mirror of
https://github.com/outbackdingo/cozystack.git
synced 2026-01-31 02:18:59 +00:00
Compare commits
1 Commits
secureboot
...
openshift-
| Author | SHA1 | Date | |
|---|---|---|---|
|
fe70003c5e |
@@ -113,6 +113,8 @@ machine:
|
||||
- usermode_helper=disabled
|
||||
- name: zfs
|
||||
- name: spl
|
||||
install:
|
||||
image: ghcr.io/aenix-io/cozystack/talos:v1.8.3
|
||||
files:
|
||||
- content: |
|
||||
[plugins]
|
||||
@@ -140,9 +142,6 @@ EOT
|
||||
|
||||
cat > patch-controlplane.yaml <<\EOT
|
||||
machine:
|
||||
nodeLabels:
|
||||
node.kubernetes.io/exclude-from-external-load-balancers:
|
||||
$patch: delete
|
||||
network:
|
||||
interfaces:
|
||||
- interface: eth0
|
||||
|
||||
@@ -68,7 +68,7 @@ spec:
|
||||
serviceAccountName: cozystack
|
||||
containers:
|
||||
- name: cozystack
|
||||
image: "ghcr.io/aenix-io/cozystack/cozystack:v0.21.0"
|
||||
image: "ghcr.io/aenix-io/cozystack/cozystack:v0.20.2"
|
||||
env:
|
||||
- name: KUBERNETES_SERVICE_HOST
|
||||
value: localhost
|
||||
@@ -87,7 +87,7 @@ spec:
|
||||
fieldRef:
|
||||
fieldPath: metadata.name
|
||||
- name: darkhttpd
|
||||
image: "ghcr.io/aenix-io/cozystack/cozystack:v0.21.0"
|
||||
image: "ghcr.io/aenix-io/cozystack/cozystack:v0.20.2"
|
||||
command:
|
||||
- /usr/bin/darkhttpd
|
||||
- /cozystack/assets
|
||||
|
||||
@@ -1 +1 @@
|
||||
ghcr.io/aenix-io/cozystack/postgres-backup:0.7.1@sha256:4d2271b345240c6c5b37599996745646012004b0f57e31c4c9deb1aba7408a51
|
||||
ghcr.io/aenix-io/cozystack/postgres-backup:0.7.1@sha256:406d2c5a30fa8b6fe10eab3cba45c06fea3876e81fd123ead6dc3c19347762d0
|
||||
|
||||
@@ -1 +1 @@
|
||||
ghcr.io/aenix-io/cozystack/nginx-cache:0.3.1@sha256:3e8ae1bd576858a88c995aefb1431a1b89f55b7a1ef60575fecae4bbf5aa0d4e
|
||||
ghcr.io/aenix-io/cozystack/nginx-cache:0.3.1@sha256:27112d470a31725b75b29b29919af06b4ce1339e3b502b08889a92ab7099adde
|
||||
|
||||
@@ -1 +1 @@
|
||||
ghcr.io/aenix-io/cozystack/cluster-autoscaler:0.14.1@sha256:0ea139c71e08db5adb275d81a7efa9a0d8b8db61a1fc1a67167a33a347c07fd8
|
||||
ghcr.io/aenix-io/cozystack/cluster-autoscaler:0.14.1@sha256:b63293bc295e8c04574900bb711ebfe51db6774beb6bc3a58791562ec11b406b
|
||||
|
||||
@@ -1 +1 @@
|
||||
ghcr.io/aenix-io/cozystack/kubevirt-cloud-provider:0.14.1@sha256:f595d50689405a504249c2af4b84562e8a0d16bdf9287d4eedf7c87959c4fba1
|
||||
ghcr.io/aenix-io/cozystack/kubevirt-cloud-provider:0.14.1@sha256:c0561a342e6b55d066f3363182f442e8fa30a0b6b448d89d15a1a855c999b98e
|
||||
|
||||
@@ -1 +1 @@
|
||||
ghcr.io/aenix-io/cozystack/kubevirt-csi-driver:0.14.1@sha256:644379ba92c72dbbf07257d70f88ef3e5c1f1fb88f161c03758c13588d33ac2d
|
||||
ghcr.io/aenix-io/cozystack/kubevirt-csi-driver:0.14.1@sha256:4b84a077e7f1b75bdf8b272c8f147e4ef3b67b9bea83383a399e9149868384ac
|
||||
|
||||
@@ -1 +1 @@
|
||||
ghcr.io/aenix-io/cozystack/ubuntu-container-disk:v1.30.1@sha256:a64fefbd94535be2f8ac92943f0cad076a7b4c61c289a6ac0086a40859ed9d0e
|
||||
ghcr.io/aenix-io/cozystack/ubuntu-container-disk:v1.30.1@sha256:91ec9c31472f8e94ae5f6f5a2568058eb28b3f57ab7e203d8d4a0993911fffc3
|
||||
|
||||
@@ -48,6 +48,7 @@ spec:
|
||||
tenant: {{ .Release.Namespace }}
|
||||
remoteWrite:
|
||||
url: http://vminsert-shortterm.{{ $targetTenant }}.svc:8480/insert/0/prometheus
|
||||
|
||||
fluent-bit:
|
||||
readinessProbe:
|
||||
httpGet:
|
||||
|
||||
@@ -1 +1 @@
|
||||
ghcr.io/aenix-io/cozystack/mariadb-backup:0.5.2@sha256:948d41556939d90bdc37b4406b18935d46490dcb3f38a27aa117a4c3973e5604
|
||||
ghcr.io/aenix-io/cozystack/mariadb-backup:0.5.2@sha256:f6435ce02b1bf4d7b2422676e84bc2299725ed2cfb93922e40f40a695d54b9d3
|
||||
|
||||
@@ -1 +1 @@
|
||||
ghcr.io/aenix-io/cozystack/postgres-backup:0.7.1@sha256:4d2271b345240c6c5b37599996745646012004b0f57e31c4c9deb1aba7408a51
|
||||
ghcr.io/aenix-io/cozystack/postgres-backup:0.7.1@sha256:406d2c5a30fa8b6fe10eab3cba45c06fea3876e81fd123ead6dc3c19347762d0
|
||||
|
||||
@@ -16,7 +16,7 @@ type: application
|
||||
# This is the chart version. This version number should be incremented each time you make changes
|
||||
# to the chart and its templates, including the app version.
|
||||
# Versions are expected to follow Semantic Versioning (https://semver.org/)
|
||||
version: 0.4.0
|
||||
version: 0.3.1
|
||||
|
||||
# This is the version number of the application being deployed. This version number should be
|
||||
# incremented each time you make changes to the application. Versions are not expected to
|
||||
|
||||
@@ -19,6 +19,5 @@ Service utilizes the Spotahome Redis Operator for efficient management and orche
|
||||
| `size` | Persistent Volume size | `1Gi` |
|
||||
| `replicas` | Number of Redis replicas | `2` |
|
||||
| `storageClass` | StorageClass used to store the data | `""` |
|
||||
| `authEnabled` | Enable password generation | `true` |
|
||||
|
||||
|
||||
|
||||
@@ -13,10 +13,3 @@ rules:
|
||||
- rfrs-{{ .Release.Name }}
|
||||
- "{{ .Release.Name }}-external-lb"
|
||||
verbs: ["get", "list", "watch"]
|
||||
- apiGroups:
|
||||
- ""
|
||||
resources:
|
||||
- secrets
|
||||
resourceNames:
|
||||
- "{{ .Release.Name }}-auth"
|
||||
verbs: ["get", "list", "watch"]
|
||||
|
||||
@@ -1,20 +1,3 @@
|
||||
{{- if .Values.authEnabled }}
|
||||
{{- $existingPassword := lookup "v1" "Secret" .Release.Namespace (printf "%s-auth" .Release.Name) }}
|
||||
{{- $password := randAlphaNum 32 | b64enc }}
|
||||
{{- if $existingPassword }}
|
||||
{{- $password = index $existingPassword.data "password" }}
|
||||
{{- end }}
|
||||
---
|
||||
apiVersion: v1
|
||||
kind: Secret
|
||||
metadata:
|
||||
name: {{ .Release.Name }}-auth
|
||||
data:
|
||||
password: {{ $password }}
|
||||
{{- end }}
|
||||
|
||||
---
|
||||
|
||||
apiVersion: databases.spotahome.com/v1
|
||||
kind: RedisFailover
|
||||
metadata:
|
||||
@@ -69,7 +52,3 @@ spec:
|
||||
- appendonly no
|
||||
- save ""
|
||||
{{- end }}
|
||||
{{- if .Values.authEnabled }}
|
||||
auth:
|
||||
secretPath: {{ .Release.Name }}-auth
|
||||
{{- end }}
|
||||
|
||||
@@ -21,11 +21,6 @@
|
||||
"type": "string",
|
||||
"description": "StorageClass used to store the data",
|
||||
"default": ""
|
||||
},
|
||||
"authEnabled": {
|
||||
"type": "boolean",
|
||||
"description": "Enable password generation",
|
||||
"default": true
|
||||
}
|
||||
}
|
||||
}
|
||||
@@ -4,10 +4,8 @@
|
||||
## @param size Persistent Volume size
|
||||
## @param replicas Number of Redis replicas
|
||||
## @param storageClass StorageClass used to store the data
|
||||
## @param authEnabled Enable password generation
|
||||
##
|
||||
external: false
|
||||
size: 1Gi
|
||||
replicas: 2
|
||||
storageClass: ""
|
||||
authEnabled: true
|
||||
|
||||
@@ -4,4 +4,4 @@ description: Separated tenant namespace
|
||||
icon: /logos/tenant.svg
|
||||
|
||||
type: application
|
||||
version: 1.6.5
|
||||
version: 1.6.2
|
||||
|
||||
@@ -14,8 +14,6 @@ metadata:
|
||||
kubernetes.io/service-account.name: {{ include "tenant.name" . }}
|
||||
type: kubernetes.io/service-account-token
|
||||
---
|
||||
# == default role ==
|
||||
---
|
||||
apiVersion: rbac.authorization.k8s.io/v1
|
||||
kind: Role
|
||||
metadata:
|
||||
@@ -31,10 +29,9 @@ rules:
|
||||
- apiGroups: ["rbac.authorization.k8s.io"]
|
||||
resources: ["roles"]
|
||||
verbs: ["get"]
|
||||
- apiGroups: ["apps.cozystack.io"]
|
||||
resources: ['*']
|
||||
verbs: ['*']
|
||||
|
||||
- apiGroups: ["helm.toolkit.fluxcd.io"]
|
||||
resources: ["helmreleases"]
|
||||
verbs: ["*"]
|
||||
---
|
||||
apiVersion: rbac.authorization.k8s.io/v1
|
||||
kind: RoleBinding
|
||||
@@ -65,7 +62,18 @@ roleRef:
|
||||
name: {{ include "tenant.name" . }}
|
||||
apiGroup: rbac.authorization.k8s.io
|
||||
---
|
||||
# == view role ==
|
||||
apiVersion: rbac.authorization.k8s.io/v1
|
||||
kind: Role
|
||||
metadata:
|
||||
name: {{ include "tenant.name" . }}
|
||||
namespace: cozy-public
|
||||
rules:
|
||||
- apiGroups: ["source.toolkit.fluxcd.io"]
|
||||
resources: ["helmrepositories"]
|
||||
verbs: ["get", "list"]
|
||||
- apiGroups: ["source.toolkit.fluxcd.io"]
|
||||
resources: ["helmcharts"]
|
||||
verbs: ["*"]
|
||||
---
|
||||
kind: Role
|
||||
apiVersion: rbac.authorization.k8s.io/v1
|
||||
@@ -87,6 +95,14 @@ rules:
|
||||
- get
|
||||
- list
|
||||
- watch
|
||||
- apiGroups:
|
||||
- helm.toolkit.fluxcd.io
|
||||
resources:
|
||||
- helmreleases
|
||||
verbs:
|
||||
- get
|
||||
- list
|
||||
- watch
|
||||
- apiGroups:
|
||||
- ""
|
||||
resources:
|
||||
@@ -103,38 +119,22 @@ rules:
|
||||
- get
|
||||
- list
|
||||
- watch
|
||||
|
||||
---
|
||||
|
||||
kind: RoleBinding
|
||||
apiVersion: rbac.authorization.k8s.io/v1
|
||||
metadata:
|
||||
name: {{ include "tenant.name" . }}-view
|
||||
namespace: {{ include "tenant.name" . }}
|
||||
subjects:
|
||||
{{- if ne .Release.Namespace "tenant-root" }}
|
||||
- kind: Group
|
||||
name: tenant-root-view
|
||||
apiGroup: rbac.authorization.k8s.io
|
||||
{{- end }}
|
||||
- kind: Group
|
||||
name: {{ include "tenant.name" . }}-view
|
||||
apiGroup: rbac.authorization.k8s.io
|
||||
{{- if hasPrefix "tenant-" .Release.Namespace }}
|
||||
{{- $parts := splitList "-" .Release.Namespace }}
|
||||
{{- range $i, $v := $parts }}
|
||||
{{- if ne $i 0 }}
|
||||
- kind: Group
|
||||
name: {{ join "-" (slice $parts 0 (add $i 1)) }}-view
|
||||
apiGroup: rbac.authorization.k8s.io
|
||||
{{- end }}
|
||||
{{- end }}
|
||||
{{- end }}
|
||||
- kind: Group
|
||||
name: {{ include "tenant.name" . }}-view
|
||||
apiGroup: rbac.authorization.k8s.io
|
||||
roleRef:
|
||||
kind: Role
|
||||
name: {{ include "tenant.name" . }}-view
|
||||
apiGroup: rbac.authorization.k8s.io
|
||||
|
||||
---
|
||||
# == use role ==
|
||||
---
|
||||
kind: Role
|
||||
apiVersion: rbac.authorization.k8s.io/v1
|
||||
@@ -154,6 +154,13 @@ rules:
|
||||
- get
|
||||
- list
|
||||
- watch
|
||||
- apiGroups: ["helm.toolkit.fluxcd.io"]
|
||||
resources:
|
||||
- helmreleases
|
||||
verbs:
|
||||
- get
|
||||
- list
|
||||
- watch
|
||||
- apiGroups: [""]
|
||||
resources:
|
||||
- "*"
|
||||
@@ -182,31 +189,14 @@ metadata:
|
||||
name: {{ include "tenant.name" . }}-use
|
||||
namespace: {{ include "tenant.name" . }}
|
||||
subjects:
|
||||
{{- if ne .Release.Namespace "tenant-root" }}
|
||||
- kind: Group
|
||||
name: tenant-root-use
|
||||
apiGroup: rbac.authorization.k8s.io
|
||||
{{- end }}
|
||||
- kind: Group
|
||||
name: {{ include "tenant.name" . }}-use
|
||||
apiGroup: rbac.authorization.k8s.io
|
||||
{{- if hasPrefix "tenant-" .Release.Namespace }}
|
||||
{{- $parts := splitList "-" .Release.Namespace }}
|
||||
{{- range $i, $v := $parts }}
|
||||
{{- if ne $i 0 }}
|
||||
- kind: Group
|
||||
name: {{ join "-" (slice $parts 0 (add $i 1)) }}-use
|
||||
apiGroup: rbac.authorization.k8s.io
|
||||
{{- end }}
|
||||
{{- end }}
|
||||
{{- end }}
|
||||
- kind: Group
|
||||
name: {{ include "tenant.name" . }}-use
|
||||
apiGroup: rbac.authorization.k8s.io
|
||||
roleRef:
|
||||
kind: Role
|
||||
name: {{ include "tenant.name" . }}-use
|
||||
apiGroup: rbac.authorization.k8s.io
|
||||
---
|
||||
# == admin role ==
|
||||
---
|
||||
kind: Role
|
||||
apiVersion: rbac.authorization.k8s.io/v1
|
||||
metadata:
|
||||
@@ -226,6 +216,13 @@ rules:
|
||||
- list
|
||||
- watch
|
||||
- delete
|
||||
- apiGroups: ["helm.toolkit.fluxcd.io"]
|
||||
resources:
|
||||
- helmreleases
|
||||
verbs:
|
||||
- get
|
||||
- list
|
||||
- watch
|
||||
- apiGroups: ["kubevirt.io"]
|
||||
resources:
|
||||
- virtualmachines
|
||||
@@ -266,6 +263,64 @@ rules:
|
||||
- update
|
||||
- patch
|
||||
- delete
|
||||
|
||||
|
||||
---
|
||||
apiVersion: rbac.authorization.k8s.io/v1
|
||||
kind: Role
|
||||
metadata:
|
||||
name: {{ include "tenant.name" . }}-admin
|
||||
namespace: cozy-public
|
||||
rules:
|
||||
- apiGroups: ["source.toolkit.fluxcd.io"]
|
||||
resources: ["helmrepositories"]
|
||||
verbs:
|
||||
- get
|
||||
- list
|
||||
- apiGroups:
|
||||
- source.toolkit.fluxcd.io
|
||||
resources:
|
||||
- helmcharts
|
||||
verbs:
|
||||
- get
|
||||
- list
|
||||
- apiGroups: ["source.toolkit.fluxcd.io"]
|
||||
resources:
|
||||
- helmcharts
|
||||
verbs: ["*"]
|
||||
resourceNames:
|
||||
- bucket
|
||||
- clickhouse
|
||||
- ferretdb
|
||||
- foo
|
||||
- httpcache
|
||||
- kafka
|
||||
- kubernetes
|
||||
- mysql
|
||||
- nats
|
||||
- postgres
|
||||
- rabbitmq
|
||||
- redis
|
||||
- seaweedfs
|
||||
- tcpbalancer
|
||||
- virtualmachine
|
||||
- vmdisk
|
||||
- vminstance
|
||||
|
||||
---
|
||||
apiVersion: rbac.authorization.k8s.io/v1
|
||||
kind: RoleBinding
|
||||
metadata:
|
||||
name: {{ include "tenant.name" . }}-admin
|
||||
namespace: cozy-public
|
||||
subjects:
|
||||
- kind: Group
|
||||
name: {{ include "tenant.name" . }}-admin
|
||||
apiGroup: rbac.authorization.k8s.io
|
||||
roleRef:
|
||||
kind: Role
|
||||
name: {{ include "tenant.name" . }}-admin
|
||||
apiGroup: rbac.authorization.k8s.io
|
||||
---
|
||||
kind: RoleBinding
|
||||
apiVersion: rbac.authorization.k8s.io/v1
|
||||
@@ -273,31 +328,14 @@ metadata:
|
||||
name: {{ include "tenant.name" . }}-admin
|
||||
namespace: {{ include "tenant.name" . }}
|
||||
subjects:
|
||||
{{- if ne .Release.Namespace "tenant-root" }}
|
||||
- kind: Group
|
||||
name: tenant-root-admin
|
||||
apiGroup: rbac.authorization.k8s.io
|
||||
{{- end }}
|
||||
- kind: Group
|
||||
name: {{ include "tenant.name" . }}-admin
|
||||
apiGroup: rbac.authorization.k8s.io
|
||||
{{- if hasPrefix "tenant-" .Release.Namespace }}
|
||||
{{- $parts := splitList "-" .Release.Namespace }}
|
||||
{{- range $i, $v := $parts }}
|
||||
{{- if ne $i 0 }}
|
||||
- kind: Group
|
||||
name: {{ join "-" (slice $parts 0 (add $i 1)) }}-admin
|
||||
apiGroup: rbac.authorization.k8s.io
|
||||
{{- end }}
|
||||
{{- end }}
|
||||
{{- end }}
|
||||
- kind: Group
|
||||
name: {{ include "tenant.name" . }}-admin
|
||||
apiGroup: rbac.authorization.k8s.io
|
||||
roleRef:
|
||||
kind: Role
|
||||
name: {{ include "tenant.name" . }}-admin
|
||||
apiGroup: rbac.authorization.k8s.io
|
||||
---
|
||||
# == super admin role ==
|
||||
---
|
||||
kind: Role
|
||||
apiVersion: rbac.authorization.k8s.io/v1
|
||||
metadata:
|
||||
@@ -317,6 +355,11 @@ rules:
|
||||
- list
|
||||
- watch
|
||||
- delete
|
||||
- apiGroups: ["helm.toolkit.fluxcd.io"]
|
||||
resources:
|
||||
- helmreleases
|
||||
verbs:
|
||||
- '*'
|
||||
- apiGroups: ["kubevirt.io"]
|
||||
resources:
|
||||
- virtualmachines
|
||||
@@ -334,6 +377,38 @@ rules:
|
||||
- '*'
|
||||
verbs:
|
||||
- '*'
|
||||
|
||||
|
||||
---
|
||||
apiVersion: rbac.authorization.k8s.io/v1
|
||||
kind: Role
|
||||
metadata:
|
||||
name: {{ include "tenant.name" . }}-super-admin
|
||||
namespace: cozy-public
|
