY3M0MyNi40NDg5IDE0MC45MTYgMjEuNDY2NCAxMzYuODA1IDE4Ljc5MjEgMTMyLjYwM0MxNS40MDUzIDEyNy4yODEgMTQuNDA1MiAxMjMuNDE5IDE1LjA2MzYgMTE4LjIwM0MxNS42ODA2IDExMy4zMTUgMTcuMzU1OCAxMTAuNTU3IDIyLjIyMzIgMTA2LjQxM0MyOS4wNDE3IDEwMC42MDggMzQuNDg0NiA5Ny45Nzk5IDQwLjU5NDcgOTcuNTQxNUM0OS44MjEyIDk2Ljg3OTQgNTUuMDk3OCA5OS44MTA5IDU3LjY0NjUgMTA3LjAxNUM1OC41MDQzIDEwOS40MzkgNTguNjg1NiAxMTUuNTcgNTguMDU0NCAxMjAuODA5QzU3LjgzMTEgMTIyLjY2MyA1Ny40Nzg5IDEyNi4wNTUgNTcuMjcxOCAxMjguMzQ4QzU2LjU0NjcgMTM2LjM3NSA1NC40MTQ3IDE0MC40MTcgNDkuNjI1MyAxNDIuODQzQzQ4LjI5NzkgMTQzLjUxNiA0Ny43MTk5IDE0My41NjEgNDAuNjkyNCAxNDMuNTM5QzMzLjUxNTEgMTQzLjUxNiAzMy4wODEgMTQzLjQ3OCAzMC45OTg2IDE0Mi42NzNaTTAuMDc5NTc2NSAxMDQuOTY1QzAuMDgxNTcyMyAxMDMuODUzIDAuMTQ0NDAzIDEwMy40MzggMC4yMTk0MjcgMTA0LjA0NEMwLjI5NDQ1MSAxMDQuNjUgMC4yOTI4OTkgMTA1LjU2IDAuMjE1OTk2IDEwNi4wNjdDMC4xMzkwNzkgMTA2LjU3MyAwLjA3NzY4MzggMTA2LjA3OCAwLjA3OTU3NjUgMTA0Ljk2NVpNMC4wMDE3MzM1MSAxMDIuMjRDMC4wMTc4OTkyIDEwMS44NDggMC4wOTc3ODk3IDEwMS43NjggMC4yMDUzOTggMTAyLjAzN0MwLjMwMjc3MiAxMDIuMjggMC4yOTA3OTcgMTAyLjU3MSAwLjE3ODc4NyAxMDIuNjgzQzAuMDY2Nzc0OCAxMDIuNzk1IC0wLjAxMjkwMjEgMTAyLjU5NiAwLjAwMTczMzUxIDEwMi4yNFpNMC4wMjgzNDQ0IDc1LjEzMjZDMC4wMjgzNDQ0IDc0LjY2OTEgMC4xMDQ4NTcgNzQuNDc5NSAwLjE5ODM2OSA3NC43MTEyQzAuMjkxODg0IDc0Ljk0MyAwLjI5MTg4NCA3NS4zMjIyIDAuMTk4MzY5IDc1LjU1MzlDMC4xMDQ4NTcgNzUuNzg1NyAwLjAyODM0NDQgNzUuNTk2MSAwLjAyODM0NDQgNzUuMTMyNloiIGZpbGw9InVybCgjcGFpbnQyX3JhZGlhbF82NzlfMTkxMCkiLz4KPHBhdGggZD0iTTM1LjMxMzMgMTEyLjU0NEwzNy45IDExMS4wOTFMMzkuMzUxNyAxMjEuNDZMMzkuMjQ4IDEyOC45MjZMMzUuMzcwMyAxMzAuODUxTDMyLjkyMjkgMTI2LjQzN0wzNS4zMTMzIDExMi41NDRaIiBmaWxsPSIjMzA2MEFEIi8+CjxwYXRoIGQ9Ik0zOC43Mjk1IDExNi42OUwzOS4zNTE2IDEyNC41NzFMNDMuMjkxOSAxMjUuOTE5TDQzLjM5NTYgMTA5LjIyNUw0MC4xODEyIDExMC4wNTRMMzguNzI5NSAxMTYuNjlaIiBmaWxsPSIjNjA2MzY4Ii8+CjxwYXRoIGQ9Ik0zNS4zNjk5IDEzMC44NTFDMzMuMDMyNCAxMjkuNzMgMjkuNzMwMSAxMjYuNDA4IDI4LjY2MjEgMTI0LjEwM0MyOC4wMzMyIDEyMi43NDUgMjcuNjM5NyAxMjIuMzEgMjYuODkyMyAxMjIuMTQ2QzI1Ljc4NzkgMTIxLjkwMyAyNS44MDg0IDEyMS45NzEgMjYuMzIxOCAxMjAuMjU4QzI2LjU5MzYgMTE5LjM1IDI2LjkwMzIgMTE4Ljk1NCAyNy4zNDA2IDExOC45NTRDMjcuNjg2MiAxMTguOTU0IDI5LjE1OTcgMTE3Ljg0MSAzMC42MTQ5IDExNi40OEMzMi4wNzAyIDExNS4xMTkgMzMuNzIyNiAxMTMuNjc3IDM0LjI4NjkgMTEzLjI3NUwzNS4zMTI5IDExMi41NDRMMzUuNjc2NyAxMTQuMjQxQzM3LjA0NDMgMTIwLjYxOCAzNy4wMjcgMTI0LjI2NiAzNS42MTk4IDEyNi4yNDNDMzQuNTUyMSAxMjcuNzQ0IDM0Ljg0MTcgMTI4LjM5MyAzNi41NzkxIDEyOC4zOTNDMzcuMzk3IDEyOC4zOTMgMzcuODIyMiAxMjguMTg1IDM4LjEzMDUgMTI3LjYzNEMzOC42NzQ4IDEyNi42NjMgMzguNjMxNSAxMjAuOTY4IDM4LjA0NTQgMTE2LjQyNkMzNy4zNDQ2IDExMC45OTUgMzcuMzEyNyAxMTEuMTY3IDM5LjE1NzggMTEwLjM5OEM0MC4wMzYgMTEwLjAzMSA0MC44MTggMTA5Ljc5NyA0MC44OTU1IDEwOS44NzdDNDAuOTczMSAxMDkuOTU2IDQwLjgxOTEgMTExLjIzNSA0MC41NTM0IDExMi43MThDMzkuNjA2NyAxMTguMDAzIDM5LjkzMTUgMTIzLjIzOCA0MS4yNzUyIDEyNC4zNTNDNDEuNjg1MSAxMjQuNjkzIDQxLjcyMzMgMTIzLjk2OSA0MS41NDUyIDExOS4yMzJDNDEuMzE1NiAxMTMuMTIzIDQxLjUxNzQgMTEwLjkxOSA0Mi40MDc1IDEwOS44MkM0Mi45MTk4IDEwOS4xODggNDMuMjEzIDEwOS4xMTYgNDQuNDk1OSAxMDkuMzFDNDYuOTU2NiAxMDkuNjgyIDQ2Ljk1MDYgMTA5LjY2OCA0Ni4yMDk5IDExMy4yNTRDNDUuODQ5NiAxMTQuOTk5IDQ1LjQ0ODMgMTE3LjIyNCA0NS4zMTggMTE4LjJMNDUuMDgxMiAxMTkuOTczTDQ1Ljk0NDYgMTE5LjY0NUM0Ni40MTk1IDExOS40NjUgNDcuNDQxMyAxMTguOTk0IDQ4LjIxNTMgMTE4LjU5OUw0OS42MjI2IDExNy44ODFMNDkuMzg5MyAxMTguNjdDNDkuMjYxIDExOS4xMDUgNDkuMDY3MiAxMjAuNzAxIDQ4Ljk1ODcgMTIyLjIxOEw0OC43NjE0IDEyNC45NzZMNDcuMTA5NSAxMjQuMzI1QzQ2LjIwMSAxMjMuOTY3IDQ1LjMxMTYgMTIzLjY3NCA0NS4xMzMxIDEyMy42NzRDNDQuOTQxIDEyMy42NzQgNDQuODA4NSAxMjUuNTMyIDQ0LjgwODUgMTI4LjIyNEM0NC44MDg1IDEzMS44OTEgNDQuNzE3MSAxMzIuNzc1IDQ0LjMzODYgMTMyLjc3NUM0MS4wMTk4IDEzMi4yOTUgMzguNzg0MiAxMzIuNDU4IDM1LjM2OTkgMTMwLjg1MVoiIGZpbGw9IiNFRUMyM0IiLz4KPHBhdGggZD0iTTQxLjE2MzkgMTMyLjQxOEM0MS4xNjM5IDEzMi4yODMgNDEuMzQwOCAxMzAuNTE1IDQxLjY2OTIgMTI4LjE0NUM0MS45OTc3IDEyNS43NzUgNDIuMzU3NyAxMjIuOTYxIDQyLjQ2OTIgMTIxLjg5M0M0Mi41ODA4IDEyMC44MjQgNDIuNzk2OSAxMjAuMDI3IDQyLjk0OTUgMTIwLjEyMUM0My42NDQzIDEyMC41NTEgNDQuMjkzOCAxMjkuMzc1IDQ0LjA0NzQgMTMxLjQyQzQzLjg5MDkgMTMyLjcxOSA0My42NTk1IDEzMi43MzcgNDMuMzAxOSAxMzIuNjc3QzQyLjY2MDIgMTMyLjU3IDQxLjkxMDEgMTMyLjUxMyA0MS4xNjM5IDEzMi40MThaTTMyLjU5NjkgMTIyLjczNUMzMS42ODEzIDEyMi41ODMgMzAuODI0MiAxMjEuNDQyIDMwLjgyNDIgMTIwLjM3NEMzMC44MjQyIDExOS40MDcgMzIuMjM4MSAxMTcuOTM3IDMzLjE2ODUgMTE3LjkzN0MzNC42NjY2IDExNy45MzcgMzUuODM5MiAxMjAuNTEzIDM0Ljk0ODQgMTIxLjg0N0MzNC41NTE3IDEyMi40NDEgMzMuNDE0NyAxMjIuODcgMzIuNTk2OSAxMjIuNzM1WiIgZmlsbD0id2hpdGUiLz4KPHBhdGggZD0iTTExNC4wMjEgMTM3LjQ5OEMxMDcuMzE4IDEzNS43NCAxMDYuMjczIDEzNC4xMDQgMTA2LjYwOSAxMjUuODkxQzEwNi43MTYgMTIzLjI4MSAxMDYuODg1IDEyMC41MzkgMTA2Ljk4NiAxMTkuNzk3QzEwNy41NDUgMTE1LjY2NCAxMDguMzQyIDExMi4xNzMgMTA5LjA4NiAxMTAuNTk5QzEwOS43NDQgMTA5LjIwNiAxMDkuODQyIDEwOC43MTIgMTA5LjUzNSAxMDguMzQyQzEwOC40NSAxMDcuMDM1IDExMC4zNzEgMTA0Ljk5NSAxMTEuOTEgMTA1LjgxOUMxMTIuNDU3IDEwNi4xMTEgMTEyLjkxOCAxMDYuMDc3IDExMy45NDUgMTA1LjY2NUMxMTcuMDYyIDEwNC40MTkgMTIzLjExNyAxMDUuNTcxIDEyNi44MTQgMTA4LjExNUMxMjguMTQ5IDEwOS4wMzMgMTI4LjQ4NSAxMDkuMTM2IDEyOS4wMzggMTA4Ljc5MUMxMzAuNTIzIDEwNy44NjMgMTMyLjQ1MSAxMTAuNTczIDEzMS4yNSAxMTEuOUMxMzAuNzg3IDExMi40MTIgMTMwLjc1NSAxMTIuNzA1IDEzMS4wNjUgMTEzLjU5NkMxMzEuODUgMTE1Ljg0NiAxMzEuNzk0IDExNi4xMDQgMTI4LjAwNiAxMjcuNzE5QzEyNS41OCAxMzUuMTYgMTI0LjU0MyAxMzcuMzY1IDEyMy4yNjQgMTM3LjgxMUMxMjEuNjUzIDEzOC4zNzMgMTE2LjcyMyAxMzguMjA2IDExNC4wMjEgMTM3LjQ5OFpNMTIyLjU0MSAxMzUuMjI5QzEyMy4wMDMgMTM0LjU0MSAxMjMuMzU5IDEzMy4zMTMgMTIzLjUxMyAxMzEuODc4QzEyMy43OTQgMTI5LjI1IDEyMy44MTkgMTI5LjI4MyAxMjAuMzE3IDEyNy42MDFDMTE3LjY4NSAxMjYuMzM4IDExMy44MzMgMTI1Ljk3MiAxMTEuODU1IDEyNi43OThDMTEwLjgyOSAxMjcuMjI3IDExMC41OTUgMTI3LjU1NiAxMTAuMDU5IDEyOS4zMjdDMTA5LjExNiAxMzIuNDQzIDEwOS43MDMgMTM0LjMwOCAxMTEuODMyIDEzNC45NThDMTEzLjEzOSAxMzUuMzU3IDEyMC4wOSAxMzYuNDMgMTIwLjk4IDEzNi4zN0MxMjEuNTA0IDEzNi4zMzUgMTIyLjA4MiAxMzUuOTEyIDEyMi41NDEgMTM1LjIyOVpNMTE5LjQ1MSAxMjIuNDJDMTE5LjYzIDEyMi4wODEgMTE5LjY4NSAxMjEuNTU2IDExOS42ODUgMTIxLjU1NkMxMjAuMTU2IDEyMS42NTQgMTIwLjQ4IDEyMS42ODMgMTIwLjcyNiAxMjEuNzE5QzEyMS4xMDUgMTIxLjc3NCAxMjEuNTY0IDEyMS41ODcgMTIxLjc0NSAxMjEuMzAzQzEyMi4xNDkgMTIwLjY3MSAxMjAuNDc0IDExNy43MDEgMTE5LjU0OCAxMTcuNDA4QzExOC42NjggMTE3LjEyOCAxMTUuOTM1IDExOC44MjcgMTE1LjkzNSAxMTkuNjUzQzExNS45MzUgMTIwLjAyMiAxMTYuNTUzIDEyMC40MTEgMTE2LjgzMSAxMjAuNTE4QzExNi45ODIgMTIwLjU3NiAxMTcuMjUyIDEyMC43MzggMTE3LjU3NiAxMjAuOTM4QzExNy4zOCAxMjEuMzUxIDExNy4zNDYgMTIxLjQ3OCAxMTcuMzEyIDEyMS43MjRDMTE3LjIwNCAxMjIuNDk4IDExNy40MzUgMTIyLjY4NiAxMTguNDE2IDEyMi45MTJDMTE5LjE1MSAxMjIuOTkxIDExOS4yNSAxMjIuODQ1IDExOS40NTEgMTIyLjQyWk0xMjcuMjY1IDExNi44MzZDMTMwLjkzMyAxMTMuNDc1IDEyNy4wNzQgMTA3LjQxIDEyMi43MDUgMTA5LjY3QzEyMS42MjYgMTEwLjIyOCAxMjAuNjU0IDExMi4wMTkgMTIwLjY1NCAxMTMuNDQ5QzEyMC42NTQgMTE1LjY2NCAxMjIuODMxIDExNy45MzcgMTI0Ljk1NyAxMTcuOTQxQzEyNS43MzMgMTE3Ljk0MyAxMjYuNDE0IDExNy42MTcgMTI3LjI2NSAxMTYuODM2Wk0xMTcuMTQxIDExNS42MjJDMTE5LjAzNSAxMTQuNDY4IDExOS44MDQgMTExLjc5NSAxMTguODAyIDEwOS44NTdDMTE4LjA4MiAxMDguNDY0IDExNy4wMDggMTA3LjgzIDExNS4zNjYgMTA3LjgzQzExMS41MDggMTA3LjgzIDEwOS40ODUgMTEzLjIzNCAxMTIuNDY1IDExNS41NzhDMTEzLjU3IDExNi40NDggMTE1Ljc1NCAxMTYuNDY4IDExNy4xNDEgMTE1LjYyMloiIGZpbGw9IiMwOTk2RDEiLz4KPHBhdGggb3BhY2l0eT0iMC45IiBkPSJNMzMuMTc1NyAyNkwzMi4zODEgMjcuMjE5QzMxLjk0NDkgMjcuODg5IDMxLjI4MzYgMjkuMzI0OCAzMC45MDkxIDMwLjQwODhDMzAuNTM0NyAzMS40OTI4IDI5Ljk5MjIgMzIuOTcwMSAyOS43MDQzIDMzLjY5MjhDMjkuNDE2MyAzNC40MTU0IDI5LjE3MzMgMzYuMTE1IDI5LjE2MzggMzcuNDdDMjkuMTQzNiA0MC4zNTMgMjguNzQ5NCA0MS44ODg4IDI3LjYzNjQgNDMuNDIyNUMyNi45MjEyIDQ0LjQwOCAyNi42NzUxIDQ0LjUyMjMgMjUuNDUzMiA0NC40NDFDMjMuODk5NSA0NC4zMzc3IDIyLjgxNTMgNDUuMDgxNSAyMS4yMTcgNDcuMzQ4MUMyMC43MTY1IDQ4LjA1OCAyMC4xMzY3IDQ4LjYzOTMgMTkuOTI4OSA0OC42MzkzQzE5LjcyMTEgNDguNjM5MyAxOS4xODA1IDQ4LjIzMTkgMTguNzI2MiA0Ny43MzUxQzE4LjI3MTkgNDcuMjM4MiAxNy45OTQ0IDQ3LjAxMTUgMTguMTExIDQ3LjIyOThDMTguNDkgNDcuOTM5NiAxNy41OTA0IDUzLjI2MTUgMTYuODM3OCA1NC43NjQyQzE1Ljk2NyA1Ni41MDI4IDE0LjM4NzIgNTcuNzIzMyAxMi41MzU0IDU4LjA4NDNDMTEuMDA1OSA1OC4zODI2IDExLjIyODMgNTguMDkgOC43MTc5NSA2My4wOTQ2QzYuNjYzMzQgNjcuMTkwNyA1Ljk2OTM1IDY3LjgyNjQgMi42NTUzMyA2OC42NTQyQzEuNDk3MTcgNjguOTQzNCAwLjQ1ODc1OSA2OS43MTQyIDAgNzAuNTI4N1Y3Mi44MjYzQzAuMzU2MTkzIDcyLjc0NzMgMC44Mjg3MjggNzIuNjIwMyAxLjYxNDk5IDcyLjM4NzNDMi45OTQ4NiA3MS45NzgyIDQuODIzNDggNzEuNDgwNiA1LjY3ODEgNzEuMjgwNkM3LjcyOTM0IDcwLjgwMDYgOS4zOTM1MSA2OS4yMTk1IDkuOTIyNzkgNjcuMjQ2N0MxMC4yNDI0IDY2LjA1NTQgMTAuNzAzMyA2NS40MjQxIDExLjk5OTIgNjQuNDA1OEMxMy4yODQgNjMuMzk2MiAxMy43NTY1IDYyLjc1NDYgMTQuMDY3MSA2MS41OTY5QzE0LjM3MzkgNjAuNDUzMiAxNC43MDExIDYwLjAwNCAxNS40NDA3IDU5LjcwNjNDMTcuMDE1MyA1OS4wNzI0IDIwLjY0NDQgNTUuODY1NSAyMS4yMzYzIDU0LjU4NThDMjEuNTM3MyA1My45MzQ5IDIyLjExOTggNTIuNTM5OSAyMi41Mjg3IDUxLjQ4NjJDMjMuMjYzNCA0OS41OTMyIDI1LjAxOTUgNDcuMzI2MSAyNS43NTAxIDQ3LjMyNjFDMjUuOTU3NCA0Ny4zMjYxIDI3LjEwOSA0Ni43MjQ4IDI4LjMwOTMgNDUuOTkwOEMzMS4yMzc2IDQ0LjIwMDMgMzEuNTk5MSA0My40MTM2IDMxLjU5OTEgMzguODYxNEMzMS41OTkxIDM1LjY4MTQgMzEuNjg3IDM1LjE1NTcgMzIuMzQ2OCAzNC4zNjg0QzMzLjAwMzcgMzMuNTg0NyAzMy4wOTk3IDMzLjAyNDkgMzMuMTM1MSAyOS43MzkxTDMzLjE3NTcgMjZaTTI0LjMzMzggNjMuNTk1OEMyNC4yMDM3IDYzLjYxMzUgMjQuMDczOCA2My42NjE4IDIzLjkyNTggNjMuNzM2MkMyMi45Mzk3IDY0LjIzMTUgMjIuNjEzNiA2NC45MTAyIDIxLjU5NzMgNjguNTg2QzIxLjAxNzkgNzAuNjgxNSAyMC40MjEyIDcyLjA4MTkgMTkuODc5OCA3Mi42MTc4QzE5LjQyMzUgNzMuMDY5NSAxOC45MzgzIDczLjg4MjMgMTguODAxIDc0LjQyNDJDMTguMTgxIDc2Ljg3MTUgMTYuNzQ1NCA3OC42MDczIDE0LjQ0OTUgNzkuNjg3MUMxMi40NTU1IDgwLjYyNDkgMTAuNjQwNyA4Mi4xMTc5IDkuMTExMDIgODQuMDc5OEM4LjMyMTA5IDg1LjA5MjkgNy40ODc1MiA4Ni4wMjkgNy4yNTY3OCA4Ni4xNjA5QzYuNzYxNjQgODYuNDQ0IDUuNzA4OTkgODguODk0MSA0LjYwNzg1IDkyLjMyOEMzLjcxMDkyIDk1LjEyNSAxLjcxMDY1IDk3LjQ2ODIgMC40Nzg1MTQgOTcuMTY1OEMwLjI1NDkzMSA5Ny4xMTA5IDAuMTA2OTExIDk3LjExMzcgMCA5Ny4yOTAxVjEwNC40OTJDMC41NTY0MTEgMTAzLjY2NCAxLjIzNDIgMTAyLjYyOSAyLjU2MzQ3IDEwMC41NEM0LjM0NTExIDk3LjczOTcgNi40NjM4NSA5NC40ODY3IDcuMjcxNzMgOTMuMzEyNEM4LjA3OTYgOTIuMTM4MSA5LjM1Njg3IDkwLjE0ODggMTAuMTA4NiA4OC44OTE2QzExLjIzNDIgODcuMDA5MiAxMi4xMDE2IDg2LjEyNDMgMTUuMDI4NCA4My44ODMzTDE4LjU4MzEgODEuMTYyN0wyMC40MDUzIDc1Ljk4ODFDMjMuMTg5NSA2OC4wODE3IDIzLjk1ODUgNjcuMTk5NyAyNy43NjI0IDY3LjU1MTVDMjkuNDYwNSA2Ny43MDg1IDMwLjYzMzQgNjcuNjE5NiAzMi4wNzM0IDY3LjIyNjdDMzQuMTgyNiA2Ni42NTEyIDM0LjQ3OTkgNjYuMTg3MiAzMy4zNTUxIDY1LjIzMThDMzIuNjU1NCA2NC42Mzc2IDMxLjMxNTMgNjQuNjQgMjguMjM4OCA2NS4yNDE4QzI3LjMzOTcgNjUuNDE3NyAyNi45MzQzIDY1LjI3NTcgMjUuODkzMiA2NC40MTc4QzI1LjEwNTEgNjMuNzY4NCAyNC43MjQxIDYzLjU0MjYgMjQuMzMzOCA2My41OTU4Wk0zMS43MTY2IDgzLjI1OThDMzEuNjYwNSA4My4yNzQ5IDMxLjU5MjEgODMuMzEyNiAzMS41MTE1IDgzLjM3MjFDMzEuMjcwOSA4My41NSAzMC42NTM2IDgzLjc5IDMwLjEzNzkgODMuOTA1NEMyOS4zODc2IDg0LjA3MzQgMjkuMDQ5OCA4NC40OTMyIDI4LjQ0ODIgODYuMDA0NUMyOC4wMzQ3IDg3LjA0MzIgMjcuNDkxNSA4OC4xMTUzIDI3LjI0MTIgODguMzg2M0MyNi45OTA5IDg4LjY1NzMgMjYuNDc1IDg5LjU1MSAyNi4wOTQxIDkwLjM3MzJDMjQuOTQyMiA5Mi44NTkyIDIzLjUyODIgOTQuMDYxOCAxOS45MDExIDk1LjY0MjFDMTYuNjEwNyA5Ny4wNzU2IDE2LjU2NyA5Ny4xMDg2IDE1LjY2NzEgOTguOTgwMkMxNS4xMDI3IDEwMC4xNTQgMTQuNjc5MiAxMDEuNzU3IDE0LjU0OTkgMTAzLjIwNUMxNC4yNzMxIDEwNi4zMDIgMTMuNTk2MiAxMDcuMDMxIDkuNTIxMTggMTA4LjYxNkM1LjkxNDk3IDExMC4wMTkgMy41NzcwMiAxMTEuNzQ1IDMuNDE1ODMgMTEzLjEyM0MzLjI0MDQxIDExNC42MjMgMi41OTgxMyAxMTUuMDg0IDAuOTI5MjYgMTE0LjkwN0MwLjUzOTUyOSAxMTQuODY2IDAuMjQ0MzMyIDExNC44NTEgMCAxMTQuODgxVjEyMUMxLjAyNjU4IDExOS42NTggMi43MTkyMiAxMTguMzYxIDYuMjI0OTcgMTE2LjIwNkMxMC4zNjA0IDExMy42NjUgMTIuNzA2NSAxMTEuNTc1IDEzLjU3NzkgMTA5LjY1NEMxMy45MjYgMTA4Ljg4NyAxNC42NTQ3IDEwNy4zOTMgMTUuMTk3MSAxMDYuMzM0QzE1LjczOTUgMTA1LjI3NSAxNi4yODQ1IDEwMy45MDEgMTYuNDA4NCAxMDMuMjgxQzE2LjczMjQgMTAxLjY2IDE4LjMwMzIgMTAwLjM0OSAyMC42NjU5IDk5LjcyNkMyNS4xNzcgOTguNTM3MiAyNS43NDYxIDk4LjAxNjMgMjYuMzUyNSA5NC41MzU0QzI2Ljg1NjEgOTEuNjQ1MiAyOC42MTIgODguMDY2MSAzMC41MjY3IDg2LjAyNDZDMzEuMzA5NSA4NS4xOSAzMS45NDk1IDg0LjE4IDMxLjk0OTUgODMuNzc5MUMzMS45NDk1IDgzLjM3NjYgMzEuODg0OSA4My4yMTQ2IDMxLjcxNjYgODMuMjU5OFoiIGZpbGw9IiMzNTkxMzYiLz4KPHBhdGggZD0iTTguMDgxNzcgNzQuNDA4M0M2LjAzNDE5IDczLjg3MDUgNS44OTQ0MyA3My43MzAyIDYuMDQyNzEgNzIuMzYxNUM2LjEzMDI1IDcxLjU1MzMgNi4yNDAxNyA3MC44NTc1IDYuMjg2OTYgNzAuODE1NEM2LjMzMzc2IDcwLjc3MzMgNy43MDQ0MyA3MS4wNjg3IDkuMzMyOTIgNzEuNDcxOUMxMS45NzY4IDcyLjEyNjQgMTIuNDg2NiA3Mi4xMjM4IDE0LjA5NDcgNzEuNDQ3NEMxNi40MDQxIDcwLjQ3NiAxNy4yMzgzIDY4Ljc3NTMgMTYuNDAyMiA2Ni43NDMxQzE1Ljk0MjQgNjUuNjI1NyAxNC45MjA0IDY0LjgyODEgMTIuMjM4NCA2My40OTRDNy42NDE3IDYxLjIwNzUgNi41MzA2MiA1OS45OTkgNi4yNzQ2NSA1Ny4wMDc2QzUuODkzMzcgNTIuNTUxOSA4Ljg0Njg5IDQ5Ljk4MzYgMTQuMzUyMiA0OS45ODM2QzE1Ljk3MzMgNDkuOTgzNiAxNy44NDg3IDUwLjE5MzcgMTguNTE5NiA1MC40NTA1QzE5LjYzNjggNTAuODc4MSAxOS42OTM3IDUxLjAzOTkgMTkuMTk0NSA1Mi4zNzEyQzE4LjcxODIgNTMuNjQxNiAxOC41MDI3IDUzLjc2ODggMTcuNDg2MSA1My4zNzk2QzE1LjUxOTkgNTIuNjI3IDEyLjE5NDggNTIuODU1NCAxMS4wMDU4IDUzLjgyNDdDOS43OTA1OCA1NC44MTUzIDkuNTU3MzYgNTYuOTI1MiAxMC41MzI0IDU4LjEwNzlDMTAuODcyNyA1OC41MjA3IDEyLjkwODcgNTkuNzc5IDE1LjA1NjkgNjAuOTA0MUMxOC40NjI4IDYyLjY4ODEgMTkuMDgyIDYzLjIyMTQgMTkuODk1MSA2NS4wNzE5QzIxLjExNTIgNjcuODQ4NyAyMC42Nzg4IDcwLjM0MzcgMTguNjA3OCA3Mi40MzIzQzE2LjE2MDcgNzQuOTAwMiAxMi41NDEzIDc1LjU3OTYgOC4wODE3NyA3NC40MDgzWk0yOC45MzI4IDc0LjM4MjNDMjUuMjM2NSA3Mi45OTU4IDIzLjcxMzggNzAuNTQwNSAyMy43MTM4IDY1Ljk2NjdDMjMuNzEzOCA2Mi41MDM0IDI0LjU1ODggNjAuNDY5NyAyNi44MzMzIDU4LjQ1OTNDMjguMzk2NCA1Ny4wNzc2IDI4Ljk4NjcgNTYuODY4NiAzMS4zMjY4IDU2Ljg2ODZDMzIuODE2OCA1Ni44Njg2IDM0LjY4MjEgNTcuMjEyOSAzNS41MDA1IDU3LjYzODlDMzcuMzE2OSA1OC41ODQ2IDM4LjgzMTkgNjEuNzQyNiAzOC44NDY2IDY0LjYxNDNMMzguODU3MyA2Ni43MDQ0SDMyLjk0MjNIMjcuMDI3M0wyNy4zNDIgNjguMDU2OUMyNy41MTUgNjguODAwNyAyOC4zMzU0IDcwLjAzOTEgMjkuMTY1IDcwLjgwOUMzMC41NzczIDcyLjExOTYgMzAuODk0OSA3Mi4xOTc5IDM0LjE1NDcgNzIuMDM4NUMzNy4zOTM4IDcxLjg4MDEgMzcuNjQ2MyA3MS45NDA5IDM3Ljc4NCA3Mi45MTIyQzM3Ljk2MjYgNzQuMTcyNSAzNy4xODgyIDc0LjUyMzYgMzMuNTI0MiA3NC44NDM0QzMxLjgwODUgNzQuOTkzMiAzMC4xMDU2IDc0LjgyMjIgMjguOTMyOCA3NC4zODIzWk0zNS4wODgxIDYyLjUyNDJDMzQuOTU1OCA2MC42NzMgMzMuMzY0NCA1OS4zMjc2IDMxLjMwNzIgNTkuMzI3NkMyOS43MDg2IDU5LjMyNzYgMjguNzI4MSA2MC4wOTA5IDI3LjY2MiA2Mi4xNjU1QzI2Ljc0NTcgNjMuOTQ4NiAyNy40MTIgNjQuMjk2NSAzMS40NDg4IDY0LjE0MjVMMzUuMTkzNiA2My45OTk2TDM1LjA4ODEgNjIuNTI0MlpNNDQuMzkxNCA3NC4zNzA4QzQyLjU3MTEgNzMuNTQ2OCA0MS43MDU5IDcyLjEyODYgNDEuNjQyMSA2OS44NjQ3QzQxLjU0MTYgNjYuMjk0NCA0NC4xMTEgNjQuMTQ2OCA0OS4yNTc2IDYzLjQ5OTRDNTEuODQxNCA2My4xNzQ0IDUyLjA0OTUgNjMuMDU3NyA1MS43NTkzIDYyLjA5NjlDNTAuOTY1IDU5LjQ2NjYgNDguMjQyMyA1OC41NjQ0IDQ0LjkyNzYgNTkuODMzMUM0My40MzAzIDYwLjQwNjMgNDMuNDg2OCA2MC40MzEzIDQzLjA1MTQgNTkuMDAzMkM0Mi43ODAxIDU4LjExMzUgNDIuOTk4MiA1Ny44NTExIDQ0LjM5NSA1Ny4zODdDNDYuOTM2NCA1Ni41NDI3IDUxLjM3NDUgNTYuNjM0MiA1Mi43Nzc5IDU3LjU2QzU0LjkzOTIgNTguOTg1NyA1NS4zNzUxIDYwLjYwMTkgNTUuNTQ4NyA2Ny44MzI4TDU1LjcxMDYgNzQuNTc0NUw1NC4xMjMgNzQuNTc0QzUzLjAzNzcgNzQuNTczMyA1Mi41MzUzIDc0LjMzOTYgNTIuNTM1MyA3My44MzU0QzUyLjUzNTMgNzIuOTA2NiA1Mi4wNTI4IDcyLjkwMjQgNTAuNzUyIDczLjgxOTZDNDkuMjAxMyA3NC45MTMgNDYuMTY5NyA3NS4xNzU3IDQ0LjM5MTQgNzQuMzcwOFpNNTAuOTQ3NyA3MC44MTc1QzUxLjcwOTkgNjkuOTczNSA1Mi4wNDY4IDY4Ljk4NiA1Mi4wNDY4IDY3LjU5NjZWNjUuNTkyOUw0OS44MTgyIDY1Ljg0NThDNDUuNzE5IDY2LjMxMSA0My44NzQ5IDY5LjUxMTggNDYuNTA1OCA3MS41OTUzQzQ4LjAzNzEgNzIuODA3OSA0OS4zNTk0IDcyLjU3NjMgNTAuOTQ3NyA3MC44MTc1Wk05Mi4wMDIgNzQuNTc4OEM4OC40MDI0IDczLjQ4NjQgODYuMjQxOSA3MC4yNDY2IDg2LjI0MTkgNjUuOTQxQzg2LjI0MTkgNjAuNDA0MiA4OS41MjExIDU2LjgzMjUgOTQuNjQxIDU2Ljc5MjVDOTguNjk4OSA1Ni43NjA5IDEwMS4yNjMgNTkuNDY3OSAxMDEuNTAzIDY0LjAzNjZMMTAxLjYzIDY2LjQ1ODVMOTYuMjU2MiA2Ni41ODg1QzkzLjMwMDcgNjYuNjYgOTAuNjE1OCA2Ni44MTYgOTAuMjg5NyA2Ni45MzUxQzg5LjM4MTggNjcuMjY2OCA5MC40Nzg4IDY5Ljk0NyA5Mi4wMzA2IDcxLjE4ODZDOTMuMTU5OSA3Mi4wOTIxIDkzLjc3MSA3Mi4xOTEyIDk2LjgxNzggNzEuOTY1QzEwMC4xOTMgNzEuNzE0NCAxMDAuMzE4IDcxLjc0NDkgMTAwLjUzMSA3Mi44Njg0QzEwMC43MyA3My45MTMzIDEwMC41MDkgNzQuMDgzNSA5OC4zNTc5IDc0LjU0OEM5NS42MTAzIDc1LjE0MTIgOTMuODgyOSA3NS4xNDk2IDkyLjAwMiA3NC41Nzg4Wk05Ny45NjU5IDYzLjA4MjNDOTcuOTY1OSA2MS4xMjMxIDk2LjE4NTggNTkuMzI3NiA5NC4yNDM0IDU5LjMyNzZDOTIuMjQ5NCA1OS4zMjc2IDkwLjE0OTkgNjEuMjU2MiA5MC4xNDk5IDYzLjA4NzhDOTAuMTQ5OSA2NC4yMDcgOTAuMjc5NyA2NC4yNDU1IDk0LjA1NzkgNjQuMjQ1NUM5Ny44NDE0IDY0LjI0NTUgOTcuOTY1OSA2NC4yMDg0IDk3Ljk2NTkgNjMuMDgyM1pNMTEwLjA0MiA3NC40N0MxMDYuMTQ5IDczLjQzIDEwMy45MyA2OS40MDI5IDEwNC41NCA2NC40ODYyQzEwNS4xNjYgNTkuNDQ0MiAxMDcuOTUxIDU2Ljg3MzYgMTEyLjc5MiA1Ni44NzA1QzExNS4zNzQgNTYuODY5IDExNS44MDUgNTcuMDI0OSAxMTcuMjYgNTguNDlDMTE4Ljg3OCA2MC4xMTg1IDExOS45NDEgNjIuODM0MyAxMTkuOTQ2IDY1LjM1MkwxMTkuOTQ5IDY2LjcwNDRIMTE0LjA4N0MxMDguNDg4IDY2LjcwNDQgMTA4LjIyNSA2Ni43NTAxIDEwOC4yMjUgNjcuNzIwM0MxMDguMjI1IDcwLjcxMjIgMTEwLjk1MiA3Mi4zNDQyIDExNS4zNTcgNzEuOTg4MkMxMTguMTM2IDcxLjc2MzcgMTE4LjQyMyA3MS44MzE1IDExOC42NjcgNzIuNzY3NEMxMTguOTk4IDc0LjA0NDMgMTE4Ljk2OCA3NC4wNzIgMTE2LjY5IDc0LjYwNDNDMTE0LjM2NyA3NS4xNDcgMTEyLjQzIDc1LjEwNzggMTEwLjA0MiA3NC40N1pNMTE2LjExOSA2Mi43NzAxQzExNS44NjQgNjAuODc4NyAxMTQuMTU5IDU5LjMyNzYgMTEyLjMzNSA1OS4zMjc2QzExMC41NjYgNTkuMzI3NiAxMDguMjI0IDYxLjYwMTQgMTA4LjIyNCA2My4zMTk1QzEwOC4yMjQgNjQuMjEyOCAxMDguNTI3IDY0LjI3NDYgMTEyLjI1NSA2NC4xNDI0QzExNi4yNDEgNjQuMDAxMSAxMTYuMjgzIDYzLjk4NjIgMTE2LjExOSA2Mi43NzAxWk0xMjYuODk0IDc0LjI0N0MxMjQuODI2IDczLjIyMDggMTIzLjUzMiA3MS4zNTg5IDEyMi44OTQgNjguNDg4OUMxMjEuOTc1IDY0LjM2MDUgMTIzLjA3NCA2MC40OTE0IDEyNS44MyA1OC4xNTY3QzEyNy44MjcgNTYuNDY1NyAxMzEuODM4IDU2LjMzMDUgMTMzLjgwNSA1Ny44ODc5TDEzNS4wOTIgNTguOTA3MlY1My45NTM2VjQ5SDEzNy4wNDZIMTM5VjYxLjc4NjVWNzQuNTczMUgxMzcuMjlDMTM1Ljc2MiA3NC41NzMxIDEzNS41OCA3NC40MzMxIDEzNS41OCA3My4yNTc5VjcxLjk0MjdMMTM0LjQ4MSA3Mi45NzkyQzEzMi4yMzMgNzUuMDk5OCAxMjkuNTI1IDc1LjU1MjMgMTI2Ljg5NCA3NC4yNDdaTTEzMy42NjQgNzAuNjc2NkMxMzQuOTc2IDY5LjM1NTcgMTM1LjA5MiA2OC45NTM3IDEzNS4wOTIgNjUuNzIwOUMxMzUuMDkyIDYyLjQ1NzIgMTM0Ljk4NSA2Mi4wOTQ1IDEzMy42MDcgNjAuNzA3NkMxMzIuMzY1IDU5LjQ1NzUgMTMxLjg2NSA1OS4yNjIyIDEzMC41NTQgNTkuNTE1NEMxMjYuMTQ0IDYwLjM2NzIgMTI0LjgzNSA2OC4xNDIzIDEyOC41OTggNzEuMTIyOUMxMzAuMzQ4IDcyLjUwODEgMTMxLjk4OCA3Mi4zNjM1IDEzMy42NjQgNzAuNjc2NlpNNjEuNDEwNyA2Ni4wNTg0QzYwLjAyMiA2MS4zNzU0IDU4Ljg4NTkgNTcuMzkxOSA1OC44ODU5IDU3LjIwNjJDNTguODg1OSA1Ny4wMjA2IDU5LjcyNzQgNTYuODY4NiA2MC43NTU5IDU2Ljg2ODZINjIuNjI1OUw2NC4yNTUxIDYzLjg3NjZDNjUuMTUxMiA2Ny43MzEgNjUuOTU2IDcwLjY2MzMgNjYuMDQzNyA3MC4zOTI5QzY2LjEzMTMgNzAuMTIyNCA2Ny4wNTU3IDY3LjAyNDEgNjguMDk3OCA2My41MDc4TDY5Ljk5MjYgNTcuMTE0NUg3MS41OTY5SDczLjIwMTJMNzQuODg2NSA2My4yNjE5Qzc1LjgxMzQgNjYuNjQzIDc2LjY4MzIgNjkuNzQxMiA3Ni44MTk0IDcwLjE0N0M3Ni45NTU3IDcwLjU1MjcgNzcuODQxOSA2Ny43MzEgNzguNzg5IDYzLjg3NjZMODAuNTEwOSA1Ni44Njg2SDgyLjQ1MTdDODMuOTUxNyA1Ni44Njg2IDg0LjMzMDMgNTcuMDMxNiA4NC4xMTkgNTcuNTg2QzgzLjk2ODYgNTcuOTgwNiA4Mi42OTU2IDYxLjk2NDEgODEuMjkwMiA2Ni40MzgyTDc4LjczNDkgNzQuNTczMUg3Ni45NjM1SDc1LjE5MjFMNzMuNTgxMiA2OC43OTQ1QzcyLjY5NTIgNjUuNjE2MyA3MS44NTg1IDYyLjY4NDEgNzEuNzIxNyA2Mi4yNzgzQzcxLjQ0NjUgNjEuNDYxNiA3MS41OTExIDYxLjA3MzMgNjkuMTExNCA2OS4yODYzTDY3LjUxNTIgNzQuNTczMUg2NS43MjU0SDYzLjkzNTZMNjEuNDEwNyA2Ni4wNTg0WiIgZmlsbD0id2hpdGUiLz4KPHBhdGggZD0iTTE5Ljk3NDYgMTE5LjI3NEMxOS4wMTU4IDExOC4xMTkgMjAuMzM4MSAxMTYuMTY2IDIxLjU2MDQgMTE2LjkzMkMyMi43NjMyIDExNy42ODYgMjIuMzMwNSAxMTkuNzYxIDIwLjk3MDQgMTE5Ljc2MUMyMC42NDUgMTE5Ljc2MSAyMC4xOTY5IDExOS41NDIgMTkuOTc0NiAxMTkuMjc0WiIgZmlsbD0idXJsKCNwYWludDNfcmFkaWFsXzY3OV8xOTEwKSIvPgo8cGF0aCBkPSJNMjMuODM2IDExMi42M0MyMi4xMTUyIDExMS42ODkgMjEuODAyOSAxMDkuNzk3IDIzLjE0NjUgMTA4LjQ1M0MyNC4wODU3IDEwNy41MTQgMjUuMjEgMTA3LjM5NCAyNi4yNTA3IDEwOC4xMjNDMjcuODU3MSAxMDkuMjQ5IDI3LjQ2NTUgMTEyLjAxMyAyNS42MDc5IDExMi42NkMyNS42MDc5IDExMi42NiAyNC40NzQ1IDExMi45NzMgMjMuODM2IDExMi42M1oiIGZpbGw9InVybCgjcGFpbnQ0X3JhZGlhbF82NzlfMTkxMCkiLz4KPHBhdGggZD0iTTMzLjc4NTUgMTIwLjAzNkMzMy43ODU1IDEyMC4xODggMzMuNzU1NyAxMjAuMzM4IDMzLjY5NzYgMTIwLjQ3OUMzMy42Mzk1IDEyMC42MTkgMzMuNTU0NCAxMjAuNzQ2IDMzLjQ0NzEgMTIwLjg1M0MzMy4zMzk4IDEyMC45NjEgMzMuMjEyNCAxMjEuMDQ2IDMzLjA3MjMgMTIxLjEwNEMzMi45MzIxIDEyMS4xNjIgMzIuNzgxOCAxMjEuMTkyIDMyLjYzMDEgMTIxLjE5MkMzMi40NzgzIDEyMS4xOTIgMzIuMzI4MSAxMjEuMTYyIDMyLjE4NzkgMTIxLjEwNEMzMi4wNDc3IDEyMS4wNDYgMzEuOTIwMyAxMjAuOTYxIDMxLjgxMyAxMjAuODUzQzMxLjcwNTcgMTIwLjc0NiAzMS42MjA2IDEyMC42MTkgMzEuNTYyNiAxMjAuNDc5QzMxLjUwNDUgMTIwLjMzOCAzMS40NzQ2IDEyMC4xODggMzEuNDc0NiAxMjAuMDM2QzMxLjQ3NDYgMTE5LjczIDMxLjU5NjMgMTE5LjQzNiAzMS44MTMgMTE5LjIxOUMzMi4wMjk3IDExOS4wMDMgMzIuMzIzNiAxMTguODgxIDMyLjYzMDEgMTE4Ljg4MUMzMi45MzY1IDExOC44ODEgMzMuMjMwNCAxMTkuMDAzIDMzLjQ0NzEgMTE5LjIxOUMzMy42NjM4IDExOS40MzYgMzMuNzg1NSAxMTkuNzMgMzMuNzg1NSAxMjAuMDM2WiIgZmlsbD0iYmxhY2siLz4KPHBhdGggZD0iTTEyMC43MjEgMTE4LjI3NkMxMjAuNzIxIDExOC42MjMgMTIwLjU2NSAxMTguOTU2IDEyMC4yODcgMTE5LjIwMUMxMjAuMDA5IDExOS40NDYgMTE5LjYzMiAxMTkuNTg0IDExOS4yMzkgMTE5LjU4NEMxMTguODQ2IDExOS41ODQgMTE4LjQ2OSAxMTkuNDQ2IDExOC4xOTEgMTE5LjIwMUMxMTcuOTEzIDExOC45NTYgMTE3Ljc1NyAxMTguNjIzIDExNy43NTcgMTE4LjI3NkMxMTcuNzU3IDExOC4xMDUgMTE3Ljc5NSAxMTcuOTM1IDExNy44NyAxMTcuNzc2QzExNy45NDQgMTE3LjYxNyAxMTguMDUzIDExNy40NzMgMTE4LjE5MSAxMTcuMzUyQzExOC4zMjkgMTE3LjIzIDExOC40OTIgMTE3LjEzNCAxMTguNjcyIDExNy4wNjhDMTE4Ljg1MSAxMTcuMDAzIDExOS4wNDQgMTE2Ljk2OSAxMTkuMjM5IDExNi45NjlDMTE5LjQzMyAxMTYuOTY5IDExOS42MjYgMTE3LjAwMyAxMTkuODA2IDExNy4wNjhDMTE5Ljk4NiAxMTcuMTM0IDEyMC4xNDkgMTE3LjIzIDEyMC4yODcgMTE3LjM1MkMxMjAuNDI0IDExNy40NzMgMTIwLjUzMyAxMTcuNjE3IDEyMC42MDggMTE3Ljc3NkMxMjAuNjgyIDExNy45MzUgMTIwLjcyMSAxMTguMTA1IDEyMC43MjEgMTE4LjI3NloiIGZpbGw9IiM1OTY4NkYiLz4KPGRlZnM+CjxsaW5lYXJHcmFkaWVudCBpZD0icGFpbnQwX2xpbmVhcl82NzlfMTkxMCIgeDE9IjExIiB5MT0iLTQuNzc3NjhlLTA3IiB4Mj0iMTY0LjUiIHkyPSIxNTAuNSIgZ3JhZGllbnRVbml0cz0idXNlclNwYWNlT25Vc2UiPgo8c3RvcCBzdG9wLWNvbG9yPSIjNjRCN0ZGIi8+CjxzdG9wIG9mZnNldD0iMSIgc3RvcC1jb2xvcj0iIzAwNURBRCIvPgo8L2xpbmVhckdyYWRpZW50Pgo8cmFkaWFsR3JhZGllbnQgaWQ9InBhaW50MV9yYWRpYWxfNjc5XzE5MTAiIGN4PSIwIiBjeT0iMCIgcj0iMSIgZ3JhZGllbnRVbml0cz0idXNlclNwYWNlT25Vc2UiIGdyYWRpZW50VHJhbnNmb3JtPSJ0cmFuc2xhdGUoMTI0LjkwNCAxMjguNjM2KSByb3RhdGUoLTAuMDQ4NTUyKSBzY2FsZSgzNi4yODAyIDMxLjQwMzIpIj4KPHN0b3Agc3RvcC1jb2xvcj0iIzExNzdDRSIvPgo8c3RvcCBvZmZzZXQ9IjEiIHN0b3AtY29sb3I9IiM3RUM3RkYiIHN0b3Atb3BhY2l0eT0iMCIvPgo8L3JhZGlhbEdyYWRpZW50Pgo8cmFkaWFsR3JhZGllbnQgaWQ9InBhaW50Ml9yYWRpYWxfNjc5XzE5MTAiIGN4PSIwIiBjeT0iMCIgcj0iMSIgZ3JhZGllbnRVbml0cz0idXNlclNwYWNlT25Vc2UiIGdyYWRpZW50VHJhbnNmb3JtPSJ0cmFuc2xhdGUoMzkuMzUxMiAxMjEuNDYpIHJvdGF0ZSgtMC4wNTczKSBzY2FsZSg1MC4yMjc2IDUxLjMwOTEpIj4KPHN0b3Agc3RvcC1jb2xvcj0iIzExNzdDRSIvPgo8c3RvcCBvZmZzZXQ9IjEiIHN0b3AtY29sb3I9IiM3RUM3RkYiIHN0b3Atb3BhY2l0eT0iMCIvPgo8L3JhZGlhbEdyYWRpZW50Pgo8cmFkaWFsR3JhZGllbnQgaWQ9InBhaW50M19yYWRpYWxfNjc5XzE5MTAiIGN4PSIwIiBjeT0iMCIgcj0iMSIgZ3JhZGllbnRVbml0cz0idXNlclNwYWNlT25Vc2UiIGdyYWRpZW50VHJhbnNmb3JtPSJ0cmFuc2xhdGUoMjAuOTU0OCAxMTguMjYpIHNjYWxlKDEuMzA5MjkgMS41MDEyNykiPgo8c3RvcCBzdG9wLWNvbG9yPSIjODhBM0QwIi8+CjxzdG9wIG9mZnNldD0iMSIgc3RvcC1jb2xvcj0iIzVEODNCRiIvPgo8L3JhZGlhbEdyYWRpZW50Pgo8cmFkaWFsR3JhZGllbnQgaWQ9InBhaW50NF9yYWRpYWxfNjc5XzE5MTAiIGN4PSIwIiBjeT0iMCIgcj0iMSIgZ3JhZGllbnRVbml0cz0idXNlclNwYWNlT25Vc2UiIGdyYWRpZW50VHJhbnNmb3JtPSJ0cmFuc2xhdGUoMjQuNzg0MyAxMTAuMjIxKSBzY2FsZSgyLjQ3Mjc3IDIuNTY5NTQpIj4KPHN0b3Agc3RvcC1jb2xvcj0iIzg4QTNEMCIvPgo8c3RvcCBvZmZzZXQ9IjEiIHN0b3AtY29sb3I9IiM1RDgzQkYiLz4KPC9yYWRpYWxHcmFkaWVudD4KPC9kZWZzPgo8L3N2Zz4K keysOrder: [["apiVersion"], ["appVersion"], ["kind"], ["metadata"], ["metadata", "name"], ["spec", "host"], ["spec", "topology"], ["spec", "replicationFactor"], ["spec", "db"], ["spec", "db", "replicas"], ["spec", "db", "size"], ["spec", "db", "storageClass"], ["spec", "db", "resources"], ["spec", "db", "resourcesPreset"], ["spec", "master"], ["spec", "master", "replicas"], ["spec", "master", "resources"], ["spec", "master", "resourcesPreset"], ["spec", "filer"], ["spec", "filer", "replicas"], ["spec", "filer", "resources"], ["spec", "filer", "resourcesPreset"], ["spec", "filer", "grpcHost"], ["spec", "filer", "grpcPort"], ["spec", "filer", "whitelist"], ["spec", "volume"], ["spec", "volume", "replicas"], ["spec", "volume", "size"], ["spec", "volume", "storageClass"], ["spec", "volume", "resources"], ["spec", "volume", "resourcesPreset"], ["spec", "volume", "zones"], ["spec", "s3"], ["spec", "s3", "replicas"], ["spec", "s3", "resources"], ["spec", "s3", "resourcesPreset"]] secrets: - exclude: - - matchLabels: - apps.cozystack.io/tenantresource: "false" - include: [{}] + exclude: [] + include: [] + services: + exclude: [] + include: + - resourceNames: + - seaweedfs-{{ .name }}-s3 + ingresses: + exclude: [] + include: + - resourceNames: + - ingress-seaweedfs-{{ .name }}-s3 diff --git a/packages/system/cozystack-api/templates/cozystack-resource-definitions/tcp-balancer.yaml b/packages/system/cozystack-resource-definitions/cozyrds/tcp-balancer.yaml similarity index 99% rename from packages/system/cozystack-api/templates/cozystack-resource-definitions/tcp-balancer.yaml rename to packages/system/cozystack-resource-definitions/cozyrds/tcp-balancer.yaml index f4e03aeb..a8544ff4 100644 --- a/packages/system/cozystack-api/templates/cozystack-resource-definitions/tcp-balancer.yaml +++ b/packages/system/cozystack-resource-definitions/cozyrds/tcp-balancer.yaml @@ -29,7 +29,5 @@ spec: icon: PHN2ZyB3aWR0aD0iMTQ0IiBoZWlnaHQ9IjE0NCIgdmlld0JveD0iMCAwIDE0NCAxNDQiIGZpbGw9Im5vbmUiIHhtbG5zPSJodHRwOi8vd3d3LnczLm9yZy8yMDAwL3N2ZyI+CjxyZWN0IHdpZHRoPSIxNDQiIGhlaWdodD0iMTQ0IiByeD0iMjQiIGZpbGw9InVybCgjcGFpbnQwX2xpbmVhcl82ODNfMjk4NSkiLz4KPHBhdGggZD0iTTcyLjE2NDUgNTkuNDI0M0w2Mi41IDQ4LjQ5OCIgc3Ryb2tlPSJ3aGl0ZSIgc3Ryb2tlLXdpZHRoPSIwLjI2IiBzdHJva2UtbWl0ZXJsaW1pdD0iMTAiLz4KPHBhdGggZD0iTTQxLjY4NTUgNTEuMDIxNUw0OS4yNDcgNjIuMDY5MyIgc3Ryb2tlPSJ3aGl0ZSIgc3Ryb2tlLXdpZHRoPSIwLjEzIiBzdHJva2UtbWl0ZXJsaW1pdD0iMTAiLz4KPHBhdGggZD0iTTcyLjE2NDYgNTkuNDQxNEw4MS43MjYzIDQ4LjM5MzZNODMuNzE3MSA3MS42Mjk0TDk1LjA2NCA2Mi4wNjc4TTgzLjcxNzEgNzEuNjEwOEw5NS4wNjQgODEuNTkzTTgxLjgyOTEgOTQuMjAxN0w3Mi4xNjQ2IDgzLjQ4MTFNNjIuNTAwMSA5NC4yMDE3TDcyLjE2NDYgODMuNDkwNE00OS4yNTU5IDgxLjE3MjRMNjAuMTgyMSA3MS42MTA4TTYwLjE5MTUgNzEuNjEwOEw0OS4yNjUyIDYyLjA0OTFMNzIuMTY0NiA1OS40MjI3TDk1LjA2NCA2Mi4wNDkxIiBzdHJva2U9IndoaXRlIiBzdHJva2Utd2lkdGg9IjAuMjYiIHN0cm9rZS1taXRlcmxpbWl0PSIxMCIvPgo8cGF0aCBkPSJNODEuNzE2OCA0OC4zOTM2TDgzLjcxNyA3MS42MTA4TDgxLjgyOSA5NC4xOTI0IiBzdHJva2U9IndoaXRlIiBzdHJva2Utd2lkdGg9IjAuMjYiIHN0cm9rZS1taXRlcmxpbWl0PSIxMCIvPgo8cGF0aCBkPSJNOTUuMDY0IDgxLjU5MjVMNzIuMTY0NiA4My40ODA1TTQ5LjI1NTkgODEuMTcxOUw3Mi4xNTUzIDgzLjQ5OTIiIHN0cm9rZT0id2hpdGUiIHN0cm9rZS13aWR0aD0iMC4yNiIgc3Ryb2tlLW1pdGVybGltaXQ9IjEwIi8+CjxwYXRoIGQ9Ik02Mi41MDEyIDk0LjIwMTRMNjAuMTczOCA3MS42MTk4TTYyLjUwMTIgNDguNDk2MUw2MC4xNzM4IDcxLjYxMDUiIHN0cm9rZT0id2hpdGUiIHN0cm9rZS13aWR0aD0iMC4yNiIgc3Ryb2tlLW1pdGVybGltaXQ9IjEwIi8+CjxwYXRoIGQ9Ik0zOC43NSA2NC45OTQ4TDQ5LjI1NTcgNjIuMDUwNk01MS40NjE1IDQwLjYxODdMNjIuNTA5MyA0OC40OTc5TTYyLjQ5MDYgNDguNDk3OUw2NS4wMTQyIDM1LjY4MzZMODEuNzE2OCA0OC4zOTUxIiBzdHJva2U9IndoaXRlIiBzdHJva2Utd2lkdGg9IjAuMTMiIHN0cm9rZS1taXRlcmxpbWl0PSIxMCIvPgo8cGF0aCBkPSJNNzkuMjAzMSAzNS42ODM2TDgxLjcyNjcgNDguMzk1MU05Mi43NTU4IDQwLjYxODdMODEuNzA4IDQ4LjM5NTFNMTAyLjYyNiA1MS4wMjE1TDgxLjcxNzQgNDguMzk1MU0xMDIuNjI2IDUxLjAwMjhMOTUuMDY0NSA2Mi4wNTA2TDEwNS43NzYgNjQuOTk0OCIgc3Ryb2tlPSJ3aGl0ZSIgc3Ryb2tlLXdpZHRoPSIwLjEzIiBzdHJva2UtbWl0ZXJsaW1pdD0iMTAiLz4KPHBhdGggZD0iTTk1LjA2MzkgNjIuMDUwNkwxMDUuNTcgNzguMDE0OE03OS4yMDI1IDM1LjY4MzZMNjIuNSA0OC40OTc5IiBzdHJva2U9IndoaXRlIiBzdHJva2Utd2lkdGg9IjAuMTMiIHN0cm9rZS1taXRlcmxpbWl0PSIxMCIvPgo8cGF0aCBkPSJNOTUuMDYzNyA2Mi4wNTExTDkyLjczNjMgNDAuNjE5MU05NS4wNjM3IDgxLjU5NTFMMTA1LjU2OSA3OC4wMTUzIiBzdHJva2U9IndoaXRlIiBzdHJva2Utd2lkdGg9IjAuMTMiIHN0cm9rZS1taXRlcmxpbWl0PSIxMCIvPgo8cGF0aCBkPSJNOTUuMDY1IDgxLjU5NDlMMTA1Ljc3NiA2NC45OTUxTTk1LjA2NSA4MS41OTQ5TDEwMi42MjYgOTEuNzgyOE05NS4wNjUgODEuNTk0OUw5Mi43Mzc3IDEwMi4xODZNODEuODMwMSA5NC4yMDM1TDkyLjc1NjQgMTAyLjE4NiIgc3Ryb2tlPSJ3aGl0ZSIgc3Ryb2tlLXdpZHRoPSIwLjEzIiBzdHJva2UtbWl0ZXJsaW1pdD0iMTAiLz4KPHBhdGggZD0iTTgxLjgyOSA5NC4yMDNMMTAyLjYyNSA5MS43ODIyTTgxLjgyOSA5NC4yMDNMNzkuMzI0MSAxMDcuMTExTTgxLjgyOSA5NC4yMDNMNjUuMDE0MyAxMDcuMTAxTTYyLjUgOTQuMjAzTDY1LjAyMzYgMTA3LjEzOSIgc3Ryb2tlPSJ3aGl0ZSIgc3Ryb2tlLXdpZHRoPSIwLjEzIiBzdHJva2UtbWl0ZXJsaW1pdD0iMTAiLz4KPHBhdGggZD0iTTYyLjUwMTIgOTQuMjAzMUw3OS4zMjUzIDEwNy4xMTFNNTEuNDYyOCAxMDIuMTg1TDYyLjUxMDUgOTQuMjAzMUw0MS42NzY4IDkxLjg4NTFMNDkuMjU2OSA4MS4xNzM4IiBzdHJva2U9IndoaXRlIiBzdHJva2Utd2lkdGg9IjAuMTMiIHN0cm9rZS1taXRlcmxpbWl0PSIxMCIvPgo8cGF0aCBkPSJNNTEuNDYxOCAxMDIuMTg1TDQ5LjI1NiA4MS4xNzMxTDM4LjY0NzUgNzcuOTExMUw0OS4yNTYgNjIuMDQ5OCIgc3Ryb2tlPSJ3aGl0ZSIgc3Ryb2tlLXdpZHRoPSIwLjEzIiBzdHJva2UtbWl0ZXJsaW1pdD0iMTAiLz4KPHBhdGggZD0iTTQ5LjI1NTcgODEuMTc0NUwzOC43NSA2NC45OTUzTTUxLjQ2MTUgNDAuNjE5MUw0OS4yNTU3IDYyLjA1MTEiIHN0cm9rZT0id2hpdGUiIHN0cm9rZS13aWR0aD0iMC4xMyIgc3Ryb2tlLW1pdGVybGltaXQ9IjEwIi8+CjxwYXRoIGQ9Ik00MS42ODU1IDUxLjAyMTdMNjIuNDgxOSA0OC40OTgiIHN0cm9rZT0id2hpdGUiIHN0cm9rZS13aWR0aD0iMC4xMyIgc3Ryb2tlLW1pdGVybGltaXQ9IjEwIi8+CjxwYXRoIGQ9Ik00My4zNzYgMzYuODMzOEw1MS40NjA5IDQwLjYxOTJMNTAuODM0NiAzMS43OTU5TDY1LjAxMzYgMzUuNjg0MSIgc3Ryb2tlPSJ3aGl0ZSIgc3Ryb2tlLXdpZHRoPSIwLjEwMSIgc3Ryb2tlLW1pdGVybGltaXQ9IjEwIi8+CjxwYXRoIGQ9Ik01OC45Mjg5IDI4LjIyNDRMNjUuMDEzNiAzNS42ODMxTDY3LjUzNzMgMjYuNzM4M0w3OS4yMDE5IDM1LjY4MzFNNTEuNDYwOSA0MC42MTgxTDU4LjkxOTYgMjguMjI0NCIgc3Ryb2tlPSJ3aGl0ZSIgc3Ryb2tlLXdpZHRoPSIwLjEwMSIgc3Ryb2tlLW1pdGVybGltaXQ9IjEwIi8+CjxwYXRoIGQ9Ik03Ni41NjY3IDI2LjQ0MDRMNzkuMjAyNSAzNS42ODQzTDg1LjI5NjYgMjguMjI1Nk02NS4wMDQ5IDM1LjY4NDNMNzYuNTU3NCAyNi40NDA0TTkyLjc1NTIgNDAuNjE5NEw4NS4yNzc5IDI4LjIyNTYiIHN0cm9rZT0id2hpdGUiIHN0cm9rZS13aWR0aD0iMC4xMDEiIHN0cm9rZS1taXRlcmxpbWl0PSIxMCIvPgo8cGF0aCBkPSJNOTIuNzU0OSA0MC42MTkyTDkzLjQ5MzIgMzEuNzk1OU05Mi43NTQ5IDQwLjYxOTJMMTAxLjAzNiAzNi40MTMyTTkyLjc1NDkgNDAuNjE5MkwxMDcuMTQ5IDQyLjgyNU03OS4yMDIxIDM1LjY4NDFMOTMuNDgzOSAzMS43OTU5IiBzdHJva2U9IndoaXRlIiBzdHJva2Utd2lkdGg9IjAuMTAxIiBzdHJva2UtbWl0ZXJsaW1pdD0iMTAiLz4KPHBhdGggZD0iTTEwMi42MjUgNTEuMDIxNEwxMDcuMTM5IDQyLjgyNDRNMTAyLjYyNSA1MS4wMjE0TDEwMS4wNDUgMzYuNDIxOU0xMDIuNjI1IDUxLjAyMTRMMTEyLjA4MyA1MC4yODNNMTAyLjYyNSA1MS4wMjE0TDExNS41NiA1OC4zNzczIiBzdHJva2U9IndoaXRlIiBzdHJva2Utd2lkdGg9IjAuMTAxIiBzdHJva2UtbWl0ZXJsaW1pdD0iMTAiLz4KPHBhdGggZD0iTTEwNS43NzQgNjQuOTk0OUwxMTIuMDgzIDUwLjI4MzJNMTA1Ljc3NCA2NC45OTQ5TDExNS41NDEgNTguMzc3NE0xMDUuNzc0IDY0Ljk5NDlMMTE2LjcgNjcuMjAwN0wxMDUuNTY4IDc4LjAxNDkiIHN0cm9rZT0id2hpdGUiIHN0cm9rZS13aWR0aD0iMC4xMDEiIHN0cm9rZS1taXRlcmxpbWl0PSIxMCIvPgo8cGF0aCBkPSJNMTE3LjAxOSA3NS45MTIxTDEwNS41NjkgNzguMDE1MUwxMTUuMzM3IDg0LjUyOTdMMTAyLjYyNSA5MS43ODI3TTEwNS43NzUgNjQuOTk1MUwxMTcuMDE5IDc1LjkyMTQiIHN0cm9rZT0id2hpdGUiIHN0cm9rZS13aWR0aD0iMC4xMDEiIHN0cm9rZS1taXRlcmxpbWl0PSIxMCIvPgo8cGF0aCBkPSJNMTAyLjYyNSA5MS43ODMzTDExMS45NzEgOTIuNzI3M00xMDUuNTc4IDc4LjAxNTZMMTExLjk3MSA5Mi43MThNMTA3LjA1NSAxMDAuMDY0TDEwMi42NDMgOTEuNzgzM0wxMDAuOTYxIDEwNi4yOCIgc3Ryb2tlPSJ3aGl0ZSIgc3Ryb2tlLXdpZHRoPSIwLjEwMSIgc3Ryb2tlLW1pdGVybGltaXQ9IjEwIi8+CjxwYXRoIGQ9Ik0xMDAuOTQzIDEwNi4yNzlMOTIuNzQ1OCAxMDIuMTg1TTkyLjc1NTEgMTAyLjE4NUw5My4zODEzIDExMS4zNDVNOTIuNzU1MSAxMDIuMTg1TDEwNy4wMzcgMTAwLjA4Mk05Mi43NTUxIDEwMi4xODVMODUuMjg3MSAxMTQuNzk0IiBzdHJva2U9IndoaXRlIiBzdHJva2Utd2lkdGg9IjAuMTAxIiBzdHJva2UtbWl0ZXJsaW1pdD0iMTAiLz4KPHBhdGggZD0iTTc5LjMyMzIgMTA3LjEwM0w4NS4yNzcgMTE0Ljc2N003OS4zMjMyIDEwNy4xMDNMOTMuMzk5MyAxMTEuMzA5TTc5LjMyMzIgMTA3LjEwM0w3Ni41NjU5IDExNi41NjFNNzkuMzIzMiAxMDcuMTAzTDY3LjU1NTcgMTE2LjU2MSIgc3Ryb2tlPSJ3aGl0ZSIgc3Ryb2tlLXdpZHRoPSIwLjEwMSIgc3Ryb2tlLW1pdGVybGltaXQ9IjEwIi8+CjxwYXRoIGQ9Ik02NS4wMTM2IDEwNy4xMDJMNjcuNTM3MyAxMTYuNTYxTTY1LjAxMzYgMTA3LjEwMkw3Ni41NTY4IDExNi41NjFNNjUuMDEzNiAxMDcuMTAyTDU5LjAyMjQgMTE0Ljc2Nk01MS40NjA5IDEwMi4xODZMNTkuMDIyNCAxMTQuNzk0IiBzdHJva2U9IndoaXRlIiBzdHJva2Utd2lkdGg9IjAuMTAxIiBzdHJva2UtbWl0ZXJsaW1pdD0iMTAiLz4KPHBhdGggZD0iTTY1LjAxMzkgMTA3LjEwMUw1MC43MzIyIDExMS41MTNNNTAuNzIyOCAxMTEuNTMyTDUxLjQ2MTIgMTAyLjE4NUw0My4yNjQyIDEwNi42OTlMNDEuNjg0NiA5MS44ODQ4IiBzdHJva2U9IndoaXRlIiBzdHJva2Utd2lkdGg9IjAuMTAxIiBzdHJva2UtbWl0ZXJsaW1pdD0iMTAiLz4KPHBhdGggZD0iTTUxLjQ2MSAxMDIuMTg2TDM3LjA2NzEgMTAwLjE5NU00MS42ODQ0IDkxLjg4NkwzNy4wNTc4IDEwMC4xNjdNNDEuNjg0NCA5MS44ODZMMzIuMjI1NSA5Mi44MzAxTTQxLjY4NDQgOTEuODg2TDI4LjY3MzggODQuNjQyM0wzOC42NDY3IDc3LjkxMjdMMjcuMjk5OCA3NS45MjE5IiBzdHJva2U9IndoaXRlIiBzdHJva2Utd2lkdGg9IjAuMTAxIiBzdHJva2UtbWl0ZXJsaW1pdD0iMTAiLz4KPHBhdGggZD0iTTM4LjY0NjcgNzcuOTEyM0wzMi4yNTM2IDkyLjgyOTZNMzguNzQ5NSA2NC45OTUxTDI3LjI5OTggNzUuOTIxNCIgc3Ryb2tlPSJ3aGl0ZSIgc3Ryb2tlLXdpZHRoPSIwLjEwMSIgc3Ryb2tlLW1pdGVybGltaXQ9IjEwIi8+CjxwYXRoIGQ9Ik0zOC42NDY3IDc3LjkxMjJMMjcuMjk5OCA2Ny4yMDA5TTM4Ljc1ODkgNjQuOTk1MUwyOC45ODIyIDU4LjQ4MDUiIHN0cm9rZT0id2hpdGUiIHN0cm9rZS13aWR0aD0iMC4xMDEiIHN0cm9rZS1taXRlcmxpbWl0PSIxMCIvPgo8cGF0aCBkPSJNMjcuMjk5OCA2Ny4yMDA3TDM4Ljc0OTUgNjQuOTk0OUwzMi4yNDQyIDUwLjI4MzIiIHN0cm9rZT0id2hpdGUiIHN0cm9rZS13aWR0aD0iMC4xMDEiIHN0cm9rZS1taXRlcmxpbWl0PSIxMCIvPgo8cGF0aCBkPSJNNDEuNjgzNiA1MS4wMjE3TDMyLjIyNDcgNTAuMjgzM000MS42ODM2IDUxLjAyMTdMMjguOTgxNCA1OC40ODA0TTQxLjY4MzYgNTEuMDIxN0wzNy4xNzg1IDQzLjI0NTNNNDEuNjgzNiA1MS4wMjE3TDQzLjM2NiAzNi44NDI4IiBzdHJva2U9IndoaXRlIiBzdHJva2Utd2lkdGg9IjAuMTAxIiBzdHJva2UtbWl0ZXJsaW1pdD0iMTAiLz4KPHBhdGggZD0iTTUxLjQ2MSA0MC42MTkxTDM3LjE2OTkgNDMuMjQ1NiIgc3Ryb2tlPSJ3aGl0ZSIgc3Ryb2tlLXdpZHRoPSIwLjEwMSIgc3Ryb2tlLW1pdGVybGltaXQ9IjEwIi8+CjxwYXRoIGQ9Ik01NC41NjQ1IDc3LjA3MDJMNTQuNjM5MiA2Ni4wMjI0TDY1LjY4NyA2Ni4wOTcxTDY1LjYxMjMgNzcuMTQ0OUw1NC41NjQ1IDc3LjA3MDJaTTY2LjUxODkgNjQuOTEwMUw2Ni41OTM3IDUzLjg2MjNMNzcuNjQxNSA1My45MzcxTDc3LjU2NjcgNjQuOTg0OUw2Ni41MTg5IDY0LjkxMDFaTTY2LjUxODkgODkuMTI3NEw2Ni41OTM3IDc4LjA3OTZMNzcuNjQxNSA3OC4xNTQ0TDc3LjU2NjcgODkuMjAyMkw2Ni41MTg5IDg5LjEyNzRaTTc4LjU3NjEgNzYuOTY3M0w3OC42NTA5IDY1LjkxOTVMODkuNjk4NyA2NS45OTQzTDg5LjYyMzkgNzcuMDQyMUw3OC41NzYxIDc2Ljk2NzNaIiBmaWxsPSJ3aGl0ZSIvPgo8cGF0aCBkPSJNNzcuOTQwNiA1Mi4yMzY2TDc3Ljk5NjYgNDQuNTcyM0w4NS42OTgzIDQ0LjYyODNMODUuNjQyMiA1Mi4yOTI2TDc3Ljk0MDYgNTIuMjM2NlpNNTguNjg2NCA1Mi4yMzY2TDU4Ljc0MjQgNDQuNTcyM0w2Ni40NDQxIDQ0LjYyODNMNjYuMzg4IDUyLjI5MjZMNTguNjg2NCA1Mi4yMzY2Wk00NS4zNTggNjUuODkyMUw0NS40MTQxIDU4LjIyNzhMNTMuMTE1NyA1OC4yODM5TDUzLjA1OTcgNjUuOTQ4Mkw0NS4zNTggNjUuODkyMVpNNDUuMzQ4NiA4NS4xNjVMNDUuNDMyOCA3Ny41MDA3TDUzLjEzNDQgNzcuNTg0OEw1My4wNTAzIDg1LjI0OTFMNDUuMzQ4NiA4NS4xNjVaTTkxLjI2OSA4NS4wMTU0TDkxLjMyNSA3Ny4zNTExTDk5LjAyNjcgNzcuNDA3Mkw5OC45NzA2IDg1LjA3MTVMOTEuMjY5IDg1LjAxNTRaTTkxLjQxODUgNjUuOTQ4Mkw5MS41MDI2IDU4LjI4MzlMOTkuMjA0MyA1OC4zNjhMOTkuMTIwMiA2Ni4wMzIzTDkxLjQxODUgNjUuOTQ4MloiIGZpbGw9IndoaXRlIi8+CjxwYXRoIGQ9Ik0zOS4xMTQzIDUzLjUyNjNMMzkuMTUxNyA0OC40NzkxTDQ0LjE4MDIgNDguNTE2NUw0NC4xNDI4IDUzLjU2MzdMMzkuMTE0MyA1My41MjYzWk00OC45NTYzIDQzLjI2MzdMNDguOTkzNyAzOC4yMTY0TDU0LjAyMjMgMzguMjUzOEw1My45ODQ5IDQzLjMwMUw0OC45NTYzIDQzLjI2MzdaTTYyLjQ5OTcgMzguMTg4NEw2Mi41MzcxIDMzLjE0MTJMNjcuNTY1NiAzMy4xNzg2TDY3LjUyODIgMzguMjI1OEw2Mi40OTk3IDM4LjE4ODRaTTM2LjE1MTQgNjcuNDkwM0wzNi4xODg4IDYyLjQ0MzFMNDEuMTg5MiA2Mi40ODA1TDQxLjE1MTkgNjcuNTI3N0wzNi4xNTE0IDY3LjQ5MDNaTTEwMC4wODMgNDguNTUzOUwxMDUuMTMgNDguNTE2NUwxMDUuMTY3IDUzLjU0NUwxMDAuMTIgNTMuNTgyNEwxMDAuMDgzIDQ4LjU1MzlaTTkwLjI0MDcgMzguMTEzNkw5NS4yODc5IDM4LjA3NjJMOTUuMzI1MyA0My4xMDQ4TDkwLjI3ODEgNDMuMTQyMUw5MC4yNDA3IDM4LjExMzZaTTc2LjY1MDYgMzMuMTY5Mkw4MS42OTc4IDMzLjEzMThMODEuNzM1MiAzOC4xNjA0TDc2LjY4OCAzOC4xOTc3TDc2LjY1MDYgMzMuMTY5MlpNMTAzLjAxOCA2Mi40OTkyTDEwOC4wNjUgNjIuNDYxOEwxMDguMTAyIDY3LjQ5MDNMMTAzLjA1NSA2Ny41Mjc3TDEwMy4wMTggNjIuNDk5MloiIGZpbGw9IndoaXRlIi8+CjxwYXRoIGQ9Ik01OC41ODMgOTguMjQwNUw1OC42MzkxIDkwLjU3NjJMNjYuMzQwOCA5MC42MzIzTDY2LjI4NDcgOTguMjk2NUw1OC41ODMgOTguMjQwNVpNNzcuODM3MiA5OC4yNDA1TDc3Ljg5MzMgOTAuNTc2Mkw4NS41OTUgOTAuNjMyM0w4NS41Mzg5IDk4LjI5NjVMNzcuODM3MiA5OC4yNDA1WiIgZmlsbD0id2hpdGUiLz4KPHBhdGggZD0iTTEwMC4wNDUgOTQuMzYxOUwxMDAuMDgyIDg5LjMxNDdMMTA1LjExMSA4OS4zNTIxTDEwNS4wNzQgOTQuMzk5M0wxMDAuMDQ1IDk0LjM2MTlaTTkwLjMxNTIgMTA0LjcyN0w5MC4zNTI2IDk5LjY4MDJMOTUuMzgxMSA5OS43MTc2TDk1LjM0MzcgMTA0Ljc2NUw5MC4zMTUyIDEwNC43MjdaTTc2Ljc3MTggMTA5LjdMNzYuODA5MiAxMDQuNjUzTDgxLjgzNzcgMTA0LjY5TDgxLjgwMDQgMTA5LjczN0w3Ni43NzE4IDEwOS43Wk0xMDMuMDA4IDgwLjM5NzlMMTAzLjA0NSA3NS4zNTA3TDEwOC4wNzQgNzUuMzg4MUwxMDguMDM3IDgwLjQzNTNMMTAzLjAwOCA4MC4zOTc5Wk0zOS4xMjMzIDg5LjMxNDdMNDQuMTcwNiA4OS4yNzczTDQ0LjIwNzkgOTQuMzA1OEwzOS4xNjA3IDk0LjM0MzJMMzkuMTIzMyA4OS4zMTQ3Wk00OC45NjU0IDk5LjY0MjhMNTQuMDEyNiA5OS42MDU0TDU0LjA1IDEwNC42MzRMNDkuMDAyOCAxMDQuNjcxTDQ4Ljk2NTQgOTkuNjQyOFpNNjIuNDQzMyAxMDQuNTk3TDY3LjQ5MDYgMTA0LjU1OUw2Ny41Mjc5IDEwOS41ODhMNjIuNDgwNyAxMDkuNjI1TDYyLjQ0MzMgMTA0LjU5N1pNMzYuMTg4NSA3NS4zNjk0TDQxLjIzNTcgNzUuMzMyTDQxLjI3MzEgODAuMzYwNkwzNi4yMjU5IDgwLjM5NzlMMzYuMTg4NSA3NS4zNjk0WiIgZmlsbD0id2hpdGUiLz4KPHBhdGggZD0iTTExMC42MjUgNTEuNjM4NEwxMTAuNjQ0IDQ4LjkwOTJMMTEzLjQyOSA0OC45Mjc5TDExMy40MSA1MS42NTcxTDExMC42MjUgNTEuNjM4NFoiIGZpbGw9IndoaXRlIi8+CjxwYXRoIGQ9Ik0xMTQuMjI0IDU5Ljg5MTNMMTE0LjI0MiA1Ny4xNjIxTDExNy4wMjggNTcuMTgwOEwxMTcuMDA5IDU5LjkxTDExNC4yMjQgNTkuODkxM1oiIGZpbGw9IndoaXRlIi8+CjxwYXRoIGQ9Ik0xMDUuNzY3IDQ0LjMzNzZMMTA1Ljc4NSA0MS42MDg0TDEwOC41NzEgNDEuNjI3MUwxMDguNTUyIDQ0LjM1NjNMMTA1Ljc2NyA0NC4zMzc2WiIgZmlsbD0id2hpdGUiLz4KPHBhdGggZD0iTTQxLjk3MzYgMzguMDk0NUw0MS45OTIzIDM1LjM2NTJMNDQuNzc3NiAzNS4zODM5TDQ0Ljc1ODkgMzguMTEzMkw0MS45NzM2IDM4LjA5NDVaIiBmaWxsPSJ3aGl0ZSIvPgo8cGF0aCBkPSJNMjYgNjguNTU1NEwyNi4wMTg3IDY1LjgyNjJMMjguODA0IDY1Ljg0NDlMMjguNzg1MyA2OC41NzQxTDI2IDY4LjU1NTRaIiBmaWxsPSJ3aGl0ZSIvPgo8cGF0aCBkPSJNOTkuNjI0IDM4LjA5NDVMOTkuNjQyNyAzNS4zNjUyTDEwMi40MjggMzUuMzgzOUwxMDIuNDA5IDM4LjExMzJMOTkuNjI0IDM4LjA5NDVaIiBmaWxsPSJ3aGl0ZSIvPgo8cGF0aCBkPSJNMjcuNTg5OCA1OS44ODE2TDI3LjYwODUgNTcuMTUyM0wzMC4zOTM5IDU3LjE3MUwzMC4zNzUyIDU5LjkwMDNMMjcuNTg5OCA1OS44ODE2WiIgZmlsbD0id2hpdGUiLz4KPHBhdGggZD0iTTU3LjYyOTkgMjkuNjM1NUw1Ny42NDg2IDI2LjkwNjJMNjAuNDMzOSAyNi45MjQ5TDYwLjQxNTIgMjkuNjU0Mkw1Ny42Mjk5IDI5LjYzNTVaIiBmaWxsPSJ3aGl0ZSIvPgo8cGF0aCBkPSJNMzAuOTcyNyA1MS42Mzg0TDMwLjk5MTMgNDguOTA5MkwzMy43NzY3IDQ4LjkyNzlMMzMuNzU4IDUxLjY1NzFMMzAuOTcyNyA1MS42Mzg0WiIgZmlsbD0id2hpdGUiLz4KPHBhdGggZD0iTTM1Ljk0NTMgNDQuMjM2MUwzNS45NjQgNDEuNTA2OEwzOC43NDkzIDQxLjUyNTVMMzguNzMwNiA0NC4yNTQ4TDM1Ljk0NTMgNDQuMjM2MVoiIGZpbGw9IndoaXRlIi8+CjxwYXRoIGQ9Ik00OS40MjI5IDMwLjQyMDRMNTIuMTUyMSAzMC40MDE3TDUyLjE3MDggMzMuMTg3TDQ5LjQ0MTUgMzMuMjA1N0w0OS40MjI5IDMwLjQyMDRaTTY2LjMwMyAyNS4wNDZMNjkuMDMyMiAyNS4wMjczTDY5LjA1MDkgMjcuODEyN0w2Ni4zMjE3IDI3LjgzMTRMNjYuMzAzIDI1LjA0NloiIGZpbGw9IndoaXRlIi8+CjxwYXRoIGQ9Ik05Mi4yMjI3IDMzLjIyNDRMOTIuMjQxNCAzMC40OTUxTDk1LjAyNjcgMzAuNTEzOEw5NS4wMDggMzMuMjQzTDkyLjIyMjcgMzMuMjI0NFoiIGZpbGw9IndoaXRlIi8+CjxwYXRoIGQ9Ik0xMTUuNTk4IDY4LjQ1MjlMMTE1LjYxNiA2NS43MjM2TDExOC40MDIgNjUuNzQyM0wxMTguMzgzIDY4LjQ3MTZMMTE1LjU5OCA2OC40NTI5WiIgZmlsbD0id2hpdGUiLz4KPHBhdGggZD0iTTc1LjE5MTQgMjcuNzI5Mkw3NS4yMTAxIDI1TDc3Ljk5NTQgMjUuMDE4N0w3Ny45NzY3IDI3Ljc0NzlMNzUuMTkxNCAyNy43MjkyWiIgZmlsbD0id2hpdGUiLz4KPHBhdGggZD0iTTgzLjg2NjIgMjkuNTIzMkw4My44ODQ5IDI2Ljc5MzlMODYuNjcwMiAyNi44MTI2TDg2LjY1MTUgMjkuNTQxOUw4My44NjYyIDI5LjUyMzJaIiBmaWxsPSJ3aGl0ZSIvPgo8cGF0aCBkPSJNOTkuNjI0IDEwNy43TDk5LjY0MjcgMTA0Ljk3MUwxMDIuNDI4IDEwNC45ODlMMTAyLjQwOSAxMDcuNzE5TDk5LjYyNCAxMDcuN1oiIGZpbGw9IndoaXRlIi8+CjxwYXRoIGQ9Ik0xMTUuNTk4IDc3LjIzOUwxMTUuNjE2IDc0LjUwOThMMTE4LjQwMiA3NC41Mjg1TDExOC4zODMgNzcuMjU3N0wxMTUuNTk4IDc3LjIzOVoiIGZpbGw9IndoaXRlIi8+CjxwYXRoIGQ9Ik00MS45NzM2IDEwNy43TDQxLjk5MjMgMTA0Ljk3MUw0NC43Nzc2IDEwNC45ODlMNDQuNzU4OSAxMDcuNzE5TDQxLjk3MzYgMTA3LjdaIiBmaWxsPSJ3aGl0ZSIvPgo8cGF0aCBkPSJNMTE0LjIyNCA4Ni4wMzI5TDExNC4yNDIgODMuMzAzN0wxMTcuMDI4IDgzLjMyMjRMMTE3LjAwOSA4Ni4wNTE2TDExNC4yMjQgODYuMDMyOVoiIGZpbGw9IndoaXRlIi8+CjxwYXRoIGQ9Ik04My44NjYyIDExNi4yN0w4My44ODQ5IDExMy41NDFMODYuNjcwMiAxMTMuNTZMODYuNjUxNSAxMTYuMjg5TDgzLjg2NjIgMTE2LjI3WiIgZmlsbD0id2hpdGUiLz4KPHBhdGggZD0iTTExMC42MjUgOTQuMjY4M0wxMTAuNjQ0IDkxLjUzOTFMMTEzLjQyOSA5MS41NTc4TDExMy40MSA5NC4yODdMMTEwLjYyNSA5NC4yNjgzWiIgZmlsbD0id2hpdGUiLz4KPHBhdGggZD0iTTEwNS43NjcgMTAxLjY3MkwxMDUuNzg1IDk4Ljk0MjRMMTA4LjU3MSA5OC45NjExTDEwOC41NTIgMTAxLjY5TDEwNS43NjcgMTAxLjY3MloiIGZpbGw9IndoaXRlIi8+CjxwYXRoIGQ9Ik05Mi4xMDk0IDExMC4wNjVMOTQuODM4NiAxMTAuMDQ2TDk0Ljg1NzMgMTEyLjgzMUw5Mi4xMjggMTEyLjg1TDkyLjEwOTQgMTEwLjA2NVpNNzUuMzMyIDExNS4yMTVMNzguMDYxMyAxMTUuMTk2TDc4LjA4IDExNy45ODFMNzUuMzUwNyAxMThMNzUuMzMyIDExNS4yMTVaIiBmaWxsPSJ3aGl0ZSIvPgo8cGF0aCBkPSJNNDkuNDc4NSAxMTIuODg2TDQ5LjQ5NzIgMTEwLjE1N0w1Mi4yODI1IDExMC4xNzZMNTIuMjYzOCAxMTIuOTA1TDQ5LjQ3ODUgMTEyLjg4NloiIGZpbGw9IndoaXRlIi8+CjxwYXRoIGQ9Ik0zMC44NTk0IDk0LjE2NThMMzAuODc4MSA5MS40MzY1TDMzLjY2MzQgOTEuNDU1MkwzMy42NDQ3IDk0LjE4NDVMMzAuODU5NCA5NC4xNjU4WiIgZmlsbD0id2hpdGUiLz4KPHBhdGggZD0iTTI3LjU4MDEgODYuMDE0NEwyNy41OTg4IDgzLjI4NTJMMzAuMzg0MSA4My4zMDM5TDMwLjM2NTQgODYuMDMzMUwyNy41ODAxIDg2LjAxNDRaIiBmaWxsPSJ3aGl0ZSIvPgo8cGF0aCBkPSJNMzUuODMyIDEwMS42NzJMMzUuODUwNyA5OC45NDI0TDM4LjYzNiA5OC45NjExTDM4LjYxNzMgMTAxLjY5TDM1LjgzMiAxMDEuNjcyWiIgZmlsbD0id2hpdGUiLz4KPHBhdGggZD0iTTI2IDc3LjIzOUwyNi4wMTg3IDc0LjUwOThMMjguODA0IDc0LjUyODVMMjguNzg1MyA3Ny4yNTc3TDI2IDc3LjIzOVoiIGZpbGw9IndoaXRlIi8+CjxwYXRoIGQ9Ik02Ni40MDUzIDExNy45NjJMNjYuNDI0IDExNS4yMzJMNjkuMjA5MyAxMTUuMjUxTDY5LjE5MDYgMTE3Ljk4TDY2LjQwNTMgMTE3Ljk2MloiIGZpbGw9IndoaXRlIi8+CjxwYXRoIGQ9Ik01Ny41MTc2IDExNi4xNjhMNTcuNTM2MyAxMTMuNDM4TDYwLjMyMTYgMTEzLjQ1N0w2MC4zMDI5IDExNi4xODZMNTcuNTE3NiAxMTYuMTY4WiIgZmlsbD0id2hpdGUiLz4KPGRlZnM+CjxsaW5lYXJHcmFkaWVudCBpZD0icGFpbnQwX2xpbmVhcl82ODNfMjk4NSIgeDE9IjEwIiB5MT0iMTUuNSIgeDI9IjE0NCIgeTI9IjEzMS41IiBncmFkaWVudFVuaXRzPSJ1c2VyU3BhY2VPblVzZSI+CjxzdG9wIHN0b3AtY29sb3I9IiMwMEE4REEiLz4KPHN0b3Agb2Zmc2V0PSIwLjQ5NSIgc3RvcC1jb2xvcj0iIzM1NzlCQyIvPgo8c3RvcCBvZmZzZXQ9IjEiIHN0b3AtY29sb3I9IiMyODZFQTUiLz4KPC9saW5lYXJHcmFkaWVudD4KPC9kZWZzPgo8L3N2Zz4K keysOrder: [["apiVersion"], ["appVersion"], ["kind"], ["metadata"], ["metadata", "name"], ["spec", "replicas"], ["spec", "resourcesPreset"], ["spec", "external"], ["spec", "httpAndHttps"], ["spec", "httpAndHttps", "mode"], ["spec", "httpAndHttps", "targetPorts"], ["spec", "httpAndHttps", "targetPorts", "http"], ["spec", "httpAndHttps", "targetPorts", "https"], ["spec", "httpAndHttps", "endpoints"], ["spec", "whitelistHTTP"], ["spec", "whitelist"]] secrets: - exclude: - - matchLabels: - apps.cozystack.io/tenantresource: "false" - include: [{}] + exclude: [] + include: [] diff --git a/packages/system/cozystack-api/templates/cozystack-resource-definitions/tenant.yaml b/packages/system/cozystack-resource-definitions/cozyrds/tenant.yaml similarity index 97% rename from packages/system/cozystack-api/templates/cozystack-resource-definitions/tenant.yaml rename to packages/system/cozystack-resource-definitions/cozyrds/tenant.yaml index 76aa6365..25c3a92a 100644 --- a/packages/system/cozystack-api/templates/cozystack-resource-definitions/tenant.yaml +++ b/packages/system/cozystack-resource-definitions/cozyrds/tenant.yaml @@ -27,7 +27,5 @@ spec: icon: PHN2ZyB3aWR0aD0iMTQ0IiBoZWlnaHQ9IjE0NCIgdmlld0JveD0iMCAwIDE0NCAxNDQiIGZpbGw9Im5vbmUiIHhtbG5zPSJodHRwOi8vd3d3LnczLm9yZy8yMDAwL3N2ZyI+CjxyZWN0IHdpZHRoPSIxNDQiIGhlaWdodD0iMTQ0IiByeD0iMjQiIGZpbGw9InVybCgjcGFpbnQwX2xpbmVhcl82ODdfMzQwMykiLz4KPGcgY2xpcC1wYXRoPSJ1cmwoI2NsaXAwXzY4N18zNDAzKSI+CjxwYXRoIGQ9Ik03MiAyOUM2Ni4zOTI2IDI5IDYxLjAxNDggMzEuMjM4OCA1Ny4wNDk3IDM1LjIyNEM1My4wODQ3IDM5LjIwOTEgNTAuODU3MSA0NC42MTQxIDUwLjg1NzEgNTAuMjVDNTAuODU3MSA1NS44ODU5IDUzLjA4NDcgNjEuMjkwOSA1Ny4wNDk3IDY1LjI3NkM2MS4wMTQ4IDY5LjI2MTIgNjYuMzkyNiA3MS41IDcyIDcxLjVDNzcuNjA3NCA3MS41IDgyLjk4NTIgNjkuMjYxMiA4Ni45NTAzIDY1LjI3NkM5MC45MTUzIDYxLjI5MDkgOTMuMTQyOSA1NS44ODU5IDkzLjE0MjkgNTAuMjVDOTMuMTQyOSA0NC42MTQxIDkwLjkxNTMgMzkuMjA5MSA4Ni45NTAzIDM1LjIyNEM4Mi45ODUyIDMxLjIzODggNzcuNjA3NCAyOSA3MiAyOVpNNjAuOTgyNiA4My4zMDM3QzYwLjQ1NCA4Mi41ODk4IDU5LjU5NTEgODIuMTkxNCA1OC43MTk2IDgyLjI3NDRDNDUuMzg5NyA4My43MzU0IDM1IDk1LjEwNzQgMzUgMTA4LjkwM0MzNSAxMTEuNzI2IDM3LjI3OTUgMTE0IDQwLjA3MSAxMTRIMTAzLjkyOUMxMDYuNzM3IDExNCAxMDkgMTExLjcwOSAxMDkgMTA4LjkwM0MxMDkgOTUuMTA3NCA5OC42MTAzIDgzLjc1MiA4NS4yNjM4IDgyLjI5MUM4NC4zODg0IDgyLjE5MTQgODMuNTI5NSA4Mi42MDY0IDgzLjAwMDkgODMuMzIwM0w3NC4wOTc4IDk1LjI0MDJDNzMuMDQwNiA5Ni42NTE0IDcwLjkyNjMgOTYuNjUxNCA2OS44NjkyIDk1LjI0MDJMNjAuOTY2MSA4My4zMjAzTDYwLjk4MjYgODMuMzAzN1oiIGZpbGw9ImJsYWNrIi8+CjwvZz4KPGRlZnM+CjxsaW5lYXJHcmFkaWVudCBpZD0icGFpbnQwX2xpbmVhcl82ODdfMzQwMyIgeDE9IjcyIiB5MT0iMTQ0IiB4Mj0iLTEuMjgxN2UtMDUiIHkyPSI0IiBncmFkaWVudFVuaXRzPSJ1c2VyU3BhY2VPblVzZSI+CjxzdG9wIHN0b3AtY29sb3I9IiNDMEQ2RkYiLz4KPHN0b3Agb2Zmc2V0PSIwLjMiIHN0b3AtY29sb3I9IiNDNERBRkYiLz4KPHN0b3Agb2Zmc2V0PSIwLjY1IiBzdG9wLWNvbG9yPSIjRDNFOUZGIi8+CjxzdG9wIG9mZnNldD0iMSIgc3RvcC1jb2xvcj0iI0U5RkZGRiIvPgo8L2xpbmVhckdyYWRpZW50Pgo8Y2xpcFBhdGggaWQ9ImNsaXAwXzY4N18zNDAzIj4KPHJlY3Qgd2lkdGg9Ijc0IiBoZWlnaHQ9Ijg1IiBmaWxsPSJ3aGl0ZSIgdHJhbnNmb3JtPSJ0cmFuc2xhdGUoMzUgMjkpIi8+CjwvY2xpcFBhdGg+CjwvZGVmcz4KPC9zdmc+Cg== keysOrder: [["apiVersion"], ["appVersion"], ["kind"], ["metadata"], ["metadata", "name"], ["spec", "host"], ["spec", "etcd"], ["spec", "monitoring"], ["spec", "ingress"], ["spec", "seaweedfs"], ["spec", "isolated"], ["spec", "resourceQuotas"]] secrets: - exclude: - - matchLabels: - apps.cozystack.io/tenantresource: "false" - include: [{}] + exclude: [] + include: [] diff --git a/packages/system/cozystack-api/templates/cozystack-resource-definitions/virtual-machine.yaml b/packages/system/cozystack-resource-definitions/cozyrds/virtual-machine.yaml similarity index 98% rename from packages/system/cozystack-api/templates/cozystack-resource-definitions/virtual-machine.yaml rename to packages/system/cozystack-resource-definitions/cozyrds/virtual-machine.yaml index 0a0d4821..7a2a054a 100644 --- a/packages/system/cozystack-api/templates/cozystack-resource-definitions/virtual-machine.yaml +++ b/packages/system/cozystack-resource-definitions/cozyrds/virtual-machine.yaml @@ -30,7 +30,10 @@ spec: icon: PHN2ZyB3aWR0aD0iMTQ0IiBoZWlnaHQ9IjE0NCIgdmlld0JveD0iMCAwIDE0NCAxNDQiIGZpbGw9Im5vbmUiIHhtbG5zPSJodHRwOi8vd3d3LnczLm9yZy8yMDAwL3N2ZyI+CjxyZWN0IHdpZHRoPSIxNDQiIGhlaWdodD0iMTQ0IiByeD0iMjQiIGZpbGw9InVybCgjcGFpbnQwX2xpbmVhcl82ODdfMzQ1NCkiLz4KPGcgY2xpcC1wYXRoPSJ1cmwoI2NsaXAwXzY4N18zNDU0KSI+CjxwYXRoIGQ9Ik04OS41MDM5IDExMS43MDdINTQuNDk3QzU0LjE3MjcgMTExLjcwNyA1NC4wMTA4IDExMS4yMjEgNTQuMzM0OSAxMTEuMDU5TDU3LjI1MjIgMTA4Ljk1MkM2MC4zMzE0IDEwNi42ODMgNjEuOTUyMiAxMDIuNjMxIDYwLjk3OTcgOTguNzQxMkg4My4wMjFDODIuMDQ4NSAxMDIuNjMxIDgzLjY2OTMgMTA2LjY4MyA4Ni43NDg1IDEwOC45NTJMODkuNjY1OCAxMTEuMDU5Qzg5Ljk5IDExMS4yMjEgODkuODI3OSAxMTEuNzA3IDg5LjUwMzkgMTExLjcwN1oiIGZpbGw9IiNCMEI2QkIiLz4KPHBhdGggZD0iTTExMy4zMjggOTguNzQxSDMwLjY3MjVDMjcuNTkzMSA5OC43NDEgMjUgOTYuMTQ4IDI1IDkzLjA2ODdWMzMuMTAzMkMyNSAzMC4wMjM5IDI3LjU5MzEgMjcuNDMwNyAzMC42NzI1IDI3LjQzMDdIMTEzLjMyOEMxMTYuNDA3IDI3LjQzMDcgMTE5IDMwLjAyMzcgMTE5IDMzLjEwMzJWOTMuMDY4N0MxMTkgOTYuMTQ4IDExNi40MDcgOTguNzQxIDExMy4zMjggOTguNzQxWiIgZmlsbD0iI0U4RURFRSIvPgo8cGF0aCBkPSJNMTE5IDg0LjE1NDlIMjVWMzMuMTAzMkMyNSAzMC4wMjM5IDI3LjU5MzEgMjcuNDMwNyAzMC42NzI1IDI3LjQzMDdIMTEzLjMyOEMxMTYuNDA3IDI3LjQzMDcgMTE5IDMwLjAyMzcgMTE5IDMzLjEwMzJMMTE5IDg0LjE1NDlaIiBmaWxsPSIjMDBCM0ZGIi8+CjxwYXRoIGQ9Ik05MC42Mzc0IDExNi41NjlINTMuMzYxNkM1Mi4wNjUxIDExNi41NjkgNTAuOTMwNyAxMTUuNDM1IDUwLjkzMDcgMTE0LjEzOEM1MC45MzA3IDExMi44NDEgNTIuMDY1MSAxMTEuNzA3IDUzLjM2MTYgMTExLjcwN0g5MC42Mzc0QzkxLjkzMzkgMTExLjcwNyA5My4wNjg0IDExMi44NDEgOTMuMDY4NCAxMTQuMTM4QzkzLjA2ODQgMTE1LjQzNSA5MS45MzM5IDExNi41NjkgOTAuNjM3NCAxMTYuNTY5WiIgZmlsbD0iI0U4RURFRSIvPgo8L2c+CjxwYXRoIGQ9Ik03Mi41Mjc1IDUzLjgzNjdDNzIuNDQzMSA1My44MzUxIDcyLjM2MDUgNTMuODEyMiA3Mi4yODczIDUzLjc3MDFMNTYuNDY5OSA0NC43OTM0QzU2LjM5ODMgNDQuNzUxOSA1Ni4zMzg4IDQ0LjY5MjMgNTYuMjk3MyA0NC42MjA3QzU2LjI1NTkgNDQuNTQ5IDU2LjIzMzggNDQuNDY3OCA1Ni4yMzM0IDQ0LjM4NUM1Ni4yMzM0IDQ0LjIxNjkgNTYuMzI1OCA0NC4wNjE3IDU2LjQ2OTkgNDMuOTc4NUw3Mi4xOTEyIDM1LjA2MDlDNzIuMjYzNyAzNS4wMjEgNzIuMzQ1IDM1IDcyLjQyNzcgMzVDNzIuNTEwNSAzNSA3Mi41OTE4IDM1LjAyMSA3Mi42NjQzIDM1LjA2MDlMODguNDg3MiA0NC4wMzk1Qzg4LjU1OTEgNDQuMDgwMSA4OC42MTg4IDQ0LjEzOTIgODguNjYgNDQuMjEwN0M4OC43MDEzIDQ0LjI4MjIgODguNzIyNyA0NC4zNjM1IDg4LjcyMTkgNDQuNDQ2Qzg4LjcyMjUgNDQuNTI4NSA4OC43MDEgNDQuNjA5NyA4OC42NTk4IDQ0LjY4MTJDODguNjE4NSA0NC43NTI2IDg4LjU1ODkgNDQuODExOCA4OC40ODcyIDQ0Ljg1MjVMNzIuNzcxNCA1My43NjgzQzcyLjY5NzIgNTMuODExNCA3Mi42MTMzIDUzLjgzNDkgNzIuNTI3NSA1My44MzY3IiBmaWxsPSJ3aGl0ZSIvPgo8cGF0aCBvcGFjaXR5PSIwLjciIGQ9Ik03MC4yNTUzIDc1LjY1MTdDNzAuMTcxIDc1LjY1MzUgNzAuMDg3OCA3NS42MzE3IDcwLjAxNTEgNzUuNTg4OEw1NC4yNDU4IDY2LjY0MTdDNTQuMTcxNSA2Ni42MDI0IDU0LjEwOTUgNjYuNTQzNiA1NC4wNjYxIDY2LjQ3MTZDNTQuMDIyOCA2Ni4zOTk3IDU0IDY2LjMxNzMgNTQgNjYuMjMzM1Y0OC4yNzhDNTQgNDguMTA4IDU0LjA5MjQgNDcuOTU0NiA1NC4yNDM5IDQ3Ljg2OTZDNTQuMzE3MiA0Ny44MjcxIDU0LjQwMDQgNDcuODA0NyA1NC40ODUxIDQ3LjgwNDdDNTQuNTY5NyA0Ny44MDQ3IDU0LjY1MjkgNDcuODI3MSA1NC43MjYyIDQ3Ljg2OTZMNzAuNDkzNyA1Ni44MTMxQzcwLjU2NDIgNTYuODU2NSA3MC42MjI1IDU2LjkxNyA3MC42NjMyIDU2Ljk4OTFDNzAuNzAzOSA1Ny4wNjEyIDcwLjcyNTcgNTcuMTQyNCA3MC43MjY1IDU3LjIyNTFWNzUuMTgwNUM3MC43MjU5IDc1LjI2MjggNzAuNzA0MiA3NS4zNDM2IDcwLjY2MzUgNzUuNDE1MUM3MC42MjI3IDc1LjQ4NjYgNzAuNTY0MiA3NS41NDY0IDcwLjQ5MzcgNzUuNTg4OEM3MC40MjA2IDc1LjYyOTEgNzAuMzM4NyA3NS42NTA3IDcwLjI1NTMgNzUuNjUxNyIgZmlsbD0id2hpdGUiLz4KPHBhdGggb3BhY2l0eT0iMC40IiBkPSJNNzQuNzE5OCA3NS42NTExQzc0LjYzMzMgNzUuNjUxMiA3NC41NDgyIDc1LjYyOTYgNzQuNDcyMiA3NS41ODgzQzc0LjQwMTYgNzUuNTQ2MSA3NC4zNDMyIDc1LjQ4NjIgNzQuMzAyNyA3NS40MTQ3Qzc0LjI2MjMgNzUuMzQzMSA3NC4yNDExIDc1LjI2MjIgNzQuMjQxMiA3NS4xOFY1Ny4zMzczQzc0LjI0MTIgNTcuMTcxIDc0LjMzMzYgNTcuMDE1OCA3NC40NzIyIDU2LjkyOUw5MC4yMzk3IDQ3Ljk4NTVDOTAuMzExOSA0Ny45NDM4IDkwLjM5MzggNDcuOTIxOSA5MC40NzcxIDQ3LjkyMTlDOTAuNTYwNSA0Ny45MjE5IDkwLjY0MjQgNDcuOTQzOCA5MC43MTQ2IDQ3Ljk4NTVDOTAuNzg3NiA0OC4wMjU1IDkwLjg0ODUgNDguMDg0MiA5MC44OTExIDQ4LjE1NTdDOTAuOTMzNyA0OC4yMjcyIDkwLjk1NjMgNDguMzA4OCA5MC45NTY2IDQ4LjM5MlY2Ni4yMzI4QzkwLjk1NyA2Ni4zMTY0IDkwLjkzNDcgNjYuMzk4NSA5MC44OTIxIDY2LjQ3MDRDOTAuODQ5NSA2Ni41NDI0IDkwLjc4ODEgNjYuNjAxNCA5MC43MTQ2IDY2LjY0MTFMNzQuOTUyNiA3NS41ODgzQzc0Ljg4MjUgNzUuNjMwNyA3NC44MDE4IDc1LjY1MjUgNzQuNzE5OCA3NS42NTExIiBmaWxsPSJ3aGl0ZSIvPgo8ZGVmcz4KPGxpbmVhckdyYWRpZW50IGlkPSJwYWludDBfbGluZWFyXzY4N18zNDU0IiB4MT0iMTYxIiB5MT0iMTgwIiB4Mj0iMy41OTI4NGUtMDciIHkyPSI0Ljk5OTk4IiBncmFkaWVudFVuaXRzPSJ1c2VyU3BhY2VPblVzZSI+CjxzdG9wLz4KPHN0b3Agb2Zmc2V0PSIxIiBzdG9wLWNvbG9yPSIjNTk1NjU2Ii8+CjwvbGluZWFyR3JhZGllbnQ+CjxjbGlwUGF0aCBpZD0iY2xpcDBfNjg3XzM0NTQiPgo8cmVjdCB3aWR0aD0iOTQiIGhlaWdodD0iOTQiIGZpbGw9IndoaXRlIiB0cmFuc2Zvcm09InRyYW5zbGF0ZSgyNSAyNSkiLz4KPC9jbGlwUGF0aD4KPC9kZWZzPgo8L3N2Zz4K keysOrder: [["apiVersion"], ["appVersion"], ["kind"], ["metadata"], ["metadata", "name"], ["spec", "external"], ["spec", "externalMethod"], ["spec", "externalPorts"], ["spec", "running"], ["spec", "instanceType"], ["spec", "instanceProfile"], ["spec", "systemDisk"], ["spec", "systemDisk", "image"], ["spec", "systemDisk", "storage"], ["spec", "systemDisk", "storageClass"], ["spec", "gpus"], ["spec", "resources"], ["spec", "sshKeys"], ["spec", "cloudInit"], ["spec", "cloudInitSeed"]] secrets: - exclude: - - matchLabels: - apps.cozystack.io/tenantresource: "false" - include: [{}] + exclude: [] + include: [] + services: + exclude: [] + include: + - resourceNames: + - virtual-machine-{{ .name }} diff --git a/packages/system/cozystack-api/templates/cozystack-resource-definitions/vm-disk.yaml b/packages/system/cozystack-resource-definitions/cozyrds/vm-disk.yaml similarity index 98% rename from packages/system/cozystack-api/templates/cozystack-resource-definitions/vm-disk.yaml rename to packages/system/cozystack-resource-definitions/cozyrds/vm-disk.yaml index 0f3d4754..66a2e940 100644 --- a/packages/system/cozystack-api/templates/cozystack-resource-definitions/vm-disk.yaml +++ b/packages/system/cozystack-resource-definitions/cozyrds/vm-disk.yaml @@ -30,7 +30,5 @@ spec: icon: PHN2ZyB3aWR0aD0iMTQ0IiBoZWlnaHQ9IjE0NCIgdmlld0JveD0iMCAwIDE0NCAxNDQiIGZpbGw9Im5vbmUiIHhtbG5zPSJodHRwOi8vd3d3LnczLm9yZy8yMDAwL3N2ZyI+CjxyZWN0IHdpZHRoPSIxNDQiIGhlaWdodD0iMTQ0IiByeD0iMjQiIGZpbGw9InVybCgjcGFpbnQwX2xpbmVhcl8zMzBfNDg5NjMpIi8+CjxnIGZpbHRlcj0idXJsKCNmaWx0ZXIwX2lfMzMwXzQ4OTYzKSI+CjxwYXRoIGQ9Ik03Mi4wMDAxIDI2LjYzNjdDNDYuODc3MiAyNi42MzY3IDI2LjUxMTIgNDcuMDAyNyAyNi41MTEyIDcyLjEyNTZDMjYuNTExMiA5Ny4yNDg0IDQ2Ljg3NzIgMTE3LjYxNCA3Mi4wMDAxIDExNy42MTRDOTcuMTIyOSAxMTcuNjE0IDExNy40ODkgOTcuMjQ4MiAxMTcuNDg5IDcyLjEyNTRDMTE3LjQ4OSA0Ny4wMDI1IDk3LjEyMjkgMjYuNjM2NyA3Mi4wMDAxIDI2LjYzNjdaTTcyLjAwMDEgODEuNjIxMkM2Ni43NTU3IDgxLjYyMTIgNjIuNTA0NCA3Ny4zNjk5IDYyLjUwNDQgNzIuMTI1NkM2Mi41MDQ0IDY2Ljg4MTIgNjYuNzU1NyA2Mi42Mjk5IDcyLjAwMDEgNjIuNjI5OUM3Ny4yNDQ0IDYyLjYyOTkgODEuNDk1NyA2Ni44ODEyIDgxLjQ5NTcgNzIuMTI1NkM4MS40OTU3IDc3LjM2OTkgNzcuMjQ0NCA4MS42MjEyIDcyLjAwMDEgODEuNjIxMloiIGZpbGw9IiNCQUQ5RkYiLz4KPC9nPgo8cGF0aCBkPSJNNTIuMDA3NSA2NS43MjA5TDMyLjI5NzYgNTkuMDQ5OEMzNi4yODQyIDQ3LjI3MTEgNDUuMzI4NSAzNy42MzE1IDU2LjQ5MSAzMy4yNjRMNjQuMDcyOCA1Mi42NDE5QzU4LjY0MiA1NC43NjY3IDU0LjAxOSA1OS43NzgzIDUyLjAwNzUgNjUuNzIwOVpNOTEuOTkyNiA3OC41M0wxMTEuNzAzIDg1LjIwMTFDMTA3LjcxNiA5Ni45Nzk5IDk4LjY3MTggMTA2LjYxOSA4Ny41MDkzIDExMC45ODdMNzkuOTI3NSA5MS42MDlDODUuMzU4MSA4OS40ODQyIDg5Ljk4MTMgODQuNDcyNiA5MS45OTI2IDc4LjUzWiIgZmlsbD0iI0VERjZGRiIvPgo8cGF0aCBkPSJNNTUuOTMyNCA1OC43MDI4QzU3LjY1MTQgNTYuNjE0IDU5LjcxOTQgNTQuODYzMiA2MS45ODk0IDUzLjYxODNDNjMuMTQ5IDUyLjk4MjQgNjQuMjYzMyA1My4xMjk2IDYzLjc4MTQgNTEuODk3OUw1Ny4yMDk1IDM1LjEwMDlDNTYuMjkwOSAzMi43NTI5IDU1LjI4MTQgMzMuNzI4NSA1My45MDYgMzQuMzg2OEM0OC45NzM0IDM2Ljc0NzYgNDQuNTM0OSA0MC4xNTkgNDAuODYwMSA0NC4zMTU0TDU1LjkzMjQgNTguNzAyOFpNODguMDY3NiA4NS41NDgxQzg1LjgzNTIgODguMjYwNSA4My4wMTQ4IDkwLjQwMjkgNzkuOTI2OSA5MS42MDhMODcuNTA4OSAxMTAuOTg2QzkzLjQ3ODUgMTA4LjY1NCA5OC44MzM2IDEwNC44MDYgMTAzLjE0IDk5LjkzNTVMODguMDY3NiA4NS41NDgxWiIgZmlsbD0iI0NERTNGRiIvPgo8cGF0aCBkPSJNNzIgODkuNDM4OEM2Mi40NTM0IDg5LjQzODggNTQuNjg2NSA4MS42NzIxIDU0LjY4NjUgNzIuMTI1NEM1NC42ODY1IDYyLjU3ODYgNjIuNDUzNCA1NC44MTE5IDcyIDU0LjgxMTlDODEuNTQ2OCA1NC44MTE5IDg5LjMxMzQgNjIuNTc4OCA4OS4zMTM0IDcyLjEyNTRDODkuMzEzNCA4MS42NzIgODEuNTQ2OCA4OS40Mzg4IDcyIDg5LjQzODhaTTcyIDU5LjExMDVDNjQuODIzNCA1OS4xMTA1IDU4Ljk4NDkgNjQuOTQ5IDU4Ljk4NDkgNzIuMTI1NkM1OC45ODQ5IDc5LjMwMjIgNjQuODIzNCA4NS4xNDA2IDcyIDg1LjE0MDZDNzkuMTc2NiA4NS4xNDA2IDg1LjAxNSA3OS4zMDIyIDg1LjAxNSA3Mi4xMjU2Qzg1LjAxNSA2NC45NDkgNzkuMTc2NiA1OS4xMTA1IDcyIDU5LjExMDVaIiBmaWxsPSIjMDBCNEZGIi8+CjxkZWZzPgo8ZmlsdGVyIGlkPSJmaWx0ZXIwX2lfMzMwXzQ4OTYzIiB4PSIyNi41MTEyIiB5PSIyNi42MzY3IiB3aWR0aD0iOTIuOTc3OCIgaGVpZ2h0PSI5Mi45Nzc1IiBmaWx0ZXJVbml0cz0idXNlclNwYWNlT25Vc2UiIGNvbG9yLWludGVycG9sYXRpb24tZmlsdGVycz0ic1JHQiI+CjxmZUZsb29kIGZsb29kLW9wYWNpdHk9IjAiIHJlc3VsdD0iQmFja2dyb3VuZEltYWdlRml4Ii8+CjxmZUJsZW5kIG1vZGU9Im5vcm1hbCIgaW49IlNvdXJjZUdyYXBoaWMiIGluMj0iQmFja2dyb3VuZEltYWdlRml4IiByZXN1bHQ9InNoYXBlIi8+CjxmZUNvbG9yTWF0cml4IGluPSJTb3VyY2VBbHBoYSIgdHlwZT0ibWF0cml4IiB2YWx1ZXM9IjAgMCAwIDAgMCAwIDAgMCAwIDAgMCAwIDAgMCAwIDAgMCAwIDEyNyAwIiByZXN1bHQ9ImhhcmRBbHBoYSIvPgo8ZmVPZmZzZXQgZHg9IjIiIGR5PSIyIi8+CjxmZUdhdXNzaWFuQmx1ciBzdGREZXZpYXRpb249IjIuNSIvPgo8ZmVDb21wb3NpdGUgaW4yPSJoYXJkQWxwaGEiIG9wZXJhdG9yPSJhcml0aG1ldGljIiBrMj0iLTEiIGszPSIxIi8+CjxmZUNvbG9yTWF0cml4IHR5cGU9Im1hdHJpeCIgdmFsdWVzPSIwIDAgMCAwIDEgMCAwIDAgMCAxIDAgMCAwIDAgMSAwIDAgMCAwLjIxIDAiLz4KPGZlQmxlbmQgbW9kZT0ibm9ybWFsIiBpbjI9InNoYXBlIiByZXN1bHQ9ImVmZmVjdDFfaW5uZXJTaGFkb3dfMzMwXzQ4OTYzIi8+CjwvZmlsdGVyPgo8bGluZWFyR3JhZGllbnQgaWQ9InBhaW50MF9saW5lYXJfMzMwXzQ4OTYzIiB4MT0iLTE1LjUiIHkxPSItMTIiIHgyPSIyMTYuNSIgeTI9IjE4NS41IiBncmFkaWVudFVuaXRzPSJ1c2VyU3BhY2VPblVzZSI+CjxzdG9wIHN0b3AtY29sb3I9IiM2NUNDRkYiLz4KPHN0b3Agb2Zmc2V0PSIxIiBzdG9wLWNvbG9yPSIjMDQ0Mzc0Ii8+CjwvbGluZWFyR3JhZGllbnQ+CjwvZGVmcz4KPC9zdmc+Cg== keysOrder: [["apiVersion"], ["appVersion"], ["kind"], ["metadata"], ["metadata", "name"], ["spec", "source"], ["spec", "optical"], ["spec", "storage"], ["spec", "storageClass"]] secrets: - exclude: - - matchLabels: - apps.cozystack.io/tenantresource: "false" - include: [{}] + exclude: [] + include: [] diff --git a/packages/system/cozystack-api/templates/cozystack-resource-definitions/vm-instance.yaml b/packages/system/cozystack-resource-definitions/cozyrds/vm-instance.yaml similarity index 98% rename from packages/system/cozystack-api/templates/cozystack-resource-definitions/vm-instance.yaml rename to packages/system/cozystack-resource-definitions/cozyrds/vm-instance.yaml index 1c019265..7d5ec69a 100644 --- a/packages/system/cozystack-api/templates/cozystack-resource-definitions/vm-instance.yaml +++ b/packages/system/cozystack-resource-definitions/cozyrds/vm-instance.yaml @@ -30,7 +30,10 @@ spec: icon: PHN2ZyB3aWR0aD0iMTQ0IiBoZWlnaHQ9IjE0NCIgdmlld0JveD0iMCAwIDE0NCAxNDQiIGZpbGw9Im5vbmUiIHhtbG5zPSJodHRwOi8vd3d3LnczLm9yZy8yMDAwL3N2ZyI+CjxyZWN0IHdpZHRoPSIxNDQiIGhlaWdodD0iMTQ0IiByeD0iMjQiIGZpbGw9InVybCgjcGFpbnQwX2xpbmVhcl82ODdfMzQ1NCkiLz4KPGcgY2xpcC1wYXRoPSJ1cmwoI2NsaXAwXzY4N18zNDU0KSI+CjxwYXRoIGQ9Ik04OS41MDM5IDExMS43MDdINTQuNDk3QzU0LjE3MjcgMTExLjcwNyA1NC4wMTA4IDExMS4yMjEgNTQuMzM0OSAxMTEuMDU5TDU3LjI1MjIgMTA4Ljk1MkM2MC4zMzE0IDEwNi42ODMgNjEuOTUyMiAxMDIuNjMxIDYwLjk3OTcgOTguNzQxMkg4My4wMjFDODIuMDQ4NSAxMDIuNjMxIDgzLjY2OTMgMTA2LjY4MyA4Ni43NDg1IDEwOC45NTJMODkuNjY1OCAxMTEuMDU5Qzg5Ljk5IDExMS4yMjEgODkuODI3OSAxMTEuNzA3IDg5LjUwMzkgMTExLjcwN1oiIGZpbGw9IiNCMEI2QkIiLz4KPHBhdGggZD0iTTExMy4zMjggOTguNzQxSDMwLjY3MjVDMjcuNTkzMSA5OC43NDEgMjUgOTYuMTQ4IDI1IDkzLjA2ODdWMzMuMTAzMkMyNSAzMC4wMjM5IDI3LjU5MzEgMjcuNDMwNyAzMC42NzI1IDI3LjQzMDdIMTEzLjMyOEMxMTYuNDA3IDI3LjQzMDcgMTE5IDMwLjAyMzcgMTE5IDMzLjEwMzJWOTMuMDY4N0MxMTkgOTYuMTQ4IDExNi40MDcgOTguNzQxIDExMy4zMjggOTguNzQxWiIgZmlsbD0iI0U4RURFRSIvPgo8cGF0aCBkPSJNMTE5IDg0LjE1NDlIMjVWMzMuMTAzMkMyNSAzMC4wMjM5IDI3LjU5MzEgMjcuNDMwNyAzMC42NzI1IDI3LjQzMDdIMTEzLjMyOEMxMTYuNDA3IDI3LjQzMDcgMTE5IDMwLjAyMzcgMTE5IDMzLjEwMzJMMTE5IDg0LjE1NDlaIiBmaWxsPSIjMDBCM0ZGIi8+CjxwYXRoIGQ9Ik05MC42Mzc0IDExNi41NjlINTMuMzYxNkM1Mi4wNjUxIDExNi41NjkgNTAuOTMwNyAxMTUuNDM1IDUwLjkzMDcgMTE0LjEzOEM1MC45MzA3IDExMi44NDEgNTIuMDY1MSAxMTEuNzA3IDUzLjM2MTYgMTExLjcwN0g5MC42Mzc0QzkxLjkzMzkgMTExLjcwNyA5My4wNjg0IDExMi44NDEgOTMuMDY4NCAxMTQuMTM4QzkzLjA2ODQgMTE1LjQzNSA5MS45MzM5IDExNi41NjkgOTAuNjM3NCAxMTYuNTY5WiIgZmlsbD0iI0U4RURFRSIvPgo8L2c+CjxwYXRoIGQ9Ik03Mi41Mjc1IDUzLjgzNjdDNzIuNDQzMSA1My44MzUxIDcyLjM2MDUgNTMuODEyMiA3Mi4yODczIDUzLjc3MDFMNTYuNDY5OSA0NC43OTM0QzU2LjM5ODMgNDQuNzUxOSA1Ni4zMzg4IDQ0LjY5MjMgNTYuMjk3MyA0NC42MjA3QzU2LjI1NTkgNDQuNTQ5IDU2LjIzMzggNDQuNDY3OCA1Ni4yMzM0IDQ0LjM4NUM1Ni4yMzM0IDQ0LjIxNjkgNTYuMzI1OCA0NC4wNjE3IDU2LjQ2OTkgNDMuOTc4NUw3Mi4xOTEyIDM1LjA2MDlDNzIuMjYzNyAzNS4wMjEgNzIuMzQ1IDM1IDcyLjQyNzcgMzVDNzIuNTEwNSAzNSA3Mi41OTE4IDM1LjAyMSA3Mi42NjQzIDM1LjA2MDlMODguNDg3MiA0NC4wMzk1Qzg4LjU1OTEgNDQuMDgwMSA4OC42MTg4IDQ0LjEzOTIgODguNjYgNDQuMjEwN0M4OC43MDEzIDQ0LjI4MjIgODguNzIyNyA0NC4zNjM1IDg4LjcyMTkgNDQuNDQ2Qzg4LjcyMjUgNDQuNTI4NSA4OC43MDEgNDQuNjA5NyA4OC42NTk4IDQ0LjY4MTJDODguNjE4NSA0NC43NTI2IDg4LjU1ODkgNDQuODExOCA4OC40ODcyIDQ0Ljg1MjVMNzIuNzcxNCA1My43NjgzQzcyLjY5NzIgNTMuODExNCA3Mi42MTMzIDUzLjgzNDkgNzIuNTI3NSA1My44MzY3IiBmaWxsPSJ3aGl0ZSIvPgo8cGF0aCBvcGFjaXR5PSIwLjciIGQ9Ik03MC4yNTUzIDc1LjY1MTdDNzAuMTcxIDc1LjY1MzUgNzAuMDg3OCA3NS42MzE3IDcwLjAxNTEgNzUuNTg4OEw1NC4yNDU4IDY2LjY0MTdDNTQuMTcxNSA2Ni42MDI0IDU0LjEwOTUgNjYuNTQzNiA1NC4wNjYxIDY2LjQ3MTZDNTQuMDIyOCA2Ni4zOTk3IDU0IDY2LjMxNzMgNTQgNjYuMjMzM1Y0OC4yNzhDNTQgNDguMTA4IDU0LjA5MjQgNDcuOTU0NiA1NC4yNDM5IDQ3Ljg2OTZDNTQuMzE3MiA0Ny44MjcxIDU0LjQwMDQgNDcuODA0NyA1NC40ODUxIDQ3LjgwNDdDNTQuNTY5NyA0Ny44MDQ3IDU0LjY1MjkgNDcuODI3MSA1NC43MjYyIDQ3Ljg2OTZMNzAuNDkzNyA1Ni44MTMxQzcwLjU2NDIgNTYuODU2NSA3MC42MjI1IDU2LjkxNyA3MC42NjMyIDU2Ljk4OTFDNzAuNzAzOSA1Ny4wNjEyIDcwLjcyNTcgNTcuMTQyNCA3MC43MjY1IDU3LjIyNTFWNzUuMTgwNUM3MC43MjU5IDc1LjI2MjggNzAuNzA0MiA3NS4zNDM2IDcwLjY2MzUgNzUuNDE1MUM3MC42MjI3IDc1LjQ4NjYgNzAuNTY0MiA3NS41NDY0IDcwLjQ5MzcgNzUuNTg4OEM3MC40MjA2IDc1LjYyOTEgNzAuMzM4NyA3NS42NTA3IDcwLjI1NTMgNzUuNjUxNyIgZmlsbD0id2hpdGUiLz4KPHBhdGggb3BhY2l0eT0iMC40IiBkPSJNNzQuNzE5OCA3NS42NTExQzc0LjYzMzMgNzUuNjUxMiA3NC41NDgyIDc1LjYyOTYgNzQuNDcyMiA3NS41ODgzQzc0LjQwMTYgNzUuNTQ2MSA3NC4zNDMyIDc1LjQ4NjIgNzQuMzAyNyA3NS40MTQ3Qzc0LjI2MjMgNzUuMzQzMSA3NC4yNDExIDc1LjI2MjIgNzQuMjQxMiA3NS4xOFY1Ny4zMzczQzc0LjI0MTIgNTcuMTcxIDc0LjMzMzYgNTcuMDE1OCA3NC40NzIyIDU2LjkyOUw5MC4yMzk3IDQ3Ljk4NTVDOTAuMzExOSA0Ny45NDM4IDkwLjM5MzggNDcuOTIxOSA5MC40NzcxIDQ3LjkyMTlDOTAuNTYwNSA0Ny45MjE5IDkwLjY0MjQgNDcuOTQzOCA5MC43MTQ2IDQ3Ljk4NTVDOTAuNzg3NiA0OC4wMjU1IDkwLjg0ODUgNDguMDg0MiA5MC44OTExIDQ4LjE1NTdDOTAuOTMzNyA0OC4yMjcyIDkwLjk1NjMgNDguMzA4OCA5MC45NTY2IDQ4LjM5MlY2Ni4yMzI4QzkwLjk1NyA2Ni4zMTY0IDkwLjkzNDcgNjYuMzk4NSA5MC44OTIxIDY2LjQ3MDRDOTAuODQ5NSA2Ni41NDI0IDkwLjc4ODEgNjYuNjAxNCA5MC43MTQ2IDY2LjY0MTFMNzQuOTUyNiA3NS41ODgzQzc0Ljg4MjUgNzUuNjMwNyA3NC44MDE4IDc1LjY1MjUgNzQuNzE5OCA3NS42NTExIiBmaWxsPSJ3aGl0ZSIvPgo8ZGVmcz4KPGxpbmVhckdyYWRpZW50IGlkPSJwYWludDBfbGluZWFyXzY4N18zNDU0IiB4MT0iMTYxIiB5MT0iMTgwIiB4Mj0iMy41OTI4NGUtMDciIHkyPSI0Ljk5OTk4IiBncmFkaWVudFVuaXRzPSJ1c2VyU3BhY2VPblVzZSI+CjxzdG9wLz4KPHN0b3Agb2Zmc2V0PSIxIiBzdG9wLWNvbG9yPSIjNTk1NjU2Ii8+CjwvbGluZWFyR3JhZGllbnQ+CjxjbGlwUGF0aCBpZD0iY2xpcDBfNjg3XzM0NTQiPgo8cmVjdCB3aWR0aD0iOTQiIGhlaWdodD0iOTQiIGZpbGw9IndoaXRlIiB0cmFuc2Zvcm09InRyYW5zbGF0ZSgyNSAyNSkiLz4KPC9jbGlwUGF0aD4KPC9kZWZzPgo8L3N2Zz4K keysOrder: [["apiVersion"], ["appVersion"], ["kind"], ["metadata"], ["metadata", "name"], ["spec", "external"], ["spec", "externalMethod"], ["spec", "externalPorts"], ["spec", "running"], ["spec", "instanceType"], ["spec", "instanceProfile"], ["spec", "disks"], ["spec", "gpus"], ["spec", "resources"], ["spec", "sshKeys"], ["spec", "cloudInit"], ["spec", "cloudInitSeed"]] secrets: - exclude: + exclude: [] + include: [] + services: + exclude: [] + include: - matchLabels: - apps.cozystack.io/tenantresource: "false" - include: [{}] + apps.cozystack.io/user-service: "true" diff --git a/packages/system/cozystack-api/templates/cozystack-resource-definitions/vpn.yaml b/packages/system/cozystack-resource-definitions/cozyrds/vpn.yaml similarity index 96% rename from packages/system/cozystack-api/templates/cozystack-resource-definitions/vpn.yaml rename to packages/system/cozystack-resource-definitions/cozyrds/vpn.yaml index ce4ccc01..2d067fd1 100644 --- a/packages/system/cozystack-api/templates/cozystack-resource-definitions/vpn.yaml +++ b/packages/system/cozystack-resource-definitions/cozyrds/vpn.yaml @@ -29,7 +29,12 @@ spec: icon: PHN2ZyB3aWR0aD0iMTQ0IiBoZWlnaHQ9IjE0NCIgdmlld0JveD0iMCAwIDE0NCAxNDQiIGZpbGw9Im5vbmUiIHhtbG5zPSJodHRwOi8vd3d3LnczLm9yZy8yMDAwL3N2ZyI+CjxwYXRoIGQ9Ik0xNDMuOTkyIDMwLjM2OTdDMTQzLjk5MiAyOS4yNTU2IDE0My45OTIgMjguMTUxNyAxNDMuOTkyIDI3LjA0NzdDMTQzLjk0NSAyNC42Mjg3IDE0My43MTcgMjIuMjE2NiAxNDMuMzA5IDE5LjgzMTZDMTQyLjkxMiAxNy40NDczIDE0Mi4xNTcgMTUuMTM2NSAxNDEuMDcyIDEyLjk3NjlDMTM5Ljk3IDEwLjgxOCAxMzguNTM0IDguODQ2NjUgMTM2LjgxNyA3LjEzNTc3TDEzMC45OTcgMi44OTA0NEMxMjguODM3IDEuODAyODkgMTI2LjUyNyAxLjA0MTg5IDEyNC4xNDQgMC42MzIyODNDMTIxLjc1NiAwLjIzNDgwOCAxMTkuMzQgMC4wMjM0MTEzIDExNi45MTkgMEMxMTUuODE1IDAgMjguMTQ2MSAwIDI3LjAzMjMgMEMyNC42MDQ3IDAuMDI0MjIxMSAyMi4xODI2IDAuMjM1NjA5IDE5Ljc4NzYgMC42MzIyODNDMTcuNDEyOCAxLjAzODUxIDE1LjExMjYgMS43OTk3NCAxMi45NjQzIDIuODkwNDRDMTAuODEzIDMuOTk1MTkgOC44NDYyNSA1LjQyNzM2IDcuMTM0MzYgNy4xMzU3N0M1LjQxNzY4IDguODQ0NCAzLjk4NDggMTAuODE2MyAyLjg4OTg3IDEyLjk3NjlDMS44MDA4NiAxNS4xMzYgMS4wNDMxMyAxNy40NDY4IDAuNjQyMTkzIDE5LjgzMTZDMC4yNDM0OTcgMjIuMjE2OSAwLjAyODc5OTggMjQuNjI5NCAwIDI3LjA0NzdDMCAyOC4xNTE3IDAgMTE1LjgzOCAwIDExNi45NTJDMC4wMjYxNzU1IDExOS4zODQgMC4yNDA4ODQgMTIxLjgxIDAuNjQyMTkzIDEyNC4yMDlDMS4wNDA0NCAxMjYuNTk0IDEuNzk4MjkgMTI4LjkwNSAyLjg4OTg3IDEzMS4wNjNDMy45ODUxNSAxMzMuMjE4IDUuNDE4MSAxMzUuMTgzIDcuMTM0MzYgMTM2Ljg4NEM4Ljg0MDk1IDEzOC41OTkgMTAuODA4NyAxNDAuMDMyIDEyLjk2NDMgMTQxLjEzQzE1LjExNDcgMTQyLjIwOSAxNy40MTQ2IDE0Mi45NiAxOS43ODc2IDE0My4zNThDMjIuMTczMSAxNDMuNzUxIDI0LjU4NDcgMTQzLjk2NiAyNy4wMDIyIDE0NEMyOC4xMTYgMTQ0IDExNS43ODUgMTQ0IDExNi44ODkgMTQ0QzExOS4zMDMgMTQzLjk2NyAxMjEuNzEyIDE0My43NTIgMTI0LjA5NCAxNDMuMzU4QzEyNi40ODUgMTQyLjk0NiAxMjguODAxIDE0Mi4xODIgMTMwLjk2NyAxNDEuMDg5QzEzMy4xMjEgMTM5Ljk5NCAxMzUuMDg2IDEzOC41NjEgMTM2Ljc4NyAxMzYuODQ0QzEzOC41MDMgMTM1LjE0IDEzOS45MzkgMTMzLjE3NiAxNDEuMDQyIDEzMS4wMjNDMTQyLjEzNyAxMjguODc5IDE0Mi45MDEgMTI2LjU4MSAxNDMuMzA5IDEyNC4yMDlDMTQzLjcxIDEyMS44MjMgMTQzLjkzMiAxMTkuNDExIDE0My45NzIgMTE2Ljk5MkMxNDMuOTkyIDExNS44MzggMTQ0LjAxMiAzMS42NzQ0IDE0My45OTIgMzAuMzY5N1oiIGZpbGw9InVybCgjcGFpbnQwX2xpbmVhcl82ODFfMjgxOCkiLz4KPHBhdGggZD0iTTExNS45NTUgNjcuNDIzMUMxMTQuOTQxIDU3LjgyMzQgMTEwLjcwMSA0OC44NTE4IDEwMy45MjggNDEuOTc1MkM5Ny4xNTQ5IDM1LjA5ODYgODguMjQ5NSAzMC43MjM5IDc4LjY2OCAyOS41NjY0VjQ2Ljc3ODZDODQuNDg4NyA0Ny45MTI3IDg5LjczMzggNTEuMDM2MiA5My41MDQ5IDU1LjYxMzdDOTcuMjc2IDYwLjE5MTIgOTkuMzM4MSA2NS45Mzc5IDk5LjMzODEgNzEuODY5MkM5OS4zMzgxIDc3LjgwMDQgOTcuMjc2IDgzLjU0NzEgOTMuNTA0OSA4OC4xMjQ2Qzg5LjczMzggOTIuNzAyMiA4NC40ODg3IDk1LjgyNTYgNzguNjY4IDk2Ljk1OThWMTE0LjIyMkM4OS43ODAxIDExMi44NzcgOTkuOTE3OCAxMDcuMjE1IDEwNi44OTQgOTguNDYwMUMxMTMuODY5IDg5LjcwNDggMTE3LjEyNCA3OC41NTczIDExNS45NTUgNjcuNDIzMVoiIGZpbGw9IndoaXRlIi8+CjxwYXRoIGQ9Ik0yOC4wMTU1IDc2LjM2NTRDMjkuMDMxMSA4NS45NjQ0IDMzLjI3MTggOTQuOTM1MSA0MC4wNDQ3IDEwMS44MTFDNDYuODE3NSAxMDguNjg4IDU1LjcyMiAxMTMuMDYzIDY1LjMwMjggMTE0LjIyMlYyOS41NjY0QzU0LjE5MDcgMzAuOTExOSA0NC4wNTMgMzYuNTczMSAzNy4wNzcyIDQ1LjMyODRDMzAuMTAxMyA1NC4wODM3IDI2Ljg0NjcgNjUuMjMxMiAyOC4wMTU1IDc2LjM2NTRaIiBmaWxsPSIjNUJCMTkzIi8+CjxkZWZzPgo8bGluZWFyR3JhZGllbnQgaWQ9InBhaW50MF9saW5lYXJfNjgxXzI4MTgiIHgxPSIxMzIuNSIgeTE9IjEzMi41IiB4Mj0iLTI0IiB5Mj0iLTE5IiBncmFkaWVudFVuaXRzPSJ1c2VyU3BhY2VPblVzZSI+CjxzdG9wIHN0b3AtY29sb3I9IiMxODM3MjkiLz4KPHN0b3Agb2Zmc2V0PSIxIiBzdG9wLWNvbG9yPSIjNDU5RDc1Ii8+CjwvbGluZWFyR3JhZGllbnQ+CjwvZGVmcz4KPC9zdmc+Cg== keysOrder: [["apiVersion"], ["appVersion"], ["kind"], ["metadata"], ["metadata", "name"], ["spec", "replicas"], ["spec", "resources"], ["spec", "resourcesPreset"], ["spec", "external"], ["spec", "host"], ["spec", "users"], ["spec", "externalIPs"]] secrets: - exclude: - - matchLabels: - apps.cozystack.io/tenantresource: "false" - include: [{}] + exclude: [] + include: + - resourceNames: + - vpn-{{ .name }}-urls + services: + exclude: [] + include: + - resourceNames: + - vpn-{{ .name }}-vpn diff --git a/packages/system/cozystack-resource-definitions/templates/cozyrds.yaml b/packages/system/cozystack-resource-definitions/templates/cozyrds.yaml new file mode 100644 index 00000000..e079ddcf --- /dev/null +++ b/packages/system/cozystack-resource-definitions/templates/cozyrds.yaml @@ -0,0 +1,4 @@ +{{- range $path, $_ := .Files.Glob "cozyrds/*" }} +--- +{{ $.Files.Get $path }} +{{- end }} diff --git a/packages/system/cozystack-resource-definitions/values.yaml b/packages/system/cozystack-resource-definitions/values.yaml new file mode 100644 index 00000000..0967ef42 --- /dev/null +++ b/packages/system/cozystack-resource-definitions/values.yaml @@ -0,0 +1 @@ +{} diff --git a/packages/system/dashboard/images/openapi-ui/Dockerfile b/packages/system/dashboard/images/openapi-ui/Dockerfile index d9d38533..ea10ac8a 100644 --- a/packages/system/dashboard/images/openapi-ui/Dockerfile +++ b/packages/system/dashboard/images/openapi-ui/Dockerfile @@ -4,7 +4,7 @@ ARG NODE_VERSION=20.18.1 # imported from https://github.com/cozystack/openapi-k8s-toolkit FROM node:${NODE_VERSION}-alpine AS openapi-k8s-toolkit-builder WORKDIR /src -ARG COMMIT=393fd84a3b9283e93c047b744b53f1ae65465df8 +ARG COMMIT=4f57ab295b2a886eb294b0b987554194fbe67dcd RUN wget -O- https://github.com/cozystack/openapi-k8s-toolkit/archive/${COMMIT}.tar.gz | tar -xzvf- --strip-components=1 RUN npm install RUN npm install --build-from-source @swc/core diff --git a/packages/system/dashboard/templates/configmap.yaml b/packages/system/dashboard/templates/configmap.yaml index 09e292b0..5c541dff 100644 --- a/packages/system/dashboard/templates/configmap.yaml +++ b/packages/system/dashboard/templates/configmap.yaml @@ -1,6 +1,6 @@ {{- $brandingConfig:= lookup "v1" "ConfigMap" "cozy-system" "cozystack-branding" }} -{{- $tenantText := "v0.37.0-alpha.2" }} +{{- $tenantText := "v0.37.0" }} {{- $footerText := "Cozystack" }} {{- $titleText := "Cozystack Dashboard" }} {{- $logoText := "false" }} diff --git a/packages/system/dashboard/templates/gatekeeper.yaml b/packages/system/dashboard/templates/gatekeeper.yaml index 0bf20b02..b4503f4f 100644 --- a/packages/system/dashboard/templates/gatekeeper.yaml +++ b/packages/system/dashboard/templates/gatekeeper.yaml @@ -55,6 +55,8 @@ spec: - --http-address=0.0.0.0:8000 - --redirect-url=https://dashboard.{{ $host }}/oauth2/callback - --oidc-issuer-url=https://keycloak.{{ $host }}/realms/cozy + - --backend-logout-url=https://keycloak.{{ $host }}/realms/cozy/protocol/openid-connect/logout?id_token_hint={id_token} + - --whitelist-domain=keycloak.{{ $host }} - --email-domain=* - --pass-access-token=true - --pass-authorization-header=true diff --git a/packages/system/dashboard/templates/keycloakclient.yaml b/packages/system/dashboard/templates/keycloakclient.yaml index 2779b2d8..55ebc5d5 100644 --- a/packages/system/dashboard/templates/keycloakclient.yaml +++ b/packages/system/dashboard/templates/keycloakclient.yaml @@ -45,6 +45,8 @@ data: --- +{{- if .Capabilities.APIVersions.Has "v1.edp.epam.com/v1" }} +--- apiVersion: v1.edp.epam.com/v1 kind: KeycloakClient metadata: @@ -71,3 +73,4 @@ spec: {{- range $i, $v := $extraRedirectUris }} - "{{ $v }}" {{- end }} +{{- end }} diff --git a/packages/system/dashboard/values.yaml b/packages/system/dashboard/values.yaml index 97cdc798..4cb8571b 100644 --- a/packages/system/dashboard/values.yaml +++ b/packages/system/dashboard/values.yaml @@ -1,6 +1,6 @@ openapiUI: - image: ghcr.io/cozystack/cozystack/openapi-ui:v0.37.0-alpha.2@sha256:13b168f3f1601b068b37614837fce36c96505dc683e1080f56ae46dd027d48df + image: ghcr.io/cozystack/cozystack/openapi-ui:v0.37.0@sha256:13f38cf56830e899eb5e3d9dc8184965dd8dba9f8cd3c5ca10df0970355842d6 openapiUIK8sBff: - image: ghcr.io/cozystack/cozystack/openapi-ui-k8s-bff:v0.37.0-alpha.2@sha256:0a08136a9f9feb8d143b53bc597639aecd53fe5383e76fb4d44d7f9ad59c8ff4 + image: ghcr.io/cozystack/cozystack/openapi-ui-k8s-bff:v0.37.0@sha256:2b626dbbf87241e8621ac5b0285f402edbc2c2069ba254ca2ace2dd5c9248ac8 tokenProxy: - image: ghcr.io/cozystack/cozystack/token-proxy:v0.37.0-alpha.2@sha256:fad27112617bb17816702571e1f39d0ac3fe5283468d25eb12f79906cdab566b + image: ghcr.io/cozystack/cozystack/token-proxy:v0.37.0@sha256:fad27112617bb17816702571e1f39d0ac3fe5283468d25eb12f79906cdab566b diff --git a/packages/system/foundationdb-operator/.helmignore b/packages/system/foundationdb-operator/.helmignore new file mode 100644 index 00000000..33ceb8f0 --- /dev/null +++ b/packages/system/foundationdb-operator/.helmignore @@ -0,0 +1 @@ +Makefile \ No newline at end of file diff --git a/packages/system/foundationdb-operator/Chart.yaml b/packages/system/foundationdb-operator/Chart.yaml new file mode 100644 index 00000000..7685387c --- /dev/null +++ b/packages/system/foundationdb-operator/Chart.yaml @@ -0,0 +1,3 @@ +apiVersion: v2 +name: cozy-foundationdb-operator +version: 0.0.0 # Placeholder, the actual version will be automatically set during the build process \ No newline at end of file diff --git a/packages/system/foundationdb-operator/Makefile b/packages/system/foundationdb-operator/Makefile new file mode 100644 index 00000000..f735e7c5 --- /dev/null +++ b/packages/system/foundationdb-operator/Makefile @@ -0,0 +1,19 @@ +export NAME=foundationdb-operator +export NAMESPACE=cozy-$(NAME) + +include ../../../scripts/package.mk + +update: + rm -rf charts + git clone --depth 1 --branch v2.13.0 https://github.com/FoundationDB/fdb-kubernetes-operator.git tmp-repo + mkdir -p charts + cp -r tmp-repo/charts/fdb-operator charts/ + # Remove symlinked CRDs and replace with actual files + rm -f charts/fdb-operator/crds/apps.foundationdb.org_foundationdbbackups.yaml + rm -f charts/fdb-operator/crds/apps.foundationdb.org_foundationdbclusters.yaml + rm -f charts/fdb-operator/crds/apps.foundationdb.org_foundationdbrestores.yaml + cp tmp-repo/config/crd/bases/apps.foundationdb.org_foundationdbbackups.yaml charts/fdb-operator/crds/ + cp tmp-repo/config/crd/bases/apps.foundationdb.org_foundationdbclusters.yaml charts/fdb-operator/crds/ + cp tmp-repo/config/crd/bases/apps.foundationdb.org_foundationdbrestores.yaml charts/fdb-operator/crds/ + rm -rf tmp-repo + rm -rf charts/fdb-operator/charts \ No newline at end of file diff --git a/packages/system/foundationdb-operator/charts/fdb-operator/Chart.yaml b/packages/system/foundationdb-operator/charts/fdb-operator/Chart.yaml new file mode 100644 index 00000000..e9824f59 --- /dev/null +++ b/packages/system/foundationdb-operator/charts/fdb-operator/Chart.yaml @@ -0,0 +1,23 @@ +apiVersion: v2 +name: fdb-operator +description: A Helm chart for foundationDB operator +home: https://www.foundationdb.org/ +sources: + - https://github.com/FoundationDB/fdb-kubernetes-operator/tree/main/charts/fdb-operator +# A chart can be either an 'application' or a 'library' chart. +# +# Application charts are a collection of templates that can be packaged into versioned archives +# to be deployed. +# +# Library charts provide useful utilities or functions for the chart developer. They're included as +# a dependency of application charts to inject those utilities and functions into the rendering +# pipeline. Library charts do not define any templates and therefore cannot be deployed. +type: application +# This is the chart version. This version number should be incremented each time you make changes +# to the chart and its templates, including the app version. +version: 0.2.0 +# This is the version number of the application being deployed. This version number should be +# incremented each time you make changes to the application. +appVersion: v2.13.0 +maintainers: + - name: "foundationdb-ci" diff --git a/packages/system/foundationdb-operator/charts/fdb-operator/crds/apps.foundationdb.org_foundationdbbackups.yaml b/packages/system/foundationdb-operator/charts/fdb-operator/crds/apps.foundationdb.org_foundationdbbackups.yaml new file mode 100644 index 00000000..ee1f50d6 --- /dev/null +++ b/packages/system/foundationdb-operator/charts/fdb-operator/crds/apps.foundationdb.org_foundationdbbackups.yaml @@ -0,0 +1,3899 @@ +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + controller-gen.kubebuilder.io/version: v0.18.0 + foundationdb.org/release: v2.13.0 + name: foundationdbbackups.apps.foundationdb.org +spec: + group: apps.foundationdb.org + names: + kind: FoundationDBBackup + listKind: FoundationDBBackupList + plural: foundationdbbackups + shortNames: + - fdbbackup + singular: foundationdbbackup + scope: Namespaced + versions: + - additionalPrinterColumns: + - description: Latest generation of the spec + jsonPath: .metadata.generation + name: Generation + type: integer + - description: Last reconciled generation of the spec + jsonPath: .status.generations.reconciled + name: Reconciled + type: integer + - jsonPath: .metadata.creationTimestamp + name: Age + type: date + name: v1beta2 + schema: + openAPIV3Schema: + properties: + apiVersion: + type: string + kind: + type: string + metadata: + type: object + spec: + properties: + agentCount: + type: integer + allowTagOverride: + default: false + type: boolean + backupDeploymentMetadata: + properties: + annotations: + additionalProperties: + type: string + type: object + finalizers: + items: + type: string + type: array + labels: + additionalProperties: + type: string + type: object + name: + type: string + namespace: + type: string + type: object + backupState: + enum: + - Running + - Stopped + - Paused + type: string + backupType: + default: backup_agent + enum: + - backup_agent + - partitioned_log + maxLength: 64 + type: string + blobStoreConfiguration: + properties: + accountName: + maxLength: 100 + type: string + backupName: + maxLength: 1024 + type: string + bucket: + maxLength: 63 + minLength: 3 + type: string + urlParameters: + items: + maxLength: 1024 + type: string + maxItems: 100 + type: array + required: + - accountName + type: object + clusterName: + type: string + customParameters: + items: + maxLength: 100 + type: string + maxItems: 100 + type: array + encryptionKeyPath: + maxLength: 4096 + type: string + imageType: + default: split + enum: + - split + - unified + maxLength: 1024 + type: string + mainContainer: + properties: + enableLivenessProbe: + type: boolean + enableReadinessProbe: + type: boolean + enableTls: + type: boolean + imageConfigs: + items: + properties: + baseImage: + maxLength: 200 + type: string + tag: + maxLength: 100 + type: string + tagSuffix: + maxLength: 50 + type: string + version: + maxLength: 20 + type: string + type: object + maxItems: 100 + type: array + peerVerificationRules: + maxLength: 10000 + type: string + type: object + podTemplateSpec: + properties: + metadata: + properties: + annotations: + additionalProperties: + type: string + type: object + finalizers: + items: + type: string + type: array + labels: + additionalProperties: + type: string + type: object + name: + type: string + namespace: + type: string + type: object + spec: + properties: + activeDeadlineSeconds: + format: int64 + type: integer + affinity: + properties: + nodeAffinity: + properties: + preferredDuringSchedulingIgnoredDuringExecution: + items: + properties: + preference: + properties: + matchExpressions: + items: + properties: + key: + type: string + operator: + type: string + values: + items: + type: string + type: array + x-kubernetes-list-type: atomic + required: + - key + - operator + type: object + type: array + x-kubernetes-list-type: atomic + matchFields: + items: + properties: + key: + type: string + operator: + type: string + values: + items: + type: string + type: array + x-kubernetes-list-type: atomic + required: + - key + - operator + type: object + type: array + x-kubernetes-list-type: atomic + type: object + x-kubernetes-map-type: atomic + weight: + format: int32 + type: integer + required: + - preference + - weight + type: object + type: array + x-kubernetes-list-type: atomic + requiredDuringSchedulingIgnoredDuringExecution: + properties: + nodeSelectorTerms: + items: + properties: + matchExpressions: + items: + properties: + key: + type: string + operator: + type: string + values: + items: + type: string + type: array + x-kubernetes-list-type: atomic + required: + - key + - operator + type: object + type: array + x-kubernetes-list-type: atomic + matchFields: + items: + properties: + key: + type: string + operator: + type: string + values: + items: + type: string + type: array + x-kubernetes-list-type: atomic + required: + - key + - operator + type: object + type: array + x-kubernetes-list-type: atomic + type: object + x-kubernetes-map-type: atomic + type: array + x-kubernetes-list-type: atomic + required: + - nodeSelectorTerms + type: object + x-kubernetes-map-type: atomic + type: object + podAffinity: + properties: + preferredDuringSchedulingIgnoredDuringExecution: + items: + properties: + podAffinityTerm: + properties: + labelSelector: + properties: + matchExpressions: + items: + properties: + key: + type: string + operator: + type: string + values: + items: + type: string + type: array + x-kubernetes-list-type: atomic + required: + - key + - operator + type: object + type: array + x-kubernetes-list-type: atomic + matchLabels: + additionalProperties: + type: string + type: object + type: object + x-kubernetes-map-type: atomic + matchLabelKeys: + items: + type: string + type: array + x-kubernetes-list-type: atomic + mismatchLabelKeys: + items: + type: string + type: array + x-kubernetes-list-type: atomic + namespaceSelector: + properties: + matchExpressions: + items: + properties: + key: + type: string + operator: + type: string + values: + items: + type: string + type: array + x-kubernetes-list-type: atomic + required: + - key + - operator + type: object + type: array + x-kubernetes-list-type: atomic + matchLabels: + additionalProperties: + type: string + type: object + type: object + x-kubernetes-map-type: atomic + namespaces: + items: + type: string + type: array + x-kubernetes-list-type: atomic + topologyKey: + type: string + required: + - topologyKey + type: object + weight: + format: int32 + type: integer + required: + - podAffinityTerm + - weight + type: object + type: array + x-kubernetes-list-type: atomic + requiredDuringSchedulingIgnoredDuringExecution: + items: + properties: + labelSelector: + properties: + matchExpressions: + items: + properties: + key: + type: string + operator: + type: string + values: + items: + type: string + type: array + x-kubernetes-list-type: atomic + required: + - key + - operator + type: object + type: array + x-kubernetes-list-type: atomic + matchLabels: + additionalProperties: + type: string + type: object + type: object + x-kubernetes-map-type: atomic + matchLabelKeys: + items: + type: string + type: array + x-kubernetes-list-type: atomic + mismatchLabelKeys: + items: + type: string + type: array + x-kubernetes-list-type: atomic + namespaceSelector: + properties: + matchExpressions: + items: + properties: + key: + type: string + operator: + type: string + values: + items: + type: string + type: array + x-kubernetes-list-type: atomic + required: + - key + - operator + type: object + type: array + x-kubernetes-list-type: atomic + matchLabels: + additionalProperties: + type: string + type: object + type: object + x-kubernetes-map-type: atomic + namespaces: + items: + type: string + type: array + x-kubernetes-list-type: atomic + topologyKey: + type: string + required: + - topologyKey + type: object + type: array + x-kubernetes-list-type: atomic + type: object + podAntiAffinity: + properties: + preferredDuringSchedulingIgnoredDuringExecution: + items: + properties: + podAffinityTerm: + properties: + labelSelector: + properties: + matchExpressions: + items: + properties: + key: + type: string + operator: + type: string + values: + items: + type: string + type: array + x-kubernetes-list-type: atomic + required: + - key + - operator + type: object + type: array + x-kubernetes-list-type: atomic + matchLabels: + additionalProperties: + type: string + type: object + type: object + x-kubernetes-map-type: atomic + matchLabelKeys: + items: + type: string + type: array + x-kubernetes-list-type: atomic + mismatchLabelKeys: + items: + type: string + type: array + x-kubernetes-list-type: atomic + namespaceSelector: + properties: + matchExpressions: + items: + properties: + key: + type: string + operator: + type: string + values: + items: + type: string + type: array + x-kubernetes-list-type: atomic + required: + - key + - operator + type: object + type: array + x-kubernetes-list-type: atomic + matchLabels: + additionalProperties: + type: string + type: object + type: object + x-kubernetes-map-type: atomic + namespaces: + items: + type: string + type: array + x-kubernetes-list-type: atomic + topologyKey: + type: string + required: + - topologyKey + type: object + weight: + format: int32 + type: integer + required: + - podAffinityTerm + - weight + type: object + type: array + x-kubernetes-list-type: atomic + requiredDuringSchedulingIgnoredDuringExecution: + items: + properties: + labelSelector: + properties: + matchExpressions: + items: + properties: + key: + type: string + operator: + type: string + values: + items: + type: string + type: array + x-kubernetes-list-type: atomic + required: + - key + - operator + type: object + type: array + x-kubernetes-list-type: atomic + matchLabels: + additionalProperties: + type: string + type: object + type: object + x-kubernetes-map-type: atomic + matchLabelKeys: + items: + type: string + type: array + x-kubernetes-list-type: atomic + mismatchLabelKeys: + items: + type: string + type: array + x-kubernetes-list-type: atomic + namespaceSelector: + properties: + matchExpressions: + items: + properties: + key: + type: string + operator: + type: string + values: + items: + type: string + type: array + x-kubernetes-list-type: atomic + required: + - key + - operator + type: object + type: array + x-kubernetes-list-type: atomic + matchLabels: + additionalProperties: + type: string + type: object + type: object + x-kubernetes-map-type: atomic + namespaces: + items: + type: string + type: array + x-kubernetes-list-type: atomic + topologyKey: + type: string + required: + - topologyKey + type: object + type: array + x-kubernetes-list-type: atomic + type: object + type: object + automountServiceAccountToken: + type: boolean + containers: + items: + properties: + args: + items: + type: string + type: array + x-kubernetes-list-type: atomic + command: + items: + type: string + type: array + x-kubernetes-list-type: atomic + env: + items: + properties: + name: + type: string + value: + type: string + valueFrom: + properties: + configMapKeyRef: + properties: + key: + type: string + name: + default: "" + type: string + optional: + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + fieldRef: + properties: + apiVersion: + type: string + fieldPath: + type: string + required: + - fieldPath + type: object + x-kubernetes-map-type: atomic + resourceFieldRef: + properties: + containerName: + type: string + divisor: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + resource: + type: string + required: + - resource + type: object + x-kubernetes-map-type: atomic + secretKeyRef: + properties: + key: + type: string + name: + default: "" + type: string + optional: + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + type: object + required: + - name + type: object + type: array + x-kubernetes-list-map-keys: + - name + x-kubernetes-list-type: map + envFrom: + items: + properties: + configMapRef: + properties: + name: + default: "" + type: string + optional: + type: boolean + type: object + x-kubernetes-map-type: atomic + prefix: + type: string + secretRef: + properties: + name: + default: "" + type: string + optional: + type: boolean + type: object + x-kubernetes-map-type: atomic + type: object + type: array + x-kubernetes-list-type: atomic + image: + type: string + imagePullPolicy: + type: string + lifecycle: + properties: + postStart: + properties: + exec: + properties: + command: + items: + type: string + type: array + x-kubernetes-list-type: atomic + type: object + httpGet: + properties: + host: + type: string + httpHeaders: + items: + properties: + name: + type: string + value: + type: string + required: + - name + - value + type: object + type: array + x-kubernetes-list-type: atomic + path: + type: string + port: + anyOf: + - type: integer + - type: string + x-kubernetes-int-or-string: true + scheme: + type: string + required: + - port + type: object + sleep: + properties: + seconds: + format: int64 + type: integer + required: + - seconds + type: object + tcpSocket: + properties: + host: + type: string + port: + anyOf: + - type: integer + - type: string + x-kubernetes-int-or-string: true + required: + - port + type: object + type: object + preStop: + properties: + exec: + properties: + command: + items: + type: string + type: array + x-kubernetes-list-type: atomic + type: object + httpGet: + properties: + host: + type: string + httpHeaders: + items: + properties: + name: + type: string + value: + type: string + required: + - name + - value + type: object + type: array + x-kubernetes-list-type: atomic + path: + type: string + port: + anyOf: + - type: integer + - type: string + x-kubernetes-int-or-string: true + scheme: + type: string + required: + - port + type: object + sleep: + properties: + seconds: + format: int64 + type: integer + required: + - seconds + type: object + tcpSocket: + properties: + host: + type: string + port: + anyOf: + - type: integer + - type: string + x-kubernetes-int-or-string: true + required: + - port + type: object + type: object + stopSignal: + type: string + type: object + livenessProbe: + properties: + exec: + properties: + command: + items: + type: string + type: array + x-kubernetes-list-type: atomic + type: object + failureThreshold: + format: int32 + type: integer + grpc: + properties: + port: + format: int32 + type: integer + service: + default: "" + type: string + required: + - port + type: object + httpGet: + properties: + host: + type: string + httpHeaders: + items: + properties: + name: + type: string + value: + type: string + required: + - name + - value + type: object + type: array + x-kubernetes-list-type: atomic + path: + type: string + port: + anyOf: + - type: integer + - type: string + x-kubernetes-int-or-string: true + scheme: + type: string + required: + - port + type: object + initialDelaySeconds: + format: int32 + type: integer + periodSeconds: + format: int32 + type: integer + successThreshold: + format: int32 + type: integer + tcpSocket: + properties: + host: + type: string + port: + anyOf: + - type: integer + - type: string + x-kubernetes-int-or-string: true + required: + - port + type: object + terminationGracePeriodSeconds: + format: int64 + type: integer + timeoutSeconds: + format: int32 + type: integer + type: object + name: + type: string + ports: + items: + properties: + containerPort: + format: int32 + type: integer + hostIP: + type: string + hostPort: + format: int32 + type: integer + name: + type: string + protocol: + default: TCP + type: string + required: + - containerPort + type: object + type: array + x-kubernetes-list-map-keys: + - containerPort + - protocol + x-kubernetes-list-type: map + readinessProbe: + properties: + exec: + properties: + command: + items: + type: string + type: array + x-kubernetes-list-type: atomic + type: object + failureThreshold: + format: int32 + type: integer + grpc: + properties: + port: + format: int32 + type: integer + service: + default: "" + type: string + required: + - port + type: object + httpGet: + properties: + host: + type: string + httpHeaders: + items: + properties: + name: + type: string + value: + type: string + required: + - name + - value + type: object + type: array + x-kubernetes-list-type: atomic + path: + type: string + port: + anyOf: + - type: integer + - type: string + x-kubernetes-int-or-string: true + scheme: + type: string + required: + - port + type: object + initialDelaySeconds: + format: int32 + type: integer + periodSeconds: + format: int32 + type: integer + successThreshold: + format: int32 + type: integer + tcpSocket: + properties: + host: + type: string + port: + anyOf: + - type: integer + - type: string + x-kubernetes-int-or-string: true + required: + - port + type: object + terminationGracePeriodSeconds: + format: int64 + type: integer + timeoutSeconds: + format: int32 + type: integer + type: object + resizePolicy: + items: + properties: + resourceName: + type: string + restartPolicy: + type: string + required: + - resourceName + - restartPolicy + type: object + type: array + x-kubernetes-list-type: atomic + resources: + properties: + claims: + items: + properties: + name: + type: string + request: + type: string + required: + - name + type: object + type: array + x-kubernetes-list-map-keys: + - name + x-kubernetes-list-type: map + limits: + additionalProperties: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + type: object + requests: + additionalProperties: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + type: object + type: object + restartPolicy: + type: string + securityContext: + properties: + allowPrivilegeEscalation: + type: boolean + appArmorProfile: + properties: + localhostProfile: + type: string + type: + type: string + required: + - type + type: object + capabilities: + properties: + add: + items: + type: string + type: array + x-kubernetes-list-type: atomic + drop: + items: + type: string + type: array + x-kubernetes-list-type: atomic + type: object + privileged: + type: boolean + procMount: + type: string + readOnlyRootFilesystem: + type: boolean + runAsGroup: + format: int64 + type: integer + runAsNonRoot: + type: boolean + runAsUser: + format: int64 + type: integer + seLinuxOptions: + properties: + level: + type: string + role: + type: string + type: + type: string + user: + type: string + type: object + seccompProfile: + properties: + localhostProfile: + type: string + type: + type: string + required: + - type + type: object + windowsOptions: + properties: + gmsaCredentialSpec: + type: string + gmsaCredentialSpecName: + type: string + hostProcess: + type: boolean + runAsUserName: + type: string + type: object + type: object + startupProbe: + properties: + exec: + properties: + command: + items: + type: string + type: array + x-kubernetes-list-type: atomic + type: object + failureThreshold: + format: int32 + type: integer + grpc: + properties: + port: + format: int32 + type: integer + service: + default: "" + type: string + required: + - port + type: object + httpGet: + properties: + host: + type: string + httpHeaders: + items: + properties: + name: + type: string + value: + type: string + required: + - name + - value + type: object + type: array + x-kubernetes-list-type: atomic + path: + type: string + port: + anyOf: + - type: integer + - type: string + x-kubernetes-int-or-string: true + scheme: + type: string + required: + - port + type: object + initialDelaySeconds: + format: int32 + type: integer + periodSeconds: + format: int32 + type: integer + successThreshold: + format: int32 + type: integer + tcpSocket: + properties: + host: + type: string + port: + anyOf: + - type: integer + - type: string + x-kubernetes-int-or-string: true + required: + - port + type: object + terminationGracePeriodSeconds: + format: int64 + type: integer + timeoutSeconds: + format: int32 + type: integer + type: object + stdin: + type: boolean + stdinOnce: + type: boolean + terminationMessagePath: + type: string + terminationMessagePolicy: + type: string + tty: + type: boolean + volumeDevices: + items: + properties: + devicePath: + type: string + name: + type: string + required: + - devicePath + - name + type: object + type: array + x-kubernetes-list-map-keys: + - devicePath + x-kubernetes-list-type: map + volumeMounts: + items: + properties: + mountPath: + type: string + mountPropagation: + type: string + name: + type: string + readOnly: + type: boolean + recursiveReadOnly: + type: string + subPath: + type: string + subPathExpr: + type: string + required: + - mountPath + - name + type: object + type: array + x-kubernetes-list-map-keys: + - mountPath + x-kubernetes-list-type: map + workingDir: + type: string + required: + - name + type: object + type: array + x-kubernetes-list-map-keys: + - name + x-kubernetes-list-type: map + dnsConfig: + properties: + nameservers: + items: + type: string + type: array + x-kubernetes-list-type: atomic + options: + items: + properties: + name: + type: string + value: + type: string + type: object + type: array + x-kubernetes-list-type: atomic + searches: + items: + type: string + type: array + x-kubernetes-list-type: atomic + type: object + dnsPolicy: + type: string + enableServiceLinks: + type: boolean + ephemeralContainers: + items: + properties: + args: + items: + type: string + type: array + x-kubernetes-list-type: atomic + command: + items: + type: string + type: array + x-kubernetes-list-type: atomic + env: + items: + properties: + name: + type: string + value: + type: string + valueFrom: + properties: + configMapKeyRef: + properties: + key: + type: string + name: + default: "" + type: string + optional: + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + fieldRef: + properties: + apiVersion: + type: string + fieldPath: + type: string + required: + - fieldPath + type: object + x-kubernetes-map-type: atomic + resourceFieldRef: + properties: + containerName: + type: string + divisor: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + resource: + type: string + required: + - resource + type: object + x-kubernetes-map-type: atomic + secretKeyRef: + properties: + key: + type: string + name: + default: "" + type: string + optional: + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + type: object + required: + - name + type: object + type: array + x-kubernetes-list-map-keys: + - name + x-kubernetes-list-type: map + envFrom: + items: + properties: + configMapRef: + properties: + name: + default: "" + type: string + optional: + type: boolean + type: object + x-kubernetes-map-type: atomic + prefix: + type: string + secretRef: + properties: + name: + default: "" + type: string + optional: + type: boolean + type: object + x-kubernetes-map-type: atomic + type: object + type: array + x-kubernetes-list-type: atomic + image: + type: string + imagePullPolicy: + type: string + lifecycle: + properties: + postStart: + properties: + exec: + properties: + command: + items: + type: string + type: array + x-kubernetes-list-type: atomic + type: object + httpGet: + properties: + host: + type: string + httpHeaders: + items: + properties: + name: + type: string + value: + type: string + required: + - name + - value + type: object + type: array + x-kubernetes-list-type: atomic + path: + type: string + port: + anyOf: + - type: integer + - type: string + x-kubernetes-int-or-string: true + scheme: + type: string + required: + - port + type: object + sleep: + properties: + seconds: + format: int64 + type: integer + required: + - seconds + type: object + tcpSocket: + properties: + host: + type: string + port: + anyOf: + - type: integer + - type: string + x-kubernetes-int-or-string: true + required: + - port + type: object + type: object + preStop: + properties: + exec: + properties: + command: + items: + type: string + type: array + x-kubernetes-list-type: atomic + type: object + httpGet: + properties: + host: + type: string + httpHeaders: + items: + properties: + name: + type: string + value: + type: string + required: + - name + - value + type: object + type: array + x-kubernetes-list-type: atomic + path: + type: string + port: + anyOf: + - type: integer + - type: string + x-kubernetes-int-or-string: true + scheme: + type: string + required: + - port + type: object + sleep: + properties: + seconds: + format: int64 + type: integer + required: + - seconds + type: object + tcpSocket: + properties: + host: + type: string + port: + anyOf: + - type: integer + - type: string + x-kubernetes-int-or-string: true + required: + - port + type: object + type: object + stopSignal: + type: string + type: object + livenessProbe: + properties: + exec: + properties: + command: + items: + type: string + type: array + x-kubernetes-list-type: atomic + type: object + failureThreshold: + format: int32 + type: integer + grpc: + properties: + port: + format: int32 + type: integer + service: + default: "" + type: string + required: + - port + type: object + httpGet: + properties: + host: + type: string + httpHeaders: + items: + properties: + name: + type: string + value: + type: string + required: + - name + - value + type: object + type: array + x-kubernetes-list-type: atomic + path: + type: string + port: + anyOf: + - type: integer + - type: string + x-kubernetes-int-or-string: true + scheme: + type: string + required: + - port + type: object + initialDelaySeconds: + format: int32 + type: integer + periodSeconds: + format: int32 + type: integer + successThreshold: + format: int32 + type: integer + tcpSocket: + properties: + host: + type: string + port: + anyOf: + - type: integer + - type: string + x-kubernetes-int-or-string: true + required: + - port + type: object + terminationGracePeriodSeconds: + format: int64 + type: integer + timeoutSeconds: + format: int32 + type: integer + type: object + name: + type: string + ports: + items: + properties: + containerPort: + format: int32 + type: integer + hostIP: + type: string + hostPort: + format: int32 + type: integer + name: + type: string + protocol: + default: TCP + type: string + required: + - containerPort + type: object + type: array + x-kubernetes-list-map-keys: + - containerPort + - protocol + x-kubernetes-list-type: map + readinessProbe: + properties: + exec: + properties: + command: + items: + type: string + type: array + x-kubernetes-list-type: atomic + type: object + failureThreshold: + format: int32 + type: integer + grpc: + properties: + port: + format: int32 + type: integer + service: + default: "" + type: string + required: + - port + type: object + httpGet: + properties: + host: + type: string + httpHeaders: + items: + properties: + name: + type: string + value: + type: string + required: + - name + - value + type: object + type: array + x-kubernetes-list-type: atomic + path: + type: string + port: + anyOf: + - type: integer + - type: string + x-kubernetes-int-or-string: true + scheme: + type: string + required: + - port + type: object + initialDelaySeconds: + format: int32 + type: integer + periodSeconds: + format: int32 + type: integer + successThreshold: + format: int32 + type: integer + tcpSocket: + properties: + host: + type: string + port: + anyOf: + - type: integer + - type: string + x-kubernetes-int-or-string: true + required: + - port + type: object + terminationGracePeriodSeconds: + format: int64 + type: integer + timeoutSeconds: + format: int32 + type: integer + type: object + resizePolicy: + items: + properties: + resourceName: + type: string + restartPolicy: + type: string + required: + - resourceName + - restartPolicy + type: object + type: array + x-kubernetes-list-type: atomic + resources: + properties: + claims: + items: + properties: + name: + type: string + request: + type: string + required: + - name + type: object + type: array + x-kubernetes-list-map-keys: + - name + x-kubernetes-list-type: map + limits: + additionalProperties: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + type: object + requests: + additionalProperties: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + type: object + type: object + restartPolicy: + type: string + securityContext: + properties: + allowPrivilegeEscalation: + type: boolean + appArmorProfile: + properties: + localhostProfile: + type: string + type: + type: string + required: + - type + type: object + capabilities: + properties: + add: + items: + type: string + type: array + x-kubernetes-list-type: atomic + drop: + items: + type: string + type: array + x-kubernetes-list-type: atomic + type: object + privileged: + type: boolean + procMount: + type: string + readOnlyRootFilesystem: + type: boolean + runAsGroup: + format: int64 + type: integer + runAsNonRoot: + type: boolean + runAsUser: + format: int64 + type: integer + seLinuxOptions: + properties: + level: + type: string + role: + type: string + type: + type: string + user: + type: string + type: object + seccompProfile: + properties: + localhostProfile: + type: string + type: + type: string + required: + - type + type: object + windowsOptions: + properties: + gmsaCredentialSpec: + type: string + gmsaCredentialSpecName: + type: string + hostProcess: + type: boolean + runAsUserName: + type: string + type: object + type: object + startupProbe: + properties: + exec: + properties: + command: + items: + type: string + type: array + x-kubernetes-list-type: atomic + type: object + failureThreshold: + format: int32 + type: integer + grpc: + properties: + port: + format: int32 + type: integer + service: + default: "" + type: string + required: + - port + type: object + httpGet: + properties: + host: + type: string + httpHeaders: + items: + properties: + name: + type: string + value: + type: string + required: + - name + - value + type: object + type: array + x-kubernetes-list-type: atomic + path: + type: string + port: + anyOf: + - type: integer + - type: string + x-kubernetes-int-or-string: true + scheme: + type: string + required: + - port + type: object + initialDelaySeconds: + format: int32 + type: integer + periodSeconds: + format: int32 + type: integer + successThreshold: + format: int32 + type: integer + tcpSocket: + properties: + host: + type: string + port: + anyOf: + - type: integer + - type: string + x-kubernetes-int-or-string: true + required: + - port + type: object + terminationGracePeriodSeconds: + format: int64 + type: integer + timeoutSeconds: + format: int32 + type: integer + type: object + stdin: + type: boolean + stdinOnce: + type: boolean + targetContainerName: + type: string + terminationMessagePath: + type: string + terminationMessagePolicy: + type: string + tty: + type: boolean + volumeDevices: + items: + properties: + devicePath: + type: string + name: + type: string + required: + - devicePath + - name + type: object + type: array + x-kubernetes-list-map-keys: + - devicePath + x-kubernetes-list-type: map + volumeMounts: + items: + properties: + mountPath: + type: string + mountPropagation: + type: string + name: + type: string + readOnly: + type: boolean + recursiveReadOnly: + type: string + subPath: + type: string + subPathExpr: + type: string + required: + - mountPath + - name + type: object + type: array + x-kubernetes-list-map-keys: + - mountPath + x-kubernetes-list-type: map + workingDir: + type: string + required: + - name + type: object + type: array + x-kubernetes-list-map-keys: + - name + x-kubernetes-list-type: map + hostAliases: + items: + properties: + hostnames: + items: + type: string + type: array + x-kubernetes-list-type: atomic + ip: + type: string + required: + - ip + type: object + type: array + x-kubernetes-list-map-keys: + - ip + x-kubernetes-list-type: map + hostIPC: + type: boolean + hostNetwork: + type: boolean + hostPID: + type: boolean + hostUsers: + type: boolean + hostname: + type: string + imagePullSecrets: + items: + properties: + name: + default: "" + type: string + type: object + x-kubernetes-map-type: atomic + type: array + x-kubernetes-list-map-keys: + - name + x-kubernetes-list-type: map + initContainers: + items: + properties: + args: + items: + type: string + type: array + x-kubernetes-list-type: atomic + command: + items: + type: string + type: array + x-kubernetes-list-type: atomic + env: + items: + properties: + name: + type: string + value: + type: string + valueFrom: + properties: + configMapKeyRef: + properties: + key: + type: string + name: + default: "" + type: string + optional: + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + fieldRef: + properties: + apiVersion: + type: string + fieldPath: + type: string + required: + - fieldPath + type: object + x-kubernetes-map-type: atomic + resourceFieldRef: + properties: + containerName: + type: string + divisor: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + resource: + type: string + required: + - resource + type: object + x-kubernetes-map-type: atomic + secretKeyRef: + properties: + key: + type: string + name: + default: "" + type: string + optional: + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + type: object + required: + - name + type: object + type: array + x-kubernetes-list-map-keys: + - name + x-kubernetes-list-type: map + envFrom: + items: + properties: + configMapRef: + properties: + name: + default: "" + type: string + optional: + type: boolean + type: object + x-kubernetes-map-type: atomic + prefix: + type: string + secretRef: + properties: + name: + default: "" + type: string + optional: + type: boolean + type: object + x-kubernetes-map-type: atomic + type: object + type: array + x-kubernetes-list-type: atomic + image: + type: string + imagePullPolicy: + type: string + lifecycle: + properties: + postStart: + properties: + exec: + properties: + command: + items: + type: string + type: array + x-kubernetes-list-type: atomic + type: object + httpGet: + properties: + host: + type: string + httpHeaders: + items: + properties: + name: + type: string + value: + type: string + required: + - name + - value + type: object + type: array + x-kubernetes-list-type: atomic + path: + type: string + port: + anyOf: + - type: integer + - type: string + x-kubernetes-int-or-string: true + scheme: + type: string + required: + - port + type: object + sleep: + properties: + seconds: + format: int64 + type: integer + required: + - seconds + type: object + tcpSocket: + properties: + host: + type: string + port: + anyOf: + - type: integer + - type: string + x-kubernetes-int-or-string: true + required: + - port + type: object + type: object + preStop: + properties: + exec: + properties: + command: + items: + type: string + type: array + x-kubernetes-list-type: atomic + type: object + httpGet: + properties: + host: + type: string + httpHeaders: + items: + properties: + name: + type: string + value: + type: string + required: + - name + - value + type: object + type: array + x-kubernetes-list-type: atomic + path: + type: string + port: + anyOf: + - type: integer + - type: string + x-kubernetes-int-or-string: true + scheme: + type: string + required: + - port + type: object + sleep: + properties: + seconds: + format: int64 + type: integer + required: + - seconds + type: object + tcpSocket: + properties: + host: + type: string + port: + anyOf: + - type: integer + - type: string + x-kubernetes-int-or-string: true + required: + - port + type: object + type: object + stopSignal: + type: string + type: object + livenessProbe: + properties: + exec: + properties: + command: + items: + type: string + type: array + x-kubernetes-list-type: atomic + type: object + failureThreshold: + format: int32 + type: integer + grpc: + properties: + port: + format: int32 + type: integer + service: + default: "" + type: string + required: + - port + type: object + httpGet: + properties: + host: + type: string + httpHeaders: + items: + properties: + name: + type: string + value: + type: string + required: + - name + - value + type: object + type: array + x-kubernetes-list-type: atomic + path: + type: string + port: + anyOf: + - type: integer + - type: string + x-kubernetes-int-or-string: true + scheme: + type: string + required: + - port + type: object + initialDelaySeconds: + format: int32 + type: integer + periodSeconds: + format: int32 + type: integer + successThreshold: + format: int32 + type: integer + tcpSocket: + properties: + host: + type: string + port: + anyOf: + - type: integer + - type: string + x-kubernetes-int-or-string: true + required: + - port + type: object + terminationGracePeriodSeconds: + format: int64 + type: integer + timeoutSeconds: + format: int32 + type: integer + type: object + name: + type: string + ports: + items: + properties: + containerPort: + format: int32 + type: integer + hostIP: + type: string + hostPort: + format: int32 + type: integer + name: + type: string + protocol: + default: TCP + type: string + required: + - containerPort + type: object + type: array + x-kubernetes-list-map-keys: + - containerPort + - protocol + x-kubernetes-list-type: map + readinessProbe: + properties: + exec: + properties: + command: + items: + type: string + type: array + x-kubernetes-list-type: atomic + type: object + failureThreshold: + format: int32 + type: integer + grpc: + properties: + port: + format: int32 + type: integer + service: + default: "" + type: string + required: + - port + type: object + httpGet: + properties: + host: + type: string + httpHeaders: + items: + properties: + name: + type: string + value: + type: string + required: + - name + - value + type: object + type: array + x-kubernetes-list-type: atomic + path: + type: string + port: + anyOf: + - type: integer + - type: string + x-kubernetes-int-or-string: true + scheme: + type: string + required: + - port + type: object + initialDelaySeconds: + format: int32 + type: integer + periodSeconds: + format: int32 + type: integer + successThreshold: + format: int32 + type: integer + tcpSocket: + properties: + host: + type: string + port: + anyOf: + - type: integer + - type: string + x-kubernetes-int-or-string: true + required: + - port + type: object + terminationGracePeriodSeconds: + format: int64 + type: integer + timeoutSeconds: + format: int32 + type: integer + type: object + resizePolicy: + items: + properties: + resourceName: + type: string + restartPolicy: + type: string + required: + - resourceName + - restartPolicy + type: object + type: array + x-kubernetes-list-type: atomic + resources: + properties: + claims: + items: + properties: + name: + type: string + request: + type: string + required: + - name + type: object + type: array + x-kubernetes-list-map-keys: + - name + x-kubernetes-list-type: map + limits: + additionalProperties: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + type: object + requests: + additionalProperties: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + type: object + type: object + restartPolicy: + type: string + securityContext: + properties: + allowPrivilegeEscalation: + type: boolean + appArmorProfile: + properties: + localhostProfile: + type: string + type: + type: string + required: + - type + type: object + capabilities: + properties: + add: + items: + type: string + type: array + x-kubernetes-list-type: atomic + drop: + items: + type: string + type: array + x-kubernetes-list-type: atomic + type: object + privileged: + type: boolean + procMount: + type: string + readOnlyRootFilesystem: + type: boolean + runAsGroup: + format: int64 + type: integer + runAsNonRoot: + type: boolean + runAsUser: + format: int64 + type: integer + seLinuxOptions: + properties: + level: + type: string + role: + type: string + type: + type: string + user: + type: string + type: object + seccompProfile: + properties: + localhostProfile: + type: string + type: + type: string + required: + - type + type: object + windowsOptions: + properties: + gmsaCredentialSpec: + type: string + gmsaCredentialSpecName: + type: string + hostProcess: + type: boolean + runAsUserName: + type: string + type: object + type: object + startupProbe: + properties: + exec: + properties: + command: + items: + type: string + type: array + x-kubernetes-list-type: atomic + type: object + failureThreshold: + format: int32 + type: integer + grpc: + properties: + port: + format: int32 + type: integer + service: + default: "" + type: string + required: + - port + type: object + httpGet: + properties: + host: + type: string + httpHeaders: + items: + properties: + name: + type: string + value: + type: string + required: + - name + - value + type: object + type: array + x-kubernetes-list-type: atomic + path: + type: string + port: + anyOf: + - type: integer + - type: string + x-kubernetes-int-or-string: true + scheme: + type: string + required: + - port + type: object + initialDelaySeconds: + format: int32 + type: integer + periodSeconds: + format: int32 + type: integer + successThreshold: + format: int32 + type: integer + tcpSocket: + properties: + host: + type: string + port: + anyOf: + - type: integer + - type: string + x-kubernetes-int-or-string: true + required: + - port + type: object + terminationGracePeriodSeconds: + format: int64 + type: integer + timeoutSeconds: + format: int32 + type: integer + type: object + stdin: + type: boolean + stdinOnce: + type: boolean + terminationMessagePath: + type: string + terminationMessagePolicy: + type: string + tty: + type: boolean + volumeDevices: + items: + properties: + devicePath: + type: string + name: + type: string + required: + - devicePath + - name + type: object + type: array + x-kubernetes-list-map-keys: + - devicePath + x-kubernetes-list-type: map + volumeMounts: + items: + properties: + mountPath: + type: string + mountPropagation: + type: string + name: + type: string + readOnly: + type: boolean + recursiveReadOnly: + type: string + subPath: + type: string + subPathExpr: + type: string + required: + - mountPath + - name + type: object + type: array + x-kubernetes-list-map-keys: + - mountPath + x-kubernetes-list-type: map + workingDir: + type: string + required: + - name + type: object + type: array + x-kubernetes-list-map-keys: + - name + x-kubernetes-list-type: map + nodeName: + type: string + nodeSelector: + additionalProperties: + type: string + type: object + x-kubernetes-map-type: atomic + os: + properties: + name: + type: string + required: + - name + type: object + overhead: + additionalProperties: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + type: object + preemptionPolicy: + type: string + priority: + format: int32 + type: integer + priorityClassName: + type: string + readinessGates: + items: + properties: + conditionType: + type: string + required: + - conditionType + type: object + type: array + x-kubernetes-list-type: atomic + resourceClaims: + items: + properties: + name: + type: string + resourceClaimName: + type: string + resourceClaimTemplateName: + type: string + required: + - name + type: object + type: array + x-kubernetes-list-map-keys: + - name + x-kubernetes-list-type: map + resources: + properties: + claims: + items: + properties: + name: + type: string + request: + type: string + required: + - name + type: object + type: array + x-kubernetes-list-map-keys: + - name + x-kubernetes-list-type: map + limits: + additionalProperties: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + type: object + requests: + additionalProperties: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + type: object + type: object + restartPolicy: + type: string + runtimeClassName: + type: string + schedulerName: + type: string + schedulingGates: + items: + properties: + name: + type: string + required: + - name + type: object + type: array + x-kubernetes-list-map-keys: + - name + x-kubernetes-list-type: map + securityContext: + properties: + appArmorProfile: + properties: + localhostProfile: + type: string + type: + type: string + required: + - type + type: object + fsGroup: + format: int64 + type: integer + fsGroupChangePolicy: + type: string + runAsGroup: + format: int64 + type: integer + runAsNonRoot: + type: boolean + runAsUser: + format: int64 + type: integer + seLinuxChangePolicy: + type: string + seLinuxOptions: + properties: + level: + type: string + role: + type: string + type: + type: string + user: + type: string + type: object + seccompProfile: + properties: + localhostProfile: + type: string + type: + type: string + required: + - type + type: object + supplementalGroups: + items: + format: int64 + type: integer + type: array + x-kubernetes-list-type: atomic + supplementalGroupsPolicy: + type: string + sysctls: + items: + properties: + name: + type: string + value: + type: string + required: + - name + - value + type: object + type: array + x-kubernetes-list-type: atomic + windowsOptions: + properties: + gmsaCredentialSpec: + type: string + gmsaCredentialSpecName: + type: string + hostProcess: + type: boolean + runAsUserName: + type: string + type: object + type: object + serviceAccount: + type: string + serviceAccountName: + type: string + setHostnameAsFQDN: + type: boolean + shareProcessNamespace: + type: boolean + subdomain: + type: string + terminationGracePeriodSeconds: + format: int64 + type: integer + tolerations: + items: + properties: + effect: + type: string + key: + type: string + operator: + type: string + tolerationSeconds: + format: int64 + type: integer + value: + type: string + type: object + type: array + x-kubernetes-list-type: atomic + topologySpreadConstraints: + items: + properties: + labelSelector: + properties: + matchExpressions: + items: + properties: + key: + type: string + operator: + type: string + values: + items: + type: string + type: array + x-kubernetes-list-type: atomic + required: + - key + - operator + type: object + type: array + x-kubernetes-list-type: atomic + matchLabels: + additionalProperties: + type: string + type: object + type: object + x-kubernetes-map-type: atomic + matchLabelKeys: + items: + type: string + type: array + x-kubernetes-list-type: atomic + maxSkew: + format: int32 + type: integer + minDomains: + format: int32 + type: integer + nodeAffinityPolicy: + type: string + nodeTaintsPolicy: + type: string + topologyKey: + type: string + whenUnsatisfiable: + type: string + required: + - maxSkew + - topologyKey + - whenUnsatisfiable + type: object + type: array + x-kubernetes-list-map-keys: + - topologyKey + - whenUnsatisfiable + x-kubernetes-list-type: map + volumes: + items: + properties: + awsElasticBlockStore: + properties: + fsType: + type: string + partition: + format: int32 + type: integer + readOnly: + type: boolean + volumeID: + type: string + required: + - volumeID + type: object + azureDisk: + properties: + cachingMode: + type: string + diskName: + type: string + diskURI: + type: string + fsType: + default: ext4 + type: string + kind: + type: string + readOnly: + default: false + type: boolean + required: + - diskName + - diskURI + type: object + azureFile: + properties: + readOnly: + type: boolean + secretName: + type: string + shareName: + type: string + required: + - secretName + - shareName + type: object + cephfs: + properties: + monitors: + items: + type: string + type: array + x-kubernetes-list-type: atomic + path: + type: string + readOnly: + type: boolean + secretFile: + type: string + secretRef: + properties: + name: + default: "" + type: string + type: object + x-kubernetes-map-type: atomic + user: + type: string + required: + - monitors + type: object + cinder: + properties: + fsType: + type: string + readOnly: + type: boolean + secretRef: + properties: + name: + default: "" + type: string + type: object + x-kubernetes-map-type: atomic + volumeID: + type: string + required: + - volumeID + type: object + configMap: + properties: + defaultMode: + format: int32 + type: integer + items: + items: + properties: + key: + type: string + mode: + format: int32 + type: integer + path: + type: string + required: + - key + - path + type: object + type: array + x-kubernetes-list-type: atomic + name: + default: "" + type: string + optional: + type: boolean + type: object + x-kubernetes-map-type: atomic + csi: + properties: + driver: + type: string + fsType: + type: string + nodePublishSecretRef: + properties: + name: + default: "" + type: string + type: object + x-kubernetes-map-type: atomic + readOnly: + type: boolean + volumeAttributes: + additionalProperties: + type: string + type: object + required: + - driver + type: object + downwardAPI: + properties: + defaultMode: + format: int32 + type: integer + items: + items: + properties: + fieldRef: + properties: + apiVersion: + type: string + fieldPath: + type: string + required: + - fieldPath + type: object + x-kubernetes-map-type: atomic + mode: + format: int32 + type: integer + path: + type: string + resourceFieldRef: + properties: + containerName: + type: string + divisor: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + resource: + type: string + required: + - resource + type: object + x-kubernetes-map-type: atomic + required: + - path + type: object + type: array + x-kubernetes-list-type: atomic + type: object + emptyDir: + properties: + medium: + type: string + sizeLimit: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + type: object + ephemeral: + properties: + volumeClaimTemplate: + properties: + metadata: + properties: + annotations: + additionalProperties: + type: string + type: object + finalizers: + items: + type: string + type: array + labels: + additionalProperties: + type: string + type: object + name: + type: string + namespace: + type: string + type: object + spec: + properties: + accessModes: + items: + type: string + type: array + x-kubernetes-list-type: atomic + dataSource: + properties: + apiGroup: + type: string + kind: + type: string + name: + type: string + required: + - kind + - name + type: object + x-kubernetes-map-type: atomic + dataSourceRef: + properties: + apiGroup: + type: string + kind: + type: string + name: + type: string + namespace: + type: string + required: + - kind + - name + type: object + resources: + properties: + limits: + additionalProperties: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + type: object + requests: + additionalProperties: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + type: object + type: object + selector: + properties: + matchExpressions: + items: + properties: + key: + type: string + operator: + type: string + values: + items: + type: string + type: array + x-kubernetes-list-type: atomic + required: + - key + - operator + type: object + type: array + x-kubernetes-list-type: atomic + matchLabels: + additionalProperties: + type: string + type: object + type: object + x-kubernetes-map-type: atomic + storageClassName: + type: string + volumeAttributesClassName: + type: string + volumeMode: + type: string + volumeName: + type: string + type: object + required: + - spec + type: object + type: object + fc: + properties: + fsType: + type: string + lun: + format: int32 + type: integer + readOnly: + type: boolean + targetWWNs: + items: + type: string + type: array + x-kubernetes-list-type: atomic + wwids: + items: + type: string + type: array + x-kubernetes-list-type: atomic + type: object + flexVolume: + properties: + driver: + type: string + fsType: + type: string + options: + additionalProperties: + type: string + type: object + readOnly: + type: boolean + secretRef: + properties: + name: + default: "" + type: string + type: object + x-kubernetes-map-type: atomic + required: + - driver + type: object + flocker: + properties: + datasetName: + type: string + datasetUUID: + type: string + type: object + gcePersistentDisk: + properties: + fsType: + type: string + partition: + format: int32 + type: integer + pdName: + type: string + readOnly: + type: boolean + required: + - pdName + type: object + gitRepo: + properties: + directory: + type: string + repository: + type: string + revision: + type: string + required: + - repository + type: object + glusterfs: + properties: + endpoints: + type: string + path: + type: string + readOnly: + type: boolean + required: + - endpoints + - path + type: object + hostPath: + properties: + path: + type: string + type: + type: string + required: + - path + type: object + image: + properties: + pullPolicy: + type: string + reference: + type: string + type: object + iscsi: + properties: + chapAuthDiscovery: + type: boolean + chapAuthSession: + type: boolean + fsType: + type: string + initiatorName: + type: string + iqn: + type: string + iscsiInterface: + default: default + type: string + lun: + format: int32 + type: integer + portals: + items: + type: string + type: array + x-kubernetes-list-type: atomic + readOnly: + type: boolean + secretRef: + properties: + name: + default: "" + type: string + type: object + x-kubernetes-map-type: atomic + targetPortal: + type: string + required: + - iqn + - lun + - targetPortal + type: object + name: + type: string + nfs: + properties: + path: + type: string + readOnly: + type: boolean + server: + type: string + required: + - path + - server + type: object + persistentVolumeClaim: + properties: + claimName: + type: string + readOnly: + type: boolean + required: + - claimName + type: object + photonPersistentDisk: + properties: + fsType: + type: string + pdID: + type: string + required: + - pdID + type: object + portworxVolume: + properties: + fsType: + type: string + readOnly: + type: boolean + volumeID: + type: string + required: + - volumeID + type: object + projected: + properties: + defaultMode: + format: int32 + type: integer + sources: + items: + properties: + clusterTrustBundle: + properties: + labelSelector: + properties: + matchExpressions: + items: + properties: + key: + type: string + operator: + type: string + values: + items: + type: string + type: array + x-kubernetes-list-type: atomic + required: + - key + - operator + type: object + type: array + x-kubernetes-list-type: atomic + matchLabels: + additionalProperties: + type: string + type: object + type: object + x-kubernetes-map-type: atomic + name: + type: string + optional: + type: boolean + path: + type: string + signerName: + type: string + required: + - path + type: object + configMap: + properties: + items: + items: + properties: + key: + type: string + mode: + format: int32 + type: integer + path: + type: string + required: + - key + - path + type: object + type: array + x-kubernetes-list-type: atomic + name: + default: "" + type: string + optional: + type: boolean + type: object + x-kubernetes-map-type: atomic + downwardAPI: + properties: + items: + items: + properties: + fieldRef: + properties: + apiVersion: + type: string + fieldPath: + type: string + required: + - fieldPath + type: object + x-kubernetes-map-type: atomic + mode: + format: int32 + type: integer + path: + type: string + resourceFieldRef: + properties: + containerName: + type: string + divisor: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + resource: + type: string + required: + - resource + type: object + x-kubernetes-map-type: atomic + required: + - path + type: object + type: array + x-kubernetes-list-type: atomic + type: object + secret: + properties: + items: + items: + properties: + key: + type: string + mode: + format: int32 + type: integer + path: + type: string + required: + - key + - path + type: object + type: array + x-kubernetes-list-type: atomic + name: + default: "" + type: string + optional: + type: boolean + type: object + x-kubernetes-map-type: atomic + serviceAccountToken: + properties: + audience: + type: string + expirationSeconds: + format: int64 + type: integer + path: + type: string + required: + - path + type: object + type: object + type: array + x-kubernetes-list-type: atomic + type: object + quobyte: + properties: + group: + type: string + readOnly: + type: boolean + registry: + type: string + tenant: + type: string + user: + type: string + volume: + type: string + required: + - registry + - volume + type: object + rbd: + properties: + fsType: + type: string + image: + type: string + keyring: + default: /etc/ceph/keyring + type: string + monitors: + items: + type: string + type: array + x-kubernetes-list-type: atomic + pool: + default: rbd + type: string + readOnly: + type: boolean + secretRef: + properties: + name: + default: "" + type: string + type: object + x-kubernetes-map-type: atomic + user: + default: admin + type: string + required: + - image + - monitors + type: object + scaleIO: + properties: + fsType: + default: xfs + type: string + gateway: + type: string + protectionDomain: + type: string + readOnly: + type: boolean + secretRef: + properties: + name: + default: "" + type: string + type: object + x-kubernetes-map-type: atomic + sslEnabled: + type: boolean + storageMode: + default: ThinProvisioned + type: string + storagePool: + type: string + system: + type: string + volumeName: + type: string + required: + - gateway + - secretRef + - system + type: object + secret: + properties: + defaultMode: + format: int32 + type: integer + items: + items: + properties: + key: + type: string + mode: + format: int32 + type: integer + path: + type: string + required: + - key + - path + type: object + type: array + x-kubernetes-list-type: atomic + optional: + type: boolean + secretName: + type: string + type: object + storageos: + properties: + fsType: + type: string + readOnly: + type: boolean + secretRef: + properties: + name: + default: "" + type: string + type: object + x-kubernetes-map-type: atomic + volumeName: + type: string + volumeNamespace: + type: string + type: object + vsphereVolume: + properties: + fsType: + type: string + storagePolicyID: + type: string + storagePolicyName: + type: string + volumePath: + type: string + required: + - volumePath + type: object + required: + - name + type: object + type: array + x-kubernetes-list-map-keys: + - name + x-kubernetes-list-type: map + required: + - containers + type: object + type: object + sidecarContainer: + properties: + enableLivenessProbe: + type: boolean + enableReadinessProbe: + type: boolean + enableTls: + type: boolean + imageConfigs: + items: + properties: + baseImage: + maxLength: 200 + type: string + tag: + maxLength: 100 + type: string + tagSuffix: + maxLength: 50 + type: string + version: + maxLength: 20 + type: string + type: object + maxItems: 100 + type: array + peerVerificationRules: + maxLength: 10000 + type: string + type: object + snapshotPeriodSeconds: + type: integer + version: + type: string + required: + - clusterName + - version + type: object + status: + properties: + agentCount: + type: integer + backupDetails: + properties: + paused: + type: boolean + running: + type: boolean + snapshotTime: + type: integer + url: + type: string + type: object + deploymentConfigured: + type: boolean + generations: + properties: + needsBackupAgentUpdate: + format: int64 + type: integer + needsBackupModification: + format: int64 + type: integer + needsBackupPauseToggle: + format: int64 + type: integer + needsBackupStart: + format: int64 + type: integer + needsBackupStop: + format: int64 + type: integer + reconciled: + format: int64 + type: integer + type: object + type: object + type: object + served: true + storage: true + subresources: + status: {} diff --git a/packages/system/foundationdb-operator/charts/fdb-operator/crds/apps.foundationdb.org_foundationdbclusters.yaml b/packages/system/foundationdb-operator/charts/fdb-operator/crds/apps.foundationdb.org_foundationdbclusters.yaml new file mode 100644 index 00000000..d65a97b1 --- /dev/null +++ b/packages/system/foundationdb-operator/charts/fdb-operator/crds/apps.foundationdb.org_foundationdbclusters.yaml @@ -0,0 +1,4784 @@ +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + controller-gen.kubebuilder.io/version: v0.18.0 + foundationdb.org/release: v2.13.0 + name: foundationdbclusters.apps.foundationdb.org +spec: + group: apps.foundationdb.org + names: + kind: FoundationDBCluster + listKind: FoundationDBClusterList + plural: foundationdbclusters + shortNames: + - fdb + singular: foundationdbcluster + scope: Namespaced + versions: + - additionalPrinterColumns: + - description: Latest generation of the spec + jsonPath: .metadata.generation + name: Generation + type: integer + - description: Last reconciled generation of the spec + jsonPath: .status.generations.reconciled + name: Reconciled + type: integer + - description: Database available + jsonPath: .status.health.available + name: Available + type: boolean + - description: Database fully replicated + jsonPath: .status.health.fullReplication + name: FullReplication + type: boolean + - description: Number of reconciled process groups + jsonPath: .status.reconciledProcessGroups + name: ReconciledProcessGroups + priority: 1 + type: integer + - description: Desired number of process groups + jsonPath: .status.desiredProcessGroups + name: DesiredProcessGroups + priority: 1 + type: integer + - description: Running version + jsonPath: .status.runningVersion + name: Version + type: string + - jsonPath: .metadata.creationTimestamp + name: Age + type: date + name: v1beta2 + schema: + openAPIV3Schema: + properties: + apiVersion: + type: string + kind: + type: string + metadata: + type: object + spec: + properties: + automationOptions: + properties: + cacheDatabaseStatusForReconciliation: + type: boolean + configureDatabase: + type: boolean + databaseInteractionMode: + maxLength: 256 + type: string + deletionMode: + default: Zone + enum: + - All + - Zone + - ProcessGroup + - None + type: string + failedPodDurationSeconds: + type: integer + ignoreLogGroupsForUpgrade: + items: + maxLength: 256 + type: string + maxItems: 10 + type: array + ignoreMissingProcessesSeconds: + type: integer + ignorePendingPodsDuration: + format: int64 + type: integer + ignoreTerminatingPodsSeconds: + type: integer + killProcesses: + type: boolean + maintenanceModeOptions: + properties: + UseMaintenanceModeChecker: + type: boolean + maintenanceModeTimeSeconds: + type: integer + resetMaintenanceMode: + type: boolean + type: object + maxConcurrentReplacements: + minimum: 0 + type: integer + podUpdateStrategy: + default: ReplaceTransactionSystem + enum: + - Replace + - ReplaceTransactionSystem + - Delete + type: string + removalMode: + default: Zone + enum: + - All + - Zone + - ProcessGroup + - None + type: string + replacements: + properties: + enabled: + type: boolean + failureDetectionTimeSeconds: + type: integer + faultDomainBasedReplacements: + type: boolean + maxConcurrentReplacements: + default: 1 + minimum: 0 + type: integer + maxFaultDomainsWithTaintedProcessGroups: + anyOf: + - type: integer + - type: string + x-kubernetes-int-or-string: true + taintReplacementOptions: + items: + properties: + durationInSeconds: + format: int64 + minimum: 0 + type: integer + key: + maxLength: 256 + pattern: ^([\-._\/a-z0-9A-Z\*])*$ + type: string + required: + - durationInSeconds + - key + type: object + maxItems: 32 + type: array + taintReplacementTimeSeconds: + type: integer + type: object + synchronizationMode: + default: local + enum: + - local + - global + type: string + useLocalitiesForExclusion: + type: boolean + useManagementAPI: + type: boolean + useNonBlockingExcludes: + type: boolean + waitBetweenRemovalsSeconds: + type: integer + type: object + buggify: + properties: + blockRemoval: + items: + maxLength: 63 + pattern: ^(([\w-]+)-(\d+)|\*)$ + type: string + maxItems: 1000 + type: array + crashLoop: + items: + maxLength: 63 + pattern: ^(([\w-]+)-(\d+)|\*)$ + type: string + type: array + crashLoopContainers: + items: + properties: + containerName: + maxLength: 253 + minLength: 1 + type: string + targets: + items: + maxLength: 63 + pattern: ^(([\w-]+)-(\d+)|\*)$ + type: string + maxItems: 10000 + minItems: 0 + type: array + type: object + maxItems: 8 + minItems: 0 + type: array + emptyMonitorConf: + type: boolean + ignoreDuringRestart: + items: + maxLength: 63 + pattern: ^(([\w-]+)-(\d+)|\*)$ + type: string + maxItems: 1000 + type: array + noSchedule: + items: + maxLength: 63 + pattern: ^(([\w-]+)-(\d+)|\*)$ + type: string + type: array + type: object + configMap: + properties: + apiVersion: + type: string + binaryData: + additionalProperties: + format: byte + type: string + type: object + data: + additionalProperties: + type: string + type: object + immutable: + type: boolean + kind: + type: string + metadata: + properties: + annotations: + additionalProperties: + type: string + type: object + finalizers: + items: + type: string + type: array + labels: + additionalProperties: + type: string + type: object + name: + type: string + namespace: + type: string + type: object + type: object + coordinatorSelection: + items: + properties: + priority: + type: integer + processClass: + type: string + type: object + type: array + dataCenter: + type: string + dataHall: + type: string + databaseConfiguration: + properties: + commit_proxies: + type: integer + excluded_servers: + items: + properties: + address: + maxLength: 48 + type: string + locality: + maxLength: 200 + type: string + type: object + maxItems: 1024 + type: array + grv_proxies: + type: integer + log_routers: + type: integer + log_spill: + type: integer + log_version: + type: integer + logs: + type: integer + perpetual_storage_wiggle: + type: integer + perpetual_storage_wiggle_engine: + enum: + - "" + - ssd + - ssd-1 + - ssd-2 + - memory + - memory-1 + - memory-2 + - ssd-redwood-1-experimental + - ssd-redwood-1 + - ssd-rocksdb-experimental + - ssd-rocksdb-v1 + - ssd-sharded-rocksdb + - memory-radixtree-beta + - custom + - none + maxLength: 100 + type: string + perpetual_storage_wiggle_locality: + type: string + proxies: + type: integer + redundancy_mode: + enum: + - single + - double + - triple + - three_data_hall + maxLength: 100 + type: string + regions: + items: + properties: + datacenters: + items: + properties: + id: + type: string + priority: + type: integer + satellite: + maximum: 1 + minimum: 0 + type: integer + type: object + type: array + satellite_logs: + type: integer + satellite_redundancy_mode: + maxLength: 100 + type: string + type: object + type: array + remote_logs: + type: integer + resolvers: + type: integer + storage: + type: integer + storage_engine: + default: ssd-2 + enum: + - ssd + - ssd-1 + - ssd-2 + - memory + - memory-1 + - memory-2 + - ssd-redwood-1-experimental + - ssd-redwood-1 + - ssd-rocksdb-experimental + - ssd-rocksdb-v1 + - ssd-sharded-rocksdb + - memory-radixtree-beta + - custom + maxLength: 100 + type: string + storage_migration_type: + enum: + - "" + - disabled + - aggressive + - gradual + maxLength: 100 + type: string + usable_regions: + type: integer + type: object + faultDomain: + properties: + key: + type: string + value: + type: string + valueFrom: + type: string + zoneCount: + type: integer + zoneIndex: + type: integer + type: object + ignoreUpgradabilityChecks: + type: boolean + imageType: + default: unified + enum: + - split + - unified + maxLength: 1024 + type: string + labels: + properties: + filterOnOwnerReference: + type: boolean + matchLabels: + additionalProperties: + type: string + type: object + processClassLabels: + items: + type: string + maxItems: 100 + type: array + processGroupIDLabels: + items: + type: string + maxItems: 100 + type: array + resourceLabels: + additionalProperties: + type: string + type: object + type: object + lockOptions: + properties: + denyList: + items: + properties: + allow: + type: boolean + id: + type: string + type: object + type: array + disableLocks: + type: boolean + lockDurationMinutes: + type: integer + lockKeyPrefix: + type: string + type: object + logGroup: + type: string + logServersPerPod: + type: integer + mainContainer: + properties: + enableLivenessProbe: + type: boolean + enableReadinessProbe: + type: boolean + enableTls: + type: boolean + imageConfigs: + items: + properties: + baseImage: + maxLength: 200 + type: string + tag: + maxLength: 100 + type: string + tagSuffix: + maxLength: 50 + type: string + version: + maxLength: 20 + type: string + type: object + maxItems: 100 + type: array + peerVerificationRules: + maxLength: 10000 + type: string + type: object + maxZonesWithUnavailablePods: + type: integer + minimumUptimeSecondsForBounce: + default: 600 + minimum: 1 + type: integer + partialConnectionString: + properties: + coordinators: + items: + type: string + type: array + databaseName: + type: string + generationID: + type: string + type: object + processCounts: + properties: + backup: + type: integer + cluster_controller: + type: integer + commit_proxy: + type: integer + coordinator: + type: integer + data_distributor: + type: integer + fast_restore: + type: integer + grv_proxy: + type: integer + log: + type: integer + master: + type: integer + proxy: + type: integer + ratekeeper: + type: integer + resolution: + type: integer + router: + type: integer + stateless: + type: integer + storage: + type: integer + storage_cache: + type: integer + test: + type: integer + tester: + type: integer + transaction: + type: integer + unset: + type: integer + type: object + processGroupIDPrefix: + maxLength: 43 + pattern: ^[a-z0-9A-Z]([\-._a-z0-9A-Z])*[a-z0-9A-Z]$ + type: string + processGroupsToRemove: + items: + maxLength: 63 + pattern: ^(([\w-]+)-(\d+)|\*)$ + type: string + maxItems: 500 + minItems: 0 + type: array + processGroupsToRemoveWithoutExclusion: + items: + maxLength: 63 + pattern: ^(([\w-]+)-(\d+)|\*)$ + type: string + maxItems: 500 + minItems: 0 + type: array + processes: + additionalProperties: + properties: + customParameters: + items: + maxLength: 100 + type: string + maxItems: 100 + type: array + podTemplate: + properties: + metadata: + properties: + annotations: + additionalProperties: + type: string + type: object + finalizers: + items: + type: string + type: array + labels: + additionalProperties: + type: string + type: object + name: + type: string + namespace: + type: string + type: object + spec: + properties: + activeDeadlineSeconds: + format: int64 + type: integer + affinity: + properties: + nodeAffinity: + properties: + preferredDuringSchedulingIgnoredDuringExecution: + items: + properties: + preference: + properties: + matchExpressions: + items: + properties: + key: + type: string + operator: + type: string + values: + items: + type: string + type: array + x-kubernetes-list-type: atomic + required: + - key + - operator + type: object + type: array + x-kubernetes-list-type: atomic + matchFields: + items: + properties: + key: + type: string + operator: + type: string + values: + items: + type: string + type: array + x-kubernetes-list-type: atomic + required: + - key + - operator + type: object + type: array + x-kubernetes-list-type: atomic + type: object + x-kubernetes-map-type: atomic + weight: + format: int32 + type: integer + required: + - preference + - weight + type: object + type: array + x-kubernetes-list-type: atomic + requiredDuringSchedulingIgnoredDuringExecution: + properties: + nodeSelectorTerms: + items: + properties: + matchExpressions: + items: + properties: + key: + type: string + operator: + type: string + values: + items: + type: string + type: array + x-kubernetes-list-type: atomic + required: + - key + - operator + type: object + type: array + x-kubernetes-list-type: atomic + matchFields: + items: + properties: + key: + type: string + operator: + type: string + values: + items: + type: string + type: array + x-kubernetes-list-type: atomic + required: + - key + - operator + type: object + type: array + x-kubernetes-list-type: atomic + type: object + x-kubernetes-map-type: atomic + type: array + x-kubernetes-list-type: atomic + required: + - nodeSelectorTerms + type: object + x-kubernetes-map-type: atomic + type: object + podAffinity: + properties: + preferredDuringSchedulingIgnoredDuringExecution: + items: + properties: + podAffinityTerm: + properties: + labelSelector: + properties: + matchExpressions: + items: + properties: + key: + type: string + operator: + type: string + values: + items: + type: string + type: array + x-kubernetes-list-type: atomic + required: + - key + - operator + type: object + type: array + x-kubernetes-list-type: atomic + matchLabels: + additionalProperties: + type: string + type: object + type: object + x-kubernetes-map-type: atomic + matchLabelKeys: + items: + type: string + type: array + x-kubernetes-list-type: atomic + mismatchLabelKeys: + items: + type: string + type: array + x-kubernetes-list-type: atomic + namespaceSelector: + properties: + matchExpressions: + items: + properties: + key: + type: string + operator: + type: string + values: + items: + type: string + type: array + x-kubernetes-list-type: atomic + required: + - key + - operator + type: object + type: array + x-kubernetes-list-type: atomic + matchLabels: + additionalProperties: + type: string + type: object + type: object + x-kubernetes-map-type: atomic + namespaces: + items: + type: string + type: array + x-kubernetes-list-type: atomic + topologyKey: + type: string + required: + - topologyKey + type: object + weight: + format: int32 + type: integer + required: + - podAffinityTerm + - weight + type: object + type: array + x-kubernetes-list-type: atomic + requiredDuringSchedulingIgnoredDuringExecution: + items: + properties: + labelSelector: + properties: + matchExpressions: + items: + properties: + key: + type: string + operator: + type: string + values: + items: + type: string + type: array + x-kubernetes-list-type: atomic + required: + - key + - operator + type: object + type: array + x-kubernetes-list-type: atomic + matchLabels: + additionalProperties: + type: string + type: object + type: object + x-kubernetes-map-type: atomic + matchLabelKeys: + items: + type: string + type: array + x-kubernetes-list-type: atomic + mismatchLabelKeys: + items: + type: string + type: array + x-kubernetes-list-type: atomic + namespaceSelector: + properties: + matchExpressions: + items: + properties: + key: + type: string + operator: + type: string + values: + items: + type: string + type: array + x-kubernetes-list-type: atomic + required: + - key + - operator + type: object + type: array + x-kubernetes-list-type: atomic + matchLabels: + additionalProperties: + type: string + type: object + type: object + x-kubernetes-map-type: atomic + namespaces: + items: + type: string + type: array + x-kubernetes-list-type: atomic + topologyKey: + type: string + required: + - topologyKey + type: object + type: array + x-kubernetes-list-type: atomic + type: object + podAntiAffinity: + properties: + preferredDuringSchedulingIgnoredDuringExecution: + items: + properties: + podAffinityTerm: + properties: + labelSelector: + properties: + matchExpressions: + items: + properties: + key: + type: string + operator: + type: string + values: + items: + type: string + type: array + x-kubernetes-list-type: atomic + required: + - key + - operator + type: object + type: array + x-kubernetes-list-type: atomic + matchLabels: + additionalProperties: + type: string + type: object + type: object + x-kubernetes-map-type: atomic + matchLabelKeys: + items: + type: string + type: array + x-kubernetes-list-type: atomic + mismatchLabelKeys: + items: + type: string + type: array + x-kubernetes-list-type: atomic + namespaceSelector: + properties: + matchExpressions: + items: + properties: + key: + type: string + operator: + type: string + values: + items: + type: string + type: array + x-kubernetes-list-type: atomic + required: + - key + - operator + type: object + type: array + x-kubernetes-list-type: atomic + matchLabels: + additionalProperties: + type: string + type: object + type: object + x-kubernetes-map-type: atomic + namespaces: + items: + type: string + type: array + x-kubernetes-list-type: atomic + topologyKey: + type: string + required: + - topologyKey + type: object + weight: + format: int32 + type: integer + required: + - podAffinityTerm + - weight + type: object + type: array + x-kubernetes-list-type: atomic + requiredDuringSchedulingIgnoredDuringExecution: + items: + properties: + labelSelector: + properties: + matchExpressions: + items: + properties: + key: + type: string + operator: + type: string + values: + items: + type: string + type: array + x-kubernetes-list-type: atomic + required: + - key + - operator + type: object + type: array + x-kubernetes-list-type: atomic + matchLabels: + additionalProperties: + type: string + type: object + type: object + x-kubernetes-map-type: atomic + matchLabelKeys: + items: + type: string + type: array + x-kubernetes-list-type: atomic + mismatchLabelKeys: + items: + type: string + type: array + x-kubernetes-list-type: atomic + namespaceSelector: + properties: + matchExpressions: + items: + properties: + key: + type: string + operator: + type: string + values: + items: + type: string + type: array + x-kubernetes-list-type: atomic + required: + - key + - operator + type: object + type: array + x-kubernetes-list-type: atomic + matchLabels: + additionalProperties: + type: string + type: object + type: object + x-kubernetes-map-type: atomic + namespaces: + items: + type: string + type: array + x-kubernetes-list-type: atomic + topologyKey: + type: string + required: + - topologyKey + type: object + type: array + x-kubernetes-list-type: atomic + type: object + type: object + automountServiceAccountToken: + type: boolean + containers: + items: + properties: + args: + items: + type: string + type: array + x-kubernetes-list-type: atomic + command: + items: + type: string + type: array + x-kubernetes-list-type: atomic + env: + items: + properties: + name: + type: string + value: + type: string + valueFrom: + properties: + configMapKeyRef: + properties: + key: + type: string + name: + default: "" + type: string + optional: + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + fieldRef: + properties: + apiVersion: + type: string + fieldPath: + type: string + required: + - fieldPath + type: object + x-kubernetes-map-type: atomic + resourceFieldRef: + properties: + containerName: + type: string + divisor: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + resource: + type: string + required: + - resource + type: object + x-kubernetes-map-type: atomic + secretKeyRef: + properties: + key: + type: string + name: + default: "" + type: string + optional: + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + type: object + required: + - name + type: object + type: array + x-kubernetes-list-map-keys: + - name + x-kubernetes-list-type: map + envFrom: + items: + properties: + configMapRef: + properties: + name: + default: "" + type: string + optional: + type: boolean + type: object + x-kubernetes-map-type: atomic + prefix: + type: string + secretRef: + properties: + name: + default: "" + type: string + optional: + type: boolean + type: object + x-kubernetes-map-type: atomic + type: object + type: array + x-kubernetes-list-type: atomic + image: + type: string + imagePullPolicy: + type: string + lifecycle: + properties: + postStart: + properties: + exec: + properties: + command: + items: + type: string + type: array + x-kubernetes-list-type: atomic + type: object + httpGet: + properties: + host: + type: string + httpHeaders: + items: + properties: + name: + type: string + value: + type: string + required: + - name + - value + type: object + type: array + x-kubernetes-list-type: atomic + path: + type: string + port: + anyOf: + - type: integer + - type: string + x-kubernetes-int-or-string: true + scheme: + type: string + required: + - port + type: object + sleep: + properties: + seconds: + format: int64 + type: integer + required: + - seconds + type: object + tcpSocket: + properties: + host: + type: string + port: + anyOf: + - type: integer + - type: string + x-kubernetes-int-or-string: true + required: + - port + type: object + type: object + preStop: + properties: + exec: + properties: + command: + items: + type: string + type: array + x-kubernetes-list-type: atomic + type: object + httpGet: + properties: + host: + type: string + httpHeaders: + items: + properties: + name: + type: string + value: + type: string + required: + - name + - value + type: object + type: array + x-kubernetes-list-type: atomic + path: + type: string + port: + anyOf: + - type: integer + - type: string + x-kubernetes-int-or-string: true + scheme: + type: string + required: + - port + type: object + sleep: + properties: + seconds: + format: int64 + type: integer + required: + - seconds + type: object + tcpSocket: + properties: + host: + type: string + port: + anyOf: + - type: integer + - type: string + x-kubernetes-int-or-string: true + required: + - port + type: object + type: object + stopSignal: + type: string + type: object + livenessProbe: + properties: + exec: + properties: + command: + items: + type: string + type: array + x-kubernetes-list-type: atomic + type: object + failureThreshold: + format: int32 + type: integer + grpc: + properties: + port: + format: int32 + type: integer + service: + default: "" + type: string + required: + - port + type: object + httpGet: + properties: + host: + type: string + httpHeaders: + items: + properties: + name: + type: string + value: + type: string + required: + - name + - value + type: object + type: array + x-kubernetes-list-type: atomic + path: + type: string + port: + anyOf: + - type: integer + - type: string + x-kubernetes-int-or-string: true + scheme: + type: string + required: + - port + type: object + initialDelaySeconds: + format: int32 + type: integer + periodSeconds: + format: int32 + type: integer + successThreshold: + format: int32 + type: integer + tcpSocket: + properties: + host: + type: string + port: + anyOf: + - type: integer + - type: string + x-kubernetes-int-or-string: true + required: + - port + type: object + terminationGracePeriodSeconds: + format: int64 + type: integer + timeoutSeconds: + format: int32 + type: integer + type: object + name: + type: string + ports: + items: + properties: + containerPort: + format: int32 + type: integer + hostIP: + type: string + hostPort: + format: int32 + type: integer + name: + type: string + protocol: + default: TCP + type: string + required: + - containerPort + type: object + type: array + x-kubernetes-list-map-keys: + - containerPort + - protocol + x-kubernetes-list-type: map + readinessProbe: + properties: + exec: + properties: + command: + items: + type: string + type: array + x-kubernetes-list-type: atomic + type: object + failureThreshold: + format: int32 + type: integer + grpc: + properties: + port: + format: int32 + type: integer + service: + default: "" + type: string + required: + - port + type: object + httpGet: + properties: + host: + type: string + httpHeaders: + items: + properties: + name: + type: string + value: + type: string + required: + - name + - value + type: object + type: array + x-kubernetes-list-type: atomic + path: + type: string + port: + anyOf: + - type: integer + - type: string + x-kubernetes-int-or-string: true + scheme: + type: string + required: + - port + type: object + initialDelaySeconds: + format: int32 + type: integer + periodSeconds: + format: int32 + type: integer + successThreshold: + format: int32 + type: integer + tcpSocket: + properties: + host: + type: string + port: + anyOf: + - type: integer + - type: string + x-kubernetes-int-or-string: true + required: + - port + type: object + terminationGracePeriodSeconds: + format: int64 + type: integer + timeoutSeconds: + format: int32 + type: integer + type: object + resizePolicy: + items: + properties: + resourceName: + type: string + restartPolicy: + type: string + required: + - resourceName + - restartPolicy + type: object + type: array + x-kubernetes-list-type: atomic + resources: + properties: + claims: + items: + properties: + name: + type: string + request: + type: string + required: + - name + type: object + type: array + x-kubernetes-list-map-keys: + - name + x-kubernetes-list-type: map + limits: + additionalProperties: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + type: object + requests: + additionalProperties: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + type: object + type: object + restartPolicy: + type: string + securityContext: + properties: + allowPrivilegeEscalation: + type: boolean + appArmorProfile: + properties: + localhostProfile: + type: string + type: + type: string + required: + - type + type: object + capabilities: + properties: + add: + items: + type: string + type: array + x-kubernetes-list-type: atomic + drop: + items: + type: string + type: array + x-kubernetes-list-type: atomic + type: object + privileged: + type: boolean + procMount: + type: string + readOnlyRootFilesystem: + type: boolean + runAsGroup: + format: int64 + type: integer + runAsNonRoot: + type: boolean + runAsUser: + format: int64 + type: integer + seLinuxOptions: + properties: + level: + type: string + role: + type: string + type: + type: string + user: + type: string + type: object + seccompProfile: + properties: + localhostProfile: + type: string + type: + type: string + required: + - type + type: object + windowsOptions: + properties: + gmsaCredentialSpec: + type: string + gmsaCredentialSpecName: + type: string + hostProcess: + type: boolean + runAsUserName: + type: string + type: object + type: object + startupProbe: + properties: + exec: + properties: + command: + items: + type: string + type: array + x-kubernetes-list-type: atomic + type: object + failureThreshold: + format: int32 + type: integer + grpc: + properties: + port: + format: int32 + type: integer + service: + default: "" + type: string + required: + - port + type: object + httpGet: + properties: + host: + type: string + httpHeaders: + items: + properties: + name: + type: string + value: + type: string + required: + - name + - value + type: object + type: array + x-kubernetes-list-type: atomic + path: + type: string + port: + anyOf: + - type: integer + - type: string + x-kubernetes-int-or-string: true + scheme: + type: string + required: + - port + type: object + initialDelaySeconds: + format: int32 + type: integer + periodSeconds: + format: int32 + type: integer + successThreshold: + format: int32 + type: integer + tcpSocket: + properties: + host: + type: string + port: + anyOf: + - type: integer + - type: string + x-kubernetes-int-or-string: true + required: + - port + type: object + terminationGracePeriodSeconds: + format: int64 + type: integer + timeoutSeconds: + format: int32 + type: integer + type: object + stdin: + type: boolean + stdinOnce: + type: boolean + terminationMessagePath: + type: string + terminationMessagePolicy: + type: string + tty: + type: boolean + volumeDevices: + items: + properties: + devicePath: + type: string + name: + type: string + required: + - devicePath + - name + type: object + type: array + x-kubernetes-list-map-keys: + - devicePath + x-kubernetes-list-type: map + volumeMounts: + items: + properties: + mountPath: + type: string + mountPropagation: + type: string + name: + type: string + readOnly: + type: boolean + recursiveReadOnly: + type: string + subPath: + type: string + subPathExpr: + type: string + required: + - mountPath + - name + type: object + type: array + x-kubernetes-list-map-keys: + - mountPath + x-kubernetes-list-type: map + workingDir: + type: string + required: + - name + type: object + type: array + x-kubernetes-list-map-keys: + - name + x-kubernetes-list-type: map + dnsConfig: + properties: + nameservers: + items: + type: string + type: array + x-kubernetes-list-type: atomic + options: + items: + properties: + name: + type: string + value: + type: string + type: object + type: array + x-kubernetes-list-type: atomic + searches: + items: + type: string + type: array + x-kubernetes-list-type: atomic + type: object + dnsPolicy: + type: string + enableServiceLinks: + type: boolean + ephemeralContainers: + items: + properties: + args: + items: + type: string + type: array + x-kubernetes-list-type: atomic + command: + items: + type: string + type: array + x-kubernetes-list-type: atomic + env: + items: + properties: + name: + type: string + value: + type: string + valueFrom: + properties: + configMapKeyRef: + properties: + key: + type: string + name: + default: "" + type: string + optional: + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + fieldRef: + properties: + apiVersion: + type: string + fieldPath: + type: string + required: + - fieldPath + type: object + x-kubernetes-map-type: atomic + resourceFieldRef: + properties: + containerName: + type: string + divisor: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + resource: + type: string + required: + - resource + type: object + x-kubernetes-map-type: atomic + secretKeyRef: + properties: + key: + type: string + name: + default: "" + type: string + optional: + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + type: object + required: + - name + type: object + type: array + x-kubernetes-list-map-keys: + - name + x-kubernetes-list-type: map + envFrom: + items: + properties: + configMapRef: + properties: + name: + default: "" + type: string + optional: + type: boolean + type: object + x-kubernetes-map-type: atomic + prefix: + type: string + secretRef: + properties: + name: + default: "" + type: string + optional: + type: boolean + type: object + x-kubernetes-map-type: atomic + type: object + type: array + x-kubernetes-list-type: atomic + image: + type: string + imagePullPolicy: + type: string + lifecycle: + properties: + postStart: + properties: + exec: + properties: + command: + items: + type: string + type: array + x-kubernetes-list-type: atomic + type: object + httpGet: + properties: + host: + type: string + httpHeaders: + items: + properties: + name: + type: string + value: + type: string + required: + - name + - value + type: object + type: array + x-kubernetes-list-type: atomic + path: + type: string + port: + anyOf: + - type: integer + - type: string + x-kubernetes-int-or-string: true + scheme: + type: string + required: + - port + type: object + sleep: + properties: + seconds: + format: int64 + type: integer + required: + - seconds + type: object + tcpSocket: + properties: + host: + type: string + port: + anyOf: + - type: integer + - type: string + x-kubernetes-int-or-string: true + required: + - port + type: object + type: object + preStop: + properties: + exec: + properties: + command: + items: + type: string + type: array + x-kubernetes-list-type: atomic + type: object + httpGet: + properties: + host: + type: string + httpHeaders: + items: + properties: + name: + type: string + value: + type: string + required: + - name + - value + type: object + type: array + x-kubernetes-list-type: atomic + path: + type: string + port: + anyOf: + - type: integer + - type: string + x-kubernetes-int-or-string: true + scheme: + type: string + required: + - port + type: object + sleep: + properties: + seconds: + format: int64 + type: integer + required: + - seconds + type: object + tcpSocket: + properties: + host: + type: string + port: + anyOf: + - type: integer + - type: string + x-kubernetes-int-or-string: true + required: + - port + type: object + type: object + stopSignal: + type: string + type: object + livenessProbe: + properties: + exec: + properties: + command: + items: + type: string + type: array + x-kubernetes-list-type: atomic + type: object + failureThreshold: + format: int32 + type: integer + grpc: + properties: + port: + format: int32 + type: integer + service: + default: "" + type: string + required: + - port + type: object + httpGet: + properties: + host: + type: string + httpHeaders: + items: + properties: + name: + type: string + value: + type: string + required: + - name + - value + type: object + type: array + x-kubernetes-list-type: atomic + path: + type: string + port: + anyOf: + - type: integer + - type: string + x-kubernetes-int-or-string: true + scheme: + type: string + required: + - port + type: object + initialDelaySeconds: + format: int32 + type: integer + periodSeconds: + format: int32 + type: integer + successThreshold: + format: int32 + type: integer + tcpSocket: + properties: + host: + type: string + port: + anyOf: + - type: integer + - type: string + x-kubernetes-int-or-string: true + required: + - port + type: object + terminationGracePeriodSeconds: + format: int64 + type: integer + timeoutSeconds: + format: int32 + type: integer + type: object + name: + type: string + ports: + items: + properties: + containerPort: + format: int32 + type: integer + hostIP: + type: string + hostPort: + format: int32 + type: integer + name: + type: string + protocol: + default: TCP + type: string + required: + - containerPort + type: object + type: array + x-kubernetes-list-map-keys: + - containerPort + - protocol + x-kubernetes-list-type: map + readinessProbe: + properties: + exec: + properties: + command: + items: + type: string + type: array + x-kubernetes-list-type: atomic + type: object + failureThreshold: + format: int32 + type: integer + grpc: + properties: + port: + format: int32 + type: integer + service: + default: "" + type: string + required: + - port + type: object + httpGet: + properties: + host: + type: string + httpHeaders: + items: + properties: + name: + type: string + value: + type: string + required: + - name + - value + type: object + type: array + x-kubernetes-list-type: atomic + path: + type: string + port: + anyOf: + - type: integer + - type: string + x-kubernetes-int-or-string: true + scheme: + type: string + required: + - port + type: object + initialDelaySeconds: + format: int32 + type: integer + periodSeconds: + format: int32 + type: integer + successThreshold: + format: int32 + type: integer + tcpSocket: + properties: + host: + type: string + port: + anyOf: + - type: integer + - type: string + x-kubernetes-int-or-string: true + required: + - port + type: object + terminationGracePeriodSeconds: + format: int64 + type: integer + timeoutSeconds: + format: int32 + type: integer + type: object + resizePolicy: + items: + properties: + resourceName: + type: string + restartPolicy: + type: string + required: + - resourceName + - restartPolicy + type: object + type: array + x-kubernetes-list-type: atomic + resources: + properties: + claims: + items: + properties: + name: + type: string + request: + type: string + required: + - name + type: object + type: array + x-kubernetes-list-map-keys: + - name + x-kubernetes-list-type: map + limits: + additionalProperties: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + type: object + requests: + additionalProperties: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + type: object + type: object + restartPolicy: + type: string + securityContext: + properties: + allowPrivilegeEscalation: + type: boolean + appArmorProfile: + properties: + localhostProfile: + type: string + type: + type: string + required: + - type + type: object + capabilities: + properties: + add: + items: + type: string + type: array + x-kubernetes-list-type: atomic + drop: + items: + type: string + type: array + x-kubernetes-list-type: atomic + type: object + privileged: + type: boolean + procMount: + type: string + readOnlyRootFilesystem: + type: boolean + runAsGroup: + format: int64 + type: integer + runAsNonRoot: + type: boolean + runAsUser: + format: int64 + type: integer + seLinuxOptions: + properties: + level: + type: string + role: + type: string + type: + type: string + user: + type: string + type: object + seccompProfile: + properties: + localhostProfile: + type: string + type: + type: string + required: + - type + type: object + windowsOptions: + properties: + gmsaCredentialSpec: + type: string + gmsaCredentialSpecName: + type: string + hostProcess: + type: boolean + runAsUserName: + type: string + type: object + type: object + startupProbe: + properties: + exec: + properties: + command: + items: + type: string + type: array + x-kubernetes-list-type: atomic + type: object + failureThreshold: + format: int32 + type: integer + grpc: + properties: + port: + format: int32 + type: integer + service: + default: "" + type: string + required: + - port + type: object + httpGet: + properties: + host: + type: string + httpHeaders: + items: + properties: + name: + type: string + value: + type: string + required: + - name + - value + type: object + type: array + x-kubernetes-list-type: atomic + path: + type: string + port: + anyOf: + - type: integer + - type: string + x-kubernetes-int-or-string: true + scheme: + type: string + required: + - port + type: object + initialDelaySeconds: + format: int32 + type: integer + periodSeconds: + format: int32 + type: integer + successThreshold: + format: int32 + type: integer + tcpSocket: + properties: + host: + type: string + port: + anyOf: + - type: integer + - type: string + x-kubernetes-int-or-string: true + required: + - port + type: object + terminationGracePeriodSeconds: + format: int64 + type: integer + timeoutSeconds: + format: int32 + type: integer + type: object + stdin: + type: boolean + stdinOnce: + type: boolean + targetContainerName: + type: string + terminationMessagePath: + type: string + terminationMessagePolicy: + type: string + tty: + type: boolean + volumeDevices: + items: + properties: + devicePath: + type: string + name: + type: string + required: + - devicePath + - name + type: object + type: array + x-kubernetes-list-map-keys: + - devicePath + x-kubernetes-list-type: map + volumeMounts: + items: + properties: + mountPath: + type: string + mountPropagation: + type: string + name: + type: string + readOnly: + type: boolean + recursiveReadOnly: + type: string + subPath: + type: string + subPathExpr: + type: string + required: + - mountPath + - name + type: object + type: array + x-kubernetes-list-map-keys: + - mountPath + x-kubernetes-list-type: map + workingDir: + type: string + required: + - name + type: object + type: array + x-kubernetes-list-map-keys: + - name + x-kubernetes-list-type: map + hostAliases: + items: + properties: + hostnames: + items: + type: string + type: array + x-kubernetes-list-type: atomic + ip: + type: string + required: + - ip + type: object + type: array + x-kubernetes-list-map-keys: + - ip + x-kubernetes-list-type: map + hostIPC: + type: boolean + hostNetwork: + type: boolean + hostPID: + type: boolean + hostUsers: + type: boolean + hostname: + type: string + imagePullSecrets: + items: + properties: + name: + default: "" + type: string + type: object + x-kubernetes-map-type: atomic + type: array + x-kubernetes-list-map-keys: + - name + x-kubernetes-list-type: map + initContainers: + items: + properties: + args: + items: + type: string + type: array + x-kubernetes-list-type: atomic + command: + items: + type: string + type: array + x-kubernetes-list-type: atomic + env: + items: + properties: + name: + type: string + value: + type: string + valueFrom: + properties: + configMapKeyRef: + properties: + key: + type: string + name: + default: "" + type: string + optional: + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + fieldRef: + properties: + apiVersion: + type: string + fieldPath: + type: string + required: + - fieldPath + type: object + x-kubernetes-map-type: atomic + resourceFieldRef: + properties: + containerName: + type: string + divisor: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + resource: + type: string + required: + - resource + type: object + x-kubernetes-map-type: atomic + secretKeyRef: + properties: + key: + type: string + name: + default: "" + type: string + optional: + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + type: object + required: + - name + type: object + type: array + x-kubernetes-list-map-keys: + - name + x-kubernetes-list-type: map + envFrom: + items: + properties: + configMapRef: + properties: + name: + default: "" + type: string + optional: + type: boolean + type: object + x-kubernetes-map-type: atomic + prefix: + type: string + secretRef: + properties: + name: + default: "" + type: string + optional: + type: boolean + type: object + x-kubernetes-map-type: atomic + type: object + type: array + x-kubernetes-list-type: atomic + image: + type: string + imagePullPolicy: + type: string + lifecycle: + properties: + postStart: + properties: + exec: + properties: + command: + items: + type: string + type: array + x-kubernetes-list-type: atomic + type: object + httpGet: + properties: + host: + type: string + httpHeaders: + items: + properties: + name: + type: string + value: + type: string + required: + - name + - value + type: object + type: array + x-kubernetes-list-type: atomic + path: + type: string + port: + anyOf: + - type: integer + - type: string + x-kubernetes-int-or-string: true + scheme: + type: string + required: + - port + type: object + sleep: + properties: + seconds: + format: int64 + type: integer + required: + - seconds + type: object + tcpSocket: + properties: + host: + type: string + port: + anyOf: + - type: integer + - type: string + x-kubernetes-int-or-string: true + required: + - port + type: object + type: object + preStop: + properties: + exec: + properties: + command: + items: + type: string + type: array + x-kubernetes-list-type: atomic + type: object + httpGet: + properties: + host: + type: string + httpHeaders: + items: + properties: + name: + type: string + value: + type: string + required: + - name + - value + type: object + type: array + x-kubernetes-list-type: atomic + path: + type: string + port: + anyOf: + - type: integer + - type: string + x-kubernetes-int-or-string: true + scheme: + type: string + required: + - port + type: object + sleep: + properties: + seconds: + format: int64 + type: integer + required: + - seconds + type: object + tcpSocket: + properties: + host: + type: string + port: + anyOf: + - type: integer + - type: string + x-kubernetes-int-or-string: true + required: + - port + type: object + type: object + stopSignal: + type: string + type: object + livenessProbe: + properties: + exec: + properties: + command: + items: + type: string + type: array + x-kubernetes-list-type: atomic + type: object + failureThreshold: + format: int32 + type: integer + grpc: + properties: + port: + format: int32 + type: integer + service: + default: "" + type: string + required: + - port + type: object + httpGet: + properties: + host: + type: string + httpHeaders: + items: + properties: + name: + type: string + value: + type: string + required: + - name + - value + type: object + type: array + x-kubernetes-list-type: atomic + path: + type: string + port: + anyOf: + - type: integer + - type: string + x-kubernetes-int-or-string: true + scheme: + type: string + required: + - port + type: object + initialDelaySeconds: + format: int32 + type: integer + periodSeconds: + format: int32 + type: integer + successThreshold: + format: int32 + type: integer + tcpSocket: + properties: + host: + type: string + port: + anyOf: + - type: integer + - type: string + x-kubernetes-int-or-string: true + required: + - port + type: object + terminationGracePeriodSeconds: + format: int64 + type: integer + timeoutSeconds: + format: int32 + type: integer + type: object + name: + type: string + ports: + items: + properties: + containerPort: + format: int32 + type: integer + hostIP: + type: string + hostPort: + format: int32 + type: integer + name: + type: string + protocol: + default: TCP + type: string + required: + - containerPort + type: object + type: array + x-kubernetes-list-map-keys: + - containerPort + - protocol + x-kubernetes-list-type: map + readinessProbe: + properties: + exec: + properties: + command: + items: + type: string + type: array + x-kubernetes-list-type: atomic + type: object + failureThreshold: + format: int32 + type: integer + grpc: + properties: + port: + format: int32 + type: integer + service: + default: "" + type: string + required: + - port + type: object + httpGet: + properties: + host: + type: string + httpHeaders: + items: + properties: + name: + type: string + value: + type: string + required: + - name + - value + type: object + type: array + x-kubernetes-list-type: atomic + path: + type: string + port: + anyOf: + - type: integer + - type: string + x-kubernetes-int-or-string: true + scheme: + type: string + required: + - port + type: object + initialDelaySeconds: + format: int32 + type: integer + periodSeconds: + format: int32 + type: integer + successThreshold: + format: int32 + type: integer + tcpSocket: + properties: + host: + type: string + port: + anyOf: + - type: integer + - type: string + x-kubernetes-int-or-string: true + required: + - port + type: object + terminationGracePeriodSeconds: + format: int64 + type: integer + timeoutSeconds: + format: int32 + type: integer + type: object + resizePolicy: + items: + properties: + resourceName: + type: string + restartPolicy: + type: string + required: + - resourceName + - restartPolicy + type: object + type: array + x-kubernetes-list-type: atomic + resources: + properties: + claims: + items: + properties: + name: + type: string + request: + type: string + required: + - name + type: object + type: array + x-kubernetes-list-map-keys: + - name + x-kubernetes-list-type: map + limits: + additionalProperties: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + type: object + requests: + additionalProperties: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + type: object + type: object + restartPolicy: + type: string + securityContext: + properties: + allowPrivilegeEscalation: + type: boolean + appArmorProfile: + properties: + localhostProfile: + type: string + type: + type: string + required: + - type + type: object + capabilities: + properties: + add: + items: + type: string + type: array + x-kubernetes-list-type: atomic + drop: + items: + type: string + type: array + x-kubernetes-list-type: atomic + type: object + privileged: + type: boolean + procMount: + type: string + readOnlyRootFilesystem: + type: boolean + runAsGroup: + format: int64 + type: integer + runAsNonRoot: + type: boolean + runAsUser: + format: int64 + type: integer + seLinuxOptions: + properties: + level: + type: string + role: + type: string + type: + type: string + user: + type: string + type: object + seccompProfile: + properties: + localhostProfile: + type: string + type: + type: string + required: + - type + type: object + windowsOptions: + properties: + gmsaCredentialSpec: + type: string + gmsaCredentialSpecName: + type: string + hostProcess: + type: boolean + runAsUserName: + type: string + type: object + type: object + startupProbe: + properties: + exec: + properties: + command: + items: + type: string + type: array + x-kubernetes-list-type: atomic + type: object + failureThreshold: + format: int32 + type: integer + grpc: + properties: + port: + format: int32 + type: integer + service: + default: "" + type: string + required: + - port + type: object + httpGet: + properties: + host: + type: string + httpHeaders: + items: + properties: + name: + type: string + value: + type: string + required: + - name + - value + type: object + type: array + x-kubernetes-list-type: atomic + path: + type: string + port: + anyOf: + - type: integer + - type: string + x-kubernetes-int-or-string: true + scheme: + type: string + required: + - port + type: object + initialDelaySeconds: + format: int32 + type: integer + periodSeconds: + format: int32 + type: integer + successThreshold: + format: int32 + type: integer + tcpSocket: + properties: + host: + type: string + port: + anyOf: + - type: integer + - type: string + x-kubernetes-int-or-string: true + required: + - port + type: object + terminationGracePeriodSeconds: + format: int64 + type: integer + timeoutSeconds: + format: int32 + type: integer + type: object + stdin: + type: boolean + stdinOnce: + type: boolean + terminationMessagePath: + type: string + terminationMessagePolicy: + type: string + tty: + type: boolean + volumeDevices: + items: + properties: + devicePath: + type: string + name: + type: string + required: + - devicePath + - name + type: object + type: array + x-kubernetes-list-map-keys: + - devicePath + x-kubernetes-list-type: map + volumeMounts: + items: + properties: + mountPath: + type: string + mountPropagation: + type: string + name: + type: string + readOnly: + type: boolean + recursiveReadOnly: + type: string + subPath: + type: string + subPathExpr: + type: string + required: + - mountPath + - name + type: object + type: array + x-kubernetes-list-map-keys: + - mountPath + x-kubernetes-list-type: map + workingDir: + type: string + required: + - name + type: object + type: array + x-kubernetes-list-map-keys: + - name + x-kubernetes-list-type: map + nodeName: + type: string + nodeSelector: + additionalProperties: + type: string + type: object + x-kubernetes-map-type: atomic + os: + properties: + name: + type: string + required: + - name + type: object + overhead: + additionalProperties: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + type: object + preemptionPolicy: + type: string + priority: + format: int32 + type: integer + priorityClassName: + type: string + readinessGates: + items: + properties: + conditionType: + type: string + required: + - conditionType + type: object + type: array + x-kubernetes-list-type: atomic + resourceClaims: + items: + properties: + name: + type: string + resourceClaimName: + type: string + resourceClaimTemplateName: + type: string + required: + - name + type: object + type: array + x-kubernetes-list-map-keys: + - name + x-kubernetes-list-type: map + resources: + properties: + claims: + items: + properties: + name: + type: string + request: + type: string + required: + - name + type: object + type: array + x-kubernetes-list-map-keys: + - name + x-kubernetes-list-type: map + limits: + additionalProperties: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + type: object + requests: + additionalProperties: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + type: object + type: object + restartPolicy: + type: string + runtimeClassName: + type: string + schedulerName: + type: string + schedulingGates: + items: + properties: + name: + type: string + required: + - name + type: object + type: array + x-kubernetes-list-map-keys: + - name + x-kubernetes-list-type: map + securityContext: + properties: + appArmorProfile: + properties: + localhostProfile: + type: string + type: + type: string + required: + - type + type: object + fsGroup: + format: int64 + type: integer + fsGroupChangePolicy: + type: string + runAsGroup: + format: int64 + type: integer + runAsNonRoot: + type: boolean + runAsUser: + format: int64 + type: integer + seLinuxChangePolicy: + type: string + seLinuxOptions: + properties: + level: + type: string + role: + type: string + type: + type: string + user: + type: string + type: object + seccompProfile: + properties: + localhostProfile: + type: string + type: + type: string + required: + - type + type: object + supplementalGroups: + items: + format: int64 + type: integer + type: array + x-kubernetes-list-type: atomic + supplementalGroupsPolicy: + type: string + sysctls: + items: + properties: + name: + type: string + value: + type: string + required: + - name + - value + type: object + type: array + x-kubernetes-list-type: atomic + windowsOptions: + properties: + gmsaCredentialSpec: + type: string + gmsaCredentialSpecName: + type: string + hostProcess: + type: boolean + runAsUserName: + type: string + type: object + type: object + serviceAccount: + type: string + serviceAccountName: + type: string + setHostnameAsFQDN: + type: boolean + shareProcessNamespace: + type: boolean + subdomain: + type: string + terminationGracePeriodSeconds: + format: int64 + type: integer + tolerations: + items: + properties: + effect: + type: string + key: + type: string + operator: + type: string + tolerationSeconds: + format: int64 + type: integer + value: + type: string + type: object + type: array + x-kubernetes-list-type: atomic + topologySpreadConstraints: + items: + properties: + labelSelector: + properties: + matchExpressions: + items: + properties: + key: + type: string + operator: + type: string + values: + items: + type: string + type: array + x-kubernetes-list-type: atomic + required: + - key + - operator + type: object + type: array + x-kubernetes-list-type: atomic + matchLabels: + additionalProperties: + type: string + type: object + type: object + x-kubernetes-map-type: atomic + matchLabelKeys: + items: + type: string + type: array + x-kubernetes-list-type: atomic + maxSkew: + format: int32 + type: integer + minDomains: + format: int32 + type: integer + nodeAffinityPolicy: + type: string + nodeTaintsPolicy: + type: string + topologyKey: + type: string + whenUnsatisfiable: + type: string + required: + - maxSkew + - topologyKey + - whenUnsatisfiable + type: object + type: array + x-kubernetes-list-map-keys: + - topologyKey + - whenUnsatisfiable + x-kubernetes-list-type: map + volumes: + items: + properties: + awsElasticBlockStore: + properties: + fsType: + type: string + partition: + format: int32 + type: integer + readOnly: + type: boolean + volumeID: + type: string + required: + - volumeID + type: object + azureDisk: + properties: + cachingMode: + type: string + diskName: + type: string + diskURI: + type: string + fsType: + default: ext4 + type: string + kind: + type: string + readOnly: + default: false + type: boolean + required: + - diskName + - diskURI + type: object + azureFile: + properties: + readOnly: + type: boolean + secretName: + type: string + shareName: + type: string + required: + - secretName + - shareName + type: object + cephfs: + properties: + monitors: + items: + type: string + type: array + x-kubernetes-list-type: atomic + path: + type: string + readOnly: + type: boolean + secretFile: + type: string + secretRef: + properties: + name: + default: "" + type: string + type: object + x-kubernetes-map-type: atomic + user: + type: string + required: + - monitors + type: object + cinder: + properties: + fsType: + type: string + readOnly: + type: boolean + secretRef: + properties: + name: + default: "" + type: string + type: object + x-kubernetes-map-type: atomic + volumeID: + type: string + required: + - volumeID + type: object + configMap: + properties: + defaultMode: + format: int32 + type: integer + items: + items: + properties: + key: + type: string + mode: + format: int32 + type: integer + path: + type: string + required: + - key + - path + type: object + type: array + x-kubernetes-list-type: atomic + name: + default: "" + type: string + optional: + type: boolean + type: object + x-kubernetes-map-type: atomic + csi: + properties: + driver: + type: string + fsType: + type: string + nodePublishSecretRef: + properties: + name: + default: "" + type: string + type: object + x-kubernetes-map-type: atomic + readOnly: + type: boolean + volumeAttributes: + additionalProperties: + type: string + type: object + required: + - driver + type: object + downwardAPI: + properties: + defaultMode: + format: int32 + type: integer + items: + items: + properties: + fieldRef: + properties: + apiVersion: + type: string + fieldPath: + type: string + required: + - fieldPath + type: object + x-kubernetes-map-type: atomic + mode: + format: int32 + type: integer + path: + type: string + resourceFieldRef: + properties: + containerName: + type: string + divisor: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + resource: + type: string + required: + - resource + type: object + x-kubernetes-map-type: atomic + required: + - path + type: object + type: array + x-kubernetes-list-type: atomic + type: object + emptyDir: + properties: + medium: + type: string + sizeLimit: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + type: object + ephemeral: + properties: + volumeClaimTemplate: + properties: + metadata: + properties: + annotations: + additionalProperties: + type: string + type: object + finalizers: + items: + type: string + type: array + labels: + additionalProperties: + type: string + type: object + name: + type: string + namespace: + type: string + type: object + spec: + properties: + accessModes: + items: + type: string + type: array + x-kubernetes-list-type: atomic + dataSource: + properties: + apiGroup: + type: string + kind: + type: string + name: + type: string + required: + - kind + - name + type: object + x-kubernetes-map-type: atomic + dataSourceRef: + properties: + apiGroup: + type: string + kind: + type: string + name: + type: string + namespace: + type: string + required: + - kind + - name + type: object + resources: + properties: + limits: + additionalProperties: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + type: object + requests: + additionalProperties: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + type: object + type: object + selector: + properties: + matchExpressions: + items: + properties: + key: + type: string + operator: + type: string + values: + items: + type: string + type: array + x-kubernetes-list-type: atomic + required: + - key + - operator + type: object + type: array + x-kubernetes-list-type: atomic + matchLabels: + additionalProperties: + type: string + type: object + type: object + x-kubernetes-map-type: atomic + storageClassName: + type: string + volumeAttributesClassName: + type: string + volumeMode: + type: string + volumeName: + type: string + type: object + required: + - spec + type: object + type: object + fc: + properties: + fsType: + type: string + lun: + format: int32 + type: integer + readOnly: + type: boolean + targetWWNs: + items: + type: string + type: array + x-kubernetes-list-type: atomic + wwids: + items: + type: string + type: array + x-kubernetes-list-type: atomic + type: object + flexVolume: + properties: + driver: + type: string + fsType: + type: string + options: + additionalProperties: + type: string + type: object + readOnly: + type: boolean + secretRef: + properties: + name: + default: "" + type: string + type: object + x-kubernetes-map-type: atomic + required: + - driver + type: object + flocker: + properties: + datasetName: + type: string + datasetUUID: + type: string + type: object + gcePersistentDisk: + properties: + fsType: + type: string + partition: + format: int32 + type: integer + pdName: + type: string + readOnly: + type: boolean + required: + - pdName + type: object + gitRepo: + properties: + directory: + type: string + repository: + type: string + revision: + type: string + required: + - repository + type: object + glusterfs: + properties: + endpoints: + type: string + path: + type: string + readOnly: + type: boolean + required: + - endpoints + - path + type: object + hostPath: + properties: + path: + type: string + type: + type: string + required: + - path + type: object + image: + properties: + pullPolicy: + type: string + reference: + type: string + type: object + iscsi: + properties: + chapAuthDiscovery: + type: boolean + chapAuthSession: + type: boolean + fsType: + type: string + initiatorName: + type: string + iqn: + type: string + iscsiInterface: + default: default + type: string + lun: + format: int32 + type: integer + portals: + items: + type: string + type: array + x-kubernetes-list-type: atomic + readOnly: + type: boolean + secretRef: + properties: + name: + default: "" + type: string + type: object + x-kubernetes-map-type: atomic + targetPortal: + type: string + required: + - iqn + - lun + - targetPortal + type: object + name: + type: string + nfs: + properties: + path: + type: string + readOnly: + type: boolean + server: + type: string + required: + - path + - server + type: object + persistentVolumeClaim: + properties: + claimName: + type: string + readOnly: + type: boolean + required: + - claimName + type: object + photonPersistentDisk: + properties: + fsType: + type: string + pdID: + type: string + required: + - pdID + type: object + portworxVolume: + properties: + fsType: + type: string + readOnly: + type: boolean + volumeID: + type: string + required: + - volumeID + type: object + projected: + properties: + defaultMode: + format: int32 + type: integer + sources: + items: + properties: + clusterTrustBundle: + properties: + labelSelector: + properties: + matchExpressions: + items: + properties: + key: + type: string + operator: + type: string + values: + items: + type: string + type: array + x-kubernetes-list-type: atomic + required: + - key + - operator + type: object + type: array + x-kubernetes-list-type: atomic + matchLabels: + additionalProperties: + type: string + type: object + type: object + x-kubernetes-map-type: atomic + name: + type: string + optional: + type: boolean + path: + type: string + signerName: + type: string + required: + - path + type: object + configMap: + properties: + items: + items: + properties: + key: + type: string + mode: + format: int32 + type: integer + path: + type: string + required: + - key + - path + type: object + type: array + x-kubernetes-list-type: atomic + name: + default: "" + type: string + optional: + type: boolean + type: object + x-kubernetes-map-type: atomic + downwardAPI: + properties: + items: + items: + properties: + fieldRef: + properties: + apiVersion: + type: string + fieldPath: + type: string + required: + - fieldPath + type: object + x-kubernetes-map-type: atomic + mode: + format: int32 + type: integer + path: + type: string + resourceFieldRef: + properties: + containerName: + type: string + divisor: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + resource: + type: string + required: + - resource + type: object + x-kubernetes-map-type: atomic + required: + - path + type: object + type: array + x-kubernetes-list-type: atomic + type: object + secret: + properties: + items: + items: + properties: + key: + type: string + mode: + format: int32 + type: integer + path: + type: string + required: + - key + - path + type: object + type: array + x-kubernetes-list-type: atomic + name: + default: "" + type: string + optional: + type: boolean + type: object + x-kubernetes-map-type: atomic + serviceAccountToken: + properties: + audience: + type: string + expirationSeconds: + format: int64 + type: integer + path: + type: string + required: + - path + type: object + type: object + type: array + x-kubernetes-list-type: atomic + type: object + quobyte: + properties: + group: + type: string + readOnly: + type: boolean + registry: + type: string + tenant: + type: string + user: + type: string + volume: + type: string + required: + - registry + - volume + type: object + rbd: + properties: + fsType: + type: string + image: + type: string + keyring: + default: /etc/ceph/keyring + type: string + monitors: + items: + type: string + type: array + x-kubernetes-list-type: atomic + pool: + default: rbd + type: string + readOnly: + type: boolean + secretRef: + properties: + name: + default: "" + type: string + type: object + x-kubernetes-map-type: atomic + user: + default: admin + type: string + required: + - image + - monitors + type: object + scaleIO: + properties: + fsType: + default: xfs + type: string + gateway: + type: string + protectionDomain: + type: string + readOnly: + type: boolean + secretRef: + properties: + name: + default: "" + type: string + type: object + x-kubernetes-map-type: atomic + sslEnabled: + type: boolean + storageMode: + default: ThinProvisioned + type: string + storagePool: + type: string + system: + type: string + volumeName: + type: string + required: + - gateway + - secretRef + - system + type: object + secret: + properties: + defaultMode: + format: int32 + type: integer + items: + items: + properties: + key: + type: string + mode: + format: int32 + type: integer + path: + type: string + required: + - key + - path + type: object + type: array + x-kubernetes-list-type: atomic + optional: + type: boolean + secretName: + type: string + type: object + storageos: + properties: + fsType: + type: string + readOnly: + type: boolean + secretRef: + properties: + name: + default: "" + type: string + type: object + x-kubernetes-map-type: atomic + volumeName: + type: string + volumeNamespace: + type: string + type: object + vsphereVolume: + properties: + fsType: + type: string + storagePolicyID: + type: string + storagePolicyName: + type: string + volumePath: + type: string + required: + - volumePath + type: object + required: + - name + type: object + type: array + x-kubernetes-list-map-keys: + - name + x-kubernetes-list-type: map + required: + - containers + type: object + type: object + volumeClaimTemplate: + properties: + apiVersion: + type: string + kind: + type: string + metadata: + properties: + annotations: + additionalProperties: + type: string + type: object + finalizers: + items: + type: string + type: array + labels: + additionalProperties: + type: string + type: object + name: + type: string + namespace: + type: string + type: object + spec: + properties: + accessModes: + items: + type: string + type: array + x-kubernetes-list-type: atomic + dataSource: + properties: + apiGroup: + type: string + kind: + type: string + name: + type: string + required: + - kind + - name + type: object + x-kubernetes-map-type: atomic + dataSourceRef: + properties: + apiGroup: + type: string + kind: + type: string + name: + type: string + namespace: + type: string + required: + - kind + - name + type: object + resources: + properties: + limits: + additionalProperties: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + type: object + requests: + additionalProperties: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + type: object + type: object + selector: + properties: + matchExpressions: + items: + properties: + key: + type: string + operator: + type: string + values: + items: + type: string + type: array + x-kubernetes-list-type: atomic + required: + - key + - operator + type: object + type: array + x-kubernetes-list-type: atomic + matchLabels: + additionalProperties: + type: string + type: object + type: object + x-kubernetes-map-type: atomic + storageClassName: + type: string + volumeAttributesClassName: + type: string + volumeMode: + type: string + volumeName: + type: string + type: object + status: + properties: + accessModes: + items: + type: string + type: array + x-kubernetes-list-type: atomic + allocatedResourceStatuses: + additionalProperties: + type: string + type: object + x-kubernetes-map-type: granular + allocatedResources: + additionalProperties: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + type: object + capacity: + additionalProperties: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + type: object + conditions: + items: + properties: + lastProbeTime: + format: date-time + type: string + lastTransitionTime: + format: date-time + type: string + message: + type: string + reason: + type: string + status: + type: string + type: + type: string + required: + - status + - type + type: object + type: array + x-kubernetes-list-map-keys: + - type + x-kubernetes-list-type: map + currentVolumeAttributesClassName: + type: string + modifyVolumeStatus: + properties: + status: + type: string + targetVolumeAttributesClassName: + type: string + required: + - status + type: object + phase: + type: string + type: object + type: object + type: object + type: object + replaceInstancesWhenResourcesChange: + default: false + type: boolean + routing: + properties: + defineDNSLocalityFields: + type: boolean + dnsDomain: + maxLength: 253 + minLength: 1 + type: string + headlessService: + type: boolean + podIPFamily: + type: integer + publicIPSource: + type: string + useDNSInClusterFile: + type: boolean + type: object + seedConnectionString: + type: string + sidecarContainer: + properties: + enableLivenessProbe: + type: boolean + enableReadinessProbe: + type: boolean + enableTls: + type: boolean + imageConfigs: + items: + properties: + baseImage: + maxLength: 200 + type: string + tag: + maxLength: 100 + type: string + tagSuffix: + maxLength: 50 + type: string + version: + maxLength: 20 + type: string + type: object + maxItems: 100 + type: array + peerVerificationRules: + maxLength: 10000 + type: string + type: object + sidecarVariables: + items: + type: string + type: array + skip: + default: false + type: boolean + storageServersPerPod: + type: integer + trustedCAs: + items: + type: string + type: array + useExplicitListenAddress: + type: boolean + version: + pattern: (\d+)\.(\d+)\.(\d+) + type: string + required: + - version + type: object + status: + properties: + configured: + type: boolean + connectionString: + type: string + databaseConfiguration: + properties: + commit_proxies: + type: integer + excluded_servers: + items: + properties: + address: + maxLength: 48 + type: string + locality: + maxLength: 200 + type: string + type: object + maxItems: 1024 + type: array + grv_proxies: + type: integer + log_routers: + type: integer + log_spill: + type: integer + log_version: + type: integer + logs: + type: integer + perpetual_storage_wiggle: + type: integer + perpetual_storage_wiggle_engine: + enum: + - "" + - ssd + - ssd-1 + - ssd-2 + - memory + - memory-1 + - memory-2 + - ssd-redwood-1-experimental + - ssd-redwood-1 + - ssd-rocksdb-experimental + - ssd-rocksdb-v1 + - ssd-sharded-rocksdb + - memory-radixtree-beta + - custom + - none + maxLength: 100 + type: string + perpetual_storage_wiggle_locality: + type: string + proxies: + type: integer + redundancy_mode: + enum: + - single + - double + - triple + - three_data_hall + maxLength: 100 + type: string + regions: + items: + properties: + datacenters: + items: + properties: + id: + type: string + priority: + type: integer + satellite: + maximum: 1 + minimum: 0 + type: integer + type: object + type: array + satellite_logs: + type: integer + satellite_redundancy_mode: + maxLength: 100 + type: string + type: object + type: array + remote_logs: + type: integer + resolvers: + type: integer + storage: + type: integer + storage_engine: + default: ssd-2 + enum: + - ssd + - ssd-1 + - ssd-2 + - memory + - memory-1 + - memory-2 + - ssd-redwood-1-experimental + - ssd-redwood-1 + - ssd-rocksdb-experimental + - ssd-rocksdb-v1 + - ssd-sharded-rocksdb + - memory-radixtree-beta + - custom + maxLength: 100 + type: string + storage_migration_type: + enum: + - "" + - disabled + - aggressive + - gradual + maxLength: 100 + type: string + usable_regions: + type: integer + type: object + desiredProcessGroups: + type: integer + generations: + properties: + hasExtraListeners: + format: int64 + type: integer + hasPendingRemoval: + format: int64 + type: integer + hasUnhealthyProcess: + format: int64 + type: integer + missingDatabaseStatus: + format: int64 + type: integer + needsBounce: + format: int64 + type: integer + needsConfigurationChange: + format: int64 + type: integer + needsCoordinatorChange: + format: int64 + type: integer + needsGrow: + format: int64 + type: integer + needsLockConfigurationChanges: + format: int64 + type: integer + needsMonitorConfUpdate: + format: int64 + type: integer + needsPodDeletion: + format: int64 + type: integer + needsServiceUpdate: + format: int64 + type: integer + needsShrink: + format: int64 + type: integer + reconciled: + format: int64 + type: integer + type: object + hasIncorrectConfigMap: + type: boolean + hasIncorrectServiceConfig: + type: boolean + hasListenIPsForAllPods: + type: boolean + health: + properties: + available: + type: boolean + dataMovementPriority: + type: integer + fullReplication: + type: boolean + healthy: + type: boolean + type: object + imageTypes: + items: + maxLength: 1024 + type: string + maxItems: 10 + type: array + locks: + properties: + lockDenyList: + items: + type: string + type: array + type: object + logServersPerDisk: + items: + type: integer + maxItems: 5 + type: array + maintenanceModeInfo: + properties: + processGroups: + items: + type: string + maxItems: 200 + type: array + startTimestamp: + format: date-time + type: string + zoneID: + maxLength: 512 + type: string + type: object + needsNewCoordinators: + type: boolean + processGroups: + items: + properties: + addresses: + items: + type: string + type: array + exclusionSkipped: + type: boolean + exclusionTimestamp: + format: date-time + type: string + faultDomain: + maxLength: 512 + type: string + processClass: + type: string + processGroupConditions: + items: + properties: + timestamp: + format: int64 + type: integer + type: + type: string + type: object + type: array + processGroupID: + maxLength: 63 + pattern: ^(([\w-]+)-(\d+)|\*)$ + type: string + removalTimestamp: + format: date-time + type: string + type: object + type: array + reconciledProcessGroups: + type: integer + requiredAddresses: + properties: + nonTLS: + type: boolean + tls: + type: boolean + type: object + runningVersion: + type: string + storageServersPerDisk: + items: + type: integer + maxItems: 5 + type: array + type: object + type: object + served: true + storage: true + subresources: + status: {} diff --git a/packages/system/foundationdb-operator/charts/fdb-operator/crds/apps.foundationdb.org_foundationdbrestores.yaml b/packages/system/foundationdb-operator/charts/fdb-operator/crds/apps.foundationdb.org_foundationdbrestores.yaml new file mode 100644 index 00000000..2f02fb0f --- /dev/null +++ b/packages/system/foundationdb-operator/charts/fdb-operator/crds/apps.foundationdb.org_foundationdbrestores.yaml @@ -0,0 +1,100 @@ +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + controller-gen.kubebuilder.io/version: v0.18.0 + foundationdb.org/release: v2.13.0 + name: foundationdbrestores.apps.foundationdb.org +spec: + group: apps.foundationdb.org + names: + kind: FoundationDBRestore + listKind: FoundationDBRestoreList + plural: foundationdbrestores + shortNames: + - fdbrestore + singular: foundationdbrestore + scope: Namespaced + versions: + - additionalPrinterColumns: + - jsonPath: .metadata.creationTimestamp + name: Age + type: date + - jsonPath: .status.state + name: State + type: string + name: v1beta2 + schema: + openAPIV3Schema: + properties: + apiVersion: + type: string + kind: + type: string + metadata: + type: object + spec: + properties: + blobStoreConfiguration: + properties: + accountName: + maxLength: 100 + type: string + backupName: + maxLength: 1024 + type: string + bucket: + maxLength: 63 + minLength: 3 + type: string + urlParameters: + items: + maxLength: 1024 + type: string + maxItems: 100 + type: array + required: + - accountName + type: object + customParameters: + items: + maxLength: 100 + type: string + maxItems: 100 + type: array + destinationClusterName: + type: string + encryptionKeyPath: + maxLength: 4096 + type: string + keyRanges: + items: + properties: + end: + pattern: ^[A-Za-z0-9\/\\-]+$ + type: string + start: + pattern: ^[A-Za-z0-9\/\\-]+$ + type: string + required: + - end + - start + type: object + type: array + required: + - destinationClusterName + type: object + status: + properties: + running: + type: boolean + state: + maxLength: 50 + type: string + type: object + type: object + served: true + storage: true + subresources: + status: {} diff --git a/packages/system/foundationdb-operator/charts/fdb-operator/templates/NOTES.txt b/packages/system/foundationdb-operator/charts/fdb-operator/templates/NOTES.txt new file mode 100644 index 00000000..ae0e2e2c --- /dev/null +++ b/packages/system/foundationdb-operator/charts/fdb-operator/templates/NOTES.txt @@ -0,0 +1,6 @@ +FoundationDB operator has been installed successfully. + +To see the logs of the operator you can use below command +kubectl logs deployment/{{ include "fdb-operator.fullname" . }} -n {{ .Release.Namespace }} -f + +Thanks for trying out FoundationDB helm chart. diff --git a/packages/system/foundationdb-operator/charts/fdb-operator/templates/_helpers.tpl b/packages/system/foundationdb-operator/charts/fdb-operator/templates/_helpers.tpl new file mode 100644 index 00000000..5d9d5e12 --- /dev/null +++ b/packages/system/foundationdb-operator/charts/fdb-operator/templates/_helpers.tpl @@ -0,0 +1,60 @@ +{{/* +Expand the name of the chart. +*/}} +{{- define "fdb-operator.name" -}} +{{- default .Chart.Name .Values.nameOverride | trunc 63 | trimSuffix "-" -}} +{{- end -}} + +{{/* +Create a default fully qualified app name. +We truncate at 63 chars because some Kubernetes name fields are limited to this (by the DNS naming spec). +If release name contains chart name it will be used as a full name. +*/}} +{{- define "fdb-operator.fullname" -}} +{{- if .Values.fullnameOverride -}} +{{- .Values.fullnameOverride | trunc 63 | trimSuffix "-" -}} +{{- else -}} +{{- $name := default .Chart.Name .Values.nameOverride -}} +{{- if contains $name .Release.Name -}} +{{- .Release.Name | trunc 63 | trimSuffix "-" -}} +{{- else -}} +{{- printf "%s-%s" .Release.Name $name | trunc 63 | trimSuffix "-" -}} +{{- end -}} +{{- end -}} +{{- end -}} + +{{/* +Create chart name and version as used by the chart label. +*/}} +{{- define "fdb-operator.chart" -}} +{{- printf "%s-%s" .Chart.Name .Chart.Version | replace "+" "_" | trunc 63 | trimSuffix "-" -}} +{{- end -}} + +{{/* +Common labels +*/}} +{{- define "fdb-operator.labels" -}} +helm.sh/chart: {{ include "fdb-operator.chart" . }} +{{ include "fdb-operator.selectorLabels" . }} +app.kubernetes.io/version: {{ .Values.image.tag | trimPrefix "v" | quote }} +app.kubernetes.io/managed-by: {{ .Release.Service }} +{{- end }} + +{{/* +Selector labels +*/}} +{{- define "fdb-operator.selectorLabels" -}} +app.kubernetes.io/name: {{ include "fdb-operator.name" . }} +app.kubernetes.io/instance: {{ .Release.Name }} +{{- end }} + +{{/* +Create the name of the service account +*/}} +{{- define "fdb-operator.serviceAccountName" -}} +{{- if .Values.serviceAccount.create -}} + {{ default (include "fdb-operator.fullname" .) .Values.serviceAccount.name }} +{{- else -}} + {{ default "default" .Values.serviceAccount.name }} +{{- end -}} +{{- end -}} diff --git a/packages/system/foundationdb-operator/charts/fdb-operator/templates/manager/deployment.yaml b/packages/system/foundationdb-operator/charts/fdb-operator/templates/manager/deployment.yaml new file mode 100644 index 00000000..e4ef5699 --- /dev/null +++ b/packages/system/foundationdb-operator/charts/fdb-operator/templates/manager/deployment.yaml @@ -0,0 +1,117 @@ +--- +apiVersion: apps/v1 +kind: Deployment +metadata: + name: {{ include "fdb-operator.fullname" . }} + labels: + {{- include "fdb-operator.labels" . | nindent 4 }} + {{- with .Values.annotations }} + annotations: + {{- toYaml . | nindent 4 }} + {{- end }} +spec: + {{- with .Values.replicas }} + replicas: {{ . }} + {{- end }} + selector: + matchLabels: + {{- include "fdb-operator.selectorLabels" . | nindent 6 }} + template: + metadata: + labels: + {{- include "fdb-operator.selectorLabels" . | nindent 8 }} + {{- with .Values.podLabels }} + {{- toYaml . | nindent 8 }} + {{- end }} + {{- with .Values.podAnnotations }} + annotations: + {{- toYaml . | nindent 8 }} + {{- end }} + spec: + serviceAccountName: {{ include "fdb-operator.serviceAccountName" . }} + {{- with .Values.priorityClassName }} + priorityClassName: {{ . }} + {{- end }} + securityContext: + {{- toYaml .Values.securityContext | nindent 8 }} + terminationGracePeriodSeconds: 10 + {{- with .Values.imagePullSecrets }} + imagePullSecrets: + {{- toYaml . | nindent 8 }} + {{- end }} + initContainers: + {{- range $version, $params := .Values.initContainers }} + - name: foundationdb-kubernetes-init-{{ $version | replace "." "-" }} + image: {{ $params.image.repository }}:{{ $params.image.tag }} + imagePullPolicy: {{ $params.image.pullPolicy }} + args: + - "--copy-library" + - "{{ $version }}" + - "--copy-binary" + - "fdbcli" + - "--copy-binary" + - "fdbbackup" + - "--copy-binary" + - "fdbrestore" + - "--output-dir" + - "/var/output-files" + - "--mode" + - "init" + volumeMounts: + - name: fdb-binaries + mountPath: /var/output-files + resources: + {{- toYaml $.Values.initContainersResources | nindent 10 }} + securityContext: + {{- toYaml $.Values.initContainerSecurityContext | nindent 10 }} + {{- end }} + containers: + - name: manager + image: {{ .Values.image.repository }}:{{ .Values.image.tag }} + imagePullPolicy: {{ .Values.image.pullPolicy }} + command: + - /manager + {{- if not .Values.globalMode.enabled }} + env: + - name: WATCH_NAMESPACE + valueFrom: + fieldRef: + fieldPath: metadata.namespace + {{- end }} + ports: + - containerPort: 8080 + name: metrics + volumeMounts: + - name: tmp + mountPath: /tmp + - name: logs + mountPath: /var/log/fdb + - name: fdb-binaries + mountPath: /usr/bin/fdb + securityContext: + {{- toYaml .Values.containerSecurityContext | nindent 10 }} + livenessProbe: + httpGet: + path: /metrics + port: metrics + resources: + {{- toYaml .Values.resources | nindent 10 }} + {{- with .Values.affinity }} + affinity: + {{- toYaml . | nindent 8 }} + {{- end }} + {{- with .Values.nodeSelector }} + nodeSelector: + {{- toYaml . | nindent 8 }} + {{- end }} + {{- with .Values.tolerations }} + tolerations: + {{- toYaml . | nindent 8 }} + {{- end }} + volumes: + - name: tmp + emptyDir: {} + - name: logs + emptyDir: {} + - name: fdb-binaries + emptyDir: {} diff --git a/packages/system/foundationdb-operator/charts/fdb-operator/templates/rbac/rbac_role.yaml b/packages/system/foundationdb-operator/charts/fdb-operator/templates/rbac/rbac_role.yaml new file mode 100644 index 00000000..7772774f --- /dev/null +++ b/packages/system/foundationdb-operator/charts/fdb-operator/templates/rbac/rbac_role.yaml @@ -0,0 +1,131 @@ +--- +apiVersion: rbac.authorization.k8s.io/v1 +{{- if .Values.globalMode.enabled }} +kind: ClusterRole +{{- else }} +kind: Role +{{- end }} +metadata: + name: {{ include "fdb-operator.fullname" . }} + labels: + {{- include "fdb-operator.labels" . | nindent 4 }} +rules: +- apiGroups: + - "" + resources: + - pods + - configmaps + - persistentvolumeclaims + - events + verbs: + - get + - watch + - list + - create + - update + - patch + - delete +- apiGroups: + - apps.foundationdb.org + resources: + - foundationdbclusters + - foundationdbbackups + - foundationdbrestores + verbs: + - get + - list + - watch + - create + - update + - patch + - delete +- apiGroups: + - apps.foundationdb.org + resources: + - foundationdbclusters/status + - foundationdbbackups/status + - foundationdbrestores/status + verbs: + - get + - update + - patch +- apiGroups: + - admissionregistration.k8s.io + resources: + - mutatingwebhookconfigurations + - validatingwebhookconfigurations + verbs: + - get + - list + - watch + - create + - update + - patch + - delete +- apiGroups: + - "" + resources: + - secrets + verbs: + - get + - list + - watch + - create + - update + - patch + - delete +- apiGroups: + - "" + resources: + - services + verbs: + - get + - list + - watch + - create + - update + - patch + - delete +- apiGroups: + - apps + resources: + - deployments + verbs: + - get + - list + - watch + - create + - update + - patch + - delete +- apiGroups: + - coordination.k8s.io + resources: + - leases + verbs: + - get + - list + - watch + - create + - update + - patch + - delete +{{- if .Values.nodeReadClusterRole }} +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRole +metadata: + name: {{ include "fdb-operator.fullname" . }}-clusterrole + labels: + {{- include "fdb-operator.labels" . | nindent 4 }} +rules: +- apiGroups: + - "" + resources: + - nodes + verbs: + - get + - watch + - list +{{- end }} + diff --git a/packages/system/foundationdb-operator/charts/fdb-operator/templates/rbac/rbac_role_binding.yaml b/packages/system/foundationdb-operator/charts/fdb-operator/templates/rbac/rbac_role_binding.yaml new file mode 100644 index 00000000..2335c3c1 --- /dev/null +++ b/packages/system/foundationdb-operator/charts/fdb-operator/templates/rbac/rbac_role_binding.yaml @@ -0,0 +1,44 @@ +--- +apiVersion: rbac.authorization.k8s.io/v1 +{{- if .Values.globalMode.enabled }} +kind: ClusterRoleBinding +{{- else }} +kind: RoleBinding +{{- end }} +metadata: + name: {{ include "fdb-operator.fullname" . }} + labels: + {{- include "fdb-operator.labels" . | nindent 4 }} +roleRef: + apiGroup: rbac.authorization.k8s.io + {{- if .Values.globalMode.enabled }} + kind: ClusterRole + {{- else }} + kind: Role + {{- end }} + name: {{ include "fdb-operator.fullname" . }} +subjects: +- kind: ServiceAccount + name: {{ include "fdb-operator.serviceAccountName" . }} + {{- if .Values.globalMode.enabled }} + namespace: {{ .Release.Namespace }} + {{- end }} +{{- if .Values.nodeReadClusterRole }} +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRoleBinding +metadata: + name: {{ include "fdb-operator.fullname" . }}-clusterrolebinding + labels: + {{- include "fdb-operator.labels" . | nindent 4 }} +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: ClusterRole + name: {{ include "fdb-operator.fullname" . }}-clusterrole +subjects: +- kind: ServiceAccount + name: {{ include "fdb-operator.serviceAccountName" . }} + {{- if .Values.globalMode.enabled }} + namespace: {{ .Release.Namespace }} + {{- end }} +{{- end }} diff --git a/packages/system/foundationdb-operator/charts/fdb-operator/templates/rbac/serviceaccount.yaml b/packages/system/foundationdb-operator/charts/fdb-operator/templates/rbac/serviceaccount.yaml new file mode 100644 index 00000000..de763cb8 --- /dev/null +++ b/packages/system/foundationdb-operator/charts/fdb-operator/templates/rbac/serviceaccount.yaml @@ -0,0 +1,17 @@ +--- +{{- if .Values.serviceAccount.create }} +apiVersion: v1 +kind: ServiceAccount +metadata: + name: {{ include "fdb-operator.serviceAccountName" . }} + labels: + {{- include "fdb-operator.labels" . | nindent 4 }} + {{- with .Values.serviceAccount.annotations }} + annotations: + {{- toYaml . | nindent 4 }} + {{- end }} +{{- with .Values.serviceAccount.imagePullSecrets }} +imagePullSecrets: + {{- toYaml . | nindent 2 }} +{{- end }} +{{- end }} diff --git a/packages/system/foundationdb-operator/charts/fdb-operator/values.yaml b/packages/system/foundationdb-operator/charts/fdb-operator/values.yaml new file mode 100644 index 00000000..139af022 --- /dev/null +++ b/packages/system/foundationdb-operator/charts/fdb-operator/values.yaml @@ -0,0 +1,70 @@ +--- +image: + repository: foundationdb/fdb-kubernetes-operator + tag: v2.13.0 + pullPolicy: IfNotPresent +initContainers: + 7.1: + image: + repository: foundationdb/fdb-kubernetes-monitor + tag: 7.1.67 + pullPolicy: IfNotPresent + 7.3: + image: + repository: foundationdb/fdb-kubernetes-monitor + tag: 7.3.63 + pullPolicy: IfNotPresent + 7.4: + image: + repository: foundationdb/fdb-kubernetes-monitor + tag: 7.4.1 + pullPolicy: IfNotPresent +globalMode: + enabled: false +replicas: null +imagePullSecrets: [] +annotations: {} +podAnnotations: {} +podLabels: {} +serviceAccount: + create: true + name: null + imagePullSecrets: [] + annotations: {} +priorityClassName: null +securityContext: + runAsUser: 4059 + runAsGroup: 4059 + fsGroup: 4059 +containerSecurityContext: + allowPrivilegeEscalation: false + privileged: false + capabilities: + drop: + - all + readOnlyRootFilesystem: true +nodeSelector: {} +affinity: {} +tolerations: {} +resources: + limits: + cpu: 500m + memory: 256Mi + requests: + cpu: 500m + memory: 256Mi +initContainersResources: + limits: + cpu: 10m + memory: 50Mi + requests: + cpu: 10m + memory: 50Mi +initContainerSecurityContext: + allowPrivilegeEscalation: false + privileged: false + capabilities: + drop: + - all + readOnlyRootFilesystem: true +nodeReadClusterRole: true diff --git a/packages/system/foundationdb-operator/values.yaml b/packages/system/foundationdb-operator/values.yaml new file mode 100644 index 00000000..044e81c7 --- /dev/null +++ b/packages/system/foundationdb-operator/values.yaml @@ -0,0 +1,4 @@ +fdb-operator: + globalMode: + enabled: true + nodeReadClusterRole: true \ No newline at end of file diff --git a/packages/system/kafka-operator/templates/alerts.yaml b/packages/system/kafka-operator/templates/alerts.yaml index 70d47014..1988991e 100644 --- a/packages/system/kafka-operator/templates/alerts.yaml +++ b/packages/system/kafka-operator/templates/alerts.yaml @@ -1,7 +1,11 @@ -{{- $files := .Files.Glob "alerts/*.yaml" -}} -{{- range $path, $file := $files }} ---- -# from: {{ $path }} -{{ toString $file }} - -{{- end -}} +{{- /* +# Disabled due to https://github.com/cozystack/cozystack/issues/790 +# {{- $files := .Files.Glob "alerts/*.yaml" -}} +# {{- range $path, $file := $files }} +# --- +# # from: {{ $path }} +# {{ toString $file }} +# +# {{- end -}} +# +*/ -}} diff --git a/packages/system/kamaji/images/kamaji/patches/992.diff b/packages/system/kamaji/images/kamaji/patches/992.diff new file mode 100644 index 00000000..cd9c2ad3 --- /dev/null +++ b/packages/system/kamaji/images/kamaji/patches/992.diff @@ -0,0 +1,156 @@ +diff --git a/internal/resources/api_server_certificate.go b/internal/resources/api_server_certificate.go +index 436cdf9..4702b6c 100644 +--- a/internal/resources/api_server_certificate.go ++++ b/internal/resources/api_server_certificate.go +@@ -108,6 +108,7 @@ func (r *APIServerCertificate) mutate(ctx context.Context, tenantControlPlane *k + } + + r.resource.SetLabels(utilities.MergeMaps( ++ r.resource.GetLabels(), + utilities.KamajiLabels(tenantControlPlane.GetName(), r.GetName()), + map[string]string{ + constants.ControllerLabelResource: "x509", +diff --git a/internal/resources/api_server_kubelet_client_certificate.go b/internal/resources/api_server_kubelet_client_certificate.go +index 85b4d42..da18db4 100644 +--- a/internal/resources/api_server_kubelet_client_certificate.go ++++ b/internal/resources/api_server_kubelet_client_certificate.go +@@ -95,6 +95,7 @@ func (r *APIServerKubeletClientCertificate) mutate(ctx context.Context, tenantCo + } + + r.resource.SetLabels(utilities.MergeMaps( ++ r.resource.GetLabels(), + utilities.KamajiLabels(tenantControlPlane.GetName(), r.GetName()), + map[string]string{ + constants.ControllerLabelResource: "x509", +diff --git a/internal/resources/ca_certificate.go b/internal/resources/ca_certificate.go +index 5425b0b..625273f 100644 +--- a/internal/resources/ca_certificate.go ++++ b/internal/resources/ca_certificate.go +@@ -137,7 +137,7 @@ func (r *CACertificate) mutate(ctx context.Context, tenantControlPlane *kamajiv1 + corev1.TLSPrivateKeyKey: ca.PrivateKey, + } + +- r.resource.SetLabels(utilities.KamajiLabels(tenantControlPlane.GetName(), r.GetName())) ++ r.resource.SetLabels(utilities.MergeMaps(r.resource.GetLabels(), utilities.KamajiLabels(tenantControlPlane.GetName(), r.GetName()))) + + utilities.SetObjectChecksum(r.resource, r.resource.Data) + +diff --git a/internal/resources/datastore/datastore_certificate.go b/internal/resources/datastore/datastore_certificate.go +index dea45ae..8492a5e 100644 +--- a/internal/resources/datastore/datastore_certificate.go ++++ b/internal/resources/datastore/datastore_certificate.go +@@ -94,6 +94,7 @@ func (r *Certificate) mutate(ctx context.Context, tenantControlPlane *kamajiv1al + r.resource.Data["ca.crt"] = ca + + r.resource.SetLabels(utilities.MergeMaps( ++ r.resource.GetLabels(), + utilities.KamajiLabels(tenantControlPlane.GetName(), r.GetName()), + map[string]string{ + constants.ControllerLabelResource: "x509", +diff --git a/internal/resources/datastore/datastore_storage_config.go b/internal/resources/datastore/datastore_storage_config.go +index 7d03420..4ea9e64 100644 +--- a/internal/resources/datastore/datastore_storage_config.go ++++ b/internal/resources/datastore/datastore_storage_config.go +@@ -181,7 +181,7 @@ func (r *Config) mutate(ctx context.Context, tenantControlPlane *kamajiv1alpha1. + + utilities.SetObjectChecksum(r.resource, r.resource.Data) + +- r.resource.SetLabels(utilities.KamajiLabels(tenantControlPlane.GetName(), r.GetName())) ++ r.resource.SetLabels(utilities.MergeMaps(r.resource.GetLabels(), utilities.KamajiLabels(tenantControlPlane.GetName(), r.GetName()))) + + return ctrl.SetControllerReference(tenantControlPlane, r.resource, r.Client.Scheme()) + } +diff --git a/internal/resources/front-proxy-client-certificate.go b/internal/resources/front-proxy-client-certificate.go +index f5ed67c..2dd4eda 100644 +--- a/internal/resources/front-proxy-client-certificate.go ++++ b/internal/resources/front-proxy-client-certificate.go +@@ -95,6 +95,7 @@ func (r *FrontProxyClientCertificate) mutate(ctx context.Context, tenantControlP + } + + r.resource.SetLabels(utilities.MergeMaps( ++ r.resource.GetLabels(), + utilities.KamajiLabels(tenantControlPlane.GetName(), r.GetName()), + map[string]string{ + constants.ControllerLabelResource: "x509", +diff --git a/internal/resources/front_proxy_ca_certificate.go b/internal/resources/front_proxy_ca_certificate.go +index d410720..ccadc70 100644 +--- a/internal/resources/front_proxy_ca_certificate.go ++++ b/internal/resources/front_proxy_ca_certificate.go +@@ -114,7 +114,7 @@ func (r *FrontProxyCACertificate) mutate(ctx context.Context, tenantControlPlane + kubeadmconstants.FrontProxyCAKeyName: ca.PrivateKey, + } + +- r.resource.SetLabels(utilities.KamajiLabels(tenantControlPlane.GetName(), r.GetName())) ++ r.resource.SetLabels(utilities.MergeMaps(r.resource.GetLabels(), utilities.KamajiLabels(tenantControlPlane.GetName(), r.GetName()))) + + utilities.SetObjectChecksum(r.resource, r.resource.Data) + +diff --git a/internal/resources/k8s_ingress_resource.go b/internal/resources/k8s_ingress_resource.go +index f2e014f..e1aef59 100644 +--- a/internal/resources/k8s_ingress_resource.go ++++ b/internal/resources/k8s_ingress_resource.go +@@ -147,7 +147,7 @@ func (r *KubernetesIngressResource) Define(_ context.Context, tenantControlPlane + + func (r *KubernetesIngressResource) mutate(tenantControlPlane *kamajiv1alpha1.TenantControlPlane) controllerutil.MutateFn { + return func() error { +- labels := utilities.MergeMaps(utilities.KamajiLabels(tenantControlPlane.GetName(), r.GetName()), tenantControlPlane.Spec.ControlPlane.Ingress.AdditionalMetadata.Labels) ++ labels := utilities.MergeMaps(r.resource.GetLabels(), utilities.KamajiLabels(tenantControlPlane.GetName(), r.GetName()), tenantControlPlane.Spec.ControlPlane.Ingress.AdditionalMetadata.Labels) + r.resource.SetLabels(labels) + + annotations := utilities.MergeMaps(r.resource.GetAnnotations(), tenantControlPlane.Spec.ControlPlane.Ingress.AdditionalMetadata.Annotations) +diff --git a/internal/resources/k8s_service_resource.go b/internal/resources/k8s_service_resource.go +index 7e7f11f..9c30145 100644 +--- a/internal/resources/k8s_service_resource.go ++++ b/internal/resources/k8s_service_resource.go +@@ -76,7 +76,12 @@ func (r *KubernetesServiceResource) mutate(ctx context.Context, tenantControlPla + address, _ := tenantControlPlane.DeclaredControlPlaneAddress(ctx, r.Client) + + return func() error { +- labels := utilities.MergeMaps(utilities.KamajiLabels(tenantControlPlane.GetName(), r.GetName()), tenantControlPlane.Spec.ControlPlane.Service.AdditionalMetadata.Labels) ++ labels := utilities.MergeMaps( ++ r.resource.GetLabels(), ++ utilities.KamajiLabels( ++ tenantControlPlane.GetName(), r.GetName()), ++ tenantControlPlane.Spec.ControlPlane.Service.AdditionalMetadata.Labels, ++ ) + r.resource.SetLabels(labels) + + annotations := utilities.MergeMaps(r.resource.GetAnnotations(), tenantControlPlane.Spec.ControlPlane.Service.AdditionalMetadata.Annotations) +diff --git a/internal/resources/kubeadm_config.go b/internal/resources/kubeadm_config.go +index ae4cfc0..98dc36d 100644 +--- a/internal/resources/kubeadm_config.go ++++ b/internal/resources/kubeadm_config.go +@@ -89,7 +89,7 @@ func (r *KubeadmConfigResource) mutate(ctx context.Context, tenantControlPlane * + return err + } + +- r.resource.SetLabels(utilities.KamajiLabels(tenantControlPlane.GetName(), r.GetName())) ++ r.resource.SetLabels(utilities.MergeMaps(r.resource.GetLabels(), utilities.KamajiLabels(tenantControlPlane.GetName(), r.GetName()))) + + params := kubeadm.Parameters{ + TenantControlPlaneAddress: address, +diff --git a/internal/resources/kubeconfig.go b/internal/resources/kubeconfig.go +index a87da7f..bd77676 100644 +--- a/internal/resources/kubeconfig.go ++++ b/internal/resources/kubeconfig.go +@@ -163,6 +163,7 @@ func (r *KubeconfigResource) mutate(ctx context.Context, tenantControlPlane *kam + } + + r.resource.SetLabels(utilities.MergeMaps( ++ r.resource.GetLabels(), + utilities.KamajiLabels(tenantControlPlane.GetName(), r.GetName()), + map[string]string{ + constants.ControllerLabelResource: "kubeconfig", +diff --git a/internal/resources/sa_certificate.go b/internal/resources/sa_certificate.go +index b53c7b0..4001eca 100644 +--- a/internal/resources/sa_certificate.go ++++ b/internal/resources/sa_certificate.go +@@ -113,7 +113,7 @@ func (r *SACertificate) mutate(ctx context.Context, tenantControlPlane *kamajiv1 + kubeadmconstants.ServiceAccountPrivateKeyName: sa.PrivateKey, + } + +- r.resource.SetLabels(utilities.KamajiLabels(tenantControlPlane.GetName(), r.GetName())) ++ r.resource.SetLabels(utilities.MergeMaps(r.resource.GetLabels(), utilities.KamajiLabels(tenantControlPlane.GetName(), r.GetName()))) + + utilities.SetObjectChecksum(r.resource, r.resource.Data) + diff --git a/packages/system/kamaji/values.yaml b/packages/system/kamaji/values.yaml index 33971be2..906d20bf 100644 --- a/packages/system/kamaji/values.yaml +++ b/packages/system/kamaji/values.yaml @@ -3,7 +3,7 @@ kamaji: deploy: false image: pullPolicy: IfNotPresent - tag: v0.37.0-alpha.2@sha256:434c36dfd6a28beab5df1c26c377c7db477b13548a9bd385e71b62aee2a8304c + tag: v0.37.0@sha256:9f4fd5045ede2909fbaf2572e4138fcbd8921071ecf8f08446257fddd0e6f655 repository: ghcr.io/cozystack/cozystack/kamaji resources: limits: @@ -13,4 +13,4 @@ kamaji: cpu: 100m memory: 100Mi extraArgs: - - --migrate-image=ghcr.io/cozystack/cozystack/kamaji:v0.37.0-alpha.2@sha256:434c36dfd6a28beab5df1c26c377c7db477b13548a9bd385e71b62aee2a8304c + - --migrate-image=ghcr.io/cozystack/cozystack/kamaji:v0.37.0@sha256:9f4fd5045ede2909fbaf2572e4138fcbd8921071ecf8f08446257fddd0e6f655 diff --git a/packages/system/kubeovn-plunger/values.yaml b/packages/system/kubeovn-plunger/values.yaml index 1272d698..11595d48 100644 --- a/packages/system/kubeovn-plunger/values.yaml +++ b/packages/system/kubeovn-plunger/values.yaml @@ -1,4 +1,4 @@ portSecurity: true routes: "" -image: ghcr.io/cozystack/cozystack/kubeovn-plunger:v0.37.0-alpha.2@sha256:42a81b19ac24779d5248ad57ce493f86bf6efda24cbd37671d167eeed9b83aed +image: ghcr.io/cozystack/cozystack/kubeovn-plunger:v0.37.0@sha256:9950614571ea77a55925eba0839b6b12c8e5a7a30b8858031a8c6050f261af1a ovnCentralName: ovn-central diff --git a/packages/system/kubeovn-webhook/values.yaml b/packages/system/kubeovn-webhook/values.yaml index ab4cf35d..116f077a 100644 --- a/packages/system/kubeovn-webhook/values.yaml +++ b/packages/system/kubeovn-webhook/values.yaml @@ -1,3 +1,3 @@ portSecurity: true routes: "" -image: ghcr.io/cozystack/cozystack/kubeovn-webhook:v0.37.0-alpha.2@sha256:d5023bbfe524ec97bc499d853a3fe67affa9b37dd849eac521f38c651d50382c +image: ghcr.io/cozystack/cozystack/kubeovn-webhook:v0.37.0@sha256:7e63205708e607ce2cedfe2a2cafd323ca51e3ebc71244a21ff6f9016c6c87bc diff --git a/packages/system/kubeovn/charts/kube-ovn/Chart.yaml b/packages/system/kubeovn/charts/kube-ovn/Chart.yaml index 44744459..f7be2d3b 100644 --- a/packages/system/kubeovn/charts/kube-ovn/Chart.yaml +++ b/packages/system/kubeovn/charts/kube-ovn/Chart.yaml @@ -15,12 +15,12 @@ type: application # This is the chart version. This version number should be incremented each time you make changes # to the chart and its templates, including the app version. # Versions are expected to follow Semantic Versioning (https://semver.org/) -version: v1.14.5 +version: v1.14.11 # This is the version number of the application being deployed. This version number should be # incremented each time you make changes to the application. Versions are not expected to # follow Semantic Versioning. They should reflect the version the application is using. # It is recommended to use it with quotes. -appVersion: "1.14.5" +appVersion: "1.14.11" kubeVersion: ">= 1.29.0-0" diff --git a/packages/system/kubeovn/charts/kube-ovn/templates/kube-ovn-crd.yaml b/packages/system/kubeovn/charts/kube-ovn/templates/kube-ovn-crd.yaml index 1f45c50c..3bddfbe1 100644 --- a/packages/system/kubeovn/charts/kube-ovn/templates/kube-ovn-crd.yaml +++ b/packages/system/kubeovn/charts/kube-ovn/templates/kube-ovn-crd.yaml @@ -257,8 +257,9 @@ spec: type: array type: object weight: - format: int32 type: integer + minimum: 1 + maximum: 100 required: - preference - weight @@ -349,8 +350,9 @@ spec: - topologyKey type: object weight: - format: int32 type: integer + minimum: 1 + maximum: 100 required: - podAffinityTerm - weight @@ -437,8 +439,9 @@ spec: - topologyKey type: object weight: - format: int32 type: integer + minimum: 1 + maximum: 100 required: - podAffinityTerm - weight @@ -593,8 +596,9 @@ spec: type: array type: object weight: - format: int32 type: integer + minimum: 1 + maximum: 100 required: - preference - weight @@ -685,8 +689,9 @@ spec: - topologyKey type: object weight: - format: int32 type: integer + minimum: 1 + maximum: 100 required: - podAffinityTerm - weight @@ -773,8 +778,9 @@ spec: - topologyKey type: object weight: - format: int32 type: integer + minimum: 1 + maximum: 100 required: - podAffinityTerm - weight @@ -891,7 +897,8 @@ spec: properties: replicas: type: integer - format: int32 + minimum: 0 + maximum: 10 labelSelector: type: string conditions: @@ -907,7 +914,6 @@ spec: maxLength: 32768 type: string observedGeneration: - format: int64 minimum: 0 type: integer reason: @@ -988,7 +994,6 @@ spec: properties: replicas: type: integer - format: int32 default: 1 minimum: 0 maximum: 10 @@ -1036,16 +1041,19 @@ spec: default: false minRX: type: integer - format: int32 default: 1000 + minimum: 1 + maximum: 3600000 minTX: type: integer - format: int32 default: 1000 + minimum: 1 + maximum: 3600000 multiplier: type: integer - format: int32 default: 3 + minimum: 1 + maximum: 3600000 selectors: type: array items: diff --git a/packages/system/kubeovn/charts/kube-ovn/templates/ovncni-ds.yaml b/packages/system/kubeovn/charts/kube-ovn/templates/ovncni-ds.yaml index 3a749f84..947ec454 100644 --- a/packages/system/kubeovn/charts/kube-ovn/templates/ovncni-ds.yaml +++ b/packages/system/kubeovn/charts/kube-ovn/templates/ovncni-ds.yaml @@ -272,5 +272,5 @@ spec: {{- if .Values.func.ENABLE_OVN_IPSEC }} - name: ovs-ipsec-keys hostPath: - path: {{ .Values.OPENVSWITCH_DIR }} + path: {{ .Values.OVN_IPSEC_KEY_DIR }} {{- end }} diff --git a/packages/system/kubeovn/charts/kube-ovn/values.yaml b/packages/system/kubeovn/charts/kube-ovn/values.yaml index 74a69133..3652386d 100644 --- a/packages/system/kubeovn/charts/kube-ovn/values.yaml +++ b/packages/system/kubeovn/charts/kube-ovn/values.yaml @@ -9,7 +9,7 @@ global: kubeovn: repository: kube-ovn vpcRepository: vpc-nat-gateway - tag: v1.14.5 + tag: v1.14.11 support_arm: true thirdparty: true @@ -123,6 +123,7 @@ log_conf: LOG_DIR: "/var/log" OPENVSWITCH_DIR: "/etc/origin/openvswitch" +OVN_IPSEC_KEY_DIR: "/etc/origin/ovs_ipsec_keys" OVN_DIR: "/etc/origin/ovn" DISABLE_MODULES_MANAGEMENT: false diff --git a/packages/system/kubeovn/images/kubeovn/Dockerfile b/packages/system/kubeovn/images/kubeovn/Dockerfile index f4d1267c..5ea19c93 100644 --- a/packages/system/kubeovn/images/kubeovn/Dockerfile +++ b/packages/system/kubeovn/images/kubeovn/Dockerfile @@ -1,10 +1,10 @@ # syntax = docker/dockerfile:experimental -ARG VERSION=v1.14.5 +ARG VERSION=v1.14.11 ARG BASE_TAG=$VERSION -FROM golang:1.24-bookworm as builder +FROM golang:1.25-bookworm as builder -ARG TAG=v1.14.5 +ARG TAG=v1.14.11 RUN git clone --branch ${TAG} --depth 1 https://github.com/kubeovn/kube-ovn /source WORKDIR /source diff --git a/packages/system/kubeovn/values.yaml b/packages/system/kubeovn/values.yaml index 4e19551a..33d59db2 100644 --- a/packages/system/kubeovn/values.yaml +++ b/packages/system/kubeovn/values.yaml @@ -2,6 +2,7 @@ kube-ovn: namespace: cozy-kubeovn func: ENABLE_NP: false + ENABLE_LB: false ipv4: POD_CIDR: "10.244.0.0/16" POD_GATEWAY: "10.244.0.1" @@ -64,4 +65,4 @@ global: images: kubeovn: repository: kubeovn - tag: v1.14.5@sha256:4be1987a8893cdd77fd2b07486b21838650220a650c9adf7c52395405f48716c + tag: v1.14.5@sha256:af10da442a0c6dc7df47a0ef752e2eb5c247bb0b43069fdfcb2aa51511185ea2 diff --git a/packages/system/kubevirt-csi-node/values.yaml b/packages/system/kubevirt-csi-node/values.yaml index 9218254f..a7fb1e67 100644 --- a/packages/system/kubevirt-csi-node/values.yaml +++ b/packages/system/kubevirt-csi-node/values.yaml @@ -1,3 +1,3 @@ storageClass: replicated csiDriver: - image: ghcr.io/cozystack/cozystack/kubevirt-csi-driver:0.0.0@sha256:f0e1d9f9e91be8e4a22be9fbe01a8b0e81aba4230b865fba9608ef7f9fb5745f + image: ghcr.io/cozystack/cozystack/kubevirt-csi-driver:0.0.0@sha256:c8b08084a86251cdd18e237de89b695bca0e4f7eb1f1f6ddc2b903b4d74ea5ff diff --git a/packages/system/lineage-controller-webhook/.gitignore b/packages/system/lineage-controller-webhook/.gitignore new file mode 100644 index 00000000..ada68ff0 --- /dev/null +++ b/packages/system/lineage-controller-webhook/.gitignore @@ -0,0 +1,27 @@ +# Binaries for programs and plugins +*.exe +*.exe~ +*.dll +*.so +*.dylib +bin/* +Dockerfile.cross + +# Test binary, built with `go test -c` +*.test + +# Output of the go coverage tool, specifically when used with LiteIDE +*.out + +# Go workspace file +go.work + +# Kubernetes Generated files - skip generated files, except for vendored files +!vendor/**/zz_generated.* + +# editor and IDE paraphernalia +.idea +.vscode +*.swp +*.swo +*~ diff --git a/packages/system/lineage-controller-webhook/Chart.yaml b/packages/system/lineage-controller-webhook/Chart.yaml new file mode 100644 index 00000000..5b262f05 --- /dev/null +++ b/packages/system/lineage-controller-webhook/Chart.yaml @@ -0,0 +1,3 @@ +apiVersion: v2 +name: cozy-lineage-controller-webhook +version: 0.0.0 # Placeholder, the actual version will be automatically set during the build process diff --git a/packages/system/lineage-controller-webhook/Makefile b/packages/system/lineage-controller-webhook/Makefile new file mode 100644 index 00000000..04d81a12 --- /dev/null +++ b/packages/system/lineage-controller-webhook/Makefile @@ -0,0 +1,18 @@ +NAME=lineage-controller-webhook +NAMESPACE=cozy-system + +include ../../../scripts/common-envs.mk +include ../../../scripts/package.mk + +image: image-lineage-controller-webhook + +image-lineage-controller-webhook: + docker buildx build -f images/lineage-controller-webhook/Dockerfile ../../.. \ + --tag $(REGISTRY)/lineage-controller-webhook:$(call settag,$(TAG)) \ + --cache-from type=registry,ref=$(REGISTRY)/lineage-controller-webhook:latest \ + --cache-to type=inline \ + --metadata-file images/lineage-controller-webhook.json \ + $(BUILDX_ARGS) + IMAGE="$(REGISTRY)/lineage-controller-webhook:$(call settag,$(TAG))@$$(yq e '."containerimage.digest"' images/lineage-controller-webhook.json -o json -r)" \ + yq -i '.lineageControllerWebhook.image = strenv(IMAGE)' values.yaml + rm -f images/lineage-controller-webhook.json diff --git a/packages/system/lineage-controller-webhook/images/lineage-controller-webhook/Dockerfile b/packages/system/lineage-controller-webhook/images/lineage-controller-webhook/Dockerfile new file mode 100644 index 00000000..e043e472 --- /dev/null +++ b/packages/system/lineage-controller-webhook/images/lineage-controller-webhook/Dockerfile @@ -0,0 +1,23 @@ +FROM golang:1.24-alpine AS builder + +ARG TARGETOS +ARG TARGETARCH + +WORKDIR /workspace + +COPY go.mod go.sum ./ +RUN GOOS=$TARGETOS GOARCH=$TARGETARCH go mod download + +COPY api api/ +COPY pkg pkg/ +COPY cmd cmd/ +COPY internal internal/ + +RUN GOOS=$TARGETOS GOARCH=$TARGETARCH CGO_ENABLED=0 go build -ldflags="-extldflags=-static" -o /lineage-controller-webhook cmd/lineage-controller-webhook/main.go + +FROM scratch + +COPY --from=builder /lineage-controller-webhook /lineage-controller-webhook +COPY --from=builder /etc/ssl/certs/ca-certificates.crt /etc/ssl/certs/ca-certificates.crt + +ENTRYPOINT ["/lineage-controller-webhook"] diff --git a/packages/system/lineage-controller-webhook/templates/certmanager.yaml b/packages/system/lineage-controller-webhook/templates/certmanager.yaml new file mode 100644 index 00000000..c2dc18d2 --- /dev/null +++ b/packages/system/lineage-controller-webhook/templates/certmanager.yaml @@ -0,0 +1,45 @@ +apiVersion: cert-manager.io/v1 +kind: Issuer +metadata: + name: lineage-controller-webhook-selfsigned + namespace: {{ .Release.Namespace }} +spec: + selfSigned: {} +--- +apiVersion: cert-manager.io/v1 +kind: Certificate +metadata: + name: lineage-controller-webhook-ca + namespace: {{ .Release.Namespace }} +spec: + secretName: lineage-controller-webhook-ca + duration: 43800h # 5 years + commonName: lineage-controller-webhook-ca + issuerRef: + name: lineage-controller-webhook-selfsigned + isCA: true +--- +apiVersion: cert-manager.io/v1 +kind: Issuer +metadata: + name: lineage-controller-webhook-ca + namespace: {{ .Release.Namespace }} +spec: + ca: + secretName: lineage-controller-webhook-ca +--- +apiVersion: cert-manager.io/v1 +kind: Certificate +metadata: + name: lineage-controller-webhook + namespace: {{ .Release.Namespace }} +spec: + secretName: lineage-controller-webhook-cert + duration: 8760h + renewBefore: 720h + issuerRef: + name: lineage-controller-webhook-ca + commonName: lineage-controller-webhook + dnsNames: + - lineage-controller-webhook + - lineage-controller-webhook.{{ .Release.Namespace }}.svc diff --git a/packages/system/lineage-controller-webhook/templates/daemonset.yaml b/packages/system/lineage-controller-webhook/templates/daemonset.yaml new file mode 100644 index 00000000..177bcd8b --- /dev/null +++ b/packages/system/lineage-controller-webhook/templates/daemonset.yaml @@ -0,0 +1,46 @@ +apiVersion: apps/v1 +kind: DaemonSet +metadata: + name: lineage-controller-webhook + labels: + app: lineage-controller-webhook +spec: + selector: + matchLabels: + app: lineage-controller-webhook + template: + metadata: + labels: + app: lineage-controller-webhook + spec: + nodeSelector: + node-role.kubernetes.io/control-plane: "" + tolerations: + - key: "node-role.kubernetes.io/control-plane" + operator: "Exists" + effect: "NoSchedule" + - key: "node-role.kubernetes.io/master" + operator: "Exists" + effect: "NoSchedule" + serviceAccountName: lineage-controller-webhook + containers: + - name: lineage-controller-webhook + image: "{{ .Values.lineageControllerWebhook.image }}" + args: + {{- if .Values.lineageControllerWebhook.debug }} + - --zap-log-level=debug + {{- else }} + - --zap-log-level=info + {{- end }} + ports: + - name: webhook + containerPort: 9443 + volumeMounts: + - name: webhook-certs + mountPath: /tmp/k8s-webhook-server/serving-certs + readOnly: true + volumes: + - name: webhook-certs + secret: + secretName: lineage-controller-webhook-cert + defaultMode: 0400 diff --git a/packages/system/cozystack-controller/templates/mutatingwebhookconfiguration.yaml b/packages/system/lineage-controller-webhook/templates/mutatingwebhookconfiguration.yaml similarity index 79% rename from packages/system/cozystack-controller/templates/mutatingwebhookconfiguration.yaml rename to packages/system/lineage-controller-webhook/templates/mutatingwebhookconfiguration.yaml index 80dbcc1d..88b62a21 100644 --- a/packages/system/cozystack-controller/templates/mutatingwebhookconfiguration.yaml +++ b/packages/system/lineage-controller-webhook/templates/mutatingwebhookconfiguration.yaml @@ -3,7 +3,7 @@ kind: MutatingWebhookConfiguration metadata: name: lineage annotations: - cert-manager.io/inject-ca-from: {{ .Release.Namespace }}/cozystack-controller-webhook + cert-manager.io/inject-ca-from: {{ .Release.Namespace }}/lineage-controller-webhook labels: app: cozystack-controller webhooks: @@ -12,7 +12,7 @@ webhooks: sideEffects: None clientConfig: service: - name: cozystack-controller + name: lineage-controller-webhook namespace: {{ .Release.Namespace }} path: /mutate-lineage rules: @@ -39,3 +39,8 @@ webhooks: operator: NotIn values: - kube-system + - default + objectSelector: + matchExpressions: + - key: internal.cozystack.io/managed-by-cozystack + operator: DoesNotExist diff --git a/packages/system/lineage-controller-webhook/templates/rbac-bind.yaml b/packages/system/lineage-controller-webhook/templates/rbac-bind.yaml new file mode 100644 index 00000000..9a509d08 --- /dev/null +++ b/packages/system/lineage-controller-webhook/templates/rbac-bind.yaml @@ -0,0 +1,12 @@ +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRoleBinding +metadata: + name: lineage-controller-webhook +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: ClusterRole + name: lineage-controller-webhook +subjects: +- kind: ServiceAccount + name: lineage-controller-webhook + namespace: {{ .Release.Namespace }} diff --git a/packages/system/lineage-controller-webhook/templates/rbac.yaml b/packages/system/lineage-controller-webhook/templates/rbac.yaml new file mode 100644 index 00000000..d8b3f871 --- /dev/null +++ b/packages/system/lineage-controller-webhook/templates/rbac.yaml @@ -0,0 +1,8 @@ +kind: ClusterRole +apiVersion: rbac.authorization.k8s.io/v1 +metadata: + name: lineage-controller-webhook +rules: +- apiGroups: ['*'] + resources: ['*'] + verbs: ["get", "list", "watch"] diff --git a/packages/system/lineage-controller-webhook/templates/sa.yaml b/packages/system/lineage-controller-webhook/templates/sa.yaml new file mode 100644 index 00000000..a17761f0 --- /dev/null +++ b/packages/system/lineage-controller-webhook/templates/sa.yaml @@ -0,0 +1,4 @@ +kind: ServiceAccount +apiVersion: v1 +metadata: + name: lineage-controller-webhook diff --git a/packages/system/cozystack-controller/templates/service.yaml b/packages/system/lineage-controller-webhook/templates/service.yaml similarity index 55% rename from packages/system/cozystack-controller/templates/service.yaml rename to packages/system/lineage-controller-webhook/templates/service.yaml index 8cc0eb61..c5df90fb 100644 --- a/packages/system/cozystack-controller/templates/service.yaml +++ b/packages/system/lineage-controller-webhook/templates/service.yaml @@ -1,10 +1,11 @@ apiVersion: v1 kind: Service metadata: - name: cozystack-controller + name: lineage-controller-webhook labels: - app: cozystack-controller + app: lineage-controller-webhook spec: + internalTrafficPolicy: Local type: ClusterIP ports: - port: 443 @@ -12,4 +13,4 @@ spec: protocol: TCP name: webhook selector: - app: cozystack-controller + app: lineage-controller-webhook diff --git a/packages/system/lineage-controller-webhook/values.yaml b/packages/system/lineage-controller-webhook/values.yaml new file mode 100644 index 00000000..068de2d6 --- /dev/null +++ b/packages/system/lineage-controller-webhook/values.yaml @@ -0,0 +1,3 @@ +lineageControllerWebhook: + image: ghcr.io/cozystack/cozystack/lineage-controller-webhook:v0.37.0@sha256:845b8e68cbc277c2303080bcd55597e4334610d396dad258ad56fd906530acc3 + debug: false diff --git a/packages/system/multus/Chart.yaml b/packages/system/multus/Chart.yaml new file mode 100644 index 00000000..a019fc25 --- /dev/null +++ b/packages/system/multus/Chart.yaml @@ -0,0 +1,3 @@ +apiVersion: v2 +name: cozy-multus +version: 0.0.0 # Placeholder, the actual version will be automatically set during the build process diff --git a/packages/system/multus/Makefile b/packages/system/multus/Makefile new file mode 100644 index 00000000..7825bd5e --- /dev/null +++ b/packages/system/multus/Makefile @@ -0,0 +1,14 @@ +export NAME=multus +export NAMESPACE=cozy-$(NAME) + +include ../../../scripts/common-envs.mk +include ../../../scripts/package.mk + +update: + rm -rf templates + mkdir templates + $(eval RELEASE := $(shell curl -s https://api.github.com/repos/k8snetworkplumbingwg/multus-cni/releases/latest?per_page=1 | jq -r '.name')) + wget -q https://raw.githubusercontent.com/k8snetworkplumbingwg/multus-cni/refs/tags/$(RELEASE)/deployments/multus-daemonset-thick.yml -O templates/multus-daemonset-thick.yml + sed -i 's/namespace: kube-system/namespace: $(NAMESPACE)/;/multus-cni/s/snapshot-thick/$(RELEASE)-thick/' templates/multus-daemonset-thick.yml && \ + sed -i '/name:/s/kube-multus-ds/cozy-multus/;/memory:/s/"50Mi"/"100Mi"/' templates/multus-daemonset-thick.yml + diff --git a/packages/system/multus/templates/multus-daemonset-thick.yml b/packages/system/multus/templates/multus-daemonset-thick.yml new file mode 100644 index 00000000..099b5ef3 --- /dev/null +++ b/packages/system/multus/templates/multus-daemonset-thick.yml @@ -0,0 +1,254 @@ +# Note: +# This deployment file is designed for 'quickstart' of multus, easy installation to test it, +# hence this deployment yaml does not care about following things intentionally. +# - various configuration options +# - minor deployment scenario +# - upgrade/update/uninstall scenario +# Multus team understand users deployment scenarios are diverse, hence we do not cover +# comprehensive deployment scenario. We expect that it is covered by each platform deployment. +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + name: network-attachment-definitions.k8s.cni.cncf.io +spec: + group: k8s.cni.cncf.io + scope: Namespaced + names: + plural: network-attachment-definitions + singular: network-attachment-definition + kind: NetworkAttachmentDefinition + shortNames: + - net-attach-def + versions: + - name: v1 + served: true + storage: true + schema: + openAPIV3Schema: + description: 'NetworkAttachmentDefinition is a CRD schema specified by the Network Plumbing + Working Group to express the intent for attaching pods to one or more logical or physical + networks. More information available at: https://github.com/k8snetworkplumbingwg/multi-net-spec' + type: object + properties: + apiVersion: + description: 'APIVersion defines the versioned schema of this represen + tation of an object. Servers should convert recognized schemas to the + latest internal value, and may reject unrecognized values. More info: + https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + type: string + kind: + description: 'Kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + description: 'NetworkAttachmentDefinition spec defines the desired state of a network attachment' + type: object + properties: + config: + description: 'NetworkAttachmentDefinition config is a JSON-formatted CNI configuration' + type: string +--- +kind: ClusterRole +apiVersion: rbac.authorization.k8s.io/v1 +metadata: + name: multus +rules: + - apiGroups: ["k8s.cni.cncf.io"] + resources: + - '*' + verbs: + - '*' + - apiGroups: + - "" + resources: + - pods + - pods/status + verbs: + - get + - list + - update + - watch + - apiGroups: + - "" + - events.k8s.io + resources: + - events + verbs: + - create + - patch + - update +--- +kind: ClusterRoleBinding +apiVersion: rbac.authorization.k8s.io/v1 +metadata: + name: multus +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: ClusterRole + name: multus +subjects: + - kind: ServiceAccount + name: multus + namespace: cozy-multus +--- +apiVersion: v1 +kind: ServiceAccount +metadata: + name: multus + namespace: cozy-multus +--- +kind: ConfigMap +apiVersion: v1 +metadata: + name: multus-daemon-config + namespace: cozy-multus + labels: + tier: node + app: multus +data: + daemon-config.json: | + { + "chrootDir": "/hostroot", + "cniVersion": "0.3.1", + "logLevel": "verbose", + "logToStderr": true, + "cniConfigDir": "/host/etc/cni/net.d", + "multusAutoconfigDir": "/host/etc/cni/net.d", + "multusConfigFile": "auto", + "socketDir": "/host/run/multus/" + } +--- +apiVersion: apps/v1 +kind: DaemonSet +metadata: + name: cozy-multus + namespace: cozy-multus + labels: + tier: node + app: multus + name: multus +spec: + selector: + matchLabels: + name: multus + updateStrategy: + type: RollingUpdate + template: + metadata: + labels: + tier: node + app: multus + name: multus + spec: + hostNetwork: true + hostPID: true + tolerations: + - operator: Exists + effect: NoSchedule + - operator: Exists + effect: NoExecute + serviceAccountName: multus + containers: + - name: kube-multus + image: ghcr.io/k8snetworkplumbingwg/multus-cni:v4.2.2-thick + command: [ "/usr/src/multus-cni/bin/multus-daemon" ] + resources: + requests: + cpu: "100m" + memory: "100Mi" + limits: + cpu: "100m" + memory: "100Mi" + securityContext: + privileged: true + terminationMessagePolicy: FallbackToLogsOnError + volumeMounts: + - name: cni + mountPath: /host/etc/cni/net.d + # multus-daemon expects that cnibin path must be identical between pod and container host. + # e.g. if the cni bin is in '/opt/cni/bin' on the container host side, then it should be mount to '/opt/cni/bin' in multus-daemon, + # not to any other directory, like '/opt/bin' or '/usr/bin'. + - name: cnibin + mountPath: /opt/cni/bin + - name: host-run + mountPath: /host/run + - name: host-var-lib-cni-multus + mountPath: /var/lib/cni/multus + - name: host-var-lib-kubelet + mountPath: /var/lib/kubelet + mountPropagation: HostToContainer + - name: host-run-k8s-cni-cncf-io + mountPath: /run/k8s.cni.cncf.io + - name: host-run-netns + mountPath: /run/netns + mountPropagation: HostToContainer + - name: multus-daemon-config + mountPath: /etc/cni/net.d/multus.d + readOnly: true + - name: hostroot + mountPath: /hostroot + mountPropagation: HostToContainer + - mountPath: /etc/cni/multus/net.d + name: multus-conf-dir + env: + - name: MULTUS_NODE_NAME + valueFrom: + fieldRef: + fieldPath: spec.nodeName + initContainers: + - name: install-multus-binary + image: ghcr.io/k8snetworkplumbingwg/multus-cni:v4.2.2-thick + command: + - "sh" + - "-c" + - "cp /usr/src/multus-cni/bin/multus-shim /host/opt/cni/bin/multus-shim && cp /usr/src/multus-cni/bin/passthru /host/opt/cni/bin/passthru" + resources: + requests: + cpu: "10m" + memory: "15Mi" + securityContext: + privileged: true + terminationMessagePolicy: FallbackToLogsOnError + volumeMounts: + - name: cnibin + mountPath: /host/opt/cni/bin + mountPropagation: Bidirectional + terminationGracePeriodSeconds: 10 + volumes: + - name: cni + hostPath: + path: /etc/cni/net.d + - name: cnibin + hostPath: + path: /opt/cni/bin + - name: hostroot + hostPath: + path: / + - name: multus-daemon-config + configMap: + name: multus-daemon-config + items: + - key: daemon-config.json + path: daemon-config.json + - name: host-run + hostPath: + path: /run + - name: host-var-lib-cni-multus + hostPath: + path: /var/lib/cni/multus + - name: host-var-lib-kubelet + hostPath: + path: /var/lib/kubelet + - name: host-run-k8s-cni-cncf-io + hostPath: + path: /run/k8s.cni.cncf.io + - name: host-run-netns + hostPath: + path: /run/netns/ + - name: multus-conf-dir + hostPath: + path: /etc/cni/multus/net.d diff --git a/packages/system/multus/values.yaml b/packages/system/multus/values.yaml new file mode 100644 index 00000000..e69de29b diff --git a/packages/system/objectstorage-controller/values.yaml b/packages/system/objectstorage-controller/values.yaml index f71064cf..489052ac 100644 --- a/packages/system/objectstorage-controller/values.yaml +++ b/packages/system/objectstorage-controller/values.yaml @@ -1,3 +1,3 @@ objectstorage: controller: - image: "ghcr.io/cozystack/cozystack/objectstorage-controller:v0.37.0-alpha.2@sha256:aa0000265ae58155aebefedac72d0a6acc45437b8668bb9739bf11edefec067a" + image: "ghcr.io/cozystack/cozystack/objectstorage-controller:v0.37.0@sha256:5f2eed05d19ba971806374834cb16ca49282aac76130194c00b213c79ce3e10d" diff --git a/packages/system/redis-operator/Makefile b/packages/system/redis-operator/Makefile index 9ea964dd..650cbc72 100644 --- a/packages/system/redis-operator/Makefile +++ b/packages/system/redis-operator/Makefile @@ -1,6 +1,8 @@ +REDIS_OPERATOR_TAG=$(shell grep -F 'ARG VERSION=' images/redis-operator/Dockerfile | cut -f2 -d=) export NAME=redis-operator export NAMESPACE=cozy-$(NAME) +include ../../../scripts/common-envs.mk include ../../../scripts/package.mk update: @@ -9,3 +11,16 @@ update: helm repo update redis-operator helm pull redis-operator/redis-operator --untar --untardir charts sed -i '/{{/d' charts/redis-operator/crds/databases.spotahome.com_redisfailovers.yaml + +image: + docker buildx build images/redis-operator \ + --tag $(REGISTRY)/redis-operator:$(REDIS_OPERATOR_TAG) \ + --cache-from type=registry,ref=$(REGISTRY)/redis-operator:latest \ + --cache-to type=inline \ + --metadata-file images/redis-operator.json \ + $(BUILDX_ARGS) + REPOSITORY="$(REGISTRY)/redis-operator" \ + yq -i '.redis-operator.image.repository = strenv(REPOSITORY)' values.yaml + TAG=$(REDIS_OPERATOR_TAG)@$$(yq e '."containerimage.digest"' images/redis-operator.json -o json -r) \ + yq -i '.redis-operator.image.tag = strenv(TAG)' values.yaml + rm -f images/redis-operator.json diff --git a/packages/system/redis-operator/images/redis-operator/Dockerfile b/packages/system/redis-operator/images/redis-operator/Dockerfile new file mode 100644 index 00000000..d0d6b682 --- /dev/null +++ b/packages/system/redis-operator/images/redis-operator/Dockerfile @@ -0,0 +1,27 @@ +FROM golang:1.20 AS builder + +ARG VERSION=v1.3.0-rc1 + +ARG TARGETOS +ARG TARGETARCH + +WORKDIR /workspace + +RUN curl -sSL https://github.com/spotahome/redis-operator/archive/refs/tags/${VERSION}.tar.gz | tar -xzvf- --strip=1 + +COPY patches /patches +RUN git apply /patches/*.diff + +RUN GOOS=$TARGETOS GOARCH=$TARGETARCH VERSION=$VERSION ./scripts/build.sh + +FROM alpine:latest +RUN apk --no-cache add \ + ca-certificates +COPY --from=builder /workspace/bin/redis-operator /usr/local/bin +RUN addgroup -g 1000 rf && \ + adduser -D -u 1000 -G rf rf && \ + chown rf:rf /usr/local/bin/redis-operator +USER rf + +ENTRYPOINT ["/usr/local/bin/redis-operator"] + diff --git a/packages/system/redis-operator/images/redis-operator/patches/labels.diff b/packages/system/redis-operator/images/redis-operator/patches/labels.diff new file mode 100644 index 00000000..fe4c4254 --- /dev/null +++ b/packages/system/redis-operator/images/redis-operator/patches/labels.diff @@ -0,0 +1,23 @@ +diff --git a/service/k8s/service.go b/service/k8s/service.go +index 712cc4c0..e84afc92 100644 +--- a/service/k8s/service.go ++++ b/service/k8s/service.go +@@ -10,6 +10,7 @@ import ( + + "github.com/spotahome/redis-operator/log" + "github.com/spotahome/redis-operator/metrics" ++ "github.com/spotahome/redis-operator/operator/redisfailover/util" + ) + + // Service the ServiceAccount service that knows how to interact with k8s to manage them +@@ -95,6 +96,10 @@ func (s *ServiceService) CreateOrUpdateService(namespace string, service *corev1 + // namespace is our spec(https://github.com/kubernetes/community/blob/master/contributors/devel/api-conventions.md#concurrency-control-and-consistency), + // we will replace the current namespace state. + service.ResourceVersion = storedService.ResourceVersion ++ newLabels := util.MergeLabels(storedService.GetLabels(), service.GetLabels()) ++ newAnnotations := util.MergeAnnotations(storedService.GetAnnotations(), service.GetAnnotations()) ++ service.SetLabels(newLabels) ++ service.SetAnnotations(newAnnotations) + return s.UpdateService(namespace, service) + } + diff --git a/packages/system/redis-operator/values.yaml b/packages/system/redis-operator/values.yaml index eb8c61a9..77e91011 100644 --- a/packages/system/redis-operator/values.yaml +++ b/packages/system/redis-operator/values.yaml @@ -1,3 +1,4 @@ redis-operator: image: - tag: v1.3.0-rc1 + repository: ghcr.io/cozystack/cozystack/redis-operator + tag: v1.3.0-rc1@sha256:a4012e6a1b5daaedb57cc27edfdbff52124de4164b5ec0ee53c5ce5710ef4c25 diff --git a/packages/system/seaweedfs/charts/seaweedfs/templates/s3/s3-deployment.yaml b/packages/system/seaweedfs/charts/seaweedfs/templates/s3/s3-deployment.yaml index d710fecb..0c6d52c3 100644 --- a/packages/system/seaweedfs/charts/seaweedfs/templates/s3/s3-deployment.yaml +++ b/packages/system/seaweedfs/charts/seaweedfs/templates/s3/s3-deployment.yaml @@ -152,7 +152,10 @@ spec: {{- if .Values.s3.auditLogConfig }} -auditLogConfig=/etc/sw/s3_auditLogConfig.json \ {{- end }} - -filer={{ template "seaweedfs.name" . }}-filer-client.{{ .Release.Namespace }}:{{ .Values.filer.port }} + -filer={{ template "seaweedfs.name" . }}-filer-client.