github-personal/cozystack
1
0
Fork 0
mirror of https://github.com/outbackdingo/cozystack.git synced 2026-02-05 00:15:51 +00:00
Code Issues Packages Projects Releases Wiki Activity

Compare commits

base: github-personal:enhance-flux
Branches Tags
github-personal:main github-personal:feat/use-ocir-for-prs github-personal:new-openapi-generator github-personal:release-0.34 github-personal:changelogs-release-v0.34.x github-personal:tym83-patch-1 github-personal:release-0.33 github-personal:feat/select-k8s-fix-conflict github-personal:victoria-metrics-upd github-personal:69-integration-with-proxmox-paas-proxmox-bundle github-personal:setup-env github-personal:tests-w-resources github-personal:hcloud github-personal:experiment/cozystack-operator github-personal:bugfix-make-kk-deletable github-personal:platform-add-velero github-personal:update-backup-restore-reference github-personal:(backup)--backup-for-tenant-k8s-cluster github-personal:idempotent-tests github-personal:release-0.32 github-personal:1084-tunable-tenant-monitoring github-personal:bugfix-fix-pgdump-version github-personal:release-0.31 github-personal:changelogs-release-v0.32.2 github-personal:cozypkg github-personal:(tests)--add-air-gapped-tests github-personal:519-cross-arch-components-core github-personal:buildx github-personal:use-shared-runners github-personal:tests-kuber github-personal:fix-versions-map github-personal:kubernetes-test github-personal:bats github-personal:untie-ingress-certmanager github-personal:prepare-0.31.0-rc.2 github-personal:fix-genisoimage github-personal:(air-gapped)--disable-fluxcd-artifact github-personal:release-0.30 github-personal:(platform)--add-artifact-for-flux github-personal:build-repo github-personal:(platform)--add-air-gapped-support github-personal:platform-dependencies github-personal:ingress-api github-personal:release-0.30.5 github-personal:ci-wait-capi github-personal:ci-pull-request-target github-personal:release-0.31.0-rc1 github-personal:kubernetes-ubuntu-gpu github-personal:(platform)--up-tenant-version github-personal:802-apps-and-extra github-personal:802-gen-versions-map-fix github-personal:(ci)--fix-gen-versions-map github-personal:(ci)--move-precommit-job-to-selfhosted-runner github-personal:fix-tests github-personal:fix/integer-replicas github-personal:upd-testing github-personal:release-0.28 github-personal:release-v0.28.2 github-personal:release-v0.28.1 github-personal:71-configure-github-ci github-personal:fix-kubeovn-cert github-personal:cilium-disable-antispoofing github-personal:talos-firmwares github-personal:tinkerbell github-personal:maintainers github-personal:secureboot github-personal:openshift-console github-personal:add-tests-refactor github-personal:release-0.16 github-personal:cdi-scratch github-personal:add-kafka-exporter github-personal:upd-seaweedfs github-personal:kubermatic-alerts github-personal:fix-etcd-sc github-personal:guacamole github-personal:grafana-oncall github-personal:cilium-hostlegacy github-personal:upd-screenshots github-personal:upd-kamaji-2 github-personal:release-0.10 github-personal:release-0.10.3 github-personal:seaweedfs-operator github-personal:release-0.10.2 github-personal:release-0.9 github-personal:nats-operator github-personal:173-airgapped github-personal:kube-ovn-image github-personal:fix-external-traffc-policy github-personal:upd-kube-ovn github-personal:fix-dns github-personal:fix-kamaji github-personal:fix-kubernetes github-personal:fix-cluster-local github-personal:etcd-quota-backend-bytes github-personal:cilium-new github-personal:mariadb-operator-new github-personal:openapi-schema-generation github-personal:etcd-operator github-personal:release-0.1.0v2 github-personal:fix-tolerations github-personal:release-0.4.0 github-personal:proxmox-csi github-personal:replicas github-personal:upd-kubeapps github-personal:fix-old-versions github-personal:flux-client-side-apply github-personal:dynamic-tags github-personal:release-v0.3.1 github-personal:release-0.3.0 github-personal:clickhouse-operator-1 github-personal:fix-kamaji-etcd github-personal:grafana-ingress-class github-personal:clickhouse-app github-personal:hetzner github-personal:kafka-app github-personal:kafka-clickhouse-apps github-personal:clickhouse-operator github-personal:kafka-operator github-personal:release-0.2.0 github-personal:rename-bundles github-personal:versioning-helm-chart github-personal:fix-cilium github-personal:enhance-flux github-personal:fix-full-distro github-personal:fix-chicken-and-egg-problem github-personal:fix-cilium-toleration github-personal:fix-helm-build github-personal:bundles github-personal:mariadb-operator github-personal:kube-ovn github-personal:cilium github-personal:cnpg github-personal:linstor github-personal:roadmap github-personal:framework github-personal:release-0.1.0 github-personal:fix-redis github-personal:leader-election github-personal:project-documents github-personal:release-v0.0.2 github-personal:mvp
github-personal:v0.34.0-beta.3 github-personal:v0.34.0-rc.1 github-personal:v0.33.3 github-personal:v0.34.0-beta.2 github-personal:v0.34.0-beta.1 github-personal:v0.33.2 github-personal:v0.33.1 github-personal:v0.33.0 github-personal:v0.32.1 github-personal:v0.32.0 github-personal:v0.31.2 github-personal:v0.32.0-beta.2 github-personal:v0.32.0-beta.1 github-personal:v0.31.1 github-personal:v0.31.0 github-personal:v0.31.0-rc.3 github-personal:v0.31.0-rc.2 github-personal:v0.30.6 github-personal:v0.31.0-alpha.0 github-personal:v0.30.5 github-personal:v0.31.0-rc.1 github-personal:v0.31.0-rc1 github-personal:v0.30.4 github-personal:v0.30.3 github-personal:v0.30.2 github-personal:v0.30.1 github-personal:0.30.1 github-personal:v0.30.0 github-personal:v0.29.1 github-personal:v0.29.0 github-personal:v0.28.2 github-personal:v0.28.1 github-personal:v0.28.0 github-personal:v0.27.0 github-personal:v0.26.1 github-personal:v0.26.0 github-personal:v0.25.3 github-personal:v0.25.2 github-personal:v0.25.1 github-personal:v0.25.0 github-personal:v0.24.1 github-personal:v0.24.0 github-personal:v0.23.1 github-personal:v0.23.0 github-personal:v0.22.0 github-personal:v0.21.1 github-personal:v0.21.0 github-personal:v0.20.2 github-personal:v0.20.1 github-personal:v0.20.0 github-personal:v0.19.0 github-personal:v0.18.0 github-personal:v0.17.1 github-personal:v0.17.0 github-personal:v0.16.5 github-personal:v0.16.4 github-personal:v0.16.3 github-personal:v0.16.2 github-personal:v0.16.1 github-personal:v0.16.0 github-personal:v0.15.0 github-personal:v0.14.1 github-personal:v0.14.0 github-personal:v0.13.0 github-personal:v0.12.0 github-personal:v0.11.0 github-personal:v0.10.4 github-personal:v0.10.3 github-personal:v0.10.2 github-personal:v0.10.1 github-personal:v0.10.0 github-personal:v0.9.1 github-personal:v0.9.0 github-personal:v0.8.0 github-personal:v0.7.0 github-personal:v0.6.0 github-personal:v0.5.0 github-personal:v0.4.0 github-personal:v0.3.1 github-personal:v0.3.0 github-personal:v0.2.0 github-personal:v0.1.0 github-personal:v0.0.1
..
compare: github-personal:cilium
Branches Tags
github-personal:main github-personal:feat/use-ocir-for-prs github-personal:new-openapi-generator github-personal:release-0.34 github-personal:changelogs-release-v0.34.x github-personal:tym83-patch-1 github-personal:release-0.33 github-personal:feat/select-k8s-fix-conflict github-personal:victoria-metrics-upd github-personal:69-integration-with-proxmox-paas-proxmox-bundle github-personal:setup-env github-personal:tests-w-resources github-personal:hcloud github-personal:experiment/cozystack-operator github-personal:bugfix-make-kk-deletable github-personal:platform-add-velero github-personal:update-backup-restore-reference github-personal:(backup)--backup-for-tenant-k8s-cluster github-personal:idempotent-tests github-personal:release-0.32 github-personal:1084-tunable-tenant-monitoring github-personal:bugfix-fix-pgdump-version github-personal:release-0.31 github-personal:changelogs-release-v0.32.2 github-personal:cozypkg github-personal:(tests)--add-air-gapped-tests github-personal:519-cross-arch-components-core github-personal:buildx github-personal:use-shared-runners github-personal:tests-kuber github-personal:fix-versions-map github-personal:kubernetes-test github-personal:bats github-personal:untie-ingress-certmanager github-personal:prepare-0.31.0-rc.2 github-personal:fix-genisoimage github-personal:(air-gapped)--disable-fluxcd-artifact github-personal:release-0.30 github-personal:(platform)--add-artifact-for-flux github-personal:build-repo github-personal:(platform)--add-air-gapped-support github-personal:platform-dependencies github-personal:ingress-api github-personal:release-0.30.5 github-personal:ci-wait-capi github-personal:ci-pull-request-target github-personal:release-0.31.0-rc1 github-personal:kubernetes-ubuntu-gpu github-personal:(platform)--up-tenant-version github-personal:802-apps-and-extra github-personal:802-gen-versions-map-fix github-personal:(ci)--fix-gen-versions-map github-personal:(ci)--move-precommit-job-to-selfhosted-runner github-personal:fix-tests github-personal:fix/integer-replicas github-personal:upd-testing github-personal:release-0.28 github-personal:release-v0.28.2 github-personal:release-v0.28.1 github-personal:71-configure-github-ci github-personal:fix-kubeovn-cert github-personal:cilium-disable-antispoofing github-personal:talos-firmwares github-personal:tinkerbell github-personal:maintainers github-personal:secureboot github-personal:openshift-console github-personal:add-tests-refactor github-personal:release-0.16 github-personal:cdi-scratch github-personal:add-kafka-exporter github-personal:upd-seaweedfs github-personal:kubermatic-alerts github-personal:fix-etcd-sc github-personal:guacamole github-personal:grafana-oncall github-personal:cilium-hostlegacy github-personal:upd-screenshots github-personal:upd-kamaji-2 github-personal:release-0.10 github-personal:release-0.10.3 github-personal:seaweedfs-operator github-personal:release-0.10.2 github-personal:release-0.9 github-personal:nats-operator github-personal:173-airgapped github-personal:kube-ovn-image github-personal:fix-external-traffc-policy github-personal:upd-kube-ovn github-personal:fix-dns github-personal:fix-kamaji github-personal:fix-kubernetes github-personal:fix-cluster-local github-personal:etcd-quota-backend-bytes github-personal:cilium-new github-personal:mariadb-operator-new github-personal:openapi-schema-generation github-personal:etcd-operator github-personal:release-0.1.0v2 github-personal:fix-tolerations github-personal:release-0.4.0 github-personal:proxmox-csi github-personal:replicas github-personal:upd-kubeapps github-personal:fix-old-versions github-personal:flux-client-side-apply github-personal:dynamic-tags github-personal:release-v0.3.1 github-personal:release-0.3.0 github-personal:clickhouse-operator-1 github-personal:fix-kamaji-etcd github-personal:grafana-ingress-class github-personal:clickhouse-app github-personal:hetzner github-personal:kafka-app github-personal:kafka-clickhouse-apps github-personal:clickhouse-operator github-personal:kafka-operator github-personal:release-0.2.0 github-personal:rename-bundles github-personal:versioning-helm-chart github-personal:fix-cilium github-personal:enhance-flux github-personal:fix-full-distro github-personal:fix-chicken-and-egg-problem github-personal:fix-cilium-toleration github-personal:fix-helm-build github-personal:bundles github-personal:mariadb-operator github-personal:kube-ovn github-personal:cilium github-personal:cnpg github-personal:linstor github-personal:roadmap github-personal:framework github-personal:release-0.1.0 github-personal:fix-redis github-personal:leader-election github-personal:project-documents github-personal:release-v0.0.2 github-personal:mvp
github-personal:v0.34.0-beta.3 github-personal:v0.34.0-rc.1 github-personal:v0.33.3 github-personal:v0.34.0-beta.2 github-personal:v0.34.0-beta.1 github-personal:v0.33.2 github-personal:v0.33.1 github-personal:v0.33.0 github-personal:v0.32.1 github-personal:v0.32.0 github-personal:v0.31.2 github-personal:v0.32.0-beta.2 github-personal:v0.32.0-beta.1 github-personal:v0.31.1 github-personal:v0.31.0 github-personal:v0.31.0-rc.3 github-personal:v0.31.0-rc.2 github-personal:v0.30.6 github-personal:v0.31.0-alpha.0 github-personal:v0.30.5 github-personal:v0.31.0-rc.1 github-personal:v0.31.0-rc1 github-personal:v0.30.4 github-personal:v0.30.3 github-personal:v0.30.2 github-personal:v0.30.1 github-personal:0.30.1 github-personal:v0.30.0 github-personal:v0.29.1 github-personal:v0.29.0 github-personal:v0.28.2 github-personal:v0.28.1 github-personal:v0.28.0 github-personal:v0.27.0 github-personal:v0.26.1 github-personal:v0.26.0 github-personal:v0.25.3 github-personal:v0.25.2 github-personal:v0.25.1 github-personal:v0.25.0 github-personal:v0.24.1 github-personal:v0.24.0 github-personal:v0.23.1 github-personal:v0.23.0 github-personal:v0.22.0 github-personal:v0.21.1 github-personal:v0.21.0 github-personal:v0.20.2 github-personal:v0.20.1 github-personal:v0.20.0 github-personal:v0.19.0 github-personal:v0.18.0 github-personal:v0.17.1 github-personal:v0.17.0 github-personal:v0.16.5 github-personal:v0.16.4 github-personal:v0.16.3 github-personal:v0.16.2 github-personal:v0.16.1 github-personal:v0.16.0 github-personal:v0.15.0 github-personal:v0.14.1 github-personal:v0.14.0 github-personal:v0.13.0 github-personal:v0.12.0 github-personal:v0.11.0 github-personal:v0.10.4 github-personal:v0.10.3 github-personal:v0.10.2 github-personal:v0.10.1 github-personal:v0.10.0 github-personal:v0.9.1 github-personal:v0.9.0 github-personal:v0.8.0 github-personal:v0.7.0 github-personal:v0.6.0 github-personal:v0.5.0 github-personal:v0.4.0 github-personal:v0.3.1 github-personal:v0.3.0 github-personal:v0.2.0 github-personal:v0.1.0 github-personal:v0.0.1

1 Commits
enhance-fl ... cilium

Author SHA1 Message Date
Andrei Kvapil
8055151d32 Update Cilium v1.14.5 2024-03-15 21:14:19 +01:00
197 changed files with 9456 additions and 55934 deletions
Expand all files Collapse all files

4
README.md
View File

@@ -33,7 +33,7 @@ You can use Cozystack as Kubernetes distribution for Bare Metal
## Documentation
The documentation is located on official [cozystack.io](https://cozystack.io) website.
The documentation is located on official [cozystack.io](cozystack.io) website.
Read [Get Started](https://cozystack.io/docs/get-started/) section for a quick start.
@@ -44,8 +44,6 @@ If you encounter any difficulties, start with the [troubleshooting guide](https:
Versioning adheres to the [Semantic Versioning](http://semver.org/) principles.
A full list of the available releases is available in the GitHub repository's [Release](https://github.com/aenix-io/cozystack/releases) section.
- [Roadmap](https://github.com/orgs/aenix-io/projects/2)
## Contributions
Contributions are highly appreciated and very welcomed!

3
manifests/cozystack-installer.yaml
View File

@@ -102,6 +102,3 @@ spec:
- key: "node.kubernetes.io/not-ready"
operator: "Exists"
effect: "NoSchedule"
- key: "node.cilium.io/agent-not-ready"
operator: "Exists"
effect: "NoSchedule"

2
packages/apps/http-cache/Makefile
View File

@@ -2,7 +2,7 @@ PUSH := 1
LOAD := 0
REGISTRY := ghcr.io/aenix-io/cozystack
NGINX_CACHE_TAG = v0.1.0
TAG := v0.2.0
TAG := v0.1.0
image: image-nginx

2
packages/apps/kubernetes/Makefile
View File

@@ -1,7 +1,7 @@
PUSH := 1
LOAD := 0
REGISTRY := ghcr.io/aenix-io/cozystack
TAG := v0.2.0
TAG := v0.1.0
UBUNTU_CONTAINER_DISK_TAG = v1.29.1
image: image-ubuntu-container-disk

13
packages/core/fluxcd/Makefile
View File

@@ -1,13 +0,0 @@
NAMESPACE=cozy-fluxcd
NAME=fluxcd
API_VERSIONS_FLAGS=$(addprefix -a ,$(shell kubectl api-versions))
show:
helm template -n $(NAMESPACE) $(NAME) . --no-hooks --dry-run=server $(API_VERSIONS_FLAGS)
apply:
helm template -n $(NAMESPACE) $(NAME) . --no-hooks --dry-run=server $(API_VERSIONS_FLAGS) | kubectl apply -n $(NAMESPACE) -f-
diff:
helm template -n $(NAMESPACE) $(NAME) . --no-hooks --dry-run=server $(API_VERSIONS_FLAGS) | kubectl diff -n $(NAMESPACE) -f-

2268
packages/core/fluxcd/charts/flux2/templates/helm-controller.crds.yaml
View File

File diff suppressed because it is too large Load Diff

5
packages/core/installer/Makefile
View File

@@ -1,9 +1,9 @@
NAMESPACE=cozy-system
NAMESPACE=cozy-installer
NAME=installer
PUSH := 1
LOAD := 0
REGISTRY := ghcr.io/aenix-io/cozystack
TAG := v0.2.0
TAG := v0.1.0
TALOS_VERSION=$(shell awk '/^version:/ {print $$2}' images/talos/profiles/installer.yaml)
show:
@@ -21,7 +21,6 @@ update:
image: image-cozystack image-talos image-matchbox
image-cozystack:
make -C ../../.. repos
docker buildx build -f images/cozystack/Dockerfile ../../.. \
--provenance false \
--tag $(REGISTRY)/cozystack:$(TAG) \

3
packages/core/installer/templates/cozystack.yaml
View File

@@ -82,9 +82,6 @@ spec:
- key: "node.kubernetes.io/not-ready"
operator: "Exists"
effect: "NoSchedule"
- key: "node.cilium.io/agent-not-ready"
operator: "Exists"
effect: "NoSchedule"
---
apiVersion: v1
kind: Service

4
packages/core/platform/Makefile
View File

@@ -13,7 +13,7 @@ namespaces-show:
helm template -n $(NAMESPACE) $(NAME) . --dry-run=server $(API_VERSIONS_FLAGS) -s templates/namespaces.yaml
namespaces-apply:
helm template -n $(NAMESPACE) $(NAME) . --dry-run=server $(API_VERSIONS_FLAGS) -s templates/namespaces.yaml | kubectl apply -n $(NAMESPACE) -f-
helm template -n $(NAMESPACE) $(NAME) . --dry-run=server $(API_VERSIONS_FLAGS) -s templates/namespaces.yaml | kubectl apply -f-
diff:
helm template -n $(NAMESPACE) $(NAME) . --dry-run=server $(API_VERSIONS_FLAGS) | kubectl diff -f-
helm template -n $(NAMESPACE) $(NAME) . --dry-run=server $(API_VERSIONS_FLAGS) -s templates/namespaces.yaml | kubectl diff -f-

97
packages/core/platform/bundles/full-distro.yaml
View File

@@ -1,97 +0,0 @@
{{- $cozyConfig := lookup "v1" "ConfigMap" "cozy-system" "cozystack" }}
releases:
- name: cilium
releaseName: cilium
chart: cozy-cilium
namespace: cozy-cilium
privileged: true
dependsOn: []
values:
cilium:
cni:
chainingMode: ~
customConf: false
configMap: ""
enableIPv4Masquerade: true
- name: cert-manager
releaseName: cert-manager
chart: cozy-cert-manager
namespace: cozy-cert-manager
dependsOn: [cilium]
- name: cert-manager-issuers
releaseName: cert-manager-issuers
chart: cozy-cert-manager-issuers
namespace: cozy-cert-manager
dependsOn: [cilium,cert-manager]
- name: victoria-metrics-operator
releaseName: victoria-metrics-operator
chart: cozy-victoria-metrics-operator
namespace: cozy-victoria-metrics-operator
dependsOn: [cilium,cert-manager]
- name: monitoring
releaseName: monitoring
chart: cozy-monitoring
namespace: cozy-monitoring
privileged: true
dependsOn: [cilium,victoria-metrics-operator]
- name: metallb
releaseName: metallb
chart: cozy-metallb
namespace: cozy-metallb
privileged: true
dependsOn: [cilium]
- name: grafana-operator
releaseName: grafana-operator
chart: cozy-grafana-operator
namespace: cozy-grafana-operator
dependsOn: [cilium]
- name: mariadb-operator
releaseName: mariadb-operator
chart: cozy-mariadb-operator
namespace: cozy-mariadb-operator
dependsOn: [cilium,cert-manager,victoria-metrics-operator]
- name: postgres-operator
releaseName: postgres-operator
chart: cozy-postgres-operator
namespace: cozy-postgres-operator
dependsOn: [cilium,cert-manager]
- name: rabbitmq-operator
releaseName: rabbitmq-operator
chart: cozy-rabbitmq-operator
namespace: cozy-rabbitmq-operator
dependsOn: [cilium]
- name: redis-operator
releaseName: redis-operator
chart: cozy-redis-operator
namespace: cozy-redis-operator
dependsOn: [cilium]
- name: piraeus-operator
releaseName: piraeus-operator
chart: cozy-piraeus-operator
namespace: cozy-linstor
dependsOn: [cilium,cert-manager]
- name: linstor
releaseName: linstor
chart: cozy-linstor
namespace: cozy-linstor
privileged: true
dependsOn: [piraeus-operator,cilium,cert-manager]
- name: telepresence
releaseName: traffic-manager
chart: cozy-telepresence
namespace: cozy-telepresence
dependsOn: []

171
packages/core/platform/bundles/full-paas.yaml
View File

@@ -1,171 +0,0 @@
{{- $cozyConfig := lookup "v1" "ConfigMap" "cozy-system" "cozystack" }}
releases:
- name: cilium
releaseName: cilium
chart: cozy-cilium
namespace: cozy-cilium
privileged: true
dependsOn: []
- name: kubeovn
releaseName: kubeovn
chart: cozy-kubeovn
namespace: cozy-kubeovn
privileged: true
dependsOn: [cilium]
values:
cozystack:
nodesHash: {{ include "cozystack.master-node-ips" . | sha256sum }}
kube-ovn:
ipv4:
POD_CIDR: "{{ index $cozyConfig.data "ipv4-pod-cidr" }}"
POD_GATEWAY: "{{ index $cozyConfig.data "ipv4-pod-gateway" }}"
SVC_CIDR: "{{ index $cozyConfig.data "ipv4-svc-cidr" }}"
JOIN_CIDR: "{{ index $cozyConfig.data "ipv4-join-cidr" }}"
- name: cert-manager
releaseName: cert-manager
chart: cozy-cert-manager
namespace: cozy-cert-manager
dependsOn: [cilium,kubeovn]
- name: cert-manager-issuers
releaseName: cert-manager-issuers
chart: cozy-cert-manager-issuers
namespace: cozy-cert-manager
dependsOn: [cilium,kubeovn,cert-manager]
- name: victoria-metrics-operator
releaseName: victoria-metrics-operator
chart: cozy-victoria-metrics-operator
namespace: cozy-victoria-metrics-operator
dependsOn: [cilium,kubeovn,cert-manager]
- name: monitoring
releaseName: monitoring
chart: cozy-monitoring
namespace: cozy-monitoring
privileged: true
dependsOn: [cilium,kubeovn,victoria-metrics-operator]
- name: kubevirt-operator
releaseName: kubevirt-operator
chart: cozy-kubevirt-operator
namespace: cozy-kubevirt
dependsOn: [cilium,kubeovn]
- name: kubevirt
releaseName: kubevirt
chart: cozy-kubevirt
namespace: cozy-kubevirt
privileged: true
dependsOn: [cilium,kubeovn,kubevirt-operator]
- name: kubevirt-cdi-operator
releaseName: kubevirt-cdi-operator
chart: cozy-kubevirt-cdi-operator
namespace: cozy-kubevirt-cdi
dependsOn: [cilium,kubeovn]
- name: kubevirt-cdi
releaseName: kubevirt-cdi
chart: cozy-kubevirt-cdi
namespace: cozy-kubevirt-cdi
dependsOn: [cilium,kubeovn,kubevirt-cdi-operator]
- name: metallb
releaseName: metallb
chart: cozy-metallb
namespace: cozy-metallb
privileged: true
dependsOn: [cilium,kubeovn]
- name: grafana-operator
releaseName: grafana-operator
chart: cozy-grafana-operator
namespace: cozy-grafana-operator
dependsOn: [cilium,kubeovn]
- name: mariadb-operator
releaseName: mariadb-operator
chart: cozy-mariadb-operator
namespace: cozy-mariadb-operator
dependsOn: [cilium,kubeovn,cert-manager,victoria-metrics-operator]
- name: postgres-operator
releaseName: postgres-operator
chart: cozy-postgres-operator
namespace: cozy-postgres-operator
dependsOn: [cilium,kubeovn,cert-manager]
- name: rabbitmq-operator
releaseName: rabbitmq-operator
chart: cozy-rabbitmq-operator
namespace: cozy-rabbitmq-operator
dependsOn: [cilium,kubeovn]
- name: redis-operator
releaseName: redis-operator
chart: cozy-redis-operator
namespace: cozy-redis-operator
dependsOn: [cilium,kubeovn]
- name: piraeus-operator
releaseName: piraeus-operator
chart: cozy-piraeus-operator
namespace: cozy-linstor
dependsOn: [cilium,kubeovn,cert-manager]
- name: linstor
releaseName: linstor
chart: cozy-linstor
namespace: cozy-linstor
privileged: true
dependsOn: [piraeus-operator,cilium,kubeovn,cert-manager]
- name: telepresence
releaseName: traffic-manager
chart: cozy-telepresence
namespace: cozy-telepresence
dependsOn: [cilium,kubeovn]
- name: dashboard
releaseName: dashboard
chart: cozy-dashboard
namespace: cozy-dashboard
dependsOn: [cilium,kubeovn]
{{- if .Capabilities.APIVersions.Has "source.toolkit.fluxcd.io/v1beta2" }}
{{- with (lookup "source.toolkit.fluxcd.io/v1beta2" "HelmRepository" "cozy-public" "").items }}
values:
kubeapps:
redis:
master:
podAnnotations:
{{- range $index, $repo := . }}
{{- with (($repo.status).artifact).revision }}
repository.cozystack.io/{{ $repo.metadata.name }}: {{ quote . }}
{{- end }}
{{- end }}
{{- end }}
{{- end }}
- name: kamaji
releaseName: kamaji
chart: cozy-kamaji
namespace: cozy-kamaji
dependsOn: [cilium,kubeovn,cert-manager]
- name: capi-operator
releaseName: capi-operator
chart: cozy-capi-operator
namespace: cozy-cluster-api
privileged: true
dependsOn: [cilium,kubeovn,cert-manager]
- name: capi-providers
releaseName: capi-providers
chart: cozy-capi-providers
namespace: cozy-cluster-api
privileged: true
dependsOn: [cilium,kubeovn,capi-operator]

63
packages/core/platform/bundles/hosted-distro.yaml
View File

@@ -1,63 +0,0 @@
{{- $cozyConfig := lookup "v1" "ConfigMap" "cozy-system" "cozystack" }}
releases:
- name: cert-manager
releaseName: cert-manager
chart: cozy-cert-manager
namespace: cozy-cert-manager
dependsOn: []
- name: cert-manager-issuers
releaseName: cert-manager-issuers
chart: cozy-cert-manager-issuers
namespace: cozy-cert-manager
dependsOn: [cert-manager]
- name: victoria-metrics-operator
releaseName: victoria-metrics-operator
chart: cozy-victoria-metrics-operator
namespace: cozy-victoria-metrics-operator
dependsOn: [cert-manager]
- name: monitoring
releaseName: monitoring
chart: cozy-monitoring
namespace: cozy-monitoring
privileged: true
dependsOn: [victoria-metrics-operator]
- name: grafana-operator
releaseName: grafana-operator
chart: cozy-grafana-operator
namespace: cozy-grafana-operator
dependsOn: []
- name: mariadb-operator
releaseName: mariadb-operator
chart: cozy-mariadb-operator
namespace: cozy-mariadb-operator
dependsOn: [victoria-metrics-operator]
- name: postgres-operator
releaseName: postgres-operator
chart: cozy-postgres-operator
namespace: cozy-postgres-operator
dependsOn: [cert-manager]
- name: rabbitmq-operator
releaseName: rabbitmq-operator
chart: cozy-rabbitmq-operator
namespace: cozy-rabbitmq-operator
dependsOn: []
- name: redis-operator
releaseName: redis-operator
chart: cozy-redis-operator
namespace: cozy-redis-operator
dependsOn: []
- name: telepresence
releaseName: traffic-manager
chart: cozy-telepresence
namespace: cozy-telepresence
dependsOn: []

89
packages/core/platform/bundles/hosted-paas.yaml
View File

@@ -1,89 +0,0 @@
{{- $cozyConfig := lookup "v1" "ConfigMap" "cozy-system" "cozystack" }}
releases:
- name: cert-manager
releaseName: cert-manager
chart: cozy-cert-manager
namespace: cozy-cert-manager
dependsOn: []
- name: cert-manager-issuers
releaseName: cert-manager-issuers
chart: cozy-cert-manager-issuers
namespace: cozy-cert-manager
dependsOn: [cert-manager]
- name: victoria-metrics-operator
releaseName: victoria-metrics-operator
chart: cozy-victoria-metrics-operator
namespace: cozy-victoria-metrics-operator
dependsOn: [cert-manager]
- name: monitoring
releaseName: monitoring
chart: cozy-monitoring
namespace: cozy-monitoring
privileged: true
dependsOn: [victoria-metrics-operator]
- name: grafana-operator
releaseName: grafana-operator
chart: cozy-grafana-operator
namespace: cozy-grafana-operator
dependsOn: []
- name: mariadb-operator
releaseName: mariadb-operator
chart: cozy-mariadb-operator
namespace: cozy-mariadb-operator
dependsOn: [cert-manager,victoria-metrics-operator]
- name: postgres-operator
releaseName: postgres-operator
chart: cozy-postgres-operator
namespace: cozy-postgres-operator
dependsOn: [cert-manager]
- name: rabbitmq-operator
releaseName: rabbitmq-operator
chart: cozy-rabbitmq-operator
namespace: cozy-rabbitmq-operator
dependsOn: []
- name: redis-operator
releaseName: redis-operator
chart: cozy-redis-operator
namespace: cozy-redis-operator
dependsOn: []
- name: piraeus-operator
releaseName: piraeus-operator
chart: cozy-piraeus-operator
namespace: cozy-linstor
dependsOn: [cert-manager]
- name: telepresence
releaseName: traffic-manager
chart: cozy-telepresence
namespace: cozy-telepresence
dependsOn: []
- name: dashboard
releaseName: dashboard
chart: cozy-dashboard
namespace: cozy-dashboard
dependsOn: []
{{- if .Capabilities.APIVersions.Has "source.toolkit.fluxcd.io/v1beta2" }}
{{- with (lookup "source.toolkit.fluxcd.io/v1beta2" "HelmRepository" "cozy-public" "").items }}
values:
kubeapps:
redis:
master:
podAnnotations:
{{- range $index, $repo := . }}
{{- with (($repo.status).artifact).revision }}
repository.cozystack.io/{{ $repo.metadata.name }}: {{ quote . }}
{{- end }}
{{- end }}
{{- end }}
{{- end }}

2
packages/core/platform/templates/_helpers.tpl
View File

@@ -1,7 +1,7 @@
{{/*
Get IP-addresses of master nodes
*/}}
{{- define "cozystack.master-node-ips" -}}
{{- define "master.nodeIPs" -}}
{{- $nodes := lookup "v1" "Node" "" "" -}}
{{- $ips := list -}}
{{- range $node := $nodes.items -}}

19
packages/core/platform/templates/apps.yaml
View File

@@ -1,10 +1,7 @@
{{- $cozyConfig := lookup "v1" "ConfigMap" "cozy-system" "cozystack" }}
{{- $bundleName := index $cozyConfig.data "bundle-name" }}
{{- $bundle := tpl (.Files.Get (printf "bundles/%s.yaml" $bundleName)) . | fromYaml }}
{{- $host := "example.org" }}
{{- $tenantRoot := list }}
{{- if .Capabilities.APIVersions.Has "helm.toolkit.fluxcd.io/v2beta2" }}
{{- $tenantRoot = lookup "helm.toolkit.fluxcd.io/v2beta2" "HelmRelease" "tenant-root" "tenant-root" }}
{{- if .Capabilities.APIVersions.Has "helm.toolkit.fluxcd.io/v2beta1" }}
{{- $tenantRoot = lookup "helm.toolkit.fluxcd.io/v2beta1" "HelmRelease" "tenant-root" "tenant-root" }}
{{- end }}
{{- if and $tenantRoot $tenantRoot.spec $tenantRoot.spec.values $tenantRoot.spec.values.host }}
{{- $host = $tenantRoot.spec.values.host }}
@@ -22,7 +19,7 @@ metadata:
namespace.cozystack.io/host: "{{ $host }}"
name: tenant-root
---
apiVersion: helm.toolkit.fluxcd.io/v2beta2
apiVersion: helm.toolkit.fluxcd.io/v2beta1
kind: HelmRelease
metadata:
name: tenant-root
@@ -48,9 +45,7 @@ spec:
values:
host: "{{ $host }}"
dependsOn:
{{- range $x := $bundle.releases }}
{{- if has $x.name (list "cilium" "kubeovn") }}
- name: {{ $x.name }}
namespace: {{ $x.namespace }}
{{- end }}
{{- end }}
- name: cilium
namespace: cozy-cilium
- name: kubeovn
namespace: cozy-kubeovn