||||
rules:
|
||||
- apiGroups: ["source.toolkit.fluxcd.io"]
|
||||
resources: ["helmrepositories"]
|
||||
verbs:
|
||||
- get
|
||||
- list
|
||||
- apiGroups: ["source.toolkit.fluxcd.io"]
|
||||
resources:
|
||||
- helmcharts
|
||||
verbs: ["*"]
|
||||
---
|
||||
apiVersion: rbac.authorization.k8s.io/v1
|
||||
kind: RoleBinding
|
||||
metadata:
|
||||
name: {{ include "tenant.name" . }}-super-admin
|
||||
namespace: cozy-public
|
||||
subjects:
|
||||
- kind: Group
|
||||
name: {{ include "tenant.name" . }}-super-admin
|
||||
apiGroup: rbac.authorization.k8s.io
|
||||
roleRef:
|
||||
kind: Role
|
||||
name: {{ include "tenant.name" . }}-super-admin
|
||||
apiGroup: rbac.authorization.k8s.io
|
||||
---
|
||||
kind: RoleBinding
|
||||
apiVersion: rbac.authorization.k8s.io/v1
|
||||
@@ -341,14 +416,6 @@ metadata:
|
||||
name: {{ include "tenant.name" . }}-super-admin
|
||||
namespace: {{ include "tenant.name" . }}
|
||||
subjects:
|
||||
{{- if ne .Release.Namespace "tenant-root" }}
|
||||
- kind: Group
|
||||
name: tenant-root-super-admin
|
||||
apiGroup: rbac.authorization.k8s.io
|
||||
{{- end }}
|
||||
- kind: Group
|
||||
name: {{ include "tenant.name" . }}-super-admin
|
||||
apiGroup: rbac.authorization.k8s.io
|
||||
{{- if hasPrefix "tenant-" .Release.Namespace }}
|
||||
{{- $parts := splitList "-" .Release.Namespace }}
|
||||
{{- range $i, $v := $parts }}
|
||||
@@ -359,48 +426,10 @@ subjects:
|
||||
{{- end }}
|
||||
{{- end }}
|
||||
{{- end }}
|
||||
- kind: Group
|
||||
name: {{ include "tenant.name" . }}-super-admin
|
||||
apiGroup: rbac.authorization.k8s.io
|
||||
roleRef:
|
||||
kind: Role
|
||||
name: {{ include "tenant.name" . }}-super-admin
|
||||
apiGroup: rbac.authorization.k8s.io
|
||||
---
|
||||
# == dashboard role ==
|
||||
---
|
||||
apiVersion: rbac.authorization.k8s.io/v1
|
||||
kind: Role
|
||||
metadata:
|
||||
name: {{ include "tenant.name" . }}
|
||||
namespace: cozy-public
|
||||
rules:
|
||||
- apiGroups: ["source.toolkit.fluxcd.io"]
|
||||
resources: ["helmrepositories"]
|
||||
verbs: ["get", "list"]
|
||||
- apiGroups: ["source.toolkit.fluxcd.io"]
|
||||
resources: ["helmcharts"]
|
||||
verbs: ["get", "list"]
|
||||
---
|
||||
apiVersion: rbac.authorization.k8s.io/v1
|
||||
kind: RoleBinding
|
||||
metadata:
|
||||
name: {{ include "tenant.name" . }}
|
||||
namespace: cozy-public
|
||||
subjects:
|
||||
- kind: Group
|
||||
name: {{ include "tenant.name" . }}-super-admin
|
||||
apiGroup: rbac.authorization.k8s.io
|
||||
- kind: Group
|
||||
name: {{ include "tenant.name" . }}-admin
|
||||
apiGroup: rbac.authorization.k8s.io
|
||||
- kind: Group
|
||||
name: {{ include "tenant.name" . }}-use
|
||||
apiGroup: rbac.authorization.k8s.io
|
||||
- kind: Group
|
||||
name: {{ include "tenant.name" . }}-view
|
||||
apiGroup: rbac.authorization.k8s.io
|
||||
- kind: ServiceAccount
|
||||
name: {{ include "tenant.name" . }}
|
||||
namespace: {{ include "tenant.name" . }}
|
||||
roleRef:
|
||||
kind: Role
|
||||
name: {{ include "tenant.name" . }}
|
||||
apiGroup: rbac.authorization.k8s.io
|
||||
|
||||
@@ -76,8 +76,7 @@ rabbitmq 0.4.3 HEAD
|
||||
redis 0.1.1 f642698
|
||||
redis 0.2.0 5ca8823
|
||||
redis 0.3.0 c07c4bbd
|
||||
redis 0.3.1 b7375f73
|
||||
redis 0.4.0 HEAD
|
||||
redis 0.3.1 HEAD
|
||||
tcp-balancer 0.1.0 f642698
|
||||
tcp-balancer 0.2.0 HEAD
|
||||
tenant 0.1.3 3d1b86c
|
||||
@@ -92,10 +91,7 @@ tenant 1.4.0 94c688f7
|
||||
tenant 1.5.0 48128743
|
||||
tenant 1.6.0 df448b99
|
||||
tenant 1.6.1 edbbb9be
|
||||
tenant 1.6.2 ccedc5fe
|
||||
tenant 1.6.3 2057bb96
|
||||
tenant 1.6.4 3c9e50a4
|
||||
tenant 1.6.5 HEAD
|
||||
tenant 1.6.2 HEAD
|
||||
virtual-machine 0.1.4 f2015d6
|
||||
virtual-machine 0.1.5 7cd7de7
|
||||
virtual-machine 0.2.0 5ca8823
|
||||
@@ -103,8 +99,7 @@ virtual-machine 0.3.0 b908400
|
||||
virtual-machine 0.4.0 4746d51
|
||||
virtual-machine 0.5.0 HEAD
|
||||
vm-disk 0.1.0 HEAD
|
||||
vm-instance 0.1.0 ced8e5b9
|
||||
vm-instance 0.2.0 HEAD
|
||||
vm-instance 0.1.0 HEAD
|
||||
vpn 0.1.0 f642698
|
||||
vpn 0.2.0 7151424
|
||||
vpn 0.3.0 a2bcf100
|
||||
|
||||
@@ -17,10 +17,10 @@ type: application
|
||||
# This is the chart version. This version number should be incremented each time you make changes
|
||||
# to the chart and its templates, including the app version.
|
||||
# Versions are expected to follow Semantic Versioning (https://semver.org/)
|
||||
version: 0.2.0
|
||||
version: 0.1.0
|
||||
|
||||
# This is the version number of the application being deployed. This version number should be
|
||||
# incremented each time you make changes to the application. Versions are not expected to
|
||||
# follow Semantic Versioning. They should reflect the version the application is using.
|
||||
# It is recommended to use it with quotes.
|
||||
appVersion: "0.2.0"
|
||||
appVersion: "0.1.0"
|
||||
|
||||
@@ -85,7 +85,7 @@ spec:
|
||||
{{- range .Values.disks }}
|
||||
- name: disk-{{ .name }}
|
||||
dataVolume:
|
||||
name: vm-disk-{{ .name }}
|
||||
name: {{ .name }}
|
||||
{{- end }}
|
||||
{{- if or .Values.sshKeys .Values.cloudInit }}
|
||||
- name: cloudinitdisk
|
||||
|
||||
@@ -18,8 +18,8 @@ instanceProfile: ubuntu
|
||||
## @param disks [array] List of disks to attach
|
||||
## Example:
|
||||
## disks:
|
||||
## - name: example-system
|
||||
## - name: example-data
|
||||
## - name: vm-disk-example-system
|
||||
## - name: vm-disk-example-data
|
||||
disks: []
|
||||
|
||||
## @param resources.cpu The number of CPU cores allocated to the virtual machine
|
||||
|
||||
@@ -38,8 +38,8 @@ image-cozystack:
|
||||
rm -f images/cozystack.json
|
||||
|
||||
image-talos:
|
||||
test -f ../../../_out/assets/installer-amd64-secureboot.tar || make talos-installer
|
||||
docker load -i ../../../_out/assets/installer-amd64-secureboot.tar
|
||||
test -f ../../../_out/assets/installer-amd64.tar || make talos-installer
|
||||
docker load -i ../../../_out/assets/installer-amd64.tar
|
||||
docker tag ghcr.io/siderolabs/installer:$(TALOS_VERSION) $(REGISTRY)/talos:$(call settag,$(TALOS_VERSION))
|
||||
docker push $(REGISTRY)/talos:$(call settag,$(TALOS_VERSION))
|
||||
|
||||
@@ -59,17 +59,8 @@ image-matchbox:
|
||||
|
||||
assets: talos-iso talos-nocloud talos-metal
|
||||
|
||||
talos-initramfs talos-kernel talos-installer talos-iso talos-nocloud talos-metal: secureboot-keys
|
||||
talos-initramfs talos-kernel talos-installer talos-iso talos-nocloud talos-metal:
|
||||
mkdir -p ../../../_out/assets
|
||||
docker rm -f talos-imager 2>/dev/null || true
|
||||
docker run -d --rm --name talos-imager --privileged -v /dev:/dev --entrypoint=/bin/sleep "ghcr.io/siderolabs/imager:$(TALOS_VERSION)" infinity
|
||||
docker cp ../../../_out/secureboot talos-imager:/secureboot && \
|
||||
cat images/talos/profiles/$(subst talos-,,$@).yaml | \
|
||||
docker exec -i talos-imager /bin/imager --tar-to-stdout - | \
|
||||
tar -C ../../../_out/assets -xzf- ; \
|
||||
docker rm -f talos-imager
|
||||
|
||||
secureboot-keys:
|
||||
test -d ../../../_out/secureboot || ( \
|
||||
talosctl gen secureboot uki --common-name "SecureBoot Key" -o ../../../_out/secureboot/ && \
|
||||
talosctl gen secureboot pcr -o ../../../_out/secureboot/ )
|
||||
docker run --rm -i -v /dev:/dev --privileged "ghcr.io/siderolabs/imager:$(TALOS_VERSION)" --tar-to-stdout - | \
|
||||
tar -C ../../../_out/assets -xzf-
|
||||
|
||||
@@ -3,24 +3,24 @@
|
||||
arch: amd64
|
||||
platform: metal
|
||||
secureboot: false
|
||||
version: v1.9.1
|
||||
version: v1.8.3
|
||||
input:
|
||||
kernel:
|
||||
path: /usr/install/amd64/vmlinuz
|
||||
initramfs:
|
||||
path: /usr/install/amd64/initramfs.xz
|
||||
baseInstaller:
|
||||
imageRef: ghcr.io/siderolabs/installer:v1.9.1
|
||||
imageRef: ghcr.io/siderolabs/installer:v1.8.3
|
||||
systemExtensions:
|
||||
- imageRef: ghcr.io/siderolabs/amd-ucode:20241210
|
||||
- imageRef: ghcr.io/siderolabs/amd-ucode:20241110
|
||||
- imageRef: ghcr.io/siderolabs/amdgpu-firmware:20241110
|
||||
- imageRef: ghcr.io/siderolabs/bnx2-bnx2x:20241210
|
||||
- imageRef: ghcr.io/siderolabs/bnx2-bnx2x:20241110
|
||||
- imageRef: ghcr.io/siderolabs/i915-ucode:20241110
|
||||
- imageRef: ghcr.io/siderolabs/intel-ice-firmware:20241210
|
||||
- imageRef: ghcr.io/siderolabs/intel-ice-firmware:20241110
|
||||
- imageRef: ghcr.io/siderolabs/intel-ucode:20241112
|
||||
- imageRef: ghcr.io/siderolabs/qlogic-firmware:20241210
|
||||
- imageRef: ghcr.io/siderolabs/drbd:9.2.12-v1.9.1
|
||||
- imageRef: ghcr.io/kvaps/talos/zfs:2.2.7-v1.9.1-2-gc043c0a
|
||||
- imageRef: ghcr.io/siderolabs/qlogic-firmware:20241110
|
||||
- imageRef: ghcr.io/siderolabs/drbd:9.2.11-v1.8.3
|
||||
- imageRef: ghcr.io/siderolabs/zfs:2.2.6-v1.8.3
|
||||
output:
|
||||
kind: initramfs
|
||||
imageOptions: {}
|
||||
|
||||
@@ -2,29 +2,26 @@
|
||||
# do not edit it
|
||||
arch: amd64
|
||||
platform: metal
|
||||
version: v1.9.1
|
||||
secureboot: true
|
||||
secureboot: false
|
||||
version: v1.8.3
|
||||
input:
|
||||
kernel:
|
||||
path: /usr/install/amd64/vmlinuz
|
||||
initramfs:
|
||||
path: /usr/install/amd64/initramfs.xz
|
||||
baseInstaller:
|
||||
imageRef: ghcr.io/siderolabs/installer:v1.9.1
|
||||
imageRef: ghcr.io/siderolabs/installer:v1.8.3
|
||||
systemExtensions:
|
||||
- imageRef: ghcr.io/siderolabs/amd-ucode:20241210
|
||||
- imageRef: ghcr.io/siderolabs/amd-ucode:20241110
|
||||
- imageRef: ghcr.io/siderolabs/amdgpu-firmware:20241110
|
||||
- imageRef: ghcr.io/siderolabs/bnx2-bnx2x:20241210
|
||||
- imageRef: ghcr.io/siderolabs/bnx2-bnx2x:20241110
|
||||
- imageRef: ghcr.io/siderolabs/i915-ucode:20241110
|
||||
- imageRef: ghcr.io/siderolabs/intel-ice-firmware:20241210
|
||||
- imageRef: ghcr.io/siderolabs/intel-ice-firmware:20241110
|
||||
- imageRef: ghcr.io/siderolabs/intel-ucode:20241112
|
||||
- imageRef: ghcr.io/siderolabs/qlogic-firmware:20241210
|
||||
- imageRef: ghcr.io/siderolabs/drbd:9.2.12-v1.9.1
|
||||
- imageRef: ghcr.io/kvaps/talos/zfs:2.2.7-v1.9.1-2-gc043c0a
|
||||
- imageRef: ghcr.io/siderolabs/qlogic-firmware:20241110
|
||||
- imageRef: ghcr.io/siderolabs/drbd:9.2.11-v1.8.3
|
||||
- imageRef: ghcr.io/siderolabs/zfs:2.2.6-v1.8.3
|
||||
output:
|
||||
kind: installer
|
||||
imageOptions: {}
|
||||
outFormat: raw
|
||||
customization:
|
||||
extraKernelArgs:
|
||||
- -selinux
|
||||
|
||||
@@ -3,24 +3,24 @@
|
||||
arch: amd64
|
||||
platform: metal
|
||||
secureboot: false
|
||||
version: v1.9.1
|
||||
version: v1.8.3
|
||||
input:
|
||||
kernel:
|
||||
path: /usr/install/amd64/vmlinuz
|
||||
initramfs:
|
||||
path: /usr/install/amd64/initramfs.xz
|
||||
baseInstaller:
|
||||
imageRef: ghcr.io/siderolabs/installer:v1.9.1
|
||||
imageRef: ghcr.io/siderolabs/installer:v1.8.3
|
||||
systemExtensions:
|
||||
- imageRef: ghcr.io/siderolabs/amd-ucode:20241210
|
||||
- imageRef: ghcr.io/siderolabs/amd-ucode:20241110
|
||||
- imageRef: ghcr.io/siderolabs/amdgpu-firmware:20241110
|
||||
- imageRef: ghcr.io/siderolabs/bnx2-bnx2x:20241210
|
||||
- imageRef: ghcr.io/siderolabs/bnx2-bnx2x:20241110
|
||||
- imageRef: ghcr.io/siderolabs/i915-ucode:20241110
|
||||
- imageRef: ghcr.io/siderolabs/intel-ice-firmware:20241210
|
||||
- imageRef: ghcr.io/siderolabs/intel-ice-firmware:20241110
|
||||
- imageRef: ghcr.io/siderolabs/intel-ucode:20241112
|
||||
- imageRef: ghcr.io/siderolabs/qlogic-firmware:20241210
|
||||
- imageRef: ghcr.io/siderolabs/drbd:9.2.12-v1.9.1
|
||||
- imageRef: ghcr.io/kvaps/talos/zfs:2.2.7-v1.9.1-2-gc043c0a
|
||||
- imageRef: ghcr.io/siderolabs/qlogic-firmware:20241110
|
||||
- imageRef: ghcr.io/siderolabs/drbd:9.2.11-v1.8.3
|
||||
- imageRef: ghcr.io/siderolabs/zfs:2.2.6-v1.8.3
|
||||
output:
|
||||
kind: iso
|
||||
imageOptions: {}
|
||||
|
||||
@@ -3,24 +3,24 @@
|
||||
arch: amd64
|
||||
platform: metal
|
||||
secureboot: false
|
||||
version: v1.9.1
|
||||
version: v1.8.3
|
||||
input:
|
||||
kernel:
|
||||
path: /usr/install/amd64/vmlinuz
|
||||
initramfs:
|
||||
path: /usr/install/amd64/initramfs.xz
|
||||
baseInstaller:
|
||||
imageRef: ghcr.io/siderolabs/installer:v1.9.1
|
||||
imageRef: ghcr.io/siderolabs/installer:v1.8.3
|
||||
systemExtensions:
|
||||
- imageRef: ghcr.io/siderolabs/amd-ucode:20241210
|
||||
- imageRef: ghcr.io/siderolabs/amd-ucode:20241110
|
||||
- imageRef: ghcr.io/siderolabs/amdgpu-firmware:20241110
|
||||
- imageRef: ghcr.io/siderolabs/bnx2-bnx2x:20241210
|
||||
- imageRef: ghcr.io/siderolabs/bnx2-bnx2x:20241110
|
||||
- imageRef: ghcr.io/siderolabs/i915-ucode:20241110
|
||||
- imageRef: ghcr.io/siderolabs/intel-ice-firmware:20241210
|
||||
- imageRef: ghcr.io/siderolabs/intel-ice-firmware:20241110
|
||||
- imageRef: ghcr.io/siderolabs/intel-ucode:20241112
|
||||
- imageRef: ghcr.io/siderolabs/qlogic-firmware:20241210
|
||||
- imageRef: ghcr.io/siderolabs/drbd:9.2.12-v1.9.1
|
||||
- imageRef: ghcr.io/kvaps/talos/zfs:2.2.7-v1.9.1-2-gc043c0a
|
||||
- imageRef: ghcr.io/siderolabs/qlogic-firmware:20241110
|
||||
- imageRef: ghcr.io/siderolabs/drbd:9.2.11-v1.8.3
|
||||
- imageRef: ghcr.io/siderolabs/zfs:2.2.6-v1.8.3
|
||||
output:
|
||||
kind: kernel
|
||||
imageOptions: {}
|
||||
|
||||
@@ -3,24 +3,24 @@
|
||||
arch: amd64
|
||||
platform: metal
|
||||
secureboot: false
|
||||
version: v1.9.1
|
||||
version: v1.8.3
|
||||
input:
|
||||
kernel:
|
||||
path: /usr/install/amd64/vmlinuz
|
||||
initramfs:
|
||||
path: /usr/install/amd64/initramfs.xz
|
||||
baseInstaller:
|
||||
imageRef: ghcr.io/siderolabs/installer:v1.9.1
|
||||
imageRef: ghcr.io/siderolabs/installer:v1.8.3
|
||||
systemExtensions:
|
||||
- imageRef: ghcr.io/siderolabs/amd-ucode:20241210
|
||||
- imageRef: ghcr.io/siderolabs/amd-ucode:20241110
|
||||
- imageRef: ghcr.io/siderolabs/amdgpu-firmware:20241110
|
||||
- imageRef: ghcr.io/siderolabs/bnx2-bnx2x:20241210
|
||||
- imageRef: ghcr.io/siderolabs/bnx2-bnx2x:20241110
|
||||
- imageRef: ghcr.io/siderolabs/i915-ucode:20241110
|
||||
- imageRef: ghcr.io/siderolabs/intel-ice-firmware:20241210
|
||||
- imageRef: ghcr.io/siderolabs/intel-ice-firmware:20241110
|
||||
- imageRef: ghcr.io/siderolabs/intel-ucode:20241112
|
||||
- imageRef: ghcr.io/siderolabs/qlogic-firmware:20241210
|
||||
- imageRef: ghcr.io/siderolabs/drbd:9.2.12-v1.9.1
|
||||
- imageRef: ghcr.io/kvaps/talos/zfs:2.2.7-v1.9.1-2-gc043c0a
|
||||
- imageRef: ghcr.io/siderolabs/qlogic-firmware:20241110
|
||||
- imageRef: ghcr.io/siderolabs/drbd:9.2.11-v1.8.3
|
||||
- imageRef: ghcr.io/siderolabs/zfs:2.2.6-v1.8.3
|
||||
output:
|
||||
kind: image
|
||||
imageOptions: { diskSize: 1306525696, diskFormat: raw }
|
||||
|
||||
@@ -3,24 +3,24 @@
|
||||
arch: amd64
|
||||
platform: nocloud
|
||||
secureboot: false
|