{{ .Release.Namespace }}:{{ .Values.filer.port }} \ + {{- range .Values.s3.extraArgs }} + {{ . }} \ + {{- end }} volumeMounts: {{- if or (eq .Values.s3.logs.type "hostPath") (eq .Values.s3.logs.type "emptyDir") }} - name: logs diff --git a/packages/system/seaweedfs/values.yaml b/packages/system/seaweedfs/values.yaml index 80460a49..05792a48 100644 --- a/packages/system/seaweedfs/values.yaml +++ b/packages/system/seaweedfs/values.yaml @@ -84,6 +84,8 @@ seaweedfs: auditLogConfig: {} s3: enabled: true + extraArgs: + - -idleTimeout=60 enableAuth: false readinessProbe: scheme: HTTPS @@ -118,7 +120,7 @@ seaweedfs: bucketClassName: "seaweedfs" region: "" sidecar: - image: "ghcr.io/cozystack/cozystack/objectstorage-sidecar:v0.37.0-alpha.2@sha256:3bde5040e9e6ef1afa000a8cfdb7a2ed2e503d4913fffc992fccf48f0e61057c" + image: "ghcr.io/cozystack/cozystack/objectstorage-sidecar:latest@sha256:f4ec2b5ec8183870e710b32fa11b3af5d97fa664572df5edcff4b593b00f9a7b" certificates: commonName: "SeaweedFS CA" ipAddresses: [] diff --git a/packages/system/velero/charts/velero/Chart.yaml b/packages/system/velero/charts/velero/Chart.yaml index 8b740531..2f303004 100644 --- a/packages/system/velero/charts/velero/Chart.yaml +++ b/packages/system/velero/charts/velero/Chart.yaml @@ -1,5 +1,5 @@ apiVersion: v2 -appVersion: 1.16.1 +appVersion: 1.17.0 description: A Helm chart for velero home: https://github.com/vmware-tanzu/velero icon: https://cdn-images-1.medium.com/max/1600/1*-9mb3AKnKdcL_QD3CMnthQ.png @@ -14,4 +14,4 @@ maintainers: name: velero sources: - https://github.com/vmware-tanzu/velero -version: 10.0.5 +version: 11.0.0 diff --git a/packages/system/velero/charts/velero/README.md b/packages/system/velero/charts/velero/README.md index 61d584ab..088b7f7c 100644 --- a/packages/system/velero/charts/velero/README.md +++ b/packages/system/velero/charts/velero/README.md @@ -102,6 +102,107 @@ CSI plugin has been merged into velero repo in v1.14 release. It will be install This version removes the `nodeAgent.privileged` field, you should use `nodeAgent.containerSecurityContext.privileged` instead +## Repository Maintenance Configuration + +Starting from Velero v1.15, you can configure repository maintenance jobs with different resource limits and node affinity settings per repository using a ConfigMap. This feature is supported through the Helm chart. + +### Basic Usage + +To enable per-repository maintenance configuration, provide repository-specific configurations and provide global configurations that will be applied across all repositories: + +```yaml +configuration: + repositoryMaintenanceJob: + repositoryConfigData: + name: "my-repo-maintenance-config" # Optional, defaults to "velero-repo-maintenance" + global: + podResources: + cpuRequest: "100m" + cpuLimit: "200m" + memoryRequest: "100Mi" + memoryLimit: "200Mi" + keepLatestMaintenanceJobs: 1 +``` + +### Per-Repository Configuration + +You can configure specific settings for individual repositories using repository keys. Repository keys are formed as: `{namespace}-{storageLocation}-{repositoryType}`. + +For example, if you have a BackupRepository for namespace `prod` using storage location `s3-backup` with repository type `kopia`, the key would be `prod-s3-backup-kopia`. + +```yaml +configuration: + repositoryMaintenanceJob: + repositoryConfigData: + global: + podResources: + cpuRequest: "100m" + cpuLimit: "200m" + memoryRequest: "100Mi" + memoryLimit: "200Mi" + repositories: + "prod-s3-backup-kopia": + podResources: + cpuRequest: "500m" + cpuLimit: "1000m" + memoryRequest: "512Mi" + memoryLimit: "1024Mi" + loadAffinity: + - nodeSelector: + matchLabels: + dedicated: "backup" +``` + +### Node Affinity and Priority Class + +You can specify node affinity and priority class for maintenance jobs: + +```yaml +configuration: + repositoryMaintenanceJob: + repositoryConfigData: + global: + podResources: + cpuRequest: "100m" + cpuLimit: "200m" + memoryRequest: "100Mi" + memoryLimit: "200Mi" + loadAffinity: + - nodeSelector: + matchExpressions: + - key: "cloud.google.com/machine-family" + operator: "In" + values: ["e2"] + - nodeSelector: + matchExpressions: + - key: "topology.kubernetes.io/zone" + operator: "In" + values: ["us-central1-a", "us-central1-b", "us-central1-c"] + priorityClassName: "low-priority" +``` + +**Note**: `priorityClassName` is only supported in the global configuration section and applies to all maintenance jobs. + +### Backward Compatibility + +When `repositoryConfigData.global` and `repositoryConfigData.repositories` are not provided (default), the chart continues to use the legacy global settings: + +```yaml +configuration: + repositoryMaintenanceJob: + requests: + cpu: 500m + memory: 512Mi + limits: + cpu: 1000m + memory: 1024Mi + latestJobsCount: 3 +``` + +Note: The legacy parameters (`--maintenance-job-cpu-request`, `--maintenance-job-mem-request`, `--maintenance-job-cpu-limit`, `--maintenance-job-mem-limit`) are deprecated in Velero v1.15 and will be removed in v1.17. + +For more information, see the [Velero Repository Maintenance documentation](https://velero.io/docs/main/repository-maintenance/). + ## Upgrading Velero ### Upgrading to v1.16 diff --git a/packages/system/velero/charts/velero/crds/backuprepositories.yaml b/packages/system/velero/charts/velero/crds/backuprepositories.yaml index 73da6eaa..7714f73a 100644 --- a/packages/system/velero/charts/velero/crds/backuprepositories.yaml +++ b/packages/system/velero/charts/velero/crds/backuprepositories.yaml @@ -73,7 +73,7 @@ spec: resticIdentifier: description: |- ResticIdentifier is the full restic-compatible string for identifying - this repository. + this repository. This field is only used when RepositoryType is "restic". type: string volumeNamespace: description: |- @@ -83,7 +83,6 @@ spec: required: - backupStorageLocation - maintenanceFrequency - - resticIdentifier - volumeNamespace type: object status: diff --git a/packages/system/velero/charts/velero/crds/backups.yaml b/packages/system/velero/charts/velero/crds/backups.yaml index f36d7b43..a6768029 100644 --- a/packages/system/velero/charts/velero/crds/backups.yaml +++ b/packages/system/velero/charts/velero/crds/backups.yaml @@ -512,6 +512,10 @@ spec: uploads to perform when using the uploader. type: integer type: object + volumeGroupSnapshotLabelKey: + description: VolumeGroupSnapshotLabelKey specifies the label key + to group PVCs under a VGS. + type: string volumeSnapshotLocations: description: VolumeSnapshotLocations is a list containing names of VolumeSnapshotLocations associated with this backup. diff --git a/packages/system/velero/charts/velero/crds/datauploads.yaml b/packages/system/velero/charts/velero/crds/datauploads.yaml index d17bd138..5a9fc2a6 100644 --- a/packages/system/velero/charts/velero/crds/datauploads.yaml +++ b/packages/system/velero/charts/velero/crds/datauploads.yaml @@ -89,6 +89,9 @@ spec: of the CSI snapshot. nullable: true properties: + driver: + description: Driver is the driver used by the VolumeSnapshotContent + type: string snapshotClass: description: SnapshotClass is the name of the snapshot class that the volume snapshot is created with diff --git a/packages/system/velero/charts/velero/crds/podvolumebackups.yaml b/packages/system/velero/charts/velero/crds/podvolumebackups.yaml index f83ff45f..a232b945 100644 --- a/packages/system/velero/charts/velero/crds/podvolumebackups.yaml +++ b/packages/system/velero/charts/velero/crds/podvolumebackups.yaml @@ -17,38 +17,41 @@ spec: scope: Namespaced versions: - additionalPrinterColumns: - - description: Pod Volume Backup status such as New/InProgress + - description: PodVolumeBackup status such as New/InProgress jsonPath: .status.phase name: Status type: string - - description: Time when this backup was started + - description: Time duration since this PodVolumeBackup was started jsonPath: .status.startTimestamp - name: Created + name: Started type: date - - description: Namespace of the pod containing the volume to be backed up - jsonPath: .spec.pod.namespace - name: Namespace - type: string - - description: Name of the pod containing the volume to be backed up - jsonPath: .spec.pod.name - name: Pod - type: string - - description: Name of the volume to be backed up - jsonPath: .spec.volume - name: Volume - type: string - - description: The type of the uploader to handle data transfer - jsonPath: .spec.uploaderType - name: Uploader Type - type: string + - description: Completed bytes + format: int64 + jsonPath: .status.progress.bytesDone + name: Bytes Done + type: integer + - description: Total bytes + format: int64 + jsonPath: .status.progress.totalBytes + name: Total Bytes + type: integer - description: Name of the Backup Storage Location where this backup should be stored jsonPath: .spec.backupStorageLocation name: Storage Location type: string - - jsonPath: .metadata.creationTimestamp + - description: Time duration since this PodVolumeBackup was created + jsonPath: .metadata.creationTimestamp name: Age type: date + - description: Name of the node where the PodVolumeBackup is processed + jsonPath: .status.node + name: Node + type: string + - description: The type of the uploader to handle data transfer + jsonPath: .spec.uploaderType + name: Uploader + type: string name: v1 schema: openAPIV3Schema: @@ -78,6 +81,11 @@ spec: BackupStorageLocation is the name of the backup storage location where the backup repository is stored. type: string + cancel: + description: |- + Cancel indicates request to cancel the ongoing PodVolumeBackup. It can be set + when the PodVolumeBackup is in InProgress phase + type: boolean node: description: Node is the name of the node that the Pod is running on. @@ -167,6 +175,13 @@ spec: status: description: PodVolumeBackupStatus is the current status of a PodVolumeBackup. properties: + acceptedTimestamp: + description: |- + AcceptedTimestamp records the time the pod volume backup is to be prepared. + The server's time is used for AcceptedTimestamp + format: date-time + nullable: true + type: string completionTimestamp: description: |- CompletionTimestamp records the time a backup was completed. @@ -188,7 +203,11 @@ spec: description: Phase is the current state of the PodVolumeBackup. enum: - New + - Accepted + - Prepared - InProgress + - Canceling + - Canceled - Completed - Failed type: string diff --git a/packages/system/velero/charts/velero/crds/podvolumerestores.yaml b/packages/system/velero/charts/velero/crds/podvolumerestores.yaml index 7bc5edad..1521ec96 100644 --- a/packages/system/velero/charts/velero/crds/podvolumerestores.yaml +++ b/packages/system/velero/charts/velero/crds/podvolumerestores.yaml @@ -17,39 +17,41 @@ spec: scope: Namespaced versions: - additionalPrinterColumns: - - description: Namespace of the pod containing the volume to be restored - jsonPath: .spec.pod.namespace - name: Namespace + - description: PodVolumeRestore status such as New/InProgress + jsonPath: .status.phase + name: Status type: string - - description: Name of the pod containing the volume to be restored - jsonPath: .spec.pod.name - name: Pod + - description: Time duration since this PodVolumeRestore was started + jsonPath: .status.startTimestamp + name: Started + type: date + - description: Completed bytes + format: int64 + jsonPath: .status.progress.bytesDone + name: Bytes Done + type: integer + - description: Total bytes + format: int64 + jsonPath: .status.progress.totalBytes + name: Total Bytes + type: integer + - description: Name of the Backup Storage Location where the backup data is + stored + jsonPath: .spec.backupStorageLocation + name: Storage Location + type: string + - description: Time duration since this PodVolumeRestore was created + jsonPath: .metadata.creationTimestamp + name: Age + type: date + - description: Name of the node where the PodVolumeRestore is processed + jsonPath: .status.node + name: Node type: string - description: The type of the uploader to handle data transfer jsonPath: .spec.uploaderType name: Uploader Type type: string - - description: Name of the volume to be restored - jsonPath: .spec.volume - name: Volume - type: string - - description: Pod Volume Restore status such as New/InProgress - jsonPath: .status.phase - name: Status - type: string - - description: Pod Volume Restore status such as New/InProgress - format: int64 - jsonPath: .status.progress.totalBytes - name: TotalBytes - type: integer - - description: Pod Volume Restore status such as New/InProgress - format: int64 - jsonPath: .status.progress.bytesDone - name: BytesDone - type: integer - - jsonPath: .metadata.creationTimestamp - name: Age - type: date name: v1 schema: openAPIV3Schema: @@ -79,6 +81,11 @@ spec: BackupStorageLocation is the name of the backup storage location where the backup repository is stored. type: string + cancel: + description: |- + Cancel indicates request to cancel the ongoing PodVolumeRestore. It can be set + when the PodVolumeRestore is in InProgress phase + type: boolean pod: description: Pod is a reference to the pod containing the volume to be restored. @@ -164,6 +171,13 @@ spec: status: description: PodVolumeRestoreStatus is the current status of a PodVolumeRestore. properties: + acceptedTimestamp: + description: |- + AcceptedTimestamp records the time the pod volume restore is to be prepared. + The server's time is used for AcceptedTimestamp + format: date-time + nullable: true + type: string completionTimestamp: description: |- CompletionTimestamp records the time a restore was completed. @@ -176,11 +190,19 @@ spec: description: Message is a message about the pod volume restore's status. type: string + node: + description: Node is name of the node where the pod volume restore + is processed. + type: string phase: description: Phase is the current state of the PodVolumeRestore. enum: - New + - Accepted + - Prepared - InProgress + - Canceling + - Canceled - Completed - Failed type: string diff --git a/packages/system/velero/charts/velero/crds/schedules.yaml b/packages/system/velero/charts/velero/crds/schedules.yaml index f09bdb1a..ed521799 100644 --- a/packages/system/velero/charts/velero/crds/schedules.yaml +++ b/packages/system/velero/charts/velero/crds/schedules.yaml @@ -553,6 +553,10 @@ spec: parallel uploads to perform when using the uploader. type: integer type: object + volumeGroupSnapshotLabelKey: + description: VolumeGroupSnapshotLabelKey specifies the label + key to group PVCs under a VGS. + type: string volumeSnapshotLocations: description: VolumeSnapshotLocations is a list containing names of VolumeSnapshotLocations associated with this backup. diff --git a/packages/system/velero/charts/velero/templates/NOTES.txt b/packages/system/velero/charts/velero/templates/NOTES.txt index d2f0fb79..ea193341 100644 --- a/packages/system/velero/charts/velero/templates/NOTES.txt +++ b/packages/system/velero/charts/velero/templates/NOTES.txt @@ -75,6 +75,22 @@ More info on the official site: https://velero.io/docs {{- end }} {{- end }} +{{- if eq .Values.configuration.uploaderType "restic" }} +{{- $breaking = print $breaking "\n\nERROR: restic uploaderType was removed, please use a different one" }} +{{- end }} + +{{- if hasKey .Values.configuration.repositoryMaintenanceJob "requests" }} +{{- $breaking = print $breaking "\n\nREMOVED: configuration.repositoryMaintenanceJob.requests has been removed, please use the configmap" }} +{{- end }} + +{{- if hasKey .Values.configuration.repositoryMaintenanceJob "limits" }} +{{- $breaking = print $breaking "\n\nREMOVED: configuration.repositoryMaintenanceJob.limits has been removed, please use the configmap" }} +{{- end }} + +{{- if hasKey .Values.configuration.repositoryMaintenanceJob "latestJobsCount" }} +{{- $breaking = print $breaking "\n\nREMOVED: configuration.repositoryMaintenanceJob.latestJobsCount has been removed, please use the configmap" }} +{{- end }} + {{- if $breaking }} {{- fail (print $breaking_title $breaking) }} {{- end }} diff --git a/packages/system/velero/charts/velero/templates/deployment.yaml b/packages/system/velero/charts/velero/templates/deployment.yaml index 5789542b..d2a72639 100644 --- a/packages/system/velero/charts/velero/templates/deployment.yaml +++ b/packages/system/velero/charts/velero/templates/deployment.yaml @@ -3,7 +3,7 @@ apiVersion: apps/v1 kind: Deployment metadata: - name: {{ include "velero.fullname" . }} + name: velero namespace: {{ .Release.Namespace }} {{- with .Values.annotations }} annotations: @@ -21,7 +21,7 @@ metadata: {{- end }} spec: replicas: 1 - {{- if .Values.revisionHistoryLimit }} + {{- if hasKey .Values "revisionHistoryLimit" }} revisionHistoryLimit: {{ .Values.revisionHistoryLimit }} {{- end }} strategy: @@ -57,7 +57,7 @@ spec: {{- end }} {{- end }} spec: - {{- with .Values.hostAliases -}} + {{- with .Values.hostAliases }} hostAliases: {{- toYaml . | nindent 8 }} {{- end }} @@ -180,24 +180,9 @@ spec: - --namespace={{ . }} {{- end }} {{- with .repositoryMaintenanceJob }} - {{- with .requests }} - {{- with .cpu }} - - --maintenance-job-cpu-request={{ . }} - {{- end }} - {{- with .memory }} - - --maintenance-job-mem-request={{ . }} - {{- end }} - {{- end }} - {{- with .limits }} - {{- with .cpu }} - - --maintenance-job-cpu-limit={{ . }} - {{- end }} - {{- with .memory }} - - --maintenance-job-mem-limit={{ . }} - {{- end }} - {{- end }} - {{- with .latestJobsCount }} - - --keep-latest-maintenance-jobs={{ . }} + {{- if and .repositoryConfigData (or .repositoryConfigData.global .repositoryConfigData.repositories) }} + - --repo-maintenance-job-configmap={{ default "velero-repo-maintenance" .repositoryConfigData.name }} + {{- else }} {{- end }} {{- end }} {{- with .extraArgs }} @@ -209,6 +194,10 @@ spec: resources: {{- toYaml . | nindent 12 }} {{- end }} + {{- with .Values.resizePolicy }} + resizePolicy: + {{- toYaml . | nindent 12 }} + {{- end }} {{- if .Values.metrics.enabled }} {{- with .Values.livenessProbe }} livenessProbe: {{- toYaml . | nindent 12 }} diff --git a/packages/system/velero/charts/velero/templates/label-namespace/labelnamespace.yaml b/packages/system/velero/charts/velero/templates/label-namespace/labelnamespace.yaml index de64ce67..2c78fa53 100644 --- a/packages/system/velero/charts/velero/templates/label-namespace/labelnamespace.yaml +++ b/packages/system/velero/charts/velero/templates/label-namespace/labelnamespace.yaml @@ -31,8 +31,8 @@ spec: - /bin/sh - -c - | - {{- range .Values.namespace.labels }} - kubectl label namespace {{ $.Release.Namespace }} {{ .key }}={{ .value }} + {{- range $key, $value := .Values.namespace.labels }} + kubectl label namespace {{ $.Release.Namespace }} {{ $key }}={{ $value }} {{- end }} {{- if .Values.kubectl.extraVolumeMounts }} volumeMounts: diff --git a/packages/system/velero/charts/velero/templates/node-agent-daemonset.yaml b/packages/system/velero/charts/velero/templates/node-agent-daemonset.yaml index 03e5cdd0..597ca459 100644 --- a/packages/system/velero/charts/velero/templates/node-agent-daemonset.yaml +++ b/packages/system/velero/charts/velero/templates/node-agent-daemonset.yaml @@ -49,7 +49,7 @@ spec: {{- end }} {{- end }} spec: - {{ with .Values.hostAliases -}} + {{- with .Values.nodeAgent.hostAliases }} hostAliases: {{- toYaml . | nindent 8 }} {{- end }} @@ -68,7 +68,7 @@ spec: {{- if .Values.nodeAgent.priorityClassName }} priorityClassName: {{ include "velero.nodeAgent.priorityClassName" . }} {{- end }} - {{- if .Values.runtimeClassName }} + {{- if .Values.nodeAgent.runtimeClassName }} runtimeClassName: {{ include "velero.nodeAgent.runtimeClassName" . }} {{- end }} terminationGracePeriodSeconds: {{ .Values.terminationGracePeriodSeconds }} @@ -197,6 +197,10 @@ spec: resources: {{- toYaml . | nindent 12 }} {{- end }} + {{- with .Values.nodeAgent.resizePolicy }} + resizePolicy: + {{- toYaml . | nindent 12 }} + {{- end }} {{- with .Values.nodeAgent.tolerations }} tolerations: {{- toYaml . | nindent 8 }} diff --git a/packages/system/velero/charts/velero/templates/repo-maintenance-configmap.yaml b/packages/system/velero/charts/velero/templates/repo-maintenance-configmap.yaml new file mode 100644 index 00000000..25c0c373 --- /dev/null +++ b/packages/system/velero/charts/velero/templates/repo-maintenance-configmap.yaml @@ -0,0 +1,21 @@ +{{- if and .Values.configuration .Values.configuration.repositoryMaintenanceJob .Values.configuration.repositoryMaintenanceJob.repositoryConfigData (or .Values.configuration.repositoryMaintenanceJob.repositoryConfigData.global .Values.configuration.repositoryMaintenanceJob.repositoryConfigData.repositories) }} +apiVersion: v1 +kind: ConfigMap +metadata: + name: {{ default "velero-repo-maintenance" .Values.configuration.repositoryMaintenanceJob.repositoryConfigData.name }} + namespace: {{ .Release.Namespace }} + labels: + app.kubernetes.io/name: {{ include "velero.name" . }} + app.kubernetes.io/instance: {{ .Release.Name }} + app.kubernetes.io/managed-by: {{ .Release.Service }} + helm.sh/chart: {{ include "velero.chart" . }} +data: + {{- with .Values.configuration.repositoryMaintenanceJob.repositoryConfigData.global }} + global: | + {{- . | toPrettyJson | nindent 4 }} + {{- end }} + {{- range $repoKey, $repoConfig := .Values.configuration.repositoryMaintenanceJob.repositoryConfigData.repositories }} + {{ $repoKey }}: | + {{- $repoConfig | toPrettyJson | nindent 4 }} + {{- end }} +{{- end }} \ No newline at end of file diff --git a/packages/system/velero/charts/velero/templates/service.yaml b/packages/system/velero/charts/velero/templates/service.yaml index 7cccbc54..662ca646 100644 --- a/packages/system/velero/charts/velero/templates/service.yaml +++ b/packages/system/velero/charts/velero/templates/service.yaml @@ -23,6 +23,12 @@ spec: {{- if .Values.metrics.service.internalTrafficPolicy }} internalTrafficPolicy: {{ .Values.metrics.service.internalTrafficPolicy }} {{- end }} + {{- if .Values.metrics.service.ipFamilyPolicy }} + ipFamilyPolicy: {{ .Values.metrics.service.ipFamilyPolicy }} + {{- end }} + {{- if .Values.metrics.service.ipFamilies }} + ipFamilies: {{ toYaml .Values.metrics.service.ipFamilies | nindent 4 }} + {{- end }} type: {{ .Values.metrics.service.type }} ports: - name: http-monitoring diff --git a/packages/system/velero/charts/velero/values.schema.json b/packages/system/velero/charts/velero/values.schema.json index d23009d4..367e0d8c 100644 --- a/packages/system/velero/charts/velero/values.schema.json +++ b/packages/system/velero/charts/velero/values.schema.json @@ -105,7 +105,7 @@ "type": "string" }, "initContainers": { - "type": ["array", "null"], + "type": ["array", "string", "null"], "items": {} }, "podSecurityContext": { @@ -367,10 +367,10 @@ "type": ["string", "null"] }, "provider": { - "type": ["string", "null"] + "type": ["string"] }, "bucket": { - "type": ["string", "null"] + "type": ["string"] }, "caCert": { "type": ["string", "null"] @@ -405,8 +405,7 @@ }, "required": [ "provider", - "bucket", - "config" + "bucket" ] } }, @@ -419,7 +418,7 @@ "type": ["string", "null"] }, "provider": { - "type": ["string", "null"] + "type": ["string"] }, "credential": { "type": "object", @@ -438,9 +437,7 @@ } }, "required": [ - "name", - "provider", - "config" + "provider" ] } }, @@ -473,6 +470,80 @@ }, "latestJobsCount": { "type": "number" + }, + "repositoryConfigData": { + "type": "object", + "properties": { + "name": { + "type": "string", + "description": "Name of the ConfigMap to create for per-repository maintenance configuration" + }, + "global": { + "type": "object", + "description": "Global configuration applied to all repositories when no specific repository configuration is found", + "properties": { + "podResources": { + "type": "object", + "properties": { + "cpuRequest": {"type": "string"}, + "cpuLimit": {"type": "string"}, + "memoryRequest": {"type": "string"}, + "memoryLimit": {"type": "string"} + } + }, + "keepLatestMaintenanceJobs": { + "type": "number" + }, + "priorityClassName": { + "type": "string" + }, + "loadAffinity": { + "type": "array", + "items": { + "type": "object", + "properties": { + "nodeSelector": { + "type": "object" + } + } + } + } + } + }, + "repositories": { + "type": "object", + "description": "Repository-specific configurations keyed by repository identifier (namespace-storageLocation-repositoryType)", + "additionalProperties": { + "type": "object", + "properties": { + "podResources": { + "type": "object", + "properties": { + "cpuRequest": {"type": "string"}, + "cpuLimit": {"type": "string"}, + "memoryRequest": {"type": "string"}, + "memoryLimit": {"type": "string"} + } + }, + "keepLatestMaintenanceJobs": { + "type": "number" + }, + "loadAffinity": { + "type": "array", + "items": { + "type": "object", + "properties": { + "nodeSelector": { + "type": "object" + } + } + } + } + } + } + } + }, + "required": [] } }, "required": [] @@ -688,7 +759,6 @@ }, "required": [ "podVolumePath", - "pluginVolumePath", "dnsPolicy" ] }, @@ -732,4 +802,4 @@ ] } } -} \ No newline at end of file +} diff --git a/packages/system/velero/charts/velero/values.yaml b/packages/system/velero/charts/velero/values.yaml index 659d0034..30eb7b5f 100644 --- a/packages/system/velero/charts/velero/values.yaml +++ b/packages/system/velero/charts/velero/values.yaml @@ -7,18 +7,12 @@ namespace: labels: {} # Enforce Pod Security Standards with Namespace Labels # https://kubernetes.io/docs/tasks/configure-pod-container/enforce-standards-namespace-labels/ - # - key: pod-security.kubernetes.io/enforce - # value: privileged - # - key: pod-security.kubernetes.io/enforce-version - # value: latest - # - key: pod-security.kubernetes.io/audit - # value: privileged - # - key: pod-security.kubernetes.io/audit-version - # value: latest - # - key: pod-security.kubernetes.io/warn - # value: privileged - # - key: pod-security.kubernetes.io/warn-version - # value: latest + # pod-security.kubernetes.io/enforce: privileged + # pod-security.kubernetes.io/enforce-version: latest + # pod-security.kubernetes.io/audit: privileged + # pod-security.kubernetes.io/audit-version: latest + # pod-security.kubernetes.io/warn: privileged + # pod-security.kubernetes.io/warn-version: latest ## ## End of namespace-related settings. @@ -33,7 +27,7 @@ namespace: # enabling node-agent). Required. image: repository: velero/velero - tag: v1.16.1 + tag: v1.17.0 # Digest value example: sha256:d238835e151cec91c6a811fe3a89a66d3231d9f64d09e5f3c49552672d271f38. # If used, it will take precedence over the image.tag. # digest: @@ -81,6 +75,14 @@ resources: {} # cpu: 1000m # memory: 512Mi +# Container resize policy for the Velero deployment. +# See: https://kubernetes.io/docs/tasks/configure-pod-container/resize-container-resources/ +resizePolicy: [] + # - resourceName: cpu + # restartPolicy: NotRequired + # - resourceName: memory + # restartPolicy: RestartContainer + # Configure hostAliases for Velero deployment. Optional # For more information, check: https://kubernetes.io/docs/tasks/network/customize-hosts-file-for-pods/ hostAliases: [] @@ -128,7 +130,7 @@ dnsPolicy: ClusterFirst # If the value is a string then it is evaluated as a template. initContainers: # - name: velero-plugin-for-aws - # image: velero/velero-plugin-for-aws:v1.12.1 + # image: velero/velero-plugin-for-aws:v1.13.0 # imagePullPolicy: IfNotPresent # volumeMounts: # - mountPath: /target @@ -247,6 +249,11 @@ metrics: externalTrafficPolicy: "" internalTrafficPolicy: "" + # the IP family policy for the metrics Service to be able to configure dual-stack; see [Configure dual-stack](https://kubernetes.io/docs/concepts/services-networking/dual-stack/#services). + ipFamilyPolicy: "" + # a list of IP families for the metrics Service that should be supported, in the order in which they should be applied to ClusterIP. Can be "IPv4" and/or "IPv6". + ipFamilies: [] + # Pod annotations for Prometheus podAnnotations: prometheus.io/scrape: "true" @@ -291,26 +298,47 @@ metrics: # namespace: "" # Rules to be deployed spec: [] - # - alert: VeleroBackupPartialFailures + # - alert: VeleroBackupFailed # annotations: - # message: Velero backup {{ $labels.schedule }} has {{ $value | humanizePercentage }} partialy failed backups. + # message: Velero backup {{ $labels.schedule }} has failed # expr: |- - # velero_backup_partial_failure_total{schedule!=""} / velero_backup_attempt_total{schedule!=""} > 0.25 + # velero_backup_last_status{schedule!=""} != 1 # for: 15m # labels: # severity: warning - # - alert: VeleroBackupFailures + # - alert: VeleroBackupFailing # annotations: - # message: Velero backup {{ $labels.schedule }} has {{ $value | humanizePercentage }} failed backups. + # message: Velero backup {{ $labels.schedule }} has been failing for the last 12h # expr: |- - # velero_backup_failure_total{schedule!=""} / velero_backup_attempt_total{schedule!=""} > 0.25 + # velero_backup_last_status{schedule!=""} != 1 + # for: 12h + # labels: + # severity: critical + # - alert: VeleroNoNewBackup + # annotations: + # message: Velero backup {{ $labels.schedule }} has not run successfuly in the last 30h + # expr: |- + # ( + # rate(velero_backup_last_successful_timestamp{schedule!=""}[15m]) <=bool 0 + # or + # absent(velero_backup_last_successful_timestamp{schedule!=""}) + # ) == 1 + # for: 30h + # labels: + # severity: critical + # - alert: VeleroBackupPartialFailures + # annotations: + # message: Velero backup {{ $labels.schedule }} has {{ $value | humanizePercentage }} partialy failed backups + # expr: |- + # rate(velero_backup_partial_failure_total{schedule!=""}[25m]) + # / rate(velero_backup_attempt_total{schedule!=""}[25m]) > 0.5 # for: 15m # labels: # severity: warning kubectl: image: - repository: docker.io/bitnami/kubectl + repository: docker.io/bitnamilegacy/kubectl # Digest value example: sha256:d238835e151cec91c6a811fe3a89a66d3231d9f64d09e5f3c49552672d271f38. # If used, it will take precedence over the kubectl.image.tag. # digest: @@ -354,9 +382,9 @@ configuration: # a backup storage location will be created with the name "default". Optional. - name: # provider is the name for the backup storage location provider. - provider: + provider: "" # bucket is the name of the bucket to store backups in. Required. - bucket: + bucket: "" # caCert defines a base64 encoded CA bundle to use when verifying TLS connections to the provider. Optional. caCert: # prefix is the directory under which all Velero data should be stored within the bucket. Optional. @@ -398,10 +426,11 @@ configuration: # Parameters for the VolumeSnapshotLocation(s). Configure multiple by adding other element(s) to the volumeSnapshotLocation slice. # See https://velero.io/docs/v1.6/api-types/volumesnapshotlocation/ volumeSnapshotLocation: - # name is the name of the volume snapshot location where snapshots are being taken. Required. + # name is the name of the volume snapshot location where snapshots are being taken. If a name is not provided, + # a volume snapshot location will be created with the name "default". Optional. - name: # provider is the name for the volume snapshot provider. - provider: + provider: "" credential: # name of the secret used by this volumeSnapshotLocation. name: @@ -483,14 +512,48 @@ configuration: # Resource requests/limits to specify for the repository-maintenance job. Optional. # https://velero.io/docs/v1.14/repository-maintenance/#resource-limitation repositoryMaintenanceJob: - requests: - # cpu: 500m - # memory: 512Mi - limits: - # cpu: 1000m - # memory: 1024Mi - # Number of latest maintenance jobs to keep for each repository - latestJobsCount: 3 + # Per-repository resource settings ConfigMap + # This ConfigMap allows specifying different settings for different repositories + # See: https://velero.io/docs/main/repository-maintenance/ + repositoryConfigData: + # Name of the ConfigMap to create. If not provided, will use "velero-repo-maintenance" + name: "velero-repo-maintenance" + # Global configuration applied to all repositories + # This configuration is used when no specific repository configuration is found + # global: + # podResources: + # cpuRequest: "100m" + # cpuLimit: "200m" + # memoryRequest: "100Mi" + # memoryLimit: "200Mi" + # keepLatestMaintenanceJobs: 1 + # loadAffinity: + # - nodeSelector: + # matchExpressions: + # - key: "cloud.google.com/machine-family" + # operator: "In" + # values: ["e2"] + # - nodeSelector: + # matchExpressions: + # - key: "topology.kubernetes.io/zone" + # operator: "In" + # values: ["us-central1-a", "us-central1-b", "us-central1-c"] + # priorityClassName: "low-priority" # Note: priorityClassName is only supported in global configuration + global: + keepLatestMaintenanceJobs: 3 + # Repository-specific configurations + # Repository keys are formed as: "{namespace}-{storageLocation}-{repositoryType}" + # For example: "default-default-kopia" or "prod-s3-backup-kopia" + # Note: priorityClassName is NOT supported in repository-specific configurations + # repositories: + # "kibishii-default-kopia": + # podResources: + # cpuRequest: "200m" + # cpuLimit: "400m" + # memoryRequest: "200Mi" + # memoryLimit: "400Mi" + # keepLatestMaintenanceJobs: 2 + repositories: {} # `velero server` default: velero namespace: # additional command-line arguments that will be passed to the `velero server` @@ -601,6 +664,13 @@ nodeAgent: # limits: # cpu: 1000m # memory: 1024Mi + # Container resize policy for the node-agent daemonset. + # See: https://kubernetes.io/docs/tasks/configure-pod-container/resize-container-resources/ + resizePolicy: [] + # - resourceName: cpu + # restartPolicy: NotRequired + # - resourceName: memory + # restartPolicy: RestartContainer # Tolerations to use for the node-agent daemonset. Optional. tolerations: [] @@ -714,7 +784,7 @@ schedules: {} # velero.io/plugin-config: "" # velero.io/pod-volume-restore: RestoreItemAction # data: -# image: velero/velero-restore-helper:v1.10.2 +# image: velero/velero:v1.17.0 # cpuRequest: 200m # memRequest: 128Mi # cpuLimit: 200m diff --git a/packages/system/velero/values.yaml b/packages/system/velero/values.yaml index bf980e4b..62f13c1f 100644 --- a/packages/system/velero/values.yaml +++ b/packages/system/velero/values.yaml @@ -6,14 +6,13 @@ velero: volumeMounts: - mountPath: /target name: plugins - # deployNodeAgent: true + deployNodeAgent: true configuration: # defaultVolumesToFsBackup: true backupStorageLocation: null volumeSnapshotLocation: null namespace: cozy-velero features: EnableCSI - kubectl: - image: - repository: docker.io/alpine/k8s - tag: 1.33.4 + # Increase timeout for item operations to 24 hours to prevent timeouts + # during backups of very large volumes. The Velero default is 4 hours. + defaultItemOperationTimeout: 24h diff --git a/pkg/apis/core/v1alpha1/tenantresource_types.go b/pkg/apis/core/v1alpha1/tenantresource_types.go new file mode 100644 index 00000000..172d9eb1 --- /dev/null +++ b/pkg/apis/core/v1alpha1/tenantresource_types.go @@ -0,0 +1,4 @@ +package v1alpha1 + +const TenantResourceLabelKey = "internal.cozystack.io/tenantresource" +const TenantResourceLabelValue = "true" diff --git a/pkg/apiserver/apiserver.go b/pkg/apiserver/apiserver.go index 80220964..d5814ee7 100644 --- a/pkg/apiserver/apiserver.go +++ b/pkg/apiserver/apiserver.go @@ -17,18 +17,22 @@ limitations under the License. package apiserver import ( + "context" "fmt" + "time" helmv2 "github.com/fluxcd/helm-controller/api/v2" + corev1 "k8s.io/api/core/v1" + rbacv1 "k8s.io/api/rbac/v1" metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" "k8s.io/apimachinery/pkg/runtime" "k8s.io/apimachinery/pkg/runtime/schema" "k8s.io/apimachinery/pkg/runtime/serializer" "k8s.io/apiserver/pkg/registry/rest" genericapiserver "k8s.io/apiserver/pkg/server" - "k8s.io/client-go/dynamic" - "k8s.io/client-go/kubernetes" - restclient "k8s.io/client-go/rest" + ctrl "sigs.k8s.io/controller-runtime" + "sigs.k8s.io/controller-runtime/pkg/cache" + "sigs.k8s.io/controller-runtime/pkg/client" "github.com/cozystack/cozystack/pkg/apis/apps" appsinstall "github.com/cozystack/cozystack/pkg/apis/apps/install" @@ -50,6 +54,7 @@ var ( // versions and content types. Codecs = serializer.NewCodecFactory(Scheme) CozyComponentName = "cozy" + syncPeriod = 5 * time.Minute ) func init() { @@ -58,9 +63,15 @@ func init() { // Register HelmRelease types. if err := helmv2.AddToScheme(Scheme); err != nil { - panic(fmt.Sprintf("Failed to add HelmRelease types to scheme: %v", err)) + panic(fmt.Errorf("Failed to add HelmRelease types to scheme: %w", err)) } + if err := corev1.AddToScheme(Scheme); err != nil { + panic(fmt.Errorf("Failed to add core types to scheme: %w", err)) + } + if err := rbacv1.AddToScheme(Scheme); err != nil { + panic(fmt.Errorf("Failed to add RBAC types to scheme: %w", err)) + } // Add unversioned types. metav1.AddToGroupVersion(Scheme, schema.GroupVersion{Version: "v1"}) @@ -118,44 +129,59 @@ func (c completedConfig) New() (*CozyServer, error) { } // Create a dynamic client for HelmRelease using InClusterConfig. - inClusterConfig, err := restclient.InClusterConfig() + cfg, err := ctrl.GetConfig() if err != nil { - return nil, fmt.Errorf("unable to get in-cluster config: %v", err) + return nil, fmt.Errorf("failed to get kubeconfig: %w", err) } - dynamicClient, err := dynamic.NewForConfig(inClusterConfig) + mgr, err := ctrl.NewManager(cfg, ctrl.Options{ + Scheme: Scheme, + Cache: cache.Options{SyncPeriod: &syncPeriod}, + }) if err != nil { - return nil, fmt.Errorf("unable to create dynamic client: %v", err) + return nil, fmt.Errorf("failed to build manager: %w", err) } - clientset, err := kubernetes.NewForConfig(inClusterConfig) - if err != nil { - return nil, fmt.Errorf("create kube clientset: %v", err) + ctx := ctrl.SetupSignalHandler() + + if err = mustGetInformers(ctx, mgr, + &helmv2.HelmRelease{}, + &corev1.Secret{}, + &corev1.Namespace{}, + &corev1.Service{}, + &rbacv1.RoleBinding{}, + ); err != nil { + return nil, fmt.Errorf("failed to get informers: %w", err) } + go func() { + if err := mgr.Start(ctx); err != nil { + panic(fmt.Errorf("manager start failed: %w", err)) + } + }() + + if ok := mgr.GetCache().WaitForCacheSync(ctx); !ok { + return nil, fmt.Errorf("cache sync failed") + } + + cli := mgr.GetClient() + watchCli, err := client.NewWithWatch(cfg, client.Options{Scheme: Scheme}) + if err != nil { + return nil, fmt.Errorf("failed to build watch client: %w", err) + } // --- static, cluster-scoped resource for core group --- coreV1alpha1Storage := map[string]rest.Storage{} coreV1alpha1Storage["tenantnamespaces"] = cozyregistry.RESTInPeace( - tenantnamespacestorage.NewREST( - clientset.CoreV1(), - clientset.AuthorizationV1(), - 20, - ), + tenantnamespacestorage.NewREST(cli, watchCli), ) coreV1alpha1Storage["tenantsecrets"] = cozyregistry.RESTInPeace( - tenantsecretstorage.NewREST( - clientset.CoreV1(), - ), + tenantsecretstorage.NewREST(cli, watchCli), ) coreV1alpha1Storage["tenantsecretstables"] = cozyregistry.RESTInPeace( - tenantsecretstablestorage.NewREST( - clientset.CoreV1(), - ), + tenantsecretstablestorage.NewREST(cli, watchCli), ) coreV1alpha1Storage["tenantmodules"] = cozyregistry.RESTInPeace( - tenantmodulestorage.NewREST( - dynamicClient, - ), + tenantmodulestorage.NewREST(cli, watchCli), ) coreApiGroupInfo := genericapiserver.NewDefaultAPIGroupInfo(core.GroupName, Scheme, metav1.ParameterCodec, Codecs) @@ -167,7 +193,7 @@ func (c completedConfig) New() (*CozyServer, error) { // --- dynamically-configured, per-tenant resources --- appsV1alpha1Storage := map[string]rest.Storage{} for _, resConfig := range c.ResourceConfig.Resources { - storage := applicationstorage.NewREST(dynamicClient, &resConfig) + storage := applicationstorage.NewREST(cli, watchCli, &resConfig) appsV1alpha1Storage[resConfig.Application.Plural] = cozyregistry.RESTInPeace(storage) } appsApiGroupInfo := genericapiserver.NewDefaultAPIGroupInfo(apps.GroupName, Scheme, metav1.ParameterCodec, Codecs) @@ -178,3 +204,12 @@ func (c completedConfig) New() (*CozyServer, error) { return s, nil } + +func mustGetInformers(ctx context.Context, mgr ctrl.Manager, types ...client.Object) error { + for i := range types { + if _, err := mgr.GetCache().GetInformer(ctx, types[i]); err != nil { + return fmt.Errorf("failed to get informer for %T: %w", types[i], err) + } + } + return nil +} diff --git a/pkg/cmd/server/openapi.go b/pkg/cmd/server/openapi.go index aade9a80..e6a659c5 100644 --- a/pkg/cmd/server/openapi.go +++ b/pkg/cmd/server/openapi.go @@ -224,7 +224,7 @@ func buildPostProcessV3(kindSchemas map[string]string) func(*spec3.OpenAPI) (*sp base, ok1 := doc.Components.Schemas[baseRef] list, ok2 := doc.Components.Schemas[baseListRef] stat, ok3 := doc.Components.Schemas[baseStatusRef] - if !(ok1 && ok2 && ok3) { + if !(ok1 && ok2 && ok3) && len(kindSchemas) > 0 { return doc, fmt.Errorf("base Application* schemas not found") } @@ -339,7 +339,7 @@ func buildPostProcessV2(kindSchemas map[string]string) func(*spec.Swagger) (*spe base, ok1 := defs[baseRef] list, ok2 := defs[baseListRef] stat, ok3 := defs[baseStatusRef] - if !(ok1 && ok2 && ok3) { + if !