rancher · diogoasouza · Jun 27, 2023 · Jun 21, 2023 · Jun 22, 2023 · Jun 22, 2023
diff --git a/.github/workflows/regsync-config.yaml b/.github/workflows/regsync-config.yaml
@@ -17,20 +17,22 @@ jobs:
 
       # Need to remove export version once rancher/charts gets the latest version 
       # of charts-build-script binary.
-      - name: Generate Regsync
+
+      - name: Generate Regsync Config
         run: |
           export CHARTS_BUILD_SCRIPT_VERSION=v0.4.2 
           make pull-scripts
           make regsync
 
       - name: Install Regsync
         run: |
-          curl -o regsync https://github.com/regclient/regclient/releases/download/v0.4.8/regsync-linux-amd64
+          curl --silent --fail --location --output regsync https://github.com/regclient/regclient/releases/download/v0.4.8/regsync-linux-amd64
           chmod +x regsync
 
-      - name: Sync Charts
+      - name: Sync Images to Registry
         run: |
-          time ./regsync  -v debug check --config regsync.yaml
+          head regsync.yaml
+          time ./regsync once --config regsync.yaml
         env:
           REGISTRY_ENDPOINT: ${{ secrets.REGISTRY_ENDPOINT }}
           REGISTRY_USERNAME: ${{ secrets.REGISTRY_USERNAME }}

diff --git a/assets/rancher-aks-operator-crd/rancher-aks-operator-crd-102.2.1+up1.1.2.tgz b/assets/rancher-aks-operator-crd/rancher-aks-operator-crd-102.2.1+up1.1.2.tgz
diff --git a/assets/rancher-aks-operator/rancher-aks-operator-102.2.1+up1.1.2.tgz b/assets/rancher-aks-operator/rancher-aks-operator-102.2.1+up1.1.2.tgz
diff --git a/charts/rancher-aks-operator-crd/102.2.1+up1.1.2/Chart.yaml b/charts/rancher-aks-operator-crd/102.2.1+up1.1.2/Chart.yaml
@@ -0,0 +1,12 @@
+annotations:
+  catalog.cattle.io/certified: rancher
+  catalog.cattle.io/hidden: "true"
+  catalog.cattle.io/namespace: cattle-system
+  catalog.cattle.io/os: linux
+  catalog.cattle.io/permits-os: linux,windows
+  catalog.cattle.io/release-name: rancher-aks-operator-crd
+apiVersion: v2
+appVersion: 1.1.2
+description: AKS Operator CustomResourceDefinitions
+name: rancher-aks-operator-crd
+version: 102.2.1+up1.1.2
diff --git a/charts/rancher-aks-operator-crd/102.2.1+up1.1.2/templates/crds.yaml b/charts/rancher-aks-operator-crd/102.2.1+up1.1.2/templates/crds.yaml
@@ -0,0 +1,202 @@
+apiVersion: apiextensions.k8s.io/v1
+kind: CustomResourceDefinition
+metadata:
+  annotations:
+    helm.sh/resource-policy: keep
+  name: aksclusterconfigs.aks.cattle.io
+spec:
+  group: aks.cattle.io
+  names:
+    kind: AKSClusterConfig
+    plural: aksclusterconfigs
+    shortNames:
+    - akscc
+    singular: aksclusterconfig
+  preserveUnknownFields: false
+  scope: Namespaced
+  versions:
+  - name: v1
+    schema:
+      openAPIV3Schema:
+        properties:
+          spec:
+            properties:
+              authBaseUrl:
+                nullable: true
+                type: string
+              authorizedIpRanges:
+                items:
+                  nullable: true
+                  type: string
+                nullable: true
+                type: array
+              azureCredentialSecret:
+                nullable: true
+                type: string
+              baseUrl:
+                nullable: true
+                type: string
+              clusterName:
+                nullable: true
+                type: string
+              dnsPrefix:
+                nullable: true
+                type: string
+              dnsServiceIp:
+                nullable: true
+                type: string
+              dockerBridgeCidr:
+                nullable: true
+                type: string
+              httpApplicationRouting:
+                nullable: true
+                type: boolean
+              imported:
+                type: boolean
+              kubernetesVersion:
+                nullable: true
+                type: string
+              linuxAdminUsername:
+                nullable: true
+                type: string
+              loadBalancerSku:
+                nullable: true
+                type: string
+              logAnalyticsWorkspaceGroup:
+                nullable: true
+                type: string
+              logAnalyticsWorkspaceName:
+                nullable: true
+                type: string
+              monitoring:
+                nullable: true
+                type: boolean
+              networkPlugin:
+                nullable: true
+                type: string
+              networkPolicy:
+                nullable: true
+                type: string
+              nodePools:
+                items:
+                  properties:
+                    availabilityZones:
+                      items:
+                        nullable: true
+                        type: string
+                      nullable: true
+                      type: array
+                    count:
+                      nullable: true