||||
version: v1.9.1
|
||||
version: v1.8.3
|
||||
input:
|
||||
kernel:
|
||||
path: /usr/install/amd64/vmlinuz
|
||||
initramfs:
|
||||
path: /usr/install/amd64/initramfs.xz
|
||||
baseInstaller:
|
||||
imageRef: ghcr.io/siderolabs/installer:v1.9.1
|
||||
imageRef: ghcr.io/siderolabs/installer:v1.8.3
|
||||
systemExtensions:
|
||||
- imageRef: ghcr.io/siderolabs/amd-ucode:20241210
|
||||
- imageRef: ghcr.io/siderolabs/amd-ucode:20241110
|
||||
- imageRef: ghcr.io/siderolabs/amdgpu-firmware:20241110
|
||||
- imageRef: ghcr.io/siderolabs/bnx2-bnx2x:20241210
|
||||
- imageRef: ghcr.io/siderolabs/bnx2-bnx2x:20241110
|
||||
- imageRef: ghcr.io/siderolabs/i915-ucode:20241110
|
||||
- imageRef: ghcr.io/siderolabs/intel-ice-firmware:20241210
|
||||
- imageRef: ghcr.io/siderolabs/intel-ice-firmware:20241110
|
||||
- imageRef: ghcr.io/siderolabs/intel-ucode:20241112
|
||||
- imageRef: ghcr.io/siderolabs/qlogic-firmware:20241210
|
||||
- imageRef: ghcr.io/siderolabs/drbd:9.2.12-v1.9.1
|
||||
- imageRef: ghcr.io/kvaps/talos/zfs:2.2.7-v1.9.1-2-gc043c0a
|
||||
- imageRef: ghcr.io/siderolabs/qlogic-firmware:20241110
|
||||
- imageRef: ghcr.io/siderolabs/drbd:9.2.11-v1.8.3
|
||||
- imageRef: ghcr.io/siderolabs/zfs:2.2.6-v1.8.3
|
||||
output:
|
||||
kind: image
|
||||
imageOptions: { diskSize: 1306525696, diskFormat: raw }
|
||||
|
||||
@@ -1,2 +1,2 @@
|
||||
cozystack:
|
||||
image: ghcr.io/aenix-io/cozystack/cozystack:v0.21.0@sha256:90487dafccb12705b5e9760595b43c0352f3a94551c55c5fa7778bf9173d1737
|
||||
image: ghcr.io/aenix-io/cozystack/cozystack:v0.20.2@sha256:061668fa81344302f1097482418fe7925d77ca74ccc856dcb739119590523136
|
||||
|
||||
@@ -210,32 +210,35 @@ releases:
|
||||
chart: cozy-dashboard
|
||||
namespace: cozy-dashboard
|
||||
dependsOn: [cilium,kubeovn,keycloak-configure]
|
||||
{{- if .Capabilities.APIVersions.Has "source.toolkit.fluxcd.io/v1" }}
|
||||
{{- with (lookup "source.toolkit.fluxcd.io/v1" "HelmRepository" "cozy-public" "").items }}
|
||||
values:
|
||||
{{- if .Capabilities.APIVersions.Has "source.toolkit.fluxcd.io/v1" }}
|
||||
{{- with (lookup "source.toolkit.fluxcd.io/v1" "HelmRepository" "cozy-public" "").items }}
|
||||
redis:
|
||||
master:
|
||||
podAnnotations:
|
||||
{{- range $index, $repo := . }}
|
||||
{{- with (($repo.status).artifact).revision }}
|
||||
repository.cozystack.io/{{ $repo.metadata.name }}: {{ quote . }}
|
||||
{{- end }}
|
||||
{{- end }}
|
||||
{{- end }}
|
||||
{{- end }}
|
||||
|
||||
{{- $dashboardKCconfig := lookup "v1" "ConfigMap" "cozy-dashboard" "kubeapps-auth-config" }}
|
||||
{{- $dashboardKCValues := dig "data" "values.yaml" "" $dashboardKCconfig }}
|
||||
{{- if $dashboardKCValues }}
|
||||
{{- $dashboardKCValues | nindent 4 }}
|
||||
{{- end }}
|
||||
|
||||
redis:
|
||||
master:
|
||||
podAnnotations:
|
||||
{{- range $index, $repo := . }}
|
||||
{{- with (($repo.status).artifact).revision }}
|
||||
repository.cozystack.io/{{ $repo.metadata.name }}: {{ quote . }}
|
||||
{{- end }}
|
||||
{{- end }}
|
||||
{{- end }}
|
||||
{{- end }}
|
||||
{{- if eq $oidcEnabled "true" }}
|
||||
dependsOn: [keycloak-configure]
|
||||
valuesFrom:
|
||||
- kind: ConfigMap
|
||||
name: kubeapps-auth-config
|
||||
valuesKey: values.yaml
|
||||
{{- else }}
|
||||
dependsOn: []
|
||||
{{- end }}
|
||||
|
||||
- name: console
|
||||
releaseName: console
|
||||
chart: cozy-console
|
||||
namespace: cozy-console
|
||||
dependsOn: [cilium,kubeovn]
|
||||
|
||||
- name: kamaji
|
||||
releaseName: kamaji
|
||||
chart: cozy-kamaji
|
||||
|
||||
@@ -139,9 +139,9 @@ releases:
|
||||
releaseName: dashboard
|
||||
chart: cozy-dashboard
|
||||
namespace: cozy-dashboard
|
||||
{{- if .Capabilities.APIVersions.Has "source.toolkit.fluxcd.io/v1" }}
|
||||
{{- with (lookup "source.toolkit.fluxcd.io/v1" "HelmRepository" "cozy-public" "").items }}
|
||||
values:
|
||||
{{- if .Capabilities.APIVersions.Has "source.toolkit.fluxcd.io/v1" }}
|
||||
{{- with (lookup "source.toolkit.fluxcd.io/v1" "HelmRepository" "cozy-public" "").items }}
|
||||
kubeapps:
|
||||
redis:
|
||||
master:
|
||||
@@ -151,21 +151,24 @@ releases:
|
||||
repository.cozystack.io/{{ $repo.metadata.name }}: {{ quote . }}
|
||||
{{- end }}
|
||||
{{- end }}
|
||||
{{- end }}
|
||||
{{- end }}
|
||||
|
||||
{{- $dashboardKCconfig := lookup "v1" "ConfigMap" "cozy-dashboard" "kubeapps-auth-config" }}
|
||||
{{- $dashboardKCValues := dig "data" "values.yaml" "" $dashboardKCconfig }}
|
||||
{{- if $dashboardKCValues }}
|
||||
{{- $dashboardKCValues | nindent 4 }}
|
||||
{{- end }}
|
||||
|
||||
{{- end }}
|
||||
{{- end }}
|
||||
{{- if eq $oidcEnabled "true" }}
|
||||
dependsOn: [keycloak-configure]
|
||||
valuesFrom:
|
||||
- kind: ConfigMap
|
||||
name: kubeapps-auth-config
|
||||
valuesKey: values.yaml
|
||||
{{- else }}
|
||||
dependsOn: []
|
||||
{{- end }}
|
||||
|
||||
- name: console
|
||||
releaseName: console
|
||||
chart: cozy-console
|
||||
namespace: cozy-console
|
||||
dependsOn: [cilium,kubeovn]
|
||||
|
||||
{{- if $oidcEnabled }}
|
||||
- name: keycloak
|
||||
releaseName: keycloak
|
||||
|
||||
@@ -1,8 +1,8 @@
|
||||
FROM ubuntu:22.04
|
||||
|
||||
ARG KUBECTL_VERSION=1.32.0
|
||||
ARG TALOSCTL_VERSION=1.8.4
|
||||
ARG HELM_VERSION=3.16.4
|
||||
ARG KUBECTL_VERSION=1.31.0
|
||||
ARG TALOSCTL_VERSION=1.7.6
|
||||
ARG HELM_VERSION=3.15.4
|
||||
|
||||
RUN apt-get update
|
||||
RUN apt-get -y install genisoimage qemu-kvm qemu-utils iproute2 iptables wget xz-utils netcat curl jq
|
||||
|
||||
@@ -1,2 +1,2 @@
|
||||
e2e:
|
||||
image: ghcr.io/aenix-io/cozystack/e2e-sandbox:v0.21.0@sha256:38229517c86e179984a6d39f5510b859d13d965e35b216bc01ce456f9ab5f8b5
|
||||
image: ghcr.io/aenix-io/cozystack/e2e-sandbox:v0.20.2@sha256:1a26a511b9e269bcb607e2d80f878d7c2d993b7a2a7a3a2a1042470c8c56b061
|
||||
|
||||
@@ -3,4 +3,4 @@ name: monitoring
|
||||
description: Monitoring and observability stack
|
||||
icon: /logos/monitoring.svg
|
||||
type: application
|
||||
version: 1.5.3
|
||||
version: 1.5.2
|
||||
|
||||
@@ -4,13 +4,12 @@
|
||||
|
||||
### Common parameters
|
||||
|
||||
| Name | Description | Value |
|
||||
| ------------------------------- | --------------------------------------------------------------------------------------------------------- | ------ |
|
||||
| `host` | The hostname used to access the grafana externally (defaults to 'grafana' subdomain for the tenant host). | `""` |
|
||||
| `metricsStorages` | Configuration of metrics storage instances | `[]` |
|
||||
| `logsStorages` | Configuration of logs storage instances | `[]` |
|
||||
| `alerta.storage` | Persistent Volume size for alerta database | `10Gi` |
|
||||
| `alerta.storageClassName` | StorageClass used to store the data | `""` |
|
||||
| `alerta.alerts.telegram.token` | telegram token for your bot | `""` |
|
||||
| `alerta.alerts.telegram.chatID` | specify multiple ID's separated by comma. Get yours in https://t.me/chatid_echo_bot | `""` |
|
||||
| `grafana.db.size` | Persistent Volume size for grafana database | `10Gi` |
|
||||
| Name | Description | Value |
|
||||
| ------------------------------- | --------------------------------------------------------------------------------------------------------- | ------------------------------------------------ |
|
||||
| `host` | The hostname used to access the grafana externally (defaults to 'grafana' subdomain for the tenant host). | `""` |
|
||||
| `metricsStorages` | Configuration of metrics storage instances | `[]` |
|
||||
| `logsStorages` | Configuration of logs storage instances | `[]` |
|
||||
| `alerta.storage` | Persistent Volume size for alerta database | `10Gi` |
|
||||
| `alerta.storageClassName` | StorageClass used to store the data | `""` |
|
||||
| `alerta.alerts.telegram.token` | telegram token for your bot | `7262461387:AAGtwq16iwuVtWtzoN6TUEMpF00fpC9Xz34` |
|
||||
| `alerta.alerts.telegram.chatID` | specify multiple ID's separated by comma. Get yours in https://t.me/chatid_echo_bot | `-4520856007` |
|
||||
|
||||
@@ -5,7 +5,7 @@ metadata:
|
||||
spec:
|
||||
instances: 2
|
||||
storage:
|
||||
size: {{ .Values.grafana.db.size }}
|
||||
size: 10Gi
|
||||
|
||||
inheritedMetadata:
|
||||
labels:
|
||||
|
||||
@@ -1,5 +1,5 @@
|
||||
{{- $cozyConfig := lookup "v1" "ConfigMap" "cozy-system" "cozystack" }}
|
||||
{{- $issuerType := (index $cozyConfig.data "clusterissuer") | default "http01" }}
|
||||
{{- $issuerType := (index $cozyConfig.data "clusterissuer") | default "http01" }}
|
||||
|
||||
{{- $myNS := lookup "v1" "Namespace" "" .Release.Namespace }}
|
||||
{{- $ingress := index $myNS.metadata.annotations "namespace.cozystack.io/ingress" }}
|
||||
@@ -30,7 +30,7 @@ spec:
|
||||
admin_user: user
|
||||
admin_password: ${GF_PASSWORD}
|
||||
plugins:
|
||||
allow_loading_unsigned_plugins: "victoriametrics-logs-datasource"
|
||||
allow_loading_unsigned_plugins: "victorialogs-datasource"
|
||||
deployment:
|
||||
spec:
|
||||
replicas: 2
|
||||
@@ -50,8 +50,8 @@ spec:
|
||||
- |
|
||||
set -ex
|
||||
mkdir -p /var/lib/grafana/plugins/
|
||||
ver=$(curl -s https://api.github.com/repos/VictoriaMetrics/victorialogs-datasource/releases/latest | grep -oE 'v0\.13\.[0-9]+' | head -1)
|
||||
curl -L https://github.com/VictoriaMetrics/victorialogs-datasource/releases/download/$ver/victoriametrics-logs-datasource-$ver.tar.gz -o /var/lib/grafana/plugins/vl-plugin.tar.gz
|
||||
ver=$(curl -s https://api.github.com/repos/VictoriaMetrics/victorialogs-datasource/releases/latest | grep -oE 'v[0-9]+\.[0-9]+\.[0-9]+' | head -1)
|
||||
curl -L https://github.com/VictoriaMetrics/victorialogs-datasource/releases/download/$ver/victorialogs-datasource-$ver.tar.gz -o /var/lib/grafana/plugins/vl-plugin.tar.gz
|
||||
tar -xf /var/lib/grafana/plugins/vl-plugin.tar.gz -C /var/lib/grafana/plugins/
|
||||
rm /var/lib/grafana/plugins/vl-plugin.tar.gz
|
||||
volumeMounts:
|
||||
|
||||
@@ -6,7 +6,7 @@ metadata:
|
||||
spec:
|
||||
datasource:
|
||||
access: proxy
|
||||
type: victoriametrics-logs-datasource
|
||||
type: victorialogs-datasource
|
||||
name: vlogs-{{ .name }}
|
||||
url: http://vlogs-{{ .name }}.{{ $.Release.Namespace }}.svc:9428
|
||||
instanceSelector:
|
||||
|
||||
@@ -34,12 +34,6 @@ spec:
|
||||
storage: 2Gi
|
||||
vmstorage:
|
||||
replicaCount: 2
|
||||
resources:
|
||||
limits:
|
||||
memory: 1000Mi
|
||||
requests:
|
||||
cpu: 100m
|
||||
memory: 500Mi
|
||||
storage:
|
||||
volumeClaimTemplate:
|
||||
spec:
|
||||
|
||||
@@ -45,33 +45,18 @@
|
||||
"token": {
|
||||
"type": "string",
|
||||
"description": "telegram token for your bot",
|
||||
"default": ""
|
||||
"default": "7262461387:AAGtwq16iwuVtWtzoN6TUEMpF00fpC9Xz34"
|
||||
},
|
||||
"chatID": {
|
||||
"type": "string",
|
||||
"description": "specify multiple ID's separated by comma. Get yours in https://t.me/chatid_echo_bot",
|
||||
"default": ""
|
||||
"default": "-4520856007"
|
||||
}
|
||||
}
|
||||
}
|
||||
}
|
||||
}
|
||||
}
|
||||
},
|
||||
"grafana": {
|
||||
"type": "object",
|
||||
"properties": {
|
||||
"db": {
|
||||
"type": "object",
|
||||
"properties": {
|
||||
"size": {
|
||||
"type": "string",
|
||||
"description": "Persistent Volume size for grafana database",
|
||||
"default": "10Gi"
|
||||
}
|
||||
}
|
||||
}
|
||||
}
|
||||
}
|
||||
}
|
||||
}
|
||||
|
||||
@@ -44,9 +44,3 @@ alerta:
|
||||
telegram:
|
||||
token: ""
|
||||
chatID: ""
|
||||
|
||||
## Configuration for Grafana
|
||||
## @param grafana.db.size Persistent Volume size for grafana database
|
||||
grafana:
|
||||
db:
|
||||
size: 10Gi
|
||||
|
||||
@@ -16,8 +16,7 @@ monitoring 1.3.0 6c5cf5b
|
||||
monitoring 1.4.0 adaf603b
|
||||
monitoring 1.5.0 4b90bf5a
|
||||
monitoring 1.5.1 57e90b70
|
||||
monitoring 1.5.2 898374b5
|
||||
monitoring 1.5.3 HEAD
|
||||
monitoring 1.5.2 HEAD
|
||||
seaweedfs 0.1.0 5ca8823
|
||||
seaweedfs 0.2.0 9e33dc0
|
||||
seaweedfs 0.2.1 HEAD
|
||||
|
||||
@@ -1 +1 @@
|
||||
ghcr.io/aenix-io/cozystack/s3manager:v0.5.0@sha256:109b1f36e85353066b387472aaab936d7d5b691ac99547312acd26484e3ebe8e
|
||||
ghcr.io/aenix-io/cozystack/s3manager:v0.5.0@sha256:e0cb068804546e4152ce4cf7a7c315a5a2a669a7236c9fe47371de934cdf99a9
|
||||
|
||||
3
packages/system/console/Chart.yaml
Normal file
3
packages/system/console/Chart.yaml
Normal file
@@ -0,0 +1,3 @@
|
||||
apiVersion: v2
|
||||
name: cozy-console
|
||||
version: 0.0.0 # Placeholder, the actual version will be automatically set during the build process
|
||||
5
packages/system/console/Makefile
Normal file
5
packages/system/console/Makefile
Normal file
@@ -0,0 +1,5 @@
|
||||
export NAME=console
|
||||
export NAMESPACE=cozy-$(NAME)
|
||||
|
||||
include ../../../scripts/common-envs.mk
|
||||
include ../../../scripts/package.mk
|
||||
23
packages/system/console/charts/openshift-console/.helmignore
Normal file
23
packages/system/console/charts/openshift-console/.helmignore
Normal file
@@ -0,0 +1,23 @@
|
||||
# Patterns to ignore when building packages.
|
||||
# This supports shell glob matching, relative path matching, and
|
||||
# negation (prefixed with !). Only one pattern per line.
|
||||
.DS_Store
|
||||
# Common VCS dirs
|
||||
.git/
|
||||
.gitignore
|
||||
.bzr/
|
||||
.bzrignore
|
||||
.hg/
|
||||
.hgignore
|
||||
.svn/
|
||||
# Common backup files
|
||||
*.swp
|
||||
*.bak
|
||||
*.tmp
|
||||
*.orig
|
||||
*~
|
||||
# Various IDEs
|
||||
.project
|
||||
.idea/
|
||||
*.tmproj
|
||||
.vscode/
|
||||
@@ -0,0 +1,7 @@
|
||||
apiVersion: v2
|
||||
appVersion: 4.20.0
|
||||
description: OpenShift Cluster Console UI
|
||||
icon: https://avatars0.githubusercontent.com/u/792337?s=200&v=4
|
||||
name: openshift-console
|
||||
type: application
|
||||
version: 0.3.6
|
||||
75
packages/system/console/charts/openshift-console/README.md
Normal file
75
packages/system/console/charts/openshift-console/README.md
Normal file
@@ -0,0 +1,75 @@
|
||||
# OpenShift Console (Bridge)
|
||||
|
||||
[Bridge](https://github.com/openshift/console) is the OpenShift console.
|
||||
|
||||
## TL;DR
|
||||
|
||||
```console
|
||||
$ helm repo add av1o https://av1o.gitlab.io/charts
|
||||
$ helm install bridge av1o/openshift-console
|
||||
```
|
||||
|
||||
## Introduction
|
||||
|
||||
This chart bootstraps a deployment of the OpenShift Console on a [Kubernetes](https://kubernetes.io) cluster using the [Helm](https://helm.sh) package manager.
|
||||
|
||||
The OpenShift Console is designed for running on OpenShift, however it works perfectly fine in native Kubernetes. Since the Console is unable to use the default OpenShift OAuth2, this chart is expecting a Dex deployment which is configured to generate OIDC tokens for the Kubernetes API server.