(ok1 && ok2 && ok3) && len(kindSchemas) > 0 { return sw, fmt.Errorf("base Application* schemas not found") } diff --git a/pkg/cmd/server/start.go b/pkg/cmd/server/start.go index 25449ece..c6fd23a1 100644 --- a/pkg/cmd/server/start.go +++ b/pkg/cmd/server/start.go @@ -24,6 +24,7 @@ import ( "fmt" "io" "net" + "time" v1alpha1 "github.com/cozystack/cozystack/api/v1alpha1" appsv1alpha1 "github.com/cozystack/cozystack/pkg/apis/apps/v1alpha1" @@ -161,8 +162,33 @@ func (o *CozyServerOptions) Complete() error { crdList := &v1alpha1.CozystackResourceDefinitionList{} - if err := o.Client.List(context.Background(), crdList); err != nil { - return fmt.Errorf("failed to list CozystackResourceDefinitions: %w", err) + // Retry with exponential backoff for at least 30 minutes + const maxRetryDuration = 30 * time.Minute + const initialDelay = time.Second + const maxDelay = 2 * time.Minute + + startTime := time.Now() + delay := initialDelay + + for { + err := o.Client.List(context.Background(), crdList) + if err == nil { + break + } + + // Check if we've exceeded the maximum retry duration + if time.Since(startTime) >= maxRetryDuration { + return fmt.Errorf("failed to list CozystackResourceDefinitions after %v: %w", maxRetryDuration, err) + } + + // Log the error and wait before retrying + fmt.Printf("Failed to list CozystackResourceDefinitions (retrying in %v): %v\n", delay, err) + time.Sleep(delay) + + delay = time.Duration(float64(delay) * 1.5) + if delay > maxDelay { + delay = maxDelay + } } // Convert to ResourceConfig diff --git a/pkg/lineage/lineage_test.go b/pkg/lineage/lineage_test.go index 7ae2a00c..a705f26c 100644 --- a/pkg/lineage/lineage_test.go +++ b/pkg/lineage/lineage_test.go @@ -46,7 +46,7 @@ func TestWalkingOwnershipGraph(t *testing.T) { if err != nil { t.Fatal(err) } - nodes := WalkOwnershipGraph(ctx, dynClient, mapper, obj) + nodes := WalkOwnershipGraph(ctx, dynClient, mapper, &stubMapper{}, obj) for _, node := range nodes { fmt.Printf("%#v\n", node) } diff --git a/pkg/registry/apps/application/rest.go b/pkg/registry/apps/application/rest.go index 388d741f..37a5d9a5 100644 --- a/pkg/registry/apps/application/rest.go +++ b/pkg/registry/apps/application/rest.go @@ -37,8 +37,8 @@ import ( "k8s.io/apimachinery/pkg/watch" "k8s.io/apiserver/pkg/endpoints/request" "k8s.io/apiserver/pkg/registry/rest" - "k8s.io/client-go/dynamic" "k8s.io/klog/v2" + "sigs.k8s.io/controller-runtime/pkg/client" appsv1alpha1 "github.com/cozystack/cozystack/pkg/apis/apps/v1alpha1" "github.com/cozystack/cozystack/pkg/config" @@ -76,7 +76,8 @@ var helmReleaseGVR = schema.GroupVersionResource{ // REST implements the RESTStorage interface for Application resources type REST struct { - dynamicClient dynamic.Interface + c client.Client + w client.WithWatch gvr schema.GroupVersionResource gvk schema.GroupVersionKind kindName string @@ -86,7 +87,7 @@ type REST struct { } // NewREST creates a new REST storage for Application with specific configuration -func NewREST(dynamicClient dynamic.Interface, config *config.Resource) *REST { +func NewREST(c client.Client, w client.WithWatch, config *config.Resource) *REST { var specSchema *structuralschema.Structural if raw := strings.TrimSpace(config.Application.OpenAPISchema); raw != "" { @@ -110,7 +111,8 @@ func NewREST(dynamicClient dynamic.Interface, config *config.Resource) *REST { } return &REST{ - dynamicClient: dynamicClient, + c: c, + w: w, gvr: schema.GroupVersionResource{ Group: appsv1alpha1.GroupName, Version: "v1alpha1", @@ -158,30 +160,23 @@ func (r *REST) Create(ctx context.Context, obj runtime.Object, createValidation helmRelease.Labels = mergeMaps(helmRelease.Labels, addPrefixedMap(app.Labels, LabelPrefix)) // Note: Annotations from config are not handled as r.releaseConfig.Annotations is undefined - // Convert HelmRelease to unstructured format - unstructuredHR, err := runtime.DefaultUnstructuredConverter.ToUnstructured(helmRelease) - if err != nil { - klog.Errorf("Failed to convert HelmRelease to unstructured: %v", err) - return nil, fmt.Errorf("failed to convert HelmRelease to unstructured: %v", err) - } - klog.V(6).Infof("Creating HelmRelease %s in namespace %s", helmRelease.Name, app.Namespace) // Create HelmRelease in Kubernetes - createdHR, err := r.dynamicClient.Resource(helmReleaseGVR).Namespace(app.Namespace).Create(ctx, &unstructured.Unstructured{Object: unstructuredHR}, *options) + err = r.c.Create(ctx, helmRelease, &client.CreateOptions{Raw: options}) if err != nil { klog.Errorf("Failed to create HelmRelease %s: %v", helmRelease.Name, err) return nil, fmt.Errorf("failed to create HelmRelease: %v", err) } // Convert the created HelmRelease back to Application - convertedApp, err := r.ConvertHelmReleaseToApplication(createdHR) + convertedApp, err := r.ConvertHelmReleaseToApplication(helmRelease) if err != nil { - klog.Errorf("Conversion error from HelmRelease to Application for resource %s: %v", createdHR.GetName(), err) + klog.Errorf("Conversion error from HelmRelease to Application for resource %s: %v", helmRelease.GetName(), err) return nil, fmt.Errorf("conversion error: %v", err) } - klog.V(6).Infof("Successfully created and converted HelmRelease %s to Application", createdHR.GetName()) + klog.V(6).Infof("Successfully created and converted HelmRelease %s to Application", helmRelease.GetName()) // Convert Application to unstructured format unstructuredApp, err := runtime.DefaultUnstructuredConverter.ToUnstructured(&convertedApp) @@ -206,7 +201,8 @@ func (r *REST) Get(ctx context.Context, name string, options *metav1.GetOptions) // Get the corresponding HelmRelease using the new prefix helmReleaseName := r.releaseConfig.Prefix + name - hr, err := r.dynamicClient.Resource(helmReleaseGVR).Namespace(namespace).Get(ctx, helmReleaseName, *options) + helmRelease := &helmv2.HelmRelease{} + err = r.c.Get(ctx, client.ObjectKey{Namespace: namespace, Name: helmReleaseName}, helmRelease, &client.GetOptions{Raw: options}) if err != nil { klog.Errorf("Error retrieving HelmRelease for resource %s: %v", name, err) @@ -221,14 +217,14 @@ func (r *REST) Get(ctx context.Context, name string, options *metav1.GetOptions) } // Check if HelmRelease meets the required chartName and sourceRef criteria - if !r.shouldIncludeHelmRelease(hr) { + if !r.shouldIncludeHelmRelease(helmRelease) { klog.Errorf("HelmRelease %s does not match the required chartName and sourceRef criteria", helmReleaseName) // Return a NotFound error for the Application resource return nil, apierrors.NewNotFound(r.gvr.GroupResource(), name) } // Convert HelmRelease to Application - convertedApp, err := r.ConvertHelmReleaseToApplication(hr) + convertedApp, err := r.ConvertHelmReleaseToApplication(helmRelease) if err != nil { klog.Errorf("Conversion error from HelmRelease to Application for resource %s: %v", name, err) return nil, fmt.Errorf("conversion error: %v", err) @@ -325,7 +321,11 @@ func (r *REST) List(ctx context.Context, options *metainternalversion.ListOption } // List HelmReleases with mapped selectors - hrList, err := r.dynamicClient.Resource(helmReleaseGVR).Namespace(namespace).List(ctx, metaOptions) + hrList := &helmv2.HelmReleaseList{} + err = r.c.List(ctx, hrList, &client.ListOptions{ + Namespace: namespace, + Raw: &metaOptions, + }) if err != nil { klog.Errorf("Error listing HelmReleases: %v", err) return nil, err @@ -335,14 +335,14 @@ func (r *REST) List(ctx context.Context, options *metainternalversion.ListOption items := make([]unstructured.Unstructured, 0) // Iterate over HelmReleases and convert to Applications - for _, hr := range hrList.Items { - if !r.shouldIncludeHelmRelease(&hr) { + for i := range hrList.Items { + if !r.shouldIncludeHelmRelease(&hrList.Items[i]) { continue } - app, err := r.ConvertHelmReleaseToApplication(&hr) + app, err := r.ConvertHelmReleaseToApplication(&hrList.Items[i]) if err != nil { - klog.Errorf("Error converting HelmRelease %s to Application: %v", hr.GetName(), err) + klog.Errorf("Error converting HelmRelease %s to Application: %v", hrList.Items[i].GetName(), err) continue } @@ -457,7 +457,8 @@ func (r *REST) Update(ctx context.Context, name string, objInfo rest.UpdatedObje // Ensure ResourceVersion if helmRelease.ResourceVersion == "" { - cur, err := r.dynamicClient.Resource(helmReleaseGVR).Namespace(helmRelease.Namespace).Get(ctx, helmRelease.Name, metav1.GetOptions{}) + cur := &helmv2.HelmRelease{} + err := r.c.Get(ctx, client.ObjectKey{Namespace: helmRelease.Namespace, Name: helmRelease.Name}, cur, &client.GetOptions{Raw: &metav1.GetOptions{}}) if err != nil { return nil, false, fmt.Errorf("failed to fetch current HelmRelease: %w", err) } @@ -470,53 +471,38 @@ func (r *REST) Update(ctx context.Context, name string, objInfo rest.UpdatedObje helmRelease.Labels = mergeMaps(helmRelease.Labels, addPrefixedMap(app.Labels, LabelPrefix)) // Note: Annotations from config are not handled as r.releaseConfig.Annotations is undefined - // Convert HelmRelease to unstructured format - unstructuredHR, err := runtime.DefaultUnstructuredConverter.ToUnstructured(helmRelease) - if err != nil { - klog.Errorf("Failed to convert HelmRelease to unstructured: %v", err) - return nil, false, fmt.Errorf("failed to convert HelmRelease to unstructured: %v", err) - } - - // Retrieve metadata from unstructured object - metadata, found, err := unstructured.NestedMap(unstructuredHR, "metadata") - if err != nil || !found { - klog.Errorf("Failed to retrieve metadata from HelmRelease: %v, found: %v", err, found) - return nil, false, fmt.Errorf("failed to retrieve metadata from HelmRelease: %v", err) - } - klog.V(6).Infof("HelmRelease Metadata: %+v", metadata) - klog.V(6).Infof("Updating HelmRelease %s in namespace %s", helmRelease.Name, helmRelease.Namespace) // Before updating, ensure the HelmRelease meets the inclusion criteria // This prevents updating HelmReleases that should not be managed as Applications - if !r.shouldIncludeHelmRelease(&unstructured.Unstructured{Object: unstructuredHR}) { + if !r.shouldIncludeHelmRelease(helmRelease) { klog.Errorf("HelmRelease %s does not match the required chartName and sourceRef criteria", helmRelease.Name) // Return a NotFound error for the Application resource return nil, false, apierrors.NewNotFound(r.gvr.GroupResource(), name) } // Update the HelmRelease in Kubernetes - resultHR, err := r.dynamicClient.Resource(helmReleaseGVR).Namespace(helmRelease.Namespace).Update(ctx, &unstructured.Unstructured{Object: unstructuredHR}, metav1.UpdateOptions{}) + err = r.c.Update(ctx, helmRelease, &client.UpdateOptions{Raw: &metav1.UpdateOptions{}}) if err != nil { klog.Errorf("Failed to update HelmRelease %s: %v", helmRelease.Name, err) return nil, false, fmt.Errorf("failed to update HelmRelease: %v", err) } // After updating, ensure the updated HelmRelease still meets the inclusion criteria - if !r.shouldIncludeHelmRelease(resultHR) { - klog.Errorf("Updated HelmRelease %s does not match the required chartName and sourceRef criteria", resultHR.GetName()) + if !r.shouldIncludeHelmRelease(helmRelease) { + klog.Errorf("Updated HelmRelease %s does not match the required chartName and sourceRef criteria", helmRelease.GetName()) // Return a NotFound error for the Application resource return nil, false, apierrors.NewNotFound(r.gvr.GroupResource(), name) } // Convert the updated HelmRelease back to Application - convertedApp, err := r.ConvertHelmReleaseToApplication(resultHR) + convertedApp, err := r.ConvertHelmReleaseToApplication(helmRelease) if err != nil { - klog.Errorf("Conversion error from HelmRelease to Application for resource %s: %v", resultHR.GetName(), err) + klog.Errorf("Conversion error from HelmRelease to Application for resource %s: %v", helmRelease.GetName(), err) return nil, false, fmt.Errorf("conversion error: %v", err) } - klog.V(6).Infof("Successfully updated and converted HelmRelease %s to Application", resultHR.GetName()) + klog.V(6).Infof("Successfully updated and converted HelmRelease %s to Application", helmRelease.GetName()) // Explicitly set apiVersion and kind for Application convertedApp.TypeMeta = metav1.TypeMeta{ @@ -554,7 +540,8 @@ func (r *REST) Delete(ctx context.Context, name string, deleteValidation rest.Va helmReleaseName := r.releaseConfig.Prefix + name // Retrieve the HelmRelease before attempting to delete - hr, err := r.dynamicClient.Resource(helmReleaseGVR).Namespace(namespace).Get(ctx, helmReleaseName, metav1.GetOptions{}) + helmRelease := &helmv2.HelmRelease{} + err = r.c.Get(ctx, client.ObjectKey{Namespace: namespace, Name: helmReleaseName}, helmRelease, &client.GetOptions{Raw: &metav1.GetOptions{}}) if err != nil { if apierrors.IsNotFound(err) { // If HelmRelease does not exist, return NotFound error for Application @@ -567,7 +554,7 @@ func (r *REST) Delete(ctx context.Context, name string, deleteValidation rest.Va } // Validate that the HelmRelease meets the inclusion criteria - if !r.shouldIncludeHelmRelease(hr) { + if !r.shouldIncludeHelmRelease(helmRelease) { klog.Errorf("HelmRelease %s does not match the required chartName and sourceRef criteria", helmReleaseName) // Return NotFound error for Application resource return nil, false, apierrors.NewNotFound(r.gvr.GroupResource(), name) @@ -576,7 +563,7 @@ func (r *REST) Delete(ctx context.Context, name string, deleteValidation rest.Va klog.V(6).Infof("Deleting HelmRelease %s in namespace %s", helmReleaseName, namespace) // Delete the HelmRelease corresponding to the Application - err = r.dynamicClient.Resource(helmReleaseGVR).Namespace(namespace).Delete(ctx, helmReleaseName, *options) + err = r.c.Delete(ctx, helmRelease, &client.DeleteOptions{Raw: options}) if err != nil { klog.Errorf("Failed to delete HelmRelease %s: %v", helmReleaseName, err) return nil, false, fmt.Errorf("failed to delete HelmRelease: %v", err) @@ -659,7 +646,11 @@ func (r *REST) Watch(ctx context.Context, options *metainternalversion.ListOptio } // Start watch on HelmRelease with mapped selectors - helmWatcher, err := r.dynamicClient.Resource(helmReleaseGVR).Namespace(namespace).Watch(ctx, metaOptions) + hrList := &helmv2.HelmReleaseList{} + helmWatcher, err := r.w.Watch(ctx, hrList, &client.ListOptions{ + Namespace: namespace, + Raw: &metaOptions, + }) if err != nil { klog.Errorf("Error setting up watch for HelmReleases: %v", err) return nil, err @@ -669,13 +660,15 @@ func (r *REST) Watch(ctx context.Context, options *metainternalversion.ListOptio customW := &customWatcher{ resultChan: make(chan watch.Event), stopChan: make(chan struct{}), + underlying: helmWatcher, } go func() { defer close(customW.resultChan) + defer customW.underlying.Stop() for { select { - case event, ok := <-helmWatcher.ResultChan(): + case event, ok := <-customW.underlying.ResultChan(): if !ok { // The watcher has been closed, attempt to re-establish the watch klog.Warning("HelmRelease watcher closed, attempting to re-establish") @@ -689,19 +682,19 @@ func (r *REST) Watch(ctx context.Context, options *metainternalversion.ListOptio continue // Skip processing this event } - // Proceed with processing Unstructured objects - matches, err := r.isRelevantHelmRelease(&event) - if err != nil { - klog.V(4).Infof("Non-critical error filtering HelmRelease event: %v", err) + // Proceed with processing HelmRelease objects + hr, ok := event.Object.(*helmv2.HelmRelease) + if !ok { + klog.V(4).Infof("Expected HelmRelease object, got %T", event.Object) continue } - if !matches { + if !r.shouldIncludeHelmRelease(hr) { continue } // Convert HelmRelease to Application - app, err := r.ConvertHelmReleaseToApplication(event.Object.(*unstructured.Unstructured)) + app, err := r.ConvertHelmReleaseToApplication(hr) if err != nil { klog.Errorf("Error converting HelmRelease to Application: %v", err) continue @@ -771,12 +764,16 @@ type customWatcher struct { resultChan chan watch.Event stopChan chan struct{} stopOnce sync.Once + underlying watch.Interface } // Stop terminates the watch func (cw *customWatcher) Stop() { cw.stopOnce.Do(func() { close(cw.stopChan) + if cw.underlying != nil { + cw.underlying.Stop() + } }) } @@ -785,34 +782,18 @@ func (cw *customWatcher) ResultChan() <-chan watch.Event { return cw.resultChan } -// isRelevantHelmRelease checks if the HelmRelease meets the sourceRef and prefix criteria -func (r *REST) isRelevantHelmRelease(event *watch.Event) (bool, error) { - if event.Object == nil { - return false, nil - } - - // Check if the object is a *v1.Status - if status, ok := event.Object.(*metav1.Status); ok { - // Log at a less severe level or handle specific status errors if needed - klog.V(4).Infof("Received Status object in HelmRelease watch: %v", status.Message) - return false, nil // Not relevant for processing as a HelmRelease - } - - // Proceed if it's an Unstructured object - hr, ok := event.Object.(*unstructured.Unstructured) - if !ok { - return false, fmt.Errorf("expected Unstructured object, got %T", event.Object) - } - - return r.shouldIncludeHelmRelease(hr), nil -} - // shouldIncludeHelmRelease determines if a HelmRelease should be included based on filtering criteria -func (r *REST) shouldIncludeHelmRelease(hr *unstructured.Unstructured) bool { +func (r *REST) shouldIncludeHelmRelease(hr *helmv2.HelmRelease) bool { + // Nil check for Chart field + if hr.Spec.Chart == nil { + klog.V(6).Infof("HelmRelease %s has nil spec.chart field", hr.GetName()) + return false + } + // Filter by Chart Name - chartName, found, err := unstructured.NestedString(hr.Object, "spec", "chart", "spec", "chart") - if err != nil || !found { - klog.V(6).Infof("HelmRelease %s missing spec.chart.spec.chart field: %v", hr.GetName(), err) + chartName := hr.Spec.Chart.Spec.Chart + if chartName == "" { + klog.V(6).Infof("HelmRelease %s missing spec.chart.spec.chart field", hr.GetName()) return false } if chartName != r.releaseConfig.Chart.Name { @@ -825,21 +806,29 @@ func (r *REST) shouldIncludeHelmRelease(hr *unstructured.Unstructured) bool { } // matchesSourceRefAndPrefix checks both SourceRefConfig and Prefix criteria -func (r *REST) matchesSourceRefAndPrefix(hr *unstructured.Unstructured) bool { +func (r *REST) matchesSourceRefAndPrefix(hr *helmv2.HelmRelease) bool { + // Nil check for Chart field (defensive) + if hr.Spec.Chart == nil { + klog.V(6).Infof("HelmRelease %s has nil spec.chart field", hr.GetName()) + return false + } + // Extract SourceRef fields - sourceRefKind, found, err := unstructured.NestedString(hr.Object, "spec", "chart", "spec", "sourceRef", "kind") - if err != nil || !found { - klog.V(6).Infof("HelmRelease %s missing spec.chart.spec.sourceRef.kind field: %v", hr.GetName(), err) + sourceRef := hr.Spec.Chart.Spec.SourceRef + sourceRefKind := sourceRef.Kind + sourceRefName := sourceRef.Name + sourceRefNamespace := sourceRef.Namespace + + if sourceRefKind == "" { + klog.V(6).Infof("HelmRelease %s missing spec.chart.spec.sourceRef.kind field", hr.GetName()) return false } - sourceRefName, found, err := unstructured.NestedString(hr.Object, "spec", "chart", "spec", "sourceRef", "name") - if err != nil || !found { - klog.V(6).Infof("HelmRelease %s missing spec.chart.spec.sourceRef.name field: %v", hr.GetName(), err) + if sourceRefName == "" { + klog.V(6).Infof("HelmRelease %s missing spec.chart.spec.sourceRef.name field", hr.GetName()) return false } - sourceRefNamespace, found, err := unstructured.NestedString(hr.Object, "spec", "chart", "spec", "sourceRef", "namespace") - if err != nil || !found { - klog.V(6).Infof("HelmRelease %s missing spec.chart.spec.sourceRef.namespace field: %v", hr.GetName(), err) + if sourceRefNamespace == "" { + klog.V(6).Infof("HelmRelease %s missing spec.chart.spec.sourceRef.namespace field", hr.GetName()) return false } @@ -930,19 +919,11 @@ func filterPrefixedMap(original map[string]string, prefix string) map[string]str } // ConvertHelmReleaseToApplication converts a HelmRelease to an Application -func (r *REST) ConvertHelmReleaseToApplication(hr *unstructured.Unstructured) (appsv1alpha1.Application, error) { +func (r *REST) ConvertHelmReleaseToApplication(hr *helmv2.HelmRelease) (appsv1alpha1.Application, error) { klog.V(6).Infof("Converting HelmRelease to Application for resource %s", hr.GetName()) - var helmRelease helmv2.HelmRelease - // Convert unstructured to HelmRelease struct - err := runtime.DefaultUnstructuredConverter.FromUnstructured(hr.Object, &helmRelease) - if err != nil { - klog.Errorf("Error converting from unstructured to HelmRelease: %v", err) - return appsv1alpha1.Application{}, err - } - // Convert HelmRelease struct to Application struct - app, err := r.convertHelmReleaseToApplication(&helmRelease) + app, err := r.convertHelmReleaseToApplication(hr) if err != nil { klog.Errorf("Error converting from HelmRelease to Application: %v", err) return appsv1alpha1.Application{}, err diff --git a/pkg/registry/core/tenantmodule/rest.go b/pkg/registry/core/tenantmodule/rest.go index d77f23a7..852a0b64 100644 --- a/pkg/registry/core/tenantmodule/rest.go +++ b/pkg/registry/core/tenantmodule/rest.go @@ -32,12 +32,13 @@ import ( "k8s.io/apimachinery/pkg/runtime" "k8s.io/apimachinery/pkg/runtime/schema" "k8s.io/apimachinery/pkg/selection" + "k8s.io/apimachinery/pkg/types" "k8s.io/apimachinery/pkg/util/duration" "k8s.io/apimachinery/pkg/watch" "k8s.io/apiserver/pkg/endpoints/request" "k8s.io/apiserver/pkg/registry/rest" - "k8s.io/client-go/dynamic" "k8s.io/klog/v2" + "sigs.k8s.io/controller-runtime/pkg/client" corev1alpha1 "github.com/cozystack/cozystack/pkg/apis/core/v1alpha1" apierrors "k8s.io/apimachinery/pkg/api/errors" @@ -55,7 +56,7 @@ var ( // Define constants for label filtering const ( - TenantModuleLabelKey = "apps.cozystack.io/tenantmodule" + TenantModuleLabelKey = "internal.cozystack.io/tenantmodule" TenantModuleLabelValue = "true" singularName = "tenantmodule" ) @@ -69,17 +70,19 @@ var helmReleaseGVR = schema.GroupVersionResource{ // REST implements the RESTStorage interface for TenantModule resources type REST struct { - dynamicClient dynamic.Interface - gvr schema.GroupVersionResource - gvk schema.GroupVersionKind - kindName string - singularName string + c client.Client + w client.WithWatch + gvr schema.GroupVersionResource + gvk schema.GroupVersionKind + kindName string + singularName string } // NewREST creates a new REST storage for TenantModule -func NewREST(dynamicClient dynamic.Interface) *REST { +func NewREST(c client.Client, w client.WithWatch) *REST { return &REST{ - dynamicClient: dynamicClient, + c: c, + w: w, gvr: schema.GroupVersionResource{ Group: corev1alpha1.GroupName, Version: "v1alpha1", @@ -115,7 +118,8 @@ func (r *REST) Get(ctx context.Context, name string, options *metav1.GetOptions) klog.V(6).Infof("Attempting to retrieve TenantModule %s in namespace %s", name, namespace) // Get the corresponding HelmRelease - hr, err := r.dynamicClient.Resource(helmReleaseGVR).Namespace(namespace).Get(ctx, name, *options) + hr := &helmv2.HelmRelease{} + err = r.c.Get(ctx, types.NamespacedName{Namespace: namespace, Name: name}, hr, &client.GetOptions{Raw: options}) if err != nil { klog.Errorf("Error retrieving HelmRelease for TenantModule %s: %v", name, err) @@ -231,7 +235,11 @@ func (r *REST) List(ctx context.Context, options *metainternalversion.ListOption } // List HelmReleases with mapped selectors - hrList, err := r.dynamicClient.Resource(helmReleaseGVR).Namespace(namespace).List(ctx, metaOptions) + hrList := &helmv2.HelmReleaseList{} + err = r.c.List(ctx, hrList, &client.ListOptions{ + Namespace: namespace, + Raw: &metaOptions, + }) if err != nil { klog.Errorf("Error listing HelmReleases: %v", err) return nil, err @@ -241,15 +249,15 @@ func (r *REST) List(ctx context.Context, options *metainternalversion.ListOption items := make([]unstructured.Unstructured, 0) // Iterate over HelmReleases and convert to TenantModules - for _, hr := range hrList.Items { + for i := range hrList.Items { // Double-check the label requirement - if !r.hasTenantModuleLabel(&hr) { + if !r.hasTenantModuleLabel(&hrList.Items[i]) { continue } - module, err := r.ConvertHelmReleaseToTenantModule(&hr) + module, err := r.ConvertHelmReleaseToTenantModule(&hrList.Items[i]) if err != nil { - klog.Errorf("Error converting HelmRelease %s to TenantModule: %v", hr.GetName(), err) + klog.Errorf("Error converting HelmRelease %s to TenantModule: %v", hrList.Items[i].GetName(), err) continue } @@ -376,7 +384,11 @@ func (r *REST) Watch(ctx context.Context, options *metainternalversion.ListOptio } // Start watch on HelmRelease with mapped selectors - helmWatcher, err := r.dynamicClient.Resource(helmReleaseGVR).Namespace(namespace).Watch(ctx, metaOptions) + hrList := &helmv2.HelmReleaseList{} + helmWatcher, err := r.w.Watch(ctx, hrList, &client.ListOptions{ + Namespace: namespace, + Raw: &metaOptions, + }) if err != nil { klog.Errorf("Error setting up watch for HelmReleases: %v", err) return nil, err @@ -386,13 +398,15 @@ func (r *REST) Watch(ctx context.Context, options *metainternalversion.ListOptio customW := &customWatcher{ resultChan: make(chan watch.Event), stopChan: make(chan struct{}), + underlying: helmWatcher, } go func() { defer close(customW.resultChan) + defer customW.underlying.Stop() for { select { - case event, ok := <-helmWatcher.ResultChan(): + case event, ok := <-customW.underlying.ResultChan(): if !ok { // The watcher has been closed, attempt to re-establish the watch klog.Warning("HelmRelease watcher closed, attempting to re-establish") @@ -406,19 +420,19 @@ func (r *REST) Watch(ctx context.Context, options *metainternalversion.ListOptio continue // Skip processing this event } - // Proceed with processing Unstructured objects - matches, err := r.isRelevantHelmRelease(&event) - if err != nil { - klog.V(4).Infof("Non-critical error filtering HelmRelease event: %v", err) + // Proceed with processing HelmRelease objects + hr, ok := event.Object.(*helmv2.HelmRelease) + if !ok { + klog.V(4).Infof("Expected HelmRelease object, got %T", event.Object) continue } - if !matches { + if !r.hasTenantModuleLabel(hr) { continue } // Convert HelmRelease to TenantModule - module, err := r.ConvertHelmReleaseToTenantModule(event.Object.(*unstructured.Unstructured)) + module, err := r.ConvertHelmReleaseToTenantModule(hr) if err != nil { klog.Errorf("Error converting HelmRelease to TenantModule: %v", err) continue @@ -480,12 +494,16 @@ type customWatcher struct { resultChan chan watch.Event stopChan chan struct{} stopOnce sync.Once + underlying watch.Interface } // Stop terminates the watch func (cw *customWatcher) Stop() { cw.stopOnce.Do(func() { close(cw.stopChan) + if cw.underlying != nil { + cw.underlying.Stop() + } }) } @@ -494,30 +512,8 @@ func (cw *customWatcher) ResultChan() <-chan watch.Event { return cw.resultChan } -// isRelevantHelmRelease checks if the HelmRelease has the tenant module label -func (r *REST) isRelevantHelmRelease(event *watch.Event) (bool, error) { - if event.Object == nil { - return false, nil - } - - // Check if the object is a *v1.Status - if status, ok := event.Object.(*metav1.Status); ok { - // Log at a less severe level or handle specific status errors if needed - klog.V(4).Infof("Received Status object in HelmRelease watch: %v", status.Message) - return false, nil // Not relevant for processing as a HelmRelease - } - - // Proceed if it's an Unstructured object - hr, ok := event.Object.(*unstructured.Unstructured) - if !ok { - return false, fmt.Errorf("expected Unstructured object, got %T", event.Object) - } - - return r.hasTenantModuleLabel(hr), nil -} - // hasTenantModuleLabel checks if a HelmRelease has the required tenant module label -func (r *REST) hasTenantModuleLabel(hr *unstructured.Unstructured) bool { +func (r *REST) hasTenantModuleLabel(hr *helmv2.HelmRelease) bool { labels := hr.GetLabels() if labels == nil { return false @@ -554,19 +550,11 @@ func (r *REST) getNamespace(ctx context.Context) (string, error) { } // ConvertHelmReleaseToTenantModule converts a HelmRelease to a TenantModule -func (r *REST) ConvertHelmReleaseToTenantModule(hr *unstructured.Unstructured) (corev1alpha1.TenantModule, error) { +func (r *REST) ConvertHelmReleaseToTenantModule(hr *helmv2.HelmRelease) (corev1alpha1.TenantModule, error) { klog.V(6).Infof("Converting HelmRelease to TenantModule for resource %s", hr.GetName()) - var helmRelease helmv2.HelmRelease - // Convert unstructured to HelmRelease struct - err := runtime.DefaultUnstructuredConverter.FromUnstructured(hr.Object, &helmRelease) - if err != nil { - klog.Errorf("Error converting from unstructured to HelmRelease: %v", err) - return corev1alpha1.TenantModule{}, err - } - // Convert HelmRelease struct to TenantModule struct - module, err := r.convertHelmReleaseToTenantModule(&helmRelease) + module, err := r.convertHelmReleaseToTenantModule(hr) if err != nil { klog.Errorf("Error converting from HelmRelease to TenantModule: %v", err) return corev1alpha1.TenantModule{}, err diff --git a/pkg/registry/core/tenantnamespace/rest.go b/pkg/registry/core/tenantnamespace/rest.go index 3b18f3e3..68d9fe3c 100644 --- a/pkg/registry/core/tenantnamespace/rest.go +++ b/pkg/registry/core/tenantnamespace/rest.go @@ -7,26 +7,23 @@ package tenantnamespace import ( "context" "fmt" - "math" "net/http" "strings" - "sync" "time" - authorizationv1 "k8s.io/api/authorization/v1" corev1 "k8s.io/api/core/v1" + rbacv1 "k8s.io/api/rbac/v1" apierrors "k8s.io/apimachinery/pkg/api/errors" metainternal "k8s.io/apimachinery/pkg/apis/meta/internalversion" metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" "k8s.io/apimachinery/pkg/runtime" "k8s.io/apimachinery/pkg/runtime/schema" + "k8s.io/apimachinery/pkg/types" "k8s.io/apimachinery/pkg/util/duration" "k8s.io/apimachinery/pkg/watch" "k8s.io/apiserver/pkg/endpoints/request" "k8s.io/apiserver/pkg/registry/rest" - authorizationv1client "k8s.io/client-go/kubernetes/typed/authorization/v1" - corev1client "k8s.io/client-go/kubernetes/typed/core/v1" - "k8s.io/klog/v2" + "sigs.k8s.io/controller-runtime/pkg/client" corev1alpha1 "github.com/cozystack/cozystack/pkg/apis/core/v1alpha1" ) @@ -50,21 +47,18 @@ var ( ) type REST struct { - core corev1client.CoreV1Interface - authClient authorizationv1client.AuthorizationV1Interface - maxWorkers int - gvr schema.GroupVersionResource + c client.Client + w client.WithWatch + gvr schema.GroupVersionResource } func NewREST( - coreCli corev1client.CoreV1Interface, - authCli authorizationv1client.AuthorizationV1Interface, - maxWorkers int, + c client.Client, + w client.WithWatch, ) *REST { return &REST{ - core: coreCli, - authClient: authCli, - maxWorkers: maxWorkers, + c: c, + w: w, gvr: schema.GroupVersionResource{ Group: corev1alpha1.GroupName, Version: "v1alpha1", @@ -96,7 +90,8 @@ func (r *REST) List( ctx context.Context, _ *metainternal.ListOptions, ) (runtime.Object, error) { - nsList, err := r.core.Namespaces().List(ctx, metav1.ListOptions{}) + nsList := &corev1.NamespaceList{} + err := r.c.List(ctx, nsList) if err != nil { return nil, err } @@ -125,7 +120,8 @@ func (r *REST) Get( return nil, apierrors.NewNotFound(r.gvr.GroupResource(), name) } - ns, err := r.core.Namespaces().Get(ctx, name, *opts) + ns := &corev1.Namespace{} + err := r.c.Get(ctx, types.NamespacedName{Namespace: "", Name: name}, ns, &client.GetOptions{Raw: opts}) if err != nil { return nil, err } @@ -135,14 +131,7 @@ func (r *REST) Get( APIVersion: corev1alpha1.SchemeGroupVersion.String(), Kind: "TenantNamespace", }, - ObjectMeta: metav1.ObjectMeta{ - Name: ns.Name, - UID: ns.UID, - ResourceVersion: ns.ResourceVersion, - CreationTimestamp: ns.CreationTimestamp, - Labels: ns.Labels, - Annotations: ns.Annotations, - }, + ObjectMeta: ns.ObjectMeta, }, nil } @@ -151,10 +140,11 @@ func (r *REST) Get( // ----------------------------------------------------------------------------- func (r *REST) Watch(ctx context.Context, opts *metainternal.ListOptions) (watch.Interface, error) { - nsWatch, err := r.core.Namespaces().Watch(ctx, metav1.ListOptions{ + nsList := &corev1.NamespaceList{} + nsWatch, err := r.w.Watch(ctx, nsList, &client.ListOptions{Raw: &metav1.ListOptions{ Watch: true, ResourceVersion: opts.ResourceVersion, - }) + }}) if err != nil { return nil, err } @@ -271,76 +261,66 @@ func (r *REST) filterAccessible( ctx context.Context, names []string, ) ([]string, error) { - workers := int(math.Min(float64(r.maxWorkers), float64(len(names)))) - type job struct{ name string } - type res struct { - name string - allowed bool - err error + u, ok := request.UserFrom(ctx) + if !ok { + return []string{}, fmt.Errorf("user missing in context") } - jobs := make(chan job, workers) - out := make(chan res, workers) - - var wg sync.WaitGroup - for i := 0; i < workers; i++ { - wg.Add(1) - go func() { - defer wg.Done() - for j := range jobs { - ok, err := r.sar(ctx, j.name) - out <- res{j.name, ok, err} - } - }() + groups := make(map[string]struct{}) + for _, group := range u.GetGroups() { + groups[group] = struct{}{} } - go func() { wg.Wait(); close(out) }() - - go func() { - for _, n := range names { - jobs <- job{n} - } - close(jobs) - }() - - var allowed []string - for r := range out { - if r.err != nil { - klog.Errorf("SAR failed for %s: %v", r.name, r.err) + if _, ok = groups["system:masters"]; ok { + return names, nil + } + if _, ok = groups["cozystack-cluster-admin"]; ok { + return names, nil + } + nameSet := make(map[string]struct{}) + for _, name := range names { + nameSet[name] = struct{}{} + } + rbs := &rbacv1.RoleBindingList{} + err := r.c.List(ctx, rbs) + if err != nil { + return []string{}, fmt.Errorf("failed to list rolebindings: %w", err) + } + allowedNameSet := make(map[string]struct{}) + for i := range rbs.Items { + if _, ok := allowedNameSet[rbs.Items[i].Namespace]; ok { continue } - if r.allowed { - allowed = append(allowed, r.name) + if _, ok := nameSet[rbs.Items[i].Namespace]; !ok { + continue + } + subjectLoop: + for j := range rbs.Items[i].Subjects { + subj := rbs.Items[i].Subjects[j] + switch subj.Kind { + case "Group": + if _, ok = groups[subj.Name]; ok { + allowedNameSet[rbs.Items[i].Namespace] = struct{}{} + break subjectLoop + } + case "User": + if subj.Name == u.GetName() { + allowedNameSet[rbs.Items[i].Namespace] = struct{}{} + break subjectLoop + } + case "ServiceAccount": + if u.GetName() == fmt.Sprintf("system:serviceaccount:%s:%s", subj.Namespace, subj.Name) { + allowedNameSet[rbs.Items[i].Namespace] = struct{}{} + break subjectLoop + } + } } } + allowed := make([]string, 0, len(allowedNameSet)) + for name := range allowedNameSet { + allowed = append(allowed, name) + } return allowed, nil } -func (r *REST) sar(ctx context.Context, ns string) (bool, error) { - u, ok := request.UserFrom(ctx) - if !ok || u == nil { - return false, fmt.Errorf("user missing in context") - } - - sar := &authorizationv1.SubjectAccessReview{ - Spec: authorizationv1.SubjectAccessReviewSpec{ - User: u.GetName(), - Groups: u.GetGroups(), - ResourceAttributes: &authorizationv1.ResourceAttributes{ - Group: "cozystack.io", - Resource: "workloadmonitors", - Verb: "get", - Namespace: ns, - }, - }, - } - - rsp, err := r.authClient.SubjectAccessReviews(). - Create(ctx, sar, metav1.CreateOptions{}) - if err != nil { - return false, err - } - return rsp.Status.Allowed, nil -} - // ----------------------------------------------------------------------------- // Boiler-plate // ----------------------------------------------------------------------------- diff --git a/pkg/registry/core/tenantsecret/rest.go b/pkg/registry/core/tenantsecret/rest.go index 6e26b524..a13426e6 100644 --- a/pkg/registry/core/tenantsecret/rest.go +++ b/pkg/registry/core/tenantsecret/rest.go @@ -1,6 +1,6 @@ // SPDX-License-Identifier: Apache-2.0 // TenantSecret registry – namespaced view over Secrets labelled -// "internal.cozystack.io/tenantsecret=true". Internal tenant secret labels are hidden. +// "internal.cozystack.io/tenantresource=true". Internal tenant secret labels are hidden. package tenantsecret @@ -25,7 +25,7 @@ import ( "k8s.io/apimachinery/pkg/watch" "k8s.io/apiserver/pkg/endpoints/request" "k8s.io/apiserver/pkg/registry/rest" - corev1client "k8s.io/client-go/kubernetes/typed/core/v1" + "sigs.k8s.io/controller-runtime/pkg/client" corev1alpha1 "github.com/cozystack/cozystack/pkg/apis/core/v1alpha1" ) @@ -35,8 +35,8 @@ import ( // ----------------------------------------------------------------------------- const ( - tsLabelKey = "apps.cozystack.io/tenantresource" - tsLabelValue = "true" + tsLabelKey = corev1alpha1.TenantResourceLabelKey + tsLabelValue = corev1alpha1.TenantResourceLabelValue singularName = "tenantsecret" kindTenantSecret = "TenantSecret" kindTenantSecretList = "TenantSecretList" @@ -157,13 +157,15 @@ var ( ) type REST struct { - core corev1client.CoreV1Interface - gvr schema.GroupVersionResource + c client.Client + w client.WithWatch + gvr schema.GroupVersionResource } -func NewREST(coreCli corev1client.CoreV1Interface) *REST { +func NewREST(c client.Client, w client.WithWatch) *REST { return &REST{ - core: coreCli, + c: c, + w: w, gvr: schema.GroupVersionResource{ Group: corev1alpha1.GroupName, Version: "v1alpha1", @@ -203,11 +205,11 @@ func (r *REST) Create( } sec := tenantToSecret(in, nil) - out, err := r.core.Secrets(sec.Namespace).Create(ctx, sec, *opts) + err := r.c.Create(ctx, sec, &client.CreateOptions{Raw: opts}) if err != nil { return nil, err } - return secretToTenant(out), nil + return secretToTenant(sec), nil } func (r *REST) Get( @@ -219,7 +221,8 @@ func (r *REST) Get( if err != nil { return nil, err } - sec, err := r.core.Secrets(ns).Get(ctx, name, *opts) + sec := &corev1.Secret{} + err = r.c.Get(ctx, types.NamespacedName{Namespace: ns, Name: name}, sec, &client.GetOptions{Raw: opts}) if err != nil { return nil, err } @@ -247,10 +250,14 @@ func (r *REST) List(ctx context.Context, opts *metainternal.ListOptions) (runtim fieldSel = opts.FieldSelector.String() } - list, err := r.core.Secrets(ns).List(ctx, metav1.ListOptions{ - LabelSelector: ls.String(), - FieldSelector: fieldSel, - }) + list := &corev1.SecretList{} + err = r.c.List(ctx, list, + &client.ListOptions{ + Namespace: ns, + Raw: &metav1.ListOptions{ + LabelSelector: ls.String(), + FieldSelector: fieldSel, + }}) if err != nil { return nil, err } @@ -284,7 +291,8 @@ func (r *REST) Update( return nil, false, err } - cur, err := r.core.Secrets(ns).Get(ctx, name, metav1.GetOptions{}) + cur := &corev1.Secret{} + err = r.c.Get(ctx, types.NamespacedName{Namespace: ns, Name: name}, cur, &client.GetOptions{Raw: &metav1.GetOptions{}}) if err != nil && !apierrors.IsNotFound(err) { return nil, false, err } @@ -296,17 +304,18 @@ func (r *REST) Update( in := newObj.(*corev1alpha1.TenantSecret) newSec := tenantToSecret(in, cur) + newSec.Namespace = ns if cur == nil { if !forceCreate && err == nil { return nil, false, apierrors.NewNotFound(r.gvr.GroupResource(), name) } - out, err := r.core.Secrets(ns).Create(ctx, newSec, metav1.CreateOptions{}) - return secretToTenant(out), true, err + err := r.c.Create(ctx, newSec, &client.CreateOptions{Raw: &metav1.CreateOptions{}}) + return secretToTenant(newSec), true, err } newSec.ResourceVersion = cur.ResourceVersion - out, err := r.core.Secrets(ns).Update(ctx, newSec, *opts) - return secretToTenant(out), false, err + err = r.c.Update(ctx, newSec, &client.UpdateOptions{Raw: opts}) + return secretToTenant(newSec), false, err } func (r *REST) Delete( @@ -319,7 +328,7 @@ func (r *REST) Delete( if err != nil { return nil, false, err } - err = r.core.Secrets(ns).Delete(ctx, name, *opts) + err = r.c.Delete(ctx, &corev1.Secret{ObjectMeta: metav1.ObjectMeta{Namespace: ns, Name: name}}, &client.DeleteOptions{Raw: opts}) return nil, err == nil, err } @@ -331,21 +340,33 @@ func (r *REST) Patch( opts *metav1.PatchOptions, subresources ...string, ) (runtime.Object, error) { + if len(subresources) > 0 { + return nil, fmt.Errorf("TenantSecret does not have subresources") + } ns, err := nsFrom(ctx) if err != nil { return nil, err } - - out, err := r.core.Secrets(ns). - Patch(ctx, name, pt, data, *opts, subresources...) + out := &corev1.Secret{ + ObjectMeta: metav1.ObjectMeta{ + Namespace: ns, + Name: name, + }, + } + patch := client.RawPatch(pt, data) + err = r.c.Patch(ctx, out, patch, &client.PatchOptions{Raw: opts}) if err != nil { return nil, err } // Ensure tenant secret label is preserved + if out.Labels == nil { + out.Labels = make(map[string]string) + } + if out.Labels[tsLabelKey] != tsLabelValue { out.Labels[tsLabelKey] = tsLabelValue - out, _ = r.core.Secrets(ns).Update(ctx, out, metav1.UpdateOptions{}) + _ = r.c.Update(ctx, out, &client.UpdateOptions{Raw: &metav1.UpdateOptions{}}) } return secretToTenant(out), nil @@ -361,12 +382,13 @@ func (r *REST) Watch(ctx context.Context, opts *metainternal.ListOptions) (watch return nil, err } + secList := &corev1.SecretList{} ls := labels.Set{tsLabelKey: tsLabelValue}.AsSelector().String() - base, err := r.core.Secrets(ns).Watch(ctx, metav1.ListOptions{ + base, err := r.w.Watch(ctx, secList, &client.ListOptions{Namespace: ns, Raw: &metav1.ListOptions{ Watch: true, LabelSelector: ls, ResourceVersion: opts.ResourceVersion, - }) + }}) if err != nil { return nil, err } diff --git a/pkg/registry/core/tenantsecretstable/rest.go b/pkg/registry/core/tenantsecretstable/rest.go index 644f2c98..de2604ca 100644 --- a/pkg/registry/core/tenantsecretstable/rest.go +++ b/pkg/registry/core/tenantsecretstable/rest.go @@ -1,6 +1,6 @@ // SPDX-License-Identifier: Apache-2.0 // TenantSecretsTable registry – namespaced, read-only flattened view over -// Secrets labelled "internal.cozystack.io/tenantsecret=true". Each data key is a separate object. +// Secrets labelled "internal.cozystack.io/tenantresource=true". Each data key is a separate object. package tenantsecretstable @@ -23,14 +23,14 @@ import ( "k8s.io/apimachinery/pkg/watch" "k8s.io/apiserver/pkg/endpoints/request" "k8s.io/apiserver/pkg/registry/rest" - corev1client "k8s.io/client-go/kubernetes/typed/core/v1" + "sigs.k8s.io/controller-runtime/pkg/client" corev1alpha1 "github.com/cozystack/cozystack/pkg/apis/core/v1alpha1" ) const ( - tsLabelKey = "apps.cozystack.io/tenantresource" - tsLabelValue = "true" + tsLabelKey = corev1alpha1.TenantResourceLabelKey + tsLabelValue = corev1alpha1.TenantResourceLabelValue kindObj = "TenantSecretsTable" kindObjList = "TenantSecretsTableList" singularName = "tenantsecretstable" @@ -38,13 +38,15 @@ const ( ) type REST struct { - core corev1client.CoreV1Interface - gvr schema.GroupVersionResource + c client.Client + w client.WithWatch + gvr schema.GroupVersionResource } -func NewREST(coreCli corev1client.CoreV1Interface) *REST { +func NewREST(c client.Client, w client.WithWatch) *REST { return &REST{ - core: coreCli, + c: c, + w: w, gvr: schema.GroupVersionResource{ Group: corev1alpha1.GroupName, Version: "v1alpha1", @@ -95,7 +97,14 @@ func (r *REST) Get(ctx context.Context, name string, opts *metav1.GetOptions) (r // We need to identify secret name and key. Iterate secrets in namespace with tenant secret label // and return the matching composed object. - list, err := r.core.Secrets(ns).List(ctx, metav1.ListOptions{LabelSelector: labels.Set{tsLabelKey: tsLabelValue}.AsSelector().String()}) + list := &corev1.SecretList{} + err = r.c.List(ctx, list, + &client.ListOptions{ + Namespace: ns, + Raw: &metav1.ListOptions{ + LabelSelector: labels.Set{tsLabelKey: tsLabelValue}.AsSelector().String(), + }, + }) if err != nil { return nil, err } @@ -130,7 +139,15 @@ func (r *REST) List(ctx context.Context, opts *metainternal.ListOptions) (runtim fieldSel = opts.FieldSelector.String() } - list, err := r.core.Secrets(ns).List(ctx, metav1.ListOptions{LabelSelector: sel.String(), FieldSelector: fieldSel}) + list := &corev1.SecretList{} + err = r.c.List(ctx, list, + &client.ListOptions{ + Namespace: ns, + Raw: &metav1.ListOptions{ + LabelSelector: labels.Set{tsLabelKey: tsLabelValue}.AsSelector().String(), + FieldSelector: fieldSel, + }, + }) if err != nil { return nil, err } @@ -169,12 +186,13 @@ func (r *REST) Watch(ctx context.Context, opts *metainternal.ListOptions) (watch return nil, err } + secList := &corev1.SecretList{} ls := labels.Set{tsLabelKey: tsLabelValue}.AsSelector().String() - base, err := r.core.Secrets(ns).Watch(ctx, metav1.ListOptions{ + base, err := r.w.Watch(ctx, secList, &client.ListOptions{Namespace: ns, Raw: &metav1.ListOptions{ Watch: true, LabelSelector: ls, ResourceVersion: opts.ResourceVersion, - }) + }}) if err != nil { return nil, err } diff --git a/scripts/migrations/20 b/scripts/migrations/20 index 68e22cf2..1a262ea7 100755 --- a/scripts/migrations/20 +++ b/scripts/migrations/20 @@ -3,15 +3,44 @@ set -euo pipefail -kubectl delete ingresses.networking.k8s.io --all -n cozy-dashboard --ignore-not-found -kubectl delete crd cozystackresourcedefinitions.cozystack.io --ignore-not-found +kubectl -n cozy-system delete helmrelease cozystack-api \ + || kubectl -n cozy-system delete deployment cozystack-api --ignore-not-found # fallback to help migration progress if it failed first time +while [ $( kubectl -n cozy-system get po -l app=cozystack-api --no-headers | wc -l ) != 0 ] ; +do + echo "Waiting for Cozystack API pods to be deleted"; + sleep 1 +done + +kubectl -n cozy-system delete helmrelease cozystack-controller \ + || kubectl -n cozy-system delete deployment cozystack-controller --ignore-not-found # same fallback +kubectl delete customresourcedefinitions.apiextensions.k8s.io cozystackresourcedefinitions.cozystack.io --ignore-not-found +while [ $( kubectl -n cozy-system get po -l app=cozystack-controller --no-headers | wc -l ) != 0 ] ; +do + echo "Waiting for Cozystack controller pods to be deleted"; + sleep 1 +done + +kubectl delete helmrelease -n cozy-dashboard dashboard --ignore-not-found +sleep 5 +cozypkg -n cozy-system -C packages/system/cozystack-resource-definition-crd apply cozystack-resource-definition-crd --plain +cozypkg -n cozy-system -C packages/system/cozystack-resource-definitions apply cozystack-resource-definitions --plain +cozypkg -n cozy-system -C packages/system/cozystack-api apply cozystack-api --plain +helm upgrade --install -n cozy-system cozystack-controller ./packages/system/cozystack-controller/ --take-ownership +helm upgrade --install -n cozy-system lineage-controller-webhook ./packages/system/lineage-controller-webhook/ --take-ownership + +sleep 5 +kubectl delete ns cozy-lineage-webhook-test --ignore-not-found && kubectl create ns cozy-lineage-webhook-test +cleanup_test_ns() { + kubectl delete ns cozy-lineage-webhook-test --ignore-not-found +} +trap cleanup_test_ns ERR +timeout 60 sh -c 'until kubectl -n cozy-lineage-webhook-test create service clusterip lineage-webhook-test --clusterip="None" --dry-run=server; do sleep 1; done' +cleanup_test_ns + +kubectl wait deployment/cozystack-api -n cozy-system --timeout=4m --for=condition=available || exit 1 +kubectl wait deployment/cozystack-controller -n cozy-system --timeout=4m --for=condition=available || exit 1 timestamp=$(date --rfc-3339=ns || date) -# Make sure webhook is upgraded first, then run migration -cozypkg -C packages/system/cozystack-controller -n cozy-system reconcile cozystack-controller --force --with-source -kubectl wait hr/cozystack-controller -n cozy-system --timeout=4m --for=condition=ready || exit 1 -cozypkg -C packages/system/cozystack-api -n cozy-system reconcile cozystack-api --force --with-source -kubectl wait hr/cozystack-api -n cozy-system --timeout=4m --for=condition=ready || exit 1 kubectl get namespace -o custom-columns=NAME:.metadata.name --no-headers | grep '^tenant-' | while read namespace ; do