772
packages/core/platform/templates/helmreleases.yaml
View File

@@ -1,27 +1,13 @@
{{- $cozyConfig := lookup "v1" "ConfigMap" "cozy-system" "cozystack" }}
{{- $bundleName := index $cozyConfig.data "bundle-name" }}
{{- $bundle := tpl (.Files.Get (printf "bundles/%s.yaml" $bundleName)) . | fromYaml }}
{{- $dependencyNamespaces := dict }}
{{- $disabledComponents := splitList "," ((index $cozyConfig.data "bundle-disable") | default "") }}
{{/* collect dependency namespaces from releases */}}
{{- range $x := $bundle.releases }}
{{- $_ := set $dependencyNamespaces $x.name $x.namespace }}
{{- end }}
{{- range $x := $bundle.releases }}
{{- if not (has $x.name $disabledComponents) }}
---
apiVersion: helm.toolkit.fluxcd.io/v2beta2
apiVersion: helm.toolkit.fluxcd.io/v2beta1
kind: HelmRelease
metadata:
name: {{ $x.name }}
namespace: {{ $x.namespace }}
name: cilium
namespace: cozy-cilium
labels:
cozystack.io/repository: system
spec:
interval: 1m
releaseName: {{ $x.releaseName | default $x.name }}
releaseName: cilium
install:
remediation:
retries: -1
@@ -30,31 +16,743 @@ spec:
retries: -1
chart:
spec:
chart: {{ $x.chart }}
chart: cozy-cilium
reconcileStrategy: Revision
sourceRef:
kind: HelmRepository
name: cozystack-system
namespace: cozy-system
---
apiVersion: helm.toolkit.fluxcd.io/v2beta1
kind: HelmRelease
metadata:
name: kubeovn
namespace: cozy-kubeovn
labels:
cozystack.io/repository: system
spec:
interval: 1m
releaseName: kubeovn
install:
remediation:
retries: -1
upgrade:
remediation:
retries: -1
chart:
spec:
chart: cozy-kubeovn
reconcileStrategy: Revision
sourceRef:
kind: HelmRepository
name: cozystack-system
namespace: cozy-system
{{- $values := dict }}
{{- with $x.values }}
{{- $values = merge . $values }}
{{- end }}
{{- with index $cozyConfig.data (printf "values-%s" $x.name) }}
{{- $values = merge (fromYaml .) $values }}
{{- end }}
{{- with $values }}
values:
{{- toYaml . | nindent 4}}
{{- end }}
{{- with $x.dependsOn }}
cozystack:
configHash: {{ index (lookup "v1" "ConfigMap" "cozy-system" "cozystack") "data" | toJson | sha256sum }}
nodesHash: {{ include "master.nodeIPs" . | sha256sum }}
dependsOn:
{{- range $dep := . }}
{{- if not (has $dep $disabledComponents) }}
- name: {{ $dep }}
namespace: {{ index $dependencyNamespaces $dep }}
- name: cilium
namespace: cozy-cilium
---
apiVersion: helm.toolkit.fluxcd.io/v2beta1
kind: HelmRelease
metadata:
name: cozy-fluxcd
namespace: cozy-fluxcd
labels:
cozystack.io/repository: system
spec:
interval: 1m
releaseName: fluxcd
install:
remediation:
retries: -1
upgrade:
remediation:
retries: -1
chart:
spec:
chart: cozy-fluxcd
reconcileStrategy: Revision
sourceRef:
kind: HelmRepository
name: cozystack-system
namespace: cozy-system
dependsOn:
- name: cilium
namespace: cozy-cilium
- name: kubeovn
namespace: cozy-kubeovn
---
apiVersion: helm.toolkit.fluxcd.io/v2beta1
kind: HelmRelease
metadata:
name: cert-manager
namespace: cozy-cert-manager
labels:
cozystack.io/repository: system
spec:
interval: 1m
releaseName: cert-manager
install:
remediation:
retries: -1
upgrade:
remediation:
retries: -1
chart:
spec:
chart: cozy-cert-manager
reconcileStrategy: Revision
sourceRef:
kind: HelmRepository
name: cozystack-system
namespace: cozy-system
dependsOn:
- name: cilium
namespace: cozy-cilium
- name: kubeovn
namespace: cozy-kubeovn
---
apiVersion: helm.toolkit.fluxcd.io/v2beta1
kind: HelmRelease
metadata:
name: cert-manager-issuers
namespace: cozy-cert-manager
labels:
cozystack.io/repository: system
spec:
interval: 1m
releaseName: cert-manager-issuers
install:
remediation:
retries: -1
upgrade:
remediation:
retries: -1
chart:
spec:
chart: cozy-cert-manager-issuers
reconcileStrategy: Revision
sourceRef:
kind: HelmRepository
name: cozystack-system
namespace: cozy-system
dependsOn:
- name: cilium
namespace: cozy-cilium
- name: kubeovn
namespace: cozy-kubeovn
- name: cert-manager
namespace: cozy-cert-manager
---
apiVersion: helm.toolkit.fluxcd.io/v2beta1
kind: HelmRelease
metadata:
name: victoria-metrics-operator
namespace: cozy-victoria-metrics-operator
labels:
cozystack.io/repository: system
spec:
interval: 1m
releaseName: victoria-metrics-operator
install:
remediation:
retries: -1
upgrade:
remediation:
retries: -1
chart:
spec:
chart: cozy-victoria-metrics-operator
reconcileStrategy: Revision
sourceRef:
kind: HelmRepository
name: cozystack-system
namespace: cozy-system
dependsOn:
- name: cilium
namespace: cozy-cilium
- name: kubeovn
namespace: cozy-kubeovn
- name: cert-manager
namespace: cozy-cert-manager
---
apiVersion: helm.toolkit.fluxcd.io/v2beta1
kind: HelmRelease
metadata:
name: monitoring
namespace: cozy-monitoring
labels:
cozystack.io/repository: system
spec:
interval: 1m
releaseName: monitoring
install:
remediation:
retries: -1
upgrade:
remediation:
retries: -1
chart:
spec:
chart: cozy-monitoring
reconcileStrategy: Revision
sourceRef:
kind: HelmRepository
name: cozystack-system
namespace: cozy-system
dependsOn:
- name: cilium
namespace: cozy-cilium
- name: kubeovn
namespace: cozy-kubeovn
- name: victoria-metrics-operator
namespace: cozy-victoria-metrics-operator
---
apiVersion: helm.toolkit.fluxcd.io/v2beta1
kind: HelmRelease
metadata:
name: kubevirt-operator
namespace: cozy-kubevirt
labels:
cozystack.io/repository: system
spec:
interval: 1m
releaseName: kubevirt-operator
install:
remediation:
retries: -1
upgrade:
remediation:
retries: -1
chart:
spec:
chart: cozy-kubevirt-operator
reconcileStrategy: Revision
sourceRef:
kind: HelmRepository
name: cozystack-system
namespace: cozy-system
dependsOn:
- name: cilium
namespace: cozy-cilium
- name: kubeovn
namespace: cozy-kubeovn
---
apiVersion: helm.toolkit.fluxcd.io/v2beta1
kind: HelmRelease
metadata:
name: kubevirt
namespace: cozy-kubevirt
labels:
cozystack.io/repository: system
spec:
interval: 1m
releaseName: kubevirt
install:
remediation:
retries: -1
upgrade:
remediation:
retries: -1
chart:
spec:
chart: cozy-kubevirt
reconcileStrategy: Revision
sourceRef:
kind: HelmRepository
name: cozystack-system
namespace: cozy-system
dependsOn:
- name: cilium
namespace: cozy-cilium
- name: kubeovn
namespace: cozy-kubeovn
- name: kubevirt-operator
namespace: cozy-kubevirt
---
apiVersion: helm.toolkit.fluxcd.io/v2beta1
kind: HelmRelease
metadata:
name: kubevirt-cdi-operator
namespace: cozy-kubevirt-cdi
labels:
cozystack.io/repository: system
spec:
interval: 1m
releaseName: kubevirt-cdi-operator
install:
remediation:
retries: -1
upgrade:
remediation:
retries: -1
chart:
spec:
chart: cozy-kubevirt-cdi-operator
reconcileStrategy: Revision
sourceRef:
kind: HelmRepository
name: cozystack-system
namespace: cozy-system
dependsOn:
- name: cilium
namespace: cozy-cilium
- name: kubeovn
namespace: cozy-kubeovn
---
apiVersion: helm.toolkit.fluxcd.io/v2beta1
kind: HelmRelease
metadata:
name: kubevirt-cdi
namespace: cozy-kubevirt-cdi
labels:
cozystack.io/repository: system
spec:
interval: 1m
releaseName: kubevirt-cdi
install:
remediation:
retries: -1
upgrade:
remediation:
retries: -1
chart:
spec:
chart: cozy-kubevirt-cdi
reconcileStrategy: Revision
sourceRef:
kind: HelmRepository
name: cozystack-system
namespace: cozy-system
dependsOn:
- name: cilium
namespace: cozy-cilium
- name: kubeovn
namespace: cozy-kubeovn
- name: kubevirt-cdi-operator
namespace: cozy-kubevirt-cdi
---
apiVersion: helm.toolkit.fluxcd.io/v2beta1
kind: HelmRelease
metadata:
name: metallb
namespace: cozy-metallb
labels:
cozystack.io/repository: system
spec:
interval: 1m
releaseName: metallb
install:
remediation:
retries: -1
upgrade:
remediation:
retries: -1
chart:
spec:
chart: cozy-metallb
reconcileStrategy: Revision
sourceRef:
kind: HelmRepository
name: cozystack-system
namespace: cozy-system
dependsOn:
- name: cilium
namespace: cozy-cilium
- name: kubeovn
namespace: cozy-kubeovn
---
apiVersion: helm.toolkit.fluxcd.io/v2beta1
kind: HelmRelease
metadata:
name: grafana-operator
namespace: cozy-grafana-operator
labels:
cozystack.io/repository: system
spec:
interval: 1m
releaseName: grafana-operator
install:
remediation:
retries: -1
upgrade:
remediation:
retries: -1
chart:
spec:
chart: cozy-grafana-operator
reconcileStrategy: Revision
sourceRef:
kind: HelmRepository
name: cozystack-system
namespace: cozy-system
dependsOn:
- name: cilium
namespace: cozy-cilium
- name: kubeovn
namespace: cozy-kubeovn
---
apiVersion: helm.toolkit.fluxcd.io/v2beta1
kind: HelmRelease
metadata:
name: mariadb-operator
namespace: cozy-mariadb-operator
labels:
cozystack.io/repository: system
spec:
interval: 1m
releaseName: mariadb-operator
install:
remediation:
retries: -1
upgrade:
remediation:
retries: -1
chart:
spec:
chart: cozy-mariadb-operator
reconcileStrategy: Revision
sourceRef:
kind: HelmRepository
name: cozystack-system
namespace: cozy-system
dependsOn:
- name: cilium
namespace: cozy-cilium
- name: kubeovn
namespace: cozy-kubeovn
- name: cert-manager
namespace: cozy-cert-manager
- name: victoria-metrics-operator
namespace: cozy-victoria-metrics-operator
---
apiVersion: helm.toolkit.fluxcd.io/v2beta1
kind: HelmRelease
metadata:
name: postgres-operator
namespace: cozy-postgres-operator
labels:
cozystack.io/repository: system
spec:
interval: 1m
releaseName: postgres-operator
install:
remediation:
retries: -1
upgrade:
remediation:
retries: -1
chart:
spec:
chart: cozy-postgres-operator
reconcileStrategy: Revision
sourceRef:
kind: HelmRepository
name: cozystack-system
namespace: cozy-system
dependsOn:
- name: cilium
namespace: cozy-cilium
- name: kubeovn
namespace: cozy-kubeovn
- name: cert-manager
namespace: cozy-cert-manager
---
apiVersion: helm.toolkit.fluxcd.io/v2beta1
kind: HelmRelease
metadata:
name: rabbitmq-operator
namespace: cozy-rabbitmq-operator
labels:
cozystack.io/repository: system
spec:
interval: 1m
releaseName: rabbitmq-operator
install:
remediation:
retries: -1
upgrade:
remediation:
retries: -1
chart:
spec:
chart: cozy-rabbitmq-operator
reconcileStrategy: Revision
sourceRef:
kind: HelmRepository
name: cozystack-system
namespace: cozy-system
dependsOn:
- name: cilium
namespace: cozy-cilium
- name: kubeovn
namespace: cozy-kubeovn
---
apiVersion: helm.toolkit.fluxcd.io/v2beta1
kind: HelmRelease
metadata:
name: redis-operator
namespace: cozy-redis-operator
labels:
cozystack.io/repository: system
spec:
interval: 1m
releaseName: redis-operator
install:
remediation:
retries: -1
upgrade:
remediation:
retries: -1
chart:
spec:
chart: cozy-redis-operator
reconcileStrategy: Revision
sourceRef:
kind: HelmRepository
name: cozystack-system
namespace: cozy-system
dependsOn:
- name: cilium
namespace: cozy-cilium
- name: kubeovn
namespace: cozy-kubeovn
---
apiVersion: helm.toolkit.fluxcd.io/v2beta1
kind: HelmRelease
metadata:
name: piraeus-operator
namespace: cozy-linstor
labels:
cozystack.io/repository: system
spec:
interval: 1m
releaseName: piraeus-operator
install:
remediation:
retries: -1
upgrade:
remediation:
retries: -1
chart:
spec:
chart: cozy-piraeus-operator
reconcileStrategy: Revision
sourceRef:
kind: HelmRepository
name: cozystack-system
namespace: cozy-system
dependsOn:
- name: cilium
namespace: cozy-cilium
- name: kubeovn
namespace: cozy-kubeovn
- name: cert-manager
namespace: cozy-cert-manager
---
apiVersion: helm.toolkit.fluxcd.io/v2beta1
kind: HelmRelease
metadata:
name: linstor
namespace: cozy-linstor
labels:
cozystack.io/repository: system
spec:
interval: 1m
releaseName: linstor
install:
remediation:
retries: -1
upgrade:
remediation:
retries: -1
chart:
spec:
chart: cozy-linstor
reconcileStrategy: Revision
sourceRef:
kind: HelmRepository
name: cozystack-system
namespace: cozy-system
dependsOn:
- name: cilium
namespace: cozy-cilium
- name: kubeovn
namespace: cozy-kubeovn
- name: piraeus-operator
namespace: cozy-linstor
- name: cert-manager
namespace: cozy-cert-manager
---
apiVersion: helm.toolkit.fluxcd.io/v2beta1
kind: HelmRelease
metadata:
name: telepresence
namespace: cozy-telepresence
labels:
cozystack.io/repository: system
spec:
interval: 1m
releaseName: traffic-manager
install:
remediation:
retries: -1
upgrade:
remediation:
retries: -1
chart:
spec:
chart: cozy-telepresence
reconcileStrategy: Revision
sourceRef:
kind: HelmRepository
name: cozystack-system
namespace: cozy-system
dependsOn:
- name: cilium
namespace: cozy-cilium
- name: kubeovn
namespace: cozy-kubeovn
---
apiVersion: helm.toolkit.fluxcd.io/v2beta1
kind: HelmRelease
metadata:
name: dashboard
namespace: cozy-dashboard
labels:
cozystack.io/repository: system
spec:
interval: 1m
releaseName: dashboard
install:
remediation:
retries: -1
upgrade:
remediation:
retries: -1
chart:
spec:
chart: cozy-dashboard
reconcileStrategy: Revision
sourceRef:
kind: HelmRepository
name: cozystack-system
namespace: cozy-system
dependsOn:
- name: cilium
namespace: cozy-cilium
- name: kubeovn
namespace: cozy-kubeovn
{{- if .Capabilities.APIVersions.Has "source.toolkit.fluxcd.io/v1beta2" }}
{{- with (lookup "source.toolkit.fluxcd.io/v1beta2" "HelmRepository" "cozy-public" "").items }}
values:
kubeapps:
redis:
master:
podAnnotations:
{{- range $index, $repo := . }}
{{- with (($repo.status).artifact).revision }}
repository.cozystack.io/{{ $repo.metadata.name }}: {{ quote . }}
{{- end }}
{{- end }}
{{- end }}
{{- end }}
{{- end }}
{{- end }}
{{- end }}
---
apiVersion: helm.toolkit.fluxcd.io/v2beta1
kind: HelmRelease
metadata:
name: kamaji
namespace: cozy-kamaji
labels:
cozystack.io/repository: system
spec:
interval: 1m
releaseName: kamaji
install:
remediation:
retries: -1
upgrade:
remediation:
retries: -1
chart:
spec:
chart: cozy-kamaji
reconcileStrategy: Revision
sourceRef:
kind: HelmRepository
name: cozystack-system
namespace: cozy-system
dependsOn:
- name: cilium
namespace: cozy-cilium
- name: kubeovn
namespace: cozy-kubeovn
- name: cert-manager
namespace: cozy-cert-manager
---
apiVersion: helm.toolkit.fluxcd.io/v2beta1
kind: HelmRelease
metadata:
name: capi-operator
namespace: cozy-cluster-api
labels:
cozystack.io/repository: system
spec:
interval: 1m
releaseName: capi-operator
install:
remediation:
retries: -1
upgrade:
remediation:
retries: -1
chart:
spec:
chart: cozy-capi-operator
reconcileStrategy: Revision
sourceRef:
kind: HelmRepository
name: cozystack-system
namespace: cozy-system
dependsOn:
- name: cilium
namespace: cozy-cilium
- name: kubeovn
namespace: cozy-kubeovn
- name: cert-manager
namespace: cozy-cert-manager
---
apiVersion: helm.toolkit.fluxcd.io/v2beta1
kind: HelmRelease
metadata:
name: capi-providers
namespace: cozy-cluster-api
labels:
cozystack.io/repository: system
spec:
interval: 1m
releaseName: capi-providers
install:
remediation:
retries: -1
upgrade:
remediation:
retries: -1
chart:
spec:
chart: cozy-capi-providers
reconcileStrategy: Revision
sourceRef:
kind: HelmRepository
name: cozystack-system
namespace: cozy-system
dependsOn:
- name: capi-operator
namespace: cozy-cluster-api
- name: cilium
namespace: cozy-cilium
- name: kubeovn
namespace: cozy-kubeovn

24
packages/core/platform/templates/namespaces.yaml
View File

@@ -1,31 +1,13 @@
{{- $cozyConfig := lookup "v1" "ConfigMap" "cozy-system" "cozystack" }}
{{- $bundleName := index $cozyConfig.data "bundle-name" }}
{{- $bundle := tpl (.Files.Get (printf "bundles/%s.yaml" $bundleName)) . | fromYaml }}
{{- $namespaces := dict }}
{{/* collect namespaces from releases */}}
{{- range $x := $bundle.releases }}
{{- if not (hasKey $namespaces $x.namespace) }}
{{- $_ := set $namespaces $x.namespace false }}
{{- end }}
{{/* if at least one release requires a privileged namespace, then it should be privileged */}}
{{- if or $x.privileged (index $namespaces $x.namespace) }}
{{- $_ := set $namespaces $x.namespace true }}
{{- end }}
{{- end }}
{{- $_ := set $namespaces "cozy-fluxcd" false }}
{{- range $namespace, $privileged := $namespaces }}
{{- range $ns := .Values.namespaces }}
---
apiVersion: v1
kind: Namespace
metadata:
annotations:
"helm.sh/resource-policy": keep
{{- if $privileged }}
{{- if $ns.privileged }}
labels:
pod-security.kubernetes.io/enforce: privileged
{{- end }}
name: {{ $namespace }}
name: {{ $ns.name }}
{{- end }}

30
packages/core/platform/values.yaml Normal file
View File

@@ -0,0 +1,30 @@
namespaces:
- name: cozy-public
- name: cozy-system
privileged: true
- name: cozy-cert-manager
- name: cozy-cilium
privileged: true
- name: cozy-fluxcd
- name: cozy-grafana-operator
- name: cozy-kamaji
- name: cozy-cluster-api
privileged: true # for capk only
- name: cozy-dashboard
- name: cozy-kubeovn
privileged: true
- name: cozy-kubevirt
privileged: true
- name: cozy-kubevirt-cdi
- name: cozy-linstor
privileged: true
- name: cozy-mariadb-operator
- name: cozy-metallb
privileged: true
- name: cozy-monitoring
privileged: true
- name: cozy-postgres-operator
- name: cozy-rabbitmq-operator
- name: cozy-redis-operator
- name: cozy-telepresence
- name: cozy-victoria-metrics-operator

6
packages/system/cilium/Makefile
View File

@@ -2,13 +2,13 @@ NAMESPACE=cozy-cilium
NAME=cilium
show:
kubectl get hr -n cozy-cilium cilium -o jsonpath='{.spec.values}' | helm template --dry-run=server -n $(NAMESPACE) $(NAME) . -f -
helm template --dry-run=server -n $(NAMESPACE) $(NAME) .
apply:
kubectl get hr -n cozy-cilium cilium -o jsonpath='{.spec.values}' | helm upgrade -i -n $(NAMESPACE) $(NAME) . -f -
helm upgrade -i -n $(NAMESPACE) $(NAME) .
diff:
kubectl get hr -n cozy-cilium cilium -o jsonpath='{.spec.values}' | helm diff upgrade --allow-unreleased --normalize-manifests -n $(NAMESPACE) $(NAME) . -f -
helm diff upgrade --allow-unreleased --normalize-manifests -n $(NAMESPACE) $(NAME) .
update:
rm -rf charts

2
packages/system/dashboard/Makefile
View File

@@ -3,7 +3,7 @@ NAMESPACE=cozy-dashboard
PUSH := 1
LOAD := 0
REPOSITORY := ghcr.io/aenix-io/cozystack
TAG := v0.2.0
TAG := v0.1.0
show:
helm template --dry-run=server -n $(NAMESPACE) $(NAME) .

2
packages/system/dashboard/charts/kubeapps/.helmignore
View File

@@ -22,5 +22,3 @@
.project
.idea/
*.tmproj
# img folder
img/

10
packages/system/dashboard/charts/kubeapps/Chart.lock
View File

@@ -1,12 +1,12 @@
dependencies:
- name: redis
repository: oci://registry-1.docker.io/bitnamicharts
version: 18.19.2
version: 18.4.0
- name: postgresql
repository: oci://registry-1.docker.io/bitnamicharts
version: 13.4.6
version: 13.2.14
- name: common
repository: oci://registry-1.docker.io/bitnamicharts
version: 2.19.0
digest: sha256:b4965a22517e61212e78abb8d1cbe86e800c8664b3139e2047f4bd62b3e55b24
generated: "2024-03-13T11:51:34.216594+01:00"
version: 2.13.3
digest: sha256:7bede05a463745ea72d332aaaf406d84e335d8af09dce403736f4e4e14c3554d
generated: "2023-11-21T18:18:20.024990735Z"

20
packages/system/dashboard/charts/kubeapps/Chart.yaml
View File

@@ -2,21 +2,21 @@ annotations:
category: Infrastructure
images: |
- name: kubeapps-apis
image: docker.io/bitnami/kubeapps-apis:2.9.0-debian-12-r19
image: docker.io/bitnami/kubeapps-apis:2.9.0-debian-11-r13
- name: kubeapps-apprepository-controller
image: docker.io/bitnami/kubeapps-apprepository-controller:2.9.0-debian-12-r18
image: docker.io/bitnami/kubeapps-apprepository-controller:2.9.0-debian-11-r12
- name: kubeapps-asset-syncer
image: docker.io/bitnami/kubeapps-asset-syncer:2.9.0-debian-12-r19
- name: kubeapps-dashboard
image: docker.io/bitnami/kubeapps-dashboard:2.9.0-debian-12-r18
image: docker.io/bitnami/kubeapps-asset-syncer:2.9.0-debian-11-r13
- name: kubeapps-oci-catalog
image: docker.io/bitnami/kubeapps-oci-catalog:2.9.0-debian-12-r17
image: docker.io/bitnami/kubeapps-oci-catalog:2.9.0-debian-11-r6
- name: kubeapps-pinniped-proxy
image: docker.io/bitnami/kubeapps-pinniped-proxy:2.9.0-debian-12-r17
image: docker.io/bitnami/kubeapps-pinniped-proxy:2.9.0-debian-11-r10
- name: kubeapps-dashboard
image: docker.io/bitnami/kubeapps-dashboard:2.9.0-debian-11-r16
- name: nginx
image: docker.io/bitnami/nginx:1.25.4-debian-12-r3
image: docker.io/bitnami/nginx:1.25.3-debian-11-r1
- name: oauth2-proxy
image: docker.io/bitnami/oauth2-proxy:7.6.0-debian-12-r4
image: docker.io/bitnami/oauth2-proxy:7.5.1-debian-11-r11
licenses: Apache-2.0
apiVersion: v2
appVersion: 2.9.0
@@ -51,4 +51,4 @@ maintainers:
name: kubeapps
sources:
- https://github.com/bitnami/charts/tree/main/bitnami/kubeapps
version: 14.7.2
version: 14.1.2

993
packages/system/dashboard/charts/kubeapps/README.md
View File

File diff suppressed because it is too large Load Diff

2
packages/system/dashboard/charts/kubeapps/charts/common/.helmignore
View File

@@ -20,5 +20,3 @@
.idea/
*.tmproj
.vscode/
# img folder
img/

4
packages/system/dashboard/charts/kubeapps/charts/common/Chart.yaml
View File

@@ -2,7 +2,7 @@ annotations:
category: Infrastructure
licenses: Apache-2.0
apiVersion: v2
appVersion: 2.19.0
appVersion: 2.13.3
description: A Library Helm Chart for grouping common logic between bitnami charts.
This chart is not deployable by itself.
home: https://bitnami.com
@@ -20,4 +20,4 @@ name: common
sources:
- https://github.com/bitnami/charts
type: library
version: 2.19.0
version: 2.13.3

6
packages/system/dashboard/charts/kubeapps/charts/common/README.md
View File

@@ -24,14 +24,14 @@ data:
myvalue: "Hello World"
```
Looking to use our applications in production? Try [VMware Tanzu Application Catalog](https://bitnami.com/enterprise), the enterprise edition of Bitnami Application Catalog.
## Introduction
This chart provides a common template helpers which can be used to develop new charts using [Helm](https://helm.sh) package manager.
Bitnami charts can be used with [Kubeapps](https://kubeapps.dev/) for deployment and management of Helm Charts in clusters.
Looking to use our applications in production? Try [VMware Application Catalog](https://bitnami.com/enterprise), the enterprise edition of Bitnami Application Catalog.
## Prerequisites
- Kubernetes 1.23+
@@ -220,7 +220,7 @@ helm install test mychart --set path.to.value00="",path.to.value01=""
## License
Copyright © 2024 Broadcom. The term "Broadcom" refers to Broadcom Inc. and/or its subsidiaries.
Copyright © 2023 VMware, Inc.
Licensed under the Apache License, Version 2.0 (the "License");
you may not use this file except in compliance with the License.

39
packages/system/dashboard/charts/kubeapps/charts/common/templates/_compatibility.tpl
View File

@@ -1,39 +0,0 @@
{{/*
Copyright VMware, Inc.
SPDX-License-Identifier: APACHE-2.0
*/}}
{{/* vim: set filetype=mustache: */}}
{{/*
Return true if the detected platform is Openshift
Usage:
{{- include "common.compatibility.isOpenshift" . -}}
*/}}
{{- define "common.compatibility.isOpenshift" -}}
{{- if .Capabilities.APIVersions.Has "security.openshift.io/v1" -}}
{{- true -}}
{{- end -}}
{{- end -}}
{{/*
Render a compatible securityContext depending on the platform. By default it is maintained as it is. In other platforms like Openshift we remove default user/group values that do not work out of the box with the restricted-v1 SCC
Usage:
{{- include "common.compatibility.renderSecurityContext" (dict "secContext" .Values.containerSecurityContext "context" $) -}}
*/}}
{{- define "common.compatibility.renderSecurityContext" -}}
{{- $adaptedContext := .secContext -}}
{{- if .context.Values.global.compatibility -}}
{{- if .context.Values.global.compatibility.openshift -}}
{{- if or (eq .context.Values.global.compatibility.openshift.adaptSecurityContext "force") (and (eq .context.Values.global.compatibility.openshift.adaptSecurityContext "auto") (include "common.compatibility.isOpenshift" .context)) -}}
{{/* Remove incompatible user/group values that do not work in Openshift out of the box */}}
{{- $adaptedContext = omit $adaptedContext "fsGroup" "runAsUser" "runAsGroup" -}}
{{- if not .secContext.seLinuxOptions -}}
{{/* If it is an empty object, we remove it from the resulting context because it causes validation issues */}}
{{- $adaptedContext = omit $adaptedContext "seLinuxOptions" -}}
{{- end -}}
{{- end -}}
{{- end -}}
{{- end -}}
{{- omit $adaptedContext "enabled" | toYaml -}}
{{- end -}}

50
packages/system/dashboard/charts/kubeapps/charts/common/templates/_resources.tpl
View File

@@ -1,50 +0,0 @@
{{/*
Copyright VMware, Inc.
SPDX-License-Identifier: APACHE-2.0
*/}}
{{/* vim: set filetype=mustache: */}}
{{/*
Return a resource request/limit object based on a given preset.
These presets are for basic testing and not meant to be used in production
{{ include "common.resources.preset" (dict "type" "nano") -}}
*/}}
{{- define "common.resources.preset" -}}
{{/* The limits are the requests increased by 50% (except ephemeral-storage)*/}}
{{- $presets := dict
"nano" (dict
"requests" (dict "cpu" "100m" "memory" "128Mi" "ephemeral-storage" "50Mi")
"limits" (dict "cpu" "150m" "memory" "192Mi" "ephemeral-storage" "1024Mi")
)
"micro" (dict
"requests" (dict "cpu" "250m" "memory" "256Mi" "ephemeral-storage" "50Mi")
"limits" (dict "cpu" "375m" "memory" "384Mi" "ephemeral-storage" "1024Mi")
)
"small" (dict
"requests" (dict "cpu" "500m" "memory" "512Mi" "ephemeral-storage" "50Mi")
"limits" (dict "cpu" "750m" "memory" "768Mi" "ephemeral-storage" "1024Mi")
)
"medium" (dict
"requests" (dict "cpu" "500m" "memory" "1024Mi" "ephemeral-storage" "50Mi")
"limits" (dict "cpu" "750m" "memory" "1536Mi" "ephemeral-storage" "1024Mi")
)
"large" (dict
"requests" (dict "cpu" "1.0" "memory" "2048Mi" "ephemeral-storage" "50Mi")
"limits" (dict "cpu" "1.5" "memory" "3072Mi" "ephemeral-storage" "1024Mi")
)
"xlarge" (dict
"requests" (dict "cpu" "2.0" "memory" "4096Mi" "ephemeral-storage" "50Mi")
"limits" (dict "cpu" "3.0" "memory" "6144Mi" "ephemeral-storage" "1024Mi")
)
"2xlarge" (dict
"requests" (dict "cpu" "4.0" "memory" "8192Mi" "ephemeral-storage" "50Mi")
"limits" (dict "cpu" "6.0" "memory" "12288Mi" "ephemeral-storage" "1024Mi")
)
}}
{{- if hasKey $presets .type -}}
{{- index $presets .type | toYaml -}}
{{- else -}}
{{- printf "ERROR: Preset key '%s' invalid. Allowed values are %s" .type (join "," (keys $presets)) | fail -}}
{{- end -}}
{{- end -}}

22
packages/system/dashboard/charts/kubeapps/charts/common/templates/_secrets.tpl
View File

@@ -78,8 +78,6 @@ Params:
- chartName - String - Optional - Name of the chart used when said chart is deployed as a subchart.
- context - Context - Required - Parent context.
- failOnNew - Boolean - Optional - Default to true. If set to false, skip errors adding new keys to existing secrets.
- skipB64enc - Boolean - Optional - Default to false. If set to true, no the secret will not be base64 encrypted.
- skipQuote - Boolean - Optional - Default to false. If set to true, no quotes will be added around the secret.
The order in which this function returns a secret password:
1. Already existing 'Secret' resource
(If a 'Secret' resource is found under the name provided to the 'secret' parameter to this function and that 'Secret' resource contains a key with the name passed as the 'key' parameter to this function then the value of this existing secret password will be returned)
@@ -93,6 +91,7 @@ The order in which this function returns a secret password:
{{- $password := "" }}
{{- $subchart := "" }}
{{- $failOnNew := default true .failOnNew }}
{{- $chartName := default "" .chartName }}
{{- $passwordLength := default 10 .length }}
{{- $providedPasswordKey := include "common.utils.getKeyFromList" (dict "keys" .providedValues "context" $.context) }}
@@ -100,14 +99,12 @@ The order in which this function returns a secret password:
{{- $secretData := (lookup "v1" "Secret" (include "common.names.namespace" .context) .secret).data }}
{{- if $secretData }}
{{- if hasKey $secretData .key }}
{{- $password = index $secretData .key | b64dec }}
{{- else if not (eq .failOnNew false) }}
{{- $password = index $secretData .key | quote }}
{{- else if $failOnNew }}
{{- printf "\nPASSWORDS ERROR: The secret \"%s\" does not contain the key \"%s\"\n" .secret .key | fail -}}
{{- else if $providedPasswordValue }}
{{- $password = $providedPasswordValue | toString }}
{{- end -}}
{{- else if $providedPasswordValue }}
{{- $password = $providedPasswordValue | toString }}
{{- $password = $providedPasswordValue | toString | b64enc | quote }}
{{- else }}
{{- if .context.Values.enabled }}
@@ -123,19 +120,12 @@ The order in which this function returns a secret password:
{{- $subStr := list (lower (randAlpha 1)) (randNumeric 1) (upper (randAlpha 1)) | join "_" }}
{{- $password = randAscii $passwordLength }}
{{- $password = regexReplaceAllLiteral "\\W" $password "@" | substr 5 $passwordLength }}
{{- $password = printf "%s%s" $subStr $password | toString | shuffle }}
{{- $password = printf "%s%s" $subStr $password | toString | shuffle | b64enc | quote }}
{{- else }}
{{- $password = randAlphaNum $passwordLength }}
{{- $password = randAlphaNum $passwordLength | b64enc | quote }}
{{- end }}
{{- end -}}
{{- if not .skipB64enc }}
{{- $password = $password | b64enc }}
{{- end -}}
{{- if .skipQuote -}}
{{- printf "%s" $password -}}
{{- else -}}
{{- printf "%s" $password | quote -}}
{{- end -}}
{{- end -}}
{{/*

65
packages/system/dashboard/charts/kubeapps/charts/common/templates/_warnings.tpl
View File

@@ -13,70 +13,7 @@ Usage:
{{- if and (contains "bitnami/" .repository) (not (.tag | toString | regexFind "-r\\d+$|sha256:")) }}
WARNING: Rolling tag detected ({{ .repository }}:{{ .tag }}), please note that it is strongly recommended to avoid using rolling tags in a production environment.
+info https://docs.bitnami.com/tutorials/understand-rolling-tags-containers
+info https://docs.bitnami.com/containers/how-to/understand-rolling-tags-containers/
{{- end }}
{{- end -}}
{{/*
Warning about not setting the resource object in all deployments.
Usage:
{{ include "common.warnings.resources" (dict "sections" (list "path1" "path2") context $) }}
Example:
{{- include "common.warnings.resources" (dict "sections" (list "csiProvider.provider" "server" "volumePermissions" "") "context" $) }}
The list in the example assumes that the following values exist:
- csiProvider.provider.resources
- server.resources
- volumePermissions.resources
- resources
*/}}
{{- define "common.warnings.resources" -}}
{{- $values := .context.Values -}}
{{- $printMessage := false -}}
{{ $affectedSections := list -}}
{{- range .sections -}}
{{- if eq . "" -}}
{{/* Case where the resources section is at the root (one main deployment in the chart) */}}
{{- if not (index $values "resources") -}}
{{- $affectedSections = append $affectedSections "resources" -}}
{{- $printMessage = true -}}
{{- end -}}
{{- else -}}
{{/* Case where the are multiple resources sections (more than one main deployment in the chart) */}}
{{- $keys := split "." . -}}
{{/* We iterate through the different levels until arriving to the resource section. Example: a.b.c.resources */}}
{{- $section := $values -}}
{{- range $keys -}}
{{- $section = index $section . -}}
{{- end -}}
{{- if not (index $section "resources") -}}
{{/* If the section has enabled=false or replicaCount=0, do not include it */}}
{{- if and (hasKey $section "enabled") -}}
{{- if index $section "enabled" -}}
{{/* enabled=true */}}
{{- $affectedSections = append $affectedSections (printf "%s.resources" .) -}}
{{- $printMessage = true -}}
{{- end -}}
{{- else if and (hasKey $section "replicaCount") -}}
{{/* We need a casting to int because number 0 is not treated as an int by default */}}
{{- if (gt (index $section "replicaCount" | int) 0) -}}
{{/* replicaCount > 0 */}}
{{- $affectedSections = append $affectedSections (printf "%s.resources" .) -}}
{{- $printMessage = true -}}
{{- end -}}
{{- else -}}
{{/* Default case, add it to the affected sections */}}
{{- $affectedSections = append $affectedSections (printf "%s.resources" .) -}}
{{- $printMessage = true -}}
{{- end -}}
{{- end -}}
{{- end -}}
{{- end -}}
{{- if $printMessage }}
WARNING: There are "resources" sections in the chart not set. Using "resourcesPreset" is not recommended for production. For production installations, please set the following values according to your workload needs:
{{- range $affectedSections }}
- {{ . }}
{{- end }}
+info https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/
{{- end -}}
{{- end -}}

2
packages/system/dashboard/charts/kubeapps/charts/redis/.helmignore
View File

@@ -19,5 +19,3 @@
.project
.idea/
*.tmproj
# img folder
img/

6
packages/system/dashboard/charts/kubeapps/charts/redis/Chart.lock
View File

@@ -1,6 +1,6 @@
dependencies:
- name: common
repository: oci://registry-1.docker.io/bitnamicharts
version: 2.19.0
digest: sha256:ac559eb57710d8904e266424ee364cd686d7e24517871f0c5c67f7c4500c2bcc
generated: "2024-03-08T15:56:40.04210215Z"
version: 2.13.3
digest: sha256:9a971689db0c66ea95ac2e911c05014c2b96c6077c991131ff84f2982f88fb83
generated: "2023-10-19T12:32:36.790999138Z"

16
packages/system/dashboard/charts/kubeapps/charts/redis/Chart.yaml
View File

@@ -1,19 +1,17 @@
annotations:
category: Database
images: |
- name: kubectl
image: docker.io/bitnami/kubectl:1.29.2-debian-12-r3
- name: os-shell
image: docker.io/bitnami/os-shell:12-debian-12-r16
- name: redis
image: docker.io/bitnami/redis:7.2.4-debian-12-r9
image: docker.io/bitnami/os-shell:11-debian-11-r91
- name: redis-exporter
image: docker.io/bitnami/redis-exporter:1.58.0-debian-12-r4
image: docker.io/bitnami/redis-exporter:1.55.0-debian-11-r2
- name: redis-sentinel
image: docker.io/bitnami/redis-sentinel:7.2.4-debian-12-r7
image: docker.io/bitnami/redis-sentinel:7.2.3-debian-11-r1
- name: redis
image: docker.io/bitnami/redis:7.2.3-debian-11-r1
licenses: Apache-2.0
apiVersion: v2
appVersion: 7.2.4
appVersion: 7.2.3
dependencies:
- name: common
repository: oci://registry-1.docker.io/bitnamicharts
@@ -35,4 +33,4 @@ maintainers:
name: redis
sources:
- https://github.com/bitnami/charts/tree/main/bitnami/redis
version: 18.19.2
version: 18.4.0

1104
packages/system/dashboard/charts/kubeapps/charts/redis/README.md
View File

File diff suppressed because it is too large Load Diff

2
packages/system/dashboard/charts/kubeapps/charts/redis/charts/common/.helmignore
View File

@@ -20,5 +20,3 @@
.idea/
*.tmproj
.vscode/
# img folder
img/

4
packages/system/dashboard/charts/kubeapps/charts/redis/charts/common/Chart.yaml
View File

@@ -2,7 +2,7 @@ annotations:
category: Infrastructure
licenses: Apache-2.0
apiVersion: v2
appVersion: 2.19.0
appVersion: 2.13.3
description: A Library Helm Chart for grouping common logic between bitnami charts.
This chart is not deployable by itself.
home: https://bitnami.com
@@ -20,4 +20,4 @@ name: common
sources:
- https://github.com/bitnami/charts
type: library
version: 2.19.0
version: 2.13.3

6
packages/system/dashboard/charts/kubeapps/charts/redis/charts/common/README.md
View File

@@ -24,14 +24,14 @@ data:
myvalue: "Hello World"
```
Looking to use our applications in production? Try [VMware Tanzu Application Catalog](https://bitnami.com/enterprise), the enterprise edition of Bitnami Application Catalog.
## Introduction
This chart provides a common template helpers which can be used to develop new charts using [Helm](https://helm.sh) package manager.
Bitnami charts can be used with [Kubeapps](https://kubeapps.dev/) for deployment and management of Helm Charts in clusters.
Looking to use our applications in production? Try [VMware Application Catalog](https://bitnami.com/enterprise), the enterprise edition of Bitnami Application Catalog.
## Prerequisites
- Kubernetes 1.23+
@@ -220,7 +220,7 @@ helm install test mychart --set path.to.value00="",path.to.value01=""
## License
Copyright © 2024 Broadcom. The term "Broadcom" refers to Broadcom Inc. and/or its subsidiaries.
Copyright © 2023 VMware, Inc.
Licensed under the Apache License, Version 2.0 (the "License");
you may not use this file except in compliance with the License.