|
||||
This behaviour can be configured with the `extraEnv` map.
|
||||
|
||||
## Prerequisites
|
||||
|
||||
- Kubernetes 1.12+
|
||||
- Helm 3
|
||||
|
||||
## Installing the Chart
|
||||
To install the chart with the release name `my-release`:
|
||||
|
||||
```console
|
||||
$ helm install my-release av1o/openshift-console
|
||||
```
|
||||
|
||||
The command deploys the console on the Kubernetes cluster in the default configuration.
|
||||
|
||||
> **Tip**: List all releases using `helm list`
|
||||
|
||||
## Uninstalling the Chart
|
||||
|
||||
To uninstall/delete the `my-release` deployment:
|
||||
|
||||
```console
|
||||
$ helm delete my-release
|
||||
```
|
||||
|
||||
## Parameters
|
||||
|
||||
The following table lists the configurable parameters of the OpenShift Console chart and their default values.
|
||||
|
||||
| Parameter | Description | Default |
|
||||
|--------------------------------|------------------------------------------------------------------------------------------------------------------------------------------------|-------------------------------|
|
||||
| `replicaCount` | Number of pods to run | 1 |
|
||||
| `image.registry` | Docker image registry | `quay.io` |
|
||||
| `image.repository` | Docker image name | `openshift/origin-console` |
|
||||
| `image.pullPolicy` | Docker image pull policy | `IfNotPresent` |
|
||||
| `image.tag` | Docker image tag | `${CHART_VERSION}` |
|
||||
| `imagePullSecrets` | Specify Image pull secrets | `[]` |
|
||||
| `podAnnotations` | Map of annotations to add to the pods | See `values.yaml` |
|
||||
| `podSecurityContext` | Map of security context to add to the pod | See `values.yaml` |
|
||||
| `securityContext` | Map of security context to add to the container | See `values.yaml` |
|
||||
| `service.type` | Service type | `ClusterIP` |
|
||||
| `extraEnv` | Map of environment variables to include in the container | `{}` |
|
||||
| `console.dex.host` | HTTP(S) address of the Dex instance | `https://dex.example.org` |
|
||||
| `console.baseUrl` | HTTP(S) address of the Console | `https://console.example.org` |
|
||||
| `console.impersonateOpenShift` | Install CRDs to trick the Console into showing some OpenShift-exclusive actions which work on Kubernetes. Note: requires `cluster-admin` | `false` |
|
||||
| `console.oidc.enabled` | Enable OIDC authentication | `true` |
|
||||
| `console.oidc.issuerUrl` | Issuer of the OIDC server | `https://dex.example.org` |
|
||||
| `console.oidc.clientId` | OIDC client ID | `kubernetes` |
|
||||
| `console.oidc.clientSecret` | OIDC client secret | `hunter2` |
|
||||
| `rbac.enabled` | Install RBAC to trick the Console into behaving closer to how OpenShift does. Required `cluster-admin` and `console.impersonateOpenShift=true` | `false` |
|
||||
| `ingress.className` | IngressClass resource to use. | |
|
||||
| `sidecars` | Arbitrary sidecars to include as-is | `[]` |
|
||||
|
||||
Specify each parameter using the `--set key=value[,key=value]` argument to `helm install`.
|
||||
|
||||
### Version `0.2.X`
|
||||
|
||||
Version `0.2.0` and above require the `networking.k8s.io/v1` API for Ingress which is available in Kubernetes 1.19 and above.
|
||||
@@ -0,0 +1,4 @@
|
||||
hostAliases:
|
||||
- ip: "127.0.0.1"
|
||||
hostnames:
|
||||
- "kubernetes.default.svc"
|
||||
@@ -0,0 +1,7 @@
|
||||
sidecars:
|
||||
- name: your-image-name
|
||||
image: your-image
|
||||
imagePullPolicy: Always
|
||||
ports:
|
||||
- name: portname
|
||||
containerPort: 1234
|
||||
@@ -0,0 +1,21 @@
|
||||
1. Get the application URL by running these commands:
|
||||
{{- if .Values.ingress.enabled }}
|
||||
{{- range $host := .Values.ingress.hosts }}
|
||||
{{- range .paths }}
|
||||
http{{ if $.Values.ingress.tls }}s{{ end }}://{{ $host.host }}{{ . }}
|
||||
{{- end }}
|
||||
{{- end }}
|
||||
{{- else if contains "NodePort" .Values.service.type }}
|
||||
export NODE_PORT=$(kubectl get --namespace {{ .Release.Namespace }} -o jsonpath="{.spec.ports[0].nodePort}" services {{ include "openshift-console.fullname" . }})
|
||||
export NODE_IP=$(kubectl get nodes --namespace {{ .Release.Namespace }} -o jsonpath="{.items[0].status.addresses[0].address}")
|
||||
echo http://$NODE_IP:$NODE_PORT
|
||||
{{- else if contains "LoadBalancer" .Values.service.type }}
|
||||
NOTE: It may take a few minutes for the LoadBalancer IP to be available.
|
||||
You can watch the status of by running 'kubectl get --namespace {{ .Release.Namespace }} svc -w {{ include "openshift-console.fullname" . }}'
|
||||
export SERVICE_IP=$(kubectl get svc --namespace {{ .Release.Namespace }} {{ include "openshift-console.fullname" . }} --template "{{"{{ range (index .status.loadBalancer.ingress 0) }}{{.}}{{ end }}"}}")
|
||||
echo http://$SERVICE_IP:{{ .Values.service.port }}
|
||||
{{- else if contains "ClusterIP" .Values.service.type }}
|
||||
export POD_NAME=$(kubectl get pods --namespace {{ .Release.Namespace }} -l "app.kubernetes.io/name={{ include "openshift-console.name" . }},app.kubernetes.io/instance={{ .Release.Name }}" -o jsonpath="{.items[0].metadata.name}")
|
||||
echo "Visit http://127.0.0.1:8080 to use your application"
|
||||
kubectl --namespace {{ .Release.Namespace }} port-forward $POD_NAME 8080:80
|
||||
{{- end }}
|
||||
@@ -0,0 +1,75 @@
|
||||
{{/*
|
||||
Expand the name of the chart.
|
||||
*/}}
|
||||
{{- define "openshift-console.name" -}}
|
||||
{{- default .Chart.Name .Values.nameOverride | trunc 63 | trimSuffix "-" }}
|
||||
{{- end }}
|
||||
|
||||
{{/*
|
||||
Create a default fully qualified app name.
|
||||
We truncate at 63 chars because some Kubernetes name fields are limited to this (by the DNS naming spec).
|
||||
If release name contains chart name it will be used as a full name.
|
||||
*/}}
|
||||
{{- define "openshift-console.fullname" -}}
|
||||
{{- if .Values.fullnameOverride }}
|
||||
{{- .Values.fullnameOverride | trunc 63 | trimSuffix "-" }}
|
||||
{{- else }}
|
||||
{{- $name := default .Chart.Name .Values.nameOverride }}
|
||||
{{- if contains $name .Release.Name }}
|
||||
{{- .Release.Name | trunc 63 | trimSuffix "-" }}
|
||||
{{- else }}
|
||||
{{- printf "%s-%s" .Release.Name $name | trunc 63 | trimSuffix "-" }}
|
||||
{{- end }}
|
||||
{{- end }}
|
||||
{{- end }}
|
||||
|
||||
{{/*
|
||||
Create chart name and version as used by the chart label.
|
||||
*/}}
|
||||
{{- define "openshift-console.chart" -}}
|
||||
{{- printf "%s-%s" .Chart.Name .Chart.Version | replace "+" "_" | trunc 63 | trimSuffix "-" }}
|
||||
{{- end }}
|
||||
|
||||
{{/*
|
||||
Common labels
|
||||
*/}}
|
||||
{{- define "openshift-console.labels" -}}
|
||||
helm.sh/chart: {{ include "openshift-console.chart" . }}
|
||||
{{ include "openshift-console.selectorLabels" . }}
|
||||
{{- if .Chart.AppVersion }}
|
||||
app.kubernetes.io/version: {{ .Chart.AppVersion | quote }}
|
||||
{{- end }}
|
||||
app.kubernetes.io/managed-by: {{ .Release.Service }}
|
||||
{{- end }}
|
||||
|
||||
{{/*
|
||||
Selector labels
|
||||
*/}}
|
||||
{{- define "openshift-console.selectorLabels" -}}
|
||||
app.kubernetes.io/name: {{ include "openshift-console.name" . }}
|
||||
app.kubernetes.io/instance: {{ .Release.Name }}
|
||||
{{- end }}
|
||||
|
||||
{{/*
|
||||
Create the name of the service account to use
|
||||
*/}}
|
||||
{{- define "openshift-console.serviceAccountName" -}}
|
||||
{{- if .Values.serviceAccount.create }}
|
||||
{{- default (include "openshift-console.fullname" .) .Values.serviceAccount.name }}
|
||||
{{- else }}
|
||||
{{- default "default" .Values.serviceAccount.name }}
|
||||
{{- end }}
|
||||
{{- end }}
|
||||
|
||||
{{/*
|
||||
Renders a value that contains template.
|
||||
Usage:
|
||||
{{ include "common.tplvalues.render" ( dict "value" .Values.path.to.the.Value "context" $) }}
|
||||
*/}}
|
||||
{{- define "common.tplvalues.render" -}}
|
||||
{{- if typeIs "string" .value }}
|
||||
{{- tpl .value .context }}
|
||||
{{- else }}
|
||||
{{- tpl (.value | toYaml) .context }}
|
||||
{{- end }}
|
||||
{{- end -}}
|
||||
@@ -0,0 +1,21 @@
|
||||
{{- if .Values.console.impersonateOpenShift }}
|
||||
apiVersion: apiextensions.k8s.io/v1
|
||||
kind: CustomResourceDefinition
|
||||
metadata:
|
||||
name: apps.apps.openshift.io
|
||||
spec:
|
||||
group: apps.openshift.io
|
||||
versions:
|
||||
- name: v1
|
||||
served: true
|
||||
storage: true
|
||||
schema:
|
||||
openAPIV3Schema:
|
||||
type: object
|
||||
properties: {}
|
||||
scope: Namespaced
|
||||
names:
|
||||
plural: apps
|
||||
singular: app
|
||||
kind: OpenShift
|
||||
{{- end }}
|
||||
@@ -0,0 +1,134 @@
|
||||
apiVersion: apps/v1
|
||||
kind: Deployment
|
||||
metadata:
|
||||
name: {{ include "openshift-console.fullname" . }}
|
||||
labels:
|
||||
{{- with .Values.labels }}
|
||||
{{- toYaml . | nindent 4 }}
|
||||
{{- end }}
|
||||
{{- include "openshift-console.labels" . | nindent 4 }}
|
||||
annotations:
|
||||
{{- toYaml .Values.annotations | nindent 4 }}
|
||||
spec:
|
||||
{{- if not .Values.autoscaling.enabled }}
|
||||
replicas: {{ .Values.replicaCount }}
|
||||
{{- end }}
|
||||
selector:
|
||||
matchLabels:
|
||||
{{- include "openshift-console.selectorLabels" . | nindent 6 }}
|
||||
template:
|
||||
metadata:
|
||||
{{- with .Values.podAnnotations }}
|
||||
annotations:
|
||||
{{- toYaml . | nindent 8 }}
|
||||
{{- end }}
|
||||
labels:
|
||||
{{- with .Values.podLabels }}
|
||||
{{- toYaml . | nindent 8 }}
|
||||
{{- end }}
|
||||
{{- include "openshift-console.selectorLabels" . | nindent 8 }}
|
||||
spec:
|
||||
{{- with .Values.imagePullSecrets }}
|
||||
imagePullSecrets:
|
||||
{{- toYaml . | nindent 8 }}
|
||||
{{- end }}
|
||||
automountServiceAccountToken: {{ .Values.serviceAccount.automountServiceAccountToken }}
|
||||
serviceAccountName: {{ include "openshift-console.serviceAccountName" . }}
|
||||
{{- if .Values.podSecurityContext.enabled }}
|
||||
securityContext:
|
||||
{{- omit .Values.podSecurityContext "enabled" | toYaml | nindent 8 }}
|
||||
{{- end }}
|
||||
volumes:
|
||||
{{- if .Values.volumes }}
|
||||
{{- range .Values.volumes }}
|
||||
- name: {{ .name }}
|
||||
{{ toYaml .config | indent 10 }}
|
||||
{{- end }}
|
||||
{{- end }}
|
||||
{{- with .Values.hostAliases }}
|
||||
hostAliases:
|
||||
{{- toYaml . | nindent 8 }}
|
||||
{{- end }}
|
||||
containers:
|
||||
- name: {{ .Chart.Name }}
|
||||
{{- with .Values.args }}
|
||||
args:
|
||||
{{- toYaml . | nindent 12 }}
|
||||
{{- end }}
|
||||
{{- with .Values.command }}
|
||||
command:
|
||||
{{- toYaml . | nindent 12 }}
|
||||
{{- end }}
|
||||
{{- if .Values.securityContext.enabled }}
|
||||
securityContext:
|
||||
{{- omit .Values.securityContext "enabled" | toYaml | nindent 12 }}
|
||||
{{- end }}
|
||||
image: "{{ .Values.image.registry}}/{{ .Values.image.repository }}:{{ .Values.image.tag | default .Chart.AppVersion }}"
|
||||
imagePullPolicy: {{ .Values.image.pullPolicy }}
|
||||
env:
|
||||
- name: BRIDGE_KUBECTL_CLIENT_SECRET
|
||||
valueFrom:
|
||||
secretKeyRef:
|
||||
key: secret
|
||||
name: {{ include "openshift-console.fullname" . }}
|
||||
- name: BRIDGE_DOCUMENTATION_BASE_URL
|
||||
value: https://kubernetes.io/docs/
|
||||
- name: BRIDGE_DEX_API_HOST
|
||||
value: {{ .Values.console.dex.host }}
|
||||
- name: BRIDGE_BASE_ADDRESS
|
||||
value: {{ .Values.console.baseUrl }}
|
||||
{{- if .Values.console.oidc.enabled }}
|
||||
- name: BRIDGE_USER_AUTH
|
||||
value: oidc
|
||||
- name: BRIDGE_K8S_AUTH
|
||||
value: oidc
|
||||
- name: BRIDGE_USER_AUTH_OIDC_ISSUER_URL
|
||||
value: {{ .Values.console.oidc.issuerUrl }}
|
||||
- name: BRIDGE_USER_AUTH_OIDC_CLIENT_ID
|
||||
value: {{ .Values.console.oidc.clientId }}
|
||||
- name: BRIDGE_USER_AUTH_OIDC_CLIENT_SECRET
|
||||
value: {{ .Values.console.oidc.clientSecret }}
|
||||
{{- end }}
|
||||
{{- range $key, $value := .Values.extraEnv }}
|
||||
- name: {{ $key }}
|
||||
value: {{ $value | quote }}
|
||||
{{- end }}
|
||||
ports:
|
||||
- name: http
|
||||
containerPort: {{ .Values.service.port }}
|
||||
protocol: TCP
|
||||
volumeMounts:
|
||||
{{- if .Values.volumes }}
|
||||
{{- range .Values.volumes }}
|
||||
- mountPath: {{ .mountPath }}
|
||||
name: {{ .name }}
|
||||
{{- if .subPath }}
|
||||
subPath: {{ .subPath }}
|
||||
{{- end }}
|
||||
{{- end }}
|
||||
{{- end }}
|
||||
livenessProbe:
|
||||
httpGet:
|
||||
path: /health
|
||||
port: http
|
||||
readinessProbe:
|
||||
httpGet:
|
||||
path: /health
|
||||
port: http
|
||||
resources:
|
||||
{{- toYaml .Values.resources | nindent 12 }}
|
||||
{{- if .Values.sidecars }}
|
||||
{{- include "common.tplvalues.render" ( dict "value" .Values.sidecars "context" $ ) | nindent 8 }}
|
||||
{{- end }}
|
||||
{{- with .Values.nodeSelector }}
|
||||
nodeSelector:
|
||||
{{- toYaml . | nindent 8 }}
|
||||
{{- end }}
|
||||
{{- with .Values.affinity }}
|
||||
affinity:
|
||||
{{- toYaml . | nindent 8 }}
|
||||
{{- end }}
|
||||
{{- with .Values.tolerations }}
|
||||
tolerations:
|
||||
{{- toYaml . | nindent 8 }}
|
||||
{{- end }}
|
||||
@@ -0,0 +1,28 @@
|
||||
{{- if .Values.autoscaling.enabled }}
|
||||
apiVersion: autoscaling/v2beta1
|
||||
kind: HorizontalPodAutoscaler
|
||||
metadata:
|
||||
name: {{ include "openshift-console.fullname" . }}
|
||||
labels:
|
||||
{{- include "openshift-console.labels" . | nindent 4 }}
|
||||
spec:
|
||||
scaleTargetRef:
|
||||
apiVersion: apps/v1
|
||||
kind: Deployment
|
||||
name: {{ include "openshift-console.fullname" . }}
|
||||
minReplicas: {{ .Values.autoscaling.minReplicas }}
|
||||
maxReplicas: {{ .Values.autoscaling.maxReplicas }}
|
||||
metrics:
|
||||
{{- if .Values.autoscaling.targetCPUUtilizationPercentage }}
|
||||
- type: Resource
|
||||
resource:
|
||||
name: cpu
|
||||
targetAverageUtilization: {{ .Values.autoscaling.targetCPUUtilizationPercentage }}
|
||||
{{- end }}
|
||||
{{- if .Values.autoscaling.targetMemoryUtilizationPercentage }}
|
||||
- type: Resource
|
||||
resource:
|
||||
name: memory
|
||||
targetAverageUtilization: {{ .Values.autoscaling.targetMemoryUtilizationPercentage }}
|
||||
{{- end }}
|
||||
{{- end }}
|
||||
@@ -0,0 +1,41 @@
|
||||
{{- if .Values.ingress.enabled -}}
|
||||
{{- $fullName := include "openshift-console.fullname" . -}}
|
||||
{{- $svcPort := .Values.service.port -}}
|
||||
apiVersion: networking.k8s.io/v1
|
||||
kind: Ingress
|
||||
metadata:
|
||||
name: {{ $fullName }}
|
||||
labels:
|
||||
{{- include "openshift-console.labels" . | nindent 4 }}
|
||||
{{- with .Values.ingress.annotations }}
|
||||
annotations:
|
||||
{{- omit . "kubernetes.io/ingress.class" | toYaml | nindent 4 }}
|
||||
{{- end }}
|
||||
spec:
|
||||
ingressClassName: {{ .Values.ingress.className | default (get .Values.ingress.annotations "kubernetes.io/ingress.class") }}
|
||||
{{- if .Values.ingress.tls }}
|
||||
tls:
|
||||
{{- range .Values.ingress.tls }}
|
||||
- hosts:
|
||||
{{- range .hosts }}
|
||||
- {{ . | quote }}
|
||||
{{- end }}
|
||||
secretName: {{ .secretName }}
|
||||
{{- end }}
|
||||
{{- end }}
|
||||
rules:
|
||||
{{- range .Values.ingress.hosts }}
|
||||
- host: {{ .host | quote }}
|
||||
http:
|
||||
paths:
|
||||
{{- range .paths }}
|
||||
- path: {{ . }}
|
||||
pathType: ImplementationSpecific
|
||||
backend:
|
||||
service:
|
||||
name: {{ $fullName }}
|
||||
port:
|
||||
number: {{ $svcPort }}
|
||||
{{- end }}
|
||||
{{- end }}
|
||||
{{- end }}
|
||||
@@ -0,0 +1,31 @@
|
||||
{{- if and .Values.console.impersonateOpenShift .Values.rbac.enabled }}
|
||||
apiVersion: rbac.authorization.k8s.io/v1
|
||||
kind: Role
|
||||
metadata:
|
||||
name: {{ include "openshift-console.fullname" . }}-dashboards
|
||||
namespace: openshift-config-managed
|
||||
rules:
|
||||
- verbs:
|
||||
- get
|
||||
- list
|
||||
- watch
|
||||
apiGroups:
|
||||
- ""
|
||||
resources:
|
||||
- configmaps
|
||||
---
|
||||
apiVersion: rbac.authorization.k8s.io/v1
|
||||
kind: RoleBinding
|
||||
metadata:
|
||||
name: {{ include "openshift-console.fullname" . }}-dashboards
|
||||
# unfortunately this is hardcoded (https://github.com/openshift/console/blob/master/cmd/bridge/main.go#L576)
|
||||
namespace: openshift-config-managed
|
||||
roleRef:
|
||||
apiGroup: rbac.authorization.k8s.io
|
||||
kind: Role
|
||||
name: {{ include "openshift-console.fullname" . }}-dashboards
|
||||
subjects:
|
||||
- kind: ServiceAccount
|
||||
name: {{ include "openshift-console.serviceAccountName" . }}
|
||||
namespace: {{ .Release.Namespace }}
|
||||
{{- end }}
|
||||
@@ -0,0 +1,15 @@
|
||||
{{ if .Values.consolesecret }}
|
||||
apiVersion: v1
|
||||
kind: Secret
|
||||
metadata:
|
||||
name: {{ include "openshift-console.fullname" . }}
|
||||
labels:
|
||||
{{- with .Values.labels }}
|
||||
{{- toYaml . | nindent 4 }}
|
||||
{{- end }}
|
||||
{{- include "openshift-console.labels" . | nindent 4 }}
|
||||
annotations:
|
||||
{{- toYaml .Values.annotations | nindent 4 }}
|
||||
data:
|
||||
secret: {{ .Values.consolesecret | b64enc | quote }}
|
||||
{{- end }}
|
||||
@@ -0,0 +1,15 @@
|
||||
apiVersion: v1
|
||||
kind: Service
|
||||
metadata:
|
||||
name: {{ include "openshift-console.fullname" . }}
|
||||
labels:
|
||||
{{- include "openshift-console.labels" . | nindent 4 }}
|
||||
spec:
|
||||
type: {{ .Values.service.type }}
|
||||
ports:
|
||||
- port: {{ .Values.service.port }}
|
||||
targetPort: http
|
||||
protocol: TCP
|
||||
name: http
|
||||
selector:
|
||||
{{- include "openshift-console.selectorLabels" . | nindent 4 }}
|
||||
@@ -0,0 +1,12 @@
|
||||
{{- if .Values.serviceAccount.create -}}
|
||||
apiVersion: v1
|
||||
kind: ServiceAccount
|
||||
metadata:
|
||||
name: {{ include "openshift-console.serviceAccountName" . }}
|
||||
labels:
|
||||
{{- include "openshift-console.labels" . | nindent 4 }}
|
||||
{{- with .Values.serviceAccount.annotations }}
|
||||
annotations:
|
||||
{{- toYaml . | nindent 4 }}
|
||||
{{- end }}
|
||||
{{- end }}
|
||||
@@ -0,0 +1,15 @@
|
||||
apiVersion: v1
|
||||
kind: Pod
|
||||
metadata:
|
||||
name: "{{ include "openshift-console.fullname" . }}-test-connection"
|
||||
labels:
|
||||
{{- include "openshift-console.labels" . | nindent 4 }}
|
||||
annotations:
|
||||
"helm.sh/hook": test-success
|
||||
spec:
|
||||
containers:
|
||||
- name: wget
|
||||
image: busybox
|
||||
command: ['wget']
|
||||
args: ['{{ include "openshift-console.fullname" . }}:{{ .Values.service.port }}']