+                      type: integer
+                    enableAutoScaling:
+                      nullable: true
+                      type: boolean
+                    maxCount:
+                      nullable: true
+                      type: integer
+                    maxPods:
+                      nullable: true
+                      type: integer
+                    maxSurge:
+                      nullable: true
+                      type: string
+                    minCount:
+                      nullable: true
+                      type: integer
+                    mode:
+                      nullable: true
+                      type: string
+                    name:
+                      nullable: true
+                      type: string
+                    nodeLabels:
+                      additionalProperties:
+                        nullable: true
+                        type: string
+                      nullable: true
+                      type: object
+                    nodeTaints:
+                      items:
+                        nullable: true
+                        type: string
+                      nullable: true
+                      type: array
+                    orchestratorVersion:
+                      nullable: true
+                      type: string
+                    osDiskSizeGB:
+                      nullable: true
+                      type: integer
+                    osDiskType:
+                      nullable: true
+                      type: string
+                    osType:
+                      nullable: true
+                      type: string
+                    vmSize:
+                      nullable: true
+                      type: string
+                    vnetSubnetID:
+                      nullable: true
+                      type: string
+                  type: object
+                nullable: true
+                type: array
+              nodeResourceGroup:
+                nullable: true
+                type: string
+              outboundType:
+                nullable: true
+                type: string
+              podCidr:
+                nullable: true
+                type: string
+              privateCluster:
+                nullable: true
+                type: boolean
+              resourceGroup:
+                nullable: true
+                type: string
+              resourceLocation:
+                nullable: true
+                type: string
+              serviceCidr:
+                nullable: true
+                type: string
+              sshPublicKey:
+                nullable: true
+                type: string
+              subnet:
+                nullable: true
+                type: string
+              tags:
+                additionalProperties:
+                  nullable: true
+                  type: string
+                nullable: true
+                type: object
+              virtualNetwork:
+                nullable: true
+                type: string
+              virtualNetworkResourceGroup:
+                nullable: true
+                type: string
+            type: object
+          status:
+            properties:
+              failureMessage:
+                nullable: true
+                type: string
+              phase:
+                nullable: true
+                type: string
+              rbacEnabled:
+                nullable: true
+                type: boolean
+            type: object
+        type: object
+    served: true
+    storage: true
+    subresources:
+      status: {}
diff --git a/charts/rancher-aks-operator/102.2.1+up1.1.2/Chart.yaml b/charts/rancher-aks-operator/102.2.1+up1.1.2/Chart.yaml
@@ -0,0 +1,20 @@
+annotations:
+  catalog.cattle.io/auto-install: rancher-aks-operator-crd=match
+  catalog.cattle.io/certified: rancher
+  catalog.cattle.io/hidden: "true"
+  catalog.cattle.io/kube-version: '>= 1.20.0-0 < 1.27.0-0'
+  catalog.cattle.io/namespace: cattle-system
+  catalog.cattle.io/os: linux
+  catalog.cattle.io/permits-os: linux,windows
+  catalog.cattle.io/provides-gvr: aksclusterconfigs.aks.cattle.io/v1
+  catalog.cattle.io/rancher-version: '>= 2.7.0-0 < 2.8.0-0'
+  catalog.cattle.io/release-name: rancher-aks-operator
+  catalog.cattle.io/scope: management
+apiVersion: v2
+appVersion: 1.1.2
+description: A Helm chart for provisioning AKS clusters
+home: https://github.com/rancher/aks-operator
+name: rancher-aks-operator
+sources:
+- https://github.com/rancher/aks-operator
+version: 102.2.1+up1.1.2
diff --git a/charts/rancher-aks-operator/102.2.1+up1.1.2/templates/NOTES.txt b/charts/rancher-aks-operator/102.2.1+up1.1.2/templates/NOTES.txt
@@ -0,0 +1,4 @@
+You have deployed the Rancher AKS operator
+Version: {{ .Chart.AppVersion }}
+Description: This operator provisions AKS clusters
+from AKSClusterConfig CRs.