39
packages/system/dashboard/charts/kubeapps/charts/redis/charts/common/templates/_compatibility.tpl
View File

@@ -1,39 +0,0 @@
{{/*
Copyright VMware, Inc.
SPDX-License-Identifier: APACHE-2.0
*/}}
{{/* vim: set filetype=mustache: */}}
{{/*
Return true if the detected platform is Openshift
Usage:
{{- include "common.compatibility.isOpenshift" . -}}
*/}}
{{- define "common.compatibility.isOpenshift" -}}
{{- if .Capabilities.APIVersions.Has "security.openshift.io/v1" -}}
{{- true -}}
{{- end -}}
{{- end -}}
{{/*
Render a compatible securityContext depending on the platform. By default it is maintained as it is. In other platforms like Openshift we remove default user/group values that do not work out of the box with the restricted-v1 SCC
Usage:
{{- include "common.compatibility.renderSecurityContext" (dict "secContext" .Values.containerSecurityContext "context" $) -}}
*/}}
{{- define "common.compatibility.renderSecurityContext" -}}
{{- $adaptedContext := .secContext -}}
{{- if .context.Values.global.compatibility -}}
{{- if .context.Values.global.compatibility.openshift -}}
{{- if or (eq .context.Values.global.compatibility.openshift.adaptSecurityContext "force") (and (eq .context.Values.global.compatibility.openshift.adaptSecurityContext "auto") (include "common.compatibility.isOpenshift" .context)) -}}
{{/* Remove incompatible user/group values that do not work in Openshift out of the box */}}
{{- $adaptedContext = omit $adaptedContext "fsGroup" "runAsUser" "runAsGroup" -}}
{{- if not .secContext.seLinuxOptions -}}
{{/* If it is an empty object, we remove it from the resulting context because it causes validation issues */}}
{{- $adaptedContext = omit $adaptedContext "seLinuxOptions" -}}
{{- end -}}
{{- end -}}
{{- end -}}
{{- end -}}
{{- omit $adaptedContext "enabled" | toYaml -}}
{{- end -}}

50
packages/system/dashboard/charts/kubeapps/charts/redis/charts/common/templates/_resources.tpl
View File

@@ -1,50 +0,0 @@
{{/*
Copyright VMware, Inc.
SPDX-License-Identifier: APACHE-2.0
*/}}
{{/* vim: set filetype=mustache: */}}
{{/*
Return a resource request/limit object based on a given preset.
These presets are for basic testing and not meant to be used in production
{{ include "common.resources.preset" (dict "type" "nano") -}}
*/}}
{{- define "common.resources.preset" -}}
{{/* The limits are the requests increased by 50% (except ephemeral-storage)*/}}
{{- $presets := dict
"nano" (dict
"requests" (dict "cpu" "100m" "memory" "128Mi" "ephemeral-storage" "50Mi")
"limits" (dict "cpu" "150m" "memory" "192Mi" "ephemeral-storage" "1024Mi")
)
"micro" (dict
"requests" (dict "cpu" "250m" "memory" "256Mi" "ephemeral-storage" "50Mi")
"limits" (dict "cpu" "375m" "memory" "384Mi" "ephemeral-storage" "1024Mi")
)
"small" (dict
"requests" (dict "cpu" "500m" "memory" "512Mi" "ephemeral-storage" "50Mi")
"limits" (dict "cpu" "750m" "memory" "768Mi" "ephemeral-storage" "1024Mi")
)
"medium" (dict
"requests" (dict "cpu" "500m" "memory" "1024Mi" "ephemeral-storage" "50Mi")
"limits" (dict "cpu" "750m" "memory" "1536Mi" "ephemeral-storage" "1024Mi")
)
"large" (dict
"requests" (dict "cpu" "1.0" "memory" "2048Mi" "ephemeral-storage" "50Mi")
"limits" (dict "cpu" "1.5" "memory" "3072Mi" "ephemeral-storage" "1024Mi")
)
"xlarge" (dict
"requests" (dict "cpu" "2.0" "memory" "4096Mi" "ephemeral-storage" "50Mi")
"limits" (dict "cpu" "3.0" "memory" "6144Mi" "ephemeral-storage" "1024Mi")
)
"2xlarge" (dict
"requests" (dict "cpu" "4.0" "memory" "8192Mi" "ephemeral-storage" "50Mi")
"limits" (dict "cpu" "6.0" "memory" "12288Mi" "ephemeral-storage" "1024Mi")
)
}}
{{- if hasKey $presets .type -}}
{{- index $presets .type | toYaml -}}
{{- else -}}
{{- printf "ERROR: Preset key '%s' invalid. Allowed values are %s" .type (join "," (keys $presets)) | fail -}}
{{- end -}}
{{- end -}}

22
packages/system/dashboard/charts/kubeapps/charts/redis/charts/common/templates/_secrets.tpl
View File

@@ -78,8 +78,6 @@ Params:
- chartName - String - Optional - Name of the chart used when said chart is deployed as a subchart.
- context - Context - Required - Parent context.
- failOnNew - Boolean - Optional - Default to true. If set to false, skip errors adding new keys to existing secrets.
- skipB64enc - Boolean - Optional - Default to false. If set to true, no the secret will not be base64 encrypted.
- skipQuote - Boolean - Optional - Default to false. If set to true, no quotes will be added around the secret.
The order in which this function returns a secret password:
1. Already existing 'Secret' resource
(If a 'Secret' resource is found under the name provided to the 'secret' parameter to this function and that 'Secret' resource contains a key with the name passed as the 'key' parameter to this function then the value of this existing secret password will be returned)
@@ -93,6 +91,7 @@ The order in which this function returns a secret password:
{{- $password := "" }}
{{- $subchart := "" }}
{{- $failOnNew := default true .failOnNew }}
{{- $chartName := default "" .chartName }}
{{- $passwordLength := default 10 .length }}
{{- $providedPasswordKey := include "common.utils.getKeyFromList" (dict "keys" .providedValues "context" $.context) }}
@@ -100,14 +99,12 @@ The order in which this function returns a secret password:
{{- $secretData := (lookup "v1" "Secret" (include "common.names.namespace" .context) .secret).data }}
{{- if $secretData }}
{{- if hasKey $secretData .key }}
{{- $password = index $secretData .key | b64dec }}
{{- else if not (eq .failOnNew false) }}
{{- $password = index $secretData .key | quote }}
{{- else if $failOnNew }}
{{- printf "\nPASSWORDS ERROR: The secret \"%s\" does not contain the key \"%s\"\n" .secret .key | fail -}}
{{- else if $providedPasswordValue }}
{{- $password = $providedPasswordValue | toString }}
{{- end -}}
{{- else if $providedPasswordValue }}
{{- $password = $providedPasswordValue | toString }}
{{- $password = $providedPasswordValue | toString | b64enc | quote }}
{{- else }}
{{- if .context.Values.enabled }}
@@ -123,19 +120,12 @@ The order in which this function returns a secret password:
{{- $subStr := list (lower (randAlpha 1)) (randNumeric 1) (upper (randAlpha 1)) | join "_" }}
{{- $password = randAscii $passwordLength }}
{{- $password = regexReplaceAllLiteral "\\W" $password "@" | substr 5 $passwordLength }}
{{- $password = printf "%s%s" $subStr $password | toString | shuffle }}
{{- $password = printf "%s%s" $subStr $password | toString | shuffle | b64enc | quote }}
{{- else }}
{{- $password = randAlphaNum $passwordLength }}
{{- $password = randAlphaNum $passwordLength | b64enc | quote }}
{{- end }}
{{- end -}}
{{- if not .skipB64enc }}
{{- $password = $password | b64enc }}
{{- end -}}
{{- if .skipQuote -}}
{{- printf "%s" $password -}}
{{- else -}}
{{- printf "%s" $password | quote -}}
{{- end -}}
{{- end -}}
{{/*

65
packages/system/dashboard/charts/kubeapps/charts/redis/charts/common/templates/_warnings.tpl
View File

@@ -13,70 +13,7 @@ Usage:
{{- if and (contains "bitnami/" .repository) (not (.tag | toString | regexFind "-r\\d+$|sha256:")) }}
WARNING: Rolling tag detected ({{ .repository }}:{{ .tag }}), please note that it is strongly recommended to avoid using rolling tags in a production environment.
+info https://docs.bitnami.com/tutorials/understand-rolling-tags-containers
+info https://docs.bitnami.com/containers/how-to/understand-rolling-tags-containers/
{{- end }}
{{- end -}}
{{/*
Warning about not setting the resource object in all deployments.
Usage:
{{ include "common.warnings.resources" (dict "sections" (list "path1" "path2") context $) }}
Example:
{{- include "common.warnings.resources" (dict "sections" (list "csiProvider.provider" "server" "volumePermissions" "") "context" $) }}
The list in the example assumes that the following values exist:
- csiProvider.provider.resources
- server.resources
- volumePermissions.resources
- resources
*/}}
{{- define "common.warnings.resources" -}}
{{- $values := .context.Values -}}
{{- $printMessage := false -}}
{{ $affectedSections := list -}}
{{- range .sections -}}
{{- if eq . "" -}}
{{/* Case where the resources section is at the root (one main deployment in the chart) */}}
{{- if not (index $values "resources") -}}
{{- $affectedSections = append $affectedSections "resources" -}}
{{- $printMessage = true -}}
{{- end -}}
{{- else -}}
{{/* Case where the are multiple resources sections (more than one main deployment in the chart) */}}
{{- $keys := split "." . -}}
{{/* We iterate through the different levels until arriving to the resource section. Example: a.b.c.resources */}}
{{- $section := $values -}}
{{- range $keys -}}
{{- $section = index $section . -}}
{{- end -}}
{{- if not (index $section "resources") -}}
{{/* If the section has enabled=false or replicaCount=0, do not include it */}}
{{- if and (hasKey $section "enabled") -}}
{{- if index $section "enabled" -}}
{{/* enabled=true */}}
{{- $affectedSections = append $affectedSections (printf "%s.resources" .) -}}
{{- $printMessage = true -}}
{{- end -}}
{{- else if and (hasKey $section "replicaCount") -}}
{{/* We need a casting to int because number 0 is not treated as an int by default */}}
{{- if (gt (index $section "replicaCount" | int) 0) -}}
{{/* replicaCount > 0 */}}
{{- $affectedSections = append $affectedSections (printf "%s.resources" .) -}}
{{- $printMessage = true -}}
{{- end -}}
{{- else -}}
{{/* Default case, add it to the affected sections */}}
{{- $affectedSections = append $affectedSections (printf "%s.resources" .) -}}
{{- $printMessage = true -}}
{{- end -}}
{{- end -}}
{{- end -}}
{{- end -}}
{{- if $printMessage }}
WARNING: There are "resources" sections in the chart not set. Using "resourcesPreset" is not recommended for production. For production installations, please set the following values according to your workload needs:
{{- range $affectedSections }}
- {{ . }}
{{- end }}
+info https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/
{{- end -}}
{{- end -}}

BIN
packages/system/dashboard/charts/kubeapps/charts/redis/img/redis-cluster-topology.png Normal file
View File

Binary file not shown.
Side by Side

After

Width:  |  Height:  |  Size: 11 KiB

BIN
packages/system/dashboard/charts/kubeapps/charts/redis/img/redis-topology.png Normal file
View File

Binary file not shown.
Side by Side

After

Width:  |  Height:  |  Size: 9.5 KiB

61
packages/system/dashboard/charts/kubeapps/charts/redis/templates/NOTES.txt
View File

@@ -12,11 +12,11 @@ The chart has been deployed in diagnostic mode. All probes have been disabled an
Get the list of pods by executing:
kubectl get pods --namespace {{ include "common.names.namespace" . }} -l app.kubernetes.io/instance={{ .Release.Name }}
kubectl get pods --namespace {{ .Release.Namespace }} -l app.kubernetes.io/instance={{ .Release.Name }}
Access the pod you want to debug by executing
kubectl exec --namespace {{ include "common.names.namespace" . }} -ti <NAME OF THE POD> -- bash
kubectl exec --namespace {{ .Release.Namespace }} -ti <NAME OF THE POD> -- bash
In order to replicate the container startup scripts execute this command:
@@ -53,28 +53,12 @@ For Redis Sentinel:
{{- end }}
{{- end }}
{{- if and .Values.auth.usePasswordFiles (not .Values.auth.usePasswordFileFromSecret) (or (empty .Values.master.initContainers) (empty .Values.replica.initContainers)) }}
-------------------------------------------------------------------------------
WARNING
By specifying ".Values.auth.usePasswordFiles=true" and ".Values.auth.usePasswordFileFromSecret=false"
Redis is expecting that the password is mounted as a file in each pod
(by default in /opt/bitnami/redis/secrets/redis-password)
Ensure that you specify the respective initContainers in
both .Values.master.initContainers and .Values.replica.initContainers
in order to populate the contents of this file.
-------------------------------------------------------------------------------
{{- end }}
{{- if eq .Values.architecture "replication" }}
{{- if .Values.sentinel.enabled }}
Redis&reg; can be accessed via port {{ .Values.sentinel.service.ports.redis }} on the following DNS name from within your cluster:
{{ template "common.names.fullname" . }}.{{ include "common.names.namespace" . }}.svc.{{ .Values.clusterDomain }} for read only operations
{{ template "common.names.fullname" . }}.{{ .Release.Namespace }}.svc.{{ .Values.clusterDomain }} for read only operations
For read/write operations, first access the Redis&reg; Sentinel cluster, which is available in port {{ .Values.sentinel.service.ports.sentinel }} using the same domain name above.
@@ -82,15 +66,15 @@ For read/write operations, first access the Redis&reg; Sentinel cluster, which i
Redis&reg; can be accessed on the following DNS names from within your cluster:
{{ printf "%s-master.%s.svc.%s" (include "common.names.fullname" .) (include "common.names.namespace" . ) .Values.clusterDomain }} for read/write operations (port {{ .Values.master.service.ports.redis }})
{{ printf "%s-replicas.%s.svc.%s" (include "common.names.fullname" .) (include "common.names.namespace" . ) .Values.clusterDomain }} for read-only operations (port {{ .Values.replica.service.ports.redis }})
{{ printf "%s-master.%s.svc.%s" (include "common.names.fullname" .) .Release.Namespace .Values.clusterDomain }} for read/write operations (port {{ .Values.master.service.ports.redis }})
{{ printf "%s-replicas.%s.svc.%s" (include "common.names.fullname" .) .Release.Namespace .Values.clusterDomain }} for read-only operations (port {{ .Values.replica.service.ports.redis }})
{{- end }}
{{- else }}
Redis&reg; can be accessed via port {{ .Values.master.service.ports.redis }} on the following DNS name from within your cluster:
{{ template "common.names.fullname" . }}-master.{{ include "common.names.namespace" . }}.svc.{{ .Values.clusterDomain }}
{{ template "common.names.fullname" . }}-master.{{ .Release.Namespace }}.svc.{{ .Values.clusterDomain }}
{{- end }}
@@ -98,7 +82,7 @@ Redis&reg; can be accessed via port {{ .Values.master.service.ports.redis }} on
To get your password run:
export REDIS_PASSWORD=$(kubectl get secret --namespace {{ include "common.names.namespace" . }} {{ template "redis.secretName" . }} -o jsonpath="{.data.redis-password}" | base64 -d)
export REDIS_PASSWORD=$(kubectl get secret --namespace {{ .Release.Namespace }} {{ template "redis.secretName" . }} -o jsonpath="{.data.redis-password}" | base64 -d)
{{- end }}
@@ -106,15 +90,15 @@ To connect to your Redis&reg; server:
1. Run a Redis&reg; pod that you can use as a client:
kubectl run --namespace {{ include "common.names.namespace" . }} redis-client --restart='Never' {{ if .Values.auth.enabled }} --env REDIS_PASSWORD=$REDIS_PASSWORD {{ end }} --image {{ template "redis.image" . }} --command -- sleep infinity
kubectl run --namespace {{ .Release.Namespace }} redis-client --restart='Never' {{ if .Values.auth.enabled }} --env REDIS_PASSWORD=$REDIS_PASSWORD {{ end }} --image {{ template "redis.image" . }} --command -- sleep infinity
{{- if .Values.tls.enabled }}
Copy your TLS certificates to the pod:
kubectl cp --namespace {{ include "common.names.namespace" . }} /path/to/client.cert redis-client:/tmp/client.cert
kubectl cp --namespace {{ include "common.names.namespace" . }} /path/to/client.key redis-client:/tmp/client.key
kubectl cp --namespace {{ include "common.names.namespace" . }} /path/to/CA.cert redis-client:/tmp/CA.cert
kubectl cp --namespace {{ .Release.Namespace }} /path/to/client.cert redis-client:/tmp/client.cert
kubectl cp --namespace {{ .Release.Namespace }} /path/to/client.key redis-client:/tmp/client.key
kubectl cp --namespace {{ .Release.Namespace }} /path/to/CA.cert redis-client:/tmp/CA.cert
{{- end }}
@@ -122,7 +106,7 @@ To connect to your Redis&reg; server:
kubectl exec --tty -i redis-client \
{{- if and (.Values.networkPolicy.enabled) (not .Values.networkPolicy.allowExternal) }}--labels="{{ template "common.names.fullname" . }}-client=true" \{{- end }}
--namespace {{ include "common.names.namespace" . }} -- bash
--namespace {{ .Release.Namespace }} -- bash
2. Connect using the Redis&reg; CLI:
@@ -149,42 +133,42 @@ To connect to your database from outside the cluster execute the following comma
{{- if and (eq .Values.architecture "replication") .Values.sentinel.enabled }}
{{- if contains "NodePort" .Values.sentinel.service.type }}
export NODE_IP=$(kubectl get nodes --namespace {{ include "common.names.namespace" . }} -o jsonpath="{.items[0].status.addresses[0].address}")
export NODE_PORT=$(kubectl get --namespace {{ include "common.names.namespace" . }} -o jsonpath="{.spec.ports[0].nodePort}" services {{ template "common.names.fullname" . }})
export NODE_IP=$(kubectl get nodes --namespace {{ .Release.Namespace }} -o jsonpath="{.items[0].status.addresses[0].address}")
export NODE_PORT=$(kubectl get --namespace {{ .Release.Namespace }} -o jsonpath="{.spec.ports[0].nodePort}" services {{ template "common.names.fullname" . }})
{{ if .Values.auth.enabled }}REDISCLI_AUTH="$REDIS_PASSWORD" {{ end }}redis-cli -h $NODE_IP -p $NODE_PORT {{- if .Values.tls.enabled }} --tls --cert /tmp/client.cert --key /tmp/client.key --cacert /tmp/CA.cert{{ end }}
{{- else if contains "LoadBalancer" .Values.sentinel.service.type }}
NOTE: It may take a few minutes for the LoadBalancer IP to be available.
Watch the status with: 'kubectl get svc --namespace {{ include "common.names.namespace" . }} -w {{ template "common.names.fullname" . }}'
Watch the status with: 'kubectl get svc --namespace {{ .Release.Namespace }} -w {{ template "common.names.fullname" . }}'
export SERVICE_IP=$(kubectl get svc --namespace {{ include "common.names.namespace" . }} {{ template "common.names.fullname" . }} --template "{{ "{{ range (index .status.loadBalancer.ingress 0) }}{{ . }}{{ end }}" }}")
export SERVICE_IP=$(kubectl get svc --namespace {{ .Release.Namespace }} {{ template "common.names.fullname" . }} --template "{{ "{{ range (index .status.loadBalancer.ingress 0) }}{{ . }}{{ end }}" }}")
{{ if .Values.auth.enabled }}REDISCLI_AUTH="$REDIS_PASSWORD" {{ end }}redis-cli -h $SERVICE_IP -p {{ .Values.sentinel.service.ports.redis }} {{- if .Values.tls.enabled }} --tls --cert /tmp/client.cert --key /tmp/client.key --cacert /tmp/CA.cert{{ end }}
{{- else if contains "ClusterIP" .Values.sentinel.service.type }}
kubectl port-forward --namespace {{ include "common.names.namespace" . }} svc/{{ template "common.names.fullname" . }} {{ .Values.sentinel.service.ports.redis }}:{{ .Values.sentinel.service.ports.redis }} &
kubectl port-forward --namespace {{ .Release.Namespace }} svc/{{ template "common.names.fullname" . }} {{ .Values.sentinel.service.ports.redis }}:{{ .Values.sentinel.service.ports.redis }} &
{{ if .Values.auth.enabled }}REDISCLI_AUTH="$REDIS_PASSWORD" {{ end }}redis-cli -h 127.0.0.1 -p {{ .Values.sentinel.service.ports.redis }} {{- if .Values.tls.enabled }} --tls --cert /tmp/client.cert --key /tmp/client.key --cacert /tmp/CA.cert{{ end }}
{{- end }}
{{- else }}
{{- if contains "NodePort" .Values.master.service.type }}
export NODE_IP=$(kubectl get nodes --namespace {{ include "common.names.namespace" . }} -o jsonpath="{.items[0].status.addresses[0].address}")
export NODE_PORT=$(kubectl get --namespace {{ include "common.names.namespace" . }} -o jsonpath="{.spec.ports[0].nodePort}" services {{ printf "%s-master" (include "common.names.fullname" .) }})
export NODE_IP=$(kubectl get nodes --namespace {{ .Release.Namespace }} -o jsonpath="{.items[0].status.addresses[0].address}")
export NODE_PORT=$(kubectl get --namespace {{ .Release.Namespace }} -o jsonpath="{.spec.ports[0].nodePort}" services {{ printf "%s-master" (include "common.names.fullname" .) }})
{{ if .Values.auth.enabled }}REDISCLI_AUTH="$REDIS_PASSWORD" {{ end }}redis-cli -h $NODE_IP -p $NODE_PORT {{- if .Values.tls.enabled }} --tls --cert /tmp/client.cert --key /tmp/client.key --cacert /tmp/CA.cert{{ end }}
{{- else if contains "LoadBalancer" .Values.master.service.type }}
NOTE: It may take a few minutes for the LoadBalancer IP to be available.
Watch the status with: 'kubectl get svc --namespace {{ include "common.names.namespace" . }} -w {{ template "common.names.fullname" . }}'
Watch the status with: 'kubectl get svc --namespace {{ .Release.Namespace }} -w {{ template "common.names.fullname" . }}'
export SERVICE_IP=$(kubectl get svc --namespace {{ include "common.names.namespace" . }} {{ printf "%s-master" (include "common.names.fullname" .) }} --template "{{ "{{ range (index .status.loadBalancer.ingress 0) }}{{ . }}{{ end }}" }}")
export SERVICE_IP=$(kubectl get svc --namespace {{ .Release.Namespace }} {{ printf "%s-master" (include "common.names.fullname" .) }} --template "{{ "{{ range (index .status.loadBalancer.ingress 0) }}{{ . }}{{ end }}" }}")
{{ if .Values.auth.enabled }}REDISCLI_AUTH="$REDIS_PASSWORD" {{ end }}redis-cli -h $SERVICE_IP -p {{ .Values.master.service.ports.redis }} {{- if .Values.tls.enabled }} --tls --cert /tmp/client.cert --key /tmp/client.key --cacert /tmp/CA.cert{{ end }}
{{- else if contains "ClusterIP" .Values.master.service.type }}
kubectl port-forward --namespace {{ include "common.names.namespace" . }} svc/{{ printf "%s-master" (include "common.names.fullname" .) }} {{ .Values.master.service.ports.redis }}:{{ .Values.master.service.ports.redis }} &
kubectl port-forward --namespace {{ .Release.Namespace }} svc/{{ printf "%s-master" (include "common.names.fullname" .) }} {{ .Values.master.service.ports.redis }}:{{ .Values.master.service.ports.redis }} &
{{ if .Values.auth.enabled }}REDISCLI_AUTH="$REDIS_PASSWORD" {{ end }}redis-cli -h 127.0.0.1 -p {{ .Values.master.service.ports.redis }} {{- if .Values.tls.enabled }} --tls --cert /tmp/client.cert --key /tmp/client.key --cacert /tmp/CA.cert{{ end }}
{{- end }}
@@ -205,4 +189,3 @@ No need to upgrade, ports and nodeports have been set from values
YOU NEED TO PERFORM AN UPGRADE FOR THE SERVICES AND WORKLOAD TO BE CREATED
{{- end }}
{{- end }}
{{- include "common.warnings.resources" (dict "sections" (list "master" "metrics" "replica" "sentinel" "sysctl" "volumePermissions") "context" $) }}

20
packages/system/dashboard/charts/kubeapps/charts/redis/templates/_helpers.tpl
View File

@@ -33,13 +33,6 @@ Return the proper image name (for the init container volume-permissions image)
{{ include "common.images.image" (dict "imageRoot" .Values.volumePermissions.image "global" .Values.global) }}
{{- end -}}
{{/*
Return kubectl image
*/}}
{{- define "redis.kubectl.image" -}}
{{ include "common.images.image" (dict "imageRoot" .Values.kubectl.image "global" .Values.global) }}
{{- end -}}
{{/*
Return sysctl image
*/}}
@@ -247,7 +240,7 @@ Return Redis&reg; password
{{- else if not (empty .Values.auth.password) -}}
{{- .Values.auth.password -}}
{{- else -}}
{{- include "getValueFromSecret" (dict "Namespace" (include "common.names.namespace" .) "Name" (include "redis.secretName" .) "Length" 10 "Key" (include "redis.secretPasswordKey" .)) -}}
{{- include "getValueFromSecret" (dict "Namespace" .Release.Namespace "Name" (include "redis.secretName" .) "Length" 10 "Key" (include "redis.secretPasswordKey" .)) -}}
{{- end -}}
{{- end -}}
{{- end }}
@@ -268,7 +261,6 @@ Compile all warnings into a single message, and call fail.
{{- $messages := append $messages (include "redis.validateValues.architecture" .) -}}
{{- $messages := append $messages (include "redis.validateValues.podSecurityPolicy.create" .) -}}
{{- $messages := append $messages (include "redis.validateValues.tls" .) -}}
{{- $messages := append $messages (include "redis.validateValues.createMaster" .) -}}
{{- $messages := without $messages "" -}}
{{- $message := join "\n" $messages -}}
@@ -320,16 +312,6 @@ redis: tls.enabled
{{- end -}}
{{- end -}}
{{/* Validate values of Redis&reg; - master service enabled */}}
{{- define "redis.validateValues.createMaster" -}}
{{- if and .Values.sentinel.service.createMaster (or (not .Values.rbac.create) (not .Values.replica.automountServiceAccountToken) (not .Values.serviceAccount.create)) }}
redis: sentinel.service.createMaster
In order to redirect requests only to the master pod via the service, you also need to
create rbac and serviceAccount. In addition, you need to enable
replica.automountServiceAccountToken.
{{- end -}}
{{- end -}}
{{/* Define the suffix utilized for external-dns */}}
{{- define "redis.externalDNS.suffix" -}}
{{ printf "%s.%s" (include "common.names.fullname" .) .Values.useExternalDNS.suffix }}

7
packages/system/dashboard/charts/kubeapps/charts/redis/templates/configmap.yaml
View File