|
||||
restartPolicy: Never
|
||||
130
packages/system/console/charts/openshift-console/values.yaml
Normal file
130
packages/system/console/charts/openshift-console/values.yaml
Normal file
@@ -0,0 +1,130 @@
|
||||
# Default values for openshift-console.
|
||||
# This is a YAML-formatted file.
|
||||
# Declare variables to be passed into your templates.
|
||||
|
||||
replicaCount: 1
|
||||
|
||||
image:
|
||||
registry: quay.io
|
||||
repository: openshift/origin-console
|
||||
pullPolicy: Always
|
||||
# Overrides the image tag whose default is the chart appVersion.
|
||||
tag: 4.20.0
|
||||
|
||||
imagePullSecrets: []
|
||||
nameOverride: ""
|
||||
fullnameOverride: ""
|
||||
|
||||
annotations: {}
|
||||
labels: {}
|
||||
|
||||
podLabels: {}
|
||||
podAnnotations: {}
|
||||
|
||||
podSecurityContext:
|
||||
enabled: true
|
||||
runAsUser: 1001
|
||||
|
||||
securityContext:
|
||||
enabled: true
|
||||
capabilities:
|
||||
drop:
|
||||
- ALL
|
||||
readOnlyRootFilesystem: true
|
||||
allowPrivilegeEscalation: false
|
||||
runAsNonRoot: true
|
||||
runAsUser: 1001
|
||||
|
||||
service:
|
||||
type: ClusterIP
|
||||
port: 9000
|
||||
|
||||
ingress:
|
||||
enabled: false
|
||||
className: ""
|
||||
annotations: {}
|
||||
# kubernetes.io/ingress.class: nginx
|
||||
# kubernetes.io/tls-acme: "true"
|
||||
hosts:
|
||||
- host: chart-example.local
|
||||
paths: []
|
||||
tls: []
|
||||
# - secretName: chart-example-tls
|
||||
# hosts:
|
||||
# - chart-example.local
|
||||
|
||||
extraEnv:
|
||||
BRIDGE_K8S_AUTH_BEARER_TOKEN: 'CENSORED'
|
||||
BRIDGE_GRAFANA_PUBLIC_URL: https://grafana.something.com
|
||||
BRIDGE_KUBECTL_CLIENT_ID: console
|
||||
BRIDGE_K8S_MODE: off-cluster
|
||||
BRIDGE_K8S_MODE_OFF_CLUSTER_ALERTMANAGER: https://alertmanager.something.com
|
||||
BRIDGE_K8S_MODE_OFF_CLUSTER_SKIP_VERIFY_TLS: "true"
|
||||
BRIDGE_K8S_MODE_OFF_CLUSTER_THANOS: https://prometheus.something.com
|
||||
BRIDGE_K8S_MODE_OFF_CLUSTER_ENDPOINT: https://kube-oidc-proxy:443
|
||||
|
||||
volumes: []
|
||||
# - name: my-volume
|
||||
# mountPath: /foo/bar
|
||||
# config:
|
||||
# emptyDir: {}
|
||||
|
||||
console:
|
||||
dex:
|
||||
host: https://dex.something.com
|
||||
baseUrl: https://console.something.com
|
||||
impersonateOpenShift: false
|
||||
oidc:
|
||||
enabled: true
|
||||
issuerUrl: https://dex.something.com
|
||||
clientId: console
|
||||
clientSecret: 'xxxxxx'
|
||||
|
||||
rbac:
|
||||
enabled: false
|
||||
|
||||
autoscaling:
|
||||
enabled: false
|
||||
minReplicas: 1
|
||||
maxReplicas: 100
|
||||
targetCPUUtilizationPercentage: 80
|
||||
# targetMemoryUtilizationPercentage: 80
|
||||
|
||||
nodeSelector: {}
|
||||
|
||||
tolerations: []
|
||||
|
||||
affinity: {}
|
||||
|
||||
sidecars: []
|
||||
|
||||
serviceAccount:
|
||||
create: false
|
||||
automountServiceAccountToken: true
|
||||
annotations: {}
|
||||
name: ""
|
||||
|
||||
hostAliases: []
|
||||
# - ip: "127.0.0.1"
|
||||
# hostnames:
|
||||
# - "kubernetes.default.svc"
|
||||
|
||||
|
||||
consolesecret: 'XXXXXXXXX'
|
||||
#cookie-encryption-key-file: "AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA"
|
||||
#cookie-authentication-key-file: "AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA"
|
||||
|
||||
args:
|
||||
- --public-dir=/opt/bridge/static
|
||||
- -v
|
||||
- "7"
|
||||
command:
|
||||
- /opt/bridge/bin/bridge
|
||||
|
||||
resources:
|
||||
limits:
|
||||
cpu: 500m
|
||||
memory: 512Mi
|
||||
requests:
|
||||
cpu: 200m
|
||||
memory: 256Mi
|
||||
@@ -0,0 +1,168 @@
|
||||
apiVersion: apiextensions.k8s.io/v1
|
||||
kind: CustomResourceDefinition
|
||||
metadata:
|
||||
annotations:
|
||||
api-approved.openshift.io: https://github.com/openshift/api/pull/598
|
||||
api.openshift.io/merged-by-featuregates: "true"
|
||||
include.release.openshift.io/ibm-cloud-managed: "true"
|
||||
include.release.openshift.io/self-managed-high-availability: "true"
|
||||
name: helmchartrepositories.helm.openshift.io
|
||||
spec:
|
||||
group: helm.openshift.io
|
||||
names:
|
||||
kind: HelmChartRepository
|
||||
listKind: HelmChartRepositoryList
|
||||
plural: helmchartrepositories
|
||||
singular: helmchartrepository
|
||||
scope: Cluster
|
||||
versions:
|
||||
- name: v1beta1
|
||||
schema:
|
||||
openAPIV3Schema:
|
||||
description: |-
|
||||
HelmChartRepository holds cluster-wide configuration for proxied Helm chart repository
|
||||
|
||||
Compatibility level 2: Stable within a major release for a minimum of 9 months or 3 minor releases (whichever is longer).
|
||||
properties:
|
||||
apiVersion:
|
||||
description: |-
|
||||
APIVersion defines the versioned schema of this representation of an object.
|
||||
Servers should convert recognized schemas to the latest internal value, and
|
||||
may reject unrecognized values.
|
||||
More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources
|
||||
type: string
|
||||
kind:
|
||||
description: |-
|
||||
Kind is a string value representing the REST resource this object represents.
|
||||
Servers may infer this from the endpoint the client submits requests to.
|
||||
Cannot be updated.
|
||||
In CamelCase.
|
||||
More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds
|
||||
type: string
|
||||
metadata:
|
||||
type: object
|
||||
spec:
|
||||
description: spec holds user settable values for configuration
|
||||
properties:
|
||||
connectionConfig:
|
||||
description: Required configuration for connecting to the chart repo
|
||||
properties:
|
||||
ca:
|
||||
description: |-
|
||||
ca is an optional reference to a config map by name containing the PEM-encoded CA bundle.
|
||||
It is used as a trust anchor to validate the TLS certificate presented by the remote server.
|
||||
The key "ca-bundle.crt" is used to locate the data.
|
||||
If empty, the default system roots are used.
|
||||
The namespace for this config map is openshift-config.
|
||||
properties:
|
||||
name:
|
||||
description: name is the metadata.name of the referenced config
|
||||
map
|
||||
type: string
|
||||
required:
|
||||
- name
|
||||
type: object
|
||||
tlsClientConfig:
|
||||
description: |-
|
||||
tlsClientConfig is an optional reference to a secret by name that contains the
|
||||
PEM-encoded TLS client certificate and private key to present when connecting to the server.
|
||||
The key "tls.crt" is used to locate the client certificate.
|
||||
The key "tls.key" is used to locate the private key.
|
||||
The namespace for this secret is openshift-config.
|
||||
properties:
|
||||
name:
|
||||
description: name is the metadata.name of the referenced secret
|
||||
type: string
|
||||
required:
|
||||
- name
|
||||
type: object
|
||||
url:
|
||||
description: Chart repository URL
|
||||
maxLength: 2048
|
||||
pattern: ^https?:\/\/
|
||||
type: string
|
||||
type: object
|
||||
description:
|
||||
description: Optional human readable repository description, it can
|
||||
be used by UI for displaying purposes
|
||||
maxLength: 2048
|
||||
minLength: 1
|
||||
type: string
|
||||
disabled:
|
||||
description: If set to true, disable the repo usage in the cluster/namespace
|
||||
type: boolean
|
||||
name:
|
||||
description: Optional associated human readable repository name, it
|
||||
can be used by UI for displaying purposes
|
||||
maxLength: 100
|
||||
minLength: 1
|
||||
type: string
|
||||
type: object
|
||||
status:
|
||||
description: Observed status of the repository within the cluster..
|
||||
properties:
|
||||
conditions:
|
||||
description: conditions is a list of conditions and their statuses
|
||||
items:
|
||||
description: Condition contains details for one aspect of the current
|
||||
state of this API Resource.
|
||||
properties:
|
||||
lastTransitionTime:
|
||||
description: |-
|
||||
lastTransitionTime is the last time the condition transitioned from one status to another.
|
||||
This should be when the underlying condition changed. If that is not known, then using the time when the API field changed is acceptable.
|
||||
format: date-time
|
||||
type: string
|
||||
message:
|
||||
description: |-
|
||||
message is a human readable message indicating details about the transition.
|
||||
This may be an empty string.
|
||||
maxLength: 32768
|
||||
type: string
|
||||
observedGeneration:
|
||||
description: |-
|
||||
observedGeneration represents the .metadata.generation that the condition was set based upon.
|
||||
For instance, if .metadata.generation is currently 12, but the .status.conditions[x].observedGeneration is 9, the condition is out of date
|
||||
with respect to the current state of the instance.
|
||||
format: int64
|
||||
minimum: 0
|
||||
type: integer
|
||||
reason:
|
||||
description: |-
|
||||
reason contains a programmatic identifier indicating the reason for the condition's last transition.
|
||||
Producers of specific condition types may define expected values and meanings for this field,
|
||||
and whether the values are considered a guaranteed API.
|
||||
The value should be a CamelCase string.
|
||||
This field may not be empty.
|
||||
maxLength: 1024
|
||||
minLength: 1
|
||||
pattern: ^[A-Za-z]([A-Za-z0-9_,:]*[A-Za-z0-9_])?$
|
||||
type: string
|
||||
status:
|
||||
description: status of the condition, one of True, False, Unknown.
|
||||
enum:
|
||||
- "True"
|
||||
- "False"
|
||||
- Unknown
|
||||
type: string
|
||||
type:
|
||||
description: type of condition in CamelCase or in foo.example.com/CamelCase.
|
||||
maxLength: 316
|
||||
pattern: ^([a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*/)?(([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9])$
|
||||
type: string
|
||||
required:
|
||||
- lastTransitionTime
|
||||
- message
|
||||
- reason
|
||||
- status
|
||||
- type
|
||||
type: object
|
||||
type: array
|
||||
type: object
|
||||
required:
|
||||
- spec
|
||||
type: object
|
||||
served: true
|
||||
storage: true
|
||||
subresources:
|
||||
status: {}
|
||||
@@ -0,0 +1,182 @@
|
||||
apiVersion: apiextensions.k8s.io/v1
|
||||
kind: CustomResourceDefinition
|
||||
metadata:
|
||||
annotations:
|
||||
api-approved.openshift.io: https://github.com/openshift/api/pull/1084
|
||||
api.openshift.io/merged-by-featuregates: "true"
|
||||
include.release.openshift.io/ibm-cloud-managed: "true"
|
||||
include.release.openshift.io/self-managed-high-availability: "true"
|
||||
name: projecthelmchartrepositories.helm.openshift.io
|
||||
spec:
|
||||
group: helm.openshift.io
|
||||
names:
|
||||
kind: ProjectHelmChartRepository
|
||||
listKind: ProjectHelmChartRepositoryList
|
||||
plural: projecthelmchartrepositories
|
||||
singular: projecthelmchartrepository
|
||||
scope: Namespaced
|
||||
versions:
|
||||
- name: v1beta1
|
||||
schema:
|
||||
openAPIV3Schema:
|
||||
description: |-
|
||||
ProjectHelmChartRepository holds namespace-wide configuration for proxied Helm chart repository
|
||||
|
||||
Compatibility level 2: Stable within a major release for a minimum of 9 months or 3 minor releases (whichever is longer).
|
||||
properties:
|
||||
apiVersion:
|
||||
description: |-
|
||||
APIVersion defines the versioned schema of this representation of an object.
|
||||
Servers should convert recognized schemas to the latest internal value, and
|
||||
may reject unrecognized values.
|
||||
More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources
|
||||
type: string
|
||||
kind:
|
||||
description: |-
|
||||
Kind is a string value representing the REST resource this object represents.
|
||||
Servers may infer this from the endpoint the client submits requests to.
|
||||
Cannot be updated.
|
||||
In CamelCase.
|
||||
More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds
|
||||
type: string
|
||||
metadata:
|
||||
type: object
|
||||
spec:
|
||||
description: spec holds user settable values for configuration
|
||||
properties:
|
||||
connectionConfig:
|
||||
description: Required configuration for connecting to the chart repo
|
||||
properties:
|
||||
basicAuthConfig:
|
||||
description: |-
|
||||
basicAuthConfig is an optional reference to a secret by name that contains
|
||||
the basic authentication credentials to present when connecting to the server.
|
||||
The key "username" is used locate the username.
|
||||
The key "password" is used to locate the password.
|
||||
The namespace for this secret must be same as the namespace where the project helm chart repository is getting instantiated.
|
||||
properties:
|
||||
name:
|
||||
description: name is the metadata.name of the referenced secret
|
||||
type: string
|
||||
required:
|
||||
- name
|
||||
type: object
|
||||
ca:
|
||||
description: |-
|
||||
ca is an optional reference to a config map by name containing the PEM-encoded CA bundle.
|
||||
It is used as a trust anchor to validate the TLS certificate presented by the remote server.
|
||||
The key "ca-bundle.crt" is used to locate the data.
|
||||
If empty, the default system roots are used.
|
||||
The namespace for this configmap must be same as the namespace where the project helm chart repository is getting instantiated.
|
||||
properties:
|
||||
name:
|
||||
description: name is the metadata.name of the referenced config
|
||||
map
|
||||
type: string
|
||||
required:
|
||||
- name
|
||||
type: object
|
||||
tlsClientConfig:
|
||||
description: |-
|
||||
tlsClientConfig is an optional reference to a secret by name that contains the
|
||||
PEM-encoded TLS client certificate and private key to present when connecting to the server.
|
||||
The key "tls.crt" is used to locate the client certificate.
|
||||
The key "tls.key" is used to locate the private key.
|
||||
The namespace for this secret must be same as the namespace where the project helm chart repository is getting instantiated.
|
||||
properties:
|
||||
name:
|
||||
description: name is the metadata.name of the referenced secret
|
||||
type: string
|
||||
required:
|
||||
- name
|
||||
type: object
|
||||
url:
|
||||
description: Chart repository URL
|
||||
maxLength: 2048
|
||||
pattern: ^https?:\/\/
|
||||
type: string
|
||||
type: object
|
||||
description:
|
||||
description: Optional human readable repository description, it can
|
||||
be used by UI for displaying purposes
|
||||
maxLength: 2048
|
||||
minLength: 1
|
||||
type: string
|
||||
disabled:
|
||||
description: If set to true, disable the repo usage in the namespace
|
||||
type: boolean
|
||||
name:
|
||||
description: Optional associated human readable repository name, it
|
||||
can be used by UI for displaying purposes
|
||||
maxLength: 100
|
||||
minLength: 1
|
||||
type: string
|
||||
type: object
|
||||
status:
|
||||
description: Observed status of the repository within the namespace..
|
||||
properties:
|
||||
conditions:
|
||||
description: conditions is a list of conditions and their statuses
|
||||
items:
|
||||
description: Condition contains details for one aspect of the current
|
||||
state of this API Resource.
|
||||
properties:
|
||||
lastTransitionTime:
|
||||
description: |-
|
||||
lastTransitionTime is the last time the condition transitioned from one status to another.
|
||||
This should be when the underlying condition changed. If that is not known, then using the time when the API field changed is acceptable.
|
||||
format: date-time
|
||||
type: string
|
||||
message:
|
||||
description: |-
|
||||
message is a human readable message indicating details about the transition.
|
||||
This may be an empty string.
|
||||
maxLength: 32768
|
||||
type: string
|
||||
observedGeneration:
|
||||
description: |-
|
||||
observedGeneration represents the .metadata.generation that the condition was set based upon.
|
||||
For instance, if .metadata.generation is currently 12, but the .status.conditions[x].observedGeneration is 9, the condition is out of date
|
||||
with respect to the current state of the instance.
|
||||
format: int64
|
||||
minimum: 0
|
||||
type: integer
|
||||
reason:
|
||||
description: |-
|
||||
reason contains a programmatic identifier indicating the reason for the condition's last transition.
|
||||
Producers of specific condition types may define expected values and meanings for this field,
|
||||
and whether the values are considered a guaranteed API.
|
||||
The value should be a CamelCase string.
|
||||
This field may not be empty.
|
||||
maxLength: 1024
|
||||
minLength: 1
|
||||
pattern: ^[A-Za-z]([A-Za-z0-9_,:]*[A-Za-z0-9_])?$
|
||||
type: string
|
||||
status:
|
||||
description: status of the condition, one of True, False, Unknown.