diff --git a/charts/rancher-aks-operator/102.2.1+up1.1.2/templates/_helpers.tpl b/charts/rancher-aks-operator/102.2.1+up1.1.2/templates/_helpers.tpl
@@ -0,0 +1,25 @@
+{{/* vim: set filetype=mustache: */}}
+
+{{- define "system_default_registry" -}}
+{{- if .Values.global.cattle.systemDefaultRegistry -}}
+{{- printf "%s/" .Values.global.cattle.systemDefaultRegistry -}}
+{{- else -}}
+{{- "" -}}
+{{- end -}}
+{{- end -}}
+
+{{/*
+Windows cluster will add default taint for linux nodes,
+add below linux tolerations to workloads could be scheduled to those linux nodes
+*/}}
+{{- define "linux-node-tolerations" -}}
+- key: "cattle.io/os"
+  value: "linux"
+  effect: "NoSchedule"
+  operator: "Equal"
+{{- end -}}
+
+{{- define "linux-node-selector" -}}
+kubernetes.io/os: linux
+{{- end -}}
+
diff --git a/charts/rancher-aks-operator/102.2.1+up1.1.2/templates/clusterrole.yaml b/charts/rancher-aks-operator/102.2.1+up1.1.2/templates/clusterrole.yaml
@@ -0,0 +1,15 @@
+kind: ClusterRole
+apiVersion: rbac.authorization.k8s.io/v1
+metadata:
+  name: aks-operator
+  namespace: cattle-system
+rules:
+  - apiGroups: ['']
+    resources: ['secrets']
+    verbs: ['get', 'list', 'create', 'watch', 'update']
+  - apiGroups: ['aks.cattle.io']
+    resources: ['aksclusterconfigs']
+    verbs: ['get', 'list', 'update', 'watch']
+  - apiGroups: ['aks.cattle.io']
+    resources: ['aksclusterconfigs/status']
+    verbs: ['update']
diff --git a/charts/rancher-aks-operator/102.2.1+up1.1.2/templates/clusterrolebinding.yaml b/charts/rancher-aks-operator/102.2.1+up1.1.2/templates/clusterrolebinding.yaml
@@ -0,0 +1,13 @@
+apiVersion: rbac.authorization.k8s.io/v1
+kind: ClusterRoleBinding
+metadata:
+  name:  aks-operator
+  namespace: cattle-system
+roleRef:
+  apiGroup: rbac.authorization.k8s.io
+  kind: ClusterRole
+  name: aks-operator
+subjects:
+- kind: ServiceAccount
+  name: aks-operator
+  namespace: cattle-system
diff --git a/charts/rancher-aks-operator/102.2.1+up1.1.2/templates/deployment.yaml b/charts/rancher-aks-operator/102.2.1+up1.1.2/templates/deployment.yaml
@@ -0,0 +1,61 @@
+apiVersion: apps/v1
+kind: Deployment
+metadata:
+  name: aks-config-operator
+  namespace: cattle-system
+spec:
+  replicas: 1
+  selector:
+    matchLabels:
+      ke.cattle.io/operator: aks
+  template:
+    metadata:
+      labels:
+        ke.cattle.io/operator: aks
+    spec:
+      nodeSelector: {{ include "linux-node-selector" . | nindent 8 }}
+{{- if .Values.nodeSelector }}
+{{ toYaml .Values.nodeSelector | indent 8 }}
+{{- end }}
+      tolerations: {{ include "linux-node-tolerations" . | nindent 8 }}
+{{- if .Values.tolerations }}
+{{ toYaml .Values.tolerations | indent 8 }}
+{{- end }}
+      serviceAccountName: aks-operator
+      {{- if .Values.priorityClassName }}
+      priorityClassName: "{{.Values.priorityClassName}}"
+      {{- end }}
+      securityContext:
+        fsGroup: 1007
+        runAsUser: 1007
+      containers:
+      - name: aks-operator
+        image: {{ template "system_default_registry" . }}{{ .Values.aksOperator.image.repository }}:{{ .Values.aksOperator.image.tag }}
+        imagePullPolicy: IfNotPresent
+        env:
+        - name: HTTP_PROXY
+          value: {{ .Values.httpProxy }}
+        - name: HTTPS_PROXY
+          value: {{ .Values.httpsProxy }}
+        - name: NO_PROXY
+          value: {{ .Values.noProxy }}
+{{- if .Values.additionalTrustedCAs }}
+        # aks-operator mounts the additional CAs in two places:
+        volumeMounts:
+            # This directory is owned by the aks-operator user so c_rehash works here.
+          - mountPath: /etc/rancher/ssl/ca-additional.pem
+            name: tls-ca-additional-volume
+            subPath: ca-additional.pem
+            readOnly: true
+            # This directory is root-owned so c_rehash doesn't work here,
+            # but the cert is here in case update-ca-certificates is called in the future or by the OS.
+          - mountPath: /etc/pki/trust/anchors/ca-additional.pem
+            name: tls-ca-additional-volume
+            subPath: ca-additional.pem
+            readOnly: true
+      volumes:
+        - name: tls-ca-additional-volume
+          secret:
+            defaultMode: 0400
+            secretName: tls-ca-additional
+  {{- end }}
diff --git a/charts/rancher-aks-operator/102.2.1+up1.1.2/templates/serviceaccount.yaml b/charts/rancher-aks-operator/102.2.1+up1.1.2/templates/serviceaccount.yaml
@@ -0,0 +1,5 @@
+apiVersion: v1
+kind: ServiceAccount
+metadata:
+  namespace: cattle-system
+  name: aks-operator