@@ -8,7 +8,7 @@ apiVersion: v1
kind: ConfigMap
metadata:
name: {{ printf "%s-configuration" (include "common.names.fullname" .) }}
namespace: {{ include "common.names.namespace" . | quote }}
namespace: {{ .Release.Namespace | quote }}
labels: {{- include "common.labels.standard" ( dict "customLabels" .Values.commonLabels "context" $ ) | nindent 4 }}
{{- if .Values.commonAnnotations }}
annotations: {{- include "common.tplvalues.render" ( dict "value" .Values.commonAnnotations "context" $ ) | nindent 4 }}
@@ -48,13 +48,10 @@ data:
sentinel.conf: |-
dir "/tmp"
port {{ .Values.sentinel.containerPorts.sentinel }}
sentinel monitor {{ .Values.sentinel.masterSet }} {{ template "common.names.fullname" . }}-node-0.{{ template "common.names.fullname" . }}-headless.{{ include "common.names.namespace" . }}.svc.{{ .Values.clusterDomain }} {{ .Values.sentinel.service.ports.redis }} {{ .Values.sentinel.quorum }}
sentinel monitor {{ .Values.sentinel.masterSet }} {{ template "common.names.fullname" . }}-node-0.{{ template "common.names.fullname" . }}-headless.{{ .Release.Namespace }}.svc.{{ .Values.clusterDomain }} {{ .Values.sentinel.service.ports.redis }} {{ .Values.sentinel.quorum }}
sentinel down-after-milliseconds {{ .Values.sentinel.masterSet }} {{ .Values.sentinel.downAfterMilliseconds }}
sentinel failover-timeout {{ .Values.sentinel.masterSet }} {{ .Values.sentinel.failoverTimeout }}
sentinel parallel-syncs {{ .Values.sentinel.masterSet }} {{ .Values.sentinel.parallelSyncs }}
{{- if .Values.sentinel.service.createMaster}}
sentinel client-reconfig-script {{ .Values.sentinel.masterSet }} /opt/bitnami/scripts/start-scripts/push-master-label.sh
{{- end }}
# User-supplied sentinel configuration:
{{- if .Values.sentinel.configuration }}
{{- include "common.tplvalues.render" ( dict "value" .Values.sentinel.configuration "context" $ ) | nindent 4 }}

4
packages/system/dashboard/charts/kubeapps/charts/redis/templates/headless-svc.yaml
View File

@@ -7,16 +7,14 @@ apiVersion: v1
kind: Service
metadata:
name: {{ printf "%s-headless" (include "common.names.fullname" .) }}
namespace: {{ include "common.names.namespace" . | quote }}
namespace: {{ .Release.Namespace | quote }}
labels: {{- include "common.labels.standard" ( dict "customLabels" .Values.commonLabels "context" $ ) | nindent 4 }}
{{- if or .Values.sentinel.service.headless.annotations .Values.commonAnnotations (include "redis.externalDNS.annotations" .) }}
annotations:
{{- if or .Values.sentinel.service.headless.annotations .Values.commonAnnotations }}
{{- $annotations := include "common.tplvalues.merge" ( dict "values" ( list .Values.sentinel.service.headless.annotations .Values.commonAnnotations ) "context" . ) }}
{{- include "common.tplvalues.render" ( dict "value" $annotations "context" $) | nindent 4 }}
{{- end }}
{{- include "redis.externalDNS.annotations" . | nindent 4 }}
{{- end }}
spec:
type: ClusterIP
clusterIP: None

2
packages/system/dashboard/charts/kubeapps/charts/redis/templates/health-configmap.yaml
View File

@@ -7,7 +7,7 @@ apiVersion: v1
kind: ConfigMap
metadata:
name: {{ printf "%s-health" (include "common.names.fullname" .) }}
namespace: {{ include "common.names.namespace" . | quote }}
namespace: {{ .Release.Namespace | quote }}
labels: {{- include "common.labels.standard" ( dict "customLabels" .Values.commonLabels "context" $ ) | nindent 4 }}
{{- if .Values.commonAnnotations }}
annotations: {{- include "common.tplvalues.render" ( dict "value" .Values.commonAnnotations "context" $ ) | nindent 4 }}

55
packages/system/dashboard/charts/kubeapps/charts/redis/templates/master/application.yaml
View File

@@ -9,7 +9,7 @@ apiVersion: {{ include "common.capabilities.statefulset.apiVersion" . }}
kind: {{ .Values.master.kind }}
metadata:
name: {{ printf "%s-master" (include "common.names.fullname" .) }}
namespace: {{ include "common.names.namespace" . | quote }}
namespace: {{ .Release.Namespace | quote }}
labels: {{- include "common.labels.standard" ( dict "customLabels" .Values.commonLabels "context" $ ) | nindent 4 }}
app.kubernetes.io/component: master
{{- if .Values.commonAnnotations }}
@@ -62,10 +62,10 @@ spec:
hostAliases: {{- include "common.tplvalues.render" (dict "value" .Values.master.hostAliases "context" $) | nindent 8 }}
{{- end }}
{{- if .Values.master.podSecurityContext.enabled }}
securityContext: {{- include "common.compatibility.renderSecurityContext" (dict "secContext" .Values.master.podSecurityContext "context" $) | nindent 8 }}
securityContext: {{- omit .Values.master.podSecurityContext "enabled" | toYaml | nindent 8 }}
{{- end }}
serviceAccountName: {{ template "redis.masterServiceAccountName" . }}
automountServiceAccountToken: {{ .Values.master.automountServiceAccountToken }}
automountServiceAccountToken: {{ .Values.master.serviceAccount.automountServiceAccountToken }}
{{- if .Values.master.priorityClassName }}
priorityClassName: {{ .Values.master.priorityClassName | quote }}
{{- end }}
@@ -108,7 +108,7 @@ spec:
lifecycle: {{- include "common.tplvalues.render" (dict "value" .Values.master.lifecycleHooks "context" $) | nindent 12 }}
{{- end }}
{{- if .Values.master.containerSecurityContext.enabled }}
securityContext: {{- include "common.compatibility.renderSecurityContext" (dict "secContext" .Values.master.containerSecurityContext "context" $) | nindent 12 }}
securityContext: {{- omit .Values.master.containerSecurityContext "enabled" | toYaml | nindent 12 }}
{{- end }}
{{- if .Values.diagnosticMode.enabled }}
command: {{- include "common.tplvalues.render" (dict "value" .Values.diagnosticMode.command "context" $) | nindent 12 }}
@@ -226,8 +226,6 @@ spec:
{{- end }}
{{- if .Values.master.resources }}
resources: {{- toYaml .Values.master.resources | nindent 12 }}
{{- else if ne .Values.master.resourcesPreset "none" }}
resources: {{- include "common.resources.preset" (dict "type" .Values.master.resourcesPreset) | nindent 12 }}
{{- end }}
volumeMounts:
- name: start-scripts
@@ -247,12 +245,10 @@ spec:
{{- end }}
- name: config
mountPath: /opt/bitnami/redis/mounted-etc
- name: empty-dir
- name: redis-tmp-conf
mountPath: /opt/bitnami/redis/etc/
subPath: app-conf-dir
- name: empty-dir
- name: tmp
mountPath: /tmp
subPath: tmp-dir
{{- if .Values.tls.enabled }}
- name: redis-certificates
mountPath: /opt/bitnami/redis/certs
@@ -266,7 +262,7 @@ spec:
image: {{ include "redis.metrics.image" . }}
imagePullPolicy: {{ .Values.metrics.image.pullPolicy | quote }}
{{- if .Values.metrics.containerSecurityContext.enabled }}
securityContext: {{- include "common.compatibility.renderSecurityContext" (dict "secContext" .Values.metrics.containerSecurityContext "context" $) | nindent 12 }}
securityContext: {{- omit .Values.metrics.containerSecurityContext "enabled" | toYaml | nindent 12 }}
{{- end }}
{{- if .Values.diagnosticMode.enabled }}
command: {{- include "common.tplvalues.render" (dict "value" .Values.diagnosticMode.command "context" $) | nindent 12 }}
@@ -288,8 +284,6 @@ spec:
env:
- name: REDIS_ALIAS
value: {{ template "common.names.fullname" . }}
- name: REDIS_EXPORTER_WEB_LISTEN_ADDRESS
value: {{ printf ":%v" .Values.metrics.containerPorts.http }}
{{- if .Values.auth.enabled }}
- name: REDIS_USER
value: default
@@ -318,7 +312,7 @@ spec:
{{- end }}
ports:
- name: metrics
containerPort: {{ .Values.metrics.containerPorts.http }}
containerPort: 9121
{{- if not .Values.diagnosticMode.enabled }}
{{- if .Values.metrics.customStartupProbe }}
startupProbe: {{- include "common.tplvalues.render" (dict "value" .Values.metrics.customStartupProbe "context" $) | nindent 12 }}
@@ -345,13 +339,8 @@ spec:
{{- end }}
{{- if .Values.metrics.resources }}
resources: {{- toYaml .Values.metrics.resources | nindent 12 }}
{{- else if ne .Values.metrics.resourcesPreset "none" }}
resources: {{- include "common.resources.preset" (dict "type" .Values.metrics.resourcesPreset) | nindent 12 }}
{{- end }}
volumeMounts:
- name: empty-dir
mountPath: /tmp
subPath: app-tmp-dir
{{- if .Values.auth.usePasswordFiles }}
- name: redis-password
mountPath: /secrets/
@@ -394,13 +383,8 @@ spec:
{{- end }}
{{- if .Values.volumePermissions.resources }}
resources: {{- toYaml .Values.volumePermissions.resources | nindent 12 }}
{{- else if ne .Values.volumePermissions.resourcesPreset "none" }}
resources: {{- include "common.resources.preset" (dict "type" .Values.volumePermissions.resourcesPreset) | nindent 12 }}
{{- end }}
volumeMounts:
- name: empty-dir
mountPath: /tmp
subPath: tmp-dir
- name: redis-data
mountPath: {{ .Values.master.persistence.path }}
{{- if .Values.master.persistence.subPath }}
@@ -421,14 +405,9 @@ spec:
{{- end }}
{{- if .Values.sysctl.resources }}
resources: {{- toYaml .Values.sysctl.resources | nindent 12 }}
{{- else if ne .Values.sysctl.resourcesPreset "none" }}
resources: {{- include "common.resources.preset" (dict "type" .Values.sysctl.resourcesPreset) | nindent 12 }}
{{- end }}
{{- if .Values.sysctl.mountHostSys }}
volumeMounts:
- name: empty-dir
mountPath: /tmp
subPath: tmp-dir
- name: host-sys
mountPath: /host-sys
{{- end }}
@@ -445,15 +424,11 @@ spec:
defaultMode: 0755
{{- if .Values.auth.usePasswordFiles }}
- name: redis-password
{{ if .Values.auth.usePasswordFileFromSecret }}
secret:
secretName: {{ template "redis.secretName" . }}
items:
- key: {{ template "redis.secretPasswordKey" . }}
path: redis-password
{{- else }}
emptyDir: {}
{{- end }}
{{- end }}
- name: config
configMap:
@@ -463,7 +438,19 @@ spec:
hostPath:
path: /sys
{{- end }}
- name: empty-dir
- name: redis-tmp-conf
{{- if or .Values.master.persistence.medium .Values.master.persistence.sizeLimit }}
emptyDir:
{{- if .Values.master.persistence.medium }}
medium: {{ .Values.master.persistence.medium | quote }}
{{- end }}
{{- if .Values.master.persistence.sizeLimit }}
sizeLimit: {{ .Values.master.persistence.sizeLimit | quote }}
{{- end }}
{{- else }}
emptyDir: {}
{{- end }}
- name: tmp
{{- if or .Values.master.persistence.medium .Values.master.persistence.sizeLimit }}
emptyDir:
{{- if .Values.master.persistence.medium }}

2
packages/system/dashboard/charts/kubeapps/charts/redis/templates/master/psp.yaml
View File

@@ -8,7 +8,7 @@ apiVersion: policy/v1beta1
kind: PodSecurityPolicy
metadata:
name: {{ printf "%s-master" (include "common.names.fullname" .) }}
namespace: {{ include "common.names.namespace" . | quote }}
namespace: {{ .Release.Namespace | quote }}
labels: {{- include "common.labels.standard" ( dict "customLabels" .Values.commonLabels "context" $ ) | nindent 4 }}
{{- if .Values.commonAnnotations }}
annotations: {{- include "common.tplvalues.render" ( dict "value" .Values.commonAnnotations "context" $ ) | nindent 4 }}

2
packages/system/dashboard/charts/kubeapps/charts/redis/templates/master/pvc.yaml
View File

@@ -8,7 +8,7 @@ kind: PersistentVolumeClaim
apiVersion: v1
metadata:
name: {{ printf "redis-data-%s-master" (include "common.names.fullname" .) }}
namespace: {{ include "common.names.namespace" . | quote }}
namespace: {{ .Release.Namespace | quote }}
{{- $labels := include "common.tplvalues.merge" ( dict "values" ( list .Values.master.persistence.labels .Values.commonLabels ) "context" . ) }}
labels: {{- include "common.labels.standard" ( dict "customLabels" $labels "context" $ ) | nindent 4 }}
app.kubernetes.io/component: master

5
packages/system/dashboard/charts/kubeapps/charts/redis/templates/master/service.yaml
View File

@@ -8,7 +8,7 @@ apiVersion: v1
kind: Service
metadata:
name: {{ printf "%s-master" (include "common.names.fullname" .) }}
namespace: {{ include "common.names.namespace" . | quote }}
namespace: {{ .Release.Namespace | quote }}
labels: {{- include "common.labels.standard" ( dict "customLabels" .Values.commonLabels "context" $ ) | nindent 4 }}
app.kubernetes.io/component: master
{{- if or .Values.master.service.annotations .Values.commonAnnotations }}
@@ -26,9 +26,6 @@ spec:
{{- if and (eq .Values.master.service.type "LoadBalancer") (not (empty .Values.master.service.loadBalancerIP)) }}
loadBalancerIP: {{ .Values.master.service.loadBalancerIP }}
{{- end }}
{{- if and (eq .Values.master.service.type "LoadBalancer") .Values.master.service.loadBalancerClass }}
loadBalancerClass: {{ .Values.master.service.loadBalancerClass }}
{{- end }}
{{- if and (eq .Values.master.service.type "LoadBalancer") (not (empty .Values.master.service.loadBalancerSourceRanges)) }}
loadBalancerSourceRanges: {{ toYaml .Values.master.service.loadBalancerSourceRanges | nindent 4 }}
{{- end }}

4
packages/system/dashboard/charts/kubeapps/charts/redis/templates/master/serviceaccount.yaml
View File

@@ -3,13 +3,13 @@ Copyright VMware, Inc.
SPDX-License-Identifier: APACHE-2.0
*/}}
{{- if and .Values.master.serviceAccount.create (or (not (eq .Values.architecture "replication")) (not .Values.sentinel.enabled)) }}
{{- if .Values.master.serviceAccount.create }}
apiVersion: v1
kind: ServiceAccount
automountServiceAccountToken: {{ .Values.master.serviceAccount.automountServiceAccountToken }}
metadata:
name: {{ template "redis.masterServiceAccountName" . }}
namespace: {{ include "common.names.namespace" . | quote }}
namespace: {{ .Release.Namespace | quote }}
labels: {{- include "common.labels.standard" ( dict "customLabels" .Values.commonLabels "context" $ ) | nindent 4 }}
{{- if or .Values.master.serviceAccount.annotations .Values.commonAnnotations }}
{{- $annotations := include "common.tplvalues.merge" ( dict "values" ( list .Values.master.serviceAccount.annotations .Values.commonAnnotations ) "context" . ) }}

9
packages/system/dashboard/charts/kubeapps/charts/redis/templates/metrics-svc.yaml
View File

@@ -3,12 +3,12 @@ Copyright VMware, Inc.
SPDX-License-Identifier: APACHE-2.0
*/}}
{{- if and .Values.metrics.enabled .Values.metrics.service.enabled }}
{{- if .Values.metrics.enabled }}
apiVersion: v1
kind: Service
metadata:
name: {{ printf "%s-metrics" (include "common.names.fullname" .) }}
namespace: {{ include "common.names.namespace" . | quote }}
namespace: {{ .Release.Namespace | quote }}
labels: {{- include "common.labels.standard" ( dict "customLabels" .Values.commonLabels "context" $ ) | nindent 4 }}
app.kubernetes.io/component: metrics
{{- if or .Values.metrics.service.annotations .Values.commonAnnotations }}
@@ -26,15 +26,12 @@ spec:
{{- if and (eq .Values.metrics.service.type "LoadBalancer") .Values.metrics.service.loadBalancerIP }}
loadBalancerIP: {{ .Values.metrics.service.loadBalancerIP }}
{{- end }}
{{- if and (eq .Values.metrics.service.type "LoadBalancer") .Values.metrics.service.loadBalancerClass }}
loadBalancerClass: {{ .Values.metrics.service.loadBalancerClass }}
{{- end }}
{{- if and (eq .Values.metrics.service.type "LoadBalancer") .Values.metrics.service.loadBalancerSourceRanges }}
loadBalancerSourceRanges: {{- toYaml .Values.metrics.service.loadBalancerSourceRanges | nindent 4 }}
{{- end }}
ports:
- name: http-metrics
port: {{ coalesce .Values.metrics.service.ports.http .Values.metrics.service.port }}
port: {{ .Values.metrics.service.port }}
protocol: TCP
targetPort: metrics
{{- if .Values.metrics.service.extraPorts }}

9
packages/system/dashboard/charts/kubeapps/charts/redis/templates/networkpolicy.yaml
View File

@@ -8,7 +8,7 @@ kind: NetworkPolicy
apiVersion: {{ template "networkPolicy.apiVersion" . }}
metadata:
name: {{ template "common.names.fullname" . }}
namespace: {{ include "common.names.namespace" . | quote }}
namespace: {{ .Release.Namespace | quote }}
labels: {{- include "common.labels.standard" ( dict "customLabels" .Values.commonLabels "context" $ ) | nindent 4 }}
{{- if .Values.commonAnnotations }}
annotations: {{- include "common.tplvalues.render" ( dict "value" .Values.commonAnnotations "context" $ ) | nindent 4 }}
@@ -18,11 +18,8 @@ spec:
matchLabels: {{- include "common.labels.matchLabels" ( dict "customLabels" .Values.commonLabels "context" $ ) | nindent 6 }}
policyTypes:
- Ingress
{{- if or (eq .Values.architecture "replication") .Values.networkPolicy.extraEgress }}
- Egress
{{- if .Values.networkPolicy.allowExternalEgress }}
egress:
- {}
{{- else }}
egress:
{{- if eq .Values.architecture "replication" }}
# Allow dns resolution
@@ -79,7 +76,7 @@ spec:
{{- if .Values.metrics.enabled }}
# Allow prometheus scrapes for metrics
- ports:
- port: {{ .Values.metrics.containerPorts.http }}
- port: 9121
{{- if not .Values.networkPolicy.metrics.allowExternal }}
from:
{{- if or .Values.networkPolicy.metrics.ingressNSMatchLabels .Values.networkPolicy.metrics.ingressNSPodMatchLabels }}

2
packages/system/dashboard/charts/kubeapps/charts/redis/templates/pdb.yaml
View File

@@ -8,7 +8,7 @@ apiVersion: {{ include "common.capabilities.policy.apiVersion" . }}
kind: PodDisruptionBudget
metadata:
name: {{ template "common.names.fullname" . }}
namespace: {{ include "common.names.namespace" . | quote }}
namespace: {{ .Release.Namespace | quote }}
labels: {{- include "common.labels.standard" ( dict "customLabels" .Values.commonLabels "context" $ ) | nindent 4 }}
{{- if .Values.commonAnnotations }}
annotations: {{- include "common.tplvalues.render" ( dict "value" .Values.commonAnnotations "context" $ ) | nindent 4 }}

37
packages/system/dashboard/charts/kubeapps/charts/redis/templates/podmonitor.yaml
View File

@@ -8,7 +8,7 @@ apiVersion: monitoring.coreos.com/v1
kind: PodMonitor
metadata:
name: {{ template "common.names.fullname" . }}
namespace: {{ default (include "common.names.namespace" .) .Values.metrics.podMonitor.namespace | quote }}
namespace: {{ default .Release.Namespace .Values.metrics.podMonitor.namespace | quote }}
labels: {{- include "common.labels.standard" ( dict "customLabels" .Values.commonLabels "context" $ ) | nindent 4 }}
{{- if .Values.metrics.podMonitor.additionalLabels }}
{{- include "common.tplvalues.render" (dict "value" .Values.metrics.podMonitor.additionalLabels "context" $) | nindent 4 }}
@@ -18,7 +18,7 @@ metadata:
{{- end }}
spec:
podMetricsEndpoints:
- port: {{ .Values.metrics.podMonitor.port }}
- port: http-metrics
{{- if .Values.metrics.podMonitor.interval }}
interval: {{ .Values.metrics.podMonitor.interval }}
{{- end }}
@@ -34,36 +34,6 @@ spec:
{{- if .Values.metrics.podMonitor.metricRelabelings }}
metricRelabelings: {{- toYaml .Values.metrics.podMonitor.metricRelabelings | nindent 6 }}
{{- end }}
{{- range .Values.metrics.podMonitor.additionalEndpoints }}
- port: {{ .port }}
{{- if .interval }}
interval: {{ .interval }}
{{- end }}
{{- if .path }}
path: {{ .path }}
{{- end }}
{{- if .honorLabels }}
honorLabels: {{ .honorLabels }}
{{- end }}
{{- if .relabellings }}
relabelings: {{- toYaml .relabellings | nindent 6 }}
{{- end }}
{{- if .metricRelabelings }}
metricRelabelings: {{- toYaml .metricRelabelings | nindent 6 }}
{{- end }}
{{- if .scrapeTimeout }}
scrapeTimeout: {{ .scrapeTimeout }}
{{- end }}
{{- if .params }}
params:
{{- range $key, $value := .params }}
{{ $key }}:
{{- range $value }}
- {{ . | quote }}
{{- end }}
{{- end }}
{{- end }}
{{- end }}
{{- if .Values.metrics.serviceMonitor.podTargetLabels }}
podTargetLabels: {{- toYaml .Values.metrics.podMonitor.podTargetLabels | nindent 4 }}
{{- end }}
@@ -75,7 +45,8 @@ spec:
{{- end }}
namespaceSelector:
matchNames:
- {{ include "common.names.namespace" . | quote }}
- {{ .Release.Namespace }}
selector:
matchLabels: {{- include "common.labels.matchLabels" ( dict "customLabels" .Values.commonLabels "context" $ ) | nindent 6 }}
app.kubernetes.io/component: metrics
{{- end }}

2
packages/system/dashboard/charts/kubeapps/charts/redis/templates/prometheusrule.yaml
View File

@@ -8,7 +8,7 @@ apiVersion: monitoring.coreos.com/v1
kind: PrometheusRule
metadata:
name: {{ template "common.names.fullname" . }}
namespace: {{ default (include "common.names.namespace" .) .Values.metrics.prometheusRule.namespace | quote }}
namespace: {{ default .Release.Namespace .Values.metrics.prometheusRule.namespace | quote }}
labels: {{- include "common.labels.standard" ( dict "customLabels" .Values.commonLabels "context" $ ) | nindent 4 }}
{{- if .Values.metrics.prometheusRule.additionalLabels }}
{{- include "common.tplvalues.render" (dict "value" .Values.metrics.prometheusRule.additionalLabels "context" $) | nindent 4 }}

47
packages/system/dashboard/charts/kubeapps/charts/redis/templates/replicas/application.yaml
View File

@@ -8,7 +8,7 @@ apiVersion: {{ include "common.capabilities.statefulset.apiVersion" . }}
kind: {{ .Values.replica.kind }}
metadata:
name: {{ printf "%s-replicas" (include "common.names.fullname" .) }}
namespace: {{ include "common.names.namespace" . | quote }}
namespace: {{ .Release.Namespace | quote }}
labels: {{- include "common.labels.standard" ( dict "customLabels" .Values.commonLabels "context" $ ) | nindent 4 }}
app.kubernetes.io/component: replica
{{- if .Values.commonAnnotations }}
@@ -60,10 +60,10 @@ spec:
hostAliases: {{- include "common.tplvalues.render" (dict "value" .Values.replica.hostAliases "context" $) | nindent 8 }}
{{- end }}
{{- if .Values.replica.podSecurityContext.enabled }}
securityContext: {{- include "common.compatibility.renderSecurityContext" (dict "secContext" .Values.replica.podSecurityContext "context" $) | nindent 8 }}
securityContext: {{- omit .Values.replica.podSecurityContext "enabled" | toYaml | nindent 8 }}
{{- end }}
serviceAccountName: {{ template "redis.replicaServiceAccountName" . }}
automountServiceAccountToken: {{ .Values.replica.automountServiceAccountToken }}
automountServiceAccountToken: {{ .Values.replica.serviceAccount.automountServiceAccountToken }}
{{- if .Values.replica.priorityClassName }}
priorityClassName: {{ .Values.replica.priorityClassName | quote }}
{{- end }}
@@ -108,7 +108,7 @@ spec:
{{- end }}
{{- end }}
{{- if .Values.replica.containerSecurityContext.enabled }}
securityContext: {{- include "common.compatibility.renderSecurityContext" (dict "secContext" .Values.replica.containerSecurityContext "context" $) | nindent 12 }}
securityContext: {{- omit .Values.replica.containerSecurityContext "enabled" | toYaml | nindent 12 }}
{{- end }}
{{- if .Values.diagnosticMode.enabled }}
command: {{- include "common.tplvalues.render" (dict "value" .Values.diagnosticMode.command "context" $) | nindent 12 }}
@@ -136,9 +136,9 @@ spec:
{{- if .Values.replica.externalMaster.enabled }}
value: {{ .Values.replica.externalMaster.host | quote }}
{{- else if and (eq (int64 .Values.master.count) 1) (eq .Values.master.kind "StatefulSet") }}
value: {{ template "common.names.fullname" . }}-master-0.{{ template "common.names.fullname" . }}-headless.{{ include "common.names.namespace" . }}.svc.{{ .Values.clusterDomain }}
value: {{ template "common.names.fullname" . }}-master-0.{{ template "common.names.fullname" . }}-headless.{{ .Release.Namespace }}.svc.{{ .Values.clusterDomain }}
{{- else }}
value: {{ template "common.names.fullname" . }}-master.{{ include "common.names.namespace" . }}.svc.{{ .Values.clusterDomain }}
value: {{ template "common.names.fullname" . }}-master.{{ .Release.Namespace }}.svc.{{ .Values.clusterDomain }}
{{- end }}
- name: REDIS_MASTER_PORT_NUMBER
{{- if .Values.replica.externalMaster.enabled }}
@@ -246,8 +246,6 @@ spec:
{{- end }}
{{- if .Values.replica.resources }}
resources: {{- toYaml .Values.replica.resources | nindent 12 }}
{{- else if ne .Values.replica.resourcesPreset "none" }}
resources: {{- include "common.resources.preset" (dict "type" .Values.replica.resourcesPreset) | nindent 12 }}
{{- end }}
volumeMounts:
- name: start-scripts
@@ -267,12 +265,8 @@ spec:
{{- end }}
- name: config
mountPath: /opt/bitnami/redis/mounted-etc
- name: empty-dir
- name: redis-tmp-conf
mountPath: /opt/bitnami/redis/etc
subPath: app-conf-dir
- name: empty-dir
mountPath: /tmp
subPath: tmp-dir
{{- if .Values.tls.enabled }}
- name: redis-certificates
mountPath: /opt/bitnami/redis/certs
@@ -286,7 +280,7 @@ spec:
image: {{ include "redis.metrics.image" . }}
imagePullPolicy: {{ .Values.metrics.image.pullPolicy | quote }}
{{- if .Values.metrics.containerSecurityContext.enabled }}
securityContext: {{- include "common.compatibility.renderSecurityContext" (dict "secContext" .Values.metrics.containerSecurityContext "context" $) | nindent 12 }}
securityContext: {{- omit .Values.metrics.containerSecurityContext "enabled" | toYaml | nindent 12 }}
{{- end }}
{{- if .Values.diagnosticMode.enabled }}
command: {{- include "common.tplvalues.render" (dict "value" .Values.diagnosticMode.command "context" $) | nindent 12 }}
@@ -308,8 +302,6 @@ spec:
env:
- name: REDIS_ALIAS
value: {{ template "common.names.fullname" . }}
- name: REDIS_EXPORTER_WEB_LISTEN_ADDRESS
value: {{ printf ":%v" .Values.metrics.containerPorts.http }}
{{- if .Values.auth.enabled }}
- name: REDIS_USER
value: default
@@ -338,7 +330,7 @@ spec:
{{- end }}
ports:
- name: metrics
containerPort: {{ .Values.metrics.containerPorts.http }}
containerPort: 9121
{{- if not .Values.diagnosticMode.enabled }}
{{- if .Values.metrics.customStartupProbe }}
startupProbe: {{- include "common.tplvalues.render" (dict "value" .Values.metrics.customStartupProbe "context" $) | nindent 12 }}
@@ -365,13 +357,8 @@ spec:
{{- end }}
{{- if .Values.metrics.resources }}
resources: {{- toYaml .Values.metrics.resources | nindent 12 }}
{{- else if ne .Values.metrics.resourcesPreset "none" }}
resources: {{- include "common.resources.preset" (dict "type" .Values.metrics.resourcesPreset) | nindent 12 }}
{{- end }}
volumeMounts:
- name: empty-dir
mountPath: /tmp
subPath: tmp-dir
{{- if .Values.auth.usePasswordFiles }}
- name: redis-password
mountPath: /secrets/
@@ -414,13 +401,8 @@ spec:
{{- end }}
{{- if .Values.volumePermissions.resources }}
resources: {{- toYaml .Values.volumePermissions.resources | nindent 12 }}
{{- else if ne .Values.volumePermissions.resourcesPreset "none" }}
resources: {{- include "common.resources.preset" (dict "type" .Values.volumePermissions.resourcesPreset) | nindent 12 }}
{{- end }}
volumeMounts:
- name: empty-dir
mountPath: /tmp
subPath: tmp-dir
- name: redis-data
mountPath: {{ .Values.replica.persistence.path }}
{{- if .Values.replica.persistence.subPath }}
@@ -441,14 +423,9 @@ spec:
{{- end }}
{{- if .Values.sysctl.resources }}
resources: {{- toYaml .Values.sysctl.resources | nindent 12 }}
{{- else if ne .Values.sysctl.resourcesPreset "none" }}
resources: {{- include "common.resources.preset" (dict "type" .Values.sysctl.resourcesPreset) | nindent 12 }}
{{- end }}
{{- if .Values.sysctl.mountHostSys }}
volumeMounts:
- name: empty-dir
mountPath: /tmp
subPath: tmp-dir
- name: host-sys
mountPath: /host-sys
{{- end }}
@@ -465,15 +442,11 @@ spec:
defaultMode: 0755
{{- if .Values.auth.usePasswordFiles }}
- name: redis-password
{{ if .Values.auth.usePasswordFileFromSecret }}
secret:
secretName: {{ template "redis.secretName" . }}
items:
- key: {{ template "redis.secretPasswordKey" . }}
path: redis-password
{{- else }}
emptyDir: {}
{{- end }}
{{- end }}
- name: config
configMap:
@@ -483,7 +456,7 @@ spec:
hostPath:
path: /sys
{{- end }}
- name: empty-dir
- name: redis-tmp-conf
{{- if or .Values.replica.persistence.medium .Values.replica.persistence.sizeLimit }}
emptyDir:
{{- if .Values.replica.persistence.medium }}

2
packages/system/dashboard/charts/kubeapps/charts/redis/templates/replicas/hpa.yaml
View File

@@ -8,7 +8,7 @@ apiVersion: {{ include "common.capabilities.hpa.apiVersion" ( dict "context" $ )
kind: HorizontalPodAutoscaler
metadata:
name: {{ printf "%s-replicas" (include "common.names.fullname" .) }}
namespace: {{ include "common.names.namespace" . | quote }}
namespace: {{ .Release.Namespace | quote }}
labels: {{- include "common.labels.standard" ( dict "customLabels" .Values.commonLabels "context" $ ) | nindent 4 }}
app.kubernetes.io/component: replica
{{- if .Values.commonAnnotations }}

5
packages/system/dashboard/charts/kubeapps/charts/redis/templates/replicas/service.yaml
View File

@@ -8,7 +8,7 @@ apiVersion: v1
kind: Service
metadata:
name: {{ printf "%s-replicas" (include "common.names.fullname" .) }}
namespace: {{ include "common.names.namespace" . | quote }}
namespace: {{ .Release.Namespace | quote }}
labels: {{- include "common.labels.standard" ( dict "customLabels" .Values.commonLabels "context" $ ) | nindent 4 }}
app.kubernetes.io/component: replica
{{- if or .Values.replica.service.annotations .Values.commonAnnotations }}
@@ -26,9 +26,6 @@ spec:
{{- if and (eq .Values.replica.service.type "LoadBalancer") (not (empty .Values.replica.service.loadBalancerIP)) }}
loadBalancerIP: {{ .Values.replica.service.loadBalancerIP }}
{{- end }}
{{- if and (eq .Values.replica.service.type "LoadBalancer") .Values.replica.service.loadBalancerClass }}
loadBalancerClass: {{ .Values.replica.service.loadBalancerClass }}
{{- end }}
{{- if and (eq .Values.replica.service.type "LoadBalancer") (not (empty .Values.replica.service.loadBalancerSourceRanges)) }}
loadBalancerSourceRanges: {{ toYaml .Values.replica.service.loadBalancerSourceRanges | nindent 4 }}
{{- end }}

4
packages/system/dashboard/charts/kubeapps/charts/redis/templates/replicas/serviceaccount.yaml
View File

@@ -3,13 +3,13 @@ Copyright VMware, Inc.
SPDX-License-Identifier: APACHE-2.0
*/}}
{{- if and .Values.replica.serviceAccount.create (eq .Values.architecture "replication") (not .Values.sentinel.enabled) }}
{{- if .Values.replica.serviceAccount.create }}
apiVersion: v1
kind: ServiceAccount
automountServiceAccountToken: {{ .Values.replica.serviceAccount.automountServiceAccountToken }}
metadata:
name: {{ template "redis.replicaServiceAccountName" . }}
namespace: {{ include "common.names.namespace" . | quote }}
namespace: {{ .Release.Namespace | quote }}
labels: {{- include "common.labels.standard" ( dict "customLabels" .Values.commonLabels "context" $ ) | nindent 4 }}
{{- if or .Values.replica.serviceAccount.annotations .Values.commonAnnotations }}
{{- $annotations := include "common.tplvalues.merge" ( dict "values" ( list .Values.replica.serviceAccount.annotations .Values.commonAnnotations ) "context" . ) }}