|
||||
enum:
|
||||
- "True"
|
||||
- "False"
|
||||
- Unknown
|
||||
type: string
|
||||
type:
|
||||
description: type of condition in CamelCase or in foo.example.com/CamelCase.
|
||||
maxLength: 316
|
||||
pattern: ^([a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*/)?(([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9])$
|
||||
type: string
|
||||
required:
|
||||
- lastTransitionTime
|
||||
- message
|
||||
- reason
|
||||
- status
|
||||
- type
|
||||
type: object
|
||||
type: array
|
||||
type: object
|
||||
required:
|
||||
- spec
|
||||
type: object
|
||||
served: true
|
||||
storage: true
|
||||
subresources:
|
||||
status: {}
|
||||
8
packages/system/console/templates/cozystack.yaml
Normal file
8
packages/system/console/templates/cozystack.yaml
Normal file
@@ -0,0 +1,8 @@
|
||||
apiVersion: helm.openshift.io/v1beta1
|
||||
kind: HelmChartRepository
|
||||
metadata:
|
||||
name: cozystack
|
||||
spec:
|
||||
name: cozystack
|
||||
connectionConfig:
|
||||
url: http://cozystack.cozy-system.svc/repos/apps
|
||||
88
packages/system/console/templates/kubevirt.yaml
Normal file
88
packages/system/console/templates/kubevirt.yaml
Normal file
@@ -0,0 +1,88 @@
|
||||
---
|
||||
apiVersion: apps/v1
|
||||
kind: Deployment
|
||||
metadata:
|
||||
name: kubevirt-plugin
|
||||
spec:
|
||||
replicas: 1
|
||||
selector:
|
||||
matchLabels:
|
||||
app: kubevirt-plugin
|
||||
template:
|
||||
metadata:
|
||||
labels:
|
||||
app: kubevirt-plugin
|
||||
spec:
|
||||
containers:
|
||||
- name: kubevirt-plugin
|
||||
image: quay.io/kubevirt-ui/kubevirt-plugin:v4.17.0
|
||||
ports:
|
||||
- containerPort: 9443
|
||||
protocol: TCP
|
||||
imagePullPolicy: Always
|
||||
volumeMounts:
|
||||
#- name: plugin-serving-cert
|
||||
# readOnly: true
|
||||
# mountPath: /var/serving-cert
|
||||
- name: nginx-conf
|
||||
readOnly: true
|
||||
mountPath: /etc/nginx/nginx.conf
|
||||
subPath: nginx.conf
|
||||
volumes:
|
||||
#- name: plugin-serving-cert
|
||||
# secret:
|
||||
# secretName: plugin-serving-cert
|
||||
# defaultMode: 420
|
||||
- name: nginx-conf
|
||||
configMap:
|
||||
name: nginx-conf
|
||||
defaultMode: 420
|
||||
restartPolicy: Always
|
||||
dnsPolicy: ClusterFirst
|
||||
strategy:
|
||||
type: RollingUpdate
|
||||
rollingUpdate:
|
||||
maxUnavailable: 25%
|
||||
maxSurge: 25%
|
||||
---
|
||||
apiVersion: v1
|
||||
kind: ConfigMap
|
||||
metadata:
|
||||
name: nginx-conf
|
||||
data:
|
||||
nginx.conf: |
|
||||
error_log /dev/stdout info;
|
||||
events {}
|
||||
http {
|
||||
access_log /dev/stdout;
|
||||
include /etc/nginx/mime.types;
|
||||
default_type application/octet-stream;
|
||||
keepalive_timeout 65;
|
||||
server {
|
||||
listen 9443;
|
||||
root /usr/share/nginx/html;
|
||||
}
|
||||
#server {
|
||||
# listen 9443 ssl;
|
||||
# ssl_certificate /var/serving-cert/tls.crt;
|
||||
# ssl_certificate_key /var/serving-cert/tls.key;
|
||||
# root /usr/share/nginx/html;
|
||||
#}
|
||||
}
|
||||
---
|
||||
apiVersion: v1
|
||||
kind: Service
|
||||
metadata:
|
||||
#annotations:
|
||||
# service.alpha.openshift.io/serving-cert-secret-name: plugin-serving-cert
|
||||
name: kubevirt-plugin
|
||||
spec:
|
||||
ports:
|
||||
- name: 9443-tcp
|
||||
protocol: TCP
|
||||
port: 9443
|
||||
targetPort: 9443
|
||||
selector:
|
||||
app: kubevirt-plugin
|
||||
type: ClusterIP
|
||||
sessionAffinity: None
|
||||
7
packages/system/console/templates/secret.yaml
Normal file
7
packages/system/console/templates/secret.yaml
Normal file
@@ -0,0 +1,7 @@
|
||||
apiVersion: v1
|
||||
kind: Secret
|
||||
metadata:
|
||||
name: openshift-console
|
||||
stringData:
|
||||
cookie_auth_key: rpb7aos4rd0m32x9omcrcqacnia0xty2
|
||||
cookie_enc_key: gg1ejofgupoc19wyuywr2yflm75aeiwg
|
||||
50
packages/system/console/values.yaml
Normal file
50
packages/system/console/values.yaml
Normal file
@@ -0,0 +1,50 @@
|
||||
openshift-console:
|
||||
fullnameOverride: console
|
||||
console:
|
||||
baseUrl: https://console.infra.aenix.org
|
||||
oidc:
|
||||
enabled: true
|
||||
issuerUrl: https://keycloak.infra.aenix.org/realms/cozy
|
||||
clientId: console-test
|
||||
clientSecret: Sgq1yrmmEwPKy9YxGmg37b1EgsLu3P9g
|
||||
extraEnv:
|
||||
BRIDGE_K8S_AUTH_BEARER_TOKEN: null
|
||||
BRIDGE_GRAFANA_PUBLIC_URL: https://grafana.infra.aenix.org
|
||||
BRIDGE_KUBECTL_CLIENT_ID: console
|
||||
BRIDGE_K8S_MODE: in-cluster
|
||||
BRIDGE_COOKIE_AUTHENTICATION_KEY_FILE: /etc/openshift-console-secrets/cookie_auth_key
|
||||
BRIDGE_COOKIE_ENCRYPTION_KEY_FILE: /etc/openshift-console-secrets/cookie_enc_key
|
||||
BRIDGE_PLUGINS: kubevirt-plugin=http://kubevirt-plugin.cozy-console.svc:9443/
|
||||
BRIDGE_ALERMANAGER_PUBLIC_URL: http://vmalertmanager-alertmanager.tenant-root.svc:9093
|
||||
BRIDGE_THANOS_PUBLIC_URL: http://vmselect-shortterm.tenant-root.svc:8481/select/0/prometheus
|
||||
BRIDGE_SKIP_VERIFY_TLS: true
|
||||
volumes:
|
||||
- name: cookie-secrets
|
||||
mountPath: /etc/openshift-console-secrets
|
||||
config:
|
||||
secret:
|
||||
secretName: openshift-console
|
||||
- name: tmp
|
||||
mountPath: /tmp
|
||||
config:
|
||||
emptyDir: {}
|
||||
ingress:
|
||||
enabled: true
|
||||
annotations:
|
||||
acme.cert-manager.io/http01-ingress-class: tenant-root
|
||||
cert-manager.io/cluster-issuer: letsencrypt-prod
|
||||
className: 'tenant-root'
|
||||
hosts:
|
||||
- host: console.infra.aenix.org
|
||||
paths: ["/"]
|
||||
tls:
|
||||
- secretName: console-tls
|
||||
hosts:
|
||||
- console.infra.aenix.org
|
||||
resources:
|
||||
limits:
|
||||
cpu: 500m
|
||||
memory: 2048Mi
|
||||
requests:
|
||||
cpu: 200m
|
||||
memory: 512Mi
|
||||
@@ -71,7 +71,7 @@ data:
|
||||
labels:
|
||||
cozystack.io/ui: "true"
|
||||
chart:
|
||||
name: tcp-balancer
|
||||
name: http-cache
|
||||
sourceRef:
|
||||
kind: HelmRepository
|
||||
name: cozystack-apps
|
||||
@@ -207,7 +207,7 @@ data:
|
||||
singular: kafka
|
||||
plural: kafkas
|
||||
release:
|
||||
prefix: kafka-
|
||||
prefix: ferretdb-
|
||||
labels:
|
||||
cozystack.io/ui: "true"
|
||||
chart:
|
||||
|
||||
@@ -1,2 +1,2 @@
|
||||
cozystackAPI:
|
||||
image: ghcr.io/aenix-io/cozystack/cozystack-api:v0.21.0@sha256:1eb7f0387ea01754107a4aabe72c2e1e7d2c55303dc15cfe9caa2c0739c0215e
|
||||
image: ghcr.io/aenix-io/cozystack/cozystack-api:v0.20.2@sha256:fd7bebabd4b8d29c5749bc454feec1ef35bf29ce60b5edebb9a550ca6dcfed49
|
||||
|
||||
@@ -25,7 +25,7 @@ update-dockerfiles:
|
||||
version=$$(echo "$$tag" | sed 's/^v//') && \
|
||||
sed -i "s/ARG VERSION=.*/ARG VERSION=$${version}/" images/dashboard/Dockerfile
|
||||
|
||||
image-dashboard: update-version
|
||||
image-dashboard:
|
||||
docker buildx build images/dashboard \
|
||||
--provenance false \
|
||||
--tag $(REGISTRY)/dashboard:$(call settag,$(TAG)) \
|
||||
@@ -44,7 +44,7 @@ image-dashboard: update-version
|
||||
yq -i '.kubeapps.dashboard.image.digest = strenv(DIGEST)' values.yaml
|
||||
rm -f images/dashboard.json
|
||||
|
||||
image-kubeapps-apis: update-version
|
||||
image-kubeapps-apis:
|
||||
docker buildx build images/kubeapps-apis \
|
||||
--provenance false \
|
||||
--tag $(REGISTRY)/kubeapps-apis:$(call settag,$(TAG)) \
|
||||
@@ -62,6 +62,3 @@ image-kubeapps-apis: update-version
|
||||
DIGEST=$$(yq e '."containerimage.digest"' images/kubeapps-apis.json -o json -r) \
|
||||
yq -i '.kubeapps.kubeappsapis.image.digest = strenv(DIGEST)' values.yaml
|
||||
rm -f images/kubeapps-apis.json
|
||||
|
||||
update-version:
|
||||
sed -i "s|\(\"appVersion\":\).*|\1 \"$(TAG)\",|g" ./charts/kubeapps/templates/dashboard/configmap.yaml
|
||||
|
||||
@@ -76,7 +76,7 @@ data:
|
||||
"kubeappsNamespace": {{ .Release.Namespace | quote }},
|
||||
"helmGlobalNamespace": {{ include "kubeapps.helmGlobalPackagingNamespace" . | quote }},
|
||||
"carvelGlobalNamespace": {{ .Values.kubeappsapis.pluginConfig.kappController.packages.v1alpha1.globalPackagingNamespace | quote }},
|
||||
"appVersion": "v0.21.0",
|
||||
"appVersion": {{ printf "v%s" .Chart.AppVersion | quote }},
|
||||
"authProxyEnabled": {{ .Values.authProxy.enabled }},
|
||||
"oauthLoginURI": {{ .Values.authProxy.oauthLoginURI | quote }},
|
||||
"oauthLogoutURI": {{ .Values.authProxy.oauthLogoutURI | quote }},
|
||||
|
||||
File diff suppressed because one or more lines are too long
@@ -1,13 +0,0 @@
|
||||
diff --git a/dashboard/src/components/AppList/AppListGrid.tsx b/dashboard/src/components/AppList/AppListGrid.tsx
|
||||
index d3261e459..dee6a50c1 100644
|
||||
--- a/dashboard/src/components/AppList/AppListGrid.tsx
|
||||
+++ b/dashboard/src/components/AppList/AppListGrid.tsx
|
||||
@@ -42,7 +42,7 @@ function AppListGrid(props: IAppListProps) {
|
||||
Start browsing your <Link to={url.app.catalog(cluster, namespace)}>favourite apps</Link>{" "}
|
||||
or check the{" "}
|
||||
<a
|
||||
- href={`https://github.com/vmware-tanzu/kubeapps/blob/${appVersion}/site/content/docs/latest/tutorials/getting-started.md`}
|
||||
+ href={"https://cozystack.io/docs/"}
|
||||
target="_blank"
|
||||
rel="noopener noreferrer"
|
||||
>
|
||||
@@ -1,34 +0,0 @@
|
||||
diff --git a/dashboard/src/shared/url.ts b/dashboard/src/shared/url.ts
|
||||
index 7918652b0..64c3435af 100644
|
||||
--- a/dashboard/src/shared/url.ts
|
||||
+++ b/dashboard/src/shared/url.ts
|
||||
@@ -36,7 +36,7 @@ export const app = {
|
||||
return `${app.apps.list(
|
||||
pkgCluster,
|
||||
pkgNamespace,
|
||||
- )}/${pkgPluginName}/${pkgPluginVersion}/${pkgId}`;
|
||||
+ )}/${pkgPluginName}/${pkgPluginVersion}/${encodeURIComponent(pkgId)}`;
|
||||
},
|
||||
upgrade: (ref: InstalledPackageReference) => `${app.apps.get(ref)}/upgrade`,
|
||||
upgradeTo: (ref: InstalledPackageReference, version?: string) =>
|
||||
diff --git a/dashboard/src/components/DeploymentForm/DeploymentForm.tsx b/dashboard/src/components/DeploymentForm/DeploymentForm.tsx
|
||||
index 7ccb77b5d..589f72b65 100644
|
||||
--- a/dashboard/src/components/DeploymentForm/DeploymentForm.tsx
|
||||
+++ b/dashboard/src/components/DeploymentForm/DeploymentForm.tsx
|
||||
@@ -144,13 +144,15 @@ export default function DeploymentForm() {
|
||||
);
|
||||
setDeploying(false);
|
||||
if (deployed) {
|
||||
+ const chartParts = packageId?.split("/") || [];
|
||||
+ const kind = chartParts[chartParts.length - 1];
|
||||
push(
|
||||
// Redirect to the installed package, note that the cluster/ns are the ones passed
|
||||
// in the URL, not the ones from the package.
|
||||
url.app.apps.get({
|
||||
context: { cluster: targetCluster, namespace: targetNamespace },
|
||||
plugin: pluginObj,
|
||||
- identifier: releaseName,
|
||||
+ identifier: `${kind}%2F${releaseName}`,
|
||||
} as AvailablePackageReference),
|
||||
);
|
||||
}
|
||||
@@ -1,66 +0,0 @@
|
||||
diff --git a/dashboard/src/components/Catalog/Catalog.tsx b/dashboard/src/components/Catalog/Catalog.tsx
|
||||
index 5f2d2a1c5..093cb598d 100644
|
||||
--- a/dashboard/src/components/Catalog/Catalog.tsx
|
||||
+++ b/dashboard/src/components/Catalog/Catalog.tsx
|
||||
@@ -15,7 +15,6 @@ import qs from "qs";
|
||||
import React, { useEffect } from "react";
|
||||
import { useDispatch, useSelector } from "react-redux";
|
||||
import * as ReactRouter from "react-router-dom";
|
||||
-import { Link } from "react-router-dom";
|
||||
import { IClusterServiceVersion, IStoreState } from "shared/types";
|
||||
import { app } from "shared/url";
|
||||
import { escapeRegExp, getPluginPackageName } from "shared/utils";
|
||||
@@ -85,7 +84,6 @@ export default function Catalog() {
|
||||
operators,
|
||||
repos: { reposSummaries: repos },
|
||||
config: {
|
||||
- appVersion,
|
||||
kubeappsCluster,
|
||||
helmGlobalNamespace,
|
||||
carvelGlobalNamespace,
|
||||
@@ -420,24 +418,6 @@ export default function Catalog() {
|
||||
<div className="empty-catalog">
|
||||
<CdsIcon shape="bundle" />
|
||||
<p>The current catalog is empty.</p>
|
||||
- <p>
|
||||
- Manage your Package Repositories in Kubeapps by visiting the Package repositories
|
||||
- configuration page.
|
||||
- </p>
|
||||
- <Link to={app.config.pkgrepositories(cluster || "", namespace || "")}>
|
||||
- <CdsButton>Manage Package Repositories</CdsButton>
|
||||
- </Link>
|
||||
- <p>
|
||||
- For help managing other packaging formats, such as Flux or Carvel, please refer to the{" "}
|
||||
- <a
|
||||
- target="_blank"
|
||||
- rel="noopener noreferrer"
|
||||
- href={`https://github.com/vmware-tanzu/kubeapps/tree/${appVersion}/site/content/docs/latest`}
|
||||
- >
|
||||
- Kubeapps documentation
|
||||
- </a>
|
||||
- .
|
||||
- </p>
|
||||
</div>
|
||||
) : (
|
||||
<Row>
|
||||
diff --git a/dashboard/src/components/Header/Menu.tsx b/dashboard/src/components/Header/Menu.tsx
|
||||
index c8ec1da8c..e59f90190 100644
|
||||
--- a/dashboard/src/components/Header/Menu.tsx
|
||||
+++ b/dashboard/src/components/Header/Menu.tsx
|
||||
@@ -78,16 +78,6 @@ function Menu({ clusters, appVersion, logout }: IContextSelectorProps) {
|
||||
<div className="dropdown-menu dropdown-configuration-menu" role="menu" hidden={!open}>
|
||||
<div>
|
||||
<label className="dropdown-menu-padding dropdown-menu-label">Administration</label>
|
||||
- <Link
|
||||
- to={app.config.pkgrepositories(clusters.currentCluster, namespaceSelected)}
|
||||
- className="dropdown-menu-link"
|
||||
- onClick={toggleOpen}
|
||||
- >
|
||||
- <div className="dropdown-menu-item" role="menuitem">
|
||||
- <CdsIcon solid={true} size="md" shape="library" />{" "}
|
||||
- <span>Package Repositories</span>
|
||||
- </div>
|
||||
- </Link>
|
||||
<div className="dropdown-divider" role="separator" />
|
||||
{featureFlags?.operators && (
|
||||
<Link
|
||||
@@ -4,12 +4,20 @@
|
||||
# syntax = docker/dockerfile:1
|
||||
|
||||
FROM alpine as source
|
||||
ARG COMMIT_REF=e146cf8660c58a4f585611ab3cbce62ebfa4c5a3
|
||||
ARG VERSION=v2.11.0
|
||||
RUN apk add --no-cache patch
|
||||
WORKDIR /source
|
||||
RUN wget -O- https://github.com/aenix-io/kubeapps/archive/${COMMIT_REF}.tar.gz | tar xzf - --strip-components=1
|
||||
RUN wget -O- https://github.com/vmware-tanzu/kubeapps/archive/refs/tags/${VERSION}.tar.gz | tar xzf - --strip-components=1
|
||||
COPY fluxcd.diff /patches/fluxcd.diff
|
||||
COPY labels.diff /patches/labels.diff
|
||||
COPY reconcile-strategy.diff /patches/reconcile-strategy.diff
|
||||
COPY dashboard-resource.diff /patches/dashboard-resource.diff
|
||||
RUN patch -p1 < /patches/fluxcd.diff
|
||||
RUN patch -p1 < /patches/labels.diff
|
||||
RUN patch -p1 < /patches/reconcile-strategy.diff
|
||||
RUN patch -p1 < /patches/dashboard-resource.diff
|
||||
|
||||
FROM bitnami/golang:1.23.4 AS builder
|
||||
FROM bitnami/golang:1.22.5 AS builder
|
||||
WORKDIR /go/src/github.com/vmware-tanzu/kubeapps
|
||||
COPY --from=source /source/go.mod /source/go.sum ./
|
||||
ARG VERSION="devel"
|
||||
@@ -37,6 +45,7 @@ RUN curl -sSL "https://github.com/bufbuild/buf/releases/download/v$BUF_VERSION/b
|
||||
# TODO: Remove and instead use built-in gRPC container probes once we're supporting >= 1.24 only. https://kubernetes.io/blog/2022/05/13/grpc-probes-now-in-beta/
|
||||
RUN curl -sSL "https://github.com/grpc-ecosystem/grpc-health-probe/releases/download/v${GRPC_HEALTH_PROBE_VERSION}/grpc_health_probe-linux-${TARGETARCH}" -o "/bin/grpc_health_probe" && chmod +x "/bin/grpc_health_probe"
|
||||
|
||||
|
||||
# With the trick below, Go's build cache is kept between builds.
|
||||
# https://github.com/golang/go/issues/27719#issuecomment-514747274
|
||||
RUN --mount=type=cache,target=/go/pkg/mod \
|
||||
|
||||
@@ -0,0 +1,155 @@
|
||||
diff --git a/cmd/kubeapps-apis/plugins/fluxv2/packages/v1alpha1/server.go b/cmd/kubeapps-apis/plugins/fluxv2/packages/v1alpha1/server.go
|
||||
index 53fac6474..4602a1148 100644
|
||||
--- a/cmd/kubeapps-apis/plugins/fluxv2/packages/v1alpha1/server.go
|
||||
+++ b/cmd/kubeapps-apis/plugins/fluxv2/packages/v1alpha1/server.go
|
||||
@@ -5,6 +5,7 @@ package main
|
||||
|
||||
import (
|
||||
"context"
|
||||
+ "encoding/json"
|
||||
"fmt"
|
||||
"net/http"
|
||||
|
||||
@@ -16,7 +17,6 @@ import (
|
||||
helmv2beta2 "github.com/fluxcd/helm-controller/api/v2beta2"
|
||||
sourcev1beta2 "github.com/fluxcd/source-controller/api/v1beta2"
|
||||
authorizationv1 "k8s.io/api/authorization/v1"
|
||||
- metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
|
||||
"k8s.io/apimachinery/pkg/runtime"
|
||||
"k8s.io/apimachinery/pkg/runtime/schema"
|
||||
"k8s.io/apimachinery/pkg/types"
|
||||
@@ -28,12 +28,16 @@ import (
|
||||
"github.com/vmware-tanzu/kubeapps/cmd/kubeapps-apis/gen/plugins/fluxv2/packages/v1alpha1"
|
||||
"github.com/vmware-tanzu/kubeapps/cmd/kubeapps-apis/plugins/fluxv2/packages/v1alpha1/cache"
|
||||
"github.com/vmware-tanzu/kubeapps/cmd/kubeapps-apis/plugins/fluxv2/packages/v1alpha1/common"
|
||||
- "github.com/vmware-tanzu/kubeapps/cmd/kubeapps-apis/plugins/pkg/clientgetter"
|
||||
"github.com/vmware-tanzu/kubeapps/cmd/kubeapps-apis/plugins/pkg/paginate"
|
||||
"github.com/vmware-tanzu/kubeapps/cmd/kubeapps-apis/plugins/pkg/pkgutils"
|
||||
- "github.com/vmware-tanzu/kubeapps/cmd/kubeapps-apis/plugins/pkg/resourcerefs"
|
||||
+ metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
|
||||
log "k8s.io/klog/v2"
|
||||
ctrlclient "sigs.k8s.io/controller-runtime/pkg/client"
|
||||
+
|
||||
+ "github.com/vmware-tanzu/kubeapps/cmd/kubeapps-apis/plugins/pkg/clientgetter"
|
||||
+ "k8s.io/apimachinery/pkg/apis/meta/v1/unstructured"
|
||||
+ "k8s.io/client-go/discovery/cached/memory"
|
||||
+ "k8s.io/client-go/restmapper"
|
||||
)
|
||||
|
||||
// Compile-time statement to ensure this service implementation satisfies the core packaging API
|
||||
@@ -135,6 +139,7 @@ func NewServer(configGetter core.KubernetesConfigGetter, kubeappsCluster string,
|
||||
if err != nil {
|
||||
log.Fatalf("%s", err)
|
||||
}
|
||||
+
|
||||
return &Server{
|
||||
clientGetter: clientProvider,
|
||||
serviceAccountClientGetter: backgroundClientGetter,
|
||||
@@ -462,36 +467,84 @@ func (s *Server) DeleteInstalledPackage(ctx context.Context, request *connect.Re
|
||||
// resources created by an installed package.
|
||||
func (s *Server) GetInstalledPackageResourceRefs(ctx context.Context, request *connect.Request[corev1.GetInstalledPackageResourceRefsRequest]) (*connect.Response[corev1.GetInstalledPackageResourceRefsResponse], error) {
|
||||
pkgRef := request.Msg.GetInstalledPackageRef()
|
||||
- identifier := pkgRef.GetIdentifier()
|
||||
- log.InfoS("+fluxv2 GetInstalledPackageResourceRefs", "cluster", pkgRef.GetContext().GetCluster(), "namespace", pkgRef.GetContext().GetNamespace(), "id", identifier)
|
||||
+ log.InfoS("+fluxv2 GetInstalledPackageResourceRefs", "cluster", pkgRef.GetContext().GetCluster(), "namespace", pkgRef.GetContext().GetNamespace(), "id", pkgRef.GetIdentifier())
|
||||
|
||||
- key := types.NamespacedName{Namespace: pkgRef.Context.Namespace, Name: identifier}
|
||||
- rel, err := s.getReleaseInCluster(ctx, request.Header(), key)
|
||||
+ // Getting dynamic client
|
||||
+ dynamicClient, err := s.clientGetter.Dynamic(request.Header(), pkgRef.GetContext().GetCluster())
|
||||
if err != nil {
|
||||
+ log.Errorf("Failed to get dynamic client: %v", err)
|
||||
return nil, err
|
||||
}
|
||||
- hrName := helmReleaseName(key, rel)
|
||||
- refs, err := resourcerefs.GetInstalledPackageResourceRefs(request.Header(), hrName, s.actionConfigGetter)
|
||||
+
|
||||
+ // Getting Discovery Client to work with RESTMapper
|
||||
+ discoveryClient, err := s.clientGetter.Typed(request.Header(), pkgRef.GetContext().GetCluster())
|
||||
if err != nil {
|
||||
+ log.Errorf("Failed to create discovery client: %v", err)
|
||||
return nil, err
|
||||
- } else {
|
||||
- return connect.NewResponse(
|
||||
- &corev1.GetInstalledPackageResourceRefsResponse{
|
||||
- Context: &corev1.Context{
|
||||
- Cluster: s.kubeappsCluster,
|
||||
- // TODO (gfichtenholt) it is not specifically called out in the spec why there is a
|
||||
- // need for a Context in the response and MORE imporantly what the value of Namespace
|
||||
- // field should be. In particular, there is use case when Flux Helm Release in
|
||||
- // installed in ns1 but specifies targetNamespace as test2. Should we:
|
||||
- // (a) return ns1 (the namespace where CRs are installed) OR
|
||||
- // (b) return ns2 (the namespace where flux installs the resources specified by the
|
||||
- // release).
|
||||
- // For now lets use (a)
|
||||
- Namespace: key.Namespace,
|
||||
- },
|
||||
- ResourceRefs: refs,
|
||||
- }), nil
|
||||
}
|
||||
+ mapper := restmapper.NewDeferredDiscoveryRESTMapper(memory.NewMemCacheClient(discoveryClient.Discovery()))
|
||||
+
|
||||
+ // Getting the role
|
||||
+ roleGVR := schema.GroupVersionResource{Group: "rbac.authorization.k8s.io", Version: "v1", Resource: "roles"}
|
||||
+ roleName := fmt.Sprintf("%s-dashboard-resources", pkgRef.GetIdentifier())
|
||||
+ namespace := pkgRef.GetContext().GetNamespace()
|
||||
+ role, err := dynamicClient.Resource(roleGVR).Namespace(namespace).Get(ctx, roleName, metav1.GetOptions{})
|
||||
+ if err != nil {
|
||||
+ log.Errorf("Failed to get role %s: %v", roleName, err)
|
||||
+ return nil, connect.NewError(connect.CodeInvalidArgument, fmt.Errorf("Unable to get role %s: %w", roleName, err))
|
||||
+ }
|
||||
+
|
||||
+ // Logging Role content for debugging
|
||||
+ roleContent, _ := json.Marshal(role)
|
||||
+ log.Infof("Role content: %s", string(roleContent))
|
||||
+
|
||||
+ // Parsing rules from Role and creating ResourceRefs
|
||||
+ resourcesFromRole := make([]*corev1.ResourceRef, 0)
|
||||
+ rules, found, _ := unstructured.NestedSlice(role.Object, "rules")
|
||||
+ if !found {
|
||||
+ log.Errorf("No rules found in role %s", roleName)
|
||||
+ return nil, connect.NewError(connect.CodeInternal, fmt.Errorf("No rules found in role %s", roleName))
|
||||
+ }
|
||||
+
|
||||
+ for _, rule := range rules {
|
||||
+ r := rule.(map[string]interface{})
|
||||
+ resources, _ := r["resources"].([]interface{})
|
||||
+ apiGroups, _ := r["apiGroups"].([]interface{})
|
||||
+
|
||||
+ for _, resource := range resources {
|
||||
+ resourceStr := resource.(string)
|
||||
+ for _, apiGroup := range apiGroups {
|
||||
+ apiGroupStr := apiGroup.(string)
|
||||
+
|
||||
+ // Using GroupVersionResource to get GroupVersionKind
|
||||
+ gvr := schema.GroupVersionResource{Group: apiGroupStr, Version: "v1", Resource: resourceStr}
|
||||
+ gvk, err := mapper.KindFor(gvr)
|
||||
+ if err != nil {
|
||||
+ log.Errorf("Failed to get GroupVersionKind for GVR %v: %v", gvr, err)
|
||||
+ continue
|
||||
+ }
|
||||
+
|
||||
+ resourceNames, _ := r["resourceNames"].([]interface{})
|
||||
+ for _, resourceName := range resourceNames {
|
||||
+ resourceNameStr := resourceName.(string)
|
||||
+ resourcesFromRole = append(resourcesFromRole, &corev1.ResourceRef{
|
||||
+ ApiVersion: gvk.GroupVersion().String(),
|
||||
+ Kind: gvk.Kind,
|
||||
+ Name: resourceNameStr,
|
||||
+ Namespace: namespace,
|
||||
+ })
|
||||
+ }
|
||||
+ }
|
||||
+ }
|
||||
+ }
|
||||
+
|
||||
+ return connect.NewResponse(&corev1.GetInstalledPackageResourceRefsResponse{
|
||||
+ Context: &corev1.Context{
|
||||
+ Cluster: s.kubeappsCluster,
|
||||
+ Namespace: namespace,
|
||||
+ },
|
||||
+ ResourceRefs: resourcesFromRole,
|
||||
+ }), nil
|
||||
}
|
||||
|
||||
func (s *Server) AddPackageRepository(ctx context.Context, request *connect.Request[corev1.AddPackageRepositoryRequest]) (*connect.Response[corev1.AddPackageRepositoryResponse], error) {
|
||||
@@ -0,0 +1,38 @@
|
||||
--- b/system/kubeapps/images/kubeapps-apis/Dockerfile
|
||||
+++ a/system/kubeapps/images/kubeapps-apis/Dockerfile
|
||||
@@ -3,9 +3,19 @@
|
||||
|
||||
# syntax = docker/dockerfile:1
|
||||
|
||||
+FROM alpine as source
|
||||
+ARG VERSION=v2.11.0
|
||||
+RUN apk add --no-cache patch
|
||||
+WORKDIR /source
|
||||
+RUN wget -O- https://github.com/vmware-tanzu/kubeapps/archive/refs/tags/${VERSION}.tar.gz | tar xzf - --strip-components=1
|
||||
+COPY fluxcd.diff /patches/fluxcd.diff
|
||||
+COPY labels.diff /patches/labels.diff
|
||||
+COPY reconcile-strategy.diff /patches/reconcile-strategy.diff
|
||||
+COPY dashboard-resource.diff /patches/dashboard-resource.diff
|
||||
+RUN patch -p1 < /patches/fluxcd.diff
|
||||
+RUN patch -p1 < /patches/labels.diff
|
||||
+RUN patch -p1 < /patches/reconcile-strategy.diff
|
||||
+RUN patch -p1 < /patches/dashboard-resource.diff
|
||||
+
|
||||
FROM bitnami/golang:1.22.2 as builder
|
||||
WORKDIR /go/src/github.com/vmware-tanzu/kubeapps
|
||||
-COPY go.mod go.sum ./
|
||||
+COPY --from=source /source/go.mod /source/go.sum ./
|
||||
ARG VERSION="devel"
|
||||
ARG TARGETARCH
|
||||
|
||||
@@ -40,8 +52,8 @@
|
||||
|
||||
# We don't copy the pkg and cmd directories until here so the above layers can
|
||||
# be reused.
|
||||
-COPY pkg pkg
|
||||
-COPY cmd cmd
|
||||
+COPY --from=source /source/pkg pkg
|
||||
+COPY --from=source /source/cmd cmd
|
||||
|
||||
RUN if [ ! -z ${lint:-} ]; then \
|
||||
# Run golangci-lint to detect issues
|
||||
3018
packages/system/dashboard/images/kubeapps-apis/fluxcd.diff
Normal file
3018
packages/system/dashboard/images/kubeapps-apis/fluxcd.diff
Normal file
File diff suppressed because it is too large
Load Diff
69
packages/system/dashboard/images/kubeapps-apis/labels.diff
Normal file
69
packages/system/dashboard/images/kubeapps-apis/labels.diff
Normal file
@@ -0,0 +1,69 @@
|
||||
diff --git a/cmd/kubeapps-apis/plugins/fluxv2/packages/v1alpha1/release.go b/cmd/kubeapps-apis/plugins/fluxv2/packages/v1alpha1/release.go
|
||||
index c489cb6ca..8884a6484 100644
|
||||
--- a/cmd/kubeapps-apis/plugins/fluxv2/packages/v1alpha1/release.go
|
||||
+++ b/cmd/kubeapps-apis/plugins/fluxv2/packages/v1alpha1/release.go
|
||||
@@ -29,8 +29,10 @@ import (
|
||||
"k8s.io/apimachinery/pkg/api/errors"
|
||||
"k8s.io/apimachinery/pkg/api/meta"
|
||||
metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
|
||||
+ "k8s.io/apimachinery/pkg/labels"
|
||||
"k8s.io/apimachinery/pkg/types"
|
||||
log "k8s.io/klog/v2"
|
||||
+ ctrlclient "sigs.k8s.io/controller-runtime/pkg/client"
|
||||
"sigs.k8s.io/yaml"
|
||||
)
|
||||
|
||||
@@ -54,7 +56,10 @@ func (s *Server) listReleasesInCluster(ctx context.Context, headers http.Header,
|
||||
// see any results created/updated/deleted after the first request is issued
|
||||
// To fix this, we must make use of resourceVersion := relList.GetResourceVersion()
|
||||
var relList helmv2.HelmReleaseList
|
||||
- if err = client.List(ctx, &relList); err != nil {
|
||||
+ listOptions := ctrlclient.ListOptions{
|
||||
+ LabelSelector: labels.SelectorFromSet(labels.Set{"cozystack.io/ui": "true"}),
|
||||
+ }
|
||||
+ if err = client.List(ctx, &relList, &listOptions); err != nil {
|
||||
return nil, connecterror.FromK8sError("list", "HelmRelease", namespace+"/*", err)
|
||||
} else {
|
||||
return relList.Items, nil
|
||||
@@ -512,6 +517,9 @@ func (s *Server) newFluxHelmRelease(chart *models.Chart, targetName types.Namesp
|
||||
ObjectMeta: metav1.ObjectMeta{
|
||||
Name: targetName.Name,
|
||||
Namespace: targetName.Namespace,
|
||||
+ Labels: map[string]string{
|
||||
+ "cozystack.io/ui": "true",
|
||||
+ },
|
||||
},
|
||||
Spec: helmv2.HelmReleaseSpec{
|
||||
Chart: helmv2.HelmChartTemplate{
|
||||
diff --git a/cmd/kubeapps-apis/plugins/fluxv2/packages/v1alpha1/repo.go b/cmd/kubeapps-apis/plugins/fluxv2/packages/v1alpha1/repo.go
|
||||
index 790b21514..539276a17 100644
|
||||
--- a/cmd/kubeapps-apis/plugins/fluxv2/packages/v1alpha1/repo.go
|
||||
+++ b/cmd/kubeapps-apis/plugins/fluxv2/packages/v1alpha1/repo.go
|
||||
@@ -32,6 +32,7 @@ import (
|
||||
apiv1 "k8s.io/api/core/v1"
|
||||
"k8s.io/apimachinery/pkg/api/meta"
|
||||
metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
|
||||
+ "k8s.io/apimachinery/pkg/labels"
|
||||
"k8s.io/apimachinery/pkg/types"
|
||||
"k8s.io/apimachinery/pkg/util/sets"
|
||||
log "k8s.io/klog/v2"
|
||||
@@ -64,7 +65,8 @@ func (s *Server) listReposInNamespace(ctx context.Context, headers http.Header,
|
||||
|
||||
var repoList sourcev1.HelmRepositoryList
|
||||
listOptions := ctrlclient.ListOptions{
|
||||
- Namespace: ns,
|
||||
+ Namespace: ns,
|
||||
+ LabelSelector: labels.SelectorFromSet(labels.Set{"cozystack.io/ui": "true"}),
|
||||
}
|
||||
if err := client.List(backgroundCtx, &repoList, &listOptions); err != nil {
|
||||
return nil, connecterror.FromK8sError("list", "HelmRepository", "", err)
|
||||
@@ -927,6 +929,9 @@ func newFluxHelmRepo(
|
||||
ObjectMeta: metav1.ObjectMeta{
|
||||
Name: targetName.Name,
|
||||
Namespace: targetName.Namespace,
|
||||
+ Labels: map[string]string{
|
||||
+ "cozystack.io/ui": "true",
|
||||
+ },
|
||||
},
|
||||
Spec: sourcev1.HelmRepositorySpec{
|
||||
URL: url,
|
||||
@@ -0,0 +1,12 @@
|
||||
diff --git a/cmd/kubeapps-apis/plugins/fluxv2/packages/v1alpha1/release.go b/cmd/kubeapps-apis/plugins/fluxv2/packages/v1alpha1/release.go
|
||||
index 8884a6484..4bf77071c 100644
|
||||
--- a/cmd/kubeapps-apis/plugins/fluxv2/packages/v1alpha1/release.go
|
||||
+++ b/cmd/kubeapps-apis/plugins/fluxv2/packages/v1alpha1/release.go
|
||||
@@ -530,6 +530,7 @@ func (s *Server) newFluxHelmRelease(chart *models.Chart, targetName types.Namesp
|
||||
Kind: sourcev1.HelmRepositoryKind,
|
||||
Namespace: chart.Repo.Namespace,
|
||||
},
|
||||
+ ReconcileStrategy: "Revision",
|
||||
},
|
||||
},
|
||||
},
|
||||
@@ -1,11 +1,4 @@
|
||||
kubeapps:
|
||||
ingress:
|
||||
annotations:
|
||||
nginx.ingress.kubernetes.io/proxy-read-timeout: "600"
|
||||
nginx.ingress.kubernetes.io/client-max-body-size: 1m
|
||||
nginx.ingress.kubernetes.io/proxy-body-size: 100m
|
||||
nginx.ingress.kubernetes.io/proxy-buffer-size: 16k
|
||||
nginx.ingress.kubernetes.io/proxy-buffers-number: "4"
|
||||
fullnameOverride: dashboard
|
||||
postgresql:
|
||||
enabled: false
|
||||
@@ -40,310 +33,11 @@ kubeapps:
|
||||
image:
|
||||
registry: ghcr.io/aenix-io/cozystack
|
||||
repository: dashboard
|
||||
tag: v0.21.0
|
||||
digest: "sha256:4ec2a6b6e7b92351d5483cda6c65a2a3e9a9c6ff619a6f21b0bb96c469f871ad"
|
||||
tag: v0.20.2
|
||||
digest: "sha256:4818712e9fc9c57cc321512760c3226af564a04e69d4b3ec9229ab91fd39abeb"
|
||||
kubeappsapis:
|
||||
image:
|
||||
registry: ghcr.io/aenix-io/cozystack
|
||||
repository: kubeapps-apis
|
||||
tag: v0.21.0
|
||||
digest: "sha256:ee4d0e44fc86c5c8b03a3c516233354e666f354ed2bb853e73403e9a3060ca2f"
|
||||
pluginConfig:
|
||||
flux:
|
||||
packages:
|
||||
v1alpha1:
|
||||
resources:
|
||||
- application:
|
||||
kind: Bucket
|
||||
singular: bucket
|
||||
plural: buckets
|
||||
release:
|
||||
prefix: bucket-
|