7
packages/system/dashboard/charts/kubeapps/charts/redis/templates/role.yaml
View File

@@ -8,7 +8,7 @@ apiVersion: {{ include "common.capabilities.rbac.apiVersion" . }}
kind: Role
metadata:
name: {{ template "common.names.fullname" . }}
namespace: {{ include "common.names.namespace" . | quote }}
namespace: {{ .Release.Namespace | quote }}
labels: {{- include "common.labels.standard" ( dict "customLabels" .Values.commonLabels "context" $ ) | nindent 4 }}
{{- if .Values.commonAnnotations }}
annotations: {{- include "common.tplvalues.render" ( dict "value" .Values.commonAnnotations "context" $ ) | nindent 4 }}
@@ -23,11 +23,6 @@ rules:
- 'use'
resourceNames: [{{ printf "%s-master" (include "common.names.fullname" .) }}]
{{- end }}
{{- if and .Values.sentinel.enabled .Values.sentinel.service.createMaster}}
- apiGroups: [""]
resources: ["pods"]
verbs: ["list", "patch"]
{{- end -}}
{{- if .Values.rbac.rules }}
{{- include "common.tplvalues.render" ( dict "value" .Values.rbac.rules "context" $ ) | nindent 2 }}
{{- end }}

2
packages/system/dashboard/charts/kubeapps/charts/redis/templates/rolebinding.yaml
View File

@@ -8,7 +8,7 @@ apiVersion: {{ include "common.capabilities.rbac.apiVersion" . }}
kind: RoleBinding
metadata:
name: {{ template "common.names.fullname" . }}
namespace: {{ include "common.names.namespace" . | quote }}
namespace: {{ .Release.Namespace | quote }}
labels: {{- include "common.labels.standard" ( dict "customLabels" .Values.commonLabels "context" $ ) | nindent 4 }}
{{- if .Values.commonAnnotations }}
annotations: {{- include "common.tplvalues.render" ( dict "value" .Values.commonAnnotations "context" $ ) | nindent 4 }}

75
packages/system/dashboard/charts/kubeapps/charts/redis/templates/scripts-configmap.yaml
View File

@@ -7,7 +7,7 @@ apiVersion: v1
kind: ConfigMap
metadata:
name: {{ printf "%s-scripts" (include "common.names.fullname" .) }}
namespace: {{ include "common.names.namespace" . | quote }}
namespace: {{ .Release.Namespace | quote }}
labels: {{- include "common.labels.standard" ( dict "customLabels" .Values.commonLabels "context" $ ) | nindent 4 }}
{{- if .Values.commonAnnotations }}
annotations: {{- include "common.tplvalues.render" ( dict "value" .Values.commonAnnotations "context" $ ) | nindent 4 }}
@@ -48,7 +48,7 @@ data:
{{- if .Values.useExternalDNS.enabled }}
full_hostname="${hostname}.{{- include "redis.externalDNS.suffix" . }}"
{{- else if eq .Values.sentinel.service.type "NodePort" }}
full_hostname="${hostname}.{{- include "common.names.namespace" . }}"
full_hostname="${hostname}.{{- .Release.Namespace }}"
{{- else }}
full_hostname="${hostname}.${HEADLESS_SERVICE}"
{{- end }}
@@ -71,12 +71,12 @@ data:
REDISPORT=$(get_port "$HOSTNAME" "REDIS")
HEADLESS_SERVICE="{{ template "common.names.fullname" . }}-headless.{{ include "common.names.namespace" . }}.svc.{{ .Values.clusterDomain }}"
HEADLESS_SERVICE="{{ template "common.names.fullname" . }}-headless.{{ .Release.Namespace }}.svc.{{ .Values.clusterDomain }}"
if [ -n "$REDIS_EXTERNAL_MASTER_HOST" ]; then
REDIS_SERVICE="$REDIS_EXTERNAL_MASTER_HOST"
else
REDIS_SERVICE="{{ template "common.names.fullname" . }}.{{ include "common.names.namespace" . }}.svc.{{ .Values.clusterDomain }}"
REDIS_SERVICE="{{ template "common.names.fullname" . }}.{{ .Release.Namespace }}.svc.{{ .Values.clusterDomain }}"
fi
SENTINEL_SERVICE_PORT=$(get_port "{{ include "common.names.fullname" . }}" "SENTINEL")
@@ -251,8 +251,8 @@ data:
. /opt/bitnami/scripts/libvalidations.sh
. /opt/bitnami/scripts/libfile.sh
HEADLESS_SERVICE="{{ template "common.names.fullname" . }}-headless.{{ include "common.names.namespace" . }}.svc.{{ .Values.clusterDomain }}"
REDIS_SERVICE="{{ template "common.names.fullname" . }}.{{ include "common.names.namespace" . }}.svc.{{ .Values.clusterDomain }}"
HEADLESS_SERVICE="{{ template "common.names.fullname" . }}-headless.{{ .Release.Namespace }}.svc.{{ .Values.clusterDomain }}"
REDIS_SERVICE="{{ template "common.names.fullname" . }}.{{ .Release.Namespace }}.svc.{{ .Values.clusterDomain }}"
get_port() {
hostname="$1"
@@ -281,7 +281,7 @@ data:
{{- if .Values.useExternalDNS.enabled }}
full_hostname="${hostname}.{{- include "redis.externalDNS.suffix" . }}"
{{- else if eq .Values.sentinel.service.type "NodePort" }}
full_hostname="${hostname}.{{- include "common.names.namespace" . }}"
full_hostname="${hostname}.{{- .Release.Namespace }}"
{{- else }}
full_hostname="${hostname}.${HEADLESS_SERVICE}"
{{- end }}
@@ -366,13 +366,6 @@ data:
REDIS_MASTER_PORT_NUMBER=${REDIS_SENTINEL_INFO[1]}
fi
{{- if .Values.sentinel.service.createMaster }}
if [[ "${REDIS_REPLICATION_MODE}" == "master" ]]; then
# Add isMaster label to master node for master service
echo "${REDIS_MASTER_HOST/.*}" > /etc/shared/current
fi
{{- end }}
if [[ -n "$REDIS_EXTERNAL_MASTER_HOST" ]]; then
REDIS_MASTER_HOST="$REDIS_EXTERNAL_MASTER_HOST"
REDIS_MASTER_PORT_NUMBER="${REDIS_EXTERNAL_MASTER_PORT}"
@@ -457,7 +450,7 @@ data:
. /opt/bitnami/scripts/libvalidations.sh
. /opt/bitnami/scripts/libos.sh
HEADLESS_SERVICE="{{ template "common.names.fullname" . }}-headless.{{ include "common.names.namespace" . }}.svc.{{ .Values.clusterDomain }}"
HEADLESS_SERVICE="{{ template "common.names.fullname" . }}-headless.{{ .Release.Namespace }}.svc.{{ .Values.clusterDomain }}"
get_full_hostname() {
hostname="$1"
@@ -465,7 +458,7 @@ data:
{{- if .Values.useExternalDNS.enabled }}
full_hostname="${hostname}.{{- include "redis.externalDNS.suffix" . }}"
{{- else if eq .Values.sentinel.service.type "NodePort" }}
full_hostname="${hostname}.{{- include "common.names.namespace" . }}"
full_hostname="${hostname}.{{- .Release.Namespace }}"
{{- else }}
full_hostname="${hostname}.${HEADLESS_SERVICE}"
{{- end }}
@@ -488,7 +481,7 @@ data:
run_sentinel_command() {
if is_boolean_yes "$REDIS_SENTINEL_TLS_ENABLED"; then
redis-cli -h "$REDIS_SERVICE" -p "$REDIS_SENTINEL_TLS_PORT_NUMBER" --tls --cert "$REDIS_SENTINEL_TLS_CERT_FILE" --key "$REDIS_SENTINEL_TLS_KEY_FILE" --cacert "$REDIS_SENTINEL_TLS_CA_FILE" sentinel "$@"
redis-cli -h "$REDIS_SERVICE" -p "$REDIS_SENTINEL_PORT" --tls --cert "$REDIS_SENTINEL_TLS_CERT_FILE" --key "$REDIS_SENTINEL_TLS_KEY_FILE" --cacert "$REDIS_SENTINEL_TLS_CA_FILE" sentinel "$@"
else
redis-cli -h "$REDIS_SERVICE" -p "$REDIS_SENTINEL_PORT" sentinel "$@"
fi
@@ -499,7 +492,7 @@ data:
[[ "$REDIS_MASTER_HOST" != "$(get_full_hostname $HOSTNAME)" ]]
}
REDIS_SERVICE="{{ include "common.names.fullname" . }}.{{ include "common.names.namespace" . }}.svc.{{ .Values.clusterDomain }}"
REDIS_SERVICE="{{ include "common.names.fullname" . }}.{{ .Release.Namespace }}.svc.{{ .Values.clusterDomain }}"
{{ if .Values.auth.sentinel -}}
# redis-cli automatically consumes credentials from the REDISCLI_AUTH variable
@@ -537,7 +530,7 @@ data:
[[ "$REDIS_ROLE" == "master" ]]
}
HEADLESS_SERVICE="{{ template "common.names.fullname" . }}-headless.{{- include "common.names.namespace" . }}.svc.{{ .Values.clusterDomain }}"
HEADLESS_SERVICE="{{ template "common.names.fullname" . }}-headless.{{ .Release.Namespace }}.svc.{{ .Values.clusterDomain }}"
get_full_hostname() {
hostname="$1"
@@ -545,7 +538,7 @@ data:
{{- if .Values.useExternalDNS.enabled }}
full_hostname="${hostname}.{{- include "redis.externalDNS.suffix" . }}"
{{- else if eq .Values.sentinel.service.type "NodePort" }}
full_hostname="${hostname}.{{- include "common.names.namespace" . }}"
full_hostname="${hostname}.{{- .Release.Namespace }}"
{{- else }}
full_hostname="${hostname}.${HEADLESS_SERVICE}"
{{- end }}
@@ -568,7 +561,7 @@ data:
run_sentinel_command() {
if is_boolean_yes "$REDIS_SENTINEL_TLS_ENABLED"; then
{{ .Values.auth.sentinel | ternary "" "env -u REDISCLI_AUTH " -}} redis-cli -h "$REDIS_SERVICE" -p "$REDIS_SENTINEL_TLS_PORT_NUMBER" --tls --cert "$REDIS_SENTINEL_TLS_CERT_FILE" --key "$REDIS_SENTINEL_TLS_KEY_FILE" --cacert "$REDIS_SENTINEL_TLS_CA_FILE" sentinel "$@"
{{ .Values.auth.sentinel | ternary "" "env -u REDISCLI_AUTH " -}} redis-cli -h "$REDIS_SERVICE" -p "$REDIS_SENTINEL_PORT" --tls --cert "$REDIS_SENTINEL_TLS_CERT_FILE" --key "$REDIS_SENTINEL_TLS_KEY_FILE" --cacert "$REDIS_SENTINEL_TLS_CA_FILE" sentinel "$@"
else
{{ .Values.auth.sentinel | ternary "" "env -u REDISCLI_AUTH " -}} redis-cli -h "$REDIS_SERVICE" -p "$REDIS_SENTINEL_PORT" sentinel "$@"
fi
@@ -579,7 +572,7 @@ data:
[[ "$REDIS_MASTER_HOST" != "$(get_full_hostname $HOSTNAME)" ]]
}
REDIS_SERVICE="{{ include "common.names.fullname" . }}.{{ include "common.names.namespace" . }}.svc.{{ .Values.clusterDomain }}"
REDIS_SERVICE="{{ include "common.names.fullname" . }}.{{ .Release.Namespace }}.svc.{{ .Values.clusterDomain }}"
# redis-cli automatically consumes credentials from the REDISCLI_AUTH variable
[[ -n "$REDIS_PASSWORD" ]] && export REDISCLI_AUTH="$REDIS_PASSWORD"
@@ -603,14 +596,6 @@ data:
exit 0
fi
{{- if .Values.sentinel.service.createMaster}}
push-master-label.sh: |
#!/bin/bash
# https://download.redis.io/redis-stable/sentinel.conf
echo "${6/.*}" > /etc/shared/current
echo "${4/.*}" > /etc/shared/previous
{{- end }}
{{- else }}
start-master.sh: |
#!/bin/bash
@@ -691,7 +676,7 @@ data:
{{- if .Values.useExternalDNS.enabled }}
full_hostname="${hostname}.{{- include "redis.externalDNS.suffix" . }}"
{{- else if eq .Values.sentinel.service.type "NodePort" }}
full_hostname="${hostname}.{{- include "common.names.namespace" . }}"
full_hostname="${hostname}.{{- .Release.Namespace }}"
{{- else }}
full_hostname="${hostname}.${HEADLESS_SERVICE}"
{{- end }}
@@ -713,7 +698,7 @@ data:
}
REDISPORT=$(get_port "$HOSTNAME" "REDIS")
HEADLESS_SERVICE="{{ template "common.names.fullname" . }}-headless.{{ include "common.names.namespace" . }}.svc.{{ .Values.clusterDomain }}"
HEADLESS_SERVICE="{{ template "common.names.fullname" . }}-headless.{{ .Release.Namespace }}.svc.{{ .Values.clusterDomain }}"
[[ -f $REDIS_PASSWORD_FILE ]] && export REDIS_PASSWORD="$(< "${REDIS_PASSWORD_FILE}")"
[[ -f $REDIS_MASTER_PASSWORD_FILE ]] && export REDIS_MASTER_PASSWORD="$(< "${REDIS_MASTER_PASSWORD_FILE}")"
@@ -770,29 +755,3 @@ data:
{{- end }}
{{- end }}
{{- end }}
---
{{- if .Values.sentinel.service.createMaster}}
apiVersion: v1
kind: ConfigMap
metadata:
name: {{ printf "%s-kubectl-scripts" (include "common.names.fullname" .) }}
namespace: {{ include "common.names.namespace" . | quote }}
labels: {{- include "common.labels.standard" ( dict "customLabels" .Values.commonLabels "context" $ ) | nindent 4 }}
{{- if .Values.commonAnnotations }}
annotations: {{- include "common.tplvalues.render" ( dict "value" .Values.commonAnnotations "context" $ ) | nindent 4 }}
{{- end }}
data:
update-master-label.sh: |
#!/bin/bash
while true; do
while [ ! -f "/etc/shared/current" ]; do
sleep 1
done
echo "new master elected, updating label(s)..."
kubectl label pod --field-selector metadata.name="$(< "/etc/shared/current")" isMaster="true" --overwrite
if [ -f /etc/shared/previous ]; then
kubectl label pod --field-selector metadata.name="$(< "/etc/shared/previous")" isMaster="false" --overwrite
fi
rm "/etc/shared/current" "/etc/shared/previous"
done
{{- end }}

2
packages/system/dashboard/charts/kubeapps/charts/redis/templates/secret-svcbind.yaml
View File

@@ -17,7 +17,7 @@ apiVersion: v1
kind: Secret
metadata:
name: {{ include "common.names.fullname" . }}-svcbind
namespace: {{ include "common.names.namespace" . | quote }}
namespace: {{ .Release.Namespace | quote }}
labels: {{- include "common.labels.standard" ( dict "customLabels" .Values.commonLabels "context" $ ) | nindent 4 }}
{{- if .Values.commonAnnotations }}
annotations: {{- include "common.tplvalues.render" ( dict "value" .Values.commonAnnotations "context" $ ) | nindent 4 }}

4
packages/system/dashboard/charts/kubeapps/charts/redis/templates/secret.yaml
View File

@@ -3,12 +3,12 @@ Copyright VMware, Inc.
SPDX-License-Identifier: APACHE-2.0
*/}}
{{- if and .Values.auth.enabled (not .Values.auth.existingSecret) (or .Values.auth.usePasswordFileFromSecret (not .Values.auth.usePasswordFiles)) -}}
{{- if and .Values.auth.enabled (not .Values.auth.existingSecret) -}}
apiVersion: v1
kind: Secret
metadata:
name: {{ template "common.names.fullname" . }}
namespace: {{ include "common.names.namespace" . | quote }}
namespace: {{ .Release.Namespace | quote }}
labels: {{- include "common.labels.standard" ( dict "customLabels" .Values.commonLabels "context" $ ) | nindent 4 }}
{{- if or .Values.secretAnnotations .Values.commonAnnotations }}
annotations:

2
packages/system/dashboard/charts/kubeapps/charts/redis/templates/sentinel/hpa.yaml
View File

@@ -8,7 +8,7 @@ apiVersion: {{ include "common.capabilities.hpa.apiVersion" ( dict "context" $ )
kind: HorizontalPodAutoscaler
metadata:
name: {{ printf "%s-node" (include "common.names.fullname" .) }}
namespace: {{ include "common.names.namespace" . | quote }}
namespace: {{ .Release.Namespace | quote }}
labels: {{- include "common.labels.standard" ( dict "customLabels" .Values.commonLabels "context" $ ) | nindent 4 }}
app.kubernetes.io/component: replica
{{- if .Values.commonAnnotations }}

4
packages/system/dashboard/charts/kubeapps/charts/redis/templates/sentinel/node-services.yaml
View File

@@ -7,7 +7,7 @@ SPDX-License-Identifier: APACHE-2.0
{{- range $i := until (int .Values.replica.replicaCount) }}
{{ $portsmap := (lookup "v1" "ConfigMap" (include "common.names.namespace" $) (printf "%s-%s" ( include "common.names.fullname" $ ) "ports-configmap")).data }}
{{ $portsmap := (lookup "v1" "ConfigMap" $.Release.Namespace (printf "%s-%s" ( include "common.names.fullname" $ ) "ports-configmap")).data }}
{{ $sentinelport := 0}}
{{ $redisport := 0}}
@@ -20,7 +20,7 @@ apiVersion: v1
kind: Service
metadata:
name: {{ template "common.names.fullname" $ }}-node-{{ $i }}
namespace: {{ include "common.names.namespace" $ | quote }}
namespace: {{ $.Release.Namespace | quote }}
labels: {{- include "common.labels.standard" ( dict "customLabels" $.Values.commonLabels "context" $ ) | nindent 4 }}
app.kubernetes.io/component: node
{{- if or $.Values.commonAnnotations $.Values.sentinel.service.annotations }}

4
packages/system/dashboard/charts/kubeapps/charts/redis/templates/sentinel/ports-configmap.yaml
View File

@@ -71,14 +71,14 @@ apiVersion: v1
kind: ConfigMap
metadata:
name: {{ template "common.names.fullname" . }}-ports-configmap
namespace: {{ include "common.names.namespace" . | quote }}
namespace: {{ .Release.Namespace | quote }}
labels: {{- include "common.labels.standard" ( dict "customLabels" .Values.commonLabels "context" $ ) | nindent 4 }}
{{- if .Values.commonAnnotations }}
annotations:
{{- include "common.tplvalues.render" ( dict "value" .Values.commonAnnotations "context" $ ) | nindent 4 }}
{{- end }}
data:
{{ $portsmap := (lookup "v1" "ConfigMap" (include "common.names.namespace" .) (printf "%s-%s" ( include "common.names.fullname" . ) "ports-configmap")).data }}
{{ $portsmap := (lookup "v1" "ConfigMap" $.Release.Namespace (printf "%s-%s" ( include "common.names.fullname" . ) "ports-configmap")).data }}
{{- if $portsmap }}
{{- /* configmap already exists, do not install again */ -}}
{{- range $name, $value := $portsmap }}

64
packages/system/dashboard/charts/kubeapps/charts/redis/templates/sentinel/service.yaml
View File

@@ -5,7 +5,7 @@ SPDX-License-Identifier: APACHE-2.0
{{- if or .Release.IsUpgrade (ne .Values.sentinel.service.type "NodePort") .Values.sentinel.service.nodePorts.redis -}}
{{- if and (eq .Values.architecture "replication") .Values.sentinel.enabled }}
{{ $portsmap := (lookup "v1" "ConfigMap" (include "common.names.namespace" .) (printf "%s-%s" ( include "common.names.fullname" . ) "ports-configmap")).data }}
{{ $portsmap := (lookup "v1" "ConfigMap" $.Release.Namespace (printf "%s-%s" ( include "common.names.fullname" . ) "ports-configmap")).data }}
{{ $sentinelport := 0}}
{{ $redisport := 0}}
@@ -19,7 +19,7 @@ apiVersion: v1
kind: Service
metadata:
name: {{ template "common.names.fullname" . }}
namespace: {{ include "common.names.namespace" . | quote }}
namespace: {{ .Release.Namespace | quote }}
labels: {{- include "common.labels.standard" ( dict "customLabels" .Values.commonLabels "context" $ ) | nindent 4 }}
app.kubernetes.io/component: node
{{- if or .Values.sentinel.service.annotations .Values.commonAnnotations }}
@@ -34,9 +34,6 @@ spec:
{{- if and (eq .Values.sentinel.service.type "LoadBalancer") (not (empty .Values.sentinel.service.loadBalancerIP)) }}
loadBalancerIP: {{ .Values.sentinel.service.loadBalancerIP }}
{{- end }}
{{- if and (eq .Values.sentinel.service.type "LoadBalancer") .Values.sentinel.service.loadBalancerClass }}
loadBalancerClass: {{ .Values.sentinel.service.loadBalancerClass }}
{{- end }}
{{- if and (eq .Values.sentinel.service.type "LoadBalancer") (not (empty .Values.sentinel.service.loadBalancerSourceRanges)) }}
loadBalancerSourceRanges: {{ toYaml .Values.sentinel.service.loadBalancerSourceRanges | nindent 4 }}
{{- end }}
@@ -100,62 +97,5 @@ spec:
{{- $podLabels := include "common.tplvalues.merge" ( dict "values" ( list .Values.replica.podLabels .Values.commonLabels ) "context" . ) }}
selector: {{- include "common.labels.matchLabels" ( dict "customLabels" $podLabels "context" $ ) | nindent 4 }}
app.kubernetes.io/component: node
{{- if and .Values.sentinel.enabled .Values.sentinel.service.createMaster}}
---
apiVersion: v1
kind: Service
metadata:
name: "{{ template "common.names.fullname" . }}-master"
namespace: {{ include "common.names.namespace" . | quote }}
labels: {{- include "common.labels.standard" ( dict "customLabels" .Values.commonLabels "context" $ ) | nindent 4 }}
app.kubernetes.io/component: node
{{- if or .Values.sentinel.service.annotations .Values.commonAnnotations }}
{{- $annotations := include "common.tplvalues.merge" ( dict "values" ( list .Values.sentinel.service.annotations .Values.commonAnnotations ) "context" . ) }}
annotations: {{- include "common.tplvalues.render" ( dict "value" $annotations "context" $) | nindent 4 }}
{{- end }}
spec:
type: {{ .Values.sentinel.service.type }}
{{- if or (eq .Values.sentinel.service.type "LoadBalancer") (eq .Values.sentinel.service.type "NodePort") }}
externalTrafficPolicy: {{ .Values.sentinel.service.externalTrafficPolicy | quote }}
{{- end }}
{{- if and (eq .Values.sentinel.service.type "LoadBalancer") (not (empty .Values.sentinel.service.loadBalancerIP)) }}
loadBalancerIP: {{ .Values.sentinel.service.loadBalancerIP }}
{{- end }}
{{- if and (eq .Values.sentinel.service.type "LoadBalancer") .Values.sentinel.service.loadBalancerClass }}
loadBalancerClass: {{ .Values.sentinel.service.loadBalancerClass }}
{{- end }}
{{- if and (eq .Values.sentinel.service.type "LoadBalancer") (not (empty .Values.sentinel.service.loadBalancerSourceRanges)) }}
loadBalancerSourceRanges: {{ toYaml .Values.sentinel.service.loadBalancerSourceRanges | nindent 4 }}
{{- end }}
{{- if and .Values.sentinel.service.clusterIP (eq .Values.sentinel.service.type "ClusterIP") }}
clusterIP: {{ .Values.sentinel.service.clusterIP }}
{{- end }}
{{- if .Values.sentinel.service.sessionAffinity }}
sessionAffinity: {{ .Values.sentinel.service.sessionAffinity }}
{{- end }}
{{- if .Values.sentinel.service.sessionAffinityConfig }}
sessionAffinityConfig: {{- include "common.tplvalues.render" (dict "value" .Values.sentinel.service.sessionAffinityConfig "context" $) | nindent 4 }}
{{- end }}
ports:
- name: tcp-redis
{{- if and (or (eq .Values.sentinel.service.type "NodePort") (eq .Values.sentinel.service.type "LoadBalancer")) .Values.sentinel.service.nodePorts.redis }}
port: {{ .Values.sentinel.service.nodePorts.redis }}
{{- else if eq .Values.sentinel.service.type "NodePort" }}
port: {{ $redisport }}
{{- else}}
port: {{ .Values.sentinel.service.ports.redis }}
{{- end }}
targetPort: {{ .Values.replica.containerPorts.redis }}
{{- if and (or (eq .Values.sentinel.service.type "NodePort") (eq .Values.sentinel.service.type "LoadBalancer")) .Values.sentinel.service.nodePorts.redis }}
nodePort: {{ .Values.sentinel.service.nodePorts.redis }}
{{- else if eq .Values.sentinel.service.type "ClusterIP" }}
nodePort: null
{{- else if eq .Values.sentinel.service.type "NodePort" }}
nodePort: {{ $redisport }}
{{- end }}
selector: {{- include "common.labels.matchLabels" ( dict "customLabels" $podLabels "context" $ ) | nindent 4 }}
isMaster: "true"
{{- end }}
{{- end }}
{{- end }}

90
packages/system/dashboard/charts/kubeapps/charts/redis/templates/sentinel/statefulset.yaml
View File

@@ -9,7 +9,7 @@ apiVersion: {{ include "common.capabilities.statefulset.apiVersion" . }}
kind: StatefulSet
metadata:
name: {{ printf "%s-node" (include "common.names.fullname" .) }}
namespace: {{ include "common.names.namespace" . | quote }}
namespace: {{ .Release.Namespace | quote }}
labels: {{- include "common.labels.standard" ( dict "customLabels" .Values.commonLabels "context" $ ) | nindent 4 }}
app.kubernetes.io/component: node
{{- if or .Values.commonAnnotations .Values.sentinel.annotations }}
@@ -54,13 +54,13 @@ spec:
{{- end }}
spec:
{{- include "redis.imagePullSecrets" . | nindent 6 }}
automountServiceAccountToken: {{ .Values.replica.automountServiceAccountToken }}
{{- if .Values.replica.hostAliases }}
hostAliases: {{- include "common.tplvalues.render" (dict "value" .Values.replica.hostAliases "context" $) | nindent 8 }}
{{- end }}
{{- if .Values.replica.podSecurityContext.enabled }}
securityContext: {{- include "common.compatibility.renderSecurityContext" (dict "secContext" .Values.replica.podSecurityContext "context" $) | nindent 8 }}
securityContext: {{- omit .Values.replica.podSecurityContext "enabled" | toYaml | nindent 8 }}
{{- end }}
automountServiceAccountToken: {{ .Values.serviceAccount.automountServiceAccountToken }}
serviceAccountName: {{ template "redis.serviceAccountName" . }}
{{- if .Values.replica.priorityClassName }}
priorityClassName: {{ .Values.replica.priorityClassName | quote }}
@@ -114,7 +114,7 @@ spec:
{{- end }}
{{- end }}
{{- if .Values.replica.containerSecurityContext.enabled }}
securityContext: {{- include "common.compatibility.renderSecurityContext" (dict "secContext" .Values.replica.containerSecurityContext "context" $) | nindent 12 }}
securityContext: {{- omit .Values.replica.containerSecurityContext "enabled" | toYaml | nindent 12 }}
{{- end }}
{{- if .Values.diagnosticMode.enabled }}
command: {{- include "common.tplvalues.render" (dict "value" .Values.diagnosticMode.command "context" $) | nindent 12 }}
@@ -270,8 +270,6 @@ spec:
{{- end }}
{{- if .Values.replica.resources }}
resources: {{- toYaml .Values.replica.resources | nindent 12 }}
{{- else if ne .Values.replica.resourcesPreset "none" }}
resources: {{- include "common.resources.preset" (dict "type" .Values.replica.resourcesPreset) | nindent 12 }}
{{- end }}
volumeMounts:
- name: start-scripts
@@ -295,12 +293,10 @@ spec:
{{- end }}
- name: config
mountPath: /opt/bitnami/redis/mounted-etc
- name: empty-dir
- name: redis-tmp-conf
mountPath: /opt/bitnami/redis/etc
subPath: app-conf-dir
- name: empty-dir
- name: tmp
mountPath: /tmp
subPath: tmp-dir
{{- if .Values.tls.enabled }}
- name: redis-certificates
mountPath: /opt/bitnami/redis/certs
@@ -326,7 +322,7 @@ spec:
{{- end }}
{{- end }}
{{- if .Values.sentinel.containerSecurityContext.enabled }}
securityContext: {{- include "common.compatibility.renderSecurityContext" (dict "secContext" .Values.sentinel.containerSecurityContext "context" $) | nindent 12 }}
securityContext: {{- omit .Values.sentinel.containerSecurityContext "enabled" | toYaml | nindent 12 }}
{{- end }}
{{- if .Values.diagnosticMode.enabled }}
command: {{- include "common.tplvalues.render" (dict "value" .Values.diagnosticMode.command "context" $) | nindent 12 }}
@@ -453,21 +449,12 @@ spec:
{{- end }}
{{- if .Values.sentinel.resources }}
resources: {{- toYaml .Values.sentinel.resources | nindent 12 }}
{{- else if ne .Values.sentinel.resourcesPreset "none" }}
resources: {{- include "common.resources.preset" (dict "type" .Values.sentinel.resourcesPreset) | nindent 12 }}
{{- end }}
volumeMounts:
- name: empty-dir
mountPath: /tmp
subPath: tmp-dir
- name: start-scripts
mountPath: /opt/bitnami/scripts/start-scripts
- name: health
mountPath: /health
{{- if .Values.sentinel.service.createMaster}}
- name: kubectl-shared
mountPath: /etc/shared
{{- end }}
- name: sentinel-data
mountPath: /opt/bitnami/redis-sentinel/etc
{{- if .Values.auth.usePasswordFiles }}
@@ -496,7 +483,7 @@ spec:
image: {{ template "redis.metrics.image" . }}
imagePullPolicy: {{ .Values.metrics.image.pullPolicy | quote }}
{{- if .Values.metrics.containerSecurityContext.enabled }}
securityContext: {{- include "common.compatibility.renderSecurityContext" (dict "secContext" .Values.metrics.containerSecurityContext "context" $) | nindent 12 }}
securityContext: {{- omit .Values.metrics.containerSecurityContext "enabled" | toYaml | nindent 12 }}
{{- end }}
{{- if .Values.diagnosticMode.enabled }}
command: {{- include "common.tplvalues.render" (dict "value" .Values.diagnosticMode.command "context" $) | nindent 12 }}
@@ -516,8 +503,6 @@ spec:
env:
- name: REDIS_ALIAS
value: {{ template "common.names.fullname" . }}
- name: REDIS_EXPORTER_WEB_LISTEN_ADDRESS
value: {{ printf ":%v" .Values.metrics.containerPorts.http }}
{{- if .Values.auth.enabled }}
- name: REDIS_USER
value: default
@@ -546,7 +531,7 @@ spec:
{{- end }}
ports:
- name: metrics
containerPort: {{ .Values.metrics.containerPorts.http }}
containerPort: 9121
{{- if not .Values.diagnosticMode.enabled }}
{{- if .Values.metrics.customStartupProbe }}
startupProbe: {{- include "common.tplvalues.render" (dict "value" .Values.metrics.customStartupProbe "context" $) | nindent 12 }}
@@ -573,13 +558,8 @@ spec:
{{- end }}
{{- if .Values.metrics.resources }}
resources: {{- toYaml .Values.metrics.resources | nindent 12 }}
{{- else if ne .Values.metrics.resourcesPreset "none" }}
resources: {{- include "common.resources.preset" (dict "type" .Values.metrics.resourcesPreset) | nindent 12 }}
{{- end }}
volumeMounts:
- name: empty-dir
mountPath: /tmp
subPath: tmp-dir
{{- if .Values.auth.usePasswordFiles }}
- name: redis-password
mountPath: /secrets/
@@ -593,22 +573,6 @@ spec:
{{- include "common.tplvalues.render" ( dict "value" .Values.metrics.extraVolumeMounts "context" $ ) | nindent 12 }}
{{- end }}
{{- end }}
{{- if .Values.sentinel.service.createMaster }}
- name: kubectl-shared
image: {{ template "redis.kubectl.image" . }}
imagePullPolicy: {{ .Values.kubectl.image.pullPolicy | quote }}
command: {{- toYaml .Values.kubectl.command | nindent 12 }}
securityContext:
runAsUser: 0
volumeMounts:
- name: kubectl-shared
mountPath: /etc/shared
- name: kubectl-scripts
mountPath: /opt/bitnami/scripts/kubectl-scripts
{{- if .Values.kubectl.resources }}
resources: {{- toYaml .Values.kubectl.resources | nindent 12 }}
{{- end }}
{{- end }}
{{- if .Values.replica.sidecars }}
{{- include "common.tplvalues.render" (dict "value" .Values.replica.sidecars "context" $) | nindent 8 }}
{{- end }}
@@ -638,13 +602,8 @@ spec:
{{- end }}
{{- if .Values.volumePermissions.resources }}
resources: {{- toYaml .Values.volumePermissions.resources | nindent 12 }}
{{- else if ne .Values.volumePermissions.resourcesPreset "none" }}
resources: {{- include "common.resources.preset" (dict "type" .Values.volumePermissions.resourcesPreset) | nindent 12 }}
{{- end }}
volumeMounts:
- name: empty-dir
mountPath: /tmp
subPath: tmp-dir
- name: redis-data
mountPath: {{ .Values.replica.persistence.path }}
{{- if .Values.replica.persistence.subPath }}
@@ -665,14 +624,9 @@ spec:
{{- end }}
{{- if .Values.sysctl.resources }}
resources: {{- toYaml .Values.sysctl.resources | nindent 12 }}
{{- else if ne .Values.sysctl.resourcesPreset "none" }}
resources: {{- include "common.resources.preset" (dict "type" .Values.sysctl.resourcesPreset) | nindent 12 }}
{{- end }}
{{- if .Values.sysctl.mountHostSys }}
volumeMounts:
- name: empty-dir
mountPath: /tmp
subPath: tmp-dir
- name: host-sys
mountPath: /host-sys
{{- end }}
@@ -687,25 +641,13 @@ spec:
configMap:
name: {{ printf "%s-health" (include "common.names.fullname" .) }}
defaultMode: 0755
{{- if .Values.sentinel.service.createMaster}}
- name: kubectl-shared
emptyDir: {}
- name: kubectl-scripts
configMap:
name: {{ printf "%s-kubectl-scripts" (include "common.names.fullname" .) }}
defaultMode: 0755
{{- end }}
{{- if .Values.auth.usePasswordFiles }}
- name: redis-password
{{ if .Values.auth.usePasswordFileFromSecret }}
secret:
secretName: {{ template "redis.secretName" . }}
items:
- key: {{ template "redis.secretPasswordKey" . }}
path: redis-password
{{- else }}
emptyDir: {}
{{- end }}
{{- end }}
- name: config
configMap:
@@ -729,7 +671,19 @@ spec:
emptyDir: {}
{{- end }}
{{- end }}
- name: empty-dir
- name: redis-tmp-conf
{{- if or .Values.sentinel.persistence.medium .Values.sentinel.persistence.sizeLimit }}
emptyDir:
{{- if .Values.sentinel.persistence.medium }}
medium: {{ .Values.sentinel.persistence.medium | quote }}
{{- end }}
{{- if .Values.sentinel.persistence.sizeLimit }}
sizeLimit: {{ .Values.sentinel.persistence.sizeLimit | quote }}
{{- end }}
{{- else }}
emptyDir: {}
{{- end }}
- name: tmp
{{- if or .Values.sentinel.persistence.medium .Values.sentinel.persistence.sizeLimit }}
emptyDir:
{{- if .Values.sentinel.persistence.medium }}

4
packages/system/dashboard/charts/kubeapps/charts/redis/templates/serviceaccount.yaml
View File

@@ -3,13 +3,13 @@ Copyright VMware, Inc.
SPDX-License-Identifier: APACHE-2.0
*/}}
{{- if and .Values.serviceAccount.create .Values.sentinel.enabled }}
{{- if and .Values.serviceAccount.create (and (not .Values.master.serviceAccount.create) (not .Values.replica.serviceAccount.create)) }}
apiVersion: v1
kind: ServiceAccount
automountServiceAccountToken: {{ .Values.serviceAccount.automountServiceAccountToken }}
metadata:
name: {{ template "redis.serviceAccountName" . }}
namespace: {{ include "common.names.namespace" . | quote }}
namespace: {{ .Release.Namespace | quote }}
labels: {{- include "common.labels.standard" ( dict "customLabels" .Values.commonLabels "context" $ ) | nindent 4 }}
{{- if or .Values.commonAnnotations .Values.serviceAccount.annotations }}
{{- $annotations := include "common.tplvalues.merge" ( dict "values" ( list .Values.serviceAccount.annotations .Values.commonAnnotations ) "context" . ) }}

40
packages/system/dashboard/charts/kubeapps/charts/redis/templates/servicemonitor.yaml
View File

@@ -8,7 +8,7 @@ apiVersion: monitoring.coreos.com/v1
kind: ServiceMonitor
metadata:
name: {{ template "common.names.fullname" . }}
namespace: {{ default (include "common.names.namespace" .) .Values.metrics.serviceMonitor.namespace | quote }}
namespace: {{ default .Release.Namespace .Values.metrics.serviceMonitor.namespace | quote }}
labels: {{- include "common.labels.standard" ( dict "customLabels" .Values.commonLabels "context" $ ) | nindent 4 }}
{{- if .Values.metrics.serviceMonitor.additionalLabels }}
{{- include "common.tplvalues.render" (dict "value" .Values.metrics.serviceMonitor.additionalLabels "context" $) | nindent 4 }}
@@ -18,7 +18,7 @@ metadata:
{{- end }}
spec:
endpoints:
- port: {{ .Values.metrics.serviceMonitor.port }}
- port: http-metrics
{{- if .Values.metrics.serviceMonitor.interval }}
interval: {{ .Values.metrics.serviceMonitor.interval }}
{{- end }}
@@ -34,48 +34,18 @@ spec:
{{- if .Values.metrics.serviceMonitor.metricRelabelings }}
metricRelabelings: {{- toYaml .Values.metrics.serviceMonitor.metricRelabelings | nindent 6 }}
{{- end }}
{{- range .Values.metrics.serviceMonitor.additionalEndpoints }}
- port: {{ .port }}
{{- if .interval }}
interval: {{ .interval }}
{{- end }}
{{- if .scrapeTimeout }}
scrapeTimeout: {{ .scrapeTimeout }}
{{- end }}
{{- if .honorLabels }}
honorLabels: {{ .honorLabels }}
{{- end }}
{{- if .relabellings }}
relabelings: {{- toYaml .relabellings | nindent 6 }}
{{- end }}
{{- if .metricRelabelings }}
metricRelabelings: {{- toYaml .metricRelabelings | nindent 6 }}
{{- end }}
{{- if .path }}
path: {{ .path }}
{{- end }}
{{- if .params }}
params:
{{- range $key, $value := .params }}
{{ $key }}:
{{- range $value }}
- {{ . | quote }}
{{- end }}
{{- end }}
{{- end }}
{{- end }}
{{- if .Values.metrics.serviceMonitor.podTargetLabels }}
podTargetLabels: {{- toYaml .Values.metrics.serviceMonitor.podTargetLabels | nindent 4 }}
{{- end }}
{{- with .Values.metrics.serviceMonitor.sampleLimit }}
{{ with .Values.metrics.serviceMonitor.sampleLimit }}
sampleLimit: {{ . }}
{{- end }}
{{- with .Values.metrics.serviceMonitor.targetLimit }}
{{ with .Values.metrics.serviceMonitor.targetLimit }}
targetLimit: {{ . }}
{{- end }}
namespaceSelector:
matchNames:
- {{ include "common.names.namespace" . | quote }}
- {{ .Release.Namespace }}
selector:
matchLabels: {{- include "common.labels.matchLabels" ( dict "customLabels" .Values.commonLabels "context" $ ) | nindent 6 }}
app.kubernetes.io/component: metrics

4
packages/system/dashboard/charts/kubeapps/charts/redis/templates/tls-secret.yaml
View File

@@ -6,7 +6,7 @@ SPDX-License-Identifier: APACHE-2.0
{{- if (include "redis.createTlsSecret" .) }}
{{- $secretName := printf "%s-crt" (include "common.names.fullname" .) }}
{{- $ca := genCA "redis-ca" 365 }}
{{- $releaseNamespace := (include "common.names.namespace" .) }}
{{- $releaseNamespace := .Release.Namespace }}
{{- $clusterDomain := .Values.clusterDomain }}
{{- $fullname := include "common.names.fullname" . }}
{{- $serviceName := include "common.names.fullname" . }}
@@ -18,7 +18,7 @@ apiVersion: v1
kind: Secret
metadata:
name: {{ $secretName }}
namespace: {{ include "common.names.namespace" . | quote }}
namespace: {{ .Release.Namespace | quote }}
labels: {{- include "common.labels.standard" ( dict "customLabels" .Values.commonLabels "context" $ ) | nindent 4 }}
{{- if .Values.commonAnnotations }}
annotations: {{- include "common.tplvalues.render" ( dict "value" .Values.commonAnnotations "context" $ ) | nindent 4 }}

363
packages/system/dashboard/charts/kubeapps/charts/redis/values.yaml
View File

@@ -22,15 +22,7 @@ global:
storageClass: ""
redis:
password: ""
## Compatibility adaptations for Kubernetes platforms
##
compatibility:
## Compatibility adaptations for Openshift
##
openshift:
## @param global.compatibility.openshift.adaptSecurityContext Adapt the securityContext sections of the deployment to make them compatible with Openshift restricted-v2 SCC: remove runAsUser, runAsGroup and fsGroup and let the platform use their allowed default IDs. Possible values: auto (apply if the detected running cluster is Openshift), force (perform the adaptation always), disabled (do not perform adaptation)
##
adaptSecurityContext: disabled
## @section Common parameters
##
@@ -43,9 +35,6 @@ nameOverride: ""
## @param fullnameOverride String to fully override common.names.fullname
##
fullnameOverride: ""
## @param namespaceOverride String to fully override common.names.namespace
##
namespaceOverride: ""
## @param commonLabels Labels to add to all deployed objects
##
commonLabels: {}
@@ -70,6 +59,7 @@ nameResolutionThreshold: 5
## @param nameResolutionTimeout Timeout seconds between probes for internal hostnames resolution
##
nameResolutionTimeout: 5
## Enable diagnostic mode in the deployment
##
diagnosticMode:
@@ -84,6 +74,7 @@ diagnosticMode:
##
args:
- infinity
## @section Redis&reg; Image parameters
##
@@ -100,11 +91,11 @@ diagnosticMode:
image:
registry: docker.io
repository: bitnami/redis
tag: 7.2.4-debian-12-r9
tag: 7.2.3-debian-11-r1
digest: ""
## Specify a imagePullPolicy
## Defaults to 'Always' if image tag is 'latest', else set to 'IfNotPresent'
## ref: https://kubernetes.io/docs/concepts/containers/images/#pre-pulled-images
## ref: https://kubernetes.io/docs/user-guide/images/#pre-pulling-images
##
pullPolicy: IfNotPresent
## Optionally specify an array of imagePullSecrets.
@@ -118,6 +109,7 @@ image:
## Enable debug mode
##
debug: false
## @section Redis&reg; common configuration parameters
## https://github.com/bitnami/containers/tree/main/bitnami/redis#configuration
##
@@ -150,9 +142,7 @@ auth:
## @param auth.usePasswordFiles Mount credentials as files instead of using an environment variable
##
usePasswordFiles: false
## @param auth.usePasswordFileFromSecret Mount password file from secret
##
usePasswordFileFromSecret: true
## @param commonConfiguration [string] Common configuration to be added into the ConfigMap
## ref: https://redis.io/topics/config
##
@@ -164,8 +154,10 @@ commonConfiguration: |-
## @param existingConfigmap The name of an existing ConfigMap with your custom configuration for Redis&reg; nodes
##
existingConfigmap: ""
## @section Redis&reg; master configuration parameters
##
master:
## @param master.count Number of Redis&reg; master instances to deploy (experimental, requires additional configuration)
##
@@ -271,60 +263,42 @@ master:
##
customReadinessProbe: {}
## Redis&reg; master resource requests and limits
## ref: https://kubernetes.io/docs/concepts/configuration/manage-compute-resources-container/
## @param master.resourcesPreset Set container resources according to one common preset (allowed values: none, nano, small, medium, large, xlarge, 2xlarge). This is ignored if master.resources is set (master.resources is recommended for production).
## More information: https://github.com/bitnami/charts/blob/main/bitnami/common/templates/_resources.tpl#L15
## ref: https://kubernetes.io/docs/user-guide/compute-resources/
## @param master.resources.limits The resources limits for the Redis&reg; master containers
## @param master.resources.requests The requested resources for the Redis&reg; master containers
##
resourcesPreset: "none"
## @param master.resources Set container requests and limits for different resources like CPU or memory (essential for production workloads)
## Example:
## resources:
## requests:
## cpu: 2
## memory: 512Mi
## limits:
## cpu: 3
## memory: 1024Mi
##
resources: {}
resources:
limits: {}
requests: {}
## Configure Pods Security Context
## ref: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/#set-the-security-context-for-a-pod
## @param master.podSecurityContext.enabled Enabled Redis&reg; master pods' Security Context
## @param master.podSecurityContext.fsGroupChangePolicy Set filesystem group change policy
## @param master.podSecurityContext.sysctls Set kernel settings using the sysctl interface
## @param master.podSecurityContext.supplementalGroups Set filesystem extra groups
## @param master.podSecurityContext.fsGroup Set Redis&reg; master pod's Security Context fsGroup
##
podSecurityContext:
enabled: true
fsGroupChangePolicy: Always
sysctls: []
supplementalGroups: []
fsGroup: 1001
## Configure Container Security Context
## ref: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/#set-the-security-context-for-a-pod
## @param master.containerSecurityContext.enabled Enabled Redis&reg; master containers' Security Context
## @param master.containerSecurityContext.seLinuxOptions [object,nullable] Set SELinux options in container
## @param master.containerSecurityContext.runAsUser Set Redis&reg; master containers' Security Context runAsUser
## @param master.containerSecurityContext.runAsGroup Set Redis&reg; master containers' Security Context runAsGroup
## @param master.containerSecurityContext.runAsNonRoot Set Redis&reg; master containers' Security Context runAsNonRoot
## @param master.containerSecurityContext.allowPrivilegeEscalation Is it possible to escalate Redis&reg; pod(s) privileges
## @param master.containerSecurityContext.readOnlyRootFilesystem Set container's Security Context read-only root filesystem
## @param master.containerSecurityContext.seccompProfile.type Set Redis&reg; master containers' Security Context seccompProfile
## @param master.containerSecurityContext.capabilities.drop Set Redis&reg; master containers' Security Context capabilities to drop
##
containerSecurityContext:
enabled: true
seLinuxOptions: null
runAsUser: 1001
runAsGroup: 0
runAsNonRoot: true
allowPrivilegeEscalation: false
readOnlyRootFilesystem: false
seccompProfile:
type: RuntimeDefault
capabilities:
drop: ["ALL"]
drop:
- ALL
## @param master.kind Use either Deployment, StatefulSet (default) or DaemonSet
## ref: https://kubernetes.io/docs/concepts/workloads/controllers/statefulset/
##
@@ -348,9 +322,6 @@ master:
## @param master.priorityClassName Redis&reg; master pods' priorityClassName
##
priorityClassName: ""
## @param master.automountServiceAccountToken Mount Service Account token in pod
##
automountServiceAccountToken: false
## @param master.hostAliases Redis&reg; master pods host aliases
## https://kubernetes.io/docs/concepts/services-networking/add-entries-to-pod-etc-hosts-with-host-aliases/
##
@@ -398,7 +369,7 @@ master:
##
affinity: {}
## @param master.nodeSelector Node labels for Redis&reg; master pods assignment
## ref: https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/
## ref: https://kubernetes.io/docs/user-guide/node-selection/
##
nodeSelector: {}
## @param master.tolerations Tolerations for Redis&reg; master pods assignment
@@ -461,7 +432,7 @@ master:
##
initContainers: []
## Persistence parameters
## ref: https://kubernetes.io/docs/concepts/storage/persistent-volumes/
## ref: https://kubernetes.io/docs/user-guide/persistent-volumes/
##
persistence:
## @param master.persistence.enabled Enable persistence on Redis&reg; master nodes using Persistent Volume Claims
@@ -561,10 +532,6 @@ master:
## ref: https://kubernetes.io/docs/concepts/services-networking/service/#internal-load-balancer
##
loadBalancerIP: ""
## @param master.service.loadBalancerClass master service Load Balancer class if service type is `LoadBalancer` (optional, cloud specific)
## ref: https://kubernetes.io/docs/concepts/services-networking/service/#type-loadbalancer
##
loadBalancerClass: ""
## @param master.service.loadBalancerSourceRanges Redis&reg; master service Load Balancer sources
## https://kubernetes.io/docs/tasks/access-application-cluster/configure-cloud-provider-firewall/#restrict-access-for-loadbalancer-service
## e.g.
@@ -602,7 +569,7 @@ master:
serviceAccount:
## @param master.serviceAccount.create Specifies whether a ServiceAccount should be created
##
create: true
create: false
## @param master.serviceAccount.name The name of the ServiceAccount to use.
## If not set and create is true, a name is generated using the common.names.fullname template
##
@@ -610,12 +577,14 @@ master:
## @param master.serviceAccount.automountServiceAccountToken Whether to auto mount the service account token
## ref: https://kubernetes.io/docs/tasks/configure-pod-container/configure-service-account/#use-the-default-service-account-to-access-the-api-server
##
automountServiceAccountToken: false
automountServiceAccountToken: true
## @param master.serviceAccount.annotations Additional custom annotations for the ServiceAccount
##
annotations: {}
## @section Redis&reg; replicas configuration parameters
##
replica:
## @param replica.kind Use either DaemonSet or StatefulSet (default)
## ref: https://kubernetes.io/docs/concepts/workloads/controllers/statefulset/
@@ -733,60 +702,50 @@ replica:
##
customReadinessProbe: {}
## Redis&reg; replicas resource requests and limits
## ref: https://kubernetes.io/docs/concepts/configuration/manage-compute-resources-container/
## @param replica.resourcesPreset Set container resources according to one common preset (allowed values: none, nano, small, medium, large, xlarge, 2xlarge). This is ignored if replica.resources is set (replica.resources is recommended for production).
## More information: https://github.com/bitnami/charts/blob/main/bitnami/common/templates/_resources.tpl#L15
## ref: https://kubernetes.io/docs/user-guide/compute-resources/
## @param replica.resources.limits The resources limits for the Redis&reg; replicas containers
## @param replica.resources.requests The requested resources for the Redis&reg; replicas containers
##
resourcesPreset: "none"
## @param replica.resources Set container requests and limits for different resources like CPU or memory (essential for production workloads)
## Example:
## resources:
## requests:
## cpu: 2
## memory: 512Mi
## limits:
## cpu: 3
## memory: 1024Mi
##
resources: {}
resources:
# We usually recommend not to specify default resources and to leave this as a conscious
# choice for the user. This also increases chances charts run on environments with little
# resources, such as Minikube. If you do want to specify resources, uncomment the following
# lines, adjust them as necessary, and remove the curly braces after 'resources:'.
limits: {}
# cpu: 250m
# memory: 256Mi
requests: {}
# cpu: 250m
# memory: 256Mi
## Configure Pods Security Context
## ref: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/#set-the-security-context-for-a-pod
## @param replica.podSecurityContext.enabled Enabled Redis&reg; replicas pods' Security Context
## @param replica.podSecurityContext.fsGroupChangePolicy Set filesystem group change policy
## @param replica.podSecurityContext.sysctls Set kernel settings using the sysctl interface
## @param replica.podSecurityContext.supplementalGroups Set filesystem extra groups
## @param replica.podSecurityContext.fsGroup Set Redis&reg; replicas pod's Security Context fsGroup
##
podSecurityContext:
enabled: true
fsGroupChangePolicy: Always
sysctls: []
supplementalGroups: []
fsGroup: 1001
## Configure Container Security Context
## ref: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/#set-the-security-context-for-a-pod
## @param replica.containerSecurityContext.enabled Enabled Redis&reg; replicas containers' Security Context
## @param replica.containerSecurityContext.seLinuxOptions [object,nullable] Set SELinux options in container
## @param replica.containerSecurityContext.runAsUser Set Redis&reg; replicas containers' Security Context runAsUser
## @param replica.containerSecurityContext.runAsGroup Set Redis&reg; replicas containers' Security Context runAsGroup
## @param replica.containerSecurityContext.runAsNonRoot Set Redis&reg; replicas containers' Security Context runAsNonRoot
## @param replica.containerSecurityContext.allowPrivilegeEscalation Set Redis&reg; replicas pod's Security Context allowPrivilegeEscalation
## @param replica.containerSecurityContext.readOnlyRootFilesystem Set container's Security Context read-only root filesystem
## @param replica.containerSecurityContext.seccompProfile.type Set Redis&reg; replicas containers' Security Context seccompProfile
## @param replica.containerSecurityContext.capabilities.drop Set Redis&reg; replicas containers' Security Context capabilities to drop
##
containerSecurityContext:
enabled: true
seLinuxOptions: null
runAsUser: 1001
runAsGroup: 0
runAsNonRoot: true
allowPrivilegeEscalation: false
readOnlyRootFilesystem: false
seccompProfile:
type: RuntimeDefault
capabilities:
drop: ["ALL"]
drop:
- ALL
## @param replica.schedulerName Alternate scheduler for Redis&reg; replicas pods
## ref: https://kubernetes.io/docs/tasks/administer-cluster/configure-multiple-schedulers/
##
@@ -810,9 +769,6 @@ replica:
## ref: https://kubernetes.io/docs/concepts/workloads/controllers/statefulset/#pod-management-policies
##
podManagementPolicy: ""
## @param replica.automountServiceAccountToken Mount Service Account token in pod
##
automountServiceAccountToken: false
## @param replica.hostAliases Redis&reg; replicas pods host aliases
## https://kubernetes.io/docs/concepts/services-networking/add-entries-to-pod-etc-hosts-with-host-aliases/
##
@@ -860,7 +816,7 @@ replica:
##
affinity: {}
## @param replica.nodeSelector Node labels for Redis&reg; replicas pods assignment
## ref: https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/
## ref: https://kubernetes.io/docs/user-guide/node-selection/
##
nodeSelector: {}
## @param replica.tolerations Tolerations for Redis&reg; replicas pods assignment
@@ -923,7 +879,7 @@ replica:
##
initContainers: []
## Persistence Parameters
## ref: https://kubernetes.io/docs/concepts/storage/persistent-volumes/
## ref: https://kubernetes.io/docs/user-guide/persistent-volumes/
##
persistence:
## @param replica.persistence.enabled Enable persistence on Redis&reg; replicas nodes using Persistent Volume Claims
@@ -1023,10 +979,6 @@ replica:
## ref: https://kubernetes.io/docs/concepts/services-networking/service/#internal-load-balancer
##
loadBalancerIP: ""
## @param replica.service.loadBalancerClass replicas service Load Balancer class if service type is `LoadBalancer` (optional, cloud specific)
## ref: https://kubernetes.io/docs/concepts/services-networking/service/#type-loadbalancer
##
loadBalancerClass: ""
## @param replica.service.loadBalancerSourceRanges Redis&reg; replicas service Load Balancer sources
## https://kubernetes.io/docs/tasks/access-application-cluster/configure-cloud-provider-firewall/#restrict-access-for-loadbalancer-service
## e.g.
@@ -1074,7 +1026,7 @@ replica:
serviceAccount:
## @param replica.serviceAccount.create Specifies whether a ServiceAccount should be created
##
create: true
create: false
## @param replica.serviceAccount.name The name of the ServiceAccount to use.
## If not set and create is true, a name is generated using the common.names.fullname template
##
@@ -1082,7 +1034,7 @@ replica:
## @param replica.serviceAccount.automountServiceAccountToken Whether to auto mount the service account token
## ref: https://kubernetes.io/docs/tasks/configure-pod-container/configure-service-account/#use-the-default-service-account-to-access-the-api-server
##
automountServiceAccountToken: false
automountServiceAccountToken: true
## @param replica.serviceAccount.annotations Additional custom annotations for the ServiceAccount
##
annotations: {}
@@ -1108,11 +1060,11 @@ sentinel:
image:
registry: docker.io
repository: bitnami/redis-sentinel
tag: 7.2.4-debian-12-r7
tag: 7.2.3-debian-11-r1
digest: ""
## Specify a imagePullPolicy
## Defaults to 'Always' if image tag is 'latest', else set to 'IfNotPresent'
## ref: https://kubernetes.io/docs/concepts/containers/images/#pre-pulled-images
## ref: https://kubernetes.io/docs/user-guide/images/#pre-pulling-images
##
pullPolicy: IfNotPresent
## Optionally specify an array of imagePullSecrets.
@@ -1250,7 +1202,7 @@ sentinel:
##
customReadinessProbe: {}
## Persistence parameters
## ref: https://kubernetes.io/docs/concepts/storage/persistent-volumes/
## ref: https://kubernetes.io/docs/user-guide/persistent-volumes/
##
persistence:
## @param sentinel.persistence.enabled Enable persistence on Redis&reg; sentinel nodes using Persistent Volume Claims (Experimental)
@@ -1302,46 +1254,34 @@ sentinel:
whenScaled: Retain
whenDeleted: Retain
## Redis&reg; Sentinel resource requests and limits
## ref: https://kubernetes.io/docs/concepts/configuration/manage-compute-resources-container/
## @param sentinel.resourcesPreset Set container resources according to one common preset (allowed values: none, nano, small, medium, large, xlarge, 2xlarge). This is ignored if sentinel.resources is set (sentinel.resources is recommended for production).
## More information: https://github.com/bitnami/charts/blob/main/bitnami/common/templates/_resources.tpl#L15
## ref: https://kubernetes.io/docs/user-guide/compute-resources/
## @param sentinel.resources.limits The resources limits for the Redis&reg; Sentinel containers
## @param sentinel.resources.requests The requested resources for the Redis&reg; Sentinel containers
##
resourcesPreset: "none"
## @param sentinel.resources Set container requests and limits for different resources like CPU or memory (essential for production workloads)
## Example:
## resources:
## requests:
## cpu: 2
## memory: 512Mi
## limits:
## cpu: 3
## memory: 1024Mi
##
resources: {}
resources:
limits: {}
requests: {}
## Configure Container Security Context
## ref: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/#set-the-security-context-for-a-pod
## @param sentinel.containerSecurityContext.enabled Enabled Redis&reg; Sentinel containers' Security Context
## @param sentinel.containerSecurityContext.seLinuxOptions [object,nullable] Set SELinux options in container
## @param sentinel.containerSecurityContext.runAsUser Set Redis&reg; Sentinel containers' Security Context runAsUser
## @param sentinel.containerSecurityContext.runAsGroup Set Redis&reg; Sentinel containers' Security Context runAsGroup
## @param sentinel.containerSecurityContext.runAsNonRoot Set Redis&reg; Sentinel containers' Security Context runAsNonRoot
## @param sentinel.containerSecurityContext.readOnlyRootFilesystem Set container's Security Context read-only root filesystem
## @param sentinel.containerSecurityContext.allowPrivilegeEscalation Set Redis&reg; Sentinel containers' Security Context allowPrivilegeEscalation
## @param sentinel.containerSecurityContext.seccompProfile.type Set Redis&reg; Sentinel containers' Security Context seccompProfile
## @param sentinel.containerSecurityContext.capabilities.drop Set Redis&reg; Sentinel containers' Security Context capabilities to drop
##
containerSecurityContext:
enabled: true
seLinuxOptions: null
runAsUser: 1001
runAsGroup: 0
runAsNonRoot: true
allowPrivilegeEscalation: false
readOnlyRootFilesystem: false
seccompProfile:
type: RuntimeDefault
capabilities:
drop: ["ALL"]
drop:
- ALL
## @param sentinel.lifecycleHooks for the Redis&reg; sentinel container(s) to automate configuration before or after startup
##
lifecycleHooks: {}
@@ -1383,20 +1323,10 @@ sentinel:
## @param sentinel.service.clusterIP Redis&reg; Sentinel service Cluster IP
##
clusterIP: ""
## @param sentinel.service.createMaster Enable master service pointing to the current master (experimental)
## NOTE: rbac.create need to be set to true
##
createMaster: false
## @param sentinel.service.loadBalancerIP Redis&reg; Sentinel service Load Balancer IP
## ref: https://kubernetes.io/docs/concepts/services-networking/service/#internal-load-balancer
##
loadBalancerIP: ""
## @param sentinel.service.loadBalancerClass sentinel service Load Balancer class if service type is `LoadBalancer` (optional, cloud specific)
## ref: https://kubernetes.io/docs/concepts/services-networking/service/#type-loadbalancer
##
loadBalancerClass: ""
## @param sentinel.service.loadBalancerSourceRanges Redis&reg; Sentinel service Load Balancer sources
## https://kubernetes.io/docs/tasks/access-application-cluster/configure-cloud-provider-firewall/#restrict-access-for-loadbalancer-service
## e.g.
@@ -1427,6 +1357,7 @@ sentinel:
## @param sentinel.terminationGracePeriodSeconds Integer setting the termination grace period for the redis-node pods
##
terminationGracePeriodSeconds: 30
## @section Other Parameters
##
@@ -1435,22 +1366,20 @@ sentinel:
##
serviceBindings:
enabled: false
## Network Policy configuration
## ref: https://kubernetes.io/docs/concepts/services-networking/network-policies/
##
networkPolicy:
## @param networkPolicy.enabled Enable creation of NetworkPolicy resources
##
enabled: true
enabled: false
## @param networkPolicy.allowExternal Don't require client label for connections
## When set to false, only pods with the correct client label will have network access to the ports
## Redis&reg; is listening on. When true, Redis&reg; will accept connections from any source
## (with the correct destination port).
##
allowExternal: true
## @param networkPolicy.allowExternalEgress Allow the pod to access any range of port and all destinations.
##
allowExternalEgress: true
## @param networkPolicy.extraIngress Add extra ingress rules to the NetworkPolicy
## e.g:
## extraIngress:
@@ -1490,6 +1419,7 @@ networkPolicy:
##
ingressNSMatchLabels: {}
ingressNSPodMatchLabels: {}
metrics:
## @param networkPolicy.metrics.allowExternal Don't require client label for connections for metrics endpoint
## When set to false, only pods with the correct client label will have network access to the metrics port
@@ -1500,6 +1430,7 @@ networkPolicy:
##
ingressNSMatchLabels: {}
ingressNSPodMatchLabels: {}
## PodSecurityPolicy configuration
## ref: https://kubernetes.io/docs/concepts/policy/pod-security-policy/
##
@@ -1541,7 +1472,7 @@ serviceAccount:
## @param serviceAccount.automountServiceAccountToken Whether to auto mount the service account token
## ref: https://kubernetes.io/docs/tasks/configure-pod-container/configure-service-account/#use-the-default-service-account-to-access-the-api-server
##
automountServiceAccountToken: false
automountServiceAccountToken: true
## @param serviceAccount.annotations Additional custom annotations for the ServiceAccount
##
annotations: {}
@@ -1588,8 +1519,10 @@ tls:
## @param tls.dhParamsFilename File containing DH params (in order to support DH based ciphers)
##
dhParamsFilename: ""
## @section Metrics Parameters
##
metrics:
## @param metrics.enabled Start a sidecar prometheus exporter to expose Redis&reg; metrics
##
@@ -1606,7 +1539,7 @@ metrics:
image:
registry: docker.io
repository: bitnami/redis-exporter
tag: 1.58.0-debian-12-r4
tag: 1.55.0-debian-11-r2
digest: ""
pullPolicy: IfNotPresent
## Optionally specify an array of imagePullSecrets.
@@ -1617,10 +1550,6 @@ metrics:
## - myRegistryKeySecretName
##
pullSecrets: []
## @param metrics.containerPorts.http Metrics HTTP container port
##
containerPorts:
http: 9121
## Configure extra options for Redis&reg; containers' liveness, readiness & startup probes
## ref: https://kubernetes.io/docs/tasks/configure-pod-container/configure-liveness-readiness-startup-probes/
## @param metrics.startupProbe.enabled Enable startupProbe on Redis&reg; replicas nodes
@@ -1697,27 +1626,24 @@ metrics:
## Configure Container Security Context
## ref: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/#set-the-security-context-for-a-pod
## @param metrics.containerSecurityContext.enabled Enabled Redis&reg; exporter containers' Security Context
## @param metrics.containerSecurityContext.seLinuxOptions [object,nullable] Set SELinux options in container
## @param metrics.containerSecurityContext.runAsUser Set Redis&reg; exporter containers' Security Context runAsUser
## @param metrics.containerSecurityContext.runAsGroup Set Redis&reg; exporter containers' Security Context runAsGroup
## @param metrics.containerSecurityContext.runAsNonRoot Set Redis&reg; exporter containers' Security Context runAsNonRoot
## @param metrics.containerSecurityContext.allowPrivilegeEscalation Set Redis&reg; exporter containers' Security Context allowPrivilegeEscalation
## @param metrics.containerSecurityContext.readOnlyRootFilesystem Set container's Security Context read-only root filesystem
## @param metrics.containerSecurityContext.seccompProfile.type Set Redis&reg; exporter containers' Security Context seccompProfile
## @param metrics.containerSecurityContext.capabilities.drop Set Redis&reg; exporter containers' Security Context capabilities to drop
##
containerSecurityContext:
enabled: true
seLinuxOptions: null
runAsUser: 1001
runAsGroup: 0
runAsNonRoot: true
allowPrivilegeEscalation: false
readOnlyRootFilesystem: false
seccompProfile:
type: RuntimeDefault
capabilities:
drop: ["ALL"]
drop:
- ALL
## @param metrics.extraVolumes Optionally specify extra list of additional volumes for the Redis&reg; metrics sidecar
##
extraVolumes: []
@@ -1725,22 +1651,13 @@ metrics:
##
extraVolumeMounts: []
## Redis&reg; exporter resource requests and limits
## ref: https://kubernetes.io/docs/concepts/configuration/manage-compute-resources-container/
## @param metrics.resourcesPreset Set container resources according to one common preset (allowed values: none, nano, small, medium, large, xlarge, 2xlarge). This is ignored if metrics.resources is set (metrics.resources is recommended for production).
## More information: https://github.com/bitnami/charts/blob/main/bitnami/common/templates/_resources.tpl#L15
## ref: https://kubernetes.io/docs/user-guide/compute-resources/
## @param metrics.resources.limits The resources limits for the Redis&reg; exporter container
## @param metrics.resources.requests The requested resources for the Redis&reg; exporter container
##
resourcesPreset: "none"
## @param metrics.resources Set container requests and limits for different resources like CPU or memory (essential for production workloads)
## Example:
## resources:
## requests:
## cpu: 2
## memory: 512Mi
## limits:
## cpu: 3
## memory: 1024Mi
##
resources: {}
resources:
limits: {}
requests: {}
## @param metrics.podLabels Extra labels for Redis&reg; exporter pods
## ref: https://kubernetes.io/docs/concepts/overview/working-with-objects/labels/
##
@@ -1754,16 +1671,12 @@ metrics:
## Redis&reg; exporter service parameters
##
service:
## @param metrics.service.enabled Create Service resource(s) for scraping metrics using PrometheusOperator ServiceMonitor, can be disabled when using a PodMonitor
##
enabled: true
## @param metrics.service.type Redis&reg; exporter service type
##
type: ClusterIP
## @param metrics.service.ports.http Redis&reg; exporter service port
## @param metrics.service.port Redis&reg; exporter service port
##
ports:
http: 9121
port: 9121
## @param metrics.service.externalTrafficPolicy Redis&reg; exporter service external traffic policy
## ref: https://kubernetes.io/docs/tasks/access-application-cluster/create-external-load-balancer/#preserving-the-client-source-ip
##
@@ -1775,10 +1688,6 @@ metrics:
## ref: https://kubernetes.io/docs/concepts/services-networking/service/#internal-load-balancer
##
loadBalancerIP: ""
## @param metrics.service.loadBalancerClass exporter service Load Balancer class if service type is `LoadBalancer` (optional, cloud specific)
## ref: https://kubernetes.io/docs/concepts/services-networking/service/#type-loadbalancer
##
loadBalancerClass: ""
## @param metrics.service.loadBalancerSourceRanges Redis&reg; exporter service Load Balancer sources
## https://kubernetes.io/docs/tasks/access-application-cluster/configure-cloud-provider-firewall/#restrict-access-for-loadbalancer-service
## e.g.
@@ -1797,9 +1706,6 @@ metrics:
## https://github.com/coreos/prometheus-operator/blob/master/Documentation/api.md#endpoint
##
serviceMonitor:
## @param metrics.serviceMonitor.port the service port to scrape metrics from
##
port: http-metrics
## @param metrics.serviceMonitor.enabled Create ServiceMonitor resource(s) for scraping metrics using PrometheusOperator
##
enabled: false
@@ -1833,27 +1739,11 @@ metrics:
## @param metrics.serviceMonitor.targetLimit Limit of how many targets should be scraped
##
targetLimit: false
## @param metrics.serviceMonitor.additionalEndpoints Additional endpoints to scrape (e.g sentinel)
##
additionalEndpoints: []
# uncomment in order to scrape sentinel metrics, also to in order distinguish between Sentinel and Redis container metrics
# add metricRelabelings with label like app=redis to main redis pod-monitor port
# - interval: "30s"
# path: "/scrape"
# port: "metrics"
# params:
# target: ["localhost:26379"]
# metricRelabelings:
# - targetLabel: "app"
# replacement: "sentinel"
## Prometheus Pod Monitor
## ref: https://github.com/coreos/prometheus-operator
## https://github.com/coreos/prometheus-operator/blob/master/Documentation/api.md#podmonitor
##
podMonitor:
## @param metrics.podMonitor.port the pod port to scrape metrics from
##
port: metrics
## @param metrics.podMonitor.enabled Create PodMonitor resource(s) for scraping metrics using PrometheusOperator
##
enabled: false
@@ -1872,8 +1762,6 @@ metrics:
## @param metrics.podMonitor.metricRelabelings Metrics RelabelConfigs to apply to samples before ingestion.
##
metricRelabelings: []
# - targetLabel: "app"
# replacement: "redis"
## @param metrics.podMonitor.honorLabels Specify honorLabels parameter to add the scrape endpoint
##
honorLabels: false
@@ -1889,17 +1777,7 @@ metrics:
## @param metrics.podMonitor.targetLimit Limit of how many targets should be scraped
##
targetLimit: false
## @param metrics.podMonitor.additionalEndpoints Additional endpoints to scrape (e.g sentinel)
##
additionalEndpoints: []
# - interval: "30s"
# path: "/scrape"
# port: "metrics"
# params:
# target: ["localhost:26379"]
# metricRelabelings:
# - targetLabel: "app"
# replacement: "sentinel"
## Custom PrometheusRule to be defined
## ref: https://github.com/coreos/prometheus-operator#customresourcedefinitions
##
@@ -1949,6 +1827,7 @@ metrics:
## Redis&reg; instance {{ "{{ $labels.instance }}" }} has evicted {{ "{{ $value }}" }} keys in the last 5 minutes.
##
rules: []
## @section Init Container Parameters
##
@@ -1972,7 +1851,7 @@ volumePermissions:
image:
registry: docker.io
repository: bitnami/os-shell
tag: 12-debian-12-r16
tag: 11-debian-11-r91
digest: ""
pullPolicy: IfNotPresent
## Optionally specify an array of imagePullSecrets.
@@ -1984,77 +1863,23 @@ volumePermissions:
##
pullSecrets: []
## Init container's resource requests and limits
## ref: https://kubernetes.io/docs/concepts/configuration/manage-compute-resources-container/
## @param volumePermissions.resourcesPreset Set container resources according to one common preset (allowed values: none, nano, small, medium, large, xlarge, 2xlarge). This is ignored if volumePermissions.resources is set (volumePermissions.resources is recommended for production).
## More information: https://github.com/bitnami/charts/blob/main/bitnami/common/templates/_resources.tpl#L15
## ref: https://kubernetes.io/docs/user-guide/compute-resources/
## @param volumePermissions.resources.limits The resources limits for the init container
## @param volumePermissions.resources.requests The requested resources for the init container
##
resourcesPreset: "none"
## @param volumePermissions.resources Set container requests and limits for different resources like CPU or memory (essential for production workloads)
## Example:
## resources:
## requests:
## cpu: 2
## memory: 512Mi
## limits:
## cpu: 3
## memory: 1024Mi
##
resources: {}
resources:
limits: {}
requests: {}
## Init container Container Security Context
## ref: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/#set-the-security-context-for-a-container
## @param volumePermissions.containerSecurityContext.seLinuxOptions [object,nullable] Set SELinux options in container
## @param volumePermissions.containerSecurityContext.runAsUser Set init container's Security Context runAsUser
## NOTE: when runAsUser is set to special value "auto", init container will try to chown the
## data folder to auto-determined user&group, using commands: `id -u`:`id -G | cut -d" " -f2`
## "auto" is especially useful for OpenShift which has scc with dynamic user ids (and 0 is not allowed)
##
containerSecurityContext:
seLinuxOptions: null
runAsUser: 0
## Kubectl InitContainer
## used by Sentinel to update the isMaster label on the Redis(TM) pods
##
kubectl:
## Bitnami Kubectl image version
## ref: https://hub.docker.com/r/bitnami/kubectl/tags/
## @param kubectl.image.registry [default: REGISTRY_NAME] Kubectl image registry
## @param kubectl.image.repository [default: REPOSITORY_NAME/kubectl] Kubectl image repository
## @skip kubectl.image.tag Kubectl image tag (immutable tags are recommended), by default, using the current version
## @param kubectl.image.digest Kubectl image digest in the way sha256:aa.... Please note this parameter, if set, will override the tag
## @param kubectl.image.pullPolicy Kubectl image pull policy
## @param kubectl.image.pullSecrets Kubectl pull secrets
##
image:
registry: docker.io
repository: bitnami/kubectl
tag: 1.29.2-debian-12-r3
digest: ""
## Specify a imagePullPolicy
## Defaults to 'Always' if image tag is 'latest', else set to 'IfNotPresent'
## ref: https://kubernetes.io/docs/concepts/containers/images/#pre-pulled-images
##
pullPolicy: IfNotPresent
## Optionally specify an array of imagePullSecrets.
## Secrets must be manually created in the namespace.
## ref: https://kubernetes.io/docs/tasks/configure-pod-container/pull-image-private-registry/
## e.g:
## pullSecrets:
## - myRegistryKeySecretName
##
pullSecrets: []
## @param kubectl.command kubectl command to execute
##
command: ["/opt/bitnami/scripts/kubectl-scripts/update-master-label.sh"]
## Bitnami Kubectl resource requests and limits
## ref: https://kubernetes.io/docs/concepts/configuration/manage-compute-resources-container/
## @param kubectl.resources.limits The resources limits for the kubectl containers
## @param kubectl.resources.requests The requested resources for the kubectl containers
##
resources:
limits: {}
requests: {}
## init-sysctl container parameters
## used to perform sysctl operation to modify Kernel settings (needed sometimes to avoid warnings)
##
@@ -2074,7 +1899,7 @@ sysctl:
image:
registry: docker.io
repository: bitnami/os-shell
tag: 12-debian-12-r16
tag: 11-debian-11-r91
digest: ""
pullPolicy: IfNotPresent
## Optionally specify an array of imagePullSecrets.
@@ -2092,22 +1917,14 @@ sysctl:
##
mountHostSys: false
## Init container's resource requests and limits
## ref: https://kubernetes.io/docs/concepts/configuration/manage-compute-resources-container/
## @param sysctl.resourcesPreset Set container resources according to one common preset (allowed values: none, nano, small, medium, large, xlarge, 2xlarge). This is ignored if sysctl.resources is set (sysctl.resources is recommended for production).
## More information: https://github.com/bitnami/charts/blob/main/bitnami/common/templates/_resources.tpl#L15
## ref: https://kubernetes.io/docs/user-guide/compute-resources/
## @param sysctl.resources.limits The resources limits for the init container
## @param sysctl.resources.requests The requested resources for the init container
##
resourcesPreset: "none"
## @param sysctl.resources Set container requests and limits for different resources like CPU or memory (essential for production workloads)
## Example:
## resources:
## requests:
## cpu: 2
## memory: 512Mi
## limits:
## cpu: 3
## memory: 1024Mi
##
resources: {}
resources:
limits: {}
requests: {}
## @section useExternalDNS Parameters
##
## @param useExternalDNS.enabled Enable various syntax that would enable external-dns to work. Note this requires a working installation of `external-dns` to be usable.