||||
labels:
|
||||
cozystack.io/ui: "true"
|
||||
chart:
|
||||
name: bucket
|
||||
sourceRef:
|
||||
kind: HelmRepository
|
||||
name: cozystack-apps
|
||||
namespace: cozy-public
|
||||
- application:
|
||||
kind: ClickHouse
|
||||
singular: clickhouse
|
||||
plural: clickhouses
|
||||
release:
|
||||
prefix: clickhouse-
|
||||
labels:
|
||||
cozystack.io/ui: "true"
|
||||
chart:
|
||||
name: clickhouse
|
||||
sourceRef:
|
||||
kind: HelmRepository
|
||||
name: cozystack-apps
|
||||
namespace: cozy-public
|
||||
- application:
|
||||
kind: HTTPCache
|
||||
singular: httpcache
|
||||
plural: httpcaches
|
||||
release:
|
||||
prefix: http-cache-
|
||||
labels:
|
||||
cozystack.io/ui: "true"
|
||||
chart:
|
||||
name: http-cache
|
||||
sourceRef:
|
||||
kind: HelmRepository
|
||||
name: cozystack-apps
|
||||
namespace: cozy-public
|
||||
- application:
|
||||
kind: NATS
|
||||
singular: nats
|
||||
plural: natses
|
||||
release:
|
||||
prefix: nats-
|
||||
labels:
|
||||
cozystack.io/ui: "true"
|
||||
chart:
|
||||
name: nats
|
||||
sourceRef:
|
||||
kind: HelmRepository
|
||||
name: cozystack-apps
|
||||
namespace: cozy-public
|
||||
- application:
|
||||
kind: TCPBalancer
|
||||
singular: tcpbalancer
|
||||
plural: tcpbalancers
|
||||
release:
|
||||
prefix: tcp-balancer-
|
||||
labels:
|
||||
cozystack.io/ui: "true"
|
||||
chart:
|
||||
name: tcp-balancer
|
||||
sourceRef:
|
||||
kind: HelmRepository
|
||||
name: cozystack-apps
|
||||
namespace: cozy-public
|
||||
- application:
|
||||
kind: VirtualMachine
|
||||
singular: virtualmachine
|
||||
plural: virtualmachines
|
||||
release:
|
||||
prefix: virtual-machine-
|
||||
labels:
|
||||
cozystack.io/ui: "true"
|
||||
chart:
|
||||
name: virtual-machine
|
||||
sourceRef:
|
||||
kind: HelmRepository
|
||||
name: cozystack-apps
|
||||
namespace: cozy-public
|
||||
- application:
|
||||
kind: VPN
|
||||
singular: vpn
|
||||
plural: vpns
|
||||
release:
|
||||
prefix: vpn-
|
||||
labels:
|
||||
cozystack.io/ui: "true"
|
||||
chart:
|
||||
name: vpn
|
||||
sourceRef:
|
||||
kind: HelmRepository
|
||||
name: cozystack-apps
|
||||
namespace: cozy-public
|
||||
- application:
|
||||
kind: MySQL
|
||||
singular: mysql
|
||||
plural: mysqls
|
||||
release:
|
||||
prefix: mysql-
|
||||
labels:
|
||||
cozystack.io/ui: "true"
|
||||
chart:
|
||||
name: mysql
|
||||
sourceRef:
|
||||
kind: HelmRepository
|
||||
name: cozystack-apps
|
||||
namespace: cozy-public
|
||||
- application:
|
||||
kind: Tenant
|
||||
singular: tenant
|
||||
plural: tenants
|
||||
release:
|
||||
prefix: tenant-
|
||||
labels:
|
||||
cozystack.io/ui: "true"
|
||||
chart:
|
||||
name: tenant
|
||||
sourceRef:
|
||||
kind: HelmRepository
|
||||
name: cozystack-apps
|
||||
namespace: cozy-public
|
||||
- application:
|
||||
kind: Kubernetes
|
||||
singular: kubernetes
|
||||
plural: kuberneteses
|
||||
release:
|
||||
prefix: kubernetes-
|
||||
labels:
|
||||
cozystack.io/ui: "true"
|
||||
chart:
|
||||
name: kubernetes
|
||||
sourceRef:
|
||||
kind: HelmRepository
|
||||
name: cozystack-apps
|
||||
namespace: cozy-public
|
||||
- application:
|
||||
kind: Redis
|
||||
singular: redis
|
||||
plural: redises
|
||||
release:
|
||||
prefix: redis-
|
||||
labels:
|
||||
cozystack.io/ui: "true"
|
||||
chart:
|
||||
name: redis
|
||||
sourceRef:
|
||||
kind: HelmRepository
|
||||
name: cozystack-apps
|
||||
namespace: cozy-public
|
||||
- application:
|
||||
kind: RabbitMQ
|
||||
singular: rabbitmq
|
||||
plural: rabbitmqs
|
||||
release:
|
||||
prefix: rabbitmq-
|
||||
labels:
|
||||
cozystack.io/ui: "true"
|
||||
chart:
|
||||
name: rabbitmq
|
||||
sourceRef:
|
||||
kind: HelmRepository
|
||||
name: cozystack-apps
|
||||
namespace: cozy-public
|
||||
- application:
|
||||
kind: Postgres
|
||||
singular: postgres
|
||||
plural: postgreses
|
||||
release:
|
||||
prefix: postgres-
|
||||
labels:
|
||||
cozystack.io/ui: "true"
|
||||
chart:
|
||||
name: postgres
|
||||
sourceRef:
|
||||
kind: HelmRepository
|
||||
name: cozystack-apps
|
||||
namespace: cozy-public
|
||||
- application:
|
||||
kind: FerretDB
|
||||
singular: ferretdb
|
||||
plural: ferretdb
|
||||
release:
|
||||
prefix: ferretdb-
|
||||
labels:
|
||||
cozystack.io/ui: "true"
|
||||
chart:
|
||||
name: ferretdb
|
||||
sourceRef:
|
||||
kind: HelmRepository
|
||||
name: cozystack-apps
|
||||
namespace: cozy-public
|
||||
- application:
|
||||
kind: Kafka
|
||||
singular: kafka
|
||||
plural: kafkas
|
||||
release:
|
||||
prefix: kafka-
|
||||
labels:
|
||||
cozystack.io/ui: "true"
|
||||
chart:
|
||||
name: kafka
|
||||
sourceRef:
|
||||
kind: HelmRepository
|
||||
name: cozystack-apps
|
||||
namespace: cozy-public
|
||||
- application:
|
||||
kind: VMDisk
|
||||
plural: vmdisks
|
||||
singular: vmdisk
|
||||
release:
|
||||
prefix: vm-disk-
|
||||
labels:
|
||||
cozystack.io/ui: "true"
|
||||
chart:
|
||||
name: vm-disk
|
||||
sourceRef:
|
||||
kind: HelmRepository
|
||||
name: cozystack-apps
|
||||
namespace: cozy-public
|
||||
- application:
|
||||
kind: VMInstance
|
||||
plural: vminstances
|
||||
singular: vminstance
|
||||
release:
|
||||
prefix: vm-instance-
|
||||
labels:
|
||||
cozystack.io/ui: "true"
|
||||
chart:
|
||||
name: vm-instance
|
||||
sourceRef:
|
||||
kind: HelmRepository
|
||||
name: cozystack-apps
|
||||
namespace: cozy-public
|
||||
- application:
|
||||
kind: Monitoring
|
||||
plural: monitorings
|
||||
singular: monitoring
|
||||
release:
|
||||
prefix: ""
|
||||
labels:
|
||||
cozystack.io/ui: "true"
|
||||
chart:
|
||||
name: monitoring
|
||||
sourceRef:
|
||||
kind: HelmRepository
|
||||
name: cozystack-extra
|
||||
namespace: cozy-public
|
||||
- application:
|
||||
kind: Etcd
|
||||
plural: etcds
|
||||
singular: etcd
|
||||
release:
|
||||
prefix: ""
|
||||
labels:
|
||||
cozystack.io/ui: "true"
|
||||
chart:
|
||||
name: etcd
|
||||
sourceRef:
|
||||
kind: HelmRepository
|
||||
name: cozystack-extra
|
||||
namespace: cozy-public
|
||||
- application:
|
||||
kind: Ingress
|
||||
plural: ingresses
|
||||
singular: ingress
|
||||
release:
|
||||
prefix: ""
|
||||
labels:
|
||||
cozystack.io/ui: "true"
|
||||
chart:
|
||||
name: ingress
|
||||
sourceRef:
|
||||
kind: HelmRepository
|
||||
name: cozystack-extra
|
||||
namespace: cozy-public
|
||||
- application:
|
||||
kind: SeaweedFS
|
||||
plural: seaweedfses
|
||||
singular: seaweedfs
|
||||
release:
|
||||
prefix: ""
|
||||
labels:
|
||||
cozystack.io/ui: "true"
|
||||
chart:
|
||||
name: seaweedfs
|
||||
sourceRef:
|
||||
kind: HelmRepository
|
||||
name: cozystack-extra
|
||||
namespace: cozy-public
|
||||
tag: v0.20.2
|
||||
digest: "sha256:7640ba0c9549e6051b4e26488904a4f07d532087f1ac2f32bdc35687d7291ace"
|
||||
|
||||
@@ -3,7 +3,7 @@ kamaji:
|
||||
deploy: false
|
||||
image:
|
||||
pullPolicy: IfNotPresent
|
||||
tag: v0.21.0@sha256:711950105680caabaab5532c6bf6f3d3d3c07b6aff39361a1102b4139611d894
|
||||
tag: v0.20.2@sha256:f7ebb4e8b833b90982d371a8d8292c328ab7e828ffd953a32f08cdd91398faef
|
||||
repository: ghcr.io/aenix-io/cozystack/kamaji
|
||||
resources:
|
||||
limits:
|
||||
|
||||
@@ -215,6 +215,19 @@ data:
|
||||
|
||||
---
|
||||
|
||||
apiVersion: v1.edp.epam.com/v1
|
||||
kind: KeycloakRealmGroup
|
||||
metadata:
|
||||
name: kubeapps-admin
|
||||
namespace: cozy-dashboard
|
||||
spec:
|
||||
name: kubeapps-admin
|
||||
realmRef:
|
||||
name: keycloakrealm-cozy
|
||||
kind: ClusterKeycloakRealm
|
||||
|
||||
---
|
||||
|
||||
apiVersion: v1.edp.epam.com/v1
|
||||
kind: KeycloakRealmGroup
|
||||
metadata:
|
||||
|
||||
@@ -1,3 +1,35 @@
|
||||
apiVersion: rbac.authorization.k8s.io/v1
|
||||
kind: ClusterRoleBinding
|
||||
metadata:
|
||||
name: kubeapps-admin-group
|
||||
namespace: cozy-dashboard
|
||||
roleRef:
|
||||
apiGroup: rbac.authorization.k8s.io
|
||||
kind: ClusterRole
|
||||
name: kubeapps-admin
|
||||
subjects:
|
||||
- apiGroup: rbac.authorization.k8s.io
|
||||
kind: Group
|
||||
name: kubeapps-admin
|
||||
|
||||
---
|
||||
|
||||
apiVersion: rbac.authorization.k8s.io/v1
|
||||
kind: RoleBinding
|
||||
metadata:
|
||||
name: kubeapps-admin
|
||||
namespace: cozy-public
|
||||
subjects:
|
||||
- kind: Group
|
||||
name: kubeapps-admin
|
||||
apiGroup: rbac.authorization.k8s.io
|
||||
roleRef:
|
||||
kind: Role
|
||||
name: kubeapps-admin
|
||||
apiGroup: rbac.authorization.k8s.io
|
||||
|
||||
---
|
||||
|
||||
apiVersion: rbac.authorization.k8s.io/v1
|
||||
kind: ClusterRoleBinding
|
||||
metadata:
|
||||
|
||||
@@ -1,3 +1,45 @@
|
||||
apiVersion: rbac.authorization.k8s.io/v1
|
||||
kind: ClusterRole
|
||||
metadata:
|
||||
name: kubeapps-admin
|
||||
rules:
|
||||
- apiGroups: [""]
|
||||
resources:
|
||||
- "*"
|
||||
verbs:
|
||||
- get
|
||||
- list
|
||||
- watch
|
||||
- apiGroups: ["apps.cozystack.io"]
|
||||
resources:
|
||||
- '*'
|
||||
verbs:
|
||||
- '*'
|
||||
- apiGroups: ["helm.toolkit.fluxcd.io"]
|
||||
resources:
|
||||
- helmreleases
|
||||
verbs:
|
||||
- '*'
|
||||
---
|
||||
|
||||
apiVersion: rbac.authorization.k8s.io/v1
|
||||
kind: Role
|
||||
metadata:
|
||||
name: kubeapps-admin
|
||||
namespace: cozy-public
|
||||
rules:
|
||||
- apiGroups: ["source.toolkit.fluxcd.io"]
|
||||
resources: ["helmrepositories"]
|
||||
verbs:
|
||||
- get
|
||||
- list
|
||||
- apiGroups: ["source.toolkit.fluxcd.io"]
|
||||
resources:
|
||||
- helmcharts
|
||||
verbs: ["*"]
|
||||
|
||||
---
|
||||
|
||||
apiVersion: rbac.authorization.k8s.io/v1
|
||||
kind: ClusterRole
|
||||
metadata:
|
||||
|
||||
@@ -22,4 +22,4 @@ global:
|
||||
images:
|
||||
kubeovn:
|
||||
repository: kubeovn
|
||||
tag: v1.13.0@sha256:be0bf28b0e669b63b2c6d859a1ba80dcc1d848d2d0dc124480023cc90cd59c38
|
||||
tag: v1.13.0@sha256:3962404f479a95a6d8c0d4566b2694bcc9f2e88048edde4f368b84e0e0fadb7b
|
||||
|
||||
@@ -305,57 +305,3 @@ vmagent:
|
||||
tenant: tenant-root
|
||||
remoteWrite:
|
||||
url: http://vminsert-shortterm.tenant-root.svc:8480/insert/0/prometheus
|
||||
|
||||
fluent-bit:
|
||||
readinessProbe:
|
||||
httpGet:
|
||||
path: /
|
||||
daemonSetVolumes:
|
||||
- name: varlog
|
||||
hostPath:
|
||||
path: /var/log
|
||||
- name: varlibdockercontainers
|
||||
hostPath:
|
||||
path: /var/lib/docker/containers
|
||||
daemonSetVolumeMounts:
|
||||
- name: varlog
|
||||
mountPath: /var/log
|
||||
- name: varlibdockercontainers
|
||||
mountPath: /var/lib/docker/containers
|
||||
readOnly: true
|
||||
config:
|
||||
outputs: |
|
||||
[OUTPUT]
|
||||
Name http
|
||||
Match kube.*
|
||||
Host vlogs-generic.tenant-root.svc
|
||||
port 9428
|
||||
compress gzip
|
||||
uri /insert/jsonline?_stream_fields=stream,kubernetes_pod_name,kubernetes_container_name,kubernetes_namespace_name&_msg_field=log&_time_field=date
|
||||
format json_lines
|
||||
json_date_format iso8601
|
||||
header AccountID 0
|
||||
header ProjectID 0
|
||||
filters: |
|
||||
[FILTER]
|
||||
Name kubernetes
|
||||
Match kube.*
|
||||
Merge_Log On
|
||||
Keep_Log On
|
||||
K8S-Logging.Parser On
|
||||
K8S-Logging.Exclude On
|
||||
[FILTER]
|
||||
Name nest
|
||||
Match *
|
||||
Wildcard pod_name
|
||||
Operation lift
|
||||
Nested_under kubernetes
|
||||
Add_prefix kubernetes_
|
||||
[FILTER]
|
||||
Name modify
|
||||
Match *
|
||||
Add tenant tenant-root
|
||||
[FILTER]
|
||||
Name modify
|
||||
Match *
|
||||
Add cluster root-cluster
|
||||
|
||||
@@ -30,7 +30,7 @@ data:
|
||||
tag: v1.6.0
|
||||
image: drbd-reactor
|
||||
ha-controller:
|
||||
tag: v1.2.3
|
||||
tag: v1.2.2
|
||||
image: piraeus-ha-controller
|
||||
drbd-shutdown-guard:
|
||||
tag: v1.0.0
|
||||
|
||||
@@ -201,30 +201,26 @@ func (o *AppsServerOptions) Config() (*apiserver.Config, error) {
|
||||
serverConfig.OpenAPIConfig.PostProcessSpec = func(swagger *spec.Swagger) (*spec.Swagger, error) {
|
||||
defs := swagger.Definitions
|
||||
|
||||
// Verify the presence of the base Application/ApplicationList definitions
|
||||
// Check basic Application definition
|
||||
appDef, exists := defs["com.github.aenix.io.cozystack.pkg.apis.apps.v1alpha1.Application"]
|
||||
if !exists {
|
||||
return swagger, fmt.Errorf("Application definition not found")
|
||||
}
|
||||
|
||||
// Check basic ApplicationList definition
|
||||
listDef, exists := defs["com.github.aenix.io.cozystack.pkg.apis.apps.v1alpha1.ApplicationList"]
|
||||
if !exists {
|
||||
return swagger, fmt.Errorf("ApplicationList definition not found")
|
||||
}
|
||||
|
||||
// Iterate over all registered GVKs (e.g., Bucket, Database, etc.)
|
||||
for _, gvk := range v1alpha1.RegisteredGVKs {
|
||||
// This will be something like:
|
||||
// "com.github.aenix.io.cozystack.pkg.apis.apps.v1alpha1.Bucket"
|
||||
resourceName := fmt.Sprintf("com.github.aenix.io.cozystack.pkg.apis.apps.v1alpha1.%s", gvk.Kind)
|
||||
|
||||
// 1. Create a copy of the base Application definition for the new resource
|
||||
newDef, err := DeepCopySchema(&appDef)
|
||||
if err != nil {
|
||||
return nil, fmt.Errorf("failed to deepcopy schema for %s: %w", gvk.Kind, err)
|
||||
}
|
||||
|
||||
// 2. Update x-kubernetes-group-version-kind to match the new resource
|
||||
// Fix Extensions for resource
|
||||
if newDef.Extensions == nil {
|
||||
newDef.Extensions = map[string]interface{}{}
|
||||
}
|
||||
@@ -235,20 +231,17 @@ func (o *AppsServerOptions) Config() (*apiserver.Config, error) {
|
||||
"kind": gvk.Kind,
|
||||
},
|
||||
}
|
||||
|
||||
// 3. Save the new resource definition under the correct name
|
||||
defs[resourceName] = *newDef
|
||||
klog.V(6).Infof("PostProcessSpec: Added OpenAPI definition for %s\n", resourceName)
|
||||
|
||||
// 4. Now handle the corresponding List type (e.g., BucketList).
|
||||
// We'll start by copying the ApplicationList definition.
|
||||
// List resource
|
||||
listResourceName := fmt.Sprintf("com.github.aenix.io.cozystack.pkg.apis.apps.v1alpha1.%sList", gvk.Kind)
|
||||
newListDef, err := DeepCopySchema(&listDef)
|
||||
if err != nil {
|
||||
return nil, fmt.Errorf("failed to deepcopy schema for %sList: %w", gvk.Kind, err)
|
||||
}
|
||||
|
||||
// 5. Update x-kubernetes-group-version-kind for the List definition
|
||||
// Fix Extensions for List resource
|
||||
if newListDef.Extensions == nil {
|
||||
newListDef.Extensions = map[string]interface{}{}
|
||||
}
|
||||
@@ -259,22 +252,10 @@ func (o *AppsServerOptions) Config() (*apiserver.Config, error) {
|
||||
"kind": fmt.Sprintf("%sList", gvk.Kind),
|
||||
},
|
||||
}
|
||||
|
||||
// 6. IMPORTANT: Fix the "items" reference so it points to the new resource
|
||||
// rather than to "Application".
|
||||
if itemsProp, found := newListDef.Properties["items"]; found {
|
||||
if itemsProp.Items != nil && itemsProp.Items.Schema != nil {
|
||||
itemsProp.Items.Schema.Ref = spec.MustCreateRef("#/definitions/" + resourceName)
|
||||
newListDef.Properties["items"] = itemsProp
|
||||
}
|
||||
}
|
||||
|
||||
// 7. Finally, save the new List definition
|
||||
defs[listResourceName] = *newListDef
|
||||
klog.V(6).Infof("PostProcessSpec: Added OpenAPI definition for %s\n", listResourceName)
|
||||
}
|
||||
|
||||
// Remove the original Application/ApplicationList from the definitions
|
||||
delete(defs, "com.github.aenix.io.cozystack.pkg.apis.apps.v1alpha1.Application")
|
||||
delete(defs, "com.github.aenix.io.cozystack.pkg.apis.apps.v1alpha1.ApplicationList")
|
||||
|
||||
|
||||
Reference in New Issue
Block a user