1
packages/system/dashboard/charts/kubeapps/templates/NOTES.txt
View File

@@ -85,4 +85,3 @@ To access Kubeapps from outside your K8s cluster, follow the steps below:
{{- include "kubeapps.checkRollingTags" . }}
{{- include "kubeapps.validateValues" . }}
{{- include "common.warnings.resources" (dict "sections" (list "apprepository" "authProxy" "dashboard" "frontend" "kubeappsapis" "ociCatalog" "pinnipedProxy" "postgresql") "context" $) }}

4
packages/system/dashboard/charts/kubeapps/templates/apprepository/apprepositories.yaml
View File

@@ -41,11 +41,11 @@ spec:
value: {{ $.Values.apprepository.initialReposProxy.noProxy }}
{{- end }}
{{- if $.Values.apprepository.containerSecurityContext.enabled }}
securityContext: {{- include "common.compatibility.renderSecurityContext" (dict "secContext" $.Values.apprepository.containerSecurityContext "context" $) | nindent 12 }}
securityContext: {{- omit $.Values.apprepository.containerSecurityContext "enabled" | toYaml | nindent 12 }}
{{- end }}
{{- end }}
{{- if $.Values.apprepository.podSecurityContext.enabled }}
securityContext: {{- include "common.compatibility.renderSecurityContext" (dict "secContext" $.Values.apprepository.podSecurityContext "context" $) | nindent 8 }}
securityContext: {{- omit $.Values.apprepository.podSecurityContext "enabled" | toYaml | nindent 8 }}
{{- end }}
{{- if .nodeSelector }}
nodeSelector: {{- toYaml .nodeSelector | nindent 8 }}

26
packages/system/dashboard/charts/kubeapps/templates/apprepository/deployment.yaml
View File

@@ -35,7 +35,6 @@ spec:
spec:
{{- include "kubeapps.imagePullSecrets" . | indent 6 }}
serviceAccountName: {{ template "kubeapps.apprepository.serviceAccountName" . }}
automountServiceAccountToken: {{ .Values.apprepository.automountServiceAccountToken }}
{{- if .Values.apprepository.hostAliases }}
hostAliases: {{- include "common.tplvalues.render" (dict "value" .Values.apprepository.hostAliases "context" $) | nindent 8 }}
{{- end }}
@@ -63,7 +62,7 @@ spec:
priorityClassName: {{ .Values.apprepository.priorityClassName | quote }}
{{- end }}
{{- if .Values.apprepository.podSecurityContext.enabled }}
securityContext: {{- include "common.compatibility.renderSecurityContext" (dict "secContext" .Values.apprepository.podSecurityContext "context" $) | nindent 8 }}
securityContext: {{- omit .Values.apprepository.podSecurityContext "enabled" | toYaml | nindent 8 }}
{{- end }}
{{- if .Values.apprepository.initContainers }}
initContainers: {{- include "common.tplvalues.render" (dict "value" .Values.apprepository.initContainers "context" $) | trim | nindent 8 }}
@@ -73,7 +72,7 @@ spec:
image: {{ include "kubeapps.apprepository.image" . }}
imagePullPolicy: {{ .Values.apprepository.image.pullPolicy | quote }}
{{- if .Values.apprepository.containerSecurityContext.enabled }}
securityContext: {{- include "common.compatibility.renderSecurityContext" (dict "secContext" .Values.apprepository.containerSecurityContext "context" $) | nindent 12 }}
securityContext: {{- omit .Values.apprepository.containerSecurityContext "enabled" | toYaml | nindent 12 }}
{{- end }}
{{- if .Values.apprepository.lifecycleHooks }}
lifecycle: {{- include "common.tplvalues.render" (dict "value" .Values.apprepository.lifecycleHooks "context" $) | nindent 12 }}
@@ -142,25 +141,16 @@ spec:
- secretRef:
name: {{ include "common.tplvalues.render" (dict "value" .Values.apprepository.extraEnvVarsSecret "context" $) }}
{{- end }}
volumeMounts:
- name: empty-dir
mountPath: /tmp
subPath: tmp-dir
{{- if .Values.apprepository.extraVolumeMounts }}
{{- include "common.tplvalues.render" (dict "value" .Values.apprepository.extraVolumeMounts "context" $) | nindent 12 }}
{{- end }}
{{- if .Values.apprepository.extraVolumeMounts }}
volumeMounts: {{- include "common.tplvalues.render" (dict "value" .Values.apprepository.extraVolumeMounts "context" $) | nindent 12 }}
{{- end }}
{{- if .Values.apprepository.resources }}
resources: {{- toYaml .Values.apprepository.resources | nindent 12 }}
{{- else if ne .Values.apprepository.resourcesPreset "none" }}
resources: {{- include "common.resources.preset" (dict "type" .Values.apprepository.resourcesPreset) | nindent 12 }}
{{- end }}
{{- if .Values.apprepository.sidecars }}
{{- include "common.tplvalues.render" (dict "value" .Values.apprepository.sidecars "context" $) | trim | nindent 8 }}
{{- end }}
volumes:
- name: empty-dir
emptyDir: {}
{{- if .Values.apprepository.extraVolumes }}
{{- include "common.tplvalues.render" (dict "value" .Values.apprepository.extraVolumes "context" $) | nindent 8 }}
{{- end }}
{{- if .Values.apprepository.extraVolumes }}
volumes: {{- include "common.tplvalues.render" (dict "value" .Values.apprepository.extraVolumes "context" $) | nindent 8 }}
{{- end }}
{{- end }}

18
packages/system/dashboard/charts/kubeapps/templates/dashboard/deployment.yaml
View File

@@ -36,7 +36,6 @@ spec:
app.kubernetes.io/component: dashboard
spec:
{{- include "kubeapps.imagePullSecrets" . | indent 6 }}
automountServiceAccountToken: {{ .Values.dashboard.automountServiceAccountToken }}
{{- if .Values.dashboard.hostAliases }}
hostAliases: {{- include "common.tplvalues.render" (dict "value" .Values.dashboard.hostAliases "context" $) | nindent 8 }}
{{- end }}
@@ -64,7 +63,7 @@ spec:
priorityClassName: {{ .Values.dashboard.priorityClassName | quote }}
{{- end }}
{{- if .Values.dashboard.podSecurityContext.enabled }}
securityContext: {{- include "common.compatibility.renderSecurityContext" (dict "secContext" .Values.dashboard.podSecurityContext "context" $) | nindent 8 }}
securityContext: {{- omit .Values.dashboard.podSecurityContext "enabled" | toYaml | nindent 8 }}
{{- end }}
{{- if .Values.dashboard.initContainers }}
initContainers: {{- include "common.tplvalues.render" (dict "value" .Values.dashboard.initContainers "context" $) | nindent 8 }}
@@ -74,7 +73,7 @@ spec:
image: {{ include "kubeapps.dashboard.image" . }}
imagePullPolicy: {{ .Values.dashboard.image.pullPolicy | quote }}
{{- if .Values.dashboard.containerSecurityContext.enabled }}
securityContext: {{- include "common.compatibility.renderSecurityContext" (dict "secContext" .Values.dashboard.containerSecurityContext "context" $) | nindent 12 }}
securityContext: {{- omit .Values.dashboard.containerSecurityContext "enabled" | toYaml | nindent 12 }}
{{- end }}
{{- if .Values.diagnosticMode.enabled }}
command: {{- include "common.tplvalues.render" (dict "value" .Values.diagnosticMode.command "context" $) | nindent 12 }}
@@ -134,21 +133,10 @@ spec:
{{- end }}
{{- if .Values.dashboard.resources }}
resources: {{- toYaml .Values.dashboard.resources | nindent 12 }}
{{- else if ne .Values.dashboard.resourcesPreset "none" }}
resources: {{- include "common.resources.preset" (dict "type" .Values.dashboard.resourcesPreset) | nindent 12 }}
{{- end }}
volumeMounts:
- name: vhost
mountPath: /opt/bitnami/nginx/conf/server_blocks
- name: empty-dir
mountPath: /tmp
subPath: tmp-dir
- name: empty-dir
mountPath: /opt/bitnami/nginx/tmp
subPath: app-tmp-dir
- name: empty-dir
mountPath: /opt/bitnami/nginx/logs
subPath: app-logs-dir
- name: config
mountPath: /app/config.json
subPath: config.json
@@ -165,8 +153,6 @@ spec:
{{- include "common.tplvalues.render" (dict "value" .Values.dashboard.sidecars "context" $) | nindent 8 }}
{{- end }}
volumes:
- name: empty-dir
emptyDir: {}
- name: vhost
configMap:
name: {{ template "kubeapps.dashboard-config.fullname" . }}

39
packages/system/dashboard/charts/kubeapps/templates/frontend/deployment.yaml
View File

@@ -35,7 +35,6 @@ spec:
app.kubernetes.io/component: frontend
spec:
{{- include "kubeapps.imagePullSecrets" . | indent 6 }}
automountServiceAccountToken: {{ .Values.frontend.automountServiceAccountToken }}
{{- if .Values.frontend.hostAliases }}
hostAliases: {{- include "common.tplvalues.render" (dict "value" .Values.frontend.hostAliases "context" $) | nindent 8 }}
{{- end }}
@@ -63,7 +62,7 @@ spec:
priorityClassName: {{ .Values.frontend.priorityClassName | quote }}
{{- end }}
{{- if .Values.frontend.podSecurityContext.enabled }}
securityContext: {{- include "common.compatibility.renderSecurityContext" (dict "secContext" .Values.frontend.podSecurityContext "context" $) | nindent 8 }}
securityContext: {{- omit .Values.frontend.podSecurityContext "enabled" | toYaml | nindent 8 }}
{{- end }}
{{- if .Values.frontend.initContainers }}
initContainers: {{- include "common.tplvalues.render" (dict "value" .Values.frontend.initContainers "context" $) | nindent 8 }}
@@ -73,7 +72,7 @@ spec:
image: {{ include "kubeapps.frontend.image" . }}
imagePullPolicy: {{ .Values.frontend.image.pullPolicy | quote }}
{{- if .Values.frontend.containerSecurityContext.enabled }}
securityContext: {{- include "common.compatibility.renderSecurityContext" (dict "secContext" .Values.frontend.containerSecurityContext "context" $) | nindent 12 }}
securityContext: {{- omit .Values.frontend.containerSecurityContext "enabled" | toYaml | nindent 12 }}
{{- end }}
{{- if .Values.diagnosticMode.enabled }}
command: {{- include "common.tplvalues.render" (dict "value" .Values.diagnosticMode.command "context" $) | nindent 12 }}
@@ -133,19 +132,8 @@ spec:
{{- end }}
{{- if .Values.frontend.resources }}
resources: {{- toYaml .Values.frontend.resources | nindent 12 }}
{{- else if ne .Values.frontend.resourcesPreset "none" }}
resources: {{- include "common.resources.preset" (dict "type" .Values.frontend.resourcesPreset) | nindent 12 }}
{{- end }}
volumeMounts:
- name: empty-dir
mountPath: /tmp
subPath: tmp-dir
- name: empty-dir
mountPath: /opt/bitnami/nginx/tmp
subPath: app-tmp-dir
- name: empty-dir
mountPath: /opt/bitnami/nginx/logs
subPath: app-logs-dir
- name: vhost
mountPath: /opt/bitnami/nginx/conf/server_blocks
{{- if .Values.frontend.extraVolumeMounts }}
@@ -156,7 +144,7 @@ spec:
image: {{ include "kubeapps.authProxy.image" . }}
imagePullPolicy: {{ .Values.authProxy.image.pullPolicy | quote }}
{{- if .Values.authProxy.containerSecurityContext.enabled }}
securityContext: {{- include "common.compatibility.renderSecurityContext" (dict "secContext" .Values.authProxy.containerSecurityContext "context" $) | nindent 12 }}
securityContext: {{- omit .Values.authProxy.containerSecurityContext "enabled" | toYaml | nindent 12 }}
{{- end }}
{{- if .Values.authProxy.lifecycleHooks }}
lifecycle: {{- include "common.tplvalues.render" (dict "value" .Values.authProxy.lifecycleHooks "context" $) | nindent 12 }}
@@ -231,16 +219,10 @@ spec:
containerPort: {{ .Values.authProxy.containerPorts.proxy }}
{{- if .Values.authProxy.resources }}
resources: {{- toYaml .Values.authProxy.resources | nindent 12 }}
{{- else if ne .Values.authProxy.resourcesPreset "none" }}
resources: {{- include "common.resources.preset" (dict "type" .Values.authProxy.resourcesPreset) | nindent 12 }}
{{- end }}
volumeMounts:
- name: empty-dir
mountPath: /tmp
subPath: tmp-dir
{{- if .Values.authProxy.extraVolumeMounts }}
{{- include "common.tplvalues.render" (dict "value" .Values.authProxy.extraVolumeMounts "context" $) | nindent 12 }}
{{- end }}
{{- if .Values.authProxy.extraVolumeMounts }}
volumeMounts: {{- include "common.tplvalues.render" (dict "value" .Values.authProxy.extraVolumeMounts "context" $) | nindent 12 }}
{{- end }}
{{- end }}
{{- if and (gt (len .Values.clusters) 1) (not .Values.authProxy.enabled) }}
{{ fail "clusters can be configured only when using an auth proxy for cluster oidc authentication." }}
@@ -250,7 +232,7 @@ spec:
image: {{ include "kubeapps.pinnipedProxy.image" . }}
imagePullPolicy: {{ .Values.pinnipedProxy.image.pullPolicy | quote }}
{{- if .Values.pinnipedProxy.containerSecurityContext.enabled }}
securityContext: {{- include "common.compatibility.renderSecurityContext" (dict "secContext" .Values.pinnipedProxy.containerSecurityContext "context" $) | nindent 12 }}
securityContext: {{- omit .Values.pinnipedProxy.containerSecurityContext "enabled" | toYaml | nindent 12 }}
{{- end }}
{{- if .Values.diagnosticMode.enabled }}
command: {{- include "common.tplvalues.render" (dict "value" .Values.diagnosticMode.command "context" $) | nindent 12 }}
@@ -301,13 +283,8 @@ spec:
containerPort: {{ .Values.pinnipedProxy.containerPorts.pinnipedProxy }}
{{- if .Values.pinnipedProxy.resources }}
resources: {{- toYaml .Values.pinnipedProxy.resources | nindent 12 }}
{{- else if ne .Values.pinnipedProxy.resourcesPreset "none" }}
resources: {{- include "common.resources.preset" (dict "type" .Values.pinnipedProxy.resourcesPreset) | nindent 12 }}
{{- end }}
volumeMounts:
- name: empty-dir
mountPath: /tmp
subPath: tmp-dir
{{- if .Values.pinnipedProxy.tls.existingSecret }}
- name: pinniped-tls-secret
mountPath: "/etc/pinniped-tls"
@@ -321,8 +298,6 @@ spec:
{{- include "common.tplvalues.render" (dict "value" .Values.frontend.sidecars "context" $) | nindent 8 }}
{{- end }}
volumes:
- name: empty-dir
emptyDir: {}
- name: vhost
configMap:
name: {{ template "kubeapps.frontend-config.fullname" . }}

25
packages/system/dashboard/charts/kubeapps/templates/kubeappsapis/deployment.yaml
View File

@@ -34,7 +34,6 @@ spec:
spec:
{{- include "kubeapps.imagePullSecrets" . | indent 6 }}
serviceAccountName: {{ template "kubeapps.kubeappsapis.serviceAccountName" . }}
automountServiceAccountToken: {{ .Values.kubeappsapis.automountServiceAccountToken }}
{{- if .Values.kubeappsapis.hostAliases }}
hostAliases: {{- include "common.tplvalues.render" (dict "value" .Values.kubeappsapis.hostAliases "context" $) | nindent 8 }}
{{- end }}
@@ -62,7 +61,7 @@ spec:
priorityClassName: {{ .Values.kubeappsapis.priorityClassName | quote }}
{{- end }}
{{- if .Values.kubeappsapis.podSecurityContext.enabled }}
securityContext: {{- include "common.compatibility.renderSecurityContext" (dict "secContext" .Values.kubeappsapis.podSecurityContext "context" $) | nindent 8 }}
securityContext: {{- omit .Values.kubeappsapis.podSecurityContext "enabled" | toYaml | nindent 8 }}
{{- end }}
# Increase termination timeout to let remaining operations to finish before ending the pods
# This is because new releases/upgrades/deletions are synchronous operations
@@ -75,7 +74,7 @@ spec:
image: {{ include "kubeapps.kubeappsapis.image" . }}
imagePullPolicy: {{ .Values.kubeappsapis.image.pullPolicy | quote }}
{{- if .Values.kubeappsapis.containerSecurityContext.enabled }}
securityContext: {{- include "common.compatibility.renderSecurityContext" (dict "secContext" .Values.kubeappsapis.containerSecurityContext "context" $) | nindent 12 }}
securityContext: {{- omit .Values.kubeappsapis.containerSecurityContext "enabled" | toYaml | nindent 12 }}
{{- end }}
{{- if .Values.kubeappsapis.lifecycleHooks }}
lifecycle: {{- include "common.tplvalues.render" (dict "value" .Values.kubeappsapis.lifecycleHooks "context" $) | nindent 12 }}
@@ -209,13 +208,8 @@ spec:
{{- end }}
{{- if .Values.kubeappsapis.resources }}
resources: {{- toYaml .Values.kubeappsapis.resources | nindent 12 }}
{{- else if ne .Values.kubeappsapis.resourcesPreset "none" }}
resources: {{- include "common.resources.preset" (dict "type" .Values.kubeappsapis.resourcesPreset) | nindent 12 }}
{{- end }}
volumeMounts:
- name: empty-dir
mountPath: /tmp
subPath: tmp-dir
{{- if .Values.clusters }}
- name: clusters-config
mountPath: /config
@@ -238,7 +232,7 @@ spec:
image: {{ include "kubeapps.ociCatalog.image" . }}
imagePullPolicy: {{ .Values.ociCatalog.image.pullPolicy | quote }}
{{- if .Values.ociCatalog.containerSecurityContext.enabled }}
securityContext: {{- include "common.compatibility.renderSecurityContext" (dict "secContext" .Values.ociCatalog.containerSecurityContext "context" $) | nindent 12 }}
securityContext: {{- omit .Values.ociCatalog.containerSecurityContext "enabled" | toYaml | nindent 12 }}
{{- end }}
{{- if .Values.kubeappsapis.lifecycleHooks }}
lifecycle: {{- include "common.tplvalues.render" (dict "value" .Values.kubeappsapis.lifecycleHooks "context" $) | nindent 12 }}
@@ -309,23 +303,16 @@ spec:
{{- end }}
{{- if .Values.ociCatalog.resources }}
resources: {{- toYaml .Values.ociCatalog.resources | nindent 12 }}
{{- else if ne .Values.ociCatalog.resourcesPreset "none" }}
resources: {{- include "common.resources.preset" (dict "type" .Values.ociCatalog.resourcesPreset) | nindent 12 }}
{{- end }}
volumeMounts:
- name: empty-dir
mountPath: /tmp
subPath: tmp-dir
{{- if .Values.ociCatalog.extraVolumeMounts }}
{{- include "common.tplvalues.render" (dict "value" .Values.ociCatalog.extraVolumeMounts "context" $) | nindent 12 }}
{{- end }}
{{- if .Values.ociCatalog.extraVolumeMounts }}
{{- include "common.tplvalues.render" (dict "value" .Values.ociCatalog.extraVolumeMounts "context" $) | nindent 12 }}
{{- end }}
{{- end }}
{{- if .Values.kubeappsapis.sidecars }}
{{- include "common.tplvalues.render" (dict "value" .Values.kubeappsapis.sidecars "context" $) | trim | nindent 8 }}
{{- end }}
volumes:
- name: empty-dir
emptyDir: {}
{{- if .Values.clusters }}
- name: clusters-config
configMap:

183
packages/system/dashboard/charts/kubeapps/values.yaml
View File

@@ -18,15 +18,7 @@ global:
##
imagePullSecrets: []
storageClass: ""
## Compatibility adaptations for Kubernetes platforms
##
compatibility:
## Compatibility adaptations for Openshift
##
openshift:
## @param global.compatibility.openshift.adaptSecurityContext Adapt the securityContext sections of the deployment to make them compatible with Openshift restricted-v2 SCC: remove runAsUser, runAsGroup and fsGroup and let the platform use their allowed default IDs. Possible values: auto (apply if the detected running cluster is Openshift), force (perform the adaptation always), disabled (do not perform adaptation)
##
adaptSecurityContext: disabled
## @section Common parameters
## @param kubeVersion Override Kubernetes version
@@ -50,6 +42,7 @@ extraDeploy: []
## @param enableIPv6 Enable IPv6 configuration
##
enableIPv6: false
## Enable diagnostic mode in the deployment
##
diagnosticMode:
@@ -64,6 +57,7 @@ diagnosticMode:
##
args:
- infinity
## @section Traffic Exposure Parameters
## Configure the ingress resource that allows you to access the Kubeapps installation
@@ -107,6 +101,7 @@ ingress:
## - Rely on Helm to create self-signed certificates by setting `ingress.selfSigned=true`
##
tls: false
## @param ingress.selfSigned Create a TLS secret for this ingress record using self-signed certificates generated by Helm
##
selfSigned: false
@@ -174,6 +169,7 @@ ingress:
## name: http
##
extraRules: []
## @section Kubeapps packaging options
## Note: the helm and flux plugins are mutually exclusive, you can only
## enable one or the other since they both operate on Helm release objects.
@@ -193,6 +189,7 @@ packaging:
## @param packaging.flux.enabled Enable support for Flux (v2) packaging.
flux:
enabled: false
## @section Frontend parameters
## Frontend parameters
@@ -211,11 +208,11 @@ frontend:
image:
registry: docker.io
repository: bitnami/nginx
tag: 1.25.4-debian-12-r3
tag: 1.25.3-debian-11-r1
digest: ""
## Specify a imagePullPolicy
## Defaults to 'Always' if image tag is 'latest', else set to 'IfNotPresent'
## ref: https://kubernetes.io/docs/concepts/containers/images/#pre-pulled-images
## ref: https://kubernetes.io/docs/user-guide/images/#pre-pulling-images
##
pullPolicy: IfNotPresent
## Optionally specify an array of imagePullSecrets.
@@ -257,11 +254,7 @@ frontend:
updateStrategy:
type: RollingUpdate
## Frontend containers' resource requests and limits
## ref: https://kubernetes.io/docs/concepts/configuration/manage-compute-resources-container/
## @param frontend.resourcesPreset Set container resources according to one common preset (allowed values: none, nano, small, medium, large, xlarge, 2xlarge). This is ignored if frontend.resources is set (frontend.resources is recommended for production).
## More information: https://github.com/bitnami/charts/blob/main/bitnami/common/templates/_resources.tpl#L15
##
resourcesPreset: "none"
## ref: https://kubernetes.io/docs/user-guide/compute-resources/
## @param frontend.resources.limits.cpu The CPU limits for the NGINX container
## @param frontend.resources.limits.memory The memory limits for the NGINX container
## @param frontend.resources.requests.cpu The requested CPU for the NGINX container
@@ -294,23 +287,15 @@ frontend:
## Configure Pods Security Context
## ref: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/#set-the-security-context-for-a-pod
## @param frontend.podSecurityContext.enabled Enabled frontend pods' Security Context
## @param frontend.podSecurityContext.fsGroupChangePolicy Set filesystem group change policy
## @param frontend.podSecurityContext.sysctls Set kernel settings using the sysctl interface
## @param frontend.podSecurityContext.supplementalGroups Set filesystem extra groups
## @param frontend.podSecurityContext.fsGroup Set frontend pod's Security Context fsGroup
##
podSecurityContext:
enabled: true
fsGroupChangePolicy: Always
sysctls: []
supplementalGroups: []
fsGroup: 1001
## Configure Container Security Context for NGINX
## ref: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/#set-the-security-context-for-a-container
## @param frontend.containerSecurityContext.enabled Enabled containers' Security Context
## @param frontend.containerSecurityContext.seLinuxOptions [object,nullable] Set SELinux options in container
## @param frontend.containerSecurityContext.runAsUser Set containers' Security Context runAsUser
## @param frontend.containerSecurityContext.runAsGroup Set containers' Security Context runAsGroup
## @param frontend.containerSecurityContext.runAsNonRoot Set container's Security Context runAsNonRoot
## @param frontend.containerSecurityContext.privileged Set container's Security Context privileged
## @param frontend.containerSecurityContext.readOnlyRootFilesystem Set container's Security Context readOnlyRootFilesystem
@@ -320,9 +305,7 @@ frontend:
##
containerSecurityContext:
enabled: true
seLinuxOptions: null
runAsUser: 1001
runAsGroup: 0
runAsNonRoot: true
privileged: false
readOnlyRootFilesystem: false
@@ -432,7 +415,7 @@ frontend:
##
affinity: {}
## @param frontend.nodeSelector Node labels for pod assignment
## ref: https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/
## ref: https://kubernetes.io/docs/user-guide/node-selection/
##
nodeSelector: {}
## @param frontend.tolerations Tolerations for pod assignment
@@ -451,9 +434,6 @@ frontend:
## The value is evaluated as a template
##
topologySpreadConstraints: []
## @param frontend.automountServiceAccountToken Mount Service Account token in pod
##
automountServiceAccountToken: true
## @param frontend.hostAliases Custom host aliases for frontend pods
## https://kubernetes.io/docs/concepts/services-networking/add-entries-to-pod-etc-hosts-with-host-aliases/
##
@@ -537,6 +517,7 @@ frontend:
## timeoutSeconds: 300
##
sessionAffinityConfig: {}
## @section Dashboard parameters
## Dashboard parameters
@@ -558,11 +539,11 @@ dashboard:
image:
registry: docker.io
repository: bitnami/kubeapps-dashboard
tag: 2.9.0-debian-12-r18
tag: 2.9.0-debian-11-r16
digest: ""
## Specify a imagePullPolicy
## Defaults to 'Always' if image tag is 'latest', else set to 'IfNotPresent'
## ref: https://kubernetes.io/docs/concepts/containers/images/#pre-pulled-images
## ref: https://kubernetes.io/docs/user-guide/images/#pre-pulling-images
##
pullPolicy: IfNotPresent
## Optionally specify an array of imagePullSecrets.
@@ -653,11 +634,7 @@ dashboard:
containerPorts:
http: 8080
## Dashboard containers' resource requests and limits
## ref: https://kubernetes.io/docs/concepts/configuration/manage-compute-resources-container/
## @param dashboard.resourcesPreset Set container resources according to one common preset (allowed values: none, nano, small, medium, large, xlarge, 2xlarge). This is ignored if dashboard.resources is set (dashboard.resources is recommended for production).
## More information: https://github.com/bitnami/charts/blob/main/bitnami/common/templates/_resources.tpl#L15
##
resourcesPreset: "none"
## ref: https://kubernetes.io/docs/user-guide/compute-resources/
## @param dashboard.resources.limits.cpu The CPU limits for the Dashboard container
## @param dashboard.resources.limits.memory The memory limits for the Dashboard container
## @param dashboard.resources.requests.cpu The requested CPU for the Dashboard container
@@ -673,23 +650,15 @@ dashboard:
## Configure Pods Security Context
## ref: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/#set-the-security-context-for-a-pod
## @param dashboard.podSecurityContext.enabled Enabled Dashboard pods' Security Context
## @param dashboard.podSecurityContext.fsGroupChangePolicy Set filesystem group change policy
## @param dashboard.podSecurityContext.sysctls Set kernel settings using the sysctl interface
## @param dashboard.podSecurityContext.supplementalGroups Set filesystem extra groups
## @param dashboard.podSecurityContext.fsGroup Set Dashboard pod's Security Context fsGroup
##
podSecurityContext:
enabled: true
fsGroupChangePolicy: Always
sysctls: []
supplementalGroups: []
fsGroup: 1001
## Configure Container Security Context for Dashboard
## ref: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/#set-the-security-context-for-a-container
## @param dashboard.containerSecurityContext.enabled Enabled containers' Security Context
## @param dashboard.containerSecurityContext.seLinuxOptions [object,nullable] Set SELinux options in container
## @param dashboard.containerSecurityContext.runAsUser Set containers' Security Context runAsUser
## @param dashboard.containerSecurityContext.runAsGroup Set containers' Security Context runAsGroup
## @param dashboard.containerSecurityContext.runAsNonRoot Set container's Security Context runAsNonRoot
## @param dashboard.containerSecurityContext.privileged Set container's Security Context privileged
## @param dashboard.containerSecurityContext.readOnlyRootFilesystem Set container's Security Context readOnlyRootFilesystem
@@ -699,9 +668,7 @@ dashboard:
##
containerSecurityContext:
enabled: true
seLinuxOptions: null
runAsUser: 1001
runAsGroup: 0
runAsNonRoot: true
privileged: false
readOnlyRootFilesystem: false
@@ -813,7 +780,7 @@ dashboard:
##
affinity: {}
## @param dashboard.nodeSelector Node labels for pod assignment
## ref: https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/
## ref: https://kubernetes.io/docs/user-guide/node-selection/
##
nodeSelector: {}
## @param dashboard.tolerations Tolerations for pod assignment
@@ -832,9 +799,6 @@ dashboard:
## The value is evaluated as a template
##
topologySpreadConstraints: []
## @param dashboard.automountServiceAccountToken Mount Service Account token in pod
##
automountServiceAccountToken: true
## @param dashboard.hostAliases Custom host aliases for Dashboard pods
## https://kubernetes.io/docs/concepts/services-networking/add-entries-to-pod-etc-hosts-with-host-aliases/
##
@@ -876,6 +840,7 @@ dashboard:
## @param dashboard.service.annotations Additional custom annotations for Dashboard service
##
annotations: {}
## @section AppRepository Controller parameters
## AppRepository Controller parameters
@@ -893,11 +858,11 @@ apprepository:
image:
registry: docker.io
repository: bitnami/kubeapps-apprepository-controller
tag: 2.9.0-debian-12-r18
tag: 2.9.0-debian-11-r12
digest: ""
## Specify a imagePullPolicy
## Defaults to 'Always' if image tag is 'latest', else set to 'IfNotPresent'
## ref: https://kubernetes.io/docs/concepts/containers/images/#pre-pulled-images
## ref: https://kubernetes.io/docs/user-guide/images/#pre-pulling-images
##
pullPolicy: IfNotPresent
## Optionally specify an array of imagePullSecrets.
@@ -920,11 +885,11 @@ apprepository:
syncImage:
registry: docker.io
repository: bitnami/kubeapps-asset-syncer
tag: 2.9.0-debian-12-r19
tag: 2.9.0-debian-11-r13
digest: ""
## Specify a imagePullPolicy
## Defaults to 'Always' if image tag is 'latest', else set to 'IfNotPresent'
## ref: https://kubernetes.io/docs/concepts/containers/images/#pre-pulled-images
## ref: https://kubernetes.io/docs/user-guide/images/#pre-pulling-images
##
pullPolicy: IfNotPresent
## Optionally specify an array of imagePullSecrets.
@@ -1028,11 +993,7 @@ apprepository:
updateStrategy:
type: RollingUpdate
## AppRepository Controller containers' resource requests and limits
## ref: https://kubernetes.io/docs/concepts/configuration/manage-compute-resources-container/
## @param apprepository.resourcesPreset Set container resources according to one common preset (allowed values: none, nano, small, medium, large, xlarge, 2xlarge). This is ignored if apprepository.resources is set (apprepository.resources is recommended for production).
## More information: https://github.com/bitnami/charts/blob/main/bitnami/common/templates/_resources.tpl#L15
##
resourcesPreset: "none"
## ref: https://kubernetes.io/docs/user-guide/compute-resources/
## @param apprepository.resources.limits.cpu The CPU limits for the AppRepository Controller container
## @param apprepository.resources.limits.memory The memory limits for the AppRepository Controller container
## @param apprepository.resources.requests.cpu The requested CPU for the AppRepository Controller container
@@ -1048,23 +1009,15 @@ apprepository:
## Configure Pods Security Context
## ref: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/#set-the-security-context-for-a-pod
## @param apprepository.podSecurityContext.enabled Enabled AppRepository Controller pods' Security Context
## @param apprepository.podSecurityContext.fsGroupChangePolicy Set filesystem group change policy
## @param apprepository.podSecurityContext.sysctls Set kernel settings using the sysctl interface
## @param apprepository.podSecurityContext.supplementalGroups Set filesystem extra groups
## @param apprepository.podSecurityContext.fsGroup Set AppRepository Controller pod's Security Context fsGroup
##
podSecurityContext:
enabled: true
fsGroupChangePolicy: Always
sysctls: []
supplementalGroups: []
fsGroup: 1001
## Configure Container Security Context for App Repository jobs
## ref: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/#set-the-security-context-for-a-container
## @param apprepository.containerSecurityContext.enabled Enabled containers' Security Context
## @param apprepository.containerSecurityContext.seLinuxOptions [object,nullable] Set SELinux options in container
## @param apprepository.containerSecurityContext.runAsUser Set containers' Security Context runAsUser
## @param apprepository.containerSecurityContext.runAsGroup Set containers' Security Context runAsGroup
## @param apprepository.containerSecurityContext.runAsNonRoot Set container's Security Context runAsNonRoot
## @param apprepository.containerSecurityContext.privileged Set container's Security Context privileged
## @param apprepository.containerSecurityContext.readOnlyRootFilesystem Set container's Security Context readOnlyRootFilesystem
@@ -1074,9 +1027,7 @@ apprepository:
##
containerSecurityContext:
enabled: true
seLinuxOptions: null
runAsUser: 1001
runAsGroup: 0
runAsNonRoot: true
privileged: false
readOnlyRootFilesystem: false
@@ -1152,7 +1103,7 @@ apprepository:
##
affinity: {}
## @param apprepository.nodeSelector Node labels for pod assignment
## ref: https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/
## ref: https://kubernetes.io/docs/user-guide/node-selection/
##
nodeSelector: {}
## @param apprepository.tolerations Tolerations for pod assignment
@@ -1171,9 +1122,6 @@ apprepository:
## The value is evaluated as a template
##
topologySpreadConstraints: []
## @param apprepository.automountServiceAccountToken Mount Service Account token in pod
##
automountServiceAccountToken: true
## @param apprepository.hostAliases Custom host aliases for AppRepository Controller pods
## https://kubernetes.io/docs/concepts/services-networking/add-entries-to-pod-etc-hosts-with-host-aliases/
##
@@ -1209,8 +1157,9 @@ apprepository:
serviceAccount:
create: true
name: ""
automountServiceAccountToken: false
automountServiceAccountToken: true
annotations: {}
## @section Auth Proxy parameters
## Auth Proxy configuration for OIDC support
@@ -1232,11 +1181,11 @@ authProxy:
image:
registry: docker.io
repository: bitnami/oauth2-proxy
tag: 7.6.0-debian-12-r4
tag: 7.5.1-debian-11-r11
digest: ""
## Specify a imagePullPolicy
## Defaults to 'Always' if image tag is 'latest', else set to 'IfNotPresent'
## ref: https://kubernetes.io/docs/concepts/containers/images/#pre-pulled-images
## ref: https://kubernetes.io/docs/user-guide/images/#pre-pulling-images
##
pullPolicy: IfNotPresent
## Optionally specify an array of imagePullSecrets.
@@ -1328,9 +1277,7 @@ authProxy:
## Configure Container Security Context for Auth Proxy
## ref: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/#set-the-security-context-for-a-container
## @param authProxy.containerSecurityContext.enabled Enabled containers' Security Context
## @param authProxy.containerSecurityContext.seLinuxOptions [object,nullable] Set SELinux options in container
## @param authProxy.containerSecurityContext.runAsUser Set containers' Security Context runAsUser
## @param authProxy.containerSecurityContext.runAsGroup Set containers' Security Context runAsGroup
## @param authProxy.containerSecurityContext.runAsNonRoot Set container's Security Context runAsNonRoot
## @param authProxy.containerSecurityContext.privileged Set container's Security Context privileged
## @param authProxy.containerSecurityContext.readOnlyRootFilesystem Set container's Security Context readOnlyRootFilesystem
@@ -1340,9 +1287,7 @@ authProxy:
##
containerSecurityContext:
enabled: true
seLinuxOptions: null
runAsUser: 1001
runAsGroup: 0
runAsNonRoot: true
privileged: false
readOnlyRootFilesystem: false
@@ -1352,11 +1297,7 @@ authProxy:
seccompProfile:
type: "RuntimeDefault"
## OAuth2 Proxy containers' resource requests and limits
## ref: https://kubernetes.io/docs/concepts/configuration/manage-compute-resources-container/
## @param authProxy.resourcesPreset Set container resources according to one common preset (allowed values: none, nano, small, medium, large, xlarge, 2xlarge). This is ignored if authProxy.resources is set (authProxy.resources is recommended for production).
## More information: https://github.com/bitnami/charts/blob/main/bitnami/common/templates/_resources.tpl#L15
##
resourcesPreset: "none"
## ref: https://kubernetes.io/docs/user-guide/compute-resources/
## @param authProxy.resources.limits.cpu The CPU limits for the OAuth2 Proxy container
## @param authProxy.resources.limits.memory The memory limits for the OAuth2 Proxy container
## @param authProxy.resources.requests.cpu The requested CPU for the OAuth2 Proxy container
@@ -1369,6 +1310,7 @@ authProxy:
requests:
cpu: 25m
memory: 32Mi
## @section Pinniped Proxy parameters
## Pinniped Proxy configuration for converting user OIDC tokens to k8s client authorization certs
@@ -1389,11 +1331,11 @@ pinnipedProxy:
image:
registry: docker.io
repository: bitnami/kubeapps-pinniped-proxy
tag: 2.9.0-debian-12-r17
tag: 2.9.0-debian-11-r10
digest: ""
## Specify a imagePullPolicy
## Defaults to 'Always' if image tag is 'latest', else set to 'IfNotPresent'
## ref: https://kubernetes.io/docs/concepts/containers/images/#pre-pulled-images
## ref: https://kubernetes.io/docs/user-guide/images/#pre-pulling-images
##
pullPolicy: IfNotPresent
## Optionally specify an array of imagePullSecrets.
@@ -1459,9 +1401,7 @@ pinnipedProxy:
## Configure Container Security Context for Pinniped Proxy
## ref: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/#set-the-security-context-for-a-container
## @param pinnipedProxy.containerSecurityContext.enabled Enabled containers' Security Context
## @param pinnipedProxy.containerSecurityContext.seLinuxOptions [object,nullable] Set SELinux options in container
## @param pinnipedProxy.containerSecurityContext.runAsUser Set containers' Security Context runAsUser
## @param pinnipedProxy.containerSecurityContext.runAsGroup Set containers' Security Context runAsGroup
## @param pinnipedProxy.containerSecurityContext.runAsNonRoot Set container's Security Context runAsNonRoot
## @param pinnipedProxy.containerSecurityContext.privileged Set container's Security Context privileged
## @param pinnipedProxy.containerSecurityContext.readOnlyRootFilesystem Set container's Security Context readOnlyRootFilesystem
@@ -1471,9 +1411,7 @@ pinnipedProxy:
##
containerSecurityContext:
enabled: true
seLinuxOptions: null
runAsUser: 1001
runAsGroup: 0
runAsNonRoot: true
privileged: false
readOnlyRootFilesystem: false
@@ -1483,13 +1421,7 @@ pinnipedProxy:
seccompProfile:
type: "RuntimeDefault"
## Pinniped Proxy containers' resource requests and limits
## ref: https://kubernetes.io/docs/concepts/configuration/manage-compute-resources-container/
## @param pinnipedProxy.resourcesPreset Set container resources according to one common preset (allowed values: none, nano, small, medium, large, xlarge, 2xlarge). This is ignored if pinnipedProxy.resources is set (pinnipedProxy.resources is recommended for production).
## More information: https://github.com/bitnami/charts/blob/main/bitnami/common/templates/_resources.tpl#L15
##
resourcesPreset: "none"
## Pinniped Proxy containers' resource requests and limits
## ref: https://kubernetes.io/docs/concepts/configuration/manage-compute-resources-container/
## ref: https://kubernetes.io/docs/user-guide/compute-resources/
## @param pinnipedProxy.resources.limits.cpu The CPU limits for the Pinniped Proxy container
## @param pinnipedProxy.resources.limits.memory The memory limits for the Pinniped Proxy container
## @param pinnipedProxy.resources.requests.cpu The requested CPU for the Pinniped Proxy container
@@ -1547,12 +1479,14 @@ pinnipedProxy:
clusters:
- name: default
domain: cluster.local
## RBAC configuration
##
rbac:
## @param rbac.create Specifies whether RBAC resources should be created
##
create: true
## @section Feature flags
##
## Opt-in features intended for development and advanced use cases.
@@ -1576,6 +1510,7 @@ featureFlags:
## @param featureFlags.schemaEditor.enabled Enable a visual editor for customizing the package schemas
##
enabled: false
## @section Database Parameters
## PostgreSQL chart configuration
@@ -1608,11 +1543,7 @@ postgresql:
securityContext:
enabled: false
## PostgreSQL containers' resource requests and limits
## ref: https://kubernetes.io/docs/concepts/configuration/manage-compute-resources-container/
## @param postgresql.resourcesPreset Set container resources according to one common preset (allowed values: none, nano, small, medium, large, xlarge, 2xlarge). This is ignored if postgresql.resources is set (postgresql.resources is recommended for production).
## More information: https://github.com/bitnami/charts/blob/main/bitnami/common/templates/_resources.tpl#L15
##
resourcesPreset: "none"
## ref: https://kubernetes.io/docs/user-guide/compute-resources/
## @param postgresql.resources.limits The resources limits for the PostgreSQL container
## @param postgresql.resources.requests.cpu The requested CPU for the PostgreSQL container
## @param postgresql.resources.requests.memory The requested memory for the PostgreSQL container
@@ -1622,6 +1553,7 @@ postgresql:
requests:
memory: 256Mi
cpu: 250m
## @section kubeappsapis parameters
kubeappsapis:
## @param kubeappsapis.enabledPlugins Manually override which plugins are enabled for the Kubeapps-APIs service
@@ -1704,11 +1636,11 @@ kubeappsapis:
image:
registry: docker.io
repository: bitnami/kubeapps-apis
tag: 2.9.0-debian-12-r19
tag: 2.9.0-debian-11-r13
digest: ""
## Specify a imagePullPolicy
## Defaults to 'Always' if image tag is 'latest', else set to 'IfNotPresent'
## ref: https://kubernetes.io/docs/concepts/containers/images/#pre-pulled-images
## ref: https://kubernetes.io/docs/user-guide/images/#pre-pulling-images
##
pullPolicy: IfNotPresent
## Optionally specify an array of imagePullSecrets.
@@ -1764,11 +1696,7 @@ kubeappsapis:
containerPorts:
http: 50051
## KubeappsAPIs containers' resource requests and limits
## ref: https://kubernetes.io/docs/concepts/configuration/manage-compute-resources-container/
## @param kubeappsapis.resourcesPreset Set container resources according to one common preset (allowed values: none, nano, small, medium, large, xlarge, 2xlarge). This is ignored if kubeappsapis.resources is set (kubeappsapis.resources is recommended for production).
## More information: https://github.com/bitnami/charts/blob/main/bitnami/common/templates/_resources.tpl#L15
##
resourcesPreset: "none"
## ref: https://kubernetes.io/docs/user-guide/compute-resources/
## @param kubeappsapis.resources.limits.cpu The CPU limits for the KubeappsAPIs container
## @param kubeappsapis.resources.limits.memory The memory limits for the KubeappsAPIs container
## @param kubeappsapis.resources.requests.cpu The requested CPU for the KubeappsAPIs container
@@ -1784,23 +1712,15 @@ kubeappsapis:
## Configure Pods Security Context
## ref: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/#set-the-security-context-for-a-pod
## @param kubeappsapis.podSecurityContext.enabled Enabled KubeappsAPIs pods' Security Context
## @param kubeappsapis.podSecurityContext.fsGroupChangePolicy Set filesystem group change policy
## @param kubeappsapis.podSecurityContext.sysctls Set kernel settings using the sysctl interface
## @param kubeappsapis.podSecurityContext.supplementalGroups Set filesystem extra groups
## @param kubeappsapis.podSecurityContext.fsGroup Set KubeappsAPIs pod's Security Context fsGroup
##
podSecurityContext:
enabled: true
fsGroupChangePolicy: Always
sysctls: []
supplementalGroups: []
fsGroup: 1001
## Configure Container Security Context for Kubeapps APIs
## ref: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/#set-the-security-context-for-a-container
## @param kubeappsapis.containerSecurityContext.enabled Enabled containers' Security Context
## @param kubeappsapis.containerSecurityContext.seLinuxOptions [object,nullable] Set SELinux options in container
## @param kubeappsapis.containerSecurityContext.runAsUser Set containers' Security Context runAsUser
## @param kubeappsapis.containerSecurityContext.runAsGroup Set containers' Security Context runAsGroup
## @param kubeappsapis.containerSecurityContext.runAsNonRoot Set container's Security Context runAsNonRoot
## @param kubeappsapis.containerSecurityContext.privileged Set container's Security Context privileged
## @param kubeappsapis.containerSecurityContext.readOnlyRootFilesystem Set container's Security Context readOnlyRootFilesystem
@@ -1810,9 +1730,7 @@ kubeappsapis:
##
containerSecurityContext:
enabled: true
seLinuxOptions: null
runAsUser: 1001
runAsGroup: 0
runAsNonRoot: true
privileged: false
readOnlyRootFilesystem: false
@@ -1930,7 +1848,7 @@ kubeappsapis:
##
affinity: {}
## @param kubeappsapis.nodeSelector Node labels for pod assignment
## ref: https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/
## ref: https://kubernetes.io/docs/user-guide/node-selection/
##
nodeSelector: {}
## @param kubeappsapis.tolerations Tolerations for pod assignment
@@ -1949,9 +1867,6 @@ kubeappsapis:
## The value is evaluated as a template
##
topologySpreadConstraints: []
## @param kubeappsapis.automountServiceAccountToken Mount Service Account token in pod
##
automountServiceAccountToken: true
## @param kubeappsapis.hostAliases Custom host aliases for KubeappsAPIs pods
## https://kubernetes.io/docs/concepts/services-networking/add-entries-to-pod-etc-hosts-with-host-aliases/
##
@@ -1997,8 +1912,9 @@ kubeappsapis:
serviceAccount:
create: true
name: ""
automountServiceAccountToken: false
automountServiceAccountToken: true
annotations: {}
## @section OCI Catalog chart configuration
ociCatalog:
## @param ociCatalog.enabled Enable the OCI catalog gRPC service for cataloging
@@ -2017,11 +1933,11 @@ ociCatalog:
image:
registry: docker.io
repository: bitnami/kubeapps-oci-catalog
tag: 2.9.0-debian-12-r17
tag: 2.9.0-debian-11-r6
digest: ""
## Specify a imagePullPolicy
## Defaults to 'Always' if image tag is 'latest', else set to 'IfNotPresent'
## ref: https://kubernetes.io/docs/concepts/containers/images/#pre-pulled-images
## ref: https://kubernetes.io/docs/user-guide/images/#pre-pulling-images
##
pullPolicy: IfNotPresent
## Optionally specify an array of imagePullSecrets.
@@ -2056,11 +1972,7 @@ ociCatalog:
containerPorts:
grpc: 50061
## OCI Catalog containers' resource requests and limits
## ref: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/
## @param ociCatalog.resourcesPreset Set container resources according to one common preset (allowed values: none, nano, small, medium, large, xlarge, 2xlarge). This is ignored if ociCatalog.resources is set (ociCatalog.resources is recommended for production).
## More information: https://github.com/bitnami/charts/blob/main/bitnami/common/templates/_resources.tpl#L15
##
resourcesPreset: "none"
## ref: https://kubernetes.io/docs/user-guide/compute-resources/
## @param ociCatalog.resources.limits.cpu The CPU limits for the OCI Catalog container
## @param ociCatalog.resources.limits.memory The memory limits for the OCI Catalog container
## @param ociCatalog.resources.requests.cpu The requested CPU for the OCI Catalog container
@@ -2076,9 +1988,7 @@ ociCatalog:
## Configure Container Security Context (only main container)
## ref: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/#set-the-security-context-for-a-container
## @param ociCatalog.containerSecurityContext.enabled Enabled containers' Security Context
## @param ociCatalog.containerSecurityContext.seLinuxOptions [object,nullable] Set SELinux options in container
## @param ociCatalog.containerSecurityContext.runAsUser Set containers' Security Context runAsUser
## @param ociCatalog.containerSecurityContext.runAsGroup Set containers' Security Context runAsGroup
## @param ociCatalog.containerSecurityContext.runAsNonRoot Set container's Security Context runAsNonRoot
## @param ociCatalog.containerSecurityContext.privileged Set container's Security Context privileged
## @param ociCatalog.containerSecurityContext.readOnlyRootFilesystem Set container's Security Context readOnlyRootFilesystem
@@ -2088,9 +1998,7 @@ ociCatalog:
##
containerSecurityContext:
enabled: true
seLinuxOptions: null
runAsUser: 1001
runAsGroup: 0
runAsNonRoot: true
privileged: false
readOnlyRootFilesystem: false
@@ -2169,6 +2077,7 @@ ociCatalog:
## @param ociCatalog.extraVolumeMounts Optionally specify extra list of additional volumeMounts for the OCI Catalog container(s)
##
extraVolumeMounts: []
## @section Redis&reg; chart configuration
## ref: https://github.com/bitnami/charts/blob/main/bitnami/redis/values.yaml
##

4
packages/system/dashboard/images/dashboard.json
View File

@@ -1,4 +1,4 @@
{
"containerimage.config.digest": "sha256:c4bfb560aaa8f9bae1da00fa4b49b3e1fc993606902e47c155238f2b002fadce",
"containerimage.digest": "sha256:974cbeedb328e71aeb2b45970ebc1bcbbdcbdc0ed034a9d3d37924530f66b938"
"containerimage.config.digest": "sha256:51a28848a801e102b3383e6d980ac2459fa29cfd9cbc381d03c561672e94139d",
"containerimage.digest": "sha256:4b1b4ffc7c797b8fb4ab9561e6fa0a68c00d5b0d945fe47e42ecc6e43e9af0d3"
}

2
packages/system/dashboard/images/dashboard.tag
View File

@@ -1 +1 @@
ghcr.io/aenix-io/cozystack/dashboard:v0.2.0
ghcr.io/aenix-io/cozystack/dashboard:v0.1.0

2
packages/system/dashboard/images/dashboard/Dockerfile
View File

@@ -1,7 +1,7 @@
# Copyright 2018-2023 the Kubeapps contributors.
# SPDX-License-Identifier: Apache-2.0
FROM bitnami/node:20.11.0 AS build
FROM bitnami/node:18.18.0 AS build
WORKDIR /app
ARG VERSION=2.9.0

4
packages/system/dashboard/images/kubeapps-apis.json
View File

@@ -1,4 +1,4 @@
{
"containerimage.config.digest": "sha256:992221768278b67a64b52d4e8bc847f18c8e4be746ac7197be9bbfd4fd092b24",
"containerimage.digest": "sha256:6fb48ec9b50422bdd843584cd4db6ee07618ce535fde23903560d2529e4da31a"
"containerimage.config.digest": "sha256:e522ba90c58c3dab629739fe240e42037a50bfc19442d018e957ef54f05aaa77",
"containerimage.digest": "sha256:ea80daaedd7e782bb42641fe25b2c91fc24260b81f8e576637f3d251c9c7d087"
}

2
packages/system/dashboard/images/kubeapps-apis.tag
View File

@@ -1 +1 @@
ghcr.io/aenix-io/cozystack/kubeapps-apis:v0.2.0
ghcr.io/aenix-io/cozystack/kubeapps-apis:v0.1.0

0
packages/core/fluxcd/.helmignore → packages/system/fluxcd/.helmignore
View File

0
packages/core/fluxcd/Chart.yaml → packages/system/fluxcd/Chart.yaml
View File

15
packages/system/fluxcd/Makefile Normal file
View File

@@ -0,0 +1,15 @@
NAMESPACE=cozy-fluxcd
NAME=fluxcd
show:
helm template --dry-run=server -n $(NAMESPACE) $(NAME) .
apply:
helm upgrade -i -n $(NAMESPACE) $(NAME) .
diff:
helm diff upgrade --allow-unreleased --normalize-manifests -n $(NAMESPACE) $(NAME) .
update:
rm -rf charts
helm pull oci://ghcr.io/fluxcd-community/charts/flux2 --untar --untardir charts

0
packages/core/fluxcd/charts/flux2/.helmignore → packages/system/fluxcd/charts/flux2/.helmignore
View File

6
packages/core/fluxcd/charts/flux2/Chart.yaml → packages/system/fluxcd/charts/flux2/Chart.yaml
View File

@@ -1,11 +1,11 @@
annotations:
artifacthub.io/changes: |
- "[Chore]: Update App Version to upstream 2.2.3"
- "feat: adding CRD and RBAC annotation option"
apiVersion: v2
appVersion: 2.2.3
appVersion: 2.1.2
description: A Helm chart for flux2
name: flux2
sources:
- https://github.com/fluxcd-community/helm-charts
type: application
version: 2.12.4
version: 2.11.1

16
packages/core/fluxcd/charts/flux2/README.md → packages/system/fluxcd/charts/flux2/README.md
View File

@@ -1,6 +1,6 @@
# flux2
![Version: 2.12.4](https://img.shields.io/badge/Version-2.12.4-informational?style=flat-square) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square) ![AppVersion: 2.2.3](https://img.shields.io/badge/AppVersion-2.2.3-informational?style=flat-square)
![Version: 2.11.0](https://img.shields.io/badge/Version-2.11.0-informational?style=flat-square) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square) ![AppVersion: 2.1.2](https://img.shields.io/badge/AppVersion-2.1.2-informational?style=flat-square)
A Helm chart for flux2
@@ -19,7 +19,7 @@ This helm chart is maintained and released by the fluxcd-community on a best eff
| cli.image | string | `"ghcr.io/fluxcd/flux-cli"` | |
| cli.nodeSelector | object | `{}` | |
| cli.serviceAccount.automount | bool | `true` | |
| cli.tag | string | `"v2.2.3"` | |
| cli.tag | string | `"v2.1.2"` | |
| cli.tolerations | list | `[]` | |
| clusterDomain | string | `"cluster.local"` | |
| crds.annotations | object | `{}` | Add annotations to all CRD resources, e.g. "helm.sh/resource-policy": keep |
@@ -41,7 +41,7 @@ This helm chart is maintained and released by the fluxcd-community on a best eff
| helmController.serviceAccount.annotations | object | `{}` | |
| helmController.serviceAccount.automount | bool | `true` | |
| helmController.serviceAccount.create | bool | `true` | |
| helmController.tag | string | `"v0.37.4"` | |
| helmController.tag | string | `"v0.36.2"` | |
| helmController.tolerations | list | `[]` | |
| imageAutomationController.affinity | object | `{}` | |
| imageAutomationController.annotations."prometheus.io/port" | string | `"8080"` | |
@@ -60,7 +60,7 @@ This helm chart is maintained and released by the fluxcd-community on a best eff
| imageAutomationController.serviceAccount.annotations | object | `{}` | |
| imageAutomationController.serviceAccount.automount | bool | `true` | |
| imageAutomationController.serviceAccount.create | bool | `true` | |
| imageAutomationController.tag | string | `"v0.37.1"` | |
| imageAutomationController.tag | string | `"v0.36.1"` | |
| imageAutomationController.tolerations | list | `[]` | |
| imagePullSecrets | list | `[]` | contents of pod imagePullSecret in form 'name=[secretName]'; applied to all controllers |
| imageReflectionController.affinity | object | `{}` | |
@@ -80,7 +80,7 @@ This helm chart is maintained and released by the fluxcd-community on a best eff
| imageReflectionController.serviceAccount.annotations | object | `{}` | |
| imageReflectionController.serviceAccount.automount | bool | `true` | |
| imageReflectionController.serviceAccount.create | bool | `true` | |
| imageReflectionController.tag | string | `"v0.31.2"` | |
| imageReflectionController.tag | string | `"v0.30.0"` | |
| imageReflectionController.tolerations | list | `[]` | |
| installCRDs | bool | `true` | |
| kustomizeController.affinity | object | `{}` | |
@@ -105,7 +105,7 @@ This helm chart is maintained and released by the fluxcd-community on a best eff
| kustomizeController.serviceAccount.annotations | object | `{}` | |
| kustomizeController.serviceAccount.automount | bool | `true` | |
| kustomizeController.serviceAccount.create | bool | `true` | |
| kustomizeController.tag | string | `"v1.2.2"` | |
| kustomizeController.tag | string | `"v1.1.1"` | |
| kustomizeController.tolerations | list | `[]` | |
| logLevel | string | `"info"` | |
| multitenancy.defaultServiceAccount | string | `"default"` | All Kustomizations and HelmReleases which dont have spec.serviceAccountName specified, will use the default account from the tenants namespace. Tenants have to specify a service account in their Flux resources to be able to deploy workloads in their namespaces as the default account has no permissions. |
@@ -130,7 +130,7 @@ This helm chart is maintained and released by the fluxcd-community on a best eff
| notificationController.serviceAccount.annotations | object | `{}` | |
| notificationController.serviceAccount.automount | bool | `true` | |
| notificationController.serviceAccount.create | bool | `true` | |
| notificationController.tag | string | `"v1.2.4"` | |
| notificationController.tag | string | `"v1.1.0"` | |
| notificationController.tolerations | list | `[]` | |
| notificationController.webhookReceiver.ingress.annotations | object | `{}` | |
| notificationController.webhookReceiver.ingress.create | bool | `false` | |
@@ -169,6 +169,6 @@ This helm chart is maintained and released by the fluxcd-community on a best eff
| sourceController.serviceAccount.annotations | object | `{}` | |
| sourceController.serviceAccount.automount | bool | `true` | |
| sourceController.serviceAccount.create | bool | `true` | |
| sourceController.tag | string | `"v1.2.4"` | |
| sourceController.tag | string | `"v1.1.2"` | |
| sourceController.tolerations | list | `[]` | |
| watchAllNamespaces | bool | `true` | |

0
packages/core/fluxcd/charts/flux2/templates/_helper.tpl → packages/system/fluxcd/charts/flux2/templates/_helper.tpl
View File

0
packages/core/fluxcd/charts/flux2/templates/aggregate-clusterroles.yaml → packages/system/fluxcd/charts/flux2/templates/aggregate-clusterroles.yaml
View File

2
packages/core/fluxcd/charts/flux2/templates/cluster-reconciler-clusterrolebinding.yaml → packages/system/fluxcd/charts/flux2/templates/cluster-reconciler-clusterrolebinding.yaml
View File

@@ -15,7 +15,7 @@ metadata:
roleRef:
apiGroup: rbac.authorization.k8s.io
kind: ClusterRole
name: {{ .Values.rbac.roleRef.name }}
name: cluster-admin
subjects:
- kind: ServiceAccount
name: kustomize-controller

0
packages/core/fluxcd/charts/flux2/templates/cluster-reconciler-impersonator-clusterrole.yaml → packages/system/fluxcd/charts/flux2/templates/cluster-reconciler-impersonator-clusterrole.yaml
View File

0
packages/core/fluxcd/charts/flux2/templates/cluster-reconciler-impersonator-clusterrolebinding.yaml → packages/system/fluxcd/charts/flux2/templates/cluster-reconciler-impersonator-clusterrolebinding.yaml
View File

Some files were not shown because too many files have changed in this diff Show More